path: root/data/CVE/list

CVE-2020-15645
	RESERVED
CVE-2020-15644
	RESERVED
CVE-2020-15643
	RESERVED
CVE-2020-15642
	RESERVED
CVE-2020-15641
	RESERVED
CVE-2020-15640
	RESERVED
CVE-2020-15639
	RESERVED
CVE-2020-15638
	RESERVED
CVE-2020-15637
	RESERVED
CVE-2020-15636
	RESERVED
CVE-2020-15635
	RESERVED
CVE-2020-15634
	RESERVED
CVE-2020-15633
	RESERVED
CVE-2020-15632
	RESERVED
CVE-2020-15631
	RESERVED
CVE-2020-15630
	RESERVED
CVE-2020-15629
	RESERVED
CVE-2020-15628
	RESERVED
CVE-2020-15627
	RESERVED
CVE-2020-15626
	RESERVED
CVE-2020-15625
	RESERVED
CVE-2020-15624
	RESERVED
CVE-2020-15623
	RESERVED
CVE-2020-15622
	RESERVED
CVE-2020-15621
	RESERVED
CVE-2020-15620
	RESERVED
CVE-2020-15619
	RESERVED
CVE-2020-15618
	RESERVED
CVE-2020-15617
	RESERVED
CVE-2020-15616
	RESERVED
CVE-2020-15615
	RESERVED
CVE-2020-15614
	RESERVED
CVE-2020-15613
	RESERVED
CVE-2020-15612
	RESERVED
CVE-2020-15611
	RESERVED
CVE-2020-15610
	RESERVED
CVE-2020-15609
	RESERVED
CVE-2020-15608
	RESERVED
CVE-2020-15607
	RESERVED
CVE-2020-15606
	RESERVED
CVE-2020-15605
	RESERVED
CVE-2020-15604
	RESERVED
CVE-2020-15603
	RESERVED
CVE-2020-15602
	RESERVED
CVE-2020-15601
	RESERVED
CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...)
	TODO: check
CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
	TODO: check
CVE-2020-15598
	RESERVED
CVE-2020-15597
	RESERVED
CVE-2020-15596
	RESERVED
CVE-2019-20906
	RESERVED
CVE-2019-20905
	RESERVED
CVE-2019-20904
	RESERVED
CVE-2019-20903
	RESERVED
CVE-2019-20902
	RESERVED
CVE-2019-20901
	RESERVED
CVE-2019-20900
	RESERVED
CVE-2019-20899
	RESERVED
CVE-2019-20898
	RESERVED
CVE-2019-20897
	RESERVED
CVE-2020-XXXX [veyon-configurator tmp handling]
	- veyon <unfixed>
	[buster] - veyon <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1
CVE-2020-15595
	RESERVED
CVE-2020-15594
	RESERVED
CVE-2020-15593
	RESERVED
CVE-2020-15592
	RESERVED
CVE-2020-15591
	RESERVED
CVE-2020-15590
	RESERVED
CVE-2020-15589
	RESERVED
CVE-2020-15588
	RESERVED
CVE-2020-15587
	RESERVED
CVE-2020-15586
	RESERVED
CVE-2020-15585
	RESERVED
CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...)
	NOT-FOR-US: SolarWinds Serv-U File Server
CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...)
	NOT-FOR-US: SolarWinds Serv-U File Server
CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...)
	NOT-FOR-US: SolarWinds Serv-U File Server
CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...)
	NOT-FOR-US: SolarWinds Serv-U File Server
CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...)
	TODO: check
CVE-2020-15572
	RESERVED
CVE-2020-15571
	RESERVED
CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...)
	NOT-FOR-US: Whoopsie
CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...)
	- milkytracker <unfixed>
	NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
CVE-2020-15568
	RESERVED
CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...)
	- xen <unfixed>
	[stretch] - xen <end-of-life> (DSA 4602-1)
	NOTE: https://xenbits.xen.org/xsa/advisory-328.html
CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
	- xen <unfixed>
	[stretch] - xen <end-of-life> (DSA 4602-1)
	NOTE: https://xenbits.xen.org/xsa/advisory-317.html
CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM  ...)
	- xen <unfixed>
	[stretch] - xen <end-of-life> (DSA 4602-1)
	NOTE: https://xenbits.xen.org/xsa/advisory-321.html
CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...)
	- xen <unfixed>
	[stretch] - xen <end-of-life> (DSA 4602-1)
	NOTE: https://xenbits.xen.org/xsa/advisory-327.html
CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest  ...)
	- xen <unfixed>
	[stretch] - xen <end-of-life> (DSA 4602-1)
	NOTE: https://xenbits.xen.org/xsa/advisory-319.html
CVE-2020-15561
	RESERVED
CVE-2020-15560
	RESERVED
CVE-2020-15559
	RESERVED
CVE-2020-15558
	RESERVED
CVE-2020-15557
	RESERVED
CVE-2020-15556
	RESERVED
CVE-2020-15555
	RESERVED
CVE-2020-15554
	RESERVED
CVE-2020-15553
	RESERVED
CVE-2020-15552
	RESERVED
CVE-2020-15551
	RESERVED
CVE-2020-15550
	RESERVED
CVE-2020-15549
	RESERVED
CVE-2020-15548
	RESERVED
CVE-2020-15547
	RESERVED
CVE-2020-15546
	RESERVED
CVE-2020-15545
	RESERVED
CVE-2020-15544
	RESERVED
CVE-2020-15543 (SolarWinds Serv-U FTP server before 15.2.1 does not validate an argume ...)
	NOT-FOR-US: SolarWinds Serv-U FTP server
CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD comman ...)
	NOT-FOR-US: SolarWinds Serv-U FTP server
CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...)
	NOT-FOR-US: SolarWinds Serv-U FTP server
CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...)
	{DSA-4720-1}
	- roundcube 1.4.7+dfsg.1-1 (bug #964355)
	[stretch] - roundcube <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82
	NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b
	NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee
CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...)
	NOT-FOR-US: We-com OpenData CMS
CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...)
	NOT-FOR-US: We-com Municipality portal CMS
CVE-2020-15538 (XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ s ...)
	NOT-FOR-US: We-com Municipality portal CMS
CVE-2020-15537 (An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS  ...)
	NOT-FOR-US: Vanguard plugin for WordPress
CVE-2020-15536 (An issue was discovered in the bestsoftinc Hotel Booking System Pro pl ...)
	NOT-FOR-US: bestsoftinc Hotel Booking System Pro plugin for WordPress
CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plugin th ...)
	NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress
CVE-2020-15534
	RESERVED
CVE-2020-15533
	RESERVED
CVE-2019-20895
	RESERVED
CVE-2020-15532
	RESERVED
CVE-2020-15531
	RESERVED
CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...)
	- steam <not-affected> (Steam on Windows)
CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation  ...)
	NOT-FOR-US: GOG Galaxy client
CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation  ...)
	NOT-FOR-US: GOG Galaxy client
CVE-2020-15527
	RESERVED
CVE-2020-15526
	RESERVED
CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of  ...)
	TODO: check
CVE-2020-15524
	RESERVED
CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...)
	- python3.8 <not-affected> (Python on Windows)
	- python2.7 <not-affected> (Python on Windows)
CVE-2020-15522
	RESERVED
CVE-2020-15521
	RESERVED
CVE-2020-15520
	RESERVED
CVE-2020-15519
	RESERVED
CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...)
	NOT-FOR-US: Veeam
CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...)
	TODO: check
CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be  ...)
	TODO: check
CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...)
	TODO: check
CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...)
	TODO: check
CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access  ...)
	TODO: check
CVE-2020-15512
	RESERVED
CVE-2020-15511
	RESERVED
CVE-2020-15510
	RESERVED
CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...)
	NOT-FOR-US: Nordic Semiconductor
CVE-2020-15508
	RESERVED
CVE-2020-15507 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...)
	NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15506 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...)
	NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15505 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...)
	NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15504
	RESERVED
CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...)
	- libraw <unfixed>
	[buster] - libraw <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
	NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android,  ...)
	NOT-FOR-US: DuckDuckGo application for Android and iOS
CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...)
	NOT-FOR-US: Traefik
CVE-2020-15501
	RESERVED
CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
	NOT-FOR-US: TileServer GL
CVE-2020-15499
	RESERVED
CVE-2020-15498
	RESERVED
CVE-2020-15497
	RESERVED
CVE-2020-15496
	RESERVED
CVE-2020-15495
	RESERVED
CVE-2020-15494
	RESERVED
CVE-2020-15493
	RESERVED
CVE-2020-15492
	RESERVED
CVE-2020-15491
	RESERVED
CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
	NOT-FOR-US: Wavlink WL-WN530HG4
CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
	NOT-FOR-US: Wavlink WL-WN530HG4
CVE-2020-15488
	RESERVED
CVE-2020-15487
	RESERVED
CVE-2020-15486
	RESERVED
CVE-2020-15485
	RESERVED
CVE-2020-15484
	RESERVED
CVE-2020-15483
	RESERVED
CVE-2020-15482
	RESERVED
CVE-2020-15481
	RESERVED
CVE-2020-15480
	RESERVED
CVE-2020-15479
	RESERVED
CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...)
	NOT-FOR-US: Journal theme for OpenCart
CVE-2020-15477
	RESERVED
CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
	- ndpi <unfixed>
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
	NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
	- ndpi <unfixed>
	NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952
CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
	- ndpi <unfixed>
	[buster] - ndpi <not-affected> (Vulnerable code not present)
	[stretch] - ndpi <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
	- ndpi <unfixed>
	NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
	- ndpi <unfixed>
	NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701
CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...)
	- ndpi <unfixed>
	[buster] - ndpi <not-affected> (Vulnerable code not present)
	[stretch] - ndpi <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
	NOT-FOR-US: ffjpeg
CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
	- qemu <unfixed> (low)
	[buster] - qemu <postponed> (Minor issue, fix along in next DSA)
	[stretch] - qemu <postponed> (Minor issue, fix along in next DSA)
	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1
	NOTE: Proposed patch(es): https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html
CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...)
	NOT-FOR-US: Persian VIP Download Script
CVE-2020-15467
	RESERVED
CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...)
	- wireshark 3.2.5-1 (low)
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html
CVE-2020-15465
	RESERVED
CVE-2020-15464
	RESERVED
CVE-2020-15463
	RESERVED
CVE-2020-15462
	RESERVED
CVE-2020-15461
	RESERVED
CVE-2020-15460
	RESERVED
CVE-2020-15459
	RESERVED
CVE-2020-15458
	RESERVED
CVE-2020-15457
	RESERVED
CVE-2020-15456
	RESERVED
CVE-2020-15455
	RESERVED
CVE-2020-15454
	RESERVED
CVE-2020-15453
	RESERVED
CVE-2020-15452
	RESERVED
CVE-2020-15451
	RESERVED
CVE-2020-15450
	RESERVED
CVE-2020-15449
	RESERVED
CVE-2020-15448
	RESERVED
CVE-2020-15447
	RESERVED
CVE-2020-15446
	RESERVED
CVE-2020-15445
	RESERVED
CVE-2020-15444
	RESERVED
CVE-2020-15443
	RESERVED
CVE-2020-15442
	RESERVED
CVE-2020-15441
	RESERVED
CVE-2020-15440
	RESERVED
CVE-2020-15439
	RESERVED
CVE-2020-15438
	RESERVED
CVE-2020-15437
	RESERVED
CVE-2020-15436
	RESERVED
CVE-2020-15435
	RESERVED
CVE-2020-15434
	RESERVED
CVE-2020-15433
	RESERVED
CVE-2020-15432
	RESERVED
CVE-2020-15431
	RESERVED
CVE-2020-15430
	RESERVED
CVE-2020-15429
	RESERVED
CVE-2020-15428
	RESERVED
CVE-2020-15427
	RESERVED
CVE-2020-15426
	RESERVED
CVE-2020-15425
	RESERVED
CVE-2020-15424
	RESERVED
CVE-2020-15423
	RESERVED
CVE-2020-15422
	RESERVED
CVE-2020-15421
	RESERVED
CVE-2020-15420
	RESERVED
CVE-2020-15419
	RESERVED
CVE-2020-15418
	RESERVED
CVE-2020-15417
	RESERVED
CVE-2020-15416
	RESERVED
CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...)
	NOT-FOR-US: DrayTek
CVE-2020-15414
	RESERVED
CVE-2020-15413
	RESERVED
CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...)
	NOT-FOR-US: MISP
CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...)
	NOT-FOR-US: MISP
CVE-2020-15410
	RESERVED
CVE-2020-15409
	RESERVED
CVE-2020-15408
	RESERVED
CVE-2020-15407
	RESERVED
CVE-2020-15406
	RESERVED
CVE-2020-15405
	RESERVED
CVE-2020-15404
	RESERVED
CVE-2020-15403
	RESERVED
CVE-2020-15402
	RESERVED
CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...)
	NOT-FOR-US: IOBit Malware Fighter Pro
CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...)
	- cakephp <unfixed>
	[buster] - cakephp <no-dsa> (Minor issue)
	[stretch] - cakephp <no-dsa> (Minor issue)
CVE-2020-15399
	RESERVED
CVE-2020-15398
	RESERVED
CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...)
	- hylafax <unfixed> (bug #964198)
	[buster] - hylafax <no-dsa> (Minor issue)
	[stretch] - hylafax <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...)
	- hylafax <unfixed> (bug #964198)
	[buster] - hylafax <no-dsa> (Minor issue)
	[stretch] - hylafax <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...)
	- libmediainfo <unfixed> (low)
	[buster] - libmediainfo <no-dsa> (Minor issue)
	[stretch] - libmediainfo <no-dsa> (Minor issue)
	[jessie] - libmediainfo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
CVE-2020-15394
	RESERVED
CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...)
	NOT-FOR-US: Activision
CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...)
	- libvncserver 0.9.12+dfsg-3
	NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
	- linux <unfixed>
	NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...)
	NOT-FOR-US: Venki
CVE-2020-15391
	RESERVED
CVE-2020-15390
	RESERVED
CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
	- openjpeg2 <unfixed>
	NOTE: https://github.com/uclouvain/openjpeg/issues/1261
	NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0
CVE-2020-15388
	RESERVED
CVE-2020-15387
	RESERVED
CVE-2020-15386
	RESERVED
CVE-2020-15385
	RESERVED
CVE-2020-15384
	RESERVED
CVE-2020-15383
	RESERVED
CVE-2020-15382
	RESERVED
CVE-2020-15381
	RESERVED
CVE-2020-15380
	RESERVED
CVE-2020-15379
	RESERVED
CVE-2020-15378
	RESERVED
CVE-2020-15377
	RESERVED
CVE-2020-15376
	RESERVED
CVE-2020-15375
	RESERVED
CVE-2020-15374
	RESERVED
CVE-2020-15373
	RESERVED
CVE-2020-15372
	RESERVED
CVE-2020-15371
	RESERVED
CVE-2020-15370
	RESERVED
CVE-2020-15369
	RESERVED
CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...)
	NOT-FOR-US: ASRock RGB Driver
CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...)
	NOT-FOR-US: Venki
CVE-2020-15366
	RESERVED
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
	- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
	NOTE: https://github.com/LibRaw/LibRaw/issues/301
	NOTE: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2
CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...)
	NOT-FOR-US: Wordpress theme
CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...)
	NOT-FOR-US: Wordpress theme
CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...)
	NOT-FOR-US: thingsSDK WiFi Scanner
CVE-2020-15361
	RESERVED
CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...)
	NOT-FOR-US: Docker Desktop on Windows
CVE-2020-15359
	RESERVED
CVE-2020-15357
	RESERVED
CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...)
	- sqlite3 3.32.3-1
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
	NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
	NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010
CVE-2020-15356
	REJECTED
CVE-2020-15355
	REJECTED
CVE-2020-15354
	REJECTED
CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...)
	- beaker <unfixed>
	NOTE: https://github.com/bbangert/beaker/issues/191
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11
CVE-2020-15353
	RESERVED
CVE-2020-15352
	RESERVED
CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...)
	NOT-FOR-US: IDrive
CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...)
	NOT-FOR-US: RIOT RIOT-OS
CVE-2020-15349
	RESERVED
CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...)
	NOT-FOR-US: Zyxel
CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...)
	NOT-FOR-US: Zyxel
CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...)
	NOT-FOR-US: Zyxel
CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...)
	NOT-FOR-US: Zyxel
CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...)
	NOT-FOR-US: Zyxel
CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...)
	NOT-FOR-US: Zyxel
CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...)
	NOT-FOR-US: Zyxel
CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...)
	NOT-FOR-US: Zyxel
CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...)
	NOT-FOR-US: Zyxel
CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...)
	NOT-FOR-US: Zyxel
CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...)
	NOT-FOR-US: Zyxel
CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...)
	NOT-FOR-US: Zyxel
CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...)
	NOT-FOR-US: Zyxel
CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...)
	NOT-FOR-US: Zyxel
CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...)
	NOT-FOR-US: Zyxel
CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...)
	NOT-FOR-US: Zyxel
CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...)
	NOT-FOR-US: Zyxel
CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...)
	NOT-FOR-US: Zyxel
CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in  ...)
	NOT-FOR-US: Zyxel
CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...)
	NOT-FOR-US: Zyxel
CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...)
	NOT-FOR-US: Zyxel
CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...)
	NOT-FOR-US: Zyxel
CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...)
	NOT-FOR-US: Zyxel
CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...)
	NOT-FOR-US: Zyxel
CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...)
	NOT-FOR-US: Zyxel
CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password  ...)
	NOT-FOR-US: Zyxel
CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...)
	NOT-FOR-US: Zyxel
CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...)
	NOT-FOR-US: Zyxel
CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...)
	NOT-FOR-US: Zyxel
CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
	NOT-FOR-US: Zyxel
CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
	NOT-FOR-US: Zyxel
CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
	NOT-FOR-US: Zyxel
CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...)
	NOT-FOR-US: Zyxel
CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
	NOT-FOR-US: Zyxel
CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
	NOT-FOR-US: Zyxel
CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...)
	NOT-FOR-US: Zyxel
CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
	NOT-FOR-US: Zyxel
CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php download para ...)
	NOT-FOR-US: Stash
CVE-2020-15310
	RESERVED
CVE-2020-15309
	RESERVED
CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...)
	NOT-FOR-US: Nozomi Guardian
CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...)
	- openexr <unfixed>
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...)
	- openexr <unfixed>
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730
CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...)
	- openexr <unfixed>
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727
CVE-2020-15303
	RESERVED
CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...)
	NOT-FOR-US: Argent RecoveryManager
CVE-2020-15301
	RESERVED
CVE-2020-15300
	RESERVED
CVE-2020-15299
	RESERVED
CVE-2020-15298
	RESERVED
CVE-2020-15297
	RESERVED
CVE-2020-15296
	RESERVED
CVE-2020-15295
	RESERVED
CVE-2020-15294
	RESERVED
CVE-2020-15293
	RESERVED
CVE-2020-15292
	RESERVED
CVE-2020-15291
	RESERVED
CVE-2020-15290
	RESERVED
CVE-2020-15289
	RESERVED
CVE-2020-15288
	RESERVED
CVE-2020-15287
	RESERVED
CVE-2020-15286
	RESERVED
CVE-2020-15285
	RESERVED
CVE-2020-15284
	RESERVED
CVE-2020-15283
	RESERVED
CVE-2020-15282
	RESERVED
CVE-2020-15281
	RESERVED
CVE-2020-15280
	RESERVED
CVE-2020-15279
	RESERVED
CVE-2020-15278
	RESERVED
CVE-2020-15277
	RESERVED
CVE-2020-15276
	RESERVED
CVE-2020-15275
	RESERVED
CVE-2020-15274
	RESERVED
CVE-2020-15273
	RESERVED
CVE-2020-15272
	RESERVED
CVE-2020-15271
	RESERVED
CVE-2020-15270
	RESERVED
CVE-2020-15269
	RESERVED
CVE-2020-15268
	RESERVED
CVE-2020-15267
	RESERVED
CVE-2020-15266
	RESERVED
CVE-2020-15265
	RESERVED
CVE-2020-15264
	RESERVED
CVE-2020-15263
	RESERVED
CVE-2020-15262
	RESERVED
CVE-2020-15261
	RESERVED
CVE-2020-15260
	RESERVED
CVE-2020-15259
	RESERVED
CVE-2020-15258
	RESERVED
CVE-2020-15257
	RESERVED
CVE-2020-15256
	RESERVED
CVE-2020-15255
	RESERVED
CVE-2020-15254
	RESERVED
CVE-2020-15253
	RESERVED
CVE-2020-15252
	RESERVED
CVE-2020-15251
	RESERVED
CVE-2020-15250
	RESERVED
CVE-2020-15249
	RESERVED
CVE-2020-15248
	RESERVED
CVE-2020-15247
	RESERVED
CVE-2020-15246
	RESERVED
CVE-2020-15245
	RESERVED
CVE-2020-15244
	RESERVED
CVE-2020-15243
	RESERVED
CVE-2020-15242
	RESERVED
CVE-2020-15241
	RESERVED
CVE-2020-15240
	RESERVED
CVE-2020-15239
	RESERVED
CVE-2020-15238
	RESERVED
CVE-2020-15237
	RESERVED
CVE-2020-15236
	RESERVED
CVE-2020-15235
	RESERVED
CVE-2020-15234
	RESERVED
CVE-2020-15233
	RESERVED
CVE-2020-15232
	RESERVED
CVE-2020-15231
	RESERVED
CVE-2020-15230
	RESERVED
CVE-2020-15229
	RESERVED
CVE-2020-15228
	RESERVED
CVE-2020-15227
	RESERVED
CVE-2020-15226
	RESERVED
CVE-2020-15225
	RESERVED
CVE-2020-15224
	RESERVED
CVE-2020-15223
	RESERVED
CVE-2020-15222
	RESERVED
CVE-2020-15221
	RESERVED
CVE-2020-15220
	RESERVED
CVE-2020-15219
	RESERVED
CVE-2020-15218
	RESERVED
CVE-2020-15217
	RESERVED
CVE-2020-15216
	RESERVED
CVE-2020-15215
	RESERVED
CVE-2020-15214
	RESERVED
CVE-2020-15213
	RESERVED
CVE-2020-15212
	RESERVED
CVE-2020-15211
	RESERVED
CVE-2020-15210
	RESERVED
CVE-2020-15209
	RESERVED
CVE-2020-15208
	RESERVED
CVE-2020-15207
	RESERVED
CVE-2020-15206
	RESERVED
CVE-2020-15205
	RESERVED
CVE-2020-15204
	RESERVED
CVE-2020-15203
	RESERVED
CVE-2020-15202
	RESERVED
CVE-2020-15201
	RESERVED
CVE-2020-15200
	RESERVED
CVE-2020-15199
	RESERVED
CVE-2020-15198
	RESERVED
CVE-2020-15197
	RESERVED
CVE-2020-15196
	RESERVED
CVE-2020-15195
	RESERVED
CVE-2020-15194
	RESERVED
CVE-2020-15193
	RESERVED
CVE-2020-15192
	RESERVED
CVE-2020-15191
	RESERVED
CVE-2020-15190
	RESERVED
CVE-2020-15189
	RESERVED
CVE-2020-15188
	RESERVED
CVE-2020-15187
	RESERVED
CVE-2020-15186
	RESERVED
CVE-2020-15185
	RESERVED
CVE-2020-15184
	RESERVED
CVE-2020-15183
	RESERVED
CVE-2020-15182
	RESERVED
CVE-2020-15181
	RESERVED
CVE-2020-15180
	RESERVED
CVE-2020-15179
	RESERVED
CVE-2020-15178
	RESERVED
CVE-2020-15177
	RESERVED
CVE-2020-15176
	RESERVED
CVE-2020-15175
	RESERVED
CVE-2020-15174
	RESERVED
CVE-2020-15173
	RESERVED
CVE-2020-15172
	RESERVED
CVE-2020-15171
	RESERVED
CVE-2020-15170
	RESERVED
CVE-2020-15169
	RESERVED
CVE-2020-15168
	RESERVED
CVE-2020-15167
	RESERVED
CVE-2020-15166
	RESERVED
CVE-2020-15165
	RESERVED
CVE-2020-15164
	RESERVED
CVE-2020-15163
	RESERVED
CVE-2020-15162
	RESERVED
CVE-2020-15161
	RESERVED
CVE-2020-15160
	RESERVED
CVE-2020-15159
	RESERVED
CVE-2020-15158
	RESERVED
CVE-2020-15157
	RESERVED
CVE-2020-15156
	RESERVED
CVE-2020-15155
	RESERVED
CVE-2020-15154
	RESERVED
CVE-2020-15153
	RESERVED
CVE-2020-15152
	RESERVED
CVE-2020-15151
	RESERVED
CVE-2020-15150
	RESERVED
CVE-2020-15149
	RESERVED
CVE-2020-15148
	RESERVED
CVE-2020-15147
	RESERVED
CVE-2020-15146
	RESERVED
CVE-2020-15145
	RESERVED
CVE-2020-15144
	RESERVED
CVE-2020-15143
	RESERVED
CVE-2020-15142
	RESERVED
CVE-2020-15141
	RESERVED
CVE-2020-15140
	RESERVED
CVE-2020-15139
	RESERVED
CVE-2020-15138
	RESERVED
CVE-2020-15137
	RESERVED
CVE-2020-15136
	RESERVED
CVE-2020-15135
	RESERVED
CVE-2020-15134
	RESERVED
CVE-2020-15133
	RESERVED
CVE-2020-15132
	RESERVED
CVE-2020-15131
	RESERVED
CVE-2020-15130
	RESERVED
CVE-2020-15129
	RESERVED
CVE-2020-15128
	RESERVED
CVE-2020-15127
	RESERVED
CVE-2020-15126
	RESERVED
CVE-2020-15125
	RESERVED
CVE-2020-15124
	RESERVED
CVE-2020-15123
	RESERVED
CVE-2020-15122
	RESERVED
CVE-2020-15121
	RESERVED
CVE-2020-15120
	RESERVED
CVE-2020-15119
	RESERVED
CVE-2020-15118
	RESERVED
CVE-2020-15117
	RESERVED
CVE-2020-15116
	RESERVED
CVE-2020-15115
	RESERVED
CVE-2020-15114
	RESERVED
CVE-2020-15113
	RESERVED
CVE-2020-15112
	RESERVED
CVE-2020-15111
	RESERVED
CVE-2020-15110
	RESERVED
CVE-2020-15109
	RESERVED
CVE-2020-15108
	RESERVED
CVE-2020-15107
	RESERVED
CVE-2020-15106
	RESERVED
CVE-2020-15105
	RESERVED
CVE-2020-15104
	RESERVED
CVE-2020-15103
	RESERVED
CVE-2020-15102
	RESERVED
CVE-2020-15101
	RESERVED
CVE-2020-15100
	RESERVED
CVE-2020-15099
	RESERVED
CVE-2020-15098
	RESERVED
CVE-2020-15097
	RESERVED
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
	TODO: check
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
	TODO: check
CVE-2020-15094
	RESERVED
CVE-2020-15093
	RESERVED
CVE-2020-15092
	RESERVED
CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block  ...)
	NOT-FOR-US: TenderMint
CVE-2020-15090
	RESERVED
CVE-2020-15089
	RESERVED
CVE-2020-15088
	RESERVED
CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...)
	NOT-FOR-US: Presto query engine, different from src:presto
CVE-2020-15086
	RESERVED
CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...)
	NOT-FOR-US: Saleor Storefront
CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...)
	NOT-FOR-US: Node express-jwt
CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a ta ...)
	NOT-FOR-US: PrestaShop
CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the das ...)
	NOT-FOR-US: PrestaShop
CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is inform ...)
	NOT-FOR-US: PrestaShop
CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some fi ...)
	NOT-FOR-US: PrestaShop
CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...)
	NOT-FOR-US: PrestaShop
CVE-2020-15078
	RESERVED
CVE-2020-15077
	RESERVED
CVE-2020-15076
	RESERVED
CVE-2020-15075
	RESERVED
CVE-2020-15074
	RESERVED
CVE-2020-15073
	RESERVED
CVE-2020-15072
	RESERVED
CVE-2020-15071
	RESERVED
CVE-2020-15070
	RESERVED
CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...)
	NOT-FOR-US: Sophos
CVE-2020-15068
	RESERVED
CVE-2020-15067
	RESERVED
CVE-2020-15066
	RESERVED
CVE-2020-15065
	RESERVED
CVE-2020-15064
	RESERVED
CVE-2020-15063
	RESERVED
CVE-2020-15062
	RESERVED
CVE-2020-15061
	RESERVED
CVE-2020-15060
	RESERVED
CVE-2020-15059
	RESERVED
CVE-2020-15058
	RESERVED
CVE-2020-15057
	RESERVED
CVE-2020-15056
	RESERVED
CVE-2020-15055
	RESERVED
CVE-2020-15054
	RESERVED
CVE-2020-15053
	RESERVED
CVE-2020-15052
	RESERVED
CVE-2020-15051
	RESERVED
CVE-2020-15050
	RESERVED
CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...)
	- squid 4.12-1
	- squid3 <removed>
	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch
CVE-2020-15048
	RESERVED
CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...)
	- trojita <itp> (bug #795701)
CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
	NOT-FOR-US: Node traceroute
CVE-2018-21267
	RESERVED
CVE-2018-21266
	RESERVED
CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a  ...)
	NOT-FOR-US: Supermicro
CVE-2020-15045
	RESERVED
CVE-2020-15044
	RESERVED
CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling  ...)
	NOT-FOR-US: iBall WRB303N devices
CVE-2020-15042
	RESERVED
CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-15040
	RESERVED
CVE-2020-15039
	RESERVED
CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...)
	NOT-FOR-US: WordPress plugin
CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
	TODO: check
CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...)
	TODO: check
CVE-2020-15027
	RESERVED
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../  ...)
	NOT-FOR-US: Bludit
CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...)
	- ntp <unfixed> (low; bug #963807)
	[buster] - ntp <no-dsa> (Minor issue)
	[stretch] - ntp <not-affected> (Vulnerable code introduced later)
	[jessie] - ntp <not-affected> (Vulnerable code introduced later)
	- ntpsec <not-affected> (Vulnerable code not present)
	NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661
	NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
	NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661
CVE-2020-15024
	RESERVED
CVE-2020-15023
	RESERVED
CVE-2020-15022
	RESERVED
CVE-2020-15021
	RESERVED
CVE-2020-15020
	RESERVED
CVE-2020-15019
	RESERVED
CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
	NOT-FOR-US: playSMS
CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...)
	NOT-FOR-US: NeDi
CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...)
	NOT-FOR-US: NeDi
CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...)
	NOT-FOR-US: FileExplorer component in GleamTech FileUltimate
CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...)
	NOT-FOR-US: BlogCMS
CVE-2020-15013
	RESERVED
CVE-2020-15012
	RESERVED
CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
	{DLA-2265-1}
	- mailman <removed>
	NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
CVE-2020-15010
	RESERVED
CVE-2020-15009
	RESERVED
CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...)
	TODO: check
CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...)
	- rbdoom3bfg <unfixed> (unimportant)
	NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec
	NOTE: Problematic code not built
CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...)
	NOT-FOR-US: Bludit
CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...)
	- mediawiki 1:1.31.8-1
	[buster] - mediawiki <postponed> (Minor issue)
	[stretch] - mediawiki <postponed> (Minor issue)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
CVE-2020-15004
	RESERVED
CVE-2020-15003
	RESERVED
CVE-2020-15002
	RESERVED
CVE-2020-15001
	RESERVED
CVE-2020-15000
	RESERVED
CVE-2020-14999
	RESERVED
CVE-2020-14998
	RESERVED
CVE-2020-14997
	RESERVED
CVE-2020-14996
	RESERVED
CVE-2020-14995
	RESERVED
CVE-2020-14994
	RESERVED
CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...)
	NOT-FOR-US: DrayTek devices
CVE-2020-14992
	RESERVED
CVE-2020-14991
	RESERVED
CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...)
	NOT-FOR-US: IOBit Advanced SystemCare Free
CVE-2020-14989
	RESERVED
CVE-2020-14988
	RESERVED
CVE-2020-14987
	RESERVED
CVE-2020-14986
	RESERVED
CVE-2020-14985
	RESERVED
CVE-2020-14984
	RESERVED
CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...)
	- crispy-doom <unfixed>
	[buster] - crispy-doom <no-dsa> (Minor issue)
	- chocolate-doom 3.0.1-1
	[buster] - chocolate-doom <no-dsa> (Minor issue)
	[stretch] - chocolate-doom <no-dsa> (Minor issue)
	[jessie] - chocolate-doom <end-of-life> (games are not supported)
	NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
CVE-2020-14982
	RESERVED
CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
	NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
	NOT-FOR-US: Sophos Secure Email application for Android
CVE-2020-14979
	RESERVED
CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...)
	NOT-FOR-US: F-Secure SAFE
CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...)
	NOT-FOR-US: F-Secure SAFE
CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...)
	- gns3-server <itp> (bug #766166)
CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...)
	NOT-FOR-US: IOBit Unlocker
CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...)
	NOT-FOR-US: IOBit Unlocker
CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8  ...)
	NOT-FOR-US: webTareas
CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online  ...)
	NOT-FOR-US: Sourcecodester Pisay Online E-Learning System
CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...)
	NOT-FOR-US: Pi-hole
CVE-2020-14970
	RESERVED
CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
	NOT-FOR-US: MISP
CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...)
	NOT-FOR-US: jsrsasign
CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...)
	NOT-FOR-US: jsrsasign
CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
	NOT-FOR-US: jsrsasign
CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...)
	NOT-FOR-US: TP-Link
CVE-2020-14964
	RESERVED
CVE-2020-14963
	RESERVED
CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before  ...)
	NOT-FOR-US: Final Tiles Gallery plugin for WordPress
CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...)
	NOT-FOR-US: Concrete5
CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...)
	NOT-FOR-US: Easy Testimonials plugin for WordPress
CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not  ...)
	NOT-FOR-US: Go Git Service
CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
	NOT-FOR-US: Windows cleaning assistant
CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
	NOT-FOR-US: Windows cleaning assistant
CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2020-14953
	RESERVED
CVE-2020-14952
	RESERVED
CVE-2020-14951
	RESERVED
CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
	NOT-FOR-US: aaPanel
CVE-2020-14949
	RESERVED
CVE-2020-14948
	RESERVED
CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Only supported in trusted environments, see debtags
CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...)
	NOT-FOR-US: Surveillance module in Global RADAR BSA Radar
CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...)
	NOT-FOR-US: Global RADAR BSA Radar
CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...)
	NOT-FOR-US: Global RADAR BSA Radar
CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...)
	NOT-FOR-US: Global RADAR BSA Radar
CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...)
	NOT-FOR-US: Tendenci
CVE-2020-14941
	RESERVED
CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar  ...)
	- tuxguitar <unfixed> (bug #963626)
	[buster] - tuxguitar <no-dsa> (Minor issue)
	[stretch] - tuxguitar <no-dsa> (Minor issue)
	[jessie] - tuxguitar <no-dsa> (Minor issue)
	NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html
	NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/
CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
	- freedroidrpg <unfixed> (low; bug #964197)
	[buster] - freedroidrpg <no-dsa> (Minor issue)
	[stretch] - freedroidrpg <no-dsa> (Minor issue)
	[jessie] - freedroidrpg <end-of-life> (games are not supported)
	NOTE: https://bugs.freedroid.org/b/issue953
	NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
	- freedroidrpg <unfixed> (low; bug #964197)
	[buster] - freedroidrpg <no-dsa> (Minor issue)
	[stretch] - freedroidrpg <no-dsa> (Minor issue)
	[jessie] - freedroidrpg <end-of-life> (games are not supported)
	NOTE: https://bugs.freedroid.org/b/issue952
	NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14937
	RESERVED
CVE-2020-14936
	RESERVED
CVE-2020-14935
	RESERVED
CVE-2020-14934
	RESERVED
CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...)
	- squirrelmail <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...)
	- squirrelmail <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...)
	NOT-FOR-US: DMitry
CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...)
	NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464
CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...)
	- net-snmp 5.8+dfsg-3 (bug #963713)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4
	NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
	NOTE: https://github.com/net-snmp/net-snmp/commit/92ccd5a82a019fbfa835cc8ab2294cf0ca48c8f2
	NOTE: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6
	NOTE: https://github.com/net-snmp/net-snmp/commit/7384a8b550d4ed4a00e41b72229cfcc124926b06
	NOTE: https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705
	NOTE: https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
	NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
	NOTE: Extra patches to address memory leaks:
	NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
	TODO: It is claimed that the issue does not affect older versions than 5.8, but no source evidence has been yet shown
CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
	NOT-FOR-US: WooCommerce
CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)
	{DLA-2254-1}
	- alpine 2.23+dfsg1-1 (bug #963179)
	[buster] - alpine <no-dsa> (Minor issue)
	[stretch] - alpine <no-dsa> (Minor issue)
	NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
	NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
CVE-2020-14928
	RESERVED
	- evolution-data-server 3.36.4-1
	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
	NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14926 (CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/modul ...)
	NOT-FOR-US: CMS Made Simple
CVE-2020-14925
	RESERVED
CVE-2020-14924
	RESERVED
CVE-2020-14923
	RESERVED
CVE-2020-14922
	RESERVED
CVE-2020-14921
	RESERVED
CVE-2020-14920
	RESERVED
CVE-2020-14919
	RESERVED
CVE-2020-14918
	RESERVED
CVE-2020-14917
	RESERVED
CVE-2020-14916
	RESERVED
CVE-2020-14915
	RESERVED
CVE-2020-14914
	RESERVED
CVE-2020-14913
	RESERVED
CVE-2020-14912
	RESERVED
CVE-2020-14911
	RESERVED
CVE-2020-14910
	RESERVED
CVE-2020-14909
	RESERVED
CVE-2020-14908
	RESERVED
CVE-2020-14907
	RESERVED
CVE-2020-14906
	RESERVED
CVE-2020-14905
	RESERVED
CVE-2020-14904
	RESERVED
CVE-2020-14903
	RESERVED
CVE-2020-14902
	RESERVED
CVE-2020-14901
	RESERVED
CVE-2020-14900
	RESERVED
CVE-2020-14899
	RESERVED
CVE-2020-14898
	RESERVED
CVE-2020-14897
	RESERVED
CVE-2020-14896
	RESERVED
CVE-2020-14895
	RESERVED
CVE-2020-14894
	RESERVED
CVE-2020-14893
	RESERVED
CVE-2020-14892
	RESERVED
CVE-2020-14891
	RESERVED
CVE-2020-14890
	RESERVED
CVE-2020-14889
	RESERVED
CVE-2020-14888
	RESERVED
CVE-2020-14887
	RESERVED
CVE-2020-14886
	RESERVED
CVE-2020-14885
	RESERVED
CVE-2020-14884
	RESERVED
CVE-2020-14883
	RESERVED
CVE-2020-14882
	RESERVED
CVE-2020-14881
	RESERVED
CVE-2020-14880
	RESERVED
CVE-2020-14879
	RESERVED
CVE-2020-14878
	RESERVED
CVE-2020-14877
	RESERVED
CVE-2020-14876
	RESERVED
CVE-2020-14875
	RESERVED
CVE-2020-14874
	RESERVED
CVE-2020-14873
	RESERVED
CVE-2020-14872
	RESERVED
CVE-2020-14871
	RESERVED
CVE-2020-14870
	RESERVED
CVE-2020-14869
	RESERVED
CVE-2020-14868
	RESERVED
CVE-2020-14867
	RESERVED
CVE-2020-14866
	RESERVED
CVE-2020-14865
	RESERVED
CVE-2020-14864
	RESERVED
CVE-2020-14863
	RESERVED
CVE-2020-14862
	RESERVED
CVE-2020-14861
	RESERVED
CVE-2020-14860
	RESERVED
CVE-2020-14859
	RESERVED
CVE-2020-14858
	RESERVED
CVE-2020-14857
	RESERVED
CVE-2020-14856
	RESERVED
CVE-2020-14855
	RESERVED
CVE-2020-14854
	RESERVED
CVE-2020-14853
	RESERVED
CVE-2020-14852
	RESERVED
CVE-2020-14851
	RESERVED
CVE-2020-14850
	RESERVED
CVE-2020-14849
	RESERVED
CVE-2020-14848
	RESERVED
CVE-2020-14847
	RESERVED
CVE-2020-14846
	RESERVED
CVE-2020-14845
	RESERVED
CVE-2020-14844
	RESERVED
CVE-2020-14843
	RESERVED
CVE-2020-14842
	RESERVED
CVE-2020-14841
	RESERVED
CVE-2020-14840
	RESERVED
CVE-2020-14839
	RESERVED
CVE-2020-14838
	RESERVED
CVE-2020-14837
	RESERVED
CVE-2020-14836
	RESERVED
CVE-2020-14835
	RESERVED
CVE-2020-14834
	RESERVED
CVE-2020-14833
	RESERVED
CVE-2020-14832
	RESERVED
CVE-2020-14831
	RESERVED
CVE-2020-14830
	RESERVED
CVE-2020-14829
	RESERVED
CVE-2020-14828
	RESERVED
CVE-2020-14827
	RESERVED
CVE-2020-14826
	RESERVED
CVE-2020-14825
	RESERVED
CVE-2020-14824
	RESERVED
CVE-2020-14823
	RESERVED
CVE-2020-14822
	RESERVED
CVE-2020-14821
	RESERVED
CVE-2020-14820
	RESERVED
CVE-2020-14819
	RESERVED
CVE-2020-14818
	RESERVED
CVE-2020-14817
	RESERVED
CVE-2020-14816
	RESERVED
CVE-2020-14815
	RESERVED
CVE-2020-14814
	RESERVED
CVE-2020-14813
	RESERVED
CVE-2020-14812
	RESERVED
CVE-2020-14811
	RESERVED
CVE-2020-14810
	RESERVED
CVE-2020-14809
	RESERVED
CVE-2020-14808
	RESERVED
CVE-2020-14807
	RESERVED
CVE-2020-14806
	RESERVED
CVE-2020-14805
	RESERVED
CVE-2020-14804
	RESERVED
CVE-2020-14803
	RESERVED
CVE-2020-14802
	RESERVED
CVE-2020-14801
	RESERVED
CVE-2020-14800
	RESERVED
CVE-2020-14799
	RESERVED
CVE-2020-14798
	RESERVED
CVE-2020-14797
	RESERVED
CVE-2020-14796
	RESERVED
CVE-2020-14795
	RESERVED
CVE-2020-14794
	RESERVED
CVE-2020-14793
	RESERVED
CVE-2020-14792
	RESERVED
CVE-2020-14791
	RESERVED
CVE-2020-14790
	RESERVED
CVE-2020-14789
	RESERVED
CVE-2020-14788
	RESERVED
CVE-2020-14787
	RESERVED
CVE-2020-14786
	RESERVED
CVE-2020-14785
	RESERVED
CVE-2020-14784
	RESERVED
CVE-2020-14783
	RESERVED
CVE-2020-14782
	RESERVED
CVE-2020-14781
	RESERVED
CVE-2020-14780
	RESERVED
CVE-2020-14779
	RESERVED
CVE-2020-14778
	RESERVED
CVE-2020-14777
	RESERVED
CVE-2020-14776
	RESERVED
CVE-2020-14775
	RESERVED
CVE-2020-14774
	RESERVED
CVE-2020-14773
	RESERVED
CVE-2020-14772
	RESERVED
CVE-2020-14771
	RESERVED
CVE-2020-14770
	RESERVED
CVE-2020-14769
	RESERVED
CVE-2020-14768
	RESERVED
CVE-2020-14767
	RESERVED
CVE-2020-14766
	RESERVED
CVE-2020-14765
	RESERVED
CVE-2020-14764
	RESERVED
CVE-2020-14763
	RESERVED
CVE-2020-14762
	RESERVED
CVE-2020-14761
	RESERVED
CVE-2020-14760
	RESERVED
CVE-2020-14759
	RESERVED
CVE-2020-14758
	RESERVED
CVE-2020-14757
	RESERVED
CVE-2020-14756
	RESERVED
CVE-2020-14755
	RESERVED
CVE-2020-14754
	RESERVED
CVE-2020-14753
	RESERVED
CVE-2020-14752
	RESERVED
CVE-2020-14751
	RESERVED
CVE-2020-14750
	RESERVED
CVE-2020-14749
	RESERVED
CVE-2020-14748
	RESERVED
CVE-2020-14747
	RESERVED
CVE-2020-14746
	RESERVED
CVE-2020-14745
	RESERVED
CVE-2020-14744
	RESERVED
CVE-2020-14743
	RESERVED
CVE-2020-14742
	RESERVED
CVE-2020-14741
	RESERVED
CVE-2020-14740
	RESERVED
CVE-2020-14739
	RESERVED
CVE-2020-14738
	RESERVED
CVE-2020-14737
	RESERVED
CVE-2020-14736
	RESERVED
CVE-2020-14735
	RESERVED
CVE-2020-14734
	RESERVED
CVE-2020-14733
	RESERVED
CVE-2020-14732
	RESERVED
CVE-2020-14731
	RESERVED
CVE-2020-14730
	RESERVED
CVE-2020-14729
	RESERVED
CVE-2020-14728
	RESERVED
CVE-2020-14727
	RESERVED
CVE-2020-14726
	RESERVED
CVE-2020-14725
	RESERVED
CVE-2020-14724
	RESERVED
CVE-2020-14723
	RESERVED
CVE-2020-14722
	RESERVED
CVE-2020-14721
	RESERVED
CVE-2020-14720
	RESERVED
CVE-2020-14719
	RESERVED
CVE-2020-14718
	RESERVED
CVE-2020-14717
	RESERVED
CVE-2020-14716
	RESERVED
CVE-2020-14715
	RESERVED
CVE-2020-14714
	RESERVED
CVE-2020-14713
	RESERVED
CVE-2020-14712
	RESERVED
CVE-2020-14711
	RESERVED
CVE-2020-14710
	RESERVED
CVE-2020-14709
	RESERVED
CVE-2020-14708
	RESERVED
CVE-2020-14707
	RESERVED
CVE-2020-14706
	RESERVED
CVE-2020-14705
	RESERVED
CVE-2020-14704
	RESERVED
CVE-2020-14703
	RESERVED
CVE-2020-14702
	RESERVED
CVE-2020-14701
	RESERVED
CVE-2020-14700
	RESERVED
CVE-2020-14699
	RESERVED
CVE-2020-14698
	RESERVED
CVE-2020-14697
	RESERVED
CVE-2020-14696
	RESERVED
CVE-2020-14695
	RESERVED
CVE-2020-14694
	RESERVED
CVE-2020-14693
	RESERVED
CVE-2020-14692
	RESERVED
CVE-2020-14691
	RESERVED
CVE-2020-14690
	RESERVED
CVE-2020-14689
	RESERVED
CVE-2020-14688
	RESERVED
CVE-2020-14687
	RESERVED
CVE-2020-14686
	RESERVED
CVE-2020-14685
	RESERVED
CVE-2020-14684
	RESERVED
CVE-2020-14683
	RESERVED
CVE-2020-14682
	RESERVED
CVE-2020-14681
	RESERVED
CVE-2020-14680
	RESERVED
CVE-2020-14679
	RESERVED
CVE-2020-14678
	RESERVED
CVE-2020-14677
	RESERVED
CVE-2020-14676
	RESERVED
CVE-2020-14675
	RESERVED
CVE-2020-14674
	RESERVED
CVE-2020-14673
	RESERVED
CVE-2020-14672
	RESERVED
CVE-2020-14671
	RESERVED
CVE-2020-14670
	RESERVED
CVE-2020-14669
	RESERVED
CVE-2020-14668
	RESERVED
CVE-2020-14667
	RESERVED
CVE-2020-14666
	RESERVED
CVE-2020-14665
	RESERVED
CVE-2020-14664
	RESERVED
CVE-2020-14663
	RESERVED
CVE-2020-14662
	RESERVED
CVE-2020-14661
	RESERVED
CVE-2020-14660
	RESERVED
CVE-2020-14659
	RESERVED
CVE-2020-14658
	RESERVED
CVE-2020-14657
	RESERVED
CVE-2020-14656
	RESERVED
CVE-2020-14655
	RESERVED
CVE-2020-14654
	RESERVED
CVE-2020-14653
	RESERVED
CVE-2020-14652
	RESERVED
CVE-2020-14651
	RESERVED
CVE-2020-14650
	RESERVED
CVE-2020-14649
	RESERVED
CVE-2020-14648
	RESERVED
CVE-2020-14647
	RESERVED
CVE-2020-14646
	RESERVED
CVE-2020-14645
	RESERVED
CVE-2020-14644
	RESERVED
CVE-2020-14643
	RESERVED
CVE-2020-14642
	RESERVED
CVE-2020-14641
	RESERVED
CVE-2020-14640
	RESERVED
CVE-2020-14639
	RESERVED
CVE-2020-14638
	RESERVED
CVE-2020-14637
	RESERVED
CVE-2020-14636
	RESERVED
CVE-2020-14635
	RESERVED
CVE-2020-14634
	RESERVED
CVE-2020-14633
	RESERVED
CVE-2020-14632
	RESERVED
CVE-2020-14631
	RESERVED
CVE-2020-14630
	RESERVED
CVE-2020-14629
	RESERVED
CVE-2020-14628
	RESERVED
CVE-2020-14627
	RESERVED
CVE-2020-14626
	RESERVED
CVE-2020-14625
	RESERVED
CVE-2020-14624
	RESERVED
CVE-2020-14623
	RESERVED
CVE-2020-14622
	RESERVED
CVE-2020-14621
	RESERVED
CVE-2020-14620
	RESERVED
CVE-2020-14619
	RESERVED
CVE-2020-14618
	RESERVED
CVE-2020-14617
	RESERVED
CVE-2020-14616
	RESERVED
CVE-2020-14615
	RESERVED
CVE-2020-14614
	RESERVED
CVE-2020-14613
	RESERVED
CVE-2020-14612
	RESERVED
CVE-2020-14611
	RESERVED
CVE-2020-14610
	RESERVED
CVE-2020-14609
	RESERVED
CVE-2020-14608
	RESERVED
CVE-2020-14607
	RESERVED
CVE-2020-14606
	RESERVED
CVE-2020-14605
	RESERVED
CVE-2020-14604
	RESERVED
CVE-2020-14603
	RESERVED
CVE-2020-14602
	RESERVED
CVE-2020-14601
	RESERVED
CVE-2020-14600
	RESERVED
CVE-2020-14599
	RESERVED
CVE-2020-14598
	RESERVED
CVE-2020-14597
	RESERVED
CVE-2020-14596
	RESERVED
CVE-2020-14595
	RESERVED
CVE-2020-14594
	RESERVED
CVE-2020-14593
	RESERVED
CVE-2020-14592
	RESERVED
CVE-2020-14591
	RESERVED
CVE-2020-14590
	RESERVED
CVE-2020-14589
	RESERVED
CVE-2020-14588
	RESERVED
CVE-2020-14587
	RESERVED
CVE-2020-14586
	RESERVED
CVE-2020-14585
	RESERVED
CVE-2020-14584
	RESERVED
CVE-2020-14583
	RESERVED
CVE-2020-14582
	RESERVED
CVE-2020-14581
	RESERVED
CVE-2020-14580
	RESERVED
CVE-2020-14579
	RESERVED
CVE-2020-14578
	RESERVED
CVE-2020-14577
	RESERVED
CVE-2020-14576
	RESERVED
CVE-2020-14575
	RESERVED
CVE-2020-14574
	RESERVED
CVE-2020-14573
	RESERVED
CVE-2020-14572
	RESERVED
CVE-2020-14571
	RESERVED
CVE-2020-14570
	RESERVED
CVE-2020-14569
	RESERVED
CVE-2020-14568
	RESERVED
CVE-2020-14567
	RESERVED
CVE-2020-14566
	RESERVED
CVE-2020-14565
	RESERVED
CVE-2020-14564
	RESERVED
CVE-2020-14563
	RESERVED
CVE-2020-14562
	RESERVED
CVE-2020-14561
	RESERVED
CVE-2020-14560
	RESERVED
CVE-2020-14559
	RESERVED
CVE-2020-14558
	RESERVED
CVE-2020-14557
	RESERVED
CVE-2020-14556
	RESERVED
CVE-2020-14555
	RESERVED
CVE-2020-14554
	RESERVED
CVE-2020-14553
	RESERVED
CVE-2020-14552
	RESERVED
CVE-2020-14551
	RESERVED
CVE-2020-14550
	RESERVED
CVE-2020-14549
	RESERVED
CVE-2020-14548
	RESERVED
CVE-2020-14547
	RESERVED
CVE-2020-14546
	RESERVED
CVE-2020-14545
	RESERVED
CVE-2020-14544
	RESERVED
CVE-2020-14543
	RESERVED
CVE-2020-14542
	RESERVED
CVE-2020-14541
	RESERVED
CVE-2020-14540
	RESERVED
CVE-2020-14539
	RESERVED
CVE-2020-14538
	RESERVED
CVE-2020-14537
	RESERVED
CVE-2020-14536
	RESERVED
CVE-2020-14535
	RESERVED
CVE-2020-14534
	RESERVED
CVE-2020-14533
	RESERVED
CVE-2020-14532
	RESERVED
CVE-2020-14531
	RESERVED
CVE-2020-14530
	RESERVED
CVE-2020-14529
	RESERVED
CVE-2020-14528
	RESERVED
CVE-2020-14527
	RESERVED
CVE-2020-14526
	RESERVED
CVE-2020-14525
	RESERVED
CVE-2020-14524
	RESERVED
CVE-2020-14523
	RESERVED
CVE-2020-14522
	RESERVED
CVE-2020-14521
	RESERVED
CVE-2020-14520
	RESERVED
CVE-2020-14519
	RESERVED
CVE-2020-14518
	RESERVED
CVE-2020-14517
	RESERVED
CVE-2020-14516
	RESERVED
CVE-2020-14515
	RESERVED
CVE-2020-14514
	RESERVED
CVE-2020-14513
	RESERVED
CVE-2020-14512
	RESERVED
CVE-2020-14511
	RESERVED
CVE-2020-14510
	RESERVED
CVE-2020-14509
	RESERVED
CVE-2020-14508
	RESERVED
CVE-2020-14507
	RESERVED
CVE-2020-14506
	RESERVED
CVE-2020-14505
	RESERVED
CVE-2020-14504
	RESERVED
CVE-2020-14503
	RESERVED
CVE-2020-14502
	RESERVED
CVE-2020-14501
	RESERVED
CVE-2020-14500
	RESERVED
CVE-2020-14499
	RESERVED
CVE-2020-14498
	RESERVED
CVE-2020-14497
	RESERVED
CVE-2020-14496
	RESERVED
CVE-2020-14495
	RESERVED
CVE-2020-14494
	RESERVED
CVE-2020-14493
	RESERVED
CVE-2020-14492
	RESERVED
CVE-2020-14491
	RESERVED
CVE-2020-14490
	RESERVED
CVE-2020-14489
	RESERVED
CVE-2020-14488
	RESERVED
CVE-2020-14487
	RESERVED
CVE-2020-14486
	RESERVED
CVE-2020-14485
	RESERVED
CVE-2020-14484
	RESERVED
CVE-2020-14483
	RESERVED
CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
	NOT-FOR-US: Delta Industrial Automation DOPSoft
CVE-2020-14481
	RESERVED
CVE-2020-14480
	RESERVED
CVE-2020-14479
	RESERVED
CVE-2020-14478
	RESERVED
CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
	NOT-FOR-US: Philips
CVE-2020-14476
	RESERVED
CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08
CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...)
	NOT-FOR-US: Cellebrite
CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
	NOT-FOR-US: DrayTek
CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...)
	NOT-FOR-US: DrayTek
CVE-2020-14471
	RESERVED
CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...)
	NOT-FOR-US: Octopus Deploy
CVE-2020-14469
	RESERVED
CVE-2020-14468
	RESERVED
CVE-2020-14467
	REJECTED
CVE-2020-14466
	RESERVED
CVE-2020-14465
	RESERVED
CVE-2020-14464
	RESERVED
CVE-2020-14463
	RESERVED
CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
	NOT-FOR-US: CALDERA
CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
	NOT-FOR-US: Zyxel
CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers  ...)
	NOT-FOR-US: Mattermost
CVE-2020-14458 (An issue was discovered in Mattermost Server before 5.19.0. Attackers  ...)
	NOT-FOR-US: Mattermost
CVE-2020-14457 (An issue was discovered in Mattermost Server before 5.20.0. Non-member ...)
	NOT-FOR-US: Mattermost
CVE-2020-14456 (An issue was discovered in Mattermost Desktop App before 4.4.0. The Sa ...)
	NOT-FOR-US: Mattermost
CVE-2020-14455 (An issue was discovered in Mattermost Desktop App before 4.4.0. Prompt ...)
	NOT-FOR-US: Mattermost
CVE-2020-14454 (An issue was discovered in Mattermost Desktop App before 4.4.0. Attack ...)
	NOT-FOR-US: Mattermost
CVE-2020-14453 (An issue was discovered in Mattermost Server before 5.21.0. Socket rea ...)
	NOT-FOR-US: Mattermost
CVE-2020-14452 (An issue was discovered in Mattermost Server before 5.21.0. mmctl allo ...)
	NOT-FOR-US: Mattermost
CVE-2020-14451 (An issue was discovered in Mattermost Mobile Apps before 1.29.0. The i ...)
	NOT-FOR-US: Mattermost
CVE-2020-14450 (An issue was discovered in Mattermost Server before 5.22.0. The markdo ...)
	NOT-FOR-US: Mattermost
CVE-2020-14449 (An issue was discovered in Mattermost Mobile Apps before 1.30.0. Autho ...)
	NOT-FOR-US: Mattermost
CVE-2020-14448 (An issue was discovered in Mattermost Server before 5.23.0. Automatic  ...)
	NOT-FOR-US: Mattermost
CVE-2020-14447 (An issue was discovered in Mattermost Server before 5.23.0. Large webh ...)
	NOT-FOR-US: Mattermost
CVE-2019-20890 (An issue was discovered in Mattermost Server before 5.7. It allows a b ...)
	NOT-FOR-US: Mattermost
CVE-2019-20889 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...)
	NOT-FOR-US: Mattermost
CVE-2019-20888 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...)
	NOT-FOR-US: Mattermost
CVE-2019-20887 (An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20886 (An issue was discovered in Mattermost Server before 5.8.0. The first u ...)
	NOT-FOR-US: Mattermost
CVE-2019-20885 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...)
	NOT-FOR-US: Mattermost
CVE-2019-20884 (An issue was discovered in Mattermost Server before 5.8.0. It allows a ...)
	NOT-FOR-US: Mattermost
CVE-2019-20883 (An issue was discovered in Mattermost Server before 5.8.0, when Town S ...)
	NOT-FOR-US: Mattermost
CVE-2019-20882 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...)
	NOT-FOR-US: Mattermost
CVE-2019-20881 (An issue was discovered in Mattermost Server before 5.8.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2019-20880 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20879 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20878 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20877 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20876 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20875 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20874 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20873 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20872 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20871 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20870 (An issue was discovered in Mattermost Server before 5.10.0. An attacke ...)
	NOT-FOR-US: Mattermost
CVE-2019-20869 (An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8 ...)
	NOT-FOR-US: Mattermost
CVE-2019-20868 (An issue was discovered in Mattermost Server before 5.11.0. Invite IDs ...)
	NOT-FOR-US: Mattermost
CVE-2019-20867 (An issue was discovered in Mattermost Server before 5.11.0. An attacke ...)
	NOT-FOR-US: Mattermost
CVE-2019-20866 (An issue was discovered in Mattermost Server before 5.12.0. Use of a P ...)
	NOT-FOR-US: Mattermost
CVE-2019-20865 (An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20864 (An issue was discovered in Mattermost Plugins before 5.13.0. The GitHu ...)
	NOT-FOR-US: Mattermost
CVE-2019-20863 (An issue was discovered in Mattermost Server before 5.13.0. Incoming w ...)
	NOT-FOR-US: Mattermost
CVE-2019-20862 (An issue was discovered in Mattermost Server before 5.13.0. Non-member ...)
	NOT-FOR-US: Mattermost
CVE-2019-20861 (An issue was discovered in Mattermost Desktop App before 4.2.2. It all ...)
	NOT-FOR-US: Mattermost
CVE-2019-20860 (An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20859 (An issue was discovered in Mattermost Server before 5.15.0. Login acce ...)
	NOT-FOR-US: Mattermost
CVE-2019-20858 (An issue was discovered in Mattermost Server before 5.15.0. It allows  ...)
	NOT-FOR-US: Mattermost
CVE-2019-20857 (An issue was discovered in Mattermost Server before 5.16.0. It allows  ...)
	NOT-FOR-US: Mattermost
CVE-2019-20856 (An issue was discovered in Mattermost Desktop App before 4.3.0 on macO ...)
	NOT-FOR-US: Mattermost
CVE-2019-20855 (An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20854 (An issue was discovered in Mattermost Server before 5.17.0. It allows  ...)
	NOT-FOR-US: Mattermost
CVE-2019-20853 (An issue was discovered in Mattermost Packages before 5.16.3. A Drople ...)
	NOT-FOR-US: Mattermost
CVE-2019-20852 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local ...)
	NOT-FOR-US: Mattermost
CVE-2019-20851 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. An at ...)
	NOT-FOR-US: Mattermost
CVE-2019-20850 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. A vie ...)
	NOT-FOR-US: Mattermost
CVE-2019-20849 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cooki ...)
	NOT-FOR-US: Mattermost
CVE-2019-20848 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Q ...)
	NOT-FOR-US: Mattermost
CVE-2019-20847 (An issue was discovered in Mattermost Server before 5.18.0. An attacke ...)
	NOT-FOR-US: Mattermost
CVE-2019-20846 (An issue was discovered in Mattermost Server before 5.18.0. It has wea ...)
	NOT-FOR-US: Mattermost
CVE-2019-20845 (An issue was discovered in Mattermost Server before 5.18.0. It allows  ...)
	NOT-FOR-US: Mattermost
CVE-2019-20844 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20843 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20842 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2019-20841 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
	NOT-FOR-US: Mattermost
CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...)
	NOT-FOR-US: Mattermost
CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21263 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21262 (An issue was discovered in Mattermost Server before 4.7.3. It allows a ...)
	NOT-FOR-US: Mattermost
CVE-2018-21261 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21260 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21259 (An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and ...)
	NOT-FOR-US: Mattermost
CVE-2018-21258 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
	NOT-FOR-US: Mattermost
CVE-2018-21257 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
	NOT-FOR-US: Mattermost
CVE-2018-21256 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
	NOT-FOR-US: Mattermost
CVE-2018-21255 (An issue was discovered in Mattermost Server before 5.1. Non-members o ...)
	NOT-FOR-US: Mattermost
CVE-2018-21254 (An issue was discovered in Mattermost Server before 5.1. An attacker c ...)
	NOT-FOR-US: Mattermost
CVE-2018-21253 (An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4. ...)
	NOT-FOR-US: Mattermost
CVE-2018-21252 (An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, ...)
	NOT-FOR-US: Mattermost
CVE-2018-21251 (An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...)
	NOT-FOR-US: Mattermost
CVE-2018-21250 (An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...)
	NOT-FOR-US: Mattermost
CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...)
	NOT-FOR-US: Mattermost
CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...)
	NOT-FOR-US: Mattermost
CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...)
	NOT-FOR-US: Mattermost
CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...)
	NOT-FOR-US: Mattermost
CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
	NOT-FOR-US: Mattermost
CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
	NOT-FOR-US: Mattermost
CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
	NOT-FOR-US: Mattermost
CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
	NOT-FOR-US: Mattermost
CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
	NOT-FOR-US: Mattermost
CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
	NOT-FOR-US: Mattermost
CVE-2017-18902 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18901 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18900 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18899 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18898 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18897 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18896 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18895 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18894 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18893 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18892 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18891 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18890 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18889 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18888 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18887 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18886 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18885 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18884 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18883 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18882 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18881 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18880 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18879 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18878 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18877 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18876 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18875 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18874 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18873 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and  ...)
	NOT-FOR-US: Mattermost
CVE-2017-18872 (An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. A ...)
	NOT-FOR-US: Mattermost
CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3. ...)
	NOT-FOR-US: Mattermost
CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and  ...)
	NOT-FOR-US: Mattermost
CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...)
	NOT-FOR-US: Mattermost
CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...)
	NOT-FOR-US: Mattermost
CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...)
	NOT-FOR-US: Mattermost
CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...)
	NOT-FOR-US: Mattermost
CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...)
	NOT-FOR-US: Mattermost
CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...)
	NOT-FOR-US: Mattermost
CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...)
	NOT-FOR-US: Mattermost
CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...)
	NOT-FOR-US: Mattermost
CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...)
	NOT-FOR-US: Mattermost
CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed  ...)
	NOT-FOR-US: Mattermost
CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...)
	NOT-FOR-US: Mattermost
CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...)
	NOT-FOR-US: Mattermost
CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...)
	NOT-FOR-US: Mattermost
CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...)
	NOT-FOR-US: Mattermost
CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...)
	NOT-FOR-US: Mattermost
CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
	NOT-FOR-US: Mattermost
CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...)
	{DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
	- mutt 1.14.4-1
	- neomutt 20200619+dfsg.1-1
	NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
	NOTE: https://gitlab.com/muttmua/mutt/-/issues/248
	NOTE: https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc
CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...)
	- dolibarr <removed>
CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2020-14425
	RESERVED
CVE-2020-14424
	RESERVED
CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
	NOT-FOR-US: Convos
CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
	- python3.8 3.8.4~rc1-1
	- python3.7 <removed>
	[buster] - python3.7 <no-dsa> (Minor issue)
	- python3.5 <removed>
	[stretch] - python3.5 <no-dsa> (Minor issue)
	- python3.4 <removed>
	[jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
	NOTE: https://bugs.python.org/issue41004
	NOTE: https://github.com/python/cpython/pull/20956
	NOTE: https://github.com/python/cpython/pull/21033
	NOTE: https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 (master)
	NOTE: https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd (3.9-branch)
	NOTE: https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 (v3.8.4rc1)
	NOTE: https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 (3.7-branch)
	NOTE: https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 (3.6-branch)
CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
	NOT-FOR-US: aaPanel
CVE-2020-14420
	RESERVED
CVE-2020-14419
	RESERVED
CVE-2020-14418
	RESERVED
CVE-2020-14417
	RESERVED
CVE-2020-14415 [division by zero in oss_write() in audio/ossaudio.c]
	RESERVED
	- qemu 1:5.0-1
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=3ba4066d085f5bdce2c7ac145692a4fd52493d67 (4.2.0-rc0)
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 (5.0.0-rc0)
CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty-&gt;disc_da ...)
	- linux 5.4.19-1
	[buster] - linux 4.19.118-1
	[stretch] - linux 4.9.210-1+deb9u1
	[jessie] - linux 3.16.84-1
	NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd
CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...)
	NOT-FOR-US: NeDi
CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation  ...)
	NOT-FOR-US: NeDi
CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...)
	NOT-FOR-US: NeDi
CVE-2020-14411
	RESERVED
CVE-2020-14410
	RESERVED
CVE-2020-14409
	RESERVED
CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2020-14407
	RESERVED
CVE-2020-14406
	RESERVED
CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
CVE-2020-14400 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
CVE-2020-14399 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
	- libvncserver 0.9.13+dfsg-1
	[jessie] - libvncserver <ignored> (Proposed patch might break ABI consumers)
	NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b
CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
	- libvncserver 0.9.13+dfsg-1
	[jessie] - libvncserver <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
CVE-2020-14395
	RESERVED
CVE-2020-14394
	RESERVED
CVE-2020-14393
	RESERVED
CVE-2020-14392
	RESERVED
CVE-2020-14391
	RESERVED
CVE-2020-14390
	RESERVED
CVE-2020-14389
	RESERVED
CVE-2020-14388
	RESERVED
CVE-2020-14387
	RESERVED
CVE-2020-14386
	RESERVED
CVE-2020-14385
	RESERVED
CVE-2020-14384
	RESERVED
CVE-2020-14383
	RESERVED
CVE-2020-14382
	RESERVED
CVE-2020-14381
	RESERVED
CVE-2020-14380
	RESERVED
CVE-2020-14379
	RESERVED
CVE-2020-14378
	RESERVED
CVE-2020-14377
	RESERVED
CVE-2020-14376
	RESERVED
CVE-2020-14375
	RESERVED
CVE-2020-14374
	RESERVED
CVE-2020-14373
	RESERVED
CVE-2020-14372
	RESERVED
CVE-2020-14371
	RESERVED
CVE-2020-14370
	RESERVED
CVE-2020-14369
	RESERVED
CVE-2020-14368
	RESERVED
CVE-2020-14367
	RESERVED
CVE-2020-14366
	RESERVED
CVE-2020-14365
	RESERVED
CVE-2020-14364
	RESERVED
CVE-2020-14363
	RESERVED
CVE-2020-14362
	RESERVED
CVE-2020-14361
	RESERVED
CVE-2020-14360
	RESERVED
CVE-2020-14359
	RESERVED
CVE-2020-14358
	RESERVED
CVE-2020-14357
	RESERVED
CVE-2020-14356
	RESERVED
CVE-2020-14355
	RESERVED
CVE-2020-14354
	RESERVED
CVE-2020-14353
	RESERVED
CVE-2020-14352
	RESERVED
CVE-2020-14351
	RESERVED
CVE-2020-14350
	RESERVED
CVE-2020-14349
	RESERVED
CVE-2020-14348
	RESERVED
CVE-2020-14347
	RESERVED
CVE-2020-14346
	RESERVED
CVE-2020-14345
	RESERVED
CVE-2020-14344
	RESERVED
CVE-2020-14343
	RESERVED
CVE-2020-14342
	RESERVED
CVE-2020-14341
	RESERVED
CVE-2020-14340
	RESERVED
CVE-2020-14339
	RESERVED
CVE-2020-14338
	RESERVED
CVE-2020-14337
	RESERVED
CVE-2020-14336
	RESERVED
CVE-2020-14335
	RESERVED
CVE-2020-14334
	RESERVED
CVE-2020-14333
	RESERVED
CVE-2020-14332
	RESERVED
CVE-2020-14331
	RESERVED
CVE-2020-14330
	RESERVED
CVE-2020-14329
	RESERVED
CVE-2020-14328
	RESERVED
CVE-2020-14327
	RESERVED
CVE-2020-14326
	RESERVED
CVE-2020-14325
	RESERVED
CVE-2020-14324
	RESERVED
CVE-2020-14323
	RESERVED
CVE-2020-14322
	RESERVED
CVE-2020-14321
	RESERVED
CVE-2020-14320
	RESERVED
CVE-2020-14319
	RESERVED
CVE-2020-14318
	RESERVED
CVE-2020-14317
	RESERVED
	- wildfly <itp> (bug #752018)
CVE-2020-14316
	RESERVED
CVE-2020-14315
	RESERVED
CVE-2020-14314 [buffer uses out of index in ext3/4 filesystem]
	RESERVED
	- linux <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
CVE-2020-14313
	RESERVED
	NOT-FOR-US: Quay
CVE-2020-14312
	RESERVED
	- dnsmasq 2.69-1 (bug #732610)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
CVE-2020-14311
	RESERVED
CVE-2020-14310
	RESERVED
CVE-2020-14309
	RESERVED
CVE-2020-14308
	RESERVED
CVE-2020-14307
	RESERVED
CVE-2020-14306
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
	RESERVED
	- linux 4.12.6-1
	NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
CVE-2020-14304 [ethtool when reading eeprom of device could lead to memory leak]
	RESERVED
	- linux <unfixed> (bug #960702)
CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before  ...)
	- samba 2:4.12.5+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-14302
	RESERVED
CVE-2020-14301 [leak of sensitive cookie information via dumpxml]
	RESERVED
	- libvirt <not-affected> (Vulnerable code introduced with 6.2.0)
	NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
	NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5
CVE-2020-14300
	RESERVED
	- docker.io <not-affected> (Red Hat specific regression)
CVE-2020-14299
	RESERVED
CVE-2020-14298
	RESERVED
	- docker.io <not-affected> (Red Hat specific regression)
CVE-2020-14297
	RESERVED
CVE-2020-14296
	RESERVED
CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to  ...)
	- cacti <unfixed> (bug #963139)
	[buster] - cacti <not-affected> (Vulnerability introduced later)
	[stretch] - cacti <not-affected> (Vulnerability introduced later)
	[jessie] - cacti <not-affected> (Vulnerability introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/3622
	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e
	NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839
	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6)
CVE-2020-14294
	RESERVED
CVE-2020-14293
	RESERVED
CVE-2020-14292
	RESERVED
CVE-2020-14291
	RESERVED
CVE-2020-14290
	RESERVED
CVE-2020-14289
	RESERVED
CVE-2020-14288
	RESERVED
CVE-2020-14287
	RESERVED
CVE-2020-14286
	RESERVED
CVE-2020-14285
	RESERVED
CVE-2020-14284
	RESERVED
CVE-2020-14283
	RESERVED
CVE-2020-14282
	RESERVED
CVE-2020-14281
	RESERVED
CVE-2020-14280
	RESERVED
CVE-2020-14279
	RESERVED
CVE-2020-14278
	RESERVED
CVE-2020-14277
	RESERVED
CVE-2020-14276
	RESERVED
CVE-2020-14275
	RESERVED
CVE-2020-14274
	RESERVED
CVE-2020-14273
	RESERVED
CVE-2020-14272
	RESERVED
CVE-2020-14271
	RESERVED
CVE-2020-14270
	RESERVED
CVE-2020-14269
	RESERVED
CVE-2020-14268
	RESERVED
CVE-2020-14267
	RESERVED
CVE-2020-14266
	RESERVED
CVE-2020-14265
	RESERVED
CVE-2020-14264
	RESERVED
CVE-2020-14263
	RESERVED
CVE-2020-14262
	RESERVED
CVE-2020-14261
	RESERVED
CVE-2020-14260
	RESERVED
CVE-2020-14259
	RESERVED
CVE-2020-14258
	RESERVED
CVE-2020-14257
	RESERVED
CVE-2020-14256
	RESERVED
CVE-2020-14255
	RESERVED
CVE-2020-14254
	RESERVED
CVE-2020-14253
	RESERVED
CVE-2020-14252
	RESERVED
CVE-2020-14251
	RESERVED
CVE-2020-14250
	RESERVED
CVE-2020-14249
	RESERVED
CVE-2020-14248
	RESERVED
CVE-2020-14247
	RESERVED
CVE-2020-14246
	RESERVED
CVE-2020-14245
	RESERVED
CVE-2020-14244
	RESERVED
CVE-2020-14243
	RESERVED
CVE-2020-14242
	RESERVED
CVE-2020-14241
	RESERVED
CVE-2020-14240
	RESERVED
CVE-2020-14239
	RESERVED
CVE-2020-14238
	RESERVED
CVE-2020-14237
	RESERVED
CVE-2020-14236
	RESERVED
CVE-2020-14235
	RESERVED
CVE-2020-14234
	RESERVED
CVE-2020-14233
	RESERVED
CVE-2020-14232
	RESERVED
CVE-2020-14231
	RESERVED
CVE-2020-14230
	RESERVED
CVE-2020-14229
	RESERVED
CVE-2020-14228
	RESERVED
CVE-2020-14227
	RESERVED
CVE-2020-14226
	RESERVED
CVE-2020-14225
	RESERVED
CVE-2020-14224
	RESERVED
CVE-2020-14223
	RESERVED
CVE-2020-14222
	RESERVED
CVE-2020-14221
	RESERVED
CVE-2020-14220
	RESERVED
CVE-2020-14219
	RESERVED
CVE-2020-14218
	RESERVED
CVE-2020-14217
	RESERVED
CVE-2020-14216
	RESERVED
CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...)
	- libvncserver 0.9.13+dfsg-1
	[jessie] - libvncserver <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
	{DLA-2264-1}
	- libvncserver 0.9.13+dfsg-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
	{DSA-4383-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2
	NOTE: https://github.com/LibVNC/libvncserver/issues/253
	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
CVE-2020-14215
	RESERVED
CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...)
	- zammad <itp> (bug #841355)
CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only  ...)
	- zammad <itp> (bug #841355)
CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...)
	- ffmpeg <unfixed>
	[buster] - ffmpeg <not-affected> (Vulnerable code not present)
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: https://trac.ffmpeg.org/ticket/8716
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
CVE-2020-14211
	RESERVED
CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
	NOT-FOR-US: MONITORAPP
CVE-2020-14209
	RESERVED
CVE-2020-14208
	RESERVED
CVE-2020-14207
	RESERVED
CVE-2020-14206
	RESERVED
CVE-2020-14205
	RESERVED
CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...)
	NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...)
	NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
	NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14201
	RESERVED
CVE-2020-14200
	RESERVED
CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...)
	NOT-FOR-US: Bitcoin protocol issue
CVE-2020-14198
	RESERVED
CVE-2020-14197
	RESERVED
CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...)
	- pdns-recursor 4.3.2-1 (low; bug #964103)
	[buster] - pdns-recursor <postponed> (Minor issue, fix along in next DSA)
	[stretch] - pdns-recursor <postponed> (Minor issue, fix along in next DSA)
	NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1
CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
	{DLA-2270-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2765
	NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14194
	RESERVED
CVE-2020-14193
	RESERVED
CVE-2020-14192
	RESERVED
CVE-2020-14191
	RESERVED
CVE-2020-14190
	RESERVED
CVE-2020-14189
	RESERVED
CVE-2020-14188
	RESERVED
CVE-2020-14187
	RESERVED
CVE-2020-14186
	RESERVED
CVE-2020-14185
	RESERVED
CVE-2020-14184
	RESERVED
CVE-2020-14183
	RESERVED
CVE-2020-14182
	RESERVED
CVE-2020-14181
	RESERVED
CVE-2020-14180
	RESERVED
CVE-2020-14179
	RESERVED
CVE-2020-14178
	RESERVED
CVE-2020-14177
	RESERVED
CVE-2020-14176
	RESERVED
CVE-2020-14175
	RESERVED
CVE-2020-14174
	RESERVED
CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...)
	NOT-FOR-US: Atlassian
CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2020-14171
	RESERVED
CVE-2020-14170
	RESERVED
CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...)
	NOT-FOR-US: Atlassian
CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...)
	NOT-FOR-US: Atlassian
CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...)
	NOT-FOR-US: Atlassian
CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...)
	NOT-FOR-US: Atlassian
CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...)
	NOT-FOR-US: Atlassian
CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...)
	NOT-FOR-US: Atlassian
CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in  ...)
	NOT-FOR-US: JerryScript
CVE-2020-14162
	RESERVED
CVE-2020-14161
	RESERVED
CVE-2020-14160
	RESERVED
CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a  ...)
	NOT-FOR-US: ConnectWise
CVE-2020-14158
	RESERVED
CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...)
	NOT-FOR-US: ABUS
CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...)
	NOT-FOR-US: OpenBMC
CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...)
	- pcre3 2:8.39-13 (bug #963086)
	[buster] - pcre3 <no-dsa> (Minor issue)
	[stretch] - pcre3 <no-dsa> (Minor issue)
	[jessie] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2463
	NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1761 (8.44)
CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to  ...)
	- mutt 1.14.3-1 (unimportant)
	[buster] - mutt 1.10.1-2.1+deb10u1
	- neomutt 20200619+dfsg.1-1 (unimportant)
	NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
	NOTE: https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95
	NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b
	NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3
	NOTE: Negligible security impact
CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds arr ...)
	- libjpeg9 1:9d-1
	- libjpeg-turbo <undetermined>
	NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo
CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
	- libjpeg9 1:9d-1 (low)
	- libjpeg-turbo 1:1.5.2-1 (low)
	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
CVE-2020-14151
	REJECTED
CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)
	- bison 2:3.6.1+dfsg-1 (unimportant)
	NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
	NOTE: Crash in CLI tool, no security impact
CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...)
	NOT-FOR-US: uftpd
CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...)
	{DLA-2252-1}
	- ngircd <unfixed> (bug #963147)
	[buster] - ngircd <no-dsa> (Minor issue)
	[stretch] - ngircd <no-dsa> (Minor issue)
	NOTE: https://github.com/ngircd/ngircd/issues/274
	NOTE: https://github.com/ngircd/ngircd/issues/277
	NOTE: https://github.com/ngircd/ngircd/pull/275
	NOTE: https://github.com/ngircd/ngircd/pull/276
	NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...)
	- redis 5:6.0.0-1
	[stretch] - redis <not-affected> (Vulnerable code reintroduced later)
	[jessie] - redis <not-affected> (Vulnerable code reintroduced later)
	NOTE: https://github.com/antirez/redis/pull/6875
	NOTE: Issue re-introduced with https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (5.0-rc4)
	NOTE: Fixed by: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571
	NOTE: Fixed upstream in 6.0~rc2 and 5.0.8
CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...)
	NOT-FOR-US: KumbiaPHP
CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepan ...)
	- openssh <unfixed> (unimportant)
	NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
	NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
	NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding
	NOTE: the issue, details in "3.1 OpenSSH" in the publication.
CVE-2020-14144
	RESERVED
CVE-2020-14143
	RESERVED
CVE-2020-14142
	RESERVED
CVE-2020-14141
	RESERVED
CVE-2020-14140
	RESERVED
CVE-2020-14139
	RESERVED
CVE-2020-14138
	RESERVED
CVE-2020-14137
	RESERVED
CVE-2020-14136
	RESERVED
CVE-2020-14135
	RESERVED
CVE-2020-14134
	RESERVED
CVE-2020-14133
	RESERVED
CVE-2020-14132
	RESERVED
CVE-2020-14131
	RESERVED
CVE-2020-14130
	RESERVED
CVE-2020-14129
	RESERVED
CVE-2020-14128
	RESERVED
CVE-2020-14127
	RESERVED
CVE-2020-14126
	RESERVED
CVE-2020-14125
	RESERVED
CVE-2020-14124
	RESERVED
CVE-2020-14123
	RESERVED
CVE-2020-14122
	RESERVED
CVE-2020-14121
	RESERVED
CVE-2020-14120
	RESERVED
CVE-2020-14119
	RESERVED
CVE-2020-14118
	RESERVED
CVE-2020-14117
	RESERVED
CVE-2020-14116
	RESERVED
CVE-2020-14115
	RESERVED
CVE-2020-14114
	RESERVED
CVE-2020-14113
	RESERVED
CVE-2020-14112
	RESERVED
CVE-2020-14111
	RESERVED
CVE-2020-14110
	RESERVED
CVE-2020-14109
	RESERVED
CVE-2020-14108
	RESERVED
CVE-2020-14107
	RESERVED
CVE-2020-14106
	RESERVED
CVE-2020-14105
	RESERVED
CVE-2020-14104
	RESERVED
CVE-2020-14103
	RESERVED
CVE-2020-14102
	RESERVED
CVE-2020-14101
	RESERVED
CVE-2020-14100
	RESERVED
CVE-2020-14099
	RESERVED
CVE-2020-14098
	RESERVED
CVE-2020-14097
	RESERVED
CVE-2020-14096
	RESERVED
CVE-2020-14095 (In Xiaomi router R3600, ROM version&lt;1.0.20, a connect service suffe ...)
	NOT-FOR-US: Xiaomi
CVE-2020-14094 (In Xiaomi router R3600, ROM version&lt;1.0.20, the connection service  ...)
	NOT-FOR-US: Xiaomi
CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...)
	- pcre3 <unfixed> (unimportant)
	NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43)
	NOTE: Only an issue when UTF support disabled
CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...)
	- caddy <itp> (bug #810890)
CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...)
	- pound 2.8-2
	[stretch] - pound 2.7-1.3+deb9u1
	[jessie] - pound 2.6-6+deb8u2
	NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html
	NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was
	NOTE: as well fixed with the same changes as done upstream for 2.8. The backport
	NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8.
	NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too.
CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...)
	- node-chownr 1.1.1-1 (bug #909024)
	NOTE: https://github.com/isaacs/chownr/issues/14
	NOTE: https://snyk.io/vuln/npm:chownr:20180731
CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...)
	{DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
	- mutt 1.14.3-1 (bug #962897)
	- neomutt 20200619+dfsg.1-1
	NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
	NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107
	NOTE: Regression fixed by: https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748
CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for Wo ...)
	NOT-FOR-US: CodePeople Payment Form for PayPal Pro plugin for WordPress
CVE-2020-14091
	RESERVED
CVE-2020-14090
	RESERVED
CVE-2020-14089
	RESERVED
CVE-2020-14088
	RESERVED
CVE-2020-14087
	RESERVED
CVE-2020-14086
	RESERVED
CVE-2020-14085
	RESERVED
CVE-2020-14084
	RESERVED
CVE-2020-14083
	RESERVED
CVE-2020-14082
	RESERVED
CVE-2020-14081 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14080 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14079 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14078 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14077 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14076 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
	NOT-FOR-US: TRENDnet TEW-827DRU devices
CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
	NOT-FOR-US: TRENDnet
CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution  ...)
	NOT-FOR-US: MK-AUTH
CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...)
	NOT-FOR-US: MK-AUTH
CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...)
	NOT-FOR-US: MK-AUTH
CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...)
	NOT-FOR-US: MK-AUTH
CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality  ...)
	NOT-FOR-US: MK-AUTH
CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14066
	RESERVED
CVE-2020-14065
	RESERVED
CVE-2020-14064
	RESERVED
CVE-2020-14063
	RESERVED
CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
	{DLA-2270-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2704
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
	{DLA-2270-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2698
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
	{DLA-2270-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2688
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...)
	- squid <not-affected> (vulnerability introduced in the 5.x series)
	- squid3 <not-affected> (vulnerability introduced in the 5.x series)
	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr
CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...)
	- squid 4.12-1 (unimportant)
	- squid3 <removed> (unimportant)
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch
	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
	NOTE: Squid in Debian builds without OpenSSL support
CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...)
	NOT-FOR-US: Monsta FTP
CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...)
	NOT-FOR-US: Monsta FTP
CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...)
	NOT-FOR-US: Monsta FTP
CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...)
	NOT-FOR-US: SOKKIA GNR5 Vanguard WEB
CVE-2020-14053
	RESERVED
CVE-2020-14052
	RESERVED
CVE-2020-14051
	RESERVED
CVE-2020-14050
	RESERVED
CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...)
	NOT-FOR-US: Viber
CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...)
	NOT-FOR-US: Zoho
CVE-2020-14047
	RESERVED
CVE-2020-14046
	RESERVED
CVE-2020-14045
	RESERVED
CVE-2020-14044
	RESERVED
CVE-2020-14043
	RESERVED
CVE-2020-14042
	RESERVED
CVE-2020-14041
	RESERVED
CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...)
	- golang-golang-x-text <unfixed> (bug #964272)
	- golang-x-text <unfixed> (bug #964271)
	NOTE: https://github.com/golang/go/issues/39491
	NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
	NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
CVE-2020-14039
	RESERVED
CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public posts]
	- wordpress 5.4.2+dfsg1-1 (bug #962685)
	[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
	NOTE: https://core.trac.wordpress.org/changeset/47984
CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...)
	{DSA-4709-1 DLA-2269-1}
	- wordpress 5.4.2+dfsg1-1 (bug #962685)
	NOTE: https://core.trac.wordpress.org/changeset/47951
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
	NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of  ...)
	{DSA-4709-1 DLA-2269-1}
	- wordpress 5.4.2+dfsg1-1 (bug #962685)
	NOTE: https://core.trac.wordpress.org/changeset/47950
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
	NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...)
	{DSA-4709-1 DLA-2269-1}
	- wordpress 5.4.2+dfsg1-1 (bug #962685)
	NOTE: https://core.trac.wordpress.org/changeset/47949
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
	NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...)
	{DSA-4709-1 DLA-2269-1}
	- wordpress 5.4.2+dfsg1-1 (bug #962685)
	NOTE: https://core.trac.wordpress.org/changeset/47947
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...)
	{DSA-4709-1 DLA-2269-1}
	- wordpress 5.4.2+dfsg1-1 (bug #962685)
	NOTE: https://core.trac.wordpress.org/changeset/47948
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
	NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f
CVE-2020-14038
	RESERVED
CVE-2020-14037
	RESERVED
CVE-2020-14036
	RESERVED
CVE-2020-14035
	RESERVED
CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
	- janus 0.10.2-1
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/2229
	NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
	- janus 0.10.2-1
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/2229
	NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
CVE-2020-14032
	RESERVED
CVE-2020-14031
	RESERVED
CVE-2020-14030
	RESERVED
CVE-2020-14029
	RESERVED
CVE-2020-14028
	RESERVED
CVE-2020-14027
	RESERVED
CVE-2020-14026
	RESERVED
CVE-2020-14025
	RESERVED
CVE-2020-14024
	RESERVED
CVE-2020-14023
	RESERVED
CVE-2020-14022
	RESERVED
CVE-2020-14021
	RESERVED
CVE-2020-14020
	RESERVED
CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
	- python-rtslib-fb <unfixed>
	[jessie] - python-rtslib-fb <not-affected> (vulnerable code introduced later, shutil.copyfile is not used)
	NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162
CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14014 (An issue was discovered in Navigate CMS 2.9 r1433. The query parameter ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-14013
	RESERVED
CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...)
	NOT-FOR-US: osTicket
CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...)
	NOT-FOR-US: Lansweeper
CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
	NOT-FOR-US: Laborator Xenon theme for WordPress
CVE-2020-14009
	RESERVED
CVE-2020-14008
	RESERVED
CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
	NOT-FOR-US: Solarwinds
CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
	NOT-FOR-US: Solarwinds
CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
	NOT-FOR-US: Solarwinds
CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...)
	- icinga2 <unfixed>
	[jessie] - icinga2 <not-affected> (prepare-dirs script not shipped)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1172171
	NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6
CVE-2020-14003
	RESERVED
CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...)
	- putty 0.74-1
	[buster] - putty <no-dsa> (Minor issue)
	[stretch] - putty <no-dsa> (Minor issue)
	[jessie] - putty <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
CVE-2020-14001
	RESERVED
CVE-2020-14000
	RESERVED
CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...)
	- libemf 1.0.13-1 (bug #963778)
	[buster] - libemf <no-dsa> (Minor issue)
	NOTE: Fixed upstream in 1.0.13
CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA  ...)
	NOT-FOR-US: Citrix
CVE-2020-13997
	RESERVED
CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
	NOT-FOR-US: J2Store plugin for Joomla!
CVE-2020-13995
	RESERVED
CVE-2020-13994
	RESERVED
CVE-2020-13993
	RESERVED
CVE-2020-13992
	RESERVED
CVE-2020-13991
	RESERVED
CVE-2020-13990
	RESERVED
CVE-2020-13989
	RESERVED
CVE-2020-13988
	RESERVED
CVE-2020-13987
	RESERVED
CVE-2020-13986
	RESERVED
CVE-2020-13985
	RESERVED
CVE-2020-13984
	RESERVED
CVE-2020-13983
	RESERVED
CVE-2020-13982
	RESERVED
CVE-2020-13981
	RESERVED
CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...)
	NOT-FOR-US: OpenCart
CVE-2020-13979
	RESERVED
CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...)
	NOT-FOR-US: Monstra CMS
CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...)
	- nagios4 4.3.4-4 (bug #962826)
	[buster] - nagios4 <no-dsa> (Minor issue)
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/8deeca7cad3df1143ad9c351d107b5c0a6c61213
CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...)
	NOT-FOR-US: DD-WRT
CVE-2020-13975
	RESERVED
CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...)
	- linux 5.7.6-1
	NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
	NOT-FOR-US: OWASP json-sanitizer
CVE-2020-13972
	RESERVED
CVE-2020-13971
	RESERVED
CVE-2020-13970
	RESERVED
CVE-2020-13969
	RESERVED
CVE-2020-13968
	RESERVED
CVE-2020-13967
	RESERVED
CVE-2020-13966
	RESERVED
CVE-2020-13963
	RESERVED
CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...)
	- qtbase-opensource-src <unfixed>
	[buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
	[stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
	[jessie] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
	NOTE: https://bugreports.qt.io/browse/QTBUG-83450
	NOTE: https://github.com/mumble-voip/mumble/issues/3679
	NOTE: https://github.com/mumble-voip/mumble/pull/4032
CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...)
	NOT-FOR-US: Strapi
CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
	NOT-FOR-US: D-Link
CVE-2020-13959
	RESERVED
CVE-2020-13958
	RESERVED
CVE-2020-13957
	RESERVED
CVE-2020-13956
	RESERVED
CVE-2020-13955
	RESERVED
CVE-2020-13954
	RESERVED
CVE-2020-13953
	RESERVED
CVE-2020-13952
	RESERVED
CVE-2020-13951
	RESERVED
CVE-2020-13950
	RESERVED
CVE-2020-13949
	RESERVED
CVE-2020-13948
	RESERVED
CVE-2020-13947
	RESERVED
CVE-2020-13946
	RESERVED
CVE-2020-13945
	RESERVED
CVE-2020-13944
	RESERVED
CVE-2020-13943
	RESERVED
CVE-2020-13942
	RESERVED
CVE-2020-13941
	RESERVED
CVE-2020-13940
	RESERVED
CVE-2020-13939
	RESERVED
CVE-2020-13938
	RESERVED
CVE-2020-13937
	RESERVED
CVE-2020-13936
	RESERVED
CVE-2020-13935
	RESERVED
CVE-2020-13934
	RESERVED
CVE-2020-13933
	RESERVED
CVE-2020-13932
	RESERVED
CVE-2020-13931
	RESERVED
CVE-2020-13930
	RESERVED
CVE-2020-13929
	RESERVED
CVE-2020-13928
	RESERVED
CVE-2020-13927
	RESERVED
CVE-2020-13926
	RESERVED
CVE-2020-13925
	RESERVED
CVE-2020-13924
	RESERVED
CVE-2020-13923
	RESERVED
CVE-2020-13922
	RESERVED
CVE-2020-13921
	RESERVED
CVE-2020-13920
	RESERVED
CVE-2020-13919
	RESERVED
CVE-2020-13918
	RESERVED
CVE-2020-13917
	RESERVED
CVE-2020-13916
	RESERVED
CVE-2020-13915
	RESERVED
CVE-2020-13914
	RESERVED
CVE-2020-13913
	RESERVED
CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users  ...)
	NOT-FOR-US: SolarWinds Advanced Monitoring Agent
CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...)
	NOT-FOR-US: Your Online Shop
CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...)
	NOT-FOR-US: Pengutronix Barebox
CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _ ...)
	NOT-FOR-US: Laravel
CVE-2020-13908
	RESERVED
CVE-2020-13907
	RESERVED
CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
	NOT-FOR-US: IrfanView
CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
	NOT-FOR-US: IrfanView
CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an  ...)
	- ffmpeg <unfixed>
	NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
	NOTE: https://trac.ffmpeg.org/ticket/8673
CVE-2020-13903
	RESERVED
CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...)
	- imagemagick <unfixed>
	[buster] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
	[stretch] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
	[jessie] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920
	NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2132
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb
CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
	- janus 0.10.1-1 (bug #962680)
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86
CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
	- janus 0.10.1-1 (bug #962680)
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a
CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
	- janus 0.10.1-1 (bug #962680)
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636
CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
	- janus 0.10.1-1 (bug #962680)
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214
	NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120
CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
	NOT-FOR-US: HESK
CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...)
	NOT-FOR-US: Maipu devices
CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows  ...)
	NOT-FOR-US: DEXT5 Editor
CVE-2020-13893
	RESERVED
CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...)
	NOT-FOR-US: SportsPress plugin for WordPress
CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...)
	NOT-FOR-US: Mattermost
CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...)
	NOT-FOR-US: Bootstrap theme
CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
	NOT-FOR-US: Bludit
CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...)
	NOT-FOR-US: Kordil EDMS
CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...)
	NOT-FOR-US: Kordil EDMS
CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...)
	- libcrypt-perl-perl <itp> (bug #907353)
	NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
	NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2
CVE-2020-13886
	RESERVED
CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...)
	NOT-FOR-US: Citrix
CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...)
	NOT-FOR-US: Citrix
CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...)
	- lynis 3.0.0-1 (unimportant)
	NOTE: Neutralised by kernel hardening
	NOTE: https://github.com/CISOfy/lynis/pull/594
	NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
	{DLA-2239-1}
	- libpam-tacplus <unfixed> (low; bug #962830)
	[buster] - libpam-tacplus <no-dsa> (Minor issue)
	[stretch] - libpam-tacplus <no-dsa> (Minor issue)
	NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
	NOTE: https://github.com/kravietz/pam_tacplus/issues/149
CVE-2020-13880
	RESERVED
CVE-2020-13879
	RESERVED
CVE-2020-13878
	RESERVED
CVE-2020-13877
	RESERVED
CVE-2020-13876
	RESERVED
CVE-2020-13875
	RESERVED
CVE-2020-13874
	RESERVED
CVE-2020-13873
	RESERVED
CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...)
	NOT-FOR-US: Royal TS
CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...)
	- sqlite3 3.32.2-2
	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104
	NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4
	NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529
	NOTE: https://www.sqlite.org/src/info/cd708fa84d2aaaea
CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft  ...)
	NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft  ...)
	NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft  ...)
	NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
	- targetcli-fb <unfixed> (low; bug #962331)
	[buster] - targetcli-fb <no-dsa> (Minor issue)
	[stretch] - targetcli-fb <no-dsa> (Minor issue)
	NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172
CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...)
	NOT-FOR-US: WinGate
CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
	NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
	NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-13863
	RESERVED
CVE-2020-13862
	RESERVED
CVE-2020-13861
	RESERVED
CVE-2020-13860
	RESERVED
CVE-2020-13859
	RESERVED
CVE-2020-13858
	RESERVED
CVE-2020-13857
	RESERVED
CVE-2020-13856
	RESERVED
CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...)
	TODO: check
CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...)
	{DLA-2238-1}
	- pupnp-1.8 <unfixed> (bug #962282)
	[buster] - pupnp-1.8 <no-dsa> (Minor issue)
	- libupnp <removed>
	[stretch] - libupnp <no-dsa> (Minor issue)
	NOTE: https://github.com/pupnp/pupnp/issues/177
	NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
CVE-2020-13847
	RESERVED
CVE-2020-13846
	RESERVED
CVE-2020-13845
	RESERVED
CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past  ...)
	NOTE: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html
	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
	TODO: check further details
CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software  ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-13841 (An issue was discovered on LG mobile devices with Android OS 9 and 10  ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-13840 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-13839 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-13828
	RESERVED
CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...)
	- phplist <itp> (bug #612288)
CVE-2020-13826
	RESERVED
CVE-2020-13825
	RESERVED
CVE-2020-13824
	RESERVED
CVE-2020-13823
	RESERVED
CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...)
	- node-elliptic 6.5.3~dfsg-1 (bug #963149)
	[buster] - node-elliptic <no-dsa> (Minor issue)
	NOTE: https://github.com/indutny/elliptic/issues/226
CVE-2020-13821
	RESERVED
CVE-2020-13820
	RESERVED
CVE-2020-13819
	RESERVED
CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when &lt;cachestart&gt;  ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...)
	- ntp 1:4.2.8p14+dfsg-1 (low)
	[buster] - ntp <ignored> (Minor issue)
	[stretch] - ntp <ignored> (Minor issue)
	[jessie] - ntp <ignored> (Too intrusive to backport, requires new configuration)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596
	NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14)
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14)
	TODO: check ntpsec, cf. #964395
CVE-2020-13816
	REJECTED
CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-13802
	RESERVED
CVE-2020-13801
	RESERVED
CVE-2020-13799
	RESERVED
CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-13797 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...)
	NOT-FOR-US: Navigate CMS
CVE-2020-13794
	RESERVED
CVE-2020-13793
	RESERVED
CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...)
	NOT-FOR-US: PlayTube
CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20836 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20835 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20834 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows s ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20833 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mish ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20832 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homo ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20831 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20830 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20829 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20828 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20827 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20826 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20825 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20824 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NU ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20823 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a bu ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20822 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20821 (An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a N ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20820 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20819 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20818 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20817 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-20816 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20815 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows s ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20814 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows m ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-20813 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21244 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows ar ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21243 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21242 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Re ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21241 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an un ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21240 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-21239 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-21238 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows me ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21237 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NT ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21236 (An issue was discovered in Foxit Reader before 2.4.4. It has a NULL po ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system before Sept ...)
	NOT-FOR-US: Foxit E-mail advertising system
CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...)
	{DSA-4700-1}
	- roundcube 1.4.5+dfsg.1-1 (bug #962124)
	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43
	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...)
	{DSA-4700-1}
	- roundcube 1.4.5+dfsg.1-1 (bug #962123)
	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...)
	- qemu 1:5.0-6
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455
CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...)
	- qemu 1:5.0-6
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html
CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
	- libjpeg-turbo <unfixed> (bug #962829)
	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
	[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
	[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x)
CVE-2020-13789
	RESERVED
CVE-2020-13788
	RESERVED
CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...)
	NOT-FOR-US: D-Link
CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
	NOT-FOR-US: D-Link
CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...)
	NOT-FOR-US: D-Link
CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...)
	NOT-FOR-US: D-Link
CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...)
	NOT-FOR-US: D-Link
CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. ...)
	NOT-FOR-US: D-Link
CVE-2020-13781
	RESERVED
CVE-2020-13780
	RESERVED
CVE-2020-13779
	RESERVED
CVE-2020-13778
	RESERVED
CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting  ...)
	{DSA-4697-1}
	- gnutls28 3.6.14-1 (bug #962289)
	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
	[jessie] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1843723
	NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1011
	NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
	NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da
CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...)
	- systemd <unfixed> (unimportant)
	NOTE: https://github.com/systemd/systemd/issues/15985
	NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082.
CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an app ...)
	- znc 1.8.1-1 (bug #962105)
	[buster] - znc <not-affected> (Vulnerable code introduced later)
	[stretch] - znc <not-affected> (Vulnerable code introduced later)
	[jessie] - znc <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1)
	NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0)
CVE-2020-13774
	RESERVED
CVE-2020-13773
	RESERVED
CVE-2020-13772
	RESERVED
CVE-2020-13771
	RESERVED
CVE-2020-13770
	RESERVED
CVE-2020-13769
	RESERVED
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via  ...)
	NOT-FOR-US: MiniShare
CVE-2020-13767
	RESERVED
CVE-2020-13766
	RESERVED
CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
	{DLA-2262-1}
	- qemu 1:4.2-1
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
	NOTE: https://bugs.launchpad.net/qemu/+bug/1844635
CVE-2020-13764 (common.php in the Gravity Forms plugin before 2.4.9 for WordPress can  ...)
	NOT-FOR-US: Gravity Forms plugin for WordPress
CVE-2020-13763 (In Joomla! before 3.9.19, the default settings of the global textfilte ...)
	NOT-FOR-US: Joomla!
CVE-2020-13762 (In Joomla! before 3.9.19, incorrect input validation of the module tag ...)
	NOT-FOR-US: Joomla!
CVE-2020-13761 (In Joomla! before 3.9.19, lack of input validation in the heading tag  ...)
	NOT-FOR-US: Joomla!
CVE-2020-13760 (In Joomla! before 3.9.19, missing token checks in com_postinstall lead ...)
	NOT-FOR-US: Joomla!
CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The prb_calc ...)
	- linux 5.4.8-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe
CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...)
	{DSA-4698-1 DLA-2242-1}
	- linux 4.19.37-1
	[jessie] - linux 3.16.72-1
	NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux  ...)
	- linux 5.6.7-1
	NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983
CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...)
	NOT-FOR-US: rust-vmm
CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
	NOT-FOR-US: Bitrix24
CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of  ...)
	- python-rsa <unfixed> (bug #962142)
	[buster] - python-rsa <no-dsa> (Minor issue)
	[stretch] - python-rsa <no-dsa> (Minor issue)
	[jessie] - python-rsa <no-dsa> (No reverse dependencies)
	NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
	NOT-FOR-US: Sabberworm PHP CSS Parser
CVE-2020-13755
	RESERVED
CVE-2020-13753
	RESERVED
CVE-2020-13752
	RESERVED
CVE-2020-13751
	RESERVED
CVE-2020-13750
	RESERVED
CVE-2020-13749
	RESERVED
CVE-2020-13748
	RESERVED
CVE-2020-13747
	RESERVED
CVE-2020-13746
	RESERVED
CVE-2020-13745
	RESERVED
CVE-2020-13744
	RESERVED
CVE-2020-13743
	RESERVED
CVE-2020-13742
	RESERVED
CVE-2020-13741
	RESERVED
CVE-2020-13740
	RESERVED
CVE-2020-13739
	RESERVED
CVE-2020-13738
	RESERVED
CVE-2020-13737
	RESERVED
CVE-2020-13736
	RESERVED
CVE-2020-13735
	RESERVED
CVE-2020-13734
	RESERVED
CVE-2020-13733
	RESERVED
CVE-2020-13732
	RESERVED
CVE-2020-13731
	RESERVED
CVE-2020-13730
	RESERVED
CVE-2020-13729
	RESERVED
CVE-2020-13728
	RESERVED
CVE-2020-13727
	RESERVED
CVE-2020-13726
	RESERVED
CVE-2020-13725
	RESERVED
CVE-2020-13724
	RESERVED
CVE-2020-13723
	RESERVED
CVE-2020-13722
	RESERVED
CVE-2020-13721
	RESERVED
CVE-2020-13720
	RESERVED
CVE-2020-13719
	RESERVED
CVE-2020-13718
	RESERVED
CVE-2020-13717
	RESERVED
CVE-2020-13716
	RESERVED
CVE-2020-13715
	RESERVED
CVE-2020-13714
	RESERVED
CVE-2020-13713
	RESERVED
CVE-2020-13712
	RESERVED
CVE-2020-13711
	RESERVED
CVE-2020-13710
	RESERVED
CVE-2020-13709
	RESERVED
CVE-2020-13708
	RESERVED
CVE-2020-13707
	RESERVED
CVE-2020-13706
	RESERVED
CVE-2020-13705
	RESERVED
CVE-2020-13704
	RESERVED
CVE-2020-13703
	RESERVED
CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...)
	NOT-FOR-US: Compound Finance Compound Price Oracle
CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
	- qemu 1:5.0-6
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
	NOT-FOR-US: Apple/Google Exposure Notification API
CVE-2020-13701
	RESERVED
CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...)
	NOT-FOR-US: acf-to-rest-api plugin for WordPress
CVE-2020-13699
	RESERVED
CVE-2020-13698
	RESERVED
CVE-2020-13697
	RESERVED
CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...)
	{DLA-2246-1}
	- xawtv <unfixed> (bug #962221)
	[stretch] - xawtv <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6
	NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
	NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292
	NOTE: But those sill allow to test for arbitrary files and would need:
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6/1
CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
	NOT-FOR-US: QuickBox
CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
	NOT-FOR-US: QuickBox
CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
	NOT-FOR-US: bbPress plugin for WordPress
CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...)
	- libpgjava <unfixed> (low; bug #962828)
	[buster] - libpgjava <no-dsa> (Minor issue)
	[stretch] - libpgjava <no-dsa> (Minor issue)
	[jessie] - libpgjava <no-dsa> (Minor issue)
	NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
CVE-2020-13691
	RESERVED
CVE-2020-13690
	RESERVED
CVE-2020-13689
	RESERVED
CVE-2020-13688
	RESERVED
CVE-2020-13687
	RESERVED
CVE-2020-13686
	RESERVED
CVE-2020-13685
	RESERVED
CVE-2020-13684
	RESERVED
CVE-2020-13683
	RESERVED
CVE-2020-13682
	RESERVED
CVE-2020-13681
	RESERVED
CVE-2020-13680
	RESERVED
CVE-2020-13679
	RESERVED
CVE-2020-13678
	RESERVED
CVE-2020-13677
	RESERVED
CVE-2020-13676
	RESERVED
CVE-2020-13675
	RESERVED
CVE-2020-13674
	RESERVED
CVE-2020-13673
	RESERVED
CVE-2020-13672
	RESERVED
CVE-2020-13671
	RESERVED
CVE-2020-13670
	RESERVED
CVE-2020-13669
	RESERVED
CVE-2020-13668
	RESERVED
CVE-2020-13667
	RESERVED
CVE-2020-13666
	RESERVED
CVE-2020-13665
	RESERVED
	- drupal7 <not-affected> (Drupal 7 not affected)
	NOTE: https://www.drupal.org/sa-core-2020-006
CVE-2020-13664
	RESERVED
	- drupal7 <not-affected> (Drupal 7 not affected)
	NOTE: https://www.drupal.org/sa-core-2020-005
CVE-2020-13663 [Drupal SA 2020-004]
	RESERVED
	{DSA-4706-1 DLA-2263-1}
	- drupal7 <removed>
	NOTE: https://www.drupal.org/sa-core-2020-004
	NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006
CVE-2020-13661
	RESERVED
CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
	NOT-FOR-US: CMS Made Simple
CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
	- qemu 1:5.0-6
	[buster] - qemu <postponed> (Minor issue)
	[stretch] - qemu <postponed> (Minor issue)
	NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
CVE-2020-13658
	RESERVED
CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...)
	NOT-FOR-US: Avast
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation  ...)
	NOT-FOR-US: Hobbes
CVE-2020-13655
	RESERVED
CVE-2020-13654
	RESERVED
CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...)
	NOT-FOR-US: Zimbra
CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
	NOT-FOR-US: DigDash
CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
	NOT-FOR-US: DigDash
CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1  ...)
	NOT-FOR-US: DigDash
CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...)
	NOT-FOR-US: JerryScript
CVE-2020-13648
	RESERVED
CVE-2020-13647
	RESERVED
CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local ...)
	NOT-FOR-US: cheetah free wifi
CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
	- glib-networking 2.64.3-2 (bug #961756)
	[buster] - glib-networking <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
	NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility
	NOTE: update as well for balsa (cf. https://bugs.debian.org/961792)
CVE-2019-20808 [out-of-bounds read in ati_cursor_define() function in hw/display/ati.c leads to DoS]
	RESERVED
	- qemu 1:4.2-1
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0)
CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode  ...)
	- vim 2:8.1.2136-1
	[buster] - vim <no-dsa> (Minor issue)
	[stretch] - vim <no-dsa> (Minor issue)
	[jessie] - vim <no-dsa> (Minor issue)
	NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075
CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...)
	NOT-FOR-US: Accordion plugin for WordPress
CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
	NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
	NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...)
	NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...)
	NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
CVE-2020-13639
	RESERVED
CVE-2020-13638
	RESERVED
CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...)
	NOT-FOR-US: stashcat app
CVE-2020-13636
	RESERVED
CVE-2020-13635
	RESERVED
CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
	NOT-FOR-US: Fork CMS
CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
	- sqlite3 3.32.0-1
	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
	NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name  ...)
	- sqlite3 3.32.0-1
	[jessie] - sqlite3 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
	NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7
CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
	- sqlite3 3.32.0-1
	[jessie] - sqlite3 <not-affected> (Vulnerable code not found)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
	NOTE: https://sqlite.org/src/info/0d69f76f0865f962
CVE-2020-13629
	RESERVED
CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
	- centreon-web <itp> (bug #913903)
CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
	- centreon-web <itp> (bug #913903)
CVE-2020-13626
	RESERVED
CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
	{DLA-2244-1}
	- libphp-phpmailer 6.1.6-1 (bug #962827)
	NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
	NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
CVE-2020-13624
	RESERVED
CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
	NOT-FOR-US: JerryScript
CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
	NOT-FOR-US: JerryScript
CVE-2020-13621
	RESERVED
CVE-2020-13620
	RESERVED
CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...)
	NOT-FOR-US: Locutus PHP
CVE-2020-13618
	RESERVED
CVE-2020-13617
	RESERVED
CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
	NOT-FOR-US: pichi
CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification  ...)
	NOT-FOR-US: Qore
CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...)
	- axel 2.17.8-1
	[buster] - axel <no-dsa> (Minor issue)
	[stretch] - axel <no-dsa> (Minor issue)
	[jessie] - axel <not-affected> (SSL/TLS implemented from v2.10. But without ssl support is a major drawback)
	NOTE: https://github.com/axel-download-accelerator/axel/issues/262
CVE-2020-13613
	RESERVED
CVE-2020-13612
	RESERVED
CVE-2020-13611
	RESERVED
CVE-2020-13610
	RESERVED
CVE-2020-13609
	RESERVED
CVE-2020-13608
	RESERVED
CVE-2020-13607
	RESERVED
CVE-2020-13606
	RESERVED
CVE-2020-13605
	RESERVED
CVE-2020-13604
	RESERVED
CVE-2020-13603
	RESERVED
CVE-2020-13602
	RESERVED
CVE-2020-13601
	RESERVED
CVE-2020-13600
	RESERVED
CVE-2020-13599
	RESERVED
CVE-2020-13598
	RESERVED
CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
	NOT-FOR-US: Calico
CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
	{DSA-4705-1 DLA-2233-1}
	- python-django 2:2.2.13-1 (bug #962323)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
	NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)
	NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch)
	NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch)
	NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch)
CVE-2020-13595
	RESERVED
CVE-2020-13594
	RESERVED
CVE-2020-13593
	RESERVED
CVE-2020-13662 [Drupal SA 2020-003]
	RESERVED
	{DSA-4693-1 DLA-2250-1}
	- drupal7 <removed>
	NOTE: https://www.drupal.org/sa-core-2020-003
	NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072
CVE-2020-13592
	RESERVED
CVE-2020-13591
	RESERVED
CVE-2020-13590
	RESERVED
CVE-2020-13589
	RESERVED
CVE-2020-13588
	RESERVED
CVE-2020-13587
	RESERVED
CVE-2020-13586
	RESERVED
CVE-2020-13585
	RESERVED
CVE-2020-13584
	RESERVED
CVE-2020-13583
	RESERVED
CVE-2020-13582
	RESERVED
CVE-2020-13581
	RESERVED
CVE-2020-13580
	RESERVED
CVE-2020-13579
	RESERVED
CVE-2020-13578
	RESERVED
CVE-2020-13577
	RESERVED
CVE-2020-13576
	RESERVED
CVE-2020-13575
	RESERVED
CVE-2020-13574
	RESERVED
CVE-2020-13573
	RESERVED
CVE-2020-13572
	RESERVED
CVE-2020-13571
	RESERVED
CVE-2020-13570
	RESERVED
CVE-2020-13569
	RESERVED
CVE-2020-13568
	RESERVED
CVE-2020-13567
	RESERVED
CVE-2020-13566
	RESERVED
CVE-2020-13565
	RESERVED
CVE-2020-13564
	RESERVED
CVE-2020-13563
	RESERVED
CVE-2020-13562
	RESERVED
CVE-2020-13561
	RESERVED
CVE-2020-13560
	RESERVED
CVE-2020-13559
	RESERVED
CVE-2020-13558
	RESERVED
CVE-2020-13557
	RESERVED
CVE-2020-13556
	RESERVED
CVE-2020-13555
	RESERVED
CVE-2020-13554
	RESERVED
CVE-2020-13553
	RESERVED
CVE-2020-13552
	RESERVED
CVE-2020-13551
	RESERVED
CVE-2020-13550
	RESERVED
CVE-2020-13549
	RESERVED
CVE-2020-13548
	RESERVED
CVE-2020-13547
	RESERVED
CVE-2020-13546
	RESERVED
CVE-2020-13545
	RESERVED
CVE-2020-13544
	RESERVED
CVE-2020-13543
	RESERVED
CVE-2020-13542
	RESERVED
CVE-2020-13541
	RESERVED
CVE-2020-13540
	RESERVED
CVE-2020-13539
	RESERVED
CVE-2020-13538
	RESERVED
CVE-2020-13537
	RESERVED
CVE-2020-13536
	RESERVED
CVE-2020-13535
	RESERVED
CVE-2020-13534
	RESERVED
CVE-2020-13533
	RESERVED
CVE-2020-13532
	RESERVED
CVE-2020-13531
	RESERVED
CVE-2020-13530
	RESERVED
CVE-2020-13529
	RESERVED
CVE-2020-13528
	RESERVED
CVE-2020-13527
	RESERVED
CVE-2020-13526
	RESERVED
CVE-2020-13525
	RESERVED
CVE-2020-13524
	RESERVED
CVE-2020-13523
	RESERVED
CVE-2020-13522
	RESERVED
CVE-2020-13521
	RESERVED
CVE-2020-13520
	RESERVED
CVE-2020-13519
	RESERVED
CVE-2020-13518
	RESERVED
CVE-2020-13517
	RESERVED
CVE-2020-13516
	RESERVED
CVE-2020-13515
	RESERVED
CVE-2020-13514
	RESERVED
CVE-2020-13513
	RESERVED
CVE-2020-13512
	RESERVED
CVE-2020-13511
	RESERVED
CVE-2020-13510
	RESERVED
CVE-2020-13509
	RESERVED
CVE-2020-13508
	RESERVED
CVE-2020-13507
	RESERVED
CVE-2020-13506
	RESERVED
CVE-2020-13505
	RESERVED
CVE-2020-13504
	RESERVED
CVE-2020-13503
	RESERVED
CVE-2020-13502
	RESERVED
CVE-2020-13501
	RESERVED
CVE-2020-13500
	RESERVED
CVE-2020-13499
	RESERVED
CVE-2020-13498
	RESERVED
CVE-2020-13497
	RESERVED
CVE-2020-13496
	RESERVED
CVE-2020-13495
	RESERVED
CVE-2020-13494
	RESERVED
CVE-2020-13493
	RESERVED
CVE-2020-13492
	RESERVED
CVE-2020-13491
	RESERVED
CVE-2020-13490
	RESERVED
CVE-2020-13489
	RESERVED
CVE-2020-13488
	RESERVED
CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...)
	NOT-FOR-US: Wordpress plugin
CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
	NOT-FOR-US: Craft CMS plugin
CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist  ...)
	NOT-FOR-US: Craft CMS plugin
CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...)
	NOT-FOR-US: Bitrix24
CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...)
	NOT-FOR-US: Bitrix24
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
	NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481
	RESERVED
CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
	NOT-FOR-US: Verint Workforce Optimization (WFO)
CVE-2020-13479
	RESERVED
CVE-2020-13478
	RESERVED
CVE-2020-13477
	RESERVED
CVE-2020-13476
	RESERVED
CVE-2020-13475
	RESERVED
CVE-2020-13474
	RESERVED
CVE-2020-13473
	RESERVED
CVE-2020-13472
	RESERVED
CVE-2020-13471
	RESERVED
CVE-2020-13470
	RESERVED
CVE-2020-13469
	RESERVED
CVE-2020-13468
	RESERVED
CVE-2020-13467
	RESERVED
CVE-2020-13466
	RESERVED
CVE-2020-13465
	RESERVED
CVE-2020-13464
	RESERVED
CVE-2020-13463
	RESERVED
CVE-2020-13462
	RESERVED
CVE-2020-13461
	RESERVED
CVE-2020-13460
	RESERVED
CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...)
	NOT-FOR-US: Image Resizer plugin for Craft CMS
CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...)
	NOT-FOR-US: Image Resizer plugin for Craft CMS
CVE-2020-13457
	RESERVED
CVE-2020-13456
	RESERVED
CVE-2020-13455
	RESERVED
CVE-2020-13454
	RESERVED
CVE-2020-13453
	RESERVED
CVE-2020-13452
	RESERVED
CVE-2020-13451
	RESERVED
CVE-2020-13450
	RESERVED
CVE-2020-13449
	RESERVED
CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...)
	NOT-FOR-US: QuickBox
CVE-2020-13447
	RESERVED
CVE-2020-13446
	RESERVED
CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...)
	NOT-FOR-US: Liferay
CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...)
	NOT-FOR-US: Liferay
CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...)
	NOT-FOR-US: ExpressionEngine
CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...)
	NOT-FOR-US: DEXT5
CVE-2020-13441
	RESERVED
CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...)
	NOT-FOR-US: ffjpeg
CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...)
	NOT-FOR-US: ffjpeg
CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...)
	NOT-FOR-US: ffjpeg
CVE-2020-13437
	RESERVED
CVE-2020-13436
	RESERVED
CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...)
	- sqlite3 3.32.1-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1
	NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1
	NOTE: https://www.sqlite.org/src/info/572105de1d44bca4
CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf  ...)
	{DLA-2221-1}
	- sqlite3 3.32.1-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://www.sqlite.org/src/info/23439ea582241138
	NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
	NOT-FOR-US: Jason2605 AdminPanel
CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
	NOT-FOR-US: Rejetto HTTP File Server
CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...)
	- i2p <not-affected> (Windows-specific)
CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
	- grafana <removed>
	NOTE: https://github.com/grafana/grafana/pull/24539
CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
	NOT-FOR-US: piechart-panel plugin for Grafana
CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...)
	{DSA-4704-1}
	- vlc 3.0.11-1
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
	NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
	NOT-FOR-US: Victor CMS
CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
	NOT-FOR-US: Multi-Scheduler plugin for WordPress
CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep  ...)
	NOT-FOR-US: TrackR
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
	NOT-FOR-US: Joomla addon
CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
	NOT-FOR-US: Form Builder for Magento
CVE-2020-13422
	RESERVED
CVE-2020-13421
	RESERVED
CVE-2020-13420
	RESERVED
CVE-2020-13419
	RESERVED
CVE-2020-13418
	RESERVED
CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client  ...)
	NOT-FOR-US: Aviatrix
CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...)
	NOT-FOR-US: Aviatrix
CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...)
	NOT-FOR-US: Aviatrix
CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...)
	NOT-FOR-US: Aviatrix
CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There  ...)
	NOT-FOR-US: Aviatrix
CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...)
	NOT-FOR-US: Aviatrix
CVE-2020-13411
	RESERVED
CVE-2020-13410
	RESERVED
CVE-2020-13409
	RESERVED
CVE-2020-13408
	RESERVED
CVE-2020-13407
	RESERVED
CVE-2020-13406
	RESERVED
CVE-2020-13405
	RESERVED
CVE-2020-13404
	RESERVED
CVE-2020-13403
	RESERVED
CVE-2020-13402
	RESERVED
CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An attacker  ...)
	{DSA-4716-1}
	- docker.io 19.03.11+dfsg1-1 (bug #962141)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233
	NOTE: https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6
CVE-2020-13400
	RESERVED
CVE-2020-13399
	RESERVED
CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
CVE-2020-13395
	RESERVED
CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
	NOT-FOR-US: Tenda devices
CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
	NOT-FOR-US: Tenda devices
CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
	NOT-FOR-US: Tenda devices
CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
	NOT-FOR-US: Tenda devices
CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
	NOT-FOR-US: Tenda devices
CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
	NOT-FOR-US: Tenda devices
CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
	NOT-FOR-US: jw.util
CVE-2020-13387
	RESERVED
CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
	NOT-FOR-US: SmartDraw
CVE-2020-13385
	RESERVED
CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
	NOT-FOR-US: Monstra CMS
CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...)
	NOT-FOR-US: openSIS
CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...)
	NOT-FOR-US: openSIS
CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...)
	NOT-FOR-US: openSIS
CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...)
	NOT-FOR-US: openSIS
CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...)
	- grafana <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
	NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
CVE-2020-13378
	RESERVED
CVE-2020-13377
	RESERVED
CVE-2020-13376
	RESERVED
CVE-2020-13375
	RESERVED
CVE-2020-13374
	RESERVED
CVE-2020-13373
	RESERVED
CVE-2020-13372
	RESERVED
CVE-2020-13371
	RESERVED
CVE-2020-13370
	RESERVED
CVE-2020-13369
	RESERVED
CVE-2020-13368
	RESERVED
CVE-2020-13367
	RESERVED
CVE-2020-13366
	RESERVED
CVE-2020-13365
	RESERVED
CVE-2020-13364
	RESERVED
CVE-2020-13363
	RESERVED
CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
	{DLA-2262-1}
	- qemu 1:5.0-6 (bug #961887)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c  ...)
	{DLA-2262-1}
	- qemu 1:5.0-6 (bug #961888)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
	{DSA-4698-1 DLA-2242-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.118-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528
CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...)
	- upx-ucl 3.96-1 (unimportant)
	NOTE: https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010
	NOTE: https://github.com/upx/upx/issues/317
CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...)
	NOT-FOR-US: Gila CMS
CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...)
	NOT-FOR-US: Gila CMS
CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...)
	- jodd <unfixed> (bug #961298)
	[buster] - jodd <no-dsa> (Minor issue)
	NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16
	NOTE: https://github.com/oblac/jodd/issues/628
CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...)
	NOT-FOR-US: Digi XBee 2 devices
CVE-2020-13360
	RESERVED
CVE-2020-13359
	RESERVED
CVE-2020-13358
	RESERVED
CVE-2020-13357
	RESERVED
CVE-2020-13356
	RESERVED
CVE-2020-13355
	RESERVED
CVE-2020-13354
	RESERVED
CVE-2020-13353
	RESERVED
CVE-2020-13352
	RESERVED
CVE-2020-13351
	RESERVED
CVE-2020-13350
	RESERVED
CVE-2020-13349
	RESERVED
CVE-2020-13348
	RESERVED
CVE-2020-13347
	RESERVED
CVE-2020-13346
	RESERVED
CVE-2020-13345
	RESERVED
CVE-2020-13344
	RESERVED
CVE-2020-13343
	RESERVED
CVE-2020-13342
	RESERVED
CVE-2020-13341
	RESERVED
CVE-2020-13340
	RESERVED
CVE-2020-13339
	RESERVED
CVE-2020-13338
	RESERVED
CVE-2020-13337
	RESERVED
CVE-2020-13336
	RESERVED
CVE-2020-13335
	RESERVED
CVE-2020-13334
	RESERVED
CVE-2020-13333
	RESERVED
CVE-2020-13332
	RESERVED
CVE-2020-13331
	RESERVED
CVE-2020-13330
	RESERVED
CVE-2020-13329
	RESERVED
CVE-2020-13328
	RESERVED
CVE-2020-13327
	RESERVED
CVE-2020-13326
	RESERVED
CVE-2020-13325
	RESERVED
CVE-2020-13324
	RESERVED
CVE-2020-13323
	RESERVED
CVE-2020-13322
	RESERVED
CVE-2020-13321
	RESERVED
CVE-2020-13320
	RESERVED
CVE-2020-13319
	RESERVED
CVE-2020-13318
	RESERVED
CVE-2020-13317
	RESERVED
CVE-2020-13316
	RESERVED
CVE-2020-13315
	RESERVED
CVE-2020-13314
	RESERVED
CVE-2020-13313
	RESERVED
CVE-2020-13312
	RESERVED
CVE-2020-13311
	RESERVED
CVE-2020-13310
	RESERVED
CVE-2020-13309
	RESERVED
CVE-2020-13308
	RESERVED
CVE-2020-13307
	RESERVED
CVE-2020-13306
	RESERVED
CVE-2020-13305
	RESERVED
CVE-2020-13304
	RESERVED
CVE-2020-13303
	RESERVED
CVE-2020-13302
	RESERVED
CVE-2020-13301
	RESERVED
CVE-2020-13300
	RESERVED
CVE-2020-13299
	RESERVED
CVE-2020-13298
	RESERVED
CVE-2020-13297
	RESERVED
CVE-2020-13296
	RESERVED
CVE-2020-13295
	RESERVED
CVE-2020-13294
	RESERVED
CVE-2020-13293
	RESERVED
CVE-2020-13292
	RESERVED
CVE-2020-13291
	RESERVED
CVE-2020-13290
	RESERVED
CVE-2020-13289
	RESERVED
CVE-2020-13288
	RESERVED
CVE-2020-13287
	RESERVED
CVE-2020-13286
	RESERVED
CVE-2020-13285
	RESERVED
CVE-2020-13284
	RESERVED
CVE-2020-13283
	RESERVED
CVE-2020-13282
	RESERVED
CVE-2020-13281
	RESERVED
CVE-2020-13280
	RESERVED
CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
	NOT-FOR-US: gitlab-vscode-extension
CVE-2020-13278
	RESERVED
CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
	- gitlab <unfixed>
CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...)
	- gitlab <unfixed>
CVE-2020-13275 (A user with an unverified email address could request an access to dom ...)
	- gitlab <not-affected> (Specific to EE)
CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...)
	- gitlab <unfixed>
CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...)
	- gitlab <unfixed>
CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...)
	- gitlab <unfixed>
CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...)
	- gitlab <unfixed>
CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...)
	- gitlab <unfixed>
CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...)
	- gitlab <unfixed>
CVE-2020-13268 (A specially crafted request could be used to confirm the existence of  ...)
	- gitlab <unfixed>
CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...)
	- gitlab <unfixed>
CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
	- gitlab <unfixed>
CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through  ...)
	- gitlab <unfixed>
CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...)
	- gitlab <unfixed>
CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...)
	- gitlab <not-affected> (Specific to EE)
CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...)
	- gitlab <unfixed>
CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...)
	- gitlab <unfixed>
CVE-2020-13260
	RESERVED
CVE-2020-13259
	RESERVED
CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
	NOT-FOR-US: Contentful
CVE-2020-13257
	RESERVED
CVE-2020-13256
	RESERVED
CVE-2020-13255
	RESERVED
CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
	{DSA-4705-1 DLA-2233-1}
	- python-django 2:2.2.13-1 (bug #962323)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
	NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master)
	NOTE: https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch)
	NOTE: https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch)
	NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch)
	NOTE: Regression https://code.djangoproject.com/ticket/31654
CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
	- qemu 1:5.0-6 (bug #961297)
	[buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
	[stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2
	NOTE: https://bugs.launchpad.net/qemu/+bug/1880822
CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary  ...)
	- centreon-web <itp> (bug #913903)
CVE-2020-13251
	RESERVED
CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...)
	- consul 1.7.4+dfsg1-1
	[buster] - consul <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
	NOTE: https://github.com/hashicorp/consul/pull/8023
CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not  ...)
	- mariadb-10.3 1:10.3.23-1
	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
	- mariadb-10.1 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8)
	NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0)
CVE-2020-13248 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...)
	NOT-FOR-US: BooleBox Secure File Sharing Utility
CVE-2020-13247 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...)
	NOT-FOR-US: BooleBox Secure File Sharing Utility
CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...)
	- gitea <removed>
CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...)
	NOT-FOR-US: Netgear
CVE-2020-13244
	RESERVED
CVE-2020-13243
	RESERVED
CVE-2020-13242
	RESERVED
CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...)
	NOT-FOR-US: Microweber
CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...)
	- dolibarr <removed>
CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...)
	- dolibarr <removed>
CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-13237
	RESERVED
CVE-2020-13236
	RESERVED
CVE-2020-13235
	RESERVED
CVE-2020-13234
	RESERVED
CVE-2020-13233
	RESERVED
CVE-2020-13232
	RESERVED
CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...)
	- cacti 1.2.11+ds1-1
	[buster] - cacti <no-dsa> (Minor issue)
	[stretch] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/3342
CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately  ...)
	- cacti 1.2.11+ds1-1
	[buster] - cacti <no-dsa> (Minor issue)
	[stretch] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/3343
CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2020-13228 (An issue was discovered in Sysax Multi Server 6.90. There is reflected ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2020-13227 (An issue was discovered in Sysax Multi Server 6.90. An attacker can de ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/issues/3025
CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...)
	NOT-FOR-US: TP-LINK
CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1. ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2020-13222
	RESERVED
CVE-2020-13221
	RESERVED
CVE-2020-13220
	RESERVED
CVE-2020-13219
	RESERVED
CVE-2020-13218
	RESERVED
CVE-2020-13217
	RESERVED
CVE-2020-13216
	RESERVED
CVE-2020-13215
	RESERVED
CVE-2020-13214
	RESERVED
CVE-2020-13213
	RESERVED
CVE-2020-13212
	RESERVED
CVE-2020-13211
	RESERVED
CVE-2020-13210
	RESERVED
CVE-2020-13209
	RESERVED
CVE-2020-13208
	RESERVED
CVE-2020-13207
	RESERVED
CVE-2020-13206
	RESERVED
CVE-2020-13205
	RESERVED
CVE-2020-13204
	RESERVED
CVE-2020-13203
	RESERVED
CVE-2020-13202
	RESERVED
CVE-2020-13201
	RESERVED
CVE-2020-13200
	RESERVED
CVE-2020-13199
	RESERVED
CVE-2020-13198
	RESERVED
CVE-2020-13197
	RESERVED
CVE-2020-13196
	RESERVED
CVE-2020-13195
	RESERVED
CVE-2020-13194
	RESERVED
CVE-2020-13193
	RESERVED
CVE-2020-13192
	RESERVED
CVE-2020-13191
	RESERVED
CVE-2020-13190
	RESERVED
CVE-2020-13189
	RESERVED
CVE-2020-13188
	RESERVED
CVE-2020-13187
	RESERVED
CVE-2020-13186
	RESERVED
CVE-2020-13185
	RESERVED
CVE-2020-13184
	RESERVED
CVE-2020-13183
	RESERVED
CVE-2020-13182
	RESERVED
CVE-2020-13181
	RESERVED
CVE-2020-13180
	RESERVED
CVE-2020-13179
	RESERVED
CVE-2020-13178
	RESERVED
CVE-2020-13177
	RESERVED
CVE-2020-13176
	RESERVED
CVE-2020-13175
	RESERVED
CVE-2020-13174
	RESERVED
CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...)
	NOT-FOR-US: Teradici
CVE-2020-13172
	RESERVED
CVE-2020-13171
	RESERVED
CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...)
	- consul 1.7.4+dfsg1-1
	[buster] - consul <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
	NOTE: https://github.com/hashicorp/consul/pull/8068
CVE-2020-13169
	RESERVED
CVE-2020-13168
	RESERVED
CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution  ...)
	NOT-FOR-US: Netsweeper
CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...)
	NOT-FOR-US: MyLittleAdmin
CVE-2020-13165
	RESERVED
CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...)
	- wireshark 3.2.4-1 (low)
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	[jessie] - wireshark <postponed> (Can be fixed along with other CVEs)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html
CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...)
	NOT-FOR-US: em-imap
CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...)
	NOT-FOR-US: Pulse Secure Client
CVE-2020-13161
	RESERVED
CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
	NOT-FOR-US: AnyDesk
CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...)
	NOT-FOR-US: Artica Proxy
CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...)
	NOT-FOR-US: Artica Proxy
CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a u ...)
	NOT-FOR-US: NukeViet
CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a  ...)
	NOT-FOR-US: NukeViet
CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML inject ...)
	NOT-FOR-US: NukeViet
CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...)
	NOT-FOR-US: Zoho
CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
	NOT-FOR-US: MISP
CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist  ...)
	- amarok <removed> (unimportant)
	NOTE: Elevated resource usage in client application, no security impact
CVE-2020-13151
	RESERVED
CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...)
	NOT-FOR-US: D-link
CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
	NOT-FOR-US: Dragon Center
CVE-2020-13148
	RESERVED
CVE-2020-13147
	RESERVED
CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added  ...)
	NOT-FOR-US: Studio in Open edX Ironwood
CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...)
	NOT-FOR-US: Studio in Open edX Ironwood
CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...)
	NOT-FOR-US: Studio in Open edX Ironwood
CVE-2020-13142
	RESERVED
CVE-2020-13141
	RESERVED
CVE-2020-13140
	RESERVED
CVE-2020-13139
	RESERVED
CVE-2020-13138
	RESERVED
CVE-2020-13137
	RESERVED
CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...)
	NOT-FOR-US: D-Link
CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...)
	NOT-FOR-US: D-Link
CVE-2020-13134
	RESERVED
CVE-2020-13133
	RESERVED
CVE-2020-13132
	RESERVED
CVE-2020-13131
	RESERVED
CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.6.14-1
	NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
CVE-2020-13130
	RESERVED
CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...)
	NOT-FOR-US: stashcat app for MacOS
CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...)
	NOT-FOR-US: Manolo GWTUpload
CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 6.9.7 for  ...)
	NOT-FOR-US: Readdle Documents
CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 6.9.7 for  ...)
	NOT-FOR-US: Readdle Documents
CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an out-of-bo ...)
	- cherokee <removed>
CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors may be  ...)
	- cherokee <removed>
CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...)
	- cherokee <removed>
CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer  ...)
	- prboom-plus 2:2.5.1.7um+git82-1 (bug #961031)
	[buster] - prboom-plus <no-dsa> (Minor issue)
	[stretch] - prboom-plus <no-dsa> (Minor issue)
	[jessie] - prboom-plus <end-of-life> (games are not supported)
	NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html
	NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/
	NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/
CVE-2020-13127
	RESERVED
CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...)
	NOT-FOR-US: Elementor Pro plugin for WordPress
CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin  ...)
	NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress
CVE-2020-13124
	RESERVED
CVE-2020-13123
	RESERVED
CVE-2020-13122
	RESERVED
CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...)
	NOT-FOR-US: Submitty
CVE-2020-13120
	RESERVED
CVE-2020-13119
	RESERVED
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
	NOT-FOR-US: Mikrotik-Router-Monitoring-System
CVE-2020-13117
	RESERVED
CVE-2020-13116
	RESERVED
CVE-2020-13115
	RESERVED
CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
	{DLA-2222-1}
	- libexif 0.6.21-9 (bug #961410)
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
	{DLA-2222-1}
	- libexif 0.6.21-9 (bug #961409)
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
	{DLA-2222-1}
	- libexif 0.6.21-9 (bug #961407)
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22)
CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
	NOT-FOR-US: NaviServer
CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...)
	NOT-FOR-US: Node kerberos
CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...)
	NOT-FOR-US: Morita Shogi
CVE-2020-13108
	RESERVED
CVE-2020-13107
	RESERVED
CVE-2020-13106
	RESERVED
CVE-2020-13105
	RESERVED
CVE-2020-13104
	RESERVED
CVE-2020-13103
	RESERVED
CVE-2020-13102
	RESERVED
CVE-2020-13101
	RESERVED
CVE-2020-13100
	RESERVED
CVE-2020-13099
	RESERVED
CVE-2020-13098
	RESERVED
CVE-2020-13097
	RESERVED
CVE-2020-13096
	RESERVED
CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...)
	NOT-FOR-US: Little Snitch
CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
	- dolibarr <removed>
CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
	NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...)
	- scikit-learn <unfixed> (unimportant)
CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...)
	- pandas <unfixed> (unimportant)
CVE-2020-13090
	RESERVED
CVE-2020-13089
	RESERVED
CVE-2020-13088
	RESERVED
CVE-2020-13087
	RESERVED
CVE-2020-13086
	RESERVED
CVE-2020-13085
	RESERVED
CVE-2020-13084
	RESERVED
CVE-2020-13083
	RESERVED
CVE-2020-13082
	RESERVED
CVE-2020-13081
	RESERVED
CVE-2020-13080
	RESERVED
CVE-2020-13079
	RESERVED
CVE-2020-13078
	RESERVED
CVE-2020-13077
	RESERVED
CVE-2020-13076
	RESERVED
CVE-2020-13075
	RESERVED
CVE-2020-13074
	RESERVED
CVE-2020-13073
	RESERVED
CVE-2020-13072
	RESERVED
CVE-2020-13071
	RESERVED
CVE-2020-13070
	RESERVED
CVE-2020-13069
	RESERVED
CVE-2020-13068
	RESERVED
CVE-2020-13067
	RESERVED
CVE-2020-13066
	RESERVED
CVE-2020-13065
	RESERVED
CVE-2020-13064
	RESERVED
CVE-2020-13063
	RESERVED
CVE-2020-13062
	RESERVED
CVE-2020-13061
	RESERVED
CVE-2020-13060
	RESERVED
CVE-2020-13059
	RESERVED
CVE-2020-13058
	RESERVED
CVE-2020-13057
	RESERVED
CVE-2020-13056
	RESERVED
CVE-2020-13055
	RESERVED
CVE-2020-13054
	RESERVED
CVE-2020-13053
	RESERVED
CVE-2020-13052
	RESERVED
CVE-2020-13051
	RESERVED
CVE-2020-13050
	RESERVED
CVE-2020-13049
	RESERVED
CVE-2020-13048
	RESERVED
CVE-2020-13047
	RESERVED
CVE-2020-13046
	RESERVED
CVE-2020-13045
	RESERVED
CVE-2020-13044
	RESERVED
CVE-2020-13043
	RESERVED
CVE-2020-13042
	RESERVED
CVE-2020-13041
	RESERVED
CVE-2020-13040
	RESERVED
CVE-2020-13039
	RESERVED
CVE-2020-13038
	RESERVED
CVE-2020-13037
	RESERVED
CVE-2020-13036
	RESERVED
CVE-2020-13035
	RESERVED
CVE-2020-13034
	RESERVED
CVE-2020-13033
	RESERVED
CVE-2020-13032
	RESERVED
CVE-2020-13031
	RESERVED
CVE-2020-13030
	RESERVED
CVE-2020-13029
	RESERVED
CVE-2020-13028
	RESERVED
CVE-2020-13027
	RESERVED
CVE-2020-13026
	RESERVED
CVE-2020-13025
	RESERVED
CVE-2020-13024
	RESERVED
CVE-2020-13023
	RESERVED
CVE-2020-13022
	RESERVED
CVE-2020-13021
	RESERVED
CVE-2020-13020
	RESERVED
CVE-2020-13019
	RESERVED
CVE-2020-13018
	RESERVED
CVE-2020-13017
	RESERVED
CVE-2020-13016
	RESERVED
CVE-2020-13015
	RESERVED
CVE-2020-13014
	RESERVED
CVE-2020-13013
	RESERVED
CVE-2020-13012
	RESERVED
CVE-2020-13011
	RESERVED
CVE-2020-13010
	RESERVED
CVE-2020-13009
	RESERVED
CVE-2020-13008
	RESERVED
CVE-2020-13007
	RESERVED
CVE-2020-13006
	RESERVED
CVE-2020-13005
	RESERVED
CVE-2020-13004
	RESERVED
CVE-2020-13003
	RESERVED
CVE-2020-13002
	RESERVED
CVE-2020-13001
	RESERVED
CVE-2020-13000
	RESERVED
CVE-2020-12999
	RESERVED
CVE-2020-12998
	RESERVED
CVE-2020-12997
	RESERVED
CVE-2020-12996
	RESERVED
CVE-2020-12995
	RESERVED
CVE-2020-12994
	RESERVED
CVE-2020-12993
	RESERVED
CVE-2020-12992
	RESERVED
CVE-2020-12991
	RESERVED
CVE-2020-12990
	RESERVED
CVE-2020-12989
	RESERVED
CVE-2020-12988
	RESERVED
CVE-2020-12987
	RESERVED
CVE-2020-12986
	RESERVED
CVE-2020-12985
	RESERVED
CVE-2020-12984
	RESERVED
CVE-2020-12983
	RESERVED
CVE-2020-12982
	RESERVED
CVE-2020-12981
	RESERVED
CVE-2020-12980
	RESERVED
CVE-2020-12979
	RESERVED
CVE-2020-12978
	RESERVED
CVE-2020-12977
	RESERVED
CVE-2020-12976
	RESERVED
CVE-2020-12975
	RESERVED
CVE-2020-12974
	RESERVED
CVE-2020-12973
	RESERVED
CVE-2020-12972
	RESERVED
CVE-2020-12971
	RESERVED
CVE-2020-12970
	RESERVED
CVE-2020-12969
	RESERVED
CVE-2020-12968
	RESERVED
CVE-2020-12967
	RESERVED
CVE-2020-12966
	RESERVED
CVE-2020-12965
	RESERVED
CVE-2020-12964
	RESERVED
CVE-2020-12963
	RESERVED
CVE-2020-12962
	RESERVED
CVE-2020-12961
	RESERVED
CVE-2020-12960
	RESERVED
CVE-2020-12959
	RESERVED
CVE-2020-12958
	RESERVED
CVE-2020-12957
	RESERVED
CVE-2020-12956
	RESERVED
CVE-2020-12955
	RESERVED
CVE-2020-12954
	RESERVED
CVE-2020-12953
	RESERVED
CVE-2020-12952
	RESERVED
CVE-2020-12951
	RESERVED
CVE-2020-12950
	RESERVED
CVE-2020-12949
	RESERVED
CVE-2020-12948
	RESERVED
CVE-2020-12947
	RESERVED
CVE-2020-12946
	RESERVED
CVE-2020-12945
	RESERVED
CVE-2020-12944
	RESERVED
CVE-2020-12943
	RESERVED
CVE-2020-12942
	RESERVED
CVE-2020-12941
	RESERVED
CVE-2020-12940
	RESERVED
CVE-2020-12939
	RESERVED
CVE-2020-12938
	RESERVED
CVE-2020-12937
	RESERVED
CVE-2020-12936
	RESERVED
CVE-2020-12935
	RESERVED
CVE-2020-12934
	RESERVED
CVE-2020-12933
	RESERVED
CVE-2020-12932
	RESERVED
CVE-2020-12931
	RESERVED
CVE-2020-12930
	RESERVED
CVE-2020-12929
	RESERVED
CVE-2020-12928
	RESERVED
CVE-2020-12927
	RESERVED
CVE-2020-12926
	RESERVED
CVE-2020-12925
	RESERVED
CVE-2020-12924
	RESERVED
CVE-2020-12923
	RESERVED
CVE-2020-12922
	RESERVED
CVE-2020-12921
	RESERVED
CVE-2020-12920
	RESERVED
CVE-2020-12919
	RESERVED
CVE-2020-12918
	RESERVED
CVE-2020-12917
	RESERVED
CVE-2020-12916
	RESERVED
CVE-2020-12915
	RESERVED
CVE-2020-12914
	RESERVED
CVE-2020-12913
	RESERVED
CVE-2020-12912
	RESERVED
CVE-2020-12911
	RESERVED
CVE-2020-12910
	RESERVED
CVE-2020-12909
	RESERVED
CVE-2020-12908
	RESERVED
CVE-2020-12907
	RESERVED
CVE-2020-12906
	RESERVED
CVE-2020-12905
	RESERVED
CVE-2020-12904
	RESERVED
CVE-2020-12903
	RESERVED
CVE-2020-12902
	RESERVED
CVE-2020-12901
	RESERVED
CVE-2020-12900
	RESERVED
CVE-2020-12899
	RESERVED
CVE-2020-12898
	RESERVED
CVE-2020-12897
	RESERVED
CVE-2020-12896
	RESERVED
CVE-2020-12895
	RESERVED
CVE-2020-12894
	RESERVED
CVE-2020-12893
	RESERVED
CVE-2020-12892
	RESERVED
CVE-2020-12891
	RESERVED
CVE-2020-12890
	RESERVED
CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
	NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
	- linux <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...)
	NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...)
	NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...)
	NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...)
	NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...)
	NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...)
	NOT-FOR-US: Submitty
CVE-2020-12881
	RESERVED
CVE-2020-12880
	RESERVED
CVE-2020-12879
	RESERVED
CVE-2020-12878
	RESERVED
CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...)
	NOT-FOR-US: Veritas
CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...)
	NOT-FOR-US: Veritas
CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...)
	NOT-FOR-US: Veritas
CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the  ...)
	NOT-FOR-US: Veritas
CVE-2020-12873
	RESERVED
CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS  ...)
	- erlang 1:21.2.6+dfsg-1 (low)
	[stretch] - erlang <no-dsa> (Minor issue)
	[jessie] - erlang <no-dsa> (Minor issue)
	NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70
	NOTE: https://github.com/erlyaws/yaws/issues/402
	NOTE: In Debian yaws uses the cipher settings from erlang, mark the version which
	NOTE: landed in Buster as fixed (although it was possibly fixed earlier between
	NOTE: Stretch and Buster. The CVE was assigned specifically for yaws, cf. #961422
	NOTE: for discussion.
CVE-2020-12871
	RESERVED
CVE-2020-12870
	RESERVED
CVE-2020-12869
	RESERVED
CVE-2020-12868
	RESERVED
CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...)
	{DLA-2231-1}
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...)
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...)
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...)
	[experimental] - sane-backends 1.0.30-1~experimental1
	- sane-backends <unfixed> (bug #961302)
	[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read
	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...)
	NOT-FOR-US: COVIDSafe
CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...)
	NOT-FOR-US: COVIDSafe
CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...)
	NOT-FOR-US: COVIDSafe
CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...)
	NOT-FOR-US: COVIDSafe
CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...)
	NOT-FOR-US: COVIDSafe
CVE-2020-12855
	RESERVED
CVE-2020-12854
	RESERVED
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user  ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...)
	NOT-FOR-US: Pydio Cells
CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...)
	NOT-FOR-US: Zimbra
CVE-2020-12845
	RESERVED
CVE-2020-12844
	RESERVED
CVE-2020-12843
	RESERVED
CVE-2020-12842
	RESERVED
CVE-2020-12841
	RESERVED
CVE-2020-12840
	RESERVED
CVE-2020-12839
	RESERVED
CVE-2020-12838
	RESERVED
CVE-2020-12837
	RESERVED
CVE-2020-12836
	RESERVED
CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...)
	NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro
CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...)
	NOT-FOR-US: eQ-3 Homematic Central Control Unit
CVE-2020-12833
	RESERVED
CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...)
	NOT-FOR-US: simple-file-list plugin for WordPress
CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...)
	- frr <unfixed> (unimportant)
	NOTE: https://github.com/FRRouting/frr/pull/6383
	NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48
CVE-2020-12830
	RESERVED
CVE-2020-12829
	RESERVED
	- qemu <unfixed> (low; bug #961451)
	[buster] - qemu <no-dsa> (Minor issue)
	[stretch] - qemu <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...)
	NOT-FOR-US: AnchorFree VPN SDK
CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...)
	NOT-FOR-US: MJML
CVE-2019-20796
	RESERVED
CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
	{DLA-2241-1}
	- linux 5.6.7-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da
CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...)
	- libcroco <unfixed> (low; bug #960527)
	[buster] - libcroco <ignored> (Minor issue)
	[stretch] - libcroco <ignored> (Minor issue)
	[jessie] - libcroco <ignored> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
CVE-2020-12824
	RESERVED
CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
	{DLA-2212-1}
	- openconnect 8.10-1 (unimportant; bug #960620)
	NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/108
	NOTE: Only triggerable by local certs, which are under the control of the user
CVE-2020-12822
	RESERVED
CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
	TODO: check
CVE-2020-12820
	RESERVED
CVE-2020-12819
	RESERVED
CVE-2020-12818
	RESERVED
CVE-2020-12817
	RESERVED
CVE-2020-12816
	RESERVED
CVE-2020-12815
	RESERVED
CVE-2020-12814
	RESERVED
CVE-2020-12813
	RESERVED
CVE-2020-12812
	RESERVED
CVE-2020-12811
	RESERVED
CVE-2020-12810
	RESERVED
CVE-2020-12809
	RESERVED
CVE-2020-12808
	RESERVED
CVE-2020-12807
	RESERVED
CVE-2020-12806
	RESERVED
CVE-2020-12805
	RESERVED
CVE-2020-12804
	RESERVED
CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar  ...)
	- libreoffice 1:6.4.4-1 (low)
	[buster] - libreoffice <ignored> (Minor issue)
	[stretch] - libreoffice <ignored> (Minor issue)
	[jessie] - libreoffice <ignored> (Minor issue)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803
CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...)
	- libreoffice 1:6.4.4-1 (low)
	[buster] - libreoffice <ignored> (Minor issue)
	[stretch] - libreoffice <ignored> (Minor issue)
	[jessie] - libreoffice <no-dsa> (Minor issue)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
	- libreoffice 1:6.4.3-1 (low)
	[buster] - libreoffice <ignored> (Minor issue)
	[stretch] - libreoffice <ignored> (Minor issue)
	[jessie] - libreoffice <no-dsa> (Minor issue)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...)
	NOT-FOR-US: drag-and-drop-multiple-file-upload-contact-form-7 plugin for WordPress
CVE-2020-12799
	RESERVED
CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
	NOT-FOR-US: Cellebrite UFED
CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...)
	- consul 1.7.4+dfsg1-1
	[buster] - consul <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
	NOTE: https://github.com/hashicorp/consul/pull/8047
CVE-2020-12796
	RESERVED
CVE-2020-12795
	RESERVED
CVE-2020-12794
	RESERVED
CVE-2020-12793
	RESERVED
CVE-2020-12792
	RESERVED
CVE-2020-12791
	RESERVED
CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...)
	NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2020-12789
	RESERVED
CVE-2020-12788
	RESERVED
CVE-2020-12787
	RESERVED
CVE-2020-12786
	RESERVED
CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...)
	NOT-FOR-US: cPanel
CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...)
	NOT-FOR-US: cPanel
CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...)
	NOT-FOR-US: Openfind MailGates
CVE-2020-12781
	RESERVED
CVE-2020-12780
	RESERVED
CVE-2020-12779
	RESERVED
CVE-2020-12778
	RESERVED
CVE-2020-12777
	RESERVED
CVE-2020-12776
	RESERVED
CVE-2020-12775
	RESERVED
CVE-2020-12774
	RESERVED
CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...)
	NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware
CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...)
	{DSA-4687-1 DLA-2213-1}
	- exim4 4.93-16
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2571
	NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86
	NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...)
	NOT-FOR-US: Ignite Realtime Spark
CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...)
	{DLA-2214-1}
	- libexif 0.6.21-7 (bug #960199)
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://github.com/libexif/libexif/issues/31
	NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72
CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ...)
	- iproute2 5.2.0-1
	[buster] - iproute2 <no-dsa> (Minor issue)
	[stretch] - iproute2 <not-affected> (Vulnerable code introduced later)
	[jessie] - iproute2 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0)
	NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)
CVE-2020-XXXX [unspecified fexsrv security issue]
	- fex 20160919-2
	[buster] - fex 20160919-2~deb10u1
	[stretch] - fex <no-dsa> (Non-free not supported)
CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...)
	- linux 5.7.6-1
	NOTE: https://lkml.org/lkml/2020/4/26/87
	NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2)
CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.6.14-1
	NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3)
CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...)
	{DLA-2241-1}
	- linux 5.4.19-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6)
CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...)
	{DSA-4699-1}
	- linux 5.6.7-1 (unimportant)
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4)
CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...)
	NOT-FOR-US: Gnuteca
CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&amp;action=view&amp;it ...)
	NOT-FOR-US: Solis Miolo
CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&amp;file= Directory Traversal. ...)
	NOT-FOR-US: Gnuteca
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
	NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
	{DLA-2228-2 DLA-2228-1}
	- json-c 0.13.1+dfsg-8 (bug #960326)
	NOTE: https://github.com/json-c/json-c/pull/592
	NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
	NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45
	NOTE: https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67
	NOTE: https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
	NOTE: https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
	NOTE: d07b91014986 ("Fix integer overflows.") introduces a regression tracked as:
	NOTE: https://github.com/json-c/json-c/issues/599
	NOTE: https://github.com/json-c/json-c/pull/610
	NOTE: Working backports for older branches: https://github.com/json-c/json-c/pull/608
CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...)
	- imlib2 1.6.1-2 (bug #960192)
	[buster] - imlib2 <not-affected> (Vulnerable code introduced later)
	[stretch] - imlib2 <not-affected> (Vulnerable code introduced later)
	[jessie] - imlib2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
	NOT-FOR-US: OpenNMS
CVE-2020-12759
	RESERVED
CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
	- consul 1.7.4+dfsg1-1
	[buster] - consul <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
	NOTE: https://github.com/hashicorp/consul/pull/7783
CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect  ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2020-12756
	RESERVED
CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...)
	- kio-extras <unfixed> (low; bug #960306)
	[buster] - kio-extras <no-dsa> (Minor issue)
	[stretch] - kio-extras <no-dsa> (Minor issue)
	NOTE: https://cgit.kde.org/kio-extras.git/commit/?id=d813cef3cecdec9af1532a40d677a203ff979145
CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...)
	- linux <unfixed>
	NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/
CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-12744
	RESERVED
CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does  ...)
	NOT-FOR-US: Gazie
CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...)
	NOT-FOR-US: iubenda-cookie-law-solution plugin for WordPress
CVE-2020-12741
	RESERVED
CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...)
	- tcpreplay <unfixed> (unimportant)
	[jessie] - tcpreplay <not-affected> (Vulnerable code added later)
	NOTE: https://github.com/appneta/tcpreplay/issues/576
	NOTE: https://github.com/appneta/tcpreplay/pull/590
	NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578
	NOTE: --fuzz-seed in PoC not present until version 4.2.0
	NOTE: Crash in CLI tool, no security impact
CVE-2020-12739
	RESERVED
CVE-2020-12738
	RESERVED
CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...)
	TODO: check
CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
	NOT-FOR-US: DomainMOD
CVE-2020-12734
	RESERVED
CVE-2020-12733
	RESERVED
CVE-2020-12732
	RESERVED
CVE-2020-12731
	RESERVED
CVE-2020-12730
	RESERVED
CVE-2020-12729
	RESERVED
CVE-2020-12728
	RESERVED
CVE-2020-12727
	RESERVED
CVE-2020-12726
	RESERVED
CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...)
	NOT-FOR-US: Redash
CVE-2020-12724
	RESERVED
CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
	- perl 5.30.3-1 (bug #962005)
	[buster] - perl <no-dsa> (Minor issue)
	[stretch] - perl <no-dsa> (Minor issue)
	NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3)
CVE-2020-12722
	RESERVED
CVE-2020-12721
	RESERVED
CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...)
	NOT-FOR-US: vBulletin
CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...)
	NOT-FOR-US: WSO2
CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...)
	NOT-FOR-US: COVIDSafe (Australia) app
CVE-2020-12716
	RESERVED
CVE-2020-12715
	RESERVED
CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...)
	NOT-FOR-US: CipherMail
CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
	NOT-FOR-US: CipherMail
CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE  ...)
	NOT-FOR-US: SOS JobScheduler
CVE-2020-12711
	RESERVED
CVE-2020-12710
	RESERVED
CVE-2020-12709
	RESERVED
CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...)
	NOT-FOR-US: LeptonCMS
CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...)
	NOT-FOR-US: LeptonCMS
CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
	NOT-FOR-US: UliCMS
CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
	NOT-FOR-US: UliCMS
CVE-2020-12702
	RESERVED
CVE-2020-12701
	RESERVED
CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...)
	NOT-FOR-US: Typo3 extension
CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...)
	NOT-FOR-US: Typo3 extension
CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...)
	NOT-FOR-US: Typo3 extension
CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...)
	NOT-FOR-US: Typo3 extension
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
	NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17  ...)
	- wpa <unfixed>
	- gupnp 1.2.3-1
	NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
	NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
	NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
	NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
	TODO: for gupnp, there are partial fixes, check
CVE-2020-12694
	RESERVED
CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
	- slurm-llnl <unfixed> (bug #961406)
	[buster] - slurm-llnl <no-dsa> (Minor issue)
	[stretch] - slurm-llnl <no-dsa> (Minor issue)
	[jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11)
	NOTE: https://www.schedmd.com/news.php?id=236
	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
	NOTE: Issue affects systems with Message Aggregation enabled
CVE-2020-12688
	RESERVED
CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...)
	NOT-FOR-US: Serpico
CVE-2020-12686
	RESERVED
CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
	NOT-FOR-US: Interchange
CVE-2020-12684
	RESERVED
CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
	NOT-FOR-US: Katyshop2
CVE-2020-12682
	RESERVED
CVE-2020-12681
	RESERVED
CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows loca ...)
	NOT-FOR-US: Avira Free Antivirus
CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...)
	NOT-FOR-US: Mitel
CVE-2020-12678
	REJECTED
CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...)
	NOT-FOR-US: Progress MOVEit Automation Web Admin
CVE-2020-12676
	RESERVED
CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...)
	NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
	{DSA-4679-1}
	- keystone 2:17.0.0~rc2-1 (bug #959900)
	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
	[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1872737
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4
CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
	{DSA-4679-1}
	- keystone 2:17.0.0~rc2-1 (bug #959900)
	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
	[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1872733
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
	{DSA-4679-1}
	- keystone 2:17.0.0~rc2-1 (bug #959900)
	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
	[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1873290
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6
CVE-2020-12674
	RESERVED
CVE-2020-12673
	RESERVED
CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
	{DSA-4679-1}
	- keystone 2:17.0.0~rc2-1 (bug #959900)
	[stretch] - keystone <end-of-life> (Not supported in stretch LTS)
	[jessie] - keystone <end-of-life> (Not supported in Jessie)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...)
	{DLA-2236-1}
	- graphicsmagick 1.4+really1.3.35-2 (bug #960000)
	[buster] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
	[stretch] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025
	NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/
CVE-2020-12671
	RESERVED
CVE-2020-12670
	RESERVED
CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...)
	- dolibarr <removed>
CVE-2020-12668
	RESERVED
CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted  ...)
	- knot-resolver 5.1.1-0.1 (bug #961076)
	NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
	NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b
	NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118
CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...)
	NOT-FOR-US: macaron
CVE-2020-12665
	RESERVED
CVE-2020-12664
	RESERVED
CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...)
	{DSA-4694-1}
	- unbound 1.10.1-1
	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
	[jessie] - unbound <end-of-life> (No longer supported)
	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...)
	{DSA-4694-1}
	- unbound 1.10.1-1
	[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
	[jessie] - unbound <end-of-life> (No longer supported)
	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18866 (Certain NETGEAR devices are affected by stored XSS. This affects R9000 ...)
	NOT-FOR-US: Netgear
CVE-2017-18865 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18864 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2020-12661
	RESERVED
CVE-2020-12660
	RESERVED
CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...)
	- linux 5.6.7-1
	[buster] - linux 4.19.118-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2)
CVE-2020-12658
	RESERVED
CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...)
	- linux 5.6.7-1
	[buster] - linux 4.19.118-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1)
CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c  ...)
	- linux <unfixed> (unimportant)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651
	NOTE: Issue is triggered only at module reloading / rebinding
CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...)
	- linux 5.6.14-1
	NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1)
CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1)
CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the  ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.4.19-1
	[buster] - linux 4.19.98-1
	NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: SecureCRT
CVE-2020-12650
	REJECTED
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
	NOT-FOR-US: Gurbalib
CVE-2020-12648
	RESERVED
CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
	NOT-FOR-US: Unisys ALGOL Compiler
CVE-2020-12646
	RESERVED
CVE-2020-12645
	RESERVED
CVE-2020-12644
	RESERVED
CVE-2020-12643
	RESERVED
CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...)
	NOT-FOR-US: Report Portal
CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to  ...)
	- roundcube 1.4.4+dfsg.1-1 (unimportant)
	[buster] - roundcube 1.3.11+dfsg.1-1~deb10u1
	NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
	NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...)
	- roundcube 1.4.4+dfsg.1-1 (unimportant)
	[buster] - roundcube 1.3.11+dfsg.1-1~deb10u1
	NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794
	NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...)
	- phplist <itp> (bug #612288)
CVE-2020-12638
	RESERVED
CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...)
	NOT-FOR-US: Zulip Desktop
CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...)
	- tensorflow <itp> (bug #804612)
CVE-2020-12636
	RESERVED
CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento  ...)
	NOT-FOR-US: WebForms Pro M2 extension for Magento
CVE-2020-12634
	RESERVED
CVE-2020-12633
	RESERVED
CVE-2020-12632
	RESERVED
CVE-2020-12631
	RESERVED
CVE-2020-12630
	RESERVED
CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...)
	NOT-FOR-US: osTicket
CVE-2020-12628
	RESERVED
CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...)
	NOT-FOR-US: Calibre-Web
CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...)
	NOT-FOR-US: League
CVE-2020-12623
	RESERVED
CVE-2020-12622
	RESERVED
CVE-2020-12621
	RESERVED
CVE-2020-12620
	RESERVED
CVE-2020-12619
	RESERVED
CVE-2020-12618
	RESERVED
CVE-2020-12617
	RESERVED
CVE-2020-12616
	RESERVED
CVE-2020-12615
	RESERVED
CVE-2020-12614
	RESERVED
CVE-2020-12613
	RESERVED
CVE-2020-12612
	RESERVED
CVE-2020-12611
	RESERVED
CVE-2020-12610
	RESERVED
CVE-2020-12609
	RESERVED
CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...)
	NOT-FOR-US: SolarWinds
CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...)
	NOT-FOR-US: fastecdsa
CVE-2020-12606
	RESERVED
CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive  ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive  ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12602
	RESERVED
CVE-2020-12601
	RESERVED
CVE-2020-12600
	RESERVED
CVE-2020-12599
	RESERVED
CVE-2020-12598
	RESERVED
CVE-2020-12597
	RESERVED
CVE-2020-12596
	RESERVED
CVE-2020-12595
	RESERVED
CVE-2020-12594
	RESERVED
CVE-2020-12593
	RESERVED
CVE-2020-12592
	RESERVED
CVE-2020-12591
	RESERVED
CVE-2020-12590
	RESERVED
CVE-2020-12589
	RESERVED
CVE-2020-12588
	RESERVED
CVE-2020-12587
	RESERVED
CVE-2020-12586
	RESERVED
CVE-2020-12585
	RESERVED
CVE-2020-12584
	RESERVED
CVE-2020-12583
	RESERVED
CVE-2020-12582
	RESERVED
CVE-2020-12581
	RESERVED
CVE-2020-12580
	RESERVED
CVE-2020-12579
	RESERVED
CVE-2020-12578
	RESERVED
CVE-2020-12577
	RESERVED
CVE-2020-12576
	RESERVED
CVE-2020-12575
	RESERVED
CVE-2020-12574
	RESERVED
CVE-2020-12573
	RESERVED
CVE-2020-12572
	RESERVED
CVE-2020-12571
	RESERVED
CVE-2020-12570
	RESERVED
CVE-2020-12569
	RESERVED
CVE-2020-12568
	RESERVED
CVE-2020-12567
	RESERVED
CVE-2020-12566
	RESERVED
CVE-2020-12565
	RESERVED
CVE-2020-12564
	RESERVED
CVE-2020-12563
	RESERVED
CVE-2020-12562
	RESERVED
CVE-2020-12561
	RESERVED
CVE-2020-12560
	RESERVED
CVE-2020-12559
	RESERVED
CVE-2020-12558
	RESERVED
CVE-2020-12557
	RESERVED
CVE-2020-12556
	RESERVED
CVE-2020-12555
	RESERVED
CVE-2020-12554
	RESERVED
CVE-2020-12553
	RESERVED
CVE-2020-12552
	RESERVED
CVE-2020-12551
	RESERVED
CVE-2020-12550
	RESERVED
CVE-2020-12549
	RESERVED
CVE-2020-12548
	RESERVED
CVE-2020-12547
	RESERVED
CVE-2020-12546
	RESERVED
CVE-2020-12545
	RESERVED
CVE-2020-12544
	RESERVED
CVE-2020-12543
	RESERVED
CVE-2020-12542
	RESERVED
CVE-2020-12541
	RESERVED
CVE-2020-12540
	RESERVED
CVE-2020-12539
	RESERVED
CVE-2020-12538
	RESERVED
CVE-2020-12537
	RESERVED
CVE-2020-12536
	RESERVED
CVE-2020-12535
	RESERVED
CVE-2020-12534
	RESERVED
CVE-2020-12533
	RESERVED
CVE-2020-12532
	RESERVED
CVE-2020-12531
	RESERVED
CVE-2020-12530
	RESERVED
CVE-2020-12529
	RESERVED
CVE-2020-12528
	RESERVED
CVE-2020-12527
	RESERVED
CVE-2020-12526
	RESERVED
CVE-2020-12525
	RESERVED
CVE-2020-12524
	RESERVED
CVE-2020-12523
	RESERVED
CVE-2020-12522
	RESERVED
CVE-2020-12521
	RESERVED
CVE-2020-12520
	RESERVED
CVE-2020-12519
	RESERVED
CVE-2020-12518
	RESERVED
CVE-2020-12517
	RESERVED
CVE-2020-12516
	RESERVED
CVE-2020-12515
	RESERVED
CVE-2020-12514
	RESERVED
CVE-2020-12513
	RESERVED
CVE-2020-12512
	RESERVED
CVE-2020-12511
	RESERVED
CVE-2020-12510
	RESERVED
CVE-2020-12509
	RESERVED
CVE-2020-12508
	RESERVED
CVE-2020-12507
	RESERVED
CVE-2020-12506
	RESERVED
CVE-2020-12505
	RESERVED
CVE-2020-12504
	RESERVED
CVE-2020-12503
	RESERVED
CVE-2020-12502
	RESERVED
CVE-2020-12501
	RESERVED
CVE-2020-12500
	RESERVED
CVE-2020-12499
	RESERVED
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
	NOT-FOR-US: Phoenix
CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
	NOT-FOR-US: Phoenix
CVE-2020-12496
	RESERVED
CVE-2020-12495
	RESERVED
CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is prov ...)
	NOT-FOR-US: Beckhoff
CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
	NOT-FOR-US: SWARCOs CPU LS4000 Series
CVE-2020-12492
	RESERVED
CVE-2020-12491
	RESERVED
CVE-2020-12490
	RESERVED
CVE-2020-12489
	RESERVED
CVE-2020-12488
	RESERVED
CVE-2020-12487
	RESERVED
CVE-2020-12486
	RESERVED
CVE-2020-12485
	RESERVED
CVE-2020-12484
	RESERVED
CVE-2020-12483
	RESERVED
CVE-2020-12482
	RESERVED
CVE-2020-12481
	RESERVED
CVE-2020-12480
	RESERVED
CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...)
	- teampass <itp> (bug #730180)
CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...)
	- teampass <itp> (bug #730180)
CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...)
	- teampass <itp> (bug #730180)
CVE-2020-12476
	RESERVED
CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...)
	NOT-FOR-US: TP-Link
CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...)
	- telegram-desktop 2.1.0+ds-1
	[buster] - telegram-desktop <no-dsa> (Minor issue)
	NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474
CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs  ...)
	NOT-FOR-US: MonoX
CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...)
	NOT-FOR-US: MonoX
CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload ...)
	NOT-FOR-US: MonoX
CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...)
	NOT-FOR-US: MonoX
CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...)
	NOT-FOR-US: Subrion CMS
CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...)
	NOT-FOR-US: Subrion CMS
CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...)
	NOT-FOR-US: Subrion CMS
CVE-2019-20793
	RESERVED
CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...)
	NOT-FOR-US: Xerox
CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...)
	{DSA-4674-1}
	- roundcube 1.4.4+dfsg.1-1 (bug #959142)
	NOTE: https://github.com/roundcube/roundcubemail/pull/7302
	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6
	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56
	NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713
CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a  ...)
	{DSA-4674-1}
	- roundcube 1.4.4+dfsg.1-1 (bug #959140)
	NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0
	NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4
	NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7
CVE-2020-12466
	RESERVED
CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...)
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6)
CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.6.14-1
	NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3)
CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...)
	NOT-FOR-US: Avira
CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with  ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-12460
	RESERVED
CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...)
	NOT-FOR-US: Grafana as shipped in Red Hat
CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...)
	- grafana <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
	NOTE: https://github.com/grafana/grafana/issues/8283
CVE-2020-12457
	RESERVED
CVE-2020-12456
	RESERVED
CVE-2020-12455
	RESERVED
CVE-2020-12454
	RESERVED
CVE-2020-12453
	RESERVED
CVE-2020-12452
	RESERVED
CVE-2020-12451
	RESERVED
CVE-2020-12450
	RESERVED
CVE-2020-12449
	RESERVED
CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...)
	- gitlab <not-affected> (Only affects GitLab EE 12.8 and later)
	NOTE: https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/
CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...)
	NOT-FOR-US: Onkyo
CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...)
	NOT-FOR-US: G.SKILL Trident Z Lighting Control
CVE-2020-12445
	RESERVED
CVE-2020-12444
	RESERVED
CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...)
	NOT-FOR-US: BigBlueButton
CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...)
	NOT-FOR-US: Ivanti
CVE-2020-12441
	RESERVED
CVE-2020-12440
	REJECTED
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
	NOT-FOR-US: Grin
CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2020-12437
	RESERVED
CVE-2020-12436
	RESERVED
CVE-2020-12435
	RESERVED
CVE-2020-12434
	RESERVED
CVE-2020-12433
	RESERVED
CVE-2020-12432
	RESERVED
CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software  ...)
	NOT-FOR-US: Splashtop Software Updater
CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
	[experimental] - libvirt 6.2.0-1
	- libvirt <unfixed> (low; bug #959447)
	[buster] - libvirt <no-dsa> (Minor issue)
	[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1)
	NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1804548
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190
CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...)
	- opensc 0.20.0-1 (low)
	[buster] - opensc <no-dsa> (Minor issue)
	[stretch] - opensc <no-dsa> (Minor issue)
	[jessie] - opensc <postponed> (Minor issue but can be worth fixing later)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
	NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would  ...)
	NOT-FOR-US: Online Course Registration
CVE-2020-12428
	RESERVED
CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...)
	NOT-FOR-US: Western Digital
CVE-2020-12426
	RESERVED
	- firefox 78.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426
CVE-2020-12425
	RESERVED
	- firefox 78.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425
CVE-2020-12424
	RESERVED
	- firefox 78.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424
CVE-2020-12423
	RESERVED
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423
CVE-2020-12422
	RESERVED
	- firefox 78.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
CVE-2020-12421
	RESERVED
	{DSA-4718-1 DSA-4713-1}
	- firefox 78.0-1
	- firefox-esr 68.10.0esr-1
	- thunderbird 1:68.10.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
CVE-2020-12420
	RESERVED
	{DSA-4718-1 DSA-4713-1}
	- firefox 78.0-1
	- firefox-esr 68.10.0esr-1
	- thunderbird 1:68.10.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
CVE-2020-12419
	RESERVED
	{DSA-4718-1 DSA-4713-1}
	- firefox 78.0-1
	- firefox-esr 68.10.0esr-1
	- thunderbird 1:68.10.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
CVE-2020-12418
	RESERVED
	{DSA-4718-1 DSA-4713-1}
	- firefox 78.0-1
	- firefox-esr 68.10.0esr-1
	- thunderbird 1:68.10.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
CVE-2020-12417
	RESERVED
	{DSA-4718-1 DSA-4713-1}
	- firefox 78.0-1
	- firefox-esr 68.10.0esr-1
	- thunderbird 1:68.10.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417
CVE-2020-12416
	RESERVED
	- firefox 78.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416
CVE-2020-12415
	RESERVED
	- firefox 78.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415
CVE-2020-12414
	RESERVED
CVE-2020-12413
	RESERVED
CVE-2020-12412
	RESERVED
CVE-2020-12411
	RESERVED
	- firefox 77.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410
	RESERVED
	{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
	- firefox 77.0-1
	- firefox-esr 68.9.0esr-1
	- thunderbird 1:68.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410
CVE-2020-12409
	RESERVED
	- firefox 77.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409
CVE-2020-12408
	RESERVED
	- firefox 77.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408
CVE-2020-12407
	RESERVED
	- firefox 77.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406
	RESERVED
	{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
	- firefox 77.0-1
	- firefox-esr 68.9.0esr-1
	- thunderbird 1:68.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405
	RESERVED
	{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
	- firefox 77.0-1
	- firefox-esr 68.9.0esr-1
	- thunderbird 1:68.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405
CVE-2020-12404
	RESERVED
CVE-2020-12403
	RESERVED
CVE-2020-12402 [Side channel vulnerabilities during RSA key generation]
	RESERVED
	{DLA-2266-1}
	- nss 2:3.53.1-1 (bug #963152)
	NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
	NOTE: Fixed upstream in 3.53.1
CVE-2020-12401
	RESERVED
CVE-2020-12400
	RESERVED
CVE-2020-12399 [Force a fixed length for DSA exponentiation]
	RESERVED
	{DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
	- firefox 77.0-1
	- firefox-esr 68.9.0esr-1
	- nss 2:3.53-1 (bug #961752)
	- thunderbird 1:68.9.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public)
	NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
CVE-2020-12398
	RESERVED
	{DSA-4702-1 DLA-2247-1}
	- thunderbird 1:68.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...)
	{DSA-4683-1 DLA-2206-1}
	- thunderbird 1:68.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397
CVE-2020-12396 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 76.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396
CVE-2020-12395 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
	- firefox 76.0-1
	- firefox-esr 68.8.0esr-1
	- thunderbird 1:68.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395
CVE-2020-12394 (A logic flaw in our location bar implementation could have allowed a l ...)
	- firefox 76.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394
CVE-2020-12393 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	- thunderbird <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393
CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
	- firefox 76.0-1
	- firefox-esr 68.8.0esr-1
	- thunderbird 1:68.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392
CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...)
	- firefox 76.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391
CVE-2020-12390 (Incorrect origin serialization of URLs with IPv6 addresses could lead  ...)
	- firefox 76.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390
CVE-2020-12389 (The Firefox content processes did not sufficiently lockdown access con ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389
CVE-2020-12388 (The Firefox content processes did not sufficiently lockdown access con ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388
CVE-2020-12387 (A race condition when running shutdown code for Web Worker led to a us ...)
	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
	- firefox 76.0-1
	- firefox-esr 68.8.0esr-1
	- thunderbird 1:68.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387
CVE-2020-12386
	RESERVED
CVE-2020-12385
	RESERVED
CVE-2020-12384
	RESERVED
CVE-2020-12383
	RESERVED
CVE-2020-12382
	RESERVED
CVE-2020-12381
	RESERVED
CVE-2020-12380
	RESERVED
CVE-2020-12379
	RESERVED
CVE-2020-12378
	RESERVED
CVE-2020-12377
	RESERVED
CVE-2020-12376
	RESERVED
CVE-2020-12375
	RESERVED
CVE-2020-12374
	RESERVED
CVE-2020-12373
	RESERVED
CVE-2020-12372
	RESERVED
CVE-2020-12371
	RESERVED
CVE-2020-12370
	RESERVED
CVE-2020-12369
	RESERVED
CVE-2020-12368
	RESERVED
CVE-2020-12367
	RESERVED
CVE-2020-12366
	RESERVED
CVE-2020-12365
	RESERVED
CVE-2020-12364
	RESERVED
CVE-2020-12363
	RESERVED
CVE-2020-12362
	RESERVED
CVE-2020-12361
	RESERVED
CVE-2020-12360
	RESERVED
CVE-2020-12359
	RESERVED
CVE-2020-12358
	RESERVED
CVE-2020-12357
	RESERVED
CVE-2020-12356
	RESERVED
CVE-2020-12355
	RESERVED
CVE-2020-12354
	RESERVED
CVE-2020-12353
	RESERVED
CVE-2020-12352
	RESERVED
CVE-2020-12351
	RESERVED
CVE-2020-12350
	RESERVED
CVE-2020-12349
	RESERVED
CVE-2020-12348
	RESERVED
CVE-2020-12347
	RESERVED
CVE-2020-12346
	RESERVED
CVE-2020-12345
	RESERVED
CVE-2020-12344
	RESERVED
CVE-2020-12343
	RESERVED
CVE-2020-12342
	RESERVED
CVE-2020-12341
	RESERVED
CVE-2020-12340
	RESERVED
CVE-2020-12339
	RESERVED
CVE-2020-12338
	RESERVED
CVE-2020-12337
	RESERVED
CVE-2020-12336
	RESERVED
CVE-2020-12335
	RESERVED
CVE-2020-12334
	RESERVED
CVE-2020-12333
	RESERVED
CVE-2020-12332
	RESERVED
CVE-2020-12331
	RESERVED
CVE-2020-12330
	RESERVED
CVE-2020-12329
	RESERVED
CVE-2020-12328
	RESERVED
CVE-2020-12327
	RESERVED
CVE-2020-12326
	RESERVED
CVE-2020-12325
	RESERVED
CVE-2020-12324
	RESERVED
CVE-2020-12323
	RESERVED
CVE-2020-12322
	RESERVED
CVE-2020-12321
	RESERVED
CVE-2020-12320
	RESERVED
CVE-2020-12319
	RESERVED
CVE-2020-12318
	RESERVED
CVE-2020-12317
	RESERVED
CVE-2020-12316
	RESERVED
CVE-2020-12315
	RESERVED
CVE-2020-12314
	RESERVED
CVE-2020-12313
	RESERVED
CVE-2020-12312
	RESERVED
CVE-2020-12311
	RESERVED
CVE-2020-12310
	RESERVED
CVE-2020-12309
	RESERVED
CVE-2020-12308
	RESERVED
CVE-2020-12307
	RESERVED
CVE-2020-12306
	RESERVED
CVE-2020-12305
	RESERVED
CVE-2020-12304
	RESERVED
CVE-2020-12303
	RESERVED
CVE-2020-12302
	RESERVED
CVE-2020-12301
	RESERVED
CVE-2020-12300
	RESERVED
CVE-2020-12299
	RESERVED
CVE-2020-12298
	RESERVED
CVE-2020-12297
	RESERVED
CVE-2020-12296
	RESERVED
CVE-2020-12295
	RESERVED
CVE-2020-12294
	RESERVED
CVE-2020-12293
	RESERVED
CVE-2020-12292
	RESERVED
CVE-2020-12291
	RESERVED
CVE-2020-12290
	RESERVED
CVE-2020-12289
	RESERVED
CVE-2020-12288
	RESERVED
CVE-2020-12287
	RESERVED
CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
	NOT-FOR-US: OpenThread
CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...)
	- re2c <unfixed>
	[buster] - re2c <no-dsa> (Minor issue)
	[stretch] - re2c <no-dsa> (Minor issue)
	[jessie] - re2c <no-dsa> (Minor issue)
	NOTE: https://github.com/skvadrik/re2c/issues/219
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/27/2
CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
	NOT-FOR-US: Octopus Deploy
CVE-2020-12285
	RESERVED
CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...)
	- ffmpeg 7:4.2.3-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
CVE-2017-18863 (Certain NETGEAR devices are affected by command execution via a PHP fo ...)
	NOT-FOR-US: Netgear
CVE-2017-18862 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18861 (Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Su ...)
	NOT-FOR-US: Netgear
CVE-2017-18860 (Certain NETGEAR devices are affected by debugging command execution. T ...)
	NOT-FOR-US: Netgear
CVE-2017-18859 (Certain NETGEAR devices are affected by slowdown/stoppage. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18858 (Certain NETGEAR devices are affected by command execution. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18857 (The NETGEAR Insight application before 2.42 for Android and iOS is aff ...)
	NOT-FOR-US: Netgear
CVE-2017-18856 (NETGEAR ReadyNAS devices before 6.6.1 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2017-18855 (NETGEAR WNR854T devices before 1.5.2 are affected by command execution ...)
	NOT-FOR-US: Netgear
CVE-2017-18854 (NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection. ...)
	NOT-FOR-US: Netgear
CVE-2017-18853 (Certain NETGEAR devices are affected by password recovery and file acc ...)
	NOT-FOR-US: Netgear
CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...)
	NOT-FOR-US: Netgear
CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure. This affect ...)
	NOT-FOR-US: Netgear
CVE-2016-11058 (The NETGEAR genie application before 2.4.34 for Android is affected by ...)
	NOT-FOR-US: Netgear
CVE-2016-11057 (Certain NETGEAR devices are affected by mishandling of repeated URL ca ...)
	NOT-FOR-US: Netgear
CVE-2016-11056 (Certain NETGEAR devices are affected by anonymous root access. This af ...)
	NOT-FOR-US: Netgear
CVE-2016-11055 (Certain NETGEAR devices are affected by CSRF. This affects CM400 befor ...)
	NOT-FOR-US: Netgear
CVE-2016-11054 (NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command ex ...)
	NOT-FOR-US: Netgear
CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...)
	NOT-FOR-US: Sourcegraph
CVE-2020-12282
	RESERVED
CVE-2020-12281
	RESERVED
CVE-2020-12280
	RESERVED
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
	- libgit2 0.28.4+dfsg.1-2
	[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
	[stretch] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
	NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
	- libgit2 0.28.4+dfsg.1-2
	[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
	[stretch] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
	NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01
	NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb
CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that  ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...)
	NOT-FOR-US: TestLink
CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
	NOT-FOR-US: TestLink
CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
	- opendmarc <unfixed>
	NOTE: https://sourceforge.net/p/opendmarc/tickets/237/
	NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
	NOT-FOR-US: SFOS
CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six- ...)
	NOT-FOR-US: Bluezone
CVE-2020-12269
	RESERVED
CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...)
	- jbig2dec 0.18-1
	[buster] - jbig2dec <no-dsa> (Minor issue)
	[stretch] - jbig2dec <no-dsa> (Minor issue)
	[jessie] - jbig2dec <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
	NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...)
	- qtbase-opensource-src <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450
	NOTE: The 5.14 in experimental contains the code, but is already fixed
CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...)
	- opendmarc <unfixed>
	NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
	NOTE: https://sourceforge.net/p/opendmarc/tickets/235/
	NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...)
	NOT-FOR-US: WAVLINK
CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)
	NOT-FOR-US: Node decompress
CVE-2020-12264
	RESERVED
CVE-2020-12263
	RESERVED
CVE-2020-12262
	RESERVED
CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...)
	NOT-FOR-US: Open-AudIT
CVE-2020-12260
	RESERVED
CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...)
	NOT-FOR-US: rConfig
CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...)
	NOT-FOR-US: rConfig
CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...)
	NOT-FOR-US: rConfig
CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...)
	NOT-FOR-US: rConfig
CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...)
	NOT-FOR-US: rConfig
CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...)
	NOT-FOR-US: Avira Antivirus
CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
	NOT-FOR-US: Croogo
CVE-2020-12253
	RESERVED
CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...)
	NOT-FOR-US: Gigamon
CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...)
	NOT-FOR-US: Gigamon
CVE-2020-12250
	RESERVED
CVE-2020-12249
	RESERVED
CVE-2020-12248
	RESERVED
CVE-2020-12247
	RESERVED
CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings &gt; Other & ...)
	NOT-FOR-US: Beeline Smart Box
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
	- grafana <removed>
	NOTE: https://github.com/grafana/grafana/pull/23816
CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...)
	{DSA-4691-1}
	- pdns-recursor 4.3.1-1
	[jessie] - pdns-recursor <not-affected> (Vulnerable code added later)
	[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...)
	{DSA-4666-1 DLA-2199-1}
	- openldap 2.4.50+dfsg-1
	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202
	NOTE: https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91 (master)
	NOTE: https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 (OPENLDAP_REL_ENG_2_4_50)
CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...)
	NOT-FOR-US: Valve
CVE-2020-12241
	RESERVED
CVE-2020-12240
	RESERVED
CVE-2020-12239
	RESERVED
CVE-2020-12238
	RESERVED
CVE-2020-12237
	RESERVED
CVE-2020-12236
	RESERVED
CVE-2020-12235
	RESERVED
CVE-2020-12234
	RESERVED
CVE-2020-12233
	RESERVED
CVE-2020-12232
	RESERVED
CVE-2020-12231
	RESERVED
CVE-2020-12230
	RESERVED
CVE-2020-12229
	RESERVED
CVE-2020-12228
	RESERVED
CVE-2020-12227
	RESERVED
CVE-2020-12226
	RESERVED
CVE-2020-12225
	RESERVED
CVE-2020-12224
	RESERVED
CVE-2020-12223
	RESERVED
CVE-2020-12222
	RESERVED
CVE-2020-12221
	RESERVED
CVE-2020-12220
	RESERVED
CVE-2020-12219
	RESERVED
CVE-2020-12218
	RESERVED
CVE-2020-12217
	RESERVED
CVE-2020-12216
	RESERVED
CVE-2020-12215
	RESERVED
CVE-2020-12214
	RESERVED
CVE-2020-12213
	RESERVED
CVE-2020-12212
	RESERVED
CVE-2020-12211
	RESERVED
CVE-2020-12210
	RESERVED
CVE-2020-12209
	RESERVED
CVE-2020-12208
	RESERVED
CVE-2020-12207
	RESERVED
CVE-2020-12206
	RESERVED
CVE-2020-12205
	RESERVED
CVE-2020-12204
	RESERVED
CVE-2020-12203
	RESERVED
CVE-2020-12202
	RESERVED
CVE-2020-12201
	RESERVED
CVE-2020-12200
	RESERVED
CVE-2020-12199
	RESERVED
CVE-2020-12198
	RESERVED
CVE-2020-12197
	RESERVED
CVE-2020-12196
	RESERVED
CVE-2020-12195
	RESERVED
CVE-2020-12194
	RESERVED
CVE-2020-12193
	RESERVED
CVE-2020-12192
	RESERVED
CVE-2020-12191
	RESERVED
CVE-2020-12190
	RESERVED
CVE-2020-12189
	RESERVED
CVE-2020-12188
	RESERVED
CVE-2020-12187
	RESERVED
CVE-2020-12186
	RESERVED
CVE-2020-12185
	RESERVED
CVE-2020-12184
	RESERVED
CVE-2020-12183
	RESERVED
CVE-2020-12182
	RESERVED
CVE-2020-12181
	RESERVED
CVE-2020-12180
	RESERVED
CVE-2020-12179
	RESERVED
CVE-2020-12178
	RESERVED
CVE-2020-12177
	RESERVED
CVE-2020-12176
	RESERVED
CVE-2020-12175
	RESERVED
CVE-2020-12174
	RESERVED
CVE-2020-12173
	RESERVED
CVE-2020-12172
	RESERVED
CVE-2020-12171
	RESERVED
CVE-2020-12170
	RESERVED
CVE-2020-12169
	RESERVED
CVE-2020-12168
	RESERVED
CVE-2020-12167
	RESERVED
CVE-2020-12166
	RESERVED
CVE-2020-12165
	RESERVED
CVE-2020-12164
	RESERVED
CVE-2020-12163
	RESERVED
CVE-2020-12162
	RESERVED
CVE-2020-12161
	RESERVED
CVE-2020-12160
	RESERVED
CVE-2020-12159
	RESERVED
CVE-2020-12158
	RESERVED
CVE-2020-12157
	RESERVED
CVE-2020-12156
	RESERVED
CVE-2020-12155
	RESERVED
CVE-2020-12154
	RESERVED
CVE-2020-12153
	RESERVED
CVE-2020-12152
	RESERVED
CVE-2020-12151
	RESERVED
CVE-2020-12150
	RESERVED
CVE-2020-12149
	RESERVED
CVE-2020-12148
	RESERVED
CVE-2020-12147
	RESERVED
CVE-2020-12146
	RESERVED
CVE-2020-12145
	RESERVED
CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...)
	NOT-FOR-US: Silver Peak Cloud Portal
CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...)
	NOT-FOR-US: EdgeConnect
CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...)
	NOT-FOR-US: EdgeConnect
CVE-2020-12141
	RESERVED
CVE-2020-12140
	RESERVED
CVE-2020-12139
	RESERVED
CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact  ...)
	NOT-FOR-US: AMD ATI atillk64.sys specific issue
CVE-2020-12136
	RESERVED
CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...)
	- duo-unix <unfixed> (unimportant; bug #958998)
	NOTE: Embedded older version, but affected function not used
CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...)
	NOT-FOR-US: Nanometrics Centaur / TitanSMA
CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...)
	NOT-FOR-US: Apros Evolution, ConsciusMap, and Furukawa
CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS  ...)
	NOT-FOR-US: Fifthplay
CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...)
	NOT-FOR-US: AirDisk Pro app for iOS
CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...)
	NOT-FOR-US: AirDisk Pro app for iOS
CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...)
	NOT-FOR-US: AirDisk Pro app for iOS
CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...)
	NOT-FOR-US: DONG JOO CHO File Transfer iFamily
CVE-2020-12127
	RESERVED
CVE-2020-12126
	RESERVED
CVE-2020-12125
	RESERVED
CVE-2020-12124
	RESERVED
CVE-2020-12123
	RESERVED
CVE-2020-12122
	RESERVED
CVE-2020-12121
	RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...)
	NOT-FOR-US: PrestaShop
CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF ...)
	NOT-FOR-US: Ledger Live
CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...)
	NOT-FOR-US: Binance tss-lib
CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...)
	NOT-FOR-US: Moxa
CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2020-12115
	RESERVED
CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.3.7-1
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2
CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...)
	NOT-FOR-US: BigBlueButton
CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BigBlueButton
CVE-2020-12111 (Certain TP-Link devices allow Command Injection. This affects NC260 1. ...)
	NOT-FOR-US: TP-Link
CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This affects  ...)
	NOT-FOR-US: TP-Link
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
	NOT-FOR-US: TP-Link
CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
	{DLA-2204-1}
	- mailman <removed>
	NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
CVE-2020-12107
	RESERVED
CVE-2020-12106
	RESERVED
CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
	- openconnect <unfixed> (unimportant; bug #959428)
	[jessie] - openconnect <not-affected> (Vulnerable code introduced later)
	NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96
	NOTE: Only an issue if building with OpenSSL, where Debian binary packages use
	NOTE: GnuTLS.
CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...)
	NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress
CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...)
	NOT-FOR-US: Tiny File Manager
CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...)
	NOT-FOR-US: Tiny File Manager
CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...)
	NOT-FOR-US: xt:Commerce
CVE-2020-12100
	RESERVED
CVE-2020-12099
	RESERVED
CVE-2020-12098
	RESERVED
CVE-2020-12097
	RESERVED
CVE-2020-12096
	RESERVED
CVE-2020-12095
	RESERVED
CVE-2020-12094
	RESERVED
CVE-2020-12093
	RESERVED
CVE-2020-12092
	RESERVED
CVE-2020-12091
	RESERVED
CVE-2020-12090
	RESERVED
CVE-2020-12089
	RESERVED
CVE-2020-12088
	RESERVED
CVE-2020-12087
	RESERVED
CVE-2020-12086
	RESERVED
CVE-2020-12085
	RESERVED
CVE-2020-12084
	RESERVED
CVE-2020-12083
	RESERVED
CVE-2020-12082
	RESERVED
CVE-2020-12081
	RESERVED
CVE-2020-12080
	RESERVED
CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...)
	{DLA-2146-1}
	- libvncserver 0.9.12+dfsg-9 (bug #954163)
	[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3
	[stretch] - libvncserver <no-dsa> (Minor issue)
	NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...)
	{DSA-4664-1 DLA-2200-1}
	- mailman <removed> (bug #958930)
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2
	NOTE: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801
CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...)
	NOT-FOR-US: Beaker browser, different from src:beaker
CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...)
	NOT-FOR-US: Open-AudIT
CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...)
	NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...)
	NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress
CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...)
	NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress
CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...)
	NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress
CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...)
	NOT-FOR-US: responsive-add-ons plugin for WordPress
CVE-2020-12072
	RESERVED
CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...)
	NOT-FOR-US: Anchor
CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...)
	NOT-FOR-US: Advanced Woo Search plugin for WordPress
CVE-2020-12069
	RESERVED
CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...)
	NOT-FOR-US: CODESYS
CVE-2020-12067
	RESERVED
CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...)
	- teeworlds <unfixed>
	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
	NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5
	NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785
CVE-2020-12065
	RESERVED
CVE-2020-12064
	RESERVED
CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attac ...)
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12
	NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals
CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...)
	- openssh 1:8.3p1-1 (unimportant)
	NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1
	NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1
	NOTE: Negligible security impact, a malicious peer can achieve no more than already
	NOTE: able o achieve within the scp protocol.
CVE-2020-12061
	RESERVED
CVE-2020-12060
	RESERVED
CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)
	- ceph 14.2.4-1
	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
	[jessie] - ceph <not-affected> (Vulnerable code introduced later)
	NOTE: https://tracker.ceph.com/issues/44967
	NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1)
	NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10)
	NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing.
CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
	NOTE: Duplicate of CVE-2019-10877, requested rejection
CVE-2020-12058
	RESERVED
CVE-2020-12057
	RESERVED
CVE-2020-12056
	RESERVED
CVE-2020-12055
	RESERVED
CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...)
	NOT-FOR-US: Catch Breadcrumb plugin for WordPress
CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...)
	NOT-FOR-US: Unisys Stealth
CVE-2020-12052 (Grafana version &lt; 6.7.3 is vulnerable for annotation popup XSS. ...)
	- grafana <removed>
CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote  ...)
	NOT-FOR-US: MediaWiki extension
CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...)
	- sqliteodbc <unfixed> (unimportant)
	NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely
	NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same
	NOTE: issue.
CVE-2020-12049 (An issue was discovered in dbus &gt;= 1.3.0 before 1.12.18. The DBusSe ...)
	{DLA-2235-1}
	- dbus 1.12.18-1
	[buster] - dbus <no-dsa> (Minor issue)
	[stretch] - dbus <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3
	NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
	NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
	NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748
CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...)
	NOT-FOR-US: Phoenix Hemodialysis Delivery System
CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...)
	NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC&#8217;s firmwar ...)
	NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...)
	NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12044
	RESERVED
CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...)
	NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within  ...)
	NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...)
	NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...)
	NOT-FOR-US: Sigma Spectrum Infusion System
CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...)
	NOT-FOR-US: Baxter
CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
	NOT-FOR-US: Rockwell Automation
CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
	NOT-FOR-US: Baxter
CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
	NOT-FOR-US: Baxter
CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
	NOT-FOR-US: Baxter
CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
	NOT-FOR-US: Rockwell Automation
CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...)
	NOT-FOR-US: Rockwell Automation
CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
	NOT-FOR-US: Baxter
CVE-2020-12031
	RESERVED
CVE-2020-12030
	RESERVED
CVE-2020-12029
	RESERVED
CVE-2020-12028
	RESERVED
CVE-2020-12027
	RESERVED
CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12025
	RESERVED
CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...)
	NOT-FOR-US: Baxter
CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...)
	NOT-FOR-US: Philips
CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...)
	NOT-FOR-US: OSIsoft PI Web
CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...)
	NOT-FOR-US: Baxter
CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based  ...)
	NOT-FOR-US: WebAccess Node
CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...)
	NOT-FOR-US: GE Grid Solutions Reason RT Clocks
CVE-2020-12016 (Baxter ExactaMix EM 2400 &amp; EM 1200, Versions ExactaMix EM2400 Vers ...)
	NOT-FOR-US: Baxter
CVE-2020-12015
	RESERVED
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12013
	RESERVED
CVE-2020-12012 (Baxter ExactaMix EM 2400 &amp; EM 1200, Versions ExactaMix EM2400 Vers ...)
	NOT-FOR-US: Baxter
CVE-2020-12011
	RESERVED
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12009
	RESERVED
CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
	NOT-FOR-US: Baxter
CVE-2020-12007
	RESERVED
CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
	NOT-FOR-US: FactoryTalk
CVE-2020-12004 (The affected product lacks proper authentication required to query the ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
	NOT-FOR-US: FactoryTalk
CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
	NOT-FOR-US: FactoryTalk
CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
	NOT-FOR-US: FactoryTalk
CVE-2020-11998
	RESERVED
CVE-2020-11997
	RESERVED
CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat  ...)
	- tomcat9 9.0.36-1
	- tomcat8 <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
	NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36)
	NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56)
CVE-2020-11995
	RESERVED
CVE-2020-11994
	RESERVED
CVE-2020-11993
	RESERVED
CVE-2020-11992
	RESERVED
CVE-2020-11991
	RESERVED
CVE-2020-11990
	RESERVED
CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...)
	- shiro <unfixed>
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1
	NOTE: https://github.com/apache/shiro/pull/211
	NOTE: https://issues.apache.org/jira/browse/SHIRO-753
	NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue
	NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This
	NOTE: CVE is closely related to CVE-2020-1957.
CVE-2020-11988
	RESERVED
CVE-2020-11987
	RESERVED
CVE-2020-11986
	RESERVED
CVE-2020-11985
	RESERVED
CVE-2020-11984
	RESERVED
CVE-2020-11983
	RESERVED
CVE-2020-11982
	RESERVED
CVE-2020-11981
	RESERVED
CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization  ...)
	- apache-karaf <itp> (bug #881297)
CVE-2020-11979
	RESERVED
CVE-2020-11978
	RESERVED
CVE-2020-11977
	RESERVED
CVE-2020-11976
	RESERVED
CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the  ...)
	NOT-FOR-US: Apache Unomi
CVE-2020-11974
	RESERVED
CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...)
	NOT-FOR-US: Apache Camel
CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache  ...)
	NOT-FOR-US: Apache Camel
CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x,  ...)
	NOT-FOR-US: Apache Camel
CVE-2020-11970
	REJECTED
CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...)
	NOT-FOR-US: Apache TomEE
CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read  ...)
	NOT-FOR-US: IQrouter
CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...)
	NOT-FOR-US: IQrouter
CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...)
	NOT-FOR-US: IQrouter
CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...)
	NOT-FOR-US: IQrouter
CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...)
	NOT-FOR-US: IQrouter
CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...)
	NOT-FOR-US: IQrouter
CVE-2020-11962
	RESERVED
CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...)
	NOT-FOR-US: Xiaomi
CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...)
	NOT-FOR-US: Xiaomi
CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...)
	NOT-FOR-US: Xiaomi
CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...)
	- re2c 1.3-2 (bug #963158)
	[buster] - re2c <not-affected> (Vulnerability introduced later)
	[stretch] - re2c <not-affected> (Vulnerability introduced later)
	[jessie] - re2c <not-affected> (Vulnerability introduced later)
	NOTE: http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/
	NOTE: Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2)
	NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2)
	NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070
	NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a
CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...)
	NOT-FOR-US: Cypress
CVE-2020-11956
	RESERVED
CVE-2020-11955
	RESERVED
CVE-2020-11954
	RESERVED
CVE-2020-11953
	RESERVED
CVE-2020-11952
	RESERVED
CVE-2020-11951
	RESERVED
CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...)
	NOT-FOR-US: VIVOTEK Network Cameras
CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...)
	NOT-FOR-US: VIVOTEK Network Cameras
CVE-2020-11948
	RESERVED
CVE-2020-11947
	RESERVED
CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...)
	{DSA-4682-1}
	- squid 4.11-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch
CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...)
	NOT-FOR-US: bitcoin-abe
CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...)
	NOT-FOR-US: Open-AudIT
CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...)
	NOT-FOR-US: Open-AudIT
CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
	NOT-FOR-US: Open-AudIT
CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
	- ndpi <unfixed>
	[buster] - ndpi <not-affected> (Introduced in 3.0)
	[stretch] - ndpi <not-affected> (Introduced in 3.0)
	[jessie] - ndpi <not-affected> (Introduced in 3.0)
	NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
	NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
	- ndpi <unfixed>
	[buster] - ndpi <not-affected> (Introduced in 3.0)
	[stretch] - ndpi <not-affected> (Introduced in 3.0)
	[jessie] - ndpi <not-affected> (Introduced in 3.0)
	NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202
	NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2020-11937
	RESERVED
CVE-2020-11936
	RESERVED
CVE-2020-11935
	RESERVED
	- aufs <unfixed>
	[buster] - aufs <no-dsa> (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release))
	[stretch] - aufs <ignored> (Minor issue; too many other aufs issues open)
	NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled.
	NOTE: linux/4.9.y had the config enabled, but was disabled in later versions
	NOTE: including linux/4.19.y.
	NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/
	NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c
	NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8
CVE-2020-11934
	RESERVED
CVE-2020-11933
	RESERVED
CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...)
	NOT-FOR-US: Subiquity installer for Ubuntu
CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...)
	NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21229 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21228 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21227 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21226 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21225 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21224 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21223 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21222 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21221 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21220 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21219 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21218 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21217 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21216 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21215 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21214 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21213 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21212 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21211 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21210 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21209 (Certain NETGEAR devices are affected by reflected XSS. This affects JN ...)
	NOT-FOR-US: Netgear
CVE-2018-21208 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21207 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21206 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21205 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21204 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21203 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21202 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21201 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21200 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21199 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21198 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21197 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21196 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21195 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21194 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21193 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21192 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21191 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21190 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21189 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21188 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21187 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21186 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21185 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21184 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21183 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21182 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21181 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21178 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21177 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21176 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21175 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21172 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21171 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21170 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21169 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21168 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21167 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
	NOT-FOR-US: Netgear
CVE-2018-21166 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21165 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21164 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21163 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21162 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21161 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21160 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
	NOT-FOR-US: Netgear
CVE-2018-21159 (NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2018-21158 (NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2018-21157 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21156 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21155 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2018-21154 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21153 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21152 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21149 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21147 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21146 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21145 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21144 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21143 (NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of  ...)
	NOT-FOR-US: Netgear
CVE-2018-21142 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21141 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21140 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21139 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21138 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21137 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
	NOT-FOR-US: Netgear
CVE-2018-21136 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21135 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21134 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21133 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21132 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21131 (Certain NETGEAR devices are affected by unauthenticated firmware downg ...)
	NOT-FOR-US: Netgear
CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21128 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21127 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21126 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21125 (NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication  ...)
	NOT-FOR-US: Netgear
CVE-2018-21124 (NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escal ...)
	NOT-FOR-US: Netgear
CVE-2018-21123 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21122 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21121 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21120 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...)
	NOT-FOR-US: Netgear
CVE-2018-21119 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21118 (NETGEAR XR500 devices before 2.3.2.32 are affected by authentication b ...)
	NOT-FOR-US: Netgear
CVE-2018-21117 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2018-21116 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2018-21115 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2018-21114 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21113 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21110 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21109 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21108 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21107 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21106 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21105 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21104 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21103 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21102 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
	NOT-FOR-US: Netgear
CVE-2018-21101 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21100 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21099 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21098 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21097 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21096 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...)
	NOT-FOR-US: Netgear
CVE-2018-21095 (Certain NETGEAR devices are affected by stored XSS. This affects SRR60 ...)
	NOT-FOR-US: Netgear
CVE-2018-21094 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21093 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18852 (Certain NETGEAR devices are affected by CSRF and authentication bypass ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18851 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18850 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18849 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18848 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18847 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18846 (Certain NETGEAR devices are affected by a stack-based buffer overflow. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18845 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18844 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18843 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18842 (Certain NETGEAR devices are affected by CSRF. This affects R7300 befor ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18841 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18840 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18839 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18838 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18837 (Certain NETGEAR devices are affected by vertical privilege escalation. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18836 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18835 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18834 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18833 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18832 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18831 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18830 (Certain NETGEAR devices are affected by vertical privilege escalation. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18829 (Certain NETGEAR devices are affected by vertical privilege escalation. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18828 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18827 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18826 (Certain NETGEAR devices are affected by vertical privilege escalation. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18825 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18824 (Certain NETGEAR devices are affected by directory traversal. This affe ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18823 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18822 (Certain NETGEAR devices are affected by vertical privilege escalation. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18821 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
	NOT-FOR-US: Netgear
CVE-2017-18820 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18819 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
	NOT-FOR-US: Netgear
CVE-2017-18818
	RESERVED
CVE-2017-18817
	RESERVED
CVE-2017-18816 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
	NOT-FOR-US: Netgear
CVE-2017-18815 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
	NOT-FOR-US: Netgear
CVE-2017-18814 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18813 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18812 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18811 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18810 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18809 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18808 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18807 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
	NOT-FOR-US: Netgear
CVE-2017-18806 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18805 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18804 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18803 (NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2017-18802 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18801 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18800 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...)
	NOT-FOR-US: Netgear
CVE-2017-18799 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18798 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18797 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18796 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18795 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18794 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18793 (NETGEAR R7800 devices before 1.0.2.36 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2017-18792 (NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command i ...)
	NOT-FOR-US: Netgear
CVE-2017-18791 (Certain NETGEAR devices are affected by CSRF. This affects R6050/JR615 ...)
	NOT-FOR-US: Netgear
CVE-2017-18790 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2017-18789 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2017-18788 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2017-18787 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18786 (Certain NETGEAR devices are affected by command injection. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18785 (Certain NETGEAR devices are affected by XSS. This affects D3600 before ...)
	NOT-FOR-US: Netgear
CVE-2017-18784 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...)
	NOT-FOR-US: Netgear
CVE-2017-18783 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...)
	NOT-FOR-US: Netgear
CVE-2017-18782 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...)
	NOT-FOR-US: Netgear
CVE-2017-18781 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...)
	NOT-FOR-US: Netgear
CVE-2017-18780 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18779 (Certain NETGEAR devices are affected by a buffer overflow. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18778 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18777 (Certain NETGEAR devices are affected by administrative password disclo ...)
	NOT-FOR-US: Netgear
CVE-2017-18776 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects R6100 befor ...)
	NOT-FOR-US: Netgear
CVE-2017-18774
	REJECTED
CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18771
	REJECTED
CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2017-18769 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18768 (Certain NETGEAR devices are affected by CSRF. This affects EX6100 befo ...)
	NOT-FOR-US: Netgear
CVE-2017-18767 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2017-18766 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18765 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2017-18764 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18763 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18762 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buf ...)
	NOT-FOR-US: Netgear
CVE-2017-18760
	REJECTED
CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18758 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18757 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18756 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18755 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...)
	NOT-FOR-US: Netgear
CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2017-18753
	REJECTED
CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18751 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18750 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18749 (Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 b ...)
	NOT-FOR-US: Netgear
CVE-2017-18748 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18747 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18746 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18745 (Certain NETGEAR devices are affected by stored XSS. This affects R6400 ...)
	NOT-FOR-US: Netgear
CVE-2017-18744 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18743 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18742 (Certain NETGEAR devices are affected by CSRF. This affects JR6150 befo ...)
	NOT-FOR-US: Netgear
CVE-2017-18741 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18740 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18739 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18738 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18737 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18736 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18735 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18734 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2017-18733 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18732 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18731 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18730 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18729 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18728 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18727 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18726 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18725 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18724 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18723 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18722 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18721 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18720 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2017-18719 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18718 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18717 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18716 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18715 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...)
	NOT-FOR-US: Netgear
CVE-2017-18714 (NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of s ...)
	NOT-FOR-US: Netgear
CVE-2017-18713 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18712 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18711 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18710 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2017-18709 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18708 (Certain NETGEAR devices are affected by CSRF. This affects R8300 befor ...)
	NOT-FOR-US: Netgear
CVE-2017-18707 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2017-18706 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18705 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2017-18704 (Certain NETGEAR devices are affected by an attacker's ability to read  ...)
	NOT-FOR-US: Netgear
CVE-2017-18703 (Certain NETGEAR devices are affected by CSRF. This affects D1500 befor ...)
	NOT-FOR-US: Netgear
CVE-2017-18702 (NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2017-18701 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...)
	NOT-FOR-US: Netgear
CVE-2017-18700 (Certain NETGEAR devices are affected by stored XSS. This affects D6400 ...)
	NOT-FOR-US: Netgear
CVE-2017-18699 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18698 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2017-18697 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2020-11930 (The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS vi ...)
	NOT-FOR-US: GTranslate plugin for WordPress
CVE-2020-11929
	RESERVED
CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress, Remot ...)
	NOT-FOR-US: media-library-assistant plugin for WordPress
CVE-2020-11927
	RESERVED
CVE-2020-11926
	RESERVED
CVE-2020-11925
	RESERVED
CVE-2020-11924
	RESERVED
CVE-2020-11923
	RESERVED
CVE-2020-11922
	RESERVED
CVE-2020-11921
	RESERVED
CVE-2020-11920
	RESERVED
CVE-2020-11919
	RESERVED
CVE-2020-11918
	RESERVED
CVE-2020-11917
	RESERVED
CVE-2020-11916
	RESERVED
CVE-2020-11915
	RESERVED
CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...)
	NOT-FOR-US: Pion DTLS
CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in  ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during  ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via  ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...)
	NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/197
CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/196
CVE-2020-11893
	RESERVED
CVE-2020-11892
	RESERVED
CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
	NOT-FOR-US: Joomla!
CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...)
	NOT-FOR-US: Joomla!
CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
	NOT-FOR-US: Joomla!
CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...)
	- python-markdown2 2.3.9-1 (bug #959445)
	[buster] - python-markdown2 <no-dsa> (Minor issue)
	NOTE:  https://github.com/trentm/python-markdown2/issues/348
CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an  ...)
	NOT-FOR-US: svg2png
CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...)
	NOT-FOR-US: OpenNMS
CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
	NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...)
	{DSA-4667-1}
	- linux 5.6.7-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74
CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
	NOT-FOR-US: Divante vue-storefront-api
CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...)
	TODO: check
CVE-2020-11881
	RESERVED
CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...)
	- kmail <unfixed> (bug #958054)
	[buster] - kmail <no-dsa> (Minor issue)
	- kdepim <removed>
	[stretch] - kdepim <no-dsa> (Minor issue)
	[jessie] - kdepim <no-dsa> (Minor issue)
	NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1
CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...)
	- evolution 3.36.0-1
	[buster] - evolution <no-dsa> (Minor issue)
	[stretch] - evolution <no-dsa> (Minor issue)
	[jessie] - evolution <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784
	NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7
CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...)
	- jitsi-meet <itp> (bug #760485)
CVE-2020-11877 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses 342 ...)
	NOT-FOR-US: Zoom Client for Meetings
CVE-2020-11876 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the ...)
	NOT-FOR-US: Zoom Client for Meetings
CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
	NOT-FOR-US: LG mobile devices
CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...)
	NOT-FOR-US: OpenTrace
CVE-2020-11871
	RESERVED
CVE-2020-11870
	RESERVED
CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...)
	- qemu 1:5.0-1
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2
CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...)
	{DLA-2201-1}
	- ntp 1:4.2.8p14+dfsg-1
	[buster] - ntp <no-dsa> (Minor issue)
	[stretch] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Doesn't affect ntpsec per upstream, #958027)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3592
	NOTE: http://bugs.ntp.org/3592
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665
	NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
CVE-2020-11867
	RESERVED
CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...)
	- libemf 1.0.12-1
	[buster] - libemf <no-dsa> (Minor issue)
CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...)
	- libemf 1.0.12-1
	[buster] - libemf <no-dsa> (Minor issue)
CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...)
	- libemf 1.0.12-1
	[buster] - libemf <no-dsa> (Minor issue)
CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...)
	- libemf 1.0.12-1
	[buster] - libemf <no-dsa> (Minor issue)
CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...)
	NOT-FOR-US: LG Bridge
CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 9.0 (Qual ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0 softw ...)
	NOT-FOR-US: LG mobile devices
CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...)
	NOT-FOR-US: LG PC Suite
CVE-2020-11862
	RESERVED
CVE-2020-11861
	RESERVED
CVE-2020-11860
	RESERVED
CVE-2020-11859
	RESERVED
CVE-2020-11858
	RESERVED
CVE-2020-11857
	RESERVED
CVE-2020-11856
	RESERVED
CVE-2020-11855
	RESERVED
CVE-2020-11854
	RESERVED
CVE-2020-11853
	RESERVED
CVE-2020-11852
	RESERVED
CVE-2020-11851
	RESERVED
CVE-2020-11850
	RESERVED
CVE-2020-11849
	RESERVED
CVE-2020-11848
	RESERVED
CVE-2020-11847
	RESERVED
CVE-2020-11846
	RESERVED
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11843
	RESERVED
CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...)
	NOT-FOR-US: Micro Focus
CVE-2020-11837
	RESERVED
CVE-2020-11836
	RESERVED
CVE-2020-11835
	RESERVED
CVE-2020-11834
	RESERVED
CVE-2020-11833
	RESERVED
CVE-2020-11832
	RESERVED
CVE-2020-11831
	RESERVED
CVE-2020-11830
	RESERVED
CVE-2020-11829
	RESERVED
CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
	NOT-FOR-US: ColorOS
CVE-2020-11827
	RESERVED
CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
	NOT-FOR-US: Memono
CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...)
	- dolibarr <removed>
CVE-2020-11824
	RESERVED
CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored  ...)
	- dolibarr <removed>
CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...)
	NOT-FOR-US: qdPM
CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
	NOT-FOR-US: Rukovoditel
CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...)
	NOT-FOR-US: qdPM
CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...)
	- openvpn 2.4.9-1 (low)
	[buster] - openvpn <no-dsa> (Minor issue)
	[stretch] - openvpn <no-dsa> (Minor issue)
	[jessie] - openvpn <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab
CVE-2020-11809
	RESERVED
CVE-2020-11808
	RESERVED
CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...)
	NOT-FOR-US: Sourcefabric Newscoop
CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
	NOT-FOR-US: MailStore Outlook Add-in
CVE-2020-11805
	RESERVED
CVE-2020-11804
	RESERVED
CVE-2020-11803
	RESERVED
CVE-2020-11802
	RESERVED
CVE-2020-11801
	RESERVED
CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...)
	NOT-FOR-US: ServiceNow IT Service Management Kingston
CVE-2020-11800
	RESERVED
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)
	NOT-FOR-US: Z-Cron
CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
	NOT-FOR-US: Mitel
CVE-2020-11797
	RESERVED
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
	NOT-FOR-US: JetBrains Space
CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was  ...)
	NOT-FOR-US: JetBrains Space
CVE-2020-11794
	RESERVED
CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...)
	{DSA-4658-1}
	- webkit2gtk 2.28.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.1-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0004.html
CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are  ...)
	NOT-FOR-US: Netgear
CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...)
	NOT-FOR-US: Netgear
CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20766 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
	NOT-FOR-US: Netgear
CVE-2019-20765 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
	NOT-FOR-US: Netgear
CVE-2019-20764 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
	NOT-FOR-US: Netgear
CVE-2019-20763 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...)
	NOT-FOR-US: Netgear
CVE-2019-20762 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20761 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2019-20760 (NETGEAR R9000 devices before 1.0.4.26 are affected by authentication b ...)
	NOT-FOR-US: Netgear
CVE-2019-20759 (NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. ...)
	NOT-FOR-US: Netgear
CVE-2019-20758 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...)
	NOT-FOR-US: Netgear
CVE-2019-20757 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2019-20756 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...)
	NOT-FOR-US: Netgear
CVE-2019-20755 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20754 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20753 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20752 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
	NOT-FOR-US: Netgear
CVE-2019-20751 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20750 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2019-20749 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2019-20748 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20747 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20746 (Certain NETGEAR devices are affected by reflected XSS. This affects D3 ...)
	NOT-FOR-US: Netgear
CVE-2019-20745 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20744 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...)
	NOT-FOR-US: Netgear
CVE-2019-20743 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. ...)
	NOT-FOR-US: Netgear
CVE-2019-20742 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. ...)
	NOT-FOR-US: Netgear
CVE-2019-20741 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...)
	NOT-FOR-US: Netgear
CVE-2019-20740 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20739 (NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overf ...)
	NOT-FOR-US: Netgear
CVE-2019-20738 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
	NOT-FOR-US: Netgear
CVE-2019-20737 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20736 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20735 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20734 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2019-20733 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20732 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20731 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20730 (Certain NETGEAR devices are affected by SQL injection. This affects D3 ...)
	NOT-FOR-US: Netgear
CVE-2019-20729 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20726 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20725 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20724 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20723 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20722 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20721 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2019-20720 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
	NOT-FOR-US: Netgear
CVE-2019-20719 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20718 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20717 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2019-20716 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20715 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
	NOT-FOR-US: Netgear
CVE-2019-20714 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
	NOT-FOR-US: Netgear
CVE-2019-20713 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20712 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20711 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20710 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20709 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20708 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20707 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20706 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20705 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20704 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20703 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20702 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20701 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20700 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20699 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2019-20698 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2019-20697 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20696 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2019-20695 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2019-20694 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2019-20693 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2019-20692 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20691 (Certain NETGEAR devices are affected by CSRF. This affects D3600 befor ...)
	NOT-FOR-US: Netgear
CVE-2019-20690 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2019-20689 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20688 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20687 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2019-20686 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2019-20685 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20684 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20683 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20682 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20679 (NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of acce ...)
	NOT-FOR-US: Netgear
CVE-2019-20678 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20677 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20676 (Certain NETGEAR devices are affected by lack of access control at the  ...)
	NOT-FOR-US: Netgear
CVE-2019-20675 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20674 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20673 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20672 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20671 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20668 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20667 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20666 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20665 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20664 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20663 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20662 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20661 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20660 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
	NOT-FOR-US: Netgear
CVE-2019-20659 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20658 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2019-20657 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20656 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
	NOT-FOR-US: Netgear
CVE-2019-20655 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20654 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2019-20653 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2019-20652 (NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of s ...)
	NOT-FOR-US: Netgear
CVE-2019-20651 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2019-20650 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2019-20649 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...)
	NOT-FOR-US: Netgear
CVE-2019-20648 (NETGEAR RN42400 devices before 6.10.2 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2019-20647 (NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of servic ...)
	NOT-FOR-US: Netgear
CVE-2019-20646 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of ad ...)
	NOT-FOR-US: Netgear
CVE-2019-20645 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. ...)
	NOT-FOR-US: Netgear
CVE-2019-20644 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. ...)
	NOT-FOR-US: Netgear
CVE-2019-20643 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of se ...)
	NOT-FOR-US: Netgear
CVE-2019-20642 (NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication b ...)
	NOT-FOR-US: Netgear
CVE-2019-20641 (NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access c ...)
	NOT-FOR-US: Netgear
CVE-2019-20640 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2019-20639 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
	NOT-FOR-US: Netgear
CVE-2019-20638 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...)
	NOT-FOR-US: Netgear
CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...)
	NOT-FOR-US: itsio
CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...)
	NOT-FOR-US: iFAX AvantFAX
CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/d0303d1785d2a8cb994efee9efa81f8ee4be4c17
CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f
	TODO: check completeness for upstream commits to cover CVE-2020-11759
CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
	[experimental] - openexr 2.5.0-1
	- openexr <unfixed> (bug #959444)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c
CVE-2020-11757
	RESERVED
CVE-2020-11756
	RESERVED
CVE-2020-11755
	RESERVED
CVE-2020-11754
	RESERVED
CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...)
	NOT-FOR-US: Sonatype
CVE-2020-11752
	RESERVED
CVE-2020-11751
	RESERVED
CVE-2020-11750
	RESERVED
CVE-2020-11749
	RESERVED
CVE-2020-11748
	RESERVED
CVE-2020-11747
	REJECTED
CVE-2020-11746
	RESERVED
CVE-2020-11745
	RESERVED
CVE-2020-11744
	RESERVED
CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
	- xen 4.11.4-1
	[buster] - xen <postponed> (Can be fixed along in future Xen DSA)
	[stretch] - xen <end-of-life> (DSA 4602-1)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-316.html
CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
	- xen 4.11.4-1
	[buster] - xen <postponed> (Can be fixed along in future Xen DSA)
	[stretch] - xen <end-of-life> (DSA 4602-1)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-318.html
CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...)
	- xen 4.11.4-1
	[buster] - xen <postponed> (Can be fixed along in future Xen DSA)
	[stretch] - xen <end-of-life> (DSA 4602-1)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-313.html
CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...)
	- xen 4.11.4-1
	[buster] - xen <postponed> (Can be fixed along in future Xen DSA)
	[stretch] - xen <end-of-life> (DSA 4602-1)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-313.html
CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
	- xen 4.11.4-1
	[buster] - xen <postponed> (Can be fixed along in future Xen DSA)
	[stretch] - xen <end-of-life> (DSA 4602-1)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-314.html
CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...)
	NOT-FOR-US: Snap Creek Duplicator plugin for WordPress
CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...)
	NOT-FOR-US: Zimbra
CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...)
	- wolfssl 4.4.0+dfsg-1
	NOTE: https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f
CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
	{DLA-2180-1}
	- file-roller 3.36.2-1 (bug #956638)
	NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...)
	NOT-FOR-US: CyberSolutions CyberMail
CVE-2020-11733
	RESERVED
CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
	NOT-FOR-US: Media Library Assistant plugin for WordPress
CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
	NOT-FOR-US: Media Library Assistant plugin for WordPress
CVE-2020-11730
	RESERVED
CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...)
	{DSA-4660-1 DLA-2178-1}
	- awl 0.61-1 (bug #956650)
	NOTE: https://gitlab.com/davical-project/awl/-/issues/18
	NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd
CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...)
	{DSA-4660-1 DLA-2178-1}
	- awl 0.61-1 (bug #956650)
	NOTE: https://gitlab.com/davical-project/awl/-/issues/19
	NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428
CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...)
	NOT-FOR-US: AlgolPlus
CVE-2020-11726
	RESERVED
CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...)
	- nginx <unfixed>
	NOTE: Patch: https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch
	TODO: check details (patch applies to src:ngnix, but check if issue is specific to OpenResty before 1.15.8.4)
CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...)
	- linux <unfixed>
	NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400
CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys  ...)
	NOT-FOR-US: Cellebrite UFED
CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...)
	- crawl <unfixed> (bug #958232)
	[buster] - crawl <no-dsa> (Minor issue)
	[stretch] - crawl <no-dsa> (Minor issue)
	[jessie] - crawl <no-dsa> (Minor issue)
	NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
	NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
	NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...)
	- libsixel <unfixed> (low)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/134
CVE-2020-11720
	RESERVED
CVE-2020-11719
	RESERVED
CVE-2020-11718
	RESERVED
CVE-2020-11717
	RESERVED
CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...)
	NOT-FOR-US: Panasonic
CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...)
	NOT-FOR-US: Panasonic
CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...)
	NOT-FOR-US: eten PSG-6528VM 1.1 devices
CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...)
	- wolfssl 4.4.0+dfsg-1 (bug #960190)
	NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/
CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...)
	NOT-FOR-US: Open Upload
CVE-2020-11711
	RESERVED
CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...)
	NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
	- chromium <unfixed>
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: Chromium embeds cpp-httplib
	NOTE: https://github.com/yhirose/cpp-httplib/issues/425
CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11707 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11706 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11705 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11704 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11703 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
	NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11700
	RESERVED
CVE-2020-11699
	RESERVED
CVE-2020-11698
	RESERVED
CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS  ...)
	NOT-FOR-US: Combodo iTop
CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...)
	NOT-FOR-US: Combodo iTop
CVE-2020-11695
	RESERVED
CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...)
	- pycharm <itp> (bug #742394)
CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could  ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...)
	NOT-FOR-US: JetBrains Hub
CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be  ...)
	- intellij-idea <itp> (bug #747616)
CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...)
	NOT-FOR-US: JetBrains GoLand
CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11684
	RESERVED
CVE-2020-11683
	RESERVED
CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing  ...)
	NOT-FOR-US: Castel NextGen DVR
CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...)
	NOT-FOR-US: Castel NextGen DVR
CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...)
	NOT-FOR-US: Castel NextGen DVR
CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...)
	NOT-FOR-US: Castel NextGen DVR
CVE-2020-11678
	RESERVED
CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
	NOT-FOR-US: Cerner medico
CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). ...)
	NOT-FOR-US: Cerner medico
CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). ...)
	NOT-FOR-US: Cerner medico
CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...)
	NOT-FOR-US: Cerner medico
CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...)
	NOT-FOR-US: Responsive Poll for WordPress
CVE-2020-11672
	RESERVED
CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...)
	- teampass <itp> (bug #730180)
CVE-2020-11670
	RESERVED
CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc  ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.118-1
	[stretch] - linux <not-affected> (Vulnerability introduced later with support for KVM guests on POWER9)
	[jessie] - linux <not-affected> (Vulnerability introduced later with support for KVM guests on POWER9)
	NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1
CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.17-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
CVE-2020-11667
	RESERVED
CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2020-11657
	RESERVED
CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...)
	- sqlite3 3.32.0-1 (unimportant)
	NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14
	NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8
	NOTE: https://www.sqlite.org/src/info/b64674919f673602
	NOTE: Negliglible security impact (and uncovered in DEBUG build)
CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...)
	{DLA-2203-1}
	- sqlite3 3.31.1-5
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
	NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed
	NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
CVE-2020-11654
	RESERVED
CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)
	- varnish 6.4.0-1 (bug #956307)
	[buster] - varnish <postponed> (Can be fixed along in next DSA)
	[stretch] - varnish <not-affected> (Only affects 6.x)
	[jessie] - varnish <not-affected> (Only affects 6.x)
	NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
	NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62
CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
	{DSA-4676-2 DSA-4676-1 DLA-2223-1}
	- salt 3000.2+dfsg1-1 (bug #959684)
	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd
CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...)
	{DSA-4676-2 DSA-4676-1 DLA-2223-1}
	- salt 3000.2+dfsg1-1 (bug #959684)
	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
	NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583
	NOTE: There is a typo in the whitelisted methods on AESFuncs:
	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
	NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016
	NOTE: https://github.com/saltstack/salt/issues/57027
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
	NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11648
	RESERVED
CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the  ...)
	- wireshark 3.2.3-1 (low; bug #958213)
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html
CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...)
	- varnish 6.4.0-1 (bug #956305)
	[buster] - varnish <no-dsa> (Minor issue)
	[stretch] - varnish <no-dsa> (Minor issue)
	[jessie] - varnish <not-affected> (Vulnerability introduced later, PoC not leaking)
	NOTE: http://varnish-cache.org/security/VSV00004.html#vsv00004
	NOTE: https://github.com/varnishcache/varnish-cache/commit/bd7b3d6d47ccbb5e1747126f8e2a297f38e56b8c (6.x fix)
	NOTE: https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734 (test case / reproducer)
	NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0)
	NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0)
CVE-2020-11646
	RESERVED
CVE-2020-11645
	RESERVED
CVE-2020-11644
	RESERVED
CVE-2020-11643
	RESERVED
CVE-2020-11642
	RESERVED
CVE-2020-11641
	RESERVED
CVE-2020-11640
	RESERVED
CVE-2020-11639
	RESERVED
CVE-2020-11638
	RESERVED
CVE-2020-11637
	RESERVED
CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...)
	{DLA-2241-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784
CVE-2020-11636
	RESERVED
CVE-2020-11635
	RESERVED
CVE-2020-11634
	RESERVED
CVE-2020-11633
	RESERVED
CVE-2020-11632
	RESERVED
CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
	NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
	NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
	NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
	NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
	NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
	NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11625
	RESERVED
CVE-2020-11624
	RESERVED
CVE-2020-11623
	RESERVED
CVE-2020-11622 (A vulnerability exists in Arista&#8217;s Cloud EOS VM / vEOS 4.23.2M a ...)
	NOT-FOR-US: Cloud EOS
CVE-2020-11621
	RESERVED
CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2682
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11618
	RESERVED
CVE-2020-11617
	RESERVED
CVE-2020-11616
	RESERVED
CVE-2020-11615
	RESERVED
CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...)
	NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...)
	NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
	- netty 1:4.1.48-1
	[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
	NOTE: https://github.com/netty/netty/issues/6168
	NOTE: https://github.com/netty/netty/pull/9924
	NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0
CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...)
	NOT-FOR-US: xdLocalStorage
CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...)
	NOT-FOR-US: xdLocalStorage
CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.17-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205
CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.17-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30
CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21092 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21091 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21090 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21089 (An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21088 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21087 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21086 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21085 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21084 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21083 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21082 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21081 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21080 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21079 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21078 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21077 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21076 (An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21075 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21074 (An issue was discovered on Samsung mobile devices with M(6.x) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21073 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21072 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21071 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21070 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0)  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21069 (An issue was discovered on Samsung mobile devices with N(7.x) (MediaTe ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21068 (An issue was discovered on Samsung mobile devices with O(8.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21067 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21066 (An issue was discovered on Samsung mobile devices with M(6.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21065 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21064 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21063 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21062 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21061 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21060 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21059 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21058 (An issue was discovered on Samsung mobile devices with N(7.0), O(8.0)  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21057 (An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, a ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21056 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21055 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21054 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x)  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21053 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21052 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21051 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21050 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21049 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21048 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21047 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21046 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21045 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21044 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21043 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21042 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21041 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21040 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21039 (An issue was discovered on Samsung mobile devices with N(7.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18696 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18695 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18694 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18693 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18692 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18691 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18690 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18689 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18688 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18687 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18686 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18685 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18684 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18683 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18682 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18681 (An issue was discovered on Samsung Galaxy S5 mobile devices with softw ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18680 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18679 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18678 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18677 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18676 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18675 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18674 (An issue was discovered on Samsung mobile devices with N(7.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18673 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18672 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18671 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18670 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18669 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18668 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18667 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18666 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18665 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18664 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18663 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18662 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18661 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18660 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18659 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18658 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18657 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18656 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18655 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18654 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18653 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18652 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18651 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18650 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18649 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18648 (An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18647 (An issue was discovered on Samsung mobile devices with M(6,x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18646 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18645 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18644 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18643 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11053 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11052 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11051
	REJECTED
CVE-2016-11050 (An issue was discovered on Samsung mobile devices with S3(KK), Note2(K ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11049 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11048 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spr ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11047 (An issue was discovered on Samsung mobile devices with JBP(4.2) and KK ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11046 (An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11045 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11044 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11043 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11042 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11041 (An issue was discovered on Samsung mobile devices with KK(4.4) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11040 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (wit ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11039 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11038 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11037
	REJECTED
CVE-2016-11036 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11035 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11034 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11033 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11032 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11031 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11030 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11029 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11028 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11027 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11026 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11025 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2015-9545 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...)
	NOT-FOR-US: xdLocalStorage
CVE-2015-9544 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...)
	NOT-FOR-US: xdLocalStorage
CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...)
	- libconvert-asn1-perl <unfixed> (bug #956186)
	[buster] - libconvert-asn1-perl <no-dsa> (Minor issue)
	[stretch] - libconvert-asn1-perl <no-dsa> (Minor issue)
	[jessie] - libconvert-asn1-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/gbarr/perl-Convert-ASN1/issues/14
CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An  ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...)
	NOT-FOR-US: CIPPlanner
CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke)  ...)
	NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2020-11584
	RESERVED
CVE-2020-11583
	RESERVED
CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11579
	RESERVED
CVE-2020-11578
	RESERVED
CVE-2020-11577
	RESERVED
CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...)
	NOT-FOR-US: Argo
CVE-2020-11575
	RESERVED
CVE-2020-11574
	RESERVED
CVE-2020-11573
	RESERVED
CVE-2020-11572
	RESERVED
CVE-2020-11571
	RESERVED
CVE-2020-11570
	RESERVED
CVE-2020-11569
	RESERVED
CVE-2020-11568
	RESERVED
CVE-2020-11567
	RESERVED
CVE-2020-11566
	RESERVED
CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...)
	{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.17-1
	NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
CVE-2020-11564
	RESERVED
CVE-2020-11563
	RESERVED
CVE-2020-11562
	RESERVED
CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...)
	NOT-FOR-US: NCH Express Invoice
CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext  ...)
	NOT-FOR-US: NCH Express Invoice
CVE-2020-11559
	RESERVED
CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...)
	- gpac <undetermined>
	[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
	NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
	NOTE: https://github.com/gpac/gpac/issues/1440
	TODO: check
CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
	NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
	NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
	NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
	NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
	NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11552
	RESERVED
CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on  ...)
	NOT-FOR-US: Netgear
CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on  ...)
	NOT-FOR-US: Netgear
CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on  ...)
	NOT-FOR-US: Netgear
CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...)
	NOT-FOR-US: Search Meter plugin for WordPress
CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2020-11546
	RESERVED
CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple  ...)
	NOT-FOR-US: Project Worlds Official Car Rental System 1
CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
	NOT-FOR-US: Project Worlds Official Car Rental System 1
CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...)
	NOT-FOR-US: OpsRamp Gateway
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
	NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...)
	NOT-FOR-US: TechSmith SnagIt
CVE-2020-11540
	RESERVED
CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It  ...)
	NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices
CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...)
	- pillow <unfixed>
	[jessie] - pillow <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/pull/4504
	NOTE: https://github.com/python-pillow/Pillow/pull/4538
	NOTE: Fixed in 7.1.0
CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...)
	NOT-FOR-US: ONLYOFFICE Document Server
CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
	NOT-FOR-US: ONLYOFFICE Document Server
CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
	NOT-FOR-US: ONLYOFFICE Document Server
CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
	NOT-FOR-US: ONLYOFFICE Document Server
CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin  ...)
	NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...)
	NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...)
	NOT-FOR-US: Chop Slider 3 WordPress plugin
CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...)
	NOT-FOR-US: Grav CMS
CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write)  ...)
	NOT-FOR-US: bit2spr
CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
	NOT-FOR-US: Zoho
CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions &gt; 1.1 through 2.0.0-rc ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions &gt; 1.0 through 2.0.0-r ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions &gt; 1.0 through 2. ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions &gt; 1.0 through 2.0.0-rc4 ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP &gt; 1.0 through 2.0.0-rc4 has an Out- ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version &gt; 1.0 through 2.0.0-rc ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows  ...)
	NOT-FOR-US: WinMagic SecureDoc
CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows  ...)
	NOT-FOR-US: WinMagic SecureDoc
CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...)
	NOT-FOR-US: Zoho
CVE-2020-11517
	RESERVED
CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...)
	NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress
CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...)
	NOT-FOR-US: Rank Math plugin for WordPress
CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...)
	NOT-FOR-US: Rank Math plugin for WordPress
CVE-2020-11513
	RESERVED
CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...)
	NOT-FOR-US: IMPress for IDX Broker WordPress plugin
CVE-2020-11511
	RESERVED
CVE-2020-11510
	RESERVED
CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...)
	NOT-FOR-US: WP Lead Plus X plugin for WordPress
CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...)
	NOT-FOR-US: WP Lead Plus X plugin for WordPress
CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...)
	NOT-FOR-US: Malwarebytes AdwCleaner
CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...)
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	- gitlab <not-affected> (Only affects GitLab EE 12.8.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11504
	RESERVED
CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...)
	NOT-FOR-US: Sophos
CVE-2020-11502
	RESERVED
CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...)
	NOT-FOR-US: Zoom
CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...)
	NOT-FOR-US: Firmware Analysis and Comparison Tool
CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...)
	NOT-FOR-US: Slack Nebula
CVE-2020-11497
	RESERVED
CVE-2020-11496
	RESERVED
CVE-2020-11495
	REJECTED
CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the  ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.17-1
	[buster] - linux 4.19.118-1
	NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
CVE-2020-11493
	RESERVED
CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows.  ...)
	NOT-FOR-US: Docker Desktop on Windows
CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
	NOT-FOR-US: Zen Load Balancer
CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...)
	NOT-FOR-US: Zen Load Balancer
CVE-2020-11489
	RESERVED
CVE-2020-11488
	RESERVED
CVE-2020-11487
	RESERVED
CVE-2020-11486
	RESERVED
CVE-2020-11485
	RESERVED
CVE-2020-11484
	RESERVED
CVE-2020-11483
	RESERVED
CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to  ...)
	NOT-FOR-US: codeBeamer
CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...)
	{DSA-4652-1}
	- gnutls28 3.6.13-2 (bug #955556)
	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
	[jessie] - gnutls28 <not-affected> (Vulnerable code introduced later)
	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960
	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31
	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13)
	NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3)
CVE-2020-11482
	RESERVED
CVE-2020-11481
	RESERVED
CVE-2020-11480
	RESERVED
CVE-2020-11479
	RESERVED
CVE-2020-11478
	RESERVED
CVE-2020-11477
	RESERVED
CVE-2020-11476
	RESERVED
CVE-2020-11475
	RESERVED
CVE-2020-11474
	RESERVED
CVE-2020-11473
	RESERVED
CVE-2020-11472
	RESERVED
CVE-2020-11471
	RESERVED
CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...)
	NOT-FOR-US: Zoom
CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to  ...)
	NOT-FOR-US: Zoom
CVE-2020-11468
	RESERVED
CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...)
	NOT-FOR-US: Deskpro
CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...)
	NOT-FOR-US: Deskpro
CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...)
	NOT-FOR-US: Deskpro
CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...)
	NOT-FOR-US: Deskpro
CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...)
	NOT-FOR-US: Deskpro
CVE-2020-11462 (An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8. ...)
	NOT-FOR-US: OpenVPN Access Server
CVE-2020-11461
	RESERVED
CVE-2020-11460
	RESERVED
CVE-2020-11459
	RESERVED
CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...)
	NOT-FOR-US: MISP
CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...)
	NOT-FOR-US: pfSense
CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...)
	- limesurvey <itp> (bug #472802)
CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...)
	- limesurvey <itp> (bug #472802)
CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...)
	NOT-FOR-US: Microstrategy Web
CVE-2020-11453 (** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Req ...)
	NOT-FOR-US: Microstrategy Web
CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...)
	NOT-FOR-US: Microstrategy Web
CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...)
	NOT-FOR-US: Microstrategy Web
CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...)
	NOT-FOR-US: Microstrategy Web
CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...)
	NOT-FOR-US: Technicolor devices
CVE-2020-11448
	RESERVED
CVE-2020-11447
	RESERVED
CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows  ...)
	NOT-FOR-US: ESET
CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...)
	NOT-FOR-US: TP-Link
CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to ver ...)
	NOT-FOR-US: Zoom
CVE-2020-11442
	RESERVED
CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...)
	- phpmyadmin <undetermined>
	[jessie] - phpmyadmin <not-affected> (The pma_error display code does not exist in this version)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056
CVE-2020-11440
	RESERVED
CVE-2020-11439
	RESERVED
CVE-2020-11438
	RESERVED
CVE-2020-11437
	RESERVED
CVE-2020-11436
	RESERVED
CVE-2020-11435
	RESERVED
CVE-2020-11434
	RESERVED
CVE-2020-11433
	RESERVED
CVE-2020-11432
	RESERVED
CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...)
	NOT-FOR-US: i-net
CVE-2020-11430
	RESERVED
CVE-2020-11429
	RESERVED
CVE-2020-11428
	RESERVED
CVE-2020-11427
	RESERVED
CVE-2020-11426
	RESERVED
CVE-2020-11425
	RESERVED
CVE-2020-11424
	RESERVED
CVE-2020-11423
	RESERVED
CVE-2020-11422
	RESERVED
CVE-2020-11421
	RESERVED
CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker  ...)
	NOT-FOR-US: UPS Adapter CS141
CVE-2020-11419
	RESERVED
CVE-2020-11418
	RESERVED
CVE-2020-11417
	RESERVED
CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...)
	NOT-FOR-US: JetBrains Space
CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before  ...)
	NOT-FOR-US: Progress Telerik UI
CVE-2020-11413
	RESERVED
CVE-2020-11412
	RESERVED
CVE-2020-11411
	RESERVED
CVE-2020-11410
	RESERVED
CVE-2020-11409
	RESERVED
CVE-2020-11408
	RESERVED
CVE-2020-11407
	RESERVED
CVE-2020-11406
	RESERVED
CVE-2020-11405
	RESERVED
CVE-2020-11404
	RESERVED
CVE-2020-11403
	RESERVED
CVE-2020-11402
	RESERVED
CVE-2020-11401
	RESERVED
CVE-2020-11400
	RESERVED
CVE-2020-11399
	RESERVED
CVE-2020-11398
	RESERVED
CVE-2020-11397
	RESERVED
CVE-2020-11396
	RESERVED
CVE-2020-11395
	RESERVED
CVE-2020-11394
	RESERVED
CVE-2020-11393
	RESERVED
CVE-2020-11392
	RESERVED
CVE-2020-11391
	RESERVED
CVE-2020-11390
	RESERVED
CVE-2020-11389
	RESERVED
CVE-2020-11388
	RESERVED
CVE-2020-11387
	RESERVED
CVE-2020-11386
	RESERVED
CVE-2020-11385
	RESERVED
CVE-2020-11384
	RESERVED
CVE-2020-11383
	RESERVED
CVE-2020-11382
	RESERVED
CVE-2020-11381
	RESERVED
CVE-2020-11380
	RESERVED
CVE-2020-11379
	RESERVED
CVE-2020-11378
	RESERVED
CVE-2020-11377
	RESERVED
CVE-2020-11376
	RESERVED
CVE-2020-11375
	RESERVED
CVE-2020-11374
	RESERVED
CVE-2020-11373
	RESERVED
CVE-2020-11372
	RESERVED
CVE-2020-11371
	RESERVED
CVE-2020-11370
	RESERVED
CVE-2020-11369
	RESERVED
CVE-2020-11368
	RESERVED
CVE-2020-11367
	RESERVED
CVE-2020-11366
	RESERVED
CVE-2020-11365
	RESERVED
CVE-2020-11364
	RESERVED
CVE-2020-11363
	RESERVED
CVE-2020-11362
	RESERVED
CVE-2020-11361
	RESERVED
CVE-2020-11360
	RESERVED
CVE-2020-11359
	RESERVED
CVE-2020-11358
	RESERVED
CVE-2020-11357
	RESERVED
CVE-2020-11356
	RESERVED
CVE-2020-11355
	RESERVED
CVE-2020-11354
	RESERVED
CVE-2020-11353
	RESERVED
CVE-2020-11352
	RESERVED
CVE-2020-11351
	RESERVED
CVE-2020-11350
	RESERVED
CVE-2020-11349
	RESERVED
CVE-2020-11348
	RESERVED
CVE-2020-11347
	RESERVED
CVE-2020-11346
	RESERVED
CVE-2020-11345
	RESERVED
CVE-2020-11344
	RESERVED
CVE-2020-11343
	RESERVED
CVE-2020-11342
	RESERVED
CVE-2020-11341
	RESERVED
CVE-2020-11340
	RESERVED
CVE-2020-11339
	RESERVED
CVE-2020-11338
	RESERVED
CVE-2020-11337
	RESERVED
CVE-2020-11336
	RESERVED
CVE-2020-11335
	RESERVED
CVE-2020-11334
	RESERVED
CVE-2020-11333
	RESERVED
CVE-2020-11332
	RESERVED
CVE-2020-11331
	RESERVED
CVE-2020-11330
	RESERVED
CVE-2020-11329
	RESERVED
CVE-2020-11328
	RESERVED
CVE-2020-11327
	RESERVED
CVE-2020-11326
	RESERVED
CVE-2020-11325
	RESERVED
CVE-2020-11324
	RESERVED
CVE-2020-11323
	RESERVED
CVE-2020-11322
	RESERVED
CVE-2020-11321
	RESERVED
CVE-2020-11320
	RESERVED
CVE-2020-11319
	RESERVED
CVE-2020-11318
	RESERVED
CVE-2020-11317
	RESERVED
CVE-2020-11316
	RESERVED
CVE-2020-11315
	RESERVED
CVE-2020-11314
	RESERVED
CVE-2020-11313
	RESERVED
CVE-2020-11312
	RESERVED
CVE-2020-11311
	RESERVED
CVE-2020-11310
	RESERVED
CVE-2020-11309
	RESERVED
CVE-2020-11308
	RESERVED
CVE-2020-11307
	RESERVED
CVE-2020-11306
	RESERVED
CVE-2020-11305
	RESERVED
CVE-2020-11304
	RESERVED
CVE-2020-11303
	RESERVED
CVE-2020-11302
	RESERVED
CVE-2020-11301
	RESERVED
CVE-2020-11300
	RESERVED
CVE-2020-11299
	RESERVED
CVE-2020-11298
	RESERVED
CVE-2020-11297
	RESERVED
CVE-2020-11296
	RESERVED
CVE-2020-11295
	RESERVED
CVE-2020-11294
	RESERVED
CVE-2020-11293
	RESERVED
CVE-2020-11292
	RESERVED
CVE-2020-11291
	RESERVED
CVE-2020-11290
	RESERVED
CVE-2020-11289
	RESERVED
CVE-2020-11288
	RESERVED
CVE-2020-11287
	RESERVED
CVE-2020-11286
	RESERVED
CVE-2020-11285
	RESERVED
CVE-2020-11284
	RESERVED
CVE-2020-11283
	RESERVED
CVE-2020-11282
	RESERVED
CVE-2020-11281
	RESERVED
CVE-2020-11280
	RESERVED
CVE-2020-11279
	RESERVED
CVE-2020-11278
	RESERVED
CVE-2020-11277
	RESERVED
CVE-2020-11276
	RESERVED
CVE-2020-11275
	RESERVED
CVE-2020-11274
	RESERVED
CVE-2020-11273
	RESERVED
CVE-2020-11272
	RESERVED
CVE-2020-11271
	RESERVED
CVE-2020-11270
	RESERVED
CVE-2020-11269
	RESERVED
CVE-2020-11268
	RESERVED
CVE-2020-11267
	RESERVED
CVE-2020-11266
	RESERVED
CVE-2020-11265
	RESERVED
CVE-2020-11264
	RESERVED
CVE-2020-11263
	RESERVED
CVE-2020-11262
	RESERVED
CVE-2020-11261
	RESERVED
CVE-2020-11260
	RESERVED
CVE-2020-11259
	RESERVED
CVE-2020-11258
	RESERVED
CVE-2020-11257
	RESERVED
CVE-2020-11256
	RESERVED
CVE-2020-11255
	RESERVED
CVE-2020-11254
	RESERVED
CVE-2020-11253
	RESERVED
CVE-2020-11252
	RESERVED
CVE-2020-11251
	RESERVED
CVE-2020-11250
	RESERVED
CVE-2020-11249
	RESERVED
CVE-2020-11248
	RESERVED
CVE-2020-11247
	RESERVED
CVE-2020-11246
	RESERVED
CVE-2020-11245
	RESERVED
CVE-2020-11244
	RESERVED
CVE-2020-11243
	RESERVED
CVE-2020-11242
	RESERVED
CVE-2020-11241
	RESERVED
CVE-2020-11240
	RESERVED
CVE-2020-11239
	RESERVED
CVE-2020-11238
	RESERVED
CVE-2020-11237
	RESERVED
CVE-2020-11236
	RESERVED
CVE-2020-11235
	RESERVED
CVE-2020-11234
	RESERVED
CVE-2020-11233
	RESERVED
CVE-2020-11232
	RESERVED
CVE-2020-11231
	RESERVED
CVE-2020-11230
	RESERVED
CVE-2020-11229
	RESERVED
CVE-2020-11228
	RESERVED
CVE-2020-11227
	RESERVED
CVE-2020-11226
	RESERVED
CVE-2020-11225
	RESERVED
CVE-2020-11224
	RESERVED
CVE-2020-11223
	RESERVED
CVE-2020-11222
	RESERVED
CVE-2020-11221
	RESERVED
CVE-2020-11220
	RESERVED
CVE-2020-11219
	RESERVED
CVE-2020-11218
	RESERVED
CVE-2020-11217
	RESERVED
CVE-2020-11216
	RESERVED
CVE-2020-11215
	RESERVED
CVE-2020-11214
	RESERVED
CVE-2020-11213
	RESERVED
CVE-2020-11212
	RESERVED
CVE-2020-11211
	RESERVED
CVE-2020-11210
	RESERVED
CVE-2020-11209
	RESERVED
CVE-2020-11208
	RESERVED
CVE-2020-11207
	RESERVED
CVE-2020-11206
	RESERVED
CVE-2020-11205
	RESERVED
CVE-2020-11204
	RESERVED
CVE-2020-11203
	RESERVED
CVE-2020-11202
	RESERVED
CVE-2020-11201
	RESERVED
CVE-2020-11200
	RESERVED
CVE-2020-11199
	RESERVED
CVE-2020-11198
	RESERVED
CVE-2020-11197
	RESERVED
CVE-2020-11196
	RESERVED
CVE-2020-11195
	RESERVED
CVE-2020-11194
	RESERVED
CVE-2020-11193
	RESERVED
CVE-2020-11192
	RESERVED
CVE-2020-11191
	RESERVED
CVE-2020-11190
	RESERVED
CVE-2020-11189
	RESERVED
CVE-2020-11188
	RESERVED
CVE-2020-11187
	RESERVED
CVE-2020-11186
	RESERVED
CVE-2020-11185
	RESERVED
CVE-2020-11184
	RESERVED
CVE-2020-11183
	RESERVED
CVE-2020-11182
	RESERVED
CVE-2020-11181
	RESERVED
CVE-2020-11180
	RESERVED
CVE-2020-11179
	RESERVED
CVE-2020-11178
	RESERVED
CVE-2020-11177
	RESERVED
CVE-2020-11176
	RESERVED
CVE-2020-11175
	RESERVED
CVE-2020-11174
	RESERVED
CVE-2020-11173
	RESERVED
CVE-2020-11172
	RESERVED
CVE-2020-11171
	RESERVED
CVE-2020-11170
	RESERVED
CVE-2020-11169
	RESERVED
CVE-2020-11168
	RESERVED
CVE-2020-11167
	RESERVED
CVE-2020-11166
	RESERVED
CVE-2020-11165
	RESERVED
CVE-2020-11164
	RESERVED
CVE-2020-11163
	RESERVED
CVE-2020-11162
	RESERVED
CVE-2020-11161
	RESERVED
CVE-2020-11160
	RESERVED
CVE-2020-11159
	RESERVED
CVE-2020-11158
	RESERVED
CVE-2020-11157
	RESERVED
CVE-2020-11156
	RESERVED
CVE-2020-11155
	RESERVED
CVE-2020-11154
	RESERVED
CVE-2020-11153
	RESERVED
CVE-2020-11152
	RESERVED
CVE-2020-11151
	RESERVED
CVE-2020-11150
	RESERVED
CVE-2020-11149
	RESERVED
CVE-2020-11148
	RESERVED
CVE-2020-11147
	RESERVED
CVE-2020-11146
	RESERVED
CVE-2020-11145
	RESERVED
CVE-2020-11144
	RESERVED
CVE-2020-11143
	RESERVED
CVE-2020-11142
	RESERVED
CVE-2020-11141
	RESERVED
CVE-2020-11140
	RESERVED
CVE-2020-11139
	RESERVED
CVE-2020-11138
	RESERVED
CVE-2020-11137
	RESERVED
CVE-2020-11136
	RESERVED
CVE-2020-11135
	RESERVED
CVE-2020-11134
	RESERVED
CVE-2020-11133
	RESERVED
CVE-2020-11132
	RESERVED
CVE-2020-11131
	RESERVED
CVE-2020-11130
	RESERVED
CVE-2020-11129
	RESERVED
CVE-2020-11128
	RESERVED
CVE-2020-11127
	RESERVED
CVE-2020-11126
	RESERVED
CVE-2020-11125
	RESERVED
CVE-2020-11124
	RESERVED
CVE-2020-11123
	RESERVED
CVE-2020-11122
	RESERVED
CVE-2020-11121
	RESERVED
CVE-2020-11120
	RESERVED
CVE-2020-11119
	RESERVED
CVE-2020-11118
	RESERVED
CVE-2020-11117
	RESERVED
CVE-2020-11116
	RESERVED
CVE-2020-11115
	RESERVED
CVE-2020-11114
	RESERVED
CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...)
	- bubblewrap 0.4.1-1 (low; bug #955441)
	[buster] - bubblewrap <not-affected> (Introduced in 0.4.0)
	[stretch] - bubblewrap <not-affected> (Introduced in 0.4.0)
	NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
	NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240
CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2670
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2666
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11110
	RESERVED
CVE-2020-11109
	RESERVED
CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...)
	NOT-FOR-US: Pi-hole
CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 ,  ...)
	NOT-FOR-US: XAMPP
CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
	NOT-FOR-US: Responsive Filemanager
CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...)
	NOT-FOR-US: USC iLab cereal
CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...)
	NOT-FOR-US: USC iLab cereal
CVE-2020-11103
	RESERVED
CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying  ...)
	- qemu 1:4.2-4 (bug #956145)
	[buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later)
	[stretch] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later)
	[jessie] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later)
	- qemu-kvm <not-affected> (Vulnerable code/Tulip NIC emulator added later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1)
CVE-2020-11101
	RESERVED
CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...)
	{DSA-4649-1}
	- haproxy 2.0.13-2
	[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
	NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543
CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...)
	NOT-FOR-US: Proofpoint Email Protection
CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...)
	NOT-FOR-US: odata4j
CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...)
	NOT-FOR-US: odata4j
CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...)
	NOT-FOR-US: October CMS
CVE-2020-11093
	RESERVED
CVE-2020-11092
	RESERVED
CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...)
	NOT-FOR-US: Weave Net
CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vul ...)
	NOT-FOR-US: Indy Node
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
CVE-2020-11084
	RESERVED
CVE-2020-11083
	RESERVED
CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...)
	- ruby-kaminari 1.0.1-6 (bug #961847)
	[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
	NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
	NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
CVE-2020-11081
	RESERVED
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
	{DSA-4696-1}
	- nodejs 10.21.0~dfsg-1 (bug #962145)
	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080
CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of  ...)
	NOT-FOR-US: dns-sync nodejs module
CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...)
	{DLA-2232-1}
	- python-httplib2 0.18.1-1
	[buster] - python-httplib2 <no-dsa> (Minor issue)
	[stretch] - python-httplib2 <no-dsa> (Minor issue)
	NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
	NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...)
	- puma <unfixed>
	NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...)
	- puma <unfixed>
	NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
	NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...)
	NOT-FOR-US: Anchore Engine
CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.7.6, there i ...)
	NOT-FOR-US: PrestaShop
CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...)
	NOT-FOR-US: zsh-autoswitch-virtualenv
CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...)
	NOT-FOR-US: Node slp-validate
CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...)
	NOT-FOR-US: Node slpjs
CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...)
	NOT-FOR-US: TYPO3
CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
	NOT-FOR-US: TYPO3
CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...)
	NOT-FOR-US: LoRaMac-node
CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
	NOT-FOR-US: TYPO3
CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
	NOT-FOR-US: TYPO3
CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...)
	NOT-FOR-US: TYPO3
CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
	NOT-FOR-US: TYPO3
CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...)
	NOT-FOR-US: TYPO3
CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
	NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11061
	RESERVED
CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
	NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir  ...)
	NOT-FOR-US: AEgir
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...)
	NOT-FOR-US: XWiki
CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...)
	NOT-FOR-US: Sprout Forms
CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...)
	NOT-FOR-US: BookStack
CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...)
	- qutebrowser 1.11.1.post1-1 (unimportant)
	NOTE: https://github.com/qutebrowser/qutebrowser/issues/5403
	NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j
	NOTE: Depends on qtwebkit, which is not covered by security support
CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...)
	NOT-FOR-US: OAuth2 Proxy
CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...)
	NOT-FOR-US: Sorcery
CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...)
	NOT-FOR-US: Wiki.js
CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...)
	NOT-FOR-US: Java-WebSocket, different from src:websocket-api
CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
	NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
	NOTE: Fixed  by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013
CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer  ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack  ...)
	NOT-FOR-US: Wagtail
CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11035 (In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11034 (In GLPI before version 9.4.6, there is a vulnerability that allows byp ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11033 (In GLPI from version 9.1 and before version 9.4.6, any API user with R ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerability f ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11031
	RESERVED
CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
	- wordpress 5.4.1+dfsg1-1 (bug #959391)
	[buster] - wordpress <not-affected> (Vulnerable code not present)
	[stretch] - wordpress <not-affected> (Vulnerable code not present)
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/47636
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh
	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
	NOTE: Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f
CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...)
	{DSA-4677-1 DLA-2208-1}
	- wordpress 5.4.1+dfsg1-1 (bug #959391)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
	NOTE: https://core.trac.wordpress.org/changeset/47637
	NOTE: https://github.com/WordPress/wordpress-develop/935ab39e8ee754735a553c74d41270df1164ae56 (master)
CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...)
	{DSA-4677-1 DLA-2208-1}
	- wordpress 5.4.1+dfsg1-1 (bug #959391)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
	NOTE: https://core.trac.wordpress.org/changeset/47635
	NOTE: https://github.com/WordPress/wordpress-develop/commit/8e11facb671932a6eefe0e7e4f3d63d39eef55b3
CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a  ...)
	{DSA-4677-1 DLA-2208-1}
	- wordpress 5.4.1+dfsg1-1 (bug #959391)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
	NOTE: https://core.trac.wordpress.org/changeset/47634
	NOTE: https://github.com/WordPress/wordpress-develop/commit/4354d1fc5cd55a18bc24555b11db201d5eb87e0c (master)
CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...)
	{DSA-4677-1 DLA-2208-1}
	- wordpress 5.4.1+dfsg1-1 (bug #959391)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
	NOTE: https://core.trac.wordpress.org/changeset/47638
	NOTE: https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master)
CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...)
	{DSA-4677-1}
	- wordpress 5.4.1+dfsg1-1 (bug #959391)
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
	NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
	NOTE: https://core.trac.wordpress.org/changeset/47633
	NOTE: https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable  ...)
	NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
	{DSA-4693-1}
	- jquery <removed>
	[jessie] - jquery <not-affected> (Vulnerable code note present)
	- drupal7 <removed>
	[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
	- node-jquery 3.5.0+dfsg-2
	NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
	NOTE: https://www.drupal.org/sa-core-2020-002
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
	{DSA-4693-1}
	- jquery <removed>
	[jessie] - jquery <not-affected> (Vulnerable code note present)
	- node-jquery 3.5.0+dfsg-2
	- drupal7 <removed>
	[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
	NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
	NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
	NOTE: https://www.drupal.org/sa-core-2020-002
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
	NOT-FOR-US: Actions Http-Client
CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
	- ruby-faye <unfixed> (bug #959392)
	NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
	NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	[jessie] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...)
	- freerdp2 2.1.1+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	[jessie] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
	NOT-FOR-US: IntelMQ Manager
CVE-2020-11015
	RESERVED
CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token  ...)
	NOT-FOR-US: Electron-Cash-SLP
CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version  ...)
	- helm-kubernetes <itp> (bug #910799)
CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...)
	NOT-FOR-US: MinIO
CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...)
	NOT-FOR-US: Phproject
CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...)
	NOT-FOR-US: Tortoise ORM
CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...)
	NOT-FOR-US: Rundeck
CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
	{DSA-4659-1 DLA-2182-1}
	- git 1:2.26.2-1
	NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/
	NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a88dbd2f8c7fd8c1e2f63483da03bd6928e8791f
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=73aafe9bc27585554181c58871a25e6d0f58a3dc
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=24036686c4af84c9e84e486ef3debab6e6d8e6b5
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=8ba8ed568e2a3b75ee84c49ddffb026fde1a0a91
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=fe29a9b7b0236d3d45c254965580d6aff7fa8504
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c44088ecc4b0722636e0a305f9608d3047197282
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e7fab62b736cca3416660636e46f0be8386a5030
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a3609e402a062ef7b11f197fe96c28cabca132c
CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...)
	NOT-FOR-US: Shopizer
CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...)
	NOT-FOR-US: Shopizer
CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
	NOT-FOR-US: WindowsHello
CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...)
	NOT-FOR-US: Admidio
CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...)
	NOT-FOR-US: Oasis (not the same as src:oasis)
CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...)
	NOT-FOR-US: dropwizard-validation
CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...)
	NOT-FOR-US: Wagtail
CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...)
	NOT-FOR-US: GreenBrowser
CVE-2020-10999
	RESERVED
CVE-2020-10998
	RESERVED
CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...)
	- percona-xtrabackup <not-affected> (Vulnerable code introduced later)
	NOTE: https://jira.percona.com/browse/PXB-2142
	NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11)
	NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...)
	NOT-FOR-US: Percona XtraDB Cluster
CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...)
	{DSA-4691-1}
	- pdns-recursor 4.3.1-1
	[jessie] - pdns-recursor <not-affected> (Vulnerable code added later)
	[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multipl ...)
	- pillow <unfixed>
	[jessie] - pillow <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/pull/4505
	NOTE: https://github.com/python-pillow/Pillow/pull/4538
	NOTE: Fixed in 7.1.0
CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...)
	NOT-FOR-US: Osmand
CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...)
	NOT-FOR-US: Azkaban
CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...)
	NOT-FOR-US: Mulesoft APIkit
CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...)
	NOT-FOR-US: Accenture Mercury
CVE-2020-10989
	RESERVED
CVE-2020-10988
	RESERVED
CVE-2020-10987
	RESERVED
CVE-2020-10986
	RESERVED
CVE-2020-10985
	RESERVED
CVE-2020-10984
	RESERVED
CVE-2020-10983
	RESERVED
CVE-2020-10982
	RESERVED
CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...)
	NOT-FOR-US: Wavlink
CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
	NOT-FOR-US: Wavlink
CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
	NOT-FOR-US: Wavlink
CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...)
	NOT-FOR-US: Wavlink
CVE-2020-10970
	RESERVED
CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2642
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2179-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...)
	{DSA-4690-1}
	- dovecot 1:2.3.10.1+dfsg1-1 (bug #960963)
	[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
	[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory]
	- rust-bumpalo 3.2.1-1 (bug #955151)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html
	NOTE: https://github.com/fitzgen/bumpalo/issues/69
CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...)
	NOT-FOR-US: VESTA Control Panel
CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...)
	NOT-FOR-US: Teradici PCoIP Management Console
CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...)
	- serendipity <removed>
CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
	NOT-FOR-US: FrozenNode Laravel-Administrator
CVE-2020-10962
	RESERVED
CVE-2020-10961
	RESERVED
CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...)
	{DSA-4651-1}
	- mediawiki 1:1.31.7-1
	[stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
	NOTE: https://phabricator.wikimedia.org/T246602
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
CVE-2020-10959 (resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...)
	- mediawiki <not-affected> (Vulnerable code introduced later)
	NOTE: https://phabricator.wikimedia.org/T232932
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...)
	{DSA-4690-1}
	- dovecot 1:2.3.10.1+dfsg1-1 (bug #960963)
	[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
	[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...)
	{DSA-4690-1}
	- dovecot 1:2.3.10.1+dfsg1-1 (bug #960963)
	[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
	[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...)
	- gitlab <not-affected> (Only affects GitLab EE 11.7 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...)
	[experimental] - gitlab 12.8.8-1
	- gitlab <unfixed>
	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...)
	NOT-FOR-US: Western Digital My Cloud Home and ibi devices
CVE-2020-10950
	RESERVED
CVE-2020-10949
	RESERVED
CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...)
	NOT-FOR-US: Jon Hedley AlienForm2
CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
	NOT-FOR-US: Sophos
CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
	- centreon-web <itp> (bug #913903)
CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...)
	- centreon-web <itp> (bug #913903)
CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...)
	- nomad 0.10.5+dfsg1-1
	NOTE: https://github.com/hashicorp/nomad/issues/7468
CVE-2020-10943
	RESERVED
CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ...)
	- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
	NOTE: https://savannah.gnu.org/bugs/index.php?56683
CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
	{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
	- mbedtls 2.16.5-1
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...)
	NOT-FOR-US: PHOENIX CONTACT
CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...)
	NOT-FOR-US: PHOENIX CONTACT
CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...)
	{DSA-4675-1 DLA-2173-1}
	- graphicsmagick 1.4+really1.3.34-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
CVE-2020-10937
	RESERVED
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
	- sympa <unfixed> (bug #961491)
	NOTE: https://sympa-community.github.io/security/2020-002.html
	NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
	NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch
	NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
	NOTE: https://github.com/sympa-community/sympa/issues/943
CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...)
	- zulip-server <itp> (bug #800052)
CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...)
	NOT-FOR-US: Acyba AcyMailing
CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...)
	- ruby2.7 2.7.1-1
	- ruby2.5 <removed>
	- ruby2.3 <not-affected> (Vulnerable code introduced in 2.5.0)
	- ruby2.1 <not-affected> (Vulnerable code introduced in 2.5.0)
	NOTE: https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90
	NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc
	NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc
CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...)
	- mbedtls <unfixed> (bug #963159)
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
CVE-2020-10930
	RESERVED
CVE-2020-10929
	RESERVED
CVE-2020-10928
	RESERVED
CVE-2020-10927
	RESERVED
CVE-2020-10926
	RESERVED
CVE-2020-10925
	RESERVED
CVE-2020-10924
	RESERVED
CVE-2020-10923
	RESERVED
CVE-2020-10922
	RESERVED
CVE-2020-10921
	RESERVED
CVE-2020-10920
	RESERVED
CVE-2020-10919
	RESERVED
CVE-2020-10918
	RESERVED
CVE-2020-10917
	RESERVED
CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...)
	NOT-FOR-US: TP-Link
CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: VEEAM One Agent
CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: VEEAM One Agent
CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...)
	NOT-FOR-US: TP-Link
CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations  ...)
	NOT-FOR-US: TP-Link
CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: TP-Link
CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: TP-Link
CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...)
	NOT-FOR-US: TP-Link
CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...)
	NOT-FOR-US: TP-Link
CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
	NOT-FOR-US: TP-Link
CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: TP-Link
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
	- gpac <unfixed>
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <ignored> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
	NOTE: https://github.com/gpac/gpac/issues/1271
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
	- gpac <unfixed>
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <ignored> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
	NOTE: https://github.com/gpac/gpac/issues/1270
CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
	- gpac <unfixed>
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <ignored> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
	NOTE: https://github.com/gpac/gpac/issues/1268
CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
	- gpac <unfixed>
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <ignored> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
	NOTE: https://github.com/gpac/gpac/issues/1264
CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
	- gpac <unfixed>
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <ignored> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
	NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8
	NOTE: https://github.com/gpac/gpac/issues/1269
CVE-2020-10880
	RESERVED
CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...)
	NOT-FOR-US: rConfig
CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...)
	- perl 5.30.3-1 (bug #962005)
	[buster] - perl <no-dsa> (Minor issue)
	[stretch] - perl <no-dsa> (Minor issue)
	NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3)
	NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3)
CVE-2020-10877
	RESERVED
CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...)
	NOT-FOR-US: OKLOK
CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...)
	NOT-FOR-US: Motorola devices
CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files. ...)
	NOT-FOR-US: Motorola devices
CVE-2020-10873
	RESERVED
CVE-2020-10872
	RESERVED
CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attack ...)
	NOT-FOR-US: OpenWrt LuCI
CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...)
	- zim 0.72.1-1 (unimportant; bug #954810)
	NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028
	NOTE: Negligible security impact
CVE-2020-10869
	RESERVED
CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...)
	NOT-FOR-US: Avast Antivirus
CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...)
	NOT-FOR-US: Zoho
CVE-2020-10858
	RESERVED
CVE-2020-10857
	RESERVED
CVE-2020-10856
	RESERVED
CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
	NOT-FOR-US: AutoUpdater.NET
CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...)
	NOT-FOR-US: Honda HR-V 2017 vehicles
CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
	- memcached 1.6.2-1 (bug #954808)
	[buster] - memcached <not-affected> (Introduced in 1.6)
	[stretch] - memcached <not-affected> (Introduced in 1.6)
	[jessie] - memcached <not-affected> (Introduced in 1.6)
	NOTE: https://github.com/memcached/memcached/issues/629
	NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305
CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...)
	NOT-FOR-US: Draytek
CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...)
	NOT-FOR-US: Draytek
CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...)
	NOT-FOR-US: Draytek
CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...)
	NOT-FOR-US: Draytek
CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket  ...)
	NOT-FOR-US: Draytek
CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...)
	NOT-FOR-US: Draytek
CVE-2020-10822
	RESERVED
CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. ...)
	NOT-FOR-US: Nagios XI
CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...)
	NOT-FOR-US: Nagios XI
CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...)
	NOT-FOR-US: Nagios XI
CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...)
	NOT-FOR-US: Artica Proxy
CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...)
	NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress
CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any (before May ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20595 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20590 (An issue was discovered on Samsung mobile devices with O(8.x) (Qualcom ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20589 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20588 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20587 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20586 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20585 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20584 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20583 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20582 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20581 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20580 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20579 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20578 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20573 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20572 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20571 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20570 (An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20569 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20568 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20567 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20566 (An issue was discovered on Samsung mobile devices with any (before Sep ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20565 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20564 (An issue was discovered on Samsung mobile devices with any (before Oct ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20563 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20562 (An issue was discovered on Samsung mobile devices with P(9.0) (with TE ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20561 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20560 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20559 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20558 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20557 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20556 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20555 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20554 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20553 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20552 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20551 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20550 (An issue was discovered on Samsung mobile devices with O(8.x) (release ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20549 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20548 (An issue was discovered on Samsung mobile devices with P(9.0) devices  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20547 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20546 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20545 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20544 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20543 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20542 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20541 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20540 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20539 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20538 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20537 (An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20536 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20535 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20534 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20533 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20532 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20531 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2019-20530 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2020-10816
	RESERVED
CVE-2020-10815
	RESERVED
CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
	NOT-FOR-US: Code::Blocks
CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...)
	NOT-FOR-US: FTPDMIN
CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
	NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/
	TODO: check details
CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
	NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/
	TODO: check details
CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
	NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/
	TODO: check details
CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
	NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
	TODO: check details
CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...)
	NOT-FOR-US: Caldera
CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...)
	NOT-FOR-US: eZ Publish Kernel
CVE-2020-10805
	RESERVED
CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35  ...)
	NOT-FOR-US: Netgear
CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
	- phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667)
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65
	NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542
	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80
CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
	{DLA-2154-1}
	- phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666)
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a
CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
	{DLA-2154-1}
	- phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665)
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe
CVE-2020-10801
	RESERVED
CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...)
	NOT-FOR-US: lix node (different from src:lix)
CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an  ...)
	NOT-FOR-US: svglib
CVE-2020-10798
	RESERVED
CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...)
	NOT-FOR-US: pfSense
CVE-2020-10796
	RESERVED
CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...)
	NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
	NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
	- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2020-10785
	RESERVED
CVE-2020-10784
	RESERVED
CVE-2020-10783
	RESERVED
CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible Tower b ...)
	NOT-FOR-US: Ansible Tower
CVE-2020-10781 [zram sysfs resource consumption]
	RESERVED
	- linux <unfixed>
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1
CVE-2020-10780
	RESERVED
CVE-2020-10779
	RESERVED
CVE-2020-10778
	RESERVED
CVE-2020-10777
	RESERVED
CVE-2020-10776
	RESERVED
CVE-2020-10775
	RESERVED
CVE-2020-10774
	RESERVED
	- linux <not-affected> (Red Hat-specific patch)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964
CVE-2020-10773 [kernel stack information leak on s390/s390x]
	RESERVED
	- linux <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380
CVE-2020-10772
	RESERVED
	- unbound <not-affected> (Red Hat specific regression in backport)
CVE-2020-10771
	RESERVED
	NOT-FOR-US: Infinispan
CVE-2020-10770
	RESERVED
CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in  ...)
	- linux 4.19.20-1
	[stretch] - linux 4.9.161-1
	[jessie] - linux 3.16.68-1
	NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f
CVE-2020-10768 [Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command]
	RESERVED
	- linux 5.7.6-1
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
	NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
CVE-2020-10767 [Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available]
	RESERVED
	- linux 5.7.6-1
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
	NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada
CVE-2020-10766 [Rogue cross-process SSBD shutdown]
	RESERVED
	- linux 5.7.6-1
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
	NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e
CVE-2020-10765
	RESERVED
CVE-2020-10764
	RESERVED
CVE-2020-10763
	RESERVED
CVE-2020-10762
	RESERVED
CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD)  ...)
	- qemu 1:5.0-6
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/09/1
	NOTE: Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd
	NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...)
	- samba 2:4.12.5+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
CVE-2020-10759 [Possible bypass in signature verification]
	RESERVED
	- fwupd 1.3.10-1 (bug #962517)
	- libjcat 0.1.3-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316
	NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
	NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10)
	NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2)
	NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
CVE-2020-10758
	RESERVED
CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the  ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
	- linux 5.6.14-2
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
CVE-2020-10756 [slirp: networking out-of-bounds read information disclosure vulnerability]
	RESERVED
	- libslirp <unfixed>
	- qemu 1:4.1-2
	[buster] - qemu <postponed> (Minor issue)
	[stretch] - qemu <postponed> (Minor issue)
	- slirp4netns 1.0.1-1
	[buster] - slirp4netns <no-dsa> (Minor issue)
	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...)
	- cinder 2:16.1.0-1 (low)
	[buster] - cinder <no-dsa> (Minor issue)
	[stretch] - cinder <no-dsa> (Minor issue)
	[jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS)
	NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
	TODO: check, affects as well  python-os-brick or needs a respective update?
CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
	- network-manager <unfixed> (unimportant)
	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4
	NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only
	NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific
	NOTE: plugin).
CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
	- ceph <unfixed>
	[jessie] - ceph <no-dsa> (Minor issue)
	NOTE: https://github.com/ceph/ceph/pull/35773
	NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2
CVE-2020-10752 (A flaw was found in the OpenShift API Server, where it failed to suffi ...)
	NOT-FOR-US: OpenShift
CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation  ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.6.14-1
	NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...)
	NOT-FOR-US: Jaeger
CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...)
	- golang-github-containernetworking-plugins 0.8.6-1
	NOTE: https://github.com/containernetworking/plugins/pull/484
	NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
CVE-2020-10748
	RESERVED
	NOT-FOR-US: Keycloak
CVE-2020-10747
	REJECTED
CVE-2020-10746
	RESERVED
CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11  ...)
	- samba 2:4.12.5+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html
CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...)
	- ansible <unfixed>
	[buster] - ansible <not-affected> (Incomplete fix not applied)
	[stretch] - ansible <not-affected> (Incomplete fix not applied)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566
	NOTE: CVE is for an incomplete fix of CVE-2020-1733
CVE-2020-10743
	RESERVED
	- kibana <itp> (bug #700337)
CVE-2020-10742
	RESERVED
	- linux 3.16.2-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127
CVE-2020-10741
	REJECTED
CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final,  ...)
	- wildfly <itp> (bug #752018)
CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
	- moodle <removed>
CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...)
	- oddjob 0.34.6-1 (bug #960089)
	[buster] - oddjob <no-dsa> (Minor issue)
	[stretch] - oddjob <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
	NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac
CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...)
	- ceph <not-affected> (Vulnerable code introduced later)
	NOTE: https://ceph.io/releases/v15-2-2-octopus-released/
	NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master)
	NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2)
CVE-2020-10735
	RESERVED
CVE-2020-10734
	RESERVED
CVE-2020-10733
	RESERVED
	- postgresql-12 <not-affected> (Windows-specific)
	- postgresql-11 <not-affected> (Windows-specific)
	- postgresql-9.6 <not-affected> (Windows-specific)
	NOTE: https://www.postgresql.org/about/news/2038/
CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspace cor ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
	- linux 5.6.14-2
	[jessie] - linux <ignored> (Does not affect supported architectures)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1
	NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413
CVE-2020-10731
	RESERVED
CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
	- ldb 2:2.1.4-1
	- samba 2:4.12.5+dfsg-1
	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html
	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb)
CVE-2020-10729 [two random password lookups in same task return same value]
	RESERVED
	- ansible 2.9.6+dfsg-1
	[jessie] - ansible <not-affected> (Vulnerable code introduced later, no variables template caching)
	NOTE: https://github.com/ansible/ansible/issues/34144
	NOTE: https://github.com/ansible/ansible/pull/67429/
	NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6
	NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0)
CVE-2020-10728
	RESERVED
	NOT-FOR-US: automationbroker/apb
CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...)
	NOT-FOR-US: ApacheMQ Artemis
CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...)
	- dpdk 19.11.2-1 (bug #960936)
	[buster] - dpdk <not-affected> (Vulnerable code not present)
	[stretch] - dpdk <not-affected> (Vulnerable code not present)
CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...)
	- dpdk 19.11.2-1 (bug #960936)
	[buster] - dpdk <not-affected> (Vulnerable code not present)
	[stretch] - dpdk <not-affected> (Vulnerable code not present)
CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...)
	- dpdk 19.11.2-1 (bug #960936)
	[buster] - dpdk 18.11.6-1~deb10u2
	[stretch] - dpdk <not-affected> (Vulnerable code not present)
CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above.  ...)
	- dpdk 19.11.2-1 (bug #960936)
	[buster] - dpdk 18.11.6-1~deb10u2
	[stretch] - dpdk <not-affected> (Vulnerable code not present)
CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing  ...)
	{DSA-4688-1}
	- dpdk 19.11.2-1 (bug #960936)
CVE-2020-10721
	RESERVED
CVE-2020-10720
	RESERVED
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux 3.16.76-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204
	NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef
CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...)
	- undertow <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
	TODO: check, no details on Red Hat bugreport
CVE-2020-10718
	RESERVED
CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...)
	- qemu 1:5.0-5 (bug #959746)
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
CVE-2020-10716
	RESERVED
	NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
CVE-2020-10715
	RESERVED
CVE-2020-10714
	RESERVED
	NOT-FOR-US: WildFly Elytron
CVE-2020-10713
	RESERVED
CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)
	NOT-FOR-US: image registry operator in OpenShift Container Platform
CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
	- linux 5.6.14-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
CVE-2020-10710
	RESERVED
CVE-2020-10709
	RESERVED
	- ansible-awx <itp> (bug #908763)
	NOTE: https://github.com/ansible/awx/issues/6630
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033
CVE-2020-10708
	REJECTED
CVE-2020-10707
	REJECTED
CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...)
	NOT-FOR-US: OpenShift
CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...)
	- undertow <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241
CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...)
	- samba 2:4.12.3+dfsg-2 (bug #960188)
	[buster] - samba <postponed> (Can be fixed along in future DSA)
	[stretch] - samba <postponed> (Can be fixed along in future DSA)
	[jessie] - samba <postponed> (Minor issue and the patch is very invisible, eg. http://paste.debian.net/plain/1143919 is not even complete)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
	NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html
CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...)
	- libvirt 6.0.0-2
	[buster] - libvirt <no-dsa> (Minor issue)
	[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725
	NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1)
CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...)
	- qemu 1:4.2-5
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0)
CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS]
	RESERVED
	- libvirt 6.0.0-7 (bug #955841)
	[buster] - libvirt <not-affected> (Vulnerable code introduced later)
	[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1)
CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...)
	- samba 2:4.12.3+dfsg-2 (bug #960189)
	[buster] - samba <not-affected> (Vulnerable code introduced later)
	[stretch] - samba <not-affected> (Vulnerable code introduced later)
	[jessie] - samba <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14331
	NOTE: https://www.samba.org/samba/security/CVE-2020-10700.html
CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51  ...)
	- targetcli-fb <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162
	NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50)
	NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d
CVE-2020-10698
	RESERVED
	NOT-FOR-US: Ansible Tower
CVE-2020-10697
	RESERVED
	NOT-FOR-US: Ansible Tower
CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5.  ...)
	- golang-github-containers-buildah <unfixed>
	NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed
CVE-2020-10695
	RESERVED
	NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container
CVE-2020-10694
	RESERVED
CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in  ...)
	- libhibernate-validator-java <unfixed>
	[buster] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
	[stretch] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
	[jessie] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
	- libhibernate-validator4-java <not-affected> (EL support added in 5.x)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501
CVE-2020-10692
	RESERVED
CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...)
	- ansible 2.9.7+dfsg-1
	[buster] - ansible <not-affected> (Vulnerable code introduced later)
	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161
	NOTE: https://github.com/ansible/ansible/pull/68596
	NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9)
CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race  ...)
	{DLA-2241-1}
	- linux 5.4.8-1
	[buster] - linux 4.19.98-1
	NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e
CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did  ...)
	NOT-FOR-US: Eclipse Che
CVE-2020-10688
	RESERVED
	- resteasy <undetermined>
	- resteasy3.0 <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
	NOTE: https://github.com/quarkusio/quarkus/issues/7248
	NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
	TODO: check details, not much information provided by Red Hat.
CVE-2020-10687
	RESERVED
	- undertow <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...)
	NOT-FOR-US: Keycloak
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...)
	- ansible 2.9.7+dfsg-1
	[jessie] - ansible <not-affected> (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
	NOTE: https://github.com/ansible/ansible/pull/68433
	NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9
	NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1)
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...)
	- ansible 2.9.7+dfsg-1
	[jessie] - ansible <not-affected> (Vulnerable code introduced later, 'ansible_facts' variable not exposed)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
	NOTE: https://github.com/ansible/ansible/pull/68431
	NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by defau ...)
	{DLA-2191-1}
	- dom4j <unfixed> (bug #958055)
	NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?)
	NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?)
CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...)
	NOT-FOR-US: CMS Made Simple
CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...)
	NOT-FOR-US: CMS Made Simple
CVE-2020-10680
	RESERVED
CVE-2020-10679
	RESERVED
CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...)
	NOT-FOR-US: Octopus Deploy
CVE-2020-10677
	RESERVED
CVE-2020-10676
	RESERVED
CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...)
	- golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373)
	[buster] - golang-github-buger-jsonparser <no-dsa> (Minor issue)
	NOTE: https://github.com/buger/jsonparser/issues/188
	NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2153-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2153-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...)
	NOT-FOR-US: Canon
CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
	NOT-FOR-US: Canon
CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
	NOT-FOR-US: Canon
CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
	NOT-FOR-US: Canon
CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
	NOT-FOR-US: Canon
CVE-2020-10666
	RESERVED
CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...)
	- libperlspeak-perl <removed> (bug #954238)
	[stretch] - libperlspeak-perl <ignored> (Will be removed in next point release)
	[jessie] - libperlspeak-perl <end-of-life> (Not supported in jessie LTS)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...)
	NOT-FOR-US: Docker Desktop on Windows
CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019  ...)
	NOT-FOR-US: VxWorks
CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...)
	{DLA-2192-1 DLA-2190-1}
	- ruby-json 2.3.0+dfsg-1
	[buster] - ruby-json <no-dsa> (Minor issue)
	[stretch] - ruby-json <no-dsa> (Minor issue)
	- ruby2.7 <not-affected> (Fixed before initial upload to Debian)
	- ruby2.5 <removed>
	- ruby2.3 <removed>
	[stretch] - ruby2.3 <no-dsa> (Minor issue)
	- ruby2.1 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
	NOTE: https://hackerone.com/reports/706934
	NOTE: https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6)
	NOTE: https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8)
CVE-2020-10662
	RESERVED
CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...)
	NOT-FOR-US: Frappe Framework
CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner param ...)
	NOT-FOR-US: ilchCMS
CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name paramet ...)
	NOT-FOR-US: ilchCMS
CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link paramet ...)
	NOT-FOR-US: ilchCMS
CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI ...)
	NOT-FOR-US: ERPNext
CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/meth ...)
	NOT-FOR-US: ERPNext
CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ UR ...)
	NOT-FOR-US: ERPNext
CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ ...)
	NOT-FOR-US: ERPNext
CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ ...)
	NOT-FOR-US: ERPNext
CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ UR ...)
	NOT-FOR-US: ERPNext
CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresse ...)
	NOT-FOR-US: ERPNext
CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ ...)
	NOT-FOR-US: ERPNext
CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= reflected XSS. ...)
	NOT-FOR-US: Open edX Ironwood.1
CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...)
	NOT-FOR-US: Open edX Ironwood.1
CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. ...)
	NOT-FOR-US: ERPNext
CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...)
	NOT-FOR-US: Entrust Entelligence Security Provider (ESP)
CVE-2020-10658
	RESERVED
CVE-2020-10657
	RESERVED
CVE-2020-10656
	RESERVED
CVE-2020-10655
	RESERVED
CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
	NOT-FOR-US: Ping Identity PingID
CVE-2020-10653
	RESERVED
CVE-2020-10652
	RESERVED
CVE-2020-10651
	RESERVED
CVE-2020-10650
	RESERVED
CVE-2019-20510
	REJECTED
CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10  ...)
	NOT-FOR-US: ASUS Device Activation
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...)
	- u-boot 2020.04+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <ignored> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
	NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
	NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
CVE-2020-10647
	REJECTED
CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
	NOT-FOR-US: Fuji Electric V-Server Lite
CVE-2020-10645
	RESERVED
CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2020-10643
	RESERVED
CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
	NOT-FOR-US: Rockwell
CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)
	NOT-FOR-US: Inductive Automation
CVE-2020-10640
	RESERVED
CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
	NOT-FOR-US: Eaton HMiSoft VU3
CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
	NOT-FOR-US: Advantech WebAccess Node
CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
	NOT-FOR-US: Eaton HMiSoft VU3
CVE-2020-10636
	RESERVED
CVE-2020-10635
	RESERVED
CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted  ...)
	NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...)
	NOT-FOR-US: eWON Flexy and Cosy
CVE-2020-10632
	RESERVED
CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files  ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...)
	NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
	NOT-FOR-US: ControlEdge PLC
CVE-2020-10627
	RESERVED
CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
	NOT-FOR-US: Fazecast jSerialComm
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
	NOT-FOR-US: ControlEdge PLC
CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...)
	NOT-FOR-US: LCDS LAquis SCADA
CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on  ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...)
	NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside  ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...)
	NOT-FOR-US: LCDS LAquis SCADA
CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL  ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...)
	NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
CVE-2020-10614
	RESERVED
CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...)
	NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
CVE-2020-10610
	RESERVED
CVE-2020-10609
	RESERVED
CVE-2020-10608
	RESERVED
CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2020-10606
	RESERVED
CVE-2020-10605
	RESERVED
CVE-2020-10604
	RESERVED
CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
	NOT-FOR-US: WebAccess/NMS
CVE-2020-10602
	RESERVED
CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow  ...)
	NOT-FOR-US: VISAM VBASE Editor
CVE-2020-10600
	RESERVED
CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
	NOT-FOR-US: VISAM VBASE Editor
CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES  ...)
	NOT-FOR-US: Pyxis
CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...)
	NOT-FOR-US: Insulet
CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
	NOT-FOR-US: OpenCart
CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
	NOT-FOR-US: Subrion CMS
CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...)
	{DSA-4648-1 DLA-2166-1}
	- libpam-krb5 4.9-1
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
	NOT-FOR-US: drf-jwt
CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7  ...)
	- tor 0.4.2.7-1
	[buster] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
	[stretch] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
	[jessie] - tor <not-affected> (Only affects tor 0.4.0.1-alpha onwards)
	NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
	NOTE: https://bugs.torproject.org/33619
CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7  ...)
	{DSA-4644-1}
	- tor 0.4.2.7-1
	[stretch] - tor <end-of-life> (See DSA 4644)
	[jessie] - tor <end-of-life> (Not supported in jessie LTS)
	NOTE: https://blog.torproject.org/new-releases-03510-0419-0427
	NOTE: https://bugs.torproject.org/33120
CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...)
	NOT-FOR-US: Walmart Labs Concord
CVE-2020-10590
	RESERVED
CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
	NOT-FOR-US: v2rayL
CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
	NOT-FOR-US: v2rayL
CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...)
	NOT-FOR-US: antiX and MX Linux
CVE-2020-10586
	RESERVED
CVE-2020-10585
	RESERVED
CVE-2020-10584
	RESERVED
CVE-2020-10583
	RESERVED
CVE-2020-10582
	RESERVED
CVE-2020-10581
	RESERVED
CVE-2020-10580
	RESERVED
CVE-2020-10579
	RESERVED
CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...)
	NOT-FOR-US: QCMS
CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...)
	- janus 0.9.2-1 (bug #954668)
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/1990
CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...)
	- janus 0.9.1+20200313-1
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/1993
CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...)
	- janus 0.9.1+20200313-1
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/1994
CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...)
	- janus 0.9.1+20200313-1
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/1989
CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...)
	- janus 0.9.1+20200313-1
	[buster] - janus <ignored> (Will be removed in next point release)
	NOTE: https://github.com/meetecho/janus-gateway/pull/1988
CVE-2020-10572
	RESERVED
CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...)
	NOT-FOR-US: psd-tools
CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is  ...)
	NOT-FOR-US: Telegram for Android
CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...)
	NOT-FOR-US: SysAid On-Premise
CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...)
	NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress
CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
	NOT-FOR-US: Responsive Filemanager
CVE-2018-21036
	RESERVED
CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
	NOT-FOR-US: FreeBSD
CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
	NOT-FOR-US: FreeBSD
CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...)
	NOT-FOR-US: File Upload plugin for WordPress
CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...)
	NOT-FOR-US: DEVOME GRR
CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...)
	NOT-FOR-US: DEVOME GRR
CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer &lt; 3.4.6_01 ...)
	NOT-FOR-US: Xiaomi
CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...)
	NOT-FOR-US: Open Source Social Network (OSSN)
CVE-2020-10559
	RESERVED
CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before  ...)
	NOT-FOR-US: driving interface of Tesla Model 3 vehicles
CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
	NOT-FOR-US: AContent
CVE-2020-10556
	RESERVED
CVE-2020-10555
	RESERVED
CVE-2020-10554
	RESERVED
CVE-2020-10553
	RESERVED
CVE-2020-10552
	RESERVED
CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...)
	NOT-FOR-US: QQBrowser
CVE-2020-10550
	RESERVED
CVE-2020-10549 (rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.p ...)
	NOT-FOR-US: rConfig
CVE-2020-10548 (rConfig 3.9.4 and previous versions has unauthenticated devices.inc.ph ...)
	NOT-FOR-US: rConfig
CVE-2020-10547 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...)
	NOT-FOR-US: rConfig
CVE-2020-10546 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...)
	NOT-FOR-US: rConfig
CVE-2020-10545
	RESERVED
CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...)
	NOT-FOR-US: PrimeTek PrimeFaces
CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...)
	NOT-FOR-US: Invision Power Board
CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...)
	- perl 5.30.3-1 (bug #962005)
	[buster] - perl <no-dsa> (Minor issue)
	[stretch] - perl <no-dsa> (Minor issue)
	NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3)
CVE-2020-10542
	RESERVED
CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...)
	NOT-FOR-US: Untis WebUntis
CVE-2020-10539
	RESERVED
CVE-2020-10538
	RESERVED
CVE-2020-10537
	RESERVED
CVE-2020-10536
	RESERVED
CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...)
	NOT-FOR-US: MediaWiki extension
CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...)
	- gitlab <not-affected> (Only affects Gitlab 12.8.x)
	NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
CVE-2020-10533
	RESERVED
CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...)
	NOT-FOR-US: AD Helper component in WatchGuard Fireware
CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU)  ...)
	{DSA-4646-1 DLA-2151-1}
	[experimental] - icu 66.1-2
	- icu 63.2-3 (bug #953747)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public)
	NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private)
	NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
	NOTE: https://github.com/unicode-org/icu/pull/971
CVE-2020-10530
	RESERVED
CVE-2020-10529
	RESERVED
CVE-2020-10528
	RESERVED
CVE-2020-10527
	RESERVED
CVE-2020-10526
	RESERVED
CVE-2020-10525
	RESERVED
CVE-2020-10524
	RESERVED
CVE-2020-10523
	RESERVED
CVE-2020-10522
	RESERVED
CVE-2020-10521
	RESERVED
CVE-2020-10520
	RESERVED
CVE-2020-10519
	RESERVED
CVE-2020-10518
	RESERVED
CVE-2020-10517
	RESERVED
CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub  ...)
	NOT-FOR-US: GitHub Enterprise Server API
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
	NOT-FOR-US: STARFACE UCC Client
CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...)
	NOT-FOR-US: iCatch DVR
CVE-2020-10513 (The file management interface of iCatch DVR firmware before 20200103 c ...)
	NOT-FOR-US: iCatch DVR
CVE-2020-10512 (HGiga C&amp;Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CC ...)
	NOT-FOR-US: HGiga C&Cmail
CVE-2020-10511 (HGiga C&amp;Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAIL ...)
	NOT-FOR-US: HGiga C&Cmail
CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...)
	NOT-FOR-US: Sunnet eHRD
CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...)
	NOT-FOR-US: Sunnet eHRD
CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...)
	NOT-FOR-US: Sunnet eHRD
CVE-2020-10507 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...)
	NOT-FOR-US: The School Manage System
CVE-2020-10506 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...)
	NOT-FOR-US: The School Manage System
CVE-2020-10505 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...)
	NOT-FOR-US: The School Manage System
CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard  ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...)
	NOT-FOR-US: Chadha PHPKB
CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...)
	NOT-FOR-US: WPForms Contact Form plugin for WordPress
CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
	NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
	NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
	NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
	NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
	- rmysql 0.10.20-1
	[buster] - rmysql <no-dsa> (Minor issue)
	[jessie] - rmysql <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32
	NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...)
	- pillow <unfixed>
	[jessie] - pillow <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/pull/4538
	NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, ...)
	- pillow <unfixed>
	[jessie] - pillow <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/pull/4538
	NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...)
	NOT-FOR-US: Mitel
CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
	NOT-FOR-US: Technicolor
CVE-2020-10375
	RESERVED
CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2020-10373
	RESERVED
CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...)
	NOT-FOR-US: Ramp AltitudeCDN Altimeter
CVE-2020-10371
	RESERVED
CVE-2020-10370
	RESERVED
CVE-2020-10369
	RESERVED
CVE-2020-10368
	RESERVED
CVE-2020-10367
	RESERVED
CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...)
	NOT-FOR-US: LogicalDoc
CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
	NOT-FOR-US: LogicalDoc
CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote  ...)
	NOT-FOR-US: SSH daemon on MikroTik routers
CVE-2020-10363
	RESERVED
CVE-2020-10362
	RESERVED
CVE-2020-10361
	RESERVED
CVE-2020-10360
	RESERVED
CVE-2020-10359
	RESERVED
CVE-2020-10358
	RESERVED
CVE-2020-10357
	RESERVED
CVE-2020-10356
	RESERVED
CVE-2020-10355
	RESERVED
CVE-2020-10354
	RESERVED
CVE-2020-10353
	RESERVED
CVE-2020-10352
	RESERVED
CVE-2020-10351
	RESERVED
CVE-2020-10350
	RESERVED
CVE-2020-10349
	RESERVED
CVE-2020-10348
	RESERVED
CVE-2020-10347
	RESERVED
CVE-2020-10346
	RESERVED
CVE-2020-10345
	RESERVED
CVE-2020-10344
	RESERVED
CVE-2020-10343
	RESERVED
CVE-2020-10342
	RESERVED
CVE-2020-10341
	RESERVED
CVE-2020-10340
	RESERVED
CVE-2020-10339
	RESERVED
CVE-2020-10338
	RESERVED
CVE-2020-10337
	RESERVED
CVE-2020-10336
	RESERVED
CVE-2020-10335
	RESERVED
CVE-2020-10334
	RESERVED
CVE-2020-10333
	RESERVED
CVE-2020-10332
	RESERVED
CVE-2020-10331
	RESERVED
CVE-2020-10330
	RESERVED
CVE-2020-10329
	RESERVED
CVE-2020-10328
	RESERVED
CVE-2020-10327
	RESERVED
CVE-2020-10326
	RESERVED
CVE-2020-10325
	RESERVED
CVE-2020-10324
	RESERVED
CVE-2020-10323
	RESERVED
CVE-2020-10322
	RESERVED
CVE-2020-10321
	RESERVED
CVE-2020-10320
	RESERVED
CVE-2020-10319
	RESERVED
CVE-2020-10318
	RESERVED
CVE-2020-10317
	RESERVED
CVE-2020-10316
	RESERVED
CVE-2020-10315
	RESERVED
CVE-2020-10314
	RESERVED
CVE-2020-10313
	RESERVED
CVE-2020-10312
	RESERVED
CVE-2020-10311
	RESERVED
CVE-2020-10310
	RESERVED
CVE-2020-10309
	RESERVED
CVE-2020-10308
	RESERVED
CVE-2020-10307
	RESERVED
CVE-2020-10306
	RESERVED
CVE-2020-10305
	RESERVED
CVE-2020-10304
	RESERVED
CVE-2020-10303
	RESERVED
CVE-2020-10302
	RESERVED
CVE-2020-10301
	RESERVED
CVE-2020-10300
	RESERVED
CVE-2020-10299
	RESERVED
CVE-2020-10298
	RESERVED
CVE-2020-10297
	RESERVED
CVE-2020-10296
	RESERVED
CVE-2020-10295
	RESERVED
CVE-2020-10294
	RESERVED
CVE-2020-10293
	RESERVED
CVE-2020-10292
	RESERVED
CVE-2020-10291
	RESERVED
CVE-2020-10290
	RESERVED
CVE-2020-10289
	RESERVED
CVE-2020-10288
	RESERVED
CVE-2020-10287
	RESERVED
CVE-2020-10286
	RESERVED
CVE-2020-10285
	RESERVED
CVE-2020-10284
	RESERVED
CVE-2020-10283
	RESERVED
CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...)
	NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...)
	NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
CVE-2020-10280 (The Apache server on port 80 that host the web interface is vulnerable ...)
	NOT-FOR-US: MiR
CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of Ubuntu 1 ...)
	NOT-FOR-US: MiR
CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, therefor ...)
	NOT-FOR-US: MiR
CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to boot from  ...)
	NOT-FOR-US: MiR
CVE-2020-10276 (The password for the safety PLC is the default and thus easy to find ( ...)
	NOT-FOR-US: Safety PLC
CVE-2020-10275 (The access tokens for the REST API are directly derived from the publi ...)
	NOT-FOR-US: MiR
CVE-2020-10274 (The access tokens for the REST API are directly derived (sha256 and ba ...)
	NOT-FOR-US: MiR
CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do not enc ...)
	NOT-FOR-US: MiR
CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...)
	NOT-FOR-US: MiR
CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...)
	NOT-FOR-US: MiR
CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 and oth ...)
	NOT-FOR-US: MiR
CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and possibly (acc ...)
	NOT-FOR-US: MiR
CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...)
	NOT-FOR-US: Kuka
CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...)
	NOT-FOR-US: Universal Robots control box CB
CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...)
	NOT-FOR-US: Universal Robots+
CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...)
	NOT-FOR-US: Universal Robots+
CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...)
	NOT-FOR-US: CB3 SW
CVE-2019-20509
	REJECTED
CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...)
	NOT-FOR-US: XIAOMI
CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...)
	NOT-FOR-US: XIAOMI
CVE-2020-10261
	RESERVED
CVE-2020-10260
	RESERVED
CVE-2020-10259
	RESERVED
CVE-2020-10258
	RESERVED
CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...)
	NOT-FOR-US: ThemeREX Addons plugin for WordPress
CVE-2020-10256
	RESERVED
CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...)
	NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips
CVE-2020-10254
	RESERVED
CVE-2020-10253
	RESERVED
CVE-2020-10252
	RESERVED
CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
	- imagemagick <unfixed> (low; bug #953741)
	[buster] - imagemagick <ignored> (Minor issue)
	[stretch] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
	[jessie] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4
CVE-2019-20508
	RESERVED
CVE-2019-20507
	RESERVED
CVE-2019-20506
	RESERVED
CVE-2019-20505
	RESERVED
CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...)
	NOT-FOR-US: BWA DiREX-Pro devices
CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...)
	NOT-FOR-US: BWA DiREX-Pro devices
CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...)
	NOT-FOR-US: BWA DiREX-Pro devices
CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is  ...)
	NOT-FOR-US: MISP
CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...)
	NOT-FOR-US: MISP
CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...)
	NOT-FOR-US: CODESYS
CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
	NOT-FOR-US: JPaseto
CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
	NOT-FOR-US: Joomla!
CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling  ...)
	NOT-FOR-US: Joomla!
CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...)
	NOT-FOR-US: Joomla!
CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...)
	NOT-FOR-US: Joomla!
CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...)
	NOT-FOR-US: Joomla!
CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...)
	NOT-FOR-US: Joomla!
CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...)
	NOT-FOR-US: Froxlor
CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...)
	NOT-FOR-US: Froxlor
CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...)
	NOT-FOR-US: Froxlor
CVE-2020-10234
	RESERVED
CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...)
	- sleuthkit <unfixed> (unimportant)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
	NOTE: Crash in CLI tool, no security impact
CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...)
	{DLA-2137-1}
	- sleuthkit <unfixed> (low; bug #953976)
	[buster] - sleuthkit <no-dsa> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
	NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...)
	NOT-FOR-US: TP-Link
CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...)
	NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-10229
	RESERVED
CVE-2020-10228
	RESERVED
CVE-2020-10227
	RESERVED
CVE-2020-10226
	RESERVED
CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...)
	NOT-FOR-US: PHPGurukul Job Portal
CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...)
	NOT-FOR-US: PHPGurukul Online Book Store
CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode  ...)
	NOT-FOR-US: npdf.dll in Nitro Pro
CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...)
	NOT-FOR-US: npdf.dll in Nitro Pro
CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...)
	NOT-FOR-US: rConfig
CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance  ...)
	NOT-FOR-US: Quest KACE
CVE-2016-11021 (setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remot ...)
	NOT-FOR-US: D-Link
CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...)
	NOT-FOR-US: rConfig
CVE-2020-10219
	RESERVED
CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2  ...)
	NOT-FOR-US: Sapplica Sentrifugo
CVE-2020-10217
	RESERVED
CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
	NOT-FOR-US: D-Link
CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
	NOT-FOR-US: D-Link
CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...)
	NOT-FOR-US: D-Link
CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
	NOT-FOR-US: D-Link
CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...)
	NOT-FOR-US: Responsive FileManager
CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...)
	NOT-FOR-US: Mitel
CVE-2020-10210
	RESERVED
CVE-2020-10209
	RESERVED
CVE-2020-10208
	RESERVED
CVE-2020-10207
	RESERVED
CVE-2020-10206
	RESERVED
CVE-2020-10205
	RESERVED
CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...)
	NOT-FOR-US: Sonatype Nexus Repository
CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...)
	NOT-FOR-US: Sonatype Nexus Repository
CVE-2020-10202
	RESERVED
CVE-2020-10201
	RESERVED
CVE-2020-10200
	RESERVED
CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...)
	NOT-FOR-US: Sonatype Nexus Repository
CVE-2020-10198
	RESERVED
CVE-2020-10197
	RESERVED
CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...)
	NOT-FOR-US: popup-builder plugin for WordPress
CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...)
	NOT-FOR-US: popup-builder plugin for WordPress
CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass  ...)
	NOT-FOR-US: ESET Archive Support Module
CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...)
	NOT-FOR-US: Munkireport
CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated  ...)
	NOT-FOR-US: Munkireport
CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated  ...)
	NOT-FOR-US: Munkireport
CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
	{DLA-2176-1}
	- inetutils 2:1.9.4-12 (bug #956084)
	- netkit-telnet 0.17-18woody2 (bug #953477)
	- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
	NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
	NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5
	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html
	NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch
CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
	{DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- libusrsctp 0.9.3.0+20200312-1 (bug #953270)
	[buster] - libusrsctp <no-dsa> (Minor issue)
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
	NOTE: https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure  ...)
	- ruby-doorkeeper 5.0.3-1 (bug #959903)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9
CVE-2020-10186
	RESERVED
CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...)
	{DLA-2141-1}
	- yubikey-val <removed>
	[buster] - yubikey-val <no-dsa> (Minor issue)
	[stretch] - yubikey-val <no-dsa> (Minor issue)
	NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
	NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not  ...)
	{DLA-2141-1}
	- yubikey-val <removed>
	[buster] - yubikey-val <no-dsa> (Minor issue)
	[stretch] - yubikey-val <no-dsa> (Minor issue)
	NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/
	NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286
CVE-2020-10183
	RESERVED
CVE-2020-10182
	RESERVED
CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...)
	NOT-FOR-US: Sumavision Enhanced Multimedia Router
CVE-2019-20502 (An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer ...)
	NOT-FOR-US: EFS Easy Chat Server
CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...)
	NOT-FOR-US: ESET AV parsing engine
CVE-2020-10179
	RESERVED
CVE-2020-10178
	REJECTED
CVE-2020-10177 (Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds re ...)
	- pillow <unfixed>
	[jessie] - pillow <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/pull/4503
	NOTE: https://github.com/python-pillow/Pillow/pull/4538
	NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...)
	NOT-FOR-US: ASSA ABLOY Yale WIPC-301W
CVE-2020-10175
	REJECTED
CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely  ...)
	- timeshift 20.03+ds-1 (bug #953385)
	[buster] - timeshift 19.01+ds-2+deb10u1
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802
	NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462
CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...)
	NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices
CVE-2020-10172
	RESERVED
CVE-2020-10171
	RESERVED
CVE-2020-10170
	RESERVED
CVE-2020-10169
	RESERVED
CVE-2020-10168
	RESERVED
CVE-2020-10167
	RESERVED
CVE-2020-10166
	RESERVED
CVE-2020-10165
	RESERVED
CVE-2020-10164
	RESERVED
CVE-2020-10163
	RESERVED
CVE-2020-10162
	RESERVED
CVE-2020-10161
	RESERVED
CVE-2020-10160
	RESERVED
CVE-2020-10159
	RESERVED
CVE-2020-10158
	RESERVED
CVE-2020-10157
	RESERVED
CVE-2020-10156
	RESERVED
CVE-2020-10155
	RESERVED
CVE-2020-10154
	RESERVED
CVE-2020-10153
	RESERVED
CVE-2020-10152
	RESERVED
CVE-2020-10151
	RESERVED
CVE-2020-10150
	RESERVED
CVE-2020-10149
	RESERVED
CVE-2020-10148
	RESERVED
CVE-2020-10147
	RESERVED
CVE-2020-10146
	RESERVED
CVE-2020-10145
	RESERVED
CVE-2020-10144
	RESERVED
CVE-2020-10143
	RESERVED
CVE-2020-10142
	RESERVED
CVE-2020-10141
	RESERVED
CVE-2020-10140
	RESERVED
CVE-2020-10139
	RESERVED
CVE-2020-10138
	RESERVED
CVE-2020-10137
	RESERVED
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
	NOT-FOR-US: Cisco
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
	NOTE: Bluetooth protocol issue
CVE-2020-10134 (Pairing in Bluetooth&#174; Core v5.2 and earlier may permit an unauthe ...)
	NOTE: Bluetooth protocol issue
CVE-2020-10133
	RESERVED
CVE-2020-10132
	RESERVED
CVE-2020-10131
	RESERVED
CVE-2020-10130
	RESERVED
CVE-2020-10129
	RESERVED
CVE-2020-10128
	RESERVED
CVE-2020-10127
	RESERVED
CVE-2020-10126
	RESERVED
CVE-2020-10125
	RESERVED
CVE-2020-10124
	RESERVED
CVE-2020-10123
	RESERVED
CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
	NOT-FOR-US: D-Link
CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
	NOT-FOR-US: D-Link
CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
	NOT-FOR-US: D-Link
CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...)
	NOT-FOR-US: cPanel
CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution  ...)
	NOT-FOR-US: cPanel
CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...)
	NOT-FOR-US: cPanel
CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...)
	NOT-FOR-US: cPanel
CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...)
	NOT-FOR-US: cPanel
CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...)
	NOT-FOR-US: cPanel
CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...)
	NOT-FOR-US: cPanel
CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...)
	NOT-FOR-US: cPanel
CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor  ...)
	NOT-FOR-US: cPanel
CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...)
	NOT-FOR-US: cPanel
CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poison ...)
	NOT-FOR-US: Citrix
CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent ...)
	NOT-FOR-US: Citrix
CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information  ...)
	NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
	{DLA-2145-1}
	- twisted 18.9.0-7 (bug #953950)
	[buster] - twisted <no-dsa> (Minor issue)
	[stretch] - twisted <no-dsa> (Minor issue)
	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
	{DLA-2145-1}
	- twisted 18.9.0-7 (bug #953950)
	[buster] - twisted <no-dsa> (Minor issue)
	[stretch] - twisted <no-dsa> (Minor issue)
	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
	NOT-FOR-US: PHPGurukul Daily Expense Tracker System
CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...)
	NOT-FOR-US: PHPGurukul Daily Expense Tracker System
CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...)
	- zammad <itp> (bug #841355)
CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...)
	- zammad <itp> (bug #841355)
CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code  ...)
	- zammad <itp> (bug #841355)
CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...)
	- zammad <itp> (bug #841355)
CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...)
	- zammad <itp> (bug #841355)
CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...)
	- zammad <itp> (bug #841355)
CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code  ...)
	- zammad <itp> (bug #841355)
CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code  ...)
	- zammad <itp> (bug #841355)
CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...)
	- zammad <itp> (bug #841355)
CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...)
	- zammad <itp> (bug #841355)
CVE-2020-10095
	RESERVED
CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...)
	NOT-FOR-US: Lexmark
CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...)
	NOT-FOR-US: Lexmark
CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...)
	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...)
	- gitlab <not-affected> (Only affects Gitlab 12.5 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were  ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...)
	- gitlab <not-affected> (Only affects Gitlab 12.3.5 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...)
	- gitlab <not-affected> (Only affects Gitlab 12.7 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...)
	- gitlab <not-affected> (Only affects Gitlab 12.2 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...)
	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...)
	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...)
	- gitlab <not-affected> (Only affects Gitlab 12.5 and later)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10072
	RESERVED
CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10069
	RESERVED
CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10066
	RESERVED
CVE-2020-10065
	RESERVED
CVE-2020-10064
	RESERVED
CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to  ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1]  ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the  ...)
	NOT-FOR-US: cPanel
CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
	NOT-FOR-US: cPanel
CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...)
	NOT-FOR-US: cPanel
CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...)
	NOT-FOR-US: cPanel
CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable  ...)
	NOT-FOR-US: cPanel
CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is  ...)
	NOT-FOR-US: cPanel
CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...)
	NOT-FOR-US: cPanel
CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
	NOT-FOR-US: cPanel
CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...)
	NOT-FOR-US: cPanel
CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
	NOT-FOR-US: GeniXCMS
CVE-2020-10056
	RESERVED
CVE-2020-10055
	RESERVED
CVE-2020-10054
	RESERVED
CVE-2020-10053
	RESERVED
CVE-2020-10052
	RESERVED
CVE-2020-10051
	RESERVED
CVE-2020-10050
	RESERVED
CVE-2020-10049
	RESERVED
CVE-2020-10048
	RESERVED
CVE-2020-10047
	RESERVED
CVE-2020-10046
	RESERVED
CVE-2020-10045
	RESERVED
CVE-2020-10044
	RESERVED
CVE-2020-10043
	RESERVED
CVE-2020-10042
	RESERVED
CVE-2020-10041
	RESERVED
CVE-2020-10040
	RESERVED
CVE-2020-10039
	RESERVED
CVE-2020-10038
	RESERVED
CVE-2020-10037
	RESERVED
CVE-2020-10036
	RESERVED
CVE-2020-10035
	RESERVED
CVE-2020-10034
	RESERVED
CVE-2020-10033
	RESERVED
CVE-2020-10032
	RESERVED
CVE-2020-10031
	RESERVED
CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...)
	- pdns-recursor 4.3.1-1 (unimportant)
	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
	NOTE: Non exploitable on Linux
CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...)
	- glibc 2.30-1 (bug #953108)
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a
CVE-2020-9999
	RESERVED
CVE-2020-9998
	RESERVED
CVE-2020-9997
	RESERVED
CVE-2020-9996
	RESERVED
CVE-2020-9995
	RESERVED
CVE-2020-9994
	RESERVED
CVE-2020-9993
	RESERVED
CVE-2020-9992
	RESERVED
CVE-2020-9991
	RESERVED
CVE-2020-9990
	RESERVED
CVE-2020-9989
	RESERVED
CVE-2020-9988
	RESERVED
CVE-2020-9987
	RESERVED
CVE-2020-9986
	RESERVED
CVE-2020-9985
	RESERVED
CVE-2020-9984
	RESERVED
CVE-2020-9983
	RESERVED
CVE-2020-9982
	RESERVED
CVE-2020-9981
	RESERVED
CVE-2020-9980
	RESERVED
CVE-2020-9979
	RESERVED
CVE-2020-9978
	RESERVED
CVE-2020-9977
	RESERVED
CVE-2020-9976
	RESERVED
CVE-2020-9975
	RESERVED
CVE-2020-9974
	RESERVED
CVE-2020-9973
	RESERVED
CVE-2020-9972
	RESERVED
CVE-2020-9971
	RESERVED
CVE-2020-9970
	RESERVED
CVE-2020-9969
	RESERVED
CVE-2020-9968
	RESERVED
CVE-2020-9967
	RESERVED
CVE-2020-9966
	RESERVED
CVE-2020-9965
	RESERVED
CVE-2020-9964
	RESERVED
CVE-2020-9963
	RESERVED
CVE-2020-9962
	RESERVED
CVE-2020-9961
	RESERVED
CVE-2020-9960
	RESERVED
CVE-2020-9959
	RESERVED
CVE-2020-9958
	RESERVED
CVE-2020-9957
	RESERVED
CVE-2020-9956
	RESERVED
CVE-2020-9955
	RESERVED
CVE-2020-9954
	RESERVED
CVE-2020-9953
	RESERVED
CVE-2020-9952
	RESERVED
CVE-2020-9951
	RESERVED
CVE-2020-9950
	RESERVED
CVE-2020-9949
	RESERVED
CVE-2020-9948
	RESERVED
CVE-2020-9947
	RESERVED
CVE-2020-9946
	RESERVED
CVE-2020-9945
	RESERVED
CVE-2020-9944
	RESERVED
CVE-2020-9943
	RESERVED
CVE-2020-9942
	RESERVED
CVE-2020-9941
	RESERVED
CVE-2020-9940
	RESERVED
CVE-2020-9939
	RESERVED
CVE-2020-9938
	RESERVED
CVE-2020-9937
	RESERVED
CVE-2020-9936
	RESERVED
CVE-2020-9935
	RESERVED
CVE-2020-9934
	RESERVED
CVE-2020-9933
	RESERVED
CVE-2020-9932
	RESERVED
CVE-2020-9931
	RESERVED
CVE-2020-9930
	RESERVED
CVE-2020-9929
	RESERVED
CVE-2020-9928
	RESERVED
CVE-2020-9927
	RESERVED
CVE-2020-9926
	RESERVED
CVE-2020-9925
	RESERVED
CVE-2020-9924
	RESERVED
CVE-2020-9923
	RESERVED
CVE-2020-9922
	RESERVED
CVE-2020-9921
	RESERVED
CVE-2020-9920
	RESERVED
CVE-2020-9919
	RESERVED
CVE-2020-9918
	RESERVED
CVE-2020-9917
	RESERVED
CVE-2020-9916
	RESERVED
CVE-2020-9915
	RESERVED
CVE-2020-9914
	RESERVED
CVE-2020-9913
	RESERVED
CVE-2020-9912
	RESERVED
CVE-2020-9911
	RESERVED
CVE-2020-9910
	RESERVED
CVE-2020-9909
	RESERVED
CVE-2020-9908
	RESERVED
CVE-2020-9907
	RESERVED
CVE-2020-9906
	RESERVED
CVE-2020-9905
	RESERVED
CVE-2020-9904
	RESERVED
CVE-2020-9903
	RESERVED
CVE-2020-9902
	RESERVED
CVE-2020-9901
	RESERVED
CVE-2020-9900
	RESERVED
CVE-2020-9899
	RESERVED
CVE-2020-9898
	RESERVED
CVE-2020-9897
	RESERVED
CVE-2020-9896
	RESERVED
CVE-2020-9895
	RESERVED
CVE-2020-9894
	RESERVED
CVE-2020-9893
	RESERVED
CVE-2020-9892
	RESERVED
CVE-2020-9891
	RESERVED
CVE-2020-9890
	RESERVED
CVE-2020-9889
	RESERVED
CVE-2020-9888
	RESERVED
CVE-2020-9887
	RESERVED
CVE-2020-9886
	RESERVED
CVE-2020-9885
	RESERVED
CVE-2020-9884
	RESERVED
CVE-2020-9883
	RESERVED
CVE-2020-9882
	RESERVED
CVE-2020-9881
	RESERVED
CVE-2020-9880
	RESERVED
CVE-2020-9879
	RESERVED
CVE-2020-9878
	RESERVED
CVE-2020-9877
	RESERVED
CVE-2020-9876
	RESERVED
CVE-2020-9875
	RESERVED
CVE-2020-9874
	RESERVED
CVE-2020-9873
	RESERVED
CVE-2020-9872
	RESERVED
CVE-2020-9871
	RESERVED
CVE-2020-9870
	RESERVED
CVE-2020-9869
	RESERVED
CVE-2020-9868
	RESERVED
CVE-2020-9867
	RESERVED
CVE-2020-9866
	RESERVED
CVE-2020-9865
	RESERVED
CVE-2020-9864
	RESERVED
CVE-2020-9863
	RESERVED
CVE-2020-9862
	RESERVED
CVE-2020-9861
	RESERVED
CVE-2020-9860
	RESERVED
CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...)
	NOT-FOR-US: Apple
CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...)
	NOT-FOR-US: Apple
CVE-2020-9857
	RESERVED
CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
	NOT-FOR-US: Apple
CVE-2020-9854
	RESERVED
CVE-2020-9853
	RESERVED
CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...)
	NOT-FOR-US: Apple
CVE-2020-9851 (An access issue was addressed with improved access restrictions. This  ...)
	NOT-FOR-US: Apple
CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9849
	RESERVED
CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...)
	NOT-FOR-US: Apple
CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9846
	RESERVED
CVE-2020-9845
	RESERVED
CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...)
	NOT-FOR-US: Apple
CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
	NOT-FOR-US: SwiftNIO Extras
CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...)
	NOT-FOR-US: Apple
CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9836
	RESERVED
CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...)
	NOT-FOR-US: Apple
CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9828
	RESERVED
CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Apple
CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...)
	NOT-FOR-US: Apple
CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...)
	NOT-FOR-US: Apple
CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...)
	NOT-FOR-US: Apple
CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...)
	NOT-FOR-US: Apple
CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...)
	NOT-FOR-US: Apple
CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...)
	NOT-FOR-US: Apple
CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...)
	NOT-FOR-US: Apple
CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...)
	NOT-FOR-US: Apple
CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...)
	NOT-FOR-US: Apple
CVE-2020-9810
	RESERVED
CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...)
	NOT-FOR-US: Apple
CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)
	NOT-FOR-US: Apple
CVE-2020-9799
	RESERVED
CVE-2020-9798
	RESERVED
CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)
	NOT-FOR-US: Apple
CVE-2020-9796
	RESERVED
CVE-2020-9795 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	- sqlite3 <undetermined>
	NOTE: https://vuldb.com/?id.155768
	TODO: Try to get more information, as usual Apple advisories are too unspecific
CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...)
	NOT-FOR-US: Apple
CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...)
	NOT-FOR-US: Apple
CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-9787
	RESERVED
CVE-2020-9786
	RESERVED
CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...)
	NOT-FOR-US: Apple
CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple Safari
CVE-2020-9783 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2020-9782
	RESERVED
CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...)
	NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...)
	NOT-FOR-US: Apple
CVE-2020-9779
	RESERVED
CVE-2020-9778
	RESERVED
CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...)
	NOT-FOR-US: Apple
CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...)
	NOT-FOR-US: Apple
CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...)
	NOT-FOR-US: Apple
CVE-2020-9774
	RESERVED
CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...)
	NOT-FOR-US: Apple
CVE-2020-9772
	RESERVED
CVE-2020-9771
	RESERVED
CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...)
	NOT-FOR-US: Apple
CVE-2020-9768 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2020-9767
	RESERVED
CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10026
	REJECTED
CVE-2020-10025
	REJECTED
CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10020
	REJECTED
CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...)
	NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the  ...)
	{DSA-4641-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0003.html
CVE-2020-10017
	RESERVED
CVE-2020-10016
	RESERVED
CVE-2020-10015
	RESERVED
CVE-2020-10014
	RESERVED
CVE-2020-10013
	RESERVED
CVE-2020-10012
	RESERVED
CVE-2020-10011
	RESERVED
CVE-2020-10010
	RESERVED
CVE-2020-10009
	RESERVED
CVE-2020-10008
	RESERVED
CVE-2020-10007
	RESERVED
CVE-2020-10006
	RESERVED
CVE-2020-10005
	RESERVED
CVE-2020-10004
	RESERVED
CVE-2020-10003
	RESERVED
CVE-2020-10002
	RESERVED
CVE-2020-10001
	RESERVED
CVE-2020-10000
	RESERVED
CVE-2020-9766
	RESERVED
CVE-2020-9765
	RESERVED
CVE-2020-9764
	RESERVED
CVE-2020-9763
	RESERVED
CVE-2020-9762
	RESERVED
CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
	NOT-FOR-US: UNCTAD ASYCUDA World
CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...)
	{DLA-2157-1}
	- weechat 2.7.1-1
	[buster] - weechat <no-dsa> (Minor issue)
	[stretch] - weechat <no-dsa> (Minor issue)
	NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...)
	{DLA-2157-1}
	- weechat 2.7.1-1
	[buster] - weechat <no-dsa> (Minor issue)
	[stretch] - weechat <no-dsa> (Minor issue)
	NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
	NOT-FOR-US: LiveZilla Live Chat
CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...)
	NOT-FOR-US: Seomatic component for Craft CMS
CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...)
	NOT-FOR-US: Patriot Viper RGB Driver
CVE-2020-9755
	RESERVED
CVE-2020-9754
	RESERVED
CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...)
	NOT-FOR-US: Whale Browser
CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)
	NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an  ...)
	NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9750
	RESERVED
CVE-2020-9749
	RESERVED
CVE-2020-9748
	RESERVED
CVE-2020-9747
	RESERVED
CVE-2020-9746
	RESERVED
CVE-2020-9745
	RESERVED
CVE-2020-9744
	RESERVED
CVE-2020-9743
	RESERVED
CVE-2020-9742
	RESERVED
CVE-2020-9741
	RESERVED
CVE-2020-9740
	RESERVED
CVE-2020-9739
	RESERVED
CVE-2020-9738
	RESERVED
CVE-2020-9737
	RESERVED
CVE-2020-9736
	RESERVED
CVE-2020-9735
	RESERVED
CVE-2020-9734
	RESERVED
CVE-2020-9733
	RESERVED
CVE-2020-9732
	RESERVED
CVE-2020-9731
	RESERVED
CVE-2020-9730
	RESERVED
CVE-2020-9729
	RESERVED
CVE-2020-9728
	RESERVED
CVE-2020-9727
	RESERVED
CVE-2020-9726
	RESERVED
CVE-2020-9725
	RESERVED
CVE-2020-9724
	RESERVED
CVE-2020-9723
	RESERVED
CVE-2020-9722
	RESERVED
CVE-2020-9721
	RESERVED
CVE-2020-9720
	RESERVED
CVE-2020-9719
	RESERVED
CVE-2020-9718
	RESERVED
CVE-2020-9717
	RESERVED
CVE-2020-9716
	RESERVED
CVE-2020-9715
	RESERVED
CVE-2020-9714
	RESERVED
CVE-2020-9713
	RESERVED
CVE-2020-9712
	RESERVED
CVE-2020-9711
	RESERVED
CVE-2020-9710
	RESERVED
CVE-2020-9709
	RESERVED
CVE-2020-9708
	RESERVED
CVE-2020-9707
	RESERVED
CVE-2020-9706
	RESERVED
CVE-2020-9705
	RESERVED
CVE-2020-9704
	RESERVED
CVE-2020-9703
	RESERVED
CVE-2020-9702
	RESERVED
CVE-2020-9701
	RESERVED
CVE-2020-9700
	RESERVED
CVE-2020-9699
	RESERVED
CVE-2020-9698
	RESERVED
CVE-2020-9697
	RESERVED
CVE-2020-9696
	RESERVED
CVE-2020-9695
	RESERVED
CVE-2020-9694
	RESERVED
CVE-2020-9693
	RESERVED
CVE-2020-9692
	RESERVED
CVE-2020-9691
	RESERVED
CVE-2020-9690
	RESERVED
CVE-2020-9689
	RESERVED
CVE-2020-9688
	RESERVED
CVE-2020-9687
	RESERVED
CVE-2020-9686
	RESERVED
CVE-2020-9685
	RESERVED
CVE-2020-9684
	RESERVED
CVE-2020-9683
	RESERVED
CVE-2020-9682
	RESERVED
CVE-2020-9681
	RESERVED
CVE-2020-9680
	RESERVED
CVE-2020-9679
	RESERVED
CVE-2020-9678
	RESERVED
CVE-2020-9677
	RESERVED
CVE-2020-9676
	RESERVED
CVE-2020-9675
	RESERVED
CVE-2020-9674
	RESERVED
CVE-2020-9673
	RESERVED
CVE-2020-9672
	RESERVED
CVE-2020-9671
	RESERVED
CVE-2020-9670
	RESERVED
CVE-2020-9669
	RESERVED
CVE-2020-9668
	RESERVED
CVE-2020-9667
	RESERVED
CVE-2020-9666 (Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerab ...)
	NOT-FOR-US: Adobe
CVE-2020-9665
	RESERVED
CVE-2020-9664
	RESERVED
CVE-2020-9663
	RESERVED
CVE-2020-9662 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...)
	NOT-FOR-US: Adobe
CVE-2020-9661 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds re ...)
	NOT-FOR-US: Adobe
CVE-2020-9660 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...)
	NOT-FOR-US: Adobe
CVE-2020-9659 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...)
	NOT-FOR-US: Adobe
CVE-2020-9658 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...)
	NOT-FOR-US: Adobe
CVE-2020-9657 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds  ...)
	NOT-FOR-US: Adobe
CVE-2020-9656 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds  ...)
	NOT-FOR-US: Adobe
CVE-2020-9655 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds  ...)
	NOT-FOR-US: Adobe
CVE-2020-9654 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-9653 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds rea ...)
	NOT-FOR-US: Adobe
CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
	NOT-FOR-US: Adobe
CVE-2020-9650
	RESERVED
CVE-2020-9649
	RESERVED
CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
	NOT-FOR-US: Adobe
CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
	NOT-FOR-US: Adobe
CVE-2020-9646
	RESERVED
CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...)
	NOT-FOR-US: Adobe
CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
	NOT-FOR-US: Adobe
CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
	NOT-FOR-US: Adobe
CVE-2020-9642 (Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vul ...)
	NOT-FOR-US: Adobe
CVE-2020-9641 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9640 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9639 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9638 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...)
	NOT-FOR-US: Adobe
CVE-2020-9637 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...)
	NOT-FOR-US: Adobe
CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption  ...)
	NOT-FOR-US: Adobe
CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-9633 (Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash ...)
	NOT-FOR-US: Adobe
CVE-2020-9632 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9631 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9630 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9629 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9628 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9627 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9626 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9625 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9624 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9623 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9622 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9621 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9620 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9619
	RESERVED
CVE-2020-9618 (Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read  ...)
	NOT-FOR-US: Adobe
CVE-2020-9617 (Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds r ...)
	NOT-FOR-US: Adobe
CVE-2020-9616 (Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds rea ...)
	NOT-FOR-US: Adobe
CVE-2020-9615 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9614 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9613 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9612 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9611 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9610 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9609 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9608 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9607 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9606 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9605 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9604 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9603 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9602 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9601 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9600 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9599 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9598 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9597 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9596 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9595 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9594 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9593 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9592 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-9591 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9590 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9589 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
	NOT-FOR-US: Adobe
CVE-2020-9588 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9587 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9586 (Adobe Character Animator versions 3.2 and earlier have a buffer overfl ...)
	NOT-FOR-US: Adobe
CVE-2020-9585 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9584 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9583 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9582 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9581 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9580 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9579 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9578 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9577 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9576 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
	NOT-FOR-US: Magento
CVE-2020-9575 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9574 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9573 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9572 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9571 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9570 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
	NOT-FOR-US: Adobe
CVE-2020-9569 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9568 (Adobe Bridge versions 10.0.1 and earlier version have a memory corrupt ...)
	NOT-FOR-US: Adobe
CVE-2020-9567 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...)
	NOT-FOR-US: Adobe
CVE-2020-9566 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...)
	NOT-FOR-US: Adobe
CVE-2020-9565 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9564 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9563 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow  ...)
	NOT-FOR-US: Adobe
CVE-2020-9562 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow  ...)
	NOT-FOR-US: Adobe
CVE-2020-9561 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9560 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9559 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9558 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9557 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9556 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9555 (Adobe Bridge versions 10.0.1 and earlier version have a stack-based bu ...)
	NOT-FOR-US: Adobe
CVE-2020-9554 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9553 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
	NOT-FOR-US: Adobe
CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...)
	NOT-FOR-US: Adobe
CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability.  ...)
	NOT-FOR-US: Adobe
CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web ...)
	NOT-FOR-US: Netgear
CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...)
	NOT-FOR-US: Netgear
CVE-2019-20487 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...)
	NOT-FOR-US: Netgear
CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...)
	NOT-FOR-US: Netgear
CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...)
	NOT-FOR-US: Rubetek SmartHome 2020 devices
CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...)
	{DLA-2134-1}
	- pdfresurrect 0.20-1 (unimportant; bug #952948)
	NOTE: https://github.com/enferex/pdfresurrect/issues/8
	NOTE: Crash in CLI tool, no security impact
CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2135-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2135-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
	{DLA-2135-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...)
	NOT-FOR-US: Pale Moon
CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...)
	NOT-FOR-US: D-Link
CVE-2020-9543 (OpenStack Manila &lt;7.4.1, &gt;=8.0.0 &lt;8.1.1, and &gt;=9.0.0 &lt;9 ...)
	- manila 1:9.0.0-5 (bug #953581)
	[buster] - manila 1:7.0.0-1+deb10u1
	[stretch] - manila <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/manila/+bug/1861485
	NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html
CVE-2020-9542
	RESERVED
CVE-2020-9541
	RESERVED
CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...)
	NOT-FOR-US: Sophos
CVE-2020-9539
	RESERVED
CVE-2020-9538
	RESERVED
CVE-2020-9537
	RESERVED
CVE-2020-9536
	RESERVED
CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...)
	NOT-FOR-US: D-Link
CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...)
	NOT-FOR-US: D-Link
CVE-2020-9533
	RESERVED
CVE-2020-9532
	RESERVED
CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...)
	NOT-FOR-US: Xiaomi
CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The  ...)
	NOT-FOR-US: Xiaomi
CVE-2020-9529
	RESERVED
CVE-2020-9528
	RESERVED
CVE-2020-9527
	RESERVED
CVE-2020-9526
	RESERVED
CVE-2020-9525
	RESERVED
CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...)
	NOT-FOR-US: Micro Focus Vibe
CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...)
	NOT-FOR-US: Micro Focus
CVE-2020-9516
	RESERVED
CVE-2020-9515
	RESERVED
CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...)
	NOT-FOR-US: IMPress for IDX Broker plugin for WordPress
CVE-2020-9513
	RESERVED
CVE-2020-9512
	RESERVED
CVE-2020-9511
	RESERVED
CVE-2020-9510
	RESERVED
CVE-2020-9509
	RESERVED
CVE-2020-9508
	RESERVED
CVE-2020-9507
	RESERVED
CVE-2020-9506
	RESERVED
CVE-2020-9505
	RESERVED
CVE-2020-9504
	RESERVED
CVE-2020-9503
	RESERVED
CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session  ...)
	NOT-FOR-US: Dahua
CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...)
	NOT-FOR-US: Dahua
CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...)
	NOT-FOR-US: Dahua
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
	NOT-FOR-US: Dahua
CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...)
	- guacamole-client <unfixed> (bug #964195)
	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
	- guacamole-client <unfixed> (bug #964195)
	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
CVE-2020-9496
	RESERVED
CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...)
	NOT-FOR-US: Apache Archiva
CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...)
	{DSA-4710-1}
	- trafficserver 8.0.8+ds-1 (bug #963629)
	NOTE: https://github.com/apache/trafficserver/pull/6922
CVE-2020-9493
	RESERVED
CVE-2020-9492
	RESERVED
CVE-2020-9491
	RESERVED
CVE-2020-9490
	RESERVED
CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...)
	- tika <unfixed>
	[jessie] - tika <ignored> (the fix is too invasive to backport)
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j  ...)
	- apache-log4j2 <unfixed> (bug #959450)
	[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
	NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
	NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x)
	NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master)
CVE-2020-9487
	RESERVED
CVE-2020-9486
	RESERVED
CVE-2020-9485
	RESERVED
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to  ...)
	{DLA-2217-1 DLA-2209-1}
	- tomcat9 9.0.35-1 (bug #961209)
	- tomcat8 <removed>
	- tomcat7 <removed>
	NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5)
	NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35)
	NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55)
	NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104)
CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the  ...)
	NOT-FOR-US: Apache SkyWalking
CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...)
	NOT-FOR-US: Apache NiFi
CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...)
	{DSA-4672-1}
	- trafficserver 8.0.7+ds-1
	NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
	NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...)
	- apache-spark <itp> (bug #802194)
CVE-2020-9479
	RESERVED
CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...)
	- libvirt 6.0.0-2 (low; bug #953078)
	[buster] - libvirt <no-dsa> (Minor issue)
	[stretch] - libvirt <no-dsa> (Minor issue)
	[jessie] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...)
	NOT-FOR-US: Swann
CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection  ...)
	NOT-FOR-US: Rubrik
CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
	NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
	NOT-FOR-US: ARRIS TG1692A devices
CVE-2020-9475 (The S. Siedle &amp; Soehne SG 150-0 Smart Gateway before 1.2.4 allows  ...)
	NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9474 (The S. Siedle &amp; Soehne SG 150-0 Smart Gateway before 1.2.4 allows  ...)
	NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9473 (The S. Siedle &amp; Soehne SG 150-0 Smart Gateway before 1.2.4 has a p ...)
	NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
	NOT-FOR-US: Umbraco CMS
CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
	NOT-FOR-US: Umbraco
CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...)
	NOT-FOR-US: Wing FTP Server
CVE-2020-9469
	RESERVED
CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...)
	- piwigo <removed>
CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...)
	- piwigo <removed>
CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV  ...)
	NOT-FOR-US: Export Users to CSV plugin for WordPress
CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...)
	NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000
CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary  ...)
	- centreon-web <itp> (bug #913903)
CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...)
	NOT-FOR-US: Athom
CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...)
	NOT-FOR-US: Octech Oempro
CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...)
	NOT-FOR-US: Octech Oempro
CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...)
	NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress
CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9453
	RESERVED
CVE-2020-9452
	RESERVED
CVE-2020-9451
	RESERVED
CVE-2020-9450
	RESERVED
CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB!  ...)
	NOT-FOR-US: BlaB!
CVE-2020-9448
	RESERVED
CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...)
	NOT-FOR-US: GwtUpload
CVE-2020-9446
	RESERVED
CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...)
	- qtwebsockets-opensource-src <unfixed> (low; bug #953049)
	[buster] - qtwebsockets-opensource-src <ignored> (Minor issue)
	[stretch] - qtwebsockets-opensource-src <ignored> (Minor issue)
	[jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
	NOTE: https://bugreports.qt.io/browse/QTBUG-70693
	NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...)
	- zulip-server <itp> (bug #800052)
CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...)
	- zulip-server <itp> (bug #800052)
CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...)
	NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server)
CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...)
	NOT-FOR-US: OpenVPN Connect on Windows
CVE-2020-9441
	RESERVED
CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...)
	NOT-FOR-US: CKEditor plugin
CVE-2020-9439
	RESERVED
CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...)
	NOT-FOR-US: Tinxy Door Lock
CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...)
	NOT-FOR-US: SecureAuth IdP
CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G  ...)
	NOT-FOR-US: PHOENIX
CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G  ...)
	NOT-FOR-US: PHOENIX
CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...)
	NOT-FOR-US: lua-openssl (different from lua-luaossl)
CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...)
	NOT-FOR-US: lua-openssl (different from lua-luaossl)
CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...)
	NOT-FOR-US: lua-openssl (different from lua-luaossl)
CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF. ...)
	NOT-FOR-US: OX Guard
CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS. ...)
	NOT-FOR-US: OX Guard
CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...)
	NOT-FOR-US: rConfig
CVE-2020-9424
	RESERVED
CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...)
	NOT-FOR-US: LogicalDoc
CVE-2020-9422
	RESERVED
CVE-2020-9421
	RESERVED
CVE-2019-20484
	RESERVED
CVE-2019-20483
	RESERVED
CVE-2020-9420
	RESERVED
CVE-2020-9419
	RESERVED
CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the  ...)
	- wireshark 3.2.2-1
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	[jessie] - wireshark <not-affected> (composite TVB handling added later)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850
CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the  ...)
	- wireshark 3.2.2-1
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790
CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the  ...)
	- wireshark 3.2.2-1 (low)
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2
CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...)
	- wireshark 3.2.2-1
	[buster] - wireshark <not-affected> (Vulnerable code not present)
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e
CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...)
	NOT-FOR-US: PDFescape
CVE-2020-9417
	RESERVED
CVE-2020-9416
	RESERVED
CVE-2020-9415
	RESERVED
CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
	NOT-FOR-US: TIBCO
CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...)
	NOT-FOR-US: TIBCO
CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
	NOT-FOR-US: TIBCO
CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
	NOT-FOR-US: TIBCO
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
	NOT-FOR-US: TIBCO
CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
	NOT-FOR-US: TIBCO
CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
	NOT-FOR-US: TIBCO
CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive  ...)
	NOT-FOR-US: IBL Online Weather
CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...)
	NOT-FOR-US: IBL Online Weather
CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS  ...)
	NOT-FOR-US: IBL Online Weather
CVE-2020-9404
	RESERVED
CVE-2020-9403
	RESERVED
CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...)
	- python-django 2:2.2.11-1 (low; bug #953102)
	[buster] - python-django 1:1.11.29-1~deb10u1
	[stretch] - python-django <postponed> (Can be fixed along in a future DSA)
	[jessie] - python-django <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1
	NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8
	NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2)
	NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11)
CVE-2020-9401
	RESERVED
CVE-2020-9400
	RESERVED
CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...)
	NOT-FOR-US: Avast AV parsing engine
CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...)
	NOT-FOR-US: ISPConfig
CVE-2020-9397
	RESERVED
CVE-2020-9396
	RESERVED
CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...)
	TODO: check
CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
	NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
	NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
	NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9390
	RESERVED
CVE-2020-9389
	RESERVED
CVE-2020-9388
	RESERVED
CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...)
	- mahara <removed>
CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
	- mahara <removed>
CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6  ...)
	- linux 5.5.13-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
	- zint <itp> (bug #732141)
CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
	NOT-FOR-US: Subex
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in  ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...)
	NOT-FOR-US: Widgets extension for MediaWiki
CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...)
	NOT-FOR-US: Total.js CMS
CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...)
	NOT-FOR-US: IPTV Smarters WEB TV PLAYER
CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...)
	NOT-FOR-US: Mitel
CVE-2020-9378
	RESERVED
CVE-2020-9377
	RESERVED
CVE-2020-9376
	RESERVED
CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...)
	NOT-FOR-US: TP-Link
CVE-2019-20482
	RESERVED
CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...)
	NOT-FOR-US: TP-Link
CVE-2020-9373
	RESERVED
CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...)
	NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial  ...)
	- sympa 6.2.40~dfsg-4 (low; bug #952428)
	[buster] - sympa <no-dsa> (Minor issue)
	[stretch] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
	[jessie] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
	NOTE: https://github.com/sympa-community/sympa/issues/886
	NOTE: https://sympa-community.github.io/security/2020-001.html
	NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch
CVE-2020-9368
	RESERVED
CVE-2020-9367
	RESERVED
CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...)
	- pure-ftpd 1.0.49-3 (bug #952471)
	[buster] - pure-ftpd <no-dsa> (Minor issue)
	[stretch] - pure-ftpd <no-dsa> (Minor issue)
	[jessie] - pure-ftpd <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b
CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact  ...)
	NOT-FOR-US: Creative Contact Form extension for Joomla!
CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection  ...)
	NOT-FOR-US: Sophos AV
CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...)
	NOT-FOR-US: Quick Heal AV parsing engine
CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...)
	NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway
CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...)
	NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway
CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to gif, j ...)
	NOT-FOR-US: Kunena
CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...)
	- screen 4.8.0-1 (bug #950896)
	[buster] - screen <not-affected> (Vulnerable code introduced in v4.7.0)
	[stretch] - screen <not-affected> (Vulnerable code introduced in v4.7.0)
	[jessie] - screen <not-affected> (Vulnerable code introduced in v4.7.0)
	NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0)
	NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0)
	NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0)
CVE-2020-9361
	RESERVED
CVE-2020-9360
	RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
	{DLA-2159-1}
	- okular 4:19.12.3-2 (bug #954891)
	[buster] - okular <no-dsa> (Minor issue)
	[stretch] - okular <no-dsa> (Minor issue)
	NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
	NOTE: https://kde.org/info/security/advisory-20200312-1.txt
	NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC)
CVE-2020-9358
	RESERVED
CVE-2020-9357
	RESERVED
CVE-2020-9356
	RESERVED
CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...)
	NOT-FOR-US: SmartClient
CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...)
	NOT-FOR-US: SmartClient
CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...)
	NOT-FOR-US: SmartClient
CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...)
	NOT-FOR-US: SmartClient
CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...)
	NOT-FOR-US: Graph Builder in SAS Visual Analytics
CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...)
	NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
CVE-2020-9348
	RESERVED
CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...)
	NOT-FOR-US: signoPAD-API/Web
CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...)
	NOT-FOR-US: Subversion ALM
CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...)
	NOT-FOR-US: signoPAD-API/Web
CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...)
	NOT-FOR-US: F-Secure AV parsing engine
CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...)
	NOT-FOR-US: CandidATS
CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...)
	NOT-FOR-US: fauzantrif eLection
CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...)
	NOT-FOR-US: SOPlanning
CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...)
	NOT-FOR-US: SOPlanning
CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...)
	NOT-FOR-US: GolfBuddy Course Manager
CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -&gt; Settings ...)
	NOT-FOR-US: fauzantrif eLection
CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...)
	{DSA-4643-1}
	- python-bleach 3.1.3-1 (bug #954236)
	[stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
	[jessie] - python-bleach <ignored> (Requires invasive change to address issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public)
	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
	NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986
CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...)
	{DSA-4636-1}
	- python-bleach 3.1.1-1 (bug #951907)
	[stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
	[jessie] - python-bleach <ignored> (Fix too invasive in jessie; uses external html5 parser)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public)
	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
	NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...)
	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...)
	NOT-FOR-US: Envira Photo Gallery plugin for WordPress
CVE-2020-9333
	RESERVED
CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19  ...)
	NOT-FOR-US: FabulaTech
CVE-2020-9331
	RESERVED
CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
	NOT-FOR-US: Xerox
CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...)
	NOT-FOR-US: Go Git Service
CVE-2020-9328
	RESERVED
CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger  ...)
	- sqlite3 3.31.1-3 (bug #951835)
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <not-affected> (vulnerable code not present)
	NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
	NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
	NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...)
	NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac
CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...)
	NOT-FOR-US: Aquaforest TIFF Server
CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...)
	NOT-FOR-US: Aquaforest TIFF Server
CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...)
	NOT-FOR-US: Aquaforest TIFF Server
CVE-2020-9322
	RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
	NOT-FOR-US: Traefik
CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a  ...)
	NOT-FOR-US: Avira
CVE-2020-9319
	RESERVED
CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...)
	NOT-FOR-US: Red Gate SQL Monitor
CVE-2020-9317
	RESERVED
CVE-2020-9316
	RESERVED
CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...)
	NOT-FOR-US: Oracle
CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...)
	NOT-FOR-US: Oracle
CVE-2020-9313
	RESERVED
CVE-2020-9312
	RESERVED
CVE-2020-9311
	RESERVED
CVE-2020-9310
	REJECTED
CVE-2020-9309
	RESERVED
CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
	- libarchive 3.4.0-2 (bug #951759)
	[buster] - libarchive <not-affected> (rar5 support added in 3.4.0)
	[stretch] - libarchive <not-affected> (rar5 support added in 3.4.0)
	[jessie] - libarchive <not-affected> (rar5 support added in 3.4.0)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459
	NOTE: https://github.com/libarchive/libarchive/pull/1326
	NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
CVE-2020-9307
	RESERVED
CVE-2020-9306
	RESERVED
CVE-2020-9305
	RESERVED
CVE-2020-9304
	RESERVED
CVE-2020-9303
	RESERVED
CVE-2020-9302
	RESERVED
CVE-2020-9301
	RESERVED
CVE-2020-9300
	RESERVED
CVE-2020-9299
	RESERVED
CVE-2020-9298
	RESERVED
CVE-2020-9297
	RESERVED
CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...)
	NOT-FOR-US: Netflix Conductor
CVE-2020-9295
	RESERVED
CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
	NOT-FOR-US: FortiMail Fortiguard
CVE-2020-9293
	RESERVED
CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent  ...)
	NOT-FOR-US: Fortiguard
CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...)
	NOT-FOR-US: Fortiguard / FortiClient for Windows
CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online  ...)
	NOT-FOR-US: Fortiguard
CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI  ...)
	NOT-FOR-US: Fortiguard
CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...)
	NOT-FOR-US: Fortinet
CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
	NOT-FOR-US: Fortiguard
CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...)
	NOT-FOR-US: Fortiguard
CVE-2020-9285
	RESERVED
CVE-2020-9284
	RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
	- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
	[buster] - golang-go.crypto <no-dsa> (Minor issue)
	[stretch] - golang-go.crypto <no-dsa> (Minor issue)
	[jessie] - golang-go.crypto <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
	- mahara <removed>
CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor  ...)
	NOT-FOR-US: CKEditor plugin
CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...)
	NOT-FOR-US: SilverStripe
CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...)
	NOT-FOR-US: D-Link
CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...)
	NOT-FOR-US: D-Link
CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...)
	NOT-FOR-US: D-Link
CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...)
	NOT-FOR-US: D-Link
CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...)
	NOT-FOR-US: D-Link
CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer  ...)
	{DLA-2123-1}
	- pure-ftpd 1.0.49-4 (bug #952666)
	[buster] - pure-ftpd <no-dsa> (Minor issue)
	[stretch] - pure-ftpd <no-dsa> (Minor issue)
	NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
	NOTE: though the CVE description does not specifically say, the issue seems to be an
	NOTE: out-of-bounds memory read which may result in information disclosure;
	NOTE: probably not the end of the world, but it is made worse by use of the rather
	NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions
CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
	{DSA-4635-1 DLA-2115-2 DLA-2115-1}
	- proftpd-dfsg 1.3.6c-2 (bug #951800)
	NOTE: https://github.com/proftpd/proftpd/issues/903
	NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master)
	NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master)
	NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c)
	NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch)
CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...)
	- proftpd-dfsg 1.3.6c-1 (unimportant)
	NOTE: https://github.com/proftpd/proftpd/issues/902
	NOTE: Debian does not build mod_cap and does not use the embedded libcap.
	NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap.
CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
	{DLA-2130-1}
	- libapache2-mod-auth-openidc 2.4.1-1
	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...)
	- ruamel.yaml <unfixed> (unimportant)
	NOTE: This is a well-known design deficiency in pyyaml (of which ruamel.yaml is derived),
	NOTE: various CVE IDs have been assigned to applications misusing the API over the years.
	NOTE: pyyaml 5.1 changed the default hebaviour
CVE-2019-20477 (PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...)
	- pyyaml 5.2-1 (unimportant)
	[buster] - pyyaml <not-affected> (Vulnerability introduced in 5.1)
	[stretch] - pyyaml <not-affected> (Vulnerability introduced in 5.1)
	[jessie] - pyyaml <not-affected> (Vulnerability introduced in 5.1)
	NOTE: CVE exists due to an incomplete fix for CVE-2017-18342.
CVE-2019-20476
	RESERVED
CVE-2019-20475
	RESERVED
CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 1 ...)
	- nova <unfixed> (bug #951635)
	[buster] - nova <no-dsa> (Minor issue)
	[stretch] - nova <no-dsa> (Minor issue)
	[jessie] - nova <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1492140
	NOTE: https://review.opendev.org/220622
CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...)
	NOT-FOR-US: ICE Hrm
CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via  ...)
	NOT-FOR-US: ICE Hrm
CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...)
	NOT-FOR-US: SOPlanning
CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause,  ...)
	NOT-FOR-US: SOPlanning
CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
	NOT-FOR-US: SOPlanning
CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
	NOT-FOR-US: SOPlanning
CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...)
	NOT-FOR-US: phpMyChat-Plus
CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass  ...)
	NOT-FOR-US: ESET
CVE-2020-9263
	RESERVED
CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
	TODO: check
CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
	TODO: check
CVE-2020-9260
	RESERVED
CVE-2020-9259
	RESERVED
CVE-2020-9258
	RESERVED
CVE-2020-9257
	RESERVED
CVE-2020-9256
	RESERVED
CVE-2020-9255
	RESERVED
CVE-2020-9254
	RESERVED
CVE-2020-9253
	RESERVED
CVE-2020-9252
	RESERVED
CVE-2020-9251
	RESERVED
CVE-2020-9250
	RESERVED
CVE-2020-9249
	RESERVED
CVE-2020-9248
	RESERVED
CVE-2020-9247
	RESERVED
CVE-2020-9246
	RESERVED
CVE-2020-9245
	RESERVED
CVE-2020-9244
	RESERVED
CVE-2020-9243
	RESERVED
CVE-2020-9242
	RESERVED
CVE-2020-9241
	RESERVED
CVE-2020-9240
	RESERVED
CVE-2020-9239
	RESERVED
CVE-2020-9238
	RESERVED
CVE-2020-9237
	RESERVED
CVE-2020-9236
	RESERVED
CVE-2020-9235
	RESERVED
CVE-2020-9234
	RESERVED
CVE-2020-9233
	RESERVED
CVE-2020-9232
	RESERVED
CVE-2020-9231
	RESERVED
CVE-2020-9230
	RESERVED
CVE-2020-9229
	RESERVED
CVE-2020-9228
	RESERVED
CVE-2020-9227
	RESERVED
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
	TODO: check
CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
	TODO: check
CVE-2020-9224
	RESERVED
CVE-2020-9223
	RESERVED
CVE-2020-9222
	RESERVED
CVE-2020-9221
	RESERVED
CVE-2020-9220
	RESERVED
CVE-2020-9219
	RESERVED
CVE-2020-9218
	RESERVED
CVE-2020-9217
	RESERVED
CVE-2020-9216
	RESERVED
CVE-2020-9215
	RESERVED
CVE-2020-9214
	RESERVED
CVE-2020-9213
	RESERVED
CVE-2020-9212
	RESERVED
CVE-2020-9211
	RESERVED
CVE-2020-9210
	RESERVED
CVE-2020-9209
	RESERVED
CVE-2020-9208
	RESERVED
CVE-2020-9207
	RESERVED
CVE-2020-9206
	RESERVED
CVE-2020-9205
	RESERVED
CVE-2020-9204
	RESERVED
CVE-2020-9203
	RESERVED
CVE-2020-9202
	RESERVED
CVE-2020-9201
	RESERVED
CVE-2020-9200
	RESERVED
CVE-2020-9199
	RESERVED
CVE-2020-9198
	RESERVED
CVE-2020-9197
	RESERVED
CVE-2020-9196
	RESERVED
CVE-2020-9195
	RESERVED
CVE-2020-9194
	RESERVED
CVE-2020-9193
	RESERVED
CVE-2020-9192
	RESERVED
CVE-2020-9191
	RESERVED
CVE-2020-9190
	RESERVED
CVE-2020-9189
	RESERVED
CVE-2020-9188
	RESERVED
CVE-2020-9187
	RESERVED
CVE-2020-9186
	RESERVED
CVE-2020-9185
	RESERVED
CVE-2020-9184
	RESERVED
CVE-2020-9183
	RESERVED
CVE-2020-9182
	RESERVED
CVE-2020-9181
	RESERVED
CVE-2020-9180
	RESERVED
CVE-2020-9179
	RESERVED
CVE-2020-9178
	RESERVED
CVE-2020-9177
	RESERVED
CVE-2020-9176
	RESERVED
CVE-2020-9175
	RESERVED
CVE-2020-9174
	RESERVED
CVE-2020-9173
	RESERVED
CVE-2020-9172
	RESERVED
CVE-2020-9171
	RESERVED
CVE-2020-9170
	RESERVED
CVE-2020-9169
	RESERVED
CVE-2020-9168
	RESERVED
CVE-2020-9167
	RESERVED
CVE-2020-9166
	RESERVED
CVE-2020-9165
	RESERVED
CVE-2020-9164
	RESERVED
CVE-2020-9163
	RESERVED
CVE-2020-9162
	RESERVED
CVE-2020-9161
	RESERVED
CVE-2020-9160
	RESERVED
CVE-2020-9159
	RESERVED
CVE-2020-9158
	RESERVED
CVE-2020-9157
	RESERVED
CVE-2020-9156
	RESERVED
CVE-2020-9155
	RESERVED
CVE-2020-9154
	RESERVED
CVE-2020-9153
	RESERVED
CVE-2020-9152
	RESERVED
CVE-2020-9151
	RESERVED
CVE-2020-9150
	RESERVED
CVE-2020-9149
	RESERVED
CVE-2020-9148
	RESERVED
CVE-2020-9147
	RESERVED
CVE-2020-9146
	RESERVED
CVE-2020-9145
	RESERVED
CVE-2020-9144
	RESERVED
CVE-2020-9143
	RESERVED
CVE-2020-9142
	RESERVED
CVE-2020-9141
	RESERVED
CVE-2020-9140
	RESERVED
CVE-2020-9139
	RESERVED
CVE-2020-9138
	RESERVED
CVE-2020-9137
	RESERVED
CVE-2020-9136
	RESERVED
CVE-2020-9135
	RESERVED
CVE-2020-9134
	RESERVED
CVE-2020-9133
	RESERVED
CVE-2020-9132
	RESERVED
CVE-2020-9131
	RESERVED
CVE-2020-9130
	RESERVED
CVE-2020-9129
	RESERVED
CVE-2020-9128
	RESERVED
CVE-2020-9127
	RESERVED
CVE-2020-9126
	RESERVED
CVE-2020-9125
	RESERVED
CVE-2020-9124
	RESERVED
CVE-2020-9123
	RESERVED
CVE-2020-9122
	RESERVED
CVE-2020-9121
	RESERVED
CVE-2020-9120
	RESERVED
CVE-2020-9119
	RESERVED
CVE-2020-9118
	RESERVED
CVE-2020-9117
	RESERVED
CVE-2020-9116
	RESERVED
CVE-2020-9115
	RESERVED
CVE-2020-9114
	RESERVED
CVE-2020-9113
	RESERVED
CVE-2020-9112
	RESERVED
CVE-2020-9111
	RESERVED
CVE-2020-9110
	RESERVED
CVE-2020-9109
	RESERVED
CVE-2020-9108
	RESERVED
CVE-2020-9107
	RESERVED
CVE-2020-9106
	RESERVED
CVE-2020-9105
	RESERVED
CVE-2020-9104
	RESERVED
CVE-2020-9103
	RESERVED
CVE-2020-9102
	RESERVED
CVE-2020-9101
	RESERVED
CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
	TODO: check
CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
	NOT-FOR-US: Huawei
CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
	NOT-FOR-US: Huawei
CVE-2020-9097
	RESERVED
CVE-2020-9096
	RESERVED
CVE-2020-9095
	RESERVED
CVE-2020-9094
	RESERVED
CVE-2020-9093
	RESERVED
CVE-2020-9092
	RESERVED
CVE-2020-9091
	RESERVED
CVE-2020-9090
	RESERVED
CVE-2020-9089
	RESERVED
CVE-2020-9088
	RESERVED
CVE-2020-9087
	RESERVED
CVE-2020-9086
	RESERVED
CVE-2020-9085
	RESERVED
CVE-2020-9084
	RESERVED
CVE-2020-9083
	RESERVED
CVE-2020-9082
	RESERVED
CVE-2020-9081
	RESERVED
CVE-2020-9080
	RESERVED
CVE-2020-9079
	RESERVED
CVE-2020-9078
	RESERVED
CVE-2020-9077
	RESERVED
CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...)
	NOT-FOR-US: Huawei
CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...)
	NOT-FOR-US: Huawei
CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...)
	NOT-FOR-US: Huawei
CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
	NOT-FOR-US: Huawei
CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a  ...)
	NOT-FOR-US: Huawei
CVE-2020-9071 (There is a few bytes out-of-bounds read vulnerability in some Huawei p ...)
	NOT-FOR-US: Huawei
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
	NOT-FOR-US: Huawei
CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...)
	NOT-FOR-US: Huawei
CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
	NOT-FOR-US: Huawei
CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The  ...)
	NOT-FOR-US: Huawei
CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...)
	NOT-FOR-US: Huawei
CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...)
	NOT-FOR-US: Huawei
CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...)
	NOT-FOR-US: Huawei
CVE-2020-9063
	RESERVED
CVE-2020-9062
	RESERVED
CVE-2020-9061
	RESERVED
CVE-2020-9060
	RESERVED
CVE-2020-9059
	RESERVED
CVE-2020-9058
	RESERVED
CVE-2020-9057
	RESERVED
CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...)
	NOT-FOR-US: Periscope BuySpeed
CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
	NOT-FOR-US: Versiant LYNX Customer Service Portal
CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...)
	NOT-FOR-US: ZyXEL
CVE-2020-9053
	RESERVED
CVE-2020-9052
	RESERVED
CVE-2020-9051
	RESERVED
CVE-2020-9050
	RESERVED
CVE-2020-9049
	RESERVED
CVE-2020-9048
	RESERVED
CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized  ...)
	NOT-FOR-US: exacqVision Web Service
CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
	NOT-FOR-US: Kantech
CVE-2020-9045 (During installation or upgrade to Software House C&#8226;CURE 9000 v2. ...)
	NOT-FOR-US: Software House
CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
	NOT-FOR-US: Johnson Controls
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
	NOT-FOR-US: wpCentral plugin for WordPress
CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...)
	NOT-FOR-US: Couchbase
CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...)
	NOT-FOR-US: Couchbase
CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...)
	NOT-FOR-US: Couchbase
CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
	NOT-FOR-US: Couchbase
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
	NOT-FOR-US: Joplin
CVE-2020-9037
	RESERVED
CVE-2020-9036
	RESERVED
CVE-2020-9035
	RESERVED
CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...)
	NOT-FOR-US: Zoho ManageEngine Remote Access Plus
CVE-2016-11019
	RESERVED
CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...)
	{DSA-4637-1}
	- network-manager-ssh 1.2.11-1
	NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98
	NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499
CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...)
	NOT-FOR-US: Symmetricom SyncServer
CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...)
	NOT-FOR-US: ELTEX devices
CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...)
	NOT-FOR-US: ELTEX devices
CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored  ...)
	NOT-FOR-US: Iteris Vantage Velocity Field Unit devices
CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...)
	NOT-FOR-US: Iteris Vantage Velocity Field Unit devices
CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...)
	NOT-FOR-US: Iteris Vantage Velocity Field Unit devices
CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...)
	NOT-FOR-US: Xirrus devices
CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...)
	NOT-FOR-US: Post Oak AWAM Bluetooth Field Device
CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...)
	NOT-FOR-US: Iteris Vantage Velocity Field Unit devices
CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...)
	NOT-FOR-US: WPJobBoard plugin for WordPress
CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&amp;doc=edit_user CSRF  ...)
	NOT-FOR-US: LiteCart
CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile. ...)
	NOT-FOR-US: LiteCart
CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter,  ...)
	- dolibarr <removed>
CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...)
	NOT-FOR-US: Arista devices
CVE-2020-9014
	RESERVED
CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
	NOT-FOR-US: Arvato Skillpipe
CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...)
	NOT-FOR-US: Gluu Identity Configuration
CVE-2020-9011
	RESERVED
CVE-2020-9010
	RESERVED
CVE-2020-9009
	RESERVED
CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...)
	NOT-FOR-US: Blackboard Learn/PeopleTool
CVE-2019-20473
	RESERVED
CVE-2019-20472
	RESERVED
CVE-2019-20471
	RESERVED
CVE-2019-20470
	RESERVED
CVE-2019-20469
	RESERVED
CVE-2019-20468
	RESERVED
CVE-2019-20467
	RESERVED
CVE-2019-20466
	RESERVED
CVE-2019-20465
	RESERVED
CVE-2019-20464
	RESERVED
CVE-2019-20463
	RESERVED
CVE-2019-20462
	RESERVED
CVE-2019-20461
	RESERVED
CVE-2019-20460
	RESERVED
CVE-2019-20459
	RESERVED
CVE-2019-20458
	RESERVED
CVE-2019-20457
	RESERVED
CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...)
	NOT-FOR-US: Codoforum
CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...)
	NOT-FOR-US: Popup Builder plugin for WordPress
CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...)
	NOT-FOR-US: Dota 2
CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...)
	NOT-FOR-US: Modula Image Gallery plugin for WordPress
CVE-2020-9002
	RESERVED
CVE-2020-9001
	RESERVED
CVE-2020-9000
	RESERVED
CVE-2020-8999
	RESERVED
CVE-2020-8998
	REJECTED
CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...)
	NOT-FOR-US: Abbott FreeStyle Libre
CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read  ...)
	NOT-FOR-US: AnyShare Cloud
CVE-2019-20456 (Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, ...)
	NOT-FOR-US: Goverlan
CVE-2020-8995
	RESERVED
CVE-2019-20455 (Gateways/Gateway.php in Heartland &amp; Global Payments PHP SDK before ...)
	NOT-FOR-US: Heartland & Global Payments PHP SDK
CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
	- pcre2 10.34-1
	[buster] - pcre2 <no-dsa> (Minor issue)
	[stretch] - pcre2 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2421
	NOTE: https://bugs.php.net/bug.php?id=78338
	NOTE: Fixed by: https://vcs.pcre.org/pcre2?view=revision&revision=1092
	NOTE: Tests: https://vcs.pcre.org/pcre2?view=revision&revision=1091
CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...)
	NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT
CVE-2020-8993
	RESERVED
CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...)
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.ozlabs.org/patch/1236118/
CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...)
	- lvm2 2.03.01-2
	[stretch] - lvm2 <no-dsa> (Minor issue)
	[jessie] - lvm2 <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701
	NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code)
CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow  ...)
	NOT-FOR-US: Western Digital My Cloud Home
CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...)
	NOT-FOR-US: Voatz application for Android
CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
	NOT-FOR-US: Voatz application for Android
CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...)
	NOT-FOR-US: Avast AntiTrack
CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...)
	NOT-FOR-US: ZendTo
CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...)
	NOT-FOR-US: ZendTo
CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...)
	NOT-FOR-US: ZendTo
CVE-2020-8983 (An arbitrary file write issue exists in all versions of Citrix ShareFi ...)
	NOT-FOR-US: Citrix
CVE-2020-8982 (An unauthenticated arbitrary file read issue exists in all versions of ...)
	NOT-FOR-US: Citrix
CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...)
	NOT-FOR-US: Source Integration plugin for MantisBT
CVE-2020-8980
	RESERVED
CVE-2020-8979
	RESERVED
CVE-2020-8978
	RESERVED
CVE-2020-8977
	RESERVED
CVE-2020-8976
	RESERVED
CVE-2020-8975
	RESERVED
CVE-2020-8974
	RESERVED
CVE-2020-8973
	RESERVED
CVE-2020-8972
	RESERVED
CVE-2020-8971
	RESERVED
CVE-2020-8970
	RESERVED
CVE-2020-8969
	RESERVED
CVE-2020-8968
	RESERVED
CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
	NOT-FOR-US: GESIO
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
	NOT-FOR-US: Tiki-Wiki Groupware
CVE-2020-8965
	RESERVED
CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
	NOT-FOR-US: TimeTools devices
CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
	NOT-FOR-US: TimeTools devices
CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...)
	NOT-FOR-US: D-Link
CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...)
	NOT-FOR-US: Avira
CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...)
	NOT-FOR-US: Western Digital mycloud.com
CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
	NOT-FOR-US: Western Digital
CVE-2020-8958
	RESERVED
CVE-2020-8957
	RESERVED
CVE-2020-8956
	RESERVED
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
	{DLA-2157-1}
	- weechat 2.7.1-1 (bug #951289)
	[buster] - weechat <no-dsa> (Minor issue)
	[stretch] - weechat <no-dsa> (Minor issue)
	NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link  ...)
	NOT-FOR-US: OpenSearch Web browser
CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
	NOT-FOR-US: OpenVPN Access Server
CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
	NOT-FOR-US: Fiserv Accurate Reconciliation
CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...)
	NOT-FOR-US: Fiserv Accurate Reconciliation
CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
	NOT-FOR-US: Radeon AMD User Experience Program Launcher
CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
	NOT-FOR-US: Gocloud devices
CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...)
	NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP)
CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...)
	NOT-FOR-US: Pandora FMS
CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...)
	NOT-FOR-US: Netis devices
CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...)
	- golang-github-proglottis-gpgme 0.1.1-1 (bug #951372)
	[buster] - golang-github-proglottis-gpgme <no-dsa> (Minor issue)
	NOTE: https://github.com/proglottis/gpgme/pull/23
CVE-2020-8944
	RESERVED
CVE-2020-8943
	RESERVED
CVE-2020-8942
	RESERVED
CVE-2020-8941
	RESERVED
CVE-2020-8940
	RESERVED
CVE-2020-8939
	RESERVED
CVE-2020-8938
	RESERVED
CVE-2020-8937
	RESERVED
CVE-2020-8936
	RESERVED
CVE-2020-8935
	RESERVED
CVE-2020-8934
	RESERVED
CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
	- google-compute-image-packages <unfixed>
	NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
	NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8932
	RESERVED
CVE-2020-8931
	RESERVED
CVE-2020-8930
	RESERVED
CVE-2020-8929
	RESERVED
CVE-2020-8928
	RESERVED
CVE-2020-8927
	RESERVED
CVE-2020-8926
	RESERVED
CVE-2020-8925
	RESERVED
CVE-2020-8924
	RESERVED
CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...)
	NOT-FOR-US: Dart (different from src:dart)
CVE-2020-8922
	RESERVED
CVE-2020-8921
	RESERVED
CVE-2020-8920
	RESERVED
CVE-2020-8919
	RESERVED
CVE-2020-8918
	RESERVED
CVE-2020-8917
	RESERVED
CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...)
	TODO: check
CVE-2020-8915
	RESERVED
CVE-2020-8914
	RESERVED
CVE-2020-8913
	RESERVED
CVE-2020-8912
	RESERVED
CVE-2020-8911
	RESERVED
CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...)
	- chromium <unfixed>
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
CVE-2020-8909
	RESERVED
CVE-2020-8908
	RESERVED
CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
	- google-compute-image-packages <unfixed>
	NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
	NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8906
	RESERVED
CVE-2020-8905
	RESERVED
CVE-2020-8904
	RESERVED
CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
	- google-compute-image-packages <unfixed>
	NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
	NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8902
	RESERVED
CVE-2020-8901
	RESERVED
CVE-2020-8900
	RESERVED
CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of  ...)
	NOT-FOR-US: Samsung
CVE-2020-8898
	RESERVED
CVE-2020-8897
	RESERVED
CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...)
	NOT-FOR-US: Google Earth Pro
CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...)
	NOT-FOR-US: windows installer of Google Earth Pro
CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...)
	NOT-FOR-US: MISP
CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...)
	NOT-FOR-US: MISP
CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...)
	NOT-FOR-US: MISP
CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...)
	NOT-FOR-US: MISP
CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...)
	NOT-FOR-US: MISP
CVE-2020-8889
	RESERVED
CVE-2020-8888
	RESERVED
CVE-2020-8887
	RESERVED
CVE-2020-8886
	RESERVED
CVE-2020-8885
	RESERVED
CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
	NOT-FOR-US: SocialEngine
CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
	NOT-FOR-US: SocialEngine
CVE-2020-8884
	RESERVED
CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...)
	NOT-FOR-US: Parallels
CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...)
	NOT-FOR-US: Parallels
CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...)
	NOT-FOR-US: Parallels
CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...)
	NOT-FOR-US: Parallels
CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...)
	NOT-FOR-US: Parallels
CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
	NOT-FOR-US: Parallels
CVE-2020-8870
	RESERVED
CVE-2020-8869
	RESERVED
CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest Foglight Evolve
CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...)
	NOT-FOR-US: OPC Foundation UA .NET Standard
CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...)
	{DLA-2162-1}
	- php-horde-form 2.0.20-1 (bug #955020)
	[buster] - php-horde-form 2.0.18-3.1+deb10u1
	[stretch] - php-horde-form <no-dsa> (Minor issue)
	NOTE: https://lists.horde.org/archives/announce/2020/001288.html
	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/
	NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f
CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files  ...)
	{DLA-2175-1}
	- php-horde-trean 1.1.10-1 (bug #955019)
	[buster] - php-horde-trean 1.1.9-3+deb10u1
	[stretch] - php-horde-trean <no-dsa> (Minor issue)
	NOTE: https://lists.horde.org/archives/announce/2020/001286.html
	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/
	NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75
	NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908
CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...)
	NOT-FOR-US: D-Link
CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...)
	NOT-FOR-US: D-Link
CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...)
	NOT-FOR-US: D-Link
CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...)
	NOT-FOR-US: D-Link
CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung Galaxy S10 Firmware
CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...)
	NOT-FOR-US: elog
CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Moxa
CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
	NOT-FOR-US: itsio
CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...)
	NOT-FOR-US: MSI True Color
CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
	NOT-FOR-US: TestLink
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
	{DLA-2111-1}
	- jackson-databind <unfixed>
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
	NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...)
	NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices
CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...)
	{DLA-2116-1}
	- libpam-radius-auth 1.4.0-3 (bug #951396)
	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686980
CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2020-8837
	RESERVED
CVE-2020-8836
	RESERVED
CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...)
	- linux 5.5.13-2
	[buster] - linux <not-affected> (Vulnerable code introduced later)
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef
	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-350/
CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of  ...)
	- linux 4.18.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2
CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...)
	NOT-FOR-US: Apport
CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...)
	- linux 4.16.5-1
	[stretch] - linux <not-affected> (Vulnerable code not present, incomplete fix not applied)
	[jessie] - linux <not-affected> (No support for this hardware)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840
	NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only
	NOTE: affects upstream versions (and downstreams) which applied the fix fo
	NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context
	NOTE: state on context switch"). But there is need to apply as well the prerequistite
	NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load").
CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...)
	NOT-FOR-US: Apport
CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...)
	NOT-FOR-US: Prismview
CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...)
	NOT-FOR-US: Syska Smart Bulb devices
CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...)
	NOT-FOR-US: Ruckus
CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...)
	NOT-FOR-US: Intelbras
CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...)
	NOT-FOR-US: Argo
CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...)
	NOT-FOR-US: Argo
CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...)
	NOT-FOR-US: Argo
CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...)
	NOT-FOR-US: Vanilla Forums
CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...)
	NOT-FOR-US: Hitron devices
CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...)
	NOT-FOR-US: SockJS
CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices  ...)
	NOT-FOR-US: Digi TransPort
CVE-2020-8821
	RESERVED
CVE-2020-8820
	RESERVED
CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...)
	NOT-FOR-US: CardGate Payments plugin for WooCommerce
CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...)
	NOT-FOR-US: CardGate Payments plugin for Magento
CVE-2020-8817
	RESERVED
CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
	NOT-FOR-US: Pi-hole
CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam  ...)
	NOT-FOR-US: BearFTP
CVE-2020-8814
	RESERVED
CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...)
	NOT-FOR-US: Argo
CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...)
	- lxc-templates <unfixed>
	- lxc 1:3.0.3-1 (low)
	[stretch] - lxc <no-dsa> (Minor issue)
	[jessie] - lxc <ignored> (https://lists.debian.org/debian-lts/2020/02/msg00102.html)
	NOTE: LXC 3.0.2 split the templates out to separate lxc-templates.
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447
	NOTE: Some of the templates were switched to fetch the pacakges over HTTPS, cf.
	NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.
CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...)
	- cacti 1.2.10+ds1-1 (bug #951832)
	[stretch] - cacti <not-affected> (Vulnerable code not present)
	[jessie] - cacti <not-affected> (Vulnerable code not present)
	NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
	NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
	NOTE: https://github.com/Cacti/cacti/issues/3285
	NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784
CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...)
	NOT-FOR-US: Bludit
CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated  ...)
	NOT-FOR-US: Bludit
CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...)
	NOT-FOR-US: Gurux
CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...)
	NOT-FOR-US: Gurux
CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...)
	NOT-FOR-US: CORSAIR iCUE
CVE-2020-8807
	RESERVED
CVE-2020-8806
	RESERVED
CVE-2020-8805
	RESERVED
CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...)
	NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress
CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...)
	NOT-FOR-US: Juplink
CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...)
	NOT-FOR-US: Juplink
CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before  ...)
	NOT-FOR-US: Biscom Secure File Transfer (SFT)
CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...)
	- gitlab <not-affected> (Only affects EE version)
	NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...)
	{DSA-4634-1}
	- opensmtpd 6.6.4p1-1 (bug #952453)
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5
	NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1
CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...)
	- opensmtpd 6.6.4p1-1 (unimportant; bug #952453)
	[buster] - opensmtpd 6.0.3p1-5+deb10u4
	[stretch] - opensmtpd 6.0.2p1-2+deb9u3
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4
	NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
	NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
	NOTE: Neutralised by kernel hardening
CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...)
	NOT-FOR-US: OKLOK
CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...)
	NOT-FOR-US: OKLOK
CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...)
	NOT-FOR-US: OKLOK
CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...)
	NOT-FOR-US: Composr
CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
	NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
	NOT-FOR-US: SuiteCRM
CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-20450
	RESERVED
CVE-2019-20449
	RESERVED
CVE-2019-20448
	RESERVED
CVE-2020-8782
	RESERVED
CVE-2020-8781
	RESERVED
CVE-2020-8780
	RESERVED
CVE-2020-8779
	RESERVED
CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...)
	NOT-FOR-US: Alfresco
CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...)
	NOT-FOR-US: Alfresco
CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...)
	NOT-FOR-US: Alfresco
CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site  ...)
	NOT-FOR-US: Pega Platform
CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...)
	NOT-FOR-US: Pega Platform
CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...)
	NOT-FOR-US: Pega Platform
CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...)
	NOT-FOR-US: InfiniteWP Client plugin for WordPress
CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...)
	NOT-FOR-US: Time Capsule plugin for WordPress
CVE-2020-8770
	RESERVED
CVE-2020-8769
	RESERVED
CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...)
	NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L)
CVE-2020-8767
	RESERVED
CVE-2020-8766
	RESERVED
CVE-2020-8765
	RESERVED
CVE-2020-8764
	RESERVED
CVE-2020-8763
	RESERVED
CVE-2020-8762
	RESERVED
CVE-2020-8761
	RESERVED
CVE-2020-8760
	RESERVED
CVE-2020-8759
	RESERVED
CVE-2020-8758
	RESERVED
CVE-2020-8757
	RESERVED
CVE-2020-8756
	RESERVED
CVE-2020-8755
	RESERVED
CVE-2020-8754
	RESERVED
CVE-2020-8753
	RESERVED
CVE-2020-8752
	RESERVED
CVE-2020-8751
	RESERVED
CVE-2020-8750
	RESERVED
CVE-2020-8749
	RESERVED
CVE-2020-8748
	RESERVED
CVE-2020-8747
	RESERVED
CVE-2020-8746
	RESERVED
CVE-2020-8745
	RESERVED
CVE-2020-8744
	RESERVED
CVE-2020-8743
	RESERVED
CVE-2020-8742
	RESERVED
CVE-2020-8741
	RESERVED
CVE-2020-8740
	RESERVED
CVE-2020-8739
	RESERVED
CVE-2020-8738
	RESERVED
CVE-2020-8737
	RESERVED
CVE-2020-8736
	RESERVED
CVE-2020-8735
	RESERVED
CVE-2020-8734
	RESERVED
CVE-2020-8733
	RESERVED
CVE-2020-8732
	RESERVED
CVE-2020-8731
	RESERVED
CVE-2020-8730
	RESERVED
CVE-2020-8729
	RESERVED
CVE-2020-8728
	RESERVED
CVE-2020-8727
	RESERVED
CVE-2020-8726
	RESERVED
CVE-2020-8725
	RESERVED
CVE-2020-8724
	RESERVED
CVE-2020-8723
	RESERVED
CVE-2020-8722
	RESERVED
CVE-2020-8721
	RESERVED
CVE-2020-8720
	RESERVED
CVE-2020-8719
	RESERVED
CVE-2020-8718
	RESERVED
CVE-2020-8717
	RESERVED
CVE-2020-8716
	RESERVED
CVE-2020-8715
	RESERVED
CVE-2020-8714
	RESERVED
CVE-2020-8713
	RESERVED
CVE-2020-8712
	RESERVED
CVE-2020-8711
	RESERVED
CVE-2020-8710
	RESERVED
CVE-2020-8709
	RESERVED
CVE-2020-8708
	RESERVED
CVE-2020-8707
	RESERVED
CVE-2020-8706
	RESERVED
CVE-2020-8705
	RESERVED
CVE-2020-8704
	RESERVED
CVE-2020-8703
	RESERVED
CVE-2020-8702
	RESERVED
CVE-2020-8701
	RESERVED
CVE-2020-8700
	RESERVED
CVE-2020-8699
	RESERVED
CVE-2020-8698
	RESERVED
CVE-2020-8697
	RESERVED
CVE-2020-8696
	RESERVED
CVE-2020-8695
	RESERVED
CVE-2020-8694
	RESERVED
CVE-2020-8693
	RESERVED
CVE-2020-8692
	RESERVED
CVE-2020-8691
	RESERVED
CVE-2020-8690
	RESERVED
CVE-2020-8689
	RESERVED
CVE-2020-8688
	RESERVED
CVE-2020-8687
	RESERVED
CVE-2020-8686
	RESERVED
CVE-2020-8685
	RESERVED
CVE-2020-8684
	RESERVED
CVE-2020-8683
	RESERVED
CVE-2020-8682
	RESERVED
CVE-2020-8681
	RESERVED
CVE-2020-8680
	RESERVED
CVE-2020-8679
	RESERVED
CVE-2020-8678
	RESERVED
CVE-2020-8677
	RESERVED
CVE-2020-8676
	RESERVED
CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...)
	NOT-FOR-US: Intel
CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...)
	NOT-FOR-US: Intel
CVE-2020-8673
	RESERVED
CVE-2020-8672
	RESERVED
CVE-2020-8671
	RESERVED
CVE-2020-8670
	RESERVED
CVE-2020-8669
	RESERVED
CVE-2020-8668
	RESERVED
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
	- lua-cgi <not-affected> (session generation changed in 5.1.x, cf. CVE-2014-10399)
	NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...)
	- lua-cgi <not-affected> (session generation changed in 5.2.x, cf. CVE-2014-2875)
	NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
CVE-2020-8667
	RESERVED
CVE-2020-8666
	RESERVED
CVE-2020-8665
	RESERVED
CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS  ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8662
	RESERVED
CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...)
	NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-8653
	RESERVED
CVE-2020-8652
	RESERVED
CVE-2020-8651
	RESERVED
CVE-2020-8650
	RESERVED
CVE-2020-8646
	RESERVED
CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...)
	NOT-FOR-US: Simplejobscript.com SJS
CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...)
	NOT-FOR-US: PlaySMS
CVE-2020-8643
	RESERVED
CVE-2020-8642
	RESERVED
CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...)
	NOT-FOR-US: Lotus Core CMS
CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
	NOT-FOR-US: Jobberbase CMS
CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
CVE-2020-8640
	RESERVED
CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...)
	NOT-FOR-US: TestLink
CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...)
	NOT-FOR-US: TestLink
CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...)
	NOT-FOR-US: TestLink
CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...)
	NOT-FOR-US: OpServices OpMon
CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
	NOT-FOR-US: Wing FTP Server
CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
	NOT-FOR-US: Wing FTP Server
CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...)
	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
	{DLA-2113-1}
	- cloud-init 19.4-2 (bug #951363)
	[buster] - cloud-init <no-dsa> (Minor issue)
	[stretch] - cloud-init <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
	NOTE: https://github.com/canonical/cloud-init/pull/189
	NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14
CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...)
	{DLA-2113-1}
	- cloud-init 19.4-2 (bug #951362)
	[buster] - cloud-init <no-dsa> (Minor issue)
	[stretch] - cloud-init <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
	NOTE: https://github.com/canonical/cloud-init/pull/204
CVE-2020-8630
	RESERVED
CVE-2020-8629
	RESERVED
CVE-2020-8628
	RESERVED
CVE-2020-8627
	RESERVED
CVE-2020-8626
	RESERVED
CVE-2020-8625
	RESERVED
CVE-2020-8624
	RESERVED
CVE-2020-8623
	RESERVED
CVE-2020-8622
	RESERVED
CVE-2020-8621
	RESERVED
CVE-2020-8620
	RESERVED
CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -&gt; 9.11.19, BIND 9.14.9 -&gt; 9. ...)
	- bind9 1:9.16.4-1
	[buster] - bind9 <not-affected> (Vulnerable code introduced later)
	[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
	NOTE: https://kb.isc.org/docs/cve-2020-8619
	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718
CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...)
	- bind9 1:9.16.4-1
	[buster] - bind9 <not-affected> (Vulnerable code introduced later)
	[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
	NOTE: https://kb.isc.org/docs/cve-2020-8618
	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1850
CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...)
	{DSA-4689-1 DLA-2227-1}
	- bind9 1:9.16.3-1 (bug #961939)
	NOTE: https://kb.isc.org/docs/cve-2020-8617
	NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information
CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...)
	{DSA-4689-1 DLA-2227-1}
	- bind9 1:9.16.3-1 (bug #961939)
	NOTE: https://kb.isc.org/docs/cve-2020-8616
CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
	NOT-FOR-US: Tutor LMS plugin for WordPress
CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...)
	NOT-FOR-US: Askey devices
CVE-2020-8613
	RESERVED
CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...)
	NOT-FOR-US: Progress MOVEit Transfer
CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...)
	NOT-FOR-US: Progress MOVEit Transfer
CVE-2020-8610
	RESERVED
CVE-2020-8609
	RESERVED
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf  ...)
	{DLA-2144-1 DLA-2142-1}
	- libslirp 4.2.0-1
	- qemu 1:4.1-2
	[buster] - qemu <postponed> (Minor issue)
	[stretch] - qemu <postponed> (Minor issue)
	- qemu-kvm <removed>
	- slirp <unfixed>
	- slirp4netns 1.0.1-1
	[buster] - slirp4netns <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
CVE-2020-8607
	RESERVED
CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8604 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8603 (A cross-site scripting vulnerability (XSS) in Trend Micro InterScan We ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8602
	RESERVED
CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected  ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...)
	{DSA-4632-1 DLA-2097-1}
	- lwip 2.1.2+dfsg1-5 (bug #951291)
	[buster] - lwip 2.0.3-3+deb10u1
	[experimental] - ppp 2.4.8-1+1~exp1
	- ppp <unfixed> (bug #950618)
	NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86
	NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5  ...)
	NOT-FOR-US: Participants Database plugin for WordPress
CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and  ...)
	NOT-FOR-US: itsio
CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2020-8593
	RESERVED
CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...)
	NOT-FOR-US: eG Manager
CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...)
	NOT-FOR-US: eG Manager
CVE-2020-8590
	RESERVED
CVE-2020-8589
	RESERVED
CVE-2020-8588
	RESERVED
CVE-2020-8587
	RESERVED
CVE-2020-8586
	RESERVED
CVE-2020-8585
	RESERVED
CVE-2020-8584
	RESERVED
CVE-2020-8583
	RESERVED
CVE-2020-8582
	RESERVED
CVE-2020-8581
	RESERVED
CVE-2020-8580
	RESERVED
CVE-2020-8579
	RESERVED
CVE-2020-8578
	RESERVED
CVE-2020-8577
	RESERVED
CVE-2020-8576
	RESERVED
CVE-2020-8575
	RESERVED
CVE-2020-8574
	RESERVED
CVE-2020-8573 (The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped  ...)
	NOT-FOR-US: NetApp
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
	NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
	NOT-FOR-US: StorageGRID
CVE-2020-8570
	RESERVED
CVE-2020-8569
	RESERVED
CVE-2020-8568
	RESERVED
CVE-2020-8567
	RESERVED
CVE-2020-8566
	RESERVED
CVE-2020-8565
	RESERVED
CVE-2020-8564
	RESERVED
CVE-2020-8563
	RESERVED
CVE-2020-8562
	RESERVED
CVE-2020-8561
	RESERVED
CVE-2020-8560
	RESERVED
CVE-2020-8559
	RESERVED
CVE-2020-8558
	RESERVED
CVE-2020-8557
	RESERVED
CVE-2020-8556
	RESERVED
CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...)
	- kubernetes 1.18.2-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/91542
CVE-2020-8554
	RESERVED
CVE-2020-8553
	RESERVED
CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...)
	- kubernetes 1.17.4-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/89378
CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...)
	- kubernetes 1.17.4-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/89377
CVE-2020-8550
	RESERVED
CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...)
	NOT-FOR-US: Strong Testimonials plugin for WordPress
CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...)
	NOT-FOR-US: massCode
CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...)
	- phplist <itp> (bug #612288)
CVE-2020-8546
	RESERVED
CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
	NOT-FOR-US: AIL framework
CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...)
	NOT-FOR-US: OX App Suite
CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...)
	NOT-FOR-US: OX App Suite
CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...)
	NOT-FOR-US: OX App Suite
CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
	NOT-FOR-US: OX App Suite
CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2020-8539
	RESERVED
CVE-2020-8538
	RESERVED
CVE-2020-8537
	RESERVED
CVE-2020-8536
	RESERVED
CVE-2020-8535
	RESERVED
CVE-2020-8534
	RESERVED
CVE-2020-8533
	RESERVED
CVE-2020-8532
	RESERVED
CVE-2020-8531
	RESERVED
CVE-2020-8530
	RESERVED
CVE-2020-8529
	RESERVED
CVE-2020-8528
	RESERVED
CVE-2020-8527
	RESERVED
CVE-2020-8526
	RESERVED
CVE-2020-8525
	RESERVED
CVE-2020-8524
	RESERVED
CVE-2020-8523
	RESERVED
CVE-2020-8522
	RESERVED
CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...)
	TODO: check
CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...)
	TODO: check
CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...)
	TODO: check
CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
	{DLA-2174-1}
	- php-horde-data <unfixed> (bug #951537)
	[buster] - php-horde-data 2.1.4-5+deb10u1
	[stretch] - php-horde-data <no-dsa> (Minor issue)
	NOTE: https://lists.horde.org/archives/announce/2020/001285.html
	NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e
CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
	- squid 4.10-1 (unimportant)
	- squid3 <removed> (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch
	NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...".
CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...)
	- tor <unfixed> (unimportant)
	NOTE: Not considered a bug / explicit design choice by upstream
	NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
	NOTE: https://trac.torproject.org/projects/tor/ticket/33129
	NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...)
	- librsvg 2.46.4-1
	[jessie] - librsvg <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
	NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135
CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...)
	NOT-FOR-US: DrayTek devices
CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...)
	NOT-FOR-US: Rumpus on macOS
CVE-2020-8513
	RESERVED
CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...)
	NOT-FOR-US: IceWarp Webmail Server
CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
	NOT-FOR-US: phpABook
CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
	NOT-FOR-US: Norman Malware Cleaner
CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...)
	NOT-FOR-US: Citytv Video application for Android and iOS
CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...)
	NOT-FOR-US: Global TV application for Android and iOS
CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...)
	NOT-FOR-US: School Management Software PHP/mySQL
CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...)
	NOT-FOR-US: School Management Software PHP/mySQL
CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...)
	NOT-FOR-US: Biscom Secure File Transfer (SFT)
CVE-2020-8502
	RESERVED
CVE-2020-8501
	RESERVED
CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-8499
	RESERVED
CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...)
	NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress
CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...)
	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7  ...)
	- python3.8 3.8.3~rc1-1
	- python3.7 <removed>
	[buster] - python3.7 <no-dsa> (Minor issue)
	- python3.5 <removed>
	[stretch] - python3.5 <no-dsa> (Minor issue)
	- python3.4 <removed>
	[jessie] - python3.4 <postponed> (Minor issue)
	- python2.7 <unfixed>
	[buster] - python2.7 <no-dsa> (Minor issue)
	[stretch] - python2.7 <no-dsa> (Minor issue)
	[jessie] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue39503
	NOTE: https://github.com/python/cpython/pull/18284
	NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
	NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master)
	NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch)
	NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch)
	NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch)
CVE-2020-8491
	RESERVED
CVE-2020-8490
	RESERVED
CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8483
	RESERVED
CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...)
	NOT-FOR-US: ABB
CVE-2020-8481 (For ABB products ABB Ability&#8482; System 800xA and related system ex ...)
	NOT-FOR-US: ABB
CVE-2020-8480
	RESERVED
CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...)
	NOT-FOR-US: ABB
CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...)
	NOT-FOR-US: ABB
CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...)
	NOT-FOR-US: ABB
CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...)
	NOT-FOR-US: ABB
CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...)
	NOT-FOR-US: ABB
CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...)
	NOT-FOR-US: ABB
CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...)
	NOT-FOR-US: ABB
CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...)
	NOT-FOR-US: ABB
CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...)
	NOT-FOR-US: ABB
CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a  ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...)
	NOT-FOR-US: Trend Micro
CVE-2020-8466
	RESERVED
CVE-2020-8465
	RESERVED
CVE-2020-8464
	RESERVED
CVE-2020-8463
	RESERVED
CVE-2020-8462
	RESERVED
CVE-2020-8461
	RESERVED
CVE-2020-8460
	RESERVED
CVE-2020-8459
	RESERVED
CVE-2020-8458
	RESERVED
CVE-2020-8457
	RESERVED
CVE-2020-8456
	RESERVED
CVE-2020-8455
	RESERVED
CVE-2020-8454
	RESERVED
CVE-2020-8453
	RESERVED
CVE-2020-8452
	RESERVED
CVE-2020-8451
	RESERVED
CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer  ...)
	{DSA-4682-1}
	- squid 4.10-1 (bug #950802)
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5)
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)
CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
	{DSA-4682-1}
	- squid 4.10-1 (bug #950802)
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5)
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)
CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for  ...)
	- ossec-hids <itp> (bug #361954)
CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization  ...)
	NOT-FOR-US: JYaml
CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is  ...)
	NOT-FOR-US: Simplejobscript.com SJS
CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...)
	NOT-FOR-US: Monstra CMS
CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...)
	NOT-FOR-US: Ruckus devices
CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...)
	NOT-FOR-US: uTorrent
CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...)
	NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...)
	NOT-FOR-US: Jenzabar JICS (aka Internet Campus Solution)
CVE-2020-8433
	RESERVED
CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length  ...)
	{DLA-2110-1 DLA-2109-1}
	- netty 1:4.1.45-1 (bug #950967)
	- netty-3.9 <removed>
	NOTE: https://github.com/netty/netty/issues/9861
	NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1)
	NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1)
	NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
	{DLA-2110-1 DLA-2109-1}
	- netty 1:4.1.45-1 (bug #950966)
	- netty-3.9 <removed>
	NOTE: https://github.com/netty/netty/issues/9866
	NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1)
CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
	- u-boot 2020.01+dfsg-2 (low)
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <ignored> (Minor issue)
	NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html
	NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html
CVE-2020-8431
	RESERVED
CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...)
	NOT-FOR-US: Stormshield Network Security 310
CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not  ...)
	NOT-FOR-US: Kinetica
CVE-2020-8427 (In Unitrends Backup before 10.4.1, an HTTP request parameter was not p ...)
	NOT-FOR-US: Kaseya Traverse
CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
	NOT-FOR-US: Elementor plugin for WordPress
CVE-2020-8425 (Cups Easy (Purchase &amp; Inventory) 1.0 is vulnerable to CSRF that le ...)
	NOT-FOR-US: Cups Easy (Purchase & Inventory)
CVE-2020-8424 (Cups Easy (Purchase &amp; Inventory) 1.0 is vulnerable to CSRF that le ...)
	NOT-FOR-US: Cups Easy (Purchase & Inventory)
CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...)
	NOT-FOR-US: TP-Link
CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping  ...)
	NOT-FOR-US:  Joomla!
CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...)
	NOT-FOR-US:  Joomla!
CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...)
	NOT-FOR-US:  Joomla!
CVE-2020-8418
	RESERVED
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
	NOT-FOR-US: Code Snippets plugin for WordPress
CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial  ...)
	NOT-FOR-US: BearFTP
CVE-2020-8415
	RESERVED
CVE-2020-8414
	RESERVED
CVE-2020-8413
	RESERVED
CVE-2020-8412
	RESERVED
CVE-2020-8411
	RESERVED
CVE-2020-8410
	RESERVED
CVE-2020-8409
	RESERVED
CVE-2020-8408
	RESERVED
CVE-2020-8407
	RESERVED
CVE-2020-8406
	RESERVED
CVE-2020-8405
	RESERVED
CVE-2020-8404
	RESERVED
CVE-2020-8403
	RESERVED
CVE-2020-8402
	RESERVED
CVE-2020-8401
	RESERVED
CVE-2020-8400
	RESERVED
CVE-2020-8399
	RESERVED
CVE-2020-8398
	RESERVED
CVE-2020-8397
	RESERVED
CVE-2020-8396
	RESERVED
CVE-2020-8395
	RESERVED
CVE-2020-8394
	RESERVED
CVE-2020-8393
	RESERVED
CVE-2020-8392
	RESERVED
CVE-2020-8391
	RESERVED
CVE-2020-8390
	RESERVED
CVE-2020-8389
	RESERVED
CVE-2020-8388
	RESERVED
CVE-2020-8387
	RESERVED
CVE-2020-8386
	RESERVED
CVE-2020-8385
	RESERVED
CVE-2020-8384
	RESERVED
CVE-2020-8383
	RESERVED
CVE-2020-8382
	RESERVED
CVE-2020-8381
	RESERVED
CVE-2020-8380
	RESERVED
CVE-2020-8379
	RESERVED
CVE-2020-8378
	RESERVED
CVE-2020-8377
	RESERVED
CVE-2020-8376
	RESERVED
CVE-2020-8375
	RESERVED
CVE-2020-8374
	RESERVED
CVE-2020-8373
	RESERVED
CVE-2020-8372
	RESERVED
CVE-2020-8371
	RESERVED
CVE-2020-8370
	RESERVED
CVE-2020-8369
	RESERVED
CVE-2020-8368
	RESERVED
CVE-2020-8367
	RESERVED
CVE-2020-8366
	RESERVED
CVE-2020-8365
	RESERVED
CVE-2020-8364
	RESERVED
CVE-2020-8363
	RESERVED
CVE-2020-8362
	RESERVED
CVE-2020-8361
	RESERVED
CVE-2020-8360
	RESERVED
CVE-2020-8359
	RESERVED
CVE-2020-8358
	RESERVED
CVE-2020-8357
	RESERVED
CVE-2020-8356
	RESERVED
CVE-2020-8355
	RESERVED
CVE-2020-8354
	RESERVED
CVE-2020-8353
	RESERVED
CVE-2020-8352
	RESERVED
CVE-2020-8351
	RESERVED
CVE-2020-8350
	RESERVED
CVE-2020-8349
	RESERVED
CVE-2020-8348
	RESERVED
CVE-2020-8347
	RESERVED
CVE-2020-8346
	RESERVED
CVE-2020-8345
	RESERVED
CVE-2020-8344
	RESERVED
CVE-2020-8343
	RESERVED
CVE-2020-8342
	RESERVED
CVE-2020-8341
	RESERVED
CVE-2020-8340
	RESERVED
CVE-2020-8339
	RESERVED
CVE-2020-8338
	RESERVED
CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...)
	NOT-FOR-US: Synaptics Smart Audio UWP app
CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...)
	NOT-FOR-US: Lenovo
CVE-2020-8335
	RESERVED
CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
	NOT-FOR-US: Lenovo
CVE-2020-8333
	RESERVED
CVE-2020-8332
	RESERVED
CVE-2020-8331
	REJECTED
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
	NOT-FOR-US: Lenovo
CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
	NOT-FOR-US: Lenovo
CVE-2020-8328
	RESERVED
CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
	NOT-FOR-US: Lenovo
CVE-2020-8326
	RESERVED
CVE-2020-8325
	RESERVED
CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...)
	NOT-FOR-US: Lenovo
CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...)
	NOT-FOR-US: Lenovo
CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...)
	NOT-FOR-US: Lenovo
CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...)
	NOT-FOR-US: Lenovo
CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...)
	NOT-FOR-US: Lenovo
CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...)
	NOT-FOR-US: Lenovo
CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...)
	NOT-FOR-US: Lenovo
CVE-2020-8317
	RESERVED
CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...)
	NOT-FOR-US: Lenovo
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
	{DSA-4698-1 DSA-4667-1 DLA-2242-1}
	- linux 5.4.19-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...)
	- python3.8 <not-affected> (Windows-specific)
	- python3.7 <not-affected> (Windows-specific)
	NOTE: https://bugs.python.org/issue39401
CVE-2020-8314
	RESERVED
CVE-2020-8313
	RESERVED
CVE-2020-8312
	RESERVED
CVE-2020-8311
	RESERVED
CVE-2020-8310
	RESERVED
CVE-2020-8309
	RESERVED
CVE-2020-8308
	RESERVED
CVE-2020-8307
	RESERVED
CVE-2020-8306
	RESERVED
CVE-2020-8305
	RESERVED
CVE-2020-8304
	RESERVED
CVE-2020-8303
	RESERVED
CVE-2020-8302
	RESERVED
CVE-2020-8301
	RESERVED
CVE-2020-8300
	RESERVED
CVE-2020-8299
	RESERVED
CVE-2020-8298
	RESERVED
CVE-2020-8297
	RESERVED
CVE-2020-8296
	RESERVED
CVE-2020-8295
	RESERVED
CVE-2020-8294
	RESERVED
CVE-2020-8293
	RESERVED
CVE-2020-8292
	RESERVED
CVE-2020-8291
	RESERVED
CVE-2020-8290
	RESERVED
CVE-2020-8289
	RESERVED
CVE-2020-8288
	RESERVED
CVE-2020-8287
	RESERVED
CVE-2020-8286
	RESERVED
CVE-2020-8285
	RESERVED
CVE-2020-8284
	RESERVED
CVE-2020-8283
	RESERVED
CVE-2020-8282
	RESERVED
CVE-2020-8281
	RESERVED
CVE-2020-8280
	RESERVED
CVE-2020-8279
	RESERVED
CVE-2020-8278
	RESERVED
CVE-2020-8277
	RESERVED
CVE-2020-8276
	RESERVED
CVE-2020-8275
	RESERVED
CVE-2020-8274
	RESERVED
CVE-2020-8273
	RESERVED
CVE-2020-8272
	RESERVED
CVE-2020-8271
	RESERVED
CVE-2020-8270
	RESERVED
CVE-2020-8269
	RESERVED
CVE-2020-8268
	RESERVED
CVE-2020-8267
	RESERVED
CVE-2020-8266
	RESERVED
CVE-2020-8265
	RESERVED
CVE-2020-8264
	RESERVED
CVE-2020-8263
	RESERVED
CVE-2020-8262
	RESERVED
CVE-2020-8261
	RESERVED
CVE-2020-8260
	RESERVED
CVE-2020-8259
	RESERVED
CVE-2020-8258
	RESERVED
CVE-2020-8257
	RESERVED
CVE-2020-8256
	RESERVED
CVE-2020-8255
	RESERVED
CVE-2020-8254
	RESERVED
CVE-2020-8253
	RESERVED
CVE-2020-8252
	RESERVED
CVE-2020-8251
	RESERVED
CVE-2020-8250
	RESERVED
CVE-2020-8249
	RESERVED
CVE-2020-8248
	RESERVED
CVE-2020-8247
	RESERVED
CVE-2020-8246
	RESERVED
CVE-2020-8245
	RESERVED
CVE-2020-8244
	RESERVED
CVE-2020-8243
	RESERVED
CVE-2020-8242
	RESERVED
CVE-2020-8241
	RESERVED
CVE-2020-8240
	RESERVED
CVE-2020-8239
	RESERVED
CVE-2020-8238
	RESERVED
CVE-2020-8237
	RESERVED
CVE-2020-8236
	RESERVED
CVE-2020-8235
	RESERVED
CVE-2020-8234
	RESERVED
CVE-2020-8233
	RESERVED
CVE-2020-8232
	RESERVED
CVE-2020-8231
	RESERVED
CVE-2020-8230
	RESERVED
CVE-2020-8229
	RESERVED
CVE-2020-8228
	RESERVED
CVE-2020-8227
	RESERVED
CVE-2020-8226
	RESERVED
CVE-2020-8225
	RESERVED
CVE-2020-8224
	RESERVED
CVE-2020-8223
	RESERVED
CVE-2020-8222
	RESERVED
CVE-2020-8221
	RESERVED
CVE-2020-8220
	RESERVED
CVE-2020-8219
	RESERVED
CVE-2020-8218
	RESERVED
CVE-2020-8217
	RESERVED
CVE-2020-8216
	RESERVED
CVE-2020-8215
	RESERVED
CVE-2020-8214
	RESERVED
CVE-2020-8213
	RESERVED
CVE-2020-8212
	RESERVED
CVE-2020-8211
	RESERVED
CVE-2020-8210
	RESERVED
CVE-2020-8209
	RESERVED
CVE-2020-8208
	RESERVED
CVE-2020-8207
	RESERVED
CVE-2020-8206
	RESERVED
CVE-2020-8205
	RESERVED
CVE-2020-8204
	RESERVED
CVE-2020-8203
	RESERVED
CVE-2020-8202
	RESERVED
CVE-2020-8201
	RESERVED
CVE-2020-8200
	RESERVED
CVE-2020-8199
	RESERVED
CVE-2020-8198
	RESERVED
CVE-2020-8197
	RESERVED
CVE-2020-8196
	RESERVED
CVE-2020-8195
	RESERVED
CVE-2020-8194
	RESERVED
CVE-2020-8193
	RESERVED
CVE-2020-8192
	RESERVED
CVE-2020-8191
	RESERVED
CVE-2020-8190
	RESERVED
CVE-2020-8189
	RESERVED
CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
	NOT-FOR-US: UniFi Protect
CVE-2020-8187
	RESERVED
CVE-2020-8186
	RESERVED
CVE-2020-8185 (A denial of service vulnerability exists in Rails &lt;6.0.3.2 that all ...)
	[experimental] - rails 6.0.3.2+dfsg-1 (bug #964081)
	- rails <not-affected> (Introduced in rails 6.x)
	NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
	- ruby-rack <unfixed> (bug #963477)
	NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
CVE-2020-8183
	RESERVED
CVE-2020-8182
	RESERVED
CVE-2020-8181
	RESERVED
CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
	NOT-FOR-US: Nextcloud Talk
CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...)
	NOT-FOR-US: Nextcloud Deck
CVE-2020-8178
	RESERVED
CVE-2020-8177
	RESERVED
	- curl <unfixed>
	NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
	NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...)
	NOT-FOR-US: koa-shopify-auth
CVE-2020-8175
	RESERVED
CVE-2020-8174 [napi_get_value_string_*() allows various kinds of memory corruption]
	RESERVED
	{DSA-4696-1}
	- nodejs 10.21.0~dfsg-1 (bug #962145)
	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174
CVE-2020-8173
	RESERVED
CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in  ...)
	- nodejs <not-affected> (Only affects 12.x and later)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172
CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0  ...)
	NOT-FOR-US: AirMax AirOS
CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0  ...)
	NOT-FOR-US: AirMax AirOS
CVE-2020-8169
	RESERVED
	- curl <unfixed>
	[stretch] - curl <not-affected> (Vulnerable code introduced later)
	[jessie] - curl <not-affected> (Vulnerable code introduced later)
	NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html
	NOTE: https://github.com/curl/curl/commit/600a8cded447cd7118ed50142c576567c0cf5158 (7.71.0)
CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0  ...)
	NOT-FOR-US: AirMax AirOS
CVE-2020-8167 (A CSRF vulnerability exists in rails &lt;= 6.0.3 rails-ujs module that ...)
	- rails 2:5.2.4.3+dfsg-1
	[stretch] - rails <not-affected> (Vulnerable code introduced later)
	[jessie] - rails <not-affected> (Vulnerable code introduced later)
	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
	NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3
CVE-2020-8166 (A CSRF forgery vulnerability exists in rails &lt; 5.2.5, rails &lt; 6. ...)
	- rails 2:5.2.4.3+dfsg-1
	[stretch] - rails <not-affected> (Vulnerable code introduced later)
	[jessie] - rails <not-affected> (Vulnerable code introduced later)
	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
	NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1
	NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a
CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...)
	{DLA-2251-1}
	- rails 2:5.2.4.3+dfsg-1
	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
	NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend)
	NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend)
	NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b
CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails &lt; ...)
	{DLA-2251-1}
	[experimental] - rails 2:6.0.3.1+dfsg-1
	- rails 2:5.2.4.3+dfsg-1
	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
	NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec
CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...)
	- rails 2:5.2.0+dfsg-2
	NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/
	NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/
	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
	NOTE: https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2)
	NOTE: Followup needed due to breaking change: https://github.com/rails/rails/issues/39301
	NOTE: https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3)
	NOTE: The combined patch can still potentially affect reverse dependencies like redmine:
	NOTE: https://github.com/rails/rails/issues/39301#issuecomment-636818148
	NOTE: For rails 5.0 the issue is fixed in >= 5.0.1
CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...)
	- rails 2:5.2.4.3+dfsg-1
	[stretch] - rails <not-affected> (Vulnerable code introduced later)
	[jessie] - rails <not-affected> (Vulnerable code introduced later)
	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
	NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be
CVE-2020-8161 (A directory traversal vulnerability exists in rack &lt; 2.2.0 that all ...)
	{DLA-2216-1}
	- ruby-rack 2.1.1-5
	[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
	NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
	NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa
	NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94
CVE-2020-8160
	RESERVED
CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem &lt; v1.2.1 th ...)
	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
CVE-2020-8158
	RESERVED
CVE-2020-8157 (UniFi Cloud Key firmware &lt;= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
	NOT-FOR-US: UniFi Cloud Key
CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
	NOT-FOR-US: Nextcloud Mail
CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server  ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...)
	NOT-FOR-US: Nextcloud Groupfolders app
CVE-2020-8152
	RESERVED
CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...)
	- rails <not-affected> (Vulnerable code splitted out upstream before initial upload to Debian)
	NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails
	NOTE: release as it was not widely used.
CVE-2020-8150
	RESERVED
CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...)
	NOT-FOR-US: Node logkitty
CVE-2020-8148 (UniFi Cloud Key firmware &lt; 1.1.6 contains a vulnerability that enab ...)
	NOT-FOR-US: UniFi Cloud Key firmware
CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...)
	NOT-FOR-US: Node utils-extend
CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...)
	NOT-FOR-US: UniFi
CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...)
	NOT-FOR-US: UniFi
CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...)
	NOT-FOR-US: UniFi
CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...)
	NOT-FOR-US: Revive Adserver
CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...)
	NOT-FOR-US: Revive Adserver
CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can  ...)
	- node-dot 1.1.3+ds-1
	[buster] - node-dot 1.1.1-1+deb10u1
	NOTE: https://hackerone.com/reports/390929
CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...)
	- nextcloud-desktop <not-affected> (MacOS-specific)
CVE-2020-8139 (A missing access control check in Nextcloud Server &lt; 18.0.1, &lt; 1 ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server &lt; 1 ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...)
	NOT-FOR-US: Node blamer
CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart &lt; 1.0.5 allo ...)
	NOT-FOR-US: Node fastify-multipart
CVE-2020-8135 (The uppy npm package &lt; 1.9.3 is vulnerable to a Server-Side Request ...)
	NOT-FOR-US: Node uppy
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS &lt; 3.1 ...)
	NOT-FOR-US: Ghost CMS
CVE-2020-8133
	RESERVED
CVE-2020-8132 (Lack of input validation in pdf-image npm package version &lt;= 2.0.0  ...)
	NOT-FOR-US: Node pdf-image package
CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows  ...)
	- node-yarnpkg 1.22.4-2 (bug #952912)
	[buster] - node-yarnpkg <no-dsa> (Minor issue)
	NOTE: https://hackerone.com/reports/730239
	NOTE: https://github.com/yarnpkg/yarn/pull/7831
CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake &lt; 12.3. ...)
	{DLA-2120-1}
	- rake 12.3.3-1
	[buster] - rake 12.3.1-3+deb10u1
	[stretch] - rake <no-dsa> (Minor issue)
	NOTE: https://hackerone.com/reports/651518
	NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3)
CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
	NOT-FOR-US: script-manager nodejs module
CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
	NOT-FOR-US: jsreport
CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...)
	NOT-FOR-US: reveal.js
CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...)
	NOT-FOR-US: klona node module
CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...)
	- node-url-parse 1.4.7-1
	[buster] - node-url-parse <no-dsa> (Minor issue)
	[stretch] - node-url-parse <ignored> (Nodejs in stretch not covered by security support)
	NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
	NOTE: https://hackerone.com/reports/496293
CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...)
	NOT-FOR-US: strapi
CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...)
	- node-dot-prop 5.2.0-1
	[buster] - node-dot-prop 4.1.1-1+deb10u1
	NOTE: https://hackerone.com/reports/719856
	NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2
CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...)
	NOT-FOR-US: Revive Adserver
CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...)
	[experimental] - gitlab 12.6.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
	{DLA-2089-1}
	- openjpeg2 <unfixed> (bug #950184)
	[buster] - openjpeg2 <no-dsa> (Minor issue)
	[stretch] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1231
CVE-2020-8111
	RESERVED
CVE-2020-8110
	RESERVED
CVE-2020-8109
	RESERVED
CVE-2020-8108
	RESERVED
CVE-2020-8107
	RESERVED
CVE-2020-8106
	RESERVED
CVE-2020-8105
	RESERVED
CVE-2020-8104
	RESERVED
CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
	NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...)
	NOT-FOR-US: Safepay
CVE-2020-8101
	RESERVED
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as  ...)
	NOT-FOR-US: Bitdefender
CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
	NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8098
	RESERVED
CVE-2020-8097
	RESERVED
CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...)
	NOT-FOR-US: Bitdefender
CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion  ...)
	NOT-FOR-US: Bitdefender Total Security
CVE-2020-8094
	RESERVED
CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...)
	NOT-FOR-US: Bitdefender Antivirus for Mac
CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...)
	NOT-FOR-US: Bitdefender Antivirus for Mac
CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...)
	NOT-FOR-US: TYPO3
CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB  ...)
	NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices
CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...)
	- piwigo <removed>
CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass  ...)
	NOT-FOR-US: UseBB
CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...)
	NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices
CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...)
	NOT-FOR-US: WSO2
CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...)
	NOT-FOR-US: WSO2
CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored  ...)
	NOT-FOR-US: WSO2
CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...)
	NOT-FOR-US: WSO2
CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...)
	NOT-FOR-US: WSO2
CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored  ...)
	NOT-FOR-US: WSO2
CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...)
	NOT-FOR-US: WSO2
CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...)
	NOT-FOR-US: WSO2
CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...)
	NOT-FOR-US: WSO2
CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...)
	NOT-FOR-US: WSO2
CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...)
	{DSA-4612-1}
	- prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1
	NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08
	NOTE: https://prosody.im/security/advisory_20200128/
CVE-2020-8085
	RESERVED
CVE-2020-8084
	RESERVED
CVE-2020-8083
	RESERVED
CVE-2020-8082
	RESERVED
CVE-2020-8081
	RESERVED
CVE-2020-8080
	RESERVED
CVE-2020-8079
	RESERVED
CVE-2020-8078
	RESERVED
CVE-2020-8077
	RESERVED
CVE-2020-8076
	RESERVED
CVE-2020-8075
	RESERVED
CVE-2020-8074
	RESERVED
CVE-2020-8073
	RESERVED
CVE-2020-8072
	RESERVED
CVE-2020-8071
	RESERVED
CVE-2020-8070
	RESERVED
CVE-2020-8069
	RESERVED
CVE-2020-8068
	RESERVED
CVE-2020-8067
	RESERVED
CVE-2020-8066
	RESERVED
CVE-2020-8065
	RESERVED
CVE-2020-8064
	RESERVED
CVE-2020-8063
	RESERVED
CVE-2020-8062
	RESERVED
CVE-2020-8061
	RESERVED
CVE-2020-8060
	RESERVED
CVE-2020-8059
	RESERVED
CVE-2020-8058
	RESERVED
CVE-2020-8057
	RESERVED
CVE-2020-8056
	RESERVED
CVE-2020-8055
	RESERVED
CVE-2020-8054
	RESERVED
CVE-2020-8053
	RESERVED
CVE-2020-8052
	RESERVED
CVE-2020-8051
	RESERVED
CVE-2020-8050
	RESERVED
CVE-2020-8049
	RESERVED
CVE-2020-8048
	RESERVED
CVE-2020-8047
	RESERVED
CVE-2020-8046
	RESERVED
CVE-2020-8045
	RESERVED
CVE-2020-8044
	RESERVED
CVE-2020-8043
	RESERVED
CVE-2020-8042
	RESERVED
CVE-2020-8041
	RESERVED
CVE-2020-8040
	RESERVED
CVE-2020-8039
	RESERVED
CVE-2020-8038
	RESERVED
CVE-2020-8037
	RESERVED
CVE-2020-8036
	RESERVED
CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
	{DLA-2230-1}
	- php-horde 5.2.23+debian0-1 (bug #963809)
	[buster] - php-horde <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - php-horde <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf
	NOTE: https://lists.horde.org/archives/announce/2020/001290.html
CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...)
	{DLA-2229-1}
	- php-horde-gollem 3.0.12-6 (bug #961649)
	[buster] - php-horde-gollem <no-dsa> (Minor issue)
	[stretch] - php-horde-gollem <no-dsa> (Minor issue)
	NOTE: https://lists.horde.org/archives/announce/2020/001289.html
	NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083
CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...)
	NOT-FOR-US: Ruckus
CVE-2020-8032
	RESERVED
CVE-2020-8031
	RESERVED
CVE-2020-8030
	RESERVED
CVE-2020-8029
	RESERVED
CVE-2020-8028
	RESERVED
CVE-2020-8027
	RESERVED
CVE-2020-8026
	RESERVED
CVE-2020-8025
	RESERVED
CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...)
	- hylafax <not-affected> (SuSE-specific packaging issue)
CVE-2020-8023
	RESERVED
CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...)
	NOT-FOR-US: SAP
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
	TODO: check
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
	TODO: check
CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
	NOT-FOR-US: SAP
CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...)
	NOT-FOR-US: Some SLES images
CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...)
	NOT-FOR-US: SuSE packaging of TexLive
CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...)
	NOT-FOR-US: SuSE packaging of TexLive
CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
	NOT-FOR-US: SuSE packaging of TexLive
CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
	- kopanocore <not-affected> (SuSE-specific packaging issue)
CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...)
	NOT-FOR-US: chkstat
CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
	NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
	NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
	NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as  ...)
	NOT-FOR-US: AVB MOTU devices
CVE-2020-8008
	RESERVED
CVE-2020-8007
	RESERVED
CVE-2020-8006
	RESERVED
CVE-2020-8005
	RESERVED
CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...)
	NOT-FOR-US: STMicroelectronics STM32F1 devices
CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...)
	- aspell 0.60.7-3 (bug #935128)
	[buster] - aspell <no-dsa> (Minor issue)
	[stretch] - aspell <no-dsa> (Minor issue)
	[jessie] - aspell <ignored> (Minor issue)
	NOTE: http://aspell.net/buffer-overread-ucs.txt
	NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b
	NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...)
	- virglrenderer 0.8.2-1 (bug #949954)
	[buster] - virglrenderer <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
	- virglrenderer 0.8.2-1 (bug #949954)
	[buster] - virglrenderer <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5
CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...)
	NOT-FOR-US: Intellian Aptus application for Android
CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the  ...)
	NOT-FOR-US: Intellian Aptus Web
CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...)
	NOT-FOR-US: Intellian Aptus application for Android
CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...)
	NOT-FOR-US: Super File Explorer app for iOS
CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...)
	NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices
CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...)
	- dolibarr <removed>
CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...)
	- dolibarr <removed>
CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...)
	- dolibarr <removed>
CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...)
	NOT-FOR-US: Prototype node module
CVE-2020-7992
	RESERVED
CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...)
	NOT-FOR-US: Adive Framework
CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
	NOT-FOR-US: Adive Framework
CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
	NOT-FOR-US: Adive Framework
CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...)
	NOT-FOR-US: phpIPAM
CVE-2020-7987
	RESERVED
CVE-2020-7986
	RESERVED
CVE-2020-7985
	RESERVED
CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...)
	NOT-FOR-US: SolarWinds
CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...)
	NOT-FOR-US: Ruckus
CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...)
	- lustre <removed>
CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...)
	- lustre <removed>
CVE-2019-20430 (In the Lustre file system before 2.12.3, the mdt module has an LBUG pa ...)
	- lustre <removed>
CVE-2019-20429 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
	- lustre <removed>
CVE-2019-20428 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
	- lustre <removed>
CVE-2019-20427 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...)
	- lustre <removed>
CVE-2019-20426 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
	- lustre <removed>
CVE-2019-20425 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
	- lustre <removed>
CVE-2019-20424 (In the Lustre file system before 2.12.3, mdt_object_remote in the mdt  ...)
	- lustre <removed>
CVE-2019-20423 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...)
	- lustre <removed>
CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa
CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input  ...)
	- exiv2 0.27.2-8 (low; bug #950183)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
	NOTE: https://github.com/Exiv2/exiv2/issues/1011
CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...)
	NOT-FOR-US: OpenWrt
CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...)
	- ruby-geocoder 1.5.1-3 (bug #949870)
	NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Intellian Aptus Web
CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
	- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 12.6 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 8.8 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 12.4 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7975
	REJECTED
CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 10.1 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...)
	[experimental] - gitlab 12.6.7-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...)
	- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 11.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7970
	RESERVED
CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 8.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...)
	[experimental] - gitlab 12.6.7-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...)
	- gitlab <not-affected> (ONly affects Gitlab EE 12.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...)
	- gitlab <not-affected> (Only affects Gitlab EE 11.11 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...)
	NOT-FOR-US: webargs
CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect  ...)
	NOT-FOR-US: Mirumee Saleor
CVE-2020-7963
	RESERVED
CVE-2019-20420
	RESERVED
CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack via  ...)
	- qtbase-opensource-src 5.12.5+dfsg-9 (low; bug #951066)
	[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
	[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
	[jessie] - qtbase-opensource-src <ignored> (Minor issue; upstream patches use not-yet-available QStringView API)
	NOTE: https://bugreports.qt.io/browse/QTBUG-47417
	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7
	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094 (5.12 backport)
CVE-2020-7962
	RESERVED
CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE  ...)
	NOT-FOR-US: Liferay Portal
CVE-2020-7960
	RESERVED
CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of  ...)
	NOT-FOR-US: LabVantage LIMS
CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...)
	NOT-FOR-US: OnePlus 7 Pro devices
CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
	- dovecot <not-affected> (Only affects 2.3.9)
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2
CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...)
	- nomad 0.10.3+dfsg1-1
	NOTE: https://github.com/hashicorp/nomad/issues/7003
CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...)
	- consul 1.7.0+dfsg1-1 (bug #950736)
	[buster] - consul <no-dsa> (Minor issue)
	NOTE: https://github.com/hashicorp/consul/issues/7160
	NOTE: Fixed in 1.6.3.
CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...)
	NOT-FOR-US: OpServices OpMon
CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...)
	NOT-FOR-US: OpServices OpMon
CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...)
	NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2
CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...)
	NOT-FOR-US: Dota 2
CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...)
	NOT-FOR-US: Dota 2
CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers  ...)
	NOT-FOR-US: Dota 2
CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for  ...)
	NOT-FOR-US: Login by Auth0 plugin for WordPress
CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for  ...)
	NOT-FOR-US: Login by Auth0 plugin for WordPress
CVE-2020-7946
	RESERVED
CVE-2020-7945
	RESERVED
CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...)
	NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
	- puppet <unfixed> (low)
	[stretch] - puppet <no-dsa> (Minor issue)
	[buster] - puppet <no-dsa> (Minor issue)
	[jessie] - puppet <not-affected> (vulnerable code not present)
	- puppetdb <unfixed> (low)
	[buster] - puppetdb <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/CVE-2020-7943/
	NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92
CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...)
	- puppet <unfixed> (unimportant)
	NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking,
	NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch)
	NOTE: https://puppet.com/security/cve/CVE-2020-7942/
CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...)
	NOT-FOR-US: Plone
CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...)
	NOT-FOR-US: Plone
CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...)
	NOT-FOR-US: Plone
CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...)
	NOT-FOR-US: Plone
CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...)
	NOT-FOR-US: Plone
CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...)
	NOT-FOR-US: Plone
CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
	NOT-FOR-US: LifeRay Portal
CVE-2020-7933
	RESERVED
CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...)
	NOT-FOR-US: OMERO
CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2020-7930
	RESERVED
CVE-2020-7929
	RESERVED
CVE-2020-7928
	RESERVED
CVE-2020-7927
	RESERVED
CVE-2020-7926
	RESERVED
CVE-2020-7925
	RESERVED
CVE-2020-7924
	RESERVED
CVE-2020-7923
	RESERVED
CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
	NOT-FOR-US: MongoDB Enterprise
CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
	- mongodb <removed>
	[stretch] - mongodb <no-dsa> (Minor issue)
	[jessie] - mongodb <no-dsa> (Minor issue)
	NOTE: https://jira.mongodb.org/browse/SERVER-45472
CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...)
	NOT-FOR-US: Atlassian
CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...)
	NOT-FOR-US: Atlassian
CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
	NOT-FOR-US: Atlassian
CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
	NOT-FOR-US: Atlassian
CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...)
	NOT-FOR-US: Atlassian
CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
	NOT-FOR-US: Atlassian
CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...)
	NOT-FOR-US: Atlassian
CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0  ...)
	NOT-FOR-US: Atlassian
CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0  ...)
	NOT-FOR-US: Atlassian
CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...)
	NOT-FOR-US: Atlassian
CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...)
	NOT-FOR-US: Atlassian
CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...)
	NOT-FOR-US: Atlassian
CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...)
	NOT-FOR-US: Percona Monitoring and Management (PMM)
CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte  ...)
	- golang-1.14 1.14~rc1-1
	- golang-1.13 1.13.7-1
	- golang-1.11 <removed>
	[buster] - golang-1.11 <postponed> (Minor issue, can be fixed along in next DSA)
	NOTE: https://github.com/golang/go/issues/36837
	NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master)
	NOTE: https://github.com/golang/go/issues/36838 (Go 1.13)
	NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7)
	TODO: check older versions than golang-1.11
CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...)
	NOT-FOR-US: totemo totemomail
CVE-2020-7917
	RESERVED
CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...)
	NOT-FOR-US: LearnPress plugin for WordPress
CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
	NOT-FOR-US: Eaton devices
CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
	- intellij-idea <itp> (bug #747616)
CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...)
	NOT-FOR-US: JetBrains
CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could  ...)
	NOT-FOR-US: JetBrains
CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...)
	NOT-FOR-US: JetBrains
CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...)
	NOT-FOR-US: JetBrains
CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...)
	NOT-FOR-US: JetBrains
CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...)
	NOT-FOR-US: JetBrains
CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...)
	NOT-FOR-US:  JetBrains Scala plugin
CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...)
	NOT-FOR-US: JetBrains
CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...)
	- intellij-idea <itp> (bug #747616)
CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
	NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935
	NOTE: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08
	NOTE: https://github.com/CESNET/libyang/issues/773
CVE-2019-20397 (A double-free is present in libyang before v1.0-r1 in the function yyp ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793928
	NOTE: https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4
	NOTE: https://github.com/CESNET/libyang/issues/739
CVE-2019-20396 (A segmentation fault is present in yyparse in libyang before v1.0-r1 d ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
	NOTE: https://github.com/CESNET/libyang/issues/740
CVE-2019-20395 (A stack consumption issue is present in libyang before v1.0-r1 due to  ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793924
	NOTE: https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237
	NOTE: https://github.com/CESNET/libyang/issues/724
CVE-2019-20394 (A double-free is present in libyang before v1.0-r3 in the function yyp ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793932
	NOTE: https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6
	NOTE: https://github.com/CESNET/libyang/issues/769
CVE-2019-20393 (A double-free is present in libyang before v1.0-r1 in the function yyp ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793930
	NOTE: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed
	NOTE: https://github.com/CESNET/libyang/issues/742
CVE-2019-20392 (An invalid memory access flaw is present in libyang before v1.0-r1 in  ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793922
	NOTE: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
	NOTE: https://github.com/CESNET/libyang/issues/723
CVE-2019-20391 (An invalid memory access flaw is present in libyang before v1.0-r3 in  ...)
	[experimental] - libyang 1.0.167-1
	- libyang <unfixed>
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793934
	NOTE: https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8
	NOTE: https://github.com/CESNET/libyang/issues/772
CVE-2020-7903
	RESERVED
CVE-2020-7902
	RESERVED
CVE-2020-7901
	RESERVED
CVE-2020-7900
	RESERVED
CVE-2020-7899
	RESERVED
CVE-2020-7898
	RESERVED
CVE-2020-7897
	RESERVED
CVE-2020-7896
	RESERVED
CVE-2020-7895
	RESERVED
CVE-2020-7894
	RESERVED
CVE-2020-7893
	RESERVED
CVE-2020-7892
	RESERVED
CVE-2020-7891
	RESERVED
CVE-2020-7890
	RESERVED
CVE-2020-7889
	RESERVED
CVE-2020-7888
	RESERVED
CVE-2020-7887
	RESERVED
CVE-2020-7886
	RESERVED
CVE-2020-7885
	RESERVED
CVE-2020-7884
	RESERVED
CVE-2020-7883
	RESERVED
CVE-2020-7882
	RESERVED
CVE-2020-7881
	RESERVED
CVE-2020-7880
	RESERVED
CVE-2020-7879
	RESERVED
CVE-2020-7878
	RESERVED
CVE-2020-7877
	RESERVED
CVE-2020-7876
	RESERVED
CVE-2020-7875
	RESERVED
CVE-2020-7874
	RESERVED
CVE-2020-7873
	RESERVED
CVE-2020-7872
	RESERVED
CVE-2020-7871
	RESERVED
CVE-2020-7870
	RESERVED
CVE-2020-7869
	RESERVED
CVE-2020-7868
	RESERVED
CVE-2020-7867
	RESERVED
CVE-2020-7866
	RESERVED
CVE-2020-7865
	RESERVED
CVE-2020-7864
	RESERVED
CVE-2020-7863
	RESERVED
CVE-2020-7862
	RESERVED
CVE-2020-7861
	RESERVED
CVE-2020-7860
	RESERVED
CVE-2020-7859
	RESERVED
CVE-2020-7858
	RESERVED
CVE-2020-7857
	RESERVED
CVE-2020-7856
	RESERVED
CVE-2020-7855
	RESERVED
CVE-2020-7854
	RESERVED
CVE-2020-7853
	RESERVED
CVE-2020-7852
	RESERVED
CVE-2020-7851
	RESERVED
CVE-2020-7850
	RESERVED
CVE-2020-7849
	RESERVED
CVE-2020-7848
	RESERVED
CVE-2020-7847
	RESERVED
CVE-2020-7846
	RESERVED
CVE-2020-7845
	RESERVED
CVE-2020-7844
	RESERVED
CVE-2020-7843
	RESERVED
CVE-2020-7842
	RESERVED
CVE-2020-7841
	RESERVED
CVE-2020-7840
	RESERVED
CVE-2020-7839
	RESERVED
CVE-2020-7838
	RESERVED
CVE-2020-7837
	RESERVED
CVE-2020-7836
	RESERVED
CVE-2020-7835
	RESERVED
CVE-2020-7834
	RESERVED
CVE-2020-7833
	RESERVED
CVE-2020-7832
	RESERVED
CVE-2020-7831
	RESERVED
CVE-2020-7830
	RESERVED
CVE-2020-7829
	RESERVED
CVE-2020-7828
	RESERVED
CVE-2020-7827
	RESERVED
CVE-2020-7826
	RESERVED
CVE-2020-7825
	RESERVED
CVE-2020-7824
	RESERVED
CVE-2020-7823
	RESERVED
CVE-2020-7822
	RESERVED
CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a  ...)
	NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a  ...)
	NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
CVE-2020-7819
	RESERVED
CVE-2020-7818
	RESERVED
CVE-2020-7817
	RESERVED
CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
	NOT-FOR-US: DaView
CVE-2020-7815
	RESERVED
CVE-2020-7814
	RESERVED
CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
	NOT-FOR-US: Kaoni
CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
	NOT-FOR-US: Kaoni ezHTTPTrans
CVE-2020-7811
	RESERVED
CVE-2020-7810
	RESERVED
CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM)  ...)
	NOT-FOR-US: ALSong
CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
	NOT-FOR-US: RAONWIZ K Upload
CVE-2020-7807
	RESERVED
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
	NOT-FOR-US: Tobesoft Xplatform
CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...)
	NOT-FOR-US: KT Slim egg IML500 wifi devices
CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7,  ...)
	NOT-FOR-US: Handy Groupware
CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...)
	NOT-FOR-US: Zoneplayer
CVE-2020-7802 (The Synergy Systems &amp; Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
	NOT-FOR-US: Synergy Systems & Solutions (SSS)
CVE-2020-7801 (The Synergy Systems &amp; Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
	NOT-FOR-US: Synergy Systems & Solutions (SSS)
CVE-2020-7800 (The Synergy Systems &amp; Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
	NOT-FOR-US: Synergy Systems & Solutions (SSS)
CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated  ...)
	NOT-FOR-US: FusionAuth
CVE-2020-7798
	RESERVED
CVE-2020-7797
	RESERVED
CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...)
	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-7795
	RESERVED
CVE-2020-7794
	RESERVED
CVE-2020-7793
	RESERVED
CVE-2020-7792
	RESERVED
CVE-2020-7791
	RESERVED
CVE-2020-7790
	RESERVED
CVE-2020-7789
	RESERVED
CVE-2020-7788
	RESERVED
CVE-2020-7787
	RESERVED
CVE-2020-7786
	RESERVED
CVE-2020-7785
	RESERVED
CVE-2020-7784
	RESERVED
CVE-2020-7783
	RESERVED
CVE-2020-7782
	RESERVED
CVE-2020-7781
	RESERVED
CVE-2020-7780
	RESERVED
CVE-2020-7779
	RESERVED
CVE-2020-7778
	RESERVED
CVE-2020-7777
	RESERVED
CVE-2020-7776
	RESERVED
CVE-2020-7775
	RESERVED
CVE-2020-7774
	RESERVED
CVE-2020-7773
	RESERVED
CVE-2020-7772
	RESERVED
CVE-2020-7771
	RESERVED
CVE-2020-7770
	RESERVED
CVE-2020-7769
	RESERVED
CVE-2020-7768
	RESERVED
CVE-2020-7767
	RESERVED
CVE-2020-7766
	RESERVED
CVE-2020-7765
	RESERVED
CVE-2020-7764
	RESERVED
CVE-2020-7763
	RESERVED
CVE-2020-7762
	RESERVED
CVE-2020-7761
	RESERVED
CVE-2020-7760
	RESERVED
CVE-2020-7759
	RESERVED
CVE-2020-7758
	RESERVED
CVE-2020-7757
	RESERVED
CVE-2020-7756
	RESERVED
CVE-2020-7755
	RESERVED
CVE-2020-7754
	RESERVED
CVE-2020-7753
	RESERVED
CVE-2020-7752
	RESERVED
CVE-2020-7751
	RESERVED
CVE-2020-7750
	RESERVED
CVE-2020-7749
	RESERVED
CVE-2020-7748
	RESERVED
CVE-2020-7747
	RESERVED
CVE-2020-7746
	RESERVED
CVE-2020-7745
	RESERVED
CVE-2020-7744
	RESERVED
CVE-2020-7743
	RESERVED
CVE-2020-7742
	RESERVED
CVE-2020-7741
	RESERVED
CVE-2020-7740
	RESERVED
CVE-2020-7739
	RESERVED
CVE-2020-7738
	RESERVED
CVE-2020-7737
	RESERVED
CVE-2020-7736
	RESERVED
CVE-2020-7735
	RESERVED
CVE-2020-7734
	RESERVED
CVE-2020-7733
	RESERVED
CVE-2020-7732
	RESERVED
CVE-2020-7731
	RESERVED
CVE-2020-7730
	RESERVED
CVE-2020-7729
	RESERVED
CVE-2020-7728
	RESERVED
CVE-2020-7727
	RESERVED
CVE-2020-7726
	RESERVED
CVE-2020-7725
	RESERVED
CVE-2020-7724
	RESERVED
CVE-2020-7723
	RESERVED
CVE-2020-7722
	RESERVED
CVE-2020-7721
	RESERVED
CVE-2020-7720
	RESERVED
CVE-2020-7719
	RESERVED
CVE-2020-7718
	RESERVED
CVE-2020-7717
	RESERVED
CVE-2020-7716
	RESERVED
CVE-2020-7715
	RESERVED
CVE-2020-7714
	RESERVED
CVE-2020-7713
	RESERVED
CVE-2020-7712
	RESERVED
CVE-2020-7711
	RESERVED
CVE-2020-7710
	RESERVED
CVE-2020-7709
	RESERVED
CVE-2020-7708
	RESERVED
CVE-2020-7707
	RESERVED
CVE-2020-7706
	RESERVED
CVE-2020-7705
	RESERVED
CVE-2020-7704
	RESERVED
CVE-2020-7703
	RESERVED
CVE-2020-7702
	RESERVED
CVE-2020-7701
	RESERVED
CVE-2020-7700
	RESERVED
CVE-2020-7699
	RESERVED
CVE-2020-7698
	RESERVED
CVE-2020-7697
	RESERVED
CVE-2020-7696
	RESERVED
CVE-2020-7695
	RESERVED
CVE-2020-7694
	RESERVED
CVE-2020-7693
	RESERVED
CVE-2020-7692
	RESERVED
CVE-2020-7691 (In all versions of the package jspdf, it is possible to use &lt;&lt;sc ...)
	TODO: check
CVE-2020-7690 (In all versions of package jspdf, it is possible to inject JavaScript  ...)
	TODO: check
CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...)
	NOT-FOR-US: Node bcrypt
CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
	NOT-FOR-US: Node mversion
CVE-2020-7687
	RESERVED
CVE-2020-7686
	RESERVED
CVE-2020-7685
	RESERVED
CVE-2020-7684
	RESERVED
CVE-2020-7683
	RESERVED
CVE-2020-7682
	RESERVED
CVE-2020-7681
	RESERVED
CVE-2020-7680
	RESERVED
CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...)
	NOT-FOR-US: Node casperjs
CVE-2020-7678
	RESERVED
CVE-2020-7677
	RESERVED
CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...)
	- angular.js 1.8.0-1
	[buster] - angular.js <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - angular.js <no-dsa> (Minor issue, low usage of 2014-era Nodejs)
	NOTE: https://github.com/angular/angular.js/pull/17028
	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...)
	NOT-FOR-US: Node cd-messenger
CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...)
	NOT-FOR-US: Node access-policy
CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...)
	TODO: check
CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...)
	TODO: check
CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goliath i ...)
	TODO: check
CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo is use ...)
	TODO: check
CVE-2020-7669
	RESERVED
CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...)
	TODO: check
CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...)
	TODO: check
CVE-2020-7666
	RESERVED
CVE-2020-7665
	RESERVED
CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...)
	TODO: check
CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...)
	- ruby-websocket-extensions <unfixed> (bug #964274)
	NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
	NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...)
	NOT-FOR-US: Node websocket-extensions
CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial  ...)
	TODO: check
CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject  ...)
	NOT-FOR-US: serialize-javascript Node package
CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...)
	TODO: check
CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP  ...)
	NOT-FOR-US: meinheld
CVE-2020-7657
	RESERVED
CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...)
	- jquery 2.2.4+dfsg-1
	[jessie] - jquery <ignored> (Too intrusive to backport)
	NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-569619
	NOTE: See debian-lts discussion starting at: https://lists.debian.org/debian-lts/2020/06/msg00025.html
CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP  ...)
	NOT-FOR-US: netius
CVE-2020-7654 (All versions of snyk-broker before 4.73.1 are vulnerable to Informatio ...)
	NOT-FOR-US: snyk-broker
CVE-2020-7653 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary  ...)
	NOT-FOR-US: snyk-broker
CVE-2020-7652 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary  ...)
	NOT-FOR-US: snyk-broker
CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary  ...)
	NOT-FOR-US: snyk-broker
CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 4.73.1 a ...)
	NOT-FOR-US: snyk-broker
CVE-2020-7649
	RESERVED
CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary  ...)
	NOT-FOR-US: snyk-broker
CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
	NOT-FOR-US: jooby
CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...)
	NOT-FOR-US: Noed curlrequest
CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
	NOT-FOR-US: Node chrome-launcher
CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...)
	NOT-FOR-US: Node fun-map
CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...)
	NOT-FOR-US: Node paypal-adaptive
CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The  ...)
	NOT-FOR-US: Node lazysizes
CVE-2020-7641
	RESERVED
CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The  ...)
	NOT-FOR-US: Node pixl-class
CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...)
	NOT-FOR-US: Node eivindfjeldstad-dot
CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
	NOT-FOR-US: Node confinit
CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution.  ...)
	NOT-FOR-US: Node class-transformer
CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows  ...)
	NOT-FOR-US: Node adb-driver
CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...)
	NOT-FOR-US: Node compass-compile
CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...)
	NOT-FOR-US: Node heroku-addonpool
CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...)
	NOT-FOR-US: Node apiconnect-cli-plugins
CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...)
	NOT-FOR-US: Node node-mpv
CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...)
	NOT-FOR-US: Node diskusage-ng
CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...)
	NOT-FOR-US: git-add-remote node module
CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...)
	NOT-FOR-US: install-package node module
CVE-2020-7628 (umount through 1.1.6 is vulnerable to Command Injection. The argument  ...)
	NOT-FOR-US: install-package node module
CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It  ...)
	NOT-FOR-US: node-key-sender node module
CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows ...)
	NOT-FOR-US: karma-mojo node module
CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It allows ...)
	NOT-FOR-US: op-browser node module
CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...)
	NOT-FOR-US: effect node module
CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...)
	NOT-FOR-US: Node jscover
CVE-2020-7622 (All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Spl ...)
	NOT-FOR-US: Jooby
CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...)
	NOT-FOR-US: Node strong-nginx-controller
CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...)
	NOT-FOR-US: Node pomelo-monitor
CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...)
	NOT-FOR-US: get-git-data node module
CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...)
	NOT-FOR-US: Node sds
CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...)
	NOT-FOR-US: Node ini-parser
CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...)
	NOT-FOR-US: Node express-mock-middleware
CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...)
	NOT-FOR-US: Node fsa
CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...)
	NOT-FOR-US: npm-programmatic
CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...)
	NOT-FOR-US: Node clamscan
CVE-2020-7612
	REJECTED
CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...)
	NOT-FOR-US: io.micronaut:micronaut-http-client
CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...)
	[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
	- node-mongodb 3.5.6+~cs11.12.19-1
	[buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1
	NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
	NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052
	NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8
CVE-2020-7609 (node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbi ...)
	NOT-FOR-US: Node node-rules
CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...)
	- node-yargs-parser 18.1.1-1
	[buster] - node-yargs-parser 11.1.1-1+deb10u1
	[stretch] - node-yargs-parser <ignored> (Nodejs in stretch not covered by security support)
	NOTE: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
	NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
	NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832
CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands.  ...)
	NOT-FOR-US: Node gulp-styledocco
CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary  ...)
	NOT-FOR-US: Node docker-compose-remote-api
CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is  ...)
	NOT-FOR-US: Node gulp-tape
CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...)
	NOT-FOR-US: Node pulverizr
CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...)
	NOT-FOR-US: closure-compiler-stream
CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...)
	NOT-FOR-US: Node node-prompt-here
CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...)
	NOT-FOR-US: Node gulp-scss-lint
CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The  ...)
	NOT-FOR-US: querymen nodejs module
CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable ...)
	NOT-FOR-US: com.gradle.plugin-publish
CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...)
	- node-minimist 1.2.5-1 (bug #953762)
	[buster] - node-minimist <no-dsa> (Minor issue)
	[stretch] - node-minimist <ignored> (Nodejs in stretch not covered by security support)
	NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
	NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a
	NOTE: Fixed by: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...)
	NOT-FOR-US: codecov-node nodejs module
CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
	NOT-FOR-US: Codecov npm module
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
	- libxml2 2.9.10+dfsg-2.1 (bug #949582)
	[buster] - libxml2 <no-dsa> (Minor issue)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	[jessie] - libxml2 <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
	NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices
CVE-2020-7593
	RESERVED
CVE-2020-7592
	RESERVED
CVE-2020-7591
	RESERVED
CVE-2020-7590
	RESERVED
CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...)
	NOT-FOR-US: Siemens
CVE-2020-7588
	RESERVED
CVE-2020-7587
	RESERVED
CVE-2020-7586 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
	NOT-FOR-US: Siemens
CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
	NOT-FOR-US: Siemens
CVE-2020-7584
	RESERVED
CVE-2020-7583
	RESERVED
CVE-2020-7582
	RESERVED
CVE-2020-7581
	RESERVED
CVE-2020-7580 (A vulnerability has been identified in SIMATIC Automation Tool (All ve ...)
	NOT-FOR-US: Siemens
CVE-2020-7579 (A vulnerability has been identified in Spectrum Power&#8482; 5 (All ve ...)
	NOT-FOR-US: Siemens
CVE-2020-7578
	RESERVED
CVE-2020-7577
	RESERVED
CVE-2020-7576
	RESERVED
CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
	NOT-FOR-US: Climatix
CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
	NOT-FOR-US: Climatix
CVE-2020-7573
	RESERVED
CVE-2020-7572
	RESERVED
CVE-2020-7571
	RESERVED
CVE-2020-7570
	RESERVED
CVE-2020-7569
	RESERVED
CVE-2020-7568
	RESERVED
CVE-2020-7567
	RESERVED
CVE-2020-7566
	RESERVED
CVE-2020-7565
	RESERVED
CVE-2020-7564
	RESERVED
CVE-2020-7563
	RESERVED
CVE-2020-7562
	RESERVED
CVE-2020-7561
	RESERVED
CVE-2020-7560
	RESERVED
CVE-2020-7559
	RESERVED
CVE-2020-7558
	RESERVED
CVE-2020-7557
	RESERVED
CVE-2020-7556
	RESERVED
CVE-2020-7555
	RESERVED
CVE-2020-7554
	RESERVED
CVE-2020-7553
	RESERVED
CVE-2020-7552
	RESERVED
CVE-2020-7551
	RESERVED
CVE-2020-7550
	RESERVED
CVE-2020-7549
	RESERVED
CVE-2020-7548
	RESERVED
CVE-2020-7547
	RESERVED
CVE-2020-7546
	RESERVED
CVE-2020-7545
	RESERVED
CVE-2020-7544
	RESERVED
CVE-2020-7543
	RESERVED
CVE-2020-7542
	RESERVED
CVE-2020-7541
	RESERVED
CVE-2020-7540
	RESERVED
CVE-2020-7539
	RESERVED
CVE-2020-7538
	RESERVED
CVE-2020-7537
	RESERVED
CVE-2020-7536
	RESERVED
CVE-2020-7535
	RESERVED
CVE-2020-7534
	RESERVED
CVE-2020-7533
	RESERVED
CVE-2020-7532
	RESERVED
CVE-2020-7531
	RESERVED
CVE-2020-7530
	RESERVED
CVE-2020-7529
	RESERVED
CVE-2020-7528
	RESERVED
CVE-2020-7527
	RESERVED
CVE-2020-7526
	RESERVED
CVE-2020-7525
	RESERVED
CVE-2020-7524
	RESERVED
CVE-2020-7523
	RESERVED
CVE-2020-7522
	RESERVED
CVE-2020-7521
	RESERVED
CVE-2020-7520
	RESERVED
CVE-2020-7519
	RESERVED
CVE-2020-7518
	RESERVED
CVE-2020-7517
	RESERVED
CVE-2020-7516
	RESERVED
CVE-2020-7515
	RESERVED
CVE-2020-7514
	RESERVED
CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
	TODO: check
CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists  ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...)
	NOT-FOR-US: Easergy T300
CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...)
	NOT-FOR-US: Modicon
CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...)
	NOT-FOR-US: Schneider
CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)
	NOT-FOR-US: Schneider
CVE-2020-7499 (A CWE-284:Improper Access Control vulnerability exists in U.motion Ser ...)
	NOT-FOR-US: Schneider
CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...)
	NOT-FOR-US: Schneider
CVE-2020-7497 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
	NOT-FOR-US: Schneider
CVE-2020-7496 (A CWE-88: Argument Injection or Modification vulnerability exists in E ...)
	NOT-FOR-US: Schneider
CVE-2020-7495 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
	NOT-FOR-US: Schneider
CVE-2020-7494 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
	NOT-FOR-US: Schneider
CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an SQL C ...)
	NOT-FOR-US: Schneider
CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
	NOT-FOR-US: Schneider
CVE-2020-7491
	RESERVED
CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
	NOT-FOR-US: Schneider
CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
	NOT-FOR-US: Schneider
CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
	NOT-FOR-US: Schneider
CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
	NOT-FOR-US: Schneider
CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...)
	NOT-FOR-US: Schneider Electric
CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...)
	NOT-FOR-US: Schneider Electric
CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the forme ...)
	NOT-FOR-US: Schneider Electric
CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...)
	NOT-FOR-US: Schneider Electric
CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
	NOT-FOR-US:  Andover Continuum
CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
	NOT-FOR-US: Andover Continuum
CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
	NOT-FOR-US: Andover Continuum
CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
	NOT-FOR-US: IGSS
CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
	NOT-FOR-US: IGSS
CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Quantum Ethernet Network module
CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...)
	NOT-FOR-US: ZigBee Installation Kit
CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
	NOT-FOR-US: EcoStruxure Control Expert
CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
	NOT-FOR-US: ProSoft Configurator
CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
	NOT-FOR-US: Citrix
CVE-2020-7472
	RESERVED
CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...)
	NOT-FOR-US: Subrion CMS
CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
	NOT-FOR-US: Subrion CMS
CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
	- libxml2 2.9.10+dfsg-2.1 (bug #949583)
	[buster] - libxml2 <no-dsa> (Minor issue)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	[jessie] - libxml2 <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a
CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
	{DLA-2088-1}
	- libsolv 0.6.36-2 (bug #949611)
	[buster] - libsolv 0.6.35-2+deb10u1
	[stretch] - libsolv 0.6.24-1+deb9u2
	NOTE: https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)
CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...)
	{DSA-4629-1}
	- python-django 2:2.2.10-1 (bug #950581)
	[jessie] - python-django <not-affected> (Vulnerable code introduced in Django ~1.9)
	NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
	NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master)
	NOTE: https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b (3.0.3)
	NOTE: https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147 (2.2.10)
	NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28)
CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the  ...)
	NOT-FOR-US: Sonoff TH 10 and 16 devices
CVE-2020-7469
	RESERVED
CVE-2020-7468
	RESERVED
CVE-2020-7467
	RESERVED
CVE-2020-7466
	RESERVED
CVE-2020-7465
	RESERVED
CVE-2020-7464
	RESERVED
CVE-2020-7463
	RESERVED
CVE-2020-7462
	RESERVED
CVE-2020-7461
	RESERVED
CVE-2020-7460
	RESERVED
CVE-2020-7459
	RESERVED
CVE-2020-7458
	RESERVED
CVE-2020-7457
	RESERVED
CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc
CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...)
	NOT-FOR-US: FreeBSD
CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...)
	NOT-FOR-US: FreeBSD
CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc
CVE-2020-7452 (In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc
CVE-2020-7451 (In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEAS ...)
	NOT-FOR-US: FreeBSD
CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...)
	NOT-FOR-US: FreeBSD
CVE-2020-7449
	RESERVED
CVE-2020-7448
	RESERVED
CVE-2020-7447
	RESERVED
CVE-2020-7446
	RESERVED
CVE-2020-7445
	RESERVED
CVE-2020-7444
	RESERVED
CVE-2020-7443
	RESERVED
CVE-2020-7442
	RESERVED
CVE-2020-7441
	RESERVED
CVE-2020-7440
	RESERVED
CVE-2020-7439
	RESERVED
CVE-2020-7438
	RESERVED
CVE-2020-7437
	RESERVED
CVE-2020-7436
	RESERVED
CVE-2020-7435
	RESERVED
CVE-2020-7434
	RESERVED
CVE-2020-7433
	RESERVED
CVE-2020-7432
	RESERVED
CVE-2020-7431
	RESERVED
CVE-2020-7430
	RESERVED
CVE-2020-7429
	RESERVED
CVE-2020-7428
	RESERVED
CVE-2020-7427
	RESERVED
CVE-2020-7426
	RESERVED
CVE-2020-7425
	RESERVED
CVE-2020-7424
	RESERVED
CVE-2020-7423
	RESERVED
CVE-2020-7422
	RESERVED
CVE-2020-7421
	RESERVED
CVE-2020-7420
	RESERVED
CVE-2020-7419
	RESERVED
CVE-2020-7418
	RESERVED
CVE-2020-7417
	RESERVED
CVE-2020-7416
	RESERVED
CVE-2020-7415
	RESERVED
CVE-2020-7414
	RESERVED
CVE-2020-7413
	RESERVED
CVE-2020-7412
	RESERVED
CVE-2020-7411
	RESERVED
CVE-2020-7410
	RESERVED
CVE-2020-7409
	RESERVED
CVE-2020-7408
	RESERVED
CVE-2020-7407
	RESERVED
CVE-2020-7406
	RESERVED
CVE-2020-7405
	RESERVED
CVE-2020-7404
	RESERVED
CVE-2020-7403
	RESERVED
CVE-2020-7402
	RESERVED
CVE-2020-7401
	RESERVED
CVE-2020-7400
	RESERVED
CVE-2020-7399
	RESERVED
CVE-2020-7398
	RESERVED
CVE-2020-7397
	RESERVED
CVE-2020-7396
	RESERVED
CVE-2020-7395
	RESERVED
CVE-2020-7394
	RESERVED
CVE-2020-7393
	RESERVED
CVE-2020-7392
	RESERVED
CVE-2020-7391
	RESERVED
CVE-2020-7390
	RESERVED
CVE-2020-7389
	RESERVED
CVE-2020-7388
	RESERVED
CVE-2020-7387
	RESERVED
CVE-2020-7386
	RESERVED
CVE-2020-7385
	RESERVED
CVE-2020-7384
	RESERVED
CVE-2020-7383
	RESERVED
CVE-2020-7382
	RESERVED
CVE-2020-7381
	RESERVED
CVE-2020-7380
	RESERVED
CVE-2020-7379
	RESERVED
CVE-2020-7378
	RESERVED
CVE-2020-7377
	RESERVED
CVE-2020-7376
	RESERVED
CVE-2020-7375
	RESERVED
CVE-2020-7374
	RESERVED
CVE-2020-7373
	RESERVED
CVE-2020-7372
	RESERVED
CVE-2020-7371
	RESERVED
CVE-2020-7370
	RESERVED
CVE-2020-7369
	RESERVED
CVE-2020-7368
	RESERVED
CVE-2020-7367
	RESERVED
CVE-2020-7366
	RESERVED
CVE-2020-7365
	RESERVED
CVE-2020-7364
	RESERVED
CVE-2020-7363
	RESERVED
CVE-2020-7362
	RESERVED
CVE-2020-7361
	RESERVED
CVE-2020-7360
	RESERVED
CVE-2020-7359
	RESERVED
CVE-2020-7358
	RESERVED
CVE-2020-7357
	RESERVED
CVE-2020-7356
	RESERVED
CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...)
	TODO: check
CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...)
	TODO: check
CVE-2020-7353
	RESERVED
CVE-2020-7352
	RESERVED
CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...)
	NOT-FOR-US: Fonality Trixbox Community Edition
CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...)
	NOT-FOR-US: Rapid7 Metasploit Framework
CVE-2020-7349
	RESERVED
CVE-2020-7348
	RESERVED
CVE-2020-7347
	RESERVED
CVE-2020-7346
	RESERVED
CVE-2020-7345
	RESERVED
CVE-2020-7344
	RESERVED
CVE-2020-7343
	RESERVED
CVE-2020-7342
	RESERVED
CVE-2020-7341
	RESERVED
CVE-2020-7340
	RESERVED
CVE-2020-7339
	RESERVED
CVE-2020-7338
	RESERVED
CVE-2020-7337
	RESERVED
CVE-2020-7336
	RESERVED
CVE-2020-7335
	RESERVED
CVE-2020-7334
	RESERVED
CVE-2020-7333
	RESERVED
CVE-2020-7332
	RESERVED
CVE-2020-7331
	RESERVED
CVE-2020-7330
	RESERVED
CVE-2020-7329
	RESERVED
CVE-2020-7328
	RESERVED
CVE-2020-7327
	RESERVED
CVE-2020-7326
	RESERVED
CVE-2020-7325
	RESERVED
CVE-2020-7324
	RESERVED
CVE-2020-7323
	RESERVED
CVE-2020-7322
	RESERVED
CVE-2020-7321
	RESERVED
CVE-2020-7320
	RESERVED
CVE-2020-7319
	RESERVED
CVE-2020-7318
	RESERVED
CVE-2020-7317
	RESERVED
CVE-2020-7316
	RESERVED
CVE-2020-7315
	RESERVED
CVE-2020-7314
	RESERVED
CVE-2020-7313
	RESERVED
CVE-2020-7312
	RESERVED
CVE-2020-7311
	RESERVED
CVE-2020-7310
	RESERVED
CVE-2020-7309
	RESERVED
CVE-2020-7308
	RESERVED
CVE-2020-7307
	RESERVED
CVE-2020-7306
	RESERVED
CVE-2020-7305
	RESERVED
CVE-2020-7304
	RESERVED
CVE-2020-7303
	RESERVED
CVE-2020-7302
	RESERVED
CVE-2020-7301
	RESERVED
CVE-2020-7300
	RESERVED
CVE-2020-7299
	RESERVED
CVE-2020-7298
	RESERVED
CVE-2020-7297
	RESERVED
CVE-2020-7296
	RESERVED
CVE-2020-7295
	RESERVED
CVE-2020-7294
	RESERVED
CVE-2020-7293
	RESERVED
CVE-2020-7292
	RESERVED
CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
	NOT-FOR-US: McAfee
CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
	NOT-FOR-US: McAfee
CVE-2020-7289 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
	NOT-FOR-US: McAfee
CVE-2020-7288 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...)
	NOT-FOR-US: McAfee
CVE-2020-7287 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...)
	NOT-FOR-US: McAfee
CVE-2020-7286 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...)
	NOT-FOR-US: McAfee
CVE-2020-7285 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...)
	NOT-FOR-US: McAfee
CVE-2020-7284 (Exposure of Sensitive Information in McAfee Network Security Managemen ...)
	NOT-FOR-US: McAfee
CVE-2020-7283 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...)
	NOT-FOR-US: McAfee
CVE-2020-7282 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...)
	NOT-FOR-US: McAfee
CVE-2020-7281 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
	NOT-FOR-US: McAfee
CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates when using ...)
	NOT-FOR-US: McAfee
CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer component of ...)
	NOT-FOR-US: McAfee
CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...)
	NOT-FOR-US: McAfee
CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...)
	NOT-FOR-US: McAfee
CVE-2020-7276 (Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoi ...)
	NOT-FOR-US: McAfee
CVE-2020-7275 (Accessing, modifying or executing executable files vulnerability in th ...)
	NOT-FOR-US: McAfee
CVE-2020-7274 (Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Se ...)
	NOT-FOR-US: McAfee
CVE-2020-7273 (Accessing functionality not properly constrained by ACLs vulnerability ...)
	NOT-FOR-US: McAfee
CVE-2020-7272
	RESERVED
CVE-2020-7271
	RESERVED
CVE-2020-7270
	RESERVED
CVE-2020-7269
	RESERVED
CVE-2020-7268
	RESERVED
CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
	NOT-FOR-US: McAfee
CVE-2020-7266 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
	NOT-FOR-US: McAfee
CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
	NOT-FOR-US: McAfee
CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
	NOT-FOR-US: McAfee
CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
	NOT-FOR-US: ENS for Windows
CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
	NOT-FOR-US: McAfee
CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
	NOT-FOR-US: McAfee
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
	NOT-FOR-US: McAfee
CVE-2020-7259 (Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoi ...)
	NOT-FOR-US: McAfee
CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
	NOT-FOR-US: McAfee
CVE-2020-7257 (Privilege escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
	NOT-FOR-US: McAfee
CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
	NOT-FOR-US: McAfee
CVE-2020-7255 (Privilege escalation vulnerability in the administrative user interfac ...)
	NOT-FOR-US: McAfee
CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...)
	NOT-FOR-US: McAfee
CVE-2020-7253 (Improper access control vulnerability in masvc.exe in McAfee Agent (MA ...)
	NOT-FOR-US: McAfee
CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXchange ...)
	NOT-FOR-US: McAfee
CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee  ...)
	NOT-FOR-US: McAfee
CVE-2020-7250 (Symbolic link manipulation vulnerability in McAfee Endpoint Security ( ...)
	NOT-FOR-US: McAfee
CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
	NOT-FOR-US: SMC D3G0804W devices
CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...)
	NOT-FOR-US: libubox in OpenWrt
CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade]
	- opensmtpd 6.6.2p1-1 (bug #950121)
	[stretch] - opensmtpd 6.0.2p1-2+deb9u2
	[buster] - opensmtpd 6.0.3p1-5+deb10u3
	NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig
CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...)
	{DSA-4611-1}
	- opensmtpd 6.6.2p1-1 (bug #950121)
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3
	NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda
	NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig
	NOTE: The issue is exploitable after switching "to new grammar", which is included
	NOTE: in portable sync commit:
	NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff (opensmtpd-6.4.0)
CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...)
	NOT-FOR-US: qdPM
CVE-2020-7245 (Incorrect username validation in the registration process of CTFd v2.0 ...)
	NOT-FOR-US: CTFd
CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
	NOT-FOR-US: Comtech Stampede FX-1010 devices
CVE-2020-7243 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
	NOT-FOR-US: Comtech Stampede FX-1010 devices
CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
	NOT-FOR-US: Comtech Stampede FX-1010 devices
CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...)
	NOT-FOR-US: WP Database Backup plugin for WordPress
CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...)
	NOT-FOR-US: Meinberg Lantime M300 and M1000 devices
CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
	NOT-FOR-US: conversation-watson plugin for WordPress
CVE-2019-20386 (An issue was discovered in button_open in login/logind-button.c in sys ...)
	- systemd 243-5 (unimportant)
	NOTE: https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
	NOTE: Negligible security impact, requires root or physical access to plug in a device,
	NOTE: at which point you can just as well DoS the computer with a hammer instead
CVE-2019-20385 (The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo A ...)
	NOT-FOR-US: Logaritmo Aware CallManager 2012 devices
CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Trojan hor ...)
	NOT-FOR-US: Portage
CVE-2019-20383
	RESERVED
CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
	{DSA-4665-1}
	- qemu 1:4.2-1
	[stretch] - qemu <postponed> (Minor, can be fixed along in future DSA)
	[jessie] - qemu <postponed> (Minor, can be fixed along in future DLA)
	- qemu-kvm <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/05/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
	{DLA-2110-1 DLA-2109-1}
	- netty 1:4.1.45-1 (bug #950967)
	- netty-3.9 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
	NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
	NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
	NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445)
CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
	- cacti 1.2.9+ds1-1 (bug #949997)
	[buster] - cacti <no-dsa> (Minor issue)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/3201
	NOTE: https://github.com/Cacti/cacti/commit/5010719dbd160198be3e07bb994cf237e3af1308
CVE-2020-7236 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= ...)
	NOT-FOR-US: UHP UHP-100 devices
CVE-2020-7235 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= ...)
	NOT-FOR-US: UHP UHP-100 devices
CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the S ...)
	NOT-FOR-US: Ruckus ZoneFlex R310 devices
CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...)
	NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices
CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: Evoko Home devices
CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...)
	NOT-FOR-US: Evoko Home devices
CVE-2019-20381 (TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the ...)
	NOT-FOR-US: TestLink
CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...)
	NOT-FOR-US: Huge-IT gallery-images plugin for WordPress
CVE-2020-7230
	RESERVED
CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There  ...)
	NOT-FOR-US: Simplejobscript.com SJS
CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress suffer ...)
	NOT-FOR-US: Calculated Fields Form plugin for WordPress
CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...)
	NOT-FOR-US: Westermo MRD-315 devices
CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and  ...)
	NOT-FOR-US: cryptacular
CVE-2020-7225
	RESERVED
CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows ...)
	NOT-FOR-US: Aviatrix OpenVPN client
CVE-2020-7223
	RESERVED
CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...)
	NOT-FOR-US: Amcrest Web Server
CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...)
	- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4.7 through 10.4.11)
	- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4.7 through 10.4.11)
CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...)
	- consul 1.7.0+dfsg1-1 (bug #950736)
	[buster] - consul <no-dsa> (Minor issue)
	NOTE: https://github.com/hashicorp/consul/issues/7159
	NOTE: Fixed in 1.6.3.
CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...)
	- nomad 0.10.3+dfsg1-1
	NOTE: https://github.com/hashicorp/nomad/issues/7002
CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...)
	NOT-FOR-US: openSUSE wicked
CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...)
	NOT-FOR-US: openSUSE wicked
CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...)
	NOT-FOR-US: Gallagher Command Centre
CVE-2020-7214
	RESERVED
CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...)
	NOT-FOR-US: Parallels
CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...)
	- python-urllib3 1.25.8-1
	[buster] - python-urllib3 <not-affected> (Vulnerable code introduced later)
	[stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later)
	[jessie] - python-urllib3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/urllib3/urllib3/pull/1787
	NOTE: Introduced by: https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a (1.25.2)
	NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0 (1.25.8)
CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\  ...)
	- libslirp <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/qemu/+bug/1812451
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...)
	NOT-FOR-US: Umbraco CMS
CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...)
	NOT-FOR-US: LinuxKI
CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...)
	NOT-FOR-US: LinuxKI
CVE-2020-7207
	RESERVED
CVE-2020-7206
	RESERVED
CVE-2020-7205
	RESERVED
CVE-2020-7204
	RESERVED
CVE-2020-7203
	RESERVED
CVE-2020-7202
	RESERVED
CVE-2020-7201
	RESERVED
CVE-2020-7200
	RESERVED
CVE-2020-7199
	RESERVED
CVE-2020-7198
	RESERVED
CVE-2020-7197
	RESERVED
CVE-2020-7196
	RESERVED
CVE-2020-7195
	RESERVED
CVE-2020-7194
	RESERVED
CVE-2020-7193
	RESERVED
CVE-2020-7192
	RESERVED
CVE-2020-7191
	RESERVED
CVE-2020-7190
	RESERVED
CVE-2020-7189
	RESERVED
CVE-2020-7188
	RESERVED
CVE-2020-7187
	RESERVED
CVE-2020-7186
	RESERVED
CVE-2020-7185
	RESERVED
CVE-2020-7184
	RESERVED
CVE-2020-7183
	RESERVED
CVE-2020-7182
	RESERVED
CVE-2020-7181
	RESERVED
CVE-2020-7180
	RESERVED
CVE-2020-7179
	RESERVED
CVE-2020-7178
	RESERVED
CVE-2020-7177
	RESERVED
CVE-2020-7176
	RESERVED
CVE-2020-7175
	RESERVED
CVE-2020-7174
	RESERVED
CVE-2020-7173
	RESERVED
CVE-2020-7172
	RESERVED
CVE-2020-7171
	RESERVED
CVE-2020-7170
	RESERVED
CVE-2020-7169
	RESERVED
CVE-2020-7168
	RESERVED
CVE-2020-7167
	RESERVED
CVE-2020-7166
	RESERVED
CVE-2020-7165
	RESERVED
CVE-2020-7164
	RESERVED
CVE-2020-7163
	RESERVED
CVE-2020-7162
	RESERVED
CVE-2020-7161
	RESERVED
CVE-2020-7160
	RESERVED
CVE-2020-7159
	RESERVED
CVE-2020-7158
	RESERVED
CVE-2020-7157
	RESERVED
CVE-2020-7156
	RESERVED
CVE-2020-7155
	RESERVED
CVE-2020-7154
	RESERVED
CVE-2020-7153
	RESERVED
CVE-2020-7152
	RESERVED
CVE-2020-7151
	RESERVED
CVE-2020-7150
	RESERVED
CVE-2020-7149
	RESERVED
CVE-2020-7148
	RESERVED
CVE-2020-7147
	RESERVED
CVE-2020-7146
	RESERVED
CVE-2020-7145
	RESERVED
CVE-2020-7144
	RESERVED
CVE-2020-7143
	RESERVED
CVE-2020-7142
	RESERVED
CVE-2020-7141
	RESERVED
CVE-2020-7140
	RESERVED
CVE-2020-7139 (Potential remote access security vulnerabilities have been identified  ...)
	NOT-FOR-US: HPE
CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...)
	NOT-FOR-US: HPE
CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may allow loc ...)
	NOT-FOR-US: HPE
CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...)
	NOT-FOR-US: HPE Smart Update Manager (SUM)
CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
	NOT-FOR-US: HPE
CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE  ...)
	NOT-FOR-US: HPE
CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...)
	NOT-FOR-US: HPE
CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard  ...)
	NOT-FOR-US: HPE
CVE-2020-7131 (This document describes a security vulnerability in Blade Maintenance  ...)
	NOT-FOR-US: HPE
CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...)
	NOT-FOR-US: HPE
CVE-2020-7129
	RESERVED
CVE-2020-7128
	RESERVED
CVE-2020-7127
	RESERVED
CVE-2020-7126
	RESERVED
CVE-2020-7125
	RESERVED
CVE-2020-7124
	RESERVED
CVE-2020-7123
	RESERVED
CVE-2020-7122
	RESERVED
CVE-2020-7121
	RESERVED
CVE-2020-7120
	RESERVED
CVE-2020-7119
	RESERVED
CVE-2020-7118
	RESERVED
CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
	NOT-FOR-US: ClearPass Policy Manager WebUI
CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
	NOT-FOR-US: ClearPass Policy Manager WebUI
CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...)
	NOT-FOR-US: ClearPass Policy Manager
CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
	NOT-FOR-US: ClearPass
CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
	NOT-FOR-US: ClearPass
CVE-2020-7112
	RESERVED
CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...)
	NOT-FOR-US: ClearPass
CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...)
	NOT-FOR-US: ClearPass
CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not  ...)
	NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...)
	NOT-FOR-US: LearnDash LMS plugin for WordPress
CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...)
	NOT-FOR-US: Ultimate FAQ plugin for WordPress
CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
	{DLA-2069-1}
	- cacti 1.2.9+ds1-1 (bug #949996)
	[buster] - cacti <postponed> (can be fixed along with more important issues)
	[stretch] - cacti <postponed> (can be fixed along with more important issues)
	NOTE: https://github.com/Cacti/cacti/issues/3191
	NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
	NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464
	NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee
CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
	{DLA-2083-1}
	- hiredis 0.14.0-5 (bug #949995)
	[buster] - hiredis <no-dsa> (Minor issue)
	[stretch] - hiredis <no-dsa> (Minor issue)
	NOTE: https://github.com/redis/hiredis/pull/754
	NOTE: https://github.com/redis/hiredis/pull/756
CVE-2020-7104 (The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via th ...)
	NOT-FOR-US: chained-quiz plugin for WordPress
CVE-2019-20380
	RESERVED
CVE-2020-7103
	RESERVED
CVE-2020-7102
	RESERVED
CVE-2020-7101
	RESERVED
CVE-2020-7100
	RESERVED
CVE-2020-7099
	RESERVED
CVE-2020-7098
	RESERVED
CVE-2020-7097
	RESERVED
CVE-2020-7096
	RESERVED
CVE-2020-7095
	RESERVED
CVE-2020-7094
	RESERVED
CVE-2020-7093
	RESERVED
CVE-2020-7092
	RESERVED
CVE-2020-7091
	RESERVED
CVE-2020-7090
	RESERVED
CVE-2020-7089
	RESERVED
CVE-2020-7088
	RESERVED
CVE-2020-7087
	RESERVED
CVE-2020-7086
	RESERVED
CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2  ...)
	NOT-FOR-US: Autodesk
CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...)
	NOT-FOR-US: Autodesk
CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...)
	NOT-FOR-US: Autodesk
CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...)
	NOT-FOR-US: Autodesk
CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...)
	NOT-FOR-US: Autodesk
CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...)
	NOT-FOR-US: Autodesk
CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM  ...)
	NOT-FOR-US: Autodesk
CVE-2020-7078
	RESERVED
CVE-2020-7077
	RESERVED
CVE-2020-7076
	RESERVED
CVE-2020-7075
	RESERVED
CVE-2020-7074
	RESERVED
CVE-2020-7073
	RESERVED
CVE-2020-7072
	RESERVED
CVE-2020-7071
	RESERVED
CVE-2020-7070
	RESERVED
CVE-2020-7069
	RESERVED
CVE-2020-7068
	RESERVED
CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...)
	{DSA-4719-1 DSA-4717-1 DLA-2188-1}
	- php7.4 7.4.5-1 (unimportant)
	- php7.3 <removed> (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in PHP 7.4.5, 7.3.17
	NOTE: PHP Bug: https://bugs.php.net/79465
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be
	NOTE: This only affects builds which enable EDBDIC
CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...)
	{DSA-4719-1 DSA-4717-1 DLA-2188-1}
	- php7.4 7.4.5-1
	- php7.3 <removed>
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
	NOTE: PHP Bug: https://bugs.php.net/79329
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...)
	{DSA-4719-1}
	- php7.4 7.4.5-1
	- php7.3 <removed>
	- php7.0 <not-affected> (Vulnerable code introduced later)
	- php5 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in PHP 7.4.4, 7.3.16
	NOTE: PHP Bug: https://bugs.php.net/79371
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38
CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below  ...)
	{DSA-4719-1 DSA-4717-1 DLA-2188-1}
	- php7.4 7.4.5-1
	- php7.3 <removed>
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
	NOTE: PHP Bug: https://bugs.php.net/79282
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2
CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
	{DSA-4719-1 DSA-4717-1 DLA-2160-1}
	- php7.4 7.4.3-1
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
	NOTE: PHP Bug: http://bugs.php.net/79082
CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
	{DSA-4719-1 DSA-4717-1 DLA-2160-1}
	- php7.4 7.4.3-1
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
	NOTE: PHP Bug: http://bugs.php.net/79221
CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...)
	- php7.4 <not-affected> (Windows specific issue)
	- php7.3 <not-affected> (Windows specific issue)
	- php7.0 <not-affected> (Windows specific issue)
	- php5 <not-affected> (Windows specific issue)
	NOTE: Fixed in PHP 7.4.3, 7.3.15
	NOTE: PHP Bug: http://bugs.php.net/79171
CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings,  ...)
	{DSA-4628-1 DSA-4626-1 DLA-2124-1}
	- php7.4 7.4.2-7
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
	NOTE: PHP Bug: http://bugs.php.net/79037
CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP  ...)
	{DSA-4628-1 DSA-4626-1 DLA-2124-1}
	- php7.4 7.4.2-7
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
	NOTE: PHP Bug: https://bugs.php.net/79099
CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...)
	- cacti <unfixed> (unimportant)
	NOTE: https://github.com/Cacti/cacti/issues/3186
	NOTE: Properly configured in there is no security impact, cf.
	NOTE: https://github.com/Cacti/cacti/issues/3186#issuecomment-574444803
CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...)
	NOT-FOR-US: Hikvision
CVE-2020-7056
	RESERVED
CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...)
	NOT-FOR-US: Elementor
CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...)
	NOT-FOR-US: libIEC61850
CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/
CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...)
	NOT-FOR-US: CODESYS
CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login area. ...)
	NOT-FOR-US: Codoforum
CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...)
	NOT-FOR-US: Codoforum
CVE-2020-7049 (Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_li ...)
	NOT-FOR-US: Nozomi Networks OS
CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
	NOT-FOR-US: Wordpress plugin
CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
	NOT-FOR-US: Wordpress plugin
CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3  ...)
	- dovecot <not-affected> (Only affects 2.3.9)
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1
CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...)
	- wireshark 3.2.0-1
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
	[jessie] - wireshark <not-affected> (Doesn't support request-respone tracking in affected code passage, yet)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-02.html
CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This ...)
	- wireshark 3.2.1-1
	[buster] - wireshark <not-affected> (Vulnerable code not present)
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03
	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html
CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL  ...)
	- openfortivpn 1.12.0-1 (unimportant)
	NOTE: https://github.com/adrienverge/openfortivpn/issues/536
	NOTE: https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8
	NOTE: No version of openfortivpn was shipped with OpenSSL < 1.0.2, marking as unimportant
CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL  ...)
	- openfortivpn 1.12.0-1
	[buster] - openfortivpn <no-dsa> (Minor issue)
	NOTE: https://github.com/adrienverge/openfortivpn/issues/536
	NOTE: https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3
CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL  ...)
	- openfortivpn 1.12.0-1
	[buster] - openfortivpn <no-dsa> (Minor issue)
	NOTE: https://github.com/adrienverge/openfortivpn/issues/536
	NOTE: https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91
CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
	{DLA-2095-1}
	- storebackup <unfixed> (bug #949393)
	[buster] - storebackup <no-dsa> (Minor issue)
	[stretch] - storebackup <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
	NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1
CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
	{DSA-4616-1 DLA-2090-1 DLA-2076-1}
	- libslirp 4.1.0-2 (bug #949084)
	- qemu 1:4.1-2
	- qemu-kvm <removed>
	- slirp 1:1.0.17-10 (bug #949085)
	[buster] - slirp <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - slirp <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
CVE-2020-7038
	RESERVED
CVE-2020-7037
	RESERVED
CVE-2020-7036
	RESERVED
CVE-2020-7035
	RESERVED
CVE-2020-7034
	RESERVED
CVE-2020-7033
	RESERVED
CVE-2020-7032
	RESERVED
CVE-2020-7031
	RESERVED
CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
	NOT-FOR-US: IP Office
CVE-2020-7029
	RESERVED
CVE-2020-7028
	RESERVED
CVE-2020-7027
	RESERVED
CVE-2020-7026
	RESERVED
CVE-2020-7025
	RESERVED
CVE-2020-7024
	RESERVED
CVE-2020-7023
	RESERVED
CVE-2020-7022
	RESERVED
CVE-2020-7021
	RESERVED
CVE-2020-7020
	RESERVED
CVE-2020-7019
	RESERVED
CVE-2020-7018
	RESERVED
CVE-2020-7017
	RESERVED
CVE-2020-7016
	RESERVED
CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...)
	- kibana <itp> (bug #700337)
CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...)
	- elasticsearch <removed>
CVE-2020-7013 (Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution f ...)
	- kibana <itp> (bug #700337)
CVE-2020-7012 (Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype  ...)
	- kibana <itp> (bug #700337)
CVE-2020-7011 (Elastic App Search versions before 7.7.0 contain a cross site scriptin ...)
	- elasticsearch <removed>
CVE-2020-7010 (Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate pas ...)
	TODO: check
CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2  ...)
	- elasticsearch <removed>
CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
	NOT-FOR-US: VISAM VBASE Editor
CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker  ...)
	NOT-FOR-US: Moxa
CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...)
	NOT-FOR-US: Systech Corporation
CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...)
	NOT-FOR-US: Honeywell
CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
	NOT-FOR-US: VISAM VBASE Editor
CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
	NOT-FOR-US: Moxa
CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior.  ...)
	NOT-FOR-US: McAfee
CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected  ...)
	NOT-FOR-US: Moxa
CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
	NOT-FOR-US: VISAM VBASE Editor
CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...)
	NOT-FOR-US: Moxa
CVE-2020-6998
	RESERVED
CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive inf ...)
	NOT-FOR-US: Moxa
CVE-2020-6996 (Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Prot ...)
	NOT-FOR-US: Triangle MicroWorks
CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
	NOT-FOR-US: Moxa
CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...)
	NOT-FOR-US: Hirschmann Automation and Control HiOS and HiSecOS
CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
	NOT-FOR-US: Moxa
CVE-2020-6992 (A local privilege escalation vulnerability has been identified in the  ...)
	NOT-FOR-US: GE Digital
CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password ...)
	NOT-FOR-US: Moxa
CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
	NOT-FOR-US: Rockwell
CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
	NOT-FOR-US: Moxa
CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
	NOT-FOR-US: Rockwell
CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
	NOT-FOR-US: Moxa
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series  ...)
	NOT-FOR-US: Omron
CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
	NOT-FOR-US: Moxa
CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
	NOT-FOR-US: Rockwell
CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
	NOT-FOR-US: Moxa
CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injecti ...)
	NOT-FOR-US: Honeywell
CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker m ...)
	NOT-FOR-US: Moxa
CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
	NOT-FOR-US: Rockwell
CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected  ...)
	NOT-FOR-US: Moxa
CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...)
	NOT-FOR-US: Honeywell
CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
	NOT-FOR-US: GE
CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior.  ...)
	NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor
CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
	NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...)
	NOT-FOR-US: Honeywell
CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
	NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...)
	NOT-FOR-US: Honeywell
CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the Va ...)
	NOT-FOR-US: Emerson
CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA ...)
	NOT-FOR-US: Emerson OpenEnterprise SCADA Server
CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...)
	NOT-FOR-US: AutomationDirect
CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...)
	NOT-FOR-US: Honeywell
CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics softwar ...)
	NOT-FOR-US: Rockwell
CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
	NOT-FOR-US: ApexPro Telemetry Server
CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
	NOT-FOR-US: ApexPro Telemetry Server
CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
	NOT-FOR-US: ApexPro Telemetry Server
CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
	NOT-FOR-US: ApexPro Telemetry Server
CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...)
	NOT-FOR-US: ApexPro Telemetry Server
CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...)
	NOT-FOR-US: ApexPro Telemetry Server
CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
	NOT-FOR-US: Honeywell
CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...)
	NOT-FOR-US: Honeywell
CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...)
	NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW)
CVE-2020-6957
	RESERVED
CVE-2020-6956 (PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_acti ...)
	NOT-FOR-US: PCS DEXICON
CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...)
	NOT-FOR-US: Cayin SMP-PRO4 devices
CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...)
	NOT-FOR-US: Cayin SMP-PRO4 devices
CVE-2020-6953
	RESERVED
CVE-2020-6952
	RESERVED
CVE-2020-6951
	RESERVED
CVE-2020-6950
	RESERVED
	- mojarra <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...)
	NOT-FOR-US: HashBrown CMS
CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through  ...)
	NOT-FOR-US: HashBrown CMS
CVE-2020-6947
	RESERVED
CVE-2020-6946
	RESERVED
CVE-2020-6945
	RESERVED
CVE-2020-6944
	RESERVED
CVE-2020-6943
	RESERVED
CVE-2020-6942
	RESERVED
CVE-2020-6941
	RESERVED
CVE-2020-6940
	RESERVED
CVE-2020-6939
	RESERVED
CVE-2020-6938
	RESERVED
CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...)
	NOT-FOR-US: MuleSoft
CVE-2020-6936
	RESERVED
CVE-2020-6935
	RESERVED
CVE-2020-6934
	RESERVED
CVE-2020-6933
	RESERVED
CVE-2020-6932
	RESERVED
CVE-2020-6931
	RESERVED
CVE-2020-6930
	RESERVED
CVE-2020-6929
	RESERVED
CVE-2020-6928
	RESERVED
CVE-2020-6927
	RESERVED
CVE-2020-6926
	RESERVED
CVE-2020-6925
	RESERVED
CVE-2020-6924
	RESERVED
CVE-2020-6923
	RESERVED
CVE-2020-6922
	RESERVED
CVE-2020-6921
	RESERVED
CVE-2020-6920
	RESERVED
CVE-2020-6919
	RESERVED
CVE-2020-6918
	RESERVED
CVE-2020-6917
	RESERVED
CVE-2020-6916
	RESERVED
CVE-2020-6915
	RESERVED
CVE-2020-6914
	RESERVED
CVE-2020-6913
	RESERVED
CVE-2020-6912
	RESERVED
CVE-2020-6911
	RESERVED
CVE-2020-6910
	RESERVED
CVE-2020-6909
	RESERVED
CVE-2020-6908
	RESERVED
CVE-2020-6907
	RESERVED
CVE-2020-6906
	RESERVED
CVE-2020-6905
	RESERVED
CVE-2020-6904
	RESERVED
CVE-2020-6903
	RESERVED
CVE-2020-6902
	RESERVED
CVE-2020-6901
	RESERVED
CVE-2020-6900
	RESERVED
CVE-2020-6899
	RESERVED
CVE-2020-6898
	RESERVED
CVE-2020-6897
	RESERVED
CVE-2020-6896
	RESERVED
CVE-2020-6895
	RESERVED
CVE-2020-6894
	RESERVED
CVE-2020-6893
	RESERVED
CVE-2020-6892
	RESERVED
CVE-2020-6891
	RESERVED
CVE-2020-6890
	RESERVED
CVE-2020-6889
	RESERVED
CVE-2020-6888
	RESERVED
CVE-2020-6887
	RESERVED
CVE-2020-6886
	RESERVED
CVE-2020-6885
	RESERVED
CVE-2020-6884
	RESERVED
CVE-2020-6883
	RESERVED
CVE-2020-6882
	RESERVED
CVE-2020-6881
	RESERVED
CVE-2020-6880
	RESERVED
CVE-2020-6879
	RESERVED
CVE-2020-6878
	RESERVED
CVE-2020-6877
	RESERVED
CVE-2020-6876
	RESERVED
CVE-2020-6875
	RESERVED
CVE-2020-6874
	RESERVED
CVE-2020-6873
	RESERVED
CVE-2020-6872
	RESERVED
CVE-2020-6871
	RESERVED
CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...)
	NOT-FOR-US: ZTE
CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
	NOT-FOR-US: ZTE
CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
	NOT-FOR-US: ZTE
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
	NOT-FOR-US: ZTE
CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...)
	NOT-FOR-US: ZTE
CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...)
	NOT-FOR-US: ZTE
CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...)
	NOT-FOR-US: ZTE
CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...)
	NOT-FOR-US: ZTE
CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...)
	NOT-FOR-US: ZTE F6x2W
CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 for Led ...)
	NOT-FOR-US: Ledger Monero app
CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
	- libmysofa 1.0~dfsg0-1 (bug #949325)
	[buster] - libmysofa <no-dsa> (Minor issue)
	NOTE: https://github.com/hoene/libmysofa/issues/96
	NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85
CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...)
	NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2020-6858 (Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to  ...)
	NOT-FOR-US: Hotels Styx
CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...)
	NOT-FOR-US: CarbonFTP
CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC Cockpit c ...)
	NOT-FOR-US: JOC Cockpit component of SOS JobScheduler
CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit component of ...)
	NOT-FOR-US: JOC Cockpit component of SOS JobScheduler
CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...)
	NOT-FOR-US: JOC Cockpit, different from src:cockpit
CVE-2020-6853
	RESERVED
CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...)
	NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...)
	{DLA-2081-1}
	- openjpeg2 <unfixed> (bug #950000)
	[buster] - openjpeg2 <no-dsa> (Minor issue)
	[stretch] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1228
	NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04
CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...)
	NOT-FOR-US: miniorange-saml-20-single-sign-on plugin for WordPress
CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...)
	NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress
CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...)
	NOT-FOR-US: Axper Vision II 4 devices
CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...)
	NOT-FOR-US: OpenTrade
CVE-2020-6846
	RESERVED
CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...)
	NOT-FOR-US: TopManage
CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...)
	NOT-FOR-US: TopManage
CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...)
	NOT-FOR-US: D-Link
CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to  ...)
	NOT-FOR-US: D-Link
CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...)
	- mruby <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mruby/mruby/issues/4927
	NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661
	NOTE: Fixed by: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452
CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...)
	- mruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/mruby/mruby/issues/4929
	NOTE: Introduced by: https://github.com/mruby/mruby/commit/2532e625edc2457447369e36e2ecf7882d872ef9
	NOTE: Fixed by: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c
CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...)
	- mruby <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661
	NOTE: https://github.com/mruby/mruby/issues/4926
	NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452
	NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb
	NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3
CVE-2020-6837
	RESERVED
CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...)
	NOT-FOR-US: hot-formula-parser Node package
CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...)
	- bftpd <itp> (bug #640469)
CVE-2020-6834
	RESERVED
CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...)
	- gitlab <not-affected> (Only affects Gitlab EE 11.3 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...)
	- gitlab <not-affected> (Only affects GitLab EE 8.9.0 and later)
	NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...)
	- ganglia-web <unfixed> (unimportant; bug #948664)
	NOTE: https://github.com/ganglia/ganglia-web/issues/351
	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
CVE-2019-20378 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...)
	- ganglia-web <unfixed> (unimportant; bug #948664)
	NOTE: https://github.com/ganglia/ganglia-web/issues/351
	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...)
	NOT-FOR-US: TopList
CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP chunks  ...)
	{DSA-4714-1 DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
	- firefox 76.0-1
	- firefox-esr 68.8.0esr-1
	- thunderbird 1:68.8.0-1
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...)
	- firefox <not-affected> (Firefox on iOS)
CVE-2020-6829
	RESERVED
CVE-2020-6828 (A malicious Android application could craft an Intent that would have  ...)
	- firefox-esr <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828
CVE-2020-6827 (When following a link that opened an intent://-schemed URL, causing a  ...)
	- firefox-esr <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6827
CVE-2020-6826 (Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis report ...)
	- firefox 75.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826
CVE-2020-6825 (Mozilla developers and community members Tyson Smith and Christian Hol ...)
	{DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1}
	- firefox 75.0-1
	- firefox-esr 68.7.0esr-1
	- thunderbird 1:68.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6825
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825
CVE-2020-6824 (Initially, a user opens a Private Browsing Window and generates a pass ...)
	- firefox 75.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824
CVE-2020-6823 (A malicious extension could have called &lt;code&gt;browser.identity.l ...)
	- firefox 75.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823
CVE-2020-6822 (On 32-bit builds, an out of bounds write could have occurred when proc ...)
	{DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1}
	- firefox 75.0-1
	- firefox-esr 68.7.0esr-1
	- thunderbird 1:68.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6822
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822
CVE-2020-6821 (When reading from areas partially or fully outside the source resource ...)
	{DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1}
	- firefox 75.0-1
	- firefox-esr 68.7.0esr-1
	- thunderbird 1:68.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6821
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
CVE-2020-6820 (Under certain conditions, when handling a ReadableStream, a race condi ...)
	{DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1}
	- firefox 74.0.1-1
	- firefox-esr 68.6.1esr-1
	- thunderbird 1:68.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6820
CVE-2020-6819 (Under certain conditions, when running the nsDocShell destructor, a ra ...)
	{DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1}
	- firefox 74.0.1-1
	- firefox-esr 68.6.1esr-1
	- thunderbird 1:68.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6819
CVE-2020-6818
	RESERVED
CVE-2020-6817 [Regular expression denial of service]
	RESERVED
	{DLA-2167-1}
	- python-bleach 3.1.4-1 (bug #955388)
	[buster] - python-bleach <no-dsa> (Minor issue; some regression potential)
	[stretch] - python-bleach <no-dsa> (Minor issue; some regression potential)
	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
	NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
	NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7
	NOTE: Regression report: https://github.com/mozilla/bleach/pull/530
CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...)
	- firefox 74.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and  ...)
	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security  ...)
	- firefox 74.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...)
	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...)
	- firefox 74.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...)
	- firefox 74.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...)
	- firefox 74.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...)
	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...)
	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...)
	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
	- firefox 74.0-1
	- firefox-esr 68.6.0esr-1
	- thunderbird 1:68.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805
CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...)
	NOT-FOR-US: Mozilla IOT
CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...)
	NOT-FOR-US: Mozilla IOT
CVE-2020-6801 (Mozilla developers reported memory safety bugs present in Firefox 72.  ...)
	- firefox 73.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1}
	- firefox 73.0-1
	- firefox-esr 68.5.0esr-1
	- thunderbird 1:68.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800
CVE-2020-6799 (Command line arguments could have been injected during Firefox invocat ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6799
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798 (If a template tag was used in a select tag, the parser could be confus ...)
	{DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1}
	- firefox 73.0-1
	- firefox-esr 68.5.0esr-1
	- thunderbird 1:68.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798
CVE-2020-6797 (By downloading a file with the .fileloc extension, a semi-privileged e ...)
	- firefox <not-affected> (Only affects Mac OSX)
	- firefox-esr <not-affected> (Only affects Mac OSX)
	- thunderbird <not-affected> (Only affects Mac OSX)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6797
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6797
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
CVE-2020-6796 (A content process could have modified shared memory relating to crash  ...)
	{DSA-4620-1 DLA-2102-1}
	- firefox 73.0-1
	- firefox-esr 68.5.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796
CVE-2020-6795 (When processing a message that contains multiple S/MIME signatures, a  ...)
	{DSA-4625-1 DLA-2104-1}
	- thunderbird 1:68.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795
CVE-2020-6794 (If a user saved passwords before Thunderbird 60 and then later set a m ...)
	{DSA-4625-1 DLA-2104-1}
	- thunderbird 1:68.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794
CVE-2020-6793 (When processing an email message with an ill-formed envelope, Thunderb ...)
	{DSA-4625-1 DLA-2104-1}
	- thunderbird 1:68.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793
CVE-2020-6792 (When deriving an identifier for an email message, uninitialized memory ...)
	{DSA-4625-1 DLA-2104-1}
	- thunderbird 1:68.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792
CVE-2020-6791
	RESERVED
CVE-2020-6790
	RESERVED
CVE-2020-6789
	RESERVED
CVE-2020-6788
	RESERVED
CVE-2020-6787
	RESERVED
CVE-2020-6786
	RESERVED
CVE-2020-6785
	RESERVED
CVE-2020-6784
	RESERVED
CVE-2020-6783
	RESERVED
CVE-2020-6782
	RESERVED
CVE-2020-6781
	RESERVED
CVE-2020-6780
	RESERVED
CVE-2020-6779
	RESERVED
CVE-2020-6778
	RESERVED
CVE-2020-6777
	RESERVED
CVE-2020-6776
	RESERVED
CVE-2020-6775
	RESERVED
CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...)
	NOT-FOR-US: Bosch
CVE-2020-6773
	RESERVED
CVE-2020-6772
	RESERVED
CVE-2020-6771
	RESERVED
CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...)
	NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS)
CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...)
	NOT-FOR-US: Bosch
CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...)
	NOT-FOR-US: Bosch
CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...)
	NOT-FOR-US: Bosch
CVE-2020-6766
	RESERVED
CVE-2020-6765 (D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS comm ...)
	NOT-FOR-US: D-Link
CVE-2020-6764
	REJECTED
CVE-2020-6763
	RESERVED
CVE-2020-6762
	RESERVED
CVE-2020-6761
	RESERVED
CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...)
	NOT-FOR-US: Schmid ZI 620 V400 VPN 090 routers
CVE-2020-6759
	RESERVED
CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...)
	NOT-FOR-US: Rasilient PixelStor
CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...)
	NOT-FOR-US: Rasilient PixelStor
CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...)
	NOT-FOR-US: Rasilient PixelStor
CVE-2020-6755
	RESERVED
CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...)
	NOT-FOR-US: dotCMS
CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...)
	NOT-FOR-US: Login by Auth0 plugin for WordPress
CVE-2020-6752 (In OMERO before 5.6.1, group owners can access members' data in other  ...)
	TODO: check
CVE-2020-6751
	RESERVED
CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...)
	NOT-FOR-US: Typora
CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
	- nginx 1.16.1-3 (low; bug #948579)
	[buster] - nginx <no-dsa> (Minor issue)
	[stretch] - nginx <no-dsa> (Minor issue)
	[jessie] - nginx <no-dsa> (Minor issue)
	NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
	NOTE: https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...)
	{DSA-4601-1 DLA-2064-1}
	- ldm <removed> (bug #948538)
	NOTE: https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431
CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...)
	- glib2.0 2.62.5-1 (bug #948554)
	[buster] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
	[stretch] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
	[jessie] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989
CVE-2020-6749
	RESERVED
CVE-2020-6748
	RESERVED
CVE-2020-6747
	RESERVED
CVE-2020-6746
	RESERVED
CVE-2020-6745
	RESERVED
CVE-2020-6744
	RESERVED
CVE-2020-6743
	RESERVED
CVE-2020-6742
	RESERVED
CVE-2020-6741
	RESERVED
CVE-2020-6740
	RESERVED
CVE-2020-6739
	RESERVED
CVE-2020-6738
	RESERVED
CVE-2020-6737
	RESERVED
CVE-2020-6736
	RESERVED
CVE-2020-6735
	RESERVED
CVE-2020-6734
	RESERVED
CVE-2020-6733
	RESERVED
CVE-2020-6732
	RESERVED
CVE-2020-6731
	RESERVED
CVE-2020-6730
	RESERVED
CVE-2020-6729
	RESERVED
CVE-2020-6728
	RESERVED
CVE-2020-6727
	RESERVED
CVE-2020-6726
	RESERVED
CVE-2020-6725
	RESERVED
CVE-2020-6724
	RESERVED
CVE-2020-6723
	RESERVED
CVE-2020-6722
	RESERVED
CVE-2020-6721
	RESERVED
CVE-2020-6720
	RESERVED
CVE-2020-6719
	RESERVED
CVE-2020-6718
	RESERVED
CVE-2020-6717
	RESERVED
CVE-2020-6716
	RESERVED
CVE-2020-6715
	RESERVED
CVE-2020-6714
	RESERVED
CVE-2020-6713
	RESERVED
CVE-2020-6712
	RESERVED
CVE-2020-6711
	RESERVED
CVE-2020-6710
	RESERVED
CVE-2020-6709
	RESERVED
CVE-2020-6708
	RESERVED
CVE-2020-6707
	RESERVED
CVE-2020-6706
	RESERVED
CVE-2020-6705
	RESERVED
CVE-2020-6704
	RESERVED
CVE-2020-6703
	RESERVED
CVE-2020-6702
	RESERVED
CVE-2020-6701
	RESERVED
CVE-2020-6700
	RESERVED
CVE-2020-6699
	RESERVED
CVE-2020-6698
	RESERVED
CVE-2020-6697
	RESERVED
CVE-2020-6696
	RESERVED
CVE-2020-6695
	RESERVED
CVE-2020-6694
	RESERVED
CVE-2020-6693
	RESERVED
CVE-2020-6692
	RESERVED
CVE-2020-6691
	RESERVED
CVE-2020-6690
	RESERVED
CVE-2020-6689
	RESERVED
CVE-2020-6688
	RESERVED
CVE-2020-6687
	RESERVED
CVE-2020-6686
	RESERVED
CVE-2020-6685
	RESERVED
CVE-2020-6684
	RESERVED
CVE-2020-6683
	RESERVED
CVE-2020-6682
	RESERVED
CVE-2020-6681
	RESERVED
CVE-2020-6680
	RESERVED
CVE-2020-6679
	RESERVED
CVE-2020-6678
	RESERVED
CVE-2020-6677
	RESERVED
CVE-2020-6676
	RESERVED
CVE-2020-6675
	RESERVED
CVE-2020-6674
	RESERVED
CVE-2020-6673
	RESERVED
CVE-2020-6672
	RESERVED
CVE-2020-6671
	RESERVED
CVE-2020-6670
	RESERVED
CVE-2020-6669
	RESERVED
CVE-2020-6668
	RESERVED
CVE-2020-6667
	RESERVED
CVE-2020-6666
	RESERVED
CVE-2020-6665
	RESERVED
CVE-2020-6664
	RESERVED
CVE-2020-6663
	RESERVED
CVE-2020-6662
	RESERVED
CVE-2020-6661
	RESERVED
CVE-2020-6660
	RESERVED
CVE-2020-6659
	RESERVED
CVE-2020-6658
	RESERVED
CVE-2020-6657
	RESERVED
CVE-2020-6656
	RESERVED
CVE-2020-6655
	RESERVED
CVE-2020-6654
	RESERVED
CVE-2020-6653
	RESERVED
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
	NOT-FOR-US: Eaton
CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
	NOT-FOR-US: Eaton
CVE-2020-6650 (UPS companion software v1.05 &amp; Prior is affected by &#8216;Eval In ...)
	NOT-FOR-US: UPS companion software
CVE-2020-6649
	RESERVED
CVE-2020-6648
	RESERVED
CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of  ...)
	NOT-FOR-US: Fortiguard
CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
	NOT-FOR-US: Fortiguard
CVE-2020-6645
	RESERVED
CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...)
	NOT-FOR-US: Fortiguard
CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
	NOT-FOR-US: Fortinet
CVE-2020-6642
	RESERVED
CVE-2020-6641
	RESERVED
CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...)
	NOT-FOR-US: Fortiguard
CVE-2020-6639
	RESERVED
CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
	NOT-FOR-US: Grin
CVE-2020-6637
	RESERVED
CVE-2020-6636
	RESERVED
CVE-2020-6635
	RESERVED
CVE-2020-6634
	RESERVED
CVE-2020-6633
	RESERVED
CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...)
	NOT-FOR-US: PrestaShop
CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
	- gpac <unfixed> (low)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
	NOTE: https://github.com/gpac/gpac/issues/1378
	NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
	NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
	- gpac <unfixed> (low)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
	NOTE: https://github.com/gpac/gpac/issues/1377
	NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
	NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/190
CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/191
CVE-2020-6627
	RESERVED
CVE-2020-6626
	RESERVED
CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...)
	- jhead <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746
	NOTE: Crash in CLI tool, no security impact
CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...)
	- jhead <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744
	NOTE: Crash in CLI tool, no security impact
CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
	- libstb <unfixed> (low; bug #949560)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/865
	NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
	- libstb <unfixed> (low; bug #949559)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/869
CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...)
	- libstb <unfixed> (low; bug #949558)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/867
CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
	- libstb <unfixed> (low; bug #949557)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/868
CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...)
	- libstb <unfixed> (low; bug #949556)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/863
CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
	- libstb <unfixed> (low; bug #949555)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/866
CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
	- libstb <unfixed> (low; bug #949554)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/867
CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...)
	NOT-FOR-US: Broadcom
CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read  ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...)
	- libredwg <itp> (bug #595191)
CVE-2020-6608
	RESERVED
CVE-2020-6607
	RESERVED
CVE-2020-6606
	RESERVED
CVE-2020-6605
	RESERVED
CVE-2020-6604
	RESERVED
CVE-2020-6603
	RESERVED
CVE-2020-6602
	RESERVED
CVE-2020-6601
	RESERVED
CVE-2020-6600
	RESERVED
CVE-2020-6599
	RESERVED
CVE-2020-6598
	RESERVED
CVE-2020-6597
	RESERVED
CVE-2020-6596
	RESERVED
CVE-2020-6595
	RESERVED
CVE-2020-6594
	RESERVED
CVE-2020-6593
	RESERVED
CVE-2020-6592
	RESERVED
CVE-2020-6591
	RESERVED
CVE-2020-6590
	RESERVED
CVE-2020-6589
	RESERVED
CVE-2020-6588
	RESERVED
CVE-2020-6587
	RESERVED
CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...)
	NOT-FOR-US: Nagios Log Server
CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...)
	NOT-FOR-US: Nagios Log Server
CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...)
	NOT-FOR-US: Nagios Log Server
CVE-2019-20371
	RESERVED
CVE-2019-20370
	RESERVED
CVE-2019-20369
	RESERVED
CVE-2019-20368
	RESERVED
CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be  ...)
	NOT-FOR-US: BigProf Online Invoicing System (OIS)
CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...)
	- nagios-nrpe 4.0.0-1
	[buster] - nagios-nrpe <no-dsa> (Minor issue)
	[stretch] - nagios-nrpe <no-dsa> (Minor issue)
	[jessie] - nagios-nrpe <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/security-advisories/usd-2020-0001/
	NOTE: https://github.com/NagiosEnterprises/nrpe/commit/b84f9b8c9d290dd02e139df8dad1c3eb690c1213
	NOTE: https://github.com/NagiosEnterprises/nrpe/commit/8e3bea4e1b1937e395a182729762aa8894e8649e
	NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part validating incoming buffer size)
CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...)
	- nagios-nrpe 4.0.0-1
	[buster] - nagios-nrpe <no-dsa> (Minor issue)
	[stretch] - nagios-nrpe <no-dsa> (Minor issue)
	[jessie] - nagios-nrpe <not-affected> (Vulnerable code introduced later)
	NOTE: https://herolab.usd.de/security-advisories/usd-2020-0002/
	NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part for proper processing of nasty_metachars)
CVE-2020-6580
	RESERVED
CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...)
	NOT-FOR-US: MailBeez plugin for ZenCart
CVE-2020-6578
	RESERVED
CVE-2020-6577
	RESERVED
CVE-2020-6576
	RESERVED
CVE-2020-6575
	RESERVED
CVE-2020-6574
	RESERVED
CVE-2020-6573
	RESERVED
CVE-2020-6572
	RESERVED
CVE-2020-6571
	RESERVED
CVE-2020-6570
	RESERVED
CVE-2020-6569
	RESERVED
CVE-2020-6568
	RESERVED
CVE-2020-6567
	RESERVED
CVE-2020-6566
	RESERVED
CVE-2020-6565
	RESERVED
CVE-2020-6564
	RESERVED
CVE-2020-6563
	RESERVED
CVE-2020-6562
	RESERVED
CVE-2020-6561
	RESERVED
CVE-2020-6560
	RESERVED
CVE-2020-6559
	RESERVED
CVE-2020-6558
	RESERVED
CVE-2020-6557
	RESERVED
CVE-2020-6556
	RESERVED
CVE-2020-6555
	RESERVED
CVE-2020-6554
	RESERVED
CVE-2020-6553
	RESERVED
CVE-2020-6552
	RESERVED
CVE-2020-6551
	RESERVED
CVE-2020-6550
	RESERVED
CVE-2020-6549
	RESERVED
CVE-2020-6548
	RESERVED
CVE-2020-6547
	RESERVED
CVE-2020-6546
	RESERVED
CVE-2020-6545
	RESERVED
CVE-2020-6544
	RESERVED
CVE-2020-6543
	RESERVED
CVE-2020-6542
	RESERVED
CVE-2020-6541
	RESERVED
CVE-2020-6540
	RESERVED
CVE-2020-6539
	RESERVED
CVE-2020-6538
	RESERVED
CVE-2020-6537
	RESERVED
CVE-2020-6536
	RESERVED
CVE-2020-6535
	RESERVED
CVE-2020-6534
	RESERVED
CVE-2020-6533
	RESERVED
CVE-2020-6532
	RESERVED
CVE-2020-6531
	RESERVED
CVE-2020-6530
	RESERVED
CVE-2020-6529
	RESERVED
CVE-2020-6528
	RESERVED
CVE-2020-6527
	RESERVED
CVE-2020-6526
	RESERVED
CVE-2020-6525
	RESERVED
CVE-2020-6524
	RESERVED
CVE-2020-6523
	RESERVED
CVE-2020-6522
	RESERVED
CVE-2020-6521
	RESERVED
CVE-2020-6520
	RESERVED
CVE-2020-6519
	RESERVED
CVE-2020-6518
	RESERVED
CVE-2020-6517
	RESERVED
CVE-2020-6516
	RESERVED
CVE-2020-6515
	RESERVED
CVE-2020-6514
	RESERVED
CVE-2020-6513
	RESERVED
CVE-2020-6512
	RESERVED
CVE-2020-6511
	RESERVED
CVE-2020-6510
	RESERVED
CVE-2020-6509
	RESERVED
	{DSA-4714-1}
	- chromium 83.0.4103.116-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6508
	RESERVED
CVE-2020-6507
	RESERVED
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6506
	RESERVED
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6505
	RESERVED
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6504 (Insufficient policy enforcement in notifications in Google Chrome prio ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6503 (Inappropriate implementation in accessibility in Google Chrome prior t ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6502 (Incorrect implementation in permissions in Google Chrome prior to 80.0 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6501 (Insufficient policy enforcement in CSP in Google Chrome prior to 80.0. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6500 (Inappropriate implementation in interstitials in Google Chrome prior t ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6499 (Inappropriate implementation in AppCache in Google Chrome prior to 80. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6498 (Incorrect implementation in user interface in Google Chrome on iOS pri ...)
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6497 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...)
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6496 (Use after free in payments in Google Chrome on MacOS prior to 83.0.410 ...)
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6495 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6494 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.0.410 ...)
	{DSA-4714-1}
	- chromium 83.0.4103.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6492
	RESERVED
CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior  ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to  ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to  ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...)
	- chromium <not-affected> (Only affects installer)
CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6470 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6469 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6468 (Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a  ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6467 (Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowe ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6466 (Use after free in media in Google Chrome prior to 83.0.4103.61 allowed ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6465 (Use after free in reader mode in Google Chrome on Android prior to 83. ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6464 (Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowe ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6463 (Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6462 (Use after free in task scheduling in Google Chrome prior to 81.0.4044. ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6461 (Use after free in storage in Google Chrome prior to 81.0.4044.129 allo ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6460 (Insufficient data validation in URL formatting in Google Chrome prior  ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6459 (Use after free in payments in Google Chrome prior to 81.0.4044.122 all ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6458 (Out of bounds read and write in PDFium in Google Chrome prior to 81.0. ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6457 (Use after free in speech recognizer in Google Chrome prior to 81.0.404 ...)
	{DSA-4714-1}
	- chromium 83.0.4103.83-1 (bug #958450)
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6453 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...)
	{DSA-4654-1}
	- chromium 80.0.3987.162-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6452 (Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162  ...)
	{DSA-4654-1}
	- chromium 80.0.3987.162-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6451 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...)
	{DSA-4654-1}
	- chromium 80.0.3987.162-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6450 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...)
	{DSA-4654-1}
	- chromium 80.0.3987.162-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a  ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior  ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior  ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior  ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a  ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6425 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...)
	{DSA-4714-1}
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...)
	{DSA-4645-1}
	- chromium 80.0.3987.149-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6421
	RESERVED
CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.132-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6419 (Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allow ...)
	- chromium 81.0.4044.92-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...)
	{DSA-4638-1}
	- chromium 80.0.3987.122-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...)
	- chromium <not-affected> (debian package does not support the chromium installer)
CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.122-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X  ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to  ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...)
	{DSA-4638-1}
	- chromium 80.0.3987.116-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...)
	{DSA-4638-1}
	- chromium 80.0.3987.116-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...)
	{DSA-4638-1}
	- chromium 80.0.3987.116-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...)
	{DSA-4638-1}
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4606-1}
	- chromium 79.0.3945.130-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6379 (Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a ...)
	{DSA-4606-1}
	- chromium 79.0.3945.130-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6378 (Use after free in speech in Google Chrome prior to 79.0.3945.130 allow ...)
	{DSA-4606-1}
	- chromium 79.0.3945.130-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...)
	{DSA-4606-1}
	- chromium 79.0.3945.130-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6376
	RESERVED
CVE-2020-6375
	RESERVED
CVE-2020-6374
	RESERVED
CVE-2020-6373
	RESERVED
CVE-2020-6372
	RESERVED
CVE-2020-6371
	RESERVED
CVE-2020-6370
	RESERVED
CVE-2020-6369
	RESERVED
CVE-2020-6368
	RESERVED
CVE-2020-6367
	RESERVED
CVE-2020-6366
	RESERVED
CVE-2020-6365
	RESERVED
CVE-2020-6364
	RESERVED
CVE-2020-6363
	RESERVED
CVE-2020-6362
	RESERVED
CVE-2020-6361
	RESERVED
CVE-2020-6360
	RESERVED
CVE-2020-6359
	RESERVED
CVE-2020-6358
	RESERVED
CVE-2020-6357
	RESERVED
CVE-2020-6356
	RESERVED
CVE-2020-6355
	RESERVED
CVE-2020-6354
	RESERVED
CVE-2020-6353
	RESERVED
CVE-2020-6352
	RESERVED
CVE-2020-6351
	RESERVED
CVE-2020-6350
	RESERVED
CVE-2020-6349
	RESERVED
CVE-2020-6348
	RESERVED
CVE-2020-6347
	RESERVED
CVE-2020-6346
	RESERVED
CVE-2020-6345
	RESERVED
CVE-2020-6344
	RESERVED
CVE-2020-6343
	RESERVED
CVE-2020-6342
	RESERVED
CVE-2020-6341
	RESERVED
CVE-2020-6340
	RESERVED
CVE-2020-6339
	RESERVED
CVE-2020-6338
	RESERVED
CVE-2020-6337
	RESERVED
CVE-2020-6336
	RESERVED
CVE-2020-6335
	RESERVED
CVE-2020-6334
	RESERVED
CVE-2020-6333
	RESERVED
CVE-2020-6332
	RESERVED
CVE-2020-6331
	RESERVED
CVE-2020-6330
	RESERVED
CVE-2020-6329
	RESERVED
CVE-2020-6328
	RESERVED
CVE-2020-6327
	RESERVED
CVE-2020-6326
	RESERVED
CVE-2020-6325
	RESERVED
CVE-2020-6324
	RESERVED
CVE-2020-6323
	RESERVED
CVE-2020-6322
	RESERVED
CVE-2020-6321
	RESERVED
CVE-2020-6320
	RESERVED
CVE-2020-6319
	RESERVED
CVE-2020-6318
	RESERVED
CVE-2020-6317
	RESERVED
CVE-2020-6316
	RESERVED
CVE-2020-6315
	RESERVED
CVE-2020-6314
	RESERVED
CVE-2020-6313
	RESERVED
CVE-2020-6312
	RESERVED
CVE-2020-6311
	RESERVED
CVE-2020-6310
	RESERVED
CVE-2020-6309
	RESERVED
CVE-2020-6308
	RESERVED
CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...)
	NOT-FOR-US: SAP
CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...)
	NOT-FOR-US: SAP
CVE-2020-6305 (PI Rest Adapter of SAP Process Integration (update provided in SAP_XIA ...)
	NOT-FOR-US: SAP
CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication Mana ...)
	NOT-FOR-US: SAP
CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...)
	NOT-FOR-US: SAP
CVE-2020-6302
	RESERVED
CVE-2020-6301
	RESERVED
CVE-2020-6300
	RESERVED
CVE-2020-6299
	RESERVED
CVE-2020-6298
	RESERVED
CVE-2020-6297
	RESERVED
CVE-2020-6296
	RESERVED
CVE-2020-6295
	RESERVED
CVE-2020-6294
	RESERVED
CVE-2020-6293
	RESERVED
CVE-2020-6292
	RESERVED
CVE-2020-6291
	RESERVED
CVE-2020-6290
	RESERVED
CVE-2020-6289
	RESERVED
CVE-2020-6288
	RESERVED
CVE-2020-6287
	RESERVED
CVE-2020-6286
	RESERVED
CVE-2020-6285
	RESERVED
CVE-2020-6284
	RESERVED
CVE-2020-6283
	RESERVED
CVE-2020-6282
	RESERVED
CVE-2020-6281
	RESERVED
CVE-2020-6280
	RESERVED
CVE-2020-6279 (OData APIs and JobApplicationInterview and JobApplication export permi ...)
	NOT-FOR-US: SAP
CVE-2020-6278
	RESERVED
CVE-2020-6277
	RESERVED
CVE-2020-6276
	RESERVED
CVE-2020-6275 (SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740 ...)
	NOT-FOR-US: SAP
CVE-2020-6274
	RESERVED
CVE-2020-6273
	RESERVED
CVE-2020-6272
	RESERVED
CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not  ...)
	NOT-FOR-US: SAP
CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 75 ...)
	NOT-FOR-US: SAP
CVE-2020-6269 (Under certain conditions SAP Business Objects Business Intelligence Pl ...)
	NOT-FOR-US: SAP
CVE-2020-6268 (Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV ver ...)
	NOT-FOR-US: SAP
CVE-2020-6267
	RESERVED
CVE-2020-6266 (SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an at ...)
	NOT-FOR-US: SAP
CVE-2020-6265 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data ...)
	NOT-FOR-US: SAP
CVE-2020-6264 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker  ...)
	NOT-FOR-US: SAP
CVE-2020-6263 (Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol ...)
	NOT-FOR-US: SAP
CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...)
	NOT-FOR-US: SAP
CVE-2020-6261 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...)
	NOT-FOR-US: SAP
CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...)
	NOT-FOR-US: SAP
CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...)
	NOT-FOR-US: SAP
CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...)
	NOT-FOR-US: SAP
CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI Launch ...)
	NOT-FOR-US: SAP
CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 8 ...)
	NOT-FOR-US: SAP
CVE-2020-6255
	RESERVED
CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficien ...)
	NOT-FOR-US: SAP
CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web Services ...)
	NOT-FOR-US: SAP
CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise (Cockpit), ver ...)
	NOT-FOR-US: SAP
CVE-2020-6251 (Under certain conditions or error scenarios SAP Business Objects Busin ...)
	NOT-FOR-US: SAP
CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated  ...)
	NOT-FOR-US: SAP
CVE-2020-6249 (The use of an admin backend report within SAP Master Data Governance,  ...)
	NOT-FOR-US: SAP
CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not ...)
	NOT-FOR-US: SAP
CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
	NOT-FOR-US: SAP
CVE-2020-6246 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_T ...)
	NOT-FOR-US: SAP
CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
	NOT-FOR-US: SAP
CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...)
	NOT-FOR-US: SAP
CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP Server on ...)
	NOT-FOR-US: SAP
CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data Connect ...)
	NOT-FOR-US: SAP
CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated  ...)
	NOT-FOR-US: SAP
CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...)
	NOT-FOR-US: SAP
CVE-2020-6239 (Under certain conditions SAP Business One (Backup service), versions 9 ...)
	NOT-FOR-US: SAP
CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process  ...)
	NOT-FOR-US: SAP
CVE-2020-6237 (Under certain conditions, SAP Business Objects Business Intelligence P ...)
	NOT-FOR-US: SAP
CVE-2020-6236 (SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, ve ...)
	NOT-FOR-US: SAP
CVE-2020-6235 (SAP Solution Manager (Diagnostics Agent), version 7.2, does not perfor ...)
	NOT-FOR-US: SAP
CVE-2020-6234 (SAP Host Agent, version 7.21, allows an attacker with admin privileges ...)
	NOT-FOR-US: SAP
CVE-2020-6233 (SAP S/4 HANA (Financial Products Subledger and Banking Services), vers ...)
	NOT-FOR-US: SAP
CVE-2020-6232 (SAP Commerce, versions 1811, 1905, does not perform necessary authoriz ...)
	NOT-FOR-US: SAP
CVE-2020-6231 (SAP Business Objects Business Intelligence Platform (Web Intelligence  ...)
	NOT-FOR-US: SAP
CVE-2020-6230 (SAP OrientDB, version 3.0, allows an authenticated attacker with scrip ...)
	NOT-FOR-US: SAP
CVE-2020-6229 (SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME ...)
	NOT-FOR-US: SAP
CVE-2020-6228 (SAP Business Client, versions 6.5, 7.0, does not perform necessary int ...)
	NOT-FOR-US: SAP
CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditing is ...)
	NOT-FOR-US: SAP
CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence  ...)
	NOT-FOR-US: SAP
CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7 ...)
	NOT-FOR-US: SAP
CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...)
	NOT-FOR-US: SAP
CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...)
	NOT-FOR-US: SAP
CVE-2020-6222 (SAP Business Objects Business Intelligence Platform (Web Intelligence  ...)
	NOT-FOR-US: SAP
CVE-2020-6221 (Web Intelligence HTML interface in SAP Business Objects Business Intel ...)
	NOT-FOR-US: SAP
CVE-2020-6220
	RESERVED
CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalReports We ...)
	NOT-FOR-US: SAP
CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...)
	NOT-FOR-US: SAP
CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...)
	NOT-FOR-US: SAP
CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...)
	NOT-FOR-US: SAP
CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...)
	NOT-FOR-US: SAP
CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...)
	NOT-FOR-US: SAP
CVE-2020-6213 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_P ...)
	NOT-FOR-US: SAP
CVE-2020-6212 (Egypt localized withholding tax reports Clearing of Liabilities and Re ...)
	NOT-FOR-US: SAP
CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...)
	NOT-FOR-US: SAP
CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode  ...)
	NOT-FOR-US: SAP
CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...)
	NOT-FOR-US: SAP
CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...)
	NOT-FOR-US: SAP
CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...)
	NOT-FOR-US: SAP
CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows  ...)
	NOT-FOR-US: SAP
CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...)
	NOT-FOR-US: SAP
CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...)
	NOT-FOR-US: SAP
CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...)
	NOT-FOR-US: SAP
CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...)
	NOT-FOR-US: SAP
CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811,  ...)
	NOT-FOR-US: SAP
CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...)
	NOT-FOR-US: SAP
CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...)
	NOT-FOR-US: SAP
CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...)
	NOT-FOR-US: SAP
CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...)
	NOT-FOR-US: SAP
CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...)
	NOT-FOR-US: SAP
CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC), version 4.1 ...)
	NOT-FOR-US: SAP
CVE-2020-6194
	RESERVED
CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...)
	NOT-FOR-US: SAP
CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...)
	NOT-FOR-US: SAP
CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...)
	NOT-FOR-US: SAP
CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...)
	NOT-FOR-US: SAP
CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...)
	NOT-FOR-US: SAP
CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...)
	NOT-FOR-US: SAP
CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...)
	NOT-FOR-US: SAP
CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...)
	NOT-FOR-US: SAP
CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...)
	NOT-FOR-US: SAP
CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...)
	NOT-FOR-US: SAP
CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the  ...)
	NOT-FOR-US: SAP
CVE-2020-6182
	RESERVED
CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...)
	NOT-FOR-US: SAP
CVE-2020-6180
	RESERVED
CVE-2020-6179
	RESERVED
CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...)
	NOT-FOR-US: SAP
CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...)
	NOT-FOR-US: SAP
CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
	- libbsd 0.10.0-1
	[buster] - libbsd <no-dsa> (Minor issue)
	[stretch] - libbsd <no-dsa> (Minor issue)
	[jessie] - libbsd <no-dsa> (Minor issue)
	NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
	NOTE: https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b (0.10.0)
CVE-2019-20366 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTr ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20365 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via sear ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20364 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cach ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20363 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alia ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3 ...)
	NOT-FOR-US: Teradici
CVE-2020-6176
	RESERVED
CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...)
	NOT-FOR-US: Citrix
CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...)
	- python-tuf <itp> (bug #934151)
CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...)
	- python-tuf <itp> (bug #934151)
CVE-2020-6172
	RESERVED
CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...)
	NOT-FOR-US: Clink Office
CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...)
	NOT-FOR-US: Genexis
CVE-2020-6169
	RESERVED
CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance  ...)
	NOT-FOR-US: WordPress plugin
CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance  ...)
	NOT-FOR-US: WordPress plugin
CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance  ...)
	NOT-FOR-US: WordPress plugin
CVE-2020-6165
	RESERVED
CVE-2020-6164
	RESERVED
CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because  ...)
	NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an  ...)
	- bftpd <itp> (bug #640469)
CVE-2019-20361 (There was a flaw in the WordPress plugin, Email Subscribers &amp; News ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-20360 (A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticat ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-20359
	RESERVED
CVE-2020-6161
	RESERVED
CVE-2020-6160
	RESERVED
CVE-2020-6159
	RESERVED
CVE-2020-6158
	RESERVED
CVE-2020-6157
	RESERVED
CVE-2020-6156
	RESERVED
CVE-2020-6155
	RESERVED
CVE-2020-6154
	RESERVED
CVE-2020-6153
	RESERVED
CVE-2020-6152
	RESERVED
CVE-2020-6151
	RESERVED
CVE-2020-6150
	RESERVED
CVE-2020-6149
	RESERVED
CVE-2020-6148
	RESERVED
CVE-2020-6147
	RESERVED
CVE-2020-6146
	RESERVED
CVE-2020-6145
	RESERVED
CVE-2020-6144
	RESERVED
CVE-2020-6143
	RESERVED
CVE-2020-6142
	RESERVED
CVE-2020-6141
	RESERVED
CVE-2020-6140
	RESERVED
CVE-2020-6139
	RESERVED
CVE-2020-6138
	RESERVED
CVE-2020-6137
	RESERVED
CVE-2020-6136
	RESERVED
CVE-2020-6135
	RESERVED
CVE-2020-6134
	RESERVED
CVE-2020-6133
	RESERVED
CVE-2020-6132
	RESERVED
CVE-2020-6131
	RESERVED
CVE-2020-6130
	RESERVED
CVE-2020-6129
	RESERVED
CVE-2020-6128
	RESERVED
CVE-2020-6127
	RESERVED
CVE-2020-6126
	RESERVED
CVE-2020-6125
	RESERVED
CVE-2020-6124
	RESERVED
CVE-2020-6123
	RESERVED
CVE-2020-6122
	RESERVED
CVE-2020-6121
	RESERVED
CVE-2020-6120
	RESERVED
CVE-2020-6119
	RESERVED
CVE-2020-6118
	RESERVED
CVE-2020-6117
	RESERVED
CVE-2020-6116
	RESERVED
CVE-2020-6115
	RESERVED
CVE-2020-6114
	RESERVED
CVE-2020-6113
	RESERVED
CVE-2020-6112
	RESERVED
CVE-2020-6111
	RESERVED
CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way  ...)
	NOT-FOR-US: Zoom
CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
	NOT-FOR-US: Zoom
CVE-2020-6108
	RESERVED
CVE-2020-6107
	RESERVED
CVE-2020-6106
	RESERVED
CVE-2020-6105
	RESERVED
CVE-2020-6104
	RESERVED
CVE-2020-6103
	RESERVED
CVE-2020-6102
	RESERVED
CVE-2020-6101
	RESERVED
CVE-2020-6100
	RESERVED
CVE-2020-6099
	RESERVED
CVE-2020-6098
	RESERVED
CVE-2020-6097
	RESERVED
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
	- glibc <unfixed> (low; bug #961452)
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...)
	- gst-rtsp-server1.0 1.16.2-3 (low)
	[buster] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
	[stretch] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the way  ...)
	NOT-FOR-US: Nitro Pro
CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...)
	NOT-FOR-US: Nitro Pro
CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
	NOT-FOR-US: EPSON
CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...)
	NOT-FOR-US: WAGO
CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI file for ...)
	NOT-FOR-US: Leadtools
CVE-2020-6088
	RESERVED
CVE-2020-6087
	RESERVED
CVE-2020-6086
	RESERVED
CVE-2020-6085
	RESERVED
CVE-2020-6084
	RESERVED
CVE-2020-6083
	RESERVED
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
	NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource  ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource  ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft
CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...)
	NOT-FOR-US: Accusoft
CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF parser o ...)
	NOT-FOR-US: Nitro Pro
CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource  ...)
	{DSA-4671-1}
	- libmicrodns <removed>
	[stretch] - libmicrodns <ignored> (Will be removed in next point release)
	- vlc 3.0.8-4
	[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994
	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6070
	RESERVED
CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...)
	{DSA-4711-1}
	- coturn 4.5.1.1-1.2 (bug #951876)
	[jessie] - coturn <not-affected> (Vulnerable code introduced later)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
	NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
	{DSA-4711-1}
	- coturn 4.5.1.1-1.2 (bug #951876)
	[jessie] - coturn <not-affected> (Vulnerable code introduced later)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
	NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a
CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...)
	NOT-FOR-US: MiniSNMPD
CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...)
	NOT-FOR-US: MiniSNMPD
CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...)
	NOT-FOR-US: MiniSNMPD
CVE-2020-6057
	RESERVED
CVE-2020-6056
	RESERVED
CVE-2020-6055
	RESERVED
CVE-2020-6054
	RESERVED
CVE-2020-6053
	RESERVED
CVE-2020-6052
	RESERVED
CVE-2020-6051
	RESERVED
CVE-2020-6050
	RESERVED
CVE-2020-6049
	RESERVED
CVE-2020-6048
	RESERVED
CVE-2020-6047
	RESERVED
CVE-2020-6046
	RESERVED
CVE-2020-6045
	RESERVED
CVE-2020-6044
	RESERVED
CVE-2020-6043
	RESERVED
CVE-2020-6042
	RESERVED
CVE-2020-6041
	RESERVED
CVE-2020-6040
	RESERVED
CVE-2020-6039
	RESERVED
CVE-2020-6038
	RESERVED
CVE-2020-6037
	RESERVED
CVE-2020-6036
	RESERVED
CVE-2020-6035
	RESERVED
CVE-2020-6034
	RESERVED
CVE-2020-6033
	RESERVED
CVE-2020-6032
	RESERVED
CVE-2020-6031
	RESERVED
CVE-2020-6030
	RESERVED
CVE-2020-6029
	RESERVED
CVE-2020-6028
	RESERVED
CVE-2020-6027
	RESERVED
CVE-2020-6026
	RESERVED
CVE-2020-6025
	RESERVED
CVE-2020-6024
	RESERVED
CVE-2020-6023
	RESERVED
CVE-2020-6022
	RESERVED
CVE-2020-6021
	RESERVED
CVE-2020-6020
	RESERVED
CVE-2020-6019
	RESERVED
CVE-2020-6018
	RESERVED
CVE-2020-6017
	RESERVED
CVE-2020-6016
	RESERVED
CVE-2020-6015
	RESERVED
CVE-2020-6014
	RESERVED
CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...)
	TODO: check
CVE-2020-6012
	RESERVED
CVE-2020-6011
	RESERVED
CVE-2020-6010 (LearnPress Wordpress plugin version prior and including 3.2.6.7 is vul ...)
	NOT-FOR-US: LearnPress Wordpress plugin
CVE-2020-6009 (LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauth ...)
	NOT-FOR-US: LearnDash Wordpress plugin
CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...)
	NOT-FOR-US: LifterLMS Wordpress plugin
CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...)
	NOT-FOR-US: Philips Hue Bridge model
CVE-2020-6006
	RESERVED
CVE-2020-6005
	RESERVED
CVE-2020-6004
	RESERVED
CVE-2020-6003
	RESERVED
CVE-2020-6002
	RESERVED
CVE-2020-6001
	RESERVED
CVE-2020-6000
	RESERVED
CVE-2020-5999
	RESERVED
CVE-2020-5998
	RESERVED
CVE-2020-5997
	RESERVED
CVE-2020-5996
	RESERVED
CVE-2020-5995
	RESERVED
CVE-2020-5994
	RESERVED
CVE-2020-5993
	RESERVED
CVE-2020-5992
	RESERVED
CVE-2020-5991
	RESERVED
CVE-2020-5990
	RESERVED
CVE-2020-5989
	RESERVED
CVE-2020-5988
	RESERVED
CVE-2020-5987
	RESERVED
CVE-2020-5986
	RESERVED
CVE-2020-5985
	RESERVED
CVE-2020-5984
	RESERVED
CVE-2020-5983
	RESERVED
CVE-2020-5982
	RESERVED
CVE-2020-5981
	RESERVED
CVE-2020-5980
	RESERVED
CVE-2020-5979
	RESERVED
CVE-2020-5978
	RESERVED
CVE-2020-5977
	RESERVED
CVE-2020-5976
	RESERVED
CVE-2020-5975
	RESERVED
CVE-2020-5974
	RESERVED
CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...)
	- nvidia-graphics-drivers 440.100-1 (bug #963766)
	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-tesla-440 440.95.01-1
	- nvidia-graphics-drivers-tesla-418 418.152.00-1
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5965 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5964 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	- nvidia-graphics-drivers 440.100-1 (bug #963766)
	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-tesla-440 440.95.01-1
	- nvidia-graphics-drivers-tesla-418 418.152.00-1
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
CVE-2020-5962 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...)
	NOT-FOR-US: NVIDIA vGPU graphics driver for guest OS
CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: Nvidia driver for Windows
CVE-2019-20358 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in the Tren ...)
	NOT-FOR-US: Trend Micro
CVE-2020-5956
	RESERVED
CVE-2020-5955
	RESERVED
CVE-2020-5954
	RESERVED
CVE-2020-5953
	RESERVED
CVE-2020-5952
	RESERVED
CVE-2020-5951
	RESERVED
CVE-2020-5950
	RESERVED
CVE-2020-5949
	RESERVED
CVE-2020-5948
	RESERVED
CVE-2020-5947
	RESERVED
CVE-2020-5946
	RESERVED
CVE-2020-5945
	RESERVED
CVE-2020-5944
	RESERVED
CVE-2020-5943
	RESERVED
CVE-2020-5942
	RESERVED
CVE-2020-5941
	RESERVED
CVE-2020-5940
	RESERVED
CVE-2020-5939
	RESERVED
CVE-2020-5938
	RESERVED
CVE-2020-5937
	RESERVED
CVE-2020-5936
	RESERVED
CVE-2020-5935
	RESERVED
CVE-2020-5934
	RESERVED
CVE-2020-5933
	RESERVED
CVE-2020-5932
	RESERVED
CVE-2020-5931
	RESERVED
CVE-2020-5930
	RESERVED
CVE-2020-5929
	RESERVED
CVE-2020-5928
	RESERVED
CVE-2020-5927
	RESERVED
CVE-2020-5926
	RESERVED
CVE-2020-5925
	RESERVED
CVE-2020-5924
	RESERVED
CVE-2020-5923
	RESERVED
CVE-2020-5922
	RESERVED
CVE-2020-5921
	RESERVED
CVE-2020-5920
	RESERVED
CVE-2020-5919
	RESERVED
CVE-2020-5918
	RESERVED
CVE-2020-5917
	RESERVED
CVE-2020-5916
	RESERVED
CVE-2020-5915
	RESERVED
CVE-2020-5914
	RESERVED
CVE-2020-5913
	RESERVED
CVE-2020-5912
	RESERVED
CVE-2020-5911 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller  ...)
	TODO: check
CVE-2020-5910 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic  ...)
	TODO: check
CVE-2020-5909 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the co ...)
	TODO: check
CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5906 (In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5905 (In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5904 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5903 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5902 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5901 (In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow f ...)
	TODO: check
CVE-2020-5900 (In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient ...)
	TODO: check
CVE-2020-5899 (In NGINX Controller 3.0.0-3.4.0, recovery code required to change a us ...)
	TODO: check
CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5891 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undis ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5890 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5889 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5888 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5887 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5886 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5885 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5884 (On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5883 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5882 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5881 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, whe ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5880 (Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process m ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5879 (On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-I ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5878 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Tra ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5877 (On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5876 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5875 (On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5874 (On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5873 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5872 (On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5871 (On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial o ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...)
	NOT-FOR-US: F5
CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...)
	NOT-FOR-US: F5
CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discover ...)
	NOT-FOR-US: F5
CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script,  ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between  ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...)
	NOT-FOR-US: NGINX Controller
CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5860 (On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5859 (On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5858 (On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5857 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specif ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5855 (When the Windows Logon Integration feature is configured for all versi ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5854 (On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of servic ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (TPM) s ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2020-5850
	RESERVED
CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...)
	NOT-FOR-US: Unraid
CVE-2020-5848
	RESERVED
CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...)
	NOT-FOR-US: Unraid
CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...)
	NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2020-5845
	RESERVED
CVE-2020-5844 (index.php?sec=godmode/extensions&amp;sec2=extensions/files_repo in Pan ...)
	NOT-FOR-US: Pandora FMS
CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...)
	NOT-FOR-US: Codoforum
CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...)
	NOT-FOR-US: Codoforum
CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using password ch ...)
	NOT-FOR-US: OpServices OpMon
CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...)
	NOT-FOR-US: HashBrown CMS
CVE-2020-5839
	RESERVED
CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...)
	NOT-FOR-US: Symantec
CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
	NOT-FOR-US: Symantec
CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...)
	NOT-FOR-US: Symantec
CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race condit ...)
	NOT-FOR-US: Symantec
CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...)
	NOT-FOR-US: Symantec
CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...)
	NOT-FOR-US: Symantec
CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...)
	NOT-FOR-US: Symantec
CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM)
CVE-2020-5830 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM)
CVE-2020-5829 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM)
CVE-2020-5828 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM)
CVE-2020-5827 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM)
CVE-2020-5826 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5825 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5824 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5823 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5822 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5821 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5820 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...)
	NOT-FOR-US: Symantec
CVE-2020-5819
	RESERVED
CVE-2020-5818
	RESERVED
CVE-2020-5817
	RESERVED
CVE-2020-5816
	RESERVED
CVE-2020-5815
	RESERVED
CVE-2020-5814
	RESERVED
CVE-2020-5813
	RESERVED
CVE-2020-5812
	RESERVED
CVE-2020-5811
	RESERVED
CVE-2020-5810
	RESERVED
CVE-2020-5809
	RESERVED
CVE-2020-5808
	RESERVED
CVE-2020-5807
	RESERVED
CVE-2020-5806
	RESERVED
CVE-2020-5805
	RESERVED
CVE-2020-5804
	RESERVED
CVE-2020-5803
	RESERVED
CVE-2020-5802
	RESERVED
CVE-2020-5801
	RESERVED
CVE-2020-5800
	RESERVED
CVE-2020-5799
	RESERVED
CVE-2020-5798
	RESERVED
CVE-2020-5797
	RESERVED
CVE-2020-5796
	RESERVED
CVE-2020-5795
	RESERVED
CVE-2020-5794
	RESERVED
CVE-2020-5793
	RESERVED
CVE-2020-5792
	RESERVED
CVE-2020-5791
	RESERVED
CVE-2020-5790
	RESERVED
CVE-2020-5789
	RESERVED
CVE-2020-5788
	RESERVED
CVE-2020-5787
	RESERVED
CVE-2020-5786
	RESERVED
CVE-2020-5785
	RESERVED
CVE-2020-5784
	RESERVED
CVE-2020-5783
	RESERVED
CVE-2020-5782
	RESERVED
CVE-2020-5781
	RESERVED
CVE-2020-5780
	RESERVED
CVE-2020-5779
	RESERVED
CVE-2020-5778
	RESERVED
CVE-2020-5777
	RESERVED
CVE-2020-5776
	RESERVED
CVE-2020-5775
	RESERVED
CVE-2020-5774
	RESERVED
CVE-2020-5773
	RESERVED
CVE-2020-5772
	RESERVED
CVE-2020-5771
	RESERVED
CVE-2020-5770
	RESERVED
CVE-2020-5769
	RESERVED
CVE-2020-5768
	RESERVED
CVE-2020-5767
	RESERVED
CVE-2020-5766
	RESERVED
CVE-2020-5765
	RESERVED
CVE-2020-5764
	RESERVED
CVE-2020-5763
	RESERVED
CVE-2020-5762
	RESERVED
CVE-2020-5761
	RESERVED
CVE-2020-5760
	RESERVED
CVE-2020-5759
	RESERVED
CVE-2020-5758
	RESERVED
CVE-2020-5757
	RESERVED
CVE-2020-5756
	RESERVED
CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...)
	NOT-FOR-US: Webroot
CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...)
	NOT-FOR-US: Webroot
CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
	NOT-FOR-US: Signal Private Messenger (Android and iOS version)
CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a  ...)
	NOT-FOR-US: Druva inSync Windows Client
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
	NOT-FOR-US: TCExam
CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
	NOT-FOR-US: TCExam
CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
	NOT-FOR-US: TCExam
CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
	NOT-FOR-US: TCExam
CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
	NOT-FOR-US: TCExam
CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
	NOT-FOR-US: TCExam
CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...)
	NOT-FOR-US: TCExam
CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...)
	NOT-FOR-US: TCExam
CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
	NOT-FOR-US: TCExam
CVE-2020-5742 (Improper Access Control in Plex Media Server prior to June 15, 2020 al ...)
	NOT-FOR-US: Plex Media Server
CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...)
	NOT-FOR-US: Plex Media Server on Windows
CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
	NOT-FOR-US: Plex Media Server
CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable  ...)
	NOT-FOR-US: Grandstream
CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable  ...)
	NOT-FOR-US: Grandstream
CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...)
	NOT-FOR-US: Tenable.Sc
CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...)
	NOT-FOR-US: Amcrest
CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...)
	NOT-FOR-US: Amcrest
CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...)
	NOT-FOR-US: SolarWinds
CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...)
	NOT-FOR-US: OpenMRS
CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...)
	NOT-FOR-US: OpenMRS
CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...)
	NOT-FOR-US: OpenMRS
CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login  ...)
	NOT-FOR-US: OpenMRS
CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...)
	NOT-FOR-US: OpenMRS
CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...)
	NOT-FOR-US: OpenMRS
CVE-2020-5727 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
	NOT-FOR-US: SimpliSafe
CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...)
	NOT-FOR-US: Grandstream
CVE-2020-5725 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...)
	NOT-FOR-US: Grandstream
CVE-2020-5724 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...)
	NOT-FOR-US: Grandstream
CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user passwor ...)
	NOT-FOR-US: UCM6200
CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to  ...)
	NOT-FOR-US: Grandstream
CVE-2020-5721 (MikroTik WinBox 3.22 and below stores the user's cleartext password in ...)
	NOT-FOR-US: MikroTik
CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...)
	NOT-FOR-US: MikroTik WinBox
CVE-2020-5719
	RESERVED
CVE-2020-5718
	RESERVED
CVE-2020-5717
	RESERVED
CVE-2020-5716
	RESERVED
CVE-2020-5715
	RESERVED
CVE-2020-5714
	RESERVED
CVE-2020-5713
	RESERVED
CVE-2020-5712
	RESERVED
CVE-2020-5711
	RESERVED
CVE-2020-5710
	RESERVED
CVE-2020-5709
	RESERVED
CVE-2020-5708
	RESERVED
CVE-2020-5707
	RESERVED
CVE-2020-5706
	RESERVED
CVE-2020-5705
	RESERVED
CVE-2020-5704
	RESERVED
CVE-2020-5703
	RESERVED
CVE-2020-5702
	RESERVED
CVE-2020-5701
	RESERVED
CVE-2020-5700
	RESERVED
CVE-2020-5699
	RESERVED
CVE-2020-5698
	RESERVED
CVE-2020-5697
	RESERVED
CVE-2020-5696
	RESERVED
CVE-2020-5695
	RESERVED
CVE-2020-5694
	RESERVED
CVE-2020-5693
	RESERVED
CVE-2020-5692
	RESERVED
CVE-2020-5691
	RESERVED
CVE-2020-5690
	RESERVED
CVE-2020-5689
	RESERVED
CVE-2020-5688
	RESERVED
CVE-2020-5687
	RESERVED
CVE-2020-5686
	RESERVED
CVE-2020-5685
	RESERVED
CVE-2020-5684
	RESERVED
CVE-2020-5683
	RESERVED
CVE-2020-5682
	RESERVED
CVE-2020-5681
	RESERVED
CVE-2020-5680
	RESERVED
CVE-2020-5679
	RESERVED
CVE-2020-5678
	RESERVED
CVE-2020-5677
	RESERVED
CVE-2020-5676
	RESERVED
CVE-2020-5675
	RESERVED
CVE-2020-5674
	RESERVED
CVE-2020-5673
	RESERVED
CVE-2020-5672
	RESERVED
CVE-2020-5671
	RESERVED
CVE-2020-5670
	RESERVED
CVE-2020-5669
	RESERVED
CVE-2020-5668
	RESERVED
CVE-2020-5667
	RESERVED
CVE-2020-5666
	RESERVED
CVE-2020-5665
	RESERVED
CVE-2020-5664
	RESERVED
CVE-2020-5663
	RESERVED
CVE-2020-5662
	RESERVED
CVE-2020-5661
	RESERVED
CVE-2020-5660
	RESERVED
CVE-2020-5659
	RESERVED
CVE-2020-5658
	RESERVED
CVE-2020-5657
	RESERVED
CVE-2020-5656
	RESERVED
CVE-2020-5655
	RESERVED
CVE-2020-5654
	RESERVED
CVE-2020-5653
	RESERVED
CVE-2020-5652
	RESERVED
CVE-2020-5651
	RESERVED
CVE-2020-5650
	RESERVED
CVE-2020-5649
	RESERVED
CVE-2020-5648
	RESERVED
CVE-2020-5647
	RESERVED
CVE-2020-5646
	RESERVED
CVE-2020-5645
	RESERVED
CVE-2020-5644
	RESERVED
CVE-2020-5643
	RESERVED
CVE-2020-5642
	RESERVED
CVE-2020-5641
	RESERVED
CVE-2020-5640
	RESERVED
CVE-2020-5639
	RESERVED
CVE-2020-5638
	RESERVED
CVE-2020-5637
	RESERVED
CVE-2020-5636
	RESERVED
CVE-2020-5635
	RESERVED
CVE-2020-5634
	RESERVED
CVE-2020-5633
	RESERVED
CVE-2020-5632
	RESERVED
CVE-2020-5631
	RESERVED
CVE-2020-5630
	RESERVED
CVE-2020-5629
	RESERVED
CVE-2020-5628
	RESERVED
CVE-2020-5627
	RESERVED
CVE-2020-5626
	RESERVED
CVE-2020-5625
	RESERVED
CVE-2020-5624
	RESERVED
CVE-2020-5623
	RESERVED
CVE-2020-5622
	RESERVED
CVE-2020-5621
	RESERVED
CVE-2020-5620
	RESERVED
CVE-2020-5619
	RESERVED
CVE-2020-5618
	RESERVED
CVE-2020-5617
	RESERVED
CVE-2020-5616
	RESERVED
CVE-2020-5615
	RESERVED
CVE-2020-5614
	RESERVED
CVE-2020-5613
	RESERVED
CVE-2020-5612
	RESERVED
CVE-2020-5611
	RESERVED
CVE-2020-5610
	RESERVED
CVE-2020-5609
	RESERVED
CVE-2020-5608
	RESERVED
CVE-2020-5607
	RESERVED
CVE-2020-5606
	RESERVED
CVE-2020-5605
	RESERVED
CVE-2020-5604
	RESERVED
CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging Confi ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote a ...)
	NOT-FOR-US: Chrome Extension for e-Tax Reception System
CVE-2020-5600 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
	TODO: check
CVE-2020-5599 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
	TODO: check
CVE-2020-5598 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
	TODO: check
CVE-2020-5597 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
	TODO: check
CVE-2020-5596 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
	TODO: check
CVE-2020-5595 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
	TODO: check
CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...)
	NOT-FOR-US: Zenphoto
CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...)
	NOT-FOR-US: Zenphoto
CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
	NOT-FOR-US: XACK DNS
CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 ...)
	NOT-FOR-US: EC-CUBE
CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3,  ...)
	NOT-FOR-US: SONY
CVE-2020-5588 (Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows at ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5587 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to o ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5586 (Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5585 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5584 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintend ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5583 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5582 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5581 (Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows re ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5580 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to  ...)
	NOT-FOR-US: Paid Memberships
CVE-2020-5578
	RESERVED
CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...)
	- movabletype-opensource <removed>
CVE-2020-5576 (Cross-site request forgery (CSRF) vulnerability in Movable Type series ...)
	- movabletype-opensource <removed>
CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
	- movabletype-opensource <removed>
CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...)
	- movabletype-opensource <removed>
CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attack ...)
	NOT-FOR-US: Android App 'kintone mobile for Android'
CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker t ...)
	NOT-FOR-US: Android App 'Mailwise for Android'
CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
	NOT-FOR-US: SHARP AQUOS
CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
	NOT-FOR-US: Sales Force Assistant
CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
	NOT-FOR-US: HDD Password tool (CANVIO)
CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
	NOT-FOR-US: Keijiban Tsumiki
CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
	NOT-FOR-US: WL-Enq
CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...)
	NOT-FOR-US: WL-Enq
CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...)
	NOT-FOR-US: CuteNews
CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...)
	NOT-FOR-US: CuteNews
CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers  ...)
	NOT-FOR-US: Shihonkanri Plus GOOUT
CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers  ...)
	NOT-FOR-US: Shihonkanri Plus GOOUT
CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...)
	NOT-FOR-US: Shihonkanri Plus GOOUT
CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: mailform
CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...)
	NOT-FOR-US: mailform
CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...)
	NOT-FOR-US: Toyota
CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...)
	NOT-FOR-US: EasyBlocks
CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...)
	NOT-FOR-US: EasyBlocks
CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...)
	NOT-FOR-US: Yamaha
CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5541
	RESERVED
CVE-2020-5540
	RESERVED
CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...)
	NOT-FOR-US: GRANDIT
CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows  ...)
	NOT-FOR-US: PALLET CONTROL
CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code executi ...)
	NOT-FOR-US: Cybozu
CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
	NOT-FOR-US: OpenBlocks IoT VX2
CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
	NOT-FOR-US: OpenBlocks IoT VX2
CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated a ...)
	NOT-FOR-US: Aterm WG2600HS firmware
CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 ...)
	NOT-FOR-US: Aterm WG2600HS firmware
CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...)
	NOT-FOR-US: ilbo App
CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...)
	NOT-FOR-US: Easy Property Listings plugin for WordPress
CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
	- htmlunit <removed>
	NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28
	TODO: check details, might affect jenkins-htmlunit
CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
	- movabletype-opensource <removed>
CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC  ...)
	NOT-FOR-US: Mitsubishi
CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...)
	NOT-FOR-US: AWMS Mobile App for Android and iOS
CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...)
	NOT-FOR-US: Aterm series firmware
CVE-2020-5524 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...)
	NOT-FOR-US: Aterm series firmware
CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...)
	NOT-FOR-US: MyPallete
CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify  ...)
	NOT-FOR-US: kantan netprint App for Android
CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...)
	NOT-FOR-US: kantan netprint App for iOS
CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...)
	NOT-FOR-US: netprint App for iOS
CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly  ...)
	NOT-FOR-US: OpenLiteSpeed
CVE-2019-20356
	RESERVED
CVE-2016-11017 (The application login page in AKIPS Network Monitor 15.37 through 16.5 ...)
	NOT-FOR-US: AKIPS Network Monitor
CVE-2020-5518
	RESERVED
CVE-2020-5517 (CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access  ...)
	NOT-FOR-US: BlueOnyx
CVE-2020-5516
	RESERVED
CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...)
	NOT-FOR-US: Gila CMS
CVE-2020-5514 (Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous  ...)
	NOT-FOR-US: Gila CMS
CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. ...)
	NOT-FOR-US: Gila CMS
CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. ...)
	NOT-FOR-US: Gila CMS
CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypas ...)
	NOT-FOR-US: PHPGurukul Small CRM
CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection via the  ...)
	NOT-FOR-US: PHPGurukul Hostel Management System
CVE-2020-5509 (PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an ...)
	NOT-FOR-US: PHPGurukul Car Rental Project
CVE-2020-5508
	RESERVED
CVE-2019-20355
	RESERVED
CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows a remot ...)
	NOT-FOR-US: piSignage
CVE-2019-20353
	RESERVED
CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392636
	NOTE: Crash in CLI tool, no security impact
CVE-2019-20351
	RESERVED
CVE-2019-20350
	RESERVED
CVE-2019-20349
	RESERVED
CVE-2019-20348 (OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UAR ...)
	NOT-FOR-US: OKER G232V1 devices
CVE-2019-20347
	RESERVED
CVE-2019-20346
	RESERVED
CVE-2019-20345
	RESERVED
CVE-2019-20344
	RESERVED
CVE-2019-20343 (The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution v ...)
	NOT-FOR-US: Maven plugin
CVE-2019-20342
	RESERVED
CVE-2019-20341
	RESERVED
CVE-2019-20340
	RESERVED
CVE-2019-20339
	RESERVED
CVE-2019-20338
	RESERVED
CVE-2019-20337 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.p ...)
	NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script
CVE-2019-20336 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-resu ...)
	NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script
CVE-2019-20335
	RESERVED
CVE-2020-5507
	RESERVED
CVE-2020-5506
	RESERVED
CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the "file":"data: ...)
	NOT-FOR-US: Freelancy
CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists  ...)
	{DLA-2060-1}
	- phpmyadmin 4:4.9.4+dfsg1-1 (bug #948718)
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
	NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/
CVE-2020-5503
	RESERVED
CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...)
	NOT-FOR-US: phpBB
CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...)
	NOT-FOR-US: phpBB
CVE-2020-5500
	RESERVED
CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
	NOT-FOR-US: Baidu Rust SGX SDK
CVE-2020-5498
	REJECTED
CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
	NOT-FOR-US: MITREid Connect
CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
	- fontforge <unfixed> (bug #948231)
	[buster] - fontforge <no-dsa> (Minor issue)
	[stretch] - fontforge <no-dsa> (Minor issue)
	[jessie] - fontforge <no-dsa> (Minor issue)
	NOTE: https://github.com/fontforge/fontforge/issues/4085
CVE-2020-5495
	RESERVED
CVE-2020-5494
	RESERVED
CVE-2020-5493
	RESERVED
CVE-2020-5492
	RESERVED
CVE-2020-5491
	RESERVED
CVE-2020-5490
	RESERVED
CVE-2020-5489
	RESERVED
CVE-2020-5488
	RESERVED
CVE-2020-5487
	RESERVED
CVE-2020-5486
	RESERVED
CVE-2020-5485
	RESERVED
CVE-2020-5484
	RESERVED
CVE-2020-5483
	RESERVED
CVE-2020-5482
	RESERVED
CVE-2020-5481
	RESERVED
CVE-2020-5480
	RESERVED
CVE-2020-5479
	RESERVED
CVE-2020-5478
	RESERVED
CVE-2020-5477
	RESERVED
CVE-2020-5476
	RESERVED
CVE-2020-5475
	RESERVED
CVE-2020-5474
	RESERVED
CVE-2020-5473
	RESERVED
CVE-2020-5472
	RESERVED
CVE-2020-5471
	RESERVED
CVE-2020-5470
	RESERVED
CVE-2020-5469
	RESERVED
CVE-2020-5468
	RESERVED
CVE-2020-5467
	RESERVED
CVE-2020-5466
	RESERVED
CVE-2020-5465
	RESERVED
CVE-2020-5464
	RESERVED
CVE-2020-5463
	RESERVED
CVE-2020-5462
	RESERVED
CVE-2020-5461
	RESERVED
CVE-2020-5460
	RESERVED
CVE-2020-5459
	RESERVED
CVE-2020-5458
	RESERVED
CVE-2020-5457
	RESERVED
CVE-2020-5456
	RESERVED
CVE-2020-5455
	RESERVED
CVE-2020-5454
	RESERVED
CVE-2020-5453
	RESERVED
CVE-2020-5452
	RESERVED
CVE-2020-5451
	RESERVED
CVE-2020-5450
	RESERVED
CVE-2020-5449
	RESERVED
CVE-2020-5448
	RESERVED
CVE-2020-5447
	RESERVED
CVE-2020-5446
	RESERVED
CVE-2020-5445
	RESERVED
CVE-2020-5444
	RESERVED
CVE-2020-5443
	RESERVED
CVE-2020-5442
	RESERVED
CVE-2020-5441
	RESERVED
CVE-2020-5440
	RESERVED
CVE-2020-5439
	RESERVED
CVE-2020-5438
	RESERVED
CVE-2020-5437
	RESERVED
CVE-2020-5436
	RESERVED
CVE-2020-5435
	RESERVED
CVE-2020-5434
	RESERVED
CVE-2020-5433
	RESERVED
CVE-2020-5432
	RESERVED
CVE-2020-5431
	RESERVED
CVE-2020-5430
	RESERVED
CVE-2020-5429
	RESERVED
CVE-2020-5428
	RESERVED
CVE-2020-5427
	RESERVED
CVE-2020-5426
	RESERVED
CVE-2020-5425
	RESERVED
CVE-2020-5424
	RESERVED
CVE-2020-5423
	RESERVED
CVE-2020-5422
	RESERVED
CVE-2020-5421
	RESERVED
CVE-2020-5420
	RESERVED
CVE-2020-5419
	RESERVED
CVE-2020-5418
	RESERVED
CVE-2020-5417
	RESERVED
CVE-2020-5416
	RESERVED
CVE-2020-5415
	RESERVED
CVE-2020-5414
	RESERVED
CVE-2020-5413
	RESERVED
CVE-2020-5412
	RESERVED
CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...)
	TODO: check
CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...)
	NOT-FOR-US: Spring Cloud Config
CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
	NOT-FOR-US: Pivotal
CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...)
	- libspring-security-2.0-java <removed>
	[jessie] - libspring-security-2.0-java <not-affected> (Vulnerable code introduced later)
CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
	- libspring-security-2.0-java <removed>
	[jessie] - libspring-security-2.0-java <not-affected> (Vulnerable code introduced later)
CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...)
	NOT-FOR-US: VMware
CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...)
	NOT-FOR-US: Spring Cloud Config
CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and  ...)
	NOT-FOR-US: Reactor Netty, different from src:netty
CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...)
	NOT-FOR-US: Reactor Netty, different from src:netty
CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...)
	NOT-FOR-US: Cloud Foundry
CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...)
	NOT-FOR-US: Cloud Foundry CredHub
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
	- libspring-java <unfixed>
	[jessie] - libspring-java <not-affected> (Vulnerable code not present)
	NOTE: https://pivotal.io/security/cve-2020-5398
	NOTE: https://github.com/spring-projects/spring-framework/issues/24220
	NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76
	NOTE: https://github.com/spring-projects/spring-framework/commit/956ffe68587c8d5f21135b5ce4650af0c2dea933
CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...)
	- libspring-java <unfixed>
	[jessie] - libspring-java <not-affected> (Vulnerable code not present)
	NOTE: https://pivotal.io/security/cve-2020-5397
	NOTE: https://github.com/spring-projects/spring-framework/issues/24327
	NOTE: https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929
CVE-2020-5396
	RESERVED
CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
	- fontforge <unfixed> (bug #948231)
	[buster] - fontforge <no-dsa> (Minor issue)
	[stretch] - fontforge <no-dsa> (Minor issue)
	[jessie] - fontforge <no-dsa> (Minor issue)
	NOTE: https://github.com/fontforge/fontforge/issues/4084
CVE-2019-20334 (In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392638
	NOTE: Crash in CLI tool, no security impact
CVE-2015-9540 (Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open red ...)
	NOT-FOR-US: Chamilo LMS
CVE-2014-10398 (Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank ...)
	NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client
CVE-2020-5394
	RESERVED
CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a session to ...)
	NOT-FOR-US: Appspace On-Prem
CVE-2020-5392 (A stored cross-site scripting (XSS) vulnerability exists in the Auth0  ...)
	NOT-FOR-US: Auth0 plugin for WordPress
CVE-2020-5391 (Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 p ...)
	NOT-FOR-US: Auth0 plugin for WordPress
CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...)
	{DSA-4630-1 DLA-2119-1}
	- python-pysaml2 4.5.0-7 (bug #949322)
	NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
CVE-2020-5389
	RESERVED
CVE-2020-5388
	RESERVED
CVE-2020-5387
	RESERVED
CVE-2020-5386
	RESERVED
CVE-2020-5385
	RESERVED
CVE-2020-5384
	RESERVED
CVE-2020-5383
	RESERVED
CVE-2020-5382
	RESERVED
CVE-2020-5381
	RESERVED
CVE-2020-5380
	RESERVED
CVE-2020-5379
	RESERVED
CVE-2020-5378
	RESERVED
CVE-2020-5377
	RESERVED
CVE-2020-5376
	RESERVED
CVE-2020-5375
	RESERVED
CVE-2020-5374
	RESERVED
CVE-2020-5373
	RESERVED
CVE-2020-5372 (Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerab ...)
	NOT-FOR-US: EMC
CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
	NOT-FOR-US: EMC
CVE-2020-5370
	RESERVED
CVE-2020-5369
	RESERVED
CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authe ...)
	NOT-FOR-US: EMC
CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...)
	NOT-FOR-US: Dell EMC
CVE-2020-5366
	RESERVED
CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vul ...)
	NOT-FOR-US: EMC
CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...)
	NOT-FOR-US: EMC
CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an issue  ...)
	NOT-FOR-US: Dell
CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...)
	NOT-FOR-US: Dell
CVE-2020-5361
	RESERVED
CVE-2020-5360
	RESERVED
CVE-2020-5359
	RESERVED
CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...)
	NOT-FOR-US: Dell Encryption
CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
	NOT-FOR-US: Dell
CVE-2020-5356 (Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell  ...)
	TODO: check
CVE-2020-5355
	RESERVED
CVE-2020-5354
	RESERVED
CVE-2020-5353
	RESERVED
CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...)
	NOT-FOR-US: EMC
CVE-2020-5351
	RESERVED
CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2,  ...)
	NOT-FOR-US: EMC
CVE-2020-5349
	RESERVED
CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a  ...)
	NOT-FOR-US: Dell
CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...)
	NOT-FOR-US: Dell EMC Isilon OneFS
CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a stored  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2020-5345 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...)
	NOT-FOR-US: Dell EMC
CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...)
	NOT-FOR-US: EMC
CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image download ...)
	NOT-FOR-US: Dell
CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect  ...)
	NOT-FOR-US: Dell
CVE-2020-5341
	RESERVED
CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2020-5338
	RESERVED
CVE-2020-5337 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirect ...)
	NOT-FOR-US: RSA
CVE-2020-5336 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injectio ...)
	NOT-FOR-US: RSA
CVE-2020-5335 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site r ...)
	NOT-FOR-US: RSA
CVE-2020-5334 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Ob ...)
	NOT-FOR-US: RSA
CVE-2020-5333 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorizati ...)
	NOT-FOR-US: RSA
CVE-2020-5332 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command inje ...)
	NOT-FOR-US: RSA
CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information ...)
	NOT-FOR-US: RSA
CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...)
	NOT-FOR-US: EMC
CVE-2020-5329
	RESERVED
CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized  ...)
	NOT-FOR-US: EMC
CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...)
	NOT-FOR-US: Dell
CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...)
	NOT-FOR-US: Dell
CVE-2020-5325
	RESERVED
CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an Arbitrary Fil ...)
	NOT-FOR-US: Dell
CVE-2020-5323
	RESERVED
CVE-2020-5322
	RESERVED
CVE-2020-5321
	RESERVED
CVE-2020-5320
	RESERVED
CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prio ...)
	NOT-FOR-US: EMC
CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 co ...)
	NOT-FOR-US: EMC
CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A ...)
	NOT-FOR-US: EMC
CVE-2020-5316
	RESERVED
CVE-2020-5315
	RESERVED
CVE-2019-20333
	RESERVED
CVE-2019-20332
	RESERVED
CVE-2019-20331
	RESERVED
CVE-2020-5314
	RESERVED
CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...)
	{DSA-4631-1 DLA-2057-1}
	- pillow 7.0.0-1 (bug #948224)
	NOTE: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b (6.2.2)
CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer  ...)
	{DSA-4631-1 DLA-2057-1}
	- pillow 7.0.0-1 (bug #948224)
	NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2)
CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...)
	- pillow 7.0.0-1 (bug #948224)
	[buster] - pillow 5.4.1-2+deb10u1
	[stretch] - pillow <not-affected> (Vulnerable code not present)
	[jessie] - pillow <not-affected> (The vulnerable code was introduced later)
	NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2)
CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...)
	- pillow 7.0.0-1 (bug #948224)
	[buster] - pillow <not-affected> (Vulnerability introduced later)
	[stretch] - pillow <not-affected> (Vulnerable code not present)
	[jessie] - pillow <not-affected> (The vulnerable code was introduced later)
	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0)
	NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2)
CVE-2020-5309
	RESERVED
CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...)
	NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL  ...)
	NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...)
	NOT-FOR-US: Codoforum
CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of  ...)
	NOT-FOR-US: Codoforum
CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...)
	NOT-FOR-US: WhiteSource Application Vulnerability Management (AVM)
CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...)
	NOT-FOR-US: Tendermint
CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)
	NOT-FOR-US: MH-WikiBot
CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information disclosure ...)
	- simplesamlphp <not-affected> (Windows-only issue)
CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified&#8482; OpenID Connect  ...)
	NOT-FOR-US: ORY Hydra
CVE-2020-5299 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
	NOT-FOR-US: OctoberCMS
CVE-2020-5298 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
	NOT-FOR-US: OctoberCMS
CVE-2020-5297 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
	NOT-FOR-US: OctoberCMS
CVE-2020-5296 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
	NOT-FOR-US: OctoberCMS
CVE-2020-5295 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
	NOT-FOR-US: OctoberCMS
CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
	NOT-FOR-US: Leantime
CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...)
	NOT-FOR-US: RedpwnCTF
CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
	NOT-FOR-US: Elide
CVE-2020-5288 ("In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5287 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper  ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5286 (In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5285 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...)
	NOT-FOR-US: next.js
CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...)
	- viewvc <removed>
	[buster] - viewvc <no-dsa> (Minor issue)
	[stretch] - viewvc <no-dsa> (Minor issue)
	[jessie] - viewvc <no-dsa> (Minor issue)
	NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg
	NOTE: https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8
	NOTE: https://github.com/viewvc/viewvc/issues/211
CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
	NOT-FOR-US: Nick Chan Bot
CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...)
	NOT-FOR-US: Perun
CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...)
	NOT-FOR-US: http4s
CVE-2020-5279 (In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5278 (In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5276 (In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...)
	- symfony 4.4.8-1 (bug #961415)
	[buster] - symfony <not-affected> (Introduced in 4.4.0)
	[stretch] - symfony <not-affected> (Introduced in 4.4.0)
	[jessie] - symfony <not-affected> (Introduced in 4.4.0)
	NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy
	NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf
CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...)
	- symfony 4.4.8-1 (bug #961415)
	[buster] - symfony <not-affected> (Introduced in 4.4.0)
	[stretch] - symfony <not-affected> (Introduced in 4.4.0)
	[jessie] - symfony <not-affected> (Introduced in 4.4.0)
	NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler
	NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad
	NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db
CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there is a sto ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5272 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5271 (In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open r ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET versions before 1.0.2, an ...)
	NOT-FOR-US: Saml2 Authentication Services for ASP.NET
CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...)
	{DLA-2149-1}
	- rails 2:5.2.4.1+dfsg-2 (bug #954304)
	[buster] - rails 2:5.2.2.1+dfsg-1+deb10u1
	[stretch] - rails <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1
	NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master)
CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a  ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5265 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5264 (In PrestaShop before version 1.7.6.5, there is a reflected XSS while r ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before  ...)
	NOT-FOR-US: Node auth0-js
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)
	NOT-FOR-US: EasyBuild
CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...)
	NOT-FOR-US: ASP.NET
CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be trick ...)
	{DSA-4657-1 DLA-2177-1}
	- git 1:2.26.1-1
	NOTE: https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b
	NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=17f1c0b8c7e447aa62f85dc355bb48133d2812f2
	NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c716fe4bd917e013bf376a678b3a924447777b2d
	NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=07259e74ec1237c836874342c65650bdee8a3993
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021
	NOTE: https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
	{DLA-2139-1}
	- dojo 1.15.3+dfsg1-1 (bug #953587)
	[buster] - dojo <no-dsa> (Minor issue)
	NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw
	NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
	{DLA-2139-1}
	- dojo 1.15.3+dfsg1-1 (bug #953585)
	[buster] - dojo <no-dsa> (Minor issue)
	NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
	NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...)
	NOT-FOR-US: Administrate ruby gem
CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...)
	NOT-FOR-US: BookStack
CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...)
	- symfony 4.4.8-1 (bug #961415)
	[buster] - symfony <not-affected> (Introduced in 4.4.0)
	[stretch] - symfony <not-affected> (Introduced in 4.4.0)
	[jessie] - symfony <not-affected> (Introduced in 4.4.0)
	NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
	NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...)
	- nethack 3.6.6-1 (bug #953978)
	[buster] - nethack <no-dsa> (Minor issue)
	[stretch] - nethack <not-affected> (Vulnerable code introduced in 3.6.1)
	[jessie] - nethack <not-affected> (Vulnerable code introduced in 3.6.1)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9
	NOTE: https://nethack.org/security/CVE-2020-5254.html
	NOTE: Fixed with: https://github.com/NetHack/NetHack/commit/abdd3254ae06dd1fbcff637c4c631783d5ed9741 (NetHack-3.6.6_Released)
	NOTE: Introduced with: https://github.com/NetHack/NetHack/commit/f8211f69f2008609b59fe4c9ba341ff1fa520825 (NetHack-3.6.1_RC01)
CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...)
	- nethack 3.6.0-1
	[jessie] - nethack <end-of-life> (Not supported in jessie LTS)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
	NOTE: https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8
CVE-2020-5252 (The command-line "safety" package for Python has a potential security  ...)
	NOT-FOR-US: safety Python module
CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
	NOT-FOR-US: parser-server
CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...)
	NOT-FOR-US: PrestaShop
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
	- puma 3.12.4-1 (bug #953122)
	[buster] - puma <no-dsa> (Minor issue)
	[stretch] - puma <no-dsa> (Minor issue)
	NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
	NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9
	NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
	- puma 3.12.4-1 (bug #952766)
	[buster] - puma <no-dsa> (Minor issue)
	[stretch] - puma <no-dsa> (Minor issue)
	NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
	NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3)
	NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2)
CVE-2020-5246
	RESERVED
CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...)
	NOT-FOR-US: Dropwizard-Validation
CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...)
	NOT-FOR-US: BuddyPress
CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...)
	- uap-core 1:0.8.0-1 (bug #952649)
	[buster] - uap-core <no-dsa> (Minor issue)
	NOTE: https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p
	NOTE: https://github.com/ua-parser/uap-core/commit/a679b131697e7371f0441f4799940779efa2f27e
	NOTE: https://github.com/ua-parser/uap-core/commit/dd279cff09546dbd4174bd05d29c0e90c2cffa7c
	NOTE: https://github.com/ua-parser/uap-core/commit/7d92a383440c9742ec878273c90a4dcf8446f9af
	NOTE: https://github.com/ua-parser/uap-core/commit/e9a1c74dae9ecd4aa6385bd34ef6c7243f89b537
CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...)
	NOT-FOR-US: openHAB
CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...)
	NOT-FOR-US: matestack-ui-core Ruby gem
CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can view  ...)
	NOT-FOR-US: wagtail-2fa
CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
	NOT-FOR-US: Mailu
CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...)
	- cmark-gfm <unfixed>
	- python-cmarkgfmcmark-gfm <unfixed>
	- ruby-commonmarker <unfixed>
	- haskell-cmark-gfm <unfixed>
	- r-cran-commonmark <unfixed>
	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
	NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 
CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...)
	NOT-FOR-US: oneup/uploader-bundle
CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
	- waitress <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
	NOTE: Introduced in: https://github.com/Pylons/waitress/commit/0bf98dadd8cae23830cb365cc6cb9cedd7f98db0 (v1.4.2)
	NOTE: https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f (v1.4.3)
CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...)
	- nanopb <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p
	NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856
	NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3
	NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2
CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...)
	NOT-FOR-US: MessagePack for C#
CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
	NOT-FOR-US: OAuth2 Proxy
CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
	NOT-FOR-US: Ethereum
CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN  ...)
	NOT-FOR-US: Opencast
CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...)
	NOT-FOR-US: Opencast
CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...)
	NOT-FOR-US: Opencast
CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...)
	NOT-FOR-US: Opencast
CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of  ...)
	NOT-FOR-US: Feedgen
CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...)
	- simplesamlphp 1.18.4-1
	[buster] - simplesamlphp <not-affected> (Vulnerable code introduced later)
	[stretch] - simplesamlphp <not-affected> (Vulnerable code introduced later)
	[jessie] - simplesamlphp <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w
	NOTE: https://simplesamlphp.org/security/202001-01
CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ...)
	- simplesamlphp 1.18.4-1 (low)
	[buster] - simplesamlphp <no-dsa> (Minor issue)
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww
	NOTE: https://simplesamlphp.org/security/202001-02
CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...)
	NOT-FOR-US: Django User Sessions (django-user-sessions)
CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...)
	NOT-FOR-US: PrivateBin
CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...)
	NOT-FOR-US: Opencast
CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
	NOT-FOR-US: uftpd
CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be  ...)
	NOT-FOR-US: Sylius
CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...)
	NOT-FOR-US: Angular Expressions
CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...)
	NOT-FOR-US: Sylius
CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
	- ruby-secure-headers <unfixed> (bug #949999)
	NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
	NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
	NOTE: https://github.com/twitter/secure_headers/issues/418
	NOTE: https://github.com/twitter/secure_headers/pull/421
CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
	- ruby-secure-headers <unfixed> (bug #949998)
	NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
	NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
	- tensorflow <itp> (bug #804612)
CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
	- nethack 3.6.6-1 (unimportant)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
	NOTE: Negligible security impact
CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
	- nethack 3.6.6-1 (unimportant)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
	NOTE: Negligible security impact
CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
	- nethack 3.6.6-1 (unimportant)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
	NOTE: Negligible security impact
CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the  ...)
	- nethack 3.6.6-1 (unimportant)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7
	NOTE: Negligible security impact
CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
	- nethack 3.6.6-1 (unimportant)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
	NOTE: Negligible security impact
CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can  ...)
	- nethack 3.6.6-1 (unimportant)
	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
	NOTE: Negligible security impact
CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...)
	{DLA-2098-1}
	- ipmitool <unfixed> (bug #950761)
	[buster] - ipmitool <no-dsa> (Minor issue)
	[stretch] - ipmitool <no-dsa> (Minor issue)
	NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
	NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
	NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10
	NOTE: https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22
	NOTE: https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
	NOTE: https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10
	NOTE: https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637
CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
	NOT-FOR-US: Ktor
CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...)
	NOT-FOR-US: Opencast
CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
	NOT-FOR-US: Pow
CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
	NOT-FOR-US: uftpd
CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...)
	NOT-FOR-US: Fat-Free Framework
CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...)
	- apt-cacher-ng 3.3.1-1
	[buster] - apt-cacher-ng 3.2.1-1
	[stretch] - apt-cacher-ng <no-dsa> (Minor issue)
	[jessie] - apt-cacher-ng <no-dsa> (Minor issue)
	NOTE: https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc
CVE-2020-5201
	RESERVED
CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.eh ...)
	{DLA-2111-1}
	- jackson-databind 2.10.1-1
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
	NOTE: https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL serv ...)
	NOT-FOR-US: OpenLambda
CVE-2019-20328
	RESERVED
CVE-2019-20327 (Insecure permissions in cwrapper_perl in Centreon Infrastructure Monit ...)
	NOT-FOR-US: Centreon Infrastructure Monitoring
CVE-2019-20325
	REJECTED
CVE-2019-20324
	REJECTED
CVE-2019-20323
	REJECTED
CVE-2019-20322
	REJECTED
CVE-2019-20321
	REJECTED
CVE-2019-20320
	REJECTED
CVE-2019-20319
	REJECTED
CVE-2019-20318
	REJECTED
CVE-2019-20317
	REJECTED
CVE-2019-20316
	REJECTED
CVE-2019-20315
	REJECTED
CVE-2019-20314
	REJECTED
CVE-2019-20313
	REJECTED
CVE-2019-20312
	REJECTED
CVE-2019-20311
	REJECTED
CVE-2019-20310
	REJECTED
CVE-2019-20309
	REJECTED
CVE-2019-20308
	REJECTED
CVE-2019-20307
	REJECTED
CVE-2019-20306
	REJECTED
CVE-2019-20305
	REJECTED
CVE-2019-20304
	REJECTED
CVE-2019-20303
	REJECTED
CVE-2019-20302
	REJECTED
CVE-2019-20301
	REJECTED
CVE-2019-20300
	REJECTED
CVE-2019-20299
	REJECTED
CVE-2019-20298
	REJECTED
CVE-2019-20297
	REJECTED
CVE-2019-20296
	REJECTED
CVE-2019-20295
	REJECTED
CVE-2019-20294
	REJECTED
CVE-2019-20293
	REJECTED
CVE-2019-20292
	REJECTED
CVE-2019-20291
	REJECTED
CVE-2019-20290
	REJECTED
CVE-2019-20289
	REJECTED
CVE-2019-20288
	REJECTED
CVE-2019-20287
	REJECTED
CVE-2019-20286
	REJECTED
CVE-2019-20285
	REJECTED
CVE-2019-20284
	REJECTED
CVE-2019-20283
	REJECTED
CVE-2019-20282
	REJECTED
CVE-2019-20281
	REJECTED
CVE-2019-20280
	REJECTED
CVE-2019-20279
	REJECTED
CVE-2019-20278
	REJECTED
CVE-2019-20277
	REJECTED
CVE-2019-20276
	REJECTED
CVE-2019-20275
	REJECTED
CVE-2019-20274
	REJECTED
CVE-2019-20273
	REJECTED
CVE-2019-20272
	REJECTED
CVE-2019-20271
	REJECTED
CVE-2019-20270
	REJECTED
CVE-2019-20269
	REJECTED
CVE-2019-20268
	REJECTED
CVE-2019-20267
	REJECTED
CVE-2019-20266
	REJECTED
CVE-2019-20265
	REJECTED
CVE-2019-20264
	REJECTED
CVE-2019-20263
	REJECTED
CVE-2019-20262
	REJECTED
CVE-2019-20261
	REJECTED
CVE-2019-20260
	REJECTED
CVE-2019-20259
	REJECTED
CVE-2019-20258
	REJECTED
CVE-2019-20257
	REJECTED
CVE-2019-20256
	REJECTED
CVE-2019-20255
	REJECTED
CVE-2019-20254
	REJECTED
CVE-2019-20253
	REJECTED
CVE-2019-20252
	REJECTED
CVE-2019-20251
	REJECTED
CVE-2019-20250
	REJECTED
CVE-2019-20249
	REJECTED
CVE-2019-20248
	REJECTED
CVE-2019-20247
	REJECTED
CVE-2019-20246
	REJECTED
CVE-2019-20245
	REJECTED
CVE-2019-20244
	REJECTED
CVE-2019-20243
	REJECTED
CVE-2019-20242
	REJECTED
CVE-2019-20241
	REJECTED
CVE-2019-20240
	REJECTED
CVE-2019-20239
	REJECTED
CVE-2019-20238
	REJECTED
CVE-2019-20237
	REJECTED
CVE-2019-20236
	REJECTED
CVE-2019-20235
	REJECTED
CVE-2019-20234
	REJECTED
CVE-2019-20233
	REJECTED
CVE-2019-20232
	REJECTED
CVE-2019-20231
	REJECTED
CVE-2019-20230
	REJECTED
CVE-2019-20229
	REJECTED
CVE-2019-20228
	REJECTED
CVE-2019-20227
	REJECTED
CVE-2019-20226
	REJECTED
CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...)
	{DLA-2066-1}
	- gthumb <unfixed> (bug #948197)
	[buster] - gthumb <no-dsa> (Minor issue)
	[stretch] - gthumb <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
CVE-2020-5200
	RESERVED
CVE-2020-5199
	RESERVED
CVE-2020-5198
	RESERVED
CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	[experimental] - gitlab 12.6.2-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10 ...)
	NOT-FOR-US: Cerberus FTP Server Enterprise Edition
CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2020-5194 (The zip API endpoint in Cerberus FTP Server 8 allows an authenticated  ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
	NOT-FOR-US: MyBB
CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2020-5193 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
	NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
	NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
	NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2020-5190
	RESERVED
CVE-2020-5189
	RESERVED
CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...)
	NOT-FOR-US: DNN
CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...)
	NOT-FOR-US: DNN
CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...)
	NOT-FOR-US: DNN
CVE-2020-5185
	RESERVED
CVE-2020-5184
	RESERVED
CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...)
	NOT-FOR-US: FTPGetter Professional
CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...)
	NOT-FOR-US: J-BusinessDirectory extension for Joomla!
CVE-2020-5181
	RESERVED
CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...)
	NOT-FOR-US: Viscosity on Widnows and macOS
CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...)
	NOT-FOR-US: Pandora FMS
CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2019-20222 (In Support Incident Tracker (SiT!) 3.67, the Short Application Name an ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2019-20221 (In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the con ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter in th ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...)
	NOT-FOR-US: ngiflib
CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers  ...)
	NOT-FOR-US: D-Link
CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers  ...)
	NOT-FOR-US: D-Link
CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers  ...)
	NOT-FOR-US: D-Link
CVE-2019-20214
	RESERVED
CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...)
	NOT-FOR-US: D-Link
CVE-2019-20212 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
	NOT-FOR-US: themes for WordPress
CVE-2019-20211 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
	NOT-FOR-US: themes for WordPress
CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
	NOT-FOR-US: themes for WordPress
CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
	NOT-FOR-US: themes for WordPress
CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based  ...)
	{DLA-2072-1}
	- gpac <unfixed>
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1348
	NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1)
CVE-2019-20207
	RESERVED
CVE-2019-20206
	RESERVED
CVE-2019-20205 (libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame. ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/127
	NOTE: https://github.com/saitoha/libsixel/commit/bb65fce3bbecdd325ecb86d78132c3554907af87
CVE-2019-20204 (The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by  ...)
	NOT-FOR-US: Postie plugin for WordPress
CVE-2019-20203 (The Authorized Addresses feature in the Postie plugin 1.9.40 for WordP ...)
	NOT-FOR-US: Authorized Addresses feature in the Postie plugin for WordPress
CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
	NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices
CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...)
	NOT-FOR-US: ezXML
CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2020-5178
	RESERVED
CVE-2020-5177
	RESERVED
CVE-2020-5176
	RESERVED
CVE-2020-5175
	RESERVED
CVE-2020-5174
	RESERVED
CVE-2020-5173
	RESERVED
CVE-2020-5172
	RESERVED
CVE-2020-5171
	RESERVED
CVE-2020-5170
	RESERVED
CVE-2020-5169
	RESERVED
CVE-2020-5168
	RESERVED
CVE-2020-5167
	RESERVED
CVE-2020-5166
	RESERVED
CVE-2020-5165
	RESERVED
CVE-2020-5164
	RESERVED
CVE-2020-5163
	RESERVED
CVE-2020-5162
	RESERVED
CVE-2020-5161
	RESERVED
CVE-2020-5160
	RESERVED
CVE-2020-5159
	RESERVED
CVE-2020-5158
	RESERVED
CVE-2020-5157
	RESERVED
CVE-2020-5156
	RESERVED
CVE-2020-5155
	RESERVED
CVE-2020-5154
	RESERVED
CVE-2020-5153
	RESERVED
CVE-2020-5152
	RESERVED
CVE-2020-5151
	RESERVED
CVE-2020-5150
	RESERVED
CVE-2020-5149
	RESERVED
CVE-2020-5148
	RESERVED
CVE-2020-5147
	RESERVED
CVE-2020-5146
	RESERVED
CVE-2020-5145
	RESERVED
CVE-2020-5144
	RESERVED
CVE-2020-5143
	RESERVED
CVE-2020-5142
	RESERVED
CVE-2020-5141
	RESERVED
CVE-2020-5140
	RESERVED
CVE-2020-5139
	RESERVED
CVE-2020-5138
	RESERVED
CVE-2020-5137
	RESERVED
CVE-2020-5136
	RESERVED
CVE-2020-5135
	RESERVED
CVE-2020-5134
	RESERVED
CVE-2020-5133
	RESERVED
CVE-2020-5132
	RESERVED
CVE-2020-5131
	RESERVED
CVE-2020-5130
	RESERVED
CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
	NOT-FOR-US: SonicWall
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
	NOT-FOR-US: Nagios XI
CVE-2019-20196
	RESERVED
CVE-2019-20195
	RESERVED
CVE-2019-20194
	RESERVED
CVE-2019-20193
	RESERVED
CVE-2019-20192
	RESERVED
CVE-2019-20191 (Oxygen XML Editor 21.1.1 allows XXE to read any file. ...)
	NOT-FOR-US: Oxygen XML Editor
CVE-2019-20190
	RESERVED
CVE-2019-20189
	RESERVED
CVE-2019-20188
	RESERVED
CVE-2019-20187
	RESERVED
CVE-2019-20186
	RESERVED
CVE-2019-20185
	RESERVED
CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...)
	- keepass2 <unfixed> (unimportant)
	NOTE: No security impact
CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...)
	NOT-FOR-US: Employee Records System
CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via the post ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter ...)
	NOT-FOR-US: SOPlanning
CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php  ...)
	NOT-FOR-US: Advisto PEEL Shopping
CVE-2019-20177
	RESERVED
CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...)
	- pure-ftpd 1.0.49-2 (low; bug #947869)
	[buster] - pure-ftpd <no-dsa> (Minor issue)
	[stretch] - pure-ftpd <no-dsa> (Minor issue)
	[jessie] - pure-ftpd <no-dsa> (Minor issue)
	NOTE: https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...)
	- qemu <unfixed> (unimportant)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html
	NOTE: Marked unimportant, as negligible security impact (a privileged guest
	NOTE: can trigger similar issues without triggering the specific assert) and
	NOTE: is disputed by QEMU security team.
CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...)
	NOT-FOR-US: Auth0 Lock
CVE-2019-20173 (The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XS ...)
	NOT-FOR-US: Auth0 wp-auth0 plugin for WordPress
CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
	NOT-FOR-US: SerenityOS
CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	{DLA-2072-1}
	- gpac <unfixed> (low)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1337
	NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
	NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c
CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	{DLA-2072-1}
	- gpac <unfixed> (low)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1328
	NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03
CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerability introduced later, fix relates to 'use_dump_mode' introduced in v0.7.0)
	NOTE: https://github.com/gpac/gpac/issues/1329
	NOTE: Introduces use_dump_mode: https://github.com/gpac/gpac/commit/9ea1fb39891669014a6e7592a4422e8de630cdc0 (v0.7.0)
	NOTE: https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb
CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerability introduced later, fix relates to 'use_dump_mode' introduced in v0.7.0)
	NOTE: https://github.com/gpac/gpac/issues/1333
	NOTE: Introduces use_dump_mode: https://github.com/gpac/gpac/commit/9ea1fb39891669014a6e7592a4422e8de630cdc0 (v0.7.0)
	NOTE: Uncovers/makes visible the vulnerability: https://github.com/gpac/gpac/commit/697d6afb3cd012d442e12400b6841ebd1256a354 (v0.8.0)
	NOTE: https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb
CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerable code introduced in development version after v0.8.0)
	NOTE: https://github.com/gpac/gpac/issues/1330
	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #3)
CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
	NOTE: https://github.com/gpac/gpac/issues/1331
	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	{DLA-2072-1}
	- gpac <unfixed> (low)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1338
	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)
CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
	NOTE: https://github.com/gpac/gpac/issues/1332
	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	{DLA-2072-1}
	- gpac <unfixed> (low)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1335
	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)
CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	{DLA-2072-1}
	- gpac <unfixed>
	NOTE: https://github.com/gpac/gpac/issues/1327
	NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77
CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	{DLA-2072-1}
	- gpac <unfixed>
	NOTE: https://github.com/gpac/gpac/issues/1320
	NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956
CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerable code introduced in 0.8.0)
	NOTE: https://github.com/gpac/gpac/issues/1334
	NOTE: Introduced in: https://github.com/gpac/gpac/commit/d7c2bb5cc3c67566f506f51cbefbf66f8169ea85
	NOTE: Fixed by: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #2)
CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
	NOTE: https://github.com/gpac/gpac/issues/1321
	NOTE: Introduced in: https://github.com/gpac/gpac/commit/261fab7f51479ae8b1732350d9d4cc456c4919af (v0.7.0)
	NOTE: Fixed by: https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8
CVE-2019-20158
	RESERVED
CVE-2019-20157
	RESERVED
CVE-2019-20156
	RESERVED
CVE-2019-20155 (An issue was discovered in report_edit.jsp in Determine (formerly Sele ...)
	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20152
	RESERVED
CVE-2019-20151
	RESERVED
CVE-2019-20150
	RESERVED
CVE-2020-5128
	RESERVED
CVE-2020-5127
	RESERVED
CVE-2020-5126
	RESERVED
CVE-2020-5125
	RESERVED
CVE-2020-5124
	RESERVED
CVE-2020-5123
	RESERVED
CVE-2020-5122
	RESERVED
CVE-2020-5121
	RESERVED
CVE-2020-5120
	RESERVED
CVE-2020-5119
	RESERVED
CVE-2020-5118
	RESERVED
CVE-2020-5117
	RESERVED
CVE-2020-5116
	RESERVED
CVE-2020-5115
	RESERVED
CVE-2020-5114
	RESERVED
CVE-2020-5113
	RESERVED
CVE-2020-5112
	RESERVED
CVE-2020-5111
	RESERVED
CVE-2020-5110
	RESERVED
CVE-2020-5109
	RESERVED
CVE-2020-5108
	RESERVED
CVE-2020-5107
	RESERVED
CVE-2020-5106
	RESERVED
CVE-2020-5105
	RESERVED
CVE-2020-5104
	RESERVED
CVE-2020-5103
	RESERVED
CVE-2020-5102
	RESERVED
CVE-2020-5101
	RESERVED
CVE-2020-5100
	RESERVED
CVE-2020-5099
	RESERVED
CVE-2020-5098
	RESERVED
CVE-2020-5097
	RESERVED
CVE-2020-5096
	RESERVED
CVE-2020-5095
	RESERVED
CVE-2020-5094
	RESERVED
CVE-2020-5093
	RESERVED
CVE-2020-5092
	RESERVED
CVE-2020-5091
	RESERVED
CVE-2020-5090
	RESERVED
CVE-2020-5089
	RESERVED
CVE-2020-5088
	RESERVED
CVE-2020-5087
	RESERVED
CVE-2020-5086
	RESERVED
CVE-2020-5085
	RESERVED
CVE-2020-5084
	RESERVED
CVE-2020-5083
	RESERVED
CVE-2020-5082
	RESERVED
CVE-2020-5081
	RESERVED
CVE-2020-5080
	RESERVED
CVE-2020-5079
	RESERVED
CVE-2020-5078
	RESERVED
CVE-2020-5077
	RESERVED
CVE-2020-5076
	RESERVED
CVE-2020-5075
	RESERVED
CVE-2020-5074
	RESERVED
CVE-2020-5073
	RESERVED
CVE-2020-5072
	RESERVED
CVE-2020-5071
	RESERVED
CVE-2020-5070
	RESERVED
CVE-2020-5069
	RESERVED
CVE-2020-5068
	RESERVED
CVE-2020-5067
	RESERVED
CVE-2020-5066
	RESERVED
CVE-2020-5065
	RESERVED
CVE-2020-5064
	RESERVED
CVE-2020-5063
	RESERVED
CVE-2020-5062
	RESERVED
CVE-2020-5061
	RESERVED
CVE-2020-5060
	RESERVED
CVE-2020-5059
	RESERVED
CVE-2020-5058
	RESERVED
CVE-2020-5057
	RESERVED
CVE-2020-5056
	RESERVED
CVE-2020-5055
	RESERVED
CVE-2020-5054
	RESERVED
CVE-2020-5053
	RESERVED
CVE-2020-5052
	RESERVED
CVE-2020-5051
	RESERVED
CVE-2020-5050
	RESERVED
CVE-2020-5049
	RESERVED
CVE-2020-5048
	RESERVED
CVE-2020-5047
	RESERVED
CVE-2020-5046
	RESERVED
CVE-2020-5045
	RESERVED
CVE-2020-5044
	RESERVED
CVE-2020-5043
	RESERVED
CVE-2020-5042
	RESERVED
CVE-2020-5041
	RESERVED
CVE-2020-5040
	RESERVED
CVE-2020-5039
	RESERVED
CVE-2020-5038
	RESERVED
CVE-2020-5037
	RESERVED
CVE-2020-5036
	RESERVED
CVE-2020-5035
	RESERVED
CVE-2020-5034
	RESERVED
CVE-2020-5033
	RESERVED
CVE-2020-5032
	RESERVED
CVE-2020-5031
	RESERVED
CVE-2020-5030
	RESERVED
CVE-2020-5029
	RESERVED
CVE-2020-5028
	RESERVED
CVE-2020-5027
	RESERVED
CVE-2020-5026
	RESERVED
CVE-2020-5025
	RESERVED
CVE-2020-5024
	RESERVED
CVE-2020-5023
	RESERVED
CVE-2020-5022
	RESERVED
CVE-2020-5021
	RESERVED
CVE-2020-5020
	RESERVED
CVE-2020-5019
	RESERVED
CVE-2020-5018
	RESERVED
CVE-2020-5017
	RESERVED
CVE-2020-5016
	RESERVED
CVE-2020-5015
	RESERVED
CVE-2020-5014
	RESERVED
CVE-2020-5013
	RESERVED
CVE-2020-5012
	RESERVED
CVE-2020-5011
	RESERVED
CVE-2020-5010
	RESERVED
CVE-2020-5009
	RESERVED
CVE-2020-5008
	RESERVED
CVE-2020-5007
	RESERVED
CVE-2020-5006
	RESERVED
CVE-2020-5005
	RESERVED
CVE-2020-5004
	RESERVED
CVE-2020-5003
	RESERVED
CVE-2020-5002
	RESERVED
CVE-2020-5001
	RESERVED
CVE-2020-5000
	RESERVED
CVE-2020-4999
	RESERVED
CVE-2020-4998
	RESERVED
CVE-2020-4997
	RESERVED
CVE-2020-4996
	RESERVED
CVE-2020-4995
	RESERVED
CVE-2020-4994
	RESERVED
CVE-2020-4993
	RESERVED
CVE-2020-4992
	RESERVED
CVE-2020-4991
	RESERVED
CVE-2020-4990
	RESERVED
CVE-2020-4989
	RESERVED
CVE-2020-4988
	RESERVED
CVE-2020-4987
	RESERVED
CVE-2020-4986
	RESERVED
CVE-2020-4985
	RESERVED
CVE-2020-4984
	RESERVED
CVE-2020-4983
	RESERVED
CVE-2020-4982
	RESERVED
CVE-2020-4981
	RESERVED
CVE-2020-4980
	RESERVED
CVE-2020-4979
	RESERVED
CVE-2020-4978
	RESERVED
CVE-2020-4977
	RESERVED
CVE-2020-4976
	RESERVED
CVE-2020-4975
	RESERVED
CVE-2020-4974
	RESERVED
CVE-2020-4973
	RESERVED
CVE-2020-4972
	RESERVED
CVE-2020-4971
	RESERVED
CVE-2020-4970
	RESERVED
CVE-2020-4969
	RESERVED
CVE-2020-4968
	RESERVED
CVE-2020-4967
	RESERVED
CVE-2020-4966
	RESERVED
CVE-2020-4965
	RESERVED
CVE-2020-4964
	RESERVED
CVE-2020-4963
	RESERVED
CVE-2020-4962
	RESERVED
CVE-2020-4961
	RESERVED
CVE-2020-4960
	RESERVED
CVE-2020-4959
	RESERVED
CVE-2020-4958
	RESERVED
CVE-2020-4957
	RESERVED
CVE-2020-4956
	RESERVED
CVE-2020-4955
	RESERVED
CVE-2020-4954
	RESERVED
CVE-2020-4953
	RESERVED
CVE-2020-4952
	RESERVED
CVE-2020-4951
	RESERVED
CVE-2020-4950
	RESERVED
CVE-2020-4949
	RESERVED
CVE-2020-4948
	RESERVED
CVE-2020-4947
	RESERVED
CVE-2020-4946
	RESERVED
CVE-2020-4945
	RESERVED
CVE-2020-4944
	RESERVED
CVE-2020-4943
	RESERVED
CVE-2020-4942
	RESERVED
CVE-2020-4941
	RESERVED
CVE-2020-4940
	RESERVED
CVE-2020-4939
	RESERVED
CVE-2020-4938
	RESERVED
CVE-2020-4937
	RESERVED
CVE-2020-4936
	RESERVED
CVE-2020-4935
	RESERVED
CVE-2020-4934
	RESERVED
CVE-2020-4933
	RESERVED
CVE-2020-4932
	RESERVED
CVE-2020-4931
	RESERVED
CVE-2020-4930
	RESERVED
CVE-2020-4929
	RESERVED
CVE-2020-4928
	RESERVED
CVE-2020-4927
	RESERVED
CVE-2020-4926
	RESERVED
CVE-2020-4925
	RESERVED
CVE-2020-4924
	RESERVED
CVE-2020-4923
	RESERVED
CVE-2020-4922
	RESERVED
CVE-2020-4921
	RESERVED
CVE-2020-4920
	RESERVED
CVE-2020-4919
	RESERVED
CVE-2020-4918
	RESERVED
CVE-2020-4917
	RESERVED
CVE-2020-4916
	RESERVED
CVE-2020-4915
	RESERVED
CVE-2020-4914
	RESERVED
CVE-2020-4913
	RESERVED
CVE-2020-4912
	RESERVED
CVE-2020-4911
	RESERVED
CVE-2020-4910
	RESERVED
CVE-2020-4909
	RESERVED
CVE-2020-4908
	RESERVED
CVE-2020-4907
	RESERVED
CVE-2020-4906
	RESERVED
CVE-2020-4905
	RESERVED
CVE-2020-4904
	RESERVED
CVE-2020-4903
	RESERVED
CVE-2020-4902
	RESERVED
CVE-2020-4901
	RESERVED
CVE-2020-4900
	RESERVED
CVE-2020-4899
	RESERVED
CVE-2020-4898
	RESERVED
CVE-2020-4897
	RESERVED
CVE-2020-4896
	RESERVED
CVE-2020-4895
	RESERVED
CVE-2020-4894
	RESERVED
CVE-2020-4893
	RESERVED
CVE-2020-4892
	RESERVED
CVE-2020-4891
	RESERVED
CVE-2020-4890
	RESERVED
CVE-2020-4889
	RESERVED
CVE-2020-4888
	RESERVED
CVE-2020-4887
	RESERVED
CVE-2020-4886
	RESERVED
CVE-2020-4885
	RESERVED
CVE-2020-4884
	RESERVED
CVE-2020-4883
	RESERVED
CVE-2020-4882
	RESERVED
CVE-2020-4881
	RESERVED
CVE-2020-4880
	RESERVED
CVE-2020-4879
	RESERVED
CVE-2020-4878
	RESERVED
CVE-2020-4877
	RESERVED
CVE-2020-4876
	RESERVED
CVE-2020-4875
	RESERVED
CVE-2020-4874
	RESERVED
CVE-2020-4873
	RESERVED
CVE-2020-4872
	RESERVED
CVE-2020-4871
	RESERVED
CVE-2020-4870
	RESERVED
CVE-2020-4869
	RESERVED
CVE-2020-4868
	RESERVED
CVE-2020-4867
	RESERVED
CVE-2020-4866
	RESERVED
CVE-2020-4865
	RESERVED
CVE-2020-4864
	RESERVED
CVE-2020-4863
	RESERVED
CVE-2020-4862
	RESERVED
CVE-2020-4861
	RESERVED
CVE-2020-4860
	RESERVED
CVE-2020-4859
	RESERVED
CVE-2020-4858
	RESERVED
CVE-2020-4857
	RESERVED
CVE-2020-4856
	RESERVED
CVE-2020-4855
	RESERVED
CVE-2020-4854
	RESERVED
CVE-2020-4853
	RESERVED
CVE-2020-4852
	RESERVED
CVE-2020-4851
	RESERVED
CVE-2020-4850
	RESERVED
CVE-2020-4849
	RESERVED
CVE-2020-4848
	RESERVED
CVE-2020-4847
	RESERVED
CVE-2020-4846
	RESERVED
CVE-2020-4845
	RESERVED
CVE-2020-4844
	RESERVED
CVE-2020-4843
	RESERVED
CVE-2020-4842
	RESERVED
CVE-2020-4841
	RESERVED
CVE-2020-4840
	RESERVED
CVE-2020-4839
	RESERVED
CVE-2020-4838
	RESERVED
CVE-2020-4837
	RESERVED
CVE-2020-4836
	RESERVED
CVE-2020-4835
	RESERVED
CVE-2020-4834
	RESERVED
CVE-2020-4833
	RESERVED
CVE-2020-4832
	RESERVED
CVE-2020-4831
	RESERVED
CVE-2020-4830
	RESERVED
CVE-2020-4829
	RESERVED
CVE-2020-4828
	RESERVED
CVE-2020-4827
	RESERVED
CVE-2020-4826
	RESERVED
CVE-2020-4825
	RESERVED
CVE-2020-4824
	RESERVED
CVE-2020-4823
	RESERVED
CVE-2020-4822
	RESERVED
CVE-2020-4821
	RESERVED
CVE-2020-4820
	RESERVED
CVE-2020-4819
	RESERVED
CVE-2020-4818
	RESERVED
CVE-2020-4817
	RESERVED
CVE-2020-4816
	RESERVED
CVE-2020-4815
	RESERVED
CVE-2020-4814
	RESERVED
CVE-2020-4813
	RESERVED
CVE-2020-4812
	RESERVED
CVE-2020-4811
	RESERVED
CVE-2020-4810
	RESERVED
CVE-2020-4809
	RESERVED
CVE-2020-4808
	RESERVED
CVE-2020-4807
	RESERVED
CVE-2020-4806
	RESERVED
CVE-2020-4805
	RESERVED
CVE-2020-4804
	RESERVED
CVE-2020-4803
	RESERVED
CVE-2020-4802
	RESERVED
CVE-2020-4801
	RESERVED
CVE-2020-4800
	RESERVED
CVE-2020-4799
	RESERVED
CVE-2020-4798
	RESERVED
CVE-2020-4797
	RESERVED
CVE-2020-4796
	RESERVED
CVE-2020-4795
	RESERVED
CVE-2020-4794
	RESERVED
CVE-2020-4793
	RESERVED
CVE-2020-4792
	RESERVED
CVE-2020-4791
	RESERVED
CVE-2020-4790
	RESERVED
CVE-2020-4789
	RESERVED
CVE-2020-4788
	RESERVED
CVE-2020-4787
	RESERVED
CVE-2020-4786
	RESERVED
CVE-2020-4785
	RESERVED
CVE-2020-4784
	RESERVED
CVE-2020-4783
	RESERVED
CVE-2020-4782
	RESERVED
CVE-2020-4781
	RESERVED
CVE-2020-4780
	RESERVED
CVE-2020-4779
	RESERVED
CVE-2020-4778
	RESERVED
CVE-2020-4777
	RESERVED
CVE-2020-4776
	RESERVED
CVE-2020-4775
	RESERVED
CVE-2020-4774
	RESERVED
CVE-2020-4773
	RESERVED
CVE-2020-4772
	RESERVED
CVE-2020-4771
	RESERVED
CVE-2020-4770
	RESERVED
CVE-2020-4769
	RESERVED
CVE-2020-4768
	RESERVED
CVE-2020-4767
	RESERVED
CVE-2020-4766
	RESERVED
CVE-2020-4765
	RESERVED
CVE-2020-4764
	RESERVED
CVE-2020-4763
	RESERVED
CVE-2020-4762
	RESERVED
CVE-2020-4761
	RESERVED
CVE-2020-4760
	RESERVED
CVE-2020-4759
	RESERVED
CVE-2020-4758
	RESERVED
CVE-2020-4757
	RESERVED
CVE-2020-4756
	RESERVED
CVE-2020-4755
	RESERVED
CVE-2020-4754
	RESERVED
CVE-2020-4753
	RESERVED
CVE-2020-4752
	RESERVED
CVE-2020-4751
	RESERVED
CVE-2020-4750
	RESERVED
CVE-2020-4749
	RESERVED
CVE-2020-4748
	RESERVED
CVE-2020-4747
	RESERVED
CVE-2020-4746
	RESERVED
CVE-2020-4745
	RESERVED
CVE-2020-4744
	RESERVED
CVE-2020-4743
	RESERVED
CVE-2020-4742
	RESERVED
CVE-2020-4741
	RESERVED
CVE-2020-4740
	RESERVED
CVE-2020-4739
	RESERVED
CVE-2020-4738
	RESERVED
CVE-2020-4737
	RESERVED
CVE-2020-4736
	RESERVED
CVE-2020-4735
	RESERVED
CVE-2020-4734
	RESERVED
CVE-2020-4733
	RESERVED
CVE-2020-4732
	RESERVED
CVE-2020-4731
	RESERVED
CVE-2020-4730
	RESERVED
CVE-2020-4729
	RESERVED
CVE-2020-4728
	RESERVED
CVE-2020-4727
	RESERVED
CVE-2020-4726
	RESERVED
CVE-2020-4725
	RESERVED
CVE-2020-4724
	RESERVED
CVE-2020-4723
	RESERVED
CVE-2020-4722
	RESERVED
CVE-2020-4721
	RESERVED
CVE-2020-4720
	RESERVED
CVE-2020-4719
	RESERVED
CVE-2020-4718
	RESERVED
CVE-2020-4717
	RESERVED
CVE-2020-4716
	RESERVED
CVE-2020-4715
	RESERVED
CVE-2020-4714
	RESERVED
CVE-2020-4713
	RESERVED
CVE-2020-4712
	RESERVED
CVE-2020-4711
	RESERVED
CVE-2020-4710
	RESERVED
CVE-2020-4709
	RESERVED
CVE-2020-4708
	RESERVED
CVE-2020-4707
	RESERVED
CVE-2020-4706
	RESERVED
CVE-2020-4705
	RESERVED
CVE-2020-4704
	RESERVED
CVE-2020-4703
	RESERVED
CVE-2020-4702
	RESERVED
CVE-2020-4701
	RESERVED
CVE-2020-4700
	RESERVED
CVE-2020-4699
	RESERVED
CVE-2020-4698
	RESERVED
CVE-2020-4697
	RESERVED
CVE-2020-4696
	RESERVED
CVE-2020-4695
	RESERVED
CVE-2020-4694
	RESERVED
CVE-2020-4693
	RESERVED
CVE-2020-4692
	RESERVED
CVE-2020-4691
	RESERVED
CVE-2020-4690
	RESERVED
CVE-2020-4689
	RESERVED
CVE-2020-4688
	RESERVED
CVE-2020-4687
	RESERVED
CVE-2020-4686
	RESERVED
CVE-2020-4685
	RESERVED
CVE-2020-4684
	RESERVED
CVE-2020-4683
	RESERVED
CVE-2020-4682
	RESERVED
CVE-2020-4681
	RESERVED
CVE-2020-4680
	RESERVED
CVE-2020-4679
	RESERVED
CVE-2020-4678
	RESERVED
CVE-2020-4677
	RESERVED
CVE-2020-4676
	RESERVED
CVE-2020-4675
	RESERVED
CVE-2020-4674
	RESERVED
CVE-2020-4673
	RESERVED
CVE-2020-4672
	RESERVED
CVE-2020-4671
	RESERVED
CVE-2020-4670
	RESERVED
CVE-2020-4669
	RESERVED
CVE-2020-4668
	RESERVED
CVE-2020-4667
	RESERVED
CVE-2020-4666
	RESERVED
CVE-2020-4665
	RESERVED
CVE-2020-4664
	RESERVED
CVE-2020-4663
	RESERVED
CVE-2020-4662
	RESERVED
CVE-2020-4661
	RESERVED
CVE-2020-4660
	RESERVED
CVE-2020-4659
	RESERVED
CVE-2020-4658
	RESERVED
CVE-2020-4657
	RESERVED
CVE-2020-4656
	RESERVED
CVE-2020-4655
	RESERVED
CVE-2020-4654
	RESERVED
CVE-2020-4653
	RESERVED
CVE-2020-4652
	RESERVED
CVE-2020-4651
	RESERVED
CVE-2020-4650
	RESERVED
CVE-2020-4649
	RESERVED
CVE-2020-4648
	RESERVED
CVE-2020-4647
	RESERVED
CVE-2020-4646
	RESERVED
CVE-2020-4645
	RESERVED
CVE-2020-4644
	RESERVED
CVE-2020-4643
	RESERVED
CVE-2020-4642
	RESERVED
CVE-2020-4641
	RESERVED
CVE-2020-4640
	RESERVED
CVE-2020-4639
	RESERVED
CVE-2020-4638
	RESERVED
CVE-2020-4637
	RESERVED
CVE-2020-4636
	RESERVED
CVE-2020-4635
	RESERVED
CVE-2020-4634
	RESERVED
CVE-2020-4633
	RESERVED
CVE-2020-4632
	RESERVED
CVE-2020-4631
	RESERVED
CVE-2020-4630
	RESERVED
CVE-2020-4629
	RESERVED
CVE-2020-4628
	RESERVED
CVE-2020-4627
	RESERVED
CVE-2020-4626
	RESERVED
CVE-2020-4625
	RESERVED
CVE-2020-4624
	RESERVED
CVE-2020-4623
	RESERVED
CVE-2020-4622
	RESERVED
CVE-2020-4621
	RESERVED
CVE-2020-4620
	RESERVED
CVE-2020-4619
	RESERVED
CVE-2020-4618
	RESERVED
CVE-2020-4617
	RESERVED
CVE-2020-4616
	RESERVED
CVE-2020-4615
	RESERVED
CVE-2020-4614
	RESERVED
CVE-2020-4613
	RESERVED
CVE-2020-4612
	RESERVED
CVE-2020-4611
	RESERVED
CVE-2020-4610
	RESERVED
CVE-2020-4609
	RESERVED
CVE-2020-4608
	RESERVED
CVE-2020-4607
	RESERVED
CVE-2020-4606
	RESERVED
CVE-2020-4605
	RESERVED
CVE-2020-4604
	RESERVED
CVE-2020-4603
	RESERVED
CVE-2020-4602
	RESERVED
CVE-2020-4601
	RESERVED
CVE-2020-4600
	RESERVED
CVE-2020-4599
	RESERVED
CVE-2020-4598
	RESERVED
CVE-2020-4597
	RESERVED
CVE-2020-4596
	RESERVED
CVE-2020-4595
	RESERVED
CVE-2020-4594
	RESERVED
CVE-2020-4593
	RESERVED
CVE-2020-4592
	RESERVED
CVE-2020-4591
	RESERVED
CVE-2020-4590
	RESERVED
CVE-2020-4589
	RESERVED
CVE-2020-4588
	RESERVED
CVE-2020-4587
	RESERVED
CVE-2020-4586
	RESERVED
CVE-2020-4585
	RESERVED
CVE-2020-4584
	RESERVED
CVE-2020-4583
	RESERVED
CVE-2020-4582
	RESERVED
CVE-2020-4581
	RESERVED
CVE-2020-4580
	RESERVED
CVE-2020-4579
	RESERVED
CVE-2020-4578
	RESERVED
CVE-2020-4577
	RESERVED
CVE-2020-4576
	RESERVED
CVE-2020-4575
	RESERVED
CVE-2020-4574
	RESERVED
CVE-2020-4573
	RESERVED
CVE-2020-4572
	RESERVED
CVE-2020-4571
	RESERVED
CVE-2020-4570
	RESERVED
CVE-2020-4569
	RESERVED
CVE-2020-4568
	RESERVED
CVE-2020-4567
	RESERVED
CVE-2020-4566
	RESERVED
CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4564
	RESERVED
CVE-2020-4563
	RESERVED
CVE-2020-4562
	RESERVED
CVE-2020-4561
	RESERVED
CVE-2020-4560
	RESERVED
CVE-2020-4559
	RESERVED
CVE-2020-4558
	RESERVED
CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
	NOT-FOR-US: IBM
CVE-2020-4556
	RESERVED
CVE-2020-4555
	RESERVED
CVE-2020-4554
	RESERVED
CVE-2020-4553
	RESERVED
CVE-2020-4552
	RESERVED
CVE-2020-4551
	RESERVED
CVE-2020-4550
	RESERVED
CVE-2020-4549
	RESERVED
CVE-2020-4548
	RESERVED
CVE-2020-4547
	RESERVED
CVE-2020-4546
	RESERVED
CVE-2020-4545
	RESERVED
CVE-2020-4544
	RESERVED
CVE-2020-4543
	RESERVED
CVE-2020-4542
	RESERVED
CVE-2020-4541
	RESERVED
CVE-2020-4540
	RESERVED
CVE-2020-4539
	RESERVED
CVE-2020-4538
	RESERVED
CVE-2020-4537
	RESERVED
CVE-2020-4536
	RESERVED
CVE-2020-4535
	RESERVED
CVE-2020-4534
	RESERVED
CVE-2020-4533
	RESERVED
CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
	NOT-FOR-US: IBM
CVE-2020-4531
	RESERVED
CVE-2020-4530
	RESERVED
CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
	NOT-FOR-US: IBM
CVE-2020-4528
	RESERVED
CVE-2020-4527
	RESERVED
CVE-2020-4526
	RESERVED
CVE-2020-4525
	RESERVED
CVE-2020-4524
	RESERVED
CVE-2020-4523
	RESERVED
CVE-2020-4522
	RESERVED
CVE-2020-4521
	RESERVED
CVE-2020-4520
	RESERVED
CVE-2020-4519
	RESERVED
CVE-2020-4518
	RESERVED
CVE-2020-4517
	RESERVED
CVE-2020-4516
	RESERVED
CVE-2020-4515
	RESERVED
CVE-2020-4514
	RESERVED
CVE-2020-4513
	RESERVED
CVE-2020-4512
	RESERVED
CVE-2020-4511
	RESERVED
CVE-2020-4510
	RESERVED
CVE-2020-4509 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...)
	NOT-FOR-US: IBM
CVE-2020-4508
	RESERVED
CVE-2020-4507
	RESERVED
CVE-2020-4506
	RESERVED
CVE-2020-4505
	RESERVED
CVE-2020-4504
	RESERVED
CVE-2020-4503 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2020-4502
	RESERVED
CVE-2020-4501
	RESERVED
CVE-2020-4500
	RESERVED
CVE-2020-4499
	RESERVED
CVE-2020-4498
	RESERVED
CVE-2020-4497
	RESERVED
CVE-2020-4496
	RESERVED
CVE-2020-4495
	RESERVED
CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
	NOT-FOR-US: IBM
CVE-2020-4493
	RESERVED
CVE-2020-4492
	RESERVED
CVE-2020-4491
	RESERVED
CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
	NOT-FOR-US: IBM
CVE-2020-4489
	RESERVED
CVE-2020-4488
	RESERVED
CVE-2020-4487
	RESERVED
CVE-2020-4486
	RESERVED
CVE-2020-4485
	RESERVED
CVE-2020-4484
	RESERVED
CVE-2020-4483
	RESERVED
CVE-2020-4482
	RESERVED
CVE-2020-4481
	RESERVED
CVE-2020-4480
	RESERVED
CVE-2020-4479
	RESERVED
CVE-2020-4478
	RESERVED
CVE-2020-4477 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensi ...)
	NOT-FOR-US: IBM
CVE-2020-4476
	RESERVED
CVE-2020-4475
	RESERVED
CVE-2020-4474
	RESERVED
CVE-2020-4473
	RESERVED
CVE-2020-4472
	RESERVED
CVE-2020-4471 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthe ...)
	NOT-FOR-US: IBM
CVE-2020-4470 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console ...)
	NOT-FOR-US: IBM
CVE-2020-4469 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4466
	RESERVED
CVE-2020-4465
	RESERVED
CVE-2020-4464
	RESERVED
CVE-2020-4463
	RESERVED
CVE-2020-4462
	RESERVED
CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2020-4460
	RESERVED
CVE-2020-4459
	RESERVED
CVE-2020-4458
	RESERVED
CVE-2020-4457
	RESERVED
CVE-2020-4456
	RESERVED
CVE-2020-4455
	RESERVED
CVE-2020-4454
	RESERVED
CVE-2020-4453
	RESERVED
CVE-2020-4452 (IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expec ...)
	NOT-FOR-US: IBM
CVE-2020-4451
	RESERVED
CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
	NOT-FOR-US: IBM
CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
	NOT-FOR-US: IBM
CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...)
	NOT-FOR-US: IBM
CVE-2020-4447
	RESERVED
CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
	NOT-FOR-US: IBM
CVE-2020-4445
	RESERVED
CVE-2020-4444
	RESERVED
CVE-2020-4443
	RESERVED
CVE-2020-4442
	RESERVED
CVE-2020-4441
	RESERVED
CVE-2020-4440
	RESERVED
CVE-2020-4439
	RESERVED
CVE-2020-4438
	RESERVED
CVE-2020-4437
	RESERVED
CVE-2020-4436 (Certain IBM Aspera applications are vulnerable to buffer overflow afte ...)
	NOT-FOR-US: IBM
CVE-2020-4435 (Certain IBM Aspera applications are vulnerable to arbitrary memory cor ...)
	NOT-FOR-US: IBM
CVE-2020-4434 (Certain IBM Aspera applications are vulnerable to buffer overflow base ...)
	NOT-FOR-US: IBM
CVE-2020-4433 (Certain IBM Aspera applications are vulnerable to a stack-based buffer ...)
	NOT-FOR-US: IBM
CVE-2020-4432 (Certain IBM Aspera applications are vulnerable to command injection af ...)
	NOT-FOR-US: IBM
CVE-2020-4431 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...)
	NOT-FOR-US: IBM
CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...)
	NOT-FOR-US: IBM
CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...)
	NOT-FOR-US: IBM
CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...)
	NOT-FOR-US: IBM
CVE-2020-4426
	RESERVED
CVE-2020-4425
	RESERVED
CVE-2020-4424
	RESERVED
CVE-2020-4423
	RESERVED
CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...)
	NOT-FOR-US: IBM
CVE-2020-4420 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2020-4418
	RESERVED
CVE-2020-4417
	RESERVED
CVE-2020-4416
	RESERVED
CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...)
	NOT-FOR-US: IBM
CVE-2020-4414 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4413 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
	NOT-FOR-US: IBM
CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
	NOT-FOR-US: IBM
CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
	NOT-FOR-US: IBM
CVE-2020-4410
	RESERVED
CVE-2020-4409
	RESERVED
CVE-2020-4408
	RESERVED
CVE-2020-4407
	RESERVED
CVE-2020-4406 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
	NOT-FOR-US: IBM
CVE-2020-4405
	RESERVED
CVE-2020-4404
	RESERVED
CVE-2020-4403
	RESERVED
CVE-2020-4402
	RESERVED
CVE-2020-4401
	RESERVED
CVE-2020-4400
	RESERVED
CVE-2020-4399
	RESERVED
CVE-2020-4398
	RESERVED
CVE-2020-4397
	RESERVED
CVE-2020-4396
	RESERVED
CVE-2020-4395
	RESERVED
CVE-2020-4394
	RESERVED
CVE-2020-4393
	RESERVED
CVE-2020-4392
	RESERVED
CVE-2020-4391
	RESERVED
CVE-2020-4390
	RESERVED
CVE-2020-4389
	RESERVED
CVE-2020-4388
	RESERVED
CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4385
	RESERVED
CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2020-4383
	RESERVED
CVE-2020-4382
	RESERVED
CVE-2020-4381
	RESERVED
CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting.  ...)
	NOT-FOR-US: IBM
CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
	NOT-FOR-US: IBM
CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
	NOT-FOR-US: IBM
CVE-2020-4377
	RESERVED
CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...)
	NOT-FOR-US: IBM
CVE-2020-4375
	RESERVED
CVE-2020-4374
	RESERVED
CVE-2020-4373
	RESERVED
CVE-2020-4372
	RESERVED
CVE-2020-4371
	RESERVED
CVE-2020-4370
	RESERVED
CVE-2020-4369
	RESERVED
CVE-2020-4368
	RESERVED
CVE-2020-4367 (IBM Planning Analytics Local 2.0 uses weaker than expected cryptograph ...)
	NOT-FOR-US: IBM
CVE-2020-4366 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side requ ...)
	NOT-FOR-US: IBM
CVE-2020-4364
	RESERVED
CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...)
	NOT-FOR-US: IBM
CVE-2020-4361
	RESERVED
CVE-2020-4360 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2020-4359
	RESERVED
CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2020-4356
	RESERVED
CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4354
	RESERVED
CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device  ...)
	NOT-FOR-US: IBM
CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
	NOT-FOR-US: IBM
CVE-2020-4351
	RESERVED
CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
	NOT-FOR-US: IBM
CVE-2020-4349 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
	NOT-FOR-US: IBM
CVE-2020-4348 (IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
	NOT-FOR-US: IBM
CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...)
	NOT-FOR-US: IBM
CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...)
	NOT-FOR-US: IBM
CVE-2020-4345 (IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a s ...)
	NOT-FOR-US: IBM
CVE-2020-4344
	RESERVED
CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive information i ...)
	NOT-FOR-US: IBM
CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
	NOT-FOR-US: IBM
CVE-2020-4340
	RESERVED
CVE-2020-4339
	RESERVED
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
	NOT-FOR-US: IBM
CVE-2020-4337
	RESERVED
CVE-2020-4336
	RESERVED
CVE-2020-4335
	RESERVED
CVE-2020-4334
	RESERVED
CVE-2020-4333
	RESERVED
CVE-2020-4332
	RESERVED
CVE-2020-4331
	RESERVED
CVE-2020-4330
	RESERVED
CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
	NOT-FOR-US: IBM
CVE-2020-4328
	RESERVED
CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
	NOT-FOR-US: IBM
CVE-2020-4326
	RESERVED
CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...)
	NOT-FOR-US: IBM
CVE-2020-4324
	RESERVED
CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...)
	NOT-FOR-US: IBM
CVE-2020-4321
	RESERVED
CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...)
	NOT-FOR-US: IBM
CVE-2020-4319
	RESERVED
CVE-2020-4318
	RESERVED
CVE-2020-4317
	RESERVED
CVE-2020-4316
	RESERVED
CVE-2020-4315
	RESERVED
CVE-2020-4314
	RESERVED
CVE-2020-4313
	RESERVED
CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...)
	NOT-FOR-US: IBM
CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...)
	NOT-FOR-US: IBM
CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are ...)
	NOT-FOR-US: IBM
CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...)
	NOT-FOR-US: IBM
CVE-2020-4308
	RESERVED
CVE-2020-4307 (IBM Security Guardium 11.1 could allow an attacker on the same network ...)
	NOT-FOR-US: IBM
CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2020-4305
	RESERVED
CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
	NOT-FOR-US: IBM
CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
	NOT-FOR-US: IBM
CVE-2020-4302
	RESERVED
CVE-2020-4301
	RESERVED
CVE-2020-4300
	RESERVED
CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...)
	NOT-FOR-US: IBM
CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2020-4297 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is  ...)
	NOT-FOR-US: IBM
CVE-2020-4296
	RESERVED
CVE-2020-4295 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is  ...)
	NOT-FOR-US: IBM
CVE-2020-4294 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request ...)
	NOT-FOR-US: IBM
CVE-2020-4293
	RESERVED
CVE-2020-4292 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and  ...)
	NOT-FOR-US: IBM
CVE-2020-4291 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
	NOT-FOR-US: IBM
CVE-2020-4290 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
	NOT-FOR-US: IBM
CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
	NOT-FOR-US: IBM
CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4286 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
	NOT-FOR-US: IBM
CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and  ...)
	NOT-FOR-US: IBM
CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
	NOT-FOR-US: IBM
CVE-2020-4281 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is  ...)
	NOT-FOR-US: IBM
CVE-2020-4280
	RESERVED
CVE-2020-4279
	RESERVED
CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
	NOT-FOR-US: IBM
CVE-2020-4277 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive i ...)
	NOT-FOR-US: IBM
CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...)
	NOT-FOR-US: IBM
CVE-2020-4275
	RESERVED
CVE-2020-4274 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...)
	NOT-FOR-US: IBM
CVE-2020-4272 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to inc ...)
	NOT-FOR-US: IBM
CVE-2020-4271 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2020-4270 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain esc ...)
	NOT-FOR-US: IBM
CVE-2020-4269 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, suc ...)
	NOT-FOR-US: IBM
CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2020-4267 (IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2020-4266 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4265 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4264 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4263 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4262 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4261 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permi ...)
	NOT-FOR-US: IBM
CVE-2020-4259 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authe ...)
	NOT-FOR-US: IBM
CVE-2020-4258 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4257 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4256
	RESERVED
CVE-2020-4255
	RESERVED
CVE-2020-4254
	RESERVED
CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...)
	NOT-FOR-US: IBM
CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
	NOT-FOR-US: IBM
CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2020-4250
	RESERVED
CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
	NOT-FOR-US: IBM
CVE-2020-4248 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2020-4247
	RESERVED
CVE-2020-4246 (IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not requi ...)
	NOT-FOR-US: IBM
CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
	NOT-FOR-US: IBM
CVE-2020-4243
	RESERVED
CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
	NOT-FOR-US: IBM
CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
	NOT-FOR-US: IBM
CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...)
	NOT-FOR-US: IBM
CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...)
	NOT-FOR-US: IBM
CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2020-4234
	RESERVED
CVE-2020-4233 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2020-4232 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
	NOT-FOR-US: IBM
CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
	NOT-FOR-US: IBM
CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
	NOT-FOR-US: IBM
CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...)
	NOT-FOR-US: IBM
CVE-2020-4228
	RESERVED
CVE-2020-4227
	RESERVED
CVE-2020-4226 (IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive in ...)
	NOT-FOR-US: IBM
CVE-2020-4225
	RESERVED
CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
	NOT-FOR-US: IBM
CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
	NOT-FOR-US: IBM Spectrum Protect Plus
CVE-2020-4221
	RESERVED
CVE-2020-4220
	RESERVED
CVE-2020-4219
	RESERVED
CVE-2020-4218
	RESERVED
CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...)
	NOT-FOR-US: IBM
CVE-2020-4216 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...)
	NOT-FOR-US: IBM
CVE-2020-4215
	RESERVED
CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2020-4209 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...)
	NOT-FOR-US: IBM
CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2  ...)
	NOT-FOR-US: IBM
CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...)
	NOT-FOR-US: IBM
CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially  ...)
	NOT-FOR-US: IBM
CVE-2020-4202 (IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenti ...)
	NOT-FOR-US: IBM
CVE-2020-4201
	RESERVED
CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
	NOT-FOR-US: IBM
CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request f ...)
	NOT-FOR-US: IBM
CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...)
	NOT-FOR-US: IBM
CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2020-4194
	RESERVED
CVE-2020-4193 (IBM Security Guardium 11.1 uses an inadequate account lockout setting  ...)
	NOT-FOR-US: IBM
CVE-2020-4192
	RESERVED
CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographic alg ...)
	NOT-FOR-US: IBM
CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...)
	NOT-FOR-US: IBM
CVE-2020-4189
	RESERVED
CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...)
	NOT-FOR-US: IBM
CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
	NOT-FOR-US: IBM
CVE-2020-4186
	RESERVED
CVE-2020-4185
	RESERVED
CVE-2020-4184
	RESERVED
CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2020-4181
	RESERVED
CVE-2020-4180 (IBM Security Guardium 11.1 could allow a remote authenticated attacker ...)
	NOT-FOR-US: IBM
CVE-2020-4179
	RESERVED
CVE-2020-4178
	RESERVED
CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such as a  ...)
	NOT-FOR-US: IBM
CVE-2020-4176
	RESERVED
CVE-2020-4175
	RESERVED
CVE-2020-4174
	RESERVED
CVE-2020-4173
	RESERVED
CVE-2020-4172
	RESERVED
CVE-2020-4171
	RESERVED
CVE-2020-4170
	RESERVED
CVE-2020-4169
	RESERVED
CVE-2020-4168
	RESERVED
CVE-2020-4167
	RESERVED
CVE-2020-4166
	RESERVED
CVE-2020-4165
	RESERVED
CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
	NOT-FOR-US: IBM
CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...)
	NOT-FOR-US: IBM
CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
	NOT-FOR-US: IBM
CVE-2020-4160
	RESERVED
CVE-2020-4159
	RESERVED
CVE-2020-4158
	RESERVED
CVE-2020-4157
	RESERVED
CVE-2020-4156
	RESERVED
CVE-2020-4155
	RESERVED
CVE-2020-4154
	RESERVED
CVE-2020-4153
	RESERVED
CVE-2020-4152
	RESERVED
CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...)
	NOT-FOR-US: IBM
CVE-2020-4150
	RESERVED
CVE-2020-4149
	RESERVED
CVE-2020-4148
	RESERVED
CVE-2020-4147
	RESERVED
CVE-2020-4146
	RESERVED
CVE-2020-4145
	RESERVED
CVE-2020-4144
	RESERVED
CVE-2020-4143
	RESERVED
CVE-2020-4142
	RESERVED
CVE-2020-4141
	RESERVED
CVE-2020-4140
	RESERVED
CVE-2020-4139
	RESERVED
CVE-2020-4138
	RESERVED
CVE-2020-4137
	RESERVED
CVE-2020-4136
	RESERVED
CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2020-4134
	RESERVED
CVE-2020-4133
	RESERVED
CVE-2020-4132
	RESERVED
CVE-2020-4131
	RESERVED
CVE-2020-4130
	RESERVED
CVE-2020-4129
	RESERVED
CVE-2020-4128
	RESERVED
CVE-2020-4127
	RESERVED
CVE-2020-4126
	RESERVED
CVE-2020-4125
	RESERVED
CVE-2020-4124
	RESERVED
CVE-2020-4123
	RESERVED
CVE-2020-4122
	RESERVED
CVE-2020-4121
	RESERVED
CVE-2020-4120
	RESERVED
CVE-2020-4119
	RESERVED
CVE-2020-4118
	RESERVED
CVE-2020-4117
	RESERVED
CVE-2020-4116
	RESERVED
CVE-2020-4115
	RESERVED
CVE-2020-4114
	RESERVED
CVE-2020-4113
	RESERVED
CVE-2020-4112
	RESERVED
CVE-2020-4111
	RESERVED
CVE-2020-4110
	RESERVED
CVE-2020-4109
	RESERVED
CVE-2020-4108
	RESERVED
CVE-2020-4107
	RESERVED
CVE-2020-4106
	RESERVED
CVE-2020-4105
	RESERVED
CVE-2020-4104
	RESERVED
CVE-2020-4103
	RESERVED
CVE-2020-4102
	RESERVED
CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
	NOT-FOR-US: HCL Digital Experience
CVE-2020-4100
	RESERVED
CVE-2020-4099
	RESERVED
CVE-2020-4098
	RESERVED
CVE-2020-4097
	RESERVED
CVE-2020-4096
	RESERVED
CVE-2020-4095
	RESERVED
CVE-2020-4094
	RESERVED
CVE-2020-4093
	RESERVED
CVE-2020-4092 ("If port encryption is not enabled on the Domino Server, HCL Nomad on  ...)
	NOT-FOR-US: HCL Nomad
CVE-2020-4091
	RESERVED
CVE-2020-4090
	RESERVED
CVE-2020-4089 (HCL Notes is vulnerable to an information leakage vulnerability throug ...)
	NOT-FOR-US: HCL Notes
CVE-2020-4088
	RESERVED
CVE-2020-4087
	RESERVED
CVE-2020-4086
	RESERVED
CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...)
	NOT-FOR-US: HCL Connections
CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...)
	NOT-FOR-US: HCL Connections
CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...)
	NOT-FOR-US: HCL Connections
CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
	NOT-FOR-US: HCL Connections
CVE-2020-4081
	RESERVED
CVE-2020-4080
	RESERVED
CVE-2020-4079
	RESERVED
CVE-2020-4078
	RESERVED
CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
	TODO: check
CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
	TODO: check
CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary  ...)
	TODO: check
CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...)
	TODO: check
CVE-2020-4073
	RESERVED
CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...)
	TODO: check
CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...)
	TODO: check
CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...)
	TODO: check
CVE-2020-4069
	RESERVED
CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
	NOT-FOR-US: APNSwift
CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN  ...)
	{DSA-4711-1 DLA-2271-1}
	- coturn 4.5.1.3-1
	NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
	NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection  ...)
	TODO: check
CVE-2020-4065
	RESERVED
CVE-2020-4064
	RESERVED
CVE-2020-4063
	RESERVED
CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical  ...)
	TODO: check
CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasting co ...)
	TODO: check
CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
	NOT-FOR-US: LoRa Basics Station
CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability.  ...)
	TODO: check
CVE-2020-4058
	RESERVED
CVE-2020-4057
	RESERVED
CVE-2020-4056
	RESERVED
CVE-2020-4055
	RESERVED
CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...)
	- ruby-sanitize <unfixed> (bug #963808)
	[stretch] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
	[jessie] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m
	NOTE: https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9
CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...)
	- helm-kubernetes <itp> (bug #910799)
CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)
	NOT-FOR-US: Wiki.js
CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0  ...)
	TODO: check
CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
	NOT-FOR-US: SSB-DB
CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...)
	TODO: check
CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
	NOT-FOR-US: phpMussel
CVE-2020-4042
	RESERVED
CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
	NOT-FOR-US: Bolt CMS
CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
	NOT-FOR-US: Bolt CMS
CVE-2020-4039
	RESERVED
CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
	TODO: check
CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users  ...)
	TODO: check
CVE-2020-4036
	RESERVED
CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...)
	TODO: check
CVE-2020-4034
	RESERVED
CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...)
	- freerdp2 2.1.2+dfsg1-1
	[buster] - freerdp2 <no-dsa> (Minor issue)
	- freerdp <removed>
	[stretch] - freerdp <no-dsa> (Minor issue)
	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...)
	NOT-FOR-US: Atlassian
CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404  ...)
	NOT-FOR-US: Atlassian
CVE-2020-4027 (Atlassian Confluence Server and Data Center before version 7.5.1 allow ...)
	NOT-FOR-US: Atlassian
CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links  ...)
	NOT-FOR-US: Atlassian
CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
	NOT-FOR-US: Atlassian
CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
	NOT-FOR-US: Atlassian
CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before  ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
	NOT-FOR-US: Atlassian
CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...)
	NOT-FOR-US: Atlassian
CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...)
	NOT-FOR-US: Atlassian
CVE-2020-4019 (The file editing functionality in the Atlassian Companion App before v ...)
	NOT-FOR-US: Atlassian
CVE-2020-4018 (The setup resources in Atlassian Fisheye and Crucible before version 4 ...)
	NOT-FOR-US: Atlassian
CVE-2020-4017 (The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jir ...)
	NOT-FOR-US: Atlassian
CVE-2020-4016 (The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril  ...)
	NOT-FOR-US: Atlassian
CVE-2020-4015 (The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Cru ...)
	NOT-FOR-US: Atlassian
CVE-2020-4014 (The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible ...)
	NOT-FOR-US: Atlassian
CVE-2020-4013 (The review resource in Atlassian Fisheye and Crucible before version 4 ...)
	NOT-FOR-US: Atlassian
CVE-2020-4012
	RESERVED
CVE-2020-4011
	RESERVED
CVE-2020-4010
	RESERVED
CVE-2020-4009
	RESERVED
CVE-2020-4008
	RESERVED
CVE-2020-4007
	RESERVED
CVE-2020-4006
	RESERVED
CVE-2020-4005
	RESERVED
CVE-2020-4004
	RESERVED
CVE-2020-4003
	RESERVED
CVE-2020-4002
	RESERVED
CVE-2020-4001
	RESERVED
CVE-2020-4000
	RESERVED
CVE-2020-3999
	RESERVED
CVE-2020-3998
	RESERVED
CVE-2020-3997
	RESERVED
CVE-2020-3996
	RESERVED
CVE-2020-3995
	RESERVED
CVE-2020-3994
	RESERVED
CVE-2020-3993
	RESERVED
CVE-2020-3992
	RESERVED
CVE-2020-3991
	RESERVED
CVE-2020-3990
	RESERVED
CVE-2020-3989
	RESERVED
CVE-2020-3988
	RESERVED
CVE-2020-3987
	RESERVED
CVE-2020-3986
	RESERVED
CVE-2020-3985
	RESERVED
CVE-2020-3984
	RESERVED
CVE-2020-3983
	RESERVED
CVE-2020-3982
	RESERVED
CVE-2020-3981
	RESERVED
CVE-2020-3980
	RESERVED
CVE-2020-3979
	RESERVED
CVE-2020-3978
	RESERVED
CVE-2020-3977
	RESERVED
CVE-2020-3976
	RESERVED
CVE-2020-3975
	RESERVED
CVE-2020-3974
	RESERVED
CVE-2020-3973
	RESERVED
CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
	NOT-FOR-US: VMware
CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2020-3970 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3968 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3967 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3966 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3965 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3964 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3963 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
	NOT-FOR-US: VMware
CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
	NOT-FOR-US: VMware
CVE-2020-3960
	RESERVED
CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
	NOT-FOR-US: VMware
CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5,  ...)
	NOT-FOR-US: VMware
CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
	NOT-FOR-US: VMware
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...)
	NOT-FOR-US: VMware
CVE-2020-3953 (Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log ...)
	NOT-FOR-US: VMware
CVE-2020-3952 (Under certain conditions, vmdir that ships with VMware vCenter Server, ...)
	NOT-FOR-US: VMware
CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...)
	NOT-FOR-US: VMware
CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...)
	NOT-FOR-US: VMware
CVE-2020-3949
	RESERVED
CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)
	NOT-FOR-US: VMware
CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...)
	NOT-FOR-US: VMware
CVE-2020-3946 (InstallBuilder AutoUpdate tool and regular installers enabling &lt;che ...)
	NOT-FOR-US: InstallBuilder
CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...)
	NOT-FOR-US: VMware
CVE-2020-3944 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...)
	NOT-FOR-US: VMware
CVE-2020-3943 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...)
	NOT-FOR-US: VMware
CVE-2020-3942
	RESERVED
CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...)
	NOT-FOR-US: VMware Tools for Windows
CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...)
	NOT-FOR-US: VMware
CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user input to o ...)
	- node-kind-of 6.0.3+dfsg-1 (bug #948095)
	[buster] - node-kind-of 6.0.2+dfsg-1+deb10u1
	[stretch] - node-kind-of <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/jonschlinkert/kind-of/issues/30
	NOTE: https://github.com/jonschlinkert/kind-of/pull/31
CVE-2019-20148 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	[experimental] - gitlab 12.6.2-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20147 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	[experimental] - gitlab 12.6.2-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20146 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	[experimental] - gitlab 12.6.2-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20145 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	[experimental] - gitlab 12.6.2-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20144 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	[experimental] - gitlab 12.6.2-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20143 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	- gitlab <not-affected> (Only affects Gitlab CE 12.6)
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20142 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	- gitlab <not-affected> (Only affects Gitlab CE 12.3 and later)
	NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...)
	NOT-FOR-US: Laborator Neon theme for WordPress
CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/122
	NOTE: https://github.com/saitoha/libsixel/commit/598c8c88c97fd2eb5f6f5d1324fc325e66317f0c
CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...)
	NOT-FOR-US: Nagios XI
CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...)
	NOT-FOR-US: HTTP Authentication library for Nim
CVE-2019-20137
	RESERVED
CVE-2019-20136
	RESERVED
CVE-2019-20135
	RESERVED
CVE-2019-20134
	RESERVED
CVE-2019-20133
	RESERVED
CVE-2019-20132
	RESERVED
CVE-2019-20131
	RESERVED
CVE-2019-20130
	RESERVED
CVE-2019-20129
	RESERVED
CVE-2019-20128
	RESERVED
CVE-2019-20127
	RESERVED
CVE-2019-20126
	RESERVED
CVE-2019-20125
	RESERVED
CVE-2019-20124
	RESERVED
CVE-2019-20123
	RESERVED
CVE-2019-20122
	RESERVED
CVE-2019-20121
	RESERVED
CVE-2019-20120
	RESERVED
CVE-2019-20119
	RESERVED
CVE-2019-20118
	RESERVED
CVE-2019-20117
	RESERVED
CVE-2019-20116
	RESERVED
CVE-2019-20115
	RESERVED
CVE-2019-20114
	RESERVED
CVE-2019-20113
	RESERVED
CVE-2019-20112
	RESERVED
CVE-2019-20111
	RESERVED
CVE-2019-20110
	RESERVED
CVE-2019-20109
	RESERVED
CVE-2019-20108
	RESERVED
CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allo ...)
	NOT-FOR-US: TestLink
CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
	NOT-FOR-US: Atlassian
CVE-2019-20105 (The EditApplinkServlet resource in the Atlassian Application Links plu ...)
	NOT-FOR-US: Atlassian
CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...)
	NOT-FOR-US: Atlassian
CVE-2019-20103
	RESERVED
CVE-2019-20102 (The attachment-uploading feature in Atlassian Confluence Server from v ...)
	NOT-FOR-US: Atlassian
CVE-2019-20101
	RESERVED
CVE-2019-20100 (The Atlassian Application Links plugin is vulnerable to cross-site req ...)
	NOT-FOR-US: Atlassian Application Links plugin
CVE-2019-20099 (The VerifyPopServerConnection!add.jspa component in Atlassian Jira Ser ...)
	NOT-FOR-US: Atlassian
CVE-2019-20098 (The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Se ...)
	NOT-FOR-US: Atlassian
CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting from 1.0. ...)
	NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...)
	{DLA-2114-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux 3.16.72-1
	NOTE: https://git.kernel.org/linus/1d3ff0950e2b40dc861b1739029649d03f591820
CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in t ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc
CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/125
	NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034
CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
	- libpodofo <unfixed>
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/75/
CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...)
	NOT-FOR-US: Bento4
CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...)
	NOT-FOR-US: Bento4
CVE-2019-20090 (An issue was discovered in Bento4 1.5.1.0. There is a use-after-free i ...)
	NOT-FOR-US: Bento4
CVE-2019-20089 (GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_See ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-20088 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayloa ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-20087 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seek ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-20086 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-20085 (TVT NVMS-1000 devices allow GET /.. Directory Traversal ...)
	NOT-FOR-US: TVT NVMS-1000 devices
CVE-2019-20084
	RESERVED
CVE-2019-20083
	RESERVED
CVE-2019-20082
	RESERVED
CVE-2019-20081
	RESERVED
CVE-2019-20080
	RESERVED
CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed  ...)
	- vim 2:8.1.2136-1
	[buster] - vim <no-dsa> (Minor issue)
	[stretch] - vim <not-affected> (Vulnerable code introduced later)
	[jessie] - vim <not-affected> (vulnerable code was introduced later)
	NOTE: https://github.com/vim/vim/issues/5041
	NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421
CVE-2019-20078
	RESERVED
CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a CSRF vuln ...)
	NOT-FOR-US: Typesetter CMS
CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20074 (On Netis DL4323 devices, any user role can view sensitive information, ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20073 (On Netis DL4323 devices, XSS exists via the form2userconfig.cgi userna ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20072 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname par ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20071 (On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete  ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20070 (On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2 ...)
	NOT-FOR-US: Netis DL4323 devices
CVE-2019-20069
	RESERVED
CVE-2019-20068
	RESERVED
CVE-2019-20067
	RESERVED
CVE-2019-20066
	RESERVED
CVE-2019-20065
	RESERVED
CVE-2019-20064
	RESERVED
CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of m ...)
	- libmysofa 0.8~dfsg0-1
	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
	NOTE: https://github.com/hoene/libmysofa/issues/67
	NOTE: https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6
CVE-2019-20062 (MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to r ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-20061 (The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5 ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-20060 (MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-20059 (payment_manage.ajax.php and various *_manage.ajax.php in MFScripts Yet ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman  ...)
	NOT-FOR-US: Proxyman for macOS
CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	- libstb <unfixed> (low)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126
	NOTE: libsixel patch: https://github.com/saitoha/libsixel/commit/814f831555ea2492d442e784ab5d594f6a8e2e8d
	NOTE: libstb PR: https://github.com/nothings/stb/issues/886
CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...)
	NOT-FOR-US: LuquidPixels LiquiFire OS
CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack  ...)
	- upx-ucl 3.96-1 (unimportant; bug #947471)
	NOTE: https://github.com/upx/upx/issues/314
	NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 ...)
	- libmatio <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/tbeu/matio/issues/131
CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...)
	- upx-ucl 3.96-1 (unimportant)
	NOTE: https://github.com/upx/upx/issues/313
CVE-2019-20050 (Pandora FMS &#8804; 7.42 suffers from a remote code execution vulnerab ...)
	NOT-FOR-US: Pandora FMS
CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference  ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux 3.16.72-1
	NOTE: https://git.kernel.org/linus/23da9588037ecdd4901db76a5b79a42b529c4ec3
	NOTE: https://git.kernel.org/linus/89189557b47b35683a27c80ee78aef18248eefb4
CVE-2019-20049 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A re ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices befor ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices
CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and  ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
CVE-2019-20046 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
	NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
CVE-2019-20045 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
	NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can regain privi ...)
	{DLA-2117-1}
	- zsh 5.8-1 (bug #951458)
	[buster] - zsh <no-dsa> (Minor issue)
	[stretch] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/mla/zsh-announce/141
	NOTE: https://sourceforge.net/p/zsh/code/ci/24e993db62cf146fb76ebcf677a4a7aa3766fc74/
	NOTE: https://sourceforge.net/p/zsh/code/ci/8250c5c168f07549ed646e6848e6dda118271e23/
	NOTE: https://sourceforge.net/p/zsh/code/ci/26d02efa7a9b0a6b32e1a8bbc6aca6c544b94211/
	NOTE: https://sourceforge.net/p/zsh/code/ci/4ce66857b71b40a0661df3780ff557f2b0f4cb13/
	NOTE: https://sourceforge.net/p/zsh/code/ci/b15bd4aa590db8087d1e8f2eb1af2874f5db814d/
CVE-2019-20040
	RESERVED
CVE-2019-20039
	RESERVED
CVE-2019-20038
	RESERVED
CVE-2019-20037
	RESERVED
CVE-2019-20036
	RESERVED
CVE-2019-20035
	RESERVED
CVE-2019-20034
	RESERVED
CVE-2019-20033
	RESERVED
CVE-2019-20032
	RESERVED
CVE-2019-20031
	RESERVED
CVE-2019-20030
	RESERVED
CVE-2019-20029
	RESERVED
CVE-2019-20028
	RESERVED
CVE-2019-20027
	RESERVED
CVE-2019-20026
	RESERVED
CVE-2019-20025
	RESERVED
CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in  ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/121
	NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b
CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in  ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/120
	NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6
CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/108
	NOTE: https://github.com/saitoha/libsixel/commit/e17c0765ed708186865f0f8badfed44181063776
CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...)
	- upx-ucl 3.96-1 (unimportant; bug #947471)
	NOTE: https://github.com/upx/upx/issues/315
	NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
CVE-2019-20020 (A stack-based buffer over-read was discovered in ReadNextStructField i ...)
	- libmatio <unfixed>
	[buster] - libmatio <no-dsa> (Minor issue)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue)
	NOTE: https://github.com/tbeu/matio/issues/128
CVE-2019-20019 (An attempted excessive memory allocation was discovered in Mat_VarRead ...)
	- libmatio <unfixed>
	[buster] - libmatio <no-dsa> (Minor issue)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue)
	NOTE: https://github.com/tbeu/matio/issues/130
CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in mat5. ...)
	- libmatio <unfixed>
	[buster] - libmatio <no-dsa> (Minor issue)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue)
	NOTE: https://github.com/tbeu/matio/issues/129
CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5  ...)
	- libmatio <unfixed>
	[buster] - libmatio <no-dsa> (Minor issue)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue)
	NOTE: https://github.com/tbeu/matio/issues/127
CVE-2019-20016 (libmysofa before 2019-11-24 does not properly restrict recursive funct ...)
	- libmysofa 0.9~dfsg0-1
	[buster] - libmysofa <no-dsa> (Minor issue)
	NOTE: https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f
	NOTE: https://github.com/hoene/libmysofa/issues/83
	NOTE: https://github.com/hoene/libmysofa/issues/84
CVE-2019-20015 (An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead  ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20014 (An issue was discovered in GNU LibreDWG before 0.93. There is a double ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20013 (An issue was discovered in GNU LibreDWG before 0.93. Crafted input wil ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20012 (An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead  ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20011 (An issue was discovered in GNU LibreDWG 0.92. There is a heap-based bu ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20010 (An issue was discovered in GNU LibreDWG 0.92. There is a use-after-fre ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20009 (An issue was discovered in GNU LibreDWG before 0.93. Crafted input wil ...)
	- libredwg <itp> (bug #595191)
CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project name (e ...)
	NOT-FOR-US: Archery
CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
	NOT-FOR-US: ezXML
CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)
	NOT-FOR-US: Intelbras
CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...)
	NOT-FOR-US: Feldtech easescreen Crystal 9.0 Web-Services
CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds WebHelpDe ...)
	NOT-FOR-US: SolarWinds WebHelpDesk
CVE-2019-20001
	RESERVED
CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...)
	NOT-FOR-US: BullGuard Premium Protection
CVE-2019-19999 (Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI)  ...)
	NOT-FOR-US: Halo
CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. ...)
	NOT-FOR-US: Xiuno BBS
CVE-2019-19997
	RESERVED
CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malfor ...)
	NOT-FOR-US: Intelbras IWR 3000N devices
CVE-2019-19995 (A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, lead ...)
	NOT-FOR-US: Intelbras IWR 3000N devices
CVE-2019-19994 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19993 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19992 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19991 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19990 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19989 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19988 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19987 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19986 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
	NOT-FOR-US: Selesta Visual Access Manager (VAM)
CVE-2019-19985 (The WordPress plugin, Email Subscribers &amp; Newsletters, before 4.2. ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19984 (The WordPress plugin, Email Subscribers &amp; Newsletters, before 4.2. ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19983 (In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full w ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19982 (The WordPress plugin, Email Subscribers &amp; Newsletters, before 4.2. ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19981 (The WordPress plugin, Email Subscribers &amp; Newsletters, before 4.2. ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19980 (The WordPress plugin, Email Subscribers &amp; Newsletters, before 4.2. ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19979 (A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed a ...)
	NOT-FOR-US: WordPress plugin
CVE-2019-19978
	RESERVED
CVE-2019-19976
	RESERVED
CVE-2019-19975
	RESERVED
CVE-2019-19974
	RESERVED
CVE-2019-19973
	RESERVED
CVE-2019-19972
	RESERVED
CVE-2019-19971
	RESERVED
CVE-2019-19970
	RESERVED
CVE-2019-19969
	RESERVED
CVE-2019-19968 (PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting th ...)
	NOT-FOR-US: PandoraFMS
CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH ...)
	NOT-FOR-US: Connect Box EuroDOCSIS 3.0 Voice Gateway devices
CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...)
	- libesmtp <unfixed> (unimportant)
	NOTE: https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md
	NOTE: NTLM support not enabled in the Debian builds.
CVE-2019-19966 (In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_e ...)
	{DLA-2068-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	NOTE: https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd
CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer dereference ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f
CVE-2019-19964 (On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having ...)
	NOT-FOR-US: NETGEAR
CVE-2019-19963 (An issue was discovered in wolfSSL before 4.3.0 in a non-default confi ...)
	- wolfssl 4.3.0+dfsg-1
	NOTE: https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190 (v4.3.0-stable)
CVE-2019-19962 (wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, lea ...)
	- wolfssl 4.3.0+dfsg-1
	NOTE: https://github.com/wolfSSL/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d (4.3.0-stable)
CVE-2019-19961
	RESERVED
CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist sid ...)
	- wolfssl 4.3.0+dfsg-1
	NOTE: https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable)
CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT  ...)
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec
	NOTE: https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1
CVE-2019-19958 (In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/str ...)
	NOT-FOR-US: libIEC61850
CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_ac ...)
	NOT-FOR-US: libIEC61850
CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...)
	{DLA-2048-1}
	[experimental] - libxml2 2.9.10+dfsg-1
	- libxml2 2.9.10+dfsg-2
	[buster] - libxml2 <no-dsa> (Minor issue)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (v2.9.10-rc1)
CVE-2019-19955
	RESERVED
CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...)
	- signal-desktop <itp> (bug #842943)
CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...)
	{DSA-4640-1 DLA-2084-1}
	- graphicsmagick 1.4+really1.3.34-1 (bug #947311)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/
CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function  ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1791
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x)
CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...)
	{DSA-4640-1 DLA-2084-1}
	- graphicsmagick 1.4~hg16039-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/
CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free  ...)
	{DSA-4640-1 DLA-2084-1}
	- graphicsmagick 1.4~hg16039-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4712-1 DLA-2049-1}
	- imagemagick <unfixed> (low; bug #947309)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in  ...)
	{DSA-4715-1 DSA-4712-1 DLA-2049-1}
	- imagemagick <unfixed> (low; bug #947308)
	[stretch] - imagemagick <no-dsa> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x)
CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.8-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of  ...)
	NOT-FOR-US: Dradis Pro
CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an  ...)
	NOT-FOR-US: uhttpd in OpenWrt
CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
	NOT-FOR-US: libIEC61850
CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
	NOT-FOR-US: Pablo Quick 'n Easy Web Server
CVE-2019-19942 (Missing output sanitation in Swisscom Centro Grande Centro Grande befo ...)
	NOT-FOR-US: Swisscom
CVE-2019-19941 (Missing hostname validation in Swisscom Centro Grande before 6.16.12 a ...)
	NOT-FOR-US: Swisscom
CVE-2019-19940 (Incorrect input sanitation in text-oriented user interfaces (telnet, s ...)
	NOT-FOR-US: Swisscom
CVE-2019-19939
	RESERVED
CVE-2019-19938
	RESERVED
CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict eithe ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2019-19936
	RESERVED
CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...)
	TODO: check
CVE-2019-19934
	RESERVED
CVE-2019-19933
	RESERVED
CVE-2019-19932
	RESERVED
CVE-2019-19931 (In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms ...)
	NOT-FOR-US: libIEC61850
CVE-2019-19930 (In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mm ...)
	NOT-FOR-US: libIEC61850
CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner befo ...)
	NOT-FOR-US: Malwarebytes AdwCleaner
CVE-2019-19928
	RESERVED
CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...)
	{DSA-4638-1}
	- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
	{DSA-4638-1}
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
	{DSA-4638-1}
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...)
	{DLA-2068-1}
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...)
	- runc 1.0.0~rc10+dfsg1-1
	[buster] - runc <no-dsa> (Minor issue)
	[stretch] - runc <no-dsa> (Minor issue)
	NOTE: https://github.com/opencontainers/runc/issues/2197
	NOTE: https://github.com/opencontainers/runc/pull/2190
CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...)
	- node-handlebars 3:4.5.3-1
	[buster] - node-handlebars <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: https://www.npmjs.com/advisories/1164
CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...)
	- lout <unfixed> (bug #947113)
	[buster] - lout <no-dsa> (Minor issue)
	[stretch] - lout <no-dsa> (Minor issue)
	[jessie] - lout <ignored> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html
CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() function in  ...)
	- lout <unfixed> (bug #947113)
	[buster] - lout <no-dsa> (Minor issue)
	[stretch] - lout <no-dsa> (Minor issue)
	[jessie] - lout <ignored> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html
CVE-2020-3939 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...)
	NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...)
	NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, a ...)
	NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
CVE-2020-3936 (UltraLog Express device management interface does not properly filter  ...)
	NOT-FOR-US: UltraLog Express
CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
	NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
	NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
	NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...)
	NOT-FOR-US: Draytek VigorAP910C
CVE-2020-3931
	RESERVED
CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...)
	NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...)
	NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a root p ...)
	NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
	NOT-FOR-US: ServiSign security plugin
CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
	NOT-FOR-US: ServiSign security plugin
CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
	NOT-FOR-US: ServiSign security plugin
CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
	NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series
CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
	NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series
CVE-2020-3922 (LisoMail, by ArmorX, allows SQL Injections, attackers can access the d ...)
	NOT-FOR-US: LisoMail
CVE-2020-3921 (UltraLog Express device management software stores user&#8217;s inform ...)
	NOT-FOR-US: UltraLog Express
CVE-2020-3920 (UltraLog Express device management interface does not properly perform ...)
	NOT-FOR-US: UltraLog Express
CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP ...)
	NOT-FOR-US: Midori Browser
CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for Wor ...)
	NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress
CVE-2019-19914
	REJECTED
CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the ...)
	NOT-FOR-US: Intland codeBeamer ALM
CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS ...)
	NOT-FOR-US: Intland codeBeamer ALM
CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...)
	{DSA-4631-1 DLA-2057-1}
	- pillow 7.0.0-1 (bug #948224)
	NOTE: https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d (6.2.2)
CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35  ...)
	NOT-FOR-US: Mediawiki skin
CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP) pkp-lib befo ...)
	NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript inje ...)
	NOT-FOR-US: phpMyChat
CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core  ...)
	- kopanocore 8.7.0-6 (bug #947312)
	[buster] - kopanocore <no-dsa> (Minor issue)
	NOTE: https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
CVE-2019-19904
	RESERVED
CVE-2019-19903 (An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn ...)
	- backdrop <itp> (bug #914257)
CVE-2019-19902 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...)
	- backdrop <itp> (bug #914257)
CVE-2019-19901 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...)
	- backdrop <itp> (bug #914257)
CVE-2019-19900 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...)
	- backdrop <itp> (bug #914257)
CVE-2019-19899 (Pebble Templates 3.1.2 allows attackers to bypass a protection mechani ...)
	NOT-FOR-US: Pebble Templates
CVE-2019-19898 (In IXP EasyInstall 6.2.13723, there are cleartext credentials in netwo ...)
	NOT-FOR-US: IXP EasyInstall
CVE-2019-19897 (In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the A ...)
	NOT-FOR-US: IXP EasyInstall
CVE-2019-19896 (In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak  ...)
	NOT-FOR-US: IXP EasyInstall
CVE-2019-19895 (In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Age ...)
	NOT-FOR-US: IXP EasyInstall
CVE-2019-19894 (In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UA ...)
	NOT-FOR-US: IXP EasyInstall
CVE-2019-19893 (In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port ...)
	NOT-FOR-US: IXP EasyInstall
CVE-2019-19892
	RESERVED
CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...)
	NOT-FOR-US: Mitel SIP-DECT wireless devices
CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading  ...)
	{DSA-4591-1 DLA-2044-1}
	- cyrus-sasl2 2.1.27+dfsg-2 (bug #947043)
	NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587
	NOTE: https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1
	NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123
CVE-2019-16787
	REJECTED
CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...)
	- nethack 3.6.6-1 (unimportant; bug #947005)
	NOTE: https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
	NOTE: https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
	NOTE: Negligible security impact
CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2020-3918
	RESERVED
CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...)
	NOT-FOR-US: Apple
CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3915
	RESERVED
CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...)
	NOT-FOR-US: Apple
CVE-2020-3912 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...)
	NOT-FOR-US: Apple
CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...)
	- libxml2 <undetermined>
CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...)
	- libxml2 <undetermined>
CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3906 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-3905 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3904 (Multiple memory corruption issues were addressed with improved state m ...)
	NOT-FOR-US: Apple
CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3902 (An input validation issue was addressed with improved input validation ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.2-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
	RESERVED
	{DLA-2237-1}
	- cups 2.3.1-12
	[buster] - cups 2.2.10-6+deb10u3
	[stretch] - cups <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1823964
	NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
	NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx)
CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3896
	RESERVED
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3894 (A race condition was addressed with additional validation. This issue  ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3891 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2020-3890 (The issue was addressed with improved deletion. This issue is fixed in ...)
	NOT-FOR-US: Apple
CVE-2020-3889 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2020-3886
	RESERVED
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is  ...)
	{DSA-4681-1}
	- webkit2gtk 2.28.0-2
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.28.0-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3884 (An injection issue was addressed with improved validation. This issue  ...)
	NOT-FOR-US: Apple
CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2020-3880
	RESERVED
CVE-2020-3879
	RESERVED
CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3876
	RESERVED
CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...)
	NOT-FOR-US: Apple
CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...)
	NOT-FOR-US: Apple
CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...)
	NOT-FOR-US: Apple
CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4627-1}
	- webkit2gtk 2.26.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.26.4-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4627-1}
	- webkit2gtk 2.26.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.26.4-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...)
	NOT-FOR-US: Apple
CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4627-1}
	- webkit2gtk 2.26.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.26.4-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3864
	RESERVED
	{DSA-4627-1}
	- webkit2gtk 2.26.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.26.4-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3863
	RESERVED
CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...)
	{DSA-4627-1}
	- webkit2gtk 2.26.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	- wpewebkit 2.26.4-1
	NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...)
	NOT-FOR-US: Apple
CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3855
	RESERVED
CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3852
	RESERVED
CVE-2020-3851
	RESERVED
CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3848 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3847 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...)
	NOT-FOR-US: Apple
CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...)
	NOT-FOR-US: Apple
CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...)
	NOT-FOR-US: Apple
CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...)
	NOT-FOR-US: Apple
CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...)
	NOT-FOR-US: Apple
CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...)
	NOT-FOR-US: Apple
CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2020-3832
	RESERVED
CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...)
	NOT-FOR-US: Apple
CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...)
	NOT-FOR-US: Apple
CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
	NOT-FOR-US: Apple
CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2019-19890 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...)
	NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
CVE-2019-19889 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...)
	NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
CVE-2019-19888 (jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zer ...)
	NOT-FOR-US: ffjpeg
CVE-2019-19887 (bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointe ...)
	NOT-FOR-US: ffjpeg
CVE-2019-19886 (Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send c ...)
	- modsecurity 3.0.4-1 (bug #949682)
	[buster] - modsecurity 3.0.3-1+deb10u1
	NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2202
	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/7ba77631f9a37e0680d23ee57c455c6a35c65cb9
CVE-2019-19885
	RESERVED
CVE-2019-19884
	RESERVED
CVE-2019-19883
	RESERVED
CVE-2019-19882 (shadow 4.8, in certain circumstances affecting at least Gentoo, Arch L ...)
	- shadow <unfixed> (unimportant)
	NOTE: https://github.com/shadow-maint/shadow/pull/199
	NOTE: https://bugs.archlinux.org/task/64836
	NOTE: https://bugs.gentoo.org/702252
	NOTE: Debian builds are compiled using -with-libpam and explicitly passing
	NOTE: --disable-account-tools-setuid.
CVE-2019-19881
	RESERVED
CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...)
	{DSA-4638-1}
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	- chromium 80.0.3987.106-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
	NOTE: Introduced in: https://github.com/sqlite/sqlite/commit/08f6de7f314ad6b15d34cc5f27c3e737fcd99268 (3.29.0)
	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
	NOTE: When fixing this issue make sure to apply as well
	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
	NOTE: to not open CVE-2019-19926.
CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...)
	NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel)
CVE-2019-19878
	RESERVED
CVE-2019-19877
	RESERVED
CVE-2019-19876
	RESERVED
CVE-2019-19875
	RESERVED
CVE-2019-19874
	RESERVED
CVE-2019-19873
	RESERVED
CVE-2019-19872
	RESERVED
CVE-2019-19871
	RESERVED
CVE-2019-19870
	RESERVED
CVE-2019-19869
	RESERVED
CVE-2019-19868
	RESERVED
CVE-2019-19867
	RESERVED
CVE-2019-19866 (Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V1 ...)
	NOT-FOR-US: Atos Unify OpenScape UC Web Client
CVE-2019-19865 (Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V ...)
	NOT-FOR-US: Atos Unify OpenScape UC Web Client
CVE-2020-3824
	RESERVED
CVE-2020-3823
	RESERVED
CVE-2020-3822
	RESERVED
CVE-2020-3821
	RESERVED
CVE-2020-3820
	RESERVED
CVE-2020-3819
	RESERVED
CVE-2020-3818
	RESERVED
CVE-2020-3817
	RESERVED
CVE-2020-3816
	RESERVED
CVE-2020-3815
	RESERVED
CVE-2020-3814
	RESERVED
CVE-2020-3813
	RESERVED
CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...)
	{DSA-4692-1 DLA-2234-1}
	- netqmail 1.06-6.2 (bug #961060)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...)
	{DSA-4692-1 DLA-2234-1}
	- netqmail 1.06-6.2 (bug #961060)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...)
	{DSA-4685-1 DLA-2210-1}
	- apt 2.1.2
	NOTE: https://github.com/Debian/apt/issues/111
	NOTE: https://bugs.launchpad.net/bugs/1878177
	NOTE: https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6
CVE-2020-3809 (Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds  ...)
	NOT-FOR-US: Adobe
CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...)
	NOT-FOR-US: Adobe
CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3798 (Adobe Digital Editions versions 4.5.11.187212 and below have a file en ...)
	NOT-FOR-US: Adobe
CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3796 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an impro ...)
	NOT-FOR-US: ColdFusion
CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...)
	NOT-FOR-US: Adobe
CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
	NOT-FOR-US: Adobe
CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
	NOT-FOR-US: Adobe
CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
	NOT-FOR-US: Adobe
CVE-2020-3768 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll se ...)
	NOT-FOR-US: ColdFusion
CVE-2020-3767 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insuf ...)
	NOT-FOR-US: ColdFusion
CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have  ...)
	NOT-FOR-US: Adobe
CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds  ...)
	NOT-FOR-US: Adobe
CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...)
	NOT-FOR-US: Adobe
CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...)
	NOT-FOR-US: Adobe
CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...)
	NOT-FOR-US: Adobe
CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors  ...)
	NOT-FOR-US: Adobe
CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
	NOT-FOR-US: Magento
CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...)
	NOT-FOR-US: Adobe
CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...)
	NOT-FOR-US: Adobe
CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...)
	NOT-FOR-US: Adobe
CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption  ...)
	NOT-FOR-US: Adobe
CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption  ...)
	NOT-FOR-US: Adobe
CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...)
	NOT-FOR-US: Adobe
CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...)
	NOT-FOR-US: Adobe
CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...)
	NOT-FOR-US: Adobe
CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
	NOT-FOR-US: Adobe
CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
	NOT-FOR-US: Magento
CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
	NOT-FOR-US: Magento
CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
	NOT-FOR-US: Magento
CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
	NOT-FOR-US: Magento
CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
	NOT-FOR-US: Magento
CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2020-3709
	RESERVED
CVE-2020-3708
	RESERVED
CVE-2020-3707
	RESERVED
CVE-2020-3706
	RESERVED
CVE-2020-3705
	RESERVED
CVE-2020-3704
	RESERVED
CVE-2020-3703
	RESERVED
CVE-2020-3702
	RESERVED
CVE-2020-3701
	RESERVED
CVE-2020-3700
	RESERVED
CVE-2020-3699
	RESERVED
CVE-2020-3698
	RESERVED
CVE-2020-3697
	RESERVED
CVE-2020-3696
	RESERVED
CVE-2020-3695
	RESERVED
CVE-2020-3694
	RESERVED
CVE-2020-3693
	RESERVED
CVE-2020-3692
	RESERVED
CVE-2020-3691
	RESERVED
CVE-2020-3690
	RESERVED
CVE-2020-3689
	RESERVED
CVE-2020-3688
	RESERVED
CVE-2020-3687
	RESERVED
CVE-2020-3686
	RESERVED
CVE-2020-3685
	RESERVED
CVE-2020-3684
	RESERVED
CVE-2020-3683
	RESERVED
CVE-2020-3682
	RESERVED
CVE-2020-3681
	RESERVED
CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API.  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3679
	RESERVED
CVE-2020-3678
	RESERVED
CVE-2020-3677
	RESERVED
CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3675
	RESERVED
CVE-2020-3674
	RESERVED
CVE-2020-3673
	RESERVED
CVE-2020-3672
	RESERVED
CVE-2020-3671
	RESERVED
CVE-2020-3670
	RESERVED
CVE-2020-3669
	RESERVED
CVE-2020-3668
	RESERVED
CVE-2020-3667
	RESERVED
CVE-2020-3666
	RESERVED
CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3664
	RESERVED
CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the  ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3659
	RESERVED
CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3657
	RESERVED
CVE-2020-3656
	RESERVED
CVE-2020-3655
	RESERVED
CVE-2020-3654
	RESERVED
CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack  ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3650
	RESERVED
CVE-2020-3649
	RESERVED
CVE-2020-3648
	RESERVED
CVE-2020-3647
	RESERVED
CVE-2020-3646
	RESERVED
CVE-2020-3645 (Firmware will hit assert in WLAN firmware If encrypted data length in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3644
	RESERVED
CVE-2020-3643
	RESERVED
CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640
	RESERVED
CVE-2020-3639
	RESERVED
CVE-2020-3638
	RESERVED
CVE-2020-3637
	RESERVED
CVE-2020-3636
	RESERVED
CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3634
	RESERVED
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3632
	RESERVED
CVE-2020-3631
	RESERVED
CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3629
	RESERVED
CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3627
	RESERVED
CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3624
	RESERVED
CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3622
	RESERVED
CVE-2020-3621
	RESERVED
CVE-2020-3620
	RESERVED
CVE-2020-3619
	RESERVED
CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3617
	RESERVED
CVE-2020-3616 (Buffer overflow in display function due to memory copy without checkin ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...)
	NOT-FOR-US: Snapdragon
CVE-2020-3612
	RESERVED
CVE-2020-3611
	RESERVED
CVE-2020-3610 (Possibility of double free of the drawobj that is added to the drawque ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-19864
	REJECTED
CVE-2019-19863
	REJECTED
CVE-2019-19862
	REJECTED
CVE-2019-19861
	REJECTED
CVE-2019-19860
	RESERVED
CVE-2019-19859 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...)
	NOT-FOR-US: Serpico
CVE-2019-19858 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...)
	NOT-FOR-US: Serpico
CVE-2019-19857 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...)
	NOT-FOR-US: Serpico
CVE-2019-19856 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...)
	NOT-FOR-US: Serpico
CVE-2019-19855 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...)
	NOT-FOR-US: Serpico
CVE-2019-19854 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...)
	NOT-FOR-US: Serpico
CVE-2019-19853
	RESERVED
CVE-2019-19852 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
	NOT-FOR-US: FreePBX
CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
	NOT-FOR-US: FreePBX
CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
	NOT-FOR-US: TYPO3
CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
	NOT-FOR-US: TYPO3
CVE-2019-19848 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
	NOT-FOR-US: TYPO3
CVE-2019-19847 (Libspiro through 20190731 has a stack-based buffer overflow in the spi ...)
	- libspiro 1:20200505-1 (unimportant; bug #947276)
	[jessie] - libspiro <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/fontforge/libspiro/issues/21
	NOTE: https://github.com/fontforge/libspiro/issues/21#issuecomment-567983822
	NOTE: https://github.com/fontforge/libspiro/commit/35233450c922787dad42321e359e5229ff470a1e
CVE-2019-19846 (In Joomla! before 3.9.14, the lack of validation of configuration para ...)
	NOT-FOR-US: Joomla!
CVE-2019-19845 (In Joomla! before 3.9.14, a missing access check in framework files co ...)
	NOT-FOR-US: Joomla!
CVE-2019-19844 (Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...)
	{DSA-4598-1 DLA-2042-1}
	- python-django 2:2.2.9-1 (bug #946937)
	NOTE: https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
	NOTE: https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 (master)
	NOTE: https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26 (3.0.x branch)
	NOTE: https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e (2.2.x branch)
	NOTE: https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2 (1.11.x branch)
CVE-2019-19843 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19842 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19841 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruc ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19837 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed thro ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...)
	NOT-FOR-US: Ruckus devices
CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
	{DSA-4599-1}
	- wordpress 5.3.2+dfsg1-1 (bug #946905)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	[jessie] - wordpress <not-affected> (Vulnerable REST API introduced in 4.4)
	NOTE: https://core.trac.wordpress.org/changeset/46893/trunk
	NOTE: https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9
	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-20042 (In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function  ...)
	{DSA-4599-1}
	- wordpress 5.3.2+dfsg1-1 (bug #946905)
	[stretch] - wordpress <not-affected> (Vulnerable function introduced in 5.1)
	[jessie] - wordpress <not-affected> (Vulnerable function introduced in 5.1)
	NOTE: https://core.trac.wordpress.org/changeset/46894/trunk
	NOTE: https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ...)
	{DSA-4599-1 DLA-2067-1}
	- wordpress 5.3.2+dfsg1-1 (bug #946905)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...)
	{DSA-4599-1}
	- wordpress 5.3.2+dfsg1-1 (bug #946905)
	[stretch] - wordpress <not-affected> (Vulnerable Block feature introduce in 5.0)
	[jessie] - wordpress <not-affected> (Vulnerable Block feature introduce in 5.0)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
	NOTE: https://hackerone.com/reports/731301
	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...)
	{DSA-4599-1}
	- wordpress 5.3.2+dfsg1-1 (bug #946905)
	[stretch] - wordpress <not-affected> (Vulnerable Block feature introduce in 5.0)
	[jessie] - wordpress <not-affected> (Vulnerable Block feature introduce in 5.0)
	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
	NOTE: https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
	NOTE: https://hackerone.com/reports/738644
	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
CVE-2019-19833 (In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shu ...)
	NOT-FOR-US: Tautulli
CVE-2019-19832 (Xerox AltaLink C8035 printers allow CSRF. A request to add users is ma ...)
	NOT-FOR-US: Xerox
CVE-2019-19831
	RESERVED
CVE-2019-19829 (A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U ...)
	NOT-FOR-US: SolarWinds
CVE-2019-19828
	RESERVED
CVE-2019-19827
	RESERVED
CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...)
	NOT-FOR-US: Views Dynamic Fields module for Drupal
CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be ...)
	NOT-FOR-US: TOTOLINK Realtek SDK based routers
CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...)
	NOT-FOR-US: TOTOLINK Realtek SDK based routers
CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...)
	NOT-FOR-US: Realtek
CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...)
	NOT-FOR-US: Realtek
CVE-2019-19821 (A post-authentication privilege escalation in the web application of C ...)
	NOT-FOR-US: Combodo iTop
CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
	NOT-FOR-US: Kyrol Internet Security
CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...)
	NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
	NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
	NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image  ...)
	- linux <unfixed>
CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
	- linux 5.3.7-1
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
	- linux <unfixed>
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
	- linux <unfixed>
CVE-2019-19812
	RESERVED
CVE-2019-19811
	RESERVED
CVE-2019-19810
	RESERVED
CVE-2019-19809
	RESERVED
CVE-2019-3467 (Debian-edu-config all versions &lt; 2.11.10, a set of configuration fi ...)
	{DSA-4595-1 DSA-4589-1 DLA-2063-1 DLA-2041-1}
	- debian-edu-config 2.11.10 (bug #946797)
	- debian-lan-config 0.26 (bug #947459)
	NOTE: debian-lan-config is effectively the same issue as in debian-edu-config and a somewhat
	NOTE: derived codebase, so same CVE ID is used
CVE-2019-19808
	RESERVED
CVE-2019-19806 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19805 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19804
	RESERVED
CVE-2019-19803
	RESERVED
CVE-2019-19802 (In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8. ...)
	NOT-FOR-US: Gallagher Command Centre Server
CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8.10.11 ...)
	NOT-FOR-US: Gallagher Command Centre Server
CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows a remote ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19799 (Zoho ManageEngine Applications Manager before 14600 allows a remote un ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2019-19798
	RESERVED
CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...)
	- fig2dev 1:3.2.7b-3 (bug #946866)
	[buster] - fig2dev 1:3.2.7a-5+deb10u3
	[stretch] - fig2dev <no-dsa> (Minor issue)
	- transfig <removed>
	[jessie] - transfig <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/mcj/tickets/67/
	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/
CVE-2019-19807 (In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after- ...)
	- linux 5.3.15-1
	[buster] - linux <not-affected> (Vulnerable code introduced later and not present in released Debian version)
	[stretch] - linux <not-affected> (Vulnerable code introduced later and not present in released Debian version)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/e7af6307a8a54f0b873960b32b6a644f2d0fbd97
CVE-2019-19796 (Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ...)
	- yabasic <unfixed> (unimportant)
	NOTE: https://github.com/marcIhm/yabasic/issues/37
	NOTE: Negligible security impact
CVE-2019-19795 (samurai 0.7 has a heap-based buffer overflow in canonpath in util.c vi ...)
	NOT-FOR-US: samurai
CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...)
	- golang-github-miekg-dns 1.1.26-1 (bug #947403)
	[buster] - golang-github-miekg-dns <no-dsa> (Minor issue)
	NOTE: https://github.com/coredns/coredns/issues/3519
	NOTE: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
	NOTE: https://github.com/miekg/dns/issues/1043
	NOTE: https://github.com/miekg/dns/pull/1044
CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Wind ...)
	NOT-FOR-US: Cyxtera AppGate SDP Client
CVE-2019-19792 (A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS  ...)
	NOT-FOR-US: ESET Cyber Security
CVE-2019-19791 [Apache access rules and SOAP/REST endpoints issue]
	RESERVED
	- lemonldap-ng 2.0.7+ds-1
	[buster] - lemonldap-ng 2.0.2+ds-7+deb10u3
	[stretch] - lemonldap-ng <no-dsa> (Minor issue)
	[jessie] - lemonldap-ng <no-dsa> (Minor issue)
	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943
	NOTE: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out/
CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a rem ...)
	NOT-FOR-US: Telerik UI for ASP.NET AJAX
CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Tool ...)
	NOT-FOR-US: CODESYS
CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed  ...)
	NOT-FOR-US: Opera for Android
CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the get_signed_express ...)
	NOT-FOR-US: ATasm
CVE-2019-19786 (ATasm 1.06 has a stack-based buffer overflow in the parse_expr() funct ...)
	NOT-FOR-US: ATasm
CVE-2019-19785 (ATasm 1.06 has a stack-based buffer overflow in the to_comma() functio ...)
	NOT-FOR-US: ATasm
CVE-2019-19784
	RESERVED
CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0. ...)
	{DSA-4590-1}
	- cyrus-imapd 3.0.13-1
	NOTE: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes
CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long  ...)
	NOT-FOR-US: AceaXe Plus
CVE-2019-19781 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
	NOT-FOR-US: Citrix
CVE-2019-19780
	RESERVED
CVE-2019-19779
	RESERVED
CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/110
CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/109
CVE-2019-19776
	RESERVED
CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to befor ...)
	- zulip-server <itp> (bug #800052)
CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...)
	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...)
	NOT-FOR-US: Lexmark
CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded web server ...)
	NOT-FOR-US: Lexmark
CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...)
	NOT-FOR-US: lodahs malicious package on npm
CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...)
	{DSA-4583-1}
	- spip 3.2.7-1
	[stretch] - spip <not-affected> (Vulnerable code not present)
	[jessie] - spip <not-affected> (Vulnerable code not present)
CVE-2020-3609
	RESERVED
CVE-2020-3608
	RESERVED
CVE-2020-3607
	RESERVED
CVE-2020-3606
	RESERVED
CVE-2020-3605
	RESERVED
CVE-2020-3604
	RESERVED
CVE-2020-3603
	RESERVED
CVE-2020-3602
	RESERVED
CVE-2020-3601
	RESERVED
CVE-2020-3600
	RESERVED
CVE-2020-3599
	RESERVED
CVE-2020-3598
	RESERVED
CVE-2020-3597
	RESERVED
CVE-2020-3596
	RESERVED
CVE-2020-3595
	RESERVED
CVE-2020-3594
	RESERVED
CVE-2020-3593
	RESERVED
CVE-2020-3592
	RESERVED
CVE-2020-3591
	RESERVED
CVE-2020-3590
	RESERVED
CVE-2020-3589
	RESERVED
CVE-2020-3588
	RESERVED
CVE-2020-3587
	RESERVED
CVE-2020-3586
	RESERVED
CVE-2020-3585
	RESERVED
CVE-2020-3584
	RESERVED
CVE-2020-3583
	RESERVED
CVE-2020-3582
	RESERVED
CVE-2020-3581
	RESERVED
CVE-2020-3580
	RESERVED
CVE-2020-3579
	RESERVED
CVE-2020-3578
	RESERVED
CVE-2020-3577
	RESERVED
CVE-2020-3576
	RESERVED
CVE-2020-3575
	RESERVED
CVE-2020-3574
	RESERVED
CVE-2020-3573
	RESERVED
CVE-2020-3572
	RESERVED
CVE-2020-3571
	RESERVED
CVE-2020-3570
	RESERVED
CVE-2020-3569
	RESERVED
CVE-2020-3568
	RESERVED
CVE-2020-3567
	RESERVED
CVE-2020-3566
	RESERVED
CVE-2020-3565
	RESERVED
CVE-2020-3564
	RESERVED
CVE-2020-3563
	RESERVED
CVE-2020-3562
	RESERVED
CVE-2020-3561
	RESERVED
CVE-2020-3560
	RESERVED
CVE-2020-3559
	RESERVED
CVE-2020-3558
	RESERVED
CVE-2020-3557
	RESERVED
CVE-2020-3556
	RESERVED
CVE-2020-3555
	RESERVED
CVE-2020-3554
	RESERVED
CVE-2020-3553
	RESERVED
CVE-2020-3552
	RESERVED
CVE-2020-3551
	RESERVED
CVE-2020-3550
	RESERVED
CVE-2020-3549
	RESERVED
CVE-2020-3548
	RESERVED
CVE-2020-3547
	RESERVED
CVE-2020-3546
	RESERVED
CVE-2020-3545
	RESERVED
CVE-2020-3544
	RESERVED
CVE-2020-3543
	RESERVED
CVE-2020-3542
	RESERVED
CVE-2020-3541
	RESERVED
CVE-2020-3540
	RESERVED
CVE-2020-3539
	RESERVED
CVE-2020-3538
	RESERVED
CVE-2020-3537
	RESERVED
CVE-2020-3536
	RESERVED
CVE-2020-3535
	RESERVED
CVE-2020-3534
	RESERVED
CVE-2020-3533
	RESERVED
CVE-2020-3532
	RESERVED
CVE-2020-3531
	RESERVED
CVE-2020-3530
	RESERVED
CVE-2020-3529
	RESERVED
CVE-2020-3528
	RESERVED
CVE-2020-3527
	RESERVED
CVE-2020-3526
	RESERVED
CVE-2020-3525
	RESERVED
CVE-2020-3524
	RESERVED
CVE-2020-3523
	RESERVED
CVE-2020-3522
	RESERVED
CVE-2020-3521
	RESERVED
CVE-2020-3520
	RESERVED
CVE-2020-3519
	RESERVED
CVE-2020-3518
	RESERVED
CVE-2020-3517
	RESERVED
CVE-2020-3516
	RESERVED
CVE-2020-3515
	RESERVED
CVE-2020-3514
	RESERVED
CVE-2020-3513
	RESERVED
CVE-2020-3512
	RESERVED
CVE-2020-3511
	RESERVED
CVE-2020-3510
	RESERVED
CVE-2020-3509
	RESERVED
CVE-2020-3508
	RESERVED
CVE-2020-3507
	RESERVED
CVE-2020-3506
	RESERVED
CVE-2020-3505
	RESERVED
CVE-2020-3504
	RESERVED
CVE-2020-3503
	RESERVED
CVE-2020-3502
	RESERVED
CVE-2020-3501
	RESERVED
CVE-2020-3500
	RESERVED
CVE-2020-3499
	RESERVED
CVE-2020-3498
	RESERVED
CVE-2020-3497
	RESERVED
CVE-2020-3496
	RESERVED
CVE-2020-3495
	RESERVED
CVE-2020-3494
	RESERVED
CVE-2020-3493
	RESERVED
CVE-2020-3492
	RESERVED
CVE-2020-3491
	RESERVED
CVE-2020-3490
	RESERVED
CVE-2020-3489
	RESERVED
CVE-2020-3488
	RESERVED
CVE-2020-3487
	RESERVED
CVE-2020-3486
	RESERVED
CVE-2020-3485
	RESERVED
CVE-2020-3484
	RESERVED
CVE-2020-3483
	RESERVED
CVE-2020-3482
	RESERVED
CVE-2020-3481
	RESERVED
CVE-2020-3480
	RESERVED
CVE-2020-3479
	RESERVED
CVE-2020-3478
	RESERVED
CVE-2020-3477
	RESERVED
CVE-2020-3476
	RESERVED
CVE-2020-3475
	RESERVED
CVE-2020-3474
	RESERVED
CVE-2020-3473
	RESERVED
CVE-2020-3472
	RESERVED
CVE-2020-3471
	RESERVED
CVE-2020-3470
	RESERVED
CVE-2020-3469
	RESERVED
CVE-2020-3468
	RESERVED
CVE-2020-3467
	RESERVED
CVE-2020-3466
	RESERVED
CVE-2020-3465
	RESERVED
CVE-2020-3464
	RESERVED
CVE-2020-3463
	RESERVED
CVE-2020-3462
	RESERVED
CVE-2020-3461
	RESERVED
CVE-2020-3460
	RESERVED
CVE-2020-3459
	RESERVED
CVE-2020-3458
	RESERVED
CVE-2020-3457
	RESERVED
CVE-2020-3456
	RESERVED
CVE-2020-3455
	RESERVED
CVE-2020-3454
	RESERVED
CVE-2020-3453
	RESERVED
CVE-2020-3452
	RESERVED
CVE-2020-3451
	RESERVED
CVE-2020-3450
	RESERVED
CVE-2020-3449
	RESERVED
CVE-2020-3448
	RESERVED
CVE-2020-3447
	RESERVED
CVE-2020-3446
	RESERVED
CVE-2020-3445
	RESERVED
CVE-2020-3444
	RESERVED
CVE-2020-3443
	RESERVED
CVE-2020-3442
	RESERVED
CVE-2020-3441
	RESERVED
CVE-2020-3440
	RESERVED
CVE-2020-3439
	RESERVED
CVE-2020-3438
	RESERVED
CVE-2020-3437
	RESERVED
CVE-2020-3436
	RESERVED
CVE-2020-3435
	RESERVED
CVE-2020-3434
	RESERVED
CVE-2020-3433
	RESERVED
CVE-2020-3432
	RESERVED
CVE-2020-3431
	RESERVED
CVE-2020-3430
	RESERVED
CVE-2020-3429
	RESERVED
CVE-2020-3428
	RESERVED
CVE-2020-3427
	RESERVED
CVE-2020-3426
	RESERVED
CVE-2020-3425
	RESERVED
CVE-2020-3424
	RESERVED
CVE-2020-3423
	RESERVED
CVE-2020-3422
	RESERVED
CVE-2020-3421
	RESERVED
CVE-2020-3420
	RESERVED
CVE-2020-3419
	RESERVED
CVE-2020-3418
	RESERVED
CVE-2020-3417
	RESERVED
CVE-2020-3416
	RESERVED
CVE-2020-3415
	RESERVED
CVE-2020-3414
	RESERVED
CVE-2020-3413
	RESERVED
CVE-2020-3412
	RESERVED
CVE-2020-3411
	RESERVED
CVE-2020-3410
	RESERVED
CVE-2020-3409
	RESERVED
CVE-2020-3408
	RESERVED
CVE-2020-3407
	RESERVED
CVE-2020-3406
	RESERVED
CVE-2020-3405
	RESERVED
CVE-2020-3404
	RESERVED
CVE-2020-3403
	RESERVED
CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
	NOT-FOR-US: Cisco
CVE-2020-3401
	RESERVED
CVE-2020-3400
	RESERVED
CVE-2020-3399
	RESERVED
CVE-2020-3398
	RESERVED
CVE-2020-3397
	RESERVED
CVE-2020-3396
	RESERVED
CVE-2020-3395
	RESERVED
CVE-2020-3394
	RESERVED
CVE-2020-3393
	RESERVED
CVE-2020-3392
	RESERVED
CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2020-3390
	RESERVED
CVE-2020-3389
	RESERVED
CVE-2020-3388
	RESERVED
CVE-2020-3387
	RESERVED
CVE-2020-3386
	RESERVED
CVE-2020-3385
	RESERVED
CVE-2020-3384
	RESERVED
CVE-2020-3383
	RESERVED
CVE-2020-3382
	RESERVED
CVE-2020-3381
	RESERVED
CVE-2020-3380
	RESERVED
CVE-2020-3379
	RESERVED
CVE-2020-3378
	RESERVED
CVE-2020-3377
	RESERVED
CVE-2020-3376
	RESERVED
CVE-2020-3375
	RESERVED
CVE-2020-3374
	RESERVED
CVE-2020-3373
	RESERVED
CVE-2020-3372
	RESERVED
CVE-2020-3371
	RESERVED
CVE-2020-3370
	RESERVED
CVE-2020-3369
	RESERVED
CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2020-3367
	RESERVED
CVE-2020-3366
	RESERVED
CVE-2020-3365
	RESERVED
CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the  ...)
	NOT-FOR-US: Cisco
CVE-2020-3363
	RESERVED
CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...)
	NOT-FOR-US: Cisco
CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
	NOT-FOR-US: Cisco
CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Series 78 ...)
	NOT-FOR-US: Cisco
CVE-2020-3359
	RESERVED
CVE-2020-3358
	RESERVED
CVE-2020-3357
	RESERVED
CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2020-3354 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...)
	NOT-FOR-US: Cisco
CVE-2020-3352
	RESERVED
CVE-2020-3351
	RESERVED
CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
	NOT-FOR-US: Cisco
CVE-2020-3349
	RESERVED
CVE-2020-3348
	RESERVED
CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could  ...)
	NOT-FOR-US: Cisco
CVE-2020-3346
	RESERVED
CVE-2020-3345
	RESERVED
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
	NOT-FOR-US: Cisco
CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
	NOT-FOR-US: Cisco
CVE-2020-3342 (A vulnerability in the software update feature of Cisco Webex Meetings ...)
	NOT-FOR-US: Cisco
CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
	{DLA-2215-1}
	- clamav 0.102.3+dfsg-1
	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
	NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2020-3338
	RESERVED
CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine  ...)
	NOT-FOR-US: Cisco
CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
	NOT-FOR-US: Cisco
CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
	NOT-FOR-US: Cisco
CVE-2020-3332
	RESERVED
CVE-2020-3331
	RESERVED
CVE-2020-3330
	RESERVED
CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...)
	NOT-FOR-US: Cisco
CVE-2020-3328
	RESERVED
CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...)
	{DLA-2215-1}
	- clamav 0.102.3+dfsg-1
	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
	NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
CVE-2020-3326
	RESERVED
CVE-2020-3325
	RESERVED
CVE-2020-3324
	RESERVED
CVE-2020-3323
	RESERVED
CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
	NOT-FOR-US: Cisco
CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
	NOT-FOR-US: Cisco
CVE-2020-3320
	RESERVED
CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
	NOT-FOR-US: Cisco
CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
	NOT-FOR-US: Cisco
CVE-2020-3317
	RESERVED
CVE-2020-3316
	RESERVED
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
	NOT-FOR-US: Cisco
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...)
	NOT-FOR-US: Cisco
CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
	NOT-FOR-US: Cisco
CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...)
	NOT-FOR-US: Cisco
CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...)
	NOT-FOR-US: Cisco
CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...)
	NOT-FOR-US: Cisco
CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...)
	NOT-FOR-US: Cisco
CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...)
	NOT-FOR-US: Cisco
CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
	NOT-FOR-US: Cisco
CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...)
	NOT-FOR-US: Cisco
CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
	NOT-FOR-US: Cisco
CVE-2020-3304
	RESERVED
CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
	NOT-FOR-US: Cisco
CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
	NOT-FOR-US: Cisco
CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
	NOT-FOR-US: Cisco
CVE-2020-3300
	RESERVED
CVE-2020-3299
	RESERVED
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
	NOT-FOR-US: Cisco
CVE-2020-3297 (A vulnerability in session management for the web-based interface of C ...)
	NOT-FOR-US: Cisco
CVE-2020-3296 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3295 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3294 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3293 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3292 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3291 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3290 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3289 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3288 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3287 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3)  ...)
	NOT-FOR-US: Cisco
CVE-2020-3284
	RESERVED
CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
	NOT-FOR-US: Cisco
CVE-2020-3282 (A vulnerability in the web-based management interface of Cisco Unified ...)
	TODO: check
CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...)
	NOT-FOR-US: Cisco
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2020-3279 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3278 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3277 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3276 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3275 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3274 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
	NOT-FOR-US: Cisco
CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...)
	NOT-FOR-US: Cisco
CVE-2020-3271
	RESERVED
CVE-2020-3270
	RESERVED
CVE-2020-3269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3268 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...)
	NOT-FOR-US: Cisco
CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
	NOT-FOR-US: Cisco
CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
	NOT-FOR-US: Cisco
CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
	NOT-FOR-US: Cisco
CVE-2020-3263 (A vulnerability in Cisco Webex Meetings Desktop App could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...)
	NOT-FOR-US: Cisco
CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...)
	NOT-FOR-US: Cisco
CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
	NOT-FOR-US: Cisco
CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
	NOT-FOR-US: Cisco
CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
	NOT-FOR-US: Cisco
CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted  ...)
	NOT-FOR-US: Cisco
CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
	NOT-FOR-US: Cisco
CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP)  ...)
	NOT-FOR-US: Cisco
CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...)
	NOT-FOR-US: Cisco
CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3250 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3249 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2020-3245 (A vulnerability in the web application of Cisco Smart Software Manager ...)
	NOT-FOR-US: Cisco
CVE-2020-3244 (A vulnerability in the Enhanced Charging Service (ECS) functionality o ...)
	NOT-FOR-US: Cisco
CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3242 (A vulnerability in the REST API of Cisco UCS Director could allow an a ...)
	NOT-FOR-US: Cisco
CVE-2020-3241 (A vulnerability in the orchestration tasks of Cisco UCS Director could ...)
	NOT-FOR-US: Cisco
CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...)
	NOT-FOR-US: Cisco
CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...)
	NOT-FOR-US: Cisco
CVE-2020-3236 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
	NOT-FOR-US: Cisco
CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...)
	NOT-FOR-US: Cisco
CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...)
	NOT-FOR-US: Cisco
CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series  ...)
	NOT-FOR-US: Cisco
CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
	NOT-FOR-US: Cisco
CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...)
	NOT-FOR-US: Cisco
CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...)
	NOT-FOR-US: Cisco
CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...)
	NOT-FOR-US: Cisco
CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...)
	NOT-FOR-US: Cisco
CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of  ...)
	NOT-FOR-US: Cisco
CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...)
	NOT-FOR-US: Cisco
CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
	NOT-FOR-US: Cisco
CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...)
	NOT-FOR-US: Cisco
CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...)
	NOT-FOR-US: Cisco
CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...)
	NOT-FOR-US: Cisco
CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...)
	NOT-FOR-US: Cisco
CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...)
	NOT-FOR-US: Cisco
CVE-2020-3202
	RESERVED
CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...)
	NOT-FOR-US: Cisco
CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
	NOT-FOR-US: Cisco
CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
	NOT-FOR-US: Cisco
CVE-2020-3197
	RESERVED
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
	NOT-FOR-US: Cisco
CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
	NOT-FOR-US: Cisco
CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft  ...)
	NOT-FOR-US: Cisco
CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
	NOT-FOR-US: Cisco
CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...)
	NOT-FOR-US: Cisco
CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...)
	NOT-FOR-US: Cisco
CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
	NOT-FOR-US: Cisco
CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...)
	NOT-FOR-US: Cisco
CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
	NOT-FOR-US: Cisco
CVE-2020-3184 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2020-3183
	RESERVED
CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of  ...)
	NOT-FOR-US: Cisco
CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
	NOT-FOR-US: Cisco
CVE-2020-3180
	RESERVED
CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
	NOT-FOR-US: Cisco
CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
	NOT-FOR-US: Cisco
CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS)  ...)
	NOT-FOR-US: Cisco
CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
	NOT-FOR-US: Cisco
CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...)
	NOT-FOR-US: Cisco
CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS  ...)
	NOT-FOR-US: Cisco
CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS  ...)
	NOT-FOR-US: Cisco
CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...)
	NOT-FOR-US: Cisco
CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
	NOT-FOR-US: Cisco
CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...)
	NOT-FOR-US: Cisco
CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
	NOT-FOR-US: Cisco
CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
	NOT-FOR-US: Cisco
CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
	NOT-FOR-US: Cisco
CVE-2020-3162 (A vulnerability in the Constrained Application Protocol (CoAP) impleme ...)
	NOT-FOR-US: Cisco
CVE-2020-3161 (A vulnerability in the web server for Cisco IP Phones could allow an u ...)
	NOT-FOR-US: Cisco
CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
	NOT-FOR-US: Cisco
CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...)
	NOT-FOR-US: Cisco
CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...)
	NOT-FOR-US: Cisco
CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...)
	NOT-FOR-US: Cisco
CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...)
	NOT-FOR-US: Cisco
CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could  ...)
	NOT-FOR-US: Cisco
CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure  ...)
	NOT-FOR-US: Cisco
CVE-2020-3152
	RESERVED
CVE-2020-3151
	RESERVED
CVE-2020-3150
	RESERVED
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
	NOT-FOR-US: Cisco
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
	NOT-FOR-US: Cisco
CVE-2020-3146
	RESERVED
CVE-2020-3145
	RESERVED
CVE-2020-3144
	RESERVED
CVE-2020-3143
	RESERVED
CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...)
	NOT-FOR-US: Cisco
CVE-2020-3141
	RESERVED
CVE-2020-3140
	RESERVED
CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...)
	NOT-FOR-US: Cisco
CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...)
	NOT-FOR-US: Cisco
CVE-2020-3137
	RESERVED
CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber  ...)
	NOT-FOR-US: Cisco
CVE-2020-3135
	RESERVED
CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...)
	NOT-FOR-US: Cisco
CVE-2020-3133
	RESERVED
CVE-2020-3132 (A vulnerability in the email message scanning feature of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...)
	NOT-FOR-US: Cisco
CVE-2020-3130
	RESERVED
CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...)
	NOT-FOR-US: Cisco
CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...)
	NOT-FOR-US: Cisco
CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...)
	NOT-FOR-US: Cisco
CVE-2020-3124
	RESERVED
CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
	- clamav 0.102.2+dfsg-1 (bug #950944)
	[buster] - clamav 0.102.2+dfsg-0+deb10u1
	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
	[jessie] - clamav <not-affected> (Vulnerable code introduced in 0.102.x)
	NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
CVE-2020-3122
	RESERVED
CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
	NOT-FOR-US: Cisco
CVE-2020-3117
	RESERVED
CVE-2020-3116
	RESERVED
CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...)
	NOT-FOR-US: Cisco
CVE-2020-3114 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2020-3113 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2020-3112 (A vulnerability in the REST API endpoint of Cisco Data Center Network  ...)
	NOT-FOR-US: Cisco
CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
	NOT-FOR-US: Cisco
CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
	NOT-FOR-US: Cisco
CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free  ...)
	- linux <unfixed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...)
	- linux 5.5.13-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705
	NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
	NOT-FOR-US: Bitwarden server
CVE-2019-19765
	REJECTED
CVE-2019-19764
	REJECTED
CVE-2019-19763
	REJECTED
CVE-2019-19762
	REJECTED
CVE-2019-19761
	RESERVED
CVE-2019-19760
	RESERVED
CVE-2019-19759
	RESERVED
CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media &amp; Backup C ...)
	NOT-FOR-US: Lenovo
CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...)
	NOT-FOR-US: Lenovo
CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...)
	NOT-FOR-US: Lenovo
CVE-2019-19755
	RESERVED
CVE-2019-19754
	RESERVED
CVE-2019-19753
	RESERVED
CVE-2019-19752
	RESERVED
CVE-2019-19751
	RESERVED
CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...)
	NOT-FOR-US: minerstat msOS
CVE-2019-19749
	RESERVED
CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS. ...)
	NOT-FOR-US: Work Time Calendar app for Jira
CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via Active Direc ...)
	NOT-FOR-US: NeuVector
CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...)
	- fig2dev 1:3.2.7b-3 (unimportant; bug #946628)
	[buster] - fig2dev 1:3.2.7a-5+deb10u3
	- transfig <removed> (unimportant)
	NOTE: https://sourceforge.net/p/mcj/tickets/57/
	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/
CVE-2019-19745 (Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end u ...)
	NOT-FOR-US: Contao
CVE-2019-19744
	RESERVED
CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...)
	NOT-FOR-US: D-Link
CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...)
	NOT-FOR-US: D-Link
CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege  ...)
	NOT-FOR-US: Electronic Arts Origin
CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...)
	NOT-FOR-US: Octeth Oempro
CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19738 (log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does no ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19737 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19736 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19735 (class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an  ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19734 (_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 dir ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19733 (_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.aja ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19732 (translation_manage_text.ajax.php and various *_manage.ajax.php in MFSc ...)
	NOT-FOR-US: MFScripts YetiShare
CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote  ...)
	NOT-FOR-US: Roxy Fileman
CVE-2019-19730
	RESERVED
CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
	NOT-FOR-US: bsjon-objectid node module
CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
	- slurm-llnl 19.05.5-1
	[buster] - slurm-llnl <no-dsa> (Minor issue)
	[stretch] - slurm-llnl <no-dsa> (Minor issue)
	[jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
	NOTE: https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
	NOTE: Fixed upstream in 18.08.9, 19.05.5
CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
	- slurm-llnl 19.05.5-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784
	NOTE: Fixed upstream in 18.08.9, 19.05.5
	NOTE: The example file is installed as well in Debian as 0644 and slurmdbd.conf
	NOTE: not directly installed by the slurmdbd binary package.
CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion during a l ...)
	- snakeyaml 1.25+ds-3 (bug #952683)
	[buster] - snakeyaml <no-dsa> (Minor issue)
	[stretch] - snakeyaml <no-dsa> (Minor issue)
	[jessie] - snakeyaml <no-dsa> (unclear security impact)
	NOTE: https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
	NOTE: Patch to introduce a configuration option to restrict aliases for
	NOTE: collections:
	NOTE: https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
CVE-2019-19726 (OpenBSD through 6.6 allows local users to escalate to root because a c ...)
	NOT-FOR-US: OpenBSD
CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...)
	- sysstat 12.2.0-2 (unimportant; bug #946657)
	[stretch] - sysstat <not-affected> (Vulnerable code introduced in v11.7.1)
	[jessie] - sysstat <not-affected> (Vulnerable code introduced in v11.7.1)
	NOTE: https://github.com/sysstat/sysstat/issues/242
	NOTE: https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed
	NOTE: Crash in CLI tool, no security impact
CVE-2019-19724 (Insecure permissions (777) are set on $HOME/.singularity when it is ne ...)
	- singularity-container 3.5.2+ds1-1
	NOTE: https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
CVE-2019-19723
	RESERVED
CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notification d ...)
	- dovecot <not-affected> (Only affects 2.3.9)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/2
	NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
	NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...)
	{DSA-4671-1}
	- vlc 3.0.9.2-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b (3.0.9)
CVE-2020-3109
	RESERVED
CVE-2020-3108
	RESERVED
CVE-2020-3107
	RESERVED
CVE-2020-3106
	RESERVED
CVE-2020-3105
	RESERVED
CVE-2020-3104
	RESERVED
CVE-2020-3103
	RESERVED
CVE-2020-3102
	RESERVED
CVE-2020-3101
	RESERVED
CVE-2020-3100
	RESERVED
CVE-2020-3099
	RESERVED
CVE-2020-3098
	RESERVED
CVE-2020-3097
	RESERVED
CVE-2020-3096
	RESERVED
CVE-2020-3095
	RESERVED
CVE-2020-3094
	RESERVED
CVE-2020-3093
	RESERVED
CVE-2020-3092
	RESERVED
CVE-2020-3091
	RESERVED
CVE-2020-3090
	RESERVED
CVE-2020-3089
	RESERVED
CVE-2020-3088
	RESERVED
CVE-2020-3087
	RESERVED
CVE-2020-3086
	RESERVED
CVE-2020-3085
	RESERVED
CVE-2020-3084
	RESERVED
CVE-2020-3083
	RESERVED
CVE-2020-3082
	RESERVED
CVE-2020-3081
	RESERVED
CVE-2020-3080
	RESERVED
CVE-2020-3079
	RESERVED
CVE-2020-3078
	RESERVED
CVE-2020-3077
	RESERVED
CVE-2020-3076
	RESERVED
CVE-2020-3075
	RESERVED
CVE-2020-3074
	RESERVED
CVE-2020-3073
	RESERVED
CVE-2020-3072
	RESERVED
CVE-2020-3071
	RESERVED
CVE-2020-3070
	RESERVED
CVE-2020-3069
	RESERVED
CVE-2020-3068
	RESERVED
CVE-2020-3067
	RESERVED
CVE-2020-3066
	RESERVED
CVE-2020-3065
	RESERVED
CVE-2020-3064
	RESERVED
CVE-2020-3063
	RESERVED
CVE-2020-3062
	RESERVED
CVE-2020-3061
	RESERVED
CVE-2020-3060
	RESERVED
CVE-2020-3059
	RESERVED
CVE-2020-3058
	RESERVED
CVE-2020-3057
	RESERVED
CVE-2020-3056
	RESERVED
CVE-2020-3055
	RESERVED
CVE-2020-3054
	RESERVED
CVE-2020-3053
	RESERVED
CVE-2020-3052
	RESERVED
CVE-2020-3051
	RESERVED
CVE-2020-3050
	RESERVED
CVE-2020-3049
	RESERVED
CVE-2020-3048
	RESERVED
CVE-2020-3047
	RESERVED
CVE-2020-3046
	RESERVED
CVE-2020-3045
	RESERVED
CVE-2020-3044
	RESERVED
CVE-2020-3043
	RESERVED
CVE-2020-3042
	RESERVED
CVE-2020-3041
	RESERVED
CVE-2020-3040
	RESERVED
CVE-2020-3039
	RESERVED
CVE-2020-3038
	RESERVED
CVE-2020-3037
	RESERVED
CVE-2020-3036
	RESERVED
CVE-2020-3035
	RESERVED
CVE-2020-3034
	RESERVED
CVE-2020-3033
	RESERVED
CVE-2020-3032
	RESERVED
CVE-2020-3031
	RESERVED
CVE-2020-3030
	RESERVED
CVE-2020-3029
	RESERVED
CVE-2020-3028
	RESERVED
CVE-2020-3027
	RESERVED
CVE-2020-3026
	RESERVED
CVE-2020-3025
	RESERVED
CVE-2020-3024
	RESERVED
CVE-2020-3023
	RESERVED
CVE-2020-3022
	RESERVED
CVE-2020-3021
	RESERVED
CVE-2020-3020
	RESERVED
CVE-2020-3019
	RESERVED
CVE-2020-3018
	RESERVED
CVE-2020-3017
	RESERVED
CVE-2020-3016
	RESERVED
CVE-2020-3015
	RESERVED
CVE-2020-3014
	RESERVED
CVE-2020-3013
	RESERVED
CVE-2020-3012
	RESERVED
CVE-2020-3011
	RESERVED
CVE-2020-3010
	RESERVED
CVE-2020-3009
	RESERVED
CVE-2020-3008
	RESERVED
CVE-2020-3007
	RESERVED
CVE-2020-3006
	RESERVED
CVE-2020-3005
	RESERVED
CVE-2020-3004
	RESERVED
CVE-2020-3003
	RESERVED
CVE-2020-3002
	RESERVED
CVE-2020-3001
	RESERVED
CVE-2020-3000
	RESERVED
CVE-2020-2999
	RESERVED
CVE-2020-2998
	RESERVED
CVE-2020-2997
	RESERVED
CVE-2020-2996
	RESERVED
CVE-2020-2995
	RESERVED
CVE-2020-2994
	RESERVED
CVE-2020-2993
	RESERVED
CVE-2020-2992
	RESERVED
CVE-2020-2991
	RESERVED
CVE-2020-2990
	RESERVED
CVE-2020-2989
	RESERVED
CVE-2020-2988
	RESERVED
CVE-2020-2987
	RESERVED
CVE-2020-2986
	RESERVED
CVE-2020-2985
	RESERVED
CVE-2020-2984
	RESERVED
CVE-2020-2983
	RESERVED
CVE-2020-2982
	RESERVED
CVE-2020-2981
	RESERVED
CVE-2020-2980
	RESERVED
CVE-2020-2979
	RESERVED
CVE-2020-2978
	RESERVED
CVE-2020-2977
	RESERVED
CVE-2020-2976
	RESERVED
CVE-2020-2975
	RESERVED
CVE-2020-2974
	RESERVED
CVE-2020-2973
	RESERVED
CVE-2020-2972
	RESERVED
CVE-2020-2971
	RESERVED
CVE-2020-2970
	RESERVED
CVE-2020-2969
	RESERVED
CVE-2020-2968
	RESERVED
CVE-2020-2967
	RESERVED
CVE-2020-2966
	RESERVED
CVE-2020-2965
	RESERVED
CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...)
	NOT-FOR-US: Oracle
CVE-2020-2963 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2962
	RESERVED
CVE-2020-2961 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2960
	RESERVED
CVE-2020-2959 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2958 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2957
	RESERVED
CVE-2020-2956 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2020-2955 (Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Fi ...)
	NOT-FOR-US: Oracle
CVE-2020-2954 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...)
	NOT-FOR-US: Oracle
CVE-2020-2953 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2020-2952 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2020-2951 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2950 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2020-2949 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2020-2948
	RESERVED
CVE-2020-2947 (Vulnerability in the PeopleSoft Enterprise HCM Absence Management prod ...)
	NOT-FOR-US: Oracle
CVE-2020-2946 (Vulnerability in the Application Performance Management product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2945 (Vulnerability in the Oracle Financial Services Deposit Insurance Calcu ...)
	NOT-FOR-US: Oracle
CVE-2020-2944 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle Solaris
CVE-2020-2943 (Vulnerability in the Oracle Financial Services Liquidity Risk Measurem ...)
	NOT-FOR-US: Oracle
CVE-2020-2942 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...)
	NOT-FOR-US: Oracle
CVE-2020-2941 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing  ...)
	NOT-FOR-US: Oracle
CVE-2020-2940 (Vulnerability in the Oracle Financial Services Profitability Managemen ...)
	NOT-FOR-US: Oracle
CVE-2020-2939 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...)
	NOT-FOR-US: Oracle
CVE-2020-2938 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
	NOT-FOR-US: Oracle
CVE-2020-2937 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...)
	NOT-FOR-US: Oracle
CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Planning  ...)
	NOT-FOR-US: Oracle
CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
	NOT-FOR-US: Oracle
CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
	{DSA-4703-1 DLA-2245-1}
	- mysql-connector-java <removed>
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
	{DSA-4703-1 DLA-2245-1}
	- mysql-connector-java <removed>
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2931 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2930 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2929 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2928 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2927 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2926 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2925 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2922 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2921 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2920 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
	NOT-FOR-US: Oracle
CVE-2020-2919
	RESERVED
CVE-2020-2918
	RESERVED
CVE-2020-2917
	RESERVED
CVE-2020-2916
	RESERVED
CVE-2020-2915 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2020-2914 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2913 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2912 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
	NOT-FOR-US: Oracle
CVE-2020-2911 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2910 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2909 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2908 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2907 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2906 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...)
	NOT-FOR-US: Oracle
CVE-2020-2905 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2904 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2903 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2902 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2901 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2900 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2899 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...)
	NOT-FOR-US: Oracle
CVE-2020-2898 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2897 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2896 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2895 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2894 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2893 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2892 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2891 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
	NOT-FOR-US: Oracle
CVE-2020-2890 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2889 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2888 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2887 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
	NOT-FOR-US: Oracle
CVE-2020-2886 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2885 (Vulnerability in the Oracle Document Management and Collaboration prod ...)
	NOT-FOR-US: Oracle
CVE-2020-2884 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2882 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2020-2881 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2880 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...)
	NOT-FOR-US: Oracle
CVE-2020-2879 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2878 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
	{DSA-4703-1 DLA-2245-1}
	- mysql-connector-java <removed>
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2873 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
	NOT-FOR-US: Oracle
CVE-2020-2872 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2871 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2870 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2869 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2868 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2867 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2866 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2865 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
	NOT-FOR-US: Oracle
CVE-2020-2864 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2020-2863 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2862 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2861 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2860 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2859 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2858 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2857 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2856 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2855 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2854 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2853 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2852 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2851 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle Solaris
CVE-2020-2850 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2849 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2848 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2847 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2846 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2845 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2844 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2843 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2842 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2841 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2020-2840 (Vulnerability in the Oracle E-Business Intelligence product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2020-2839 (Vulnerability in the Oracle Service Intelligence product of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2020-2838 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of  ...)
	NOT-FOR-US: Oracle
CVE-2020-2837 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2836 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2834 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2833 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2020-2832 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2830 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2829 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2828 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2827 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2826 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2825 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2824 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2823 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
	NOT-FOR-US: Oracle
CVE-2020-2822 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2020-2821 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2020-2820 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
	NOT-FOR-US: Oracle
CVE-2020-2819 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2020-2818 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2020-2817 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2020-2816 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...)
	{DSA-4662-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
CVE-2020-2815 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2814 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mariadb-10.3 1:10.3.23-1 (bug #961849)
	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 <no-dsa> (Will be fixed via point release)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.3.23, 10.1.45
CVE-2020-2813 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2812 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mariadb-10.3 1:10.3.23-1 (bug #961849)
	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 <no-dsa> (Will be fixed via point release)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.3.23, 10.1.45
CVE-2020-2811 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2810 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite  ...)
	NOT-FOR-US: Oracle
CVE-2020-2809 (Vulnerability in the Oracle E-Business Intelligence product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2020-2808 (Vulnerability in the Oracle E-Business Intelligence product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2020-2807 (Vulnerability in the Oracle Marketing Encyclopedia System product of O ...)
	NOT-FOR-US: Oracle
CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2802 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2799 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2798 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2797 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2796 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2795 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2794 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2793 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2020-2792
	RESERVED
CVE-2020-2791 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2790 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2789 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2788
	RESERVED
CVE-2020-2787 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2786 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2785 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2784 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2783 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2780 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2779 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (MySQL 8 only)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2778 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...)
	{DSA-4662-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
CVE-2020-2777 (Vulnerability in the Hyperion Financial Management product of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2020-2776 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2775 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2774 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2772 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2020-2771 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle Solaris
CVE-2020-2770 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2769 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
	NOT-FOR-US: Oracle
CVE-2020-2768 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
	- mysql-cluster <itp> (bug #833356)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2767 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...)
	{DSA-4662-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
CVE-2020-2766 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2765 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2764 (Vulnerability in the Java SE product of Oracle Java SE (component: Adv ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2020-2763 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2762 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2761 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2760 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mariadb-10.3 1:10.3.23-1 (bug #961849)
	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.3.23
CVE-2020-2759 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2758 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1 DLA-2193-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
	- openjdk-7 <removed>
CVE-2020-2755 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4668-1 DSA-4662-1}
	- openjdk-14 14.0.1+7-1
	- openjdk-11 11.0.7+10-1
	- openjdk-8 8u252-b09-1
CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
	- mariadb-10.3 1:10.3.23-1 (bug #961849)
	[buster] - mariadb-10.3 <no-dsa> (Minor issue; will be fixed via point release)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 <no-dsa> (Will be fixed via point release)
	- mysql-5.7 <unfixed> (bug #956832)
	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.3.23, 10.1.45
CVE-2020-2751 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2750 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2020-2749 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2748 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2747 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
	NOT-FOR-US: Oracle
CVE-2020-2746 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2020-2745 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
	NOT-FOR-US: Oracle
CVE-2020-2744 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2743 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2742 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2741 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2740 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
	NOT-FOR-US: Oracle
CVE-2020-2739 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2738 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM  ...)
	NOT-FOR-US: Oracle
CVE-2020-2737 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2020-2736
	RESERVED
CVE-2020-2735 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database Serv ...)
	NOT-FOR-US: Oracle
CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...)
	{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
	- linux 5.5.13-1
	NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
	NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
	NOTE: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
CVE-2020-2731 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2020-2730 (Vulnerability in the Oracle Financial Services Revenue Management and  ...)
	NOT-FOR-US: Oracle
CVE-2020-2729 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2020-2728 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2020-2727 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2726 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2724 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2723 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2722 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2721 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2720 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2020-2719 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2718 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2717 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2716 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2715 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2714 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
	NOT-FOR-US: Oracle
CVE-2020-2713 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
	NOT-FOR-US: Oracle
CVE-2020-2712 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
	NOT-FOR-US: Oracle
CVE-2020-2711 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
	NOT-FOR-US: Oracle
CVE-2020-2710 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
	NOT-FOR-US: Oracle
CVE-2020-2709 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2708
	RESERVED
CVE-2020-2707 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2020-2706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2020-2705 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2702 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2701 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2700 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2699 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2697 (Vulnerability in the Oracle Hospitality Suites Management component of ...)
	NOT-FOR-US: Oracle
CVE-2020-2696 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2695 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
	NOT-FOR-US: Oracle
CVE-2020-2694 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (MySQL 8 only)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2693 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2692 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2691 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2690 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2689 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2688 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2020-2687 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2686 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2685 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2684 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2683 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2682 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2681 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2680 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2679 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2678 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2677 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2020-2676 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2020-2675 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2020-2674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.2-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2673 (Vulnerability in the Oracle Application Testing Suite product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2672 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2671 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2670 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2669 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2020-2668 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2667 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2666 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2665 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2664 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2663 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4621-1 DLA-2128-1}
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2020-2657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2656 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...)
	{DSA-4605-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2653 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2652 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2651 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2650 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2020-2649 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2020-2648 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2020-2647 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2646 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2645 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2644 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2643 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2642 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2641 (Vulnerability in the Enterprise Manager for Oracle Database product of ...)
	NOT-FOR-US: Oracle
CVE-2020-2640 (Vulnerability in the Enterprise Manager for Oracle Database product of ...)
	NOT-FOR-US: Oracle
CVE-2020-2639 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2638 (Vulnerability in the Enterprise Manager for Oracle Database product of ...)
	NOT-FOR-US: Oracle
CVE-2020-2637 (Vulnerability in the Enterprise Manager for Oracle Database product of ...)
	NOT-FOR-US: Oracle
CVE-2020-2636 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2635 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2634 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2633 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2632 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2631 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2630 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2629 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2628 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2627 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2626 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2625 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2624 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2622 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2621 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2620 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2619 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2618 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2617 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2616 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2615 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2614 (Vulnerability in the Enterprise Manager for Fusion Middleware product  ...)
	NOT-FOR-US: Oracle
CVE-2020-2613 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2612 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2611 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2610 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2609 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2608 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2020-2607 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2599 (Vulnerability in the Oracle Hospitality Cruise Materials Management pr ...)
	NOT-FOR-US: Oracle
CVE-2020-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2597 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2596 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2594 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...)
	NOT-FOR-US: Oracle
CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
	NOT-FOR-US: Oracle
CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (MySQL 8 only)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2587 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
	- openjfx 11+26-1
	[stretch] - openjfx <no-dsa> (Minor issue)
	NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed
CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
	- openjdk-13 13.0.2+8-1
	- openjdk-11 11.0.6+10-1
	- openjdk-8 8u242-b08-1
	- openjdk-7 <removed>
CVE-2020-2582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite  ...)
	NOT-FOR-US: Oracle
CVE-2020-2581 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (MySQL 8 only)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.1.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	- mariadb-10.3 1:10.3.22-1
	[buster] - mariadb-10.3 1:10.3.22-0+deb10u1
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.44-0+deb9u1
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
	NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12
CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...)
	NOT-FOR-US: Oracle
CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #949994)
	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2020-2568 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2020-2567 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2020-2566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2020-2565 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM  ...)
	NOT-FOR-US: Oracle
CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
	NOT-FOR-US: Oracle
CVE-2020-2562
	RESERVED
CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
	NOT-FOR-US: Oracle
CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM  ...)
	NOT-FOR-US: Oracle
CVE-2020-2559 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM  ...)
	NOT-FOR-US: Oracle
CVE-2020-2558 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2020-2557 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2020-2556 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2020-2555 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2020-2554
	RESERVED
CVE-2020-2553 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2551 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2550 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2547 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2546 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2545 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2020-2544 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2543 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2542 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2541 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2540 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2539 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2538 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2537 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2020-2536 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2020-2535 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2020-2534 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2020-2533 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2020-2532
	RESERVED
CVE-2020-2531 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2020-2530 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2020-2529
	RESERVED
CVE-2020-2528
	RESERVED
CVE-2020-2527 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2020-2526
	RESERVED
CVE-2020-2525
	RESERVED
CVE-2020-2524 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2523
	RESERVED
CVE-2020-2522 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
	NOT-FOR-US: Oracle
CVE-2020-2521
	RESERVED
CVE-2020-2520
	RESERVED
CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2020-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2020-2517 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2020-2516 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2020-2513
	RESERVED
CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-19720 (Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() functio ...)
	- yabasic <unfixed> (unimportant)
	NOTE: https://github.com/marcIhm/yabasic/issues/36
	NOTE: Negligible security impact
CVE-2019-19719 (Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via ...)
	NOT-FOR-US: Tableau Server
CVE-2019-19718
	RESERVED
CVE-2019-19717
	RESERVED
CVE-2019-19716
	RESERVED
CVE-2019-19715
	RESERVED
CVE-2019-19714 (Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It ...)
	NOT-FOR-US: Contao
CVE-2019-19713
	RESERVED
CVE-2019-19712 (Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can  ...)
	NOT-FOR-US: Contao
CVE-2019-19711
	RESERVED
CVE-2019-19710
	RESERVED
CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklis ...)
	{DSA-4592-1}
	- mediawiki 1:1.31.6-1
	NOTE: https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
	NOTE: https://phabricator.wikimedia.org/T239466
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-December/092886.html
CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows XSS via p ...)
	NOT-FOR-US: VisualEditor MediaWiki extension
CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware thr ...)
	NOT-FOR-US: Moxa
CVE-2019-19706
	RESERVED
CVE-2019-19705
	RESERVED
CVE-2019-19704
	RESERVED
CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...)
	NOT-FOR-US: Ktor
CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...)
	NOT-FOR-US: Modoboa
CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...)
	NOT-FOR-US: Hitachi
CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2020-2509
	RESERVED
CVE-2020-2508
	RESERVED
CVE-2020-2507
	RESERVED
CVE-2020-2506
	RESERVED
CVE-2020-2505
	RESERVED
CVE-2020-2504
	RESERVED
CVE-2020-2503
	RESERVED
CVE-2020-2502
	RESERVED
CVE-2020-2501
	RESERVED
CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...)
	NOT-FOR-US: QNAP
CVE-2020-2499
	RESERVED
CVE-2020-2498
	RESERVED
CVE-2020-2497
	RESERVED
CVE-2020-2496
	RESERVED
CVE-2020-2495
	RESERVED
CVE-2020-2494
	RESERVED
CVE-2020-2493
	RESERVED
CVE-2020-2492
	RESERVED
CVE-2020-2491
	RESERVED
CVE-2020-2490
	RESERVED
CVE-2019-19701
	RESERVED
CVE-2019-19700
	RESERVED
CVE-2019-19699 (There is Authenticated remote code execution in Centreon Infrastructur ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-19698 (marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav ...)
	NOT-FOR-US: libwav
CVE-2019-19697 (An arbitrary code execution vulnerability exists in the Trend Micro Se ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19696 (A RootCA vulnerability found in Trend Micro Password Manager for Windo ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus for Mac  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19694 (The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19691 (A vulnerability in Trend Micro Apex One and OfficeScan XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19690 (Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19689 (Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) co ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19688 (A privilege escalation vulnerability in Trend Micro HouseCall for Home ...)
	NOT-FOR-US: Trend Micro
CVE-2019-19687 (OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in th ...)
	- keystone 2:16.0.0-5 (bug #946614)
	[buster] - keystone <not-affected> (Vulnerable code introduced later)
	[stretch] - keystone <not-affected> (Vulnerable code introduced later)
	[jessie] - keystone <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/8
	NOTE: https://bugs.launchpad.net/keystone/+bug/1855080
CVE-2019-19686
	RESERVED
CVE-2019-19685 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF ...)
	NOT-FOR-US: RoxyFileman in nopCommerce
CVE-2019-19684 (nopCommerce v4.2.0 allows privilege escalation via file upload in Pres ...)
	NOT-FOR-US: nopCommerce
CVE-2019-19683 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../  ...)
	NOT-FOR-US: RoxyFileman in nopCommerce
CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the co ...)
	NOT-FOR-US: nopCommerce
CVE-2019-19681 (** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vuln ...)
	NOT-FOR-US: Pandora FMS
CVE-2019-19680 (A file-extension filtering vulnerability in Proofpoint Enterprise Prot ...)
	NOT-FOR-US: ProofPoint Protection Server Email Firewall
CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...)
	NOT-FOR-US: Xray Test Management for Jira
CVE-2019-19678 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...)
	NOT-FOR-US: Xray Test Management for Jira
CVE-2019-19677 (arxes-tolina 3.0.0 allows User Enumeration. ...)
	NOT-FOR-US: Arxes Tolina
CVE-2019-19676 (A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain r ...)
	NOT-FOR-US: Arxes Tolina
CVE-2019-19675 (In Ivanti Workspace Control before 10.3.180.0. a locally authenticated ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2019-19674
	RESERVED
CVE-2019-19673
	RESERVED
CVE-2019-19672
	RESERVED
CVE-2019-19671
	RESERVED
CVE-2019-19670 (A HTTP Response Splitting vulnerability was identified in the Web Sett ...)
	NOT-FOR-US: Rumpus FTP Server
CVE-2019-19669 (A CSRF vulnerability exists in the Upload Center Forms Component of We ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19668 (A CSRF vulnerability exists in the File Types component of Web File Ma ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19667 (A CSRF vulnerability exists in the Block Clients component of Web File ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19666 (A CSRF vulnerability exists in the Event Notices Settings of Web File  ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19665 (A CSRF vulnerability exists in the FTP Settings of Web File Manager in ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19664 (A CSRF vulnerability exists in the Web Settings of Web File Manager in ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19663 (A CSRF vulnerability exists in the Folder Sets Settings of Web File Ma ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19662 (A CSRF vulnerability exists in the Web File Manager's Create/Delete Ac ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19661 (A Cookie based reflected XSS exists in the Web File Manager of Rumpus  ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19660 (A CSRF vulnerability exists in the Web File Manager's Network Setting  ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19659 (A CSRF vulnerability exists in the Web File Manager's Edit Accounts fu ...)
	NOT-FOR-US: Rumpus FTP
CVE-2019-19658
	RESERVED
CVE-2019-19657
	RESERVED
CVE-2019-19656
	RESERVED
CVE-2019-19655
	RESERVED
CVE-2019-19654
	RESERVED
CVE-2019-19653
	RESERVED
CVE-2019-19652
	RESERVED
CVE-2019-19651
	RESERVED
CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a remote au ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...)
	- yara <unfixed>
	[buster] - yara <no-dsa> (Minor issue)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/1178
CVE-2019-19647 (radare2 through 4.0.0 lacks validation of the content variable in the  ...)
	- radare2 4.2.1+dfsg-1 (bug #947402)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radareorg/radare2/issues/15545
	NOTE: https://github.com/radareorg/radare2/commit/07b5e062f2d4a00403ff031302cb18dfa58e3805 (4.1.0)
CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_ ...)
	- sqlite3 <not-affected> (Generated column support added later)
	NOTE: https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
	NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite  ...)
	- sqlite3 3.30.1+fossil191229-1 (bug #946612)
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
CVE-2019-19644
	RESERVED
CVE-2019-19643
	RESERVED
CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
	NOT-FOR-US: SuperMicro
CVE-2019-19641
	RESERVED
CVE-2019-19640
	RESERVED
CVE-2019-19639
	RESERVED
CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/102
CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/105
CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/104
CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...)
	- libsixel 1.8.6-1 (low; bug #948103)
	[buster] - libsixel <no-dsa> (Minor issue)
	[stretch] - libsixel <no-dsa> (Minor issue)
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/103
CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x throu ...)
	NOT-FOR-US: K2 extension for Joomla!
CVE-2019-19633
	RESERVED
CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
	NOT-FOR-US: Big Switch Networks
CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
	NOT-FOR-US: Big Switch Networks
CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
	{DLA-2026-1}
	- htmldoc 1.9.7-1 (low)
	[buster] - htmldoc <no-dsa> (Minor issue)
	[stretch] - htmldoc <no-dsa> (Minor issue)
	NOTE: https://github.com/michaelrsweet/htmldoc/issues/370
	NOTE: https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
CVE-2019-19629 (In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferrin ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
CVE-2019-19628 (In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient par ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
CVE-2019-19627 (SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-rela ...)
	NOT-FOR-US: SROS
CVE-2019-19626
	RESERVED
CVE-2019-19625 (SROS 2 0.8.1 (which provides the tools that generate and distribute ke ...)
	NOT-FOR-US: SROS
CVE-2019-19624 (An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifica ...)
	- opencv 4.1.2+dfsg-3
	[buster] - opencv <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
	[jessie] - opencv <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418
	NOTE: https://github.com/opencv/opencv/issues/14554
CVE-2019-19623
	RESERVED
CVE-2019-19622
	RESERVED
CVE-2019-19621
	RESERVED
CVE-2019-19620 (In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user ca ...)
	NOT-FOR-US: SecureWorks Red Cloak Windows Agent
CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mishandle ...)
	NOT-FOR-US: Documize
CVE-2019-19618
	RESERVED
CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
	{DLA-2024-1}
	- phpmyadmin 4:4.9.2+dfsg1-1
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
	NOT-FOR-US: Microsoft Dynamics NAV
CVE-2019-19615 (Multiple XSS vulnerabilities exist in the Backup &amp; Restore module  ...)
	NOT-FOR-US: FreePBX
CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...)
	NOT-FOR-US: Halvotec RAQuest
CVE-2019-19613 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login p ...)
	NOT-FOR-US: Halvotec RaQuest
CVE-2019-19612 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several fea ...)
	NOT-FOR-US: Halvotec RaQuest
CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the  ...)
	NOT-FOR-US: Halvotec RaQuest
CVE-2019-19610 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows s ...)
	NOT-FOR-US: Halvotec RaQuest
CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
	NOT-FOR-US: Strapi
CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing component of  ...)
	NOT-FOR-US: Mitel
CVE-2019-19607 (A SQL injection vulnerability in the web conferencing component of Mit ...)
	NOT-FOR-US: Mitel
CVE-2019-19606 (X-Plane before 11.41 has multiple improper path validations that could ...)
	NOT-FOR-US: X-Plane
CVE-2019-19605 (X-Plane before 11.41 allows Arbitrary Memory Write via crafted network ...)
	NOT-FOR-US: X-Plane
CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.21.x b ...)
	- git 1:2.24.0-2
	[buster] - git 1:2.20.1-2+deb10u1
	[stretch] - git <not-affected> (Vulnerable code introduced in v2.20.0-rc0)
	[jessie] - git <not-affected> (Vulnerable code introduced in v2.20.0-rc0)
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e904deb89d9a9669a76a426182506a084d3f6308
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=bb92255ebe6bccd76227e023d6d0bc997e318ad0
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c1547450748fcbac21675f2681506d2d80351a19
	NOTE: Upstream did backport fixes for CVE-2019-19604 to older versions as the introducing
	NOTE: version for sake of robustness/hardening. In particular, the server-side protection
	NOTE: provided by the fsck  is useful for protecting unpatched clients that are affected
	NOTE: by the bug.
	NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent  ...)
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...)
	- texlive-bin <unfixed> (unimportant; bug #949630)
	NOTE: https://github.com/pkubowicz/opendetex/issues/60
	NOTE: Debian builds using the kpathsea codepaths.
CVE-2019-19600
	RESERVED
CVE-2019-19599
	RESERVED
CVE-2019-19602 (fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux ...)
	- linux 5.3.15-1
	[buster] - linux <not-affected> (Vulnerable code introduced later)
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98
CVE-2020-2489
	RESERVED
CVE-2020-2488
	RESERVED
CVE-2020-2487
	RESERVED
CVE-2020-2486
	RESERVED
CVE-2020-2485
	RESERVED
CVE-2020-2484
	RESERVED
CVE-2020-2483
	RESERVED
CVE-2020-2482
	RESERVED
CVE-2020-2481
	RESERVED
CVE-2020-2480
	RESERVED
CVE-2020-2479
	RESERVED
CVE-2020-2478
	RESERVED
CVE-2020-2477
	RESERVED
CVE-2020-2476
	RESERVED
CVE-2020-2475
	RESERVED
CVE-2020-2474
	RESERVED
CVE-2020-2473
	RESERVED
CVE-2020-2472
	RESERVED
CVE-2020-2471
	RESERVED
CVE-2020-2470
	RESERVED
CVE-2020-2469
	RESERVED
CVE-2020-2468
	RESERVED
CVE-2020-2467
	RESERVED
CVE-2020-2466
	RESERVED
CVE-2020-2465
	RESERVED
CVE-2020-2464
	RESERVED
CVE-2020-2463
	RESERVED
CVE-2020-2462
	RESERVED
CVE-2020-2461
	RESERVED
CVE-2020-2460
	RESERVED
CVE-2020-2459
	RESERVED
CVE-2020-2458
	RESERVED
CVE-2020-2457
	RESERVED
CVE-2020-2456
	RESERVED
CVE-2020-2455
	RESERVED
CVE-2020-2454
	RESERVED
CVE-2020-2453
	RESERVED
CVE-2020-2452
	RESERVED
CVE-2020-2451
	RESERVED
CVE-2020-2450
	RESERVED
CVE-2020-2449
	RESERVED
CVE-2020-2448
	RESERVED
CVE-2020-2447
	RESERVED
CVE-2020-2446
	RESERVED
CVE-2020-2445
	RESERVED
CVE-2020-2444
	RESERVED
CVE-2020-2443
	RESERVED
CVE-2020-2442
	RESERVED
CVE-2020-2441
	RESERVED
CVE-2020-2440
	RESERVED
CVE-2020-2439
	RESERVED
CVE-2020-2438
	RESERVED
CVE-2020-2437
	RESERVED
CVE-2020-2436
	RESERVED
CVE-2020-2435
	RESERVED
CVE-2020-2434
	RESERVED
CVE-2020-2433
	RESERVED
CVE-2020-2432
	RESERVED
CVE-2020-2431
	RESERVED
CVE-2020-2430
	RESERVED
CVE-2020-2429
	RESERVED
CVE-2020-2428
	RESERVED
CVE-2020-2427
	RESERVED
CVE-2020-2426
	RESERVED
CVE-2020-2425
	RESERVED
CVE-2020-2424
	RESERVED
CVE-2020-2423
	RESERVED
CVE-2020-2422
	RESERVED
CVE-2020-2421
	RESERVED
CVE-2020-2420
	RESERVED
CVE-2020-2419
	RESERVED
CVE-2020-2418
	RESERVED
CVE-2020-2417
	RESERVED
CVE-2020-2416
	RESERVED
CVE-2020-2415
	RESERVED
CVE-2020-2414
	RESERVED
CVE-2020-2413
	RESERVED
CVE-2020-2412
	RESERVED
CVE-2020-2411
	RESERVED
CVE-2020-2410
	RESERVED
CVE-2020-2409
	RESERVED
CVE-2020-2408
	RESERVED
CVE-2020-2407
	RESERVED
CVE-2020-2406
	RESERVED
CVE-2020-2405
	RESERVED
CVE-2020-2404
	RESERVED
CVE-2020-2403
	RESERVED
CVE-2020-2402
	RESERVED
CVE-2020-2401
	RESERVED
CVE-2020-2400
	RESERVED
CVE-2020-2399
	RESERVED
CVE-2020-2398
	RESERVED
CVE-2020-2397
	RESERVED
CVE-2020-2396
	RESERVED
CVE-2020-2395
	RESERVED
CVE-2020-2394
	RESERVED
CVE-2020-2393
	RESERVED
CVE-2020-2392
	RESERVED
CVE-2020-2391
	RESERVED
CVE-2020-2390
	RESERVED
CVE-2020-2389
	RESERVED
CVE-2020-2388
	RESERVED
CVE-2020-2387
	RESERVED
CVE-2020-2386
	RESERVED
CVE-2020-2385
	RESERVED
CVE-2020-2384
	RESERVED
CVE-2020-2383
	RESERVED
CVE-2020-2382
	RESERVED
CVE-2020-2381
	RESERVED
CVE-2020-2380
	RESERVED
CVE-2020-2379
	RESERVED
CVE-2020-2378
	RESERVED
CVE-2020-2377
	RESERVED
CVE-2020-2376
	RESERVED
CVE-2020-2375
	RESERVED
CVE-2020-2374
	RESERVED
CVE-2020-2373
	RESERVED
CVE-2020-2372
	RESERVED
CVE-2020-2371
	RESERVED
CVE-2020-2370
	RESERVED
CVE-2020-2369
	RESERVED
CVE-2020-2368
	RESERVED
CVE-2020-2367
	RESERVED
CVE-2020-2366
	RESERVED
CVE-2020-2365
	RESERVED
CVE-2020-2364
	RESERVED
CVE-2020-2363
	RESERVED
CVE-2020-2362
	RESERVED
CVE-2020-2361
	RESERVED
CVE-2020-2360
	RESERVED
CVE-2020-2359
	RESERVED
CVE-2020-2358
	RESERVED
CVE-2020-2357
	RESERVED
CVE-2020-2356
	RESERVED
CVE-2020-2355
	RESERVED
CVE-2020-2354
	RESERVED
CVE-2020-2353
	RESERVED
CVE-2020-2352
	RESERVED
CVE-2020-2351
	RESERVED
CVE-2020-2350
	RESERVED
CVE-2020-2349
	RESERVED
CVE-2020-2348
	RESERVED
CVE-2020-2347
	RESERVED
CVE-2020-2346
	RESERVED
CVE-2020-2345
	RESERVED
CVE-2020-2344
	RESERVED
CVE-2020-2343
	RESERVED
CVE-2020-2342
	RESERVED
CVE-2020-2341
	RESERVED
CVE-2020-2340
	RESERVED
CVE-2020-2339
	RESERVED
CVE-2020-2338
	RESERVED
CVE-2020-2337
	RESERVED
CVE-2020-2336
	RESERVED
CVE-2020-2335
	RESERVED
CVE-2020-2334
	RESERVED
CVE-2020-2333
	RESERVED
CVE-2020-2332
	RESERVED
CVE-2020-2331
	RESERVED
CVE-2020-2330
	RESERVED
CVE-2020-2329
	RESERVED
CVE-2020-2328
	RESERVED
CVE-2020-2327
	RESERVED
CVE-2020-2326
	RESERVED
CVE-2020-2325
	RESERVED
CVE-2020-2324
	RESERVED
CVE-2020-2323
	RESERVED
CVE-2020-2322
	RESERVED
CVE-2020-2321
	RESERVED
CVE-2020-2320
	RESERVED
CVE-2020-2319
	RESERVED
CVE-2020-2318
	RESERVED
CVE-2020-2317
	RESERVED
CVE-2020-2316
	RESERVED
CVE-2020-2315
	RESERVED
CVE-2020-2314
	RESERVED
CVE-2020-2313
	RESERVED
CVE-2020-2312
	RESERVED
CVE-2020-2311
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-2310
	RESERVED
CVE-2020-2309
	RESERVED
CVE-2020-2308
	RESERVED
CVE-2020-2307
	RESERVED
CVE-2020-2306
	RESERVED
CVE-2020-2305
	RESERVED
CVE-2020-2304
	RESERVED
CVE-2020-2303
	RESERVED
CVE-2020-2302
	RESERVED
CVE-2020-2301
	RESERVED
CVE-2020-2300
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-2299
	RESERVED
CVE-2020-2298
	RESERVED
CVE-2020-2297
	RESERVED
CVE-2020-2296
	RESERVED
CVE-2020-2295
	RESERVED
CVE-2020-2294
	RESERVED
CVE-2020-2293
	RESERVED
CVE-2020-2292
	RESERVED
CVE-2020-2291
	RESERVED
CVE-2020-2290
	RESERVED
CVE-2020-2289
	RESERVED
CVE-2020-2288
	RESERVED
CVE-2020-2287
	RESERVED
CVE-2020-2286
	RESERVED
CVE-2020-2285
	RESERVED
CVE-2020-2284
	RESERVED
CVE-2020-2283
	RESERVED
CVE-2020-2282
	RESERVED
CVE-2020-2281
	RESERVED
CVE-2020-2280
	RESERVED
CVE-2020-2279
	RESERVED
CVE-2020-2278
	RESERVED
CVE-2020-2277
	RESERVED
CVE-2020-2276
	RESERVED
CVE-2020-2275
	RESERVED
CVE-2020-2274
	RESERVED
CVE-2020-2273
	RESERVED
CVE-2020-2272
	RESERVED
CVE-2020-2271
	RESERVED
CVE-2020-2270
	RESERVED
CVE-2020-2269
	RESERVED
CVE-2020-2268
	RESERVED
CVE-2020-2267
	RESERVED
CVE-2020-2266
	RESERVED
CVE-2020-2265
	RESERVED
CVE-2020-2264
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2020-2263
	RESERVED
CVE-2020-2262
	RESERVED
CVE-2020-2261
	RESERVED
CVE-2020-2260
	RESERVED
CVE-2020-2259
	RESERVED
CVE-2020-2258
	RESERVED
CVE-2020-2257
	RESERVED
CVE-2020-2256
	RESERVED
CVE-2020-2255
	RESERVED
CVE-2020-2254
	RESERVED
CVE-2020-2253
	RESERVED
CVE-2020-2252
	RESERVED
CVE-2020-2251
	RESERVED
CVE-2020-2250
	RESERVED
CVE-2020-2249
	RESERVED
CVE-2020-2248
	RESERVED
CVE-2020-2247
	RESERVED
CVE-2020-2246
	RESERVED
CVE-2020-2245
	RESERVED
CVE-2020-2244
	RESERVED
CVE-2020-2243
	RESERVED
CVE-2020-2242
	RESERVED
CVE-2020-2241
	RESERVED
CVE-2020-2240
	RESERVED
CVE-2020-2239
	RESERVED
CVE-2020-2238
	RESERVED
CVE-2020-2237
	RESERVED
CVE-2020-2236
	RESERVED
CVE-2020-2235
	RESERVED
CVE-2020-2234
	RESERVED
CVE-2020-2233
	RESERVED
CVE-2020-2232
	RESERVED
CVE-2020-2231
	RESERVED
CVE-2020-2230
	RESERVED
CVE-2020-2229
	RESERVED
CVE-2020-2228
	RESERVED
CVE-2020-2227
	RESERVED
CVE-2020-2226
	RESERVED
CVE-2020-2225
	RESERVED
CVE-2020-2224
	RESERVED
CVE-2020-2223
	RESERVED
CVE-2020-2222
	RESERVED
CVE-2020-2221
	RESERVED
CVE-2020-2220
	RESERVED
CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2217 (Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not e ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2216 (A missing permission check in Jenkins Zephyr for JIRA Test Management  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2215 (A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2214 (Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2213 (Jenkins White Source Plugin 19.1.1 and earlier stores credentials unen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2212 (Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2211 (Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier doe ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2210 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits conf ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2209 (Jenkins TestComplete support Plugin 2.4.1 and earlier stores a passwor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2208 (Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2207 (Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter v ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2206 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a paramete ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2205 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool pat ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2204 (A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2203 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2202 (A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2201 (Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escap ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2200 (Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2199 (Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier do ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2198 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redac ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2197 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not requi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2196 (Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection fo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2195 (Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocess ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2194 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the dis ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2193 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the par ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2192 (A cross-site request forgery vulnerability in Jenkins Self-Organizing  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2191 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2190 (Jenkins Script Security Plugin 1.72 and earlier does not correctly esc ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2188 (A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2187 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts s ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2186 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2185 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH hos ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2184 (A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2183 (Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper perm ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2182 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2181 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML p ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2179 (Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2178 (Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2177 (Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner Plugin 1 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2175 (Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape rep ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2174 (Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape var ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2173 (Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Pol ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2172 (Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package nam ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does not conf ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configur ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured pass ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...)
	NOT-FOR-US: Jenkins
CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...)
	NOT-FOR-US: Jenkins
CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...)
	NOT-FOR-US: Jenkins
CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...)
	NOT-FOR-US: Jenkins
CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...)
	NOT-FOR-US: Jenkins CryptoMove Plugin
CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...)
	NOT-FOR-US: Jenkins Literate Plugin
CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...)
	NOT-FOR-US: Jenkins Skytap Cloud CI Plugin
CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...)
	NOT-FOR-US: Jenkins DeployHub Plugin
CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...)
	NOT-FOR-US: Jenkins OpenShift Deployer Plugin
CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores  ...)
	NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin
CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...)
	NOT-FOR-US: Jenkins Backlog Plugin
CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...)
	NOT-FOR-US: Jenkins Subversion Release Manager Plugin
CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...)
	NOT-FOR-US: Jenkins Quality Gates Plugin
CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...)
	NOT-FOR-US: Jenkins Sonar Quality Gates Plugin
CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...)
	NOT-FOR-US: Jenkins Repository Connector Plugin
CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...)
	NOT-FOR-US: Jenkins Mac Plugin
CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...)
	NOT-FOR-US: Jenkins Mac Plugin
CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...)
	NOT-FOR-US: Jenkins Mac Plugin
CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...)
	NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin
CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...)
	NOT-FOR-US: Jenkins Rundeck Plugin
CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...)
	NOT-FOR-US: Jenkins Logstash Plugin
CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...)
	NOT-FOR-US: Jenkins P4 Plugin
CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...)
	NOT-FOR-US: Jenkins P4 Plugin
CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...)
	NOT-FOR-US: Jenkins Audit Trail Plugin
CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...)
	NOT-FOR-US: Jenkins Cobertura Plugin
CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...)
	NOT-FOR-US: Jenkins Cobertura Plugin
CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...)
	NOT-FOR-US: Jenkins Timestamper Plugin
CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...)
	NOT-FOR-US: Jenkins Git Plugin
CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier  ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier  ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...)
	NOT-FOR-US: Jenkins
CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with  ...)
	NOT-FOR-US: Jenkins
CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...)
	NOT-FOR-US: Jenkins
CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...)
	NOT-FOR-US: Jenkins
CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...)
	NOT-FOR-US: Jenkins
CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...)
	NOT-FOR-US: Jenkins
CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...)
	NOT-FOR-US: Jenkins
CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2096 (Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project n ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2095 (Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2094 (A missing permission check in Jenkins Health Advisor by CloudBees Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2093 (A cross-site request forgery vulnerability in Jenkins Health Advisor b ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2092 (Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure it ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earli ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2020-2089
	RESERVED
CVE-2020-2088
	RESERVED
CVE-2020-2087
	RESERVED
CVE-2020-2086
	RESERVED
CVE-2020-2085
	RESERVED
CVE-2020-2084
	RESERVED
CVE-2020-2083
	RESERVED
CVE-2020-2082
	RESERVED
CVE-2020-2081
	RESERVED
CVE-2020-2080
	RESERVED
CVE-2020-2079
	RESERVED
CVE-2020-2078
	RESERVED
CVE-2020-2077
	RESERVED
CVE-2020-2076
	RESERVED
CVE-2020-2075
	RESERVED
CVE-2020-2074
	RESERVED
CVE-2020-2073
	RESERVED
CVE-2020-2072
	RESERVED
CVE-2020-2071
	RESERVED
CVE-2020-2070
	RESERVED
CVE-2020-2069
	RESERVED
CVE-2020-2068
	RESERVED
CVE-2020-2067
	RESERVED
CVE-2020-2066
	RESERVED
CVE-2020-2065
	RESERVED
CVE-2020-2064
	RESERVED
CVE-2020-2063
	RESERVED
CVE-2020-2062
	RESERVED
CVE-2020-2061
	RESERVED
CVE-2020-2060
	RESERVED
CVE-2020-2059
	RESERVED
CVE-2020-2058
	RESERVED
CVE-2020-2057
	RESERVED
CVE-2020-2056
	RESERVED
CVE-2020-2055
	RESERVED
CVE-2020-2054
	RESERVED
CVE-2020-2053
	RESERVED
CVE-2020-2052
	RESERVED
CVE-2020-2051
	RESERVED
CVE-2020-2050
	RESERVED
CVE-2020-2049
	RESERVED
CVE-2020-2048
	RESERVED
CVE-2020-2047
	RESERVED
CVE-2020-2046
	RESERVED
CVE-2020-2045
	RESERVED
CVE-2020-2044
	RESERVED
CVE-2020-2043
	RESERVED
CVE-2020-2042
	RESERVED
CVE-2020-2041
	RESERVED
CVE-2020-2040
	RESERVED
CVE-2020-2039
	RESERVED
CVE-2020-2038
	RESERVED
CVE-2020-2037
	RESERVED
CVE-2020-2036
	RESERVED
CVE-2020-2035
	RESERVED
CVE-2020-2034
	RESERVED
CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect app on ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-2031
	RESERVED
CVE-2020-2030
	RESERVED
CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web management int ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-2027 (A buffer overflow vulnerability in the authd component of the PAN-OS m ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-2026 (A malicious guest compromised before a container creation (e.g. a mali ...)
	NOT-FOR-US: Kata Containers
CVE-2020-2025 (Kata Containers before 1.11.0 on Cloud Hypervisor persists guest files ...)
	NOT-FOR-US: Kata Containers
CVE-2020-2024 (An improper link resolution vulnerability affects Kata Containers vers ...)
	NOT-FOR-US: Kata Containers
CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the guest's ...)
	NOT-FOR-US: Kata Containers
CVE-2020-2022
	RESERVED
CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-2020
	RESERVED
CVE-2020-2019
	RESERVED
CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component  ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2003 (An external control of filename vulnerability in the command processin ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...)
	NOT-FOR-US: PAN-OS
CVE-2020-2000
	RESERVED
CVE-2020-1999
	RESERVED
CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS  ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session  ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which  ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...)
	{DSA-4665-1 DLA-2262-1}
	- qemu 1:4.1-2
	- qemu-kvm <removed>
	- libslirp 4.2.0-2
	- slirp4netns 1.0.1-1
	[buster] - slirp4netns <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed
	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
CVE-2020-1982
	RESERVED
CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local  ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...)
	NOT-FOR-US: PAN-OS
CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls  ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...)
	NOT-FOR-US: Palo Alto
CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
	NOT-FOR-US: Palo Alto Networks GlobalProtect software
CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2019-19598 (D-Link DAP-1860 devices before v1.04b03 Beta allow access to administr ...)
	NOT-FOR-US: D-Link
CVE-2019-19597 (D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote co ...)
	NOT-FOR-US: D-Link
CVE-2019-19596 (GitBook through 2.6.9 allows XSS via a local .md file. ...)
	NOT-FOR-US: GitBook
CVE-2019-19595 (reset/modules/advanced_form_maker_edit/multiupload/upload.php in the R ...)
	NOT-FOR-US: RESET.PRO Adobe Stock API integration for PrestaShop
CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stoc ...)
	NOT-FOR-US: Adobe Stock API integration for PrestaShop
CVE-2019-19593
	RESERVED
CVE-2019-19592 (Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting ...)
	NOT-FOR-US: Jama Connect
CVE-2019-19591
	RESERVED
CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable  ...)
	- radare2 4.2.1+dfsg-1 (bug #947791)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radareorg/radare2/issues/15543
	NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...)
	NOT-FOR-US: Lever PDF Embedder plugin for WordPress
CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...)
	NOT-FOR-US: validators Python package
CVE-2019-19587 (In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updatin ...)
	NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2019-19586
	RESERVED
CVE-2019-19585 (An issue was discovered in rConfig 3.9.3. The install script updates t ...)
	NOT-FOR-US: rConfig
CVE-2019-19584
	RESERVED
CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH gue ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-308.html
CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86 guest OS us ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit Arm gues ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-307.html
CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-310.html
CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-309.html
CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM gue ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-311.html
CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-306.html
CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and 2.x before ...)
	NOT-FOR-US: K2 extension for Joomla!
CVE-2019-19575
	RESERVED
CVE-2019-19574
	RESERVED
CVE-2019-19573
	RESERVED
CVE-2019-19572
	RESERVED
CVE-2019-19571
	RESERVED
CVE-2019-19570
	RESERVED
CVE-2019-19569
	RESERVED
CVE-2019-19568
	RESERVED
CVE-2019-19567
	RESERVED
CVE-2019-19566
	RESERVED
CVE-2019-19565
	RESERVED
CVE-2019-19564
	RESERVED
CVE-2019-19563
	RESERVED
CVE-2019-19562
	RESERVED
CVE-2019-19561
	RESERVED
CVE-2019-19560
	RESERVED
CVE-2019-19559
	RESERVED
CVE-2019-19558
	RESERVED
CVE-2019-19557
	RESERVED
CVE-2019-19556
	RESERVED
CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
	{DLA-2073-1}
	- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
	[buster] - fig2dev 1:3.2.7a-5+deb10u2
	[stretch] - fig2dev 1:3.2.6a-2+deb9u3
	- transfig <removed> (unimportant)
	NOTE: https://sourceforge.net/p/mcj/tickets/55/
	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
	NOTE: Crash in CLI tool, negligible security impact
CVE-2019-19554
	RESERVED
CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...)
	- wireshark 3.0.7-1 (low)
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
	[jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-22.html
CVE-2019-19552 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...)
	NOT-FOR-US: FreePBX
CVE-2019-19551 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...)
	NOT-FOR-US: FreePBX
CVE-2020-1974
	RESERVED
CVE-2020-1973
	RESERVED
CVE-2020-1972
	RESERVED
CVE-2020-1971
	RESERVED
CVE-2020-1970
	RESERVED
CVE-2020-1969
	RESERVED
CVE-2020-1968
	RESERVED
CVE-2020-1967 (Server or client applications that call the SSL_check_chain() function ...)
	{DSA-4661-1}
	- openssl 1.1.1g-1
	[stretch] - openssl <not-affected> (Only affects 1.1.1d to 1.1.1f)
	[jessie] - openssl <not-affected> (Only affects 1.1.1d to 1.1.1f)
	- openssl1.0 <not-affected> (Only affects 1.1.1d to 1.1.1f)
	NOTE: https://www.openssl.org/news/secadv/20200421.txt
CVE-2020-1966
	RESERVED
CVE-2020-1965
	RESERVED
CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 ...)
	NOT-FOR-US: Senior Rubiweb
CVE-2019-19549
	RESERVED
CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privil ...)
	NOT-FOR-US: Norton
CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may b ...)
	NOT-FOR-US: Symantec
CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to an in ...)
	NOT-FOR-US: Norton Password Manager
CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...)
	NOT-FOR-US: Norton Password Manager
CVE-2019-19544 (CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to  ...)
	NOT-FOR-US: CA Automic Dollar Universe
CVE-2019-19542 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...)
	NOT-FOR-US: ListingPro theme for WordPress
CVE-2019-19541 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...)
	NOT-FOR-US: ListingPro theme for WordPress
CVE-2019-19540 (The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS  ...)
	NOT-FOR-US: ListingPro theme for WordPress
CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in serial_ ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...)
	NOT-FOR-US: Idelji Web ViewPoint
CVE-2019-19538 (In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0. ...)
	NOT-FOR-US: FreePBX
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff
CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.9-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69
CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...)
	{DLA-2114-1}
	- linux 5.2.9-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9
CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd
CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b
CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.9-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963
CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625
CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that  ...)
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79
CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not yet present in released version)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b
CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49
	NOTE: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d
CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...)
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/6af3aa57a0984e061f61308fe181a9a12359fecc
CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...)
	{DLA-2114-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76
CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86
CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0
CVE-2019-19522 (OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey aut ...)
	NOT-FOR-US: OpenBSD
CVE-2019-19521 (libc in OpenBSD 6.6 allows authentication bypass via the -schallenge u ...)
	NOT-FOR-US: OpenBSD
CVE-2019-19520 (xlock in OpenBSD 6.6 allows local users to gain the privileges of the  ...)
	NOT-FOR-US: OpenBSD
CVE-2019-19519 (In OpenBSD 6.6, local users can use the su -L option to achieve any lo ...)
	NOT-FOR-US: OpenBSD
CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, relat ...)
	NOT-FOR-US: CA Automic Sysload
CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...)
	NOT-FOR-US: Apache Heron
CVE-2020-1963 (Apache Ignite uses H2 database to build SQL distributed execution engi ...)
	NOT-FOR-US: Apache Ignite
CVE-2020-1962
	REJECTED
CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail templates for  ...)
	NOT-FOR-US: Apache Syncope
CVE-2020-1960 (A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 ...)
	NOT-FOR-US: Apache Flink
CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope prio ...)
	NOT-FOR-US: Apache Syncope
CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...)
	- druid <itp> (bug #825797)
CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...)
	{DLA-2181-1}
	- shiro <unfixed> (bug #955018)
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
	NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139
	NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322
	NOTE: Fix for CVE-2020-1957 introduces a (security sensitive) encoding issue
	NOTE: resulting in a followup release 1.5.3.
CVE-2020-1956 (Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restfu ...)
	NOT-FOR-US: Apache Kylin
CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...)
	- couchdb <removed>
CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...)
	NOT-FOR-US: Apache CXF
CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML  ...)
	- commons-configuration2 2.7-1 (bug #954713)
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...)
	NOT-FOR-US: Apache IoTDB
CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in  ...)
	{DLA-2161-1}
	- tika <unfixed> (bug #954302)
	[buster] - tika <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4
CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...)
	{DLA-2161-1}
	- tika <unfixed> (bug #954303)
	[buster] - tika <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3
CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...)
	NOT-FOR-US: Apache Sling
CVE-2020-1948
	RESERVED
CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...)
	NOT-FOR-US: Apache ShardingSphere
CVE-2020-1946
	RESERVED
CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default tempora ...)
	- ant 1.10.8-1 (low; bug #960630)
	[buster] - ant <no-dsa> (Minor issue)
	[stretch] - ant <no-dsa> (Minor issue)
	[jessie] - ant <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/13/1
	NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (1.9.15)
	NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (1.9.15)
	NOTE: https://github.com/apache/ant/commit/d591851ae3921172bb825b5a5344afa3de0e28ca (10.8)
	NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (10.8)
	NOTE: https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8)
	NOTE: https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8)
	NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8)
CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
	{DSA-4672-1}
	- trafficserver 8.0.6+ds-1
	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
	NOTE: https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc
CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...)
	NOT-FOR-US: Apache OFBiz
CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...)
	NOT-FOR-US: Apache NiFi
CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open  ...)
	- activemq <unfixed> (unimportant)
	NOTE: Admin console not enabled in the Debian package, see #702670)
	NOTE: Fixed in 5.15.12
CVE-2020-1940 (The optional initial password change and password expiration features  ...)
	NOT-FOR-US: Apache Jackrabbit Oak
CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional separate "a ...)
	NOT-FOR-US: Apache NuttX
CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...)
	{DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
	- tomcat9 9.0.31-1 (bug #952437)
	- tomcat8 <removed> (bug #952438)
	- tomcat7 <removed> (bug #952436)
	NOTE: AJP disabled in Debian in default configuration since 2008
	NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100
	NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
	NOTE: https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75 (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957 (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153 (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72 (7.0.100)
	NOTE: https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2 (7.0.100)
	NOTE: https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba (7.0.100)
	NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100)
CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user  ...)
	NOT-FOR-US: Apache Kylin
CVE-2020-1936
	RESERVED
CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...)
	{DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
	- tomcat9 9.0.31-1
	- tomcat8 <removed>
	- tomcat7 <removed>
	NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100)
CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...)
	- apache2 2.4.43-1 (low)
	[buster] - apache2 <no-dsa> (Minor issue)
	[stretch] - apache2 <no-dsa> (Minor issue)
	[jessie] - apache2 <ignored> (Minor issue)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934
	NOTE: Upstream patch: https://svn.apache.org/r1873745
CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...)
	NOT-FOR-US: Apache NiFi
CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...)
	NOT-FOR-US: Apache Superset
CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...)
	{DSA-4615-1 DLA-2107-1}
	- spamassassin 3.4.4~rc1-1 (bug #950258)
	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
	NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted)
CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...)
	{DSA-4615-1 DLA-2107-1}
	- spamassassin 3.4.4~rc1-1 (bug #950258)
	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
	NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (restricted)
CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an  ...)
	NOT-FOR-US: Apache Beam MongoDB connector
CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...)
	NOT-FOR-US: Apache NiFi
CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...)
	- apache2 2.4.43-1 (low)
	[buster] - apache2 <no-dsa> (Minor issue)
	[stretch] - apache2 <no-dsa> (Minor issue)
	[jessie] - apache2 <ignored> (Minor issue)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
	NOTE: https://svn.apache.org/r1873905
	NOTE: https://svn.apache.org/r1874191
CVE-2020-1926
	RESERVED
CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...)
	NOT-FOR-US: Olingo
CVE-2019-19517 (Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html for ...)
	NOT-FOR-US: Intelbras
CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...)
	NOT-FOR-US: Intelbras WRN
CVE-2019-19515 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireles ...)
	NOT-FOR-US: Ayision
CVE-2019-19514 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic r ...)
	NOT-FOR-US: Ayision
CVE-2019-19513
	RESERVED
CVE-2020-1924
	RESERVED
CVE-2020-1923
	RESERVED
CVE-2020-1922
	RESERVED
CVE-2020-1921
	RESERVED
CVE-2020-1920
	RESERVED
CVE-2020-1919
	RESERVED
CVE-2020-1918
	RESERVED
CVE-2020-1917
	RESERVED
CVE-2020-1916
	RESERVED
CVE-2020-1915
	RESERVED
CVE-2020-1914
	RESERVED
CVE-2020-1913
	RESERVED
CVE-2020-1912
	RESERVED
CVE-2020-1911
	RESERVED
CVE-2020-1910
	RESERVED
CVE-2020-1909
	RESERVED
CVE-2020-1908
	RESERVED
CVE-2020-1907
	RESERVED
CVE-2020-1906
	RESERVED
CVE-2020-1905
	RESERVED
CVE-2020-1904
	RESERVED
CVE-2020-1903
	RESERVED
CVE-2020-1902
	RESERVED
CVE-2020-1901
	RESERVED
CVE-2020-1900
	RESERVED
CVE-2020-1899
	RESERVED
CVE-2020-1898
	RESERVED
CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2020-1896
	RESERVED
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
	NOT-FOR-US: Instagram for Android
CVE-2020-1894
	RESERVED
CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out  ...)
	- hhvm <removed>
CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows  ...)
	- hhvm <removed>
CVE-2020-1891
	RESERVED
CVE-2020-1890
	RESERVED
CVE-2020-1889
	RESERVED
CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...)
	- hhvm <removed>
CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...)
	- osquery <itp> (bug #803502)
CVE-2020-1886
	RESERVED
CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...)
	NOT-FOR-US: Oculus Desktop
CVE-2019-19512
	RESERVED
CVE-2019-19511
	RESERVED
CVE-2019-19510
	RESERVED
CVE-2019-19509 (An issue was discovered in rConfig 3.9.3. A remote authenticated user  ...)
	NOT-FOR-US: rConfig
CVE-2019-19508
	RESERVED
CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can  ...)
	NOT-FOR-US: Json Pattern Validator
CVE-2019-19506 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial  ...)
	NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
CVE-2019-19505 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-b ...)
	NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
CVE-2019-19504
	RESERVED
CVE-2019-19503
	RESERVED
CVE-2019-19502 (Code injection in pluginconfig.php in Image Uploader and Browser for C ...)
	NOT-FOR-US: ckeditor plugin
CVE-2019-19501 (VeraCrypt 1.24 allows Local Privilege Escalation during execution of V ...)
	NOT-FOR-US: VeraCrypt
CVE-2019-19500 (Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS v ...)
	NOT-FOR-US: Matrix42 Workspace Management
CVE-2019-19499
	RESERVED
CVE-2019-19498
	RESERVED
CVE-2019-19497 (MDaemon Email Server 17.5.1 allows XSS via the filename of an attachme ...)
	NOT-FOR-US: MDaemon Email Server
CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...)
	NOT-FOR-US: Alfresco
CVE-2019-19495 (The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable t ...)
	NOT-FOR-US: Technicolor
CVE-2019-19494 (Broadcom based cable modems across multiple vendors are vulnerable to  ...)
	NOT-FOR-US: Broadcom based cable modems
CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the Content-Type h ...)
	NOT-FOR-US: Kentico
CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socke ...)
	- freeswitch <itp> (bug #389591)
CVE-2019-19491 (TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit par ...)
	NOT-FOR-US: TestLink
CVE-2019-19490 (LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the ...)
	NOT-FOR-US: LiteManager
CVE-2019-19489 (SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. ...)
	NOTE: Bogus report, smplayer correctly bails out
CVE-2019-19488
	RESERVED
CVE-2019-19487 (Command Injection in minPlayCommand.php in Centreon (19.04.4 and below ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-19486 (Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and be ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-19485
	RESERVED
CVE-2019-19484 (Open redirect via parameter &#8216;p&#8217; in login.php in Centreon ( ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-19483
	RESERVED
CVE-2019-19482
	RESERVED
CVE-2019-19481 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
	- opensc 0.19.0~rc1-1
	[stretch] - opensc <not-affected> (Vulnerable code not present)
	[jessie] - opensc <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
	NOTE: CAC support added in: https://github.com/OpenSC/OpenSC/commit/777e2a3751e3f6d53f056c98e9e20e42af674fb1 (0.17.0-rc1)
	NOTE: Drop support of CAC1: https://github.com/OpenSC/OpenSC/commit/2190bb927c739852266481d6517aaf3a07b52526 (0.19.0-rc1)
	NOTE: Restored minimal CAC1 driver support: https://github.com/OpenSC/OpenSC/commit/e2b1fb81e0e1339eebaa36fb90635e03f69d4da3 (0.20.0-rc1)
	NOTE: https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278
	NOTE: Mark 0.19.0~rc1 based version as fixed which removed the affected code, which
	NOTE: later was re-introduced upstream in 0.20.0~rc1 again.
CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
	- opensc <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
	NOTE: Introduced in: https://github.com/OpenSC/OpenSC/commit/630d6adf32cecaab0ee184618f56497bd50400fb
	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7
	NOTE: The introducing commit attempted to fix a memory leak issue, and later on
	NOTE: further memleak issues were addressed related to those changes. But those
	NOTE: fixes are not related "directly" to the CVE assignment for the incorrect
	NOTE: free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
	{DLA-2046-1}
	- opensc 0.20.0-1 (bug #947383)
	[buster] - opensc <no-dsa> (Minor issue)
	[stretch] - opensc <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
	NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
CVE-2019-19478
	RESERVED
CVE-2019-19477
	RESERVED
CVE-2019-19476
	RESERVED
CVE-2019-19475 (An issue was discovered in ManageEngine Applications Manager 14 with B ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2019-19474
	RESERVED
CVE-2019-19473
	RESERVED
CVE-2019-19472
	RESERVED
CVE-2019-19471
	RESERVED
CVE-2019-19470 (Unsafe usage of .NET deserialization in Named Pipe message processing  ...)
	NOT-FOR-US: TinyWall Controller
CVE-2019-19469 (In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks ...)
	NOT-FOR-US: Zmanda Management Console
CVE-2019-19468 (Free Photo Viewer 1.3 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Free Photo Viewer
CVE-2019-19467
	RESERVED
CVE-2020-1884
	RESERVED
CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...)
	NOT-FOR-US: Huawei
CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
	NOT-FOR-US: Huawei
CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
	NOT-FOR-US: Huawei
CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...)
	NOT-FOR-US: Huawei
CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...)
	NOT-FOR-US: Huawei
CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...)
	NOT-FOR-US: Huawei
CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...)
	NOT-FOR-US: Huawei
CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...)
	NOT-FOR-US: Huawei
CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
	NOT-FOR-US: Huawei
CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...)
	NOT-FOR-US: Huawei
CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
	NOT-FOR-US: Huawei
CVE-2020-1870 (CloudEngine 12800 products with versions of V200R019C00, V200R019C10SP ...)
	NOT-FOR-US: Huawei
CVE-2020-1869
	RESERVED
CVE-2020-1868
	RESERVED
CVE-2020-1867
	RESERVED
CVE-2020-1866
	RESERVED
CVE-2020-1865
	RESERVED
CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...)
	NOT-FOR-US: Huawei
CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...)
	NOT-FOR-US: Huawei
CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local  ...)
	NOT-FOR-US: Huawei
CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...)
	NOT-FOR-US: Huawei
CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
	NOT-FOR-US: Huawei
CVE-2020-1859
	RESERVED
CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...)
	NOT-FOR-US: Huawei
CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...)
	NOT-FOR-US: Huawei
CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...)
	NOT-FOR-US: Huawei
CVE-2020-1854
	RESERVED
CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...)
	NOT-FOR-US: Huawei
CVE-2020-1852
	RESERVED
CVE-2020-1851
	RESERVED
CVE-2020-1850
	RESERVED
CVE-2020-1849
	RESERVED
CVE-2020-1848
	RESERVED
CVE-2020-1847
	RESERVED
CVE-2020-1846
	RESERVED
CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...)
	NOT-FOR-US: Huawei
CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...)
	NOT-FOR-US: Huawei
CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...)
	NOT-FOR-US: Huawei
CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version  ...)
	NOT-FOR-US: Huawei
CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...)
	NOT-FOR-US: Huawei
CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...)
	NOT-FOR-US: Huawei
CVE-2020-1839 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
	TODO: check
CVE-2020-1838 (HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3)  ...)
	TODO: check
CVE-2020-1837 (ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8)  ...)
	TODO: check
CVE-2020-1836 (HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUA ...)
	TODO: check
CVE-2020-1835 (HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have ...)
	NOT-FOR-US: Huawei
CVE-2020-1834 (HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...)
	NOT-FOR-US: Huawei
CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
	NOT-FOR-US: Huawei
CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C ...)
	NOT-FOR-US: Huawei
CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...)
	NOT-FOR-US: Huawei
CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
	NOT-FOR-US: Huawei
CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of  ...)
	NOT-FOR-US: Huawei
CVE-2020-1824
	RESERVED
CVE-2020-1823
	RESERVED
CVE-2020-1822
	RESERVED
CVE-2020-1821
	RESERVED
CVE-2020-1820
	RESERVED
CVE-2020-1819
	RESERVED
CVE-2020-1818
	RESERVED
CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege  ...)
	NOT-FOR-US: Huawei
CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
	NOT-FOR-US: Huawei
CVE-2020-1813 (HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2 ...)
	NOT-FOR-US: Huawei
CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...)
	NOT-FOR-US: Huawei
CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
	NOT-FOR-US: Huawei
CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
	NOT-FOR-US: Huawei
CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...)
	NOT-FOR-US: Huawei
CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
	NOT-FOR-US: Huawei
CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
	NOT-FOR-US: Huawei
CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
	NOT-FOR-US: Huawei
CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
	NOT-FOR-US: Huawei
CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
	NOT-FOR-US: Huawei
CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...)
	NOT-FOR-US: Huawei
CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...)
	NOT-FOR-US: Huawei
CVE-2020-1801 (There is an improper authentication vulnerability in several smartphon ...)
	NOT-FOR-US: Huawei
CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...)
	NOT-FOR-US: Huawei
CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...)
	NOT-FOR-US: Huawei
CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...)
	NOT-FOR-US: Huawei
CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
	NOT-FOR-US: Huawei
CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...)
	NOT-FOR-US: Huawei
CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...)
	NOT-FOR-US: Huawei
CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...)
	NOT-FOR-US: Huawei
CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...)
	NOT-FOR-US: Huawei
CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...)
	NOT-FOR-US: Huawei
CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
	NOT-FOR-US: Huawei
CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
	NOT-FOR-US: Huawei
CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...)
	NOT-FOR-US: Huawei
CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...)
	NOT-FOR-US: Huawei
CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
	NOT-FOR-US: Huawei
CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...)
	NOT-FOR-US: Huawei
CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...)
	NOT-FOR-US: Huawei
CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
	NOT-FOR-US: SCEditor
CVE-2019-19465
	RESERVED
CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...)
	NOT-FOR-US: CBC Gem application for Android
CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...)
	NOT-FOR-US:  Anhui Huami Mi Fit application for Android
CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows  ...)
	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
	- linux 5.6.14-2
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...)
	NOT-FOR-US: Team Password Manager
CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...)
	NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker  ...)
	NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...)
	NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
	NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2019-19455
	RESERVED
CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2019-19453
	RESERVED
CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
	NOT-FOR-US: Patriot Viper RGB
CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument  ...)
	- dia <unfixed> (unimportant; bug #945876)
	NOTE: https://gitlab.gnome.org/GNOME/dia/issues/428
	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/dia/commit/9a5f438d4b3e718c8ab0efe01d08ee2c3a0d9a86
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/dia/commit/baa2df853f9fb770eedcf3d94c7f5becebc90bb9
	NOTE: Negligible security impact, hang in end user tool
CVE-2019-19450
	RESERVED
CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
	- linux <unfixed>
	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
	- linux <unfixed>
	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image,  ...)
	{DLA-2241-1 DLA-2114-1}
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
	NOTE: https://git.kernel.org/linus/c7df4a1ecb8579838ec8c56b2bb6a6716e974f37
CVE-2019-19446
	RESERVED
CVE-2019-19445
	RESERVED
CVE-2019-19444
	RESERVED
CVE-2019-19443
	RESERVED
CVE-2019-19442
	RESERVED
CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1 ...)
	NOT-FOR-US: Huawei
CVE-2019-19440
	RESERVED
CVE-2019-19439
	RESERVED
CVE-2019-19438
	RESERVED
CVE-2019-19437
	RESERVED
CVE-2019-19436
	RESERVED
CVE-2019-19435
	RESERVED
CVE-2019-19434
	RESERVED
CVE-2019-19433
	RESERVED
CVE-2019-19432
	RESERVED
CVE-2019-19431
	RESERVED
CVE-2019-19430
	RESERVED
CVE-2019-19429
	RESERVED
CVE-2019-19428
	RESERVED
CVE-2019-19427
	RESERVED
CVE-2019-19426
	RESERVED
CVE-2019-19425
	RESERVED
CVE-2019-19424
	RESERVED
CVE-2019-19423
	RESERVED
CVE-2019-19422
	RESERVED
CVE-2019-19421
	RESERVED
CVE-2019-19420
	RESERVED
CVE-2019-19419
	RESERVED
CVE-2019-19418
	RESERVED
CVE-2019-19417
	RESERVED
CVE-2019-19416
	RESERVED
CVE-2019-19415
	RESERVED
CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...)
	NOT-FOR-US: Huawei
CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
	NOT-FOR-US: Huawei
CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass  ...)
	NOT-FOR-US: Huawei
CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
	NOT-FOR-US: Huawei
CVE-2019-19410
	RESERVED
CVE-2019-19409
	RESERVED
CVE-2019-19408
	RESERVED
CVE-2019-19407
	RESERVED
CVE-2019-19406
	RESERVED
CVE-2019-19405
	RESERVED
CVE-2019-19404
	RESERVED
CVE-2019-19403
	RESERVED
CVE-2019-19402
	RESERVED
CVE-2019-19401
	RESERVED
CVE-2019-19400
	RESERVED
CVE-2019-19399
	RESERVED
CVE-2019-19398 (M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input  ...)
	NOT-FOR-US: Huawei
CVE-2019-19397 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
	NOT-FOR-US: Huawei
CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, allows a ...)
	NOT-FOR-US: illumos
CVE-2019-19395
	RESERVED
CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
	- zabbix <unfixed>
	[buster] - zabbix <no-dsa> (Minor issue)
	[stretch] - zabbix <no-dsa> (Minor issue)
	[jessie] - zabbix <no-dsa> (Minor issue)
CVE-2020-1784
	RESERVED
CVE-2020-1783
	RESERVED
CVE-2020-1782
	RESERVED
CVE-2020-1781
	RESERVED
CVE-2020-1780
	RESERVED
CVE-2020-1779
	RESERVED
CVE-2020-1778
	RESERVED
CVE-2020-1777
	RESERVED
CVE-2020-1776
	RESERVED
CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
	TODO: check
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
	{DLA-2198-1}
	- otrs2 6.0.28-1 (bug #959448)
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
	NOTE: Fixed in 7.0.17, 6.0.28
	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
	- otrs2 6.0.27-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
	{DLA-2198-1}
	- otrs2 6.0.27-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
CVE-2020-1771 (Attacker is able craft an article with a link to the customer address  ...)
	- otrs2 6.0.27-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
	NOTE: Fixed in 7.0.16, 6.0.27
	NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
	{DLA-2198-1}
	- otrs2 6.0.27-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
	- otrs2 6.0.27-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93
	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f
CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...)
	- otrs2 <not-affected> (Only affects 7.0.x series)
	NOTE: https://community.otrs.com/security-advisory-2020-04/
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent  ...)
	{DLA-2079-1}
	- otrs2 6.0.25-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
	NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
	{DLA-2079-1}
	- otrs2 6.0.25-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
	NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
	NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5)
CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...)
	{DLA-2079-1}
	- otrs2 6.0.25-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
	NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
	NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...)
	NOT-FOR-US: CFEngine Enterprise
CVE-2019-19393
	RESERVED
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
	NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
	- luajit <unfixed> (bug #946053; unimportant)
	NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
	NOTE: Negligible security impact. The debug library is unsafe per se and one is
	NOTE: not supposed to release an application with the debug library.
CVE-2019-19390 (The Search parameter of the Software Catalogue section of Matrix42 Wor ...)
	NOT-FOR-US: Matrix42 Workspace Management
CVE-2019-19389 (JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP R ...)
	NOT-FOR-US: JetBrains Ktor framework
CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_d ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_inter ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19386 (A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/ ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans. ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...)
	NOT-FOR-US: freeFTPd
CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the  ...)
	NOT-FOR-US: Max Secure Anti Virus Plus
CVE-2019-19381 (oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 b ...)
	NOT-FOR-US: Abacus OAuth Login
CVE-2019-19380
	RESERVED
CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...)
	NOT-FOR-US: MISP
CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image  ...)
	- linux <unfixed>
CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
	- linux 5.6.7-1
	NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...)
	NOT-FOR-US: Octopus Deploy
CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL offlo ...)
	NOT-FOR-US: Octopus Deploy
CVE-2019-19374 (An issue was discovered in core/assets/form/form_question_types/form_q ...)
	NOT-FOR-US: Squiz Matrix CMS
CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...)
	NOT-FOR-US: Squiz Matrix CMS
CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...)
	NOT-FOR-US: rConfig
CVE-2019-19371 (A cross-site scripting (XSS) vulnerability in the web conferencing com ...)
	NOT-FOR-US: Mitel
CVE-2019-19370 (A cross-site scripting (XSS) vulnerability in the web conferencing com ...)
	NOT-FOR-US: Mitel
CVE-2019-19369
	RESERVED
CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login page of R ...)
	NOT-FOR-US: Rumpus FTP Web File Manager
CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_sear ...)
	NOT-FOR-US: FusionPBX
CVE-2019-19365
	RESERVED
CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...)
	NOT-FOR-US: Kiali
CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...)
	{DSA-4684-1}
	- libreswan 3.32-1 (bug #960458)
	NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27)
	NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
	NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...)
	NOT-FOR-US: Kiali
CVE-2020-1761
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...)
	{DLA-2171-1}
	- ceph 14.2.9-1 (bug #956142)
	NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1
	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5
	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1
CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ...)
	- ceph 14.2.9-1 (bug #956139)
	[buster] - ceph <not-affected> (Vulnerable code not present)
	[stretch] - ceph <not-affected> (Vulnerable code not present)
	[jessie] - ceph <not-affected> (Vulnerable code not present)
	NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/fe387e02b11df98357d8cdbfa3b1f1d5f2bb3f74
	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211
	NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does  ...)
	NOT-FOR-US: Keycloak
CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...)
	- undertow <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770
CVE-2020-1756
	RESERVED
CVE-2020-1755
	RESERVED
CVE-2020-1754
	RESERVED
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
	- ansible <unfixed>
	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008
	NOTE: https://github.com/ansible-collections/kubernetes/pull/51
	NOTE: Fixing commit only introduces a warning about disclosure when using certain
	NOTE: options.
CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...)
	- glibc 2.30-3 (bug #953788)
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414
	NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14)
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c
CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...)
	- glibc 2.30-3
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494
CVE-2020-1750
	RESERVED
	NOT-FOR-US: OpenShift machine-config-operator
CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup]
	RESERVED
	{DLA-2241-1}
	- linux 5.4.6-1
	[buster] - linux 4.19.118-1
	NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
CVE-2020-1748
	RESERVED
CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...)
	- pyyaml 5.3-2 (bug #953013)
	[buster] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
	[stretch] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
	[jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
	NOTE: https://github.com/yaml/pyyaml/pull/386
CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...)
	- ansible 2.9.7+dfsg-1
	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491
	NOTE: https://github.com/ansible/ansible/pull/67866
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119 (v2.9.7)
CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector enabled  ...)
	- undertow 2.0.30-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305
	NOTE: Variant of the Ghostcat Tomcat vulnerability, CVE-2020-1938.
	NOTE: According to https://lists.jboss.org/pipermail/undertow-dev/2020-March/002422.html
	NOTE: the fix is: https://github.com/undertow-io/undertow/pull/859
CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuring an ...)
	NOT-FOR-US: Keycloak
CVE-2020-1743
	RESERVED
CVE-2020-1742
	RESERVED
	NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container
CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platform (O ...)
	NOT-FOR-US: openshift-ansible
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
	{DLA-2202-1}
	- ansible 2.9.7+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
	NOTE: https://github.com/ansible/ansible/issues/67798
	NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
	{DLA-2202-1}
	- ansible 2.9.7+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
	NOTE: https://github.com/ansible/ansible/issues/67797
	NOTE: https://github.com/ansible/ansible/pull/67829
	NOTE: https://github.com/ansible/ansible/commit/d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3
CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service  ...)
	- ansible <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164
	NOTE: https://github.com/ansible/ansible/issues/67796
	NOTE: Marked unimportant as for exploitation it requires already a remote that is
	NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017
CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...)
	- ansible 2.9.7+dfsg-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
	NOTE: https://github.com/ansible/ansible/issues/67795
	NOTE: https://github.com/ansible/ansible/pull/67799
	NOTE: Issue in the win_unzip module which is executed only on Windows plattform
CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...)
	- ansible <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124
	NOTE: https://github.com/ansible/ansible/issues/67794
CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used.  ...)
	- ansible 2.9.7+dfsg-1
	[jessie] - ansible <not-affected> (No remote expansion in fetch module)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
	NOTE: https://github.com/ansible/ansible/issues/67793
	NOTE: https://github.com/ansible/ansible/pull/68720
	NOTE: Introduced in https://github.com/ansible/ansible/commit/e47f6137e5b897dec4319e7cb7791fb9b2cffb8d (1.8)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/290bfa820d533dc224e0c3fa7dd7c6b907ed0189
	NOTE: The commit has incorrect CVE reference adressed in
	NOTE: https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1
CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...)
	- ansible <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804
	NOTE: https://github.com/ansible/ansible/issues/6550
	NOTE: https://github.com/ansible/ansible/issues/67792
	NOTE: Upstream considers this intended functionality and delegates it up to the
	NOTE: playbook author to ensure they use the quote filter.
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
	{DLA-2202-1}
	- ansible 2.9.7+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
	NOTE: https://github.com/ansible/ansible/issues/67791
	NOTE: https://github.com/ansible/ansible/pull/68921
	NOTE: https://github.com/ansible/ansible/commit/8077d8e40148fe77e2393caa5f2b2ea855149d63
	NOTE: When applying the fix for CVE-2020-1733 make sure to apply complete fix to
	NOTE: not open up CVE-2020-10744.
CVE-2020-1732 (A flaw was found in Soteria before 1.0.1, in a way that multiple reque ...)
	- wildfly <itp> (bug #752018)
CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before vers ...)
	NOT-FOR-US: Keycloak
CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in t ...)
	- libssh 0.9.4-1 (bug #956308)
	[buster] - libssh 0.8.7-1+deb10u1
	[stretch] - libssh <not-affected> (Vulnerable code introduced later)
	[jessie] - libssh <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.libssh.org/security/advisories/CVE-2020-1730.txt
	NOTE: https://bugs.libssh.org/T213
	NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0)
	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a
CVE-2020-1729
	RESERVED
	NOT-FOR-US: SmallRye Config
CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...)
	NOT-FOR-US: Keycloak
CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every Author ...)
	NOT-FOR-US: Keycloak
CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...)
	- libpod 1.6.4+dfsg1-3 (bug #961421)
	NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1)
	NOTE: https://github.com/containers/libpod/pull/5168
	NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1)
CVE-2020-1725
	RESERVED
CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...)
	NOT-FOR-US: Keycloak
CVE-2020-1723
	RESERVED
CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
	- freeipa <unfixed>
	NOTE: https://pagure.io/freeipa/issue/8268
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
CVE-2020-1721
	RESERVED
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...)
	{DSA-4623-1 DSA-4622-1 DLA-2105-1}
	- postgresql-12 12.2-1
	- postgresql-11 <unfixed>
	- postgresql-9.6 <removed>
	- postgresql-9.4 <removed>
	NOTE: https://www.postgresql.org/about/news/2011/
	NOTE: Fixed in 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9
CVE-2020-1719
	RESERVED
	- wildfly <itp> (bug #752018)
CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...)
	NOT-FOR-US: Keycloak
CVE-2020-1717
	RESERVED
CVE-2020-1716
	RESERVED
	NOT-FOR-US: ceph-ansible
CVE-2020-1715
	RESERVED
CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...)
	NOT-FOR-US: Keycloak
CVE-2020-1713
	RESERVED
CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...)
	- systemd 244.2-1 (bug #950732)
	[buster] - systemd 241-7~deb10u4
	[stretch] - systemd <no-dsa> (Can be fixed via point release)
	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
	NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation)
	NOTE: https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation)
	NOTE: https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation)
	NOTE: https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API)
	NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
	NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
	NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
	{DLA-2144-1}
	- qemu 1:4.2-2 (bug #949731)
	[buster] - qemu 1:3.1+dfsg-8+deb10u4
	[stretch] - qemu <postponed> (Intrusive to backport, revisit later)
	- qemu-kvm <removed>
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3
CVE-2020-1710
	RESERVED
CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...)
	NOT-FOR-US: openshift
CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...)
	NOT-FOR-US: openshift
CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...)
	NOT-FOR-US: openshift
CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...)
	NOT-FOR-US: openshift
CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-operato ...)
	NOT-FOR-US: openshift
CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
	NOT-FOR-US: openshift
CVE-2020-1703
	REJECTED
CVE-2020-1702
	RESERVED
	NOT-FOR-US: Red Hat container manager tooling
CVE-2020-1701
	RESERVED
	NOT-FOR-US: KubeVirt
CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
	- ceph 14.2.7-1
	[buster] - ceph <no-dsa> (Minor issue)
	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
	[jessie] - ceph <not-affected> (Vulnerable code introduced later)
	NOTE: https://tracker.ceph.com/issues/42531
	NOTE: https://github.com/ceph/ceph/pull/33017
	NOTE: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a
CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented in u ...)
	- ceph 14.2.6-4 (bug #949206)
	[buster] - ceph <not-affected> (Vulnerable code introduced later)
	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
	[jessie] - ceph <not-affected> (Vulnerable code introduced later)
	NOTE: https://tracker.ceph.com/issues/41320
	NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158
CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged except ...)
	NOT-FOR-US: Keycloak
CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...)
	NOT-FOR-US: Keycloak
CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...)
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707
CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final  ...)
	- resteasy <undetermined>
	- resteasy3.0 <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
CVE-2020-1694
	RESERVED
	NOT-FOR-US: Keycloak
CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...)
	NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
	- moodle <removed>
CVE-2020-1691
	RESERVED
CVE-2020-1690
	RESERVED
	NOT-FOR-US: openstack-selinux
CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...)
	NOT-FOR-US: Sony Catalyst Production Suite
CVE-2019-19363 (An issue was discovered in Ricoh (including Savin and Lanier) Windows  ...)
	NOT-FOR-US: Ricoh
CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...)
	NOT-FOR-US: TeamViewer
CVE-2019-19361
	RESERVED
CVE-2019-19360
	RESERVED
CVE-2019-19359
	RESERVED
CVE-2019-19358
	RESERVED
CVE-2019-19357
	RESERVED
CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...)
	NOT-FOR-US: Netis WF2419
CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
	NOT-FOR-US: openshift
CVE-2019-19354
	RESERVED
	NOT-FOR-US: openshift
CVE-2019-19353
	RESERVED
	NOT-FOR-US: openshift
CVE-2019-19352
	RESERVED
	NOT-FOR-US: openshift
CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
	NOT-FOR-US: openshift
CVE-2019-19350
	RESERVED
	NOT-FOR-US: openshift
CVE-2019-19349
	RESERVED
	NOT-FOR-US: openshift
CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
	NOT-FOR-US: openshift
CVE-2019-19347
	REJECTED
CVE-2019-19346 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
	NOT-FOR-US: openshift
CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x version ...)
	NOT-FOR-US: openshift
CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...)
	- samba 2:4.11.5+dfsg-1 (bug #950499)
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
	[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
	NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
CVE-2019-19343
	RESERVED
	- undertow <unfixed> (bug #948024; unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
	NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate
	NOTE: issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347)
	NOTE: was added.
CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
	NOT-FOR-US: Ansible Tower
CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where  ...)
	NOT-FOR-US: Ansible Tower
CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...)
	NOT-FOR-US: Ansible Tower
CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...)
	NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207
CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  incomplete fix for TAA (CVE-2019-11135)]
	RESERVED
	- linux <not-affected> (Only affects specific distro kernels which do not include commit e1d38b63acd8)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
CVE-2019-19337 (A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph ...)
	- ceph <not-affected> (Only affects Ceph as packaged by Red Hat)
CVE-2019-19336 (A cross-site scripting vulnerability was reported in the oVirt-engine' ...)
	NOT-FOR-US: ovirt-engine
CVE-2019-19335 (During installation of an OpenShift 4 cluster, the `openshift-install` ...)
	NOT-FOR-US: OpenShift
CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
	- libyang 0.16.105-2 (bug #946217)
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6
CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
	- libyang 0.16.105-2 (bug #946217)
	[buster] - libyang <no-dsa> (Minor issue)
	NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service  ...)
	- knot-resolver 5.0.1-1 (bug #946181)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4
CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...)
	NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before ...)
	NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...)
	NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19326
	RESERVED
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows  ...)
	NOT-FOR-US: SilverStripe
CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...)
	NOT-FOR-US: Xmidt cjwt
CVE-2019-19323
	RESERVED
CVE-2019-19322
	RESERVED
CVE-2019-19321
	RESERVED
CVE-2019-19320
	RESERVED
CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.87-1
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
	- linux 5.4.6-1
CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...)
	- sqlite3 <not-affected> (Generated column support was added with SQLite version 3.31.0)
	NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8
	NOTE: Additional testcases: https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3
CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...)
	NOT-FOR-US: Terraform
CVE-2019-19315 (NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitr ...)
	NOT-FOR-US: Nalpeiron Licensing Service
CVE-2019-19314 (GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens i ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19313 (GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Servi ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19312 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access C ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19311 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group an ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19310 (GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Infor ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19309 (GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorre ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...)
	{DSA-4577-1}
	- haproxy 2.0.10-1
	[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
	NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344
	NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878
CVE-2019-19308 (In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0,  ...)
	- gnome-font-viewer 3.34.0-2 (unimportant)
	- gnome-sushi <unfixed> (unimportant)
	NOTE: https://gitlab.gnome.org/GNOME/gnome-font-viewer/issues/17
	NOTE: https://gitlab.gnome.org/GNOME/gnome-font-viewer/commit/9661683379806e2bad6a52ce6dde776a33f4f981
	NOTE: Crash in GUI tool, no security impact
CVE-2019-19307 (An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2019-19306 (The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via m ...)
	NOT-FOR-US: Zoho CRM Lead Magnet plugin for WordPress
CVE-2019-19305
	RESERVED
CVE-2019-19304
	RESERVED
CVE-2019-19303
	RESERVED
CVE-2019-19302
	RESERVED
CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens
CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
	NOT-FOR-US: Siemens
CVE-2019-19299 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19298 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19297 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19296 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19295 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19294 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19293 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19292 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19291 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19290 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
CVE-2019-19289
	RESERVED
CVE-2019-19288
	RESERVED
CVE-2019-19287
	RESERVED
CVE-2019-19286
	RESERVED
CVE-2019-19285
	RESERVED
CVE-2019-19284
	RESERVED
CVE-2019-19283
	RESERVED
CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions),  ...)
	NOT-FOR-US: Siemens
CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
	NOT-FOR-US: Siemens
CVE-2019-19280
	RESERVED
CVE-2019-19279 (A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact ...)
	NOT-FOR-US: Siemens
CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180  ...)
	NOT-FOR-US: SINAMICS
CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions &lt; 3. ...)
	NOT-FOR-US: Siemens
CVE-2019-19276
	RESERVED
CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...)
	- python3-typed-ast 1.4.0-1 (low)
	[buster] - python3-typed-ast <no-dsa> (Minor issue)
	[stretch] - python3-typed-ast <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.python.org/issue36495
	NOTE: Introduced by: https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce (1.3.0)
	NOTE: Fixed by: https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b (1.3.2)
CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds  ...)
	- python3-typed-ast 1.4.0-1 (low)
	[buster] - python3-typed-ast <no-dsa> (Minor issue)
	[stretch] - python3-typed-ast <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.python.org/issue36495
	NOTE: Introduced by: https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce (1.3.0)
	NOTE: Fixed by: https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b (1.3.2)
CVE-2019-19273 (On Samsung mobile devices with O(8.0) and P(9.0) software and an Exyno ...)
	NOT-FOR-US: Samsung
CVE-2015-9539 (The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows ...)
	NOT-FOR-US: Fast Secure Contact Form plugin for WordPress
CVE-2015-9538 (The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Dire ...)
	NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2015-9537 (The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XS ...)
	NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...)
	- proftpd-dfsg 1.3.6-1
	[stretch] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
	[jessie] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
	NOTE: https://github.com/proftpd/proftpd/issues/858
	NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/474075d2cb8c8ced7764b1b4b5ad63a49284d61f (v1.3.5c)
CVE-2019-19271 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A w ...)
	- proftpd-dfsg 1.3.6-1
	[stretch] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
	[jessie] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
	NOTE: https://github.com/proftpd/proftpd/issues/860
	NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/474075d2cb8c8ced7764b1b4b5ad63a49284d61f (v1.3.5c)
CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. F ...)
	- proftpd-dfsg 1.3.6b-2 (bug #946346)
	[buster] - proftpd-dfsg 1.3.6-4+deb10u3
	[stretch] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
	[jessie] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c)
	NOTE: https://github.com/proftpd/proftpd/issues/859
	NOTE: https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master)
	NOTE: https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch)
	NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/0e27c53177db6e1ce4196c772c119071678c77a7 (v1.3.5c)
CVE-2019-19269 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...)
	{DLA-2018-1}
	- proftpd-dfsg 1.3.6b-2 (bug #946345)
	[buster] - proftpd-dfsg 1.3.6-4+deb10u3
	[stretch] - proftpd-dfsg 1.3.5b-4+deb9u3
	NOTE: https://github.com/proftpd/proftpd/issues/861
	NOTE: https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master)
	NOTE: https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch)
CVE-2019-19268
	RESERVED
CVE-2019-19267
	RESERVED
CVE-2019-19266 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...)
	NOT-FOR-US: IceWarp WebMail Server
CVE-2019-19265 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...)
	NOT-FOR-US: IceWarp WebMail Server
CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
	NOT-FOR-US: Simplifile RecordFusion
CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19262 (GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecur ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/
CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
	[experimental] - gitlab 12.2.9-5
	- gitlab 12.6.8-3
	- gitlab-workhorse 8.8.1+debian-3
	[buster] - gitlab-workhorse <ignored> (Minor issue)
	[stretch] - gitlab-workhorse <ignored> (Minor issue)
	[experimental] - gitaly 1.65.2+dfsg-1
	- gitaly <unfixed>
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an I ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorre ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
	[experimental] - gitlab 12.2.9-5
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorre ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorre ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and lat ...)
	[experimental] - gitlab 12.2.9-5
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19253
	RESERVED
	NOT-FOR-US: Apereo CAS
CVE-2019-19252 (vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5. ...)
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/
CVE-2019-19251 (The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS ma ...)
	NOT-FOR-US: Last.fm desktop app on macOS
CVE-2019-19250 (OpenTrade before 2019-11-23 allows SQL injection, related to server/mo ...)
	NOT-FOR-US: OpenTrade
CVE-2019-19249 (Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta m ...)
	NOT-FOR-US: QueryTree
CVE-2019-19248 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...)
	NOT-FOR-US: Electronic Arts Origin
CVE-2019-19247 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...)
	NOT-FOR-US: Electronic Arts Origin
CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has  ...)
	{DLA-2020-1}
	- libonig 6.9.4-1 (low; bug #946344)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	NOTE: https://bugs.php.net/bug.php?id=78559
	NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...)
	NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library
CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...)
	- sqlite3 3.30.1+fossil191229-1 (bug #946656)
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window functions, not present)
	NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
CVE-2019-19243
	RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr-&gt;y.pTab, as demonstrated by the TK_C ...)
	- sqlite3 3.30.1+fossil191229-1
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads to reques ...)
	- linux 5.3.15-1
	[buster] - linux <not-affected> (Vulnerable code introduced later)
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1975
	NOTE: https://git.kernel.org/linus/181e448d8709e517c9c7b523fcd209f24eb38ca7
	NOTE: https://git.kernel.org/linus/d69e07793f891524c6bbf1e75b9ae69db4450953
CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests wit ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2019-19239
	RESERVED
CVE-2019-19238
	RESERVED
CVE-2019-19237
	RESERVED
CVE-2019-19236
	RESERVED
CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...)
	NOT-FOR-US: ASUS
CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ...)
	- sudo 1.8.31-1 (bug #947225; unimportant)
	NOTE: https://www.sudo.ws/devel.html#1.8.30b2
	NOTE: Sudo 1.8.30 adds an optional setting to check the shell of the target user
	NOTE: additionally.
CVE-2019-19233
	RESERVED
CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ...)
	- sudo 1.8.31-1 (bug #947225; unimportant)
	NOTE: https://www.sudo.ws/devel.html#1.8.30b2
	NOTE: Sudo 1.8.30 introduces an option to enable/disable the behavior.
CVE-2019-19231 (An insecure file access vulnerability exists in CA Client Automation 1 ...)
	NOT-FOR-US: CA Client Automation
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release Automatio ...)
	NOT-FOR-US: CA Release Automation (Nolio)
CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.1 ...)
	NOT-FOR-US: Fronius Solar Inverter devices
CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...)
	NOT-FOR-US: Fronius Solar Inverter devices
CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
CVE-2019-19226 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
	NOT-FOR-US: D-Link
CVE-2019-19225 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
	NOT-FOR-US: D-Link
CVE-2019-19224 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
	NOT-FOR-US: D-Link
CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
	NOT-FOR-US: D-Link
CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration interface ...)
	NOT-FOR-US: D-Link
CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...)
	- libarchive 3.4.2-1 (bug #945287)
	[buster] - libarchive <no-dsa> (Minor issue)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
	NOTE: https://github.com/libarchive/libarchive/issues/1276
CVE-2019-19220 (BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of ...)
	NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19219 (BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download. ...)
	NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19218 (BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. ...)
	NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19217 (BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. ...)
	NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19216 (BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. ...)
	NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19215 (A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when ...)
	NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19214
	REJECTED
CVE-2019-19213
	REJECTED
CVE-2019-19212 (Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter t ...)
	- dolibarr <removed>
CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...)
	- dolibarr <removed>
CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML docume ...)
	- dolibarr <removed>
CVE-2019-19209 (Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. ...)
	- dolibarr <removed>
CVE-2019-19208 (Codiad Web IDE through 2.8.4 allows PHP Code injection. ...)
	NOT-FOR-US: Codiad Web IDE
CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...)
	NOT-FOR-US: rConfig
CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...)
	- dolibarr <removed>
CVE-2019-19205
	RESERVED
CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...)
	{DLA-2020-1}
	- libonig 6.9.4-1 (low; bug #945313)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	NOTE: https://github.com/kkos/oniguruma/issues/162
	NOTE: https://github.com/kkos/oniguruma/commit/6eb4aca6a7f2f60f473580576d86686ed6a6ebec (v6.9.4_rc2)
	NOTE: Only exploitable with attacker-provided pattern
CVE-2019-19203 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...)
	- libonig 6.9.4-1 (low; bug #945312)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	[jessie] - libonig <ignored> (Minor issue, not reproducible, non-trivial backport)
	NOTE: https://github.com/kkos/oniguruma/issues/163
	NOTE: https://github.com/kkos/oniguruma/commit/aa0188eaedc056dca8374ac03d0177429b495515 (v6.9.4_rc2)
	NOTE: Only exploitable with attacker-provided pattern
CVE-2019-19202 (In Vtiger 7.x before 7.2.0, the My Preferences saving functionality al ...)
	NOT-FOR-US: Vtiger CRM
CVE-2019-19201
	RESERVED
CVE-2019-19200
	RESERVED
CVE-2019-19199
	RESERVED
CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...)
	NOT-FOR-US: Scoutnet Kalender plugin for WordPress
CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...)
	NOT-FOR-US: Kyrol Internet Security
CVE-2019-19196 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation  ...)
	NOT-FOR-US: Telink
CVE-2019-19195 (The Bluetooth Low Energy implementation on Microchip Technology BluSDK ...)
	NOT-FOR-US: Microchip
CVE-2019-19194 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation  ...)
	NOT-FOR-US: Telink
CVE-2019-19193 (The Bluetooth Low Energy peripheral implementation on Texas Instrument ...)
	NOT-FOR-US: Texas Instruments
CVE-2019-19192 (The Bluetooth Low Energy implementation on STMicroelectronics BLE Stac ...)
	NOT-FOR-US: STMicroelectronics
CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file  ...)
	- shibboleth-sp <unfixed> (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1157471
	NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-874
	NOTE: This is an issue in the upstream provided spec file which is not relevant
	NOTE: for the binary packages build in Debian (fixed upstream in 3.1.0). The
	NOTE: postinst in the Debian packaging does not have similar problematic chown logic.
CVE-2019-19190
	RESERVED
CVE-2019-19189
	RESERVED
CVE-2019-19188
	RESERVED
CVE-2019-19187
	RESERVED
CVE-2019-19186
	RESERVED
CVE-2019-19185
	RESERVED
CVE-2019-19184
	RESERVED
CVE-2019-19183
	RESERVED
CVE-2019-19182
	RESERVED
CVE-2019-19181
	RESERVED
CVE-2019-19180
	RESERVED
CVE-2019-19179
	RESERVED
CVE-2019-19178
	RESERVED
CVE-2019-19177
	RESERVED
CVE-2019-19176
	RESERVED
CVE-2019-19175
	RESERVED
CVE-2019-19174
	RESERVED
CVE-2019-19173
	RESERVED
CVE-2019-19172
	RESERVED
CVE-2019-19171
	RESERVED
CVE-2019-19170
	RESERVED
CVE-2019-19169 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...)
	NOT-FOR-US: Dext5.ocx ActiveX
CVE-2019-19168 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...)
	NOT-FOR-US: Dext5.ocx ActiveX
CVE-2019-19167 (Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary co ...)
	NOT-FOR-US: Tobesoft Nexacro
CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability t ...)
	NOT-FOR-US: Tobesoft XPlatform
CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability  ...)
	NOT-FOR-US: Inogard Ebiz4u
CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
	NOT-FOR-US: Dext5.ocx ActiveX
CVE-2019-19163 (A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an ...)
	NOT-FOR-US: COMMAX
CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1  ...)
	NOT-FOR-US: TOBESOFT XPLATFORM
CVE-2019-19161 (CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files require ...)
	TODO: check
CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...)
	NOT-FOR-US: Reportexpress ProPlus
CVE-2019-19159
	RESERVED
CVE-2019-19158
	RESERVED
CVE-2019-19157
	RESERVED
CVE-2019-19156
	RESERVED
CVE-2019-19155
	RESERVED
CVE-2019-19154
	RESERVED
CVE-2019-19153
	RESERVED
CVE-2019-19152
	RESERVED
CVE-2019-19151 (On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-19149
	RESERVED
CVE-2019-19148 (Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command  ...)
	NOT-FOR-US: Tellabs Optical Line Terminal (OLT) devices
CVE-2019-19147
	RESERVED
CVE-2019-19146
	RESERVED
CVE-2019-19145
	RESERVED
CVE-2019-19144
	RESERVED
CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to  ...)
	NOT-FOR-US: TP-LINK
CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to replace the  ...)
	NOT-FOR-US: Intelbras
CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...)
	NOT-FOR-US: Plex Media Server
CVE-2019-19140
	RESERVED
CVE-2019-19139
	RESERVED
CVE-2019-19138
	RESERVED
CVE-2019-19137
	RESERVED
CVE-2019-19136
	RESERVED
CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do ...)
	NOT-FOR-US: OPC Foundation OPC UA .NET Standard codebase
CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...)
	NOT-FOR-US: Hero Maps Premium plugin for WordPress
CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected  ...)
	NOT-FOR-US: CSS Hero plugin for WordPress
CVE-2019-19132
	RESERVED
CVE-2019-19131
	RESERVED
CVE-2019-19130
	RESERVED
CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11 ...)
	NOT-FOR-US: Afterlogic
CVE-2019-19128
	RESERVED
CVE-2019-19127 (An authentication bypass vulnerability is present in the standalone SI ...)
	NOT-FOR-US: Tribal SITS
CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31  ...)
	- glibc 2.29-8 (bug #945250)
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <not-affected> (Vulnerable code introduced in 2.23)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25204
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=object;h=b9eb92ab05204df772eb4929eccd018637c9f3e9
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5dfad4326fc683c813df1e37bbf5cf920591c8e
CVE-2019-19125
	RESERVED
CVE-2019-19124
	RESERVED
CVE-2019-19123
	RESERVED
CVE-2019-19122
	RESERVED
CVE-2019-19121
	RESERVED
CVE-2019-19120
	RESERVED
CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model  ...)
	- python-django 2:2.2.8-1 (bug #946011)
	[buster] - python-django <not-affected> (Vulnerable code introduced later)
	[stretch] - python-django <not-affected> (Vulnerable code introduced later)
	[jessie] - python-django <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
	NOTE: Introduced after https://github.com/django/django/commit/825f0beda804e48e9197fcf3b0d909f9f548aa47 (2.1a1)
	NOTE: https://github.com/django/django/commit/11c5e0609bcc0db93809de2a08e0dc3d70b393e4 (master)
	NOTE: https://github.com/django/django/commit/092cd66cf3c3e175acce698d6ca2012068d878fa (3.0 branch)
	NOTE: https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21 (2.2 branch)
	NOTE: https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244 (2.1 branch)
CVE-2019-19117 (/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG12 ...)
	NOT-FOR-US: PHICOMM K2(PSG1218) devices
CVE-2019-19116
	RESERVED
CVE-2019-19115
	RESERVED
CVE-2019-19114
	RESERVED
CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...)
	NOT-FOR-US: newbee-mall
CVE-2019-19112 (The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw- ...)
	NOT-FOR-US: wpForo plugin for WordPress
CVE-2019-19111 (The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admi ...)
	NOT-FOR-US: wpForo plugin for WordPress
CVE-2019-19110 (The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admi ...)
	NOT-FOR-US: wpForo plugin for WordPress
CVE-2019-19109 (The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=w ...)
	NOT-FOR-US: wpForo plugin for WordPress
CVE-2019-19108 (An authentication weakness in the SNMP service in B&amp;R Automation R ...)
	NOT-FOR-US: B&R Automation Runtime
CVE-2019-19107 (The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Ja ...)
	NOT-FOR-US: ABB
CVE-2019-19106 (Improper implementation of Access Control in ABB Telephone Gateway TG/ ...)
	NOT-FOR-US: ABB
CVE-2019-19105 (The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger ...)
	NOT-FOR-US: ABB
CVE-2019-19104 (The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186 ...)
	NOT-FOR-US: ABB
CVE-2019-19103
	RESERVED
CVE-2019-19102 (A directory traversal vulnerability in SharpZipLib used in the upgrade ...)
	NOT-FOR-US: B&R Automation Studio
CVE-2019-19101 (A missing secure communication definition and an incomplete TLS valida ...)
	NOT-FOR-US: B&R Automation Studio
CVE-2019-19100 (A privilege escalation vulnerability in the upgrade service in B&amp;R ...)
	NOT-FOR-US: B&R Automation Studio
CVE-2019-19099
	RESERVED
CVE-2019-19098
	RESERVED
CVE-2019-19097 (ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium streng ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19096 (The Redis data structure component used in ABB eSOMS versions 6.0 to 6 ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19095 (Lack of adequate input/output validation for ABB eSOMS versions 4.0 to ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19094 (Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0. ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19093 (eSOMS versions 4.0 to 6.0.3 do not enforce password complexity setting ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19092 (ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message  ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19091 (For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments  ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19090 (For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19089 (For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Tr ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19087 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions  ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19086 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions  ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...)
	NOT-FOR-US: Octopus Server
CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with  ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-21031 (Tautulli versions 2.1.38 and below allows remote attackers to bypass i ...)
	NOT-FOR-US: Plex Media Server
CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...)
	NOT-FOR-US: Distributed Ruby
CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. ...)
	NOT-FOR-US: Distributed Ruby
CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/gpu/drm ...)
	- linux 5.3.9-1 (unimportant)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...)
	- linux 5.4.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d
CVE-2019-19081 (A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers ...)
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/8ce39eb5a67aee25d9f05b40b673c95b23502e3e
CVE-2019-19080 (Four memory leaks in the nfp_flower_spawn_phy_reprs() function in driv ...)
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/8572cea1461a006bce1d06c0c4b0575869125fa4
CVE-2019-19079 (A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c  ...)
	- linux 5.3.7-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/a21b7f0cff1906a93a0130b74713b15a0b36481d
CVE-2019-19078 (A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wi ...)
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19077 (A memory leak in the bnxt_re_create_srq() function in drivers/infiniba ...)
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/4a9d46a9fe14401f21df69cea97c62396d5fb053
CVE-2019-19076 (** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() functi ...)
	- linux 5.3.7-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/78beef629fd95be4ed853b2d37b832f766bd96ca
CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee802154 ...)
	- linux 5.3.9-1 (unimportant)
	[buster] - linux 4.19.87-1
	NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...)
	- linux 5.4.6-1
	NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux  ...)
	- linux 5.4.6-1
	NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/trace_ ...)
	- linux 5.4.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
CVE-2019-19071 (A memory leak in the rsi_send_beacon() function in drivers/net/wireles ...)
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19070 (** DISPUTED ** A memory leak in the spi_gpio_probe() function in drive ...)
	- linux <unfixed> (unimportant)
CVE-2019-19069 (A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc ...)
	- linux 5.3.9-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/fc739a058d99c9297ef6bfd923b809d85855b9a9
CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net ...)
	{DLA-2114-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...)
	- linux 5.3.9-1 (unimportant)
	NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
CVE-2019-19065 (** DISPUTED ** A memory leak in the sdma_init() function in drivers/in ...)
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/34b3be18a04ecdc610aae4c48e5d1b799d8689f6
CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in driv ...)
	- linux 5.4.13-1 (unimportant)
CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...)
	- linux 5.4.8-1 (unimportant)
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_user_ba ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
	- linux 5.3.9-1 (unimportant)
	NOTE: https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
CVE-2019-19060 (A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...)
	- linux 5.3.9-1 (unimportant)
	[buster] - linux 4.19.87-1
	NOTE: https://git.kernel.org/linus/ab612b1daf415b62c58e130cb3d0f30b255a14d0
CVE-2019-19059 (Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function i ...)
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/0f4f199443faca715523b0659aa536251d8b978f
CVE-2019-19058 (A memory leak in the alloc_sgtable() function in drivers/net/wireless/ ...)
	- linux 5.4.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d
CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drive ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.8-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drive ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats()  ...)
	- linux 5.4.6-1 (unimportant)
	[buster] - linux <not-affected> (Vulnerable code introduced later)
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...)
	- linux <unfixed> (unimportant)
	NOTE: Memory leak on probe only.
CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpm ...)
	- linux 5.4.13-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19052 (A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_ ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407
CVE-2019-19050 (A memory leak in the crypto_reportstat() function in crypto/crypto_use ...)
	- linux 5.4.6-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19049 (** DISPUTED ** A memory leak in the unittest_data_add() function in dr ...)
	- linux 5.3.15-1 (unimportant)
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/e13de8fe0d6a51341671bbe384826d527afe8d44
	NOTE: unittest.c can only be reached during boot.
CVE-2019-19048 (A memory leak in the crypto_reportstat() function in drivers/virt/vbox ...)
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/e0b0cb9388642c104838fac100a4af32745621e2
CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers ...)
	- linux 5.3.15-1
	[buster] - linux <not-affected> (Vulnerability introduced later)
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in  ...)
	- linux 5.4.19-1 (unimportant)
	[buster] - linux 4.19.118-1
	NOTE: Only a memory leak on the probe path
CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ne ...)
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/c8c2a057fdc7de1cd16f4baa51425b932a42eb39
CVE-2019-19044 (Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/ ...)
	- linux 5.3.15-1
	[buster] - linux <not-affected> (Vulnerability introduced later)
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/29cd13cfd7624726d9e6becbae9aa419ef35af7f
CVE-2019-19043 (A memory leak in the i40e_setup_macvlans() function in drivers/net/eth ...)
	- linux 5.4.19-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19042
	RESERVED
CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as d ...)
	NOT-FOR-US: Xorux
CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...)
	NOT-FOR-US: KairosDB
CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Li ...)
	- linux <unfixed>
CVE-2019-19038
	RESERVED
CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 a ...)
	{DLA-2114-1}
	- linux 5.4.8-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19036 (btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 ...)
	- linux <unfixed>
CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...)
	- jhead 1:3.04-1 (unimportant; bug #944961)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
	NOTE: Crash in CLI tool, no security impact
CVE-2019-19034 (Zoho ManageEngine Asset Explorer 6.5 does not validate the System Cent ...)
	NOT-FOR-US: Zoho
CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and  ...)
	NOT-FOR-US: Jalios JCMS
CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...)
	NOT-FOR-US: XMLBlueprint
CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...)
	NOT-FOR-US: Easy XML Editor
CVE-2019-19030
	RESERVED
CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
	NOT-FOR-US: Harbor
CVE-2019-19028
	RESERVED
CVE-2019-19027
	RESERVED
CVE-2019-19026 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
	NOT-FOR-US: Harbor
CVE-2019-19025 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
	NOT-FOR-US: Harbor
CVE-2019-19024
	RESERVED
CVE-2019-19023 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has  ...)
	NOT-FOR-US: Harbor
CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about  ...)
	NOT-FOR-US: iTerm2
CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19020 (An issue was discovered in TitanHQ WebTitan before 5.18. In the admini ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19019 (An issue was discovered in TitanHQ WebTitan before 5.18. It contains a ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19018 (An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a  ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19017 (An issue was discovered in TitanHQ WebTitan before 5.18. The appliance ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19016 (An issue was discovered in TitanHQ WebTitan before 5.18. Some function ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19015 (An issue was discovered in TitanHQ WebTitan before 5.18. The proxy ser ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudo ...)
	NOT-FOR-US: TitanHQ WebTitan
CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...)
	NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
	{DLA-2020-1}
	- libonig 6.9.4-1 (low; bug #944959)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	NOTE: https://github.com/kkos/oniguruma/issues/164
	NOTE: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
	NOTE: https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f
	NOTE: https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed
	NOTE: https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4
	NOTE: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a
CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueC ...)
	NOT-FOR-US: ngiflib
CVE-2019-19010 (Eval injection in the Math plugin of Limnoria (before 2019.11.09) and  ...)
	- limnoria 2019.11.09-1
	[buster] - limnoria 2019.02.23-1+deb10u1
	[stretch] - limnoria 2017.01.10-1+deb9u1
	NOTE: https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35
	NOTE: https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability
CVE-2019-19009
	RESERVED
CVE-2019-19008
	REJECTED
CVE-2019-19007 (Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrato ...)
	NOT-FOR-US: Intelbras IWR 3000N 1.8.7 devices
CVE-2019-19006 (Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197. ...)
	NOT-FOR-US: FreePBX
CVE-2019-19005
	RESERVED
CVE-2019-19004
	RESERVED
CVE-2019-19003 (For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. Thi ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19002 (For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP respons ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19001 (For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-19000 (For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s ...)
	NOT-FOR-US: ABB eSOMS
CVE-2019-18999
	RESERVED
CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset Suite ve ...)
	NOT-FOR-US: ABB Asset Suite
CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses the rea ...)
	NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel Builder 600 ve ...)
	NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18995 (The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8 ...)
	NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18994 (Due to a lack of file length check, the HMIStudio component of ABB PB6 ...)
	NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to th ...)
	NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
	NOT-FOR-US: OpenWrt
CVE-2019-18991
	RESERVED
CVE-2019-18990
	RESERVED
CVE-2019-18989
	RESERVED
CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
	NOT-FOR-US: TeamViewer
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
	NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...)
	NOT-FOR-US: Pimcore
CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA token. ...)
	NOT-FOR-US: Pimcore
CVE-2019-18984
	RESERVED
CVE-2019-18983
	RESERVED
CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore be ...)
	NOT-FOR-US: Pimcore
CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scen ...)
	NOT-FOR-US: Pimcore
CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...)
	NOT-FOR-US: Signify Philips Taolight
CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
	NOT-FOR-US: Adaware
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
	{DLA-2096-1}
	- ruby-rack-cors 1.1.1-1 (bug #944849)
	NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
	NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
CVE-2019-18977
	RESERVED
CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through ...)
	- asterisk 1:16.1.1~dfsg-1
	[stretch] - asterisk <no-dsa> (Minor issue)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-008.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28612
	NOTE: Only affects 13.x, marking first unstable upload after 13.x as fixed
CVE-2019-18975
	RESERVED
CVE-2019-18974
	RESERVED
CVE-2019-18973
	RESERVED
CVE-2019-18972
	RESERVED
CVE-2019-18971
	RESERVED
CVE-2019-18970
	REJECTED
CVE-2019-18969
	REJECTED
CVE-2019-18968
	REJECTED
CVE-2019-18967
	REJECTED
CVE-2019-18966
	REJECTED
CVE-2019-18965
	REJECTED
CVE-2019-18964
	REJECTED
CVE-2019-18963
	REJECTED
CVE-2019-18962
	REJECTED
CVE-2019-18961
	REJECTED
CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions 0.18.0 an ...)
	NOT-FOR-US: AWS Firecracker
CVE-2019-18959
	RESERVED
CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where  ...)
	NOT-FOR-US: Nitro Pro
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has r ...)
	NOT-FOR-US: Microstrategy Library
CVE-2019-18956 (Divisa Proxia Suite 9 &lt; 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 an ...)
	NOT-FOR-US: Divisa Proxia Suite
CVE-2019-18955 (The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Prod ...)
	NOT-FOR-US: Lansweeper
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...)
	NOT-FOR-US: Pomelo
CVE-2019-18953
	RESERVED
CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary fil ...)
	NOT-FOR-US: SibSoft Xfilesharing
CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&amp;tmpl=../ directo ...)
	NOT-FOR-US: SibSoft Xfilesharing
CVE-2019-18950
	RESERVED
CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...)
	NOT-FOR-US: SnowHaze
CVE-2019-18948 (An issue was found in Arista EOS. Specific malformed ARP packets can i ...)
	NOT-FOR-US: Arista
CVE-2019-18947
	RESERVED
CVE-2019-18946
	RESERVED
CVE-2019-18945
	RESERVED
CVE-2019-18944
	RESERVED
CVE-2019-18943
	RESERVED
CVE-2019-18942
	RESERVED
CVE-2019-18941
	RESERVED
CVE-2019-18940
	RESERVED
CVE-2019-18939 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn t ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-18938 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn thr ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser Ad ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cause a d ...)
	- libunivalue 1.1.1-2 (bug #954959)
	[buster] - libunivalue <no-dsa> (Minor issue)
	[stretch] - libunivalue <no-dsa> (Minor issue)
	NOTE: https://github.com/jgarzik/univalue/commit/07aa635c034f3a2accfe4e20a8148c366bccf5bf
	NOTE: https://github.com/jgarzik/univalue/pull/58
CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...)
	NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...)
	- unbound <unfixed> (unimportant)
	[stretch] - unbound <not-affected> (ipsecmod module introduced later)
	[jessie] - unbound <not-affected> (ipsecmod module introduced later)
	NOTE: Debian binary packages not built with --enable-ipsecmod
	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new  ...)
	- zulip-server <itp> (bug #800052)
CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows  ...)
	- sarg 2.4.0-1 (unimportant; bug #951390)
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6
	NOTE: The sarg-reports as shipped in Debian has already safe use of mktemp for
	NOTE: use of temporary files and directories.
	NOTE: Fixed by: https://sourceforge.net/p/sarg/code/ci/8ec6d20be8c0da3c885aba78e63251f2e5080748
	NOTE: Neutralised by kernel hardening
CVE-2019-18931 (Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer O ...)
	NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users  ...)
	NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users  ...)
	NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware
CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege  ...)
	- cyrus-imapd 3.0.12-1
	[buster] - cyrus-imapd 3.0.8-6+deb10u3
	[stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/e675bf7b0e9c6e160516d274bffaec6f9dccaef7 (cyrus-imapd-3.0.12)
	NOTE: Fixed in 3.0.12 and 2.5.14 upstream
CVE-2019-18927
	RESERVED
CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...)
	NOT-FOR-US: Systematic IRIS Standards Management (ISM)
CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be accessed a ...)
	NOT-FOR-US: Systematic IRIS WebForms
CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By  ...)
	NOT-FOR-US: Systematic IRIS WebForms
CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...)
	NOT-FOR-US: go-camo
CVE-2019-18922 (A Directory Traversal in the Web interface of the Allied Telesis AT-GS ...)
	NOT-FOR-US: Allied Telesis
CVE-2019-18921
	RESERVED
CVE-2019-18920
	RESERVED
CVE-2019-18919
	RESERVED
CVE-2019-18918
	RESERVED
CVE-2019-18917 (A potential security vulnerability has been identified for certain HP  ...)
	NOT-FOR-US: HP
CVE-2019-18916
	RESERVED
CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)
	NOT-FOR-US: HP System Event Utility
CVE-2019-18914
	RESERVED
CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...)
	NOT-FOR-US: Generic UEFI hardware/software issue
CVE-2019-18912
	RESERVED
CVE-2019-18911
	RESERVED
CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle user suppl ...)
	NOT-FOR-US: Citrix
CVE-2019-18909 (The VPN software within HP ThinPro does not safely handle user supplie ...)
	NOT-FOR-US: HP ThinPro
CVE-2019-18908
	RESERVED
CVE-2019-18907
	RESERVED
CVE-2019-18906
	RESERVED
CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...)
	NOT-FOR-US: autoyast2
CVE-2019-18904 (A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux ...)
	NOT-FOR-US: SAP
CVE-2019-18903 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...)
	NOT-FOR-US: openSUSE wicked
CVE-2019-18902 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...)
	NOT-FOR-US: openSUSE wicked
CVE-2019-18901 (A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-sy ...)
	NOT-FOR-US: SuSE-specific mysqld-systemd-helper
CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS  ...)
	{DLA-2132-1}
	- libzypp <unfixed> (bug #953362)
	[buster] - libzypp <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158763
	NOTE: https://github.com/openSUSE/libzypp/pull/196
	NOTE: https://github.com/openSUSE/libzypp/commit/ea50981352bb5c7ab48663edaeb2df1ddd66953e
	NOTE: https://github.com/openSUSE/libzypp/commit/508b1201f23b44ee90dee6dbbeb3ac5f8bd4c089
CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...)
	- apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration)
CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...)
	NOT-FOR-US: SUSE specific packaging issue in %posttrans section in src:trousers
CVE-2019-18897 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
	- salt <not-affected> (SuSE-specific Salt packaging vulnerability)
CVE-2019-18896
	RESERVED
CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...)
	NOT-FOR-US: Scanguard
CVE-2019-18894 (In Avast Premium Security 19.8.2393, attackers can send a specially cr ...)
	NOT-FOR-US: Avast Premium Security
CVE-2019-18893 (XSS in the Video Downloader component before 1.5 of Avast Secure Brows ...)
	NOT-FOR-US: Avast Secure Browser
CVE-2019-18892
	RESERVED
CVE-2019-18891
	RESERVED
CVE-2019-18890 (A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x befor ...)
	{DSA-4574-1}
	- redmine 3.4.2-1
	NOTE: https://www.redmine.org/news/125
	NOTE: https://www.redmine.org/projects/redmine/repository/revisions/16196
	NOTE: https://www.redmine.org/issues/32374
	NOTE: https://github.com/redmine/redmine/commit/04d4a1a191c46e4595ed455372e86c66cf3f6ed7#diff-72469d98e80a60152ebcfa998306b5ecL581-R584
CVE-2019-18889 (An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through ...)
	- symfony 4.3.8+dfsg-1
	[buster] - symfony 3.4.22+dfsg-2+deb10u1
	[stretch] - symfony <not-affected> (Vulnerable code not present)
	[jessie] - symfony <not-affected> (Vulnerable code not present)
	NOTE: https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
	NOTE: https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
CVE-2019-18888 (An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ...)
	{DSA-4573-1 DLA-1999-1}
	- symfony 4.3.8+dfsg-1
	NOTE: https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
	NOTE: https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365
	NOTE: https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5
CVE-2019-18887 (An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ...)
	{DSA-4573-1 DLA-1999-1}
	- symfony 4.3.8+dfsg-1
	NOTE: https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
	NOTE: https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. ...)
	{DLA-1999-1}
	- symfony 4.3.8+dfsg-1
	[buster] - symfony <not-affected> (Vulnerability introduced in 4.1.0)
	[stretch] - symfony <not-affected> (Vulnerability introduced in 4.1.0)
	NOTE: https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality
	NOTE: Introduced by: https://github.com/symfony/symfony/commit/6e6ac9eaeec9e6a6cc0ab003cac3738460542b0a (v4.1.0-BETA1)
	NOTE: Previous versions asserts "the current user is granted to switch" BEFORE
	NOTE: "loading the user" and thus are not affected.
	NOTE: Fixed by: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 (v4.2.12)
CVE-2019-18885 (fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verif ...)
	- linux 5.2.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/09ba3bc9dd150457c506e4661380a6183af651c1 (5.1-rc1)
CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...)
	NOT-FOR-US: RISE
CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or designati ...)
	NOT-FOR-US: Lavalite CMS
CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.ja ...)
	NOT-FOR-US: WSO2 IS
CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in t ...)
	NOT-FOR-US: WSO2 IS
CVE-2019-18880
	RESERVED
CVE-2019-18879
	RESERVED
CVE-2019-18878
	RESERVED
CVE-2019-18877
	RESERVED
CVE-2019-18876
	RESERVED
CVE-2019-18875
	RESERVED
CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free. This  ...)
	{DLA-1998-1}
	- python-psutil 5.6.7-1 (low; bug #944605)
	[buster] - python-psutil <no-dsa> (Minor issue)
	[stretch] - python-psutil <no-dsa> (Minor issue)
	NOTE: https://github.com/giampaolo/psutil/commit/7d512c8e4442a896d56505be3e78f1156f443465
	NOTE: https://github.com/giampaolo/psutil/pull/1616
CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
	NOT-FOR-US: FUDForum
CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control through v3.00 ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18871 (A path traversal in debug.php accessed via default.php in Blaauw Remot ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in Blaauw Remo ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allo ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated a ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through v3.00r4 al ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18866 (Unauthenticated SQL injection via the username in the login mechanism  ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18865 (Information disclosure via error message discrepancies in authenticati ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control through  ...)
	NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
	NOT-FOR-US: Mitel
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
	- mailutils 1:3.8-1 (unimportant; bug #944265)
	NOTE: /usr/sbin/maidat not installed suid root on Debian
CVE-2019-18861
	RESERVED
CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML  ...)
	- squid 4.9-1 (low)
	[buster] - squid <no-dsa> (Minor issue)
	- squid3 <removed>
	NOTE: https://github.com/squid-cache/squid/pull/504
	NOTE: https://github.com/squid-cache/squid/commit/5cc4b155cee1a4968109737f6eba2ef29d51034d (SQUID_5_0_1)
	NOTE: https://github.com/squid-cache/squid/commit/5a90b4ce64c346ba7f317a278ba601091d9de076 (SQUID_4_9)
CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...)
	NOT-FOR-US: Digi AnywhereUSB
CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...)
	NOT-FOR-US: CODESYS 3 web server
CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...)
	NOT-FOR-US: darylldoyle svg-sanitizer
CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer module t ...)
	NOT-FOR-US: SVG Sanitizer module for Drupal
CVE-2019-18855 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...)
	NOT-FOR-US: safe-svg (aka Safe SVG) plugin for WordPress
CVE-2019-18854 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...)
	NOT-FOR-US: safe-svg (aka Safe SVG) plugin for WordPress
CVE-2019-18853 (ImageMagick before 7.0.9-0 allows remote attackers to cause a denial o ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ec9c8944af2bfc65c697ca44f93a727a99b405f1
CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user account wit ...)
	NOT-FOR-US: D-Link
CVE-2019-18851
	RESERVED
CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...)
	NOT-FOR-US: TrevorC2
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
	{DLA-2005-1}
	- tnef 1.4.18-1 (bug #944851)
	[buster] - tnef <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/verdammelt/tnef/pull/40
CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during  ...)
	- ruby-json-jwt 1.11.0-1 (bug #944850)
	NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
CVE-2019-18847
	RESERVED
CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...)
	NOT-FOR-US: OX App Suite
CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1  ...)
	NOT-FOR-US: Patriot Viper RGB
CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...)
	NOT-FOR-US: ACRN
CVE-2019-18843
	RESERVED
CVE-2019-18842 (A cross-site scripting (XSS) vulnerability in the configuration web in ...)
	NOT-FOR-US: Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module
CVE-2019-18841 (Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before  ...)
	- chartkick.js <not-affected> (Vulnerability introduced with 3.1.0)
	NOTE: https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa
CVE-2019-18840 (In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of me ...)
	- wolfssl 4.2.0+dfsg-3
	NOTE: https://github.com/wolfSSL/wolfssl/issues/2555
	NOTE: https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c
CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. T ...)
	NOT-FOR-US: FUDForum
CVE-2019-18838 (An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed H ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted image, i ...)
	- crun <not-affected> (Fixed in initial upload)
CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...)
	- matrix-synapse 1.5.0-1 (bug #944355)
	NOTE: https://github.com/matrix-org/synapse/pull/6262
	NOTE: https://github.com/matrix-org/synapse/releases/tag/v1.5.0
CVE-2019-18834
	RESERVED
CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrec ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18829 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing  ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware versio ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 device ...)
	NOT-FOR-US: Barco ClickShare Huddle devices
CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing  ...)
	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...)
	- condor <unfixed> (bug #963777)
	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html
	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html
	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
	NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
	NOTE: https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14
	NOTE: https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129
	NOTE: https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d
	NOTE: https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716
	NOTE: https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b
CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allo ...)
	NOT-FOR-US: ZOOM Call Recording
CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
	NOT-FOR-US: Eximious Logo Designer
CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...)
	NOT-FOR-US: Eximious Logo Designer
CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVe ...)
	NOT-FOR-US: Eximious Logo Designer
CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...)
	NOT-FOR-US: strapi CMS
CVE-2019-18817 (Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_ ...)
	NOT-FOR-US: Istio
CVE-2019-18816 (po-admin/route.php?mod=post&amp;act=edit in PopojiCMS 2.0.1 allows pos ...)
	NOT-FOR-US: PopojiCMS
CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
	NOT-FOR-US: PopojiCMS
CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a  ...)
	- linux <unfixed>
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://lore.kernel.org/patchwork/patch/1142523/
CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...)
	- linux 5.3.15-1 (unimportant)
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Bug introduced later)
	[jessie] - linux <not-affected> (Bug introduced later)
	NOTE: https://git.kernel.org/linus/9bbfceea12a8f145097a27d7c7267af25893c060
	NOTE: No security impact since the issue is on the probe path.
CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in sound/soc/sof/de ...)
	- linux 5.4.6-1 (unimportant)
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Function only exposed through debugfs
CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in sound/s ...)
	- linux 5.3.15-1
	[buster] - linux <not-affected> (Vulnerability introduced later)
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-18810 (A memory leak in the komeda_wb_connector_add() function in drivers/gpu ...)
	- linux 5.3.9-1 (unimportant)
	[buster] - linux <not-affected> (Bug introduced later)
	[stretch] - linux <not-affected> (Bug introduced later)
	[jessie] - linux <not-affected> (Bug introduced later)
	NOTE: https://git.kernel.org/linus/a0ecd6fdbf5d648123a7315c695fb6850d702835
	NOTE: CONFIG_DRM_KOMEDA not enabled in Debian builds.
CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers/media ...)
	{DLA-2114-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Bug introduced later)
CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
	- linux <unfixed> (unimportant)
	NOTE: Not a valid issue
CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...)
	- linux 5.3.7-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/68501df92d116b760777a2cfda314789f926476f
CVE-2019-18806 (A memory leak in the ql_alloc_large_buffers() function in drivers/net/ ...)
	- linux 5.3.7-1 (unimportant)
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux 3.16.81-1
	NOTE: https://git.kernel.org/linus/1acb8f2a7a9f10543868ddd737e37424d5c36cf4
CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux ker ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
	{DLA-1985-1}
	- djvulibre 3.5.27.1-14 (bug #945114)
	[buster] - djvulibre <no-dsa> (Minor issue)
	[stretch] - djvulibre <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/djvu/bugs/309/
	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
CVE-2019-18803
	RESERVED
CVE-2019-18802 (An issue was discovered in Envoy 1.12.0. An untrusted remote client ma ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-18801 (An issue was discovered in Envoy 1.12.0. An untrusted remote client ma ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
	NOT-FOR-US: Viber
CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/3001
CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2999
CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/3000
CVE-2019-18796
	RESERVED
CVE-2019-18795
	RESERVED
CVE-2019-18794
	RESERVED
CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter :  ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...)
	{DLA-2087-1}
	[experimental] - suricata 1:5.0.1-1~exp1
	- suricata 1:5.0.2-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b (master-4.1.x)
	NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1)
	NOTE: https://redmine.openinfosecfoundation.org/issues/3324
	NOTE: https://redmine.openinfosecfoundation.org/issues/3394
CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devices ha ...)
	NOT-FOR-US: Lexmark
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
	{DLA-2017-1}
	- asterisk 1:16.10.0~dfsg-1 (bug #947381)
	[buster] - asterisk <no-dsa> (Minor issue)
	[stretch] - asterisk <no-dsa> (Minor issue)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
CVE-2019-18789
	RESERVED
CVE-2019-18788
	RESERVED
CVE-2019-18787
	RESERVED
CVE-2019-18785 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-18783
	RESERVED
CVE-2019-18782 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not c ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho ManageEngine ADS ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-18786 (In the Linux kernel through 5.3.8, f-&gt;fmt.sdr.reserved is uninitial ...)
	- linux 5.4.8-1
	[buster] - linux 4.19.98-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.linuxtv.org/patch/59542/
CVE-2019-18780 (An arbitrary command injection vulnerability in the Cluster Server com ...)
	NOT-FOR-US: Veritas InfoScale
CVE-2020-1689
	RESERVED
CVE-2020-1688
	RESERVED
CVE-2020-1687
	RESERVED
CVE-2020-1686
	RESERVED
CVE-2020-1685
	RESERVED
CVE-2020-1684
	RESERVED
CVE-2020-1683
	RESERVED
CVE-2020-1682
	RESERVED
CVE-2020-1681
	RESERVED
CVE-2020-1680
	RESERVED
CVE-2020-1679
	RESERVED
CVE-2020-1678
	RESERVED
CVE-2020-1677
	RESERVED
CVE-2020-1676
	RESERVED
CVE-2020-1675
	RESERVED
CVE-2020-1674
	RESERVED
CVE-2020-1673
	RESERVED
CVE-2020-1672
	RESERVED
CVE-2020-1671
	RESERVED
CVE-2020-1670
	RESERVED
CVE-2020-1669
	RESERVED
CVE-2020-1668
	RESERVED
CVE-2020-1667
	RESERVED
CVE-2020-1666
	RESERVED
CVE-2020-1665
	RESERVED
CVE-2020-1664
	RESERVED
CVE-2020-1663
	RESERVED
CVE-2020-1662
	RESERVED
CVE-2020-1661
	RESERVED
CVE-2020-1660
	RESERVED
CVE-2020-1659
	RESERVED
CVE-2020-1658
	RESERVED
CVE-2020-1657
	RESERVED
CVE-2020-1656
	RESERVED
CVE-2020-1655
	RESERVED
CVE-2020-1654
	RESERVED
CVE-2020-1653
	RESERVED
CVE-2020-1652
	RESERVED
CVE-2020-1651
	RESERVED
CVE-2020-1650
	RESERVED
CVE-2020-1649
	RESERVED
CVE-2020-1648
	RESERVED
CVE-2020-1647
	RESERVED
CVE-2020-1646
	RESERVED
CVE-2020-1645
	RESERVED
CVE-2020-1644
	RESERVED
CVE-2020-1643
	RESERVED
CVE-2020-1642
	RESERVED
CVE-2020-1641
	RESERVED
CVE-2020-1640
	RESERVED
CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...)
	NOT-FOR-US: Juniper
CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...)
	NOT-FOR-US: Juniper
CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a  ...)
	NOT-FOR-US: Juniper
CVE-2020-1636
	RESERVED
CVE-2020-1635
	RESERVED
CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...)
	NOT-FOR-US: Juniper
CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...)
	NOT-FOR-US: Juniper
CVE-2020-1632 (In a certain condition, receipt of a specific BGP UPDATE message might ...)
	NOT-FOR-US: Juniper
CVE-2020-1631 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...)
	NOT-FOR-US: Juniper
CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...)
	NOT-FOR-US: Juniper
CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...)
	NOT-FOR-US: Juniper
CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...)
	NOT-FOR-US: Juniper
CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices  ...)
	NOT-FOR-US: Juniper
CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...)
	NOT-FOR-US: Juniper
CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...)
	NOT-FOR-US: Juniper
CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...)
	NOT-FOR-US: Juniper
CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...)
	NOT-FOR-US: Juniper
CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...)
	NOT-FOR-US: Juniper
CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...)
	NOT-FOR-US: Juniper
CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...)
	NOT-FOR-US: Juniper
CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...)
	NOT-FOR-US: Juniper
CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...)
	NOT-FOR-US: Juniper
CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...)
	NOT-FOR-US: Juniper
CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...)
	NOT-FOR-US: Juniper
CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes  ...)
	NOT-FOR-US: Juniper
CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...)
	NOT-FOR-US: Juniper
CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...)
	NOT-FOR-US: Juniper
CVE-2020-1612
	RESERVED
CVE-2020-1611 (A Local File Inclusion vulnerability in Juniper Networks Junos Space a ...)
	NOT-FOR-US: Juniper
CVE-2020-1610
	RESERVED
CVE-2020-1609 (When a device using Juniper Network's Dynamic Host Configuration Proto ...)
	NOT-FOR-US: Juniper
CVE-2020-1608 (Receipt of a specific MPLS or IPv6 packet on the core facing interface ...)
	NOT-FOR-US: Juniper
CVE-2020-1607 (Insufficient Cross-Site Scripting (XSS) protection in J-Web may potent ...)
	NOT-FOR-US: Juniper
CVE-2020-1606 (A path traversal vulnerability in the Juniper Networks Junos OS device ...)
	NOT-FOR-US: Juniper
CVE-2020-1605 (When a device using Juniper Network's Dynamic Host Configuration Proto ...)
	NOT-FOR-US: Juniper
CVE-2020-1604 (On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the ...)
	NOT-FOR-US: Juniper
CVE-2020-1603 (Specific IPv6 packets sent by clients processed by the Routing Engine  ...)
	NOT-FOR-US: Juniper
CVE-2020-1602 (When a device using Juniper Network's Dynamic Host Configuration Proto ...)
	NOT-FOR-US: Juniper
CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCEP) pa ...)
	NOT-FOR-US: Juniper
CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...)
	NOT-FOR-US: Juniper
CVE-2020-1599
	RESERVED
CVE-2020-1598
	RESERVED
CVE-2020-1597
	RESERVED
CVE-2020-1596
	RESERVED
CVE-2020-1595
	RESERVED
CVE-2020-1594
	RESERVED
CVE-2020-1593
	RESERVED
CVE-2020-1592
	RESERVED
CVE-2020-1591
	RESERVED
CVE-2020-1590
	RESERVED
CVE-2020-1589
	RESERVED
CVE-2020-1588
	RESERVED
CVE-2020-1587
	RESERVED
CVE-2020-1586
	RESERVED
CVE-2020-1585
	RESERVED
CVE-2020-1584
	RESERVED
CVE-2020-1583
	RESERVED
CVE-2020-1582
	RESERVED
CVE-2020-1581
	RESERVED
CVE-2020-1580
	RESERVED
CVE-2020-1579
	RESERVED
CVE-2020-1578
	RESERVED
CVE-2020-1577
	RESERVED
CVE-2020-1576
	RESERVED
CVE-2020-1575
	RESERVED
CVE-2020-1574
	RESERVED
CVE-2020-1573
	RESERVED
CVE-2020-1572
	RESERVED
CVE-2020-1571
	RESERVED
CVE-2020-1570
	RESERVED
CVE-2020-1569
	RESERVED
CVE-2020-1568
	RESERVED
CVE-2020-1567
	RESERVED
CVE-2020-1566
	RESERVED
CVE-2020-1565
	RESERVED
CVE-2020-1564
	RESERVED
CVE-2020-1563
	RESERVED
CVE-2020-1562
	RESERVED
CVE-2020-1561
	RESERVED
CVE-2020-1560
	RESERVED
CVE-2020-1559
	RESERVED
CVE-2020-1558
	RESERVED
CVE-2020-1557
	RESERVED
CVE-2020-1556
	RESERVED
CVE-2020-1555
	RESERVED
CVE-2020-1554
	RESERVED
CVE-2020-1553
	RESERVED
CVE-2020-1552
	RESERVED
CVE-2020-1551
	RESERVED
CVE-2020-1550
	RESERVED
CVE-2020-1549
	RESERVED
CVE-2020-1548
	RESERVED
CVE-2020-1547
	RESERVED
CVE-2020-1546
	RESERVED
CVE-2020-1545
	RESERVED
CVE-2020-1544
	RESERVED
CVE-2020-1543
	RESERVED
CVE-2020-1542
	RESERVED
CVE-2020-1541
	RESERVED
CVE-2020-1540
	RESERVED
CVE-2020-1539
	RESERVED
CVE-2020-1538
	RESERVED
CVE-2020-1537
	RESERVED
CVE-2020-1536
	RESERVED
CVE-2020-1535
	RESERVED
CVE-2020-1534
	RESERVED
CVE-2020-1533
	RESERVED
CVE-2020-1532
	RESERVED
CVE-2020-1531
	RESERVED
CVE-2020-1530
	RESERVED
CVE-2020-1529
	RESERVED
CVE-2020-1528
	RESERVED
CVE-2020-1527
	RESERVED
CVE-2020-1526
	RESERVED
CVE-2020-1525
	RESERVED
CVE-2020-1524
	RESERVED
CVE-2020-1523
	RESERVED
CVE-2020-1522
	RESERVED
CVE-2020-1521
	RESERVED
CVE-2020-1520
	RESERVED
CVE-2020-1519
	RESERVED
CVE-2020-1518
	RESERVED
CVE-2020-1517
	RESERVED
CVE-2020-1516
	RESERVED
CVE-2020-1515
	RESERVED
CVE-2020-1514
	RESERVED
CVE-2020-1513
	RESERVED
CVE-2020-1512
	RESERVED
CVE-2020-1511
	RESERVED
CVE-2020-1510
	RESERVED
CVE-2020-1509
	RESERVED
CVE-2020-1508
	RESERVED
CVE-2020-1507
	RESERVED
CVE-2020-1506
	RESERVED
CVE-2020-1505
	RESERVED
CVE-2020-1504
	RESERVED
CVE-2020-1503
	RESERVED
CVE-2020-1502
	RESERVED
CVE-2020-1501
	RESERVED
CVE-2020-1500
	RESERVED
CVE-2020-1499
	RESERVED
CVE-2020-1498
	RESERVED
CVE-2020-1497
	RESERVED
CVE-2020-1496
	RESERVED
CVE-2020-1495
	RESERVED
CVE-2020-1494
	RESERVED
CVE-2020-1493
	RESERVED
CVE-2020-1492
	RESERVED
CVE-2020-1491
	RESERVED
CVE-2020-1490
	RESERVED
CVE-2020-1489
	RESERVED
CVE-2020-1488
	RESERVED
CVE-2020-1487
	RESERVED
CVE-2020-1486
	RESERVED
CVE-2020-1485
	RESERVED
CVE-2020-1484
	RESERVED
CVE-2020-1483
	RESERVED
CVE-2020-1482
	RESERVED
CVE-2020-1481
	RESERVED
CVE-2020-1480
	RESERVED
CVE-2020-1479
	RESERVED
CVE-2020-1478
	RESERVED
CVE-2020-1477
	RESERVED
CVE-2020-1476
	RESERVED
CVE-2020-1475
	RESERVED
CVE-2020-1474
	RESERVED
CVE-2020-1473
	RESERVED
CVE-2020-1472
	RESERVED
CVE-2020-1471
	RESERVED
CVE-2020-1470
	RESERVED
CVE-2020-1469
	RESERVED
CVE-2020-1468
	RESERVED
CVE-2020-1467
	RESERVED
CVE-2020-1466
	RESERVED
CVE-2020-1465
	RESERVED
CVE-2020-1464
	RESERVED
CVE-2020-1463
	RESERVED
CVE-2020-1462
	RESERVED
CVE-2020-1461
	RESERVED
CVE-2020-1460
	RESERVED
CVE-2020-1459
	RESERVED
CVE-2020-1458
	RESERVED
CVE-2020-1457
	RESERVED
CVE-2020-1456
	RESERVED
CVE-2020-1455
	RESERVED
CVE-2020-1454
	RESERVED
CVE-2020-1453
	RESERVED
CVE-2020-1452
	RESERVED
CVE-2020-1451
	RESERVED
CVE-2020-1450
	RESERVED
CVE-2020-1449
	RESERVED
CVE-2020-1448
	RESERVED
CVE-2020-1447
	RESERVED
CVE-2020-1446
	RESERVED
CVE-2020-1445
	RESERVED
CVE-2020-1444
	RESERVED
CVE-2020-1443
	RESERVED
CVE-2020-1442
	RESERVED
CVE-2020-1441
	RESERVED
CVE-2020-1440
	RESERVED
CVE-2020-1439
	RESERVED
CVE-2020-1438
	RESERVED
CVE-2020-1437
	RESERVED
CVE-2020-1436
	RESERVED
CVE-2020-1435
	RESERVED
CVE-2020-1434
	RESERVED
CVE-2020-1433
	RESERVED
CVE-2020-1432
	RESERVED
CVE-2020-1431
	RESERVED
CVE-2020-1430
	RESERVED
CVE-2020-1429
	RESERVED
CVE-2020-1428
	RESERVED
CVE-2020-1427
	RESERVED
CVE-2020-1426
	RESERVED
CVE-2020-1425
	RESERVED
CVE-2020-1424
	RESERVED
CVE-2020-1423
	RESERVED
CVE-2020-1422
	RESERVED
CVE-2020-1421
	RESERVED
CVE-2020-1420
	RESERVED
CVE-2020-1419
	RESERVED
CVE-2020-1418
	RESERVED
CVE-2020-1417
	RESERVED
CVE-2020-1416
	RESERVED
CVE-2020-1415
	RESERVED
CVE-2020-1414
	RESERVED
CVE-2020-1413
	RESERVED
CVE-2020-1412
	RESERVED
CVE-2020-1411
	RESERVED
CVE-2020-1410
	RESERVED
CVE-2020-1409
	RESERVED
CVE-2020-1408
	RESERVED
CVE-2020-1407
	RESERVED
CVE-2020-1406
	RESERVED
CVE-2020-1405
	RESERVED
CVE-2020-1404
	RESERVED
CVE-2020-1403
	RESERVED
CVE-2020-1402
	RESERVED
CVE-2020-1401
	RESERVED
CVE-2020-1400
	RESERVED
CVE-2020-1399
	RESERVED
CVE-2020-1398
	RESERVED
CVE-2020-1397
	RESERVED
CVE-2020-1396
	RESERVED
CVE-2020-1395
	RESERVED
CVE-2020-1394
	RESERVED
CVE-2020-1393
	RESERVED
CVE-2020-1392
	RESERVED
CVE-2020-1391
	RESERVED
CVE-2020-1390
	RESERVED
CVE-2020-1389
	RESERVED
CVE-2020-1388
	RESERVED
CVE-2020-1387
	RESERVED
CVE-2020-1386
	RESERVED
CVE-2020-1385
	RESERVED
CVE-2020-1384
	RESERVED
CVE-2020-1383
	RESERVED
CVE-2020-1382
	RESERVED
CVE-2020-1381
	RESERVED
CVE-2020-1380
	RESERVED
CVE-2020-1379
	RESERVED
CVE-2020-1378
	RESERVED
CVE-2020-1377
	RESERVED
CVE-2020-1376
	RESERVED
CVE-2020-1375
	RESERVED
CVE-2020-1374
	RESERVED
CVE-2020-1373
	RESERVED
CVE-2020-1372
	RESERVED
CVE-2020-1371
	RESERVED
CVE-2020-1370
	RESERVED
CVE-2020-1369
	RESERVED
CVE-2020-1368
	RESERVED
CVE-2020-1367
	RESERVED
CVE-2020-1366
	RESERVED
CVE-2020-1365
	RESERVED
CVE-2020-1364
	RESERVED
CVE-2020-1363
	RESERVED
CVE-2020-1362
	RESERVED
CVE-2020-1361
	RESERVED
CVE-2020-1360
	RESERVED
CVE-2020-1359
	RESERVED
CVE-2020-1358
	RESERVED
CVE-2020-1357
	RESERVED
CVE-2020-1356
	RESERVED
CVE-2020-1355
	RESERVED
CVE-2020-1354
	RESERVED
CVE-2020-1353
	RESERVED
CVE-2020-1352
	RESERVED
CVE-2020-1351
	RESERVED
CVE-2020-1350
	RESERVED
CVE-2020-1349
	RESERVED
CVE-2020-1348 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-1347
	RESERVED
CVE-2020-1346
	RESERVED
CVE-2020-1345
	RESERVED
CVE-2020-1344
	RESERVED
CVE-2020-1343 (An information disclosure vulnerability exists in Visual Studio Code L ...)
	NOT-FOR-US: Microsoft
CVE-2020-1342
	RESERVED
CVE-2020-1341
	RESERVED
CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not properl ...)
	NOT-FOR-US: Microsoft
CVE-2020-1339
	RESERVED
CVE-2020-1338
	RESERVED
CVE-2020-1337
	RESERVED
CVE-2020-1336
	RESERVED
CVE-2020-1335
	RESERVED
CVE-2020-1334 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1333
	RESERVED
CVE-2020-1332
	RESERVED
CVE-2020-1331 (A spoofing vulnerability exists when System Center Operations Manager  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1330
	RESERVED
CVE-2020-1329 (A spoofing vulnerability exists when Microsoft Bing Search for Android ...)
	NOT-FOR-US: Microsoft
CVE-2020-1328
	RESERVED
CVE-2020-1327 (A spoofing vulnerability exists in Microsoft Azure DevOps Server when  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1326
	RESERVED
CVE-2020-1325
	RESERVED
CVE-2020-1324 (An elevation of privilege (user to user) vulnerability exists in Windo ...)
	NOT-FOR-US: Microsoft
CVE-2020-1323 (An open redirect vulnerability exists in Microsoft SharePoint that cou ...)
	NOT-FOR-US: Microsoft
CVE-2020-1322 (An information disclosure vulnerability exists when Microsoft Project  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1321 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2020-1320 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1319
	RESERVED
CVE-2020-1318 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1317 (An elevation of privilege vulnerability exists when Group Policy impro ...)
	NOT-FOR-US: Microsoft
CVE-2020-1316 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1315 (An information disclosure vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1314 (An elevation of privilege vulnerability exists in Windows Text Service ...)
	NOT-FOR-US: Microsoft
CVE-2020-1313 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-1312 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-1311 (An elevation of privilege vulnerability exists when Component Object M ...)
	NOT-FOR-US: Microsoft
CVE-2020-1310 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1309 (An elevation of privilege vulnerability exists when the Microsoft Stor ...)
	NOT-FOR-US: Microsoft
CVE-2020-1308
	RESERVED
CVE-2020-1307 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1306 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1305 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1304 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1303
	RESERVED
CVE-2020-1302 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-1301 (A remote code execution vulnerability exists in the way that the Micro ...)
	NOT-FOR-US: Microsoft
CVE-2020-1300 (A remote code execution vulnerability exists when Microsoft Windows fa ...)
	NOT-FOR-US: Microsoft
CVE-2020-1299 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2020-1298 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1297 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1296 (A vulnerability exists in the way the Windows Diagnostics &amp;amp; fe ...)
	NOT-FOR-US: Microsoft
CVE-2020-1295 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2020-1294 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1293 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-1292 (An elevation of privilege vulnerability exists in OpenSSH for Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1291 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1290 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-1289 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1288
	RESERVED
CVE-2020-1287 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1286 (A remote code execution vulnerability exists when the Windows Shell do ...)
	NOT-FOR-US: Microsoft
CVE-2020-1285
	RESERVED
CVE-2020-1284 (A denial of service vulnerability exists in the way that the Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2020-1283 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2020-1282 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1281 (A remote code execution vulnerability exists when Microsoft Windows OL ...)
	NOT-FOR-US: Microsoft
CVE-2020-1280 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1279 (An elevation of privilege vulnerability exists when Windows Lockscreen ...)
	NOT-FOR-US: Microsoft
CVE-2020-1278 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-1277 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-1276 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1275 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1274 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1273 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1272 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2020-1271 (An elevation of privilege vulnerability exists when the Windows Backup ...)
	NOT-FOR-US: Microsoft
CVE-2020-1270 (An elevation of privilege vulnerability exists in the way that the wla ...)
	NOT-FOR-US: Microsoft
CVE-2020-1269 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1268 (An information disclosure vulnerability exists when a Windows service  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1267
	RESERVED
CVE-2020-1266 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1265 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1264 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1263 (An information disclosure vulnerability exists in the way Windows Erro ...)
	NOT-FOR-US: Microsoft
CVE-2020-1262 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1261 (An information disclosure vulnerability exists in the way Windows Erro ...)
	NOT-FOR-US: Microsoft
CVE-2020-1260 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1259 (A security feature bypass vulnerability exists when Windows Host Guard ...)
	NOT-FOR-US: Microsoft
CVE-2020-1258 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1257 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-1256
	RESERVED
CVE-2020-1255 (An elevation of privilege vulnerability exists when the Windows Backgr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1254 (An elevation of privilege vulnerability exists when Windows Modules In ...)
	NOT-FOR-US: Microsoft
CVE-2020-1253 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1252
	RESERVED
CVE-2020-1251 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1250
	RESERVED
CVE-2020-1249
	RESERVED
CVE-2020-1248 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2020-1247 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1246 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1245
	RESERVED
CVE-2020-1244 (A denial of service vulnerability exists when Connected User Experienc ...)
	NOT-FOR-US: Microsoft
CVE-2020-1243
	RESERVED
CVE-2020-1242 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2020-1241 (A security feature bypass vulnerability exists when Windows Kernel fai ...)
	NOT-FOR-US: Microsoft
CVE-2020-1240
	RESERVED
CVE-2020-1239 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1238 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1237 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1236 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1235 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1234 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2020-1233 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1232 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-1231 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1230 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1229 (A security feature bypass vulnerability exists in Microsoft Outlook wh ...)
	NOT-FOR-US: Microsoft
CVE-2020-1228
	RESERVED
CVE-2020-1227
	RESERVED
CVE-2020-1226 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-1225 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-1224
	RESERVED
CVE-2020-1223 (A remote code execution vulnerability exists when Microsoft Word for A ...)
	NOT-FOR-US: Microsoft
CVE-2020-1222 (An elevation of privilege vulnerability exists when the Microsoft Stor ...)
	NOT-FOR-US: Microsoft
CVE-2020-1221
	RESERVED
CVE-2020-1220 (A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based ...)
	NOT-FOR-US: Microsoft
CVE-2020-1219 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2020-1218
	RESERVED
CVE-2020-1217 (An information disclosure vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1216 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1215 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1214 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1213 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1212 (An elevation of privilege vulnerability exists when an OLE Automation  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1211 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-1210
	RESERVED
CVE-2020-1209 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1208 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1207 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1206 (An information disclosure vulnerability exists in the way that the Mic ...)
	NOT-FOR-US: Microsoft
CVE-2020-1205
	RESERVED
CVE-2020-1204 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...)
	NOT-FOR-US: Microsoft
CVE-2020-1203 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-1202 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-1201 (An elevation of privilege vulnerability exists in the way the Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1200
	RESERVED
CVE-2020-1199 (An elevation of privilege vulnerability exists when the Windows Feedba ...)
	NOT-FOR-US: Microsoft
CVE-2020-1198
	RESERVED
CVE-2020-1197 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2020-1196 (An elevation of privilege vulnerability exists in the way that the pri ...)
	NOT-FOR-US: Microsoft
CVE-2020-1195 (An elevation of privilege vulnerability exists in Microsoft Edge (Chro ...)
	NOT-FOR-US: Microsoft
CVE-2020-1194 (A denial of service vulnerability exists when Windows Registry imprope ...)
	NOT-FOR-US: Microsoft
CVE-2020-1193
	RESERVED
CVE-2020-1192 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
	NOT-FOR-US: Microsoft
CVE-2020-1191 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1190 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1189 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1188 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1187 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1186 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1185 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1182
	RESERVED
CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
	NOT-FOR-US: Microsoft
CVE-2020-1180
	RESERVED
CVE-2020-1179 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-1178 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2020-1177 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1176 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1175 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1174 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1173 (A spoofing vulnerability exists in Microsoft Power BI Report Server in ...)
	NOT-FOR-US: Microsoft
CVE-2020-1172
	RESERVED
CVE-2020-1171 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
	NOT-FOR-US: Microsoft
CVE-2020-1170 (An elevation of privilege vulnerability exists in Windows Defender tha ...)
	NOT-FOR-US: Microsoft
CVE-2020-1169
	RESERVED
CVE-2020-1168
	RESERVED
CVE-2020-1167
	RESERVED
CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1164 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1163 (An elevation of privilege vulnerability exists in Windows Defender tha ...)
	NOT-FOR-US: Microsoft
CVE-2020-1162 (An elevation of privilege (user to user) vulnerability exists in Windo ...)
	NOT-FOR-US: Microsoft
CVE-2020-1161 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2020-1160 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2020-1159
	RESERVED
CVE-2020-1158 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1157 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1156 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1155 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1154 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2020-1153 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2020-1152
	RESERVED
CVE-2020-1151 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1150 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1149 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1148 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1147
	RESERVED
CVE-2020-1146
	RESERVED
CVE-2020-1145 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1144 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1143 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1142 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1141 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1140 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1139 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1138 (An elevation of privilege vulnerability exists when the Storage Servic ...)
	NOT-FOR-US: Microsoft
CVE-2020-1137 (An elevation of privilege vulnerability exists in the way the Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1136 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1135 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-1134 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1133
	RESERVED
CVE-2020-1132 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2020-1131 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1130
	RESERVED
CVE-2020-1129
	RESERVED
CVE-2020-1128
	RESERVED
CVE-2020-1127
	RESERVED
CVE-2020-1126 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1125 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1124 (An elevation of privilege vulnerability exists when the Windows State  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1123 (A denial of service vulnerability exists when Connected User Experienc ...)
	NOT-FOR-US: Microsoft
CVE-2020-1122
	RESERVED
CVE-2020-1121 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1120 (A denial of service vulnerability exists when Connected User Experienc ...)
	NOT-FOR-US: Microsoft
CVE-2020-1119
	RESERVED
CVE-2020-1118 (A denial of service vulnerability exists in the Windows implementation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1117 (A remote code execution vulnerability exists in the way that the Color ...)
	NOT-FOR-US: Microsoft
CVE-2020-1116 (An information disclosure vulnerability exists when the Windows Client ...)
	NOT-FOR-US: Microsoft
CVE-2020-1115
	RESERVED
CVE-2020-1114 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1113 (A security feature bypass vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2020-1112 (An elevation of privilege vulnerability exists when the Windows Backgr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1111 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1110 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-1109 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-1108 (A denial of service vulnerability exists when .NET Core or .NET Framew ...)
	NOT-FOR-US: Microsoft .NET
CVE-2020-1107 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1106 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1105 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1104 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1103 (An information disclosure vulnerability exists where certain modes of  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1102 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-1101 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1100 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1099 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-1098
	RESERVED
CVE-2020-1097
	RESERVED
CVE-2020-1096 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...)
	NOT-FOR-US: Microsoft
CVE-2020-1095
	RESERVED
CVE-2020-1094 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-1093 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1092 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2020-1091
	RESERVED
CVE-2020-1090 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1089
	RESERVED
CVE-2020-1088 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2020-1087 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1086 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1085
	RESERVED
CVE-2020-1084 (A Denial Of Service vulnerability exists when Connected User Experienc ...)
	NOT-FOR-US: Microsoft
CVE-2020-1083
	RESERVED
CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...)
	NOT-FOR-US: Microsoft
CVE-2020-1080
	RESERVED
CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-1077 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2020-1076 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2020-1075 (An information disclosure vulnerability exists when Windows Subsystem  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1074
	RESERVED
CVE-2020-1073 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1072 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1071 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-1070 (An elevation of privilege vulnerability exists when the Windows Print  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1069 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
	NOT-FOR-US: Microsoft
CVE-2020-1068 (An elevation of privilege vulnerability exists in Windows Media Servic ...)
	NOT-FOR-US: Microsoft
CVE-2020-1067 (A remote code execution vulnerability exists in the way that Windows h ...)
	NOT-FOR-US: Microsoft
CVE-2020-1066 (An elevation of privilege vulnerability exists in .NET Framework which ...)
	NOT-FOR-US: Microsoft
CVE-2020-1065 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1064 (A remote code execution vulnerability exists in the way that the MSHTM ...)
	NOT-FOR-US: Microsoft
CVE-2020-1063 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2020-1062 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2020-1061 (A remote code execution vulnerability exists in the way that the Micro ...)
	NOT-FOR-US: Microsoft
CVE-2020-1060 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1059 (A spoofing vulnerability exists when Microsoft Edge does not properly  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1058 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1057
	RESERVED
CVE-2020-1056 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
	NOT-FOR-US: Microsoft
CVE-2020-1055 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...)
	NOT-FOR-US: Microsoft
CVE-2020-1054 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1053
	RESERVED
CVE-2020-1052
	RESERVED
CVE-2020-1051 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1050 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1047
	RESERVED
CVE-2020-1046
	RESERVED
CVE-2020-1045
	RESERVED
CVE-2020-1044
	RESERVED
CVE-2020-1043
	RESERVED
CVE-2020-1042
	RESERVED
CVE-2020-1041
	RESERVED
CVE-2020-1040
	RESERVED
CVE-2020-1039
	RESERVED
CVE-2020-1038
	RESERVED
CVE-2020-1037 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1036
	RESERVED
CVE-2020-1035 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-1034
	RESERVED
CVE-2020-1033
	RESERVED
CVE-2020-1032
	RESERVED
CVE-2020-1031
	RESERVED
CVE-2020-1030
	RESERVED
CVE-2020-1029 (An elevation of privilege vulnerability exists when Connected User Exp ...)
	NOT-FOR-US: Microsoft
CVE-2020-1028 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-1027 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR JavaScript C ...)
	NOT-FOR-US: Microsoft
CVE-2020-1025
	RESERVED
CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-1023 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-1022 (A remote code execution vulnerability exists in Microsoft Dynamics Bus ...)
	NOT-FOR-US: Microsoft
CVE-2020-1021 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2020-1020 (A remote code execution vulnerability exists in Microsoft Windows when ...)
	NOT-FOR-US: Microsoft
CVE-2020-1019 (An elevation of privilege vulnerability exists in RMS Sharing App for  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1018 (An information disclosure vulnerability exists when Microsoft Dynamics ...)
	NOT-FOR-US: Microsoft
CVE-2020-1017 (An elevation of privilege vulnerability exists in the way the Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1016 (An information disclosure vulnerability exists when the Windows Push N ...)
	NOT-FOR-US: Microsoft
CVE-2020-1015 (An elevation of privilege vulnerability exists in the way that the Use ...)
	NOT-FOR-US: Microsoft
CVE-2020-1014 (An elevation of privilege vulnerability exists in the Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2020-1013
	RESERVED
CVE-2020-1012
	RESERVED
CVE-2020-1011 (An elevation of privilege vulnerability exists when the Windows System ...)
	NOT-FOR-US: Microsoft
CVE-2020-1010 (An elevation of privilege vulnerability exists in Windows Block Level  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1009 (An elevation of privilege vulnerability exists in the way that the Mic ...)
	NOT-FOR-US: Microsoft
CVE-2020-1008 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-1007 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1006 (An elevation of privilege vulnerability exists in the way the Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1005 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2020-1004 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-1003 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-1002 (An elevation of privilege vulnerability exists when the MpSigStub.exe  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1001 (An elevation of privilege vulnerability exists in the way the Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-1000 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0999 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0998
	RESERVED
CVE-2020-0997
	RESERVED
CVE-2020-0996 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-0995 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0994 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0993 (A denial of service vulnerability exists in Windows DNS when it fails  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0992 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0991 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2020-0990
	RESERVED
CVE-2020-0989
	RESERVED
CVE-2020-0988 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0987 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2020-0986 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0985 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-0984 (An elevation of privilege vulnerability exists when the Microsoft Auto ...)
	NOT-FOR-US: Microsoft
CVE-2020-0983 (An elevation of privilege vulnerability exists when the Windows Delive ...)
	NOT-FOR-US: Microsoft
CVE-2020-0982 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2020-0981 (A security feature bypass vulnerability exists when Windows fails to p ...)
	NOT-FOR-US: Microsoft
CVE-2020-0980 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2020-0979 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0978 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0977 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0976 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0975 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0974 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-0973 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0972 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0971 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-0970 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0969 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0968 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2020-0967 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0966 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0965 (A remoted code execution vulnerability exists in the way that Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2020-0964 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0963 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0962 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-0961 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2020-0960 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0959 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0958 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0957 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0956 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0955 (An information disclosure vulnerability exists when certain central pr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0954 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0953 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0952 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0951
	RESERVED
CVE-2020-0950 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0949 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0948 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0947 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-0946 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-0945 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-0944 (An elevation of privilege vulnerability exists when Connected User Exp ...)
	NOT-FOR-US: Microsoft
CVE-2020-0943 (An authentication bypass vulnerability exists in Microsoft YourPhoneCo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0942 (An elevation of privilege vulnerability exists when Connected User Exp ...)
	NOT-FOR-US: Microsoft
CVE-2020-0941
	RESERVED
CVE-2020-0940 (An elevation of privilege vulnerability exists in the way the Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0939 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-0938 (A remote code execution vulnerability exists in Microsoft Windows when ...)
	NOT-FOR-US: Microsoft
CVE-2020-0937 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-0936 (An elevation of privilege vulnerability exists when a Windows schedule ...)
	NOT-FOR-US: Microsoft
CVE-2020-0935 (An elevation of privilege vulnerability exists when the OneDrive for W ...)
	NOT-FOR-US: Microsoft
CVE-2020-0934 (An elevation of privilege vulnerability exists when the Windows WpcDes ...)
	NOT-FOR-US: Microsoft
CVE-2020-0933 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0932 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-0931 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-0930 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0929 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-0928
	RESERVED
CVE-2020-0927 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0926 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0925 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0924 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0923 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0922
	RESERVED
CVE-2020-0921
	RESERVED
CVE-2020-0920 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2020-0919 (An elevation of privilege vulnerability exists in Remote Desktop App f ...)
	NOT-FOR-US: Microsoft
CVE-2020-0918 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2020-0917 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2020-0916 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0915 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0914
	RESERVED
CVE-2020-0913 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0912
	RESERVED
CVE-2020-0911
	RESERVED
CVE-2020-0910 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2020-0909 (A denial of service vulnerability exists when Hyper-V on a Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2020-0908
	RESERVED
CVE-2020-0907 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2020-0906 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0905 (An remote code execution vulnerability exists in Microsoft Dynamics Bu ...)
	NOT-FOR-US: Microsoft
CVE-2020-0904
	RESERVED
CVE-2020-0903 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...)
	NOT-FOR-US: Microsoft
CVE-2020-0902 (An elevation of privilege vulnerability exists in Service Fabric File  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0901 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0900 (An elevation of privilege vulnerability exists when the Visual Studio  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0899 (An elevation of privilege vulnerability exists when Microsoft Visual S ...)
	NOT-FOR-US: Microsoft
CVE-2020-0898 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0897 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0896 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0895 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0894 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0893 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0892 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2020-0891 (This vulnerability is caused when SharePoint Server does not properly  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0890
	RESERVED
CVE-2020-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2020-0888 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0887 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0886
	RESERVED
CVE-2020-0885 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0884 (A spoofing vulnerability exists in Microsoft Visual Studio as it inclu ...)
	NOT-FOR-US: Microsoft
CVE-2020-0883 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0882 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0881 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0880 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0879 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0878
	RESERVED
CVE-2020-0877 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0876 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-0875
	RESERVED
CVE-2020-0874 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0873
	RESERVED
CVE-2020-0872 (A remote code execution vulnerability exists in Application Inspector  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0871 (An information disclosure vulnerability exists when Windows Network Co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0870
	RESERVED
CVE-2020-0869 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0868 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-0867 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2020-0866 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0865 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0864 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0863 (An information vulnerability exists when Windows Connected User Experi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0862
	RESERVED
CVE-2020-0861 (An information disclosure vulnerability exists when the Windows Networ ...)
	NOT-FOR-US: Microsoft
CVE-2020-0860 (An elevation of privilege vulnerability exists when the Windows Active ...)
	NOT-FOR-US: Microsoft
CVE-2020-0859 (An information vulnerability exists when Windows Modules Installer Ser ...)
	NOT-FOR-US: Microsoft
CVE-2020-0858 (An elevation of privilege vulnerability exists when the &amp;quot;Publ ...)
	NOT-FOR-US: Microsoft
CVE-2020-0857 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0856
	RESERVED
CVE-2020-0855 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2020-0854 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...)
	NOT-FOR-US: Microsoft
CVE-2020-0853 (An information disclosure vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0852 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2020-0851 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2020-0850 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2020-0849 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0848 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0847 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0846
	RESERVED
CVE-2020-0845 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0844 (An elevation of privilege vulnerability exists when Connected User Exp ...)
	NOT-FOR-US: Microsoft
CVE-2020-0843 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-0842 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-0841 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0840 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0839
	RESERVED
CVE-2020-0838
	RESERVED
CVE-2020-0837
	RESERVED
CVE-2020-0836
	RESERVED
CVE-2020-0835 (An elevation of privilege vulnerability exists when Windows Defender a ...)
	NOT-FOR-US: Microsoft
CVE-2020-0834 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0833 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2020-0832 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2020-0831 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0830 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0829 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0828 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0827 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0826 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0825 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0824 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2020-0823 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0822 (An elevation of privilege vulnerability exists when the Windows Langua ...)
	NOT-FOR-US: Microsoft
CVE-2020-0821 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0820 (An information disclosure vulnerability exists when Media Foundation i ...)
	NOT-FOR-US: Microsoft
CVE-2020-0819 (An elevation of privilege vulnerability exists when the Windows Device ...)
	NOT-FOR-US: Microsoft
CVE-2020-0818
	RESERVED
CVE-2020-0817
	RESERVED
CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...)
	NOT-FOR-US: Microsoft
CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0812 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0811 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0810 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-0809 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0808 (An elevation of privilege vulnerability exists in the way the Provisio ...)
	NOT-FOR-US: Microsoft
CVE-2020-0807 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0806 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2020-0805
	RESERVED
CVE-2020-0804 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0803 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0802 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0801 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0800 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0799 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2020-0798 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2020-0797 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0796 (A remote code execution vulnerability exists in the way that the Micro ...)
	NOT-FOR-US: Microsoft
CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not properly  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0794 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0790
	RESERVED
CVE-2020-0789 (A denial of service vulnerability exists when the Visual Studio Extens ...)
	NOT-FOR-US: Microsoft
CVE-2020-0788 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0787 (An elevation of privilege vulnerability exists when the Windows Backgr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0786 (A denial of service vulnerability exists when the Windows Tile Object  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0785 (An elevation of privilege vulnerability exists when the Windows User P ...)
	NOT-FOR-US: Microsoft
CVE-2020-0784 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0783 (An elevation of privilege vulnerability exists when the Windows Univer ...)
	NOT-FOR-US: Microsoft
CVE-2020-0782
	RESERVED
CVE-2020-0781 (An elevation of privilege vulnerability exists when the Windows Univer ...)
	NOT-FOR-US: Microsoft
CVE-2020-0780 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0779 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2020-0778 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0777 (An elevation of privilege vulnerability exists when the Windows Work F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0776 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
	NOT-FOR-US: Microsoft
CVE-2020-0775 (An information disclosure vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0774 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2020-0773 (An elevation of privilege vulnerability exists when the Windows Active ...)
	NOT-FOR-US: Microsoft
CVE-2020-0772 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0771 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
	NOT-FOR-US: Microsoft
CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows Active ...)
	NOT-FOR-US: Microsoft
CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
	NOT-FOR-US: Microsoft
CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0766
	RESERVED
CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...)
	NOT-FOR-US: Microsoft
CVE-2020-0764
	RESERVED
CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...)
	NOT-FOR-US: Microsoft
CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...)
	NOT-FOR-US: Microsoft
CVE-2020-0761
	RESERVED
CVE-2020-0760 (A remote code execution vulnerability exists when Microsoft Office imp ...)
	NOT-FOR-US: Microsoft
CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...)
	NOT-FOR-US: Microsoft
CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...)
	NOT-FOR-US: Microsoft
CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...)
	NOT-FOR-US: Microsoft
CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...)
	NOT-FOR-US: Microsoft
CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...)
	NOT-FOR-US: Microsoft
CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...)
	NOT-FOR-US: Microsoft
CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...)
	NOT-FOR-US: Microsoft
CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...)
	NOT-FOR-US: Microsoft
CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...)
	NOT-FOR-US: Microsoft
CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...)
	NOT-FOR-US: Microsoft
CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...)
	NOT-FOR-US: Microsoft
CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0718
	RESERVED
CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...)
	NOT-FOR-US: Microsoft
CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...)
	NOT-FOR-US: Microsoft
CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...)
	NOT-FOR-US: Microsoft
CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...)
	NOT-FOR-US: Microsoft
CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...)
	NOT-FOR-US: Microsoft
CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...)
	NOT-FOR-US: Microsoft
CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2020-0699 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...)
	NOT-FOR-US: Microsoft
CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...)
	NOT-FOR-US: Microsoft
CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...)
	NOT-FOR-US: Microsoft
CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
	NOT-FOR-US: Microsoft
CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0690 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...)
	NOT-FOR-US: Microsoft
CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
	NOT-FOR-US: Microsoft
CVE-2020-0687 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2020-0684 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...)
	NOT-FOR-US: Microsoft
CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...)
	NOT-FOR-US: Microsoft
CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...)
	NOT-FOR-US: Microsoft
CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...)
	NOT-FOR-US: Microsoft
CVE-2020-0664
	RESERVED
CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
	NOT-FOR-US: Microsoft
CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...)
	NOT-FOR-US: Microsoft
CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
	NOT-FOR-US: Microsoft
CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...)
	NOT-FOR-US: Microsoft
CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...)
	NOT-FOR-US: Microsoft
CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2020-0649
	RESERVED
CVE-2020-0648
	RESERVED
CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...)
	NOT-FOR-US: Microsoft
CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
	NOT-FOR-US: Microsoft
CVE-2020-0645 (A tampering vulnerability exists when Microsoft IIS Server improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...)
	NOT-FOR-US: Microsoft
CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...)
	NOT-FOR-US: Microsoft
CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...)
	NOT-FOR-US: Microsoft
CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...)
	NOT-FOR-US: Microsoft
CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...)
	NOT-FOR-US: Microsoft
CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...)
	NOT-FOR-US: Microsoft
CVE-2020-0619
	RESERVED
CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...)
	NOT-FOR-US: Microsoft
CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...)
	NOT-FOR-US: Microsoft
CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...)
	NOT-FOR-US: Microsoft
CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...)
	NOT-FOR-US: Microsoft
CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...)
	NOT-FOR-US: Microsoft
CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...)
	NOT-FOR-US: Microsoft
CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...)
	NOT-FOR-US: Microsoft
CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...)
	NOT-FOR-US: Microsoft
CVE-2020-0604
	RESERVED
CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...)
	NOT-FOR-US: Microsoft
CVE-2019-18779
	RESERVED
CVE-2019-18778
	RESERVED
CVE-2019-18777
	RESERVED
CVE-2019-18776
	RESERVED
CVE-2019-18775
	RESERVED
CVE-2019-18774
	REJECTED
CVE-2019-18773
	REJECTED
CVE-2019-18772
	REJECTED
CVE-2019-18771
	REJECTED
CVE-2019-18770
	REJECTED
CVE-2019-18769
	REJECTED
CVE-2019-18768
	REJECTED
CVE-2019-18767
	REJECTED
CVE-2019-18766
	REJECTED
CVE-2019-18765
	REJECTED
CVE-2019-18764
	REJECTED
CVE-2019-18763
	REJECTED
CVE-2019-18762
	REJECTED
CVE-2019-18761
	REJECTED
CVE-2019-18760
	REJECTED
CVE-2019-18759
	REJECTED
CVE-2019-18758
	REJECTED
CVE-2019-18757
	REJECTED
CVE-2019-18756
	REJECTED
CVE-2019-18755
	REJECTED
CVE-2019-18754
	REJECTED
CVE-2019-18753
	REJECTED
CVE-2019-18752
	REJECTED
CVE-2019-18751
	REJECTED
CVE-2019-18750
	REJECTED
CVE-2019-18749
	REJECTED
CVE-2019-18748
	REJECTED
CVE-2019-18747
	REJECTED
CVE-2019-18746
	REJECTED
CVE-2019-18745
	REJECTED
CVE-2019-18744
	REJECTED
CVE-2019-18743
	REJECTED
CVE-2019-18742
	REJECTED
CVE-2019-18741
	REJECTED
CVE-2019-18740
	REJECTED
CVE-2019-18739
	REJECTED
CVE-2019-18738
	REJECTED
CVE-2019-18737
	REJECTED
CVE-2019-18736
	REJECTED
CVE-2019-18735
	REJECTED
CVE-2019-18734
	REJECTED
CVE-2019-18733
	REJECTED
CVE-2019-18732
	REJECTED
CVE-2019-18731
	REJECTED
CVE-2019-18730
	REJECTED
CVE-2019-18729
	REJECTED
CVE-2019-18728
	REJECTED
CVE-2019-18727
	REJECTED
CVE-2019-18726
	REJECTED
CVE-2019-18725
	REJECTED
CVE-2019-18724
	REJECTED
CVE-2019-18723
	REJECTED
CVE-2019-18722
	REJECTED
CVE-2019-18721
	REJECTED
CVE-2019-18720
	REJECTED
CVE-2019-18719
	REJECTED
CVE-2019-18718
	REJECTED
CVE-2019-18717
	REJECTED
CVE-2019-18716
	REJECTED
CVE-2019-18715
	REJECTED
CVE-2019-18714
	REJECTED
CVE-2019-18713
	REJECTED
CVE-2019-18712
	REJECTED
CVE-2019-18711
	REJECTED
CVE-2019-18710
	REJECTED
CVE-2019-18709
	REJECTED
CVE-2019-18708
	REJECTED
CVE-2019-18707
	REJECTED
CVE-2019-18706
	REJECTED
CVE-2019-18705
	REJECTED
CVE-2019-18704
	REJECTED
CVE-2019-18703
	REJECTED
CVE-2019-18702
	REJECTED
CVE-2019-18701
	REJECTED
CVE-2019-18700
	REJECTED
CVE-2019-18699
	REJECTED
CVE-2019-18698
	REJECTED
CVE-2019-18697
	REJECTED
CVE-2019-18696
	REJECTED
CVE-2019-18695
	REJECTED
CVE-2019-18694
	REJECTED
CVE-2019-18693
	REJECTED
CVE-2019-18692
	REJECTED
CVE-2019-18691
	REJECTED
CVE-2019-18690
	REJECTED
CVE-2019-18689
	REJECTED
CVE-2019-18688
	REJECTED
CVE-2019-18687
	REJECTED
CVE-2019-18686
	REJECTED
CVE-2019-18685
	REJECTED
CVE-2019-18684 (** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to r ...)
	NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd
	NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress
	NOTE: of beeing REJECTED). An attack is only viable if the attacker can write to fd/3.
CVE-2019-18682
	RESERVED
CVE-2019-18681
	RESERVED
CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2019/9/18/337
CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...)
	{DSA-4682-1 DLA-2028-1}
	- squid 4.9-1
	- squid3 <removed>
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...)
	{DSA-4682-1 DLA-2028-1}
	- squid 4.9-1
	- squid3 <removed>
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...)
	{DSA-4682-1 DLA-2028-1}
	- squid 4.9-1
	- squid3 <removed>
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...)
	{DSA-4682-1}
	- squid 4.9-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the Linux k ...)
	{DLA-2114-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1
CVE-2019-18675 (The Linux kernel through 5.3.13 has a start_offset+size Integer Overfl ...)
	- linux 4.16.16-1
	[stretch] - linux 4.9.110-1
	[jessie] - linux 3.16.64-1
	NOTE: https://deshal3v.github.io/blog/kernel-research/mmap_exploitation
CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...)
	NOT-FOR-US: Joomla!
CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...)
	NOT-FOR-US: SHIFT BitBox02 devices
CVE-2019-18672 (Insufficient checks in the finite state machine of the ShapeShift Keep ...)
	NOT-FOR-US: ShapeShift
CVE-2019-18671 (Insufficient checks in the USB packet handling of the ShapeShift KeepK ...)
	NOT-FOR-US: ShapeShift
CVE-2019-18670 (In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2 ...)
	NOT-FOR-US: Acer
CVE-2019-18669
	RESERVED
CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.11.2 f ...)
	NOT-FOR-US: Currency Switcher addon for WooCommerce
CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 package b ...)
	NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the freeradius3 package
CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. Remote  ...)
	NOT-FOR-US: D-Link
CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion ...)
	NOT-FOR-US: SECUDOS DOMOS
CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)
	NOT-FOR-US: SECUDOS DOMOS
CVE-2019-18663 (A SQL injection vulnerability in a /login/forgot1 POST request in ARP- ...)
	NOT-FOR-US: ARP-GUARD
CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input passed t ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...)
	NOT-FOR-US: Fastweb FASTGate
CVE-2019-18660 (The Linux kernel before 5.4.1 on powerpc allows Information Exposure b ...)
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <ignored> (powerpc not supported in LTS)
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...)
	NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol
CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a chart as  ...)
	- helm-kubernetes <itp> (bug #910799)
CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url  ...)
	NOT-FOR-US: ClickHouse
CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...)
	NOT-FOR-US: Pimcore
CVE-2019-18655 (File Sharing Wizard version 1.5.0 build 2008 is affected by a Structur ...)
	NOT-FOR-US: File Sharing Wizard
CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet S ...)
	NOT-FOR-US: AVG
CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, In ...)
	NOT-FOR-US: Avast
CVE-2019-18652 (A DOM based XSS vulnerability has been identified on the WatchGuard XM ...)
	NOT-FOR-US: Watchguard
CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias  ...)
	NOT-FOR-US: 3xLogic
CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...)
	NOT-FOR-US: Joomla!
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
	- jupyter-notebook 5.7.4-1
	NOTE: https://github.com/jupyter/notebook/pull/3341
CVE-2019-18649 (When logged in as an admin user, the Title input field (under Reports) ...)
	NOT-FOR-US: Untangle NG firewall
CVE-2019-18648 (When logged in as an admin user, the Untangle NG firewall 14.2.0 is vu ...)
	NOT-FOR-US: Untangle NG firewall
CVE-2019-18647 (The Untangle NG firewall 14.2.0 is vulnerable to an authenticated comm ...)
	NOT-FOR-US: Untangle NG firewall
CVE-2019-18646 (The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline- ...)
	NOT-FOR-US: Untangle NG firewall
CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus 11.5.2 ...)
	NOT-FOR-US: Total Defense Anti-virus
CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...)
	NOT-FOR-US: Total Defense Anti-virus
CVE-2019-18643
	RESERVED
CVE-2019-18642
	RESERVED
CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
	NOT-FOR-US: Rock RMS
CVE-2019-18640
	RESERVED
CVE-2019-18639
	RESERVED
CVE-2019-18638
	RESERVED
CVE-2019-18637
	RESERVED
CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka A ...)
	NOT-FOR-US: Jitbit .NET Forum
CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...)
	NOT-FOR-US: Mooltipass Moolticute
CVE-2019-18634 (In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users ...)
	{DSA-4614-1 DLA-2094-1}
	- sudo 1.8.31-1 (bug #950371)
	[buster] - sudo 1.8.27-1+deb10u2
	NOTE: https://www.sudo.ws/alerts/pwfeedback.html
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/6
	NOTE: https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 (master)
	NOTE: https://github.com/sudo-project/sudo/commit/b5d2010b6514ff45693509273bb07df3abb0bf0a (SUDO_1_8_31)
	NOTE: The issue itself is fixed only in 1.8.31 but a change in the EOF handling
	NOTE: introduced in 1.8.26 mitigated exploitation of the bug in some cases:
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/31/1
	NOTE: Change for "Print a warning for password read issues" in 1.8.26:
	NOTE: https://github.com/sudo-project/sudo/commit/ab2cba0f5d8b286e8e52c06076efd32434f538ae (SUDO_1_8_26)
	NOTE: The overflow is tough as well reachable when using a pty:
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/05/2
CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...)
	NOT-FOR-US: European Commission eIDAS-Node Integration Package
CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...)
	NOT-FOR-US: European Commission eIDAS-Node Integration Package
CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...)
	NOT-FOR-US: Centrify Authentication and Privilege Elevation Services
CVE-2019-18630
	RESERVED
CVE-2019-18629
	RESERVED
CVE-2019-18628
	RESERVED
CVE-2019-18627
	RESERVED
CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...)
	NOT-FOR-US: Harris Ormed Self Service
CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed  ...)
	- systemd 244-1 (low)
	[buster] - systemd <not-affected> (Only affected v243)
	[stretch] - systemd <not-affected> (Only affected v243)
	[jessie] - systemd <not-affected> (Only affected v243)
	NOTE: https://github.com/systemd/systemd/issues/9397
CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...)
	{DLA-2087-1}
	[experimental] - suricata 1:5.0.1-1~exp1
	- suricata 1:5.0.2-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (suricata-5.0.1)
	NOTE: https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (master-4.1.x)
	NOTE: https://redmine.openinfosecfoundation.org/issues/3286
	NOTE: https://redmine.openinfosecfoundation.org/issues/3395
CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...)
	NOT-FOR-US: Opera Mini for Android
CVE-2019-18623 (Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attack ...)
	NOT-FOR-US: EnergyCAP
CVE-2019-18622 (An issue was discovered in phpMyAdmin before 4.9.2. A crafted database ...)
	- phpmyadmin 4:4.9.2+dfsg1-1 (bug #945349)
	[stretch] - phpmyadmin <not-affected> (vulnerable code is not present)
	[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111
	NOTE: https://gist.github.com/ibennetch/4ba7d2fac6f384a5039d697a110e0912
	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-5/
CVE-2019-18621
	RESERVED
CVE-2019-18620
	RESERVED
CVE-2019-18619
	RESERVED
CVE-2019-18618
	RESERVED
CVE-2019-18617
	RESERVED
CVE-2019-18616
	RESERVED
CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...)
	NOT-FOR-US: CloudVision Portal
CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that exceeds 384 by ...)
	NOT-FOR-US: Cypress
CVE-2019-18613
	RESERVED
CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
	NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34 for Me ...)
	NOT-FOR-US: CheckUser MediaWiki extension
CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
	{DLA-2017-1}
	- asterisk 1:16.10.0~dfsg-1 (bug #947377)
	[buster] - asterisk <no-dsa> (Minor issue)
	[stretch] - asterisk <no-dsa> (Minor issue)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
CVE-2019-18609 (An issue was discovered in amqp_handle_input in amqp_connection.c in r ...)
	{DLA-2022-1}
	- librabbitmq 0.10.0-1 (low; bug #946005)
	[buster] - librabbitmq <no-dsa> (Minor issue)
	[stretch] - librabbitmq <no-dsa> (Minor issue)
	NOTE: https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information modification bec ...)
	NOT-FOR-US: Cezerin
CVE-2019-18607
	RESERVED
CVE-2019-18606
	RESERVED
CVE-2019-18605
	RESERVED
CVE-2019-18604 (In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distr ...)
	- texlive-bin 2020.20200327.54578-2
	[buster] - texlive-bin <no-dsa> (Minor issue)
	[stretch] - texlive-bin <not-affected> (Vulnerable code not present)
	[jessie] - texlive-bin <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a
CVE-2019-18600
	RESERVED
CVE-2019-18599
	RESERVED
CVE-2019-18598
	RESERVED
CVE-2019-18597
	RESERVED
CVE-2019-18596
	RESERVED
CVE-2019-18595
	RESERVED
CVE-2019-18594
	RESERVED
CVE-2019-18593
	RESERVED
CVE-2019-18592
	RESERVED
CVE-2019-18591
	RESERVED
CVE-2019-18590
	RESERVED
CVE-2019-18589
	RESERVED
CVE-2019-18588 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Un ...)
	NOT-FOR-US: EMC
CVE-2019-18587
	RESERVED
CVE-2019-18586
	REJECTED
CVE-2019-18585
	REJECTED
CVE-2019-18584
	REJECTED
CVE-2019-18583
	REJECTED
CVE-2019-18582 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions ...)
	NOT-FOR-US: EMC
CVE-2019-18581 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions ...)
	NOT-FOR-US: EMC
CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...)
	NOT-FOR-US: EMC
CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1. ...)
	NOT-FOR-US: Dell
CVE-2019-18578 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-si ...)
	NOT-FOR-US: EMC XtremIO XMS
CVE-2019-18577 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect perm ...)
	NOT-FOR-US: EMC XtremIO XMS
CVE-2019-18576 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information di ...)
	NOT-FOR-US: EMC XtremIO XMS
CVE-2019-18575 (Dell Command Configure versions prior to 4.2.1 contain an uncontrolled ...)
	NOT-FOR-US: Dell Command Configure
CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 contain a ...)
	NOT-FOR-US: RSA Authentication Manager software
CVE-2019-18573 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
	NOT-FOR-US: RSA
CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
	NOT-FOR-US: RSA
CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
	NOT-FOR-US: RSA
CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...)
	NOT-FOR-US: Intel
CVE-2020-0599
	RESERVED
CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...)
	NOT-FOR-US: Intel
CVE-2020-0597 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM  ...)
	NOT-FOR-US: Intel
CVE-2020-0596 (Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Inte ...)
	NOT-FOR-US: Intel
CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM vers ...)
	NOT-FOR-US: Intel
CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM  ...)
	NOT-FOR-US: Intel
CVE-2020-0593
	RESERVED
CVE-2020-0592
	RESERVED
CVE-2020-0591
	RESERVED
CVE-2020-0590
	RESERVED
CVE-2020-0589
	RESERVED
CVE-2020-0588
	RESERVED
CVE-2020-0587
	RESERVED
CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before  ...)
	NOT-FOR-US: Intel
CVE-2020-0585
	RESERVED
CVE-2020-0584
	RESERVED
CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...)
	NOT-FOR-US: Intel
CVE-2020-0582
	RESERVED
CVE-2020-0581
	RESERVED
CVE-2020-0580
	RESERVED
CVE-2020-0579
	RESERVED
CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...)
	NOT-FOR-US: Intel
CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...)
	NOT-FOR-US: Intel
CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...)
	NOT-FOR-US: Intel
CVE-2020-0575
	RESERVED
CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...)
	NOT-FOR-US: Intel
CVE-2020-0573
	RESERVED
CVE-2020-0572
	RESERVED
CVE-2020-0571
	RESERVED
CVE-2020-0570
	RESERVED
	- qtbase-opensource-src 5.12.5+dfsg-8
	[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
	[stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.0 through 5.14.0)
	[jessie] - qtbase-opensource-src <not-affected> (Only affects 5.12.0 through 5.14.0)
	NOTE: https://bugreports.qt.io/browse/QTBUG-81272
	NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd
	NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html
CVE-2020-0569
	RESERVED
	{DSA-4617-1 DLA-2092-1}
	- qtbase-opensource-src 5.12.5+dfsg-8
	NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
	NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant before ver ...)
	NOT-FOR-US: Intel
CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version  ...)
	NOT-FOR-US: Intel graphics driver for Windows
CVE-2020-0566 (Improper Access Control in subsystem for Intel(R) TXE versions before  ...)
	NOT-FOR-US: Intel
CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...)
	NOT-FOR-US: Intel graphics driver for Windows
CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...)
	NOT-FOR-US: Intel
CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...)
	NOT-FOR-US: Intel
CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...)
	NOT-FOR-US: Intel
CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may  ...)
	NOT-FOR-US: Intel
CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...)
	NOT-FOR-US: Intel
CVE-2020-0559
	RESERVED
CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...)
	NOT-FOR-US: Intel
CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...)
	NOT-FOR-US: Intel
CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
	{DSA-4647-1 DLA-2240-1}
	- bluez 5.50-1.1 (bug #953770)
	NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
	NOTE: Second commit introduces new configuration option "ClassicBondedOnly" which defaults
	NOTE: to false, and allows to make sure that input connections only come from bonded
	NOTE: device connections.
	NOTE: Followup commits to avoid (functional) regression:
	NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
	NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e
CVE-2020-0555
	RESERVED
CVE-2020-0554
	RESERVED
CVE-2020-0553
	RESERVED
CVE-2020-0552
	RESERVED
CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...)
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
	NOTE: https://xenbits.xen.org/xsa/advisory-315.html
	NOTE: https://lviattack.eu/
	NOTE: No mitigation will provided by this issue in software, primarily impacts Intel SGX
	NOTE: binutils/toolchain updates will include a patch that optionally emits lfence
	NOTE: instructions in problematic situations (but have performance impact), cf.
	NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html
CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...)
	NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue.
	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
	NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling
CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...)
	{DSA-4701-1 DLA-2248-1}
	- intel-microcode 3.20200609.1
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
	NOTE: https://cacheoutattack.com/
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated  ...)
	{DSA-4701-1 DLA-2248-1}
	- intel-microcode 3.20200609.1
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R) Data Migra ...)
	NOT-FOR-US: Intel
CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...)
	NOT-FOR-US: Intel
CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...)
	NOT-FOR-US: Intel
CVE-2020-0544
	RESERVED
CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...)
	{DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1}
	- intel-microcode 3.20200609.1
	- linux 5.6.14-2
	NOTE: https://www.vusec.net/projects/crosstalk/
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling
CVE-2020-0542 (Improper buffer restrictions in subsystem for Intel(R) CSME versions b ...)
	NOT-FOR-US: Intel
CVE-2020-0541 (Out-of-bounds write in subsystem for Intel(R) CSME versions before 12. ...)
	NOT-FOR-US: Intel
CVE-2020-0540 (Insufficiently protected credentials in Intel(R) AMT versions before 1 ...)
	NOT-FOR-US: Intel
CVE-2020-0539 (Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSM ...)
	NOT-FOR-US: Intel
CVE-2020-0538 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
	NOT-FOR-US: Intel
CVE-2020-0537 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
	NOT-FOR-US: Intel
CVE-2020-0536 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...)
	NOT-FOR-US: Intel
CVE-2020-0535 (Improper input validation in Intel(R) AMT versions before 11.8.76, 11. ...)
	NOT-FOR-US: Intel
CVE-2020-0534 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...)
	NOT-FOR-US: Intel
CVE-2020-0533 (Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.1 ...)
	NOT-FOR-US: Intel
CVE-2020-0532 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
	NOT-FOR-US: Intel
CVE-2020-0531 (Improper input validation in Intel(R) AMT versions before 11.8.77, 11. ...)
	NOT-FOR-US: Intel
CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...)
	NOT-FOR-US: Intel
CVE-2020-0529 (Improper initialization in BIOS firmware for 8th, 9th and 10th Generat ...)
	NOT-FOR-US: Intel
CVE-2020-0528 (Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10 ...)
	NOT-FOR-US: Intel
CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R) Dat ...)
	NOT-FOR-US: Intel
CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...)
	NOT-FOR-US: Intel
CVE-2020-0525
	RESERVED
CVE-2020-0524
	RESERVED
CVE-2020-0523
	RESERVED
CVE-2020-0522
	RESERVED
CVE-2020-0521
	RESERVED
CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...)
	NOT-FOR-US: Intel
CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions  ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0518
	RESERVED
CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...)
	NOT-FOR-US: Intel
CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...)
	NOT-FOR-US: Intel
CVE-2020-0513
	RESERVED
CVE-2020-0512
	RESERVED
CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0510
	RESERVED
CVE-2020-0509
	RESERVED
CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...)
	NOT-FOR-US: Intel
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before versions ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44. ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100. ...)
	NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2019-18570
	RESERVED
CVE-2019-18569
	RESERVED
CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...)
	NOT-FOR-US: Avira Free Antivirus
CVE-2019-18567 (Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an o ...)
	NOT-FOR-US: Bromium
CVE-2019-18566
	REJECTED
CVE-2019-18565
	REJECTED
CVE-2019-18564
	REJECTED
CVE-2019-18563
	REJECTED
CVE-2019-18562
	REJECTED
CVE-2019-18561
	REJECTED
CVE-2019-18560
	REJECTED
CVE-2019-18559
	REJECTED
CVE-2019-18558
	REJECTED
CVE-2019-18557
	REJECTED
CVE-2019-18556
	REJECTED
CVE-2019-18555
	REJECTED
CVE-2019-18554
	REJECTED
CVE-2019-18553
	REJECTED
CVE-2019-18552
	REJECTED
CVE-2019-18551
	REJECTED
CVE-2019-18550
	REJECTED
CVE-2019-18549
	REJECTED
CVE-2019-18548
	REJECTED
CVE-2019-18547
	REJECTED
CVE-2019-18546
	REJECTED
CVE-2019-18545
	REJECTED
CVE-2019-18544
	REJECTED
CVE-2019-18543
	REJECTED
CVE-2019-18542
	REJECTED
CVE-2019-18541
	REJECTED
CVE-2019-18540
	REJECTED
CVE-2019-18539
	REJECTED
CVE-2019-18538
	REJECTED
CVE-2019-18537
	REJECTED
CVE-2019-18536
	REJECTED
CVE-2019-18535
	REJECTED
CVE-2019-18534
	REJECTED
CVE-2019-18533
	REJECTED
CVE-2019-18532
	REJECTED
CVE-2019-18531
	REJECTED
CVE-2019-18530
	REJECTED
CVE-2019-18529
	REJECTED
CVE-2019-18528
	REJECTED
CVE-2019-18527
	REJECTED
CVE-2019-18526
	REJECTED
CVE-2019-18525
	REJECTED
CVE-2019-18524
	REJECTED
CVE-2019-18523
	REJECTED
CVE-2019-18522
	REJECTED
CVE-2019-18521
	REJECTED
CVE-2019-18520
	REJECTED
CVE-2019-18519
	REJECTED
CVE-2019-18518
	REJECTED
CVE-2019-18517
	REJECTED
CVE-2019-18516
	REJECTED
CVE-2019-18515
	REJECTED
CVE-2019-18514
	REJECTED
CVE-2019-18513
	REJECTED
CVE-2019-18512
	REJECTED
CVE-2019-18511
	REJECTED
CVE-2019-18510
	REJECTED
CVE-2019-18509
	REJECTED
CVE-2019-18508
	REJECTED
CVE-2019-18507
	REJECTED
CVE-2019-18506
	REJECTED
CVE-2019-18505
	REJECTED
CVE-2019-18504
	REJECTED
CVE-2019-18503
	REJECTED
CVE-2019-18502
	REJECTED
CVE-2019-18501
	REJECTED
CVE-2019-18500
	REJECTED
CVE-2019-18499
	REJECTED
CVE-2019-18498
	REJECTED
CVE-2019-18497
	REJECTED
CVE-2019-18496
	REJECTED
CVE-2019-18495
	REJECTED
CVE-2019-18494
	REJECTED
CVE-2019-18493
	REJECTED
CVE-2019-18492
	REJECTED
CVE-2019-18491
	REJECTED
CVE-2019-18490
	REJECTED
CVE-2019-18489
	REJECTED
CVE-2019-18488
	REJECTED
CVE-2019-18487
	REJECTED
CVE-2019-18486
	REJECTED
CVE-2019-18485
	REJECTED
CVE-2019-18484
	REJECTED
CVE-2019-18483
	REJECTED
CVE-2019-18482
	REJECTED
CVE-2019-18481
	REJECTED
CVE-2019-18480
	REJECTED
CVE-2019-18479
	REJECTED
CVE-2019-18478
	REJECTED
CVE-2019-18477
	REJECTED
CVE-2019-18476
	REJECTED
CVE-2019-18475
	REJECTED
CVE-2019-18474
	REJECTED
CVE-2019-18473
	REJECTED
CVE-2019-18472
	REJECTED
CVE-2019-18471
	REJECTED
CVE-2019-18470
	REJECTED
CVE-2019-18469
	REJECTED
CVE-2019-18468
	REJECTED
CVE-2019-18467
	REJECTED
CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves  ...)
	- libpod <not-affected> (Fixed before initial upload)
CVE-2019-18601 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...)
	{DLA-1982-1}
	- openafs 1.8.5-1 (low; bug #943587)
	[buster] - openafs <no-dsa> (Minor issue)
	[stretch] - openafs <no-dsa> (Minor issue)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...)
	{DLA-1982-1}
	- openafs 1.8.5-1 (low; bug #943587)
	[buster] - openafs <no-dsa> (Minor issue)
	[stretch] - openafs <no-dsa> (Minor issue)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...)
	{DLA-1982-1}
	- openafs 1.8.5-1 (low; bug #943587)
	[buster] - openafs <no-dsa> (Minor issue)
	[stretch] - openafs <no-dsa> (Minor issue)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...)
	NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 1 ...)
	NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-18463 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18462 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18461 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18460 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18459 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18458 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18457 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18456 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18455 (An issue was discovered in GitLab Community and Enterprise Edition 11  ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18454 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18453 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18452 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18451 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18450 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18449 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18448 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18447 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18446 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 12.2.9-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18445
	RESERVED
CVE-2019-18444
	RESERVED
CVE-2019-18443
	RESERVED
CVE-2019-18442
	RESERVED
CVE-2019-18441
	RESERVED
CVE-2019-18440
	RESERVED
CVE-2019-18439
	RESERVED
CVE-2019-18438
	RESERVED
CVE-2019-18437
	RESERVED
CVE-2019-18436
	RESERVED
CVE-2019-18435
	RESERVED
CVE-2019-18434
	RESERVED
CVE-2019-18433
	RESERVED
CVE-2019-18432
	RESERVED
CVE-2019-18431
	RESERVED
CVE-2019-18430
	RESERVED
CVE-2019-18429
	RESERVED
CVE-2019-18428
	RESERVED
CVE-2019-18427
	RESERVED
CVE-2019-18426 (A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when pa ...)
	NOT-FOR-US: WhatsApp Desktop
CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-298.html
CVE-2019-18424 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-302.html
CVE-2019-18423 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-301.html
CVE-2019-18422 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-303.html
CVE-2019-18421 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-299.html
CVE-2019-18420 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-296.html
CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB  ...)
	NOT-FOR-US: ClonOS
CVE-2019-18418 (clonos.php in ClonOS WEB control panel 19.09 allows remote attackers t ...)
	NOT-FOR-US: ClonOS
CVE-2019-18417 (Sourcecodester Restaurant Management System 1.0 allows an authenticate ...)
	NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18416 (Sourcecodester Restaurant Management System 1.0 allows XSS via the Las ...)
	NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18415 (Sourcecodester Restaurant Management System 1.0 allows XSS via the "se ...)
	NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by an admi ...)
	NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...)
	NOT-FOR-US: TypeStack class-validator
CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE ...)
	NOT-FOR-US: JetBrains IDETalk plugin
CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the  ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2019-18410
	RESERVED
CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...)
	NOT-FOR-US: ruby_parser-legacy packaging issue
CVE-2019-18408 (archive_read_format_rar_read_data in archive_read_support_format_rar.c ...)
	{DSA-4557-1 DLA-1971-1}
	- libarchive 3.4.0-1
	NOTE: https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689
CVE-2019-18407
	RESERVED
CVE-2019-18406
	RESERVED
CVE-2019-18405
	RESERVED
CVE-2019-18404
	RESERVED
CVE-2019-18403
	RESERVED
CVE-2019-18402
	RESERVED
CVE-2019-18401
	RESERVED
CVE-2019-18400
	RESERVED
CVE-2019-18399
	RESERVED
CVE-2019-18398
	RESERVED
CVE-2019-18397 (A buffer overflow in the fribidi_get_par_embedding_levels_ex() functio ...)
	{DSA-4561-1}
	- fribidi 1.0.7-1.1 (bug #944327)
	[stretch] - fribidi <not-affected> (Vulnerable code not present)
	[jessie] - fribidi <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
	NOTE: Introduced by: https://github.com/fribidi/fribidi/commit/f20b6480b9cd46dae8d82a6f95d9c53558fcfd20 (v1.0.0)
CVE-2019-18396 (An issue was discovered in certain Oi third-party firmware that may be ...)
	NOT-FOR-US: Technicolor
CVE-2019-18395
	RESERVED
CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.j ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not  ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-18392
	RESERVED
CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov  ...)
	- virglrenderer 0.8.1-1 (bug #946942)
	[buster] - virglrenderer <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function in vrend ...)
	- virglrenderer 0.8.1-1
	[buster] - virglrenderer <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
CVE-2019-18389 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov  ...)
	- virglrenderer 0.8.1-1 (bug #946942)
	[buster] - virglrenderer <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
	- virglrenderer 0.8.1-1
	[buster] - virglrenderer <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
	NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to  ...)
	NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
CVE-2019-18386 (Systems management on Unisys ClearPath Forward Libra and ClearPath MCP ...)
	NOT-FOR-US: Unisys
CVE-2019-18385 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unaut ...)
	NOT-FOR-US: TerraMaster
CVE-2019-18384 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authe ...)
	NOT-FOR-US: TerraMaster
CVE-2019-18383 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can  ...)
	NOT-FOR-US: TerraMaster
CVE-2019-18382 (An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A d ...)
	NOT-FOR-US: AVStar PE204
CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...)
	NOT-FOR-US: Norton Password Manager
CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 6.x.x,  ...)
	NOT-FOR-US: Symantec
CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a s ...)
	NOT-FOR-US: Symantec
CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a c ...)
	NOT-FOR-US: Symantec
CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...)
	NOT-FOR-US: Symantec
CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote attacker, with a ...)
	NOT-FOR-US: Broadcom
CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a session h ...)
	NOT-FOR-US: ASG and ProxySG management consoles
CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 &amp; ...)
	NOT-FOR-US: Symantec
CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...)
	NOT-FOR-US: Norton
CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
	NOT-FOR-US: Xiaomi
CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...)
	NOT-FOR-US: Xiaomi
CVE-2019-18369 (In JetBrains YouTrack before 2019.2.55152, removing tags from the issu ...)
	NOT-FOR-US: JetBrains
CVE-2019-18368 (In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escal ...)
	NOT-FOR-US: JetBrains
CVE-2019-18367 (In JetBrains TeamCity before 2019.1.2, a non-destructive operation cou ...)
	NOT-FOR-US: JetBrains
CVE-2019-18366 (In JetBrains TeamCity before 2019.1.2, secure values could be exposed  ...)
	NOT-FOR-US: JetBrains
CVE-2019-18365 (In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible ...)
	NOT-FOR-US: JetBrains
CVE-2019-18364 (In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization c ...)
	NOT-FOR-US: JetBrains
CVE-2019-18363 (In JetBrains TeamCity before 2019.1.2, access could be gained to the h ...)
	NOT-FOR-US: JetBrains
CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed listening ports to the network. ...)
	NOT-FOR-US: JetBrains
CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
	NOT-FOR-US: JetBrains
CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
	- mp3gain <removed>
CVE-2019-18358
	RESERVED
CVE-2019-18357 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2019-18356 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2019-18355 (An SSRF issue was discovered in the legacy Web launcher in Thycotic Se ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2019-18354
	RESERVED
CVE-2019-18353
	RESERVED
CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices  ...)
	NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
CVE-2019-18351
	RESERVED
CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET  ...)
	NOT-FOR-US: Ant Design Pro
CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)
	NOT-FOR-US: HotkeyP
CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...)
	- python3.8 3.8.3~rc1-1 (unimportant)
	- python3.7 <removed> (unimportant)
	- python3.5 <removed> (unimportant)
	- python3.4 <removed> (unimportant)
	- python2.7 2.7.18~rc1-1 (unimportant)
	NOTE: https://github.com/python/cpython/commit/9165addc22d05e776a54319a8531ebd0b2fe01ef (master)
	NOTE: https://github.com/python/cpython/commit/ff69c9d12c1b06af58e5eae5db4630cedd94740e (3.8 branch)
	NOTE: https://github.com/python/cpython/commit/34f85af3229f86c004a954c3f261ceea1f5e9f95 (3.7 branch)
	NOTE: https://github.com/python/cpython/commit/09d8172837b6985c4ad90ee025f6b5a554a9f0ac (3.5 branch)
	NOTE: https://github.com/python/cpython/commit/e176e0c105786e9f476758eb5438c57223b65e7f (v2.7.18rc1)
	NOTE: https://bugs.python.org/issue38576
	NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is
	NOTE: not the case in all suites, but the issue is minor in general and would
	NOTE: tend to a no-dsa/ignored tag in those suites.
CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...)
	{DSA-4582-1 DLA-2034-1}
	- davical 1.1.9.2-1 (bug #946343)
	NOTE: https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/
	NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
	NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...)
	{DSA-4582-1 DLA-2034-1}
	- davical 1.1.9.2-1 (bug #946343)
	NOTE: https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/
	NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
	NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
CVE-2019-18345 (A reflected XSS issue was discovered in DAViCal through 1.1.8. It echo ...)
	{DSA-4582-1 DLA-2034-1}
	- davical 1.1.9.2-1 (bug #946343)
	NOTE: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/
	NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b
	NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauthentica ...)
	NOT-FOR-US: Sourcecodester Online Grading System
CVE-2019-18343
	RESERVED
CVE-2019-18342 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-18341 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-18340 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-18339 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-18338 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-18337 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-18336 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
	NOT-FOR-US: Siemens
CVE-2019-18335 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18334 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18333 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18332 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18331 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18330 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18329 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18328 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18327 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18326 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18325 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18324 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18323 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18322 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18321 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18320 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18319 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18318 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18317 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18316 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18315 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18314 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18313 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18312 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18311 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18310 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18309 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18308 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18307 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18306 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18305 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18304 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18303 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18302 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18301 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18300 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18299 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18298 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18297 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18296 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18295 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18294 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18293 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18292 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18291 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18290 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18289 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...)
	NOT-FOR-US: Siemens
CVE-2019-18288 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18287 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18286 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18285 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18284 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18283 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...)
	NOT-FOR-US: Siemens
CVE-2019-18282 (The flow_dissector feature in the Linux kernel 4.3 through 5.x before  ...)
	{DLA-2114-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/55667441c84fa5e0911a0aac44fb059c15ba6da2
CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns() functi ...)
	{DSA-4556-1}
	- qtbase-opensource-src-gles 5.12.5+dfsg-1
	- qtbase-opensource-src 5.12.5+dfsg-2
	[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
	[stretch] - qtbase-opensource-src <not-affected> (Vulnerable code not present)
	[jessie] - qtbase-opensource-src <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/qt/qtbase/commit/af6ac444c97ed2dc234f93fe457440c9da5482ea
	NOTE: https://bugreports.qt.io/browse/QTBUG-77819
CVE-2019-18280 (Sourcecodester Online Grading System 1.0 is affected by a Cross Site R ...)
	NOT-FOR-US: Sourcecodester Online Grading System
CVE-2019-18279 (In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included driver ...)
	NOT-FOR-US: Phoenix SCT WinFlash
CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Windows,  ...)
	NOT-FOR-US: VLC on Windows
CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...)
	- haproxy 2.0.6-1
	[buster] - haproxy <no-dsa> (Minor issue)
	[stretch] - haproxy <no-dsa> (Minor issue)
	[jessie] - haproxy <no-dsa> (Minor issue)
	NOTE: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
	NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling
CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ...)
	- bash <unfixed> (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff
	NOTE: https://savannah.gnu.org/patch/?9822
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158028
	NOTE: Negligible security impact
CVE-2019-18275 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...)
	NOT-FOR-US: OSIsoft
CVE-2019-18274
	RESERVED
CVE-2019-18273 (OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The af ...)
	NOT-FOR-US: OSIsoft
CVE-2019-18272
	RESERVED
CVE-2019-18271 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...)
	NOT-FOR-US: OSIsoft
CVE-2019-18270
	RESERVED
CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...)
	NOT-FOR-US: Omron
CVE-2019-18268
	RESERVED
CVE-2019-18267 (An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G  ...)
	NOT-FOR-US: GE
CVE-2019-18266
	RESERVED
CVE-2019-18265
	RESERVED
CVE-2019-18264
	RESERVED
CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual ...)
	NOT-FOR-US: Philips
CVE-2019-18262
	RESERVED
CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all version ...)
	NOT-FOR-US: Omron
CVE-2019-18260
	RESERVED
CVE-2019-18259 (In Omron PLC CJ series, all versions and Omron PLC CS series, all vers ...)
	NOT-FOR-US: Omron
CVE-2019-18258
	RESERVED
CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple ...)
	NOT-FOR-US: Advantech
CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...)
	NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18255
	RESERVED
CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...)
	NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...)
	NOT-FOR-US: Relion
CVE-2019-18252 (BIOTRONIK CardioMessenger II, The affected products allow credential r ...)
	NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
	NOT-FOR-US: Omron
CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
	NOT-FOR-US: ABB
CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...)
	NOT-FOR-US: Reliable Controls
CVE-2019-18248 (BIOTRONIK CardioMessenger II, The affected products transmit credentia ...)
	NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...)
	NOT-FOR-US: Relion
CVE-2019-18246 (BIOTRONIK CardioMessenger II, The affected products do not properly en ...)
	NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...)
	NOT-FOR-US: Reliable Controls LicenseManager
CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision ...)
	NOT-FOR-US: OSIsoft
CVE-2019-18243
	RESERVED
CVE-2019-18242 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
	NOT-FOR-US: Moxa
CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...)
	NOT-FOR-US: Philips
CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...)
	NOT-FOR-US: Fuji
CVE-2019-18239
	RESERVED
CVE-2019-18238 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
	NOT-FOR-US: Moxa
CVE-2019-18237
	RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
	NOT-FOR-US: PLC Editor
CVE-2019-18235
	RESERVED
CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
	NOT-FOR-US: Equinox Control Expert
CVE-2019-18233
	RESERVED
CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
	NOT-FOR-US: SafeNet Sentinel LDK License Manager
CVE-2019-18231
	RESERVED
CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions,  ...)
	NOT-FOR-US: Honeywell
CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...)
	NOT-FOR-US: Advantech
CVE-2019-18228 (Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vul ...)
	NOT-FOR-US: Honeywell
CVE-2019-18227 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilitie ...)
	NOT-FOR-US: Advantech
CVE-2019-18226 (Honeywell equIP series and Performance series IP cameras and recorders ...)
	NOT-FOR-US: Honeywell
CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
	NOT-FOR-US: Citrix
CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
	{DSA-4613-1}
	- libidn2 2.2.0-1 (bug #942895)
	- libidn2-0 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
	NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
CVE-2019-18223 (ZOOM International Call Recording 6.3.1 suffers from multiple authenti ...)
	NOT-FOR-US: ZOOM International Call Recording
CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...)
	- mbedtls 2.16.4-1
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
	NOTE: Fixed upstream in 2.20.0, 2.16.4 and 2.7.13
CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...)
	NOT-FOR-US: CoreHR Core Portal
CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...)
	NOT-FOR-US: Sitemagic CMS
CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
	NOT-FOR-US: Sitemagic CMS
CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
	{DSA-4550-1 DLA-1969-1}
	- file 1:5.37-6 (bug #942830)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
	NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...)
	{DSA-4559-1 DLA-1974-1}
	- proftpd-dfsg 1.3.6a-2 (bug #942831)
	NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4
	NOTE: https://github.com/proftpd/proftpd/issues/846
CVE-2019-18216 (** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM ...)
	NOT-FOR-US: BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313
CVE-2019-18215 (An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Se ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2019-18214 (The Video_Converter app 0.1.0 for Nextcloud allows denial of service ( ...)
	NOT-FOR-US: Video_Converter app for Nextcloud
CVE-2019-18213 (XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML ...)
	NOT-FOR-US: XML Language Server (aka lsp4xml)
CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0. ...)
	NOT-FOR-US: XML Language Server (aka lsp4xml)
CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...)
	NOT-FOR-US: Orckestra C1 CMS
CVE-2019-18210 (Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows a ...)
	- moodle <removed>
CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2019-18208
	RESERVED
CVE-2019-18207 (In Zucchetti InfoBusiness before and including 4.4.1, an authenticated ...)
	NOT-FOR-US: Zucchetti InfoBusiness
CVE-2019-18206 (A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBus ...)
	NOT-FOR-US: Zucchetti InfoBusiness
CVE-2019-18205 (Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in ...)
	NOT-FOR-US: Zucchetti InfoBusiness
CVE-2019-18204 (Zucchetti InfoBusiness before and including 4.4.1 allows any authentic ...)
	NOT-FOR-US: Zucchetti InfoBusiness
CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabili ...)
	NOT-FOR-US: Ricoh
CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...)
	NOT-FOR-US: WAGO Series PFC100 and PFC200 devices
CVE-2019-18201 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
	NOT-FOR-US: Fujitsu
CVE-2019-18200 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
	NOT-FOR-US: Fujitsu
CVE-2019-18199 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
	NOT-FOR-US: Fujitsu
CVE-2019-18197 (In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable i ...)
	{DLA-1973-1}
	- libxslt 1.1.32-2.2 (bug #942646)
	[buster] - libxslt 1.1.32-2.2~deb10u1
	[stretch] - libxslt 1.1.29-2.1+deb9u2
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
CVE-2019-18196 (A DLL side loading vulnerability in the Windows Service in TeamViewer  ...)
	NOT-FOR-US: TeamViewer
CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage error in the ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
	NOTE: https://launchpad.net/bugs/1847478
CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal u ...)
	NOT-FOR-US: TerraMaster FS-210 devices
CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escal ...)
	NOT-FOR-US: TotalAV
CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114,  ...)
	NOT-FOR-US: Unisys Stealth
CVE-2020-0500
	RESERVED
CVE-2020-0499
	RESERVED
CVE-2020-0498
	RESERVED
CVE-2020-0497
	RESERVED
CVE-2020-0496
	RESERVED
CVE-2020-0495
	RESERVED
CVE-2020-0494
	RESERVED
CVE-2020-0493
	RESERVED
CVE-2020-0492
	RESERVED
CVE-2020-0491
	RESERVED
CVE-2020-0490
	RESERVED
CVE-2020-0489
	RESERVED
CVE-2020-0488
	RESERVED
CVE-2020-0487
	RESERVED
CVE-2020-0486
	RESERVED
CVE-2020-0485
	RESERVED
CVE-2020-0484
	RESERVED
CVE-2020-0483
	RESERVED
CVE-2020-0482
	RESERVED
CVE-2020-0481
	RESERVED
CVE-2020-0480
	RESERVED
CVE-2020-0479
	RESERVED
CVE-2020-0478
	RESERVED
CVE-2020-0477
	RESERVED
CVE-2020-0476
	RESERVED
CVE-2020-0475
	RESERVED
CVE-2020-0474
	RESERVED
CVE-2020-0473
	RESERVED
CVE-2020-0472
	RESERVED
CVE-2020-0471
	RESERVED
CVE-2020-0470
	RESERVED
CVE-2020-0469
	RESERVED
CVE-2020-0468
	RESERVED
CVE-2020-0467
	RESERVED
CVE-2020-0466
	RESERVED
CVE-2020-0465
	RESERVED
CVE-2020-0464
	RESERVED
CVE-2020-0463
	RESERVED
CVE-2020-0462
	RESERVED
CVE-2020-0461
	RESERVED
CVE-2020-0460
	RESERVED
CVE-2020-0459
	RESERVED
CVE-2020-0458
	RESERVED
CVE-2020-0457
	RESERVED
CVE-2020-0456
	RESERVED
CVE-2020-0455
	RESERVED
CVE-2020-0454
	RESERVED
CVE-2020-0453
	RESERVED
CVE-2020-0452
	RESERVED
CVE-2020-0451
	RESERVED
CVE-2020-0450
	RESERVED
CVE-2020-0449
	RESERVED
CVE-2020-0448
	RESERVED
CVE-2020-0447
	RESERVED
CVE-2020-0446
	RESERVED
CVE-2020-0445
	RESERVED
CVE-2020-0444
	RESERVED
CVE-2020-0443
	RESERVED
CVE-2020-0442
	RESERVED
CVE-2020-0441
	RESERVED
CVE-2020-0440
	RESERVED
CVE-2020-0439
	RESERVED
CVE-2020-0438
	RESERVED
CVE-2020-0437
	RESERVED
CVE-2020-0436
	RESERVED
CVE-2020-0435
	RESERVED
CVE-2020-0434
	RESERVED
CVE-2020-0433
	RESERVED
CVE-2020-0432
	RESERVED
CVE-2020-0431
	RESERVED
CVE-2020-0430
	RESERVED
CVE-2020-0429
	RESERVED
CVE-2020-0428
	RESERVED
CVE-2020-0427
	RESERVED
CVE-2020-0426
	RESERVED
CVE-2020-0425
	RESERVED
CVE-2020-0424
	RESERVED
CVE-2020-0423
	RESERVED
CVE-2020-0422
	RESERVED
CVE-2020-0421
	RESERVED
CVE-2020-0420
	RESERVED
CVE-2020-0419
	RESERVED
CVE-2020-0418
	RESERVED
CVE-2020-0417
	RESERVED
CVE-2020-0416
	RESERVED
CVE-2020-0415
	RESERVED
CVE-2020-0414
	RESERVED
CVE-2020-0413
	RESERVED
CVE-2020-0412
	RESERVED
CVE-2020-0411
	RESERVED
CVE-2020-0410
	RESERVED
CVE-2020-0409
	RESERVED
CVE-2020-0408
	RESERVED
CVE-2020-0407
	RESERVED
CVE-2020-0406
	RESERVED
CVE-2020-0405
	RESERVED
CVE-2020-0404
	RESERVED
CVE-2020-0403
	RESERVED
CVE-2020-0402
	RESERVED
CVE-2020-0401
	RESERVED
CVE-2020-0400
	RESERVED
CVE-2020-0399
	RESERVED
CVE-2020-0398
	RESERVED
CVE-2020-0397
	RESERVED
CVE-2020-0396
	RESERVED
CVE-2020-0395
	RESERVED
CVE-2020-0394
	RESERVED
CVE-2020-0393
	RESERVED
CVE-2020-0392
	RESERVED
CVE-2020-0391
	RESERVED
CVE-2020-0390
	RESERVED
CVE-2020-0389
	RESERVED
CVE-2020-0388
	RESERVED
CVE-2020-0387
	RESERVED
CVE-2020-0386
	RESERVED
CVE-2020-0385
	RESERVED
CVE-2020-0384
	RESERVED
CVE-2020-0383
	RESERVED
CVE-2020-0382
	RESERVED
CVE-2020-0381
	RESERVED
CVE-2020-0380
	RESERVED
CVE-2020-0379
	RESERVED
CVE-2020-0378
	RESERVED
CVE-2020-0377
	RESERVED
CVE-2020-0376
	RESERVED
CVE-2020-0375
	RESERVED
CVE-2020-0374
	RESERVED
CVE-2020-0373
	RESERVED
CVE-2020-0372
	RESERVED
CVE-2020-0371
	RESERVED
CVE-2020-0370
	RESERVED
CVE-2020-0369
	RESERVED
CVE-2020-0368
	RESERVED
CVE-2020-0367
	RESERVED
CVE-2020-0366
	RESERVED
CVE-2020-0365
	RESERVED
CVE-2020-0364
	RESERVED
CVE-2020-0363
	RESERVED
CVE-2020-0362
	RESERVED
CVE-2020-0361
	RESERVED
CVE-2020-0360
	RESERVED
CVE-2020-0359
	RESERVED
CVE-2020-0358
	RESERVED
CVE-2020-0357
	RESERVED
CVE-2020-0356
	RESERVED
CVE-2020-0355
	RESERVED
CVE-2020-0354
	RESERVED
CVE-2020-0353
	RESERVED
CVE-2020-0352
	RESERVED
CVE-2020-0351
	RESERVED
CVE-2020-0350
	RESERVED
CVE-2020-0349
	RESERVED
CVE-2020-0348
	RESERVED
CVE-2020-0347
	RESERVED
CVE-2020-0346
	RESERVED
CVE-2020-0345
	RESERVED
CVE-2020-0344
	RESERVED
CVE-2020-0343
	RESERVED
CVE-2020-0342
	RESERVED
CVE-2020-0341
	RESERVED
CVE-2020-0340
	RESERVED
CVE-2020-0339
	RESERVED
CVE-2020-0338
	RESERVED
CVE-2020-0337
	RESERVED
CVE-2020-0336
	RESERVED
CVE-2020-0335
	RESERVED
CVE-2020-0334
	RESERVED
CVE-2020-0333
	RESERVED
CVE-2020-0332
	RESERVED
CVE-2020-0331
	RESERVED
CVE-2020-0330
	RESERVED
CVE-2020-0329
	RESERVED
CVE-2020-0328
	RESERVED
CVE-2020-0327
	RESERVED
CVE-2020-0326
	RESERVED
CVE-2020-0325
	RESERVED
CVE-2020-0324
	RESERVED
CVE-2020-0323
	RESERVED
CVE-2020-0322
	RESERVED
CVE-2020-0321
	RESERVED
CVE-2020-0320
	RESERVED
CVE-2020-0319
	RESERVED
CVE-2020-0318
	RESERVED
CVE-2020-0317
	RESERVED
CVE-2020-0316
	RESERVED
CVE-2020-0315
	RESERVED
CVE-2020-0314
	RESERVED
CVE-2020-0313
	RESERVED
CVE-2020-0312
	RESERVED
CVE-2020-0311
	RESERVED
CVE-2020-0310
	RESERVED
CVE-2020-0309
	RESERVED
CVE-2020-0308
	RESERVED
CVE-2020-0307
	RESERVED
CVE-2020-0306
	RESERVED
CVE-2020-0305
	RESERVED
CVE-2020-0304
	RESERVED
CVE-2020-0303
	RESERVED
CVE-2020-0302
	RESERVED
CVE-2020-0301
	RESERVED
CVE-2020-0300
	RESERVED
CVE-2020-0299
	RESERVED
CVE-2020-0298
	RESERVED
CVE-2020-0297
	RESERVED
CVE-2020-0296
	RESERVED
CVE-2020-0295
	RESERVED
CVE-2020-0294
	RESERVED
CVE-2020-0293
	RESERVED
CVE-2020-0292
	RESERVED
CVE-2020-0291
	RESERVED
CVE-2020-0290
	RESERVED
CVE-2020-0289
	RESERVED
CVE-2020-0288
	RESERVED
CVE-2020-0287
	RESERVED
CVE-2020-0286
	RESERVED
CVE-2020-0285
	RESERVED
CVE-2020-0284
	RESERVED
CVE-2020-0283
	RESERVED
CVE-2020-0282
	RESERVED
CVE-2020-0281
	RESERVED
CVE-2020-0280
	RESERVED
CVE-2020-0279
	RESERVED
CVE-2020-0278
	RESERVED
CVE-2020-0277
	RESERVED
CVE-2020-0276
	RESERVED
CVE-2020-0275
	RESERVED
CVE-2020-0274
	RESERVED
CVE-2020-0273
	RESERVED
CVE-2020-0272
	RESERVED
CVE-2020-0271
	RESERVED
CVE-2020-0270
	RESERVED
CVE-2020-0269
	RESERVED
CVE-2020-0268
	RESERVED
CVE-2020-0267
	RESERVED
CVE-2020-0266
	RESERVED
CVE-2020-0265
	RESERVED
CVE-2020-0264
	RESERVED
CVE-2020-0263
	RESERVED
CVE-2020-0262
	RESERVED
CVE-2020-0261
	RESERVED
CVE-2020-0260
	RESERVED
CVE-2020-0259
	RESERVED
CVE-2020-0258
	RESERVED
CVE-2020-0257
	RESERVED
CVE-2020-0256
	RESERVED
CVE-2020-0255
	RESERVED
CVE-2020-0254
	RESERVED
CVE-2020-0253
	RESERVED
CVE-2020-0252
	RESERVED
CVE-2020-0251
	RESERVED
CVE-2020-0250
	RESERVED
CVE-2020-0249
	RESERVED
CVE-2020-0248
	RESERVED
CVE-2020-0247
	RESERVED
CVE-2020-0246
	RESERVED
CVE-2020-0245
	RESERVED
CVE-2020-0244
	RESERVED
CVE-2020-0243
	RESERVED
CVE-2020-0242
	RESERVED
CVE-2020-0241
	RESERVED
CVE-2020-0240
	RESERVED
CVE-2020-0239
	RESERVED
CVE-2020-0238
	RESERVED
CVE-2020-0237
	RESERVED
CVE-2020-0236
	RESERVED
CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...)
	NOT-FOR-US: Pixel kernel drivers
CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
	NOT-FOR-US: Pixel kernel drivers
CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use  ...)
	NOT-FOR-US: Android
CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds  ...)
	NOT-FOR-US: Pixel kernel drivers
CVE-2020-0231
	RESERVED
CVE-2020-0230
	RESERVED
CVE-2020-0229
	RESERVED
CVE-2020-0228
	RESERVED
CVE-2020-0227
	RESERVED
CVE-2020-0226
	RESERVED
CVE-2020-0225
	RESERVED
CVE-2020-0224
	RESERVED
CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...)
	NOT-FOR-US: Pixel kernel drivers
CVE-2020-0222
	RESERVED
CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...)
	NOT-FOR-US: Android
CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2020-0219 (In onCreate of SliceDeepLinkSpringBoard.java there is a possible insec ...)
	NOT-FOR-US: Android
CVE-2020-0218 (In loadSoundModel and related functions of SoundTriggerHwService.cpp,  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0217 (In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2020-0216 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2020-0215 (In onCreate of ConfirmConnectActivity.java, there is a possible leak o ...)
	NOT-FOR-US: Android
CVE-2020-0214 (In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2020-0213 (In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0212 (In _onBufferDestroyed of InputBufferManager.cpp, there is a possible o ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0211 (In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0210 (In removeSharedAccountAsUser of AccountManager.java, there is a possib ...)
	NOT-FOR-US: Android
CVE-2020-0209 (In multiple functions of AccountManager.java, there is a possible perm ...)
	NOT-FOR-US: Android
CVE-2020-0208 (In multiple functions of AccountManager.java, there is a possible perm ...)
	NOT-FOR-US: Android
CVE-2020-0207 (In next_marker of jdmarker.c, there is a possible out of bounds read d ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0206 (In the settings app, there is a possible app crash due to improper inp ...)
	NOT-FOR-US: Android
CVE-2020-0205 (In the DaalaBitReader constructor of entropy_decoder.cc, there is a po ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a sign ...)
	NOT-FOR-US: Android
CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID  ...)
	NOT-FOR-US: Android
CVE-2020-0202 (In onStart of MainActivity.java, there is a possible bypass of develop ...)
	NOT-FOR-US: Android
CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...)
	NOT-FOR-US: Android
CVE-2020-0200 (In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of b ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...)
	{DLA-2249-1}
	- libexif 0.6.22-2 (bug #962345)
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
	NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
CVE-2020-0197 (In InitDataParser::parsePssh of InitDataParser.cpp, there is a possibl ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0196 (In RegisterNotificationResponse::GetEvent of register_notification_pac ...)
	NOT-FOR-US: Android
CVE-2020-0195 (In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0194 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0193 (In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_ ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0192 (In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there i ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0191 (In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0190 (In ideint_weave_blk of ideint_utils.c, there is a possible out of boun ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0189 (In ihevcd_decode() of ihevcd_decode.c, there is possible resource exha ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0188 (In onCreatePermissionRequest of SettingsSliceProvider.java, there is a ...)
	NOT-FOR-US: Android
CVE-2020-0187 (In engineSetMode of BaseBlockCipher.java, there is a possible incorrec ...)
	NOT-FOR-US: Android
CVE-2020-0186 (In hal_fd_init of hal_fd.cc, there is a possible out of bounds write d ...)
	NOT-FOR-US: Android
CVE-2020-0185 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out  ...)
	NOT-FOR-US: Android
CVE-2020-0184 (In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinit ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomplete re ...)
	NOT-FOR-US: Android
CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
	{DLA-2249-1}
	- libexif 0.6.22-1 (low)
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
	NOTE: CVE originally originally reported by Android where a different patch was shipped
CVE-2020-0181 (In exif_data_load_data_thumbnail of exif-data.c, there is a possible d ...)
	{DSA-4618-1 DLA-2100-1}
	- libexif 0.6.21-6 (bug #962346)
	NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
	NOTE: Fixed by the patch for CVE-2019-9278
CVE-2020-0180 (In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out o ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0179 (In doSendObjectInfo of MtpServer.cpp, there is a possible path travers ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0178 (In getAllConfigFlags of SettingsProvider.cpp, there is a possible ille ...)
	NOT-FOR-US: Android
CVE-2020-0177 (In connect() of PanService.java, there is a possible permissions bypas ...)
	NOT-FOR-US: Android
CVE-2020-0176 (In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds  ...)
	NOT-FOR-US: Android
CVE-2020-0175 (In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion du ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0174 (In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0173 (In Parse_lins of eas_mdls.c, there is possible resource exhaustion due ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0172 (In Parse_art of eas_mdls.c, there is possible resource exhaustion due  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0171 (In Parse_lart of eas_mdls.c, there is possible resource exhaustion due ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0170 (In IMY_Event of eas_imelody.c, there is possible resource exhaustion d ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0169 (In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion d ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0168 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, the ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0167 (In load of ResourceTypes.cpp, there is a possible out of bounds read d ...)
	NOT-FOR-US: Android
CVE-2020-0166 (In multiple functions of URI.java, there is a possible escalation of p ...)
	NOT-FOR-US: Android
CVE-2020-0165 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
	NOT-FOR-US: Android
CVE-2020-0164 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
	NOT-FOR-US: Android
CVE-2020-0163 (In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there i ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0162 (In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0161 (In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaus ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0160 (In setSyncSampleParams of SampleTable.cpp, there is possible resource  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0159 (In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds r ...)
	NOT-FOR-US: Android
CVE-2020-0158 (In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible o ...)
	NOT-FOR-US: Android
CVE-2020-0157 (In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2020-0156 (In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read ...)
	NOT-FOR-US: Android
CVE-2020-0155 (In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a poss ...)
	NOT-FOR-US: Android
CVE-2020-0154 (In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2020-0153 (In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2020-0152 (In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0151 (In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible o ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0150 (In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2020-0149 (In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2020-0148 (In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and b ...)
	NOT-FOR-US: Android
CVE-2020-0147 (In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2020-0146 (In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2020-0145 (In btm_simple_pair_complete of btm_sec.cc, there is a possible out of  ...)
	NOT-FOR-US: Android
CVE-2020-0144 (In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bound ...)
	NOT-FOR-US: Android
CVE-2020-0143 (In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible ...)
	NOT-FOR-US: Android
CVE-2020-0142 (In rw_i93_sm_format of rw_i93.c, there is a possible information discl ...)
	NOT-FOR-US: Android
CVE-2020-0141 (In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possib ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0140 (In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information  ...)
	NOT-FOR-US: Android
CVE-2020-0139 (In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2020-0138 (In get_element_attr_rsp of btif_rc.cc, there is a possible out of boun ...)
	NOT-FOR-US: Android
CVE-2020-0137 (In setIPv6AddrGenMode of NetworkManagementService.java, there is a pos ...)
	NOT-FOR-US: Android
CVE-2020-0136 (In multiple locations of Parcel.cpp, there is a possible out-of-bounds ...)
	NOT-FOR-US: Android
CVE-2020-0135 (In dump of RollbackManagerServiceImpl.java, there is a possible backup ...)
	NOT-FOR-US: Android
CVE-2020-0134 (In BnDrm::onTransact of IDrm.cpp, there is a possible information disc ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0133 (In MockLocationAppPreferenceController.java, it is possible to mock th ...)
	NOT-FOR-US: Android
CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a possi ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0130
	RESERVED
CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...)
	NOT-FOR-US: Android
CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out of b ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0125
	RESERVED
CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2020-0123
	RESERVED
CVE-2020-0122
	RESERVED
CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...)
	NOT-FOR-US: Android
CVE-2020-0120
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of WifiConfigManag ...)
	NOT-FOR-US: Android
CVE-2020-0118 (In addListener of RegionSamplingThread.cpp, there is a possible out of ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0117 (In aes_cmac of aes_cmac.cc, there is a possible out of bounds write du ...)
	NOT-FOR-US: Android
CVE-2020-0116 (In checkSystemLocationAccess of LocationAccessPolicy.java, there is a  ...)
	NOT-FOR-US: Android
CVE-2020-0115 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...)
	NOT-FOR-US: Android
CVE-2020-0114 (In onCreateSliceProvider of KeyguardSliceProvider.java, there is a pos ...)
	NOT-FOR-US: Android
CVE-2020-0113 (In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible ou ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0112
	RESERVED
CVE-2020-0111
	RESERVED
CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write due to  ...)
	- linux 5.5.13-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2)
CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...)
	NOT-FOR-US: Android
CVE-2020-0108
	RESERVED
CVE-2020-0107
	RESERVED
CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...)
	NOT-FOR-US: Android
CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is a poss ...)
	NOT-FOR-US: Android
CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible informatio ...)
	NOT-FOR-US: Android media framework
CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...)
	NOT-FOR-US: Android media framework
CVE-2020-0099
	RESERVED
CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...)
	NOT-FOR-US: Android
CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2020-0095
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...)
	NOT-FOR-US: Android media framework
CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...)
	{DLA-2214-1}
	- libexif 0.6.21-8
	[buster] - libexif <no-dsa> (Minor issue)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://github.com/libexif/libexif/issues/42
	NOTE: https://github.com/libexif/libexif/commit/5ae5973bed1947f4d447dc80b76d5cefadd90133
CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a  ...)
	NOT-FOR-US: Android
CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for meta fac ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2020-0090 (An improper authorization in the receiver component of Email.Product:  ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2020-0089
	RESERVED
CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
	NOT-FOR-US: Android
CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write  ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...)
	NOT-FOR-US: Android
CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...)
	NOT-FOR-US: Android
CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...)
	NOT-FOR-US: Android
CVE-2020-0082 (In ExternalVibration of ExternalVibration.java, there is a possible ac ...)
	NOT-FOR-US: Android
CVE-2020-0081 (In finalize of AssetManager.java, there is possible memory corruption  ...)
	NOT-FOR-US: Android
CVE-2020-0080 (In onOpActiveChanged and related methods of AppOpsControllerImpl.java, ...)
	NOT-FOR-US: Android
CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bou ...)
	NOT-FOR-US: Android
CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a possible ...)
	NOT-FOR-US: Android
CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...)
	NOT-FOR-US: Android
CVE-2020-0074
	RESERVED
CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2020-0071 (In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a pos ...)
	NOT-FOR-US: Android
CVE-2020-0070 (In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...)
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	[jessie] - linux <ignored> (f2fs is not supportable)
	NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06
CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to  ...)
	- linux 4.2.5-1
	[jessie] - linux 3.16.7-ckt20-1
	NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe
CVE-2020-0065 (An improper authorization in the receiver component of the Android Sui ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2020-0064 (An improper authorization while processing the provisioning data.Produ ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...)
	NOT-FOR-US: Android
CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...)
	NOT-FOR-US: Android
CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...)
	NOT-FOR-US: Android
CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...)
	NOT-FOR-US: Android
CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...)
	NOT-FOR-US: Android
CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...)
	NOT-FOR-US: Android
CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...)
	NOT-FOR-US: Android
CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...)
	NOT-FOR-US: Android
CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...)
	NOT-FOR-US: Android
CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...)
	NOT-FOR-US: Android
CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...)
	NOT-FOR-US: Android media framework
CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...)
	NOT-FOR-US: Android media framework
CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...)
	NOT-FOR-US: Android media framework
CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...)
	NOT-FOR-US: Android media framework
CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...)
	NOT-FOR-US: Android
CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...)
	NOT-FOR-US: FPC components for Android
CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...)
	NOT-FOR-US: FPC components for Android
CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...)
	NOT-FOR-US: FPC components for Android
CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...)
	- linux 5.4.6-1
	[buster] - linux <not-affected> (Vulnerability introduced later)
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2
CVE-2020-0040
	RESERVED
	NOTE: Duplicate of CVE-2019-15239, will be rejected
CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...)
	NOT-FOR-US: Android
CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...)
	NOT-FOR-US: Android
CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...)
	NOT-FOR-US: Android
CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...)
	NOT-FOR-US: Android
CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM  ...)
	NOT-FOR-US: Android
CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...)
	{DLA-2136-1}
	- libvpx 1.7.0-3
	[stretch] - libvpx <no-dsa> (Minor issue)
	NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a
CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out  ...)
	NOT-FOR-US: Android media framework
CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible  ...)
	NOT-FOR-US: Android media framework
CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...)
	NOT-FOR-US: Android
CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...)
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a
CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...)
	NOT-FOR-US: Android
CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...)
	NOT-FOR-US: Android
CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...)
	NOT-FOR-US: Android
CVE-2020-0025
	RESERVED
CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...)
	NOT-FOR-US: Android
CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...)
	NOT-FOR-US: Android
CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible  ...)
	NOT-FOR-US: Android
CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...)
	NOT-FOR-US: Android
CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...)
	NOT-FOR-US: Android
CVE-2020-0019
	RESERVED
CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...)
	NOT-FOR-US: Android
CVE-2020-0017 (In multiple places, it was possible for the primary user&#8217;s dicti ...)
	NOT-FOR-US: Android
CVE-2020-0016
	RESERVED
CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay  ...)
	NOT-FOR-US: Android
CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...)
	NOT-FOR-US: Android
CVE-2020-0013
	RESERVED
CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...)
	NOT-FOR-US: FPC components for Android
CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...)
	NOT-FOR-US: FPC components for Android
CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...)
	NOT-FOR-US: FPC components for Android
CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write  ...)
	{DLA-2241-1}
	- linux 5.5.13-1
	[buster] - linux 4.19.118-1
	[stretch] - linux <ignored> (Driver is not enabled or supported)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949
CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there  ...)
	NOT-FOR-US: Android
CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...)
	NOT-FOR-US: Android
CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...)
	NOT-FOR-US: Android
CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...)
	NOT-FOR-US: Android
CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...)
	NOT-FOR-US: Android
CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out of bou ...)
	NOT-FOR-US: Android Media Framework
CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...)
	NOT-FOR-US: Android
CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...)
	- guix <itp> (bug #850644)
	NOTE: https://issues.guix.gnu.org/issue/37744
CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep Security  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerab ...)
	NOT-FOR-US: Trend Micro
CVE-2019-18189 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
	NOT-FOR-US: Trend Micro
CVE-2019-18188 (Trend Micro Apex One could be exploited by an attacker utilizing a com ...)
	NOT-FOR-US: Trend Micro
CVE-2019-18187 (Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-18186
	RESERVED
CVE-2019-18185
	RESERVED
CVE-2019-18184 (Crestron DMC-STRO 1.0 devices allow remote command execution as root v ...)
	NOT-FOR-US: Crestron DMC-STRO 1.0 devices
CVE-2019-18183 (pacman before 5.2 is vulnerable to arbitrary command injection in lib/ ...)
	NOT-FOR-US: pacman package manager for arch, different from src:pacman
CVE-2019-18182 (pacman before 5.2 is vulnerable to arbitrary command injection in conf ...)
	NOT-FOR-US: pacman package manager for arch, different from src:pacman
CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...)
	NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
	- otrs2 6.0.24-1 (bug #945251)
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <not-affected> (vulnerable code not present)
	NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
	{DLA-2053-1}
	- otrs2 6.0.24-1 (bug #945251)
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
	NOT-FOR-US: FreeRTOS+FAT
CVE-2019-18177
	RESERVED
CVE-2019-18176
	RESERVED
CVE-2019-18175
	RESERVED
CVE-2019-18174
	RESERVED
CVE-2019-18173
	RESERVED
CVE-2019-18172
	RESERVED
CVE-2019-18171
	RESERVED
CVE-2019-18170
	RESERVED
CVE-2019-18169
	RESERVED
CVE-2019-18168
	RESERVED
CVE-2019-18167
	RESERVED
CVE-2019-18166
	RESERVED
CVE-2019-18165
	RESERVED
CVE-2019-18164
	RESERVED
CVE-2019-18163
	RESERVED
CVE-2019-18162
	RESERVED
CVE-2019-18161
	RESERVED
CVE-2019-18160
	RESERVED
CVE-2019-18159
	RESERVED
CVE-2019-18158
	RESERVED
CVE-2019-18157
	RESERVED
CVE-2019-18156
	RESERVED
CVE-2019-18155
	RESERVED
CVE-2019-18154
	RESERVED
CVE-2019-18153
	RESERVED
CVE-2019-18152
	RESERVED
CVE-2019-18151
	RESERVED
CVE-2019-18150
	RESERVED
CVE-2019-18149
	RESERVED
CVE-2019-18148
	RESERVED
CVE-2019-18147
	RESERVED
CVE-2019-18146
	RESERVED
CVE-2019-18145
	RESERVED
CVE-2019-18144
	RESERVED
CVE-2019-18143
	RESERVED
CVE-2019-18142
	RESERVED
CVE-2019-18141
	RESERVED
CVE-2019-18140
	RESERVED
CVE-2019-18139
	RESERVED
CVE-2019-18138
	RESERVED
CVE-2019-18137
	RESERVED
CVE-2019-18136
	RESERVED
CVE-2019-18135
	RESERVED
CVE-2019-18134
	RESERVED
CVE-2019-18133
	RESERVED
CVE-2019-18132
	RESERVED
CVE-2019-18131
	RESERVED
CVE-2019-18130
	RESERVED
CVE-2019-18129
	RESERVED
CVE-2019-18128
	RESERVED
CVE-2019-18127
	RESERVED
CVE-2019-18126
	RESERVED
CVE-2019-18125
	RESERVED
CVE-2019-18124
	RESERVED
CVE-2019-18123
	RESERVED
CVE-2019-18122
	RESERVED
CVE-2019-18121
	RESERVED
CVE-2019-18120
	RESERVED
CVE-2019-18119
	RESERVED
CVE-2019-18118
	RESERVED
CVE-2019-18117
	RESERVED
CVE-2019-18116
	RESERVED
CVE-2019-18115
	RESERVED
CVE-2019-18114
	RESERVED
CVE-2019-18113
	RESERVED
CVE-2019-18112
	RESERVED
CVE-2019-18111
	RESERVED
CVE-2019-18110
	RESERVED
CVE-2019-18109
	RESERVED
CVE-2019-18108
	RESERVED
CVE-2019-18107
	RESERVED
CVE-2019-18106
	RESERVED
CVE-2019-18105
	RESERVED
CVE-2019-18104
	RESERVED
CVE-2019-18103
	RESERVED
CVE-2019-18102
	RESERVED
CVE-2019-18101
	RESERVED
CVE-2019-18100
	RESERVED
CVE-2019-18099
	RESERVED
CVE-2019-18098
	RESERVED
CVE-2019-18097
	RESERVED
CVE-2019-18096
	RESERVED
CVE-2019-18095
	RESERVED
CVE-2019-18094
	RESERVED
CVE-2019-18093
	RESERVED
CVE-2019-18092
	RESERVED
CVE-2019-18091
	RESERVED
CVE-2019-18090
	RESERVED
CVE-2019-18089
	RESERVED
CVE-2019-18088
	RESERVED
CVE-2019-18087
	RESERVED
CVE-2019-18086
	RESERVED
CVE-2019-18085
	RESERVED
CVE-2019-18084
	RESERVED
CVE-2019-18083
	RESERVED
CVE-2019-18082
	RESERVED
CVE-2019-18081
	RESERVED
CVE-2019-18080
	RESERVED
CVE-2019-18079
	RESERVED
CVE-2019-18078
	RESERVED
CVE-2019-18077
	RESERVED
CVE-2019-18076
	RESERVED
CVE-2019-18075
	RESERVED
CVE-2019-18074
	RESERVED
CVE-2019-18073
	RESERVED
CVE-2019-18072
	RESERVED
CVE-2019-18071
	RESERVED
CVE-2019-18070
	RESERVED
CVE-2019-18069
	RESERVED
CVE-2019-18068
	RESERVED
CVE-2019-18067
	RESERVED
CVE-2019-18066
	RESERVED
CVE-2019-18065
	RESERVED
CVE-2019-18064
	RESERVED
CVE-2019-18063
	RESERVED
CVE-2019-18062
	RESERVED
CVE-2019-18061
	RESERVED
CVE-2019-18060
	RESERVED
CVE-2019-18059
	RESERVED
CVE-2019-18058
	RESERVED
CVE-2019-18057
	RESERVED
CVE-2019-18056
	RESERVED
CVE-2019-18055
	RESERVED
CVE-2019-18054
	RESERVED
CVE-2019-18053
	RESERVED
CVE-2019-18052
	RESERVED
CVE-2019-18051
	RESERVED
CVE-2019-18050
	RESERVED
CVE-2019-18049
	RESERVED
CVE-2019-18048
	RESERVED
CVE-2019-18047
	RESERVED
CVE-2019-18046
	RESERVED
CVE-2019-18045
	RESERVED
CVE-2019-18044
	RESERVED
CVE-2019-18043
	RESERVED
CVE-2019-18042
	RESERVED
CVE-2019-18041
	RESERVED
CVE-2019-18040
	RESERVED
CVE-2019-18039
	RESERVED
CVE-2019-18038
	RESERVED
CVE-2019-18037
	RESERVED
CVE-2019-18036
	RESERVED
CVE-2019-18035
	RESERVED
CVE-2019-18034
	RESERVED
CVE-2019-18033
	RESERVED
CVE-2019-18032
	RESERVED
CVE-2019-18031
	RESERVED
CVE-2019-18030
	RESERVED
CVE-2019-18029
	RESERVED
CVE-2019-18028
	RESERVED
CVE-2019-18027
	RESERVED
CVE-2019-18026
	RESERVED
CVE-2019-18025
	RESERVED
CVE-2019-18024
	RESERVED
CVE-2019-18023
	RESERVED
CVE-2019-18022
	RESERVED
CVE-2019-18021
	RESERVED
CVE-2019-18020
	RESERVED
CVE-2019-18019
	RESERVED
CVE-2019-18018
	RESERVED
CVE-2019-18017
	RESERVED
CVE-2019-18016
	RESERVED
CVE-2019-18015
	RESERVED
CVE-2019-18014
	RESERVED
CVE-2019-18013
	RESERVED
CVE-2019-18012
	RESERVED
CVE-2019-18011
	RESERVED
CVE-2019-18010
	RESERVED
CVE-2019-18009
	RESERVED
CVE-2019-18008
	RESERVED
CVE-2019-18007
	RESERVED
CVE-2019-18006
	RESERVED
CVE-2019-18005
	RESERVED
CVE-2019-18004
	RESERVED
CVE-2019-18003
	RESERVED
CVE-2019-18002
	RESERVED
CVE-2019-18001
	RESERVED
CVE-2019-18000
	RESERVED
CVE-2019-17999
	RESERVED
CVE-2019-17998
	RESERVED
CVE-2019-17997
	RESERVED
CVE-2019-17996
	RESERVED
CVE-2019-17995
	RESERVED
CVE-2019-17994
	RESERVED
CVE-2019-17993
	RESERVED
CVE-2019-17992
	RESERVED
CVE-2019-17991
	RESERVED
CVE-2019-17990
	RESERVED
CVE-2019-17989
	RESERVED
CVE-2019-17988
	RESERVED
CVE-2019-17987
	RESERVED
CVE-2019-17986
	RESERVED
CVE-2019-17985
	RESERVED
CVE-2019-17984
	RESERVED
CVE-2019-17983
	RESERVED
CVE-2019-17982
	RESERVED
CVE-2019-17981
	RESERVED
CVE-2019-17980
	RESERVED
CVE-2019-17979
	RESERVED
CVE-2019-17978
	RESERVED
CVE-2019-17977
	RESERVED
CVE-2019-17976
	RESERVED
CVE-2019-17975
	RESERVED
CVE-2019-17974
	RESERVED
CVE-2019-17973
	RESERVED
CVE-2019-17972
	RESERVED
CVE-2019-17971
	RESERVED
CVE-2019-17970
	RESERVED
CVE-2019-17969
	RESERVED
CVE-2019-17968
	RESERVED
CVE-2019-17967
	RESERVED
CVE-2019-17966
	RESERVED
CVE-2019-17965
	RESERVED
CVE-2019-17964
	RESERVED
CVE-2019-17963
	RESERVED
CVE-2019-17962
	RESERVED
CVE-2019-17961
	RESERVED
CVE-2019-17960
	RESERVED
CVE-2019-17959
	RESERVED
CVE-2019-17958
	RESERVED
CVE-2019-17957
	RESERVED
CVE-2019-17956
	RESERVED
CVE-2019-17955
	RESERVED
CVE-2019-17954
	RESERVED
CVE-2019-17953
	RESERVED
CVE-2019-17952
	RESERVED
CVE-2019-17951
	RESERVED
CVE-2019-17950
	RESERVED
CVE-2019-17949
	RESERVED
CVE-2019-17948
	RESERVED
CVE-2019-17947
	RESERVED
CVE-2019-17946
	RESERVED
CVE-2019-17945
	RESERVED
CVE-2019-17944
	RESERVED
CVE-2019-17943
	RESERVED
CVE-2019-17942
	RESERVED
CVE-2019-17941
	RESERVED
CVE-2019-17940
	RESERVED
CVE-2019-17939
	RESERVED
CVE-2019-17938
	RESERVED
CVE-2019-17937
	RESERVED
CVE-2019-17936
	RESERVED
CVE-2019-17935
	RESERVED
CVE-2019-17934
	RESERVED
CVE-2019-17933
	RESERVED
CVE-2019-17932
	RESERVED
CVE-2019-17931
	RESERVED
CVE-2019-17930
	RESERVED
CVE-2019-17929
	RESERVED
CVE-2019-17928
	RESERVED
CVE-2019-17927
	RESERVED
CVE-2019-17926
	RESERVED
CVE-2019-17925
	RESERVED
CVE-2019-17924
	RESERVED
CVE-2019-17923
	RESERVED
CVE-2019-17922
	RESERVED
CVE-2019-17921
	RESERVED
CVE-2019-17920
	RESERVED
CVE-2019-17919
	RESERVED
CVE-2019-17918
	RESERVED
CVE-2019-17917
	RESERVED
CVE-2019-17916
	RESERVED
CVE-2019-17915
	RESERVED
CVE-2019-17914
	RESERVED
CVE-2019-17913
	RESERVED
CVE-2019-17912
	RESERVED
CVE-2019-17911
	RESERVED
CVE-2019-17910
	RESERVED
CVE-2019-17909
	RESERVED
CVE-2019-17908
	RESERVED
CVE-2019-17907
	RESERVED
CVE-2019-17906
	RESERVED
CVE-2019-17905
	RESERVED
CVE-2019-17904
	RESERVED
CVE-2019-17903
	RESERVED
CVE-2019-17902
	RESERVED
CVE-2019-17901
	RESERVED
CVE-2019-17900
	RESERVED
CVE-2019-17899
	RESERVED
CVE-2019-17898
	RESERVED
CVE-2019-17897
	RESERVED
CVE-2019-17896
	RESERVED
CVE-2019-17895
	RESERVED
CVE-2019-17894
	RESERVED
CVE-2019-17893
	RESERVED
CVE-2019-17892
	RESERVED
CVE-2019-17891
	RESERVED
CVE-2019-17890
	RESERVED
CVE-2019-17889
	RESERVED
CVE-2019-17888
	RESERVED
CVE-2019-17887
	RESERVED
CVE-2019-17886
	RESERVED
CVE-2019-17885
	RESERVED
CVE-2019-17884
	RESERVED
CVE-2019-17883
	RESERVED
CVE-2019-17882
	RESERVED
CVE-2019-17881
	RESERVED
CVE-2019-17880
	RESERVED
CVE-2019-17879
	RESERVED
CVE-2019-17878
	RESERVED
CVE-2019-17877
	RESERVED
CVE-2019-17876
	RESERVED
CVE-2019-17875
	RESERVED
CVE-2019-17874
	RESERVED
CVE-2019-17873
	RESERVED
CVE-2019-17872
	RESERVED
CVE-2019-17871
	RESERVED
CVE-2019-17870
	RESERVED
CVE-2019-17869
	RESERVED
CVE-2019-17868
	RESERVED
CVE-2019-17867
	RESERVED
CVE-2019-17866
	RESERVED
CVE-2019-17865
	RESERVED
CVE-2019-17864
	RESERVED
CVE-2019-17863
	RESERVED
CVE-2019-17862
	RESERVED
CVE-2019-17861
	RESERVED
CVE-2019-17860
	RESERVED
CVE-2019-17859
	RESERVED
CVE-2019-17858
	RESERVED
CVE-2019-17857
	RESERVED
CVE-2019-17856
	RESERVED
CVE-2019-17855
	RESERVED
CVE-2019-17854
	RESERVED
CVE-2019-17853
	RESERVED
CVE-2019-17852
	RESERVED
CVE-2019-17851
	RESERVED
CVE-2019-17850
	RESERVED
CVE-2019-17849
	RESERVED
CVE-2019-17848
	RESERVED
CVE-2019-17847
	RESERVED
CVE-2019-17846
	RESERVED
CVE-2019-17845
	RESERVED
CVE-2019-17844
	RESERVED
CVE-2019-17843
	RESERVED
CVE-2019-17842
	RESERVED
CVE-2019-17841
	RESERVED
CVE-2019-17840
	RESERVED
CVE-2019-17839
	RESERVED
CVE-2019-17838
	RESERVED
CVE-2019-17837
	RESERVED
CVE-2019-17836
	RESERVED
CVE-2019-17835
	RESERVED
CVE-2019-17834
	RESERVED
CVE-2019-17833
	RESERVED
CVE-2019-17832
	RESERVED
CVE-2019-17831
	RESERVED
CVE-2019-17830
	RESERVED
CVE-2019-17829
	RESERVED
CVE-2019-17828
	RESERVED
CVE-2019-17827
	RESERVED
CVE-2019-17826
	RESERVED
CVE-2019-17825
	RESERVED
CVE-2019-17824
	RESERVED
CVE-2019-17823
	RESERVED
CVE-2019-17822
	RESERVED
CVE-2019-17821
	RESERVED
CVE-2019-17820
	RESERVED
CVE-2019-17819
	RESERVED
CVE-2019-17818
	RESERVED
CVE-2019-17817
	RESERVED
CVE-2019-17816
	RESERVED
CVE-2019-17815
	RESERVED
CVE-2019-17814
	RESERVED
CVE-2019-17813
	RESERVED
CVE-2019-17812
	RESERVED
CVE-2019-17811
	RESERVED
CVE-2019-17810
	RESERVED
CVE-2019-17809
	RESERVED
CVE-2019-17808
	RESERVED
CVE-2019-17807
	RESERVED
CVE-2019-17806
	RESERVED
CVE-2019-17805
	RESERVED
CVE-2019-17804
	RESERVED
CVE-2019-17803
	RESERVED
CVE-2019-17802
	RESERVED
CVE-2019-17801
	RESERVED
CVE-2019-17800
	RESERVED
CVE-2019-17799
	RESERVED
CVE-2019-17798
	RESERVED
CVE-2019-17797
	RESERVED
CVE-2019-17796
	RESERVED
CVE-2019-17795
	RESERVED
CVE-2019-17794
	RESERVED
CVE-2019-17793
	RESERVED
CVE-2019-17792
	RESERVED
CVE-2019-17791
	RESERVED
CVE-2019-17790
	RESERVED
CVE-2019-17789
	RESERVED
CVE-2019-17788
	RESERVED
CVE-2019-17787
	RESERVED
CVE-2019-17786
	RESERVED
CVE-2019-17785
	RESERVED
CVE-2019-17784
	RESERVED
CVE-2019-17783
	RESERVED
CVE-2019-17782
	RESERVED
CVE-2019-17781
	RESERVED
CVE-2019-17780
	RESERVED
CVE-2019-17779
	RESERVED
CVE-2019-17778
	RESERVED
CVE-2019-17777
	RESERVED
CVE-2019-17776
	RESERVED
CVE-2019-17775
	RESERVED
CVE-2019-17774
	RESERVED
CVE-2019-17773
	RESERVED
CVE-2019-17772
	RESERVED
CVE-2019-17771
	RESERVED
CVE-2019-17770
	RESERVED
CVE-2019-17769
	RESERVED
CVE-2019-17768
	RESERVED
CVE-2019-17767
	RESERVED
CVE-2019-17766
	RESERVED
CVE-2019-17765
	RESERVED
CVE-2019-17764
	RESERVED
CVE-2019-17763
	RESERVED
CVE-2019-17762
	RESERVED
CVE-2019-17761
	RESERVED
CVE-2019-17760
	RESERVED
CVE-2019-17759
	RESERVED
CVE-2019-17758
	RESERVED
CVE-2019-17757
	RESERVED
CVE-2019-17756
	RESERVED
CVE-2019-17755
	RESERVED
CVE-2019-17754
	RESERVED
CVE-2019-17753
	RESERVED
CVE-2019-17752
	RESERVED
CVE-2019-17751
	RESERVED
CVE-2019-17750
	RESERVED
CVE-2019-17749
	RESERVED
CVE-2019-17748
	RESERVED
CVE-2019-17747
	RESERVED
CVE-2019-17746
	RESERVED
CVE-2019-17745
	RESERVED
CVE-2019-17744
	RESERVED
CVE-2019-17743
	RESERVED
CVE-2019-17742
	RESERVED
CVE-2019-17741
	RESERVED
CVE-2019-17740
	RESERVED
CVE-2019-17739
	RESERVED
CVE-2019-17738
	RESERVED
CVE-2019-17737
	RESERVED
CVE-2019-17736
	RESERVED
CVE-2019-17735
	RESERVED
CVE-2019-17734
	RESERVED
CVE-2019-17733
	RESERVED
CVE-2019-17732
	RESERVED
CVE-2019-17731
	RESERVED
CVE-2019-17730
	RESERVED
CVE-2019-17729
	RESERVED
CVE-2019-17728
	RESERVED
CVE-2019-17727
	RESERVED
CVE-2019-17726
	RESERVED
CVE-2019-17725
	RESERVED
CVE-2019-17724
	RESERVED
CVE-2019-17723
	RESERVED
CVE-2019-17722
	RESERVED
CVE-2019-17721
	RESERVED
CVE-2019-17720
	RESERVED
CVE-2019-17719
	RESERVED
CVE-2019-17718
	RESERVED
CVE-2019-17717
	RESERVED
CVE-2019-17716
	RESERVED
CVE-2019-17715
	RESERVED
CVE-2019-17714
	RESERVED
CVE-2019-17713
	RESERVED
CVE-2019-17712
	RESERVED
CVE-2019-17711
	RESERVED
CVE-2019-17710
	RESERVED
CVE-2019-17709
	RESERVED
CVE-2019-17708
	RESERVED
CVE-2019-17707
	RESERVED
CVE-2019-17706
	RESERVED
CVE-2019-17705
	RESERVED
CVE-2019-17704
	RESERVED
CVE-2019-17703
	RESERVED
CVE-2019-17702
	RESERVED
CVE-2019-17701
	RESERVED
CVE-2019-17700
	RESERVED
CVE-2019-17699
	RESERVED
CVE-2019-17698
	RESERVED
CVE-2019-17697
	RESERVED
CVE-2019-17696
	RESERVED
CVE-2019-17695
	RESERVED
CVE-2019-17694
	RESERVED
CVE-2019-17693
	RESERVED
CVE-2019-17692
	RESERVED
CVE-2019-17691
	RESERVED
CVE-2019-17690
	RESERVED
CVE-2019-17689
	RESERVED
CVE-2019-17688
	RESERVED
CVE-2019-17687
	RESERVED
CVE-2019-17686
	RESERVED
CVE-2019-17685
	RESERVED
CVE-2019-17684
	RESERVED
CVE-2019-17683
	RESERVED
CVE-2019-17682
	RESERVED
CVE-2019-17681
	RESERVED
CVE-2019-17680
	RESERVED
CVE-2019-17679
	RESERVED
CVE-2019-17678
	RESERVED
CVE-2019-17677
	RESERVED
CVE-2019-17676 (app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a C ...)
	NOT-FOR-US: MetInfo
CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations via unre ...)
	NOT-FOR-US: Samsung Galaxy S10 and Note10 devices
CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...)
	NOT-FOR-US: Comtech H8 Heights Remote Gateway devices
CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://lkml.org/lkml/2019/10/16/1226
CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...)
	- ghidra <itp> (bug #923851)
CVE-2019-17664 (NSA Ghidra through 9.0.4 uses a potentially untrusted search path. Whe ...)
	- ghidra <itp> (bug #923851)
CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in t ...)
	NOT-FOR-US: D-Link
CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...)
	NOT-FOR-US: ThinVNC
CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin Columns) plu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-17659
	RESERVED
CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...)
	NOT-FOR-US: Fortiguard
CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...)
	NOT-FOR-US: Fortiguard
CVE-2019-17656
	RESERVED
CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...)
	NOT-FOR-US: Fortiguard
CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
	NOT-FOR-US: Fortiguard
CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)
	NOT-FOR-US: Fortiguard
CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 a ...)
	NOT-FOR-US: Fortiguard FortiClient
CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...)
	NOT-FOR-US: FortiSIEM
CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...)
	NOT-FOR-US: Fortiguard
CVE-2019-17649
	RESERVED
CVE-2019-17648
	RESERVED
CVE-2019-17647 (An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, a ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17646 (An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10 ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17645 (An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, a ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17644 (An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, a ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17643 (An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, an ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04 ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17641
	RESERVED
CVE-2019-17640
	RESERVED
CVE-2019-17639
	RESERVED
CVE-2019-17638
	RESERVED
CVE-2019-17637
	RESERVED
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...)
	NOT-FOR-US: Eclipse Theia
CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
	NOT-FOR-US: Eclipse Memory Analyzer
CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...)
	NOT-FOR-US: Eclipse Memory Analyzer
CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...)
	NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
	- jetty9 <unfixed>
	[buster] - jetty9 <no-dsa> (Minor issue)
	[stretch] - jetty9 <no-dsa> (Minor issue)
	- jetty8 <removed>
	[jessie] - jetty8 <not-affected> (vulnerable code introduced later)
	- jetty <removed>
	[jessie] - jetty <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443
CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-17629 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-17628
	RESERVED
CVE-2019-17627 (The Yale Bluetooth Key application for mobile devices allows unauthori ...)
	NOT-FOR-US: Yale Bluetooth Key application for mobile devices
CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of toCol ...)
	{DSA-4663-1 DLA-2112-1}
	- python-reportlab 3.5.34-1 (bug #942763)
	NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
	NOTE: Minimal patch in https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code#comment-55887892
	NOTE: but upstream did make the bugreport private.
CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...)
	NOT-FOR-US: Rambox
CVE-2019-17624 ("" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in ...)
	NOTE: Bogus report, will probably get rejected
	NOTE: https://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html
CVE-2019-17623
	RESERVED
CVE-2019-17622
	RESERVED
CVE-2019-17675 (WordPress before 5.2.4 does not properly consider type confusion durin ...)
	{DSA-4599-1 DLA-1980-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://core.trac.wordpress.org/changeset/46477
	NOTE: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17674 (WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ...)
	{DSA-4599-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	[jessie] - wordpress <postponed> (officially fixed in 4.1.28 but no related fix was identified)
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
	NOTE: https://wordpress.org/support/wordpress-version/version-4.1.28/
	NOTE: https://github.com/WordPress/WordPress/commit/d1e2b35359df9644f255b7b54a568b56a2c490d7 (4.1.28)
CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ...)
	{DSA-4599-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	[jessie] - wordpress <not-affected> (vulnerable code not present)
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://core.trac.wordpress.org/changeset/46478
	NOTE: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17672 (WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject  ...)
	{DSA-4599-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	[jessie] - wordpress <postponed> (officially fixed in 4.1.28 but no related fix was identified)
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
	NOTE: https://wordpress.org/support/wordpress-version/version-4.1.28/
	NOTE: https://github.com/WordPress/WordPress/commit/d1e2b35359df9644f255b7b54a568b56a2c490d7 (4.1.28)
CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain content  ...)
	{DSA-4599-1 DLA-1980-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://core.trac.wordpress.org/changeset/46474
	NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
	{DLA-1980-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[buster] - wordpress <no-dsa> (Minor issue)
	[stretch] - wordpress <no-dsa> (Minor issue)
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://core.trac.wordpress.org/changeset/46472
	NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
	{DSA-4599-1 DLA-1980-1}
	- wordpress 5.2.4+dfsg1-1 (bug #942459)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
	NOTE: https://core.trac.wordpress.org/changeset/46475
	NOTE: https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea
	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17621 (The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.0 ...)
	NOT-FOR-US: D-Link
CVE-2019-17620
	RESERVED
CVE-2019-17619
	RESERVED
CVE-2019-17618
	RESERVED
CVE-2019-17617
	RESERVED
CVE-2019-17616
	RESERVED
CVE-2019-17615
	RESERVED
CVE-2019-17614
	RESERVED
CVE-2019-17613 (qibosoft 7 allows remote code execution because do/jf.php makes eval c ...)
	NOT-FOR-US: qibosoft
CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL Injection gene ...)
	NOT-FOR-US: 74CMS
CVE-2019-17611 (HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. ...)
	NOT-FOR-US: HongCMS
CVE-2019-17610 (HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. ...)
	NOT-FOR-US: HongCMS
CVE-2019-17609 (HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. ...)
	NOT-FOR-US: HongCMS
CVE-2019-17608 (HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. ...)
	NOT-FOR-US: HongCMS
CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername parameter. ...)
	NOT-FOR-US: HongCMS
CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0  ...)
	NOT-FOR-US: hexo-admin Node module
CVE-2019-17605 (A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15  ...)
	NOT-FOR-US: eyeCMS
CVE-2019-17604 (An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms e ...)
	NOT-FOR-US: eyeCMS
CVE-2019-17603 (Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate i ...)
	NOT-FOR-US: Asus
CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2019-17601 (In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP ...)
	NOT-FOR-US: MiniShare
CVE-2016-11016 (NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. ...)
	NOT-FOR-US: NETGEAR
CVE-2016-11015 (NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via ...)
	NOT-FOR-US: NETGEAR
CVE-2016-11014 (NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control  ...)
	NOT-FOR-US: NETGEAR
CVE-2019-17600 (Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrato ...)
	NOT-FOR-US: Intelbras IWR 1000N devices
CVE-2019-17599 (The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5  ...)
	NOT-FOR-US: quiz-master-next (aka Quiz And Survey Master) plugin for WordPress
CVE-2019-17598 (An issue was discovered in Lightbend Play Framework 2.5.x through 2.6. ...)
	NOT-FOR-US: Lightbend Play Framework
CVE-2019-17597
	RESERVED
CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input  ...)
	{DLA-1986-1}
	- ruby-haml 5.0.4-1
	[stretch] - ruby-haml <no-dsa> (Minor issue)
	NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
	NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...)
	{DSA-4551-1}
	- golang-1.13 1.13.3-1 (bug #942628)
	- golang-1.12 1.12.12-1 (bug #942629)
	- golang-1.11 <removed>
	- golang-1.8 <removed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://golang.org/issue/34960
	NOTE: https://github.com/golang/go/issues/34962 (1.13 backport)
	NOTE: https://github.com/golang/go/issues/34961 (1.12 backport)
	NOTE: https://groups.google.com/forum/#!msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ
CVE-2019-17595 (There is a heap-based buffer over-read in the fmt_entry function in ti ...)
	- ncurses 6.1+20191019-1 (low; bug #942401)
	[buster] - ncurses 6.1+20181013-2+deb10u2
	[stretch] - ncurses <no-dsa> (Minor issue)
	[jessie] - ncurses <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
CVE-2019-17594 (There is a heap-based buffer over-read in the _nc_find_entry function  ...)
	- ncurses 6.1+20191019-1 (low; bug #942401)
	[buster] - ncurses 6.1+20181013-2+deb10u2
	[stretch] - ncurses <no-dsa> (Minor issue)
	[jessie] - ncurses <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html
	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
CVE-2019-17593 (JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an adm ...)
	NOT-FOR-US: JIZHICMS
CVE-2019-17592 (The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular ...)
	NOT-FOR-US: csv-parse Node module
CVE-2019-17591
	RESERVED
CVE-2019-17590 (** DISPUTED ** The csrf_callback function in the CSRF Magic library th ...)
	NOT-FOR-US: CSRF Magic library
CVE-2019-17589
	REJECTED
CVE-2019-17588
	REJECTED
CVE-2019-17587
	REJECTED
CVE-2019-17586
	REJECTED
CVE-2019-17585
	REJECTED
CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which all ...)
	NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices
CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-17582
	RESERVED
CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
	NOT-FOR-US: tonyy dormsystem
CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...)
	NOT-FOR-US: tonyy dormsystem
CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on account/p ...)
	NOT-FOR-US: SonarSource SonarQube
CVE-2019-17578 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...)
	- dolibarr <removed>
CVE-2019-17577 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...)
	- dolibarr <removed>
CVE-2019-17576 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...)
	- dolibarr <removed>
CVE-2019-17575 (A file-rename filter bypass exists in admin/media/rename.php in WBCE C ...)
	NOT-FOR-US: WBCE CMS
CVE-2019-17574 (An issue was discovered in the Popup Maker plugin before 1.8.13 for Wo ...)
	NOT-FOR-US: Popup Maker plugin for WordPress
CVE-2019-17573 (By default, Apache CXF creates a /services page containing a listing o ...)
	NOT-FOR-US: Apache CFX
CVE-2019-17572 (In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation i ...)
	NOT-FOR-US: Apache RocketMQ
CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...)
	{DSA-4686-1 DLA-2065-1}
	- apache-log4j1.2 1.2.17-9 (bug #947124)
	NOTE: https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E
	NOTE: CVE-2019-17571 correspond to CVE-2017-5645 for apache-log4j2. 1.2.x branch
	NOTE: is end-of-life upstream and does not recieve a fix for this issue. Users
	NOTE: should upgrade to Log4j 2.x.
	NOTE: Fixed by https://src.fedoraproject.org/rpms/log4j12/c/d4c817c458d69dcc629a7271999d178b0dcb7c74?branch=master
CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.parser ...)
	{DSA-4619-1 DLA-2078-1}
	- libxmlrpc3-java <removed> (bug #949089)
	NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
	NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
	NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...)
	{DSA-4680-1 DSA-4673-1 DLA-2133-1}
	- tomcat9 9.0.31-1
	- tomcat8 <removed>
	[jessie] - tomcat8 <not-affected> (vulnerable code introduced in later version)
	- tomcat7 <removed>
	NOTE: https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998 (9.0.31)
	NOTE: https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3 (8.5.51)
	NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100)
CVE-2019-17568
	REJECTED
CVE-2019-17567
	RESERVED
CVE-2019-17566 [SSRF vulnerability]
	RESERVED
	- batik <unfixed> (bug #964510)
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2
	NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
	NOTE: corresponding bug: https://issues.apache.org/jira/browse/BATIK-1276
CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
	{DSA-4672-1}
	- trafficserver 8.0.6+ds-1
	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
	NOTE: https://github.com/apache/trafficserver/commit/60e0a8ce23d390b851873e020483d6f75e857158
CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...)
	NOT-FOR-US: Dubbo
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,  ...)
	{DSA-4680-1 DSA-4596-1 DLA-2209-1 DLA-2077-1}
	- tomcat9 9.0.31-1
	- tomcat8 <removed>
	- tomcat7 <removed>
	NOTE: https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652 (9.0.30)
	NOTE: https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c (8.5.50)
	NOTE: https://github.com/apache/tomcat/commit/ab72a106fe5d992abddda954e30849d7cf8cc583 (7.0.99)
CVE-2019-17562 (A buffer overflow vulnerability has been found in the baremetal compon ...)
	NOT-FOR-US: Apache CloudStack
CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully validate code s ...)
	- netbeans <unfixed> (unimportant)
	NOTE: Debian packages updated via apt
CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL certific ...)
	- netbeans <unfixed> (unimportant)
	NOTE: Debian packages updated via apt
CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
	{DSA-4672-1}
	- trafficserver 8.0.6+ds-1
	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...)
	- lucene-solr <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/30/1
	NOTE: https://issues.apache.org/jira/browse/SOLR-13971
	NOTE: https://issues.apache.org/jira/browse/SOLR-14025
	TODO: check, whilst the advisory claims 5.0.0 upwards only the SolrParamResourceLoader might be of issue already earlier?
CVE-2019-17557 (It was found that the Apache Syncope EndUser UI login page prio to 2.0 ...)
	NOT-FOR-US: Apache Syncope
CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...)
	NOT-FOR-US: Olingo
CVE-2019-17555 (The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to  ...)
	NOT-FOR-US: Olingo
CVE-2019-17554 (The XML content type entity deserializer in Apache Olingo versions 4.0 ...)
	NOT-FOR-US: Olingo
CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
	NOT-FOR-US: MetInfo
CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...)
	NOT-FOR-US: Apak Wholesale Floorplanning Finance
CVE-2019-17550 (The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cros ...)
	NOT-FOR-US: Blog2Social plugin for WordPress
CVE-2019-17549 (ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-servic ...)
	NOT-FOR-US: ESET Cyber Security
CVE-2019-17548
	RESERVED
CVE-2015-9536 (The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9535 (The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as use ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9534 (The Easy Digital Downloads (EDD) Quota theme for WordPress, as used wi ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9533 (The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used  ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9532 (The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9531 (The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9530 (The Easy Digital Downloads (EDD) Upload File extension for WordPress,  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9529 (The Easy Digital Downloads (EDD) Stripe extension for WordPress, as us ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9528 (The Easy Digital Downloads (EDD) Software Licensing extension for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9527 (The Easy Digital Downloads (EDD) Simple Shipping extension for WordPre ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9526 (The Easy Digital Downloads (EDD) Reviews extension for WordPress, as u ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9525 (The Easy Digital Downloads (EDD) Recurring Payments extension for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9524 (The Easy Digital Downloads (EDD) Recount Earnings extension for WordPr ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9523 (The Easy Digital Downloads (EDD) Recommended Products extension for Wo ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9522 (The Easy Digital Downloads (EDD) QR Code extension for WordPress, as u ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9521 (The Easy Digital Downloads (EDD) Pushover Notifications extension for  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9520 (The Easy Digital Downloads (EDD) Per Product Emails extension for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9519 (The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress,  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9518 (The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9517 (The Easy Digital Downloads (EDD) Manual Purchases extension for WordPr ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9516 (The Easy Digital Downloads (EDD) Invoices extension for WordPress, as  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9515 (The Easy Digital Downloads (EDD) htaccess Editor extension for WordPre ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9514 (The Easy Digital Downloads (EDD) Free Downloads extension for WordPres ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9513 (The Easy Digital Downloads (EDD) Favorites extension for WordPress, as ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9512 (The Easy Digital Downloads (EDD) CSV Manager extension for WordPress,  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9511 (The Easy Digital Downloads (EDD) Conditional Success Redirects extensi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9510 (The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordP ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9509 (The Easy Digital Downloads (EDD) Content Restriction extension for Wor ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9508 (The Easy Digital Downloads (EDD) Commissions extension for WordPress,  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9507 (The Easy Digital Downloads (EDD) Attach Accounts to Orders extension f ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9506 (The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9505 (The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9504 (The weeklynews theme before 2.2.9 for WordPress has XSS via the s para ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9503 (The Modern theme before 1.4.2 for WordPress has XSS via the genericons ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9502 (The Auberge theme before 1.4.5 for WordPress has XSS via the genericon ...)
	NOT-FOR-US: Wordpress theme
CVE-2015-9501 (The Artificial Intelligence theme before 1.2.4 for WordPress has XSS b ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9500 (The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9499 (The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execut ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9498 (The wps-hide-login plugin before 1.1 for WordPress has CSRF that affec ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9497 (The ad-inserter plugin before 1.5.3 for WordPress has CSRF with result ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9496 (The freshmail-newsletter plugin before 1.6 for WordPress has shortcode ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9495 (The syndication-links plugin before 1.0.3 for WordPress has XSS via th ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9494 (The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS vi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9493 (The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS is ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397
CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...)
	{DSA-4670-1 DSA-4608-1 DLA-2147-1 DLA-2009-1}
	- gdal <unfixed> (unimportant)
	- tiff 4.0.10+git190818-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443
	NOTE: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
	NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
	NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
	{DLA-1984-1}
	- gdal 2.4.2+dfsg-2 (low)
	[buster] - gdal <no-dsa> (Minor issue)
	[stretch] - gdal <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
	NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...)
	{DLA-1966-1}
	- aspell 0.60.8-1 (low)
	[buster] - aspell <no-dsa> (Minor issue)
	[stretch] - aspell <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
	NOTE: https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela ...)
	- lz4 1.9.2-1 (low; bug #943680)
	[buster] - lz4 <ignored> (Minor issue)
	[stretch] - lz4 <ignored> (Minor issue)
	[jessie] - lz4 <no-dsa> (Very hard to exploit, low risk)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941
	NOTE: https://github.com/lz4/lz4/pull/756
	NOTE: https://github.com/lz4/lz4/pull/760
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
	{DLA-2021-1}
	- ffmpeg 7:4.2.1-1
	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
CVE-2019-17541 (ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo  ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c1a5aa3f4214ad6e4748de84dad44398959014e1
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1641
	NOTE: vulnerable code introduced in
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/edb32b1780e23c76b5d6dd735f89959a0b7e3867
CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPS ...)
	- imagemagick <not-affected> (bug #942578; Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826
	NOTE: vulnerable code introduced in
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/bfb5bdd6b41dac60d5171108fc02ecaf8735c4a8
	NOTE: no upstream bug report, four commits:
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/668d6a970553a94b0a2e378afda1d37abac94b5c
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9667a9034a5eeedb30dfb18cfd1083ff32fd679b
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/73dd03cfb57f8f8c0a732fa062b9966ec7bf2f91
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/e868e227085463932c5db32e5e0f27e306a0eb95
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/b9261b1bce3dbfeecc445e092d207434b41c0752
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5a4c9cfb76ee82bda0cd970cc9e58499b09cc137
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
	- ffmpeg 7:4.2.1-1 (low)
	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
	- libav <removed> (low)
	[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
CVE-2019-17538 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for fil ...)
	NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17537 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for fil ...)
	NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17536 (Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Da ...)
	NOT-FOR-US: Gila CMS
CVE-2019-17535 (Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blo ...)
	NOT-FOR-US: Gila CMS
CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips befor ...)
	- vips <not-affected> (Vulnerable code never in a released version)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
	NOTE: Introduced by: https://github.com/libvips/libvips/commit/https://github.com/libvips/libvips/commit/25e457736173369dcb0f7c09d07af68aedbdc175
	NOTE: Fixed by: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d
CVE-2019-17533 (Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' ch ...)
	{DLA-2267-1}
	- libmatio 1.5.17-4 (bug #942255)
	[buster] - libmatio <no-dsa> (Minor issue)
	[stretch] - libmatio <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856
	NOTE: https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a
CVE-2019-17532 (An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OW ...)
	NOT-FOR-US: Belkin
CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DLA-2030-1}
	- jackson-databind 2.10.1-1
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2498
	NOTE: https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
	NOTE: but still an issue when Default Typing is enabled.
CVE-2019-17530 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
	NOT-FOR-US: Bento4
CVE-2019-17529 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
	NOT-FOR-US: Bento4
CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the func ...)
	NOT-FOR-US: Bento4
CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS JOBS FREE  ...)
	NOT-FOR-US: JS JOBS FREE extension for Joomla!
CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Server th ...)
	NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in Debian)
CVE-2019-17525 (The login page on D-Link DIR-615 T1 20.10 devices allows remote attack ...)
	NOT-FOR-US: D-Link
CVE-2019-17524 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...)
	NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
CVE-2019-17523 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...)
	NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices
CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the ...)
	NOT-FOR-US: Hotaru CMS
CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerab ...)
	NOT-FOR-US: Landing-CMS
CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments SDK throu ...)
	NOT-FOR-US: Texas Instruments
CVE-2019-17519 (The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for K ...)
	NOT-FOR-US: NXP
CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
	NOT-FOR-US: Dialog Semiconductor
CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
	NOT-FOR-US: Dialog Semiconductor
CVE-2019-17516
	RESERVED
CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPre ...)
	NOT-FOR-US: CleanTalk cleantalk-spam-protect plugin for WordPress
CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 2016 has  ...)
	NOT-FOR-US: Non-actionable CVE assignment for Python docs
CVE-2019-17513 (An issue was discovered in Ratpack before 1.7.5. Due to a misuse of th ...)
	NOT-FOR-US: Ratpack
CVE-2019-17512 (There are some web interfaces without authentication requirements on D ...)
	NOT-FOR-US: D-Link
CVE-2019-17511 (There are some web interfaces without authentication requirements on D ...)
	NOT-FOR-US: D-Link
CVE-2019-17510 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to  ...)
	NOT-FOR-US: D-Link
CVE-2019-17509 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to  ...)
	NOT-FOR-US: D-Link
CVE-2019-17508 (On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEV ...)
	NOT-FOR-US: D-Link
CVE-2019-17507 (An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker ...)
	NOT-FOR-US: D-Link
CVE-2019-17506 (There are some web interfaces without authentication requirements on D ...)
	NOT-FOR-US: D-Link
CVE-2019-17505 (D-Link DAP-1320 A2-V1.21 routers have some web interfaces without auth ...)
	NOT-FOR-US: D-Link
CVE-2017-18638 (send_email in graphite-web/webapp/graphite/composer/views.py in Graphi ...)
	{DLA-1962-1}
	- graphite-web 1.1.4-5
	[buster] - graphite-web 1.1.4-3+deb10u1
	NOTE: https://github.com/graphite-project/graphite-web/issues/2008
	NOTE: https://github.com/graphite-project/graphite-web/pull/2499
	NOTE: https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm
CVE-2019-17504 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...)
	NOT-FOR-US: Kirona Dynamic Resource Scheduling (DRS)
CVE-2019-17503 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...)
	NOT-FOR-US: Kirona Dynamic Resource Scheduling (DRS)
CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon crash wh ...)
	NOT-FOR-US: Hydra (different from src:hydra)
CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS commands via t ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17500
	RESERVED
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
	NOT-FOR-US: Compal CH7465LG devices
CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
	{DLA-1991-1}
	- libssh2 <unfixed> (low; bug #943562)
	[buster] - libssh2 <no-dsa> (Minor issue)
	[stretch] - libssh2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
	NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
	NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf,
	NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and
	NOTE: libssh2_get_string(), forming part of the fix):
	NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416
	NOTE: Only exploitable with a malicious server
CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...)
	- boa <removed>
CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...)
	- boa <removed>
CVE-2015-9492 (The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 fo ...)
	NOT-FOR-US: ThemeMakers SmartIT Premium Responsive theme for WordPress
CVE-2015-9491 (The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 f ...)
	NOT-FOR-US: ThemeMakers Blessing Premium Responsive theme for WordPress
CVE-2015-9490 (The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPr ...)
	NOT-FOR-US: ThemeMakers GamesTheme Premium theme for WordPress
CVE-2015-9489 (The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 fo ...)
	NOT-FOR-US: ThemeMakers Goodnex Premium Responsive theme for WordPress
CVE-2015-9488 (The ThemeMakers Almera Responsive Portfolio Site Template component th ...)
	NOT-FOR-US: ThemeMakers Almera Responsive Portfolio Site Template component for WordPress
CVE-2015-9487 (The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 f ...)
	NOT-FOR-US: ThemeMakers Almera Responsive Portfolio theme for WordPress
CVE-2015-9486 (The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for ...)
	NOT-FOR-US: ThemeMakers Axioma Premium Responsive theme for WordPress
CVE-2015-9485 (The ThemeMakers Accio Responsive Parallax One Page Site Template compo ...)
	NOT-FOR-US: ThemeMakers Accio Responsive Parallax One Page Site Template component for WordPress
CVE-2015-9484 (The ThemeMakers Accio One Page Parallax Responsive theme through 2015- ...)
	NOT-FOR-US: ThemeMakers Accio One Page Parallax Responsive theme for WordPress
CVE-2015-9483 (The ThemeMakers Invento Responsive Gallery/Architecture Template compo ...)
	NOT-FOR-US: ThemeMakers Invento Responsive Gallery/Architecture Template component for WordPress
CVE-2015-9482 (The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015 ...)
	NOT-FOR-US: ThemeMakers Car Dealer / Auto Dealer Responsive theme for WordPress
CVE-2015-9481 (The ThemeMakers Diplomat | Political theme through 2015-05-15 for Word ...)
	NOT-FOR-US: ThemeMakers Diplomat | Political theme for WordPress
CVE-2010-5340 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5339 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5338 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5337 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5336 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admi ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5335 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2010-5334 (IceWarp Webclient before 10.2.1 has a directory traversal vulnerabilit ...)
	NOT-FOR-US: IceWarp Webclient
CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft ...)
	NOT-FOR-US: Tracker PDF-XChange Editor
CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is  ...)
	NOT-FOR-US: Craft CMS
CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI b ...)
	- node-swagger-ui <itp> (bug #871461)
	- swagger-ui <itp> (bug #895422)
CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
	NOT-FOR-US: laravel-bjyblog
CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_ ...)
	NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17492
	RESERVED
CVE-2019-17491 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[descrip ...)
	NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17490 (app\modules\polygon\controllers\ProblemController in Jiangnan Online J ...)
	NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17489 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title]  ...)
	NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17488 (b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent  ...)
	NOT-FOR-US: b3log Symphony
CVE-2019-17487
	RESERVED
CVE-2019-17486
	RESERVED
CVE-2019-17485
	RESERVED
CVE-2019-17484
	RESERVED
CVE-2019-17483
	RESERVED
CVE-2019-17482
	RESERVED
CVE-2019-17481
	RESERVED
CVE-2019-17480
	RESERVED
CVE-2019-17479
	RESERVED
CVE-2019-17478
	RESERVED
CVE-2019-17477
	RESERVED
CVE-2019-17476
	RESERVED
CVE-2019-17475
	RESERVED
CVE-2019-17474
	RESERVED
CVE-2019-17473
	RESERVED
CVE-2019-17472
	RESERVED
CVE-2019-17471
	RESERVED
CVE-2019-17470
	RESERVED
CVE-2019-17469
	RESERVED
CVE-2019-17468
	RESERVED
CVE-2019-17467
	RESERVED
CVE-2019-17466
	RESERVED
CVE-2019-17465
	RESERVED
CVE-2019-17464
	RESERVED
CVE-2019-17463
	RESERVED
CVE-2019-17462
	RESERVED
CVE-2019-17461
	RESERVED
CVE-2019-17460
	RESERVED
CVE-2019-17459
	RESERVED
CVE-2019-17458
	RESERVED
CVE-2019-17457
	RESERVED
CVE-2019-17456
	RESERVED
CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...)
	{DLA-2207-1}
	- libntlm 1.6-1 (bug #942145)
	[buster] - libntlm <no-dsa> (Minor issue)
	[stretch] - libntlm <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/jas/libntlm/issues/2
	NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e
CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...)
	NOT-FOR-US: Bento4
CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWri ...)
	NOT-FOR-US: Bento4
CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListIns ...)
	NOT-FOR-US: Bento4
CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25070
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1
	NOTE: binutils not covered by security support
CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25078
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b
	NOTE: binutils not covered by security support
CVE-2019-17449 (** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL  ...)
	NOT-FOR-US: Avira Software Updater
CVE-2019-17448
	RESERVED
CVE-2019-17447
	RESERVED
CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26. The agen ...)
	NOT-FOR-US: Eracent EPA Agent
CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Ag ...)
	NOT-FOR-US: Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent
CVE-2019-17444
	RESERVED
CVE-2019-17443
	RESERVED
CVE-2019-17442
	RESERVED
CVE-2019-17441
	RESERVED
CVE-2019-17440 (Improper restriction of communications to Log Forwarding Card (LFC) on ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2019-17439
	RESERVED
CVE-2019-17438
	RESERVED
CVE-2019-17437 (An improper authentication check in Palo Alto Networks PAN-OS may allo ...)
	NOT-FOR-US: PAN-OS
CVE-2019-17436 (A Local Privilege Escalation vulnerability exists in GlobalProtect Age ...)
	NOT-FOR-US: GlobalProtect Agent
CVE-2019-17435 (A Local Privilege Escalation vulnerability exists in the GlobalProtect ...)
	NOT-FOR-US: GlobalProtect Agent
CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that is mishan ...)
	NOT-FOR-US: LavaLite
CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles s ...)
	NOT-FOR-US: z-song laravel-admin
CVE-2019-17432 (An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a p ...)
	NOT-FOR-US: fastadmin
CVE-2019-17431 (An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a p ...)
	NOT-FOR-US: fastadmin
CVE-2019-17430 (EyouCms through 2019-07-11 has XSS related to the login.php web_record ...)
	NOT-FOR-US: EyouCms
CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id ...)
	NOT-FOR-US: Adhouma CMS
CVE-2015-9480 (The RobotCPA plugin 5 for WordPress has directory traversal via the f. ...)
	NOT-FOR-US: RobotCPA plugin for WordPress
CVE-2015-9479 (The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has a ...)
	NOT-FOR-US: ACF-Frontend-Display plugin for WordPress
CVE-2015-9478 (prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. ...)
	NOT-FOR-US: prettyPhoto
CVE-2015-9477 (The Vernissage theme 1.2.8 for WordPress has insufficient restrictions ...)
	NOT-FOR-US: Vernissage theme for WordPress
CVE-2015-9476 (The Teardrop theme 1.8.1 for WordPress has insufficient restrictions o ...)
	NOT-FOR-US: Teardrop theme for WordPress
CVE-2015-9475 (The Pont theme 1.5 for WordPress has insufficient restrictions on opti ...)
	NOT-FOR-US: Pont theme for WordPress
CVE-2015-9474 (The Simpolio theme 1.3.2 for WordPress has insufficient restrictions o ...)
	NOT-FOR-US: Simpolio theme for WordPress
CVE-2015-9473 (The estrutura-basica theme through 2015-09-13 for WordPress has direct ...)
	NOT-FOR-US: estrutura-basica theme for WordPress
CVE-2015-9472 (The incoming-links plugin before 0.9.10b for WordPress has referrers.p ...)
	NOT-FOR-US: incoming-links plugin for WordPress
CVE-2015-9471 (The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.p ...)
	NOT-FOR-US: dzs-zoomsounds plugin for WordPress
CVE-2015-9470 (The history-collection plugin through 1.1.1 for WordPress has director ...)
	NOT-FOR-US: history-collection plugin for WordPress
CVE-2015-9469 (The content-grabber plugin 1.0 for WordPress has XSS via obj_field_nam ...)
	NOT-FOR-US: content-grabber plugin for WordPress
CVE-2015-9468 (The broken-link-manager plugin 0.4.5 for WordPress has XSS via the pag ...)
	NOT-FOR-US: broken-link-manager plugin for WordPress
CVE-2015-9467 (The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelU ...)
	NOT-FOR-US: broken-link-manager plugin for WordPress
CVE-2015-9466 (The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostPro ...)
	NOT-FOR-US: wti-like-post plugin for WordPress
CVE-2015-9465 (The yet-another-stars-rating plugin before 0.9.1 for WordPress has yas ...)
	NOT-FOR-US: yet-another-stars-rating plugin for WordPress
CVE-2015-9464 (The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPr ...)
	NOT-FOR-US: s3bubble-amazon-s3-html-5-video-with-adverts plugin for WordPress
CVE-2015-9463 (The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has di ...)
	NOT-FOR-US: s3bubble-amazon-s3-audio-streaming plugin for WordPress
CVE-2015-9462 (The awesome-filterable-portfolio plugin before 1.9 for WordPress has a ...)
	NOT-FOR-US: awesome-filterable-portfolio plugin for WordPress
CVE-2015-9461 (The awesome-filterable-portfolio plugin before 1.9 for WordPress has a ...)
	NOT-FOR-US: awesome-filterable-portfolio plugin for WordPress
CVE-2015-9460 (The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTr ...)
	NOT-FOR-US: booking-system plugin for WordPress
CVE-2015-9459 (The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS v ...)
	NOT-FOR-US: searchterms-tagging-2 plugin for WordPress
CVE-2015-9458 (The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL i ...)
	NOT-FOR-US: searchterms-tagging-2 plugin for WordPress
CVE-2015-9457 (The pretty-link plugin before 1.6.8 for WordPress has PrliLinksControl ...)
	NOT-FOR-US: pretty-link plugin for WordPress
CVE-2019-17428 (An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the en ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists ...)
	{DSA-4574-1}
	- redmine 4.0.4-1
	NOTE: Fixed in 3.4.11 and 4.0.4
	NOTE: https://github.com/redmine/redmine/commit/899fc2e0cd2bcb4f5f9333b612b160bb9c6e803b
CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass access co ...)
	NOT-FOR-US: Automattic Mongoose (different from Cesenta Mongoose)
CVE-2019-17425
	RESERVED
CVE-2019-17424 (A stack-based buffer overflow in the processPrivilage() function in IO ...)
	NOT-FOR-US: nipper-ng
CVE-2019-17423
	RESERVED
CVE-2019-17422
	RESERVED
CVE-2019-17421 (Incorrect file permissions on the packaged Nipper executable file in Z ...)
	NOT-FOR-US: Zoho
CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other prod ...)
	- libhtp 1:0.5.31-1
	[buster] - libhtp <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/libhtp/pull/213
CVE-2019-17419 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
	NOT-FOR-US: MetInfo
CVE-2019-17418 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
	NOT-FOR-US: MetInfo
CVE-2019-17417 (PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p= ...)
	NOT-FOR-US: PbootCMS
CVE-2019-17416
	RESERVED
CVE-2019-17415 (A Structured Exception Handler (SEH) based buffer overflow in File Sha ...)
	NOT-FOR-US: File Sharing Wizard
CVE-2019-17414 (tinylcy Vino through 2017-12-15 allows remote attackers to cause a den ...)
	NOT-FOR-US: tinylcy Vino
CVE-2019-17413
	RESERVED
CVE-2019-17412
	RESERVED
CVE-2019-17411
	RESERVED
CVE-2019-17410
	RESERVED
CVE-2019-17409 (Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5. ...)
	NOT-FOR-US: OpenEMR
CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows re ...)
	NOT-FOR-US: ZZZCMS
CVE-2019-17407
	RESERVED
CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol allowing th ...)
	- libnbd 1.0.3-1 (bug #942215)
	NOTE: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html
	NOTE: https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09 (1.1.4)
	NOTE: https://github.com/libguestfs/libnbd/commit/2c1987fc23d6d0f537edc6d4701e95a2387f7917 (stable-1.0)
CVE-2019-17406 (Nokia IMPACT &lt; 18A has path traversal that may lead to RCE if chain ...)
	NOT-FOR-US: Nokia
CVE-2019-17405 (Nokia IMPACT &lt; 18A: has Reflected self XSS ...)
	NOT-FOR-US: Nokia
CVE-2019-17404 (Nokia IMPACT &lt; 18A: allows full path disclosure ...)
	NOT-FOR-US: Nokia
CVE-2019-17403 (Nokia IMPACT &lt; 18A: An unrestricted File Upload vulnerability was f ...)
	NOT-FOR-US: Nokia
CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...)
	{DLA-2019-1}
	- exiv2 <unfixed> (bug #946341)
	[buster] - exiv2 <no-dsa> (Minor issue)
	[stretch] - exiv2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/1019
	NOTE: https://github.com/Exiv2/exiv2/commit/88054239e3c914862d13f6ac89a19a104fa2c076 (master)
	NOTE: https://github.com/Exiv2/exiv2/commit/50e9dd964a439da357798344ed1dd86edcadf0ec (0.27-branch)
	NOTE: Follow-up: https://github.com/Exiv2/exiv2/issues/1026
CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-rea ...)
	- liblnk <unfixed> (unimportant)
	NOTE: https://github.com/libyal/liblnk/issues/40
	NOTE: Negligible/questionable security impact
CVE-2019-17400 (The unoconv package before 0.9 mishandles untrusted pathnames, leading ...)
	- unoconv 0.7-2 (low; bug #943561)
	[buster] - unoconv <no-dsa> (Minor issue)
	[stretch] - unoconv <no-dsa> (Minor issue)
	[jessie] - unoconv <no-dsa> (Minor issue)
	NOTE: https://github.com/unoconv/unoconv/pull/510
CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...)
	NOT-FOR-US: Shack Forms Pro extension for Joomla!
CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token informa ...)
	NOT-FOR-US: Dark Horse Comics application
CVE-2019-17397 (In the DoorDash application through 11.5.2 for Android, the username a ...)
	NOT-FOR-US: DoorDash application
CVE-2019-17396 (In the PowerSchool Mobile application 1.1.8 for Android, the username  ...)
	NOT-FOR-US: PowerSchool Mobile application
CVE-2019-17395 (In the Rapid Gator application 0.7.1 for Android, the username and pas ...)
	NOT-FOR-US: Rapid Gator application
CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, the use ...)
	NOT-FOR-US: Seesaw Parent and Family application
CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...)
	NOT-FOR-US: Tomedo Server
CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a  ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...)
	NOT-FOR-US: Espressif ESP32
CVE-2019-17390 (An issue was discovered in the Outlook add-in in Pronestor Planner bef ...)
	NOT-FOR-US: Outlook add-in in Pronestor Planner
CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles erro ...)
	NOT-FOR-US: RIOT RIOT-OS
CVE-2019-17388 (Weak file permissions applied to the Aviatrix VPN Client through 2.2.1 ...)
	NOT-FOR-US: Aviatrix VPN Client
CVE-2019-17387 (An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client  ...)
	NOT-FOR-US: Aviatrix VPN Client
CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimat ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
	NOT-FOR-US: animate-it plugin for WordPress
CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
	NOT-FOR-US: animate-it plugin for WordPress
CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file permissio ...)
	- ruby-netaddr <not-affected> (Upstream packaging issue)
CVE-2019-17382 (An issue was discovered in zabbix.php?action=dashboard.view&amp;dashbo ...)
	- zabbix <unfixed>
	[buster] - zabbix <no-dsa> (Minor issue)
	[stretch] - zabbix <no-dsa> (Minor issue)
	[jessie] - zabbix <no-dsa> (Minor issue, guest accounts can be disabled)
	NOTE: https://support.zabbix.com/browse/ZBX-16789
	NOTE: Disputed by upstream, closed as not a security bug.
	NOTE: Guest account is disabled by default starting in 4.0.15rc1, 4.4.2rc1 and
	NOTE: 5.0.0alpha1 (Cf. https://support.zabbix.com/browse/ZBXNEXT-5532)
CVE-2019-17381
	RESERVED
CVE-2019-17380 (cPanel before 82.0.15 allows self XSS in the WHM Update Preferences in ...)
	NOT-FOR-US: cPanel
CVE-2019-17379 (cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Ma ...)
	NOT-FOR-US: cPanel
CVE-2019-17378 (cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface  ...)
	NOT-FOR-US: cPanel
CVE-2019-17377 (cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC- ...)
	NOT-FOR-US: cPanel
CVE-2019-17376 (cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload in ...)
	NOT-FOR-US: cPanel
CVE-2019-17375 (cPanel before 82.0.15 allows API token credentials to persist after an ...)
	NOT-FOR-US: cPanel
CVE-2019-17374
	RESERVED
CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical .cgi  ...)
	NOT-FOR-US: NETGEAR
CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...)
	NOT-FOR-US: NETGEAR
CVE-2019-17371 (gif2png 2.5.13 has a memory leak in the writefile function. ...)
	- gif2png <removed> (unimportant)
	NOTE: https://github.com/glennrp/libpng/issues/307
	NOTE: Initially filed for libpng, but the bug is actually in gif2png
	NOTE: Memory leak in CLI tool, no security impact
CVE-2019-17370 (OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheck ...)
	NOT-FOR-US: OTCMS
CVE-2019-17369 (OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, le ...)
	NOT-FOR-US: OTCMS
CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from par ...)
	NOT-FOR-US: S-CMS
CVE-2019-17367 (OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/ra ...)
	NOT-FOR-US: OpenWRT
CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 54.13 h ...)
	NOT-FOR-US: Citrix
CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
	NOT-FOR-US: Nix
CVE-2019-17364 (The processCommandUploadLog() function of libcommon.so in Petwant PF-1 ...)
	NOT-FOR-US: Petwant
CVE-2019-17363
	RESERVED
CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...)
	{DLA-1951-1}
	- libtomcrypt 1.18.2-3
	[buster] - libtomcrypt <no-dsa> (Minor issue)
	[stretch] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://github.com/libtom/libtomcrypt/issues/507
	NOTE: https://github.com/libtom/libtomcrypt/pull/508
CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh  ...)
	{DSA-4676-1}
	- salt 2019.2.3+dfsg1-1 (bug #949222)
	[jessie] - salt <not-affected> (Vulnerable code added in v2014.7)
	NOTE: https://github.com/saltstack/salt/commit/bca115f3f00fbde564dd2f12bf036b5d2fd08387
	NOTE: Vulnerability introduced in https://github.com/saltstack/salt/commit/3bade9d6258fb8df849b32f68de6343cfdd83720
CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...)
	NOT-FOR-US: Hitachi
CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 a ...)
	NOT-FOR-US: Hitachi
CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigge ...)
	- bouncycastle <not-affected> (Vulnerable code introduced n 1.63)
	NOTE: Introduced only in 1.63, fixed in 1.64.
	NOTE: https://github.com/bcgit/bc-java/commit/b1bc75254f5fea633a49a751a1a7339056f97856
CVE-2019-17358 (Cacti through 1.2.7 is affected by multiple instances of lib/functions ...)
	{DSA-4604-1 DLA-2032-1}
	- cacti 1.2.8+ds1-1 (bug #947375)
	NOTE: https://github.com/Cacti/cacti/issues/3026
	NOTE: https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8
CVE-2019-17357 (Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...)
	- cacti 1.2.8+ds1-1 (bug #947374)
	[buster] - cacti 1.2.2+ds1-2+deb10u2
	[stretch] - cacti <not-affected> (Vulnerable code not present)
	[jessie] - cacti <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Cacti/cacti/issues/3025
	NOTE: https://github.com/Cacti/cacti/commit/d6dc48503bbcde0717e7a93df7638fd4796200f4
CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a username an ...)
	NOT-FOR-US: Infinite Design application
CVE-2019-17355 (In the Orbitz application 19.31.1 for Android, the username and passwo ...)
	NOT-FOR-US: Orbitz application
CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C ...)
	NOT-FOR-US: Zyxel
CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware version 20 ...)
	NOT-FOR-US: D-Link
CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
	NOT-FOR-US: JFinal
CVE-2019-17339
	RESERVED
CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...)
	NOT-FOR-US: TIBCO
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
	NOT-FOR-US: TIBCO
CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...)
	NOT-FOR-US: TIBCO
CVE-2019-17335 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...)
	NOT-FOR-US: TIBCO
CVE-2019-17334 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...)
	NOT-FOR-US: TIBCO
CVE-2019-17333 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a ...)
	NOT-FOR-US: TIBCO EBX
CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...)
	NOT-FOR-US: TIBCO
CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...)
	NOT-FOR-US: TIBCO
CVE-2019-17330 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains m ...)
	NOT-FOR-US: TIBCO
CVE-2019-17329
	RESERVED
CVE-2019-17328
	RESERVED
CVE-2019-17327 (JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory travers ...)
	NOT-FOR-US: JEUS
CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker  ...)
	NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker  ...)
	NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17324 (ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traver ...)
	NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17323 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...)
	NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17322 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...)
	NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17321 (ClipSoft REXPERT 1.0.0.527 and earlier version have an information dis ...)
	NOT-FOR-US: ClipSoft REXPERT
CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a buffer ove ...)
	NOT-FOR-US: NetSarang XFTP Client
CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17317 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17316 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17315 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17314 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal  ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17313 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal  ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17312 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal  ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17311 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal  ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17310 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17309 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17308 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17307 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17306 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17305 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17304 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17303 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17302 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17301 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17300 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17299 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17298 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17297 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17296 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17295 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17294 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17293 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17292 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
	NOT-FOR-US: SugarCRM
CVE-2019-17291
	REJECTED
CVE-2019-17290
	REJECTED
CVE-2019-17289
	REJECTED
CVE-2019-17288
	REJECTED
CVE-2019-17287
	REJECTED
CVE-2019-17286
	REJECTED
CVE-2019-17285
	REJECTED
CVE-2019-17284
	REJECTED
CVE-2019-17283
	REJECTED
CVE-2019-17282
	REJECTED
CVE-2019-17281
	REJECTED
CVE-2019-17280
	REJECTED
CVE-2019-17279
	REJECTED
CVE-2019-17278
	REJECTED
CVE-2019-17277
	REJECTED
CVE-2019-17276 (OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to ...)
	NOT-FOR-US: OnCommand
CVE-2019-17275 (OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arb ...)
	NOT-FOR-US: OnCommand Cloud Manager
CVE-2019-17274 (NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC ...)
	NOT-FOR-US: NetApp
CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...)
	NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...)
	NOT-FOR-US: ONTAP
CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
	NOT-FOR-US: vBulletin
CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct Opera ...)
	NOT-FOR-US: Yachtcontrol
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Intellian Remote Access
CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGe ...)
	NOT-FOR-US: omniauth-weibo-oauth2 gem
CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DLA-2030-1}
	- jackson-databind 2.10.0-1
	[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2460
	NOTE: https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
CVE-2019-17266 (libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer ove ...)
	- libsoup2.4 2.68.2-1 (bug #941912)
	[buster] - libsoup2.4 <not-affected> (Vulnerable code introduced in 2.65.1)
	[stretch] - libsoup2.4 <not-affected> (Vulnerable code introduced in 2.65.1)
	[jessie] - libsoup2.4 <not-affected> (Vulnerable code introduced in 2.65.1)
	NOTE: https://gitlab.gnome.org/GNOME/libsoup/issues/173 (private)
CVE-2019-17265
	RESERVED
CVE-2019-17264 (** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_infor ...)
	- liblnk <unfixed> (unimportant)
	NOTE: https://github.com/libyal/liblnk/issues/38
	NOTE: https://github.com/libyal/liblnk/commit/c4d04de2c76f62129677c90a616d049be9c52482
	NOTE: Negligible/questionable security impact
CVE-2019-17263 (** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ...)
	- liblnk <unfixed> (unimportant)
	- libfwsi <unfixed> (unimportant)
	NOTE: https://github.com/libyal/libfwsi/issues/13
	NOTE: https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3
	NOTE: Negligible/questionable security impact
CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
	NOT-FOR-US: XnView
CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
	NOT-FOR-US: XnView
CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data M ...)
	NOT-FOR-US: MPC-HC
CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_ne ...)
	NOT-FOR-US: KMPlayer (different from src:kmplayer)
CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
	NOT-FOR-US: IrfanView
CVE-2019-17257 (IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starti ...)
	NOT-FOR-US: IrfanView
CVE-2019-17256 (IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17255 (IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17254 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
	NOT-FOR-US: IrfanView
CVE-2019-17253 (IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x00000 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17252 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_Ba ...)
	NOT-FOR-US: IrfanView
CVE-2019-17251 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlug ...)
	NOT-FOR-US: IrfanView
CVE-2019-17250 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17249 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17248 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17247 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
	NOT-FOR-US: IrfanView
CVE-2019-17246 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17245 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17244 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...)
	NOT-FOR-US: IrfanView
CVE-2019-17243 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...)
	NOT-FOR-US: IrfanView
CVE-2019-17242 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
	NOT-FOR-US: IrfanView
CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
	NOT-FOR-US: Bludit
CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-17238
	RESERVED
CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
	NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17236 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
	NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
	NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin through  ...)
	NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-17231 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...)
	NOT-FOR-US: OneTone theme for WordPress
CVE-2019-17230 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...)
	NOT-FOR-US: OneTone theme for WordPress
CVE-2019-17229 (includes/options.php in the motors-car-dealership-classified-listings  ...)
	NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress
CVE-2019-17228 (includes/options.php in the motors-car-dealership-classified-listings  ...)
	NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress
CVE-2019-17227
	RESERVED
CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin &gt; Modu ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-17225 (Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, o ...)
	NOT-FOR-US: Subrion CMS
CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem (version CH74 ...)
	NOT-FOR-US: Compal Broadband CH7465LG modem
CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...)
	- dolibarr <removed>
CVE-2019-17222 (An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is  ...)
	NOT-FOR-US: Intelbras WRN 150 devices
CVE-2019-17221 (PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...)
	- phantomjs <removed> (unimportant)
	NOTE: https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/
	NOTE: qtwebkit not covered by security support
CVE-2019-17220 (Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. ...)
	NOT-FOR-US: Rocket.Chat
CVE-2019-17219 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
	NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
CVE-2019-17218 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
	NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
CVE-2019-17217 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
	NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
CVE-2019-17216 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
	NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
CVE-2019-17215 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
	NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
CVE-2019-17214 (The WebARX plugin 1.3.0 for WordPress allows firewall bypass by append ...)
	NOT-FOR-US: WebARX plugin for WordPress
CVE-2019-17213 (The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS v ...)
	NOT-FOR-US: WebARX plugin for WordPress
CVE-2019-17212 (Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5. ...)
	NOT-FOR-US: Arm Mbed OS
CVE-2019-17211 (An integer overflow was discovered in the CoAP library in Arm Mbed OS  ...)
	NOT-FOR-US: Arm Mbed OS
CVE-2019-17210 (A denial-of-service issue was discovered in the MQTT library in Arm Mb ...)
	NOT-FOR-US: Arm Mbed OS
CVE-2019-17209
	RESERVED
CVE-2019-17208
	RESERVED
CVE-2019-17207 (A reflected XSS vulnerability was found in includes/admin/table-printe ...)
	NOT-FOR-US: broken-link-checker (aka Broken Link Checker) plugin for WordPress
CVE-2019-17206 (Uncontrolled deserialization of a pickled object in models.py in Frost ...)
	NOT-FOR-US: Frost Ming rediswrapper
CVE-2019-17205 (TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the usern ...)
	- teampass <itp> (bug #730180)
CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Ba ...)
	- teampass <itp> (bug #730180)
CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a c ...)
	- teampass <itp> (bug #730180)
CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...)
	NOT-FOR-US: FastTrack Admin By Request
CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...)
	NOT-FOR-US: FastTrack Admin By Request
CVE-2019-17200
	RESERVED
CVE-2017-18637
	RESERVED
CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory T ...)
	NOT-FOR-US: WPO WebPageTest
CVE-2019-17198
	RESERVED
CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic f ...)
	NOT-FOR-US: OpenEMR
CVE-2019-17196
	RESERVED
CVE-2019-17195 (Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exce ...)
	NOT-FOR-US: Connect2id Nimbus JOSE+JWT
CVE-2019-17194
	RESERVED
CVE-2019-17193
	RESERVED
CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messenger ap ...)
	NOT-FOR-US: Signal
CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...)
	NOT-FOR-US: Signal
CVE-2019-17190 (A Local Privilege Escalation issue was discovered in Avast Secure Brow ...)
	NOT-FOR-US: Avast Secure Browser
CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...)
	NOT-FOR-US: totemodata
CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...)
	NOT-FOR-US: Fecshop FecMall
CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_ ...)
	NOT-FOR-US: FiberHome HG2201T devices
CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201 ...)
	NOT-FOR-US: FiberHome HG2201T devices
CVE-2019-17185 (In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...)
	- freeradius 3.0.20+dfsg-1
	[buster] - freeradius <no-dsa> (Minor issue)
	[stretch] - freeradius <no-dsa> (Minor issue)
	[jessie] - freeradius <not-affected> (Vulnerable code not present; EAP-pwd module introduced in later version)
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf
CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...)
	NOT-FOR-US: Xerox printers
CVE-2019-17183 (Foxit Reader before 9.7 allows an Access Violation and crash if insuff ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-17182
	RESERVED
CVE-2019-17181 (A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007 ...)
	NOT-FOR-US: IntraSrv
CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or appending parti ...)
	NOT-FOR-US: Steam on Windows
CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5 ...)
	NOT-FOR-US: OpenEMR
CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
	TODO: check
CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
	- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low)
	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
	- freerdp <removed> (low)
	[stretch] - freerdp <no-dsa> (Minor issue)
	[jessie] - freerdp <ignored> (Minor issue; Patching this old version would be very invasive; no upstream patch available)
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
	NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPa ...)
	NOT-FOR-US: Genesys PureEngage Digital (eServices)
CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...)
	NOT-FOR-US: joyplus-cms
CVE-2019-17174
	RESERVED
CVE-2019-17173
	RESERVED
CVE-2019-17172
	RESERVED
CVE-2019-17171
	RESERVED
CVE-2019-17170
	RESERVED
CVE-2019-17169
	RESERVED
CVE-2019-17168
	RESERVED
CVE-2019-17167
	RESERVED
CVE-2019-17166
	RESERVED
CVE-2019-17165
	RESERVED
CVE-2019-17164
	RESERVED
CVE-2019-17163
	RESERVED
CVE-2019-17162
	RESERVED
CVE-2019-17161
	RESERVED
CVE-2019-17160
	RESERVED
CVE-2019-17159
	RESERVED
CVE-2019-17158
	RESERVED
CVE-2019-17157
	RESERVED
CVE-2019-17156
	RESERVED
CVE-2019-17155
	RESERVED
CVE-2019-17154
	RESERVED
CVE-2019-17153
	RESERVED
CVE-2019-17152
	RESERVED
CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...)
	NOT-FOR-US: Tencent WeChat
CVE-2019-17150
	REJECTED
CVE-2019-17149
	REJECTED
CVE-2019-17148 (This vulnerability allows local attackers to escalate privileges on af ...)
	NOT-FOR-US: Parallels
CVE-2019-17147 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: TP-Link
CVE-2019-17146 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: D-Link
CVE-2019-17145 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-17144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-17143 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit
CVE-2019-17142 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-17141 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-17140 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-17139 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit
CVE-2019-17137 (This vulnerability allows network-adjacent attackers to bypass authent ...)
	NOT-FOR-US: Netgear
CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-17134 (Amphora Images in OpenStack Octavia &gt;=0.10.0 &lt;2.1.2, &gt;=3.0.0  ...)
	- octavia 4.0.0-6 (bug #941897)
	[buster] - octavia <no-dsa> (Minor issue in regular setups, can be fixed via point release)
CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...)
	NOT-FOR-US: vBulletin
CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...)
	NOT-FOR-US: vBulletin
CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...)
	NOT-FOR-US: vBulletin
CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.9-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2
CVE-2019-17129
	RESERVED
CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection  ...)
	NOT-FOR-US: Netreo OmniCenter
CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular was discov ...)
	NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-17126
	RESERVED
CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular was dis ...)
	NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...)
	NOT-FOR-US: Kramer VIAware
CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because the fromNa ...)
	NOT-FOR-US: eGain Web Email API
CVE-2019-17122
	RESERVED
CVE-2019-17121 (REDCap before 9.3.4 has XSS on the Customize &amp; Manage Locking/E-si ...)
	NOT-FOR-US: REDCap
CVE-2019-17120 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17119 (Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterp ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17118 (A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17117 (A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterpri ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17116 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enter ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...)
	- libopenmpt 0.4.9-1
	NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
	NOTE: Fixed in upstream versions 0.3.19 and 0.4.9.
CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus before  ...)
	NOT-FOR-US: Zoho
CVE-2019-17111
	RESERVED
CVE-2019-17110
	REJECTED
CVE-2019-17109 (Koji through 1.18.0 allows remote Directory Traversal, with resultant  ...)
	- koji <removed> (bug #942146)
	NOTE: https://docs.pagure.org/koji/CVE-2019-17109/
	NOTE: https://pagure.io/koji/issue/1634
CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web before 2 ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated  ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external components' pas ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 is pred ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows attackers to up ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows authenticated attack ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows attacker ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers to perfor ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in centreonAuth. ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the BDLDaemon compon ...)
	NOT-FOR-US: Bitdefender AV for Mac
CVE-2019-17102 (An exploitable command execution vulnerability exists in the recovery  ...)
	NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17101 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
	NOT-FOR-US: Netatmo Smart Indoor Camera
CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as used i ...)
	NOT-FOR-US: Bitdefender Total Security
CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...)
	NOT-FOR-US: Bitdefender Endpoint Security Tools
CVE-2019-17098
	RESERVED
CVE-2019-17097
	RESERVED
CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...)
	NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...)
	NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...)
	NOT-FOR-US: Belkin
CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...)
	NOT-FOR-US: Avast
CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...)
	NOT-FOR-US: OpenProject
CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used  ...)
	- mojarra <not-affected> (Vulnerable code not present)
CVE-2019-17090
	RESERVED
CVE-2019-17089
	RESERVED
CVE-2019-17088
	RESERVED
CVE-2019-17087 (Unauthorized file download vulnerability in all supported versions of  ...)
	NOT-FOR-US: Micro Focus AcuToWeb
CVE-2019-17086
	RESERVED
CVE-2019-17085 (XXE attack vulnerability on Micro Focus Operations Agent, affected ver ...)
	NOT-FOR-US: Micro Focus
CVE-2019-17084
	RESERVED
CVE-2019-17083
	RESERVED
CVE-2019-17082
	RESERVED
CVE-2019-17081
	RESERVED
CVE-2019-17080 (mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code ex ...)
	NOT-FOR-US: Linux Mint
CVE-2019-17079
	RESERVED
CVE-2019-17078
	RESERVED
CVE-2019-17077
	RESERVED
CVE-2019-17076 (An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deser ...)
	NOT-FOR-US: Jamf Pro
CVE-2019-17075 (An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cx ...)
	{DLA-2114-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <ignored> (Not a problem in practice)
	NOTE: https://lore.kernel.org/lkml/20191001165611.GA3542072@kroah.com
CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in t ...)
	NOT-FOR-US: XunRuiCMS
CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to delete ar ...)
	NOT-FOR-US: emlog
CVE-2019-17072 (The new-contact-form-widget (aka Contact Form Widget - Contact Query,  ...)
	NOT-FOR-US: new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin for WordPress
CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XS ...)
	NOT-FOR-US: client-dash (aka Client Dash) plugin for WordPress
CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1. ...)
	NOT-FOR-US: liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin for WordPress
CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...)
	- putty 0.73-1 (unimportant)
	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=69201ad8936fe0ff1b8723b7a43accb5e9f1c888
	NOTE: Negligible security impact
CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...)
	- putty 0.73-1
	[buster] - putty <not-affected> (Vulnerable code introduced later)
	[stretch] - putty <not-affected> (Vulnerable code introduced later)
	[jessie] - putty <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
	NOTE: Introduced by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fccb065a67c283d978b2e3394d6fff69b4f4f30 (0.72)
	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=2c279283cc695ade15bafb418a8207ef0edd89cd (0.73)
CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...)
	- putty <not-affected> (Windows-specific)
	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
CVE-2019-17066 (In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate right ...)
	NOT-FOR-US: Ivanti WorkSpace Control
CVE-2019-17065
	RESERVED
CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can ...)
	NOT-FOR-US: Snowtide PDFxStream
CVE-2019-17062 (An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x befor ...)
	NOT-FOR-US: OXID eShop
CVE-2019-17061 (The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4  ...)
	NOT-FOR-US: Cypress
CVE-2019-17060 (The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z ( ...)
	NOT-FOR-US: NXP
CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...)
	NOT-FOR-US: Sophos
CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary file uplo ...)
	NOT-FOR-US: Footy Tipping Software AFL Web Edition
CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...)
	NOT-FOR-US: Footy Tipping Software AFL Web Edition
CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80
CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef
CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c
CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...)
	NOT-FOR-US: Evernote
CVE-2019-17050 (An issue was discovered in the Voyager package through 1.2.7 for Larav ...)
	NOT-FOR-US: Voyager
CVE-2019-17049 (NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in t ...)
	NOT-FOR-US: NETGEAR
CVE-2019-17048
	RESERVED
CVE-2019-17047
	RESERVED
CVE-2019-17046 (Ilch 2.1.22 allows remote code execution because php is listed under " ...)
	NOT-FOR-US: Ilch CMS
CVE-2019-17045 (Ilch 2.1.22 allows stored XSS via the title, text, or email id to the  ...)
	NOT-FOR-US: Ilch CMS
CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
	NOT-FOR-US: BMC Patrol Agent
CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
	NOT-FOR-US: BMC Patrol Agent
CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
	{DLA-1952-1}
	- rsyslog 8.1910.0-1 (bug #942065)
	[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
	[stretch] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
	NOTE: https://github.com/rsyslog/rsyslog/pull/3883
CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
	{DLA-1952-1}
	- rsyslog 8.1910.0-1 (bug #942067)
	[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
	[stretch] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
	NOTE: https://github.com/rsyslog/rsyslog/pull/3884
CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
	- rsyslog 8.1910.0-1 (unimportant)
	[buster] - rsyslog <not-affected> (Vulnerable code introduced later)
	[stretch] - rsyslog <not-affected> (Vulnerable code introduced later)
	[jessie] - rsyslog <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/rsyslog/rsyslog/pull/3875
	NOTE: pmdb2diag module not complied in Debian.
CVE-2019-17039
	REJECTED
CVE-2019-17038
	REJECTED
CVE-2019-17037
	REJECTED
CVE-2019-17036
	REJECTED
CVE-2019-17035
	REJECTED
CVE-2019-17034
	REJECTED
CVE-2019-17033
	REJECTED
CVE-2019-17032
	REJECTED
CVE-2019-17031
	REJECTED
CVE-2019-17030
	REJECTED
CVE-2019-17029
	REJECTED
CVE-2019-17028
	REJECTED
CVE-2019-17027
	REJECTED
CVE-2019-17026 (Incorrect alias information in IonMonkey JIT compiler for setting arra ...)
	{DSA-4603-1 DSA-4600-1 DLA-2093-1 DLA-2071-1}
	- firefox 72.0.1-1 (bug #948452)
	- firefox-esr 68.4.1esr-1
	- thunderbird 1:68.4.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17026
CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefox 71.  ...)
	- firefox 72.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025
CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...)
	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
	- firefox 72.0-1
	- firefox-esr 68.4.0esr-1
	- thunderbird 1:68.4.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17024
CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...)
	- firefox 72.0-1
	- nss 2:3.49-1
	[jessie] - nss <not-affected> (Vulnerable code was introduced later)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023
	NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
	NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78
CVE-2019-17022 (When pasting a &amp;lt;style&amp;gt; tag from the clipboard into a ric ...)
	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
	- firefox 72.0-1
	- firefox-esr 68.4.0esr-1
	- thunderbird 1:68.4.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17022
CVE-2019-17021 (During the initialization of a new content process, a race condition o ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17021
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17021
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17021
CVE-2019-17020 (If an XML file is served with a Content Security Policy and the XML fi ...)
	- firefox 72.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020
CVE-2019-17019 (When Python was installed on Windows, a python file being served with  ...)
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17019
CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboard may  ...)
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018
CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...)
	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
	- firefox 72.0-1
	- firefox-esr 68.4.0esr-1
	- thunderbird 1:68.4.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17017
CVE-2019-17016 (When pasting a &amp;lt;style&amp;gt; tag from the clipboard into a ric ...)
	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
	- firefox 72.0-1
	- firefox-esr 68.4.0esr-1
	- thunderbird 1:68.4.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17016
CVE-2019-17015 (During the initialization of a new content process, a pointer offset c ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17015
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17015
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17015
CVE-2019-17014 (If an image had not loaded correctly (such as when it is not actually  ...)
	- firefox 71.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
CVE-2019-17013 (Mozilla developers reported memory safety bugs present in Firefox 70.  ...)
	- firefox 71.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
CVE-2019-17012 (Mozilla developers reported memory safety bugs present in Firefox 70 a ...)
	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
	- firefox 71.0-1
	- firefox-esr 68.3.0esr-1
	- thunderbird 1:68.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012
CVE-2019-17011 (Under certain conditions, when retrieving a document from a DocShell i ...)
	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
	- firefox 71.0-1
	- firefox-esr 68.3.0esr-1
	- thunderbird 1:68.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011
CVE-2019-17010 (Under certain conditions, when checking the Resist Fingerprinting pref ...)
	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
	- firefox 71.0-1
	- firefox-esr 68.3.0esr-1
	- thunderbird 1:68.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17010
CVE-2019-17009 (When running, the updater service wrote status and log files to an unr ...)
	- firefox <not-affected> (Updater not used in Debian packages)
	- firefox-esr <not-affected> (Updater not used in Debian packages)
	- thunderbird <not-affected> (Updater not used in Debian packages)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009
CVE-2019-17008 (When using nested workers, a use-after-free could occur during worker  ...)
	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
	- firefox 71.0-1
	- firefox-esr 68.3.0esr-1
	- thunderbird 1:68.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
	RESERVED
	{DSA-4579-1 DLA-2015-1}
	- nss 2:3.45-1
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
	NOTE: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
	NOTE: Fixed in 3.44 upstream (and there was an upload of 3.44 to unstable
	NOTE: but then reverted until the 2:3.45-1 upload).
CVE-2019-17006 [Check length of inputs for cryptographic primitives]
	RESERVED
	{DLA-2058-1}
	- nss 2:3.47-1
	NOTE: Fixed upstream in NSS 3.46.
	NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
	NOTE: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
	NOTE: https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
CVE-2019-17005 (The plain text serializer used a fixed-size array for the number of &l ...)
	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
	- firefox 71.0-1
	- firefox-esr 68.3.0esr-1
	- thunderbird 1:68.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17005
CVE-2019-17004
	RESERVED
CVE-2019-17003
	RESERVED
CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...)
	- firefox 70.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
CVE-2019-17001 (A Content-Security-Policy that blocks in-line scripts could be bypasse ...)
	- firefox 70.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001
CVE-2019-17000 (An object tag with a data URI did not correctly inherit the document's ...)
	- firefox 70.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000
CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
	NOT-FOR-US: CloudBoot
CVE-2019-16998
	RESERVED
CVE-2019-16997 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/lan ...)
	NOT-FOR-US: Metinfo
CVE-2019-16996 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/pro ...)
	NOT-FOR-US: Metinfo
CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...)
	NOT-FOR-US: CDG
CVE-2019-16995 (In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_final ...)
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/6caabe7f197d3466d238f70915d65301f1716626
CVE-2019-16994 (In the Linux kernel before 5.0, a memory leak exists in sit_init_net() ...)
	- linux 4.19.28-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/07f12b26e21ab359261bf75cfcb424fdc7daeb6d
CVE-2019-16992 (The Keybase app 2.13.2 for iOS provides potentially insufficient notic ...)
	NOT-FOR-US: Keybase
CVE-2019-16991 (In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an un ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16990 (In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.ph ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16989 (In FusionPBX up to v4.5.7, the file app\conferences_active\conference_ ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16988 (In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16987 (In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php us ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16986 (In FusionPBX up to v4.5.7, the file resources\download.php uses an uns ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16985 (In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php use ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16984 (In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16983 (In FusionPBX up to v4.5.7, the file resources\paging.php has a paging  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16982 (In FusionPBX up to v4.5.7, the file app\access_controls\access_control ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16981 (In FusionPBX up to v4.5.7, the file app\conference_profiles\conference ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16980 (In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_ ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16979 (In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16978 (In FusionPBX up to v4.5.7, the file app\devices\device_settings.php us ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16977 (In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.ph ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16976 (In FusionPBX up to 4.5.7, the file app\destinations\destination_import ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16975 (In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16973 (In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16972 (In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16971 (In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php us ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16970 (In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16969 (In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16968 (An issue was discovered in FusionPBX up to 4.5.7. In the file app\conf ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16967 (An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x befor ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16966 (An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16965 (resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command inje ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX  ...)
	NOT-FOR-US: FusionPBX
CVE-2019-16963
	RESERVED
CVE-2019-16962
	RESERVED
CVE-2019-16961
	RESERVED
CVE-2019-16960
	RESERVED
CVE-2019-16959
	RESERVED
CVE-2019-16958
	RESERVED
CVE-2019-16957
	RESERVED
CVE-2019-16956
	RESERVED
CVE-2019-16955
	RESERVED
CVE-2019-16954
	RESERVED
CVE-2019-16953
	RESERVED
CVE-2019-16952
	RESERVED
CVE-2019-16951 (A remote file include (RFI) issue was discovered in Enghouse Web Chat  ...)
	NOT-FOR-US: Enghouse Web Chat
CVE-2019-16950 (An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.28 ...)
	NOT-FOR-US: Enghouse Web Chat
CVE-2019-16949 (An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34 ...)
	NOT-FOR-US: Enghouse Web Chat
CVE-2019-16948 (An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any P ...)
	NOT-FOR-US: Enghouse Web Chat
CVE-2019-16947
	RESERVED
CVE-2019-16946
	RESERVED
CVE-2019-16945
	RESERVED
CVE-2019-16944
	RESERVED
CVE-2019-16943 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DSA-4542-1 DLA-1943-1}
	- jackson-databind 2.10.0-2 (bug #941530)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2478
CVE-2019-16942 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DSA-4542-1 DLA-1943-1}
	- jackson-databind 2.10.0-2 (bug #941530)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2478
CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...)
	- ghidra <itp> (bug #923851)
CVE-2019-16940
	RESERVED
CVE-2019-16939
	RESERVED
CVE-2019-16938
	RESERVED
CVE-2019-16937
	RESERVED
CVE-2019-16936
	RESERVED
CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...)
	- python3.8 3.8.0~rc1-1
	- python3.7 3.7.5~rc1-1
	[buster] - python3.7 3.7.3-2+deb10u1
	- python3.5 <removed>
	- python3.4 <removed>
	[jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely use-case)
	- python2.7 2.7.17~rc1-1
	[buster] - python2.7 2.7.16-2+deb10u1
	[stretch] - python2.7 <no-dsa> (Minor issue)
	[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case)
	- jython <unfixed>
	[buster] - jython <ignored> (Minor Issue)
	[stretch] - jython <ignored> (Minor Issue)
	[jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case)
	- pypy <unfixed> (low)
	[buster] - pypy <no-dsa> (Minor issue)
	[stretch] - pypy <no-dsa> (Minor issue)
	[jessie] - pypy <postponed> (Minor Issue, XSS in an unlikely use-case)
	NOTE: https://bugs.python.org/issue38243
	NOTE: https://github.com/python/cpython/pull/16373
	NOTE: https://github.com/python/cpython/commit/e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa (master)
	NOTE: https://github.com/python/cpython/commit/6447b9f9bd27e1f6b04cef674dd3a7ab27bf4f28 (3.8 branch)
	NOTE: https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687 (3.7 branch)
	NOTE: https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389 (3.6 branch)
	NOTE: https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89 (2.7 branch)
CVE-2019-16934
	RESERVED
CVE-2019-16933
	RESERVED
CVE-2019-16932 (A blind SSRF vulnerability exists in the Visualizer plugin before 3.3. ...)
	NOT-FOR-US: Visualizer plugin for WordPress
CVE-2019-16931 (A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPres ...)
	NOT-FOR-US: Visualizer plugin for WordPress
CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a ...)
	NOT-FOR-US: Zcash
CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control because Iden ...)
	NOT-FOR-US: Auth0 auth0.net
CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16926 (** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: T ...)
	NOT-FOR-US: Flower
CVE-2019-16925 (** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app. ...)
	NOT-FOR-US: Flower
CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a cleartext pass ...)
	NOT-FOR-US: Nulock
CVE-2019-16923 (kkcms 1.3 has jx.php?url= XSS. ...)
	NOT-FOR-US: kkcms
CVE-2019-16922 (SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows uninten ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-16921 (In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/in ...)
	- linux <not-affected> (Did not affect any released kernel)
CVE-2019-16920 (Unauthenticated remote code execution occurs in D-Link products such a ...)
	NOT-FOR-US: D-Link
CVE-2019-16928 (Exim 4.92 through 4.92.2 allows remote code execution, a different vul ...)
	{DSA-4536-1}
	- exim4 4.92.2-3
	[stretch] - exim4 <not-affected> (Vulnerable code introduced later)
	[jessie] - exim4 <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2449
	NOTE: https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
CVE-2019-16919 (Harbor API has a Broken Access Control vulnerability. The vulnerabilit ...)
	NOT-FOR-US: Harbor
CVE-2019-16918
	RESERVED
CVE-2019-16917 (WiKID Enterprise 2FA (two factor authentication) Enterprise Server thr ...)
	NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-16916
	REJECTED
CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...)
	NOT-FOR-US: pfSense
CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...)
	NOT-FOR-US: pfSense
CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86 ...)
	NOT-FOR-US: PC Protect Antivirus
CVE-2019-16912
	RESERVED
CVE-2019-16911
	RESERVED
CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when dete ...)
	- mbedtls 2.16.3-1 (bug #941265)
	[buster] - mbedtls <no-dsa> (Minor issue)
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[jessie] - polarssl <no-dsa> (Minor issue, backport intrusive because of API changes)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
	NOTE: https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd (2.7.12)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b (2.16.3)
CVE-2019-16909 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
	NOT-FOR-US: Infosysta
CVE-2019-16908 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
	NOT-FOR-US: Infosysta
CVE-2019-16907 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
	NOT-FOR-US: Infosysta
CVE-2019-16906 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
	NOT-FOR-US: Infosysta
CVE-2019-16905 (OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...)
	- openssh 1:8.1p1-1 (unimportant)
	[stretch] - openssh <not-affected> (Vulnerable code introduced later)
	[jessie] - openssh <not-affected> (Vulnerable code introduced later)
	NOTE: Issue in experimental (and not enabled) XMSS implementation; futhermore there
	NOTE: is not supported way to enable it when building openssh.
CVE-2019-16904 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for ...)
	- teampass <itp> (bug #730180)
CVE-2019-16903 (Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServ ...)
	NOT-FOR-US: Platinum UPnP SDK
CVE-2015-9456 (The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has ...)
	NOT-FOR-US: orbisius-child-theme-creator plugin for WordPress
CVE-2015-9455 (The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSR ...)
	NOT-FOR-US: buddypress-activity-plus plugin for WordPress
CVE-2015-9454 (The smooth-slider plugin before 2.7 for WordPress has SQL Injection vi ...)
	NOT-FOR-US: smooth-slider plugin for WordPress
CVE-2015-9453 (The broken-link-manager plugin before 0.6.0 for WordPress has XSS via  ...)
	NOT-FOR-US: broken-link-manager plugin for WordPress
CVE-2015-9452 (The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPres ...)
	NOT-FOR-US: nex-forms-express-wp-form-builder plugin for WordPress
CVE-2015-9451 (The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPre ...)
	NOT-FOR-US: plugmatter-optin-feature-box-lite plugin for WordPress
CVE-2015-9450 (The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPre ...)
	NOT-FOR-US: plugmatter-optin-feature-box-lite plugin for WordPress
CVE-2019-16902 (In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformco ...)
	NOT-FOR-US: ARforms plugin for WordPress
CVE-2019-16901 (Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain  ...)
	NOT-FOR-US: Advantech
CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV sta ...)
	NOT-FOR-US: Advantech
CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...)
	NOT-FOR-US: Advantech
CVE-2019-16898
	REJECTED
CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security  ...)
	NOT-FOR-US: K7
CVE-2019-16896 (In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the ba ...)
	NOT-FOR-US: K7 Ultimate Security
CVE-2019-16895
	REJECTED
CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)
	NOT-FOR-US: inoERP
CVE-2019-16893 (The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 device ...)
	NOT-FOR-US: TP-Link
CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
	- ruby-zip 2.0.0-1 (low; bug #941222)
	[buster] - ruby-zip <no-dsa> (Minor issue)
	[stretch] - ruby-zip <no-dsa> (Minor issue)
	[jessie] - ruby-zip <postponed> (Minor issue, zip bomb non-default mitigation)
	NOTE: https://github.com/rubyzip/rubyzip/pull/403
	NOTE: https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804
	NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
	NOTE: https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d
CVE-2019-16891 (Liferay Portal CE 6.2.5 allows remote command execution because of des ...)
	NOT-FOR-US: Liferay Portal
CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...)
	NOT-FOR-US: Halo
CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause  ...)
	NOT-FOR-US: Ubiquiti EdgeMAX
CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
	{DLA-1946-1}
	- novnc 1:1.0.0-1
	[stretch] - novnc <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
	NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
	NOTE: https://github.com/novnc/noVNC/issues/748
CVE-2019-16888
	RESERVED
CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent  ...)
	NOT-FOR-US: IrfanView
CVE-2019-16886
	RESERVED
CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remo ...)
	NOT-FOR-US: OkayCMS
CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...)
	- runc 1.0.0~rc9+dfsg1-1 (bug #942026)
	[buster] - runc <no-dsa> (Minor issue)
	[stretch] - runc <no-dsa> (Minor issue)
	- golang-github-opencontainers-selinux 1.3.0-2 (bug #942027)
	NOTE: https://github.com/opencontainers/runc/issues/2128
CVE-2019-16883
	RESERVED
CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for  ...)
	NOT-FOR-US: Rust string-interner crate
CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1 for Ru ...)
	NOT-FOR-US: Rustportaudio-rs crate
CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...)
	NOT-FOR-US: Rust linea crate
CVE-2019-16879 (The Synergy Systems &amp; Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
	NOT-FOR-US: Synergy Systems & Solutions (SSS)
CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...)
	NOT-FOR-US: Portainer
CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...)
	NOT-FOR-US: Portainer
CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...)
	NOT-FOR-US: Portainer
CVE-2019-16875
	RESERVED
CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...)
	NOT-FOR-US: Portainer
CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
	NOT-FOR-US: Portainer
CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
	NOT-FOR-US: Portainer
CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twinca ...)
	NOT-FOR-US: Beckhoff
CVE-2019-16870
	RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
	{DSA-4597-1 DLA-2110-1 DLA-1941-1}
	- netty 1:4.1.33-2 (bug #941266)
	- netty-3.9 <removed>
	NOTE: https://github.com/netty/netty/issues/9571
	NOTE: https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95
CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...)
	NOT-FOR-US: emlog
CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
	NOT-FOR-US: HongCMS
CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows remot ...)
	{DSA-4544-1}
	- unbound 1.9.4-1 (bug #941692)
	[stretch] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
	[jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...)
	NOT-FOR-US: microblog-poster plugin for WordPress
CVE-2015-9448 (The sendpress plugin before 1.2 for WordPress has SQL Injection via th ...)
	NOT-FOR-US: sendpress plugin for WordPress
CVE-2015-9447 (The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQ ...)
	NOT-FOR-US: unite-gallery-lite plugin for WordPress
CVE-2015-9446 (The unite-gallery-lite plugin before 1.5 for WordPress has SQL injecti ...)
	NOT-FOR-US: unite-gallery-lite plugin for WordPress
CVE-2015-9445 (The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQ ...)
	NOT-FOR-US: unite-gallery-lite plugin for WordPress
CVE-2015-9444 (The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-conten ...)
	NOT-FOR-US: altos-connect plugin for WordPress
CVE-2015-9443 (The accurate-form-data-real-time-form-validation plugin 1.2 for WordPr ...)
	NOT-FOR-US: accurate-form-data-real-time-form-validation plugin for WordPress
CVE-2015-9442 (The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with r ...)
	NOT-FOR-US: avenirsoft-directdownload plugin for WordPress
CVE-2015-9441 (The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS ...)
	NOT-FOR-US: bookmarkify plugin for WordPress
CVE-2015-9440 (The monetize plugin through 1.03 for WordPress has CSRF with resultant ...)
	NOT-FOR-US: monetize plugin for WordPress
CVE-2015-9439 (The addthis plugin before 5.0.13 for WordPress has CSRF with resultant ...)
	NOT-FOR-US: addthis plugin for WordPress
CVE-2015-9438 (The display-widgets plugin before 2.04 for WordPress has XSS via the w ...)
	NOT-FOR-US: display-widgets plugin for WordPress
CVE-2015-9437 (The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with r ...)
	NOT-FOR-US: dynamic-widgets plugin for WordPress
CVE-2015-9436 (The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the ...)
	NOT-FOR-US: dynamic-widgets plugin for WordPress
CVE-2015-9435 (The oauth2-provider plugin before 3.1.5 for WordPress has incorrect ge ...)
	NOT-FOR-US: oauth2-provider plugin for WordPress
CVE-2015-9434 (The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with ...)
	NOT-FOR-US: kiwi-logo-carousel plugin for WordPress
CVE-2015-9433 (The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has ...)
	NOT-FOR-US: wp-social-bookmarking-light plugin for WordPress
CVE-2015-9432 (The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPres ...)
	NOT-FOR-US: alpine-photo-tile-for-instagram plugin for WordPress
CVE-2015-9431 (The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resul ...)
	NOT-FOR-US: qtranslate-x plugin for WordPress
CVE-2015-9430 (The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User- ...)
	NOT-FOR-US: crazy-bone plugin for WordPress
CVE-2015-9429 (The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF w ...)
	NOT-FOR-US: yith-maintenance-mode plugin for WordPress
CVE-2015-9428 (The wplegalpages plugin before 1.1 for WordPress has CSRF with resulta ...)
	NOT-FOR-US: wplegalpages plugin for WordPress
CVE-2015-9427 (The googmonify plugin through 0.5.1 for WordPress has CSRF with result ...)
	NOT-FOR-US: googmonify plugin for WordPress
CVE-2015-9426 (The manual-image-crop plugin before 1.11 for WordPress has CSRF with r ...)
	NOT-FOR-US: manual-image-crop plugin for WordPress
CVE-2015-9425 (The social-locker plugin before 4.2.5 for WordPress has CSRF with resu ...)
	NOT-FOR-US: social-locker plugin for WordPress
CVE-2015-9424 (The multicons plugin before 3.0 for WordPress has CSRF with resultant  ...)
	NOT-FOR-US: multicons plugin for WordPress
CVE-2015-9423 (The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XS ...)
	NOT-FOR-US: PlugNedit Adaptive Editor plugin for WordPress
CVE-2015-9422 (The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CS ...)
	NOT-FOR-US: PlugNedit Adaptive Editor plugin for WordPress
CVE-2015-9421 (The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF wi ...)
	NOT-FOR-US: olevmedia-shortcodes plugin for WordPress
CVE-2015-9420 (The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via t ...)
	NOT-FOR-US: soundcloud-is-gold plugin for WordPress
CVE-2015-9419 (The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or C ...)
	NOT-FOR-US: captain-slider plugin for WordPress
CVE-2015-9418 (The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows  ...)
	NOT-FOR-US: Watu Pro plugin for WordPress
CVE-2015-9417 (The testimonial-slider plugin through 1.2.1 for WordPress has CSRF wit ...)
	NOT-FOR-US: testimonial-slider plugin for WordPress
CVE-2015-9416 (The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPr ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9415 (The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclu ...)
	NOT-FOR-US: bj-lazy-load plugin for WordPress
CVE-2015-9414 (The wp-symposium plugin through 15.8.1 for WordPress has XSS via the w ...)
	NOT-FOR-US: wp-symposium plugin for WordPress
CVE-2015-9413 (The eshop plugin through 6.3.13 for WordPress has CSRF with resultant  ...)
	NOT-FOR-US: eshop plugin for WordPress
CVE-2015-9412 (The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rst ...)
	NOT-FOR-US: Royal-Slider plugin for WordPress
CVE-2015-9411 (The Postmatic plugin before 1.4.6 for WordPress has XSS. ...)
	NOT-FOR-US: Postmatic plugin for WordPress
CVE-2015-9410 (The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS v ...)
	NOT-FOR-US: Blubrry PowerPress Podcasting plugin for WordPress
CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading specially ...)
	- pillow 6.2.0-1 (low)
	[buster] - pillow 5.4.1-2+deb10u1
	[stretch] - pillow <ignored> (Minor issue, too intrusive to backport)
	[jessie] - pillow <no-dsa> (Risk of regressions is too high)
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905
	NOTE: https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a
	NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
	NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
CVE-2019-16864
	RESERVED
CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
	NOT-FOR-US: STMicroelectronics
CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
	NOT-FOR-US: OpenEMR
CVE-2019-16861 (Code42 server through 7.0.2 for Windows has an Untrusted Search Path.  ...)
	NOT-FOR-US: Code42
CVE-2019-16860 (Code42 app through version 7.0.2 for Windows has an Untrusted Search P ...)
	NOT-FOR-US: Code42
CVE-2019-16859
	RESERVED
CVE-2019-16858
	RESERVED
CVE-2019-16857
	RESERVED
CVE-2019-16856
	RESERVED
CVE-2019-16855
	RESERVED
CVE-2019-16854
	RESERVED
CVE-2019-16853
	RESERVED
CVE-2019-16852
	RESERVED
CVE-2019-16851
	RESERVED
CVE-2019-16850
	RESERVED
CVE-2019-16849
	RESERVED
CVE-2019-16848
	RESERVED
CVE-2019-16847
	RESERVED
CVE-2019-16846
	RESERVED
CVE-2019-16845
	RESERVED
CVE-2019-16844
	RESERVED
CVE-2019-16843
	RESERVED
CVE-2019-16842
	RESERVED
CVE-2019-16841
	RESERVED
CVE-2019-16840
	RESERVED
CVE-2019-16839
	RESERVED
CVE-2019-16838
	RESERVED
CVE-2019-16837
	RESERVED
CVE-2019-16836
	RESERVED
CVE-2019-16835
	RESERVED
CVE-2019-16834
	RESERVED
CVE-2019-16833
	RESERVED
CVE-2019-16832
	RESERVED
CVE-2019-16831
	RESERVED
CVE-2019-16830
	RESERVED
CVE-2019-16829
	RESERVED
CVE-2019-16828
	RESERVED
CVE-2019-16827
	RESERVED
CVE-2019-16826
	RESERVED
CVE-2019-16825
	RESERVED
CVE-2019-16824
	RESERVED
CVE-2019-16823
	RESERVED
CVE-2019-16822
	RESERVED
CVE-2019-16821
	RESERVED
CVE-2019-16820
	RESERVED
CVE-2019-16819
	RESERVED
CVE-2019-16818
	RESERVED
CVE-2019-16817
	RESERVED
CVE-2019-16816
	RESERVED
CVE-2019-16815
	RESERVED
CVE-2019-16814
	RESERVED
CVE-2019-16813
	RESERVED
CVE-2019-16812
	RESERVED
CVE-2019-16811
	RESERVED
CVE-2019-16810
	RESERVED
CVE-2019-16809
	RESERVED
CVE-2019-16808
	RESERVED
CVE-2019-16807
	RESERVED
CVE-2019-16806
	RESERVED
CVE-2019-16805
	RESERVED
CVE-2019-16804
	RESERVED
CVE-2019-16803
	RESERVED
CVE-2019-16802
	RESERVED
CVE-2019-16801
	RESERVED
CVE-2019-16800
	RESERVED
CVE-2019-16799
	RESERVED
CVE-2019-16798
	RESERVED
CVE-2019-16797
	RESERVED
CVE-2019-16796
	RESERVED
CVE-2019-16795
	RESERVED
CVE-2019-16794
	RESERVED
CVE-2019-16793
	RESERVED
CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by sending the ...)
	- waitress 1.4.1-1
	[buster] - waitress <no-dsa> (Minor issue)
	[stretch] - waitress <no-dsa> (Minor issue)
	[jessie] - waitress <no-dsa> (Minor issue)
	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
	NOTE: https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...)
	- postfix-mta-sts-resolver <not-affected> (Fixed before initial upload)
	NOTE: https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
	NOT-FOR-US: Tiny File Manager
CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front  ...)
	{DLA-2056-1}
	- waitress 1.4.1-1 (bug #947433)
	[buster] - waitress <no-dsa> (Minor issue)
	[stretch] - waitress <no-dsa> (Minor issue)
	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
	NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
CVE-2019-16788
	REJECTED
CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
	- waitress 1.4.1-1 (bug #947306)
	[buster] - waitress <no-dsa> (Minor issue)
	[stretch] - waitress <no-dsa> (Minor issue)
	[jessie] - waitress <no-dsa> (Minor issue)
	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
	NOTE: https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 ...)
	- waitress 1.4.1-1 (bug #947306)
	[buster] - waitress <no-dsa> (Minor issue)
	[stretch] - waitress <no-dsa> (Minor issue)
	[jessie] - waitress <no-dsa> (Minor issue)
	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
	NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
CVE-2019-16784 (In PyInstaller before version 3.6, only on Windows, a local privilege  ...)
	NOT-FOR-US: PyInstaller on Windows
CVE-2019-16783
	RESERVED
CVE-2019-16782 (There's a possible information leak / session hijack vulnerability in  ...)
	- ruby-rack 2.1.1-2 (bug #946983)
	[buster] - ruby-rack <no-dsa> (Minor issue)
	[stretch] - ruby-rack <no-dsa> (Minor issue)
	[jessie] - ruby-rack <no-dsa> (Minor issue)
	NOTE: https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
	NOTE: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...)
	{DLA-2070-1}
	- ruby-excon 0.60.0-2 (bug #946904)
	[buster] - ruby-excon <no-dsa> (Minor issue)
	[stretch] - ruby-excon <no-dsa> (Minor issue)
	NOTE: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
	NOTE: https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29
CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSu ...)
	- tensorflow <itp> (bug #804612)
CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...)
	[experimental] - npm 6.13.4+ds-1
	- npm 6.13.4+ds-2 (bug #947127)
	[buster] - npm 5.8.0+ds6-4+deb10u1
	[jessie] - npm <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
	NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
CVE-2019-16776 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...)
	[experimental] - npm 6.13.4+ds-1
	- npm 6.13.4+ds-2 (bug #947127)
	[buster] - npm 5.8.0+ds6-4+deb10u1
	[jessie] - npm <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
	NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
CVE-2019-16775 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...)
	[experimental] - npm 6.13.4+ds-1
	- npm 6.13.4+ds-2 (bug #947127)
	[buster] - npm 5.8.0+ds6-4+deb10u1
	[jessie] - npm <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
	NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injection vul ...)
	- kopano-webapp-plugin-files 2.1.5+dfsg1-2 (unimportant)
	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2
	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13)
	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18)
	NOTE: Affected phpfastcache code is not used in kopano-webapp-plugin-files.
CVE-2019-16773
	REJECTED
CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to  ...)
	NOT-FOR-US: serialize-to-js Node package
CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
	NOT-FOR-US: Armeria
CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client coul ...)
	- puma 3.12.0-4 (bug #946312)
	[buster] - puma 3.12.0-2+deb10u1
	[stretch] - puma <no-dsa> (Minor issue)
	NOTE: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
	NOTE: https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e
CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is vulnerabl ...)
	NOT-FOR-US: serialize-javascript Node package
CVE-2019-16768 (In affected versions of Sylius, exception messages from internal excep ...)
	NOT-FOR-US: Sylius
CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...)
	NOT-FOR-US: ezmaster
CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access to someon ...)
	NOT-FOR-US: wagtail-2fa
CVE-2019-16765 (If an attacker can get a user to open a specially prepared directory t ...)
	NOT-FOR-US: Vscode
CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to denial of ...)
	NOT-FOR-US: PowAssent
CVE-2019-16763 (In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data ...)
	NOT-FOR-US: Pannellum
CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
	NOT-FOR-US: SLP
CVE-2019-16761 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
	NOT-FOR-US: SLP
CVE-2019-16760 (Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ...)
	- cargo 0.27.0-1
	NOTE: https://rustsec.org/advisories/CVE-2019-16760.html
CVE-2019-16759 (vBulletin 5.x through 5.5.4 allows remote command execution via the wi ...)
	NOT-FOR-US: vBulletin
CVE-2019-16758 (In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a  ...)
	NOT-FOR-US: Lexmark
CVE-2019-16757
	RESERVED
CVE-2019-16756
	RESERVED
CVE-2019-16755 (BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both  ...)
	NOT-FOR-US: BMC MyIT Digital Workplace DWP
CVE-2019-16754 (RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implem ...)
	NOT-FOR-US: RIOT RIOT-OS
CVE-2019-16753 (An issue was discovered in Decentralized Anonymous Payment System (DAP ...)
	NOT-FOR-US: Decentralized Anonymous Payment System (DAPS)
CVE-2019-16752 (An issue was discovered in Decentralized Anonymous Payment System (DAP ...)
	NOT-FOR-US: Decentralized Anonymous Payment System (DAPS)
CVE-2019-16751 (An issue was discovered in Devise Token Auth through 1.1.2. The omniau ...)
	NOT-FOR-US: Devise Token Auth
CVE-2019-16750
	RESERVED
CVE-2019-16749
	RESERVED
CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...)
	- wolfssl 4.2.0+dfsg-1
	NOTE: https://github.com/wolfSSL/wolfssl/issues/2459
CVE-2019-16747
	RESERVED
CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...)
	NOT-FOR-US: eBrigade
CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...)
	NOT-FOR-US: eBrigade
CVE-2019-16743 (eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. ...)
	NOT-FOR-US: eBrigade
CVE-2019-16742
	RESERVED
CVE-2019-16741
	RESERVED
CVE-2019-16740
	RESERVED
CVE-2019-16739
	RESERVED
CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information discl ...)
	{DSA-4545-1}
	- mediawiki 1:1.31.4-1
	NOTE: https://phabricator.wikimedia.org/T230402
CVE-2019-16737 (The processCommandSetMac() function of libcommon.so in Petwant PF-103  ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16736 (A stack-based buffer overflow in processCommandUploadSnapshot in libco ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16735 (A stack-based buffer overflow in processCommandUploadLog in libcommon. ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16734 (Use of default credentials for the TELNET server in Petwant PF-103 fir ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16733 (processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22 ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16732 (Unencrypted HTTP communications for firmware upgrades in Petalk AI and ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Peta ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.2 ...)
	NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...)
	- dompurify.js <removed>
	[stretch] - dompurify.js <ignored> (Minor issue)
	NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/
CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://marc.info/?l=linux-wireless&m=156901391225058&w=2
CVE-2019-16727
	RESERVED
CVE-2019-16726
	RESERVED
CVE-2019-16725 (In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks  ...)
	NOT-FOR-US: Joomla!
CVE-2019-16724 (File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary ...)
	NOT-FOR-US: File Sharing Wizard
CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authorization c ...)
	- cacti 1.2.7+ds1-1 (bug #941036)
	[buster] - cacti 1.2.2+ds1-2+deb10u2
	[stretch] - cacti <not-affected> (vulnerability introduced later)
	[jessie] - cacti <not-affected> (vulnerability introduced later)
	NOTE: vulnerability introduced in
	NOTE: https://github.com/Cacti/cacti/commit/cf73ae1a9f65b5a27d7f9d10c8e14835c3a76326
	NOTE: see Debian bug report for more information
	NOTE: https://github.com/Cacti/cacti/issues/2964
	NOTE: https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264
	NOTE: https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2
	NOTE: after further discussion, upstream issued a new fix which reverts previous commits
	NOTE: https://github.com/Cacti/cacti/commit/cfb0733597af97abc92270de4f47cbfa32f9ce8b
	NOTE: which turned out to be insufficient to fix the issue, follow up patches:
	NOTE: https://github.com/Cacti/cacti/commit/9a1d2ec46d2dde23826c134ca70a0cd3bef43ee7
	NOTE: https://github.com/Cacti/cacti/commit/d5f98679a06aa96adfe04f60908f9108cfc9f7f7
	NOTE: https://github.com/Cacti/cacti/commit/4cecb19f6be8b84fa1c7b6450b66176007cb53df
	NOTE: The original issue mentions only a bypass via graph_json.php but there are
	NOTE: additional permission checks missed while checking the issue fixed with the
	NOTE: upstream commits.
CVE-2019-16722 (ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against  ...)
	NOT-FOR-US: ZZZCMS
CVE-2019-16721 (NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as de ...)
	NOT-FOR-US: NoneCMS
CVE-2019-16720 (ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins ...)
	NOT-FOR-US: ZZZCMS
CVE-2019-16719 (WTCMS 1.0 allows index.php?g=admin&amp;m=index&amp;a=index CSRF with r ...)
	NOT-FOR-US: WTCMS
CVE-2019-16718 (In radare2 before 3.9.0, a command injection vulnerability exists in b ...)
	- radare2 <not-affected> (Incomplete fixes for CVE-2019-14745 not applied)
CVE-2019-16717 (OX App Suite through 7.10.2 has XSS. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-16716 (OX App Suite through 7.10.2 has Incorrect Access Control. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-16715
	RESERVED
CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
	- imagemagick <unfixed> (unimportant)
	- graphicsmagick 1.4+really1.3.33+hg16117-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
	- hunspell 1.7.0-3 (unimportant; bug #941185)
	NOTE: Negligible security impact
	NOTE: https://github.com/butterflyhack/hunspell-crash
	NOTE: https://github.com/hunspell/hunspell/issues/624
CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account via ad ...)
	NOT-FOR-US: kkcms
CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
	NOT-FOR-US: Home Assistant
CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...)
	{DSA-4555-1 DLA-2000-1}
	- pam-python 1.0.7-1 (bug #942514)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
	NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...)
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
CVE-2019-16705 (Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in th ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/178
CVE-2019-16704 (admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-16703 (admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: Integard Pro
CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
	NOT-FOR-US: pfSense
CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...)
	NOT-FOR-US: TYPO3 extension
CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...)
	NOT-FOR-US: TYPO3 extension
CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...)
	NOT-FOR-US: TYPO3 extension
CVE-2019-16697
	RESERVED
CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...)
	NOT-FOR-US: phpIPAM
CVE-2019-16695 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...)
	NOT-FOR-US: phpIPAM
CVE-2019-16694 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit- ...)
	NOT-FOR-US: phpIPAM
CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order ...)
	NOT-FOR-US: phpIPAM
CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...)
	NOT-FOR-US: phpIPAM
CVE-2019-16691
	REJECTED
CVE-2019-16690
	RESERVED
CVE-2019-16689
	RESERVED
CVE-2019-16688 (Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_te ...)
	- dolibarr <removed>
CVE-2019-16687 (Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section ...)
	- dolibarr <removed>
CVE-2019-16686 (Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A us ...)
	- dolibarr <removed>
CVE-2019-16685 (Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Descripti ...)
	- dolibarr <removed>
CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. When any ...)
	NOT-FOR-US: Xoops
CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...)
	NOT-FOR-US: Xoops
CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3  ...)
	NOT-FOR-US: TYPO3 extension
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established  ...)
	NOT-FOR-US: Mastodon
CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...)
	NOT-FOR-US: Traveloka
CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...)
	{DSA-4537-1 DLA-1938-1}
	- file-roller 3.30.0-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794337
	NOTE: https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2
CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, lea ...)
	NOT-FOR-US: Gila CMS
CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...)
	NOT-FOR-US: YzmCMS
CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_method? ...)
	- ruby-simple-form <removed>
	NOTE: http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/
	NOTE: https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6
	NOTE: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
CVE-2019-16675 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
	NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-16674 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
	NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16673 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
	NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16672 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
	NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16671 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
	NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16670 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
	NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16669 (The Reset Password feature in Pagekit 1.0.17 gives a different respons ...)
	NOT-FOR-US: Pagekit CMS
CVE-2019-16668
	RESERVED
CVE-2019-16667 (diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or ...)
	NOT-FOR-US: pfSense
CVE-2019-16666
	RESERVED
CVE-2019-16665 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the conten ...)
	NOT-FOR-US: ThinkSAAS
CVE-2019-16664 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the index. ...)
	NOT-FOR-US: ThinkSAAS
CVE-2019-16663 (An issue was discovered in rConfig 3.9.2. An attacker can directly exe ...)
	NOT-FOR-US: rConfig
CVE-2019-16662 (An issue was discovered in rConfig 3.9.2. An attacker can directly exe ...)
	NOT-FOR-US: rConfig
CVE-2019-16661 (Ogma CMS 0.5 has XSS via creation of a new blog. ...)
	NOT-FOR-US: Ogma CMS
CVE-2019-16660 (joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&amp;tab=vodplay CS ...)
	NOT-FOR-US: joyplus-cms
CVE-2019-16659 (TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. ...)
	NOT-FOR-US: TuziCMS
CVE-2019-16658 (TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. ...)
	NOT-FOR-US: TuziCMS
CVE-2019-16657 (TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrate ...)
	NOT-FOR-US: TuziCMS
CVE-2019-16656 (joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP cod ...)
	NOT-FOR-US: joyplus-cms
CVE-2019-16655 (joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains av ...)
	NOT-FOR-US: joyplus-cms
CVE-2019-16654
	RESERVED
CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2. ...)
	NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS)
CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...)
	NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS)
CVE-2019-16651
	RESERVED
CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...)
	NOT-FOR-US: Supermicro
CVE-2019-16649 (On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination  ...)
	NOT-FOR-US: Supermicro
CVE-2019-16648
	RESERVED
CVE-2019-16647 (Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. ...)
	NOT-FOR-US: Maxthon
CVE-2019-16646
	RESERVED
CVE-2019-16645 (An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (suc ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2019-16644 (App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has S ...)
	NOT-FOR-US: TuziCMS
CVE-2019-16643 (An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerab ...)
	NOT-FOR-US: ZrLog
CVE-2019-16642 (App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has ...)
	NOT-FOR-US: TuziCMS
CVE-2019-16641
	RESERVED
CVE-2019-16640
	RESERVED
CVE-2019-16639
	RESERVED
CVE-2019-16638
	RESERVED
CVE-2019-16637
	RESERVED
CVE-2019-16636
	RESERVED
CVE-2019-16635
	RESERVED
CVE-2019-16634
	RESERVED
CVE-2019-16633
	RESERVED
CVE-2019-16632
	RESERVED
CVE-2019-16631
	RESERVED
CVE-2019-16630
	RESERVED
CVE-2019-16629
	RESERVED
CVE-2019-16628
	RESERVED
CVE-2019-16627
	RESERVED
CVE-2019-16626
	RESERVED
CVE-2019-16625
	RESERVED
CVE-2019-16624
	RESERVED
CVE-2019-16623
	RESERVED
CVE-2019-16622
	RESERVED
CVE-2019-16621
	RESERVED
CVE-2019-16620
	RESERVED
CVE-2019-16619
	RESERVED
CVE-2019-16618
	RESERVED
CVE-2019-16617
	RESERVED
CVE-2019-16616
	RESERVED
CVE-2019-16615
	RESERVED
CVE-2019-16614
	RESERVED
CVE-2019-16613
	RESERVED
CVE-2019-16612
	RESERVED
CVE-2019-16611
	RESERVED
CVE-2019-16610
	RESERVED
CVE-2019-16609
	RESERVED
CVE-2019-16608
	RESERVED
CVE-2019-16607
	RESERVED
CVE-2019-16606
	RESERVED
CVE-2019-16605
	RESERVED
CVE-2019-16604
	RESERVED
CVE-2019-16603
	RESERVED
CVE-2019-16602
	RESERVED
CVE-2019-16601
	RESERVED
CVE-2019-16600
	RESERVED
CVE-2019-16599
	RESERVED
CVE-2019-16598
	RESERVED
CVE-2019-16597
	RESERVED
CVE-2019-16596
	RESERVED
CVE-2019-16595
	RESERVED
CVE-2019-16594
	RESERVED
CVE-2019-16593
	RESERVED
CVE-2019-16592
	RESERVED
CVE-2019-16591
	RESERVED
CVE-2019-16590
	RESERVED
CVE-2019-16589
	RESERVED
CVE-2019-16588
	RESERVED
CVE-2019-16587
	RESERVED
CVE-2019-16586
	RESERVED
CVE-2019-16585
	RESERVED
CVE-2019-16584
	RESERVED
CVE-2019-16583
	RESERVED
CVE-2019-16582
	RESERVED
CVE-2019-16581
	RESERVED
CVE-2019-16580
	RESERVED
CVE-2019-16579
	RESERVED
CVE-2019-16578
	RESERVED
CVE-2019-16577
	RESERVED
CVE-2019-16576 (A missing permission check in Jenkins Alauda Kubernetes Suport Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16575 (A cross-site request forgery vulnerability in Jenkins Alauda Kubernete ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16574 (A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16573 (A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16572 (Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16571 (A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earli ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16570 (A cross-site request forgery vulnerability in Jenkins RapidDeploy Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16569 (A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16568 (Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously confi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16567 (A missing permission check in Jenkins Team Concert Plugin 1.3.0 and ea ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16566 (A missing permission check in Jenkins Team Concert Plugin 1.3.0 and ea ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16565 (A cross-site request forgery vulnerability in Jenkins Team Concert Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16564 (Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escap ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16563 (Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16562 (Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the des ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16561 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16560 (A cross-site request forgery vulnerability in Jenkins WebSphere Deploy ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16559 (A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16558 (Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16557 (Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16556 (Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16555 (A user-supplied regular expression in Jenkins Build Failure Analyzer P ...)
	NOT-FOR-US: Jenkins Build Failure Analyzer Plugin
CVE-2019-16554 (A missing permission check in Jenkins Build Failure Analyzer Plugin 1. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16553 (A cross-site request forgery vulnerability in Jenkins Build Failure An ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16552 (A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16551 (A cross-site request forgery vulnerability in Jenkins Gerrit Trigger P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16550 (A cross-site request forgery vulnerability in a connection test form m ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16549 (Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16548 (A cross-site request forgery vulnerability in Jenkins Google Compute E ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16547 (Missing permission checks in various API endpoints in Jenkins Google C ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16546 (Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16545 (Jenkins QMetry for JIRA - Test Management Plugin transmits credentials ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16544 (Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16543 (Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials une ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16542 (Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16541 (Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (f ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16540 (A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16539 (A missing permission check in Jenkins Support Core Plugin 2.63 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-16538 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2016-11013 (The wp-listings plugin before 2.0.2 for WordPress has includes/views/s ...)
	NOT-FOR-US: wp-listings plugin for WordPress
CVE-2016-11012 (The sola-support-tickets plugin before 3.13 for WordPress has incorrec ...)
	NOT-FOR-US: sola-support-tickets plugin for WordPress
CVE-2016-11011 (The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_o ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11010 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11009 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11008 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11007 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11006 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11005 (The instalinker plugin before 1.1.2 for WordPress has includes/instali ...)
	NOT-FOR-US: instalinker plugin for WordPress
CVE-2016-11004 (The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privi ...)
	NOT-FOR-US: Elegant Themes Monarch plugin for WordPress
CVE-2016-11003 (The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privile ...)
	NOT-FOR-US: Elegant Themes Bloom plugin for WordPress
CVE-2016-11002 (The Elegant Themes Extra theme before 1.2.4 for WordPress has privileg ...)
	NOT-FOR-US: Elegant Themes Extra theme for WordPress
CVE-2016-11001 (The user-submitted-posts plugin before 20160215 for WordPress has XSS  ...)
	NOT-FOR-US: user-submitted-posts plugin for WordPress
CVE-2016-11000 (The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL inje ...)
	NOT-FOR-US: wp-ultimate-exporter plugin for WordPress
CVE-2016-10999 (The Goodnews theme through 2016-02-28 for WordPress has XSS via the s  ...)
	NOT-FOR-US: Goodnews theme for WordPress
CVE-2016-10998 (The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/pl ...)
	NOT-FOR-US: ocim-mp3 plugin for WordPress
CVE-2016-10997 (The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant a ...)
	NOT-FOR-US: beauty-premium theme for WordPress
CVE-2016-10996 (The optinmonster plugin before 1.1.4.6 for WordPress has incorrect acc ...)
	NOT-FOR-US: optinmonster plugin for WordPress
CVE-2015-9408 (The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options ...)
	NOT-FOR-US: xpinner-lite plugin for WordPress
CVE-2015-9407 (The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php ...)
	NOT-FOR-US: xpinner-lite plugin for WordPress
CVE-2015-9406 (Directory traversal vulnerability in the mTheme-Unus theme before 2.3  ...)
	NOT-FOR-US: mTheme-Unus theme for WordPress
CVE-2015-9405 (The wp-piwik plugin before 1.0.5 for WordPress has XSS. ...)
	NOT-FOR-US: wp-piwik plugin for WordPress
CVE-2015-9404 (The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. ...)
	NOT-FOR-US: neuvoo-jobroll plugin for WordPress
CVE-2015-9403 (The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. ...)
	NOT-FOR-US: neuvoo-jobroll plugin for WordPress
CVE-2015-9402 (The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs ...)
	NOT-FOR-US: users-ultra plugin for WordPress
CVE-2015-9401 (The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/to ...)
	NOT-FOR-US: websimon-tables plugin for WordPress
CVE-2015-9400 (The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admi ...)
	NOT-FOR-US: wordpress-meta-robots plugin for WordPress
CVE-2015-9399 (The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/gr ...)
	NOT-FOR-US: wp-stats-dashboard plugin for WordPress
CVE-2015-9398 (The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php  ...)
	NOT-FOR-US: gocodes plugin for WordPress
CVE-2015-9397 (The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php  ...)
	NOT-FOR-US: gocodes plugin for WordPress
CVE-2015-9396 (The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content ...)
	NOT-FOR-US: auto-thickbox-plus plugin for WordPress
CVE-2015-9395 (The users-ultra plugin before 1.5.64 for WordPress has SQL Injection v ...)
	NOT-FOR-US: users-ultra plugin for WordPress
CVE-2015-9394 (The users-ultra plugin before 1.5.63 for WordPress has CSRF via action ...)
	NOT-FOR-US: users-ultra plugin for WordPress
CVE-2015-9393 (The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_d ...)
	NOT-FOR-US: users-ultra plugin for WordPress
CVE-2015-9392 (The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_n ...)
	NOT-FOR-US: users-ultra plugin for WordPress
CVE-2015-9391 (The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 pa ...)
	NOT-FOR-US: yawpp plugin for WordPress
CVE-2015-9390 (The admin-management-xtended plugin before 2.4.0.1 for WordPress has p ...)
	NOT-FOR-US: admin-management-xtended plugin for WordPress
CVE-2015-9389 (The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz n ...)
	NOT-FOR-US: mtouch-quiz plugin for WordPress
CVE-2015-9388 (The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.ph ...)
	NOT-FOR-US: mtouch-quiz plugin for WordPress
CVE-2015-9387 (The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options ...)
	NOT-FOR-US: mtouch-quiz plugin for WordPress
CVE-2015-9386 (The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz ...)
	NOT-FOR-US: mtouch-quiz plugin for WordPress
CVE-2015-9385 (The quotes-and-tips plugin before 1.20 for WordPress has XSS. ...)
	NOT-FOR-US: quotes-and-tips plugin for WordPress
CVE-2015-9384 (The relevant plugin before 1.0.8 for WordPress has XSS. ...)
	NOT-FOR-US: relevant plugin for WordPress
CVE-2014-10397 (The Antioch theme through 2014-09-07 for WordPress allows arbitrary fi ...)
	NOT-FOR-US: Antioch theme for WordPress
CVE-2014-10396 (The epic theme through 2014-09-07 for WordPress allows arbitrary file  ...)
	NOT-FOR-US: epic theme for WordPress
CVE-2019-16537
	RESERVED
CVE-2019-16536
	RESERVED
CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB write and ...)
	NOT-FOR-US: ClickHouse
CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a c ...)
	NOT-FOR-US: DrayTek Vigor2925 devices
CVE-2019-16533 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access C ...)
	NOT-FOR-US: DrayTek Vigor2925 devices
CVE-2019-16532 (An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A m ...)
	NOT-FOR-US: YzmCMS
CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...)
	NOT-FOR-US: LayerBB
CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3. ...)
	NOT-FOR-US: Sonatype
CVE-2019-16529 (An issue was discovered in the CheckUser extension through 1.35.0 for  ...)
	NOT-FOR-US: CheckUser extension for MediawWiki
CVE-2019-16528 (An issue was discovered in the AbuseFilter extension for MediaWiki. in ...)
	NOT-FOR-US: AbuseFilter extension for MediawWiki
CVE-2019-16527
	RESERVED
CVE-2019-16526
	RESERVED
CVE-2019-16525 (An XSS issue was discovered in the checklist plugin before 1.1.9 for W ...)
	NOT-FOR-US: checklist plugin for WordPress
CVE-2019-16524 (The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBo ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16523 (The events-manager plugin through 5.9.5 for WordPress (aka Events Mana ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16522 (The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie La ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16521 (The broken-link-checker plugin through 1.11.8 for WordPress (aka Broke ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16520 (The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to exe ...)
	NOT-FOR-US: ESET Cyber Security
CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...)
	NOT-FOR-US: Swell Kit Mod devices
CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
	NOT-FOR-US: ConnectWise Control
CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
	NOT-FOR-US: ConnectWise Control
CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
	NOT-FOR-US: ConnectWise Control
CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
	NOT-FOR-US: ConnectWise Control
CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
	NOT-FOR-US: ConnectWise Control
CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
	NOT-FOR-US: ConnectWise Control
CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...)
	NOT-FOR-US: FireGiant
CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady  ...)
	NOT-FOR-US: libIEC61850
CVE-2019-16509
	RESERVED
CVE-2019-16508 (The Imagination Technologies driver for Chrome OS before R74-11895.B,  ...)
	NOT-FOR-US: Imagination Technologies driver for Chrome OS
CVE-2019-16507
	RESERVED
CVE-2019-16506
	RESERVED
CVE-2019-16505
	RESERVED
CVE-2019-16504
	RESERVED
CVE-2019-16503
	RESERVED
CVE-2019-16502
	RESERVED
CVE-2019-16501
	RESERVED
CVE-2019-16500
	RESERVED
CVE-2019-16499
	RESERVED
CVE-2019-16498
	RESERVED
CVE-2019-16497
	RESERVED
CVE-2019-16496
	RESERVED
CVE-2019-16495
	RESERVED
CVE-2019-16494
	RESERVED
CVE-2019-16493
	RESERVED
CVE-2019-16492
	RESERVED
CVE-2019-16491
	RESERVED
CVE-2019-16490
	RESERVED
CVE-2019-16489
	RESERVED
CVE-2019-16488
	RESERVED
CVE-2019-16487
	RESERVED
CVE-2019-16486
	RESERVED
CVE-2019-16485
	RESERVED
CVE-2019-16484
	RESERVED
CVE-2019-16483
	RESERVED
CVE-2019-16482
	RESERVED
CVE-2019-16481
	RESERVED
CVE-2019-16480
	RESERVED
CVE-2019-16479
	RESERVED
CVE-2019-16478
	RESERVED
CVE-2019-16477
	RESERVED
CVE-2019-16476
	RESERVED
CVE-2019-16475
	RESERVED
CVE-2019-16474
	RESERVED
CVE-2019-16473
	RESERVED
CVE-2019-16472
	RESERVED
CVE-2019-16471
	RESERVED
CVE-2019-16470
	RESERVED
CVE-2019-16469 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2019-16468 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2019-16467 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2019-16466 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2019-16465 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16464 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16463 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16462 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16461 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16460 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16459 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16458 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16457 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16456 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16455 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16454 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16453 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16452 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16451 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16450 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16449 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16448 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16447
	RESERVED
CVE-2019-16446 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16445 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16444 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-16443
	RESERVED
CVE-2019-16442
	RESERVED
CVE-2019-16441
	RESERVED
CVE-2019-16440
	RESERVED
CVE-2019-16439
	RESERVED
CVE-2019-16438
	RESERVED
CVE-2019-16437
	RESERVED
CVE-2019-16436
	RESERVED
CVE-2019-16435
	RESERVED
CVE-2019-16434
	RESERVED
CVE-2019-16433
	RESERVED
CVE-2019-16432
	RESERVED
CVE-2019-16431
	RESERVED
CVE-2019-16430
	RESERVED
CVE-2019-16429
	RESERVED
CVE-2019-16428
	RESERVED
CVE-2019-16427
	RESERVED
CVE-2019-16426
	RESERVED
CVE-2019-16425
	RESERVED
CVE-2019-16424
	RESERVED
CVE-2019-16423
	RESERVED
CVE-2019-16422
	RESERVED
CVE-2019-16421
	RESERVED
CVE-2019-16420
	RESERVED
CVE-2019-16419
	RESERVED
CVE-2019-16418
	RESERVED
CVE-2019-16417 (HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense rep ...)
	NOT-FOR-US: HRworks FLOW
CVE-2019-16416 (HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. ...)
	NOT-FOR-US: HRworks
CVE-2019-16415
	RESERVED
CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malici ...)
	NOT-FOR-US: GFI Kerio Control
CVE-2019-16413 (An issue was discovered in the Linux kernel before 5.0.4. The 9p files ...)
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux 3.16.70-1
	NOTE: https://git.kernel.org/linus/5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f
CVE-2019-16412 (In goform/setSysTools on Tenda N301 wireless routers, attackers can tr ...)
	NOT-FOR-US: Tenda
CVE-2019-16411 (An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 pa ...)
	- suricata 1:4.1.5-1 (low)
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple fragmen ...)
	- suricata 1:4.1.5-1 (low)
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16409 (In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpu ...)
	NOT-FOR-US: SilverStripe
CVE-2019-16408
	RESERVED
CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a DLL Hi ...)
	NOT-FOR-US: JetBrains ReSharper installer
CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19. ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...)
	NOT-FOR-US: OpenEMR
CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...)
	NOT-FOR-US: Webkul Bagisto
CVE-2019-16402
	RESERVED
CVE-2019-16401 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...)
	NOT-FOR-US: Samsung
CVE-2019-16400 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...)
	NOT-FOR-US: Samsung
CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...)
	NOT-FOR-US: Western Digital
CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution ca ...)
	NOT-FOR-US: Keeper
CVE-2019-16397
	RESERVED
CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...)
	- gnucobol <unfixed> (low; bug #940950)
	[buster] - gnucobol <ignored> (Minor issue)
	- open-cobol <removed>
	[stretch] - open-cobol <ignored> (Minor issue)
	[jessie] - open-cobol <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/open-cobol/bugs/587/
CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...)
	- gnucobol <unfixed> (low; bug #940949)
	[buster] - gnucobol <ignored> (Minor issue)
	- open-cobol <removed>
	[stretch] - open-cobol <ignored> (Minor issue)
	[jessie] - open-cobol <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/open-cobol/bugs/586/
CVE-2019-16390
	RESERVED
CVE-2019-16389
	RESERVED
CVE-2019-16388 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to Information disclo ...)
	NOT-FOR-US: PEGA Platform
CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso ...)
	NOT-FOR-US: PEGA Platform
CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information  ...)
	NOT-FOR-US: PEGA Platform
CVE-2019-16385 (Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting vi ...)
	NOT-FOR-US: Cybele Thinfinity VirtualUI
CVE-2019-16384 (Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that ca ...)
	NOT-FOR-US: Cybele Thinfinity VirtualUI
CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
	NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2019-16381
	RESERVED
CVE-2019-16380
	RESERVED
CVE-2019-16379
	RESERVED
CVE-2016-10995 (The Tevolution plugin before 2.3.0 for WordPress has arbitrary file up ...)
	NOT-FOR-US: Tevolution plugin for WordPress
CVE-2016-10994 (The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. ...)
	NOT-FOR-US: Truemag theme for WordPress
CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s p ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via the wp- ...)
	NOT-FOR-US: music-store plugin for WordPress
CVE-2016-10991 (The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclu ...)
	NOT-FOR-US: imdb-widget plugin for WordPress
CVE-2016-10990 (The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwar ...)
	NOT-FOR-US: wp-cerber plugin for WordPress
CVE-2016-10989 (The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?p ...)
	NOT-FOR-US: leenkme plugin for WordPress
CVE-2016-10988 (The leenkme plugin before 2.6.0 for WordPress has stored XSS via faceb ...)
	NOT-FOR-US: leenkme plugin for WordPress
CVE-2016-10987 (The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_s ...)
	NOT-FOR-US: persian-woocommerce-sms plugin for WordPress
CVE-2016-10986 (The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consum ...)
	NOT-FOR-US: tweet-wheel plugin for WordPress
CVE-2016-10985 (The echosign plugin before 1.2 for WordPress has XSS via the templates ...)
	NOT-FOR-US: echosign plugin for WordPress
CVE-2016-10984 (The echosign plugin before 1.2 for WordPress has XSS via the inc.php p ...)
	NOT-FOR-US: echosign plugin for WordPress
CVE-2016-10983 (The ghost plugin before 0.5.6 for WordPress has no access control for  ...)
	NOT-FOR-US: ghost plugin for WordPress
CVE-2016-10982 (The kento-post-view-counter plugin through 2.8 for WordPress has wp-ad ...)
	NOT-FOR-US: kento-post-view-counter plugin for WordPress
CVE-2016-10981 (The kento-post-view-counter plugin through 2.8 for WordPress has store ...)
	NOT-FOR-US: kento-post-view-counter plugin for WordPress
CVE-2016-10980 (The kento-post-view-counter plugin through 2.8 for WordPress has XSS v ...)
	NOT-FOR-US: kento-post-view-counter plugin for WordPress
CVE-2016-10979 (The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. ...)
	NOT-FOR-US: fossura-tag-miner plugin for WordPress
CVE-2016-10978 (The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. ...)
	NOT-FOR-US: fossura-tag-miner plugin for WordPress
CVE-2016-10977 (The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=.. ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10976 (The safe-editor plugin before 1.2 for WordPress has no se_save authent ...)
	NOT-FOR-US: safe-editor plugin for WordPress
CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has r ...)
	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Co ...)
	NOT-FOR-US: makandra consul gem
CVE-2019-16376
	RESERVED
CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
	- otrs2 6.0.23-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <no-dsa> (Minor issue)
	NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/
	NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x)
	NOTE: https://github.com/OTRS/otrs/commit/03ca8f396b1aa9933c212a63f52a9ea26c06e7da (5.x)
CVE-2019-16394 (SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...)
	{DSA-4532-1 DLA-1975-1}
	- spip 3.2.5-1
	NOTE: https://core.spip.net/issues/4171
	NOTE: https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone
	NOTE: https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone
CVE-2019-16393 (SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ...)
	{DSA-4532-1 DLA-1975-1}
	- spip 3.2.5-1
	NOTE: https://core.spip.net/issues/4362
	NOTE: https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
CVE-2019-16392 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ...)
	{DSA-4532-1 DLA-1975-1}
	- spip 3.2.5-1
	NOTE: https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028
CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors  ...)
	{DSA-4532-1 DLA-1975-1}
	- spip 3.2.5-1
	NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
	NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
CVE-2019-16374
	RESERVED
CVE-2019-16373
	RESERVED
CVE-2019-16372
	RESERVED
CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted ...)
	NOT-FOR-US: LogMeIn LastPass
CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...)
	- gradle <unfixed> (low; bug #941186)
	[buster] - gradle <no-dsa> (Minor issue)
	[stretch] - gradle <no-dsa> (Minor issue)
	[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with apt signatures)
	NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
CVE-2019-16369
	RESERVED
CVE-2019-16368
	RESERVED
CVE-2019-16367
	RESERVED
CVE-2019-16366 (In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer ove ...)
	NOT-FOR-US: Moddable SDK
CVE-2019-16365
	RESERVED
CVE-2019-16364
	RESERVED
CVE-2019-16363
	RESERVED
CVE-2019-16362
	RESERVED
CVE-2019-16361
	RESERVED
CVE-2019-16360
	RESERVED
CVE-2019-16359
	RESERVED
CVE-2019-16358
	RESERVED
CVE-2019-16357
	RESERVED
CVE-2019-16356
	RESERVED
CVE-2019-16355 (The File Session Manager in Beego 1.10.0 allows local users to read se ...)
	NOT-FOR-US: Beego
CVE-2019-16354 (The File Session Manager in Beego 1.10.0 allows local users to read se ...)
	NOT-FOR-US: Beego
CVE-2019-16353 (Emerson GE Automation Proficy Machine Edition 8.0 allows an access vio ...)
	NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
CVE-2019-16352 (ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load ...)
	NOT-FOR-US: ffjpeg
CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_dec ...)
	NOT-FOR-US: ffjpeg
CVE-2019-16350 (ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() ...)
	NOT-FOR-US: ffjpeg
CVE-2019-16349 (Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::Rea ...)
	NOT-FOR-US: Bento4
CVE-2019-16348 (marc-q libwav through 2017-04-20 has a NULL pointer dereference in gai ...)
	NOT-FOR-US: libwav
CVE-2019-16347 (ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngifl ...)
	NOT-FOR-US: ngiflib
CVE-2019-16346 (ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngifli ...)
	NOT-FOR-US: ngiflib
CVE-2019-16345
	RESERVED
CVE-2019-16344 (A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR ...)
	NOT-FOR-US: ScadaBR
CVE-2019-16343
	RESERVED
CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. ...)
	[experimental] - gpac <unfixed> (bug #940855)
	- gpac <not-affected> (Vulnerable code introduced in 0.6.0)
	NOTE: https://github.com/gpac/gpac/issues/1183
	NOTE: Introduced in https://github.com/gpac/gpac/commit/6cfd65819add78426d9635e3f8358f8bc149b645 (v0.6.0)
	NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.)
CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1  ...)
	{DLA-2072-1}
	- gpac <unfixed> (bug #940882)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1180
	NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13
CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...)
	{DLA-2072-1}
	- gpac <unfixed> (bug #940882)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1179
	NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f
CVE-2019-16342
	RESERVED
CVE-2019-16341
	RESERVED
CVE-2019-16340 (Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to d ...)
	NOT-FOR-US: Belkin
CVE-2019-16339
	RESERVED
CVE-2019-16338 (The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 a ...)
	NOT-FOR-US: Hancom Office
CVE-2019-16337 (The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-f ...)
	NOT-FOR-US: Hancom Office
CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...)
	NOT-FOR-US: Cypress
CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DSA-4542-1 DLA-1943-1}
	- jackson-databind 2.10.0-1 (bug #940498)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
	NOTE: https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categ ...)
	NOT-FOR-US: Bludit
CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in adm ...)
	NOT-FOR-US: GetSimple CMS
CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, the serve ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-12412 [Remotely exploitable null pointer dereference bug]
	RESERVED
	{DSA-4541-1 DLA-1944-1}
	- libapreq2 2.13-6 (bug #939937)
	NOTE: https://svn.apache.org/r1866760
CVE-2019-16331
	RESERVED
CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site script ...)
	NOT-FOR-US: NCH Express Accounts Accounting
CVE-2019-16329
	RESERVED
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify  ...)
	- rpyc <removed>
CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...)
	NOT-FOR-US: D-Link
CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token  ...)
	NOT-FOR-US: D-Link
CVE-2019-16325
	RESERVED
CVE-2019-16324
	RESERVED
CVE-2019-16323
	RESERVED
CVE-2019-16322
	RESERVED
CVE-2019-16321 (ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a ...)
	NOT-FOR-US: ScadaBR
CVE-2019-16320 (Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers ...)
	NOT-FOR-US: Cobham Sea Tel
CVE-2019-16318 (In Pimcore before 5.7.1, an attacker with limited privileges can bypas ...)
	NOT-FOR-US: Pimcore
CVE-2019-16317 (In Pimcore before 5.7.1, an attacker with limited privileges can trigg ...)
	NOT-FOR-US: Pimcore
CVE-2019-16316
	RESERVED
CVE-2019-16315
	RESERVED
CVE-2019-16314 (Indexhibit 2.1.5 allows a product reinstallation, with resultant remot ...)
	NOT-FOR-US: Indexhibit
CVE-2019-16313 (ifw8 Router ROM v4.31 allows credential disclosure by reading the acti ...)
	NOT-FOR-US: ifw8 Router ROM
CVE-2019-16312 (s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. ...)
	NOT-FOR-US: s-cms
CVE-2019-16311 (NIUSHOP V1.11 has CSRF via search&amp;#95;info to index.php. ...)
	NOT-FOR-US: NIUSHOP
CVE-2019-16310 (NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. ...)
	NOT-FOR-US: NIUSHOP
CVE-2019-16309 (FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. ...)
	NOT-FOR-US: FlameCMS
CVE-2019-16308
	RESERVED
CVE-2019-16307 (A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx modu ...)
	NOT-FOR-US: Fuji
CVE-2019-16306
	RESERVED
CVE-2019-16305 (In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to comm ...)
	NOT-FOR-US: MobaXterm
CVE-2019-16304
	RESERVED
CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 and JHipst ...)
	NOT-FOR-US: JHipster
CVE-2019-16302 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16301 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16300 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16299 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16298 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16297 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16296
	RESERVED
CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...)
	NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-16294 (SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote  ...)
	NOT-FOR-US: Notepad++
CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
	NOT-FOR-US: Open-AudIT
CVE-2019-16292
	RESERVED
CVE-2019-16291
	RESERVED
CVE-2019-16290
	RESERVED
CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
	NOT-FOR-US: Tenda
CVE-2019-16287 (In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able t ...)
	NOT-FOR-US: HP
CVE-2019-16286 (An attacker may be able to bypass the OS application filter meant to r ...)
	NOT-FOR-US: HP
CVE-2019-16285 (If a local user has been configured and logged in, an unauthenticated  ...)
	NOT-FOR-US: HP
CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP  ...)
	NOT-FOR-US: HP
CVE-2019-16283
	RESERVED
CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...)
	NOT-FOR-US: NCH Express Invoice
CVE-2019-16281
	RESERVED
CVE-2019-16280
	RESERVED
CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd through 1 ...)
	- nostromo <itp> (bug #493645)
CVE-2019-16278 (Directory Traversal in the function http_verify in nostromo nhttpd thr ...)
	- nostromo <itp> (bug #493645)
CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
	NOT-FOR-US: PicoC
CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script injection vi ...)
	NOT-FOR-US: newspaper theme for WordPress
CVE-2016-10973 (The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: Brafton plugin for WordPress
CVE-2016-10972 (The newspaper theme before 6.7.2 for WordPress has a lack of options a ...)
	NOT-FOR-US: newspaper theme for WordPress
CVE-2016-10971 (The MemberSonic Lite plugin before 1.302 for WordPress has incorrect l ...)
	NOT-FOR-US: MemberSonic Lite plugin for WordPress
CVE-2016-10970 (The supportflow plugin before 0.7 for WordPress has XSS via a ticket e ...)
	NOT-FOR-US: supportflow plugin for WordPress
CVE-2016-10969 (The supportflow plugin before 0.7 for WordPress has XSS via a discussi ...)
	NOT-FOR-US: supportflow plugin for WordPress
CVE-2016-10968 (The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePre ...)
	NOT-FOR-US: peepso-core plugin for WordPress
CVE-2016-10967 (The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-c ...)
	NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
CVE-2016-10966 (The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ dir ...)
	NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
CVE-2016-10965 (The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ d ...)
	NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
CVE-2016-10964 (The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent ...)
	NOT-FOR-US: dwnldr plugin for WordPress
CVE-2016-10963 (The icegram plugin before 1.9.19 for WordPress has XSS. ...)
	NOT-FOR-US: icegram plugin for WordPress
CVE-2016-10962 (The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-adm ...)
	NOT-FOR-US: icegram plugin for WordPress
CVE-2016-10961 (The colorway theme before 3.4.2 for WordPress has XSS via the contactN ...)
	NOT-FOR-US: colorway theme for WordPress
CVE-2016-10960 (The wsecure plugin before 2.4 for WordPress has remote code execution  ...)
	NOT-FOR-US: wsecure plugin for WordPress
CVE-2016-10959 (The estatik plugin before 2.3.1 for WordPress has authenticated arbitr ...)
	NOT-FOR-US: estatik plugin for WordPress
CVE-2016-10958 (The estatik plugin before 2.3.0 for WordPress has unauthenticated arbi ...)
	NOT-FOR-US: estatik plugin for WordPress
CVE-2016-10957 (The Akal theme through 2016-08-22 for WordPress has XSS via the framew ...)
	NOT-FOR-US: Akal theme for WordPress
CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file inclusion in co ...)
	NOT-FOR-US: mail-masta plugin for WordPress
CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
	NOT-FOR-US: Integard
CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...)
	- wireshark 3.0.4-1 (low)
	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a
CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smugglin ...)
	{DSA-4534-1}
	- golang-1.13 1.13.1-1
	- golang-1.12 1.12.10-1 (bug #941173)
	- golang-1.11 <removed>
	- golang-1.8 <removed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (does not makes sense to fix in jessie if not in later dists)
	NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
	NOTE: https://golang.org/issue/34540
	NOTE: https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c (golang-1.13)
	NOTE: https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8 (golang-1.12)
CVE-2019-16274 (DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data fi ...)
	NOT-FOR-US: DTEN D5 devices
CVE-2019-16273 (DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell a ...)
	NOT-FOR-US: DTEN D5 devices
CVE-2019-16272 (On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for fi ...)
	NOT-FOR-US: DTEN D5 devices
CVE-2019-16271 (DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read sa ...)
	NOT-FOR-US: DTEN D5 devices
CVE-2019-16270
	RESERVED
CVE-2019-16269
	RESERVED
CVE-2019-16268
	RESERVED
CVE-2019-16267
	RESERVED
CVE-2019-16266
	RESERVED
CVE-2019-16265 (CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. ...)
	NOT-FOR-US: 3S-Smart CODESYS
CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...)
	NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)
CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...)
	NOT-FOR-US: Twitter Kit framework
CVE-2019-16262
	RESERVED
CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST req ...)
	NOT-FOR-US: Tripp Lite PDUMH15AT
CVE-2019-16260
	RESERVED
CVE-2019-16259
	RESERVED
CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0 allows attack ...)
	NOT-FOR-US: homee Brain Cube V2
CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T ...)
	NOT-FOR-US: SIMalliance Toolbox Browser
CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T  ...)
	NOT-FOR-US: SIMalliance Toolbox Browser
CVE-2017-18633
	RESERVED
CVE-2017-18632
	RESERVED
CVE-2017-18631
	RESERVED
CVE-2017-18630
	RESERVED
CVE-2017-18629
	RESERVED
CVE-2017-18628
	RESERVED
CVE-2017-18627
	RESERVED
CVE-2017-18626
	RESERVED
CVE-2017-18625
	RESERVED
CVE-2017-18624
	RESERVED
CVE-2017-18623
	RESERVED
CVE-2017-18622
	RESERVED
CVE-2017-18621
	RESERVED
CVE-2017-18620
	RESERVED
CVE-2017-18619
	RESERVED
CVE-2017-18618
	RESERVED
CVE-2017-18617
	RESERVED
CVE-2017-18616
	RESERVED
CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
	{DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
	- ruby2.5 2.5.7-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- jruby <unfixed>
	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
	NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
	{DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
	- ruby2.5 2.5.7-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- jruby <unfixed>
	NOTE: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
	NOTE: https://hackerone.com/reports/331984
	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...)
	NOT-FOR-US: Samsung
CVE-2019-16252 (Missing SSL Certificate Validation in the Nutfind.com application thro ...)
	NOT-FOR-US: Nutfind
CVE-2019-16251 (plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework thro ...)
	NOT-FOR-US: YIT Plugin Framework
CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...)
	NOT-FOR-US: Ocean Extra plugin for WordPress
CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...)
	- opencv <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/opencv/opencv/issues/15481
	NOTE: https://github.com/opencv/opencv/commit/cd7fa04985b10db5e66de542725d0da57f0d10b6
	NOTE: Issue was present in experimental, but suites up to unstable never were
	NOTE: shiping the vulnerable code.
CVE-2019-16248 (The "delete for" feature in Telegram before 5.11 on Android does not d ...)
	NOT-FOR-US: Telegram for Android
CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommL ...)
	NOT-FOR-US: Delta DCISoft
CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a differen ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...)
	NOT-FOR-US: OMERO
CVE-2019-16244
	RESERVED
CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...)
	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...)
	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16240
	RESERVED
CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
	{DSA-4607-1 DLA-1945-1}
	- openconnect 8.02-1.1 (bug #940871)
	NOTE: http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html
	NOTE: https://github.com/openconnect/openconnect/commit/875f0a65ab73f4fb581ca870fd3a901bd278f8e8
CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a si ...)
	{DSA-4526-1}
	- opendmarc 1.3.2-7 (bug #940081)
	NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/48
CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect  ...)
	{DSA-4538-1 DLA-1922-1}
	- wpa 2:2.9-2 (bug #940080)
	[stretch] - wpa <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/11/7
	NOTE: https://w1.fi/security/2019-7/
CVE-2019-16238 (Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged ...)
	NOT-FOR-US: Afterlogic Aurora
CVE-2019-16237 (Dino before 2019-09-10 does not properly check the source of an MAM me ...)
	{DSA-4524-1}
	- dino-im 0.0.git20190911.2a70a4e-1
	NOTE: https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363
	NOTE: https://gultsch.de/dino_multiple.html
CVE-2019-16236 (Dino before 2019-09-10 does not check roster push authorization in mod ...)
	{DSA-4524-1}
	- dino-im 0.0.git20190911.2a70a4e-1
	NOTE: https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9
	NOTE: https://gultsch.de/dino_multiple.html
CVE-2019-16235 (Dino before 2019-09-10 does not properly check the source of a carbons ...)
	{DSA-4524-1}
	- dino-im 0.0.git20190911.2a70a4e-1
	NOTE: https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930
	NOTE: https://gultsch.de/dino_multiple.html
CVE-2019-16234 (drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5. ...)
	- linux <unfixed> (unimportant)
	NOTE: https://lkml.org/lkml/2019/9/9/487
	NOTE: Requires memory allocation failure during device probe, so unlikely to
	NOTE: be exploitable, and then it's only a local DoS.
CVE-2019-16233 (drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not chec ...)
	- linux <unfixed> (unimportant)
	NOTE: https://lkml.org/lkml/2019/9/9/487
	NOTE: Requires memory allocation failure during device probe, so unlikely to
	NOTE: be exploitable, and then it's only a local DoS.
CVE-2019-16232 (drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5. ...)
	- linux <unfixed> (unimportant)
	NOTE: https://lkml.org/lkml/2019/9/9/487
	NOTE: Requires memory allocation failure during device probe, so unlikely to
	NOTE: be exploitable, and then it's only a local DoS.
CVE-2019-16231 (drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check ...)
	- linux <unfixed> (unimportant)
	NOTE: https://lkml.org/lkml/2019/9/9/487
	NOTE: Requires memory allocation failure during device probe, so unlikely to
	NOTE: be exploitable, and then it's only a local DoS.
CVE-2019-16230 (** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux ke ...)
	- linux <unfixed> (unimportant)
	NOTE: https://lkml.org/lkml/2019/9/9/487
	NOTE: Requires memory allocation failure during device probe, so unlikely to
	NOTE: be exploitable, and then it's only a local DoS.
CVE-2019-16229 (** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux ...)
	- linux <unfixed> (unimportant)
	NOTE: https://lkml.org/lkml/2019/9/9/487
	NOTE: Requires memory allocation failure during device probe, so unlikely to
	NOTE: be exploitable, and then it's only a local DoS.
CVE-2019-16228 (An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...)
	- py-lmdb <unfixed> (unimportant)
	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16227 (An issue was discovered in py-lmdb 0.97. For certain values of mn_flag ...)
	- py-lmdb <unfixed> (unimportant)
	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16226 (An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...)
	- py-lmdb <unfixed> (unimportant)
	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...)
	- py-lmdb <unfixed> (unimportant)
	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...)
	- py-lmdb <unfixed> (unimportant)
	NOTE: https://github.com/jnwatson/py-lmdb/issues/210
	NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
	NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://core.trac.wordpress.org/changeset/45997
	NOTE: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://core.trac.wordpress.org/changeset/45971
	NOTE: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...)
	{DSA-4599-1 DLA-1960-1}
	- wordpress 5.2.3+dfsg1-1 (bug #939543)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://core.trac.wordpress.org/changeset/45936
CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME types of upl ...)
	- zulip-server <itp> (bug #800052)
CVE-2019-16215 (The Markdown parser in Zulip server before 2.0.5 used a regular expres ...)
	- zulip-server <itp> (bug #800052)
CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...)
	NOT-FOR-US: Libra
CVE-2019-16213 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authe ...)
	NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
CVE-2019-16212
	RESERVED
CVE-2019-16211
	RESERVED
CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...)
	NOT-FOR-US: Brocade
CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...)
	NOT-FOR-US: Brocade
CVE-2019-16208 (Password-based encryption (PBE) algorithm, of Brocade SANnav versions  ...)
	NOT-FOR-US: Brocade
CVE-2019-16207 (Brocade SANnav versions before v2.0 use a hard-coded password, which c ...)
	NOT-FOR-US: Brocade
CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before v2.0,  ...)
	NOT-FOR-US: Brocade
CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...)
	NOT-FOR-US: Brocade
CVE-2019-16204 (Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1 ...)
	NOT-FOR-US: Brocade Fabric OS
CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the ...)
	NOT-FOR-US: Brocade Fabric OS
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
	NOT-FOR-US: MISP
CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
	{DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
	- ruby2.5 2.5.7-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- jruby <unfixed>
	NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
	NOTE: https://hackerone.com/reports/661722
	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
CVE-2019-16200 (GNU Serveez through 0.2.2 has an Information Leak. An attacker may sen ...)
	- serveez <removed>
CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...)
	NOT-FOR-US: eQ-3 Homematic CCU2
CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by t ...)
	NOT-FOR-US: KSLabs KSWEB
CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-A ...)
	- dolibarr <removed>
CVE-2019-16196
	RESERVED
CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 a ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks  ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
	NOT-FOR-US: ArcGIS Enterprise
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
	NOT-FOR-US: DocCMS
CVE-2019-16191
	RESERVED
CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L RE ...)
	NOT-FOR-US: D-Link
CVE-2019-16189
	RESERVED
CVE-2019-16188 (HCL AppScan Source before 9.03.13 is susceptible to XML External Entit ...)
	NOT-FOR-US: HCL AppScan Source
CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
	NOT-FOR-US: magic-fields plugin for WordPress
CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
	NOT-FOR-US: magic-fields plugin for WordPress
CVE-2017-18609 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the cus ...)
	NOT-FOR-US: magic-fields plugin for WordPress
CVE-2017-18608 (The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS ...)
	NOT-FOR-US: spotim-comments plugin for WordPress
CVE-2017-18607 (The avada theme before 5.1.5 for WordPress has CSRF. ...)
	NOT-FOR-US: avada theme for WordPress
CVE-2017-18606 (The avada theme before 5.1.5 for WordPress has stored XSS. ...)
	NOT-FOR-US: avada theme for WordPress
CVE-2017-18605 (The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Ob ...)
	NOT-FOR-US: gravitate-qa-tracker plugin for WordPress
CVE-2017-18604 (The sitebuilder-dynamic-components plugin through 1.0 for WordPress ha ...)
	NOT-FOR-US: sitebuilder-dynamic-components plugin for WordPress
CVE-2017-18603 (The postman-smtp plugin through 2017-10-04 for WordPress has XSS via t ...)
	NOT-FOR-US: postman-smtp plugin for WordPress
CVE-2017-18602 (The examapp plugin 1.0 for WordPress has SQL injection via the wp-admi ...)
	NOT-FOR-US: examapp plugin for WordPress
CVE-2017-18601 (The examapp plugin 1.0 for WordPress has XSS via exam input text field ...)
	NOT-FOR-US: examapp plugin for WordPress
CVE-2017-18600 (The formcraft3 plugin before 3.4 for WordPress has stored XSS via the  ...)
	NOT-FOR-US: formcraft3 plugin for WordPress
CVE-2017-18599 (The Pinfinity theme before 2.0 for WordPress has XSS via the s paramet ...)
	NOT-FOR-US: Pinfinity theme for WordPress
CVE-2017-18598 (The Qards plugin through 2017-10-11 for WordPress has XSS via a remote ...)
	NOT-FOR-US: Qards plugin for WordPress
CVE-2017-18597 (The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL I ...)
	NOT-FOR-US: jtrt-responsive-tables plugin for WordPress
CVE-2017-18596 (The elementor plugin before 1.8.0 for WordPress has incorrect access c ...)
	NOT-FOR-US: elementor plugin for WordPress
CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnl ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the plugin manage ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16185 (In Limesurvey before 3.17.14, admin users can view, update, or delete  ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16184 (A CSV injection vulnerability was found in Limesurvey before 3.17.14 t ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16183 (In Limesurvey before 3.17.14, admin users can run an integrity check w ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16182 (A reflected cross-site scripting (XSS) vulnerability was found in Lime ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16181 (In Limesurvey before 3.17.14, admin users can mark other users' notifi ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16180 (Limesurvey before 3.17.14 allows remote attackers to bruteforce the lo ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16179 (Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the defaul ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16178 (A stored cross-site scripting (XSS) vulnerability was found in Limesur ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16177 (In Limesurvey before 3.17.14, the entire database is exposed through b ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16176 (A path disclosure vulnerability was found in Limesurvey before 3.17.14 ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16175 (A clickjacking vulnerability was found in Limesurvey before 3.17.14. ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16174 (An XML injection vulnerability was found in Limesurvey before 3.17.14  ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating privile ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating privileges ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-16171 (In JetBrains YouTrack through 2019.2.56594, stored XSS was found on th ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and 12.x bef ...)
	[experimental] - gitlab 12.0.9-1
	- gitlab 12.6.8-3 (bug #940007)
	NOTE: https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/
CVE-2019-16169
	RESERVED
CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Overflow ...)
	- sysstat 12.1.7-1 (bug #939914)
	[buster] - sysstat <no-dsa> (Minor issue, can be fixed via point release)
	[stretch] - sysstat <not-affected> (Vulnerable code introduced later)
	[jessie] - sysstat <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sysstat/sysstat/issues/230
	NOTE: Introduced after: https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c (v11.7.1)
	NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/edbf507678bf10914e9804ff8a06737fdcb2e781
CVE-2019-16166 (GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...)
	- cflow <unfixed> (unimportant; bug #939916)
	NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html
	NOTE: Crash in CLI tool, no security impact
CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference function i ...)
	- cflow <unfixed> (unimportant; bug #939915)
	NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
	NOTE: Crash in CLI tool, no security impact
CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...)
	NOT-FOR-US: MyHTML
CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ...)
	{DLA-1918-1}
	- libonig 6.9.4-1 (low; bug #939988)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	NOTE: https://github.com/kkos/oniguruma/issues/147
	NOTE: https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180
CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class bec ...)
	NOT-FOR-US: Onigmo (fork of Oniguruma)
CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...)
	NOT-FOR-US: Onigmo (fork of Oniguruma)
CVE-2019-16160
	RESERVED
CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
	- bird 1.6.8-1 (bug #939990)
	[buster] - bird 1.6.6-1+deb10u1
	[stretch] - bird <not-affected> (Vulnerable code introduced later)
	[jessie] - bird <not-affected> (Vulnerable code introduced later)
	- bird2 2.0.6-1 (bug #940522)
	NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b (1.6.x)
	NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c (2.0.x)
CVE-2019-16158
	RESERVED
CVE-2019-16157 (An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI a ...)
	NOT-FOR-US: Fortiguard
CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...)
	NOT-FOR-US: Fortiguard
CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...)
	NOT-FOR-US: Fortiguard FortiClient
CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...)
	NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...)
	NOT-FOR-US: Fortinet
CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 ...)
	NOT-FOR-US: Fortiguard FortiClient
CVE-2019-16151
	RESERVED
CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...)
	NOT-FOR-US: Fortiguard
CVE-2019-16149
	RESERVED
CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
	- sqlite3 3.29.0-2
	[buster] - sqlite3 <no-dsa> (Minor issue)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
	NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
	NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
	NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
	NOT-FOR-US: Sakai
CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
	NOT-FOR-US: Liferay Portal
CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
	NOT-FOR-US: Gophish
CVE-2019-16145 (The breadcrumbs contributed module through 0.2.0 for Padrino Framework ...)
	NOT-FOR-US: Padrino module
CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...)
	NOT-FOR-US: Rust crate generator
CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...)
	NOT-FOR-US: Rust crate blake
CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust.  ...)
	NOT-FOR-US: Rust crate renderdoc
CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust.  ...)
	- rust-once-cell <not-affected> (Only affects 0.2.5 and later)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...)
	NOT-FOR-US: Rust crate chttp
CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...)
	NOT-FOR-US: Rust crate renderdoc
CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...)
	- rust-image <not-affected> (Fixed before initial upload)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
CVE-2019-16137 (An issue was discovered in the spin crate before 0.5.2 for Rust, when  ...)
	- rust-spin 0.5.2-1
	[buster] - rust-spin <no-dsa> (Minor issue)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html
CVE-2019-16136
	RESERVED
CVE-2019-16135
	RESERVED
CVE-2019-16134
	RESERVED
CVE-2019-16133 (An issue was discovered in eteams OA v4.0.34. Because the session is n ...)
	NOT-FOR-US: eteams
CVE-2019-16132 (An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control ...)
	NOT-FOR-US: OKLite
CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary ...)
	NOT-FOR-US: OKLite
CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
	NOT-FOR-US: YII2-CMS
CVE-2019-16129
	RESERVED
CVE-2019-16128
	RESERVED
CVE-2019-16127
	RESERVED
CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
	NOT-FOR-US: Grav CMS
CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
	NOT-FOR-US: Jobberbase
CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has no acce ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-16123 (In Kartatopia PilusCart 1.4.1, the parameter filename in the file cata ...)
	NOT-FOR-US: Kartatopia PilusCart
CVE-2019-16122
	RESERVED
CVE-2019-16121
	RESERVED
CVE-2019-16120 (CSV injection in the event-tickets (Event Tickets) plugin before 4.10. ...)
	NOT-FOR-US: event-tickets (Event Tickets) plugin for WordPress
CVE-2019-16119 (SQL injection in the photo-gallery (10Web Photo Gallery) plugin before ...)
	NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress
CVE-2019-16118 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery)  ...)
	NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress
CVE-2019-16117 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery)  ...)
	NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress
CVE-2019-16116 (EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable  ...)
	NOT-FOR-US: EnterpriseDT CompleteFTP Server
CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...)
	NOT-FOR-US: ATutor
CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
	NOT-FOR-US: Bludit
CVE-2019-16112 (TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting ...)
	NOT-FOR-US: TylerTech Eagle
CVE-2019-16111
	RESERVED
CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote attac ...)
	NOT-FOR-US: Blade Shadow
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
	NOT-FOR-US: Plataformatec Devise
CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) to ...)
	NOT-FOR-US: phpBB
CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
	NOT-FOR-US: phpBB
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
	NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16104 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via th ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16103 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalat ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16102 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16101 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers  ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16100 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers  ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16099 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON dat ...)
	NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16098 (The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys ...)
	NOT-FOR-US: Micro-Star MSI Afterburner
CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users  ...)
	NOT-FOR-US: Harbor
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
	{DLA-1976-1}
	- imapfilter 1:2.6.13-1 (bug #939702)
	[buster] - imapfilter <no-dsa> (Minor issue)
	[stretch] - imapfilter <no-dsa> (Minor issue)
	NOTE: https://github.com/lefcha/imapfilter/issues/142
	NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0  and later):
	NOTE: https://github.com/lefcha/imapfilter/commit/bf2515da752eddd54973adb0853c6aa289e921b6
	NOTE: Patch for support for hostname validation (for OpenSSL 1.0.2 and later):
	NOTE: https://github.com/lefcha/imapfilter/commit/3daa2692e37fc52ce630e39a3fb6faf270c054b1
CVE-2019-16096 (Kilo 0.0.1 has a heap-based buffer overflow because there is an intege ...)
	NOT-FOR-US: Kilo
CVE-2019-16095 (Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/rea ...)
	- libmysofa 0.8~dfsg0-1 (bug #939735)
	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
CVE-2019-16094 (Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDat ...)
	- libmysofa 0.8~dfsg0-1 (bug #939735)
	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
CVE-2019-16093 (Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDa ...)
	- libmysofa 0.8~dfsg0-1 (bug #939735)
	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
CVE-2019-16092 (Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hr ...)
	- libmysofa 0.8~dfsg0-1 (bug #939735)
	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
CVE-2019-16091 (Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in ...)
	- libmysofa 0.8~dfsg0-1 (bug #939735)
	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
CVE-2019-16090
	RESERVED
CVE-2019-16088 (Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16087
	RESERVED
CVE-2019-16086
	RESERVED
CVE-2019-16085
	RESERVED
CVE-2019-16084
	RESERVED
CVE-2019-16083
	RESERVED
CVE-2019-16082
	RESERVED
CVE-2019-16081
	RESERVED
CVE-2019-16080
	RESERVED
CVE-2019-16079
	RESERVED
CVE-2019-16078
	RESERVED
CVE-2019-16077
	RESERVED
CVE-2019-16076
	RESERVED
CVE-2019-16075
	RESERVED
CVE-2019-16074
	RESERVED
CVE-2019-16073
	RESERVED
CVE-2019-16072 (An OS command injection vulnerability in the discover_and_manage CGI s ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16071 (Enigma NMS 65.0.0 and prior allows administrative users to create low- ...)
	NOT-FOR-US: Enigma NMS
CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16069 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16068 (A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and pr ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over  ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and system fi ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16065 (A remote SQL injection web vulnerability was discovered in the Enigma  ...)
	NOT-FOR-US: Enigma NMS
CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal  ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16063 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data ren ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data sto ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are ...)
	NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
	- linux <unfixed>
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...)
	NOT-FOR-US: Airbrake Ruby notifier
CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker t ...)
	NOT-FOR-US: Sentrifugo
CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for O ...)
	- pam-p11 0.3.1-1 (bug #939664)
	[buster] - pam-p11 <no-dsa> (Minor issue)
	[stretch] - pam-p11 <no-dsa> (Minor issue)
	[jessie] - pam-p11 <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
	NOTE: PKCS11_sign() is used in Jessie and Stretch and has a similar problem as EVP_SignFinal() everywhere else
CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...)
	NOT-FOR-US: D-Link
CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)
	{DLA-1925-1 DLA-1924-1}
	- python3.8 3.8.0~b4-1
	- python3.7 3.7.4-4
	[buster] - python3.7 3.7.3-2+deb10u1
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.17~rc1-1 (bug #940901)
	[buster] - python2.7 2.7.16-2+deb10u1
	[stretch] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue34155
	NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master)
	NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4)
	NOTE: https://github.com/python/cpython/commit/c48d606adcef395e59fd555496c42203b01dd3e8 (3.7 branch)
	NOTE: https://github.com/python/cpython/commit/13a19139b5e76175bc95294d54afc9425e4f36c9 (3.6 branch)
	NOTE: https://github.com/python/cpython/commit/063eba280a11d3c9a5dd9ee5abe4de640907951b (3.5 branch)
	NOTE: https://github.com/python/cpython/commit/4cbcd2f8c4e12b912e4d21fd892eedf7a3813d8e (2.7 branch)
CVE-2019-16055
	RESERVED
CVE-2019-16054
	RESERVED
CVE-2019-16053
	RESERVED
CVE-2019-16052
	RESERVED
CVE-2019-16051
	RESERVED
CVE-2019-16050
	RESERVED
CVE-2019-16049
	RESERVED
CVE-2019-16048
	RESERVED
CVE-2019-16047
	RESERVED
CVE-2019-16046
	RESERVED
CVE-2019-16045
	RESERVED
CVE-2019-16044
	RESERVED
CVE-2019-16043
	RESERVED
CVE-2019-16042
	RESERVED
CVE-2019-16041
	RESERVED
CVE-2019-16040
	RESERVED
CVE-2019-16039
	RESERVED
CVE-2019-16038
	RESERVED
CVE-2019-16037
	RESERVED
CVE-2019-16036
	RESERVED
CVE-2019-16035
	RESERVED
CVE-2019-16034
	RESERVED
CVE-2019-16033
	RESERVED
CVE-2019-16032
	RESERVED
CVE-2019-16031
	RESERVED
CVE-2019-16030
	RESERVED
CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-16028
	RESERVED
CVE-2019-16027 (A vulnerability in the implementation of the Intermediate System&amp;n ...)
	NOT-FOR-US: Cisco
CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...)
	NOT-FOR-US: Cisco
CVE-2019-16025
	RESERVED
CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
	NOT-FOR-US: Cisco
CVE-2019-16023
	RESERVED
CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
	NOT-FOR-US: Cisco
CVE-2019-16021
	RESERVED
CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
	NOT-FOR-US: Cisco
CVE-2019-16019
	RESERVED
CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
	NOT-FOR-US: Cisco
CVE-2019-16017
	RESERVED
CVE-2019-16016
	RESERVED
CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...)
	NOT-FOR-US: Cisco
CVE-2019-16014
	RESERVED
CVE-2019-16013
	RESERVED
CVE-2019-16012 (A vulnerability in the web UI of Cisco SD-WAN Solution vManage softwar ...)
	NOT-FOR-US: Cisco
CVE-2019-16011 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
	NOT-FOR-US: Cisco
CVE-2019-16009
	RESERVED
CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...)
	NOT-FOR-US: Cisco
CVE-2019-16007
	RESERVED
CVE-2019-16006
	RESERVED
CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...)
	NOT-FOR-US: Cisco
CVE-2019-16004
	RESERVED
CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...)
	NOT-FOR-US: Cisco
CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...)
	NOT-FOR-US: Cisco
CVE-2019-16000
	RESERVED
CVE-2019-15999 (A vulnerability in the application environment of Cisco Data Center Ne ...)
	NOT-FOR-US: Cisco
CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF over Secure ...)
	NOT-FOR-US: Cisco
CVE-2019-15997 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2019-15996 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector could all ...)
	NOT-FOR-US: Cisco
CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco Stealth ...)
	NOT-FOR-US: Cisco
CVE-2019-15993
	RESERVED
CVE-2019-15992
	RESERVED
CVE-2019-15991
	RESERVED
CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-15989 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
	NOT-FOR-US: Cisco
CVE-2019-15988 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2019-15987 (A vulnerability in web interface of the Cisco Webex Event Center, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-15986 (A vulnerability in the CLI of Cisco Unity Express could allow an authe ...)
	NOT-FOR-US: Cisco
CVE-2019-15985 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...)
	NOT-FOR-US: Cisco
CVE-2019-15984 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...)
	NOT-FOR-US: Cisco
CVE-2019-15983 (A vulnerability in the SOAP API of Cisco Data Center Network Manager ( ...)
	NOT-FOR-US: Cisco
CVE-2019-15982 (Multiple vulnerabilities in the REST and SOAP API endpoints and the Ap ...)
	NOT-FOR-US: Cisco
CVE-2019-15981 (Multiple vulnerabilities in the REST and SOAP API endpoints and the Ap ...)
	NOT-FOR-US: Cisco
CVE-2019-15980 (Multiple vulnerabilities in the REST and SOAP API endpoints and the Ap ...)
	NOT-FOR-US: Cisco
CVE-2019-15979 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...)
	NOT-FOR-US: Cisco
CVE-2019-15978 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...)
	NOT-FOR-US: Cisco
CVE-2019-15977 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...)
	NOT-FOR-US: Cisco
CVE-2019-15976 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...)
	NOT-FOR-US: Cisco
CVE-2019-15975 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...)
	NOT-FOR-US: Cisco
CVE-2019-15974
	RESERVED
CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco Industr ...)
	NOT-FOR-US: Cisco
CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS Software  ...)
	NOT-FOR-US: Cisco
CVE-2019-15970
	RESERVED
CVE-2019-15969
	RESERVED
CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-15966 (A vulnerability in the web application of Cisco TelePresence Advanced  ...)
	NOT-FOR-US: Cisco TelePresence Advanced Media Gateway
CVE-2019-15965
	RESERVED
CVE-2019-15964
	RESERVED
CVE-2019-15963
	RESERVED
CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...)
	{DLA-2108-1}
	- clamav 0.102.1+dfsg-1 (bug #945265)
	[buster] - clamav 0.102.1+dfsg-0+deb10u1
	[stretch] - clamav 0.102.1+dfsg-0+deb9u2
	NOTE: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of Cisco Web ...)
	NOT-FOR-US: Cisco
CVE-2019-15959
	RESERVED
CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and ...)
	NOT-FOR-US: Cisco
CVE-2019-15957
	RESERVED
CVE-2019-15956 (A vulnerability in the web management interface of Cisco AsyncOS Softw ...)
	NOT-FOR-US: Cisco
CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
	NOT-FOR-US: Total.js CMS
CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
	NOT-FOR-US: Total.js CMS
CVE-2019-15953 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
	NOT-FOR-US: Total.js CMS
CVE-2019-15952 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)
	NOT-FOR-US: Total.js CMS
CVE-2019-15951
	RESERVED
CVE-2019-15950 (The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard d ...)
	NOT-FOR-US: Redmine plugin
CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root. The ex ...)
	NOT-FOR-US: Nagios XI
CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller dev ...)
	NOT-FOR-US: Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices
CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted  ...)
	- bitcoin <unfixed> (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
	{DLA-1916-1}
	- opensc 0.20.0-1 (bug #939669)
	[buster] - opensc <no-dsa> (Minor issue)
	[stretch] - opensc <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
	{DLA-1916-1}
	- opensc 0.20.0-1 (bug #939668)
	[buster] - opensc <no-dsa> (Minor issue)
	[stretch] - opensc <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
	NOT-FOR-US: Counter-Strike: Global Offensive
CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allow ...)
	NOT-FOR-US: Counter-Strike: Global Offensive
CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
	- ffmpeg <not-affected> (Only affects 4.2)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an  ...)
	{DSA-4533-1}
	- lemonldap-ng 2.0.6+ds-1
	[stretch] - lemonldap-ng <ignored> (Restrictions on OIDC federation added in 2.0)
	[jessie] - lemonldap-ng <not-affected> (Vulnerable code introduced later)
	NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on OIDC federation
	NOTE: were added only in 2.0 the vulnerability has no effect. The vulnerability
	NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC before)
CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
	NOT-FOR-US: Victure PC530 devices
CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
	- opencv 4.1.2+dfsg-3
	[buster] - opencv <no-dsa> (Minor issue)
	[stretch] - opencv <no-dsa> (Minor issue)
	[jessie] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenCV/opencv/issues/15287
	NOTE: https://github.com/opencv/opencv/pull/15382
CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
	NOT-FOR-US: Pengutronix barebox
CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
	NOT-FOR-US: Pengutronix barebox
CVE-2019-15936 (Intesync Solismed 3.3sp allows Insecure File Upload. ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15935 (Intesync Solismed 3.3sp has XSS. ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15934 (Intesync Solismed 3.3sp has CSRF. ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15933 (Intesync Solismed 3.3sp has SQL Injection. ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15932 (Intesync Solismed 3.3sp has Incorrect Access Control. ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15931 (Intesync Solismed 3.3sp allows Directory Traversal, a different vulner ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15930 (Intesync Solismed 3.3sp allows Clickjacking. ...)
	NOT-FOR-US: Intesync Solismed
CVE-2019-15929 (In Craft CMS through 3.1.7, the elevated session password prompt was n ...)
	NOT-FOR-US: Craft CMS
CVE-2019-15928
	RESERVED
CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An out-of-b ...)
	- linux 4.19.16-1
	[stretch] - linux 4.9.161-1
	[jessie] - linux 3.16.68-1
	NOTE: https://git.kernel.org/linus/f4351a199cc120ff9d59e06d02e8657d08e6cc46
CVE-2019-15926 (An issue was discovered in the Linux kernel before 5.2.3. Out of bound ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.189-1
	NOTE: https://git.kernel.org/linus/5d6751eaff672ea77642e74e92e6c0ac7f9709ab
CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out of bo ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90
CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...)
	{DLA-1950-1}
	- openjpeg2 2.3.1-1 (bug #939553)
	[buster] - openjpeg2 2.3.0-2+deb10u1
	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
	NOTE: https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
CVE-2018-21009 (Poppler before 0.66.0 has an integer overflow in Parser::makeStream in ...)
	{DLA-1939-1}
	- poppler 0.69.0-2
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A use-after ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 4.18.6-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/abd39c6ded9db53aa44c2540092bdd5fb6590fa8
CVE-2017-18595 (An issue was discovered in the Linux kernel before 4.14.11. A double f ...)
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux 3.16.56-1
	NOTE: https://git.kernel.org/linus/4397f04575c44e1440ec2e49b6302785c95fd2f8
CVE-2019-15924 (An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_ ...)
	{DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/01ca667133d019edc9f0a1f70a272447c84ec41f
CVE-2019-15923 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...)
	- linux <not-affected> (Vulnerability never present)
	NOTE: https://git.kernel.org/linus/f0d1762554014ce0ae347b9f0d088f2c157c8c72
	NOTE: unimportant as CONFIG_PARIDE_PCD not enabled in Debian builds
CVE-2019-15922 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...)
	- linux <not-affected> (Vulnerability never present)
	NOTE: https://git.kernel.org/linus/58ccd2d31e502c37e108b285bf3d343eb00c235b
	NOTE: unimportant as CONFIG_PARIDE_PF not enabled in Debian builds
CVE-2019-15921 (An issue was discovered in the Linux kernel before 5.0.6. There is a m ...)
	- linux 4.19.37-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/ceabee6c59943bdd5e1da1a6a20dc7ee5f8113a2
CVE-2019-15920 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_read i ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/088aaf17aa79300cab14dbee2569c58cfafd7d6e
CVE-2019-15919 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_write  ...)
	- linux 4.19.37-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/6a3eb3360667170988f8a6477f6686242061488a
CVE-2019-15918 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_negoti ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://git.kernel.org/linus/b57a55e2200ede754e4dc9cce4ba9402544b9365
CVE-2019-15917 (An issue was discovered in the Linux kernel before 5.0.5. There is a u ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/56897b217a1d0a91c9920cb418d6b3fe922f590a
CVE-2019-15916 (An issue was discovered in the Linux kernel before 5.0.1. There is a m ...)
	- linux 4.19.28-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux 3.16.70-1
	NOTE: https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab
CVE-2019-15915 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCG ...)
	NOT-FOR-US: Xiaomi devices
CVE-2019-15914 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...)
	NOT-FOR-US: Xiaomi devices
CVE-2019-15913 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...)
	NOT-FOR-US: Xiaomi devices
CVE-2019-15912 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101,  ...)
	NOT-FOR-US: ASUS devices
CVE-2019-15911 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101,  ...)
	NOT-FOR-US: ASUS devices
CVE-2019-15910 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101,  ...)
	NOT-FOR-US: ASUS devices
CVE-2019-15909
	RESERVED
CVE-2019-15908
	RESERVED
CVE-2019-15907
	RESERVED
CVE-2019-15906
	RESERVED
CVE-2019-15905
	RESERVED
CVE-2019-15904
	RESERVED
CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
	{DSA-4571-1 DSA-4549-1 DSA-4530-1 DLA-1997-1 DLA-1987-1 DLA-1912-1}
	- expat 2.2.7-2 (bug #939394)
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- chromium <not-affected> (uses system libexpat)
	- thunderbird 1:68.2.1-1
	NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
	NOTE: https://github.com/libexpat/libexpat/issues/317
	NOTE: https://github.com/libexpat/libexpat/pull/318
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-15903
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-15903
	NOTE: src:hromium uses the system expat library.
CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...)
	{DSA-4531-1 DLA-1940-1}
	- linux 5.2.17-1
	[jessie] - linux <not-affected> (Bug never introduced)
	NOTE: https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
CVE-2019-15901 (An issue was discovered in slicer69 doas before 6.2 on certain platfor ...)
	NOT-FOR-US: slicer69 doas
CVE-2019-15900 (An issue was discovered in slicer69 doas before 6.2 on certain platfor ...)
	NOT-FOR-US: slicer69 doas
CVE-2019-15899
	RESERVED
CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the username o ...)
	NOT-FOR-US: Nagios Log Server
CVE-2019-15897 (beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Byp ...)
	NOT-FOR-US: BeeGFS
CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 for Wor ...)
	NOT-FOR-US: LifterLMS plugin for WordPress
CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
	NOT-FOR-US: "Search Exclude" plugin for WordPress
CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...)
	NOT-FOR-US: Espressif
CVE-2019-15893 (Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Cod ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
	NOT-FOR-US: CKFinder
CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...)
	{DSA-4616-1 DLA-1927-1}
	- slirp4netns 0.4.1-1 (bug #939868)
	[buster] - slirp4netns <no-dsa> (Minor issue)
	- qemu 1:4.1-2 (bug #939869)
	- qemu-kvm <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/06/3
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204
	NOTE: 1:4.1-2 switched to system libslirp, marking that version as fixed
CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has XSS via th ...)
	NOT-FOR-US: download-manager plugin for WordPress
CVE-2019-15888
	RESERVED
CVE-2019-15887
	RESERVED
CVE-2019-15886
	RESERVED
CVE-2019-15885
	RESERVED
CVE-2019-15884
	RESERVED
CVE-2019-15883
	RESERVED
CVE-2019-15882
	RESERVED
CVE-2019-15881
	RESERVED
CVE-2019-15880 (In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, ins ...)
	NOT-FOR-US: FreeBSD
CVE-2019-15879 (In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-ST ...)
	NOT-FOR-US: FreeBSD
CVE-2019-15878 (In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:14.sctp.asc
CVE-2019-15877 (In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-REL ...)
	NOT-FOR-US: FreeBSD
CVE-2019-15876 (In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEAS ...)
	NOT-FOR-US: FreeBSD
CVE-2019-15875 (In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc
CVE-2019-15874 (In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:10.ipfw.asc
CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin before 2.8 ...)
	NOT-FOR-US: profilegrid-user-profiles-groups-and-communities plugin for WordPress
CVE-2019-15872 (The LoginPress plugin before 1.1.4 for WordPress has SQL injection via ...)
	NOT-FOR-US: LoginPress plugin for WordPress
CVE-2019-15871 (The LoginPress plugin before 1.1.4 for WordPress has no capability che ...)
	NOT-FOR-US: LoginPress plugin for WordPress
CVE-2019-15870 (The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Ph ...)
	NOT-FOR-US: CarSpot theme for WordPress
CVE-2019-15869 (The JobCareer theme before 2.5.1 for WordPress has stored XSS. ...)
	NOT-FOR-US: JobCareer theme for WordPress
CVE-2019-15868 (The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. ...)
	NOT-FOR-US: affiliates-manager plugin for WordPress
CVE-2019-15867 (The slick-popup plugin before 1.7.2 for WordPress has a hardcoded Omak ...)
	NOT-FOR-US: slick-popup plugin for WordPress
CVE-2019-15866 (The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file ...)
	NOT-FOR-US: crelly-slider plugin for WordPress
CVE-2019-15865 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. ...)
	NOT-FOR-US: breadcrumbs-by-menu plugin for WordPress
CVE-2019-15864 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. ...)
	NOT-FOR-US: breadcrumbs-by-menu plugin for WordPress
CVE-2019-15863 (The ConvertPlus plugin before 3.4.5 for WordPress has an unintended ac ...)
	NOT-FOR-US: ConvertPlus plugin for WordPress
CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x a ...)
	{DSA-4514-1}
	- varnish 6.2.1-1 (bug #939333)
	[stretch] - varnish <not-affected> (Only a security issue in 6.0 and later)
	[jessie] - varnish <not-affected> (Only a security issue in 6.0 and later)
	NOTE: https://varnish-cache.org/security/VSV00003.html
	NOTE: https://github.com/varnishcache/varnish-cache/commit/1cb778f6f69737109e8c070a74b8e95b78f46d13
	NOTE: https://github.com/varnishcache/varnish-cache/commit/0f0e51e9871ed1bd1236378f8b0dea0d33df4e9e
	NOTE: https://github.com/varnishcache/varnish-cache/commit/72df38fa8bfc0f5ca4a75d3e32657e8e590d85ab
	NOTE: https://github.com/varnishcache/varnish-cache/commit/dd47e658a0de9d12c433a4a01fb43ea4fe4d3a41
	NOTE: https://github.com/varnishcache/varnish-cache/commit/34717183beda3803e3d54c9826a1a9f026ca2505
	NOTE: https://github.com/varnishcache/varnish-cache/commit/ec3997a59a93cbc13a3cba22dfe0b4c4710a8f65
	NOTE: https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973
	NOTE: https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af
CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper checks o ...)
	NOT-FOR-US: CKFinder
CVE-2019-15861
	RESERVED
CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-15859 (Password disclosure in the web interface on socomec DIRIS A-40 devices ...)
	NOT-FOR-US: DIRIS
CVE-2019-15858 (admin/includes/class.import.snippet.php in the "Woody ad snippets" plu ...)
	NOT-FOR-US: "Woody ad snippets" plugin for WordPress
CVE-2019-15857
	RESERVED
CVE-2019-15856
	RESERVED
CVE-2019-15855 (An issue was discovered in Maarch RM before 2.5. A path traversal vuln ...)
	NOT-FOR-US: Maarch RM
CVE-2019-15854 (An issue was discovered in Maarch RM before 2.5. A privilege escalatio ...)
	NOT-FOR-US: Maarch RM
CVE-2019-15853
	RESERVED
CVE-2019-15852
	RESERVED
CVE-2019-15851
	REJECTED
CVE-2019-15850 (eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execut ...)
	NOT-FOR-US: eQ-3 HomeMatic CCU3
CVE-2019-15849 (eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attac ...)
	NOT-FOR-US: eQ-3 HomeMatic CCU3
CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XS ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10  ...)
	- gcc-7 <unfixed>
	[buster] - gcc-7 <ignored> (minor issue, affects only POWER9 binaries)
	- gcc-8 <unfixed>
	[buster] - gcc-8 <ignored> (minor issue, affects only POWER9 binaries)
	- gcc-9 9.2.1-7 (low)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
CVE-2015-9383 (FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_v ...)
	{DLA-1909-1}
	- freetype 2.6.3-1
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd
	NOTE: https://savannah.nongnu.org/bugs/?46346
CVE-2015-9382 (FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/ ...)
	{DLA-1909-1}
	- freetype 2.6.1-0.1
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73
	NOTE: https://savannah.nongnu.org/bugs/?45922
CVE-2015-9381 (FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Priv ...)
	{DLA-1909-1}
	- freetype 2.6.1-0.1
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9
	NOTE: https://savannah.nongnu.org/bugs/?45955
CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...)
	{DSA-4517-1 DLA-1911-1}
	- exim4 4.92.1-3
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
	NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
CVE-2019-15845 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ...)
	{DSA-4587-1 DSA-4586-1 DLA-2007-1}
	- ruby2.5 2.5.7-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- jruby <unfixed>
	[jessie] - jruby <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b
	NOTE: https://hackerone.com/reports/449617
	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/
CVE-2019-15844
	RESERVED
CVE-2019-15843 (A malicious file upload vulnerability was discovered in Xiaomi Millet  ...)
	NOT-FOR-US: Xiaomi
CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress  ...)
	NOT-FOR-US: easy-pdf-restaurant-menu-upload plugin for WordPress
CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CS ...)
	NOT-FOR-US: facebook-for-woocommerce plugin for WordPress
CVE-2019-15840 (The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CS ...)
	NOT-FOR-US: facebook-for-woocommerce plugin for WordPress
CVE-2019-15839 (The sina-extension-for-elementor plugin before 2.2.1 for WordPress has ...)
	NOT-FOR-US: sina-extension-for-elementor plugin for WordPress
CVE-2019-15838 (The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS ...)
	NOT-FOR-US: custom-404-pro plugin for WordPress
CVE-2019-15837 (The webp-express plugin before 0.14.8 for WordPress has stored XSS. ...)
	NOT-FOR-US: webp-express plugin for WordPress
CVE-2019-15836 (The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored X ...)
	NOT-FOR-US: wp-ultimate-recipe plugin for WordPress
CVE-2019-15835 (The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-better-permalinks plugin for WordPress
CVE-2019-15834 (The webp-converter-for-media plugin before 1.0.3 for WordPress has CSR ...)
	NOT-FOR-US: webp-converter-for-media plugin for WordPress
CVE-2019-15833 (The simple-mail-address-encoder plugin before 1.7 for WordPress has re ...)
	NOT-FOR-US: simple-mail-address-encoder plugin for WordPress
CVE-2019-15832 (The visitors-traffic-real-time-statistics plugin before 1.13 for WordP ...)
	NOT-FOR-US: visitors-traffic-real-time-statistics plugin for WordPress
CVE-2019-15831 (The visitors-traffic-real-time-statistics plugin before 1.12 for WordP ...)
	NOT-FOR-US: visitors-traffic-real-time-statistics plugin for WordPress
CVE-2019-15830 (The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. ...)
	NOT-FOR-US: icegram plugin for WordPress
CVE-2019-15829 (The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp ...)
	NOT-FOR-US: photoblocks-grid-gallery plugin for WordPress
CVE-2019-15828 (The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. ...)
	NOT-FOR-US: one-click-ssl plugin for WordPress
CVE-2019-15827 (The onesignal-free-web-push-notifications plugin before 1.17.8 for Wor ...)
	NOT-FOR-US: onesignal-free-web-push-notifications plugin for WordPress
CVE-2019-15826 (The wps-hide-login plugin before 1.5.3 for WordPress has a protection  ...)
	NOT-FOR-US: wps-hide-login plugin for WordPress
CVE-2019-15825 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp& ...)
	NOT-FOR-US: wps-hide-login plugin for WordPress
CVE-2019-15824 (The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash  ...)
	NOT-FOR-US: wps-hide-login plugin for WordPress
CVE-2019-15823 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=con ...)
	NOT-FOR-US: wps-hide-login plugin for WordPress
CVE-2019-15822 (The wps-child-theme-generator plugin before 1.2 for WordPress has clas ...)
	NOT-FOR-US: wps-child-theme-generator plugin for WordPress
CVE-2019-15821 (The bold-page-builder plugin before 2.3.2 for WordPress has no protect ...)
	NOT-FOR-US: bold-page-builder plugin for WordPress
CVE-2019-15820 (The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no ...)
	NOT-FOR-US: login-or-logout-menu-item plugin for WordPress
CVE-2019-15819 (The nd-restaurant-reservations plugin before 1.5 for WordPress has no  ...)
	NOT-FOR-US: nd-restaurant-reservations plugin for WordPress
CVE-2019-15818 (The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for  ...)
	NOT-FOR-US: simple-301-redirects-addon-bulk-uploader plugin for WordPress
CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has XSS. ...)
	NOT-FOR-US: easy-property-listings plugin for WordPress
CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has no pro ...)
	NOT-FOR-US: wp-private-content-plus plugin for WordPress
CVE-2019-15815 (ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and ea ...)
	NOT-FOR-US: ZyXEL
CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow auth ...)
	NOT-FOR-US: Sentrifugo
CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in Sentrifugo  ...)
	NOT-FOR-US: Sentrifugo
CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF. ...)
	NOT-FOR-US: photo-gallery plugin for WordPress
CVE-2019-15812
	RESERVED
CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...)
	NOT-FOR-US: DomainMOD
CVE-2019-15810 (Insufficient sanitization during device search in Netdisco 2.042010 al ...)
	NOT-FOR-US: Netdisco
CVE-2019-15809 (Smart cards from the Athena SCS manufacturer, based on the Atmel Toolb ...)
	NOT-FOR-US: Athena SCS
CVE-2019-15808
	RESERVED
CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301  ...)
	NOT-FOR-US: CommScope ARRIS TR4400 devices
CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301  ...)
	NOT-FOR-US: CommScope ARRIS TR4400 devices
CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
	NOT-FOR-US: Zyxel
CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
	NOT-FOR-US: Zyxel
CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
	NOT-FOR-US: Zyxel
CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
	NOT-FOR-US: Zyxel
CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
	NOT-FOR-US: Zyxel
CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
	NOT-FOR-US: Zyxel
CVE-2019-15798
	RESERVED
CVE-2019-15797
	RESERVED
CVE-2019-15796 (Python-apt doesn't check if hashes are signed in `Version.fetch_binary ...)
	{DSA-4609-1 DLA-2074-1}
	- python-apt 1.8.5
	NOTE: https://salsa.debian.org/apt-team/python-apt/commit/b4eef110b7ba4fb21cc0dd92585756f50e0100c9 (1.8.5)
	NOTE: https://salsa.debian.org/apt-team/python-apt/commit/e3321eb9792bf3b4cace4cee47dc6da00fbee929 (1.8.5)
CVE-2019-15795 (python-apt only checks the MD5 sums of downloaded files in `Version.fe ...)
	{DSA-4609-1 DLA-2074-1}
	- python-apt 1.8.5
	NOTE: https://salsa.debian.org/apt-team/python-apt/commit/e175130e51c2b0424f3dfeb825e3dc598fec1a24 (1.8.5)
CVE-2019-15794 (Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the ...)
	- linux <unfixed>
	[stretch] - linux <not-affected> (overlayfs passes through mmap)
	[jessie] - linux <not-affected> (overlayfs not present)
	NOTE: https://bugs.launchpad.net/bugs/1850994
CVE-2019-15793 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
	- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
CVE-2019-15792 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
	- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
CVE-2019-15791 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...)
	- linux <not-affected> (Ubuntu-specific patch set, shiftfs not in Debian kernels)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867
CVE-2019-15790 (Apport reads and writes information on a crashed process to /proc/pid  ...)
	NOT-FOR-US: Apport
CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege  ...)
	NOT-FOR-US: MicroK8s
CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d
CVE-2019-15788 (Clara Genomics Analysis before 0.2.0 has an integer overflow for cudap ...)
	NOT-FOR-US: Clara Genomics Analysis
CVE-2019-15787 (libZetta.rs through 0.1.2 has an integer overflow in the zpool parser  ...)
	NOT-FOR-US: libzetta-rs
CVE-2019-15786 (ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large ...)
	NOT-FOR-US: ROBOTIS Dynamixel SDK
CVE-2019-15785 (FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_L ...)
	- fontforge <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/fontforge/fontforge/pull/3886
CVE-2019-15784 (Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array ov ...)
	- srt 1.4.0-1 (bug #939040)
	NOTE: https://github.com/Haivision/srt/pull/811
CVE-2019-15783 (Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. ...)
	- lute-tab <itp> (bug #825785)
CVE-2019-15782 (WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or ...)
	NOT-FOR-US: WebTorrent
CVE-2019-15781 (The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. ...)
	NOT-FOR-US: facebook-by-weblizar plugin for WordPress
CVE-2019-15780 (The formidable plugin before 4.02.01 for WordPress has unsafe deserial ...)
	NOT-FOR-US: formidable plugin for WordPress
CVE-2019-15779 (The insta-gallery plugin before 2.4.8 for WordPress has no nonce valid ...)
	NOT-FOR-US: insta-gallery plugin for WordPress
CVE-2019-15778 (The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. ...)
	NOT-FOR-US: woo-variation-gallery plugin for WordPress
CVE-2019-15777 (The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/a ...)
	NOT-FOR-US: shapepress-dsgvo plugin for WordPress
CVE-2019-15776 (The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for W ...)
	NOT-FOR-US: simple-301-redirects-addon-bulk-uploader plugin for WordPress
CVE-2019-15775 (The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX act ...)
	NOT-FOR-US: nd-learning plugin for WordPress
CVE-2019-15774 (The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX acti ...)
	NOT-FOR-US: nd-booking plugin for WordPress
CVE-2019-15773 (The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX actio ...)
	NOT-FOR-US: nd-travel plugin for WordPress
CVE-2019-15772 (The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX ac ...)
	NOT-FOR-US: nd-donations plugin for WordPress
CVE-2019-15771 (The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX a ...)
	NOT-FOR-US: nd-shortcodes plugin for WordPress
CVE-2019-15770 (The woo-address-book plugin before 1.6.0 for WordPress has save calls  ...)
	NOT-FOR-US: woo-address-book plugin for WordPress
CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via a ...)
	NOT-FOR-US: handl-utm-grabber plugin for WordPress
CVE-2019-15768
	RESERVED
CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
	- gnuchess <unfixed> (unimportant; bug #936023)
	NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
	NOTE: Neutralised by toolchain hardening, no security impact
CVE-2019-15766 (The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android al ...)
	NOT-FOR-US: KSLABS KSWEB
CVE-2019-15765
	RESERVED
CVE-2019-15764
	RESERVED
CVE-2019-15763
	RESERVED
CVE-2019-15762
	RESERVED
CVE-2019-15761
	RESERVED
CVE-2019-15760
	RESERVED
CVE-2019-15759 (An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ...)
	- binaryen 89-1 (unimportant; bug #936024)
	NOTE: https://github.com/WebAssembly/binaryen/issues/2288
	NOTE: Crash in CLI tool, no security impact
CVE-2019-15758 (An issue was discovered in Binaryen 1.38.32. Missing validation rules  ...)
	- binaryen 89-1 (unimportant; bug #936024)
	NOTE: https://github.com/WebAssembly/binaryen/issues/2288
	NOTE: Crash in CLI tool, no security impact
CVE-2019-15757 (libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG par ...)
	NOT-FOR-US: libMirage
CVE-2019-15756
	RESERVED
CVE-2019-15755
	RESERVED
CVE-2019-15754
	RESERVED
CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC ...)
	- python-os-vif 1.15.2-1 (low; bug #939288)
	[buster] - python-os-vif <not-affected> (Vulnerable code introduced in 1.15.0)
	[stretch] - python-os-vif <not-affected> (Vulnerable code introduced in 1.15.0)
	NOTE: https://security.openstack.org/ossa/OSSA-2019-004.html
	NOTE: https://launchpad.net/bugs/1837252
CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to  ...)
	- docker.io <not-affected> (Issue specific to Docker for Windows)
CVE-2018-21007 (The woo-confirmation-email plugin before 3.2.0 for WordPress has no bl ...)
	NOT-FOR-US: woo-confirmation-email plugin for WordPress
CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...)
	- nmap 7.80+dfsg1-1 (unimportant)
	NOTE: https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad
	NOTE: https://github.com/nmap/nmap/issues/1077
	NOTE: https://github.com/nmap/nmap/issues/1227
	NOTE: Crash in CLI tool, no security impact
CVE-2019-15751 (An unrestricted file upload vulnerability in SITOS six Build v6.2.1 al ...)
	NOT-FOR-US: SITOS
CVE-2019-15750 (A Cross-Site Scripting (XSS) vulnerability in the blog function in SIT ...)
	NOT-FOR-US: SITOS
CVE-2019-15749 (SITOS six Build v6.2.1 allows a user to change their password and reco ...)
	NOT-FOR-US: SITOS
CVE-2019-15748 (SITOS six Build v6.2.1 permits unauthorised users to upload and import ...)
	NOT-FOR-US: SITOS
CVE-2019-15747 (SITOS six Build v6.2.1 allows a user with the user role of Seminar Coo ...)
	NOT-FOR-US: SITOS
CVE-2019-15746 (SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP comm ...)
	NOT-FOR-US: SITOS
CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...)
	NOT-FOR-US: Eques elf smart plug
CVE-2019-15744 (The Sony Xperia Xperia XZs Android device with a build fingerprint of  ...)
	NOT-FOR-US: Sony
CVE-2019-15743 (The Sony Xperia Touch Android device with a build fingerprint of Sony/ ...)
	NOT-FOR-US: Sony
CVE-2019-15742 (A local privilege-escalation vulnerability exists in the Poly Plantron ...)
	NOT-FOR-US: Poly Plantronics Hub
CVE-2019-15741 (An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsaf ...)
	NOT-FOR-US: GitLab Omnibus
CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise Edition 7.9 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15739 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15738 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
	- gitlab <not-affected> (Only affects 12.0 and later)
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15737 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15736 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15735
	RESERVED
CVE-2019-15734 (An issue was discovered in GitLab Community and Enterprise Edition 8.6 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15733 (An issue was discovered in GitLab Community and Enterprise Edition 7.1 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15732 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
	- gitlab <not-affected> (Only affects 12.2 and later)
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15731 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
	- gitlab <not-affected> (Only affects 12.0 and later)
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15729 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15728 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15727 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15726 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15725 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
	- gitlab <not-affected> (only affects 12.0 and later)
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15724 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects 11.10 and later)
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15723 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects versions 11.9.4-11.10.0)
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15722 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...)
	NOT-FOR-US: CloudBerry Backup
CVE-2019-15719 (Altair PBS Professional through 19.1.2 allows Privilege Escalation bec ...)
	NOT-FOR-US: Altair PBS Professional
CVE-2019-15718 (In systemd 240, bus_open_system_watch_bind_with_description in shared/ ...)
	- systemd 242-7 (bug #939353)
	[buster] - systemd 241-7~deb10u2
	[stretch] - systemd <not-affected> (Vulnerable code introduced later)
	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/03/1
	NOTE: https://github.com/systemd/systemd/pull/13457
	NOTE: https://github.com/systemd/systemd/commit/35e528018f315798d3bffcb592b32a0d8f5162bd
CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends  ...)
	- irssi 1.2.2-1 (bug #936074)
	[buster] - irssi <no-dsa> (Minor issue)
	[stretch] - irssi <not-affected> (Vulnerable code not present)
	[jessie] - irssi <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/29/3
	NOTE: https://irssi.org/security/irssi_sa_2019_08.txt
	NOTE: https://github.com/irssi/irssi/commit/5a4e7ab659aba2855895c9f43e9a7a131f4e89b3
CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, which mi ...)
	NOT-FOR-US: wtfutil
CVE-2019-15715 (MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command I ...)
	- mantis <removed>
CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \  ...)
	NOT-FOR-US: Entropic
CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
	NOT-FOR-US: my-calendar plugin for WordPress
CVE-2017-18593 (The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cas ...)
	NOT-FOR-US: updraftplus plugin for WordPress
CVE-2015-9379 (iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9378 (iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9377 (iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via ad ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9376 (iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg()  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9375 (Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordP ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9374 (Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9373 (PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9372 (Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9371 (Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPres ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9370 (Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9369 (Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordP ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9368 (Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9367 (Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9366 (Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordP ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9365 (Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress h ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9364 (2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has X ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9363 (iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9362 (The Post Connector plugin before 1.0.4 for WordPress has XSS via add_q ...)
	NOT-FOR-US: Post Connector plugin for WordPress
CVE-2015-9361 (The Related Posts plugin before 1.8.2 for WordPress has XSS via add_qu ...)
	NOT-FOR-US: Related Posts plugin for WordPress
CVE-2015-9360 (The updraftplus plugin before 1.9.64 for WordPress has XSS via add_que ...)
	NOT-FOR-US: updraftplus plugin for WordPress
CVE-2015-9359 (The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_ar ...)
	NOT-FOR-US: Jetpack plugin for WordPress
CVE-2015-9358 (The feedwordpress plugin before 2015.0514 for WordPress has XSS via ad ...)
	NOT-FOR-US: feedwordpress plugin for WordPress
CVE-2015-9357 (The akismet plugin before 3.1.5 for WordPress has XSS. ...)
	NOT-FOR-US: akismet plugin for WordPress
CVE-2015-9356 (The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_quer ...)
	NOT-FOR-US: wp-vipergb plugin for WordPress
CVE-2015-9355 (The two-factor-authentication plugin before 1.1.10 for WordPress has X ...)
	NOT-FOR-US: two-factor-authentication plugin for WordPress
CVE-2015-9354 (The gigpress plugin before 2.3.11 for WordPress has XSS. ...)
	NOT-FOR-US: gigpress plugin for WordPress
CVE-2015-9353 (The gigpress plugin before 2.3.11 for WordPress has SQL injection in t ...)
	NOT-FOR-US: gigpress plugin for WordPress
CVE-2012-6719 (The sharebar plugin before 1.2.2 for WordPress has SQL injection. ...)
	NOT-FOR-US: sharebar plugin for WordPress
CVE-2012-6718 (The sharebar plugin before 1.2.2 for WordPress has XSS, a different is ...)
	NOT-FOR-US: sharebar plugin for WordPress
CVE-2012-6717 (The redirection plugin before 2.2.12 for WordPress has XSS, a differen ...)
	NOT-FOR-US: redirection plugin for WordPress
CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in the admin ...)
	NOT-FOR-US: redirection plugin for WordPress
CVE-2019-15712 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
	NOT-FOR-US: FortiMail admin webUI
CVE-2019-15711 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...)
	NOT-FOR-US: Fortiguard FortiClient
CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...)
	NOT-FOR-US: FortiExtender
CVE-2019-15709 (An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and ...)
	NOT-FOR-US: Fortiguard
CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...)
	NOT-FOR-US: Fortiguard
CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
	NOT-FOR-US: FortiMail admin webUI
CVE-2019-15706
	RESERVED
CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2019-15704 (A clear text storage of sensitive information vulnerability in FortiCl ...)
	NOT-FOR-US: Fortinet
CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2. ...)
	NOT-FOR-US: Fortinet
CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
	NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...)
	NOT-FOR-US: BloodHound
CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...)
	NOT-FOR-US: Frappe Framework
CVE-2019-15699 (An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon rec ...)
	- suricata 1:4.1.5-1 (low)
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (Vulnerable code introduced later)
	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...)
	NOT-FOR-US: Octopus Deploy
CVE-2019-15697
	RESERVED
CVE-2019-15696
	RESERVED
CVE-2019-15695 (TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflo ...)
	- tigervnc 1.10.1+dfsg-1 (bug #947428)
	[buster] - tigervnc 1.9.0+dfsg-3+deb10u1
	[stretch] - tigervnc 1.7.0+dfsg-7+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
	NOTE: https://github.com/TigerVNC/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89 (master)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/6c47340e095258a959c95db9aa2a6c715d62bf7c (v1.10.1)
CVE-2019-15694 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...)
	- tigervnc 1.10.1+dfsg-1 (bug #947428)
	[buster] - tigervnc 1.9.0+dfsg-3+deb10u1
	[stretch] - tigervnc 1.7.0+dfsg-7+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
	NOTE: https://github.com/TigerVNC/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 (master)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/f287032d3643a6437f7de0ed35f4c45bb735522d (v1.10.1)
CVE-2019-15693 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...)
	- tigervnc 1.10.1+dfsg-1 (bug #947428)
	[buster] - tigervnc 1.9.0+dfsg-3+deb10u1
	[stretch] - tigervnc 1.7.0+dfsg-7+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
	NOTE: https://github.com/TigerVNC/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 (master)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/46c081926efd83c90a45c0a96b1b5bc1927e1346 (v1.10.1)
CVE-2019-15692 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...)
	- tigervnc 1.10.1+dfsg-1 (bug #947428)
	[buster] - tigervnc 1.9.0+dfsg-3+deb10u1
	[stretch] - tigervnc 1.7.0+dfsg-7+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
	NOTE: https://github.com/TigerVNC/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 (master)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/ff08ca78b24b5a4ed5263245c7ce8744059ff4ad (v1.10.1)
CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-retu ...)
	- tigervnc 1.10.1+dfsg-1 (bug #947428)
	[buster] - tigervnc 1.9.0+dfsg-3+deb10u1
	[stretch] - tigervnc 1.7.0+dfsg-7+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
	NOTE: https://github.com/TigerVNC/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 (master)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1)
CVE-2019-15690
	RESERVED
	{DLA-2146-1}
	- libvncserver 0.9.12+dfsg-9 (bug #954163)
	[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3
	[stretch] - libvncserver <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
	NOTE: https://github.com/LibVNC/libvncserver/issues/381
	NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky To ...)
	NOT-FOR-US: Kaspersky
CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
	NOT-FOR-US: Kaspersky
CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
	NOT-FOR-US: Kaspersky
CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
	NOT-FOR-US: Kaspersky
CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
	NOT-FOR-US: Kaspersky
CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to  ...)
	NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome
CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...)
	NOT-FOR-US: TurboVNC
CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...)
	{DSA-4473-1 DLA-1837-1}
	- rdesktop 1.8.6-1
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/
CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...)
	{DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1977-1}
	[experimental] - libvncserver 0.9.12+dfsg-1
	- libvncserver 0.9.12+dfsg-3 (low; bug #943793)
	[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u1
	[stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u2
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- vino 3.22.0-6 (bug #945784)
	[buster] - vino <no-dsa> (Minor issue)
	[stretch] - vino <no-dsa> (Minor issue)
	NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...)
	{DLA-2045-1}
	- tightvnc 1:1.3.9-9.1 (unimportant; bug #945364)
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- italc <removed> (unimportant)
	- libvncserver <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
	NOTE: https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1
	NOTE: Non-issue in libvncserver's case: https://github.com/LibVNC/libvncserver/issues/359#issuecomment-599202068
CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...)
	{DLA-2045-1}
	- tightvnc 1:1.3.9-9.1 (bug #945364)
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
	NOTE: part of CVE-2018-20748/libvncserver
CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...)
	{DLA-2045-1}
	- tightvnc 1:1.3.9-9.1 (bug #945364)
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
	NOTE: part of CVE-2018-20748/libvnvserver
CVE-2019-15677
	RESERVED
CVE-2019-15676
	RESERVED
CVE-2019-15675
	RESERVED
CVE-2019-15674
	RESERVED
CVE-2019-15673
	RESERVED
CVE-2019-15672
	RESERVED
CVE-2019-15671
	RESERVED
CVE-2019-15670
	RESERVED
CVE-2019-15669
	RESERVED
CVE-2019-15668
	RESERVED
CVE-2019-15667
	RESERVED
CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...)
	{DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux 3.16.72-1
	NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
CVE-2019-15665 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
	NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15664 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
	NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15663 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
	NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15662 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
	NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15661 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
	NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-members plugin for WordPress
CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection,  ...)
	NOT-FOR-US: pie-register plugin for WordPress
CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
	NOT-FOR-US: connect-pg-simple
CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute  ...)
	NOT-FOR-US: eslint-utils
CVE-2019-15656 (D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to  ...)
	NOT-FOR-US: D-Link
CVE-2019-15655 (D-Link DSL-2875AL devices through 1.00.05 are prone to password disclo ...)
	NOT-FOR-US: D-Link
CVE-2019-15654 (Comba AC2400 devices are prone to password disclosure via a simple cra ...)
	NOT-FOR-US: Comba
CVE-2019-15653 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
	NOT-FOR-US: Comba
CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...)
	NOT-FOR-US: NSSLGlobal SatLink VSAT Modem Unit (VMU) devices
CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
	- wolfssl 4.1.0+dfsg-2
	NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
CVE-2019-15650 (The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPr ...)
	NOT-FOR-US: stops-core-theme-and-plugin-updates plugin for WordPress
CVE-2019-15649 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
	NOT-FOR-US: insert-or-embed-articulate-content-into-wordpress plugin for WordPress
CVE-2019-15648 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
	NOT-FOR-US: insert-or-embed-articulate-content-into-wordpress plugin for WordPress
CVE-2019-15647 (The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-aj ...)
	NOT-FOR-US: groundhogg plugin for WordPress
CVE-2019-15646 (The rsvpmaker plugin before 6.2 for WordPress has SQL injection. ...)
	NOT-FOR-US: rsvpmaker plugin for WordPress
CVE-2019-15645 (The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. ...)
	NOT-FOR-US: zoho-salesiq plugin for WordPress
CVE-2019-15644 (The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. ...)
	NOT-FOR-US: zoho-salesiq plugin for WordPress
CVE-2019-15643 (The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. ...)
	NOT-FOR-US: ultimate-faqs plugin for WordPress
CVE-2018-21006 (The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. ...)
	NOT-FOR-US: bbp-move-topics plugin for WordPress
CVE-2018-21005 (The bbp-move-topics plugin before 1.1.6 for WordPress has code injecti ...)
	NOT-FOR-US: bbp-move-topics plugin for WordPress
CVE-2018-21004 (The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. ...)
	NOT-FOR-US: rsvpmaker plugin for WordPress
CVE-2018-21003 (The buddyforms plugin before 2.2.8 for WordPress has SQL injection. ...)
	NOT-FOR-US: buddyforms plugin for WordPress
CVE-2018-21002 (The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. ...)
	NOT-FOR-US: js-support-ticket plugin for WordPress
CVE-2018-21001 (The anycomment plugin before 0.0.33 for WordPress has XSS. ...)
	NOT-FOR-US: anycomment plugin for WordPress
CVE-2017-18592 (The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has  ...)
	NOT-FOR-US: woocommerce-catalog-enquiry plugin for WordPress
CVE-2017-18591 (The gd-rating-system plugin before 2.1 for WordPress has XSS in log.ph ...)
	NOT-FOR-US: gd-rating-system plugin for WordPress
CVE-2017-18590 (The timesheet plugin before 0.1.5 for WordPress has multiple XSS issue ...)
	NOT-FOR-US: timesheet plugin for WordPress
CVE-2016-10936 (The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll b ...)
	NOT-FOR-US: wp-polls plugin for WordPress
CVE-2016-10935 (The woocommerce-exporter plugin before 1.8.4 for WordPress has privile ...)
	NOT-FOR-US: woocommerce-exporter plugin for WordPress
CVE-2016-10934 (The check-email plugin before 0.5.2 for WordPress has XSS. ...)
	NOT-FOR-US: check-email plugin for WordPress
CVE-2015-9352 (The wp-polls plugin before 2.72 for WordPress has SQL injection. ...)
	NOT-FOR-US: wp-polls plugin for WordPress
CVE-2015-9351 (The feed-them-social plugin before 1.7.0 for WordPress has possible sh ...)
	NOT-FOR-US: feed-them-social plugin for WordPress
CVE-2015-9350 (The feed-them-social plugin before 1.7.0 for WordPress has reflected X ...)
	NOT-FOR-US: feed-them-social plugin for WordPress
CVE-2015-9349 (The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has ref ...)
	NOT-FOR-US: ckeditor-for-wordpress plugin for WordPress
CVE-2015-9348 (The sell-downloads plugin before 1.0.8 for WordPress has insufficient  ...)
	NOT-FOR-US: sell-downloads plugin for WordPress
CVE-2015-9347 (The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. ...)
	NOT-FOR-US: wp-plotly plugin for WordPress
CVE-2015-9346 (The cp-polls plugin before 1.0.5 for WordPress has XSS. ...)
	NOT-FOR-US: cp-polls plugin for WordPress
CVE-2015-9345 (The link-log plugin before 2.0 for WordPress has HTTP Response Splitti ...)
	NOT-FOR-US: link-log plugin for WordPress
CVE-2015-9344 (The link-log plugin before 2.1 for WordPress has SQL injection. ...)
	NOT-FOR-US: link-log plugin for WordPress
CVE-2015-9343 (The wp-rollback plugin before 1.2.3 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-rollback plugin for WordPress
CVE-2015-9342 (The wp-rollback plugin before 1.2.3 for WordPress has XSS. ...)
	NOT-FOR-US: wp-rollback plugin for WordPress
CVE-2014-10395 (The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes li ...)
	NOT-FOR-US: cp-polls plugin for WordPress
CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...)
	- webmin <removed>
CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...)
	- webmin <removed>
CVE-2019-15640 (Limesurvey before 3.17.10 does not validate both the MIME type and fil ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-15639 (main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remot ...)
	- asterisk <not-affected> (Vulnerable code introduced later)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-005.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28499
	NOTE: Issue was introduced specifically only in versions 13.28.0 and 16.5.0 upstream
	NOTE: and got fixed in 13.28.1 respectively 16.5.1.
CVE-2019-15638 (COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Searc ...)
	NOT-FOR-US: COPA-DATA zenone32 zenon Editor
CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...)
	NOT-FOR-US: Tableau
CVE-2019-15636
	RESERVED
CVE-2019-15635 (An issue was discovered in Grafana 5.4.0. Passwords for data sources u ...)
	- grafana <removed>
CVE-2019-15634
	RESERVED
CVE-2019-15633
	RESERVED
CVE-2019-15632
	RESERVED
CVE-2019-15631 (Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API ...)
	NOT-FOR-US: MuleSoft
CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider com ...)
	NOT-FOR-US: MuleSoft
CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is ...)
	NOT-FOR-US: Trend Micro
CVE-2019-15628 (Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affecte ...)
	NOT-FOR-US: Trend Micro
CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent ar ...)
	NOT-FOR-US: Trend Micro
CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 12.0),  ...)
	NOT-FOR-US: Deep Security Manager application (Trend Micro)
CVE-2019-15625 (A memory usage vulnerability exists in Trend Micro Password Manager 3. ...)
	NOT-FOR-US: Trend Micro
CVE-2019-15624 (Improper Input Validation in Nextcloud Server 15.0.7 allows group admi ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15623 (Exposure of Private Information in Nextcloud Server 16.0.1 causes the  ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app 3.6.0 al ...)
	NOT-FOR-US: Nextcloud Android App
CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1 causes sh ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the existance an ...)
	NOT-FOR-US: Nextcloud Talk
CVE-2019-15619 (Improper neutralization of file names, conversation names and board na ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a  ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker to set  ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS pollution w ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0 causes a by ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when opening  ...)
	NOT-FOR-US: Nextcloud iOS App
CVE-2019-15613 (A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend t ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be c ...)
	- nextcloud-server <itp> (bug #941708)
CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0 causes the ...)
	NOT-FOR-US: Nextcloud iOS App
CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retaining acce ...)
	NOT-FOR-US: Circles app
CVE-2019-15609 (The kill-port-process package version &lt; 2.2.0 is vulnerable to a Co ...)
	NOT-FOR-US: Node kill-port-process
CVE-2019-15608 (The package integrity validation in yarn &lt; 1.19.0 contains a TOCTOU ...)
	- node-yarnpkg 1.19.1-1
	NOTE: https://hackerone.com/reports/703138
CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: &lt;=  ...)
	NOT-FOR-US: node-red
CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...)
	{DSA-4669-1}
	- nodejs 10.19.0~dfsg-1
	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://hackerone.com/reports/730779
	NOTE: https://github.com/nodejs/node/commit/2eee90e959ca4abaf53caf238d063c396f2ea17c (v10.19.0)
CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...)
	{DSA-4669-1}
	- nodejs 10.19.0~dfsg-1
	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
	[experimental] - http-parser 2.9.3-1
	- http-parser <unfixed>
	[jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
	NOTE: https://hackerone.com/reports/735748
	NOTE: https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b (http-parser)
	NOTE: nodejs/10.19.0~dfsg-1 contains both the source fix but switches as well
	NOTE: back to use shared libhttp-parser again.
CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...)
	{DSA-4669-1}
	- nodejs 10.19.0~dfsg-1
	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://hackerone.com/reports/746733
	NOTE: https://github.com/nodejs/node/commit/f940bee3b7da865e28093472dee9ce664f273f6d (v10.19.0)
CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...)
	NOT-FOR-US: seefl
CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...)
	NOT-FOR-US: fileview
CVE-2019-15601
	REJECTED
CVE-2019-15600 (A Path traversal exists in http_server which allows an attacker to rea ...)
	NOT-FOR-US: Node module http_server
CVE-2019-15599 (A Code Injection exists in tree-kill on Windows which allows a remote  ...)
	NOT-FOR-US: Node module tree-kill
CVE-2019-15598 (A Code Injection exists in treekill on Windows which allows a remote c ...)
	NOT-FOR-US: Node module treekill
CVE-2019-15597 (A code injection exists in node-df v0.1.4 that can allow an attacker t ...)
	NOT-FOR-US: Node module node-df
CVE-2019-15596 (A path traversal in statics-server exists in all version that allows a ...)
	NOT-FOR-US: Node module statics-server
CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =&lt;3.10.6 th ...)
	NOT-FOR-US: UniFi Video Controller
CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that allows a  ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to  ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/557154
	NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows  ...)
	[experimental] - gitlab 12.0.8-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15591 (An improper access control vulnerability exists in GitLab &lt;12.3.3 t ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/676976
CVE-2019-15590 (An access control issue exists in &lt; 12.3.5, &lt; 12.2.8, and &lt; 1 ...)
	- gitlab <not-affected> (Only affects GitLab EE 11.5 and later)
	NOTE: https://hackerone.com/reports/701144
	NOTE: https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/
CVE-2019-15589 (An improper access control vulnerability exists in Gitlab &lt;v12.3.2, ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/497047
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager &lt;= 2.1 ...)
	NOT-FOR-US: Nexus Repository Manager
CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...)
	{DSA-4554-1}
	- ruby-loofah 2.3.1+dfsg-1 (bug #942894)
	NOTE: https://github.com/flavorjones/loofah/issues/171
CVE-2019-15586 (A XSS exists in Gitlab CE/EE &lt; 12.1.10 in the Mermaid plugin. ...)
	- gitlab <not-affected> (Only affects Gitlab 12.1)
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15585 (Improper authentication exists in &lt; 12.3.2, &lt; 12.2.6, and &lt; 1 ...)
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15584 (A denial of service exists in gitlab &lt;v12.3.2, &lt;v12.2.6, and &lt ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/670572
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15583 (An information disclosure exists in &lt; 12.3.2, &lt; 12.2.6, and &lt; ...)
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15582 (An IDOR was discovered in &lt; 12.3.2, &lt; 12.2.6, and &lt; 12.1.12 f ...)
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15581 (An IDOR exists in &lt; 12.3.2, &lt; 12.2.6, and &lt; 12.1.12 for GitLa ...)
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com &lt;v12.3.2 ...)
	- gitlab <not-affected> (Only affects EE)
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15579 (An information disclosure exists in &lt; 12.3.2, &lt; 12.2.6, and &lt; ...)
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15578 (An information disclosure exists in &lt; 12.3.2, &lt; 12.2.6, and &lt; ...)
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE &lt;v12 ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/636560
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE &lt;v12 ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/633001
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15575 (A command injection exists in GitLab CE/EE &lt;v12.3.2, &lt;v12.2.6, a ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/682442
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...)
	NOT-FOR-US: Gesior-AAC
CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...)
	NOT-FOR-US: Gesior-AAC
CVE-2019-15572 (Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in ...)
	NOT-FOR-US: Gesior-AAC
CVE-2019-15571 (The WEB control panel before 2019-04-30 for ClonOS allows SQL injectio ...)
	NOT-FOR-US: WEB control panel for ClonOS
CVE-2019-15570 (BEdita through 4.0.0-RC2 allows SQL injection during a save operation  ...)
	NOT-FOR-US: BEdita
CVE-2019-15569 (HM Courts &amp; Tribunals ccd-data-store-api before 2019-06-10 allows  ...)
	NOT-FOR-US: HM Courts
CVE-2019-15568 (idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform  ...)
	NOT-FOR-US: idseq-web
CVE-2019-15567 (OpenForis Arena before 2019-05-07 allows SQL injection in the sorting  ...)
	NOT-FOR-US: OpenForis Arena
CVE-2019-15566 (The Alfresco application before 1.8.7 for Android allows SQL injection ...)
	NOT-FOR-US: Alfresco application for Android
CVE-2019-15565 (The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection ...)
	NOT-FOR-US: PrestaShop
CVE-2019-15564 (The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection ...)
	NOT-FOR-US: Compassion Switzerland addons for Odoo
CVE-2019-15563 (Observational Health Data Sciences and Informatics (OHDSI) WebAPI befo ...)
	NOT-FOR-US: Observational Health Data Sciences and Informatics
CVE-2019-15562 (GORM before 1.9.10 allows SQL injection via incomplete parentheses. ...)
	NOT-FOR-US: GORM
CVE-2019-15561 (FlashLingo before 2019-06-12 allows SQL injection, related to flashlin ...)
	NOT-FOR-US: FlashLingo
CVE-2019-15560 (The Reviews Module before 2019-06-14 for OpenSource Table allows SQL i ...)
	NOT-FOR-US: OpenSource Table addon
CVE-2019-15559 (DianoxDragon Hawn before 2019-07-10 allows SQL injection. ...)
	NOT-FOR-US: DianoxDragon Hawn
CVE-2019-15558 (XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, rel ...)
	NOT-FOR-US: XM^online 2
CVE-2019-15557 (XM^online 2 User Account and Authentication server 1.0.0 allows SQL in ...)
	NOT-FOR-US: XM^online 2
CVE-2019-15556 (Pvanloon1983 social_network before 2019-07-03 allows SQL injection in  ...)
	NOT-FOR-US: Pvanloon1983
CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection, relat ...)
	NOT-FOR-US: FredReinink Wellness-app
CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
	- rust-smallvec 0.6.10-1
	[buster] - rust-smallvec <no-dsa> (Minor issue)
	NOTE: https://github.com/servo/rust-smallvec/issues/149
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0012.html
CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust.  ...)
	- rust-memoffset 0.5.1-1 (bug #936025)
	[buster] - rust-memoffset <no-dsa> (Minor issue)
	NOTE: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0011.html
CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for Rust.  ...)
	- rust-libflate 0.1.25-1
	[buster] - rust-libflate <no-dsa> (Minor issue)
	NOTE: https://github.com/sile/libflate/issues/35
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
	- rust-smallvec 0.6.10-1
	[buster] - rust-smallvec <no-dsa> (Minor issue)
	NOTE: https://github.com/servo/rust-smallvec/issues/148
	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html
CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...)
	NOT-FOR-US: Rust crate simd-json
CVE-2019-15549 (An issue was discovered in the asn1_der crate before 0.6.2 for Rust. A ...)
	NOT-FOR-US: Rust crate asn1_der
CVE-2019-15548 (An issue was discovered in the ncurses crate through 5.99.0 for Rust.  ...)
	NOT-FOR-US: Rust crate ncurses
CVE-2019-15547 (An issue was discovered in the ncurses crate through 5.99.0 for Rust.  ...)
	NOT-FOR-US: Rust crate ncurses
CVE-2019-15546 (An issue was discovered in the pancurses crate through 0.16.1 for Rust ...)
	NOT-FOR-US: Rust crate pancurses
CVE-2019-15545 (An issue was discovered in the libp2p-core crate before 0.8.1 for Rust ...)
	NOT-FOR-US: Rust crate libp2p-core
CVE-2019-15544 (An issue was discovered in the protobuf crate before 2.6.0 for Rust. A ...)
	NOT-FOR-US: Rust crate protobuf
CVE-2019-15543 (An issue was discovered in the slice-deque crate before 0.2.0 for Rust ...)
	NOT-FOR-US: Rust crate slice-deque
CVE-2019-15542 (An issue was discovered in the ammonia crate before 2.1.0 for Rust. Th ...)
	NOT-FOR-US: Rust crate ammonia
CVE-2018-21000 (An issue was discovered in the safe-transmute crate before 0.10.1 for  ...)
	- rust-safe-transmute <not-affected> (Fixed with initial upload to archive)
	NOTE: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0013.html
CVE-2018-20999 (An issue was discovered in the orion crate before 0.11.2 for Rust. res ...)
	NOT-FOR-US: Rust crate orion
CVE-2018-20998 (An issue was discovered in the arrayfire crate before 3.6.0 for Rust.  ...)
	NOT-FOR-US: Rust crate arrayfire
CVE-2018-20997 (An issue was discovered in the openssl crate before 0.10.9 for Rust. A ...)
	- rust-openssl <not-affected> (Only affected 0.10.8, which was never in the archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0010.html
CVE-2018-20996 (An issue was discovered in the crossbeam crate before 0.4.1 for Rust.  ...)
	- rust-crossbeam-epoch <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0009.html
CVE-2018-20995 (An issue was discovered in the slice-deque crate before 0.1.16 for Rus ...)
	NOT-FOR-US: Rust crate slice-deque
CVE-2018-20994 (An issue was discovered in the trust-dns-proto crate before 0.5.0-alph ...)
	NOT-FOR-US: Rust crate trust-dns-proto
CVE-2018-20993 (An issue was discovered in the yaml-rust crate before 0.4.1 for Rust.  ...)
	- rust-yaml-rust <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0006.html
CVE-2018-20992 (An issue was discovered in the claxon crate before 0.4.1 for Rust. Uni ...)
	NOT-FOR-US: Rust crate claxon
CVE-2018-20991 (An issue was discovered in the smallvec crate before 0.6.3 for Rust. T ...)
	- rust-smallvec <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0003.html
CVE-2018-20990 (An issue was discovered in the tar crate before 0.4.16 for Rust. Arbit ...)
	- rust-tar <not-affected> (Fixed with initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0002.html
CVE-2018-20989 (An issue was discovered in the untrusted crate before 0.6.2 for Rust.  ...)
	- rust-untrusted <not-affected> (Fixed with initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0001.html
CVE-2017-18589 (An issue was discovered in the cookie crate before 0.7.6 for Rust. Lar ...)
	- rust-cookie <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0005.html
CVE-2017-18588 (An issue was discovered in the security-framework crate before 0.1.12  ...)
	- rust-security-framework-sys <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0003.html
CVE-2017-18587 (An issue was discovered in the hyper crate before 0.9.18 for Rust. It  ...)
	- rust-hyper <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0002.html
CVE-2016-10933 (An issue was discovered in the portaudio crate through 0.7.0 for Rust. ...)
	NOT-FOR-US: Rust crate portaudio
CVE-2016-10932 (An issue was discovered in the hyper crate before 0.9.4 for Rust on Wi ...)
	- rust-hyper <not-affected> (Fixed before initial upload to archive and Windows-specific anyway)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0002.html
CVE-2016-10931 (An issue was discovered in the openssl crate before 0.9.0 for Rust. Th ...)
	- rust-openssl <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0001.html
CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...)
	NOT-FOR-US: Rust crate rustls
CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...)
	NOT-FOR-US: libMirage
CVE-2019-15539 (The proj_doc_edit_page.php Project Documentation feature in MantisBT b ...)
	- mantis <removed>
CVE-2019-15538 (An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in ...)
	{DLA-1919-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.67-2
	[stretch] - linux 4.9.189-2
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee
CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...)
	NOT-FOR-US: SimpleSAMLphp module proxystatistics
CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injec ...)
	NOT-FOR-US: Acclaim block plugin for Moodle
CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...)
	NOT-FOR-US: Tasking Manager
CVE-2019-15534 (Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.upda ...)
	NOT-FOR-US: Raml-Module-Builder
CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php ...)
	NOT-FOR-US: XENFCoreSharp
CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...)
	NOT-FOR-US: CyberChef
CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the  ...)
	{DLA-1904-1}
	- libextractor 1:1.9-2 (bug #935553)
	[buster] - libextractor <no-dsa> (Minor issue)
	[stretch] - libextractor <no-dsa> (Minor issue)
	NOTE: https://bugs.gnunet.org/view.php?id=5846
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a
CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
	NOT-FOR-US: D-Link
CVE-2019-15529 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
	NOT-FOR-US: D-Link
CVE-2019-15528 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
	NOT-FOR-US: D-Link
CVE-2019-15527 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
	NOT-FOR-US: D-Link
CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
	NOT-FOR-US: D-Link
CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...)
	NOT-FOR-US: pw3270 terminal emulator
CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php  ...)
	NOT-FOR-US: CSZ CMS
CVE-2019-15523
	RESERVED
CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...)
	- csync2 2.0-25-gc0faaf9-1 (bug #955445)
	[buster] - csync2 2.0-22-gce67c55-1+deb10u1
	[stretch] - csync2 <no-dsa> (Minor issue)
	[jessie] - csync2 <no-dsa> (Minor issue)
	NOTE: https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1
CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...)
	NOT-FOR-US: Spoon Library
CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...)
	NOT-FOR-US: comelz Quark
CVE-2019-15519 (Power-Response before 2019-02-02 allows directory traversal (up to the ...)
	NOT-FOR-US: Power-Response
CVE-2019-15518 (Swoole before 4.2.13 allows directory traversal in swPort_http_static_ ...)
	NOT-FOR-US: Swoole
CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory trav ...)
	NOT-FOR-US: jc21 Nginx Proxy Manager
CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...)
	NOT-FOR-US: Cuberite
CVE-2019-15515 (Discourse 2.3.2 sends the CSRF token in the query string. ...)
	NOT-FOR-US: Discourse
CVE-2019-15514 (The Privacy &gt; Phone Number feature in the Telegram app 5.10 for And ...)
	NOT-FOR-US: Telegram app for Android and iOS
CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...)
	NOT-FOR-US: OpenWrt libuci
CVE-2019-15512
	RESERVED
CVE-2019-15511 (An exploitable local privilege escalation vulnerability exists in the  ...)
	NOT-FOR-US: GOG Galaxy
CVE-2019-15510 (ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 1 ...)
	NOT-FOR-US: Zoho
CVE-2019-15509
	RESERVED
CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy  ...)
	NOT-FOR-US: Octopus Tentacle
CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request pr ...)
	NOT-FOR-US: Octopus Deploy
CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...)
	NOT-FOR-US: Kaseya Virtual System Administrator (VSA)
CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...)
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCM ...)
	NOT-FOR-US: AltaVoz Prontus
CVE-2019-15502 (The TeamSpeak client before 3.3.2 allows remote servers to trigger a c ...)
	- teamspeak-client <removed>
CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-20 ...)
	NOT-FOR-US: L-Soft LISTSERV
CVE-2019-15500
	RESERVED
CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...)
	NOT-FOR-US: CodiMD
CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows rem ...)
	NOT-FOR-US: Vera Edge Home Controller
CVE-2019-15497 (Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box  ...)
	NOT-FOR-US: Black Box iCOMPEL
CVE-2019-15496 (MyT Project Management 1.5.1 lacks CSRF protection and, for example, a ...)
	NOT-FOR-US: MyT Project Management
CVE-2019-15495
	RESERVED
CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2019-15493 (openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21 ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2019-15492 (openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2019-15489 (laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XS ...)
	NOT-FOR-US: laracom (aka Laravel FREE E-Commerce Software)
CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training  ...)
	NOT-FOR-US: DfE School Experience
CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...)
	- django-js-reverse <not-affected> (Issue introduced in 0.9.0)
	NOTE: https://github.com/ierror/django-js-reverse/pull/81
	NOTE: https://github.com/ierror/django-js-reverse/commit/a3b57d1e4424e2fadabcd526d170c4868d55159c (0.9.1)
CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-15484 (Bolt before 3.6.10 has XSS via an image's alt or title field. ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-15483 (Bolt before 3.6.10 has XSS via a title that is mishandled in the syste ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-15482 (selectize-plugin-a11y before 1.1.0 has XSS via the msg field. ...)
	NOT-FOR-US: selectize-plugin-a11y
CVE-2019-15481 (Kimai v2 before 1.1 has XSS via a timesheet description. ...)
	NOT-FOR-US: Kimai
CVE-2019-15480 (Domoticz 4.10717 has XSS via item.Name. ...)
	- domoticz <itp> (bug #899058)
CVE-2019-15479 (Status Board 1.1.81 has reflected XSS via dashboard.ts. ...)
	NOT-FOR-US: Status Board
CVE-2019-15478 (Status Board 1.1.81 has reflected XSS via logic.ts. ...)
	NOT-FOR-US: Status Board
CVE-2019-15477 (Jooby before 1.6.4 has XSS via the default error handler. ...)
	NOT-FOR-US: Jooby
CVE-2019-15476 (Former before 4.2.1 has XSS via a checkbox value. ...)
	NOT-FOR-US: Former
CVE-2019-15475 (The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc ...)
	NOT-FOR-US: Xiaomi Mi A3 Android device
CVE-2019-15474 (The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/c ...)
	NOT-FOR-US: Xiaomi Cepheus Android device
CVE-2019-15473 (The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaom ...)
	NOT-FOR-US: Xiaomi Mi A2 Lite Android device
CVE-2019-15472 (The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaom ...)
	NOT-FOR-US: Xiaomi Mi A2 Lite Android device
CVE-2019-15471 (The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi ...)
	NOT-FOR-US: Xiaomi Mi Mix 2S Android device
CVE-2019-15470 (The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of ...)
	NOT-FOR-US: Xiaomi Redmi Note 6 Pro Android device
CVE-2019-15469 (The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/ ...)
	NOT-FOR-US: Xiaomi Mi Pad 4 Android device
CVE-2019-15468 (The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaom ...)
	NOT-FOR-US: Xiaomi Mi A2 Lite Android devic
CVE-2019-15467 (The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi ...)
	NOT-FOR-US: Xiaomi Mi Mix 2S Android device
CVE-2019-15466 (The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiao ...)
	NOT-FOR-US: Xiaomi Redmi 6 Pro Android device
CVE-2019-15465 (The Samsung J7 Pro Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15464 (The Samsung J7 Pro Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15463 (The Samsung j7popeltemtr Android device with a build fingerprint of sa ...)
	NOT-FOR-US: Samsung
CVE-2019-15462 (The Samsung J7 Duo Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15461 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15460 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15459 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15458 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15457 (The Samsung J6 Android device with a build fingerprint of samsung/j6lt ...)
	NOT-FOR-US: Samsung
CVE-2019-15456 (The Samsung J6 Android device with a build fingerprint of samsung/j6lt ...)
	NOT-FOR-US: Samsung
CVE-2019-15455 (The Samsung J5 Android device with a build fingerprint of samsung/j5y1 ...)
	NOT-FOR-US: Samsung
CVE-2019-15454 (The Samsung J4 Android device with a build fingerprint of samsung/j4lt ...)
	NOT-FOR-US: Samsung
CVE-2019-15453 (The Samsung J4 Android device with a build fingerprint of samsung/j4lt ...)
	NOT-FOR-US: Samsung
CVE-2019-15452 (The Samsung J3 Android device with a build fingerprint of samsung/j3y1 ...)
	NOT-FOR-US: Samsung
CVE-2019-15451 (The Samsung J3 Android device with a build fingerprint of samsung/j3y1 ...)
	NOT-FOR-US: Samsung
CVE-2019-15450 (The Samsung j3popeltecan Android device with a build fingerprint of sa ...)
	NOT-FOR-US: Samsung
CVE-2019-15449 (The Samsung S7 Edge Android device with a build fingerprint of samsung ...)
	NOT-FOR-US: Samsung
CVE-2019-15448 (The Samsung S7 Edge Android device with a build fingerprint of samsung ...)
	NOT-FOR-US: Samsung
CVE-2019-15447 (The Samsung S7 Edge Android device with a build fingerprint of samsung ...)
	NOT-FOR-US: Samsung
CVE-2019-15446 (The Samsung S7 Android device with a build fingerprint of samsung/hero ...)
	NOT-FOR-US: Samsung
CVE-2019-15445 (The Samsung S7 Android device with a build fingerprint of samsung/hero ...)
	NOT-FOR-US: Samsung
CVE-2019-15444 (The Samsung S7 Android device with a build fingerprint of samsung/hero ...)
	NOT-FOR-US: Samsung
CVE-2019-15443 (The Samsung J7 Max Android device with a build fingerprint of samsung/ ...)
	NOT-FOR-US: Samsung
CVE-2019-15442 (The Samsung on7xelteskt Android device with a build fingerprint of sam ...)
	NOT-FOR-US: Samsung
CVE-2019-15441 (The Samsung on7xeltelgt Android device with a build fingerprint of sam ...)
	NOT-FOR-US: Samsung
CVE-2019-15440 (The Samsung J5 Android device with a build fingerprint of samsung/on5x ...)
	NOT-FOR-US: Samsung
CVE-2019-15439 (The Samsung XCover4 Android device with a build fingerprint of samsung ...)
	NOT-FOR-US: Samsung
CVE-2019-15438 (The Samsung XCover4 Android device with a build fingerprint of samsung ...)
	NOT-FOR-US: Samsung
CVE-2019-15437 (The Samsung XCover4 Android device with a build fingerprint of samsung ...)
	NOT-FOR-US: Samsung
CVE-2019-15436 (The Samsung A8+ Android device with a build fingerprint of samsung/jac ...)
	NOT-FOR-US: Samsung
CVE-2019-15435 (The Samsung A7 Android device with a build fingerprint of samsung/a7y1 ...)
	NOT-FOR-US: Samsung
CVE-2019-15434 (The Samsung A5 Android device with a build fingerprint of samsung/a5y1 ...)
	NOT-FOR-US: Samsung
CVE-2019-15433 (The Samsung A3 Android device with a build fingerprint of samsung/a3y1 ...)
	NOT-FOR-US: Samsung
CVE-2019-15432 (The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6 ...)
	NOT-FOR-US: Evercoss
CVE-2019-15431 (The Evercoss U50A Android device with a build fingerprint of EVERCOSS/ ...)
	NOT-FOR-US: Evercoss
CVE-2019-15430 (The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bl ...)
	NOT-FOR-US: Bluboo
CVE-2019-15429 (The Panasonic ELUGA_I9 Android device with a build fingerprint of Pana ...)
	NOT-FOR-US: Panasonic
CVE-2019-15428 (The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi ...)
	NOT-FOR-US: Xiaomi Mi Note 2 Android device
CVE-2019-15427 (The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/li ...)
	NOT-FOR-US: Xiaomi Mi Mix Android device
CVE-2019-15426 (The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/n ...)
	NOT-FOR-US: Xiaomi 5S Plus Android device
CVE-2019-15425 (The Kata M4s Android device with a build fingerprint of alps/full_hct6 ...)
	NOT-FOR-US: Kata M4s Android device
CVE-2019-15424 (The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL ...)
	NOT-FOR-US: Doogee BL5000 Android device
CVE-2019-15423 (The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO ...)
	NOT-FOR-US: Bluboo Bluboo_S1 Android device
CVE-2019-15422 (The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/M ...)
	NOT-FOR-US: Doogee Mix Android device
CVE-2019-15421 (The Blackview BV7000_Pro Android device with a build fingerprint of Bl ...)
	NOT-FOR-US: The Blackview
CVE-2019-15420 (The Blackview BV9000Pro-F Android device with a build fingerprint of B ...)
	NOT-FOR-US: Blackview
CVE-2019-15419 (The Asus ASUS_X015_1 Android device with a build fingerprint of asus/C ...)
	NOT-FOR-US: Asus
CVE-2019-15418 (The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/C ...)
	NOT-FOR-US: Asus
CVE-2019-15417 (The Tecno Spark Pro Android device with a build fingerprint of TECNO/H ...)
	NOT-FOR-US: Tecno Spark Pro Android device
CVE-2019-15416 (The Sony keyaki_kddi Android device with a build fingerprint of Sony/k ...)
	NOT-FOR-US: Sony
CVE-2019-15415 (The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/v ...)
	NOT-FOR-US: Xiaomi Redmi 5 Android device
CVE-2019-15414 (The Asus ZenFone AR Android device with a build fingerprint of asus/WW ...)
	NOT-FOR-US: Asus
CVE-2019-15413 (The Asus ZenFone 3 Ultra Android device with a build fingerprint of as ...)
	NOT-FOR-US: Asus
CVE-2019-15412 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of a ...)
	NOT-FOR-US: Asus
CVE-2019-15411 (The Asus ZenFone 3 Laser Android device with a build fingerprint of as ...)
	NOT-FOR-US: Asus
CVE-2019-15410 (The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW ...)
	NOT-FOR-US: Asus
CVE-2019-15409 (The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW ...)
	NOT-FOR-US: Asus
CVE-2019-15408 (The Asus ZenFone 5 Lite Android device with a build fingerprint of asu ...)
	NOT-FOR-US: Asus
CVE-2019-15407 (The Asus ASUS_X015_1 Android device with a build fingerprint of asus/C ...)
	NOT-FOR-US: Asus
CVE-2019-15406 (The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/ ...)
	NOT-FOR-US: Asus
CVE-2019-15405 (The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/C ...)
	NOT-FOR-US: Asus
CVE-2019-15404 (The Asus ZenFone Max 4 Android device with a build fingerprint of asus ...)
	NOT-FOR-US: Asus
CVE-2019-15403 (The Asus ZenFone 3s Max Android device with a build fingerprint of asu ...)
	NOT-FOR-US: Asus
CVE-2019-15402 (The Asus ASUS_A002_2 Android device with a build fingerprint of asus/W ...)
	NOT-FOR-US: Asus
CVE-2019-15401 (The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ ...)
	NOT-FOR-US: Asus
CVE-2019-15400 (The Asus ZenFone 3 Ultra Android device with a build fingerprint of as ...)
	NOT-FOR-US: Asus
CVE-2019-15399 (The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW ...)
	NOT-FOR-US: Asus
CVE-2019-15398 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of a ...)
	NOT-FOR-US: Asus
CVE-2019-15397 (The Asus ZenFone Max 4 Android device with a build fingerprint of asus ...)
	NOT-FOR-US: Asus
CVE-2019-15396 (The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_ ...)
	NOT-FOR-US: Asus
CVE-2019-15395 (The Asus ZenFone 3s Max Android device with a build fingerprint of asu ...)
	NOT-FOR-US: Asus
CVE-2019-15394 (The Asus ZenFone 5 Selfie Android device with a build fingerprint of a ...)
	NOT-FOR-US: Asus
CVE-2019-15393 (The Asus ZenFone Live Android device with a build fingerprint of asus/ ...)
	NOT-FOR-US: Asus
CVE-2019-15392 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of A ...)
	NOT-FOR-US: Asus
CVE-2019-15391 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of a ...)
	NOT-FOR-US: Asus
CVE-2019-15390 (The Haier G8 Android device with a build fingerprint of Haier/HM-G559- ...)
	NOT-FOR-US: Haier G8 Android device
CVE-2019-15389 (The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8. ...)
	NOT-FOR-US: Haier A6 Android device
CVE-2019-15388 (The Coolpad 1851 Android device with a build fingerprint of Coolpad/an ...)
	NOT-FOR-US: Coolpad
CVE-2019-15387 (The Archos Core 101 Android device with a build fingerprint of archos/ ...)
	NOT-FOR-US: Archos
CVE-2019-15386 (The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60 ...)
	NOT-FOR-US: Lava
CVE-2019-15385 (The Infinix Note 5 Android device with a build fingerprint of Infinix/ ...)
	NOT-FOR-US: Infinix Note 5 Android device
CVE-2019-15384 (The Elephone A4 Android device with a build fingerprint of Elephone/A4 ...)
	NOT-FOR-US: Elephone
CVE-2019-15383 (The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_S ...)
	NOT-FOR-US: Allview
CVE-2019-15382 (The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_ ...)
	NOT-FOR-US: Cubot Nova
CVE-2019-15381 (The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515 ...)
	NOT-FOR-US: BQ 5515L Android device
CVE-2019-15380 (The Fly Photo Pro Android device with a build fingerprint of Fly/Photo ...)
	NOT-FOR-US: Fly Photo Pro Android device
CVE-2019-15379 (The Walton Primo G3 Android device with a build fingerprint of WALTON/ ...)
	NOT-FOR-US: Walton Primo G3 Android device
CVE-2019-15378 (The Panasonic Eluga Ray 600 Android device with a build fingerprint of ...)
	NOT-FOR-US: Panasonic
CVE-2019-15377 (The Cherry Flare S7 Android device with a build fingerprint of Cherry_ ...)
	NOT-FOR-US: Cherry Flare S7 Android device
CVE-2019-15376 (The Panasonic Eluga Ray 530 Android device with a build fingerprint of ...)
	NOT-FOR-US: Panasonic
CVE-2019-15375 (The Haier G8 Android device with a build fingerprint of Haier/HM-G559- ...)
	NOT-FOR-US: Haier G8 Android device
CVE-2019-15374 (The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/ ...)
	NOT-FOR-US: Lava Iris 88 Lite Android device
CVE-2019-15373 (The Symphony i95 Lite Android device with a build fingerprint of LAVA/ ...)
	NOT-FOR-US: Symphony i95 Lite Android device
CVE-2019-15372 (The Hisense F17 Android device with a build fingerprint of Hisense/F17 ...)
	NOT-FOR-US: Hisense F17 Android device
CVE-2019-15371 (The Symphony G100 Android device with a build fingerprint of Symphony/ ...)
	NOT-FOR-US: Symphony G100 Android device
CVE-2019-15370 (The Haier G8 Android device with a build fingerprint of Haier/HM-G559- ...)
	NOT-FOR-US: Haier G8 Android device
CVE-2019-15369 (The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61 ...)
	NOT-FOR-US: Lava Z61 Turbo Android device
CVE-2019-15368 (The Coolpad 1851 Android device with a build fingerprint of Coolpad/an ...)
	NOT-FOR-US: Coolpad
CVE-2019-15367 (The Haier P10 Android device with a build fingerprint of Haier/P10/P10 ...)
	NOT-FOR-US: Haier P10 Android device
CVE-2019-15366 (The Infinix Note 5 Android device with a build fingerprint of Infinix/ ...)
	NOT-FOR-US: Infinix Note 5 Android device
CVE-2019-15365 (The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8 ...)
	NOT-FOR-US: Lava Z92 Android device
CVE-2019-15364 (The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/B ...)
	NOT-FOR-US: Dexp BL250 Android device
CVE-2019-15363 (The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/P ...)
	NOT-FOR-US: Leagoo Power 5 Android device
CVE-2019-15362 (The Lava Iris 88 Go Android device with a build fingerprint of LAVA/ir ...)
	NOT-FOR-US: Lava Iris 88 Go Android device
CVE-2019-15361 (The Infinix Note 5 Android device with a build fingerprint of Infinix/ ...)
	NOT-FOR-US: Infinix Note 5 Android device
CVE-2019-15360 (The Hisense U965 Android device with a build fingerprint of Hisense/U9 ...)
	NOT-FOR-US: Hisense U965 Android device
CVE-2019-15359 (The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8. ...)
	NOT-FOR-US: Haier A6 Android device
CVE-2019-15358 (The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z25 ...)
	NOT-FOR-US: Dexp Z250 Android device
CVE-2019-15357 (The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A ...)
	NOT-FOR-US: Advan i6A Android device
CVE-2019-15356 (The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z ...)
	NOT-FOR-US: Lava Flair Z1 Android device
CVE-2019-15355 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...)
	NOT-FOR-US: Tecno Camon iClick Android device
CVE-2019-15354 (The Ulefone Armor 5 Android device with a build fingerprint of Ulefone ...)
	NOT-FOR-US: Ulefone Armor 5 Android device
CVE-2019-15353 (The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C ...)
	NOT-FOR-US: Coolpad N3C Android device
CVE-2019-15352 (The Coolpad 1851 Android device with a build fingerprint of Coolpad/an ...)
	NOT-FOR-US: Coolpad 1851 Android device
CVE-2019-15351 (The Tecno Camon Android device with a build fingerprint of TECNO/H622/ ...)
	NOT-FOR-US: Tecno Camon Android device
CVE-2019-15350 (The Tecno Camon Android device with a build fingerprint of TECNO/H622/ ...)
	NOT-FOR-US: Tecno Camon Android device
CVE-2019-15349 (The Tecno Camon Android device with a build fingerprint of TECNO/H612/ ...)
	NOT-FOR-US: Tecno Camon Android device
CVE-2019-15348 (The Tecno Camon Android device with a build fingerprint of TECNO/H612/ ...)
	NOT-FOR-US: Tecno Camon Android device
CVE-2019-15347 (The Tecno Camon iClick 2 Android device with a build fingerprint of TE ...)
	NOT-FOR-US: Tecno Camon iClick 2 Android device
CVE-2019-15346 (The Tecno Camon iClick 2 Android device with a build fingerprint of TE ...)
	NOT-FOR-US: Tecno Camon iClick 2 Android device
CVE-2019-15345 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...)
	NOT-FOR-US: Tecno Camon iClick Android device
CVE-2019-15344 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...)
	NOT-FOR-US: Tecno Camon iClick Android device
CVE-2019-15343 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...)
	NOT-FOR-US: Tecno Camon iClick Android device
CVE-2019-15342 (The Tecno Camon iAir 2 Plus Android device with a build fingerprint of ...)
	NOT-FOR-US: Tecno Camon iAir 2 Plus Android device
CVE-2019-15341 (The Tecno Camon iAir 2 Plus Android device with a build fingerprint of ...)
	NOT-FOR-US: Tecno Camon iAir 2 Plus Android device
CVE-2019-15340 (The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiao ...)
	NOT-FOR-US: Xiaomi Redmi 6 Pro Android device
CVE-2019-15339 (The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60 ...)
	NOT-FOR-US: Lava Z60s Android device
CVE-2019-15338 (The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/ ...)
	NOT-FOR-US: Lava Iris 88 Lite Android device
CVE-2019-15337 (The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8 ...)
	NOT-FOR-US: Lava Z81 Android device
CVE-2019-15336 (The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61 ...)
	NOT-FOR-US: Lava Z61 Turbo Android device
CVE-2019-15335 (The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8 ...)
	NOT-FOR-US: Lava Z92 Android device
CVE-2019-15334 (The Lava Iris 88 Go Android device with a build fingerprint of LAVA/ir ...)
	NOT-FOR-US: Lava Iris 88 Go Android device
CVE-2019-15333 (The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z ...)
	NOT-FOR-US: Lava Flair Z1 Android device
CVE-2019-15332 (The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z ...)
	NOT-FOR-US: Lava Z61 Android device
CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for W ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has insufficient  ...)
	NOT-FOR-US: webp-express plugin for WordPress
CVE-2019-15329 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPre ...)
	NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
CVE-2019-15328 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPre ...)
	NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPre ...)
	NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPre ...)
	NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/1 ...)
	NOT-FOR-US: GalliumOS
CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...)
	NOT-FOR-US: wpgform plugin for WordPress
CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP objec ...)
	NOT-FOR-US: newsletters-lite plugin for WordPress
CVE-2017-18586 (The insert-pages plugin before 3.2.4 for WordPress has directory trave ...)
	NOT-FOR-US: insert-pages plugin for WordPress
CVE-2016-10930 (The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for W ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2015-9341 (The wp-file-upload plugin before 3.4.1 for WordPress has insufficient  ...)
	NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2015-9340 (The wp-file-upload plugin before 3.0.0 for WordPress has insufficient  ...)
	NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2015-9339 (The wp-file-upload plugin before 2.7.1 for WordPress has insufficient  ...)
	NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for WordPress has insufficient  ...)
	NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has JavaScript inje ...)
	NOT-FOR-US: rich-counter plugin for WordPress
CVE-2014-10393 (The cforms2 plugin before 10.5 for WordPress has XSS. ...)
	NOT-FOR-US: cforms2 plugin for WordPress
CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...)
	NOT-FOR-US: cforms2 plugin for WordPress
CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 for Wor ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2014-10390 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2014-10389 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2014-10388 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2014-10387 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2014-10386 (The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScr ...)
	NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2019-15324 (The ad-inserter plugin before 2.4.22 for WordPress has remote code exe ...)
	NOT-FOR-US: ad-inserter plugin for WordPress
CVE-2019-15323 (The ad-inserter plugin before 2.4.20 for WordPress has path traversal. ...)
	NOT-FOR-US: ad-inserter plugin for WordPress
CVE-2019-15322 (The shortcode-factory plugin before 2.8 for WordPress has Local File I ...)
	NOT-FOR-US: shortcode-factory plugin for WordPress
CVE-2019-15321 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...)
	NOT-FOR-US: option-tree plugin for WordPress
CVE-2019-15320 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...)
	NOT-FOR-US: option-tree plugin for WordPress
CVE-2019-15319 (The option-tree plugin before 2.7.0 for WordPress has Object Injection ...)
	NOT-FOR-US: option-tree plugin for WordPress
CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPres ...)
	NOT-FOR-US: yikes-inc-easy-mailchimp-extender plugin for WordPress
CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor name. ...)
	NOT-FOR-US: give plugin for WordPress
CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...)
	NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...)
	NOT-FOR-US: Valve Steam Client for Windows
CVE-2018-20986 (The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields)  ...)
	NOT-FOR-US: advanced-custom-fields plugin for WordPress
CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...)
	NOT-FOR-US: wp-payeezy-pay plugin for WordPress
CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has Object Injec ...)
	NOT-FOR-US: patreon-connect plugin for WordPress
CVE-2018-20983 (The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. ...)
	NOT-FOR-US: wp-retina-2x plugin for WordPress
CVE-2018-20982 (The media-library-assistant plugin before 2.74 for WordPress has XSS v ...)
	NOT-FOR-US: media-library-assistant plugin for WordPress
CVE-2018-20981 (The ninja-forms plugin before 3.3.9 for WordPress has insufficient res ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has parameter tampe ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has privilege esc ...)
	NOT-FOR-US: contact-form-7 plugin for WordPress
CVE-2017-18585 (The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts t ...)
	NOT-FOR-US: posts-in-page plugin for WordPress
CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no permissi ...)
	NOT-FOR-US: post-pay-counter plugin for WordPress
CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP Object  ...)
	NOT-FOR-US: post-pay-counter plugin for WordPress
CVE-2017-18582 (The time-sheets plugin before 1.5.2 for WordPress has multiple XSS iss ...)
	NOT-FOR-US: time-sheets plugin for WordPress
CVE-2017-18581 (The time-sheets plugin before 1.5.0 for WordPress has XSS via the old  ...)
	NOT-FOR-US: time-sheets plugin for WordPress
CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote c ...)
	NOT-FOR-US: shortcodes-ultimate plugin for WordPress
CVE-2017-18579 (The corner-ad plugin before 1.0.8 for WordPress has XSS. ...)
	NOT-FOR-US: corner-ad plugin for WordPress
CVE-2017-18578 (The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. ...)
	NOT-FOR-US: crafty-social-buttons plugin for WordPress
CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the ...)
	NOT-FOR-US: mailchimp-for-wp plugin for WordPress
CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS via the l ...)
	NOT-FOR-US: event-notifier plugin for WordPress
CVE-2017-18575 (The newstatpress plugin before 1.2.5 for WordPress has multiple stored ...)
	NOT-FOR-US: newstatpress plugin for WordPress
CVE-2017-18574 (The ninja-forms plugin before 3.0.31 for WordPress has insufficient HT ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2017-18573 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...)
	NOT-FOR-US: simple-login-log plugin for WordPress
CVE-2017-18572 (The gnucommerce plugin before 1.4.2 for WordPress has XSS. ...)
	NOT-FOR-US: gnucommerce plugin for WordPress
CVE-2017-18571 (The search-everything plugin before 8.1.7 for WordPress has SQL inject ...)
	NOT-FOR-US: search-everything plugin for WordPress
CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL injection in the ...)
	NOT-FOR-US: cforms2 plugin for WordPress
CVE-2016-10929 (The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no ...)
	NOT-FOR-US: advanced-ajax-page-loader plugin for WordPress
CVE-2016-10928 (The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcode ...)
	NOT-FOR-US: onelogin-saml-sso plugin for WordPress
CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in aj ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in aja ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10925 (The peters-login-redirect plugin before 2.9.1 for WordPress has XSS du ...)
	NOT-FOR-US: peters-login-redirect plugin for WordPress
CVE-2016-10924 (The ebook-download plugin before 1.2 for WordPress has directory trave ...)
	NOT-FOR-US: ebook-download plugin for WordPress
CVE-2016-10923 (The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has pr ...)
	NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress
CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has pr ...)
	NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress
CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL in ...)
	NOT-FOR-US: gallery-photo-gallery plugin for WordPress
CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. ...)
	NOT-FOR-US: gnucommerce plugin for WordPress
CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats ...)
	NOT-FOR-US: wassup plugin for WordPress
CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. ...)
	NOT-FOR-US: gallery-by-supsystic plugin for WordPress
CVE-2016-10917 (The search-everything plugin before 8.1.6 for WordPress has SQL inject ...)
	NOT-FOR-US: search-everything plugin for WordPress
CVE-2016-10916 (The appointment-booking-calendar plugin before 1.1.24 for WordPress ha ...)
	NOT-FOR-US: appointment-booking-calendar plugin for WordPress
CVE-2015-9337 (The profile-builder plugin before 2.1.4 for WordPress has no access co ...)
	NOT-FOR-US: profile-builder plugin for WordPress
CVE-2015-9336 (The clean-login plugin before 1.5.1 for WordPress has reflected XSS. ...)
	NOT-FOR-US: clean-login plugin for WordPress
CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL injection ...)
	NOT-FOR-US: limit-attempts plugin for WordPress
CVE-2015-9334 (The email-newsletter plugin through 20.15 for WordPress has SQL inject ...)
	NOT-FOR-US: email-newsletter plugin for WordPress
CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL injection. ...)
	NOT-FOR-US: cforms2 plugin for WordPress
CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress has XSS  ...)
	NOT-FOR-US: memphis-documents-library plugin for WordPress
CVE-2014-10384 (The memphis-documents-library plugin before 3.0 for WordPress has Loca ...)
	NOT-FOR-US: memphis-documents-library plugin for WordPress
CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress has Remo ...)
	NOT-FOR-US: memphis-documents-library plugin for WordPress
CVE-2014-10382 (The feature-comments plugin before 1.2.5 for WordPress has CSRF for fe ...)
	NOT-FOR-US: feature-comments plugin for WordPress
CVE-2013-7483 (The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. ...)
	NOT-FOR-US: slidedeck2 plugin for WordPress
CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. ...)
	NOT-FOR-US: reflex-gallery plugin for WordPress
CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2013-7480 (The events-manager plugin before 5.3.6.1 for WordPress has XSS via the ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2013-7479 (The events-manager plugin before 5.3.9 for WordPress has XSS in the se ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2013-7478 (The events-manager plugin before 5.5 for WordPress has XSS via EM_Tick ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2013-7477 (The events-manager plugin before 5.5.2 for WordPress has XSS in the bo ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2012-6716 (The events-manager plugin before 5.1.7 for WordPress has XSS via JSON  ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has insuffic ...)
	NOT-FOR-US: google-analyticator plugin for WordPress
CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...)
	NOT-FOR-US: tubepress plugin for WordPress
CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...)
	- tikiwiki <removed>
CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2019-15312 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...)
	NOT-FOR-US: Zolo Halo devices
CVE-2019-15311 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...)
	NOT-FOR-US: Zolo Halo devices
CVE-2019-15310 (An issue was discovered on various devices via the Linkplay firmware.  ...)
	NOT-FOR-US: Linkplay
CVE-2019-15309
	RESERVED
CVE-2019-15308
	RESERVED
CVE-2019-15307
	RESERVED
CVE-2019-15306
	RESERVED
CVE-2019-15305
	RESERVED
CVE-2019-15304 (Lierda Grill Temperature Monitor V1.00_50006 has a default password of ...)
	NOT-FOR-US: Lierda Grill Temperature Monitor
CVE-2019-15303
	RESERVED
CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0 allows a  ...)
	NOT-FOR-US: CryptPad
CVE-2019-15301 (A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.C ...)
	NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK
CVE-2019-15300 (A problem was found in Centreon Web through 19.04.3. An authenticated  ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a user c ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated  ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
	- asterisk 1:16.10.0~dfsg-1 (low; bug #940060)
	[buster] - asterisk <no-dsa> (Minor issue)
	[stretch] - asterisk <no-dsa> (Minor issue)
	[jessie] - asterisk <not-affected> (The vulnerable code is not present)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28495
CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1 DLA-1899-1}
	- faad2 2.8.8-3
	NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...)
	NOT-FOR-US: Bitdefender Antivirus Free
CVE-2019-15294 (An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1 ...)
	NOT-FOR-US: Gallagher Command Centre
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
	NOT-FOR-US: ACDSee
CVE-2019-15289
	RESERVED
CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-15287
	RESERVED
CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-15285
	RESERVED
CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-15283
	RESERVED
CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-15281 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-15280 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-15279
	RESERVED
CVE-2019-15278 (A vulnerability in the web-based management interface of Cisco Finesse ...)
	NOT-FOR-US: Cisco
CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-15276 (A vulnerability in the web interface of Cisco Wireless LAN Controller  ...)
	NOT-FOR-US: Cisco
CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-15273 (Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboratio ...)
	NOT-FOR-US: Cisco
CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2019-15271 (A vulnerability in the web-based management interface of certain Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-15268 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-15267
	RESERVED
CVE-2019-15266 (A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-15265 (A vulnerability in the bridge protocol data unit (BPDU) forwarding fun ...)
	NOT-FOR-US: Cisco
CVE-2019-15264 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2019-15263
	RESERVED
CVE-2019-15262 (A vulnerability in the Secure Shell (SSH) session management for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-15261 (A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN pa ...)
	NOT-FOR-US: Cisco
CVE-2019-15260 (A vulnerability in Cisco Aironet Access Points (APs) Software could al ...)
	NOT-FOR-US: Cisco
CVE-2019-15259 (A vulnerability in Cisco Unified Contact Center Express (UCCX) Softwar ...)
	NOT-FOR-US: Cisco
CVE-2019-15258 (A vulnerability in the web-based management interface of Cisco SPA100  ...)
	NOT-FOR-US: Cisco
CVE-2019-15257 (A vulnerability in the web-based management interface of Cisco SPA100  ...)
	NOT-FOR-US: Cisco
CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
	NOT-FOR-US: Cisco
CVE-2019-15255 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-15254
	RESERVED
CVE-2019-15253 (A vulnerability in the web-based management interface of Cisco Digital ...)
	NOT-FOR-US: Cisco
CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15250 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15249 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15248 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15247 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15246 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15245 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15244 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15243 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15242 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15241 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15240 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There is a u ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.184-1
CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
CVE-2019-15290
	REJECTED
CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was ...)
	{DSA-4497-1 DLA-1884-1}
	- linux 4.15.4-1
	NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf
	NOTE: Workaround entry for main entry as the issue never affected upstream version
	NOTE: actually and is specific to the stable versions backports.
CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
	- roundcube <unfixed> (low; bug #949629)
	[buster] - roundcube <no-dsa> (Minor issue)
	[stretch] - roundcube <no-dsa> (Minor issue)
	NOTE: https://github.com/roundcube/roundcubemail/issues/6891
CVE-2019-15236
	RESERVED
CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an att ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-15234 (SHAREit through 4.0.6.177 does not check the full message length from  ...)
	NOT-FOR-US: SHAREit
CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
	NOT-FOR-US: Old Street Live Input Macros app for Confluence
CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
	[experimental] - liblivemedia 2019.08.16-1
	- liblivemedia 2019.10.11-2 (low)
	[buster] - liblivemedia <postponed> (Can be fixed along in future update)
	[stretch] - liblivemedia <postponed> (Can be fixed along in future update)
	[jessie] - liblivemedia <postponed> (Can be fixed along with more important patches)
	NOTE: Fixed upstream in 2019.08.16 according to available information.
CVE-2019-15231
	REJECTED
CVE-2019-15230 (LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Noti ...)
	NOT-FOR-US: LibreNMS
CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of ...)
	NOT-FOR-US: FUEL CMS
CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin conso ...)
	NOT-FOR-US: FUEL CMS
CVE-2019-15227 (FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and User ...)
	NOT-FOR-US: FlightPath
CVE-2019-15226 (Upon receiving each incoming request header data, Envoy will iterate o ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match incoming ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-15224 (The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on  ...)
	- ruby-rest-client <not-affected> (Backdoored version not uploaded to Debian)
CVE-2019-15223 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/0b074ab7fc0d575247b9cc9f93bb7e007ca38840
CVE-2019-15222 (An issue was discovered in the Linux kernel before 5.2.8. There is a N ...)
	- linux <not-affected> (Vulnerable code not present in any released version)
	NOTE: https://git.kernel.org/linus/5d78e1c2b7f4be00bbe62141603a631dc7812f35
CVE-2019-15221 (An issue was discovered in the Linux kernel before 5.1.17. There is a  ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.185-1
	NOTE: https://git.kernel.org/linus/3450121997ce872eb7f1248417225827ea249710
CVE-2019-15220 (An issue was discovered in the Linux kernel before 5.2.1. There is a u ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.189-1
	NOTE: https://git.kernel.org/linus/6e41e2257f1094acc37618bf6c856115374c6922
CVE-2019-15219 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	NOTE: https://git.kernel.org/linus/9a5729f68d3a82786aea110b1bfe610be318f80a
CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	NOTE: https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e
CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There is a N ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e
CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a  ...)
	{DLA-1919-1 DLA-1884-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	NOTE: https://git.kernel.org/linus/ef61eb43ada6c1d6b94668f0f514e4c268093ff3
CVE-2019-15215 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.189-1
	NOTE: https://git.kernel.org/linus/eff73de2b1600ad8230692f00bc0ab49b166512a
CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There is a  ...)
	{DLA-1884-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.184-1
CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
	- linux <unfixed>
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	NOTE: https://git.kernel.org/linus/3864d33943b4a76c6e64616280e98d2410b1190f
CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.189-1
	NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...)
	NOT-FOR-US: all-in-one-schemaorg-rich-snippets plugin for WordPress
CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18567 (The wp-all-import plugin before 3.4.6 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18566 (The user-role plugin before 1.5.6 for WordPress has multiple XSS issue ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18565 (The updater plugin before 1.35 for WordPress has multiple XSS issues. ...)
	NOT-FOR-US: updater plugin for WordPress
CVE-2017-18564 (The sender plugin before 1.2.1 for WordPress has multiple XSS issues. ...)
	NOT-FOR-US: sender plugin for WordPress
CVE-2017-18563 (The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the  ...)
	NOT-FOR-US: rsvp plugin for WordPress
CVE-2017-18562 (The error-log-viewer plugin before 1.0.6 for WordPress has multiple XS ...)
	NOT-FOR-US: error-log-viewer plugin for WordPress
CVE-2017-18561 (The embed-comment-images plugin before 0.6 for WordPress has XSS. ...)
	NOT-FOR-US: embed-comment-images plugin for WordPress
CVE-2017-18560 (The content-audit plugin before 1.9.2 for WordPress has XSS. ...)
	NOT-FOR-US: content-audit plugin for WordPress
CVE-2017-18559 (The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issue ...)
	NOT-FOR-US: cforms2 plugin for WordPress
CVE-2017-18558 (The bws-testimonials plugin before 0.1.9 for WordPress has multiple XS ...)
	NOT-FOR-US: bws-testimonials plugin for WordPress
CVE-2017-18557 (The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS ...)
	NOT-FOR-US: bws-google-maps plugin for WordPress
CVE-2017-18556 (The bws-google-analytics plugin before 1.7.1 for WordPress has multipl ...)
	NOT-FOR-US: bws-google-analytics plugin for WordPress
CVE-2017-18555 (The booking-sms plugin before 1.1.0 for WordPress has XSS. ...)
	NOT-FOR-US: booking-sms plugin for WordPress
CVE-2017-18554 (The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a  ...)
	NOT-FOR-US: analytics-tracker plugin for WordPress
CVE-2017-18553 (The ad-buttons plugin before 2.3.2 for WordPress has XSS. ...)
	NOT-FOR-US: ad-buttons plugin for WordPress
CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10912 (The universal-analytics plugin before 1.3.1 for WordPress has XSS. ...)
	NOT-FOR-US: universal-analytics plugin for WordPress
CVE-2016-10911 (The profile-builder plugin before 2.4.2 for WordPress has multiple XSS ...)
	NOT-FOR-US: profile-builder plugin for WordPress
CVE-2016-10910 (The formbuilder plugin before 1.06 for WordPress has multiple XSS issu ...)
	NOT-FOR-US: formbuilder plugin for WordPress
CVE-2016-10909 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
	NOT-FOR-US: booking-calendar-contact-form plugin for WordPress
CVE-2016-10908 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
	NOT-FOR-US: booking-calendar-contact-form plugin for WordPress
CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9330 (The wp-all-import plugin before 3.2.5 for WordPress has blind SQL inje ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9329 (The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9328 (The profile-builder plugin before 2.2.5 for WordPress has XSS. ...)
	NOT-FOR-US: profile-builder plugin for WordPress
CVE-2015-9327 (The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS ...)
	NOT-FOR-US: flickr-justified-gallery plugin for WordPress
CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-10380 (The profile-builder plugin before 1.1.66 for WordPress has multiple XS ...)
	NOT-FOR-US: profile-builder plugin for WordPress
CVE-2014-10379 (The duplicate-post plugin before 2.6 for WordPress has SQL injection. ...)
	NOT-FOR-US: duplicate-post plugin for WordPress
CVE-2014-10378 (The duplicate-post plugin before 2.6 for WordPress has XSS. ...)
	NOT-FOR-US: duplicate-post plugin for WordPress
CVE-2014-10377 (The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. ...)
	NOT-FOR-US: cforms2 plugin for WordPress
CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...)
	NOT-FOR-US: formbuilder plugin for WordPress
CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...)
	NOT-FOR-US: count-per-day plugin for WordPress
CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-15210
	RESERVED
CVE-2019-15209
	RESERVED
CVE-2019-15208
	RESERVED
CVE-2019-15207
	RESERVED
CVE-2019-15206
	RESERVED
CVE-2019-15205
	RESERVED
CVE-2019-15204
	RESERVED
CVE-2019-15203
	RESERVED
CVE-2019-15202
	RESERVED
CVE-2019-15201
	RESERVED
CVE-2019-15200
	RESERVED
CVE-2019-15199
	RESERVED
CVE-2019-15198
	RESERVED
CVE-2019-15197
	RESERVED
CVE-2019-15196
	RESERVED
CVE-2019-15195
	RESERVED
CVE-2019-15194
	RESERVED
CVE-2019-15193
	RESERVED
CVE-2019-15192
	RESERVED
CVE-2019-15191
	RESERVED
CVE-2019-15190
	RESERVED
CVE-2019-15189
	RESERVED
CVE-2019-15188
	RESERVED
CVE-2019-15187
	RESERVED
CVE-2019-15186
	RESERVED
CVE-2019-15185
	RESERVED
CVE-2019-15184
	RESERVED
CVE-2019-15183
	RESERVED
CVE-2019-15182
	RESERVED
CVE-2019-15181
	RESERVED
CVE-2019-15180
	RESERVED
CVE-2019-15179
	RESERVED
CVE-2019-15178
	RESERVED
CVE-2019-15177
	RESERVED
CVE-2019-15176
	RESERVED
CVE-2019-15175
	RESERVED
CVE-2019-15174
	RESERVED
CVE-2019-15173
	RESERVED
CVE-2019-15172
	RESERVED
CVE-2019-15171
	RESERVED
CVE-2019-15170
	RESERVED
CVE-2019-15169
	RESERVED
CVE-2019-15168
	RESERVED
CVE-2019-15167
	RESERVED
CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 l ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
	{DLA-1967-1}
	- libpcap 1.9.1-1 (low; bug #941697)
	[buster] - libpcap <no-dsa> (Minor issue)
	[stretch] - libpcap <no-dsa> (Minor issue)
	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may  ...)
	- libpcap 1.9.1-1 (unimportant)
	[buster] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[stretch] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[jessie] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
	NOTE: rpcapd not build in Debian.
CVE-2019-15163 (rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a de ...)
	- libpcap 1.9.1-1 (unimportant)
	[buster] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[stretch] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[jessie] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31
	NOTE: rpcapd not build in Debian.
CVE-2019-15162 (rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provi ...)
	- libpcap 1.9.1-1 (unimportant)
	[buster] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[stretch] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[jessie] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58
	NOTE: rpcapd not build in Debian.
CVE-2019-15161 (rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length valu ...)
	- libpcap 1.9.1-1 (unimportant)
	[buster] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[stretch] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	[jessie] - libpcap <not-affected> (Vulnerable code introduced in 1.9.0)
	NOTE: https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea
	NOTE: rpcapd not built in Debian.
CVE-2019-15160 (The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elix ...)
	NOT-FOR-US: SweetXml (aka sweet_xml) package for Erlang and Elixir
CVE-2019-15159
	RESERVED
CVE-2019-15158
	RESERVED
CVE-2019-15157
	RESERVED
CVE-2019-15156
	RESERVED
CVE-2019-15155
	RESERVED
CVE-2019-15154
	RESERVED
CVE-2019-15153
	RESERVED
CVE-2019-15152
	RESERVED
CVE-2019-15151 (AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. ...)
	[experimental] - adplug 2.3.3+dfsg-1
	- adplug <unfixed> (bug #946340)
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/91
CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulner ...)
	NOT-FOR-US: OAuth2 Client MediaWiki extension
CVE-2019-15149 (** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops t ...)
	NOT-FOR-US: Mitogen
CVE-2018-20976 (An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel befo ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 4.18.6-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82
CVE-2017-18552 (An issue was discovered in net/rds/af_rds.c in the Linux kernel before ...)
	- linux 4.11.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/780e982905bef61d13496d9af5310bf4af3a64d3
CVE-2017-18551 (An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux k ...)
	- linux 4.14.17-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux 3.16.56-1
	NOTE: https://git.kernel.org/linus/89c6efa61f5709327ecfa24bff18e57a4e80c7fa
CVE-2017-18550 (An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linu ...)
	- linux 4.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/342ffc26693b528648bdc9377e51e4f2450b4860
CVE-2017-18549 (An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linu ...)
	- linux 4.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/342ffc26693b528648bdc9377e51e4f2450b4860
CVE-2016-10907 (An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kerne ...)
	- linux 4.9.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/9d47964bfd471f0dd4c89f28556aec68bffa0020
CVE-2016-10906 (An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the ...)
	- linux 4.5.1-1
	NOTE: https://git.kernel.org/linus/c278c253f3d992c6994d08aa0efb2b6806ca396f
CVE-2016-10905 (An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4 ...)
	{DLA-1930-1}
	- linux 4.8.5-1
	NOTE: https://git.kernel.org/linus/36e4ad0316c017d5b271378ed9a1c9a4b77fab5f
CVE-2019-15148 (GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Nex ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
	NOT-FOR-US: gpmf-parser
CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack  ...)
	{DLA-1902-1}
	- djvulibre 3.5.27.1-11 (low)
	[buster] - djvulibre <no-dsa> (Minor issue)
	[stretch] - djvulibre <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/djvu/bugs/298/
	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate&lt; ...)
	{DLA-1902-1}
	- djvulibre 3.5.27.1-11 (low)
	[buster] - djvulibre <no-dsa> (Minor issue)
	[stretch] - djvulibre <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/djvu/bugs/299/
	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
	{DLA-1902-1}
	- djvulibre 3.5.27.1-11 (low)
	[buster] - djvulibre <no-dsa> (Minor issue)
	[stretch] - djvulibre <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/djvu/bugs/297/
	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
	{DLA-1902-1}
	- djvulibre 3.5.27.1-11 (low)
	[buster] - djvulibre <no-dsa> (Minor issue)
	[stretch] - djvulibre <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/djvu/bugs/296/
	NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)
	- imagemagick <not-affected> (Incomplete fix for CVE-2019-11597 not applied)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
	{DSA-4715-1 DSA-4712-1 DLA-1968-1}
	- imagemagick <unfixed> (bug #941671)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
	NOTE: followup, previous patch introduced compiler warnings
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component  ...)
	{DSA-4712-1 DLA-1968-1}
	- imagemagick <unfixed> (bug #941670)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
	NOTE: ImageMagick6: followup, partly reverts previous patch:
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e295b8193a1413a39d5c0b3e18fa7ca952c35cdf
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1553
CVE-2019-15138 (The html-pdf package 2.2.0 for Node.js has an arbitrary file read vuln ...)
	NOT-FOR-US: node html-pdf
CVE-2019-15137 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows f ...)
	NOT-FOR-US: eProsima Fast RTPS
CVE-2019-15136 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not ...)
	NOT-FOR-US: eProsima Fast RTPS
CVE-2019-15135 (The handshake protocol in Object Management Group (OMG) DDS Security 1 ...)
	NOT-FOR-US: Object Management Group (OMG) DDS Security
CVE-2019-15134 (RIOT through 2019.07 contains a memory leak in the TCP implementation  ...)
	NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by ...)
	[experimental] - giflib 5.1.8-1
	- giflib 5.1.9-1
	[buster] - giflib <no-dsa> (Minor issue)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008
	NOTE: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/
	NOTE: https://sourceforge.net/p/giflib/bugs/119/
CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...)
	- zabbix <unfixed> (bug #935027)
	[buster] - zabbix <no-dsa> (Minor issue)
	[stretch] - zabbix <no-dsa> (Minor issue)
	[jessie] - zabbix <postponed> (Minor issue)
	NOTE: https://support.zabbix.com/browse/ZBX-16532
CVE-2019-15131 (In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 ...)
	NOT-FOR-US: Code42
CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
	NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
	NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to creat ...)
	NOT-FOR-US: iF.SVNAdmin
CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...)
	NOT-FOR-US: REDCap
CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specifically ...)
	NOT-FOR-US: Broadcom
CVE-2019-15125
	RESERVED
CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...)
	NOT-FOR-US: Fat Free CRM
CVE-2019-15124 (In the MobileFrontend extension for MediaWiki, XSS exists within the e ...)
	NOT-FOR-US: MobileFrontend extension for MediaWiki
CVE-2019-15123 (The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated u ...)
	NOT-FOR-US: Viki Vera
CVE-2019-15122
	RESERVED
CVE-2019-15121
	RESERVED
CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. ...)
	NOT-FOR-US: Kunena extension for Joomla!
CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permission ...)
	NOT-FOR-US: cnlh nps
CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...)
	{DSA-4531-1 DLA-1940-1 DLA-1930-1}
	- linux 5.2.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18
CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...)
	{DSA-4531-1 DLA-1940-1 DLA-1930-1}
	- linux 5.2.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS  ...)
	NOT-FOR-US: easy-digital-downloads plugin for WordPress
CVE-2019-15115 (The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. ...)
	NOT-FOR-US: peters-login-redirect plugin for WordPress
CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. ...)
	NOT-FOR-US: formcraft-form-builder plugin for WordPress
CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for WordPress has  ...)
	NOT-FOR-US: companion-sitemap-generator plugin for WordPress
CVE-2019-15112 (The wp-slimstat plugin before 4.8.1 for WordPress has XSS. ...)
	NOT-FOR-US: wp-slimstat plugin for WordPress
CVE-2019-15111 (The wp-front-end-profile plugin before 0.2.2 for WordPress has a privi ...)
	NOT-FOR-US: wp-front-end-profile plugin for WordPress
CVE-2019-15110 (The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. ...)
	NOT-FOR-US: wp-front-end-profile plugin for WordPress
CVE-2019-15109 (The the-events-calendar plugin before 4.8.2 for WordPress has XSS via  ...)
	NOT-FOR-US: the-events-calendar plugin for WordPress
CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-P ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2019-15107 (An issue was discovered in Webmin &lt;=1.920. The parameter old in pas ...)
	- webmin <removed>
CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager in builds befor ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2019-15105 (An issue was discovered in Zoho ManageEngine Application Manager throu ...)
	NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2019-15104 (An issue was discovered in Zoho ManageEngine OpManager through 12.4x.  ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2019-15103
	RESERVED
CVE-2019-15102 (An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2019-15101
	RESERVED
CVE-2019-15100
	RESERVED
CVE-2019-15097
	RESERVED
CVE-2019-15096
	RESERVED
CVE-2019-15095 (DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi- ...)
	NOT-FOR-US: DWSurvey
CVE-2019-15094
	RESERVED
CVE-2019-15093
	RESERVED
CVE-2019-15092 (The webtoffee "WordPress Users &amp; WooCommerce Customers Import Expo ...)
	NOT-FOR-US: webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin for WordPress
CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&am ...)
	NOT-FOR-US: Artica Integria IMS
CVE-2019-15089 (An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protec ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-15088 (An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compa ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-15087 (An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-15086 (An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-15085 (An issue was discovered in PRiSE adAS 1.7.0. The current database pass ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, insta ...)
	NOT-FOR-US: Realtek
CVE-2019-15083 (Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 befor ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
	NOT-FOR-US: js-jobs plugin for WordPress
CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress has local  ...)
	NOT-FOR-US: companion-auto-update plugin for WordPress
CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. ...)
	NOT-FOR-US: companion-auto-update plugin for WordPress
CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF affecting ...)
	NOT-FOR-US: church-admin plugin for WordPress
CVE-2018-20970 (The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issue ...)
	NOT-FOR-US: pdf-print plugin for WordPress
CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
	{DSA-4489-1 DLA-1864-1}
	- patch 2.7.6-5
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL injection. ...)
	NOT-FOR-US: note-press plugin for WordPress
CVE-2017-18547 (The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in exp ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2017-18546 (The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. ...)
	NOT-FOR-US: jayj-quicktag plugin for WordPress
CVE-2017-18545 (The invite-anyone plugin before 1.3.16 for WordPress has incorrect esc ...)
	NOT-FOR-US: invite-anyone plugin for WordPress
CVE-2017-18544 (The invite-anyone plugin before 1.3.16 for WordPress has admin-panel C ...)
	NOT-FOR-US: invite-anyone plugin for WordPress
CVE-2017-18543 (The invite-anyone plugin before 1.3.16 for WordPress has incorrect acc ...)
	NOT-FOR-US: invite-anyone plugin for WordPress
CVE-2017-18542 (The zendesk-help-center plugin before 1.0.5 for WordPress has multiple ...)
	NOT-FOR-US: zendesk-help-center plugin for WordPress
CVE-2017-18541 (The xo-security plugin before 1.5.3 for WordPress has XSS. ...)
	NOT-FOR-US: xo-security plugin for WordPress
CVE-2017-18540 (The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front ...)
	NOT-FOR-US: weblibrarian plugin for WordPress
CVE-2017-18539 (The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front ...)
	NOT-FOR-US: weblibrarian plugin for WordPress
CVE-2017-18538 (The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front ...)
	NOT-FOR-US: weblibrarian plugin for WordPress
CVE-2017-18537 (The visitors-online plugin before 1.0.0 for WordPress has multiple XSS ...)
	NOT-FOR-US: visitors-online plugin for WordPress
CVE-2017-18536 (The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. ...)
	NOT-FOR-US: stop-user-enumeration plugin for WordPress
CVE-2017-18535 (The smokesignal plugin before 1.2.7 for WordPress has XSS. ...)
	NOT-FOR-US: smokesignal plugin for WordPress
CVE-2017-18534 (The share-on-diaspora plugin before 0.7.2 for WordPress has reflected  ...)
	NOT-FOR-US: share-on-diaspora plugin for WordPress
CVE-2017-18533 (The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18532 (The realty plugin before 1.1.0 for WordPress has multiple XSS issues. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18531 (The raygun4wp plugin before 1.8.3 for WordPress has XSS in the setting ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18530 (The rating-bws plugin before 0.2 for WordPress has multiple XSS issues ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18529 (The promobar plugin before 1.1.1 for WordPress has multiple XSS issues ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18528 (The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issue ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18527 (The pagination plugin before 1.0.7 for WordPress has multiple XSS issu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18526 (The moreads-se plugin before 1.4.7 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
	NOT-FOR-US: olimometer plugin for WordPress
CVE-2016-10903 (The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3  ...)
	NOT-FOR-US: GoDaddy godaddy-email-marketing-sign-up-forms plugin for WordPress
CVE-2016-10902 (The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in  ...)
	NOT-FOR-US: wp-customer-reviews plugin for WordPress
CVE-2016-10901 (The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in t ...)
	NOT-FOR-US: wp-customer-reviews plugin for WordPress
CVE-2016-10900 (The uji-countdown plugin before 2.0.7 for WordPress has XSS. ...)
	NOT-FOR-US: uji-countdown plugin for WordPress
CVE-2016-10899 (The total-security plugin before 3.4.1 for WordPress has a settings-ch ...)
	NOT-FOR-US: total-security plugin for WordPress
CVE-2016-10898 (The total-security plugin before 3.4.1 for WordPress has XSS. ...)
	NOT-FOR-US: total-security plugin for WordPress
CVE-2016-10897 (The sermon-browser plugin before 0.45.16 for WordPress has multiple XS ...)
	NOT-FOR-US: sermon-browser plugin for WordPress
CVE-2016-10896 (The seo-redirection plugin before 4.3 for WordPress has stored XSS. ...)
	NOT-FOR-US: seo-redirection plugin for WordPress
CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
	NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
	NOT-FOR-US: visitors-online plugin for WordPress
CVE-2015-9324 (The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL i ...)
	NOT-FOR-US: easy-digital-downloads plugin for WordPress
CVE-2015-9323 (The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. ...)
	NOT-FOR-US: 404-to-301 plugin for WordPress
CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for WordPress ...)
	NOT-FOR-US: erident-custom-login-and-dashboard plugin for WordPress
CVE-2015-9321 (The shortcode-factory plugin before 1.1.1 for WordPress has XSS via ad ...)
	NOT-FOR-US: shortcode-factory plugin for WordPress
CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related to a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
	NOT-FOR-US: i-recommend-this plugin for WordPress
CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
	- linux 5.3.15-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u
CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2. ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u
CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc
CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has reflect ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
	NOT-FOR-US: OpenCart
CVE-2019-15080
	RESERVED
CVE-2019-15079
	RESERVED
CVE-2019-15078
	RESERVED
CVE-2019-15077
	RESERVED
CVE-2019-15076
	RESERVED
CVE-2019-15075 (An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/ ...)
	NOT-FOR-US: iNextrix ASTPP
CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...)
	- mantis <removed>
	NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27
	NOTE: https://mantisbt.org/bugs/view.php?id=25995
CVE-2019-15073 (An Open Redirect vulnerability for all browsers in MAIL2000 through ve ...)
	NOT-FOR-US: Openfind MAIL2000
CVE-2019-15072 (The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 ...)
	NOT-FOR-US: Openfind MAIL2000
CVE-2019-15071 (The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a c ...)
	NOT-FOR-US: Openfind MAIL2000
CVE-2019-15070
	RESERVED
CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...)
	NOT-FOR-US: Smart Battery
CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a multifunc ...)
	NOT-FOR-US: Smart Battery
CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...)
	NOT-FOR-US: Smart Battery
CVE-2019-15066 (An &#8220;invalid command&#8221; handler issue was discovered in HiNet ...)
	NOT-FOR-US: HiNet GPON firmware
CVE-2019-15065 (A service which is hosted on port 6998 in HiNet GPON firmware &lt; I04 ...)
	NOT-FOR-US: HiNet GPON firmware
CVE-2019-15064 (HiNet GPON firmware version &lt; I040GWR190731 allows an attacker logi ...)
	NOT-FOR-US: HiNet GPON firmware
CVE-2017-18525 (The megamenu plugin before 2.4 for WordPress has XSS. ...)
	NOT-FOR-US: megamenu plugin for WordPress
CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18523 (The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18522 (The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18521 (The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-adm ...)
	NOT-FOR-US: democracy-poll plugin for WordPress
CVE-2017-18520 (The democracy-poll plugin before 5.4 for WordPress has XSS via update_ ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18519 (The customer-area plugin before 7.4.3 for WordPress has XSS via admin  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18518 (The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18517 (The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-18516 (The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS is ...)
	NOT-FOR-US: bws-linkedin plugin for WordPress
CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
	{DLA-1959-1}
	- xtrlock 2.12 (bug #830726)
	[buster] - xtrlock 2.8+deb10u1
	[stretch] - xtrlock <no-dsa> (Minor issue; can be fixed via point release)
CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10891 (The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. ...)
	NOT-FOR-US: aryo-activity-log plugin for WordPress
CVE-2016-10890 (The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. ...)
	NOT-FOR-US: aryo-activity-log plugin for WordPress
CVE-2015-9319 (The gregs-high-performance-seo plugin before 1.6.2 for WordPress has X ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9318 (The awesome-support plugin before 3.1.7 for WordPress has a security i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9317 (The awesome-support plugin before 3.1.7 for WordPress has XSS via cust ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-15063
	RESERVED
CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an  ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/11671
CVE-2019-15061
	RESERVED
CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with firmwa ...)
	NOT-FOR-US: TP-Link
CVE-2019-15059
	RESERVED
CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...)
	- libstb <unfixed> (bug #934973)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/790
	NOTE: Potentially also affects libsixel, mame, libsfml, love, zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, retroarch, renderdoc, goxel
CVE-2019-15057
	RESERVED
CVE-2019-15056
	RESERVED
CVE-2019-15055 (MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly  ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2019-15054 (Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before ...)
	NOT-FOR-US: Mailbird
CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...)
	NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server
CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials  ...)
	- gradle <unfixed> (low; bug #941187)
	[buster] - gradle <no-dsa> (Minor issue)
	[stretch] - gradle <no-dsa> (Minor issue)
	[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with system libraries)
	NOTE: https://github.com/gradle/gradle/issues/10278
	NOTE: https://github.com/gradle/gradle/pull/10176
	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
CVE-2019-15051 (An issue was discovered in Softing uaGate (SI, MB, 840D) firmware thro ...)
	NOT-FOR-US: Softing uaGate
CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
	NOT-FOR-US: Bento4
CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
	NOT-FOR-US: Bento4
CVE-2019-15048 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
	NOT-FOR-US: Bento4
CVE-2019-15047 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
	NOT-FOR-US: Bento4
CVE-2019-15046 (Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthentica ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-15045 (** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-15044
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...)
	- grafana <removed>
CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL  ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15041 (JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL  ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-15040 (JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on  ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possi ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity s ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15037 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had several ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-15034 (hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient  ...)
	{DSA-4665-1}
	- qemu 1:4.1-1
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5e7bcdcfe69ce0fad66012b2cfb2035003c37eef
CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97
CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...)
	NOT-FOR-US: FusionPBX
CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
	NOT-FOR-US: Joomla!
CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on  ...)
	NOT-FOR-US: Mediatek
CVE-2019-15026 (memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer ...)
	{DLA-1913-1}
	- memcached 1.5.17-1 (bug #939337)
	[buster] - memcached <no-dsa> (Minor issue)
	[stretch] - memcached <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/memcached/memcached/commit/554b56687a19300a75ec24184746b5512580c819
CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-ultimate-exporter plugin for WordPress
CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...)
	NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress
CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...)
	NOT-FOR-US: wp-statistics plugin for WordPress
CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...)
	NOT-FOR-US: simple-login-log plugin for WordPress
CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...)
	NOT-FOR-US: responsive-menu plugin for WordPress
CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...)
	NOT-FOR-US: newsletter-by-supsystic plugin for WordPress
CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...)
	NOT-FOR-US: custom-sidebars plugin for WordPress
CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...)
	NOT-FOR-US: custom-sidebars plugin for WordPress
CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...)
	NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...)
	NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...)
	NOT-FOR-US: simple-membership plugin for WordPress
CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...)
	NOT-FOR-US: simple-add-pages-or-posts plugin for WordPress
CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...)
	NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...)
	NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...)
	NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injec ...)
	NOT-FOR-US: wp-fastest-cache plugin for WordPress
CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL injection. ...)
	NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS related to  ...)
	NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL injection r ...)
	NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS related to  ...)
	NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. ...)
	NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2015-9309 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2015-9308 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...)
	- libexosip2 <removed> (bug #934766)
	[buster] - libexosip2 <no-dsa> (Minor issue)
	[stretch] - libexosip2 <no-dsa> (Minor issue)
	[jessie] - libexosip2 <no-dsa> (Minor issue)
	NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...)
	NOT-FOR-US: simple-fields plugin for WordPress
CVE-2019-15024 (In all versions of ClickHouse before 19.14.3, an attacker having write ...)
	NOT-FOR-US: ClickHouse
CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15021 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15020 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15019 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15018 (A security vulnerability exists in the Zingbox Inspector versions 1.28 ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15017 (The SSH service is enabled on the Zingbox Inspector versions 1.294 and ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15016 (An SQL injection vulnerability exists in the management interface of Z ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15015 (In the Zingbox Inspector, versions 1.294 and earlier, hardcoded creden ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspector vers ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-15013 (The WorkflowResource class removeStatus method in Jira before version  ...)
	NOT-FOR-US: Atlassian
CVE-2019-15012 (Bitbucket Server and Bitbucket Data Center from version 4.13. before 5 ...)
	NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...)
	NOT-FOR-US: Application Links
CVE-2019-15010 (Bitbucket Server and Bitbucket Data Center versions starting from vers ...)
	NOT-FOR-US: Bitbucket Server and Bitbucket Data Center
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and  ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before version 4 ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15006 (There was a man-in-the-middle (MITM) vulnerability present in the Conf ...)
	NOT-FOR-US: Confluence
CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...)
	NOT-FOR-US: Atlassian
CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
	NOT-FOR-US: Atlassian
CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
	NOT-FOR-US: Atlassian
CVE-2019-15002
	RESERVED
CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...)
	NOT-FOR-US: Atlassian
CVE-2019-15000 (The commit diff rest endpoint in Bitbucket Server and Data Center befo ...)
	NOT-FOR-US: Atlassian
CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...)
	NOT-FOR-US: Atlassian
CVE-2019-14998 (The Webwork action Cross-Site Request Forgery (CSRF) protection implem ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-14997 (The AccessLogFilter class in Jira before version 8.4.0 allows remote a ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-14996 (The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-14995 (The /rest/api/1.0/render resource in Jira before version 8.4.0 allows  ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-14994 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
	NOT-FOR-US: Atlassian
CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...)
	NOT-FOR-US: Istio
CVE-2019-14992
	REJECTED
CVE-2019-14991
	REJECTED
CVE-2019-14990
	REJECTED
CVE-2019-14989
	REJECTED
CVE-2019-14988
	REJECTED
CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...)
	NOT-FOR-US: Adive Framework
CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...)
	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...)
	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...)
	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14983
	RESERVED
CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...)
	- exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/960
	NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is  ...)
	{DSA-4712-1 DLA-1968-1}
	- imagemagick <unfixed> (bug #955025)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is  ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43
	NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42)
CVE-2019-14979 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...)
	NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for WordPress
CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...)
	NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
CVE-2019-14977
	REJECTED
CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
	- mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292
	NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0)
CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
	NOT-FOR-US: SugarCRM
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
	{DSA-4670-1 DSA-4608-1 DLA-1897-1}
	- tiff 4.0.10+git190814-1 (low; bug #934780)
	- tiff3 <removed>
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90
	NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
CVE-2019-14972
	RESERVED
CVE-2019-14971
	RESERVED
CVE-2019-14970 (A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3. ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...)
	NOT-FOR-US: Netwrix Auditor
CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...)
	NOT-FOR-US: imcat
CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...)
	NOT-FOR-US: Frappe Framework
CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...)
	NOT-FOR-US: Frappe Framework
CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...)
	NOT-FOR-US: Frappe Framework
CVE-2019-14964
	RESERVED
CVE-2019-14963
	RESERVED
CVE-2019-14962
	RESERVED
CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly escaping HTML t ...)
	NOT-FOR-US: JetBrains Upsource
CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider. ...)
	NOT-FOR-US: JetBrains Rider
CVE-2019-14959 (JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a ...)
	NOT-FOR-US: JetBrains Toolbox
CVE-2019-14958 (JetBrains PyCharm before 2019.2 was allocating a buffer of unknown siz ...)
	- pycharm <itp> (bug #742394)
CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing individual pr ...)
	NOT-FOR-US: JetBrains Vim plugin
CVE-2019-14956 (JetBrains YouTrack before 2019.2.53938 was using incorrect settings, a ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...)
	NOT-FOR-US: JetBrains Hub
CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in  ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...)
	NOT-FOR-US: Telenav Scout GPS Link app
CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...)
	NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...)
	NOT-FOR-US: woocommerce-product-addon plugin for WordPress
CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during  ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities]
	RESERVED
	[experimental] - gitlab 11.11.8+dfsg-1
	- gitlab 12.6.8-3 (bug #934708)
	NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
	- gitlab <not-affected> (Only affects GitLab CE/EE 12.0 and later)
	NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
	RESERVED
	[experimental] - gitlab 11.11.8+dfsg-1
	- gitlab 12.6.8-3 (bug #934708)
	NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14941 (SHAREit through 4.0.6.177 does not check the body length from the rece ...)
	NOT-FOR-US: SHAREit
CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of  ...)
	NOT-FOR-US: Storage Performance Development Kit
CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
	- node-mysql 2.18.0-1 (bug #934712)
	[buster] - node-mysql <no-dsa> (Minor issue)
	[stretch] - node-mysql <end-of-life> (Nodejs in stretch not covered by security support)
	[jessie] - node-mysql <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://github.com/mysqljs/mysql/issues/2257
CVE-2019-14938
	RESERVED
CVE-2019-14937 (REDCap before 9.3.0 allows time-based SQL injection in the edit calend ...)
	NOT-FOR-US: REDCap
CVE-2019-14936 (Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Informat ...)
	NOT-FOR-US: Easy!Appointments plugin for WordPress
CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
	NOT-FOR-US: 3CX Phone 15 on Windows
CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...)
	- pdfresurrect 0.18-1
	[buster] - pdfresurrect <no-dsa> (Minor issue)
	[stretch] - pdfresurrect <no-dsa> (Minor issue)
	[jessie] - pdfresurrect <no-dsa> (Minor issue)
	NOTE: https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6
	NOTE: https://github.com/enferex/pdfresurrect/issues/6
	NOTE: CVE specific to the calloc_some.pdf and malloc_some.pdf issues.
CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...)
	NOT-FOR-US: Bagisto
CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203  ...)
	NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...)
	NOT-FOR-US: woocommerce-jetpack plugin for WordPress
CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2018-20964 (The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. ...)
	NOT-FOR-US: contact-form-to-email plugin for WordPress
CVE-2018-20963 (The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-to-email plugin for WordPress
CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...)
	NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2017-18507 (The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. ...)
	NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...)
	NOT-FOR-US: woocommerce-pdf-invoices-packing-slips plugin for WordPress
CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...)
	NOT-FOR-US: twitter-plugin plugin for WordPress
CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. ...)
	NOT-FOR-US: twitter-cards-meta plugin for WordPress
CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. ...)
	NOT-FOR-US: twitter-cards-meta plugin for WordPress
CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple XSS issu ...)
	NOT-FOR-US: subscriber plugin for WordPress
CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has multiple XSS  ...)
	NOT-FOR-US: social-login-bws plugin for WordPress
CVE-2017-18500 (The social-buttons-pack plugin before 1.1.1 for WordPress has multiple ...)
	NOT-FOR-US: social-buttons-pack plugin for WordPress
CVE-2017-18499 (The simple-membership plugin before 3.5.7 for WordPress has XSS. ...)
	NOT-FOR-US: simple-membership plugin for WordPress
CVE-2017-18498 (The simple-job-board plugin before 2.4.4 for WordPress has reflected X ...)
	NOT-FOR-US: simple-job-board plugin for WordPress
CVE-2017-18497 (The liveforms plugin before 3.4.0 for WordPress has XSS. ...)
	NOT-FOR-US: liveforms plugin for WordPress
CVE-2017-18496 (The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues ...)
	NOT-FOR-US: htaccess plugin for WordPress
CVE-2017-18495 (The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress  ...)
	NOT-FOR-US: gravity-forms-sms-notifications plugin for WordPress
CVE-2017-18494 (The custom-search-plugin plugin before 1.36 for WordPress has multiple ...)
	NOT-FOR-US: custom-search-plugin plugin for WordPress
CVE-2017-18493 (The custom-admin-page plugin before 0.1.2 for WordPress has multiple X ...)
	NOT-FOR-US: custom-admin-page plugin for WordPress
CVE-2017-18492 (The contact-form-to-db plugin before 1.5.7 for WordPress has multiple  ...)
	NOT-FOR-US: contact-form-to-db plugin for WordPress
CVE-2017-18491 (The contact-form-plugin plugin before 4.0.6 for WordPress has multiple ...)
	NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2017-18490 (The contact-form-multi plugin before 1.2.1 for WordPress has multiple  ...)
	NOT-FOR-US: contact-form-multi plugin for WordPress
CVE-2017-18489 (The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS ...)
	NOT-FOR-US: contact-form-7-sms-addon plugin for WordPress
CVE-2017-18488 (The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS i ...)
	NOT-FOR-US: Backup Guard plugin for WordPress
CVE-2017-18487 (The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPre ...)
	NOT-FOR-US: adsense-plugin (aka Google AdSense) plugin for WordPress
CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. ...)
	NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2016-10878 (The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. ...)
	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2016-10877 (The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS iss ...)
	NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10876 (The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10875 (The wp-database-backup plugin before 4.3.1 for WordPress has XSS. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10874 (The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10873 (The wp-database-backup plugin before 4.3.3 for WordPress has XSS. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10872 (The ultimate-member plugin before 1.3.40 for WordPress has XSS on the  ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2016-10871 (The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the ...)
	NOT-FOR-US: mailchimp-for-wp plugin for WordPress
CVE-2016-10870 (The google-language-translator plugin before 5.0.06 for WordPress has  ...)
	NOT-FOR-US: google-language-translator plugin for WordPress
CVE-2016-10869 (The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2016-10868 (The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10867 (The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10866 (The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2015-9306 (The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS ...)
	NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress
CVE-2015-9305 (The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS rel ...)
	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2015-9304 (The ultimate-member plugin before 1.3.18 for WordPress has XSS via tex ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2015-9303 (The simple-share-buttons-adder plugin before 6.0.0 for WordPress has X ...)
	NOT-FOR-US: simple-share-buttons-adder plugin for WordPress
CVE-2015-9302 (The simple-fields plugin before 1.4.11 for WordPress has XSS. ...)
	NOT-FOR-US: simple-fields plugin for WordPress
CVE-2015-9301 (The liveforms plugin before 3.2.0 for WordPress has SQL injection. ...)
	NOT-FOR-US: liveforms plugin for WordPress
CVE-2015-9300 (The events-manager plugin before 5.5.7 for WordPress has multiple XSS  ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2015-9299 (The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2015-9298 (The events-manager plugin before 5.6 for WordPress has code injection. ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2015-9297 (The events-manager plugin before 5.6 for WordPress has XSS. ...)
	NOT-FOR-US: events-manager plugin for WordPress
CVE-2015-9296 (The download-monitor plugin before 1.7.1 for WordPress has XSS related ...)
	NOT-FOR-US: download-monitor plugin for WordPress
CVE-2015-9295 (The contact-form-plugin plugin before 3.96 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2015-9294 (The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2015-9293 (The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2012-6713 (The job-manager plugin before 0.7.19 for WordPress has multiple XSS is ...)
	NOT-FOR-US: job-manager plugin for WordPress
CVE-2019-14931 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14930 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14929 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14928 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14927 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14926 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14925 (An issue was discovered on Mitsubishi Electric ME-RTU devices through  ...)
	NOT-FOR-US: Mitsubishi Electric ME-RTU devices
CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The method moveI ...)
	NOT-FOR-US: GCDWebServer
CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharac ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2019-14922
	RESERVED
CVE-2019-14921
	RESERVED
CVE-2019-14920 (Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authe ...)
	NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
CVE-2019-14919 (An exposed Telnet Service on the Billion Smart Energy Router SG600R2 w ...)
	NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
CVE-2019-14918 (XSS in the DHCP lease-status table in Billion Smart Energy Router SG60 ...)
	NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
CVE-2019-14917
	RESERVED
CVE-2019-14916 (An issue was discovered in PRiSE adAS 1.7.0. A file's format is not pr ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-14915 (An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not  ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-14914 (An issue was discovered in PRiSE adAS 1.7.0. The path is not properly  ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-14913 (An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-14912 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does n ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-14911 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does n ...)
	NOT-FOR-US: PRiSE adAS
CVE-2019-14910 (A vulnerability was found in keycloak 7.x, when keycloak is configured ...)
	NOT-FOR-US: Keycloak
CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federation LD ...)
	NOT-FOR-US: Keycloak
CVE-2019-14908
	RESERVED
CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...)
	- samba 2:4.11.5+dfsg-1
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
	NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7
CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x before 2.9. ...)
	- ansible 2.9.4+dfsg-1 (low)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.2)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
	NOTE: https://github.com/ansible/ansible/pull/65423
	NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
	RESERVED
	- ansible 2.9.4+dfsg-1 (low)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
	NOTE: https://github.com/ansible/ansible/pull/65686
	NOTE: https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md
CVE-2019-14903
	RESERVED
CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)
	- samba 2:4.11.5+dfsg-1
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
CVE-2019-14900 (A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 an ...)
	- libhibernate3-java <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666499
	NOTE: https://github.com/hibernate/hibernate-orm/commit/b658e903d71e34a5be5690a33e6faa21b1db628b
	NOTE: https://github.com/hibernate/hibernate-orm/commit/7dfb0fdf24fb4a1f757be14ce5806b5a81f20ab8
	NOTE: https://github.com/hibernate/hibernate-orm/commit/50a5da07c1e6cb1da630b01c67bce9f7fe49dd8e
CVE-2019-14899 (A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, ...)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/05/1
CVE-2019-14898 (The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 w ...)
	- linux <not-affected> (RHEL-7 specific incomplete fix for CVE-2019-11599)
CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.19-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.19-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel, all v ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
CVE-2019-14894 (A flaw was found in the CloudForms management engine version 5.10 and  ...)
	NOT-FOR-US: Red Hat CloudForm
CVE-2019-14893 (A flaw was discovered in FasterXML jackson-databind in all versions be ...)
	- jackson-databind 2.10.0-1
	[buster] - jackson-databind 2.9.8-3+deb10u1
	[stretch] - jackson-databind 2.8.6-1+deb9u6
	[jessie] - jackson-databind 2.4.2-2+deb8u9
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2469
	NOTE: https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317
CVE-2019-14892 (A flaw was discovered in jackson-databind in versions before 2.9.10, 2 ...)
	- jackson-databind 2.10.0-1
	[buster] - jackson-databind 2.9.8-3+deb10u1
	[stretch] - jackson-databind 2.8.6-1+deb9u6
	[jessie] - jackson-databind 2.4.2-2+deb8u9
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2462
	NOTE: https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af
	NOTE: https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related processes be ...)
	NOT-FOR-US: Kubernetes CRI-O
CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where an attac ...)
	NOT-FOR-US: Ansible Tower
CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in version ...)
	{DLA-2038-1}
	- libssh 0.9.3-1 (bug #946548)
	[buster] - libssh <no-dsa> (Minor issue)
	[stretch] - libssh <no-dsa> (Minor issue)
	NOTE: https://www.libssh.org/security/advisories/CVE-2019-14889.txt
	NOTE: https://bugs.libssh.org/T181
	NOTE: The fix in libssh makes an update in x2goclient necessary, cf:
	NOTE: https://bugs.debian.org/947129
	NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a
CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
	- undertow <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...)
	- wildfly <itp> (bug #752018)
CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
	NOT-FOR-US: Business central
CVE-2019-14885 (A flaw was found in the JBoss EAP Vault system in all versions before  ...)
	NOT-FOR-US: JBoss EAP
CVE-2019-14884 (A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7  ...)
	- moodle <removed>
CVE-2019-14883 (A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3. ...)
	- moodle <removed>
CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to ...)
	- moodle <removed>
CVE-2019-14881 (A vulnerability was found in moodle 3.7 before 3.7.3, where there is b ...)
	- moodle <removed>
CVE-2019-14880 (A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 bef ...)
	- moodle <removed>
CVE-2019-14879 (A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ...)
	- moodle <removed>
CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions prior t ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc 1.4.3-1
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
	NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14877 (In the __mdiff function of the newlib libc library, all versions prior ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc 1.4.3-1
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
	NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14876 (In the __lshift function of the newlib libc library, all versions prio ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc <unfixed> (unimportant)
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
CVE-2019-14875 (In the __multiply function of the newlib libc library, all versions pr ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc <not-affected> (Affected code not present)
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
CVE-2019-14874 (In the __i2b function of the newlib libc library, all versions prior t ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc 1.4.3-1
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
	NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14873 (In the __multadd function of the newlib libc library, prior to version ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc 1.4.3-1
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
	NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14872 (The _dtoa_r function of the newlib libc library, prior to version 3.3. ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc 1.4.3-1
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
	NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by ...)
	- newlib 3.3.0-1
	[buster] - newlib <no-dsa> (Minor issue)
	[stretch] - newlib <no-dsa> (Minor issue)
	[jessie] - newlib <ignored> (Minor issue)
	- picolibc 1.4.3-1
	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
	NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
	- samba 2:4.11.3+dfsg-1
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	- heimdal 7.7.0+dfsg-1 (bug #946786)
	[buster] - heimdal <no-dsa> (Minor issue)
	[stretch] - heimdal <no-dsa> (Minor issue)
	[jessie] - heimdal <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html
	NOTE: https://github.com/heimdal/heimdal/pull/663
	NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch)
CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50, where ...)
	{DSA-4569-1 DLA-1992-1}
	- ghostscript 9.50~dfsg-3 (bug #944760)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768911
	NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
	NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
	NOTE: which changed the access to file permissions.
CVE-2019-14868 (In ksh version 20120801, a flaw was found in the way it evaluates cert ...)
	- ksh 2020.0.0-2.1 (bug #948989)
	[jessie] - ksh <ignored> (Minor issue)
	- ksh93 <unfixed> (bug #964034)
	NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
CVE-2019-14867 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
	- freeipa 4.8.3-1
	[buster] - freeipa <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6
CVE-2019-14866 (In all versions of cpio before 2.13 does not properly validate input f ...)
	{DLA-1981-1}
	- cpio 2.13+dfsg-1 (low; bug #941412)
	[buster] - cpio <no-dsa> (Minor issue)
	[stretch] - cpio <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7
CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A local a ...)
	- grub2 <not-affected> (Red Hat-specific patch)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925
	NOTE: https://seclists.org/oss-sec/2019/q4/101
	NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM
CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...)
	- ansible 2.9.2+dfsg-1 (low; bug #943768)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ansible/ansible/issues/63522
	NOTE: https://github.com/ansible/ansible/pull/63527
	NOTE: Introduced in https://github.com/ansible/ansible/commit/91da1653e0b592d4d67c5fb3ecd4fa60c797ff03 (2.6)
CVE-2019-14863 (There is a vulnerability in all angular versions before 1.5.0-beta.0,  ...)
	{DLA-1995-1}
	- angular.js 1.5.3-2 (bug #942833)
	NOTE: https://snyk.io/vuln/npm:angular:20150807
	NOTE: https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
	NOTE: https://github.com/angular/angular.js/pull/12524
CVE-2019-14862 (There is a vulnerability in knockout before version 3.5.0-beta, where  ...)
	- node-knockout 3.4.2-3 (unimportant; bug #943560)
	[buster] - node-knockout 3.4.2-2+deb10u1
	NOTE: https://github.com/knockout/knockout/issues/1244
	NOTE: https://github.com/knockout/knockout/pull/2345
	NOTE: https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb
	NOTE: Only impacts browsers which are totally insecure and EOLed anyway
CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
	- samba 2:4.11.3+dfsg-1
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html
CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...)
	NOT-FOR-US: Syndesis
CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3, where it  ...)
	{DSA-4588-1 DLA-1978-1}
	- python-ecdsa 0.13.3-1
	NOTE: https://github.com/warner/python-ecdsa/issues/114
	NOTE: Upstream patches:
	NOTE: https://github.com/warner/python-ecdsa/pull/115
	NOTE: https://github.com/warner/python-ecdsa/pull/124
	NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible  ...)
	- ansible 2.8.6+dfsg-1 (bug #942332)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
	NOTE: https://github.com/ansible/ansible/pull/63405
	NOTE: Sub-options/sub-specs/sub-parameters introduced in https://github.com/ansible/ansible/commit/25de905c6e05bd6df91f4299628ee6d386d3da50 (2.4)
CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...)
	{DLA-1996-1}
	- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)
	[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
	[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75
	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e
	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451
	NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
CVE-2019-14855 (A flaw was found in the way certificate signatures could be forged usi ...)
	- gnupg2 2.2.19-1 (low; bug #945859)
	[buster] - gnupg2 <no-dsa> (Minor issue)
	[stretch] - gnupg2 <no-dsa> (Minor issue)
	[jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
	- gnupg1 <unfixed> (low)
	[buster] - gnupg1 <no-dsa> (Minor issue)
	[stretch] - gnupg1 <no-dsa> (Minor issue)
	- gnupg <removed> (low)
	[jessie] - gnupg <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
	NOTE: https://dev.gnupg.org/T4755
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1
	NOTE: https://eprint.iacr.org/2020/014.pdf
CVE-2019-14854 (OpenShift Container Platform 4 does not sanitize secret data written t ...)
	NOT-FOR-US: OpenShift
CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before version 0.13.3 ...)
	{DSA-4588-1 DLA-1978-1}
	- python-ecdsa 0.13.3-1
	NOTE: https://github.com/warner/python-ecdsa/issues/114
	NOTE: Upstream patches:
	NOTE: https://github.com/warner/python-ecdsa/pull/115
	NOTE: https://github.com/warner/python-ecdsa/pull/124
	NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
CVE-2019-14852
	RESERVED
CVE-2019-14851 [assertion failure by issuing commands in the wrong order]
	RESERVED
	- nbdkit 1.14.2-1
	[buster] - nbdkit <not-affected> (Issue introduced by the fix for CVE-2019-14850)
	[stretch] - nbdkit <not-affected> (Issue introduced by the fix for CVE-2019-14850)
	[jessie] - nbdkit <not-affected> (introduced by CVE-2019-14850)
	NOTE: https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
	NOTE: 1.15 (development branch):
	NOTE: https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f
	NOTE: 1.14:
	NOTE: https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e
	NOTE: 1.12:
	NOTE: https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3
CVE-2019-14850 [denial of service due to premature opening of back-end connection]
	RESERVED
	- nbdkit 1.14.1-1
	[buster] - nbdkit <no-dsa> (Minor issue)
	[stretch] - nbdkit <no-dsa> (Minor issue)
	[jessie] - nbdkit <ignored> (Minor issue, DoS/amplification for specific configuration, non-trivial backport, low popcon)
	NOTE: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
	NOTE: 1.15 (development branch):
	NOTE: https://github.com/libguestfs/nbdkit/commit/c05686f9577fa91b6a3a4d8c065954ca6fc3fd62
	NOTE: https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f
	NOTE: 1.14:
	NOTE: https://github.com/libguestfs/nbdkit/commit/e06cde00659ff97182173d0e33fff784041bcb4a
	NOTE: https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e
	NOTE: 1.12:
	NOTE: https://github.com/libguestfs/nbdkit/commit/22b30adb796bb6dca264a38598f80b8a234ff978
	NOTE: https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3
CVE-2019-14849 (A vulnerability was found in 3scale before version 2.6, did not set th ...)
	NOT-FOR-US: Red Hat 3scale
CVE-2019-14848
	RESERVED
CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
	- samba 2:4.11.0+dfsg-6
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to  ...)
	{DLA-2202-1}
	- ansible 2.8.6+dfsg-1 (low; bug #942188)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
	NOTE: https://github.com/ansible/ansible/pull/63366
	NOTE: https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. ...)
	NOT-FOR-US: OpenShift
CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including ...)
	- krb5 <not-affected> (Vulnerable code not present; problematic commit not backported; not present in any MIT krb5 release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1753589
	NOTE: Introduced by: https://github.com/krb5/krb5/commit/a649279727490687d54becad91fde8cf7429d951
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf
CVE-2019-14843 (A flaw was found in Wildfly Security Manager, running under JDK 11 or  ...)
	- wildfly <itp> (bug #752018)
CVE-2019-14841
	RESERVED
CVE-2019-14840
	RESERVED
CVE-2019-14839
	RESERVED
CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...)
	- wildfly <itp> (bug #752018)
CVE-2019-14837 (A flaw was found in keycloack before version 8.0.0. The owner of 'plac ...)
	NOT-FOR-US: Keycloak
CVE-2019-14836
	RESERVED
CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
	{DSA-4531-1 DLA-1940-1 DLA-1930-1}
	- linux 5.2.17-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1
	NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where the me ...)
	- dnsmasq 2.81-1 (bug #948373)
	[buster] - dnsmasq <no-dsa> (Minor issue)
	[stretch] - dnsmasq <no-dsa> (Minor issue)
	[jessie] - dnsmasq <no-dsa> (Minor issue)
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764425
CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...)
	- samba 2:4.11.1+dfsg-2
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0 where i ...)
	NOT-FOR-US: Keycloak
CVE-2019-14831
	RESERVED
CVE-2019-14830
	RESERVED
CVE-2019-14829
	RESERVED
CVE-2019-14828
	RESERVED
CVE-2019-14827
	RESERVED
CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies  ...)
	- freeipa <unfixed> (bug #940913)
	[buster] - freeipa <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944
	NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c
	NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682.
CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...)
	NOT-FOR-US: Katello
CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...)
	{DLA-2004-1}
	- 389-ds-base 1.4.2.4-1 (bug #944150)
	[buster] - 389-ds-base <no-dsa> (Minor issue)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
	NOTE: https://pagure.io/freeipa/issue/8050
CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementation in ...)
	- jss 4.6.2-1 (bug #942463)
	[buster] - jss <not-affected> (Vulnerable code backported only in 4.5.3 onwards)
	[stretch] - jss <not-affected> (Vulnerable code not present)
	[jessie] - jss <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435
	NOTE: https://github.com/dogtagpki/jss/pull/284
	NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4
CVE-2019-14822 (A flaw was discovered in ibus that allows any unprivileged user to mon ...)
	{DSA-4525-1}
	- ibus 1.5.21-1 (bug #940267)
	[jessie] - ibus <ignored> (Hard to exploit, regression risk)
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/13/1
	NOTE: Fixed by: https://github.com/ibus/ibus/commit/3d442dbf936d197aa11ca0a71663c2bc61696151
	NOTE: The original fix introduces regression with Qt applications (the fix uncovered an
	NOTE: interoperability bug between GLib's implementation of D-Bus and the reference implementation
	NOTE: libdbus):
	NOTE: https://bugs.debian.org/941018
	NOTE: https://launchpad.net/bugs/1844853
	NOTE: https://github.com/ibus/ibus/issues/2137
CVE-2019-14821 (An out-of-bounds access issue was found in the Linux kernel, all versi ...)
	{DSA-4531-1 DLA-1940-1 DLA-1930-1}
	- linux 5.2.17-1
	NOTE: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
CVE-2019-14820 (It was found that keycloak before version 8.0.0 exposes internal adapt ...)
	NOT-FOR-US: Keycloak
CVE-2019-14819 (A flaw was found during the upgrade of an existing OpenShift Container ...)
	NOT-FOR-US: openshift-ansible
CVE-2019-14818 (A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x bef ...)
	{DSA-4567-1}
	- dpdk 18.11.4-1
	NOTE: http://mails.dpdk.org/archives/announce/2019-November/000293.html
	NOTE: https://bugs.dpdk.org/show_bug.cgi?id=363
CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.50, in the .pdfex ...)
	{DSA-4518-1 DLA-1915-1}
	- ghostscript 9.28~~rc2~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
	NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
	NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
	NOTE: which changed the access to file permissions.
CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
CVE-2019-14815 (A vulnerability was found in Linux Kernel, where a Heap Overflow was f ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-14814 (There is heap-based buffer overflow in Linux kernel, all versions up t ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 5.2.17-1
	[buster] - linux 4.19.87-1
	[stretch] - linux 4.9.210-1
CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.50, in the sets ...)
	{DSA-4518-1 DLA-1915-1}
	- ghostscript 9.28~~rc2~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
	NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
	NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
	NOTE: which changed the access to file permissions.
CVE-2019-14812 (A flaw was found in all ghostscript versions 9.x before 9.50, in the . ...)
	{DSA-4518-1 DLA-1915-1}
	- ghostscript 9.28~~rc2~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
	NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
	NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
	NOTE: which changed the access to file permissions.
CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_h ...)
	{DSA-4518-1 DLA-1915-1}
	- ghostscript 9.28~~rc2~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
	NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
	NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
	NOTE: which changed the access to file permissions.
CVE-2019-14810 (A vulnerability has been found in the implementation of the Label Dist ...)
	NOT-FOR-US: EOS
CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...)
	{DSA-4503-1}
	- golang-1.13 1.13~beta1-3 (bug #934954)
	- golang-1.12 1.12.8-1
	- golang-1.11 1.11.13-1
	- golang-1.8 <removed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Fix too invasive to backport, url.go file in jessie too far behind upstream)
	NOTE: Issue: https://github.com/golang/go/issues/29098
	NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11)
	NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12)
CVE-2019-14808 (An issue was discovered in the RENPHO application 3.0.0 for iOS. It tr ...)
	NOT-FOR-US: RENPHO
CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...)
	NOT-FOR-US: MobileFrontend extension for MediaWiki
CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
	- python-werkzeug 0.15.6+dfsg1-1 (low; bug #940935)
	[buster] - python-werkzeug 0.14.1+dfsg1-4+deb10u1
	[stretch] - python-werkzeug 0.11.15+dfsg1-1+deb9u1
	[jessie] - python-werkzeug <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
CVE-2019-14805 (studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the ...)
	NOT-FOR-US: UNA
CVE-2019-14804 (studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via t ...)
	NOT-FOR-US: UNA
CVE-2019-14803
	RESERVED
CVE-2019-14802
	RESERVED
CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privi ...)
	NOT-FOR-US: Jitbit Helpdesk
CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress  ...)
	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
CVE-2019-14800 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress  ...)
	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress  ...)
	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authent ...)
	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authent ...)
	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products  ...)
	NOT-FOR-US: mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin for WordPress
CVE-2019-14795 (The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress h ...)
	NOT-FOR-US: toggle-the-title (aka Toggle The Title) plugin for WordPress
CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the uploadi ...)
	NOT-FOR-US: Meta Box plugin for WordPress
CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file deletion v ...)
	NOT-FOR-US: Meta Box plugin for WordPress
CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via  ...)
	NOT-FOR-US: WP Google Maps plugin for WordPress
CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XS ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2019-14790 (The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS ...)
	NOT-FOR-US: limb-gallery (aka Limb Gallery) plugin for WordPress
CVE-2019-14789 (The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: Custom 404 Pro plugin for WordPress
CVE-2019-14788 (wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribu ...)
	NOT-FOR-US: Tribulant Newsletters plugin for WordPress
CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XS ...)
	NOT-FOR-US: Tribulant Newsletters plugin for WordPress
CVE-2019-14786 (The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users t ...)
	NOT-FOR-US: Rank Math SEO plugin for WordPress
CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress h ...)
	NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress
CVE-2019-14784 (The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress h ...)
	NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress
CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
	NOT-FOR-US: Samsung
CVE-2019-14782 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8 ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14781
	RESERVED
CVE-2019-14780
	RESERVED
CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cros ...)
	NOT-FOR-US: Lightbox Plus Colorbox plugin for WordPress
CVE-2019-14779
	RESERVED
CVE-2019-14778 (The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.c ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14777 (The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14776 (A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14775
	RESERVED
CVE-2019-12625 (ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnera ...)
	{DLA-1953-1}
	- clamav 0.101.4+dfsg-1 (bug #934359)
	[buster] - clamav 0.101.4+dfsg-0+deb10u1
	[stretch] - clamav 0.101.4+dfsg-0+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356
	NOTE: Partially adressed already in 0.101.2+dfsg-3 but incomplete.
	NOTE: https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
	NOT-FOR-US: verdaccio
CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the  ...)
	- backdrop <itp> (bug #914257)
CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some me ...)
	- backdrop <itp> (bug #914257)
CVE-2019-14769 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't suf ...)
	- backdrop <itp> (bug #914257)
CVE-2019-14768 (An Arbitrary File Upload issue in the file browser of DIMO YellowBox C ...)
	NOT-FOR-US: DIMO YellowBox CRM
CVE-2019-14767 (In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence ...)
	NOT-FOR-US: DIMO YellowBox CRM
CVE-2019-14766 (Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4  ...)
	NOT-FOR-US: DIMO YellowBox CRM
CVE-2019-14765 (Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBo ...)
	NOT-FOR-US: DIMO YellowBox CRM
CVE-2019-14764
	RESERVED
CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in drivers/u ...)
	- linux 4.16.5-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-14762
	RESERVED
CVE-2019-14761
	RESERVED
CVE-2019-14760
	RESERVED
CVE-2019-14759
	RESERVED
CVE-2019-14758
	RESERVED
CVE-2019-14757
	RESERVED
CVE-2019-14756
	RESERVED
CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows U ...)
	NOT-FOR-US: Leaf Admin
CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
	NOT-FOR-US: Open-School
CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
	NOT-FOR-US: Backpack\CRUD Backpack
CVE-2019-14753 (SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buff ...)
	NOT-FOR-US: SICK FX0-GPNT00000 and FX0-GENT00000 devices
CVE-2019-14752 (SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...)
	- nltk 3.4.5-1 (low; bug #935201)
	[buster] - nltk <no-dsa> (Minor issue)
	[stretch] - nltk <no-dsa> (Minor issue)
	[jessie] - nltk <no-dsa> (Minor issue; user has to configure a compromised server)
	NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/
	NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10
CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
	NOT-FOR-US: osTicket
CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
	NOT-FOR-US: osTicket
CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
	NOT-FOR-US: osTicket
CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...)
	NOT-FOR-US: DWSurvey
CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by  ...)
	NOT-FOR-US: KuaiFanCMS
CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...)
	- radare2 3.9.0+dfsg-1 (bug #934204)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/pull/14690
	NOTE: When fixing this ussue make sure to not only apply the initial commits but
	NOTE: as well the followups to avoid opening CVE-2019-16718:
	NOTE: https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af
	NOTE: https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7
CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...)
	{DSA-4494-1 DLA-1890-1}
	- kconfig 5.54.0-2 (bug #934267)
	- kde4libs 4:4.14.38-4 (bug #934268)
	[buster] - kde4libs <no-dsa> (Minor issue)
	[stretch] - kde4libs <no-dsa> (Minor issue)
	NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
	NOTE: https://kde.org/info/security/advisory-20190807-1.txt
	NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
	NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00
CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...)
	NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-14742
	RESERVED
CVE-2019-14741
	RESERVED
CVE-2019-14740
	RESERVED
CVE-2019-14739
	RESERVED
CVE-2019-14738
	RESERVED
CVE-2019-14737 (Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. ...)
	NOT-FOR-US: Ubisoft Uplay
CVE-2019-14736
	RESERVED
CVE-2019-14735
	RESERVED
CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...)
	- adplug <unfixed>
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/90
CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::l ...)
	- adplug <unfixed>
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/89
CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::l ...)
	- adplug <unfixed>
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/88
CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
	NOT-FOR-US: ZenTao CMS
CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14729 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14728 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14727 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14726 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14725 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14724 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14723 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14722 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14720
	RESERVED
CVE-2019-14719
	RESERVED
CVE-2019-14718
	RESERVED
CVE-2019-14717
	RESERVED
CVE-2019-14716
	RESERVED
CVE-2019-14715
	RESERVED
CVE-2019-14714
	RESERVED
CVE-2019-14713
	RESERVED
CVE-2019-14712
	RESERVED
CVE-2019-14711
	RESERVED
CVE-2019-14710
	RESERVED
CVE-2019-14709 (A cleartext password storage issue was discovered on MicroDigital N-se ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14708 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14707 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14706 (A denial of service issue in HTTPD was discovered on MicroDigital N-se ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14705 (An Incorrect Access Control issue was discovered on MicroDigital N-ser ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14704 (An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14703 (A CSRF issue was discovered in webparam?user&amp;action=set&amp;param= ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14702 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14701 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14700 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14699 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14698 (An issue was discovered on MicroDigital N-series cameras with firmware ...)
	NOT-FOR-US: MicroDigital
CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/ind ...)
	NOT-FOR-US: Open-School
CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
	NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cmdguard ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
	[experimental] - adplug 2.3.3+dfsg-1
	- adplug <unfixed> (bug #943927)
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/87
CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...)
	[experimental] - adplug 2.3.3+dfsg-1
	- adplug <unfixed> (bug #943928)
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/86
CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...)
	[experimental] - adplug 2.3.3+dfsg-1
	- adplug <unfixed> (bug #943929)
	[buster] - adplug <no-dsa> (Minor issue)
	[stretch] - adplug <no-dsa> (Minor issue)
	[jessie] - adplug <no-dsa> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/85
CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...)
	- musl 1.1.23-2
	[buster] - musl <no-dsa> (Minor issue)
	[stretch] - musl <no-dsa> (Minor issue)
	[jessie] - musl <no-dsa> (Minor issue)
	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441
	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/1
CVE-2019-14689
	RESERVED
CVE-2019-14688 (Trend Micro has repackaged installers for several Trend Micro products ...)
	NOT-FOR-US: Trend Micro
CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
	NOT-FOR-US: Trend Micro
CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...)
	NOT-FOR-US: Trend Micro
CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro Secur ...)
	NOT-FOR-US: Trend Micro
CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
	NOT-FOR-US: Trend Micro
CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 f ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability tha ...)
	NOT-FOR-US: SAP
CVE-2019-14677
	RESERVED
CVE-2019-14676
	RESERVED
CVE-2019-14675
	RESERVED
CVE-2019-14674
	RESERVED
CVE-2019-14673
	RESERVED
CVE-2019-14672 (Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of fi ...)
	NOT-FOR-US: Firefly
CVE-2019-14671 (Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attac ...)
	NOT-FOR-US: Firefly
CVE-2019-14670 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of fi ...)
	NOT-FOR-US: Firefly
CVE-2019-14669 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of fi ...)
	NOT-FOR-US: Firefly
CVE-2019-14668 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of fi ...)
	NOT-FOR-US: Firefly
CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due t ...)
	NOT-FOR-US: Firefly
CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
	NOT-FOR-US: 6kbbs
CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the ajax/au ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
	- brandy <unfixed> (unimportant; bug #933996)
	NOTE: https://sourceforge.net/p/brandy/bugs/8/
	NOTE: Negligible security impact
CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP encrypted emai ...)
	- enigmail <unfixed>
	[buster] - enigmail <ignored> (Minor issue and too intrusive to backport)
	[stretch] - enigmail <ignored> (Minor issue and too intrusive to backport)
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: https://sourceforge.net/p/enigmail/bugs/984/
CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...)
	- brandy <unfixed> (unimportant; bug #933996)
	NOTE: https://sourceforge.net/p/brandy/bugs/6/
	NOTE: Negligible security impact
CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...)
	- brandy <unfixed> (unimportant; bug #933996)
	NOTE: https://sourceforge.net/p/brandy/bugs/7/
	NOTE: Negligible security impact
CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability in the  ...)
	- linux 4.16.5-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
CVE-2018-20960 (Nespresso Prodigio devices lack Bluetooth connection security. ...)
	NOT-FOR-US: Nespresso Prodigio
CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
	NOT-FOR-US: Jura E8 devices
CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
	NOT-FOR-US: Tapplock devices
CVE-2018-20957 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
	NOT-FOR-US: Tapplock devices
CVE-2018-20956 (Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory re ...)
	NOT-FOR-US: Swann
CVE-2018-20955 (Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to ...)
	NOT-FOR-US: Swann
CVE-2017-18485 (Cognitoys Dino devices allow profiles_add.html CSRF. ...)
	NOT-FOR-US: Cognitoys Dino
CVE-2017-18484 (Cognitoys Dino devices allow XSS via the SSID. ...)
	NOT-FOR-US: Cognitoys Dino
CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10863 (Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with  ...)
	NOT-FOR-US: Edimax
CVE-2019-14661
	RESERVED
CVE-2019-14660
	RESERVED
CVE-2019-14659
	REJECTED
CVE-2019-14658
	RESERVED
CVE-2019-14657 (Yealink phones through 2019-08-04 have an issue with OpenVPN file uplo ...)
	NOT-FOR-US: Yealink
CVE-2019-14656 (Yealink phones through 2019-08-04 do not properly check user roles in  ...)
	NOT-FOR-US: Yealink
CVE-2019-14655
	REJECTED
CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
	NOT-FOR-US: Joomla!
CVE-2018-20954 (The "Security and Privacy" Encryption feature in Mailpile before 1.0.0 ...)
	NOT-FOR-US: Mailpile
CVE-2019-XXXX [Buffer overflow during processing of large server replies]
	- pump <removed> (bug #933674)
	[jessie] - pump 0.8.24-7+deb8u1
CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...)
	NOT-FOR-US: pandao Editor.md
CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explor ...)
	NOT-FOR-US: Amazon AWS JavaScript S3 Explorer
CVE-2019-14651
	RESERVED
CVE-2019-14650
	RESERVED
CVE-2019-14649
	RESERVED
CVE-2019-14648
	RESERVED
CVE-2019-14647
	RESERVED
CVE-2019-14646
	RESERVED
CVE-2019-14645
	RESERVED
CVE-2019-14644
	RESERVED
CVE-2019-14643
	RESERVED
CVE-2019-14642
	RESERVED
CVE-2019-14641
	RESERVED
CVE-2019-14640
	RESERVED
CVE-2019-14639
	RESERVED
CVE-2019-14638
	RESERVED
CVE-2019-14637
	RESERVED
CVE-2019-14636
	RESERVED
CVE-2019-14635
	RESERVED
CVE-2019-14634
	RESERVED
CVE-2019-14633
	RESERVED
CVE-2019-14632
	RESERVED
CVE-2019-14631
	RESERVED
CVE-2019-14630
	RESERVED
CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...)
	NOT-FOR-US: Intel
CVE-2019-14628
	RESERVED
CVE-2019-14627
	RESERVED
CVE-2019-14626 (Improper access control in PCIe function for the Intel&#174; FPGA Prog ...)
	NOT-FOR-US: Intel
CVE-2019-14625 (Improper access control in on-card storage for the Intel&#174; FPGA Pr ...)
	NOT-FOR-US: Intel
CVE-2019-14624
	RESERVED
CVE-2019-14623
	RESERVED
CVE-2019-14622
	RESERVED
CVE-2019-14621
	RESERVED
CVE-2019-14620
	RESERVED
CVE-2019-14619
	RESERVED
CVE-2019-14618
	RESERVED
CVE-2019-14617
	RESERVED
CVE-2019-14616
	RESERVED
CVE-2019-14615 (Insufficient control flow in certain data structures for some Intel(R) ...)
	{DLA-2114-1}
	- linux 5.4.13-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	[jessie] - linux <not-affected> (Driver doesn't support this hardware)
	NOTE: https://git.kernel.org/linus/bc8a76a152c5f9ef3b48104154a65a68a8b76946
CVE-2019-14614
	RESERVED
CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...)
	NOT-FOR-US: Intel
CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
	NOT-FOR-US: Intel
CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...)
	NOT-FOR-US: Intel
CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may allow an a ...)
	NOT-FOR-US: Intel
CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may allow a  ...)
	NOT-FOR-US: Intel
CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...)
	NOT-FOR-US: Intel
CVE-2019-14607 (Improper conditions check in multiple Intel&#174; Processors may allow ...)
	{DSA-4565-2}
	- intel-microcode 3.20191115.1
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
CVE-2019-14606
	RESERVED
CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS Platform Di ...)
	NOT-FOR-US: Intel
CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for Intel(R) Quartu ...)
	NOT-FOR-US: Intel
CVE-2019-14603 (Improper permissions in the installer for the License Server software  ...)
	NOT-FOR-US: Intel
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...)
	NOT-FOR-US: Nuvoton* CIR Driver
CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...)
	NOT-FOR-US: Intel
CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...)
	NOT-FOR-US: Intel
CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier  ...)
	NOT-FOR-US: Intel
CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions 12.0 th ...)
	NOT-FOR-US: Intel
CVE-2019-14597
	RESERVED
CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...)
	NOT-FOR-US: Intel
CVE-2019-14595
	RESERVED
CVE-2019-14594
	RESERVED
CVE-2019-14593
	RESERVED
CVE-2019-14592
	RESERVED
CVE-2019-14591 (Improper input validation in the API for Intel(R) Graphics Driver vers ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14590 (Improper access control in the API for the Intel(R) Graphics Driver ve ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14589
	RESERVED
CVE-2019-14588
	RESERVED
CVE-2019-14587
	RESERVED
	- edk2 0~20200229.4c0f6e34-1
	[buster] - edk2 0~20181115.85588389-3+deb10u1
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14586
	RESERVED
	- edk2 0~20200229.4c0f6e34-1
	[buster] - edk2 0~20181115.85588389-3+deb10u1
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14585
	RESERVED
CVE-2019-14584
	RESERVED
CVE-2019-14583
	RESERVED
CVE-2019-14582
	RESERVED
CVE-2019-14581
	RESERVED
CVE-2019-14580
	RESERVED
CVE-2019-14579
	RESERVED
CVE-2019-14578
	RESERVED
CVE-2019-14577
	RESERVED
CVE-2019-14576
	RESERVED
CVE-2019-14575 [DxeImageVerificationHandler() fails open in case of dbx signature check]
	RESERVED
	- edk2 0~20200229.4c0f6e34-1 (low; bug #952935)
	[buster] - edk2 0~20181115.85588389-3+deb10u1
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14573
	RESERVED
CVE-2019-14572
	RESERVED
CVE-2019-14571
	RESERVED
CVE-2019-14570 (Memory corruption in system firmware for Intel(R) NUC may allow a priv ...)
	NOT-FOR-US: Intel
CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow a pri ...)
	NOT-FOR-US: Intel
CVE-2019-14568 (Improper permissions in the executable for Intel(R) RST before version ...)
	NOT-FOR-US: Intel
CVE-2019-14567
	RESERVED
CVE-2019-14566 (Insufficient input validation in Intel(R) SGX SDK multiple Linux and W ...)
	NOT-FOR-US: Intel
CVE-2019-14565 (Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.1 ...)
	NOT-FOR-US: Intel
CVE-2019-14564
	RESERVED
CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib]
	RESERVED
	- edk2 0~20200229.4c0f6e34-1 (low; bug #952934)
	[buster] - edk2 0~20181115.85588389-3+deb10u1
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
CVE-2019-14562
	RESERVED
CVE-2019-14561
	RESERVED
CVE-2019-14560
	RESERVED
CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
	RESERVED
	- edk2 0~20200229.4c0f6e34-1 (bug #952926; low)
	[buster] - edk2 0~20181115.85588389-3+deb10u1
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
CVE-2019-14558
	RESERVED
	- edk2 0~20200229.4c0f6e34-1
	[buster] - edk2 0~20181115.85588389-3+deb10u1
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14557
	RESERVED
CVE-2019-14556
	RESERVED
CVE-2019-14555
	RESERVED
CVE-2019-14554
	RESERVED
CVE-2019-14553 [invalid server certificate accepted in HTTPS-over-IPv6 boot]
	RESERVED
	- edk2 0~20190828.37eef910-4 (unimportant; bug #941775)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1758518
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=960
	NOTE: unimportant, as Debian builds do not enable HTTPSBOOT (via
	NOTE: -DNETWORK_TLS_ENABLE=TRUE).
CVE-2019-14552
	RESERVED
CVE-2017-18509 (An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before ...)
	{DSA-4497-1 DLA-1885-1 DLA-1884-1}
	- linux 4.11.6-1
	NOTE: https://git.kernel.org/linus/99253eb750fda6a644d5188fb26c43bad8d5a745
	NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on  ...)
	NOT-FOR-US: Das Keyboard Q
CVE-2019-14550 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14549 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14548 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the bod ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14547 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14546 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14545
	RESERVED
CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...)
	NOT-FOR-US: Go Git Service
CVE-2019-14543
	RESERVED
CVE-2019-14542
	RESERVED
CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...)
	- gnucobol 3.0~rc1-2 (low; bug #933884)
	[buster] - gnucobol <ignored> (Minor issue)
	- open-cobol <removed>
	[stretch] - open-cobol <ignored> (Minor issue)
	[jessie] - open-cobol <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DSA-4542-1 DLA-1943-1}
	- jackson-databind 2.10.0-1 (bug #940498)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2410
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2449
	NOTE: https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de
CVE-2019-14539
	RESERVED
CVE-2019-14538
	RESERVED
CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerability in t ...)
	NOT-FOR-US: YOURLS
CVE-2019-14536
	RESERVED
CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a  ...)
	NOT-FOR-US: ANNKE SP1 HD wireless camera devices
CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for the root ...)
	NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
	NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2019-14535 (A divide-by-zero error exists in the SeekIndex function of demux/asf/a ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14534 (In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer derefere ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14533 (The Control function of demux/asf/asf.c in VideoLAN VLC media player 3 ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...)
	- sleuthkit <unfixed> (unimportant)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1575
	NOTE: Negligible security impact
CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ...)
	- sleuthkit <unfixed> (unimportant)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576
	NOTE: Negligible security impact
CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before  ...)
	NOT-FOR-US: OpenEMR
CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
	NOT-FOR-US: OpenEMR
CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
	- gnucobol 3.0~rc1-2 (low; bug #933884)
	[buster] - gnucobol <ignored> (Minor issue)
	- open-cobol <removed>
	[stretch] - open-cobol <ignored> (Minor issue)
	[jessie] - open-cobol <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/open-cobol/bugs/583/
CVE-2019-14527 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...)
	NOT-FOR-US: NETGEAR
CVE-2019-14526 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...)
	NOT-FOR-US: NETGEAR
CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019. ...)
	NOT-FOR-US: Octopus Deploy
CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
	- schism 2:20190805-1 (bug #933808)
	[buster] - schism <no-dsa> (Minor issue)
	[stretch] - schism <no-dsa> (Minor issue)
	[jessie] - schism <no-dsa> (Minor issue)
	NOTE: https://github.com/schismtracker/schismtracker/issues/201
CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
	- schism 2:20190805-1 (bug #933809)
	[buster] - schism <no-dsa> (Minor issue)
	[stretch] - schism <no-dsa> (Minor issue)
	[jessie] - schism <no-dsa> (Minor issue)
	NOTE: https://github.com/schismtracker/schismtracker/issues/202
CVE-2019-14522
	RESERVED
CVE-2019-14521 (The api/admin/logoupload Logo File upload feature in EMCA Energy Logse ...)
	NOT-FOR-US: EMCA Energy Logserver
CVE-2019-14520
	RESERVED
CVE-2019-14519
	RESERVED
CVE-2019-14518 (** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and ne ...)
	NOT-FOR-US: Evolution CMS
CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javas&amp;#99;ript: string. ...)
	NOT-FOR-US: pandao Editor.md
CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...)
	NOT-FOR-US: mAadhaar application for Android
CVE-2019-14515
	RESERVED
CVE-2019-14514 (An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. ...)
	NOT-FOR-US: Microvirt MEmu
CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...)
	{DLA-1921-1}
	- dnsmasq 2.76-1
	[buster] - dnsmasq <no-dsa> (Minor issue)
	[stretch] - dnsmasq <no-dsa> (Minor issue)
	NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and  ...)
	- sphinxsearch <unfixed> (unimportant; bug #939762)
	NOTE: Issue is just with the default configuration, but can be easily reconfigured
	NOTE: to listen on localhost only. sphinxsearch will not be started automatically
	NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf
	NOTE: starting from a sample.
	NOTE: sphinxsearch should ideally update the defaults in sample configs to bind
	NOTE: listeners to localhost.
	NOTE: This is not treated as a vulnerability, subject to design choices for deployment
CVE-2019-14510 (An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using ...)
	NOT-FOR-US: Kaseya VSA RMM
CVE-2019-14509
	RESERVED
CVE-2019-14508
	REJECTED
CVE-2019-14507
	REJECTED
CVE-2019-14506
	REJECTED
CVE-2019-14505
	REJECTED
CVE-2019-14504
	REJECTED
CVE-2019-14503
	REJECTED
CVE-2019-14502
	REJECTED
CVE-2019-14501
	REJECTED
CVE-2019-14500
	REJECTED
CVE-2019-14499
	REJECTED
CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/caf.c i ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
	{DLA-1961-1}
	- milkytracker 1.02.00+dfsg-2 (bug #933964)
	[buster] - milkytracker <no-dsa> (Minor issue)
	[stretch] - milkytracker <no-dsa> (Minor issue)
	NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
	NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
	{DLA-1961-1}
	- milkytracker 1.02.00+dfsg-2 (bug #933964)
	[buster] - milkytracker <no-dsa> (Minor issue)
	[stretch] - milkytracker <no-dsa> (Minor issue)
	NOTE: https://github.com/milkytracker/MilkyTracker/issues/183
	NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
	- 3proxy <itp> (bug #718219)
CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...)
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (bug #933812)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b224e2f5739fe61de9fa69955d016725b2a4b78d
CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
	[experimental] - opencv 4.1.1+dfsg-1
	- opencv 4.1.2+dfsg-3
	[buster] - opencv <no-dsa> (Minor issue)
	[stretch] - opencv <no-dsa> (Minor issue)
	[jessie] - opencv <postponed> (Minor issue, DoS, PoC not crashing)
	NOTE: https://github.com/opencv/opencv/issues/15127
	NOTE: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023
	NOTE: In older versions of opencv missing NULL pointer check(s) are in
	NOTE: modules/core/src/persistence.cpp (before refactoring).
	TODO: check if the old code though is really affected, might been introduced with the refactoring
CVE-2019-14492 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...)
	[experimental] - opencv 4.1.1+dfsg-1
	- opencv 4.1.2+dfsg-3
	[buster] - opencv <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - opencv <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - opencv <postponed> (Minor issue, DoS, PoC not crashing)
	NOTE: https://github.com/opencv/opencv/issues/15124
	NOTE: https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed
CVE-2019-14491 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...)
	[experimental] - opencv 4.1.1+dfsg-1
	- opencv 4.1.2+dfsg-3
	[buster] - opencv <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - opencv <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - opencv <postponed> (Minor issue, DoS, PoC not crashing)
	NOTE: https://github.com/opencv/opencv/issues/15125
	NOTE: https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed
CVE-2019-14490
	RESERVED
CVE-2019-14489
	RESERVED
CVE-2019-14488
	RESERVED
CVE-2019-14487
	RESERVED
CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...)
	- gnucobol 3.0~rc1-2 (low; bug #933884)
	[buster] - gnucobol <ignored> (Minor issue)
	- open-cobol <removed>
	[stretch] - open-cobol <ignored> (Minor issue)
	[jessie] - open-cobol <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/open-cobol/bugs/582/
CVE-2019-14485
	RESERVED
CVE-2019-14484
	RESERVED
CVE-2019-14483
	RESERVED
CVE-2019-14482
	RESERVED
CVE-2019-14481
	RESERVED
CVE-2019-14480
	RESERVED
CVE-2019-14479
	RESERVED
CVE-2019-14478
	RESERVED
CVE-2019-14477
	RESERVED
CVE-2019-14476
	RESERVED
CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...)
	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...)
	NOT-FOR-US: eQ-3 Homematic CCU3
CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...)
	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...)
	NOT-FOR-US: Zumo
CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...)
	NOT-FOR-US: TestLink
CVE-2019-14470 (cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the  ...)
	NOT-FOR-US: cosenary Instagram-PHP-API
CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated privile ...)
	NOT-FOR-US: Nexus Repository Manager
CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...)
	- gnucobol 3.0~rc1-2 (low; bug #933884)
	[buster] - gnucobol <ignored> (Minor issue)
	- open-cobol <removed>
	[stretch] - open-cobol <ignored> (Minor issue)
	[jessie] - open-cobol <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
	NOT-FOR-US: Social Photo Gallery plugin for WordPress
CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable  ...)
	{DLA-1905-1}
	- gosa 2.7.4+reloaded3-10
	[buster] - gosa 2.7.4+reloaded3-8+deb10u2
	NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix)
	NOTE: https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a (fixing the prev commit)
	NOTE: https://github.com/gosa-project/gosa-core/pull/30#issuecomment-521975100
CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...)
	- schism 2:20190805-1 (bug #933807)
	[buster] - schism <no-dsa> (Minor issue)
	[stretch] - schism <no-dsa> (Minor issue)
	[jessie] - schism <no-dsa> (Minor issue)
	NOTE: https://github.com/schismtracker/schismtracker/issues/198
	NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a  ...)
	{DLA-1961-1}
	- milkytracker 1.02.00+dfsg-2 (bug #933964)
	[buster] - milkytracker <no-dsa> (Minor issue)
	[stretch] - milkytracker <no-dsa> (Minor issue)
	NOTE: https://github.com/milkytracker/MilkyTracker/issues/184
	NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
	- libmodbus 3.1.6-1 (bug #933805)
	[buster] - libmodbus <no-dsa> (Minor issue)
	[stretch] - libmodbus <no-dsa> (Minor issue)
	[jessie] - libmodbus <no-dsa> (Minor issue)
	NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc (3.1.5)
	NOTE: https://github.com/stephane/libmodbus/commit/6f915d4215c06be3c719761423d9b5e8aa3cb820 (3.1.5)
	NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7)
	NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8)
CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
	- libmodbus 3.1.6-1 (bug #933805)
	[buster] - libmodbus <no-dsa> (Minor issue)
	[stretch] - libmodbus <no-dsa> (Minor issue)
	[jessie] - libmodbus <no-dsa> (Minor issue)
	NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc (3.1.5)
	NOTE: https://github.com/stephane/libmodbus/commit/6f915d4215c06be3c719761423d9b5e8aa3cb820 (3.1.5)
	NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7)
	NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8)
CVE-2019-14461
	RESERVED
CVE-2019-14460
	RESERVED
CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
	- nfdump 1.6.18-1 (bug #933740)
	[buster] - nfdump <no-dsa> (Minor issue)
	[stretch] - nfdump <no-dsa> (Minor issue)
	NOTE: https://github.com/phaag/nfdump/issues/171
	NOTE: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
CVE-2019-14458 (VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of ...)
	NOT-FOR-US: VIVOTEK IP Camera devices
CVE-2019-14457 (VIVOTEK IP Camera devices with firmware before 0x20x have a stack-base ...)
	NOT-FOR-US: VIVOTEK IP Camera devices
CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
	NOT-FOR-US: Opengear console server firmware
CVE-2019-14455
	RESERVED
CVE-2019-14454 (SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to  ...)
	NOT-FOR-US: SuiteCRM
CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit  ...)
	NOT-FOR-US: Windu CMS
CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...)
	NOT-FOR-US: Windu CMS
CVE-2019-14453
	RESERVED
CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...)
	NOT-FOR-US: cPanel
CVE-2018-20951 (cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC ...)
	NOT-FOR-US: cPanel
CVE-2018-20950 (cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20949 (cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Incl ...)
	NOT-FOR-US: cPanel
CVE-2018-20948 (cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20947 (cPanel before 68.0.27 allows certain file-write operations via the tel ...)
	NOT-FOR-US: cPanel
CVE-2018-20946 (cPanel before 68.0.27 allows attackers to read zone information becaus ...)
	NOT-FOR-US: cPanel
CVE-2018-20945 (bin/csvprocess in cPanel before 68.0.27 allows insecure file operation ...)
	NOT-FOR-US: cPanel
CVE-2018-20944 (cPanel before 68.0.27 allows attackers to read a copy of httpd.conf th ...)
	NOT-FOR-US: cPanel
CVE-2018-20943 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20942 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20941 (cPanel before 68.0.27 allows arbitrary file-read operations via restor ...)
	NOT-FOR-US: cPanel
CVE-2018-20940 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20939 (cPanel before 68.0.27 allows a user to discover contents of directorie ...)
	NOT-FOR-US: cPanel
CVE-2018-20938 (cPanel before 68.0.27 does not enforce ownership during addpkgext and  ...)
	NOT-FOR-US: cPanel
CVE-2018-20937 (cPanel before 68.0.27 does not validate database and dbuser names duri ...)
	NOT-FOR-US: cPanel
CVE-2018-20936 (cPanel before 68.0.27 allows attackers to read the SRS secret via exim ...)
	NOT-FOR-US: cPanel
CVE-2018-20935 (cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone ...)
	NOT-FOR-US: cPanel
CVE-2018-20934 (cPanel before 70.0.23 does not prevent e-mail account suspensions from ...)
	NOT-FOR-US: cPanel
CVE-2018-20933 (cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20932 (cPanel before 70.0.23 exposes Apache HTTP Server logs after creation o ...)
	NOT-FOR-US: cPanel
CVE-2018-20931 (cPanel before 70.0.23 allows demo accounts to execute code via the Lan ...)
	NOT-FOR-US: cPanel
CVE-2018-20930 (cPanel before 70.0.23 allows .htaccess restrictions bypass when Htacce ...)
	NOT-FOR-US: cPanel
CVE-2018-20929 (cPanel before 70.0.23 allows an open redirect via the /unprotected/red ...)
	NOT-FOR-US: cPanel
CVE-2018-20928 (cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interf ...)
	NOT-FOR-US: cPanel
CVE-2018-20927 (cPanel before 70.0.23 allows jailshell escape because of incorrect cro ...)
	NOT-FOR-US: cPanel
CVE-2018-20926 (cPanel before 70.0.23 allows local privilege escalation via the WHM Lo ...)
	NOT-FOR-US: cPanel
CVE-2018-20925 (cPanel before 70.0.23 allows local privilege escalation via the WHM Le ...)
	NOT-FOR-US: cPanel
CVE-2018-20924 (cPanel before 70.0.23 allows arbitrary file-read and file-unlink opera ...)
	NOT-FOR-US: cPanel
CVE-2018-20923 (cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Reco ...)
	NOT-FOR-US: cPanel
CVE-2018-20922 (cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20921 (cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone"  ...)
	NOT-FOR-US: cPanel
CVE-2018-20920 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...)
	NOT-FOR-US: cPanel
CVE-2018-20919 (cPanel before 70.0.23 allows stored XSS via a WHM Create Account actio ...)
	NOT-FOR-US: cPanel
CVE-2018-20918 (cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). ...)
	NOT-FOR-US: cPanel
CVE-2018-20917 (cPanel before 70.0.23 allows any user to disable Solr (SEC-371). ...)
	NOT-FOR-US: cPanel
CVE-2018-20916 (cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-3 ...)
	NOT-FOR-US: cPanel
CVE-2018-20915 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...)
	NOT-FOR-US: cPanel
CVE-2018-20914 (In cPanel before 70.0.23, OpenID providers can inject arbitrary data i ...)
	NOT-FOR-US: cPanel
CVE-2018-20913 (cPanel before 70.0.23 allows attackers to read the root accesshash via ...)
	NOT-FOR-US: cPanel
CVE-2018-20912 (cPanel before 70.0.23 allows demo accounts to execute code via awstats ...)
	NOT-FOR-US: cPanel
CVE-2018-20911 (cPanel before 70.0.23 allows code execution because "." is in @INC dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20910 (cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity ...)
	NOT-FOR-US: cPanel
CVE-2018-20909 (cPanel before 70.0.23 allows arbitrary file-chmod operations during le ...)
	NOT-FOR-US: cPanel
CVE-2018-20908 (cPanel before 71.9980.37 allows arbitrary file-read operations during  ...)
	NOT-FOR-US: cPanel
CVE-2018-20907 (cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API  ...)
	NOT-FOR-US: cPanel
CVE-2018-20906 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
	NOT-FOR-US: cPanel
CVE-2018-20905 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
	NOT-FOR-US: cPanel
CVE-2018-20904 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
	NOT-FOR-US: cPanel
CVE-2018-20903 (cPanel before 71.9980.37 allows self XSS in the WHM Backup Configurati ...)
	NOT-FOR-US: cPanel
CVE-2018-20902 (cPanel before 71.9980.37 allows attackers to read root's crontab file  ...)
	NOT-FOR-US: cPanel
CVE-2018-20901 (cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme In ...)
	NOT-FOR-US: cPanel
CVE-2018-20900 (cPanel before 71.9980.37 allows stored XSS in the YUM autorepair funct ...)
	NOT-FOR-US: cPanel
CVE-2018-20899 (cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons install ...)
	NOT-FOR-US: cPanel
CVE-2018-20898 (cPanel before 71.9980.37 allows e-mail injection during cPAddons moder ...)
	NOT-FOR-US: cPanel
CVE-2018-20897 (cPanel before 71.9980.37 allows arbitrary file-unlink operations via t ...)
	NOT-FOR-US: cPanel
CVE-2018-20896 (cPanel before 71.9980.37 allows code injection in the WHM cPAddons int ...)
	NOT-FOR-US: cPanel
CVE-2018-20895 (In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs a ...)
	NOT-FOR-US: cPanel
CVE-2018-20894 (cPanel before 74.0.0 makes web-site contents accessible to other local ...)
	NOT-FOR-US: cPanel
CVE-2018-20893 (cPanel before 74.0.0 allows file-rename operations during account rena ...)
	NOT-FOR-US: cPanel
CVE-2018-20892 (cPanel before 74.0.0 allows arbitrary zone file modifications because  ...)
	NOT-FOR-US: cPanel
CVE-2018-20891 (cPanel before 74.0.0 allows arbitrary file-read operations during File ...)
	NOT-FOR-US: cPanel
CVE-2018-20890 (cPanel before 74.0.0 allows arbitrary zone file modifications during r ...)
	NOT-FOR-US: cPanel
CVE-2018-20889 (cPanel before 74.0.0 allows certain file-read operations via password  ...)
	NOT-FOR-US: cPanel
CVE-2018-20888 (cPanel before 74.0.0 allows file modification in the context of the ro ...)
	NOT-FOR-US: cPanel
CVE-2018-20887 (cPanel before 74.0.0 allows SQL injection during database backups (SEC ...)
	NOT-FOR-US: cPanel
CVE-2018-20886 (cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-4 ...)
	NOT-FOR-US: cPanel
CVE-2018-20885 (cPanel before 74.0.0 allows Apache HTTP Server configuration injection ...)
	NOT-FOR-US: cPanel
CVE-2018-20884 (cPanel before 74.0.0 allows stored XSS in the WHM File Restoration int ...)
	NOT-FOR-US: cPanel
CVE-2018-20883 (cPanel before 74.0.8 allows FTP access during account suspension (SEC- ...)
	NOT-FOR-US: cPanel
CVE-2018-20882 (cPanel before 74.0.8 allows arbitrary file-write operations in the con ...)
	NOT-FOR-US: cPanel
CVE-2018-20881 (cPanel before 74.0.8 allows self stored XSS on the Security Questions  ...)
	NOT-FOR-US: cPanel
CVE-2018-20880 (cPanel before 74.0.8 mishandles account suspension because of an inval ...)
	NOT-FOR-US: cPanel
CVE-2018-20879 (cPanel before 74.0.8 allows demo accounts to execute arbitrary code vi ...)
	NOT-FOR-US: cPanel
CVE-2018-20878 (cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Rest ...)
	NOT-FOR-US: cPanel
CVE-2018-20877 (cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20876 (cPanel before 74.0.8 allows self XSS in the Site Software Moderation i ...)
	NOT-FOR-US: cPanel
CVE-2018-20875 (cPanel before 74.0.8 allows self XSS in the WHM Security Questions int ...)
	NOT-FOR-US: cPanel
CVE-2018-20874 (cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" ...)
	NOT-FOR-US: cPanel
CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV daemon ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or  ...)
	NOT-FOR-US: DrayTek routers
CVE-2017-18482 (cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_ ...)
	NOT-FOR-US: cPanel
CVE-2017-18481 (cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension L ...)
	NOT-FOR-US: cPanel
CVE-2017-18480 (cPanel before 62.0.4 does not enforce account ownership for has_mycnf_ ...)
	NOT-FOR-US: cPanel
CVE-2017-18479 (In cPanel before 62.0.4, WHM SSL certificate generation uses an unrese ...)
	NOT-FOR-US: cPanel
CVE-2017-18478 (In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api fo ...)
	NOT-FOR-US: cPanel
CVE-2017-18477 (In cPanel before 62.0.4, Exim transports could execute in the context  ...)
	NOT-FOR-US: cPanel
CVE-2017-18476 (Leech Protect in cPanel before 62.0.4 does not protect certain directo ...)
	NOT-FOR-US: cPanel
CVE-2017-18475 (In cPanel before 62.0.4, Exim piped filters ran in the context of an i ...)
	NOT-FOR-US: cPanel
CVE-2017-18474 (cPanel before 62.0.4 allows arbitrary file-read operations via Exim va ...)
	NOT-FOR-US: cPanel
CVE-2017-18473 (cPanel before 62.0.4 allows self XSS on the webmail Password and Secur ...)
	NOT-FOR-US: cPanel
CVE-2017-18472 (cPanel before 62.0.4 allows reflected XSS in reset-password interfaces ...)
	NOT-FOR-US: cPanel
CVE-2017-18471 (cPanel before 62.0.4 allows self XSS on the paper_lantern password-cha ...)
	NOT-FOR-US: cPanel
CVE-2017-18470 (cPanel before 62.0.4 has a fixed password for the Munin MySQL test acc ...)
	NOT-FOR-US: cPanel
CVE-2017-18469 (cPanel before 62.0.17 allows demo accounts to execute code via an NVDa ...)
	NOT-FOR-US: cPanel
CVE-2017-18468 (cPanel before 62.0.17 allows demo accounts to execute code via the Hta ...)
	NOT-FOR-US: cPanel
CVE-2017-18467 (cPanel before 62.0.17 allows access to restricted resources because of ...)
	NOT-FOR-US: cPanel
CVE-2017-18466 (cPanel before 62.0.17 does not properly recognize domain ownership dur ...)
	NOT-FOR-US: cPanel
CVE-2017-18465 (cPanel before 62.0.17 does not have a sufficient list of reserved user ...)
	NOT-FOR-US: cPanel
CVE-2017-18464 (cPanel before 62.0.17 allows arbitrary file-overwrite operations via t ...)
	NOT-FOR-US: cPanel
CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
	NOT-FOR-US: cPanel
CVE-2017-18462 (cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based ...)
	NOT-FOR-US: cPanel
CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
	NOT-FOR-US: cPanel
CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
	NOT-FOR-US: cPanel
CVE-2017-18459 (cPanel before 62.0.17 allows arbitrary code execution during account m ...)
	NOT-FOR-US: cPanel
CVE-2017-18458 (cPanel before 62.0.17 allows file overwrite when renaming an account ( ...)
	NOT-FOR-US: cPanel
CVE-2017-18457 (cPanel before 62.0.17 allows arbitrary file-read operations via WHM /s ...)
	NOT-FOR-US: cPanel
CVE-2017-18456 (cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity ...)
	NOT-FOR-US: cPanel
CVE-2017-18455 (In cPanel before 62.0.17, addon domain conversion did not require a pa ...)
	NOT-FOR-US: cPanel
CVE-2017-18454 (cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install in ...)
	NOT-FOR-US: cPanel
CVE-2017-18453 (cPanel before 64.0.21 does not preserve supplemental groups across acc ...)
	NOT-FOR-US: cPanel
CVE-2017-18452 (cPanel before 64.0.21 allows code execution via Rails configuration fi ...)
	NOT-FOR-US: cPanel
CVE-2017-18451 (cPanel before 64.0.21 allows attackers to read a user's crontab file d ...)
	NOT-FOR-US: cPanel
CVE-2017-18450 (cPanel before 64.0.21 allows certain file-chmod operations via /script ...)
	NOT-FOR-US: cPanel
CVE-2017-18449 (cPanel before 64.0.21 allows certain file-rename operations in the con ...)
	NOT-FOR-US: cPanel
CVE-2017-18448 (cPanel before 64.0.21 allows certain file-read operations via a Server ...)
	NOT-FOR-US: cPanel
CVE-2017-18447 (cPanel before 64.0.21 allows demo accounts to execute code via the Cla ...)
	NOT-FOR-US: cPanel
CVE-2017-18446 (cPanel before 64.0.21 allows file-read and file-write operations for d ...)
	NOT-FOR-US: cPanel
CVE-2017-18445 (cPanel before 64.0.21 does not enforce demo restrictions for SSL API c ...)
	NOT-FOR-US: cPanel
CVE-2017-18444 (cPanel before 64.0.21 allows demo accounts to execute SSH API commands ...)
	NOT-FOR-US: cPanel
CVE-2017-18443 (cPanel before 64.0.21 allows demo and suspended accounts to use SSH po ...)
	NOT-FOR-US: cPanel
CVE-2017-18442 (cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI AP ...)
	NOT-FOR-US: cPanel
CVE-2017-18441 (cPanel before 64.0.21 allows demo accounts to redirect web traffic (SE ...)
	NOT-FOR-US: cPanel
CVE-2017-18440 (cPanel before 64.0.21 allows demo users to execute traceroute via api2 ...)
	NOT-FOR-US: cPanel
CVE-2017-18439 (cPanel before 64.0.21 allows demo accounts to execute code via an Imag ...)
	NOT-FOR-US: cPanel
CVE-2017-18438 (cPanel before 64.0.21 allows demo accounts to execute code via Encodin ...)
	NOT-FOR-US: cPanel
CVE-2017-18437 (cPanel before 64.0.21 allows a Webmail account to execute code via for ...)
	NOT-FOR-US: cPanel
CVE-2017-18436 (cPanel before 64.0.21 allows demo accounts to read files via a Fileman ...)
	NOT-FOR-US: cPanel
CVE-2017-18435 (cPanel before 64.0.21 allows demo accounts to execute code via the Box ...)
	NOT-FOR-US: cPanel
CVE-2017-18434 (cPanel before 64.0.21 allows code execution in the context of the root ...)
	NOT-FOR-US: cPanel
CVE-2017-18433 (cPanel before 64.0.21 allows code execution by webmail and demo accoun ...)
	NOT-FOR-US: cPanel
CVE-2017-18432 (In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a  ...)
	NOT-FOR-US: cPanel
CVE-2017-18431 (cPanel before 66.0.1 does not reliably perform suspend/unsuspend opera ...)
	NOT-FOR-US: cPanel
CVE-2017-18430 (In cPanel before 66.0.2, user and group ownership may be incorrectly s ...)
	NOT-FOR-US: cPanel
CVE-2017-18429 (In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persis ...)
	NOT-FOR-US: cPanel
CVE-2017-18428 (In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily ...)
	NOT-FOR-US: cPanel
CVE-2017-18427 (In cPanel before 66.0.2, weak log-file permissions can occur after acc ...)
	NOT-FOR-US: cPanel
CVE-2017-18426 (cPanel before 66.0.2 allows resellers to read other accounts' domain l ...)
	NOT-FOR-US: cPanel
CVE-2017-18425 (In cPanel before 66.0.2, the cpdavd_error_log file can be created with ...)
	NOT-FOR-US: cPanel
CVE-2017-18424 (In cPanel before 66.0.2, the Apache HTTP Server configuration file is  ...)
	NOT-FOR-US: cPanel
CVE-2017-18423 (In cPanel before 66.0.2, domain log files become readable after log pr ...)
	NOT-FOR-US: cPanel
CVE-2017-18422 (In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog owne ...)
	NOT-FOR-US: cPanel
CVE-2017-18421 (cPanel before 66.0.2 allows demo accounts to create databases and user ...)
	NOT-FOR-US: cPanel
CVE-2017-18420 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing  ...)
	NOT-FOR-US: cPanel
CVE-2017-18419 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallat ...)
	NOT-FOR-US: cPanel
CVE-2017-18418 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operat ...)
	NOT-FOR-US: cPanel
CVE-2017-18417 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons installatio ...)
	NOT-FOR-US: cPanel
CVE-2017-18416 (cPanel before 67.9999.103 allows arbitrary file-overwrite operations d ...)
	NOT-FOR-US: cPanel
CVE-2017-18415 (cPanel before 67.9999.103 allows code execution in the context of the  ...)
	NOT-FOR-US: cPanel
CVE-2017-18414 (cPanel before 67.9999.103 allows an open redirect in /unprotected/redi ...)
	NOT-FOR-US: cPanel
CVE-2017-18413 (In cPanel before 67.9999.103, the backup system overwrites root's home ...)
	NOT-FOR-US: cPanel
CVE-2017-18412 (cPanel before 67.9999.103 allows Apache HTTP Server log files to becom ...)
	NOT-FOR-US: cPanel
CVE-2017-18411 (The "addon domain conversion" feature in cPanel before 67.9999.103 can ...)
	NOT-FOR-US: cPanel
CVE-2017-18410 (In cPanel before 67.9999.103, a user account's backup archive could co ...)
	NOT-FOR-US: cPanel
CVE-2017-18409 (In cPanel before 67.9999.103, the backup interface could return a back ...)
	NOT-FOR-US: cPanel
CVE-2017-18408 (cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Chan ...)
	NOT-FOR-US: cPanel
CVE-2017-18407 (cPanel before 67.9999.103 does not enforce SSL hostname verification f ...)
	NOT-FOR-US: cPanel
CVE-2017-18406 (cPanel before 67.9999.103 allows SQL injection during eximstats proces ...)
	NOT-FOR-US: cPanel
CVE-2017-18405 (cPanel before 68.0.15 allows arbitrary file-read operations because of ...)
	NOT-FOR-US: cPanel
CVE-2017-18404 (cPanel before 68.0.15 allows domain data to be deleted for domains wit ...)
	NOT-FOR-US: cPanel
CVE-2017-18403 (cPanel before 68.0.15 allows code execution in the context of the nobo ...)
	NOT-FOR-US: cPanel
CVE-2017-18402 (cPanel before 68.0.15 allows stored XSS during a cpaddons moderated up ...)
	NOT-FOR-US: cPanel
CVE-2017-18401 (cPanel before 68.0.15 allows user accounts to be partially created wit ...)
	NOT-FOR-US: cPanel
CVE-2017-18400 (cPanel before 68.0.15 allows local root code execution via cpdavd (SEC ...)
	NOT-FOR-US: cPanel
CVE-2017-18399 (cPanel before 68.0.15 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2017-18398 (DnsUtils in cPanel before 68.0.15 allows zone creation for hostname an ...)
	NOT-FOR-US: cPanel
CVE-2017-18397 (cPanel before 68.0.15 does not preserve permissions for local backup t ...)
	NOT-FOR-US: cPanel
CVE-2017-18396 (cPanel before 68.0.15 allows arbitrary file-read operations via Exim v ...)
	NOT-FOR-US: cPanel
CVE-2017-18395 (cPanel before 68.0.15 does not block a username of ssl (SEC-328). ...)
	NOT-FOR-US: cPanel
CVE-2017-18394 (cPanel before 68.0.15 does not have a sufficient list of reserved user ...)
	NOT-FOR-US: cPanel
CVE-2017-18393 (cPanel before 68.0.15 does not block a username of postmaster, which m ...)
	NOT-FOR-US: cPanel
CVE-2017-18392 (cPanel before 68.0.15 allows collisions because PostgreSQL databases c ...)
	NOT-FOR-US: cPanel
CVE-2017-18391 (cPanel before 68.0.15 allows attackers to read backup files because th ...)
	NOT-FOR-US: cPanel
CVE-2017-18390 (cPanel before 68.0.15 allows code execution in the context of the root ...)
	NOT-FOR-US: cPanel
CVE-2017-18389 (cPanel before 68.0.15 allows string format injection in dovecot-xaps-p ...)
	NOT-FOR-US: cPanel
CVE-2017-18388 (cPanel before 68.0.15 can perform unsafe file operations because Jails ...)
	NOT-FOR-US: cPanel
CVE-2017-18387 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
	NOT-FOR-US: cPanel
CVE-2017-18386 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
	NOT-FOR-US: cPanel
CVE-2017-18385 (cPanel before 68.0.15 allows unprivileged users to access restricted d ...)
	NOT-FOR-US: cPanel
CVE-2017-18384 (cPanel before 68.0.15 allows jailed accounts to restore files that are ...)
	NOT-FOR-US: cPanel
CVE-2017-18383 (cPanel before 68.0.15 writes home-directory backups to an incorrect lo ...)
	NOT-FOR-US: cPanel
CVE-2017-18382 (cPanel before 68.0.15 allows use of an unreserved e-mail address in DN ...)
	NOT-FOR-US: cPanel
CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the  ...)
	NOT-FOR-US: cPanel
CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...)
	NOT-FOR-US: cPanel
CVE-2016-10858 (cPanel before 11.54.0.0 allows unauthenticated arbitrary code executio ...)
	NOT-FOR-US: cPanel
CVE-2016-10857 (cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (S ...)
	NOT-FOR-US: cPanel
CVE-2016-10856 (cPanel before 11.54.0.0 allows subaccounts to discover sensitive data  ...)
	NOT-FOR-US: cPanel
CVE-2016-10855 (cPanel before 11.54.0.4 allows unauthenticated arbitrary code executio ...)
	NOT-FOR-US: cPanel
CVE-2016-10854 (cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner inter ...)
	NOT-FOR-US: cPanel
CVE-2016-10853 (cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager i ...)
	NOT-FOR-US: cPanel
CVE-2016-10852 (cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsyst ...)
	NOT-FOR-US: cPanel
CVE-2016-10851 (cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration e ...)
	NOT-FOR-US: cPanel
CVE-2016-10850 (cPanel before 11.54.0.4 allows arbitrary code execution via scripts/sy ...)
	NOT-FOR-US: cPanel
CVE-2016-10849 (cPanel before 11.54.0.4 allows certain file-chmod operations in script ...)
	NOT-FOR-US: cPanel
CVE-2016-10848 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in  ...)
	NOT-FOR-US: cPanel
CVE-2016-10847 (cPanel before 11.54.0.4 allows arbitrary file-read and file-write oper ...)
	NOT-FOR-US: cPanel
CVE-2016-10846 (cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod ope ...)
	NOT-FOR-US: cPanel
CVE-2016-10845 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in  ...)
	NOT-FOR-US: cPanel
CVE-2016-10844 (The chcpass script in cPanel before 11.54.0.4 reveals a password hash  ...)
	NOT-FOR-US: cPanel
CVE-2016-10843 (cPanel before 11.54.0.4 allows code execution in the context of shared ...)
	NOT-FOR-US: cPanel
CVE-2016-10842 (cPanel before 11.54.0.4 allows certain file-read operations in bin/set ...)
	NOT-FOR-US: cPanel
CVE-2016-10841 (The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses pas ...)
	NOT-FOR-US: cPanel
CVE-2016-10840 (cPanel before 11.54.0.4 allows arbitrary code execution during locale  ...)
	NOT-FOR-US: cPanel
CVE-2016-10839 (cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usern ...)
	NOT-FOR-US: cPanel
CVE-2016-10838 (cPanel before 11.54.0.4 allows arbitrary file-read operations via the  ...)
	NOT-FOR-US: cPanel
CVE-2016-10837 (cPanel before 11.54.0.4 allows arbitrary code execution because of an  ...)
	NOT-FOR-US: cPanel
CVE-2016-10836 (cPanel before 55.9999.141 allows arbitrary file-read operations during ...)
	NOT-FOR-US: cPanel
CVE-2016-10835 (cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account  ...)
	NOT-FOR-US: cPanel
CVE-2016-10834 (cPanel before 55.9999.141 allows account-suspension bypass via ftp (SE ...)
	NOT-FOR-US: cPanel
CVE-2016-10833 (cPanel before 55.9999.141 mishandles username-based blocking for PRE r ...)
	NOT-FOR-US: cPanel
CVE-2016-10832 (cPanel before 55.9999.141 allows FTP cPHulk bypass via account name mu ...)
	NOT-FOR-US: cPanel
CVE-2016-10831 (cPanel before 55.9999.141 does not perform as two-factor authenticatio ...)
	NOT-FOR-US: cPanel
CVE-2016-10830 (cPanel before 55.9999.141 allows ACL bypass for AppConfig applications ...)
	NOT-FOR-US: cPanel
CVE-2016-10829 (cPanel before 55.9999.141 allows arbitrary file-read operations becaus ...)
	NOT-FOR-US: cPanel
CVE-2016-10828 (cPanel before 55.9999.141 allows arbitrary code execution because of a ...)
	NOT-FOR-US: cPanel
CVE-2016-10827 (cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Ma ...)
	NOT-FOR-US: cPanel
CVE-2016-10826 (cPanel before 55.9999.141 allows attackers to bypass Two Factor Authen ...)
	NOT-FOR-US: cPanel
CVE-2016-10825 (cPanel before 55.9999.141 allows attackers to bypass a Security Policy ...)
	NOT-FOR-US: cPanel
CVE-2016-10824 (cPanel before 55.9999.141 allows unauthenticated arbitrary code execut ...)
	NOT-FOR-US: cPanel
CVE-2016-10823 (cPanel before 55.9999.141 allows arbitrary code execution in the conte ...)
	NOT-FOR-US: cPanel
CVE-2016-10822 (cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Imag ...)
	NOT-FOR-US: cPanel
CVE-2016-10821 (In cPanel before 55.9999.141, Scripts/addpop reveals a command-line pa ...)
	NOT-FOR-US: cPanel
CVE-2016-10820 (cPanel before 55.9999.141 allows daemons to access their controlling T ...)
	NOT-FOR-US: cPanel
CVE-2016-10819 (In cPanel before 57.9999.54, user log files become world-readable when ...)
	NOT-FOR-US: cPanel
CVE-2016-10818 (cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsa ...)
	NOT-FOR-US: cPanel
CVE-2016-10817 (cPanel before 57.9999.54 allows SQL Injection via the ModSecurity Tail ...)
	NOT-FOR-US: cPanel
CVE-2016-10816 (cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary  ...)
	NOT-FOR-US: cPanel
CVE-2016-10815 (cPanel before 57.9999.54 allows arbitrary file-read operations for Web ...)
	NOT-FOR-US: cPanel
CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_template.sto ...)
	NOT-FOR-US: cPanel
CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...)
	NOT-FOR-US: cPanel
CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...)
	NOT-FOR-US: cPanel
CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...)
	NOT-FOR-US: cPanel
CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY  ...)
	NOT-FOR-US: cPanel
CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to  ...)
	NOT-FOR-US: cPanel
CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...)
	NOT-FOR-US: cPanel
CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...)
	NOT-FOR-US: cPanel
CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing  ...)
	NOT-FOR-US: cPanel
CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...)
	NOT-FOR-US: cPanel
CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...)
	NOT-FOR-US: cPanel
CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...)
	NOT-FOR-US: cPanel
CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...)
	NOT-FOR-US: cPanel
CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...)
	NOT-FOR-US: cPanel
CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...)
	NOT-FOR-US: cPanel
CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP  ...)
	NOT-FOR-US: cPanel
CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...)
	NOT-FOR-US: cPanel
CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...)
	NOT-FOR-US: cPanel
CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...)
	NOT-FOR-US: cPanel
CVE-2016-10795 (cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi  ...)
	NOT-FOR-US: cPanel
CVE-2016-10794 (cPanel before 59.9999.145 allows arbitrary file-read operations becaus ...)
	NOT-FOR-US: cPanel
CVE-2016-10793 (cPanel before 59.9999.145 allows arbitrary code execution due to an in ...)
	NOT-FOR-US: cPanel
CVE-2016-10792 (cPanel before 59.9999.145 allows code execution in the context of othe ...)
	NOT-FOR-US: cPanel
CVE-2016-10791 (cPanel before 60.0.15 does not ensure that system accounts lack a vali ...)
	NOT-FOR-US: cPanel
CVE-2016-10790 (cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpa ...)
	NOT-FOR-US: cPanel
CVE-2016-10789 (cPanel before 60.0.25 allows code execution via the cpsrvd 403 error r ...)
	NOT-FOR-US: cPanel
CVE-2016-10788 (cPanel before 60.0.25 allows arbitrary code execution via Maketext in  ...)
	NOT-FOR-US: cPanel
CVE-2016-10787 (The Host Access Control feature in cPanel before 60.0.25 mishandles ac ...)
	NOT-FOR-US: cPanel
CVE-2016-10786 (cPanel before 60.0.25 allows members of the nobody group to read Apach ...)
	NOT-FOR-US: cPanel
CVE-2016-10785 (cPanel before 60.0.25 allows attackers to discover file contents durin ...)
	NOT-FOR-US: cPanel
CVE-2016-10784 (cPanel before 60.0.25 allows self XSS in the alias upload interface (S ...)
	NOT-FOR-US: cPanel
CVE-2016-10783 (cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182) ...)
	NOT-FOR-US: cPanel
CVE-2016-10782 (cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs  ...)
	NOT-FOR-US: cPanel
CVE-2016-10781 (cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). ...)
	NOT-FOR-US: cPanel
CVE-2016-10780 (cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-1 ...)
	NOT-FOR-US: cPanel
CVE-2016-10779 (cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SE ...)
	NOT-FOR-US: cPanel
CVE-2016-10778 (cPanel before 60.0.25 allows self stored XSS in the listftpstable API  ...)
	NOT-FOR-US: cPanel
CVE-2016-10777 (cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodi ...)
	NOT-FOR-US: cPanel
CVE-2016-10776 (cPanel before 60.0.25 allows stored XSS during the homedir removal pha ...)
	NOT-FOR-US: cPanel
CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
	NOT-FOR-US: cPanel
CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)
	NOT-FOR-US: cPanel
CVE-2016-10773 (cPanel before 60.0.25 allows format-string injection in exception-mess ...)
	NOT-FOR-US: cPanel
CVE-2016-10772 (cPanel before 60.0.25 does not enforce feature-list restrictions when  ...)
	NOT-FOR-US: cPanel
CVE-2016-10771 (cPanel before 60.0.25 allows file-create and file-chmod operations dur ...)
	NOT-FOR-US: cPanel
CVE-2016-10770 (cPanel before 60.0.25 allows arbitrary file-overwrite operations durin ...)
	NOT-FOR-US: cPanel
CVE-2016-10769 (cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-cl ...)
	NOT-FOR-US: cPanel
CVE-2016-10768 (cPanel before 60.0.25 allows file-overwrite operations during preparat ...)
	NOT-FOR-US: cPanel
CVE-2016-10767 (cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Perm ...)
	NOT-FOR-US: cPanel
CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...)
	NOT-FOR-US: cPanel
CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
	- sigil 0.9.16+dfsg-1 (bug #933797)
	[buster] - sigil <no-dsa> (Minor issue)
	[stretch] - sigil <no-dsa> (Minor issue)
	NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4
	NOTE: https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f
	NOTE: https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not proper ...)
	NOT-FOR-US: Repetier-Server
CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...)
	NOT-FOR-US: Repetier-Server
CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x b ...)
	NOT-FOR-US: Cloudera
CVE-2019-14448
	RESERVED
CVE-2019-14447
	RESERVED
CVE-2019-14446
	RESERVED
CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...)
	NOT-FOR-US: SAS Drug Development (SDD)
CVE-2019-14445
	RESERVED
CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...)
	- binutils 2.32.51.20190813-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24829
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
	NOTE: binutils not covered by security support
CVE-2019-14443 (An issue was discovered in Libav 12.3. Division by zero in range_decod ...)
	{DLA-2021-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c1
CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file ...)
	{DLA-1907-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1159
CVE-2019-14441 (** DISPUTED ** An issue was discovered in Libav 12.3. An access violat ...)
	- libav <removed>
	[jessie] - libav <postponed> (cf. CVE-2018-19129)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
	NOTE: Duplicate of CVE-2018-19129
CVE-2019-14440
	RESERVED
CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DSA-4542-1 DLA-1879-1}
	- jackson-databind 2.9.9.3-1 (bug #933393)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2389
	NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...)
	- gridengine <undetermined>
CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...)
	{DLA-1887-1}
	- freetype 2.6.1-0.1
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
	NOTE: https://savannah.nongnu.org/bugs/?45923
CVE-2019-14438 (A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/x ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14437 (The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC ...)
	{DSA-4504-1}
	- vlc 3.0.8-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14436
	RESERVED
CVE-2019-14435
	RESERVED
CVE-2019-14434
	RESERVED
CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x before  ...)
	- nova 2:19.0.2-1 (low; bug #934114)
	[buster] - nova <no-dsa> (Minor issue)
	[stretch] - nova <no-dsa> (Minor issue)
	[jessie] - nova <no-dsa> (Minor issue)
	NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html
	NOTE: https://launchpad.net/bugs/1837877
CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom  ...)
	NOT-FOR-US: Loom Desktop for Mac
CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...)
	- matrixssl <removed>
CVE-2019-14430 (plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows S ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-14429
	RESERVED
CVE-2019-14428
	RESERVED
CVE-2019-14427 (XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch  ...)
	NOT-FOR-US: WEB STUDIO Ultimate Loan Manager
CVE-2019-14426
	RESERVED
CVE-2019-14425
	RESERVED
CVE-2019-14424 (A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of th ...)
	NOT-FOR-US: eQ-3 Homematic CCU-Firmware
CVE-2019-14423 (A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of t ...)
	NOT-FOR-US: eQ-3 Homematic CCU-Firmware
CVE-2019-14422 (An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI han ...)
	NOT-FOR-US: TortoiseSVN
CVE-2019-14421
	RESERVED
CVE-2019-14420
	RESERVED
CVE-2019-14419
	RESERVED
CVE-2019-14418 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
	NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14417 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
	NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
	NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
	NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can conflict  ...)
	NOT-FOR-US: cPanel
CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as shared us ...)
	NOT-FOR-US: cPanel
CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...)
	NOT-FOR-US: cPanel
CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts from wri ...)
	NOT-FOR-US: cPanel
CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...)
	NOT-FOR-US: cPanel
CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via Passeng ...)
	NOT-FOR-US: cPanel
CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an OpenID prov ...)
	NOT-FOR-US: cPanel
CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-41 ...)
	NOT-FOR-US: cPanel
CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing ( ...)
	NOT-FOR-US: cPanel
CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via securit ...)
	NOT-FOR-US: cPanel
CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in the conte ...)
	NOT-FOR-US: cPanel
CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of incorrect d ...)
	NOT-FOR-US: cPanel
CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal capabilities by usi ...)
	NOT-FOR-US: cPanel
CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward API1 cal ...)
	NOT-FOR-US: cPanel
CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root access be ...)
	NOT-FOR-US: cPanel
CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 allows un ...)
	NOT-FOR-US: cPanel
CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary code vi ...)
	NOT-FOR-US: cPanel
CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary files vi ...)
	NOT-FOR-US: cPanel
CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertio ...)
	NOT-FOR-US: cPanel
CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the Queueproc ...)
	NOT-FOR-US: cPanel
CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the context of t ...)
	NOT-FOR-US: cPanel
CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the context of a d ...)
	NOT-FOR-US: cPanel
CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo account b ...)
	NOT-FOR-US: cPanel
CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller package creati ...)
	NOT-FOR-US: cPanel
CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account interfac ...)
	NOT-FOR-US: cPanel
CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL root pas ...)
	NOT-FOR-US: cPanel
CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation because Exim ...)
	NOT-FOR-US: cPanel
CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail master tem ...)
	NOT-FOR-US: cPanel
CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interfac ...)
	NOT-FOR-US: cPanel
CVE-2019-14385
	RESERVED
CVE-2019-14384
	RESERVED
CVE-2019-14383 (J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...)
	- libopenmpt 0.4.2-1 (unimportant)
	NOTE: https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=11216
	NOTE: Negligible security impact
CVE-2019-14382 (DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...)
	- libopenmpt 0.4.2-1 (unimportant)
	NOTE: https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=11209
	NOTE: Negligible security impact
CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereferen ...)
	- libopenmpt 0.4.3-1
	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2.x series)
	NOTE: https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/
CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...)
	- libopenmpt 0.4.5-1 (low)
	[buster] - libopenmpt <no-dsa> (Minor issue)
	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2 branch)
	NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/
CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)
	{DSA-4542-1 DLA-1879-1}
	- jackson-databind 2.9.9.3-1 (bug #933393)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2387
	NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
	{DSA-4512-1 DSA-4506-1 DLA-1927-1}
	- qemu 1:4.1-1 (bug #933741)
	- qemu-kvm <removed>
	- slirp4netns 0.3.2-1 (bug #933742)
	[buster] - slirp4netns 0.2.3-1
	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...)
	NOT-FOR-US: cPanel
CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...)
	NOT-FOR-US: cPanel
CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interf ...)
	NOT-FOR-US: cPanel
CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting connections ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feat ...)
	NOT-FOR-US: cPanel
CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destina ...)
	NOT-FOR-US: cPanel
CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts after re ...)
	NOT-FOR-US: cPanel
CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: cPanel
CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed custom  ...)
	- libopenmpt 0.3.11-1
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://lib.openmpt.org/libopenmpt/2018/07/28/security-updates-0.3.11-0.2.10635-beta34-0.2.7561-beta20.5-p10-0.2.7386-beta20.3-p13/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10615 (0.3.11)
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10616 (0.2.10635-beta34)
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10617 (0.2.10635-beta34)
CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...)
	NOT-FOR-US: Open edX
CVE-2018-20858 (Recommender before 2018-07-18 allows XSS. ...)
	NOT-FOR-US: RecommenderXBlock
CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...)
	NOT-FOR-US: Open edX
CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...)
	NOT-FOR-US: Open edX
CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
	NOT-FOR-US: Open edX
CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...)
	NOT-FOR-US: Open edX
CVE-2019-14377
	RESERVED
CVE-2019-14376
	RESERVED
CVE-2019-14375
	RESERVED
CVE-2019-14374
	RESERVED
CVE-2019-14373 (An issue was discovered in image_save_png in image/image-png.cpp in Fr ...)
	- flif <removed>
	NOTE: https://github.com/FLIF-hub/FLIF/issues/541
CVE-2019-14372 (In Libav 12.3, there is an infinite loop in the function wv_read_block ...)
	{DLA-1907-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1165
CVE-2019-14371 (An issue was discovered in Libav 12.3. There is an infinite loop in th ...)
	{DLA-1907-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1163
	NOTE: fixed through CVE-2018-11102 / https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7abf394814d818973db562102f21ab9d10540840
CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...)
	- exiv2 0.27.2-6
	[buster] - exiv2 <no-dsa> (Minor issue)
	[stretch] - exiv2 <no-dsa> (Minor issue)
	[jessie] - exiv2 <not-affected> (poc not triggered with asan/valgrind, different MemIo::seek bound check)
	NOTE: https://github.com/Exiv2/exiv2/issues/954
	NOTE: fixed through CVE-2019-13504
	NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
CVE-2019-14369 (Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 all ...)
	- exiv2 0.27.2-6
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <not-affected> (poc not triggered with asan/valgrind, different MemIo::seek bound check)
	NOTE: https://github.com/Exiv2/exiv2/issues/953
	NOTE: fixed through CVE-2019-13504
	NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/952
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e
CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...)
	NOT-FOR-US: Slack-Chat
CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...)
	NOT-FOR-US: WP SlackSync plugin for WordPress
CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...)
	NOT-FOR-US: Intercom plugin for WordPress
CVE-2019-14364 (An XSS vulnerability in the "Email Subscribers &amp; Newsletters" plug ...)
	NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NETGEAR W ...)
	NOT-FOR-US: NETGEAR
CVE-2019-14362 (Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. T ...)
	NOT-FOR-US: Openbravo ERP
CVE-2019-14361
	REJECTED
CVE-2019-14360 (On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based ...)
	NOT-FOR-US: Hyundai Pay Kasse HK-1000 devices
CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...)
	NOT-FOR-US: BC Vault devices
CVE-2019-14358 (On Archos Safe-T devices, a side channel for the row-based OLED displa ...)
	NOT-FOR-US: Archos Safe-T devices
CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
	NOT-FOR-US: Mooltipass Mini devices
CVE-2019-14356 (** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the ...)
	NOT-FOR-US: Coldcard
CVE-2019-14355 (** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the r ...)
	NOT-FOR-US: ShapeShift KeepKey devices
CVE-2019-14354 (On Ledger Nano S and Nano X devices, a side channel for the row-based  ...)
	NOT-FOR-US: Ledger Nano S and Nano X devices
CVE-2019-14353 (On Trezor One devices before 1.8.2, a side channel for the row-based O ...)
	NOT-FOR-US: Trezor One devices
CVE-2019-14352 (** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as  ...)
	NOT-FOR-US: Joget Workflow
CVE-2019-14351 (EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malic ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14350 (EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtr ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...)
	NOT-FOR-US: BearDev JoomSport plugin for WordPress
CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unpriv ...)
	NOT-FOR-US: Schben Adive
CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...)
	NOT-FOR-US: Schben Adive
CVE-2019-14345 (TemaTres 3.0 allows remote unprivileged users to create an administrat ...)
	NOT-FOR-US: TemaTres
CVE-2019-14344 (TemaTres 3.0 has reflected XSS via the replace_string or search_string ...)
	NOT-FOR-US: TemaTres
CVE-2019-14343 (TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin ...)
	NOT-FOR-US: TemaTres
CVE-2019-14342
	RESERVED
CVE-2019-14341
	RESERVED
CVE-2019-14340
	RESERVED
CVE-2019-14339 (The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2 ...)
	NOT-FOR-US: CANON
CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-14335 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP  ...)
	NOT-FOR-US: D-Link
CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-14332 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-14331 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14330 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14329 (An issue was discovered in EspoCRM before 5.6.6. There is stored XSS d ...)
	NOT-FOR-US: EspoCRM
CVE-2019-14328 (The Simple Membership plugin before 3.8.5 for WordPress has CSRF affec ...)
	NOT-FOR-US: Simple Membership plugin for WordPress
CVE-2019-14327 (A CSRF vulnerability in Settings form in the Custom Simple Rss plugin  ...)
	NOT-FOR-US: Custom Simple Rss plugin for WordPress
CVE-2019-14326 (An issue was discovered in AndyOS Andy versions up to 46.11.113. By de ...)
	NOT-FOR-US: AndyOS Andy
CVE-2019-14325
	RESERVED
CVE-2019-14324
	RESERVED
CVE-2019-14323 (SSDP Responder 1.x through 1.5 mishandles incoming network messages, l ...)
	NOT-FOR-US: SSDP Responder
CVE-2019-14322 (In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles dri ...)
	- python-werkzeug <not-affected> (Windows-specific)
CVE-2019-14321
	RESERVED
CVE-2019-14320
	RESERVED
CVE-2019-14319 (The TikTok (formerly Musical.ly) application 12.2.0 for Android and iO ...)
	NOT-FOR-US: TikTok
CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA sig ...)
	[experimental] - libcrypto++ 8.2.0-2
	- libcrypto++ 5.6.4-9 (low; bug #934326)
	[buster] - libcrypto++ <no-dsa> (Minor issue)
	[stretch] - libcrypto++ <no-dsa> (Minor issue)
	[jessie] - libcrypto++ <no-dsa> (Minor issue)
	NOTE: https://github.com/weidai11/cryptopp/issues/869
CVE-2019-14317 (wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) gen ...)
	- wolfssl 4.2.0+dfsg-1
CVE-2019-14316
	RESERVED
CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunHater K ...)
	NOT-FOR-US: SunHater KCFinder
CVE-2019-14314 (A SQL injection vulnerability exists in the Imagely NextGEN Gallery pl ...)
	NOT-FOR-US: Imagely NextGEN Gallery plugin for WordPress
CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...)
	NOT-FOR-US: Aptana Jaxer
CVE-2019-14311
	RESERVED
CVE-2019-14310 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). U ...)
	NOT-FOR-US: Ricoh
CVE-2019-14309 (Ricoh SP C250DN 1.05 devices have a fixed password. FTP service creden ...)
	NOT-FOR-US: Ricoh
CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...)
	NOT-FOR-US: Ricoh
CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
	NOT-FOR-US: Ricoh
CVE-2019-14306 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of ...)
	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...)
	NOT-FOR-US: Ricoh
CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...)
	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14303 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). S ...)
	NOT-FOR-US: Ricoh
CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...)
	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of ...)
	NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...)
	NOT-FOR-US: Ricoh
CVE-2019-14299 (Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable  ...)
	NOT-FOR-US: Ricoh
CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(con ...)
	NOT-FOR-US: Veeam ONE Reporter
CVE-2019-14297 (Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with  ...)
	NOT-FOR-US: Veeam ONE Reporter
CVE-2017-18379 (In the Linux kernel before 4.14, an out of boundary access happened in ...)
	- linux 4.14.2-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/0c319d3a144d4b8f1ea2047fd614d2149b68f889
CVE-2016-10764 (In the Linux kernel before 4.9.6, there is an off by one in the driver ...)
	- linux 4.9.6-1
	NOTE: https://git.kernel.org/linus/193e87143c290ec16838f5368adc0e0bc94eb931
CVE-2015-9289 (In the Linux kernel before 4.1.4, a buffer overflow occurs when checki ...)
	- linux 4.1.5-1
	NOTE: https://git.kernel.org/linus/1fa2337a315a2448c5434f41e00d56b01a22283c
CVE-2012-6712 (In the Linux kernel before 3.4, a buffer overflow occurs in drivers/ne ...)
	- linux 3.8.11-1
	NOTE: https://git.kernel.org/linus/2da424b0773cea3db47e1e81db71eeebde8269d4
CVE-2011-5327 (In the Linux kernel before 3.1, an off by one in the drivers/target/lo ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/12f09ccb4612734a53e47ed5302e0479c10a50f8
CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db
CVE-2010-5331 (** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue  ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/0031c41be5c529f8329e327b63cde92ba1284842
CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/2a2f11c227bdf292b3a2900ad04139d301b56ac4
CVE-2019-14296 (canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause ...)
	- upx-ucl 3.95-2 (unimportant; bug #933232)
	NOTE: https://github.com/upx/upx/issues/287
	NOTE: https://github.com/upx/upx/commit/276b748aa6021c38a2dc699153f61b10e76bc3d2
CVE-2019-14295 (An Integer overflow in the getElfSections function in p_vmlinx.cpp in  ...)
	- upx-ucl 3.95-2 (unimportant; bug #933232)
	NOTE: https://github.com/upx/upx/issues/286
	NOTE: https://github.com/upx/upx/commit/58b122d97da1e02dfec24b10b6b8f56218b5622c
	NOTE: https://github.com/upx/upx/commit/6a53c0b3d499d62346a5c51034db543a4ef78ea3
CVE-2019-14294 (An issue was discovered in Xpdf 4.01.01. There is a use-after-free in  ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f7990386d268a444c297958e9c50ed27a0825a00
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/2c0f70afff03798165c2b609e115dc7e9c034c57
CVE-2019-14293 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14292 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14291 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14290 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad
CVE-2019-14289 (An issue was discovered in Xpdf 4.01.01. There is an integer overflow  ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
	NOTE: Issue correspond to CVE-2017-9776 for src:poppler
CVE-2019-14288 (An issue was discovered in Xpdf 4.01.01. There is an Integer overflow  ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
	NOTE: Issue correspond to CVE-2017-9776 for src:poppler
CVE-2019-14287 (In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer a ...)
	{DSA-4543-1 DLA-1964-1}
	- sudo 1.8.27-1.1 (bug #942322)
	NOTE: https://www.sudo.ws/alerts/minus_1_uid.html
	NOTE: Patch: https://www.sudo.ws/repos/sudo/rev/83db8dba09e7
	NOTE: Fix test regression: https://www.sudo.ws/repos/sudo/rev/db06a8336c09
	NOTE: Patch: https://www.openwall.com/lists/oss-security/2019/10/15/2 (1.8.5, 1.8.10)
CVE-2019-14286 (In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnera ...)
	NOT-FOR-US: MISP
CVE-2019-14285
	RESERVED
CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allo ...)
	NOT-FOR-US: Unity Web Player plugin
CVE-2019-1000033
	REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
	NOT-FOR-US: invenio-previewer
CVE-2019-1020018 (Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmati ...)
	NOT-FOR-US: Discourse
CVE-2019-1020017 (Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmati ...)
	NOT-FOR-US: Discourse
CVE-2019-1020016 (ASH-AIO before 2.0.0.3 allows an open redirect. ...)
	NOT-FOR-US: ASH-AIO
CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishand ...)
	NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine)
CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
	- golang-github-docker-docker-credential-helpers 0.6.1-3 (bug #933801)
	[buster] - golang-github-docker-docker-credential-helpers <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
	NOT-FOR-US: parse-server
CVE-2019-1020012 (parse-server before 3.4.1 allows DoS after any POST to a volatile clas ...)
	NOT-FOR-US: parse-server
CVE-2019-1020011 (SmokeDetector intentionally does automatic deployments of updated copi ...)
	NOT-FOR-US: SmokeDetector
CVE-2019-1020010 (Misskey before 10.102.4 allows hijacking a user's token. ...)
	NOT-FOR-US: Misskey
CVE-2019-1020009 (Fleet before 2.1.2 allows exposure of SMTP credentials. ...)
	NOT-FOR-US: Fleet (osquery frontend)
CVE-2019-1020008 (stacktable.js before 1.0.4 allows XSS. ...)
	NOT-FOR-US: stacktable.js
CVE-2019-1020007 (Dependency-Track before 3.5.1 allows XSS. ...)
	NOT-FOR-US: Dependency-Track
CVE-2019-1020006 (invenio-app before 1.1.1 allows host header injection. ...)
	NOT-FOR-US: invenio-app
CVE-2019-1020005 (invenio-communities before 1.0.0a20 allows XSS. ...)
	NOT-FOR-US: invenio-communities
CVE-2019-1020004 (Tridactyl before 1.16.0 allows fake key events. ...)
	NOT-FOR-US: Tridactyl
CVE-2019-1020003 (invenio-records before 1.2.2 allows XSS. ...)
	NOT-FOR-US: invenio-records
CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential sniffing. ...)
	NOT-FOR-US: Pterodactyl
CVE-2019-1020001 (yard before 0.9.20 allows path traversal. ...)
	- yard 0.9.20-1 (low; bug #945369)
	[buster] - yard <no-dsa> (Minor issue)
	[stretch] - yard <no-dsa> (Minor issue)
	[jessie] - yard <not-affected> (Bug was introduced in 0.9.6)
	NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
	NOTE: Introduced in: https://github.com/lsegal/yard/commit/b32a2efe40e7bd8e5daac7fae119493376a73cde (0.9.6)
CVE-2018-20857 (Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as  ...)
	NOT-FOR-US: Zendesk Samlr
CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org ...)
	- ruby-simple-captcha2 <not-affected> (Backdoored versions not available in a Debian release)
	NOTE: https://github.com/rubygems/rubygems.org/issues/2073
CVE-2019-14281 (The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, inclu ...)
	NOT-FOR-US: Ruby datagrid gem
CVE-2019-14280 (In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't ...)
	NOT-FOR-US: Craft CMS
CVE-2019-14279
	RESERVED
CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can enumerated valid ...)
	NOT-FOR-US: Knowage
CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...)
	NOT-FOR-US: Axway SecureTransport
CVE-2019-14276 (WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. ...)
	NOT-FOR-US: WUSTL XNAT
CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...)
	{DLA-2073-1}
	- fig2dev 1:3.2.7a-7 (unimportant; bug #933075)
	[buster] - fig2dev 1:3.2.7a-5+deb10u1
	[stretch] - fig2dev 1:3.2.6a-2+deb9u2
	- transfig <removed> (unimportant)
	NOTE: https://sourceforge.net/p/mcj/tickets/52/
	NOTE: Crash in CLI tool, no security impact, hardening build
CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function i ...)
	- mcpp 2.7.2-5 (bug #933497)
	[buster] - mcpp <no-dsa> (Minor issue)
	[stretch] - mcpp <no-dsa> (Minor issue)
	[jessie] - mcpp <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/mcpp/bugs/13/
CVE-2019-14273 (In SilverStripe assets 4.0, there is broken access control on files. ...)
	NOT-FOR-US: SilverStripe
CVE-2019-14272 (In SilverStripe asset-admin 4.0, there is XSS in file titles managed t ...)
	NOT-FOR-US: SilverStripe
CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...)
	{DSA-4521-1}
	- docker.io 18.09.1+dfsg1-9
	NOTE: https://github.com/moby/moby/issues/39449
	NOTE: https://github.com/moby/moby/pull/39612 (19.03.x)
	NOTE: Fix needs to be backported to 18.09 as well:
	NOTE: https://github.com/docker/engine/pull/305 (18.09.x)
	NOTE: https://github.com/moby/moby/pull/39612#issuecomment-517999360
CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-14269
	RESERVED
CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request prox ...)
	NOT-FOR-US: Octopus Deploy
CVE-2019-14267 (PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ...)
	- pdfresurrect 0.16-1 (unimportant)
	NOTE: https://github.com/enferex/pdfresurrect/commit/4ea7a6f4f51d0440da651d099247e2273f811dbc
	NOTE: Crash in CLI tool, negligible security impact, hardening build
CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...)
	NOT-FOR-US: OpenSNS
CVE-2019-14265
	RESERVED
CVE-2019-14264
	RESERVED
CVE-2019-14263
	RESERVED
CVE-2019-14262 (MetadataExtractor 2.1.0 allows stack consumption. ...)
	NOT-FOR-US: MetadataExtractor
CVE-2019-14261 (An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due ...)
	NOT-FOR-US: ABUS Secvest FUAA50000 3.01.01 devices
CVE-2019-14260 (On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone Vo ...)
	NOT-FOR-US: Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone
CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...)
	NOT-FOR-US: Polycom Obihai Obi1022 VoIP phone
CVE-2019-14258 (The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to  ...)
	- zenoss <itp> (bug #361253)
CVE-2019-14257 (pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying e ...)
	- zenoss <itp> (bug #361253)
CVE-2019-14256
	RESERVED
CVE-2019-14255 (A Server Side Request Forgery (SSRF) vulnerability in go-camo up to ve ...)
	NOT-FOR-US: go-camo
CVE-2019-14254 (An issue was discovered in the secure portal in Publisure 2.1.2. Becau ...)
	NOT-FOR-US: Publisure
CVE-2019-14253 (An issue was discovered in servletcontroller in the secure portal in P ...)
	NOT-FOR-US: Publisure
CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 2.1.2. Once  ...)
	NOT-FOR-US: Publisure
CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The login p ...)
	NOT-FOR-US: T24 in TEMENOS Channels R15.01
CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
	- binutils 2.33-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html
	NOTE: binutils not covered by security support
CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attacker ...)
	- dwarfutils <not-affected> (Vulnerable code introduced in 20190505 version)
	NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
	NOTE: Introduced in: https://sourceforge.net/p/libdwarf/code/ci/4709f63c8b7488241b5b522267a796834a66db3a
CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows  ...)
	- nasm <unfixed> (unimportant; bug #932907)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392576
	NOTE: Crash in CLI tool, no security impact
CVE-2019-14247 (The scan() function in mad.c in mpg321 0.3.2 allows remote attackers t ...)
	- mpg321 0.3.2-2
	[stretch] - mpg321 <no-dsa> (Minor issue)
	[jessie] - mpg321 <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/mpg321/bugs/51/
	NOTE: Fixed by handle_illegal_bitrate_value.patch
CVE-2019-14246 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14245 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14244
	RESERVED
CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...)
	NOT-FOR-US: mastercactapus proxyprotocol
CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows (Bitdefend ...)
	NOT-FOR-US: Bitdefender products for Windows
CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...)
	- haproxy <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/haproxy/haproxy/issues/181
CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory travers ...)
	NOT-FOR-US: WCMS
CVE-2019-14239 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...)
	NOT-FOR-US: NXP Kinetis
CVE-2019-14238 (On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Prote ...)
	NOT-FOR-US: STMicroelectronics
CVE-2019-14237 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...)
	NOT-FOR-US: NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices
CVE-2019-14236 (On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and ...)
	NOT-FOR-US: STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices
CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
	{DSA-4498-1}
	- python-django 2:2.2.4-1 (bug #934026)
	[jessie] - python-django <not-affected> (Vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
	NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
	NOTE: https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79 (1.11.x)
CVE-2019-14234 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
	{DSA-4498-1}
	- python-django 2:2.2.4-1 (bug #934026)
	[jessie] - python-django <not-affected> (Vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
	NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
	NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
	{DSA-4498-1 DLA-1872-1}
	- python-django 2:2.2.4-1 (bug #934026)
	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
	NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
	NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
	{DSA-4498-1 DLA-1872-1}
	- python-django 2:2.2.4-1 (bug #934026)
	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
	NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
	NOTE: https://github.com/django/django/commit/42a66e969023c00536256469f0e8b8a099ef109d (1.11.x)
CVE-2019-14231 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...)
	NOT-FOR-US: Viral Quiz Maker
CVE-2019-14230 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...)
	NOT-FOR-US: Viral Quiz Maker
CVE-2019-14229
	RESERVED
CVE-2019-14228 (Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based  ...)
	NOT-FOR-US: Xavier PHP Management Panel
CVE-2019-14227 (OX App Suite 7.10.1 and 7.10.2 allows XSS. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-14226 (OX App Suite through 7.10.2 has Insecure Permissions. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-14225 (OX App Suite 7.10.1 and 7.10.2 allows SSRF. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2 201707. By l ...)
	NOT-FOR-US: Alfresco
CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions below 5 ...)
	NOT-FOR-US: Alfresco
CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions 6.0 and ...)
	NOT-FOR-US: Alfresco
CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...)
	NOT-FOR-US: 1CRM On-Premise Software
CVE-2019-14220 (An issue was discovered in BlueStacks 4.110 and below on macOS and on  ...)
	NOT-FOR-US: BlueStacks
CVE-2019-14219
	RESERVED
CVE-2019-14218
	RESERVED
CVE-2019-14217
	RESERVED
CVE-2019-14216 (An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icon ...)
	NOT-FOR-US: svg-vector-icon-plugin (aka WP SVG Icons) plugin for WordPress
CVE-2019-14215 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14214 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14213 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14212 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14211 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14210 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14209 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14208 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14207 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-14206 (An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images  ...)
	NOT-FOR-US: Nevma Adaptive Images plugin for WordPress
CVE-2019-14205 (A Local File Inclusion vulnerability in the Nevma Adaptive Images plug ...)
	NOT-FOR-US: Nevma Adaptive Images plugin for WordPress
CVE-2019-14204 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14203 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14202 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14201 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14200 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14199 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14198 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078
CVE-2019-14197 (An issue was discovered in Das U-Boot through 2019.07. There is a read ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14196 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/cf3a4f1e86ecdd24f87b615051b49d8e1968c230
CVE-2019-14194 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078
CVE-2019-14193 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
	- u-boot 2020.01+dfsg-1
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14191
	RESERVED
CVE-2019-14190
	RESERVED
CVE-2019-14189
	RESERVED
CVE-2019-14188
	RESERVED
CVE-2019-14187
	RESERVED
CVE-2019-14186
	RESERVED
CVE-2019-14185
	RESERVED
CVE-2019-14184
	RESERVED
CVE-2019-14183
	RESERVED
CVE-2019-14182
	RESERVED
CVE-2019-14181
	RESERVED
CVE-2019-14180
	RESERVED
CVE-2019-14179
	RESERVED
CVE-2019-14178
	RESERVED
CVE-2019-14177
	RESERVED
CVE-2019-14176
	RESERVED
CVE-2019-14175
	RESERVED
CVE-2019-14174
	RESERVED
CVE-2019-14173
	RESERVED
CVE-2019-14172
	RESERVED
CVE-2019-14171
	RESERVED
CVE-2019-14170
	RESERVED
CVE-2019-14169
	RESERVED
CVE-2019-14168
	RESERVED
CVE-2019-14167
	RESERVED
CVE-2019-14166
	RESERVED
CVE-2019-14165
	RESERVED
CVE-2019-14164
	RESERVED
CVE-2019-14163
	RESERVED
CVE-2019-14162
	RESERVED
CVE-2019-14161
	RESERVED
CVE-2019-14160
	RESERVED
CVE-2019-14159
	RESERVED
CVE-2019-14158
	RESERVED
CVE-2019-14157
	RESERVED
CVE-2019-14156
	RESERVED
CVE-2019-14155
	RESERVED
CVE-2019-14154
	RESERVED
CVE-2019-14153
	RESERVED
CVE-2019-14152
	RESERVED
CVE-2019-14151
	RESERVED
CVE-2019-14150
	RESERVED
CVE-2019-14149
	RESERVED
CVE-2019-14148
	RESERVED
CVE-2019-14147
	RESERVED
CVE-2019-14146
	RESERVED
CVE-2019-14145
	RESERVED
CVE-2019-14144
	RESERVED
CVE-2019-14143
	RESERVED
CVE-2019-14142
	RESERVED
CVE-2019-14141
	RESERVED
CVE-2019-14140
	RESERVED
CVE-2019-14139
	RESERVED
CVE-2019-14138
	RESERVED
CVE-2019-14137
	RESERVED
CVE-2019-14136
	RESERVED
CVE-2019-14135 (Possible integer overflow to buffer overflow in WLAN while parsing non ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14134 (Possible out of bound access in WLAN handler when the received value o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14133
	RESERVED
CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to some other  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14131 (Out of bound write can occur in radio measurement request if STA recei ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14130
	RESERVED
CVE-2019-14129
	RESERVED
CVE-2019-14128
	RESERVED
CVE-2019-14127 (Possible buffer overflow while playing mkv clip due to lack of validat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14126
	RESERVED
CVE-2019-14125
	RESERVED
CVE-2019-14124
	RESERVED
CVE-2019-14123
	RESERVED
CVE-2019-14122 (Memory failure in SKB if it fails to to add the requested padding to t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14121
	RESERVED
CVE-2019-14120
	RESERVED
CVE-2019-14119
	RESERVED
CVE-2019-14118
	RESERVED
CVE-2019-14117
	RESERVED
CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14115
	RESERVED
CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14113 (Buffer overflow can occur in In WLAN firmware while unwraping data usi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14112 (Potential buffer overflow while processing CBF frames due to lack of c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14111 (Possible buffer overflow while handling NAN reception of NMF in Snapdr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14110 (Buffer overflow can occur in function wlan firmware while copying asso ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14109
	RESERVED
CVE-2019-14108
	RESERVED
CVE-2019-14107
	RESERVED
CVE-2019-14106
	RESERVED
CVE-2019-14105 (Kernel was reading the CSL defined reserved field as uint16 instead of ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14104 (Slab-out-of-bounds access can occur if the context pointer is invalid  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14103
	RESERVED
CVE-2019-14102
	RESERVED
CVE-2019-14101
	RESERVED
CVE-2019-14100
	RESERVED
CVE-2019-14099
	RESERVED
CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of check  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14096
	RESERVED
CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14093
	RESERVED
CVE-2019-14092 (System Services exports services without permission protect and can le ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14090
	RESERVED
CVE-2019-14089
	RESERVED
CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14087 (Failure in buffer management while accessing handle for HDR blit when  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14086 (Possible integer overflow while checking the length of frame which is  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14085 (Possible Integer underflow in WLAN function due to lack of check of da ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14084
	RESERVED
CVE-2019-14083 (While parsing Service Descriptor Extended Attribute received as part o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory offset ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14074
	RESERVED
CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14070 (Possible use after free issue in pcm volume controls due to race condi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14069
	RESERVED
CVE-2019-14068 (Out of bound access in msm routing due to lack of check of size before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14067 (Using non-time-constant functions like memcmp to compare sensitive dat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14066 (Integer overflow in calculating estimated output buffer size when gett ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14065
	RESERVED
CVE-2019-14064
	RESERVED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14059
	RESERVED
CVE-2019-14058
	RESERVED
CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14056
	RESERVED
CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14054 (Improper permissions in XBL_SEC region enable user to update XBL_SEC c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14053 (When attempting to create a new XFRM policy, a stack out-of-bounds rea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14052
	RESERVED
CVE-2019-14051 (Subsequent additions performed during Module loading while allocating  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14050 (Out-of-bound writes occurs due to lack of check of buffer size will ca ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14043 (Out of bound read in Fingerprint application due to requested data is  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14042 (Out of bound read in in fingerprint application due to requested data  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...)
	NOT-FOR-US: Snapdragon
CVE-2019-14039 (Out of bound read in adm call back function due to incorrect boundary  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14038 (Buffer over-read in ADSP parse function due to lack of check for avail ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14037
	RESERVED
CVE-2019-14036 (Possible buffer overflow issue in error processing due to improper val ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14035
	RESERVED
CVE-2019-14034 (Use after free while processing eeprom query as there is a chance to n ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14033 (Multiple Read overflows issue due to improper length check while decod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14032 (Memory use after free issue in audio due to lack of resource control i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14031 (Buffer overflow can occur while parsing RSN IE containing list of PMK  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14030 (The size of a buffer is determined by addition and multiplications ope ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14029 (Use-after-free in graphics module due to destroying already queued syn ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14028 (Buffer overwrite during memcpy due to lack of check on SSID length val ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14027 (Buffer overflow due to lack of upper bound check on channel length whi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14026 (Possible buffer overflow in WLAN WMI handler due to lack of ssid lengt ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14025
	RESERVED
CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emulation ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14023 (String format issue will occur while processing HLOS data as there is  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14022 (Error occurs While extracting the ipv6_header having an invalid length ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14021 (Possible buffer overrun when processing EFS filename and payload sent  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14020 (Multiple Read overflows issue due to improper length check while decod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14019 (Multiple Read overflows issue due to improper length check while decod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14018 (Possible out of bound array access as there is no check on carrier ind ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14017 (Heap buffer overflow can occur while parsing invalid MKV clip which is ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14016 (Integer overflow occurs while playing the clip which is nonstandard in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14015 (A stack-based buffer overflow exists in the initialization of the iden ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14014 (Possible buffer overflow when byte array receives incorrect input from ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14013 (While parsing invalid super index table, elements within super index t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14012 (Possibility of null pointer deference as the array of video codecs fro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14011 (Multiple Read overflows issue due to improper length check while decod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14010 (The device may enter into error state when some tool or application ge ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14009 (Out of bound memory access while processing TZ command handler due to  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14008 (Possible null pointer dereference issue in location assistance data pr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14007 (Due to the use of non-time-constant comparison functions there is issu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14006 (Buffer overflow occur while playing the clip which is nonstandard due  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14005 (Buffer overflow occur while playing the clip which is nonstandard due  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14004 (Buffer overflow occurs while processing invalid MKV clip, which has in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14003 (Null pointer exception can happen while parsing invalid MKV clip where ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14002 (APKs without proper permission may bind to CallEnhancementService and  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14001 (Wrong public key usage from existing oem_keystore for hash generation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-13999
	RESERVED
CVE-2019-13998
	RESERVED
CVE-2019-13997
	RESERVED
CVE-2019-13996
	RESERVED
CVE-2019-13995
	RESERVED
CVE-2019-13994
	RESERVED
CVE-2019-13993
	RESERVED
CVE-2019-13992
	RESERVED
CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...)
	NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3
CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...)
	- libquartz-java 2.3.0-3 (bug #933169)
	[buster] - libquartz-java <no-dsa> (Minor issue)
	[stretch] - libquartz-java <no-dsa> (Minor issue)
	[jessie] - libquartz-java <no-dsa> (Minor issue)
	- libquartz2-java 2.3.0-3 (bug #933170)
	[buster] - libquartz2-java <no-dsa> (Minor issue)
	[stretch] - libquartz2-java <no-dsa> (Minor issue)
	NOTE: https://github.com/quartz-scheduler/quartz/issues/467
	NOTE: https://github.com/quartz-scheduler/quartz/commit/a1395ba118df306c7fe67c24fb0c9a95a4473140
CVE-2019-13989 (dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() func ...)
	- dpic <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://gitlab.com/aplevich/dpic/issues/4
	NOTE: https://gitlab.com/aplevich/dpic/commit/aa9fc45e207134cbfefa4b9e7a1b49cf11e9397d
CVE-2019-13988
	RESERVED
CVE-2019-13987
	RESERVED
CVE-2019-13986
	RESERVED
CVE-2019-13985
	RESERVED
CVE-2019-13984 (Directus 7 API before 2.3.0 does not validate uploaded files. Regardle ...)
	NOT-FOR-US: Directus
CVE-2019-13983 (Directus 7 API before 2.2.2 has insufficient anti-automation, as demon ...)
	NOT-FOR-US: Directus
CVE-2019-13982 (interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 d ...)
	NOT-FOR-US: Directus
CVE-2019-13981 (In Directus 7 API through 2.3.0, remote attackers can read image files ...)
	NOT-FOR-US: Directus
CVE-2019-13980 (In Directus 7 API through 2.3.0, uploading of PHP files is blocked onl ...)
	NOT-FOR-US: Directus
CVE-2019-13979 (In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, ...)
	NOT-FOR-US: Directus
CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php ...)
	NOT-FOR-US: Ovidentia
CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&amp;id ...)
	NOT-FOR-US: Ovidentia
CVE-2019-13976 (eGain Chat 15.0.3 allows unrestricted file upload. ...)
	NOT-FOR-US: eGain Chat
CVE-2019-13975 (eGain Chat 15.0.3 allows HTML Injection. ...)
	NOT-FOR-US: eGain Chat
CVE-2019-13974 (LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. ...)
	NOT-FOR-US: LayerBB
CVE-2019-13973 (LayerBB 1.1.3 allows admin/general.php arbitrary file upload because t ...)
	NOT-FOR-US: LayerBB
CVE-2019-13972 (LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title ...)
	NOT-FOR-US: LayerBB
CVE-2019-13971 (OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=aut ...)
	NOT-FOR-US: OTCMS
CVE-2019-13970 (In antSword before 2.1.0, self-XSS in the database configuration leads ...)
	NOT-FOR-US: antSword
CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admin/inde ...)
	NOT-FOR-US: Metinfo
CVE-2019-13968
	RESERVED
CVE-2019-13967 (iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: iTop (not the same as src:itop)
CVE-2019-13966 (In iTop through 2.6.0, an XSS payload can be delivered in certain fiel ...)
	NOT-FOR-US: iTop (not the same as src:itop)
CVE-2019-13965 (Because of a lack of sanitization around error messages, multiple Refl ...)
	NOT-FOR-US: iTop (not the same as src:itop)
CVE-2019-13964
	RESERVED
CVE-2019-13963
	RESERVED
CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
	{DSA-4504-1}
	- vlc 3.0.8-1 (low)
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
	NOTE: https://trac.videolan.org/vlc/ticket/22240
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the  ...)
	NOT-FOR-US: flatCore
CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be ...)
	NOT-FOR-US: Disputed libjpeg issue, issue would be in application using libjpeg
CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reall ...)
	NOT-FOR-US: Bento4
CVE-2019-13958
	RESERVED
CVE-2019-13957 (In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprov ...)
	NOT-FOR-US: Umbraco
CVE-2019-13956 (Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Discuz!ML
CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the Bluet ...)
	NOT-FOR-US: YI M1 Mirrorless Camera
CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and  ...)
	- gdnsd <unfixed> (unimportant; bug #932407)
	NOTE: https://github.com/gdnsd/gdnsd/issues/185
	NOTE: No security impact, data is under administrative control
	NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1  ...)
	- gdnsd <not-affected> (Vulnerable code not present, introduced in 3.x)
	NOTE: https://github.com/gdnsd/gdnsd/issues/185
	NOTE: No security impact, data is under administrative control
	NOTE: Introduced in https://github.com/gdnsd/gdnsd/commit/15715fc30d5e41e53d4a16d2434fc5c3190e129b
	NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
CVE-2019-13950 (index.php?c=admin&amp;a=index in SyGuestBook A5 Version 1.2 has stored ...)
	NOT-FOR-US: SyGuestBook A5
CVE-2019-13949 (SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demons ...)
	NOT-FOR-US: SyGuestBook A5
CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData f ...)
	NOT-FOR-US: SyGuestBook A5
CVE-2019-13947 (A vulnerability has been identified in SiNVR 3 Central Control Server  ...)
	NOT-FOR-US: Siemens
CVE-2019-13946 (A vulnerability has been identified in Development/Evaluation Kits for ...)
	NOT-FOR-US: Siemens
CVE-2019-13945 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
	NOT-FOR-US: Siemens
CVE-2019-13944 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
	NOT-FOR-US: Siemens
CVE-2019-13943 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
	NOT-FOR-US: Siemens
CVE-2019-13942 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...)
	NOT-FOR-US: Siemens
CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions &lt; V10.0 ...)
	NOT-FOR-US: Siemens
CVE-2019-13940 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
	NOT-FOR-US: Siemens
CVE-2019-13939 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
	NOT-FOR-US: Nucleus
CVE-2019-13938
	RESERVED
CVE-2019-13937
	RESERVED
CVE-2019-13936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
	NOT-FOR-US: Siemens
CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
	NOT-FOR-US: Siemens
CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
	NOT-FOR-US: Siemens
CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
	NOT-FOR-US: Siemens
CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions &lt; V6.0.0.2 ...)
	NOT-FOR-US: Siemens
CVE-2019-13931 (A vulnerability has been identified in XHQ (All versions &lt; V6.0.0.2 ...)
	NOT-FOR-US: Siemens
CVE-2019-13930 (A vulnerability has been identified in XHQ (All versions &lt; V6.0.0.2 ...)
	NOT-FOR-US: Siemens
CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All versions & ...)
	NOT-FOR-US: Siemens
CVE-2019-13928
	RESERVED
CVE-2019-13927 (A vulnerability has been identified in Desigo PX automation controller ...)
	NOT-FOR-US: Siemens
CVE-2019-13926 (A vulnerability has been identified in SCALANCE S602 (All versions &gt ...)
	NOT-FOR-US: Siemens
CVE-2019-13925 (A vulnerability has been identified in SCALANCE S602 (All versions &gt ...)
	NOT-FOR-US: Siemens
CVE-2019-13924 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens
CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
	NOT-FOR-US: Siemens
CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
	NOT-FOR-US: Siemens
CVE-2019-13921 (A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All ...)
	NOT-FOR-US: Siemens
CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
	NOT-FOR-US: Siemens
CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
	NOT-FOR-US: Siemens
CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
	NOT-FOR-US: Siemens
CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution  ...)
	{DSA-4488-1}
	- exim4 4.92-10
	[jessie] - exim4 <not-affected> (Vulnerable code confirmed as introduced in version 4.85)
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/22/3
	NOTE: https://www.exim.org/static/doc/security/CVE-2019-13917.txt
	NOTE: https://git.exim.org/exim.git/commit/21aa05977abff1eaa69bb97ef99080220915f7c0
CVE-2019-13916 (An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6. ...)
	NOT-FOR-US: Cypress
CVE-2019-13915 (b3log Wide before 1.6.0 allows three types of attacks to access arbitr ...)
	NOT-FOR-US: b3log Wide
CVE-2019-13914
	RESERVED
CVE-2019-13913
	RESERVED
CVE-2019-13912
	RESERVED
CVE-2019-13911
	RESERVED
CVE-2019-13910
	RESERVED
CVE-2019-13909
	RESERVED
CVE-2019-13908
	RESERVED
CVE-2019-13907
	RESERVED
CVE-2019-13906
	RESERVED
CVE-2019-13905
	RESERVED
CVE-2019-13904
	RESERVED
CVE-2019-13903
	RESERVED
CVE-2019-13902
	RESERVED
CVE-2019-13901
	RESERVED
CVE-2019-13900
	RESERVED
CVE-2019-13899
	RESERVED
CVE-2019-13898
	RESERVED
CVE-2019-13897
	RESERVED
CVE-2019-13896
	RESERVED
CVE-2019-13895
	RESERVED
CVE-2019-13894
	RESERVED
CVE-2019-13893
	RESERVED
CVE-2019-13892
	RESERVED
CVE-2019-13891
	RESERVED
CVE-2019-13890
	RESERVED
CVE-2019-13889
	RESERVED
CVE-2019-13888
	RESERVED
CVE-2019-13887
	RESERVED
CVE-2019-13886
	RESERVED
CVE-2019-13885
	RESERVED
CVE-2019-13884
	RESERVED
CVE-2019-13883
	RESERVED
CVE-2019-13882
	RESERVED
CVE-2019-13881
	RESERVED
CVE-2019-13880
	RESERVED
CVE-2019-13879
	RESERVED
CVE-2019-13878
	RESERVED
CVE-2019-13877
	RESERVED
CVE-2019-13876
	RESERVED
CVE-2019-13875
	RESERVED
CVE-2019-13874
	RESERVED
CVE-2019-13873
	RESERVED
CVE-2019-13872
	RESERVED
CVE-2019-13871
	RESERVED
CVE-2019-13870
	RESERVED
CVE-2019-13869
	RESERVED
CVE-2019-13868
	RESERVED
CVE-2019-13867
	RESERVED
CVE-2019-13866
	RESERVED
CVE-2019-13865
	RESERVED
CVE-2019-13864
	RESERVED
CVE-2019-13863
	RESERVED
CVE-2019-13862
	RESERVED
CVE-2019-13861
	RESERVED
CVE-2019-13860
	RESERVED
CVE-2019-13859
	RESERVED
CVE-2019-13858
	RESERVED
CVE-2019-13857
	RESERVED
CVE-2019-13856
	RESERVED
CVE-2019-13855
	RESERVED
CVE-2019-13854
	RESERVED
CVE-2019-13853
	RESERVED
CVE-2019-13852
	RESERVED
CVE-2019-13851
	RESERVED
CVE-2019-13850
	RESERVED
CVE-2019-13849
	RESERVED
CVE-2019-13848
	RESERVED
CVE-2019-13847
	RESERVED
CVE-2019-13846
	RESERVED
CVE-2019-13845
	RESERVED
CVE-2019-13844
	RESERVED
CVE-2019-13843
	RESERVED
CVE-2019-13842
	RESERVED
CVE-2019-13841
	RESERVED
CVE-2019-13840
	RESERVED
CVE-2019-13839
	RESERVED
CVE-2019-13838
	RESERVED
CVE-2019-13837
	RESERVED
CVE-2019-13836
	RESERVED
CVE-2019-13835
	RESERVED
CVE-2019-13834
	RESERVED
CVE-2019-13833
	RESERVED
CVE-2019-13832
	RESERVED
CVE-2019-13831
	RESERVED
CVE-2019-13830
	RESERVED
CVE-2019-13829
	RESERVED
CVE-2019-13828
	RESERVED
CVE-2019-13827
	RESERVED
CVE-2019-13826
	RESERVED
CVE-2019-13825
	RESERVED
CVE-2019-13824
	RESERVED
CVE-2019-13823
	RESERVED
CVE-2019-13822
	RESERVED
CVE-2019-13821
	RESERVED
CVE-2019-13820
	RESERVED
CVE-2019-13819
	RESERVED
CVE-2019-13818
	RESERVED
CVE-2019-13817
	RESERVED
CVE-2019-13816
	RESERVED
CVE-2019-13815
	RESERVED
CVE-2019-13814
	RESERVED
CVE-2019-13813
	RESERVED
CVE-2019-13812
	RESERVED
CVE-2019-13811
	RESERVED
CVE-2019-13810
	RESERVED
CVE-2019-13809
	RESERVED
CVE-2019-13808
	RESERVED
CVE-2019-13807
	RESERVED
CVE-2019-13806
	RESERVED
CVE-2019-13805
	RESERVED
CVE-2019-13804
	RESERVED
CVE-2019-13803
	RESERVED
CVE-2019-13802
	RESERVED
CVE-2019-13801
	RESERVED
CVE-2019-13800
	RESERVED
CVE-2019-13799
	RESERVED
CVE-2019-13798
	RESERVED
CVE-2019-13797
	RESERVED
CVE-2019-13796
	RESERVED
CVE-2019-13795
	RESERVED
CVE-2019-13794
	RESERVED
CVE-2019-13793
	RESERVED
CVE-2019-13792
	RESERVED
CVE-2019-13791
	RESERVED
CVE-2019-13790
	RESERVED
CVE-2019-13789
	RESERVED
CVE-2019-13788
	RESERVED
CVE-2019-13787
	RESERVED
CVE-2019-13786
	RESERVED
CVE-2019-13785
	RESERVED
CVE-2019-13784
	RESERVED
CVE-2019-13783
	RESERVED
CVE-2019-13782
	RESERVED
CVE-2019-13781
	RESERVED
CVE-2019-13780
	RESERVED
CVE-2019-13779
	RESERVED
CVE-2019-13778
	RESERVED
CVE-2019-13777
	RESERVED
CVE-2019-13776
	RESERVED
CVE-2019-13775
	RESERVED
CVE-2019-13774
	RESERVED
CVE-2019-13773
	RESERVED
CVE-2019-13772
	RESERVED
CVE-2019-13771
	RESERVED
CVE-2019-13770
	RESERVED
CVE-2019-13769
	RESERVED
CVE-2019-13768
	RESERVED
CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 79.0.3945.88  ...)
	{DSA-4606-1}
	- chromium 79.0.3945.130-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13765 (Use-after-free in content delivery manager in Google Chrome prior to 7 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome prior to  ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13762 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13761 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13760
	RESERVED
CVE-2019-13759 (Incorrect security UI in interstitials in Google Chrome prior to 79.0. ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13758 (Insufficient policy enforcement in navigation in Google Chrome on Andr ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13757 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13756 (Incorrect security UI in printing in Google Chrome prior to 79.0.3945. ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13755 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13754 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13753 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13752 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13751 (Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 al ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13750 (Insufficient data validation in SQLite in Google Chrome prior to 79.0. ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13749 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13748 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13747 (Uninitialized data in rendering in Google Chrome on Android prior to 7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13746 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13745 (Insufficient policy enforcement in audio in Google Chrome prior to 79. ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13744 (Insufficient policy enforcement in cookies in Google Chrome prior to 7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13743 (Incorrect security UI in external protocol handling in Google Chrome p ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13742 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13741 (Insufficient validation of untrusted input in Blink in Google Chrome p ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13740 (Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13739 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13738 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13737 (Insufficient policy enforcement in autocomplete in Google Chrome prior ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13736 (Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allo ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13735 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13734 (Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 a ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13733
	RESERVED
CVE-2019-13732 (Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allo ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
CVE-2019-13731
	RESERVED
CVE-2019-13730 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13729 (Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 al ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13728 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13727 (Insufficient policy enforcement in WebSockets in Google Chrome prior t ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13726 (Buffer overflow in password manager in Google Chrome prior to 79.0.394 ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13725 (Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 all ...)
	{DSA-4606-1}
	- chromium 79.0.3945.79-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13724 (Out of bounds memory access in WebBluetooth in Google Chrome prior to  ...)
	{DSA-4575-1}
	- chromium 78.0.3904.108-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 ...)
	{DSA-4575-1}
	- chromium 78.0.3904.108-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13722 (Inappropriate implementation in WebRTC in Google Chrome prior to 79.0. ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-13722
CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowe ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13720 (Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allo ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13719 (Incorrect security UI in full screen mode in Google Chrome prior to 78 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13718 (Insufficient data validation in Omnibox in Google Chrome prior to 78.0 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13717 (Incorrect security UI in full screen mode in Google Chrome prior to 78 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13716 (Insufficient policy enforcement in service workers in Google Chrome pr ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13715 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13714 (Insufficient validation of untrusted input in Color Enhancer extension ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13713 (Insufficient policy enforcement in JavaScript in Google Chrome prior t ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13712
	RESERVED
CVE-2019-13711 (Insufficient policy enforcement in JavaScript in Google Chrome prior t ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13710 (Insufficient validation of untrusted input in downloads in Google Chro ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13709 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13708 (Inappropriate implementation in navigation in Google Chrome on iOS pri ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13707 (Insufficient validation of untrusted input in intents in Google Chrome ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13706 (Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13705 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13704 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13703 (Insufficient policy enforcement in the Omnibox in Google Chrome on And ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13702 (Inappropriate implementation in installer in Google Chrome on Windows  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13701 (Incorrect implementation in navigation in Google Chrome prior to 78.0. ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13700 (Out of bounds memory access in the gamepad API in Google Chrome prior  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13699 (Use after free in media in Google Chrome prior to 78.0.3904.70 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13698 (Out of bounds memory access in JavaScript in Google Chrome prior to 73 ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13697 (Insufficient policy enforcement in performance APIs in Google Chrome p ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13696 (Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 a ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13695 (Use after free in audio in Google Chrome on Android prior to 77.0.3865 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13694 (Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allow ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13693 (Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 al ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13692 (Insufficient policy enforcement in reader mode in Google Chrome prior  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13691 (Insufficient validation of untrusted input in navigation in Google Chr ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13690
	RESERVED
CVE-2019-13689
	RESERVED
CVE-2019-13688 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13687 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13686 (Use after free in offline mode in Google Chrome prior to 77.0.3865.90  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13685 (Use after free in sharing view in Google Chrome prior to 77.0.3865.90  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13684 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13683 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13682 (Insufficient policy enforcement in external protocol handling in Googl ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13681 (Insufficient data validation in downloads in Google Chrome prior to 77 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13680 (Inappropriate implementation in TLS in Google Chrome prior to 77.0.386 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-13679 (Insufficient policy enforcement in PDFium in Google Chrome prior to 77 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13678 (Incorrect data validation in downloads in Google Chrome prior to 77.0. ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13677 (Insufficient policy enforcement in site isolation in Google Chrome pri ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13676 (Insufficient policy enforcement in Chromium in Google Chrome prior to  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13675 (Insufficient data validation in extensions in Google Chrome prior to 7 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13674 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13673 (Insufficient data validation in developer tools in Google Chrome prior ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13672 (Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.7 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13671 (UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13670 (Insufficient data validation in JavaScript in Google Chrome prior to 7 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13669 (Incorrect data validation in navigation in Google Chrome prior to 77.0 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13668 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13667 (Inappropriate implementation in Omnibox in Google Chrome on iOS prior  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13666 (Information leak in storage in Google Chrome prior to 77.0.3865.75 all ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13665 (Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13664 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13663 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13662 (Insufficient policy enforcement in navigations in Google Chrome prior  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13661 (UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13660 (UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13659 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
	[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default credential vuln ...)
	NOT-FOR-US: CA Network Flow Analysis
CVE-2019-13657 (CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before  ...)
	NOT-FOR-US: CA Performance Management
CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...)
	NOT-FOR-US: CA Technologies Client Automation
CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Imgix
CVE-2019-13654
	RESERVED
CVE-2019-13653 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow trig ...)
	NOT-FOR-US: TP-Link
CVE-2019-13652 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serv ...)
	NOT-FOR-US: TP-Link
CVE-2019-13651 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow port ...)
	NOT-FOR-US: TP-Link
CVE-2019-13650 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow inte ...)
	NOT-FOR-US: TP-Link
CVE-2019-13649 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow exte ...)
	NOT-FOR-US: TP-Link
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1}
	- linux 5.2.6-1
	NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
	{DSA-4497-1 DLA-1885-1}
	- linux 4.18.8-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
CVE-2018-20855 (An issue was discovered in the Linux kernel before 4.18.7. In create_q ...)
	- linux 4.18.8-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/0625b4ba1a5d4703c7fb01c497bd6c156908af00
CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. drivers/phy/m ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
CVE-2018-20853 (An issue was discovered in the MailPoet Newsletters (aka wysija-newsle ...)
	NOT-FOR-US: MailPoet Newsletters (aka wysija- newsletters) plugin for WordPress
CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS ...)
	NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2016-10762 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV ...)
	NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2019-13647 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
	NOT-FOR-US: Firefly
CVE-2019-13646 (Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack ...)
	NOT-FOR-US: Firefly
CVE-2019-13645 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
	NOT-FOR-US: Firefly
CVE-2019-13644 (Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of ...)
	NOT-FOR-US: Firefly
CVE-2019-13643 (Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute  ...)
	NOT-FOR-US: EspoCRM
CVE-2019-13642
	RESERVED
CVE-2019-13641
	RESERVED
CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExternalProg ...)
	{DSA-4650-1}
	- qbittorrent 4.1.7-1 (bug #932539)
	[jessie] - qbittorrent <not-affected> (Vulnerable code not present in 3.1.x series)
	NOTE: https://github.com/qbittorrent/qBittorrent/issues/10925
CVE-2019-13639
	RESERVED
CVE-2019-13638 (GNU patch through 2.7.6 is vulnerable to OS shell command injection th ...)
	{DSA-4489-1 DLA-1864-1}
	- patch 2.7.6-5
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbit ...)
	NOT-FOR-US: LogMeIn join.me
CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishandled in ...)
	{DSA-4489-1 DLA-1856-1}
	- patch 2.7.6-5 (bug #932401)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFas ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2019-13634
	RESERVED
CVE-2019-13633
	RESERVED
CVE-2019-13632
	RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
	RESERVED
CVE-2019-13629 (MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA si ...)
	- matrixssl <removed>
CVE-2019-13628 (wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --ena ...)
	- wolfssl 4.1.0+dfsg-1
	NOTE: https://github.com/wolfSSL/wolfssl/pull/2353
CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the libgcryp ...)
	{DLA-1931-2 DLA-1931-1}
	- libgcrypt20 1.8.5-1 (bug #938938)
	[buster] - libgcrypt20 <no-dsa> (Minor issue)
	[stretch] - libgcrypt20 <no-dsa> (Minor issue)
	- libgcrypt11 <removed>
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b9577f7c89b4327edc09f2231bc8b31521102c79 (master)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=7c2943309d14407b51c8166c4dcecb56a3628567 (master)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 (1.8.5)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5)
CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...)
	- libsdl2 2.0.10+dfsg1-1
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	[jessie] - libsdl2 <no-dsa> (Minor issue)
	- libsdl1.2 <not-affected> (Vulnerable code added later)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4522
	NOTE: 24-bit PCM WAVE introduced in SDL 2.0
CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or restore ...)
	- ghidra <itp> (bug #923851)
CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...)
	NOT-FOR-US: ONOS
CVE-2019-13623 (In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java ...)
	- ghidra <itp> (bug #923851)
CVE-2019-13622
	RESERVED
CVE-2019-13621
	RESERVED
CVE-2019-13620
	RESERVED
CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the  ...)
	- wireshark 2.6.10-1 (low)
	[buster] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	[jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9
CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-bas ...)
	{DLA-2072-1}
	- gpac <unfixed> (low; bug #932242)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1250
	NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
	NOT-FOR-US: njs
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	- libsdl2 2.0.10+dfsg1-1
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	[jessie] - libsdl2 <postponed> (can be fixed along with more important patches)
	- libsdl1.2 1.2.15+dfsg2-5
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	[jessie] - libsdl1.2 <postponed> (can be fixed along with more important patches)
	- libsdl2-image 2.0.5+dfsg1-2 (bug #940934)
	[buster] - libsdl2-image <no-dsa> (Minor issue)
	[stretch] - libsdl2-image <no-dsa> (Minor issue)
	[jessie] - libsdl2-image <postponed> (can be fixed along with more important patches)
	- sdl-image1.2 1.2.12-12
	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
	[jessie] - sdl-image1.2 <postponed> (can be fixed along with more important patches)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
	NOTE: libsdl2: https://hg.libsdl.org/SDL/rev/e7ba650a643a
	NOTE: libsdl1.2: https://hg.libsdl.org/SDL/rev/ad1bbfbca760
	NOTE: libsdl2-image: https://hg.libsdl.org/SDL_image/rev/ba45f00879ba
	NOTE: sdl-image1.2: https://hg.libsdl.org/SDL_image/rev/a59bfe382008
CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media  ...)
	- libebml 1.3.6-1 (low; bug #932241)
	[stretch] - libebml 1.3.4-1+deb9u1
	[jessie] - libebml <no-dsa> (Minor issue)
	NOTE: https://trac.videolan.org/vlc/ticket/22474
	NOTE: Issue was originally reported to vlc project, but the underlying issue is
	NOTE: found in the libebml library
	NOTE: https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0
	NOTE: https://github.com/Matroska-Org/libebml/commit/ff0dc3cc21494578ce731f5d7dcde5fdec23d40f
	NOTE: https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6
	NOTE: https://github.com/Matroska-Org/libebml/commit/534dfdb995edc18e528de8ce9fa20b3df88426ae
CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link ...)
	NOT-FOR-US: TP-Link
CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wirel ...)
	NOT-FOR-US: TP-Link
CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default for e-mai ...)
	NOT-FOR-US: MDaemon Email Server
CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...)
	- python-engineio 3.11.1-1 (bug #932538)
	[buster] - python-engineio <no-dsa> (Minor issue)
	NOTE: https://github.com/miguelgrinberg/python-engineio/issues/128
	NOTE: https://github.com/miguelgrinberg/python-engineio/security/advisories/GHSA-j3jp-gvr5-7hwq
CVE-2019-13610
	RESERVED
CVE-2019-13609
	RESERVED
CVE-2019-13608 (Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000) ...)
	NOT-FOR-US: Citrix StoreFront Server
CVE-2014-1200
	RESERVED
CVE-2014-1199
	RESERVED
CVE-2014-1198
	RESERVED
CVE-2014-1197
	RESERVED
CVE-2014-1196
	RESERVED
CVE-2014-1195
	RESERVED
CVE-2014-1194
	RESERVED
CVE-2014-1193
	RESERVED
CVE-2014-1192
	RESERVED
CVE-2014-1191
	RESERVED
CVE-2014-1190
	RESERVED
CVE-2014-1189
	RESERVED
CVE-2014-1188
	RESERVED
CVE-2014-1187
	RESERVED
CVE-2014-1186
	RESERVED
CVE-2014-1185
	RESERVED
CVE-2014-1184
	RESERVED
CVE-2014-1183
	RESERVED
CVE-2014-1182
	RESERVED
CVE-2014-1181
	RESERVED
CVE-2014-1180
	RESERVED
CVE-2014-1179
	RESERVED
CVE-2014-1178
	RESERVED
CVE-2014-1177
	RESERVED
CVE-2014-1176
	RESERVED
CVE-2014-1175
	RESERVED
CVE-2014-1174
	RESERVED
CVE-2014-1173
	RESERVED
CVE-2014-1172
	RESERVED
CVE-2014-1171
	RESERVED
CVE-2014-1170
	RESERVED
CVE-2014-1169
	RESERVED
CVE-2014-1168
	RESERVED
CVE-2014-1167
	RESERVED
CVE-2014-1166
	RESERVED
CVE-2014-1165
	RESERVED
CVE-2014-1164
	RESERVED
CVE-2014-1163
	RESERVED
CVE-2014-1162
	RESERVED
CVE-2014-1161
	RESERVED
CVE-2014-1160
	RESERVED
CVE-2014-1159
	RESERVED
CVE-2014-1158
	RESERVED
CVE-2014-1157
	RESERVED
CVE-2014-1156
	RESERVED
CVE-2014-1154
	RESERVED
CVE-2014-1153
	RESERVED
CVE-2014-1152
	RESERVED
CVE-2014-1151
	RESERVED
CVE-2014-1150
	RESERVED
CVE-2014-1149
	RESERVED
CVE-2014-1148
	RESERVED
CVE-2014-1147
	RESERVED
CVE-2014-1146
	RESERVED
CVE-2014-1145
	RESERVED
CVE-2014-1144
	RESERVED
CVE-2014-1143
	RESERVED
CVE-2014-1142
	RESERVED
CVE-2014-1141
	RESERVED
CVE-2014-1140
	RESERVED
CVE-2014-1139
	RESERVED
CVE-2014-1138
	RESERVED
CVE-2014-1136
	RESERVED
CVE-2014-1135
	RESERVED
CVE-2014-1134
	RESERVED
CVE-2014-1133
	RESERVED
CVE-2014-1132
	RESERVED
CVE-2014-1131
	RESERVED
CVE-2014-1130
	RESERVED
CVE-2014-1129
	RESERVED
CVE-2014-1128
	RESERVED
CVE-2014-1127
	RESERVED
CVE-2014-1126
	RESERVED
CVE-2014-1125
	RESERVED
CVE-2014-1124
	RESERVED
CVE-2014-1123
	RESERVED
CVE-2014-1122
	RESERVED
CVE-2014-1121
	RESERVED
CVE-2014-1120
	RESERVED
CVE-2014-1119
	RESERVED
CVE-2014-1118
	RESERVED
CVE-2014-1117
	RESERVED
CVE-2014-1116
	RESERVED
CVE-2014-1115
	RESERVED
CVE-2014-1114
	RESERVED
CVE-2014-1113
	RESERVED
CVE-2014-1112
	RESERVED
CVE-2014-1111
	RESERVED
CVE-2014-1110
	RESERVED
CVE-2014-1109
	RESERVED
CVE-2014-1108
	RESERVED
CVE-2014-1107
	RESERVED
CVE-2014-1106
	RESERVED
CVE-2014-1105
	RESERVED
CVE-2014-1104
	RESERVED
CVE-2014-1103
	RESERVED
CVE-2014-1102
	RESERVED
CVE-2014-1101
	RESERVED
CVE-2014-1100
	RESERVED
CVE-2014-1099
	RESERVED
CVE-2014-1098
	RESERVED
CVE-2014-1097
	RESERVED
CVE-2014-1096
	RESERVED
CVE-2014-1095
	RESERVED
CVE-2014-1094
	RESERVED
CVE-2014-1093
	RESERVED
CVE-2014-1092
	RESERVED
CVE-2014-1091
	RESERVED
CVE-2014-1090
	RESERVED
CVE-2014-1089
	RESERVED
CVE-2014-1088
	RESERVED
CVE-2014-1087
	RESERVED
CVE-2014-1086
	RESERVED
CVE-2014-1085
	RESERVED
CVE-2014-1084
	RESERVED
CVE-2014-1083
	RESERVED
CVE-2014-1082
	RESERVED
CVE-2014-1081
	RESERVED
CVE-2014-1080
	RESERVED
CVE-2014-1079
	RESERVED
CVE-2014-1078
	RESERVED
CVE-2014-1077
	RESERVED
CVE-2014-1076
	RESERVED
CVE-2014-1075
	RESERVED
CVE-2014-1074
	RESERVED
CVE-2014-1073
	RESERVED
CVE-2014-1072
	RESERVED
CVE-2014-1071
	RESERVED
CVE-2014-1070
	RESERVED
CVE-2014-1069
	RESERVED
CVE-2014-1068
	RESERVED
CVE-2014-1067
	RESERVED
CVE-2014-1066
	RESERVED
CVE-2014-1065
	RESERVED
CVE-2014-1064
	RESERVED
CVE-2014-1063
	RESERVED
CVE-2014-1062
	RESERVED
CVE-2014-1061
	RESERVED
CVE-2014-1060
	RESERVED
CVE-2014-1059
	RESERVED
CVE-2014-1058
	RESERVED
CVE-2014-1057
	RESERVED
CVE-2014-1056
	RESERVED
CVE-2014-1055
	RESERVED
CVE-2014-1054
	RESERVED
CVE-2014-1053
	RESERVED
CVE-2014-1052
	RESERVED
CVE-2014-1051
	RESERVED
CVE-2014-1050
	RESERVED
CVE-2014-1049
	RESERVED
CVE-2014-1048
	RESERVED
CVE-2014-1047
	RESERVED
CVE-2014-1046
	RESERVED
CVE-2014-1045
	RESERVED
CVE-2014-1044
	RESERVED
CVE-2014-1043
	RESERVED
CVE-2014-1042
	RESERVED
CVE-2014-1041
	RESERVED
CVE-2014-1040
	RESERVED
CVE-2014-1039
	RESERVED
CVE-2014-1038
	RESERVED
CVE-2014-10374 (On Fitbit activity-tracker devices, certain addresses never change. Ac ...)
	NOT-FOR-US: Fitbit activity-tracker devices
CVE-2014-10373
	RESERVED
CVE-2014-10372
	RESERVED
CVE-2014-10371
	RESERVED
CVE-2014-10370
	RESERVED
CVE-2014-1037
	RESERVED
CVE-2014-10369
	RESERVED
CVE-2014-10368
	RESERVED
CVE-2014-10367
	RESERVED
CVE-2014-10366
	RESERVED
CVE-2014-10365
	RESERVED
CVE-2014-10364
	RESERVED
CVE-2014-10363
	RESERVED
CVE-2014-10362
	RESERVED
CVE-2014-10361
	RESERVED
CVE-2014-10360
	RESERVED
CVE-2014-1036
	RESERVED
CVE-2014-10359
	RESERVED
CVE-2014-10358
	RESERVED
CVE-2014-10357
	RESERVED
CVE-2014-10356
	RESERVED
CVE-2014-10355
	RESERVED
CVE-2014-10354
	RESERVED
CVE-2014-10353
	RESERVED
CVE-2014-10352
	RESERVED
CVE-2014-10351
	RESERVED
CVE-2014-10350
	RESERVED
CVE-2014-1035
	RESERVED
CVE-2014-10349
	RESERVED
CVE-2014-10348
	RESERVED
CVE-2014-10347
	RESERVED
CVE-2014-10346
	RESERVED
CVE-2014-10345
	RESERVED
CVE-2014-10344
	RESERVED
CVE-2014-10343
	RESERVED
CVE-2014-10342
	RESERVED
CVE-2014-10341
	RESERVED
CVE-2014-10340
	RESERVED
CVE-2014-1034
	RESERVED
CVE-2014-10339
	RESERVED
CVE-2014-10338
	RESERVED
CVE-2014-10337
	RESERVED
CVE-2014-10336
	RESERVED
CVE-2014-10335
	RESERVED
CVE-2014-10334
	RESERVED
CVE-2014-10333
	RESERVED
CVE-2014-10332
	RESERVED
CVE-2014-10331
	RESERVED
CVE-2014-10330
	RESERVED
CVE-2014-1033
	RESERVED
CVE-2014-10329
	RESERVED
CVE-2014-10328
	RESERVED
CVE-2014-10327
	RESERVED
CVE-2014-10326
	RESERVED
CVE-2014-10325
	RESERVED
CVE-2014-10324
	RESERVED
CVE-2014-10323
	RESERVED
CVE-2014-10322
	RESERVED
CVE-2014-10321
	RESERVED
CVE-2014-10320
	RESERVED
CVE-2014-1032
	RESERVED
CVE-2014-10319
	RESERVED
CVE-2014-10318
	RESERVED
CVE-2014-10317
	RESERVED
CVE-2014-10316
	RESERVED
CVE-2014-10315
	RESERVED
CVE-2014-10314
	RESERVED
CVE-2014-10313
	RESERVED
CVE-2014-10312
	RESERVED
CVE-2014-10311
	RESERVED
CVE-2014-10310
	RESERVED
CVE-2014-1031
	RESERVED
CVE-2014-10309
	RESERVED
CVE-2014-10308
	RESERVED
CVE-2014-10307
	RESERVED
CVE-2014-10306
	RESERVED
CVE-2014-10305
	RESERVED
CVE-2014-10304
	RESERVED
CVE-2014-10303
	RESERVED
CVE-2014-10302
	RESERVED
CVE-2014-10301
	RESERVED
CVE-2014-10300
	RESERVED
CVE-2014-1030
	RESERVED
CVE-2014-10299
	RESERVED
CVE-2014-10298
	RESERVED
CVE-2014-10297
	RESERVED
CVE-2014-10296
	RESERVED
CVE-2014-10295
	RESERVED
CVE-2014-10294
	RESERVED
CVE-2014-10293
	RESERVED
CVE-2014-10292
	RESERVED
CVE-2014-10291
	RESERVED
CVE-2014-10290
	RESERVED
CVE-2014-1029
	RESERVED
CVE-2014-10289
	RESERVED
CVE-2014-10288
	RESERVED
CVE-2014-10287
	RESERVED
CVE-2014-10286
	RESERVED
CVE-2014-10285
	RESERVED
CVE-2014-10284
	RESERVED
CVE-2014-10283
	RESERVED
CVE-2014-10282
	RESERVED
CVE-2014-10281
	RESERVED
CVE-2014-10280
	RESERVED
CVE-2014-1028
	RESERVED
CVE-2014-10279
	RESERVED
CVE-2014-10278
	RESERVED
CVE-2014-10277
	RESERVED
CVE-2014-10276
	RESERVED
CVE-2014-10275
	RESERVED
CVE-2014-10274
	RESERVED
CVE-2014-10273
	RESERVED
CVE-2014-10272
	RESERVED
CVE-2014-10271
	RESERVED
CVE-2014-10270
	RESERVED
CVE-2014-1027
	RESERVED
CVE-2014-10269
	RESERVED
CVE-2014-10268
	RESERVED
CVE-2014-10267
	RESERVED
CVE-2014-10266
	RESERVED
CVE-2014-10265
	RESERVED
CVE-2014-10264
	RESERVED
CVE-2014-10263
	RESERVED
CVE-2014-10262
	RESERVED
CVE-2014-10261
	RESERVED
CVE-2014-10260
	RESERVED
CVE-2014-1026
	RESERVED
CVE-2014-10259
	RESERVED
CVE-2014-10258
	RESERVED
CVE-2014-10257
	RESERVED
CVE-2014-10256
	RESERVED
CVE-2014-10255
	RESERVED
CVE-2014-10254
	RESERVED
CVE-2014-10253
	RESERVED
CVE-2014-10252
	RESERVED
CVE-2014-10251
	RESERVED
CVE-2014-10250
	RESERVED
CVE-2014-1025
	RESERVED
CVE-2014-10249
	RESERVED
CVE-2014-10248
	RESERVED
CVE-2014-10247
	RESERVED
CVE-2014-10246
	RESERVED
CVE-2014-10245
	RESERVED
CVE-2014-10244
	RESERVED
CVE-2014-10243
	RESERVED
CVE-2014-10242
	RESERVED
CVE-2014-10241
	RESERVED
CVE-2014-10240
	RESERVED
CVE-2014-1024
	RESERVED
CVE-2014-10239
	RESERVED
CVE-2014-10238
	RESERVED
CVE-2014-10237
	RESERVED
CVE-2014-10236
	RESERVED
CVE-2014-10235
	RESERVED
CVE-2014-10234
	RESERVED
CVE-2014-10233
	RESERVED
CVE-2014-10232
	RESERVED
CVE-2014-10231
	RESERVED
CVE-2014-10230
	RESERVED
CVE-2014-1023
	RESERVED
CVE-2014-10229
	RESERVED
CVE-2014-10228
	RESERVED
CVE-2014-10227
	RESERVED
CVE-2014-10226
	RESERVED
CVE-2014-10225
	RESERVED
CVE-2014-10224
	RESERVED
CVE-2014-10223
	RESERVED
CVE-2014-10222
	RESERVED
CVE-2014-10221
	RESERVED
CVE-2014-10220
	RESERVED
CVE-2014-1022
	RESERVED
CVE-2014-10219
	RESERVED
CVE-2014-10218
	RESERVED
CVE-2014-10217
	RESERVED
CVE-2014-10216
	RESERVED
CVE-2014-10215
	RESERVED
CVE-2014-10214
	RESERVED
CVE-2014-10213
	RESERVED
CVE-2014-10212
	RESERVED
CVE-2014-10211
	RESERVED
CVE-2014-10210
	RESERVED
CVE-2014-1021
	RESERVED
CVE-2014-10209
	RESERVED
CVE-2014-10208
	RESERVED
CVE-2014-10207
	RESERVED
CVE-2014-10206
	RESERVED
CVE-2014-10205
	RESERVED
CVE-2014-10204
	RESERVED
CVE-2014-10203
	RESERVED
CVE-2014-10202
	RESERVED
CVE-2014-10201
	RESERVED
CVE-2014-10200
	RESERVED
CVE-2014-1020
	RESERVED
CVE-2014-10199
	RESERVED
CVE-2014-10198
	RESERVED
CVE-2014-10197
	RESERVED
CVE-2014-10196
	RESERVED
CVE-2014-10195
	RESERVED
CVE-2014-10194
	RESERVED
CVE-2014-10193
	RESERVED
CVE-2014-10192
	RESERVED
CVE-2014-10191
	RESERVED
CVE-2014-10190
	RESERVED
CVE-2014-1019
	RESERVED
CVE-2014-10189
	RESERVED
CVE-2014-10188
	RESERVED
CVE-2014-10187
	RESERVED
CVE-2014-10186
	RESERVED
CVE-2014-10185
	RESERVED
CVE-2014-10184
	RESERVED
CVE-2014-10183
	RESERVED
CVE-2014-10182
	RESERVED
CVE-2014-10181
	RESERVED
CVE-2014-10180
	RESERVED
CVE-2014-1018
	RESERVED
CVE-2014-10179
	RESERVED
CVE-2014-10178
	RESERVED
CVE-2014-10177
	RESERVED
CVE-2014-10176
	RESERVED
CVE-2014-10175
	RESERVED
CVE-2014-10174
	RESERVED
CVE-2014-10173
	RESERVED
CVE-2014-10172
	RESERVED
CVE-2014-10171
	RESERVED
CVE-2014-10170
	RESERVED
CVE-2014-1017
	RESERVED
CVE-2014-10169
	RESERVED
CVE-2014-10168
	RESERVED
CVE-2014-10167
	RESERVED
CVE-2014-10166
	RESERVED
CVE-2014-10165
	RESERVED
CVE-2014-10164
	RESERVED
CVE-2014-10163
	RESERVED
CVE-2014-10162
	RESERVED
CVE-2014-10161
	RESERVED
CVE-2014-10160
	RESERVED
CVE-2014-1016
	RESERVED
CVE-2014-10159
	RESERVED
CVE-2014-10158
	RESERVED
CVE-2014-10157
	RESERVED
CVE-2014-10156
	RESERVED
CVE-2014-10155
	RESERVED
CVE-2014-10154
	RESERVED
CVE-2014-10153
	RESERVED
CVE-2014-10152
	RESERVED
CVE-2014-10151
	RESERVED
CVE-2014-10150
	RESERVED
CVE-2014-1015
	RESERVED
CVE-2014-10149
	RESERVED
CVE-2014-10148
	RESERVED
CVE-2014-10147
	RESERVED
CVE-2014-10146
	RESERVED
CVE-2014-10145
	RESERVED
CVE-2014-10144
	RESERVED
CVE-2014-10143
	RESERVED
CVE-2014-10142
	RESERVED
CVE-2014-10141
	RESERVED
CVE-2014-10140
	RESERVED
CVE-2014-1014
	RESERVED
CVE-2014-10139
	RESERVED
CVE-2014-10138
	RESERVED
CVE-2014-10137
	RESERVED
CVE-2014-10136
	RESERVED
CVE-2014-10135
	RESERVED
CVE-2014-10134
	RESERVED
CVE-2014-10133
	RESERVED
CVE-2014-10132
	RESERVED
CVE-2014-10131
	RESERVED
CVE-2014-10130
	RESERVED
CVE-2014-1013
	RESERVED
CVE-2014-10129
	RESERVED
CVE-2014-10128
	RESERVED
CVE-2014-10127
	RESERVED
CVE-2014-10126
	RESERVED
CVE-2014-10125
	RESERVED
CVE-2014-10124
	RESERVED
CVE-2014-10123
	RESERVED
CVE-2014-10122
	RESERVED
CVE-2014-10121
	RESERVED
CVE-2014-10120
	RESERVED
CVE-2014-1012
	RESERVED
CVE-2014-10119
	RESERVED
CVE-2014-10118
	RESERVED
CVE-2014-10117
	RESERVED
CVE-2014-10116
	RESERVED
CVE-2014-10115
	RESERVED
CVE-2014-10114
	RESERVED
CVE-2014-10113
	RESERVED
CVE-2014-10112
	RESERVED
CVE-2014-10111
	RESERVED
CVE-2014-10110
	RESERVED
CVE-2014-1011
	RESERVED
CVE-2014-10109
	RESERVED
CVE-2014-10108
	RESERVED
CVE-2014-10107
	RESERVED
CVE-2014-10106
	RESERVED
CVE-2014-10105
	RESERVED
CVE-2014-10104
	RESERVED
CVE-2014-10103
	RESERVED
CVE-2014-10102
	RESERVED
CVE-2014-10101
	RESERVED
CVE-2014-10100
	RESERVED
CVE-2014-1010
	RESERVED
CVE-2014-10099
	RESERVED
CVE-2014-10098
	RESERVED
CVE-2014-10097
	RESERVED
CVE-2014-10096
	RESERVED
CVE-2014-10095
	RESERVED
CVE-2014-10094
	RESERVED
CVE-2014-10093
	RESERVED
CVE-2014-10092
	RESERVED
CVE-2014-10091
	RESERVED
CVE-2014-10090
	RESERVED
CVE-2014-1009
	RESERVED
CVE-2014-10089
	RESERVED
CVE-2014-10088
	RESERVED
CVE-2014-10087
	RESERVED
CVE-2014-10086
	RESERVED
CVE-2014-10085
	RESERVED
CVE-2014-10084
	RESERVED
CVE-2014-10083
	RESERVED
CVE-2014-10082
	RESERVED
CVE-2014-10081
	RESERVED
CVE-2014-10080
	RESERVED
CVE-2014-1008
	RESERVED
CVE-2014-1007
	RESERVED
CVE-2014-1006
	RESERVED
CVE-2014-1005
	RESERVED
CVE-2014-1003
	RESERVED
CVE-2014-1002
	RESERVED
CVE-2014-1001
	RESERVED
CVE-2014-1000
	RESERVED
CVE-2019-13607 (The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerab ...)
	NOT-FOR-US: Opera Mini application for iOS
CVE-2019-13606
	RESERVED
CVE-2019-13605 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.8 ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13604 (There is a short key vulnerability in HID Global DigitalPersona (forme ...)
	NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader
CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona (formerly Cro ...)
	NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver
CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...)
	{DSA-4504-1}
	- vlc 3.0.7.1-2 (bug #932131)
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938
	NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-13601
	RESERVED
CVE-2019-13600
	RESERVED
CVE-2019-13599 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13598 (LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenti ...)
	NOT-FOR-US: LuaUPnP in Vera Edge Home Controller
CVE-2019-13597 (_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command ...)
	NOT-FOR-US: Sahi Pro
CVE-2019-13596
	RESERVED
CVE-2019-13595
	RESERVED
CVE-2019-13594 (In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware w ...)
	NOT-FOR-US: Mirumee Saleor
CVE-2019-13593
	RESERVED
CVE-2019-13592
	RESERVED
CVE-2019-13591
	RESERVED
CVE-2019-13590 (An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (start ...)
	- sox 14.4.2+git20190427-2 (low; bug #932082)
	[buster] - sox <ignored> (Minor issue)
	[stretch] - sox <ignored> (Minor issue)
	[jessie] - sox <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/sox/bugs/325/
	NOTE: https://sourceforge.net/p/sox/code/ci/7b6a889217d62ed7e28188621403cc7542fd1f7e/
CVE-2019-13589 (The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, incl ...)
	NOT-FOR-US: backdoor in paranoid_2 gem, different from src:ruby-paranoia
CVE-2019-13588 (A cross-site scripting (XSS) vulnerability in getPagingStart() in core ...)
	NOT-FOR-US: WIKINDX
CVE-2019-13587
	RESERVED
CVE-2019-13586
	RESERVED
CVE-2019-13585 (The remote admin webserver on FANUC Robotics Virtual Robot Controller  ...)
	NOT-FOR-US: FANUC Robotics Virtual Robot Controller
CVE-2019-13584 (The remote admin webserver on FANUC Robotics Virtual Robot Controller  ...)
	NOT-FOR-US: FANUC Robotics Virtual Robot Controller
CVE-2019-13583
	RESERVED
CVE-2019-13582 (An issue was discovered in Marvell 88W8688 Wi-Fi firmware before versi ...)
	NOT-FOR-US: Tesla
CVE-2019-13581 (An issue was discovered in Marvell 88W8688 Wi-Fi firmware before versi ...)
	NOT-FOR-US: Tesla
CVE-2019-13580
	RESERVED
CVE-2019-13579
	RESERVED
CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give plugin ...)
	NOT-FOR-US: Impress GiveWP Give plugin for WordPress
CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...)
	NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator
CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
	{DLA-1906-1 DLA-1889-1}
	- python3.7 3.7.3~rc1-1
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.16-3
	[buster] - python2.7 2.7.16-2+deb10u1
	[stretch] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue35121
	NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html
	NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch)
	NOTE: https://github.com/python/cpython/commit/42ad4101d3ba7ca3c371dadf0f8880764c9f15fb (v3.4.10)
	NOTE: https://github.com/python/cpython/commit/4749f1b69000259e23b4cc6f63c542a9bdc62f1b (v3.5.7)
	NOTE: https://github.com/python/cpython/commit/b241af861b37e20ad30533bc0b7e2e5491cc470f (v3.6.9rc1)
	NOTE: https://github.com/python/cpython/commit/e5123d81ffb3be35a1b2767d6ced1a097aaf77be (v3.7.3rc1)
CVE-2019-13576
	RESERVED
CVE-2019-13575 (A SQL injection vulnerability exists in WPEverest Everest Forms plugin ...)
	NOT-FOR-US: WPEverest Everest Forms plugin for WordPress
CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...)
	{DSA-4481-1 DLA-1948-1}
	- ruby-mini-magick 4.9.2-1.1 (bug #931932)
CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer  ...)
	NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress
CVE-2019-13572 (The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL  ...)
	NOT-FOR-US: Adenion Blog2Social plugin for WordPress
CVE-2019-13571 (A SQL injection vulnerability exists in the Vsourz Digital Advanced CF ...)
	NOT-FOR-US: Vsourz Digital Advanced CF7 DB plugin for WordPress
CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...)
	NOT-FOR-US: WordPress plugin AJdG AdRotate
CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers  ...)
	NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress
CVE-2019-13568 (CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CI ...)
	- cimg 2.8.4+dfsg-1 (bug #940952)
	[buster] - cimg <no-dsa> (Minor issue)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <not-affected> (Vulnerable code added later)
	NOTE: https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1
CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote code exec ...)
	NOT-FOR-US: Zoom
CVE-2019-13566 (An issue was discovered in the ROS communications-related packages (ak ...)
	- ros-ros-comm 1.14.3+ds1-10 (bug #945361)
	[buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1
	[stretch] - ros-ros-comm 1.12.6-2+deb9u1
	NOTE: https://github.com/ros/ros_comm/issues/1735
	NOTE: https://github.com/ros/ros_comm/pull/1771
CVE-2019-13565 (An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL ...)
	{DLA-1891-1}
	- openldap 2.4.48+dfsg-1 (low; bug #932998)
	[buster] - openldap 2.4.47+dfsg-3+deb10u1
	[stretch] - openldap 2.4.44+dfsg-5+deb9u3
	NOTE: https://openldap.org/its/?findid=9052
CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...)
	NOT-FOR-US: Ping Identity Agentless Integration Kit
CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the enti ...)
	NOT-FOR-US: D-Link
CVE-2019-13562 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstra ...)
	NOT-FOR-US: D-Link
CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers  ...)
	NOT-FOR-US: D-Link
CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers  ...)
	NOT-FOR-US: D-Link
CVE-2019-13559 (GE Mark VIe Controller is shipped with pre-configured hard-coded crede ...)
	NOT-FOR-US: GE Mark VIe Controller
CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...)
	NOT-FOR-US: WebAccess
CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an  ...)
	NOT-FOR-US: Tasy
CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...)
	NOT-FOR-US: WebAccess
CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...)
	NOT-FOR-US: Mitsubishi
CVE-2019-13554 (GE Mark VIe Controller has an unsecured Telnet protocol that may allow ...)
	NOT-FOR-US: GE Mark VIe Controller
CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
	NOT-FOR-US: Rittal Chiller SK 3232-Series
CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
	NOT-FOR-US: WebAccess
CVE-2019-13551 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vul ...)
	NOT-FOR-US: Advantech
CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
	NOT-FOR-US: WebAccess
CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
	NOT-FOR-US: Rittal Chiller SK 3232-Series
CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
	NOT-FOR-US: CODESYS
CVE-2019-13547 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecu ...)
	NOT-FOR-US: Advantech
CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...)
	NOT-FOR-US: IntelliSpace Perinatal
CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
	NOT-FOR-US: Horner Automation Cscape
CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...)
	NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13543 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...)
	NOT-FOR-US: Medtronic
CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...)
	NOT-FOR-US: 3S-Smart
CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input validati ...)
	NOT-FOR-US: Horner Automation Cscape
CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...)
	NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13539 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...)
	NOT-FOR-US: Medtronic
CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...)
	NOT-FOR-US: 3S-Smart
CVE-2019-13537 (The IEC870IP driver for AVEVA&#8217;s Vijeo Citect and Citect SCADA an ...)
	NOT-FOR-US: IEC870IP driver
CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...)
	NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0  ...)
	NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform
CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
	NOT-FOR-US: Philips
CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...)
	NOT-FOR-US: Omron
CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
	NOT-FOR-US: CODESYS
CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0  ...)
	NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform
CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
	NOT-FOR-US: Philips
CVE-2019-13529 (An attacker could send a malicious link to an authenticated operator,  ...)
	NOT-FOR-US: Sunny WebBox Firmware
CVE-2019-13528 (A specific utility may allow an attacker to gain read access to privil ...)
	NOT-FOR-US: Niagara
CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Version ...)
	NOT-FOR-US: Rockwell
CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0  ...)
	NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrat ...)
	NOT-FOR-US: IP-AK2 Access Control Panel
CVE-2019-13524 (GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/ ...)
	NOT-FOR-US: GE/Emerson
CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
	NOT-FOR-US: Honeywell
CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the  ...)
	NOT-FOR-US: EZ PLC Editor
CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...)
	NOT-FOR-US: Rockwell
CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...)
	NOT-FOR-US: Fuji Electric
CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...)
	NOT-FOR-US: Rockwell
CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...)
	NOT-FOR-US: EZAutomation
CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...)
	NOT-FOR-US: Pyxis
CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...)
	NOT-FOR-US: OSIsoft LLC
CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...)
	NOT-FOR-US: OSIsoft LLC
CVE-2019-13514 (In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior,  ...)
	NOT-FOR-US: Delta Industrial Automation DOPSoft
CVE-2019-13513 (In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior,  ...)
	NOT-FOR-US: Delta Industrial Automation DOPSoft
CVE-2019-13512 (Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out- ...)
	NOT-FOR-US: Fuji Electric FRENIC Loader
CVE-2019-13511 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...)
	NOT-FOR-US: Rockwell Automation Arena Simulation Software
CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...)
	NOT-FOR-US: Rockwell Automation Arena Simulation Software
CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...)
	{DSA-4521-1}
	- docker.io 18.09.1+dfsg1-8 (bug #932673)
CVE-2019-13508 (FreeTDS through 1.1.11 has a Buffer Overflow. ...)
	- freetds 1.1.6-1.1 (bug #944012)
	[buster] - freetds 1.00.104-1+deb10u1
	[stretch] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
	[jessie] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
	NOTE: https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
	NOTE: https://bugs.launchpad.net/bugs/1835896
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1736255
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1141132
CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
	NOT-FOR-US: hidea.com AZ Admin
CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandle ...)
	NOT-FOR-US: Nuxt.js
CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...)
	NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
	{DLA-1855-1}
	- exiv2 0.27.2-6 (low; bug #932467)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/pull/943
	NOTE: https://github.com/Exiv2/exiv2/pull/944
	NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
	NOTE: https://github.com/Exiv2/exiv2/pull/946 (complementary fix)
	NOTE: https://github.com/Exiv2/exiv2/commit/54f0bebca032d0286a0e48f47e67dfc6141fedff
CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2019-13502
	RESERVED
CVE-2019-13501
	RESERVED
CVE-2019-13500
	RESERVED
CVE-2019-13499
	RESERVED
CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...)
	NOT-FOR-US: One Identity Cloud Access Manager
CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF fo ...)
	NOT-FOR-US: One Identity Cloud Access Manager
CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...)
	NOT-FOR-US: One Identity Cloud Access Manager
CVE-2019-13495 (In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross- ...)
	NOT-FOR-US: Zyxel
CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
	NOT-FOR-US: Castle Rock SNMPc
CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library ...)
	NOT-FOR-US: Sitecore
CVE-2019-13492
	RESERVED
CVE-2019-13491
	RESERVED
CVE-2019-13490
	RESERVED
CVE-2019-13489 (Trape through 2019-05-08 has SQL injection via the data[2] variable in ...)
	NOT-FOR-US: Trape
CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in static/js/trape.js in Tr ...)
	NOT-FOR-US: Trape
CVE-2019-13487
	RESERVED
CVE-2019-13486 (In Xymon through 4.3.28, a stack-based buffer overflow exists in the s ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13485 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13484 (In Xymon through 4.3.28, a buffer overflow exists in the status-log vi ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13483 (Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signa ...)
	NOT-FOR-US: Auth0 Passport-SharePoint
CVE-2019-13482 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...)
	NOT-FOR-US: D-Link
CVE-2019-13481 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...)
	NOT-FOR-US: D-Link
CVE-2019-13480
	RESERVED
CVE-2019-13479
	RESERVED
CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
	NOT-FOR-US: Helpy
CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-13477 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in t ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in th ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument injectio ...)
	NOT-FOR-US: MobaXterm
CVE-2019-13474 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...)
	NOT-FOR-US: TELESTAR
CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...)
	NOT-FOR-US: TELESTAR
CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the ...)
	NOT-FOR-US: PHPWind
CVE-2019-13471
	RESERVED
CVE-2019-13470 (MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling ...)
	- matrixssl <removed>
CVE-2019-13469
	RESERVED
CVE-2019-13468
	RESERVED
CVE-2019-13467 (Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk  ...)
	NOT-FOR-US: Western Digital SSD Dashboard and SanDisk SSD Dashboard applications
CVE-2019-13466 (Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard ...)
	NOT-FOR-US: Western Digital SSD Dashboard and SanDisk SSD Dashboard
CVE-2019-13465 (An issue was discovered in the ROS communications-related packages (ak ...)
	- ros-ros-comm 1.14.3+ds1-10 (bug #947946)
	[buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1
	[stretch] - ros-ros-comm 1.12.6-2+deb9u1
	NOTE: https://github.com/ros/ros_comm/issues/1752
	NOTE: https://github.com/ros/ros_comm/pull/1763
CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...)
	- modsecurity-crs 3.2.0-1 (low; bug #943773)
	[buster] - modsecurity-crs 3.1.0-1+deb10u1
	[stretch] - modsecurity-crs <no-dsa> (Minor issue)
	[jessie] - modsecurity-crs <not-affected> (incorrect rule does not exist)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
CVE-2019-13463 (An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Li ...)
	NOT-FOR-US: Simple Link Directory plugin for WordPress
CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
	NOT-FOR-US: Lansweeper
CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
	NOT-FOR-US: PrestaShop
CVE-2019-13460
	RESERVED
CVE-2019-13459
	RESERVED
CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
	{DLA-1877-1}
	- otrs2 6.0.20-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
	NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
	NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
CVE-2019-13457 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
	- otrs2 <not-affected> (Only affects 7.x series)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-11/
CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...)
	- freeradius 3.0.20+dfsg-1
	[buster] - freeradius <no-dsa> (Minor issue)
	[stretch] - freeradius <no-dsa> (Minor issue)
	[jessie] - freeradius <not-affected> (Vulnerable code introduced later in version 3.0.0)
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa (release_3_0_20)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1737663
	NOTE: https://wpa3.mathyvanhoef.com/#new
CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (low; bug #931740)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (low impact issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
	- zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556)
	[buster] - zipios++ <no-dsa> (Minor issue)
	[stretch] - zipios++ <no-dsa> (Minor issue)
	[jessie] - zipios++ <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
	NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
CVE-2019-13452 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in rep ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in his ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-17351 (An issue was discovered in drivers/xen/balloon.c in the Linux kernel b ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.168-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-300.html
CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on ma ...)
	NOT-FOR-US: Zoom Client and RingCentral on MacOS
CVE-2019-13449 (In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a ...)
	NOT-FOR-US: Zoom Client on macOS
CVE-2019-13448 (An issue was discovered in Sertek Xpare 3.67. The login form does not  ...)
	NOT-FOR-US: Sertek Xpare
CVE-2019-13447 (An issue was discovered in Sertek Xpare 3.67. The login form does not  ...)
	NOT-FOR-US: Sertek Xpare
CVE-2019-13446
	REJECTED
CVE-2019-13445 (An issue was discovered in the ROS communications-related packages (ak ...)
	- ros-ros-comm 1.14.3+ds1-11 (bug #947947)
	[buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1
	[stretch] - ros-ros-comm 1.12.6-2+deb9u2
	NOTE: https://github.com/ros/ros_comm/issues/1738
	NOTE: https://github.com/ros/ros_comm/pull/1741
CVE-2019-13444
	RESERVED
CVE-2019-13443
	RESERVED
CVE-2019-13442
	RESERVED
CVE-2019-13441
	RESERVED
CVE-2019-13440
	RESERVED
CVE-2019-13439
	RESERVED
CVE-2019-13438
	RESERVED
CVE-2019-13437
	RESERVED
CVE-2019-13436
	RESERVED
CVE-2019-13435
	RESERVED
CVE-2019-13434
	RESERVED
CVE-2019-13433
	RESERVED
CVE-2019-13432
	RESERVED
CVE-2019-13431
	RESERVED
CVE-2019-13430
	RESERVED
CVE-2019-13429
	RESERVED
CVE-2019-13428
	RESERVED
CVE-2019-13427
	RESERVED
CVE-2019-13426
	RESERVED
CVE-2019-13425
	RESERVED
CVE-2019-13424
	RESERVED
CVE-2019-13423 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...)
	NOT-FOR-US: Search Guard
CVE-2019-13422 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...)
	NOT-FOR-US: Search Guard
CVE-2019-13421 (Search Guard versions before 23.1 had an issue that an administrative  ...)
	NOT-FOR-US: Search Guard
CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...)
	NOT-FOR-US: Search Guard
CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...)
	NOT-FOR-US: Search Guard
CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...)
	NOT-FOR-US: Search Guard
CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...)
	NOT-FOR-US: Search Guard
CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
	NOT-FOR-US: Search Guard
CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
	NOT-FOR-US: Search Guard
CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-13412 (A service which is hosted on port 3097 in HiNet GPON firmware &lt; I04 ...)
	NOT-FOR-US: HiNet GPON firmware
CVE-2019-13411 (An &#8220;invalid command&#8221; handler issue was discovered in HiNet ...)
	NOT-FOR-US: HiNet GPON firmware
CVE-2019-13410 (TOPMeeting before version 8.8 (2019/08/19) shows attendees account and ...)
	NOT-FOR-US: TOPMeeting
CVE-2019-13409 (A SQL injection vulnerability was discovered in TOPMeeting before vers ...)
	NOT-FOR-US: TOPMeeting
CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 firmware v ...)
	NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses  ...)
	NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13406 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
	NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13405 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
	NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows  ...)
	NOT-FOR-US: Disputed issue for Windows installer for Python
CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control vulnerability in  ...)
	NOT-FOR-US: Temenos CWX
CVE-2019-13402 (/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactoryd ...)
	NOT-FOR-US: Dynacolor
CVE-2019-13401 (Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi ...)
	NOT-FOR-US: Dynacolor
CVE-2019-13400 (Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store admin ...)
	NOT-FOR-US: Dynacolor
CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that ...)
	NOT-FOR-US: Dynacolor
CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute  ...)
	NOT-FOR-US: Dynacolor
CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker ...)
	NOT-FOR-US: osTicket
CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...)
	NOT-FOR-US: FlightPath
CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF a ...)
	NOT-FOR-US: Netgear
CVE-2019-13394 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Bas ...)
	NOT-FOR-US: Netgear
CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same ...)
	NOT-FOR-US: Netgear
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
	NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (low; bug #931633)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
	NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
	NOTE: which seems to be the actual patch for this issue.
CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
	- ffmpeg 7:4.2.1-1 (low; bug #932535)
	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
	NOTE: https://trac.ffmpeg.org/ticket/7979
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
	NOT-FOR-US: RainLoop Webmail
CVE-2019-13388
	RESERVED
CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13386 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden  ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13385 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and  ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13384
	RESERVED
CVE-2019-13383 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13382 (UploaderService in SnagIT 2019.1.2 allows elevation of privilege by pl ...)
	NOT-FOR-US: SnagIT
CVE-2019-13381
	REJECTED
CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from  ...)
	NOT-FOR-US: KEYNTO Team Password Manager
CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access  ...)
	NOT-FOR-US: AVTECH Room Alert
CVE-2019-13378
	RESERVED
CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2 ...)
	{DSA-4538-1}
	- wpa 2:2.9-1 (bug #934180)
	[stretch] - wpa <not-affected> (Introduced in 2.5)
	[jessie] - wpa <not-affected> (Introduced in 2.5)
	NOTE: https://wpa3.mathyvanhoef.com/#new
	NOTE: Added in v2.5: https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog:
	NOTE: "added support for Brainpool Elliptic Curves with SAE"
	NOTE: Patches: https://w1.fi/security/2019-6/
CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...)
	{DLA-1942-2 DLA-1942-1}
	- phpbb3 <removed>
	NOTE: https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
	NOTE: fixed in 3.2.8 as 'SECURITY-246'
	NOTE: https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
	NOTE: follow-up to incomplete fix for CVE-2019-16993
CVE-2019-16993 (In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper v ...)
	{DLA-1942-2 DLA-1942-1}
	- phpbb3 <removed>
	NOTE: https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789
	NOTE: https://www.phpbb.com/community/viewtopic.php?t=2352606
CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...)
	NOT-FOR-US: D-Link
CVE-2019-13374 (A cross-site scripting (XSS) vulnerability in resource view in PayActi ...)
	NOT-FOR-US: D-Link
CVE-2019-13373 (An issue was discovered in the D-Link Central WiFi Manager CWM(100) be ...)
	NOT-FOR-US: D-Link
CVE-2019-13372 (/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager C ...)
	NOT-FOR-US: D-Link
CVE-2019-13371
	RESERVED
CVE-2019-13370 (index.php/admin/permissions in Ignited CMS through 2017-02-19 allows C ...)
	NOT-FOR-US: Ignited CMS
CVE-2019-13369
	REJECTED
CVE-2019-13368
	REJECTED
CVE-2019-13367
	REJECTED
CVE-2019-13366
	RESERVED
CVE-2019-13365
	RESERVED
CVE-2019-13364 (admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat&amp ...)
	- piwigo <removed>
CVE-2019-13363 (admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nb ...)
	- piwigo <removed>
CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...)
	NOT-FOR-US: Codedoc
CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...)
	NOT-FOR-US: Smanos W100 1.0.0 devices
CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote at ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv- ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows  ...)
	NOT-FOR-US: OpenCats
CVE-2019-13357 (In Total Defense Anti-virus 9.0.0.773, resource acquisition from the u ...)
	NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13356 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...)
	NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13355 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...)
	NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...)
	NOT-FOR-US: strong_password gem
CVE-2019-13353
	RESERVED
CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic  ...)
	NOT-FOR-US: WolfVision Cynap
CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as dist ...)
	- jackd2 <unfixed> (low; bug #931488)
	[buster] - jackd2 <no-dsa> (Minor issue)
	[stretch] - jackd2 <no-dsa> (Minor issue)
	[jessie] - jackd2 <postponed> (Minor issue, hard to reproduce crash with theoretically possible file corruption, no sensitive data to leak)
	NOTE: https://github.com/jackaudio/jack2/pull/480
	NOTE: https://github.com/jackaudio/jack2/commit/994e225bbb07a89f56147f7ce7d59beb49f8cfba
CVE-2019-13350
	RESERVED
CVE-2019-13349 (In Knowage through 6.1.1, an authenticated user that accesses the user ...)
	NOT-FOR-US: Knowage
CVE-2019-13348 (In Knowage through 6.1.1, an authenticated user who accesses the datas ...)
	NOT-FOR-US: Knowage
CVE-2019-13347 (An issue was discovered in the SAML Single Sign On (SSO) plugin for se ...)
	NOT-FOR-US: SAML Single Sign On plugin for several Atlassian products
CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
	NOT-FOR-US: MyT
CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
	{DSA-4507-1 DLA-1847-1}
	- squid 4.8-1 (bug #931478)
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
	NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=4957
	NOTE: https://github.com/squid-cache/squid/pull/429
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-be1dc8614e7514103ba84d4067ed6fd15ab8f82e.patch
	NOTE: Squid 3.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-5730c2b5cb56e7639dc423dd62651c8736a54e35.patch
CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like Button p ...)
	NOT-FOR-US: CRUDLab WP Like Button plugin for WordPress
CVE-2019-13343 (Butor Portal before 1.0.27 is affected by a Path Traversal vulnerabili ...)
	NOT-FOR-US: Butor Portal
CVE-2019-13342
	RESERVED
CVE-2019-13341 (In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment b ...)
	NOT-FOR-US: MiniCMS
CVE-2019-13340 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...)
	NOT-FOR-US: MiniCMS
CVE-2019-13339 (In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (cont ...)
	NOT-FOR-US: MiniCMS
CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the passwor ...)
	NOT-FOR-US: WESEEK GROWI
CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication can b ...)
	NOT-FOR-US: WESEEK GROWI
CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attack ...)
	NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has  ...)
	NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13333 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13330 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13329 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13328 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13327 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13326 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13325 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-13324 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-13323 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-13322 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2019-13321 (This vulnerability allows network adjacent attackers to execute arbitr ...)
	NOT-FOR-US: Foxit
CVE-2019-13320 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13319 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13318 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13317 (This vulnerability allows remote atackers to execute arbitrary code on ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13316 (This vulnerability allows remote atackers to execute arbitrary code on ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13315 (This vulnerability allows remote atackers to execute arbitrary code on ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13314 (virt-bootstrap 1.1.0 allows local users to discover a root password by ...)
	- virt-bootstrap <itp> (bug #871621)
CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by listing  ...)
	- libosinfo 1.6.0-1 (bug #931479)
	[buster] - libosinfo <ignored> (Minor issue)
	[stretch] - libosinfo <ignored> (Minor issue)
	[jessie] - libosinfo <postponed> (Minor issue, local transient password leak in `ps`, affected binary not used by other packages)
	NOTE: https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html
CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based b ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: https://trac.ffmpeg.org/ticket/7980
	NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1623
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
CVE-2019-13310 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (low; bug #931447)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
	{DSA-4715-1 DSA-4712-1}
	- imagemagick <unfixed> (bug #931448)
	[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
	NOTE: incomplete, introduces a memory leak, follow-up patches:
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
	{DSA-4715-1 DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (bug #931449)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
	NOTE: initial fix:
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa
	NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
	{DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (bug #931452)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
	{DSA-4715-1 DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (bug #931453)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a2f84f23d064e98f423aa0d050ff98838cf0a1b1
CVE-2019-13303 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCo ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d29148fae06c01ef215940e084cf41853c117bab
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1603
CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCo ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1597
CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
	{DSA-4715-1 DSA-4712-1}
	- imagemagick <unfixed> (bug #931454)
	[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8187d2d8fd010d2d6b1a3a8edd935beec404dddc
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1610
CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
	{DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (low; bug #931455)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
	NOTE: Some older version before the fixing commit did as well not check for
	NOTE: width size (cf. CVE-2019-13295).
CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemor ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
	{DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (low; bug #931457)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...)
	NOT-FOR-US: AROX School-ERP Pro
CVE-2019-13293
	RESERVED
CVE-2019-13292 (A SQL Injection issue was discovered in webERP 4.15. Payments.php acce ...)
	NOT-FOR-US: webERP
CVE-2019-13291 (In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13290 (Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_dis ...)
	- mupdf 1.15.0+ds1-1 (bug #931475)
	[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701118
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85
	NOTE: Introduced in 1.6 / http://git.ghostscript.com/?p=mupdf.git;a=commit;f=source/fitz/list-device.c;h=e9411aba2b71b67b8521f55917ab26585c464b88
CVE-2019-13289 (In Xpdf 4.01.01, there is a use-after-free vulnerability in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13288 (In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause  ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13287 (In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the f ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13286 (In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13285 (CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. ...)
	NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2019-13284
	RESERVED
CVE-2019-13283 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in s ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13282 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in S ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DC ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
	NOT-FOR-US: TRENDnet
CVE-2019-13279 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
	NOT-FOR-US: TRENDnet
CVE-2019-13278 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
	NOT-FOR-US: TRENDnet
CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows a ...)
	NOT-FOR-US: TRENDnet TEW-827DRU
CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...)
	NOT-FOR-US: TRENDnet
CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before  ...)
	NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
CVE-2019-13274 (In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CG ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13273 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in the ...)
	{DLA-1898-1}
	- xymon 4.3.29-1
	[buster] - xymon 4.3.28-5+deb10u1
	[stretch] - xymon 4.3.28-2+deb9u1
	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mish ...)
	{DSA-4484-1 DLA-1863-1 DLA-1862-1}
	- linux 4.19.37-6
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1140671
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
	NOTE: https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee
CVE-2019-13271 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
	NOT-FOR-US: Edimax BR-6208AC V1 devices
CVE-2019-13270 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
	NOT-FOR-US: Edimax BR-6208AC V1 devices
CVE-2019-13269 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
	NOT-FOR-US: Edimax BR-6208AC V1 devices
CVE-2019-13268 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
	NOT-FOR-US: TP-Link
CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
	NOT-FOR-US: TP-Link
CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
	NOT-FOR-US: TP-Link
CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
	NOT-FOR-US: D-link
CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
	NOT-FOR-US: D-link
CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
	NOT-FOR-US: D-link
CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13260 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13259 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13258 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13257 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13256 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13255 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13254 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13253 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13252 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...)
	NOT-FOR-US: ACDSee Free
CVE-2019-13251 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...)
	NOT-FOR-US: ACDSee Free
CVE-2019-13250 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...)
	NOT-FOR-US: ACDSee Free
CVE-2019-13249 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...)
	NOT-FOR-US: ACDSee Free
CVE-2019-13248 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPE ...)
	NOT-FOR-US: ACDSee Free
CVE-2019-13247 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPE ...)
	NOT-FOR-US: ACDSee Free
CVE-2019-13246 (FastStone Image Viewer 7.0 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2019-13245 (FastStone Image Viewer 7.0 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2019-13244 (FastStone Image Viewer 7.0 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2019-13243 (IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00 ...)
	NOT-FOR-US: IrfanView
CVE-2019-13242 (IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00 ...)
	NOT-FOR-US: IrfanView
CVE-2019-13241 (FlightCrew v0.9.2 and older are vulnerable to a directory traversal, a ...)
	- flightcrew 0.7.2+dfsg-14
	[buster] - flightcrew 0.7.2+dfsg-13+deb10u1
	[stretch] - flightcrew 0.7.2+dfsg-9+deb9u1
	NOTE: https://github.com/Sigil-Ebook/flightcrew/issues/52
CVE-2019-13240 (An issue was discovered in GLPI before 9.4.1. After a successful passw ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7
	NOTE: https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-13238 (An issue was discovered in Bento4 1.5.1.0. A memory allocation failure ...)
	NOT-FOR-US: Bento4
CVE-2019-13237 (In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vul ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2019-13236 (In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are m ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2019-13235 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2019-13234 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...)
	{DLA-1846-1}
	- unzip 6.0-24 (unimportant; bug #931433)
	[buster] - unzip 6.0-23+deb10u1
	[stretch] - unzip 6.0-21+deb9u2
	NOTE: https://www.bamsoftware.com/hacks/zipbomb/
	NOTE: Fixed by: https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c
	NOTE: Fix depends on: https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213
	NOTE: Further commit needed: https://github.com/madler/unzip/commit/6d351831be705cc26d897db44f878a978f4138fc
	NOTE: No security impact, crash in CLI tool, any server implementing automatic extraction needs
	NOTE: to apply resource limits anyway
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3
CVE-2019-13231
	RESERVED
CVE-2019-13230
	RESERVED
CVE-2019-13229 (deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the  ...)
	- deepin-clone <itp> (bug #873045)
CVE-2019-13228 (deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootD ...)
	- deepin-clone <itp> (bug #873045)
CVE-2019-13227 (In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed ...)
	- deepin-clone <itp> (bug #873045)
CVE-2019-13226 (deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/m ...)
	- deepin-clone <itp> (bug #873045)
CVE-2018-20850 (Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3. ...)
	NOT-FOR-US: Stormshield Network Security
CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is ...)
	{DSA-4495-1}
	- linux 5.2.6-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
	NOTE: Fixed by: https://git.kernel.org/linus/de9f869616dd95e95c00bdd6b0fcd3421e8a4323
CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9 ...)
	- libonig 6.9.2-1 (low; bug #931878)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	[jessie] - libonig <not-affected> (vulnerable code was introduced later)
	NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...)
	{DLA-1854-1}
	- libonig 6.9.2-1 (low; bug #931878)
	[buster] - libonig <no-dsa> (Minor issue)
	[stretch] - libonig <no-dsa> (Minor issue)
	NOTE: https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
CVE-2019-13223 (A reachable assertion in the lookup1_values function in stb_vorbis thr ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13222 (An out-of-bounds read of a global buffer in the draw_line function in  ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13221 (A stack buffer overflow in the compute_codewords function in stb_vorbi ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2
CVE-2019-13220 (Use of uninitialized stack variables in the start_decoder function in  ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13219 (A NULL pointer dereference in the get_window function in stb_vorbis th ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13218 (Division by zero in the predict_point function in stb_vorbis through 2 ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2
CVE-2019-13217 (A heap buffer overflow in the start_decoder function in stb_vorbis thr ...)
	- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2019-13216
	RESERVED
CVE-2019-13215
	RESERVED
CVE-2019-13214
	RESERVED
CVE-2019-13213
	RESERVED
CVE-2019-13212
	RESERVED
CVE-2019-13211
	RESERVED
CVE-2019-13210
	RESERVED
CVE-2019-13209 (Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijack ...)
	NOT-FOR-US: Rancher
CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...)
	NOT-FOR-US: Waves MAXX Audio
CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
	- nsd 4.2.4-1 (low; bug #931476)
	[buster] - nsd <no-dsa> (Minor issue)
	[stretch] - nsd <no-dsa> (Minor issue)
	[jessie] - nsd <postponed> (Minor issue, crash on malformed admin-controlled disk configuration)
	- nsd3 <removed>
	NOTE: https://github.com/NLnetLabs/nsd/issues/20
	NOTE: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5
CVE-2019-13206 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13205 (All configuration parameters of certain Kyocera printers (such as the  ...)
	NOT-FOR-US: Kyocera
CVE-2019-13204 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13203 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13202 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13201 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13200 (The web application of several Kyocera printers (such as the ECOSYS M5 ...)
	NOT-FOR-US: Kyocera
CVE-2019-13199 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) d ...)
	NOT-FOR-US: Kyocera
CVE-2019-13198 (The web application of several Kyocera printers (such as the ECOSYS M5 ...)
	NOT-FOR-US: Kyocera
CVE-2019-13197 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13196 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...)
	NOT-FOR-US: Kyocera
CVE-2019-13195 (The web application of some Kyocera printers (such as the ECOSYS M5526 ...)
	NOT-FOR-US: Kyocera
CVE-2019-13194 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...)
	NOT-FOR-US: Brother
CVE-2019-13193 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...)
	NOT-FOR-US: Brother
CVE-2019-13192 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...)
	NOT-FOR-US: Brother
CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...)
	NOT-FOR-US: IntraMaps MapControl
CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...)
	NOT-FOR-US: Knowage
CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...)
	NOT-FOR-US: Knowage
CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass access co ...)
	NOT-FOR-US: Knowage
CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...)
	NOT-FOR-US: Symphony CMS addon
CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...)
	NOT-FOR-US: MiniCMS
CVE-2019-13185
	RESERVED
CVE-2019-13184
	RESERVED
CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as  ...)
	NOT-FOR-US: Flarum
CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in the web UI ...)
	NOT-FOR-US: SolarWinds
CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of SolarWinds Serv- ...)
	NOT-FOR-US: SolarWinds
CVE-2019-13180
	RESERVED
CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...)
	- calamares 3.2.11-1 (bug #931392)
	[buster] - calamares <ignored> (Mitigated via calamares-settings-debian in Debian)
	- calamares-settings-debian 10.0.23-1 (bug #931373)
	[buster] - calamares-settings-debian 10.0.20-1+deb10u1
	NOTE: https://github.com/calamares/calamares/issues/1191
	NOTE: https://github.com/calamares/calamares/commit/003096698627a527b589c0c929dda4d58f23fd93
	NOTE: The issue itself can be adressed as well via calamares-settings-debian and
	NOTE: placing a more restrictive umask override in /etc/initramfs-tools/conf.d
	NOTE: directory.
	NOTE: https://github.com/calamares/calamares/commit/43eb664e7d44d963bb7b82d03215d84b47100ba0
	NOTE: Fixed by: https://github.com/calamares/calamares/commit/c9b675cbc64ac5aab35ddd86a64311abd50f7720
CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...)
	- calamares 3.2.11-1 (unimportant; bug #931391)
	NOTE: https://github.com/calamares/calamares/issues/1190
	NOTE: Fixed by: https://github.com/calamares/calamares/commit/c9b675cbc64ac5aab35ddd86a64311abd50f7720
	NOTE: Negligible security impact, Debian live media grant a sudo root shell anyway
CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...)
	NOT-FOR-US: django-rest-registration
CVE-2019-13176 (An issue was discovered in the 3CX Phone system (web) management conso ...)
	NOT-FOR-US: 3CX Phone system
CVE-2019-13175 (Read the Docs before 3.5.1 has an Open Redirect if certain user-define ...)
	NOT-FOR-US: Read the Docs
CVE-2019-13174
	RESERVED
CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...)
	- node-fstream 1.0.12-1 (bug #931408)
	[buster] - node-fstream 1.0.10-1+deb10u1
	[stretch] - node-fstream 1.0.10-1+deb9u1
	[jessie] - node-fstream <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://www.npmjs.com/advisories/886
	NOTE: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
CVE-2019-13172 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
	NOT-FOR-US: Xerox
CVE-2019-13171 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
	NOT-FOR-US: Xerox
CVE-2019-13170 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...)
	NOT-FOR-US: Xerox
CVE-2019-13169 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
	NOT-FOR-US: Xerox
CVE-2019-13168 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
	NOT-FOR-US: Xerox
CVE-2019-13167 (Multiple Stored XSS vulnerabilities were found in the Xerox Web Applic ...)
	NOT-FOR-US: Xerox
CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...)
	NOT-FOR-US: Xerox
CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
	NOT-FOR-US: Xerox
CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
	{DSA-4512-1 DSA-4506-1 DLA-1927-1}
	- qemu 1:4.1-1 (bug #931351)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...)
	NOT-FOR-US: Fujitsu
CVE-2019-13162
	RESERVED
CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x  ...)
	- asterisk 1:16.2.1~dfsg-2 (low; bug #931981)
	[buster] - asterisk 1:16.2.1~dfsg-1+deb10u1
	[stretch] - asterisk <no-dsa> (Minor issue)
	[jessie] - asterisk <postponed> (Minor issue)
	NOTE: http://downloads.digium.com/pub/security/AST-2019-003.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28465
CVE-2019-13160
	RESERVED
CVE-2019-13159
	RESERVED
CVE-2019-13158
	RESERVED
CVE-2019-13157 (nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrit ...)
	NOT-FOR-US: Naver Vaccine
CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer ove ...)
	NOT-FOR-US: Naver Cloud Explorer
CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13153 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13152 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13151 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13150 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13149 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
	NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...)
	- audiofile <unfixed> (low; bug #931343)
	[buster] - audiofile <no-dsa> (Minor issue)
	[stretch] - audiofile <no-dsa> (Minor issue)
	[jessie] - audiofile <postponed> (Minor issue, local DoS)
	NOTE: https://github.com/mpruett/audiofile/issues/54
CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A method call ...)
	NOT-FOR-US: field_test gem
CVE-2019-13145
	REJECTED
CVE-2019-13144 (myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in  ...)
	NOT-FOR-US: myTinyTodo
CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen Dragon Br ...)
	NOT-FOR-US: Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50
CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe)  ...)
	NOT-FOR-US: Razer Surround
CVE-2019-13141
	RESERVED
CVE-2019-13140 (Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI  ...)
	NOT-FOR-US: Inteno
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplying or m ...)
	{DSA-4521-1}
	[experimental] - docker.io 18.09.5+dfsg1-1
	- docker.io 18.09.1+dfsg1-8 (bug #933002)
	NOTE: https://github.com/moby/moby/pull/38944
	NOTE: https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
CVE-2019-13138
	RESERVED
CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant; bug #931342)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1601
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerability in t ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
	{DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (bug #932079)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d (6.x)
CVE-2019-13134 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1600
CVE-2019-13133 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
	- imagemagick <not-affected> (Only affects Imagemagick 7)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1600
CVE-2019-13132 (In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4. ...)
	{DSA-4477-1 DLA-1849-1}
	- zeromq3 4.3.1-5
	NOTE: https://github.com/zeromq/libzmq/issues/3558
CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not implemented in ag ...)
	NOT-FOR-US: Super Micro SuperDoctor
CVE-2019-13130
	RESERVED
CVE-2019-13129 (On the Motorola router CX2L MWR04L 1.01, there is a stack consumption  ...)
	NOT-FOR-US: Motorola
CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...)
	NOT-FOR-US: D-Link
CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to the "draw ...)
	NOT-FOR-US: mxGraph
CVE-2019-13126 (An integer overflow in NATS Server before 2.0.2 allows a remote attack ...)
	NOT-FOR-US: NATS Server
CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...)
	NOT-FOR-US: Tencent
CVE-2019-13124 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13123 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag  ...)
	NOT-FOR-US: Patchwork
CVE-2019-13121 (An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0 ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 lacks length checking in pr ...)
	NOT-FOR-US: Amazon FreeRTOS
CVE-2019-13119
	RESERVED
CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of  ...)
	{DLA-1860-1}
	- libxslt 1.1.32-2.1 (low; bug #931320; bug #933743)
	[buster] - libxslt 1.1.32-2.1~deb10u1
	[stretch] - libxslt 1.1.29-2.1+deb9u1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
	NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain format stri ...)
	{DLA-1860-1}
	- libxslt 1.1.32-2.1 (low; bug #931321; bug #933743)
	[buster] - libxslt 1.1.32-2.1~deb10u1
	[stretch] - libxslt 1.1.29-2.1+deb9u1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
	NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 allows r ...)
	NOT-FOR-US: MuleSoft Mule
CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
	{DLA-1730-3}
	- libssh2 <unfixed> (bug #932329)
	[buster] - libssh2 <no-dsa> (Minor issue)
	[stretch] - libssh2 <no-dsa> (Minor issue)
	NOTE: https://blog.semmle.com/libssh2-integer-overflow/
	NOTE: https://github.com/libssh2/libssh2/pull/350
CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <not-affected> (HTTP support yet added in 0.25)
	NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
	NOTE: https://github.com/Exiv2/exiv2/issues/793
CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...)
	- exiv2 0.27.2-6 (unimportant)
	NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933
	NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
	NOTE: https://github.com/Exiv2/exiv2/issues/841
	NOTE: Negligible security impact
CVE-2019-13112 (A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2  ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue, clean exception / local DoS)
	NOTE: https://github.com/Exiv2/exiv2/commit/1ed1e03c83802547585833fa9d4433af94798778
	NOTE: https://github.com/Exiv2/exiv2/issues/845
CVE-2019-13111 (A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...)
	- exiv2 <not-affected> (Only affected 0.27, vulnerable versions were only in experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/791
	NOTE: https://github.com/Exiv2/exiv2/pull/797/commits
CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and out-of-bounds read ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue, read segfault)
	NOTE: https://github.com/Exiv2/exiv2/issues/843
	NOTE: https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967
CVE-2019-13109 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <not-affected> (ICC-specific support added in 0.26, PoC doesn't crash)
	NOTE: https://github.com/Exiv2/exiv2/commit/491c3ebe3b3faa6d8f75fb28146186792c2439da
	NOTE: https://github.com/Exiv2/exiv2/issues/790
CVE-2019-13108 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <not-affected> (ICC-specific support added in 0.26, PoC doesn't crash)
	NOTE: https://github.com/Exiv2/exiv2/commit/5d1d6981229b5e44401bf5c503100553fc7d877a
	NOTE: https://github.com/Exiv2/exiv2/issues/789
CVE-2019-13107 (Multiple integer overflows exist in MATIO before 1.5.16, related to ma ...)
	[experimental] - libmatio 1.5.16-1
	- libmatio 1.5.17-3 (bug #931323)
	[buster] - libmatio <no-dsa> (Minor issue)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: Several commits between 1.5.15..1.5.16: https://github.com/tbeu/matio/compare/f8cd397...fabac6c
CVE-2019-13106 (Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much  ...)
	- u-boot 2020.01+dfsg-1 (low)
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375516.html
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba
CVE-2019-13105 (Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a  ...)
	- u-boot 2020.01+dfsg-1 (low)
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375513.html
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/6e5a79de658cb1c8012c86e0837379aa6eabd024
CVE-2019-13104 (In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow c ...)
	- u-boot 2020.01+dfsg-1 (low)
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375514.html
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/878269dbe74229005dd7f27aca66c554e31dad8e
CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Das U-Bo ...)
	- u-boot 2020.01+dfsg-1 (low)
	[buster] - u-boot <no-dsa> (Minor issue)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <no-dsa> (Minor issue)
	NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375512.html
	NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/232e2f4fd9a24bf08215ddc8c53ccadffc841fb5
CVE-2019-13102
	RESERVED
CVE-2019-13101 (An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06  ...)
	NOT-FOR-US: D-Link
CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores confidential i ...)
	NOT-FOR-US: Send Anywhere application for Android
CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential information ...)
	NOT-FOR-US: Momo application for Android
CVE-2019-13098 (The user password via the registration form of TronLink Wallet 2.2.0 i ...)
	NOT-FOR-US: TronLink Wallet
CVE-2019-13097 (The application API of Cat Runner Decorate Home version 2.8.0 for Andr ...)
	NOT-FOR-US: Cat Runner Decorate Home
CVE-2019-13096 (TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and pla ...)
	NOT-FOR-US: TronLink Wallet
CVE-2019-13095
	RESERVED
CVE-2019-13094
	RESERVED
CVE-2019-13093
	RESERVED
CVE-2019-13092
	RESERVED
CVE-2019-13091
	RESERVED
CVE-2019-13090
	RESERVED
CVE-2019-13089
	RESERVED
CVE-2019-13088
	RESERVED
CVE-2019-13087
	RESERVED
CVE-2019-13086 (core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/log ...)
	NOT-FOR-US: CSZ CMS
CVE-2019-13085 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13084 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
	NOT-FOR-US: XnView
CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...)
	NOT-FOR-US: Chamilo LMS
CVE-2019-13081 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13080 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13079 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13078 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13077 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13076 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerability. I ...)
	- firefox-esr 68.2.0esr-1 (unimportant)
	- firefox 68.0-1 (unimportant)
	NOTE: https://hackerone.com/reports/588239
	NOTE: https://trac.torproject.org/projects/tor/ticket/30657
	NOTE: This affects Firefox, but it's not a security issue in Firefox by itself
CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 c ...)
	NOT-FOR-US: MikroTik
CVE-2019-13073
	RESERVED
CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the  ...)
	NOT-FOR-US: Arastta eCommerce
CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and ...)
	NOT-FOR-US: Advisto PEEL SHOPPING
CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allow ...)
	- zoneminder 1.34.6-1
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel Business E ...)
	NOT-FOR-US: CyberPower PowerPanel Business Edition
CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...)
	NOT-FOR-US: CyberPower PowerPanel Business Edition
CVE-2019-13069 (extenua SilverSHielD 6.x fails to secure its ProgramData folder, leadi ...)
	NOT-FOR-US: extenua SilverSHielD
CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows ...)
	- grafana <removed>
	NOTE: https://github.com/grafana/grafana/issues/17718
CVE-2019-13067 (njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_d ...)
	NOT-FOR-US: njs
CVE-2019-13066 (Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBRep ...)
	NOT-FOR-US: Sahi Pro
CVE-2019-13065
	RESERVED
CVE-2019-13064
	RESERVED
CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to ...)
	NOT-FOR-US: Sahi Pro
CVE-2019-13062
	RESERVED
CVE-2019-13061
	RESERVED
CVE-2019-13060
	RESERVED
CVE-2019-13059
	RESERVED
CVE-2019-13058
	RESERVED
CVE-2019-13057 (An issue was discovered in the server in OpenLDAP before 2.4.48. When  ...)
	{DLA-1891-1}
	- openldap 2.4.48+dfsg-1 (low; bug #932997)
	[buster] - openldap 2.4.47+dfsg-3+deb10u1
	[stretch] - openldap 2.4.44+dfsg-5+deb9u3
	NOTE: https://openldap.org/its/?findid=9038
CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit  ...)
	NOT-FOR-US: CyberPanel
CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...)
	NOT-FOR-US: Logitech
CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to determine t ...)
	NOT-FOR-US: Logitech
CVE-2019-13053 (Logitech Unifying devices allow keystroke injection, bypassing encrypt ...)
	NOT-FOR-US: Logitech
CVE-2019-13052 (Logitech Unifying devices allow live decryption if the pairing of a ke ...)
	NOT-FOR-US: Logitech
CVE-2019-13051 (Pi-Hole 4.3 allows Command Injection. ...)
	NOT-FOR-US: Pi-Hole
CVE-2019-13050 (Interaction between the sks-keyserver code through 1.2.0 of the SKS ke ...)
	NOT-FOR-US: Conceptual weakness in PGP keyserver design
CVE-2019-13049 (An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows user ...)
	NOT-FOR-US: ToaruOS
CVE-2019-13048 (kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of serv ...)
	NOT-FOR-US: ToaruOS
CVE-2019-13047 (kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access co ...)
	NOT-FOR-US: ToaruOS
CVE-2019-13046 (linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH ...)
	NOT-FOR-US: ToaruOS
CVE-2019-13044
	REJECTED
CVE-2019-13043
	RESERVED
CVE-2019-13042
	RESERVED
CVE-2019-13041
	RESERVED
CVE-2019-13040
	RESERVED
CVE-2019-13039
	RESERVED
CVE-2019-13038 (mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...)
	- libapache2-mod-auth-mellon 0.15.0-1 (low; bug #931265)
	[buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
	[stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
	[jessie] - libapache2-mod-auth-mellon <ignored> (Open Redirect protection not implemented yet)
	NOTE: https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885
CVE-2019-13037
	RESERVED
CVE-2019-13036
	RESERVED
CVE-2019-13035 (Artica Pandora FMS 7.0 NG before 735 suffers from local privilege esca ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2019-13034
	RESERVED
CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke injection, ...)
	NOT-FOR-US: Logitech
CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...)
	- irssi 1.2.1-1 (low; bug #931264)
	[buster] - irssi <no-dsa> (Minor issue)
	[stretch] - irssi <no-dsa> (Minor issue)
	[jessie] - irssi <not-affected> (vulnerable sasl code is not present)
	NOTE: https://irssi.org/security/irssi_sa_2019_06.txt
	NOTE: https://github.com/irssi/irssi/pull/1058
	NOTE: https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8
	NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1
CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by  ...)
	{DLA-2253-1}
	- lynis 3.0.0-1 (unimportant; bug #963161)
	NOTE: https://cisofy.com/security/cve/cve-2019-13033/
	NOTE: https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30
	NOTE: Enabling license system in the packaged version is possible, but enabling it
	NOTE: makes little sense as users will end-up quitting on all the extra tests that
	NOTE: are not opensourced (and only present in the enterprise version).
CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL point ...)
	- flightcrew 0.7.2+dfsg-14 (unimportant; bug #931246)
	[buster] - flightcrew 0.7.2+dfsg-13+deb10u1
	[stretch] - flightcrew 0.7.2+dfsg-9+deb9u1
	NOTE: https://github.com/Sigil-Ebook/flightcrew/issues/53
	NOTE: https://github.com/Sigil-Ebook/flightcrew/commit/c75c100218ed5c0e7652947051e28b54a75212ae
	NOTE: https://github.com/Sigil-Ebook/flightcrew/commit/b4f4a70f604ddcb4e8e343aa0e690764fc46d780
	NOTE: Negligible security impact
CVE-2019-13030 (eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prio ...)
	NOT-FOR-US: eQ-3 Homematic CCU3
CVE-2019-13029 (Multiple stored Cross-site scripting (XSS) issues in the admin panel a ...)
	NOT-FOR-US: REDCap
CVE-2019-13028 (An incorrect implementation of a local web server in eID client (Windo ...)
	NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic)
CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has S ...)
	NOT-FOR-US: Realization Concerto Critical Chain Planner
CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Inject ...)
	NOT-FOR-US: OXID eShop
CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorre ...)
	NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...)
	- centreon-web <itp> (bug #913903)
CVE-2019-13023 (An issue was discovered in all versions of Bond JetSelect. Within the  ...)
	NOT-FOR-US: Bond JetSelect
CVE-2019-13022 (Bond JetSelect (all versions) has an issue in the Java class (ENCtool. ...)
	NOT-FOR-US: Bond JetSelect
CVE-2019-13021 (The administrative passwords for all versions of Bond JetSelect are st ...)
	NOT-FOR-US: Bond JetSelect
CVE-2019-13020 (The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2019-13019
	RESERVED
	NOT-FOR-US: Microsoft .NET
CVE-2019-13018
	RESERVED
CVE-2019-13017
	RESERVED
CVE-2019-13016
	RESERVED
CVE-2019-13015
	RESERVED
CVE-2019-13014 (Little Snitch versions 4.4.0 fixes a vulnerability in a privileged hel ...)
	NOT-FOR-US: Little Snitch
CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalatio ...)
	NOT-FOR-US: Little Snitch
CVE-2019-13011 (An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12 ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13010 (An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0. ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13009 (An issue was discovered in GitLab Community and Enterprise Edition 9.2 ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13008
	RESERVED
CVE-2019-13007 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects 11.1 and later)
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13006 (An issue was discovered in GitLab Community and Enterprise Edition 9.0 ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13005 (An issue was discovered in GitLab Enterprise Edition and Community Edi ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab <not-affected> (Only affects 11.10 and later)
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13004 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects 11.1 and later)
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13003 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab 12.6.8-3
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13002 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab <not-affected> (Only affects 11.10 and later)
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13001 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 11.10.8+dfsg-1
	- gitlab <not-affected> (Only affects 11.9 and later)
	NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13000 (Eclair through 0.3 allows attackers to trigger loss of funds because o ...)
	NOT-FOR-US: Eclair
CVE-2019-12999 (Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger  ...)
	- lnd <itp> (bug #886577)
CVE-2019-12998 (c-lightning before 0.7.1 allows attackers to trigger loss of funds bec ...)
	NOT-FOR-US: c-lightning
CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...)
	NOT-FOR-US: Loopchain
CVE-2019-12996 (In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTY ...)
	NOT-FOR-US: Mendix
CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
	NOT-FOR-US: Istio
CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-12993
	RESERVED
CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12991 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12990 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12989 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12988 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12987 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12984 (A NULL pointer dereference vulnerability in the function nfc_genl_deac ...)
	{DSA-4495-1}
	- linux 5.2.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51
CVE-2019-12983
	REJECTED
CVE-2019-12982 (Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in t ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9
CVE-2019-12981 (Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the f ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9
CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (caused by a ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (bug #931189)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (minor security impact)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (low; bug #931190)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (minor security impact)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability  ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (low; bug #931191)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (minor security impact)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant; bug #931192)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1520
CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant; bug #931193)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
	{DSA-4712-1 DLA-1888-1}
	- imagemagick <unfixed> (low; bug #931196)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
	- openjpeg2 <unfixed> (bug #931292)
	[buster] - openjpeg2 <no-dsa> (Minor issue)
	[stretch] - openjpeg2 <no-dsa> (Minor issue)
	[jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/uclouvain/openjpeg/pull/1185
	NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3
	NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66
	NOTE: Issue is similar to CVE-2018-6616.
CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24689
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
	NOTE: binutils not covered by security support
CVE-2019-12971 (BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload ...)
	NOT-FOR-US: BKS EBK Ethernet-Buskoppler Pro
CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...)
	{DLA-1868-1}
	- squirrelmail <removed>
	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt
	NOTE: https://sourceforge.net/p/squirrelmail/code/14828/
CVE-2019-12969
	RESERVED
CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...)
	NOT-FOR-US: Sonic Robo Blast 2
CVE-2019-12967 (Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier ver ...)
	NOT-FOR-US: Stephan Mooltipass Moolticute
CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...)
	NOT-FOR-US: FeHelper
CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
	{DLA-1851-1}
	- openjpeg2 2.3.1-1 (low; bug #931294)
	[buster] - openjpeg2 2.3.0-2+deb10u1
	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
	NOTE: https://github.com/uclouvain/openjpeg/issues/431
	NOTE: https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
	NOTE: https://github.com/uclouvain/openjpeg/commit/2d24b6000d5611615e3e6d799e20d5fdbe4e2a1e
	NOTE: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845
CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
	NOTE: Debian binary packages built with BUILD_MJ2:BOOL=OFF
CVE-2018-20845 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...)
	- openjpeg2 2.3.1-1 (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf (2.3.1)
	NOTE: Debian binary packages built with BUILD_MJ2:BOOL=OFF
CVE-2018-20844
	RESERVED
CVE-2019-13031 (LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue whe ...)
	{DLA-1844-1}
	- lemonldap-ng 2.0.0+ds-1 (bug #931117)
	[stretch] - lemonldap-ng 1.9.7-3+deb9u2
	NOTE: Upstream issue: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1820
	NOTE: Issue explained in: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1818
	NOTE: 2.0.0 upstream replaced the (old) feature with a new REST/JSON service, and
	NOTE: added a "oldXMLFormat" option which is functionwise broken up to 2.0.5.
	NOTE: By default the notification server is not enabled and has a 'deny all' rule.
CVE-2019-12965
	RESERVED
CVE-2019-12964 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php ...)
	NOT-FOR-US: LiveZilla Server
CVE-2019-12963 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php C ...)
	NOT-FOR-US: LiveZilla Server
CVE-2019-12962 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.p ...)
	NOT-FOR-US: LiveZilla Server
CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the  ...)
	NOT-FOR-US: LiveZilla Server
CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in func ...)
	NOT-FOR-US: LiveZilla Server
CVE-2019-12959 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	NOTE: CVE-2017-14976 in poppler
CVE-2019-12957 (In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C:: ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
	- poppler 0.22.5-4
	NOTE: poppler fix: https://gitlab.freedesktop.org/poppler/poppler/commit/96931732f343d2bbda9af9488b485da031866c3b
CVE-2019-12956
	RESERVED
CVE-2019-12955
	RESERVED
CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...)
	NOT-FOR-US: SolarWinds
CVE-2019-12953
	RESERVED
CVE-2019-12952
	RESERVED
CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2019-12950 (An issue was discovered in TeamPass 2.1.27.35. From the sources/items. ...)
	- teampass <itp> (bug #730180)
CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...)
	NOT-FOR-US: pfSense
CVE-2019-12948 (A vulnerability in the web-based management interface of VVX, Trio, So ...)
	NOT-FOR-US: Polycom UC Software
CVE-2019-12947
	RESERVED
CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx an ...)
	NOT-FOR-US: Elcom CMS
CVE-2019-12945
	REJECTED
CVE-2019-12944 (Glue Smart Lock 2.7.8 devices do not properly block guest access in ce ...)
	NOT-FOR-US: Glue Smart Lock devices
CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts, leadi ...)
	NOT-FOR-US: TTLock devices
CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...)
	NOT-FOR-US: TTLock devices
CVE-2019-12941 (AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacke ...)
	NOT-FOR-US: AutoPi Wi-Fi/NB and 4G/LTE devices
CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (me ...)
	NOT-FOR-US: LiveZilla
CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in serv ...)
	NOT-FOR-US: LiveZilla
CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to p ...)
	NOT-FOR-US: Roundcube component of Analogic Poste.io
CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names that  ...)
	{DSA-4472-1 DLA-1839-1}
	- expat 2.2.6-2 (bug #931031)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
	NOTE: https://github.com/libexpat/libexpat/issues/186
	NOTE: https://github.com/libexpat/libexpat/pull/262
	NOTE: https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow  ...)
	NOT-FOR-US: gsudo in ToaruOS
CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for ...)
	NOT-FOR-US: BlueStacks App Player
CVE-2019-12934 (An issue was discovered in the wp-code-highlightjs plugin through 0.6. ...)
	NOT-FOR-US: wp-code-highlightjs plugin for WordPress
CVE-2019-12935 (Shopware before 5.5.8 has XSS via the Query String to the backend/Logi ...)
	NOT-FOR-US: Shopware
CVE-2019-12933
	REJECTED
CVE-2019-12932 (A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly e ...)
	NOT-FOR-US: SeedDMS
CVE-2019-12931
	RESERVED
CVE-2019-12930 (A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() ...)
	NOT-FOR-US: WIKINDX
CVE-2019-12929 (** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is ...)
	- qemu <unfixed> (unimportant)
	- qemu-kvm <removed> (unimportant)
	NOTE: https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/
	NOTE: The QEMU machine protocol (QMP) should not be exposed to unprivileged users,
	NOTE: and is only intended for administrative control of QEMU instances.
CVE-2019-12928 (** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earli ...)
	- qemu <unfixed> (unimportant)
	- qemu-kvm <removed> (unimportant)
	NOTE: https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/
	NOTE: The QEMU machine protocol (QMP) should not be exposed to unprivileged users,
	NOTE: and is only intended for administrative control of QEMU instances.
CVE-2019-12927 (MailEnable Enterprise Premium 10.23 was vulnerable to stored and refle ...)
	NOT-FOR-US: MailEnable Enterprise Premium
CVE-2019-12926 (MailEnable Enterprise Premium 10.23 did not use appropriate access con ...)
	NOT-FOR-US: MailEnable Enterprise Premium
CVE-2019-12925 (MailEnable Enterprise Premium 10.23 was vulnerable to multiple directo ...)
	NOT-FOR-US: MailEnable Enterprise Premium
CVE-2019-12924 (MailEnable Enterprise Premium 10.23 was vulnerable to XML External Ent ...)
	NOT-FOR-US: MailEnable Enterprise Premium
CVE-2019-12923 (In MailEnable Enterprise Premium 10.23, the potential cross-site reque ...)
	NOT-FOR-US: MailEnable Enterprise Premium
CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in th ...)
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	[jessie] - phpmyadmin <postponed> (Minor issue, target only accessible is setup is enabled and htpasswd.setup populated)
	NOTE: https://seclists.org/fulldisclosure/2019/Sep/23
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161 (4.9.1)
CVE-2019-12921 (In GraphicsMagick before 1.3.32, the text filename component allows re ...)
	{DSA-4675-1 DLA-2152-1}
	- graphicsmagick 1.4~hg16039-1
	NOTE: https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f780c290b4ab
CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
	NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and DOG-2W-V4 devices
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...)
	NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices
CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version 9.1.317  ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems Management  ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance Server Center
CVE-2019-12916
	REJECTED
CVE-2019-12915
	REJECTED
CVE-2019-12914 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
	NOT-FOR-US: Redbrick Shift
CVE-2019-12913 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
	NOT-FOR-US: Redbrick Shift
CVE-2019-12912 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
	NOT-FOR-US: Redbrick Shift
CVE-2019-12911 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
	NOT-FOR-US: Redbrick Shift
CVE-2019-12910
	RESERVED
CVE-2019-12909
	RESERVED
CVE-2019-12908
	RESERVED
CVE-2019-12907
	RESERVED
CVE-2019-12906
	RESERVED
CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...)
	NOT-FOR-US: FileRun
CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
	- libgcrypt20 <unfixed> (bug #930885)
	[buster] - libgcrypt20 <no-dsa> (Minor issue)
	[stretch] - libgcrypt20 <no-dsa> (Minor issue)
	[jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later in version 1.7.0)
	- libgcrypt11 <removed>
	NOTE: https://dev.gnupg.org/T4541
	NOTE: https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
	NOTE: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in an unexpe ...)
	NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon ...)
	NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing  ...)
	NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo ...)
	{DLA-1953-1 DLA-1833-1}
	- bzip2 1.0.6-9.1 (bug #930886)
	[stretch] - bzip2 <no-dsa> (Not exploitable; potential dangerous parts already guarded)
	- clamav 0.101.4+dfsg-1 (bug #934359)
	[buster] - clamav 0.101.4+dfsg-0+deb10u1
	[stretch] - clamav 0.101.4+dfsg-0+deb9u1
	NOTE: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
	NOTE: The original fix introduces regressions when extracting certain lbzip2 files
	NOTE: which were created with a buggy libzip2: https://bugs.debian.org/931278
	NOTE: Details on followup: https://sourceware.org/ml/bzip2-devel/2019-q3/msg00007.html
	NOTE: explaining as well why, whilst the issue described by CVE-2019-12900 is definitvely
	NOTE: an issue, it was not exploitable in the first place.
	NOTE: Regression fix: https://sourceware.org/git/?p=bzip2.git;a=commit;h=b07b105d1b66e32760095e3602261738443b9e13
	NOTE: Clamav: https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
	NOTE: clamav uses libbz2 but the "nsis" scanner/decompressor has a decompress.c from bzip2
CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...)
	NOT-FOR-US: Delta Electronics DeviceNet Builder
CVE-2019-12898 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...)
	NOT-FOR-US: Delta Electronics DeviceNet Builder
CVE-2019-12897 (Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer ...)
	NOT-FOR-US: Edraw Max
CVE-2019-12896 (Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTempor ...)
	NOT-FOR-US: Edraw Max
CVE-2019-12895 (In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted  ...)
	NOT-FOR-US: Alternate Pic View
CVE-2019-12894 (Alternate Pic View 2.600 has a Read Access Violation at the Instructio ...)
	NOT-FOR-US: Alternate Pic View
CVE-2019-12893 (Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewe ...)
	NOT-FOR-US: Alternate Pic View
CVE-2019-12892
	RESERVED
CVE-2019-12891
	RESERVED
CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database opera ...)
	NOT-FOR-US: RedwoodHQ
CVE-2019-12889 (An unauthenticated privilege escalation exists in SailPoint Desktop Pa ...)
	NOT-FOR-US: SailPoint Desktop Password Reset
CVE-2019-12888
	REJECTED
CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue ...)
	NOT-FOR-US: KeyIdentity LinOTP
CVE-2019-12886
	RESERVED
CVE-2019-12885
	RESERVED
CVE-2019-12884
	RESERVED
CVE-2019-12883
	RESERVED
CVE-2019-12882
	REJECTED
CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c  ...)
	- linux <undetermined>
	NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
CVE-2019-12880 (BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking ...)
	NOT-FOR-US: BCN Quark Quarking Password Manager
CVE-2019-12879
	RESERVED
CVE-2019-12878
	RESERVED
CVE-2019-12877
	RESERVED
CVE-2019-12876 (Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and De ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged member of the ...)
	NOT-FOR-US: Alpine Linux
CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...)
	{DSA-4459-1}
	- vlc 3.0.7-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
CVE-2019-12873
	RESERVED
CVE-2019-12872 (dotCMS before 5.1.6 is vulnerable to a SQL injection that can be explo ...)
	NOT-FOR-US: dotCMS
CVE-2019-12871 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
	NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-12870 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
	NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-12869 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
	NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command execution b ...)
	NOT-FOR-US: MISP
CVE-2019-12867 (Certain actions could cause privilege escalation for issue attachments ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass through ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...)
	- radare2 3.8.0+dfsg-1 (bug #930704)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/14334
	NOTE: https://github.com/radare/radare2/commit/40453029179d230cf02ffed205f2d63e33981b8f
CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when wide c ...)
	- bash 4.3-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721071
	NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5 (bash-4.3-alpha)
CVE-2019-12864 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vuln ...)
	NOT-FOR-US: SolarWinds
CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows  ...)
	NOT-FOR-US: SolarWinds
CVE-2019-12862
	RESERVED
CVE-2019-12861
	RESERVED
CVE-2019-12860
	RESERVED
CVE-2019-12859
	RESERVED
CVE-2019-12858
	RESERVED
CVE-2019-12857
	RESERVED
CVE-2019-12856
	RESERVED
CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP su ...)
	- twisted 18.9.0-7 (bug #930626)
	[buster] - twisted <no-dsa> (Minor issue)
	[stretch] - twisted <no-dsa> (Minor issue)
	[jessie] - twisted <no-dsa> (Minor issue)
	NOTE: https://github.com/twisted/twisted/pull/1147
	NOTE: https://twistedmatrix.com/trac/ticket/9561
CVE-2019-12854 (Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4. ...)
	{DSA-4507-1}
	- squid 4.8-1
	- squid3 <not-affected> (Vulnerable code not present; Vulnerable code only in 4.x series)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
CVE-2019-12853
	RESERVED
CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. The issue  ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...)
	NOT-FOR-US: JetBrains YouTrack
CVE-2019-12849
	RESERVED
CVE-2019-12848
	RESERVED
CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events  ...)
	NOT-FOR-US: JetBrains Hub
CVE-2019-12846 (A user without the required permissions could gain access to some JetB ...)
	NOT-FOR-US: JetBrains
CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an unencrypted conn ...)
	NOT-FOR-US: JetBrains
CVE-2019-12844 (A possible stored JavaScript injection was detected on one of the JetB ...)
	NOT-FOR-US: JetBrains
CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate server a ...)
	NOT-FOR-US: JetBrains
CVE-2019-12842 (A reflected XSS on a user page was detected on one of the JetBrains Te ...)
	NOT-FOR-US: JetBrains
CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected in Jet ...)
	NOT-FOR-US: JetBrains
CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates"  ...)
	- webmin <removed>
CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...)
	NOT-FOR-US: OrangeHRM
CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...)
	NOT-FOR-US: "Count per Day" plugin for WordPress
CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
	{DSA-4572-1 DLA-2143-1}
	- slurm-llnl 19.05.3.2-1 (bug #931880)
	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
	NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)
	NOT-FOR-US: Java API in Generalitat de Catalunya accesuniversitat.gencat.cat
CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...)
	NOT-FOR-US: Bobronix JEditor editor for Jira
CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...)
	NOT-FOR-US: Leanify
CVE-2019-12834 (In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious  ...)
	NOT-FOR-US: HT2 Labs Learning Locker
CVE-2019-12833
	RESERVED
CVE-2019-12832
	RESERVED
CVE-2019-12831 (In MyBB before 1.8.21, an attacker can abuse a default behavior of MyS ...)
	NOT-FOR-US: MyBB
CVE-2019-12830 (In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the P ...)
	NOT-FOR-US: MyBB
CVE-2019-12829 (radare2 through 3.5.1 mishandles the RParse API, which allows remote a ...)
	- radare2 3.8.0+dfsg-1 (bug #930590)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/14303
	NOTE: https://github.com/radare/radare2/commit/b282620b7a8818910c42a29b8f0855a2d13eec14
CVE-2019-12828 (An issue was discovered in Electronic Arts Origin before 10.5.39. Due  ...)
	NOT-FOR-US: Electronic Arts Origin
CVE-2019-12827 (Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13. ...)
	- asterisk 1:16.2.1~dfsg-2 (bug #931980)
	[buster] - asterisk 1:16.2.1~dfsg-1+deb10u1
	[stretch] - asterisk <no-dsa> (Minor issue)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-002.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28447
CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php  ...)
	NOT-FOR-US: 2by2host Widget Logic plugin for WordPress
CVE-2019-12825 (Unauthorized Access to the Container Registry of other groups was disc ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2019-12824
	RESERVED
CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
	NOT-FOR-US: Craft CMS
CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
	NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
	NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...)
	{DSA-4495-1}
	- linux 5.2.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-ad ...)
	{DSA-4463-1 DLA-1830-1}
	- znc 1.7.2-3
	NOTE: Versions affected: 0.098 - 1.7.3
	NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...)
	{DSA-4491-1 DLA-1873-1}
	- proftpd-dfsg 1.3.6-6 (low; bug #932453)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372
	NOTE: https://github.com/proftpd/proftpd/pull/816
	NOTE: https://tbspace.de/cve201912815proftpd.html
CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DLA-1831-1}
	- jackson-databind 2.9.8-3 (bug #930750)
	[stretch] - jackson-databind 2.8.6-1+deb9u6
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2341
	NOTE: https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5
CVE-2019-12813 (An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Re ...)
	NOT-FOR-US: Digital Persona U.are.U 4500 Fingerprint Reader
CVE-2019-12812 (MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbi ...)
	NOT-FOR-US: MyBuilder
CVE-2019-12811 (ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to  ...)
	NOT-FOR-US: MyBuilder
CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
	NOT-FOR-US: ALSee
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
	NOT-FOR-US: Yes24ViewerX ActiveX Control
CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...)
	NOT-FOR-US: ALTOOLS update service
CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...)
	NOT-FOR-US: ALZip
CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...)
	NOT-FOR-US: UniSign
CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have ...)
	NOT-FOR-US: NCSOFT Game Launcher
CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...)
	NOT-FOR-US: Hunesion i-oneNet
CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...)
	NOT-FOR-US: Hunesion i-oneNet
CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...)
	- radare2 3.8.0+dfsg-1 (bug #930510)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/14296
CVE-2019-12801 (out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new  ...)
	NOT-FOR-US: SeedDMS
CVE-2019-12800
	RESERVED
CVE-2019-12819 (An issue was discovered in the Linux kernel before 5.0. The function _ ...)
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux 3.16.68-1
	NOTE: https://git.kernel.org/linus/6ff7b060535e87c2ae14dd8548512abfdda528fb
CVE-2019-12818 (An issue was discovered in the Linux kernel before 4.20.15. The nfc_ll ...)
	- linux 4.19.28-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux 3.16.68-1
	NOTE: https://git.kernel.org/linus/58bdd544e2933a21a51eecf17c3f5f94038261b5
CVE-2019-12799 (In createInstanceFromNamedArguments in Shopware through 5.6.x, a craft ...)
	NOT-FOR-US: Shopware
CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...)
	NOT-FOR-US: MuJS
CVE-2019-12797 (A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN ...)
	NOT-FOR-US: ELM327 OBD2 Bluetooth device
CVE-2019-12796
	RESERVED
CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...)
	{DLA-1827-1}
	- gvfs 1.38.1-5 (bug #930376)
	[stretch] - gvfs <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a (master)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f (gnome-3-32)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe (gnome-3-30)
CVE-2018-20842
	RESERVED
CVE-2018-20841 (HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.02 ...)
	NOT-FOR-US: HooToo TripMate Titan HT-TM05 and HT-05 routers
CVE-2017-18378 (In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4- ...)
	NOT-FOR-US: NETGEAR
CVE-2017-18377 (An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. T ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM cameras
CVE-2016-10760 (On Seowon Intech routers, there is a Command Injection vulnerability i ...)
	NOT-FOR-US: Seowon Intech routers
CVE-2013-7471 (An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-8 ...)
	NOT-FOR-US: D-Link
CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...)
	NOT-FOR-US: Ubiquiti
CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...)
	NOT-FOR-US: Linksys
CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...)
	NOT-FOR-US: ASMAX AR-804gu 66.34.1 devices
CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins could res ...)
	NOT-FOR-US: MISP
CVE-2019-XXXX [security issues fixed in 1.8.5]
	- rdesktop 1.8.6-1 (bug #930387)
	[stretch] - rdesktop 1.8.6-2~deb9u1
	[jessie] - rdesktop 1.8.6-0+deb8u1
	NOTE: Workaround entry for DSA-4473-1/DLA-1837-1 until CVEs assigned
CVE-2019-12793
	RESERVED
CVE-2019-12792 (A command injection vulnerability in UploadHandler.php in Vesta Contro ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2019-12791 (A directory traversal vulnerability in the v-list-user script in Vesta ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read in th ...)
	- radare2 3.8.0+dfsg-1 (bug #930344)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/14211
CVE-2019-12789 (An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, ...)
	NOT-FOR-US: Actiontec devices
CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797 (an app ...)
	NOT-FOR-US: Photodex ProShow Producer
CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-12786 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...)
	NOT-FOR-US: D-Link
CVE-2019-12785
	RESERVED
CVE-2019-12784
	RESERVED
CVE-2019-12783
	RESERVED
CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in ThoughtSp ...)
	NOT-FOR-US: ThoughtSpot
CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
	{DSA-4476-1 DLA-1842-1}
	- python-django 1:1.11.22-1 (bug #931316)
	[buster] - python-django 1:1.11.22-1~deb10u1
	NOTE: https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
	NOTE: https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master)
	NOTE: https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6 (2.2)
	NOTE: https://github.com/django/django/commit/1e40f427bb8d0fb37cc9f830096a97c36c97af6f (2.1)
	NOTE: https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050 (1.11)
CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo ...)
	NOT-FOR-US: Belkin Wemo Enabled Crock-Pot
CVE-2019-5439 (A Buffer Overflow in VLC Media Player &lt; 3.0.7 causes a crash which  ...)
	{DSA-4459-1}
	- vlc 3.0.7-1 (bug #930276)
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://hackerone.com/reports/484398
	NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
CVE-2019-12779 (libqb before 1.0.5 allows local users to overwrite arbitrary files via ...)
	- libqb 1.0.4-1 (unimportant; bug #927159)
	[jessie] - libqb <end-of-life> (https://salsa.debian.org/debian/debian-security-support/commit/ba638006d397eda2cc094761ed7a7bfdca9e534b)
	NOTE: https://github.com/ClusterLabs/libqb/issues/338
	NOTE: https://github.com/ClusterLabs/libqb/commit/6a4067c1d1764d93d255eccecfd8bf9f43cb0b4d
	NOTE: Regression fix: https://github.com/ClusterLabs/libqb/pull/349
	NOTE: Neutralised by kernel hardening
CVE-2019-12778
	RESERVED
CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
	NOT-FOR-US: ENTTEC
CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
	NOT-FOR-US: ENTTEC
CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...)
	NOT-FOR-US: ENTTEC
CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
	NOT-FOR-US: ENTTEC
CVE-2019-12773
	RESERVED
CVE-2019-12772
	RESERVED
CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)
	NOT-FOR-US: ThinStation
CVE-2019-12770
	RESERVED
CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
	NOT-FOR-US: SolarWinds
CVE-2019-12768
	RESERVED
CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
	NOT-FOR-US: D-Link
CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
	NOT-FOR-US: Joomla!
CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...)
	NOT-FOR-US: Joomla!
CVE-2019-12764 (An issue was discovered in Joomla! before 3.9.7. The update server URL ...)
	NOT-FOR-US: Joomla!
CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...)
	NOT-FOR-US: Security Camera CZ application for Android
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
	NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
	{DLA-1819-1}
	- pyxdg <unfixed> (low; bug #930099)
	[buster] - pyxdg <no-dsa> (Minor issue)
	[stretch] - pyxdg <no-dsa> (Minor issue)
	NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
	NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way parso ...)
	- parso 0.5.1-0.1 (unimportant; bug #930356)
	NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
	NOTE: https://github.com/davidhalter/parso/issues/75
	NOTE: Not considered a security issue by upstream
CVE-2019-12759 (Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security ...)
	NOT-FOR-US: Symantec
CVE-2019-12758 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
	NOT-FOR-US: Symantec
CVE-2019-12757 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 &amp; 12.1 RU6 M ...)
	NOT-FOR-US: Symantec
CVE-2019-12756 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptib ...)
	NOT-FOR-US: Symantec
CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...)
	NOT-FOR-US: Norton
CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
	NOT-FOR-US: Symantec My VIP portal
CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...)
	NOT-FOR-US: Symantec
CVE-2019-12752 (The Symantec SONAR component, prior to 12.0.2, may be susceptible to a ...)
	NOT-FOR-US: Symantec
CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
	NOT-FOR-US: Symantec
CVE-2019-12750 (Symantec Endpoint Protection, prior to 14.2 RU1 &amp; 12.1 RU6 MP10 an ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...)
	{DSA-4462-1 DLA-1818-1}
	- dbus 1.12.16-1 (bug #930375)
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2
	NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
	NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...)
	NOT-FOR-US: TYPO3
CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization  ...)
	NOT-FOR-US: TYPO3
CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...)
	{DLA-1877-1}
	- otrs2 6.0.20-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/cc08cb7df9f6dde05de2f8c6cbd59cd5d0952627
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/7ab33e51a4db9f712e979040f644d0d0c39ff0af
CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site S ...)
	NOT-FOR-US: SeedDMS
CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of ...)
	NOT-FOR-US: SeedDMS
CVE-2019-12743 (HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers t ...)
	NOT-FOR-US: HumHub Social Network Kit Enterprise
CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change the passw ...)
	NOT-FOR-US: bludit
CVE-2019-12741 (XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR l ...)
	NOT-FOR-US: HAPI FHIR library
CVE-2019-12740
	RESERVED
CVE-2019-12739 (lib/Controller/ExtractionController.php in the Extract add-on before 1 ...)
	- nextcloud <itp> (bug #835086)
CVE-2019-12738
	RESERVED
CVE-2019-12737 (UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a ...)
	NOT-FOR-US: JetBrains Ktor
CVE-2019-12736 (JetBrains Ktor framework before 1.2.0-rc does not sanitize the usernam ...)
	NOT-FOR-US: JetBrains Ktor
CVE-2019-12734 (SiteVision 4 has Incorrect Access Control. ...)
	NOT-FOR-US: SiteVision
CVE-2019-12733 (SiteVision 4 allows Remote Code Execution. ...)
	NOT-FOR-US: SiteVision
CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...)
	{DSA-4487-1 DSA-4467-1 DLA-1871-1}
	- vim 2:8.1.0875-4 (bug #930020)
	- neovim 0.3.4-3 (bug #930024)
	NOTE: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
	NOTE: vim patches: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
	NOTE: neovim pull request: https://github.com/neovim/neovim/pull/10082
CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...)
	NOT-FOR-US: Chartkick Ruby gem
CVE-2019-12731 (The Windows versions of Snapview Mikogo, versions before 5.10.2 are af ...)
	NOT-FOR-US: Snapview Mikogo
CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x  ...)
	{DSA-4502-1 DSA-4449-1}
	- ffmpeg 7:4.1.4-1 (low; bug #932469)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
CVE-2019-12729
	RESERVED
CVE-2019-12728 (Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notific ...)
	- grails <itp> (bug #473213)
CVE-2019-12727 (On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability ex ...)
	NOT-FOR-US: Ubiquiti airCam devices
CVE-2019-12726
	RESERVED
CVE-2019-12725 (Zeroshell 3.9.0 is prone to a remote command execution vulnerability.  ...)
	NOT-FOR-US: Zeroshell
CVE-2019-12724 (An issue was discovered in the Teclib News plugin through 1.5.2 for GL ...)
	NOT-FOR-US: Teclib
CVE-2019-12723 (An issue was discovered in the Teclib Fields plugin through 1.9.2 for  ...)
	NOT-FOR-US: Teclib
CVE-2019-12722
	RESERVED
CVE-2019-12721
	RESERVED
CVE-2019-12720 (AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc ...)
	NOT-FOR-US: AUO SunVeillance Monitoring System
CVE-2019-12719 (An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance ...)
	NOT-FOR-US: AUO SunVeillance Monitoring System
CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small Business Sma ...)
	NOT-FOR-US: Cisco
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
	NOT-FOR-US: Cisco
CVE-2019-12716 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2019-12715 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2019-12714 (A vulnerability in the web-based management interface of Cisco IC3000  ...)
	NOT-FOR-US: Cisco
CVE-2019-12713 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-12712 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-12711 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2019-12710 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...)
	NOT-FOR-US: Cisco
CVE-2019-12708 (A vulnerability in the web-based management interface of Cisco SPA100  ...)
	NOT-FOR-US: Cisco
CVE-2019-12707 (A vulnerability in the web-based interface of multiple Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2019-12706 (A vulnerability in the Sender Policy Framework (SPF) functionality of  ...)
	NOT-FOR-US: Cisco
CVE-2019-12705 (A vulnerability in the web-based management interface of Cisco Express ...)
	NOT-FOR-US: Cisco
CVE-2019-12704 (A vulnerability in the web-based management interface of Cisco SPA100  ...)
	NOT-FOR-US: Cisco
CVE-2019-12703 (A vulnerability in the web-based management interface of Cisco SPA122  ...)
	NOT-FOR-US: Cisco
CVE-2019-12702 (A vulnerability in the web-based management interface of Cisco SPA100  ...)
	NOT-FOR-US: Cisco
CVE-2019-12701 (A vulnerability in the file and malware inspection feature of Cisco Fi ...)
	NOT-FOR-US: Cisco
CVE-2019-12700 (A vulnerability in the configuration of the Pluggable Authentication M ...)
	NOT-FOR-US: Cisco
CVE-2019-12699 (Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco F ...)
	NOT-FOR-US: Cisco
CVE-2019-12698 (A vulnerability in the WebVPN feature of Cisco Adaptive Security Appli ...)
	NOT-FOR-US: Cisco
CVE-2019-12697 (Multiple vulnerabilities in the Cisco Firepower System Software Detect ...)
	NOT-FOR-US: Cisco
CVE-2019-12696 (Multiple vulnerabilities in the Cisco Firepower System Software Detect ...)
	NOT-FOR-US: Cisco
CVE-2019-12695 (A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Ada ...)
	NOT-FOR-US: Cisco
CVE-2019-12694 (A vulnerability in the command line interface (CLI) of Cisco Firepower ...)
	NOT-FOR-US: Cisco
CVE-2019-12693 (A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Sec ...)
	NOT-FOR-US: Cisco
CVE-2019-12692
	RESERVED
CVE-2019-12691 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-12690 (A vulnerability in the web UI of the Cisco Firepower Management Center ...)
	NOT-FOR-US: Cisco
CVE-2019-12689 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-12688 (A vulnerability in the web UI of the Cisco Firepower Management Center ...)
	NOT-FOR-US: Cisco
CVE-2019-12687 (A vulnerability in the web UI of the Cisco Firepower Management Center ...)
	NOT-FOR-US: Cisco
CVE-2019-12686 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12685 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12684 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12683 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12682 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12681 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12680 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12679 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12678 (A vulnerability in the Session Initiation Protocol (SIP) inspection mo ...)
	NOT-FOR-US: Cisco
CVE-2019-12677 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-12676 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
	NOT-FOR-US: Cisco
CVE-2019-12675 (Multiple vulnerabilities in the multi-instance feature of Cisco Firepo ...)
	NOT-FOR-US: Cisco
CVE-2019-12674 (Multiple vulnerabilities in the multi-instance feature of Cisco Firepo ...)
	NOT-FOR-US: Cisco
CVE-2019-12673 (A vulnerability in the FTP inspection engine of Cisco Adaptive Securit ...)
	NOT-FOR-US: Cisco
CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2019-12670 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2019-12669 (A vulnerability in the RADIUS Change of Authorization (CoA) code of Ci ...)
	NOT-FOR-US: Cisco
CVE-2019-12668 (A vulnerability in the web framework code of Cisco IOS and Cisco IOS X ...)
	NOT-FOR-US: Cisco
CVE-2019-12667 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...)
	NOT-FOR-US: Cisco
CVE-2019-12666 (A vulnerability in the Guest Shell of Cisco IOS XE Software could allo ...)
	NOT-FOR-US: Cisco
CVE-2019-12665 (A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Sof ...)
	NOT-FOR-US: Cisco
CVE-2019-12664 (A vulnerability in the Dialer interface feature for ISDN connections i ...)
	NOT-FOR-US: Cisco
CVE-2019-12663 (A vulnerability in the Cisco TrustSec (CTS) Protected Access Credentia ...)
	NOT-FOR-US: Cisco
CVE-2019-12662 (A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software coul ...)
	NOT-FOR-US: Cisco
CVE-2019-12661 (A vulnerability in a Virtualization Manager (VMAN) related CLI command ...)
	NOT-FOR-US: Cisco
CVE-2019-12660 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2019-12659 (A vulnerability in the HTTP server code of Cisco IOS XE Software could ...)
	NOT-FOR-US: Cisco
CVE-2019-12658 (A vulnerability in the filesystem resource management code of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2019-12657 (A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Softwa ...)
	NOT-FOR-US: Cisco
CVE-2019-12656 (A vulnerability in the IOx application environment of multiple Cisco p ...)
	NOT-FOR-US: Cisco
CVE-2019-12655 (A vulnerability in the FTP application layer gateway (ALG) functionali ...)
	NOT-FOR-US: Cisco
CVE-2019-12654 (A vulnerability in the common Session Initiation Protocol (SIP) librar ...)
	NOT-FOR-US: Cisco
CVE-2019-12653 (A vulnerability in the Raw Socket Transport feature of Cisco IOS XE So ...)
	NOT-FOR-US: Cisco
CVE-2019-12652 (A vulnerability in the ingress packet processing function of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2019-12651 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2019-12650 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2019-12649 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-12648 (A vulnerability in the IOx application environment for Cisco IOS Softw ...)
	NOT-FOR-US: Cisco
CVE-2019-12647 (A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE  ...)
	NOT-FOR-US: Cisco
CVE-2019-12646 (A vulnerability in the Network Address Translation (NAT) Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Softwar ...)
	NOT-FOR-US: Cisco
CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-12643 (A vulnerability in the Cisco REST API virtual service container for Ci ...)
	NOT-FOR-US: Cisco
CVE-2019-12642
	RESERVED
CVE-2019-12641
	RESERVED
CVE-2019-12640
	RESERVED
CVE-2019-12639
	RESERVED
CVE-2019-12638 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-12637 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-12636 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content Security  ...)
	NOT-FOR-US: Cisco
CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-12633 (A vulnerability in Cisco Unified Contact Center Express (Unified CCX)  ...)
	NOT-FOR-US: Cisco
CVE-2019-12632 (A vulnerability in Cisco Finesse could allow an unauthenticated, remot ...)
	NOT-FOR-US: Cisco
CVE-2019-12631 (A vulnerability in the web-based guest portal of Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2019-12630 (A vulnerability in the Java deserialization function used by Cisco Sec ...)
	NOT-FOR-US: Cisco
CVE-2019-12629 (A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow  ...)
	NOT-FOR-US: Cisco
CVE-2019-12628
	RESERVED
CVE-2019-12627 (A vulnerability in the application policy configuration of the Cisco F ...)
	NOT-FOR-US: Cisco
CVE-2019-12626 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2019-12624 (A vulnerability in the web-based management interface of Cisco IOS XE  ...)
	NOT-FOR-US: Cisco
CVE-2019-12623 (A vulnerability in the web server functionality of Cisco Enterprise Ne ...)
	NOT-FOR-US: Cisco
CVE-2019-12622 (A vulnerability in Cisco RoomOS Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...)
	NOT-FOR-US: Cisco
CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco HyperFle ...)
	NOT-FOR-US: Cisco
CVE-2019-12619 (A vulnerability in the web interface for Cisco SD-WAN Solution vManage ...)
	NOT-FOR-US: Cisco
CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...)
	- nomad <not-affected> (Vulnerability introduced in 0.9.0)
	NOTE: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2
	NOTE: https://github.com/hashicorp/nomad/issues/5783
CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CMS user ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #930017)
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
CVE-2019-12613
	REJECTED
CVE-2019-12612 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
	NOT-FOR-US: Bitdefender BOX firmware
CVE-2019-12611 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
	NOT-FOR-US: Bitdefender BOX firmware
CVE-2019-12610
	RESERVED
CVE-2019-12609
	RESERVED
CVE-2019-12608
	RESERVED
CVE-2019-12607
	RESERVED
CVE-2019-12606
	RESERVED
CVE-2019-12605
	RESERVED
CVE-2019-12604
	RESERVED
CVE-2019-12603
	RESERVED
CVE-2019-12602
	RESERVED
CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ...)
	- linux 5.2.6-1 (unimportant)
	NOTE: https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f
	NOTE: This is a potential null pointer dereference that looks like it can
	NOTE: only be invoked by root or the hypervisor.  Probably no security impact.
CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...)
	- linux 5.3.7-1 (unimportant)
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
	NOTE: https://lkml.org/lkml/2019/6/3/526
	NOTE: This is a potential null pointer dereference that looks like it can
	NOTE: only be invoked by root or the hypervisor.  Probably no security impact.
CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Inj ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
	NOT-FOR-US: SuiteCRM
CVE-2019-12597 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-12596 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-12595 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
	{DSA-4478-1 DLA-1845-1}
	- dosbox 0.74-3-1 (bug #931222)
	NOTE: Fixed in 0.74-3 upstream.
	NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
	NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/
	NOTE: Fixed by https://sourceforge.net/p/dosbox/code-0/4246/
CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion  ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2019-12592 (A universal Cross-site scripting (UXSS) vulnerability in the Evernote  ...)
	NOT-FOR-US: Evernote
CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...)
	NOT-FOR-US: NETGEAR
CVE-2019-12590
	RESERVED
CVE-2019-12588 (The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2. ...)
	NOT-FOR-US: Espressif
CVE-2019-12587 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...)
	NOT-FOR-US: Espressif
CVE-2019-12586 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...)
	NOT-FOR-US: Espressif
CVE-2019-12585 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...)
	- apcupsd <not-affected> (Vulnerable code in pfSense-specific status page)
CVE-2019-12584 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...)
	- apcupsd <not-affected> (Vulnerable code in pfSense-specific status page)
CVE-2019-12583 (Missing Access Control in the "Free Time" component of several Zyxel U ...)
	NOT-FOR-US: Zyxel
CVE-2019-12582
	REJECTED
CVE-2019-12581 (A reflective Cross-site scripting (XSS) vulnerability in the free_time ...)
	NOT-FOR-US: Zyxel
CVE-2019-12580
	RESERVED
CVE-2019-12579 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12578 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12577 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12576 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12575 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12574 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12573 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client
CVE-2019-12571 (A vulnerability in the London Trust Media Private Internet Access (PIA ...)
	NOT-FOR-US: Private Internet Access client
CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Status by  ...)
	NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for WordPress
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...)
	NOT-FOR-US: Viber
CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in Open TFT ...)
	NOT-FOR-US: Open TFTP Server
CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in Open TFT ...)
	NOT-FOR-US: Open TFTP Server
CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS i ...)
	NOT-FOR-US: WP Statistics plugin for WordPress
CVE-2019-12565
	RESERVED
CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the d ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2019-12563
	RESERVED
CVE-2019-12562 (Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 a ...)
	NOT-FOR-US: DNN
CVE-2019-12561
	RESERVED
CVE-2019-12560
	RESERVED
CVE-2019-12559
	RESERVED
CVE-2019-12558
	RESERVED
CVE-2019-12557
	RESERVED
CVE-2019-12556
	RESERVED
CVE-2019-12555 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
	NOT-FOR-US: SweetScape 010 Editor
CVE-2019-12554 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
	NOT-FOR-US: SweetScape 010 Editor
CVE-2019-12553 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
	NOT-FOR-US: SweetScape 010 Editor
CVE-2019-12552 (In SweetScape 010 Editor 9.0.1, an integer overflow during the initial ...)
	NOT-FOR-US: SweetScape 010 Editor
CVE-2019-12551 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
	NOT-FOR-US: SweetScape 010 Editor
CVE-2019-12550 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...)
	NOT-FOR-US: WAGO devices
CVE-2019-12549 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...)
	NOT-FOR-US: WAGO devices
CVE-2019-12548 (Bludit before 3.9.0 allows remote code execution for an authenticated  ...)
	NOT-FOR-US: bludit
CVE-2019-12547
	RESERVED
CVE-2019-12546
	RESERVED
CVE-2019-12545
	RESERVED
CVE-2019-12544
	RESERVED
CVE-2019-12543 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12542 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12541 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12540 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Th ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12539 (An issue was discovered in the Purchase component of Zoho ManageEngine ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-12538 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-12537 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-12536
	RESERVED
CVE-2019-12535
	RESERVED
CVE-2019-12534
	RESERVED
CVE-2019-12533
	RESERVED
CVE-2019-12532 (Improper access control in the Insyde software tools may allow an auth ...)
	NOT-FOR-US: Insyde software tools
CVE-2019-12531
	RESERVED
CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
	NOT-FOR-US: Dashboard plugin for GLPI
CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through  ...)
	{DSA-4507-1 DLA-1858-1}
	- squid 4.8-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP  ...)
	{DSA-4682-1}
	- squid 4.10-1 (bug #950925)
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
	NOTE: Squid 3: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8cdb18ca1829a0b7faa1c9e472604ed0e7e105ac.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-c1bebac9c1135b7add6589db35c62f16db195b8f.patch
CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...)
	{DSA-4507-1}
	- squid 4.8-1
	- squid3 <not-affected> (Vulnerable code introduced in 4.0.23)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
	NOTE: The code in squid 3.x limits the amount of input data decoded to one byte less
	NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded
	NOTE: without regard for the size of the target buffer.
CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in  ...)
	{DSA-4682-1 DLA-2028-1}
	- squid 4.9-1
	- squid3 <removed>
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through  ...)
	{DSA-4507-1 DLA-1858-1}
	- squid 4.8-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-409956536647b3a05ee1e367424a24ae6b8f13fd.patch
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch
CVE-2019-12524 (An issue was discovered in Squid through 4.7. When handling requests f ...)
	{DSA-4682-1}
	- squid 4.8-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...)
	{DSA-4682-1}
	- squid 4.9-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run as roo ...)
	TODO: check
CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...)
	{DSA-4682-1}
	- squid 4.11-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch
CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...)
	{DSA-4682-1}
	- squid 4.8-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...)
	{DSA-4682-1}
	- squid 4.11-1
	- squid3 <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch
CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...)
	NOT-FOR-US: User API in TheHive Project
CVE-2019-12518 (Anviz CrossChex access control management software 4.3.8.0 and 4.3.12  ...)
	NOT-FOR-US: Anviz CrossChex
CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...)
	NOT-FOR-US: slickquiz plugin for WordPress
CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...)
	NOT-FOR-US: slickquiz plugin for WordPress
CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function FlateStre ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
	NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar
CVE-2019-12514
	RESERVED
CVE-2019-12513 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP dis ...)
	NOT-FOR-US: Netgear
CVE-2019-12512 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execu ...)
	NOT-FOR-US: Netgear
CVE-2019-12511 (In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may exec ...)
	NOT-FOR-US: Netgear
CVE-2019-12510 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypas ...)
	NOT-FOR-US: Netgear
CVE-2019-12509
	RESERVED
CVE-2019-12508
	RESERVED
CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative Path) thr ...)
	NOT-FOR-US: Relative Path PHP library
CVE-2019-12506 (Due to unencrypted and unauthenticated data communication, the wireles ...)
	NOT-FOR-US: Logitech
CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the wireles ...)
	NOT-FOR-US: Inateck
CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...)
	NOT-FOR-US: Inateck
CVE-2019-12503 (Due to unencrypted and unauthenticated data communication, the wireles ...)
	NOT-FOR-US: Inateck
CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...)
	NOT-FOR-US: MOBOTIX cameras
CVE-2019-12501
	RESERVED
CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...)
	NOT-FOR-US: Xiaomi M365 scooter
CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...)
	NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
	{DLA-1816-1}
	- otrs2 6.0.19-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57
CVE-2019-12496 (An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt  ...)
	NOT-FOR-US: Hybrid Group Gobot
CVE-2019-12495 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (bug #929872)
	[buster] - tcc <ignored> (Minor issue)
	[stretch] - tcc <ignored> (Minor issue)
	[jessie] - tcc <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-05/msg00044.html
	NOTE: https://repo.or.cz/tinycc.git/commit/d04ce7772c2bc2781ab2502e0b1f1964488814b5
CVE-2019-12494 (In Gardener before 0.20.0, incorrect access control in seed clusters a ...)
	NOT-FOR-US: Gardener
CVE-2019-12493 (A stack-based buffer over-read exists in PostScriptFunction::transform ...)
	{DLA-1939-1}
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
	- poppler 0.44.0-2
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/37840827c4073dedfd37915a74eb8fe0c44843c3
CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and  ...)
	NOT-FOR-US: Gallagher Command Centre
CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to r ...)
	NOT-FOR-US: OnApp
CVE-2019-12490 (An issue was discovered in Simple Machines Forum (SMF) before 2.0.16.  ...)
	NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...)
	NOT-FOR-US: Fastweb Askey RTV1907VW devices
CVE-2019-12488
	RESERVED
CVE-2019-12487
	RESERVED
CVE-2019-12486
	RESERVED
CVE-2019-12485
	RESERVED
CVE-2019-12484
	RESERVED
CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buffer ov ...)
	{DLA-1841-1}
	- gpac <unfixed> (bug #931088)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1249
	NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
	{DLA-1841-1}
	- gpac <unfixed> (bug #931088)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1249
	NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
	{DLA-1841-1}
	- gpac <unfixed> (bug #931088)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1249
	NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
	NOT-FOR-US: BACnet Protocol Stack
CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vuln ...)
	NOT-FOR-US: 20|20 Storage
CVE-2019-12478
	RESERVED
CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
	NOT-FOR-US: Supra Smart Cloud TV
CVE-2019-12476 (An authentication bypass vulnerability in the password reset functiona ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-12475 (In MicroStrategy Web before 10.4.6, there is stored XSS in metric due  ...)
	NOT-FOR-US: MicroStrategy Web
CVE-2019-12474 (Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Pri ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T212118
CVE-2019-12473 (Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing inv ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T204729
CVE-2019-12472 (An Incorrect Access Control vulnerability was found in Wikimedia Media ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T199540
CVE-2019-12471 (Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaSc ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T207603
CVE-2019-12470 (Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppr ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T222038
CVE-2019-12469 (MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed user ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T222036
CVE-2019-12468 (An Incorrect Access Control vulnerability was found in Wikimedia Media ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T197279
CVE-2019-12467 (MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3).  ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T209794
CVE-2019-12466 (Wikimedia MediaWiki through 1.32.1 allows CSRF. ...)
	{DSA-4460-1}
	- mediawiki 1:1.31.2-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://phabricator.wikimedia.org/T25227
CVE-2019-12465 (An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was i ...)
	NOT-FOR-US: LibreNMS
CVE-2019-12464 (An issue was discovered in LibreNMS 1.50.1. An authenticated user can  ...)
	NOT-FOR-US: LibreNMS
CVE-2019-12463 (An issue was discovered in LibreNMS 1.50.1. The scripts that handle gr ...)
	NOT-FOR-US: LibreNMS
CVE-2019-12462
	RESERVED
CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...)
	NOT-FOR-US: Web Port
CVE-2019-12460 (Web Port 1.19.1 allows XSS via the /access/setup type parameter. ...)
	NOT-FOR-US: Web Port
CVE-2019-12459 (FileRun 2019.05.21 allows customizables/plugins/audio_player Directory ...)
	NOT-FOR-US: FileRun
CVE-2019-12458 (FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has ...)
	NOT-FOR-US: FileRun
CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. This issue h ...)
	NOT-FOR-US: FileRun
CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...)
	NOT-FOR-US: Google Sign-In
CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length 0) of the ...)
	- firejail 0.9.58.2-2 (bug #929733)
	[stretch] - firejail <no-dsa> (Minor issue)
	NOTE: https://github.com/netblue30/firejail/issues/2401
	NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside the jai ...)
	- firejail 0.9.58.2-2 (bug #929732)
	[stretch] - firejail <no-dsa> (Minor issue)
	NOTE: https://github.com/netblue30/firejail/issues/2718
	NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...)
	- linux <unfixed> (unimportant)
	NOTE: The double-fetched value is not used after the second fetch, thus an invalid issue
	NOTE: from security impact perspective. CVE should probably be rejected.
CVE-2019-12455 (** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in driv ...)
	- linux <unfixed> (unimportant)
	NOTE: No/negligible security impact
CVE-2019-12454 (** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in  ...)
	- linux <not-affected> (Vulnerable code not present, introduced in 5.1-rc1)
CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in t ...)
	NOT-FOR-US: MicroStrategy Web
CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...)
	NOT-FOR-US: Containous Traefik
CVE-2019-12451
	RESERVED
CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...)
	{DLA-1866-2 DLA-1866-1}
	[experimental] - glib2.0 2.60.0-1
	- glib2.0 2.60.5-1 (bug #931234)
	[buster] - glib2.0 2.58.3-2+deb10u1
	[stretch] - glib2.0 2.50.3-2+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1658
	NOTE: https://gitlab.gnome.org/GNOME/glib/merge_requests/450
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429
CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1  ...)
	{DLA-1826-1}
	- glib2.0 2.58.3-2 (bug #929753)
	[stretch] - glib2.0 2.50.3-2+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
	- gvfs 1.38.1-4 (bug #929755)
	[stretch] - gvfs <no-dsa> (Minor issue)
	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
CVE-2019-12448 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
	- gvfs 1.38.1-4 (bug #929755)
	[stretch] - gvfs <no-dsa> (Minor issue)
	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...)
	- gvfs 1.38.1-4 (bug #929755)
	[stretch] - gvfs <no-dsa> (Minor issue)
	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
CVE-2019-12446 (An issue was discovered in GitLab Community and Enterprise Edition 8.3 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12445 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12444 (An issue was discovered in GitLab Community and Enterprise Edition 8.9 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12443 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12442 (An issue was discovered in GitLab Enterprise Edition 11.7 through 11.1 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12441 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...)
	NOT-FOR-US: Sitecore CMS
CVE-2019-12438
	RESERVED
CVE-2019-12437 (In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does n ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12436 (Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to  ...)
	- samba <not-affected> (Only affects Samba since 4.10.0)
	NOTE: https://www.samba.org/samba/security/CVE-2019-12436.html
CVE-2019-12435 (Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer d ...)
	- samba 2:4.9.5+dfsg-5 (bug #930748)
	[stretch] - samba <not-affected> (Only affects Samba since 4.9)
	[jessie] - samba <not-affected> (Only affects Samba since 4.9)
	NOTE: https://www.samba.org/samba/security/CVE-2019-12435.html
CVE-2019-12434 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12433 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12432 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12431 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12430 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects 11.11)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12429 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects 11.9 and later)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12428 (An issue was discovered in GitLab Community and Enterprise Edition 6.8 ...)
	[experimental] - gitlab 11.10.5+dfsg-1
	- gitlab 12.6.8-3 (bug #930004)
	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-pers ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2019-12426 (an unauthenticated user could get access to information of some backen ...)
	NOT-FOR-US: Apache OFBiz
CVE-2019-12425 (Apache OFBiz 17.12.01 is vulnerable to Host header injection by accept ...)
	NOT-FOR-US: Apache OFBiz
CVE-2019-12424
	REJECTED
CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which allows  ...)
	NOT-FOR-US: Apache CFX
CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me" config ...)
	- shiro <unfixed> (low; bug #947945)
	[buster] - shiro <no-dsa> (Minor issue)
	[stretch] - shiro <no-dsa> (Minor issue)
	[jessie] - shiro <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/11/18/1
	NOTE: Fixed by https://github.com/apache/shiro/commit/44f6548b97610cdf661976969d5735c0be14a57b#diff-a8fc9cf5d6f24966aa18cdf0850a730e
CVE-2019-12421 (When using an authentication mechanism other than PKI, when the user c ...)
	NOT-FOR-US: Apache NiFi
CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in a way ...)
	{DSA-4584-1 DLA-2037-1}
	- spamassassin 3.4.3~rc6-1 (bug #946653)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/2
	NOTE: https://markmail.org/message/pyp425yrulfxyhrn
	NOTE: https://svn.apache.org/r1866128
CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...)
	NOT-FOR-US: Apache CFX
CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...)
	{DSA-4680-1 DSA-4596-1 DLA-2155-1 DLA-2077-1}
	- tomcat9 9.0.31-1
	- tomcat8 <removed>
	- tomcat7 <removed>
	NOTE: https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3 (9.0.29)
	NOTE: https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00 (8.5.48)
	NOTE: https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b (7.0.98)
CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow  ...)
	- airflow <itp> (bug #819700)
CVE-2019-12416 (we got reports for 2 injection attacks against the DeltaSpike windowha ...)
	NOT-FOR-US: DeltaSpike
CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...)
	- libapache-poi-java <unfixed> (bug #943565)
	[buster] - libapache-poi-java <no-dsa> (Minor issue)
	[stretch] - libapache-poi-java <no-dsa> (Minor issue)
	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1
CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view database nam ...)
	NOT-FOR-US: Apache Superset
CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...)
	NOT-FOR-US: Apache Superset
CVE-2019-12411
	RESERVED
CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...)
	NOT-FOR-US: Apache Arrow
CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure settin ...)
	- lucene-solr <not-affected> (Vulnerable code was introduced later)
	NOTE: https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E
CVE-2019-12408 (It was discovered that the C++ implementation (which underlies the R,  ...)
	NOT-FOR-US: Apache Arrow
CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
	- jspwiki <removed>
CVE-2019-12406 (Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of mes ...)
	NOT-FOR-US: Apache CFX
CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...)
	NOT-FOR-US: Apache Traffic Control
CVE-2019-12404 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
	- jspwiki <removed>
CVE-2019-12403
	REJECTED
CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...)
	- libcommons-compress-java 1.18-3 (low; bug #939610)
	[buster] - libcommons-compress-java <no-dsa> (Minor issue)
	[stretch] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
	NOTE: Fixed in upstream commit: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=4ad5d80a6272e007f64a6ac66829ca189a8093b9;hp=16a0c84e84b93cc8c107b7ff3080bd11317ab581
CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are v ...)
	- lucene-solr <not-affected> (system libraries of libwoodstox-java and libstax-api-java are used in Debian)
	NOTE: https://issues.apache.org/jira/browse/SOLR-13750
	NOTE: https://www.openwall.com/lists/oss-security/2019/09/10/1
	NOTE: Upstream's fix (upgrading dependencies) suggests the issue is in libwoodstox-java:
	NOTE: https://issues.apache.org/jira/browse/SOLR-6830
	NOTE: May be related to the change in the 4.x series of libwoodstox-java to
	NOTE: disabling coalescing by default which can trigger large memory consumption
	NOTE: when parsing specially crafted XML data.
CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...)
	- libxml-security-java <unfixed> (bug #935548)
	[stretch] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3)
	[jessie] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3)
	NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc
CVE-2019-12399 (When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0 ...)
	- kafka <itp> (bug #786460)
CVE-2019-12398 (In Apache Airflow before 1.10.5 when running with the "classic" UI, a  ...)
	- airflow <itp> (bug #819700)
CVE-2019-12397 (Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnera ...)
	NOT-FOR-US: Apache Ranger
CVE-2019-12396
	REJECTED
CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check  ...)
	NOT-FOR-US: Webbukkit Dynmap
CVE-2019-12394 (Anviz access control devices allow unverified password change which al ...)
	NOT-FOR-US: Anviz
CVE-2019-12393 (Anviz access control devices are vulnerable to replay attacks which co ...)
	NOT-FOR-US: Anviz
CVE-2019-12392 (Anviz access control devices allow remote attackers to issue commands  ...)
	NOT-FOR-US: Anviz
CVE-2019-12391 (The Anviz Management System for access control has insufficient loggin ...)
	NOT-FOR-US: Anviz
CVE-2019-12390 (Anviz access control devices expose private Information (pin code and  ...)
	NOT-FOR-US: Anviz
CVE-2019-12389 (Anviz access control devices expose credentials (names and passwords)  ...)
	NOT-FOR-US: Anviz
CVE-2019-12388 (Anviz access control devices perform cleartext transmission of sensiti ...)
	NOT-FOR-US: Anviz
CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...)
	- twisted 18.9.0-7 (bug #930389)
	[buster] - twisted <no-dsa> (Minor issue)
	[stretch] - twisted <no-dsa> (Minor issue)
	[jessie] - twisted <no-dsa> (Minor issue)
	NOTE: https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS exists  ...)
	{DLA-1988-1}
	- ampache <removed>
	NOTE: https://github.com/ampache/ampache/issues/1872
	NOTE: according to the github issue, it is not really fixed yet
CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search engine is ...)
	{DLA-1988-1}
	- ampache <removed>
	NOTE: https://github.com/ampache/ampache/issues/1872
	NOTE: according to the github issue, it is not really fixed yet
CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to ...)
	{DLA-1831-1}
	- jackson-databind 2.9.8-3 (bug #930750)
	[stretch] - jackson-databind 2.8.6-1+deb9u6
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2334
	NOTE: https://github.com/FasterXML/jackson-databind/commit/c9ef4a10d6f6633cf470d6a469514b68fa2be234
CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure vulnerability. It ...)
	- firefox-esr <unfixed> (unimportant)
	- firefox <unfixed> (unimportant)
	NOTE: https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55
	NOTE: https://hackerone.com/reports/282748
	NOTE: https://trac.torproject.org/projects/tor/ticket/24056
	NOTE: This affects Firefox, but it's not a security issue in Firefox by itself
CVE-2019-12382 (** DISPUTED ** An issue was discovered in drm_load_edid_firmware in dr ...)
	- linux <unfixed> (unimportant)
	NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12381 (** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip ...)
	- linux <unfixed> (unimportant)
	NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12380 (**DISPUTED** An issue was discovered in the efi subsystem in the Linux ...)
	- linux <unfixed> (unimportant)
	NOTE: No security impact, all code involved runs at boot before userland starts
CVE-2019-12379 (** DISPUTED ** An issue was discovered in con_insert_unipair in driver ...)
	- linux <unfixed> (unimportant)
	NOTE: No real security issue and fix introduces real security issue, see kernel-sec
CVE-2019-12378 (** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ...)
	- linux <unfixed> (unimportant)
	NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK M ...)
	NOT-FOR-US: LANDESK
CVE-2019-12376 (Use of a hard-coded encryption key in Ivanti LANDESK Management Suite  ...)
	NOT-FOR-US: LANDESK
CVE-2019-12375 (Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoin ...)
	NOT-FOR-US: LANDESK
CVE-2019-12374 (A SQL Injection vulnerability exists in Ivanti LANDESK Management Suit ...)
	NOT-FOR-US: LANDESK
CVE-2019-12373 (Improper access control and open directories in Ivanti LANDESK Managem ...)
	NOT-FOR-US: LANDESK
CVE-2019-12372 (Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via ...)
	NOT-FOR-US: Petraware pTransformer ADC
CVE-2019-12371
	RESERVED
CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via an even ...)
	NOT-FOR-US: some Android application
CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows XSS via an ...)
	NOT-FOR-US: some Android application
CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows XSS via a ...)
	NOT-FOR-US: some Android application
CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows XSS via a ...)
	NOT-FOR-US: some Android application
CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via an even ...)
	NOT-FOR-US: some Android application
CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS via an e ...)
	NOT-FOR-US: some Android application
CVE-2019-12364
	RESERVED
CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...)
	NOT-FOR-US: MyBB plugin
CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doacti ...)
	NOT-FOR-US: EmpireCMS
CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.ph ...)
	NOT-FOR-US: EmpireCMS
CVE-2019-12360 (A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...)
	{DLA-1815-1}
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
	- poppler 0.38.0-2
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/cdb7ad95f7c8fbf63ade040d8a07ec96467042fc (poppler-0.32.0)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/bf4aae25a244b1033a2479b9a8f633224f7d5de5 (poppler-0.32.0)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=85243
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1136620
CVE-2019-12359
	RESERVED
CVE-2019-12358
	RESERVED
CVE-2019-12357
	RESERVED
CVE-2019-12356
	RESERVED
CVE-2019-12355
	RESERVED
CVE-2019-12354
	RESERVED
CVE-2019-12353
	RESERVED
CVE-2019-12352
	RESERVED
CVE-2019-12351
	RESERVED
CVE-2019-12350
	RESERVED
CVE-2019-12349
	RESERVED
CVE-2019-12348
	RESERVED
CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers  ...)
	NOT-FOR-US: pfSense
CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for Word ...)
	NOT-FOR-US: miniOrange SAML SP Single Sign On plugin for WordPress
CVE-2019-12345 (XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. ...)
	NOT-FOR-US: Kiboko Hostel plugin for WordPress
CVE-2019-12344
	RESERVED
CVE-2019-12343
	RESERVED
CVE-2019-12342
	RESERVED
CVE-2019-12341
	RESERVED
CVE-2019-12340
	RESERVED
CVE-2019-12339
	RESERVED
CVE-2019-12338
	RESERVED
CVE-2019-12337
	RESERVED
CVE-2019-12336
	RESERVED
CVE-2019-12335
	RESERVED
CVE-2019-12334
	RESERVED
CVE-2019-12333
	RESERVED
CVE-2019-12332
	RESERVED
CVE-2019-12331 (PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner ...)
	NOT-FOR-US: PHPOffice PhpSpreadsheet
CVE-2019-12330
	RESERVED
CVE-2019-12329
	RESERVED
CVE-2019-12328 (A command injection (missing input validation) issue in the remote pho ...)
	NOT-FOR-US: Atcom A10W VoIP phone
CVE-2019-12327 (Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow a ...)
	NOT-FOR-US: Akuvox R50P VoIP phone
CVE-2019-12326 (Missing file and path validation in the ringtone upload function of th ...)
	NOT-FOR-US: Akuvox R50P VoIP phone
CVE-2019-12325 (The Htek UC902 VoIP phone web management interface contains several bu ...)
	NOT-FOR-US: Htek UC902 VoIP phone
CVE-2019-12324 (A command injection (missing input validation) issue in the IP address ...)
	NOT-FOR-US: Akuvox R50P VoIP phone
CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows an Inval ...)
	NOT-FOR-US: Hosting Controller HC10
CVE-2019-12322
	RESERVED
CVE-2019-12321
	REJECTED
CVE-2019-12320
	RESERVED
CVE-2019-12319
	RESERVED
CVE-2019-12318
	RESERVED
CVE-2019-12317
	RESERVED
CVE-2019-12316
	RESERVED
CVE-2019-12315 (Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS)  ...)
	NOT-FOR-US: Samsung
CVE-2019-12314 (Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute pa ...)
	NOT-FOR-US: Deltek Maconomy
CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is mishandled ...)
	NOT-FOR-US: Shave
CVE-2019-12312 (In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon  ...)
	[experimental] - libreswan 3.28-1
	- libreswan 3.27-5 (bug #929916)
	NOTE: https://github.com/libreswan/libreswan/issues/246
	NOTE: https://github.com/libreswan/libreswan/commit/7142d2c37d58cf024595a7549f0fb0d3946682f8
	NOTE: https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
	NOTE: https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch
CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php  ...)
	- ampache <removed>
	[jessie] - ampache <no-dsa> (Minor issue)
	NOTE: https://fenceposterror.github.io/2017/06/16/Hacking-For-Fun-And-Non-Profit.html
	NOTE: https://github.com/ampache/ampache/issues/1555
CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...)
	NOT-FOR-US: Xinha plugin in Precurio
CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...)
	NOT-FOR-US: PHPKIT
CVE-2016-10757 (In Redaxo 5.2.0, the cron management of the admin panel suffers from C ...)
	NOT-FOR-US: Redaxo
CVE-2016-10756 (Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload becaus ...)
	NOT-FOR-US: Kliqqi
CVE-2016-10755 (AbanteCart 1.2.8 allows SQL Injection via the source_language paramete ...)
	NOT-FOR-US: AbanteCart
CVE-2016-10754 (modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection ...)
	NOT-FOR-US: Vtiger CRM
CVE-2016-10753 (e107 2.1.2 allows PHP Object Injection with resultant SQL injection, b ...)
	NOT-FOR-US: e107
CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote atta ...)
	- serendipity <removed>
CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the  ...)
	NOT-FOR-US: osClass
CVE-2019-12311 (Sandline Centraleyezer (On Premises) allows Unrestricted File Upload l ...)
	NOT-FOR-US: Sandline Centraleyezer
CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monit ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by  ...)
	NOT-FOR-US: dotCMS
CVE-2019-12308 (An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ...)
	{DSA-4476-1 DLA-1814-1}
	- python-django 1:1.11.21-1 (bug #929927)
	NOTE: https://github.com/django/django/commit/deeba6d92006999fee9adfbd8be79bf0a59e8008 (master)
	NOTE: https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b (1.11.21)
CVE-2019-12307
	RESERVED
CVE-2019-12306
	RESERVED
CVE-2019-12305
	RESERVED
CVE-2019-12304
	RESERVED
CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...)
	NOT-FOR-US: Rancher
CVE-2019-12302
	RESERVED
CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...)
	NOT-FOR-US: Percona server
CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted au ...)
	- buildbot 2.0.1-2 (bug #929849)
	[stretch] - buildbot <not-affected> (Vulnerable code introduced later)
	[jessie] - buildbot <not-affected> (Vulnerable code got added later)
	NOTE: https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication
CVE-2019-12299 (Sandline Centraleyezer (On Premises) allows Stored XSS using HTML enti ...)
	NOT-FOR-US: Sandline Centraleyezer
CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
	NOT-FOR-US: Leanify
CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
	NOT-FOR-US: Motorola
CVE-2019-12296
	RESERVED
CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the  ...)
	- wireshark 2.6.8-1.1 (low; bug #929446)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-19.html
CVE-2019-12294
	RESERVED
CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...)
	{DLA-1815-1}
	- poppler 0.71.0-5 (bug #929423)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c
CVE-2019-12292 (Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. ...)
	NOT-FOR-US: Citrix AppDNA
CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...)
	- consul 1.4.5+dfsg1-1
	[buster] - consul <not-affected> (Vulnerable code introduced in 1.4.0)
	NOTE: https://github.com/hashicorp/consul/issues/5888
CVE-2019-12290 (GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ...)
	- libidn2 2.2.0-1
	[buster] - libidn2 <no-dsa> (Minor issue; intrusive to backport)
	NOTE: https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5 (2.2.0)
	NOTE: https://gitlab.com/libidn/libidn2/merge_requests/71
CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...)
	NOT-FOR-US: VStarcam
CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WI ...)
	NOT-FOR-US: VStarcam
CVE-2019-12287
	RESERVED
CVE-2019-12286
	RESERVED
CVE-2019-12285
	RESERVED
CVE-2019-12284
	RESERVED
CVE-2019-12283
	RESERVED
CVE-2019-12282
	RESERVED
CVE-2019-12281
	RESERVED
CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. ...)
	NOT-FOR-US: PC-Doctor Toolbox
CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username p ...)
	NOT-FOR-US: Nagios XI
CVE-2019-12278 (Opera through 53 on Android allows Address Bar Spoofing. Characters fr ...)
	NOT-FOR-US: Opera
CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...)
	NOT-FOR-US: Blogifier
CVE-2019-12276 (A Path Traversal vulnerability in Controllers/LetsEncryptController.cs ...)
	NOT-FOR-US: GrandNode
CVE-2019-12275
	RESERVED
CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerable to  ...)
	- hazelcast <itp> (bug #745640)
CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...)
	NOT-FOR-US: Rancher
CVE-2019-12273 (** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceD ...)
	NOT-FOR-US: OutSystems Platform
CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
	NOT-FOR-US: OpenWrt LuCI
CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...)
	NOT-FOR-US: Sandline Centraleyezer
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
	NOT-FOR-US: OpenText Brava!
CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...)
	- enigmail 2:2.0.11+ds1-1 (bug #929363)
	[buster] - enigmail 2:2.0.12+ds1-1~deb10u1
	[stretch] - enigmail <no-dsa> (Issue can be fixed via point release)
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: https://sourceforge.net/p/enigmail/bugs/983/
CVE-2019-12268
	RESERVED
CVE-2019-12267
	RESERVED
CVE-2019-12266
	RESERVED
CVE-2019-12265 (Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Le ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect  ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP comp ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12262 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Contr ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP compon ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12259 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12258 (Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP com ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12257 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP c ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12255 (Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-12254
	RESERVED
CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...)
	NOT-FOR-US: my little forum
CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the low ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...)
	NOT-FOR-US: UCMS
CVE-2019-12250 (** DISPUTED ** IdentityServer IdentityServer4 through 2.4 has stored X ...)
	NOT-FOR-US: IdentityServer
CVE-2019-12249
	RESERVED
CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
	{DLA-1816-1}
	- otrs2 6.0.19-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/edbc7371a52fc5d0032e934d2456b5f39da317f1
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/2d85ce89515db8e94b36ea8ba97f21e27aa66efd
CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/comm ...)
	- qemu <unfixed> (unimportant; bug #929365)
	- qemu-kvm <removed> (unimportant)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html
	NOTE: Disputed upstream as not beeing exploitable.
CVE-2019-12246 (SilverStripe through 4.3.3 allows a Denial of Service on flush and dev ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected  ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12244
	RESERVED
CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
	NOT-FOR-US: Istio
CVE-2019-12242
	RESERVED
CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserializat ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-12240 (The Virim plugin 0.4 for WordPress allows Insecure Deserialization via ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-12239 (The WP Booking System plugin 1.5.1 for WordPress has no CSRF protectio ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-12238
	RESERVED
CVE-2019-12237
	RESERVED
CVE-2019-12236
	RESERVED
CVE-2019-12235
	RESERVED
CVE-2019-12234
	RESERVED
CVE-2019-12233
	RESERVED
CVE-2019-12232
	RESERVED
CVE-2019-12231
	RESERVED
CVE-2019-12230
	RESERVED
CVE-2019-12229
	RESERVED
CVE-2019-12228
	RESERVED
CVE-2019-12227
	RESERVED
CVE-2019-12226
	RESERVED
CVE-2019-12225
	RESERVED
CVE-2019-12224
	RESERVED
CVE-2019-12223 (An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1. ...)
	NOT-FOR-US: Hanwah Techwin SRN-472s devices
CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621
	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628
	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627
	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625
	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620
	NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626
	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4619
	NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in  ...)
	- matomo <itp> (bug #448532)
CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...)
	- freeimage <unfixed> (bug #947478)
	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
	[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
	NOTE: very few information regarding this vulnerability, which is seemingly located
	NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace, this is
	NOTE: nearly unfixable.
CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...)
	{DSA-4593-1 DLA-2031-1}
	- freeimage 3.18.0+ds2-3 (bug #929597)
	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
	NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize  ...)
	- freeimage <unfixed> (bug #947477)
	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
	[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...)
	{DSA-4593-1 DLA-2031-1}
	- freeimage 3.18.0+ds2-3 (bug #929597)
	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
	NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12210 (In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug ...)
	- pam-u2f 1.0.8-1 (low; bug #930023)
	[buster] - pam-u2f 1.0.7-1+deb10u1
	[stretch] - pam-u2f <no-dsa> (Minor issue)
	NOTE: https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/05/1
CVE-2019-12209 (Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (defa ...)
	- pam-u2f 1.0.8-1 (low; bug #930021)
	[buster] - pam-u2f 1.0.7-1+deb10u1
	[stretch] - pam-u2f <no-dsa> (Minor issue)
	NOTE: https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/05/1
CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
	NOT-FOR-US: njs
CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in ...)
	NOT-FOR-US: njs
CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
	NOT-FOR-US: njs
CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving install ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the "change pass ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12202
	RESERVED
CVE-2019-12201
	RESERVED
CVE-2019-12200
	RESERVED
CVE-2019-12199
	RESERVED
CVE-2019-12198 (In GoHttp through 2017-07-25, there is a stack-based buffer over-read  ...)
	NOT-FOR-US: GoHttp
CVE-2019-12197
	RESERVED
CVE-2019-12196 (A SQL injection vulnerability in /client/api/json/v2/nfareports/compar ...)
	NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
CVE-2019-12195 (TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name.  ...)
	NOT-FOR-US: TP-Link
CVE-2019-12194
	RESERVED
CVE-2019-12193 (H3C H3Cloud OS all versions allows SQL injection via the ear/grid_even ...)
	NOT-FOR-US: H3C H3Cloud OS
CVE-2019-12192
	RESERVED
CVE-2019-12191
	RESERVED
CVE-2019-12190 (XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel t ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-12189 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-12188
	RESERVED
CVE-2019-12187
	RESERVED
CVE-2019-12186 (An issue was discovered in Sylius products. Missing input sanitization ...)
	NOT-FOR-US: Sylius
CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...)
	NOT-FOR-US: eLabFTW
CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
	NOT-FOR-US: Boostnote
CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...)
	NOT-FOR-US: Safescan Timemoto
CVE-2019-12182 (Directory Traversal in Safescan Timemoto and TA-8000 series version 1. ...)
	NOT-FOR-US: Safescan Timemoto and TA-8000 series
CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
	NOT-FOR-US: SolarWinds
CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0  ...)
	NOT-FOR-US: SmartBear ReadyAPI
CVE-2019-12179
	RESERVED
CVE-2019-12178
	RESERVED
CVE-2019-12177 (Privilege escalation due to insecure directory permissions affecting V ...)
	NOT-FOR-US: HTC VIVEPORT
CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and "ViveportDesktop ...)
	NOT-FOR-US: HTC VIVEPORT
CVE-2019-12175 (In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, ...)
	- bro 2.6.4+ds1-1 (low)
	[buster] - bro <no-dsa> (Minor issue)
	[stretch] - bro <no-dsa> (Minor issue)
CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege escalation vuln ...)
	NOT-FOR-US: hide.me
CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, w ...)
	NOT-FOR-US: MacDown
CVE-2019-12172 (Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modifie ...)
	NOT-FOR-US: Typora
CVE-2019-12171 (Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Drop ...)
	NOT-FOR-US: Dropbox desktop application
CVE-2019-12170 (ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the m ...)
	NOT-FOR-US: ATutor
CVE-2019-12169 (ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, res ...)
	NOT-FOR-US: ATutor
CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code ...)
	NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices
CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1 ...)
	NOT-FOR-US: Emerson Network Power Liebert Challenger
CVE-2019-12166
	RESERVED
CVE-2019-12165 (MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier,  ...)
	NOT-FOR-US: MiCollab
CVE-2019-12164 (ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ ...)
	NOT-FOR-US: Status React Native Desktop
CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to obtain pot ...)
	NOT-FOR-US: GAT-Ship Web Module
CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the do ...)
	NOT-FOR-US: Upwork Time Tracker
CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...)
	NOT-FOR-US: WPO WebPageTest
CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
	NOT-FOR-US: GoHTTP
CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in the sc ...)
	NOT-FOR-US: GoHTTP
CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...)
	NOT-FOR-US: GoHTTP
CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource versions b ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...)
	{DSA-4454-1 DLA-1927-1}
	- qemu 1:3.1+dfsg-8 (bug #929353)
	[buster] - qemu 1:3.1+dfsg-8~deb10u1
	- qemu-kvm <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
CVE-2019-12154 (XXE in the XML parser library in RealObjects PDFreactor before 10.1.10 ...)
	NOT-FOR-US: PDFreactor
CVE-2019-12153 (Lack of validation in the HTML parser in RealObjects PDFreactor before ...)
	NOT-FOR-US: PDFreactor
CVE-2019-12152
	RESERVED
CVE-2019-12151
	RESERVED
CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded file is a ...)
	NOT-FOR-US: Karamasoft UltimateEditor
CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...)
	- plymouth 0.9.4-1 (low)
	[stretch] - plymouth <no-dsa> (Minor issue)
	[jessie] - plymouth <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
	NOTE: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
	NOTE: https://github.com/systemd/systemd/pull/12378
	NOTE: The fix for https://bugs.debian.org/929116 introduced a regression, cf.
	NOTE: https://bugs.debian.org/929229 .
	NOTE: Issue was originally fixed for unstable in 241-4 but was reverted in 241-5
	NOTE: https://gitlab.freedesktop.org/xorg/xserver/issues/857
	NOTE: Upstream from systemd claimed originally it's not an issue in systemd, but
	NOTE: might revisit. Furthermore the issue might be fixed in the xorg xserver.
	NOTE: Tentative merge request: https://gitlab.freedesktop.org/xorg/xserver/merge_requests/241
	NOTE: Further analysis on the problem: https://gitlab.freedesktop.org/xorg/xserver/issues/857#note_201402
	NOTE: plymouth fix: https://gitlab.freedesktop.org/plymouth/plymouth/commit/28ee4012c94b4045b97e5a2a66f66b7688b2dff3 (0.9.4)
	NOTE: The plymouth fix does not seem to be enough though, cf.
	NOTE: https://gitlab.freedesktop.org/xorg/xserver/issues/857#note_220255
CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...)
	NOT-FOR-US: SilverStripe
CVE-2019-12148 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...)
	NOT-FOR-US: Sangoma Session Border Controller
CVE-2019-12147 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...)
	NOT-FOR-US: Sangoma Session Border Controller
CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
	NOT-FOR-US: Progress ipswitch WS_FTP Server
CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
	NOT-FOR-US: Progress ipswitch WS_FTP Server
CVE-2019-12144 (An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FT ...)
	NOT-FOR-US: Progress ipswitch WS_FTP Server
CVE-2019-12143 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
	NOT-FOR-US: Progress ipswitch WS_FTP Server
CVE-2019-12142
	RESERVED
CVE-2019-12141
	RESERVED
CVE-2019-12140
	RESERVED
CVE-2019-12139 (An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This a ...)
	NOT-FOR-US: eZ Platform
CVE-2019-12138 (MacDown 0.7.1 allows directory traversal, for execution of arbitrary p ...)
	NOT-FOR-US: MacDown
CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows directory traversal, for execution o ...)
	NOT-FOR-US: Typora
CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, a ...)
	NOT-FOR-US: Boostnote
CVE-2019-12135 (An unspecified vulnerability in the application server in PaperCut MF  ...)
	NOT-FOR-US: PaperCut
CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
	NOT-FOR-US: Workday
CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/d ...)
	NOT-FOR-US: ONAP
CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC through Dubl ...)
	NOT-FOR-US: ONAP
CVE-2019-12130 (In ONAP CLI through Dublin, by accessing an applicable port (30234, 30 ...)
	NOT-FOR-US: ONAP
CVE-2019-12129 (In ONAP MSB through Dublin, by accessing an applicable port (30234, 30 ...)
	NOT-FOR-US: ONAP
CVE-2019-12128 (In ONAP SO through Dublin, by accessing an applicable port (30234, 302 ...)
	NOT-FOR-US: ONAP
CVE-2019-12127 (In ONAP OOM through Dublin, by accessing an applicable port (30234, 30 ...)
	NOT-FOR-US: ONAP
CVE-2019-12126 (In ONAP DCAE through Dublin, by accessing an applicable port (30234, 3 ...)
	NOT-FOR-US: ONAP
CVE-2019-12125 (In ONAP Logging through Dublin, by accessing an applicable port (30234 ...)
	NOT-FOR-US: ONAP
CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using an expose ...)
	NOT-FOR-US: ONAP
CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
	NOT-FOR-US: ONAP
CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By executing a  ...)
	NOT-FOR-US: ONAP
CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By executing a pa ...)
	NOT-FOR-US: ONAP
CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By accessing po ...)
	NOT-FOR-US: ONAP
CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By accessing port  ...)
	NOT-FOR-US: ONAP
CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By accessing port  ...)
	NOT-FOR-US: ONAP
CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By accessing port  ...)
	NOT-FOR-US: ONAP
CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By accessing port  ...)
	NOT-FOR-US: ONAP
CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By accessing port  ...)
	NOT-FOR-US: ONAP
CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By accessing por ...)
	NOT-FOR-US: ONAP
CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
	NOT-FOR-US: ONAP
CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/u ...)
	NOT-FOR-US: ONAP
CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
	{DLA-1811-1}
	- miniupnpd 2.1-6 (bug #930050)
	[stretch] - miniupnpd <no-dsa> (Minor issue)
	NOTE: copyIPv6IfDifferent helper introduced in https://github.com/miniupnp/miniupnp/commit/3b12b8fb4e64e90a6319ae0aef3c240a44093439
	NOTE: but possible NULL pointer dereference on the respective argument is present before.
	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f
CVE-2019-12110 (An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnP ...)
	{DLA-1811-1}
	- miniupnpd 2.1-6 (bug #930050)
	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
	NOTE: https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38
CVE-2019-12109 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
	{DLA-1811-1}
	- miniupnpd 2.1-6 (bug #930050)
	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
	NOTE: https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c
	NOTE: https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692
CVE-2019-12108 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
	{DLA-1811-1}
	- miniupnpd 2.1-6 (bug #930050)
	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
	NOTE: https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c
	NOTE: https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692
CVE-2019-12107 (The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd  ...)
	{DLA-1811-1}
	- miniupnpd 2.1-6 (bug #930050)
	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
	NOTE: https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94
	TODO: check, might affect minidlna
CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and ...)
	{DLA-1805-1}
	- minissdpd 1.5.20190210-1 (bug #929297)
	[stretch] - minissdpd 1.2.20130907-4.1+deb9u1
	NOTE: https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
CVE-2019-12105 (** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user ca ...)
	- supervisor <unfixed> (unimportant)
	NOTE: https://github.com/Supervisor/supervisor/issues/1245
	NOTE: Disupted upstream to be vulnerability. inet_http_server is not enabled by
	NOTE: default (neither upstream nor in Debian packaging). Details in the upstream
	NOTE: issue.
CVE-2019-12104 (The web-based configuration interface of the TP-Link M7350 V3 with fir ...)
	NOT-FOR-US: TP-Link
CVE-2019-12103 (The web-based configuration interface of the TP-Link M7350 V3 with fir ...)
	NOT-FOR-US: TP-Link
CVE-2019-12102 (** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore ...)
	NOT-FOR-US: Kentico
CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain ...)
	NOT-FOR-US: LibNyoci
CVE-2019-12100
	RESERVED
CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated us ...)
	NOT-FOR-US: PHP-Fusion
CVE-2019-12098 (In the client side of Heimdal before 7.6.0, failure to verify anonymou ...)
	{DSA-4455-1}
	- heimdal 7.5.0+dfsg-3 (bug #929064)
	[jessie] - heimdal <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf (7.6.0)
	NOTE: Introduced by: https://github.com/heimdal/heimdal/commit/a1ef548600c5bb51cf52a9a9ea12676506ede19f (1.4.0)
CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoop ...)
	NOT-FOR-US: Telerik Fiddler
CVE-2019-12096
	RESERVED
CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...)
	{DLA-2033-1}
	- php-horde-trean <unfixed>
	[buster] - php-horde-trean <no-dsa> (Minor issue)
	[stretch] - php-horde-trean <no-dsa> (Minor issue)
	[jessie] - php-horde-trean <no-dsa> (Minor issue)
	- php-horde 5.2.21+debian0-1
	[buster] - php-horde 5.2.20+debian0-1+deb10u1
	[stretch] - php-horde 5.2.13+debian0-1+deb9u1
	NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75
	NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS)
CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...)
	- php-horde <unfixed>
	[buster] - php-horde <no-dsa> (Minor issue)
	[stretch] - php-horde <no-dsa> (Minor issue)
	[jessie] - php-horde <no-dsa> (Minor issue)
	NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS)
CVE-2019-12093
	RESERVED
CVE-2019-12092
	RESERVED
CVE-2019-12091 (The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2 ...)
	NOT-FOR-US: Netskope
CVE-2019-12090
	RESERVED
CVE-2019-12089
	RESERVED
CVE-2019-12088
	RESERVED
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
	NOT-FOR-US: Samsung devices
CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
	{DSA-4452-1 DLA-1798-1}
	- jackson-databind 2.9.8-2 (bug #929177)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
	NOTE: https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
CVE-2019-12085
	RESERVED
CVE-2019-12084
	RESERVED
CVE-2019-12083 (The Rust Programming Language Standard Library 1.34.x before 1.34.2 co ...)
	- rustc <not-affected> (Introduced in 1.34)
	NOTE: https://blog.rust-lang.org/2019/05/13/Security-advisory.html
CVE-2019-12082
	RESERVED
CVE-2019-12081
	RESERVED
CVE-2019-12080
	RESERVED
CVE-2019-12079
	RESERVED
CVE-2019-12078
	RESERVED
CVE-2019-12077
	RESERVED
CVE-2019-12076
	RESERVED
CVE-2019-12075
	RESERVED
CVE-2019-12074
	RESERVED
CVE-2019-12073
	RESERVED
CVE-2019-12072
	RESERVED
CVE-2019-12071
	RESERVED
CVE-2019-12070
	RESERVED
CVE-2019-12069
	RESERVED
CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...)
	{DSA-4665-1 DLA-1927-1}
	- qemu 1:4.1-2 (low)
	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
	RESERVED
	- qemu <unfixed> (low)
	[buster] - qemu <postponed> (Minor issue, can be fixed along in future update)
	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
	[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
	NOTE: patch not sanctioned as of 20190909
	NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed
	NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
CVE-2019-12066
	RESERVED
CVE-2019-12065
	RESERVED
CVE-2019-12064
	RESERVED
CVE-2019-12063
	RESERVED
CVE-2019-12062
	RESERVED
CVE-2019-12061
	RESERVED
CVE-2019-12060
	RESERVED
CVE-2019-12059
	RESERVED
CVE-2019-12058
	RESERVED
CVE-2019-12057
	RESERVED
CVE-2019-12056
	RESERVED
CVE-2019-12055
	RESERVED
CVE-2019-12054
	RESERVED
CVE-2019-12053
	RESERVED
CVE-2019-12052
	RESERVED
CVE-2019-12051
	RESERVED
CVE-2019-12050
	RESERVED
CVE-2019-12049
	RESERVED
CVE-2019-12048
	RESERVED
CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module ...)
	NOT-FOR-US: Gridea
CVE-2019-12045
	RESERVED
CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10. ...)
	NOT-FOR-US: Citrix NetScaler Gateway
CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...)
	NOT-FOR-US: remarkable
CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAgentSha ...)
	NOT-FOR-US: Panda products
CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...)
	NOT-FOR-US: remarkable
CVE-2019-12040
	REJECTED
CVE-2019-12039
	REJECTED
CVE-2019-12038
	REJECTED
CVE-2019-12037
	REJECTED
CVE-2019-12036
	REJECTED
CVE-2019-12035
	REJECTED
CVE-2019-12034
	REJECTED
CVE-2019-12033
	REJECTED
CVE-2019-12032
	REJECTED
CVE-2019-12031
	REJECTED
CVE-2019-12030
	REJECTED
CVE-2019-12029
	REJECTED
CVE-2019-12028
	REJECTED
CVE-2019-12027
	REJECTED
CVE-2019-12026
	REJECTED
CVE-2019-12025
	REJECTED
CVE-2019-12024
	REJECTED
CVE-2019-12023
	REJECTED
CVE-2019-12022
	REJECTED
CVE-2019-12021
	REJECTED
CVE-2019-12020
	REJECTED
CVE-2019-12019
	REJECTED
CVE-2019-12018
	REJECTED
CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB code, specif ...)
	NOT-FOR-US: MapR
CVE-2019-12016
	REJECTED
CVE-2019-12015
	REJECTED
CVE-2019-12014
	REJECTED
CVE-2019-12013
	REJECTED
CVE-2019-12012
	REJECTED
CVE-2019-12011
	REJECTED
CVE-2019-12010
	REJECTED
CVE-2019-12009
	REJECTED
CVE-2019-12008
	REJECTED
CVE-2019-12007
	REJECTED
CVE-2019-12006
	REJECTED
CVE-2019-12005
	REJECTED
CVE-2019-12004
	REJECTED
CVE-2019-12003
	REJECTED
CVE-2019-12002 (A remote session reuse vulnerability leading to access restriction byp ...)
	NOT-FOR-US: HPE
CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
	NOT-FOR-US: HPE
CVE-2019-12000
	RESERVED
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
	NOT-FOR-US: HPE
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
	NOT-FOR-US: HPE Superdome Flex Server
CVE-2019-11997 (A potential security vulnerability has been identified in HPE enhanced ...)
	NOT-FOR-US: HPE
CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...)
	NOT-FOR-US: HPE
CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...)
	NOT-FOR-US: HPE UIoT
CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
	NOT-FOR-US: HPE
CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
	NOT-FOR-US: HPE
CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 could b ...)
	NOT-FOR-US: HPE OneView for VMware vCenter
CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP)  ...)
	NOT-FOR-US: HPE 3PAR Service Processor
CVE-2019-11990 (Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1,  ...)
	NOT-FOR-US: HPE IceWall
CVE-2019-11989 (A security vulnerability in HPE IceWall SSO Agent Option and IceWall M ...)
	NOT-FOR-US: HPE IceWall
CVE-2019-11988 (A Remote Unauthorized Access vulnerability was identified in HPE Smart ...)
	NOT-FOR-US: HPE
CVE-2019-11987 (A security vulnerability in HPE Smart Update Manager (SUM) prior to v8 ...)
	NOT-FOR-US: HPE
CVE-2019-11986 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11985 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11984 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11983 (A remote buffer overflow vulnerability was identified in HPE Integrate ...)
	NOT-FOR-US: HPE
CVE-2019-11982 (A remote cross site scripting vulnerability was identified in HPE Inte ...)
	NOT-FOR-US: HPE
CVE-2019-11981
	REJECTED
CVE-2019-11980 (A remote code exection vulnerability was identified in HPE Intelligent ...)
	NOT-FOR-US: HPE
CVE-2019-11979 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11978 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11977 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11976 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11975 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11974 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11973 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11972 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11971 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11970 (A SQL injection code execution vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11969 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11968 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11967 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11966 (A remote privilege escalation vulnerability was identified in HPE Inte ...)
	NOT-FOR-US: HPE
CVE-2019-11965 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11964 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11963 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11962 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11961 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11960 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11959 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11958 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11957 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11956 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11955 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11954 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11953 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11952 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11951 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11950 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11949 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11948 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11947 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11946 (A remote credential disclosure vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-11945 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11944 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11943 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11942 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11941 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol, an une ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2019-11939 (Golang Facebook Thrift servers would not error upon receiving messages ...)
	- thrift <unfixed>
	NOTE: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...)
	TODO: check
CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...)
	NOT-FOR-US: mcrouter
	NOTE: https://github.com/facebook/mcrouter/releases
CVE-2019-11936 (Various APC functions accept keys containing null bytes as input, lead ...)
	- hhvm <removed>
CVE-2019-11935 (Insufficient boundary checks when processing a string in mb_ereg_repla ...)
	- hhvm <removed>
CVE-2019-11934 (Improper handling of close_notify alerts can result in an out-of-bound ...)
	NOT-FOR-US: Facebook folly
CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, a ...)
	NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...)
	NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...)
	NOT-FOR-US: WhatsApp
CVE-2019-11930 (An invalid free in mb_detect_order can cause the application to crash  ...)
	- hhvm <removed>
CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format  ...)
	- hhvm <removed>
CVE-2019-11928
	RESERVED
CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...)
	NOT-FOR-US: WhatsApp
CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG  ...)
	- hhvm <removed>
CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...)
	- hhvm <removed>
CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...)
	NOT-FOR-US: fizz
CVE-2019-11923 (In Mcrouter prior to v0.41.0, the deprecated ASCII parser would alloca ...)
	NOT-FOR-US: mcrouter
	NOTE: https://github.com/facebook/mcrouter/releases
CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...)
	- libzstd 1.3.8+dfsg-2
	[stretch] - libzstd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
CVE-2019-11921 (An out of bounds write is possible via a specially crafted packet in c ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2019-11920
	RESERVED
CVE-2019-11919
	RESERVED
CVE-2019-11918
	RESERVED
CVE-2019-11917
	RESERVED
CVE-2019-11916
	RESERVED
CVE-2019-11915
	RESERVED
CVE-2019-11914
	RESERVED
CVE-2019-11913
	RESERVED
CVE-2019-11912
	RESERVED
CVE-2019-11911
	RESERVED
CVE-2019-11910
	RESERVED
CVE-2019-11909
	RESERVED
CVE-2019-11908
	RESERVED
CVE-2019-11907
	RESERVED
CVE-2019-11906
	RESERVED
CVE-2019-11905
	RESERVED
CVE-2019-11904
	RESERVED
CVE-2019-11903
	RESERVED
CVE-2019-11902
	RESERVED
CVE-2019-11901
	RESERVED
CVE-2019-11900
	RESERVED
CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to sensiti ...)
	NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by reverse  ...)
	NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup &amp; ...)
	NOT-FOR-US: proSyst
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...)
	NOT-FOR-US: Bosch
CVE-2019-11895 (A potential improper access control vulnerability exists in the JSON-R ...)
	NOT-FOR-US: Bosch
CVE-2019-11894 (A potential improper access control vulnerability exists in the backup ...)
	NOT-FOR-US: Bosch
CVE-2019-11893 (A potential incorrect privilege assignment vulnerability exists in the ...)
	NOT-FOR-US: Bosch
CVE-2019-11892 (A potential improper access control vulnerability exists in the JSON-R ...)
	NOT-FOR-US: Bosch
CVE-2019-11891 (A potential incorrect privilege assignment vulnerability exists in the ...)
	NOT-FOR-US: Bosch
CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...)
	{DSA-4446-1 DLA-1790-1}
	- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
CVE-2019-11890 (Sony Bravia Smart TV devices allow remote attackers to cause a denial  ...)
	NOT-FOR-US: Sony Bravia Smart TV devices
CVE-2019-11889 (Sony BRAVIA Smart TV devices allow remote attackers to cause a denial  ...)
	NOT-FOR-US: Sony BRAVIA Smart TV devices
CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a nil en ...)
	- golang-1.12 <not-affected> (Only affects Go on Windows)
	- golang-1.11 <not-affected> (Only affects Go on Windows)
	NOTE: https://go-review.googlesource.com/c/go/+/176619
CVE-2019-11887 (SimplyBook.me through 2019-05-11 does not properly restrict File Uploa ...)
	NOT-FOR-US: SimplyBook.me
CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme ...)
	NOT-FOR-US: WaspThemes Visual CSS Style Editor plugin for WordPress
CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for ...)
	NOT-FOR-US: AMP for WP plugin for WordPress
CVE-2019-11885 (eyeDisk implements the unlock feature by sending a cleartext password. ...)
	NOT-FOR-US: eyeDisk
CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
	NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
CVE-2019-11883
	RESERVED
CVE-2019-11882
	RESERVED
CVE-2019-11881 (A vulnerability exists in Rancher 2.1.4 in the login component, where  ...)
	NOT-FOR-US: Rancher
CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is  ...)
	NOT-FOR-US: CommSy
CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...)
	NOT-FOR-US: Non issue in webrick gem
CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...)
	NOT-FOR-US: XiongMai Besder IP20H1 cameras
CVE-2019-11877 (XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRou ...)
	NOT-FOR-US: PIX-Link Repeater/Router LV-WR09
CVE-2019-11876 (In PrestaShop 1.7.5.2, the shop_country parameter in the install/index ...)
	NOT-FOR-US: PrestaShop
CVE-2019-11875 (In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0. ...)
	NOT-FOR-US: Blue Prism Robotic Process Automation
CVE-2019-11874
	RESERVED
CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...)
	- wolfssl 4.1.0+dfsg-1 (bug #929468)
CVE-2019-11872 (The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnera ...)
	NOT-FOR-US: Hustle (aka wordpress-popup) plugin for WordPress
CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for  ...)
	NOT-FOR-US: Custom Field Suite plugin for WordPress
CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in t ...)
	- serendipity <removed>
CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...)
	NOT-FOR-US: WordPress plugin yuzo-related-post
CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or  ...)
	NOT-FOR-US: SoftEther VPN Server
CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...)
	NOT-FOR-US: Realtek NDIS driver rt640x64.sys
CVE-2019-11866
	RESERVED
CVE-2019-11865
	RESERVED
CVE-2019-11864
	RESERVED
CVE-2019-11863
	RESERVED
CVE-2019-11862
	RESERVED
CVE-2019-11861
	RESERVED
CVE-2019-11860
	RESERVED
CVE-2019-11859
	RESERVED
CVE-2019-11858
	RESERVED
CVE-2019-11857
	RESERVED
CVE-2019-11856
	RESERVED
CVE-2019-11855
	RESERVED
CVE-2019-11854
	RESERVED
CVE-2019-11853
	RESERVED
CVE-2019-11852
	RESERVED
CVE-2019-11851
	RESERVED
CVE-2019-11850
	RESERVED
CVE-2019-11849
	RESERVED
CVE-2019-11848
	RESERVED
CVE-2019-11847
	RESERVED
CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...)
	NOT-FOR-US: Typesetter CMS
CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...)
	NOT-FOR-US: dotCMS
CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
	NOT-FOR-US: RICOH
CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
	NOT-FOR-US: RICOH
CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...)
	NOT-FOR-US: MailPoet plugin for WordPress
CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
	{DLA-1920-1}
	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
	NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
	NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
	NOTE: but not the first ("ignores the value of [the Hash] header"), as hinted at reporter's 2019-05-09 note:
	NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
	{DLA-1840-1}
	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
	NOTE: https://github.com/golang/go/issues/30965
	NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
	NOTE: https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
CVE-2019-11839 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
	NOT-FOR-US: njs
CVE-2019-11838 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in  ...)
	NOT-FOR-US: njs
CVE-2019-11837 (njs through 0.3.1, used in NGINX, has a segmentation fault in String.p ...)
	NOT-FOR-US: njs
CVE-2019-11836 (The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android ...)
	NOT-FOR-US: Rediffmail
CVE-2019-11842 (An issue was discovered in Matrix Sydent before 1.0.3 and Synapse befo ...)
	- matrix-synapse 0.99.2-5
	NOTE: https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/
CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to multiline  ...)
	- cjson 1.7.10-1.1 (bug #928726)
	NOTE: https://github.com/DaveGamble/cJSON/issues/338
CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a  ...)
	- cjson 1.7.10-1.1 (bug #928726)
	NOTE: https://github.com/DaveGamble/cJSON/issues/337
CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out  ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
	NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
	NOT-FOR-US: TYPO3
CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...)
	{DSA-4445-1 DLA-1797-1}
	- drupal7 <removed> (bug #928688)
	NOTE: https://www.drupal.org/SA-CORE-2019-007
CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...)
	NOT-FOR-US: phar-stream-wrapper
CVE-2019-11829 (OS command injection vulnerability in drivers_syno_import_user.php in  ...)
	NOT-FOR-US: Synology
CVE-2019-11828 (Cross-site scripting (XSS) vulnerability in Chart in Synology Office b ...)
	NOT-FOR-US: Synology
CVE-2019-11827 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in  ...)
	NOT-FOR-US: Synology
CVE-2019-11826 (Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in ...)
	NOT-FOR-US: Synology
CVE-2019-11825 (Cross-site scripting (XSS) vulnerability in Event Editor in Synology C ...)
	NOT-FOR-US: Synology
CVE-2019-11824
	RESERVED
CVE-2019-11823 (CRLF injection vulnerability in Network Center in Synology Router Mana ...)
	NOT-FOR-US: Synology
CVE-2019-11822 (Relative path traversal vulnerability in SYNO.PhotoStation.File in Syn ...)
	NOT-FOR-US: Synology
CVE-2019-11821 (SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Pho ...)
	NOT-FOR-US: Synology
CVE-2019-11820 (Information exposure through process environment vulnerability in Syno ...)
	NOT-FOR-US: Synology Calendar
CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross site sc ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2019-11817
	RESERVED
CVE-2019-11816 (Incorrect access control in the WebUI in OPNsense before version 19.1. ...)
	NOT-FOR-US: OPNsense
CVE-2019-11814 (An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.1 ...)
	NOT-FOR-US: MISP
CVE-2019-11813 (An issue was discovered in app/View/Elements/Events/View/value_field.c ...)
	NOT-FOR-US: MISP
CVE-2019-11812 (A persistent XSS issue was discovered in app/View/Helper/CommandHelper ...)
	NOT-FOR-US: MISP
CVE-2019-11815 (An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the L ...)
	{DSA-4465-1 DLA-1824-1}
	- linux 4.19.37-1 (bug #928989)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63
CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. There is a u ...)
	- linux 4.19.37-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/401e7e88d4ef80188ffa07095ac00456f901b8c4
CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL point ...)
	{DLA-1823-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	NOTE: Fixed by: https://git.kernel.org/linus/bcf3b67d16a4c8ffae0aa79de5853435e683945c
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...)
	NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
	NOT-FOR-US: Ratpack
CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...)
	NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress
CVE-2019-11806 (OX App Suite 7.10.1 and earlier has Insecure Permissions. ...)
	NOT-FOR-US: OX App Suite
CVE-2019-11805
	RESERVED
CVE-2019-11804
	RESERVED
CVE-2019-11803
	RESERVED
CVE-2019-11802
	RESERVED
CVE-2019-11801
	RESERVED
CVE-2019-11800
	RESERVED
CVE-2019-11799
	RESERVED
CVE-2019-11798
	RESERVED
CVE-2019-11797
	RESERVED
CVE-2019-11796
	RESERVED
CVE-2019-11795
	RESERVED
CVE-2019-11794
	RESERVED
CVE-2019-11793
	RESERVED
CVE-2019-11792
	RESERVED
CVE-2019-11791
	RESERVED
CVE-2019-11790
	RESERVED
CVE-2019-11789
	RESERVED
CVE-2019-11788
	RESERVED
CVE-2019-11787
	RESERVED
CVE-2019-11786
	RESERVED
CVE-2019-11785
	RESERVED
CVE-2019-11784
	RESERVED
CVE-2019-11783
	RESERVED
CVE-2019-11782
	RESERVED
CVE-2019-11781
	RESERVED
CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
	NOT-FOR-US: Odoo
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
	{DSA-4570-1 DLA-1972-1}
	- mosquitto 1.6.6-1 (bug #940654)
	[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
	NOTE: https://github.com/eclipse/mosquitto/issues/1412
	NOTE: Introduced by: https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566 (v1.5)
	NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6)
	NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9)
	NOTE: https://mosquitto.org/blog/2019/09/version-1-6-6-released/
	NOTE: The issue manifests in versions 1.5.0 and onwards only, because some structs
	NOTE: increased in size enough to cause the stack overflow vulnerability for excessive
	NOTE: topic hierarchies. In earlier versions, the maximum possible hierarchy depth of
	NOTE: 65535 wouldn't cause a stack overflow.
CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ...)
	- mosquitto 1.6.6-1
	[buster] - mosquitto <not-affected> (Session expiry interval support introduced in 1.6)
	[stretch] - mosquitto <not-affected> (Session expiry interval support introduced in 1.6)
	[jessie] - mosquitto <not-affected> (Session expiry interval support introduced in 1.6)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162
	NOTE: https://github.com/eclipse/mosquitto/issues/1401
	NOTE: https://github.com/eclipse/mosquitto/commit/8407c6d146d1e8299127737d9735afc782e04ea8
	NOTE: https://github.com/eclipse/mosquitto/commit/6f3e7b9ceb43e2626a32340c26b69ac8ae5e9c8c
	NOTE: https://mosquitto.org/blog/2019/09/version-1-6-6-released/
CVE-2019-11777 (In the Eclipse Paho Java client library version 1.2.0, when connecting ...)
	NOT-FOR-US: Eclipse Paho Java client
CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflecte ...)
	NOT-FOR-US: Eclipse BIRT
CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11774 (Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop v ...)
	NOT-FOR-US: Eclipe OMR
CVE-2019-11773 (Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which ma ...)
	NOT-FOR-US: Eclipe OMR
CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files indicate ...)
	NOT-FOR-US: Eclipse Buildship
CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the product  ...)
	NOT-FOR-US: TeamViewer
CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability  ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #930048)
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86
	NOTE: Code in earlier versions in js/pmd/move.js.
CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...)
	- phpbb3 <removed>
	[jessie] - phpbb3 <postponed> (Minor issue, solution/workaround is to disable the remote avatar function)
	NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941
CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over ...)
	- dhcpcd5 7.1.0-2 (bug #928440)
	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present; D6_OPTION_PD_EXCLUDE support added later)
	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
CVE-2019-11765 (A compromised content process could send a message to the parent proce ...)
	- firefox 70.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
CVE-2019-11764 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
CVE-2019-11763 (Failure to correctly handle null bytes when processing HTML entities r ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
CVE-2019-11762 (If two same-origin documents set document.domain differently to become ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
CVE-2019-11761 (By using a form with a data URI it was possible to gain access to the  ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
CVE-2019-11760 (A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
CVE-2019-11759 (An attacker could have caused 4 bytes of HMAC output to be written pas ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759
CVE-2019-11758 (Mozilla community member Philipp reported a memory safety bug present  ...)
	- firefox-esr <not-affected> (Only an issue in combination with 360 Total Security)
	- thunderbird <not-affected> (Only an issue in combination with 360 Total Security)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
CVE-2019-11757 (When following the value's prototype chain, it was possible to retain  ...)
	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
	- firefox 70.0-1
	- firefox-esr 68.2.0esr-1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
CVE-2019-11756 (Improper refcounting of soft token session objects could cause a use-a ...)
	- firefox 71.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756
CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
	{DSA-4571-1 DLA-1997-1}
	[experimental] - thunderbird 1:68.1.1-1~exp1
	- thunderbird 1:68.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-32/#CVE-2019-11755
CVE-2019-11754 (When the pointer lock is enabled by a website though requestPointerLoc ...)
	- firefox 69.0.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/#CVE-2019-11754
CVE-2019-11753 (The Firefox installer allows Firefox to be installed to a custom user  ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11753
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11753
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11753
CVE-2019-11752 (It is possible to delete an IndexedDB key value and subsequently try t ...)
	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11742
CVE-2019-11751 (Logging-related command line parameters are not properly sanitized whe ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11751
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11751
CVE-2019-11750 (A type confusion vulnerability exists in Spidermonkey, which results i ...)
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	[buster] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[stretch] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[jessie] - firefox-esr <not-affected> (Doesn't affect ESR60)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11750
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11750
CVE-2019-11749 (A vulnerability exists in WebRTC where malicious web content can use p ...)
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	[buster] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[stretch] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[jessie] - firefox-esr <not-affected> (Doesn't affect ESR60)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11749
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11749
CVE-2019-11748 (WebRTC in Firefox will honor persisted permissions given to sites for  ...)
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	[buster] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[stretch] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[jessie] - firefox-esr <not-affected> (Doesn't affect ESR60)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11748
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11748
CVE-2019-11747 (The "Forget about this site" feature in the History pane is intended t ...)
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	[buster] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[stretch] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[jessie] - firefox-esr <not-affected> (Doesn't affect ESR60)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11747
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating video elem ...)
	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11746
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...)
	{DSA-4579-1 DLA-2008-1}
	- nss 2:3.47.1-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
	NOTE: https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
	NOTE: Fixed in 3.44.3 and 3.47.1 upstream.
CVE-2019-11744 (Some HTML elements, such as &amp;lt;title&amp;gt; and &amp;lt;textarea ...)
	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11744
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11744
CVE-2019-11743 (Navigation events were not fully adhering to the W3C's "Navigation-Tim ...)
	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11743
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
CVE-2019-11742 (A same-origin policy violation occurs allowing the theft of cross-orig ...)
	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11742
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11742
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11742
CVE-2019-11741 (A compromised sandboxed content process can perform a Universal Cross- ...)
	- firefox 69.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
CVE-2019-11740 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11740
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11740
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11740
CVE-2019-11739 (Encrypted S/MIME parts in a crafted multipart/alternative message can  ...)
	{DSA-4523-1 DLA-1926-1}
	- thunderbird 1:60.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739
CVE-2019-11738 (If a Content Security Policy (CSP) directive is defined that uses a ha ...)
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	[buster] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[stretch] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[jessie] - firefox-esr <not-affected> (Doesn't affect ESR60)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11738
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11738
CVE-2019-11737 (If a wildcard ('*') is specified for the host in Content Security Poli ...)
	- firefox 69.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11737
CVE-2019-11736 (The Mozilla Maintenance Service does not guard against files being har ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11736
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11736
CVE-2019-11735 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	[buster] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[stretch] - firefox-esr <not-affected> (Doesn't affect ESR60)
	[jessie] - firefox-esr <not-affected> (Doesn't affect ESR60)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11735
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11735
CVE-2019-11734 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 69.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11734
CVE-2019-11733 (When a master password is set, it is required to be entered again befo ...)
	- firefox 68.0.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
CVE-2019-11732
	RESERVED
CVE-2019-11731
	RESERVED
CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTML file ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...)
	{DLA-1857-1}
	- firefox 68.0-1 (unimportant)
	- firefox-esr 60.8.0esr-1 (unimportant)
	[buster] - firefox-esr 60.8.0esr-1~deb10u1
	[stretch] - firefox-esr 60.8.0esr-1~deb9u1
	- thunderbird 1:60.8.0-1 (unimportant)
	[buster] - thunderbird 1:60.8.0-1~deb10u1
	[stretch] - thunderbird 1:60.8.0-1~deb9u1
	- nss 2:3.45-1
	[buster] - nss 2:3.42.1-1+deb10u1
	[stretch] - nss <no-dsa> (Minor issue)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729
	NOTE: https://hg.mozilla.org/projects/nss/rev/dabfe1160c682b4d1d19c5a7a13ab3828bb9d37f
	NOTE: https://hg.mozilla.org/projects/nss/rev/ebc93d6daeaa9001d31fd18b5199779da99ae9aa
	NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue
	NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to
	NOTE: src:nss is needed as firefox-esr uses the system library.
CVE-2019-11728 (The HTTP Alternative Services header, Alt-Svc, can be used by a malici ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11728
CVE-2019-11727 (A vulnerability exists where it possible to force Network Security Ser ...)
	- firefox 68.0-1 (unimportant)
	- nss 2:3.45-1
	[buster] - nss 2:3.42.1-1+deb10u1
	[stretch] - nss <no-dsa> (Minor issue)
	[jessie] - nss <ignored> (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
	NOTE: https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2
	NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue
	NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to
	NOTE: src:nss is needed as firefox-esr uses the system library.
CVE-2019-11726
	RESERVED
CVE-2019-11725 (When a user navigates to site marked as unsafe by the Safebrowsing API ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11725
CVE-2019-11724 (Application permissions give additional remote troubleshooting permiss ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11724
CVE-2019-11723 (A vulnerability exists during the installation of add-ons where the in ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11723
CVE-2019-11722
	REJECTED
CVE-2019-11721 (The unicode latin 'kra' character can be used to spoof a standard 'k'  ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11721
CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace during t ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with leading 0 ...)
	{DLA-1857-1}
	- firefox 68.0-1 (unimportant)
	- firefox-esr 60.8.0esr-1 (unimportant)
	[buster] - firefox-esr 60.8.0esr-1~deb10u1
	[stretch] - firefox-esr 60.8.0esr-1~deb9u1
	- thunderbird 1:60.8.0-1 (unimportant)
	[buster] - thunderbird 1:60.8.0-1~deb10u1
	[stretch] - thunderbird 1:60.8.0-1~deb9u1
	- nss 2:3.45-1
	[buster] - nss 2:3.42.1-1+deb10u1
	[stretch] - nss <no-dsa> (Minor issue)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719
	NOTE: https://hg.mozilla.org/projects/nss/rev/6cfb54d262d030783137aa6478b45ecb3cbfc624
	NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue
	NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to
	NOTE: src:nss is needed as firefox-esr uses the system library.
CVE-2019-11718 (Activity Stream can display content from sent from the Snippet Service ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718
CVE-2019-11717 (A vulnerability exists where the caret ("^") character is improperly e ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11717
CVE-2019-11716 (Until explicitly accessed by script, window.globalThis is not enumerab ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716
CVE-2019-11715 (Due to an error while parsing page content, it is possible for properl ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11715
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11715
CVE-2019-11714 (Necko can access a child on the wrong thread during UDP connections, r ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714
CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11713
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713
CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive a sta ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11712
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712
CVE-2019-11711 (When an inner window is reused, it does not consider the use of docume ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11711
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11711
CVE-2019-11710 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 68.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710
CVE-2019-11709 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11709
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11709
CVE-2019-11708 (Insufficient vetting of parameters passed with the Prompt:Open IPC mes ...)
	{DSA-4474-1 DSA-4471-1 DLA-1836-1}
	- firefox 67.0.4-1
	- firefox-esr 60.7.2esr-1
	- thunderbird 1:60.7.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11708
CVE-2019-11707 (A type confusion vulnerability can occur when manipulating JavaScript  ...)
	{DSA-4471-1 DSA-4466-1 DLA-1836-1 DLA-1829-1}
	- firefox 67.0.3-1
	- firefox-esr 60.7.1esr-1
	- thunderbird 1:60.7.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11707
CVE-2019-11706 (A flaw in Thunderbird's implementation of iCal causes a type confusion ...)
	{DSA-4464-1 DLA-1820-1}
	- thunderbird 1:60.7.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/4
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11706
CVE-2019-11705 (A flaw in Thunderbird's implementation of iCal causes a stack buffer o ...)
	{DSA-4464-1 DLA-1820-1}
	- thunderbird 1:60.7.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/3
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11705
CVE-2019-11704 (A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...)
	{DSA-4464-1 DLA-1820-1}
	- thunderbird 1:60.7.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11704
CVE-2019-11703 (A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...)
	{DSA-4464-1 DLA-1820-1}
	- thunderbird 1:60.7.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/2
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11703
CVE-2019-11702 (A hyperlink using protocols associated with Internet Explorer, such as ...)
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702
CVE-2019-11701 (The default webcal: protocol handler will load a web site vulnerable t ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701
CVE-2019-11700 (A hyperlink using the res: protocol can be used to open local files at ...)
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11700
CVE-2019-11699 (A malicious page can briefly cause the wrong name to be highlighted as ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699
CVE-2019-11698 (If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
CVE-2019-11697 (If the ALT and "a" keys are pressed when users receive an extension in ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697
CVE-2019-11696 (Files with the .JNLP extension used for "Java web start" applications  ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696
CVE-2019-11695 (A custom cursor defined by scripting on a site can position itself ove ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695
CVE-2019-11694 (A vulnerability exists in the Windows sandbox where an uninitialized v ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
CVE-2019-11693 (The bufferdata function in WebGL is vulnerable to a buffer overflow wi ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
CVE-2019-11692 (A use-after-free vulnerability can occur when listeners are removed fr ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
CVE-2019-11691 (A use-after-free vulnerability can occur when working with XMLHttpRequ ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...)
	- u-boot 2019.01+dfsg-6 (low; bug #928557)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <ignored> (Minor issue)
	NOTE: https://patchwork.ozlabs.org/patch/1092945
CVE-2019-11689 (An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. Whe ...)
	NOT-FOR-US: ASUSTOR
CVE-2019-11688 (An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. Whe ...)
	NOT-FOR-US: ASUSTOR
CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in the NEMA D ...)
	NOT-FOR-US: DICOM
CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnera ...)
	NOT-FOR-US: Western Digital
CVE-2019-11685
	RESERVED
CVE-2019-11684
	RESERVED
CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel  ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
CVE-2019-11682 (A buffer overflow in the SMTP response service in MailCarrier 2.51 all ...)
	NOT-FOR-US: MailCarrier
CVE-2019-11681
	RESERVED
CVE-2019-11680 (KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a ...)
	NOT-FOR-US: KonaKart
CVE-2019-11679
	RESERVED
CVE-2019-11678 (The "default reports" feature in Zoho ManageEngine Firewall Analyzer b ...)
	NOT-FOR-US: Zoho ManageEngine Firewall Analyzer
CVE-2019-11677 (The Custom Report import function in Zoho ManageEngine Firewall Analyz ...)
	NOT-FOR-US: Zoho ManageEngine Firewall Analyzer
CVE-2019-11676 (The user defined DNS name in Zoho ManageEngine Firewall Analyzer befor ...)
	NOT-FOR-US: Zoho ManageEngine Firewall Analyzer
CVE-2017-18374 (The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 rou ...)
	NOT-FOR-US: ZyXEL
CVE-2017-18373 (The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed ...)
	NOT-FOR-US: Billion 5200W-T TCLinux router
CVE-2017-18372 (The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed ...)
	NOT-FOR-US: Billion 5200W-T TCLinux router
CVE-2017-18371 (The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by Tru ...)
	NOT-FOR-US: ZyXEL
CVE-2017-18370 (The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by Tru ...)
	NOT-FOR-US: ZyXEL
CVE-2017-18369 (The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline ha ...)
	NOT-FOR-US: Billion 5200W-T router
CVE-2017-18368 (The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 rou ...)
	NOT-FOR-US: ZyXEL
CVE-2019-11674 (Man-in-the-middle vulnerability in Micro Focus Self Service Password R ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11673
	RESERVED
CVE-2019-11672
	RESERVED
CVE-2019-11671
	RESERVED
CVE-2019-11670
	RESERVED
CVE-2019-11669 (Modifiable read only check box In Micro Focus Service Manager, version ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11668 (HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11667 (Unauthorized access to contact information in Micro Focus Service Mana ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11666 (Insecure deserialization of untrusted data in Micro Focus Service Mana ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11665 (Data exposure in Micro Focus Service Manager product versions 9.30, 9. ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11664 (Clear text password in browser in Micro Focus Service Manager product  ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11663 (Clear text credentials are used to access managers app in Tomcat in Mi ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11662 (Class and method names in error message in Micro Focus Service Manager ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11661 (Allow changes to some table by non-SysAdmin in Micro Focus Service Man ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11660 (Privileges manipulation in Micro Focus Data Protector, versions 10.00, ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11659
	RESERVED
CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11657 (Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight L ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11656 (Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versi ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11655 (Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11654 (Path traversal vulnerability in Micro Focus Verastream Host Integrator ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions  ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11651 (Reflected XSS on Micro Focus Enterprise Developer and Enterprise Serve ...)
	NOT-FOR-US: Micro Focus
CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...)
	NOT-FOR-US: NetIQ Advanced Authentication Framework
CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify Software Sec ...)
	NOT-FOR-US: Micro Focus Fortify software security center server
CVE-2019-11648 (An information leakage exists in Micro Focus NetIQ Self Service Passwo ...)
	NOT-FOR-US: Micro Focus NetIQ
CVE-2019-11647 (A potential XSS exists in Self Service Password Reset, in Micro Focus  ...)
	NOT-FOR-US: Micro Focus NetIQ
CVE-2019-11646 (Remote unauthorized command execution and unauthorized disclosure of i ...)
	NOT-FOR-US: Micro Focus Service Manager
CVE-2019-11645
	RESERVED
CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ...)
	- groonga 9.0.1-2 (bug #928304)
	[buster] - groonga 9.0.0-1+deb10u1
	[stretch] - groonga 6.1.5-1+deb9u1
CVE-2019-11644 (In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F- ...)
	NOT-FOR-US: F-Secure
CVE-2019-11643 (Persistent XSS has been found in the OneShield Policy (Dragon Core) fr ...)
	NOT-FOR-US: OneShield Policy (Dragon Core) framework
CVE-2019-11642 (A log poisoning vulnerability has been discovered in the OneShield Pol ...)
	NOT-FOR-US: OneShield Policy (Dragon Core) framework
CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerpri ...)
	NOT-FOR-US: Anomali Agave
CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-11639 (An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-11638 (An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-11637 (An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-11636 (Zcash 2.x allows an inexpensive approach to "fill all transactions of  ...)
	- zcash <itp> (bug #842388)
CVE-2019-11635
	RESERVED
CVE-2019-11634 (Citrix Workspace App before 1904 for Windows has Incorrect Access Cont ...)
	NOT-FOR-US: Citrix Workspace App
CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...)
	NOT-FOR-US: HoneyPress
CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
	NOT-FOR-US: Octopus Deploy
CVE-2015-9287 (Directory Traversal was discovered in University of Cambridge mod_ucam ...)
	NOT-FOR-US: mod_ucam_webauth
CVE-2019-11631
	REJECTED
CVE-2019-11630
	RESERVED
CVE-2019-11629 (Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-11628 (An issue was discovered in QlikView Server before 11.20 SR19, 12.00 an ...)
	NOT-FOR-US: Qlik products
CVE-2019-11626 (routers/ajaxRouter.php in doorGets 7.0 has a web site physical path le ...)
	NOT-FOR-US: doorGets
CVE-2019-11625 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
	NOT-FOR-US: doorGets
CVE-2019-11624 (doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets ...)
	NOT-FOR-US: doorGets
CVE-2019-11623 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
	NOT-FOR-US: doorGets
CVE-2019-11622 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
	NOT-FOR-US: doorGets
CVE-2019-11621 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
	NOT-FOR-US: doorGets
CVE-2019-11620 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
	NOT-FOR-US: doorGets
CVE-2019-11619 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...)
	NOT-FOR-US: doorGets
CVE-2019-11618 (doorGets 7.0 has a default administrator credential vulnerability. A r ...)
	NOT-FOR-US: doorGets
CVE-2019-11617 (doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/c ...)
	NOT-FOR-US: doorGets
CVE-2019-11616 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11615 (/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload v ...)
	NOT-FOR-US: doorGets
CVE-2019-11614 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ ...)
	NOT-FOR-US: doorGets
CVE-2019-11613 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ ...)
	NOT-FOR-US: doorGets
CVE-2019-11612 (doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/ ...)
	NOT-FOR-US: doorGets
CVE-2019-11611 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11610 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11609 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11608 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11607 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11606 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...)
	NOT-FOR-US: doorGets
CVE-2019-11605 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.8.10+dfsg-1
	NOTE: https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/
CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...)
	NOT-FOR-US: Quest KACE Systems Management Appliance
CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...)
	NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11602 (Leakage of stack traces in remote access to backup &amp; restore in ea ...)
	NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11601 (A directory traversal vulnerability in remote access to backup &amp; r ...)
	NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...)
	NOT-FOR-US: OpenProject
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
	- node-tar-fs <itp> (bug #897023)
CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding  ...)
	- node-tar 4.4.4+ds1-2
	[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support, minor issue)
	[jessie] - node-tar <end-of-life> (Nodejs in jessie not covered by security support, minor issue)
	NOTE: https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8
	NOTE: https://hackerone.com/reports/344595
CVE-2018-20833
	RESERVED
CVE-2018-20832
	RESERVED
CVE-2018-20831
	RESERVED
CVE-2018-20830
	RESERVED
CVE-2018-20829
	RESERVED
CVE-2018-20828
	RESERVED
CVE-2018-20827 (The activity stream gadget in Jira before version 7.13.1 allows remote ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-20826 (The inline-create rest resource in Jira before version 7.12.3 allows a ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-20825
	RESERVED
CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 allows rem ...)
	NOT-FOR-US: Atlassian
CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 ha ...)
	NOT-FOR-US: NodeBB
CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...)
	{DLA-1773-1}
	- signing-party 2.10-1 (bug #928256)
	[stretch] - signing-party 2.5-1+deb9u1
	NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...)
	{DSA-4465-1 DLA-1824-1 DLA-1799-1}
	- linux 4.19.37-1
	NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4712-1 DLA-1785-1}
	- imagemagick <unfixed> (bug #928206)
	[stretch] - imagemagick <postponed> (Fix along in next DSA)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77
	NOTE: patch introduces new (potentially security relevant) bugs, see:
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540#issuecomment-491504100
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4712-1 DLA-1785-1}
	- imagemagick <unfixed> (bug #928207)
	[stretch] - imagemagick <postponed> (Fix along in next DSA)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7
	NOTE: fix appears to be insufficient: https://github.com/ImageMagick/ImageMagick/issues/1560
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
	NOTE: The followup-fix got assigned CVE-2019-15141 (which is only applicable if incomplete
	NOTE: fix is applied). Make sure to fix issue completely when addressing this issue.
CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found in th ...)
	- memcached 1.5.6-1.1 (bug #928205)
	[stretch] - memcached <not-affected> (Vulnerable code introduced later)
	[jessie] - memcached <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
	NOTE: https://github.com/memcached/memcached/issues/474
CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...)
	NOT-FOR-US: uBlock
CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...)
	NOT-FOR-US: AdBlock
CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...)
	NOT-FOR-US: AdBlock Plus
CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2019-11589 (The ChangeSharedFilterOwner resource in Jira before version 7.13.6, fr ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11588 (The ViewSystemInfo class doGarbageCollection method in Jira before ver ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11587 (Various exposed resources of the ViewLogging class in Jira before vers ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11586 (The AddResolution.jspa resource in Jira before version 7.13.6, from ve ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11585 (The startup.jsp resource in Jira before version 7.13.6, from version 8 ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11584 (The MigratePriorityScheme resource in Jira before version 8.3.2 allows ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 allows remo ...)
	NOT-FOR-US: issue searching component in Jira
CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2019-11581 (There was a server-side template injection vulnerability in Jira Serve ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall development p ...)
	NOT-FOR-US: Atlassian Crowd and Crowd Data Center
CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
	NOT-FOR-US: esoTalk
CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...)
	NOT-FOR-US: WordPress plugin contact-form-maker
CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...)
	NOT-FOR-US: WordPress plugin form-maker
CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp ...)
	- dhcpcd5 7.1.0-2 (bug #928105)
	[stretch] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...)
	{DLA-1793-1}
	- dhcpcd5 7.1.0-2 (low; bug #928104)
	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8
CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by pe ...)
	- dhcpcd5 7.1.0-2 (low; bug #928056)
	[stretch] - dhcpcd5 <no-dsa> (Minor issue)
	[jessie] - dhcpcd5 <not-affected> (Authentication code added in later versions)
	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233
	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da
	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e
CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user accounts that have completed 2F ...)
	- gitea <removed>
CVE-2019-11575
	RESERVED
CVE-2019-11574 (An issue was discovered in Simple Machines Forum (SMF) before release  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2019-11573
	RESERVED
CVE-2019-11572
	RESERVED
CVE-2019-11571
	RESERVED
CVE-2019-11570
	RESERVED
CVE-2019-11569 (Veeam ONE Reporter 9.5.0.3201 allows CSRF. ...)
	NOT-FOR-US: Veeam ONE Reporter
CVE-2019-11568 (An issue was discovered in AikCms v2.0. There is a File upload vulnera ...)
	NOT-FOR-US: AikCms
CVE-2019-11567 (An issue was discovered in AikCms v2.0. There is a SQL Injection vulne ...)
	NOT-FOR-US: AikCms
CVE-2019-11566
	RESERVED
CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog plugin  ...)
	NOT-FOR-US: Print My Blog plugin for WordPress
CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...)
	NOT-FOR-US: HumHub
CVE-2019-11563
	REJECTED
CVE-2019-11562
	RESERVED
CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...)
	NOT-FOR-US: Chuango
CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
	NOT-FOR-US: hisilicon
CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...)
	NOT-FOR-US: HRworks
CVE-2019-11558
	RESERVED
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress  ...)
	NOT-FOR-US: WebDorado Contact Form Builder plugi for WordPress
CVE-2019-11556
	RESERVED
CVE-2019-11554 (The Audible application through 2.34.0 for Android has Missing SSL Cer ...)
	NOT-FOR-US: Audible application for Android
CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...)
	NOT-FOR-US: Code42 for Enterprise
CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7  ...)
	NOT-FOR-US: Code42
CVE-2019-11551 (In Code42 Enterprise and Crashplan for Small Business through Client v ...)
	NOT-FOR-US: Code42 Enterprise and Crashplan for Small Business
CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before  ...)
	NOT-FOR-US: Citrix
CVE-2019-11549 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...)
	- gitlab 11.8.9+dfsg-1 (bug #928221)
	NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11548 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.8.9+dfsg-1 (bug #928221)
	NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11547 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.8.9+dfsg-1 (bug #928221)
	NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11546 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.8.9+dfsg-1 (bug #928221)
	NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11545 (An issue was discovered in GitLab Community Edition 11.9.x before 11.9 ...)
	- gitlab <not-affected> (Vulnerable code introduced in 11.9)
	NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11544 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
	- gitlab 11.8.9+dfsg-1 (bug #928221)
	NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11542 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11541 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11540 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11539 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...)
	NOT-FOR-US: osTicket
CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...)
	NOT-FOR-US: Kalki Kalkitech
CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi extender  ...)
	NOT-FOR-US: Linksys
CVE-2019-11534
	RESERVED
CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 a ...)
	NOT-FOR-US: ProjectSend
CVE-2019-11532
	RESERVED
CVE-2019-11531
	RESERVED
CVE-2019-11530
	RESERVED
CVE-2019-11529
	RESERVED
CVE-2019-11528 (An issue was discovered in Softing uaGate SI 1.60.01. A system default ...)
	NOT-FOR-US: Softing uaGate
CVE-2019-11527 (An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is  ...)
	NOT-FOR-US: Softing uaGate
CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A maintenance sc ...)
	NOT-FOR-US: Softing uaGate
CVE-2019-11525
	RESERVED
CVE-2019-11524
	RESERVED
CVE-2019-11523 (Anviz Global M3 Outdoor RFID Access Control executes any command recei ...)
	NOT-FOR-US: Anviz Global M3 Outdoor RFID Access Control
CVE-2019-11522 (OX App Suite 7.10.0 to 7.10.2 allows XSS. ...)
	NOT-FOR-US: OX App Suite
CVE-2019-11521 (OX App Suite 7.10.1 allows Content Spoofing. ...)
	NOT-FOR-US: OX App Suite
CVE-2019-11520
	RESERVED
CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in nopComme ...)
	NOT-FOR-US: nopCommerce
CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] ...)
	NOT-FOR-US: SEMCMS
CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...)
	NOT-FOR-US: WampServer
CVE-2019-11516 (An issue was discovered in the Bluetooth component of the Cypress (for ...)
	NOT-FOR-US: Cypress
CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
	NOT-FOR-US: Xiaomi Mi 5s devices
CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...)
	NOT-FOR-US: Gila CMS
CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mis ...)
	NOT-FOR-US: Flarum
CVE-2019-11513 (The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS v ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-11512 (Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7 ...)
	NOT-FOR-US: Contao
CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 be ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11509 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9. ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...)
	{DLA-1795-1}
	- graphicsmagick 1.4~hg15968-1
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/
CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...)
	{DLA-1795-1}
	- graphicsmagick 1.4~hg15968-1
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/
CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
	NOT-FOR-US: Zotonic
CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...)
	- snapd 2.40-1 (low; bug #928052)
	[buster] - snapd <no-dsa> (Minor issue)
	[stretch] - snapd <no-dsa> (Minor issue)
	NOTE: https://github.com/snapcore/snapd/pull/6642
CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...)
	- snapd 2.40-1 (low; bug #928052)
	[buster] - snapd <no-dsa> (Minor issue)
	[stretch] - snapd <no-dsa> (Minor issue)
	NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
	- golang-github-seccomp-libseccomp-golang 0.9.0-2 (bug #927981)
	NOTE: https://github.com/seccomp/libseccomp-golang/issues/22
	NOTE: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
CVE-2019-11501
	RESERVED
CVE-2019-11500 (In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ...)
	{DSA-4510-1 DLA-1901-1}
	- dovecot 1:2.3.7.2-1 (bug #936014)
	NOTE: https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
	NOTE: core: https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b
	NOTE: core: https://github.com/dovecot/core/commit/f904cbdfec25582bc5e2a7435bf82ff769f2526a
	NOTE: pigeonhole: https://github.com/dovecot/pigeonhole/commit/7ce9990a5e6ba59e89b7fe1c07f574279aed922c
	NOTE: pigeonhole: https://github.com/dovecot/pigeonhole/commit/4a299840cdb51f61f8d1ebc0210b19c40dfbc1cc
CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
	- dovecot 1:2.3.4.1-5 (bug #928235)
	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
	NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html
CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...)
	- wavpack 5.1.0-6 (low; bug #927903)
	[stretch] - wavpack <no-dsa> (Minor issue)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/issues/67
	NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
CVE-2019-11497 (In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate  ...)
	NOT-FOR-US: Couchbase
CVE-2019-11496 (In versions of Couchbase Server prior to 5.0, the bucket named "defaul ...)
	NOT-FOR-US: Couchbase
CVE-2019-11495 (In Couchbase Server 5.1.1, the cookie used for intra-node communicatio ...)
	NOT-FOR-US: Couchbase
CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
	- dovecot 1:2.3.4.1-5 (bug #928235)
	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
	NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115757.html
CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pd ...)
	NOT-FOR-US: VeryPDF
CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server logs. ...)
	NOT-FOR-US: ProjectSend
CVE-2019-11491
	RESERVED
CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed .pcap file ...)
	NOT-FOR-US: Npcap
CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interface in ...)
	NOT-FOR-US: SimplyBook.me Enterprise
CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...)
	NOT-FOR-US: SimplyBook.me Enterprise
CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page-&gt;_refcount reference co ...)
	{DLA-1919-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux <ignored> (Minor issue and high risk of regression)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
	NOTE: https://lwn.net/Articles/786044/
CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...)
	{DSA-4465-1 DLA-1824-1 DLA-1799-1}
	- linux 4.19.37-1
	NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
	NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting
	NOTE: from versions including this commit (or backport) or versions which disable
	NOTE: CONFIG_R3964 already.
CVE-2019-11485 (Sander Bos discovered Apport's lock file was in a world-writable direc ...)
	NOT-FOR-US: Apport
CVE-2019-11484 (Kevin Backhouse discovered an integer overflow in bson_ensure_space, a ...)
	NOT-FOR-US: whoopsie
CVE-2019-11483 (Sander Bos discovered Apport mishandled crash dumps originating from c ...)
	NOT-FOR-US: Apport
CVE-2019-11482 (Sander Bos discovered a time of check to time of use (TOCTTOU) vulnera ...)
	NOT-FOR-US: Apport
CVE-2019-11481 (Kevin Backhouse discovered that apport would read a user-supplied conf ...)
	NOT-FOR-US: Apport
CVE-2019-11480 (The pc-kernel snap build process hardcoded the --allow-insecure-reposi ...)
	NOT-FOR-US: Ubuntu tooling for Linux snaps
CVE-2019-11479 (Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue implement ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs v ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
CVE-2019-11476 (An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2 ...)
	NOT-FOR-US: whoopsie
CVE-2019-11475
	RESERVED
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
	{DLA-1795-1}
	- graphicsmagick 1.4~hg15976-1
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
	{DLA-1795-1}
	- graphicsmagick 1.4~hg15976-1
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (low; bug #927828)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_al ...)
	- libheif 1.3.2-2 (bug #928210)
	[buster] - libheif 1.3.2-2~deb10u1
	NOTE: https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
	NOTE: https://github.com/strukturag/libheif/issues/123
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
	{DSA-4712-1 DLA-1968-1}
	- imagemagick <unfixed> (low; bug #927830)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2671
	NOTE: Possibly introduced after https://github.com/sass/libsass/commit/25c9b4952f5838b615da996035453967d0420f57 (3.4.7)
CVE-2018-20821 (The parsing component in LibSass through 3.5.5 allows attackers to cau ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sass/libsass/issues/2658
	NOTE: Introduced by: https://github.com/sass/libsass/commit/efd97dae376de50b3e6ed724337c4f274a21491d (3.5.0)
	NOTE: Fixed by: https://github.com/sass/libsass/commit/f2db04883e5fff4e03777dcc1eb60d4373c45be1
CVE-2018-20820 (read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to c ...)
	- lepton <removed> (bug #927925)
	NOTE: https://github.com/dropbox/lepton/commit/6a5ceefac1162783fffd9506a3de39c85c725761
	NOTE: https://github.com/dropbox/lepton/issues/111
CVE-2018-20819 (io/ZlibCompression.cc in the decompression component in Dropbox Lepton ...)
	- lepton <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/dropbox/lepton/issues/112
	NOTE: Fixed by: https://github.com/dropbox/lepton/commit/0b9967ec13b2c95771fa3da30bcc49d2fc055bfe
	NOTE: Introduced by: https://github.com/dropbox/lepton/commit/d62a8c0416c5a918bfd7d132cc1f6daa4e8bc055
CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows FaultTempl ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-11468
	RESERVED
CVE-2019-11467 (In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the en ...)
	NOT-FOR-US: Couchbase
CVE-2019-11466 (In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes syst ...)
	NOT-FOR-US: Couchbase
CVE-2019-11465 (An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6. ...)
	NOT-FOR-US: Couchbase
CVE-2019-11464 (Some enterprises require that REST API endpoints include security-rela ...)
	NOT-FOR-US: Couchbase
CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read_suppo ...)
	- libarchive <not-affected> (Vulnerable code not present)
	NOTE: Introduced in https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516
	NOTE: Fix: https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505
CVE-2019-11462
	RESERVED
CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.3 ...)
	- nautilus 3.30.5-2 (bug #928054)
	[stretch] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
	[jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
	NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
	NOTE: https://gitlab.gnome.org/GNOME/nautilus/commit/2ddba428ef2b13d0620bd599c3635b9c11044659
CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 pr ...)
	[experimental] - gnome-desktop3 3.32.2-1
	- gnome-desktop3 3.30.2.1-2 (low; bug #928732)
	[buster] - gnome-desktop3 <no-dsa> (Minor issue)
	[stretch] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
	[jessie] - gnome-desktop3 <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
	NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112
CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...)
	{DSA-4624-1 DLA-1882-1 DLA-1881-1}
	- atril 1.22.3-1 (unimportant; bug #927821)
	[buster] - atril 1.20.3-1+deb10u1
	- evince 3.32.0-3 (unimportant; bug #927820)
	[buster] - evince 3.30.2-3+deb10u1
	NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7
	NOTE: Negligible security impact
CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...)
	- linux 3.11.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserial ...)
	- cakephp <not-affected> (Vulnerable code introduced in 3.0.0)
	NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
	NOTE: https://github.com/cakephp/cakephp/pull/13153
CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...)
	NOT-FOR-US: MicroPyramid Django CRM
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
	NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
	{DLA-1767-1}
	- monit 1:5.25.3-1 (bug #927775)
	[stretch] - monit <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash  ...)
	{DLA-1767-1}
	- monit 1:5.25.3-1 (bug #927775)
	[stretch] - monit <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
	NOTE: https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11453
	RESERVED
CVE-2019-11452 (whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL inje ...)
	NOT-FOR-US: whatsns
CVE-2019-11451 (whatsns 4.0 allows index.php?inform/add.html qid SQL injection. ...)
	NOT-FOR-US: whatsns
CVE-2019-11450 (whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection ...)
	NOT-FOR-US: whatsns
CVE-2019-11449 (I, Librarian 4.10 has XSS via the notes.php notes parameter. ...)
	- i-librarian <itp> (bug #649291)
CVE-2019-11448 (An issue was discovered in Zoho ManageEngine Applications Manager 11.0 ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-11447 (An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can inf ...)
	NOT-FOR-US: CuteNews
CVE-2019-11446 (An issue was discovered in ATutor through 2.2.4. It allows the user to ...)
	NOT-FOR-US: ATutor
CVE-2019-11445 (OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JS ...)
	NOT-FOR-US: OpenKM
CVE-2019-11444 (** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. ...)
	NOT-FOR-US: Liferay Portal CE
CVE-2019-11443
	RESERVED
CVE-2019-11442
	RESERVED
CVE-2019-11441
	RESERVED
CVE-2019-11440
	RESERVED
CVE-2019-11439
	RESERVED
CVE-2019-11438
	RESERVED
CVE-2019-11437
	RESERVED
CVE-2019-11436
	RESERVED
CVE-2019-11435
	RESERVED
CVE-2019-11434
	RESERVED
CVE-2019-11433
	RESERVED
CVE-2019-11432
	RESERVED
CVE-2019-11431
	RESERVED
CVE-2019-11430
	RESERVED
CVE-2019-11429 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
	NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-11428 (I, Librarian 4.10 has XSS via the export.php export_files parameter. ...)
	- i-librarian <itp> (bug #649291)
CVE-2019-11427 (An XSS issue was discovered in app/search/search.app.php in idreamsoft ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-11426 (An XSS issue was discovered in app/admincp/template/admincp.header.php ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-11425
	RESERVED
CVE-2019-11424
	RESERVED
CVE-2019-11423
	RESERVED
CVE-2019-11422
	RESERVED
CVE-2019-11421
	RESERVED
CVE-2019-11420
	RESERVED
CVE-2019-11419 (vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application th ...)
	NOT-FOR-US: WeChat
CVE-2019-11418 (apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer over ...)
	NOT-FOR-US: TRENDnet router
CVE-2019-11417 (system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused ...)
	NOT-FOR-US: TRENDnet cameras
CVE-2019-11416 (A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, lead ...)
	NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices
CVE-2019-11415 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malfor ...)
	NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices
CVE-2019-11414 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the ...)
	NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices
CVE-2019-11413 (An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recurs ...)
	NOT-FOR-US: MuJS
CVE-2019-11412 (An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a ...)
	NOT-FOR-US: MuJS
CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() an ...)
	NOT-FOR-US: MuJS
CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
	NOT-FOR-US: OpenPLC
CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers f ...)
	NOT-FOR-US: FreePBX
CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FusionPBX  ...)
	NOT-FOR-US: FreePBX
CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel module i ...)
	NOT-FOR-US: FusionPBX
CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in Fusio ...)
	NOT-FOR-US: FusionPBX
CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...)
	NOT-FOR-US: Subrion CMS
CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses  ...)
	NOT-FOR-US: OpenAPI Tools OpenAPI Generator
CVE-2019-11404 (arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compi ...)
	NOT-FOR-US: arrow-kt Arrow
CVE-2019-11403 (In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect  ...)
	NOT-FOR-US: Gradle Enterprise
CVE-2019-11402 (In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store  ...)
	NOT-FOR-US: Gradle Enterprise
CVE-2019-11401 (A issue was discovered in SiteServer CMS 6.9.0. It allows remote attac ...)
	NOT-FOR-US: SiteServer CMS
CVE-2019-11400 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b ...)
	NOT-FOR-US: TRENDnet
CVE-2019-11399 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b ...)
	NOT-FOR-US: TRENDnet
CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 a ...)
	NOT-FOR-US: UliCMS
CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...)
	NOT-FOR-US: Rapid4
CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The permissiv ...)
	NOT-FOR-US: Avira Free Security Suite
CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers to execu ...)
	NOT-FOR-US: MailCarrier
CVE-2019-11394
	RESERVED
CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit before 3.7.3 ...)
	NOT-FOR-US: M/Monit
CVE-2019-11392 (BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndic ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-11391 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
	- modsecurity-crs <unfixed> (unimportant; bug #928053)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357
	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11390 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
	- modsecurity-crs <unfixed> (unimportant; bug #928053)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358
	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11389 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
	- modsecurity-crs <unfixed> (unimportant; bug #928053)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356
	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11388 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule  ...)
	- modsecurity-crs <unfixed> (unimportant; bug #928053)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354
	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...)
	- modsecurity-crs 3.1.1-1 (unimportant; bug #928053)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359
	NOTE: Negligible security impact, doesn't affect the CRS rule set as used
	NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings
CVE-2019-11386
	RESERVED
CVE-2019-11385
	RESERVED
CVE-2019-11384 (The Zalora application 6.15.1 for Android stores confidential informat ...)
	NOT-FOR-US: Zalora application for Android
CVE-2019-11383 (An issue was discovered in the Medha WiFi FTP Server application 1.8.3 ...)
	NOT-FOR-US: Medha WiFi FTP Server application for Android
CVE-2019-11382
	RESERVED
CVE-2019-11381
	RESERVED
CVE-2019-11380 (The master-password feature in the ES File Explorer File Manager appli ...)
	NOT-FOR-US: ES File Explorer File Manager application for Android
CVE-2019-11379
	RESERVED
CVE-2019-11378 (An issue was discovered in ProjectSend r1053. upload-process-form.php  ...)
	NOT-FOR-US: ProjectSend
CVE-2019-11377 (wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload  ...)
	NOT-FOR-US: WCMS
CVE-2019-11376 (** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbit ...)
	NOT-FOR-US: SOY CMS
CVE-2019-11375 (Msvod v10 has a CSRF vulnerability to change user information via the  ...)
	NOT-FOR-US: Msvod
CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the  ...)
	NOT-FOR-US: 74CMS
CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer ...)
	[experimental] - libmediainfo 19.04+dfsg-1
	- libmediainfo 18.12-2 (low; bug #927672)
	[stretch] - libmediainfo <no-dsa> (Minor issue)
	[jessie] - libmediainfo <no-dsa> (Minor issue)
	NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
	NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
CVE-2019-11372 (An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test ...)
	[experimental] - libmediainfo 19.04+dfsg-1
	- libmediainfo 18.12-2 (low; bug #927672)
	[stretch] - libmediainfo <no-dsa> (Minor issue)
	[jessie] - libmediainfo <no-dsa> (Minor issue)
	NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
	NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ...)
	- bwa <unfixed> (unimportant)
	NOTE: https://github.com/lh3/bwa/issues/239
	NOTE: Neutralised by toolchain hardening
CVE-2019-11370 (Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstr ...)
	NOT-FOR-US: Carel pCOWeb
CVE-2019-11369 (An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw ...)
	NOT-FOR-US: Carel pCOWeb
CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via  ...)
	NOT-FOR-US: AUO Solar Data Recorder
CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...)
	NOT-FOR-US: AUO Solar Data Recorder
CVE-2019-11364 (An OS Command Injection vulnerability in Snare Central before 7.4.5 al ...)
	NOT-FOR-US: Snare Central
CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5 allows rem ...)
	NOT-FOR-US: Snare Central
CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL  ...)
	NOT-FOR-US: ROCBOSS
CVE-2019-11361 (Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user p ...)
	NOT-FOR-US: Zoho
CVE-2016-10748
	RESERVED
CVE-2016-10747
	RESERVED
CVE-2019-11366 (An issue was discovered in atftpd in atftp 0.7.1. It does not lock the ...)
	{DSA-4438-1 DLA-1783-1}
	- atftp 0.7.git20120829-3.1 (bug #927553)
	NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
	NOTE: https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
CVE-2019-11365 (An issue was discovered in atftpd in atftp 0.7.1. A remote attacker ma ...)
	{DSA-4438-1 DLA-1783-1}
	- atftp 0.7.git20120829-3.1 (bug #927553)
	NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
	NOTE: https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
CVE-2019-11360 (A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ...)
	- iptables 1.8.3-2 (unimportant)
	NOTE: https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e (1.8.3)
	NOTE: https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
	NOTE: Negligible security impact
CVE-2019-11359 (Cross-site scripting (XSS) vulnerability in display.php in I, Libraria ...)
	- i-librarian <itp> (bug #649291)
CVE-2019-11357
	RESERVED
CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0 ...)
	{DSA-4458-1}
	- cyrus-imapd 3.0.8-6
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828
	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3
CVE-2019-11355 (An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A featu ...)
	NOT-FOR-US: Poly (formerly Polycom) HDX
CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...)
	NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows
CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker  ...)
	NOT-FOR-US: EnGenius EWS660AP
CVE-2019-11352
	RESERVED
CVE-2019-11351 (TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt ...)
	- teamspeak-client <removed>
CVE-2019-11350 (CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial l ...)
	NOT-FOR-US: CloudBees Jenkins Operations Center
CVE-2019-11349
	RESERVED
CVE-2019-11348
	RESERVED
CVE-2019-11347
	RESERVED
CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of Duty ga ...)
	NOT-FOR-US: Activision
CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_ ...)
	{DSA-4450-1 DLA-1867-1}
	- wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463)
	NOTE: https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
	NOTE: Patches: https://w1.fi/security/2019-5/
CVE-2019-11346
	RESERVED
CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center  ...)
	NOT-FOR-US: Citrix
CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...)
	NOT-FOR-US: Pluck CMS
CVE-2019-11343 (Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBu ...)
	NOT-FOR-US: Torpedo Query
CVE-2019-11342
	RESERVED
CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...)
	NOT-FOR-US: Samsung
CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...)
	NOT-FOR-US: Matrix Sydent
CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
	- ffmpeg 7:4.1.3-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
	{DSA-4449-1 DLA-1809-1}
	- ffmpeg 7:4.1.3-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e
CVE-2019-11337
	RESERVED
CVE-2019-11336 (Sony Bravia Smart TV devices allow remote attackers to retrieve the st ...)
	NOT-FOR-US: Sony Bravia Smart TV devices
CVE-2019-11335
	RESERVED
CVE-2019-11334 (An authentication bypass in website post requests in the Tzumi Electro ...)
	NOT-FOR-US: Tzumi Electronics Klic Lock application for mobile devices
CVE-2019-11333
	RESERVED
CVE-2019-11332 (MKCMS 5.0 allows remote attackers to take over arbitrary user accounts ...)
	NOT-FOR-US: MKCMS
CVE-2019-11331 (Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 e ...)
	NOT-FOR-US: Generic NTP protocol flaw
CVE-2019-11330
	RESERVED
CVE-2019-11329
	RESERVED
CVE-2019-11328 (An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious ...)
	- singularity-container <not-affected> (No released Debian version contains the issue, cf bug #929042)
	NOTE: https://www.openwall.com/lists/oss-security/2019/05/16/1
CVE-2019-11327 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...)
	NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...)
	NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11325 (An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3. ...)
	- symfony 4.3.8+dfsg-1
	[buster] - symfony <not-affected> (Vulnerable code not present)
	[stretch] - symfony <not-affected> (Vulnerable code not present)
	[jessie] - symfony <not-affected> (Vulnerable code not present)
	NOTE: https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
	NOTE: https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a
CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...)
	- haproxy <not-affected> (Vulnerable code introduced in 1.9.x series in v1.9.2)
	NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
	NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases  ...)
	- python-urllib3 1.25.6-4 (bug #927412)
	[buster] - python-urllib3 <no-dsa> (Minor issue)
	[stretch] - python-urllib3 <no-dsa> (Minor issue)
	[jessie] - python-urllib3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3
CVE-2019-11322 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
	NOT-FOR-US: Motorola
CVE-2019-11321 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router o ...)
	NOT-FOR-US: Motorola
CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_ ...)
	NOT-FOR-US: Motorola
CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...)
	NOT-FOR-US: Motorola
CVE-2019-11318 (Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2019-11317
	RESERVED
CVE-2019-11316
	RESERVED
CVE-2019-11315
	RESERVED
CVE-2019-11314
	RESERVED
CVE-2019-11313
	RESERVED
CVE-2019-11312
	RESERVED
CVE-2019-11311
	RESERVED
CVE-2019-11310
	RESERVED
CVE-2019-11309
	RESERVED
CVE-2019-11308
	RESERVED
CVE-2019-11307
	RESERVED
CVE-2019-11306
	RESERVED
CVE-2019-11305
	RESERVED
CVE-2019-11304
	RESERVED
CVE-2019-11303
	RESERVED
CVE-2019-11302
	RESERVED
CVE-2019-11301
	RESERVED
CVE-2019-11300
	RESERVED
CVE-2019-11299
	RESERVED
CVE-2019-11298
	RESERVED
CVE-2019-11297
	RESERVED
CVE-2019-11296
	RESERVED
CVE-2019-11295
	RESERVED
CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows spac ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
	NOT-FOR-US: Cloud Foundry UAA Release
CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...)
	NOT-FOR-US: Pivotal
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior  ...)
	- rabbitmq-server <unfixed> (bug #945601)
	[buster] - rabbitmq-server <no-dsa> (Minor issue)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <postponed> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2019-11291
CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly  ...)
	NOT-FOR-US: Cloud Foundry Routing
CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...)
	NOT-FOR-US: Pivotal
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
	- rabbitmq-server <unfixed> (bug #945600)
	[buster] - rabbitmq-server <no-dsa> (Minor issue)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <postponed> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2019-11287
CVE-2019-11286
	RESERVED
CVE-2019-11285
	REJECTED
CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...)
	NOT-FOR-US: Pivotal
CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outpu ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint tha ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
	- rabbitmq-server 3.7.18-1 (low)
	[buster] - rabbitmq-server <no-dsa> (Minor issue)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin)
	NOTE: https://pivotal.io/security/cve-2019-11281
	NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc
	NOTE: which was only introduced in 3.7.0-beta.19
	NOTE: federation management plugin: exploitable only by a remote authenticated malicious user
	NOTE:  with administrative access
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
	NOT-FOR-US: Pivotal
CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be directly q ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
	NOT-FOR-US: Pivotal
CVE-2019-11275 (Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versi ...)
	NOT-FOR-US: Pivotal Application Manager
CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...)
	NOT-FOR-US: Cloud Foundry UAA
CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...)
	NOT-FOR-US: Pivotal Container Services
CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
	{DLA-1848-1}
	- libspring-security-2.0-java <removed>
	NOTE: https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee
CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11270 (Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability wh ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
	NOT-FOR-US: Cloud Foundry UAA
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
	{DSA-4460-1 DSA-4434-1 DLA-2118-1 DLA-1797-1 DLA-1777-1}
	- drupal7 <removed> (bug #927330)
	- jquery 3.3.1~dfsg-2 (bug #927385)
	[stretch] - jquery 3.1.1-2+deb9u1
	- node-jquery 2.2.4+dfsg-4 (bug #927466)
	- mediawiki 1:1.31.2-1
	- otrs2 6.0.26-1
	[buster] - otrs2 <no-dsa> (Non-free not supported)
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://www.drupal.org/sa-core-2019-006
	NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
	NOTE: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
	NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-174006
	NOTE: https://phabricator.wikimedia.org/T221739
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
	NOTE: https://community.otrs.com/security-advisory-2020-05/
CVE-2019-11267
	REJECTED
CVE-2019-11266
	REJECTED
CVE-2019-11265
	REJECTED
CVE-2019-11264
	REJECTED
CVE-2019-11263
	REJECTED
CVE-2019-11262
	REJECTED
CVE-2019-11261
	REJECTED
CVE-2019-11260
	REJECTED
CVE-2019-11259
	REJECTED
CVE-2019-11258
	REJECTED
CVE-2019-11257
	REJECTED
CVE-2019-11256
	REJECTED
CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers for ext ...)
	NOT-FOR-US: kubernetes-csi
CVE-2019-11254 (The Kubernetes API Server component in versions 1.1-1.14, and versions ...)
	- kubernetes 1.17.4-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/89535
CVE-2019-11253 (Improper input validation in the Kubernetes API server in versions v1. ...)
	- kubernetes 1.17.4-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/83253
CVE-2019-11252
	RESERVED
CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...)
	- kubernetes <not-affected> (Vulnerable code not present)
CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
	- kubernetes 1.17.4-1 (bug #934801)
	NOTE: https://github.com/kubernetes/kubernetes/issues/81114
CVE-2019-11249 (The kubectl cp command allows copying files between containers and the ...)
	- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
	NOTE: https://github.com/kubernetes/kubernetes/issues/80984
CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the unauthenticate ...)
	- kubernetes 1.17.4-1 (bug #934182)
	NOTE: https://github.com/kubernetes/kubernetes/issues/81023
	NOTE: https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8
CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...)
	- kubernetes 1.17.4-1 (bug #933988)
	NOTE: https://github.com/kubernetes/kubernetes/issues/80983
CVE-2019-11246 (The kubectl cp command allows copying files between containers and the ...)
	- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
	NOTE: https://github.com/kubernetes/kubernetes/pull/76788
CVE-2019-11245 (In kubelet v1.13.6 and v1.14.2, containers for pods that do not specif ...)
	- kubernetes <not-affected> (Vulnerable code not present)
	NOTE: https://discuss.kubernetes.io/t/security-regression-in-kubernetes-kubelet-v1-13-6-and-v1-14-2-only-cve-2019-11245/6584
	NOTE: https://github.com/kubernetes/kubernetes/issues/78308
CVE-2019-11244 (In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the  ...)
	- kubernetes <not-affected> (Vulnerable code introduced in 1.8.x onwards)
	NOTE: https://github.com/kubernetes/kubernetes/issues/76676
CVE-2019-11243 (In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientCon ...)
	- kubernetes <not-affected> (Only affects v1.12.0-v1.12.4 and v1.13.0 upstream)
	NOTE: https://github.com/kubernetes/kubernetes/issues/76797
CVE-2019-11242 (A man-in-the-middle vulnerability related to vCenter access was found  ...)
	NOT-FOR-US: Cohesity DataPlatform
CVE-2019-11241
	RESERVED
CVE-2019-11240
	RESERVED
CVE-2019-11239
	RESERVED
CVE-2019-11238
	RESERVED
CVE-2019-11237
	RESERVED
CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
	{DLA-1828-1}
	[experimental] - python-urllib3 1.25.6-1
	- python-urllib3 1.25.6-4 (bug #927172)
	[buster] - python-urllib3 <no-dsa> (Minor issue)
	[stretch] - python-urllib3 <no-dsa> (Minor issue)
	NOTE: https://github.com/urllib3/urllib3/issues/1553
	NOTE: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
	NOTE: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
CVE-2019-11235 (FreeRADIUS before 3.0.19 mishandles the "each participant verifies tha ...)
	- freeradius 3.0.17+dfsg-1.1 (bug #926958)
	[stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default)
	[jessie] - freeradius <not-affected> (EAP-PWD only introduced in 3.0.0)
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
CVE-2019-11234 (FreeRADIUS before 3.0.19 does not prevent use of reflection for authen ...)
	- freeradius 3.0.17+dfsg-1.1 (bug #926958)
	[stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default)
	[jessie] - freeradius <not-affected> (EAP-PWD only introduced in 3.0.0)
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
CVE-2019-11233 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user i ...)
	NOT-FOR-US: EXCELLENT INFOTEK BiYan
CVE-2019-11232 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user i ...)
	NOT-FOR-US: EXCELLENT INFOTEK BiYan
CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. insufficient  ...)
	NOT-FOR-US: GetSimple CMS
CVE-2019-11230 (In Avast Antivirus before 19.4, a local administrator can trick the pr ...)
	NOT-FOR-US: Avast Antivirus
CVE-2019-11229 (models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 m ...)
	- gitea <removed>
CVE-2019-11228 (repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does no ...)
	- gitea <removed>
CVE-2019-11227
	RESERVED
CVE-2019-11226 (CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Artic ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-11225
	RESERVED
CVE-2019-11224 (HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. ...)
	NOT-FOR-US: HARMAN AMX MVP5150 devices
CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy plugin t ...)
	NOT-FOR-US: SupportCandy plugin for WordPress
CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
	NOT-FOR-US: Subrion CMS
CVE-2019-11222 (gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overfl ...)
	{DLA-1765-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bug #926961)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/f36525c5beafb78959c3a07d6622c9028de348da
	NOTE: https://github.com/gpac/gpac/issues/1204
	NOTE: https://github.com/gpac/gpac/issues/1205
CVE-2019-11221 (GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media ...)
	{DLA-1765-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bug #926963)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b
	NOTE: https://github.com/gpac/gpac/issues/1203
CVE-2019-11220 (An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows rem ...)
	NOT-FOR-US: Shenzhen Yunni Technology iLnkP2P
CVE-2019-11219 (The algorithm used to generate device IDs (UIDs) for devices that util ...)
	NOT-FOR-US: Shenzhen Yunni Technology iLnkP2P
CVE-2019-11218 (Improper handling of extra parameters in the AccountController (User P ...)
	NOT-FOR-US: Bonobo Git Server
CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 a ...)
	NOT-FOR-US: Bonobo Git Server
CVE-2019-11216 (BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the i ...)
	NOT-FOR-US: BMC Smart Reporting
CVE-2019-11215 (In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writ ...)
	NOT-FOR-US: iTop (not the same as src:itop)
CVE-2019-11214
	RESERVED
CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker  ...)
	NOT-FOR-US: Pulse Secure Pulse Desktop Client and Network Connect
CVE-2019-11212 (The MDM server component of TIBCO Software Inc's TIBCO MDM contains mu ...)
	NOT-FOR-US: TIBCO
CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
	NOT-FOR-US: TIBCO
CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
	NOT-FOR-US: TIBCO
CVE-2019-11209 (The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...)
	NOT-FOR-US: TIBCO
CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
	NOT-FOR-US: TIBCO
CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...)
	NOT-FOR-US: TIBCO
CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
	NOT-FOR-US: TIBCO
CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...)
	NOT-FOR-US: TIBCO
CVE-2019-11204 (The web interface component of TIBCO Software Inc.'s TIBCO Spotfire St ...)
	NOT-FOR-US: TIBCO
CVE-2019-11203 (The workspace client, openspace client, app development client, and RE ...)
	NOT-FOR-US: TIBCO
CVE-2019-11202 (An issue was discovered that affects the following versions of Rancher ...)
	NOT-FOR-US: Rancher
CVE-2019-11201 (Dolibarr ERP/CRM 9.0.1 provides a module named website that provides f ...)
	- dolibarr <removed>
CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs u ...)
	- dolibarr <removed>
CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded file ...)
	- dolibarr <removed>
CVE-2019-11198 (Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9. ...)
	NOT-FOR-US: Sitecore CMS
CVE-2019-11197
	RESERVED
CVE-2019-11196 (An authentication bypass vulnerability in all versions of ValuePLUS In ...)
	NOT-FOR-US: ValuePLUS Integrated University Management System (IUMS)
CVE-2019-11195
	RESERVED
CVE-2019-11194
	RESERVED
CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via  ...)
	NOT-FOR-US: DirectAdmin
CVE-2019-11192
	RESERVED
CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl (access contr ...)
	NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...)
	- linux <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR on setui ...)
	{DLA-1799-1}
	- linux 4.8.5-1
	NOTE: https://git.kernel.org/linus/9f834ec18defc369d73ccf9e87a2790bfa05bf46 (4.8-rc5)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
CVE-2019-11188
	RESERVED
CVE-2019-11187 (Incorrect Access Control in the LDAP class of GONICUS GOsa through 201 ...)
	{DLA-1876-1 DLA-1875-1}
	- fusiondirectory 1.2.3-5
	[buster] - fusiondirectory 1.2.3-4+deb10u1
	[stretch] - fusiondirectory 1.0.19-1+deb9u1
	- gosa 2.7.4+reloaded3-9
	[buster] - gosa 2.7.4+reloaded3-8+deb10u1
	[stretch] - gosa <no-dsa> (Minor issue)
CVE-2019-11186
	RESERVED
CVE-2019-11185 (The WP Live Chat Support Pro plugin through 8.0.26 for WordPress conta ...)
	NOT-FOR-US: WP Live Chat Support Pro plugin for WordPress
CVE-2019-11184 (A race condition in specific microprocessors using Intel (R) DDIO cach ...)
	NOT-FOR-US: HW Issue with processors supporting Intel Data-Direct I/O Technology (Intel DDIO) and Remote Direct Memory Access (RDMA)
CVE-2019-11183
	RESERVED
CVE-2019-11182 (Memory corruption in Intel(R) Baseboard Management Controller firmware ...)
	NOT-FOR-US: Intel
CVE-2019-11181 (Out of bound read in Intel(R) Baseboard Management Controller firmware ...)
	NOT-FOR-US: Intel
CVE-2019-11180 (Insufficient input validation in Intel(R) Baseboard Management Control ...)
	NOT-FOR-US: Intel
CVE-2019-11179 (Insufficient input validation in Intel(R) Baseboard Management Control ...)
	NOT-FOR-US: Intel
CVE-2019-11178 (Stack overflow in Intel(R) Baseboard Management Controller firmware ma ...)
	NOT-FOR-US: Intel
CVE-2019-11177 (Unhandled exception in Intel(R) Baseboard Management Controller firmwa ...)
	NOT-FOR-US: Intel
CVE-2019-11176
	RESERVED
CVE-2019-11175 (Insufficient input validation in Intel(R) Baseboard Management Control ...)
	NOT-FOR-US: Intel
CVE-2019-11174 (Insufficient access control in Intel(R) Baseboard Management Controlle ...)
	NOT-FOR-US: Intel
CVE-2019-11173 (Insufficient session validation in Intel(R) Baseboard Management Contr ...)
	NOT-FOR-US: Intel
CVE-2019-11172 (Out of bound read in Intel(R) Baseboard Management Controller firmware ...)
	NOT-FOR-US: Intel
CVE-2019-11171 (Heap corruption in Intel(R) Baseboard Management Controller firmware m ...)
	NOT-FOR-US: Intel
CVE-2019-11170 (Authentication bypass in Intel(R) Baseboard Management Controller firm ...)
	NOT-FOR-US: Intel
CVE-2019-11169
	RESERVED
CVE-2019-11168 (Insufficient session validation in Intel(R) Baseboard Management Contr ...)
	NOT-FOR-US: Intel
CVE-2019-11167 (Improper file permission in software installer for Intel(R) Smart Conn ...)
	NOT-FOR-US: Intel
CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Streaming ...)
	NOT-FOR-US: Intel
CVE-2019-11165 (Improper conditions check in the Linux kernel driver for the Intel(R)  ...)
	NOT-FOR-US: Intel, driver doesn't seem to be upstreamed
CVE-2019-11164
	RESERVED
CVE-2019-11163 (Insufficient access control in a hardware abstraction driver for Intel ...)
	NOT-FOR-US: Intel(R) Processor Identification Utility for Windows
CVE-2019-11162 (Insufficient access control in hardware abstraction in SEMA driver for ...)
	NOT-FOR-US: Intel
CVE-2019-11161
	RESERVED
CVE-2019-11160
	RESERVED
CVE-2019-11159
	RESERVED
CVE-2019-11158
	RESERVED
CVE-2019-11157 (Improper conditions check in voltage settings for some Intel(R) Proces ...)
	NOT-FOR-US: Intel
CVE-2019-11156 (Logic errors in Intel(R) PROSet/Wireless WiFi Software before version  ...)
	NOT-FOR-US: Intel
CVE-2019-11155 (Improper directory permissions in Intel(R) PROSet/Wireless WiFi Softwa ...)
	NOT-FOR-US: Intel
CVE-2019-11154 (Improper directory permissions in Intel(R) PROSet/Wireless WiFi Softwa ...)
	NOT-FOR-US: Intel
CVE-2019-11153 (Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software ext ...)
	NOT-FOR-US: Intel
CVE-2019-11152 (Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 ...)
	NOT-FOR-US: Intel
CVE-2019-11151 (Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 ...)
	NOT-FOR-US: Intel
CVE-2019-11150
	RESERVED
CVE-2019-11149
	RESERVED
CVE-2019-11148 (Improper permissions in the installer for Intel(R) Remote Displays SDK ...)
	NOT-FOR-US: Intel
CVE-2019-11147 (Insufficient access control in hardware abstraction driver for MEInfo  ...)
	NOT-FOR-US: Intel
CVE-2019-11146 (Improper file verification in Intel&#174; Driver &amp; Support Assista ...)
	NOT-FOR-US: Intel
CVE-2019-11145 (Improper file verification in Intel&#174; Driver &amp; Support Assista ...)
	NOT-FOR-US: Intel
CVE-2019-11144
	RESERVED
CVE-2019-11143 (Improper permissions in the software installer for Intel(R) Authentica ...)
	NOT-FOR-US: Intel
CVE-2019-11142
	RESERVED
CVE-2019-11141
	RESERVED
CVE-2019-11140 (Insufficient session validation in system firmware for Intel(R) NUC ma ...)
	NOT-FOR-US: Intel
CVE-2019-11139 (Improper conditions check in the voltage modulation interface for some ...)
	{DSA-4565-1 DLA-2051-1}
	- intel-microcode 3.20191112.1
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
	NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional
	NOTE: update for CFL-S was added in 3.20191113.1.
CVE-2019-11138
	RESERVED
CVE-2019-11137 (Insufficient input validation in system firmware for Intel(R) Xeon(R)  ...)
	NOT-FOR-US: Intel
CVE-2019-11136 (Insufficient access control in system firmware for Intel(R) Xeon(R) Sc ...)
	NOT-FOR-US: Intel
CVE-2019-11135 (TSX Asynchronous Abort condition on some CPUs utilizing speculative ex ...)
	{DSA-4602-1 DSA-4565-1 DSA-4564-1 DLA-2051-1 DLA-1990-1 DLA-1989-1}
	- linux 5.3.9-2
	- intel-microcode 3.20191112.1
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
	NOTE: https://xenbits.xen.org/xsa/advisory-305.html
	NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional
	NOTE: update for CFL-S was added in 3.20191113.1.
CVE-2019-11134
	RESERVED
CVE-2019-11133 (Improper access control in the Intel(R) Processor Diagnostic Tool befo ...)
	NOT-FOR-US: Intel
CVE-2019-11132 (Cross site scripting in subsystem in Intel(R) AMT before versions 11.8 ...)
	NOT-FOR-US: Intel
CVE-2019-11131 (Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.1 ...)
	NOT-FOR-US: Intel
CVE-2019-11130
	RESERVED
CVE-2019-11129 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...)
	NOT-FOR-US: Intel
CVE-2019-11128 (Insufficient input validation in system firmware for Intel(R) NUC Kit  ...)
	NOT-FOR-US: Intel
CVE-2019-11127 (Buffer overflow in system firmware for Intel(R) NUC Kit may allow a pr ...)
	NOT-FOR-US: Intel
CVE-2019-11126 (Pointer corruption in system firmware for Intel(R) NUC Kit may allow a ...)
	NOT-FOR-US: Intel
CVE-2019-11125 (Insufficient input validation in system firmware for Intel(R) NUC Kit  ...)
	NOT-FOR-US: Intel
CVE-2019-11124 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...)
	NOT-FOR-US: Intel
CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R) NUC Ki ...)
	NOT-FOR-US: Intel
CVE-2019-11122
	RESERVED
CVE-2019-11121
	RESERVED
CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...)
	NOT-FOR-US: Intel
CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...)
	NOT-FOR-US: Intel
CVE-2019-11118
	RESERVED
CVE-2019-11117 (Improper permissions in the installer for Intel(R) Omni-Path Fabric Ma ...)
	NOT-FOR-US: Intel
CVE-2019-11116
	RESERVED
CVE-2019-11115
	RESERVED
CVE-2019-11114 (Insufficient input validation in Intel(R) Driver &amp; Support Assista ...)
	NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11113 (Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver bef ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11112 (Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver be ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11111 (Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11110 (Authentication bypass in the subsystem for Intel(R) CSME before versio ...)
	NOT-FOR-US: Intel
CVE-2019-11109 (Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_0 ...)
	NOT-FOR-US: Intel
CVE-2019-11108 (Insufficient input validation in subsystem for Intel(R) CSME before ve ...)
	NOT-FOR-US: Intel
CVE-2019-11107 (Insufficient input validation in the subsystem for Intel(R) AMT before ...)
	NOT-FOR-US: Intel
CVE-2019-11106 (Insufficient session validation in the subsystem for Intel(R) CSME bef ...)
	NOT-FOR-US: Intel
CVE-2019-11105 (Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13 ...)
	NOT-FOR-US: Intel
CVE-2019-11104 (Insufficient input validation in MEInfo software for Intel(R) CSME bef ...)
	NOT-FOR-US: Intel
CVE-2019-11103 (Insufficient input validation in firmware update software for Intel(R) ...)
	NOT-FOR-US: Intel
CVE-2019-11102 (Insufficient input validation in Intel(R) DAL software for Intel(R) CS ...)
	NOT-FOR-US: Intel
CVE-2019-11101 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...)
	NOT-FOR-US: Intel
CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT before ...)
	NOT-FOR-US: Intel
CVE-2019-11099
	RESERVED
CVE-2019-11098
	RESERVED
CVE-2019-11097 (Improper directory permissions in the installer for Intel(R) Managemen ...)
	NOT-FOR-US: Intel
CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 Adapter driv ...)
	NOT-FOR-US: Intel(R) Ethernet I218 Adapter driver for Windows
CVE-2019-11095 (Insufficient access control in Intel(R) Driver &amp; Support Assistant ...)
	NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...)
	NOT-FOR-US: Intel (R) NUC Kit
CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery  ...)
	NOT-FOR-US: Intel(R) SCS Discovery Utility
CVE-2019-11092 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheab ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2019-11090 (Cryptographic timing conditions in the subsystem for Intel(R) PTT befo ...)
	NOT-FOR-US: Intel
CVE-2019-11089 (Insufficient input validation in Kernel Mode module for Intel(R) Graph ...)
	NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11088 (Insufficient input validation in subsystem in Intel(R) AMT before vers ...)
	NOT-FOR-US: Intel
CVE-2019-11087 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...)
	NOT-FOR-US: Intel
CVE-2019-11086 (Insufficient input validation in subsystem for Intel(R) AMT before ver ...)
	NOT-FOR-US: Intel
CVE-2019-11085 (Insufficient input validation in Kernel Mode Driver in Intel(R) i915 G ...)
	- linux 4.19.20-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/51b00d8509dc69c98740da2ad07308b630d3eb7d
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
CVE-2019-11084 (GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and disc ...)
	NOT-FOR-US: GAuth
CVE-2019-11083
	RESERVED
CVE-2019-11082 (core/api/datasets/internal/actions/Explode.java in the Dataset API in  ...)
	NOT-FOR-US: DKPro Core
CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.3.1 and e ...)
	NOT-FOR-US: Dentsply Sirona Sidexis
CVE-2019-11080 (Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remo ...)
	NOT-FOR-US: Sitecore Experience Platform
CVE-2019-11079
	RESERVED
CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...)
	NOT-FOR-US: MKCMS
CVE-2019-11077 (FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new a ...)
	NOT-FOR-US: FastAdmin
CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via a ...)
	NOT-FOR-US: Cribl UI
CVE-2019-11075
	RESERVED
CVE-2019-11074 (A Write to Arbitrary Location in Disk vulnerability exists in PRTG Net ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...)
	- lighttpd 1.4.53-4 (bug #926885)
	[stretch] - lighttpd <not-affected> (Vulnerable code introduced later)
	[jessie] - lighttpd <not-affected> (Vulnerable code introduced later)
	NOTE: https://redmine.lighttpd.net/issues/2945
	NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354
	NOTE: Introduced with: https://github.com/lighttpd/lighttpd1.4/commit/3eb7902e10ba75b3f2eb159e244d0d8e5037ccd2
CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly ap ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-11069 (Sequelize version 5 before 5.3.0 does not properly ensure that standar ...)
	NOT-FOR-US: Sequelize
CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
	{DLA-1756-1}
	- libxslt 1.1.32-2.1 (bug #926895; bug #933743)
	[buster] - libxslt 1.1.32-2.1~deb10u1
	[stretch] - libxslt 1.1.29-2.1+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/issues/12
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
	- glibc 2.5-1
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=2498
CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version  ...)
	- glibc 2.3.5-3
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=661
CVE-2019-11067
	RESERVED
CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly  ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
	NOT-FOR-US: Jenkins
CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted Open ...)
	NOT-FOR-US: LightOpenID
CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
	- gradle 4.4.1-10 (bug #926923)
	[buster] - gradle <no-dsa> (Minor issue)
	[stretch] - gradle <no-dsa> (Minor issue)
	[jessie] - gradle <no-dsa> (Minor issue)
	NOTE: https://github.com/gradle/gradle/pull/8927
	NOTE: https://lists.debian.org/debian-lts/2019/05/msg00021.html
CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ...)
	{DSA-4429-1}
	- spip 3.2.4-1 (bug #926764)
	[jessie] - spip <not-affected> (SPIP 3.0 and earlier are not affected)
	NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html
	NOTE: https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36
	NOTE: https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e
CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered in Adva ...)
	NOT-FOR-US: Advan VD-1 firmware
CVE-2019-11063 (A broken access control vulnerability in SmartHome app (Android versio ...)
	NOT-FOR-US: SmartHome app
CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...)
	NOT-FOR-US: SUNNET WMPro for eLearning system
CVE-2019-11061 (A broken access control vulnerability in HG100 firmware versions up to ...)
	NOT-FOR-US: HG100 firmware
CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12,  ...)
	NOT-FOR-US: ASUS HG100 firmware
CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...)
	- u-boot 2019.01+dfsg-6 (bug #928800)
	[stretch] - u-boot <no-dsa> (Minor issue)
	[jessie] - u-boot <ignored> (Minor issue)
	NOTE: https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501
CVE-2019-11058
	RESERVED
CVE-2019-11057 (SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows  ...)
	NOT-FOR-US: Vtiger CRM
CVE-2019-11056
	RESERVED
CVE-2019-11055
	RESERVED
CVE-2019-11054
	RESERVED
CVE-2019-11053
	RESERVED
CVE-2019-11052
	RESERVED
CVE-2019-11051
	RESERVED
CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
	{DSA-4628-1 DSA-4626-1 DLA-2050-1}
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.1, 7.3.13
	NOTE: PHP Bug: http://bugs.php.net/78793
CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...)
	- php7.3 <not-affected> (Windows specific issue)
	- php7.0 <not-affected> (Windows specific issue)
	- php5 <not-affected> (Windows specific issue)
	NOTE: Fixed in PHP 7.4.1, 7.3.13
	NOTE: PHP Bug: http://bugs.php.net/78943
CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...)
	{DSA-4719-1 DSA-4717-1 DLA-2261-1}
	- php7.4 <unfixed>
	- php7.3 <removed>
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.2.31, 7.3.18, 7.4.6
	NOTE: PHP Bug: https://bugs.php.net/78875
	NOTE: PHP Bug: https://bugs.php.net/78876
	NOTE: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266
	NOTE: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
	NOTE: php-7.4: https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add
	NOTE: php-7.3: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266
	NOTE: php-7.2: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266
	NOTE: php-7.2: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87
CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
	{DSA-4628-1 DSA-4626-1 DLA-2050-1}
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.1, 7.3.13
	NOTE: PHP Bug: http://bugs.php.net/78910
CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
	{DSA-4628-1 DSA-4626-1 DLA-2050-1}
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.1, 7.3.13
	NOTE: PHP Bug: http://bugs.php.net/78878
	NOTE: http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
	{DSA-4628-1 DSA-4626-1 DLA-2050-1}
	- php7.3 7.3.15-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.4.1, 7.3.13
	NOTE: PHP Bug: http://bugs.php.net/78863
	NOTE: http://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79
CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...)
	- php7.3 <not-affected> (Windows specific issue)
	- php7.0 <not-affected> (Windows specific issue)
	- php5 <not-affected> (Windows specific issue)
	NOTE: Fixed in PHP 7.4.1, 7.3.13
	NOTE: PHP Bug: http://bugs.php.net/78862
CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...)
	{DSA-4553-1 DSA-4552-1 DLA-1970-1}
	- php7.3 7.3.11-1~deb10u1 (bug #943468; bug #943764)
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in PHP 7.3.11, 7.2.24
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78599
	NOTE: https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a
CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
	{DSA-4529-1 DSA-4527-1 DLA-1878-1}
	- php7.3 7.3.8-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78256
CVE-2019-11041 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
	{DSA-4529-1 DSA-4527-1 DLA-1878-1}
	- php7.3 7.3.8-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78222
CVE-2019-11040 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
	{DSA-4529-1 DSA-4527-1 DLA-1813-1}
	- php7.3 7.3.6-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988
CVE-2019-11039 (Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ...)
	{DSA-4529-1 DSA-4527-1 DLA-1813-1}
	- php7.3 7.3.6-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069
CVE-2019-11038 (When using the gdImageCreateFromXbm() function in the GD Graphics Libr ...)
	{DSA-4529-1 DLA-1817-1}
	- libgd2 2.2.5-5.2 (low; bug #929821)
	[stretch] - libgd2 2.2.4-2+deb9u5
	- php7.3 7.3.6-1 (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77973
	NOTE: https://github.com/libgd/libgd/issues/501
	NOTE: https://github.com/libgd/libgd/commit/e13a342c079aeb73e31dfa19eaca119761bac3f3
CVE-2019-11037 (In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing  ...)
	{DSA-4576-1}
	- php-imagick 3.4.3-4.1 (bug #928420)
	[jessie] - php-imagick <not-affected> (vulnerable code is not present)
	NOTE: https://bugs.php.net/bug.php?id=77791
	NOTE: https://github.com/mkoppanen/imagick/commits/bugfix_77791
	NOTE: Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391
	NOTE: Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445
CVE-2019-11036 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
	{DSA-4529-1 DSA-4527-1 DLA-1803-1}
	- php7.3 7.3.6-1 (bug #928421)
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.29, 7.2.18, 7.3.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77950
CVE-2019-11035 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
	{DSA-4529-1 DLA-1803-1}
	- php7.3 7.3.4-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77831
CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...)
	{DSA-4529-1 DLA-1803-1}
	- php7.3 7.3.4-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77753
CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. Th ...)
	NOT-FOR-US: Applaud HCM
CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...)
	NOT-FOR-US: EasyToRecruit
CVE-2019-11031 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-up ...)
	NOT-FOR-US: Mirasys VMS
CVE-2019-11030 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys ...)
	NOT-FOR-US: Mirasys VMS
CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Downloa ...)
	NOT-FOR-US: Mirasys VMS
CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing  ...)
	NOT-FOR-US: GAT-Ship Web Module
CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
	- ruby-omniauth <unfixed>
	[stretch] - ruby-omniauth <no-dsa> (Minor issue)
	[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
	NOTE: https://github.com/omniauth/omniauth/pull/809
	NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/11
CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...)
	{DLA-1956-1}
	- ruby-openid 2.9.2debian-1 (bug #930388)
	[buster] - ruby-openid <no-dsa> (Minor issue)
	[stretch] - ruby-openid <no-dsa> (Minor issue)
	NOTE: https://github.com/openid/ruby-openid/issues/122
	NOTE: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211
	NOTE: https://github.com/openid/ruby-openid/commit/8a4c31a6740a949cdc29d956c276ba3c4021dfa8
	NOTE: https://github.com/openid/ruby-openid/commit/f526132c6cb5d9195351c16ed36dced4ca3db496
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #926721)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426
CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
	{DLA-1757-1}
	- cacti 1.2.2+ds1-2 (low; bug #926700)
	[stretch] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/2581
CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...)
	- libsixel 1.8.6-1 (unimportant)
	NOTE: https://github.com/saitoha/libsixel/issues/85
	NOTE: Negligible security impact
CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...)
	- graphviz <unfixed> (unimportant; bug #926724)
	NOTE: https://gitlab.com/graphviz/graphviz/issues/1517
	NOTE: https://gitlab.com/graphviz/graphviz/commit/839085f8026afd6f6920a0c31ad2a9d880d97932
	NOTE: Crash in CLI tool, no security impact
CVE-2019-11022
	RESERVED
CVE-2019-11021 (** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Aut ...)
	NOT-FOR-US: Schlix CMS
CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT Dashcom Live ...)
	NOT-FOR-US: DDRT Dashcom
CVE-2019-11019 (Lack of authentication in case-exporting components in DDRT Dashcom Li ...)
	NOT-FOR-US: DDRT Dashcom
CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does not prev ...)
	NOT-FOR-US: ThinkAdmin
CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vu ...)
	NOT-FOR-US: D-Link
CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...)
	NOT-FOR-US: Elgg
CVE-2019-11015 (A vulnerability was found in the MIUI OS version 10.1.3.0 that allows  ...)
	NOT-FOR-US: MIUI OS
CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...)
	NOT-FOR-US: VStarCam
CVE-2019-11013 (Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal  ...)
	NOT-FOR-US: Nimble Streamer
CVE-2019-11012
	RESERVED
CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution. ...)
	NOT-FOR-US: Akamai CloudTest
CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in  ...)
	{DLA-1755-1}
	- graphicsmagick 1.4~hg15968-1 (bug #927029)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/601/
CVE-2019-11009 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
	{DLA-1755-1}
	- graphicsmagick 1.4~hg15968-1 (bug #927029)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/597/
CVE-2019-11008 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
	{DLA-1755-1}
	- graphicsmagick 1.4~hg15968-1 (bug #927029)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/599/
CVE-2019-11007 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
	{DLA-1755-1}
	- graphicsmagick 1.4~hg15968-1 (bug #927029)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/596/
CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...)
	{DLA-1755-1}
	- graphicsmagick 1.4~hg15968-1 (bug #927029)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/598/
CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buf ...)
	- graphicsmagick 1.4~hg15968-1 (bug #927029)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	[jessie] - graphicsmagick <not-affected> (The vulnerable code is not present)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/600/
CVE-2019-11004 (In Materialize through 1.0.0, XSS is possible via the Toast feature. ...)
	NOT-FOR-US: Materialize
CVE-2019-11003 (In Materialize through 1.0.0, XSS is possible via the Autocomplete fea ...)
	NOT-FOR-US: Materialize
CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip feature. ...)
	NOT-FOR-US: Materialize
CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...)
	NOT-FOR-US: Reolink devices
CVE-2019-11000 (An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer o ...)
	NOT-FOR-US: D-Link
CVE-2019-10998 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
	NOT-FOR-US: Phoenix Contact
CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
	NOT-FOR-US: Phoenix Contact
CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
	NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10995 (ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hid ...)
	NOT-FOR-US: ABB CP651 HMI products
CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
	NOT-FOR-US: LAquis SCADA
CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointe ...)
	NOT-FOR-US: WebAccess/SCADA
CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
	NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
CVE-2019-10991 (In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buf ...)
	NOT-FOR-US: WebAccess/SCADA
CVE-2019-10990 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
	NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...)
	NOT-FOR-US: WebAccess/SCADA
CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...)
	NOT-FOR-US: Philips HDI 4000 Ultrasound Systems
CVE-2019-10987 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds wr ...)
	NOT-FOR-US: WebAccess/SCADA
CVE-2019-10986
	RESERVED
CVE-2019-10985 (In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnera ...)
	NOT-FOR-US: WebAccess/SCADA
CVE-2019-10984 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
	NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10983 (In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vul ...)
	NOT-FOR-US: WebAccess/SCADA
CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
	NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulner ...)
	NOT-FOR-US: AVEVA
CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCADA 4.3. ...)
	NOT-FOR-US: LAquis SCADA
CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
	NOT-FOR-US: SICK MSC800
CVE-2019-10978 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
	NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
	NOT-FOR-US: Mitsubishi
CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
	NOT-FOR-US: Mitsubishi Electric FR Configurator2
CVE-2019-10975 (An out-of-bounds read vulnerability has been identified in Fuji Electr ...)
	NOT-FOR-US: Fuji Electric
CVE-2019-10974 (NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The appli ...)
	NOT-FOR-US: NREL EnergyPlus
CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, all ...)
	NOT-FOR-US: Quest KACE
CVE-2019-10972 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
	NOT-FOR-US: Mitsubishi Electric FR Configurator2
CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41 and pr ...)
	NOT-FOR-US: Omron
CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...)
	NOT-FOR-US: Rockwell Automation PanelView
CVE-2019-10969 (Moxa EDR 810, all versions 5.1 and prior, allows an authenticated atta ...)
	NOT-FOR-US: Moxa
CVE-2019-10968 (Philips Holter 2010 Plus, all versions. A vulnerability has been ident ...)
	NOT-FOR-US: Philips Holter 2010 Plus
CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based  ...)
	NOT-FOR-US: Emerson
CVE-2019-10966 (In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exis ...)
	NOT-FOR-US: GE Aestiva and Aespire
CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...)
	NOT-FOR-US: Emerson
CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps,  ...)
	NOT-FOR-US: Medtronic
CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated at ...)
	NOT-FOR-US: Moxa
CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...)
	NOT-FOR-US: BD Alaris Gateway
CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
	NOT-FOR-US: Advantech WebAccess HMI Designer
CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipped wit ...)
	NOT-FOR-US: Zebra Industrial Printers
CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
	NOT-FOR-US: BD Alaris Gateway
CVE-2019-10958 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
	NOT-FOR-US: Geutebruck IP Cameras
CVE-2019-10957 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
	NOT-FOR-US: Geutebruck IP Cameras
CVE-2019-10956 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...)
	NOT-FOR-US: Geutebruck IP Cameras
CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...)
	NOT-FOR-US: Rockwell Automation
CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...)
	NOT-FOR-US: Rockwell Automation
CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...)
	NOT-FOR-US: Programmable Logic Controllers of various vendors
CVE-2019-10952 (An attacker could send a crafted HTTP/HTTPS request to render the web  ...)
	NOT-FOR-US: Rockwell Automation
CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
	NOT-FOR-US: Delta Electronics
CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
	NOT-FOR-US: Fujifilm
CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
	NOT-FOR-US: Delta Electronics
CVE-2019-10948 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
	NOT-FOR-US: Fujifilm
CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
	NOT-FOR-US: Delta Electronics
CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh list of  ...)
	NOT-FOR-US: Joomla!
CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manager com ...)
	NOT-FOR-US: Joomla!
CVE-2019-10944
	RESERVED
CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
	NOT-FOR-US: Siemens
CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions),  ...)
	NOT-FOR-US: Siemens
CVE-2019-10941
	RESERVED
CVE-2019-10940 (A vulnerability has been identified in SINEMA Server (All versions &lt ...)
	NOT-FOR-US: Siemens
CVE-2019-10939 (A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET var ...)
	NOT-FOR-US: Siemens
CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with CPU var ...)
	NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
	NOT-FOR-US: SIMATIC TDC CP51M1
CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Kits for ...)
	NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
	NOT-FOR-US: Siemens
CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions),  ...)
	NOT-FOR-US: Siemens
CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...)
	NOT-FOR-US: Siemens
CVE-2019-10932
	RESERVED
CVE-2019-10931 (A vulnerability has been identified in All other SIPROTEC 5 device typ ...)
	NOT-FOR-US: Siemens
CVE-2019-10930 (A vulnerability has been identified in All other SIPROTEC 5 device typ ...)
	NOT-FOR-US: Siemens
CVE-2019-10929 (A vulnerability has been identified in SIMATIC CP 1626 (All versions), ...)
	NOT-FOR-US: Siemens
CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...)
	NOT-FOR-US: Siemens
CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...)
	NOT-FOR-US: Siemens
CVE-2019-10926 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
	NOT-FOR-US: Siemens
CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
	NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
	NOT-FOR-US: Siemens
CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions &lt; V2.8) ...)
	NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
	NOT-FOR-US: Siemens
CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All versions). Unenc ...)
	NOT-FOR-US: Siemens
CVE-2019-10920 (A vulnerability has been identified in LOGO!8 BM (All versions). Proje ...)
	NOT-FOR-US: Siemens
CVE-2019-10919 (A vulnerability has been identified in LOGO!8 BM (All versions). Attac ...)
	NOT-FOR-US: Siemens
CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
	NOT-FOR-US: Siemens
CVE-2019-10917 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
	NOT-FOR-US: Siemens
CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
	NOT-FOR-US: Siemens
CVE-2019-10915 (A vulnerability has been identified in TIA Administrator (All versions ...)
	NOT-FOR-US: Siemens
CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Insi ...)
	- matrixssl <removed>
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
	NOTE: https://github.com/matrixssl/matrixssl/issues/26
CVE-2019-10913 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
	{DSA-4441-1 DLA-1778-1}
	- symfony 3.4.22+dfsg-2
	NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
CVE-2019-10912 (In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4. ...)
	{DSA-4441-1}
	- symfony 3.4.22+dfsg-2
	[jessie] - symfony <not-affected> (vulnerable code is not present)
	NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
CVE-2019-10911 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
	{DSA-4441-1 DLA-1778-1}
	- drupal7 <not-affected> (Drupal 7 core not affected)
	- symfony 3.4.22+dfsg-2
	NOTE: https://www.drupal.org/SA-CORE-2019-005
	NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
CVE-2019-10910 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
	{DSA-4441-1 DLA-1778-1}
	- drupal7 <not-affected> (Drupal 7 core not affected)
	- symfony 3.4.22+dfsg-2
	NOTE: https://www.drupal.org/SA-CORE-2019-005
	NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
CVE-2019-10909 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
	{DSA-4441-1 DLA-1778-1}
	- drupal7 <not-affected> (Drupal 7 core not affected)
	- symfony 3.4.22+dfsg-2
	NOTE: https://www.drupal.org/SA-CORE-2019-005
	NOTE: https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords via org ...)
	NOT-FOR-US: Airsonic
CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...)
	NOT-FOR-US: Airsonic
CVE-2016-10745 (In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. ...)
	- jinja2 2.9.4-1
	[stretch] - jinja2 <no-dsa> (Minor issue)
	[jessie] - jinja2 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
	NOTE: Followup bugfix: https://github.com/pallets/jinja/commit/74bd64e56387f5b2931040dc7235a3509cde1611
CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape ...)
	- jinja2 2.10-2 (bug #926602)
	[stretch] - jinja2 <no-dsa> (Minor issue)
	[jessie] - jinja2 <no-dsa> (Minor issue)
	NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
	NOTE: https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26
CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup is disa ...)
	NOT-FOR-US: Parsedown
CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...)
	{DLA-1750-1}
	- roundup <removed> (bug #926587)
	NOTE: https://github.com/python/bugs.python.org/issues/34
	NOTE: https://issues.roundup-tracker.org/issue2551035
	NOTE: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...)
	{DLA-1802-1}
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-18.html
CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was addresse ...)
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	[jessie] - wireshark <not-affected> (vulnerable code is not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95571f17d5e2de39735e62e5251583f930c06d51
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-16.html
CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
	{DLA-1802-1}
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-17.html
CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop.  ...)
	- wireshark <not-affected> (Vulnerable code introduced later in 3.0.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15612
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=26eee01f57f0a86fb375892c7937eac24ede4610
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-13.html
CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...)
	{DLA-1802-1}
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-10.html
CVE-2019-10898 (In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. ...)
	- wireshark <not-affected> (Vulnerable code introduced later; GSUP dissector introduced in 3.0.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15585
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f80b7d1b279fb6c13f640019a1bbc42b18bf7469
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-12.html
CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinit ...)
	- wireshark <not-affected> (Vulnerable code introduced in 3.0.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-11.html
CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF disse ...)
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	[jessie] - wireshark <not-affected> (vulnerable code is not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-15.html
CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...)
	{DLA-1802-1}
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d
	NOTE: introduced bug: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1660f7437198113c0c90cec22daa6abcd3af22cc
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-09.html
CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...)
	{DLA-1802-1}
	- wireshark 2.6.8-1 (low; bug #926718)
	[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html
CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
	NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices. There is a stack-ba ...)
	NOT-FOR-US: D-Link
CVE-2019-10891 (An issue was discovered in D-Link DIR-806 devices. There is a command  ...)
	NOT-FOR-US: D-Link
CVE-2019-10890
	RESERVED
CVE-2019-10889
	RESERVED
CVE-2019-10888 (A CSRF Issue that can add an admin user was discovered in UKcms v1.1.1 ...)
	NOT-FOR-US: UKcms
CVE-2019-10887 (A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) de ...)
	NOT-FOR-US: Salicru SLC-20-cube3(5) devices
CVE-2019-10886 (An incorrect access control exists in the Sony Photo Sharing Plus appl ...)
	NOT-FOR-US: Sony Photo Sharing Plus application
CVE-2019-10885 (An issue was discovered in Ivanti Workspace Control before 10.3.90.0.  ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because it fail ...)
	NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center  ...)
	NOT-FOR-US: Citrix
CVE-2019-10882 (The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2 ...)
	NOT-FOR-US: Netskope
CVE-2019-10881
	RESERVED
CVE-2019-10880 (Within multiple XEROX products a vulnerability allows remote command e ...)
	NOT-FOR-US: XEROX
CVE-2018-20816 (An XSS combined with CSRF vulnerability discovered in SalesAgility Sui ...)
	NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
	- teeworlds 0.7.2-4 (bug #927152)
	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
	NOTE: https://github.com/teeworlds/teeworlds/issues/2070
	NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e
CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...)
	- teeworlds 0.7.2-5 (bug #927152)
	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
	NOTE: https://github.com/teeworlds/teeworlds/issues/2073
	NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
	NOTE: https://github.com/teeworlds/teeworlds/commit/cc3d59ae706752956d6cb8acc4187c8398b61c5c
CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...)
	- teeworlds 0.7.2-4 (bug #927152)
	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
	NOTE: https://github.com/teeworlds/teeworlds/issues/2071
	NOTE: https://github.com/teeworlds/teeworlds/commit/d25869626a8cfbdd320929ba93ce73abed1402ce
	NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988
CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x  ...)
	- neutron 2:13.0.2-15 (bug #926502)
	[stretch] - neutron <not-affected> (Vulnerable code introduced later; Around Pike Openstack release)
	[jessie] - neutron <not-affected> (Vulnerable code introduced later; Around Pike Openstack release)
	NOTE: https://bugs.launchpad.net/ossa/+bug/1813007
	NOTE: https://review.openstack.org/#/q/topic:bug/1813007
CVE-2019-10875 (A URL spoofing vulnerability was found in all international versions o ...)
	NOT-FOR-US: Xiaomi Mi browser
CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...)
	- poppler 0.71.0-4 (low; bug #926532)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <not-affected> (vulnerable code is not present)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
	{DLA-1815-1}
	- poppler 0.71.0-5 (low; bug #926530)
	[stretch] - poppler <postponed> (Revisit when fixed upstream)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #926529)
	[buster] - poppler <postponed> (Revisit when fixed upstream)
	[stretch] - poppler <postponed> (Revisit when fixed upstream)
	[jessie] - poppler <postponed> (Revisit when fixed upstream)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/266 (rejected in favor of always enabling SPLASH_CMYK)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/341 (always enable SPLASH_CMYK)
CVE-2019-10870
	RESERVED
CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja Forms  ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
	NOT-FOR-US: Pimcore
CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possible to ...)
	NOT-FOR-US: Form Maker plugin for WordPress
CVE-2019-10865
	RESERVED
CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-10863 (A command injection vulnerability exists in TeemIp versions before 2.4 ...)
	NOT-FOR-US: TeemIp IPAM
CVE-2019-10862
	RESERVED
CVE-2019-10861
	RESERVED
CVE-2019-10860
	RESERVED
CVE-2019-10859
	RESERVED
CVE-2019-10858
	RESERVED
CVE-2019-10857
	RESERVED
CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via an em ...)
	- jupyter-notebook <not-affected> (Incomplete fix for CVE-2019-10255 not applied)
	NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
	NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection. ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via th ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10848 (Computrols CBAS 18.0.0 allows Username Enumeration. ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10847 (Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10846 (Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scr ...)
	NOT-FOR-US: Computrols CBAS
CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...)
	NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
	NOT-FOR-US: Sony
CVE-2019-10843
	REJECTED
CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in bootstr ...)
	NOT-FOR-US: backdoored version of bootstrap-sass
CVE-2019-10841
	RESERVED
CVE-2019-10840
	RESERVED
CVE-2019-10839
	RESERVED
CVE-2019-10838
	RESERVED
CVE-2019-10837
	RESERVED
CVE-2019-10836
	RESERVED
CVE-2019-10835
	RESERVED
CVE-2019-10834
	RESERVED
CVE-2019-10833
	RESERVED
CVE-2019-10832
	RESERVED
CVE-2019-10831
	RESERVED
CVE-2019-10830
	RESERVED
CVE-2019-10829
	RESERVED
CVE-2019-10828
	RESERVED
CVE-2019-10827
	RESERVED
CVE-2019-10826
	RESERVED
CVE-2019-10825
	RESERVED
CVE-2019-10824
	RESERVED
CVE-2019-10823
	RESERVED
CVE-2019-10822
	RESERVED
CVE-2019-10821
	RESERVED
CVE-2019-10820
	RESERVED
CVE-2019-10819
	RESERVED
CVE-2019-10818
	RESERVED
CVE-2019-10817
	RESERVED
CVE-2019-10816
	RESERVED
CVE-2019-10815
	RESERVED
CVE-2019-10814
	RESERVED
CVE-2019-10813
	RESERVED
CVE-2019-10812
	RESERVED
CVE-2019-10811
	RESERVED
CVE-2019-10810
	RESERVED
CVE-2019-10809
	RESERVED
CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object properties. The ...)
	NOT-FOR-US: utilitify
CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...)
	NOT-FOR-US: Node blamer
CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...)
	NOT-FOR-US: Node vega-util
CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously  ...)
	NOT-FOR-US: Node valib
CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...)
	NOT-FOR-US: Node serial-number
CVE-2019-10803 (push-dir through 0.4.1 allows execution of arbritary commands. Argumen ...)
	NOT-FOR-US: Node push-dir
CVE-2019-10802 (giting version prior to 0.0.8 allows execution of arbritary commands.  ...)
	NOT-FOR-US: Node giting
CVE-2019-10801 (enpeem through 2.2.0 allows execution of arbitrary commands. The "opti ...)
	NOT-FOR-US: Node enpeem
CVE-2019-10800
	RESERVED
CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...)
	NOT-FOR-US: Node module compile-sass
CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...)
	NOT-FOR-US: Node module rdf-graph-array
CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...)
	NOT-FOR-US: WSO2
CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The variable ...)
	NOT-FOR-US: Node module rpi
CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
	NOT-FOR-US: undefsafe
CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...)
	NOT-FOR-US: Node module component-flatten
CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set  ...)
	NOT-FOR-US: Node module dot-object
CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler ...)
	NOT-FOR-US: Node module bodymen
CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...)
	NOT-FOR-US: Node module promise-probe
CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...)
	NOT-FOR-US: Node module taffy
CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...)
	NOT-FOR-US: curling.js
CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: im-metadata node module
CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: im-resize node module
CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...)
	NOT-FOR-US: network-manager node module
CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...)
	{DLA-2127-1}
	- dojo 1.15.2+dfsg1-1 (bug #952771)
	[buster] - dojo 1.15.0+dfsg1-1+deb10u1
	NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
	NOTE: https://snyk.io/vuln/SNYK-JS-DOJOX-548257
	NOTE: https://github.com/dojo/dojox/pull/315
CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
	- phppgadmin <unfixed> (bug #953945)
	[buster] - phppgadmin <no-dsa> (Minor issue)
	[stretch] - phppgadmin <no-dsa> (Minor issue)
	[jessie] - phppgadmin <no-dsa> (Minor issue)
	NOTE: https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
	NOTE: https://github.com/phppgadmin/phppgadmin/issues/94
CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...)
	NOT-FOR-US: lsof node module
CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
	NOT-FOR-US: schema-inspector node module
CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...)
	NOT-FOR-US: BibTeX-ruby
CVE-2019-10779 (All versions of stroom:stroom-app before 5.5.12 and all versions of th ...)
	NOT-FOR-US: Stroom
CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...)
	NOT-FOR-US: devcert-sanscache
CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...)
	NOT-FOR-US: aws-lambda
CVE-2019-10776 (In "index.js" file line 240, the run command executes the git command  ...)
	NOT-FOR-US: git-diff-apply
CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful exploitati ...)
	- node-ecstatic <itp> (bug #910614)
CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command injection vulner ...)
	- php-shellcommand 1.6.1-1
	NOTE: https://snyk.io/vuln/SNYK-PHP-MIKEHAERTLPHPSHELLCOMMAND-538426
	NOTE: https://github.com/mikehaertl/php-shellcommand/commit/8d98d8536e05abafe76a491da87296d824939076
	NOTE: https://github.com/mikehaertl/php-shellcommand/issues/44
CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...)
	- node-yarnpkg 1.21.1-1
	NOTE: https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023
	NOTE: https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/
	NOTE: https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
	NOTE: https://snyk.io/vuln/SNYK-JS-YARN-537806
CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 using th ...)
	NOT-FOR-US: svg-sanitize
CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...)
	NOT-FOR-US: IOBroker
CVE-2019-10770 (All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and befo ...)
	NOT-FOR-US: ratpack-core
CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used  ...)
	NOT-FOR-US: safer-eval Node module
CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...)
	- angular.js 1.7.9-1 (bug #945249)
	[buster] - angular.js <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
	[jessie] - angular.js <not-affected> (vulnerable code is not present, deep merging introduced later)
	NOTE: https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
CVE-2019-10767 (An attacker can include file contents from outside the `/adapter/xxx/` ...)
	NOT-FOR-US: ioBroker
CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...)
	NOT-FOR-US: Pixie CMS
CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file contents  ...)
	NOT-FOR-US: ioBroker
CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...)
	NOT-FOR-US: elliptic-php
CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attack ...)
	NOT-FOR-US: Pimcore
CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to perform a ...)
	NOT-FOR-US: medoo
CVE-2019-10761
	RESERVED
CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A  ...)
	NOT-FOR-US: safer-eval Node module
CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A  ...)
	NOT-FOR-US: safer-eval Node module
CVE-2019-10758 (mongo-express before 0.54.0 is vulnerable to Remote Code Execution via ...)
	NOT-FOR-US: mongo-express
CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...)
	NOT-FOR-US: knex.js
CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...)
	NOT-FOR-US: node-red-dashboard
CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found to make ...)
	NOT-FOR-US: SAML2Utils.java
CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
	NOT-FOR-US: Apereo Central Authentication Service
CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...)
	NOT-FOR-US: eclipse-wtp
CVE-2019-10752 (Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnera ...)
	NOT-FOR-US: sequelize Node module
CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)
	{DLA-1937-1}
	- httpie 1.0.3-1 (bug #940058)
	[buster] - httpie <no-dsa> (Minor issue)
	[stretch] - httpie <no-dsa> (Minor issue)
	NOTE: https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
	NOTE: https://github.com/jakubroztocil/httpie/commit/df36d6255df5793129b02ac82f1010171bd8a0a8
CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3.1.0.  ...)
	NOT-FOR-US: deeply
CVE-2019-10749 (sequelize before version 3.35.1 allows attackers to perform a SQL Inje ...)
	NOT-FOR-US: sequelize
CVE-2019-10748 (Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnera ...)
	NOT-FOR-US: sequelize
CVE-2019-10747 (set-value is vulnerable to Prototype Pollution in versions lower than  ...)
	[experimental] - node-set-value 3.0.1-1
	- node-set-value 0.4.0-2 (bug #941189)
	[buster] - node-set-value 0.4.0-1+deb10u1
	[stretch] - node-set-value <ignored> (Nodejs in stretch not covered by security support)
	NOTE: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
CVE-2019-10746 (mixin-deep is vulnerable to Prototype Pollution in versions before 1.3 ...)
	- node-mixin-deep 2.0.1-1 (bug #932500)
	[buster] - node-mixin-deep 1.1.3-3+deb10u1
	[stretch] - node-mixin-deep 1.1.3-1+deb9u1
	NOTE: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
	NOTE: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
	NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
CVE-2019-10745 (assign-deep is vulnerable to Prototype Pollution in versions before 0. ...)
	NOT-FOR-US: Node assign-deep
CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ...)
	- node-lodash 4.17.15+dfsg-1 (bug #933079)
	[buster] - node-lodash 4.17.11+dfsg-2+deb10u1
	[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
	[jessie] - node-lodash <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-450202
	NOTE: https://github.com/lodash/lodash/issues/4348
	NOTE: https://github.com/lodash/lodash/pull/4336
CVE-2019-10743 (All versions of archiver allow attacker to perform a Zip Slip attack v ...)
	NOT-FOR-US: archiver
CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a denial of ...)
	- node-axios 0.17.1+dfsg-2 (bug #928624)
	NOTE: https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505
	NOTE: https://github.com/axios/axios/issues/1098
	NOTE: https://github.com/axios/axios/pull/1485
CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a special ...)
	NOT-FOR-US: K-9 Mail
CVE-2019-10740 (In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIM ...)
	- roundcube 1.3.10+dfsg.1-1 (bug #927713)
	[buster] - roundcube 1.3.10+dfsg.1-1~deb10u1
	[stretch] - roundcube <ignored> (Relies on php-crypt-gpg, not in stretch. Old version in 1.3 doesn't verify signature anyway)
	NOTE: https://github.com/roundcube/roundcubemail/issues/6638
	NOTE: https://github.com/roundcube/roundcubemail/commit/de25226d310de11f6a9eb0aa7ea1c90d82dc70d8 (release-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/8fe12e2fadac9b1ce212341ca3632f85781cfea4 (master)
CVE-2019-10739
	RESERVED
CVE-2019-10738
	RESERVED
CVE-2019-10737
	RESERVED
CVE-2019-10736
	RESERVED
CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encry ...)
	- claws-mail <unfixed> (low; bug #926705)
	[buster] - claws-mail <postponed> (Revisit when fixed upstream)
	[stretch] - claws-mail <postponed> (Revisit when fixed upstream)
	[jessie] - claws-mail <postponed> (Revisit when fixed upstream)
	NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159
CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypt ...)
	- trojita <itp> (bug #795701)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=404697
CVE-2019-10733
	RESERVED
CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypt ...)
	{DLA-1825-1}
	- kf5-messagelib 4:19.08.3-1 (bug #926996)
	[buster] - kf5-messagelib <no-dsa> (Minor issue)
	[stretch] - kf5-messagelib <no-dsa> (Minor issue)
	- kdepim <removed>
	[stretch] - kdepim <no-dsa> (Minor issue)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=404698
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2)
CVE-2019-10731
	RESERVED
CVE-2019-10730
	RESERVED
CVE-2019-10729
	RESERVED
CVE-2019-10728
	RESERVED
CVE-2019-10727
	RESERVED
CVE-2019-10726
	RESERVED
CVE-2019-10725
	RESERVED
CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system services in wh ...)
	NOT-FOR-US: Dolby
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
	- libpodofo <unfixed> (low; bug #926667)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <postponed> (clean exception quit/DoS, low popcon)
	NOTE: https://sourceforge.net/p/podofo/tickets/46/
CVE-2019-1003099 (A missing permission check in Jenkins openid Plugin in the OpenIdSsoSe ...)
	NOT-FOR-US: Jenkins openid Plugin
CVE-2019-1003098 (A cross-site request forgery vulnerability in Jenkins openid Plugin in ...)
	NOT-FOR-US: Jenkins openid Plugin
CVE-2019-1003097 (Jenkins Crowd Integration Plugin stores credentials unencrypted in the ...)
	NOT-FOR-US: Jenkins Crowd Integration Plugin
CVE-2019-1003096 (Jenkins TestFairy Plugin stores credentials unencrypted in job config. ...)
	NOT-FOR-US: Jenkins TestFairy Plugin
CVE-2019-1003095 (Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its g ...)
	NOT-FOR-US: Jenkins Perfecto Mobile Plugin
CVE-2019-1003094 (Jenkins Open STF Plugin stores credentials unencrypted in its global c ...)
	NOT-FOR-US: Jenkins Open STF Plugin
CVE-2019-1003093 (A missing permission check in Jenkins Nomad Plugin in the NomadCloud.D ...)
	NOT-FOR-US: Jenkins Nomad Plugin
CVE-2019-1003092 (A cross-site request forgery vulnerability in Jenkins Nomad Plugin in  ...)
	NOT-FOR-US: Jenkins Nomad Plugin
CVE-2019-1003091 (A missing permission check in Jenkins SOASTA CloudTest Plugin in the C ...)
	NOT-FOR-US: Jenkins SOASTA CloudTest Plugin
CVE-2019-1003090 (A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest ...)
	NOT-FOR-US: Jenkins SOASTA CloudTest Plugin
CVE-2019-1003089 (Jenkins Upload to pgyer Plugin stores credentials unencrypted in job c ...)
	NOT-FOR-US: Jenkins Upload to pgyer Plugin
CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in ...)
	NOT-FOR-US: Jenkins Fabric Beta Publisher Plugin
CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in the ChefB ...)
	NOT-FOR-US: Jenkins Chef Sinatra Plugin
CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test Managemen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr Enterpris ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the GearmanPlu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins Gearman Plugin i ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer Plugin in the ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins OpenShift Deploy ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager Slaves Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware Lab Manag ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database Plugin in the  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit to Databas ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials unencrypted in its ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores credentia ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials unencrypted in job  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted in its glo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials unencrypted in its  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials unencrypt ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted in job co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in its global c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials unencrypted in its g ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in it ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin in the FTPP ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP publisher Pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials unencrypted in jo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted in its glo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials unencrypted in jo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in job config. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...)
	{DSA-4426-1}
	- tryton-server 5.0.4-2
	[jessie] - tryton-server <not-affected> (vulnerable code is not present)
	NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262
	NOTE: https://bugs.tryton.org/issue8189
	NOTE: https://hg.tryton.org/trytond/rev/f58bbfe0aefb
CVE-2019-10722
	RESERVED
CVE-2019-10721 (BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the Retur ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind In ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-10716 (An Information Disclosure issue in Verodin Director 3.5.3.1 and earlie ...)
	NOT-FOR-US: Verodin Director
CVE-2019-10715 (There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input  ...)
	NOT-FOR-US: Verodin Director
CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32  ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/aa6a769bd85f6750c26e53e53dcd8a2678745501
	NOTE: Issue introduced while fixing https://github.com/ImageMagick/ImageMagick/issues/1455
CVE-2019-10713
	RESERVED
CVE-2019-10712 (The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831 ...)
	NOT-FOR-US: WAGO Series devices
CVE-2019-10711 (Incorrect access control in the RTSP stream and web portal on all IP c ...)
	NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
CVE-2019-10710 (Insecure permissions in the Web management portal on all IP cameras ba ...)
	NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
CVE-2019-10709 (AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a  ...)
	NOT-FOR-US: Asus
CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike i ...)
	NOT-FOR-US: S-CMS PHP
CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...)
	NOT-FOR-US: MKCMS
CVE-2019-10706 (Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: T ...)
	NOT-FOR-US: Western Digital
CVE-2019-10705 (Western Digital SanDisk X600 devices in certain configurations, a vuln ...)
	NOT-FOR-US: Western Digital
CVE-2019-10704
	RESERVED
CVE-2019-10703
	RESERVED
CVE-2019-10702
	RESERVED
CVE-2019-10701
	RESERVED
CVE-2019-10700
	RESERVED
CVE-2019-10699
	RESERVED
CVE-2019-10698
	RESERVED
CVE-2019-10697
	RESERVED
CVE-2019-10696
	RESERVED
CVE-2019-10695 (When using the cd4pe::root_configuration task to configure a Continuou ...)
	NOT-FOR-US: cd4pe Puppet module
CVE-2019-10694 (The express install, which is the suggested way to install Puppet Ente ...)
	NOT-FOR-US: Puppet Enterprise
CVE-2019-10693
	RESERVED
CVE-2019-10692 (In the wp-google-maps plugin before 7.11.18 for WordPress, includes/cl ...)
	NOT-FOR-US: wp-google-maps plugin for WordPress
CVE-2019-10691 (The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ...)
	- dovecot 1:2.3.4.1-4
	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/18/3
CVE-2019-10690
	RESERVED
CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with Better  ...)
	NOT-FOR-US: VVX products using UCS software
CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2  ...)
	NOT-FOR-US: VVX products using UCS
CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...)
	NOT-FOR-US: KBPublisher
CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
	NOT-FOR-US: Ctrip Apollo
CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Heidelberg Prinect Archiver
CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms v5.0. ...)
	NOT-FOR-US: 74cms
CVE-2019-10683
	RESERVED
CVE-2019-10682 (django-nopassword before 5.0.0 stores cleartext secrets in the databas ...)
	NOT-FOR-US: django-nopassword
CVE-2019-10681
	RESERVED
CVE-2019-10680
	RESERVED
CVE-2019-10679
	RESERVED
CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...)
	- domoticz <itp> (bug #899058)
CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...)
	NOT-FOR-US: DASAN
CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...)
	NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10675
	REJECTED
CVE-2019-10674
	RESERVED
CVE-2019-10673 (A CSRF vulnerability in a logged-in user's profile edit form in the Ul ...)
	NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2019-10671 (An issue was discovered in LibreNMS through 1.47. It does not paramete ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10670 (An issue was discovered in LibreNMS through 1.47. Many of the scripts  ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10669 (An issue was discovered in LibreNMS through 1.47. There is a command i ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10668 (An issue was discovered in LibreNMS through 1.47. A number of scripts  ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10667 (An issue was discovered in LibreNMS through 1.47. Information disclosu ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10666 (An issue was discovered in LibreNMS through 1.47. Several of the scrip ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10665 (An issue was discovered in LibreNMS through 1.47. The scripts that han ...)
	NOT-FOR-US: LibreNMS
CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx parameter in  ...)
	- domoticz <itp> (bug #899058)
CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not properly vali ...)
	- libmysofa 0.6~dfsg0-3 (bug #926125)
	NOTE: https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1
CVE-2019-10663 (Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticate ...)
	NOT-FOR-US: Grandstream
CVE-2019-10662 (Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticate ...)
	NOT-FOR-US: Grandstream
CVE-2019-10661 (On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account  ...)
	NOT-FOR-US: Grandstream
CVE-2019-10660 (Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenti ...)
	NOT-FOR-US: Grandstream
CVE-2019-10659 (Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices a ...)
	NOT-FOR-US: Grandstream
CVE-2019-10658 (Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated ...)
	NOT-FOR-US: Grandstream
CVE-2019-10657 (Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 device ...)
	NOT-FOR-US: Grandstream
CVE-2019-10656 (Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated ...)
	NOT-FOR-US: Grandstream
CVE-2019-10655 (Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3 ...)
	NOT-FOR-US: Grandstream
CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in  ...)
	- lrzip <unfixed> (unimportant)
	NOTE: https://github.com/ckolivas/lrzip/issues/108
	NOTE: Crash in CLI tool, no security impact
CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection vulne ...)
	NOT-FOR-US: Hsycms
CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
	NOT-FOR-US: flatCore
CVE-2019-10651 (An issue was discovered in the Core Server in Ivanti Endpoint Manager  ...)
	NOT-FOR-US: Ivanti
CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4436-1 DLA-1785-1}
	- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1532
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef
CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1533
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e3417aebe17cbe274b7361aa92c83226ca5b646b
CVE-2019-10648 (Robocode through 1.9.3.5 allows remote attackers to cause external ser ...)
	- robocode 1.9.3.3-2 (low; bug #926088)
	[stretch] - robocode <no-dsa> (Minor issue)
	[jessie] - robocode <end-of-life> (games are not supported)
	NOTE: https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f
	NOTE: https://sourceforge.net/p/robocode/bugs/406/
CVE-2019-10647 (ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP  ...)
	NOT-FOR-US: ZZZCMS zzzphp
CVE-2019-10646 (Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the mod ...)
	NOT-FOR-US: Wolf CMS
CVE-2019-10645
	RESERVED
CVE-2019-10644 (An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vul ...)
	NOT-FOR-US: HYBBS
CVE-2019-10643 (Contao 4.7 allows Use of a Key Past its Expiration Date. ...)
	NOT-FOR-US: Contao
CVE-2019-10642 (Contao 4.7 allows CSRF. ...)
	NOT-FOR-US: Contao
CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery ...)
	NOT-FOR-US: Contao
CVE-2019-10640 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows I ...)
	{DSA-4497-1 DLA-1885-1 DLA-1862-1}
	- linux 4.19.37-1
	NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
	NOT-FOR-US: Marvell
CVE-2019-10636 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
	NOT-FOR-US: Marvell
CVE-2019-10635
	RESERVED
CVE-2019-10634 (An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allow ...)
	NOT-FOR-US: Zyxel
CVE-2019-10633 (An eval injection vulnerability in the Python web server routing on th ...)
	NOT-FOR-US: Zyxel
CVE-2019-10632 (A directory traversal vulnerability in the file browser component on t ...)
	NOT-FOR-US: Zyxel
CVE-2019-10631 (Shell Metacharacter Injection in the package installer on Zyxel NAS 32 ...)
	NOT-FOR-US: Zyxel
CVE-2019-10630 (A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 a ...)
	NOT-FOR-US: Zyxel
CVE-2019-10629
	RESERVED
CVE-2019-10628
	RESERVED
CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image  ...)
	NOT-FOR-US: Qualcomm
CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10623 (Possible integer overflow can happen in host driver while processing u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10622 (Out of bound memory access can happen while parsing ADSP message due t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10621 (Use after free issue when MAP and UNMAP calls at same time as data str ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10620 (Kernel memory error in debug module due to improper check of user data ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10619
	RESERVED
CVE-2019-10618 (Driver may access an invalid address while processing IO control due t ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10617 (Low privilege users can access service configuration which contains re ...)
	NOT-FOR-US: Qualcomm
CVE-2019-10616 (Possibility of null pointer access if the SPDM commands are executed i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10615
	RESERVED
CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10613
	RESERVED
CVE-2019-10612 (UTCB object has a function pointer called by the reaper to deallocate  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10610 (Possible buffer over read when trying to process SDP message Video med ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10609 (Out of bound write can happen due to lack of check of array index valu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10608 (Information disclosure issue occurs as there is no binding between the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL characte ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10606 (Out-of-bound access will occur in USB driver due to lack of check to v ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10605 (Buffer overwrite can occur in IEEE80211 header filling function due to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10604 (Possibility of heap-buffer-overflow during last iteration of loop whil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10603 (Use after free issue occurs If the real device interface goes down and ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10602 (Potential use-after-free heap error during Validate/Present calls on d ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10601 (Out of bound access can occur while processing firmware event due to l ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes out of i ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10599
	RESERVED
CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10596
	RESERVED
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10594 (Stack overflow can occur when SDP is received with multiple payload ty ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10593 (Buffer overflow can occur when processing non standard SDP video Image ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 bit in  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10591 (Null pointer dereference can happen when parsing udta atom which is no ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10589 (Lack of length check of response buffer can lead to buffer over-flow w ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10588 (Copying RTCP messages into the output buffer without checking the dest ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10587 (Possible Stack overflow can occur when processing a large SDP body or  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10586 (Filling media attribute tag names without validating the destination b ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10585 (Possible integer overflow happens when mmap find function will increme ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10584 (Possibility of out of bound access in debug queue, if packet size fiel ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10583 (Use after free issue occurs when camera access sensors data through di ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10582 (Use after free issue due to using of invalidated iterator to delete an ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10581 (NULL is assigned to local instance of audio device pointer after free  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10580
	RESERVED
CVE-2019-10579 (Buffer over-read can occur while playing the video clip which is not s ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10578 (Null pointer dereference can occur while parsing the clip which is non ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10577 (Improper input validation while processing SIP URI received from the n ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10576
	RESERVED
CVE-2019-10575 (Wlan binary which is not signed with OEMs RoT is working on secure dev ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10574 (Lack of boundary checks for data offsets received from HLOS can lead t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10573
	RESERVED
CVE-2019-10572 (Improper check in video driver while processing data from video firmwa ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to missing check ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10570
	RESERVED
CVE-2019-10569 (Stack buffer overflow due to instance id is misplaced inside definitio ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10568
	RESERVED
CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while accessing memo ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10562
	RESERVED
CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10560
	RESERVED
CVE-2019-10559 (Accessing data buffer beyond the available data while parsing ogg clip ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10558 (While transferring data from APPS to DSP, Out of bound in FastRPC HLOS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10557 (Out-of-bound read in the wireless driver in the Linux kernel due to la ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10556 (Missing length check before copying the data from kernel space to user ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and missing l ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10554 (Multiple Read overflows issue due to improper length check while decod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10553 (Multiple Read overflows due to improper length checks while decoding a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10552 (Multiple Buffer Over-read issue can happen due to improper length chec ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10551 (String error while processing non standard SIP messages received can l ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10550 (Buffer Over-read when UE is trying to process the message received for ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10549 (Null pointer dereference issue can happen due to improper validation o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10548 (While trying to obtain datad ipc handle during DPL initialization, Hea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10547 (When issuing IOCTL calls to ION, Memory leak can occur due to failure  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10546 (Buffer overflow can occur in WLAN firmware while parsing beacon/probe_ ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check related  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10544 (Improper length check on source buffer to handle userspace data receiv ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10543
	RESERVED
CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted firmware file  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10541 (Dereference on uninitialized buffer can happen when parsing FLV clip w ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10538 (Lack of check of address range received from firmware response allows  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10537 (Improper validation of event buffer extracted from FW response can lea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10536 (Potential double free scenario if driver receives another DIAG_EVENT_L ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10535 (Improper validation for loop variable received from firmware can lead  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10533 (Out of bound access due to improper validation of array index cause th ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10532 (Null-pointer dereference issue can occur while calculating string leng ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10531 (Incorrect reading of system image resulting in buffer overflow when si ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10530 (Lack of check of data truncation on user supplied data in kernel leads ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10529 (Possible use after free issue due to race condition while attempting t ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog session inf ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10527
	RESERVED
CVE-2019-10526 (Out of bound write in WLAN driver due to NULL character not properly p ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10523 (Target specific data is being sent to remote server and leads to infor ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow can occur  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10521
	RESERVED
CVE-2019-10520 (An unprivileged application can allocate GPU memory by calling memory  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10519
	RESERVED
CVE-2019-10518 (Use after free of a pointer in iWLAN scenario during netmgr state tran ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10517 (Memory is being freed up twice when two concurrent threads are executi ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10516 (Multiple read overflows in MM while decoding service accept,service re ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10515 (DCI client which might be preemptively freed up might be accessed for  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10514
	RESERVED
CVE-2019-10513 (Possibility of Null pointer access if the SPDM commands are executed i ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10512 (Payload size is not checked before using it as array index in audio in ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10511 (Possibility of memory overflow while decoding GSNDCP compressed mode P ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10508 (Lack of input validation for data received from user space can lead to ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10507 (Lack of check of extscan change results received from firmware can lea ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor comm ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10505 (Out of bound access while processing a non-standard IE measurement req ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1 sec due t ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10503 (Out-of-bounds access can occur in camera driver due to improper valida ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is acces ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10500 (While processing MT Secondary PDP request, Buffer overflow will happen ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10499 (Improper validation of read and write index of tx and rx fifo`s before ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec reques ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10497 (Use after free issue occurs If another instance of open for voice_svc  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10496 (Lack of checking a variable received from driver and populating in Fir ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10495 (Arbitrary buffer write issue while processing sequence header during H ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10494 (Race condition between the camera functions due to lack of resource lo ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10493 (Position determination accuracy may be degraded due to wrongly decoded ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU processing un ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10490 (Use after free issue in Xtra daemon shutdown due to static object inst ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10487 (Buffer over read can happen while parsing SMS OTA messages at transpor ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10486 (Race condition due to the lack of resource lock which will be concurre ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10485 (Infinite loop while decoding compressed data can lead to overrun condi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10484 (Use after free issue occurs when command destructors access dynamicall ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10483 (Side channel issue in QTEE due to usage of non-time-constant compariso ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10482 (Due to the use of non-time-constant comparison functions there is issu ...)
	NOT-FOR-US: Snapdragon
CVE-2019-10481 (Out of bound access occurs while handling the WMI FW event due to lack ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10480 (Out of bound write can happen in WMI firmware event handler due to lac ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-10479 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...)
	NOT-FOR-US: Glory RBW-100 devices
CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...)
	NOT-FOR-US: Glory RBW-100 devices
CVE-2019-10477 (The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 fo ...)
	NOT-FOR-US: GLPI plugin
CVE-2019-10476 (Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10475 (A reflected cross-site scripting vulnerability in Jenkins build-metric ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10474 (A missing permission check in Jenkins Global Post Script Plugin in all ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10473 (A missing permission check in Jenkins Libvirt Slaves Plugin in form-re ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10472 (A missing permission check in Jenkins Libvirt Slaves Plugin allows att ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10471 (A cross-site request forgery vulnerability in Jenkins Libvirt Slaves P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10470 (A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10469 (A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10468 (A cross-site request forgery vulnerability in Jenkins ElasticBox Jenki ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10467 (Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job conf ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10466 (An XML external entities (XXE) vulnerability in Jenkins 360 FireLine P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10465 (A missing permission check in Jenkins Deploy WebLogic Plugin allows at ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10464 (A cross-site request forgery vulnerability in Jenkins Deploy WebLogic  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10463 (A missing permission check in Jenkins Dynatrace Application Monitoring ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10462 (A cross-site request forgery vulnerability in Jenkins Dynatrace Applic ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10461 (Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10460 (Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10459 (Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhoo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10458 (Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10457 (A missing permission check in Jenkins Oracle Cloud Infrastructure Comp ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10456 (A cross-site request forgery vulnerability in Jenkins Oracle Cloud Inf ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10455 (A missing permission check in Jenkins Rundeck Plugin allows attackers  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10454 (A cross-site request forgery vulnerability in Jenkins Rundeck Plugin a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10453 (Jenkins Delphix Plugin stores credentials unencrypted in its global co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10452 (Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10451 (Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10450 (Jenkins ElasticBox CI Plugin stores credentials unencrypted in the glo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10449 (Jenkins Fortify on Demand Plugin stores credentials unencrypted in job ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10448 (Jenkins Extensive Testing Plugin stores credentials unencrypted in job ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10447 (Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xm ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10446 (Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10445 (A missing permission check in Jenkins Google Kubernetes Engine Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10444 (Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disa ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10443 (Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypt ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10442 (A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlie ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10441 (A cross-site request forgery vulnerability in Jenkins iceScrum Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10440 (Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10439 (A missing permission check in Jenkins CRX Content Package Deployer Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10438 (A missing permission check in Jenkins CRX Content Package Deployer Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10437 (A cross-site request forgery vulnerability in Jenkins CRX Content Pack ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10436 (An arbitrary file read vulnerability in Jenkins Google OAuth Credentia ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured credentials in pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10434 (Jenkins LDAP Email Plugin transmits configured credentials in plain te ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10433 (Jenkins Dingding[&#38025;&#38025;] Plugin stores credentials unencrypt ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10432 (Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the proj ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10431 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10429 (Jenkins GitLab Logo Plugin stores credentials unencrypted in its globa ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10428 (Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10427 (Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10426 (Jenkins Gem Publisher Plugin stores credentials unencrypted in its glo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10425 (Jenkins Google Calendar Plugin stores credentials unencrypted in job c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10424 (Jenkins elOyente Plugin stores credentials unencrypted in its global c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10423 (Jenkins CodeScan Plugin stores credentials unencrypted in its global c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10422 (Jenkins Call Remote Job Plugin stores credentials unencrypted in job c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10421 (Jenkins Azure Event Grid Build Notifier Plugin stores credentials unen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10420 (Jenkins Assembla Plugin stores credentials unencrypted in its global c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10419 (Jenkins vFabric Application Director Plugin stores credentials unencry ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10418 (Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10417 (Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10416 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10415 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10414 (Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unenc ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10413 (Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10412 (Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured cre ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10411 (Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10410 (Jenkins Log Parser Plugin 2.0 and earlier did not escape an error mess ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10409 (A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project Inherita ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...)
	NOT-FOR-US: Jenkins
CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...)
	NOT-FOR-US: Jenkins
CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the  ...)
	NOT-FOR-US: Jenkins
CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the  ...)
	NOT-FOR-US: Jenkins
CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox  ...)
	NOT-FOR-US: Jenkins
CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...)
	NOT-FOR-US: Jenkins
CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10398 (Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unenc ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10397 (Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier tran ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10396 (Jenkins Dashboard View Plugin 2.11 and earlier did not escape build de ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10395 (Jenkins Build Environment Plugin 1.6 and earlier did not escape variab ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10394 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10393 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10392 (Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10391 (Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier tra ...)
	NOT-FOR-US: IBM
CVE-2019-10390 (A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestView Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10384 (Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to ob ...)
	NOT-FOR-US: Jenkins
CVE-2019-10383 (A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...)
	NOT-FOR-US: Jenkins
CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier sto ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and earlier al ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall Display ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System SCM Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown Formatt ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build Pipeline  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab Authentication Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab Authentication Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as C ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...)
	NOT-FOR-US: Jenkins Skytap Cloud CI Plugin
CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...)
	NOT-FOR-US: Jenkins Google Kubernetes Engine Plugin
CVE-2019-10364 (Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of priv ...)
	NOT-FOR-US: Jenkins Amazon EC2 Plugin
CVE-2019-10363 (Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably ...)
	NOT-FOR-US: Jenkins Configuration as Code Plugin
CVE-2019-10362 (Jenkins Configuration as Code Plugin 1.24 and earlier did not escape v ...)
	NOT-FOR-US: Jenkins Configuration as Code Plugin
CVE-2019-10361 (Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials une ...)
	NOT-FOR-US: Jenkins Maven Release Plugin
CVE-2019-10360 (A stored cross site scripting vulnerability in Jenkins Maven Release P ...)
	NOT-FOR-US: Jenkins Maven Release Plugin
CVE-2019-10359 (A cross-site request forgery vulnerability in Jenkins Maven Release Pl ...)
	NOT-FOR-US: Jenkins Maven Release Plugin
CVE-2019-10358 (Jenkins Maven Integration Plugin 3.3 and earlier did not apply build l ...)
	NOT-FOR-US: Jenkins Maven Integration Plugi
CVE-2019-10357 (A missing permission check in Jenkins Pipeline: Shared Groovy Librarie ...)
	NOT-FOR-US: Jenkins Pipeline: Shared Groovy Libraries Plugin
CVE-2019-10356 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61  ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61  ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...)
	NOT-FOR-US: Jenkins
CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did  ...)
	NOT-FOR-US: Jenkins
CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176 ...)
	NOT-FOR-US: Jenkins
CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10349 (A stored cross site scripting vulnerability in Jenkins Dependency Grap ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10348 (Jenkins Gogs Plugin stored credentials unencrypted in job config.xml f ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted on the J ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins Embeddable B ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10345 (Jenkins Configuration as Code Plugin 1.20 and earlier did not treat th ...)
	NOT-FOR-US: Jenkins Configuration as Code Plugin
CVE-2019-10344 (Missing permission checks in Jenkins Configuration as Code Plugin 1.24 ...)
	NOT-FOR-US: Jenkins Configuration as Code Plugin
CVE-2019-10343 (Jenkins Configuration as Code Plugin 1.24 and earlier did not properly ...)
	NOT-FOR-US: Jenkins Configuration as Code Plugin
CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10340 (A cross-site request forgery vulnerability in Jenkins Docker Plugin 1. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin 1.0.36 and e ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX Resources Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10337 (An XML external entities (XXE) vulnerability in Jenkins Token Macro Pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10336 (A reflected cross site scripting vulnerability in Jenkins ElectricFlow ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10335 (A stored cross site scripting vulnerability in Jenkins ElectricFlow Pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10334 (Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hos ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10333 (Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10332 (A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and ea ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10331 (A cross-site request forgery vulnerability in Jenkins ElectricFlow Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10330 (Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revis ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10329 (Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10328 (Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10327 (An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10326 (A cross-site request forgery vulnerability in Jenkins Warnings NG Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10325 (A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10324 (A cross-site request forgery vulnerability in Jenkins Artifactory Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10323 (A missing permission check in Jenkins Artifactory Plugin 3.2.3 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10322 (A missing permission check in Jenkins Artifactory Plugin 3.2.2 and ear ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10321 (A cross-site request forgery vulnerability in Jenkins Artifactory Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication Plugin 1.5 an ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...)
	NOT-FOR-US: Jenkins Azure AD Plugin
CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostna ...)
	NOT-FOR-US: Jenkins SiteMonitor Plugin
CVE-2019-10316 (Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials  ...)
	NOT-FOR-US: Jenkins Aqua MicroScanner Plugin
CVE-2019-10315 (Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the  ...)
	NOT-FOR-US: Jenkins GitHub Authentication Plugin
CVE-2019-10314 (Jenkins Koji Plugin disables SSL/TLS and hostname verification globall ...)
	NOT-FOR-US: Jenkins Koji Plugin
CVE-2019-10313 (Jenkins Twitter Plugin stores credentials unencrypted in its global co ...)
	NOT-FOR-US: Jenkins Twitter Plugin
CVE-2019-10312 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...)
	NOT-FOR-US: Jenkins Ansible Tower Plugin
CVE-2019-10311 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...)
	NOT-FOR-US: Jenkins Ansible Tower Plugin
CVE-2019-10310 (A cross-site request forgery vulnerability in Jenkins Ansible Tower Pl ...)
	NOT-FOR-US: Jenkins Ansible Tower Plugin
CVE-2019-10309 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use  ...)
	NOT-FOR-US: Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients
CVE-2019-10308 (A missing permission check in Jenkins Static Analysis Utilities Plugin ...)
	NOT-FOR-US: Jenkins Static Analysis Utilities Plugin
CVE-2019-10307 (A cross-site request forgery vulnerability in Jenkins Static Analysis  ...)
	NOT-FOR-US: Jenkins Static Analysis Utilities Plugin
CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10304 (A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Dep ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10303 (Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier sto ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10302 (Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10301 (A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10300 (A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in ...)
	NOT-FOR-US: Jenkins CloudCoreo DeployTime Plugin
CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its global confi ...)
	NOT-FOR-US: Jenkins Koji Plugin
CVE-2019-10297 (Jenkins Sametime Plugin stores credentials unencrypted in its global c ...)
	NOT-FOR-US: Jenkins Sametime Plugin
CVE-2019-10296 (Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its ...)
	NOT-FOR-US: Jenkins Serena SRA Deploy Plugin
CVE-2019-10295 (Jenkins crittercism-dsym Plugin stores credentials unencrypted in job  ...)
	NOT-FOR-US: Jenkins crittercism-dsym Plugin
CVE-2019-10294 (Jenkins Kmap Plugin stores credentials unencrypted in job config.xml f ...)
	NOT-FOR-US: Jenkins Kmap Plugin
CVE-2019-10293 (A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilde ...)
	NOT-FOR-US: Jenkins Kmap Plugin
CVE-2019-10292 (A cross-site request forgery vulnerability in Jenkins Kmap Plugin in K ...)
	NOT-FOR-US: Jenkins Kmap Plugin
CVE-2019-10291 (Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credential ...)
	NOT-FOR-US: Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10290 (A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1 ...)
	NOT-FOR-US: Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10289 (A cross-site request forgery vulnerability in Jenkins Netsparker Cloud ...)
	NOT-FOR-US: Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10288 (Jenkins Jabber Server Plugin stores credentials unencrypted in its glo ...)
	NOT-FOR-US: Jenkins Jabber Server Plugin
CVE-2019-10287 (Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unen ...)
	NOT-FOR-US: Jenkins youtrack-plugin Plugin
CVE-2019-10286 (Jenkins DeployHub Plugin stores credentials unencrypted in job config. ...)
	NOT-FOR-US: Jenkins DeployHub Plugin
CVE-2019-10285 (Jenkins Minio Storage Plugin stores credentials unencrypted in its glo ...)
	NOT-FOR-US: Jenkins Minio Storage Plugin
CVE-2019-10284 (Jenkins Diawi Upload Plugin stores credentials unencrypted in job conf ...)
	NOT-FOR-US: Jenkins Diawi Upload Plugin
CVE-2019-10283 (Jenkins mabl Plugin stores credentials unencrypted in job config.xml f ...)
	NOT-FOR-US: Jenkins mabl Plugin
CVE-2019-10282 (Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in ...)
	NOT-FOR-US: Jenkins Klaros-Testmanagement Plugin
CVE-2019-10281 (Jenkins Relution Enterprise Appstore Publisher Plugin stores credentia ...)
	NOT-FOR-US: Jenkins Relution Enterprise Appstore Publisher Plugin
CVE-2019-10280 (Jenkins Assembla Auth Plugin stores credentials unencrypted in the glo ...)
	NOT-FOR-US: Jenkins Assembla Auth Plugin
CVE-2019-10279 (A missing permission check in Jenkins jenkins-reviewbot Plugin in the  ...)
	NOT-FOR-US: Jenkins jenkins-reviewbot Plugin
CVE-2019-10278 (A cross-site request forgery vulnerability in Jenkins jenkins-reviewbo ...)
	NOT-FOR-US: Jenkins jenkins-reviewbot Plugin
CVE-2019-10277 (Jenkins StarTeam Plugin stores credentials unencrypted in job config.x ...)
	NOT-FOR-US: Jenkins StarTeam Plugin
CVE-2019-XXXX [insecure handling of /tmp/VMwareDnD]
	- open-vm-tools 2:10.3.10-1 (bug #925959; unimportant)
	[stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u2
	NOTE: https://github.com/vmware/open-vm-tools/commit/e88f91b00a715b79255de6576506d80ecfdb064c
	NOTE: Neutralised by kernel hardening
CVE-2019-10276 (Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via t ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2019-10275
	RESERVED
CVE-2019-10274
	RESERVED
CVE-2019-10273 (Information leakage vulnerability in the /mc login page in ManageEngin ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2019-10272 (An issue was discovered in Weaver e-cology 9.0. There is a CRLF Inject ...)
	NOT-FOR-US: Weaver e-cology
CVE-2019-10271 (An issue was discovered in the Ultimate Member plugin 2.39 for WordPre ...)
	NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2019-10270 (An arbitrary password reset issue was discovered in the Ultimate Membe ...)
	NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2019-10269 (BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based b ...)
	- bwa 0.7.17-3 (low; bug #926014)
	[stretch] - bwa 0.7.15-2+deb9u1
	[jessie] - bwa <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/lh3/bwa/pull/232
	NOTE: https://github.com/lh3/bwa/commit/20d0a13092aa4cb73230492b05f9697d5ef0b88e
CVE-2019-10268
	REJECTED
CVE-2019-10267 (An insecure file upload and code execution issue was discovered in Ahs ...)
	NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2019-10266 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. W ...)
	NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2019-10265 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. O ...)
	NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2019-10264 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. W ...)
	NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2019-10263 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. W ...)
	NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2019-10262 (A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_ ...)
	NOT-FOR-US: BlueCMS
CVE-2019-1002162
	NOT-FOR-US: atomic-reactor
CVE-2019-1002101 (The kubectl cp command allows copying files between containers and the ...)
	- kubernetes <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20
	NOTE: Upstream patch: https://github.com/kubernetes/kubernetes/pull/75037
CVE-2019-10261 (CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XS ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html ( ...)
	NOT-FOR-US: Total.js CMS
CVE-2019-10259
	RESERVED
CVE-2019-10258
	RESERVED
CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Una ...)
	NOT-FOR-US: Zucchetti HR Portal
CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions prior ...)
	NOT-FOR-US: VIVOTEK IPCam
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
	- jupyter-notebook 5.7.8-1 (bug #925939)
	NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
	NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
	NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the
	NOTE: complete fix.
	NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
	NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...)
	NOT-FOR-US: MISP
CVE-2019-10253 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+  ...)
	NOT-FOR-US: TeamMate+
CVE-2019-10252
	RESERVED
CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...)
	NOT-FOR-US: UCWeb UC Browser application for Android
CVE-2019-10250 (UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading cer ...)
	NOT-FOR-US: UCWeb UC Browser
CVE-2019-1003048 (A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attack ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003047 (A missing permission check in Jenkins Fortify on Demand Uploader Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003046 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003045 (A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003044 (A cross-site request forgery vulnerability in Jenkins Slack Notificati ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003043 (A missing permission check in Jenkins Slack Notification Plugin 2.19 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003042 (A cross site scripting vulnerability in Jenkins Lockable Resources Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-10249 (All Xtext &amp; Xtend versions prior to 2.18.0 were built using HTTP i ...)
	NOT-FOR-US: Eclipse Xtext & Xtend
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...)
	NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...)
	[experimental] - jetty9 9.4.18-1
	- jetty9 <unfixed> (bug #928444)
	[buster] - jetty9 <no-dsa> (Minor issue)
	[stretch] - jetty9 <no-dsa> (Minor issue)
	- jetty8 <removed>
	[jessie] - jetty8 <no-dsa> (Minor issue)
	- jetty <removed>
	[jessie] - jetty <no-dsa> (Minor issue)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577
	NOTE: https://github.com/eclipse/jetty.project/issues/3555
CVE-2019-10246 (In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server runnin ...)
	- jetty9 <not-affected> (Only affects Jetty on Windows)
	- jetty8 <not-affected> (Only affects Jetty on Windows)
	- jetty <not-affected> (Only affects Jetty on Windows)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576
	NOTE: https://github.com/eclipse/jetty.project/issues/3549
CVE-2019-10245 (In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verif ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2019-10244 (In Eclipse Kura versions up to 4.0.0, the Web UI package and component ...)
	NOT-FOR-US: Eclipse Kura
CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui W ...)
	NOT-FOR-US: Eclipse Kura
CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked  ...)
	NOT-FOR-US: Eclipse Kura
CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...)
	[experimental] - jetty9 9.4.18-1
	- jetty9 <unfixed> (bug #928444)
	[buster] - jetty9 <no-dsa> (Minor issue)
	[stretch] - jetty9 <no-dsa> (Minor issue)
	- jetty8 <removed>
	[jessie] - jetty8 <no-dsa> (Minor issue)
	- jetty <removed>
	[jessie] - jetty <no-dsa> (Minor issue)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...)
	NOT-FOR-US: Eclipse hawkBit
CVE-2017-18365 (The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a d ...)
	NOT-FOR-US: GitHub Enterprise
CVE-2019-10239 (Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently ...)
	NOT-FOR-US: Robotronic RunAsSpc
CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the file ...)
	NOT-FOR-US: Sitemagic CMS
CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via th ...)
	NOT-FOR-US: S-CMS PHP
CVE-2019-10236
	RESERVED
CVE-2019-10235
	RESERVED
CVE-2019-10234
	RESERVED
CVE-2019-10233 (Teclib GLPI before 9.4.1.1 is affected by a timing attack associated w ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/pull/5562
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10232 (Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter  ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerab ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/pull/5520
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10230
	RESERVED
CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provider Edit ...)
	NOT-FOR-US: MailStore
CVE-2019-10228
	RESERVED
CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...)
	NOT-FOR-US: openITCOCKPIT
CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...)
	NOT-FOR-US: Fat Free CRM
CVE-2019-10225
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3.  ...)
	- 389-ds-base 1.4.1.5-1
	[buster] - 389-ds-base <no-dsa> (Minor issue)
	[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
	[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
	- python-lib389 <removed>
	[stretch] - python-lib389 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147
	NOTE: https://pagure.io/389-ds-base/issue/50251
	NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310
CVE-2019-10223 (A security issue was discovered in the kube-state-metrics versions v1. ...)
	NOT-FOR-US: kube-state-metrics
CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the front ...)
	- ceph 14.2.4-1 (bug #936015)
	[buster] - ceph <no-dsa> (Minor issue; only triggerable if experimental feature enabled)
	[stretch] - ceph <not-affected> (Vulnerable code not present)
	[jessie] - ceph <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/9
	NOTE: https://github.com/ceph/ceph/pull/29967
	NOTE: https://github.com/ceph/ceph/commit/6171399fdedd928b4249d135b4036e3de25079aa
	NOTE: 12.2.x installations only affected by the vulnerability if experimental
	NOTE: features are enabled.
CVE-2019-10221 (A Reflected Cross Site Scripting vulnerability was found in all pki-co ...)
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1732565
CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 5.3.9-1
	[buster] - linux 4.19.98-1
	[stretch] - linux 4.9.210-1
CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
	- libhibernate-validator-java <unfixed> (bug #948235)
	[buster] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
	[stretch] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
	[jessie] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
	- libhibernate-validator4-java <not-affected> (Vulnerable code was introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
	NOTE: https://hibernate.atlassian.net/browse/HV-1739
	NOTE: Fixed by https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba  ...)
	- samba 2:4.11.1+dfsg-2
	[buster] - samba <no-dsa> (Minor issue)
	[stretch] - samba <no-dsa> (Minor issue)
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...)
	- ansible 2.8.6+dfsg-1 (bug #934128)
	[buster] - ansible <not-affected> (Vulnerable code introduced later)
	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
	[jessie] - ansible <not-affected> (vulnerable code introduced later)
	NOTE: https://github.com/ansible/ansible/issues/56269
	NOTE: https://github.com/ansible/ansible/pull/59427
	NOTE: Introduced by: https://github.com/ansible/ansible/commit/08918c6c2bcd73eb40b89af31736d3fcbe55e75a (v2.8.0a1)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519
CVE-2019-10216 (In ghostscript before version 9.50, the .buildfont1 procedure did not  ...)
	{DSA-4499-1 DLA-1880-1}
	- ghostscript 9.27~dfsg-3.1 (bug #934638)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-sit ...)
	NOT-FOR-US: Bootstrap-3-Typeahead
CVE-2019-10214 (The containers/image library used by the container tools Podman, Build ...)
	- golang-github-containers-image <not-affected> (Vulnerable version was never in unstable)
	- singularity-container 3.5.0+ds1-1
	NOTE: https://github.com/containers/image/issues/654
	NOTE: https://github.com/containers/image/pull/669
CVE-2019-10213 (OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize  ...)
	NOT-FOR-US: OpenShift
CVE-2019-10212 (A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for i ...)
	- undertow 2.0.27-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1731984
	NOTE: https://github.com/undertow-io/undertow/pull/817
CVE-2019-10211 (Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5. ...)
	NOT-FOR-US: EnterpriseDB Windows installer
CVE-2019-10210 (Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5. ...)
	NOT-FOR-US: EnterpriseDB Windows installer
CVE-2019-10209 (Postgresql, versions 11.x before 11.5, is vulnerable to a memory discl ...)
	{DSA-4493-1}
	- postgresql-11 11.5-1
	- postgresql-9.6 <not-affected> (Only affects PostgreSQL 11)
	- postgresql-9.4 <not-affected> (Only affects PostgreSQL 11)
	NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10208 (A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5. ...)
	{DSA-4493-1 DSA-4492-1 DLA-1874-1}
	- postgresql-11 11.5-1
	- postgresql-9.6 <removed>
	- postgresql-9.4 <removed>
	NOTE: https://www.postgresql.org/about/news/1960/
CVE-2019-10207 (A flaw was found in the Linux kernel's Bluetooth implementation of UAR ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
	NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
	NOTE: https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ...)
	- ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied)
	NOTE: https://github.com/ansible/ansible/pull/63351
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
	- ansible 2.8.6+dfsg-1 (bug #933005)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
	NOTE: https://github.com/ansible/ansible/pull/59246
	NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
	NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553
	NOTE: 2.6.x https://github.com/ansible/ansible/pull/59554
	NOTE: When fixing this issue is needed to make the fix complete with
	NOTE: https://github.com/ansible/ansible/pull/63351 to not open
	NOTE: CVE-2019-14856.
CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account tokens i ...)
	NOT-FOR-US: Red Hat Quay
CVE-2019-10204
	RESERVED
CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
	- pdns 4.2.0-1 (low)
	[buster] - pdns <no-dsa> (Minor issue)
	[stretch] - pdns <no-dsa> (Minor issue)
	[jessie] - pdns <no-dsa> (Minor issue)
	NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update
	NOTE: needs to be performed.
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html
CVE-2019-10202 (A series of deserialization vulnerabilities have been discovered in Co ...)
	NOT-FOR-US: Codehaus
CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...)
	NOT-FOR-US: Keycloak
CVE-2019-10200
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did not per ...)
	NOT-FOR-US: Keycloak
CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...)
	- foreman <itp> (bug #663101)
CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up ...)
	{DSA-4513-1}
	- samba 2:4.9.13+dfsg-1
	[stretch] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
	[jessie] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
	NOTE: https://www.samba.org/samba/security/CVE-2019-10197.html
CVE-2019-10196
	RESERVED
	NOT-FOR-US: nodejs-http-proxy-agent
CVE-2019-10195 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
	- freeipa 4.8.3-1
	[buster] - freeipa <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://pagure.io/freeipa/c/02ce407f5e10e670d4788778037892b58f80adc0
CVE-2019-10194 (Sensitive passwords used in deployment and configuration of oVirt Metr ...)
	NOT-FOR-US: ovirt-engine-metrics
CVE-2019-10193 (A stack-buffer overflow vulnerability was found in the Redis hyperlogl ...)
	{DSA-4480-1}
	- redis 5:5.0.4-1 (bug #931625)
	[stretch] - redis <not-affected> (vulnerable code added later)
	[jessie] - redis <not-affected> (vulnerable code added later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1727668
	NOTE: https://github.com/antirez/redis/issues/6214
	NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement)
	NOTE: https://github.com/antirez/redis/commit/a4b90be9fcd5e1668ac941cabce3b1ab38dbe326 (master)
	NOTE: https://github.com/antirez/redis/commit/12b5ff109508c2a192f700c7738da7e7f09670f1 (5.0.4)
CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hyperloglo ...)
	{DSA-4480-1 DLA-1850-1}
	- redis 5:5.0.4-1 (bug #931625)
	NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement)
	NOTE: https://github.com/antirez/redis/commit/e216ceaf0e099536fe3658a29dcb725d812364e0
	NOTE: https://github.com/antirez/redis/commit/9f13b2bd4967334b1701c6eccdf53760cb13f79e
	NOTE: https://github.com/antirez/redis/commit/ef1833b3f9d02261617b757fd6ebe0ec3f1be507 (5.0.4)
	NOTE: https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f (5.0.4)
CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot resolver before ...)
	- knot-resolver 5.0.1-1 (bug #932048)
	NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
	NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot resol ...)
	- knot-resolver 5.0.1-1 (bug #932048)
	NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
	NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
CVE-2019-10189 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teache ...)
	- moodle <removed>
CVE-2019-10188 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teache ...)
	- moodle <removed>
CVE-2019-10187 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users  ...)
	- moodle <removed>
CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sess ...)
	- moodle <removed>
CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was  ...)
	{DLA-1914-1}
	- icedtea-web 1.8.3-1 (bug #934319)
	[buster] - icedtea-web <no-dsa> (Minor issue)
	[stretch] - icedtea-web <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/26305807b41a5b4e9813db42531acd754899207f (1.7)
	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/686213a6d68c21879d92cea3699b279c8f2662fa (1.8)
CVE-2019-10184 (undertow before version 2.0.23.Final is vulnerable to an information l ...)
	- undertow 2.0.23-1
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1578
	NOTE: https://github.com/undertow-io/undertow/pull/794
CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines has int ...)
	- virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
	NOTE: https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly  ...)
	{DLA-1914-1}
	- icedtea-web 1.8.3-1 (bug #934319)
	[buster] - icedtea-web <no-dsa> (Minor issue)
	[stretch] - icedtea-web <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/f9c2cf7fd24415ba2bb2619b69259035338ee5b6 (1.7)
	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/7958049eedc213be1ad4ae80ee312b167ddb320f (1.8)
CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 e ...)
	{DLA-1914-1}
	- icedtea-web 1.8.3-1 (bug #934319)
	[buster] - icedtea-web <no-dsa> (Minor issue)
	[stretch] - icedtea-web <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/32d174def953d801eb1cfc9d989bff5e80aac3cd (1.7)
	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/528cb8163b7053576a658b9602b5694b21957b0e (1.8)
CVE-2019-10180 (A vulnerability was found in all pki-core 10.x.x version, where the To ...)
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137
CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...)
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901
CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not properly  ...)
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1719042
CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in the PDF ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2019-10176 (A flaw was found in OpenShift Container Platform, versions 3.11 and la ...)
	NOT-FOR-US: OpenShift
CVE-2019-10175 (A flaw was found in the containerized-data-importer in virt-cdi-cloner ...)
	NOT-FOR-US: KubeVirt
CVE-2019-10174 (A vulnerability was found in Infinispan such that the invokeAccessibly ...)
	NOT-FOR-US: infinispan
CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 introduced  ...)
	- libxstream-java 1.4.11-1
	[stretch] - libxstream-java <not-affected> (Regression introduced in 1.4.10)
	[jessie] - libxstream-java <not-affected> (Regression introduced in 1.4.10)
	NOTE: http://x-stream.github.io/changes.html#1.4.11
	NOTE: Regression introduced and present only in 1.4.10.
CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
	{DLA-2091-1}
	- libjackson-json-java <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075
	NOTE: https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721
CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions  ...)
	- 389-ds-base <not-affected> (Incomplete RHEL backport)
CVE-2019-10170 (A flaw was found in the Keycloak admin console, where the realm manage ...)
	NOT-FOR-US: Keycloak
CVE-2019-10169 (A flaw was found in Keycloak&#8217;s user-managed access interface, wh ...)
	NOT-FOR-US: Keycloak
CVE-2019-10168 (The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...)
	- libvirt 5.0.0-4
	[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720118
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291
CVE-2019-10167 (The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...)
	{DSA-4469-1 DLA-1832-1}
	- libvirt 5.0.0-4
	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720117
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26
CVE-2019-10166 (It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...)
	- libvirt 5.0.0-4
	[stretch] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced in 3.6.1)
	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720114
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a
CVE-2019-10165 (OpenShift Container Platform before version 4.1.3 writes OAuth tokens  ...)
	NOT-FOR-US: OpenShift
CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are ...)
	- postgresql-11 11.4-1
	- postgresql-9.6 <not-affected> (Only affects 10.x and later)
	- postgresql-9.4 <not-affected> (Only affects 10.x and later)
	NOTE: https://www.postgresql.org/about/news/1949/
CVE-2019-10163 (A Vulnerability has been found in PowerDNS Authoritative Server before ...)
	{DSA-4470-1 DLA-1843-1}
	- pdns 4.1.6-3
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html
CVE-2019-10162 (A vulnerability has been found in PowerDNS Authoritative Server before ...)
	{DSA-4470-1 DLA-1843-1}
	- pdns 4.1.6-3
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html
CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...)
	{DSA-4469-1 DLA-1832-1}
	- libvirt 5.0.0-4
	NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720115
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580
CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since  ...)
	- python3.7 3.7.4~rc2-2
	[buster] - python3.7 3.7.3-2+deb10u1
	- python3.6 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
	- python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
	- python3.4 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
	- python2.7 2.7.16-3
	[buster] - python2.7 2.7.16-2+deb10u1
	[stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
	[jessie] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
	NOTE: Introduced by: https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3 (v3.8.0a4)
	NOTE: Fixed by: https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e (v3.8.0b1)
	NOTE: https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 (3.7)
	NOTE: https://bugs.python.org/issue36742
	NOTE: Patches for 2.7:
	NOTE: https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259
	NOTE: https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de
	NOTE: https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff
CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnera ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An improp ...)
	NOT-FOR-US: infinispan
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did  ...)
	NOT-FOR-US: Keycloak
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
	{DLA-1923-1}
	- ansible 2.8.3+dfsg-1 (low; bug #930065)
	[buster] - ansible <no-dsa> (Minor issue)
	[stretch] - ansible <no-dsa> (Minor issue)
	NOTE: https://github.com/ansible/ansible/pull/57188
CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processing of I ...)
	- libreswan 3.27-6 (bug #930338)
	- strongswan 5.1.0-1
	- openswan <removed>
	- freeswan <removed>
	NOTE: https://libreswan.org/security/CVE-2019-10155/
	NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan
CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web service f ...)
	- moodle <removed>
CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, where u ...)
	- fence-agents 4.3.3-2 (low; bug #930887)
	[stretch] - fence-agents 4.0.25-1+deb9u1
	[jessie] - fence-agents <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460
	NOTE: https://github.com/ClusterLabs/fence-agents/pull/255
	NOTE: https://github.com/ClusterLabs/fence-agents/pull/272
CVE-2019-10152 (A path traversal vulnerability has been discovered in podman before ve ...)
	- libpod <not-affected> (Fixed before initial upload)
CVE-2019-10151
	RESERVED
CVE-2019-10150 (It was found that OpenShift Container Platform versions 3.6.x - 4.6.0  ...)
	NOT-FOR-US: OpenShift
CVE-2019-10149 (A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper v ...)
	{DSA-4456-1}
	- exim4 4.92~RC3-1
	[jessie] - exim4 <not-affected> (Vulnerable code introduced in 4.87)
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/04/1
	NOTE: https://www.exim.org/static/doc/security/CVE-2019-10149.txt
	NOTE: https://www.openwall.com/lists/oss-security/2019/06/06/1
	NOTE: https://github.com/Exim/exim/commit/7ea1237c783e380d7bdb86c90b13d8203c7ecf26 (exim-4.92-RC1)
	NOTE: https://git.exim.org/exim.git/commit/d740d2111f189760593a303124ff6b9b1f83453d (exim-4_91+fixes)
CVE-2019-10148
	REJECTED
CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in containers th ...)
	- rkt <unfixed> (bug #929781)
	NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
	NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10146 (A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x ...)
	- dogtag-pki <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1710171
CVE-2019-10145 (rkt through version 1.30.0 does not isolate processes in containers th ...)
	- rkt <unfixed> (bug #929781)
	NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
	NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10144 (rkt through version 1.30.0 does not isolate processes in containers th ...)
	- rkt <unfixed> (bug #929781)
	NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
	NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including versio ...)
	- freeradius <unfixed> (unimportant; bug #929466)
	NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574
	NOTE: This is not a security issue per se
CVE-2019-10142 (A flaw was found in the Linux kernel's freescale hypervisor manager im ...)
	- linux 5.2.6-1 (unimportant)
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux 3.16.70-1
	NOTE: Fixed by: https://git.kernel.org/linus/6a024330650e24556b8a18cc654ad00cfecf6c6c
	NOTE: CONFIG_FSL_HV_MANAGER not enabled in kernel builds in Debian.
CVE-2019-10141 (A vulnerability was found in openstack-ironic-inspector all versions e ...)
	- ironic-inspector 8.0.0-3 (bug #929332)
	[stretch] - ironic-inspector <no-dsa> (Minor issue)
	NOTE: https://review.opendev.org/#/c/660234/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1711722
CVE-2019-10140 (A vulnerability was found in Linux kernel's, versions up to 3.10, impl ...)
	- linux <not-affected> (Vulnerability introduce in Red Hat specific backport)
CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...)
	NOT-FOR-US: cockpit-ovirt
CVE-2019-10138 (A flaw was discovered in the python-novajoin plugin, all versions up t ...)
	NOT-FOR-US: python-novajoin plugin for OpenStack
CVE-2019-10137 (A path traversal flaw was found in spacewalk-proxy, all versions throu ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2019-10136 (It was found that Spacewalk, all versions through 2.9, did not safely  ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2019-10135 (A flaw was found in the yaml.load() function in the osbs-client versio ...)
	NOTE: OpenShift Build Service client
CVE-2019-10134 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...)
	- moodle <removed>
CVE-2019-10133 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...)
	- moodle <removed>
CVE-2019-10132 (A vulnerability was found in libvirt &gt;= 4.1.0 in the virtlockd-admi ...)
	- libvirt 5.0.0-3 (bug #929334)
	[stretch] - libvirt <not-affected> (Vulnerable code introduced in 4.1.0-rc1)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced in 4.1.0-rc1)
	NOTE: https://security.libvirt.org/2019/0003.html
CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2
	[stretch] - imagemagick <no-dsa> (Minor issue)
	[jessie] - imagemagick <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ccc28ee4c777d915f95919ac3bcf8adf93037a7
CVE-2019-10130 (A vulnerability was found in PostgreSQL versions 11.x up to excluding  ...)
	{DSA-4439-1}
	- postgresql-11 11.3-1
	- postgresql-9.6 <removed>
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <not-affected> (Row security was introduced in 9.5)
	NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10129 (A vulnerability was found in postgresql versions 11.x prior to 11.3. U ...)
	- postgresql-11 11.3-1
	NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10128
	RESERVED
	- postgresql-11 <not-affected> (Windows-specific)
	NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10127
	RESERVED
	- postgresql-11 <not-affected> (Windows-specific)
	NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10126 (A flaw was found in the Linux kernel. A heap based buffer overflow in  ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
	NOTE: https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de
CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...)
	NOT-FOR-US: phpFK
CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel  ...)
	- linux 4.19.37-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://patchwork.kernel.org/patch/10828359/
	NOTE: https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379
CVE-2019-10124
	REJECTED
CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which ...)
	NOT-FOR-US: Advanced InfoData Systems (AIS)
CVE-2019-10122 (eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43 ...)
	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10121 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...)
	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10120 (On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3 ...)
	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10119 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...)
	NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and ...)
	NOT-FOR-US: Snipe-IT
CVE-2019-10117 (An Open Redirect issue was discovered in GitLab Community and Enterpri ...)
	- gitlab <not-affected> (Only affects 11.9 and later)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10116 (An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab  ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10115 (An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab  ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10114 (An Information Exposure issue (issue 2 of 2) was discovered in GitLab  ...)
	- gitlab <not-affected> (Only affects 11.9 and later)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10113 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10112 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects 11.9 and later)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10111 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10110 (An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab  ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10109 (An Information Exposure issue (issue 1 of 2) was discovered in GitLab  ...)
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10108 (An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Co ...)
	- gitlab <not-affected> (Only affects 11.8.4 and later)
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10107 (CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" f ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name fiel ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
	NOT-FOR-US: JetBrains
CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...)
	NOT-FOR-US: JetBrains
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
	NOT-FOR-US: JetBrains YouTrack Confluence plugin
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
	NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated  ...)
	{DSA-4506-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-7
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/27/1
CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-r ...)
	- cjson <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/DaveGamble/cJSON/issues/30
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/07/2
	NOTE: https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...)
	NOT-FOR-US: Snipe-IT
CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...)
	- apache-spark <itp> (bug #802194)
CVE-2019-10098 (In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...)
	{DSA-4509-1 DLA-1900-1}
	- apache2 2.4.41-1
	NOTE: Affects upstream versions 2.4.0 to 2.4.39
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10098
	NOTE: https://svn.apache.org/r1864213
	NOTE: https://svn.apache.org/r1864192
CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured  ...)
	- apache2 2.4.41-1
	[buster] - apache2 2.4.38-3+deb10u1
	[stretch] - apache2 <not-affected> (PROXY protocol support in mod_remoteip added later)
	[jessie] - apache2 <not-affected> (PROXY protocol support in mod_remoteip added later)
	NOTE: Affects upstream versions 2.4.32 to 2.4.39
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10097
	NOTE: https://svn.apache.org/r1864613
CVE-2019-10096
	RESERVED
CVE-2019-10095
	RESERVED
CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...)
	- tika 1.22-1 (bug #933746)
	[buster] - tika <no-dsa> (Minor issue)
	[jessie] - tika <not-affected> (Vulnerable feature introduced in 1.7)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4
	NOTE: https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc
CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ...)
	- tika 1.22-1 (bug #933745)
	[buster] - tika <no-dsa> (Minor issue)
	[jessie] - tika <not-affected> (The vulnerable code was introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
	NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
CVE-2019-10092 (In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting iss ...)
	{DSA-4509-3 DSA-4509-1 DLA-1900-1}
	- apache2 2.4.41-1
	NOTE: Affects upstream versions 2.4.0 to 2.4.39
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5
	NOTE: https://svn.apache.org/r1864191
	NOTE: Regression: https://bugs.debian.org/941202
CVE-2019-10091 (When TLS is enabled with ssl-endpoint-identification-enabled set to tr ...)
	NOT-FOR-US: Apache Geode
CVE-2019-10090 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
	- jspwiki <removed>
CVE-2019-10089 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
	- jspwiki <removed>
CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...)
	- tika 1.22-1 (bug #933744)
	[buster] - tika <no-dsa> (Minor issue)
	[jessie] - tika <not-affected> (Vulnerable feature introduced in 1.7)
	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2
	NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
CVE-2019-10087 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...)
	- jspwiki <removed>
CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...)
	{DLA-1896-1}
	- commons-beanutils 1.9.4-1
	[buster] - commons-beanutils <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - commons-beanutils <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://issues.apache.org/jira/browse/BEANUTILS-520
	NOTE: https://github.com/apache/commons-beanutils/pull/7
	NOTE: https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58
	NOTE: With the patch applied, the libary is secured by default. To opt-out and allow
	NOTE: access to the 'class' property one needs to remove the feature explicitly. Cf.
	NOTE: https://github.com/apache/commons-beanutils/pull/7#issue-281406699
CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...)
	NOT-FOR-US: Apache Allura
CVE-2019-10084 (In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to  ...)
	NOT-FOR-US: Apache Impala
CVE-2019-10083 (When updating a Process Group via the API in NiFi versions 1.3.0 to 1. ...)
	NOT-FOR-US: Apache NiFi
CVE-2019-10082 (In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the h ...)
	{DSA-4509-1}
	- apache2 2.4.41-1
	[jessie] - apache2 <not-affected> (HTTP/2 support only available since version 2.4.17 and later)
	NOTE: Affects upstream versions 2.4.18 to 2.4.39
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10082
CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...)
	{DSA-4509-1}
	- apache2 2.4.41-1
	[jessie] - apache2 <not-affected> (HTTP/2 support only available since version 2.4.17 and later)
	NOTE: Affects upstream versions 2.4.20 to 2.4.39
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10081
CVE-2019-10080 (The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trust ...)
	NOT-FOR-US: Apache NiFi
CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...)
	{DSA-4520-1}
	- trafficserver 8.0.5+ds-1
	NOTE: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
	- jspwiki <removed>
CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerability  ...)
	- jspwiki <removed>
CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...)
	- jspwiki <removed>
CVE-2019-10075
	REJECTED
CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OFBiz Fo ...)
	NOT-FOR-US: Apache OFBiz
CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce"  ...)
	NOT-FOR-US: Apache OFBiz
CVE-2019-10072 (The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 co ...)
	{DSA-4680-1}
	- tomcat9 9.0.22-1 (bug #931131; bug #930872)
	- tomcat8 <removed> (bug #30873)
	[stretch] - tomcat8 <not-affected> (Incomplete fix for CVE-2019-0199 not applied)
	[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
	NOTE: https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
CVE-2019-10071 (The code which checks HMAC in form submissions used String.equals() fo ...)
	NOT-FOR-US: Apache Tapestry
CVE-2019-10070 (Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored  ...)
	NOT-FOR-US: Apache Atlas
CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to the des ...)
	NOT-FOR-US: Godot
CVE-2019-10068 (An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x befor ...)
	NOT-FOR-US: Kentico
CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
	- otrs2 6.0.18-1
	[buster] - otrs2 6.0.16-2
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <not-affected> (vulnerable code is not present)
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e
	NOTE: https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/
CVE-2019-10066 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
	- otrs2 6.0.18-1
	[buster] - otrs2 6.0.16-2
	[stretch] - otrs2 <not-affected> (Vulnerable code introduced later)
	[jessie] - otrs2 <not-affected> (vulnerable code is not present)
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/b99cad21f2dd1c2d52299424a589b0b2f20d7ba8
	NOTE: https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/
CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 throu ...)
	- otrs2 <not-affected> (Only affects 7.x series)
	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/
CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...)
	{DLA-2138-1}
	- wpa 2:2.6-7
	[stretch] - wpa <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
	NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2
	NOTE: Issue fixed in conjunction with CVE-2016-10743.
	NOTE: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e
	NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based
	NOTE: version and only reuploaded as 2:2.6-7 to unstable.
CVE-2019-10063 (Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1 ...)
	- flatpak 1.2.3-2 (bug #925541)
	[stretch] - flatpak 0.8.9-0+deb9u3
	NOTE: https://github.com/flatpak/flatpak/issues/2782
	NOTE: https://github.com/flatpak/flatpak/commit/a9107feeb4b8275b78965b36bf21b92d5724699e
CVE-2019-10062
	RESERVED
CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js)  ...)
	- node-opencv 6.0.0+git20180416.cfc96ba0-3 (unimportant; bug #925571)
	NOTE: https://www.npmjs.com/advisories/789
	NOTE: https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b
	NOTE: https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563
	NOTE: Nodejs not covered by security support
CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix suffe ...)
	NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix
CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...)
	NOT-FOR-US: Lexmark
CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
	NOT-FOR-US: Lexmark
CVE-2019-10057 (Various Lexmark products have CSRF. ...)
	NOT-FOR-US: Lexmark
CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles the cas ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2946
CVE-2019-10055 (An issue was discovered in Suricata 4.1.3. The function ftp_pasv_respo ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2949
CVE-2019-10054 (An issue was discovered in Suricata 4.1.3. The function process_reply_ ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2943
CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the input o ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2883
	NOTE: https://github.com/OISF/suricata/commit/51790d3824bc381e24aaeef20338dd6b8bd4e453
CVE-2019-10052 (An issue was discovered in Suricata 4.1.3. If the network packet does  ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (Vulnerable code not present)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2902
	NOTE: https://redmine.openinfosecfoundation.org/issues/2947
CVE-2019-10051 (An issue was discovered in Suricata 4.1.3. If the function filetracker ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/OISF/suricata/pull/3734
	NOTE: https://redmine.openinfosecfoundation.org/issues/2896
CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4 ...)
	- suricata 1:4.1.4-1
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2884
	NOTE: https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13
CVE-2019-10049 (It is possible for an attacker with regular user access to the web app ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-10048 (The ImageMagick plugin that is installed by default in Pydio through 8 ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-10047 (A stored XSS vulnerability exists in the web application of Pydio thro ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-10046 (An unauthenticated attacker can obtain information about the Pydio 8.2 ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-10045 (The "action" get_sess_id in the web application of Pydio through 8.2.2 ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram applicatio ...)
	- telegram-desktop 1.8.4-1 (bug #927711)
	[buster] - telegram-desktop <ignored> (Minor issue)
	NOTE: https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt
CVE-2019-10043
	RESERVED
CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
	NOT-FOR-US: D-Link
CVE-2019-10041 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
	NOT-FOR-US: D-Link
CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
	NOT-FOR-US: D-Link
CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
	NOT-FOR-US: D-Link
CVE-2019-10038 (Evernote 7.9 on macOS allows attackers to execute arbitrary programs b ...)
	NOT-FOR-US: Evernote
CVE-2019-10037
	RESERVED
CVE-2019-10036
	RESERVED
CVE-2019-10035
	RESERVED
CVE-2019-10034
	RESERVED
CVE-2019-10033
	RESERVED
CVE-2019-10032
	RESERVED
CVE-2019-10031
	RESERVED
CVE-2019-10030
	RESERVED
CVE-2019-10029
	RESERVED
CVE-2019-10028 (Denial of Service (DOS) in Dial Reference Source Code Used before June ...)
	NOT-FOR-US: Dial Reference Source Code Repo
CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field  ...)
	NOT-FOR-US: PHPCMS
CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10025 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10024 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10023 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10022 (An issue was discovered in Xpdf 4.01.01. There is a NULL pointer deref ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10021 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
	- poppler 0.57.0-2 (low; bug #926133)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <ignored> (Minor issue)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 (PostScriptFunction::exec@Function.cc:1374-42___FPE PoC)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101500
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=e2ab2fa9d8c41e0115b2c276a2594cd2f7c217e6
CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words ...)
	NOT-FOR-US: GForge Advanced Server
CVE-2019-10015 (baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitra ...)
	NOT-FOR-US: baigoStudio
CVE-2019-10014 (In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticate ...)
	NOT-FOR-US: DedeCMS
CVE-2019-9999
	RESERVED
CVE-2019-9998
	RESERVED
CVE-2019-9997
	RESERVED
CVE-2019-9996
	RESERVED
CVE-2019-9995
	RESERVED
CVE-2019-9994
	RESERVED
CVE-2019-9993
	RESERVED
CVE-2019-9992
	RESERVED
CVE-2019-9991
	RESERVED
CVE-2019-9990
	RESERVED
CVE-2019-9989
	RESERVED
CVE-2019-9988
	RESERVED
CVE-2019-9987
	RESERVED
CVE-2019-9986
	RESERVED
CVE-2019-9985
	RESERVED
CVE-2019-9984
	RESERVED
CVE-2019-9983
	RESERVED
CVE-2019-9982
	RESERVED
CVE-2019-9981
	RESERVED
CVE-2019-9980
	RESERVED
CVE-2019-9979
	RESERVED
CVE-2019-9978 (The social-warfare plugin before 3.5.3 for WordPress has stored XSS vi ...)
	NOT-FOR-US: social-warfare plugin for WordPress
CVE-2019-9977 (The renderer process in the entertainment system on Tesla Model 3 vehi ...)
	NOT-FOR-US: entertainment system on Tesla Model 3 vehicles
CVE-2019-9976 (The Boa server configuration on DASAN H660RM devices with firmware 1.0 ...)
	- boa <removed>
CVE-2019-9975 (DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for  ...)
	NOT-FOR-US: DASAN
CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lac ...)
	NOT-FOR-US: DASAN
CVE-2019-9973
	RESERVED
CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS t ...)
	- axtls <unfixed> (bug #953326)
CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote at ...)
	NOT-FOR-US: Jenzabar
CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campu ...)
	NOT-FOR-US: Jenzabar
CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark  ...)
	NOT-FOR-US: PHP League CommonMark library
CVE-2019-10009 (A Directory Traversal issue was discovered in the Web GUI in Titan FTP ...)
	NOT-FOR-US: Titan FTP
CVE-2019-10008 (Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privile ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk
CVE-2019-10007
	RESERVED
CVE-2019-10006
	RESERVED
CVE-2019-10005
	RESERVED
CVE-2019-10004
	RESERVED
CVE-2019-10003
	RESERVED
CVE-2019-10002
	RESERVED
CVE-2019-10001
	RESERVED
CVE-2019-10000
	RESERVED
CVE-2019-9972
	RESERVED
CVE-2019-9971
	RESERVED
CVE-2019-9970 (Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal ...)
	- signal-desktop <itp> (bug #842943)
CVE-2019-9969 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...)
	NOT-FOR-US: XnView
CVE-2019-9968 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...)
	NOT-FOR-US: XnView
CVE-2019-9967 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...)
	NOT-FOR-US: XnView
CVE-2019-9966 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...)
	NOT-FOR-US: XnView
CVE-2019-9965 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial  ...)
	NOT-FOR-US: XnView
CVE-2019-9964 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial  ...)
	NOT-FOR-US: XnView
CVE-2019-9963 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial  ...)
	NOT-FOR-US: XnView
CVE-2019-9962 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial  ...)
	NOT-FOR-US: XnView
CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in core/m ...)
	NOT-FOR-US: Wikindx
CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
	- limesurvey <itp> (bug #472802)
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
	{DLA-1963-1}
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #941776)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
	NOTE: Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 (poppler-0.79.0)
	NOTE: Reproducer: https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf
CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 u ...)
	NOT-FOR-US: Quadbase EspressReport ES (ERES)
CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allow ...)
	NOT-FOR-US: Quadbase EspressReport ES (ERES)
CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in ...)
	{DSA-4436-1 DLA-1785-1}
	- imagemagick 8:6.9.10.23+dfsg-2.1 (bug #925395)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1523
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90401e430840c5ff31ad870f4370bbda1318ac94
CVE-2019-9955 (On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, ...)
	NOT-FOR-US: Zyxel
CVE-2019-9954
	RESERVED
CVE-2019-9953
	RESERVED
CVE-2019-9952
	RESERVED
CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
	NOT-FOR-US: Western Digital
CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
	NOT-FOR-US: Western Digital
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
	NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
	{DLA-1852-1 DLA-1834-1}
	- python3.7 3.7.4~rc2-2
	[buster] - python3.7 3.7.3-2+deb10u1
	- python3.6 <removed>
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.16-2
	[stretch] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue35907
	NOTE: https://github.com/python/cpython/pull/11842
	NOTE: https://github.com/python/cpython/commit/34bab215596671d0dec2066ae7d7450cd73f638b (3.7)
	NOTE: https://github.com/python/cpython/commit/4f06dae5d8d4400ba38d8502da620f07d4a5696e (3.6)
	NOTE: https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca (2.7)
	NOTE: https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641 (2.7)
CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
	{DLA-1835-1 DLA-1834-1}
	- python3.7 3.7.4~rc2-2
	[buster] - python3.7 3.7.3-2+deb10u1
	- python3.6 <removed>
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.16-3
	[buster] - python2.7 2.7.16-2+deb10u1
	[stretch] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue35906
	NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262
	NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740
	NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...)
	- kubernetes <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1692712
	TODO: singularity-container seems to embed as well a copy of cni
CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...)
	NOT-FOR-US: SoftNAS Cloud
CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...)
	NOT-FOR-US: Open Microscopy Environment OMERO.server
CVE-2019-9943 (In ome.services.graphs.GraphTraversal.findObjectDetails in Open Micros ...)
	NOT-FOR-US: Open Microscopy Environment OMERO.server
CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
	{DLA-1733-1}
	- wpa 2:2.6-7 (unimportant)
	NOTE: https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
	NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based
	NOTE: version and only reuploaded as 2:2.6-7 to unstable.
CVE-2019-9942 (A sandbox information disclosure exists in Twig before 1.38.0 and 2.x  ...)
	{DSA-4419-1}
	[experimental] - twig 2.7.1-1
	- twig 2.6.2-2
	[jessie] - twig <no-dsa> (low priority, sandbox disabled by default)
	NOTE: https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
	NOTE: https://symfony.com/blog/twig-sandbox-information-disclosure
CVE-2019-9941
	RESERVED
CVE-2019-9940
	RESERVED
CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a remote atta ...)
	NOT-FOR-US: SHAREit
CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote atta ...)
	NOT-FOR-US: SHAREit
CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...)
	- sqlite3 3.27.2-2 (low; bug #925290)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
	NOTE: https://sqlite.org/src/info/45c73deb440496e8
CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...)
	- sqlite3 3.27.2-2 (low; bug #925289)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
	NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 of 2). ...)
	NOT-FOR-US: Lexmark
CVE-2019-9934 (Various Lexmark products have Incorrect Access Control (issue 1 of 2). ...)
	NOT-FOR-US: Lexmark
CVE-2019-9933 (Various Lexmark products have a Buffer Overflow (issue 3 of 3). ...)
	NOT-FOR-US: Lexmark
CVE-2019-9932 (Various Lexmark products have a Buffer Overflow (issue 2 of 3). ...)
	NOT-FOR-US: Lexmark
CVE-2019-9931 (Various Lexmark printers contain a denial of service vulnerability in  ...)
	NOT-FOR-US: Lexmark
CVE-2019-9930 (Various Lexmark products have an Integer Overflow. ...)
	NOT-FOR-US: Lexmark
CVE-2019-9929 (Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. ...)
	- cfengine3 <not-affected> (Issue only affecting CFEngine Enterprise 3.x version)
	NOTE: Issue is specific to Enterprise version leaking CFE_ROBOT user secrets on
	NOTE: installation of CFEngine Enterprise Hub package.
CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...)
	{DSA-4437-1 DLA-1770-1 DLA-1769-1}
	[experimental] - gst-plugins-base1.0 1.15.90-1
	- gst-plugins-base1.0 1.14.4-2 (bug #927978)
	- gst-plugins-base0.10 <removed>
	NOTE: https://gstreamer.freedesktop.org/security/sa-2019-0001.html
	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157
	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa (1.15.90)
CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...)
	NOT-FOR-US: Caret editor
CVE-2019-9926 (An issue was discovered in LabKey Server 19.1.0. It is possible to for ...)
	NOT-FOR-US: LabKey Server
CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...)
	NOT-FOR-US: S-CMS PHP
CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user from mod ...)
	{DLA-1726-1}
	- bash 4.4-1 (low)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...)
	- tar <unfixed> (unimportant; bug #925286)
	NOTE: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
	NOTE: http://savannah.gnu.org/bugs/?55369 (private)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
	NOTE: Crash in CLI tool, no security impact
CVE-2019-9922 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
	NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9921 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
	NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9920 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
	NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9919 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
	NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9918 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
	NOT-FOR-US: Harmis JE Messenger component for Joomla!
CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial  ...)
	{DSA-4463-1}
	- znc 1.7.2-2 (bug #925285)
	[jessie] - znc <ignored> (Minor issue, workaround is to disable modpython)
	NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
	NOTE: Every version between 0.096 and 1.7.2 (incl) is vulnerable to the issue,
	NOTE: but earlier versions could not be fixed without a major rewrite. A workaround
	NOTE: though is to disable modpython.
CVE-2019-9916
	RESERVED
CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redir ...)
	NOT-FOR-US: GetSimpleCMS
CVE-2019-9914 (The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php? ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9913 (The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-adm ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9912 (The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9911 (The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9910 (The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?pag ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9909 (The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9908 (The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-gen ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-9907
	RESERVED
CVE-2019-9906
	RESERVED
CVE-2019-9905
	RESERVED
CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...)
	- graphviz <unfixed> (low; bug #925284)
	[buster] - graphviz <no-dsa> (Minor issue)
	[stretch] - graphviz <no-dsa> (Minor issue)
	[jessie] - graphviz <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #925264)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd
CVE-2019-9902
	RESERVED
CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote att ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-9900 (When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not r ...)
	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2019-9899
	RESERVED
CVE-2019-9898 (Potential recycling of random numbers used in cryptography exists with ...)
	{DSA-4423-1 DLA-1763-1}
	- putty 0.70-6
	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e
CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by writing to ...)
	{DSA-4423-1 DLA-1763-1}
	- putty 0.70-6
	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=03777723e553024e94d8bfcf182f3a2e92ffb914
	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars-double-width-gtk.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=daf91ef8ae9780bb1dfb534afa79e4babb89ba26
	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=da1c8f15b1bc14c855f0027cf06ba7f1a9c36f3c
CVE-2019-9896 (In PuTTY versions before 0.71 on Windows, local attackers could hijack ...)
	- putty <not-affected> (Only affects PuTTY specific on Windows)
CVE-2019-9895 (In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer o ...)
	{DSA-4423-1}
	- putty 0.70-6
	[jessie] - putty <ignored> (Too intrusive to backport, patch uses callback handling that is not yet available in Jessie)
	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6
CVE-2019-9894 (A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...)
	{DSA-4423-1 DLA-1763-1}
	- putty 0.70-6
	NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x throu ...)
	{DLA-1774-1}
	- otrs2 6.0.18-1
	[buster] - otrs2 6.0.16-2
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
	NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
CVE-2019-9891 (The function getopt_simple as described in Advanced Bash Scripting Gui ...)
	NOT-FOR-US: Advanced Bash Scripting Guide
CVE-2019-9890 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex funct ...)
	NOT-FOR-US: Vanilla Forums
CVE-2019-9888
	RESERVED
CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
	- wavpack 5.1.0-7 (low; bug #932061)
	[buster] - wavpack <no-dsa> (Minor issue)
	[stretch] - wavpack <no-dsa> (Minor issue)
	[jessie] - wavpack <no-dsa> (Minor issue)
	NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
	NOTE: https://github.com/dbry/WavPack/issues/68
CVE-2019-1010318
	REJECTED
CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
	- wavpack 5.1.0-7 (low; bug #932060)
	[buster] - wavpack <no-dsa> (Minor issue)
	[stretch] - wavpack <no-dsa> (Minor issue)
	[jessie] - wavpack <no-dsa> (Minor issue)
	NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
	NOTE: https://github.com/dbry/WavPack/issues/66
CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...)
	NOT-FOR-US: pyxtrlock
CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...)
	- wavpack 5.1.0-6 (low)
	[stretch] - wavpack <no-dsa> (Minor issue)
	[jessie] - wavpack <no-dsa> (Minor issue)
	NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
	NOTE: https://github.com/dbry/WavPack/issues/65
CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The imp ...)
	- gitea <removed>
CVE-2019-1010313
	RESERVED
CVE-2019-1010312
	REJECTED
CVE-2019-1010311
	REJECTED
CVE-2019-1010310 (GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection  ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/pull/5519
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-1010309
	REJECTED
CVE-2019-1010308 (Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Inc ...)
	NOT-FOR-US: Aquaverde GmbH Aquarius CMS
CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). Th ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact  ...)
	NOT-FOR-US: Slanger
CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...)
	{DLA-1895-1}
	- libmspack 0.10.1-1
	[stretch] - libmspack <no-dsa> (Minor issue)
	NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
	NOTE: https://github.com/kyz/libmspack/issues/27
CVE-2019-1010304 (Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f ...)
	NOT-FOR-US: Mirumee Saleor
CVE-2019-1010303
	RESERVED
CVE-2019-1010302 (jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...)
	{DLA-2054-1}
	- jhead 1:3.03-2 (unimportant; bug #932146)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679978
	NOTE: No security impact, crash in CLI tool
CVE-2019-1010301 (jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...)
	{DLA-2054-1}
	- jhead 1:3.03-2 (unimportant; bug #932145)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679952
	NOTE: No security impact, crash in CLI tool
CVE-2019-1010300 (mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Ove ...)
	NOT-FOR-US: libIEC61850
CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and later is aff ...)
	- rustc 1.30.0+dfsg1-1
	[stretch] - rustc <ignored> (Minor issue)
	[jessie] - rustc <ignored> (Minor issue)
	NOTE: https://github.com/rust-lang/rust/issues/53566
	NOTE: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d
CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010297 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010296 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010295 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010294 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010293 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossi ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010292 (Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary  ...)
	NOT-FOR-US: Linaro/OP-TEE OP-TEE
CVE-2019-1010291
	RESERVED
CVE-2019-1010290 (Babel: Multilingual site Babel All is affected by: Open Redirection. T ...)
	NOT-FOR-US: Babel: Multilingual
CVE-2019-1010289
	RESERVED
CVE-2019-1010288
	RESERVED
CVE-2019-1010287 (Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Script ...)
	NOT-FOR-US: Timesheet Next Gen
CVE-2019-1010286
	RESERVED
CVE-2019-1010285
	RESERVED
CVE-2019-1010284
	RESERVED
CVE-2019-1010283 (Univention Corporate Server univention-directory-notifier 12.0.1-3 and ...)
	NOT-FOR-US: Univention Corporate Server univention-directory-notifier
CVE-2019-1010282
	RESERVED
CVE-2019-1010281
	RESERVED
CVE-2019-1010280
	RESERVED
CVE-2019-1010279 (Open Information Security Foundation Suricata prior to version 4.1.3 i ...)
	- suricata 1:4.1.3-1 (low)
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/pull/3625
	NOTE: https://github.com/OISF/suricata/commit/d8634daf74c882356659addb65fb142b738a186b
	NOTE: https://redmine.openinfosecfoundation.org/issues/2770
CVE-2019-1010278
	RESERVED
CVE-2019-1010277
	RESERVED
CVE-2019-1010276
	RESERVED
CVE-2019-1010275 (helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Valida ...)
	- helm-kubernetes <itp> (bug #910799)
CVE-2019-1010274
	RESERVED
CVE-2019-1010273
	RESERVED
CVE-2019-1010272
	RESERVED
CVE-2019-1010271
	RESERVED
CVE-2019-1010270
	RESERVED
CVE-2019-1010269
	RESERVED
CVE-2019-1010268 (Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is  ...)
	NOT-FOR-US: Ladon
CVE-2019-1010267
	RESERVED
CVE-2019-1010266 (lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ...)
	- node-lodash 4.17.11+dfsg-1 (unimportant)
	NOTE: https://github.com/lodash/lodash/issues/3359
	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-73639
	NOTE: nodejs not covered by security support
CVE-2019-1010265
	RESERVED
CVE-2019-1010264
	RESERVED
CVE-2019-1010263 (Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Contro ...)
	- libcrypt-jwt-perl <not-affected> (Fixed with the initial upload to Debian)
	NOTE: https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/07/1
CVE-2019-1010262
	REJECTED
CVE-2019-1010261 (Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). Th ...)
	- gitea <removed>
CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can result in arb ...)
	NOT-FOR-US: ktlint
CVE-2019-1010259 (SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impac ...)
	- salt 2018.3.4~git20180207+dfsg1-1
	[jessie] - salt <not-affected> (vulnerable MySQL queries are not present)
	NOTE: https://github.com/saltstack/salt/pull/51462
CVE-2019-1010258 (nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf4 ...)
	NOT-FOR-US: nanosvg
CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists in article2 ...)
	NOT-FOR-US: article2pdf Wordpress plugin
CVE-2019-1010256
	RESERVED
CVE-2019-1010255
	RESERVED
CVE-2019-1010254
	RESERVED
CVE-2019-1010253
	RESERVED
CVE-2019-1010252 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input ...)
	NOT-FOR-US: ONOS
CVE-2019-1010251 (Open Information Security Foundation Suricata prior to version 4.1.2 i ...)
	- suricata 1:4.1.2-2 (low)
	[buster] - suricata <no-dsa> (Minor issue)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/commit/11f3659f64a4e42e90cb3c09fcef66894205aefe
	NOTE: https://github.com/OISF/suricata/commit/8357ef3f8ffc7d99ef6571350724160de356158b
	NOTE: https://redmine.openinfosecfoundation.org/issues/2736
CVE-2019-1010250 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input ...)
	NOT-FOR-US: ONOS
CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Ov ...)
	NOT-FOR-US: ONOS
CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...)
	NOT-FOR-US: ONOS
CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...)
	{DLA-1894-1}
	- libapache2-mod-auth-openidc 2.3.10.2-1
	NOTE: Fixed by: https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b (v2.3.10.2)
	NOTE: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt
CVE-2019-1010246 (MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affecte ...)
	NOT-FOR-US: MailCleaner
CVE-2019-1010245 (The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is  ...)
	NOT-FOR-US: ONOS
CVE-2019-1010244
	RESERVED
CVE-2019-1010243
	RESERVED
CVE-2019-1010242
	RESERVED
CVE-2019-1010241 (Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-25 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1010240
	RESERVED
CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusua ...)
	- cjson 1.7.10-1
	NOTE: https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b
	NOTE: https://github.com/DaveGamble/cJSON/issues/315
CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...)
	{DSA-4496-1}
	- pango1.0 1.42.4-7 (bug #933860)
	[stretch] - pango1.0 <not-affected> (Vulnerable code introduced later)
	[jessie] - pango1.0 <not-affected> (Vulnerable code introduced later)
	NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342
	NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44)
CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site  ...)
	NOT-FOR-US: ILIAS
CVE-2019-1010236
	RESERVED
CVE-2019-1010235 (Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is ...)
	NOT-FOR-US: Frog CMS
CVE-2019-1010234 (The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper I ...)
	NOT-FOR-US: ONOS
CVE-2019-1010233
	RESERVED
CVE-2019-1010232 (Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab ...)
	NOT-FOR-US: Juniper
CVE-2019-1010231
	RESERVED
CVE-2019-1010230
	RESERVED
CVE-2019-1010229
	RESERVED
CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The im ...)
	- dcmtk 3.6.4-1 (low)
	[stretch] - dcmtk <no-dsa> (Minor issue)
	[jessie] - dcmtk <no-dsa> (Minor issue)
	NOTE: https://support.dcmtk.org/redmine/issues/858
	NOTE: https://github.com/commontk/DCMTK/commit/40917614e
CVE-2019-1010227
	RESERVED
CVE-2019-1010226
	RESERVED
CVE-2019-1010225
	RESERVED
CVE-2019-1010224
	REJECTED
CVE-2019-1010223
	REJECTED
CVE-2019-1010222
	REJECTED
CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access Control. T ...)
	NOT-FOR-US: LineageOS
CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...)
	- tcpdump <unfixed> (unimportant)
	NOTE: No security impact
CVE-2019-1010219
	RESERVED
CVE-2019-1010218 (Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Cu ...)
	- cherokee <removed>
CVE-2019-1010217
	RESERVED
CVE-2019-1010216
	RESERVED
CVE-2019-1010215
	RESERVED
CVE-2019-1010214
	RESERVED
CVE-2019-1010213
	RESERVED
CVE-2019-1010212
	RESERVED
CVE-2019-1010211
	RESERVED
CVE-2019-1010210
	RESERVED
CVE-2019-1010209 (GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE ...)
	NOT-FOR-US: GoUrl.io GoURL Wordpress Plugin
CVE-2019-1010208 (IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracryp ...)
	NOT-FOR-US: VeraCrypt
CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scrip ...)
	NOT-FOR-US: Genetechsolutions Pie Register
CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL ...)
	NOT-FOR-US: OSS Http Request (Apache Cordova Plugin)
CVE-2019-1010205 (LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247f ...)
	NOT-FOR-US: LINAGORA hublin
CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23765
	NOTE: binutils not covered by security support
CVE-2019-1010203
	RESERVED
CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is ...)
	NOT-FOR-US: Jeesite
CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive  ...)
	NOT-FOR-US: Jeesite
CVE-2019-1010200 (Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b ...)
	NOT-FOR-US: Voice Builder
CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site  ...)
	NOT-FOR-US: ServiceStack ServiceStack Framework
CVE-2019-1010198
	RESERVED
CVE-2019-1010197
	RESERVED
CVE-2019-1010196
	RESERVED
CVE-2019-1010195
	RESERVED
CVE-2019-1010194
	RESERVED
CVE-2019-1010193 (hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). ...)
	NOT-FOR-US: hisiphp
CVE-2019-1010192
	RESERVED
CVE-2019-1010191 (marginalia &lt; 1.6 is affected by: SQL Injection. The impact is: The  ...)
	NOT-FOR-US: marginalia
CVE-2019-1010190 (mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact i ...)
	- mgetty 1.2.1-1
	[stretch] - mgetty <no-dsa> (Minor issue)
	[jessie] - mgetty <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
CVE-2019-1010189 (mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impac ...)
	- mgetty 1.2.1-1
	[stretch] - mgetty <no-dsa> (Minor issue)
	[jessie] - mgetty <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
CVE-2019-1010188
	RESERVED
CVE-2019-1010187
	RESERVED
CVE-2019-1010186
	RESERVED
CVE-2019-1010185
	RESERVED
CVE-2019-1010184
	RESERVED
CVE-2019-1010183 (serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion ...)
	NOT-FOR-US: serde_yaml
CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. Th ...)
	- rust-yaml-rust <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/chyh1990/yaml-rust/pull/109
CVE-2019-1010181
	RESERVED
CVE-2019-1010180 (GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ff71a9c80cfcf64c54d4ae938c644b1b1ea19fb
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23657
CVE-2019-1010179 (PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affe ...)
	NOT-FOR-US: PHKP
CVE-2019-1010178 (Fred MODX Revolution &lt; 1.0.0-beta5 is affected by: Incorrect Access ...)
	NOT-FOR-US: Fred MODX Revolution
CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: deni ...)
	NOT-FOR-US: Jsish
CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...)
	NOT-FOR-US: JerryScript
CVE-2019-1010175
	RESERVED
CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1
	NOTE: https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4)
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
	NOT-FOR-US: Jsish
CVE-2019-1010172 (Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. ...)
	NOT-FOR-US: Jsish
CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impac ...)
	NOT-FOR-US: Jsish
CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: den ...)
	NOT-FOR-US: Jsish
CVE-2019-1010169 (Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: ...)
	NOT-FOR-US: Jsish
CVE-2019-1010168
	RESERVED
CVE-2019-1010167
	RESERVED
CVE-2019-1010166
	RESERVED
CVE-2019-1010165
	RESERVED
CVE-2019-1010164
	RESERVED
CVE-2019-1010163 (Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overf ...)
	NOT-FOR-US: Socusoft Co Photo 2 Video Converter
CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. ...)
	NOT-FOR-US: Jsish
CVE-2019-1010161 (perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Cont ...)
	- libcrypt-jwt-perl <not-affected> (Fixed with initial upload to Debian)
	NOTE: https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483
CVE-2019-1010160
	RESERVED
CVE-2019-1010159
	RESERVED
CVE-2019-1010158
	RESERVED
CVE-2019-1010157
	RESERVED
CVE-2019-1010156
	REJECTED
CVE-2019-1010155 (** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication By ...)
	NOT-FOR-US: D-Link
CVE-2019-1010154
	RESERVED
CVE-2019-1010153 (zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sq ...)
	NOT-FOR-US: zzcms
CVE-2019-1010152 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...)
	NOT-FOR-US: zzcms
CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell.  ...)
	NOT-FOR-US: zzcms
CVE-2019-1010150 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...)
	NOT-FOR-US: zzcms
CVE-2019-1010149 (zzcms version 8.3 and earlier is affected by: File Delete to Code Exec ...)
	NOT-FOR-US: zzcms
CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. The impac ...)
	NOT-FOR-US: zzcms
CVE-2019-1010147 (Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: In ...)
	NOT-FOR-US: Yellowfin Smart Reporting
CVE-2019-1010146
	RESERVED
CVE-2019-1010145
	RESERVED
CVE-2019-1010144
	RESERVED
CVE-2019-1010143
	RESERVED
CVE-2019-1010142 (scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite ...)
	- scapy 2.4.2-1
	[buster] - scapy <no-dsa> (Minor issue)
	[stretch] - scapy <not-affected> (Vulnerable code not present)
	[jessie] - scapy <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/secdev/scapy/pull/1409
	NOTE: https://github.com/secdev/scapy/commit/0d7ae2b039f650a40e511d09eb961c782da025d9 (v2.4.1)
	NOTE: https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058
CVE-2019-1010141
	RESERVED
CVE-2019-1010140
	RESERVED
CVE-2019-1010139
	RESERVED
CVE-2019-1010138
	RESERVED
CVE-2019-1010137
	RESERVED
CVE-2019-1010136 (ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access ...)
	NOT-FOR-US: ChinaMobile GPN2.4P21-C-CN W2001EN-00
CVE-2019-1010135
	RESERVED
CVE-2019-1010134
	RESERVED
CVE-2019-1010133
	RESERVED
CVE-2019-1010132
	RESERVED
CVE-2019-1010131
	RESERVED
CVE-2019-1010130
	RESERVED
CVE-2019-1010129
	REJECTED
CVE-2019-1010128
	RESERVED
CVE-2019-1010127 (VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-fr ...)
	- vcftools 0.1.16-1
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[jessie] - vcftools 0.1.12+dfsg-1+deb8u1
	NOTE: https://github.com/vcftools/vcftools/commit/00a5b615a61054f23c01a04ebb6790a55029f695 (v0.1.16)
	NOTE: https://github.com/vcftools/vcftools/commit/e94e2992e2c0f4cc95864a42fe470c040f95712e (v0.1.16)
	NOTE: https://github.com/vcftools/vcftools/commit/d657d60e37f5d705f9dbb578b516db6e420fb424 (v0.1.16)
	NOTE: https://github.com/vcftools/vcftools/commit/f6453c581b8113053a25689226920f7ded2e8270 (fix for typo in warning log message))
	NOTE: CVE-2019-1010127 is a different issue than CVE-2018-11099, CVE-2018-11129 and
	NOTE: CVE-2018-11130 but covered with same set of upstream commits.
CVE-2019-1010126
	RESERVED
CVE-2019-1010125
	RESERVED
CVE-2019-1010124 (WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by:  ...)
	NOT-FOR-US: WebAppick WooCommerce Product Feed
CVE-2019-1010123 (MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Up ...)
	NOT-FOR-US: MODX Revolution Gallery
CVE-2019-1010122
	RESERVED
CVE-2019-1010121
	RESERVED
CVE-2019-1010120
	RESERVED
CVE-2019-1010119
	RESERVED
CVE-2019-1010118
	RESERVED
CVE-2019-1010117
	RESERVED
CVE-2019-1010116
	RESERVED
CVE-2019-1010115
	RESERVED
CVE-2019-1010114
	RESERVED
CVE-2019-1010113 (Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site ...)
	NOT-FOR-US: Premium Software CLEditor
CVE-2019-1010112 (OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Fo ...)
	NOT-FOR-US: OECMS
CVE-2019-1010111
	RESERVED
CVE-2019-1010110
	RESERVED
CVE-2019-1010109
	RESERVED
CVE-2019-1010108
	RESERVED
CVE-2019-1010107
	RESERVED
CVE-2019-1010106
	RESERVED
CVE-2019-1010105
	RESERVED
CVE-2019-1010104 (TechyTalk Quick Chat WordPress Plugin All up to the latest is affected ...)
	NOT-FOR-US: TechyTalk Quick Chat WordPress Plugin All
CVE-2019-1010103
	RESERVED
CVE-2019-1010102
	RESERVED
CVE-2019-1010101 (Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permiss ...)
	NOT-FOR-US: Akeo Consulting Rufus
CVE-2019-1010100 (Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order ...)
	NOT-FOR-US: Akeo Consulting Rufus
CVE-2019-1010099
	RESERVED
CVE-2019-1010098
	RESERVED
CVE-2019-1010097
	RESERVED
CVE-2019-1010096 (DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
	NOT-FOR-US: domainmod
CVE-2019-1010095 (DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
	NOT-FOR-US: domainmod
CVE-2019-1010094 (domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...)
	NOT-FOR-US: domainmod
CVE-2019-1010093
	RESERVED
CVE-2019-1010092
	RESERVED
CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...)
	- tinymce <undetermined>
	[jessie] - tinymce <ignored> (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie)
	NOTE: https://github.com/tinymce/tinymce/issues/4394
	TODO: check
CVE-2019-1010090
	RESERVED
CVE-2019-1010089
	RESERVED
CVE-2019-1010088
	RESERVED
CVE-2019-1010087
	RESERVED
CVE-2019-1010086
	RESERVED
CVE-2019-1010085
	RESERVED
CVE-2019-1010084 (Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect  ...)
	NOT-FOR-US: Dancer::Plugin::SimpleCRUD
CVE-2019-1010083 (The Pallets Project Flask before 1.0 is affected by: unexpected memory ...)
	- flask 1.0.2-1
	[stretch] - flask <no-dsa> (Minor issue)
	[jessie] - flask <no-dsa> (Minor issue)
	NOTE: https://www.palletsprojects.com/blog/flask-1-0-released/
	NOTE: https://github.com/pallets/flask/pull/2691/commits/ab4142215d836b0298fc47fa1e4b75408b9c37a0
	NOTE: After communication with MITRE, this CVE *might* overlap CVE-2018-1000656.
	NOTE: CVE-2019-1010083 was back then assigned by the DWF CNA, but the exact scope
	NOTE: of the CVE is unclear and might for instance be for an incomplete fix of
	NOTE: CVE-2018-1000656. As such it was only noted with a "may overlap". The
	NOTE: CVE-2019-1010083 only refers to the 1.0 release announcement and it is
	NOTE: guaranteed that it relates as well to pull request 2691. Upstream itself did
	NOTE: not comment on direct pings/questions back.
CVE-2019-1010082
	RESERVED
CVE-2019-1010081
	RESERVED
CVE-2019-1010080
	RESERVED
CVE-2019-1010079
	RESERVED
CVE-2019-1010078
	RESERVED
CVE-2019-1010077
	RESERVED
CVE-2019-1010076
	RESERVED
CVE-2019-1010075
	RESERVED
CVE-2019-1010074
	RESERVED
CVE-2019-1010073
	REJECTED
CVE-2019-1010072
	RESERVED
CVE-2019-1010071
	RESERVED
CVE-2019-1010070
	RESERVED
CVE-2019-1010069 (moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The  ...)
	- abcm2ps 8.14.2-0.1 (unimportant)
	NOTE: https://github.com/leesavide/abcm2ps/issues/18
	NOTE: https://github.com/leesavide/abcm2ps/commit/08aef597656d065e86075f3d53fda89765845eae (v8.13.21)
	NOTE: Crash in CLI tool, no security impact
CVE-2019-1010068
	RESERVED
CVE-2019-1010067
	RESERVED
CVE-2019-1010066 (Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: ...)
	NOT-FOR-US: Lawrence Livermore National Laboratory msr-safe
CVE-2019-1010065 (The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The ...)
	- sleuthkit 4.6.1-1 (unimportant)
	NOTE: https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b (4.6.1)
	NOTE: Negligible security impact
CVE-2019-1010064
	RESERVED
CVE-2019-1010063
	RESERVED
CVE-2019-1010062 (PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload ...)
	NOT-FOR-US: PluckCMS
CVE-2019-1010061
	REJECTED
CVE-2019-1010060 (NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: The issue is specifically to other issues not covered by CVE-2018-3846,
	NOTE: CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849 but fixed in 3.43. One
	NOTE: example is ftp_status in drvrnet.c mishandling a long string beginning
	NOTE: with a '4' character.
CVE-2019-1010059
	RESERVED
CVE-2019-1010058
	RESERVED
CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact  ...)
	- nfdump 1.6.17-1
	[stretch] - nfdump <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/phaag/nfdump/issues/104
	NOTE: https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e
CVE-2019-1010056
	RESERVED
CVE-2019-1010055
	RESERVED
CVE-2019-1010054 (Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The  ...)
	- dolibarr <removed>
CVE-2019-1010053
	RESERVED
CVE-2019-1010052
	RESERVED
CVE-2019-1010051
	RESERVED
CVE-2019-1010050
	RESERVED
CVE-2019-1010049
	RESERVED
CVE-2019-1010048
	REJECTED
CVE-2019-1010047
	RESERVED
CVE-2019-1010046
	RESERVED
CVE-2019-1010045
	RESERVED
CVE-2019-1010044 (borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: P ...)
	NOT-FOR-US: borg-reducer
CVE-2019-1010043 (Quake3e &lt; 5ed740d is affected by: Buffer Overflow. The impact is: P ...)
	- ioquake3 <unfixed> (unimportant)
	NOTE: https://github.com/ec-/Quake3e/issues/9
	NOTE: https://github.com/ec-/Quake3e/commit/fea3c4144c7b325634cdf638d1582c772a2db3bd
	NOTE: No security impact
CVE-2019-1010042
	REJECTED
CVE-2019-1010041
	RESERVED
CVE-2019-1010040
	RESERVED
CVE-2019-1010039 (uLaunchELF &lt; commit 170827a is affected by: Buffer Overflow. The im ...)
	NOT-FOR-US: uLaunchELF
CVE-2019-1010038 (OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is ...)
	NOT-FOR-US: OpenModelica OMCompiler
CVE-2019-1010037
	RESERVED
CVE-2019-1010036
	RESERVED
CVE-2019-1010035
	RESERVED
CVE-2019-1010034 (Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL  ...)
	NOT-FOR-US: Deepwoods Software WebLibrarian
CVE-2019-1010033
	RESERVED
CVE-2019-1010032
	RESERVED
CVE-2019-1010031
	RESERVED
CVE-2019-1010030
	REJECTED
CVE-2019-1010029
	RESERVED
CVE-2019-1010028 (phpscriptsmall.com School College Portal with ERP Script 2.6.1 and ear ...)
	NOT-FOR-US: School College Portal
CVE-2019-1010027
	RESERVED
CVE-2019-1010026
	RESERVED
CVE-2019-1010025 (** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...)
	- glibc <unfixed> (unimportant)
	NOTE: Not treated as a security issue by upstream
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22853
CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
	- glibc <unfixed> (unimportant)
	NOTE: Not treated as a security issue by upstream
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded libray with ...)
	- glibc <unfixed> (unimportant)
	NOTE: Not treated as a security issue by upstream
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851
CVE-2019-1010022 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
	- glibc <unfixed> (unimportant)
	NOTE: Not treated as a security issue by upstream
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22850
CVE-2019-1010021
	RESERVED
CVE-2019-1010020
	RESERVED
CVE-2019-1010019
	RESERVED
CVE-2019-1010018 (Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Script ...)
	- zammad <itp> (bug #841355)
CVE-2019-1010017 (libnmap &lt; v0.6.3 is affected by: XML Injection. The impact is: Deni ...)
	- python-libnmap <unfixed> (low)
	[buster] - python-libnmap <no-dsa> (Minor issue)
	NOTE: https://github.com/savon-noir/python-libnmap/issues/87
CVE-2019-1010016 (Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact  ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/7962
CVE-2019-1010015
	RESERVED
CVE-2019-1010014
	RESERVED
CVE-2019-1010013
	RESERVED
CVE-2019-1010012
	RESERVED
CVE-2019-1010011
	REJECTED
CVE-2019-1010010
	RESERVED
CVE-2019-1010009 (DGLogik Inc DGLux Server All Versions is affected by: Insecure Permiss ...)
	NOT-FOR-US: DGLogik Inc DGLux Server
CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scr ...)
	NOT-FOR-US: OpenEnergyMonitor Project Emoncms
CVE-2019-1010007
	RESERVED
CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...)
	{DSA-4624-1 DLA-1882-1 DLA-1881-1}
	- atril 1.22.2-1
	[buster] - atril 1.20.3-1+deb10u1
	- evince 3.27.92-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980
	NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e6ed0d4cdb6326e329c8f61f9cc19ff9331cb0ce (3.27.91)
	NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 (3.27.91)
CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...)
	NOT-FOR-US: HexoEditor
CVE-2019-1010004 (SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds  ...)
	{DLA-1695-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #881121)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53
CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...)
	NOT-FOR-US: Leanote
CVE-2019-1010002
	RESERVED
CVE-2019-1010001
	RESERVED
CVE-2019-6341 (In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.1 ...)
	{DSA-4412-1 DLA-1746-1}
	- drupal7 <removed> (bug #925176)
	NOTE: https://www.drupal.org/SA-CORE-2019-004
CVE-2019-9893 (libseccomp before 2.4.0 did not correctly generate 64-bit syscall argu ...)
	- libseccomp 2.4.1-1 (unimportant; bug #924646)
	NOTE: https://github.com/seccomp/libseccomp/issues/139
	NOTE: No security issue by itself
CVE-2019-9887
	RESERVED
CVE-2019-9886 (Any URLs with download_attachment.php under templates or home folders  ...)
	NOT-FOR-US: BroadLearning eClass
CVE-2019-9885 (eClass platform &lt; ip.2.5.10.2.1 allows an attacker to execute SQL c ...)
	NOT-FOR-US: eClass platform
CVE-2019-9884 (eClass platform &lt; ip.2.5.10.2.1 allows an attacker to use GETS meth ...)
	NOT-FOR-US: eClass platform
CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
	NOT-FOR-US: MailSherlock
CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...)
	NOT-FOR-US: MailSherlock
CVE-2019-9881 (The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress ...)
	NOT-FOR-US: WPGraphQL plugin for WordPress
CVE-2019-9880 (An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. B ...)
	NOT-FOR-US: WPGraphQL plugin for WordPress
CVE-2019-9879 (The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to re ...)
	NOT-FOR-US: WPGraphQL plugin for WordPress
CVE-2019-9878 (There is an invalid memory access in the function GfxIndexedColorSpace ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-9877 (There is an invalid memory access vulnerability in the function TextPa ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which doesn't contain the vulnerable code)
CVE-2019-9876
	RESERVED
CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Sitecore  ...)
	NOT-FOR-US: Sitecore CMS
CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...)
	NOT-FOR-US: Sitecore CMS
CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run  ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...)
	NOT-FOR-US: Jector Smart TV FM-K75 devices
CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
	NOT-FOR-US: w8tcha oEmbed plugin for CKEditor
CVE-2019-9869
	RESERVED
CVE-2019-9868 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...)
	NOT-FOR-US: Veritas NetBackup Appliance
CVE-2019-9867 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...)
	NOT-FOR-US: Veritas NetBackup Appliance
CVE-2019-9866 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.8.3-1 (bug #925196)
	NOTE: https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
CVE-2019-9865 (When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specia ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...)
	NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS  ...)
	NOT-FOR-US: ABUS
CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...)
	NOT-FOR-US: ABUS
CVE-2019-9861 (Due to the use of an insecure RFID technology (MIFARE Classic), ABUS p ...)
	NOT-FOR-US: ABUS
CVE-2019-9860 (Due to unencrypted signal communication and predictability of rolling  ...)
	NOT-FOR-US: ABUS
CVE-2019-9859 (Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to  ...)
	NOT-FOR-US: Vesta Control Panel (VestaCP)
CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5.2.22 ...)
	{DSA-4468-1 DLA-1822-1}
	- php-horde-form 2.0.18-3.1 (bug #930321)
	NOTE: https://ssd-disclosure.com/archives/3814/ssd-advisory-horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce
	NOTE: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e
CVE-2019-9856
	RESERVED
CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
	- libreoffice <not-affected> (Windows-specific)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/
CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...)
	{DSA-4519-1 DLA-1947-1}
	- libreoffice 1:6.3.1~rc2-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/
CVE-2019-9853 (LibreOffice documents can contain macros. The execution of those macro ...)
	{DSA-4501-1 DLA-1947-1}
	- libreoffice 1:6.3.0-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9853
CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...)
	{DSA-4501-1 DLA-1947-1}
	- libreoffice 1:6.3.0-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/
CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
	{DSA-4501-1 DLA-1947-1}
	- libreoffice 1:6.3.0-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/
CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...)
	{DSA-4501-1 DLA-1947-1}
	- libreoffice 1:6.3.0-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/
CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from location ...)
	{DSA-4483-1 DLA-1947-1}
	[experimental] - libreoffice 1:6.3.0~beta2-1
	- libreoffice 1:6.3.0~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/
CVE-2019-9848 (LibreOffice has a feature where documents can specify that pre-install ...)
	{DSA-4483-1 DLA-1947-1}
	[experimental] - libreoffice 1:6.3.0~beta2-1
	- libreoffice 1:6.3.0~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/
CVE-2019-9847 (A vulnerability in LibreOffice hyperlink processing allows an attacker ...)
	- libreoffice <not-affected> (Only affects Libreoffice on Windows and macOS)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847/
CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_existin ...)
	- linux 4.19.37-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
CVE-2019-9846 (RockOA 1.8.7 allows remote attackers to obtain sensitive information b ...)
	NOT-FOR-US: RockOA
CVE-2019-9845 (madskristensen Miniblog.Core through 2019-01-16 allows remote attacker ...)
	NOT-FOR-US: madskristensen Miniblog.Core
CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows ...)
	NOT-FOR-US: Khan Academy simple-markdown
CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and befo ...)
	NOT-FOR-US: DiffPlug Spotless
CVE-2019-9842 (madskristensen MiniBlog through 2018-05-18 allows remote attackers to  ...)
	NOT-FOR-US: madskristensen Miniblog
CVE-2019-9841 (Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2019-9840
	RESERVED
CVE-2018-20814 (An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Con ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20813 (An input validation issue has been found with login_meeting.cgi in Pul ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20812 (An information exposure issue where IPv6 DNS traffic would be sent out ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20811 (A hidden RPC service issue was found with Pulse Secure Pulse Connect S ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20810 (Session data between cluster nodes during cluster synchronization is n ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20809 (A crafted message can cause the web server to crash with Pulse Secure  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20808 (An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Conne ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the  ...)
	- phamm <unfixed> (low; bug #924731)
	[stretch] - phamm <no-dsa> (Minor issue)
	[jessie] - phamm <no-dsa> (Minor issue)
	NOTE: https://github.com/lota/phamm/issues/24
CVE-2019-9839 (VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descri ...)
	NOT-FOR-US: VFront
CVE-2019-9838 (VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera par ...)
	NOT-FOR-US: VFront
CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorke ...)
	- ruby-doorkeeper-openid-connect 1.5.5-1 (bug #924747)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD)  ...)
	NOT-FOR-US: AMD Secure Encrypted Virtualization (SEV)
CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set L ...)
	NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices
CVE-2019-9834 (** DISPUTED ** The Netdata web application through 1.13.0 allows remot ...)
	- netdata <unfixed> (unimportant)
	NOTE: https://github.com/netdata/netdata/issues/5800#issuecomment-510986112
	NOTE: Risk disupted by upstream because there is a clear warning next to the
	NOTE: button for importing a snapshot, thus treat the issue as unimportant with
	NOTE: negligible impact.
CVE-2019-9833 (The Screen Stream application through 3.0.15 for Android allows remote ...)
	NOT-FOR-US: Screen Stream application for Android
CVE-2019-9832 (The AirDrop application through 2.0 for Android allows remote attacker ...)
	NOT-FOR-US: AirDrop application for Android
CVE-2019-9831 (The AirMore application through 1.6.1 for Android allows remote attack ...)
	NOT-FOR-US: AirMore application for Android
CVE-2018-20805
	RESERVED
CVE-2018-20804
	RESERVED
CVE-2018-20803
	RESERVED
CVE-2018-20802
	RESERVED
CVE-2017-18363
	RESERVED
CVE-2015-9283
	RESERVED
CVE-2019-9830
	RESERVED
CVE-2019-9829 (Maccms 10 allows remote attackers to execute arbitrary PHP code by ent ...)
	NOT-FOR-US: Maccms
CVE-2019-9828
	RESERVED
CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote att ...)
	NOT-FOR-US: Hawtio
CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows Denial of S ...)
	{DLA-1775-1}
	- phpbb3 <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/29/3
	NOTE: Fixed by https://github.com/phpbb/phpbb/commit/3075d2fecc9f5bb780bb478c0851a704c7f9b392
CVE-2019-9825 (FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arb ...)
	NOT-FOR-US: FeiFeiCMS
CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 u ...)
	{DSA-4454-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-6
	- qemu-kvm <removed>
	- slirp4netns 0.3.1-1
	[buster] - slirp4netns 0.2.3-1
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
	NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-9822
	RESERVED
CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread due to  ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
CVE-2019-9820 (A use-after-free vulnerability can occur in the chrome event handler w ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
CVE-2019-9819 (A vulnerability where a JavaScript compartment mismatch can occur whil ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
CVE-2019-9818 (A race condition is present in the crash generation server used to gen ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
CVE-2019-9817 (Images from a different domain can be read using a canvas object in so ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
CVE-2019-9816 (A possible vulnerability exists where type confusion can occur when ma ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
CVE-2019-9815 (If hyperthreading is not disabled, a timing attack vulnerability exist ...)
	- firefox <not-affected> (MacOS-specific)
	- firefox-esr <not-affected> (MacOS-specific)
	- thunderbird <not-affected> (MacOS-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815
CVE-2019-9814 (Mozilla developers and community members reported memory safety bugs p ...)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814
CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confusion i ...)
	{DSA-4417-1 DLA-1727-1}
	- firefox 66.0.1-1
	- firefox-esr 60.6.1esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
CVE-2019-9812 (Given a compromised sandboxed content process due to a separate vulner ...)
	{DSA-4516-1 DLA-1910-1}
	- firefox 69.0-1
	- firefox-esr 68.1.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-9812
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-9812
CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...)
	{DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1}
	- firefox 68.0-1
	- firefox-esr 60.8.0esr-1
	- thunderbird 1:60.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-9811
CVE-2019-9810 (Incorrect alias information in IonMonkey JIT compiler for Array.protot ...)
	{DSA-4417-1 DLA-1727-1}
	- firefox 66.0.1-1
	- firefox-esr 60.6.1esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9810
CVE-2019-9809 (If the source for resources on a page is through an FTP connection, it ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9809
CVE-2019-9808 (If WebRTC permission is requested from documents with data: or blob: U ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808
CVE-2019-9807 (When arbitrary text is sent over an FTP connection and a page reload i ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9807
CVE-2019-9806 (A vulnerability exists during authorization prompting for FTP transact ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9806
CVE-2019-9805 (A latent vulnerability exists in the Prio library where data may be re ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9805
CVE-2019-9804 (In Firefox Developer Tools it is possible that pasting the result of t ...)
	- firefox <not-affected> (MacOS-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9804
CVE-2019-9803 (The Upgrade-Insecure-Requests (UIR) specification states that if UIR i ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9803
CVE-2019-9802 (If a Sandbox content process is compromised, it can initiate an FTP do ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9802
CVE-2019-9801 (Firefox will accept any registered Program ID as an external protocol  ...)
	- firefox-esr <not-affected> (Windows-specific)
	- firefox <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9801
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9801
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
CVE-2019-9800 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9800
CVE-2019-9799 (Insufficient bounds checking of data during inter-process communicatio ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB, whic ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	- firefox 66.0-1
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9797
CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL animation contr ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9796
CVE-2019-9795 (A vulnerability where type-confusion in the IonMonkey just-in-time (JI ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9795
CVE-2019-9794 (A vulnerability was discovered where specific command line arguments a ...)
	- firefox-esr <not-affected> (Windows-specific)
	- firefox <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9794
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9794
CVE-2019-9793 (A mechanism was discovered that removes some bounds checking for strin ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793
CVE-2019-9792 (The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9792
CVE-2019-9791 (The type inference system allows the compilation of functions that can ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9791
CVE-2019-9790 (A use-after-free vulnerability can occur when a raw pointer to a DOM e ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9790
CVE-2019-9789 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 66.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
CVE-2019-9788 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox-esr 60.6.0esr-1
	- firefox 66.0-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9788
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9788
CVE-2019-9786
	RESERVED
CVE-2019-9785 (gitnote 3.1.0 allows remote attackers to execute arbitrary code via a  ...)
	NOT-FOR-US: gitnote
CVE-2019-9784
	RESERVED
CVE-2019-9783
	RESERVED
CVE-2019-9782
	RESERVED
CVE-2019-9781
	RESERVED
CVE-2019-9780
	RESERVED
CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of b ...)
	NOT-FOR-US: Highcharts JS
CVE-2019-9787 (WordPress before 5.1.1 does not properly filter comment content, leadi ...)
	{DLA-1742-1}
	- wordpress 5.1.1+dfsg1-1 (bug #924546)
	[buster] - wordpress 5.0.4+dfsg1-1
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u6
	NOTE: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
CVE-2019-9779 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9778 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9777 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9776 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9775 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an  ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9774 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an  ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9773 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9772 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9771 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9770 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...)
	- libredwg <itp> (bug #595191)
CVE-2019-9769 (PilusCart 1.4.1 is vulnerable to index.php?module=users&amp;action=new ...)
	NOT-FOR-US: PilusCart
CVE-2019-9768 (Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies o ...)
	NOT-FOR-US: Thinkst Canarytokens
CVE-2019-9767 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting ...)
	NOT-FOR-US: Free MP3 CD Ripper
CVE-2019-9766 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting ...)
	NOT-FOR-US: Free MP3 CD Ripper
CVE-2019-9765 (In Blog_mini 1.0, XSS exists via the author name of a comment reply in ...)
	NOT-FOR-US: Blog_mini
CVE-2019-9764 (HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ...)
	- consul <not-affected> (Only affected 1.4.3 version)
	NOTE: https://github.com/hashicorp/consul/issues/5519
CVE-2019-9763 (An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS  ...)
	NOT-FOR-US: Openfind Mail2000 Webmail
CVE-2019-9762 (A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment ...)
	NOT-FOR-US: PHPSHE
CVE-2019-9761 (An XXE issue was discovered in PHPSHE 1.7, which can be used to read a ...)
	NOT-FOR-US: PHPSHE
CVE-2019-9760 (FTPGetter Standard v.5.97.0.177 allows remote code execution when a us ...)
	NOT-FOR-US: FTPGetter
CVE-2019-9759 (An issue was discovered in TONGDA Office Anywhere 10.18.190121. There  ...)
	NOT-FOR-US: TONGDA Office Anywhere
CVE-2019-9758 (An issue was discovered in LabKey Server 19.1.0. The display name of a ...)
	NOT-FOR-US: LabKey Server
CVE-2019-9757 (An issue was discovered in LabKey Server 19.1.0. Sending an SVG contai ...)
	NOT-FOR-US: LabKey Server
CVE-2019-9756 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9755 (An integer underflow issue exists in ntfs-3g 2017.3.23. A local attack ...)
	{DSA-4413-1 DLA-1724-1}
	- ntfs-3g 1:2017.3.23AR.3-3 (bug #925255)
	NOTE: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (low; bug #925127)
	[buster] - tcc <ignored> (Minor issue)
	[stretch] - tcc <ignored> (Minor issue)
	[jessie] - tcc <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html
CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x befor ...)
	- otrs2 <not-affected> (Only affects 7.x series)
	NOTE: https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework
CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...)
	{DLA-1721-1}
	- otrs2 6.0.16-1
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15
CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...)
	- otrs2 6.0.17-1
	[buster] - otrs2 6.0.16-2
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <not-affected> (Vulnerable code not present)
	NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a
CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...)
	- otrs2 6.0.14-1
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	[jessie] - otrs2 <not-affected> (Vulnerable code not present)
	NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/7d3c56d5b9bb38207695dae174dbba89a132e7b9
	NOTE: For upstream versions only did affect OTRS 6.0.13 and OTRS 5.0.31.
CVE-2019-9750 (In IoTivity through 1.3.1, the CoAP server interface can be used for D ...)
	- iotivity <itp> (bug #824155)
CVE-2019-9749 (An issue was discovered in the MQTT input plugin in Fluent Bit through ...)
	NOT-FOR-US: Fluent Bit
CVE-2019-9748 (In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted ...)
	NOT-FOR-US: tinysvcmdns
CVE-2019-9747 (In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multica ...)
	NOT-FOR-US: tinysvcmdns
CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused by the ...)
	NOT-FOR-US: libwebm
	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2019-9745 (CloudCTI HIP Integrator Recognition Configuration Tool allows privileg ...)
	NOT-FOR-US: CloudCTI HIP Integrator Recognition Configuration Tool
CVE-2019-9744 (An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN ...)
	NOT-FOR-US: PHOENIX
CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211- ...)
	NOT-FOR-US: PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices
CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attac ...)
	NOT-FOR-US: G Data Total Security
CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...)
	{DLA-1749-1}
	- golang-1.12 1.12-1
	- golang-1.11 1.11.6-1 (bug #924630)
	- golang-1.8 <removed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	NOTE: https://github.com/golang/go/issues/30794
	NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
	NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
	{DLA-1835-1 DLA-1834-1}
	- python3.7 3.7.4~rc2-2
	[buster] - python3.7 3.7.3-2+deb10u1
	- python3.6 <removed>
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.16-3
	[buster] - python2.7 2.7.16-2+deb10u1
	[stretch] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue36276
	NOTE: https://bugs.python.org/issue30458
	NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740
	NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
CVE-2019-9739
	RESERVED
CVE-2019-9738 (jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '&lt;E ...)
	NOT-FOR-US: jimmykuu Gopher
CVE-2019-9737 (Editor.md 1.5.0 has DOM-based XSS via vectors involving the '&lt;EMBED ...)
	NOT-FOR-US: pandao Editor.md
CVE-2019-9736 (DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving t ...)
	NOT-FOR-US: 1024Tools Markdown
CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenStack N ...)
	{DSA-4409-1}
	- neutron 2:13.0.2-13 (bug #924508)
	[jessie] - neutron <not-affected> (Vulnerable code not present, all supported protocols are handled correctly)
	NOTE: https://launchpad.net/bugs/1818385
CVE-2019-9734 (Aquarius CMS through 4.3.5 writes POST and GET parameters (including p ...)
	NOT-FOR-US: aquaverde Aquarius CMS
CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2
	NOTE: https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/
CVE-2019-9731
	RESERVED
CVE-2019-9730 (Incorrect access control in the CxUtilSvc component of the Synaptics S ...)
	NOT-FOR-US: Lenovo
CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows pr ...)
	NOT-FOR-US: Shanda MapleStory Online
CVE-2019-9728
	RESERVED
CVE-2019-9727 (Unauthenticated password hash disclosure in the User.getUserPWD method ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU3
CVE-2019-9726 (Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3. ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU3
CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devi ...)
	NOT-FOR-US: Korenix JetPort devices
CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information Exposure throu ...)
	NOT-FOR-US: aquaverde Aquarius CMS
CVE-2019-9723 (LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vul ...)
	NOT-FOR-US: LogicalDOC
CVE-2019-9722
	RESERVED
CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows attac ...)
	- ffmpeg 7:4.1.3-1 (bug #926666)
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...)
	- libav <removed> (unimportant)
	NOTE: Actual vulnerability description is (https://lgtm.com/security/):
	NOTE: "Denial of service due to quadratic call to strstr in srtdec.c"
	NOTE: Using strstr is not an actual DoS
CVE-2019-9719 (** DISPUTED ** A stack-based buffer overflow in the subtitle decoder i ...)
	- libav <unfixed> (unimportant)
	NOTE: Generic low-certainty warning about snprintf usage without rationale
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
	{DSA-4449-1}
	- ffmpeg 7:4.1.3-1 (low; bug #926666)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder allows atta ...)
	- libav <removed> (unimportant)
	NOTE: Non-trivial sscanf format is not an actual DoS
CVE-2019-9716
	RESERVED
CVE-2019-9715
	RESERVED
CVE-2019-9714 (An issue was discovered in Joomla! before 3.9.4. The media form field  ...)
	NOT-FOR-US: Joomla!
CVE-2019-9713 (An issue was discovered in Joomla! before 3.9.4. The sample data plugi ...)
	NOT-FOR-US: Joomla!
CVE-2019-9712 (An issue was discovered in Joomla! before 3.9.4. The JSON handler in c ...)
	NOT-FOR-US: Joomla!
CVE-2019-9711 (An issue was discovered in Joomla! before 3.9.4. The item_title layout ...)
	NOT-FOR-US: Joomla!
CVE-2019-9710 (An issue was discovered in webargs before 5.1.3, as used with marshmal ...)
	NOT-FOR-US: webargs
CVE-2019-9709 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...)
	- mahara <removed>
CVE-2019-9708 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...)
	- mahara <removed>
CVE-2019-9707
	RESERVED
CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to  ...)
	{DLA-1723-1}
	- cron 3.0pl1-133 (low)
	[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
	NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/26814a26
CVE-2019-9706 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to  ...)
	{DLA-1723-1}
	- cron 3.0pl1-133 (bug #809167)
	[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
	NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/40791b93
CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to  ...)
	{DLA-1723-1}
	- cron 3.0pl1-133 (low)
	[stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
	NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567
CVE-2019-9703 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible  ...)
	NOT-FOR-US: Symantec
CVE-2019-9702 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible  ...)
	NOT-FOR-US: Symantec
CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site ...)
	NOT-FOR-US: DLP (Symantec)
CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an ...)
	NOT-FOR-US: Norton Password Manager
CVE-2019-9699 (Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an ...)
	NOT-FOR-US: Symantec
CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
	NOT-FOR-US: Symantec
CVE-2019-9697 (An information disclosure vulnerability in the Management Center (MC)  ...)
	NOT-FOR-US: Symantec
CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible to a ...)
	NOT-FOR-US: Symantec
CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
	NOT-FOR-US: Norton Core
CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...)
	NOT-FOR-US: Symantec
CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9691
	RESERVED
CVE-2019-9690
	RESERVED
CVE-2019-9689 (process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2 ...)
	- axtls <unfixed> (bug #953326)
CVE-2019-9688 (sftnow through 2018-12-29 allows index.php?g=Admin&amp;m=User&amp;a=ad ...)
	NOT-FOR-US: sftnow
CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF ...)
	- libpodofo 0.9.6+dfsg-5 (bug #924430)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/code/1969
CVE-2019-9686 (pacman before 5.1.3 allows directory traversal when installing a remot ...)
	NOT-FOR-US: pacman package manager for arch, different from src:pacman
CVE-2019-9685
	RESERVED
CVE-2019-9684
	RESERVED
CVE-2019-9683
	RESERVED
CVE-2019-9682 (Dahua devices with Build time before December 2019 use strong security ...)
	NOT-FOR-US: Dahua
CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...)
	NOT-FOR-US: Dahua
CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...)
	NOT-FOR-US: Dahua
CVE-2019-9679 (Some of Dahua's Debug functions do not have permission separation. Low ...)
	NOT-FOR-US: Dahua
CVE-2019-9678 (Some Dahua products have the problem of denial of service during the l ...)
	NOT-FOR-US: Dahua
CVE-2019-9677 (The specific fields of CGI interface of some Dahua products are not st ...)
	NOT-FOR-US: Dahua
CVE-2019-9676 (Buffer overflow vulnerability found in some Dahua IP Camera devices IP ...)
	NOT-FOR-US: Dahua IP Camera devices
CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7. ...)
	{DSA-4403-1}
	- php7.3 7.3.3-1 (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in 7.1.27, 7.3.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586
CVE-2019-9674 (Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...)
	- python3.8 <unfixed> (unimportant)
	- python3.7 <removed> (unimportant)
	- python3.5 <removed> (unimportant)
	- python3.4 <removed> (unimportant)
	- python2.7 <unfixed> (unimportant)
	NOTE: https://bugs.python.org/issue36260
	NOTE: https://bugs.python.org/issue36462
	NOTE: Improved documentation: https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2
CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript e ...)
	NOT-FOR-US: Freenet
CVE-2019-9672
	RESERVED
CVE-2019-9671
	RESERVED
CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before  ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...)
	NOT-FOR-US: Wordfence plugin for WordPress
CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...)
	NOT-FOR-US: rovinbhandari FTP
CVE-2019-9667
	RESERVED
CVE-2019-9666
	RESERVED
CVE-2019-9665
	RESERVED
CVE-2019-9664
	RESERVED
CVE-2019-9663
	RESERVED
CVE-2019-9662 (An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management mod ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2019-9661 (Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_confi ...)
	NOT-FOR-US: YzmCMS
CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catn ...)
	NOT-FOR-US: YzmCMS
CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static codes in th ...)
	NOT-FOR-US: Chuango
CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...)
	{DLA-2099-1}
	- checkstyle 8.29-1
	[buster] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
	[stretch] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
	NOTE: https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266
	NOTE: https://github.com/checkstyle/checkstyle/issues/7468
	NOTE: https://github.com/checkstyle/checkstyle/security/advisories/GHSA-763g-fqq7-48wg
CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
	{DLA-1768-1}
	- checkstyle 8.26-1 (low; bug #924598)
	[buster] - checkstyle 8.15-1+deb10u1
	[stretch] - checkstyle <no-dsa> (Minor issue)
	NOTE: https://github.com/checkstyle/checkstyle/issues/6474
	NOTE: https://github.com/checkstyle/checkstyle/issues/6478
	NOTE: https://github.com/checkstyle/checkstyle/pull/6476
	NOTE: https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6
	NOTE: When fixing this issue make sure to apply the complete fix to not open
	NOTE: CVE-2019-10782.
CVE-2019-9657 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a d ...)
	NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dere ...)
	{DLA-2001-1}
	- libofx 1:0.9.15-1 (unimportant; bug #924350)
	[buster] - libofx 1:0.9.14-1+deb10u1
	[stretch] - libofx 1:0.9.10-2+deb9u2
	NOTE: https://github.com/libofx/libofx/issues/22
	NOTE: Negligible security impact
CVE-2019-9655
	RESERVED
CVE-2019-9654
	RESERVED
CVE-2019-9653 (NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauth ...)
	NOT-FOR-US: NUUO Network Video Recorder Firmware
CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an m=admin&amp;c=theme&amp;a=edit re ...)
	NOT-FOR-US: SDCMS
CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the \app\admin\controller\th ...)
	NOT-FOR-US: SDCMS
CVE-2019-9650 (An XSS issue was discovered in upcoming_events.php in the Upcoming Eve ...)
	NOT-FOR-US: MyBB plugin
CVE-2019-9649 (An issue was discovered in the SFTP Server component in Core FTP 2.0 B ...)
	NOT-FOR-US: Core FTP
CVE-2019-9648 (An issue was discovered in the SFTP Server component in Core FTP 2.0 B ...)
	NOT-FOR-US: Core FTP
CVE-2019-9647 (Gila CMS 1.9.1 has XSS. ...)
	NOT-FOR-US: Gila CMS
CVE-2019-9645
	RESERVED
CVE-2019-9646 (The Contact Form Email plugin before 1.2.66 for WordPress allows wp-ad ...)
	NOT-FOR-US: WordPress plugin contact-form-to-email
CVE-2019-9644 (An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook befor ...)
	- jupyter-notebook 5.7.8-1 (bug #924515)
	NOTE: https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c
	NOTE: https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798
	NOTE: https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119
CVE-2019-9643
	RESERVED
CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...)
	- extplorer <removed>
CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...)
	{DLA-1835-1 DLA-1834-1}
	- python3.7 3.7.3~rc1-1 (bug #924072)
	- python3.6 <removed>
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.16-2 (bug #924073)
	[stretch] - python2.7 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue36216
	NOTE: https://github.com/python/cpython/pull/12201
	NOTE: https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
	NOTE: https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be (3.7.x)
	NOTE: https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5 (2.7.x)
	NOTE: Regression fix: https://bugs.python.org/issue36742
	NOTE: When fixing this issue make sure to not open CVE-2019-10160.
CVE-2019-9635 (NULL pointer dereference in Google TensorFlow before 1.12.2 could caus ...)
	- tensorflow <itp> (bug #804612)
CVE-2019-1003039 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003038 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003037 (An information exposure vulnerability exists in Jenkins Azure VM Agent ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003036 (A data modification vulnerability exists in Jenkins Azure VM Agents Pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003035 (An information exposure vulnerability exists in Jenkins Azure VM Agent ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003034 (A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003033 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003032 (A sandbox bypass vulnerability exists in Jenkins Email Extension Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003031 (A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003030 (A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003029 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary functionality,  ...)
	- golang-1.12 <not-affected> (Only affects Go on Windows)
	- golang-1.11 <not-affected> (Only affects Go on Windows)
	- golang-1.10 <not-affected> (Only affects Go on Windows)
CVE-2019-9637 (An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ...)
	{DSA-4403-1 DLA-1741-1}
	- php7.3 7.3.3-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630
CVE-2019-9641 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
	{DSA-4403-1 DLA-1741-1}
	- php7.3 7.3.3-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509
CVE-2019-9640 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
	{DSA-4403-1 DLA-1741-1}
	- php7.3 7.3.3-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540
CVE-2019-9639 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
	{DSA-4403-1 DLA-1741-1}
	- php7.3 7.3.3-1 (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659
CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
	{DSA-4403-1 DLA-1741-1}
	- php7.3 7.3.3-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77563
CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...)
	- glib2.0 <not-affected> (Vulnerable code introduced in 2.59.1, cf #924344)
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1649
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e (2.59.2)
	NOTE: Issue only in 2.59.1 and fixed in 2.59.2.
CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability vi ...)
	NOT-FOR-US: ESAFENET CDG
CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...)
	{DLA-1752-1}
	- poppler 0.71.0-4 (bug #926673)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
CVE-2019-9630 (Sonatype Nexus Repository Manager before 3.17.0 has a weak default of  ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-9629 (Sonatype Nexus Repository Manager before 3.17.0 establishes a default  ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-9628 (The XMLTooling library all versions prior to V3.0.4, provided with the ...)
	{DSA-4407-1 DLA-1710-1}
	- xmltooling 3.0.4-1 (bug #924346)
	NOTE: https://shibboleth.net/community/advisories/secadv_20190311.txt
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-143
	NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5
CVE-2019-9627 (A buffer overflow in the kernel driver CybKernelTracker.sys in CyberAr ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to in ...)
	NOT-FOR-US: PHPSHE
CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to cr ...)
	NOT-FOR-US: JBMC DirectAdmin
CVE-2019-XXXX [high memory usage with some long running sessions]
	- proftpd-dfsg 1.3.5d-1 (bug #923926)
	[stretch] - proftpd-dfsg <ignored> (Minor issue)
	[jessie] - proftpd-dfsg 1.3.5e-0+deb8u1
	NOTE: https://github.com/proftpd/proftpd/issues/330#issuecomment-276891713
	NOTE: https://forum.armbian.com/topic/9692-nanopi-neo-2-memory-leak-in-proftpd-even-worse-if-ssl-encrypted/?do=findComment&comment=73069
CVE-2019-9624 (Webmin 1.900 allows remote attackers to execute arbitrary code by leve ...)
	- webmin <removed>
CVE-2019-9623 (Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code  ...)
	NOT-FOR-US: Feng Office
CVE-2019-9622 (eBrigade through 4.5 allows Arbitrary File Download via ../ directory  ...)
	NOT-FOR-US: eBrigade
CVE-2019-9621 (Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 pa ...)
	NOT-FOR-US: Zimbra
CVE-2019-9620
	RESERVED
CVE-2019-9619
	REJECTED
CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows Local File ...)
	NOT-FOR-US: GraceMedia Media Player plugin for WordPress
CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
	NOT-FOR-US: OFCMS
CVE-2019-9616 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
	NOT-FOR-US: OFCMS
CVE-2019-9615 (An issue was discovered in OFCMS before 1.1.3. It allows admin/system/ ...)
	NOT-FOR-US: OFCMS
CVE-2019-9614 (An issue was discovered in OFCMS before 1.1.3. A command execution vul ...)
	NOT-FOR-US: OFCMS
CVE-2019-9613 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
	NOT-FOR-US: OFCMS
CVE-2019-9612 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
	NOT-FOR-US: OFCMS
CVE-2019-9611 (An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/tem ...)
	NOT-FOR-US: OFCMS
CVE-2019-9610 (An issue was discovered in OFCMS before 1.1.3. It has admin/cms/templa ...)
	NOT-FOR-US: OFCMS
CVE-2019-9609 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
	NOT-FOR-US: OFCMS
CVE-2019-9608 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...)
	NOT-FOR-US: OFCMS
CVE-2019-9607 (PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by n ...)
	NOT-FOR-US: PHP Scripts Mall Medical Store Script
CVE-2019-9606 (PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS ...)
	NOT-FOR-US: PHP Scripts Mall Personal Video Collection Script
CVE-2019-9605 (PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflect ...)
	NOT-FOR-US: PHP Scripts Mall Online Lottery PHP Readymade Script
CVE-2019-9604 (PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-S ...)
	NOT-FOR-US: PHP Scripts Mall Online Lottery PHP Readymade Script
CVE-2019-9603 (MiniCMS 1.10 allows mc-admin/post.php?state=publish&amp;delete= CSRF t ...)
	NOT-FOR-US: MiniCMS
CVE-2019-9602
	RESERVED
CVE-2019-9601 (The ApowerManager application through 3.1.7 for Android allows remote  ...)
	NOT-FOR-US: ApowerManager application for Android
CVE-2019-9600 (The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application ...)
	NOT-FOR-US: Olive Tree FTP Server application for Android
CVE-2019-9599 (The AirDroid application through 4.2.1.6 for Android allows remote att ...)
	NOT-FOR-US: AirDroid application for Android
CVE-2019-9598 (An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF ...)
	NOT-FOR-US: Cscms
CVE-2019-9597 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /con ...)
	NOT-FOR-US: Darktrace Enterprise Immune System
CVE-2019-9596 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whi ...)
	NOT-FOR-US: Darktrace Enterprise Immune System
CVE-2019-9595 (AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter ...)
	NOT-FOR-US: AppCMS
CVE-2019-9594 (BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploa ...)
	NOT-FOR-US: BlueCMS
CVE-2019-9593 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Conne ...)
	NOT-FOR-US: ShoreTel Connect
CVE-2019-9592 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Conne ...)
	NOT-FOR-US: ShoreTel Connect
CVE-2019-9591 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Conne ...)
	NOT-FOR-US: ShoreTel Connect
CVE-2019-9590 (An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allo ...)
	NOT-FOR-US: TENGCONTROL devices
CVE-2019-9589 (There is a NULL pointer dereference vulnerability in PSOutputDev::setu ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which doesn't contain the vulnerable code)
CVE-2019-9588 (There is an Invalid memory access in gAtomicIncrement() located at GMu ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which doesn't contain the vulnerable code)
CVE-2019-9587 (There is a stack consumption issue in md5Round1() located in Decrypt.c ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-9586
	RESERVED
CVE-2019-9585 (eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON AP ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-9584 (eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-9583 (eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This al ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-9582 (eQ-3 Homematic CCU2 outdated base software packages allows Denial of S ...)
	NOT-FOR-US: eQ-3 Homematic
CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via  ...)
	NOT-FOR-US: phpscheduleit Booked Scheduler
CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3,  ...)
	NOT-FOR-US: StackStorm
CVE-2019-9579
	RESERVED
CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to init is  ...)
	- libu2f-host 1.1.9-1 (low; bug #923874)
	[stretch] - libu2f-host 1.1.2-2+deb9u2
	NOTE: https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5
CVE-2019-9577
	RESERVED
CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...)
	{DSA-4602-1}
	- xen 4.11.3+24-g14b62ab3e5-1
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-295.html
CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929992)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <not-affected> (PCID support not backported)
	NOTE: https://xenbits.xen.org/xsa/advisory-294.html
CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929999)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://xenbits.xen.org/xsa/advisory-293.html
CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929993)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <not-affected> (PCID support not backported)
	NOTE: https://xenbits.xen.org/xsa/advisory-292.html
CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV gu ...)
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929995)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <not-affected> (only 4.8 and later affected)
	NOTE: https://xenbits.xen.org/xsa/advisory-291.html
CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929996)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <not-affected> (Introduced by ignored fix for CVE-2018-3646)
	NOTE: https://xenbits.xen.org/xsa/advisory-290.html
CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	{DLA-1949-1}
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929994)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	NOTE: https://xenbits.xen.org/xsa/advisory-288.html
CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	{DLA-1949-1}
	- xen 4.11.1+92-g6c33308a8d-1 (bug #930001)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	NOTE: https://xenbits.xen.org/xsa/advisory-287.html
CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	{DLA-1949-1}
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929998)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	NOTE: https://xenbits.xen.org/xsa/advisory-285.html
CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...)
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929991)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (memory leak on huge memory machines)
	NOTE: https://xenbits.xen.org/xsa/advisory-284.html
CVE-2019-9576 (The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admi ...)
	NOT-FOR-US: WordPress plugin blog2social
CVE-2019-9575 (The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/ ...)
	NOT-FOR-US: WordPress plugin quiz-master-next
CVE-2019-9574 (The WP Human Resource Management plugin before 2.2.6 for WordPress doe ...)
	NOT-FOR-US: WordPress plugin hrm
CVE-2019-9573 (The WP Human Resource Management plugin before 2.2.6 for WordPress mis ...)
	NOT-FOR-US: WordPress plugin hrm
CVE-2019-9572 (SchoolCMS version 2.3.1 allows file upload via the theme upload featur ...)
	NOT-FOR-US: SchoolCMS
CVE-2019-9571
	RESERVED
CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom tex ...)
	NOT-FOR-US: YzmCMS
CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_ ...)
	NOT-FOR-US: Delta Controls enteliBUS Manager
CVE-2019-9568 (The "Forminator Contact Form, Poll &amp; Quiz Builder" plugin before 1 ...)
	NOT-FOR-US: WordPress plugin forminator
CVE-2019-9567 (The "Forminator Contact Form, Poll &amp; Quiz Builder" plugin before 1 ...)
	NOT-FOR-US: WordPress plugin forminator
CVE-2019-9566 (FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. ...)
	NOT-FOR-US: FlarumChina
CVE-2019-9565 (Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 b ...)
	NOT-FOR-US: Druide Antidote
CVE-2019-9564
	RESERVED
CVE-2019-9563 (In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the ...)
	NOT-FOR-US: BlueMind
CVE-2019-9562
	RESERVED
CVE-2019-9561
	RESERVED
CVE-2019-9560
	RESERVED
CVE-2019-9559
	RESERVED
CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripti ...)
	NOT-FOR-US: Mailtraq WebMail
CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) vi ...)
	NOT-FOR-US: Ability Mail Server
CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...)
	NOT-FOR-US: FiberHome an5506-04-f RP2669 devices
CVE-2019-9555 (Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, ...)
	NOT-FOR-US: Sagemcom routers
CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the ...)
	NOT-FOR-US: Craft CMS
CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcon ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files vi ...)
	NOT-FOR-US: Eloan
CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06.  ...)
	NOT-FOR-US: doyocms
CVE-2019-9550 (DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. ...)
	NOT-FOR-US: DhCms
CVE-2019-9549 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-ad ...)
	NOT-FOR-US: PopojiCMS
CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories  ...)
	- bubblewrap 0.3.1-3 (unimportant; bug #923557)
	NOTE: https://github.com/projectatomic/bubblewrap/issues/304
	NOTE: Negligable security impact
CVE-2019-1002100 (In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, use ...)
	- kubernetes 1.17.4-1 (bug #923686)
	NOTE: https://github.com/kubernetes/kubernetes/issues/74534
	NOTE: https://github.com/kubernetes/kubernetes/pull/74000
CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33  ...)
	NOT-FOR-US: Citrix Application Delivery Management
CVE-2019-9547 (In Storage Performance Development Kit (SPDK) before 19.01, a maliciou ...)
	NOT-FOR-US: Storage Performance Development Kit (SPDK)
CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege esca ...)
	NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-9545 (An issue was discovered in Poppler 0.74.0. A recursive function call,  ...)
	- poppler <unfixed> (low; bug #923552)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/731
CVE-2019-9544 (An issue was discovered in Bento4 1.5.1-628. An out of bounds write oc ...)
	NOT-FOR-US: Bento4
CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function call,  ...)
	- poppler <unfixed> (low; bug #923553)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <postponed> (Minor issue; revisit when fixed upstream)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730
CVE-2019-9542 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
	NOT-FOR-US: Telos Automated Message Handling System
CVE-2019-9541 (: Information Exposure vulnerability in itemlookup.asp of Telos Automa ...)
	NOT-FOR-US: Telos Automated Message Handling System
CVE-2019-9540 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
	NOT-FOR-US: Telos Automated Message Handling System
CVE-2019-9539 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
	NOT-FOR-US: Telos Automated Message Handling System
CVE-2019-9538 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
	NOT-FOR-US: Telos Automated Message Handling System
CVE-2019-9537 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
	NOT-FOR-US: Telos Automated Message Handling System
CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a non-NULL poin ...)
	NOT-FOR-US: Apple iPhone 3GS
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
	NOT-FOR-US: iTerm2
CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not validate its  ...)
	NOT-FOR-US: Cobham EXPLORER
CVE-2019-9533 (The root password of the Cobham EXPLORER 710 is the same for all versi ...)
	NOT-FOR-US: Cobham EXPLORER
CVE-2019-9532 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
	NOT-FOR-US: Cobham EXPLORER
CVE-2019-9531 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
	NOT-FOR-US: Cobham EXPLORER
CVE-2019-9530 (The web root directory of the Cobham EXPLORER 710, firmware version 1. ...)
	NOT-FOR-US: Cobham EXPLORER
CVE-2019-9529 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
	NOT-FOR-US: Cobham EXPLORER
CVE-2019-9528
	RESERVED
CVE-2019-9527
	RESERVED
CVE-2019-9526
	RESERVED
CVE-2019-9525
	RESERVED
CVE-2019-9524
	RESERVED
CVE-2019-9523
	RESERVED
CVE-2019-9522
	RESERVED
CVE-2019-9521
	RESERVED
CVE-2019-9520
	RESERVED
CVE-2019-9519
	RESERVED
CVE-2019-9518 (Some HTTP/2 implementations are vulnerable to a flood of empty frames, ...)
	{DSA-4520-1}
	- trafficserver 8.0.5+ds-1 (bug #935314)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
	NOTE: https://github.com/apache/trafficserver/pull/5850
	NOTE: https://github.com/apache/trafficserver/blob/8.0.x/CHANGELOG-8.0.5
CVE-2019-9517 (Some HTTP/2 implementations are vulnerable to unconstrained interal da ...)
	{DSA-4509-1}
	- apache2 2.4.41-1
	[jessie] - apache2 <not-affected> (HTTP/2 support only available since version 2.4.17 and later)
	NOTE: Affects upstream versions 2.4.20 to 2.4.39
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-9517
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, potential ...)
	{DSA-4505-1}
	- nginx 1.14.2-3 (bug #935037)
	[jessie] - nginx <not-affected> (HTTP2 support only exists since version 1.9.5)
	NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
	NOTE: https://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89 (master)
	NOTE: https://github.com/nginx/nginx/commit/dbdd9ffea81d9db46fb88b5eba828f2ad080d388 (release-1.16.1)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, potent ...)
	{DSA-4520-1 DSA-4508-1}
	- trafficserver 8.0.5+ds-1 (bug #934887)
	- h2o 2.2.5+dfsg2-3 (bug #934886)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
	NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
	NOTE: https://github.com/h2o/h2o/issues/2090
	NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...)
	{DSA-4669-1 DSA-4520-1 DSA-4508-1 DSA-4503-1}
	- golang-1.13 1.13~beta1-3 (bug #934955)
	- golang-1.12 1.12.8-1
	- golang-1.11 1.11.13-1
	- golang-1.8 <removed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <not-affected> (No HTTP2 support yet)
	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
	- nodejs 10.16.3~dfsg-1 (bug #934885)
	[stretch] - nodejs <not-affected> (No HTTP2 support yet)
	[jessie] - nodejs <not-affected> (No HTTP2 support yet)
	- trafficserver 8.0.5+ds-1 (bug #934887)
	- h2o 2.2.5+dfsg2-3 (bug #934886)
	NOTE: Issue: https://github.com/golang/go/issues/33606
	NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11)
	NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
	NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
	NOTE: https://github.com/h2o/h2o/issues/2090
	NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, potentia ...)
	{DSA-4669-1 DSA-4511-1 DSA-4505-1}
	- nginx 1.14.2-3 (bug #935037)
	[jessie] - nginx <not-affected> (HTTP2 support only exists since version 1.9.5)
	- nodejs 10.16.3~dfsg-1 (bug #934885)
	[stretch] - nodejs <not-affected> (No HTTP2 support yet)
	[jessie] - nodejs <not-affected> (No HTTP2 support yet)
	- nghttp2 1.39.2-1
	[jessie] - nghttp2 <not-affected> (Vulnerable code not present)
	NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
	NOTE: https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f (master)
	NOTE: https://github.com/nginx/nginx/commit/39bb3b9d4a33bd03c8ae0134dedc8a7700ae7b2b (release-1.16.1)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
	NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...)
	{DSA-4520-1 DSA-4508-1 DSA-4503-1}
	- golang-1.13 1.13~beta1-3 (bug #934955)
	- golang-1.12 1.12.8-1
	- golang-1.11 1.11.13-1
	- golang-1.8 <removed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <not-affected> (No HTTP2 support yet)
	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
	- trafficserver 8.0.5+ds-1 (bug #934887)
	- h2o 2.2.5+dfsg2-3 (bug #934886)
	NOTE: Issue: https://github.com/golang/go/issues/33606
	NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11)
	NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
	NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
	NOTE: https://github.com/h2o/h2o/issues/2090
	NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipulation ...)
	{DSA-4669-1 DSA-4511-1 DSA-4505-1}
	- nginx 1.14.2-3 (bug #935037)
	[jessie] - nginx <not-affected> (HTTP2 support only exists since version 1.9.5)
	- nodejs 10.16.3~dfsg-1 (bug #934885)
	[stretch] - nodejs <not-affected> (No HTTP2 support yet)
	[jessie] - nodejs <not-affected> (No HTTP2 support yet)
	- nghttp2 1.39.2-1
	[jessie] - nghttp2 <not-affected> (Vulnerable code not present)
	NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
	NOTE: https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089 (master)
	NOTE: https://github.com/nginx/nginx/commit/94c5eb142e58a86f81eb1369fa6fcb96c2f23d6b (release-1.16.1)
	NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
	NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...)
	NOT-FOR-US: Microsoft
CVE-2019-9509 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
	NOT-FOR-US: Vertiv Avocent UMG-4000
CVE-2019-9508 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
	NOT-FOR-US: Vertiv Avocent UMG-4000
CVE-2019-9507 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...)
	NOT-FOR-US: Vertiv Avocent UMG-4000
CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...)
	{DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.185-1
	NOTE: Hardware issue, but mitigation in Linux kernel can be applied:
	NOTE: https://git.kernel.org/linus/d5bb334a8e171b262e48f378bd2096c0ea458265 (5.2-rc1)
	NOTE: https://git.kernel.org/linus/693cd8ce3f882524a5d06f7800dd8492411877b3 (5.2-rc6)
	NOTE: https://git.kernel.org/linus/eca94432934fe5f141d084f2e36ee2c0e614cc04 (5.2)
CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and includi ...)
	NOT-FOR-US: PrinterLogic Print Management
CVE-2019-9504
	RESERVED
CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c ...)
	{DSA-4465-1 DLA-1824-1 DLA-1799-1}
	- linux 4.19.37-4
	NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. I ...)
	NOT-FOR-US: Broadcom
CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. B ...)
	NOT-FOR-US: Broadcom
CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...)
	{DSA-4465-1 DLA-1824-1}
	- linux 4.19.37-4
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1)
CVE-2019-9499 (The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built  ...)
	{DSA-4430-1 DLA-1867-1}
	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
	NOTE: Patches: https://w1.fi/security/2019-4/
CVE-2019-9498 (The implementations of EAP-PWD in hostapd EAP Server, when built again ...)
	{DSA-4430-1 DLA-1867-1}
	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
	NOTE: Patches: https://w1.fi/security/2019-4/
CVE-2019-9497 (The implementations of EAP-PWD in hostapd EAP Server and wpa_supplican ...)
	{DSA-4430-1 DLA-1867-1}
	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
	NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
	NOTE: Patches: https://w1.fi/security/2019-4/
CVE-2019-9496 (An invalid authentication sequence could result in the hostapd process ...)
	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
	[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
	[jessie] - wpa <ignored> (SAE code not enabled for build in jessie)
	NOTE: https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
	NOTE: Patches: https://w1.fi/security/2019-3/
	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
CVE-2019-9495 (The implementations of EAP-PWD in hostapd and wpa_supplicant are vulne ...)
	{DSA-4430-1 DLA-1867-1}
	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
	NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
	NOTE: Patches: https://w1.fi/security/2019-2/
CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are vulnerabl ...)
	- wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801)
	[stretch] - wpa <ignored> (SAE code not enabled for build in stretch)
	[jessie] - wpa <ignored> (SAE code not enabled for build in jessie)
	NOTE: https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
	NOTE: Patches: https://w1.fi/security/2019-1/
	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
CVE-2019-9493 (The MyCar Controls of AutoMobility Distribution Inc., mobile applicati ...)
	NOT-FOR-US: MyCar Controls
CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...)
	NOT-FOR-US: Trend Micro
CVE-2019-9491 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below  ...)
	NOT-FOR-US: Trend Micro
CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
	NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2019-9489 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...)
	NOT-FOR-US: Trend Micro
CVE-2019-9488 (Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Prote ...)
	NOT-FOR-US: Trend Micro
CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis of fa ...)
	NOT-FOR-US: pfSense
CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...)
	NOT-FOR-US: pfSense
CVE-2019-9487
	RESERVED
CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTE ...)
	NOT-FOR-US: STRATO HiDrive Desktop Client
CVE-2019-9485 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9484 (The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb c ...)
	NOT-FOR-US: Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool
CVE-2019-9483 (Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows  ...)
	NOT-FOR-US: Amazon Ring Doorbell
CVE-2019-9482 (In MISP 2.4.102, an authenticated user can view sightings that they sh ...)
	NOT-FOR-US: MISP
CVE-2019-9481
	RESERVED
CVE-2019-9480
	RESERVED
CVE-2019-9479
	RESERVED
CVE-2019-9478
	RESERVED
CVE-2019-9477
	RESERVED
CVE-2019-9476
	RESERVED
CVE-2019-9475
	RESERVED
CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due  ...)
	NOT-FOR-US: Android
CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2019-9470 (In dma_sblk_start of abc-pcie.c, there is a possible out of bounds wri ...)
	NOT-FOR-US: Android
CVE-2019-9469 (In km_compute_shared_hmac of km4.c, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2019-9468 (In export_key_der of export_key.cpp, there is possible memory corrupti ...)
	NOT-FOR-US: Android
CVE-2019-9467 (In the Bootloader, there is a possible kernel command injection due to ...)
	NOT-FOR-US: LG components for Android
CVE-2019-9466
	REJECTED
CVE-2019-9465 (In the Titan M handling of cryptographic operations, there is a possib ...)
	NOT-FOR-US: Android
CVE-2019-9464 (In various functions of RecentLocationApps.java, DevicePolicyManagerSe ...)
	NOT-FOR-US: Android
CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...)
	NOT-FOR-US: Android
CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
	NOT-FOR-US: Android
CVE-2019-9461 (In the Android kernel in VPN routing there is a possible information d ...)
	NOT-FOR-US: Android
CVE-2019-9460
	REJECTED
CVE-2019-9459 (In libttspico, there is a possible OOB write due to a heap buffer over ...)
	NOT-FOR-US: Android
CVE-2019-9458 (In the Android kernel in the video driver there is a use after free du ...)
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	[jessie] - linux 3.16.64-1
	NOTE: https://git.kernel.org/linus/ad608fbcf166fec809e402d548761768f602702c
CVE-2019-9457
	REJECTED
CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a possibl ...)
	- linux 4.15.11-1
	[stretch] - linux 4.9.88-1
	[jessie] - linux 3.16.57-1
	NOTE: https://git.kernel.org/linus/a5f596830e27e15f7a0ecd6be55e433d776986d8
CVE-2019-9455 (In the Android kernel in the video driver there is a kernel pointer le ...)
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/5e99456c20f712dcc13d9f6ca4278937d5367355
CVE-2019-9454 (In the Android kernel in i2c driver there is a possible out of bounds  ...)
	- linux 4.14.17-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux 3.16.56-1
	NOTE: https://git.kernel.org/linus/89c6efa61f5709327ecfa24bff18e57a4e80c7fa
	NOTE: Commit wise a duplicate of CVE-2017-18551
CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible out of  ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[jessie] - linux <ignored> (f2fs is not supportable)
	NOTE: https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080
CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a possible out o ...)
	NOT-FOR-US: Android kernel (sec_ts not in mainline)
CVE-2019-9451 (In the Android kernel in the touchscreen driver there is a possible ou ...)
	NOT-FOR-US: Android kernel (sec_ts not in mainline)
CVE-2019-9450 (In the Android kernel in the FingerTipS touchscreen driver there is a  ...)
	NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9449 (In the Android kernel in FingerTipS touchscreen driver there is a poss ...)
	NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9448 (In the Android kernel in the FingerTipS touchscreen driver there is a  ...)
	NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver there is a  ...)
	NOT-FOR-US: Android kernel
CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver there is a  ...)
	NOT-FOR-US: Android kernel
CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of bounds ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.98-1
	[jessie] - linux <ignored> (f2fs is not supportable)
	NOTE: https://git.kernel.org/linus/720db068634c91553a8e1d9a0fcd8c7050e06d2b
CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel pointe ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	NOTE: https://lore.kernel.org/patchwork/patch/902287/
CVE-2019-9443 (In the Android kernel in the vl53L0 driver there is a possible out of  ...)
	NOT-FOR-US: Android kernel
CVE-2019-9442 (In the Android kernel in the mnh driver there is possible memory corru ...)
	NOT-FOR-US: Android kernel
CVE-2019-9441 (In the Android kernel in the mnh driver there is a possible out of bou ...)
	NOT-FOR-US: Android kernel
CVE-2019-9440 (In AOSP Email, there is a possible information disclosure due to a con ...)
	NOT-FOR-US: Android
CVE-2019-9439
	RESERVED
CVE-2019-9438 (In the Package Manager service, there is a possible information disclo ...)
	NOT-FOR-US: Android
CVE-2019-9437
	RESERVED
CVE-2019-9436 (In the Android kernel in the bootloader there is a possible secure boo ...)
	NOT-FOR-US: LG components for Android
CVE-2019-9435 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9433 (In libvpx, there is a possible information disclosure due to improper  ...)
	{DSA-4578-1 DLA-2012-1}
	- libvpx 1.8.1-2
	NOTE: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7
CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to improper i ...)
	NOT-FOR-US: Android
CVE-2019-9431 (In Bluetooth, there is a possible out of bounds read due to a use afte ...)
	NOT-FOR-US: Android
CVE-2019-9430 (In Bluetooth, there is a possible null pointer dereference due to a mi ...)
	NOT-FOR-US: Android
CVE-2019-9429 (In profman, there is a possible out of bounds write due to memory corr ...)
	NOT-FOR-US: Android
CVE-2019-9428 (In the Framework, it is possible to set up BROWSEABLE intents to take  ...)
	NOT-FOR-US: Android
CVE-2019-9427 (In Bluetooth, there is a possible information disclosure due to a use  ...)
	NOT-FOR-US: Android
CVE-2019-9426 (In the Android kernel in Bluetooth there is a possible out of bounds w ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2019-9425 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9424 (In the Screen Lock, there is a possible information disclosure due to  ...)
	NOT-FOR-US: Android
CVE-2019-9423 (In opencv calls that use libpng, there is a possible out of bounds wri ...)
	- opencv <undetermined>
	NOTE: Currently no further information available
CVE-2019-9422 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9421 (In libandroidfw, there is a possible OOB read due to an integer overfl ...)
	NOT-FOR-US: Android
CVE-2019-9420 (In libhevc, there is a possible out of bounds read due to an integer o ...)
	NOT-FOR-US: Android
CVE-2019-9419 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9418 (In libstagefright, there is a possible resource exhaustion due to a mi ...)
	NOT-FOR-US: Android
CVE-2019-9417 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9416 (In libstagefright there is a possible information disclosure due to un ...)
	NOT-FOR-US: Android
CVE-2019-9415 (In libstagefright there is a possible information disclosure due to un ...)
	NOT-FOR-US: Android
CVE-2019-9414 (In wpa_supplicant, there is a possible man in the middle vulnerability ...)
	NOT-FOR-US: Android
CVE-2019-9413 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9412 (In libSBRdec there is a possible out of bounds read due to incorrect b ...)
	NOT-FOR-US: Android
CVE-2019-9411 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9410 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9409 (In libhevc there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-9408 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9407 (In notification management of the service manager, there is a possible ...)
	NOT-FOR-US: Android
CVE-2019-9406 (In libhevc there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-9405 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9404 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9403 (In cn-cbor, there is a possible out of bounds read due to improper cas ...)
	NOT-FOR-US: Android
CVE-2019-9402 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9401 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9400 (In Bluetooth, there is a possible null pointer dereference due to a mi ...)
	NOT-FOR-US: Android
CVE-2019-9399 (The Print Service is susceptible to man in the middle attacks due to i ...)
	NOT-FOR-US: Android
CVE-2019-9398 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9397 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9396 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9395 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9394 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9393 (In Bluetooth, there is possible controlled termination due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9392
	RESERVED
CVE-2019-9391 (In libxaac, there is a possible out of bounds read due to uninitialize ...)
	NOT-FOR-US: Android
CVE-2019-9390 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9389 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9388 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9387 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9386 (In NFC server, there is a possible out of bounds write due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9385 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-9384 (In LockPatternUtils, there is a possible escalation of privilege due t ...)
	NOT-FOR-US: Android
CVE-2019-9383 (In NFC server, there is a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Android
CVE-2019-9382 (In libeffects, there is a possible out of bounds write due to a missin ...)
	NOT-FOR-US: Android
CVE-2019-9381 (In netd, there is a possible out of bounds read due to a use after fre ...)
	NOT-FOR-US: Android
CVE-2019-9380 (In the settings UI, there is a possible spoofing vulnerability due to  ...)
	NOT-FOR-US: Android
CVE-2019-9379 (In libstagefright, there is a possible resource exhaustion due to a mi ...)
	NOT-FOR-US: Android
CVE-2019-9378 (In the Activity Manager service, there is a possible permission bypass ...)
	NOT-FOR-US: Android
CVE-2019-9377 (In FingerprintService, there is a possible bypass for operating system ...)
	NOT-FOR-US: Android
CVE-2019-9376 (In the Accounts package, there is a possible crash due to improper inp ...)
	NOT-FOR-US: Android
CVE-2019-9375 (In hostapd, there is a possible out of bounds write due to a race cond ...)
	NOT-FOR-US: Android
CVE-2019-9374
	REJECTED
CVE-2019-9373 (In JobStore, there is a mismatched serialization/deserialization for t ...)
	NOT-FOR-US: Android
CVE-2019-9372 (In libskia, there is a possible crash due to a missing null check. Thi ...)
	- skia <itp> (bug #818180)
CVE-2019-9371 (In libvpx, there is a possible resource exhaustion due to improper inp ...)
	- libvpx 1.8.1-2 (low)
	[buster] - libvpx 1.7.0-3+deb10u1
	[stretch] - libvpx <ignored> (Minor issue)
	[jessie] - libvpx <not-affected> (Vunerable code introduced in 1.4.0)
	NOTE: Commits in libwebm:
	NOTE: https://chromium.googlesource.com/webm/libwebm/+/027a472efe49ff3a24be619442d2150658dbaaa0
	NOTE: https://chromium.googlesource.com/webm/libwebm/+/cb5a9477073cf7ae4a28356d6e3e5638aba78dc9
	NOTE: Sync to libvpx via:
	NOTE: https://github.com/webmproject/libvpx/commit/34d54b04e98dd0bac32e9aab0fbda0bf501bc742
	NOTE: https://github.com/webmproject/libvpx/commit/f00890eecdf8365ea125ac16769a83aa6b68792d
CVE-2019-9370 (In sonivox, there is a possible out of bounds read due to an incorrect ...)
	NOT-FOR-US: Android
CVE-2019-9369 (In Bluetooth, there is a use of uninitialized variable. This could lea ...)
	NOT-FOR-US: Android
CVE-2019-9368 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9367 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9366 (In libSBRdec there is a possible out of bounds read due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-9365 (In Bluetooth, there is a possible deserialization error due to missing ...)
	NOT-FOR-US: Android
CVE-2019-9364 (In AudioService, there is a possible trigger of background user audio  ...)
	NOT-FOR-US: Android
CVE-2019-9363 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
	NOT-FOR-US: Android
CVE-2019-9362 (In libSACdec, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9361 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9360 (In the TEE, there's a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-9359 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9358 (In NFC, there is a possible out of bounds write due to a missing bound ...)
	NOT-FOR-US: Android
CVE-2019-9357 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9356 (In NFC server, there is a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Android
CVE-2019-9355 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9354 (In NFC server, there's a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9353 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9352 (In libstagefright, there is a possible resource exhaustion due to a mi ...)
	NOT-FOR-US: Android
CVE-2019-9351 (In SyncStatusObserver, there is a possible bypass for operating system ...)
	NOT-FOR-US: Android
CVE-2019-9350 (In Keymaster, there is a possible EoP due to a use after free. This co ...)
	NOT-FOR-US: Android
CVE-2019-9349 (In libstagefright, there is a possible resource exhaustion due to impr ...)
	NOT-FOR-US: Android
CVE-2019-9348 (In libstagefright, there is a possible resource exhaustion due to impr ...)
	NOT-FOR-US: Android
CVE-2019-9347 (In the m4v_h263 codec, there is a possible out of bounds read due to a ...)
	NOT-FOR-US: Android
CVE-2019-9346 (In libstagefright, there is a possible out of bounds write due to a he ...)
	NOT-FOR-US: Android
CVE-2019-9345 (In the Android kernel in sdcardfs there is a possible violation of the ...)
	NOT-FOR-US: Android kernel
CVE-2019-9344 (In NFC server, there is a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Android
CVE-2019-9343 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9342 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9341 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9340
	RESERVED
CVE-2019-9339
	RESERVED
CVE-2019-9338 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9337 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9336 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9335 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9334 (In libhevc there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-9333 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9332 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9331 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9330 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9329 (In Bluetooth, there is a possible out of bounds read due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9328 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9327 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9326 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9325 (In libvpx, there is a possible out of bounds read due to a missing bou ...)
	{DSA-4578-1}
	- libvpx 1.8.1-2
	[jessie] - libvpx <not-affected> (Vunerable code introduced in 1.4.0)
	NOTE: https://github.com/webmproject/libvpx/commit/0681cff1ad36b3ef8ec242f59b5a6c4234ccfb88
CVE-2019-9324
	RESERVED
CVE-2019-9323 (In the Wallpaper Manager service, there is a possible information disc ...)
	NOT-FOR-US: Android
CVE-2019-9322 (In libavc there is a possible information disclosure due to uninitiali ...)
	NOT-FOR-US: Android
CVE-2019-9321 (In libavc, there is a missing variable initialization. This could lead ...)
	NOT-FOR-US: Android
CVE-2019-9320 (In libavc, there is a missing variable initialization. This could lead ...)
	NOT-FOR-US: Android
CVE-2019-9319 (In libavc, there is a missing variable initialization. This could lead ...)
	NOT-FOR-US: Android
CVE-2019-9318 (In libhevc, there is a missing variable initialization. This could lea ...)
	NOT-FOR-US: Android
CVE-2019-9317 (In libstagefright, there is a missing variable initialization. This co ...)
	NOT-FOR-US: Android
CVE-2019-9316 (In libstagefright, there is a missing variable initialization. This co ...)
	NOT-FOR-US: Android
CVE-2019-9315 (In libhevc, there is a missing variable initialization. This could lea ...)
	NOT-FOR-US: Android
CVE-2019-9314 (In libavc, there is a missing variable initialization. This could lead ...)
	NOT-FOR-US: Android
CVE-2019-9313 (In libstagefright, there is a missing variable initialization. This co ...)
	NOT-FOR-US: Android
CVE-2019-9312 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9311 (In Bluetooth, there is a possible crash due to an integer overflow. Th ...)
	NOT-FOR-US: Android
CVE-2019-9310 (In libFDK, there is a possible out of bounds write due to an integer o ...)
	NOT-FOR-US: Android
CVE-2019-9309 (In NFC, there is a possible out of bounds write due to a missing bound ...)
	NOT-FOR-US: Android
CVE-2019-9308 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9307 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9306 (In libMpegTPDec, there is a possible out of bounds write due to an int ...)
	NOT-FOR-US: Android
CVE-2019-9305 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9304 (In libMpegTPDec, there is a possible out of bounds write due to an int ...)
	NOT-FOR-US: Android
CVE-2019-9303 (In libFDK, there is a possible out of bounds write due to an integer o ...)
	NOT-FOR-US: Android
CVE-2019-9302 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9301 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9300 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9299 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9298 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9297 (In libAACdec, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9296 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9295 (In com.android.apps.tag, there is a possible bypass of user interactio ...)
	NOT-FOR-US: Android
CVE-2019-9294 (In libstagefright, there is a possible out of bounds read due to a mis ...)
	NOT-FOR-US: Android
CVE-2019-9293 (In libstagefright, there is a possible out of bounds read due to a mis ...)
	NOT-FOR-US: Android
CVE-2019-9292 (In the Activity Manager service, there is a possible information discl ...)
	NOT-FOR-US: Android
CVE-2019-9291 (In Bluetooth, there is a possible remote code execution due to an impr ...)
	NOT-FOR-US: Android
CVE-2019-9290 (In tzdata there is possible memory corruption due to a mismatch betwee ...)
	NOT-FOR-US: Android
CVE-2019-9289 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9288 (In libhidcommand_jni, there is a possible out of bounds write due to a ...)
	NOT-FOR-US: Android
CVE-2019-9287 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9286 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9285 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9284 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9283 (In AAC Codec, there is a possible resource exhaustion due to improper  ...)
	NOT-FOR-US: Android
CVE-2019-9282 (In skia, there is a possible out of bounds read due to a missing bound ...)
	- skia <itp> (bug #818180)
CVE-2019-9281 (In GoogleContactsSyncAdapter, there is a possible path traversal due t ...)
	NOT-FOR-US: Android
CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to improp ...)
	NOT-FOR-US: Android
CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of service due ...)
	NOT-FOR-US: Android
CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an integer  ...)
	{DSA-4618-1 DLA-2100-1}
	- libexif 0.6.21-6 (bug #945948)
	NOTE: https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0
	NOTE: https://github.com/libexif/libexif/issues/26
	NOTE: https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566
CVE-2019-9277 (In the proc filesystem, there is a possible information disclosure due ...)
	NOT-FOR-US: Android
CVE-2019-9276 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...)
	NOT-FOR-US: Android kernel
CVE-2019-9275 (In the Android kernel in the mnh driver there is a use after free due  ...)
	NOT-FOR-US: Android kernel
CVE-2019-9274 (In the Android kernel in the mnh driver there is a possible out of bou ...)
	NOT-FOR-US: Android kernel
CVE-2019-9273 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...)
	NOT-FOR-US: Android kernel
CVE-2019-9272 (In WiFi, there is a possible leak of WiFi state due to a permissions b ...)
	NOT-FOR-US: Android
CVE-2019-9271 (In the Android kernel in the mnh driver there is a race condition due  ...)
	NOT-FOR-US: Android kernel
CVE-2019-9270 (In the Android kernel in unifi and r8180 WiFi drivers there is a possi ...)
	NOT-FOR-US: Android kernel
CVE-2019-9269 (In System Settings, there is a possible permissions bypass due to a ca ...)
	NOT-FOR-US: Android
CVE-2019-9268 (In libstagefright, there is a possible use-after-free due to improper  ...)
	NOT-FOR-US: Android
CVE-2019-9267
	RESERVED
CVE-2019-9266 (In sensorservice, there is a possible out of bounds write due to a mis ...)
	NOT-FOR-US: Android
CVE-2019-9265 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
	NOT-FOR-US: Android
CVE-2019-9264 (In libxaac there is a possible out of bounds read due to missing bound ...)
	NOT-FOR-US: Android
CVE-2019-9263 (In telephony, there is a possible bypass of user interaction requireme ...)
	NOT-FOR-US: Android
CVE-2019-9262 (In MPEG4Extractor, there is a possible out of bounds write due to an i ...)
	NOT-FOR-US: Android
CVE-2019-9261 (In libxaac there is a possible out of bounds read due to missing bound ...)
	NOT-FOR-US: Android
CVE-2019-9260 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
	NOT-FOR-US: Android
CVE-2019-9259 (In the Bluetooth stack, there is a possible out of bounds write due to ...)
	NOT-FOR-US: Android
CVE-2019-9258 (In wifilogd, there is a possible out of bounds write due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9257 (In Bluetooth, there is a possible out of bounds write due to an intege ...)
	NOT-FOR-US: Android
CVE-2019-9256 (In libmediaextractor there is a possible out of bounds write due to an ...)
	NOT-FOR-US: Android
CVE-2019-9255
	RESERVED
CVE-2019-9254 (In readArgumentList of zygote.java in Android 10, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2019-9253 (In KeyStore, there is a possible storage of symmetric keys in the TEE  ...)
	NOT-FOR-US: Android
CVE-2019-9252 (In libavc there is a possible out of bounds read due to uninitialized  ...)
	NOT-FOR-US: Android
CVE-2019-9251 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9250 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9249 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9248 (In the Android kernel in the FingerTipS touchscreen driver there is a  ...)
	NOT-FOR-US: Android kernel
CVE-2019-9247 (In AAC Codec, there is a missing variable initialization. This could l ...)
	NOT-FOR-US: Android
CVE-2019-9246 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9245 (In the Android kernel in the f2fs driver there is a possible out of bo ...)
	- linux 4.19.16-1
	[jessie] - linux <ignored> (f2fs is not supportable)
	NOTE: https://git.kernel.org/linus/64beba0558fce7b59e9a8a7afd77290e82a22163
CVE-2019-9244 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9243 (In wpa_supplicant_8, there is a possible out of bounds read due to a m ...)
	NOT-FOR-US: Android
CVE-2019-9242 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9241 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9240 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9239 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9238 (In the NFC stack, there is a possible out of bounds write due to a mis ...)
	NOT-FOR-US: Android
CVE-2019-9237 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
	NOT-FOR-US: Android
CVE-2019-9236 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9235 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
	NOT-FOR-US: Android
CVE-2019-9234 (In wpa_supplicant_8, there is a possible out of bounds read due to a m ...)
	NOT-FOR-US: Android
CVE-2019-9233 (In wpa_supplicant_8, there is a possible out of bounds read due to an  ...)
	NOT-FOR-US: Android
CVE-2019-9232 (In libvpx, there is a possible out of bounds read due to a missing bou ...)
	{DSA-4578-1 DLA-2012-1}
	- libvpx 1.8.1-2
	NOTE: https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f
CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
	NOT-FOR-US: AudioCodes Mediant devices
CVE-2019-9230 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
	NOT-FOR-US: AudioCodes Mediant devices
CVE-2019-9229 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...)
	NOT-FOR-US: AudioCodes
CVE-2019-9228 (** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR ...)
	NOT-FOR-US: AudioCodes
CVE-2019-9227 (An issue was discovered in baigo CMS 2.1.1. There is a vulnerability t ...)
	NOT-FOR-US: baigo CMS
CVE-2019-9226 (An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS  ...)
	NOT-FOR-US: baigo CMS
CVE-2019-9225 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9224 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9223 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9222 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9221 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9220 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9219 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9218 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9217 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9216
	RESERVED
CVE-2019-9215 (In Live555 before 2019.02.27, malformed headers lead to invalid memory ...)
	{DSA-4408-1 DLA-1720-1}
	[experimental] - liblivemedia 2019.02.27-1
	- liblivemedia 2018.11.26-1.1 (bug #924655)
	NOTE: Reporter advisory and analysis: https://tools.cisco.com/security/center/viewAlert.x?alertId=59708
CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector c ...)
	{DSA-4416-1}
	- wireshark 2.6.7-1 (bug #923611)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15536
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c557bb0910be271e49563756411a690a1bc53ce5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-08.html
CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lack ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.28-1
	[stretch] - linux 4.9.168-1
	NOTE: Fixed by: https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
CVE-2019-9212 (** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to e ...)
	NOT-FOR-US: SOFA-Hessian
CVE-2019-9211 (There is a reachable assertion abort in the function write_long_string ...)
	- pspp 1.2.0-4 (unimportant; bug #923417)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683499
	NOTE: Crash in CLI tool, no security impact
CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer  ...)
	{DLA-1702-1}
	- advancecomp 2.1-2 (low; bug #923416)
	[stretch] - advancecomp <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/advancemame/bugs/277/
	NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...)
	- libpodofo <unfixed> (low; bug #923415)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/34/
CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and rel ...)
	{DSA-4416-1 DLA-1729-1}
	- wireshark 2.6.7-1 (bug #923611)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-06.html
CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector co ...)
	{DSA-4416-1}
	- wireshark 2.6.7-1 (bug #923611)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html
CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm search ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2019-9206 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm  ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2019-9205
	RESERVED
CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before 2.2. ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...)
	NOT-FOR-US: Phoenix Contact ILC
CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
	{DLA-1706-1}
	- poppler 0.71.0-4 (bug #923414)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/728
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f4136a6353162db249f63ddb0f20611622ab61b4
CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoD ...)
	- libpodofo 0.9.6+dfsg-5 (low; bug #923469)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/40/
	NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1971/
CVE-2019-9198
	RESERVED
CVE-2019-9197 (The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows  ...)
	NOT-FOR-US: Unity Editor
CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...)
	NOT-FOR-US: Aware mobile liveness
CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...)
	NOT-FOR-US: Grin
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...)
	NOT-FOR-US: elFinder
CVE-2019-9193 (** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGR ...)
	- postgresql-11 <unfixed> (unimportant)
	- postgresql-9.6 <removed> (unimportant)
	- postgresql-9.4 <removed> (unimportant)
	NOTE: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
	NOTE: https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/
	NOTE: Upstream statement: https://www.postgresql.org/about/news/1935/
	NOTE: Issue is not to be considered a vulnerability and disupted to be valid.
CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) p ...)
	NOT-FOR-US: ETSI protocol
CVE-2019-9190
	RESERVED
CVE-2019-9189 (Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application a ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-9188
	RESERVED
CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228  ...)
	{DSA-4399-1 DLA-1716-1}
	- ikiwiki 3.20190228-1
	NOTE: https://ikiwiki.info/security/#cve-2019-9187
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/28/1
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=e7b0d4a
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=67543ce
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...)
	- intellij-idea <itp> (bug #747616)
CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
	NOT-FOR-US: J2Store plugin for Joomla!
CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.3 and Contiki through  ...)
	NOT-FOR-US: Contiki-NG
CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=e ...)
	NOT-FOR-US: ZZZCMS
CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...)
	NOT-FOR-US: SchoolCMS
CVE-2019-9180
	RESERVED
CVE-2019-9179 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9178 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9177
	REJECTED
CVE-2019-9176 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9175 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9174 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9173
	RESERVED
CVE-2019-9172 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9171 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9170 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.8.2-1
	- gitlab 11.8.2-2 (bug #924447)
	NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_n ...)
	- glibc 2.28-9 (bug #924612)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24114
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...)
	NOT-FOR-US: WooCommerce
CVE-2019-9167 (Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 al ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9166 (Privilege escalation in Nagios XI before 5.5.11 allows local attackers ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows attacker ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
	NOT-FOR-US: Nagios XI
CVE-2019-9163 (The connection initiation process in March Networks Command Client bef ...)
	NOT-FOR-US: March Networks
CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
	NOT-FOR-US: Sangfor Sundray WLAN Controller
CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
	NOT-FOR-US: Sangfor Sundray WLAN Controller
CVE-2019-9159
	RESERVED
CVE-2019-9158 (Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control ...)
	NOT-FOR-US: Gemalto DS3 Authentication Server
CVE-2019-9157 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclos ...)
	NOT-FOR-US: Gemalto DS3 Authentication Server
CVE-2019-9156 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injecti ...)
	NOT-FOR-US: Gemalto DS3 Authentication Server
CVE-2019-9192 (** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ...)
	- glibc <unfixed> (unimportant)
	- eglibc <removed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24269
CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...)
	- glibc <unfixed> (unimportant)
	- eglibc <removed> (unimportant)
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
	NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
	NOTE: No treated as vulnerability: https://sourceware.org/glibc/wiki/Security%20Exceptions
CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...)
	[experimental] - gnulib 20180621~6979c25-1
	- gnulib 20140202+stable-3.2 (bug #924613)
	[stretch] - gnulib <no-dsa> (Minor issue)
	[jessie] - gnulib <no-dsa> (Minor issue)
	- glibc 2.28-1
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=11053
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18986
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672
CVE-2019-9162 (In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_bas ...)
	- linux 4.19.28-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
CVE-2019-9155 (A cryptographic issue in OpenPGP.js &lt;=4.2.0 allows an attacker who  ...)
	- node-openpgp <itp> (bug #787774)
CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js &lt;= ...)
	- node-openpgp <itp> (bug #787774)
CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js &lt;= ...)
	- node-openpgp <itp> (bug #787774)
CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
	- hdf5 <unfixed>
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8
	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10719
CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
	- hdf5 <unfixed>
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718
CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import  ...)
	NOT-FOR-US: Mailvelope
CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...)
	NOT-FOR-US: Mailvelope
CVE-2019-9148 (Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public  ...)
	NOT-FOR-US: Mailvelope
CVE-2019-9147 (Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack again ...)
	NOT-FOR-US: Mailvelope
CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain  ...)
	NOT-FOR-US: Jamf Self Service
CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability  ...)
	NOT-FOR-US: Hsycms
CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at  ...)
	- exiv2 0.27.2-8 (low; bug #923473)
	[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
	[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
	[jessie] - exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/712
CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at  ...)
	- exiv2 0.27.2-8 (low; bug #923472)
	[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
	[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
	[jessie] - exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/711
CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...)
	NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2019-9141 (ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains  ...)
	NOT-FOR-US: Zoneplayer
CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earl ...)
	NOT-FOR-US: Happypoint mobile app
CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
	NOT-FOR-US: DaviewIndy
CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
	NOT-FOR-US: DaviewIndy
CVE-2019-9137 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...)
	NOT-FOR-US: DaviewIndy
CVE-2019-9136 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...)
	NOT-FOR-US: DaviewIndy
CVE-2019-9135 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...)
	NOT-FOR-US: DaviewIndy
CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...)
	NOT-FOR-US: Architectural Information System
CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...)
	NOT-FOR-US: KMPlayer (different from src:kmplayer)
CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC messenger w ...)
	NOT-FOR-US: KaKaoTalk PC messenger
CVE-2019-9131
	RESERVED
CVE-2019-9130
	RESERVED
CVE-2019-9129
	RESERVED
CVE-2019-9128
	RESERVED
CVE-2019-9127
	RESERVED
CVE-2019-9126 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...)
	NOT-FOR-US: D-Link
CVE-2019-9125 (An issue was discovered on D-Link DIR-878 1.12B01 devices. Because str ...)
	NOT-FOR-US: D-Link
CVE-2019-9124 (An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNA ...)
	NOT-FOR-US: D-Link
CVE-2019-9123 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "use ...)
	NOT-FOR-US: D-Link
CVE-2019-9122 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...)
	NOT-FOR-US: D-Link
CVE-2019-9121 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...)
	NOT-FOR-US: Motorola
CVE-2019-9120 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...)
	NOT-FOR-US: Motorola
CVE-2019-9119 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...)
	NOT-FOR-US: Motorola
CVE-2019-9118 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...)
	NOT-FOR-US: Motorola
CVE-2019-9117 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...)
	NOT-FOR-US: Motorola
CVE-2019-9116 (** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1 ...)
	NOT-FOR-US: Sublime Text Windows build
CVE-2019-9115 (In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file all ...)
	NOT-FOR-US: IRISnet
CVE-2019-9114 (Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in t ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/170
CVE-2019-9113 (Ming (aka libming) 0.4.8 has a NULL pointer dereference in the functio ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/171
CVE-2019-9112 (The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-os ...)
	NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver
CVE-2019-9111 (The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-os ...)
	NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver
CVE-2019-9110 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&amp;f=postinfo&a ...)
	NOT-FOR-US: WUZHI CMS
CVE-2019-9109 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&amp;f=message&am ...)
	NOT-FOR-US: WUZHI CMS
CVE-2019-9108 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&amp;f=map&amp;v=bai ...)
	NOT-FOR-US: WUZHI CMS
CVE-2019-9107 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&amp;f=imagecu ...)
	NOT-FOR-US: WUZHI CMS
CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
	NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
	NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
CVE-2019-9104 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9103 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9102 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9101 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9100
	RESERVED
CVE-2019-9099 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9098 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9097 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9096 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9095 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
	NOT-FOR-US: Moxa
CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Humhub
CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Humhub
CVE-2019-9092
	RESERVED
CVE-2019-9091
	RESERVED
CVE-2019-9090
	RESERVED
CVE-2019-9089
	RESERVED
CVE-2019-9088
	RESERVED
CVE-2019-9087 (HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php nu ...)
	- hoteldruid 2.3.2-1
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9086 (HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle ...)
	- hoteldruid 2.3.2-1
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9085 (Hoteldruid before v2.3.1 allows remote authenticated users to cause a  ...)
	- hoteldruid 2.3.2-1
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9084 (In Hoteldruid before 2.3.1, a division by zero was discovered in $num_ ...)
	- hoteldruid 2.3.2-1
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (low popcon)
CVE-2019-9083 (SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanage ...)
	NOT-FOR-US: SQLiteManager
CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read  ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20793 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20792 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read  ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20791 (tecrail Responsive FileManager 9.13.4 allows XSS via a media file uplo ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20790 (tecrail Responsive FileManager 9.13.4 allows remote attackers to delet ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20789 (tecrail Responsive FileManager 9.13.4 allows remote attackers to delet ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20788 (drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels  ...)
	NOT-FOR-US: led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone
CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi p ...)
	NOT-FOR-US: touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device
CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
	NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
	NOT-FOR-US: Laravel Framework
CVE-2019-9080
	RESERVED
CVE-2019-9079
	RESERVED
CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...)
	NOT-FOR-US: zzcms
CVE-2018-20786 (libvterm through 0+bzr726, as used in Vim and other products, mishandl ...)
	- vim 2:8.1.0693-1 (unimportant)
	[stretch] - vim <not-affected> (Vulnerable code introduced later)
	[jessie] - vim <not-affected> (Vulnerable code introduced later)
	- libvterm <unfixed> (unimportant)
	NOTE: Introduced by: https://github.com/vim/vim/commit/e4f25e4a8db2c8a8a71a4ba2a68540b3ab341e42 (v8.0.0693)
	NOTE: Fixed by: https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8 (v8.1.0633)
	NOTE: MISC:https://github.com/vim/vim/issues/3711
	NOTE: No security impact
CVE-2019-9077 (An issue was discovered in GNU Binutils 2.32. It is a heap-based buffe ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24243
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7fc0c668f2aceb8582d74db1ad2528e2bba8a921
	NOTE: binutils not covered by security support
CVE-2019-9076 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	NOTE: Disputed by binutils upstream, not considered a bug
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24238
CVE-2019-9075 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24236
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8abac8031ed369a2734b1cdb7df28a39a54b4b49
	NOTE: binutils not covered by security support
CVE-2019-9074 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24235
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=179f2db0d9c397d7dd8a59907b84208b79f7f48c
	NOTE: binutils not covered by security support
CVE-2019-9073 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24233
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7d272a55caebfc26ab2e15d1e9439bac978b9bb7
	NOTE: binutils not covered by security support
CVE-2019-9072 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	NOTE: Disputed by binutils upstream, not considered a bug
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24232
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24237
CVE-2019-9071 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
	NOTE: binutils not covered by security support
CVE-2019-9070 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
	NOTE: binutils not covered by security support
CVE-2019-9069
	RESERVED
CVE-2019-9068
	RESERVED
CVE-2019-9067
	RESERVED
CVE-2019-9066 (PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML inje ...)
	NOT-FOR-US: PHP Scripts Mall PHP Appointment Booking Script
CVE-2019-9065 (PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows paramete ...)
	NOT-FOR-US: PHP Scripts Mall Custom T-Shirt Ecommerce Script
CVE-2019-9064 (PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal i ...)
	NOT-FOR-US: PHP Scripts Mall Cab Booking Script
CVE-2019-9063 (PHP Scripts Mall Auction website script 2.0.4 allows parameter tamperi ...)
	NOT-FOR-US: PHP Scripts Mall Auction website script
CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Reques ...)
	NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script
CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9060
	RESERVED
CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9057 (An issue was discovered in CMS Made Simple 2.2.8. In the module FilePi ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9056 (An issue was discovered in CMS Made Simple 2.2.8. In the module FrontE ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9055 (An issue was discovered in CMS Made Simple 2.2.8. In the module Design ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9054
	RESERVED
CVE-2019-9053 (An issue was discovered in CMS Made Simple 2.2.8. It is possible with  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2019-9052 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...)
	NOT-FOR-US: Pluck CMS
CVE-2019-9051 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...)
	NOT-FOR-US: Pluck CMS
CVE-2019-9050 (An issue was discovered in Pluck 4.7.9-dev1. It allows administrators  ...)
	NOT-FOR-US: Pluck CMS
CVE-2019-9049 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...)
	NOT-FOR-US: Pluck CMS
CVE-2019-9048 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...)
	NOT-FOR-US: Pluck CMS
CVE-2019-9047 (GoRose v1.0.4 has SQL Injection when the order_by or group_by paramete ...)
	NOT-FOR-US: GoRose
CVE-2019-9046
	RESERVED
CVE-2019-9045
	RESERVED
CVE-2019-9044
	RESERVED
CVE-2019-9043
	RESERVED
CVE-2019-9042 (** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the i ...)
	NOT-FOR-US: Sitemagic CMS
CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_templa ...)
	NOT-FOR-US: ZZZCMS
CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via th ...)
	NOT-FOR-US: S-CMS
CVE-2019-9039 (In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync G ...)
	NOT-FOR-US: Couchbase Sync Gateway
CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9037 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9036 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
	NOTE: Not completely fixed with the initial two commits, cf.
	NOTE: https://github.com/tbeu/matio/issues/103#issuecomment-472020538 ff
CVE-2019-9035 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9034 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9033 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9032 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9031 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9030 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9029 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9028 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9027 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9026 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
	- libmatio 1.5.13-2 (low; bug #924185)
	[stretch] - libmatio <no-dsa> (Minor issue)
	[jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
	NOTE: https://github.com/tbeu/matio/issues/103
	NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
	NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2018-20785 (Secure boot bypass and memory extraction can be achieved on Neato Botv ...)
	NOT-FOR-US: Neato
CVE-2014-10079 (In Vembu StoreGrid 4.4.x, the front page of the server web interface l ...)
	NOT-FOR-US: Vembu StoreGrid
CVE-2014-10078 (Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregs ...)
	NOT-FOR-US: Vembu StoreGrid
CVE-2019-9019 (The British Airways Entertainment System, as installed on Boeing 777-3 ...)
	NOT-FOR-US: British Airways Entertainment System
CVE-2019-9025 (An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyt ...)
	- php7.3 7.3.1-1
	NOTE: Fixed in 7.3.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77367
CVE-2019-9024 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...)
	{DSA-4398-1 DLA-1679-1}
	- php7.3 7.3.1-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77380
	NOTE: https://github.com/php/php-src/commit/4feb9e66ff9636ad44bc23a91b7ebd37d83ddf1d (7.1)
CVE-2019-9023 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...)
	{DSA-4398-1 DLA-1679-1}
	- php7.3 7.3.1-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77370
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77371
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77381
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77382
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77385
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77394
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77418
	NOTE: https://github.com/php/php-src/commit/20407d06ca3cb5eeb10f876a812b40c381574bcc (7.1)
	NOTE: https://github.com/php/php-src/commit/31f59e1f3074ab344b473dde6077a6844ca87264 (7.1)
	NOTE: https://github.com/php/php-src/commit/28362ed4fae6969b5a8878591a5a06eadf114e03 (7.1)
	NOTE: https://github.com/php/php-src/commit/9d6c59eeea88a3e9d7039cb4fed5126ef704593a (7.1)
CVE-2019-9022 (An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...)
	{DSA-4398-1 DLA-1741-1}
	- php7.3 7.3.2-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 7.1.26, 7.2.14, 7.3.2
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77369
	NOTE: https://github.com/php/php-src/commit/8d3dfabef459fe7815e8ea2fd68753fd17859d7b (7.1)
CVE-2019-9021 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...)
	{DSA-4398-1 DLA-1679-1}
	- php7.3 7.3.1-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77247
	NOTE: https://github.com/php/php-src/commit/78bd3477745f1ada9578a79f61edb41886bec1cb (7.1)
CVE-2019-9020 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...)
	{DSA-4398-1 DLA-1679-1}
	- php7.3 7.3.1-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77242
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77249
	NOTE: https://github.com/php/php-src/commit/9c62b95e5e6a1ac3922a8819f2d56d8ea998d97a (7.1)
CVE-2019-9018
	RESERVED
CVE-2019-9017 (DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer ...)
	NOT-FOR-US: SolarWinds
CVE-2019-9016 (An XSS vulnerability was discovered in MOPCMS through 2018-11-30. Ther ...)
	NOT-FOR-US: MOPCMS
CVE-2019-9015 (A Path Traversal vulnerability was discovered in MOPCMS through 2018-1 ...)
	NOT-FOR-US: MOPCMS
CVE-2019-9014
	RESERVED
CVE-2019-9013 (An issue was discovered in 3S-Smart CODESYS V3 products. The applicati ...)
	NOT-FOR-US: 3S-Smart CODESYS V3
CVE-2019-9012 (An issue was discovered in 3S-Smart CODESYS V3 products. A crafted com ...)
	NOT-FOR-US: 3S-Smart CODESYS V3
CVE-2019-9011
	RESERVED
CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...)
	NOT-FOR-US: 3S-Smart CODESYS V3
CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted  ...)
	NOT-FOR-US: 3S-Smart
CVE-2019-9008 (An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A us ...)
	NOT-FOR-US: 3S-Smart
CVE-2019-9007
	RESERVED
CVE-2019-9006
	RESERVED
CVE-2019-9005 (The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows D ...)
	NOT-FOR-US: Cprime Power Scripts app for Atlassian Jira
CVE-2019-9004 (In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13 ...)
	NOT-FOR-US: Eclipse Wakaama
CVE-2019-9003 (In the Linux kernel before 4.20.5, attackers can trigger a drivers/cha ...)
	- linux 4.19.20-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/77f8269606bf95fcb232ee86f6da80886f1dfae8
CVE-2019-9002 (An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through  ...)
	NOT-FOR-US: Tiny Issue
CVE-2019-9001
	RESERVED
CVE-2019-9000
	RESERVED
CVE-2019-8999 (An XML External Entity vulnerability in the UEM Core of BlackBerry UEM ...)
	NOT-FOR-US: BlackBerry
CVE-2019-8998 (An information disclosure vulnerability leading to a potential local e ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
	NOT-FOR-US: BlackBerry
CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set  ...)
	NOT-FOR-US: Signiant
CVE-2019-8995 (The workspace client, openspace client, and app development client of  ...)
	NOT-FOR-US: TIBCO
CVE-2019-8994 (The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM,  ...)
	NOT-FOR-US: TIBCO
CVE-2019-8993 (The administrative web server component of TIBCO Software Inc.'s TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2019-8992 (The administrative server component of TIBCO Software Inc.'s TIBCO Act ...)
	NOT-FOR-US: TIBCO
CVE-2019-8991 (The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveM ...)
	NOT-FOR-US: TIBCO
CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatr ...)
	NOT-FOR-US: TIBCO
CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
	NOT-FOR-US: TIBCO
CVE-2019-8988 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
	NOT-FOR-US: TIBCO
CVE-2019-8987 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...)
	NOT-FOR-US: TIBCO
CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO Ja ...)
	NOT-FOR-US: TIBCO
CVE-2019-8985 (On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices ...)
	NOT-FOR-US: Netis devices
CVE-2019-8984 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2) ...)
	NOT-FOR-US: MDaemon Webmail
CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2) ...)
	NOT-FOR-US: MDaemon Webmail
CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishan ...)
	NOT-FOR-US: WaveMaker Studio
CVE-2019-8981 (tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overfl ...)
	- axtls <not-affected> (Fixed with initial upload to Debian)
CVE-2018-20784 (In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf ...)
	- linux 4.19.16-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/c40f7d74c741a907cfaeb73a7697081881c497d0
CVE-2018-20783 (In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2. ...)
	{DSA-4353-1 DLA-1608-1}
	- php7.3 7.3.0-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77143
CVE-2018-1002161 [SQL injection in multiple remote calls]
	- koji 1.16.2-1 (bug #922922)
	[stretch] - koji 1.10.0-1+deb9u1
	NOTE: https://docs.pagure.org/koji/CVE-2018-1002161/
	NOTE: https://pagure.io/koji/issue/1183
CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in the Lin ...)
	{DLA-1771-1}
	- linux 4.19.28-1
	[stretch] - linux 4.9.168-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/
	NOTE: https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/
CVE-2019-8979 (Kohana through 3.3.6 has SQL Injection when the order_by() parameter c ...)
	- libkohana2-php <removed>
	[jessie] - libkohana2-php <not-affected> (orderby function properly checks for allowed values)
	NOTE: https://github.com/huzr2018/orderby_SQLi/tree/master/kohana
	NOTE: https://github.com/koseven/koseven/issues/323
CVE-2019-8978 (An improper authentication vulnerability can be exploited through a ra ...)
	NOT-FOR-US: Ellucian Banner Web Tailor
CVE-2019-8977
	RESERVED
CVE-2019-8976
	RESERVED
CVE-2019-8975
	RESERVED
CVE-2019-8974
	RESERVED
CVE-2019-8973
	RESERVED
CVE-2019-8972
	RESERVED
CVE-2019-8971
	RESERVED
CVE-2019-8970
	RESERVED
CVE-2019-8969
	RESERVED
CVE-2019-8968
	RESERVED
CVE-2019-8967
	RESERVED
CVE-2019-8966
	RESERVED
CVE-2019-8965
	RESERVED
CVE-2019-8964
	RESERVED
CVE-2019-8963
	RESERVED
CVE-2019-8962
	RESERVED
CVE-2019-8961 (A Denial of Service vulnerability related to stack exhaustion has been ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2019-8960 (A Denial of Service vulnerability related to command handling has been ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2019-8959
	RESERVED
CVE-2019-8958
	RESERVED
CVE-2019-8957
	RESERVED
CVE-2019-8956 (In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-fre ...)
	- linux 4.19.28-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/ba59fb0273076637f0add4311faa990a5eec27c0
CVE-2019-1000049
	REJECTED
CVE-2019-1000048
	REJECTED
CVE-2019-1000047
	REJECTED
CVE-2019-1000041
	REJECTED
CVE-2019-1000030
	REJECTED
CVE-2019-8955 (In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5. ...)
	- tor 0.3.5.8-1
	[stretch] - tor <not-affected> (Only affects 0.3.2.1 and later)
	[jessie] - tor <not-affected> (Only affects 0.3.2.1 and later)
	NOTE: https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312
	NOTE: https://trac.torproject.org/projects/tor/ticket/29168
CVE-2019-8954 (In Indexhibit 2.1.5, remote attackers can execute arbitrary code via t ...)
	NOT-FOR-US: Indexhibit
CVE-2019-8953 (The HAProxy package before 0.59_16 for pfSense has XSS via the desc (a ...)
	NOT-FOR-US: HAProxy package for pfSense
CVE-2019-8952 (A Path Traversal vulnerability located in the webserver affects severa ...)
	NOT-FOR-US: Bosch
CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects severa ...)
	NOT-FOR-US: Bosch
CVE-2019-1003028 (A server-side request forgery vulnerability exists in Jenkins JMS Mess ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003027 (A server-side request forgery vulnerability exists in Jenkins OctopusD ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003026 (A server-side request forgery vulnerability exists in Jenkins Mattermo ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003025 (A exposure of sensitive information vulnerability exists in Jenkins Cl ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003024 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...)
	NOT-FOR-US: Jenkins
CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices w ...)
	NOT-FOR-US: DASAN
CVE-2019-8949
	RESERVED
CVE-2019-8948 (PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script i ...)
	NOT-FOR-US: PaperCut MF
CVE-2019-8947 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2019-8946 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2019-8945 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...)
	NOT-FOR-US: Terraform
CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...)
	- wordpress <unfixed> (bug #923583)
	[jessie] - wordpress <postponed> (requires privileged account, not directly exploitable as CVE-2019-8942 is fixed, no official patch)
	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
	NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image().
	NOTE: Patching CVE-2019-8942 makes CVE-2019-8943 (RCE) not directly exploitable
	NOTE: RCE would now require a vulnerable plugin, and a crop-resistant PHP webshell embedded in an image (preserved EXIF data, PNG IDAT reverse deflate...)
	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/#path-traversal-via-modified-post-meta
	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/#exploiting-the-path-traversal-lfi-in-theme-directory
CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ...)
	{DSA-4401-1 DLA-1742-1}
	- wordpress 5.0.1+dfsg1-1
	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
	NOTE: Issue fixed in 4.9.9 and 5.0.1 upstream
CVE-2019-8941
	RESERVED
CVE-2019-8940
	RESERVED
CVE-2019-8939 (data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a  ...)
	NOT-FOR-US: Tautulli
CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter ...)
	NOT-FOR-US: VertrigoServ
CVE-2019-8937 (HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, ori ...)
	- hoteldruid 2.3.2-1 (bug #929136)
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (Minor issue)
	NOTE: https://www.exploit-db.com/exploits/46429/
CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...)
	[experimental] - ntp 1:4.2.8p13+dfsg-1
	- ntp 1:4.2.8p12+dfsg-4 (bug #924228)
	[stretch] - ntp <not-affected> (Introduced with the fix for CVE-2018-7182, not backported to stretch)
	[jessie] - ntp <not-affected> (Introduced with the fix for CVE-2018-7182, not backported to jessie)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=3565
	NOTE: http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ
	NOTE: Relates/corresponds to https://gitlab.com/NTPsec/ntpsec/issues/509 for ntpsec
	NOTE: which has a separate CVE id CVE-2019-6445 specifically for src:ntpsec
CVE-2019-8934 (hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure becau ...)
	- qemu 1:4.1-1 (low; bug #922923)
	[buster] - qemu <ignored> (Too intrusive to backport, marginal impact)
	[stretch] - qemu <ignored> (Too intrusive to backport, marginal impact)
	[jessie] - qemu <ignored> (Too intrusive to backport, marginal impact, ppc not supported in jessie-lts)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html
CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ di ...)
	NOT-FOR-US: DedeCMS
CVE-2019-8935 (Collabtive 3.1 allows XSS via the manageuser.php?action=profile id par ...)
	- collabtive <removed>
	[jessie] - collabtive <ignored> (Minor issue)
CVE-2019-8932 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...)
	NOT-FOR-US: Redbrick Shift
CVE-2019-8931 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...)
	NOT-FOR-US: Redbrick Shift
CVE-2019-8930
	RESERVED
CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8928 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8927 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8926 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel ...)
	NOT-FOR-US: XAMPP
CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
	NOT-FOR-US: XAMPP
CVE-2019-8922
	RESERVED
CVE-2019-8921
	RESERVED
CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...)
	NOT-FOR-US: XAMPP
CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 f ...)
	NOT-FOR-US: Seafile Android Client
CVE-2019-8918
	RESERVED
CVE-2019-8917 (SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code exe ...)
	NOT-FOR-US: SolarWinds Orion NPM
CVE-2019-8916
	RESERVED
CVE-2019-8915
	RESERVED
CVE-2019-8914
	RESERVED
CVE-2019-8913
	RESERVED
CVE-2019-8912 (In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg ...)
	- linux 4.19.28-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
CVE-2019-8911 (An issue was discovered in WTCMS 1.0. It has stored XSS via the third  ...)
	NOT-FOR-US: WTCMS
CVE-2019-8910 (An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&amp; ...)
	NOT-FOR-US: WTCMS
CVE-2019-8909 (An issue was discovered in WTCMS 1.0. It allows remote attackers to ca ...)
	NOT-FOR-US: WTCMS
CVE-2019-8908 (An issue was discovered in WTCMS 1.0. It allows remote attackers to ex ...)
	NOT-FOR-US: WTCMS
CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows remote att ...)
	{DLA-1698-1}
	- file 1:5.35-3 (bug #922968)
	[stretch] - file <no-dsa> (Minor issue; will be fixed in point release)
	NOTE: https://bugs.astron.com/view.php?id=65
	NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bou ...)
	- file 1:5.35-3 (bug #922969)
	[stretch] - file <not-affected> (vulnerable code introduced later)
	[jessie] - file <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.astron.com/view.php?id=64
	NOTE: Introduced by: https://github.com/file/file/commit/0ac0678c52e248fd2a632a84b638694f205aef9d (FILE5_31)
	NOTE: Fixed by: https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f (FILE5_36)
CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...)
	{DLA-1698-1}
	- file 1:5.35-3 (bug #922968)
	[stretch] - file <no-dsa> (Minor issue; will be fixed in point release)
	NOTE: https://bugs.astron.com/view.php?id=63
	NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based  ...)
	- file 1:5.35-3 (bug #922967)
	[stretch] - file <not-affected> (vulnerable code introduced later)
	[jessie] - file <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.astron.com/view.php?id=62
	NOTE: Introduced by: https://github.com/file/file/commit/76c55eae2f9b0b378332762f6dce544d05eb24d7 (FILE5_34)
	NOTE: Fixed by: https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55 (FILE5_36)
CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. ...)
	NOT-FOR-US: Total.js Platform
CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vuln ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-8901
	RESERVED
CVE-2019-8900
	RESERVED
CVE-2019-8899
	RESERVED
CVE-2019-8898
	RESERVED
CVE-2019-8897
	RESERVED
CVE-2019-8896
	RESERVED
CVE-2019-8895
	RESERVED
CVE-2019-8894
	RESERVED
CVE-2019-8893
	RESERVED
CVE-2019-8892
	RESERVED
CVE-2019-8891
	RESERVED
CVE-2019-8890
	RESERVED
CVE-2019-8889
	RESERVED
CVE-2019-8888
	RESERVED
CVE-2019-8887
	RESERVED
CVE-2019-8886
	RESERVED
CVE-2019-8885
	RESERVED
CVE-2019-8884
	RESERVED
CVE-2019-8883
	RESERVED
CVE-2019-8882
	RESERVED
CVE-2019-8881
	RESERVED
CVE-2019-8880
	RESERVED
CVE-2019-8879
	RESERVED
CVE-2019-8878
	RESERVED
CVE-2019-8877
	RESERVED
CVE-2019-8876
	RESERVED
CVE-2019-8875
	RESERVED
CVE-2019-8874
	RESERVED
CVE-2019-8873
	RESERVED
CVE-2019-8872
	RESERVED
CVE-2019-8871
	RESERVED
CVE-2019-8870
	RESERVED
CVE-2019-8869
	RESERVED
CVE-2019-8868
	RESERVED
CVE-2019-8867
	RESERVED
CVE-2019-8866
	RESERVED
CVE-2019-8865
	RESERVED
CVE-2019-8864
	RESERVED
CVE-2019-8863
	RESERVED
CVE-2019-8862
	RESERVED
CVE-2019-8861
	RESERVED
CVE-2019-8860
	RESERVED
CVE-2019-8859
	RESERVED
CVE-2019-8858
	RESERVED
CVE-2019-8857
	RESERVED
CVE-2019-8856
	RESERVED
CVE-2019-8855
	RESERVED
CVE-2019-8854
	RESERVED
CVE-2019-8853
	RESERVED
CVE-2019-8852
	RESERVED
CVE-2019-8851
	RESERVED
CVE-2019-8850
	RESERVED
CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...)
	NOT-FOR-US: Apple
CVE-2019-8848
	RESERVED
CVE-2019-8847
	RESERVED
CVE-2019-8846
	RESERVED
	{DSA-4610-1}
	- webkit2gtk 2.26.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8845
	RESERVED
CVE-2019-8844
	RESERVED
	{DSA-4610-1}
	- webkit2gtk 2.26.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8843
	RESERVED
CVE-2019-8842 [he `ippReadIO` function may under-read an extension field]
	RESERVED
	{DLA-2237-1}
	- cups 2.3.1-12
	[buster] - cups 2.2.10-6+deb10u3
	[stretch] - cups <no-dsa> (Minor issue)
	NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ipp.c: ippReadIO)
CVE-2019-8841
	RESERVED
CVE-2019-8840
	RESERVED
CVE-2019-8839
	RESERVED
CVE-2019-8838
	RESERVED
CVE-2019-8837
	RESERVED
CVE-2019-8836
	RESERVED
CVE-2019-8835
	RESERVED
	{DSA-4610-1}
	- webkit2gtk 2.26.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8834
	RESERVED
CVE-2019-8833
	RESERVED
CVE-2019-8832
	RESERVED
CVE-2019-8831
	RESERVED
CVE-2019-8830
	RESERVED
CVE-2019-8829
	RESERVED
CVE-2019-8828
	RESERVED
CVE-2019-8827
	RESERVED
CVE-2019-8826
	RESERVED
CVE-2019-8825
	RESERVED
CVE-2019-8824
	RESERVED
CVE-2019-8823 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8822 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8821 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8820 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8819 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8818
	RESERVED
CVE-2019-8817 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8816 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8815 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8814 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4563-1}
	- webkit2gtk 2.26.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8813 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8812 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4563-1}
	- webkit2gtk 2.26.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8811 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8810
	RESERVED
CVE-2019-8809
	RESERVED
CVE-2019-8808 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8807 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8806 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-8805 (A validation issue existed in the entitlement verification. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-8804 (An inconsistency in Wi-Fi network configuration settings was addressed ...)
	NOT-FOR-US: Apple
CVE-2019-8803 (An authentication issue was addressed with improved state management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8802 (A validation issue was addressed with improved logic. This issue is fi ...)
	NOT-FOR-US: Apple
CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was addr ...)
	NOT-FOR-US: Apple
CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-8799
	RESERVED
CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8797 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8796
	RESERVED
CVE-2019-8795 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8794 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8793 (A consistency issue existed in deciding when to show the screen record ...)
	NOT-FOR-US: Apple
CVE-2019-8792 (An injection issue was addressed with improved validation. This issue  ...)
	NOT-FOR-US: Shazam Android App
CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was address ...)
	NOT-FOR-US: Shazam Android App
CVE-2019-8790
	RESERVED
CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...)
	NOT-FOR-US: Apple
CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was addressed with ...)
	NOT-FOR-US: Apple
CVE-2019-8787 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8786 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8785 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8784 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8783 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8782 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8781 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2019-8780
	RESERVED
CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue was addre ...)
	NOT-FOR-US: Apple
CVE-2019-8778
	RESERVED
CVE-2019-8777
	RESERVED
CVE-2019-8776
	RESERVED
CVE-2019-8775 (The issue was addressed by restricting options offered on a locked dev ...)
	NOT-FOR-US: Apple
CVE-2019-8774
	RESERVED
CVE-2019-8773
	RESERVED
CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs. This issu ...)
	NOT-FOR-US: Apple
CVE-2019-8771
	RESERVED
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8770 (The issue was addressed with improved permissions logic. This issue is ...)
	NOT-FOR-US: Apple
CVE-2019-8769 (An issue existed in the drawing of web page elements. The issue was ad ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8768 ("Clear History and Website Data" did not clear the history. The issue  ...)
	- webkit2gtk 2.24.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8767
	RESERVED
CVE-2019-8766 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8765 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8764 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8763 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8762
	RESERVED
CVE-2019-8761
	RESERVED
CVE-2019-8760 (This issue was addressed by improving Face ID machine learning models. ...)
	NOT-FOR-US: Apple
CVE-2019-8759
	RESERVED
CVE-2019-8758 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8757 (A race condition existed when reading and writing user preferences. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8756
	RESERVED
CVE-2019-8755 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2019-8754
	RESERVED
CVE-2019-8753
	RESERVED
CVE-2019-8752
	RESERVED
CVE-2019-8751
	RESERVED
CVE-2019-8750 (Multiple memory corruption issues were addressed with improved input v ...)
	NOT-FOR-US: Apple
CVE-2019-8749
	RESERVED
CVE-2019-8748 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8747 (A memory corruption vulnerability was addressed with improved locking. ...)
	NOT-FOR-US: Apple
CVE-2019-8746
	RESERVED
CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking. This is ...)
	NOT-FOR-US: Apple
CVE-2019-8744
	RESERVED
CVE-2019-8743 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8742 (The issue was addressed by restricting options offered on a locked dev ...)
	NOT-FOR-US: Apple
CVE-2019-8741 (A denial of service issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8740
	RESERVED
CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2019-8738 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2019-8737
	RESERVED
CVE-2019-8736
	RESERVED
CVE-2019-8735 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8734
	RESERVED
CVE-2019-8733 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8732
	RESERVED
CVE-2019-8731 (A permissions issue existed in which execute permission was incorrectl ...)
	NOT-FOR-US: Apple
CVE-2019-8730 (The contents of locked notes sometimes appeared in search results. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8729
	RESERVED
CVE-2019-8728
	RESERVED
CVE-2019-8727 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-8726 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8725 (The issue was addressed with improved handling of service worker lifet ...)
	NOT-FOR-US: Apple
CVE-2019-8724 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
	NOT-FOR-US: Apple
CVE-2019-8723 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
	NOT-FOR-US: Apple
CVE-2019-8722 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
	NOT-FOR-US: Apple
CVE-2019-8721 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...)
	NOT-FOR-US: Apple
CVE-2019-8720
	RESERVED
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8719 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8718
	RESERVED
CVE-2019-8717 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8716
	RESERVED
CVE-2019-8715
	RESERVED
CVE-2019-8714
	RESERVED
CVE-2019-8713
	RESERVED
CVE-2019-8712
	RESERVED
CVE-2019-8711 (A logic issue existed with the display of notification previews. This  ...)
	NOT-FOR-US: Apple
CVE-2019-8710 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8709
	RESERVED
CVE-2019-8708
	RESERVED
CVE-2019-8707 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8706
	RESERVED
CVE-2019-8705 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-8704 (An authentication issue was addressed with improved state management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8703
	RESERVED
CVE-2019-8702
	RESERVED
CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8700
	RESERVED
CVE-2019-8699 (A logic issue existed in the handling of answering phone calls. The is ...)
	NOT-FOR-US: Apple
CVE-2019-8698 (A validation issue existed in the entitlement verification. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-8697 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function]
	RESERVED
	{DLA-1893-1}
	- cups 2.2.12-1 (bug #934957)
	[buster] - cups 2.2.10-6+deb10u1
	[stretch] - cups 2.2.1-8+deb9u4
	NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
CVE-2019-8695 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8694 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8693 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8692 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8691 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8690 (A logic issue existed in the handling of document loads. This issue wa ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8689 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8688 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8687 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8686 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8685 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2019-8684 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8683 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8682 (The issue was addressed with improved UI handling. This issue is fixed ...)
	NOT-FOR-US: Apple
CVE-2019-8681 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8680 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8679 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8678 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8677 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8676 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
	RESERVED
	{DLA-1893-1}
	- cups 2.2.12-1 (bug #934957)
	[buster] - cups 2.2.10-6+deb10u1
	[stretch] - cups 2.2.1-8+deb9u4
	NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
CVE-2019-8674 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8673 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8672 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8671 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8670 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2019-8669 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8668
	RESERVED
CVE-2019-8667 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2019-8666 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.3-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8665 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-8664
	RESERVED
CVE-2019-8663 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8662 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8661 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8660 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8659 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8658 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8657 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8656
	RESERVED
CVE-2019-8655
	RESERVED
CVE-2019-8654 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2019-8653
	RESERVED
CVE-2019-8652
	RESERVED
CVE-2019-8651
	RESERVED
CVE-2019-8650
	RESERVED
CVE-2019-8649 (A logic issue existed in the handling of synchronous page loads. This  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8648 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8647 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8646 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8645
	RESERVED
CVE-2019-8644 (Multiple memory corruption issues were addressed with improved memory  ...)
	{DSA-4515-1}
	- webkit2gtk 2.24.4-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8643
	RESERVED
CVE-2019-8642
	RESERVED
CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...)
	NOT-FOR-US: Apple
CVE-2019-8640
	RESERVED
CVE-2019-8639
	RESERVED
CVE-2019-8638
	RESERVED
CVE-2019-8637 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8636
	RESERVED
CVE-2019-8635 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8634 (An authentication issue was addressed with improved state management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8633
	RESERVED
CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This was ad ...)
	NOT-FOR-US: Apple
CVE-2019-8631
	RESERVED
CVE-2019-8630 (The issue was addressed with improved UI handling. This issue is fixed ...)
	NOT-FOR-US: Apple
CVE-2019-8629 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2019-8628 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2019-8627
	RESERVED
CVE-2019-8626 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8625 (A logic issue was addressed with improved state management. This issue ...)
	{DSA-4558-1}
	- webkit2gtk 2.26.0-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
CVE-2019-8624 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8623 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8622 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8621
	RESERVED
CVE-2019-8620 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
	NOT-FOR-US: Apple
CVE-2019-8619 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8618
	RESERVED
CVE-2019-8617 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8616 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8615 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
CVE-2019-8614
	RESERVED
CVE-2019-8613 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8612
	RESERVED
CVE-2019-8611 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8610 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8609 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8608 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8607 (An out-of-bounds read was addressed with improved input validation. Th ...)
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
CVE-2019-8606 (A validation issue existed in the handling of symlinks. This issue was ...)
	NOT-FOR-US: Apple
CVE-2019-8605 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8604 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8603 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8602 (A memory corruption issue was addressed by removing the vulnerable cod ...)
	NOT-FOR-US: Apple
CVE-2019-8601 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8600 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8599 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2019-8598 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8597 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8596 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8595 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.2-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
CVE-2019-8594 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8593 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8592
	RESERVED
CVE-2019-8591 (A type confusion issue was addressed with improved memory handling. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issue is  ...)
	NOT-FOR-US: Apple
CVE-2019-8589 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8588
	RESERVED
CVE-2019-8587 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8586 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8585 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8584 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8583 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8582
	RESERVED
CVE-2019-8581
	RESERVED
CVE-2019-8580
	RESERVED
CVE-2019-8579
	RESERVED
CVE-2019-8578
	RESERVED
CVE-2019-8577 (An input validation issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8575
	RESERVED
CVE-2019-8574 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-8573
	RESERVED
CVE-2019-8572
	RESERVED
CVE-2019-8571 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8570
	RESERVED
CVE-2019-8569
	RESERVED
CVE-2019-8568 (A validation issue existed in the handling of symlinks. This issue was ...)
	NOT-FOR-US: Apple
CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
	NOT-FOR-US: Apple
CVE-2019-8566 (An API issue existed in the handling of microphone data. This issue wa ...)
	NOT-FOR-US: Apple
CVE-2019-8565 (A race condition was addressed with additional validation. This issue  ...)
	NOT-FOR-US: Apple
CVE-2019-8564
	RESERVED
CVE-2019-8563 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8562 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-8561 (A logic issue was addressed with improved validation. This issue is fi ...)
	NOT-FOR-US: Apple
CVE-2019-8560 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8559 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8558 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8557
	RESERVED
CVE-2019-8556 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8555 (A buffer overflow was addressed with improved size validation. This is ...)
	NOT-FOR-US: Apple
CVE-2019-8554 (A permissions issue existed in the handling of motion and orientation  ...)
	NOT-FOR-US: Apple
CVE-2019-8553 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-8552 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2019-8551 (A logic issue was addressed with improved validation. This issue is fi ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8550 (An issue existed in the pausing of FaceTime video. The issue was resol ...)
	NOT-FOR-US: Apple
CVE-2019-8549 (Multiple input validation issues existed in MIG generated code. These  ...)
	NOT-FOR-US: Apple
CVE-2019-8548 (An issue existed where partially entered passcodes may not clear when  ...)
	NOT-FOR-US: Apple
CVE-2019-8547
	RESERVED
CVE-2019-8546 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Apple
CVE-2019-8545 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2019-8544 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8543
	RESERVED
CVE-2019-8542 (A buffer overflow was addressed with improved bounds checking. This is ...)
	NOT-FOR-US: Apple
CVE-2019-8541 (A privacy issue existed in motion sensor calibration. This issue was a ...)
	NOT-FOR-US: Apple
CVE-2019-8540 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2019-8539
	RESERVED
CVE-2019-8538
	RESERVED
CVE-2019-8537 (An access issue was addressed with improved memory management. This is ...)
	NOT-FOR-US: Apple
CVE-2019-8536 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8535 (A memory corruption issue was addressed with improved state management ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8534
	RESERVED
CVE-2019-8533 (A lock handling issue was addressed with improved lock handling. This  ...)
	NOT-FOR-US: Apple
CVE-2019-8532
	RESERVED
CVE-2019-8531
	RESERVED
CVE-2019-8530 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8529 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-8528
	RESERVED
CVE-2019-8527 (A buffer overflow was addressed with improved size validation. This is ...)
	NOT-FOR-US: Apple
CVE-2019-8526 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2019-8525
	RESERVED
CVE-2019-8524 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8523 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8522 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-8521 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8520 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8519 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8518 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8517 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-8516 (A validation issue was addressed with improved logic. This issue is fi ...)
	NOT-FOR-US: Apple
CVE-2019-8515 (A cross-origin issue existed with the fetch API. This was addressed wi ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8514 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-8513 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-8512 (This issue was addressed with improved transparency. This issue is fix ...)
	NOT-FOR-US: Apple
CVE-2019-8511 (A buffer overflow issue was addressed with improved memory handling. T ...)
	NOT-FOR-US: Apple
CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2019-8509
	RESERVED
CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking. This is ...)
	NOT-FOR-US: Apple
CVE-2019-8507 (Multiple memory corruption issues were addressed with improved input v ...)
	NOT-FOR-US: Apple
CVE-2019-8506 (A type confusion issue was addressed with improved memory handling. Th ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8505 (A logic issue was addressed with improved validation. This issue is fi ...)
	NOT-FOR-US: Apple
CVE-2019-8504 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2019-8503 (A logic issue was addressed with improved validation. This issue is fi ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8502 (An API issue existed in the handling of dictation requests. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-8501
	RESERVED
CVE-2019-8500
	RESERVED
CVE-2019-8499
	RESERVED
CVE-2019-8498
	RESERVED
CVE-2019-8497
	RESERVED
CVE-2019-8496
	RESERVED
CVE-2019-8495
	RESERVED
CVE-2019-8494
	RESERVED
CVE-2019-8493
	RESERVED
CVE-2019-8492
	RESERVED
CVE-2019-8491
	RESERVED
CVE-2019-8490
	RESERVED
CVE-2019-8489
	RESERVED
CVE-2019-8488
	RESERVED
CVE-2019-8487
	RESERVED
CVE-2019-8486
	RESERVED
CVE-2019-8485
	RESERVED
CVE-2019-8484
	RESERVED
CVE-2019-8483
	RESERVED
CVE-2019-8482
	RESERVED
CVE-2019-8481
	RESERVED
CVE-2019-8480
	RESERVED
CVE-2019-8479
	RESERVED
CVE-2019-8478
	RESERVED
CVE-2019-8477
	RESERVED
CVE-2019-8476
	RESERVED
CVE-2019-8475
	RESERVED
CVE-2019-8474
	RESERVED
CVE-2019-8473
	RESERVED
CVE-2019-8472
	RESERVED
CVE-2019-8471
	RESERVED
CVE-2019-8470
	RESERVED
CVE-2019-8469
	RESERVED
CVE-2019-8468
	RESERVED
CVE-2019-8467
	RESERVED
CVE-2019-8466
	RESERVED
CVE-2019-8465
	RESERVED
CVE-2019-8464
	RESERVED
CVE-2019-8463 (A denial of service vulnerability was reported in Check Point Endpoint ...)
	NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before JHF Tak ...)
	NOT-FOR-US: Check Point R80.30 Security Gateway
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
	NOT-FOR-US: Check Point
CVE-2019-8460 (OpenBSD kernel version &lt;= 6.5 can be forced to create long chains o ...)
	NOT-FOR-US: Check Point
CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade,  ...)
	NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malware bl ...)
	NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...)
	- sqlite3 3.27.2-3 (bug #929775)
	[stretch] - sqlite3 <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://www.sqlite.org/src/info/90acdbfce9c08858
	NOTE: Make the internal dynamic string interface available to extensions:
	NOTE: https://sqlite.org/src/info/87f261f0cb800b06
	NOTE: Affected function is not used in Debian and meant for debugging purposes,
	NOTE: backporting the fix would be very complex.
	NOTE: https://lists.debian.org/debian-lts/2019/06/msg00013.html
	NOTE: https://lists.debian.org/debian-lts/2019/06/msg00036.html
CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditio ...)
	NOT-FOR-US: Check Point
CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8454 (A local attacker can create a hard-link between a file to which the Ch ...)
	NOT-FOR-US: Check Point Endpoint Security client for Windows
CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up  ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8451 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...)
	NOT-FOR-US: Jira
CVE-2019-8450 (Various templates of the Optimization plugin in Jira before version 7. ...)
	NOT-FOR-US: Jira
CVE-2019-8449 (The /rest/api/latest/groupuserpicker resource in Jira before version 8 ...)
	NOT-FOR-US: Jira
CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8447 (The ServiceExecutor resource in Jira before version 8.3.2 allows remot ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8446 (The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2  ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8445 (Several worklog rest resources in Jira before version 7.13.7, and from ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8444 (The wikirenderer component in Jira before version 7.13.6, and from ver ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8443 (The ViewUpgrades resource in Jira before version 7.13.4, from version  ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8442 (The CachingResourceDownloadRewriteRule class in Jira before version 7. ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-8441
	RESERVED
CVE-2019-8440 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...)
	NOT-FOR-US: DiliCMS
CVE-2019-8439 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...)
	NOT-FOR-US: DiliCMS
CVE-2019-8438 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...)
	NOT-FOR-US: DiliCMS
CVE-2019-8437 (njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to a ...)
	NOT-FOR-US: njiandan-cms
CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] par ...)
	NOT-FOR-US: imcat
CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-8434 (In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. ...)
	NOT-FOR-US: CmsEasy
CVE-2019-8433 (JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/conso ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2019-8432 (In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. ...)
	NOT-FOR-US: CmsEasy
CVE-2019-8431
	RESERVED
CVE-2019-8430
	RESERVED
CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php fil ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in the const ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sor ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ...)
	- zoneminder <unfixed> (bug #922724)
CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the descri ...)
	NOT-FOR-US: PbootCMS
CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS throug ...)
	NOT-FOR-US: BageCMS
CVE-2019-8420
	RESERVED
CVE-2019-8419 (VNote 2.2 has XSS via a new text note. ...)
	NOT-FOR-US: VNote
CVE-2019-8418 (SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. ...)
	NOT-FOR-US: SeaCMS
CVE-2019-8417
	RESERVED
CVE-2019-8416
	RESERVED
CVE-2019-8415
	RESERVED
CVE-2019-8414
	RESERVED
CVE-2013-7469 (Seafile through 6.2.11 always uses the same Initialization Vector (IV) ...)
	- seafile <unfixed> (bug #923009)
	[buster] - seafile <ignored> (Minor issue)
	NOTE: https://github.com/haiwen/seafile/issues/350
CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer derefer ...)
	NOT-FOR-US: Xiaomi
CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or del ...)
	NOT-FOR-US: FeiFeiCms
CVE-2019-8411 (admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers t ...)
	NOT-FOR-US: zzcms
CVE-2019-8410 (Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter bec ...)
	NOT-FOR-US: Maccms
CVE-2019-8409
	RESERVED
CVE-2019-8408 (OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by  ...)
	NOT-FOR-US: OneFileCMS
CVE-2019-8407 (HongCMS 3.0.0 allows arbitrary file read and write operations via a .. ...)
	NOT-FOR-US: HongCMS
CVE-2019-8406
	RESERVED
CVE-2019-8405
	RESERVED
CVE-2019-8404 (An issue was discovered in Webiness Inventory 2.3. The ProductModel co ...)
	NOT-FOR-US: Webiness Inventory
CVE-2019-8403
	RESERVED
CVE-2019-8402
	RESERVED
CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages ...)
	NOT-FOR-US: WooCommerce plugin
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before  ...)
	{DLA-1708-1}
	- zabbix 1:3.0.17+dfsg-1 (low)
	[stretch] - zabbix <no-dsa> (Minor issue)
	NOTE: https://support.zabbix.com/browse/ZBX-10272
	NOTE: https://support.zabbix.com/browse/ZBX-13133
CVE-2019-8401
	REJECTED
CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/ ...)
	NOT-FOR-US: ORY Hydra
CVE-2019-8399
	RESERVED
CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
	- hdf5 <unfixed>
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5
	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10711
CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoh ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allow ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL Injection via the API because ...)
	NOT-FOR-US: Hotels_Server
CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...)
	NOT-FOR-US: D-Link
CVE-2019-8391 (qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?typ ...)
	NOT-FOR-US: qdPM
CVE-2019-8390 (qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keyword ...)
	NOT-FOR-US: qdPM
CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer feature ...)
	NOT-FOR-US: Musicloud
CVE-2019-8388
	RESERVED
CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, r ...)
	NOT-FOR-US: MASTER IPCAMERA01 devices
CVE-2019-8386
	RESERVED
CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.35 ...)
	NOT-FOR-US: Thomson Reuters Desktop Extensions
CVE-2019-8384
	RESERVED
CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory  ...)
	- advancecomp 2.1-2.1 (bug #928730)
	[stretch] - advancecomp <no-dsa> (Minor issue)
	[jessie] - advancecomp <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/advancemame/bugs/272/
	NOTE: https://github.com/amadvance/advancecomp/commit/78a56b21340157775be2462a19276b4d31d2bd01
CVE-2019-8382 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...)
	NOT-FOR-US: Bento4
CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory access o ...)
	- tcpreplay 4.3.1-2 (unimportant; bug #922622)
	NOTE: https://github.com/appneta/tcpreplay/issues/538
	NOTE: Crash in a CLI tool, no security impact
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...)
	NOT-FOR-US: Bento4
CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...)
	- advancecomp 2.1-2.1 (bug #928729)
	[stretch] - advancecomp <no-dsa> (Minor issue)
	[jessie] - advancecomp <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/advancemame/bugs/271/
	NOTE: https://github.com/amadvance/advancecomp/commit/7894a6e684ce68ddff9f4f4919ab8e3911ac8040
CVE-2019-8378 (An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over- ...)
	NOT-FOR-US: Bento4
CVE-2019-8377 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...)
	- tcpreplay 4.3.1-2 (unimportant; bug #922623)
	NOTE: https://github.com/appneta/tcpreplay/issues/536
	NOTE: Crash in a CLI tool, no security impact
CVE-2019-8376 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...)
	- tcpreplay 4.3.1-2 (unimportant; bug #922624)
	NOTE: https://github.com/appneta/tcpreplay/issues/537
	NOTE: Crash in a CLI tool, no security impact
CVE-2019-8375 (The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.9 ...)
	- webkit2gtk 2.24.1-1 (unimportant)
	NOTE: https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531
	NOTE: https://trac.webkit.org/changeset/241515/webkit
	NOTE: https://www.inputzero.io/2019/02/fuzzing-webkit.html
	NOTE: Not covered by security support
CVE-2019-8374
	RESERVED
CVE-2019-8373
	RESERVED
CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes f ...)
	NOT-FOR-US: LG
CVE-2019-8371 (OpenEMR v5.0.1-6 allows code execution. ...)
	NOT-FOR-US: OpenEMR
CVE-2019-8370
	REJECTED
CVE-2019-8369
	REJECTED
CVE-2019-8368 (OpenEMR v5.0.1-6 allows XSS. ...)
	NOT-FOR-US: OpenEMR
CVE-2019-8367
	RESERVED
CVE-2019-8366
	RESERVED
CVE-2019-8365
	RESERVED
CVE-2019-8364
	RESERVED
CVE-2019-8363 (Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstr ...)
	NOT-FOR-US: Verydows
CVE-2019-8362 (DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edi ...)
	NOT-FOR-US: DedeCMS
CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Search B ...)
	NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find ...)
	NOT-FOR-US: Themerig Find a Place CMS Directory
CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.3 and Contiki through  ...)
	NOT-FOR-US: Contiki-NG
CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...)
	NOT-FOR-US: Hiawatha
CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c  ...)
	{DLA-1808-1}
	- sox 14.4.2+git20190427-1 (low; bug #927906)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://sourceforge.net/p/sox/bugs/318
	NOTE: https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/
CVE-2019-8356 (An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2  ...)
	{DLA-1808-1}
	- sox 14.4.2+git20190427-1 (bug #927906)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://sourceforge.net/p/sox/bugs/321
	NOTE: https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/
CVE-2019-8355 (An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integ ...)
	{DLA-1808-1}
	- sox 14.4.2+git20190427-1 (bug #927906)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://sourceforge.net/p/sox/bugs/320
	NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/
CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c  ...)
	{DLA-1808-1}
	- sox 14.4.2+git20190427-1 (bug #927906)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://sourceforge.net/p/sox/bugs/319
	NOTE: https://sourceforge.net/p/sox/code/ci/f70911261a84333b077c29908e1242f69d7439eb
CVE-2019-8353
	RESERVED
CVE-2019-8352 (By default, BMC PATROL Agent through 11.3.01 uses a static encryption  ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...)
	NOT-FOR-US: Heimdal Thor Agent
CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed i ...)
	NOT-FOR-US: Simple - Better Banking application for Android
CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 all ...)
	NOT-FOR-US: HTMLy
CVE-2019-8348
	RESERVED
CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via ...)
	NOT-FOR-US: BEESCMS
CVE-2019-8346 (In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authoriza ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-8345 (The Help feature in the ES File Explorer File Manager application 4.1. ...)
	NOT-FOR-US: ES File Explorer File Manager
CVE-2019-8344
	RESERVED
CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ...)
	- nasm <unfixed> (unimportant; bug #922433)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
	NOTE: Crash in CLI tool, no security impact
CVE-2019-8342 (A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0. ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-8341 (** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string ...)
	- jinja2 <unfixed> (unimportant)
	NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
	NOTE: No real security impact and upstream indicates the CVE is invalid
CVE-2019-8340
	RESERVED
CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing indicator f ...)
	NOT-FOR-US: Falco
CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...)
	NOT-FOR-US: Airmail
CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...)
	- consul <not-affected> (Only affected 1.4.x series up, vulnerable code never present in Debian)
	NOTE: https://github.com/hashicorp/consul/issues/5423
CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...)
	NOT-FOR-US: SchoolCMS
CVE-2019-8334 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...)
	NOT-FOR-US: SchoolCMS
CVE-2019-8333
	RESERVED
CVE-2019-8332
	RESERVED
CVE-2019-8331 (In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in t ...)
	- twitter-bootstrap4 4.3.1+dfsg2-1
	- twitter-bootstrap3 3.4.1+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u2
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue; XSS in developer-issued input when HTML is enabled)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue; XSS in developer-issued input when HTML is enabled)
	NOTE: https://github.com/twbs/bootstrap/pull/28236
CVE-2019-8330
	RESERVED
CVE-2019-8329
	RESERVED
CVE-2019-8328
	RESERVED
CVE-2019-8327
	RESERVED
CVE-2019-8326
	RESERVED
CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
	- ruby2.5 2.5.5-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-3 (bug #925987)
	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...)
	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
	- ruby2.5 2.5.5-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-3 (bug #925987)
	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...)
	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
	- ruby2.5 2.5.5-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-3 (bug #925987)
	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...)
	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
	- ruby2.5 2.5.5-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-3 (bug #925987)
	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
	{DSA-4433-1 DLA-1796-1}
	- ruby2.5 2.5.5-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
	- rubygems <removed>
	- jruby 9.1.17.0-3 (bug #925987)
	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...)
	{DSA-4433-1 DLA-1735-1}
	- ruby2.5 2.5.5-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-3 (bug #925987)
	[jessie] - jruby <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8318 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8317 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8316 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8315 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8314 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8313 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8312 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
	NOT-FOR-US: D-Link
CVE-2019-8337 (In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default con ...)
	- mpop 1.4.3-1
	[stretch] - mpop <not-affected> (Vulnerable code introduced later)
	[jessie] - mpop <not-affected> (Vulnerable code introduced later)
	- msmtp 1.8.3-1 (bug #922345)
	[stretch] - msmtp <not-affected> (Vulnerable code introduced later)
	[jessie] - msmtp <not-affected> (Vulnerable code introduced later)
	NOTE: mpop: Introduced by: https://git.marlam.de/gitweb/?p=mpop.git;a=commit;h=3162356734663a0ea0f88857c4ace21fac1b023b (1.4.2)
	NOTE: mpop: Fixed by: https://git.marlam.de/gitweb/?p=mpop.git;a=commit;h=95b96da443a24a4a9cb6664aefff9f6fcc7ac86e (1.4.3)
	NOTE: msmtp: Introduced by: https://git.marlam.de/gitweb/?p=msmtp.git;a=commit;h=37371fa07729bfc11761b6d11befd7271528090d (1.8.2)
	NOTE: msmtp: Fixed by: https://git.marlam.de/gitweb/?p=msmtp.git;a=commit;h=a81d0a5126304f9f8b29a75d058044dc67d07663 (1.8.3)
CVE-2019-8311
	RESERVED
CVE-2019-8310
	RESERVED
CVE-2019-8309
	RESERVED
CVE-2019-8307
	RESERVED
CVE-2019-8306
	RESERVED
CVE-2019-8305
	RESERVED
CVE-2019-8304
	RESERVED
CVE-2019-8303
	RESERVED
CVE-2019-8302
	RESERVED
CVE-2019-8301
	RESERVED
CVE-2019-8300
	RESERVED
CVE-2019-8299
	RESERVED
CVE-2019-8298
	RESERVED
CVE-2019-8297
	RESERVED
CVE-2019-8296
	RESERVED
CVE-2019-8295
	RESERVED
CVE-2019-8294
	RESERVED
CVE-2019-8293 (Due to a logic error in the code, upload-image-with-ajax v1.0 allows a ...)
	NOT-FOR-US: upload-image-with-ajax
CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to see if a  ...)
	NOT-FOR-US: Online Store System
CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see if a use ...)
	NOT-FOR-US: Online Store System
CVE-2019-8290 (Vulnerability in Online Store v1.0, The registration form requirements ...)
	NOT-FOR-US: Online Store System
CVE-2019-8289 (Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php  ...)
	NOT-FOR-US: Online Store System
CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php where  ...)
	NOT-FOR-US: Online Store System
CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...)
	{DLA-2045-1}
	- tightvnc 1:1.3.9-9.1 (bug #945364)
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5
	NOTE: same as CVE-2018-20020/libvncserver
CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...)
	NOT-FOR-US: Kaspersky
CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-b ...)
	NOT-FOR-US: Kaspersky Lab Antivirus Engine
CVE-2019-8284
	RESERVED
CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7 ...)
	NOT-FOR-US: Gemalto Admin Control Center
CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses clearte ...)
	NOT-FOR-US: Gemalto Admin Control Center
CVE-2019-8281
	RESERVED
CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8279 (Multiple stored XSS in Vanilla Forums before 2.5 allow remote attacker ...)
	NOT-FOR-US: Vanilla Forums
CVE-2019-8278 (Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Rem ...)
	NOT-FOR-US: Invision Power Board
CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8276 (UltraVNC revision 1211 has a stack buffer overflow vulnerability in VN ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8275 (UltraVNC revision 1211 has multiple improper null termination vulnerab ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8274 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8273 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8272 (UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC  ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8271 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8270 (UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC cli ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8269 (UltraVNC revision 1206 has stack-based Buffer overflow vulnerability i ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8268 (UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC  ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8267 (UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC cli ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8266 (UltraVNC revision 1207 has multiple out-of-bounds access vulnerabiliti ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8265 (UltraVNC revision 1207 has multiple out-of-bounds access vulnerabiliti ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8264 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8263 (UltraVNC revision 1205 has stack-based buffer overflow vulnerability i ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8262 (UltraVNC revision 1203 has multiple heap buffer overflow vulnerabiliti ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8261 (UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC c ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8260 (UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC c ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...)
	NOT-FOR-US: UltraVNC
CVE-2019-8257 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...)
	NOT-FOR-US: ColdFusion
CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...)
	NOT-FOR-US: Adobe
CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
	NOT-FOR-US: Adobe
CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
	NOT-FOR-US: Adobe
CVE-2019-8252 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	TODO: check
CVE-2019-8251 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	TODO: check
CVE-2019-8250 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	TODO: check
CVE-2019-8249 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	TODO: check
CVE-2019-8248 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2019-8247 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...)
	NOT-FOR-US: Adobe
CVE-2019-8246 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds wr ...)
	NOT-FOR-US: Adobe
CVE-2019-8245
	RESERVED
CVE-2019-8244 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...)
	NOT-FOR-US: Adobe
CVE-2019-8243 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...)
	NOT-FOR-US: Adobe
CVE-2019-8242 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...)
	NOT-FOR-US: Adobe
CVE-2019-8241 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...)
	NOT-FOR-US: Adobe
CVE-2019-8240 (Adobe Bridge CC versions 9.1 and earlier have a memory corruption vuln ...)
	NOT-FOR-US: Adobe
CVE-2019-8239 (Adobe Bridge CC versions 9.1 and earlier have a memory corruption vuln ...)
	NOT-FOR-US: Adobe
CVE-2019-8238 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier versions  ...)
	NOT-FOR-US: Adobe
CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...)
	NOT-FOR-US: Magento
CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...)
	NOT-FOR-US: Adobe
CVE-2019-8233 (In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 ...)
	NOT-FOR-US: Magento
CVE-2019-8232 (In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 pr ...)
	NOT-FOR-US: Magento
CVE-2019-8231 (In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated  ...)
	NOT-FOR-US: Magento
CVE-2019-8230 (In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenti ...)
	NOT-FOR-US: Magento
CVE-2019-8229 (In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authent ...)
	NOT-FOR-US: Magento
CVE-2019-8228 (in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...)
	NOT-FOR-US: Magento
CVE-2019-8227 (In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...)
	NOT-FOR-US: Magento
CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8224 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8223 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8222 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8221 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8220 (Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.01 ...)
	NOT-FOR-US: Adobe
CVE-2019-8219 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8218 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8217 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8216 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8215 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8214 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8213 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8212 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8211 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8210 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8209 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8208 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8207 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8206 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8205 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8204 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8203 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8202 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8201 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8200 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8199 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8198 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8197 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8196 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8195 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8194 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8193 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8192 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8191 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8190 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8189 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8188 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8187 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8186 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8185 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8184 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8183 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8182 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8181 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8180 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8179 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8178 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8177 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8176 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8175 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8174 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8173 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8172 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8171 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8170 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8169 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8168 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8167 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8166 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8165 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8164 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8163 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8162 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8159 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8158 (An XPath entity injection vulnerability exists in Magento 2.2 prior to ...)
	NOT-FOR-US: Magento
CVE-2019-8157 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8156 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8155 (Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF  ...)
	NOT-FOR-US: Magento
CVE-2019-8154 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8153 (A mitigation bypass to prevent cross-site scripting (XSS) exists in Ma ...)
	NOT-FOR-US: Magento
CVE-2019-8152 (A stored cross-site scripting (XSS) vulnerability exists in in Magento ...)
	NOT-FOR-US: Magento
CVE-2019-8151 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8150 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8149 (Insecure authentication and session management vulnerability exists in ...)
	NOT-FOR-US: Magento
CVE-2019-8148 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8147 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8146 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8145 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8144 (A remote code execution vulnerability exists in Magento 2.3 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8143 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
	NOT-FOR-US: Magento
CVE-2019-8142 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8141 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8140 (An unrestricted file upload vulnerability exists in Magento 2.2 prior  ...)
	NOT-FOR-US: Magento
CVE-2019-8139 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8138 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8137 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8136 (An insecure component vulnerability exists in Magento 2.2 prior to 2.2 ...)
	NOT-FOR-US: Magento
CVE-2019-8135 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8134 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
	NOT-FOR-US: Magento
CVE-2019-8133 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...)
	NOT-FOR-US: Magento
CVE-2019-8132 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8131 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8130 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
	NOT-FOR-US: Magento
CVE-2019-8129 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8128 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8127 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...)
	NOT-FOR-US: Magento
CVE-2019-8126 (An XML entity injection vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8125 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...)
	NOT-FOR-US: Magento
CVE-2019-8124 (An insufficient logging and monitoring vulnerability exists in Magento ...)
	NOT-FOR-US: Magento
CVE-2019-8123 (An insufficient logging and monitoring vulnerability exists in Magento ...)
	NOT-FOR-US: Magento
CVE-2019-8122 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8121 (An insecure component vulnerability exists in Magento 2.1 prior to 2.1 ...)
	NOT-FOR-US: Magento
CVE-2019-8120 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8119 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8118 (Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3  ...)
	NOT-FOR-US: Magento
CVE-2019-8117 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-8116 (Insecure authentication and session management vulnerability exists in ...)
	NOT-FOR-US: Magento
CVE-2019-8115 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...)
	NOT-FOR-US: Magento
CVE-2019-8114 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...)
	NOT-FOR-US: Magento
CVE-2019-8113 (Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 us ...)
	NOT-FOR-US: Magento
CVE-2019-8112 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...)
	NOT-FOR-US: Magento
CVE-2019-8111 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8110 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8109 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-8108 (Insecure authentication and session management vulnerability exists in ...)
	NOT-FOR-US: Magento
CVE-2019-8107 (An arbitrary file deletion vulnerability exists in Magento 2.2 prior t ...)
	NOT-FOR-US: Magento
CVE-2019-8106 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8105 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8104 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8103 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8102 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8101 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8100 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8099 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8098 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8097 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8096 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8095 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8094 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8093 (An arbitrary file access vulnerability exists in Magento 2.2 prior to  ...)
	NOT-FOR-US: Magento
CVE-2019-8092 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...)
	NOT-FOR-US: Magento
CVE-2019-8091 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...)
	NOT-FOR-US: Magento
CVE-2019-8090 (An arbitrary file deletion vulnerability exists in Magento 2.1 prior t ...)
	NOT-FOR-US: Magento
CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...)
	NOT-FOR-US: Adobe
CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...)
	NOT-FOR-US: Adobe
CVE-2019-8087 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
	NOT-FOR-US: Adobe
CVE-2019-8086 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
	NOT-FOR-US: Adobe
CVE-2019-8085 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
	NOT-FOR-US: Adobe
CVE-2019-8084 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
	NOT-FOR-US: Adobe
CVE-2019-8083 (Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site s ...)
	NOT-FOR-US: Adobe
CVE-2019-8082 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external ...)
	NOT-FOR-US: Adobe
CVE-2019-8081 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authen ...)
	NOT-FOR-US: Adobe
CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...)
	NOT-FOR-US: Adobe
CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2019-8078 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cr ...)
	NOT-FOR-US: Adobe
CVE-2019-8077 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...)
	NOT-FOR-US: Adobe
CVE-2019-8075 (Adobe Flash Player version 32.0.0.192 and earlier versions have a Same ...)
	NOT-FOR-US: Adobe
CVE-2019-8074 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...)
	NOT-FOR-US: Adobe
CVE-2019-8073 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...)
	NOT-FOR-US: Adobe
CVE-2019-8072 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...)
	NOT-FOR-US: Adobe
CVE-2019-8071 (Adobe Download Manager versions 2.0.0.363 have an insecure file permis ...)
	NOT-FOR-US: Adobe
CVE-2019-8070 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...)
	NOT-FOR-US: Adobe
CVE-2019-8069 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...)
	NOT-FOR-US: Adobe
CVE-2019-8068
	RESERVED
CVE-2019-8067
	RESERVED
CVE-2019-8066 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	TODO: check
CVE-2019-8065
	RESERVED
CVE-2019-8064 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions have an  ...)
	NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
	NOT-FOR-US: Adobe
CVE-2019-8061 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8060 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8059 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8058 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8057 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8056 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8055 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8054 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8053 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8052 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8051 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8050 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8049 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8048 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8047 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8046 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8045 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8044 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8043 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8042 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8041 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8040 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8039 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8038 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8037 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8036 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8035 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8034 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8033 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8032 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8031 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8030 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8029 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8028 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8027 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8026 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8025 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8024 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8023 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8022 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8021 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8020 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8019 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8018 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8017 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8016 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8015 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8014 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8013 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8012 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8011 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8010 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8009 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8008 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8007 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8006 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8005 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8004 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8003 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8002 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-8001 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-8000 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7999 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7998 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7997 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7996 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7995 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7994 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7993 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7992 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7991 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7990 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7989 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7988 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7987 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7986 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7985 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7984 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7983 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7982 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7981 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7980 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7979 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7978 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7977 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7976 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7975 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7974 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7973 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7972 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7971 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7970 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7969 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7968 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier  ...)
	NOT-FOR-US: Adobe
CVE-2019-7967
	RESERVED
CVE-2019-7966
	RESERVED
CVE-2019-7965 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
	NOT-FOR-US: Adobe
CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an authentication  ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...)
	NOT-FOR-US: Adobe Bridge CC
CVE-2019-7962 (Adobe Illustrator CC versions 23.1 and earlier have an insecure librar ...)
	NOT-FOR-US: Adobe
CVE-2019-7961 (Adobe Prelude CC versions 8.1 and earlier have an insecure library loa ...)
	NOT-FOR-US: Adobe
CVE-2019-7960 (Adobe Animate CC versions 19.2.1 and earlier have an insecure library  ...)
	NOT-FOR-US: Adobe
CVE-2019-7959 (Creative Cloud Desktop Application versions 4.6.1 and earlier have a u ...)
	NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-7958 (Creative Cloud Desktop Application versions 4.6.1 and earlier have an  ...)
	NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-7957 (Creative Cloud Desktop Application versions 4.6.1 and earlier have a s ...)
	NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and below, 1 ...)
	NOT-FOR-US: Adobe
CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a Reflected Cross ...)
	NOT-FOR-US: Adobe
CVE-2019-7954 (Adobe Experience Manager version 6.4 and ealier have a Stored Cross-si ...)
	NOT-FOR-US: Adobe
CVE-2019-7953 (Adobe Experience Manager version 6.4 and ealier have a Cross-Site Requ ...)
	NOT-FOR-US: Adobe
CVE-2019-7952
	RESERVED
CVE-2019-7951 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...)
	NOT-FOR-US: Magento
CVE-2019-7950 (An access control bypass vulnerability exists in Magento 2.1 prior to  ...)
	NOT-FOR-US: Magento
CVE-2019-7949
	RESERVED
CVE-2019-7948
	RESERVED
CVE-2019-7947 (A cross-site request forgery vulnerability exists in the GiftCardAccou ...)
	NOT-FOR-US: Magento
CVE-2019-7946
	RESERVED
CVE-2019-7945 (A stored cross-cite scripting vulnerability exists in Magento Open Sou ...)
	NOT-FOR-US: Magento
CVE-2019-7944 (A stored cross-site scripting vulnerability exists in the product comm ...)
	NOT-FOR-US: Magento
CVE-2019-7943
	RESERVED
CVE-2019-7942 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7941 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
	NOT-FOR-US: Adobe
CVE-2019-7940 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7939 (A reflected cross-site scripting vulnerability exists on the customer  ...)
	NOT-FOR-US: Magento
CVE-2019-7938 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7937 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7936 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7935 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7934 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7933
	RESERVED
CVE-2019-7932 (A remote code execution vulnerability exists in Magento Open Source pr ...)
	NOT-FOR-US: Magento
CVE-2019-7931 (Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure lib ...)
	NOT-FOR-US: Adobe
CVE-2019-7930 (A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18 ...)
	NOT-FOR-US: Magento
CVE-2019-7929 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...)
	NOT-FOR-US: Magento
CVE-2019-7928 (A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to ...)
	NOT-FOR-US: Magento
CVE-2019-7927 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7926 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7925 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...)
	NOT-FOR-US: Magento
CVE-2019-7924
	RESERVED
CVE-2019-7923 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7922
	RESERVED
CVE-2019-7921 (A stored cross-site scripting vulnerability exists in the product cata ...)
	NOT-FOR-US: Magento
CVE-2019-7920
	RESERVED
CVE-2019-7919
	RESERVED
CVE-2019-7918
	RESERVED
CVE-2019-7917
	RESERVED
CVE-2019-7916
	RESERVED
CVE-2019-7915 (A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.1 ...)
	NOT-FOR-US: Magento
CVE-2019-7914
	RESERVED
CVE-2019-7913 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7912 (A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Mag ...)
	NOT-FOR-US: Magento
CVE-2019-7911 (A server-side request forgery (SSRF) vulnerability exists in Magento O ...)
	NOT-FOR-US: Magento
CVE-2019-7910
	RESERVED
CVE-2019-7909 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7908 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7907
	RESERVED
CVE-2019-7906
	RESERVED
CVE-2019-7905
	RESERVED
CVE-2019-7904 (Insufficient enforcement of user access controls in Magento 2.1 prior  ...)
	NOT-FOR-US: Magento
CVE-2019-7903 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7902
	RESERVED
CVE-2019-7901
	RESERVED
CVE-2019-7900
	RESERVED
CVE-2019-7899 (Names of disabled downloadable products could be disclosed due to inad ...)
	NOT-FOR-US: Magento
CVE-2019-7898 (Samples of disabled downloadable products are accessible in Magento Op ...)
	NOT-FOR-US: Magento
CVE-2019-7897 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7896 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7895 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7894
	RESERVED
CVE-2019-7893
	RESERVED
CVE-2019-7892 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7891
	RESERVED
CVE-2019-7890 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
	NOT-FOR-US: Magento
CVE-2019-7889 (An injection vulnerability exists in Magento Open Source prior to 1.9. ...)
	NOT-FOR-US: Magento
CVE-2019-7888 (An information disclosure vulnerability exists in Magento 2.1 prior to ...)
	NOT-FOR-US: Magento
CVE-2019-7887 (A reflected cross-site scripting vulnerability exists in the admin pan ...)
	NOT-FOR-US: Magento
CVE-2019-7886 (A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 ...)
	NOT-FOR-US: Magento
CVE-2019-7885 (Insufficient input validation in the config builder of the Elastic sea ...)
	NOT-FOR-US: Magento
CVE-2019-7884
	RESERVED
CVE-2019-7883
	RESERVED
CVE-2019-7882 (A stored cross-site scripting vulnerability exists in the WYSIWYG edit ...)
	NOT-FOR-US: Magento
CVE-2019-7881 (A cross-site scripting mitigation bypass exists in Magento 2.1 prior t ...)
	NOT-FOR-US: Magento
CVE-2019-7880 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7879
	RESERVED
CVE-2019-7878
	RESERVED
CVE-2019-7877 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7876 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...)
	NOT-FOR-US: Magento
CVE-2019-7875 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7874 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...)
	NOT-FOR-US: Magento
CVE-2019-7873 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...)
	NOT-FOR-US: Magento
CVE-2019-7872 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...)
	NOT-FOR-US: Magento
CVE-2019-7871 (A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 p ...)
	NOT-FOR-US: Magento
CVE-2019-7870 (Adobe Character Animator versions 2.1 and earlier have an insecure lib ...)
	NOT-FOR-US: Adobe
CVE-2019-7869 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7868 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7867 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7866 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7865 (A cross-site request forgery (CSRF) vulnerability exists in the checko ...)
	NOT-FOR-US: Magento
CVE-2019-7864 (An insecure direct object reference (IDOR) vulnerability exists in the ...)
	NOT-FOR-US: Magento
CVE-2019-7863 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
	NOT-FOR-US: Magento
CVE-2019-7862 (A reflected cross-site scripting vulnerability exists in the Product w ...)
	NOT-FOR-US: Magento
CVE-2019-7861 (Insufficient server-side validation of user input could allow an attac ...)
	NOT-FOR-US: Magento
CVE-2019-7860 (A cryptographically weak pseudo-rando number generator is used in mult ...)
	NOT-FOR-US: Magento
CVE-2019-7859 (A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 p ...)
	NOT-FOR-US: Magento
CVE-2019-7858 (A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...)
	NOT-FOR-US: Magento
CVE-2019-7857 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...)
	NOT-FOR-US: Magento
CVE-2019-7856
	RESERVED
CVE-2019-7855 (A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior  ...)
	NOT-FOR-US: Magento
CVE-2019-7854 (An insecure direct object reference (IDOR) vulnerability in Magento 2. ...)
	NOT-FOR-US: Magento
CVE-2019-7853 (A stored cross-site scripting vulnerability exists in Magento 2.1 prio ...)
	NOT-FOR-US: Magento
CVE-2019-7852 (A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, ...)
	NOT-FOR-US: Magento
CVE-2019-7851 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...)
	NOT-FOR-US: Magento
CVE-2019-7850 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
	NOT-FOR-US: Adobe
CVE-2019-7849 (A defense-in-depth check was added to mitigate inadequate session vali ...)
	NOT-FOR-US: Magento
CVE-2019-7848 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
	NOT-FOR-US: Adobe
CVE-2019-7847 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
	NOT-FOR-US: Adobe
CVE-2019-7846 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
	NOT-FOR-US: Adobe
CVE-2019-7845 (Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and ear ...)
	NOT-FOR-US: Adobe
CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerabi ...)
	NOT-FOR-US: Adobe
CVE-2019-7843 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
	NOT-FOR-US: Adobe
CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...)
	NOT-FOR-US: Adobe
CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7840 (ColdFusion versions Update 3 and earlier, Update 10 and earlier, and U ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2019-7839 (ColdFusion versions Update 3 and earlier, Update 10 and earlier, and U ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2019-7838 (ColdFusion versions Update 3 and earlier, Update 10 and earlier, and U ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2019-7837 (Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and ear ...)
	NOT-FOR-US: Adobe
CVE-2019-7836 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7835 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7834 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7833 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7832 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
	NOT-FOR-US: Adobe
CVE-2019-7831 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7830 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7829 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7828 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7827 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7826 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7825 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7824 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7823 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7822 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7821 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7820 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7819
	RESERVED
CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7816 (ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Up ...)
	NOT-FOR-US: Adobe
CVE-2019-7815 (Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7814 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7813 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7812 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7811 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7810 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7809 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7808 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7807 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7806 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7805 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7804 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7803 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7802 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7801 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7800 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7799 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7798 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7797 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7796 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7795 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7794 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7793 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7792 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7791 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7790 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7789 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7788 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7787 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7786 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7785 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7784 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7783 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7782 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7781 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7780 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7779 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7778 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7777 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7776 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7775 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7774 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7773 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7772 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7771 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7770 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7769 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7768 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7767 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7766 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7765 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7764 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7763 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7762 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7761 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7760 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7759 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7758 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7757
	RESERVED
CVE-2019-7756
	RESERVED
CVE-2019-7755 (In webERP 4.15, the Import Bank Transactions function fails to sanitiz ...)
	NOT-FOR-US: webERP
CVE-2019-7754
	RESERVED
CVE-2019-7753 (Verydows 2.0 has XSS via the index.php?m=api&amp;c=stats&amp;a=count r ...)
	NOT-FOR-US: Verydows
CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's pas ...)
	- gnome-keyring 3.28.0-1 (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781486
	NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
	NOTE: Not a vulnerability, just a hardening patch
CVE-2019-7752
	RESERVED
CVE-2019-7751 (A directory traversal and local file inclusion vulnerability in FPProd ...)
	NOT-FOR-US: Ricoh
CVE-2019-7750
	RESERVED
CVE-2019-7749
	RESERVED
CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task ...)
	NOT-FOR-US: DbNinja
CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid paramete ...)
	NOT-FOR-US: DbNinja
CVE-2019-7746 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...)
	NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices
CVE-2019-7745 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...)
	NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices
CVE-2019-7744 (An issue was discovered in Joomla! before 3.9.3. Inadequate filtering  ...)
	NOT-FOR-US: Joomla!
CVE-2019-7743 (An issue was discovered in Joomla! before 3.9.3. The phar:// stream wr ...)
	NOT-FOR-US: Joomla!
CVE-2019-7742 (An issue was discovered in Joomla! before 3.9.3. A combination of spec ...)
	NOT-FOR-US: Joomla!
CVE-2019-7741 (An issue was discovered in Joomla! before 3.9.3. Inadequate checks at  ...)
	NOT-FOR-US: Joomla!
CVE-2019-7740 (An issue was discovered in Joomla! before 3.9.3. Inadequate parameter  ...)
	NOT-FOR-US: Joomla!
CVE-2019-7739 (An issue was discovered in Joomla! before 3.9.3. The "No Filtering" te ...)
	NOT-FOR-US: Joomla!
CVE-2019-7738 (C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&amp;id=  ...)
	NOT-FOR-US: C.P.Sub
CVE-2019-7737 (A CSRF vulnerability was found in Verydows v2.0 that can add an admin  ...)
	NOT-FOR-US: Verydows
CVE-2019-7736 (D-Link DIR-600M C1 3.04 devices allow authentication bypass via a dire ...)
	NOT-FOR-US: D-Link
CVE-2019-7735
	RESERVED
CVE-2019-7734
	RESERVED
CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a C ...)
	[experimental] - liblivemedia 2019.05.12-1
	- liblivemedia 2019.10.11-2 (low; bug #929948)
	[buster] - liblivemedia <no-dsa> (Minor issue)
	[stretch] - liblivemedia <no-dsa> (Minor issue)
	[jessie] - liblivemedia <postponed> (Minor issue)
	NOTE: https://github.com/rgaufman/live555/issues/21
	NOTE: fixed in 2019.05.12: http://www.live555.com/liveMedia/public/changelog.txt
CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...)
	- liblivemedia <unfixed> (unimportant)
	[stretch] - liblivemedia <no-dsa> (Minor issue)
	[jessie] - liblivemedia <no-dsa> (Minor issue, unlikely to be exploited in practice)
	NOTE: https://github.com/rgaufman/live555/issues/20
	NOTE: upstream considers this issue invalid: http://lists.live555.com/pipermail/live-devel/2019-May/021218.html
CVE-2019-7731 (MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an  ...)
	NOT-FOR-US: MyWebSQL
CVE-2019-7730 (MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for ...)
	NOT-FOR-US: MyWebSQL
CVE-2019-7729 (An issue was discovered in the Bosch Smart Camera App before 1.3.1 for ...)
	NOT-FOR-US: Bosch Smart Camera App
CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3.1 for ...)
	NOT-FOR-US: Bosch Smart Camera App
CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...)
	NOT-FOR-US: NICE Engage
CVE-2019-7726
	RESERVED
CVE-2019-7725
	RESERVED
CVE-2019-7724
	RESERVED
CVE-2019-7723
	RESERVED
CVE-2019-7722 (PMD 5.8.1 and earlier processes XML external entities in ruleset files ...)
	NOT-FOR-US: PMD
CVE-2019-XXXX [fuse mount exposes backup to unauthorized users]
	- borgbackup 1.1.9-1 (bug #922080)
	[stretch] - borgbackup <no-dsa> (Minor issue)
	NOTE: https://github.com/borgbackup/borg/issues/3903
CVE-2019-7721 (lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the  ...)
	NOT-FOR-US: nc-cms
CVE-2019-7720 (taocms through 2014-05-24 allows eval injection by placing PHP code in ...)
	NOT-FOR-US: taocms
CVE-2019-7719 (Nibbleblog 4.0.5 allows eval injection by placing PHP code in the inst ...)
	NOT-FOR-US: Nibbleblog
CVE-2019-7718 (An issue was discovered in Metinfo 6.x. An attacker can leverage a rac ...)
	NOT-FOR-US: Metinfo
CVE-2019-7717
	RESERVED
CVE-2019-7716
	RESERVED
CVE-2019-7715 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
	NOT-FOR-US: Interpeak
CVE-2019-7714 (An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY R ...)
	NOT-FOR-US: Interpeak
CVE-2019-7713 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
	NOT-FOR-US: Interpeak
CVE-2019-7712 (An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IP ...)
	NOT-FOR-US: Interpeak
CVE-2019-7711 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
	NOT-FOR-US: Interpeak
CVE-2019-7710
	RESERVED
CVE-2019-7709
	RESERVED
CVE-2019-7708
	RESERVED
CVE-2019-7707
	RESERVED
CVE-2019-7706
	RESERVED
CVE-2019-7705
	RESERVED
CVE-2019-7704 (wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binarye ...)
	- binaryen 64-1
	NOTE: https://github.com/WebAssembly/binaryen/issues/1866
CVE-2019-7703 (In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBi ...)
	- binaryen 64-1
	NOTE: https://github.com/WebAssembly/binaryen/issues/1865
CVE-2019-7702 (A NULL pointer dereference was discovered in wasm::SExpressionWasmBuil ...)
	- binaryen 64-1
	NOTE: https://github.com/WebAssembly/binaryen/issues/1867
CVE-2019-7701 (A heap-based buffer over-read was discovered in wasm::SExpressionParse ...)
	- binaryen 64-1
	NOTE: https://github.com/WebAssembly/binaryen/issues/1863
CVE-2019-7700 (A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilde ...)
	- binaryen 64-1
	NOTE: https://github.com/WebAssembly/binaryen/issues/1864
CVE-2019-7699 (A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in C ...)
	NOT-FOR-US: Bento4
CVE-2019-7698 (An issue was discovered in AP4_Array&lt;AP4_CttsTableEntry&gt;::Ensure ...)
	NOT-FOR-US: Bento4
CVE-2019-7697 (An issue was discovered in Bento4 v1.5.1-627. There is an assertion fa ...)
	NOT-FOR-US: Bento4
CVE-2018-20780 (Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka ...)
	NOT-FOR-US: Traq
CVE-2018-20779 (Traq 3.7.1 allows SQL Injection via a tickets?search= URI. ...)
	NOT-FOR-US: Traq
CVE-2018-20778 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20777 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20776 (Frog CMS 0.9.5 provides a directory listing for a /public request. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20775 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code executio ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20774 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20773 (Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20772 (Frog CMS 0.9.5 allows PHP code execution via &lt;?php to the admin/?/l ...)
	NOT-FOR-US: Frog CMS
CVE-2019-7696
	RESERVED
CVE-2019-7695
	RESERVED
CVE-2019-7694
	RESERVED
CVE-2019-7693 (Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.as ...)
	NOT-FOR-US: Axios Italia Axios RE devices
CVE-2019-7692 (install/install.php in CIM 0.9.3 allows remote attackers to execute ar ...)
	NOT-FOR-US: CIM
CVE-2019-7691
	RESERVED
CVE-2019-7690 (In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH privat ...)
	NOT-FOR-US: MobaTek MobaXterm
CVE-2019-7689
	RESERVED
CVE-2019-7688
	RESERVED
CVE-2019-7687 (cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices  ...)
	NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices
CVE-2018-20771 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20770 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20769 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20768 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20767 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20766
	RESERVED
CVE-2018-20765
	RESERVED
CVE-2019-7686
	RESERVED
CVE-2019-7685
	RESERVED
CVE-2019-7684 (inxedu through 2018-12-24 has a vulnerability that can lead to the upl ...)
	NOT-FOR-US: inxedu
CVE-2019-7683
	RESERVED
CVE-2019-7682
	RESERVED
CVE-2019-7681
	RESERVED
CVE-2019-7680
	RESERVED
CVE-2019-7679
	RESERVED
CVE-2019-7678 (A directory traversal vulnerability was discovered in Enphase Envoy R3 ...)
	NOT-FOR-US: Enphase Envoy
CVE-2019-7677 (XSS exists in Enphase Envoy R3.*.* via the profileName parameter to th ...)
	NOT-FOR-US: Enphase Envoy
CVE-2019-7676 (A weak password vulnerability was discovered in Enphase Envoy R3.*.*.  ...)
	NOT-FOR-US: Enphase Envoy
CVE-2019-7675 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The defau ...)
	NOT-FOR-US: MOBOTIX
CVE-2019-7674 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/ac ...)
	NOT-FOR-US: MOBOTIX
CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administr ...)
	NOT-FOR-US: MOBOTIX
CVE-2019-7672 (Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7671 (Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to s ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7670 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application inco ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7669 (Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation  ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7668 (Prima Systems FlexAir devices have Default Credentials. ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7667 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application gene ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application allo ...)
	NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
	{DLA-1689-1}
	- elfutils 0.176-1 (low; bug #921880)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089
	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=de01cc6f9446187d69b9748bb3636361c79e77a4
CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_not ...)
	- elfutils 0.176-1 (low; bug #921881)
	[stretch] - elfutils <no-dsa> (Minor issue)
	[jessie] - elfutils <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24084
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32
CVE-2019-7663 (An Invalid Address dereference was discovered in TIFFWriteDirectoryTag ...)
	{DSA-4670-1 DLA-1680-1}
	- tiff 4.0.10-4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2833
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
	NOTE: Same patch as CVE-2018-17000 but different issue. As well different
	NOTE: issue than CVE-2018-12900.
CVE-2019-7662 (An assertion failure was discovered in wasm::WasmBinaryBuilder::getTyp ...)
	- binaryen 66-1
	NOTE: https://github.com/WebAssembly/binaryen/issues/1872
CVE-2019-7661 (An issue was discovered in PHPMyWind 5.5. The method parameter of the  ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-7660 (An issue was discovered in PHPMyWind 5.5. The username parameter of th ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-7659 (Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause  ...)
	{DLA-1681-1}
	- gsoap 2.8.75-1
	[stretch] - gsoap 2.8.35-4+deb9u2
	- r-other-x4r 1.0.1+git20150806.c6bd9bd-2
	NOTE: https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_
	NOTE: https://lists.debian.org/debian-lts/2019/02/msg00131.html
CVE-2009-5154 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is  ...)
	NOT-FOR-US: MOBOTIX
CVE-2019-7658
	RESERVED
CVE-2019-7657
	RESERVED
CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 a ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2019-7655 (Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated X ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2019-7654 (Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vu ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
	NOT-FOR-US: TheHive Project UnshortenLink analyzer
CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...)
	NOT-FOR-US: Emsisoft Anti-Malware
CVE-2019-7650
	RESERVED
CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...)
	{DLA-1717-1}
	- rdflib 4.2.2-2 (low; bug #921751)
	[stretch] - rdflib <no-dsa> (Minor issue)
	NOTE: Debian specific issue as respective scripts are overwritten in Debian
	NOTE: packaging as wrappers invoking python -m.
CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies  ...)
	NOT-FOR-US: CMSWing
CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Server t ...)
	NOT-FOR-US: Hotels_Server
CVE-2019-7647
	RESERVED
CVE-2019-7646 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vu ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2019-7645
	RESERVED
CVE-2019-7644 (Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signat ...)
	NOT-FOR-US: Auth0 Auth0-WCF-Service-JWT
CVE-2019-7643
	RESERVED
CVE-2019-7642 (D-Link routers with the mydlink feature have some web interfaces witho ...)
	NOT-FOR-US: D-Link
CVE-2019-7641
	RESERVED
CVE-2019-7640
	RESERVED
CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...)
	NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.6+dfsg1-4 (bug #924610)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
	NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f (SDL-1.2)
	NOTE: https://hg.libsdl.org/SDL/rev/32075e9e2135 (SDL-1.2)
	NOTE: Patch causes regressions for some applications/games:
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1124825
	NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2)
	NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637.
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
	NOTE: https://hg.libsdl.org/SDL/rev/7c643f1c1887 (SDL-2)
	NOTE: two patches initially merged for SDL-1.2:
	NOTE: https://hg.libsdl.org/SDL/rev/08f3b4992538 (SDL-1.2) (correct)
	NOTE: https://hg.libsdl.org/SDL/rev/4646533663ae (SDL-1.2) (broken)
	NOTE: the second one is incorrect as was reverted in
	NOTE: https://hg.libsdl.org/SDL/rev/33940ce0a0ba
	NOTE: https://hg.libsdl.org/SDL_image/rev/03bd33e8cb49 (SDL_image-2)
	NOTE: https://hg.libsdl.org/SDL_image/rev/a3a7cac00d5f (SDL_image-1.2)
CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for Bo ...)
	NOT-FOR-US: BoKS
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
	NOTE: https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
	NOTE: No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid
CVE-2019-7634 (SUAP V2 allows XSS during the update of user information. ...)
	NOT-FOR-US: SUAP
CVE-2019-7633
	RESERVED
CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow Authent ...)
	NOT-FOR-US: LifeSize devices
CVE-2019-7631
	RESERVED
CVE-2019-7630 (An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0 ...)
	NOT-FOR-US: Gigabyte APP Center
CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in TinTi ...)
	- tintin++ 2.01.5-2 (low; bug #924348)
	[stretch] - tintin++ <no-dsa> (Minor issue)
	[jessie] - tintin++ <no-dsa> (Minor issue)
CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail serve ...)
	- pagure <not-affected> (Fixed before initial upload to the archive)
CVE-2019-7627
	RESERVED
CVE-2019-7626
	RESERVED
CVE-2019-7625
	RESERVED
CVE-2019-7624
	RESERVED
CVE-2019-7623
	RESERVED
CVE-2019-7622
	RESERVED
CVE-2019-7621 (Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting  ...)
	- kibana <itp> (bug #700337)
CVE-2019-7620 (Logstash versions before 7.4.1 and 6.8.4 contain a denial of service f ...)
	NOT-FOR-US: Logstash Beats
CVE-2019-7619 (Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username  ...)
	- elasticsearch <removed>
CVE-2019-7618 (A local file disclosure flaw was found in Elastic Code versions 7.3.0, ...)
	NOT-FOR-US: Elastic Code
CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is run as  ...)
	NOT-FOR-US: Elastic APM agent for Python
CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...)
	- kibana <itp> (bug #700337)
CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...)
	NOT-FOR-US: Elastic
CVE-2019-7614 (A race condition flaw was found in the response headers Elasticsearch  ...)
	- elasticsearch <removed>
CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient loggin ...)
	NOT-FOR-US: Winlogbeat
CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash version ...)
	- logstash <itp> (bug #664841)
CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 5.6.15 a ...)
	- elasticsearch <removed>
CVE-2019-7610 (Kibana versions before 6.6.1 contain an arbitrary code execution flaw  ...)
	- kibana <itp> (bug #700337)
CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...)
	- kibana <itp> (bug #700337)
CVE-2019-7608 (Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XS ...)
	- kibana <itp> (bug #700337)
CVE-2019-7607
	RESERVED
CVE-2019-7606
	RESERVED
CVE-2019-7605
	RESERVED
CVE-2019-7604
	RESERVED
CVE-2019-7603
	RESERVED
CVE-2019-7602
	RESERVED
CVE-2019-7601
	RESERVED
CVE-2019-7600
	RESERVED
CVE-2019-7599
	RESERVED
CVE-2019-7598
	RESERVED
CVE-2019-7597
	RESERVED
CVE-2019-7596
	RESERVED
CVE-2019-7595
	RESERVED
CVE-2019-7594 (Metasys&#174; ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...)
	NOT-FOR-US: Metasys ADS/ADX
CVE-2019-7593 (Metasys&#174; ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...)
	NOT-FOR-US: Metasys ADS/ADX
CVE-2019-7592
	RESERVED
CVE-2019-7591
	RESERVED
CVE-2019-7590 (ExacqVision Server&#8217;s services 'exacqVisionServer', 'dvrdhcpserve ...)
	NOT-FOR-US: ExacqVision
CVE-2019-7589 (A vulnerability with the SmartService API Service option exists whereb ...)
	NOT-FOR-US: SmartService API Service
CVE-2019-7588 (A vulnerability in the exacqVision Enterprise System Manager (ESM) v5. ...)
	NOT-FOR-US: exacqVision Enterprise System Manager
CVE-2019-7587 (Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/co ...)
	NOT-FOR-US: Bo-blog Wind
CVE-2019-7586
	RESERVED
CVE-2019-7585 (An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/P ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2019-7584
	RESERVED
CVE-2019-7583
	RESERVED
CVE-2019-7582 (The readBytes function in util/read.c in libming through 0.4.8 allows  ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/172
CVE-2019-7581 (The parseSWF_ACTIONRECORD function in util/parser.c in libming through ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/173
CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP c ...)
	NOT-FOR-US: ThinkCMF
CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
	NOT-FOR-US: Linksys
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
	NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
	NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
	NOTE: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f (SDL-1.2)
	NOTE: https://hg.libsdl.org/SDL/rev/416136310b88 (SDL-1.2)
	NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
	NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490
	NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
	NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
	NOTE: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 (SDL-1.2)
	NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
	NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
	NOTE: https://hg.libsdl.org/SDL/rev/a6e3d2f5183e (SDL-1.2)
	NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
	NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
	NOTE: same patch as CVE-2019-7576
	NOTE: https://hg.libsdl.org/SDL/rev/fcbecae42795 (SDL-1.2)
	NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
	NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
	{DLA-1714-1 DLA-1713-1}
	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
	[buster] - libsdl1.2 <no-dsa> (Minor issue)
	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
	- libsdl2 2.0.10+dfsg1-1 (bug #924610)
	[buster] - libsdl2 <no-dsa> (Minor issue)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495
	NOTE: https://hg.libsdl.org/SDL/rev/e52413f52586 (SDL-1.2)
	NOTE: https://hg.libsdl.org/SDL/rev/a8afedbcaea0 (SDL-1.2)
	NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
	NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7571
	RESERVED
CVE-2019-7570 (A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete user ...)
	NOT-FOR-US: PbootCMS
CVE-2019-7569 (An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). Th ...)
	NOT-FOR-US: doyocms
CVE-2019-7568 (An issue was discovered in baijiacms V4 that can result in time-based  ...)
	NOT-FOR-US: baijiacms
CVE-2019-7567 (An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Memb ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via admin/users/new/add. ...)
	NOT-FOR-US: CSZ CMS
CVE-2019-7565
	RESERVED
CVE-2019-7564 (An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 ...)
	NOT-FOR-US: Shenzhen Coship WM3300 WiFi Router devices
CVE-2019-7563
	RESERVED
CVE-2019-7562
	RESERVED
CVE-2019-7561
	RESERVED
CVE-2019-7560 (In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted i ...)
	- boolector <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Boolector/boolector/issues/28
	NOTE: https://github.com/Boolector/boolector/issues/29
	NOTE: https://github.com/Boolector/boolector/commit/8d979d02e0482c7137c9f3a34e6d430dbfd1f5c5
CVE-2019-7559 (In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15 ...)
	NOT-FOR-US: Boolector Btor2Tools
CVE-2019-7558
	RESERVED
CVE-2019-7557
	RESERVED
CVE-2019-7556
	RESERVED
CVE-2019-7555
	RESERVED
CVE-2019-7554 (An issue was discovered in PHP Scripts Mall API Based Travel Booking 3 ...)
	NOT-FOR-US: PHP Scripts Mall API Based Travel Booking
CVE-2019-7553 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stor ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2019-7552 (An issue was discovered in PHP Scripts Mall Investment MLM Software 2. ...)
	NOT-FOR-US: PHP Scripts Mall Investment MLM Software
CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4 ...)
	NOT-FOR-US: Cantemo Portal
CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whe ...)
	NOT-FOR-US: JForum
CVE-2019-7549 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...)
	{DLA-1718-1}
	[experimental] - sqlalchemy 1.3.0~b3+ds1-1
	- sqlalchemy 1.2.18+ds1-2 (bug #922669)
	[stretch] - sqlalchemy <no-dsa> (Minor issue)
	NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481
	NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
CVE-2019-7547 (An issue was discovered in SIDU 6.0. Because the database name is not  ...)
	NOT-FOR-US: SIDU
CVE-2019-7546 (An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php ...)
	NOT-FOR-US: SIDU
CVE-2019-7545 (In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has  ...)
	NOT-FOR-US: DbNinja
CVE-2019-7544 (An issue was discovered in MyWebSQL 3.7. The Add User function of the  ...)
	NOT-FOR-US: MyWebSQL
CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflec ...)
	NOT-FOR-US: KindEditor
CVE-2019-7542
	RESERVED
CVE-2018-20763 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
	NOTE: https://github.com/gpac/gpac/issues/1188
CVE-2018-20762 (GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in  ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
	NOTE: https://github.com/gpac/gpac/issues/1187
CVE-2018-20761 (GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in  ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
	NOTE: https://github.com/gpac/gpac/issues/1186
CVE-2018-20760 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
	NOTE: https://github.com/gpac/gpac/issues/1177
CVE-2019-7541 (Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=use ...)
	NOT-FOR-US: Rukovoditel
CVE-2019-7540
	RESERVED
CVE-2019-7539 (A code injection issue was discovered in ipycache through 2016-05-31. ...)
	NOT-FOR-US: ipycache
CVE-2019-7538
	RESERVED
CVE-2019-7537 (An issue was discovered in Donfig 0.3.0. There is a vulnerability in t ...)
	NOT-FOR-US: Donfig
CVE-2019-7536
	RESERVED
CVE-2019-7535 (index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive  ...)
	NOT-FOR-US: Gurock TestRail
CVE-2019-7534
	RESERVED
CVE-2019-7533
	RESERVED
CVE-2019-7532
	RESERVED
CVE-2019-7531
	RESERVED
CVE-2019-7530
	RESERVED
CVE-2019-7529
	RESERVED
CVE-2019-7528
	RESERVED
CVE-2019-7527
	RESERVED
CVE-2019-7526
	RESERVED
CVE-2019-7525
	RESERVED
CVE-2019-7524 (In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker  ...)
	{DSA-4418-1 DLA-1736-1}
	- dovecot 1:2.3.4.1-3
	NOTE: https://github.com/dovecot/core/commit/37eeaef1587a3b99be97cb090094de19e374905c
	NOTE: https://github.com/dovecot/core/commit/a02c16889f1f3411e9a16b96221c2795d5fdb974
CVE-2019-7523
	RESERVED
CVE-2019-7522
	RESERVED
CVE-2019-7521
	RESERVED
CVE-2019-7520
	RESERVED
CVE-2019-7519
	RESERVED
CVE-2019-7518
	RESERVED
CVE-2019-7517
	RESERVED
CVE-2019-7516
	RESERVED
CVE-2019-7515
	RESERVED
CVE-2019-7514
	RESERVED
CVE-2019-7513
	RESERVED
CVE-2019-7512
	RESERVED
CVE-2019-7511
	RESERVED
CVE-2019-7510
	RESERVED
CVE-2019-7509
	RESERVED
CVE-2019-7508
	RESERVED
CVE-2019-7507
	RESERVED
CVE-2019-7506
	RESERVED
CVE-2019-7505
	RESERVED
CVE-2019-7504
	RESERVED
CVE-2019-7503
	RESERVED
CVE-2019-7502
	RESERVED
CVE-2019-7501
	RESERVED
CVE-2019-7500
	RESERVED
CVE-2019-7499
	RESERVED
CVE-2019-7498
	RESERVED
CVE-2019-7497
	RESERVED
CVE-2019-7496
	RESERVED
CVE-2019-7495
	RESERVED
CVE-2019-7494
	RESERVED
CVE-2019-7493
	RESERVED
CVE-2019-7492
	RESERVED
CVE-2019-7491
	RESERVED
CVE-2019-7490
	RESERVED
CVE-2019-7489 (A vulnerability in SonicWall Email Security appliance allow an unauthe ...)
	NOT-FOR-US: SonicWall Email Security appliance
CVE-2019-7488 (Weak default password cause vulnerability in SonicWall Email Security  ...)
	NOT-FOR-US: SonicWall Email Security appliance
CVE-2019-7487 (Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operati ...)
	NOT-FOR-US: onicOS SSLVPN NACagent
CVE-2019-7486 (Code injection in SonicWall SMA100 allows an authenticated user to exe ...)
	NOT-FOR-US: SonicWall SMA100
CVE-2019-7485 (Buffer overflow in SonicWall SMA100 allows an authenticated user to ex ...)
	NOT-FOR-US: SonicWall SMA100
CVE-2019-7484 (Authenticated SQL Injection in SonicWall SMA100 allow user to gain rea ...)
	NOT-FOR-US: SonicWall SMA100
CVE-2019-7483 (In SonicWall SMA100, an unauthenticated Directory Traversal vulnerabil ...)
	NOT-FOR-US: SonicWall SMA100
CVE-2019-7482 (Stack-based buffer overflow in SonicWall SMA100 allows an unauthentica ...)
	NOT-FOR-US: SonicWall SMA100
CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to gain r ...)
	NOT-FOR-US: SonicWall SMA100
CVE-2019-7480
	RESERVED
CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...)
	NOT-FOR-US: SonicOS
CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in  ...)
	NOT-FOR-US: SonicWall
CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...)
	NOT-FOR-US: SonicWall
CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...)
	NOT-FOR-US: SonicWall Global Management System
CVE-2019-7475 (A vulnerability in SonicWall SonicOS and SonicOSv with management enab ...)
	NOT-FOR-US: SonicWall
CVE-2019-7474 (A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated ...)
	NOT-FOR-US: SonicWall
CVE-2019-7473
	RESERVED
CVE-2019-7472
	RESERVED
CVE-2019-7471
	RESERVED
CVE-2019-7470
	RESERVED
CVE-2019-7469
	RESERVED
CVE-2019-7468
	RESERVED
CVE-2019-7467
	RESERVED
CVE-2019-7466
	RESERVED
CVE-2019-7465
	RESERVED
CVE-2019-7464
	RESERVED
CVE-2019-7463
	RESERVED
CVE-2019-7462
	RESERVED
CVE-2018-20759
	RESERVED
CVE-2018-20758 (MODX Revolution through v2.7.0-pl allows XSS via User Settings such as ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20757 (MODX Revolution through v2.7.0-pl allows XSS via an extended user fiel ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20756 (MODX Revolution through v2.7.0-pl allows XSS via a document resource ( ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20754
	RESERVED
CVE-2015-9282 (The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerabl ...)
	NOT-FOR-US: Grafana plugin
CVE-2019-XXXX [netmask: buffer overflow vulnerability]
	- netmask 2.4.4-1 (unimportant; bug #921565)
	[jessie] - netmask 2.3.12+deb8u1
	NOTE: https://github.com/tlby/netmask/issues/3
	NOTE: https://github.com/tlby/netmask/commit/29a9c239bd1008363f5b34ffd6c2cef906f3660c
	NOTE: No security impact due to toolchain hardening in stretch, negligable impact in older suites
CVE-2019-1003023 (A cross-site scripting vulnerability exists in Jenkins Warnings Next G ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003022 (A denial of service vulnerability exists in Jenkins Monitoring Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003021 (An exposure of sensitive information vulnerability exists in Jenkins O ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003020 (A server-side request forgery vulnerability exists in Jenkins Kanboard ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003019 (An session fixation vulnerability exists in Jenkins GitHub Authenticat ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003018 (An exposure of sensitive information vulnerability exists in Jenkins G ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003017 (A data modification vulnerability exists in Jenkins Job Import Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003016 (An exposure of sensitive information vulnerability exists in Jenkins J ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003015 (An XML external entity processing vulnerability exists in Jenkins Job  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003014 (An cross-site scripting vulnerability exists in Jenkins Config File Pr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003013 (An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003012 (A data modification vulnerability exists in Jenkins Blue Ocean Plugins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003011 (An information exposure and denial of service vulnerability exists in  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003010 (A cross-site request forgery vulnerability exists in Jenkins Git Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003009 (An improper certificate validation vulnerability exists in Jenkins Act ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003008 (A cross-site request forgery vulnerability exists in Jenkins Warnings  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003007 (A cross-site request forgery vulnerability exists in Jenkins Warnings  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003006 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003005 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-7461
	RESERVED
CVE-2019-7460
	RESERVED
CVE-2019-7459
	RESERVED
CVE-2019-7458
	RESERVED
CVE-2019-7457
	RESERVED
CVE-2019-7456
	RESERVED
CVE-2019-7455
	RESERVED
CVE-2019-7454
	RESERVED
CVE-2019-7453
	RESERVED
CVE-2019-7452
	RESERVED
CVE-2019-7451
	RESERVED
CVE-2019-7450
	RESERVED
CVE-2019-7449
	RESERVED
CVE-2019-7448
	RESERVED
CVE-2019-7447
	RESERVED
CVE-2019-7446
	RESERVED
CVE-2019-7445
	RESERVED
CVE-2019-7444
	RESERVED
CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbitrary  ...)
	- kauth 5.54.0-2 (bug #921995)
	[stretch] - kauth 5.28.0-2+deb9u1
	- kde4libs <removed> (bug #922727)
	[buster] - kde4libs <ignored> (Minor issue)
	[stretch] - kde4libs <ignored> (Minor issue)
	[jessie] - kde4libs <no-dsa> (Minor issue)
	NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
	NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...)
	NOT-FOR-US: CyberArk Enterprise Password Vault
CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...)
	NOT-FOR-US: WooCommerce
CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...)
	NOT-FOR-US: JioFi
CVE-2019-7439 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang ...)
	NOT-FOR-US: JioFi
CVE-2019-7438 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML i ...)
	NOT-FOR-US: JioFi
CVE-2019-7437 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected  ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7436 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory  ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7435 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected  ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7434 (PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via  ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7433 (PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forge ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7432 (PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the S ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7431 (PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal vi ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7430 (PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory traversa ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2019-7428
	RESERVED
CVE-2019-7427 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7426 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7425 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7424 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7423 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7422 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...)
	NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional
CVE-2019-7421 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7420 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7419 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7418 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...)
	NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7417 (XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple ...)
	NOT-FOR-US: Ericsson Active Library Explorer (ALEX)
CVE-2019-7416 (XSS and/or a Client Side URL Redirect exists in OpenText Documentum We ...)
	NOT-FOR-US: OpenText Documentum Webtop
CVE-2019-7415
	RESERVED
CVE-2019-7414
	RESERVED
CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles san ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
	NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
CVE-2019-7410
	RESERVED
CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
	NOT-FOR-US: ProfileDesign CMS
CVE-2019-7408
	RESERVED
CVE-2019-7407
	RESERVED
CVE-2019-7406
	RESERVED
CVE-2019-7405
	RESERVED
CVE-2019-7404 (An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 rout ...)
	NOT-FOR-US: LG routers
CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attackers t ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in includ ...)
	NOT-FOR-US: PHPMyWind
CVE-2019-7401 (NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based  ...)
	NOT-FOR-US: NGINX Unit (different from FLOSS nginx)
CVE-2017-1000000
	REJECTED
CVE-2014-1000000
	REJECTED
CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
	NOT-FOR-US: Rukovoditel
CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack agains ...)
	NOT-FOR-US: Amazon Fire OS
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage  ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	- graphicsmagick 1.4~hg15896-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1454
CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1452
CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
CVE-2019-7394 (A privilege escalation vulnerability in the administrative user interf ...)
	NOT-FOR-US: CA Technologies
CVE-2019-7393 (A UI redress vulnerability in the administrative user interface of CA  ...)
	NOT-FOR-US: CA Technologies
CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access Manag ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2019-7391 (ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cg ...)
	NOT-FOR-US: ZyXEL
CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...)
	NOT-FOR-US: D-Link
CVE-2019-7389 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...)
	NOT-FOR-US: D-Link
CVE-2019-7388 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...)
	NOT-FOR-US: D-Link
CVE-2019-7387 (A local file inclusion vulnerability exists in the web interface of Sy ...)
	NOT-FOR-US: Systrome
CVE-2019-7386 (A Denial of Service issue has been discovered in the Gecko component o ...)
	NOT-FOR-US: KaiOS on Nokia devices
CVE-2019-7385 (An authenticated shell command injection issue has been discovered in  ...)
	NOT-FOR-US: Raisecom GPON Devices
CVE-2019-7384 (An authenticated shell command injection issue has been discovered in  ...)
	NOT-FOR-US: Raisecom GPON Devices
CVE-2019-7383 (An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and IS ...)
	NOT-FOR-US: Systrome devices
CVE-2019-7382
	RESERVED
CVE-2019-7381
	RESERVED
CVE-2019-7380
	RESERVED
CVE-2019-7379
	RESERVED
CVE-2019-7378
	RESERVED
CVE-2019-7377
	RESERVED
CVE-2019-7376
	RESERVED
CVE-2019-7375
	RESERVED
CVE-2019-7374
	RESERVED
CVE-2019-7373
	RESERVED
CVE-2019-7372
	RESERVED
CVE-2019-7371
	RESERVED
CVE-2019-7370
	RESERVED
CVE-2019-7369
	RESERVED
CVE-2019-7368
	RESERVED
CVE-2019-7367
	RESERVED
CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...)
	NOT-FOR-US: Autodesk FBX Software Development Kit
CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions  ...)
	NOT-FOR-US: Autodesk Desktop Application
CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...)
	NOT-FOR-US: Autodesk
CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011,  ...)
	NOT-FOR-US: Autodesk
CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions 2011,  ...)
	NOT-FOR-US: Autodesk
CVE-2019-7361 (An attacker may convince a victim to open a malicious action micro (.a ...)
	NOT-FOR-US: Autodesk
CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing functio ...)
	NOT-FOR-US: Autodesk
CVE-2019-7359 (An exploitable heap overflow vulnerability in the AcCellMargin handlin ...)
	NOT-FOR-US: Autodesk
CVE-2019-7358 (An exploitable heap overflow vulnerability in the DXF-parsing function ...)
	NOT-FOR-US: Autodesk
CVE-2019-7357
	RESERVED
CVE-2019-7356
	RESERVED
CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cro ...)
	NOT-FOR-US: OPT/NET BV
CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) versio ...)
	NOT-FOR-US: OPT/NET BV
CVE-2019-1000022 (Taoensso Sente version Prior to version 1.14.0 contains a Cross Site R ...)
	NOT-FOR-US: Taoensso Sente
CVE-2019-1000021 (slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 ...)
	- slixmpp 1.4.2-1 (bug #922509)
	[stretch] - slixmpp <no-dsa> (Minor issue)
	NOTE: https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
CVE-2019-1000020 (libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onw ...)
	{DLA-1668-1}
	- libarchive 3.3.3-4 (low)
	[stretch] - libarchive 3.2.2-2+deb9u2
	NOTE: https://github.com/libarchive/libarchive/pull/1120
	NOTE: https://github.com/libarchive/libarchive/commit/8312eaa576014cd9b965012af51bc1f967b12423
CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onw ...)
	{DLA-1668-1}
	- libarchive 3.3.3-4 (low)
	[stretch] - libarchive 3.2.2-2+deb9u2
	NOTE: https://github.com/libarchive/libarchive/pull/1120
	NOTE: https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1
CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect A ...)
	NOT-FOR-US: Chamilo Chamilo-lms
CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array In ...)
	- ffmpeg 7:4.1.1-1 (low; bug #922066)
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site S ...)
	NOT-FOR-US: Chamilo Chamilo-lms
CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracl ...)
	- rebar <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/erlang/rebar3/pull/1986
CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a Sign ...)
	NOT-FOR-US: Hex package manager
CVE-2019-1000012 (Hex package manager version 0.14.0 through 0.18.2 contains a Signing o ...)
	NOT-FOR-US: Hex package manager
CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access  ...)
	NOT-FOR-US: API Platform
CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS ...)
	NOT-FOR-US: phpIPAM
CVE-2019-1000009 (Helm ChartMuseum version &gt;=0.1.0 and &lt; 0.8.1 contains a CWE-22:  ...)
	NOT-FOR-US: Helm ChartMuseum
CVE-2019-1000008 (All versions of Helm between Helm &gt;=2.0.0 and &lt; 2.12.2 contains  ...)
	- helm-kubernetes <itp> (bug #910799)
CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper Handling of Str ...)
	- python-aioxmpp 0.10.3-1
	NOTE: https://github.com/horazont/aioxmpp/pull/268
CVE-2019-1000006 (RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e ...)
	NOT-FOR-US: RIOT RIOT-OS
CVE-2019-1000005 (mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of  ...)
	NOT-FOR-US: mPDF
CVE-2019-1000004 (yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross  ...)
	NOT-FOR-US: yugandhargangu JspMyAdmin2
CVE-2019-1000003 (MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery ...)
	NOT-FOR-US: Wordpress plugin
CVE-2019-1000002 (Gitea version 1.6.2 and earlier contains a Incorrect Access Control vu ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/pull/5631
CVE-2019-1000001 (TeamPass version 2.1.27 and earlier contains a Storing Passwords in a  ...)
	- teampass <itp> (bug #730180)
CVE-2018-20753 (Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 be ...)
	NOT-FOR-US: Kaseya VSA RMM
CVE-2018-20752 (An issue was discovered in Recon-ng before 4.9.5. Lack of validation i ...)
	- recon-ng 4.9.5-1
	NOTE: https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in
CVE-2018-1000999
	REJECTED
CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulne ...)
	- cvsweb 3:3.0.0-1
	NOTE: https://www.kvakil.me/posts/cvsweb/
CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is v ...)
	NOT-FOR-US: ConnectWise ManagedITSync
CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for processing at ...)
	NOT-FOR-US: Haraka
CVE-2016-1000276
	REJECTED
CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8. ...)
	NOT-FOR-US: Joomla extension
CVE-2019-7355
	RESERVED
CVE-2019-7354
	RESERVED
CVE-2019-7353 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
	- gitlab <not-affected> (Only affects 11.7)
	NOTE: https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2475
CVE-2019-7351 (Log Injection exists in ZoneMinder through 1.32.3, as an attacker can  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2466
CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attacker c ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2471
CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2465
CVE-2019-7348 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2467
CVE-2019-7347 (A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMind ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2476
CVE-2019-7346 (A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a C ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2469
CVE-2019-7345 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2468
CVE-2019-7344 (Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacke ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2455
CVE-2019-7343 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2464
CVE-2019-7342 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2461
CVE-2019-7341 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2463
CVE-2019-7340 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2462
CVE-2019-7339 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2460
CVE-2019-7338 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2454
CVE-2019-7337 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2456
CVE-2019-7336 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2457
CVE-2019-7335 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2453
CVE-2019-7334 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2443
CVE-2019-7333 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2441
CVE-2019-7332 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2442
CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2451
CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448
CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2446
CVE-2019-7328 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2449
CVE-2019-7327 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2447
CVE-2019-7326 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through  ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2452
CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
	- zoneminder <unfixed> (bug #922724)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2450
CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination  ...)
	- kanboard <itp> (bug #790814)
CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...)
	NOT-FOR-US: LightySoft LogMX
CVE-2019-7322
	RESERVED
CVE-2019-7321 (Usage of an uninitialized variable in the function fz_load_jpeg in Art ...)
	- mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700560
	NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=7d52765c5b8a5c76e459d148cd94dbaf51e562ec (1.15.0-rc1)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2be83b57e77938fddbb06bdffb11979ad89a9c7d (1.15.0-rc1)
CVE-2019-7320
	RESERVED
CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PD ...)
	- libpodofo 0.9.6+dfsg-4
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/33/
	NOTE: https://sourceforge.net/p/podofo/code/1954
CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...)
	NOT-FOR-US: Cloudera
CVE-2019-7318
	RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...)
	{DSA-4451-1 DSA-4448-1 DSA-4435-1 DLA-1806-1 DLA-1800-1}
	- libpng1.6 1.6.36-4 (bug #921355)
	- libpng <removed>
	[jessie] - libpng <not-affected> (Vulnerable code not present)
	[experimental] - firefox 67.0-1
	- firefox 67.0-2
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
	NOTE: https://github.com/glennrp/libpng/issues/275
	NOTE: https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317
CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The us ...)
	NOT-FOR-US: CSS-TRICKS Chat2
CVE-2019-7315 (Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices  ...)
	NOT-FOR-US: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices
CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the termination o ...)
	{DSA-4408-1 DLA-1690-1}
	[experimental] - liblivemedia 2019.02.03-1
	- liblivemedia 2018.11.26-1.1 (bug #924656)
	NOTE: http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the  ...)
	- buildbot 2.0.0-1 (bug #921271)
	[stretch] - buildbot <not-affected> (Vulnerable code introduced in 0.9.0)
	[jessie] - buildbot <not-affected> (Vulnerable code introduced in 0.9.0)
	NOTE: https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
	NOTE: https://github.com/buildbot/buildbot/pull/4584/files#diff-a2e7e3ee5f6a1d3cd9c6abf0328c21e0
CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for Window ...)
	NOT-FOR-US: PRIMX Zed Enterprise
CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A  ...)
	NOT-FOR-US: Linksys
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...)
	{DLA-1706-1}
	- poppler 0.71.0-4 (bug #921215)
	[stretch] - poppler <ignored> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b54e1fc3e0d2600621a28d50f9f085b9e38619c2
CVE-2019-7309 (In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp fun ...)
	- glibc 2.28-6 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24155
	NOTE: https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html
	NOTE: x32 not officially supported
CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undes ...)
	- linux 4.19.20-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
	NOTE: Fixed by: https://git.kernel.org/linus/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
	NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
CVE-2019-7307 (Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2. ...)
	NOT-FOR-US: Apport
CVE-2019-7306 (Byobu Apport hook may disclose sensitive information since it automati ...)
	- byobu <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
	NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
	NOTE: non-issue in Debian as Apport not present.
CVE-2019-7305 (Information Exposure vulnerability in eXtplorer makes the /usr/ and /e ...)
	- extplorer <removed>
	NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013
CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socket own ...)
	- snapd 2.37.1-1
	[stretch] - snapd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/snapd/+bug/1813365
	NOTE: Introduced in 2.28, fixed in 2.37.1
CVE-2019-7303 (A vulnerability in the seccomp filters of Canonical snapd before versi ...)
	- snapd 2.37.4-1 (low)
	[stretch] - snapd <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/snapd/+bug/1812973
CVE-2019-7302
	RESERVED
CVE-2019-7301 (Zen Load Balancer 3.10.1 allows remote authenticated admin users to ex ...)
	NOT-FOR-US: Zen Load Balancer
CVE-2019-7300 (Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Artica Proxy
CVE-2019-7299 (A stored cross-site scripting (XSS) vulnerability in the submit_ticket ...)
	NOT-FOR-US: WP Support Plus Responsive Ticket System plugin for WordPress
CVE-2017-18361 (In Pylons Colander through 1.6, the URL validator allows an attacker t ...)
	- python-colander <removed>
	[stretch] - python-colander <no-dsa> (Minor issue)
	[jessie] - python-colander <no-dsa> (Minor issue)
	NOTE: https://github.com/Pylons/colander/issues/290
	NOTE: https://github.com/Pylons/colander/pull/323
CVE-2019-7298 (An issue was discovered on D-Link DIR-823G devices with firmware throu ...)
	NOT-FOR-US: D-Link
CVE-2019-7297 (An issue was discovered on D-Link DIR-823G devices with firmware throu ...)
	NOT-FOR-US: D-Link
CVE-2019-7296 (typora through 0.9.64 has XSS, with resultant remote command execution ...)
	NOT-FOR-US: typora
CVE-2019-7295 (typora through 0.9.63 has XSS, with resultant remote command execution ...)
	NOT-FOR-US: typora
CVE-2019-7294
	RESERVED
CVE-2019-7293 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2019-7292 (A validation issue was addressed with improved logic. This issue is fi ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-7291
	RESERVED
CVE-2019-7290 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Shortcuts for iOS
CVE-2019-7289 (A parsing issue in the handling of directory paths was addressed with  ...)
	NOT-FOR-US: Shortcuts for iOS
CVE-2019-7288
	RESERVED
CVE-2019-7287 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-7286 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-7285 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-7284 (This issue was addressed with improved checks. This issue is fixed in  ...)
	NOT-FOR-US: Apple
CVE-2019-7281 (Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated u ...)
	NOT-FOR-US: Prima Systems FlexAir
CVE-2019-7280 (Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of ...)
	NOT-FOR-US: Prima Systems FlexAir
CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7278 (Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending  ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7277 (Optergy Proton/Enterprise devices allow Unauthenticated Internal Netwo ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7276 (Optergy Proton/Enterprise devices allow Remote Root Code Execution via ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7275 (Optergy Proton/Enterprise devices allow Open Redirect. ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7274 (Optergy Proton/Enterprise devices allow Authenticated File Upload with ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7273 (Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CS ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7272 (Optergy Proton/Enterprise devices allow Username Disclosure. ...)
	NOT-FOR-US: Optergy Proton
CVE-2019-7271 (Nortek Linear eMerge 50P/5000P devices have Default Credentials. ...)
	NOT-FOR-US: Nortek Linear
CVE-2019-7270 (Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF ...)
	NOT-FOR-US: Linear eMerge 50P/5000P devices
CVE-2019-7269 (Linear eMerge 50P/5000P devices allow Authenticated Command Injection  ...)
	NOT-FOR-US: Linear eMerge 50P/5000P devices
CVE-2019-7268 (Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. ...)
	NOT-FOR-US: Linear eMerge 50P/5000P devices
CVE-2019-7267 (Linear eMerge 50P/5000P devices allow Cookie Path Traversal. ...)
	NOT-FOR-US: Linear eMerge 50P/5000P devices
CVE-2019-7266 (Linear eMerge 50P/5000P devices allow Authentication Bypass. ...)
	NOT-FOR-US: Linear eMerge 50P/5000P devices
CVE-2019-7265 (Linear eMerge E3-Series devices allow Remote Code Execution (root acce ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7264 (Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7263 (Linear eMerge E3-Series devices have a Version Control Failure. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7262 (Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7261 (Linear eMerge E3-Series devices have Hard-coded Credentials. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7260 (Linear eMerge E3-Series devices have Cleartext Credentials in a Databa ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7259 (Linear eMerge E3-Series devices allow Authorization Bypass with Inform ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7258 (Linear eMerge E3-Series devices allow Privilege Escalation. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7257 (Linear eMerge E3-Series devices allow Unrestricted File Upload. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7256 (Linear eMerge E3-Series devices allow Command Injections. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7255 (Linear eMerge E3-Series devices allow XSS. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7254 (Linear eMerge E3-Series devices allow File Inclusion. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7253 (Linear eMerge E3-Series devices allow Directory Traversal. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7252 (Linear eMerge E3-Series devices have Default Credentials. ...)
	NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2019-7251 (An Integer Signedness issue (for a return code) in the res_pjsip_sdp_r ...)
	- asterisk 1:16.2.1~dfsg-1 (bug #923690)
	[stretch] - asterisk <not-affected> (Vulnerable code not present)
	[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-001.html
CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Google Do ...)
	NOT-FOR-US: Cross Reference Add-on for Google Docs
CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susc ...)
	NOT-FOR-US: Keybase on MacOS
CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...)
	- netkit-rsh 0.17-20 (bug #920486)
	[stretch] - netkit-rsh <no-dsa> (Minor issue)
	[jessie] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...)
	- netkit-rsh 0.17-20 (bug #920486)
	[stretch] - netkit-rsh <no-dsa> (Minor issue)
	[jessie] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7248
	RESERVED
CVE-2019-7247 (An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulner ...)
	NOT-FOR-US: AMD
CVE-2019-7246 (An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardwar ...)
	NOT-FOR-US: AMD
CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23. ...)
	NOT-FOR-US: TechPowerUp GPU-Z
CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vuln ...)
	NOT-FOR-US: AIDA64
CVE-2019-7243
	RESERVED
CVE-2019-7242
	RESERVED
CVE-2019-7241
	RESERVED
CVE-2019-7240 (An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83 ...)
	NOT-FOR-US: Moo0 System Monitor
CVE-2019-7239
	RESERVED
CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access C ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-7237 (An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/e ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-7236 (An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admin ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-7235 (An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=app ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-7234 (An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=app ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer  ...)
	- catdoc <unfixed> (unimportant)
	NOTE: https://github.com/uvoteam/libdoc/issues/6
	NOTE: Crash in CLI tool, no security impact
CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow when a lon ...)
	NOT-FOR-US: ABB IDAL HTTP server
CVE-2019-7231 (The ABB IDAL FTP server is vulnerable to a buffer overflow when a long ...)
	NOT-FOR-US: ABB IDAL FTP server
CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username during ...)
	NOT-FOR-US: ABB IDAL FTP server
CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to upgrade i ...)
	NOT-FOR-US: ABB CP635 HMI
CVE-2019-7228 (The ABB IDAL HTTP server mishandles format strings in a username or co ...)
	NOT-FOR-US: ABB IDAL HTTP server
CVE-2019-7227 (In the ABB IDAL FTP server, an authenticated attacker can traverse to  ...)
	NOT-FOR-US: ABB IDAL FTP server
CVE-2019-7226 (The ABB IDAL HTTP server CGI interface contains a URL that allows an u ...)
	NOT-FOR-US: ABB IDAL HTTP server
CVE-2019-7225 (The ABB HMI components implement hidden administrative accounts that a ...)
	NOT-FOR-US: ABB HMI components
CVE-2019-7224
	RESERVED
CVE-2019-7223 (InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save i ...)
	NOT-FOR-US: InvoicePlane
CVE-2019-7222 (The KVM implementation in the Linux kernel through 4.20.5 has an Infor ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.20-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/353c0956a618a07ba4bbe7ad00ff29fe70e8412a
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1759&desc=2
CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a Use-af ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.20-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
CVE-2019-7220 (X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. ...)
	NOT-FOR-US: X-Cart
CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa  ...)
	- zarafa <itp> (bug #658433)
CVE-2019-7218 (Citrix ShareFile before 19.23 allows a downgrade from two-factor authe ...)
	NOT-FOR-US: Citrix ShareFile
CVE-2019-7217 (Citrix ShareFile before 19.12 allows User Enumeration. It is possible  ...)
	NOT-FOR-US: Citrix ShareFile
CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...)
	NOT-FOR-US: FileChucker
CVE-2019-7215 (Progress Sitefinity 10.1.6536 does not invalidate session cookies upon ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2019-7214 (SmarterTools SmarterMail 16.x before build 6985 allows deserialization ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-7213 (SmarterTools SmarterMail 16.x before build 6985 allows directory trave ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-7212 (SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret k ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-7211 (SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaSc ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-7210
	RESERVED
CVE-2019-7209
	RESERVED
CVE-2019-7208
	RESERVED
CVE-2019-7207
	RESERVED
CVE-2019-7206
	RESERVED
CVE-2019-7205
	RESERVED
CVE-2019-7204
	RESERVED
CVE-2019-7203
	RESERVED
CVE-2019-7202
	RESERVED
CVE-2019-7201 (An unquoted service path vulnerability is reported to affect the servi ...)
	NOT-FOR-US: QNAP NetBak Replicator
CVE-2019-7200
	RESERVED
CVE-2019-7199
	RESERVED
CVE-2019-7198
	RESERVED
CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been reported to ...)
	NOT-FOR-US: QNAP
CVE-2019-7196
	RESERVED
CVE-2019-7195 (This external control of file name or path vulnerability allows remote ...)
	NOT-FOR-US: QNAP
CVE-2019-7194 (This external control of file name or path vulnerability allows remote ...)
	NOT-FOR-US: QNAP
CVE-2019-7193 (This improper input validation vulnerability allows remote attackers t ...)
	NOT-FOR-US: QNAP
CVE-2019-7192 (This improper access control vulnerability allows remote attackers to  ...)
	NOT-FOR-US: QNAP
CVE-2019-7191
	RESERVED
CVE-2019-7190
	RESERVED
CVE-2019-7189
	RESERVED
CVE-2019-7188
	RESERVED
CVE-2019-7187
	RESERVED
CVE-2019-7186
	RESERVED
CVE-2019-7185 (This cross-site scripting (XSS) vulnerability in Music Station allows  ...)
	NOT-FOR-US: QNAP
CVE-2019-7184 (This cross-site scripting (XSS) vulnerability in Video Station allows  ...)
	NOT-FOR-US: QNAP
CVE-2019-7183 (This improper link resolution vulnerability allows remote attackers to ...)
	NOT-FOR-US: QNAP
CVE-2019-7182
	RESERVED
CVE-2019-7181 (Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and ea ...)
	NOT-FOR-US: myQNAPcloud Connect
CVE-2019-7180
	RESERVED
CVE-2019-7179
	RESERVED
CVE-2018-20747
	RESERVED
CVE-2018-20746
	RESERVED
CVE-2019-7178
	RESERVED
CVE-2019-7177
	RESERVED
CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...)
	{DSA-4712-1}
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Ren ...)
	NOT-FOR-US: Roxy Fileman
CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
	NOT-FOR-US: Croogo
CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an attacke ...)
	NOT-FOR-US: ATutor
CVE-2019-7171 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
	NOT-FOR-US: Croogo
CVE-2019-7170 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
	NOT-FOR-US: Croogo
CVE-2019-7169 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
	NOT-FOR-US: Croogo
CVE-2019-7168 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...)
	NOT-FOR-US: Croogo
CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a counterf ...)
	NOT-FOR-US: Zcash
CVE-2019-7166
	RESERVED
CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitra ...)
	{DSA-4478-1 DLA-1845-1}
	- dosbox 0.74-3-1 (bug #931222)
	NOTE: Fixed in 0.74-3 upstream.
	NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/
	NOTE: Fixed by https://sourceforge.net/p/dosbox/code-0/3925/
CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injecti ...)
	{DLA-1718-1}
	[experimental] - sqlalchemy 1.3.0~b3+ds1-1
	- sqlalchemy 1.2.18+ds1-2 (bug #922669)
	[stretch] - sqlalchemy <no-dsa> (Minor issue)
	NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481
	NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...)
	NOT-FOR-US: Alcatel
CVE-2019-7162 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Bu ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2019-7159 (OX App Suite 7.10.1 and earlier allows Information Exposure. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-7158 (OX App Suite 7.10.0 and earlier has Incorrect Access Control. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2019-7157
	RESERVED
CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ...)
	- catdoc <unfixed> (unimportant)
	NOTE: https://github.com/uvoteam/libdoc/issues/5
	NOTE: catdoc embeds the code; crash in CLI tool, no security impact
CVE-2019-7155 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7154 (The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap- ...)
	- binaryen 66-1 (bug #920853)
	NOTE: https://github.com/WebAssembly/binaryen/issues/1876
	NOTE: https://github.com/WebAssembly/binaryen/commit/79a4fbc80d7ffce4cbcfd04315ce3a0efa88d7fa
CVE-2019-7153 (A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder:: ...)
	- binaryen 66-1 (bug #920853)
	NOTE: https://github.com/WebAssembly/binaryen/issues/1879
	NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
	NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
CVE-2019-7152 (A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilde ...)
	- binaryen 66-1 (bug #920853)
	NOTE: https://github.com/WebAssembly/binaryen/issues/1880
	NOTE: Same set of fixes as for https://github.com/WebAssembly/binaryen/issues/1879
	NOTE: address the issue.
	NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
	NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
CVE-2019-7151 (A NULL pointer dereference was discovered in wasm::Module::getFunction ...)
	- binaryen 66-1 (bug #920853)
	NOTE: https://github.com/WebAssembly/binaryen/issues/1881
	NOTE: Same set of fixes as for https://github.com/WebAssembly/binaryen/issues/1879
	NOTE: address the issue.
	NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
	NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can oc ...)
	{DLA-1689-1}
	- elfutils 0.176-1 (low; bug #920909)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59
CVE-2019-7149 (A heap-based buffer over-read was discovered in the function read_srcl ...)
	{DLA-1689-1}
	- elfutils 0.176-1 (low; bug #920910)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35
CVE-2019-7148 (**DISPUTED** An attempted excessive memory allocation was discovered i ...)
	- elfutils 0.176-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e32380ecefbb23448541367283d3b94930762986
	NOTE: malloc can fail on invalid file, but "nothing" bad with security implication will
	NOTE: happen, negligible security impact.
CVE-2019-7147 (A buffer over-read exists in the function crc64ib in crc64.c in nasmli ...)
	- nasm <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392544
CVE-2019-7146 (In elfutils 0.175, there is a buffer over-read in the ebl_object_note  ...)
	- elfutils 0.176-1 (bug #920911)
	[stretch] - elfutils <not-affected> (Vulnerable code introduced in 0.175)
	[jessie] - elfutils <not-affected> (Vulnerable code introduced in 0.175)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24075
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24081
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=012018907ca05eb0ab51d424a596ef38fc87cae1
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=cd7ded3df43f655af945c869976401a602e46fcd
CVE-2019-7145 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7144 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7143 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7142 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7141 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7140 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7139 (An unauthenticated user can execute SQL statements that allow arbitrar ...)
	NOT-FOR-US: Magento
CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
	NOT-FOR-US: Adobe
CVE-2019-7137 (Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. ...)
	NOT-FOR-US: Adobe
CVE-2019-7136 (Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. S ...)
	NOT-FOR-US: Adobe
CVE-2019-7135 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
	NOT-FOR-US: Adobe
CVE-2019-7134 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
	NOT-FOR-US: Adobe
CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...)
	NOT-FOR-US: Adobe
CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...)
	NOT-FOR-US: Adobe
CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...)
	NOT-FOR-US: Adobe
CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
	NOT-FOR-US: Adobe
CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7126
	RESERVED
CVE-2019-7125 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7124 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7123 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7122 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7121 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7120 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7119 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7118 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7117 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7116 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7115 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7114 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7113 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7112 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7111 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7110 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7109 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7108 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2019-7107 (Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink proc ...)
	NOT-FOR-US: Adobe
CVE-2019-7106 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2019-7105 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2019-7104 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7103 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7102 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7101 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7100 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7099 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7098 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...)
	NOT-FOR-US: Adobe
CVE-2019-7097 (Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol  ...)
	NOT-FOR-US: Adobe
CVE-2019-7096 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2019-7095 (Adobe Digital Editions versions 4.5.10.185749 and below have a heap ov ...)
	NOT-FOR-US: Adobe
CVE-2019-7094 (Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a h ...)
	NOT-FOR-US: Adobe
CVE-2019-7093 (Creative Cloud Desktop Application (installer) versions 4.7.0.400 and  ...)
	NOT-FOR-US: Adobe
CVE-2019-7092 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...)
	NOT-FOR-US: Adobe
CVE-2019-7091 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...)
	NOT-FOR-US: Adobe
CVE-2019-7090 (Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Pl ...)
	NOT-FOR-US: Adobe
CVE-2019-7089 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7088 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7087 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7086 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7085 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7084 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7083 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7082 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7081 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7080 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7079 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7078 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7077 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7076 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7075 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7074 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7073 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7072 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7071 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7070 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7069 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7068 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7067 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7066 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7065 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7064 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7063 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7062 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7061 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7060 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7059 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7058 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7057 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7056 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7055 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7054 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7053 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7052 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7051 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7050 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7049 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7048 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7047 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7046 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7045 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7044 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7043 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7042 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7041 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7040 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7039 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7038 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7037 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7036 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7035 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7034 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7033 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7032 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7031 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7030 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7029 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7028 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7027 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7026 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7025 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7024 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7023 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7022 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7021 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7020 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7019 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7018 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2019-7017
	REJECTED
CVE-2019-7016
	REJECTED
CVE-2019-7015
	REJECTED
CVE-2019-7014
	REJECTED
CVE-2019-7013
	REJECTED
CVE-2019-7012
	REJECTED
CVE-2019-7011
	REJECTED
CVE-2019-7010
	REJECTED
CVE-2019-7009
	REJECTED
CVE-2019-7008
	REJECTED
CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya Equino ...)
	NOT-FOR-US: Avaya
CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
	NOT-FOR-US: Avaya
CVE-2019-7005
	RESERVED
CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI component of I ...)
	NOT-FOR-US: Avaya
CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)
	NOT-FOR-US: Avaya
CVE-2019-7002
	RESERVED
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
	NOT-FOR-US: IP Office Contact Center
CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...)
	NOT-FOR-US: Web UI of Avaya Aura Conferencing
CVE-2019-6999
	REJECTED
CVE-2019-6998
	RESERVED
CVE-2019-6997 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6996 (An issue was discovered in GitLab Enterprise Edition 10.x (starting in ...)
	- gitlab <not-affected> (Only affects EE)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6995 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6994
	RESERVED
CVE-2019-6993
	RESERVED
CVE-2019-6992 (A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ...)
	- zoneminder 1.32.3-2 (bug #920999)
	NOTE: https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2445
CVE-2019-6991 (A classic Stack-based buffer overflow exists in the zmLoadUser() funct ...)
	- zoneminder 1.32.3-2 (bug #921000)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2478
	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2482
CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneM ...)
	- zoneminder 1.32.3-2 (bug #921001)
	NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444
CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...)
	{DLA-1731-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/04197b341f23b908193308b8d63d17ff23232598
CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remot ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Speci ...)
	{DSA-4377-1 DLA-1650-1}
	- rssh 2.3.4-9 (bug #919623)
	NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caus ...)
	NOT-FOR-US: TP-Link
CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers  ...)
	- openjpeg2 <unfixed> (low; bug #922648)
	[buster] - openjpeg2 <ignored> (Minor issue)
	[stretch] - openjpeg2 <ignored> (Minor issue)
	[jessie] - openjpeg2 <ignored> (Minor issue)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1178
CVE-2019-6987
	RESERVED
CVE-2019-6986 (SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to exe ...)
	NOT-FOR-US: VIVO Vitro
CVE-2019-6985 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6984 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6983 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6982 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6981 (Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in t ...)
	NOT-FOR-US: Zimbra
CVE-2019-6980 (Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecur ...)
	NOT-FOR-US: Zimbra
CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka IP_History_Lo ...)
	NOT-FOR-US: IP History Logs plugin for MyBB
CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...)
	- yii <itp> (bug #597899)
CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a  ...)
	NOT-FOR-US: Olivier Poitrey Go CORS handler
CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdI ...)
	{DSA-4384-1 DLA-1651-1}
	- libgd2 2.2.5-5.1 (bug #920728)
	NOTE: https://github.com/libgd/libgd/issues/492
	NOTE: https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
CVE-2019-1000029 [DoS due to changing # of allowed users in root channel]
	- mumble 1.3.0~git20190125.440b173+dfsg-1 (bug #920476)
	[stretch] - mumble <not-affected> (Vulnerable code introduced later)
	[jessie] - mumble <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mumble-voip/mumble/issues/3585
	NOTE: Introduced in: https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836
	NOTE: Fixed by: https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c
CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka  ...)
	{DSA-4384-1 DLA-1651-1}
	- libgd2 2.2.5-5.1 (bug #920645)
	- php7.3 7.3.1-1 (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77270
	NOTE: Proposed patch: https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
CVE-2019-6976 (libvips before 8.7.4 generates output images from uninitialized memory ...)
	- vips 8.7.4-1 (low)
	[stretch] - vips 8.4.5-1+deb9u1
	[jessie] - vips <ignored> (Minor Issue)
	NOTE: https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2. ...)
	{DSA-4476-1}
	- python-django 1:1.11.20-1 (low; bug #922027)
	[jessie] - python-django <not-affected> (Vulnerable code not present)
	NOTE: Upstream re-released https://code.djangoproject.com/ticket/30175
	NOTE: https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
	NOTE: https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 (1.11 branch)
CVE-2019-6974 (In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.20-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/cfa39381173d5f969daf43582c95ad679189cbc9
CVE-2019-6973 (Sricam IP CCTV cameras are vulnerable to denial of service via multipl ...)
	NOT-FOR-US: Sricam IP CCTV cameras
CVE-2019-6972 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credent ...)
	NOT-FOR-US: TP-Link
CVE-2019-6971 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker ...)
	NOT-FOR-US: TP-Link
CVE-2019-6970 (Moodle 3.5.x before 3.5.4 allows SSRF. ...)
	- moodle <removed>
CVE-2019-6969 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to an  ...)
	NOT-FOR-US: D-Link
CVE-2019-6968 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS ...)
	NOT-FOR-US: D-Link
CVE-2019-6967 (AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. ...)
	NOT-FOR-US: AirTies devices
CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/ ...)
	NOT-FOR-US: i-doit
CVE-2019-6964 (A heap-based buffer over-read in Service_SetParamStringValue in cosa_x ...)
	NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6963 (A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-2018 ...)
	NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 ...)
	NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK RDKB-2 ...)
	NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6960 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6959
	RESERVED
CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Video M ...)
	NOT-FOR-US: Bosch
CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
	NOT-FOR-US: Bosch
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (bug #914641)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/39
	NOTE: https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57
CVE-2019-6955
	RESERVED
CVE-2019-6954
	RESERVED
CVE-2019-6953
	RESERVED
CVE-2019-6952
	RESERVED
CVE-2019-6951
	RESERVED
CVE-2019-6950
	RESERVED
CVE-2019-6949
	RESERVED
CVE-2019-6948
	RESERVED
CVE-2019-6947
	RESERVED
CVE-2019-6946
	RESERVED
CVE-2019-6945
	RESERVED
CVE-2019-6944
	RESERVED
CVE-2019-6943
	RESERVED
CVE-2019-6942
	RESERVED
CVE-2019-6941
	RESERVED
CVE-2019-6940
	RESERVED
CVE-2019-6939
	RESERVED
CVE-2019-6938
	RESERVED
CVE-2019-6937
	RESERVED
CVE-2019-6936
	RESERVED
CVE-2019-6935
	RESERVED
CVE-2019-6934
	RESERVED
CVE-2019-6933
	RESERVED
CVE-2019-6932
	RESERVED
CVE-2019-6931
	RESERVED
CVE-2019-6930
	RESERVED
CVE-2019-6929
	RESERVED
CVE-2019-6928
	RESERVED
CVE-2019-6927
	RESERVED
CVE-2019-6926
	RESERVED
CVE-2019-6925
	RESERVED
CVE-2019-6924
	RESERVED
CVE-2019-6923
	RESERVED
CVE-2019-6922
	RESERVED
CVE-2019-6921
	RESERVED
CVE-2019-6920
	RESERVED
CVE-2019-6919
	RESERVED
CVE-2019-6918
	RESERVED
CVE-2019-6917
	RESERVED
CVE-2019-6916
	RESERVED
CVE-2019-6915
	RESERVED
CVE-2019-6914
	RESERVED
CVE-2019-6913
	RESERVED
CVE-2019-6912
	RESERVED
CVE-2019-6911
	RESERVED
CVE-2019-6910
	RESERVED
CVE-2019-6909
	RESERVED
CVE-2019-6908
	RESERVED
CVE-2019-6907
	RESERVED
CVE-2019-6906
	RESERVED
CVE-2019-6905
	RESERVED
CVE-2019-6904
	RESERVED
CVE-2019-6903
	RESERVED
CVE-2019-6902
	RESERVED
CVE-2019-6901
	RESERVED
CVE-2019-6900
	RESERVED
CVE-2019-6899
	RESERVED
CVE-2019-6898
	RESERVED
CVE-2019-6897
	RESERVED
CVE-2019-6896
	RESERVED
CVE-2019-6895
	RESERVED
CVE-2019-6894
	RESERVED
CVE-2019-6893
	RESERVED
CVE-2019-6892
	RESERVED
CVE-2019-6891
	RESERVED
CVE-2019-6890
	RESERVED
CVE-2019-6889
	RESERVED
CVE-2019-6888
	RESERVED
CVE-2019-6887
	RESERVED
CVE-2019-6886
	RESERVED
CVE-2019-6885
	RESERVED
CVE-2019-6884
	RESERVED
CVE-2019-6883
	RESERVED
CVE-2019-6882
	RESERVED
CVE-2019-6881
	RESERVED
CVE-2019-6880
	RESERVED
CVE-2019-6879
	RESERVED
CVE-2019-6878
	RESERVED
CVE-2019-6877
	RESERVED
CVE-2019-6876
	RESERVED
CVE-2019-6875
	RESERVED
CVE-2019-6874
	RESERVED
CVE-2019-6873
	RESERVED
CVE-2019-6872
	RESERVED
CVE-2019-6871
	RESERVED
CVE-2019-6870
	RESERVED
CVE-2019-6869
	RESERVED
CVE-2019-6868
	RESERVED
CVE-2019-6867
	RESERVED
CVE-2019-6866
	RESERVED
CVE-2019-6865
	RESERVED
CVE-2019-6864
	RESERVED
CVE-2019-6863
	RESERVED
CVE-2019-6862
	RESERVED
CVE-2019-6861
	RESERVED
CVE-2019-6860
	RESERVED
CVE-2019-6859 (A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modico ...)
	NOT-FOR-US: Modicon
CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX ...)
	NOT-FOR-US: MSX Configurator
CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Modicon
CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Modicon
CVE-2019-6855 (An Improper Authorization - CWE-285 vulnerability exists in EcoStruxur ...)
	NOT-FOR-US: EcoStruxure Control Expert
CVE-2019-6854 (A CWE-264 Permissions, Privileges, and Access Controls vulnerability e ...)
	NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability exists  ...)
	NOT-FOR-US: Andover Continuum
CVE-2019-6852 (A CWE-200: Information Exposure vulnerability exists in Modicon Contro ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6851 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
	NOT-FOR-US: Modicon
CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon M580,  ...)
	NOT-FOR-US: Modicon
CVE-2019-6849 (A CWE-200: Information Exposure vulnerability exists in Modicon M580,  ...)
	NOT-FOR-US: Modicon
CVE-2019-6848 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
	NOT-FOR-US: Modicon
CVE-2019-6847 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
	NOT-FOR-US: Modicon
CVE-2019-6846 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
	NOT-FOR-US: Modicon
CVE-2019-6845 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
	NOT-FOR-US: Modicon
CVE-2019-6844 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
	NOT-FOR-US: Modicon
CVE-2019-6843 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
	NOT-FOR-US: Modicon
CVE-2019-6842 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
	NOT-FOR-US: Modicon
CVE-2019-6841 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
	NOT-FOR-US: Modicon
CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...)
	NOT-FOR-US: Schneider
CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
	NOT-FOR-US: Schneider
CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
	NOT-FOR-US: Schneider
CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in  ...)
	NOT-FOR-US: Schneider
CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
	NOT-FOR-US: Schneider
CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...)
	NOT-FOR-US: Schneider
CVE-2019-6834
	RESERVED
CVE-2019-6833 (A CWE-754 &#8211; Improper Check for Unusual or Exceptional Conditions ...)
	NOT-FOR-US: Schneider
CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk (all versi ...)
	NOT-FOR-US: Schneider
CVE-2019-6831 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Schneider
CVE-2019-6830 (A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all ...)
	NOT-FOR-US: Schneider
CVE-2019-6829 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...)
	NOT-FOR-US: Schneider
CVE-2019-6828 (A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmw ...)
	NOT-FOR-US: Schneider
CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Gra ...)
	NOT-FOR-US: Interactive Graphical SCADA System (IGSS)
CVE-2019-6826 (A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVA ...)
	NOT-FOR-US: Schneider
CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
	NOT-FOR-US: ProClima
CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all version ...)
	NOT-FOR-US: ProClima
CVE-2019-6823 (A CWE-94: Code Injection vulnerability exists in ProClima (all version ...)
	NOT-FOR-US: ProClima
CVE-2019-6822 (A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 a ...)
	NOT-FOR-US: Zelio Soft 2
CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability, which coul ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6819 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6818
	RESERVED
CVE-2019-6817
	RESERVED
CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code Injection vul ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, Privil ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Schneider
CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6811 (An Improper Check for Unusual or Exceptional Conditions (CWE-754) vuln ...)
	NOT-FOR-US: Schneider
CVE-2019-6810 (CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H E ...)
	NOT-FOR-US: Schneider
CVE-2019-6809 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...)
	NOT-FOR-US: Schneider
CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6806 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
	NOT-FOR-US: Schneider Electric
CVE-2019-6805 (SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi ...)
	NOT-FOR-US: S-CMS
CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck Community  ...)
	NOT-FOR-US: Rundeck Community Edition
CVE-2019-6803 (typora through 0.9.9.20.3 beta has XSS, with resultant remote command  ...)
	NOT-FOR-US: Typora
CVE-2019-6802 (CRLF Injection in pypiserver 1.2.5 and below allows attackers to set a ...)
	NOT-FOR-US: pypiserver
CVE-2019-6801
	RESERVED
CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam  ...)
	NOT-FOR-US: TitanHQ SpamTitan
CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...)
	{DLA-1692-1}
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #920823)
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900
CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #920822)
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later >= 4.5.0)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435
CVE-2019-6797 (An information disclosure issue was discovered in GitLab Enterprise Ed ...)
	- gitlab <not-affected> (Only affects EE)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6795 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6794 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6793 (An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11 ...)
	- gitlab <not-affected> (Only affects EE)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6792 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6791 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6790 (An Incorrect Access Control (issue 2 of 3) issue was discovered in Git ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6789 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6788 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6787 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6786 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6785 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6784 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6783 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6782 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6781 (An Improper Input Validation issue was discovered in GitLab Community  ...)
	- gitlab 11.5.10+dfsg-1 (bug #921059)
	NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles external link ...)
	NOT-FOR-US: WordPress plugin wise-chat
CVE-2017-18360 (In change_port_settings in drivers/usb/serial/io_ti.c in the Linux ker ...)
	- linux 4.9.30-1
	[jessie] - linux 3.16.48-1
	NOTE: Fixed by: https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attac ...)
	{DLA-1653-1}
	- postgis 2.3.3+dfsg-1 (low)
	[stretch] - postgis <no-dsa> (Minor issue)
	NOTE: https://trac.osgeo.org/postgis/ticket/3704
	NOTE: https://trac.osgeo.org/postgis/changeset/15444
	NOTE: https://trac.osgeo.org/postgis/changeset/15445
CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete ...)
	NOT-FOR-US: Cscms
CVE-2019-6778 (In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer ove ...)
	{DSA-4454-1 DLA-1694-1}
	- qemu 1:3.1+dfsg-3 (bug #921525)
	- qemu-kvm <removed>
	- slirp4netns 0.2.1-1
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905
CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...)
	- zoneminder 1.32.3-2 (bug #920375)
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
	NOTE: https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
CVE-2019-6776 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6775 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6774 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6773 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6772 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6771 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6770 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6769 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6768 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6767 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6766 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6765 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6764 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6763 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6762 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6761 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6760 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6759 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6758 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6757 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6756 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6755 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6754 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6753 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6752 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6751 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-6750 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-6749 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-6748 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-6747 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-6746 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Studio Photo
CVE-2019-6745
	REJECTED
CVE-2019-6744 (This vulnerability allows local attackers to disclose sensitive inform ...)
	NOT-FOR-US: Samsung
CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Xiaomi Mi6 Browser
CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: GameServiceReceiver update mechanism as used in Samsung Galaxy S9
CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung
CVE-2019-6740 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung
CVE-2019-6739 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Malwarebytes Antimalware
CVE-2019-6738 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender SafePay
CVE-2019-6737 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender SafePay
CVE-2019-6736 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender SafePay
CVE-2019-6735 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6734 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6733 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6732 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6731 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6730 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6729 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6728 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2019-6726 (The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remot ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without authentication o ...)
	NOT-FOR-US: ZyXEL
CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to versio ...)
	NOT-FOR-US: Barracuda VPN Client
CVE-2019-6723
	RESERVED
CVE-2019-6722
	RESERVED
CVE-2019-6721
	RESERVED
CVE-2019-6720
	RESERVED
CVE-2019-6719 (An issue has been found in libIEC61850 v1.3.1. There is a use-after-fr ...)
	NOT-FOR-US: libIEC61850
CVE-2019-6718
	RESERVED
CVE-2019-6717
	RESERVED
CVE-2019-6716 (An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket C ...)
	NOT-FOR-US: LogonBox Nervepoint Access Manager
CVE-2019-6715 (pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress al ...)
	NOT-FOR-US: W3 Total Cache plugin for WordPress
CVE-2019-6714 (An issue was discovered in BlogEngine.NET through 3.3.6.0. A path trav ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2019-6713 (app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows ...)
	NOT-FOR-US: ThinkCMF
CVE-2019-6712
	RESERVED
CVE-2019-6711
	RESERVED
CVE-2019-6710 (Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. ...)
	NOT-FOR-US: Zyxel
CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01.  ...)
	NOT-FOR-US: UC Berkeley RISE Opaque
CVE-2019-6709
	RESERVED
CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state paramet ...)
	NOT-FOR-US: PHPSHE
CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&amp;act=sta ...)
	NOT-FOR-US: PHPSHE
CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For examp ...)
	- lua5.3 <unfixed> (bug #920321)
	[buster] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
	[stretch] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
	- lua5.2 <not-affected> (Vulnerable code introduced later)
	- lua5.1 <not-affected> (Vulnerable code introduced later)
	- lua50 <not-affected> (Vulnerable code introduced later)
	NOTE: http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
	NOTE: lua50 and lua5.1 don't have the affected code.
	NOTE: lua5.2 is not vulnerable as it doesn't free the value before using it.
CVE-2019-6705
	RESERVED
CVE-2019-6704
	RESERVED
CVE-2019-6703 (Incorrect access control in migla_ajax_functions.php in the Calmar Web ...)
	NOT-FOR-US: Calmar Webmedia Total Donations plugin for WordPress
CVE-2019-6702 (The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certifica ...)
	NOT-FOR-US: MasterCard Qkr! app
CVE-2019-6701
	RESERVED
CVE-2019-6700 (An information exposure vulnerability in the external authentication p ...)
	NOT-FOR-US: FortiSIEM (Fortiguard)
CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet FortiADC ...)
	NOT-FOR-US: Fortiguard
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...)
	NOT-FOR-US: Fortinet
CVE-2019-6697
	RESERVED
CVE-2019-6696 (An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6. ...)
	NOT-FOR-US: Fortiguard
CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...)
	NOT-FOR-US: Fortinet
CVE-2019-6694
	RESERVED
CVE-2019-6693 (Use of a hard-coded cryptographic key to cipher sensitive data in Fort ...)
	NOT-FOR-US: Fortinet
CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for Wind ...)
	NOT-FOR-US: Fortinet
CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
	NOT-FOR-US: phpwind
CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...)
	{DLA-1675-1}
	- python-gnupg 0.4.4-1
	[stretch] - python-gnupg <no-dsa> (Minor issue)
	NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
	NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
	NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...)
	NOT-FOR-US: Jenkins
CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload Automation Agent ...)
	NOT-FOR-US: Dillon Kane Tidal Workload Automation Agent
CVE-2019-6688 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6687 (On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services pr ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6686 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6685 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6684 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6683 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6682 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6681 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6680 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6679 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6678 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6677 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6676 (On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM m ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6674 (On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash  ...)
	NOT-FOR-US: F5
CVE-2019-6673 (On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is config ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6672 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6671 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6670 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6669 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6668 (The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6667 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6666 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6665 (On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6664 (On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, networ ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6663 (The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6662 (On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the lo ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6661 (When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6660 (On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6659 (On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enable ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6658 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1. ...)
	NOT-FOR-US: F5
CVE-2019-6657 (On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a refle ...)
	NOT-FOR-US: F5
CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs t ...)
	NOT-FOR-US: F5
CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5. ...)
	NOT-FOR-US: F5
CVE-2019-6654 (On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11 ...)
	NOT-FOR-US: F5
CVE-2019-6653 (There is a Stored Cross Site Scripting vulnerability in the undisclose ...)
	NOT-FOR-US: F5
CVE-2019-6652 (In BIG-IQ 6.0.0-6.1.0, services for stats do not require authenticatio ...)
	NOT-FOR-US: F5
CVE-2019-6651 (In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...)
	NOT-FOR-US: F5
CVE-2019-6650 (F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1. ...)
	NOT-FOR-US: F5
CVE-2019-6649 (F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...)
	NOT-FOR-US: F5
CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Ser ...)
	NOT-FOR-US: F5
CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1 ...)
	NOT-FOR-US: F5
CVE-2019-6646 (On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with  ...)
	NOT-FOR-US: F5
CVE-2019-6645 (On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6 ...)
	NOT-FOR-US: F5
CVE-2019-6644 (Similar to the issue identified in CVE-2018-12120, on versions 14.1.0- ...)
	NOT-FOR-US: F5
CVE-2019-6643 (On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12 ...)
	NOT-FOR-US: F5
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6640 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6639 (On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6638 (On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6637 (On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6636 (On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6635 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6634 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6633 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6632 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6631 (On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation ma ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6630 (On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclose ...)
	NOT-FOR-US: F5 SSL Orchestrator
CVE-2019-6629 (On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6628 (On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain condi ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6627 (On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to ...)
	NOT-FOR-US: F5 SSL Orchestrator
CVE-2019-6626 (On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6625 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6624 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6622 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6621 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6620 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6619 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Tra ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6618 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6617 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6616 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6615 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6614 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, interna ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6613 (On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6612 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6611 (When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6610 (On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6609 (Platform dependent weakness. This issue only impacts iSeries platforms ...)
	NOT-FOR-US: BIG-IP APM
CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6607 (On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6606 (On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6605 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed seq ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6604 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6603 (In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6602 (In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility l ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6601 (In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6600 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6599 (In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6598 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6597 (In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6596 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6595 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Ma ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6594 (On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6593 (On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configur ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6592 (On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file whe ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6591 (On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12. ...)
	NOT-FOR-US: BIG-IP
CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain c ...)
	NOT-FOR-US: BIG-IP
CVE-2019-6589 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2019-6588 (In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in th ...)
	NOT-FOR-US: Liferay Portal CE
CVE-2019-6587
	RESERVED
CVE-2019-6586
	RESERVED
CVE-2019-6585 (A vulnerability has been identified in SCALANCE S602 (All versions &gt ...)
	NOT-FOR-US: Siemens
CVE-2019-6584 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...)
	NOT-FOR-US: Siemens
CVE-2019-6583
	RESERVED
CVE-2019-6582 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...)
	NOT-FOR-US: Siemens
CVE-2019-6581 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...)
	NOT-FOR-US: Siemens
CVE-2019-6580 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...)
	NOT-FOR-US: Siemens
CVE-2019-6579 (A vulnerability has been identified in Spectrum Power 4 (with Web Offi ...)
	NOT-FOR-US: Spectrum Power
CVE-2019-6578 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180  ...)
	NOT-FOR-US: Siemens
CVE-2019-6577 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2019-6576 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All ve ...)
	NOT-FOR-US: Siemens
CVE-2019-6574 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180  ...)
	NOT-FOR-US: Siemens
CVE-2019-6573
	RESERVED
CVE-2019-6572 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2019-6571 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...)
	NOT-FOR-US: Siemens
CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
	NOT-FOR-US: Siemens
CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Scalance
CVE-2019-6568 (A vulnerability has been identified in CP1604, CP1616, CP343-1 Advance ...)
	NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens
CVE-2019-6566 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
	NOT-FOR-US: GE Communicator
CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving unauthe ...)
	NOT-FOR-US: Moxa
CVE-2019-6564 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...)
	NOT-FOR-US: GE Communicator
CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5  ...)
	NOT-FOR-US: Moxa
CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...)
	NOT-FOR-US: Philips
CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, wh ...)
	NOT-FOR-US: Moxa
CVE-2019-6560 (In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and ...)
	NOT-FOR-US: Auto-Maskin RP210E
CVE-2019-6559 (Moxa IKS and EDS allow remote authenticated users to cause a denial of ...)
	NOT-FOR-US: Moxa
CVE-2019-6558 (In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and ...)
	NOT-FOR-US: Auto-Maskin RP210E
CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...)
	NOT-FOR-US: Moxa
CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...)
	NOT-FOR-US: Omron
CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
	NOT-FOR-US: Cscape
CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6553 (A vulnerability was found in Rockwell Automation RSLinx Classic versio ...)
	NOT-FOR-US: Rockwell Automation
CVE-2019-6552 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command  ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior al ...)
	NOT-FOR-US: Pangea Communications Internet FAX ATA
CVE-2019-6550 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-ba ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...)
	NOT-FOR-US: PR100088 Modbus
CVE-2019-6548 (GE Communicator, all versions prior to 4.0.517, contains two backdoor  ...)
	NOT-FOR-US: GE Communicator
CVE-2019-6547 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
	NOT-FOR-US: Delta Industrial Automation CNCSoft
CVE-2019-6546 (GE Communicator, all versions prior to 4.0.517, allows an attacker to  ...)
	NOT-FOR-US: GE Communicator
CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
	NOT-FOR-US: AVEVA
CVE-2019-6544 (GE Communicator, all versions prior to 4.0.517, has a service running  ...)
	NOT-FOR-US: GE Communicator
CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
	NOT-FOR-US: AVEVA
CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...)
	NOT-FOR-US: ENTTEC firmware
CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON LeviStu ...)
	NOT-FOR-US: WECON
CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
	NOT-FOR-US: Medtronic
CVE-2019-6539 (Several heap-based buffer overflow vulnerabilities in WECON LeviStudio ...)
	NOT-FOR-US: WECON
CVE-2019-6538 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
	NOT-FOR-US: Medtronic
CVE-2019-6537 (Multiple stack-based buffer overflow vulnerabilities in WECON LeviStud ...)
	NOT-FOR-US: WECON
CVE-2019-6536 (Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file ...)
	NOT-FOR-US: LCDS
CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and pri ...)
	NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs
CVE-2019-6534 (The uncontrolled search path element vulnerability in Gemalto Sentinel ...)
	NOT-FOR-US: Gemalto Sentinel UltraPro Client Library ux32w.dll
CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...)
	NOT-FOR-US: PR100088 Modbus
CVE-2019-6532 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created  ...)
	NOT-FOR-US: Panasonic
CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from the  ...)
	NOT-FOR-US: Kunbus
CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created  ...)
	NOT-FOR-US: Panasonic
CVE-2019-6529 (An attacker could specially craft an FTP request that could crash the  ...)
	NOT-FOR-US: Kunbus
CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit fa ...)
	NOT-FOR-US: PSI GridConnect GmbH
CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Software Ver ...)
	NOT-FOR-US: PR100088 Modbus
CVE-2019-6526 (Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version ...)
	NOT-FOR-US: Moxa
CVE-2019-6525 (AVEVA Wonderware System Platform 2017 Update 2 and prior uses an Arche ...)
	NOT-FOR-US: AVEVA Wonderware System Platform
CVE-2019-6524 (Moxa IKS and EDS do not implement sufficient measures to prevent multi ...)
	NOT-FOR-US: Moxa
CVE-2019-6523 (WebAccess/SCADA, Version 8.3. The software does not properly sanitize  ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6522 (Moxa IKS and EDS fails to properly check array bounds which may allow  ...)
	NOT-FOR-US: Moxa
CVE-2019-6521 (WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6520 (Moxa IKS and EDS does not properly check authority on server side, whi ...)
	NOT-FOR-US: Moxa
CVE-2019-6519 (WebAccess/SCADA, Version 8.3. An improper authentication vulnerability ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6518 (Moxa IKS and EDS store plaintext passwords, which may allow sensitive  ...)
	NOT-FOR-US: Moxa
CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional Operating Syst ...)
	NOT-FOR-US: BD FACSLyric
CVE-2019-6516 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...)
	NOT-FOR-US: WSO2
CVE-2019-6515 (An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents  ...)
	NOT-FOR-US: WSO2
CVE-2019-6514 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...)
	NOT-FOR-US: WSO2
CVE-2019-6513 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible for  ...)
	NOT-FOR-US: WSO2
CVE-2019-6512 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible to f ...)
	NOT-FOR-US: WSO2
CVE-2019-6511
	RESERVED
CVE-2019-6510 (An issue was discovered in creditease-sec insight through 2018-09-11.  ...)
	NOT-FOR-US: creditease-sec
CVE-2019-6509 (An issue was discovered in creditease-sec insight through 2018-09-11.  ...)
	NOT-FOR-US: creditease-sec
CVE-2019-6508 (An issue was discovered in creditease-sec insight through 2018-09-11.  ...)
	NOT-FOR-US: creditease-sec
CVE-2019-6507 (An issue was discovered in creditease-sec insight through 2018-09-11.  ...)
	NOT-FOR-US: creditease-sec
CVE-2019-6506 (SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x be ...)
	NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-6505
	RESERVED
CVE-2019-6504 (Insufficient output sanitization in the Automic Web Interface (AWI), i ...)
	NOT-FOR-US: CA Automic Workload Automation
CVE-2019-6503 (There is a deserialization vulnerability in Chatopera cosin v3.10.0. A ...)
	NOT-FOR-US: Chatopera cosin
CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory  ...)
	- opensc 0.20.0-1 (unimportant)
	NOTE: https://github.com/OpenSC/OpenSC/issues/1586
	NOTE: https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 (0.20.0-rc1)
	NOTE: Negligible security impact, assigning a CVE seems out of proportion...
CVE-2019-1003004 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003003 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...)
	NOT-FOR-US: Jenkins
CVE-2019-1003002 (A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security Plugin 1.49 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-6501 (In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allow ...)
	- qemu 1:3.1+dfsg-3 (bug #920222)
	[stretch] - qemu <not-affected> (vulnerable code introduced later)
	[jessie] - qemu <not-affected> (vulnerable code introduced later)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html
	NOTE: Code introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 ,
	NOTE: but but the overflow was already possible before.
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e909ff93698851777faac3c45d03c1b73f311ea6
	NOTE: Overflow introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=a71c775b24,
	NOTE: vulnerability not present prior 2.12.50
CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinf ...)
	- glibc 2.28-6 (bug #920047)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1347549
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20018
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=108bc4049f8ae82710aec26a92ffdb4b439c83fd
CVE-2019-6500 (In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Trav ...)
	NOT-FOR-US: Axway File Transfer Direct
CVE-2019-6499 (Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcode ...)
	NOT-FOR-US: Teradata Viewpoint
CVE-2019-6498 (GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in d ...)
	NOT-FOR-US: GattLib
CVE-2019-6497 (Hotels_Server through 2018-11-05 has SQL Injection via the controller/ ...)
	NOT-FOR-US: Hotels_Server
CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88 ...)
	NOT-FOR-US: ThreadX-based firmware on Marvell Avastar Wi-Fi devices
CVE-2019-6495
	RESERVED
CVE-2019-6494 (IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privilege ...)
	NOT-FOR-US: IObit Malware Fighter
CVE-2019-6493 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
	NOT-FOR-US: IObit Smart Defrag
CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
	NOT-FOR-US: IObit Smart Defrag
CVE-2019-6491 (RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. ...)
	NOT-FOR-US: RISI Gestao de Horarios
CVE-2019-6490
	RESERVED
CVE-2019-6489 (Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-0 ...)
	NOT-FOR-US: Lexmark
CVE-2018-20741
	RESERVED
CVE-2018-20740
	RESERVED
CVE-2018-20739
	RESERVED
CVE-2018-20738
	RESERVED
CVE-2018-20737 (An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2018-20736 (An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-bas ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) through ...)
	- glibc 2.28-6 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097
	NOTE: x32 not officially supported
CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3. ...)
	NOT-FOR-US: TP-Link
CVE-2019-6486 (Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 e ...)
	{DSA-4380-1 DSA-4379-1 DLA-1664-1}
	- golang-1.12 1.12~beta2-2 (bug #920548)
	- golang-1.11 1.11.5-1
	- golang-1.10 <removed>
	- golang-1.8 <removed>
	- golang-1.7 <removed>
	- golang <removed>
	NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/mVeX35iXuSw
	NOTE: https://golang.org/issue/29903
	NOTE: https://github.com/golang/go/commit/42b42f71
CVE-2019-6485 (Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60 ...)
	NOT-FOR-US: Citrix
CVE-2019-6484
	RESERVED
CVE-2018-20735 (** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11. ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2018-20734
	RESERVED
CVE-2019-6338 (In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...)
	{DSA-4370-1 DLA-1685-1}
	- drupal7 <removed>
	NOTE: https://www.drupal.org/sa-core-2019-001
CVE-2019-6339 (In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...)
	{DSA-4370-1 DLA-1659-1}
	- drupal7 <removed>
	NOTE: https://www.drupal.org/sa-core-2019-002
CVE-2019-6483
	RESERVED
CVE-2019-6482
	RESERVED
CVE-2019-6481 (Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor  ...)
	NOT-FOR-US: Abine Blur
CVE-2019-6480
	RESERVED
CVE-2019-6479
	REJECTED
CVE-2019-6478
	REJECTED
CVE-2019-6477 (With pipelining enabled each incoming query on a TCP connection requir ...)
	- bind9 1:9.11.14+dfsg-1 (bug #945171)
	[buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u1
	[stretch] - bind9 <not-affected> (Vulnerable code not present, no TCP pipelining support)
	[jessie] - bind9 <not-affected> (Vulnerable code not present)
	NOTE: https://kb.isc.org/docs/cve-2019-6477
CVE-2019-6476 (A defect in code added to support QNAME minimization can cause named t ...)
	- bind9 <not-affected> (Vulnerable code not present)
	NOTE: https://kb.isc.org/docs/cve-2019-6476
CVE-2019-6475 (Mirror zones are a BIND feature allowing recursive servers to pre-cach ...)
	- bind9 <not-affected> (Vulnerable code not present)
	NOTE: https://kb.isc.org/docs/cve-2019-6475
CVE-2019-6474 (A missing check on incoming client requests can be exploited to cause  ...)
	- isc-kea 1.7.5-1 (bug #936040)
	[stretch] - isc-kea <no-dsa> (Minor issue)
	NOTE: https://kb.isc.org/docs/cve-2019-6474
CVE-2019-6473 (An invalid hostname option can trigger an assertion failure in the Kea ...)
	- isc-kea 1.7.5-1 (bug #936040)
	[stretch] - isc-kea <no-dsa> (Minor issue)
	NOTE: https://kb.isc.org/docs/cve-2019-6473
CVE-2019-6472 (A packet containing a malformed DUID can cause the Kea DHCPv6 server p ...)
	- isc-kea 1.7.5-1 (bug #936040)
	[stretch] - isc-kea <no-dsa> (Minor issue)
	NOTE: https://kb.isc.org/docs/cve-2019-6472
CVE-2019-6471 (A race condition which may occur when discarding malformed packets can ...)
	- bind9 1:9.11.5.P4+dfsg-5.1 (bug #930746)
	[stretch] - bind9 <not-affected> (Only affects 9.11 and later)
	[jessie] - bind9 <not-affected> (Only affects 9.11 and later)
	NOTE: https://kb.isc.org/v1/docs/cve-2019-6471
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/60c42f849d520564ed42e5ed0ba46b4b69c07712 (master)
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb80d4a609b86427406d9dd783199920b5b (v9_11)
CVE-2019-6470 (There had existed in one of the ISC BIND libraries a bug in a function ...)
	- isc-dhcp 4.4.1-2 (bug #896122)
	[stretch] - isc-dhcp <ignored> (Issue triggerable only when build against bind >= 9.11.3)
	[jessie] - isc-dhcp <ignored> (Issue triggerable only when build against bind >= 9.11.3)
	NOTE: https://bugs.isc.org/Public/Ticket/Display.html?id=48804
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1641246
	NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/isc-dhcp/%2Bbug/1781699
	NOTE: Issue is caused by https://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e
	NOTE: isc-dhcp builds against system bind library, and commit for upstream
	NOTE: issue 4829 is first introduced in 9.11.3+dfsg-1. The underlying issue
	NOTE: is only uncovered when build gainst versions >= 9.11.3.
CVE-2019-6469 (An error in the EDNS Client Subnet (ECS) feature for recursive resolve ...)
	- bind9 <not-affected> (Only affects Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/docs/cve-2019-6469
CVE-2019-6468 (In BIND Supported Preview Edition, an error in the nxdomain-redirect f ...)
	- bind9 <not-affected> (Only affects Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/docs/cve-2019-6468
CVE-2019-6467 (A programming error in the nxdomain-redirect feature can cause an asse ...)
	- bind9 <not-affected> (Vulnerable code only present in 9.12 onwards)
	NOTE: https://kb.isc.org/docs/cve-2019-6467
CVE-2019-6466
	REJECTED
CVE-2019-6465 (Controls for zone transfers may not be properly applied to Dynamically ...)
	{DSA-4440-1 DLA-1697-1}
	- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922955)
	NOTE: https://kb.isc.org/docs/cve-2019-6465
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a9307de85e147f4756c75d15aa221d2262df7d67
CVE-2019-6464
	RESERVED
CVE-2019-6463
	RESERVED
CVE-2018-20733 (BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows ...)
	NOT-FOR-US: SAS Web Infrastructure Platform
CVE-2018-20732 (SAS Web Infrastructure Platform before 9.4M6 allows remote attackers t ...)
	NOT-FOR-US: SAS Web Infrastructure Platform
CVE-2018-20731 (A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp ...)
	NOT-FOR-US: NeDi
CVE-2018-20730 (A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to ...)
	NOT-FOR-US: NeDi
CVE-2018-20729 (A reflected cross site scripting (XSS) vulnerability in NeDi before 1. ...)
	NOT-FOR-US: NeDi
CVE-2018-20728 (A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp ...)
	NOT-FOR-US: NeDi
CVE-2018-20727 (Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow ...)
	NOT-FOR-US: NeDi
CVE-2015-9281 (Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows r ...)
	NOT-FOR-US: SAS Web Infrastructure Platform
CVE-2019-6462 (An issue was discovered in cairo 1.16.0. There is an infinite loop in  ...)
	- cairo <unfixed> (low; bug #929945)
	[buster] - cairo <no-dsa> (Minor issue)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/353
CVE-2019-6461 (An issue was discovered in cairo 1.16.0. There is an assertion problem ...)
	- cairo <unfixed> (low; bug #929944)
	[buster] - cairo <no-dsa> (Minor issue)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/352
CVE-2019-6460 (An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-6459 (An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-6458 (An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-6457 (An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-6456 (An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-6455 (An issue was discovered in GNU Recutils 1.8. There is a double-free pr ...)
	- recutils <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2019-6454 (An issue was discovered in sd-bus in systemd 239. bus_process_object() ...)
	{DSA-4393-1 DLA-1684-1}
	- systemd 240-6
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/18/3
	NOTE: https://github.com/systemd/systemd/commit/798ebaf9aea9b8ae3b8a0cc2702bc8de71acb3c6
	NOTE: https://github.com/systemd/systemd/commit/6d586a13717ae057aa1b4127400c3de61cd5b9e7
	NOTE: https://github.com/systemd/systemd/commit/f519a19bcd5afe674a9b8fc462cd77d8bad403c1
CVE-2019-6453 (mIRC before 7.55 allows remote command execution by using argument inj ...)
	NOT-FOR-US: mIRC
CVE-2019-6452 (Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remo ...)
	NOT-FOR-US: Kyocera Command Center
CVE-2019-6451 (On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthe ...)
	NOT-FOR-US: SOYAL AR-727H and AR-829Ev5 devices
CVE-2019-6450
	RESERVED
CVE-2019-6449
	RESERVED
CVE-2019-6448
	RESERVED
CVE-2019-6447 (The ES File Explorer File Manager application through 4.1.9.7.4 for An ...)
	NOT-FOR-US: ES File Explorer File Manager application
CVE-2018-20726 (A cross-site scripting (XSS) vulnerability exists in host.php (via tre ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
	NOTE: https://github.com/Cacti/cacti/issues/2213
CVE-2018-20725 (A cross-site scripting (XSS) vulnerability exists in graph_templates.p ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
	NOTE: https://github.com/Cacti/cacti/issues/2214
CVE-2018-20724 (A cross-site scripting (XSS) vulnerability exists in pollers.php in Ca ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
	NOTE: https://github.com/Cacti/cacti/issues/2212
CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templates.p ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
	NOTE: https://github.com/Cacti/cacti/issues/2215
CVE-2018-20722
	RESERVED
CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...)
	{DLA-1682-1}
	- uriparser 0.9.1-1 (low)
	[stretch] - uriparser <no-dsa> (Minor issue)
	NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
CVE-2015-9280 (MailEnable before 8.60 allows XXE via an XML document in the request.a ...)
	NOT-FOR-US: MailEnable
CVE-2015-9279 (MailEnable before 8.60 allows Stored XSS via malformed use of "&lt;img ...)
	NOT-FOR-US: MailEnable
CVE-2015-9278 (MailEnable before 8.60 allows Privilege Escalation because admin accou ...)
	NOT-FOR-US: MailEnable
CVE-2015-9277 (MailEnable before 8.60 allows Directory Traversal for reading the mess ...)
	NOT-FOR-US: MailEnable
CVE-2015-9276 (SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2019-6446
	- python-numpy 1:1.10.4-1
	[jessie] - python-numpy <no-dsa> (Minor issue)
	NOTE: https://github.com/numpy/numpy/issues/12759
	NOTE: For upstream this works as intended and is documented.
	NOTE: https://github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb
	NOTE: added support to disable use of picke in load/save, marking that as the fixed
	NOTE: version. The use of that is at the discretion of anyone using numpy
	NOTE: Further discussion at https://github.com/numpy/numpy/pull/12889
CVE-2019-6445 (An issue was discovered in NTPsec before 1.1.3. An authenticated attac ...)
	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
	NOTE: https://gitlab.com/NTPsec/ntpsec/issues/509
	NOTE: https://gitlab.com/NTPsec/ntpsec/commit/acb2ecdcabad2ab42e9c6352999e174dd102eb3f
CVE-2019-6444 (An issue was discovered in NTPsec before 1.1.3. process_control() in n ...)
	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
CVE-2019-6443 (An issue was discovered in NTPsec before 1.1.3. Because of a bug in ct ...)
	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
CVE-2019-6442 (An issue was discovered in NTPsec before 1.1.3. An authenticated attac ...)
	- ntpsec 1.1.3+dfsg1-1 (bug #919513)
CVE-2019-6441 (An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0 ...)
	NOT-FOR-US: Shenzhen Coship devices
CVE-2019-6440 (Zemana AntiMalware before 3.0.658 Beta mishandles update logic. ...)
	NOT-FOR-US: Zemana AntiMalware
CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through  ...)
	- wolfssl 4.1.0+dfsg-1 (unimportant)
	NOTE: https://github.com/wolfSSL/wolfssl/issues/2032
	NOTE: Issue only in example code
CVE-2019-6438 (SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bi ...)
	{DLA-2143-1}
	- slurm-llnl 18.08.5.2-1 (low; bug #920997)
	[stretch] - slurm-llnl 16.05.9-1+deb9u3
	NOTE: https://www.schedmd.com/news.php?id=213
	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html
	NOTE: https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda
	NOTE: https://github.com/SchedMD/slurm/commit/a8159065d1a57d6eadf802efa6837ebf4e56f671
CVE-2019-6437
	RESERVED
CVE-2019-6436
	RESERVED
CVE-2019-6435
	RESERVED
CVE-2019-6434
	RESERVED
CVE-2019-6433
	RESERVED
CVE-2019-6432
	RESERVED
CVE-2019-6431
	RESERVED
CVE-2019-6430
	RESERVED
CVE-2019-6429
	RESERVED
CVE-2019-6428
	RESERVED
CVE-2019-6427
	RESERVED
CVE-2019-6426
	RESERVED
CVE-2019-6425
	RESERVED
CVE-2019-6424
	RESERVED
CVE-2019-6423
	RESERVED
CVE-2019-6422
	RESERVED
CVE-2019-6421
	RESERVED
CVE-2019-6420
	RESERVED
CVE-2019-6419
	RESERVED
CVE-2019-6418
	RESERVED
CVE-2019-6417
	RESERVED
CVE-2019-6416
	RESERVED
CVE-2019-6415
	RESERVED
CVE-2019-6414
	RESERVED
CVE-2019-6413
	RESERVED
CVE-2019-6412
	RESERVED
CVE-2019-6411
	RESERVED
CVE-2019-6410
	RESERVED
CVE-2019-6409
	RESERVED
CVE-2019-6408
	RESERVED
CVE-2019-6407
	RESERVED
CVE-2019-6406
	RESERVED
CVE-2019-6405
	RESERVED
CVE-2019-6404
	RESERVED
CVE-2019-6403
	RESERVED
CVE-2019-6402
	RESERVED
CVE-2019-6401
	RESERVED
CVE-2019-6400
	RESERVED
CVE-2019-6399
	RESERVED
CVE-2019-6398
	RESERVED
CVE-2019-6397
	RESERVED
CVE-2019-6396
	RESERVED
CVE-2019-6395
	RESERVED
CVE-2019-6394
	RESERVED
CVE-2019-6393
	RESERVED
CVE-2019-6392
	RESERVED
CVE-2019-6391
	RESERVED
CVE-2019-6390
	RESERVED
CVE-2019-6389
	RESERVED
CVE-2019-6388
	RESERVED
CVE-2019-6387
	RESERVED
CVE-2019-6386
	RESERVED
CVE-2019-6385
	RESERVED
CVE-2019-6384
	RESERVED
CVE-2019-6383
	RESERVED
CVE-2019-6382
	RESERVED
CVE-2019-6381
	RESERVED
CVE-2019-6380
	RESERVED
CVE-2019-6379
	RESERVED
CVE-2019-6378
	RESERVED
CVE-2019-6377
	RESERVED
CVE-2019-6376
	RESERVED
CVE-2019-6375
	RESERVED
CVE-2019-6374
	RESERVED
CVE-2019-6373
	RESERVED
CVE-2019-6372
	RESERVED
CVE-2019-6371
	RESERVED
CVE-2019-6370
	RESERVED
CVE-2019-6369
	RESERVED
CVE-2019-6368
	RESERVED
CVE-2019-6367
	RESERVED
CVE-2019-6366
	RESERVED
CVE-2019-6365
	RESERVED
CVE-2019-6364
	RESERVED
CVE-2019-6363
	RESERVED
CVE-2019-6362
	RESERVED
CVE-2019-6361
	RESERVED
CVE-2019-6360
	RESERVED
CVE-2019-6359
	RESERVED
CVE-2019-6358
	RESERVED
CVE-2019-6357
	RESERVED
CVE-2019-6356
	RESERVED
CVE-2019-6355
	RESERVED
CVE-2019-6354
	RESERVED
CVE-2019-6353
	RESERVED
CVE-2019-6352
	RESERVED
CVE-2019-6351
	RESERVED
CVE-2019-6350
	RESERVED
CVE-2019-6349
	RESERVED
CVE-2019-6348
	RESERVED
CVE-2019-6347
	RESERVED
CVE-2019-6346
	RESERVED
CVE-2019-6345
	RESERVED
CVE-2019-6344
	RESERVED
CVE-2019-6343
	RESERVED
CVE-2019-6342 (An access bypass vulnerability exists when the experimental Workspaces ...)
	- drupal7 <not-affected> (Drupal 7 not affected)
	NOTE: https://www.drupal.org/sa-core-2019-008
CVE-2019-6340 (Some field types do not properly sanitize data from non-form sources i ...)
	- drupal7 <not-affected> (Drupal 7 core not affected)
	NOTE: https://www.drupal.org/sa-core-2019-003
CVE-2019-6337 (For the printers listed a maliciously crafted print file might cause c ...)
	NOT-FOR-US: HP Inkjet printers
CVE-2019-6336
	RESERVED
CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...)
	NOT-FOR-US: Samsung Laser Printers
CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Prin ...)
	NOT-FOR-US: HP printers
CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...)
	NOT-FOR-US: HP Touchpoint Analytics
CVE-2019-6332 (A potential security vulnerability has been identified with certain HP ...)
	NOT-FOR-US: HP InkJet printers
CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions prior to ...)
	NOT-FOR-US: HP
CVE-2019-6330 (A potential security vulnerability has been identified in the software ...)
	NOT-FOR-US: HP Access Control
CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
	NOT-FOR-US: HP Support Assistant
CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
	NOT-FOR-US: HP Support Assistant
CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
	NOT-FOR-US: HP
CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
	NOT-FOR-US: HP
CVE-2019-6325 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
	NOT-FOR-US: HP
CVE-2019-6324 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
	NOT-FOR-US: HP
CVE-2019-6323 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...)
	NOT-FOR-US: HP
CVE-2019-6322 (HP has identified a security vulnerability with some versions of Works ...)
	NOT-FOR-US: HP
CVE-2019-6321 (HP has identified a security vulnerability with some versions of Works ...)
	NOT-FOR-US: HP
CVE-2019-6320 (Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4 ...)
	NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models
CVE-2019-6319 (HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K ...)
	NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models
CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP L ...)
	NOT-FOR-US: HP
CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
	NOT-FOR-US: ABB Relion 630 devices
CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. ...)
	NOT-FOR-US: Zenbership
CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[bo ...)
	- serendipity <removed>
CVE-2018-20743 (murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple  ...)
	{DSA-4402-1 DLA-1661-1}
	- mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249)
	NOTE: https://github.com/mumble-voip/mumble/issues/3505
	NOTE: https://github.com/mumble-voip/mumble/pull/3510
	NOTE: https://github.com/mumble-voip/mumble/pull/3512
CVE-2019-6317
	RESERVED
CVE-2019-6316
	RESERVED
CVE-2019-6315
	RESERVED
CVE-2019-6314
	RESERVED
CVE-2019-6313
	RESERVED
CVE-2019-6312
	RESERVED
CVE-2019-6311
	RESERVED
CVE-2019-6310
	RESERVED
CVE-2019-6309
	RESERVED
CVE-2019-6308
	RESERVED
CVE-2019-6307
	RESERVED
CVE-2019-6306
	RESERVED
CVE-2019-6305
	RESERVED
CVE-2019-6304
	RESERVED
CVE-2019-6303
	RESERVED
CVE-2019-6302
	RESERVED
CVE-2019-6301
	RESERVED
CVE-2019-6300
	RESERVED
CVE-2019-6299
	RESERVED
CVE-2019-6298
	RESERVED
CVE-2019-6297
	RESERVED
CVE-2019-6296 (Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id pa ...)
	NOT-FOR-US: Cleanto
CVE-2019-6295 (Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.p ...)
	NOT-FOR-US: Cleanto
CVE-2019-6294 (An issue was discovered in EasyCMS 1.5. There is CSRF via the index.ph ...)
	NOT-FOR-US: EasyCMS
CVE-2018-20719 (In Tiki before 17.2, the user task component is vulnerable to a SQL In ...)
	- tikiwiki <removed>
CVE-2018-20718 (In Pydio before 8.2.2, an attack is possible via PHP Object Injection  ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-20717 (In the orders section of PrestaShop before 1.7.2.5, an attack is possi ...)
	NOT-FOR-US: PrestaShop
CVE-2018-20716 (CubeCart before 6.1.13 has SQL Injection via the validate[] parameter  ...)
	NOT-FOR-US: CubeCart
CVE-2018-20715 (The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL in ...)
	NOT-FOR-US: OXID eSales
CVE-2018-20714 (The logging system of the Automattic WooCommerce plugin before 3.4.6 f ...)
	NOT-FOR-US: Automattic WooCommerce plugin for WordPress
CVE-2018-20713 (Shopware before 5.4.3 allows SQL Injection by remote authenticated use ...)
	NOT-FOR-US: Shopware
CVE-2017-18358 (LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (a ...)
	- limesurvey <itp> (bug #472802)
CVE-2017-18357 (Shopware before 5.3.4 has a PHP Object Instantiation issue via the sor ...)
	NOT-FOR-US: Shopware
CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an at ...)
	NOT-FOR-US: Automattic WooCommerce plugin for WordPress
CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in nf ...)
	- flex <unfixed> (low; bug #919428)
	[buster] - flex <no-dsa> (Minor issue)
	[stretch] - flex <no-dsa> (Minor issue)
	[jessie] - flex <no-dsa> (Minor issue)
	NOTE: https://github.com/westes/flex/issues/414
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYam ...)
	- yaml-cpp 0.6.3-1 (low; bug #919430)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <no-dsa> (Minor issue)
	- yaml-cpp0.3 <removed>
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/657
CVE-2019-6291 (An issue was discovered in the function expr6 in eval.c in Netwide Ass ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392549
	NOTE: Crash in CLI tool, no security impact
CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide Assemb ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392548
	NOTE: Crash in CLI tool, no security impact
CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows  ...)
	NOT-FOR-US: DedeCMS
CVE-2019-6288
	RESERVED
CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued access  ...)
	NOT-FOR-US: Rancher
CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
	- libsass 3.5.5-3 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2815
CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibY ...)
	- yaml-cpp 0.6.3-1 (low; bug #919432)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <no-dsa> (Minor issue)
	- yaml-cpp0.3 <removed>
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/660
CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
	- libsass 3.5.5-3 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2816
CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
	- libsass 3.5.5-3 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2814
CVE-2019-6282 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
	NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices
CVE-2019-6281
	RESERVED
CVE-2019-6280
	RESERVED
CVE-2019-6279 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
	NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices
CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
	NOTE: binutils not covered by security support
CVE-2018-20711
	RESERVED
CVE-2018-20710
	REJECTED
CVE-2018-20709
	RESERVED
CVE-2018-20708
	RESERVED
CVE-2019-6278 (XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with ...)
	NOT-FOR-US: JPress
CVE-2019-6277
	RESERVED
CVE-2019-6276
	RESERVED
CVE-2019-6275 (Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-L ...)
	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
CVE-2019-6274 (Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M- ...)
	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
CVE-2019-6273 (download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 all ...)
	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
CVE-2019-6272 (Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite ...)
	NOT-FOR-US: GL.iNet GL-AR300M-Lite devices
CVE-2019-6271
	RESERVED
CVE-2019-6270
	RESERVED
CVE-2019-6269
	RESERVED
CVE-2019-6268
	RESERVED
CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPre ...)
	NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affe ...)
	NOT-FOR-US: Cordaware bestinformed
CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed M ...)
	NOT-FOR-US: Cordaware bestinformed
CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping i ...)
	NOT-FOR-US: Joomla!
CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of  ...)
	NOT-FOR-US: Joomla!
CVE-2019-6262 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of  ...)
	NOT-FOR-US: Joomla!
CVE-2019-6261 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping i ...)
	NOT-FOR-US: Joomla!
CVE-2019-6260 (The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) ha ...)
	NOT-FOR-US: ASPEED
CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injec ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-20707
	RESERVED
CVE-2018-20706
	RESERVED
CVE-2018-20705
	RESERVED
CVE-2018-20704
	RESERVED
CVE-2019-6258
	RESERVED
CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder before  ...)
	NOT-FOR-US: elFinder
CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Medi ...)
	{DSA-4408-1 DLA-1690-1}
	- liblivemedia 2018.11.26-1 (bug #919529)
	NOTE: https://github.com/rgaufman/live555/issues/19
CVE-2019-6255
	RESERVED
CVE-2019-6254
	RESERVED
CVE-2019-6253
	RESERVED
CVE-2019-6252
	RESERVED
CVE-2019-6251 (WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to add ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://gitlab.gnome.org/GNOME/epiphany/issues/532
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=194131
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=194208
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-6249 (An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: HuCart
CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ libz ...)
	{DSA-4368-1}
	- zeromq3 4.3.1-1 (bug #919098)
	[jessie] - zeromq3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/zeromq/libzmq/issues/3351
CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 ...)
	NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script
CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
	- svgpp <unfixed> (unimportant; bug #919321)
	NOTE: https://github.com/svgpp/svgpp/issues/70
	NOTE: Issue only in src:svgpp which does not call the AGG-API in correct way.
	NOTE: No security impact, only used to build examples, see #921097
CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the  ...)
	- svgpp 1.2.3+dfsg1-5 (bug #919321)
	NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
	{DLA-1656-1}
	- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
	[stretch] - agg <no-dsa> (Minor issue)
	- svgpp <unfixed> (unimportant; bug #919321)
	NOTE: https://github.com/svgpp/svgpp/issues/70
	NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
	NOTE: and possibly already fixed with the inclusion of 05-fix-recursion-crash.patch
	NOTE: in 2.5+dfsg1-3.
	NOTE: No security impact on svgpp, only used to build examples, see #921097
CVE-2018-20703 (CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. ...)
	NOT-FOR-US: CubeCart
CVE-2018-20702
	RESERVED
CVE-2018-20701
	RESERVED
CVE-2018-20700
	RESERVED
CVE-2019-6244 (An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t ...)
	NOT-FOR-US: UsualToolCMS
CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin ...)
	NOT-FOR-US: Frog CMS
CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read t ...)
	NOT-FOR-US: Kentico
CVE-2019-6241 (In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined wi ...)
	NOT-FOR-US: Bevywise MQTTRoute
CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.7+dfsg-1 (bug #919822)
	NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial of servi ...)
	- docker.io 18.09.1+dfsg1-2 (unimportant)
	NOTE: https://github.com/docker/engine/pull/70
	NOTE: https://github.com/moby/moby/pull/37967
	NOTE: Negligible security impact
CVE-2019-6239 (This issue was addressed with improved handling of file metadata. This ...)
	NOT-FOR-US: Apple
CVE-2019-6238
	RESERVED
CVE-2019-6237 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-6236 (A race condition existed during the installation of iCloud for Windows ...)
	NOT-FOR-US: Apple
CVE-2019-6235 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-6234 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6233 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6232 (A race condition existed during the installation of iTunes for Windows ...)
	NOT-FOR-US: Apple
CVE-2019-6231 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-6230 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2019-6229 (A logic issue was addressed with improved validation. This issue is fi ...)
	- webkit2gtk 2.22.5-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6228 (A cross-site scripting issue existed in Safari. This issue was address ...)
	NOT-FOR-US: Apple Safari
CVE-2019-6227 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.5-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6226 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6225 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-6224 (A buffer overflow issue was addressed with improved memory handling. T ...)
	NOT-FOR-US: Apple
CVE-2019-6223 (A logic issue existed in the handling of Group FaceTime calls. The iss ...)
	NOT-FOR-US: Apple
CVE-2019-6222 (A consistency issue was addressed with improved state handling. This i ...)
	NOT-FOR-US: Apple
CVE-2019-6221 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-6220 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-6219 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2019-6218 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-6217 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.5-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6216 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.5-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6215 (A type confusion issue was addressed with improved memory handling. Th ...)
	- webkit2gtk 2.22.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6214 (A type confusion issue was addressed with improved memory handling. Th ...)
	NOT-FOR-US: Apple
CVE-2019-6213 (A buffer overflow was addressed with improved bounds checking. This is ...)
	NOT-FOR-US: Apple
CVE-2019-6212 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2019-6211 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2019-6210 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2019-6209 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2019-6208 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2019-6207 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2019-6206 (An issue existed with autofill resuming after it was canceled. The iss ...)
	NOT-FOR-US: autofill in iOS
CVE-2019-6205 (A memory corruption issue was addressed with improved lock state check ...)
	NOT-FOR-US: Apple
CVE-2019-6204 (A logic issue was addressed with improved validation. This issue is fi ...)
	NOT-FOR-US: Apple
CVE-2019-6203 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2019-6201 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.24.1-1
	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
	NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-6200 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2019-6199
	RESERVED
CVE-2019-6198
	RESERVED
CVE-2019-6197
	RESERVED
CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation packages, pr ...)
	NOT-FOR-US: Lenovo
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
	NOT-FOR-US: Lenovo
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
	NOT-FOR-US: Lenovo
CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...)
	NOT-FOR-US: Lenovo
CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...)
	NOT-FOR-US: Lenovo
CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...)
	NOT-FOR-US: Lenovo
CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...)
	NOT-FOR-US: Lenovo
CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
	NOT-FOR-US: Lenovo
CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
	NOT-FOR-US: Lenovo
CVE-2019-6187 (A stored CSV Injection vulnerability was reported in Lenovo XClarity C ...)
	NOT-FOR-US: Lenovo
CVE-2019-6186 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
	NOT-FOR-US: Lenovo
CVE-2019-6185
	RESERVED
CVE-2019-6184 (A potential vulnerability in the discontinued Customer Engagement Serv ...)
	NOT-FOR-US: Lenovo
CVE-2019-6183 (A denial of service vulnerability has been reported in Lenovo Energy M ...)
	NOT-FOR-US: Lenovo
CVE-2019-6182 (A stored CSV Injection vulnerability was reported in Lenovo XClarity A ...)
	NOT-FOR-US: Lenovo
CVE-2019-6181 (A reflected cross-site scripting (XSS) vulnerability was reported in L ...)
	NOT-FOR-US: Lenovo
CVE-2019-6180 (A stored cross-site scripting (XSS) vulnerability was reported in Leno ...)
	NOT-FOR-US: Lenovo
CVE-2019-6179 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
	NOT-FOR-US: Lenovo
CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...)
	NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003,  ...)
	NOT-FOR-US: Lenovo
CVE-2019-6176 (A potential vulnerability reported in ThinkPad USB-C Dock Firmware ver ...)
	NOT-FOR-US: Lenovo
CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System Update ...)
	NOT-FOR-US: Lenovo
CVE-2019-6174
	RESERVED
CVE-2019-6173 (A DLL search path vulnerability could allow privilege escalation in so ...)
	NOT-FOR-US: Lenovo
CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo  ...)
	NOT-FOR-US: Lenovo
CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...)
	NOT-FOR-US: Lenovo
CVE-2019-6170 (A potential vulnerability in some Lenovo ThinkPads may allow an attack ...)
	NOT-FOR-US: Lenovo
CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
	NOT-FOR-US: Lenovo Service Bridge
CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
	NOT-FOR-US: Lenovo Service Bridge
CVE-2019-6167 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
	NOT-FOR-US: Lenovo Service Bridge
CVE-2019-6166 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
	NOT-FOR-US: Lenovo Service Bridge
CVE-2019-6165 (A DLL search path vulnerability was reported in PaperDisplay Hotkey Se ...)
	NOT-FOR-US: Lenovo
CVE-2019-6164
	RESERVED
CVE-2019-6163 (A denial of service vulnerability was reported in Lenovo System Update ...)
	NOT-FOR-US: Lenovo System Update
CVE-2019-6162
	RESERVED
CVE-2019-6161 (An internal product security audit discovered a session handling vulne ...)
	NOT-FOR-US: Lenovo
CVE-2019-6160 (A vulnerability in various versions of Iomega and LenovoEMC NAS produc ...)
	NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6159 (A stored cross-site scripting (XSS) vulnerability exists in various fi ...)
	NOT-FOR-US: IBM
CVE-2019-6158 (An internal product security audit of Lenovo XClarity Administrator (L ...)
	NOT-FOR-US: Lenovo XClarity Administrator (LXCA)
CVE-2019-6157 (In various firmware versions of Lenovo System x, the integrated manage ...)
	NOT-FOR-US: Lenovo
CVE-2019-6156 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
	NOT-FOR-US: Lenovo
CVE-2019-6155 (A potential vulnerability was found in an SMI handler in various BIOS  ...)
	NOT-FOR-US: Lenovo
CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable Genera ...)
	NOT-FOR-US: Lenovo
CVE-2019-6153
	REJECTED
CVE-2019-6152
	REJECTED
CVE-2019-6151
	REJECTED
CVE-2019-6150
	REJECTED
CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dynamic ...)
	NOT-FOR-US: Lenovo
CVE-2019-6148
	RESERVED
CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower than 6 ...)
	NOT-FOR-US: Forcepoint NGFW Security Management Center
CVE-2019-6146 (It has been reported that cross-site scripting (XSS) is possible in Fo ...)
	NOT-FOR-US: Forcepoint Web Security
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...)
	NOT-FOR-US: Forcepoint
CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable the For ...)
	NOT-FOR-US: Forcepoint
CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
	NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW)
CVE-2019-6142 (It has been reported that XSS is possible in Forcepoint Email Security ...)
	NOT-FOR-US: Forcepoint
CVE-2019-6141
	RESERVED
CVE-2019-6140 (A configuration issue has been discovered in Forcepoint Email Security ...)
	NOT-FOR-US: Forcepoint Email Security
CVE-2019-6139 (Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbi ...)
	NOT-FOR-US: Forcepoint User ID (FUID) server
CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memor ...)
	NOT-FOR-US: libIEC61850
CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in lin ...)
	NOT-FOR-US: lib60870
CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFil ...)
	NOT-FOR-US: libIEC61850
CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/me ...)
	NOT-FOR-US: libIEC61850
CVE-2019-6134
	RESERVED
CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...)
	{DLA-1799-1 DLA-1644-1}
	- linux 4.19.16-1
	[stretch] - linux 4.9.161-1
	- policykit-1 0.105-25 (bug #918985)
	[stretch] - policykit-1 <no-dsa> (Minor issue, kernel mitigation will land in next 4.9.x rebase)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
	NOTE: Issue can be mitigated in kernel with
	NOTE: https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf (landed in 4.9.150)
CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory leak i ...)
	NOT-FOR-US: Bento4
CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack co ...)
	- mupdf 1.14.0+ds1-3 (bug #918970)
	[stretch] - mupdf <no-dsa> (Minor issue)
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700442
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b
CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fi ...)
	{DLA-1838-1}
	- mupdf 1.14.0+ds1-3 (bug #918971)
	[stretch] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a  ...)
	- libpng1.6 <unfixed> (unimportant)
	- libpng <removed> (unimportant)
	NOTE: https://github.com/glennrp/libpng/issues/269
	NOTE: Memory leak in CLI tool, no security impact
CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...)
	{DLA-2009-1}
	- tiff 4.0.10-4 (bug #921157; unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2836
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
CVE-2019-6127 (An issue was discovered in XiaoCms 20141229. It allows admin/index.php ...)
	NOT-FOR-US: XiaoCms
CVE-2019-6126 (The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1 ...)
	NOT-FOR-US: Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script
CVE-2019-6125
	RESERVED
CVE-2019-6124
	RESERVED
CVE-2019-6123
	RESERVED
CVE-2019-6122 (A Username Enumeration via Error Message issue was discovered in NiceH ...)
	NOT-FOR-US: NiceHash Miner
CVE-2019-6121 (An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Auth ...)
	NOT-FOR-US: NiceHash Miner
CVE-2019-6120 (An issue was discovered in NiceHash Miner before 2.0.3.0. A missing ra ...)
	NOT-FOR-US: NiceHash Miner
CVE-2019-6119
	RESERVED
CVE-2019-6118
	RESERVED
CVE-2019-6117 (The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via t ...)
	NOT-FOR-US: wpape APE GALLERY plugin for WordPress
CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...)
	{DSA-4372-1 DLA-1670-1}
	- ghostscript 9.26a~dfsg-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700317
CVE-2019-6115
	RESERVED
CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An int ...)
	NOT-FOR-US: Corel PaintShop Pro
CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
	NOT-FOR-US: ONKYO
CVE-2019-6112
	RESERVED
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation  ...)
	{DSA-4387-2 DSA-4387-1 DLA-1728-1}
	- openssh 1:7.9p1-9 (bug #923486)
	NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
	NOTE: https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
	NOTE: https://github.com/openssh/openssh-portable/commit/3d896c157c722bc47adca51a58dca859225b5874
	NOTE: For unstable partially fixed in 1:7.9p1-6, applied complete fix in 1:7.9p1-9.
CVE-2019-6110 (In OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ...)
	- openssh <unfixed> (unimportant)
	NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
	NOTE: Not considered a vulnerability by upstream, cf.
	NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html
CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing character encod ...)
	{DSA-4387-1 DLA-1728-1}
	- openssh 1:7.9p1-6 (bug #793412)
	NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
	NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=2434
	NOTE: Patch: https://bugzilla.mindrot.org/attachment.cgi?id=3228
	NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
	NOTE: possibly additionally needed: https://github.com/openssh/openssh-portable/commit/bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb
CVE-2018-20698 (The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL  ...)
	NOT-FOR-US: floragunn Search Guard plugin for Kibana
CVE-2018-20697
	RESERVED
CVE-2018-20696
	RESERVED
CVE-2018-20695
	RESERVED
CVE-2018-20694
	RESERVED
CVE-2018-20693
	RESERVED
CVE-2018-20692
	RESERVED
CVE-2018-20691
	RESERVED
CVE-2018-20690
	RESERVED
CVE-2018-20689
	RESERVED
CVE-2018-20688
	RESERVED
CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...)
	NOT-FOR-US: Raritan CommandCenter Secure Gateway
CVE-2018-20686
	RESERVED
CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...)
	NOT-FOR-US: WinSCP
CVE-2017-1002157 (modulemd 1.3.1 and earlier uses an unsafe function for processing exte ...)
	NOT-FOR-US: modulemd
CVE-2017-1002152 (Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting  ...)
	NOT-FOR-US: Bodhi
CVE-2019-6108
	RESERVED
CVE-2019-6107
	RESERVED
CVE-2019-6106
	RESERVED
CVE-2019-6105
	RESERVED
CVE-2019-6104
	RESERVED
CVE-2019-6103
	RESERVED
CVE-2019-6102
	RESERVED
CVE-2019-6101
	RESERVED
CVE-2019-6100
	RESERVED
CVE-2019-6099
	RESERVED
CVE-2019-6098
	RESERVED
CVE-2019-6097
	RESERVED
CVE-2019-6096
	RESERVED
CVE-2019-6095
	RESERVED
CVE-2019-6094
	RESERVED
CVE-2019-6093
	RESERVED
CVE-2019-6092
	RESERVED
CVE-2019-6091
	RESERVED
CVE-2019-6090
	RESERVED
CVE-2019-6089
	RESERVED
CVE-2019-6088
	RESERVED
CVE-2019-6087
	RESERVED
CVE-2019-6086
	RESERVED
CVE-2019-6085
	RESERVED
CVE-2019-6084
	RESERVED
CVE-2019-6083
	RESERVED
CVE-2019-6082
	RESERVED
CVE-2019-6081
	RESERVED
CVE-2019-6080
	RESERVED
CVE-2019-6079
	RESERVED
CVE-2019-6078
	RESERVED
CVE-2019-6077
	RESERVED
CVE-2019-6076
	RESERVED
CVE-2019-6075
	RESERVED
CVE-2019-6074
	RESERVED
CVE-2019-6073
	RESERVED
CVE-2019-6072
	RESERVED
CVE-2019-6071
	RESERVED
CVE-2019-6070
	RESERVED
CVE-2019-6069
	RESERVED
CVE-2019-6068
	RESERVED
CVE-2019-6067
	RESERVED
CVE-2019-6066
	RESERVED
CVE-2019-6065
	RESERVED
CVE-2019-6064
	RESERVED
CVE-2019-6063
	RESERVED
CVE-2019-6062
	RESERVED
CVE-2019-6061
	RESERVED
CVE-2019-6060
	RESERVED
CVE-2019-6059
	RESERVED
CVE-2019-6058
	RESERVED
CVE-2019-6057
	RESERVED
CVE-2019-6056
	RESERVED
CVE-2019-6055
	RESERVED
CVE-2019-6054
	RESERVED
CVE-2019-6053
	RESERVED
CVE-2019-6052
	RESERVED
CVE-2019-6051
	RESERVED
CVE-2019-6050
	RESERVED
CVE-2019-6049
	RESERVED
CVE-2019-6048
	RESERVED
CVE-2019-6047
	RESERVED
CVE-2019-6046
	RESERVED
CVE-2019-6045
	RESERVED
CVE-2019-6044
	RESERVED
CVE-2019-6043
	RESERVED
CVE-2019-6042
	RESERVED
CVE-2019-6041
	RESERVED
CVE-2019-6040
	RESERVED
CVE-2019-6039
	RESERVED
CVE-2019-6038
	RESERVED
CVE-2019-6037
	RESERVED
CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 p ...)
	NOT-FOR-US: F-RevoCRM
CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...)
	NOT-FOR-US: Athenz
CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...)
	NOT-FOR-US: a-blog cms
CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior to Ver ...)
	NOT-FOR-US: a-blog cms
CVE-2019-6032 (The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates f ...)
	NOT-FOR-US: NTV News24
CVE-2019-6031 (Cross-site scripting vulnerability in KINZA for Windows version 5.9.2  ...)
	NOT-FOR-US: KINZA for Windows
CVE-2019-6030 (Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0 ...)
	NOT-FOR-US: Custom Body Class
CVE-2019-6029 (Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earl ...)
	NOT-FOR-US: Custom Body Class
CVE-2019-6028
	RESERVED
CVE-2019-6027 (Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1. ...)
	NOT-FOR-US: WP Spell Check Wordpress Plugin
CVE-2019-6026 (Privilege escalation vulnerability in Multiple MOTEX products (LanScop ...)
	NOT-FOR-US: MOTEX
CVE-2019-6025 (Open redirect vulnerability in Movable Type series Movable Type 7 r.46 ...)
	- movabletype-opensource <removed>
CVE-2019-6024 (Rakuma App for Android version 7.15.0 and earlier, and for iOS version ...)
	NOT-FOR-US: Rakuma App for Android
CVE-2019-6023 (Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers t ...)
	NOT-FOR-US: Cybozu Office
CVE-2019-6022 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 al ...)
	NOT-FOR-US: Cybozu Office
CVE-2019-6021 (Open redirect vulnerability in Library Information Management System L ...)
	NOT-FOR-US: Library Information Management System LIMEDIO
CVE-2019-6020 (Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x ...)
	NOT-FOR-US: PowerCMS
CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench installer all v ...)
	NOT-FOR-US: STAMP Workbench installer
CVE-2019-6018 (Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (Ne ...)
	NOT-FOR-US: NetCommons
CVE-2019-6017 (REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier ...)
	NOT-FOR-US: REMISE Payment Module
CVE-2019-6016 (Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.1 ...)
	NOT-FOR-US: REMISE Payment Module
CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firm ...)
	NOT-FOR-US: FON routers
CVE-2019-6014 (DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute  ...)
	NOT-FOR-US: DBA-1510P firmware
CVE-2019-6013 (DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers ...)
	NOT-FOR-US: DBA-1510P firmware
CVE-2019-6012 (SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 an ...)
	NOT-FOR-US: wpDataTables Lite
CVE-2019-6011 (Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 ...)
	NOT-FOR-US: wpDataTables Lite
CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...)
	NOT-FOR-US: LINE(Android)
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...)
	NOT-FOR-US: SHIRASAGI
CVE-2019-6008 (An unquoted search path vulnerability in Multiple Yokogawa products fo ...)
	NOT-FOR-US: Yokogawa
CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows  ...)
	NOT-FOR-US: apng-drawable
CVE-2019-6006
	RESERVED
CVE-2019-6005 (Smart TV Box firmware version prior to 1300 allows remote attackers to ...)
	NOT-FOR-US: Smart TV Box
CVE-2019-6004 (Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 ...)
	NOT-FOR-US: ApeosWare Management Suite
CVE-2019-6003 (Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugi ...)
	NOT-FOR-US: EC-CUBE
CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...)
	NOT-FOR-US: Central Dogma
CVE-2019-6001 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
	NOT-FOR-US: Canon
CVE-2019-6000 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
	NOT-FOR-US: Canon
CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
	NOT-FOR-US: Canon
CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
	NOT-FOR-US: Canon
CVE-2019-5997 (Video Insight VMS 7.5 and earlier allows remote attackers to conduct c ...)
	NOT-FOR-US: Video Insight VMS
CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earli ...)
	NOT-FOR-US: Video Insight VMS
CVE-2019-5995 (Missing authorization vulnerability exists in EOS series digital camer ...)
	NOT-FOR-US: Canon
CVE-2019-5994 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...)
	NOT-FOR-US: Canon
CVE-2019-5993 (Cross-site request forgery (CSRF) vulnerability in Category Specific R ...)
	NOT-FOR-US: Category Specific RSS feed Subscription
CVE-2019-5992 (Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Sim ...)
	NOT-FOR-US: WordPress Ultra Simple Paypal Shopping Cart
CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allow ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5990 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...)
	NOT-FOR-US: CGI An-Analyzer
CVE-2019-5989 (DOM-based cross-site scripting vulnerability in Access analysis CGI An ...)
	NOT-FOR-US: CGI An-Analyzer
CVE-2019-5988 (Stored cross-site scripting vulnerability in Access analysis CGI An-An ...)
	NOT-FOR-US: CGI An-Analyzer
CVE-2019-5987 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...)
	NOT-FOR-US: CGI An-Analyzer
CVE-2019-5986 (Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router ...)
	NOT-FOR-US: Hikari
CVE-2019-5985 (Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay ...)
	NOT-FOR-US: Hikari
CVE-2019-5984 (Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0. ...)
	NOT-FOR-US: Custom CSS Pro
CVE-2019-5983 (Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6  ...)
	NOT-FOR-US: HTML5 Maps
CVE-2019-5982 (Improper download file verification vulnerability in VAIO Update 7.3.0 ...)
	NOT-FOR-US: VAIO Update
CVE-2019-5981 (Improper authorization vulnerability in VAIO Update 7.3.0.03150 and ea ...)
	NOT-FOR-US: VAIO Update
CVE-2019-5980 (Cross-site request forgery (CSRF) vulnerability in Related YouTube Vid ...)
	NOT-FOR-US: Related YouTube Videos
CVE-2019-5979 (Cross-site request forgery (CSRF) vulnerability in Personalized WooCom ...)
	NOT-FOR-US: Personalized WooCommerce Cart Page
CVE-2019-5978 (Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows re ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5977 (Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 m ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5976 (Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative r ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5975 (DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5974 (Cross-site request forgery (CSRF) vulnerability in Contest Gallery ver ...)
	NOT-FOR-US: Contest Gallery
CVE-2019-5973 (Cross-site request forgery (CSRF) vulnerability in Online Lesson Booki ...)
	NOT-FOR-US: Online Lesson Booking
CVE-2019-5972 (Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and  ...)
	NOT-FOR-US: Online Lesson Booking
CVE-2019-5971 (Cross-site request forgery (CSRF) vulnerability in Attendance Manager  ...)
	NOT-FOR-US: Attendance Manager
CVE-2019-5970 (Cross-site scripting vulnerability in Attendance Manager 0.5.6 and ear ...)
	NOT-FOR-US: Attendance Manager
CVE-2019-5969 (Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote  ...)
	NOT-FOR-US: GROWI
CVE-2019-5968 (Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and ea ...)
	NOT-FOR-US: GROWI
CVE-2019-5967 (Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and ear ...)
	NOT-FOR-US: Joruri CMS
CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not properly manage sessions, which ...)
	NOT-FOR-US: Joruri Mail
CVE-2019-5965 (Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows re ...)
	NOT-FOR-US: Joruri Mail
CVE-2019-5964 (iDoors Reader 2.10.17 and earlier allows an attacker on the same netwo ...)
	NOT-FOR-US: iDoors Reader
CVE-2019-5963 (Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8  ...)
	NOT-FOR-US: Zoho SalesIQ
CVE-2019-5962 (Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier a ...)
	NOT-FOR-US: Zoho SalesIQ
CVE-2019-5961 (The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does  ...)
	NOT-FOR-US: Android App 'Tootdon for Mastodon'
CVE-2019-5960 (Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 ...)
	NOT-FOR-US: WP Open Graph
CVE-2019-5959
	RESERVED
CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...)
	NOT-FOR-US: Electronic reception and examination of application for radio licenses Offline
CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic recepti ...)
	NOT-FOR-US: Electronic reception and examination of application for radio licenses Online
CVE-2019-5956 (Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allow ...)
	NOT-FOR-US: WonderCMS
CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier allows re ...)
	NOT-FOR-US: CREATE SD official App for Android
CVE-2019-5954 (JR East Japan train operation information push notification App for An ...)
	NOT-FOR-US: JR East Japan train operation information push notification App for Android
CVE-2019-5953 (Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers ...)
	{DSA-4425-1 DLA-1760-1}
	- wget 1.20.1-1.1 (bug #926389)
	NOTE: https://jvn.jp/en/jp/JVN25261088/
	NOTE: https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html
	NOTE: https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html
	NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
	NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 (removed unneeded debug lines in fixing commit)
	NOTE: Fixed in 1.20.3
CVE-2019-5952
	RESERVED
CVE-2019-5951
	RESERVED
CVE-2019-5950
	RESERVED
CVE-2019-5949
	RESERVED
CVE-2019-5948
	RESERVED
CVE-2019-5947 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5946 (Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows re ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5945 (Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the use ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5944 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5943 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5942 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5941 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5940 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5939 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5938 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5937 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5936 (Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5935 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5934 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allow ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5933 (Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5932 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5931 (Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter t ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5930 (Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5929 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5928 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 an ...)
	NOT-FOR-US: 'an' App for iOS
CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5  ...)
	NOT-FOR-US: KinagaCMS
CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition Dradis  ...)
	NOT-FOR-US: Dradis
CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15  ...)
	NOT-FOR-US: Smart Forms
CVE-2019-5923 (Directory traversal vulnerability in iChain Insurance Wallet App for i ...)
	NOT-FOR-US: iChain Insurance Wallet App for iOS
CVE-2019-5922 (Untrusted search path vulnerability in The installer of Microsoft Team ...)
	NOT-FOR-US: Microsoft
CVE-2019-5921 (Untrusted search path vulnerability in Windows 7 allows an attacker to ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-5920 (Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and ...)
	NOT-FOR-US: FormCraft
CVE-2019-5919 (An incomplete cryptography of the data store function by using hidden  ...)
	NOT-FOR-US: Nablarch
CVE-2019-5918 (Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML ...)
	NOT-FOR-US: Nablarch
CVE-2019-5917 (azure-umqtt-c (available through GitHub prior to 2017 October 6) allow ...)
	NOT-FOR-US: azure-umqtt-c
CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and ea ...)
	NOT-FOR-US: POWER EGG
CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allow ...)
	NOT-FOR-US: OpenAM (different from src:openam)
CVE-2019-5914 (V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer  ...)
	NOT-FOR-US: V20 PRO L-01J
CVE-2019-5913 (Untrusted search path vulnerability in the installer of LHMelting (LHM ...)
	NOT-FOR-US: LHMelting
CVE-2019-5912 (Untrusted search path vulnerability in the installer of UNARJ32.DLL (U ...)
	NOT-FOR-US: Some Windows installer
CVE-2019-5911 (Untrusted search path vulnerability in the installer of UNLHA32.DLL (U ...)
	NOT-FOR-US: Some Windows installer
CVE-2019-5910 (Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and  ...)
	NOT-FOR-US: HOUSE GATE App for iOS
CVE-2019-5909 (License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6 ...)
	NOT-FOR-US: Yokogawa License Manager Service
CVE-2019-5908
	RESERVED
CVE-2019-5907
	RESERVED
CVE-2019-5906
	RESERVED
CVE-2019-5905
	RESERVED
CVE-2019-5904
	RESERVED
CVE-2019-5903
	RESERVED
CVE-2019-5902
	RESERVED
CVE-2019-5901
	RESERVED
CVE-2019-5900
	RESERVED
CVE-2019-5899
	RESERVED
CVE-2019-5898
	RESERVED
CVE-2019-5897
	RESERVED
CVE-2019-5896
	RESERVED
CVE-2019-5895
	RESERVED
CVE-2019-5894
	RESERVED
CVE-2019-5893 (Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/qu ...)
	NOT-FOR-US: Nelson Open Source ERP
CVE-2019-5892 (bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0. ...)
	- frr <not-affected> (Fixed before initial upload)
CVE-2019-5891 (An issue was discovered in OverIT Geocall 6.3 before build 2:346977. A ...)
	NOT-FOR-US: OverIT Geocall
CVE-2019-5890 (An issue was discovered in OverIT Geocall 6.3 before build 2:346977. W ...)
	NOT-FOR-US: OverIT Geocall
CVE-2019-5889 (An log-management directory traversal issue was discovered in OverIT G ...)
	NOT-FOR-US: OverIT Geocall
CVE-2019-5888 (Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 bef ...)
	NOT-FOR-US: OverIT Geocall
CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of th ...)
	NOT-FOR-US: ShopXO
CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the application\install\co ...)
	NOT-FOR-US: ShopXO
CVE-2019-5885 (Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentic ...)
	- matrix-synapse 0.34.1.1-1
	NOTE: https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/
	NOTE: https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks information if  ...)
	NOT-FOR-US: elFinder
CVE-2019-5883 (An Incorrect Access Control issue was discovered in GitLab Community a ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2019-5881 (Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865. ...)
	- chromium 78.0.3904.87-1
CVE-2019-5880 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5879 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5878 (Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5877 (Out of bounds memory access in JavaScript in Google Chrome prior to 77 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5876 (Use after free in media in Google Chrome on Android prior to 77.0.3865 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5875 (Insufficient data validation in downloads in Google Chrome prior to 77 ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5874 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5873 (Insufficient policy validation in navigation in Google Chrome on iOS p ...)
	- chromium <not-affected> (iOS specific issue)
CVE-2019-5872 (Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed  ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5871 (Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 al ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5870 (Use after free in media in Google Chrome prior to 77.0.3865.75 allowed ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5869 (Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowe ...)
	{DSA-4562-1}
	- chromium 78.0.3904.87-1
CVE-2019-5868 (Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allow ...)
	{DSA-4500-1}
	- chromium 76.0.3809.100-1
CVE-2019-5867 (Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.1 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.100-1
CVE-2019-5866 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...)
	- chromium 76.0.3809.71-1
CVE-2019-5865 (Insufficient policy enforcement in navigations in Google Chrome prior  ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5864 (Insufficient data validation in CORS in Google Chrome prior to 76.0.38 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5863
	RESERVED
	- chromium <not-affected> (Windows-specific)
CVE-2019-5862 (Insufficient data validation in AppCache in Google Chrome prior to 76. ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5861 (Insufficient data validation in Blink in Google Chrome prior to 76.0.3 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5860 (Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowe ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5859 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5858 (Incorrect security UI in MacOS services integration in Google Chrome o ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5857 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5856 (Insufficient policy enforcement in storage in Google Chrome prior to 7 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5855 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5854 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5853 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5852 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5851 (Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allo ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5850 (Use after free in offline mode in Google Chrome prior to 76.0.3809.87  ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5849 (Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allo ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
	- firefox 69.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-5849
CVE-2019-5848 (Incorrect font handling in autofill in Google Chrome prior to 75.0.377 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5847 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
	{DSA-4500-1}
	- chromium 76.0.3809.87-1
CVE-2019-5846 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5845 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5844 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5843 (Out of bounds memory access in JavaScript in Google Chrome prior to 74 ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5842 (Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed ...)
	{DSA-4500-1}
	- chromium 75.0.3770.90-1
CVE-2019-5841 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5840 (Incorrect security UI in popup blocker in Google Chrome on iOS prior t ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5839 (Excessive data validation in URL parser in Google Chrome prior to 75.0 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5838 (Insufficient policy enforcement in extensions API in Google Chrome pri ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5837 (Resource size information leakage in Blink in Google Chrome prior to 7 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5836 (Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 a ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5835 (Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3 ...)
	- chromium 75.0.3770.80-1
CVE-2019-5834 (Insufficient data validation in Blink in Google Chrome prior to 75.0.3 ...)
	{DSA-4500-1}
	- chromium <not-affected> (iOS-specific)
CVE-2019-5833 (Incorrect dialog box scoping in browser in Google Chrome on Android pr ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5832 (Insufficient policy enforcement in XMLHttpRequest in Google Chrome pri ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5831 (Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 al ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5830 (Insufficient policy enforcement in CORS in Google Chrome prior to 75.0 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5829 (Integer overflow in download manager in Google Chrome prior to 75.0.37 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5828 (Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
	- sqlite3 3.27.2-3
	[stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
	[jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
	NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
	NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
CVE-2019-5826 (Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 all ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5825 (Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683. ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to 74.0.3729.1 ...)
	{DSA-4500-1}
	- chromium 75.0.3770.80-1
CVE-2019-5823 (Insufficient policy enforcement in service workers in Google Chrome pr ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5822 (Inappropriate implementation in Blink in Google Chrome prior to 74.0.3 ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5821 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5820 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5819 (Insufficient data validation in developer tools in Google Chrome on OS ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5818 (Uninitialized data in media in Google Chrome prior to 74.0.3729.108 al ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5817 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74. ...)
	- chromium <not-affected> (Windows-specific)
CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android prior to  ...)
	- chromium <not-affected> (Android-specific issue)
CVE-2019-5815 (Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1. ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5814 (Insufficient policy enforcement in Blink in Google Chrome prior to 74. ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5813 (Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5812 (Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.1 ...)
	- chromium <not-affected> (iOS specific)
CVE-2019-5811 (Incorrect handling of CORS in ServiceWorker in Google Chrome prior to  ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5810 (Information leak in autofill in Google Chrome prior to 74.0.3729.108 a ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5809 (Use after free in file chooser in Google Chrome prior to 74.0.3729.108 ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5808 (Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowe ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5807 (Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 al ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5806 (Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.37 ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5805 (Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allow ...)
	{DSA-4500-1}
	- chromium 74.0.3729.108-1
CVE-2019-5804 (Incorrect command line processing in Chrome in Google Chrome prior to  ...)
	- chromium <not-affected> (Windows-specific)
CVE-2019-5803 (Insufficient policy enforcement in Content Security Policy in Google C ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5802 (Incorrect handling of download origins in Navigation in Google Chrome  ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5801 (Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to  ...)
	- chromium <not-affected> (iOS specific)
CVE-2019-5800 (Insufficient policy enforcement in Blink in Google Chrome prior to 73. ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5799 (Incorrect inheritance of a new document's policy in Content Security P ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ...)
	{DSA-4451-1 DSA-4448-1 DSA-4421-1 DLA-1806-1 DLA-1800-1}
	- chromium 73.0.3683.75-1
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
CVE-2019-5797
	RESERVED
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5796 (Data race in extensions guest view in Google Chrome prior to 73.0.3683 ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5795 (Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allo ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5794 (Incorrect handling of cancelled requests in Navigation in Google Chrom ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5793 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5792 (Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allo ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5791 (Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.7 ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5790 (An integer overflow leading to an incorrect capacity of a buffer in Ja ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5789 (An integer overflow that leads to a use-after-free in WebMIDI in Googl ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5788 (An integer overflow that leads to a use-after-free in Blink Storage in ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5787 (Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3 ...)
	{DSA-4421-1}
	- chromium 73.0.3683.75-1
CVE-2019-5786 (Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 ...)
	{DSA-4404-1}
	- chromium 72.0.3626.121-1
CVE-2019-5785 (Incorrect convexity calculations in Skia in Google Chrome prior to 72. ...)
	{DSA-4392-1 DSA-4391-1 DLA-1678-1 DLA-1677-1}
	- firefox 65.0.1-1
	- firefox-esr 60.5.1esr-1
	- thunderbird 1:60.5.1-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2019-5785
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785
CVE-2019-5784 (Incorrect handling of deferred code in V8 in Google Chrome prior to 72 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.109-1
CVE-2019-5783 (Missing URI encoding of untrusted input in DevTools in Google Chrome p ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5782 (Incorrect optimization assumptions in V8 in Google Chrome prior to 72. ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5781 (Incorrect handling of a confusable character in Omnibox in Google Chro ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5780 (Insufficient restrictions on what can be done with Apple Events in Goo ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5779 (Insufficient policy validation in ServiceWorker in Google Chrome prior ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5778 (A missing case for handling special schemes in permission request chec ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5777 (Incorrect handling of a confusable character in Omnibox in Google Chro ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5776 (Incorrect handling of a confusable character in Omnibox in Google Chro ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5775 (Incorrect handling of a confusable character in Omnibox in Google Chro ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5774 (Omission of the .desktop filetype from the Safe Browsing checklist in  ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5773 (Insufficient origin validation in IndexedDB in Google Chrome prior to  ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5772 (Sharing of objects over calls into JavaScript runtime in PDFium in Goo ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5771 (An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior ...)
	- chromium <not-affected> (chromium package does not build swiftshader)
CVE-2019-5770 (Insufficient input validation in WebGL in Google Chrome prior to 72.0. ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5769 (Incorrect handling of invalid end character position when front render ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5768 (DevTools API not correctly gating on extension capability in DevTools  ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5767 (Insufficient protection of permission UI in WebAPKs in Google Chrome o ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5766 (Incorrect handling of origin taint checking in Canvas in Google Chrome ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5765 (An exposed debugging endpoint in the browser in Google Chrome on Andro ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5764 (Incorrect pointer management in WebRTC in Google Chrome prior to 72.0. ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5763 (Failure to check error conditions in V8 in Google Chrome prior to 72.0 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5762 (Inappropriate memory management when caching in PDFium in Google Chrom ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5761 (Incorrect object lifecycle management in SwiftShader in Google Chrome  ...)
	- chromium <not-affected> (chromium package does not build swiftshader)
CVE-2019-5760 (Insufficient checks of pointer validity in WebRTC in Google Chrome pri ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5759 (Incorrect lifetime handling in HTML select elements in Google Chrome o ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5758 (Incorrect object lifecycle management in Blink in Google Chrome prior  ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5757 (An incorrect object type assumption in SVG in Google Chrome prior to 7 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5756 (Inappropriate memory management when caching in PDFium in Google Chrom ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5755 (Incorrect handling of negative zero in V8 in Google Chrome prior to 72 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2019-5754 (Implementation error in QUIC Networking in Google Chrome prior to 72.0 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1
CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...)
	{DSA-4387-1 DLA-1728-1}
	- openssh 1:7.9p1-5 (bug #919101)
	NOTE: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
	NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
CVE-2018-20682 (Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_ ...)
	NOT-FOR-US: Fork CMS
CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment allows phys ...)
	- mate-screensaver 1.20.2-1 (low)
	[stretch] - mate-screensaver <no-dsa> (Minor issue)
	[jessie] - mate-screensaver <not-affected> (Vulnerability only manifests when built against GTK-3.22)
	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/152
	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/155
	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/170
	NOTE: https://github.com/mate-desktop/mate-screensaver/pull/167
CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git Changelog P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins Crowd 2 Inte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins HipChat Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins HipChat Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins Email Ext ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in Jenkins Job C ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins Config Fi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins Config File Pro ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and earl ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier,  ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and earli ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...)
	NOT-FOR-US: Jenkins
CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for W ...)
	NOT-FOR-US: WordPress plugin social-pug
CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are ex ...)
	- irssi 1.1.2-1 (bug #918865)
	[stretch] - irssi <not-affected> (Vulnerable code not present)
	[jessie] - irssi <not-affected> (Vulnerable code not present)
	NOTE: https://irssi.org/security/irssi_sa_2019_01.txt
	NOTE: https://github.com/irssi/irssi/pull/948
	NOTE: https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38
	NOTE: Introduced with support for hidden lines in https://github.com/irssi/irssi/commit/8dfeca57ede1e726de07522a87203ce13676882d
CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsyn ...)
	- gitolite3 3.6.11-1 (bug #918849)
	[stretch] - gitolite3 <no-dsa> (Minor issue)
	[jessie] - gitolite3 <no-dsa> (Minor issue)
	- gitolite <removed>
	NOTE: https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
	NOTE: https://groups.google.com/forum/#!topic/gitolite-announce/6xbjjmpLePQ
CVE-2019-5753
	RESERVED
CVE-2019-5752
	RESERVED
CVE-2019-5751
	RESERVED
CVE-2019-5750
	RESERVED
CVE-2019-5749
	RESERVED
CVE-2019-5748 (In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might ...)
	NOT-FOR-US: Traccar Server
CVE-2019-5747 (An issue was discovered in BusyBox through 1.30.0. An out of bounds re ...)
	- busybox 1:1.30.1-2
	[buster] - busybox <not-affected> (Incomplete fix for CVE-2018-20679 did not reach buster)
	[stretch] - busybox <not-affected> (Incomplete fix for CVE-2018-20679 not applied)
	[jessie] - busybox <not-affected> (Incomplete fix for CVE-2018-20679 not applied)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
	NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
CVE-2019-5746
	RESERVED
CVE-2019-5745
	RESERVED
CVE-2019-5744
	RESERVED
CVE-2019-5743
	RESERVED
CVE-2019-5742
	RESERVED
CVE-2019-5741
	RESERVED
CVE-2019-5740
	RESERVED
CVE-2019-5739 (Keep-alive HTTP and HTTPS connections can remain open and inactive for ...)
	- nodejs 8.9.3~dfsg-5 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
	NOTE: Nodejs not covered by security support
CVE-2019-5738
	RESERVED
CVE-2019-5737 (In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before ...)
	- nodejs 10.15.2~dfsg-1 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
	NOTE: Nodejs not covered by security support
CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds rea ...)
	- busybox 1:1.30.1-1 (low; bug #918846)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
	NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
	NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
	NOTE: applying the partial fix. The followup commit
	NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
	NOTE: is needed to fix the issue completely.
CVE-2018-20678 (LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php ...)
	NOT-FOR-US: LibreNMS
CVE-2019-8308 (Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc  ...)
	{DSA-4390-1}
	- flatpak 1.2.3-1 (bug #922059)
CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other produ ...)
	- lxc 1:3.1.0+really3.0.3-4 (bug #922169; unimportant)
	- runc 1.0.0~rc6+dfsg1-2 (bug #922050)
	[stretch] - runc 0.1.1+dfsg1-2+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2
	NOTE: runc: Fixed by: https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
	NOTE: lxc: Fixed by: https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
	NOTE: Not considered a security issue by LXC upstream
CVE-2019-5735
	REJECTED
CVE-2019-5734
	RESERVED
CVE-2019-5733
	RESERVED
CVE-2019-5732
	REJECTED
CVE-2019-5731
	REJECTED
CVE-2019-5730
	RESERVED
CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS  ...)
	NOT-FOR-US: Splunk
CVE-2019-5728
	RESERVED
CVE-2019-5727 (Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9 ...)
	NOT-FOR-US: Splunk
CVE-2019-5726
	RESERVED
CVE-2019-5725 (qibosoft through V7 allows remote attackers to read arbitrary files vi ...)
	NOT-FOR-US: qibosoft
CVE-2019-5724
	RESERVED
CVE-2019-5723 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwor ...)
	NOT-FOR-US: portier vision
CVE-2019-5722 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to  ...)
	NOT-FOR-US: portier vision
CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was ...)
	- wireshark 2.6.1-1
	[stretch] - wireshark 2.6.3-1~deb9u1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-05.html
	NOTE: Fix for 2.4.x was a cherry pick of:
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf (2.5.1)
CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration  ...)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	NOTE: https://github.com/twbs/bootstrap/issues/27045
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
	NOTE: https://github.com/twbs/bootstrap/pull/27047
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewpor ...)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	NOTE: https://github.com/twbs/bootstrap/issues/27044
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
	NOTE: https://github.com/twbs/bootstrap/pull/27047
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Be ...)
	NOT-FOR-US: D-Link
CVE-2018-20674 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Be ...)
	NOT-FOR-US: D-Link
CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is ...)
	- twitter-bootstrap4 <not-affected> (Fixed before initial upload to Debian)
	- twitter-bootstrap3 3.4.0+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	NOTE: https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2)
	NOTE: https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0)
	NOTE: https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169 (v3.4.0)
	NOTE: https://github.com/twbs/bootstrap/issues/20184
	NOTE: hhtps://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
	NOTE: https://github.com/twbs/bootstrap/pull/23679
	NOTE: https://github.com/twbs/bootstrap/pull/23687
	NOTE: https://github.com/twbs/bootstrap/pull/26460
CVE-2019-5720 (includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a  ...)
	- frontaccounting <removed>
CVE-2019-5719 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector  ...)
	{DSA-4416-1 DLA-1645-1}
	- wireshark 2.6.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-04.html
CVE-2019-5718 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector an ...)
	{DSA-4416-1}
	- wireshark 2.6.6-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1746
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-03.html
CVE-2019-5717 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector c ...)
	{DSA-4416-1 DLA-1645-1}
	- wireshark 2.6.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bf9272a92f3df1e4ccfaad434e123222ae5313f7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-02.html
CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This w ...)
	{DSA-4416-1 DLA-1645-1}
	- wireshark 2.6.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010
	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-01.html
CVE-2019-5715 (All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versi ...)
	NOT-FOR-US: SilverStripe
CVE-2019-5714
	REJECTED
CVE-2019-5713
	REJECTED
CVE-2019-5712
	REJECTED
CVE-2019-5711
	REJECTED
CVE-2019-5710
	REJECTED
CVE-2019-5709
	REJECTED
CVE-2019-5708
	REJECTED
CVE-2019-5707
	REJECTED
CVE-2019-5706
	REJECTED
CVE-2019-5705
	REJECTED
CVE-2019-5704
	REJECTED
CVE-2019-5703
	REJECTED
CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vu ...)
	NOT-FOR-US: NVIDIA
CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains  ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...)
	NOT-FOR-US: NVIDIA Shield TV Experience
CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader c ...)
	NOT-FOR-US: NVIDIA Shield TV Experience
CVE-2019-5698 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
	NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...)
	NOT-FOR-US: NVIDIA
CVE-2019-5694 (NVIDIA Windows GPU Display Driver, R390 driver version, contains a vul ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5692 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5691 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5688 (NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool ...)
	NOT-FOR-US: NVIDIA
CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5686 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5685 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5684 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5683 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2019-5682 (NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in ...)
	NOT-FOR-US: NVIDIA Shield
CVE-2019-5681 (NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in ...)
	NOT-FOR-US: NVIDIA Shield
CVE-2019-5680 (In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra boot ...)
	NOT-FOR-US: NVIDIA
CVE-2019-5679 (NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader con ...)
	NOT-FOR-US: NVIDIA Shield
CVE-2019-5678 (NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerabil ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
CVE-2019-5675 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on al ...)
	NOT-FOR-US: Nvidia Tegra
CVE-2019-5672 (NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Teg ...)
	NOT-FOR-US: Nvidia Tegra
CVE-2019-5671 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5670 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5669 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5668 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5667 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5666 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5665 (NVIDIA Windows GPU Display driver contains a vulnerability in the 3D v ...)
	NOT-FOR-US: Nvidia drivers on Windows
CVE-2019-5664
	REJECTED
CVE-2019-5663
	REJECTED
CVE-2019-5662
	REJECTED
CVE-2019-5661
	REJECTED
CVE-2019-5660
	REJECTED
CVE-2019-5659
	REJECTED
CVE-2019-5658
	REJECTED
CVE-2019-5657
	REJECTED
CVE-2019-5656
	REJECTED
CVE-2019-5655
	REJECTED
CVE-2019-5654
	REJECTED
CVE-2019-5653
	REJECTED
CVE-2019-5652
	REJECTED
CVE-2019-5651
	REJECTED
CVE-2019-5650
	REJECTED
CVE-2019-5649
	RESERVED
CVE-2019-5648 (Authenticated, administrative access to a Barracuda Load Balancer ADC  ...)
	NOT-FOR-US: Barracuda
CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser se ...)
	NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider
CVE-2019-5646
	RESERVED
CVE-2019-5645
	RESERVED
CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also known a ...)
	NOT-FOR-US: Computing For Good's Basic Laboratory Information System
CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also known a ...)
	NOT-FOR-US: Computing For Good's Basic Laboratory Information System
CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from ...)
	NOT-FOR-US: Rapid7 Metasploit Pro
CVE-2019-5641
	RESERVED
CVE-2019-5640
	RESERVED
CVE-2019-5639
	RESERVED
CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
	NOT-FOR-US: Rapid7 Nexpose
CVE-2019-5637 (When Beckhoff TwinCAT is configured to use the Profinet driver, a deni ...)
	NOT-FOR-US: Beckhoff
CVE-2019-5636 (When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the A ...)
	NOT-FOR-US: Beckhoff
CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability is pre ...)
	NOT-FOR-US: Hickory
CVE-2019-5634 (An inclusion of sensitive information in log files vulnerability is pr ...)
	NOT-FOR-US: Hickory
CVE-2019-5633 (An insecure storage of sensitive information vulnerability is present  ...)
	NOT-FOR-US: Hickory
CVE-2019-5632 (An insecure storage of sensitive information vulnerability is present  ...)
	NOT-FOR-US: Hickory
CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerabi ...)
	NOT-FOR-US: Rapid7 InsightAppSec broker
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7  ...)
	NOT-FOR-US: Rapid7 Nexpose InsightVM Security Console
CVE-2019-5629 (Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local pr ...)
	NOT-FOR-US: Rapid7 Insight Agent
CVE-2019-5628
	RESERVED
CVE-2019-5627 (The iOS mobile application BlueCats Reveal before 5.14 stores the user ...)
	NOT-FOR-US: iOS mobile application BlueCats Reveal
CVE-2019-5626 (The Android mobile application BlueCats Reveal before 3.0.19 stores th ...)
	NOT-FOR-US: Android mobile application BlueCats Reveal
CVE-2019-5625 (The Android mobile application Halo Home before 1.11.0 stores OAuth au ...)
	NOT-FOR-US: Android mobile application Halo Home
CVE-2019-5624 (Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improp ...)
	NOT-FOR-US: Rapid7 Metasploit Framework
CVE-2019-5623 (Accellion File Transfer Appliance version FTA_8_0_540 suffers from an  ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2019-5622 (Accellion File Transfer Appliance version FTA_8_0_540 suffers from an  ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2019-5621 (ABBS Software Audio Media Player version 3.1 suffers from an instance  ...)
	NOT-FOR-US: ABBS Software Audio Media Player
CVE-2019-5620 (ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE- ...)
	NOT-FOR-US: ABB MicroSCADA Pro SYS600
CVE-2019-5619 (AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: ...)
	NOT-FOR-US: AASync.com AASync
CVE-2019-5618 (A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: St ...)
	NOT-FOR-US: A-PDF
CVE-2019-5617 (Computing For Good's Basic Laboratory Information System (also known a ...)
	NOT-FOR-US: Computing For Good's Basic Laboratory Information System
CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical  ...)
	NOT-FOR-US: CircuitWerkes Sicon-8
CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...)
	NOT-FOR-US: Rapid7 InsightVM
CVE-2019-5614 (In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:10.ipfw.asc
CVE-2019-5613 (In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in th ...)
	- kfreebsd-10 <not-affected> (Only affects kfreebsd 12)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:02.ipsec.asc
CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc
CVE-2019-5611 (In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc
CVE-2019-5610 (In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEAS ...)
	NOT-FOR-US: FreeBSD
CVE-2019-5609 (In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc
CVE-2019-5608 (In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEAS ...)
	NOT-FOR-US: FreeBSD
CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEAS ...)
	NOT-FOR-US: FreeBSD userspace
CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc
CVE-2019-5605 (In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc
CVE-2019-5604 (In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEAS ...)
	NOT-FOR-US: bhyve
CVE-2019-5603 (In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc
CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc
	NOTE: kfreebsd not covered by security support
CVE-2019-5601 (In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc
	NOTE: kfreebsd not covered by security support
CVE-2019-5600 (In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEAS ...)
	NOT-FOR-US: FreeBSD iconv
CVE-2019-5599 (In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-REL ...)
	- kfreebsd-10 <not-affected> (Only affects FreeBSD 12)
CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc
	NOTE: kfreebsd not covered by security support
CVE-2019-5597 (In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc
	NOTE: kfreebsd not covered by security support
CVE-2019-5596 (In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc
	NOTE: kfreebsd not covered by security support
CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc
	NOTE: kfreebsd not covered by security support
CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...)
	NOT-FOR-US: Fortinet
CVE-2019-5593 (Improper permission or value checking in the CLI console may allow a n ...)
	NOT-FOR-US: FortiOS
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE,  ...)
	NOT-FOR-US: Fortinet
CVE-2019-5591
	RESERVED
CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
	NOT-FOR-US: Fortinet
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
	NOT-FOR-US: FortiGuard
CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2019-5587 (Lack of root file system integrity checking in Fortinet FortiOS VM app ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2019-5586 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2019-5585 (An improper access control vulnerability in FortiClientMac before 6.0. ...)
	NOT-FOR-US: Fortiguard FortiClientMac
CVE-2019-5584
	REJECTED
CVE-2019-5583
	REJECTED
CVE-2019-5582
	REJECTED
CVE-2019-5581
	REJECTED
CVE-2019-5580
	REJECTED
CVE-2019-5579
	REJECTED
CVE-2019-5578
	REJECTED
CVE-2019-5577
	REJECTED
CVE-2019-5576
	REJECTED
CVE-2019-5575
	REJECTED
CVE-2019-5574
	REJECTED
CVE-2019-5573
	REJECTED
CVE-2019-5572
	REJECTED
CVE-2019-5571
	REJECTED
CVE-2019-5570
	REJECTED
CVE-2019-5569
	REJECTED
CVE-2019-5568
	REJECTED
CVE-2019-5567
	REJECTED
CVE-2019-5566
	REJECTED
CVE-2019-5565
	REJECTED
CVE-2019-5564
	REJECTED
CVE-2019-5563
	REJECTED
CVE-2019-5562
	REJECTED
CVE-2019-5561
	REJECTED
CVE-2019-5560
	REJECTED
CVE-2019-5559
	REJECTED
CVE-2019-5558
	REJECTED
CVE-2019-5557
	REJECTED
CVE-2019-5556
	REJECTED
CVE-2019-5555
	REJECTED
CVE-2019-5554
	REJECTED
CVE-2019-5553
	REJECTED
CVE-2019-5552
	REJECTED
CVE-2019-5551
	REJECTED
CVE-2019-5550
	REJECTED
CVE-2019-5549
	REJECTED
CVE-2019-5548
	REJECTED
CVE-2019-5547
	REJECTED
CVE-2019-5546
	REJECTED
CVE-2019-5545
	RESERVED
CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...)
	{DLA-2025-1}
	- openslp-dfsg <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1
CVE-2019-5543 (For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VM ...)
	NOT-FOR-US: VMware
CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
	NOT-FOR-US: VMware
CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
	NOT-FOR-US: VMware
CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
	NOT-FOR-US: VMware
CVE-2019-5539 (VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10 ...)
	NOT-FOR-US: VMware
CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...)
	NOT-FOR-US: VMware
CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a lack o ...)
	NOT-FOR-US: VMware
CVE-2019-5536 (VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2019-5535 (VMware Workstation and Fusion contain a network denial-of-service vuln ...)
	NOT-FOR-US: VMware
CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and  ...)
	NOT-FOR-US: VMware
CVE-2019-5533 (In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloClo ...)
	NOT-FOR-US: VMware
CVE-2019-5532 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and  ...)
	NOT-FOR-US: VMware
CVE-2019-5531 (VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to E ...)
	NOT-FOR-US: VMware
CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier than 1 ...)
	NOT-FOR-US: InstallBuilder
CVE-2019-5529
	RESERVED
CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service vulnerability i ...)
	NOT-FOR-US: VMware
CVE-2019-5527 (ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after ...)
	NOT-FOR-US: VMware
CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue ...)
	NOT-FOR-US: VMware
CVE-2019-5525 (VMware Workstation (15.x before 15.1.0) contains a use-after-free vuln ...)
	NOT-FOR-US: VMware
CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6 ...)
	NOT-FOR-US: VMware
CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 up ...)
	NOT-FOR-US: VMware vCloud Director for Service Providers
CVE-2019-5522 (VMware Tools for Windows update addresses an out of bounds read vulner ...)
	NOT-FOR-US: VMware
CVE-2019-5521 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
	NOT-FOR-US: VMware
CVE-2019-5518 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
	NOT-FOR-US: VMware
CVE-2019-5517 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2019-5516 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
	NOT-FOR-US: VMware
CVE-2019-5515 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion ...)
	NOT-FOR-US: VMware
CVE-2019-5514 (VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerab ...)
	NOT-FOR-US: VMware
CVE-2019-5513 (VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2,  ...)
	NOT-FOR-US: VMware
CVE-2019-5512 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on ...)
	NOT-FOR-US: VMware
CVE-2019-5511 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on ...)
	NOT-FOR-US: VMware
CVE-2019-5510
	RESERVED
CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2 through 2.1 ...)
	NOT-FOR-US: ONTAP Select Deploy administration utility
CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vul ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
	NOT-FOR-US: SnapManager for Oracle
CVE-2019-5506 (Clustered Data ONTAP versions 9.0 and higher do not enforce hostname v ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5505 (ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 ...)
	NOT-FOR-US: ONTAP
CVE-2019-5504 (ONTAP Select Deploy administration utility versions 2.12 &amp; 2.12.1  ...)
	NOT-FOR-US: ONTAP
CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...)
	NOT-FOR-US: OnCommand Workflow Automation
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
	NOT-FOR-US: Data ONTAP
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose  ...)
	NOT-FOR-US: Data ONTAP
CVE-2019-5500 (Certain versions of the NetApp Service Processor and Baseboard Managem ...)
	NOT-FOR-US: NetApp
CVE-2019-5499
	REJECTED
CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive accoun ...)
	NOT-FOR-US: OnCommand Insight
CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware versio ...)
	NOT-FOR-US: NetApp AFF A700s Baseboard Management Controller firmware
CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
	NOT-FOR-US: Oncommand Insight / Netapp
CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows prior  ...)
	NOT-FOR-US: OnCommand Unified Manager for VMware vSphere, Linux and Windows / Netapp
CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...)
	NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp
CVE-2019-5493 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptib ...)
	NOT-FOR-US: Data ONTAP
CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
	NOT-FOR-US: NetApp HCI Compute Node
CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the NetApp  ...)
	NOT-FOR-US: NetApp
CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac= ...)
	NOT-FOR-US: EARCLINK ESPCMS-P8
CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux kernel throu ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE &lt;v12.3 ...)
	- gitlab <not-affected> (Only affects Gitlab EE)
	NOTE: https://hackerone.com/reports/692252
CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE &lt;v12.3 ...)
	- gitlab 12.6.8-3
	NOTE: https://hackerone.com/reports/617896
	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...)
	NOT-FOR-US: node gitlabhook
CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file  ...)
	NOT-FOR-US: Bower
CVE-2019-5483 (Seneca &lt; 3.9.0 contains a vulnerability that could lead to exposing ...)
	NOT-FOR-US: Seneca
CVE-2019-5482 (Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7. ...)
	{DSA-4633-1 DLA-1917-1}
	- curl 7.66.0-1 (bug #940010)
	NOTE: https://curl.haxx.se/docs/CVE-2019-5482.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e9500c2e447d48aa9b3f24a6ca70f9
	NOTE: Fixed by: https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d (curl-7_66_0)
CVE-2019-5481 (Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7 ...)
	{DSA-4633-1}
	- curl 7.66.0-1 (bug #940009)
	[jessie] - curl <not-affected> (Vulnerable code introduced later)
	NOTE: https://curl.haxx.se/docs/CVE-2019-5481.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/0649433da53c7165f839e24e889e131e2894dd32 (curl-7_52_0)
	NOTE: Fixed by: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5 (curl-7_66_0)
CVE-2019-5480 (A path traversal vulnerability in &lt;= v0.9.7 of statichttpserver npm ...)
	NOT-FOR-US: Node statichttpserver
CVE-2019-5479 (An unintended require vulnerability in &lt;v0.5.5 larvitbase-api may a ...)
	NOT-FOR-US: Node larvitbase-api
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...)
	NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
	{DLA-1933-1}
	- rexical 1.0.7-1 (bug #940905)
	[buster] - rexical <no-dsa> (Minor issue, can be fixed via point release)
	[stretch] - rexical <no-dsa> (Minor issue, can be fixed via point release)
	- ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802)
	[buster] - ruby-nokogiri <no-dsa> (Minor issue, can be fixed via point release)
	[stretch] - ruby-nokogiri <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://github.com/sparklemotion/nokogiri/issues/1915
	NOTE: Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file
	NOTE: is being passed untrusted user input.
	NOTE: https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
	NOTE: Change in rexical is covered by the scope of this CVE.
CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server &lt; v0.3.0 (running o ...)
	NOT-FOR-US: Nextcloud Lookup-Server
CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...)
	NOT-FOR-US: Nexus Yum Repository Plugin
CVE-2019-5474 (An authorization issue was discovered in GitLab EE &lt; 12.1.2, &lt; 1 ...)
	- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...)
	- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5472 (An authorization issue was discovered in Gitlab versions &lt; 12.1.2,  ...)
	- gitlab <not-affected> (Only affects Gitlab EE 10.7 and later)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...)
	- gitlab <not-affected> (Only affects Gitlab EE 8.9 and later)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5470 (An information disclosure issue was discovered GitLab versions &lt; 12 ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5469 (An IDOR vulnerability exists in GitLab &lt;v12.1.2, &lt;v12.0.4, and & ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions &lt; 1 ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5467 (An input validation and output encoding issue was discovered in the Gi ...)
	- gitlab <not-affected> (Only affects 11.10 and later)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE 8.14 an ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badge ima ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5461 (An input validation problem was discovered in the GitHub service integ ...)
	[experimental] - gitlab 11.11.7+dfsg-1
	- gitlab 12.6.8-3 (bug #933785)
	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5460 (Double Free in VLC versions &lt;= 3.0.6 leads to a crash. ...)
	{DSA-4459-1}
	- vlc 3.0.7-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://hackerone.com/reports/503208
CVE-2019-5459 (An Integer underflow in VLC Media Player versions &lt; 3.0.7 leads to  ...)
	{DSA-4459-1}
	- vlc 3.0.7-1
	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://hackerone.com/reports/502816
CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...)
	NOT-FOR-US: http-file-server Node.js module
CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...)
	NOT-FOR-US: min-http-server Node module
CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy server  ...)
	NOT-FOR-US: SMTP MITM
CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 when c ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 3.0.0 allo ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-5450 (Improper sanitization of HTML in directory names in the Nextcloud Andr ...)
	NOT-FOR-US: Nextcloud Android app
CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 causes ...)
	- nextcloud <itp> (bug #835086)
CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...)
	- node-yarnpkg 1.13.0-3 (bug #941354)
	[buster] - node-yarnpkg 1.13.0-1+deb10u1
	NOTE: https://hackerone.com/reports/640904
	NOTE: https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md
	NOTE: https://github.com/yarnpkg/yarn/pull/7393
	NOTE: https://github.com/yarnpkg/yarn/commit/2f08a7405cc3f6fe47c30293050bb0ac94850932
CVE-2019-5447 (A path traversal vulnerability in &lt;= v0.2.6 of http-file-server npm ...)
	NOT-FOR-US: http-file-server Node.js module
CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin  ...)
	NOT-FOR-US: EdgeSwitch
CVE-2019-5445 (DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash  ...)
	NOT-FOR-US: EdgeSwitch
CVE-2019-5444 (Path traversal vulnerability in version up to v1.1.3 in serve-here.js  ...)
	NOT-FOR-US: serve-here.js npm module
CVE-2019-5443 (A non-privileged user or program can put code and a config file in a k ...)
	- curl <not-affected> (Windows-specific build issue)
CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results i ...)
	NOT-FOR-US: Pippo
CVE-2019-5441
	REJECTED
CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...)
	NOT-FOR-US: Revive Adserver
CVE-2019-5438 (Path traversal using symlink in npm harp module versions &lt;= 0.29.0. ...)
	NOT-FOR-US: npm harp module
CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...)
	NOT-FOR-US: npm harp module
CVE-2019-5436 (A heap buffer overflow in the TFTP receiving code allows for DoS or ar ...)
	{DLA-1804-1}
	- curl 7.64.0-4 (bug #929351)
	[stretch] - curl 7.52.1-5+deb9u10
	NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95
	NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
CVE-2019-5435 (An integer overflow in curl's URL API results in a buffer overflow in  ...)
	- curl 7.64.0-4 (bug #929352)
	[stretch] - curl <not-affected> (Vulnerable code introduced later)
	[jessie] - curl <not-affected> (Vulnerable code introduced later)
	NOTE: https://curl.haxx.se/docs/CVE-2019-5435.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/fb30ac5a2d63773c52
	NOTE: Fixed by: https://github.com/curl/curl/commit/5fc28510a4664f4
CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...)
	NOT-FOR-US: Revive Adserver
CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance could be  ...)
	NOT-FOR-US: Revive Adserver
CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...)
	- node-mqtt-packet 6.0.0-2 (bug #928673)
	NOTE: https://hackerone.com/reports/541354
CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...)
	NOT-FOR-US: Twitter Kit for iOS
CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...)
	NOT-FOR-US: Ubiquiti Networks UniFi Video
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
	- filezilla 3.45.1-1 (low; bug #928282)
	[buster] - filezilla 3.39.0-2+deb10u1
	[stretch] - filezilla <no-dsa> (Minor issue)
	[jessie] - filezilla <no-dsa> (Minor issue)
	NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision
	NOTE: https://www.tenable.com/security/research/tra-2019-14
CVE-2019-5428
	REJECTED
CVE-2019-5427 (c3p0 version &lt; 0.9.5.4 may be exploited by a billion laughs attack  ...)
	- c3p0 <unfixed> (low; bug #927936)
	[buster] - c3p0 <no-dsa> (Minor issue)
	[stretch] - c3p0 <no-dsa> (Minor issue)
	[jessie] - c3p0 <no-dsa> (Minor issue)
	NOTE: https://hackerone.com/reports/509315
	NOTE: Fixed by: https://github.com/swaldman/c3p0/commit/f38f27635c384806c2a9d6500d80183d9f09d78b
CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...)
	NOT-FOR-US: Ubiquiti
CVE-2019-5425 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated u ...)
	NOT-FOR-US: Ubiquiti
CVE-2019-5424 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user  ...)
	NOT-FOR-US: Ubiquiti
CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package versio ...)
	NOT-FOR-US: http-live-simulator node module
CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of attacker-p ...)
	NOT-FOR-US: buttle node module
CVE-2019-5421 (Plataformatec Devise version 4.5.0 and earlier, using the lockable mod ...)
	- ruby-devise 4.5.0-3 (bug #926348)
	[stretch] - ruby-devise <no-dsa> (Minor issue)
	NOTE: https://github.com/plataformatec/devise/issues/4981
	NOTE: https://github.com/plataformatec/devise/pull/4996
CVE-2019-5420 (A remote code execution vulnerability in development mode Rails &lt;5. ...)
	- rails 2:5.2.2.1+dfsg-1 (bug #924521)
	[stretch] - rails <not-affected> (Vulnerable code not present)
	[jessie] - rails <not-affected> (vulnerable code is not present in 4.x)
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/3
	NOTE: Introduced in https://github.com/rails/rails/commit/69f976b859cae7f9d050152103da018b7f5dda6d
CVE-2019-5419 (There is a possible denial of service vulnerability in Action View (Ra ...)
	{DLA-1739-1}
	- rails 2:5.2.2.1+dfsg-1 (bug #924520)
	[stretch] - rails 2:4.2.7.1-1+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/4
CVE-2019-5418 (There is a File Content Disclosure vulnerability in Action View &lt;5. ...)
	{DLA-1739-1}
	- rails 2:5.2.2.1+dfsg-1 (bug #924520)
	[stretch] - rails 2:4.2.7.1-1+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/5
CVE-2019-5417 (A path traversal vulnerability in serve npm package version 7.0.1 allo ...)
	NOT-FOR-US: node serve module
CVE-2019-5416 (A path traversal vulnerability in localhost-now npm package version 1. ...)
	NOT-FOR-US: node localhost-now module
CVE-2019-5415 (A bug in handling the ignore files and directories feature in serve 6. ...)
	NOT-FOR-US: node serve module
CVE-2019-5414 (If an attacker can control the port, which in itself is a very sensiti ...)
	NOT-FOR-US: kill-port node module
CVE-2019-5413 (An attacker can use the format parameter to inject arbitrary commands  ...)
	NOT-FOR-US: morgan node module
CVE-2019-5412
	REJECTED
CVE-2019-5411
	REJECTED
CVE-2019-5410
	REJECTED
CVE-2019-5409
	REJECTED
CVE-2019-5408 (Command View Advanced Edition (CVAE) products contain a vulnerability  ...)
	NOT-FOR-US: Command View Advanced Edition (CVAE) products
CVE-2019-5407 (A remote information disclosure vulnerability was discovered in HPE 3P ...)
	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
CVE-2019-5406 (A remote session reuse vulnerability was discovered in HPE 3PAR StoreS ...)
	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
CVE-2019-5405 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...)
	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
CVE-2019-5404 (A remote script injection vulnerability was discovered in HPE 3PAR Sto ...)
	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
CVE-2019-5403 (A remote multiple cross-site scripting vulnerability was discovered in ...)
	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
CVE-2019-5402 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...)
	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
CVE-2019-5401 (A potential security vulnerability has been identified in HP2910al-48G ...)
	NOT-FOR-US: HP HP2910al-48G
CVE-2019-5400 (A remote session reuse vulnerability was discovered in HPE 3PAR Servic ...)
	NOT-FOR-US: HPE
CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in HPE 3P ...)
	NOT-FOR-US: HPE
CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was discovered in  ...)
	NOT-FOR-US: HPE
CVE-2019-5397 (A remote bypass of security restrictions vulnerability was discovered  ...)
	NOT-FOR-US: HPE
CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in HPE 3PA ...)
	NOT-FOR-US: HPE
CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in HPE 3PA ...)
	NOT-FOR-US: HPE
CVE-2019-5394 (The HPE Nonstop Maintenance Entity family of products are vulnerable t ...)
	NOT-FOR-US: HPE
CVE-2019-5393 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5392 (A disclosure of information vulnerability was identified in HPE Intell ...)
	NOT-FOR-US: HPE
CVE-2019-5391 (A stack buffer overflow vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5390 (A remote command injection vulnerability was identified in HPE Intelli ...)
	NOT-FOR-US: HPE
CVE-2019-5389 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5388 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5387 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5386 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5385 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5384 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5383 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5382 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5381 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5380 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5379 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5378 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5377 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5376 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5375 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5374 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5373 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5372 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5371 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5370 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5369 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5368 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5367 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5366 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5365 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5364 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5363 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5362 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5361 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5360 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5359 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5358 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5357 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5356 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5355 (A remote denial of service vulnerability was identified in HPE Intelli ...)
	NOT-FOR-US: HPE
CVE-2019-5354 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5353 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5352 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5351 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5350 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5349 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5348 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5347 (A remote authentication bypass vulnerability was identified in HPE Int ...)
	NOT-FOR-US: HPE
CVE-2019-5346 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5345 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5344 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5343 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5342 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5341 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5340 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5339 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5338 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2019-5337
	REJECTED
CVE-2019-5336
	REJECTED
CVE-2019-5335
	REJECTED
CVE-2019-5334
	REJECTED
CVE-2019-5333
	REJECTED
CVE-2019-5332
	REJECTED
CVE-2019-5331
	REJECTED
CVE-2019-5330
	REJECTED
CVE-2019-5329
	REJECTED
CVE-2019-5328
	REJECTED
CVE-2019-5327
	REJECTED
CVE-2019-5326 (An administrative application user of or application user with write a ...)
	NOT-FOR-US: Aruba Airwave VisualRF
CVE-2019-5325
	RESERVED
CVE-2019-5324
	REJECTED
CVE-2019-5323 (There are command injection vulnerabilities present in the AirWave app ...)
	NOT-FOR-US: Aruba Airwave
CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
	NOT-FOR-US: Edge Switch models
CVE-2019-5321
	RESERVED
CVE-2019-5320
	RESERVED
CVE-2019-5319
	RESERVED
CVE-2019-5318
	RESERVED
CVE-2019-5317
	RESERVED
CVE-2019-5316
	RESERVED
CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
	NOT-FOR-US: ArubaOS
CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...)
	NOT-FOR-US: ArubaOS
CVE-2019-5313
	RESERVED
CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...)
	NOT-FOR-US: weixin-java-tools
CVE-2019-5311 (An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.p ...)
	NOT-FOR-US: YUNUCMS
CVE-2019-5310 (YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because craft ...)
	NOT-FOR-US: YUNUCMS
CVE-2019-5309 (Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P ...)
	NOT-FOR-US: Honor play smartphones
CVE-2019-5308 (Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3 ...)
	NOT-FOR-US: Mate 20 RS smartphones
CVE-2019-5307 (Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01 ...)
	NOT-FOR-US: Huawei
CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security vulnerabilit ...)
	NOT-FOR-US: Huawei
CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones version ...)
	NOT-FOR-US: Huawei
CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
	NOT-FOR-US: Huawei
CVE-2019-5303 (There are two denial of service vulnerabilities on some Huawei smartph ...)
	NOT-FOR-US: Huawei
CVE-2019-5302 (There are two denial of service vulnerabilities on some Huawei smartph ...)
	NOT-FOR-US: Huawei
CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...)
	NOT-FOR-US: Huawei
CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)
	NOT-FOR-US: Huawei
CVE-2019-5299 (Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL0 ...)
	NOT-FOR-US: Huawei
CVE-2019-5298 (There is an improper authentication vulnerability in some Huawei AP pr ...)
	NOT-FOR-US: Huawei
CVE-2019-5297 (Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T ...)
	NOT-FOR-US: Huawei
CVE-2019-5296 (Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have a ...)
	NOT-FOR-US: Huawei
CVE-2019-5295 (Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0 ...)
	NOT-FOR-US: Huawei
CVE-2019-5294 (There is an out of bound read vulnerability in some Huawei products. A ...)
	NOT-FOR-US: Huawei
CVE-2019-5293 (Some Huawei products have a memory leak vulnerability when handling so ...)
	NOT-FOR-US: Huawei
CVE-2019-5292 (Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions bef ...)
	NOT-FOR-US: Huawei
CVE-2019-5291 (Some Huawei products have an insufficient verification of data authent ...)
	NOT-FOR-US: Huawei
CVE-2019-5290 (Huawei S5700 and S6700 have a DoS security vulnerability. Attackers wi ...)
	NOT-FOR-US: Huawei
CVE-2019-5289 (Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out ...)
	NOT-FOR-US: Huawei
CVE-2019-5288 (P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E1 ...)
	NOT-FOR-US: Huawei
CVE-2019-5287 (P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E1 ...)
	NOT-FOR-US: Huawei
CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. Remote  ...)
	NOT-FOR-US: HedEx / Huawei
CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An unauthentic ...)
	NOT-FOR-US: Huawei
CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei sma ...)
	NOT-FOR-US: Huawei
CVE-2019-5283 (There is Factory Reset Protection (FRP) bypass security vulnerability  ...)
	NOT-FOR-US: Huawei
CVE-2019-5282 (Bastet module of some Huawei smartphones with Versions earlier than Em ...)
	NOT-FOR-US: Huawei
CVE-2019-5281 (There is an information leak vulnerability in some Huawei phones, vers ...)
	NOT-FOR-US: Huawei
CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has ...)
	NOT-FOR-US: Huawei
CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C1 ...)
	NOT-FOR-US: Huawei
CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced Packages  ...)
	NOT-FOR-US: Huawei
CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak v ...)
	NOT-FOR-US: Huawei
CVE-2019-5276 (Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C0 ...)
	NOT-FOR-US: Huawei
CVE-2019-5275 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
	NOT-FOR-US: Huawei
CVE-2019-5274 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
	NOT-FOR-US: Huawei
CVE-2019-5273 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
	NOT-FOR-US: Huawei
CVE-2019-5272 (USG9500 with versions of V500R001C30;V500R001C60 have a missing integr ...)
	NOT-FOR-US: Huawei
CVE-2019-5271 (There is an information leak vulnerability in Huawei smart speaker Myn ...)
	NOT-FOR-US: Huawei
CVE-2019-5270
	RESERVED
CVE-2019-5269 (Some Huawei home routers have an improper authorization vulnerability. ...)
	NOT-FOR-US: Huawei
CVE-2019-5268 (Some Huawei home routers have an input validation vulnerability. Due t ...)
	NOT-FOR-US: Huawei
CVE-2019-5267 (Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vu ...)
	NOT-FOR-US: Huawei
CVE-2019-5266 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an  ...)
	NOT-FOR-US: Huawei
CVE-2019-5265 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an  ...)
	NOT-FOR-US: Huawei
CVE-2019-5264 (There is an information disclosure vulnerability in certain Huawei sma ...)
	NOT-FOR-US: Huawei
CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
	NOT-FOR-US: Huawei
CVE-2019-5262
	RESERVED
CVE-2019-5261
	RESERVED
CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...)
	NOT-FOR-US: Huawei
CVE-2019-5259 (There is an information leakage vulnerability on some Huawei products( ...)
	NOT-FOR-US: Huawei
CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
	NOT-FOR-US: Huawei
CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
	NOT-FOR-US: Huawei
CVE-2019-5256 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
	NOT-FOR-US: Huawei
CVE-2019-5255 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
	NOT-FOR-US: Huawei
CVE-2019-5254 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
	NOT-FOR-US: Huawei
CVE-2019-5253 (E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an impro ...)
	NOT-FOR-US: Huawei
CVE-2019-5252 (There is an improper authentication vulnerability in Huawei smartphone ...)
	NOT-FOR-US: Huawei
CVE-2019-5251 (There is a path traversal vulnerability in several Huawei smartphones. ...)
	NOT-FOR-US: Huawei
CVE-2019-5250 (Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3 ...)
	NOT-FOR-US: Mate 20 Pro smartphones
CVE-2019-5249
	RESERVED
CVE-2019-5248 (CloudEngine 12800 has a DoS vulnerability. An attacker of a neighborin ...)
	NOT-FOR-US: CloudEngine 12800
CVE-2019-5247 (Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A lo ...)
	NOT-FOR-US: Huawei
CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...)
	NOT-FOR-US: Huawei
CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...)
	NOT-FOR-US: Huawei
CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
	NOT-FOR-US: Huawei
CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. An att ...)
	NOT-FOR-US: Huawei
CVE-2019-5242 (There is a code execution vulnerability in Huawei PCManager versions e ...)
	NOT-FOR-US: Huawei
CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei PCManager vers ...)
	NOT-FOR-US: Huawei
CVE-2019-5240
	RESERVED
CVE-2019-5239 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
	NOT-FOR-US: Huawei
CVE-2019-5238 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
	NOT-FOR-US: Huawei
CVE-2019-5237 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...)
	NOT-FOR-US: Huawei
CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1. ...)
	NOT-FOR-US: Huawei
CVE-2019-5235 (Some Huawei smart phones have a null pointer dereference vulnerability ...)
	NOT-FOR-US: Huawei
CVE-2019-5234
	RESERVED
CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...)
	NOT-FOR-US: Huawei
CVE-2019-5232 (There is a use of insufficiently random values vulnerability in Huawei ...)
	NOT-FOR-US: Huawei
CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...)
	NOT-FOR-US: Huawei
CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...)
	NOT-FOR-US: Huawei
CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...)
	NOT-FOR-US: P30 smartphones
CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...)
	NOT-FOR-US: Huawei
CVE-2019-5227 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...)
	NOT-FOR-US: Huawei
CVE-2019-5226 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...)
	NOT-FOR-US: Huawei
CVE-2019-5225 (P30, Mate 20, P30 Pro smartphones with software of versions earlier th ...)
	NOT-FOR-US: Huawei
CVE-2019-5224 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...)
	NOT-FOR-US: Huawei
CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability. The ce ...)
	NOT-FOR-US: PCManager
CVE-2019-5222 (There is an information disclosure vulnerability on Secure Input of ce ...)
	NOT-FOR-US: Huawei
CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software  ...)
	NOT-FOR-US: Huawei
CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
	NOT-FOR-US: Huawei
CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...)
	NOT-FOR-US: Huawei
CVE-2019-5218 (There is an insufficient authentication vulnerability in Huawei Band 2 ...)
	NOT-FOR-US: Huawei
CVE-2019-5217 (There is an information disclosure vulnerability on Mate 9 Pro Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2019-5216 (There is a race condition vulnerability on Huawei Honor V10 smartphone ...)
	NOT-FOR-US: Huawei
CVE-2019-5215 (There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartp ...)
	NOT-FOR-US: Huawei
CVE-2019-5214 (There is a use after free vulnerability on certain driver component in ...)
	NOT-FOR-US: Huawei
CVE-2019-5213 (Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0. ...)
	NOT-FOR-US: Honor play smartphones
CVE-2019-5212 (There is an improper access control vulnerability in Huawei Share. The ...)
	NOT-FOR-US: Huawei
CVE-2019-5211 (The Huawei Share function of P20 phones with versions earlier than Emi ...)
	NOT-FOR-US: Huawei
CVE-2019-5210 (Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.19 ...)
	NOT-FOR-US: Huawei
CVE-2019-5209
	REJECTED
CVE-2019-5208
	REJECTED
CVE-2019-5207
	REJECTED
CVE-2019-5206
	REJECTED
CVE-2019-5205
	REJECTED
CVE-2019-5204
	RESERVED
CVE-2019-5203
	RESERVED
CVE-2019-5202
	RESERVED
CVE-2019-5201
	RESERVED
CVE-2019-5200
	RESERVED
CVE-2019-5199
	RESERVED
CVE-2019-5198
	RESERVED
CVE-2019-5197
	RESERVED
CVE-2019-5196
	RESERVED
CVE-2019-5195
	RESERVED
CVE-2019-5194
	RESERVED
CVE-2019-5193
	RESERVED
CVE-2019-5192
	RESERVED
CVE-2019-5191
	RESERVED
CVE-2019-5190
	RESERVED
CVE-2019-5189
	RESERVED
CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing funct ...)
	{DLA-2156-1}
	- e2fsprogs 1.45.5-1 (bug #948508)
	[buster] - e2fsprogs 1.44.5-1+deb10u3
	[stretch] - e2fsprogs <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff
	NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2019-5186 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5185 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5184 (An exploitable double free vulnerability exists in the iocheckd servic ...)
	NOT-FOR-US: WAGO
CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...)
	NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5182 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5181 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5180 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5179 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5178 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5177 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5176 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
	NOT-FOR-US: WAGO
CVE-2019-5175 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5174 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5173 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5172 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5171 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5170 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5169 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5168 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5167 (An exploitable command injection vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5166 (An exploitable stack buffer overflow vulnerability exists in the ioche ...)
	NOT-FOR-US: WAGO
CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in the hostn ...)
	NOT-FOR-US: Moxa
CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...)
	- shadowsocks-libev 3.3.3+ds-2
	[buster] - shadowsocks-libev <no-dsa> (Minor issue)
	[stretch] - shadowsocks-libev <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2537
	NOTE: Mitigation: Using a unix socket with ss-manager via --manager-socket.
	NOTE: Exposing ss-manager to pubic is always dangerous.
CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPRelay  ...)
	- shadowsocks-libev 3.3.3+ds-2
	[buster] - shadowsocks-libev <no-dsa> (Minor issue)
	[stretch] - shadowsocks-libev <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536
CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...)
	NOT-FOR-US: Moxa
CVE-2019-5161 (An exploitable remote code execution vulnerability exists in the Cloud ...)
	NOT-FOR-US: WAGO
CVE-2019-5160 (An exploitable improper host validation vulnerability exists in the Cl ...)
	NOT-FOR-US: WAGO
CVE-2019-5159 (An exploitable improper input validation vulnerability exists in the f ...)
	NOT-FOR-US: WAGO
CVE-2019-5158 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
	NOT-FOR-US: WAGO
CVE-2019-5157 (An exploitable command injection vulnerability exists in the Cloud Con ...)
	NOT-FOR-US: WAGO
CVE-2019-5156 (An exploitable command injection vulnerability exists in the cloud con ...)
	NOT-FOR-US: WAGO
CVE-2019-5155 (An exploitable command injection vulnerability exists in the cloud con ...)
	NOT-FOR-US: WAGO
CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...)
	NOT-FOR-US: Moxa
CVE-2019-5152 (An exploitable information disclosure vulnerability exists in the netw ...)
	- shadowsocks-libev <unfixed> (unimportant)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2525
	NOTE: Upstream has no plan to remove stream ciphers as per
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2525#issuecomment-557551274
	NOTE: Documented insecure use case provided for backwards compatibility.
CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A  ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5149 (The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on ...)
	NOT-FOR-US: WAGO
CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent  ...)
	NOT-FOR-US: Moxa
CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
	NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
	NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
	NOT-FOR-US: Kakadu Software SDK
CVE-2019-5143 (An exploitable format string vulnerability exists in the iw_console co ...)
	NOT-FOR-US: Moxa
CVE-2019-5142 (An exploitable command injection vulnerability exists in the hostname  ...)
	NOT-FOR-US: Moxa
CVE-2019-5141 (An exploitable command injection vulnerability exists in the iw_webs f ...)
	NOT-FOR-US: Moxa
CVE-2019-5140 (An exploitable command injection vulnerability exists in the iwwebs fu ...)
	NOT-FOR-US: Moxa
CVE-2019-5139 (An exploitable use of hard-coded credentials vulnerability exists in m ...)
	NOT-FOR-US: Moxa
CVE-2019-5138 (An exploitable command injection vulnerability exists in encrypted dia ...)
	NOT-FOR-US: Moxa
CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgent bin ...)
	NOT-FOR-US: Moxa
CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...)
	NOT-FOR-US: Moxa
CVE-2019-5135 (An exploitable timing discrepancy vulnerability exists in the authenti ...)
	NOT-FOR-US: WAGO
CVE-2019-5134 (An exploitable regular expression without anchors vulnerability exists ...)
	NOT-FOR-US: WAGO
CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: ImageGear
CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: ImageGear
CVE-2019-5131 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2019-5130 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
	NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
	NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
	NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
	NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube  ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5121 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5120 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5119 (An exploitable SQL injection vulnerability exist in the authenticated  ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5118
	RESERVED
CVE-2019-5117 (Exploitable SQL injection vulnerabilities exists in the authenticated  ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5116 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5115
	RESERVED
CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: YouPHPTube
CVE-2019-5113
	RESERVED
CVE-2019-5112 (Exploitable SQL injection vulnerability exists in the authenticated po ...)
	NOT-FOR-US: Forma LMS
CVE-2019-5111 (Exploitable SQL injection vulnerability exists in the authenticated po ...)
	NOT-FOR-US: Forma LMS
CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authenticated p ...)
	NOT-FOR-US: Forma LMS
CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated  ...)
	NOT-FOR-US: Forma LMS
CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...)
	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
	- linux 5.3.7-1
	[buster] - linux 4.19.98-1
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
	NOTE: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
CVE-2019-5107 (A cleartext transmission vulnerability exists in the network communica ...)
	NOT-FOR-US: WAGO
CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentication ...)
	NOT-FOR-US: WAGO
CVE-2019-5105 (An exploitable memory corruption vulnerability exists in the Name Serv ...)
	NOT-FOR-US: 3S-Smart Software Solutions CODESYS GatewayService
CVE-2019-5104
	REJECTED
CVE-2019-5103
	RESERVED
CVE-2019-5102 (An exploitable information leak vulnerability exists in the ustream-ss ...)
	NOT-FOR-US: ustream-ssl library of OpenWrt
CVE-2019-5101 (An exploitable information leak vulnerability exists in the ustream-ss ...)
	NOT-FOR-US: ustream-ssl library of OpenWrt
CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5098 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
	NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of multi-pa ...)
	NOT-FOR-US: GoAhead
CVE-2019-5096 (An exploitable code execution vulnerability exists in the processing o ...)
	NOT-FOR-US: GoAhead
CVE-2019-5095 (An issue summary information disclosure vulnerability exists in Atlass ...)
	NOT-FOR-US: Atlassian
CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
	{DSA-4535-1 DLA-1935-1}
	- e2fsprogs 1.45.4-1 (bug #941139)
	NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
CVE-2019-5093 (An exploitable code execution vulnerability exists in the DICOM networ ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5092 (An exploitable heap out of bounds write vulnerability exists in the UI ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5091 (An exploitable denial-of-service vulnerability exists in the Dicom-pac ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5090 (An exploitable information disclosure vulnerability exists in the DICO ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech  ...)
	NOT-FOR-US: Investintech
CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech  ...)
	NOT-FOR-US: Investintech
CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
	- xcftools <unfixed> (bug #945317)
	NOTE: https://github.com/j-jorge/xcftools/issues/13
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
	- xcftools <unfixed> (bug #945317)
	NOTE: https://github.com/j-jorge/xcftools/issues/12
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
	NOT-FOR-US: LEADTOOLS
CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2019-5082 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
	NOT-FOR-US: WAGO Firmware
CVE-2019-5081 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
	NOT-FOR-US: WAGO
CVE-2019-5080 (An exploitable denial-of-service vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5079 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
	NOT-FOR-US: WAGO
CVE-2019-5078 (An exploitable denial of service vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5077 (An exploitable denial-of-service vulnerability exists in the iocheckd  ...)
	NOT-FOR-US: WAGO
CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
	NOT-FOR-US: Accusoft ImageGear
CVE-2019-5075 (An exploitable stack buffer overflow vulnerability exists in the comma ...)
	NOT-FOR-US: WAGO
CVE-2019-5074 (An exploitable stack buffer overflow vulnerability exists in the ioche ...)
	NOT-FOR-US: WAGO
CVE-2019-5073 (An exploitable information exposure vulnerability exists in the iochec ...)
	NOT-FOR-US: WAGO
CVE-2019-5072 (An exploitable command injection vulnerability exists in the /goform/W ...)
	NOT-FOR-US: Tenda
CVE-2019-5071 (An exploitable command injection vulnerability exists in the /goform/W ...)
	NOT-FOR-US: Tenda
CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...)
	NOT-FOR-US: eFront LMS
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
	NOT-FOR-US: Epignosis eFront LMS
CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...)
	{DLA-1993-1}
	- mesa 19.2.6-1 (low; bug #944298)
	[buster] - mesa 18.3.6-2+deb10u1
	[stretch] - mesa <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
	NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
	NOTE: https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...)
	NOT-FOR-US: Aspose
CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...)
	NOT-FOR-US: Aspose
CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the pack ...)
	NOT-FOR-US: Blynk
CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
	[experimental] - opencv 4.2.0+dfsg-1
	- opencv <unfixed> (bug #948180)
	[buster] - opencv <not-affected> (Vulnerable code introduced later)
	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
	[jessie] - opencv <not-affected> (The vulnerable code was introduced later)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853
	NOTE: Fixed by: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111 (4.2.0)
	NOTE: https://github.com/opencv/opencv/issues/15857
	NOTE: Persistence implementation refactored in: https://github.com/opencv/opencv/pull/13011
CVE-2019-5063 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
	[experimental] - opencv 4.2.0+dfsg-1
	- opencv <unfixed> (bug #948180)
	[buster] - opencv <not-affected> (Vulnerable code introduced later)
	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
	[jessie] - opencv <not-affected> (The vulnerable code was introduced later)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852
	NOTE: Fixed by: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111 (4.2.0)
	NOTE: https://github.com/opencv/opencv/issues/15857
	NOTE: Persistence implementation refactored in: https://github.com/opencv/opencv/pull/13011
CVE-2019-5062 (An exploitable denial-of-service vulnerability exists in the 802.11w s ...)
	- wpa <unfixed> (unimportant)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850
	NOTE: Issue is not considered the report recieved bogus and at most with very
	NOTE: negligible impact. Issue likely would need to be disputed or rejected.
CVE-2019-5061 (An exploitable denial-of-service vulnerability exists in the hostapd 2 ...)
	- wpa 2:2.9+git20200213+877d9a0-1 (unimportant)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849
	NOTE: https://w1.fi/cgit/hostap/commit/?id=018edec9b2bd3db20605117c32ff79c1e625c432
	NOTE: removes IAPP functionality from hostapd. IAPP implementation furthermore
	NOTE: was never really completed on wpa side and this obsoleted functionality in
	NOTE: hostapd had been moved to the kernel driver already.
CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...)
	- libsdl2-image 2.0.5+dfsg1-1
	[buster] - libsdl2-image <no-dsa> (Minor issue)
	[stretch] - libsdl2-image <no-dsa> (Minor issue)
	[jessie] - libsdl2-image <no-dsa> (Minor issue)
	- sdl-image1.2 1.2.12-12
	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844
	NOTE: https://hg.libsdl.org/SDL_image/rev/26061e601c81
CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...)
	- libsdl2-image 2.0.5+dfsg1-1
	[buster] - libsdl2-image <no-dsa> (Minor issue)
	[stretch] - libsdl2-image <no-dsa> (Minor issue)
	[jessie] - libsdl2-image <no-dsa> (Minor issue)
	- sdl-image1.2 1.2.12-12
	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843
	NOTE: https://hg.libsdl.org/SDL_image/rev/95fc7da55247
CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...)
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	[jessie] - libsdl2-image 2.0.0+dfsg-3+deb8u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	[jessie] - sdl-image1.2 1.2.12-5+deb8u2
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842
	NOTE: https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
	NOTE: CVE-2019-5058 can be considered a CVE for an incomplete fix for CVE-2018-3977.
CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...)
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	[jessie] - libsdl2-image <no-dsa> (Minor issue)
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841
	NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
CVE-2019-5056
	RESERVED
CVE-2019-5055 (An exploitable denial-of-service vulnerability exists in the Host Acce ...)
	NOT-FOR-US: Netgear
CVE-2019-5054 (An exploitable denial-of-service vulnerability exists in the session h ...)
	NOT-FOR-US: Netgear
CVE-2019-5053 (An exploitable use-after-free vulnerability exists in the Length parsi ...)
	NOT-FOR-US: NitroPDF
CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821
	NOTE: https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6
CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists when lo ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
	[buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-11 (bug #932755)
	[buster] - sdl-image1.2 1.2.12-10+deb10u1
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820
	NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34
CVE-2019-5050 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
	NOT-FOR-US: NitroPDF
CVE-2019-5049 (An exploitable memory corruption vulnerability exists in AMD ATIDXX64. ...)
	NOT-FOR-US: AMD Windows driver
CVE-2019-5048 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
	NOT-FOR-US: NitroPDF
CVE-2019-5047 (An exploitable Use After Free vulnerability exists in the CharProcs pa ...)
	NOT-FOR-US: NitroPDF
CVE-2019-5046 (A specifically crafted jpeg2000 file embedded in a PDF file can lead t ...)
	NOT-FOR-US: NitroPDF
CVE-2019-5045 (A specifically crafted jpeg2000 file embedded in a PDF file can lead t ...)
	NOT-FOR-US: NitroPDF
CVE-2019-5044
	REJECTED
CVE-2019-5043 (An exploitable denial-of-service vulnerability exists in the Weave dae ...)
	NOT-FOR-US: Nest
CVE-2019-5042 (An exploitable Use-After-Free vulnerability exists in the way Function ...)
	NOT-FOR-US: Aspose
CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists in the ...)
	NOT-FOR-US: Aspose
CVE-2019-5040 (An exploitable information disclosure vulnerability exists in the Weav ...)
	NOT-FOR-US: OpenWeave
CVE-2019-5039 (An exploitable command execution vulnerability exists in the ASN1 cert ...)
	NOT-FOR-US: OpenWeave
CVE-2019-5038 (An exploitable command execution vulnerability exists in the print-tlv ...)
	NOT-FOR-US: OpenWeave
CVE-2019-5037 (An exploitable denial-of-service vulnerability exists in the Weave cer ...)
	NOT-FOR-US: Nest
CVE-2019-5036 (An exploitable denial-of-service vulnerability exists in the Weave err ...)
	NOT-FOR-US: Nest
CVE-2019-5035 (An exploitable information disclosure vulnerability exists in the Weav ...)
	NOT-FOR-US: Nest
CVE-2019-5034 (An exploitable information disclosure vulnerability exists in the Weav ...)
	NOT-FOR-US: Nest
CVE-2019-5033 (An exploitable out-of-bounds read vulnerability exists in the Number r ...)
	NOT-FOR-US: Aspose
CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the LabelSst ...)
	NOT-FOR-US: Aspose
CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the JavaScrip ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...)
	NOT-FOR-US: Rainbow PDF Office Server Document Converter
CVE-2019-5029 (An exploitable command injection vulnerability exists in the Config ed ...)
	NOT-FOR-US: Exhibitor Web UI
CVE-2019-5028
	REJECTED
CVE-2019-5027
	REJECTED
CVE-2019-5026
	REJECTED
CVE-2019-5025
	REJECTED
CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
	NOT-FOR-US: Capsule Technologies SmartLinx Neuron
CVE-2019-5023 (An exploitable vulnerability exists in the grsecurity PaX patch for th ...)
	- linux-grsec <removed>
CVE-2019-5022
	REJECTED
CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...)
	NOT-FOR-US: Official Alpine Linux Docker images
CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...)
	- yara 3.9.0-1
	[stretch] - yara <not-affected> (dex module introduced in 3.8.0)
	[jessie] - yara <not-affected> (dex module introduced in 3.8.0)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781
	NOTE: https://github.com/VirusTotal/yara/issues/1023
	NOTE: https://github.com/VirusTotal/yara/commit/1ecb0e66431bf5c5b4c2fdf622be969eb5f4a7cc
	NOTE: https://github.com/VirusTotal/yara/commit/a3784d3855029bd0ad24071e72746cc0c31b8cba
CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document  ...)
	NOT-FOR-US: Rainbow PDF Office Server Document Converter
CVE-2019-5018 (An exploitable use after free vulnerability exists in the window funct ...)
	- sqlite3 3.27.2-3 (bug #928770)
	[stretch] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
	[jessie] - sqlite3 <not-affected> (windowfuncs introduced in 3.25.0)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
CVE-2019-5017 (An exploitable information disclosure vulnerability exists in the KCod ...)
	NOT-FOR-US: NETGEAR
CVE-2019-5016 (An exploitable arbitrary memory read vulnerability exists in the KCode ...)
	NOT-FOR-US: NETGEAR
CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X vers ...)
	NOT-FOR-US: Apple
CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...)
	NOT-FOR-US: Winco Fireworks FireFly FW-1007
CVE-2019-5013 (An exploitable privilege escalation vulnerability exists in the Wacom, ...)
	NOT-FOR-US: Wacom MacOS driver
CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the Wacom, ...)
	NOT-FOR-US: Wacom MacOS driver
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: CleanMyMac
CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...)
	{DLA-1834-1 DLA-1663-1}
	- python3.7 3.7.2-2 (bug #921064)
	- python3.6 <removed> (bug #921063)
	- python3.5 <removed>
	[stretch] - python3.5 <postponed> (Minor issue, can be fixed along in a future DSA)
	- python3.4 <removed>
	- python2.7 2.7.15-6 (bug #921040)
	[stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
	NOTE: https://bugs.python.org/issue35746
	NOTE: https://github.com/python/cpython/pull/11569
	NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x)
	NOTE: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a (3.6.x)
	NOTE: https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595 (2.7.x)
CVE-2019-5009 (Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extens ...)
	NOT-FOR-US: Vtiger CRM
CVE-2018-20673 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24039
	NOTE: binutils not covered by security support
CVE-2018-20672
	RESERVED
CVE-2018-20671 (load_specific_debug_section in objdump.c in GNU Binutils through 2.31. ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24005
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca
	NOTE: binutils not covered by security support
CVE-2018-20670
	RESERVED
CVE-2019-5008 (hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dere ...)
	- qemu 1:3.1+dfsg-8 (low; bug #927439)
	[buster] - qemu 1:3.1+dfsg-8~deb10u1
	[stretch] - qemu <ignored> (Minor issue)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ad280559c68360c9f1cd7be063857853759e6a73 (4.0.0-rc0)
CVE-2019-5007 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...)
	NOT-FOR-US: Foxit Reader and PhantomPDF
CVE-2019-5006 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...)
	NOT-FOR-US: Foxit Reader and PhantomPDF
CVE-2019-5005 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...)
	NOT-FOR-US: Foxit Reader and PhantomPDF
CVE-2019-5004
	RESERVED
CVE-2019-5003
	REJECTED
CVE-2019-5002
	REJECTED
CVE-2019-5001
	REJECTED
CVE-2019-5000
	REJECTED
CVE-2019-4999
	REJECTED
CVE-2019-4998
	REJECTED
CVE-2019-4997
	REJECTED
CVE-2019-4996
	REJECTED
CVE-2019-4995
	REJECTED
CVE-2019-4994
	REJECTED
CVE-2019-4993
	REJECTED
CVE-2019-4992
	REJECTED
CVE-2019-4991
	REJECTED
CVE-2019-4990
	REJECTED
CVE-2019-4989
	REJECTED
CVE-2019-4988
	REJECTED
CVE-2019-4987
	REJECTED
CVE-2019-4986
	REJECTED
CVE-2019-4985
	REJECTED
CVE-2019-4984
	REJECTED
CVE-2019-4983
	REJECTED
CVE-2019-4982
	REJECTED
CVE-2019-4981
	REJECTED
CVE-2019-4980
	REJECTED
CVE-2019-4979
	REJECTED
CVE-2019-4978
	REJECTED
CVE-2019-4977
	REJECTED
CVE-2019-4976
	REJECTED
CVE-2019-4975
	REJECTED
CVE-2019-4974
	REJECTED
CVE-2019-4973
	REJECTED
CVE-2019-4972
	REJECTED
CVE-2019-4971
	REJECTED
CVE-2019-4970
	REJECTED
CVE-2019-4969
	REJECTED
CVE-2019-4968
	REJECTED
CVE-2019-4967
	REJECTED
CVE-2019-4966
	REJECTED
CVE-2019-4965
	REJECTED
CVE-2019-4964
	REJECTED
CVE-2019-4963
	REJECTED
CVE-2019-4962
	REJECTED
CVE-2019-4961
	REJECTED
CVE-2019-4960
	REJECTED
CVE-2019-4959
	REJECTED
CVE-2019-4958
	REJECTED
CVE-2019-4957
	REJECTED
CVE-2019-4956
	REJECTED
CVE-2019-4955
	REJECTED
CVE-2019-4954
	REJECTED
CVE-2019-4953
	REJECTED
CVE-2019-4952
	REJECTED
CVE-2019-4951
	REJECTED
CVE-2019-4950
	REJECTED
CVE-2019-4949
	REJECTED
CVE-2019-4948
	REJECTED
CVE-2019-4947
	REJECTED
CVE-2019-4946
	REJECTED
CVE-2019-4945
	REJECTED
CVE-2019-4944
	REJECTED
CVE-2019-4943
	REJECTED
CVE-2019-4942
	REJECTED
CVE-2019-4941
	REJECTED
CVE-2019-4940
	REJECTED
CVE-2019-4939
	REJECTED
CVE-2019-4938
	REJECTED
CVE-2019-4937
	REJECTED
CVE-2019-4936
	REJECTED
CVE-2019-4935
	REJECTED
CVE-2019-4934
	REJECTED
CVE-2019-4933
	REJECTED
CVE-2019-4932
	REJECTED
CVE-2019-4931
	REJECTED
CVE-2019-4930
	REJECTED
CVE-2019-4929
	REJECTED
CVE-2019-4928
	REJECTED
CVE-2019-4927
	REJECTED
CVE-2019-4926
	REJECTED
CVE-2019-4925
	REJECTED
CVE-2019-4924
	REJECTED
CVE-2019-4923
	REJECTED
CVE-2019-4922
	REJECTED
CVE-2019-4921
	REJECTED
CVE-2019-4920
	REJECTED
CVE-2019-4919
	REJECTED
CVE-2019-4918
	REJECTED
CVE-2019-4917
	REJECTED
CVE-2019-4916
	REJECTED
CVE-2019-4915
	REJECTED
CVE-2019-4914
	REJECTED
CVE-2019-4913
	REJECTED
CVE-2019-4912
	REJECTED
CVE-2019-4911
	REJECTED
CVE-2019-4910
	REJECTED
CVE-2019-4909
	REJECTED
CVE-2019-4908
	REJECTED
CVE-2019-4907
	REJECTED
CVE-2019-4906
	REJECTED
CVE-2019-4905
	REJECTED
CVE-2019-4904
	REJECTED
CVE-2019-4903
	REJECTED
CVE-2019-4902
	REJECTED
CVE-2019-4901
	REJECTED
CVE-2019-4900
	REJECTED
CVE-2019-4899
	REJECTED
CVE-2019-4898
	REJECTED
CVE-2019-4897
	REJECTED
CVE-2019-4896
	REJECTED
CVE-2019-4895
	REJECTED
CVE-2019-4894
	REJECTED
CVE-2019-4893
	REJECTED
CVE-2019-4892
	REJECTED
CVE-2019-4891
	REJECTED
CVE-2019-4890
	REJECTED
CVE-2019-4889
	REJECTED
CVE-2019-4888
	REJECTED
CVE-2019-4887
	REJECTED
CVE-2019-4886
	REJECTED
CVE-2019-4885
	REJECTED
CVE-2019-4884
	REJECTED
CVE-2019-4883
	REJECTED
CVE-2019-4882
	REJECTED
CVE-2019-4881
	REJECTED
CVE-2019-4880
	REJECTED
CVE-2019-4879
	REJECTED
CVE-2019-4878
	REJECTED
CVE-2019-4877
	REJECTED
CVE-2019-4876
	REJECTED
CVE-2019-4875
	REJECTED
CVE-2019-4874
	REJECTED
CVE-2019-4873
	REJECTED
CVE-2019-4872
	REJECTED
CVE-2019-4871
	REJECTED
CVE-2019-4870
	REJECTED
CVE-2019-4869
	REJECTED
CVE-2019-4868
	REJECTED
CVE-2019-4867
	REJECTED
CVE-2019-4866
	REJECTED
CVE-2019-4865
	REJECTED
CVE-2019-4864
	REJECTED
CVE-2019-4863
	REJECTED
CVE-2019-4862
	REJECTED
CVE-2019-4861
	REJECTED
CVE-2019-4860
	REJECTED
CVE-2019-4859
	REJECTED
CVE-2019-4858
	REJECTED
CVE-2019-4857
	REJECTED
CVE-2019-4856
	REJECTED
CVE-2019-4855
	REJECTED
CVE-2019-4854
	REJECTED
CVE-2019-4853
	REJECTED
CVE-2019-4852
	REJECTED
CVE-2019-4851
	REJECTED
CVE-2019-4850
	REJECTED
CVE-2019-4849
	REJECTED
CVE-2019-4848
	REJECTED
CVE-2019-4847
	REJECTED
CVE-2019-4846
	REJECTED
CVE-2019-4845
	REJECTED
CVE-2019-4844
	REJECTED
CVE-2019-4843
	REJECTED
CVE-2019-4842
	REJECTED
CVE-2019-4841
	REJECTED
CVE-2019-4840
	REJECTED
CVE-2019-4839
	REJECTED
CVE-2019-4838
	REJECTED
CVE-2019-4837
	REJECTED
CVE-2019-4836
	REJECTED
CVE-2019-4835
	REJECTED
CVE-2019-4834
	REJECTED
CVE-2019-4833
	REJECTED
CVE-2019-4832
	REJECTED
CVE-2019-4831
	REJECTED
CVE-2019-4830
	REJECTED
CVE-2019-4829
	REJECTED
CVE-2019-4828
	REJECTED
CVE-2019-4827
	REJECTED
CVE-2019-4826
	REJECTED
CVE-2019-4825
	REJECTED
CVE-2019-4824
	REJECTED
CVE-2019-4823
	REJECTED
CVE-2019-4822
	REJECTED
CVE-2019-4821
	REJECTED
CVE-2019-4820
	REJECTED
CVE-2019-4819
	REJECTED
CVE-2019-4818
	REJECTED
CVE-2019-4817
	REJECTED
CVE-2019-4816
	REJECTED
CVE-2019-4815
	REJECTED
CVE-2019-4814
	REJECTED
CVE-2019-4813
	REJECTED
CVE-2019-4812
	REJECTED
CVE-2019-4811
	REJECTED
CVE-2019-4810
	REJECTED
CVE-2019-4809
	REJECTED
CVE-2019-4808
	REJECTED
CVE-2019-4807
	REJECTED
CVE-2019-4806
	REJECTED
CVE-2019-4805
	REJECTED
CVE-2019-4804
	REJECTED
CVE-2019-4803
	REJECTED
CVE-2019-4802
	REJECTED
CVE-2019-4801
	REJECTED
CVE-2019-4800
	REJECTED
CVE-2019-4799
	REJECTED
CVE-2019-4798
	REJECTED
CVE-2019-4797
	REJECTED
CVE-2019-4796
	REJECTED
CVE-2019-4795
	REJECTED
CVE-2019-4794
	REJECTED
CVE-2019-4793
	REJECTED
CVE-2019-4792
	REJECTED
CVE-2019-4791
	REJECTED
CVE-2019-4790
	REJECTED
CVE-2019-4789
	REJECTED
CVE-2019-4788
	REJECTED
CVE-2019-4787
	REJECTED
CVE-2019-4786
	REJECTED
CVE-2019-4785
	REJECTED
CVE-2019-4784
	REJECTED
CVE-2019-4783
	REJECTED
CVE-2019-4782
	REJECTED
CVE-2019-4781
	REJECTED
CVE-2019-4780
	REJECTED
CVE-2019-4779
	REJECTED
CVE-2019-4778
	REJECTED
CVE-2019-4777
	REJECTED
CVE-2019-4776
	REJECTED
CVE-2019-4775
	REJECTED
CVE-2019-4774
	REJECTED
CVE-2019-4773
	REJECTED
CVE-2019-4772
	REJECTED
CVE-2019-4771
	REJECTED
CVE-2019-4770
	REJECTED
CVE-2019-4769
	REJECTED
CVE-2019-4768
	REJECTED
CVE-2019-4767
	REJECTED
CVE-2019-4766
	REJECTED
CVE-2019-4765
	REJECTED
CVE-2019-4764
	REJECTED
CVE-2019-4763
	REJECTED
CVE-2019-4762 (IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to  ...)
	NOT-FOR-US: IBM
CVE-2019-4761
	RESERVED
CVE-2019-4760
	RESERVED
CVE-2019-4759
	RESERVED
CVE-2019-4758
	RESERVED
CVE-2019-4757
	RESERVED
CVE-2019-4756
	RESERVED
CVE-2019-4755
	RESERVED
CVE-2019-4754
	RESERVED
CVE-2019-4753
	RESERVED
CVE-2019-4752 (IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Manageme ...)
	NOT-FOR-US: IBM
CVE-2019-4751 (IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace o ...)
	NOT-FOR-US: IBM
CVE-2019-4750 (IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2019-4749 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2019-4748
	RESERVED
CVE-2019-4747
	RESERVED
CVE-2019-4746 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
	NOT-FOR-US: IBM
CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...)
	NOT-FOR-US: IBM
CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scri ...)
	NOT-FOR-US: IBM
CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure attribut ...)
	NOT-FOR-US: IBM
CVE-2019-4742 (IBM Financial Transaction Manager 3.0 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2019-4741 (IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forge ...)
	NOT-FOR-US: IBM
CVE-2019-4740 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
	NOT-FOR-US: IBM
CVE-2019-4739
	RESERVED
CVE-2019-4738
	RESERVED
CVE-2019-4737 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
	NOT-FOR-US: IBM
CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...)
	NOT-FOR-US: IBM
CVE-2019-4735 (IBM MaaS360 3.96.62 for iOS could allow an attacker with physical acce ...)
	NOT-FOR-US: IBM
CVE-2019-4734
	RESERVED
CVE-2019-4733
	RESERVED
CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...)
	NOT-FOR-US: IBM
CVE-2019-4731
	RESERVED
CVE-2019-4730
	RESERVED
CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
	NOT-FOR-US: IBM
CVE-2019-4728
	RESERVED
CVE-2019-4727
	RESERVED
CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
	NOT-FOR-US: IBM
CVE-2019-4725
	RESERVED
CVE-2019-4724
	RESERVED
CVE-2019-4723
	RESERVED
CVE-2019-4722
	RESERVED
CVE-2019-4721
	RESERVED
CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2019-4719 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
	NOT-FOR-US: IBM
CVE-2019-4718 (IBM Jazz for Service Management 3.13 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2019-4717
	RESERVED
CVE-2019-4716 (IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configur ...)
	NOT-FOR-US: IBM
CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated atta ...)
	NOT-FOR-US: IBM
CVE-2019-4714
	RESERVED
CVE-2019-4713
	RESERVED
CVE-2019-4712
	RESERVED
CVE-2019-4711
	RESERVED
CVE-2019-4710
	RESERVED
CVE-2019-4709
	RESERVED
CVE-2019-4708
	RESERVED
CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML  ...)
	NOT-FOR-US: IBM
CVE-2019-4706 (IBM Security Identity Manager Virtual Appliance 7.0.2 writes informati ...)
	NOT-FOR-US: IBM
CVE-2019-4705 (IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensit ...)
	NOT-FOR-US: IBM
CVE-2019-4704 (IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the ...)
	NOT-FOR-US: IBM
CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...)
	NOT-FOR-US: IBM
CVE-2019-4702
	RESERVED
CVE-2019-4701
	RESERVED
CVE-2019-4700
	RESERVED
CVE-2019-4699
	RESERVED
CVE-2019-4698
	RESERVED
CVE-2019-4697
	RESERVED
CVE-2019-4696
	RESERVED
CVE-2019-4695
	RESERVED
CVE-2019-4694
	RESERVED
CVE-2019-4693
	RESERVED
CVE-2019-4692
	RESERVED
CVE-2019-4691
	RESERVED
CVE-2019-4690
	RESERVED
CVE-2019-4689
	RESERVED
CVE-2019-4688
	RESERVED
CVE-2019-4687
	RESERVED
CVE-2019-4686
	RESERVED
CVE-2019-4685
	RESERVED
CVE-2019-4684
	RESERVED
CVE-2019-4683
	RESERVED
CVE-2019-4682
	RESERVED
CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2019-4680
	RESERVED
CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain  ...)
	NOT-FOR-US: IBM
CVE-2019-4678
	RESERVED
CVE-2019-4677
	RESERVED
CVE-2019-4676 (IBM Security Identity Manager Virtual Appliance 7.0.2 stores user cred ...)
	NOT-FOR-US: IBM
CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded credentials, s ...)
	NOT-FOR-US: IBM
CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote attacker to t ...)
	NOT-FOR-US: IBM
CVE-2019-4673
	RESERVED
CVE-2019-4672 (IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacke ...)
	NOT-FOR-US: IBM
CVE-2019-4671
	RESERVED
CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0  ...)
	NOT-FOR-US: IBM
CVE-2019-4668 (IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in ...)
	NOT-FOR-US: IBM
CVE-2019-4667 (IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to ob ...)
	NOT-FOR-US: IBM
CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could a ...)
	NOT-FOR-US: IBM
CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting.  ...)
	NOT-FOR-US: IBM
CVE-2019-4664
	RESERVED
CVE-2019-4663 (IBM WebSphere Application Server - Liberty is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2019-4662
	RESERVED
CVE-2019-4661
	RESERVED
CVE-2019-4660
	RESERVED
CVE-2019-4659
	RESERVED
CVE-2019-4658
	RESERVED
CVE-2019-4657
	RESERVED
CVE-2019-4656 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
	NOT-FOR-US: IBM
CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is  ...)
	NOT-FOR-US: IBM
CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly va ...)
	NOT-FOR-US: IBM
CVE-2019-4653
	RESERVED
CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...)
	NOT-FOR-US: IBM Spectrum Protect Plus
CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...)
	NOT-FOR-US: IBM
CVE-2019-4650 (IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A  ...)
	NOT-FOR-US: IBM
CVE-2019-4649
	RESERVED
CVE-2019-4648
	RESERVED
CVE-2019-4647
	RESERVED
CVE-2019-4646
	RESERVED
CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2019-4644 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2019-4643
	RESERVED
CVE-2019-4642
	RESERVED
CVE-2019-4641
	RESERVED
CVE-2019-4640 (IBM Security Secret Server 10.7 processes patches, image backups and o ...)
	NOT-FOR-US: IBM
CVE-2019-4639 (IBM Security Secret Server 10.7 uses weaker than expected cryptographi ...)
	NOT-FOR-US: IBM
CVE-2019-4638 (IBM Security Secret Server 10.7 does not set the secure attribute on a ...)
	NOT-FOR-US: IBM
CVE-2019-4637 (IBM Security Secret Server 10.7 uses incomplete blacklisting for input ...)
	NOT-FOR-US: IBM
CVE-2019-4636 (IBM Security Secret Server 10.7 could disclose sensitive information t ...)
	NOT-FOR-US: IBM
CVE-2019-4635 (IBM Security Secret Server 10.7 could allow a privileged user to perfo ...)
	NOT-FOR-US: IBM
CVE-2019-4634
	RESERVED
CVE-2019-4633 (IBM Security Secret Server 10.7 could allow an attacker to obtain sens ...)
	NOT-FOR-US: IBM
CVE-2019-4632 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2019-4631 (IBM Security Secret Server 10.7 could allow a remote attacker to condu ...)
	NOT-FOR-US: IBM
CVE-2019-4630
	RESERVED
CVE-2019-4629
	RESERVED
CVE-2019-4628
	RESERVED
CVE-2019-4627
	RESERVED
CVE-2019-4626
	RESERVED
CVE-2019-4625
	RESERVED
CVE-2019-4624
	RESERVED
CVE-2019-4623 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2019-4622
	RESERVED
CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2 ...)
	NOT-FOR-US: IBM
CVE-2019-4620 (IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypas ...)
	NOT-FOR-US: IBM
CVE-2019-4619 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...)
	NOT-FOR-US: IBM
CVE-2019-4618
	RESERVED
CVE-2019-4617 (IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable ...)
	NOT-FOR-US: IBM
CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...)
	NOT-FOR-US: IBM
CVE-2019-4615
	RESERVED
CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Que ...)
	NOT-FOR-US: IBM
CVE-2019-4613 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...)
	NOT-FOR-US: IBM
CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file upload in t ...)
	NOT-FOR-US: IBM
CVE-2019-4611 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2019-4610
	RESERVED
CVE-2019-4609 (IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic alg ...)
	NOT-FOR-US: IBM
CVE-2019-4608 (IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2019-4607
	RESERVED
CVE-2019-4606 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a ...)
	NOT-FOR-US: IBM
CVE-2019-4605
	RESERVED
CVE-2019-4604
	RESERVED
CVE-2019-4603 (IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authe ...)
	NOT-FOR-US: IBM
CVE-2019-4602 (IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cro ...)
	NOT-FOR-US: IBM
CVE-2019-4601 (IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authe ...)
	NOT-FOR-US: IBM
CVE-2019-4600 (IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitiv ...)
	NOT-FOR-US: IBM
CVE-2019-4599
	RESERVED
CVE-2019-4598 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
	NOT-FOR-US: IBM
CVE-2019-4597 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
	NOT-FOR-US: IBM
CVE-2019-4596 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
	NOT-FOR-US: IBM
CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...)
	NOT-FOR-US: IBM
CVE-2019-4594 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obt ...)
	NOT-FOR-US: IBM
CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that incl ...)
	NOT-FOR-US: IBM
CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...)
	NOT-FOR-US: IBM
CVE-2019-4591
	RESERVED
CVE-2019-4590
	RESERVED
CVE-2019-4589
	RESERVED
CVE-2019-4588
	RESERVED
CVE-2019-4587
	RESERVED
CVE-2019-4586
	RESERVED
CVE-2019-4585
	RESERVED
CVE-2019-4584
	RESERVED
CVE-2019-4583 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2019-4582
	RESERVED
CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2019-4580
	RESERVED
CVE-2019-4579
	RESERVED
CVE-2019-4578
	RESERVED
CVE-2019-4577
	RESERVED
CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA d ...)
	NOT-FOR-US: IBM
CVE-2019-4575
	RESERVED
CVE-2019-4574
	RESERVED
CVE-2019-4573
	RESERVED
CVE-2019-4572 (IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations ...)
	NOT-FOR-US: IBM
CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2019-4570 (IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error me ...)
	NOT-FOR-US: IBM
CVE-2019-4569 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2019-4568 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2019-4567
	RESERVED
CVE-2019-4566 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentia ...)
	NOT-FOR-US: IBM
CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that ...)
	NOT-FOR-US: IBM
CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnera ...)
	NOT-FOR-US: IBM
CVE-2019-4563
	RESERVED
CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive information in UR ...)
	NOT-FOR-US: IBM
CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...)
	NOT-FOR-US: IBM
CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulne ...)
	NOT-FOR-US: IBM
CVE-2019-4559 (IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to ...)
	NOT-FOR-US: IBM
CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM Spec ...)
	NOT-FOR-US: IBM
CVE-2019-4557 (IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expect ...)
	NOT-FOR-US: IBM
CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting fo ...)
	NOT-FOR-US: IBM
CVE-2019-4555 (IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2019-4554
	RESERVED
CVE-2019-4553 (IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expecte ...)
	NOT-FOR-US: IBM
CVE-2019-4552
	RESERVED
CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...)
	NOT-FOR-US: IBM
CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging  ...)
	NOT-FOR-US: IBM
CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive information to ...)
	NOT-FOR-US: IBM
CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote attacker to h ...)
	NOT-FOR-US: IBM
CVE-2019-4547
	RESERVED
CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...)
	NOT-FOR-US: IBM
CVE-2019-4545
	RESERVED
CVE-2019-4544
	RESERVED
CVE-2019-4543
	RESERVED
CVE-2019-4542 (IBM Security Directory Server 6.4.0 is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2019-4541 (IBM Security Directory Server 6.4.0 uses incomplete blacklisting for i ...)
	NOT-FOR-US: IBM
CVE-2019-4540 (IBM Security Directory Server 6.4.0 uses weaker than expected cryptogr ...)
	NOT-FOR-US: IBM
CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize speci ...)
	NOT-FOR-US: IBM
CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...)
	NOT-FOR-US: IBM
CVE-2019-4537 (IBM WebSphere Service Registry and Repository 8.5 could allow a user t ...)
	NOT-FOR-US: IBM
CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a  ...)
	NOT-FOR-US: IBM
CVE-2019-4535
	RESERVED
CVE-2019-4534
	RESERVED
CVE-2019-4533
	RESERVED
CVE-2019-4532
	RESERVED
CVE-2019-4531
	RESERVED
CVE-2019-4530 (IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an aut ...)
	NOT-FOR-US: IBM
CVE-2019-4529
	RESERVED
CVE-2019-4528
	RESERVED
CVE-2019-4527
	RESERVED
CVE-2019-4526
	RESERVED
CVE-2019-4525
	RESERVED
CVE-2019-4524
	RESERVED
CVE-2019-4523 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2019-4522
	RESERVED
CVE-2019-4521 (Platform System Manager in IBM Cloud Pak System 2.3 is potentially vul ...)
	NOT-FOR-US: IBM
CVE-2019-4520 (IBM Security Directory Server 6.4.0 uses an inadequate account lockout ...)
	NOT-FOR-US: IBM
CVE-2019-4519
	RESERVED
CVE-2019-4518
	RESERVED
CVE-2019-4517
	RESERVED
CVE-2019-4516
	RESERVED
CVE-2019-4515 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2019-4514 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses  ...)
	NOT-FOR-US: IBM
CVE-2019-4513 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vul ...)
	NOT-FOR-US: IBM
CVE-2019-4512 (IBM Maximo Asset Management 7.6.1.1 generates an error message that in ...)
	NOT-FOR-US: IBM
CVE-2019-4511
	RESERVED
CVE-2019-4510
	RESERVED
CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authoriza ...)
	NOT-FOR-US: IBM
CVE-2019-4508 (IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in so ...)
	NOT-FOR-US: IBM
CVE-2019-4507
	RESERVED
CVE-2019-4506
	RESERVED
CVE-2019-4505 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deploy ...)
	NOT-FOR-US: IBM
CVE-2019-4504
	RESERVED
CVE-2019-4503
	RESERVED
CVE-2019-4502
	RESERVED
CVE-2019-4501
	RESERVED
CVE-2019-4500
	RESERVED
CVE-2019-4499
	RESERVED
CVE-2019-4498
	RESERVED
CVE-2019-4497 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
	NOT-FOR-US: IBM
CVE-2019-4496
	RESERVED
CVE-2019-4495 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
	NOT-FOR-US: IBM
CVE-2019-4494 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...)
	NOT-FOR-US: IBM
CVE-2019-4493
	RESERVED
CVE-2019-4492
	RESERVED
CVE-2019-4491
	RESERVED
CVE-2019-4490
	RESERVED
CVE-2019-4489
	RESERVED
CVE-2019-4488
	RESERVED
CVE-2019-4487
	RESERVED
CVE-2019-4486 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
	NOT-FOR-US: IBM
CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
	NOT-FOR-US: IBM
CVE-2019-4483 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...)
	NOT-FOR-US: IBM
CVE-2019-4482 (IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cro ...)
	NOT-FOR-US: IBM
CVE-2019-4481 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...)
	NOT-FOR-US: IBM
CVE-2019-4480
	RESERVED
CVE-2019-4479
	RESERVED
CVE-2019-4478 (IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authentica ...)
	NOT-FOR-US: IBM
CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2019-4476
	RESERVED
CVE-2019-4475
	RESERVED
CVE-2019-4474
	RESERVED
CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on  ...)
	NOT-FOR-US: IBM
CVE-2019-4472
	RESERVED
CVE-2019-4471
	RESERVED
CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2019-4469
	RESERVED
CVE-2019-4468 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2019-4467 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2019-4466
	RESERVED
CVE-2019-4465 (IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored loc ...)
	NOT-FOR-US: IBM
CVE-2019-4464
	RESERVED
CVE-2019-4463
	RESERVED
CVE-2019-4462
	RESERVED
CVE-2019-4461 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is  ...)
	NOT-FOR-US: IBM
CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
	NOT-FOR-US: IBM
CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
	NOT-FOR-US: IBM
CVE-2019-4458
	RESERVED
CVE-2019-4457 (IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and ...)
	NOT-FOR-US: IBM
CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5.0.5 and 5.0.6 ...)
	NOT-FOR-US: IBM
CVE-2019-4455
	RESERVED
CVE-2019-4454 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2019-4453
	RESERVED
CVE-2019-4452
	RESERVED
CVE-2019-4451 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM
CVE-2019-4449
	RESERVED
CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
	NOT-FOR-US: IBM
CVE-2019-4447 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...)
	NOT-FOR-US: IBM
CVE-2019-4446 (IBM Maximo Asset Management 7.6 could allow an authenticated user perf ...)
	NOT-FOR-US: IBM
CVE-2019-4445
	RESERVED
CVE-2019-4444 (IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user regi ...)
	NOT-FOR-US: IBM
CVE-2019-4443
	RESERVED
CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2019-4441 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could ...)
	NOT-FOR-US: IBM
CVE-2019-4440
	RESERVED
CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session  ...)
	NOT-FOR-US: IBM
CVE-2019-4438
	RESERVED
CVE-2019-4437 (IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensi ...)
	NOT-FOR-US: IBM
CVE-2019-4436
	RESERVED
CVE-2019-4435
	RESERVED
CVE-2019-4434
	RESERVED
CVE-2019-4433 (IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere I ...)
	NOT-FOR-US: IBM
CVE-2019-4432
	RESERVED
CVE-2019-4431 (IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...)
	NOT-FOR-US: IBM
CVE-2019-4429 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2019-4428 (IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is ...)
	NOT-FOR-US: IBM
CVE-2019-4427 (IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using ...)
	NOT-FOR-US: IBM
CVE-2019-4426 (The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and  ...)
	NOT-FOR-US: IBM
CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
	NOT-FOR-US: IBM
CVE-2019-4424 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
	NOT-FOR-US: IBM
CVE-2019-4423 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2019-4422 (IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege ...)
	NOT-FOR-US: IBM
CVE-2019-4421
	RESERVED
CVE-2019-4420 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose ...)
	NOT-FOR-US: IBM
CVE-2019-4419 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2019-4418
	RESERVED
CVE-2019-4417
	RESERVED
CVE-2019-4416
	RESERVED
CVE-2019-4415 (IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain e ...)
	NOT-FOR-US: IBM
CVE-2019-4414
	RESERVED
CVE-2019-4413
	RESERVED
CVE-2019-4412 (IBM Cognos Controller stores sensitive information in URL parameters.  ...)
	NOT-FOR-US: IBM
CVE-2019-4411 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow a ...)
	NOT-FOR-US: IBM
CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
	NOT-FOR-US: IBM
CVE-2019-4409 (HCL Traveler versions 9.x and earlier are susceptible to cross-site sc ...)
	NOT-FOR-US: HCL Traveler
CVE-2019-4408
	RESERVED
CVE-2019-4407
	RESERVED
CVE-2019-4406 (IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerab ...)
	NOT-FOR-US: IBM
CVE-2019-4405
	RESERVED
CVE-2019-4404
	RESERVED
CVE-2019-4403 (IBM Connections 6.0 is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow ...)
	NOT-FOR-US: IBM
CVE-2019-4401
	RESERVED
CVE-2019-4400 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
	NOT-FOR-US: IBM
CVE-2019-4399 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 use ...)
	NOT-FOR-US: IBM
CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
	NOT-FOR-US: IBM
CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
	NOT-FOR-US: IBM
CVE-2019-4396 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is  ...)
	NOT-FOR-US: IBM
CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
	NOT-FOR-US: IBM
CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...)
	NOT-FOR-US: IBM
CVE-2019-4393 (HCL AppScan Standard is vulnerable to excessive authorization attempts ...)
	NOT-FOR-US: HCL AppScan
CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...)
	NOT-FOR-US: HCL AppScan
CVE-2019-4391 (HCL AppScan Standard is vulnerable to XML External Entity Injection (X ...)
	NOT-FOR-US: HCL AppScan
CVE-2019-4390
	RESERVED
CVE-2019-4389
	RESERVED
CVE-2019-4388 (HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site s ...)
	NOT-FOR-US: HCL AppScan Source
CVE-2019-4387 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 i ...)
	NOT-FOR-US: IBM
CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
	NOT-FOR-US: IBM
CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password i ...)
	NOT-FOR-US: IBM
CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse  ...)
	NOT-FOR-US: IBM
CVE-2019-4383 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to pro ...)
	NOT-FOR-US: IBM
CVE-2019-4382 (IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized us ...)
	NOT-FOR-US: IBM
CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain sensiti ...)
	NOT-FOR-US: IBM
CVE-2019-4380
	RESERVED
CVE-2019-4379
	RESERVED
CVE-2019-4378 (IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0 ...)
	NOT-FOR-US: IBM
CVE-2019-4377 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive info ...)
	NOT-FOR-US: IBM
CVE-2019-4376
	RESERVED
CVE-2019-4375
	RESERVED
CVE-2019-4374
	RESERVED
CVE-2019-4373
	RESERVED
CVE-2019-4372
	RESERVED
CVE-2019-4371
	RESERVED
CVE-2019-4370
	RESERVED
CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive informa ...)
	NOT-FOR-US: IBM
CVE-2019-4368
	RESERVED
CVE-2019-4367
	RESERVED
CVE-2019-4366
	RESERVED
CVE-2019-4365
	RESERVED
CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which  ...)
	NOT-FOR-US: IBM
CVE-2019-4363
	RESERVED
CVE-2019-4362
	RESERVED
CVE-2019-4361
	RESERVED
CVE-2019-4360
	RESERVED
CVE-2019-4359
	RESERVED
CVE-2019-4358
	RESERVED
CVE-2019-4357 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to pro ...)
	NOT-FOR-US: IBM
CVE-2019-4356
	RESERVED
CVE-2019-4355
	RESERVED
CVE-2019-4354
	RESERVED
CVE-2019-4353
	RESERVED
CVE-2019-4352
	RESERVED
CVE-2019-4351
	RESERVED
CVE-2019-4350
	RESERVED
CVE-2019-4349
	RESERVED
CVE-2019-4348
	RESERVED
CVE-2019-4347
	RESERVED
CVE-2019-4346
	RESERVED
CVE-2019-4345
	RESERVED
CVE-2019-4344
	RESERVED
CVE-2019-4343 (IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-orig ...)
	NOT-FOR-US: IBM
CVE-2019-4342 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2019-4341
	RESERVED
CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2019-4339 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker t ...)
	NOT-FOR-US: IBM
CVE-2019-4338 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not prop ...)
	NOT-FOR-US: IBM
CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
	NOT-FOR-US: IBM
CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses an ina ...)
	NOT-FOR-US: IBM
CVE-2019-4335 (IBM Watson Studio Local 1.2.3 stores key files in the user's home dire ...)
	NOT-FOR-US: IBM
CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information  ...)
	NOT-FOR-US: IBM
CVE-2019-4333
	RESERVED
CVE-2019-4332
	RESERVED
CVE-2019-4331
	RESERVED
CVE-2019-4330 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set  ...)
	NOT-FOR-US: IBM
CVE-2019-4329 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomple ...)
	NOT-FOR-US: IBM
CVE-2019-4328
	RESERVED
CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
	NOT-FOR-US: HCL AppScan Enterprise
CVE-2019-4326
	RESERVED
CVE-2019-4325
	RESERVED
CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...)
	TODO: check
CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...)
	TODO: check
CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Ope ...)
	NOT-FOR-US: IBM
CVE-2019-4320
	RESERVED
CVE-2019-4319
	RESERVED
CVE-2019-4318
	RESERVED
CVE-2019-4317
	RESERVED
CVE-2019-4316
	RESERVED
CVE-2019-4315
	RESERVED
CVE-2019-4314 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensit ...)
	NOT-FOR-US: IBM
CVE-2019-4313
	RESERVED
CVE-2019-4312
	RESERVED
CVE-2019-4311 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sen ...)
	NOT-FOR-US: IBM
CVE-2019-4310 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inade ...)
	NOT-FOR-US: IBM
CVE-2019-4309 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard cod ...)
	NOT-FOR-US: IBM
CVE-2019-4308 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
	NOT-FOR-US: IBM
CVE-2019-4307 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user c ...)
	NOT-FOR-US: IBM
CVE-2019-4306 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies per ...)
	NOT-FOR-US: IBM
CVE-2019-4305 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2019-4304 (IBM WebSphere Application Server - Liberty could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2019-4302
	RESERVED
CVE-2019-4301 (BigFix Self-Service Application (SSA) is vulnerable to arbitrary code  ...)
	NOT-FOR-US: BigFix Self-Service Application
CVE-2019-4300
	RESERVED
CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
	NOT-FOR-US: IBM
CVE-2019-4298 (IBM Robotic Process Automation with Automation Anywhere 11 uses a high ...)
	NOT-FOR-US: IBM
CVE-2019-4297 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
	NOT-FOR-US: IBM
CVE-2019-4296 (IBM Robotic Process Automation with Automation Anywhere 11 information ...)
	NOT-FOR-US: IBM
CVE-2019-4295 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
	NOT-FOR-US: IBM
CVE-2019-4294 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7 ...)
	NOT-FOR-US: IBM
CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...)
	NOT-FOR-US: IBM
CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
	NOT-FOR-US: IBM
CVE-2019-4291
	RESERVED
CVE-2019-4290
	RESERVED
CVE-2019-4289
	RESERVED
CVE-2019-4288 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...)
	NOT-FOR-US: IBM
CVE-2019-4287
	RESERVED
CVE-2019-4286 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...)
	NOT-FOR-US: IBM
CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a  ...)
	NOT-FOR-US: IBM
CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local  ...)
	NOT-FOR-US: IBM
CVE-2019-4283
	RESERVED
CVE-2019-4282
	RESERVED
CVE-2019-4281
	RESERVED
CVE-2019-4280 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive i ...)
	NOT-FOR-US: IBM
CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2019-4278
	RESERVED
CVE-2019-4277
	RESERVED
CVE-2019-4276
	RESERVED
CVE-2019-4275 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...)
	NOT-FOR-US: IBM
CVE-2019-4274
	RESERVED
CVE-2019-4273
	RESERVED
CVE-2019-4272
	RESERVED
CVE-2019-4271 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console  ...)
	NOT-FOR-US: IBM
CVE-2019-4270 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console  ...)
	NOT-FOR-US: IBM
CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console  ...)
	NOT-FOR-US: IBM
CVE-2019-4268 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerab ...)
	NOT-FOR-US: IBM
CVE-2019-4266 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not ha ...)
	NOT-FOR-US: IBM
CVE-2019-4265 (IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have devic ...)
	NOT-FOR-US: IBM
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...)
	NOT-FOR-US: IBM
CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion, all ...)
	NOT-FOR-US: IBM
CVE-2019-4262 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forge ...)
	NOT-FOR-US: IBM
CVE-2019-4261 (IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS ...)
	NOT-FOR-US: IBM
CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5.0 through 5.0 ...)
	NOT-FOR-US: IBM
CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)
	NOT-FOR-US: IBM
CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4257 (IBM InfoSphere Information Server 11.5 and 11.7 is affected by an info ...)
	NOT-FOR-US: IBM
CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryp ...)
	NOT-FOR-US: IBM
CVE-2019-4255
	RESERVED
CVE-2019-4254
	RESERVED
CVE-2019-4253 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2019-4252 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 co ...)
	NOT-FOR-US: IBM
CVE-2019-4251
	RESERVED
CVE-2019-4250 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...)
	NOT-FOR-US: IBM
CVE-2019-4249 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2019-4248
	RESERVED
CVE-2019-4247
	RESERVED
CVE-2019-4246 (IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal para ...)
	NOT-FOR-US: IBM
CVE-2019-4245
	RESERVED
CVE-2019-4244 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2019-4243 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized discl ...)
	NOT-FOR-US: IBM
CVE-2019-4242
	RESERVED
CVE-2019-4241 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an auth ...)
	NOT-FOR-US: IBM
CVE-2019-4240
	RESERVED
CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stor ...)
	NOT-FOR-US: IBM
CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2019-4237 (A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Se ...)
	NOT-FOR-US: IBM
CVE-2019-4236 (A IBM Spectrum Protect 7.l client backup or archive operation running  ...)
	NOT-FOR-US: IBM
CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require th ...)
	NOT-FOR-US: IBM
CVE-2019-4234 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the imp ...)
	NOT-FOR-US: IBM
CVE-2019-4233
	RESERVED
CVE-2019-4232
	RESERVED
CVE-2019-4231 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request ...)
	NOT-FOR-US: IBM
CVE-2019-4230
	RESERVED
CVE-2019-4229
	RESERVED
CVE-2019-4228
	RESERVED
CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...)
	NOT-FOR-US: IBM
CVE-2019-4226 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially  ...)
	NOT-FOR-US: IBM
CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...)
	NOT-FOR-US: IBM
CVE-2019-4223
	RESERVED
CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...)
	NOT-FOR-US: IBM
CVE-2019-4221
	RESERVED
CVE-2019-4220 (IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded  ...)
	NOT-FOR-US: IBM
CVE-2019-4219 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generate ...)
	NOT-FOR-US: IBM
CVE-2019-4218 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows w ...)
	NOT-FOR-US: IBM
CVE-2019-4217 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could al ...)
	NOT-FOR-US: IBM
CVE-2019-4216 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible ...)
	NOT-FOR-US: IBM
CVE-2019-4215 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2019-4214 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure a ...)
	NOT-FOR-US: IBM
CVE-2019-4213
	RESERVED
CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forger ...)
	NOT-FOR-US: IBM
CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
	NOT-FOR-US: IBM
CVE-2019-4209 (HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnera ...)
	NOT-FOR-US: HCL
CVE-2019-4208 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an X ...)
	NOT-FOR-US: IBM
CVE-2019-4207 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitiv ...)
	NOT-FOR-US: IBM
CVE-2019-4206
	RESERVED
CVE-2019-4205
	RESERVED
CVE-2019-4204 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...)
	NOT-FOR-US: IBM
CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited  ...)
	NOT-FOR-US: IBM
CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2019-4201 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...)
	NOT-FOR-US: IBM
CVE-2019-4200
	RESERVED
CVE-2019-4199
	RESERVED
CVE-2019-4198
	RESERVED
CVE-2019-4197
	RESERVED
CVE-2019-4196
	RESERVED
CVE-2019-4195
	RESERVED
CVE-2019-4194 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing ...)
	NOT-FOR-US: IBM
CVE-2019-4193 (IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive inf ...)
	NOT-FOR-US: IBM
CVE-2019-4192
	RESERVED
CVE-2019-4191
	RESERVED
CVE-2019-4190
	RESERVED
CVE-2019-4189
	RESERVED
CVE-2019-4188
	RESERVED
CVE-2019-4187
	RESERVED
CVE-2019-4186 (IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header inj ...)
	NOT-FOR-US: IBM
CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2019-4183 (IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of servi ...)
	NOT-FOR-US: IBM
CVE-2019-4182
	RESERVED
CVE-2019-4181
	RESERVED
CVE-2019-4180
	RESERVED
CVE-2019-4179
	RESERVED
CVE-2019-4178 (IBM Cognos Analytics 11 could allow a remote attacker to traverse dire ...)
	NOT-FOR-US: IBM
CVE-2019-4177 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...)
	NOT-FOR-US: IBM
CVE-2019-4176 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...)
	NOT-FOR-US: IBM
CVE-2019-4175 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker t ...)
	NOT-FOR-US: IBM
CVE-2019-4174 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...)
	NOT-FOR-US: IBM
CVE-2019-4173 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...)
	NOT-FOR-US: IBM
CVE-2019-4172
	RESERVED
CVE-2019-4171 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set  ...)
	NOT-FOR-US: IBM
CVE-2019-4170
	RESERVED
CVE-2019-4169 (IBM Open Power Firmware OP910 and OP920 could allow access to BMC via  ...)
	NOT-FOR-US: IBM
CVE-2019-4168
	RESERVED
CVE-2019-4167 (IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which c ...)
	NOT-FOR-US: IBM
CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...)
	NOT-FOR-US: IBM
CVE-2019-4165 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2019-4164
	RESERVED
CVE-2019-4163 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated use ...)
	NOT-FOR-US: IBM
CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missi ...)
	NOT-FOR-US: IBM
CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 disclose ...)
	NOT-FOR-US: IBM
CVE-2019-4160
	RESERVED
CVE-2019-4159
	REJECTED
CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a  ...)
	NOT-FOR-US: IBM
CVE-2019-4157 (IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2019-4156 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expec ...)
	NOT-FOR-US: IBM
CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...)
	NOT-FOR-US: IBM
CVE-2019-4154 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4153 (IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2019-4152 (IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate se ...)
	NOT-FOR-US: IBM
CVE-2019-4151 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expec ...)
	NOT-FOR-US: IBM
CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or  ...)
	NOT-FOR-US: IBM
CVE-2019-4149 (IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM B ...)
	NOT-FOR-US: IBM
CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4147 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...)
	NOT-FOR-US: IBM
CVE-2019-4145 (IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly se ...)
	NOT-FOR-US: IBM
CVE-2019-4144
	RESERVED
CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1  ...)
	NOT-FOR-US: IBM
CVE-2019-4142 (IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2019-4141 (IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0 ...)
	NOT-FOR-US: IBM
CVE-2019-4140 (IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) c ...)
	NOT-FOR-US: IBM
CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could al ...)
	NOT-FOR-US: IBM
CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulne ...)
	NOT-FOR-US: IBM
CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a secur ...)
	NOT-FOR-US: IBM
CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2019-4133 (IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the ...)
	NOT-FOR-US: IBM
CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertl ...)
	NOT-FOR-US: IBM
CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...)
	NOT-FOR-US: IBM
CVE-2019-4130 (IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to  ...)
	NOT-FOR-US: IBM
CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...)
	NOT-FOR-US: IBM
CVE-2019-4128
	RESERVED
CVE-2019-4127
	RESERVED
CVE-2019-4126
	RESERVED
CVE-2019-4125
	RESERVED
CVE-2019-4124
	RESERVED
CVE-2019-4123
	RESERVED
CVE-2019-4122
	RESERVED
CVE-2019-4121
	RESERVED
CVE-2019-4120 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...)
	NOT-FOR-US: IBM
CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could all ...)
	NOT-FOR-US: IBM
CVE-2019-4117 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request  ...)
	NOT-FOR-US: IBM
CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...)
	NOT-FOR-US: IBM
CVE-2019-4115 (IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2019-4114
	RESERVED
CVE-2019-4113
	RESERVED
CVE-2019-4112 (IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be s ...)
	NOT-FOR-US: IBM
CVE-2019-4111
	RESERVED
CVE-2019-4110
	RESERVED
CVE-2019-4109 (IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2019-4108
	RESERVED
CVE-2019-4107
	RESERVED
CVE-2019-4106 (IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2019-4105
	RESERVED
CVE-2019-4104
	RESERVED
CVE-2019-4103 (IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command ...)
	NOT-FOR-US: IBM
CVE-2019-4102 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4101 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...)
	NOT-FOR-US: IBM
CVE-2019-4100
	RESERVED
CVE-2019-4099
	RESERVED
CVE-2019-4098 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2019-4097
	RESERVED
CVE-2019-4096
	RESERVED
CVE-2019-4095 (IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery w ...)
	NOT-FOR-US: IBM
CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a  ...)
	NOT-FOR-US: IBM
CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2019-4091
	RESERVED
CVE-2019-4090
	RESERVED
CVE-2019-4089
	RESERVED
CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...)
	NOT-FOR-US: IBM
CVE-2019-4087 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulner ...)
	NOT-FOR-US: IBM
CVE-2019-4086 (IBM Cloud Application Performance Management 8.1.4 could allow a remot ...)
	NOT-FOR-US: IBM
CVE-2019-4085
	RESERVED
CVE-2019-4084 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...)
	NOT-FOR-US: IBM
CVE-2019-4083 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...)
	NOT-FOR-US: IBM
CVE-2019-4082
	RESERVED
CVE-2019-4081
	RESERVED
CVE-2019-4080 (IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0  ...)
	NOT-FOR-US: IBM
CVE-2019-4079
	RESERVED
CVE-2019-4078 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...)
	NOT-FOR-US: IBM
CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4075 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4074 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard  ...)
	NOT-FOR-US: IBM
CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard  ...)
	NOT-FOR-US: IBM
CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
	NOT-FOR-US: IBM
CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not p ...)
	NOT-FOR-US: IBM
CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...)
	NOT-FOR-US: IBM
CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not r ...)
	NOT-FOR-US: IBM
CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allo ...)
	NOT-FOR-US: IBM
CVE-2019-4065
	RESERVED
CVE-2019-4064
	RESERVED
CVE-2019-4063 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition c ...)
	NOT-FOR-US: IBM
CVE-2019-4062 (IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2019-4061 (IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the r ...)
	NOT-FOR-US: IBM
CVE-2019-4060
	RESERVED
CVE-2019-4059 (IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently pro ...)
	NOT-FOR-US: IBM
CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to ma ...)
	NOT-FOR-US: IBM
CVE-2019-4057 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does not val ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0  ...)
	NOT-FOR-US: IBM
CVE-2019-4054 (IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensiti ...)
	NOT-FOR-US: IBM
CVE-2019-4053
	RESERVED
CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthe ...)
	NOT-FOR-US: IBM
CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system spe ...)
	NOT-FOR-US: IBM
CVE-2019-4050
	RESERVED
CVE-2019-4049 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial  ...)
	NOT-FOR-US: IBM
CVE-2019-4048 (IBM Maximo Asset Management 7.6 could allow a physical user of the sys ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...)
	NOT-FOR-US: IBM
CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...)
	NOT-FOR-US: IBM
CVE-2019-4044
	RESERVED
CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vuln ...)
	NOT-FOR-US: IBM
CVE-2019-4042
	RESERVED
CVE-2019-4041
	RESERVED
CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerab ...)
	NOT-FOR-US: IBM
CVE-2019-4039 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...)
	NOT-FOR-US: IBM
CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to c ...)
	NOT-FOR-US: IBM
CVE-2019-4037
	RESERVED
CVE-2019-4036 (IBM Security Access Manager Appliance could allow unauthenticated atta ...)
	NOT-FOR-US: IBM
CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web traffi ...)
	NOT-FOR-US: IBM
CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to execute arbi ...)
	NOT-FOR-US: IBM
CVE-2019-4033 (IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scri ...)
	NOT-FOR-US: IBM
CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2019-4031 (IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a v ...)
	NOT-FOR-US: IBM
CVE-2019-4030 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2019-4029 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2019-4028 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2019-4027 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2019-4026
	RESERVED
CVE-2019-4025
	RESERVED
CVE-2019-4024
	RESERVED
CVE-2019-4023
	RESERVED
CVE-2019-4022
	RESERVED
CVE-2019-4021
	RESERVED
CVE-2019-4020
	RESERVED
CVE-2019-4019
	RESERVED
CVE-2019-4018
	RESERVED
CVE-2019-4017
	RESERVED
CVE-2019-4016 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to upload a ...)
	NOT-FOR-US: IBM
CVE-2019-4012 (IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is  ...)
	NOT-FOR-US: IBM
CVE-2019-4011 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2019-4010
	RESERVED
CVE-2019-4009
	RESERVED
CVE-2019-4008 (API Connect V2018.1 through 2018.4.1.1 is impacted by access token lea ...)
	NOT-FOR-US: IBM
CVE-2019-4007
	RESERVED
CVE-2019-4006
	RESERVED
CVE-2019-4005
	RESERVED
CVE-2019-4004
	RESERVED
CVE-2019-4003
	RESERVED
CVE-2019-4002
	RESERVED
CVE-2019-4001 (Improper input validation in Druva inSync Client 6.5.0 allows a local, ...)
	NOT-FOR-US: Druva inSync Client
CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated code in ...)
	NOT-FOR-US: Druva inSync Mac OS Client
CVE-2019-3999 (Improper neutralization of special elements used in an OS command in D ...)
	NOT-FOR-US: Druva inSync Windows Client
CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
	NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
	NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy  ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3994 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3993 (ELOG 3.1.4-57bea22 and below is affected by an information disclosure  ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3992 (ELOG 3.1.4-57bea22 and below is affected by an information disclosure  ...)
	NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3991
	RESERVED
CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the  ...)
	NOT-FOR-US: Harbor
CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2
CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2
CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2
CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2
CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2
CVE-2019-3984 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2 Sync Module firmware
CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
	NOT-FOR-US: Blink XT2
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
	NOT-FOR-US: Nessus
CVE-2019-3981 (MikroTik Winbox 3.20 and below is vulnerable to man in the middle atta ...)
	NOT-FOR-US: MikroTik Winbox
CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...)
	NOT-FOR-US: Solarwinds
CVE-2019-3979 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulne ...)
	NOT-FOR-US: RouterOS
CVE-2019-3978 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow rem ...)
	NOT-FOR-US: RouterOS
CVE-2019-3977 (RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insuffici ...)
	NOT-FOR-US: RouterOS
CVE-2019-3976 (RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulne ...)
	NOT-FOR-US: RouterOS
CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows  ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...)
	NOT-FOR-US: Nessus
CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-3972 (Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Deni ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-3971 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local  ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrar ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Pr ...)
	NOT-FOR-US: Comodo Antivirus
CVE-2019-3968 (In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute ar ...)
	NOT-FOR-US: OpenEMR
CVE-2019-3967 (In OpenEMR 5.0.1 and earlier, the patient file download interface cont ...)
	NOT-FOR-US: OpenEMR
CVE-2019-3966 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
	NOT-FOR-US: OpenEMR
CVE-2019-3965 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
	NOT-FOR-US: OpenEMR
CVE-2019-3964 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
	NOT-FOR-US: OpenEMR
CVE-2019-3963 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS  ...)
	NOT-FOR-US: OpenEMR
CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may a ...)
	NOT-FOR-US: Nessus
CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...)
	NOT-FOR-US: Nessus
CVE-2019-3960 (Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 al ...)
	NOT-FOR-US: WallacePOS
CVE-2019-3959 (Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacke ...)
	NOT-FOR-US: WallacePOS
CVE-2019-3958 (Insufficient output sanitization in WallacePOS 1.4.3 allows a remote,  ...)
	NOT-FOR-US: WallacePOS
CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
	NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...)
	NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...)
	NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3954 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows  ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows  ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3952
	RESERVED
CVE-2019-3951 (Advantech WebAccess before 8.4.3 allows unauthenticated remote attacke ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded ...)
	NOT-FOR-US: Arlo Basestation firmware
CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a  ...)
	NOT-FOR-US: Arlo Basestation firmware
CVE-2019-3948 (The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000 ...)
	NOT-FOR-US: Amcrest IP2M-841B IP camera firmware
CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in  ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of serv ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2019-3945 (Web server running on Parrot ANAFI can be crashed due to the SDK comma ...)
	NOT-FOR-US: Parrot ANAFI
CVE-2019-3944 (Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing  ...)
	NOT-FOR-US: Parrot ANAFI
CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...)
	NOT-FOR-US: MikroTik
CVE-2019-3942 (Advantech WebAccess 8.3.4 does not properly restrict an RPC call that  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2019-3939 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3938 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3937 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3936 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3935 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3934 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3933 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3932 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3931 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3930 (The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3929 (The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3928 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3927 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3926 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3925 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...)
	NOT-FOR-US: Crestron AM-100
CVE-2019-3924 (MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is v ...)
	NOT-FOR-US: MikroTik
CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a stored XSS v ...)
	NOT-FOR-US: Nessus
CVE-2019-3922 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2019-3921 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2019-3920 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2019-3919 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2019-3918 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2019-3917 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2019-3916 (Information disclosure vulnerability in Verizon Fios Quantum Gateway ( ...)
	NOT-FOR-US: Verizon
CVE-2019-3915 (Authentication Bypass by Capture-replay vulnerability in Verizon Fios  ...)
	NOT-FOR-US: Verizon
CVE-2019-3914 (Remote command injection vulnerability in Verizon Fios Quantum Gateway ...)
	NOT-FOR-US: Verizon
CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before 18.3.0- ...)
	NOT-FOR-US: LabKey Server
CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition befo ...)
	NOT-FOR-US: LabKey Server
CVE-2019-3911 (Reflected cross-site scripting (XSS) vulnerability in LabKey Server Co ...)
	NOT-FOR-US: LabKey Server
CVE-2019-3910 (Crestron AM-100 before firmware version 1.6.0.2 contains an authentica ...)
	NOT-FOR-US: Creston
CVE-2019-3909 (Premisys Identicard version 3.1.190 database uses default credentials. ...)
	NOT-FOR-US: Premisys Identicard
CVE-2019-3908 (Premisys Identicard version 3.1.190 stores backup files as encrypted z ...)
	NOT-FOR-US: Premisys Identicard
CVE-2019-3907 (Premisys Identicard version 3.1.190 stores user credentials and other  ...)
	NOT-FOR-US: Premisys Identicard
CVE-2019-3906 (Premisys Identicard version 3.1.190 contains hardcoded credentials in  ...)
	NOT-FOR-US: Premisys Identicard
CVE-2018-20669 (An issue where a provided address with access_ok() is not checked was  ...)
	- linux 5.2.6-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/594cc251fdd0d231d342d88b2fdff4bc42fb0690
CVE-2018-20668
	RESERVED
CVE-2018-20667
	RESERVED
CVE-2018-20666
	RESERVED
CVE-2018-20665
	RESERVED
CVE-2019-3905 (Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-3904
	RESERVED
CVE-2019-3903
	RESERVED
CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use symli ...)
	{DLA-1764-1}
	- mercurial 4.9-1 (bug #927674)
	[buster] - mercurial 4.8.2-1+deb10u1
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/6c10eba6b9cd
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/31286c9282df
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/83377b4b4ae0
CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to leak s ...)
	{DLA-1799-1}
	- linux 4.6.1-1
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
	NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...)
	{DSA-4497-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
	- heketi <itp> (bug #903384)
CVE-2019-3898
	RESERVED
CVE-2019-3897
	RESERVED
	NOT-FOR-US: redhat-certification
CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in the Linux ...)
	- linux 3.2.41-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694812
CVE-2019-3895 (An access-control flaw was found in the Octavia service when the cloud ...)
	- octavia <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://bugs.launchpad.net/octavia/+bug/1620629
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694608
CVE-2019-3894 (It was discovered that the ElytronManagedThread in Wildfly's Elytron s ...)
	- wildfly <itp> (bug #752018)
CVE-2019-3893 (In Foreman it was discovered that the delete compute resource operatio ...)
	- foreman <itp> (bug #663101)
CVE-2019-3892
	REJECTED
CVE-2019-3891 (It was discovered that a world-readable log file belonging to Candlepi ...)
	NOT-FOR-US: Candlepin
CVE-2019-3890 (It was discovered evolution-ews before 3.31.3 does not check the valid ...)
	[experimental] - evolution-ews 3.31.90-1
	- evolution-ews 3.30.5-1.1 (bug #926712)
	[stretch] - evolution-ews <no-dsa> (Minor issue)
	[jessie] - evolution-ews <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
	NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/issues/36
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678313
	NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/commit/915226eca9454b8b3e5adb6f2fff9698451778de
	NOTE: Depends on evolution-data-server patch: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/6672b8236139bd6ef41ecb915f4c72e2a052dba5
CVE-2019-3889 (A reflected XSS vulnerability exists in authorization flow of OpenShif ...)
	NOT-FOR-US: OpenShift
CVE-2019-3888 (A vulnerability was found in Undertow web server before 2.0.21. An inf ...)
	- undertow 2.0.23-1 (bug #930349)
	NOTE: https://github.com/undertow-io/undertow/pull/736
CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...)
	- linux 4.19.37-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
	NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041
CVE-2016-10746 (libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...)
	{DLA-1772-1}
	- libvirt 1.3.1-1
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=506e9d6c2d4baaf580d489fff0690c0ff2ff588f (v1.3.1-rc1)
CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...)
	- libvirt 5.0.0-2 (low; bug #926418)
	[stretch] - libvirt <not-affected> (Vulnerable code not present)
	[jessie] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694880
	NOTE: https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131595#c3
	NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=25736a4c7ed50c101b4f87935f350f1a39a89f6e (v4.8.0-rc1)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=ae076bb40e0e150aef41361b64001138d04d6c60
CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including versi ...)
	- pacemaker 2.0.1-3 (bug #927714)
	[stretch] - pacemaker <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
	NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of atomic-o ...)
	NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers  ...)
	{DLA-1779-1}
	- 389-ds-base 1.4.1.5-1 (bug #927939)
	[buster] - 389-ds-base <no-dsa> (Minor issue)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
	NOTE: https://pagure.io/389-ds-base/issue/50329
	NOTE: https://pagure.io/389-ds-base/c/4d9cc24da (master)
	NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
	NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
	NOTE: Patch was applied upstream but then reverted again, as it introduces
	NOTE: regressions:
	NOTE: https://pagure.io/389-ds-base/c/f35ad37100ab5915445d6d37f8921dd46f83656e
	NOTE: Fixed properly via:
	NOTE: https://pagure.io/389-ds-base/pull-request/50398
	NOTE: https://pagure.io/389-ds-base/c/f20e982c68a700b5ba2c41e5b6f3cdeb5fcb5fab (389-ds-base-1.4.1.4)
	NOTE: https://pagure.io/389-ds-base/c/7b0e7f6f51f6a117f6a40aa3967cad656eafb811 (389-ds-base-1.4.0.24)
	NOTE: https://pagure.io/389-ds-base/c/33ac4f5a78d1a42385d1c011d88cef26771e99f5 (389-ds-base-1.3.9 branch)
CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
	{DSA-4497-1 DLA-1885-1 DLA-1799-1}
	- linux 4.19.37-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
	NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426
	NOTE: Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c
CVE-2019-3881 [tmp_home_path insecure]
	RESERVED
	- bundler 1.16.1-2 (bug #881749; bug #796383)
	[stretch] - bundler <no-dsa> (Minor issue)
	[jessie] - bundler <not-affected> (This version just uses mktmpdir which creates temporary directories with 0700 permissions by default.)
	NOTE: Upstream issue: https://github.com/bundler/bundler/issues/6501
	NOTE: https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0006-Don-t-use-insecure-temporary-directory-as-home-direc.patch
	NOTE: https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0007-Remove-temporary-home-directories.patch
CVE-2019-3880 (A flaw was found in the way samba implemented an RPC endpoint emulatin ...)
	{DSA-4427-1 DLA-1754-1}
	- samba 2:4.9.5+dfsg-3
	NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html
CVE-2019-3879 (It was discovered that in the ovirt's REST API before version 4.3.2.1, ...)
	NOT-FOR-US: ovirt-engine
CVE-2019-3878 (A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache ...)
	{DSA-4414-1}
	- libapache2-mod-auth-mellon 0.14.2-1 (bug #925197)
	[jessie] - libapache2-mod-auth-mellon <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576719
	NOTE: https://github.com/Uninett/mod_auth_mellon/pull/196
	NOTE: https://github.com/Uninett/mod_auth_mellon/commit/e09a28a30e13e5c22b481010f26b4a7743a09280
CVE-2019-3877 (A vulnerability was found in mod_auth_mellon before v0.14.2. An open r ...)
	{DSA-4414-1}
	- libapache2-mod-auth-mellon 0.14.2-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Open redirect protection not present in the first place)
	NOTE: https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8
CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of the Op ...)
	NOT-FOR-US: Openshift OAuth server
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 authenti ...)
	NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...)
	- linux 5.2.6-1
	[buster] - linux <ignored> (Minor issue)
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
CVE-2019-3873 (It was found that Picketlink as shipped with Jboss Enterprise Applicat ...)
	NOT-FOR-US: Picketlink
CVE-2019-3872 (It was found that a SAMLRequest containing a script could be processed ...)
	NOT-FOR-US: Picketlink
CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before 4.0. ...)
	{DSA-4424-1 DLA-1737-1}
	- pdns 4.1.6-2 (bug #924966)
	NOTE: https://github.com/PowerDNS/pdns/issues/7573
	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
	NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/
CVE-2019-3870 (A vulnerability was found in Samba from version (including) 4.9 to ver ...)
	- samba 2:4.9.5+dfsg-3
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2019-3870.html
CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, applicatio ...)
	NOT-FOR-US: Ansible Tower
CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or id t ...)
	NOT-FOR-US: Keycloak
CVE-2019-3867
	RESERVED
	NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...)
	- python-oslo.utils 3.41.3-1 (low; bug #946060)
	[buster] - python-oslo.utils 3.36.5-0+deb10u1
	[stretch] - python-oslo.utils <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - python-oslo.utils <not-affected> (regex pattern rewrite)
	- python-mistral-lib 1.2.0-3
	[buster] - python-mistral-lib <no-dsa> (Minor issue)
	- mistral 5.1.0-2
	[stretch] - mistral <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: In mistral/5.0.0 the problematic code was moved to the python library.
	NOTE: To be apply the fixes in mistral/python-mistral-lib as pre-requiste the
	NOTE: python-oslo.utils package needs an update.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731
	NOTE: https://bugs.launchpad.net/tripleo/+bug/1850843
	NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221
	NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
	NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS vulnerability  ...)
	NOT-FOR-US: Quay
CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...)
	NOT-FOR-US: Quay
CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a multip ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://www.libssh2.org/CVE-2019-3863.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
	NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3862 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://libssh2.org/CVE-2019-3862.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
	NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3861 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://libssh2.org/CVE-2019-3861.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
	NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
	{DSA-4431-1 DLA-1730-4 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://libssh2.org/CVE-2019-3860.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
	NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...)
	{DSA-4431-1 DLA-1730-3 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://www.libssh2.org/CVE-2019-3859.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
	NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3858 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 when ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://libssh2.org/CVE-2019-3858.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
	NOTE: https://github.com/libssh2/libssh2/pull/316
CVE-2019-3857 (An integer overflow flaw which could lead to an out of bounds write wa ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://www.libssh2.org/CVE-2019-3857.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
	NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3856 (An integer overflow flaw, which could lead to an out of bounds write,  ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://www.libssh2.org/CVE-2019-3856.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
	NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds write wa ...)
	{DSA-4431-1 DLA-1730-1}
	- libssh2 1.8.0-2.1 (bug #924965)
	NOTE: https://www.libssh2.org/CVE-2019-3855.html
	NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
	NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3854
	REJECTED
CVE-2019-3853
	RESERVED
CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The get_with ...)
	- moodle <removed>
CVE-2019-3851 (A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. T ...)
	- moodle <removed>
CVE-2019-3850 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...)
	- moodle <removed>
CVE-2019-3849 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...)
	- moodle <removed>
CVE-2019-3848 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...)
	- moodle <removed>
CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...)
	- moodle <removed>
CVE-2019-3846 (A flaw that allowed an attacker to corrupt memory and possibly escalat ...)
	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
	- linux 4.19.37-4
	NOTE: https://lore.kernel.org/linux-wireless/20190529125220.17066-1-tiwai@suse.de/
CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...)
	NOT-FOR-US: qpid dispatch router
CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser propert ...)
	[experimental] - systemd 242-1
	- systemd 242-4 (bug #928102)
	[buster] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
	[stretch] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1684610
	NOTE: https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1771
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596
CVE-2019-3843 (It was discovered that a systemd service that uses DynamicUser propert ...)
	[experimental] - systemd 242-1
	- systemd 242-4 (bug #928102)
	[buster] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
	[stretch] - systemd <ignored> (Minor issue; exploit vector needs control both of the service and a helper outside)
	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/systemd/systemd/commit/3c27973b13724ede05a06a5d346a569794cda433
	NOTE: https://github.com/systemd/systemd/commit/f69567cbe26d09eac9d387c0be0fc32c65a83ada
	NOTE: https://github.com/systemd/systemd/commit/9d880b70ba5c6ca83c82952f4c90e86e56c7b70c
	NOTE: https://github.com/systemd/systemd/commit/7445db6eb70e8d5989f481d0c5a08ace7047ae5b
	NOTE: https://github.com/systemd/systemd/commit/62aa29247c3d74bcec0607c347f2be23cd90675d
	NOTE: https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1771
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596
	NOTE: https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)
CVE-2019-3842 (In systemd before v242-rc4, it was discovered that pam_systemd does no ...)
	{DSA-4428-1 DLA-1762-1}
	- systemd 241-3
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756
	NOTE: https://bugs.launchpad.net/bugs/1812316
	NOTE: https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a
CVE-2019-3841 (Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were re ...)
	NOT-FOR-US: KubeVirt
CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before versi ...)
	- libvirt 5.0.0-1
	[stretch] - libvirt <no-dsa> (Minor issue)
	[jessie] - libvirt <not-affected> (vulnerable code was introduced in 1.2.14)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1663051
	NOTE: https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
CVE-2019-3839 (It was found that in ghostscript some privileged operators remained ac ...)
	{DSA-4442-1 DLA-1792-1}
	- ghostscript 9.27~dfsg-1
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
	NOTE: To prevent pdf2dsc regression additionally:
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59
CVE-2019-3838 (It was found that the forceput operator could be extracted from the De ...)
	{DSA-4432-1 DLA-1761-1}
	[experimental] - ghostscript 9.27~~dc1~dfsg-1
	- ghostscript 9.27~dfsg-1 (bug #925257)
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd95bb01f0768bf273b2526732e381202319
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700576
CVE-2019-3837 (It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kern ...)
	- linux 3.13.4-1
	NOTE: https://git.kernel.org/linus/77873803363c9e831fc1d1e6895c084279090c22
	NOTE: https://git.kernel.org/linus/7bced397510ab569d31de4c70b39e13355046387
CVE-2019-3836 (It was discovered in gnutls before version 3.6.7 upstream that there i ...)
	[experimental] - gnutls28 3.6.7-1
	- gnutls28 3.6.7-2
	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced later in 3.6.4)
	[jessie] - gnutls28 <not-affected> (vulnerable code was introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678411
	NOTE: https://gitlab.com/gnutls/gnutls/issues/704
	NOTE: https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226
	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
	NOTE: Upstream versions affected are 3.6.4 and later before 3.6.7
CVE-2019-3835 (It was found that the superexec operator was available in the internal ...)
	{DSA-4432-1 DLA-1761-1}
	[experimental] - ghostscript 9.27~~dc1~dfsg-1
	- ghostscript 9.27~dfsg-1 (bug #925256)
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=205591753126802da850ada6511a0ff8411aa287
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6450d74619e6277efeebfc222d9a5cb91 (needed dependency)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700585
CVE-2019-3834 (It was found that the fix for CVE-2014-0114 had been reverted in JBoss ...)
	NOT-FOR-US: JBoss Operations Network 3 (JON) specific CVE assignment
CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to infin ...)
	- openwsman <itp> (bug #754501)
CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...)
	{DLA-1712-1}
	- libsndfile 1.0.28-6 (bug #922372)
	[stretch] - libsndfile <not-affected> (Incomplete fix for CVE-2018-19758 not applied)
	NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
	NOTE: https://github.com/erikd/libsndfile/pull/460
	NOTE: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008
CVE-2019-3831 (A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 an ...)
	- vdsm <itp> (bug #668538)
CVE-2019-3830 (A vulnerability was found in ceilometer before version 12.0.0.0rc1. An ...)
	- ceilometer 1:11.0.1-5 (bug #925298)
	[stretch] - ceilometer <not-affected> (Vulnerable code not present)
	[jessie] - ceilometer <not-affected> (vulnerable code is not present)
	NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/
	NOTE: Introduced in https://github.com/openstack/ceilometer/commit/50415c0d08a3199d2280f3638dd121779585f0fe (10.0.0.0)
	NOTE: Fixed in https://github.com/openstack/ceilometer/commit/8881a42af169a2d7c912b1434911f978883c83f3
CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.  ...)
	[experimental] - gnutls28 3.6.7-1
	- gnutls28 3.6.7-2
	[stretch] - gnutls28 <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - gnutls28 <not-affected> (vulnerable code was introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677048
	NOTE: https://gitlab.com/gnutls/gnutls/issues/694
	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0
	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392
	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6
	NOTE: Test: https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b
	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
	NOTE: Upstream versions affected are from 3.5.8 and before 3.6.7.
CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path  ...)
	{DSA-4396-1}
	- ansible 2.7.7+dfsg-1 (bug #922537)
	[jessie] - ansible <not-affected> (No remote expansion in fetch module)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676689
	NOTE: https://github.com/ansible/ansible/pull/52133
	NOTE: https://github.com/ansible/ansible/pull/68720 (CVE-2020-1735 follow-up)
	NOTE: Introduced in https://github.com/ansible/ansible/commit/bc4272d2a26e47418c7d588208482d05a34a34cd (1.8)
CVE-2019-3827 (An incorrect permission check in the admin backend in gvfs before vers ...)
	- gvfs 1.38.1-3 (bug #921816)
	[stretch] - gvfs <no-dsa> (Minor issue)
	[jessie] - gvfs <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.gnome.org/GNOME/gvfs/issues/355
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665578
	NOTE: Affecting gvfs since 1.29.4 where admin backend was introduced.
CVE-2019-3826 (A stored, DOM based, cross-site scripting (XSS) flaw was found in Prom ...)
	- prometheus 2.7.1+ds-1 (bug #921615)
	[stretch] - prometheus <not-affected> (Only affects 2.1.0 onwards)
	NOTE: https://github.com/prometheus/prometheus/pull/5163
CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed login  ...)
	- gdm3 3.30.2-3 (low; bug #921764)
	[stretch] - gdm3 <no-dsa> (Minor issue)
	[jessie] - gdm3 <ignored> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460
CVE-2019-3824 (A flaw was found in the way an LDAP search expression could crash the  ...)
	{DSA-4397-1 DLA-1699-1}
	- ldb 2:1.5.1+really1.4.3-2
	- samba 2:4.9.5+dfsg-1 (unimportant)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13773
	NOTE: Samba uses the System ldb library
CVE-2019-3823 (libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap ...)
	{DSA-4386-1 DLA-1672-1}
	- curl 7.64.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
	NOTE: Introduced by: https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a
CVE-2019-3822 (libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stac ...)
	{DSA-4386-1 DLA-1672-1}
	- curl 7.64.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc
	NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
CVE-2019-3821 (A flaw was found in the way civetweb frontend was handling requests fo ...)
	- ceph <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1656852
	NOTE: https://github.com/ceph/civetweb/pull/33
CVE-2019-3820 (It was discovered that the gnome-shell lock screen since version 3.15. ...)
	- gnome-shell 3.30.2-3 (bug #921490)
	[stretch] - gnome-shell <no-dsa> (Minor issue)
	[jessie] - gnome-shell <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://bugzilla.gnome.org/show_bug.cgi?id=745039
	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gnome-shell/commit/c79d24b60e773262091023feb6ee1b3deef1c471
	NOTE: Upstream issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
CVE-2019-3819 (A flaw was found in the Linux kernel in the function hid_debug_events_ ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.20-1
	[stretch] - linux 4.9.161-1
	NOTE: Proposed patch: https://marc.info/?l=linux-input&m=154841031101012&w=2
CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in Red Hat  ...)
	NOT-FOR-US: kube-rbac-proxy
CVE-2019-3817 (A use-after-free flaw has been discovered in libcomps before version 0 ...)
	NOT-FOR-US: libcomps
CVE-2019-3816 (Openwsman, versions up to and including 2.6.9, are vulnerable to arbit ...)
	- openwsman <itp> (bug #754501)
CVE-2019-3815 (A memory leak was discovered in the backport of fixes for CVE-2018-168 ...)
	{DLA-1711-1}
	- systemd <not-affected> (This only affected backports to older suites, not the version in sid)
	[stretch] - systemd 232-25+deb9u8
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666690
	NOTE: For stable it affected DSA-4367-1 and was corrected in DSA-4367-2
	NOTE: specifically the backport of the fix for CVE-2018-16864.
CVE-2019-3814 (It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 in ...)
	{DSA-4385-1 DLA-1667-1}
	- dovecot 1:2.3.4.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/05/1
CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-boun ...)
	{DSA-4375-1 DLA-1649-1}
	- spice 0.14.0-1.3 (bug #920762)
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371
CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerable to ...)
	{DSA-4454-1}
	- qemu 1:3.1+dfsg-5 (bug #922635)
	[jessie] - qemu <not-affected> (vulnerable code introduced later)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c
	NOTE: vulnerable code not present prior 2.6.50, introduced in
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=78c71af8049c40657b646d9dd722867fa15c0f1b
CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured with no ho ...)
	{DLA-1635-1}
	- sssd 2.2.0-1 (bug #919051)
	[buster] - sssd <no-dsa> (Minor issue)
	[stretch] - sssd <no-dsa> (Minor issue)
	NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901
	NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
	NOTE: Fixed by: https://github.com/SSSD/sssd/commit/90f32399b4100ce39cf665649fde82d215e5eb49 (master)
	NOTE: Fixed by: https://github.com/SSSD/sssd/commit/28792523a01a7d21bcc8931794164f253e691a68 (sssd-1-16)
CVE-2019-3810 (A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=381230#p1536767
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372
CVE-2019-3809 (A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsuppor ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=381229#p1536766
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
CVE-2019-3808 (A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
CVE-2019-3807 (An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1 ...)
	- pdns-recursor 4.1.9-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
CVE-2019-3806 (An issue has been found in PowerDNS Recursor versions after 4.1.3 befo ...)
	- pdns-recursor 4.1.9-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
CVE-2019-3805 (A flaw was discovered in wildfly versions up to 16.0.0.Final that woul ...)
	- wildfly <itp> (bug #752018)
CVE-2019-3804 (It was found that cockpit before version 184 used glib's base64 decode ...)
	- cockpit 184-1
	NOTE: https://github.com/cockpit-project/cockpit/pull/10819
	NOTE: https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user access t ...)
	NOT-FOR-US: Pivotal Concourse
CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.6, 2. ...)
	NOT-FOR-US: Pivotal Spring Data JPA
CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3800 (CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...)
	NOT-FOR-US: Spring Cloud Config
CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0,  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 2.1.5, 2. ...)
	NOT-FOR-US: Spring Data JPA
CVE-2019-3796
	REJECTED
CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...)
	{DLA-1794-1}
	- libspring-security-2.0-java <removed>
	NOTE: https://github.com/spring-projects/spring-security/commit/6f02f690ac65ccf99d8df47ac3d730a68f87c569
CVE-2019-3794 (Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME- ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3793 (Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, vers ...)
	NOT-FOR-US: Pivotal
CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...)
	NOT-FOR-US: Pivotal
CVE-2019-3791
	REJECTED
CVE-2019-3790 (The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x version ...)
	NOT-FOR-US: Pivotal Ops Manager
CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3788 (Cloud Foundry UAA Release, versions prior to 71.0, allows clients to b ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3787 (Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending & ...)
	NOT-FOR-US: Cloud Foundry UAA
CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3785 (Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an e ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3784 (Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure s ...)
	NOT-FOR-US: Cloud Foundry Stratos
CVE-2019-3783 (Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public  ...)
	NOT-FOR-US: Cloud Foundry Stratos
CVE-2019-3782 (Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writ ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3781 (Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passw ...)
	NOT-FOR-US: Cloud Foundry CLI
CVE-2019-3780 (Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3779 (Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kub ...)
	NOT-FOR-US: Cloud Foundry
CVE-2019-3778 (Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2 ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2019-3777 (Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3 ...)
	NOT-FOR-US: Pivotal
CVE-2019-3776 (Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x vers ...)
	NOT-FOR-US: Pivotal
CVE-2019-3775 (Cloud Foundry UAA, versions prior to v70.0, allows a user to update th ...)
	NOT-FOR-US: Cloud Foundry UAA
CVE-2019-3774 (Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versi ...)
	NOT-FOR-US: Spring Batch
CVE-2019-3773 (Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported vers ...)
	NOT-FOR-US: Spring Web Services
CVE-2019-3772 (Spring Integration (spring-integration-xml and spring-integration-ws m ...)
	NOT-FOR-US: Spring Integration
CVE-2019-3771
	RESERVED
CVE-2019-3770 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...)
	NOT-FOR-US: Dell
CVE-2019-3769 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...)
	NOT-FOR-US: Dell
CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an XML Ent ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)
	NOT-FOR-US: Dell ImageAssist
CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...)
	NOT-FOR-US: EMC
CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
	NOT-FOR-US: EMC
CVE-2019-3764 (Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to ...)
	NOT-FOR-US: EMC
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
	NOT-FOR-US: RSA
CVE-2019-3762 (Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 cont ...)
	NOT-FOR-US: Dell
CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
	NOT-FOR-US: RSA
CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
	NOT-FOR-US: RSA
CVE-2019-3759 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
	NOT-FOR-US: RSA
CVE-2019-3758 (RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper au ...)
	NOT-FOR-US: RSA
CVE-2019-3757
	RESERVED
CVE-2019-3756 (RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information ...)
	NOT-FOR-US: RSA
CVE-2019-3755
	RESERVED
CVE-2019-3754 (Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116,  ...)
	NOT-FOR-US: EMC
CVE-2019-3753 (Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K runn ...)
	NOT-FOR-US: EMC
CVE-2019-3752
	RESERVED
CVE-2019-3751 (Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0 ...)
	NOT-FOR-US: EMC
CVE-2019-3750 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...)
	NOT-FOR-US: Dell Command Update
CVE-2019-3749 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...)
	NOT-FOR-US: Dell Command Update
CVE-2019-3748
	RESERVED
CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...)
	NOT-FOR-US: EMC
CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...)
	NOT-FOR-US: EMC
CVE-2019-3745 (The vulnerability is limited to the installers of Dell Encryption Ente ...)
	NOT-FOR-US: Dell
CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...)
	NOT-FOR-US: Dell/Alienware Digital Delivery
CVE-2019-3743
	RESERVED
CVE-2019-3742 (Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a p ...)
	NOT-FOR-US: Dell/Alienware Digital Delivery
CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a  ...)
	NOT-FOR-US: EMC
CVE-2019-3740 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Inform ...)
	NOT-FOR-US: RSA
CVE-2019-3739 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Informati ...)
	NOT-FOR-US: RSA
CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing ...)
	NOT-FOR-US: RSA
CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by a ...)
	NOT-FOR-US: Dell EMC Avamar ADMe Web Interface
CVE-2019-3736 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...)
	NOT-FOR-US: EMC
CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist ...)
	NOT-FOR-US: Dell SupportAssist
CVE-2019-3734 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an ...)
	NOT-FOR-US: EMC
CVE-2019-3733 (RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vuln ...)
	NOT-FOR-US: RSA
CVE-2019-3732 (RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) ...)
	NOT-FOR-US: RSA
CVE-2019-3731 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro ...)
	NOT-FOR-US: RSA
CVE-2019-3730 (RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and ...)
	NOT-FOR-US: RSA
CVE-2019-3729 (RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x,  ...)
	NOT-FOR-US: RSA
CVE-2019-3728 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x)  ...)
	NOT-FOR-US: RSA
CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell EMC RecoverPoint
CVE-2019-3726 (An Uncontrolled Search Path Vulnerability is applicable to the followi ...)
	NOT-FOR-US: EMC
CVE-2019-3725 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...)
	NOT-FOR-US: RSA Netwitness Platform
CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an ...)
	NOT-FOR-US: RSA Netwitness Platform
CVE-2019-3723 (Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1. ...)
	NOT-FOR-US: Dell EMC OpenManage Server Administrator
CVE-2019-3722 (Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1. ...)
	NOT-FOR-US: Dell EMC OpenManage Server Administrator
CVE-2019-3721 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...)
	NOT-FOR-US: Dell
CVE-2019-3720 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...)
	NOT-FOR-US: Dell
CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote  ...)
	NOT-FOR-US: Dell
CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...)
	NOT-FOR-US: Dell
CVE-2019-3717 (Select Dell Client Commercial and Consumer platforms contain an Improp ...)
	NOT-FOR-US: Select Dell Client Commercial and Consumer platforms
CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...)
	NOT-FOR-US: RSA
CVE-2019-3715 (RSA Archer versions, prior to 6.5 SP1, contain an information exposure ...)
	NOT-FOR-US: RSA
CVE-2019-3714
	RESERVED
CVE-2019-3713
	RESERVED
CVE-2019-3712 (Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse Th ...)
	NOT-FOR-US: Dell
CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an Insecur ...)
	NOT-FOR-US: RSA
CVE-2019-3710 (Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptograp ...)
	NOT-FOR-US: Dell Networking OS10
CVE-2019-3709 (IsilonSD Management Server 1.1.0 contains a cross-site scripting vulne ...)
	NOT-FOR-US: IsilonSD Management Server
CVE-2019-3708 (IsilonSD Management Server 1.1.0 contains a cross-site scripting vulne ...)
	NOT-FOR-US: IsilonSD Management Server
CVE-2019-3707 (Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication ...)
	NOT-FOR-US: EMC
CVE-2019-3706 (Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 a ...)
	NOT-FOR-US: EMC
CVE-2019-3705 (Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior t ...)
	NOT-FOR-US: EMC
CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1 ...)
	NOT-FOR-US: EMC
CVE-2019-3703
	RESERVED
CVE-2019-3702 (A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon ...)
	NOT-FOR-US: Lifesize
CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.20-1 (unimportant)
	[stretch] - linux 4.9.161-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
	NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...)
	NOT-FOR-US: yast2
CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
	NOT-FOR-US: SUSE-specific privoxy issue
CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob sh ...)
	NOT-FOR-US: SUSE-specific Nagios issue
CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
	NOT-FOR-US: SuSE-specific issue in gnump3d (removed for a decade from Debian)
CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vulnerab ...)
	NOT-FOR-US: SAP
CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the packagin ...)
	NOT-FOR-US: SAP
CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
	NOT-FOR-US: SuSE packaging of munin
CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE  ...)
	NOT-FOR-US: SuSE packaging of mailman
CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...)
	NOT-FOR-US: SUSE packaging of inn
CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
	NOT-FOR-US: SUSE packaging of munge
CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...)
	NOT-FOR-US: SuSE-specific tool
CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...)
	{DLA-1965-1}
	- nfs-utils 1:1.3.4-3 (bug #940848)
	[buster] - nfs-utils <no-dsa> (Minor issue)
	[stretch] - nfs-utils <no-dsa> (Minor issue)
	NOTE: https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e
CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
	- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
	- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...)
	NOT-FOR-US: SuSE
CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
	- openqa <itp> (bug #840253)
CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
	- osc <not-affected> (Affects 0.165.x only, bug #941667)
CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
	NOT-FOR-US: SUSE Manager
CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before  ...)
	NOT-FOR-US: SuSE Openstack Cloud
CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
	NOT-FOR-US: SuSE
CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
	TODO: check
CVE-2019-3680
	RESERVED
CVE-2019-3679
	RESERVED
CVE-2019-3678
	RESERVED
CVE-2019-3677
	RESERVED
CVE-2019-3676
	RESERVED
CVE-2019-3675
	RESERVED
CVE-2019-3674
	RESERVED
CVE-2019-3673
	RESERVED
CVE-2019-3672
	RESERVED
CVE-2019-3671
	RESERVED
CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in McAfee Web ...)
	NOT-FOR-US: McAfee
CVE-2019-3669
	RESERVED
CVE-2019-3668
	RESERVED
CVE-2019-3667 (DLL Search Order Hijacking vulnerability in the Microsoft Windows clie ...)
	NOT-FOR-US: McAfee
CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...)
	NOT-FOR-US: McAfee
CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...)
	NOT-FOR-US: McAfee
CVE-2019-3664
	RESERVED
CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...)
	NOT-FOR-US: McAfee
CVE-2019-3662 (Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Adva ...)
	NOT-FOR-US: McAfee
CVE-2019-3661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
	NOT-FOR-US: McAfee
CVE-2019-3660 (Improper Neutralization of HTTP requests in McAfee Advanced Threat Def ...)
	NOT-FOR-US: McAfee
CVE-2019-3659
	RESERVED
CVE-2019-3658
	RESERVED
CVE-2019-3657
	RESERVED
CVE-2019-3656
	RESERVED
CVE-2019-3655
	RESERVED
CVE-2019-3654 (Authentication Bypass vulnerability in the Microsoft Windows client in ...)
	NOT-FOR-US: McAfee
CVE-2019-3653 (Improper access control vulnerability in Configuration tool in McAfee  ...)
	NOT-FOR-US: McAfee Endpoint Security (ENS)
CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Securit ...)
	NOT-FOR-US: McAfee Endpoint Security (ENS)
CVE-2019-3651 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
	NOT-FOR-US: McAfee
CVE-2019-3650 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
	NOT-FOR-US: McAfee
CVE-2019-3649 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...)
	NOT-FOR-US: McAfee
CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows client i ...)
	NOT-FOR-US: McAfee Total Protection
CVE-2019-3647
	RESERVED
CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
	NOT-FOR-US: McAfee
CVE-2019-3645
	RESERVED
CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
	NOT-FOR-US: McAfee
CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
	NOT-FOR-US: McAfee
CVE-2019-3642
	RESERVED
CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE server in  ...)
	NOT-FOR-US: McAfee
CVE-2019-3640 (Unprotected Transport of Credentials in ePO extension in McAfee Data L ...)
	NOT-FOR-US: McAfee
CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...)
	NOT-FOR-US: McAfee
CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...)
	NOT-FOR-US: McAfee
CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.20 ...)
	NOT-FOR-US: McAfee
CVE-2019-3636 (A File Masquerade vulnerability in McAfee Total Protection (MTP) versi ...)
	NOT-FOR-US: McAfee
CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8. ...)
	NOT-FOR-US: McAfee
CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
	NOT-FOR-US: McAfee
CVE-2019-3633 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
	NOT-FOR-US: McAfee
CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security Manage ...)
	NOT-FOR-US: McAfee
CVE-2019-3631 (Command Injection vulnerability in McAfee Enterprise Security Manager  ...)
	NOT-FOR-US: McAfee
CVE-2019-3630 (Command Injection vulnerability in McAfee Enterprise Security Manager  ...)
	NOT-FOR-US: McAfee
CVE-2019-3629 (Application protection bypass vulnerability in McAfee Enterprise Secur ...)
	NOT-FOR-US: McAfee
CVE-2019-3628 (Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x  ...)
	NOT-FOR-US: McAfee
CVE-2019-3627
	RESERVED
CVE-2019-3626
	RESERVED
CVE-2019-3625
	RESERVED
CVE-2019-3624
	RESERVED
CVE-2019-3623
	RESERVED
CVE-2019-3622 (Files or Directories Accessible to External Parties in McAfee Data Los ...)
	NOT-FOR-US: McAfee
CVE-2019-3621 (Authentication protection bypass vulnerability in McAfee Data Loss Pre ...)
	NOT-FOR-US: McAfee
CVE-2019-3620
	RESERVED
CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...)
	NOT-FOR-US: McAfee
CVE-2019-3618
	RESERVED
CVE-2019-3617 (Privilege escalation vulnerability in McAfee Total Protection (ToPS) f ...)
	NOT-FOR-US: McAfee
CVE-2019-3616
	RESERVED
CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee Data ...)
	NOT-FOR-US: McAfee
CVE-2019-3614
	RESERVED
CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to ...)
	NOT-FOR-US: McAfee
CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
	NOT-FOR-US: McAFee
CVE-2019-3611
	RESERVED
CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
	NOT-FOR-US: McAfee True Key
CVE-2019-3609
	RESERVED
CVE-2019-3608
	RESERVED
CVE-2019-3607
	RESERVED
CVE-2019-3606 (Data Leakage Attacks vulnerability in the web portal component when in ...)
	NOT-FOR-US: McAfee
CVE-2019-3605
	RESERVED
CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) ...)
	NOT-FOR-US: McAfee
CVE-2019-3603
	RESERVED
CVE-2019-3602 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
	NOT-FOR-US: McAfee
CVE-2019-3601
	RESERVED
CVE-2019-3600
	RESERVED
CVE-2019-3599 (Information Disclosure vulnerability in Remote logging (which is disab ...)
	NOT-FOR-US: McAfee Agent
CVE-2019-3598 (Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x all ...)
	NOT-FOR-US: McAfee Agent
CVE-2019-3597 (Authentication Bypass vulnerability in McAfee Network Security Manager ...)
	NOT-FOR-US: McAfee
CVE-2019-3596
	RESERVED
CVE-2019-3595 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
	NOT-FOR-US: McAfee
CVE-2019-3594
	RESERVED
CVE-2019-3593 (Exploitation of Privilege/Trust vulnerability in Microsoft Windows cli ...)
	NOT-FOR-US: McAfee
CVE-2019-3592 (Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 H ...)
	NOT-FOR-US: McAfee
CVE-2019-3591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
	NOT-FOR-US: McAfee
CVE-2019-3590
	RESERVED
CVE-2019-3589
	RESERVED
CVE-2019-3588 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
	NOT-FOR-US: McAfee
CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
	NOT-FOR-US: McAfee
CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...)
	NOT-FOR-US: McAfee
CVE-2019-3585 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
	NOT-FOR-US: McAfee
CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...)
	NOT-FOR-US: McAfee
CVE-2019-3583
	RESERVED
CVE-2019-3582 (Privilege Escalation vulnerability in Microsoft Windows client in McAf ...)
	NOT-FOR-US: McAfee
CVE-2019-3581 (Improper input validation in the proxy component of McAfee Web Gateway ...)
	NOT-FOR-US: McAfee
CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Pl ...)
	NOT-FOR-US: Reporting Addon for CUBA Platform
CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...)
	{DLA-1706-1}
	- poppler 0.71.0-4 (low; bug #918158)
	[stretch] - poppler <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory T ...)
	NOT-FOR-US: OpenRefine
CVE-2019-3579 (MyBB 1.8.19 allows remote attackers to obtain sensitive information be ...)
	NOT-FOR-US: MyBB
CVE-2019-3578 (MyBB 1.8.19 has XSS in the resetpassword function. ...)
	NOT-FOR-US: MyBB
CVE-2019-3577 (An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/P ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that can l ...)
	NOT-FOR-US: inxedu
CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary pytho ...)
	NOT-FOR-US: Sqla_yaml_fixtures
CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the func ...)
	- libsixel 1.8.2-2 (low; bug #922460)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function sixel_de ...)
	- libsixel 1.8.2-2 (low; bug #922460)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <postponed> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/83
CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/169
CVE-2019-3571 (An input validation issue affected WhatsApp Desktop versions prior to  ...)
	NOT-FOR-US: WhatsApp Desktop
CVE-2019-3570 (Call to the scrypt_enc() function in HHVM can lead to heap corruption  ...)
	- hhvm <removed>
	NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
CVE-2019-3569 (HHVM, when used with FastCGI, would bind by default to all available i ...)
	- hhvm <removed>
	NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote  ...)
	NOT-FOR-US: Whatsapp
CVE-2019-3567 (In some configurations an attacker can inject a new executable path in ...)
	NOT-FOR-US: osquery
CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...)
	NOT-FOR-US: WhatsApp for Android
CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
	NOT-FOR-US: Thrift servers
CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...)
	NOT-FOR-US: Thrift servers
CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
	NOT-FOR-US: Facebook Wangle
CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
	NOT-FOR-US: Oculus Browser UI
CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functions al ...)
	- hhvm <removed>
CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
	NOT-FOR-US: Fizz
CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...)
	NOT-FOR-US: Thrift servers
CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...)
	NOT-FOR-US: Thrift servers
CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...)
	- hhvm <removed>
CVE-2019-3556
	RESERVED
CVE-2019-3555
	RESERVED
CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...)
	NOT-FOR-US: Facebook Wangle
CVE-2019-3553 (C++ Facebook Thrift servers would not error upon receiving messages de ...)
	NOT-FOR-US: Thrift servers
CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...)
	NOT-FOR-US: Thrift servers
CVE-2019-3551
	RESERVED
CVE-2019-3550
	RESERVED
CVE-2019-3549
	RESERVED
CVE-2019-3548
	RESERVED
CVE-2019-3547
	RESERVED
CVE-2019-3546
	RESERVED
CVE-2019-3545
	RESERVED
CVE-2019-3544
	RESERVED
CVE-2019-3543
	RESERVED
CVE-2019-3542
	RESERVED
CVE-2019-3541
	RESERVED
CVE-2019-3540
	RESERVED
CVE-2019-3539
	RESERVED
CVE-2019-3538
	RESERVED
CVE-2019-3537
	RESERVED
CVE-2019-3536
	RESERVED
CVE-2019-3535
	RESERVED
CVE-2019-3534
	RESERVED
CVE-2019-3533
	RESERVED
CVE-2019-3532
	RESERVED
CVE-2019-3531
	RESERVED
CVE-2019-3530
	RESERVED
CVE-2019-3529
	RESERVED
CVE-2019-3528
	RESERVED
CVE-2019-3527
	RESERVED
CVE-2019-3526
	RESERVED
CVE-2019-3525
	RESERVED
CVE-2019-3524
	RESERVED
CVE-2019-3523
	RESERVED
CVE-2019-3522
	RESERVED
CVE-2019-3521
	RESERVED
CVE-2019-3520
	RESERVED
CVE-2019-3519
	RESERVED
CVE-2019-3518
	RESERVED
CVE-2019-3517
	RESERVED
CVE-2019-3516
	RESERVED
CVE-2019-3515
	RESERVED
CVE-2019-3514
	RESERVED
CVE-2019-3513
	RESERVED
CVE-2019-3512
	RESERVED
CVE-2019-3511
	RESERVED
CVE-2019-3510
	RESERVED
CVE-2019-3509
	RESERVED
CVE-2019-3508
	RESERVED
CVE-2019-3507
	RESERVED
CVE-2019-3506
	RESERVED
CVE-2019-3505
	RESERVED
CVE-2019-3504
	RESERVED
CVE-2019-3503
	RESERVED
CVE-2019-3502
	RESERVED
CVE-2019-3501 (The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted ...)
	NOT-FOR-US: OUGC Awards plugin for MyBB
CVE-2018-20661
	RESERVED
CVE-2018-20660
	RESERVED
CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
	NOT-FOR-US: Core FTP
CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...)
	NOTE: Short-lived, small  memleak, not considered a real bug by upstream
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
CVE-2018-20656
	RESERVED
CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size check when ...)
	NOT-FOR-US: WhatsApp
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...)
	{DLA-1636-1}
	- aria2 1.34.0-4 (low; bug #918058)
	[stretch] - aria2 <no-dsa> (Minor issue)
	NOTE: https://github.com/aria2/aria2/issues/1329
	NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL):
	NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
CVE-2019-3499
	RESERVED
CVE-2019-3498 (In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before ...)
	{DSA-4363-1 DLA-1629-1}
	- python-django 1:1.11.18-1 (bug #918230)
	NOTE: https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
	NOTE: https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a (1.11.x)
	NOTE: https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b (2.1.x)
CVE-2018-20654
	RESERVED
CVE-2019-3497 (An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x ...)
	NOT-FOR-US: Wifi-soft UniBox controller devices
CVE-2019-3496 (An issue was discovered on Wifi-soft UniBox controller 3.x devices. Th ...)
	NOT-FOR-US: Wifi-soft UniBox controller devices
CVE-2019-3495 (An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x ...)
	NOT-FOR-US: Wifi-soft UniBox controller devices
CVE-2019-3494 (Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteC ...)
	NOT-FOR-US: Simply-Blog
CVE-2018-20653
	RESERVED
CVE-2018-20652 (An attempted excessive memory allocation was discovered in the functio ...)
	NOT-FOR-US: tinyexr
CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object_symbo ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
	NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
	{DLA-1939-1}
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #917974)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
CVE-2018-20649
	RESERVED
CVE-2018-20648 (PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forger ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20647 (PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20646 (PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal vi ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20645 (PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the Fir ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20644 (PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20643 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory tr ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20642 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote at ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20641 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site R ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20640 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20639 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injecti ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20638 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has dire ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2018-20637 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows r ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2018-20636 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2018-20635 (PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via  ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20634 (PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to c ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20633 (PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forge ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20632 (PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Script ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20631 (PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosu ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-20630 (PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory trave ...)
	NOT-FOR-US: PHP Scripts Mall Advance Crowdfunding Script
CVE-2018-20629 (PHP Scripts Mall Charity Donation Script readymadeb2bscript has direct ...)
	NOT-FOR-US: PHP Scripts Mall Charity Donation Script readymadeb2bscript
CVE-2018-20628 (PHP Scripts Mall Charity Foundation Script 1 through 3 allows director ...)
	NOT-FOR-US: PHP Scripts Mall Charity Foundation Script
CVE-2018-20627 (PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via  ...)
	NOT-FOR-US: PHP Scripts Mall Consumer Reviews Script
CVE-2018-20626 (PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal ...)
	NOT-FOR-US: PHP Scripts Mall Consumer Reviews Script
CVE-2018-20625
	RESERVED
CVE-2018-20624
	RESERVED
CVE-2019-3493 (A potential security vulnerability has been identified in Micro Focus  ...)
	NOT-FOR-US: Micro Focus
CVE-2019-3492
	RESERVED
CVE-2019-3491
	RESERVED
CVE-2019-3490 (A DOM based XSS vulnerability has been identified in the Netstorage co ...)
	NOT-FOR-US: Micro Focus Netstorage
CVE-2019-3489 (An unauthenticated file upload vulnerability has been identified in th ...)
	NOT-FOR-US: Micro Focus Content Manager
CVE-2019-3488
	RESERVED
CVE-2019-3487
	RESERVED
CVE-2019-3486 (Mitigates a stored cross site scripting issue in ArcSight Security Man ...)
	NOT-FOR-US: ArcSight Security Management Center
CVE-2019-3485 (Mitigates a stored cross site scripting issue in ArcSight Logger versi ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger versions pr ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight Logger ver ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3482 (Mitigates a directory traversal issue in ArcSight Logger versions prio ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3481 (Mitigates a XML External Entity Parsing issue in ArcSight Logger versi ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3480 (Mitigates a stored/reflected XSS issue in ArcSight Logger versions pri ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Logger v ...)
	NOT-FOR-US: ArcSight Logger
CVE-2019-3478
	RESERVED
CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 is susc ...)
	NOT-FOR-US: Micro Focus Solution Business Manager
CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...)
	NOT-FOR-US: Micro Focus Data Protector
CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...)
	NOT-FOR-US: Micro Focus Filr
CVE-2019-3474 (A path traversal vulnerability in the web application component of Mic ...)
	NOT-FOR-US: Micro Focus Filr
CVE-2019-3473
	REJECTED
CVE-2019-3472
	REJECTED
CVE-2019-3471
	REJECTED
CVE-2019-3470
	REJECTED
CVE-2019-3469
	REJECTED
CVE-2019-3468
	REJECTED
CVE-2019-3466 (The pg_ctlcluster script in postgresql-common in versions prior to 210 ...)
	{DSA-4568-1 DLA-1994-1}
	- postgresql-common 210
	NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c
	NOTE: https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/
CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...)
	{DSA-4560-1 DLA-1983-1}
	- simplesamlphp 1.17.6-2 (bug #944107)
	NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ
	NOTE: https://simplesamlphp.org/security/201911-01
CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...)
	{DSA-4382-1 DLA-1660-1}
	- rssh 2.3.4-10
CVE-2019-3463 (Insufficient sanitization of arguments passed to rsync can bypass the  ...)
	{DSA-4382-1 DLA-1660-1}
	- rssh 2.3.4-10
CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport metho ...)
	{DSA-4371-1 DLA-1637-1}
	- apt 1.8.0~alpha3.1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353
	NOTE: https://justi.cz/security/2019/01/22/apt-rce.html
CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a ...)
	{DSA-4365-1 DLA-1640-1}
	- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...)
	{DLA-1799-1 DLA-1771-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
	NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...)
	{DLA-1799-1 DLA-1771-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
	NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
CVE-2019-3458
	RESERVED
CVE-2019-3457
	RESERVED
CVE-2019-3456
	RESERVED
CVE-2019-3455
	RESERVED
CVE-2019-3454
	RESERVED
CVE-2019-3453
	RESERVED
CVE-2019-3452
	RESERVED
CVE-2019-3451
	RESERVED
CVE-2019-3450
	RESERVED
CVE-2019-3449
	RESERVED
CVE-2019-3448
	RESERVED
CVE-2019-3447
	RESERVED
CVE-2019-3446
	RESERVED
CVE-2019-3445
	RESERVED
CVE-2019-3444
	RESERVED
CVE-2019-3443
	RESERVED
CVE-2019-3442
	RESERVED
CVE-2019-3441
	RESERVED
CVE-2019-3440
	RESERVED
CVE-2019-3439
	RESERVED
CVE-2019-3438
	RESERVED
CVE-2019-3437
	RESERVED
CVE-2019-3436
	RESERVED
CVE-2019-3435
	RESERVED
CVE-2019-3434
	RESERVED
CVE-2019-3433
	RESERVED
CVE-2019-3432
	RESERVED
CVE-2019-3431 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
	NOT-FOR-US: ZTE
CVE-2019-3430 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
	NOT-FOR-US: ZTE
CVE-2019-3429 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
	NOT-FOR-US: ZTE
CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
	NOT-FOR-US: ZTE
CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
	NOT-FOR-US: ZTE
CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
	NOT-FOR-US: ZTE
CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
	NOT-FOR-US: ZTE
CVE-2019-3424 (authentication issues vulnerability, which exists in V2.1.14 and below ...)
	NOT-FOR-US: C520V21 smart camera devices
CVE-2019-3423 (permission and access control vulnerability, which exists in V2.1.14 a ...)
	NOT-FOR-US: C520V21 smart camera devices
CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...)
	NOT-FOR-US: ZTE
CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
	NOT-FOR-US: ZTE
CVE-2019-3420 (All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impa ...)
	NOT-FOR-US: ZTE
CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...)
	NOT-FOR-US: ZTE
CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2019-3416 (All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impa ...)
	NOT-FOR-US: ZTE
CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
	NOT-FOR-US: ZTE
CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...)
	NOT-FOR-US: ZTE
CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an  ...)
	NOT-FOR-US: ZTE
CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...)
	NOT-FOR-US: ZTE
CVE-2019-3411 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by in ...)
	NOT-FOR-US: ZTE
CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
	NOT-FOR-US: ZTE
CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
	NOT-FOR-US: ZTE
CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error functio ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
	NOTE: binutils not covered by security support
CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a wh ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/193
CVE-2018-20621 (An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe s ...)
	NOT-FOR-US: Microvirt MEmu
CVE-2018-20620
	RESERVED
CVE-2018-20619
	RESERVED
CVE-2018-20618 (ok-file-formats through 2018-10-16 has a heap-based buffer over-read i ...)
	NOT-FOR-US: ok-file-formats
CVE-2018-20617 (ok-file-formats through 2018-10-16 has a heap-based buffer overflow in ...)
	NOT-FOR-US: ok-file-formats
CVE-2018-20616 (ok-file-formats through 2018-10-16 has a heap-based buffer overflow in ...)
	NOT-FOR-US: ok-file-formats
CVE-2018-20615 (An out-of-bounds read issue was discovered in the HTTP/2 protocol deco ...)
	- haproxy 1.8.16-2
	[stretch] - haproxy <not-affected> (Vulnerable code introduced later)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/haproxy/haproxy/commit/a01f45e3ced23c799f6e78b5efdbd32198a75354
CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote attackers to rel ...)
	NOT-FOR-US: CIM
CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
	NOT-FOR-US: TEMMOKU
CVE-2018-20612 (UWA 2.3.11 allows index.php?g=admin&amp;c=admin&amp;a=add_admin_do CSR ...)
	NOT-FOR-US: UWA
CVE-2018-20611 (imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo ...)
	NOT-FOR-US: imcat
CVE-2018-20610 (imcat 4.4 allows directory traversal via the root/run/adm.php efile pa ...)
	NOT-FOR-US: imcat
CVE-2018-20609 (imcat 4.4 allows remote attackers to obtain potentially sensitive conf ...)
	NOT-FOR-US: imcat
CVE-2018-20608 (imcat 4.4 allows remote attackers to read phpinfo output via the root/ ...)
	NOT-FOR-US: imcat
CVE-2018-20607 (imcat 4.4 allows remote attackers to obtain potentially sensitive debu ...)
	NOT-FOR-US: imcat
CVE-2018-20606 (imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&amp;a ...)
	NOT-FOR-US: imcat
CVE-2018-20605 (imcat 4.4 allows remote attackers to execute arbitrary PHP code by usi ...)
	NOT-FOR-US: imcat
CVE-2018-20604 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via craft ...)
	NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20603 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html  ...)
	NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20602 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the  ...)
	NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20601 (UCMS 1.4.7 has XSS via the description parameter in an index.php list_ ...)
	NOT-FOR-US: UCMS
CVE-2018-20600 (sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit a ...)
	NOT-FOR-US: UCMS
CVE-2018-20599 (UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by en ...)
	NOT-FOR-US: UCMS
CVE-2018-20598 (UCMS 1.4.7 has ?do=user_addpost CSRF. ...)
	NOT-FOR-US: UCMS
CVE-2018-20597 (UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileed ...)
	NOT-FOR-US: UCMS
CVE-2018-20596 (Jspxcms v9.0.0 allows SSRF. ...)
	NOT-FOR-US: Jspxcms
CVE-2018-20595 (A CSRF issue was discovered in web/authorization/oauth2/controller/OAu ...)
	NOT-FOR-US: hsweb
CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerab ...)
	NOT-FOR-US: hsweb
CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in  ...)
	- mxml <unfixed> (low; bug #924353)
	[buster] - mxml <ignored> (Minor issue)
	[stretch] - mxml <ignored> (Minor issue)
	[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err (error output)
	NOTE: https://github.com/michaelrsweet/mxml/issues/237
	NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...)
	- mxml <unfixed> (low; bug #924353)
	[buster] - mxml <ignored> (Minor issue)
	[stretch] - mxml <ignored> (Minor issue)
	[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err (error output)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err (error output)
	NOTE: https://github.com/michaelrsweet/mxml/issues/237
	NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
CVE-2018-20591 (A heap-based buffer over-read was discovered in decompileJUMP function ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/168
CVE-2018-20590 (Ivan Cordoba Generic Content Management System (CMS) through 2018-04-2 ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20589 (Ivan Cordoba Generic Content Management System (CMS) through 2018-04-2 ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-a ...)
	NOT-FOR-US: otfcc
CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...)
	- bitcoin <unfixed>
	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...)
	- bitcoin 0.17.1~dfsg-1
CVE-2018-20585
	RESERVED
CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of service (ap ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/192
CVE-2018-20583 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark  ...)
	NOT-FOR-US: PHP League CommonMark library
CVE-2018-20582 (The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suff ...)
	NOT-FOR-US: GREE+ (aka com.gree.greeplus) application
CVE-2018-20581
	RESERVED
CVE-2018-20580 (The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 al ...)
	NOT-FOR-US: SmartBear ReadyAPI
CVE-2018-20579 (Contiki-NG before 4.2 has a stack-based buffer overflow in the push fu ...)
	NOT-FOR-US: Contiki-NG
CVE-2018-20578 (An issue was discovered in NuttX before 7.27. The function netlib_pars ...)
	NOT-FOR-US: NuttX
CVE-2018-20577 (Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/f ...)
	NOT-FOR-US: Orange Livebox 00.96.320S devices
CVE-2018-20576 (Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cg ...)
	NOT-FOR-US: Orange Livebox 00.96.320S devices
CVE-2018-20575 (Orange Livebox 00.96.320S devices have an undocumented /system_firmwar ...)
	NOT-FOR-US: Orange Livebox 00.96.320S devices
CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C ...)
	- yaml-cpp 0.6.3-1 (low; bug #918145)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <postponed> (Minor issue)
	- yaml-cpp0.3 <removed> (low; bug #918146)
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <postponed> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/654
CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++ ...)
	- yaml-cpp 0.6.3-1 (low; bug #918147)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <postponed> (Minor issue)
	- yaml-cpp0.3 <removed> (low; bug #918148)
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <postponed> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/655
CVE-2018-20572 (WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL inj ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a cr ...)
	NOT-FOR-US: DamiCMS
CVE-2018-20570 (jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer o ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/191
CVE-2018-20569 (user/index.php in Ivan Cordoba Generic Content Management System (CMS) ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20568 (Administrator/index.php in Ivan Cordoba Generic Content Management Sys ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20567 (An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.p ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20566 (An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full p ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20565 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?re ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20564 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_ca ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20563 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20562 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_ca ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20561 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.ph ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20560 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?r ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20559 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.ph ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20558 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20557 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?r ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20556 (SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordP ...)
	NOT-FOR-US: Booking Calendar plugin for WordPress
CVE-2018-20555 (The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress all ...)
	NOT-FOR-US: Design Chemical Social Network Tabs plugin for WordPress
CVE-2018-20554
	RESERVED
CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len  ...)
	- tcpreplay 4.3.1-1 (low; bug #917574)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (hard to exploit)
	NOTE: https://github.com/appneta/tcpreplay/issues/530
	NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
	NOTE: initial set of fixes got additional hardening, see:
	NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
	NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tre ...)
	- tcpreplay 4.3.1-1 (low; bug #917574)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (hard to exploit)
	NOTE: https://github.com/appneta/tcpreplay/issues/530
	NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
	NOTE: initial set of fixes got additional hardening, see:
	NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
	NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-1000893
	RESERVED
CVE-2018-1000892
	RESERVED
CVE-2018-1000891
	RESERVED
CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows attac ...)
	- poppler 0.71.0-4 (low; bug #917525)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <not-affected> (vulnerable code is not present)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/703
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7f87dc10b6adccd6d1b977a28b064add254aa2da
CVE-2018-20550
	RESERVED
CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c (function caca_ ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
	NOTE: https://github.com/cacalabs/libcaca/issues/41
	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
CVE-2018-20548 (There is an illegal WRITE memory access at common-image.c (function lo ...)
	- libcaca 0.99.beta19-2.1 (unimportant; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652625
	NOTE: https://github.com/cacalabs/libcaca/issues/40
	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/f6c61faa26b3e150c3daf514589afa737f42f152
	NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
	NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c (function get_ ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
	NOTE: https://github.com/cacalabs/libcaca/issues/39
	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c (function get_ ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
	NOTE: https://github.com/cacalabs/libcaca/issues/38
	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20545 (There is an illegal WRITE memory access at common-image.c (function lo ...)
	- libcaca 0.99.beta19-2.1 (unimportant; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652621
	NOTE: https://github.com/cacalabs/libcaca/issues/37
	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/f6c61faa26b3e150c3daf514589afa737f42f152
	NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
	NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20544 (There is floating point exception at caca/dither.c (function caca_dith ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
	NOTE: https://github.com/cacalabs/libcaca/issues/36
	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c
CVE-2018-20543 (There is an attempted excessive memory allocation at libxsmm_sparse_cs ...)
	- libxsmm <unfixed> (bug #917573)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652634
CVE-2018-20542 (There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c ...)
	- libxsmm <unfixed> (bug #917526)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652633
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652635
	NOTE: https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
	NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20541 (There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at  ...)
	- libxsmm <unfixed> (bug #917526)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652632
	NOTE: https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
	NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8 ...)
	- liblas 1.8.1-10 (low; bug #922459)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/158
	NOTE: https://github.com/libLAS/libLAS/commit/ba7346d349fb00b18d0c12e226ac3090eac25d7b
CVE-2018-20539 (There is a Segmentation fault triggered by illegal address access at l ...)
	- liblas <removed> (low; bug #924614)
	[buster] - liblas <ignored> (Minor issue)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/159
	NOTE: https://github.com/libLAS/libLAS/pull/183
	NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9
CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
	- nasm <unfixed> (unimportant; bug #918269)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20537 (There is a NULL pointer dereference at liblas::SpatialReference::GetGT ...)
	- liblas <removed> (low; bug #924614)
	[buster] - liblas <ignored> (Minor issue)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/160
	NOTE: https://github.com/libLAS/libLAS/pull/184
	NOTE: https://github.com/libLAS/libLAS/commit/1e854ec110d9bcebcae9db3136953c873f919235
CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReference::Ge ...)
	- liblas <removed> (low; bug #924614)
	[buster] - liblas <ignored> (Minor issue)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/161
	NOTE: https://github.com/libLAS/libLAS/pull/183
	NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
	- nasm <unfixed> (unimportant; bug #918270)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...)
	- libsolv 0.6.36-1 (unimportant; bug #923002)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652604
	NOTE: https://github.com/openSUSE/libsolv/pull/291
	NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
	NOTE: Only affects the test suite
CVE-2018-20533 (There is a NULL pointer dereference at ext/testcase.c (function testca ...)
	- libsolv 0.6.36-1 (low; bug #923002)
	[buster] - libsolv <ignored> (Minor issue)
	[stretch] - libsolv <ignored> (Minor issue)
	[jessie] - libsolv <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652599
	NOTE: https://github.com/openSUSE/libsolv/pull/291
	NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20532 (There is a NULL pointer dereference at ext/testcase.c (function testca ...)
	- libsolv 0.6.36-1 (low; bug #923002)
	[buster] - libsolv <ignored> (Minor issue)
	[stretch] - libsolv <ignored> (Minor issue)
	[jessie] - libsolv <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652605
	NOTE: https://github.com/openSUSE/libsolv/pull/291
	NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20531
	RESERVED
CVE-2018-20530 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile fie ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-20529
	RESERVED
CVE-2018-20528 (JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter ...)
	NOT-FOR-US: JEECMS
CVE-2018-20527
	RESERVED
CVE-2018-20526 (Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. ...)
	NOT-FOR-US: Roxy Fileman
CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile ...)
	NOT-FOR-US: Roxy Fileman
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted us ...)
	NOT-FOR-US: Chat Anywhere Chrome extension
CVE-2018-20523 (Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and o ...)
	NOT-FOR-US: Xiaomi
CVE-2018-20522
	RESERVED
CVE-2018-20521
	RESERVED
CVE-2018-20520 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a r ...)
	NOT-FOR-US: MiniCMS
CVE-2018-20519 (An issue was discovered in 74cms v4.2.111. It allows remote authentica ...)
	NOT-FOR-US: 74cms
CVE-2018-20518
	RESERVED
CVE-2018-20517
	RESERVED
CVE-2018-20516
	RESERVED
CVE-2018-20515
	RESERVED
CVE-2018-20514
	RESERVED
CVE-2018-20513
	RESERVED
CVE-2018-20512 (EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privi ...)
	NOT-FOR-US: EPON CPE-WiFi devices
CVE-2018-20510 (The print_binder_transaction_ilocked function in drivers/android/binde ...)
	- linux 4.16.5-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux 3.16.57-1
	NOTE: https://git.kernel.org/linus/8ca86f1639ec5890d400fff9211aca22d0a392eb
CVE-2018-20509 (The print_binder_ref_olocked function in drivers/android/binder.c in t ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux <ignored> (debugfs restricted to root by default)
	NOTE: https://security.netapp.com/advisory/ntap-20190517-0002/
CVE-2018-20508 (CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This  ...)
	NOT-FOR-US: CrashFix
CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulner ...)
	- frontaccounting <removed>
CVE-2018-1000889 (Logisim Evolution version 2.14.3 and earlier contains an XML External  ...)
	NOT-FOR-US: Logisim Evolution
CVE-2018-1000888 (PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 ...)
	{DSA-4378-1 DLA-1674-1}
	- php-pear 1:1.10.6+submodules+notgz-1.1 (bug #919147)
	- php5 <removed>
	NOTE: https://pear.php.net/bugs/bug.php?id=23782
	NOTE: https://github.com/pear/Archive_Tar/commit/59ace120ac5ceb5f0d36e40e48e1884de1badf76
CVE-2018-1000887 (Peel shopping peel-shopping_9_1_0 version contains a Cross Site Script ...)
	NOT-FOR-US: Peel shopping
CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ ...)
	{DLA-1731-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.130-1
	NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
CVE-2018-20507 (An issue was discovered in GitLab Enterprise Edition 11.2.x through 11 ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
	- sqlite3 3.25.3-1
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://sqlite.org/src/info/940f2adc8541a838
CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...)
	- sqlite3 3.25.3-1
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://sqlite.org/src/info/1a84668dcfdebaf12415d
CVE-2018-20504
	RESERVED
CVE-2018-20503 (Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.p ...)
	NOT-FOR-US: Allied Telesis 8100L/8 devices
CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ex ...)
	NOT-FOR-US: Bento4
CVE-2018-20501 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20500 (An insecure permissions issue was discovered in GitLab Community and E ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20499 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20498 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20497 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20496 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20495 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20494 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20493 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20492 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20491 (An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20490 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20489 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20488 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20487 (An issue was discovered in the firewall3 component in Inteno IOPSYS 1. ...)
	NOT-FOR-US: Inteno IOPSYS
CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)
	NOT-FOR-US: MetInfo
CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in  ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20484 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in  ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's ...)
	- wget 1.20.1-1 (bug #917375)
	[stretch] - wget <not-affected> (Vulnerable code introduced in 1.19)
	[jessie] - wget <not-affected> (Vulnerable code introduced in 1.19)
	NOTE: https://twitter.com/marcan42/status/1077676739877232640
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa
	NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
	NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19)
CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
	{DLA-1623-1}
	- tar 1.30+dfsg-3.1 (bug #917377)
	[stretch] - tar <no-dsa> (Minor issue)
	NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
	NOTE: https://news.ycombinator.com/item?id=18745431
	NOTE: https://twitter.com/thatcks/status/1076166645708668928
	NOTE: https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
	NOTE: Fixed by https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRe ...)
	{DLA-1706-1}
	- poppler 0.71.0-4 (low; bug #917325)
	[stretch] - poppler <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626
CVE-2018-20480 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the  ...)
	NOT-FOR-US: S-CMS
CVE-2018-20479 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the  ...)
	NOT-FOR-US: S-CMS
CVE-2018-20478 (An issue was discovered in S-CMS 1.0. It allows reading certain files, ...)
	NOT-FOR-US: S-CMS
CVE-2018-20477 (An issue was discovered in S-CMS 3.0. It allows SQL Injection via the  ...)
	NOT-FOR-US: S-CMS
CVE-2018-20476 (An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo ...)
	NOT-FOR-US: S-CMS
CVE-2018-20475
	RESERVED
CVE-2018-20474
	RESERVED
CVE-2018-20473
	RESERVED
CVE-2018-20472 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The  ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20471
	RESERVED
CVE-2018-20470 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A di ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A pa ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A we ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
	- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4dd53a3f790147aaf18b2dd4d15f2a19f9432d3f
CVE-2018-20466
	RESERVED
CVE-2018-20465 (Craft CMS through 3.0.34 allows remote authenticated administrators to ...)
	NOT-FOR-US: Craft CMS
CVE-2018-20464 (There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 ad ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-20463 (An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. The ...)
	NOT-FOR-US: JSmol2WP plugin for WordPress
CVE-2018-20462 (An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A c ...)
	NOT-FOR-US: JSmol2WP plugin for WordPress
CVE-2018-20461 (In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c all ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267
	NOTE: https://github.com/radare/radare2/issues/12375
CVE-2018-20460 (In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf
	NOTE: https://github.com/radare/radare2/issues/12376
CVE-2018-20459 (In radare2 through 3.1.3, the armass_assemble function in libr/asm/arc ...)
	- radare2 3.2.1+dfsg-1 (low; bug #917322)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7
	NOTE: https://github.com/radare/radare2/issues/12418
CVE-2018-20458 (In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/ ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19
	NOTE: https://github.com/radare/radare2/issues/12374
CVE-2018-20457 (In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_ ...)
	- radare2 3.2.1+dfsg-1 (low; bug #917322)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7
	NOTE: https://github.com/radare/radare2/issues/12417
CVE-2018-20456 (In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185
	NOTE: https://github.com/radare/radare2/issues/12372
CVE-2018-20455 (In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185
	NOTE: https://github.com/radare/radare2/issues/12373
CVE-2018-20454 (An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a ...)
	NOT-FOR-US: 74cms
CVE-2018-20453 (The getlong function in numutils.c in libdoc through 2017-10-23 has a  ...)
	- catdoc <unfixed> (unimportant; bug #919526)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20452 (The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid fr ...)
	- r-cran-readxl 1.2.0.9000-1 (bug #919324)
	[stretch] - r-cran-readxl 0.1.1-1+deb9u2
	NOTE: https://github.com/evanmiller/libxls/issues/35
CVE-2018-20451 (The process_file function in reader.c in libdoc through 2017-10-23 has ...)
	- catdoc <unfixed> (unimportant; bug #919526)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double free that ...)
	- r-cran-readxl 1.2.0.9000-1 (bug #919324)
	[stretch] - r-cran-readxl 0.1.1-1+deb9u2
	NOTE: https://github.com/evanmiller/libxls/issues/34
CVE-2018-20449 (The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the L ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.debian.org/debian-security-tracker/2019/01/msg00029.html
CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the /install/ind ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20447
	RESERVED
CVE-2018-20446
	RESERVED
CVE-2018-20445 (D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_ ...)
	NOT-FOR-US: D-Link
CVE-2018-20444 (Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU dev ...)
	NOT-FOR-US: Technicolor
CVE-2018-20443 (Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices  ...)
	NOT-FOR-US: Technicolor
CVE-2018-20442 (Technicolor TC7110.B STC8.62.02 devices allow remote attackers to disc ...)
	NOT-FOR-US: Technicolor
CVE-2018-20441 (Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to  ...)
	NOT-FOR-US: Technicolor
CVE-2018-20440 (Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow  ...)
	NOT-FOR-US: Technicolor
CVE-2018-20439 (Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices ...)
	NOT-FOR-US: Technicolor
CVE-2018-20438 (Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to dis ...)
	NOT-FOR-US: Technicolor
CVE-2018-20437 (** DISPUTED ** An issue was discovered in the fileDownload function in ...)
	NOT-FOR-US: FEBS-Shiro
CVE-2018-20436 (** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android ...)
	NOT-FOR-US: Telegram for Android
CVE-2018-20435
	RESERVED
CVE-2018-20434 (LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands ...)
	NOT-FOR-US: LibreNMS
CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mcha ...)
	{DLA-1621-1}
	- c3p0 0.9.1.2-10 (bug #917257)
	[stretch] - c3p0 0.9.1.2-9+deb9u1
	NOTE: https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1
CVE-2018-20432
	RESERVED
CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerabil ...)
	{DSA-4361-1 DLA-1616-1}
	- libextractor 1:1.8-2 (bug #917213)
	NOTE: https://gnunet.org/bugs/view.php?id=5494
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
CVE-2018-20430 (GNU Libextractor through 1.8 has an out-of-bounds read vulnerability i ...)
	{DSA-4361-1 DLA-1616-1}
	- libextractor 1:1.8-2 (bug #917214)
	NOTE: https://gnunet.org/bugs/view.php?id=5493
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
CVE-2018-20429 (libming 0.4.8 has a NULL pointer dereference in the getName function o ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/160
CVE-2018-20428 (libming 0.4.8 has a NULL pointer dereference in the strlenext function ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/161
CVE-2018-20427 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/164
CVE-2018-20426 (libming 0.4.8 has a NULL pointer dereference in the newVar3 function o ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/162
CVE-2018-20425 (libming 0.4.8 has a NULL pointer dereference in the pushdup function o ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/163
CVE-2018-20424 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
	NOT-FOR-US: DiscuzX
CVE-2018-20423 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
	NOT-FOR-US: DiscuzX
CVE-2018-20422 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
	NOT-FOR-US: DiscuzX
CVE-2018-20421 (Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of se ...)
	NOT-FOR-US: Go Ethereum
CVE-2018-20420 (In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access C ...)
	NOT-FOR-US: webERP
CVE-2018-20419 (DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add a ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20418 (index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allow ...)
	NOT-FOR-US: Craft CMS
CVE-2018-20417
	RESERVED
CVE-2018-20416
	RESERVED
CVE-2018-20415
	RESERVED
CVE-2018-20414
	RESERVED
CVE-2018-20413
	RESERVED
CVE-2018-20412
	RESERVED
CVE-2018-20411
	RESERVED
CVE-2018-20410 (WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer ov ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2018-20409 (An issue was discovered in Bento4 1.5.1-627. There is a heap-based buf ...)
	NOT-FOR-US: Bento4
CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
	NOT-FOR-US: Bento4
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
	NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
	{DLA-1663-1}
	- python3.7 3.7.0-7 (unimportant)
	- python3.6 3.6.7~rc1-1 (unimportant)
	- python3.5 <removed> (unimportant)
	- python3.4 <removed> (unimportant)
	NOTE: https://bugs.python.org/issue34656
	NOTE: https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd (master)
	NOTE: https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77 (3.7)
	NOTE: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc (3.6)
	NOTE: Negligible security impact
CVE-2018-20405 (** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticat ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-20404 (ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system  ...)
	NOT-FOR-US: ETK_E900.sys (SmartETK driver for VIA Technologies EPIA-E900 system board)
CVE-2018-20403
	RESERVED
CVE-2018-20402 (Safe Software FME Server through 2018.1 creates and enables three addi ...)
	NOT-FOR-US: Safe Software FME Server
CVE-2018-20401 (Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credent ...)
	NOT-FOR-US: Zoom 5352 v5.5.8.6Y devices
CVE-2018-20400 (Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote atta ...)
	NOT-FOR-US: Ubee devices
CVE-2018-20399 (Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0 ...)
	NOT-FOR-US: Motorola
CVE-2018-20398 (Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100 ...)
	NOT-FOR-US: Skyworth devices
CVE-2018-20397 (mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to d ...)
	NOT-FOR-US: mplus devices
CVE-2018-20396 (NET&amp;SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allo ...)
	NOT-FOR-US: NET&SYS devices
CVE-2018-20395 (NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attacke ...)
	NOT-FOR-US: NETWAVE devices
CVE-2018-20394 (Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and ...)
	NOT-FOR-US: Thomson devices
CVE-2018-20393 (Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CW ...)
	NOT-FOR-US: Technicolor devices
CVE-2018-20392 (S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers  ...)
	NOT-FOR-US: S-A WebSTAR devices
CVE-2018-20391 (TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers  ...)
	NOT-FOR-US: TEKNOTEL devices
CVE-2018-20390 (Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0 ...)
	NOT-FOR-US: Kaonmedia devices
CVE-2018-20389 (D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_ ...)
	NOT-FOR-US: D-Link
CVE-2018-20388 (Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices all ...)
	NOT-FOR-US: Comtrend devices
CVE-2018-20387 (Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices al ...)
	NOT-FOR-US: Bnmux devices
CVE-2018-20386 (ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote ...)
	NOT-FOR-US: ARRIS devices
CVE-2018-20385 (CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553m ...)
	NOT-FOR-US: CastleNet devices
CVE-2018-20384 (iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 1 ...)
	NOT-FOR-US: iNovo devices
CVE-2018-20383 (ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote at ...)
	NOT-FOR-US: ARRIS devices
CVE-2018-20382 (Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allo ...)
	NOT-FOR-US: Jiuzhou devices
CVE-2018-20381 (Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow re ...)
	NOT-FOR-US: Technicolor devices
CVE-2018-20380 (Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U ...)
	NOT-FOR-US: Ambit devices
CVE-2018-20379 (Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices ...)
	NOT-FOR-US: Technicolor devices
CVE-2018-20378 (The L2CAP signaling channel implementation and SDP server implementati ...)
	NOT-FOR-US: OpenSynergy Blue SDK
CVE-2018-20377 (Orange Livebox 00.96.320S devices allow remote attackers to discover W ...)
	NOT-FOR-US: Orange Livebox
CVE-2018-20376 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html
CVE-2018-20375 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00014.html
CVE-2018-20374 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00015.html
CVE-2018-20373 (Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP cl ...)
	NOT-FOR-US: Tenda ADSL modem routers
CVE-2018-20372 (TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client ...)
	NOT-FOR-US: TP-Link TD-W8961ND devices
CVE-2018-20371 (PhotoRange Photo Vault 1.2 appends the password to the URI for authori ...)
	NOT-FOR-US: PhotoRange Photo Vault
CVE-2018-20370 (SZ NetChat before 7.9 has XSS in the MyName input field of the Options ...)
	NOT-FOR-US: SZ NetChat
CVE-2018-20369 (Barracuda Message Archiver 2018 has XSS in the error_msg exception-han ...)
	NOT-FOR-US: Barracuda
CVE-2018-20368 (The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the ...)
	NOT-FOR-US: Master Slider plugin for WordPress
CVE-2018-20367 (The "mall some commodity details: commodity consultation" component in ...)
	NOT-FOR-US: WSTMart
CVE-2018-20366
	RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...)
	- libraw 0.19.2-2 (bug #917111)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/195
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...)
	- libraw 0.19.2-2 (bug #917112)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/194
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...)
	- libraw 0.19.2-2 (bug #917113)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/193
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2 (low)
	NOTE: https://github.com/knik0/faad2/issues/26
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_assembl ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/30
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://github.com/knik0/faad2/issues/32
	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/29
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_predict ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/31
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/28
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free vulnerability in th ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20355 (An invalid write of 8 bytes due to a use-after-free vulnerability in t ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20354 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20353 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20352 (Use-after-free vulnerability in the mg_cgi_ev_handler function in mong ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on macOS all ...)
	NOT-FOR-US: Evernote
CVE-2018-20350
	RESERVED
CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 ...)
	{DLA-2055-1}
	- igraph 0.7.1-3 (bug #917211)
	[stretch] - igraph 0.7.1-2.1+deb9u1
	- r-cran-igraph 1.2.2-2 (bug #917212)
	[stretch] - r-cran-igraph 1.0.1-1+deb9u1
	NOTE: https://github.com/igraph/igraph/issues/1141
	NOTE: Fixed by: https://github.com/igraph/igraph/commit/e3a9566e6463186230f215151b57b893df6d9ce2
CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff before ex ...)
	- libpff 20180714-1
	[stretch] - libpff <no-dsa> (Minor issue)
	[jessie] - libpff <no-dsa> (Minor issue)
	NOTE: https://github.com/libyal/libpff/issues/48
CVE-2018-20347
	REJECTED
CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStorm befo ...)
	NOT-FOR-US: SlackStorm
CVE-2018-20344
	RESERVED
CVE-2018-20343 (Multiple buffer overflow vulnerabilities have been found in Ken Silver ...)
	NOT-FOR-US: Ken Silverman Build Engine
CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
	NOT-FOR-US: Floureon IP Camera SP012
CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted ...)
	NOT-FOR-US: WINMAGIC SecureDoc Disk Encryption
CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...)
	{DSA-4389-1}
	- libu2f-host 1.1.7-1 (bug #921726)
	NOTE: https://www.yubico.com/support/security-advisories/ysa-2019-01/
	NOTE: https://github.com/Yubico/libu2f-host/commit/f526546bb29f2ef704ae9850f0f4b41fea7b62a4
	NOTE: https://github.com/Yubico/libu2f-host/commit/e77a109f8cf60d9eafdf005ab5c851d5f576c01e
CVE-2018-20339 (Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL inject ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
	- libraw 0.19.2-1 (bug #917080)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20335 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20334 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing  ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20333 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
	NOT-FOR-US: OpenWebif plugin
CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ...)
	NOT-FOR-US: Antiy AVL ATool
CVE-2018-20330 (The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflo ...)
	- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304
	NOTE: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3d9c64e9f8aa1ee954d1d0bb3390fc894bb84da3
CVE-2018-20329 (Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsC ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php  ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-20327 (Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-20326 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
	NOT-FOR-US: ChinaMobile PLC Wireless Router
CVE-2018-20325 (There is a vulnerability in load() method in definitions/parser.py in  ...)
	NOT-FOR-US: Danijar Hafner
CVE-2018-20324
	RESERVED
CVE-2018-20323 (www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition  ...)
	NOT-FOR-US: MailCleaner
CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulner ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-20321 (An issue was discovered in Rancher 2 through 2.1.5. Any project member ...)
	NOT-FOR-US: Rancher
CVE-2018-20320
	REJECTED
CVE-2018-20319
	RESERVED
CVE-2018-20318 (An issue was discovered in weixin-java-tools v3.2.0. There is an XXE v ...)
	NOT-FOR-US: weixin-java-tools
CVE-2018-1000886 (nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392514
	NOTE: Crash in CLI, no security impact
CVE-2018-1000885 (PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b ...)
	NOT-FOR-US: PHKP
CVE-2018-1000884 (Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c4438682 ...)
	NOT-FOR-US: Vesta CP
CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulnerability ...)
	NOT-FOR-US: Elixir Plug, different from src:elixir-lang
CVE-2018-20317
	RESERVED
CVE-2018-20316
	RESERVED
CVE-2018-20315
	RESERVED
CVE-2018-20314
	RESERVED
CVE-2018-20313
	RESERVED
CVE-2018-20312
	RESERVED
CVE-2018-20311
	RESERVED
CVE-2018-20310
	RESERVED
CVE-2018-20309
	RESERVED
CVE-2018-20308
	RESERVED
CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory Travers ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Impr ...)
	NOT-FOR-US: Traccar Traccar Server
CVE-2018-1000880 (libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onw ...)
	{DSA-4360-1}
	- libarchive 3.3.3-2 (bug #916960)
	[jessie] - libarchive <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/9693801580c0cf7c70e862d305270a16b52826a7
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/9c84b7426660c09c18cc349f6d70b5f8168b5680
CVE-2018-1000879 (libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onw ...)
	- libarchive 3.3.3-2 (bug #916962)
	[stretch] - libarchive <not-affected> (Vulnerable code introduced later)
	[jessie] - libarchive <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced in: https://github.com/libarchive/libarchive/commit/379867ecb330b3a952fb7bfa7bffb7bbd5547205 (3.3.0)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175
CVE-2018-1000878 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc onw ...)
	{DSA-4360-1 DLA-1612-1}
	- libarchive 3.3.3-2 (bug #916963)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced after: https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28
CVE-2018-1000877 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc onw ...)
	{DSA-4360-1 DLA-1612-1}
	- libarchive 3.3.3-2 (bug #916964)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced after: https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow vulnerab ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
	NOTE: binutils not covered by security support
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and We ...)
	NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2018-1000874 (** DISPUTED ** PHP cebe markdown parser version 1.2.0 and earlier cont ...)
	NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Inp ...)
	NOT-FOR-US: Fasterxml Jackson Jackson-Modules-Java8 module
CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399:  ...)
	- python-pykmip 0.7.0-3 (low; bug #917030)
	[stretch] - python-pykmip 0.5.0-4+deb9u1
	NOTE: https://github.com/OpenKMIP/PyKMIP/commit/3a7b880bdf70d295ed8af3a5880bab65fa6b3932
	NOTE: https://github.com/OpenKMIP/PyKMIP/issues/430
CVE-2018-1000871 (HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL I ...)
	- hoteldruid 2.3.0-2 (low; bug #917099)
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (Minor issue)
	NOTE: https://www.exploit-db.com/exploits/45976
CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in / ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040
	NOTE: https://github.com/phpipam/phpipam/issues/2326
CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/na ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d
	NOTE: https://github.com/phpipam/phpipam/issues/2344
CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross Site Script ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL Injection vul ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/issues/2338
CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CS ...)
	- gnupg2 2.2.12-1
	[stretch] - gnupg2 <no-dsa> (Minor issue)
	[jessie] - gnupg2 <not-affected> (Vulnerable code was introduced later)
	- gnupg1 <not-affected> (Vulnerable code introduced in 2.x in 2.1.12)
	- gnupg <not-affected> (Vulnerable code introduced in 2.x in 2.1.12)
	NOTE: WKD (Web Key Directory) feature introduced in 2.1.12
	NOTE: https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html
	NOTE: https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144 (master)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=4a4bb874f63741026bd26264c43bb32b1099f060 (2.2.12)
CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory Traversa ...)
	NOT-FOR-US: log-user-session
CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the latest versi ...)
	NOT-FOR-US: DomainMOD
CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site Scripting (XSS)  ...)
	NOT-FOR-US: easymon
CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a CWE-74: Imprope ...)
	NOT-FOR-US: esigate
CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac ...)
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/4866
	NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/ ...)
	NOT-FOR-US: Copay Bitcoin Wallet
CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and 2.5.0 (exclu ...)
	NOT-FOR-US: Square Retrofit
CVE-2018-1000849 (Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 conta ...)
	NOT-FOR-US: Alpine Linux
CVE-2018-1000848 (Wampserver version prior to version 3.1.5 contains a Cross Site Script ...)
	NOT-FOR-US: Wampserver
CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: FreshDNS
CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forger ...)
	NOT-FOR-US: FreshDNS
CVE-2018-1000845
	REJECTED
CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7 ...)
	NOT-FOR-US: Square Retrofit
CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc ...)
	NOT-FOR-US: Luigi
CVE-2018-1000842 (FatFreeCRM version &lt;=0.14.1, &gt;=0.15.0 &lt;=0.15.1, &gt;=0.16.0 & ...)
	NOT-FOR-US: FatFreeCRM
CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS)  ...)
	NOT-FOR-US: Zend.To
CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier contains a XM ...)
	NOT-FOR-US: Processing Foundation Processing
CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerabilit ...)
	NOT-FOR-US: LH-EHR
CVE-2018-1000838 (autopsy version &lt;= 4.9.0 contains a XML External Entity (XXE) vulne ...)
	- autopsy <not-affected> (The ancient version in Debian predates the Java rewrite)
CVE-2018-1000837 (UML Designer version &lt;= 8.0.0 contains a XML External Entity (XXE)  ...)
	NOT-FOR-US: UML designer
CVE-2018-1000836 (bw-calendar-engine version &lt;= bw-calendar-engine-3.12.0 contains a  ...)
	NOT-FOR-US: bw-calendar-engine
CVE-2018-1000835 (KeePassDX version &lt;= 2.5.0.0beta17 contains a XML External Entity ( ...)
	NOT-FOR-US: KeePassDX
CVE-2018-1000834 (runelite version &lt;= runelite-parent-1.4.23 contains a XML External  ...)
	NOT-FOR-US: runelite
CVE-2018-1000833 (ZoneMinder version &lt;= 1.32.2 contains a Other/Unknown vulnerability ...)
	[experimental] - zoneminder 1.32.3-1
	- zoneminder 1.32.3-2 (bug #917024)
	NOTE: https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2/
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2272
	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2273
	NOTE: https://github.com/ZoneMinder/zoneminder/commit/f790eacc92f687442ae24df7a48f54861a4518b3 (1.32.3)
CVE-2018-1000832 (ZoneMinder version &lt;= 1.32.2 contains a Other/Unknown vulnerability ...)
	[experimental] - zoneminder 1.32.3-1
	- zoneminder 1.32.3-2 (bug #917024)
	NOTE: https://0dd.zone/2018/10/28/zoneminder-Object-Injection/
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2271
	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2273
	NOTE: https://github.com/ZoneMinder/zoneminder/commit/f790eacc92f687442ae24df7a48f54861a4518b3 (1.32.3)
CVE-2018-1000831 (K9Mail version &lt;= v5.600 contains a XML External Entity (XXE) vulne ...)
	NOT-FOR-US: K9Mail
CVE-2018-1000830 (XR3Player version &lt;= V3.124 contains a XML External Entity (XXE) vu ...)
	NOT-FOR-US: XR3Player
CVE-2018-1000829 (Anyplace version before commit 80359b4 contains a XML External Entity  ...)
	NOT-FOR-US: Anyplace navigation service
CVE-2018-1000828 (FrostWire version &lt;= frostwire-desktop-6.7.4-build-272 contains a X ...)
	NOT-FOR-US: FrostWire
CVE-2018-1000827 (Ubilling version &lt;= 0.9.2 contains a Other/Unknown vulnerability in ...)
	NOT-FOR-US: Ubilling
CVE-2018-1000826 (Microweber version &lt;= 1.0.7 contains a Cross Site Scripting (XSS) v ...)
	NOT-FOR-US: Microweber
CVE-2018-1000825 (FreeCol version &lt;= nightly-2018-08-22 contains a XML External Entit ...)
	- freecol 0.11.6+dfsg2-3 (bug #917023; low)
	[buster] - freecol <no-dsa> (Minor issue)
	[stretch] - freecol <no-dsa> (Minor issue)
	[jessie] - freecol <end-of-life> (Games are not supported)
	NOTE: https://github.com/FreeCol/freecol/issues/26
	NOTE: https://github.com/FreeCol/freecol/commit/8963506897e3270a75b062f28486934bcb79b1e3
CVE-2018-1000824 (MegaMek version &lt; v0.45.1 contains a Other/Unknown vulnerability in ...)
	NOT-FOR-US: MegaMek
CVE-2018-1000823 (exist version &lt;= 5.0.0-RC4 contains a XML External Entity (XXE) vul ...)
	NOT-FOR-US: eXist DB
CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML External En ...)
	NOT-FOR-US: codelibs fess
CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a XML External ...)
	NOT-FOR-US: MicroMathematics
CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c cont ...)
	NOT-FOR-US: neo4j-apoc-procedures
CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2. ...)
	NOT-FOR-US: Asset Pipeline Grails Plugin
CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Sc ...)
	- grafana <removed>
	NOTE: https://github.com/grafana/grafana/issues/13667
CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains  ...)
	NOT-FOR-US: Brave Software Inc. Brave
CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Un ...)
	NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scriptin ...)
	- backdrop <itp> (bug #914257)
CVE-2018-1000812 (Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versio ...)
	NOT-FOR-US: Integria IMS
CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with Dange ...)
	NOT-FOR-US: bludit
CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 1 ...)
	NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web administr ...)
	NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20305 (D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code executi ...)
	NOT-FOR-US: D-Link
CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
	NOT-FOR-US: libexcel
CVE-2018-20303 (In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal ...)
	NOT-FOR-US: Go Git Service
CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the  ...)
	NOT-FOR-US: Steve Pallen Xain
CVE-2018-20301 (An issue was discovered in Steve Pallen Coherence before 0.5.2 that is ...)
	NOT-FOR-US: Steve Pallen Coherence
CVE-2018-20300 (Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code v ...)
	NOT-FOR-US: Empire CMS
CVE-2018-20299 (An issue was discovered in several Bosch Smart Home cameras (360 degre ...)
	NOT-FOR-US: Bosch Smart Home cameras
CVE-2019-3408
	RESERVED
CVE-2019-3407
	RESERVED
CVE-2019-3406
	RESERVED
CVE-2019-3405
	RESERVED
CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...)
	NOT-FOR-US: ofrouter
CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 a ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-3401 (The ManageFilters.jspa resource in Jira before version 7.13.3 and from ...)
	NOT-FOR-US: Atlassian Jira
CVE-2019-3400 (The labels gadget in Jira before version 7.13.2, and from version 8.0. ...)
	NOT-FOR-US: Atlassian
CVE-2019-3399 (The BrowseProjects.jspa resource in Jira before version 7.13.2, and fr ...)
	NOT-FOR-US: Atlassian
CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...)
	NOT-FOR-US: Confluence Server and Data Center
CVE-2019-3397 (Atlassian Bitbucket Data Center licensed instances starting with versi ...)
	NOT-FOR-US: Atlassian
CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...)
	NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...)
	NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3394 (There was a local file disclosure vulnerability in Confluence Server a ...)
	NOT-FOR-US: Confluence
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerab ...)
	NOT-FOR-US: S3 Browser
CVE-2018-20297
	RESERVED
CVE-2018-20296
	RESERVED
CVE-2018-20295
	RESERVED
CVE-2018-20294
	RESERVED
CVE-2018-20293
	RESERVED
CVE-2018-20292
	RESERVED
CVE-2018-20291
	RESERVED
CVE-2018-20290
	RESERVED
CVE-2018-20289
	RESERVED
CVE-2018-20288
	RESERVED
CVE-2018-20287
	RESERVED
CVE-2018-20286
	RESERVED
CVE-2018-20285
	RESERVED
CVE-2018-20284
	RESERVED
CVE-2018-20283
	RESERVED
CVE-2018-20282
	RESERVED
CVE-2018-20281
	RESERVED
CVE-2018-20280
	RESERVED
CVE-2018-20279
	RESERVED
CVE-2018-20278
	RESERVED
CVE-2018-20277
	RESERVED
CVE-2018-20276
	RESERVED
CVE-2018-20275
	RESERVED
CVE-2018-20274
	RESERVED
CVE-2018-20273
	RESERVED
CVE-2018-20272
	RESERVED
CVE-2018-20271
	RESERVED
CVE-2018-20270
	RESERVED
CVE-2018-20269
	RESERVED
CVE-2018-20268
	RESERVED
CVE-2018-20267
	RESERVED
CVE-2018-20266
	RESERVED
CVE-2018-20265
	RESERVED
CVE-2018-20264
	RESERVED
CVE-2018-20263
	RESERVED
CVE-2018-20262
	RESERVED
CVE-2018-20261
	RESERVED
CVE-2018-20260
	RESERVED
CVE-2018-20259
	RESERVED
CVE-2018-20258
	RESERVED
CVE-2018-20257
	RESERVED
CVE-2018-20256
	RESERVED
CVE-2018-20255
	RESERVED
CVE-2018-20254
	RESERVED
CVE-2018-20253 (In WinRAR versions prior to and including 5.60, There is an out-of-bou ...)
	NOT-FOR-US: WinRAR
CVE-2018-20252 (In WinRAR versions prior to and including 5.60, there is an out-of-bou ...)
	NOT-FOR-US: WinRAR
CVE-2018-20251 (In WinRAR versions prior to and including 5.61, there is path traversa ...)
	NOT-FOR-US: WinRAR
CVE-2018-20250 (In WinRAR versions prior to and including 5.61, There is path traversa ...)
	NOT-FOR-US: WinRAR
CVE-2018-20249 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where  ...)
	NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20248 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where  ...)
	NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where  ...)
	NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20246
	REJECTED
CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior  ...)
	- airflow <itp> (bug #819700)
CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
	- airflow <itp> (bug #819700)
CVE-2018-20243
	RESERVED
CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...)
	- jspwiki <removed>
CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and Crucibl ...)
	NOT-FOR-US: Atlassian
CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and Cruci ...)
	NOT-FOR-US: Atlassian
CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 before 5.2 ...)
	NOT-FOR-US: Atlassian
CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and fro ...)
	NOT-FOR-US: Atlassian
CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 allo ...)
	NOT-FOR-US: Atlassian
CVE-2018-20236 (There was an command injection vulnerability in Sourcetree for Windows ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20235 (There was an argument injection vulnerability in Atlassian Sourcetree  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20234 (There was an argument injection vulnerability in Atlassian Sourcetree  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager befor ...)
	NOT-FOR-US: Atlassian
CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version 7.6.11 and f ...)
	NOT-FOR-US: Atlassian
CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication plu ...)
	NOT-FOR-US: two-factor-authentication plugin for WordPress
CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ov ...)
	- pspp 1.2.0-3 (bug #916902)
	[stretch] - pspp <no-dsa> (Minor issue)
	[jessie] - pspp <no-dsa> (Crash cannot be observed under normal conditions)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
	NOTE: https://git.savannah.gnu.org/cgit/pspp.git/commit/?id=abd1f816ca3b4f382bddf4564ad092aa934f0ccc
CVE-2018-20229 (GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before  ...)
	- gitlab 11.5.5+dfsg-1
	NOTE: https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with ...)
	NOT-FOR-US: Subsonic
CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP ar ...)
	NOT-FOR-US: RDF4J
CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
	NOT-FOR-US: THEHIVE
CVE-2018-20225 (** DISPUTED ** An issue was discovered in pip (all versions) because i ...)
	- python-pip <unfixed> (unimportant)
	NOTE: https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html
	NOTE: pip is inherently affected by malicious packages, use packages from Debian instead :-)
CVE-2018-20224
	RESERVED
CVE-2018-20223
	RESERVED
CVE-2018-20222 (XXE issue in Airsonic before 10.1.2 during parse. ...)
	NOT-FOR-US: Airsonic
CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are  ...)
	NOT-FOR-US: Deltek
CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
	NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
	NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
	NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  ...)
	{DLA-1643-1}
	- krb5 1.16.2-1 (low; bug #917387)
	[stretch] - krb5 <no-dsa> (Minor issue)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
	NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38ee0136b7710a2caa347049818afd57a1b
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20215
	RESERVED
CVE-2018-20214
	RESERVED
CVE-2018-20213 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
	NOT-FOR-US: libexcel
CVE-2018-20212 (bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via th ...)
	- twiki <removed>
CVE-2018-20211 (ExifTool 8.32 allows local users to gain privileges by creating a %TEM ...)
	NOT-FOR-US: Report for a Windows-specific flaw in a vintage version of libimage-exiftool-perl
CVE-2018-20210
	RESERVED
CVE-2018-20209
	RESERVED
CVE-2018-20208
	RESERVED
CVE-2018-20207
	RESERVED
CVE-2018-20206
	RESERVED
CVE-2018-20205
	RESERVED
CVE-2018-20204
	RESERVED
CVE-2018-20203
	RESERVED
CVE-2018-20202
	RESERVED
CVE-2018-20201 (There is a stack-based buffer over-read in the jsfNameFromString funct ...)
	NOT-FOR-US: Espruino 2V00
CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 all ...)
	- libokhttp-java <unfixed> (unimportant)
	NOTE: https://github.com/square/okhttp/issues/4967
	NOTE: No practicable security imapacting relevance
CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://github.com/knik0/faad2/issues/24
	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2 (low)
	NOTE: https://github.com/knik0/faad2/issues/23
	NOTE: same underlying issue as CVE-2018-20362, same fix:
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2
	NOTE: https://github.com/knik0/faad2/issues/20
	NOTE: very similar to CVE-2018-20194, same fix:
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://github.com/knik0/faad2/issues/19
	NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/25
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14
CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the c ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2
	NOTE: https://github.com/knik0/faad2/issues/21
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally developed ...)
	NOT-FOR-US: Juniper
CVE-2018-20192
	RESERVED
CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation  ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eva ...)
	- libsass 3.5.5-4 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2786
CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c ha ...)
	{DLA-1619-1}
	- graphicsmagick 1.4~hg15873-1 (bug #916752)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/585/
CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator acco ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-20187 (A side-channel issue was discovered in Botan before 2.9.0. An attacker ...)
	[experimental] - botan 2.9.0-1
	- botan 2.9.0-2 (bug #918732)
	- botan1.10 <not-affected> (Vulnerable code introduced in 1.11.20)
	NOTE: https://github.com/randombit/botan/pull/1792
	NOTE: https://github.com/randombit/botan/commit/70aa7303acfff9eefc24598c289a84db3579ebd1
CVE-2018-20186 (An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in C ...)
	NOT-FOR-US: Bento4
CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there  ...)
	{DLA-1619-1}
	- graphicsmagick 1.4~hg15880-1 (bug #916719)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: Partial fix: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/582/
	NOTE: Partial fix adressed in 1.4~hg15873-1, but according to maintainer not yet
	NOTE: complete: Cf. https://bugs.debian.org/916719#15
	NOTE: Fix causes more issues: https://bugzilla.suse.com/show_bug.cgi?id=1119823#c1
	NOTE: Followup: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/c38fc0e3e465
CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buff ...)
	{DLA-1619-1}
	- graphicsmagick 1.4~hg15873-1 (bug #916721)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b
	NOTE: Upstream patch contains unrelated refactoring, trimmed down version available on
	NOTE: the Debian bug report: https://bugs.debian.org/916721#15
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/583/
CVE-2018-20183
	RESERVED
CVE-2018-20182 (rdesktop versions up to and including v1.8.3 contain a Buffer Overflow ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20181 (rdesktop versions up to and including v1.8.3 contain an Integer Underf ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20180 (rdesktop versions up to and including v1.8.3 contain an Integer Underf ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20179 (rdesktop versions up to and including v1.8.3 contain an Integer Underf ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20178 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20177 (rdesktop versions up to and including v1.8.3 contain an Integer Overfl ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20176 (rdesktop versions up to and including v1.8.3 contain several Out-Of- B ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20175 (rdesktop versions up to and including v1.8.3 contains several Integer  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20174 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection vi ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
	{DSA-4352-1 DLA-1613-1}
	- sqlite3 3.25.3-1
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	- chromium 71.0.3578.80-1
	NOTE: https://blade.tencent.com/magellan/index_en.html
	NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
	NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
	NOTE: Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28
	NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
	NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838
CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url paramet ...)
	NOT-FOR-US: Nagios XI
CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url parameter o ...)
	NOT-FOR-US: Nagios XI
CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeratio ...)
	NOT-FOR-US: Disputed issue in Keystone, no need to track for src:keystone
CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB sub ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different leve ...)
	NOT-FOR-US: gVisor
CVE-2018-20166 (A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?mod ...)
	NOT-FOR-US: Rukovoditel
CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, al ...)
	NOT-FOR-US: Rendertron
CVE-2017-18354 (Rendertron 1.0.0 allows for alternative protocols such as 'file://' in ...)
	NOT-FOR-US: Rendertron
CVE-2017-18353 (Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome ins ...)
	NOT-FOR-US: Rendertron
CVE-2017-18352 (Error reporting within Rendertron 1.0.0 allows reflected Cross Site Sc ...)
	NOT-FOR-US: Rendertron
CVE-2018-20167 (Terminology before 1.3.1 allows Remote Code Execution because popmedia ...)
	- terminology 1.3.1-1 (bug #916630)
	[jessie] - terminology <not-affected> (vulnerable code is not present)
	NOTE: https://phab.enlightenment.org/T7504
	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=1ac204da9148e7bccb1b5f34b523e2094dfc39e2
CVE-2018-20165 (Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allo ...)
	NOT-FOR-US: OpenText Portal
CVE-2018-20164 (An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser  ...)
	- uap-core 20190213-1 (bug #922717)
	NOTE: https://github.com/ua-parser/uap-core/commit/010ccdc7303546cd22b9da687c29f4a996990014
	NOTE: https://github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadc
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/
CVE-2018-20163
	RESERVED
CVE-2018-20162 (Digi TransPort LR54 4.4.0.26 and possible earlier devices have Imprope ...)
	NOT-FOR-US: Digi TransPort
CVE-2018-20161 (A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.1 ...)
	NOT-FOR-US: BlinkForHome (aka Blink For Home) Sync Module
CVE-2018-20160 (ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in  ...)
	NOT-FOR-US: ZxChat
CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code Execution because ZIP archives a ...)
	NOT-FOR-US: i-doit
CVE-2018-20158
	RESERVED
CVE-2018-20157 (The data import functionality in OpenRefine through 3.1 allows an XML  ...)
	NOT-FOR-US: OpenRefine
CVE-2018-20156 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
	NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20155 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
	NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20154 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
	NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2019-3393
	RESERVED
CVE-2019-3392
	RESERVED
CVE-2019-3391
	RESERVED
CVE-2019-3390
	RESERVED
CVE-2019-3389
	RESERVED
CVE-2019-3388
	RESERVED
CVE-2019-3387
	RESERVED
CVE-2019-3386
	RESERVED
CVE-2019-3385
	RESERVED
CVE-2019-3384
	RESERVED
CVE-2019-3383
	RESERVED
CVE-2019-3382
	RESERVED
CVE-2019-3381
	RESERVED
CVE-2019-3380
	RESERVED
CVE-2019-3379
	RESERVED
CVE-2019-3378
	RESERVED
CVE-2019-3377
	RESERVED
CVE-2019-3376
	RESERVED
CVE-2019-3375
	RESERVED
CVE-2019-3374
	RESERVED
CVE-2019-3373
	RESERVED
CVE-2019-3372
	RESERVED
CVE-2019-3371
	RESERVED
CVE-2019-3370
	RESERVED
CVE-2019-3369
	RESERVED
CVE-2019-3368
	RESERVED
CVE-2019-3367
	RESERVED
CVE-2019-3366
	RESERVED
CVE-2019-3365
	RESERVED
CVE-2019-3364
	RESERVED
CVE-2019-3363
	RESERVED
CVE-2019-3362
	RESERVED
CVE-2019-3361
	RESERVED
CVE-2019-3360
	RESERVED
CVE-2019-3359
	RESERVED
CVE-2019-3358
	RESERVED
CVE-2019-3357
	RESERVED
CVE-2019-3356
	RESERVED
CVE-2019-3355
	RESERVED
CVE-2019-3354
	RESERVED
CVE-2019-3353
	RESERVED
CVE-2019-3352
	RESERVED
CVE-2019-3351
	RESERVED
CVE-2019-3350
	RESERVED
CVE-2019-3349
	RESERVED
CVE-2019-3348
	RESERVED
CVE-2019-3347
	RESERVED
CVE-2019-3346
	RESERVED
CVE-2019-3345
	RESERVED
CVE-2019-3344
	RESERVED
CVE-2019-3343
	RESERVED
CVE-2019-3342
	RESERVED
CVE-2019-3341
	RESERVED
CVE-2019-3340
	RESERVED
CVE-2019-3339
	RESERVED
CVE-2019-3338
	RESERVED
CVE-2019-3337
	RESERVED
CVE-2019-3336
	RESERVED
CVE-2019-3335
	RESERVED
CVE-2019-3334
	RESERVED
CVE-2019-3333
	RESERVED
CVE-2019-3332
	RESERVED
CVE-2019-3331
	RESERVED
CVE-2019-3330
	RESERVED
CVE-2019-3329
	RESERVED
CVE-2019-3328
	RESERVED
CVE-2019-3327
	RESERVED
CVE-2019-3326
	RESERVED
CVE-2019-3325
	RESERVED
CVE-2019-3324
	RESERVED
CVE-2019-3323
	RESERVED
CVE-2019-3322
	RESERVED
CVE-2019-3321
	RESERVED
CVE-2019-3320
	RESERVED
CVE-2019-3319
	RESERVED
CVE-2019-3318
	RESERVED
CVE-2019-3317
	RESERVED
CVE-2019-3316
	RESERVED
CVE-2019-3315
	RESERVED
CVE-2019-3314
	RESERVED
CVE-2019-3313
	RESERVED
CVE-2019-3312
	RESERVED
CVE-2019-3311
	RESERVED
CVE-2019-3310
	RESERVED
CVE-2019-3309
	RESERVED
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3308
	RESERVED
CVE-2019-3307
	RESERVED
CVE-2019-3306
	RESERVED
CVE-2019-3305
	RESERVED
CVE-2019-3304
	RESERVED
CVE-2019-3303
	RESERVED
CVE-2019-3302
	RESERVED
CVE-2019-3301
	RESERVED
CVE-2019-3300
	RESERVED
CVE-2019-3299
	RESERVED
CVE-2019-3298
	RESERVED
CVE-2019-3297
	RESERVED
CVE-2019-3296
	RESERVED
CVE-2019-3295
	RESERVED
CVE-2019-3294
	RESERVED
CVE-2019-3293
	RESERVED
CVE-2019-3292
	RESERVED
CVE-2019-3291
	RESERVED
CVE-2019-3290
	RESERVED
CVE-2019-3289
	RESERVED
CVE-2019-3288
	RESERVED
CVE-2019-3287
	RESERVED
CVE-2019-3286
	RESERVED
CVE-2019-3285
	RESERVED
CVE-2019-3284
	RESERVED
CVE-2019-3283
	RESERVED
CVE-2019-3282
	RESERVED
CVE-2019-3281
	RESERVED
CVE-2019-3280
	RESERVED
CVE-2019-3279
	RESERVED
CVE-2019-3278
	RESERVED
CVE-2019-3277
	RESERVED
CVE-2019-3276
	RESERVED
CVE-2019-3275
	RESERVED
CVE-2019-3274
	RESERVED
CVE-2019-3273
	RESERVED
CVE-2019-3272
	RESERVED
CVE-2019-3271
	RESERVED
CVE-2019-3270
	RESERVED
CVE-2019-3269
	RESERVED
CVE-2019-3268
	RESERVED
CVE-2019-3267
	RESERVED
CVE-2019-3266
	RESERVED
CVE-2019-3265
	RESERVED
CVE-2019-3264
	RESERVED
CVE-2019-3263
	RESERVED
CVE-2019-3262
	RESERVED
CVE-2019-3261
	RESERVED
CVE-2019-3260
	RESERVED
CVE-2019-3259
	RESERVED
CVE-2019-3258
	RESERVED
CVE-2019-3257
	RESERVED
CVE-2019-3256
	RESERVED
CVE-2019-3255
	RESERVED
CVE-2019-3254
	RESERVED
CVE-2019-3253
	RESERVED
CVE-2019-3252
	RESERVED
CVE-2019-3251
	RESERVED
CVE-2019-3250
	RESERVED
CVE-2019-3249
	RESERVED
CVE-2019-3248
	RESERVED
CVE-2019-3247
	RESERVED
CVE-2019-3246
	RESERVED
CVE-2019-3245
	RESERVED
CVE-2019-3244
	RESERVED
CVE-2019-3243
	RESERVED
CVE-2019-3242
	RESERVED
CVE-2019-3241
	RESERVED
CVE-2019-3240
	RESERVED
CVE-2019-3239
	RESERVED
CVE-2019-3238
	RESERVED
CVE-2019-3237
	RESERVED
CVE-2019-3236
	RESERVED
CVE-2019-3235
	RESERVED
CVE-2019-3234
	RESERVED
CVE-2019-3233
	RESERVED
CVE-2019-3232
	RESERVED
CVE-2019-3231
	RESERVED
CVE-2019-3230
	RESERVED
CVE-2019-3229
	RESERVED
CVE-2019-3228
	RESERVED
CVE-2019-3227
	RESERVED
CVE-2019-3226
	RESERVED
CVE-2019-3225
	RESERVED
CVE-2019-3224
	RESERVED
CVE-2019-3223
	RESERVED
CVE-2019-3222
	RESERVED
CVE-2019-3221
	RESERVED
CVE-2019-3220
	RESERVED
CVE-2019-3219
	RESERVED
CVE-2019-3218
	RESERVED
CVE-2019-3217
	RESERVED
CVE-2019-3216
	RESERVED
CVE-2019-3215
	RESERVED
CVE-2019-3214
	RESERVED
CVE-2019-3213
	RESERVED
CVE-2019-3212
	RESERVED
CVE-2019-3211
	RESERVED
CVE-2019-3210
	RESERVED
CVE-2019-3209
	RESERVED
CVE-2019-3208
	RESERVED
CVE-2019-3207
	RESERVED
CVE-2019-3206
	RESERVED
CVE-2019-3205
	RESERVED
CVE-2019-3204
	RESERVED
CVE-2019-3203
	RESERVED
CVE-2019-3202
	RESERVED
CVE-2019-3201
	RESERVED
CVE-2019-3200
	RESERVED
CVE-2019-3199
	RESERVED
CVE-2019-3198
	RESERVED
CVE-2019-3197
	RESERVED
CVE-2019-3196
	RESERVED
CVE-2019-3195
	RESERVED
CVE-2019-3194
	RESERVED
CVE-2019-3193
	RESERVED
CVE-2019-3192
	RESERVED
CVE-2019-3191
	RESERVED
CVE-2019-3190
	RESERVED
CVE-2019-3189
	RESERVED
CVE-2019-3188
	RESERVED
CVE-2019-3187
	RESERVED
CVE-2019-3186
	RESERVED
CVE-2019-3185
	RESERVED
CVE-2019-3184
	RESERVED
CVE-2019-3183
	RESERVED
CVE-2019-3182
	RESERVED
CVE-2019-3181
	RESERVED
CVE-2019-3180
	RESERVED
CVE-2019-3179
	RESERVED
CVE-2019-3178
	RESERVED
CVE-2019-3177
	RESERVED
CVE-2019-3176
	RESERVED
CVE-2019-3175
	RESERVED
CVE-2019-3174
	RESERVED
CVE-2019-3173
	RESERVED
CVE-2019-3172
	RESERVED
CVE-2019-3171
	RESERVED
CVE-2019-3170
	RESERVED
CVE-2019-3169
	RESERVED
CVE-2019-3168
	RESERVED
CVE-2019-3167
	RESERVED
CVE-2019-3166
	RESERVED
CVE-2019-3165
	RESERVED
CVE-2019-3164
	RESERVED
CVE-2019-3163
	RESERVED
CVE-2019-3162
	RESERVED
CVE-2019-3161
	RESERVED
CVE-2019-3160
	RESERVED
CVE-2019-3159
	RESERVED
CVE-2019-3158
	RESERVED
CVE-2019-3157
	RESERVED
CVE-2019-3156
	RESERVED
CVE-2019-3155
	RESERVED
CVE-2019-3154
	RESERVED
CVE-2019-3153
	RESERVED
CVE-2019-3152
	RESERVED
CVE-2019-3151
	RESERVED
CVE-2019-3150
	RESERVED
CVE-2019-3149
	RESERVED
CVE-2019-3148
	RESERVED
CVE-2019-3147
	RESERVED
CVE-2019-3146
	RESERVED
CVE-2019-3145
	RESERVED
CVE-2019-3144
	RESERVED
CVE-2019-3143
	RESERVED
CVE-2019-3142
	RESERVED
CVE-2019-3141
	RESERVED
CVE-2019-3140
	RESERVED
CVE-2019-3139
	RESERVED
CVE-2019-3138
	RESERVED
CVE-2019-3137
	RESERVED
CVE-2019-3136
	RESERVED
CVE-2019-3135
	RESERVED
CVE-2019-3134
	RESERVED
CVE-2019-3133
	RESERVED
CVE-2019-3132
	RESERVED
CVE-2019-3131
	RESERVED
CVE-2019-3130
	RESERVED
CVE-2019-3129
	RESERVED
CVE-2019-3128
	RESERVED
CVE-2019-3127
	RESERVED
CVE-2019-3126
	RESERVED
CVE-2019-3125
	RESERVED
CVE-2019-3124
	RESERVED
CVE-2019-3123
	RESERVED
CVE-2019-3122
	RESERVED
CVE-2019-3121
	RESERVED
CVE-2019-3120
	RESERVED
CVE-2019-3119
	RESERVED
CVE-2019-3118
	RESERVED
CVE-2019-3117
	RESERVED
CVE-2019-3116
	RESERVED
CVE-2019-3115
	RESERVED
CVE-2019-3114
	RESERVED
CVE-2019-3113
	RESERVED
CVE-2019-3112
	RESERVED
CVE-2019-3111
	RESERVED
CVE-2019-3110
	RESERVED
CVE-2019-3109
	RESERVED
CVE-2019-3108
	RESERVED
CVE-2019-3107
	RESERVED
CVE-2019-3106
	RESERVED
CVE-2019-3105
	RESERVED
CVE-2019-3104
	RESERVED
CVE-2019-3103
	RESERVED
CVE-2019-3102
	RESERVED
CVE-2019-3101
	RESERVED
CVE-2019-3100
	RESERVED
CVE-2019-3099
	RESERVED
CVE-2019-3098
	RESERVED
CVE-2019-3097
	RESERVED
CVE-2019-3096
	RESERVED
CVE-2019-3095
	RESERVED
CVE-2019-3094
	RESERVED
CVE-2019-3093
	RESERVED
CVE-2019-3092
	RESERVED
CVE-2019-3091
	RESERVED
CVE-2019-3090
	RESERVED
CVE-2019-3089
	RESERVED
CVE-2019-3088
	RESERVED
CVE-2019-3087
	RESERVED
CVE-2019-3086
	RESERVED
CVE-2019-3085
	RESERVED
CVE-2019-3084
	RESERVED
CVE-2019-3083
	RESERVED
CVE-2019-3082
	RESERVED
CVE-2019-3081
	RESERVED
CVE-2019-3080
	RESERVED
CVE-2019-3079
	RESERVED
CVE-2019-3078
	RESERVED
CVE-2019-3077
	RESERVED
CVE-2019-3076
	RESERVED
CVE-2019-3075
	RESERVED
CVE-2019-3074
	RESERVED
CVE-2019-3073
	RESERVED
CVE-2019-3072
	RESERVED
CVE-2019-3071
	RESERVED
CVE-2019-3070
	RESERVED
CVE-2019-3069
	RESERVED
CVE-2019-3068
	RESERVED
CVE-2019-3067
	RESERVED
CVE-2019-3066
	RESERVED
CVE-2019-3065
	RESERVED
CVE-2019-3064
	RESERVED
CVE-2019-3063
	RESERVED
CVE-2019-3062
	RESERVED
CVE-2019-3061
	RESERVED
CVE-2019-3060
	RESERVED
CVE-2019-3059
	RESERVED
CVE-2019-3058
	RESERVED
CVE-2019-3057
	RESERVED
CVE-2019-3056
	RESERVED
CVE-2019-3055
	RESERVED
CVE-2019-3054
	RESERVED
CVE-2019-3053
	RESERVED
CVE-2019-3052
	RESERVED
CVE-2019-3051
	RESERVED
CVE-2019-3050
	RESERVED
CVE-2019-3049
	RESERVED
CVE-2019-3048
	RESERVED
CVE-2019-3047
	RESERVED
CVE-2019-3046
	RESERVED
CVE-2019-3045
	RESERVED
CVE-2019-3044
	RESERVED
CVE-2019-3043
	RESERVED
CVE-2019-3042
	RESERVED
CVE-2019-3041
	RESERVED
CVE-2019-3040
	RESERVED
CVE-2019-3039
	RESERVED
CVE-2019-3038
	RESERVED
CVE-2019-3037
	RESERVED
CVE-2019-3036
	RESERVED
CVE-2019-3035
	RESERVED
CVE-2019-3034
	RESERVED
CVE-2019-3033
	RESERVED
CVE-2019-3032
	RESERVED
CVE-2019-3031 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3030
	RESERVED
CVE-2019-3029
	RESERVED
CVE-2019-3028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3027 (Vulnerability in the Oracle Application Object Library product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-3026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3025 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle F ...)
	NOT-FOR-US: Oracle
CVE-2019-3024 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-3023 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-3022 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2019-3021 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3020 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2019-3019 (Vulnerability in the Oracle Banking Digital Experience product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-3018 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...)
	{DSA-4699-1}
	- linux 5.4.19-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-3013
	RESERVED
CVE-2019-3012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2019-3011 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3010 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2019-3009 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3008 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2019-3007
	RESERVED
CVE-2019-3006
	RESERVED
CVE-2019-3005 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3004 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3003 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...)
	NOT-FOR-US: Oracle
CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2998 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2997 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2996 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
	NOT-FOR-US: Oracle
CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite  ...)
	NOT-FOR-US: Oracle
CVE-2019-2989 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
	{DSA-4546-1}
	- openjdk-11 11.0.5+10-1
CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mariadb-10.3 1:10.3.19-1
	[buster] - mariadb-10.3 1:10.3.22-0+deb10u1
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.44-0+deb9u1
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
	NOTE: MySQL: https://github.com/mysql/mysql-server/commit/52d9daf06478851548251ec2103cdc22178c48c4
	NOTE: MariaDB: https://github.com/MariaDB/server/commit/719ac0ad4af0dd1e20dbc94eff8f8c9f786b3393
	NOTE: Fixed in MariaDB: 10.3.19, 10.1.42
CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2972 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2968 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2967 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
	NOT-FOR-US: Oracle
CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
	NOT-FOR-US: Oracle
CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DLA-2023-1}
	- openjdk-11 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
CVE-2019-2957 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2956 (Vulnerability in the Core RDBMS (jackson-databind) component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2955 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2954 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2953 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management  ...)
	NOT-FOR-US: Oracle
CVE-2019-2952 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
	NOT-FOR-US: Oracle
CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2944 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2943 (Vulnerability in the Oracle Data Integrator product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2019-2942 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
	NOT-FOR-US: Oracle
CVE-2019-2941 (Vulnerability in the Hyperion Profitability and Cost Management produc ...)
	NOT-FOR-US: Oracle
CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2938 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	- mariadb-10.3 1:10.3.19-1
	[buster] - mariadb-10.3 1:10.3.22-0+deb10u1
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2937 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2936 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2935 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM  ...)
	NOT-FOR-US: Oracle
CVE-2019-2934 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2933 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DLA-2023-1}
	- openjdk-11 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
CVE-2019-2932 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2931 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2930 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2019-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2928
	RESERVED
CVE-2019-2927 (Vulnerability in the Hyperion Data Relationship Management product of  ...)
	NOT-FOR-US: Oracle
CVE-2019-2926 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
	- virtualbox 6.0.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2925 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2019-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2922 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2921
	RESERVED
CVE-2019-2920 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2919
	RESERVED
CVE-2019-2918
	RESERVED
CVE-2019-2917
	RESERVED
CVE-2019-2916
	RESERVED
CVE-2019-2915 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2914 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2913 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2912
	RESERVED
CVE-2019-2911 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2910 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
	- mysql-5.7 <unfixed> (bug #942443)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2909 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2019-2908
	RESERVED
CVE-2019-2907 (Vulnerability in the Oracle Web Services product of Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle
CVE-2019-2906 (Vulnerability in the BI Publisher (formerly XML Publisher) product of  ...)
	NOT-FOR-US: Oracle
CVE-2019-2905 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2019-2904 (Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2019-2903 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2019-2902 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2019-2901 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2019-2900 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2019-2899 (Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2019-2898 (Vulnerability in the BI Publisher (formerly XML Publisher) product of  ...)
	NOT-FOR-US: Oracle
CVE-2019-2897 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
	NOT-FOR-US: Oracle
CVE-2019-2896 (Vulnerability in the MICROS Relate CRM Software product of Oracle Reta ...)
	NOT-FOR-US: Oracle
CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
	{DSA-4548-1 DSA-4546-1 DLA-2023-1}
	- openjdk-11 11.0.5+10-1
	- openjdk-8 8u232-b09-1
	- openjdk-7 <removed>
CVE-2019-2893
	RESERVED
CVE-2019-2892
	RESERVED
CVE-2019-2891 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2019-2890 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2019-2889 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2019-2888 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2019-2887 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2019-2886 (Vulnerability in the Oracle Forms product of Oracle Fusion Middleware  ...)
	NOT-FOR-US: Oracle
CVE-2019-2885
	RESERVED
CVE-2019-2884 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2019-2883 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2019-2882
	RESERVED
CVE-2019-2881
	RESERVED
CVE-2019-2880 (Vulnerability in the Oracle Retail Store Inventory Management product  ...)
	NOT-FOR-US: Oracle
CVE-2019-2879 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2878 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2877 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2876 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2875 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2874 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2873 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2872 (Vulnerability in the Oracle Retail Xstore Point of Service product of  ...)
	NOT-FOR-US: Oracle
CVE-2019-2871 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
	NOT-FOR-US: Oracle
CVE-2019-2870 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
	NOT-FOR-US: Oracle
CVE-2019-2869 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
	NOT-FOR-US: Oracle
CVE-2019-2868 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
	NOT-FOR-US: Oracle
CVE-2019-2867 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2866 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2865 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2864 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2863 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2862 (Vulnerability in the Oracle GraalVM Enterprise Edition component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2861 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...)
	NOT-FOR-US: Oracle
CVE-2019-2860 (Vulnerability in the Oracle Clusterware component of Oracle Support To ...)
	NOT-FOR-US: Oracle
CVE-2019-2859 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2858 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2019-2857 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2019-2856 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2855 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2854 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2853 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2852 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2851
	RESERVED
CVE-2019-2850 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2849
	RESERVED
CVE-2019-2848 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2847 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2846 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2845 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2844 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2843 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2842 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4485-1}
	- openjdk-8 8u222-b10-1
CVE-2019-2841 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2840 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2839 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2838 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2837 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2836 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...)
	NOT-FOR-US: Oracle
CVE-2019-2835 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2834 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2833 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...)
	NOT-FOR-US: Oracle
CVE-2019-2832 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2831 (Vulnerability in the PeopleSoft Enterprise FIN Project Costing compone ...)
	NOT-FOR-US: Oracle
CVE-2019-2830 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2829 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2019-2828 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2019-2827 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2826 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2825 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2019-2824 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2823 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2019-2822 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2821 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4486-1}
	- openjdk-12 12.0.2+9-1
	- openjdk-11 11.0.4+11-1
CVE-2019-2820 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2819 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2818 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4486-1}
	- openjdk-12 12.0.2+9-1
	- openjdk-11 11.0.4+11-1
CVE-2019-2817 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2019-2816 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
	- openjdk-12 12.0.2+9-1
	- openjdk-11 11.0.4+11-1
	- openjdk-8 8u222-b10-1
	- openjdk-7 <removed>
CVE-2019-2815 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2814 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2813 (Vulnerability in the Oracle GraalVM Enterprise Edition component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2812 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2811 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2810 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2809 (Vulnerability in the Oracle iRecruitment component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-2808 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2807 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2806
	RESERVED
CVE-2019-2805 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.17-1
	[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.41-0+deb9u1
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2804 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2803 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2802 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2801 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2800 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2799 (Vulnerability in the Oracle ODBC Driver component of Oracle Database S ...)
	NOT-FOR-US: Oracle
CVE-2019-2798 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2797 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2796 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2795 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2794 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2793 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2792 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2791 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2790 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2789 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2788 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2019-2787 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2786 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4486-1 DSA-4485-1}
	- openjdk-12 12.0.2+9-1
	- openjdk-11 11.0.4+11-1
	- openjdk-8 8u222-b10-1
CVE-2019-2785 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2784 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2783 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2019-2782 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2019-2781 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2019-2780 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2779 (Vulnerability in the Siebel Core - Common Components component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2778 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2777 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2019-2776 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2775 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2019-2774 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2773 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2019-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2771 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2770 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...)
	NOT-FOR-US: Oracle
CVE-2019-2769 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
	- openjdk-12 12.0.2+9-1
	- openjdk-11 11.0.4+11-1
	- openjdk-8 8u222-b10-1
	- openjdk-7 <removed>
CVE-2019-2768 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2767 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2766 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-12 <not-affected> (Windows-specific)
	- openjdk-11 <not-affected> (Windows-specific)
	- openjdk-8 <not-affected> (Windows-specific)
	- openjdk-7 <not-affected> (Windows-specific)
CVE-2019-2765 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
	NOT-FOR-US: Oracle
CVE-2019-2764 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2763 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of  ...)
	NOT-FOR-US: Oracle
CVE-2019-2762 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
	- openjdk-12 12.0.2+9-1
	- openjdk-11 11.0.4+11-1
	- openjdk-8 8u222-b10-1
	- openjdk-7 <removed>
CVE-2019-2761 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2760 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
	NOT-FOR-US: Oracle
CVE-2019-2759 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2758 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.17-1
	[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: Fixed in MariaDB: 10.3.17
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2757 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2756 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2755 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.26-1
CVE-2019-2754 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2753 (Vulnerability in the Oracle Text component of Oracle Database Server.  ...)
	NOT-FOR-US: Oracle
CVE-2019-2752 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2751 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2019-2750 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2019-2749 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2019-2748 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2019-2747 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2746 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2745 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4486-1 DSA-4485-1 DLA-1886-1}
	- openjdk-11 11.0.4+11-1
	- openjdk-8 8u222-b10-1
	- openjdk-7 <removed>
CVE-2019-2744 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2743 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2742 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...)
	NOT-FOR-US: Oracle
CVE-2019-2741 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2740 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.17-1
	[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.41-0+deb9u1
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2739 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.17-1
	[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.41-0+deb9u1
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2738 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2737 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.17-1
	[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.41-0+deb9u1
	- mysql-5.7 <unfixed> (bug #932340)
	NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2736 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2735 (Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyp ...)
	NOT-FOR-US: Oracle
CVE-2019-2734 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2733 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2732 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2731 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1
CVE-2019-2730 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1
CVE-2019-2729 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2728 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2727 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2019-2726 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2725 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2724
	RESERVED
CVE-2019-2723 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2722 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2721 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2720 (Vulnerability in the Oracle Data Integrator component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2719 (Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM ( ...)
	NOT-FOR-US: Oracle
CVE-2019-2718
	RESERVED
CVE-2019-2717
	RESERVED
CVE-2019-2716
	RESERVED
CVE-2019-2715
	RESERVED
CVE-2019-2714
	RESERVED
CVE-2019-2713 (Vulnerability in the Oracle Commerce Merchandising component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2712 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...)
	NOT-FOR-US: Oracle
CVE-2019-2711
	RESERVED
CVE-2019-2710
	RESERVED
CVE-2019-2709 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2019-2708 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
	NOT-FOR-US: Oracle
CVE-2019-2707 (Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Man ...)
	NOT-FOR-US: Oracle
CVE-2019-2706 (Vulnerability in the Oracle Business Process Management Suite componen ...)
	NOT-FOR-US: Oracle
CVE-2019-2705 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2704 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2703 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2702 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management  ...)
	NOT-FOR-US: Oracle
CVE-2019-2701 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2019-2700 (Vulnerability in the PeopleSoft Enterprise ELM component of Oracle Peo ...)
	NOT-FOR-US: Oracle
CVE-2019-2699 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Windows-specific)
CVE-2019-2698 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4453-1 DLA-1782-1}
	- openjdk-7 <removed> (low)
	- openjdk-8 8u212-b03-1 (low)
	- openjdk-11 11.0.3+7-1 (low)
CVE-2019-2697 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-7 <not-affected> (proprietary 2D component only present in Oracle Java)
	- openjdk-8 <not-affected> (proprietary 2D component only present in Oracle Java)
CVE-2019-2696 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2695 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2694 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2693 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2692 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-java <not-affected> (Only affects 8.x)
	NOTE: It's not clear whether older versions are affected, but Oracle doesn't provide
	NOTE: further information, so there's not really anything we can do about this anyway
CVE-2019-2691 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2689 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2688 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2687 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2686 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2685 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2684 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4453-1 DLA-1782-1}
	- openjdk-7 <removed>
	- openjdk-8 8u212-b03-1
	- openjdk-11 11.0.3+7-1
CVE-2019-2683 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
CVE-2019-2682 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2681 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2680 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2679 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2678 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2677 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2019-2676 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2675 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2674 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2673 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2019-2672 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2671 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2670 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2019-2669 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2668 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2667
	RESERVED
CVE-2019-2666 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2665 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2019-2664 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2019-2663 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2662 (Vulnerability in the Oracle Territory Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2019-2661 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-2660 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2019-2659 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...)
	NOT-FOR-US: Oracle
CVE-2019-2658 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2657 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2656 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2655 (Vulnerability in the Oracle Interaction Center Intelligence component  ...)
	NOT-FOR-US: Oracle
CVE-2019-2654 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2653 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2652 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2019-2651 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-2650 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2649 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2648 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2647 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2646 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2645 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2644 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2643 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2019-2642 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2019-2641 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2019-2640 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2019-2639 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2638 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2019-2637 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2636 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2635 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2634 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2633 (Vulnerability in the Oracle Work in Process component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2019-2632 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
CVE-2019-2631 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2630 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2629 (Vulnerability in the Oracle Health Sciences Data Management Workbench  ...)
	NOT-FOR-US: Oracle
CVE-2019-2628 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.15-1 (bug #928393)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
	NOTE: Fixed in MariaDB: 10.3.15
CVE-2019-2627 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.15-1 (bug #928393)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.41-0+deb9u1
	- mariadb-10.0 <removed>
	[jessie] - mariadb-10.0 <postponed> (Minor issue)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
	NOTE: Fixed in MariaDB: 10.3.15, 10.1.39
CVE-2019-2626 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2625 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2624 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2623 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2622 (Vulnerability in the Oracle Service Contracts component of Oracle E-Bu ...)
	NOT-FOR-US: Oracle
CVE-2019-2621 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2620 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2619 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2019-2618 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2617 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2616 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2615 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2614 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.3 1:10.3.15-1 (bug #928393)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.41-0+deb9u1
	- mariadb-10.0 <removed>
	[jessie] - mariadb-10.0 <postponed> (Minor issue)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.3.15, 10.1.39
CVE-2019-2613 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2612 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2611 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2610 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2609 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2608 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2607 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2606 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2605 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2019-2604 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2019-2603 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4453-1 DLA-1782-1}
	- openjdk-7 <removed>
	- openjdk-8 8u212-b03-1
	- openjdk-11 11.0.3+7-1
CVE-2019-2601 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2600 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-2599 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2019-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2597 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2596 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2595 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2594 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2019-2593 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2592 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
CVE-2019-2591 (Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2019-2590 (Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Mana ...)
	NOT-FOR-US: Oracle
CVE-2019-2589 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2588 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2587 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2586 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2019-2585 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2584 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2583 (Vulnerability in the Oracle iSupplier Portal component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2019-2582 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2581 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
CVE-2019-2580 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2579 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2578 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2577 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2576 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2019-2575 (Vulnerability in the Oracle AutoVue 3D Professional Advanced component ...)
	NOT-FOR-US: Oracle
CVE-2019-2574 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 6.0.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2573 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2572 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2019-2571 (Vulnerability in the RDBMS DataPump component of Oracle Database Serve ...)
	NOT-FOR-US: Oracle
CVE-2019-2570 (Vulnerability in the Siebel Core - Server BizLogic Script component of ...)
	NOT-FOR-US: Oracle
CVE-2019-2569 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2568 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2567 (Vulnerability in the Oracle Configurator component of Oracle Supply Ch ...)
	NOT-FOR-US: Oracle
CVE-2019-2566 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.26-1 (bug #927308)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL
CVE-2019-2565 (Vulnerability in the JD Edwards World Technical Foundation component o ...)
	NOT-FOR-US: Oracle
CVE-2019-2564 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2019-2563
	RESERVED
CVE-2019-2562
	RESERVED
CVE-2019-2561 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2019-2560
	RESERVED
CVE-2019-2559
	RESERVED
CVE-2019-2558 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2019-2557 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2019-2556 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2555 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2554 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2553 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2552 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2551 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2550 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2019-2549 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2019-2548 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2547 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2019-2546 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2019-2545 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2544 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2543 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2542
	RESERVED
CVE-2019-2541 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2540 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2019-2539 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8.x)
CVE-2019-2538 (Vulnerability in the Oracle Managed File Transfer component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2537 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DLA-1655-1}
	- mysql-5.7 5.7.25-1 (bug #919817)
	- mariadb-10.3 1:10.3.13-1 (bug #920933)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.38-0+deb9u1
	- mariadb-10.0 <removed>
	NOTE: Fixed in MariaDB: 10.3.13, 10.1.38, 10.0.38
CVE-2019-2536 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2535 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2534 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2533 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8.x)
CVE-2019-2532 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2531 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2530 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2529 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DLA-1655-1}
	- mysql-5.7 5.7.25-1 (bug #919817)
	- mariadb-10.1 <removed>
	[stretch] - mariadb-10.1 10.1.38-0+deb9u1
	- mariadb-10.0 <removed>
	NOTE: Fixed in MariaDB: 10.1.38, 10.0.38
CVE-2019-2528 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2527 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2526 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2525 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2524 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2523 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2522 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2521 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2520 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2519 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component  ...)
	NOT-FOR-US: Oracle
CVE-2019-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2019-2517 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2516 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2019-2515
	RESERVED
CVE-2019-2514
	RESERVED
CVE-2019-2513 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2512 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2019-2511 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2510 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
	- mariadb-10.3 1:10.3.13-1 (bug #920933)
	NOTE: Fixed in MariaDB: 10.3.13
CVE-2019-2509 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2508 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2507 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2506 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2505 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2504 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2503 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mysql-5.7 5.7.25-1 (bug #919817)
	- mariadb-10.0 <removed>
	NOTE: Fixed in MariaDB: 10.0.37
CVE-2019-2502 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2501 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2500 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2499 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2498 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2019-2497 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2496 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2495 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2494 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2493 (Vulnerability in the PeopleSoft Enterprise CS Campus Community compone ...)
	NOT-FOR-US: Oracle
CVE-2019-2492 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-2491 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2019-2490 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2489 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2488 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2487 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2019-2486 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2485 (Vulnerability in the Oracle Mobile Field Service component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2019-2484 (Vulnerability in the Application Express component of Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2019-2483
	RESERVED
CVE-2019-2482 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2481 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2480 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2479 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2478 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2477 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2476 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2475 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2474 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2473 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2472 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2471 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2470 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2019-2469 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2468 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2467 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2466 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2465 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2464 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2463 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2462 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2461 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2460 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2459 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2458 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2457 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2456 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2455 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2454
	RESERVED
CVE-2019-2453 (Vulnerability in the Oracle Performance Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2019-2452 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2451 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2450 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2449 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2019-2448 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2447 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2019-2446 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2445 (Vulnerability in the Oracle Content Manager component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2019-2444 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2443 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2442 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2441 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2440 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2019-2439 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2438 (Vulnerability in the Oracle Web Cache component of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2019-2437 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
	NOT-FOR-US: Oracle
CVE-2019-2436 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Specific to 8)
CVE-2019-2435 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-python 8.0.14-1 (bug #919820)
	[stretch] - mysql-connector-python <ignored> (No security details disclosed, no 2.1.x release by Oracle)
	[jessie] - mysql-connector-python <ignored> (No security details disclosed, no 1.2.x release by Oracle)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435
CVE-2019-2434 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2433 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2432 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2019-2431 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2019-2430 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2019-2429 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2019-2428
	RESERVED
CVE-2019-2427 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2019-2426 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-7 <not-affected> (Specific to Java on Windows)
	- openjdk-8 <not-affected> (Specific to Java on Windows)
	- openjdk-11 <not-affected> (Specific to Java on Windows)
CVE-2019-2425 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2424 (Vulnerability in the Oracle Retail Convenience Store Back Office compo ...)
	NOT-FOR-US: Oracle
CVE-2019-2423 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2422 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4410-1 DLA-1732-1}
	[experimental] - openjdk-7 7u211-2.6.17-1
	- openjdk-7 <unfixed>
	- openjdk-8 8u202-b26-1
	- openjdk-11 11.0.2+9-1
CVE-2019-2421 (Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Deskto ...)
	NOT-FOR-US: Oracle
CVE-2019-2420 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1 (bug #919817)
CVE-2019-2419 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
	NOT-FOR-US: Oracle
CVE-2019-2418 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2417 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2416 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2415 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2019-2414 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2019-2413 (Vulnerability in the Oracle Reports Developer component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2019-2412 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2019-2411 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2019-2410 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2019-2409 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2019-2408 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2407 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2406 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2019-2405 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2404 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2019-2403 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...)
	NOT-FOR-US: Oracle
CVE-2019-2402 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...)
	NOT-FOR-US: Oracle
CVE-2019-2401 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2400 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2019-2399 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...)
	NOT-FOR-US: Oracle
CVE-2019-2398 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2019-2397 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2019-2396 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2019-2395 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-20146 (An issue was discovered in Liquidware ProfileUnity before 6.8.0 with L ...)
	NOT-FOR-US: Liquidware ProfileUnity
CVE-2018-20153 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could mod ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20152 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass i ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20151 (In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation pa ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20150 (In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could tri ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
	NOTE: https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
CVE-2018-20149 (In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP S ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
	NOTE: https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
CVE-2018-20148 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could con ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20147 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify m ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20144 (GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x be ...)
	- gitlab 11.5.4+dfsg-1
	NOTE: https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/
CVE-2018-20143
	RESERVED
CVE-2018-20142
	RESERVED
CVE-2018-20141 (AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sor ...)
	NOT-FOR-US: AbanteCart
CVE-2018-20140 (Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilitie ...)
	NOT-FOR-US: Zenphoto
CVE-2018-20139
	RESERVED
CVE-2018-20138 (PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via A ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur B2B Script
CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or  ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Vari ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostnam ...)
	NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-20134
	RESERVED
CVE-2018-20133 (ymlref allows code injection. ...)
	NOT-FOR-US: ymlref
CVE-2018-20132
	REJECTED
CVE-2018-20131 (The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linu ...)
	NOT-FOR-US: Code42
CVE-2018-20130
	RESERVED
CVE-2018-20129 (An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/se ...)
	NOT-FOR-US: DedeCMS
CVE-2018-20128 (An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php a ...)
	NOT-FOR-US: UsualToolCMS
CVE-2018-20127 (An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.p ...)
	NOT-FOR-US: zzzphp cms
CVE-2018-20126 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c98e7536905bb4902363d0cba66ce7e089
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20125 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce5da8ae6689c75182b73bc455a291cad41
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of ...)
	- qemu 1:4.1-1 (bug #922461; unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373cc2b3a063ce067bc0cc3edaf370752890
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
	NOTE: The issue is in PVRDMA support, cf. https://bugs.debian.org/922461#18
CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak  ...)
	- qemu 1:4.1-1 (unimportant; bug #916442)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
	NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4, and
	NOTE: applied patch in 1:3.1+dfsg-3 reverted.
CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option  ...)
	- mosquitto 1.5.5-1
	[stretch] - mosquitto <not-affected> (Only affects 1.5.x)
	[jessie] - mosquitto <not-affected> (Only affects 1.5.x)
	NOTE: https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4
	NOTE: https://github.com/eclipse/mosquitto/issues/1073
CVE-2018-20122 (The web interface on FASTGate Fastweb devices with firmware through 0. ...)
	NOT-FOR-US: FASTGate Fastweb
CVE-2018-20121 (Podcast Generator 2.7 has stored cross-site scripting (XSS) via the UR ...)
	NOT-FOR-US: Podcast Generator
CVE-2018-20120
	RESERVED
CVE-2018-20119
	RESERVED
CVE-2018-20118
	RESERVED
CVE-2018-20117
	RESERVED
CVE-2018-20116
	RESERVED
CVE-2018-20115
	RESERVED
CVE-2018-20114 (On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices ...)
	NOT-FOR-US: D-Link
CVE-2018-20113
	REJECTED
CVE-2018-20112
	REJECTED
CVE-2018-20111
	REJECTED
CVE-2018-20110
	REJECTED
CVE-2018-20109
	REJECTED
CVE-2018-20108
	REJECTED
CVE-2018-20107
	REJECTED
CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer set ...)
	NOT-FOR-US: yast2-printer
CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files vulnerability in yas ...)
	NOT-FOR-US: yast-rmt
CVE-2018-20104
	RESERVED
CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...)
	- haproxy 1.8.15-1 (bug #916307)
	[stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25
CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was discov ...)
	- haproxy 1.8.15-1 (bug #916308)
	[stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0
CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 f ...)
	NOT-FOR-US: codection "Import users from CSV with meta" plugin for WordPress
CVE-2018-20100 (An issue was discovered on August Connect devices. Insecure data trans ...)
	NOT-FOR-US: August Connect
CVE-2018-20099 (There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2im ...)
	[experimental] - exiv2 <unfixed> (low)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
	NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
CVE-2018-20098 (There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2He ...)
	[experimental] - exiv2 <unfixed> (low)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
	NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
	NOTE: https://github.com/Exiv2/exiv2/commit/203ab0db28c9666b16069d4056ac5f66f753a51d
CVE-2018-20096 (There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf fun ...)
	[experimental] - exiv2 <unfixed> (low)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
CVE-2018-20095 (An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 ...)
	NOT-FOR-US: Bento4
CVE-2018-20094 (An issue was discovered in XXL-CONF 1.6.0. There is a path traversal v ...)
	NOT-FOR-US: XXL-CONF
CVE-2018-20093
	RESERVED
CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory trav ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
	NOT-FOR-US: Cloudera Data Science Workbench
CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4. ...)
	NOT-FOR-US: Cloudera
CVE-2018-20089
	RESERVED
CVE-2018-20088
	RESERVED
CVE-2018-20087
	RESERVED
CVE-2018-20086
	RESERVED
CVE-2018-20085
	RESERVED
CVE-2018-20084
	RESERVED
CVE-2018-20083
	RESERVED
CVE-2018-20082
	RESERVED
CVE-2018-20081
	RESERVED
CVE-2018-20080
	RESERVED
CVE-2018-20079
	RESERVED
CVE-2018-20078
	RESERVED
CVE-2018-20077
	RESERVED
CVE-2018-20076
	RESERVED
CVE-2018-20075
	RESERVED
CVE-2018-20074
	RESERVED
CVE-2018-20073 (Use of extended attributes in downloads in Google Chrome prior to 72.0 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1 (low)
CVE-2018-20072
	RESERVED
CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app installatio ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation  ...)
	- chromium <not-affected> (Specific to iOS)
CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to 71. ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.8 ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via d ...)
	NOT-FOR-US: doorGets
CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricte ...)
	NOT-FOR-US: Gurock TestRail
CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.ph ...)
	NOT-FOR-US: NoneCms
CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through  ...)
	NOT-FOR-US: Frappe ERPNext
CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...)
	- python-urllib3 1.24-1
	[stretch] - python-urllib3 <no-dsa> (Minor issue)
	[jessie] - python-urllib3 <ignored> (Minor issue)
	NOTE: https://github.com/urllib3/urllib3/issues/1316
	NOTE: https://github.com/urllib3/urllib3/pull/1346
	NOTE: https://github.com/urllib3/urllib3/commit/3d7f98b07b6e6e04c2e89cdf5afb18024a2d804c
	NOTE: https://github.com/urllib3/urllib3/commit/f99912beeaf230ee3634b938d3ea426ffd1f3e57
	NOTE: https://github.com/urllib3/urllib3/commit/48dba048081dfcb999afcda715d17147aa15b6ea
	NOTE: https://github.com/urllib3/urllib3/commit/23e2eb56af23db5a1eeb8ad9b51dd99a27c15522
	NOTE: https://github.com/urllib3/urllib3/commit/5e9c6b9175d66170ef65fc703f2e46788a59ca0c
	NOTE: https://github.com/urllib3/urllib3/commit/9c9dd6f3014e89bb9c532b641abcf1b24c3896ab
	NOTE: https://github.com/urllib3/urllib3/commit/6245ddddb7f80740c5c15e1750e5b9f68c5b2b5f
	NOTE: https://github.com/urllib3/urllib3/commit/3b5f27449e153ad05186beca8fbd9b134936fe50
	NOTE: https://github.com/urllib3/urllib3/commit/1742538d57865e61125c6c12a755b5db41636fe7
	NOTE: https://github.com/urllib3/urllib3/commit/2a42e70ff077006d5a6da92251ddbb2939303f94
	NOTE: https://github.com/urllib3/urllib3/commit/e8a727a0b8389f5f75981858a8bbb319646f4450
	NOTE: https://github.com/urllib3/urllib3/commit/63948f3a607ed8e7a3ce9ac4e20782359896e27e
	NOTE: https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532
	NOTE: Fixed upstream in 1.23
CVE-2018-20059 (jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. ...)
	NOT-FOR-US: Pippo
CVE-2018-20058 (In Evernote before 7.6 on macOS, there is a local file path traversal  ...)
	NOT-FOR-US: Evernote
CVE-2018-20057 (An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 an ...)
	NOT-FOR-US: D-Link
CVE-2018-20056 (An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 an ...)
	NOT-FOR-US: D-Link
CVE-2018-20055
	RESERVED
CVE-2018-20054
	RESERVED
CVE-2018-20053 (An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. ...)
	NOT-FOR-US: Cerner Connectivity Engine (CCE) 4 devices
CVE-2018-20052 (An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. ...)
	NOT-FOR-US: Cerner Connectivity Engine (CCE) 4 devices
CVE-2018-20051 (Mishandling of '&gt;' on the Jooan JA-Q1H Wi-Fi camera with firmware 2 ...)
	NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
CVE-2018-20050 (Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with f ...)
	NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
CVE-2018-20049
	RESERVED
CVE-2018-20048
	RESERVED
CVE-2018-20047
	RESERVED
CVE-2018-20046
	RESERVED
CVE-2018-20045
	RESERVED
CVE-2018-20044
	RESERVED
CVE-2018-20043
	RESERVED
CVE-2018-20042
	RESERVED
CVE-2018-20041
	RESERVED
CVE-2018-20040
	RESERVED
CVE-2018-20039
	RESERVED
CVE-2018-20038
	RESERVED
CVE-2018-20037
	RESERVED
CVE-2018-20036
	RESERVED
CVE-2018-20035
	RESERVED
CVE-2018-20034 (A Denial of Service vulnerability related to adding an item to a list  ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon compo ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in lmgrd ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion  ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
	{DLA-2222-1 DLA-2214-1}
	- libexif 0.6.21-5.1 (bug #918730)
	[stretch] - libexif <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
	NOTE: https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
CVE-2018-20029 (The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6 ...)
	NOT-FOR-US: nxfs.sys driver in the DokanFS library in NoMachine on Windows
CVE-2019-2394
	RESERVED
CVE-2019-2393
	RESERVED
CVE-2019-2392
	RESERVED
CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...)
	[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
	- node-mongodb 3.5.6+~cs11.12.19-1
	[buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1
	NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19
CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create  ...)
	NOT-FOR-US: Microsoft
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
	- mongodb <removed> (low)
	[stretch] - mongodb <ignored> (Minor issue)
	[jessie] - mongodb <ignored> (Minor issue)
CVE-2019-2388 (In affected Ops Manager versions there is an exposed http route was th ...)
	NOT-FOR-US: MongoDB Ops Manager
CVE-2019-2387
	RESERVED
CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...)
	- mongodb <removed> (low; bug #934783)
	[stretch] - mongodb <ignored> (Minor issue)
	[jessie] - mongodb <ignored> (Trivial workaround available)
	NOTE: https://jira.mongodb.org/browse/SERVER-38984
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0829
CVE-2019-2385
	RESERVED
CVE-2019-2384
	RESERVED
CVE-2019-2383
	RESERVED
CVE-2019-2382
	RESERVED
CVE-2019-2381
	RESERVED
CVE-2019-2380
	RESERVED
CVE-2019-2379
	RESERVED
CVE-2019-2378
	RESERVED
CVE-2019-2377
	RESERVED
CVE-2019-2376
	RESERVED
CVE-2019-2375
	RESERVED
CVE-2019-2374
	RESERVED
CVE-2019-2373
	RESERVED
CVE-2019-2372
	RESERVED
CVE-2019-2371
	RESERVED
CVE-2019-2370
	RESERVED
CVE-2019-2369
	RESERVED
CVE-2019-2368
	RESERVED
CVE-2019-2367
	RESERVED
CVE-2019-2366
	RESERVED
CVE-2019-2365
	RESERVED
CVE-2019-2364
	RESERVED
CVE-2019-2363
	RESERVED
CVE-2019-2362
	RESERVED
CVE-2019-2361
	RESERVED
CVE-2019-2360
	RESERVED
CVE-2019-2359
	RESERVED
CVE-2019-2358
	RESERVED
CVE-2019-2357
	RESERVED
CVE-2019-2356
	RESERVED
CVE-2019-2355
	RESERVED
CVE-2019-2354
	RESERVED
CVE-2019-2353
	RESERVED
CVE-2019-2352
	RESERVED
CVE-2019-2351
	RESERVED
CVE-2019-2350
	RESERVED
CVE-2019-2349
	RESERVED
CVE-2019-2348
	RESERVED
CVE-2019-2347
	RESERVED
CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan command  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in Snapdragon ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2344
	RESERVED
CVE-2019-2343 (Out of bound read and information disclosure in firmware due to insuff ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2342
	RESERVED
CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is larger  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2340
	RESERVED
CVE-2019-2339 (Out of bound access due to lack of check of whiltelist array size whil ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2338 (Crafted image that has a valid signature from a non-QC entity can be l ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2337 (While Skipping unknown IES, EMM is reading the buffer even if the no o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2336 (Subsequent use of the CBO listener may result in further memory corrup ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2335 (While processing Attach Reject message, Valid exit condition is not me ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2332 (Memory corruption while accessing the memory as payload size is not va ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2331 (Possible Integer overflow because of subtracting two integers without  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2330 (improper input validation in allocation request for secure allocations ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2329 (Use after free issue in cleanup routine due to missing pointer sanitiz ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2328 (Possible buffer overflow when number of channels passed is more than s ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorrect el ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2326 (Data token is received from ADSP and is used without validation as an  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2325 (Out of boundary access due to token received from ADSP and is used wit ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2324 (When ADSP is compromised, the audio port index that`s returned from AD ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2323 (Lack of check to ensure crypto engine data passed by user is initializ ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non-stan ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321 (Incorrect length used while validating the qsee log buffer sent from H ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2320 (Possible out of bounds write in a MT SMS/SS scenario due to improper v ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2319 (HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdra ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2318 (Non Secure Kernel can cause Trustzone to do an arbitrary memory read w ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2317 (The secret key used to make the Initial Sequence Number in the TCP SYN ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2316 (When computing the digest a local variable is used after going out of  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2315 (While invoking the API to copy from fd or local buffer to the secure b ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2314 (Possible race condition that will cause a use-after-free when writing  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2313
	RESERVED
CVE-2019-2312 (When handling the vendor command there exists a potential buffer overf ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2311 (Possible buffer overflow in WLAN handler due to lack of validation of  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2310 (Out of bound read would occur while trying to read action category and ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2307 (Possible integer underflow due to lack of validation before calculatio ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2306 (Improper casting of structure while handling the buffer leads to out o ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2305 (Out of bound access when reason code is extracted from frame data with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2304 (Integer overflow to buffer overflow due to lack of validation of event ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2303 (SNDCP module may access array out side its boundary when it receives m ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2300 (Possible buffer overflow in WLAN handler due to lack of validation of  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted command  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2297 (Buffer overflow can occur while processing non-standard NAN message fr ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2296
	RESERVED
CVE-2019-2295 (Information disclosure due to lack of address range check done on the  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2294 (Usage of hard-coded magic number for calculating heap guard bytes can  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2291
	RESERVED
CVE-2019-2290 (Multiple open and close from multiple threads will lead camera driver  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2289 (Lack of integrity check allows MODEM to accept any NAS messages which  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2288 (Out of bound write in TZ while copying the secure dump structure on HL ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2286
	RESERVED
CVE-2019-2285 (Out of bound write issue is observed while giving information about pr ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s before ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2282
	RESERVED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2280
	RESERVED
CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2278 (User keystore signature is ignored in boot and can lead to bypass boot ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on user c ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2276 (Possible out of bound read occurs while processing beaconing request d ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2275 (While deserializing any key blob during key operations, buffer overflo ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2274 (Improper Access Control for RPU write access from secure processor in  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2271 (Buffer over read can happen while parsing downlink session management  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2270
	RESERVED
CVE-2019-2269 (Possible buffer overflow while processing the high level lim process a ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2268 (Possible OOB read issue in P2P action frames while handling WLAN manag ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2267 (Locked regions may be modified through other interfaces in secure boot ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2266 (Possible double free issue in kernel while handling the camera sensor  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2265
	RESERVED
CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2263 (Access to freed memory can happen while reading from diag driver due t ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2262
	RESERVED
CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non secure sub ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2260 (A race condition occurs while processing perf-event which can lead to  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2258 (Improper validation of array index causes OOB write and then leads to  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2257 (Wrong permissions in configuration file can lead to unauthorized permi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2256 (An unprivileged user can craft a bitstream such that the payload encod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2255 (An unprivileged user can craft a bitstream such that the payload encod ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2254 (Position determination accuracy may be degraded due to wrongly decoded ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corrupted  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2252 (Classic buffer overflow vulnerability while playing the specific video ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2251 (If a bitmap file is loaded from any un-authenticated source, there is  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by user duri ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2248 (Buffer overflow can occur if invalid header tries to overwrite the exi ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2247 (Possibility of double free issue while running multiple instances of s ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2246 (Thread start can cause invalid memory writes to arbitrary memory locat ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2245 (Possible integer underflow can happen when calculating length of eleme ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while getting th ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2242 (Device memory may get corrupted because of buffer overflow/underflow.  ...)
	NOT-FOR-US: Snapdragon
CVE-2019-2241 (While rendering the layout background, Error status check is not caugh ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2240 (While sending the rendered surface content to the screen, Error handli ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2239 (Sanity checks are missing in layout which can lead to SUI Corruption o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2238 (Lack of check of data type can lead to subsequent loop-expression pote ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2237 (Failure in taking appropriate action to handle the error case If keypa ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2236 (Null pointer dereference during secure application termination using s ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2235 (Buffer overflow occurs when emulated RPMB is used due to sector size a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2234
	RESERVED
CVE-2019-2233 (In getUserCount and getCount of UserSwitcherController.java, there is  ...)
	NOT-FOR-US: Android
CVE-2019-2232 (In handleRun of TextLine.java, there is a possible application crash d ...)
	NOT-FOR-US: Android
CVE-2019-2231 (In Blob::Blob of blob.cpp, there is a possible unencrypted master key  ...)
	NOT-FOR-US: Android
CVE-2019-2230 (In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.c ...)
	NOT-FOR-US: Android
CVE-2019-2229 (In updateWidget of BaseWidgetProvider.java, there is a possible leak o ...)
	NOT-FOR-US: Android
CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds read due t ...)
	{DLA-2047-1}
	- cups 2.3.1-1 (bug #946782)
	[buster] - cups 2.2.10-6+deb10u2
	[stretch] - cups 2.2.1-8+deb9u5
	NOTE: https://github.com/apple/cups/commit/b018978c278d42c7abf78941251b887c95dfdb07 (master, v2.3.1)
	NOTE: https://github.com/apple/cups/commit/8c9b3606cca99e5dfc51784a9de1634345db7579 (v2.2.13)
CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds read due  ...)
	NOT-FOR-US: Android
CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible out of  ...)
	NOT-FOR-US: Android
CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to pair a mal ...)
	NOT-FOR-US: Android
CVE-2019-2224
	REJECTED
CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bo ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2222 (n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2221 (In hasActivityInVisibleTask of WindowProcessController.java there&#821 ...)
	NOT-FOR-US: Android
CVE-2019-2220 (In checkOperation of AppOpsService.java, there is a possible bypass of ...)
	NOT-FOR-US: Android
CVE-2019-2219 (In System UI, there is a possible bypass of user's consent for access  ...)
	NOT-FOR-US: Android
CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
	NOT-FOR-US: Android
CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...)
	NOT-FOR-US: Android
CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due  ...)
	NOT-FOR-US: Android
CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an  ...)
	{DLA-2114-1 DLA-2068-1}
	- linux 4.15.4-1
	[stretch] - linux 4.9.210-1
	NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
CVE-2019-2214 (In binder_transaction of binder.c, there is a possible out of bounds w ...)
	- linux 5.2.6-1
	[buster] - linux <not-affected> (Vulnerability introduced later)
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-maco@android.com/
	NOTE: https://git.kernel.org/linus/a56587065094fd96eb4c2b5ad65571daad32156d
CVE-2019-2213 (In binder_free_transaction of binder.c, there is a possible use-after- ...)
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[jessie] - linux <ignored> (Android drivers not supported)
	NOTE: https://lore.kernel.org/patchwork/patch/1087916/
CVE-2019-2212 (In poisson_distribution of random, there is an out of bounds read. Thi ...)
	- libc++ <removed>
	[stretch] - libc++ <no-dsa> (Minor issue)
	[jessie] - libc++ <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
	- llvm-toolchain-6.0 <unfixed>
	[buster] - llvm-toolchain-6.0 <no-dsa> (Minor issue)
	[jessie] - llvm-toolchain-6.0 <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
	- llvm-toolchain-8 <unfixed>
	NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
	NOTE: https://android.googlesource.com/platform/external/libcxx/+/8260b5d56f6880a29b57f73b7f4866e47e9e4818
	NOTE: https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a
	NOTE: template is affected, so dependencies need a rebuild
CVE-2019-2211 (In createProjectionMapForQuery of TvProvider.java, there is possible S ...)
	NOT-FOR-US: Android
CVE-2019-2210 (In load_logging_config of qmi_vs_service.cc, there is a possible out o ...)
	NOT-FOR-US: Android
CVE-2019-2209 (In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2019-2208 (In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise. ...)
	NOT-FOR-US: Android
CVE-2019-2207 (In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2019-2206 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...)
	NOT-FOR-US: Android
CVE-2019-2205 (In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a p ...)
	NOT-FOR-US: Android
CVE-2019-2204 (In FindSharedFunctionInfo of objects.cc, there is a possible out of bo ...)
	NOT-FOR-US: Android
CVE-2019-2203 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out  ...)
	NOT-FOR-US: Android media framework
CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out  ...)
	NOT-FOR-US: Android media framework
CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...)
	[experimental] - libjpeg-turbo 1:2.0.3-1~exp1
	- libjpeg-turbo <unfixed> (low)
	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
	[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
	[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
	NOTE: https://source.android.com/security/bulletin/2019-11-01
	NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
	NOTE: https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c
CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...)
	NOT-FOR-US: Android
CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
	NOT-FOR-US: Android
CVE-2019-2198 (In Download Provider, there is a possible SQL injection vulnerability. ...)
	NOT-FOR-US: Android
CVE-2019-2197 (In processPhonebookAccess of CachedBluetoothDevice.java, there is a po ...)
	NOT-FOR-US: Android
CVE-2019-2196 (In Download Provider, there is possible SQL injection. This could lead ...)
	NOT-FOR-US: Android
CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible attacker contr ...)
	NOT-FOR-US: Android
CVE-2019-2194
	RESERVED
	NOT-FOR-US: Android
CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible permiss ...)
	NOT-FOR-US: Android
CVE-2019-2192 (In call of SliceProvider.java, there is a possible permissions bypass  ...)
	NOT-FOR-US: Android
CVE-2019-2191 (In LG's LAF component, there is a possible leak of information in a pr ...)
	NOT-FOR-US: LG components for Android
CVE-2019-2190 (In LG's LAF component, there is a possible leak of information in a pr ...)
	NOT-FOR-US: LG components for Android
CVE-2019-2189 (In the Easel driver, there is possible memory corruption due to race c ...)
	NOT-FOR-US: Android
CVE-2019-2188 (In the Easel driver, there is possible memory corruption due to race c ...)
	NOT-FOR-US: Android
CVE-2019-2187 (In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out o ...)
	NOT-FOR-US: Android
CVE-2019-2186 (In GetMBheader of combined_decode.cpp, there is a possible out of boun ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2185 (In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a poss ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...)
	NOT-FOR-US: Android
CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...)
	{DSA-4698-1 DLA-2242-1}
	- linux 4.16.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
CVE-2019-2181 (In binder_transaction of binder.c in the Android kernel, there is a po ...)
	- linux 5.2.6-1
	[buster] - linux <not-affected> (Vulnerable code not present)
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/0b0509508beff65c1d50541861bc0d4973487dc5
CVE-2019-2180 (In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possi ...)
	{DLA-1893-1}
	- cups 2.2.12-1 (bug #934957)
	[buster] - cups 2.2.10-6+deb10u1
	[stretch] - cups 2.2.1-8+deb9u4
	NOTE: Covers the "Fixed IPP buffer overflow (rdar://50035411)" angle of
	NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
CVE-2019-2179 (In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 an ...)
	NOT-FOR-US: Android
CVE-2019-2178 (In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and ...)
	NOT-FOR-US: Android
CVE-2019-2177 (In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 an ...)
	NOT-FOR-US: Android
CVE-2019-2176 (In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Andr ...)
	NOT-FOR-US: Android media framework
CVE-2019-2175 (In checkAccess of SliceManagerService.java in Android 9, there is a po ...)
	NOT-FOR-US: Android
CVE-2019-2174 (In SensorManager::assertStateLocked of SensorManager.cpp in Android 7. ...)
	NOT-FOR-US: Android
CVE-2019-2173 (In startActivityMayWait of ActivityStarter.java, there is a possible i ...)
	NOT-FOR-US: Android
CVE-2019-2172 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2171 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2170 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2169 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2168 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2167 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2166 (In libxaac there is a possible information disclosure due to uninitial ...)
	NOT-FOR-US: Android
CVE-2019-2165 (In libxaac there is a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-2164 (In libxaac there is a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-2163 (In libxaac there is a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-2162 (In libxaac there is a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-2161 (In libxaac there is a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-2160 (In libxaac there is a possible out of bounds read due to a missing bou ...)
	NOT-FOR-US: Android
CVE-2019-2159 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2158 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2157 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2156 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2155 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2154 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2153 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2152 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2151 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2150 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2149 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2148 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2147 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2146 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2145 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2144 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2143 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2142 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2141 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2140 (In libxaac, there is a possible information disclosure due to uninitia ...)
	NOT-FOR-US: Android
CVE-2019-2139 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2138 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2137 (In the endCall() function of TelecomManager.java, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2019-2136 (In Status::readFromParcel of Status.cpp, there is a possible out of bo ...)
	NOT-FOR-US: Android
CVE-2019-2135 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2019-2134 (In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a po ...)
	NOT-FOR-US: Android
CVE-2019-2133 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2019-2132 (It is possible to overlay the VPN dialog by a malicious application. T ...)
	NOT-FOR-US: Android
CVE-2019-2131 (An application with overlay permission can display overlays on top of  ...)
	NOT-FOR-US: Android
CVE-2019-2130 (In CompilationJob::FinalizeJob of compiler.cc, there is a possible rem ...)
	NOT-FOR-US: Android
CVE-2019-2129 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
	NOT-FOR-US: Android media framework
CVE-2019-2128 (In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write ...)
	NOT-FOR-US: Android media framework
CVE-2019-2127 (In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp,  ...)
	NOT-FOR-US: Android media framework
CVE-2019-2126 (In ParseContentEncodingEntry of mkvparser.cc, there is a possible doub ...)
	NOT-FOR-US: Android media framework
CVE-2019-2125 (In ChangeDefaultDialerDialog.java, there is a possible escalation of p ...)
	NOT-FOR-US: Android
CVE-2019-2124 (In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java i ...)
	NOT-FOR-US: Android
CVE-2019-2123 (In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and  ...)
	NOT-FOR-US: Android
CVE-2019-2122 (In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.j ...)
	NOT-FOR-US: Android
CVE-2019-2121 (In ActivityManagerService.attachApplication of ActivityManagerService, ...)
	NOT-FOR-US: Android
CVE-2019-2120 (In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there i ...)
	NOT-FOR-US: Android
CVE-2019-2119 (In multiple functions of key_store_service.cpp, there is a possible In ...)
	NOT-FOR-US: Android
CVE-2019-2118 (In various functions of Parcel.cpp, there are uninitialized or partial ...)
	NOT-FOR-US: Android
CVE-2019-2117 (In checkQueryPermission of TelephonyProvider.java, there is a possible ...)
	NOT-FOR-US: Android
CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound ...)
	NOT-FOR-US: Android
CVE-2019-2115 (In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2 ...)
	NOT-FOR-US: Android
CVE-2019-2114 (In the default privileges of NFC, there is a possible local bypass of  ...)
	NOT-FOR-US: Android
CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi connection  ...)
	NOT-FOR-US: Android
CVE-2019-2112 (In several functions of alarm.cc, there is possible memory corruption  ...)
	NOT-FOR-US: Android
CVE-2019-2111 (In loop of DnsTlsSocket.cpp, there is a possible heap memory corruptio ...)
	NOT-FOR-US: Android
CVE-2019-2110 (In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a ...)
	NOT-FOR-US: Android
CVE-2019-2109 (In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a pos ...)
	NOT-FOR-US: Android media framework
CVE-2019-2108 (In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a poss ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2019-2107 (In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out ...)
	NOT-FOR-US: Android media framework
CVE-2019-2106 (In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bo ...)
	NOT-FOR-US: Android media framework
CVE-2019-2105 (In FileInputStream::Read of file_input_stream.cc, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2019-2104 (In HIDL, safe_union, and other C++ structs/unions being sent to applic ...)
	NOT-FOR-US: Android
CVE-2019-2103 (In Google Assistant in Android 9, there is a possible permissions bypa ...)
	NOT-FOR-US: Android
CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a provided e ...)
	NOT-FOR-US: Android
CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possible out ...)
	{DLA-1862-1}
	- linux 4.19.37-1
	[stretch] - linux 4.9.168-1
	NOTE: https://git.kernel.org/linus/47bb117911b051bbc90764a8bff96543cbd2005f
CVE-2019-2100
	RESERVED
CVE-2019-2099 (In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out- ...)
	NOT-FOR-US: Android
CVE-2019-2098 (In areNotificationsEnabledForPackage of NotificationManagerService.jav ...)
	NOT-FOR-US: Android
CVE-2019-2097 (In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possibl ...)
	NOT-FOR-US: Android
CVE-2019-2096 (In EffectRelease of EffectBundle.cpp, there is a possible memory corru ...)
	NOT-FOR-US: Android
CVE-2019-2095 (In callGenIDChangeListeners and related functions of SkPixelRef.cpp, t ...)
	NOT-FOR-US: Android
CVE-2019-2094 (In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out o ...)
	NOT-FOR-US: Android
CVE-2019-2093 (In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write ...)
	NOT-FOR-US: Android
CVE-2019-2092 (In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.jav ...)
	NOT-FOR-US: Android
CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerServ ...)
	NOT-FOR-US: Android
CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there  ...)
	NOT-FOR-US: Android
CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...)
	NOT-FOR-US: Android
CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...)
	NOT-FOR-US: Android
CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2085 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2084 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2083 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2082 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2081 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2080 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2079 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2078 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2077 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2076 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2075 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2074 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2073 (In libxaac there is a possible out of bounds write to missing bounds c ...)
	NOT-FOR-US: Android
CVE-2019-2072 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2071 (In libxaac there is a possible out of bounds write due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2070 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2069 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2068 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2067 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2066 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2065 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2064 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2063 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2062 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2061 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missing bo ...)
	NOT-FOR-US: Android
CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead  ...)
	NOT-FOR-US: Android
CVE-2019-2057
	RESERVED
CVE-2019-2056 (There is a possible disclosure of RAM using a shared crypto key due to ...)
	NOT-FOR-US: Android
CVE-2019-2055 (In libxaac, there is a possible out of bounds write due to a missing b ...)
	NOT-FOR-US: Android
CVE-2019-2054 (In the seccomp implementation prior to kernel version 4.8, there is a  ...)
	- linux 4.8.5-1
	[jessie] - linux <ignored> (Documented limitation)
	NOTE: https://git.kernel.org/linus/0f3912fd934cdfd03d93f2dc6f064099795bf638
CVE-2019-2053 (In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2019-2052 (In VisitPointers of heap.cc, there is a possible out-of-bounds read du ...)
	NOT-FOR-US: Android
CVE-2019-2051 (In heap of spaces.h, there is a possible out of bounds read due to imp ...)
	NOT-FOR-US: Android
CVE-2019-2050 (In tearDownClientInterface of WificondControl.java, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2019-2049 (In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is  ...)
	NOT-FOR-US: Android
CVE-2019-2048
	RESERVED
CVE-2019-2047 (In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write ...)
	NOT-FOR-US: Android
CVE-2019-2046 (In CalculateInstanceSizeForDerivedClass of objects.cc, there is possib ...)
	NOT-FOR-US: Android
CVE-2019-2045 (In JSCallTyper of typer.cc, there is an out of bounds write due to an  ...)
	NOT-FOR-US: Android
CVE-2019-2044 (In MakeMP&gt;G4VideoCodecSpecificData of APacketSource.cpp, there is a ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2043 (In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possi ...)
	NOT-FOR-US: Android
CVE-2019-2042
	RESERVED
CVE-2019-2041 (In the configuration of NFC modules on certain devices, there is a pos ...)
	NOT-FOR-US: Android
CVE-2019-2040 (In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-o ...)
	NOT-FOR-US: Android
CVE-2019-2039 (In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-boun ...)
	NOT-FOR-US: Android
CVE-2019-2038 (In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bo ...)
	NOT-FOR-US: Android
CVE-2019-2037 (In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out- ...)
	NOT-FOR-US: Android
CVE-2019-2036 (In okToConnect of HidHostService.java, there is a possible permission  ...)
	NOT-FOR-US: Android
CVE-2019-2035 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-boun ...)
	NOT-FOR-US: Android
CVE-2019-2034 (In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds ...)
	NOT-FOR-US: Android
CVE-2019-2033 (In create_hdr of dnssd_clientstub.c, there is a possible use after fre ...)
	NOT-FOR-US: Android
CVE-2019-2032 (In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a  ...)
	NOT-FOR-US: Android
CVE-2019-2031 (In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2019-2030 (In removeInterfaceAddress of NetworkController.cpp, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2019-2029 (In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corrupt ...)
	NOT-FOR-US: Android
CVE-2019-2028 (In numerous hand-crafted functions in libmpeg2, NEON registers are not ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2027 (In floor0_inverse1 of floor0.c, there is a possible out of bounds writ ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2026 (In updateAssistMenuItems of Editor.java, there is a possible escape fr ...)
	NOT-FOR-US: Android
CVE-2019-2025 (In binder_thread_read of binder.c, there is a possible use-after-free  ...)
	- linux 4.19.9-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/7bada55ab50697861eee6bb7d60b41e68a961a9c (4.20-rc5)
CVE-2019-2024 (In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use afte ...)
	{DLA-1799-1}
	- linux 4.16.5-1
	[stretch] - linux 4.9.144-1
	NOTE: Fixed by: https://git.kernel.org/linus/910b0797fa9e8af09c44a3fa36cb310ba7a7218d (4.16-rc1)
CVE-2019-2023 (In ServiceManager::add function in the hardware service manager, there ...)
	NOT-FOR-US: Android
CVE-2019-2022 (In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.c ...)
	NOT-FOR-US: Android
CVE-2019-2021 (In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2019-2020 (In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of ...)
	NOT-FOR-US: Android
CVE-2019-2019 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound re ...)
	NOT-FOR-US: Android
CVE-2019-2018 (In resetPasswordInternal of DevicePolicyManagerService.java, there is  ...)
	NOT-FOR-US: Android
CVE-2019-2017 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2019-2016 (In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound ...)
	NOT-FOR-US: Android
CVE-2019-2015 (In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-o ...)
	NOT-FOR-US: Android
CVE-2019-2014 (In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2019-2013 (In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of- ...)
	NOT-FOR-US: Android
CVE-2019-2012 (In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of- ...)
	NOT-FOR-US: Android
CVE-2019-2011 (In readNullableNativeHandleNoDup of Parcel.cpp, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2019-2010 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
	NOT-FOR-US: Android
CVE-2019-2009 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...)
	NOT-FOR-US: Android
CVE-2019-2008 (In createEffect of AudioFlinger.cpp, there is a possible memory corrup ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2007 (In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is  ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2006 (In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory  ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-2005 (In onPermissionGrantResult of GrantPermissionsActivity.java, there is  ...)
	NOT-FOR-US: Android
CVE-2019-2004 (In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal ...)
	NOT-FOR-US: Android
CVE-2019-2003 (In addLinks of Linkify.java, there is a possible phishing vector due t ...)
	NOT-FOR-US: Android
CVE-2019-2002
	RESERVED
CVE-2019-2001 (The permissions on /proc/iomem were world-readable. This could lead to ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2019-2000 (In several functions of binder.c, there is possible memory corruption  ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2019-1999 (In binder_alloc_free_page of binder_alloc.c, there is a possible doubl ...)
	{DSA-4495-1}
	- linux 5.2.6-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/5cec2d2e5839f9c0fec319c523a911e0a7fd299f
CVE-2019-1998 (In event_handler of keymaster_app.c, there is possible resource exhaus ...)
	NOT-FOR-US: Android
CVE-2019-1997 (In random_get_bytes of random.c, there is a possible degradation of ra ...)
	NOT-FOR-US: Android
CVE-2019-1996 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2019-1995 (In ComposeActivityEmail of ComposeActivityEmail.java, there is a possi ...)
	NOT-FOR-US: Android
CVE-2019-1994 (In refresh of DevelopmentTiles.java, there is the possibility of leavi ...)
	NOT-FOR-US: Android
CVE-2019-1993 (In register_app of btif_hd.cc, there is a possible memory corruption d ...)
	NOT-FOR-US: Android
CVE-2019-1992 (In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use ...)
	NOT-FOR-US: Android
CVE-2019-1991 (In btif_dm_data_copy of btif_core.cc, there is a possible out of bound ...)
	NOT-FOR-US: Android
CVE-2019-1990 (In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a poss ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-1989 (In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a p ...)
	NOT-FOR-US: Android Media Framework
CVE-2019-1988 (In sample6 of SkSwizzler.cpp, there is a possible out of bounds write  ...)
	NOT-FOR-US: Android
CVE-2019-1987 (In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds w ...)
	NOT-FOR-US: Android
CVE-2019-1986 (In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2019-1985 (In findAvailSpellCheckerLocked of TextServicesManagerService.java, the ...)
	NOT-FOR-US: Android
CVE-2018-20028 (Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11  ...)
	NOT-FOR-US: Contao
CVE-2018-20027 (The yaml_parse.load method in Pylearn2 allows code injection. ...)
	NOT-FOR-US: Pylearn2
CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3 products ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 products vers ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...)
	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc <no-dsa> (Minor issue)
	[stretch] - ssvnc <no-dsa> (Minor issue)
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/254
	NOTE: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/
CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-66 ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- veyon  4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/253
	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...)
	{DSA-4383-1 DLA-2045-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc <no-dsa> (Minor issue)
	[stretch] - ssvnc <no-dsa> (Minor issue)
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/252
	NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
	{DSA-4383-1 DLA-2045-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc <no-dsa> (Minor issue)
	[stretch] - ssvnc <no-dsa> (Minor issue)
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/251
	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc <no-dsa> (Minor issue)
	[stretch] - ssvnc <no-dsa> (Minor issue)
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/250
	NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
	NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
	NOTE: same as CVE-2019-8287/tightvnc
CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulner ...)
	{DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
	- veyon 4.1.7+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
	NOTE: https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
	NOTE: https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	NOTE: https://github.com/LibVNC/libvncserver/issues/247
	NOTE: https://github.com/LibVNC/libvncserver/commit/a83439b9fbe0f03c48eb94ed05729cb016f8b72f
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/
	NOTE: When fixing this issue apply the complete set of fixes to not open CVE-2018-20748.
	NOTE: Additional commits:
	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
	NOTE: https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
	NOTE: https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
CVE-2018-20018 (S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated b ...)
	NOT-FOR-US: S-CMS
CVE-2018-20017 (SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. ...)
	NOT-FOR-US: SEMCMS
CVE-2018-20016
	RESERVED
CVE-2018-20015 (YzmCMS v5.2 has admin/role/add.html CSRF. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-20014 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
	NOT-FOR-US: UrBackup
CVE-2018-20013 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
	NOT-FOR-US: UrBackup
CVE-2018-20012 (PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=memb ...)
	NOT-FOR-US: PHPCMF
CVE-2018-20011 (DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Nam ...)
	NOT-FOR-US: DomainMOD
CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php  ...)
	NOT-FOR-US: DomainMOD
CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Prov ...)
	NOT-FOR-US: DomainMOD
CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59  ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153 and earlier, ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153 and earl ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...)
	NOT-FOR-US: Jenkins
CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...)
	NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices
CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
	NOT-FOR-US: Yeelight Smart AI Speaker devices
CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulne ...)
	NOT-FOR-US: PHPok
CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after ...)
	- mxml <unfixed> (unimportant)
	NOTE: https://github.com/michaelrsweet/mxml/issues/234
	NOTE: Crash in mxmldoc CLI tool, no security impact
CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-bas ...)
	{DLA-1641-1}
	- mxml 2.12-2 (low; bug #918007)
	[stretch] - mxml <no-dsa> (Minor issue)
	NOTE: https://github.com/michaelrsweet/mxml/issues/233
	NOTE: Fixed by https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0
CVE-2018-20003
	RESERVED
CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the Binary Fil ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23952
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
	NOTE: binutils not covered by security support
CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the range_decode ...)
	- libav <removed>
	[jessie] - libav <postponed> (not reproducible, requested more info from finder)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1141
CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstr ...)
	NOT-FOR-US: Apereo Bedework bw-webdav
CVE-2018-19999 (The local management interface in SolarWinds Serv-U FTP Server 15.1.6. ...)
	NOT-FOR-US: SolarWinds
CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
	NOTE: https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
CVE-2018-19997
	RESERVED
CVE-2018-19996
	RESERVED
CVE-2018-19995 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 al ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4b8be6ed64763327018ac1c076f81ddffa87855e
	NOTE: https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
CVE-2018-19994 (An error-based SQL injection vulnerability in product/card.php in Doli ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/850b939ffd2c7a4443649331b923d5e0da2d6446
CVE-2018-19993 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378
CVE-2018-19992 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 al ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/0f06e39d23636bd1e4039ac61a743c79725c798b
CVE-2018-19991 (VeryNginx 0.3.3 allows remote attackers to bypass the Web Application  ...)
	NOT-FOR-US: VeryNginx
CVE-2018-19990 (In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vuln ...)
	NOT-FOR-US: D-Link
CVE-2018-19989 (In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerab ...)
	NOT-FOR-US: D-Link
CVE-2018-19988 (In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable ...)
	NOT-FOR-US: D-Link
CVE-2018-19987 (D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2 ...)
	NOT-FOR-US: D-Link
CVE-2018-19986 (In the /HNAP1/SetRouterSettings message, the RemotePort parameter is v ...)
	NOT-FOR-US: D-Link
CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in the Linux ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.13-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/5146f95df782b0ac61abde36567e718692725c89
CVE-2018-19984
	RESERVED
CVE-2018-19983 (An issue was discovered on Sigma Design Z-Wave S0 through S2 devices.  ...)
	NOT-FOR-US: Sigma Design Z-Wave devices
CVE-2018-19982 (An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs be ...)
	NOT-FOR-US: KT MC01507L Z-Wave S0 devices
CVE-2018-19981 (Amazon AWS SDK &lt;=2.8.5 for Android uses Android SharedPreferences t ...)
	NOT-FOR-US: Amazon AWS SDK
CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cau ...)
	NOT-FOR-US: Anker Nebula Capsule Pro devices
CVE-2018-19979
	RESERVED
CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE configuration in ...)
	NOT-FOR-US: Auerswald COMfort
CVE-2018-19977 (A command injection (missing input validation, escaping) in the ftp up ...)
	NOT-FOR-US: Auerswald COMfort
CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule is expose ...)
	- yara 3.8.1-2 (bug #916932)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/999
	NOTE: https://bnbdr.github.io/posts/extracheese/
	NOTE: https://github.com/bnbdr/swisscheese/
	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
CVE-2018-19975 (In YARA 3.8.1, bytecode in a specially crafted compiled rule can read  ...)
	- yara 3.8.1-2 (bug #916932)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/999
	NOTE: https://bnbdr.github.io/posts/extracheese/
	NOTE: https://github.com/bnbdr/swisscheese/
	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
CVE-2018-19974 (In YARA 3.8.1, bytecode in a specially crafted compiled rule can read  ...)
	- yara 3.8.1-2 (bug #916932)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/999
	NOTE: https://bnbdr.github.io/posts/extracheese/
	NOTE: https://github.com/bnbdr/swisscheese/
	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
CVE-2018-19973
	RESERVED
CVE-2018-19972
	RESERVED
CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
	NOT-FOR-US: JFrog Artifactory Pro
CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...)
	{DLA-1658-1}
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin <ignored> (Minor issue and too intrusive to backport)
	[jessie] - phpmyadmin <ignored> (invasive with 49 patches to backport, only mitigate with _REQUEST->_POST instead of adding CSRF tokens)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-7/
	NOTE: Upstream explicitly fixed only the 4.7/4.8 branch but the problem exists in
	NOTE: earlier versions as well. At least parts of the listed commits are needed.
CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...)
	{DLA-1658-1}
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19959
	RESERVED
CVE-2018-19958
	RESERVED
CVE-2018-19957
	RESERVED
CVE-2018-19956
	RESERVED
CVE-2018-19955
	RESERVED
CVE-2018-19954
	RESERVED
CVE-2018-19953
	RESERVED
CVE-2018-19952
	RESERVED
CVE-2018-19951
	RESERVED
CVE-2018-19950
	RESERVED
CVE-2018-19949
	RESERVED
CVE-2018-19948
	RESERVED
CVE-2018-19947
	RESERVED
CVE-2018-19946
	RESERVED
CVE-2018-19945
	RESERVED
CVE-2018-19944
	RESERVED
CVE-2018-19943
	RESERVED
CVE-2018-19942
	RESERVED
CVE-2018-19941
	RESERVED
CVE-2018-19940
	RESERVED
CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...)
	NOT-FOR-US: Goodix GT9xx touchscreen driver
CVE-2018-19938
	RESERVED
CVE-2018-19937 (A local, authenticated attacker can bypass the passcode in the VideoLA ...)
	NOT-FOR-US: VLC port/application for iOS
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site script ...)
	NOT-FOR-US: SolarWinds
CVE-2018-19933 (Bolt CMS &lt;3.6.2 allows XSS via text input click preview button as d ...)
	NOT-FOR-US: Bolt CMS
CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualization I ...)
	NOT-FOR-US: Cisco
CVE-2019-1983
	RESERVED
CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...)
	NOT-FOR-US: Cisco
CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower  ...)
	NOT-FOR-US: Cisco
CVE-2019-1980 (A vulnerability in the protocol detection component of Cisco Firepower ...)
	NOT-FOR-US: Cisco
CVE-2019-1979
	RESERVED
CVE-2019-1978 (A vulnerability in the stream reassembly component of Cisco Firepower  ...)
	NOT-FOR-US: Cisco
CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...)
	NOT-FOR-US: Cisco
CVE-2019-1976 (A vulnerability in the &amp;ldquo;plug-and-play&amp;rdquo; services co ...)
	NOT-FOR-US: Cisco
CVE-2019-1975 (A vulnerability in the web-based interface of Cisco HyperFlex Software ...)
	NOT-FOR-US: Cisco
CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
	NOT-FOR-US: Cisco
CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVI ...)
	NOT-FOR-US: Cisco
CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...)
	NOT-FOR-US: Cisco
CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
	NOT-FOR-US: Cisco
CVE-2019-1969 (A vulnerability in the implementation of the Simple Network Management ...)
	NOT-FOR-US: Cisco
CVE-2019-1968 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2019-1967 (A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX ...)
	NOT-FOR-US: Cisco
CVE-2019-1966 (A vulnerability in a specific CLI command within the local management  ...)
	NOT-FOR-US: Cisco
CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management for Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software ...)
	NOT-FOR-US: Cisco
CVE-2019-1963 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2019-1962 (A vulnerability in the Cisco Fabric Services component of Cisco NX-OS  ...)
	NOT-FOR-US: Cisco
CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
	NOT-FOR-US: Cisco
CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
	NOT-FOR-US: Cisco
CVE-2019-1959 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
	NOT-FOR-US: Cisco
CVE-2019-1958 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
	NOT-FOR-US: Cisco
CVE-2019-1957 (A vulnerability in the web interface of Cisco IoT Field Network Direct ...)
	NOT-FOR-US: Cisco
CVE-2019-1956 (A vulnerability in the web-based interface of the Cisco SPA112 2-Port  ...)
	NOT-FOR-US: Cisco
CVE-2019-1955 (A vulnerability in the Sender Policy Framework (SPF) functionality of  ...)
	NOT-FOR-US: Cisco
CVE-2019-1954 (A vulnerability in the web-based management interface of Cisco Webex M ...)
	NOT-FOR-US: Cisco
CVE-2019-1953 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...)
	NOT-FOR-US: Cisco
CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...)
	NOT-FOR-US: Cisco
CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
	NOT-FOR-US: Cisco
CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...)
	NOT-FOR-US: Cisco
CVE-2019-1947
	RESERVED
CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
	NOT-FOR-US: Cisco
CVE-2019-1945 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
	NOT-FOR-US: Cisco
CVE-2019-1944 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
	NOT-FOR-US: Cisco
CVE-2019-1943 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...)
	NOT-FOR-US: Cisco
CVE-2019-1942 (A vulnerability in the sponsor portal web interface for Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2019-1941 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) feature of ...)
	NOT-FOR-US: Cisco
CVE-2019-1939 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...)
	NOT-FOR-US: Cisco
CVE-2019-1938 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2019-1937 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1936 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1935 (A vulnerability in Cisco Integrated Management Controller (IMC) Superv ...)
	NOT-FOR-US: Cisco
CVE-2019-1934 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
	NOT-FOR-US: Cisco
CVE-2019-1933 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
	NOT-FOR-US: Cisco
CVE-2019-1932 (A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoin ...)
	NOT-FOR-US: Cisco
CVE-2019-1931 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...)
	NOT-FOR-US: Cisco
CVE-2019-1930 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...)
	NOT-FOR-US: Cisco
CVE-2019-1929 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-1928 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-1927 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-1926 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-1925 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-1924 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
	NOT-FOR-US: Cisco
CVE-2019-1923 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could  ...)
	NOT-FOR-US: Cisco
CVE-2019-1922 (A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 ...)
	NOT-FOR-US: Cisco
CVE-2019-1921 (A vulnerability in the attachment scanning of Cisco AsyncOS Software f ...)
	NOT-FOR-US: Cisco
CVE-2019-1920 (A vulnerability in the 802.11r Fast Transition (FT) implementation for ...)
	NOT-FOR-US: Cisco
CVE-2019-1919 (A vulnerability in the Cisco FindIT Network Management Software virtua ...)
	NOT-FOR-US: Cisco
CVE-2019-1918 (A vulnerability in the implementation of Intermediate System&amp;ndash ...)
	NOT-FOR-US: Cisco
CVE-2019-1917 (A vulnerability in the REST API interface of Cisco Vision Dynamic Sign ...)
	NOT-FOR-US: Cisco
CVE-2019-1916
	RESERVED
CVE-2019-1915 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2019-1914 (A vulnerability in the web management interface of Cisco Small Busines ...)
	NOT-FOR-US: Cisco
CVE-2019-1913 (Multiple vulnerabilities in the web management interface of Cisco Smal ...)
	NOT-FOR-US: Cisco
CVE-2019-1912 (A vulnerability in the web management interface of Cisco Small Busines ...)
	NOT-FOR-US: Cisco
CVE-2019-1911 (A vulnerability in the CLI of Cisco Unified Communications Domain Mana ...)
	NOT-FOR-US: Cisco
CVE-2019-1910 (A vulnerability in the implementation of the Intermediate System&amp;n ...)
	NOT-FOR-US: Cisco
CVE-2019-1909 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
	NOT-FOR-US: Cisco
CVE-2019-1908 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...)
	NOT-FOR-US: Cisco
CVE-2019-1907 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
	NOT-FOR-US: Cisco
CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime Infrastruc ...)
	NOT-FOR-US: Cisco
CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco AsyncOS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1904 (A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software  ...)
	NOT-FOR-US: Cisco
CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
	NOT-FOR-US: Cisco
CVE-2019-1902
	RESERVED
CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem  ...)
	NOT-FOR-US: Cisco
CVE-2019-1900 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
	NOT-FOR-US: Cisco
CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...)
	NOT-FOR-US: Cisco
CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco RV110W, ...)
	NOT-FOR-US: Cisco
CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco RV110W, ...)
	NOT-FOR-US: Cisco
CVE-2019-1896 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1895 (A vulnerability in the Virtual Network Computing (VNC) console impleme ...)
	NOT-FOR-US: Cisco
CVE-2019-1894 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
	NOT-FOR-US: Cisco
CVE-2019-1893 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
	NOT-FOR-US: Cisco
CVE-2019-1892 (A vulnerability in the Secure Sockets Layer (SSL) input packet process ...)
	NOT-FOR-US: Cisco
CVE-2019-1891 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...)
	NOT-FOR-US: Cisco
CVE-2019-1890 (A vulnerability in the fabric infrastructure VLAN connection establish ...)
	NOT-FOR-US: Cisco
CVE-2019-1889 (A vulnerability in the REST API for software device management in Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-1888
	RESERVED
CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol impl ...)
	NOT-FOR-US: Cisco
CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security  ...)
	NOT-FOR-US: Cisco
CVE-2019-1885 (A vulnerability in the Redfish protocol of Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2019-1884 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
	NOT-FOR-US: Cisco
CVE-2019-1883 (A vulnerability in the command-line interface of Cisco Integrated Mana ...)
	NOT-FOR-US: Cisco
CVE-2019-1882 (A vulnerability in Cisco Industrial Network Director could allow an au ...)
	NOT-FOR-US: Cisco
CVE-2019-1881 (A vulnerability in the web-based management interface of Cisco Industr ...)
	NOT-FOR-US: Cisco
CVE-2019-1880 (A vulnerability in the BIOS upgrade utility of Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management Controller ( ...)
	NOT-FOR-US: Cisco
CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP) implementation f ...)
	NOT-FOR-US: Cisco
CVE-2019-1877 (A vulnerability in the HTTP API of Cisco Enterprise Chat and Email cou ...)
	NOT-FOR-US: Cisco
CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area Applicat ...)
	NOT-FOR-US: Cisco
CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Prime S ...)
	NOT-FOR-US: Cisco
CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco Prime S ...)
	NOT-FOR-US: Cisco
CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Securit ...)
	NOT-FOR-US: Cisco
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...)
	NOT-FOR-US: Cisco
CVE-2019-1871 (A vulnerability in the Import Cisco IMC configuration utility of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
	NOT-FOR-US: Cisco
CVE-2019-1869 (A vulnerability in the internal packet-processing functionality of the ...)
	NOT-FOR-US: Cisco
CVE-2019-1868 (A vulnerability in the web-based management interface of Cisco Webex M ...)
	NOT-FOR-US: Cisco
CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Controller ( ...)
	NOT-FOR-US: Cisco
CVE-2019-1866 (Cisco Webex Business Suite before 39.1.0 contains a vulnerability that ...)
	NOT-FOR-US: Cisco
CVE-2019-1865 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1864 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1863 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2019-1861 (A vulnerability in the software update feature of Cisco Industrial Net ...)
	NOT-FOR-US: Cisco
CVE-2019-1860 (A vulnerability in the dashboard gadget rendering of Cisco Unified Int ...)
	NOT-FOR-US: Cisco
CVE-2019-1859 (A vulnerability in the Secure Shell (SSH) authentication process of Ci ...)
	NOT-FOR-US: Cisco
CVE-2019-1858 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2019-1857 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
	NOT-FOR-US: Cisco
CVE-2019-1856 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2019-1855 (A vulnerability in the loading mechanism of specific dynamic link libr ...)
	NOT-FOR-US: Cisco
CVE-2019-1854 (A vulnerability in the management web interface of Cisco Expressway Se ...)
	NOT-FOR-US: Cisco
CVE-2019-1853 (A vulnerability in the HostScan component of Cisco AnyConnect Secure M ...)
	NOT-FOR-US: Cisco
CVE-2019-1852 (A vulnerability in the web-based management interface of Cisco Prime N ...)
	NOT-FOR-US: Cisco
CVE-2019-1851 (A vulnerability in the External RESTful Services (ERS) API of the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-1850 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label ...)
	NOT-FOR-US: Cisco
CVE-2019-1848 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2019-1847
	RESERVED
CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS) Operations ...)
	NOT-FOR-US: Cisco
CVE-2019-1845 (A vulnerability in the authentication service of the Cisco Unified Com ...)
	NOT-FOR-US: Cisco
CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-1843 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2019-1842 (A vulnerability in the Secure Shell (SSH) authentication function of C ...)
	NOT-FOR-US: Cisco
CVE-2019-1841 (A vulnerability in the Software Image Management feature of Cisco DNA  ...)
	NOT-FOR-US: Cisco
CVE-2019-1840 (A vulnerability in the DHCPv6 input packet processor of Cisco Prime Ne ...)
	NOT-FOR-US: Cisco
CVE-2019-1839 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2019-1838 (A vulnerability in the web-based management interface of Cisco Applica ...)
	NOT-FOR-US: Cisco
CVE-2019-1837 (A vulnerability in the User Data Services (UDS) API of Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2019-1836 (A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric ...)
	NOT-FOR-US: Cisco
CVE-2019-1835 (A vulnerability in the CLI of Cisco Aironet Access Points (APs) could  ...)
	NOT-FOR-US: Cisco
CVE-2019-1834 (A vulnerability in the internal packet processing of Cisco Aironet Ser ...)
	NOT-FOR-US: Cisco
CVE-2019-1833 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
	NOT-FOR-US: Cisco
CVE-2019-1832 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...)
	NOT-FOR-US: Cisco
CVE-2019-1831 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
	NOT-FOR-US: Cisco
CVE-2019-1830 (A vulnerability in Locally Significant Certificate (LSC) management fo ...)
	NOT-FOR-US: Cisco
CVE-2019-1829 (A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) ...)
	NOT-FOR-US: Cisco
CVE-2019-1828 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2019-1827 (A vulnerability in the Online Help web service of Cisco Small Business ...)
	NOT-FOR-US: Cisco
CVE-2019-1826 (A vulnerability in the quality of service (QoS) feature of Cisco Airon ...)
	NOT-FOR-US: Cisco
CVE-2019-1825 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1824 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1823 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1822 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1821 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1820 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1819 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1818 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1817 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
	NOT-FOR-US: Cisco
CVE-2019-1816 (A vulnerability in the log subscription subsystem of the Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2019-1815
	RESERVED
CVE-2019-1814 (A vulnerability in the interactions between the DHCP and TFTP features ...)
	NOT-FOR-US: Cisco
CVE-2019-1813 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1812 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1811 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1810 (A vulnerability in the Image Signature Verification feature used in an ...)
	NOT-FOR-US: Cisco
CVE-2019-1809 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1808 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1807 (A vulnerability in the session management functionality of the web UI  ...)
	NOT-FOR-US: Cisco
CVE-2019-1806 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2019-1805 (A vulnerability in certain access control mechanisms for the Secure Sh ...)
	NOT-FOR-US: Cisco
CVE-2019-1804 (A vulnerability in the SSH key management for the Cisco Nexus 9000 Ser ...)
	NOT-FOR-US: Cisco
CVE-2019-1803 (A vulnerability in the filesystem management for the Cisco Nexus 9000  ...)
	NOT-FOR-US: Cisco
CVE-2019-1802 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-1801
	RESERVED
CVE-2019-1800 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP)  ...)
	NOT-FOR-US: Cisco
CVE-2019-1799 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP)  ...)
	NOT-FOR-US: Cisco
CVE-2019-1798 (A vulnerability in the Portable Executable (PE) file scanning function ...)
	- libclamunrar 0.101.2-1
	[stretch] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
	[jessie] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
	- clamav 0.101.2+dfsg-1
	[stretch] - clamav <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
	[jessie] - clamav <not-affected> (Vulnerable code introduced later)
	NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1797 (A vulnerability in the web-based management interface of Cisco Wireles ...)
	NOT-FOR-US: Cisco
CVE-2019-1796 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP)  ...)
	NOT-FOR-US: Cisco
CVE-2019-1795 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1794 (A vulnerability in the search path processing of Cisco Directory Conne ...)
	NOT-FOR-US: Cisco
CVE-2019-1793
	RESERVED
CVE-2019-1792 (A vulnerability in the URL block page of Cisco Umbrella could allow an ...)
	NOT-FOR-US: Cisco
CVE-2019-1791 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1790 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1789 (ClamAV versions prior to 0.101.2 are susceptible to a denial of servic ...)
	{DLA-1759-1}
	- clamav 0.101.2+dfsg-1
	[stretch] - clamav 0.100.3+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1788 (A vulnerability in the Object Linking &amp; Embedding (OLE2) file scan ...)
	{DLA-1759-1}
	- clamav 0.101.2+dfsg-1
	[stretch] - clamav 0.100.3+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1787 (A vulnerability in the Portable Document Format (PDF) scanning functio ...)
	{DLA-1759-1}
	- clamav 0.101.2+dfsg-1
	[stretch] - clamav 0.100.3+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1786 (A vulnerability in the Portable Document Format (PDF) scanning functio ...)
	- clamav 0.101.2+dfsg-1
	[stretch] - clamav <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
	[jessie] - clamav <not-affected> (Vulnerable code introduced later)
	NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1785 (A vulnerability in the RAR file scanning functionality of Clam AntiVir ...)
	- libclamunrar 0.101.2-1
	[stretch] - libclamunrar <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
	[jessie] - libclamunrar <not-affected> (Vulnerable code introduced later)
	- clamav 0.101.2+dfsg-1
	[stretch] - clamav <not-affected> (Vulnerable code only present in 0.101.1 and 0.101.0)
	[jessie] - clamav <not-affected> (Vulnerable code introduced later)
	NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1784 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1783 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1782 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1781 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1780 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1779 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1778 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1777 (A vulnerability in the web-based interface of the Cisco Registered Env ...)
	NOT-FOR-US: Cisco
CVE-2019-1776 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1775 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1774 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1773 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1772 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1771 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1770 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1769 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1768 (A vulnerability in the implementation of a specific CLI command for Ci ...)
	NOT-FOR-US: Cisco
CVE-2019-1767 (A vulnerability in the implementation of a specific CLI command for Ci ...)
	NOT-FOR-US: Cisco
CVE-2019-1766 (A vulnerability in the web-based management interface of Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2019-1765 (A vulnerability in the web-based management interface of Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2019-1764 (A vulnerability in the web-based management interface of Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2019-1763 (A vulnerability in the web-based management interface of Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2019-1762 (A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE  ...)
	NOT-FOR-US: Cisco
CVE-2019-1761 (A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of ...)
	NOT-FOR-US: Cisco
CVE-2019-1760 (A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2019-1759 (A vulnerability in access control list (ACL) functionality of the Giga ...)
	NOT-FOR-US: Cisco
CVE-2019-1758 (A vulnerability in 802.1x function of Cisco IOS Software on the Cataly ...)
	NOT-FOR-US: Cisco
CVE-2019-1757 (A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and  ...)
	NOT-FOR-US: Cisco
CVE-2019-1756 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2019-1755 (A vulnerability in the Web Services Management Agent (WSMA) function o ...)
	NOT-FOR-US: Cisco
CVE-2019-1754 (A vulnerability in the authorization subsystem of Cisco IOS XE Softwar ...)
	NOT-FOR-US: Cisco
CVE-2019-1753 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2019-1752 (A vulnerability in the ISDN functions of Cisco IOS Software and Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2019-1751 (A vulnerability in the Network Address Translation 64 (NAT64) function ...)
	NOT-FOR-US: Cisco
CVE-2019-1750 (A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2019-1749 (A vulnerability in the ingress traffic validation of Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1748 (A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-1747 (A vulnerability in the implementation of the Short Message Service (SM ...)
	NOT-FOR-US: Cisco
CVE-2019-1746 (A vulnerability in the Cluster Management Protocol (CMP) processing co ...)
	NOT-FOR-US: Cisco
CVE-2019-1745 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2019-1744
	RESERVED
CVE-2019-1743 (A vulnerability in the web UI framework of Cisco IOS XE Software could ...)
	NOT-FOR-US: Cisco
CVE-2019-1742 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2019-1741 (A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature ...)
	NOT-FOR-US: Cisco
CVE-2019-1740 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
	NOT-FOR-US: Cisco
CVE-2019-1739 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
	NOT-FOR-US: Cisco
CVE-2019-1738 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...)
	NOT-FOR-US: Cisco
CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (SLA)  ...)
	NOT-FOR-US: Cisco
CVE-2019-1736
	RESERVED
CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...)
	NOT-FOR-US: Cisco
CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...)
	NOT-FOR-US: Cisco
CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-1731 (A vulnerability in the SSH CLI key management functionality of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1730 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...)
	NOT-FOR-US: Cisco
CVE-2019-1729 (A vulnerability in the CLI implementation of a specific command used f ...)
	NOT-FOR-US: Cisco
CVE-2019-1728 (A vulnerability in the Secure Configuration Validation functionality o ...)
	NOT-FOR-US: Cisco
CVE-2019-1727 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...)
	NOT-FOR-US: Cisco
CVE-2019-1726 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1725 (A vulnerability in the local management CLI implementation for specifi ...)
	NOT-FOR-US: Cisco
CVE-2019-1724 (A vulnerability in the session management functionality of the web-bas ...)
	NOT-FOR-US: Cisco
CVE-2019-1723 (A vulnerability in the Cisco Common Services Platform Collector (CSPC) ...)
	NOT-FOR-US: Cisco
CVE-2019-1722 (A vulnerability in the FindMe feature of Cisco Expressway Series and C ...)
	NOT-FOR-US: Cisco
CVE-2019-1721 (A vulnerability in the phone book feature of Cisco Expressway Series a ...)
	NOT-FOR-US: Cisco
CVE-2019-1720 (A vulnerability in the XML API of Cisco Expressway Series and Cisco Te ...)
	NOT-FOR-US: Cisco
CVE-2019-1719 (A vulnerability in the web-based guest portal of Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2019-1718 (A vulnerability in the web interface of Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco
CVE-2019-1717 (A vulnerability in the web-based management interface of Cisco Video S ...)
	NOT-FOR-US: Cisco
CVE-2019-1716 (A vulnerability in the web-based management interface of Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2019-1715 (A vulnerability in the Deterministic Random Bit Generator (DRBG), also ...)
	NOT-FOR-US: Cisco
CVE-2019-1714 (A vulnerability in the implementation of Security Assertion Markup Lan ...)
	NOT-FOR-US: Cisco
CVE-2019-1713 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
	NOT-FOR-US: Cisco
CVE-2019-1712 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
	NOT-FOR-US: Cisco
CVE-2019-1711 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2019-1710 (A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 ...)
	NOT-FOR-US: Cisco
CVE-2019-1709 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
	NOT-FOR-US: Cisco
CVE-2019-1708 (A vulnerability in the Internet Key Exchange Version 2 Mobility and Mu ...)
	NOT-FOR-US: Cisco
CVE-2019-1707 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
	NOT-FOR-US: Cisco
CVE-2019-1706 (A vulnerability in the software cryptography module of the Cisco Adapt ...)
	NOT-FOR-US: Cisco
CVE-2019-1705 (A vulnerability in the remote access VPN session manager of Cisco Adap ...)
	NOT-FOR-US: Cisco
CVE-2019-1704 (Multiple vulnerabilities in the Server Message Block (SMB) Protocol pr ...)
	NOT-FOR-US: Cisco
CVE-2019-1703 (A vulnerability in the internal packet-processing functionality of Cis ...)
	NOT-FOR-US: Cisco
CVE-2019-1702 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2019-1701 (Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Secur ...)
	NOT-FOR-US: Cisco
CVE-2019-1700 (A vulnerability in field-programmable gate array (FPGA) ingress buffer ...)
	NOT-FOR-US: Cisco
CVE-2019-1699 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
	NOT-FOR-US: Cisco
CVE-2019-1698 (A vulnerability in the web-based user interface of Cisco Internet of T ...)
	NOT-FOR-US: Cisco
CVE-2019-1697 (A vulnerability in the implementation of the Lightweight Directory Acc ...)
	NOT-FOR-US: Cisco
CVE-2019-1696 (Multiple vulnerabilities in the Server Message Block (SMB) Protocol pr ...)
	NOT-FOR-US: Cisco
CVE-2019-1695 (A vulnerability in the detection engine of Cisco Adaptive Security App ...)
	NOT-FOR-US: Cisco
CVE-2019-1694 (A vulnerability in the TCP processing engine of Cisco Adaptive Securit ...)
	NOT-FOR-US: Cisco
CVE-2019-1693 (A vulnerability in the WebVPN service of Cisco Adaptive Security Appli ...)
	NOT-FOR-US: Cisco
CVE-2019-1692 (A vulnerability in the web-based management interface of Cisco Applica ...)
	NOT-FOR-US: Cisco
CVE-2019-1691 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...)
	NOT-FOR-US: Cisco
CVE-2019-1690 (A vulnerability in the management interface of Cisco Application Polic ...)
	NOT-FOR-US: Cisco
CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco Webex Teams ...)
	NOT-FOR-US: Cisco
CVE-2019-1688 (A vulnerability in the management web interface of Cisco Network Assur ...)
	NOT-FOR-US: Cisco
CVE-2019-1687 (A vulnerability in the TCP proxy functionality for Cisco Adaptive Secu ...)
	NOT-FOR-US: Cisco
CVE-2019-1686 (A vulnerability in the TCP flags inspection feature for access control ...)
	NOT-FOR-US: Cisco
CVE-2019-1685 (A vulnerability in the Security Assertion Markup Language (SAML) singl ...)
	NOT-FOR-US: Cisco
CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer Discover ...)
	NOT-FOR-US: Cisco
CVE-2019-1683 (A vulnerability in the certificate handling component of the Cisco SPA ...)
	NOT-FOR-US: Cisco
CVE-2019-1682 (A vulnerability in the FUSE filesystem functionality for Cisco Applica ...)
	NOT-FOR-US: Cisco
CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network Convergence Syste ...)
	NOT-FOR-US: Cisco
CVE-2019-1680 (A vulnerability in Cisco Webex Business Suite could allow an unauthent ...)
	NOT-FOR-US: Cisco
CVE-2019-1679 (A vulnerability in the web interface of Cisco TelePresence Conductor,  ...)
	NOT-FOR-US: Cisco
CVE-2019-1678 (A vulnerability in Cisco Meeting Server could allow an authenticated,  ...)
	NOT-FOR-US: Cisco
CVE-2019-1677 (A vulnerability in Cisco Webex Meetings for Android could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2019-1676 (A vulnerability in the Session Initiation Protocol (SIP) call processi ...)
	NOT-FOR-US: Cisco
CVE-2019-1675 (A vulnerability in the default configuration of the Cisco Aironet Acti ...)
	NOT-FOR-US: Cisco
CVE-2019-1674 (A vulnerability in the update service of Cisco Webex Meetings Desktop  ...)
	NOT-FOR-US: Cisco
CVE-2019-1673 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2019-1672 (A vulnerability in the Decryption Policy Default Action functionality  ...)
	NOT-FOR-US: Cisco
CVE-2019-1671 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-1670 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2019-1669 (A vulnerability in the data acquisition (DAQ) component of Cisco Firep ...)
	NOT-FOR-US: Cisco
CVE-2019-1668 (A vulnerability in the chat feed feature of Cisco SocialMiner could al ...)
	NOT-FOR-US: Cisco
CVE-2019-1667 (A vulnerability in the Graphite interface of Cisco HyperFlex software  ...)
	NOT-FOR-US: Cisco
CVE-2019-1666 (A vulnerability in the Graphite service of Cisco HyperFlex software co ...)
	NOT-FOR-US: Cisco
CVE-2019-1665 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
	NOT-FOR-US: Cisco
CVE-2019-1664 (A vulnerability in the hxterm service of Cisco HyperFlex Software coul ...)
	NOT-FOR-US: Cisco
CVE-2019-1663 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2019-1662 (A vulnerability in the Quality of Voice Reporting (QOVR) service of Ci ...)
	NOT-FOR-US: Cisco
CVE-2019-1661 (A vulnerability in the web-based management interface of Cisco TelePre ...)
	NOT-FOR-US: Cisco
CVE-2019-1660 (A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco T ...)
	NOT-FOR-US: Cisco
CVE-2019-1659 (A vulnerability in the Identity Services Engine (ISE) integration feat ...)
	NOT-FOR-US: Cisco
CVE-2019-1658 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2019-1657 (A vulnerability in Cisco AMP Threat Grid could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2019-1656 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1655 (A vulnerability in the web-based management interface of Cisco Webex M ...)
	NOT-FOR-US: Cisco
CVE-2019-1654 (A vulnerability in the development shell (devshell) authentication for ...)
	NOT-FOR-US: Cisco
CVE-2019-1653 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2019-1652 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2019-1651 (A vulnerability in the vContainer of the Cisco SD-WAN Solution could a ...)
	NOT-FOR-US: Cisco
CVE-2019-1650 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
	NOT-FOR-US: Cisco
CVE-2019-1649 (A vulnerability in the logic that handles access control to one of the ...)
	NOT-FOR-US: Cisco
CVE-2019-1648 (A vulnerability in the user group configuration of the Cisco SD-WAN So ...)
	NOT-FOR-US: Cisco
CVE-2019-1647 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
	NOT-FOR-US: Cisco
CVE-2019-1646 (A vulnerability in the local CLI of the Cisco SD-WAN Solution could al ...)
	NOT-FOR-US: Cisco
CVE-2019-1645 (A vulnerability in the Cisco Connected Mobile Experiences (CMX) softwa ...)
	NOT-FOR-US: Cisco
CVE-2019-1644 (A vulnerability in the UDP protocol implementation for Cisco IoT Field ...)
	NOT-FOR-US: Cisco
CVE-2019-1643 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2019-1642 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2019-1641 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1640 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1639 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1638 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1637 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2019-1636 (A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, ...)
	NOT-FOR-US: Cisco
CVE-2019-1635 (A vulnerability in the call-handling functionality of Session Initiati ...)
	NOT-FOR-US: Cisco
CVE-2019-1634 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...)
	NOT-FOR-US: Cisco
CVE-2019-1633
	RESERVED
CVE-2019-1632 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1631 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2019-1630 (A vulnerability in the firmware signature checking program of Cisco In ...)
	NOT-FOR-US: Cisco
CVE-2019-1629 (A vulnerability in the configuration import utility of Cisco Integrate ...)
	NOT-FOR-US: Cisco
CVE-2019-1628 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
	NOT-FOR-US: Cisco
CVE-2019-1627 (A vulnerability in the Server Utilities of Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2019-1626 (A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-W ...)
	NOT-FOR-US: Cisco
CVE-2019-1625 (A vulnerability in the CLI of Cisco SD-WAN Solution could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2019-1624 (A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-W ...)
	NOT-FOR-US: Cisco
CVE-2019-1623 (A vulnerability in the CLI configuration shell of Cisco Meeting Server ...)
	NOT-FOR-US: Cisco
CVE-2019-1622 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2019-1621 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2019-1620 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2019-1619 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2019-1618 (A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000  ...)
	NOT-FOR-US: Cisco
CVE-2019-1617 (A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtu ...)
	NOT-FOR-US: Cisco
CVE-2019-1616 (A vulnerability in the Cisco Fabric Services component of Cisco NX-OS  ...)
	NOT-FOR-US: Cisco
CVE-2019-1615 (A vulnerability in the Image Signature Verification feature of Cisco N ...)
	NOT-FOR-US: Cisco
CVE-2019-1614 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2019-1613 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1612 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1611 (A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Soft ...)
	NOT-FOR-US: Cisco
CVE-2019-1610 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1609 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1608 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1607 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1606 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1605 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2019-1604 (A vulnerability in the user account management interface of Cisco NX-O ...)
	NOT-FOR-US: Cisco
CVE-2019-1603 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2019-1602 (A vulnerability in the filesystem permissions of Cisco NX-OS Software  ...)
	NOT-FOR-US: Cisco
CVE-2019-1601 (A vulnerability in the filesystem permissions of Cisco NX-OS Software  ...)
	NOT-FOR-US: Cisco
CVE-2019-1600 (A vulnerability in the file system permissions of Cisco FXOS Software  ...)
	NOT-FOR-US: Cisco
CVE-2019-1599 (A vulnerability in the network stack of Cisco NX-OS Software could all ...)
	NOT-FOR-US: Cisco
CVE-2019-1598 (Multiple vulnerabilities in the implementation of the Lightweight Dire ...)
	NOT-FOR-US: Cisco
CVE-2019-1597 (Multiple vulnerabilities in the implementation of the Lightweight Dire ...)
	NOT-FOR-US: Cisco
CVE-2019-1596 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...)
	NOT-FOR-US: Cisco
CVE-2019-1595 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol imp ...)
	NOT-FOR-US: Cisco
CVE-2019-1594 (A vulnerability in the 802.1X implementation for Cisco NX-OS Software  ...)
	NOT-FOR-US: Cisco
CVE-2019-1593 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...)
	NOT-FOR-US: Cisco
CVE-2019-1592 (A vulnerability in the background operations functionality of Cisco Ne ...)
	NOT-FOR-US: Cisco
CVE-2019-1591 (A vulnerability in a specific CLI command implementation of Cisco Nexu ...)
	NOT-FOR-US: Cisco
CVE-2019-1590 (A vulnerability in the Transport Layer Security (TLS) certificate vali ...)
	NOT-FOR-US: Cisco
CVE-2019-1589 (A vulnerability in the Trusted Platform Module (TPM) functionality of  ...)
	NOT-FOR-US: Cisco
CVE-2019-1588 (A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running ...)
	NOT-FOR-US: Cisco
CVE-2019-1587 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
	NOT-FOR-US: Cisco
CVE-2019-1586 (A vulnerability in Cisco Application Policy Infrastructure Controller  ...)
	NOT-FOR-US: Cisco
CVE-2019-1585 (A vulnerability in the controller authorization functionality of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-19960 (The debug_mode function in web/web.py in OnionShare through 1.3.1, whe ...)
	- onionshare 1.3.2-1 (bug #915859; unimportant)
	[jessie] - onionshare <no-dsa> (contrib not supported)
	NOTE: https://github.com/micahflee/onionshare/issues/837
	NOTE: Negligible (and disputable) security impact, as the debug mode is not enabled by default
CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote atta ...)
	{DSA-4353-1 DLA-1608-1}
	- php7.3 7.3.0-1
	- php7.2 <removed>
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.39, 7.0.33, 7.1.26, 7.2.14, 7.3.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77020
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=648fc1e369fc05fb9200a42c7938912236b2a318
CVE-2018-19932 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23932
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7
	NOTE: binutils not covered by security support
CVE-2018-19931 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23942
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07
	NOTE: binutils not covered by security support
CVE-2018-19930
	RESERVED
CVE-2018-19929
	RESERVED
CVE-2018-19928
	RESERVED
CVE-2018-19927 (Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the  ...)
	NOT-FOR-US: Zenitel Norway IP-StationWeb
CVE-2018-19926 (Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via t ...)
	NOT-FOR-US: Zenitel Norway IP-StationWeb
CVE-2018-19925 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19924 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19923 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19922 (Persistent Cross-Site Scripting (XSS) in the advancedsetup_websitebloc ...)
	NOT-FOR-US: Actiontec C1000A router
CVE-2018-19921 (Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain c ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-19920
	RESERVED
CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[tit ...)
	NOT-FOR-US: Pixelimity
CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the administrator/#/c ...)
	NOT-FOR-US: CuppaCMS
CVE-2019-1584 (A security vulnerability exists in Zingbox Inspector version 1.293 and ...)
	NOT-FOR-US: Zingbox Inspector
CVE-2019-1583 (Escalation of privilege vulnerability in the Palo Alto Networks Twistl ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2019-1582 (Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and ea ...)
	NOT-FOR-US: PAN-OS
CVE-2019-1581 (A remote code execution vulnerability in the PAN-OS SSH device managem ...)
	NOT-FOR-US: PAN-OS
CVE-2019-1580 (Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earl ...)
	NOT-FOR-US: PAN-OS
CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 a ...)
	NOT-FOR-US: PAN-OS
CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks MineMeld vers ...)
	NOT-FOR-US: Palo Alto Networks MineMeld
CVE-2019-1577 (Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and ear ...)
	NOT-FOR-US: Palo Alto Networks Traps
CVE-2019-1576 (Command injection in PAN-0S 9.0.2 and earlier may allow an authenticat ...)
	NOT-FOR-US: PAN-0S
CVE-2019-1575 (Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and ...)
	NOT-FOR-US: PAN-0S
CVE-2019-1574 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedit ...)
	NOT-FOR-US: Palo Alto Networks Expedition Migration tool
CVE-2019-1573 (GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 a ...)
	NOT-FOR-US: GlobalProtect
CVE-2019-1572 (PAN-OS 9.0.0 may allow an unauthenticated remote user to access php fi ...)
	NOT-FOR-US: PAN-OS
CVE-2019-1571 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
	NOT-FOR-US: Expedition Migration tool
CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
	NOT-FOR-US: Expedition Migration tool
CVE-2019-1569 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...)
	NOT-FOR-US: Expedition Migration tool
CVE-2019-1568 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto ...)
	NOT-FOR-US: Palo Alto Networks Demisto
CVE-2019-1567 (The Expedition Migration tool 1.1.6 and earlier may allow an authentic ...)
	NOT-FOR-US: Expedition Migration tool
CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN- ...)
	NOT-FOR-US: PAN-OS
CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-O ...)
	NOT-FOR-US: PAN-OS
CVE-2018-19917 (Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilit ...)
	NOT-FOR-US: Microweber
CVE-2018-19916
	RESERVED
CVE-2018-19915 (DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Hos ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19914 (DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile N ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19913 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar-account ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19912
	RESERVED
CVE-2018-19911 (FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote a ...)
	- freeswitch <itp> (bug #389591)
CVE-2018-19910
	RESERVED
CVE-2018-19909
	RESERVED
CVE-2018-19908 (An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Eve ...)
	NOT-FOR-US: MISP
CVE-2018-1000859
	REJECTED
CVE-2018-1000853
	REJECTED
CVE-2018-19907 (A Server-Side Template Injection issue was discovered in Crafter CMS 3 ...)
	NOT-FOR-US: Crafter CMS
CVE-2018-19906 (Stored XSS exists in razorCMS 3.4.8 via the /#/page description parame ...)
	NOT-FOR-US: razorCMS
CVE-2018-19905 (HTML injection exists in razorCMS 3.4.8 via the /#/page keywords param ...)
	NOT-FOR-US: razorCMS
CVE-2018-19904 (Persistent XSS exists in XSLT CMS via the create/?action=items.edit&am ...)
	NOT-FOR-US: XSLT CMS
CVE-2018-19903 (Persistent XSS exists in XSLT CMS via the create/?action=items.edit&am ...)
	NOT-FOR-US: XSLT CMS
CVE-2018-19902 (No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "k ...)
	NOT-FOR-US: NO-CMS
CVE-2018-19901 (No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/in ...)
	NOT-FOR-US: NO-CMS
CVE-2018-19900
	RESERVED
CVE-2018-19899
	RESERVED
CVE-2018-19898 (ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleC ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19897 (ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in Ad ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19896 (ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideCo ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19895 (ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavC ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19894 (ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via the index ...)
	NOT-FOR-US: PbootCMS
CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php Disp ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19891 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/24
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19890 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/20
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19889 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/22
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19888 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/25
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19887 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/21
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19886 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/23
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19885
	RESERVED
CVE-2018-19884
	RESERVED
CVE-2018-19883
	RESERVED
CVE-2018-19882 (In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c a ...)
	- mupdf <unfixed> (unimportant)
	NOTE: Negligable security impact, crash in CLI tool
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to caus ...)
	- mupdf <unfixed> (unimportant)
	NOTE: Negligable security impact, crash in CLI tool
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19880
	RESERVED
CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
	NOT-FOR-US: Teltonika devices
CVE-2018-19878 (An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The ap ...)
	NOT-FOR-US: Teltonika devices
CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Bu ...)
	NOT-FOR-US: Adiscon LogAnalyzer
CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would ...)
	- cairo 1.16.0-4 (bug #915801; bug #916389)
	[stretch] - cairo <not-affected> (Vulnerable code introduced later)
	[jessie] - cairo <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=191595
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
	NOTE: Code introduced in
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/616fb7a9f2612f6cc3472542a70ba3e8ccf16584 and
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/0fd0fd0ae9ad8cfb177bb844091de98c0235917e,
	NOTE: and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially
	NOTE: fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
CVE-2018-1002104 (Versions &lt; 1.5 of the Kubernetes ingress default backend, which han ...)
	NOT-FOR-US: Kubernetes NGINX Ingress Controller
CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...)
	NOT-FOR-US: minikube
CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...)
	- kubernetes 1.17.4-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/85867
CVE-2018-19875
	RESERVED
CVE-2018-19874
	RESERVED
CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer  ...)
	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
	[stretch] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/238749/
	NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...)
	- qtbase-opensource-src 5.11.2+dfsg-3 (low)
	[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
	[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
	- qt4-x11 4:4.8.7+dfsg-18
	[stretch] - qt4-x11 <no-dsa> (Minor issue)
	[jessie] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://bugreports.qt.io/browse/QTBUG-69449
	NOTE: qt4-x11: POC doesn't crash on neither jessie nor stretch, it's possibly incomplete; patch applies though.
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...)
	{DLA-1786-1}
	- qtimageformats-opensource-src 5.11.3-2 (low)
	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
	[stretch] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/237761/
	NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
	NOTE: https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65
CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...)
	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
	[stretch] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/235998/
	NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
	NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
	NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...)
	{DLA-1786-1}
	[experimental] - qtsvg-opensource-src 5.11.3-1
	- qtsvg-opensource-src 5.11.3-2 (low)
	[stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
	[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
	- qt4-x11 4:4.8.7+dfsg-18 (low)
	[stretch] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/234142/
	NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335
CVE-2018-19868
	RESERVED
CVE-2018-19867
	RESERVED
CVE-2018-19866
	RESERVED
CVE-2018-19865 (A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7 ...)
	[experimental] - qtvirtualkeyboard-opensource-src 5.11.3+dfsg-1
	- qtvirtualkeyboard-opensource-src 5.11.3+dfsg-2
	NOTE: http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows rem ...)
	NOT-FOR-US: NUUO NVRmini2 Network Video Recorder firmware
CVE-2018-19863 (An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on ...)
	NOT-FOR-US: 1Password
CVE-2018-19862 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11,  ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a relative p ...)
	NOT-FOR-US: OpenRefine
CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...)
	NOT-FOR-US: PrinceXML
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3. ...)
	{DSA-4366-1}
	- vlc 3.0.4-4 (bug #915760)
	[jessie] - vlc <end-of-life> (See https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://dyntopia.com/advisories/013-vlc
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0
CVE-2018-19856 (GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before  ...)
	- gitlab 11.5.4+dfsg-1
	NOTE: https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/54857
CVE-2018-19855 (UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to t ...)
	NOT-FOR-US: UiPath Orchestrator
CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. crypto_repo ...)
	- linux 4.18.20-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/f43f39958beb206b53292801e216d9b8a660f087
CVE-2018-19853 (An issue was discovered in hitshop through 2014-07-15. There is an ele ...)
	NOT-FOR-US: hitshop
CVE-2018-19852
	RESERVED
CVE-2018-19851
	RESERVED
CVE-2018-19850
	RESERVED
CVE-2018-19849 (An issue was discovered in YzmCMS 5.2. XSS exists via the admin/conten ...)
	NOT-FOR-US: YzmCMS
CVE-2018-19848
	RESERVED
CVE-2018-19847
	RESERVED
CVE-2018-19846
	RESERVED
CVE-2018-19845 (There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "po ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-19844 (FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, whi ...)
	NOT-FOR-US: FROG CMS
CVE-2018-19843 (opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attack ...)
	- radare2 3.1.0+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (Vulnerable code not present in libr/asm/p/asm_x86_nz.c)
	NOTE: https://github.com/radare/radare2/commit/f17bfd9f1da05f30f23a4dd05e9d2363e1406948
	NOTE: https://github.com/radare/radare2/issues/12242
CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows att ...)
	- radare2 3.1.0+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (Vulnerable code not present in libr/asm/p/asm_x86_nz.c)
	NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432
	NOTE: https://github.com/radare/radare2/issues/12239
CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a  ...)
	- wavpack 5.1.0-5 (bug #915565)
	[stretch] - wavpack <no-dsa> (Minor issue)
	[jessie] - wavpack <no-dsa> (Minor issue)
	NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b
	NOTE: https://github.com/dbry/WavPack/issues/54
CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPac ...)
	- wavpack 5.1.0-5 (bug #915564)
	[stretch] - wavpack <no-dsa> (Minor issue)
	[jessie] - wavpack <no-dsa> (Minor issue)
	NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51
	NOTE: https://github.com/dbry/WavPack/issues/53
CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in sass_context.c ...)
	- libsass 3.5.5-4
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2657
	NOTE: https://github.com/sass/libsass/pull/2767
CVE-2018-19838 (In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2660
CVE-2018-19837 (In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...)
	- libsass 3.5.4+20180621~c0a6cf3-1
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f
	NOTE: https://github.com/sass/libsass/issues/2659
CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitr ...)
	NOT-FOR-US: Metinfo
CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_col ...)
	NOT-FOR-US: Metinfo
CVE-2018-19834 (The quaker function of a smart contract implementation for BOMBBA (BOM ...)
	NOT-FOR-US: BOMBBA (BOMB) (tradable Ethereum ERC20 token)
CVE-2018-19833 (The owned function of a smart contract implementation for DDQ, an trad ...)
	NOT-FOR-US: DDQ (tradable Ethereum ERC20 token)
CVE-2018-19832 (The NETM() function of a smart contract implementation for NewIntelTec ...)
	NOT-FOR-US: NewIntelTechMedia (NETM)
CVE-2018-19831 (The ToOwner() function of a smart contract implementation for Cryptbon ...)
	NOT-FOR-US: Cryptbond Network (CBN)
CVE-2018-19830 (The UBSexToken() function of a smart contract implementation for Busin ...)
	NOT-FOR-US: Business Alliance Financial Circle (BAFC)
CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios ...)
	NOT-FOR-US: Artica Integria IMS
CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
	NOT-FOR-US: Artica Integria IMS
CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedP ...)
	- libsass 3.5.5-3
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2782
CVE-2018-19826 (** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprin ...)
	NOTE: https://github.com/sass/libsass/issues/2781
	NOTE: Per libsass upstream this is not a security issues, but works as designed
CVE-2018-19825
	RESERVED
CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a use-a ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.161-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1118152
CVE-2018-19823
	RESERVED
CVE-2018-19822 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19821 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19820 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19819 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19818 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19817 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19816 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19815 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19814 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19813 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19812 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19811 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19810 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, in ...)
	- kubernetes 1.17.4-1 (bug #915828)
	NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
	NOTE: https://github.com/kubernetes/kubernetes/issues/71411
CVE-2018-19808
	RESERVED
CVE-2018-19807
	RESERVED
CVE-2018-19806
	RESERVED
CVE-2018-19805
	RESERVED
CVE-2018-19804
	RESERVED
CVE-2018-19803
	RESERVED
CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. ...)
	- aubio 0.4.9-1 (bug #930186)
	[buster] - aubio <ignored> (Minor issue)
	[stretch] - aubio <ignored> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_fil ...)
	- aubio 0.4.9-1 (bug #930186)
	[buster] - aubio <ignored> (Minor issue)
	[stretch] - aubio <ignored> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. ...)
	- aubio 0.4.9-1 (bug #930186)
	[buster] - aubio <no-dsa> (Minor issue)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= X ...)
	- dolibarr <removed>
CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uplo ...)
	NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM)
CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...)
	- libsass <unfixed>
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2779
CVE-2018-19796 (An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPre ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19795 (ChipsBank UMPTool saves the password to the NAND with a simple substit ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19794 (Cross-site scripting (XSS) vulnerability in UiV2Public.index in Intern ...)
	NOT-FOR-US: ChipsBank UMPTool
CVE-2018-19793 (jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Internet2 Grouper
CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local us ...)
	NOT-FOR-US: OpenLiteSpeed
CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correc ...)
	NOT-FOR-US: OpenLiteSpeed
CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x  ...)
	{DSA-4441-1 DLA-1707-1}
	- symfony 3.4.20+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2 ...)
	{DSA-4441-1 DLA-1707-1}
	- symfony 3.4.20+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user wi ...)
	{DSA-4350-1 DLA-1644-1}
	- policykit-1 0.105-23 (bug #915332)
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/issues/74
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/14
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126
CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...)
	{DLA-1604-1}
	- lxml 4.2.5-1
	[stretch] - lxml <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5)
CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2018-19785 (PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL fie ...)
	NOT-FOR-US: PHP-Proxy
CVE-2018-19784 (The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.p ...)
	NOT-FOR-US: PHP-Proxy
CVE-2018-19783 (Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authenticati ...)
	NOT-FOR-US: Kentix MultiSensor-LAN
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...)
	NOT-FOR-US: FreshRSS
CVE-2018-19781
	RESERVED
CVE-2018-19780
	RESERVED
CVE-2018-19779
	RESERVED
CVE-2018-19778
	RESERVED
CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg ...)
	- mupdf 1.15.0+ds1-1 (unimportant; bug #915137)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301
	NOTE: No security impact, hang in GUI/CLI tool
CVE-2018-19776
	RESERVED
CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19774 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19773 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19772 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19771 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19770 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19769 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19768 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19767 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19766 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19765 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19764
	REJECTED
CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: write_pn ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
	NOTE: https://github.com/saitoha/libsixel/issues/82
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: image_ ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
	NOTE: https://github.com/saitoha/libsixel/issues/81
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: sixel_dec ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/78
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
	- confuse <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649152
	NOTE: https://github.com/martinh/libconfuse/issues/120
	NOTE: https://github.com/martinh/libconfuse/commit/5f0e9ea4213d4047649c462e4f1b59a082af58e2
	NOTE: Issue caused by premature exit without cleanup on an error in the caller
	NOTE: not in the library; Negligible security impact in itself and disputed.
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/77
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
	NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
	{DLA-1632-1}
	- libsndfile 1.0.28-5 (bug #917416)
	[stretch] - libsndfile <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
	NOTE: https://github.com/erikd/libsndfile/issues/435
	NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
	NOTE: when fixing this issue, the fix needs to be made complete to not open CVE-2019-3832
CVE-2018-19757 (There is a NULL pointer dereference at function sixel_helper_set_addit ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/79
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: stbi_ ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
	NOTE: https://github.com/saitoha/libsixel/issues/80
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
	NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
	- nasm <unfixed> (unimportant; bug #915087)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
	NOTE: https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
	NOTE: Crash in CLI tool, no security impact
CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access Control. ...)
	NOT-FOR-US: Tarantella Enterprise
CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal. ...)
	NOT-FOR-US: Tarantella Enterprise
CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php not ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php not ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19750 (DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes f ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19749 (DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19748 (app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows ...)
	NOT-FOR-US: SDCMS
CVE-2018-19747
	REJECTED
CVE-2018-19746
	REJECTED
CVE-2018-19745
	REJECTED
CVE-2018-19744
	REJECTED
CVE-2018-19743
	REJECTED
CVE-2018-19742
	REJECTED
CVE-2018-19741
	REJECTED
CVE-2018-19740
	REJECTED
CVE-2018-19739
	REJECTED
CVE-2018-19738
	REJECTED
CVE-2018-19737
	REJECTED
CVE-2018-19736
	REJECTED
CVE-2018-19735
	REJECTED
CVE-2018-19734
	REJECTED
CVE-2018-19733
	REJECTED
CVE-2018-19732
	REJECTED
CVE-2018-19731
	REJECTED
CVE-2018-19730
	REJECTED
CVE-2018-19729
	REJECTED
CVE-2018-19728 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19727 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-19726 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-19725 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19724 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
	NOT-FOR-US: Adobe
CVE-2018-19723 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19722 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19721 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19720 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19719 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19718 (Adobe Connect versions 9.8.1 and earlier have a session token exposure ...)
	NOT-FOR-US: Adobe
CVE-2018-19717 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19716 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19715 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19714 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19713 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19712 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19711 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19710 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19709 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19708 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19707 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19706 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19705 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19704 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19703 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19702 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19701 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19700 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19699 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19698 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-1000819
	REJECTED
CVE-2018-1000818
	REJECTED
CVE-2018-19697
	RESERVED
CVE-2018-19696
	RESERVED
CVE-2018-19695
	RESERVED
CVE-2018-19694 (HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous hav ...)
	NOT-FOR-US: HMS Industrial Networks Netbiter WS100
CVE-2018-19693 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...)
	NOT-FOR-US: tp5cms
CVE-2018-19692 (An issue was discovered in tp5cms through 2017-05-25. admin.php/upload ...)
	NOT-FOR-US: tp5cms
CVE-2018-19691
	RESERVED
CVE-2018-19690
	RESERVED
CVE-2018-19689
	RESERVED
CVE-2018-19688
	RESERVED
CVE-2018-19687
	RESERVED
CVE-2018-19686
	RESERVED
CVE-2018-19685
	RESERVED
CVE-2018-19684
	RESERVED
CVE-2018-19683
	RESERVED
CVE-2018-19682
	RESERVED
CVE-2018-19681
	RESERVED
CVE-2018-19680
	RESERVED
CVE-2018-19679
	RESERVED
CVE-2018-19678
	RESERVED
CVE-2018-19677
	RESERVED
CVE-2018-19676
	RESERVED
CVE-2018-19675
	RESERVED
CVE-2018-19674
	RESERVED
CVE-2018-19673
	RESERVED
CVE-2018-19672
	RESERVED
CVE-2018-19671
	RESERVED
CVE-2018-19670
	RESERVED
CVE-2018-19669
	RESERVED
CVE-2018-19668
	REJECTED
CVE-2018-19667
	RESERVED
CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users to gain ...)
	- ossec-hids <itp> (bug #361954)
CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for length  ...)
	- qemu 1:3.1+dfsg-2 (low; bug #916278)
	[stretch] - qemu <ignored> (Minor issue)
	[jessie] - qemu <ignored> (Minor issue, bluetooth subsystem unmaintained/unusable and now deprecated, no sanctioned patch)
	- qemu-kvm <removed>
	NOTE: initial patch disputed
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
	NOTE: second patch never accepted, no activity as of 20190909
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
	NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
	NOTE: 3.1 marked bluetooth subsystem deprecated
	NOTE: https://github.com/qemu/qemu/commit/c0188e69d
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...)
	- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
	NOTE: Introduced in: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/aa7459050d7a50e1d8a99488902d41fbc118a50f
	NOTE: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f8cca819a4fb42aafa5f70df43c45e8c416d716f
CVE-2018-19663
	RESERVED
CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (low)
	[stretch] - libsndfile <ignored> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/429
	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
	NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (low)
	[stretch] - libsndfile <ignored> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/429
	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
	NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19660 (An exploitable authenticated command-injection vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2018-19659 (An exploitable authenticated command-injection vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2018-19658 (The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This ...)
	NOT-FOR-US: YXBJ
CVE-2018-19657
	RESERVED
CVE-2018-19656
	RESERVED
CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dcraw th ...)
	- ufraw 0.22-3.1 (unimportant; bug #890086)
	- dcraw 9.28-2 (unimportant; bug #906529)
	NOTE: No security impact, crash in CLI tool
CVE-2018-19654 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19653 (HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent  ...)
	- consul 1.4.4~dfsg1-1
	[buster] - consul <no-dsa> (Minor issue)
	NOTE: https://github.com/hashicorp/consul/pull/5069
CVE-2018-19652
	RESERVED
CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through 6.1.6  ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on vulnerabl ...)
	NOT-FOR-US: Antiy-AVL ATool security management
CVE-2019-1564
	RESERVED
CVE-2019-1563 (In situations where an attacker receives automated notification of the ...)
	{DSA-4540-1 DSA-4539-1 DLA-1932-1}
	- openssl 1.1.1d-1
	- openssl1.0 <removed>
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 (OpenSSL_1_1_1d)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 (OpenSSL_1_1_0l)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (OpenSSL_1_0_2t)
	NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1562
	RESERVED
CVE-2019-1561
	RESERVED
CVE-2019-1560
	RESERVED
CVE-2019-1559 (If an application encounters a fatal protocol error and then calls SSL ...)
	{DSA-4400-1 DLA-1701-1}
	- openssl1.0 <unfixed>
	- openssl 1.1.0b-2
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=48c8bcf5bca0ce7751f49599381e143de1b61786
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=5741d5bb74797e4532acc9f42e54c44a2726c179 (only hardening)
	NOTE: 1.1.0 is not impacted by CVE-2019-1559. The CVE is a result of applications
	NOTE: calling SSL_shutdown after a fatal alert has occurred. 1.1.0 is not vulnerable
	NOTE: to this issue, marking first 1.1 upload of src:openssl as fixed
	NOTE: https://www.openssl.org/news/secadv/20190226.txt
CVE-2019-1558
	RESERVED
CVE-2019-1557
	RESERVED
CVE-2019-1556
	RESERVED
CVE-2019-1555
	RESERVED
CVE-2019-1554
	RESERVED
CVE-2019-1553
	RESERVED
CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can find a ...)
	- openssl <not-affected> (Windows-specific)
	- openssl1.0 <not-affected> (Windows-specific)
	NOTE: https://www.openssl.org/news/secadv/20190730.txt
CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
	{DSA-4594-1}
	- openssl 1.1.1e-1 (low; bug #947949)
	[buster] - openssl <postponed> (Wait until next upstream security release)
	[stretch] - openssl <postponed> (Wait until next upstream security release)
	[jessie] - openssl <not-affected> (Affected modules are not present in Jessie)
	- openssl1.0 <removed> (low)
	NOTE: https://www.openssl.org/news/secadv/20191206.txt
	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98
CVE-2019-1550
	RESERVED
CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ...)
	- openssl 1.1.1d-1
	[buster] - openssl 1.1.1d-0+deb10u1
	[stretch] - openssl <not-affected> (Only affects OpenSSL 1.1.1 to 1.1.1c)
	[jessie] - openssl <not-affected> (Only affects OpenSSL 1.1.1 to 1.1.1c)
	- openssl1.0 <not-affected> (Only affects OpenSSL 1.1.1 to 1.1.1c)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
	NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1548
	RESERVED
CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...)
	{DSA-4540-1 DSA-4539-1 DLA-1932-1}
	- openssl 1.1.1d-1
	- openssl1.0 <removed>
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 (OpenSSL_1_0_2t)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a (OpenSSL_1_1_0l)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 (OpenSSL_1_1_1d)
	NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1546
	RESERVED
CVE-2019-1545
	RESERVED
CVE-2019-1544
	RESERVED
CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input ...)
	{DSA-4475-1}
	- openssl 1.1.1c-1 (low)
	[jessie] - openssl <not-affected> (Vulnerability does not impact 1.0.1 series)
	- openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
	NOTE: https://www.openssl.org/news/secadv/20190306.txt
	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=f426625b6ae9a7831010750490a5f0ad689c5ba3 (OpenSSL_1_1_1c)
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ee22257b1418438ebaf54df98af4e24f494d1809 (OpenSSL_1_1_0k)
CVE-2019-1542
	RESERVED
CVE-2019-1541
	RESERVED
CVE-2019-1540
	RESERVED
CVE-2019-1539
	RESERVED
CVE-2019-1538
	RESERVED
CVE-2019-1537
	RESERVED
CVE-2019-1536
	RESERVED
CVE-2019-1535
	RESERVED
CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPor ...)
	NOT-FOR-US: InfoVista VistaPortal
CVE-2018-19648 (An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETC ...)
	NOT-FOR-US: ADTRAN
CVE-2018-19647
	RESERVED
CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10 ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-19645 (An Authentication Bypass issue exists in Solutions Business Manager (S ...)
	NOT-FOR-US: Solutions Business Manager (SBM)
CVE-2018-19644 (Reflected cross site script issue in Micro Focus Solutions Business Ma ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19643 (Information leakage issue in Micro Focus Solutions Business Manager (S ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19642 (Denial of service issue in Micro Focus Solutions Business Manager (SBM ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19641 (Unauthenticated remote code execution issue in Micro Focus Solutions B ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19640 (If the attacker manages to create files in the directory used to colle ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19639 (If supportutils before version 3.1-5.7.1 is run with -v to perform rpm ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19638 (In supportutils, before version 3.1-5.7.1 and if pacemaker is installe ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19637 (Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19636 (Supportutils, before version 3.1-5.7.1, when run with command line arg ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19635 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can a ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2018-19634 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can a ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2018-19633
	RESERVED
CVE-2018-19632
	RESERVED
CVE-2018-19631
	RESERVED
CVE-2018-19630 (cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE throu ...)
	NOT-FOR-US: uhttpd (in OpenWRT and LEDE)
CVE-2018-19629 (A Denial of Service vulnerability in the ImageNow Server service in Hy ...)
	NOT-FOR-US: Hyland Perceptive Content Server
CVE-2018-19628 (In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. Thi ...)
	{DSA-4359-1}
	- wireshark 2.6.5-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, zigbee color control support added in v2.1.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15281
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=212b18825d9b668cda23d334c48867dfa66b2b36
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-57.html
CVE-2018-19627 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file p ...)
	{DSA-4359-1}
	- wireshark 2.6.5-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, variable buffer to find_signature introduced in 2.4.0 with OCTO support)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bdc33cfaecb1b4cf2c114ed9015713ddf8569a60
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-55.html
CVE-2018-19626 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector co ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-52.html
CVE-2018-19625 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14466
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc4d209f39132a4ae05675a11609176ae9705cfc
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-51.html
CVE-2018-19624 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector co ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15280
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3e319db1107b08fc3be804b6d449143ec9aa0dec
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-56.html
CVE-2018-19623 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector  ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-53.html
CVE-2018-19622 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector co ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15250
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b7555d32d11862f0e500ec466ad6bfe54190076
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-54.html
CVE-2018-19621 (server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF th ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19620 (ShowDoc 2.4.1 allows remote attackers to edit other users' notes by na ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19619
	RESERVED
CVE-2018-19618
	RESERVED
CVE-2018-19617
	RESERVED
CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley PowerMoni ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A re ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19614 (XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre ...)
	NOT-FOR-US: Westermo routers
CVE-2018-19613 (Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. ...)
	NOT-FOR-US: Westermo routers
CVE-2018-19612 (The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260  ...)
	NOT-FOR-US: Westermo routers
CVE-2018-19611
	RESERVED
CVE-2018-19610
	RESERVED
CVE-2018-19609 (ShowDoc 2.4.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19608 (Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a l ...)
	- mbedtls 2.14.1-1 (bug #915796)
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[jessie] - polarssl <no-dsa> (Minor issue)
	NOTE: http://cat.eyalro.net/
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
CVE-2019-1534
	REJECTED
CVE-2019-1533
	REJECTED
CVE-2019-1532
	REJECTED
CVE-2019-1531
	REJECTED
CVE-2019-1530
	REJECTED
CVE-2019-1529
	REJECTED
CVE-2019-1528
	REJECTED
CVE-2019-1527
	REJECTED
CVE-2019-1526
	REJECTED
CVE-2019-1525
	REJECTED
CVE-2019-1524
	REJECTED
CVE-2019-1523
	REJECTED
CVE-2019-1522
	REJECTED
CVE-2019-1521
	REJECTED
CVE-2019-1520
	REJECTED
CVE-2019-1519
	REJECTED
CVE-2019-1518
	REJECTED
CVE-2019-1517
	REJECTED
CVE-2019-1516
	REJECTED
CVE-2019-1515
	REJECTED
CVE-2019-1514
	REJECTED
CVE-2019-1513
	REJECTED
CVE-2019-1512
	REJECTED
CVE-2019-1511
	REJECTED
CVE-2019-1510
	REJECTED
CVE-2019-1509
	REJECTED
CVE-2019-1508
	REJECTED
CVE-2019-1507
	REJECTED
CVE-2019-1506
	REJECTED
CVE-2019-1505
	REJECTED
CVE-2019-1504
	REJECTED
CVE-2019-1503
	REJECTED
CVE-2019-1502
	REJECTED
CVE-2019-1501
	REJECTED
CVE-2019-1500
	REJECTED
CVE-2019-1499
	REJECTED
CVE-2019-1498
	REJECTED
CVE-2019-1497
	REJECTED
CVE-2019-1496
	REJECTED
CVE-2019-1495
	REJECTED
CVE-2019-1494
	REJECTED
CVE-2019-1493
	REJECTED
CVE-2019-1492
	REJECTED
CVE-2019-1491
	RESERVED
CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business Server does  ...)
	NOT-FOR-US: Skype
CVE-2019-1489 (An information disclosure vulnerability exists when the Windows Remote ...)
	NOT-FOR-US: Microsoft
CVE-2019-1488 (A security feature bypass vulnerability exists when Microsoft Defender ...)
	NOT-FOR-US: Microsoft
CVE-2019-1487 (An information disclosure vulnerability in Android Apps using Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2019-1486 (A spoofing vulnerability exists in Visual Studio Live Share when a gue ...)
	NOT-FOR-US: Microsoft
CVE-2019-1485 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1484 (A remote code execution vulnerability exists when Microsoft Windows OL ...)
	NOT-FOR-US: Microsoft
CVE-2019-1483 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
	NOT-FOR-US: Microsoft
CVE-2019-1482
	REJECTED
CVE-2019-1481 (An information disclosure vulnerability exists in Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2019-1480 (An information disclosure vulnerability exists in Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2019-1479
	REJECTED
CVE-2019-1478 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1477 (An elevation of privilege vulnerability exists when the Windows Printe ...)
	NOT-FOR-US: Microsoft
CVE-2019-1476 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1475
	REJECTED
CVE-2019-1474 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1473
	REJECTED
CVE-2019-1472 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1471 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-1470 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2019-1469 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-1468 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1467 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1466 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1465 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1464 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2019-1463 (An information disclosure vulnerability exists in Microsoft Access sof ...)
	NOT-FOR-US: Microsoft
CVE-2019-1462 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2019-1461 (A denial of service vulnerability exists in Microsoft Word software wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-1460 (A spoofing vulnerability exists in the way Microsoft Outlook for Andro ...)
	NOT-FOR-US: Microsoft Outlook for Android software
CVE-2019-1459
	REJECTED
CVE-2019-1458 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft Office sof ...)
	NOT-FOR-US: Microsoft
CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft Windows when ...)
	NOT-FOR-US: Microsoft
CVE-2019-1455
	REJECTED
CVE-2019-1454 (An elevation of privilege vulnerability exists when the Windows User P ...)
	NOT-FOR-US: Microsoft
CVE-2019-1453 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
	NOT-FOR-US: Microsoft
CVE-2019-1452
	REJECTED
CVE-2019-1451
	REJECTED
CVE-2019-1450
	REJECTED
CVE-2019-1449 (A security feature bypass vulnerability exists in the way that Office  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1448 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1447 (A spoofing vulnerability exists when Office Online does not validate o ...)
	NOT-FOR-US: Microsoft
CVE-2019-1446 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2019-1445 (A spoofing vulnerability exists when Office Online does not validate o ...)
	NOT-FOR-US: Microsoft
CVE-2019-1444
	REJECTED
CVE-2019-1443 (An information disclosure vulnerability exists in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2019-1442 (A security feature bypass vulnerability exists when Microsoft Office d ...)
	NOT-FOR-US: Microsoft
CVE-2019-1441 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1440 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-1439 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1438 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1437 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1436 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-1435 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1434 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1433 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1432 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1431
	REJECTED
CVE-2019-1430 (A remote code execution vulnerability exists when Windows Media Founda ...)
	NOT-FOR-US: Microsoft
CVE-2019-1429 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1428 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1427 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1426 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1425 (An elevation of privilege vulnerability exists when Visual Studio fail ...)
	NOT-FOR-US: Microsoft
CVE-2019-1424 (A security feature bypass vulnerability exists when Windows Netlogon i ...)
	NOT-FOR-US: Microsoft
CVE-2019-1423 (An elevation of privilege vulnerability exists in the way that the Sta ...)
	NOT-FOR-US: Microsoft
CVE-2019-1422 (An elevation of privilege vulnerability exists in the way that the iph ...)
	NOT-FOR-US: Microsoft
CVE-2019-1421
	REJECTED
CVE-2019-1420 (An elevation of privilege vulnerability exists in the way that the dss ...)
	NOT-FOR-US: Microsoft
CVE-2019-1419 (A remote code execution vulnerability exists in Microsoft Windows when ...)
	NOT-FOR-US: Microsoft
CVE-2019-1418 (An information vulnerability exists when Windows Modules Installer Ser ...)
	NOT-FOR-US: Microsoft
CVE-2019-1417 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-1416 (An elevation of privilege vulnerability exists due to a race condition ...)
	NOT-FOR-US: Microsoft
CVE-2019-1415 (An elevation of privilege vulnerability exists in Windows Installer be ...)
	NOT-FOR-US: Microsoft
CVE-2019-1414 (An elevation of privilege vulnerability exists in Visual Studio Code w ...)
	NOT-FOR-US: Microsoft
CVE-2019-1413 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1412 (An information disclosure vulnerability exists in Windows Adobe Type M ...)
	NOT-FOR-US: Microsoft
CVE-2019-1411 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1410
	REJECTED
CVE-2019-1409 (An information disclosure vulnerability exists when the Windows Remote ...)
	NOT-FOR-US: Microsoft
CVE-2019-1408 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1407 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1406 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1405 (An elevation of privilege vulnerability exists when the Windows Univer ...)
	NOT-FOR-US: Microsoft
CVE-2019-1404
	REJECTED
CVE-2019-1403
	REJECTED
CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft Office sof ...)
	NOT-FOR-US: Microsoft
CVE-2019-1401
	REJECTED
CVE-2019-1400 (An information disclosure vulnerability exists in Microsoft Access sof ...)
	NOT-FOR-US: Microsoft
CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-1398 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-1397 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-1396 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1395 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1394 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1393 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1392 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1391 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1390 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1389 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows Certific ...)
	NOT-FOR-US: Microsoft
CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
	{DSA-4581-1 DLA-2059-1}
	- git 1:2.24.0-2
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1386
	REJECTED
CVE-2019-1385 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
	NOT-FOR-US: Microsoft
CVE-2019-1384 (A security feature bypass vulnerability exists where a NETLOGON messag ...)
	NOT-FOR-US: Microsoft
CVE-2019-1383 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-1382 (An elevation of privilege vulnerability exists when ActiveX Installer  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1381 (An information disclosure vulnerability exists when the Windows Servic ...)
	NOT-FOR-US: Microsoft
CVE-2019-1380 (A local elevation of privilege vulnerability exists in how splwow64.ex ...)
	NOT-FOR-US: Microsoft
CVE-2019-1379 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-1378 (An elevation of privilege vulnerability exists in Windows 10 Update As ...)
	NOT-FOR-US: Microsoft
CVE-2019-1377
	REJECTED
CVE-2019-1376 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2019-1375 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2019-1374 (An information disclosure vulnerability exists in the way Windows Erro ...)
	NOT-FOR-US: Microsoft
CVE-2019-1373 (A remote code execution vulnerability exists in Microsoft Exchange thr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1372 (An remote code execution vulnerability exists when Azure App Service/  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1371 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2019-1370 (An information disclosure vulnerability exists when affected Open Encl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1369 (An information disclosure vulnerability exists when affected Open Encl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1368 (A security feature bypass exists when Windows Secure Boot improperly r ...)
	NOT-FOR-US: Microsoft
CVE-2019-1367 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1366 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1365 (An elevation of privilege vulnerability exists when Microsoft IIS Serv ...)
	NOT-FOR-US: Microsoft
CVE-2019-1364 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1363 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1362 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1361 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2019-1360
	REJECTED
CVE-2019-1359 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1358 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1357 (A spoofing vulnerability exists when Microsoft Browsers improperly han ...)
	NOT-FOR-US: Microsoft
CVE-2019-1356 (An information disclosure vulnerability exists when Microsoft Edge bas ...)
	NOT-FOR-US: Microsoft
CVE-2019-1355
	REJECTED
CVE-2019-1354 (A remote code execution vulnerability exists when Git for Visual Studi ...)
	- git 1:2.24.0-2 (unimportant)
	[buster] - git 1:2.20.1-2+deb10u1
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e1d911dd4c7b76a5a8cec0f5c8de15981e34da83
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1353 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
	{DSA-4581-1 DLA-2059-1}
	- git 1:2.24.0-2
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9102f958ee5254b10c0be72672aa3305bf4f4704
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1352 (A remote code execution vulnerability exists when Git for Visual Studi ...)
	{DSA-4581-1 DLA-2059-1}
	- git 1:2.24.0-2
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=7c3745fc6185495d5765628b4dfe1bd2c25a2981
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
	NOTE: Additional hardening for .gitmodules (but not part of the CVE):
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=91bd46588e6959e6903e275f78b10bd07830d547
CVE-2019-1351 (A tampering vulnerability exists when Git for Visual Studio improperly ...)
	- git 1:2.24.0-2 (unimportant)
	[buster] - git 1:2.20.1-2+deb10u1
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=f82a97eb9197c1e3768e72648f37ce0ca3233734
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1350 (A remote code execution vulnerability exists when Git for Visual Studi ...)
	- git 1:2.24.0-2 (unimportant)
	[buster] - git 1:2.20.1-2+deb10u1
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=6d8684161ee9c03bed5cb69ae76dfdddb85a0003
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1349 (A remote code execution vulnerability exists when Git for Visual Studi ...)
	{DSA-4581-1 DLA-2059-1}
	- git 1:2.24.0-2
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=0060fd1511b94c918928fa3708f69a3f33895a4a
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1348 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
	{DSA-4581-1 DLA-2059-1}
	- git 1:2.24.0-2
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=68061e3470210703cb15594194718d35094afdc0
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-1347 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1346 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1345 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1344 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1343 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1342 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1341 (An elevation of privilege vulnerability exists when umpo.dll of the Po ...)
	NOT-FOR-US: Microsoft
CVE-2019-1340 (An elevation of privilege vulnerability exists in Windows AppX Deploym ...)
	NOT-FOR-US: Microsoft
CVE-2019-1339 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1338 (A security feature bypass vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-1337 (An information disclosure vulnerability exists when Windows Update Cli ...)
	NOT-FOR-US: Microsoft
CVE-2019-1336 (An elevation of privilege vulnerability exists in the Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1335 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1334 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1333 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2019-1332 (A cross-site scripting (XSS) vulnerability exists when Microsoft SQL S ...)
	NOT-FOR-US: Microsoft
CVE-2019-1331 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1330 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2019-1329 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1328 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1327 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1326 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
	NOT-FOR-US: Microsoft
CVE-2019-1325 (An elevation of privilege vulnerability exists in the Windows redirect ...)
	NOT-FOR-US: Microsoft
CVE-2019-1324 (An information disclosure vulnerability exists when the Windows TCP/IP ...)
	NOT-FOR-US: Microsoft
CVE-2019-1323 (An elevation of privilege vulnerability exists in the Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1322 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1321 (An elevation of privilege vulnerability exists when Windows CloudStore ...)
	NOT-FOR-US: Microsoft
CVE-2019-1320 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1319 (An elevation of privilege vulnerability exists in Windows Error Report ...)
	NOT-FOR-US: Microsoft
CVE-2019-1318 (A spoofing vulnerability exists when Transport Layer Security (TLS) ac ...)
	NOT-FOR-US: Microsoft
CVE-2019-1317 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1316 (An elevation of privilege vulnerability exists in Microsoft Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-1315 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1314 (A security feature bypass vulnerability exists in Windows 10 Mobile wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-1313 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2019-1312
	REJECTED
CVE-2019-1311 (A remote code execution vulnerability exists when the Windows Imaging  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1310 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-1309 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-1308 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1307 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1306 (A remote code execution vulnerability exists when Azure DevOps Server  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1305 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2019-1304
	REJECTED
CVE-2019-1303 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
	NOT-FOR-US: Microsoft
CVE-2019-1302 (An elevation of privilege vulnerability exists when a ASP.NET Core web ...)
	NOT-FOR-US: Microsoft
CVE-2019-1301 (A denial of service vulnerability exists when .NET Core improperly han ...)
	NOT-FOR-US: Microsoft
CVE-2019-1300 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1299 (An information disclosure vulnerability exists when Microsoft Edge bas ...)
	NOT-FOR-US: Microsoft
CVE-2019-1298 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1297 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1296 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2019-1295 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2019-1294 (A security feature bypass exists when Windows Secure Boot improperly r ...)
	NOT-FOR-US: Microsoft
CVE-2019-1293 (An information disclosure vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1292 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1291 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2019-1290 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2019-1289 (An elevation of privilege vulnerability exists when the Windows Update ...)
	NOT-FOR-US: Microsoft
CVE-2019-1288
	REJECTED
CVE-2019-1287 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1286 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1285 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1284 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1283 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2019-1282 (An information disclosure exists in the Windows Common Log File System ...)
	NOT-FOR-US: Microsoft
CVE-2019-1281
	REJECTED
CVE-2019-1280 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2019-1279
	REJECTED
CVE-2019-1278 (An elevation of privilege vulnerability exists in the way that the uni ...)
	NOT-FOR-US: Microsoft
CVE-2019-1277 (An elevation of privilege vulnerability exists in Windows Audio Servic ...)
	NOT-FOR-US: Microsoft
CVE-2019-1276
	REJECTED
CVE-2019-1275
	REJECTED
CVE-2019-1274 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1273 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...)
	NOT-FOR-US: Microsoft
CVE-2019-1272 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1271 (An elevation of privilege exists in hdAudio.sys which may lead to an o ...)
	NOT-FOR-US: Microsoft
CVE-2019-1270 (An elevation of privilege vulnerability exists in Windows store instal ...)
	NOT-FOR-US: Microsoft
CVE-2019-1269 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1268 (An elevation of privilege exists when Winlogon does not properly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1267 (An elevation of privilege vulnerability exists in Microsoft Compatibil ...)
	NOT-FOR-US: Microsoft
CVE-2019-1266 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1265 (A security feature bypass vulnerability exists when Microsoft Yammer A ...)
	NOT-FOR-US: Microsoft
CVE-2019-1264 (A security feature bypass vulnerability exists when Microsoft Office i ...)
	NOT-FOR-US: Microsoft
CVE-2019-1263 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2019-1262 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1261 (A spoofing vulnerability exists in Microsoft SharePoint when it improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1260 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2019-1259 (A spoofing vulnerability exists in Microsoft SharePoint when it improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1258 (An elevation of privilege vulnerability exists in Azure Active Directo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1257 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2019-1256 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1255 (A denial of service vulnerability exists when Microsoft Defender impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-1254 (An information disclosure vulnerability exists when Windows Hyper-V wr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1253 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
	NOT-FOR-US: Microsoft
CVE-2019-1252 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1251 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1250 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1249 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1248 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1247 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1246 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1245 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1244 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1243 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1242 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1241 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1240 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1239 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1238 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1237 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1236 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to validate cer ...)
	NOT-FOR-US: Microsoft
CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1232 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2019-1231 (An information disclosure vulnerability exists in the way Rome SDK han ...)
	NOT-FOR-US: Microsoft
CVE-2019-1230 (An information disclosure vulnerability exists when the Windows Hyper- ...)
	NOT-FOR-US: Microsoft
CVE-2019-1229 (An elevation of privilege vulnerability exists in Dynamics On-Premise  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1228 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1227 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1226 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-1225 (An information disclosure vulnerability exists when the Windows RDP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-1224 (An information disclosure vulnerability exists when the Windows RDP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-1223 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
	NOT-FOR-US: Microsoft
CVE-2019-1222 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-1221 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1220 (A security feature bypass vulnerability exists when Microsoft Browsers ...)
	NOT-FOR-US: Microsoft
CVE-2019-1219 (An information disclosure vulnerability exists when the Windows Transa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1218 (A spoofing vulnerability exists in the way Microsoft Outlook iOS softw ...)
	NOT-FOR-US: Microsoft
CVE-2019-1217 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1216 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1215 (An elevation of privilege vulnerability exists in the way that ws2ifsl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1214 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2019-1213 (A memory corruption vulnerability exists in the Windows Server DHCP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-1212 (A memory corruption vulnerability exists in the Windows Server DHCP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-1211 (An elevation of privilege vulnerability exists in Git for Visual Studi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1210
	REJECTED
CVE-2019-1209 (An information disclosure vulnerability exists in Lync 2013, aka 'Lync ...)
	NOT-FOR-US: Microsoft
CVE-2019-1208 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1207
	REJECTED
CVE-2019-1206 (A memory corruption vulnerability exists in the Windows Server DHCP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-1205 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2019-1204 (An elevation of privilege vulnerability exists when Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1203 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1202 (An information disclosure vulnerability exists in the way Microsoft Sh ...)
	NOT-FOR-US: Microsoft
CVE-2019-1201 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2019-1200 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2019-1199 (A remote code execution vulnerability exists in Microsoft Outlook when ...)
	NOT-FOR-US: Microsoft
CVE-2019-1198 (An elevation of privilege exists in SyncController.dll, aka 'Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-1197 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1196 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1195 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1194 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1193 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-1192 (A security feature bypass vulnerability exists when Microsoft browsers ...)
	NOT-FOR-US: Microsoft
CVE-2019-1191
	REJECTED
CVE-2019-1190 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1189
	REJECTED
CVE-2019-1188 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2019-1187 (A denial of service vulnerability exists when the XmlLite runtime (Xml ...)
	NOT-FOR-US: Microsoft
CVE-2019-1186 (An elevation of privilege vulnerability exists in the way that the wcm ...)
	NOT-FOR-US: Microsoft
CVE-2019-1185 (An elevation of privilege vulnerability exists due to a stack corrupti ...)
	NOT-FOR-US: Microsoft
CVE-2019-1184 (An elevation of privilege vulnerability exists when Windows Core Shell ...)
	NOT-FOR-US: Microsoft
CVE-2019-1183 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1182 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-1181 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-1180 (An elevation of privilege vulnerability exists in the way that the wcm ...)
	NOT-FOR-US: Microsoft
CVE-2019-1179 (An elevation of privilege vulnerability exists in the way that the uni ...)
	NOT-FOR-US: Microsoft
CVE-2019-1178 (An elevation of privilege vulnerability exists in the way that the ssd ...)
	NOT-FOR-US: Microsoft
CVE-2019-1177 (An elevation of privilege vulnerability exists in the way that the rpc ...)
	NOT-FOR-US: Microsoft
CVE-2019-1176 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1175 (An elevation of privilege vulnerability exists in the way that the psm ...)
	NOT-FOR-US: Microsoft
CVE-2019-1174 (An elevation of privilege vulnerability exists in the way that the Psm ...)
	NOT-FOR-US: Microsoft
CVE-2019-1173 (An elevation of privilege vulnerability exists in the way that the Psm ...)
	NOT-FOR-US: Microsoft
CVE-2019-1172 (An information disclosure vulnerability exists in Azure Active Directo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1171 (An information disclosure vulnerability exists in SymCrypt during the  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1170 (An elevation of privilege vulnerability exists when reparse points are ...)
	NOT-FOR-US: Microsoft
CVE-2019-1169 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1168 (An elevation of privilege exists in the p2pimsvc service where an atta ...)
	NOT-FOR-US: Microsoft
CVE-2019-1167 (A security feature bypass vulnerability exists in Windows Defender App ...)
	NOT-FOR-US: Microsoft
CVE-2019-1166 (A tampering vulnerability exists in Microsoft Windows when a man-in-th ...)
	NOT-FOR-US: Microsoft
CVE-2019-1165
	REJECTED
CVE-2019-1164 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1163 (A security feature bypass exists when Windows incorrectly validates CA ...)
	NOT-FOR-US: Microsoft
CVE-2019-1162 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1161 (An elevation of privilege vulnerability exists when the MpSigStub.exe  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1160
	REJECTED
CVE-2019-1159 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1158 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1157 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1156 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1155 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1154 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1153 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2019-1152 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1151 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1150 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1149 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1148 (An information disclosure vulnerability exists when the Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2019-1147 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1146 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-1145 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1144 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2019-1143 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1142 (An elevation of privilege vulnerability exists when the .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2019-1141 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1140 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1139 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1138 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1137 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...)
	NOT-FOR-US: Microsoft
CVE-2019-1136 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
	NOT-FOR-US: Microsoft
CVE-2019-1135
	REJECTED
CVE-2019-1134 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1133 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1132 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1131 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1129 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1128 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1127 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1126 (A security feature bypass vulnerability exists in Active Directory Fed ...)
	NOT-FOR-US: Microsoft
CVE-2019-1125 (An information disclosure vulnerability exists when certain central pr ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.7-1
	NOTE: https://access.redhat.com/articles/4329821
CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1123 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1122 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1121 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1120 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1119 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1118 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1117 (A remote code execution vulnerability exists in the way that DirectWri ...)
	NOT-FOR-US: Microsoft
CVE-2019-1116 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1115
	REJECTED
CVE-2019-1114
	REJECTED
CVE-2019-1113 (A remote code execution vulnerability exists in .NET software when the ...)
	NOT-FOR-US: Microsoft .NET
CVE-2019-1112 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2019-1111 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1110 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-1109 (A spoofing vulnerability exists when Microsoft Office Javascript does  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1108 (An information disclosure vulnerability exists when the Windows RDP cl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1107 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1106 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1105 (A spoofing vulnerability exists in the way Microsoft Outlook for Andro ...)
	NOT-FOR-US: Microsoft
CVE-2019-1104 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-1103 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1102 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1101 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1100 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1099 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1098 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1097 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1096 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-1095 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1094 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1093 (An information disclosure vulnerability exists when DirectWrite improp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1092 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1091 (An information disclosure vulnerability exists when Unistore.dll fails ...)
	NOT-FOR-US: Microsoft
CVE-2019-1090 (An elevation of privilege vulnerability exists in the way that the dns ...)
	NOT-FOR-US: Microsoft
CVE-2019-1089 (An elevation of privilege vulnerability exists in rpcss.dll when the R ...)
	NOT-FOR-US: Microsoft
CVE-2019-1088 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1087 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1086 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1085 (An elevation of privilege vulnerability exists in the way that the wla ...)
	NOT-FOR-US: Microsoft
CVE-2019-1084 (An information disclosure vulnerability exists when Exchange allows cr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1083 (A denial of service vulnerability exists when Microsoft Common Object  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1082 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-1081 (An information disclosure vulnerability exists when affected Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-1080 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1079 (An information disclosure vulnerability exists when Visual Studio impr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1078 (An information disclosure vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1077 (An elevation of privilege vulnerability exists when the Visual Studio  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1076 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2019-1075 (A spoofing vulnerability exists in ASP.NET Core that could lead to an  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1074 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-1073 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1072 (A remote code execution vulnerability exists when Azure DevOps Server  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1071 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1070 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1069 (An elevation of privilege vulnerability exists in the way the Task Sch ...)
	NOT-FOR-US: Microsoft
CVE-2019-1068 (A remote code execution vulnerability exists in Microsoft SQL Server w ...)
	NOT-FOR-US: Microsoft
CVE-2019-1067 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1066
	REJECTED
CVE-2019-1065 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1064 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
	NOT-FOR-US: Microsoft
CVE-2019-1063 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2019-1062 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1061
	REJECTED
CVE-2019-1060 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1059 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1058
	REJECTED
CVE-2019-1057 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1056 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1055 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1054 (A security feature bypass vulnerability exists in Edge that allows for ...)
	NOT-FOR-US: Microsoft
CVE-2019-1053 (An elevation of privilege vulnerability exists when the Windows Shell  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1052 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1051 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1050 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1049 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1048 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1047 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1046 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1045 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1044 (A security feature bypass vulnerability exists when Windows Secure Ker ...)
	NOT-FOR-US: Microsoft
CVE-2019-1043 (A remote code execution vulnerability exists in the way that comctl32. ...)
	NOT-FOR-US: Microsoft
CVE-2019-1042
	REJECTED
CVE-2019-1041 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1040 (A tampering vulnerability exists in Microsoft Windows when a man-in-th ...)
	NOT-FOR-US: Microsoft
CVE-2019-1039 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-1038 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-1037 (An elevation of privilege vulnerability exists in the way Windows Erro ...)
	NOT-FOR-US: Microsoft
CVE-2019-1036 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1035 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2019-1034 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2019-1033 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1032 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1031 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2019-1029 (A denial of service vulnerability exists in Skype for Business, aka 'S ...)
	NOT-FOR-US: Skype
CVE-2019-1028 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1027 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1026 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1025 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-1024 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1023 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2019-1022 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1021 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1020
	REJECTED
CVE-2019-1019 (A security feature bypass vulnerability exists where a NETLOGON messag ...)
	NOT-FOR-US: Microsoft
CVE-2019-1018 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-1017 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1016 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1015 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1014 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-1013 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1012 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1011 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1010 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1009 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-1008 (A security feature bypass vulnerability exists in Dynamics On Premise, ...)
	NOT-FOR-US: Microsoft Dynamics On-Premise
CVE-2019-1007 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...)
	NOT-FOR-US: Microsoft
CVE-2019-1006 (An authentication bypass vulnerability exists in Windows Communication ...)
	NOT-FOR-US: Microsoft
CVE-2019-1005 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1004 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-1003 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1002 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-1001 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-1000 (An elevation of privilege vulnerability exists in Microsoft Azure Acti ...)
	NOT-FOR-US: Microsoft
CVE-2019-0999 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0998 (An elevation of privilege vulnerability exists when the Storage Servic ...)
	NOT-FOR-US: Microsoft
CVE-2019-0997
	REJECTED
CVE-2019-0996 (A spoofing vulnerability exists in Azure DevOps Server when it imprope ...)
	NOT-FOR-US: Azure DevOps Server / Microsoft
CVE-2019-0995 (A security feature bypass vulnerability exists when urlmon.dll imprope ...)
	NOT-FOR-US: Microsoft
CVE-2019-0994
	REJECTED
CVE-2019-0993 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0992 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0991 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0990 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0989 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0988 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0987
	REJECTED
CVE-2019-0986 (An elevation of privilege vulnerability exists when the Windows User P ...)
	NOT-FOR-US: Microsoft
CVE-2019-0985 (A remote code execution vulnerability exists when the Microsoft Speech ...)
	NOT-FOR-US: Microsoft
CVE-2019-0984 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2019-0983 (An elevation of privilege vulnerability exists when the Storage Servic ...)
	NOT-FOR-US: Microsoft
CVE-2019-0982 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0981 (A denial of service vulnerability exists when .NET Framework or .NET C ...)
	NOT-FOR-US: Microsoft .NET Core
CVE-2019-0980 (A denial of service vulnerability exists when .NET Framework or .NET C ...)
	NOT-FOR-US: Microsoft .NET Core
CVE-2019-0979 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0978
	REJECTED
CVE-2019-0977 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0976 (A tampering vulnerability exists in the NuGet Package Manager for Linu ...)
	- nuget <not-affected> (Vulnerable code introduced in 5.0.0)
	NOTE: Fixed in NuGet.Client 5.0.2.
	NOTE: https://github.com/NuGet/Home/issues/7908
	NOTE: https://github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326 (5.0.2.5988)
CVE-2019-0975 (A security feature bypass vulnerability exists when Active Directory F ...)
	NOT-FOR-US: Microsoft
CVE-2019-0974 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0973 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2019-0972 (This security update corrects a denial of service in the Local Securit ...)
	NOT-FOR-US: Microsoft
CVE-2019-0971 (An information disclosure vulnerability exists when Azure DevOps Serve ...)
	NOT-FOR-US: Microsoft
CVE-2019-0970
	REJECTED
CVE-2019-0969
	REJECTED
CVE-2019-0968 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0967
	REJECTED
CVE-2019-0966 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0965 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-0964
	REJECTED
CVE-2019-0963 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0962 (An elevation of privilege vulnerability exists in Azure Automation "Ru ...)
	NOT-FOR-US: Microsoft
CVE-2019-0961 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0960 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-0959 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2019-0958 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0957 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0956 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0955
	REJECTED
CVE-2019-0954
	REJECTED
CVE-2019-0953 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2019-0952 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0951 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0950 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0949 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0948 (An information disclosure vulnerability exists in the Windows Event Vi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0947 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0946 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0945 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0944
	REJECTED
CVE-2019-0943 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0942 (An elevation of privilege vulnerability exists in the Unified Write Fi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0941 (A denial of service exists in Microsoft IIS Server when the optional r ...)
	NOT-FOR-US: Microsoft
CVE-2019-0940 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-0939
	REJECTED
CVE-2019-0938 (An elevation of privilege vulnerability exists in Microsoft Edge that  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0937 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0936 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0935
	REJECTED
CVE-2019-0934
	REJECTED
CVE-2019-0933 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0932 (An information disclosure vulnerability exists in Skype for Android, a ...)
	NOT-FOR-US: Skype
CVE-2019-0931 (An elevation of privilege vulnerability exists when the Storage Servic ...)
	NOT-FOR-US: Microsoft
CVE-2019-0930 (An information disclosure vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0929 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2019-0928 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0927 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0926 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0925 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0924 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0923 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0922 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0921 (An spoofing vulnerability exists when Internet Explorer improperly han ...)
	NOT-FOR-US: Microsoft
CVE-2019-0920 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0919
	REJECTED
CVE-2019-0918 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0917 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0916 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0915 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0914 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0913 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0912 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0911 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0910
	REJECTED
CVE-2019-0909 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0908 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0907 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0906 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0905 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0904 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0903 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2019-0902 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0901 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0900 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0899 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0898 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0897 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0896 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0895 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0894 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0893 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0892 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-0891 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0890 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0888 (A remote code execution vulnerability exists in the way that ActiveX D ...)
	NOT-FOR-US: Microsoft
CVE-2019-0887 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-0886 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2019-0885 (A remote code execution vulnerability exists when Microsoft Windows OL ...)
	NOT-FOR-US: Microsoft
CVE-2019-0884 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0883
	REJECTED
CVE-2019-0882 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0881 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0880 (A local elevation of privilege vulnerability exists in how splwow64.ex ...)
	NOT-FOR-US: Microsoft
CVE-2019-0879 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0878
	REJECTED
CVE-2019-0877 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0876 (An information disclosure vulnerability exists when affected Open Encl ...)
	NOT-FOR-US: Microsoft
CVE-2019-0875 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...)
	NOT-FOR-US: Microsoft
CVE-2019-0874 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0873
	REJECTED
CVE-2019-0872 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0871 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0870 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0869 (A spoofing vulnerability exists in Microsoft Azure DevOps Server when  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0868 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0867 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0866 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0865 (A denial of service vulnerability exists when SymCrypt improperly hand ...)
	NOT-FOR-US: Microsoft
CVE-2019-0864 (A denial of service vulnerability exists when .NET Framework improperl ...)
	NOT-FOR-US: .NET Framework
CVE-2019-0863 (An elevation of privilege vulnerability exists in the way Windows Erro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0862 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0861 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0860 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0859 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-0858 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...)
	NOT-FOR-US: Microsoft
CVE-2019-0857 (A spoofing vulnerability that could allow a security feature bypass ex ...)
	NOT-FOR-US: Microsoft
CVE-2019-0856 (A remote code execution vulnerability exists when Windows improperly h ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0855
	REJECTED
CVE-2019-0854
	REJECTED
CVE-2019-0853 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2019-0852
	REJECTED
CVE-2019-0851 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0850
	REJECTED
CVE-2019-0849 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0848 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-0847 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0846 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0845 (A remote code execution vulnerability exists when the IOleCvt interfac ...)
	NOT-FOR-US: Microsoft
CVE-2019-0844 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0843
	REJECTED
CVE-2019-0842 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0841 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
	NOT-FOR-US: Microsoft
CVE-2019-0840 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0839 (An information disclosure vulnerability exists when the Terminal Servi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0838 (An information disclosure vulnerability exists when Windows Task Sched ...)
	NOT-FOR-US: Microsoft
CVE-2019-0837 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0836 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0835 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0834
	REJECTED
CVE-2019-0833 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2019-0832
	REJECTED
CVE-2019-0831 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0830 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0829 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0828 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2019-0827 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0826 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0825 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0824 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0823 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0822 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-0821 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Windows SMB Server
CVE-2019-0820 (A denial of service vulnerability exists when .NET Framework and .NET  ...)
	NOT-FOR-US: Microsoft .NET Core
CVE-2019-0819 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2019-0818
	REJECTED
CVE-2019-0817 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...)
	NOT-FOR-US: Microsoft
CVE-2019-0816 (A security feature bypass exists in Azure SSH Keypairs, due to a chang ...)
	- cloud-init 18.3-6 (low; bug #926043)
	[stretch] - cloud-init <no-dsa> (Doesn't affect default provisioning for Azure, only limited use cases)
	[jessie] - cloud-init <not-affected> (version uses a different mechanism to set public keys.)
	NOTE: https://code.launchpad.net/~jasonzio/cloud-init/+git/cloud-init/+merge/363445
	NOTE: https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm
CVE-2019-0815 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0814 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-0813 (An elevation of privilege vulnerability exists when Windows Admin Cent ...)
	NOT-FOR-US: Microsoft
CVE-2019-0812 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0811 (A denial of service vulnerability exists in Windows DNS Server when it ...)
	NOT-FOR-US: Microsoft
CVE-2019-0810 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0809 (A remote code execution vulnerability exists when the Visual Studio C+ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0808 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0807
	REJECTED
CVE-2019-0806 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0805 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0804 (An information disclosure vulnerability exists in the way Azure WaLinu ...)
	{DSA-4406-1 DLA-1709-1}
	- waagent 2.2.34-3
CVE-2019-0803 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-0802 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0801 (A remote code execution vulnerability exists when Microsoft Office fai ...)
	NOT-FOR-US: Microsoft
CVE-2019-0800
	REJECTED
CVE-2019-0799
	REJECTED
CVE-2019-0798 (A spoofing vulnerability exists when a Lync Server or Skype for Busine ...)
	NOT-FOR-US: Microsoft
CVE-2019-0797 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0796 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0795 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0794 (A remote code execution vulnerability exists when OLE automation impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0793 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0792 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0791 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0790 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0789
	REJECTED
CVE-2019-0788 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2019-0787 (A remote code execution vulnerability exists in the Windows Remote Des ...)
	NOT-FOR-US: Microsoft
CVE-2019-0786 (An elevation of privilege vulnerability exists in the Microsoft Server ...)
	NOT-FOR-US: Microsoft
CVE-2019-0785 (A memory corruption vulnerability exists in the Windows Server DHCP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0784 (A remote code execution vulnerability exists in the way that the Activ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0783 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0782 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0781
	REJECTED
CVE-2019-0780 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2019-0779 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0778 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0777 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2019-0776 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-0775 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0774 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0773 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0772 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0771 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0770 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0769 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0768 (A security feature bypass vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0767 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0766 (An elevation of privilege vulnerability exists in Windows AppX Deploym ...)
	NOT-FOR-US: Microsoft
CVE-2019-0765 (A remote code execution vulnerability exists in the way that comctl32. ...)
	NOT-FOR-US: Microsoft
CVE-2019-0764 (A tampering vulnerability exists when Microsoft browsers do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2019-0763 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2019-0762 (A security feature bypass vulnerability exists when Microsoft browsers ...)
	NOT-FOR-US: Microsoft
CVE-2019-0761 (A security feature bypass vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0760
	REJECTED
CVE-2019-0759 (An information disclosure vulnerability exists when the Windows Print  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0758 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0757 (A tampering vulnerability exists in the NuGet Package Manager for Linu ...)
	- nuget <not-affected> (NuGet older than 4.3 is not affected, bug #926122)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1685475
	NOTE: https://github.com/NuGet/Home/issues/7673
	NOTE: https://github.com/NuGet/NuGet.Client/commit/d62db666c710bf95121fe8f5c6a6cbe01985456f?w=1
	NOTE: https://github.com/NuGet/Home/issues/7673#issuecomment-478738369
CVE-2019-0756 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0755 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0754 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0753 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0752 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0751
	REJECTED
CVE-2019-0750
	REJECTED
CVE-2019-0749
	REJECTED
CVE-2019-0748 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0747
	REJECTED
CVE-2019-0746 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0745
	REJECTED
CVE-2019-0744
	REJECTED
CVE-2019-0743 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft Team Foundation Server
CVE-2019-0742 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft Team Foundation Server
CVE-2019-0741 (An information disclosure vulnerability exists in the way Azure IoT Ja ...)
	NOT-FOR-US: Microsoft
CVE-2019-0740
	REJECTED
CVE-2019-0739 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0738
	REJECTED
CVE-2019-0737
	REJECTED
CVE-2019-0736 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0735 (An elevation of privilege vulnerability exists when the Windows Client ...)
	NOT-FOR-US: Microsoft
CVE-2019-0734 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0733 (A security feature bypass vulnerability exists in Windows Defender App ...)
	NOT-FOR-US: Microsoft
CVE-2019-0732 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0731 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0730 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0729 (An Elevation of Privilege vulnerability exists in the way Azure IoT Ja ...)
	NOT-FOR-US: Microsoft
CVE-2019-0728 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
	NOT-FOR-US: Microsoft
CVE-2019-0727 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft
CVE-2019-0726 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0725 (A memory corruption vulnerability exists in the Windows Server DHCP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0724 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0723 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0722 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-0721 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2019-0720 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2019-0719 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2019-0718 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0717 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0716 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-0715 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0714 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0713 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0712 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0711 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0710 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0709 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-0708 (A remote code execution vulnerability exists in Remote Desktop Service ...)
	NOT-FOR-US: Microsoft
CVE-2019-0707 (An elevation of privilege vulnerability exists in the Network Driver I ...)
	NOT-FOR-US: Microsoft
CVE-2019-0706
	REJECTED
CVE-2019-0705
	REJECTED
CVE-2019-0704 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Windows SMB Server
CVE-2019-0703 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Windows SMB Server
CVE-2019-0702 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0701 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0700
	REJECTED
CVE-2019-0699
	REJECTED
CVE-2019-0698 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0697 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0696 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0695 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
	NOT-FOR-US: Microsoft
CVE-2019-0694 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft Windows Subsystem for Linux
CVE-2019-0693 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft Windows Subsystem for Linux
CVE-2019-0692 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft Windows Subsystem for Linux
CVE-2019-0691
	REJECTED
CVE-2019-0690 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2019-0689 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft Windows Subsystem for Linux
CVE-2019-0688 (An information disclosure vulnerability exists when the Windows TCP/IP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0687
	REJECTED
CVE-2019-0686 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0685 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2019-0684
	REJECTED
CVE-2019-0683 (An elevation of privilege vulnerability exists in Active Directory For ...)
	NOT-FOR-US: Microsoft
CVE-2019-0682 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft Windows Subsystem for Linux
CVE-2019-0681
	REJECTED
CVE-2019-0680 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0679
	REJECTED
CVE-2019-0678 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
	NOT-FOR-US: Microsoft
CVE-2019-0677
	REJECTED
CVE-2019-0676 (An information disclosure vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0675 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0674 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0673 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0672 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0671 (A remote code execution vulnerability exists when the Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2019-0670 (A spoofing vulnerability exists in Microsoft SharePoint when the appli ...)
	NOT-FOR-US: Microsoft
CVE-2019-0669 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2019-0668 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0667 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0666 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0665 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0664 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0663 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0662 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2019-0661 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0660 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0659 (An elevation of privilege vulnerability exists when the Storage Servic ...)
	NOT-FOR-US: Microsoft
CVE-2019-0658 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0657 (A vulnerability exists in certain .Net Framework API's and Visual Stud ...)
	NOT-FOR-US: .NET core
CVE-2019-0656 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0655 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0654 (A spoofing vulnerability exists when Microsoft browsers improperly han ...)
	NOT-FOR-US: Microsoft
CVE-2019-0653
	REJECTED
CVE-2019-0652 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0651 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0650 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0649 (A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0648 (An information disclosure vulnerability exists when Chakra improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0647 (An information disclosure vulnerability exists when Team Foundation Se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0646 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2019-0645 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0644 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0643 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2019-0642 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0641 (A security feature bypass vulnerability exists in Microsoft Edge handl ...)
	NOT-FOR-US: Microsoft
CVE-2019-0640 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0639 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0638
	REJECTED
CVE-2019-0637 (A security feature bypass vulnerability exists when Windows Defender F ...)
	NOT-FOR-US: Microsoft
CVE-2019-0636 (An information vulnerability exists when Windows improperly discloses  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0635 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2019-0634 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0633 (A remote code execution vulnerability exists in the way that the Micro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0632 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0631 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0630 (A remote code execution vulnerability exists in the way that the Micro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0629
	REJECTED
CVE-2019-0628 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2019-0627 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0626 (A memory corruption vulnerability exists in the Windows Server DHCP se ...)
	NOT-FOR-US: Microsoft
CVE-2019-0625 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0624 (A spoofing vulnerability exists when a Skype for Business 2015 server  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0623 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2019-0622 (An elevation of privilege vulnerability exists when Skype for Andriod  ...)
	NOT-FOR-US: Skype for Android
CVE-2019-0621 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0620 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-0619 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0618 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2019-0617 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0616 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0615 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0614 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0613 (A remote code execution vulnerability exists in .NET Framework and Vis ...)
	NOT-FOR-US: Microsoft
CVE-2019-0612 (A security feature bypass vulnerability exists when Click2Play protect ...)
	NOT-FOR-US: Microsoft
CVE-2019-0611 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0610 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0609 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0608 (A spoofing vulnerability exists when Microsoft Browsers does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2019-0607 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0606 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2019-0605 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0604 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2019-0603 (A remote code execution vulnerability exists in the way that Windows D ...)
	NOT-FOR-US: Microsoft
CVE-2019-0602 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2019-0601 (An information disclosure vulnerability exists when the Human Interfac ...)
	NOT-FOR-US: Microsoft
CVE-2019-0600 (An information disclosure vulnerability exists when the Human Interfac ...)
	NOT-FOR-US: Microsoft
CVE-2019-0599 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0598 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0597 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0596 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0595 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0594 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2019-0593 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0592 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0591 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0590 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2019-0589
	REJECTED
CVE-2019-0588 (An information disclosure vulnerability exists when the Microsoft Exch ...)
	NOT-FOR-US: Microsoft
CVE-2019-0587
	REJECTED
CVE-2019-0586 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
	NOT-FOR-US: Microsoft
CVE-2019-0585 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2019-0584 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0583 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0582 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0581 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0580 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0579 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0578 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0577 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0576 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0575 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0574 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0573 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0572 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0571 (An elevation of privilege vulnerability exists when the Windows Data S ...)
	NOT-FOR-US: Microsoft
CVE-2019-0570 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
	NOT-FOR-US: Microsoft
CVE-2019-0569 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0568 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0567 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0566 (An elevation of privilege vulnerability exists in Microsoft Edge Brows ...)
	NOT-FOR-US: Microsoft
CVE-2019-0565 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2019-0564 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
	NOT-FOR-US: .NET core
CVE-2019-0563
	REJECTED
CVE-2019-0562 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2019-0561 (An information disclosure vulnerability exists when Microsoft Word mac ...)
	NOT-FOR-US: Microsoft
CVE-2019-0560 (An information disclosure vulnerability exists when Microsoft Office i ...)
	NOT-FOR-US: Microsoft
CVE-2019-0559 (An information disclosure vulnerability exists when Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0558 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0557 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0556 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2019-0555 (An elevation of privilege vulnerability exists in the Microsoft XmlDoc ...)
	NOT-FOR-US: Microsoft
CVE-2019-0554 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0553 (An information disclosure vulnerability exists when Windows Subsystem  ...)
	NOT-FOR-US: Microsoft
CVE-2019-0552 (An elevation of privilege exists in Windows COM Desktop Broker, aka "W ...)
	NOT-FOR-US: Microsoft
CVE-2019-0551 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-0550 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2019-0549 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2019-0548 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
	NOT-FOR-US: .NET core
CVE-2019-0547 (A memory corruption vulnerability exists in the Windows DHCP client wh ...)
	NOT-FOR-US: Microsoft
CVE-2019-0546 (A remote code execution vulnerability exists in Visual Studio when the ...)
	NOT-FOR-US: Microsoft
CVE-2019-0545 (An information disclosure vulnerability exists in .NET Framework and . ...)
	NOT-FOR-US: .NET core
CVE-2019-0544
	REJECTED
CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the comp ...)
	- node-xterm 3.8.1-1 (unimportant; bug #926670)
	NOTE: nodejs not covered by security support
CVE-2019-0541 (A remote code execution vulnerability exists in the way that the MSHTM ...)
	NOT-FOR-US: Microsoft
CVE-2019-0540 (A security feature bypass vulnerability exists when Microsoft Office d ...)
	NOT-FOR-US: Microsoft
CVE-2019-0539 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0538 (A remote code execution vulnerability exists when the Windows Jet Data ...)
	NOT-FOR-US: Microsoft
CVE-2019-0537 (An information disclosure vulnerability exists when Visual Studio impr ...)
	NOT-FOR-US: Microsoft
CVE-2019-0536 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-19607 (Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote att ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #915134)
	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/97e7905a8b90fcbd5e8c440ad7d55bf8ffe007e5
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6e42c1b55e0fc4f360cc56010b0ffe19aa6062d9
CVE-2018-19606
	RESERVED
CVE-2018-19605
	RESERVED
CVE-2018-19604
	RESERVED
CVE-2018-19603
	RESERVED
CVE-2018-19602
	RESERVED
CVE-2018-19601 (Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&amp;act=d ...)
	NOT-FOR-US: Rhymix CMS
CVE-2018-19600 (Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&amp;act=di ...)
	NOT-FOR-US: Rhymix CMS
CVE-2018-19599 (Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/i ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the /users U ...)
	NOT-FOR-US: Statamic
CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a relat ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-19596 (Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the re ...)
	NOT-FOR-US: Zurmo
CVE-2018-19595 (PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute ar ...)
	NOT-FOR-US: PbootCMS
CVE-2018-19594
	RESERVED
CVE-2018-19593
	RESERVED
CVE-2018-19592 (The "CLink4Service" service is installed with Corsair Link 4.9.7.35 wi ...)
	NOT-FOR-US: Corsair
CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempting to  ...)
	- glibc 2.28-1 (bug #914837)
	[stretch] - glibc <not-affected> (Vulnerable code introduced later and not backported to stretch)
	[jessie] - glibc <not-affected> (Vulnerable code introduced later and not backported to jessie)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23927
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d527c860f5a3f0ed687bd03f0cb464612dc23408
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2180fee114b778515b3f560e5ff1e795282e60b0
CVE-2018-19590
	RESERVED
CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
	NOT-FOR-US: Utimaco CryptoServer HSM
CVE-2018-19588 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. ...)
	NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
	NOT-FOR-US: Silverpeas
CVE-2018-19585 (GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19584 (GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5  ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19583 (GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19582 (GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affe ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19581 (GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19580 (All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not sen ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19579 (GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19578 (GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure ob ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19577 (Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19576 (GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19575 (GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19574 (GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19573 (GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19572 (GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-c ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19571 (GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19570 (GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19569 (GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19568 (A floating point exception in kodak_radc_load_raw in dcraw through 9.2 ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19567 (A floating point exception in parse_tiff_ifd in dcraw through 9.28 cou ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19566 (A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could  ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19565 (A buffer over-read in crop_masked_pixels in dcraw through 9.28 could b ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2019-0535
	RESERVED
CVE-2019-0534
	RESERVED
CVE-2019-0533
	RESERVED
CVE-2019-0532
	RESERVED
CVE-2019-0531
	RESERVED
CVE-2019-0530
	RESERVED
CVE-2019-0529
	RESERVED
CVE-2019-0528
	RESERVED
CVE-2019-0527
	RESERVED
CVE-2019-0526
	RESERVED
CVE-2019-0525
	RESERVED
CVE-2019-0524
	RESERVED
CVE-2019-0523
	RESERVED
CVE-2019-0522
	RESERVED
CVE-2019-0521
	RESERVED
CVE-2019-0520
	RESERVED
CVE-2019-0519
	RESERVED
CVE-2019-0518
	RESERVED
CVE-2019-0517
	RESERVED
CVE-2019-0516
	RESERVED
CVE-2019-0515
	RESERVED
CVE-2019-0514
	RESERVED
CVE-2019-0513
	RESERVED
CVE-2019-0512
	RESERVED
CVE-2019-0511
	RESERVED
CVE-2019-0510
	RESERVED
CVE-2019-0509
	RESERVED
CVE-2019-0508
	RESERVED
CVE-2019-0507
	RESERVED
CVE-2019-0506
	RESERVED
CVE-2019-0505
	RESERVED
CVE-2019-0504
	RESERVED
CVE-2019-0503
	RESERVED
CVE-2019-0502
	RESERVED
CVE-2019-0501
	RESERVED
CVE-2019-0500
	RESERVED
CVE-2019-0499
	RESERVED
CVE-2019-0498
	RESERVED
CVE-2019-0497
	RESERVED
CVE-2019-0496
	RESERVED
CVE-2019-0495
	RESERVED
CVE-2019-0494
	RESERVED
CVE-2019-0493
	RESERVED
CVE-2019-0492
	RESERVED
CVE-2019-0491
	RESERVED
CVE-2019-0490
	RESERVED
CVE-2019-0489
	RESERVED
CVE-2019-0488
	RESERVED
CVE-2019-0487
	RESERVED
CVE-2019-0486
	RESERVED
CVE-2019-0485
	RESERVED
CVE-2019-0484
	RESERVED
CVE-2019-0483
	RESERVED
CVE-2019-0482
	RESERVED
CVE-2019-0481
	RESERVED
CVE-2019-0480
	RESERVED
CVE-2019-0479
	RESERVED
CVE-2019-0478
	RESERVED
CVE-2019-0477
	RESERVED
CVE-2019-0476
	RESERVED
CVE-2019-0475
	RESERVED
CVE-2019-0474
	RESERVED
CVE-2019-0473
	RESERVED
CVE-2019-0472
	RESERVED
CVE-2019-0471
	RESERVED
CVE-2019-0470
	RESERVED
CVE-2019-0469
	RESERVED
CVE-2019-0468
	RESERVED
CVE-2019-0467
	RESERVED
CVE-2019-0466
	RESERVED
CVE-2019-0465
	RESERVED
CVE-2019-0464
	RESERVED
CVE-2019-0463
	RESERVED
CVE-2019-0462
	RESERVED
CVE-2019-0461
	RESERVED
CVE-2019-0460
	RESERVED
CVE-2019-0459
	RESERVED
CVE-2019-0458
	RESERVED
CVE-2019-0457
	RESERVED
CVE-2019-0456
	RESERVED
CVE-2019-0455
	RESERVED
CVE-2019-0454
	RESERVED
CVE-2019-0453
	RESERVED
CVE-2019-0452
	RESERVED
CVE-2019-0451
	RESERVED
CVE-2019-0450
	RESERVED
CVE-2019-0449
	RESERVED
CVE-2019-0448
	RESERVED
CVE-2019-0447
	RESERVED
CVE-2019-0446
	RESERVED
CVE-2019-0445
	RESERVED
CVE-2019-0444
	RESERVED
CVE-2019-0443
	RESERVED
CVE-2019-0442
	RESERVED
CVE-2019-0441
	RESERVED
CVE-2019-0440
	RESERVED
CVE-2019-0439
	RESERVED
CVE-2019-0438
	RESERVED
CVE-2019-0437
	RESERVED
CVE-2019-0436
	RESERVED
CVE-2019-0435
	RESERVED
CVE-2019-0434
	RESERVED
CVE-2019-0433
	RESERVED
CVE-2019-0432
	RESERVED
CVE-2019-0431
	RESERVED
CVE-2019-0430
	RESERVED
CVE-2019-0429
	RESERVED
CVE-2019-0428
	RESERVED
CVE-2019-0427
	RESERVED
CVE-2019-0426
	RESERVED
CVE-2019-0425
	RESERVED
CVE-2019-0424
	RESERVED
CVE-2019-0423
	RESERVED
CVE-2019-0422
	RESERVED
CVE-2019-0421
	RESERVED
CVE-2019-0420
	RESERVED
CVE-2019-0419
	RESERVED
CVE-2019-0418
	RESERVED
CVE-2019-0417
	RESERVED
CVE-2019-0416
	RESERVED
CVE-2019-0415
	RESERVED
CVE-2019-0414
	RESERVED
CVE-2019-0413
	RESERVED
CVE-2019-0412
	RESERVED
CVE-2019-0411
	RESERVED
CVE-2019-0410
	RESERVED
CVE-2019-0409
	RESERVED
CVE-2019-0408
	RESERVED
CVE-2019-0407
	RESERVED
CVE-2019-0406
	RESERVED
CVE-2019-0405 (SAP Enable Now, before version 1911, leaks information about the exist ...)
	NOT-FOR-US: SAP
CVE-2019-0404 (SAP Enable Now, before version 1911, leaks information about network c ...)
	NOT-FOR-US: SAP
CVE-2019-0403 (SAP Enable Now, before version 1911, allows an attacker to input comma ...)
	NOT-FOR-US: SAP
CVE-2019-0402 (SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under c ...)
	NOT-FOR-US: SAP
CVE-2019-0401
	RESERVED
CVE-2019-0400
	RESERVED
CVE-2019-0399 (SAP Portfolio and Project Management, before versions S4CORE 102, 103, ...)
	NOT-FOR-US: SAP
CVE-2019-0398 (Due to insufficient CSRF protection, SAP BusinessObjects Business Inte ...)
	NOT-FOR-US: SAP
CVE-2019-0397
	RESERVED
CVE-2019-0396 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
	NOT-FOR-US: SAP
CVE-2019-0395 (SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad ...)
	NOT-FOR-US: SAP
CVE-2019-0394
	RESERVED
CVE-2019-0393 (An SQL Injection vulnerability in SAP Quality Management (corrected in ...)
	NOT-FOR-US: SAP
CVE-2019-0392
	RESERVED
CVE-2019-0391 (Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.2 ...)
	NOT-FOR-US: SAP
CVE-2019-0390 (Under certain conditions SAP Data Hub (corrected in DH_Foundation vers ...)
	NOT-FOR-US: SAP
CVE-2019-0389 (An administrator of SAP NetWeaver Application Server Java (J2EE-Framew ...)
	NOT-FOR-US: SAP
CVE-2019-0388 (SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7. ...)
	NOT-FOR-US: SAP
CVE-2019-0387
	RESERVED
CVE-2019-0386 (Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6. ...)
	NOT-FOR-US: SAP
CVE-2019-0385 (SAP Enable Now, before version 1908, does not sufficiently encode user ...)
	NOT-FOR-US: SAP
CVE-2019-0384 (Transaction Management in SAP Treasury and Risk Management (corrected  ...)
	NOT-FOR-US: SAP
CVE-2019-0383 (Transaction Management in SAP Treasury and Risk Management (corrected  ...)
	NOT-FOR-US: SAP
CVE-2019-0382 (A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Bus ...)
	NOT-FOR-US: SAP
CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, be ...)
	NOT-FOR-US: SAP
CVE-2019-0380 (Under certain conditions, SAP Landscape Management enterprise edition, ...)
	NOT-FOR-US: SAP
CVE-2019-0379 (SAP Process Integration, business-to-business add-on, versions 1.0, 2. ...)
	NOT-FOR-US: SAP
CVE-2019-0378 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
	NOT-FOR-US: SAP
CVE-2019-0377 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
	NOT-FOR-US: SAP
CVE-2019-0376 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
	NOT-FOR-US: SAP
CVE-2019-0375 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
	NOT-FOR-US: SAP
CVE-2019-0374 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
	NOT-FOR-US: SAP
CVE-2019-0373
	RESERVED
CVE-2019-0372
	RESERVED
CVE-2019-0371
	RESERVED
CVE-2019-0370 (Due to missing input validation, SAP Financial Consolidation, before v ...)
	NOT-FOR-US: SAP
CVE-2019-0369 (SAP Financial Consolidation, before versions 10.0 and 10.1, does not s ...)
	NOT-FOR-US: SAP
CVE-2019-0368 (SAP Customer Relationship Management (Email Management), versions: S4C ...)
	NOT-FOR-US: SAP
CVE-2019-0367 (SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 a ...)
	NOT-FOR-US: SAP
CVE-2019-0366
	RESERVED
CVE-2019-0365 (SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7. ...)
	NOT-FOR-US: SAP
CVE-2019-0364 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...)
	NOT-FOR-US: SAP
CVE-2019-0363 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...)
	NOT-FOR-US: SAP
CVE-2019-0362
	RESERVED
CVE-2019-0361 (SAP Supplier Relationship Management (Master Data Management Catalog - ...)
	NOT-FOR-US: SAP
CVE-2019-0360
	RESERVED
CVE-2019-0359
	RESERVED
CVE-2019-0358
	RESERVED
CVE-2019-0357 (The administrator of SAP HANA database, before versions 1.0 and 2.0, c ...)
	NOT-FOR-US: SAP
CVE-2019-0356 (Under certain conditions SAP NetWeaver Process Integration Runtime Wor ...)
	NOT-FOR-US: SAP
CVE-2019-0355 (SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before ...)
	NOT-FOR-US: SAP
CVE-2019-0354
	RESERVED
CVE-2019-0353 (Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO ...)
	NOT-FOR-US: SAP
CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before version ...)
	NOT-FOR-US: SAP
CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
	NOT-FOR-US: SAP
CVE-2019-0350 (SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker  ...)
	NOT-FOR-US: SAP
CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...)
	NOT-FOR-US: SAP
CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...)
	NOT-FOR-US: SAP
CVE-2019-0347
	RESERVED
CVE-2019-0346 (Unencrypted communication error in SAP Business Objects Business Intel ...)
	NOT-FOR-US: SAP
CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in SAP NetWe ...)
	NOT-FOR-US: SAP
CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc  ...)
	NOT-FOR-US: SAP
CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6 ...)
	NOT-FOR-US: SAP
CVE-2019-0342
	RESERVED
CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does not have ...)
	NOT-FOR-US: SAP
CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before version  ...)
	NOT-FOR-US: SAP
CVE-2019-0339
	RESERVED
CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752,  ...)
	NOT-FOR-US: SAP
CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10 ...)
	NOT-FOR-US: SAP
CVE-2019-0336
	RESERVED
CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
	NOT-FOR-US: SAP
CVE-2019-0334 (When creating a module in SAP BusinessObjects Business Intelligence Pl ...)
	NOT-FOR-US: SAP
CVE-2019-0333 (In some situations, when a client cancels a query in SAP BusinessObjec ...)
	NOT-FOR-US: SAP
CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), versio ...)
	NOT-FOR-US: SAP
CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
	NOT-FOR-US: SAP
CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...)
	NOT-FOR-US: SAP
CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...)
	NOT-FOR-US: SAP
CVE-2019-0328 (ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) ...)
	NOT-FOR-US: SAP
CVE-2019-0327 (SAP NetWeaver for Java Application Server - Web Container, (engineapi, ...)
	NOT-FOR-US: SAP
CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...)
	NOT-FOR-US: SAP
CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...)
	NOT-FOR-US: SAP
CVE-2019-0324
	RESERVED
CVE-2019-0323
	RESERVED
CVE-2019-0322 (SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, ...)
	NOT-FOR-US: SAP
CVE-2019-0321 (ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, d ...)
	NOT-FOR-US: SAP
CVE-2019-0320
	RESERVED
CVE-2019-0319 (The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker ...)
	NOT-FOR-US: SAP
CVE-2019-0318 (Under certain conditions SAP NetWeaver Application Server for Java (St ...)
	NOT-FOR-US: SAP
CVE-2019-0317
	RESERVED
CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITO ...)
	NOT-FOR-US: SAP NetWeaver Process Integration
CVE-2019-0315 (Under certain conditions the PI Integration Builder Web UI of SAP NetW ...)
	NOT-FOR-US: SAP
CVE-2019-0314 (SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, v ...)
	NOT-FOR-US: SAP Work Manager
CVE-2019-0313
	RESERVED
CVE-2019-0312 (Several web pages provided SAP NetWeaver Process Integration (versions ...)
	NOT-FOR-US: SAP
CVE-2019-0311 (Automotive Dealer Portal in SAP R/3 Enterprise Application (versions:  ...)
	NOT-FOR-US: SAP
CVE-2019-0310
	RESERVED
CVE-2019-0309
	RESERVED
CVE-2019-0308 (An authenticated attacker in SAP E-Commerce (Business-to-Consumer appl ...)
	NOT-FOR-US: SAP
CVE-2019-0307 (Diagnostics Agent in Solution Manager, version 7.2, stores several cre ...)
	NOT-FOR-US: SAP / Solution Manager
CVE-2019-0306 (SAP HANA Extended Application Services (advanced model), version 1, al ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2019-0305 (Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integra ...)
	NOT-FOR-US: SAP NetWeaver Process Integration
CVE-2019-0304 (FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7. ...)
	NOT-FOR-US: SAP NetWeaver AS ABAP Platform
CVE-2019-0303 (SAP BusinessObjects Business Intelligence Platform (Administration Con ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence Platform
CVE-2019-0302
	RESERVED
CVE-2019-0301 (Under certain conditions, it is possible to request the modification o ...)
	NOT-FOR-US: SAP
CVE-2019-0300
	RESERVED
CVE-2019-0299
	RESERVED
CVE-2019-0298 (SAP E-Commerce (Business-to-Consumer) application does not sufficientl ...)
	NOT-FOR-US: SAP
CVE-2019-0297
	RESERVED
CVE-2019-0296
	RESERVED
CVE-2019-0295
	RESERVED
CVE-2019-0294
	RESERVED
CVE-2019-0293 (Read of RFC destination does not always perform necessary authorizatio ...)
	NOT-FOR-US: SAP
CVE-2019-0292
	RESERVED
CVE-2019-0291 (Under certain conditions Solution Manager, version 7.2, allows an atta ...)
	NOT-FOR-US: SAP
CVE-2019-0290
	RESERVED
CVE-2019-0289 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...)
	NOT-FOR-US: SAP
CVE-2019-0288
	RESERVED
CVE-2019-0287 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...)
	NOT-FOR-US: SAP
CVE-2019-0286
	RESERVED
CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio ( ...)
	NOT-FOR-US: SAP
CVE-2019-0284 (SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not suf ...)
	NOT-FOR-US: SAP
CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in versions  ...)
	NOT-FOR-US: SAP
CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...)
	NOT-FOR-US: SAP
CVE-2019-0281 (SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6  ...)
	NOT-FOR-US: SAP
CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6. ...)
	NOT-FOR-US: SAP
CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...)
	NOT-FOR-US: SAP
CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP NetWeaver P ...)
	NOT-FOR-US: SAP
CVE-2019-0277 (SAP HANA extended application services, version 1, advanced does not s ...)
	NOT-FOR-US: SAP
CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Finan ...)
	NOT-FOR-US: SAP
CVE-2019-0275 (SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server ...)
	NOT-FOR-US: SAP
CVE-2019-0274 (SAP Mobile Platform SDK allows an attacker to prevent legitimate users ...)
	NOT-FOR-US: SAP
CVE-2019-0273
	RESERVED
CVE-2019-0272
	RESERVED
CVE-2019-0271 (ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does n ...)
	NOT-FOR-US: SAP
CVE-2019-0270 (ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessa ...)
	NOT-FOR-US: SAP
CVE-2019-0269 (SAP BusinessObjects Business Intelligence Platform (BI Workspace), ver ...)
	NOT-FOR-US: SAP
CVE-2019-0268 (SAP BusinessObjects Business Intelligence Platform (CMC Module), versi ...)
	NOT-FOR-US: SAP
CVE-2019-0267 (SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 an ...)
	NOT-FOR-US: SAP
CVE-2019-0266 (Under certain conditions SAP HANA Extended Application Services, versi ...)
	NOT-FOR-US: SAP
CVE-2019-0265 (SLD Registration of ABAP Platform allows an attacker to prevent legiti ...)
	NOT-FOR-US: ABAP Platform
CVE-2019-0264
	RESERVED
CVE-2019-0263
	RESERVED
CVE-2019-0262 (SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not suffici ...)
	NOT-FOR-US: SAP
CVE-2019-0261 (Under certain circumstances, SAP HANA Extended Application Services, a ...)
	NOT-FOR-US: SAP
CVE-2019-0260
	RESERVED
CVE-2019-0259 (SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows  ...)
	NOT-FOR-US: SAP
CVE-2019-0258 (SAP Disclosure Management, version 10.01, does not perform necessary a ...)
	NOT-FOR-US: SAP
CVE-2019-0257 (Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in  ...)
	NOT-FOR-US: SAP
CVE-2019-0256 (Under certain conditions SAP Business One Mobile Android App, version  ...)
	NOT-FOR-US: SAP
CVE-2019-0255 (SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, K ...)
	NOT-FOR-US: SAP
CVE-2019-0254 (SAP Disclosure Management (before version 10.1 Stack 1301) does not su ...)
	NOT-FOR-US: SAP
CVE-2019-0253
	RESERVED
CVE-2019-0252
	RESERVED
CVE-2019-0251 (The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4. ...)
	NOT-FOR-US: SAP
CVE-2019-0250
	RESERVED
CVE-2019-0249 (Under certain conditions SAP Landscape Management (VCM 3.0) allows an  ...)
	NOT-FOR-US: SAP
CVE-2019-0248 (Under certain conditions SAP Gateway of ABAP Application Server (fixed ...)
	NOT-FOR-US: SAP
CVE-2019-0247 (SAP Cloud Connector, before version 2.11.3, allows an attacker to inje ...)
	NOT-FOR-US: SAP
CVE-2019-0246 (SAP Cloud Connector, before version 2.11.3, does not perform any authe ...)
	NOT-FOR-US: SAP
CVE-2019-0245 (SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31 ...)
	NOT-FOR-US: SAP
CVE-2019-0244 (SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31 ...)
	NOT-FOR-US: SAP
CVE-2019-0243 (Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixe ...)
	NOT-FOR-US: SAP
CVE-2019-0242
	RESERVED
CVE-2019-0241 (SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows  ...)
	NOT-FOR-US: SAP
CVE-2019-0240 (SAP Business Objects Mobile for Android (before 6.3.5) application all ...)
	NOT-FOR-US: SAP
CVE-2019-0239
	RESERVED
CVE-2019-0238 (SAP Commerce (previously known as SAP Hybris Commerce), before version ...)
	NOT-FOR-US: SAP
CVE-2019-0237
	RESERVED
CVE-2019-0236
	RESERVED
CVE-2018-19564 (Stored XSS was discovered in the Easy Testimonials plugin 3.2 for Word ...)
	NOT-FOR-US: Easy Testimonials plugin for WordPress
CVE-2018-19563
	RESERVED
CVE-2018-19562 (An issue was discovered in PHPok 4.9.015. admin.php?c=update&amp;f=unz ...)
	NOT-FOR-US: PHPok
CVE-2018-19561 (sikcms 1.1 has CSRF via admin.php?m=Admin&amp;c=Users&amp;a=userAdd to ...)
	NOT-FOR-US: sikcms
CVE-2018-19560 (BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate ...)
	NOT-FOR-US: BageCMS
CVE-2018-19559 (CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ ...)
	NOT-FOR-US: CuppaCMS
CVE-2018-19558 (An issue was discovered in arcms through 2018-03-19. SQL injection exi ...)
	NOT-FOR-US: arcms
CVE-2018-19557 (An issue was discovered in arcms through 2018-03-19. No authentication ...)
	NOT-FOR-US: arcms
CVE-2018-19556 (** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1. ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-19555 (tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any  ...)
	NOT-FOR-US: tp4a TELEPORT
CVE-2018-19554 (An issue was discovered in Dotcms through 5.0.3. Attackers may perform ...)
	NOT-FOR-US: dotCMS
CVE-2018-19553 (Interspire Email Marketer through 6.1.6 has SQL Injection via an updat ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19552 (Interspire Email Marketer through 6.1.6 has SQL Injection via a delete ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19551 (Interspire Email Marketer through 6.1.6 has SQL Injection via a checkd ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19550 (Interspire Email Marketer through 6.1.6 allows arbitrary file upload v ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19549 (Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19548 (index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sen ...)
	NOT-FOR-US: EduSec
CVE-2018-19547 (JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&a ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-19546 (JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action& ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-19545 (JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. ...)
	NOT-FOR-US: JEECMS
CVE-2018-19544 (JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. ...)
	NOT-FOR-US: JEECMS
CVE-2018-19543 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
	- jasper <removed>
	[jessie] - jasper <postponed> (Code appears to work correctly but wait for more information)
	NOTE: https://github.com/mdadams/jasper/issues/182
	NOTE: This issue is reproducible with ASAN, however without ASAN the guard,
	NOTE: introduced with the fix for CVE-2014-8138, works as expected and
	NOTE: jasper terminates properly. Still I am going to mark this bug as
	NOTE: postponed until we receive feedback from upstream.
CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer dere ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19539 (An issue was discovered in JasPer 2.0.14. There is an access violation ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19538
	RESERVED
CVE-2018-19537 (TP-Link Archer C5 devices through V2_160201_US allow remote command ex ...)
	NOT-FOR-US: TP-Link Archer C5 devices
CVE-2018-19536
	RESERVED
CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngch ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (bug #915135)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/428
	NOTE: https://github.com/Exiv2/exiv2/pull/430
CVE-2018-19534
	RESERVED
CVE-2018-19533
	RESERVED
CVE-2018-19532 (A NULL pointer dereference vulnerability exists in the function PdfTra ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916085)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/32/
	NOTE: https://sourceforge.net/p/podofo/code/1950/
CVE-2018-19531 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote c ...)
	NOT-FOR-US: HTTL
CVE-2018-19530 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote c ...)
	NOT-FOR-US: HTTL
CVE-2018-19529
	RESERVED
CVE-2018-19528 (TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a  ...)
	NOT-FOR-US: TP-Link
CVE-2018-19527 (i4 assistant 7.85 allows XSS via a crafted machine name field within i ...)
	NOT-FOR-US: i4 assistant
CVE-2018-19526
	RESERVED
CVE-2018-19525 (An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1 ...)
	NOT-FOR-US: Systrome
CVE-2018-19524 (An issue was discovered on Shenzhen Skyworth DT741 Converged Intellige ...)
	NOT-FOR-US: Shenzhen Skyworth
CVE-2018-19523 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
	NOT-FOR-US: DriverAgent
CVE-2018-19522 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
	NOT-FOR-US: DriverAgent
CVE-2018-19521
	RESERVED
CVE-2018-19520 (An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controlle ...)
	NOT-FOR-US: SDCMS
CVE-2018-19519 (In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_p ...)
	- tcpdump <unfixed> (unimportant)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/763
	NOTE: https://github.com/zyingp/temp/blob/master/tcpdump.md
	NOTE: Crash in CLI tool, no security impact
CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE App ...)
	- kf5-messagelib 4:18.08.3-2 (bug #915039)
	[stretch] - kf5-messagelib <no-dsa> (Minor issue)
	NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612
CVE-2018-19515 (In Webgalamb through 7.0, system/ajax.php functionality is supposed to ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19514 (In Webgalamb through 7.0, an arbitrary code execution vulnerability co ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19513 (In Webgalamb through 7.0, log files are exposed to the internet with p ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19512 (In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" director ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19511 (wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attac ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19510 (subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19509 (wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?user ...)
	NOT-FOR-US: CMSimple
CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&amp;action ...)
	NOT-FOR-US: CMSimple
CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the re ...)
	NOT-FOR-US: Zurmo
CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct  ...)
	NOT-FOR-US: Remedy AR System Server in BMC Remedy
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low; bug #914641)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/26
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (bug #914641)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/18
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1 DLA-1899-1}
	- faad2 2.8.8-3 (bug #914641)
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/22
	NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
CVE-2018-19501
	RESERVED
CVE-2018-19500
	RESERVED
CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Executi ...)
	NOT-FOR-US: Vanilla
CVE-2018-19498 (The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XS ...)
	NOT-FOR-US: Atlassian plugin
CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs. ...)
	{DLA-1610-1}
	- sleuthkit 4.6.5-1 (low; bug #914796)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
	NOTE: https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
CVE-2018-19496 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19495 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19494 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19493 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ...)
	{DLA-1597-1 DLA-1595-1}
	- gnuplot <unfixed> (unimportant)
	- gnuplot5 <removed> (unimportant)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/2089/
	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
	NOTE: No security impact, neutralised by toolchain hardening
	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
	NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allow ...)
	{DLA-1597-1 DLA-1595-1}
	- gnuplot <unfixed> (unimportant)
	- gnuplot5 <removed> (unimportant)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
	NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue all ...)
	{DLA-1597-1 DLA-1595-1}
	- gnuplot <unfixed> (unimportant)
	- gnuplot5 <removed> (unimportant)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
	NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a de ...)
	{DSA-4454-1 DLA-1646-1}
	- qemu 1:3.1+dfsg-1 (bug #914727)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8 (master)
CVE-2018-19488 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19487 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19485
	RESERVED
CVE-2018-19484
	RESERVED
CVE-2018-19483
	RESERVED
CVE-2018-19482
	RESERVED
CVE-2018-19481
	RESERVED
CVE-2018-19480
	RESERVED
CVE-2018-19479
	RESERVED
CVE-2018-19478 (In Artifex Ghostscript before 9.26, a carefully crafted PDF file can t ...)
	{DSA-4346-1 DLA-1620-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
CVE-2018-19474
	RESERVED
CVE-2018-19473
	RESERVED
CVE-2018-19472
	RESERVED
CVE-2018-19471
	RESERVED
CVE-2018-19470
	RESERVED
CVE-2018-19469 (ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomat ...)
	NOT-FOR-US: ArticleCMS
CVE-2018-19468 (HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_clas ...)
	NOT-FOR-US: HuCart
CVE-2018-19467
	RESERVED
CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
	NOT-FOR-US: Portainer
CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to index.php ...)
	NOT-FOR-US: Maccms
CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
	NOT-FOR-US: Discuz!
CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through  ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-19460
	RESERVED
CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
	NOT-FOR-US: Adult Filter
CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read files from the server without au ...)
	NOT-FOR-US: PHP Proxy
CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which le ...)
	NOT-FOR-US: Logicspice FAQ Script
CVE-2018-19456 (The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPr ...)
	NOT-FOR-US: WP Backup+ (aka WPbackupplus) plugin for WordPress
CVE-2018-19455
	RESERVED
CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the current ...)
	- git 1:2.19.2-1
	[stretch] - git <not-affected> (Vulnerable code introduced later)
	[jessie] - git <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
	NOTE: Introduced by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attacke ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers  ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attack ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153
CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...)
	{DSA-4353-1 DLA-1700-1 DLA-1608-1}
	- php7.3 7.3.0-1 (bug #913775)
	- php7.2 <removed> (bug #913835)
	- php7.0 <removed> (bug #913836)
	- php5 <removed>
	- uw-imap 8:2007f~dfsg-6 (bug #914632)
	[stretch] - uw-imap <no-dsa> (Minor issue)
	NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76428
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77153
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77160
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/22/3
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb
CVE-2018-19454
	RESERVED
CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19450 (A command injection can occur for specially crafted PDF files in Foxit ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19449 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19448 (In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialize ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19447 (A stack-based buffer overflow can occur for specially crafted PDF file ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19446 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19445 (A command injection can occur for specially crafted PDF files in Foxit ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader_Conte ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
	NOT-FOR-US: Neato Botvac Connected
CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateR ...)
	NOT-FOR-US: Neato Botvac Connected
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
	NOT-FOR-US: ARM Trusted Firmware-A
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global Deskt ...)
	NOT-FOR-US: Oracle
CVE-2018-19438
	RESERVED
CVE-2018-19443 (The client in Tryton 5.x before 5.0.1 tries to make a connection to th ...)
	- tryton-client <not-affected> (Only affects 5.x, vulnerable 5.0.0 version never in Debian)
	NOTE: https://discuss.tryton.org/t/security-release-for-issue7792/830
	NOTE: https://bugs.tryton.org/issue7792
CVE-2018-19437 (UCMS 1.4.7 allows remote authenticated users to change the administrat ...)
	NOT-FOR-US: UCMS
CVE-2018-19436 (An issue was discovered in the Manufacturing component in webERP 4.15. ...)
	NOT-FOR-US: webERP
CVE-2018-19435 (An issue was discovered in the Sales component in webERP 4.15. SalesIn ...)
	NOT-FOR-US: webERP
CVE-2018-19434 (An issue was discovered on the "Bank Account Matching - Receipts" scre ...)
	NOT-FOR-US: webERP
CVE-2018-19433 (ShowDoc 2.4.1 has XSS via the lang parameter because install/database. ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19432 (An issue was discovered in libsndfile 1.0.28. There is a NULL pointer  ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (unimportant; bug #914381)
	NOTE: https://github.com/erikd/libsndfile/issues/427
	NOTE: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
	NOTE: Similar underlying issue as CVE-2018-13139 but not considered a duplicate.
	NOTE: Missing channel number check in sndfile-deinterleave program, not a
	NOTE: security issue in the library.
CVE-2018-19431
	RESERVED
CVE-2018-19430
	RESERVED
CVE-2018-19429
	RESERVED
CVE-2018-19428
	RESERVED
CVE-2018-19427
	RESERVED
CVE-2018-19426
	RESERVED
CVE-2018-19425
	RESERVED
CVE-2018-19424 (ClipperCMS 1.3.3 allows remote authenticated administrators to upload  ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-19423 (Codiad 2.8.4 allows remote authenticated administrators to execute arb ...)
	NOT-FOR-US: Codiad
CVE-2018-19422 (/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-19421 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Inte ...)
	NOT-FOR-US: GetSimpleCMS
CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but ther ...)
	NOT-FOR-US: GetSimpleCMS
CVE-2018-19419
	RESERVED
CVE-2018-19418
	RESERVED
CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. T ...)
	NOT-FOR-US: Contiki-NG
CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
	[experimental] - sysstat 12.0.3-1
	- sysstat 12.0.3-2 (low; bug #914553)
	[stretch] - sysstat <not-affected> (Vulnerable code introduced later)
	[jessie] - sysstat <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sysstat/sysstat/issues/199
	NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/fbc691eaaa10d0bcea6741d5a223dc3906106548
CVE-2018-19416 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
	[experimental] - sysstat 12.0.3-1
	- sysstat 12.0.3-2 (low; bug #914384)
	[stretch] - sysstat <not-affected> (Vulnerable code introduced later)
	[jessie] - sysstat <not-affected> (vulnerable code was introduced later)
	NOTE: https://github.com/sysstat/sysstat/issues/196
	NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/fbc691eaaa10d0bcea6741d5a223dc3906106548
	NOTE: Vulnerable code introduced with https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c#diff-cccb0877d1539c562536a98e0d17428f
CVE-2018-19415 (Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remot ...)
	NOT-FOR-US: Plikli CMS
CVE-2018-19414 (Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0. ...)
	NOT-FOR-US: Plikli CMS
CVE-2018-19413 (A vulnerability in the API of SonarSource SonarQube before 7.4 could a ...)
	NOT-FOR-US: SonarQube
CVE-2018-19412
	RESERVED
CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683 allows an authenticated user  ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19410 (PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19409 (An issue was discovered in Artifex Ghostscript before 9.26. LockSafety ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700176
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea1b3ef437f39e45874f821c06bd953196625ac5
CVE-2009-5153 (In Novell NetWare before 6.5 SP8, a stack buffer overflow in processin ...)
	NOT-FOR-US: Novell NetWare
CVE-2018-19408
	RESERVED
CVE-2018-19407 (The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kerne ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/11/20/580
CVE-2018-19406 (kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4. ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://lkml.org/lkml/2018/11/20/411
	NOTE: Introduced by: https://git.kernel.org/linus/4180bf1b655a791a0a6ef93a2ffffc762722c782 (4.19-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/38ab012f109caf10f471db1adf284e620dd8d701 (4.20-rc5)
CVE-2018-19405
	RESERVED
CVE-2018-19404 (In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.ph ...)
	NOT-FOR-US: YXcms
CVE-2018-19403
	RESERVED
CVE-2018-19402
	RESERVED
CVE-2018-19401
	RESERVED
CVE-2018-19400
	RESERVED
CVE-2018-19399
	RESERVED
CVE-2018-19398
	RESERVED
CVE-2018-19397
	RESERVED
CVE-2018-19396 (ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attac ...)
	- php7.3 <not-affected> (Windows-specific)
	- php7.2 <not-affected> (Windows-specific)
	- php7.1 <not-affected> (Windows-specific)
	- php7.0 <not-affected> (Windows-specific)
	- php5 <not-affected> (Windows-specific)
	NOTE: https://bugs.php.net/bug.php?id=77177
CVE-2018-19395 (ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attacke ...)
	- php7.3 <not-affected> (Windows-specific)
	- php7.2 <not-affected> (Windows-specific)
	- php7.1 <not-affected> (Windows-specific)
	- php7.0 <not-affected> (Windows-specific)
	- php5 <not-affected> (Windows-specific)
	NOTE: https://bugs.php.net/bug.php?id=77177
CVE-2018-19394 (Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, whi ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19393 (Cobham Satcom Sailor 800 and 900 devices contained a vulnerability tha ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19392 (Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unau ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19391 (Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persist ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19390 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
	NOT-FOR-US: Foxit
CVE-2018-19389 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
	NOT-FOR-US: Foxit
CVE-2018-19388 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
	NOT-FOR-US: Foxit
CVE-2018-19387
	REJECTED
CVE-2018-19386 (SolarWinds Database Performance Analyzer 11.1.457 contains an instance ...)
	NOT-FOR-US: SolarWinds Database Performance Analyzer
CVE-2018-19385
	RESERVED
CVE-2018-19384
	RESERVED
CVE-2018-19383
	RESERVED
CVE-2018-19382
	RESERVED
CVE-2018-19381
	RESERVED
CVE-2018-19380
	RESERVED
CVE-2018-19379
	RESERVED
CVE-2018-19378
	RESERVED
CVE-2018-19377
	RESERVED
CVE-2018-19376 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
	NOT-FOR-US: GreenCMS
CVE-2018-19375
	RESERVED
CVE-2018-19374 (Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to  ...)
	NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-19373
	RESERVED
CVE-2018-19372
	RESERVED
CVE-2018-19371 (The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has a ...)
	NOT-FOR-US: SDL Web
CVE-2018-19370 (A Race condition vulnerability in unzip_file in admin/import/class-imp ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19369
	RESERVED
CVE-2018-19368
	RESERVED
CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint (/api/users/admin/ch ...)
	NOT-FOR-US: Portainer
CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	{DSA-4369-1 DLA-1949-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...)
	{DSA-4369-1}
	- xen 4.11.1-1
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS users to c ...)
	- xen 4.11.1-1
	[stretch] - xen <not-affected> (Only affects 4.11)
	[jessie] - xen <not-affected> (Only affects 4.11)
	NOTE: https://xenbits.xen.org/xsa/advisory-277.txt
CVE-2018-19963 (An issue was discovered in Xen 4.11 allowing HVM guest OS users to cau ...)
	- xen 4.11.1-1
	[stretch] - xen <not-affected> (Only affects 4.11)
	[jessie] - xen <not-affected> (Only affects 4.11)
	NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...)
	{DSA-4369-1 DLA-1949-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...)
	{DSA-4369-1 DLA-1949-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19366
	RESERVED
CVE-2018-19365 (The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of th ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ...)
	{DSA-4454-1 DLA-1646-1}
	- qemu 1:3.1+dfsg-1 (bug #914599)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b3c77aa581ebb215125c84b0742119483571e55
CVE-2018-19363
	RESERVED
CVE-2018-19362 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19361 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19359 (GitLab Community and Enterprise Edition 8.9 and later and before 11.5. ...)
	- gitlab 11.3.10+dfsg-2 (bug #914166)
	NOTE: https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
CVE-2018-19358 (GNOME Keyring through 3.28.2 allows local users to retrieve login cred ...)
	- gnome-keyring <unfixed> (unimportant; bug #914154)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365
	NOTE: https://github.com/sungjungk/keyring_crack
	NOTE: The default keyring is automatically unlocked upon successful login.
	NOTE: The current behavior to access passwords via DBus is expected but
	NOTE: cannot be compromised by another user on the system. Users can choose
	NOTE: to use a separate keyring if they prefer to be prompted.
	NOTE: Non issue
	NOTE: https://wiki.gnome.org/Projects/GnomeKeyring/SecurityFAQ
	NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/5
CVE-2018-19357 (XMPlay 3.8.3 allows remote attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: XMPlay
CVE-2018-19356
	RESERVED
CVE-2018-19355 (modules/orderfiles/ajax/upload.php in the Customer Files Upload addon  ...)
	NOT-FOR-US: Customer Files Upload addon for PrestaShop
CVE-2018-19354
	RESERVED
CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allo ...)
	NOT-FOR-US: libansilove
CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name  ...)
	- jupyter-notebook 5.7.4-1 (bug #917408)
	NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook bec ...)
	- jupyter-notebook 5.7.4-1 (bug #917409)
	NOTE: https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...)
	- seahorse <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=551036
	NOTE: Explicitly a design decision by upstream and not considered a security issue
CVE-2018-19350 (In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwd ...)
	NOT-FOR-US: SeaCMS
CVE-2018-19349 (In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php top ...)
	NOT-FOR-US: SeaCMS
CVE-2018-19348 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19347 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19346 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19345 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19344 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19343 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19342 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19341 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19340 (Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default. ...)
	NOT-FOR-US: Guriddo Form PHP
CVE-2018-19339
	RESERVED
CVE-2018-19338
	RESERVED
CVE-2018-19337
	RESERVED
CVE-2018-19336
	RESERVED
CVE-2018-19335 (Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search)  ...)
	NOT-FOR-US: Google Monorail
CVE-2018-19334 (Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search)  ...)
	NOT-FOR-US: Google Monorail
CVE-2018-19333 (pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows ...)
	NOT-FOR-US: gVisor
CVE-2018-19332 (An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability t ...)
	NOT-FOR-US: S-CMS
CVE-2018-19331 (An issue was discovered in S-CMS v1.5. There is a SQL injection vulner ...)
	NOT-FOR-US: S-CMS
CVE-2018-19330
	RESERVED
CVE-2018-19329 (GreenCMS v2.3.0603 allows remote authenticated administrators to delet ...)
	NOT-FOR-US: GreenCMS
CVE-2018-19328 (LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19327 (An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type= ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-19326 (Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory T ...)
	NOT-FOR-US: Zyxel
CVE-2018-19325
	REJECTED
CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&a ...)
	NOT-FOR-US: kimsQ Rb
CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19322 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19321 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19320 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&amp;c=gifts&amp;a=update ...)
	NOT-FOR-US: SRCMS
CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&amp;c=manager&amp;a=upda ...)
	NOT-FOR-US: SRCMS
CVE-2018-19317
	RESERVED
CVE-2018-19316
	RESERVED
CVE-2018-19315
	RESERVED
CVE-2018-19314
	RESERVED
CVE-2018-19313
	RESERVED
CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) all ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service  ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19310
	RESERVED
CVE-2018-19309
	RESERVED
CVE-2018-19308
	RESERVED
CVE-2018-19307
	RESERVED
CVE-2018-19306
	RESERVED
CVE-2018-19305
	RESERVED
CVE-2018-19304
	RESERVED
CVE-2018-19303
	RESERVED
CVE-2018-19302
	RESERVED
CVE-2018-19301 (tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted us ...)
	NOT-FOR-US: tp4a TELEPORT
CVE-2018-19300 (On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) ...)
	NOT-FOR-US: D-Link
CVE-2018-19299
	RESERVED
CVE-2018-19298
	RESERVED
CVE-2018-19297
	RESERVED
CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an objec ...)
	{DSA-4351-1 DLA-1591-1}
	- libphp-phpmailer 5.2.14+dfsg-2.4 (bug #913912)
	NOTE: https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
CVE-2018-19295 (Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper I ...)
	- singularity-container 2.6.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/12/2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1111411
CVE-2018-19294
	RESERVED
CVE-2018-19293
	RESERVED
CVE-2018-19292
	RESERVED
CVE-2018-19291 (An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: DiliCMS
CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax valid ...)
	NOT-FOR-US: Budabot
CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML injection, wh ...)
	NOT-FOR-US: Valine
CVE-2018-19288 (Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the u ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-19287 (XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remot ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19286 (The server in mubu note 2018-11-11 has XSS by configuring an account w ...)
	NOT-FOR-US: mubu note
CVE-2018-19285
	RESERVED
CVE-2018-19284
	REJECTED
CVE-2018-19283
	RESERVED
CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...)
	NOT-FOR-US: Rockwell Automation
CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) all ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource na ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plain ...)
	NOT-FOR-US: PRIMX ZoneCentral
CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x b ...)
	- asterisk <not-affected> (Vulnerable code introduced in 15.x and 16.x releases)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2018-010.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28127
CVE-2015-9274 (HarfBuzz before 1.0.4 allows remote attackers to cause a denial of ser ...)
	- harfbuzz 1.2.6-1
	[jessie] - harfbuzz <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7
CVE-2019-0235 (Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. ...)
	NOT-FOR-US: Apache OFBiz
CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache  ...)
	NOT-FOR-US: Apache Roller
CVE-2019-0233
	RESERVED
CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...)
	- tomcat9 <not-affected> (Windows-specific)
	- tomcat8 <not-affected> (Windows-specific)
	NOTE: https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a connec ...)
	NOT-FOR-US: Apache MINA
CVE-2019-0230
	RESERVED
CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)
	- airflow <itp> (bug #819700)
CVE-2019-0228 (Apache PDFBox 2.0.14 does not properly initialize the XML parser, whic ...)
	- libpdfbox2-java <not-affected> (Vulnerable code introduced in 2.0.14)
	- libpdfbox-java <not-affected> (Vulnerable code introduced in 2.0.14)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/12/1
	NOTE: https://issues.apache.org/jira/browse/PDFBOX-4505
	NOTE: Fixed by: https://svn.apache.org/r1856952 (2.0.15)
CVE-2019-0227 (A Server Side Request Forgery (SSRF) vulnerability affected the Apache ...)
	- axis <unfixed> (bug #929266; unimportant)
	NOTE: https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
	NOTE: https://github.com/apache/axis1-java/commit/7043f1ab0397d1ae35f879f2bcc99be1e9b55644
	NOTE: StockQuoteService.jws not present in Debian binary packages
	NOTE: disclosure mentions "03/12/2019 - Apache applied SSRF patch":
	NOTE: https://github.com/RhinoSecurityLabs/CVEs/issues/1
	NOTE: https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5
CVE-2019-0226 (Apache Karaf Config service provides a install method (via service or  ...)
	- apache-karaf <itp> (bug #881297)
CVE-2019-0225 (A specially crafted url could be used to access files under the ROOT d ...)
	- jspwiki <removed>
CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could ex ...)
	- jspwiki <removed>
CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under some cir ...)
	- qpid-proton 0.22.0-1
	[stretch] - qpid-proton <no-dsa> (Minor issue)
	[jessie] - qpid-proton <ignored> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/PROTON-2014
	NOTE: https://qpid.apache.org/cves/CVE-2019-0223.html
	NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733
	NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=159fac1
	NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=4aea0fd
	NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a
	NOTE: Source-wise only fixed in 0.27.1 upstream, but 0.22.0-1 upload in
	NOTE: unstable switched to build against OpenSSL 1.1 adressing the issue.
	NOTE: The description tells that the vulnerability was introduced in 0.9 but the
	NOTE: version in jessie (0.7) seems to be vulnerable too even though one file is
	NOTE: not present in the jessie version. That part do not seem to be essential for
	NOTE: the package to be vulnerable.
CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...)
	- activemq 5.15.9-1 (bug #925964)
	[buster] - activemq <no-dsa> (Minor issue)
	[stretch] - activemq <no-dsa> (Minor issue)
	[jessie] - activemq <not-affected> (MQTT support not enabled)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0  ...)
	{DSA-4596-1 DLA-1883-1 DLA-1810-1}
	- tomcat9 9.0.16-4 (bug #929895)
	- tomcat8 <removed>
	- tomcat7 <removed>
	NOTE: affects debug channel, unlikely to be present in production websites:
	NOTE: https://mail-archives.apache.org/mod_mbox/www-announce/201905.mbox/%3Cb1905aa6-f340-8d0b-58c4-8ac3ebcbfa54@apache.org%3E
	NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19)
	NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39)
	NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93)
CVE-2019-0220 (A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When  ...)
	{DSA-4422-1 DLA-1748-1}
	- apache2 2.4.38-3
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
	NOTE: https://svn.apache.org/r1855737
	NOTE: https://svn.apache.org/r1855751
CVE-2019-0219 (A website running in the InAppBrowser webview on Android could execute ...)
	NOT-FOR-US: Apache Cordova
CVE-2019-0218 (A vulnerability was discovered wherein a specially crafted URL could e ...)
	NOT-FOR-US: Apache Pony Mail
CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ...)
	{DSA-4422-1 DLA-1748-1}
	- apache2 2.4.38-3
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
	NOTE: https://svn.apache.org/r1855298
CVE-2019-0216 (A malicious admin user could edit the state of objects in the Airflow  ...)
	- airflow <itp> (bug #819700)
CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...)
	- apache2 2.4.38-3
	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215
CVE-2019-0214 (In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the  ...)
	NOT-FOR-US: Apache Archiva
CVE-2019-0213 (In Apache Archiva before 2.2.4, it may be possible to store malicious  ...)
	NOT-FOR-US: Apache Archiva
CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1 ...)
	NOT-FOR-US: Apache HBase
CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, w ...)
	{DSA-4422-1}
	- apache2 2.4.38-3
	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
	NOTE: https://svn.apache.org/r1855378
CVE-2019-0210 (In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ...)
	[experimental] - thrift 0.13.0-1
	- thrift 0.13.0-2
	NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2
CVE-2019-0209
	REJECTED
CVE-2019-0208
	REJECTED
CVE-2019-0207 (Tapestry processes assets `/assets/ctx` using classes chain `StaticFil ...)
	NOT-FOR-US: Apache Tapestry
CVE-2019-0206
	REJECTED
CVE-2019-0205 (In Apache Thrift all versions up to and including 0.12.0, a server or  ...)
	[experimental] - thrift 0.13.0-1
	- thrift 0.13.0-2
	NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1
CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...)
	- apache-mesos <itp> (bug #760315)
CVE-2019-0203 (In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12 ...)
	{DSA-4490-1 DLA-1903-1}
	- subversion 1.10.6-1
	NOTE: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to ...)
	NOT-FOR-US: Apache Storm
CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...)
	{DSA-4461-1 DLA-1801-1}
	- zookeeper 3.4.13-2 (bug #929283)
	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
	NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...)
	- qpid-java <itp> (bug #840131)
CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...)
	{DSA-4596-1}
	- tomcat9 9.0.16-1
	- tomcat8 8.5.38-1
	[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693325
	NOTE: When fixing this issue make sure to fix it completely to not open CVE-2019-10072.
CVE-2019-0198
	REJECTED
CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...)
	- apache2 2.4.38-3
	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...)
	{DSA-4422-1}
	- apache2 2.4.38-3
	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0196
	NOTE: https://svn.apache.org/r1852989
CVE-2019-0195 (Manipulating classpath asset file URLs, an attacker could guess the pa ...)
	NOT-FOR-US: Apache Tapestry
CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
	NOT-FOR-US: Apache Camel
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module  ...)
	{DLA-1954-1}
	- lucene-solr 3.6.2+dfsg-22 (low)
	NOTE: https://issues.apache.org/jira/browse/SOLR-13669
	NOTE: upstream recommends everybody upgrade or rework their configuration
	NOTE: consider backporting enable.dih.dataConfigParam instead:
	NOTE: https://github.com/apache/lucene-solr/commit/325824cd391c8e71f36f17d687f52344e50e9715
CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config  ...)
	- lucene-solr <not-affected> (vulnerable code is not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-13301
CVE-2019-0191 (Apache Karaf kar deployer reads .kar archives and extracts the paths f ...)
	- apache-karaf <itp> (bug #881297)
CVE-2019-0190 (A bug exists in the way mod_ssl handled client renegotiations. A remot ...)
	- apache2 2.4.38-1 (bug #920220)
	[stretch] - apache2 <not-affected> (Only affects 2.4.37)
	[jessie] - apache2 <not-affected> (Only affects 2.4.37)
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/4
CVE-2019-0189 (The java.io.ObjectInputStream is known to cause Java serialisation iss ...)
	NOT-FOR-US: Apache OFBiz
CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity injection ...)
	NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
	- jakarta-jmeter <unfixed>
	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 an ...)
	NOT-FOR-US: Apache Pluto "Chat Room" demo portlet
CVE-2018-19277 (securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypa ...)
	NOT-FOR-US: PHPOffice
CVE-2018-19276 (OpenMRS before 2.24.0 is affected by an Insecure Object Deserializatio ...)
	NOT-FOR-US: OpenMRS
CVE-2018-19275 (The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before  ...)
	NOT-FOR-US: Mitel
CVE-2018-19274 (Passing an absolute path to a file_exists check in phpBB before 3.2.4  ...)
	{DLA-1593-1}
	- phpbb3 <removed>
	NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206
	NOTE: https://github.com/phpbb/phpbb/commit/0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac
CVE-2018-19273
	RESERVED
CVE-2018-19272
	RESERVED
CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) all ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19270
	REJECTED
CVE-2019-0185 (Insufficient access control in protected memory subsystem for SMM for  ...)
	NOT-FOR-US: Intel
CVE-2019-0184 (Insufficient access control in protected memory subsystem for Intel(R) ...)
	NOT-FOR-US: Intel
CVE-2019-0183 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0182 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0181 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0180 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0179 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0178 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0177 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0176
	RESERVED
CVE-2019-0175 (Insufficient password protection in the attestation database for Open  ...)
	NOT-FOR-US: Open CIT
CVE-2019-0174 (Logic condition in specific microprocessors may allow an authenticated ...)
	NOT-FOR-US: RamBleed hardware vulnerability
	NOTE: https://rambleed.com/
CVE-2019-0173 (Authentication bypass in the web console for Intel(R) Raid Web Console ...)
	NOT-FOR-US: Intel
CVE-2019-0172 (A logic issue in Intel Unite(R) Client for Android prior to version 4. ...)
	NOT-FOR-US: Intel Unite(R) Client for Android
CVE-2019-0171 (Improper directory permissions in the installer for Intel(R) Quartus(R ...)
	NOT-FOR-US: Intel
CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 ma ...)
	NOT-FOR-US: Intel(R) DAL
CVE-2019-0169 (Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 1 ...)
	NOT-FOR-US: Intel
CVE-2019-0168 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...)
	NOT-FOR-US: Intel
CVE-2019-0167
	RESERVED
CVE-2019-0166 (Insufficient input validation in the subsystem for Intel(R) AMT before ...)
	NOT-FOR-US: Intel
CVE-2019-0165 (Insufficient Input validation in the subsystem for Intel(R) CSME befor ...)
	NOT-FOR-US: Intel
CVE-2019-0164 (Improper permissions in the installer for Intel(R) Turbo Boost Max Tec ...)
	NOT-FOR-US: installer for Intel(R) Turbo Boost Max Technology driver
CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Broadwel ...)
	NOT-FOR-US: Intel
CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...)
	NOT-FOR-US: F5
CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...)
	- edk2 0~20180803.dd4cae4d-1 (low)
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359
	NOTE: https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f
CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...)
	- edk2 0~20181115.85588389-1 (low)
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
	NOTE: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
	NOTE: https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6
	NOTE: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
	NOTE: https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
CVE-2019-0159 (Insufficient memory protection in the Linux Administrative Tools for I ...)
	NOT-FOR-US: Linux Administrative Tools for Intel Network Adapters
CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...)
	NOT-FOR-US: Intel
CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...)
	NOT-FOR-US: Intel
CVE-2019-0156
	RESERVED
CVE-2019-0155 (Insufficient access control in a subsystem for Intel (R) processor gra ...)
	{DSA-4564-1 DLA-1990-1}
	- linux 5.3.9-2
	[jessie] - linux <not-affected> (Driver doesn't support this hardware)
CVE-2019-0154 (Insufficient access control in subsystem for Intel (R) processor graph ...)
	{DSA-4564-1 DLA-1990-1 DLA-1989-1}
	- linux 5.3.9-2
CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...)
	NOT-FOR-US: Intel(R) CSME
CVE-2019-0152 (Insufficient memory protection in System Management Mode (SMM) and Int ...)
	NOT-FOR-US: Intel
CVE-2019-0151 (Insufficient memory protection in Intel(R) TXT for certain Intel(R) Co ...)
	NOT-FOR-US: Intel
CVE-2019-0150 (Insufficient access control in firmware Intel(R) Ethernet 700 Series C ...)
	NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0149 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
	TODO: check
CVE-2019-0148 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
	TODO: check
CVE-2019-0147 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
	TODO: check
CVE-2019-0146 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
	TODO: check
CVE-2019-0145 (Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...)
	TODO: check
CVE-2019-0144 (Unhandled exception in firmware for Intel(R) Ethernet 700 Series Contr ...)
	NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0143 (Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 S ...)
	NOT-FOR-US: Windows driver for Intel Ethernet 700 Series
CVE-2019-0142 (Insufficient access control in ilp60x64.sys driver for Intel(R) Ethern ...)
	NOT-FOR-US: ilp60x64.sys driver for Intel
CVE-2019-0141
	REJECTED
CVE-2019-0140 (Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controlle ...)
	NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0139 (Insufficient access control in firmware for Intel(R) Ethernet 700 Seri ...)
	NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.1 ...)
	NOT-FOR-US: Intel(R) ACU Wizard
CVE-2019-0137
	RESERVED
CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...)
	{DLA-2114-1 DLA-1930-1 DLA-1919-1}
	- linux 5.2.6-1
	[buster] - linux 4.19.67-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/79c92ca42b5a3e0ea172ea2ce8df8e125af237da
	NOTE: https://git.kernel.org/linus/588f7d39b3592a36fb7702ae3b8bdd9be4621e2f
CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...)
	NOT-FOR-US: Intel
CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and Thermal Fram ...)
	NOT-FOR-US: Intel
CVE-2019-0133
	RESERVED
CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...)
	NOT-FOR-US: Intel Unite(R) Client
CVE-2019-0131 (Insufficient input validation in subsystem in Intel(R) AMT before vers ...)
	NOT-FOR-US: Intel
CVE-2019-0130 (Reflected XSS in web interface for Intel(R) Accelerated Storage Manage ...)
	NOT-FOR-US: Intel
CVE-2019-0129 (Improper permissions for Intel(R) USB 3.0 Creator Utility all versions ...)
	NOT-FOR-US: Intel
CVE-2019-0128 (Improper permissions in the installer for Intel(R) Chipset Device Soft ...)
	NOT-FOR-US: Intel
CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and bef ...)
	NOT-FOR-US: Intel
CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...)
	NOT-FOR-US: Intel
CVE-2019-0125
	RESERVED
CVE-2019-0124 (Insufficient memory protection in Intel(R) 6th Generation Core Process ...)
	NOT-FOR-US: Intel
CVE-2019-0123 (Insufficient memory protection in Intel(R) 6th Generation Core Process ...)
	NOT-FOR-US: Intel
CVE-2019-0122 (Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel ...)
	NOT-FOR-US: Intel
CVE-2019-0121 (Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and ...)
	NOT-FOR-US: Intel
CVE-2019-0120 (Insufficient key protection vulnerability in silicon reference firmwar ...)
	NOT-FOR-US: Intel
CVE-2019-0119 (Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R)  ...)
	NOT-FOR-US: Intel
CVE-2019-0118
	RESERVED
CVE-2019-0117 (Insufficient access control in protected memory subsystem for Intel(R) ...)
	NOT-FOR-US: Intel SGX vulnerabilities
	NOTE: Fixes included in intel-microcode/3.20191112.1
CVE-2019-0116 (An out of bound read in KMD module for Intel(R) Graphics Driver before ...)
	NOT-FOR-US: Intel
CVE-2019-0115 (Insufficient input validation in KMD module for Intel(R) Graphics Driv ...)
	NOT-FOR-US: Intel
CVE-2019-0114 (A race condition in Intel(R) Graphics Drivers before version 10.18.14. ...)
	NOT-FOR-US: Intel
CVE-2019-0113 (Insufficient bounds checking in Intel(R) Graphics Drivers before versi ...)
	NOT-FOR-US: Intel
CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data Center Mana ...)
	NOT-FOR-US: Intel
CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK before  ...)
	NOT-FOR-US: Intel
CVE-2019-0110 (Insufficient key management for Intel(R) Data Center Manager SDK befor ...)
	NOT-FOR-US: Intel
CVE-2019-0109 (Improper folder permissions in Intel(R) Data Center Manager SDK before ...)
	NOT-FOR-US: Intel
CVE-2019-0108 (Improper file permissions for Intel(R) Data Center Manager SDK before  ...)
	NOT-FOR-US: Intel
CVE-2019-0107 (Insufficient user prompt in install routine for Intel(R) Data Center M ...)
	NOT-FOR-US: Intel
CVE-2019-0106 (Insufficient run protection in install routine for Intel(R) Data Cente ...)
	NOT-FOR-US: Intel
CVE-2019-0105 (Insufficient file permissions checking in install routine for Intel(R) ...)
	NOT-FOR-US: Intel
CVE-2019-0104 (Insufficient file protection in uninstall routine for Intel(R) Data Ce ...)
	NOT-FOR-US: Intel
CVE-2019-0103 (Insufficient file protection in install routine for Intel(R) Data Cent ...)
	NOT-FOR-US: Intel
CVE-2019-0102 (Insufficient session authentication in web server for Intel(R) Data Ce ...)
	NOT-FOR-US: Intel
CVE-2019-0101 (Authentication bypass in the Intel Unite(R) solution versions 3.2 thro ...)
	NOT-FOR-US: Intel
CVE-2019-0100
	RESERVED
CVE-2019-0099 (Insufficient access control vulnerability in subsystem in Intel(R) SPS ...)
	NOT-FOR-US: Intel
CVE-2019-0098 (Logic bug vulnerability in subsystem for Intel(R) CSME before version  ...)
	NOT-FOR-US: Intel
CVE-2019-0097 (Insufficient input validation vulnerability in subsystem for Intel(R)  ...)
	NOT-FOR-US: Intel
CVE-2019-0096 (Out of bound write vulnerability in subsystem for Intel(R) AMT before  ...)
	NOT-FOR-US: Intel
CVE-2019-0095
	RESERVED
CVE-2019-0094 (Insufficient input validation vulnerability in subsystem for Intel(R)  ...)
	NOT-FOR-US: Intel
CVE-2019-0093 (Insufficient data sanitization vulnerability in HECI subsystem for Int ...)
	NOT-FOR-US: Intel
CVE-2019-0092 (Insufficient input validation vulnerability in subsystem for Intel(R)  ...)
	NOT-FOR-US: Intel
CVE-2019-0091 (Code injection vulnerability in installer for Intel(R) CSME before ver ...)
	NOT-FOR-US: Intel
CVE-2019-0090 (Insufficient access control vulnerability in subsystem for Intel(R) CS ...)
	NOT-FOR-US: Intel
CVE-2019-0089 (Improper data sanitization vulnerability in subsystem in Intel(R) SPS  ...)
	NOT-FOR-US: Intel
CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for Wind ...)
	NOT-FOR-US: Intel
CVE-2019-0087
	RESERVED
CVE-2019-0086 (Insufficient access control vulnerability in Dynamic Application Loade ...)
	NOT-FOR-US: Intel
CVE-2018-19269
	REJECTED
CVE-2018-19268
	REJECTED
CVE-2018-19267
	REJECTED
CVE-2018-19266
	REJECTED
CVE-2018-19265
	REJECTED
CVE-2018-19264
	REJECTED
CVE-2018-19263
	REJECTED
CVE-2018-19262
	REJECTED
CVE-2018-19261
	REJECTED
CVE-2018-19260
	REJECTED
CVE-2018-19259
	REJECTED
CVE-2018-19258
	REJECTED
CVE-2018-19257
	REJECTED
CVE-2018-19256
	REJECTED
CVE-2018-19255
	REJECTED
CVE-2018-19254
	REJECTED
CVE-2018-19253
	REJECTED
CVE-2018-19252
	REJECTED
CVE-2018-19251
	REJECTED
CVE-2018-19250
	REJECTED
CVE-2018-19249 (The Stripe API v1 allows remote attackers to bypass intended access re ...)
	NOT-FOR-US: Stripe API
CVE-2018-19248 (The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode) ...)
	NOT-FOR-US: Epson
CVE-2018-19247
	RESERVED
CVE-2018-19246 (PHP-Proxy 5.1.0 allows remote attackers to read local files if the def ...)
	NOT-FOR-US: PHP-Proxy
CVE-2018-19245
	RESERVED
CVE-2018-19244 (An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 ...)
	NOT-FOR-US: Charles
CVE-2018-19243
	RESERVED
CVE-2018-19242 (Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-6 ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19241 (Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19240 (Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19239 (TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vuln ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19238
	RESERVED
CVE-2018-19237
	RESERVED
CVE-2018-19236
	RESERVED
CVE-2018-19235
	RESERVED
CVE-2018-19234 (The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edi ...)
	NOT-FOR-US: Miss Marple Enterprise
CVE-2018-19233 (COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users  ...)
	NOT-FOR-US: Miss Marple Enterprise
CVE-2018-19232 (The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode) ...)
	NOT-FOR-US: Epson
CVE-2018-19231
	RESERVED
CVE-2018-19230
	RESERVED
CVE-2018-19229 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/ ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19228 (An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file del ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19227 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/ ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19226 (An issue was discovered in LAOBANCMS 2.0. It allows remote attackers t ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19225 (An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19224 (An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoo ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19223 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first  ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19222 (An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_h ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19221 (An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via  ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19220 (An issue was discovered in LAOBANCMS 2.0. It allows remote attackers t ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ...)
	- libsass <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643760
CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...)
	- libsass <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
CVE-2018-19217 (** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL poi ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-04/msg00020.html
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoke ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
	NOTE: Fix: https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115758#c7
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
	NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
	NOTE: No security impact, crash in CLI tool
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392521
	NOTE: https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
	NOTE: No security impact, crash in CLI tool
CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392524
	NOTE: No security impact, crash in CLI tool
CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwebm::We ...)
	NOT-FOR-US: libwebm
	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
	- ncurses 6.1+20180210-3 (low)
	[stretch] - ncurses <no-dsa> (Minor issue)
	[jessie] - ncurses <no-dsa> (Minor issue)
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
	{DSA-4670-1 DLA-1680-1}
	- tiff 4.0.10-4 (bug #913675)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2820
	NOTE: https://gitlab.com/libtiff/libtiff/commit/d0a842c5dbad2609aed43c701a12ed12461d3405
	NOTE: https://gitlab.com/libtiff/libtiff/commit/38ede78b13810ff0fa8e61f86ef9aa0ab2964668
CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in th ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392522
	NOTE: No security impact, crash in CLI tool
CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the function  ...)
	- libwpd 0.10.2-3 (low; bug #913702)
	[stretch] - libwpd <no-dsa> (Minor issue)
	[jessie] - libwpd <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643752
	NOTE: Patch used in Fedora: https://src.fedoraproject.org/rpms/libwpd/raw/e42834b844f3282d8ccb0889abf1b33f3f71e02f/f/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch
CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19202 (A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.1 ...)
	NOT-FOR-US: MyBB
CVE-2018-19201 (A reflected XSS vulnerability in the ModCP Profile Editor in MyBB befo ...)
	NOT-FOR-US: MyBB
CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows  ...)
	{DLA-1581-1}
	- uriparser 0.9.0-1 (bug #913817)
	[stretch] - uriparser 0.8.4-1+deb9u1
	NOTE: https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539
CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows a ...)
	{DLA-1581-1}
	- uriparser 0.9.0-1 (bug #913817)
	[stretch] - uriparser 0.8.4-1+deb9u1
	NOTE: https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f
CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows a ...)
	{DLA-1581-1}
	- uriparser 0.9.0-1 (bug #913817)
	[stretch] - uriparser 0.8.4-1+deb9u1
	NOTE: https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e
CVE-2018-19207 (The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before  ...)
	NOT-FOR-US: WordPress plugin wp-gdpr-compliance
CVE-2018-19206 (steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use  ...)
	{DSA-4344-1}
	- roundcube 1.3.8+dfsg.1-1
	NOTE: https://roundcube.net/news/2018/10/26/update-1.3.8-released
	NOTE: https://github.com/roundcube/roundcubemail/issues/6410
	NOTE: https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059 (released-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master)
CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warni ...)
	- roundcube 1.3.8+dfsg.1-1
	[stretch] - roundcube <ignored> (Relies on php-crypt-gpg, not in stretch. Old version in 1.3 doesn't verify signature anyway)
	NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released
	NOTE: https://github.com/roundcube/roundcubemail/issues/6289
	NOTE: https://github.com/roundcube/roundcubemail/commit/94da947855329c5062ec2a7098eb86fb675aac37 (release-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/2fa112bd836e5e144e270bda11c9fda1a66a22ae (master)
CVE-2018-19197 (An issue was discovered in XiaoCms 20141229. admin\controller\database ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19196 (An issue was discovered in XiaoCms 20141229. It allows remote attacker ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19195 (An issue was discovered in XiaoCms 20141229. There is XSS related to t ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19194 (An issue was discovered in XiaoCms 20141229. /admin/index.php?c=databa ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19193 (An issue was discovered in XiaoCms 20141229. There is XSS via the larg ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19192 (An issue was discovered in XiaoCms 20141229. admin/index.php?c=content ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19191 (Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi hist ...)
	- webmin <removed>
CVE-2018-19190 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19189 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19188 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19187 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19186 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19185 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to ...)
	NOT-FOR-US: Go Ethereum
CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm. ...)
	NOT-FOR-US: ethereumjs-vm
CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...)
	NOT-FOR-US: Engelsystem
CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arb ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install. ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-19179
	RESERVED
CVE-2018-19178 (In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapp ...)
	NOT-FOR-US: JEESNS
CVE-2018-19177
	RESERVED
CVE-2018-19176
	RESERVED
CVE-2018-19175
	RESERVED
CVE-2018-19174
	RESERVED
CVE-2018-19173
	RESERVED
CVE-2018-19172
	RESERVED
CVE-2018-19171
	RESERVED
CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three i ...)
	NOT-FOR-US: JPress
CVE-2018-19169
	RESERVED
CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi (a ...)
	NOT-FOR-US: FruityWifi
CVE-2018-19167 (CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency ...)
	NOT-FOR-US: CloakCoin
CVE-2018-19166 (peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) a ...)
	NOT-FOR-US: peercoin
CVE-2018-19165 (neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) all ...)
	NOT-FOR-US: neblio
CVE-2018-19164 (reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) ...)
	NOT-FOR-US: reddcoin
CVE-2018-19163 (stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) ...)
	NOT-FOR-US: stratisX
CVE-2018-19162 (Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allow ...)
	NOT-FOR-US: Divi
CVE-2018-19161 (alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows  ...)
	NOT-FOR-US: alqo
CVE-2018-19160 (Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency)  ...)
	NOT-FOR-US: Diamond
CVE-2018-19159 (lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows ...)
	NOT-FOR-US: lux
CVE-2018-19158 (ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurre ...)
	NOT-FOR-US: ColossusCoinXT
CVE-2018-19157 (Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) al ...)
	NOT-FOR-US: Phore
CVE-2018-19156 (PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allo ...)
	NOT-FOR-US: PIVX
CVE-2018-19155 (navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) al ...)
	NOT-FOR-US: navcoin
CVE-2018-19154 (HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) al ...)
	NOT-FOR-US: HTMLCOIN
CVE-2018-19153 (particl through 0.17 (a chain-based proof-of-stake cryptocurrency) all ...)
	NOT-FOR-US: particl
CVE-2018-19152 (emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) all ...)
	NOT-FOR-US: emercoin
CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...)
	NOT-FOR-US: qtum
CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...)
	NOT-FOR-US: pdfforge PDF Architect
CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...)
	- poppler <unfixed> (unimportant; bug #914600)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/664
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3
	NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid  ...)
	- caddy <itp> (bug #810890)
CVE-2018-19147
	RESERVED
CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...)
	NOT-FOR-US: Concrete5
CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability i ...)
	NOT-FOR-US: S-CMS
CVE-2018-19144
	RESERVED
CVE-2018-19140
	RESERVED
CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory leak in ja ...)
	- jasper <removed> (low)
	[jessie] - jasper <postponed> (can be fixed later)
	NOTE: https://github.com/mdadams/jasper/issues/188
CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. ...)
	NOT-FOR-US: WSTMart
CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php i ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-accoun ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file up ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-19134 (In Artifex Ghostscript through 9.25, the setpattern operator did not p ...)
	{DSA-4346-1 DLA-1620-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700141
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26)
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...)
	NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...)
	{DLA-2021-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
	NOTE: Duplicate of CVE-2017-17127
CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue i ...)
	- libav <removed>
	[jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent info upstream)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1138
	NOTE: Duplicate of CVE-2019-14441
CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in decode_frame  ...)
	{DLA-2021-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1137
CVE-2018-19127 (A code injection vulnerability in /type.php in PHPCMS 2008 allows atta ...)
	NOT-FOR-US: PHPCMS
CVE-2018-19126 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remot ...)
	NOT-FOR-US: PrestaShop
CVE-2018-19125 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remot ...)
	NOT-FOR-US: PrestaShop
CVE-2018-19124 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows a ...)
	NOT-FOR-US: PrestaShop
CVE-2018-19123
	RESERVED
CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointer dere ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_ ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
	{DLA-1592-1}
	- otrs2 6.0.1-1
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
	NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
	NOTE: Add workaround and mark first 6.x version as fixing version
CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin  ...)
	- otrs2 6.0.13-1
	[stretch] - otrs2 <not-affected> (Only affects 6.x)
	[jessie] - otrs2 <not-affected> (Only affects 6.x)
	NOTE: https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/
CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...)
	{DLA-1592-1}
	- otrs2 6.0.13-1
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows  ...)
	- kio-extras 4:18.08.3-1 (bug #913595)
	[stretch] - kio-extras <no-dsa> (Minor issue)
	- kde-runtime <removed> (bug #913596)
	[buster] - kde-runtime <no-dsa> (Minor issue)
	[stretch] - kde-runtime <no-dsa> (Minor issue)
	[jessie] - kde-runtime <ignored> (Minor issue)
	NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt
CVE-2018-19119
	RESERVED
CVE-2018-19118 (Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attacker ...)
	NOT-FOR-US: Zoho
CVE-2018-19117
	RESERVED
CVE-2018-19116
	RESERVED
CVE-2018-19967 (An issue was discovered in Xen through 4.11.x on Intel x86 platforms a ...)
	{DSA-4369-1 DLA-1577-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing  ...)
	{DLA-1589-1}
	- keepalived 1:2.0.10-1 (low; bug #914393)
	[stretch] - keepalived <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/pull/961
	NOTE: https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
CVE-2018-19114 (An issue was discovered in MinDoc through v1.0.2. It allows attackers  ...)
	NOT-FOR-US: MinDoc
CVE-2018-19113 (The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in bef ...)
	NOT-FOR-US: Pronestor PNHM
CVE-2018-19112
	RESERVED
CVE-2018-19111 (The Google Cardboard application 1.8 for Android and 1.2 for iOS sends ...)
	NOT-FOR-US: Google Cardboard application for Android and iOS
CVE-2018-19110 (The skin-management feature in tianti 2.3 allows remote authenticated  ...)
	NOT-FOR-US: tianti
CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended permis ...)
	NOT-FOR-US: tianti
CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PS ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (bug #913272)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/426
	NOTE: https://github.com/Exiv2/exiv2/pull/518
	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
	NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (low; bug #913273)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/427
	NOTE: https://github.com/Exiv2/exiv2/pull/518
	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
	NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19106 (Avi Vantage before 17.2.13 uses an invalid URL encoding during a redir ...)
	NOT-FOR-US: Avi Vantage
CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0 ...)
	{DLA-1776-1}
	- librecad 2.1.3-1.2 (bug #928477)
	[stretch] - librecad 2.1.2-1+deb9u1
	NOTE: https://code610.blogspot.com/2018/11/crashing-librecad-213.html
	NOTE: https://github.com/LibreCAD/LibreCAD/issues/1038
	NOTE: Fixed by https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
	NOTE: Regression fix https://github.com/LibreCAD/LibreCAD/commit/8604f171ee380f294102da6154adf77ab754d403
CVE-2018-19104 (In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can b ...)
	NOT-FOR-US: BageCMS
CVE-2018-19103
	RESERVED
CVE-2018-19102
	RESERVED
CVE-2018-19101
	RESERVED
CVE-2018-19100
	RESERVED
CVE-2018-19099
	RESERVED
CVE-2018-19098
	RESERVED
CVE-2018-19097
	RESERVED
CVE-2018-19096
	RESERVED
CVE-2018-19095
	RESERVED
CVE-2018-19094
	RESERVED
CVE-2018-19093 (** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SE ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19092 (An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/ ...)
	NOT-FOR-US: YzmCMS
CVE-2018-19091 (tianti 2.3 has reflected XSS in the user management module via the tia ...)
	NOT-FOR-US: tianti
CVE-2018-19090 (tianti 2.3 has stored XSS in the article management module via an arti ...)
	NOT-FOR-US: tianti
CVE-2018-19089 (tianti 2.3 has stored XSS in the userlist module via the tianti-module ...)
	NOT-FOR-US: tianti
CVE-2018-19088
	RESERVED
CVE-2018-19087 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19086 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19085 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19084 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19083 (WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/ind ...)
	NOT-FOR-US: WeCenter
CVE-2018-19082 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19081 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19080 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19079 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19078 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19077 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19076 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19075 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19074 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19073 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19072 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19071 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19070 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19069 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19068 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19067 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19066 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19065 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19064 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19063 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19062
	RESERVED
CVE-2018-19061 (DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter ...)
	NOT-FOR-US: DedeCMS
CVE-2018-19060 (An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...)
	- poppler <unfixed> (unimportant; bug #913182)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/660
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a
	NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...)
	- poppler <unfixed> (unimportant; bug #913180)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/661
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118
	NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort  ...)
	{DLA-1706-1}
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #913177)
	[buster] - poppler <ignored> (Minor issue)
	[stretch] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ele ...)
	NOT-FOR-US: SimpleMDE
CVE-2018-19056 (pandao Editor.md 1.5.0 has DOM XSS via input starting with a "&lt;&lt; ...)
	NOT-FOR-US: pandao Editor.md
CVE-2018-XXXX [VirtualBox E1000 Guest-to-Host Escape]
	- virtualbox 5.2.22-dfsg-1 (bug #913137)
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day
	NOTE: Changes between 5.2.20 and 5.2.22: https://paste.debian.net/plain/1051089
	NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12
CVE-2018-19055
	RESERVED
CVE-2018-19054
	RESERVED
CVE-2018-19053 (PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code b ...)
	NOT-FOR-US: PbootCMS
CVE-2018-19051 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type ...)
	NOT-FOR-US: MetInfo
CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset  ...)
	NOT-FOR-US: MetInfo
CVE-2018-19049
	RESERVED
CVE-2017-18351
	RESERVED
CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...)
	- lighttpd 1.4.52-1 (bug #913528)
	[stretch] - lighttpd <no-dsa> (Minor issue)
	[jessie] - lighttpd <no-dsa> (Minor issue)
	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within  ...)
	NOT-FOR-US: Simditor
CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application th ...)
	NOT-FOR-US: mPDF
CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing da ...)
	- keepalived 1:2.0.10-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/issues/1048
	NOTE: Neutralised by kernel hardening
CVE-2018-19045 (keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...)
	- keepalived 1:2.0.10-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
	NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
	NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...)
	- keepalived 1:2.0.10-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
	NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19043 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary fil ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19042 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary fil ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19041 (The Media File Manager plugin 1.4.2 for WordPress allows XSS via the d ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19040 (The Media File Manager plugin 1.4.2 for WordPress allows directory lis ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated  ...)
	- grafana <removed>
	NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
CVE-2018-19038
	RESERVED
CVE-2018-19037 (On Virgin Media wireless router 3.0 hub devices, the web interface is  ...)
	NOT-FOR-US: Virgin Media wireless router
CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for firmware versi ...)
	NOT-FOR-US: Bosch
CVE-2018-19035
	RESERVED
CVE-2018-19034
	RESERVED
CVE-2018-19033
	RESERVED
CVE-2018-19032
	RESERVED
CVE-2018-19031 (A command injection vulnerability exists when the authorized user pass ...)
	NOT-FOR-US: 360 routers
CVE-2018-19030
	RESERVED
CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19028
	RESERVED
CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions 4.50 and ...)
	NOT-FOR-US: CX-One
CVE-2018-19026
	RESERVED
CVE-2018-19025
	RESERVED
CVE-2018-19024
	RESERVED
CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are reprodu ...)
	NOT-FOR-US: Hetronic Nova-M radio control systems
CVE-2018-19022
	RESERVED
CVE-2018-19021 (A specially crafted script could bypass the authentication of a mainte ...)
	NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-19020 (When CX-Supervisor (Versions 3.42 and prior) processes project files a ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19019 (A type confusion vulnerability exists when processing project files in ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19018 (An access of uninitialized pointer vulnerability in CX-Supervisor (Ver ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19017 (Several use after free vulnerabilities have been identified in CX-Supe ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19016 (Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes ...)
	NOT-FOR-US: Rockwell Automation
CVE-2018-19015 (An attacker could inject commands to launch programs and create, write ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
	NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19013 (An attacker could inject commands to delete files and/or delete the co ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19012 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
	NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19011 (CX-Supervisor (Versions 3.42 and prior) can execute code that has been ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19010 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
	NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19009 (Pilz PNOZmulti Configurator prior to version 10.9 allows an authentica ...)
	NOT-FOR-US: Pilz PNOZmulti Configurator
CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and ea ...)
	NOT-FOR-US: TextEditor 2.0 in ABB CP400 Panel Builder
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the D ...)
	NOT-FOR-US: Geutebrueck cameras
CVE-2018-19006 (OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The ...)
	NOT-FOR-US: OSIsoft PI Vision
CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation  ...)
	NOT-FOR-US: Cscape
CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds rea ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 0 ...)
	NOT-FOR-US: GE Mark
CVE-2018-19002 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control  ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software use ...)
	NOT-FOR-US: Philips HealthSuite Health Android App
CVE-2018-19000 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18999 (WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 20 ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-18998 (LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credenti ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18997 (Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 a ...)
	NOT-FOR-US: ABB GATE-E2
CVE-2018-18996 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user in ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all  ...)
	NOT-FOR-US: ABB GATE-E2
CVE-2018-18994 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds  ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered i ...)
	NOT-FOR-US: CX-One
CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user in ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer (Ve ...)
	NOT-FOR-US: SCADA WebServer
CVE-2018-18990 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied p ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and pri ...)
	NOT-FOR-US: CX-One
CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of scri ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating o ...)
	NOT-FOR-US: VT-Designer
CVE-2018-18986 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a  ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.1 ...)
	NOT-FOR-US: Tridium Niagara Enterprise
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Enco ...)
	NOT-FOR-US: Medtronic
CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the  ...)
	NOT-FOR-US: VT-Designer
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows  ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-18981 (In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 f ...)
	{DLA-1584-1}
	- ruby-i18n 0.7.0-3 (bug #913093)
	[stretch] - ruby-i18n 0.7.0-2+deb9u1
	NOTE: https://github.com/svenfuchs/i18n/pull/289
	NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb
CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho Ma ...)
	NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager
CVE-2018-18979 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for Android
CVE-2018-18978 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for Android
CVE-2018-18977 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for Android
CVE-2018-18976 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for iOS
CVE-2018-18975 (An issue was discovered in the Ascensia Contour NEXT ONE app for iOS b ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for iOS
CVE-2018-18974
	RESERVED
CVE-2018-18973
	RESERVED
CVE-2018-18972
	RESERVED
CVE-2018-18971
	RESERVED
CVE-2018-18970
	RESERVED
CVE-2018-18969
	RESERVED
CVE-2018-18968
	RESERVED
CVE-2018-18967
	RESERVED
CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerc ...)
	NOT-FOR-US: Degrau Publicidade e Internet Plataforma de E-commerce
CVE-2018-18962
	RESERVED
CVE-2018-18961
	RESERVED
CVE-2018-18960 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51 ...)
	NOT-FOR-US: Epson
CVE-2018-18959 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51 ...)
	NOT-FOR-US: Epson
CVE-2018-18958 (OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. ...)
	NOT-FOR-US: OPNsense
CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffe ...)
	NOT-FOR-US: libIEC61850
CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x b ...)
	- suricata 1:4.0.6-1
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (Vulnerable code not present, no MIME support in this version)
	NOTE: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html
	NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374
CVE-2018-18955 (In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() i ...)
	- linux 4.18.20-1
	[stretch] - linux <not-affected> (Introduced in 4.15-rc1)
	[jessie] - linux <not-affected> (Introduced in 4.15-rc1)
	NOTE: https://git.kernel.org/linus/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd
	NOTE: Introduced in https://git.kernel.org/linus/6397fac4915a
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
CVE-2018-18954 (The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 al ...)
	{DSA-4454-1}
	- qemu 1:3.1+dfsg-1 (low; bug #914604)
	[jessie] - qemu <not-affected> (Vulnerable code not present. ppc/pnv lpc was added in 2.7)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d07945e78eb6b593cd17a4640c1fc9eb35e3245d
CVE-2018-18953
	RESERVED
CVE-2018-18952 (JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. ...)
	NOT-FOR-US: JEECMS
CVE-2018-18951
	RESERVED
CVE-2018-18950 (KindEditor through 4.1.11 has a path traversal vulnerability in php/up ...)
	NOT-FOR-US: KindEditor
CVE-2018-18949 (Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via M ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-18948
	RESERVED
CVE-2018-18947
	RESERVED
CVE-2018-18946
	RESERVED
CVE-2018-18945
	RESERVED
CVE-2018-18944 (Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. ...)
	NOT-FOR-US: Artha ~ The Open Thesaurus
CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Register New  ...)
	NOT-FOR-US: baserCMS
CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remot ...)
	NOT-FOR-US: baserCMS
CVE-2018-18941 (In Vignette Content Management version 6, it is possible to gain remot ...)
	NOT-FOR-US: Vignette Content Management
CVE-2018-18940 (servlet/SnoopServlet (a servlet installed by default) in Netscape Ente ...)
	NOT-FOR-US: Netscape Enterprise
CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ind ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ind ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18937 (An issue has been found in libIEC61850 v1.3. It is a NULL pointer dere ...)
	NOT-FOR-US: libIEC61850
CVE-2018-18936 (An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows  ...)
	NOT-FOR-US: PopojiCMS
CVE-2018-18935 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-ad ...)
	NOT-FOR-US: PopojiCMS
CVE-2018-18934 (An issue was discovered in PopojiCMS v2.0.1. admin_component.php is ex ...)
	NOT-FOR-US: PopojiCMS
CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-18932
	RESERVED
CVE-2018-18931 (An issue was discovered in the Tightrope Media Carousel digital signag ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2018-18930 (The Tightrope Media Carousel digital signage product 7.0.4.104 contain ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2018-18929 (The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4. ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an integ ...)
	- icu 63.1-3
	[stretch] - icu <not-affected> (Vulnerable code not present)
	[jessie] - icu <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=900059
	NOTE: Fixed by: https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
	NOTE: https://unicode-org.atlassian.net/browse/ICU-20246
CVE-2018-18927 (An issue was discovered in PublicCMS V4.0. It allows XSS by modifying  ...)
	NOT-FOR-US: PublicCMS
CVE-2018-18926 (Gitea before 1.5.4 allows remote code execution because it does not pr ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/issues/5140
CVE-2018-18925 (Gogs 0.11.66 allows remote code execution because it does not properly ...)
	NOT-FOR-US: Go Git Service
CVE-2018-18924 (The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to ...)
	NOT-FOR-US: ProjeQtOr
CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabili ...)
	NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create adm ...)
	NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete  ...)
	NOT-FOR-US: PHP Server Monitor
CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode  ...)
	- python3-py-evm <itp> (bug #884796)
CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the commen ...)
	NOT-FOR-US: WP Editor.md plugin for WordPress
CVE-2018-18918
	RESERVED
CVE-2018-18917
	RESERVED
CVE-2018-18916
	RESERVED
CVE-2018-18915 (There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #912828)
	NOTE: https://github.com/Exiv2/exiv2/issues/511
CVE-2018-18914
	RESERVED
CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacki ...)
	NOT-FOR-US: Opera
CVE-2018-18912 (An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A s ...)
	NOT-FOR-US: Easy File Sharing
CVE-2018-18911
	RESERVED
CVE-2018-18910
	RESERVED
CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of  ...)
	NOT-FOR-US: xhEditor
CVE-2018-18908 (The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows p ...)
	NOT-FOR-US: Sky Go Desktop
CVE-2018-18907
	RESERVED
CVE-2018-18906
	RESERVED
CVE-2018-18905
	RESERVED
CVE-2018-18904
	RESERVED
CVE-2018-18903 (Vanilla 2.6.x before 2.6.4 allows remote code execution. ...)
	NOT-FOR-US: Vanilla
CVE-2018-18902
	RESERVED
CVE-2018-18901
	RESERVED
CVE-2018-18900
	RESERVED
CVE-2018-18899
	RESERVED
CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.1.13 t ...)
	{DLA-2101-1}
	- libemail-address-list-perl 0.06-1
	[stretch] - libemail-address-list-perl 0.05-1+deb9u1
	NOTE: https://github.com/bestpractical/email-address-list/commit/a22e6b233443fe3ad1a408e50ecbd7237674817d
	NOTE: https://github.com/bestpractical/email-address-list/commit/6dd5021a6e5df2e8c86a163dc2e180a76a38e63b
	NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
	[experimental] - poppler 0.81.0-1
	- poppler <unfixed> (low; bug #913164)
	[buster] - poppler <ignored> (Negligible security impact)
	[stretch] - poppler <ignored> (Negligible security impact)
	[jessie] - poppler <ignored> (Negligible security impact; memory leak)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/e07c8b4784234383cb5ddcf1133ea91a772506e2
CVE-2018-18896
	RESERVED
CVE-2018-18895
	REJECTED
CVE-2018-18894 (Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) c ...)
	NOT-FOR-US: Lexmark
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to co ...)
	NOT-FOR-US: Jinjava
CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.ph ...)
	NOT-FOR-US: MiniCMS
CVE-2018-18891 (MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete& ...)
	NOT-FOR-US: MiniCMS
CVE-2018-18890 (MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state= ...)
	NOT-FOR-US: MiniCMS
CVE-2018-18889
	RESERVED
CVE-2018-18888 (An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Co ...)
	NOT-FOR-US: laravelCMS
CVE-2018-18887 (S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type ...)
	NOT-FOR-US: S-CMS
CVE-2018-18886 (Helpy v2.1.0 has Stored XSS via the Ticket title. ...)
	NOT-FOR-US: Helpy
CVE-2018-18885
	RESERVED
CVE-2018-18884
	RESERVED
CVE-2018-18882 (A stored cross-site scripting (XSS) issue was discovered in ControlByW ...)
	NOT-FOR-US: ControlByWeb
CVE-2018-18881 (A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M- ...)
	NOT-FOR-US: ControlByWeb
CVE-2018-18880 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a net ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18879 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18878 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the B ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18877 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18876 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a rea ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18875 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a sto ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: nc-cms
CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer dere ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/184
CVE-2018-18872 (The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stor ...)
	NOT-FOR-US: Kieran O'Shea Calendar plugin for WordPress
CVE-2018-18871 (Missing password verification in the web interface on Gigaset Maxwell  ...)
	NOT-FOR-US: Gigaset
CVE-2018-18870
	RESERVED
CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-18868 (No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name paramete ...)
	NOT-FOR-US: No-CMS
CVE-2018-18867 (An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4  ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18866
	RESERVED
CVE-2018-18865 (The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07 ...)
	NOT-FOR-US: Royal browser extensions TS
CVE-2018-18864 (Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache ...)
	NOT-FOR-US: Loadbalancer.org Enterprise VA MAX
CVE-2018-18863 (NGA ResourceLink 20.0.2.1 allows local file inclusion. ...)
	NOT-FOR-US: NGA ResourceLink
CVE-2018-18862 (BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has ...)
	NOT-FOR-US: BMC
CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execu ...)
	NOT-FOR-US: PCMan FTP Server
CVE-2018-18860 (A local privilege escalation vulnerability has been identified in the  ...)
	NOT-FOR-US: SwitchVPN for macOS
CVE-2018-18859 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18858 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18857 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18856 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18855
	RESERVED
CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ca ...)
	NOT-FOR-US: Lightbend Spray spray-json
CVE-2018-18853 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ca ...)
	NOT-FOR-US: Lightbend Spray spray-json
CVE-2018-18852 (Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection  ...)
	NOT-FOR-US: Cerio devices
CVE-2018-18851
	RESERVED
CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authen ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-18849 (In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-boun ...)
	{DSA-4454-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-1 (bug #912535)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1
CVE-2018-18848
	RESERVED
CVE-2018-18847
	RESERVED
CVE-2018-18846
	RESERVED
CVE-2018-18845 (internal/advanced_comment_system/index.php and internal/advanced_comme ...)
	NOT-FOR-US: Advanced Comment System
CVE-2018-18844
	RESERVED
CVE-2018-18843 (The Kubernetes integration in GitLab Enterprise Edition 11.x before 11 ...)
	- gitlab <not-affected> (Only affects Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
CVE-2018-18842 (CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5 ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-18841 (XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Cla ...)
	NOT-FOR-US: SEMCMS PHP
CVE-2018-18840 (XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Cla ...)
	NOT-FOR-US: SEMCMS PHP
CVE-2018-18839 (** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Di ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
	NOTE: https://github.com/netdata/netdata/pull/4521
CVE-2018-18838 (An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forge ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/pull/4521
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18837 (An issue was discovered in Netdata 1.10.0. HTTP Header Injection exist ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/pull/4521
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18836 (An issue was discovered in Netdata 1.10.0. JSON injection exists via t ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/pull/4521
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18835 (upload_template() in system/changeskin.php in DocCms 2016.5.12 allows  ...)
	NOT-FOR-US: DocCms
CVE-2018-18834 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...)
	NOT-FOR-US: libIEC61850
CVE-2018-18833
	RESERVED
CVE-2018-18832 (admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID  ...)
	NOT-FOR-US: DKCMS
CVE-2018-18831 (An issue was discovered in com\mingsoft\cms\action\GeneraterAction.jav ...)
	NOT-FOR-US: MCMS
CVE-2018-18830 (An issue was discovered in com\mingsoft\basic\action\web\FileAction.ja ...)
	NOT-FOR-US: MCMS
CVE-2018-18829 (There exists a NULL pointer dereference in ff_vc1_parse_frame_header_a ...)
	- libav <removed>
	[jessie] - libav <postponed> (Minor issue, clean crash, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1136
	NOTE: ffmpeg PoC crash fixed but different vector:
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c79cf0129edafc388ba1c47cd7b6a620557e48de
CVE-2018-18828 (There exists a heap-based buffer overflow in vc1_decode_i_block_adv in ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18827 (There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_bl ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18826 (There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in  ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18825 (Pagoda Linux panel V6.0 has XSS via the verification code associated w ...)
	NOT-FOR-US: Pagoda Linux panel
CVE-2018-18824 (WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_ma ...)
	NOT-FOR-US: WolfCMS
CVE-2018-18823 (WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_man ...)
	NOT-FOR-US: WolfCMS
CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pagere ...)
	NOT-FOR-US: Grapixel New Media
CVE-2018-18821
	RESERVED
CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication backend of  ...)
	{DSA-4333-1 DLA-1588-1}
	- icecast2 2.4.4-1 (bug #912611)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
	NOTE: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/icecast-server/commit/b21a7283bd1598c5af0bbb250a041ba8198f98f2
	NOTE: Additional issue fixed with https://gitlab.xiph.org/xiph/icecast-server/commit/03ea74c04a5966114c2fe66e4e6892d11a68181e
	NOTE: https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
CVE-2018-18819 (A vulnerability in the web conference chat component of MiCollab, vers ...)
	NOT-FOR-US: Mitel
CVE-2018-18818
	RESERVED
CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with Leostream Conn ...)
	NOT-FOR-US: Leostream Agent
CVE-2018-18816 (The repository component of TIBCO Software Inc.'s TIBCO JasperReports  ...)
	NOT-FOR-US: TIBCO
CVE-2018-18815 (The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...)
	NOT-FOR-US: TIBCO
CVE-2018-18814 (The TIBCO Spotfire authentication component of TIBCO Software Inc.'s T ...)
	NOT-FOR-US: TIBCO
CVE-2018-18813 (The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotf ...)
	NOT-FOR-US: TIBCO
CVE-2018-18812 (The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
	NOT-FOR-US: TIBCO
CVE-2018-18811
	REJECTED
CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s TIBCO Man ...)
	NOT-FOR-US: TIBCO
CVE-2018-18809 (The default server implementation of TIBCO Software Inc.'s TIBCO Jaspe ...)
	NOT-FOR-US: TIBCO
CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO JasperR ...)
	NOT-FOR-US: TIBCO
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...)
	NOT-FOR-US: TIBCO
CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...)
	- bitcoin 0.15.1~dfsg-1
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
	{DLA-1596-1}
	- squid 4.4-1 (low; bug #912294)
	- squid3 <removed> (low)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
	NOTE: 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
	NOTE: 4.x: http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch
CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S ...)
	- squid 4.4-1 (unimportant; bug #912293)
	- squid3 <removed> (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
	NOTE: Squid in Debian builds without TLS support
CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...)
	NOT-FOR-US: School Equipment Monitoring System
CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
	NOT-FOR-US: PointOfSales
CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen,  ...)
	NOT-FOR-US: Bakeshop Inventory System
CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the login sc ...)
	NOT-FOR-US: Curriculum Evaluation System
CVE-2018-18802 (The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin ...)
	NOT-FOR-US: Tubigan "Welcome to our Resort" software
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via student/index.php ...)
	NOT-FOR-US: BSEN Ordering software
CVE-2018-18800 (The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection  ...)
	NOT-FOR-US: Tubigan "Welcome to our Resort" software
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via event/controller. ...)
	NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18798 (Attendance Monitoring System 1.0 has SQL Injection via the 'id' parame ...)
	NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.p ...)
	NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the "Search for Bo ...)
	NOT-FOR-US: Library Management System
CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the student/i ...)
	NOT-FOR-US: School Event Management System
CVE-2018-18794 (School Event Management System 1.0 allows CSRF via user/controller.php ...)
	NOT-FOR-US: School Event Management System
CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File Upload via ev ...)
	NOT-FOR-US: School Event Management System
CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_li ...)
	NOT-FOR-US: zzcms
CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/searc ...)
	NOT-FOR-US: zzcms
CVE-2018-18790 (An issue was discovered in zzcms 8.3. SQL Injection exists in admin/sp ...)
	NOT-FOR-US: zzcms
CVE-2018-18789 (An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.p ...)
	NOT-FOR-US: zzcms
CVE-2018-18788 (An issue was discovered in zzcms 8.3. SQL Injection exists in admin/cl ...)
	NOT-FOR-US: zzcms
CVE-2018-18787 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.ph ...)
	NOT-FOR-US: zzcms
CVE-2018-18786 (An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs. ...)
	NOT-FOR-US: zzcms
CVE-2018-18785 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs ...)
	NOT-FOR-US: zzcms
CVE-2018-18784 (An issue was discovered in zzcms 8.3. SQL Injection exists in admin/ta ...)
	NOT-FOR-US: zzcms
CVE-2018-18783 (XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok um ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18782 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php f ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18781 (DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or key ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18780
	RESERVED
CVE-2018-18779
	RESERVED
CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...)
	- mini-httpd 1.30-0.1 (bug #913095)
	[stretch] - mini-httpd <no-dsa> (Minor issue)
CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in  ...)
	NOT-FOR-US: Microstrategy Web
CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode user-contro ...)
	NOT-FOR-US: Microstrategy Web
CVE-2018-18775 (Microstrategy Web, version 7, does not sufficiently encode user-contro ...)
	NOT-FOR-US: Microstrategy Web
CVE-2018-18774 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allow ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18773 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allow ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18772 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allow ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18771 (An issue was discovered in LuLu CMS through 2015-05-14. backend\module ...)
	NOT-FOR-US: Lulu CMS
CVE-2018-18770
	RESERVED
CVE-2018-18769
	RESERVED
CVE-2018-18768
	RESERVED
CVE-2018-18767 (An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06.  ...)
	NOT-FOR-US: D-Link
CVE-2018-18766 (An elevation of privilege vulnerability exists in the Call Dispatcher  ...)
	NOT-FOR-US: Provisio SiteKiosk
CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-18763 (SaltOS 3.1 r8126 allows action=ajax&amp;query=numbers&amp;page=usuario ...)
	NOT-FOR-US: SaltOS
CVE-2018-18762 (SaltOS 3.1 r8126 contains a database download vulnerability. ...)
	NOT-FOR-US: SaltOS
CVE-2018-18761 (SaltOS 3.1 r8126 allows action=login&amp;querystring=&amp;user=[SQL] S ...)
	NOT-FOR-US: SaltOS
CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
	NOT-FOR-US: RhinOS
CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
	NOT-FOR-US: Modbus Slave
CVE-2018-18758 (Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php  ...)
	NOT-FOR-US: Open Faculty Evaluation System
CVE-2018-18757 (Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback. ...)
	NOT-FOR-US: Open Faculty Evaluation System
CVE-2018-18756 (Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008 ...)
	NOT-FOR-US: Local Server
CVE-2018-18755 (K-iwi Framework 1775 has SQL Injection via the admin/user/group/update ...)
	NOT-FOR-US: K-iwi Framework
CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account w ...)
	NOT-FOR-US: ZyXEL
CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via base64 ...)
	NOT-FOR-US: Typecho
CVE-2018-18752 (Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerabi ...)
	NOT-FOR-US: Webiness Inventory
CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double free  ...)
	- gettext 0.19.8.1-9 (unimportant; bug #913173)
	NOTE: https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=dce3a16e5e9368245735e29bf498dcd5e3e474a4
	NOTE: Negligible security impact
CVE-2018-18750
	RESERVED
CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading to an in ...)
	NOT-FOR-US: data-tools
CVE-2018-18748 (** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import o ...)
	NOT-FOR-US: Sandboxie
CVE-2018-18747
	RESERVED
CVE-2018-18746
	RESERVED
CVE-2018-18745 (An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lg ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18744 (An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to th ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18743 (An XSS issue was discovered in SEMCMS 3.4 via the second text field to ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18742 (A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.ph ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18741 (An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.ph ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18740 (An XSS issue was discovered in SEMCMS 3.4 via the first input field to ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18739 (An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Product ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18738 (An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categor ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18737 (An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php c ...)
	NOT-FOR-US: Douchat
CVE-2018-18736 (An XSS issue was discovered in catfish blog 2.0.33, related to "write  ...)
	NOT-FOR-US: catfish blog (different from src:catfish)
CVE-2018-18735 (A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0. ...)
	NOT-FOR-US: catfish blog (different from src:catfish)
CVE-2018-18734 (A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfi ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-18733 (An XSS issue was discovered in Catfish CMS 4.8.30, related to "write s ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-18732 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18731 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18730 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18729 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18728 (An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.0 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18727 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18726 (An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YU ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18725 (An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCM ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18724 (An XSS issue was discovered in index.php/admin/category/editcategory?i ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18723 (An XSS issue was discovered in index.php/admin/area/editarea/id/110000 ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18722 (An XSS issue was discovered in admin/content/editcontent?id=29&amp;gop ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18721 (An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1 ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18720 (An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18719
	RESERVED
CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a double-fre ...)
	{DLA-1567-1}
	- gthumb 3:3.6.2-2 (unimportant; bug #912290)
	[stretch] - gthumb 3:3.4.4.1-5+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/issues/18
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/06c39346fda502bd37429006d4822dd977995661 (master)
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/f3edf6952757f887569e8c26cf18d40409f3fdca (3.6)
	NOTE: Crash in end user application, no security impact
CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists  ...)
	NOT-FOR-US: Eleanor CMS
CVE-2018-18716 (Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerab ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-18715 (Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-18714 (RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible  ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-18713 (The function down_sql_action() in /admin/model/database.class.php in P ...)
	NOT-FOR-US: PHPYun
CVE-2018-18712 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18711 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18709 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18708 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18707 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18706 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2016-10734 (ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Referen ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10733 (ProjectSend (formerly cFTP) r582 allows directory traversal via file=. ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10732 (ProjectSend (formerly cFTP) r582 allows authentication bypass via a di ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10731 (ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files ...)
	NOT-FOR-US: ProjectSend
CVE-2018-18710 (An issue was discovered in the Linux kernel through 4.19. An informati ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.144-1
	NOTE: https://git.kernel.org/linus/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
CVE-2018-18705 (PhpTpoint hospital management system suffers from multiple SQL injecti ...)
	NOT-FOR-US: PhpTpoint hospital management system
CVE-2018-18704 (PhpTpoint Pharmacy Management System suffers from a SQL injection vuln ...)
	NOT-FOR-US: PhpTpoint Pharmacy Management System
CVE-2018-18703 (PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple ...)
	NOT-FOR-US: PhpTpoint Mailing Server Using File Handling
CVE-2018-18702 (spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.ph ...)
	NOT-FOR-US: iCMS
CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of ...)
	NOT-FOR-US: GoPro gpmf-parser
CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.17101 ...)
	NOT-FOR-US: Xiaomi Mi A1 devices
CVE-2018-18697
	RESERVED
CVE-2018-18696 (** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and ...)
	NOT-FOR-US: Microstrategy Analytics
CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extend ...)
	NOT-FOR-US: M2SOFT Report Designer Viewer
CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote aut ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-18693
	RESERVED
CVE-2018-18692 (A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosof ...)
	NOT-FOR-US: SEMCO
CVE-2018-18691
	RESERVED
CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set attribut ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
	NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
CVE-2018-18689
	RESERVED
CVE-2018-18688
	RESERVED
CVE-2018-18687
	RESERVED
CVE-2018-18686
	RESERVED
CVE-2018-18685
	RESERVED
CVE-2018-18684
	RESERVED
CVE-2018-18683
	RESERVED
CVE-2018-18682
	RESERVED
CVE-2018-18681
	RESERVED
CVE-2018-18680
	RESERVED
CVE-2018-18679
	RESERVED
CVE-2018-18678 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...)
	NOT-FOR-US: GNU Board
CVE-2018-18677
	RESERVED
CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18674 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18671 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18668 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...)
	NOT-FOR-US: GNU Board
CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum to ...)
	NOT-FOR-US: Some Ethereum token
CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum t ...)
	NOT-FOR-US: Some Ethereum token
CVE-2018-18665 (The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum to ...)
	NOT-FOR-US: Some Ethereum token
CVE-2018-18664
	RESERVED
CVE-2018-18663
	RESERVED
CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Ar ...)
	- mupdf 1.14.0+ds1-3 (bug #912013)
	[jessie] - mupdf <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...)
	{DLA-2009-1}
	- tiff 4.0.10-1 (unimportant; bug #912012)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2819
	NOTE: https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
	NOTE: No security impact, crash in CLI tool
CVE-2018-18660 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18659 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18658 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18657 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18656 (The PureVPN client before 6.1.0 for Windows stores Login Credentials ( ...)
	NOT-FOR-US: PureVPN client for Windows
CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...)
	- linux <undetermined>
	TODO: check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset  https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Applianc ...)
	NOT-FOR-US: Veritas NetBackup Appliance
CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's usern ...)
	- prayer 1.3.5-dfsg1-5 (low; bug #911842)
	[stretch] - prayer <no-dsa> (Minor issue)
	[jessie] - prayer <no-dsa> (Minor issue)
CVE-2018-18654 (Crossroads 2.81 does not properly handle the /tmp directory during a b ...)
	- crossroads <removed> (unimportant; bug #911877)
	NOTE: Issue exploitable only during build of package
CVE-2018-18651 (An issue was discovered in Xpdf 4.00. catalog-&gt;getNumPages() in Acr ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2018-18650 (An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc  ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2018-18649 (An issue was discovered in the wiki API in GitLab Community and Enterp ...)
	- gitlab <not-affected> (Only affects 11.3 and later)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18648 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects 11.2 and later)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18647 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects GitLab EE)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18646 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18645 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18644 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects GitLab EE)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18643 (GitLab CE &amp; EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and  ...)
	- gitlab <not-affected> (Only affects 11.2 and later)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18642 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects GitLab EE)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18641 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18640 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18639
	RESERVED
CVE-2018-18638 (A command injection vulnerability in the setup API in the Neato Botvac ...)
	NOT-FOR-US: Neato
CVE-2018-18637
	RESERVED
CVE-2018-18636 (XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:Re ...)
	NOT-FOR-US: D-Link
CVE-2018-18635 (www/guis/admin/application/controllers/UserController.php in the admin ...)
	NOT-FOR-US: MailCleaner
CVE-2018-18634
	RESERVED
CVE-2018-18633
	RESERVED
CVE-2018-18632
	RESERVED
CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
	- amanda <unfixed> (unimportant)
	NOTE: https://www.exploit-db.com/exploits/39244/
	NOTE: /usr/lib/amanda/application/amstar can only be run by members of the backup
	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
	- amanda <unfixed> (unimportant)
	NOTE: https://www.exploit-db.com/exploits/39217/
	NOTE: /usr/lib/amanda/runtar can only be run by members of the backup
	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 plat ...)
	- xen 4.11.1-1
	[stretch] - xen <not-affected> (Only affects 4.9 and later)
	[jessie] - xen <not-affected> (Only affects 4.9 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 befo ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x and 14.x ...)
	NOT-FOR-US: McKesson Cardiology
CVE-2018-18629 (An issue was discovered in the Keybase command-line client before 2.8. ...)
	NOT-FOR-US: Keybase command-line client
CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function SerializationSes ...)
	NOT-FOR-US: Pippo
CVE-2017-18349 (parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pi ...)
	NOT-FOR-US: FastjsonEngine
CVE-2018-18627
	RESERVED
CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a vulnerability that  ...)
	NOT-FOR-US: PHPYun
CVE-2018-18625 (Grafana 5.3.1 has XSS via a link on the "Dashboard &gt; All Panels &gt ...)
	- grafana <removed>
CVE-2018-18624 (Grafana 5.3.1 has XSS via a column style on the "Dashboard &gt; Table  ...)
	- grafana <removed>
CVE-2018-18623 (Grafana 5.3.1 has XSS via the "Dashboard &gt; Text Panel" screen. NOTE ...)
	- grafana <removed>
CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is XSS via ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Ma ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2018-18620
	RESERVED
CVE-2018-18619 (internal/advanced_comment_system/admin.php in Advanced Comment System  ...)
	NOT-FOR-US: Advanced Comment System
CVE-2018-18618
	RESERVED
CVE-2018-18617
	RESERVED
CVE-2018-18616
	RESERVED
CVE-2018-18615
	RESERVED
CVE-2018-18614
	RESERVED
CVE-2018-18613
	RESERVED
CVE-2018-18612
	RESERVED
CVE-2018-18611
	RESERVED
CVE-2018-18610
	RESERVED
CVE-2018-18609
	RESERVED
CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined  ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in the Bina ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23805
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a
	NOTE: binutils not covered by security support
CVE-2018-18606 (An issue was discovered in the merge_strings function in merge.c in th ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23806
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
	NOTE: binutils not covered by security support
CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the function sec ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23804
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61
	NOTE: binutils not covered by security support
CVE-2018-18604
	RESERVED
CVE-2018-18603 (** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape v ...)
	NOT-FOR-US: 360 Total Security
CVE-2018-18602 (The Cloud API on Guardzilla smart cameras allows user enumeration, wit ...)
	NOT-FOR-US: Guardzilla
CVE-2018-18601 (The TK_set_deviceModel_req_handle function in the cloud communication  ...)
	NOT-FOR-US: Guardzilla
CVE-2018-18600 (The remote upgrade feature in Guardzilla GZ180 devices allow command i ...)
	NOT-FOR-US: Guardzilla
CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compres ...)
	- stegdetect <removed>
CVE-2018-18598
	RESERVED
CVE-2018-18597
	RESERVED
CVE-2018-18596
	RESERVED
CVE-2018-18595
	RESERVED
CVE-2018-18594
	RESERVED
CVE-2018-18593 (Remote Directory Traversal and Remote Disclosure of Privileged Informa ...)
	NOT-FOR-US: UCMDB Configuration Management Service
CVE-2018-18592
	RESERVED
CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has been ide ...)
	NOT-FOR-US: Micro Focus
CVE-2018-18590 (A potential remote code execution and information disclosure vulnerabi ...)
	NOT-FOR-US: Micro Focus
CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has been ide ...)
	NOT-FOR-US: Micro Focus
CVE-2018-18588
	RESERVED
CVE-2018-18587 (BigProf AppGini 5.70 stores the passwords in the database using the MD ...)
	NOT-FOR-US: BigProf AppGini
CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a heap-base ...)
	NOT-FOR-US: LuPng
CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a heap-base ...)
	NOT-FOR-US: LuPng
CVE-2018-18581 (An issue has been found in LuPng through 2017-03-10. It is a heap-base ...)
	NOT-FOR-US: LuPng
CVE-2018-18580
	RESERVED
CVE-2018-18579 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder  ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18577
	RESERVED
CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress al ...)
	NOT-FOR-US: Hustle (aka wordpress-popup) plugin for WordPress
CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accept ...)
	{DLA-1555-1}
	- libmspack 0.8-1 (bug #911637)
	[stretch] - libmspack 0.5-1+deb9u3
	NOTE: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
CVE-2018-18586 (** DISPUTED ** chmextract.c in the chmextract sample program, as distr ...)
	- libmspack 0.8-1 (unimportant; bug #911639)
	NOTE: https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
	NOTE: src/chmextract.c was renamed from originally test/chmx.c
	NOTE: This sample code is not installed into the binary packages and was as well
	NOTE: never the idea to use it in "productised" binaries, but rather just simple
	NOTE: examples of the library use.
CVE-2018-18584 (In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8 ...)
	{DLA-1555-1}
	- cabextract 1.4-5
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
	- libmspack 0.8-1 (bug #911640)
	[stretch] - libmspack 0.5-1+deb9u3
	NOTE: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
CVE-2018-18575
	RESERVED
CVE-2018-18574
	RESERVED
CVE-2018-18573 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18572 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified in Citri ...)
	NOT-FOR-US: Citrix
CVE-2018-18570 (Planon before Live Build 41 has XSS. ...)
	NOT-FOR-US: Planon
CVE-2018-18569 (The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side  ...)
	NOT-FOR-US: Dundas BI
CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in- ...)
	NOT-FOR-US: Polycom
CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in- ...)
	NOT-FOR-US: AudioCodes devices
CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and ear ...)
	NOT-FOR-US: Polycom
CVE-2018-18565 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18564 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18563 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18562 (An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base  ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18561 (An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base  ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18560
	RESERVED
CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due to a  ...)
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux 3.16.56-1
	NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6  ...)
	NOT-FOR-US: Espressif ESP-IDF
CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into  ...)
	{DSA-4349-1 DLA-1557-1}
	- tiff 4.0.9+git181026-1 (bug #911635)
	- tiff3 <removed>
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/38
	NOTE: https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...)
	- libopenmpt 0.3.13-1 (low; bug #911584)
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10903
CVE-2018-18556 (A privilege escalation issue was discovered in VyOS 1.1.8. The default ...)
	NOT-FOR-US: VyOS
CVE-2018-18555 (A sandbox escape issue was discovered in VyOS 1.1.8. It provides a res ...)
	NOT-FOR-US: VyOS
CVE-2018-18554
	RESERVED
CVE-2018-18553 (Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is ...)
	NOT-FOR-US: Leanote
CVE-2018-18552 (ServersCheck Monitoring Software through 14.3.3 allows local users to  ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18551 (ServersCheck Monitoring Software through 14.3.3 has Persistent and Ref ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18550 (ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18549
	RESERVED
CVE-2018-18548 (ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23. ...)
	NOT-FOR-US: Ajenti
CVE-2018-18547 (Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain  ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because the L ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name  ...)
	NOT-FOR-US: Fiyo CMS
CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of coders/msl.c i ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	- graphicsmagick 1.3.31-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1360
CVE-2018-18543
	RESERVED
CVE-2018-18542
	RESERVED
CVE-2018-18540 (TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's  ...)
	NOT-FOR-US: TeaKKi
CVE-2018-18539
	RESERVED
CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. There w ...)
	{DSA-4329-1}
	- teeworlds 0.7.0-1 (bug #911487)
	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
	NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=12544
	NOTE: https://github.com/teeworlds/teeworlds/issues/1536
	NOTE: https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f
	NOTE: https://github.com/teeworlds/teeworlds/commit/aababc63eeeee1bc41672502ca6c7a1dd9f61d94
	NOTE: https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
CVE-2018-18538
	RESERVED
CVE-2018-18537 (The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exp ...)
	NOT-FOR-US: ASUS
CVE-2018-18536 (The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 an ...)
	NOT-FOR-US: ASUS
CVE-2018-18535 (The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier ex ...)
	NOT-FOR-US: ASUS
CVE-2018-18534
	RESERVED
CVE-2018-18533
	RESERVED
CVE-2018-18532
	RESERVED
CVE-2018-18531 (text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, ...)
	NOT-FOR-US: kaptcha
CVE-2018-18530 (ThinkPHP 5.1.25 has SQL Injection via the count parameter because the  ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-18529 (ThinkPHP 3.2.4 has SQL Injection via the count parameter because the L ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-18528
	RESERVED
CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or edit ...)
	NOT-FOR-US: OwnTicket
CVE-2018-18526
	RESERVED
CVE-2018-18525
	RESERVED
CVE-2018-18524 (Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulner ...)
	NOT-FOR-US: Evernote
CVE-2018-18523
	RESERVED
CVE-2018-18522
	RESERVED
CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in  ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (low; bug #911413)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (low; bug #911414)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
CVE-2018-18519 (BestXsoftware Best Free Keylogger before 6.0.0 allows local users to g ...)
	NOT-FOR-US: BestXsoftware Best Free Keylogger
CVE-2018-18518
	RESERVED
CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1 ...)
	NOT-FOR-US: Citrix
CVE-2018-18516
	REJECTED
CVE-2018-18515
	REJECTED
CVE-2018-18514
	REJECTED
CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or an XPI p ...)
	{DSA-4392-1 DLA-1678-1}
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18513
CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound notific ...)
	{DSA-4392-1 DLA-1678-1}
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of  ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	- firefox 65.0.1-1
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
CVE-2018-18510 (The about:crashcontent and about:crashparent pages can be triggered by ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18510
CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes emails  ...)
	{DSA-4392-1 DLA-1678-1}
	- thunderbird 1:60.5.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service]
	RESERVED
	{DLA-1704-1}
	- nss 2:3.42.1-1 (bug #921614)
	NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
	NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes
CVE-2018-18507
	REJECTED
CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy A ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox 65.0-1
	- firefox-esr 60.6.0esr-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2018-18506
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2018-18506
CVE-2018-18505 (An earlier fix for an Inter-process Communication (IPC) vulnerability, ...)
	{DSA-4392-1 DSA-4376-1 DLA-1678-1 DLA-1648-1}
	- firefox 65.0-1
	- firefox-esr 60.5.0esr-1
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18505
CVE-2018-18504 (A crash and out-of-bounds read can occur when the buffer of a texture  ...)
	- firefox 65.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504
CVE-2018-18503 (When JavaScript is used to create and manipulate an audio buffer, a po ...)
	- firefox 65.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503
CVE-2018-18502 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 65.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502
CVE-2018-18501 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4392-1 DSA-4376-1 DLA-1678-1 DLA-1648-1}
	- firefox 65.0-1
	- firefox-esr 60.5.0esr-1
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501
CVE-2018-18500 (A use-after-free vulnerability can occur while parsing an HTML5 stream ...)
	{DSA-4392-1 DSA-4376-1 DLA-1678-1 DLA-1648-1}
	- firefox 65.0-1
	- firefox-esr 60.5.0esr-1
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500
CVE-2018-18499 (A same-origin policy violation allowing the theft of cross-origin URL  ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1 DLA-1571-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-18499
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-18499
CVE-2018-18498 (A potential vulnerability leading to an integer overflow can occur dur ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18498
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18498
CVE-2018-18497 (Limitations on the URIs allowed to WebExtensions by the browser.window ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18497
CVE-2018-18496 (When the RSS Feed preview about:feeds page is framed within another pa ...)
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18496
CVE-2018-18495 (WebExtension content scripts can be loaded into about: pages in some c ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495
CVE-2018-18494 (A same-origin policy violation allowing the theft of cross-origin URL  ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18494
CVE-2018-18493 (A buffer overflow can occur in the Skia library during buffer offset c ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18493
CVE-2018-18492 (A use-after-free vulnerability can occur after deleting a selection el ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18492
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18492
CVE-2018-18491
	RESERVED
CVE-2018-18490
	RESERVED
CVE-2018-18489 (The ping feature in the Diagnostic functionality on TP-LINK WR840N v2  ...)
	NOT-FOR-US: TP-LINK
CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injectio ...)
	NOT-FOR-US: Gxlcms
CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database ...)
	NOT-FOR-US: Gxlcms
CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists via the ad ...)
	NOT-FOR-US: PHPSHE
CVE-2018-18485 (An issue was discovered in PHPSHE 1.7. admin.php?mod=db&amp;act=del al ...)
	NOT-FOR-US: PHPSHE
CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as distributed ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23767
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83472
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79111
	NOTE: binutils not covered by security support
CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a memory lea ...)
	NOT-FOR-US: libpg_query
CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCH ...)
	NOT-FOR-US: libopencad
CVE-2018-18480 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMC ...)
	NOT-FOR-US: libopencad
CVE-2018-18479
	REJECTED
CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 a ...)
	NOT-FOR-US: LibreNMS
CVE-2018-18477
	RESERVED
CVE-2018-18476 (mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it  ...)
	NOT-FOR-US: mysql-binuuid-rails
CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestrict ...)
	NOT-FOR-US: Zoho
CVE-2018-18474
	RESERVED
CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...)
	NOT-FOR-US: PATLITE NBM-D88N
CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
	NOT-FOR-US: Western Digital WD My Book Live
CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...)
	NOT-FOR-US: Axentra firmware
CVE-2018-18470
	RESERVED
CVE-2018-18469
	RESERVED
CVE-2018-18468
	RESERVED
CVE-2018-18467 (An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is p ...)
	NOT-FOR-US: Daniel Gultsch Conversations
CVE-2018-18466 (** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.5 ...)
	NOT-FOR-US: SecurEnvoy SecurAccess
CVE-2018-18465
	RESERVED
CVE-2018-18464
	RESERVED
CVE-2018-18463
	RESERVED
CVE-2018-18462
	RESERVED
CVE-2018-XXXX [Injection in DefaultMailSystem::mail()]
	- drupal7 <removed> (bug #911337)
	[stretch] - drupal7 7.52-2+deb9u5
	[jessie] - drupal7 7.32-1+deb8u13
	NOTE: https://www.drupal.org/sa-core-2018-006
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=ee301cf5ebff3534b59fcece583b3a0e4f094f15
CVE-2018-XXXX [External URL injection through URL aliases]
	- drupal7 <removed> (bug #911336)
	[stretch] - drupal7 7.52-2+deb9u5
	[jessie] - drupal7 7.32-1+deb8u13
	NOTE: https://www.drupal.org/sa-core-2018-006
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=ee301cf5ebff3534b59fcece583b3a0e4f094f15
CVE-2018-18461 (The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5. ...)
	NOT-FOR-US: Arigato
CVE-2018-18460 (XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress vi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-18459 (The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18458 (The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows r ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18457 (The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remo ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18456 (The function Object::isName() in Object.h (called from Gfx::opSetFillC ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18455 (The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote a ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18454 (CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote atta ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18453
	RESERVED
CVE-2018-18452
	RESERVED
CVE-2018-18451
	RESERVED
CVE-2018-18450 (apps\admin\controller\content\SingleController.php in PbootCMS before  ...)
	NOT-FOR-US: PbooCMS
CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUs ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-18448
	RESERVED
CVE-2018-18447
	RESERVED
CVE-2018-18446
	RESERVED
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...)
	- openexr <unfixed> (unimportant)
	NOTE: Issue in exrmultiview which is not installed in the binary package.
	NOTE: https://github.com/openexr/openexr/issues/351
CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...)
	- openexr <unfixed> (unimportant)
	NOTE: https://github.com/openexr/openexr/issues/350
	NOTE: https://github.com/openexr/openexr/commit/adbc1900cb9d25fcc4df008d4008b781cf2fa4f8
	NOTE: Memory leak with overall negligible security impact
CVE-2018-18442 (D-Link DCS-825L devices with firmware 1.08 do not employ a suitable me ...)
	NOT-FOR-US: D-Link
CVE-2018-18441 (D-Link DCS series Wi-Fi cameras expose sensitive information regarding ...)
	NOT-FOR-US: D-Link
CVE-2018-18440 (DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overf ...)
	- u-boot <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
	NOTE: No security impact as supported/packaged in Debian
CVE-2018-18439 (DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer over ...)
	- u-boot <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
	NOTE: No security impact as supported/packaged in Debian
CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before  ...)
	- linux 4.18.20-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
	NOTE: https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associated fu ...)
	- qemu 1:3.1+dfsg-1 (bug #911470)
	[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
	[jessie] - qemu <ignored> (Minor issue, too intrusive to backport)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/17/3
CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret ...)
	NOT-FOR-US: AXIOS
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the console/acco ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-18435 (KioWare Server version 4.9.6 and older installs by default to "C:\kiow ...)
	NOT-FOR-US: KioWare Server
CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file download is  ...)
	NOT-FOR-US: litemall
CVE-2018-18433 (An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18432 (An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin. ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18431 (An issue was discovered in DESTOON B2B 7.0. XSS exists via certain tex ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has  ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18429
	RESERVED
CVE-2018-18428 (TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP  ...)
	NOT-FOR-US: TP-Link
CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter  ...)
	NOT-FOR-US: s-cms
CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by pla ...)
	NOT-FOR-US: s-cms
CVE-2018-18425 (The doAirdrop function of a smart contract implementation for Primeo ( ...)
	NOT-FOR-US: Primeo
CVE-2018-18424
	RESERVED
CVE-2018-18423
	RESERVED
CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmi ...)
	NOT-FOR-US: UsualToolCMS
CVE-2018-18421
	RESERVED
CVE-2018-18420 (Cross-Site Request Forgery (CSRF) vulnerability was discovered in the  ...)
	NOT-FOR-US: Zenario Content Management System
CVE-2018-18419 (Stored XSS has been discovered in the upload section of ARDAWAN.COM Us ...)
	NOT-FOR-US: ARDAWAN.COM User Management
CVE-2018-18418
	RESERVED
CVE-2018-18417 (In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been ...)
	NOT-FOR-US: Ekushey Project Manager CRM
CVE-2018-18416 (LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upl ...)
	NOT-FOR-US: LANGO Codeigniter Multilingual Scrip
CVE-2018-18415
	RESERVED
CVE-2018-18414
	RESERVED
CVE-2018-18413
	RESERVED
CVE-2018-18412
	RESERVED
CVE-2018-18411
	RESERVED
CVE-2018-18410
	RESERVED
CVE-2018-18409 (A stack-based buffer over-read exists in setbit() at iptree.h of TCPFL ...)
	- tcpflow 1.5.2+repack1-1 (unimportant; bug #911263)
	NOTE: https://github.com/simsong/tcpflow/issues/195
	NOTE: https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
	NOTE: Crash in CLI tool, no security impact
CVE-2018-18408 (A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4 ...)
	- tcpreplay 4.3.1-1 (bug #911493)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/489
	NOTE: https://github.com/appneta/tcpreplay/commit/59dc76a1d641b1a6b22fd7cd409bee6e0a015616
CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-edit bin ...)
	- tcpreplay 4.3.1-1 (bug #911454)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/488
	NOTE: https://github.com/appneta/tcpreplay/commit/1d7561a4d542842a1aeabf55bfd4aaf88b3a1071
CVE-2018-18406 (An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 bu ...)
	NOT-FOR-US: Tufin SecureTrack
CVE-2018-18405 (** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribut ...)
	- jquery <removed> (unimportant)
CVE-2018-18404
	RESERVED
CVE-2018-18403
	RESERVED
CVE-2018-18402
	RESERVED
CVE-2018-18401
	RESERVED
CVE-2018-18400
	RESERVED
CVE-2018-18399 (SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" compo ...)
	NOT-FOR-US: KARMA
CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...)
	- thunar <unfixed> (unimportant)
	NOTE: https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
	NOTE: no security impact, crash in end user tool
CVE-2018-18397 (The userfaultfd implementation in the Linux kernel before 4.19.7 misha ...)
	- linux 4.19.9-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1700
CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Manage ...)
	NOT-FOR-US: Moxa
CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Manageme ...)
	NOT-FOR-US: Moxa
CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gate ...)
	NOT-FOR-US: Moxa
CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Ma ...)
	NOT-FOR-US: Moxa
CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT  ...)
	NOT-FOR-US: Moxa
CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Ma ...)
	NOT-FOR-US: Moxa
CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management  ...)
	NOT-FOR-US: Moxa
CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Server 3. ...)
	NOT-FOR-US: Neo4J server
CVE-2018-18388 (eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technolog ...)
	NOT-FOR-US: MicroWorld Technologies eScan
CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse ...)
	NOT-FOR-US: playSMS
CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local at ...)
	- linux 4.14.12-1
	[stretch] - linux 4.9.82-1+deb9u1
	[jessie] - linux 3.16.56-1
	NOTE: Fixed by: https://git.kernel.org/linus/966031f340185eddd05affcf72b740549f056348
CVE-2018-18385 (Asciidoctor in versions &lt; 1.5.8 allows remote attackers to cause a  ...)
	- asciidoctor 1.5.8-1 (low; bug #913892)
	[stretch] - asciidoctor <no-dsa> (Minor issue)
	[jessie] - asciidoctor <no-dsa> (Minor issue)
	NOTE: https://github.com/asciidoctor/asciidoctor/issues/2888
CVE-2018-18384 (Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive ...)
	- unzip 6.0-11 (bug #741384)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1110194
	NOTE: https://sourceforge.net/p/infozip/bugs/53/
	NOTE: The cfactorstr buffer was already increased to 12 with the
	NOTE: 07-increase-size-of-cfactorstr.patch patch as applied for #741384
	NOTE: Upstream confirmed as well this is indeed enough as per
	NOTE: https://sourceforge.net/p/infozip/bugs/53/#ba07
CVE-2018-18383
	RESERVED
CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php f ...)
	NOT-FOR-US: Advanced HRM
CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_syste ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree before 4.2.24. admi ...)
	NOT-FOR-US: Bigtree CMS
CVE-2018-18379 (The elementor-edit-template class in wp-admin/customize.php in the Ele ...)
	NOT-FOR-US: Elementor Pro plugin for WordPress
CVE-2018-18378
	RESERVED
CVE-2018-18377 (goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attac ...)
	NOT-FOR-US: Orange AirBox Y858_FL_01.16_04 devices
CVE-2018-18376 (goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remo ...)
	NOT-FOR-US: Orange AirBox
CVE-2018-18375 (goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attacke ...)
	NOT-FOR-US: Orange AirBox
CVE-2018-18374 (XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid par ...)
	NOT-FOR-US: MetInfo
CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS  ...)
	NOT-FOR-US: KAASoft Library CMS
CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
	NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
	NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
	NOT-FOR-US: Norton Security
CVE-2018-18368 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be ...)
	NOT-FOR-US: Symantec
CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...)
	NOT-FOR-US: Symantec
CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior  ...)
	NOT-FOR-US: Symantec
CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
	NOT-FOR-US: Norton Password Manager
CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
	NOT-FOR-US: Symantec
CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass expl ...)
	NOT-FOR-US: Norton App Lock
CVE-2018-18362 (Norton Password Manager for Android (formerly Norton Identity Safe) ma ...)
	NOT-FOR-US: Norton Password Manager for Android
CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. index.php?action ...)
	NOT-FOR-US: nc-cms
CVE-2018-18360
	RESERVED
CVE-2018-18359 (Incorrect handling of Reflect.construct in V8 in Google Chrome prior t ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18358 (Lack of special casing of localhost in WPAD files in Google Chrome pri ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18357 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18356 (An integer overflow in path handling lead to a use after free in Skia  ...)
	{DSA-4392-1 DSA-4391-1 DSA-4352-1 DLA-1678-1 DLA-1677-1}
	- chromium 71.0.3578.80-1
	- firefox 65.0.1-1
	- firefox-esr 60.5.1esr-1
	- thunderbird 1:60.5.1-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356
CVE-2018-18355 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18354 (Insufficient validate of external protocols in Shell Integration in Go ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18353 (Failure to dismiss http auth dialogs on navigation in Network Authenti ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18352 (Service works could inappropriately gain access to cross origin audio  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18351 (Lack of proper validation of ancestor frames site when sending lax coo ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18350 (Incorrect handling of CSP enforcement during navigations in Blink in G ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18349 (Remote frame navigations was incorrectly permitted to local resources  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18348 (Incorrect handling of bidirectional domain names with RTL characters i ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18347 (Incorrect handling of failed navigations with invalid URLs in Navigati ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18346 (Incorrect handling of alert box display in Blink in Google Chrome prio ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18345 (Incorrect handling of blob URLS in Site Isolation in Google Chrome pri ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18344 (Inappropriate allowance of the setDownloadBehavior devtools protocol f ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18343 (Incorrect handing of paths leading to a use after free in Skia in Goog ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18342 (Execution of user supplied Javascript during object deserialization ca ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18341 (An integer overflow leading to a heap buffer overflow in Blink in Goog ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18340 (Incorrect object lifecycle in MediaRecorder in Google Chrome prior to  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18339 (Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0. ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18338 (Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome pri ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18337 (Incorrect handling of stylesheets leading to a use after free in Blink ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18336 (Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.35 ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18335 (Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
	- firefox-esr <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
	- thunderbird <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18335
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18335
CVE-2018-18334 (A vulnerability in the Private Browser of Trend Micro Dr. Safety for A ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18333 (A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer)  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18332 (A Trend Micro OfficeScan XG weak file permissions vulnerability may al ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18331 (A Trend Micro OfficeScan XG weak file permissions vulnerability on a p ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18330 (An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for An ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18326 (DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption ...)
	NOT-FOR-US: DNN
CVE-2018-18325 (DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorith ...)
	NOT-FOR-US: DNN
CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via t ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local Fil ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18322 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command I ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18321
	RESERVED
CVE-2018-18320 (** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6 ...)
	NOT-FOR-US: Merlin.PHP component for Asuswrt-Merlin devices
CVE-2018-18319 (** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6 ...)
	NOT-FOR-US: Merlin.PHP component for Asuswrt-Merlin devices
CVE-2018-18318 (The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 P ...)
	NOT-FOR-US: Qiku 360 Phone
CVE-2018-18317 (DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.ht ...)
	NOT-FOR-US: DESHANG DSCMS
CVE-2018-18316 (emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. ...)
	NOT-FOR-US: emlog
CVE-2018-18315 (com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to u ...)
	NOT-FOR-US: lemon, different from src:lemon
CVE-2018-18314 (Perl before 5.26.3 has a buffer overflow via a crafted regular express ...)
	{DSA-4347-1}
	- perl 5.28.0-3
	[jessie] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Ticket/Display.html?id=131649
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/19a498a461d7c81ae3507c450953d1148efecf4f
CVE-2018-18313 (Perl before 5.26.3 has a buffer over-read via a crafted regular expres ...)
	{DSA-4347-1}
	- perl 5.28.0-3
	[jessie] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Ticket/Display.html?id=133192
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18312 (Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via  ...)
	{DSA-4347-1}
	- perl 5.28.1-1
	[jessie] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Ticket/Display.html?id=133423
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via  ...)
	{DSA-4347-1 DLA-1601-1}
	- perl 5.28.1-1
	NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
	NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850
CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (bug #911083)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23770
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f
	NOTE: binutils not covered by security support
CVE-2018-18308 (In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been  ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-18307 (A Stored XSS vulnerability has been discovered in version 4.1.0 of Alc ...)
	NOT-FOR-US: AlchemyCMS
CVE-2018-18306
	RESERVED
CVE-2018-18305
	RESERVED
CVE-2018-18304
	RESERVED
CVE-2018-18303
	RESERVED
CVE-2018-18302
	RESERVED
CVE-2018-18301
	RESERVED
CVE-2018-18300
	RESERVED
CVE-2018-18299
	RESERVED
CVE-2018-18298
	RESERVED
CVE-2018-18297
	RESERVED
CVE-2018-18296 (MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in a ...)
	NOT-FOR-US: MetInfo
CVE-2018-18295
	RESERVED
CVE-2018-18294
	RESERVED
CVE-2018-18293
	RESERVED
CVE-2018-18292
	RESERVED
CVE-2018-18291 (A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.38 ...)
	NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18290 (** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. i ...)
	NOT-FOR-US: nc-cms
CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allow ...)
	NOT-FOR-US: Zabbix Plugin for Confluence
CVE-2018-18288 (CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redi ...)
	NOT-FOR-US: CrushFTP
CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discov ...)
	NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
	NOT-FOR-US: CMG Suite
CVE-2018-18285 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
	NOT-FOR-US: CMG Suite
CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
	{DSA-4336-1 DLA-1552-1}
	- ghostscript 9.25~dfsg-3 (bug #911175)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/16/2
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
CVE-2018-18283
	RESERVED
CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...)
	NOT-FOR-US: Next.js
CVE-2018-18281 (Since Linux kernel version 3.2, the mremap() syscall performs TLB flus ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	NOTE: https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821
CVE-2018-18280
	RESERVED
CVE-2018-18279
	RESERVED
CVE-2018-18278
	RESERVED
CVE-2018-18277
	RESERVED
CVE-2018-18276 (XSS exists in the ProFiles 1.5 component for Joomla! via the name or p ...)
	NOT-FOR-US: ProFiles for Joomla!
CVE-2018-18275
	RESERVED
CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer overflo ...)
	NOT-FOR-US: pdfalto
CVE-2018-18273
	RESERVED
CVE-2018-18272
	RESERVED
CVE-2018-18271 (XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-18270 (XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parame ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-18269
	RESERVED
CVE-2018-18268
	RESERVED
CVE-2018-18267
	RESERVED
CVE-2018-18266
	RESERVED
CVE-2018-18265
	RESERVED
CVE-2018-18264 (Kubernetes Dashboard before 1.10.1 allows attackers to bypass authenti ...)
	NOT-FOR-US: Kubernetes Dashboard
CVE-2018-18263
	RESERVED
CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
	NOT-FOR-US: Zoho
CVE-2018-18261 (In waimai Super Cms 20150505, there is an XSS vulnerability via the /a ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Th ...)
	NOT-FOR-US: Camaleon CMS
CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS softw ...)
	NOT-FOR-US: LUYA CMS
CVE-2018-18258 (An issue was discovered in BageCMS 3.1.3. The attacker can execute arb ...)
	NOT-FOR-US: BageCMS
CVE-2018-18257 (An issue was discovered in BageCMS 3.1.3. An attacker can delete any f ...)
	NOT-FOR-US: BageCMS
CVE-2018-18256 (An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18255 (An issue was discovered in CapMon Access Manager 5.4.1.1005. The clien ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18254 (An issue was discovered in CapMon Access Manager 5.4.1.1005. An unpriv ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18253 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunEle ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18252 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunEle ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18251 (Deltek Vision 7.x before 7.6 permits the execution of any attacker sup ...)
	NOT-FOR-US: Deltek Vision
CVE-2019-0085
	RESERVED
CVE-2019-0084
	RESERVED
CVE-2019-0083
	RESERVED
CVE-2019-0082
	RESERVED
CVE-2019-0081
	RESERVED
CVE-2019-0080
	RESERVED
CVE-2019-0079
	RESERVED
CVE-2019-0078
	RESERVED
CVE-2019-0077
	RESERVED
CVE-2019-0076
	RESERVED
CVE-2019-0075 (A vulnerability in the srxpfe process on Protocol Independent Multicas ...)
	NOT-FOR-US: Juniper
CVE-2019-0074 (A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9 ...)
	NOT-FOR-US: Juniper
CVE-2019-0073 (The PKI keys exported using the command "run request security pki key- ...)
	NOT-FOR-US: Juniper
CVE-2019-0072 (An Unprotected Storage of Credentials vulnerability in the identity an ...)
	NOT-FOR-US: Juniper
CVE-2019-0071 (Veriexec is a kernel-based file integrity subsystem in Junos OS that e ...)
	NOT-FOR-US: Juniper
CVE-2019-0070 (An Improper Input Validation weakness allows a malicious local attacke ...)
	NOT-FOR-US: Juniper
CVE-2019-0069 (On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 ...)
	NOT-FOR-US: Juniper
CVE-2019-0068 (The SRX flowd process, responsible for packet forwarding, may crash an ...)
	NOT-FOR-US: Juniper
CVE-2019-0067 (Receipt of a specific link-local IPv6 packet destined to the RE may ca ...)
	NOT-FOR-US: Juniper
CVE-2019-0066 (An unexpected status return value weakness in the Next-Generation Mult ...)
	NOT-FOR-US: Juniper
CVE-2019-0065 (On MX Series, when the SIP ALG is enabled, receipt of a certain malfor ...)
	NOT-FOR-US: Juniper
CVE-2019-0064 (On SRX5000 Series devices, if 'set security zones security-zone &lt;zo ...)
	NOT-FOR-US: Juniper
CVE-2019-0063 (When an MX Series Broadband Remote Access Server (BRAS) is configured  ...)
	NOT-FOR-US: Juniper
CVE-2019-0062 (A session fixation vulnerability in J-Web on Junos OS may allow an att ...)
	NOT-FOR-US: Juniper
CVE-2019-0061 (The management daemon (MGD) is responsible for all configuration and m ...)
	NOT-FOR-US: Juniper
CVE-2019-0060 (The flowd process, responsible for forwarding traffic in SRX Series se ...)
	NOT-FOR-US: Juniper
CVE-2019-0059 (A memory leak vulnerability in the of Juniper Networks Junos OS allows ...)
	NOT-FOR-US: Juniper
CVE-2019-0058 (A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS ...)
	NOT-FOR-US: Juniper
CVE-2019-0057 (An improper authorization weakness in Juniper Networks Junos OS allows ...)
	NOT-FOR-US: Juniper
CVE-2019-0056 (This issue only affects devices with three (3) or more MPC10's install ...)
	NOT-FOR-US: Juniper
CVE-2019-0055 (A vulnerability in the SIP ALG packet processing service of Juniper Ne ...)
	NOT-FOR-US: Juniper
CVE-2019-0054 (An Improper Certificate Validation weakness in the SRX Series Applicat ...)
	NOT-FOR-US: Juniper
CVE-2019-0053 (Insufficient validation of environment variables in the telnet client  ...)
	- socks4-server <removed> (low)
	[buster] - socks4-server <ignored> (Minor issue)
	[stretch] - socks4-server <ignored> (Minor issue)
	- inetutils 2:1.9.4-11 (low; bug #945861)
	[buster] - inetutils <ignored> (Minor issue)
	[stretch] - inetutils <ignored> (Minor issue)
	[jessie] - inetutils <no-dsa> (Minor issue)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc
	NOTE: https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/14/8
CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways when the  ...)
	NOT-FOR-US: Juniper
CVE-2019-0051 (SSL-Proxy feature on SRX devices fails to handle a hardware resource l ...)
	NOT-FOR-US: Juniper
CVE-2019-0050 (Under certain heavy traffic conditions srxpfe process can crash and re ...)
	NOT-FOR-US: Juniper
CVE-2019-0049 (On Junos devices with the BGP graceful restart helper mode enabled or  ...)
	NOT-FOR-US: Juniper
CVE-2019-0048 (On EX4300 Series switches with TCAM optimization enabled, incoming mul ...)
	NOT-FOR-US: Juniper
CVE-2019-0047 (A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-We ...)
	NOT-FOR-US: Juniper
CVE-2019-0046 (A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of J ...)
	NOT-FOR-US: Juniper
CVE-2019-0045
	RESERVED
CVE-2019-0044 (Receipt of a specific packet on the out-of-band management interface f ...)
	NOT-FOR-US: Juniper
CVE-2019-0043 (In MPLS environments, receipt of a specific SNMP packet may cause the  ...)
	NOT-FOR-US: Juniper
CVE-2019-0042 (Juniper Identity Management Service (JIMS) for Windows versions prior  ...)
	NOT-FOR-US: Juniper
CVE-2019-0041 (On EX4300-MP Series devices with any lo0 filters applied, transit netw ...)
	NOT-FOR-US: Juniper
CVE-2019-0040 (On Junos OS, rpcbind should only be listening to port 111 on the inter ...)
	NOT-FOR-US: Juniper
CVE-2019-0039 (If REST API is enabled, the Junos OS login credentials are vulnerable  ...)
	NOT-FOR-US: Juniper
CVE-2019-0038 (Crafted packets destined to the management interface (fxp0) of an SRX3 ...)
	NOT-FOR-US: Juniper
CVE-2019-0037 (In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environmen ...)
	NOT-FOR-US: Juniper
CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms named  ...)
	NOT-FOR-US: Juniper
CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...)
	NOT-FOR-US: Juniper
CVE-2019-0034
	REJECTED
CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...)
	NOT-FOR-US: Juniper
CVE-2019-0032 (A password management issue exists where the Organization authenticati ...)
	NOT-FOR-US: Juniper
CVE-2019-0031 (Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a  ...)
	NOT-FOR-US: Juniper
CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, allowi ...)
	NOT-FOR-US: Juniper
CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...)
	NOT-FOR-US: Juniper
CVE-2019-0028 (On Junos devices with the BGP graceful restart helper mode enabled or  ...)
	NOT-FOR-US: Juniper
CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort Rul ...)
	NOT-FOR-US: Juniper
CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone conf ...)
	NOT-FOR-US: Juniper
CVE-2019-0025 (A persistent cross-site scripting (XSS) vulnerability in RADIUS config ...)
	NOT-FOR-US: Juniper
CVE-2019-0024 (A persistent cross-site scripting (XSS) vulnerability in the Email Col ...)
	NOT-FOR-US: Juniper
CVE-2019-0023 (A persistent cross-site scripting (XSS) vulnerability in the Golden VM ...)
	NOT-FOR-US: Juniper
CVE-2019-0022 (Juniper ATP ships with hard coded credentials in the Cyphort Core inst ...)
	NOT-FOR-US: Juniper
CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are l ...)
	NOT-FOR-US: Juniper
CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ins ...)
	NOT-FOR-US: Juniper
CVE-2019-0019 (When BGP tracing is enabled an incoming BGP message may cause the Juno ...)
	NOT-FOR-US: Juniper
CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file uplo ...)
	NOT-FOR-US: Juniper
CVE-2019-0017 (The Junos Space application, which allows Device Image files to be upl ...)
	NOT-FOR-US: Juniper
CVE-2019-0016 (A malicious authenticated user may be able to delete a device from the ...)
	NOT-FOR-US: Juniper
CVE-2019-0015 (A vulnerability in the SRX Series Service Gateway allows deleted dynam ...)
	NOT-FOR-US: Juniper
CVE-2019-0014 (On QFX and PTX Series, receipt of a malformed packet for J-Flow sampli ...)
	NOT-FOR-US: Juniper
CVE-2019-0013 (The routing protocol daemon (RPD) process will crash and restart when  ...)
	NOT-FOR-US: Juniper
CVE-2019-0012 (A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Jun ...)
	NOT-FOR-US: Juniper
CVE-2019-0011 (The Junos OS kernel crashes after processing a specific incoming packe ...)
	NOT-FOR-US: Juniper
CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Management ...)
	NOT-FOR-US: Juniper
CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the  ...)
	NOT-FOR-US: Juniper
CVE-2019-0008 (A certain sequence of valid BGP or IPv6 BFD packets may trigger a stac ...)
	NOT-FOR-US: Juniper
CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...)
	NOT-FOR-US: Juniper
CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function po ...)
	NOT-FOR-US: Juniper
CVE-2019-0005 (On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter con ...)
	NOT-FOR-US: Juniper
CVE-2019-0004 (On Juniper ATP, the API key and the device key are logged in a file re ...)
	NOT-FOR-US: Juniper
CVE-2019-0003 (When a specific BGP flowspec configuration is enabled and upon receipt ...)
	NOT-FOR-US: Juniper
CVE-2019-0002 (On EX2300 and EX3400 series, stateless firewall filter configuration t ...)
	NOT-FOR-US: Juniper
CVE-2019-0001 (Receipt of a malformed packet on MX Series devices with dynamic vlan c ...)
	NOT-FOR-US: Juniper
CVE-2018-18250 (Icinga Web 2 before 2.6.2 allows parameters that break navigation dash ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
CVE-2018-18249 (Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives  ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
CVE-2018-18248 (Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir  ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt
CVE-2018-18247 (Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add i ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt
CVE-2018-18246 (Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisabl ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt
CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of plugin resu ...)
	{DLA-1615-1}
	- nagios4 4.3.4-3 (unimportant; bug #917138)
	- nagios3 <removed> (unimportant)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/602
	NOTE: Fixed by: https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
	NOTE: No real security impact, plugins need to be trusted to begin with
CVE-2018-18244 (Cross-site scripting in syslog.html in VIVOTEK Network Camera Series p ...)
	NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18243
	RESERVED
CVE-2018-18242 (youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrate ...)
	NOT-FOR-US: youke365
CVE-2018-18241
	RESERVED
CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to jav ...)
	NOT-FOR-US: Pippo
CVE-2018-18239
	RESERVED
CVE-2018-18238
	RESERVED
CVE-2018-18237
	RESERVED
CVE-2018-18236
	RESERVED
CVE-2018-18235
	RESERVED
CVE-2018-18234
	RESERVED
CVE-2018-18233
	RESERVED
CVE-2018-18232
	RESERVED
CVE-2018-18231
	RESERVED
CVE-2018-18230
	RESERVED
CVE-2018-18229
	RESERVED
CVE-2018-18228
	RESERVED
CVE-2018-18227 (In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol di ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, mswsp support added in v1.99.9)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15119
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d443be449a52f95df5754adc39e1f3472fec2f03
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-47.html
CVE-2018-18226 (In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could c ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15171
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e920ddc3cad2886ef07ca1a8e50e2a5c50986f7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-48.html
CVE-2018-18225 (In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was  ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, 2.31-continue-code added in v2.1.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=09a02cc1ea6de9f6c6cae75b3510a5477ef5f555
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-49.html
CVE-2018-18224 (A vulnerability exists in the file reading procedure in Open Design Al ...)
	NOT-FOR-US: Open Design Alliance Drawings
CVE-2018-18223 (Open Design Alliance Drawings SDK 2019Update1 has a vulnerability duri ...)
	NOT-FOR-US: Open Design Alliance Drawings
CVE-2018-18222
	RESERVED
CVE-2018-18221
	RESERVED
CVE-2018-18220
	RESERVED
CVE-2018-18219
	RESERVED
CVE-2018-18218
	RESERVED
CVE-2018-18217
	RESERVED
CVE-2018-18216
	RESERVED
CVE-2018-18215 (In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can  ...)
	NOT-FOR-US: youke365
CVE-2018-18214
	RESERVED
CVE-2018-18213
	RESERVED
CVE-2018-18212
	RESERVED
CVE-2018-18211 (PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php ...)
	NOT-FOR-US: PbootCMS
CVE-2018-18210 (XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=s ...)
	NOT-FOR-US: DiliCMS
CVE-2018-18209 (XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=s ...)
	NOT-FOR-US: DiliCMS
CVE-2018-18208 (Virtualmin 6.03 allows XSS via the query string, as demonstrated by th ...)
	NOT-FOR-US: Virtualmin
CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cg ...)
	NOT-FOR-US: Virtualmin
CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discove ...)
	NOT-FOR-US: Bytom
CVE-2018-18205 (Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sen ...)
	NOT-FOR-US: Topvision CC8800 CMTS C-E devices
CVE-2018-18204
	RESERVED
CVE-2018-18203 (A vulnerability in the update mechanism of Subaru StarLink Harman head ...)
	NOT-FOR-US: Subaru
CVE-2018-18202 (The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modul ...)
	NOT-FOR-US: IBM
CVE-2018-18201 (qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&amp;action=ad ...)
	NOT-FOR-US: qibosoft
CVE-2018-18200 (There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. ...)
	NOT-FOR-US: REDAXO
CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
	NOT-FOR-US: REDAXO
CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php i ...)
	NOT-FOR-US: REDAXO
CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...)
	NOT-FOR-US: FineCms
CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a  ...)
	NOT-FOR-US: GoPro gpmf-parser
CVE-2018-18189
	RESERVED
CVE-2018-18188
	RESERVED
CVE-2018-18187
	RESERVED
CVE-2018-18186
	RESERVED
CVE-2018-18185
	RESERVED
CVE-2018-18184
	RESERVED
CVE-2018-18183
	RESERVED
CVE-2018-18182
	RESERVED
CVE-2018-18181
	RESERVED
CVE-2018-18180
	RESERVED
CVE-2018-18179
	RESERVED
CVE-2018-18178
	RESERVED
CVE-2018-18177
	RESERVED
CVE-2018-18176
	RESERVED
CVE-2018-18175
	RESERVED
CVE-2018-18174
	RESERVED
CVE-2018-18173
	RESERVED
CVE-2018-18172
	RESERVED
CVE-2018-18171
	RESERVED
CVE-2018-18170
	RESERVED
CVE-2018-18169
	RESERVED
CVE-2018-18168
	RESERVED
CVE-2018-18167
	RESERVED
CVE-2018-18166
	RESERVED
CVE-2018-18165
	RESERVED
CVE-2018-18164
	RESERVED
CVE-2018-18163
	RESERVED
CVE-2018-18162
	RESERVED
CVE-2018-18161
	RESERVED
CVE-2018-18160
	RESERVED
CVE-2018-18159
	RESERVED
CVE-2018-18158
	RESERVED
CVE-2018-18157
	RESERVED
CVE-2018-18156
	RESERVED
CVE-2018-18155
	RESERVED
CVE-2018-18154
	RESERVED
CVE-2018-18153
	RESERVED
CVE-2018-18152
	RESERVED
CVE-2018-18151
	RESERVED
CVE-2018-18150
	RESERVED
CVE-2018-18149
	RESERVED
CVE-2018-18148
	RESERVED
CVE-2018-18147
	RESERVED
CVE-2018-18146
	RESERVED
CVE-2018-18145
	RESERVED
CVE-2018-18144
	RESERVED
CVE-2018-18143
	RESERVED
CVE-2018-18142
	RESERVED
CVE-2018-18141
	RESERVED
CVE-2018-18140
	RESERVED
CVE-2018-18139
	RESERVED
CVE-2018-18138
	RESERVED
CVE-2018-18137
	RESERVED
CVE-2018-18136
	RESERVED
CVE-2018-18135
	RESERVED
CVE-2018-18134
	RESERVED
CVE-2018-18133
	RESERVED
CVE-2018-18132
	RESERVED
CVE-2018-18131
	RESERVED
CVE-2018-18130
	RESERVED
CVE-2018-18129
	RESERVED
CVE-2018-18128
	RESERVED
CVE-2018-18127
	RESERVED
CVE-2018-18126
	RESERVED
CVE-2018-18125
	RESERVED
CVE-2018-18124
	RESERVED
CVE-2018-18123
	RESERVED
CVE-2018-18122
	RESERVED
CVE-2018-18121
	RESERVED
CVE-2018-18120
	RESERVED
CVE-2018-18119
	RESERVED
CVE-2018-18118
	RESERVED
CVE-2018-18117
	RESERVED
CVE-2018-18116
	RESERVED
CVE-2018-18115
	RESERVED
CVE-2018-18114
	RESERVED
CVE-2018-18113
	RESERVED
CVE-2018-18112
	RESERVED
CVE-2018-18111
	RESERVED
CVE-2018-18110
	RESERVED
CVE-2018-18109
	RESERVED
CVE-2018-18108
	RESERVED
CVE-2018-18107
	RESERVED
CVE-2018-18106
	RESERVED
CVE-2018-18105
	RESERVED
CVE-2018-18104
	RESERVED
CVE-2018-18103
	RESERVED
CVE-2018-18102
	RESERVED
CVE-2018-18101
	RESERVED
CVE-2018-18100
	RESERVED
CVE-2018-18099
	RESERVED
CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...)
	NOT-FOR-US: Intel
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox befo ...)
	NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux (al ...)
	NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-18095 (Improper authentication in firmware for Intel(R) SSD DC S4500 Series a ...)
	NOT-FOR-US: Intel
CVE-2018-18094 (Improper directory permissions in installer for Intel(R) Media SDK bef ...)
	NOT-FOR-US: Intel
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune Amplifier 2 ...)
	NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
	RESERVED
CVE-2018-18091 (Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for W ...)
	NOT-FOR-US: Intel
CVE-2018-18090 (Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Wind ...)
	NOT-FOR-US: Intel
CVE-2018-18089 (Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver ...)
	NOT-FOR-US: Intel
CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imageto ...)
	{DSA-4405-1 DLA-1579-1}
	- openjpeg2 2.3.0-2 (low; bug #910763)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1152
	NOTE: https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
	NOT-FOR-US: Bixie Portfolio plugin for Pagekit
CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadI ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-18085
	RESERVED
CVE-2018-18084 (An issue was discovered in DuomiCMS 3.0. SQL injection exists in the a ...)
	NOT-FOR-US: DuomiCMS
CVE-2018-18083 (An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is  ...)
	NOT-FOR-US: DuomiCMS
CVE-2018-18082 (XSS exists in Waimai Super Cms 20150505 via the fname parameter to the ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2018-18081
	RESERVED
CVE-2018-18080
	RESERVED
CVE-2018-18079
	RESERVED
CVE-2018-18078
	RESERVED
CVE-2018-18077
	RESERVED
CVE-2018-18076
	RESERVED
CVE-2018-18075 (WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or nu ...)
	NOT-FOR-US: WikidForum
CVE-2018-18074 (The Requests package before 2.20.0 for Python sends an HTTP Authorizat ...)
	- requests 2.20.0-1 (low; bug #910766)
	[stretch] - requests <no-dsa> (Minor issue)
	[jessie] - requests <postponed> (Minor issue)
	NOTE: https://github.com/requests/requests/issues/4716
	NOTE: https://github.com/requests/requests/pull/4718
	NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protection me ...)
	{DSA-4336-1 DLA-1552-1}
	- ghostscript 9.25~dfsg-3 (bug #910758)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/10/12
CVE-2018-18072
	RESERVED
CVE-2018-18071 (An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 ...)
	NOT-FOR-US: Daimler Mercedes-Benz Me app for iOS
CVE-2018-18070 (An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12  ...)
	NOT-FOR-US: Daimler Mercedes-Benz COMAND on Mercedes-Benz C-Class 2018 vehicles
CVE-2018-18069 (process_forms in the WPML (aka sitepress-multilingual-cms) plugin thro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-18068 (The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ a ...)
	NOT-FOR-US: ARM-based hardware debugging feature on Raspberry Pi 3 module B+ (and possibly other devices)
CVE-2018-18067
	RESERVED
CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NU ...)
	- net-snmp 5.7.3+dfsg-1.1
	[jessie] - net-snmp 5.7.2.1+dfsg-1+deb8u1
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: The same commit as for other CVEs (CVE-2018-1000116, CVE-2015-5621) adresses this
	NOTE: issue, but might still not be just a duplicate but an independent issue fixed with
	NOTE: same commit.
CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...)
	{DSA-4314-1 DLA-1540-1}
	- net-snmp 5.7.3+dfsg-4 (bug #910638)
	NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during p ...)
	- cairo <unfixed> (low; bug #916083)
	[buster] - cairo <no-dsa> (Minor issue)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
CVE-2018-18063
	RESERVED
CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive FileManage ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive FileManage ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18060 (An issue was discovered in Bitdefender Engines before 7.76808. A vulne ...)
	NOT-FOR-US: Bitdefender
CVE-2018-18059 (An issue was discovered in Bitdefender Engines before 7.76675. A vulne ...)
	NOT-FOR-US: Bitdefender
CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A vulne ...)
	NOT-FOR-US: Bitdefender
CVE-2018-18057
	RESERVED
CVE-2018-18056 (An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E an ...)
	NOT-FOR-US: Texas Instruments
CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
	- rustc 1.30.0+dfsg1-1
	[stretch] - rustc <not-affected> (Introduced in 1.26)
	[jessie] - rustc <not-affected> (Vulnerable code not present)
	NOTE: https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html
	NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0
CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input Valid ...)
	NOT-FOR-US: privacyIDEA
CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 contain ...)
	- pyopenssl 17.5.0-1 (low)
	[stretch] - pyopenssl <no-dsa> (Minor issue)
	[jessie] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
	NOTE: https://github.com/pyca/pyopenssl/pull/723
	NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version 17.5 ...)
	- pyopenssl 17.5.0-1
	[stretch] - pyopenssl <no-dsa> (Minor issue)
	[jessie] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
	NOTE: https://github.com/pyca/pyopenssl/pull/723
	NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...)
	{DLA-1556-1}
	- paramiko 2.4.2-0.1 (bug #910760)
	[stretch] - paramiko <no-dsa> (Minor issue)
	NOTE: https://github.com/paramiko/paramiko/issues/1283
	NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ( ...)
	NOT-FOR-US: contiki-ng
CVE-2018-1000803 (Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability  ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/pull/4664
	NOTE: https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57
CVE-2018-18055
	RESERVED
CVE-2018-18054
	RESERVED
CVE-2018-18053
	RESERVED
CVE-2018-18052
	RESERVED
CVE-2018-18051
	RESERVED
CVE-2018-18050
	RESERVED
CVE-2018-18049
	RESERVED
CVE-2018-18048
	RESERVED
CVE-2018-18047
	RESERVED
CVE-2018-18046
	RESERVED
CVE-2018-18045
	RESERVED
CVE-2018-18044
	RESERVED
CVE-2018-18043
	RESERVED
CVE-2018-18042
	RESERVED
CVE-2018-18041
	RESERVED
CVE-2018-18040
	RESERVED
CVE-2018-18039
	RESERVED
CVE-2018-18038
	RESERVED
CVE-2018-18037
	RESERVED
CVE-2018-18036
	RESERVED
CVE-2018-18035 (A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 cou ...)
	NOT-FOR-US: OpenEMR
CVE-2018-18034
	RESERVED
CVE-2018-18033
	RESERVED
CVE-2018-18032
	RESERVED
CVE-2018-18031
	RESERVED
CVE-2018-18030
	RESERVED
CVE-2018-18029 (Navigate CMS has Stored XSS via the navigate.php Title field in an edi ...)
	NOT-FOR-US: Navigate CMS
CVE-2018-18028
	RESERVED
CVE-2018-18027
	RESERVED
CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower  ...)
	NOT-FOR-US: IObit Malware Fighter
CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
	{DLA-1574-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (low; bug #911435)
	[stretch] - imagemagick <postponed> (Fix along in next DSA)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1335
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPI ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/b268ce7a59440972f4476b9fd98104b6a836d971
CVE-2018-18023 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
	- imagemagick 8:6.9.10.14+dfsg-1
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1336
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5d71e23b853461dd3628cd1218834fcf13938365
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a5db4873626f702d2ddd8bc293573493e0a412c0
CVE-2018-18022
	RESERVED
CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers to by ...)
	- extplorer <removed>
CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...)
	- qpdf 9.0.0-1
	[buster] - qpdf <no-dsa> (Minor issue)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/243
	NOTE: https://github.com/qpdf/qpdf/commit/cf469d789024cdda41684f1ea48b41829b98c242
CVE-2018-1000806
	REJECTED
CVE-2018-18019 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPre ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2018-18018 (SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 f ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2018-18017 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPre ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage  ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
CVE-2018-18015
	RESERVED
CVE-2018-18014 (** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10 ...)
	NOT-FOR-US: Citrix
CVE-2018-18013 (** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening ...)
	NOT-FOR-US: Citrix
CVE-2018-18012
	RESERVED
CVE-2018-18011
	RESERVED
CVE-2018-18010
	RESERVED
CVE-2018-18009 (dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthen ...)
	NOT-FOR-US: D-Link
CVE-2018-18008 (spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote un ...)
	NOT-FOR-US: D-Link
CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated at ...)
	NOT-FOR-US: D-Link
CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Win ...)
	NOT-FOR-US: Ricoh myPrint application
CVE-2018-18005 (Cross-site scripting in event_script.js in VIVOTEK Network Camera Seri ...)
	NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18004 (Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Se ...)
	NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18003
	RESERVED
CVE-2018-18002
	RESERVED
CVE-2018-18001
	RESERVED
CVE-2018-18000
	RESERVED
CVE-2018-17999
	RESERVED
CVE-2018-17998
	RESERVED
CVE-2018-17997 (LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). ...)
	NOT-FOR-US: LayerBB
CVE-2018-17996 (LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user. ...)
	NOT-FOR-US: LayerBB
CVE-2018-17995
	RESERVED
CVE-2018-17994
	RESERVED
CVE-2018-17993
	RESERVED
CVE-2018-17992
	RESERVED
CVE-2018-17991
	RESERVED
CVE-2018-17990 (An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. ...)
	NOT-FOR-US: D-Link
CVE-2018-17989 (A stored XSS vulnerability exists in the web interface on D-Link DSL-3 ...)
	NOT-FOR-US: D-Link
CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query parame ...)
	NOT-FOR-US: LayerBB
CVE-2018-17987 (The determineWinner function of a smart contract implementation for Ha ...)
	NOT-FOR-US: Some Ethereum application
CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
	NOT-FOR-US: razorCMS
CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 ...)
	NOT-FOR-US: ISPConfig
CVE-2018-17982
	RESERVED
CVE-2018-17981 (Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the int ...)
	NOT-FOR-US: Lifesize Express
CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain  ...)
	NOT-FOR-US: NoMachine
CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for Wor ...)
	NOT-FOR-US: WordPress plugin wp-slimstat
CVE-2015-9272 (The videowhisper-video-presentation plugin 3.31.17 for WordPress allow ...)
	NOT-FOR-US: videowhisper-video-presentation plugin for WordPress
CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character ...)
	NOT-FOR-US: wp-db-backup plugin WordPress
CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection via the ho ...)
	NOT-FOR-US: karo gem
CVE-2013-7468 (Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the in ...)
	NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7467 (Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action= ...)
	NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7466 (Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with re ...)
	NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authenticati ...)
	NOT-FOR-US: Ice Cold Apps Servers Ultimate
CVE-2018-17983 (cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read du ...)
	- mercurial 4.7.2-1 (unimportant)
	[jessie] - mercurial <not-affected> (Vulnerable code not present)
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
	NOTE: Crash in CLI tool, no security impact
CVE-2018-17979
	RESERVED
CVE-2018-17978
	RESERVED
CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...)
	- linux <unfixed>
CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/51581
CVE-2018-17975 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/50744
CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer  ...)
	- tcpreplay 4.3.1-1 (bug #910598)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/486
CVE-2018-17973
	RESERVED
CVE-2018-17971
	RESERVED
CVE-2018-17970
	RESERVED
CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in fs/proc/base ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	NOTE: https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2
	NOTE: https://git.kernel.org/linus/f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7
CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attacke ...)
	NOT-FOR-US: Samsung SCX-6545X V2.00.03.01 03-23-2012 devices
CVE-2018-17968 (A gambling smart contract implementation for RuletkaIo, an Ethereum ga ...)
	NOT-FOR-US: RuletkaIo
CVE-2018-17967 (ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage i ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1051
CVE-2018-17966 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage  ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1050
CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage  ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
	NOT-FOR-US: Aryanic HighPortal
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes grea ...)
	{DSA-4338-1 DLA-1599-1}
	- qemu 1:3.1+dfsg-1 (bug #911469)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because  ...)
	{DSA-4338-1 DLA-1599-1}
	- qemu 1:3.1+dfsg-1 (bug #911468)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
	{DSA-4336-1 DLA-1552-1}
	- ghostscript 9.25~dfsg-3 (bug #910678)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291
CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source ...)
	- ckeditor 4.11.1+dfsg-1 (low)
	[stretch] - ckeditor <no-dsa> (Minor issue)
	[jessie] - ckeditor <ignored> (Minor issue)
	- fckeditor <removed>
CVE-2018-17959
	RESERVED
CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c b ...)
	{DSA-4454-1 DLA-1646-1}
	- qemu 1:3.1+dfsg-1 (bug #911499)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957 (The YaST2 RMT module for configuring the SUSE Repository Mirroring Too ...)
	NOT-FOR-US: YaST2 RMT module
CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the passwor ...)
	NOT-FOR-US: yast2-samba-provision
CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename al ...)
	NOT-FOR-US: yast2-multipath
CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack ...)
	NOT-FOR-US: crowbar
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule matc ...)
	- pam <not-affected> (Issue introduced by SUSE specific patch)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115640
	NOTE: Issue introduced by SUSE specific patch (pam-hostnames-in-access_conf.patch)
	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch
	NOTE: And fixed with (use-correct-IP-address.patch)
	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch
CVE-2018-17952 (Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 ...)
	NOT-FOR-US: eDirectory
CVE-2018-17951
	RESERVED
CVE-2018-17950 (Incorrect enforcement of authorization checks in eDirectory prior to 9 ...)
	NOT-FOR-US: eDirectory
CVE-2018-17949 (Cross site scripting vulnerability in iManager prior to 3.1 SP2. ...)
	NOT-FOR-US: iManager
CVE-2018-17948 (An open redirect vulnerability exists in the Access Manager Identity P ...)
	NOT-FOR-US: Microfocus
CVE-2018-17947 (The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text ...)
	NOT-FOR-US: WordPress plugin snazzy-maps
CVE-2018-17946 (The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress ha ...)
	NOT-FOR-US: WordPress plugin slideshow-gallery
CVE-2018-17945
	RESERVED
CVE-2018-17944 (On certain Lexmark devices that communicate with an LDAP or SMTP serve ...)
	NOT-FOR-US: Lexmark
CVE-2018-17943
	RESERVED
CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib before 2018- ...)
	{DLA-1543-1}
	- gnulib 20140202+stable-3.1 (low; bug #910757)
	[stretch] - gnulib 20140202+stable-2+deb9u1
	NOTE: pspp affecting bug: https://savannah.gnu.org/bugs/?func=detailitem&item_id=54686
	NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html
	NOTE: https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
CVE-2018-17941
	RESERVED
CVE-2018-17940
	RESERVED
CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/51956
CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofing via ...)
	NOT-FOR-US: Zimbra
CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open  ...)
	{DLA-1738-1}
	[experimental] - gpsd 3.18.1-1
	- gpsd 3.17-6 (low; bug #925327)
	[stretch] - gpsd <no-dsa> (Minor issue)
	NOTE: http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19
CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload  ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A use f ...)
	NOT-FOR-US: Telecrane
CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows external in ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may al ...)
	NOT-FOR-US: VGo Robot
CVE-2018-17932
	RESERVED
CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions 3.0.3.52 ...)
	NOT-FOR-US: VGo Robot
CVE-2018-17930 (A stack-based buffer overflow vulnerability has been identified in Tel ...)
	NOT-FOR-US: Teledyne DALSA Sherlock
CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and pr ...)
	NOT-FOR-US: TPEditor
CVE-2018-17928 (The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable t ...)
	NOT-FOR-US: ABB CMS-770
CVE-2018-17927 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and pr ...)
	NOT-FOR-US: TPEditor
CVE-2018-17926 (The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions  ...)
	NOT-FOR-US: ABB M2M ETHERNET
CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control Marke ...)
	NOT-FOR-US: Gigasoft
CVE-2018-17924 (Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix  ...)
	NOT-FOR-US: Rockwell
CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to  ...)
	NOT-FOR-US: SAGA1-L8B
CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials ...)
	NOT-FOR-US: Circontrol CirCarLife
CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to  ...)
	NOT-FOR-US: SAGA1-L8B
CVE-2018-17920
	RESERVED
CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud  ...)
	NOT-FOR-US: P2P Cloud Server
CVE-2018-17918 (Circontrol CirCarLife all versions prior to 4.3.1, authentication to t ...)
	NOT-FOR-US: Circontrol CirCarLife
CVE-2018-17917 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud  ...)
	NOT-FOR-US: P2P Cloud Server
CVE-2018-17916 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (f ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud  ...)
	NOT-FOR-US: P2P Cloud Server
CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (f ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...)
	NOT-FOR-US: CASE Suite
CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buf ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0  ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the applicati ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0  ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17906 (Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and Int ...)
	NOT-FOR-US: Philips
CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0  ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerabi ...)
	NOT-FOR-US: Reliance 4 SCADA/HMI
CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to  ...)
	NOT-FOR-US: SAGA1-L8B
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versi ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing project fi ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17900 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versi ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17899 (LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulner ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17898 (Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versio ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17897 (LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflo ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17896 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versi ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17895 (LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds r ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17894 (NUUO CMS all versions 3.1 and prior, The application creates default a ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17893 (LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer de ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17892 (NUUO CMS all versions 3.1 and prior, The application implements a meth ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running  ...)
	NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
CVE-2018-17890 (NUUO CMS all versions 3.1 and prior, The application uses insecure and ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior a ...)
	NOT-FOR-US: PI Studio HMI
CVE-2018-17888 (NUUO CMS all versions 3.1 and prior, The application uses a session id ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17887
	RESERVED
CVE-2018-17886 (An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.je ...)
	NOT-FOR-US: JEESNS
CVE-2018-17885
	RESERVED
CVE-2018-17883
	RESERVED
	- otrs2 6.0.12-1
	[stretch] - otrs2 <not-affected> (Only affects 6.x)
	[jessie] - otrs2 <not-affected> (Only affects 6.x)
	NOTE: https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/
	NOTE: https://github.com/OTRS/otrs/commit/40bbcc261a77c2f4c0383658cd99c07d577179ce
CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on th ...)
	{DSA-4313-1 DLA-1715-1}
	- linux 4.18.10-2
	[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
	NOTE: https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
	NOTE: https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (g ...)
	NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2018-17882 (An Integer overflow vulnerability exists in the batchTransfer function ...)
	NOT-FOR-US: CryptoBotsBattle
CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allow ...)
	NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allow ...)
	NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17879
	RESERVED
CVE-2018-17878
	RESERVED
CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ethereum ga ...)
	NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
	NOT-FOR-US: Coaster CMS
CVE-2018-17875
	RESERVED
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
	NOT-FOR-US: ExpressionEngine
CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of  ...)
	NOT-FOR-US: WifiRanger
CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform before  ...)
	NOT-FOR-US: Verba Collaboration Compliance and Quality Management Platform
CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform before  ...)
	NOT-FOR-US: Verba Collaboration Compliance and Quality Management Platform
CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" paramet ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection mechanism. ...)
	NOT-FOR-US: DASAN H660GW devices
CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding functional ...)
	NOT-FOR-US: DASAN H660GW devices
CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows remot ...)
	NOT-FOR-US: DASAN H660GW device
CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in includes/core/u ...)
	NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress
CVE-2018-17865
	RESERVED
CVE-2018-17864
	RESERVED
CVE-2018-17863
	RESERVED
CVE-2018-17862
	RESERVED
CVE-2018-17861
	RESERVED
CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
	NOT-FOR-US: Cloudera
CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
	NOT-FOR-US: Joomla!
CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer action ...)
	NOT-FOR-US: Joomla!
CVE-2018-17857 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks on ...)
	NOT-FOR-US: Joomla!
CVE-2018-17856 (An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate all ...)
	NOT-FOR-US: Joomla!
CVE-2018-17855 (An issue was discovered in Joomla! before 3.8.13. If an attacker gets  ...)
	NOT-FOR-US: Joomla!
CVE-2015-9271 (The VideoWhisper videowhisper-video-conference-integration plugin 4.91 ...)
	NOT-FOR-US: WordPress plugin videowhisper-video-conference-integration
CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPr ...)
	NOT-FOR-US: the-holiday-calendar plugin for WordPress
CVE-2015-9269 (The export/content.php exportarticle feature in the wordpress-mobile-p ...)
	NOT-FOR-US: wordpress-mobile-pack plugin for WordPress
CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SIMDComp
CVE-2018-17853
	RESERVED
CVE-2018-17852 (A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/cou ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17851
	REJECTED
CVE-2018-17850
	REJECTED
CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Up ...)
	NOT-FOR-US: Navigate CMS
CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles  ...)
	- golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
	[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
	- golang-go.net-dev <removed>
	[jessie] - golang-go.net-dev <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/27846
	NOTE: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles  ...)
	- golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
	[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
	- golang-go.net-dev <removed>
	[jessie] - golang-go.net-dev <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/27846
	NOTE: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles  ...)
	- golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
	[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
	- golang-go.net-dev <removed>
	[jessie] - golang-go.net-dev <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/27842
	NOTE: https://github.com/golang/net/commit/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
CVE-2018-17845
	RESERVED
CVE-2018-17844
	RESERVED
CVE-2018-17843 (SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Soft ...)
	NOT-FOR-US: ADD Clicking MLM
CVE-2018-17842 (SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hot ...)
	NOT-FOR-US: Scriptzee Hotel Booking Engine
CVE-2018-17841 (SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the ...)
	NOT-FOR-US: Scriptzee Flippa Marketplace Clone
CVE-2018-17840 (SQL injection exists in Scriptzee Education Website 1.0 via the colleg ...)
	NOT-FOR-US: Scriptzee Education Website
CVE-2018-17839
	RESERVED
CVE-2018-17838 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read oper ...)
	NOT-FOR-US: JTBC
CVE-2018-17837 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion  ...)
	NOT-FOR-US: JTBC
CVE-2018-17836 (An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attacke ...)
	NOT-FOR-US: JTBC
CVE-2018-17835 (An issue was discovered in GetSimple CMS 3.3.15. An administrator can  ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-17834
	RESERVED
CVE-2018-17833
	RESERVED
CVE-2018-17832 (XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17831 (In REDAXO before 5.6.3, a critical SQL injection vulnerability has bee ...)
	NOT-FOR-US: REDAXO
CVE-2018-17830 (The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 ...)
	NOT-FOR-US: REDAXO
CVE-2018-17829
	RESERVED
CVE-2018-17828 (Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers  ...)
	- zziplib <unfixed> (unimportant)
	NOTE: https://github.com/gdraheim/zziplib/issues/62
	NOTE: unzzipcat-mem not installed into the binary packages
CVE-2018-17827 (HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by ...)
	NOT-FOR-US: HisiPHP
CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add ...)
	NOT-FOR-US: HisiPHP
CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several double-free ...)
	{DLA-1534-1}
	- adplug 2.2.1+dfsg3-1 (low; bug #910534)
	[stretch] - adplug <ignored> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/67
	NOTE: https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76
CVE-2018-17824
	RESERVED
CVE-2018-17823
	RESERVED
CVE-2018-17822
	RESERVED
CVE-2018-17821
	RESERVED
CVE-2018-17820
	RESERVED
CVE-2018-17819
	RESERVED
CVE-2018-17818
	RESERVED
CVE-2018-17817
	RESERVED
CVE-2018-17816
	RESERVED
CVE-2018-17815
	RESERVED
CVE-2018-17814
	RESERVED
CVE-2018-17813
	RESERVED
CVE-2018-17812
	RESERVED
CVE-2018-17811
	RESERVED
CVE-2018-17810
	RESERVED
CVE-2018-17809
	RESERVED
CVE-2018-17808
	RESERVED
CVE-2018-17807
	RESERVED
CVE-2018-17806
	RESERVED
CVE-2018-17805
	RESERVED
CVE-2018-17804
	RESERVED
CVE-2018-17803
	RESERVED
CVE-2018-17802
	RESERVED
CVE-2018-17801
	RESERVED
CVE-2018-17800
	RESERVED
CVE-2018-17799
	RESERVED
CVE-2018-17798 (An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote  ...)
	NOT-FOR-US: zzcms
CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows remote at ...)
	NOT-FOR-US: zzcms
CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The Web ...)
	NOT-FOR-US: MRCMS
CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remot ...)
	- tiff 4.0.9-2
	[stretch] - tiff 4.0.8-2+deb9u2
	[jessie] - tiff 4.0.3-12.3+deb8u5
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2816
	NOTE: Similar issue as CVE-2017-9935 but not considered the same, but adressed
	NOTE: with same commit.
	NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe impli ...)
	{DLA-1602-1}
	- nsis 2.50-1
	NOTE: https://sourceforge.net/p/nsis/bugs/1125/
CVE-2015-9267 (Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary f ...)
	{DLA-1602-1}
	- nsis 2.50-1
	NOTE: https://sourceforge.net/p/nsis/bugs/1125/
CVE-2018-17793
	REJECTED
CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
	NOT-FOR-US: MDaemon Webmail
CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...)
	NOT-FOR-US: Newgen OmniFlow Intelligent Business Process Suite
CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
	NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17789 (Prospecta Master Data Online (MDO) allows CSRF. ...)
	NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17788
	RESERVED
CVE-2018-17787 (On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Co ...)
	NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, Ge ...)
	NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...)
	NOT-FOR-US: blynk-server in Blynk
CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM C ...)
	NOT-FOR-US: SugarCRM
CVE-2018-17783 (A cross-site scripting (XSS) vulnerability in the Edit Filter page (ma ...)
	- mantis <removed>
	NOTE: https://mantisbt.org/blog/archives/mantisbt/613
	NOTE: https://mantisbt.org/bugs/view.php?id=24814
CVE-2018-17782 (A cross-site scripting (XSS) vulnerability in the Manage Filters page  ...)
	- mantis <removed>
	NOTE: https://mantisbt.org/blog/archives/mantisbt/613
	NOTE: https://mantisbt.org/bugs/view.php?id=24813
CVE-2018-17781 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigg ...)
	NOT-FOR-US: Foxit
CVE-2018-17780 (Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on  ...)
	- telegram-desktop 1.4.0-1
	NOTE: https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
	NOTE: https://github.com/telegramdesktop/tdesktop/commit/c4ca180745300e3d1ac755341e9879fca9087b74
CVE-2018-17779
	RESERVED
CVE-2018-17778
	RESERVED
CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If  ...)
	NOT-FOR-US: D-Link
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGR ...)
	NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PR ...)
	NOT-FOR-US: Seqrite End Point Security
CVE-2018-17774
	RESERVED
CVE-2018-17773
	RESERVED
CVE-2018-17772
	RESERVED
CVE-2018-17771
	RESERVED
CVE-2018-17770
	RESERVED
CVE-2018-17769
	RESERVED
CVE-2018-17768
	RESERVED
CVE-2018-17767
	RESERVED
CVE-2018-17766
	RESERVED
CVE-2018-17765
	RESERVED
CVE-2018-17764
	RESERVED
CVE-2018-17763
	RESERVED
CVE-2018-17762
	RESERVED
CVE-2018-17761
	RESERVED
CVE-2018-17760
	RESERVED
CVE-2018-17759
	RESERVED
CVE-2018-17758
	RESERVED
CVE-2018-17757
	RESERVED
CVE-2018-17756
	RESERVED
CVE-2018-17755
	RESERVED
CVE-2018-17754
	RESERVED
CVE-2018-17753
	RESERVED
CVE-2018-17752
	RESERVED
CVE-2018-17751
	RESERVED
CVE-2018-17750
	RESERVED
CVE-2018-17749
	RESERVED
CVE-2018-17748
	RESERVED
CVE-2018-17747
	RESERVED
CVE-2018-17746
	RESERVED
CVE-2018-17745
	RESERVED
CVE-2018-17744
	RESERVED
CVE-2018-17743
	RESERVED
CVE-2018-17742
	RESERVED
CVE-2018-17741
	RESERVED
CVE-2018-17740
	RESERVED
CVE-2018-17739
	RESERVED
CVE-2018-17738
	RESERVED
CVE-2018-17737
	RESERVED
CVE-2018-17736
	RESERVED
CVE-2018-17735
	RESERVED
CVE-2018-17734
	RESERVED
CVE-2018-17733
	RESERVED
CVE-2018-17732
	RESERVED
CVE-2018-17731
	RESERVED
CVE-2018-17730
	RESERVED
CVE-2018-17729
	RESERVED
CVE-2018-17728
	RESERVED
CVE-2018-17727
	RESERVED
CVE-2018-17726
	RESERVED
CVE-2018-17725
	RESERVED
CVE-2018-17724
	RESERVED
CVE-2018-17723
	RESERVED
CVE-2018-17722
	RESERVED
CVE-2018-17721
	RESERVED
CVE-2018-17720
	RESERVED
CVE-2018-17719
	RESERVED
CVE-2018-17718
	RESERVED
CVE-2018-17717
	RESERVED
CVE-2018-17716
	RESERVED
CVE-2018-17715
	RESERVED
CVE-2018-17714
	RESERVED
CVE-2018-17713
	RESERVED
CVE-2018-17712
	RESERVED
CVE-2018-17711
	RESERVED
CVE-2018-17710
	RESERVED
CVE-2018-17709
	RESERVED
CVE-2018-17708
	RESERVED
CVE-2018-17707 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Epic Games
CVE-2018-17706 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF Phantom PDF
CVE-2018-17705 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17704 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17703 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17702 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17701 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17700 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17699 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17698 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17697 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17696 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17695 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17694 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17693 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17692 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17691 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17690 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17689 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17688 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17687 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17686 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17685 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17684 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17683 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17682 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17681 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17680 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17679 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17678 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17677 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17676 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17675 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17674 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17673 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17672 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17671 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17670 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17669 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17668 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17667 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17666 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17665 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17664 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17662 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17661 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17660 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17659 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17658 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17657 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17654 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17651 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17650 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17637 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17635 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17633 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17632 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17631 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17630 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17629 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17628 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17627 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17626 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17625 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17624 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17623 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17622 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17621 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17620 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17618 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17616 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17615 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Losant Arduino MQTT Client
CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enab ...)
	- telegram-desktop <unfixed> (unimportant; bug #921133)
	NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html
	NOTE: Non issue, works as expected, should probably be rejected
CVE-2018-17612 (Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) cert ...)
	NOT-FOR-US: Sennheiser
CVE-2018-17611 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17610 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17609 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17606
	REJECTED
CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before 3.0.4 for  ...)
	NOT-FOR-US: Grails plugin
CVE-2018-17604
	RESERVED
CVE-2018-17603
	RESERVED
CVE-2018-17602
	RESERVED
CVE-2018-17601
	RESERVED
CVE-2018-17600
	RESERVED
CVE-2018-17599
	RESERVED
CVE-2018-17598
	RESERVED
CVE-2018-17597
	RESERVED
CVE-2018-17596 (In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was dis ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2018-17595 (In the 5.4.0 version of the Fork CMS software, HTML Injection and Stor ...)
	NOT-FOR-US: Fork CMS
CVE-2018-17594 (AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top ...)
	NOT-FOR-US: AirTies Air 5443v2 devices
CVE-2018-17593 (AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5453 devices
CVE-2018-17592
	RESERVED
CVE-2018-17591 (AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top ...)
	NOT-FOR-US: AirTies Air 5343v2 devices
CVE-2018-17590 (AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5442 devices
CVE-2018-17589 (AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5650 devices
CVE-2018-17588 (AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5021 devices
CVE-2018-17587 (AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5750 devices
CVE-2018-17586 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rule ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17585 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfa ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17584 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp- ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17583 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rule ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get ...)
	- tcpreplay 4.3.1-1 (bug #910597)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/484
	NOTE: https://github.com/appneta/tcpreplay/commit/68f67b1a3a4d319543692afb5bd5b191ec984287
CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has e ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (low; bug #910060)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/460
	NOTE: Fixed in: https://github.com/Exiv2/exiv2/commit/b3d077dcaefb6747fff8204490f33eba5a144edb
CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet( ...)
	- tcpreplay 4.3.1-1 (bug #910596)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/485
CVE-2018-17579
	RESERVED
CVE-2018-17578
	RESERVED
CVE-2018-17577
	RESERVED
CVE-2018-17576
	RESERVED
CVE-2018-17575 (SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/al ...)
	NOT-FOR-US: SWA SWA.JACAD
CVE-2018-17574 (An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in th ...)
	NOT-FOR-US: YMFE YApi
CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbi ...)
	NOT-FOR-US: Wp-Insert plugin for WordPress
CVE-2018-17572 (InfluxDB 0.9.5 has Reflected XSS in the Write Data module. ...)
	- influxdb 0.9.6.1+dfsg1-1
	NOTE: https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48
CVE-2018-17571 (Vanilla before 2.6.1 allows XSS via the email field of a profile. ...)
	NOT-FOR-US: Vanilla
CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an i ...)
	NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an in ...)
	NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an inte ...)
	NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 all ...)
	{DLA-1541-1}
	- jekyll 3.8.3+dfsg-3.1 (low; bug #909933)
	[stretch] - jekyll <no-dsa> (Minor issue)
	NOTE: https://github.com/jekyll/jekyll/pull/7224
	NOTE: https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for SQL inje ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-17565 (Shell Metacharacter Injection in the SSH configuration interface on Gr ...)
	NOT-FOR-US: Grandstream GXP16xx VoIP phones
CVE-2018-17564 (A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx  ...)
	NOT-FOR-US: Grandstream GXP16xx VoIP phones
CVE-2018-17563 (A Malformed Input String to /cgi-bin/api-get_line_status on Grandstrea ...)
	NOT-FOR-US: Grandstream GXP16xx VoIP phones
CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_ ...)
	NOT-FOR-US: Multi-Tech FaxFinder
CVE-2018-17561
	RESERVED
CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1. ...)
	NOT-FOR-US: Grouptime Teamwire Client
CVE-2018-17559
	RESERVED
CVE-2018-17558
	RESERVED
CVE-2018-17557
	REJECTED
CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows remote at ...)
	NOT-FOR-US: ARRIS TG2492LG-NA 061213 devices
CVE-2018-17554
	RESERVED
CVE-2018-17553 (An "Unrestricted Upload of File with Dangerous Type" issue with direct ...)
	NOT-FOR-US: Naviwebs Navigate CMS
CVE-2018-17552 (SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote  ...)
	NOT-FOR-US: Naviwebs Navigate CMS
CVE-2018-17551
	RESERVED
CVE-2018-17550
	RESERVED
CVE-2018-17549
	RESERVED
CVE-2018-17548
	RESERVED
CVE-2018-17547
	RESERVED
CVE-2018-17546
	RESERVED
CVE-2018-17545
	RESERVED
CVE-2018-17544
	RESERVED
CVE-2018-17543
	RESERVED
CVE-2018-17542 (SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allow ...)
	NOT-FOR-US: MailSherlock
CVE-2018-17541
	RESERVED
CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a  ...)
	{DSA-4309-1 DLA-1528-1}
	- strongswan 5.7.1-1
	NOTE: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
CVE-2018-17539 (The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and  ...)
	NOT-FOR-US: BGP daemon (bgpd) in IP Infusion ZebOS and OcNOS
CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15. ...)
	NOT-FOR-US: Axon Evidence Sync
CVE-2018-17537 [Persistent XSS package.json]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17536 [Persistent XSS merge request project import]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17535
	RESERVED
CVE-2018-17534 (Teltonika RUT9XX routers with firmware before 00.04.233 provide a root ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2018-17533 (Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to  ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2018-17532 (Teltonika RUT9XX routers with firmware before 00.04.233 are prone to m ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2018-17531
	RESERVED
CVE-2018-17530
	RESERVED
CVE-2018-17529
	RESERVED
CVE-2018-17528
	RESERVED
CVE-2018-17527
	RESERVED
CVE-2018-17526
	RESERVED
CVE-2018-17525
	RESERVED
CVE-2018-17524
	RESERVED
CVE-2018-17523
	RESERVED
CVE-2018-17522
	RESERVED
CVE-2018-17521
	RESERVED
CVE-2018-17520
	RESERVED
CVE-2018-17519
	RESERVED
CVE-2018-17518
	RESERVED
CVE-2018-17517
	RESERVED
CVE-2018-17516
	RESERVED
CVE-2018-17515
	RESERVED
CVE-2018-17514
	RESERVED
CVE-2018-17513
	RESERVED
CVE-2018-17512
	RESERVED
CVE-2018-17511
	RESERVED
CVE-2018-17510
	RESERVED
CVE-2018-17509
	RESERVED
CVE-2018-17508
	RESERVED
CVE-2018-17507
	RESERVED
CVE-2018-17506
	RESERVED
CVE-2018-17505
	RESERVED
CVE-2018-17504
	RESERVED
CVE-2018-17503
	RESERVED
CVE-2018-17502 (The Receptionist for iPad could allow a local attacker to obtain sensi ...)
	NOT-FOR-US: Receptionist for iPad
CVE-2018-17501
	RESERVED
CVE-2018-17500 (Envoy Passport for Android and Envoy Passport for iPhone could allow a ...)
	NOT-FOR-US: Envoy Passport
CVE-2018-17499 (Envoy Passport for Android and Envoy Passport for iPhone could allow a ...)
	NOT-FOR-US: Envoy Passport
CVE-2018-17498
	RESERVED
CVE-2018-17497 (eVisitorPass contains default administrative credentials. An attacker  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17496 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17495 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17494 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17493 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17492 (EasyLobby Solo contains default administrative credentials. An attacke ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17491 (EasyLobby Solo could allow a local attacker to gain elevated privilege ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17490 (EasyLobby Solo is vulnerable to a denial of service. By visiting the k ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17489 (EasyLobby Solo could allow a local attacker to obtain sensitive inform ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17488 (Lobby Track Desktop could allow a local attacker to gain elevated priv ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17487 (Lobby Track Desktop could allow a local attacker to gain elevated priv ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17486 (Lobby Track Desktop could allow a local attacker to bypass security re ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17485 (Lobby Track Desktop contains default administrative credentials. An at ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17484 (Lobby Track Desktop could allow a local attacker to obtain sensitive i ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17483 (Lobby Track Desktop could allow a local attacker to obtain sensitive i ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17482 (Lobby Track Desktop could allow a local attacker to obtain sensitive i ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome prior t ...)
	{DSA-4395-1 DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-17480 (Execution of user supplied Javascript during array deserialization lea ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-17479 (Incorrect object lifetime calculations in GPU code in Google Chrome pr ...)
	{DSA-4342-1}
	- chromium-browser 70.0.3538.110-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17478 (Incorrect array position calculations in V8 in Google Chrome prior to  ...)
	{DSA-4340-1}
	- chromium-browser 70.0.3538.102-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17477 (Incorrect dialog placement in Extensions in Google Chrome prior to 70. ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17476 (Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3 ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17475 (Incorrect handling of history on iOS in Navigation in Google Chrome pr ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17474 (Use after free in HTMLImportsController in Blink in Google Chrome prio ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17473 (Incorrect handling of confusable characters in Omnibox in Google Chrom ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17472 (Incorrect handling of googlechrome:// URL scheme on iOS in Intents in  ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17471 (Incorrect dialog placement in WebContents in Google Chrome prior to 70 ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17470 (A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 a ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17469 (Incorrect handling of PDF filter chains in PDFium in Google Chrome pri ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17468 (Incorrect handling of timer information during navigation in Blink in  ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17467 (Insufficiently quick clearing of stale rendered content in Navigation  ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17466 (Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ...)
	{DSA-4362-1 DSA-4354-1 DSA-4330-1 DLA-1624-1 DLA-1605-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-17466
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-17466
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-17466
CVE-2018-17465 (Incorrect implementation of object trimming in V8 in Google Chrome pri ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17464 (Incorrect handling of history on iOS in Navigation in Google Chrome pr ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17463 (Incorrect side effect annotation in V8 in Google Chrome prior to 70.0. ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17462 (Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538. ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17461 (An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17460 (Insufficient data validation in filesystem URIs in Google Chrome prior ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17457 (An object lifecycle issue in Blink could lead to a use after free in W ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x  ...)
	{DSA-4311-1 DLA-1533-1}
	- git 1:2.19.1-1
	NOTE: https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct.c.googlers.com/
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=98afac7a7cefdca0d2c4917dd8066a59f7088265
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=f6adec4e329ef0e25e14c63b735a5956dc67b8bc
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=273c61496f88c6495b886acb1041fe57965151da
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404
CVE-2018-17455 [IDOR merge request approvals]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17454 [Persistent XSS on issue details]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17453 [GRPC::Unknown logging token disclosure]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17451 [Slack integration CSRF Oauth2]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17450 [SSRF GCP access token disclosure]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.2 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17449 [Confidential information disclosure in events API endpoint]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17448 (An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1 ...)
	NOT-FOR-US: Citrix
CVE-2018-17447 (An Information Exposure Through Log Files issue was discovered in Citr ...)
	NOT-FOR-US: Citrix
CVE-2018-17446 (A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetSc ...)
	NOT-FOR-US: Citrix
CVE-2018-17445 (A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and N ...)
	NOT-FOR-US: Citrix
CVE-2018-17444 (A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and ...)
	NOT-FOR-US: Citrix
CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
	- hdf5 <unfixed> (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
	[experimental] - hdf5 1.10.5+repack-1~exp1
	- hdf5 <unfixed> (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10588
	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
	[experimental] - hdf5 1.10.5+repack-1~exp1
	- hdf5 <unfixed> (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10586
	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in  ...)
	- hdf5 <unfixed>
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
	NOTE: upstream bug tracker (not public): https://jira.hdfgroup.org/browse/HDFFV-10590
	NOTE: fix planned for HDF5-1.10.6 (will also be backported to HDF5-1.8)
CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote attacker ...)
	NOT-FOR-US: Comodo UTM
CVE-2018-17430
	RESERVED
CVE-2018-17429 (/console/account/manage.php?type=action&amp;action=add in JTBC v3.0(C) ...)
	NOT-FOR-US: JTBC
CVE-2018-17428 (An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injecti ...)
	NOT-FOR-US: OPAC EasyWeb Five
CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SIMDComp
CVE-2018-17426 (WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in stat ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17425 (WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to  ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17424
	RESERVED
CVE-2018-17423 (An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_ ...)
	NOT-FOR-US: e107
CVE-2018-17422 (dotCMS before 5.0.2 has open redirects via the html/common/forward_js. ...)
	NOT-FOR-US: dotCMS
CVE-2018-17421 (An issue was discovered in ZrLog 2.0.3. There is stored XSS in the fil ...)
	NOT-FOR-US: ZrLog
CVE-2018-17420 (An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulne ...)
	NOT-FOR-US: ZrLog
CVE-2018-17419 (An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS  ...)
	NOT-FOR-US: Miek Gieben DNS library for Go
CVE-2018-17418 (Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP cod ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17417
	RESERVED
CVE-2018-17416 (A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adcl ...)
	NOT-FOR-US: zzcms
CVE-2018-17415 (zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parame ...)
	NOT-FOR-US: zzcms
CVE-2018-17414 (zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass ...)
	NOT-FOR-US: zzcms
CVE-2018-17413 (XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin paramet ...)
	NOT-FOR-US: zzcms
CVE-2018-17412 (zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck. ...)
	NOT-FOR-US: zzcms
CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data Quality ...)
	NOT-FOR-US: iWay Data Quality Suite Web Console
CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request to the /b ...)
	NOT-FOR-US: Horus CMS
CVE-2018-17409
	RESERVED
CVE-2018-17408 (Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 thr ...)
	NOT-FOR-US: Zahir Accounting Enterprise Plus
CVE-2018-17406
	RESERVED
CVE-2018-17405
	RESERVED
CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Androi ...)
	NOT-FOR-US: SBIbuddy application
CVE-2018-17403 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17402 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17401 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17400 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17399 (SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via th ...)
	NOT-FOR-US: Jimtawl
CVE-2018-17398 (SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via  ...)
	NOT-FOR-US: AMGallery
CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for  ...)
	NOT-FOR-US: AlphaIndex Dictionaries component for Joomla!
CVE-2018-17396
	RESERVED
CVE-2018-17395
	RESERVED
CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component for Joo ...)
	NOT-FOR-US: Timetable Schedule component for Joomla!
CVE-2018-17393 (SQL Injection exists in HealthNode Hospital Management System 1.0 via  ...)
	NOT-FOR-US: HealthNode Hospital Management System
CVE-2018-17392
	RESERVED
CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via ...)
	NOT-FOR-US: Super Cms Blog Pro
CVE-2018-17390
	RESERVED
CVE-2018-17389 (CSRF exists in server.php in Live Call Support Application 1.5 for add ...)
	NOT-FOR-US: Live Call Support Application
CVE-2018-17388 (SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the e ...)
	NOT-FOR-US: Twilio WEB To Fax Machine System
CVE-2018-17387 (CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for ...)
	NOT-FOR-US: Nimble Messaging Bulk SMS Marketing Application
CVE-2018-17386 (SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joo ...)
	NOT-FOR-US: Micro Deal Factory component for Joomla!
CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for Joomla! ...)
	NOT-FOR-US: Social Factory component for Joomla!
CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! v ...)
	NOT-FOR-US: Swap Factory component for Joomla!
CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component for Joo ...)
	NOT-FOR-US: Collection Factory component for Joomla!
CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! v ...)
	NOT-FOR-US: Jobs Factory component for Joomla!
CVE-2018-17381 (SQL Injection exists in the Dutch Auction Factory 2.0.2 component for  ...)
	NOT-FOR-US: Dutch Auction Factory component for Joomla!
CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 component fo ...)
	NOT-FOR-US: Article Factory Manager component for Joomla!
CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! ...)
	NOT-FOR-US: Raffle Factory component for Joomla!
CVE-2018-17378 (SQL Injection exists in the Penny Auction Factory 2.0.4 component for  ...)
	NOT-FOR-US: Penny Auction Factory component for Joomla!
CVE-2018-17377 (SQL Injection exists in the Questions 1.4.3 component for Joomla! via  ...)
	NOT-FOR-US: Questions component for Joomla!
CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 component fo ...)
	NOT-FOR-US: Reverse Auction Factory component for Joomla!
CVE-2018-17375 (SQL Injection exists in the Music Collection 3.0.3 component for Jooml ...)
	NOT-FOR-US: Music Collection component for Joomla!
CVE-2018-17374 (SQL Injection exists in the Auction Factory 4.5.5 component for Joomla ...)
	NOT-FOR-US: Auction Factory component for Joomla!
CVE-2018-17373
	RESERVED
CVE-2018-17372
	RESERVED
CVE-2018-17371
	RESERVED
CVE-2018-17370
	RESERVED
CVE-2018-17369 (An issue was discovered in springboot_authority through 2017-03-06. Th ...)
	NOT-FOR-US: springboot_authority
CVE-2018-17368 (An issue was discovered in PublicCMS V4.0.180825. For an invalid login ...)
	NOT-FOR-US: PublicCMS
CVE-2018-17367
	RESERVED
CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...)
	NOT-FOR-US: MCMS
CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...)
	NOT-FOR-US: OTCMS
CVE-2018-17363
	RESERVED
CVE-2018-17362
	RESERVED
CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attacker ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23685
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf93e9c2cf8f8b2566f8fc86e961592b51b5980d
	NOTE: binutils not covered by security support
CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
	NOTE: binutils not covered by security support
CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
	NOTE: binutils not covered by security support
CVE-2018-17357
	RESERVED
CVE-2018-17356
	RESERVED
CVE-2018-17355
	RESERVED
CVE-2018-17354
	RESERVED
CVE-2018-17353
	RESERVED
CVE-2018-17352
	RESERVED
CVE-2018-17351
	RESERVED
CVE-2018-17350
	RESERVED
CVE-2018-17349
	RESERVED
CVE-2018-17348
	RESERVED
CVE-2018-17347
	RESERVED
CVE-2018-17346
	RESERVED
CVE-2018-17345
	RESERVED
CVE-2018-17344
	RESERVED
CVE-2018-17343
	RESERVED
CVE-2018-17342
	RESERVED
CVE-2018-17341 (BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is  ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-17340
	RESERVED
CVE-2018-17339
	RESERVED
CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based buf ...)
	NOT-FOR-US: pdfalto
CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is r ...)
	NOT-FOR-US: Intelbras NPLUG
CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in udisks ...)
	- udisks2 2.8.1-1 (bug #909607)
	[stretch] - udisks2 <not-affected> (Vulnerable code introduced later)
	[jessie] - udisks2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/storaged-project/udisks/issues/578
	NOTE: Fixed by: https://github.com/storaged-project/udisks/commit/e369a9b4b08e9373c814c05328b366c938284eb5
	NOTE: Introduced by: https://github.com/storaged-project/udisks/commit/ad2ce6714e911be58011dd6b838ec0f6fd0f950f (udisks-2.6.4)
CVE-2018-17335
	RESERVED
CVE-2018-17334 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based b ...)
	NOT-FOR-US: libsvg2
CVE-2018-17333 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based b ...)
	NOT-FOR-US: libsvg2
CVE-2018-17332 (An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextP ...)
	NOT-FOR-US: libsvg2
CVE-2018-17331
	RESERVED
CVE-2018-17330
	RESERVED
CVE-2018-17329
	RESERVED
CVE-2018-17328
	RESERVED
CVE-2018-17327
	RESERVED
CVE-2018-17326
	RESERVED
CVE-2018-17325
	RESERVED
CVE-2018-17324
	RESERVED
CVE-2018-17323
	RESERVED
CVE-2018-17322 (Cross-site scripting (XSS) vulnerability in index.php/index/category/i ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-17321 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate ...)
	NOT-FOR-US: SeaCMS
CVE-2018-17320 (An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via ...)
	NOT-FOR-US: UCMS
CVE-2018-17319
	RESERVED
CVE-2018-17318
	RESERVED
CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers  ...)
	NOT-FOR-US: FruityWifi
CVE-2018-17316 (On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabi ...)
	NOT-FOR-US: RICOH MP C6003 printer
CVE-2018-17315 (On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabi ...)
	NOT-FOR-US: RICOH MP C2003 printer
CVE-2018-17314 (On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vul ...)
	NOT-FOR-US: RICOH Aficio MP 305+ printer
CVE-2018-17313 (On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabil ...)
	NOT-FOR-US: RICOH MP C307 printer
CVE-2018-17312 (On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vuln ...)
	NOT-FOR-US: RICOH Aficio MP 301 printer
CVE-2018-17311 (On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vuln ...)
	NOT-FOR-US: RICOH MP C6503 Plus printer
CVE-2018-17310 (On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulne ...)
	NOT-FOR-US: RICOH MP C1803 JPN printer
CVE-2018-17309 (On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabi ...)
	NOT-FOR-US: RICOH MP C406Z printer
CVE-2018-17308
	RESERVED
CVE-2018-17307
	RESERVED
CVE-2018-17306
	RESERVED
CVE-2018-17305 (UiPath Orchestrator through 2018.2.4 allows any authenticated user to  ...)
	NOT-FOR-US: UiPath Orchestrator
CVE-2018-17304
	RESERVED
CVE-2018-17303
	RESERVED
CVE-2018-17302 (Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /# ...)
	NOT-FOR-US: EspoCRM
CVE-2018-17301 (Reflected XSS exists in client/res/templates/global-search/name-field. ...)
	NOT-FOR-US: EspoCRM
CVE-2018-17300 (Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/ ...)
	NOT-FOR-US: CuppaCMS
CVE-2018-17299
	RESERVED
CVE-2018-17298 (An issue was discovered in Enalean Tuleap before 10.5. Reset password  ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-17297 (The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remo ...)
	NOT-FOR-US: Hutool
CVE-2018-17296
	RESERVED
CVE-2018-17295
	RESERVED
CVE-2018-17294 (The matchCurrentInput function inside lou_translateString.c of Libloui ...)
	- liblouis 3.7.0-1
	[stretch] - liblouis <no-dsa> (Minor issue)
	[jessie] - liblouis <ignored> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e
	NOTE: https://github.com/liblouis/liblouis/issues/635
CVE-2018-17293 (An issue was discovered in WAVM before 2018-09-16. The run function in ...)
	NOT-FOR-US: WAVM
CVE-2018-17292 (An issue was discovered in WAVM before 2018-09-16. The loadModule func ...)
	NOT-FOR-US: WAVM
CVE-2018-17291
	RESERVED
CVE-2018-17290
	RESERVED
CVE-2018-17289 (An XML external entity (XXE) vulnerability in Kofax Front Office Serve ...)
	NOT-FOR-US: Kofax Front Office Server Administration Console
CVE-2018-17288 (Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client an ...)
	NOT-FOR-US: Kofax Front Office Server
CVE-2018-17287 (In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, s ...)
	NOT-FOR-US: Kofax Front Office Server Administration Console
CVE-2018-17286
	RESERVED
CVE-2018-17285
	RESERVED
CVE-2018-17284
	RESERVED
CVE-2018-17283 (Zoho ManageEngine OpManager before 12.3 Build 123196 does not require  ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-17282 (An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue: ...)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/457
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/670fb73dd5ee8acab90971c4878de29f9fc43a02
	NOTE: Introduced with: https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55
CVE-2018-17407 (An issue was discovered in t1_check_unusual_charstring functions in wr ...)
	{DSA-4299-1 DLA-1514-1}
	- texlive-bin 2018.20180907.48586-2 (bug #909317)
	NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
	NOTE: Introduced in: https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
CVE-2018-17281 (There is a stack consumption vulnerability in the res_http_websocket.s ...)
	{DSA-4320-1 DLA-1523-1}
	- asterisk 1:13.23.1~dfsg-1 (bug #909554)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
	NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
CVE-2018-17280
	REJECTED
CVE-2018-17279
	REJECTED
CVE-2018-17278
	REJECTED
CVE-2018-17277
	REJECTED
CVE-2018-17276
	REJECTED
CVE-2018-17275
	REJECTED
CVE-2018-17274
	REJECTED
CVE-2018-17273
	REJECTED
CVE-2018-17272
	REJECTED
CVE-2018-17271
	REJECTED
CVE-2018-17270
	REJECTED
CVE-2018-17269
	REJECTED
CVE-2018-17268
	REJECTED
CVE-2018-17267
	REJECTED
CVE-2018-17266
	REJECTED
CVE-2018-17265
	REJECTED
CVE-2018-17264
	REJECTED
CVE-2018-17263
	REJECTED
CVE-2018-17262
	REJECTED
CVE-2018-17261
	REJECTED
CVE-2018-17260
	REJECTED
CVE-2018-17259
	REJECTED
CVE-2018-17258
	REJECTED
CVE-2018-17257
	REJECTED
CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.1 ...)
	NOT-FOR-US: Umbraco CMS
CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...)
	NOT-FOR-US: Navigate CMS
CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via th ...)
	NOT-FOR-US: JCK Editor component for Joomla!
CVE-2018-17253
	REJECTED
CVE-2018-17252
	REJECTED
CVE-2018-17251
	REJECTED
CVE-2018-17250
	REJECTED
CVE-2018-17249
	REJECTED
CVE-2018-17248
	REJECTED
CVE-2018-17247 (Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in ...)
	- elasticsearch <removed>
CVE-2018-17246 (Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file incl ...)
	- kibana <itp> (bug #700337)
CVE-2018-17245 (Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an ...)
	- kibana <itp> (bug #700337)
CVE-2018-17244 (Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the ...)
	- elasticsearch <removed>
CVE-2018-17243 (Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-17242
	RESERVED
CVE-2018-17241
	RESERVED
CVE-2018-17240
	RESERVED
CVE-2018-17239
	RESERVED
CVE-2018-17238
	RESERVED
CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...)
	- hdf5 <unfixed> (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10571 (not public)
	NOTE: does not appear in 1.10.5 release notes, but fixed in
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/4e31361dad4add06792b652dbe5b97e501f9031d
CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally ...)
	- mp4v2 <removed> (bug #909277)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629453
CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in li ...)
	- mp4v2 <removed> (bug #909278)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in  ...)
	- hdf5 <unfixed> (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10578 (not public)
	NOTE: does not appear in 1.10.5 release notes, but fixed in
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
	[experimental] - hdf5 1.10.5+repack-1~exp1
	- hdf5 <unfixed> (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10577
	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f891c38c6e724e9032a534512618b9650be76377
CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1 Slack Arc ...)
	NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)
CVE-2018-17231 (** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow atta ...)
	- telegram-desktop <unfixed> (unimportant)
	NOTE: Disputed as attack scenario does not cross a privilege boundary.
CVE-2018-17230 (Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to  ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/455
	NOTE: Introduced in: https://github.com/Exiv2/exiv2/commit/3d57bbc6e6036723df3c7da352e40267c90d1640
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: Some extra care needs to be applied when fixing isolately the issue in
	NOTE: experimental, as the commit afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: would introduce/uncover CVE-2018-17282.
CVE-2018-17229 (Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to c ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/453
	NOTE: Introduced in: https://github.com/Exiv2/exiv2/commit/3d57bbc6e6036723df3c7da352e40267c90d1640
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: Some extra care needs to be applied when fixing isolately the issue in
	NOTE: experimental, as the commit afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: would introduce/uncover CVE-2018-17282.
CVE-2018-17228 (nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell  ...)
	NOT-FOR-US: nmap4j
CVE-2018-17227
	RESERVED
CVE-2018-17226
	RESERVED
CVE-2018-17225
	RESERVED
CVE-2018-17224
	RESERVED
CVE-2018-17223
	RESERVED
CVE-2018-17222
	RESERVED
CVE-2018-17221
	RESERVED
CVE-2018-17220
	RESERVED
CVE-2018-17219
	RESERVED
CVE-2018-17218 (An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. The ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-17217 (An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. The ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-17216 (An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. The ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-17215 (An information-disclosure issue was discovered in Postman through 6.3. ...)
	NOT-FOR-US: Postman
CVE-2018-17214
	RESERVED
CVE-2018-17213 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
	NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17212
	RESERVED
CVE-2018-17211 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
	NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17210 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
	NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17209
	RESERVED
CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command injec ...)
	NOT-FOR-US: Linksys Velop
CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By acc ...)
	NOT-FOR-US: Snap Creek Duplicator
CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...)
	- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
	[stretch] - openvswitch <no-dsa> (Minor issue)
	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
	NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master)
	NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8)
	NOTE: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 (branch-2.7)
CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...)
	- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
	[stretch] - openvswitch <not-affected> (Vulnerable code introduced later)
	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
	NOTE: https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624 (master)
	NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8)
	NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7)
CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...)
	- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
	[stretch] - openvswitch <no-dsa> (Minor issue)
	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
	NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master)
	NOTE: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8)
	NOTE: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7)
	NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
	REJECTED
CVE-2018-17202 (Certain input files could make the code to enter into an infinite loop ...)
	NOTE: Apache Commons Imaging
CVE-2018-17201 (Certain input files could make the code hang when Apache Sanselan 0.97 ...)
	NOTE: Apache Commons Imaging
CVE-2018-17200 (The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngi ...)
	NOT-FOR-US: Apache OFBiz
CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...)
	{DSA-4422-1 DLA-1647-1}
	- apache2 2.4.38-1 (low; bug #920303)
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
	NOTE: 2.4.x http://svn.apache.org/r1851409
	NOTE: 2.5.x http://svn.apache.org/r1850947
CVE-2018-17198 (Server-side Request Forgery (SSRF) and File Enumeration vulnerability  ...)
	NOT-FOR-US: Apache Roller
CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop  ...)
	- tika 1.20-1
	[jessie] - tika <not-affected> (Only affects 1.8 to 1.19.1)
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/2
CVE-2018-17196 (In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to ...)
	- kafka <itp> (bug #786460)
CVE-2018-17195 (The template upload API endpoint accepted requests from different doma ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17194 (When a client request to a cluster node was replicated to other nodes  ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP request hea ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on some HTTP r ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PA ...)
	- netbeans 10.0-1
	[stretch] - netbeans <ignored> (Nashorn module is not enabled. Javascript support is incomplete)
	NOTE: Fixed upstream in version 10.0
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager accep ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-17189 (In Apache HTTP server versions 2.4.37 and prior, by sending request bo ...)
	{DSA-4422-1}
	- apache2 2.4.38-1 (low; bug #920302)
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/2
	NOTE: https://svn.apache.org/r1851329
CVE-2018-17188 (Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configurat ...)
	- couchdb <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/17/1
CVE-2018-17187 (The Apache Qpid Proton-J transport includes an optional wrapper layer  ...)
	- qpid-proton 0.22.0-1 (unimportant)
	NOTE: https://qpid.apache.org/cves/CVE-2018-17187.html
	NOTE: https://issues.apache.org/jira/browse/PROTON-1962
	NOTE: https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e
	NOTE: Up to 0.17.0-rc1 upstream proton-j was included in the qpid-proton distribution
	NOTE: but then moved out to a own repository.
	NOTE: Cf. https://github.com/apache/qpid-proton/commit/ccdcf32932f04b387da9d4dbd810da29cae223aa
CVE-2018-17186 (An administrator with workflow definition entitlements can use DTD to  ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-17185
	REJECTED
CVE-2018-17184 (A malicious user with enough administration entitlements can inject ht ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The vmacac ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.10-1
	NOTE: https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
	NOTE: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
CVE-2018-17181 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection ...)
	NOT-FOR-US: OpenEMR
CVE-2018-17180 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Tra ...)
	NOT-FOR-US: OpenEMR
CVE-2018-17179 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL  ...)
	NOT-FOR-US: OpenEMR
CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 devices. They  ...)
	NOT-FOR-US: Neato Botvac Connected devices
CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85  ...)
	NOT-FOR-US: Neato Botvac Connected and Botvac 85 devices
CVE-2018-17176 (A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. ...)
	NOT-FOR-US: Neato Botvac Connected devices
CVE-2018-17175 (In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Py ...)
	- python-marshmallow 3.0.0b14-1 (bug #909140)
	NOTE: https://github.com/marshmallow-code/marshmallow/issues/772
CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA librar ...)
	NOT-FOR-US: nmealib
CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 100.008.028.05200,  ...)
	NOT-FOR-US: Xerox
CVE-2018-17171
	RESERVED
CVE-2018-17170 (Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allo ...)
	NOT-FOR-US: Grouptime Teamwire Desktop Client
CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4  ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored  ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17166
	RESERVED
CVE-2018-17165
	RESERVED
CVE-2018-17164
	RESERVED
CVE-2018-17163
	REJECTED
CVE-2018-17162
	REJECTED
CVE-2018-17161 (In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r ...)
	NOT-FOR-US: FreeBSD bootpd
CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficie ...)
	NOT-FOR-US: FreeBSD bhyve
CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS se ...)
	NOT-FOR-US: FreeBSD nfs server
CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
	NOT-FOR-US: FreeBSD nfs server
CVE-2018-17157 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
	NOT-FOR-US: FreeBSD nfs server
CVE-2018-17156 (In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to inc ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-17155 (In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE- ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-17154 (In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a CWE ...)
	{DSA-4306-1 DLA-1520-1 DLA-1519-1}
	- python3.7 <not-affected> (Fixed before initial upload)
	- python3.6 <not-affected> (Fixed before initial upload)
	- python3.5 <not-affected> (Fixed before initial upload)
	- python3.4 <removed>
	- python2.7 2.7.15-5 (bug #909673)
	NOTE: https://bugs.python.org/issue34540
	NOTE: https://github.com/python/cpython/commit/d8b103b8b3ef9644805341216963a64098642435
	NOTE: Later versions did remove _call_external_zip with
	NOTE: https://github.com/python/cpython/commit/a0934b2c1b939fdebee8dc18d49a0f6c52324773
	NOTE: which used distutils.spawn.
	NOTE: PoC: https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig
CVE-2018-17153 (It was discovered that the Western Digital My Cloud device before 2.30 ...)
	NOT-FOR-US: Western Digital My Cloud device
CVE-2018-17152 (Intersystems Cache 2017.2.2.865.0 allows XXE. ...)
	NOT-FOR-US: Intersystems Cache
CVE-2018-17151 (Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. ...)
	NOT-FOR-US: Intersystems Cache
CVE-2018-17150 (Intersystems Cache 2017.2.2.865.0 allows XSS. ...)
	NOT-FOR-US: Intersystems Cache
CVE-2018-17149
	RESERVED
CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...)
	NOT-FOR-US: Nagios XI
CVE-2018-17147 (Nagios XI before 5.5.4 has XSS in the auto login admin management page ...)
	NOT-FOR-US: Nagios XI
CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-17145
	RESERVED
CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x be ...)
	- bitcoin 0.16.3~dfsg-1
	- litecoin 0.16.3-1
	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles  ...)
	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/golang/go/issues/27704
	NOTE: Fixed by: https://github.com/golang/net/commit/2f5d2388922f370f4355f327fcf4cfe9f5583908
	NOTE: Introduced by: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles  ...)
	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/golang/go/issues/27702
	NOTE: Fixed by: https://github.com/golang/net/commit/cf3bd585ca2a5a21b057abd8be7eea2204af89d0
	NOTE: Introduced by: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arb ...)
	{DSA-4298-1 DLA-1515-1}
	- hylafax 3:6.0.6-8.1 (bug #909161)
	NOTE: http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS v ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
	NOT-FOR-US: UltimatePOS
CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS v ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 prese ...)
	NOT-FOR-US: Prezi Next
CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php vi ...)
	NOT-FOR-US: zzcms
CVE-2018-17135
	RESERVED
CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ar ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ar ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute  ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ar ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17129 (MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/a ...)
	NOT-FOR-US: MetInfo
CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB bef ...)
	NOT-FOR-US: MyBB
CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_327 ...)
	NOT-FOR-US: ASUS
CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_ ...)
	NOT-FOR-US: CScms
CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...)
	NOT-FOR-US: CScms
CVE-2018-17124
	RESERVED
CVE-2018-17123
	RESERVED
CVE-2018-17122
	RESERVED
CVE-2018-17121
	RESERVED
CVE-2018-17120
	RESERVED
CVE-2018-17119
	RESERVED
CVE-2018-17118
	RESERVED
CVE-2018-17117
	RESERVED
CVE-2018-17116
	RESERVED
CVE-2018-17115
	RESERVED
CVE-2018-17114
	RESERVED
CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.s ...)
	NOT-FOR-US: EasyCMS
CVE-2018-17112
	RESERVED
CVE-2018-17111 (The onlyOwner modifier of a smart contract implementation for Coinlanc ...)
	NOT-FOR-US: onlyOwner modifier of a smart contract implementation for Coinlancer (CL)
CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ co ...)
	NOT-FOR-US: Simple POS
CVE-2018-17109
	RESERVED
CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Androi ...)
	NOT-FOR-US: SBIbuddy
CVE-2018-17107 (In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5. ...)
	NOT-FOR-US: Tgstation tgstation-server
CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
	NOT-FOR-US: Tinyftpd
CVE-2018-17105
	RESERVED
CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack (a ...)
	NOT-FOR-US: Microweber
CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta ...)
	NOT-FOR-US: QuickAppsCMS
CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds  ...)
	{DSA-4349-1 DLA-1557-1}
	- tiff 4.0.9+git181026-1 (bug #909037)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
	NOTE: https://gitlab.com/libtiff/libtiff/commit/f1b94e8a3ba49febdd3361c0214a1d1149251577
CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
	{DSA-4670-1 DLA-1557-1}
	- tiff 4.0.9+git181026-1 (low; bug #909038)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
	NOTE: https://gitlab.com/libtiff/libtiff/commit/6da1fb3f64d43be37e640efbec60400d1f1ac39e
CVE-2018-17099
	RESERVED
CVE-2018-17098 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #913894)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <ignored> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/14
CVE-2018-17097 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #913895)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <ignored> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/14
CVE-2018-17096 (The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parvia ...)
	- soundtouch 2.1.2+ds1-1 (low)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <ignored> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/14
CVE-2018-17183 (Artifex Ghostscript before 9.25 allowed a user-writable error exceptio ...)
	{DSA-4294-1 DLA-1527-1}
	- ghostscript 9.25~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699708
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka audiof ...)
	- audiofile 0.3.6-5 (low; bug #913166)
	[stretch] - audiofile 0.3.6-4+deb9u1
	[jessie] - audiofile <postponed> (Can be fixed along in future DLA)
	NOTE: https://github.com/mpruett/audiofile/issues/50
	NOTE: https://github.com/mpruett/audiofile/issues/51
CVE-2018-17094
	REJECTED
CVE-2018-17093
	REJECTED
CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/p ...)
	NOT-FOR-US: DonLinkage
CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attacker ...)
	NOT-FOR-US: DonLinkage
CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/b ...)
	NOT-FOR-US: DonLinkage
CVE-2018-17089
	RESERVED
CVE-2018-17087
	RESERVED
CVE-2018-17086 (An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switc ...)
	NOT-FOR-US: OTCMS
CVE-2018-17085 (An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php v ...)
	NOT-FOR-US: OTCMS
CVE-2018-17084
	RESERVED
CVE-2018-17083
	RESERVED
CVE-2018-17082 (The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ...)
	{DSA-4353-1 DLA-1509-1}
	- php7.3 7.3.0~rc2-1
	- php7.2 <unfixed>
	- php7.1 <removed>
	- php7.0 7.0.32-1
	- php5 <removed>
	NOTE: Fixed in 5.6.38, 7.0.32, 7.1.22, 7.2.10, 7.3.0RC1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76582
	NOTE: https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
CVE-2018-17081 (e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&amp;action=in ...)
	NOT-FOR-US: e107
CVE-2018-17080
	RESERVED
CVE-2018-17079 (An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerab ...)
	NOT-FOR-US: ZRLOG
CVE-2018-17078
	RESERVED
CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There is stored ...)
	NOT-FOR-US: yiqicms
CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is available o ...)
	- gpp <unfixed> (unimportant; bug #908939)
	NOTE: https://github.com/logological/gpp/issues/26
	NOTE: https://github.com/logological/gpp/commit/329aa63a70d32d1e2ae529130a792e0c6ae4ce79
	NOTE: Crash in CLI tool, no security impact
CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go mishandles " ...)
	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/golang/go/issues/27016
	NOTE: Fixed by: https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50
	NOTE: Introduced in: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
CVE-2018-17074 (The Feed Statistics plugin before 4.0 for WordPress has an Open Redire ...)
	NOT-FOR-US: Feed Statistics plugin for WordPress
CVE-2018-17073 (wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via ...)
	NOT-FOR-US: bitmap
CVE-2018-17072 (JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json. ...)
	NOT-FOR-US: JSON++
CVE-2018-17071 (The fallback function of a simple lottery smart contract implementatio ...)
	NOT-FOR-US: fallback function of a simple lottery smart contract implementation for Lucky9io
CVE-2018-17070 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the  ...)
	NOT-FOR-US: UNL-CMS
CVE-2018-17069 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new  ...)
	NOT-FOR-US: UNL-CMS
CVE-2018-17068 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17067 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very  ...)
	NOT-FOR-US: D-Link
CVE-2018-17066 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17065 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within  ...)
	NOT-FOR-US: D-Link
CVE-2018-17064 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17063 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-17061 (BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing,  ...)
	NOT-FOR-US: BullGuard Safe Browsing
CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not whitelist r ...)
	NOT-FOR-US: Telerik Extensions for ASP.NET MVC
CVE-2018-17059
	RESERVED
CVE-2018-17058 (An issue was discovered in JABA XPress Online Shop through 2018-09-14. ...)
	NOT-FOR-US: JABA
CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can trigger  ...)
	- tcpdf 6.2.26+dfsg-1 (bug #908866)
	[stretch] - tcpdf <no-dsa> (Minor issue)
	[jessie] - tcpdf <ignored> (Minor issue)
	NOTE: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e
	NOTE: Was considered minor for jessie since arbitrary deserialization
	NOTE: is still possible using http and https.
CVE-2018-17056 (Cross-site scripting (XSS) vulnerability in ServiceStack in Progress S ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17055 (An arbitrary file upload vulnerability in Progress Sitefinity CMS vers ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17054 (Cross-site scripting (XSS) vulnerability in Identity Server in Progres ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17053 (Cross-site scripting (XSS) vulnerability in Identity Server in Progres ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17052
	RESERVED
CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devic ...)
	NOT-FOR-US: K-Net Cisco Configuration Manager
CVE-2018-17050 (The mintToken function of a smart contract implementation for PolyAi ( ...)
	NOT-FOR-US: smart contract
CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
	NOT-FOR-US: CQU-LANKERS
CVE-2018-17048 (admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content  ...)
	NOT-FOR-US: FDCMS
CVE-2018-17047
	RESERVED
CVE-2018-17046 (translate man before 2018-08-21 has XSS via containers/outputBox/outpu ...)
	NOT-FOR-US: translate-man
CVE-2018-17045 (An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vul ...)
	NOT-FOR-US: CMS MaeloStore
CVE-2018-17044 (In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_conf ...)
	NOT-FOR-US: YzmCMS
CVE-2018-17043 (An issue has been found in doc2txt through 2014-03-19. It is a heap-ba ...)
	NOT-FOR-US: doc2txt
CVE-2018-17042 (An issue has been found in dbf2txt through 2012-07-19. It is a infinit ...)
	NOT-FOR-US: doc2txt
CVE-2018-17041
	RESERVED
CVE-2018-17040
	RESERVED
CVE-2018-17039 (MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted ...)
	NOT-FOR-US: MiniCMS
CVE-2018-17038
	RESERVED
CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...)
	NOT-FOR-US: UCMS
CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...)
	NOT-FOR-US: UCMS
CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...)
	NOT-FOR-US: UCMS
CVE-2018-17034 (UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. ...)
	NOT-FOR-US: UCMS
CVE-2018-17033
	RESERVED
CVE-2018-17032
	RESERVED
CVE-2018-17031 (In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MI ...)
	NOT-FOR-US: Go Git Service
CVE-2018-17030 (BigTree CMS 4.2.23 allows remote authenticated users, if possessing pr ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-17029
	RESERVED
CVE-2018-17028
	RESERVED
CVE-2018-17027
	RESERVED
CVE-2018-17026 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_titl ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17025 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_titl ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17024 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_titl ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 rout ...)
	NOT-FOR-US: ASUS GT-AC5300 routers
CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0 ...)
	NOT-FOR-US: ASUS GT-AC5300 routers
CVE-2018-17021 (Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices wit ...)
	NOT-FOR-US: ASUS GT-AC5300 devices
CVE-2018-17020 (ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow r ...)
	NOT-FOR-US: ASUS GT-AC5300 devices
CVE-2018-17019 (In Bro through 2.5.5, there is a DoS in IRC protocol names command par ...)
	- bro 2.6.1+ds1-1 (bug #908779)
	[buster] - bro 2.5.5-1+deb10u1
	[stretch] - bro <ignored> (Minor issue)
	NOTE: https://github.com/bro/bro/commit/c2b18849f8bb833253538f5dfedb4ed1dc176a30
CVE-2018-17018 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17017 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17016 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17015 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17014 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17013 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17012 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17011 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17010 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17009 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17008 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17007 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17006 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17003 (In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discover ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabil ...)
	NOT-FOR-US: RICOH
CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerab ...)
	NOT-FOR-US: RICOH
CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ( ...)
	{DSA-4670-1 DLA-1680-1}
	- tiff 4.0.10-4 (bug #908778)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
	NOTE: Relates to http://bugzilla.maptools.org/show_bug.cgi?id=2833
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
CVE-2018-16999 (Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segment ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392508
	NOTE: https://github.com/netwide-assembler/nasm/commit/980dd658b521afe4a688c4195410c4449a8e2468
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16998
	RESERVED
CVE-2018-16997
	RESERVED
CVE-2018-16996
	RESERVED
CVE-2018-16995
	RESERVED
CVE-2018-16994 (An issue was discovered on PHOENIX CONTACT AXL F BK PN &lt;=1.0.4, AXL ...)
	NOT-FOR-US: PHOENIX CONTACT AXL
CVE-2018-16993
	RESERVED
CVE-2018-16992
	RESERVED
CVE-2018-16991
	RESERVED
CVE-2018-16990
	RESERVED
CVE-2018-16989
	RESERVED
CVE-2018-16988 (An issue was discovered in Open XDMoD through 7.5.0. An authentication ...)
	NOT-FOR-US: Open XDMoD
CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external  ...)
	NOT-FOR-US: Squash TM
CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 de ...)
	NOT-FOR-US: Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was dis ...)
	NOT-FOR-US: Lizard
CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which unprivile ...)
	[experimental] - python-django 2:2.1.2-1
	- python-django <not-affected> (bug #910016; vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2018/oct/01/security-release/
	NOTE: https://github.com/django/django/commit/bf39978a53f117ca02e9a0c78b76664a41a54745 (master)
	NOTE: https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851 (2.1)
CVE-2018-16983 (NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other  ...)
	- mozilla-noscript <unfixed> (unimportant)
	NOTE: This is not a security issue in NoScript by itself
CVE-2018-16982 (Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial ...)
	NOT-FOR-US: Open Chinese Convert (OpenCC)
CVE-2018-16981 (stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...)
	- libstb 0.0~git20190617.5.c72a95d-1
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/656
	NOTE: https://github.com/nothings/stb/commit/50b1bfba583b12ceb23ef949567bdd914461e524
	NOTE: Potentially affects libsixel, libsfml, love, mame, darknet, gem, ccextractor, zynaddsubfx, osgearth, goxel, yquake2, renderdoc, catimg, libstb, zam-plugins, retroarch
CVE-2018-16980 (dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/ ...)
	NOT-FOR-US: dotCMS
CVE-2018-16979 (Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16978 (Monstra CMS V3.0.4 has XSS when ones tries to register an account with ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16977 (Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUME ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16975 (An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Co ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-16974 (An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Co ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-16973
	RESERVED
CVE-2018-16972
	RESERVED
CVE-2018-16971 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direc ...)
	NOT-FOR-US: Wisetail Learning Ecosystem
CVE-2018-16970 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direc ...)
	NOT-FOR-US: Wisetail Learning Ecosystem
CVE-2018-16969 (Citrix ShareFile StorageZones Controller before 5.4.2 has Information  ...)
	NOT-FOR-US: Citrix ShareFile StorageZones Controller
CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory ...)
	NOT-FOR-US: Citrix ShareFile StorageZones Controller
CVE-2018-16967 (There is an XSS vulnerability in the mndpsingh287 File Manager plugin  ...)
	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16966 (There is a CSRF vulnerability in the mndpsingh287 File Manager plugin  ...)
	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there i ...)
	NOT-FOR-US: Zoho
CVE-2018-16964
	RESERVED
CVE-2018-16963
	RESERVED
CVE-2018-16962 (Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to t ...)
	NOT-FOR-US: Webroot SecureAnywhere
CVE-2018-16961 (An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/ ...)
	NOT-FOR-US: Open XDMoD
CVE-2018-16960 (An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/ ...)
	NOT-FOR-US: Open XDMoD
CVE-2018-16959 (An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16958 (An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16957 (The Oracle WebCenter Interaction 10.3.3 search service queryd.exe bina ...)
	NOT-FOR-US: Oracle WebCenter Interaction
CVE-2018-16956 (The AjaxControl component of Oracle WebCenter Interaction Portal 10.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16955 (The login function of Oracle WebCenter Interaction Portal 10.3.3 is vu ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16954 (An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16953 (The AjaxView::DisplayResponse() function of the portalpages.dll assemb ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16952 (The Oracle WebCenter Interaction Portal 10.3.3 does not implement prot ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2017-18348 (Splunk Enterprise 6.6.x, when configured to run as root but drop privi ...)
	NOT-FOR-US: Splunk
CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0  ...)
	NOT-FOR-US: STMicroelectronics STM32F0 series devices
CVE-2018-16976 (Gitolite before 3.6.9 does not (in certain configurations involving @a ...)
	- gitolite3 3.6.9-1 (bug #908699)
	[stretch] - gitolite3 <no-dsa> (Minor issue)
	[jessie] - gitolite3 <no-dsa> (Minor issue)
	- gitolite <removed>
	NOTE: https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg
	NOTE: https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59
CVE-2018-16951 (xunfeng 0.2.0 allows command execution via CSRF because masscan.py mis ...)
	NOT-FOR-US: xunfeng
CVE-2018-16950 (Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attacke ...)
	NOT-FOR-US: Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices
CVE-2018-16946 (LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken ...)
	NOT-FOR-US: LG smart network camera device
CVE-2018-16945
	RESERVED
CVE-2018-16944
	RESERVED
CVE-2018-16943
	RESERVED
CVE-2018-16942
	RESERVED
CVE-2018-16941
	RESERVED
CVE-2018-16940
	RESERVED
CVE-2018-16939
	RESERVED
CVE-2018-16938
	RESERVED
CVE-2018-16937
	RESERVED
CVE-2018-16936
	RESERVED
CVE-2018-16935
	RESERVED
CVE-2018-16934
	RESERVED
CVE-2018-16933
	RESERVED
CVE-2018-16932
	RESERVED
CVE-2018-16931
	RESERVED
CVE-2018-16930
	RESERVED
CVE-2018-16929
	RESERVED
CVE-2018-16928
	RESERVED
CVE-2018-16927
	RESERVED
CVE-2018-16926
	RESERVED
CVE-2018-16925
	RESERVED
CVE-2018-16924
	RESERVED
CVE-2018-16923
	RESERVED
CVE-2018-16922
	RESERVED
CVE-2018-16921
	RESERVED
CVE-2018-16920
	RESERVED
CVE-2018-16919
	RESERVED
CVE-2018-16918
	RESERVED
CVE-2018-16917
	RESERVED
CVE-2018-16916
	RESERVED
CVE-2018-16915
	RESERVED
CVE-2018-16914
	RESERVED
CVE-2018-16913
	RESERVED
CVE-2018-16912
	RESERVED
CVE-2018-16911
	RESERVED
CVE-2018-16910
	RESERVED
CVE-2018-16909
	RESERVED
CVE-2018-16908
	RESERVED
CVE-2018-16907
	RESERVED
CVE-2018-16906
	RESERVED
CVE-2018-16905
	RESERVED
CVE-2018-16904
	RESERVED
CVE-2018-16903
	RESERVED
CVE-2018-16902
	RESERVED
CVE-2018-16901
	RESERVED
CVE-2018-16900
	RESERVED
CVE-2018-16899
	RESERVED
CVE-2018-16898
	RESERVED
CVE-2018-16897
	RESERVED
CVE-2018-16896
	RESERVED
CVE-2018-16895
	RESERVED
CVE-2018-16894
	RESERVED
CVE-2018-16893
	RESERVED
CVE-2018-16892
	RESERVED
CVE-2018-16891
	RESERVED
CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap  ...)
	{DSA-4386-1 DLA-1672-1}
	- curl 7.64.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
	NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug logging for v ...)
	- ceph 12.2.11+dfsg1-1 (low; bug #918969)
	[stretch] - ceph <postponed> (Minor issue)
	[jessie] - ceph <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665334
	NOTE: http://tracker.ceph.com/issues/37847
	NOTE: https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
CVE-2018-16888 (It was discovered systemd does not correctly check the content of PIDF ...)
	- systemd 237-1 (low)
	[stretch] - systemd <ignored> (Minor issue, too intrusive to backport)
	[jessie] - systemd <no-dsa> (low priority because this is inherently a bug in the PID file logic, too intrusive to backport)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1662867
	NOTE: Upstream issue: https://github.com/systemd/systemd/issues/6632
	NOTE: Upstream patches: https://github.com/systemd/systemd/pull/7816
CVE-2018-16887 (A cross-site scripting (XSS) flaw was found in the katello component o ...)
	NOT-FOR-US: Katello
CVE-2018-16886 (etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerab ...)
	- etcd 3.2.26+dfsg-1 (bug #923008)
	NOTE: Introduced by: https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d
	NOTE: Upstream issue: https://github.com/etcd-io/etcd/pull/10366
	NOTE: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
	NOTE: https://github.com/etcd-io/etcd/commit/a9a9466fb8ba11ad7bb6a44d7446fbd072d59887
	NOTE: https://github.com/etcd-io/etcd/commit/99704e2a97e8710da942bdc737417fc9c9a2c03f
	NOTE: https://github.com/etcd-io/etcd/commit/83c051b701d33261eef91a719e4421c81b000ba4
CVE-2018-16885 (A flaw was found in the Linux kernel that allows the userspace to call ...)
	- linux 3.16.2-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1661503
	NOTE: https://git.kernel.org/linus/06ebb06d49486676272a3c030bfeef4bd969a8e6
CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.16-1
	[stretch] - linux 4.9.161-1
	NOTE: https://patchwork.kernel.org/cover/10733767/
	NOTE: https://patchwork.kernel.org/patch/10733769/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660375
CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly restrict ac ...)
	- sssd 2.2.0-1 (bug #916824)
	[buster] - sssd <no-dsa> (Minor issue)
	[stretch] - sssd <no-dsa> (Minor issue)
	[jessie] - sssd <not-affected> (Issue got introduced with 1.13.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
	NOTE: Fixed in upstream 2.0.0 while refactoring code
	NOTE: Fixed by https://pagure.io/SSSD/sssd/c/fbe2476a3dd9be83ffa85c29dca26f734618d72d?branch=master
CVE-2018-16882 (A use-after-free issue was found in the way the Linux kernel's KVM hyp ...)
	- linux 4.19.13-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://marc.info/?l=kvm&m=154514994222809&w=2
	NOTE: Fixed by: https://git.kernel.org/linus/c2dd5146e9fe1f22c77c1b011adf84eea0245806
CVE-2018-16881 (A denial of service vulnerability was found in rsyslog in the imptcp m ...)
	- rsyslog 8.27.0-2
	[stretch] - rsyslog <no-dsa> (Minor issue; imptcp not enabled by default)
	[jessie] - rsyslog <not-affected> (Vulnerable code introduced in 8.13.1)
	NOTE: Fixed by: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
	NOTE: Introduced by: https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6
CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in the [vh ...)
	- linux 4.19.20-1
	[stretch] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/25/1
CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
	- pacemaker 2.0.1-3 (bug #927714)
	[stretch] - pacemaker <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
	NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
	- pacemaker 2.0.1-3 (bug #927714)
	[stretch] - pacemaker <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
	NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a infor ...)
	{DSA-4396-1}
	- ansible 2.7.6+dfsg-1 (bug #916102)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible/pull/49569
	NOTE: https://github.com/ansible/ansible/commit/4c6d714aefb05366cb329e139214c89ebb364899
CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...)
	- golang-1.11 1.11.3-1
	- golang-1.10 1.10.6-1
	NOTE: https://github.com/golang/go/issues/29233
	NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3)
	NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6)
CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
	- golang-1.11 1.11.3-1
	- golang-1.10 1.10.6-1
	NOTE: https://github.com/golang/go/issues/29231
	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
	- golang-1.11 1.11.3-1
	- golang-1.10 1.10.6-1
	NOTE: https://github.com/golang/go/issues/29230
	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
	NOTE: https://github.com/golang/go/commit/5aedc8af94c0a8ffc58cbd09993192dea9b238db (1.11.3)
	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
	NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6)
CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...)
	{DSA-4454-1 DLA-1694-1}
	- qemu 1:3.1+dfsg-2 (bug #916397)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1
CVE-2018-16871 (A flaw was found in the Linux kernel's NFS implementation, all version ...)
	- linux 4.18.20-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/01310bb7c9c98752cc763b36532fab028e0f8f81
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1655162
CVE-2018-16870 (It was found that wolfssl before 3.15.7 is vulnerable to a new variant ...)
	- wolfssl 4.1.0+dfsg-1 (bug #918952)
	NOTE: https://github.com/wolfSSL/wolfssl/pull/1950
CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack was fou ...)
	- nettle 3.4.1~rc1-1
	[stretch] - nettle <no-dsa> (Minor issue)
	[jessie] - nettle <no-dsa> (Minor issue - https://lists.debian.org/debian-lts/2019/03/msg00021.html)
	NOTE: http://cat.eyalro.net/
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
	NOTE: The upstream correction also makes a new public function that packages using
	NOTE: nettle should use. This means that fixing this CVE is a pre-requisite for
	NOTE: fixing other CVEs like CVE-2018-16868.
CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack was fou ...)
	[experimental] - gnutls28 3.6.5-1
	- gnutls28 3.6.5-2
	[stretch] - gnutls28 <no-dsa> (Minor issue)
	[jessie] - gnutls28 <ignored> (Too invasive to fix, requires newer nettle shared lib - https://lists.debian.org/debian-lts/2019/03/msg00021.html)
	- gnutls26 <removed>
	NOTE: http://cat.eyalro.net/
	NOTE: https://gitlab.com/gnutls/gnutls/issues/630
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/832
	NOTE: CVE-2018-16869 must be fixed first and a new build dependency on this new
	NOTE: nettle version.
CVE-2018-16867 (A flaw was found in qemu Media Transfer Protocol (MTP) before version  ...)
	- qemu 1:3.1+dfsg-1 (bug #915884)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6 (master)
	NOTE: vulnerable code introduced in
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=88d5f381ecb2d2828fd77676572ff9a99da699fb
CVE-2018-16866 (An out of bounds read was discovered in systemd-journald in the way it ...)
	{DSA-4367-1}
	- systemd 240-1
	[jessie] - systemd <not-affected> (Vulnerable code not present)
	NOTE: Introduced in: https://github.com/systemd/systemd/commit/ec5ff4445cca6a1d786b8da36cf6fe0acc0b94c8 (v221)
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/a6aadf4ae0bae185dc4c414d492a4a781c80ffe5 (v240) [1/2]
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 (v240) [2/2]
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/09/3
	NOTE: https://www.qualys.com/2019/01/09/system-down/system-down.txt
CVE-2018-16865 (An allocation of memory without limits, that could result in the stack ...)
	{DSA-4367-1 DLA-1639-1}
	- systemd 240-4 (bug #918848)
	NOTE: Intorduced in: https://github.com/systemd/systemd/commit/cf244689e9d1ab50082c9ddd0f3c4d1eb982badc (v38)
	NOTE: Exploitable since: https://github.com/systemd/systemd/commit/c4aa09b06f835c91cea9e021df4c3605cff2318d (v201)
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/052c57f132f04a3cf4148f87561618da1a6908b4
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/ef4d6abe7c7fab6cbff975b32e76b09feee56074
	NOTE: Fixes for master: https://github.com/systemd/systemd/pull/11374
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/09/3
	NOTE: https://www.qualys.com/2019/01/09/system-down/system-down.txt
CVE-2018-16864 (An allocation of memory without limits, that could result in the stack ...)
	{DSA-4367-1 DLA-1639-1}
	- systemd 240-4 (bug #918841)
	NOTE: Introduced in: https://github.com/systemd/systemd/commit/ae018d9bc900d6355dea4af05119b49c67945184 (v203)
	NOTE: Exploitable since: https://github.com/systemd/systemd/commit/ac2e41f5103ce2c679089c4f8fb6be61d7caec07 (v230)
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/084eeb865ca63887098e0945fb4e93c852b91b0f
	NOTE: Fixes for master: https://github.com/systemd/systemd/pull/11374
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/09/3
	NOTE: https://www.qualys.com/2019/01/09/system-down/system-down.txt
CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An  ...)
	- ghostscript <not-affected> (Red Hat-specific issue)
	NOTE: Debian updates backported all fixes to released suites
CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the cleanc ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://lore.kernel.org/patchwork/patch/1011367/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649017
	NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248
CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman component o ...)
	- foreman <itp> (bug #663101)
CVE-2018-16860 (A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x ...)
	{DSA-4455-1 DSA-4443-1 DLA-1788-1}
	- heimdal 7.5.0+dfsg-3 (bug #928966)
	[jessie] - heimdal <no-dsa> (Minor issue)
	- samba 2:4.9.5+dfsg-4
	NOTE: https://www.samba.org/samba/security/CVE-2018-16860.html
	NOTE: https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
CVE-2018-16859 (Execution of Ansible playbooks on Windows platforms with PowerShell Sc ...)
	- ansible <not-affected> (Only issue when executing Ansible playbooks on Windows platforms)
CVE-2018-16858 (It was found that libreoffice before versions 6.0.7 and 6.1.3 was vuln ...)
	{DSA-4381-1 DLA-1669-1}
	- libreoffice 1:6.1.3-1
	NOTE: https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
CVE-2018-16857 (Samba from version 4.9.0 and before version 4.9.3 that have AD DC conf ...)
	- samba 2:4.9.2+dfsg-2
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16857.html
CVE-2018-16856 (In a default Red Hat Openstack Platform Director installation, opensta ...)
	- octavia <not-affected> (Red Hat-specific, see bug #920769)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649165
CVE-2018-16855 (An issue has been found in PowerDNS Recursor before version 4.1.8 wher ...)
	- pdns-recursor 4.1.8-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html
CVE-2018-16854 (A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=378731
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
CVE-2018-16853 (Samba from version 4.7.0 has a vulnerability that allows a user in a S ...)
	- samba 2:4.9.2+dfsg-2 (unimportant)
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16853.html
	NOTE: Samba in Debian is built with the default Heimdal Kerberos build
CVE-2018-16852 (Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a N ...)
	- samba 2:4.9.2+dfsg-2
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16852.html
CVE-2018-16851 (Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is v ...)
	{DSA-4345-1 DLA-1607-1}
	- samba 2:4.9.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2018-16851.html
CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to SQL inject ...)
	- postgresql-11 11.1-1
	- postgresql-10 <removed>
	- postgresql-9.6 <not-affected> (Only affects 11.x and 10.x)
	- postgresql-9.4 <not-affected> (Only affects 11.x and 10.x)
	- postgresql-9.1 <not-affected> (Only affects 11.x and 10.x)
	NOTE: https://www.postgresql.org/about/news/1905/
	NOTE: Fixed in 11.1, 10.6
CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH private ...)
	- mistral 7.0.0-2 (low; bug #912714)
	[stretch] - mistral 3.0.0-4+deb9u1
	NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
CVE-2018-16848 (A Denial of Service (DoS) condition is possible in OpenStack Mistral i ...)
	- mistral <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...)
	- qemu 1:3.1+dfsg-1 (bug #912655)
	[stretch] - qemu <not-affected> (support for Controller Memory Buffers added later)
	[jessie] - qemu <not-affected> (support for Controller Memory Buffers added later)
	- qemu-kvm <not-affected> (support for Controller Memory Buffers added later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...)
	{DLA-1696-1}
	- ceph 12.2.11+dfsg1-1 (bug #921947)
	NOTE: http://tracker.ceph.com/issues/35994
	NOTE: https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f
	NOTE: https://github.com/ceph/ceph/commit/ab29bed2fc9f961fe895de1086a8208e21ddaddc
	NOTE: Backport to 12.2.11: https://tracker.ceph.com/issues/37831
CVE-2018-16845 (nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_ht ...)
	{DSA-4335-1 DLA-1572-1}
	- nginx 1.14.1-1 (bug #913090)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
	NOTE: https://nginx.org/download/patch.2018.mp4.txt
	NOTE: http://hg.nginx.org/nginx/rev/fdc19a3289c1
	NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16844 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...)
	{DSA-4335-1}
	- nginx 1.14.1-1 (bug #913090)
	[jessie] - nginx <not-affected> (HTTP 2.0 support added later)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
	NOTE: http://hg.nginx.org/nginx/rev/9200b41db765
	NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16843 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...)
	{DSA-4335-1}
	- nginx 1.14.1-1 (bug #913090)
	[jessie] - nginx <not-affected> (HTTP 2.0 support added later)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
	NOTE: http://hg.nginx.org/nginx/rev/d4448892a294
	NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buf ...)
	{DSA-4331-1 DLA-1568-1}
	- curl 7.62.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
CVE-2018-16841 (Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 a ...)
	{DSA-4345-1}
	- samba 2:4.9.2+dfsg-2
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16841.html
CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.0 thro ...)
	- curl 7.62.0-1
	[stretch] - curl <not-affected> (Use-after-free issue introduced later)
	[jessie] - curl <not-affected> (Use-after-free issue introduced later)
	NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
	NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
	{DSA-4331-1 DLA-1568-1}
	- curl 7.62.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. When the ...)
	- sssd 2.2.0-1 (bug #931432)
	[buster] - sssd <no-dsa> (Minor issue)
	[stretch] - sssd <no-dsa> (Minor issue)
	[jessie] - sssd <not-affected> (GPO based access control introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
	NOTE: GPO based access control introduced in https://github.com/SSSD/sssd/commit/60cab26b12
	NOTE: seems to presuppose configuration mistake: if sssd is not given enough permissions
	NOTE: to read GPO, access is systematically granted instead of denied
	NOTE: https://pagure.io/SSSD/sssd/issue/3867
	NOTE: https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175
CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
	{DSA-4396-1 DLA-1576-1}
	- ansible 2.7.1+dfsg-1 (bug #912297)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640642
	NOTE: https://github.com/ansible/ansible/pull/47436
CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal vulnerability in t ...)
	NOT-FOR-US: Rubedo CMS
CVE-2018-16835
	RESERVED
CVE-2018-16834
	RESERVED
CVE-2018-16833 (Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & ...)
	NOT-FOR-US: Zoho
CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to ...)
	NOT-FOR-US: xunfeng
CVE-2018-16949 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...)
	{DSA-4302-1 DLA-1513-1}
	- openafs 1.8.2-1 (bug #908616)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
CVE-2018-16948 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...)
	{DSA-4302-1 DLA-1513-1}
	- openafs 1.8.2-1 (bug #908616)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...)
	{DSA-4302-1 DLA-1513-1}
	- openafs 1.8.2-1 (bug #908616)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
CVE-2018-17458 (An improper update of the WebAssembly dispatch table in WebAssembly in ...)
	{DSA-4297-1}
	- chromium-browser 69.0.3497.92-1 (bug #908806)
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17459 (Incorrect handling of clicks in the omnibox in Navigation in Google Ch ...)
	{DSA-4297-1}
	- chromium-browser 69.0.3497.92-1 (bug #908806)
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-1002009 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002008 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002007 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002006 (These vulnerabilities require administrative privileges to exploit. Th ...)
	NOTE: Wordpress plugin
CVE-2018-1002005 (These vulnerabilities require administrative privileges to exploit. Th ...)
	NOTE: Wordpress plugin
CVE-2018-1002004 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002003 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002002 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002001 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002000 (There is blind SQL injection in WordPress Arigato Autoresponder and Ne ...)
	NOTE: Wordpress plugin
CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir  ...)
	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698)
	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - smarty3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/smarty-php/smarty/issues/486
	NOTE: CVE is about the include tag as an attack vector.
	NOTE: vulnerable code introduced in realpath() rewrite (c09b05cbe) released in 3.1.28
CVE-2018-16830
	RESERVED
CVE-2018-16829
	RESERVED
CVE-2018-16828
	RESERVED
CVE-2018-16827
	RESERVED
CVE-2018-16826
	RESERVED
CVE-2018-16825
	RESERVED
CVE-2018-16824
	RESERVED
CVE-2018-16823
	RESERVED
CVE-2018-16822 (SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16821 (SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_ ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16820 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listin ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16819 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion vi ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16818
	RESERVED
CVE-2018-16817
	RESERVED
CVE-2018-16816
	RESERVED
CVE-2018-16815
	RESERVED
CVE-2018-16814
	RESERVED
CVE-2018-16813
	RESERVED
CVE-2018-16812
	RESERVED
CVE-2018-16811
	RESERVED
CVE-2018-16810
	RESERVED
CVE-2018-16809 (An issue was discovered in Dolibarr through 7.0.0. expensereport/card. ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/9449
CVE-2018-16808 (An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/9449
CVE-2018-16807 (In Bro through 2.5.5, there is a memory leak potentially leading to Do ...)
	- bro 2.6.1+ds1-1 (low; bug #908614)
	[buster] - bro 2.5.5-1+deb10u1
	[stretch] - bro <ignored> (Minor issue)
	NOTE: https://github.com/bro/bro/commit/34d0cf886ca16c665f673a299e295b2a2bc14533
CVE-2018-16806 (A Pektron Passive Keyless Entry and Start (PKES) system, as used on th ...)
	NOT-FOR-US: Tesla
CVE-2018-16805 (In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles  ...)
	NOT-FOR-US: b3log
CVE-2018-16804 (An issue was discovered in UCMS 1.4.6. There is XSS in the title bar,  ...)
	NOT-FOR-US: UCMS
CVE-2018-16803 (In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows  ...)
	NOT-FOR-US: CIMTechniques CIMScan
CVE-2018-16801
	RESERVED
CVE-2018-16800
	RESERVED
CVE-2018-16799
	RESERVED
CVE-2018-16798
	RESERVED
CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.855 ...)
	NOT-FOR-US: PotPlayer
CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...)
	NOT-FOR-US: HiScout GRC Suite
CVE-2018-16795
	RESERVED
CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory  ...)
	NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
	NOT-FOR-US: Rollup 18 for Microsoft Exchange Server
CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect  ...)
	{DSA-4294-1 DLA-1504-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...)
	NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration fi ...)
	NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in  ...)
	- libbson <unfixed> (bug #913896)
	[stretch] - libbson <no-dsa> (Minor issue)
	- mongo-c-driver 1.13.0-1 (bug #913963)
	NOTE: https://jira.mongodb.org/browse/CDRIVER-2819
	NOTE: https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
CVE-2018-16789 (libhttp/url.c in shellinabox through 2.20 has an implementation flaw i ...)
	- shellinabox 2.21 (low)
	[stretch] - shellinabox <no-dsa> (Minor issue)
	[jessie] - shellinabox <no-dsa> (Minor issue)
	NOTE: https://github.com/shellinabox/shellinabox/pull/446
CVE-2018-16788
	RESERVED
CVE-2018-16787
	RESERVED
CVE-2018-16786 (DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg pa ...)
	NOT-FOR-US: DedeCMS
CVE-2018-16785 (XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 ver ...)
	NOT-FOR-US: DedeCMS
CVE-2018-16784 (DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execut ...)
	NOT-FOR-US: DedeCMS
CVE-2018-16783
	RESERVED
CVE-2018-16782 (libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the ...)
	NOT-FOR-US: ImageWorsener
CVE-2018-16781 (ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to caus ...)
	NOT-FOR-US: Some Windows picture viewer using ffmpeg incorrectly
CVE-2018-16780 (Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. ...)
	NOT-FOR-US: Complete Responsive CMS Blog
CVE-2018-16779 (BlogCMS through 2016-10-25 has XSS via a comment. ...)
	NOT-FOR-US: BlogCMS
CVE-2018-16778 (Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9. ...)
	NOT-FOR-US: Jenzabar
CVE-2018-16777
	RESERVED
CVE-2018-16776 (wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" ...)
	NOT-FOR-US: wityCMS
CVE-2018-16775 (An issue was discovered in Victor CMS through 2018-05-10. There is XSS ...)
	NOT-FOR-US: Victor CMS
CVE-2018-16774 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
	NOT-FOR-US: HongCMS
CVE-2018-16773 (EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTab ...)
	NOT-FOR-US: EasyCMS
CVE-2018-16772 (Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered ...)
	NOT-FOR-US: Hoosk
CVE-2018-16771 (Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided  ...)
	NOT-FOR-US: Hoosk
CVE-2018-16770 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16769 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16768 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16767 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16766 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16765 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16764 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16763 (FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-16762 (FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or sear ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-16761 (Eventum before 3.4.0 has an open redirect vulnerability. ...)
	NOT-FOR-US: Eventum
CVE-2018-16760
	RESERVED
CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from App/Modul ...)
	NOT-FOR-US: EasyCMS
CVE-2018-16758 (Missing message authentication in the meta-protocol in Tinc VPN versio ...)
	{DSA-4312-1 DLA-1538-1}
	- tinc 1.0.35-1
	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
CVE-2018-16757
	RESERVED
CVE-2018-16756
	RESERVED
CVE-2018-16755
	RESERVED
CVE-2018-16754
	RESERVED
CVE-2018-16753
	RESERVED
CVE-2018-16752 (LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code ...)
	NOT-FOR-US: LINK-NET LW-N605R devices
CVE-2018-16751
	RESERVED
CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfr ...)
	- imagemagick 8:6.9.10.2+dfsg-2 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1118
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/33d1b9590c401d4aee666ffd10b16868a38cf705
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/359331c61193138ce2b85331df25235b81499cfc
CVE-2018-16749 (In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJN ...)
	{DLA-1530-1}
	- imagemagick 8:6.9.10.2+dfsg-2 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1119
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4
CVE-2018-16748
	RESERVED
CVE-2018-16747
	RESERVED
CVE-2018-16746
	RESERVED
CVE-2018-16745 (An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() i ...)
	- mgetty 1.2.1-1
	[stretch] - mgetty <no-dsa> (Minor issue)
	[jessie] - mgetty <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
CVE-2018-16744 (An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() i ...)
	- mgetty 1.2.1-1
	[stretch] - mgetty <no-dsa> (Minor issue)
	[jessie] - mgetty <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
CVE-2018-16743 (An issue was discovered in mgetty before 1.2.1. In contrib/next-login/ ...)
	- mgetty 1.2.1-1 (unimportant)
	NOTE: contrib/next-login/ not built in Debian packaging
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)
CVE-2018-16742 (An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a  ...)
	- mgetty 1.2.1-1 (unimportant)
	NOTE: contrib/scrts not built in Debian packaging
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream removed contrib/scrts in 7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
CVE-2018-16741 (An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c,  ...)
	{DSA-4291-1 DLA-1502-1}
	- mgetty 1.2.1-1 (bug #910448)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
CVE-2018-16740
	RESERVED
CVE-2018-16739
	RESERVED
CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication protocol, altho ...)
	{DSA-4312-1}
	- tinc 1.0.35-1
	[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
	NOTE: This CVE is specific for tinc versions which did had mitigations put
	NOTE: in place for the Sweet32 attack in tinc 1.0.30.
CVE-2018-16737 (tinc before 1.0.30 has a broken authentication protocol, without even  ...)
	{DLA-1538-1}
	- tinc 1.0.31-1
	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatf ...)
	NOT-FOR-US: rcfilters plugin for Roundcube
CVE-2018-16735
	RESERVED
CVE-2018-16734
	RESERVED
CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer. ...)
	NOT-FOR-US: Go Ethereum
CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via adm ...)
	NOT-FOR-US: CScms
CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...)
	NOT-FOR-US: CScms
CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name ...)
	NOT-FOR-US: CScms
CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a S ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page created at  ...)
	NOT-FOR-US: feindura
CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage with ...)
	NOT-FOR-US: razorCMS
CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of the homepa ...)
	NOT-FOR-US: razorCMS
CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the assets/ween ...)
	NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
	NOT-FOR-US: baijiacms
CVE-2018-16723
	RESERVED
CVE-2018-16722
	RESERVED
CVE-2018-16721
	RESERVED
CVE-2018-16720
	RESERVED
CVE-2018-16719
	RESERVED
CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26  ...)
	NOT-FOR-US: NCBI ToolBox
CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...)
	NOT-FOR-US: NCBI ToolBox
CVE-2018-16716 (A path traversal vulnerability exists in viewcgi.c in the 2.0.7 throug ...)
	NOT-FOR-US: NCBI ToolBox
CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent throug ...)
	NOT-FOR-US: Absolute Software CTES Windows Agent
CVE-2018-16714
	RESERVED
CVE-2018-16713 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Mon ...)
	NOT-FOR-US: IObit Advanced SystemCare
CVE-2018-16712 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Mon ...)
	NOT-FOR-US: IObit Advanced SystemCare
CVE-2018-16711 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Mon ...)
	NOT-FOR-US: IObit Advanced SystemCare
CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obta ...)
	- octoprint <itp> (bug #718591)
	NOTE: https://github.com/foosel/OctoPrint/issues/2814
CVE-2018-16709 (Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, A ...)
	NOT-FOR-US: Fuji Xerox devices
CVE-2018-16708
	RESERVED
CVE-2018-16707
	RESERVED
CVE-2018-16706 (LG SuperSign CMS allows TVs to be rebooted remotely without authentica ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16705 (FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the  ...)
	NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Di ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-16703 (A vulnerability in the Gleez CMS 1.2.0 login page could allow an unaut ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-16702
	RESERVED
CVE-2018-16701
	RESERVED
CVE-2018-16700
	RESERVED
CVE-2018-16699
	RESERVED
CVE-2018-16698
	RESERVED
CVE-2018-16697
	RESERVED
CVE-2018-16696
	RESERVED
CVE-2018-16695
	RESERVED
CVE-2018-16694
	RESERVED
CVE-2018-16693
	RESERVED
CVE-2018-16692
	RESERVED
CVE-2018-16691
	RESERVED
CVE-2018-16690
	RESERVED
CVE-2018-16689
	RESERVED
CVE-2018-16688
	RESERVED
CVE-2018-16687
	RESERVED
CVE-2018-16686
	RESERVED
CVE-2018-16685
	RESERVED
CVE-2018-16684
	RESERVED
CVE-2018-16683
	RESERVED
CVE-2018-16682
	RESERVED
CVE-2018-16681
	RESERVED
CVE-2018-16680
	RESERVED
CVE-2018-16679
	RESERVED
CVE-2018-16678
	RESERVED
CVE-2018-16677
	RESERVED
CVE-2018-16676
	RESERVED
CVE-2018-16675
	RESERVED
CVE-2018-16674
	RESERVED
CVE-2018-16673
	RESERVED
CVE-2018-16672 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to th ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16671 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is  ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16670 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is  ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16669 (An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP ...)
	NOT-FOR-US: CIRCONTROL Open Charge Point Protocol
CVE-2018-16668 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is  ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16667 (An issue was discovered in Contiki-NG through 4.1. There is a buffer o ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16666 (An issue was discovered in Contiki-NG through 4.1. There is a stack-ba ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16665 (An issue was discovered in Contiki-NG through 4.1. There is a buffer o ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16664 (An issue was discovered in Contiki-NG through 4.1. There is a buffer o ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16663 (An issue was discovered in Contiki-NG through 4.1. There is a stack-ba ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16662
	RESERVED
CVE-2018-16661
	RESERVED
CVE-2018-16660 (A command injection vulnerability in PWS in Imperva SecureSphere 13.0. ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login page allow ...)
	NOT-FOR-US: Rausoft ID.prove
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
	{DSA-4292-1 DLA-1503-1}
	- kamailio 5.1.4-1 (bug #908324)
	NOTE: https://skalatan.de/blog/advisory-hw-2018-06
	NOTE: https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master)
	NOTE: https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d (5.1)
	NOTE: https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159 (5.0)
CVE-2018-16658 (An issue was discovered in the Linux kernel before 4.18.6. An informat ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
CVE-2018-16656 (DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devic ...)
	NOT-FOR-US: Kyocera
CVE-2018-16655 (Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkExcep ...)
	NOT-FOR-US: Gxlcms
CVE-2018-16654 (Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/detai ...)
	NOT-FOR-US: Zurmo
CVE-2018-16653 (rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. ...)
	NOT-FOR-US: rejucms
CVE-2018-16652
	RESERVED
CVE-2018-16651 (The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in re ...)
	NOT-FOR-US: phpMyFAQ
CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF. ...)
	NOT-FOR-US: phpMyFAQ
CVE-2018-16649
	RESERVED
CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c  ...)
	- mupdf 1.14.0+ds1-4 (bug #924351)
	[jessie] - mupdf <ignored> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699685
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?38f883fe129a5e89306252a4676eaaf4bc968824
CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xr ...)
	- mupdf 1.14.0+ds1-4 (bug #924351)
	[jessie] - mupdf <ignored> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?351c99d8ce23bbf7099dbd52771a095f67e45a2c
CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may caus ...)
	{DLA-1562-3 DLA-1562-2 DLA-1562-1}
	- poppler 0.71.0-4 (low; bug #909802)
	[stretch] - poppler <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/3d35d209c19c1d3b09b794a0c863ba5de44a9c0a
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89fccf45fc5bfca3756102e6bec1950ec1d436a9 (regression fix)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/08572e1bdca03baed694dd9828bb2b878865e669 (regression fix)
CVE-2018-16645 (There is an excessive memory allocation issue in the functions ReadBMP ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910889)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268
CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImage of c ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910888)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/00ef0f1bbf9eb1efdf0f38f51c72ecb26cc9a306
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/01ca29604515fa4ddf3180870827df5c8ec93ada
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1269
CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp ...)
	{DLA-1530-1}
	- imagemagick 8:6.9.10.8+dfsg-1 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows  ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.2+dfsg-2
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1162
CVE-2018-16641 (ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePh ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1206
CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the function Re ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/76efa969342568841ecf320b5a041685a6d24e0b
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3449a06f0122d4d9e68b4739417a3eaad0b24265
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
CVE-2018-16639 (Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter duri ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search parameter. ...)
	NOT-FOR-US: Evolution CMS
CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title parameter to ...)
	NOT-FOR-US: Evolution CMS
CVE-2018-16636 (Nucleus CMS 3.70 allows HTML Injection via the index.php body paramete ...)
	NOT-FOR-US: Nucleus CMS
CVE-2018-16635 (Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page titl ...)
	NOT-FOR-US: Blackcat CMS
CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-16633 (Pluck v4.7.7 allows XSS via the admin.php?action=editpage&amp;page= pa ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-16632 (Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/? ...)
	NOT-FOR-US: Mezzanine CMS
CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SIT ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-16630 (Kirby v2.5.12 allows XSS by using the "site files" Add option to uploa ...)
	NOT-FOR-US: Kirby
CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG f ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
	NOT-FOR-US: Kirby
CVE-2018-16627 (panel/login in Kirby v2.5.12 allows Host header injection via the "for ...)
	NOT-FOR-US: Kirby
CVE-2018-16626 (index.php/Admin/Classes in Typesetter 5.1 allows XSS via the descripti ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file  ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a n ...)
	NOT-FOR-US: Kirby
CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the ...)
	NOT-FOR-US: Kirby
CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in /api/content/ad ...)
	NOT-FOR-US: DoraCMS
CVE-2018-16621 (Sonatype Nexus Repository Manager before 3.14 allows Java Expression L ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16620 (Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Con ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16619 (Sonatype Nexus Repository Manager before 3.14 allows XSS. ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16618 (VTech Storio Max before 56.D3JM6 allows remote command execution via s ...)
	NOT-FOR-US: VTech
CVE-2018-1000670 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (u ...)
	- koha <itp> (bug #702134)
	NOTE: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086
CVE-2018-1000669 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (u ...)
	- koha <itp> (bug #702134)
	NOTE: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117
CVE-2018-16617
	RESERVED
CVE-2018-16616
	RESERVED
CVE-2018-16615
	RESERVED
CVE-2018-16614
	RESERVED
CVE-2018-16613 (An issue was discovered in the update function in the wpForo Forum plu ...)
	NOT-FOR-US: update function in the wpForo Forum plugin for WordPress
CVE-2018-16612
	RESERVED
CVE-2018-16611
	RESERVED
CVE-2018-16610
	RESERVED
CVE-2018-16609
	RESERVED
CVE-2018-16608 (In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change  ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16607 (Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudI ...)
	NOT-FOR-US: Orgs Page in Open-AudIT Professional
CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allo ...)
	NOT-FOR-US: ProConf
CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and Username fields ...)
	NOT-FOR-US: D-Link DIR-600M devices
CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's username ...)
	NOT-FOR-US: Nibbleblog
CVE-2018-16603 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16602 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16601 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16600 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16599 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16598 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16597 (An issue was discovered in the Linux kernel before 4.8. Incorrect acce ...)
	- linux 4.8.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
	NOTE: https://git.kernel.org/linus/c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
CVE-2018-16596 (A stack-based buffer overflow in the LAN UPnP service running on UDP p ...)
	NOT-FOR-US: Swisscom
CVE-2018-16595 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
	NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16594 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
	NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16593 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
	NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16592
	RESERVED
CVE-2018-16591 (FURUNO FELCOM 250 and 500 devices allow unauthenticated users to chang ...)
	NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in l ...)
	NOT-FOR-US: FURUNO FELCOM
CVE-2018-16589
	RESERVED
CVE-2018-16588 (Privilege escalation can occur in the SUSE useradd.c code in useradd,  ...)
	- shadow <not-affected> (SuSE-specific patch)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106914
	NOTE: The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2
CVE-2018-16587 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...)
	{DSA-4317-1 DLA-1521-1}
	- otrs2 6.0.11-1
	NOTE: https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711
	NOTE: OTRS 4: https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843
CVE-2018-16586 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...)
	{DSA-4317-1 DLA-1521-1}
	- otrs2 6.0.11-1
	NOTE: https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7
	NOTE: OTRS 4: https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302
CVE-2018-16584
	REJECTED
CVE-2018-16583
	REJECTED
CVE-2018-16582
	REJECTED
CVE-2018-16581
	REJECTED
CVE-2018-16580
	REJECTED
CVE-2018-16579
	REJECTED
CVE-2018-16578
	REJECTED
CVE-2018-16577
	REJECTED
CVE-2018-16576
	REJECTED
CVE-2018-16575
	REJECTED
CVE-2018-16574
	REJECTED
CVE-2018-16573
	REJECTED
CVE-2018-16572
	REJECTED
CVE-2018-16571
	REJECTED
CVE-2018-16570
	REJECTED
CVE-2018-16569
	REJECTED
CVE-2018-16568
	REJECTED
CVE-2018-16567
	REJECTED
CVE-2018-16566
	REJECTED
CVE-2018-16565
	REJECTED
CVE-2018-16564
	REJECTED
CVE-2018-16563 (A vulnerability has been identified in Firmware variant IEC 61850 for  ...)
	NOT-FOR-US: Siemens
CVE-2018-16562
	REJECTED
CVE-2018-16561 (A vulnerability has been identified in SIMATIC S7-300 CPUs (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-16560
	REJECTED
CVE-2018-16559 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-16558 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
	NOT-FOR-US: Siemens
CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
	NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions &lt ...)
	NOT-FOR-US: Siemens
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal vulner ...)
	{DSA-4303-1 DLA-1516-1}
	- okular 4:17.12.2-2.1 (bug #908168)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
	NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
	NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
	- wordpress <unfixed>
	[jessie] - wordpress <postponed> (cf. CVE-2017-1000600)
	NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600.
CVE-2018-1000673
	REJECTED
CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to  ...)
	{DLA-1512-1}
	- sympa 6.2.36~dfsg-1 (bug #908165)
	[stretch] - sympa <no-dsa> (Minor issue)
	NOTE: https://github.com/sympa-community/sympa/issues/268
	NOTE: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1
	NOTE: https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325
CVE-2018-1000668 (jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vuln ...)
	NOT-FOR-US: jsish
CVE-2018-1000667 (NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392507
	NOTE: https://github.com/netwide-assembler/nasm/commit/c713b5f994cf7b29164c3b6838b91f0499591434
	NOTE: https://github.com/cyrillos/nasm/issues/3
	NOTE: Crash in CLI tool, no security impact
CVE-2018-1000666 (GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2 ...)
	NOT-FOR-US: GIG Technology NV JumpScale Portal
CVE-2018-1000665 (Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contai ...)
	- dojo 1.14.1+dfsg1-1 (unimportant)
	NOTE: https://github.com/dojo/dojo/pull/307
CVE-2018-1000664 (daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains  ...)
	NOT-FOR-US: daneren2005 DSub for Subsonic
CVE-2018-1000663 (jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in ...)
	NOT-FOR-US: jsish
CVE-2018-1000661 (jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vuln ...)
	NOT-FOR-US: jsish
CVE-2018-1000660 (TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. ...)
	NOT-FOR-US: TOCK
CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory traversal i ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload vulnerabilit ...)
	- limesurvey <itp> (bug #472802)
CVE-2017-1000600 (WordPress version &lt;4.9 contains a CWE-20 Input Validation vulnerabi ...)
	- wordpress 4.9.1+dfsg-1
	[jessie] - wordpress <postponed> (requires authenticated user, root cause in PHP phar:// unserialization and requires thorough application-level checks, no upstream patch)
	NOTE: https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
	NOTE: https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
	NOTE: https://twitter.com/_s_n_t/status/1030573635617124353 (possible mitigation)
	NOTE: https://www.slideshare.net/_s_n_t/php-unserialization-vulnerabilities-what-are-we-missing (75-76, pre-4.9 POP chain)
	NOTE: https://github.com/WordPress/WordPress/commit/0a3b7d8e31def538cf531791efe8bf33e6e243cc (4.9 POP chain break)
	NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need to have
	NOTE: vulnerable module installed on the site as well. Due to an incomplete fix
	NOTE: in 4.9 there exists CVE-2018-1000773.
CVE-2018-16553 (In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remot ...)
	NOT-FOR-US: Jspxcms
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/ ...)
	NOT-FOR-US: MicroPyramid Django-CRM
CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/jo ...)
	NOT-FOR-US: LavaLite
CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the bru ...)
	NOT-FOR-US: TeamViewer
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via t ...)
	NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory  ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (low; bug #910335)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	NOTE: https://github.com/gdraheim/zziplib/issues/58
	NOTE: https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb
	NOTE: https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687
	NOTE: https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99
CVE-2018-16547
	RESERVED
CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key acros ...)
	NOT-FOR-US: Amcrest
CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterp ...)
	NOT-FOR-US: Kaizen Asset Manager
CVE-2018-16544
	RESERVED
CVE-2018-16538
	REJECTED
CVE-2018-16537
	REJECTED
CVE-2018-16536
	REJECTED
CVE-2018-16535
	REJECTED
CVE-2018-16534
	REJECTED
CVE-2018-16533
	REJECTED
CVE-2018-16532
	REJECTED
CVE-2018-16531
	REJECTED
CVE-2018-16530 (A stack-based buffer overflow in Forcepoint Email Security version 8.5 ...)
	NOT-FOR-US: Forcepoint Email Security
CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
	NOT-FOR-US: Forcepoint Email Security
CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16526 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16525 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16524 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16523 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16522 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3 ...)
	NOT-FOR-US: OpenMRS
CVE-2018-16520
	RESERVED
CVE-2018-16519 (COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs ...)
	NOT-FOR-US: COYO
CVE-2018-16518 (A directory traversal vulnerability with remote code execution in Prim ...)
	NOT-FOR-US: Prim'X Zed! FREE
CVE-2018-16517 (asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dere ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392513
	NOTE: https://fakhrizulkifli.github.io/CVE-2018-16517.html
	NOTE: https://github.com/netwide-assembler/nasm/commit/e996d28c70d45008085322b442b44a9224308548
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...)
	- python-flask-admin <itp> (bug #765509)
CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters page (v ...)
	- mantis <removed>
	NOTE: https://mantisbt.org/bugs/view.php?id=24731
CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
	{DLA-2054-1}
	- jhead 1:3.00-8 (bug #907925)
	[stretch] - jhead 1:3.00-4+deb9u1
CVE-2018-16554 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
	{DLA-2054-1}
	- jhead 1:3.00-8 (bug #908176)
	[stretch] - jhead 1:3.00-4+deb9u1
CVE-2018-16515 (Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events ...)
	- matrix-synapse 0.33.3.1-1 (bug #908044)
	NOTE: https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/
	NOTE: https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
	NOTE: https://github.com/matrix-org/synapse/issues/3796#event-1833126269
CVE-2018-16512
	RESERVED
CVE-2018-16508
	RESERVED
CVE-2018-16507
	RESERVED
CVE-2018-16506
	RESERVED
CVE-2018-16505
	RESERVED
CVE-2018-16504
	RESERVED
CVE-2018-16503
	RESERVED
CVE-2018-16502
	RESERVED
CVE-2018-16501
	RESERVED
CVE-2018-16500
	RESERVED
CVE-2018-16499
	RESERVED
CVE-2018-16498
	RESERVED
CVE-2018-16497
	RESERVED
CVE-2018-16496
	RESERVED
CVE-2018-16495
	RESERVED
CVE-2018-16494
	RESERVED
CVE-2018-16493 (A path traversal vulnerability was found in module static-resource-ser ...)
	NOT-FOR-US: node static-resource-server
CVE-2018-16492 (A prototype pollution vulnerability was found in module extend &lt;2.0 ...)
	- node-extend 3.0.2-1 (unimportant)
	NOTE: https://snyk.io/vuln/npm:extend:20180424
	NOTE: https://github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190
	NOTE: https://github.com/justmoon/node-extend/pull/48
	NOTE: nodejs not covered by security support
CVE-2018-16491 (A prototype pollution vulnerability was found in node.extend &lt;1.1.7 ...)
	- node-extend 3.0.2-1 (unimportant)
	NOTE: https://hackerone.com/reports/430831
	NOTE: nodejs not covered by security support
CVE-2018-16490 (A prototype pollution vulnerability was found in module mpath &lt;0.5. ...)
	NOT-FOR-US: node mpath
CVE-2018-16489 (A prototype pollution vulnerability was found in just-extend &lt;4.0.0 ...)
	NOT-FOR-US: node just-extend
CVE-2018-16488
	RESERVED
CVE-2018-16487 (A prototype pollution vulnerability was found in lodash &lt;4.17.11 wh ...)
	- node-lodash 4.17.11+dfsg-1 (unimportant)
	NOTE: https://hackerone.com/reports/380873
	NOTE: nodejs not covered by security support
CVE-2018-16486 (A prototype pollution vulnerability was found in defaults-deep &lt;=0. ...)
	NOT-FOR-US: node defaults-deep
CVE-2018-16485 (Path Traversal vulnerability in module m-server &lt;1.4.1 allows malic ...)
	NOT-FOR-US: node m-server
CVE-2018-16484 (A XSS vulnerability was found in module m-server &lt;1.4.2 that allows ...)
	NOT-FOR-US: node m-server
CVE-2018-16483 (A deficiency in the access control in module express-cart &lt;=1.1.5 a ...)
	NOT-FOR-US: node express-cart
CVE-2018-16482 (A server directory traversal vulnerability was found on node module mc ...)
	NOT-FOR-US: node mcstatic
CVE-2018-16481 (A XSS vulnerability was found in html-page &lt;=2.1.1 that allows mali ...)
	NOT-FOR-US: node html-page
CVE-2018-16480 (A XSS vulnerability was found in module public &lt;0.1.4 that allows m ...)
	NOT-FOR-US: node public
CVE-2018-16479 (Path traversal vulnerability in http-live-simulator &lt;1.0.7 causes u ...)
	NOT-FOR-US: node http-live-simulator
CVE-2018-16478 (A Path Traversal in simplehttpserver versions &lt;=0.2.1 allows to lis ...)
	NOT-FOR-US: simplehttpserver
CVE-2018-16477 (A bypass vulnerability in Active Storage &gt;= 5.2.0 for Google Cloud  ...)
	- rails 2:5.2.2+dfsg-1 (bug #914848)
	[stretch] - rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
	[jessie] - rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
	NOTE: Originally no version was affected until 2:5.2.0+dfsg-2 was uploaded to unstable.
CVE-2018-16476 (A Broken Access Control vulnerability in Active Job versions &gt;= 4.2 ...)
	- rails 2:5.2.2+dfsg-1 (bug #914847)
	[stretch] - rails 2:4.2.7.1-1+deb9u1
	[jessie] - rails <not-affected> (only affects >= 4.2.0)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/4
CVE-2018-16475 (A Path Traversal in Knightjs versions &lt;= 0.0.1 allows an attacker t ...)
	NOT-FOR-US: Knightjs
CVE-2018-16474 (A stored xss in tianma-static module versions &lt;=1.0.4 allows an att ...)
	NOT-FOR-US: tianma-static
CVE-2018-16473 (A path traversal in takeapeek module versions &lt;=0.2.2 allows an att ...)
	NOT-FOR-US: takeapeek
CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions &lt;=1.0 ...)
	NOT-FOR-US: cached-path-relative
CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...)
	{DLA-1585-1}
	- ruby-rack 1.6.4-6 (bug #913005)
	[stretch] - ruby-rack 1.6.4-4+deb9u1
	NOTE: Fixed by: https://github.com/rack/rack/commit/e5d58031b766e49687157b45edab1b8457d972bd (master)
	NOTE: Fixed by: https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7 (2.0.6)
	NOTE: Fixed by: https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594 (1.6.11)
CVE-2018-16470 (There is a possible DoS vulnerability in the multipart parser in Rack  ...)
	[experimental] - ruby-rack 2.0.6-1 (bug #913003)
	- ruby-rack <not-affected> (Only affects >= 2.0.4)
	NOTE: Introduced by: https://github.com/rack/rack/commit/c43217a81917de03aa6ceb1aa485ae69b8bb4598 (2.0.4)
	NOTE: Fixed by: https://github.com/rack/rack/commit/37c1160b2360074d20858792f23a7eb3afeabebd (2.0.6)
CVE-2018-16469 (The merge.recursive function in the merge package &lt;1.2.1 can be tri ...)
	NOT-FOR-US: merge package v
CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...)
	{DSA-4364-1}
	- ruby-loofah 2.2.3-1 (bug #912398)
	NOTE: https://github.com/flavorjones/loofah/issues/154
	NOTE: https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4 (v2.2.3)
CVE-2018-16467 (A missing check in Nextcloud Server prior to 14.0.0 could give unautho ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16466 (Improper revalidation of permissions in Nextcloud Server prior to 14.0 ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16465 (Missing state in Nextcloud Server prior to 14.0.0 would not enforce th ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16464 (A missing access check in Nextcloud Server prior to 14.0.0 could lead  ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16463 (A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13 ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16462 (A command injection vulnerability in the apex-publish-static-files npm ...)
	NOT-FOR-US: apex-publish-static-files npm
CVE-2018-16461 (A command injection vulnerability in libnmapp package for versions &lt ...)
	NOT-FOR-US: libnmapp
CVE-2018-16460 (A command Injection in ps package versions &lt;1.0.0 for Node.js allow ...)
	NOT-FOR-US: ps node module
CVE-2018-16459 (An unescaped payload in exceljs &lt;v1.6 allows a possible XSS via cel ...)
	NOT-FOR-US: exceljs
CVE-2018-1000672
	REJECTED
CVE-2018-1000662
	REJECTED
CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, airGateway  ...)
	NOT-FOR-US: Ubiquiti
CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=a ...)
	NOT-FOR-US: baigo CMS
CVE-2018-16457 (PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote at ...)
	NOT-FOR-US: PHP Scripts Mall Open Source Real-estate Script
CVE-2018-16456 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NO ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-16455 (PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. ...)
	NOT-FOR-US: PHP Scripts Mall Market Place Script
CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attacke ...)
	NOT-FOR-US: PHP Scripts Mall Olx Clone
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search b ...)
	NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print- ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. ...)
	NOT-FOR-US: CraftedWeb
CVE-2018-16449 (OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Cha ...)
	NOT-FOR-US: OneThink
CVE-2018-16448 (Cscms 4 allows CSRF for creating a member via upload/admin.php/user/sa ...)
	NOT-FOR-US: Cscms
CVE-2018-16447 (Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-16446 (An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.p ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16445 (An issue was discovered in SeaCMS through 6.61. SQL injection exists v ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16444 (An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSR ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16443
	RESERVED
CVE-2018-16442
	RESERVED
CVE-2018-16441
	RESERVED
CVE-2018-16440
	RESERVED
CVE-2018-16439
	RESERVED
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read
CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable ...)
	NOT-FOR-US: Gxlcms
CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an ...)
	NOT-FOR-US: Gxlcms
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ove ...)
	{DSA-4289-1 DSA-4284-1 DLA-1496-1}
	- lcms2 2.9-3 (bug #907983)
	- lcms <removed>
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	NOTE: https://github.com/mm2/Little-CMS/issues/171
	NOTE: https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
CVE-2018-16434
	RESERVED
CVE-2018-16433
	RESERVED
CVE-2018-16432 (BlueCMS 1.6 allows SQL Injection via the user_name parameter to upload ...)
	NOT-FOR-US: BlueCMS
CVE-2018-16431 (admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an adminis ...)
	NOT-FOR-US: YFCMF
CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read vulnerability i ...)
	{DSA-4290-1 DLA-1501-1}
	- libextractor 1:1.7-1 (bug #907987)
	NOTE: https://gnunet.org/bugs/view.php?id=5405
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_ ...)
	{DLA-1866-1}
	- glib2.0 2.58.0-1 (low)
	[stretch] - glib2.0 2.50.3-2+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1361
CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c  ...)
	{DLA-1866-1}
	- glib2.0 2.58.0-1 (low)
	[stretch] - glib2.0 <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1364
CVE-2018-16427 (Various out of bounds reads when handling responses in OpenSC before 0 ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16426 (Endless recursion when handling responses from an IAS-ECC card in iase ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16425 (A double free when handling responses from an HSM Card in sc_pkcs15emu ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16424 (A double free when handling responses in read_file in tools/egk-tool.c ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16423 (A double free when handling responses from a smartcard in sc_file_set_ ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-db0cd89ff279ad8c7b3bb780cdf2770a
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16422 (A single byte buffer overflow when handling responses from an esteid C ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16421 (Several buffer overflows when handling responses from a CAC Card in ca ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-848b13147a344ba2c6361d91ca77feb1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16420 (Several buffer overflows when handling responses from an ePass 2003 Ca ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16419 (Several buffer overflows when handling responses from a Cryptoflex car ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16418 (A buffer overflow when handling string concatenation in util_acl_to_st ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16417 (Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11,  ...)
	NOT-FOR-US: Aruba Instant
CVE-2018-16416 (Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inl ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-16415
	RESERVED
CVE-2018-16414
	RESERVED
CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the Magi ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910887)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the code ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910887)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250
	NOTE: Fixed with same patch as for issue #1249, as per upstream discussion at
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250#issuecomment-422361868
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
CVE-2018-16411
	RESERVED
CVE-2018-16410 (Vanilla before 2.6.1 allows SQL injection via an invitationID array to ...)
	NOT-FOR-US: Vanilla
CVE-2018-16409 (In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GE ...)
	NOT-FOR-US: Go Git Service
CVE-2018-16408 (D-Link DIR-846 devices with firmware 100.26 allow remote attackers to  ...)
	NOT-FOR-US: D-Link DIR-846 devices
CVE-2018-16407 (An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has X ...)
	- mayan-edms <itp> (bug #718580)
CVE-2018-16406 (An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app h ...)
	- mayan-edms <itp> (bug #718580)
CVE-2018-16405 (An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app ...)
	- mayan-edms <itp> (bug #718580)
CVE-2018-16404
	RESERVED
CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list incorrec ...)
	- elfutils 0.175-1 (low)
	[stretch] - elfutils <no-dsa> (Minor issue)
	[jessie] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23529
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a  ...)
	- elfutils 0.175-1 (low)
	[stretch] - elfutils <no-dsa> (Minor issue)
	[jessie] - elfutils <not-affected> (vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=56b18521fb8d46d40fc090c0de9d11a08bc982fa
CVE-2018-16401
	RESERVED
CVE-2018-16400
	RESERVED
CVE-2018-16399
	RESERVED
CVE-2018-16398 (In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as  ...)
	NOT-FOR-US: Twistlock AuthZ Broker
CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "file upload ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-16396 (An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5. ...)
	{DSA-4332-1 DLA-1558-1}
	- ruby2.5 2.5.3-1 (bug #911920)
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
	NOTE: https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
CVE-2018-16395 (An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2 ...)
	{DSA-4332-1 DLA-1558-1}
	- ruby-openssl 2.1.2-1 (bug #911918)
	- ruby2.5 2.5.3-1 (bug #911919)
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
	NOTE: https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5
CVE-2018-16394
	RESERVED
CVE-2018-16393 (Several buffer overflows when handling responses from a Gemsafe V1 Sma ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16392 (Several buffer overflows when handling responses from a TCOS Card in t ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b2a356323a9ff2024d041cf2d7e89dd3
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle Card in ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16390
	RESERVED
CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ ...)
	NOT-FOR-US: e107
CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers  ...)
	NOT-FOR-US: e107
CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF v ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log i ...)
	NOT-FOR-US: SWIFT Alliance Web Platform
CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...)
	- modsecurity-crs <unfixed> (low; bug #924352)
	[buster] - modsecurity-crs <no-dsa> (Minor issue)
	[stretch] - modsecurity-crs <no-dsa> (Minor issue)
	[jessie] - modsecurity-crs <no-dsa> (Minor issue)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167
CVE-2018-16383
	RESERVED
CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regfla ...)
	- nasm 2.14-1 (unimportant; bug #907866)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503
	NOTE: Duplicate of/relate to https://bugzilla.nasm.us/show_bug.cgi?id=3392447
	NOTE: https://github.com/netwide-assembler/nasm/commit/3c755dac88039b718d52ef56e8f74b5f65f3b55b
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16381 (e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&amp;action=l ...)
	NOT-FOR-US: e107
CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerab ...)
	NOT-FOR-US: Ogma CMS
CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "T ...)
	NOT-FOR-US: Ogma CMS
CVE-2018-16378
	RESERVED
CVE-2018-16377
	RESERVED
CVE-2018-16376 (An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflo ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1127
	NOTE: We build with -DBUILD_MJ2:BOOL=OFF
CVE-2018-16375 (An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1126
	NOTE: We build with -DBUILD_JPWL:BOOL=OFF
CVE-2018-16374 (Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-16373 (Frog CMS 0.9.5 has an Upload vulnerability that can create files via / ...)
	NOT-FOR-US: Frog CMS
CVE-2018-16372 (The issue was discovered in IdeaCMS through 2016-04-30. There is refle ...)
	NOT-FOR-US: IdeaCMS
CVE-2018-16371 (PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter ...)
	NOT-FOR-US: PESCMS Team
CVE-2018-16370 (In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP c ...)
	NOT-FOR-US: PESCMS Team
CVE-2018-16369 (XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...)
	- xpdf <unfixed> (unimportant)
	NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16368 (SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...)
	- xpdf <unfixed> (unimportant)
	NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access control vulner ...)
	NOT-FOR-US: OnlineJudge
CVE-2018-16366 (An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=us ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16365 (An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=gr ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine Applications Manage ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via th ...)
	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9  ...)
	NOT-FOR-US: Mantis plugin
CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS vi ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-16360
	RESERVED
CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits a ...)
	NOT-FOR-US: gVisor
CVE-2018-16358 (A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.p ...)
	- dotclear <removed>
CVE-2018-16357 (An issue was discovered in PbootCMS. There is a SQL injection via the  ...)
	NOT-FOR-US: PbootCMS
CVE-2018-16356 (An issue was discovered in PbootCMS. There is a SQL injection via the  ...)
	NOT-FOR-US: PbootCMS
CVE-2018-16355
	RESERVED
CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL in ...)
	NOT-FOR-US: FHCRM
CVE-2018-16353 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL in ...)
	NOT-FOR-US: FHCRM
CVE-2018-16352 (There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index. ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-16351
	RESERVED
CVE-2018-16350 (WUZHI CMS 4.1.0 has XSS via the index.php?m=core&amp;f=set&amp;v=basic ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-16349 (WUZHI CMS 4.1.0 has XSS via the index.php?m=link&amp;f=index&amp;v=add ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-16348 (SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, rela ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16347 (An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/im ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-16346 (ChemCMS 1.0.6 has XSS via the "setting -&gt; website information" fiel ...)
	NOT-FOR-US: ChemCMS
CVE-2018-16345 (An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability  ...)
	NOT-FOR-US: EasyCMS
CVE-2018-16344 (An issue was discovered in zzcms 8.3. It allows remote attackers to de ...)
	NOT-FOR-US: zzcms
CVE-2018-16343 (SeaCMS 6.61 allows remote attackers to execute arbitrary code because  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16342 (ShowDoc v1.8.0 has XSS via a new page. ...)
	NOT-FOR-US: ShowDoc
CVE-2018-16341
	RESERVED
CVE-2018-16340
	RESERVED
CVE-2018-16339 (An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-16338 (An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability  ...)
	NOT-FOR-US: AuraCMS
CVE-2018-16337 (An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability ...)
	NOT-FOR-US: Cscms
CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote  ...)
	{DLA-1551-1}
	- exiv2 0.27.2-6 (bug #916081)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/400
	NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c  ...)
	{DSA-4349-1}
	- tiff 4.0.9-5 (bug #907795)
	[jessie] - tiff 4.0.3-12.3+deb8u6
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2809
	NOTE: Different issue than CVE-2017-11613 but adressed with same set of commits.
	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2018-16334 (An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V1 ...)
	NOT-FOR-US: Tenda
CVE-2018-16333 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda
CVE-2018-16332 (An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=art ...)
	NOT-FOR-US: iCMS
CVE-2018-16331 (admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the  ...)
	NOT-FOR-US: DamiCMS
CVE-2018-16330 (Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid ...)
	NOT-FOR-US: Pandao Editor.md
CVE-2018-16329 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in th ...)
	- imagemagick <not-affected> (Only affects 7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1225
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c75f301d9ac84f91071393b02d8c88c8341c91c
CVE-2018-16328 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in th ...)
	- imagemagick 8:6.9.10.8+dfsg-1
	[stretch] - imagemagick <not-affected> (Vulnerable code introduced later)
	[jessie] - imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1224
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/107ce8577e818cf4801e5a59641cb769d645cc95
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e
CVE-2018-16327 (There is Stored XSS in Subrion 4.2.1 via the admin panel URL configura ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-16326 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
	NOT-FOR-US: PHP Scripts Mall Olx Clone
CVE-2018-16325 (There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title fie ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ u ...)
	NOT-FOR-US: IceWarp Server
CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #907776)
	[stretch] - imagemagick <not-affected> (Introduced by b8c63b156bf26b52e710b1a0643c846a6cd01e56 which wasn't backported to stretch)
	[jessie] - imagemagick <not-affected> (Introduced by b8c63b156bf26b52e710b1a0643c846a6cd01e56 which wasn't backported to jessie)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/57565dace66d550042522e203f522da711d551a6
CVE-2018-16322
	RESERVED
CVE-2018-16321
	RESERVED
CVE-2018-16320 (idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Travers ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16319
	RESERVED
CVE-2018-16318
	RESERVED
CVE-2018-16317
	RESERVED
CVE-2018-16316 (A stored Cross-site scripting (XSS) vulnerability in Portainer through ...)
	NOT-FOR-US: Portainer
CVE-2018-16315 (In waimai Super Cms 20150505, there is a CSRF vulnerability that can c ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-16314 (An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16313 (Bludit 2.3.4 allows XSS via a user name. ...)
	NOT-FOR-US: Bludit
CVE-2018-16312
	RESERVED
CVE-2018-16311
	RESERVED
CVE-2018-16310 (** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to ...)
	NOT-FOR-US: Technicolor
CVE-2018-16309
	REJECTED
CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV inject ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi X ...)
	NOT-FOR-US: Xiaomi
CVE-2018-16306
	RESERVED
CVE-2018-16305
	RESERVED
CVE-2018-16304
	RESERVED
CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause  ...)
	NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
	NOT-FOR-US: MediaComm Zip-n-Go
CVE-2018-16301
	REJECTED
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php ...)
	NOT-FOR-US: MiniCMS
CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16296 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16295 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16294 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16293 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16292 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16291 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16290
	RESERVED
CVE-2018-16289
	RESERVED
CVE-2018-16288 (LG SuperSign CMS allows reading of arbitrary files via signEzUI/playli ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16287 (LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/ ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16286 (LG SuperSign CMS allows authentication bypass because the CAPTCHA requ ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via the sho ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16284
	RESERVED
CVE-2018-16283 (The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Dir ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16282 (A command injection vulnerability in the web server functionality of M ...)
	NOT-FOR-US: Moxa
CVE-2018-16281 (The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Ji ...)
	NOT-FOR-US: DEISER
CVE-2018-16280
	RESERVED
CVE-2018-16279
	RESERVED
CVE-2018-16278 (phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticat ...)
	NOT-FOR-US: phpkaiyuancms PhpOpenSourceCMS (POSCMS)
CVE-2018-16277 (The Image Import function in XWiki through 10.7 has XSS. ...)
	NOT-FOR-US: XWiki
CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
	NOT-FOR-US: OPSWAT MetaDefender
CVE-2018-16276 (An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in t ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.8-1
	NOTE: Fixed by: https://git.kernel.org/linus/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 (4.18-rc5)
CVE-2018-16274
	RESERVED
CVE-2018-16273
	RESERVED
CVE-2018-16272 (The wpa_supplicant system service in Samsung Galaxy Gear series allows ...)
	NOT-FOR-US: Samsung
CVE-2018-16271 (The wemail_consumer_service (from the built-in application wemail) in  ...)
	NOT-FOR-US: Samsung
CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the hcidump utili ...)
	NOT-FOR-US: Samsung
CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows an unpri ...)
	NOT-FOR-US: Samsung
CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an unprivil ...)
	NOT-FOR-US: Tizen
CVE-2018-16267 (The system-popup system service in Tizen allows an unprivileged proces ...)
	NOT-FOR-US: Tizen
CVE-2018-16266 (The Enlightenment system service in Tizen allows an unprivileged proce ...)
	NOT-FOR-US: Tizen
CVE-2018-16265 (The bt/bt_core system service in Tizen allows an unprivileged process  ...)
	NOT-FOR-US: Tizen
CVE-2018-16264 (The BlueZ system service in Tizen allows an unprivileged process to pa ...)
	NOT-FOR-US: Tizen
CVE-2018-16263 (The PulseAudio system service in Tizen allows an unprivileged process  ...)
	NOT-FOR-US: Tizen
CVE-2018-16262 (The pkgmgr system service in Tizen allows an unprivileged process to p ...)
	NOT-FOR-US: Tizen
CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, the ...)
	NOT-FOR-US: Pulse Secure Pulse Desktop Client
CVE-2018-16260
	RESERVED
CVE-2018-16259 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16258 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16257 (** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16256 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16255 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16254 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
	- axtls <not-affected> (Fixed before initial upload to Debian)
CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML Exter ...)
	NOT-FOR-US: FsPro Labs Event Log Explorer
CVE-2018-16251 (A "search for user discovery" injection issue exists in Creatiwity wit ...)
	NOT-FOR-US: Creatiwity wityCMS
CVE-2018-16250 (The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presen ...)
	NOT-FOR-US: Creatiwity wityCMS
CVE-2018-16249 (In Symphony before 3.3.0, there is XSS in the Title under Post. The ID ...)
	NOT-FOR-US: b3log
CVE-2018-16248 (b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles ...)
	NOT-FOR-US: b3log
CVE-2018-16247 (YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html ti ...)
	NOT-FOR-US: YzmCMS
CVE-2018-16246
	RESERVED
CVE-2018-16245
	RESERVED
CVE-2018-16244
	RESERVED
CVE-2018-16243
	RESERVED
CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which  ...)
	NOT-FOR-US: oBike
CVE-2018-16241
	RESERVED
CVE-2018-16240
	RESERVED
CVE-2018-16239 (An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() ...)
	NOT-FOR-US: damiCMS
CVE-2018-16238 (An issue was discovered in damiCMS V6.0.1. Remote code execution can o ...)
	NOT-FOR-US: damiCMS
CVE-2018-16237 (An issue was discovered in damiCMS V6.0.1. There is Directory Traversa ...)
	NOT-FOR-US: damiCMS
CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the logs subdir ...)
	NOT-FOR-US: cPanel
CVE-2018-16235 (Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x bef ...)
	NOT-FOR-US: Telligent Community
CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
	NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFire Fire ...)
	NOT-FOR-US: IPFire
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows r ...)
	NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read  ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office 400 ...)
	NOT-FOR-US: Mitel
CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network ...)
	NOT-FOR-US: QBee MultiSensor Camera
CVE-2018-16224 (Incorrect access control for the diagnostic files of the iSmartAlarm C ...)
	NOT-FOR-US: iSmartAlarm Cube One
CVE-2018-16223 (Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecam ...)
	NOT-FOR-US: QBee Cam application for Android
CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml configurat ...)
	NOT-FOR-US: iSmartAlarm application for Android
CVE-2018-16221 (The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone S ...)
	NOT-FOR-US: Yeahlink
CVE-2018-16220 (Cross Site Scripting in different input fields (domain field and perso ...)
	NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16219 (A missing password verification in the web interface in AudioCodes 405 ...)
	NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16218 (A CSRF (Cross Site Request Forgery) in the web interface of the Yeahli ...)
	NOT-FOR-US: Yeahlink
CVE-2018-16217 (The network diagnostic function (ping) in the Yeahlink Ultra-elegant I ...)
	NOT-FOR-US: Yeahlink
CVE-2018-16216 (A command injection (missing input validation, escaping) in the monito ...)
	NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16215
	RESERVED
CVE-2018-16214
	RESERVED
CVE-2018-16213
	RESERVED
CVE-2018-16212
	RESERVED
CVE-2018-16211
	RESERVED
CVE-2018-16210 (WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01 ...)
	NOT-FOR-US: WAGO
CVE-2018-16209
	RESERVED
CVE-2018-16208
	RESERVED
CVE-2018-16207 (PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows  ...)
	NOT-FOR-US: PowerAct Pro Master Agent for Windows
CVE-2018-16206 (Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows  ...)
	NOT-FOR-US: GROWI
CVE-2018-16204 (Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0. ...)
	NOT-FOR-US: WordPress plugin google-sitemap-generator
CVE-2018-16203 (PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the logi ...)
	NOT-FOR-US: postgresql-pgpoolAdmin
CVE-2018-16202 (Directory traversal vulnerability in cordova-plugin-ionic-webview vers ...)
	NOT-FOR-US: cordova-plugin-ionic-webview
CVE-2018-16201 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16200 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16199 (Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1 ...)
	NOT-FOR-US: Toshiba
CVE-2018-16198 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication Dri ...)
	NOT-FOR-US: Yokogawa
CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 an ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 an ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200C ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 an ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1,  ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-16190 (Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMeltin ...)
	NOT-FOR-US: Some Windows installer
CVE-2018-16189 (Untrusted search path vulnerability in Self-Extracting Archives create ...)
	NOT-FOR-US: Some Windows installer
CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200  ...)
	NOT-FOR-US: RICOH
CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2. ...)
	NOT-FOR-US: RICOH
CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D ...)
	NOT-FOR-US: RICOH
CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D ...)
	NOT-FOR-US: RICOH
CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D ...)
	NOT-FOR-US: RICOH
CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed applicatio ...)
	NOT-FOR-US: Panasonic PC applications
CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED V ...)
	NOT-FOR-US: MARKET SPEED
CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlie ...)
	NOT-FOR-US: i-FILTER
CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...)
	NOT-FOR-US: i-FILTER
CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not  ...)
	NOT-FOR-US: Mizuho Direct App for Android
CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...)
	NOT-FOR-US: Random Windows installer
CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1 ...)
	NOT-FOR-US: Random Windows installer
CVE-2018-16175 (SQL injection vulnerability in the LearnPress prior to version 3.1.0 a ...)
	NOT-FOR-US: LearnPress
CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0 allow ...)
	NOT-FOR-US: LearnPress
CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version 3.1. ...)
	NOT-FOR-US: LearnPress
CVE-2018-16172 (Improper countermeasure against clickjacking attack in client certific ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3. ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3. ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attac ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct Pytho ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute arbit ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16166 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML E ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16165 (Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier al ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16164 (Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 ...)
	NOT-FOR-US: Event Calendar WD
CVE-2018-16163 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass ...)
	NOT-FOR-US: OpenDolphin
CVE-2018-16162 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain ...)
	NOT-FOR-US: OpenDolphin
CVE-2018-16161 (OpenDolphin 2.7.0 and earlier allows authenticated users to gain admin ...)
	NOT-FOR-US: OpenDolphin
CVE-2018-16160 (SecureCore Standard Edition Version 2.x allows an attacker to bypass t ...)
	NOT-FOR-US: SecureCore Standard Edition
CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Inject ...)
	NOT-FOR-US: Gift Vouchers plugin for WordPress
CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects Enterprise edition)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49947
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16051 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/6012
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-XXXX [gitlab: Missing CSRF in System Hooks]
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16049 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/46967
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49272
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16050 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 11.1 and 11.2)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49085
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS in Pipeline Tooltip]
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10  ...)
	NOT-FOR-US: Eaton Power Xpert Meter
CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-16156 (In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC ...)
	NOT-FOR-US: PaperStream IP (TWAIN)
CVE-2018-16155
	RESERVED
CVE-2018-16154
	RESERVED
CVE-2018-16153
	RESERVED
CVE-2018-16152 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp pl ...)
	{DSA-4305-1 DLA-1522-1}
	- strongswan 5.7.0-1
	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
CVE-2018-16151 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp pl ...)
	{DSA-4305-1 DLA-1522-1}
	- strongswan 5.7.0-1
	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
CVE-2018-16150 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
	- axtls <not-affected> (Fixed before initial upload to Debian)
CVE-2018-16149 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
	- axtls <not-affected> (Fixed before initial upload to Debian)
CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monito ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview Mon ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 5.4.2 provi ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at boot time ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16144 (The test connection functionality in the NetAudit section of Opsview M ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16143
	RESERVED
CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login ...)
	NOT-FOR-US: PHPOK
CVE-2018-16141 (ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_ava ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-16140 (A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...)
	{DLA-2073-1}
	- fig2dev 1:3.2.7a-3 (unimportant; bug #907660)
	- transfig <removed> (unimportant)
	NOTE: https://sourceforge.net/p/mcj/tickets/28/
	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16139 (Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008  ...)
	NOT-FOR-US: BIBLIOsoft BIBLIOpac
CVE-2018-16138 (An issue was discovered in the administration page in IPBRICK OS 6.3.  ...)
	NOT-FOR-US: IPBRICK OS
CVE-2018-16137 (An issue was discovered in the Web Management Console in IPBRICK OS 6. ...)
	NOT-FOR-US: IPBRICK OS
CVE-2018-16136 (An issue was discovered in the administrator interface in IPBRICK OS 6 ...)
	NOT-FOR-US: IPBRICK OS
CVE-2018-16135
	RESERVED
CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
	NOT-FOR-US: Cybrotech
CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ i ...)
	NOT-FOR-US: Cybrotech
CVE-2018-16132 (The image rendering component (createGenericPreview) of the Open Whisp ...)
	NOT-FOR-US: Signal app (specific on iOS)
CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in Lightbend Akka H ...)
	NOT-FOR-US: Lightbend Akka
CVE-2018-16130 (System command injection in request_mitv in Xiaomi Mi Router 3 version ...)
	NOT-FOR-US: Xiaomi Mi Router
CVE-2018-558213
	REJECTED
CVE-2018-16129
	RESERVED
CVE-2018-16128
	RESERVED
CVE-2018-16127
	RESERVED
CVE-2018-16126
	RESERVED
CVE-2018-16125
	RESERVED
CVE-2018-16124
	RESERVED
CVE-2018-16123
	RESERVED
CVE-2018-16122
	RESERVED
CVE-2018-16121
	RESERVED
CVE-2018-16120
	RESERVED
CVE-2018-16119 (Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (F ...)
	NOT-FOR-US: TP-Link
CVE-2018-16118 (A shell escape vulnerability in /webconsole/APIController in the API C ...)
	NOT-FOR-US: Sophos
CVE-2018-16117 (A shell escape vulnerability in /webconsole/Controller in Admin Portal ...)
	NOT-FOR-US: Sophos
CVE-2018-16116 (SQL injection vulnerability in AccountStatus.jsp in Admin Portal of So ...)
	NOT-FOR-US: Sophos
CVE-2018-16115 (Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modif ...)
	NOT-FOR-US: Lightbend Akka
CVE-2018-16114
	RESERVED
CVE-2018-16113
	REJECTED
CVE-2018-16112
	REJECTED
CVE-2018-16111
	REJECTED
CVE-2018-16110
	REJECTED
CVE-2018-16109
	REJECTED
CVE-2018-16108
	REJECTED
CVE-2018-16107
	REJECTED
CVE-2018-16106
	REJECTED
CVE-2018-16105
	REJECTED
CVE-2018-16104
	REJECTED
CVE-2018-16103
	REJECTED
CVE-2018-16102
	REJECTED
CVE-2018-16101
	REJECTED
CVE-2018-16100
	REJECTED
CVE-2018-16099
	REJECTED
CVE-2018-16098 (In some Lenovo ThinkPads, an unquoted search path vulnerability was fo ...)
	NOT-FOR-US: Lenovo
CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Ce ...)
	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the SMM web  ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the SMM reco ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an internal  ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16093 (In versions prior to 5.5, LXCI for VMware allows an authenticated user ...)
	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the FFDC fea ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the SMM cert ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the SMM cert ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a field in t ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16088 (A missing check for JS-simulated input events in Blink in Google Chrom ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16087 (Lack of proper state tracking in Permissions in Google Chrome prior to ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16086 (Insufficient policy enforcement in extensions API in Google Chrome pri ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16085 (A use after free in ResourceCoordinator in Google Chrome prior to 69.0 ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16084 (The default selected dialog button in CustomHandlers in Google Chrome  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16083 (An out of bounds read in forward error correction code in WebRTC in Go ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16082 (An out of bounds read in Swiftshader in Google Chrome prior to 69.0.34 ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16081 (Allowing the chrome.debugger API to run on file:// URLs in DevTools in ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16080 (A missing check for popup window handling in Fullscreen in Google Chro ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16079 (A race condition between permission prompts and navigations in Prompts ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16078 (Unsafe handling of credit card details in Autofill in Google Chrome pr ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16077 (Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16076 (Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16075 (Insufficient file type enforcement in Blink in Google Chrome prior to  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16074 (Insufficient policy enforcement in site isolation in Google Chrome pri ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16073 (Insufficient policy enforcement in site isolation in Google Chrome pri ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16072 (A missing origin check related to HLS manifests in Blink in Google Chr ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2018-16071 (A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allo ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16070 (Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allow ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16069 (Unintended floating-point error accumulation in SwiftShader in Google  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16068 (Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allo ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16067 (A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 al ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16066 (A use after free in Blink in Google Chrome prior to 69.0.3497.81 allow ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16065 (A Javascript reentrancy issues that caused a use-after-free in V8 in G ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16064 (Insufficient data validation in Extensions API in Google Chrome prior  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16063
	RESERVED
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (bug #907562)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
CVE-2018-16061
	RESERVED
CVE-2018-16060
	RESERVED
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
	NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)
	{DSA-4315-1 DLA-1634-1}
	- wireshark 2.6.3-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)
	{DSA-4315-1 DLA-1634-1}
	- wireshark 2.6.3-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html
CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)
	{DSA-4315-1}
	- wireshark 2.6.3-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-45.html
CVE-2018-16055 (An authenticated command injection vulnerability exists in status_inte ...)
	NOT-FOR-US: pfSense
CVE-2018-16054
	RESERVED
CVE-2018-16053
	RESERVED
CVE-2018-16052
	RESERVED
CVE-2018-16047 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16046 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16045 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16044 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16043 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16042 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16041 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16040 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16039 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16038 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16037 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16036 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16035 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16034 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16033 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16032 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16031 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16030 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16029 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16028 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16027 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16026 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16025 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16024 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16023 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16022 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16021 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16020 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16019 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16018 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2018-16017 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16016 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16015 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16014 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16013 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16012 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16011 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2018-16010 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16009 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16008 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16007 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16006 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16005 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16004 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16003 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16002 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16001 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16000 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15999 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15998 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15997 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15996 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15995 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15994 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15993 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15992 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15991 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15990 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15989 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15988 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15987 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15986 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15985 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15984 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15983 (Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earli ...)
	NOT-FOR-US: Adobe
CVE-2018-15982 (Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earli ...)
	NOT-FOR-US: Adobe
CVE-2018-15981 (Flash Player versions 31.0.0.148 and earlier have a type confusion vul ...)
	NOT-FOR-US: Adobe
CVE-2018-15980 (Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds r ...)
	NOT-FOR-US: Adobe
CVE-2018-15979 (Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15978 (Flash Player versions 31.0.0.122 and earlier have an out-of-bounds rea ...)
	NOT-FOR-US: Adobe
CVE-2018-15977
	REJECTED
CVE-2018-15976 (Adobe Technical Communications Suite versions 1.0.5.1 and below have a ...)
	NOT-FOR-US: Adobe
CVE-2018-15975
	REJECTED
CVE-2018-15974 (Adobe Framemaker versions 1.0.5.1 and below have an insecure library l ...)
	NOT-FOR-US: Adobe
CVE-2018-15973 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-15972 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-15971 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-15970 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-15969 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a privilege es ...)
	NOT-FOR-US: Adobe
CVE-2018-15966 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15965 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15964 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15963 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15962 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15961 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15960 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15959 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15958 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15957 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15956 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15955 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15954 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15953 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15952 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15951 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15950 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15949 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15948 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15947 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15946 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15945 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15944 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15943 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15942 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15941 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15940 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15939 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15938 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15937 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15936 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15935 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15934 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15933 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15932 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15931 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15930 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15929 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15928 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15927 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15926 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15925 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15924 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15923 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15922 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15921
	REJECTED
CVE-2018-15920 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) a ...)
	NOT-FOR-US: Jorani
CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow rem ...)
	NOT-FOR-US: Jorani
CVE-2018-15916
	RESERVED
CVE-2018-15915
	RESERVED
CVE-2018-15914
	RESERVED
CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 5.15.0. One ty ...)
	NOT-FOR-US: Cloudera
CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system  ...)
	NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...)
	- openssh <unfixed> (low; bug #907503)
	[buster] - openssh <ignored> (Minor issue)
	[stretch] - openssh <ignored> (Minor issue)
	[jessie] - openssh <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using  ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to s ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote ...)
	NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
CVE-2018-15906 (SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users  ...)
	NOT-FOR-US: SolarWinds
CVE-2018-15905
	RESERVED
CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P ...)
	NOT-FOR-US: A10 ACOS Web Application Firewall
CVE-2018-15903 (The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored ...)
	NOT-FOR-US: Claromentis
CVE-2018-15902
	RESERVED
CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing d ...)
	NOT-FOR-US: e107
CVE-2018-15900
	RESERVED
CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS ...)
	NOT-FOR-US: MiniCMS
CVE-2018-15898 (The Subsonic Music Streamer application 4.4 for Android has Improper C ...)
	NOT-FOR-US: Subsonic Music Streamer application for Android
CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers t ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Addr ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-15895 (An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because ...)
	NOT-FOR-US: iCMS
CVE-2018-15894 (A SQL injection was discovered in /coreframe/app/admin/pay/admin/index ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-15893 (A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-15892 (FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup  ...)
	NOT-FOR-US: FreePBX
CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, ...)
	NOT-FOR-US: FreePBX
CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserializ ...)
	NOT-FOR-US: EthereumJ
CVE-2018-15889
	REJECTED
CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering ordinary use ...)
	NOT-FOR-US: ASPCMS
CVE-2017-18346 (SQL injection vulnerability in /wbg/core/_includes/authorization.inc.p ...)
	NOT-FOR-US: CMS Web-Gooroo
CVE-2015-9265
	REJECTED
CVE-2015-9264 (Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute ...)
	NOT-FOR-US: Lansweeper
CVE-2015-9263 (An issue was discovered in post2file.php in Up.Time Monitoring Station ...)
	NOT-FOR-US: Up.Time
CVE-2014-10074 (Umbraco before 7.2.0 has a remote PHP code execution vulnerability bec ...)
	NOT-FOR-US: Umbraco
CVE-2018-15887 (Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to  ...)
	NOT-FOR-US: ASUS DSL-N12E_C1
CVE-2018-15886 (Monstra CMS 3.0.4 does not properly restrict modified Snippet content, ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission of netwo ...)
	NOT-FOR-US: Ovation FindMe
CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/ad ...)
	NOT-FOR-US: RICOH MP C4504ex devices
CVE-2018-15883
	RESERVED
CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks in ...)
	NOT-FOR-US: Joomla!
CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks re ...)
	NOT-FOR-US: Joomla!
CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output fi ...)
	NOT-FOR-US: Joomla!
CVE-2018-15879
	REJECTED
CVE-2018-15878
	REJECTED
CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary fi ...)
	NOT-FOR-US: Joomla addon
CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolutio ...)
	{DSA-4288-1 DLA-1527-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #908303)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
	NOTE: To not break cups with https://github.com/apple/cups/issues/5392
	NOTE: an additional (no-security) followup fix is needed as:
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f
	NOTE: Cf. https://bugs.debian.org/908300
CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type con ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect  ...)
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #908304)
	[stretch] - ghostscript <not-affected> (Introduced in 9.22)
	[jessie] - ghostscript <not-affected> (vulnerable code is not present)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect  ...)
	{DSA-4294-1 DLA-1504-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #907332; bug #907703)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
	NOTE: Partially fixed in 9.22~dfsg-3, see #907703
CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9 ...)
	{DSA-4288-1 DLA-1504-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #908305)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663
CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for W ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20. ...)
	NOT-FOR-US: D-Link
CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20. ...)
	NOT-FOR-US: D-Link
CVE-2018-15873 (A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid  ...)
	NOT-FOR-US: Sentrifugo
CVE-2018-15872
	RESERVED
CVE-2018-15871 (An invalid memory address dereference was discovered in decompileSingl ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/123
CVE-2018-15870 (An invalid memory address dereference was discovered in decompileGETVA ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/122
CVE-2018-15869 (An Amazon Web Services (AWS) developer who does not specify the --owne ...)
	- packer 1.3.1+dfsg-1 (low; bug #907298)
	[stretch] - packer <not-affected> (Vulnerable code added later)
	NOTE: https://github.com/hashicorp/packer/issues/6584
	NOTE: https://github.com/aws/aws-cli/issues/3629
CVE-2018-15868 (SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier  ...)
	NOT-FOR-US: ChronoScan
CVE-2018-15867
	RESERVED
CVE-2018-15866
	RESERVED
CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerabil ...)
	NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in  ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/co ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkb ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/4e2ee9c3f6050d773f8bbe05bc0edb17f1ff8371
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xk ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15860
	RESERVED
CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ExprResolve ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in CopyKeyA ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15857 (An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15856 (An infinite loop when reaching EOL unexpectedly in compose/parser.c (a ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15855 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used b ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15854 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used b ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcomm ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15852 (** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to ...)
	NOT-FOR-US: Technicolor
CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerabi ...)
	NOT-FOR-US: Flexo CMS
CVE-2018-15850 (An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerabi ...)
	NOT-FOR-US: REDAXO CMS
CVE-2018-15849 (An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-15848 (An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-15847 (An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability ...)
	NOT-FOR-US: puppyCMS
CVE-2018-15846 (An issue was discovered in fledrCMS through 2014-02-03. There is a CSR ...)
	NOT-FOR-US: fledrCMS
CVE-2018-15845 (There is a CSRF vulnerability that can add an administrator account in ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-15844 (An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerabili ...)
	NOT-FOR-US: DamiCMS
CVE-2018-15843 (GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" fie ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-15842 (WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. ...)
	NOT-FOR-US: WolfCMS
CVE-2018-15841
	RESERVED
CVE-2018-15840 (TP-Link TL-WR840N devices allow remote attackers to cause a denial of  ...)
	NOT-FOR-US: TP-Link
CVE-2018-15839 (D-Link DIR-615 devices have a buffer overflow via a long Authorization ...)
	NOT-FOR-US: D-Link DIR-615 devices
CVE-2018-15838
	RESERVED
CVE-2018-15837
	RESERVED
CVE-2018-15836 (In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan bef ...)
	- openswan <removed>
	NOTE: https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51
	NOTE: https://lists.openswan.org/pipermail/users/2018-August/023761.html
CVE-2018-15835 (Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID i ...)
	NOT-FOR-US: Android
CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in the r ...)
	- radare2 2.9.0+dfsg-1
	[jessie] - radare2 <not-affected> (Vulnerable code added later in 0.9.8)
	NOTE: https://github.com/radare/radare2/issues/11274
	NOTE: https://github.com/radare/radare2/pull/11300
CVE-2018-15833 (In Vanilla before 2.6.1, the polling functionality allows Insecure Dir ...)
	NOT-FOR-US: Vanilla
CVE-2018-15832 (upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows re ...)
	NOT-FOR-US: upc.exe in Ubisoft Uplay Desktop Client
CVE-2018-15831
	RESERVED
CVE-2018-15830
	RESERVED
CVE-2018-15829
	RESERVED
CVE-2018-15828
	RESERVED
CVE-2018-15827
	RESERVED
CVE-2018-15826
	RESERVED
CVE-2018-15825
	RESERVED
CVE-2018-15824
	RESERVED
CVE-2018-15823
	RESERVED
CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg throug ...)
	{DSA-4449-1 DLA-1809-1}
	- ffmpeg 7:4.0.3-1 (low)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
	- libav <removed>
CVE-2018-15821
	RESERVED
CVE-2018-15820 (EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GD ...)
	NOT-FOR-US: EasyIO
CVE-2018-15819 (EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Contro ...)
	NOT-FOR-US: EasyIO
CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker ...)
	NOT-FOR-US: Repute ARForms
CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15816 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15815 (FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted is ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15812 (DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption ...)
	NOT-FOR-US: DNN
CVE-2018-15811 (DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorith ...)
	NOT-FOR-US: DNN
CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory travers ...)
	NOT-FOR-US: Visiology Flipbox Software Suite
CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Mo ...)
	NOT-FOR-US: AccuPOS
CVE-2018-15808 (POSIM EVO 15.13 for Windows includes hardcoded database credentials fo ...)
	NOT-FOR-US: POSIM EVO for Windows
CVE-2018-15807 (POSIM EVO 15.13 for Windows includes an "Emergency Override" administr ...)
	NOT-FOR-US: POSIM EVO for Windows
CVE-2018-15806
	RESERVED
CVE-2018-15805 (Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML ex ...)
	NOT-FOR-US: Accusoft PrizmDoc HTML5 Document Viewer
CVE-2018-15804 (An issue was discovered in the MapR File System in MapR Converged Data ...)
	NOT-FOR-US: MapR File System
CVE-2018-15803
	REJECTED
CVE-2018-15802
	REJECTED
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...)
	- libspring-security-2.0-java <removed>
	[jessie] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an info ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15799
	REJECTED
CVE-2018-15798 (Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow all ...)
	NOT-FOR-US: Pivotal
CVE-2018-15797 (Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessa ...)
	NOT-FOR-US: Pivotal
CVE-2018-15794
	REJECTED
CVE-2018-15793
	REJECTED
CVE-2018-15792
	REJECTED
CVE-2018-15791
	REJECTED
CVE-2018-15790
	REJECTED
CVE-2018-15789
	REJECTED
CVE-2018-15788
	REJECTED
CVE-2018-15787
	REJECTED
CVE-2018-15786
	REJECTED
CVE-2018-15785
	REJECTED
CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerabilit ...)
	NOT-FOR-US: Dell
CVE-2018-15783
	REJECTED
CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
	NOT-FOR-US: RSA
CVE-2018-15781 (The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.0 ...)
	NOT-FOR-US: Dell
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access contro ...)
	NOT-FOR-US: RSA Archer
CVE-2018-15779
	REJECTED
CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...)
	NOT-FOR-US: Dell
CVE-2018-15777
	REJECTED
CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an imprope ...)
	NOT-FOR-US: EMC iDRAC
CVE-2018-15775
	REJECTED
CVE-2018-15774 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 version ...)
	NOT-FOR-US: EMC iDRAC
CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 a ...)
	NOT-FOR-US: Dell
CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for V ...)
	NOT-FOR-US: EMC RecoverPoint
CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for V ...)
	NOT-FOR-US: EMC RecoverPoint
CVE-2018-15770
	REJECTED
CVE-2018-15769 (RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x serie ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-15768 (Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/w ...)
	NOT-FOR-US: Dell OpenManage Network Manager
CVE-2018-15767 (The Dell OpenManage Network Manager virtual appliance versions prior t ...)
	NOT-FOR-US: Dell OpenManage Network Manager
CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Se ...)
	NOT-FOR-US: Dell
CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contain ...)
	NOT-FOR-US: EMC Secure Remote Services
CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote c ...)
	NOT-FOR-US: EMC ESRS Policy Manager
CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains an inform ...)
	NOT-FOR-US: Pivotal Container Service
CVE-2018-15762 (Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2 ...)
	NOT-FOR-US: Pivotal
CVE-2018-15761 (Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15760
	REJECTED
CVE-2018-15759 (Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 c ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2 ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2018-15757
	REJECTED
CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...)
	- libspring-java 4.3.21-1 (bug #911786)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <not-affected> (vulnerable code introduced in later version)
	NOTE: https://pivotal.io/security/cve-2018-15756
CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0,  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15754 (Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
	NOT-FOR-US: MensaMax application for Android
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
	NOT-FOR-US: MensaMax application for Android
CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remo ...)
	- salt 2018.3.3+dfsg1-1 (bug #913475)
	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
	NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
	- salt 2018.3.3+dfsg1-1 (bug #913476)
	[stretch] - salt <no-dsa> (Minor issue)
	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
	NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Fo ...)
	NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engi ...)
	NOT-FOR-US: Dell 2335dn printers
CVE-2018-15747 (The default configuration of glot-www through 2018-05-19 allows remote ...)
	NOT-FOR-US: glot-www
CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a den ...)
	- qemu 1:3.1+dfsg-1 (low; bug #907500)
	[stretch] - qemu <ignored> (Minor issue, too risky to backport, not enabled by default)
	[jessie] - qemu <ignored> (Minor issue, id. + patch requires Linux kernel >= 3.17 and libseccomp >= 2.2.0)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=70dfabeaa79ba4d7a3b699abe1a047c8012db114
CVE-2018-15745 (Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory ...)
	NOT-FOR-US: Argus Surveillance DVR
CVE-2018-15744
	RESERVED
CVE-2018-15743
	RESERVED
CVE-2018-15742
	RESERVED
CVE-2018-15741
	RESERVED
CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delega ...)
	NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-15739
	RESERVED
CVE-2018-15738 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla AntiMalware
CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15735 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15734 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15733 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15732 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15731 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15730 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15729 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15728 (Couchbase Server exposed the '/diag/eval' endpoint which by default is ...)
	NOT-FOR-US: Couchbase
CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows aut ...)
	- grafana <removed> (bug #907590)
	NOTE: https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
CVE-2018-1999047 (A improper authorization vulnerability exists in Jenkins 2.137 and ear ...)
	- jenkins <removed>
CVE-2018-1999046 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...)
	- jenkins <removed>
CVE-2018-1999045 (A improper authentication vulnerability exists in Jenkins 2.137 and ea ...)
	- jenkins <removed>
CVE-2018-1999044 (A denial of service vulnerability exists in Jenkins 2.137 and earlier, ...)
	- jenkins <removed>
CVE-2018-1999043 (A denial of service vulnerability exists in Jenkins 2.137 and earlier, ...)
	- jenkins <removed>
CVE-2018-1999042 (A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earli ...)
	- jenkins <removed>
CVE-2018-15726 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Pr ...)
	NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15725
	RESERVED
CVE-2018-15724
	RESERVED
CVE-2018-15723 (The Logitech Harmony Hub before version 4.15.206 is vulnerable to appl ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15722 (The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS c ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15721 (The XMPP server in Logitech Harmony Hub before version 4.15.206 is vul ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15720 (Logitech Harmony Hub before version 4.15.206 contained two hard-coded  ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15719 (Open Dental before version 18.4 installs a mysql database and uses the ...)
	NOT-FOR-US: Open Dental
CVE-2018-15718 (Open Dental before version 18.4 transmits the entire user database ove ...)
	NOT-FOR-US: Open Dental
CVE-2018-15717 (Open Dental before version 18.4 stores user passwords as base64 encode ...)
	NOT-FOR-US: Open Dental
CVE-2018-15716 (NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote comm ...)
	NOT-FOR-US: NUUO NVRMini2
CVE-2018-15715 (Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (befor ...)
	NOT-FOR-US: Zoom
CVE-2018-15714 (Nagios XI 5.5.6 allows reflected cross site scripting from remote unau ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15713 (Nagios XI 5.5.6 allows persistent cross site scripting from remote aut ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15712 (Nagios XI 5.5.6 allows reflected cross site scripting from remote unau ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15711 (Nagios XI 5.5.6 allows remote authenticated attackers to reset and reg ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15710 (Nagios XI 5.5.6 allows local authenticated attackers to escalate privi ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15709 (Nagios XI 5.5.6 allows remote authenticated attackers to execute arbit ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15708 (Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15707 (Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scrip ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15706 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote a ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15705 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote a ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer ov ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflecte ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerab ...)
	NOT-FOR-US: TP-Link
CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerab ...)
	NOT-FOR-US: TP-Link
CVE-2018-15700 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerab ...)
	NOT-FOR-US: TP-Link
CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a config ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15697 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15696 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15693 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authen ...)
	NOT-FOR-US: Inova Partner
CVE-2018-15692 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authen ...)
	NOT-FOR-US: Inova Partner
CVE-2018-15691 (Insecure deserialization of a specially crafted serialized object, in  ...)
	NOT-FOR-US: CA Release Automation
CVE-2018-15690
	REJECTED
CVE-2018-15689
	REJECTED
CVE-2018-15688 (A buffer overflow vulnerability in the dhcp6 client of systemd allows  ...)
	{DLA-1580-1}
	- network-manager 1.14.4-2
	[stretch] - network-manager 1.6.2-3+deb9u2
	[jessie] - network-manager <not-affected> (vulnerable code not present)
	- systemd 239-11 (bug #912008)
	[stretch] - systemd 232-25+deb9u6
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1639067
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921
	NOTE: https://github.com/systemd/systemd/commit/49653743f69658aeeebdb14faf1ab158f1f2cb20
	NOTE: systemd-networkd not enabled by default in Debian
	NOTE: NetworkManager: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=01ca2053bbea09f35b958c8cc7631e15469acb79
CVE-2018-15687 (A race condition in chown_one() of systemd allows an attacker to cause ...)
	- systemd 239-11 (bug #912007)
	[stretch] - systemd <not-affected> (Vulnerable code introduced later in v235)
	[jessie] - systemd <not-affected> (Vulnerable code introduced later in v235)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1689
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692
	NOTE: https://github.com/systemd/systemd/pull/10517
CVE-2018-15686 (A vulnerability in unit_deserialize of systemd allows an attacker to s ...)
	{DLA-1580-1}
	- systemd 239-12 (bug #912005)
	[stretch] - systemd 232-25+deb9u10
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
	NOTE: https://github.com/systemd/systemd/pull/10519
	NOTE: https://github.com/systemd/systemd/commit/9f1c81d80a435d15ca1bd536a6d043c18c81c047
CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain sce ...)
	- electron <itp> (bug #842420)
CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15683 (An issue was discovered in BTITeam XBTIT. The "returnto" parameter of  ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15682 (An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site  ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15681 (An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, t ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15680 (An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords s ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15679 (An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" paramet ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15678 (An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15677 (The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15676 (An issue was discovered in BTITeam XBTIT. By using String.replace and  ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15675
	RESERVED
CVE-2018-15674
	RESERVED
CVE-2018-15673
	RESERVED
CVE-2018-15672
	REJECTED
CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557
CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15668 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15667 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registe ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15666
	RESERVED
CVE-2018-15665 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2. ...)
	NOT-FOR-US: Cloudera
CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker ...)
	- docker.io 18.09.1+dfsg1-7.1 (bug #929662)
	NOTE: https://www.openwall.com/lists/oss-security/2019/05/28/1
	NOTE: https://github.com/moby/moby/pull/39252
CVE-2018-15663
	RESERVED
CVE-2018-15662
	RESERVED
CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka com.olaca ...)
	NOT-FOR-US: Ola Money application for Android
CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka com.olaca ...)
	NOT-FOR-US: Ola Money application for Android
CVE-2018-15659 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related  ...)
	NOT-FOR-US: 42Gears
CVE-2018-15658 (An issue was discovered in 42Gears SureMDM before 2018-11-27. By visit ...)
	NOT-FOR-US: 42Gears
CVE-2018-15657 (An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via  ...)
	NOT-FOR-US: 42Gears
CVE-2018-15656 (An issue was discovered in the registration API endpoint in 42Gears Su ...)
	NOT-FOR-US: 42Gears
CVE-2018-15655 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related  ...)
	NOT-FOR-US: 42Gears
CVE-2018-15654
	RESERVED
CVE-2018-15653
	RESERVED
CVE-2018-15652
	RESERVED
CVE-2018-15651
	RESERVED
CVE-2018-15650
	RESERVED
CVE-2018-15649
	RESERVED
CVE-2018-15648
	RESERVED
CVE-2018-15647
	RESERVED
CVE-2018-15646
	RESERVED
CVE-2018-15645
	RESERVED
CVE-2018-15644
	RESERVED
CVE-2018-15643
	RESERVED
CVE-2018-15642
	RESERVED
CVE-2018-15641
	RESERVED
CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
	NOT-FOR-US: Odoo
CVE-2018-15639
	RESERVED
CVE-2018-15638
	RESERVED
CVE-2018-15637
	RESERVED
CVE-2018-15636
	RESERVED
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
	NOT-FOR-US: Odoo
CVE-2018-15634
	RESERVED
CVE-2018-15633
	RESERVED
CVE-2018-15632
	RESERVED
CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and  ...)
	NOT-FOR-US: Odoo
CVE-2018-15630
	RESERVED
CVE-2018-15629
	REJECTED
CVE-2018-15628
	REJECTED
CVE-2018-15627
	REJECTED
CVE-2018-15626
	REJECTED
CVE-2018-15625
	REJECTED
CVE-2018-15624
	REJECTED
CVE-2018-15623
	REJECTED
CVE-2018-15622
	REJECTED
CVE-2018-15621
	REJECTED
CVE-2018-15620
	REJECTED
CVE-2018-15619
	REJECTED
CVE-2018-15618
	REJECTED
CVE-2018-15617 (A vulnerability in the "capro" (Call Processor) process component of A ...)
	NOT-FOR-US: Avaya
CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System Platform  ...)
	NOT-FOR-US: Avaya Aura System Platform
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management S ...)
	NOT-FOR-US: Avaya
CVE-2018-15614 (A vulnerability in the one-x Portal component of IP Office could allow ...)
	NOT-FOR-US: IP Office
CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config compo ...)
	NOT-FOR-US: Avaya
CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura Orc ...)
	NOT-FOR-US: Avaya
CVE-2018-15611 (A vulnerability in the local system administration component of Avaya  ...)
	NOT-FOR-US: Avaya Aura Communication Manager
CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP Office allow ...)
	NOT-FOR-US: Avaya
CVE-2018-15609
	RESERVED
CVE-2018-15608 (Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "A ...)
	NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x3 ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1255
	NOTE: This is mitigated by the default policies, if anyone modifies those they need
	NOTE: be tuned to the deployment's memory buildout
CVE-2018-15606 (An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 ...)
	NOT-FOR-US: SuiteCRM
CVE-2018-15605 (An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scrip ...)
	- phpmyadmin <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-5/
	NOTE: Introduced by: https://github.com/phpmyadmin/phpmyadmin/commit/9404287ac09415b627b6fa68c7d04a13f7ef41e2
	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1
CVE-2018-XXXX [security issue with the PASS command and duplicate server instances]
	- charybdis 4.1.1-1 (bug #906879)
	[stretch] - charybdis <not-affected> (Vulnerable code added later)
	[jessie] - charybdis <not-affected> (Vulnerable code added later)
	NOTE: partial fix: https://github.com/charybdis-ircd/charybdis/commit/d4b2529a61fb48ebcd54bc0fcc6f400f97bfe251
CVE-2018-15604
	RESERVED
CVE-2018-15603 (An issue was discovered in Victor CMS through 2018-05-10. There is XSS ...)
	NOT-FOR-US: Victor CMS
CVE-2018-15602 (Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerabil ...)
	NOT-FOR-US: Zyxel
CVE-2018-15601 (apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 perform ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-15600
	RESERVED
CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in Dropbear throu ...)
	{DLA-1476-1}
	- dropbear 2018.76-4 (bug #906890)
	[stretch] - dropbear 2016.74-5+deb9u1
	NOTE: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the ...)
	NOT-FOR-US: Traefik
CVE-2018-15597
	RESERVED
CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17 ...)
	NOT-FOR-US: MyBB
CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...)
	- cobbler <removed>
CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...)
	- cobbler <removed>
CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 versions pri ...)
	NOT-FOR-US: Godot
CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
	{DLA-1651-1}
	- libgd2 2.2.5-4.1 (low; bug #906886)
	[stretch] - libgd2 2.2.4-2+deb9u3
	NOTE: https://github.com/libgd/libgd/issues/447
	NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerabilit ...)
	- pkgconf <not-affected> (Vulnerable code introduced post 1.5.0)
	NOTE: Fixed by: https://github.com/pkgconf/pkgconf/commit/9b7affe0b1e6512c6c73d19e1220c94fdb5c8159
	NOTE: Introduced by: https://github.com/pkgconf/pkgconf/commit/b46bb93cd1fe221dc4d6ff5e3ce99feda4ea31f1
CVE-2018-1000220
	REJECTED
CVE-2018-1000219 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnera ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000218 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnera ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000217 (Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use Af ...)
	- cjson <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/DaveGamble/cJSON/issues/248
CVE-2018-1000216 (Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double ...)
	- cjson <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/DaveGamble/cJSON/issues/241
CVE-2018-1000215 (Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnera ...)
	- cjson 1.7.7-1
	NOTE: https://github.com/DaveGamble/cJSON/issues/267
CVE-2018-1000214
	REJECTED
CVE-2018-1000213
	REJECTED
CVE-2018-1000212
	REJECTED
CVE-2018-15595
	RESERVED
CVE-2018-15593 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 a ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15592 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 a ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15591 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 a ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15590 (An issue was discovered in Ivanti Workspace Control before 10.3.0.0 an ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15589
	RESERVED
CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in  ...)
	NOT-FOR-US: MailMate
CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being sp ...)
	{DSA-4457-1 DLA-1766-1}
	- evolution 3.30.5-1.1 (bug #924616)
	NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/120
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796424
	NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (evolution)
	NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (evolution)
CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed  ...)
	- enigmail 2:2.0.6.1-2
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: https://sourceforge.net/p/enigmail/bugs/849/
CVE-2018-1000657 (Rust Programming Language Rust standard library version Commit bfa0e1f ...)
	- rustc 1.22.1+dfsg1-1 (bug #906585)
	NOTE: Introduced by: https://github.com/rust-lang/rust/commit/bfa0e1f58acf1c28d500c34ed258f09ae021893e (1.3.0)
	NOTE: Fixed by: https://github.com/rust-lang/rust/commit/f71b37bc28326e272a37b938e835d4f99113eec2 (1.22.0)
	NOTE: https://github.com/rust-lang/rust/issues/44800
CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE-20: Imp ...)
	{DLA-1892-1}
	- flask 1.0.2-1
	[stretch] - flask <no-dsa> (Minor issue)
	NOTE: https://github.com/pallets/flask/pull/2691
CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vuln ...)
	NOT-FOR-US: Jsish
CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ...)
	[experimental] - libtasn1-6 4.14-1
	- libtasn1-6 4.14-2 (unimportant; bug #906768)
	- libtasn1-3 <removed>
	NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
	NOTE: No security impact, does not affect libtasn, but only the asn1Parser from
	NOTE: libtasn1-bin
CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection vulnerability i ...)
	NOT-FOR-US: zzcms
CVE-2018-1000652 (JabRef version &lt;=4.3.1 contains a XML External Entity (XXE) vulnera ...)
	- jabref 3.8.2+ds-12 (low; bug #921772)
	[stretch] - jabref 3.8.1+ds-3+deb9u1
	[jessie] - jabref <no-dsa> (Minor issue)
	NOTE: https://github.com/JabRef/jabref/issues/4229
	NOTE: https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
CVE-2018-1000651 (Stroom version &lt;5.4.5 contains a XML External Entity (XXE) vulnerab ...)
	NOT-FOR-US: Stroom
CVE-2018-1000650 (LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulner ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000649 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrest ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000648 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrest ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000647 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrest ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000646 (LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unres ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000645 (LibreHealthIO lh-ehr version &lt;REL-2.0.0 contains an Authenticated L ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000644 (Eclipse RDF4j version &lt; 2.4.0 Milestone 2 contains a XML External E ...)
	NOT-FOR-US: Eclipse RDF4j
CVE-2018-1000643
	REJECTED
CVE-2018-1000642 (FlightAirMap version &lt;=v1.0-beta.21 contains a Cross Site Scripting ...)
	NOT-FOR-US: FlightAirMap
CVE-2018-1000641 (YesWiki version &lt;= cercopitheque beta 1 contains a PHP Object Injec ...)
	NOT-FOR-US: YesWiki
CVE-2018-1000640 (OpenCart-Overclocked version &lt;=1.11.1 contains a Cross Site Scripti ...)
	NOT-FOR-US: OpenCart-Overclocked
CVE-2018-1000639 (LatexDraw version &lt;=4.0 contains a XML External Entity (XXE) vulner ...)
	NOT-FOR-US: LatexDraw
CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerabilit ...)
	NOT-FOR-US: MiniCMS
CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...)
	NOT-FOR-US: JerryScript
CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
	NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
	NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 conta ...)
	NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection  ...)
	{DLA-1517-1}
	- dom4j 2.1.1-1 (low)
	[stretch] - dom4j 1.6.1+dfsg.3-2+deb9u1
	NOTE: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
	NOTE: https://github.com/dom4j/dom4j/issues/48
CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote s ...)
	- curl 7.10.7-1
	NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
CVE-2018-15585 (Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD ...)
	NOT-FOR-US: GNU Board
CVE-2018-15584 (Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update ...)
	NOT-FOR-US: GNU Board
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD ...)
	NOT-FOR-US: GNU Board
CVE-2018-15582 (Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_wri ...)
	NOT-FOR-US: GNU Board
CVE-2018-15581 (Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.ph ...)
	NOT-FOR-US: GNU Board
CVE-2018-15580 (Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php  ...)
	NOT-FOR-US: GNU Board
CVE-2018-15579
	RESERVED
CVE-2018-15578
	RESERVED
CVE-2018-15577
	RESERVED
CVE-2018-15576 (An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php  ...)
	NOT-FOR-US: EasyLogin Pro
CVE-2018-15575
	RESERVED
CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in Repris ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License Manager (RLM ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandle ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
	NOTE: https://twitter.com/grsecurity/status/1029324426142199808
	NOTE: https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
CVE-2018-15572 (The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs. ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
	NOTE: https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV  ...)
	NOT-FOR-US: Export Users to CSV plugin for WordPress
CVE-2018-15570 (In waimai Super Cms 20150505, there is stored XSS via the /admin.php/F ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-15569 (my little forum 2.4.12 allows CSRF for deletion of users. ...)
	NOT-FOR-US: my little forum
CVE-2018-15568 (tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. ...)
	NOT-FOR-US: tp5cms
CVE-2018-15567 (CMSUno before 1.5.3 has XSS via the title field. ...)
	NOT-FOR-US: CMSUno
CVE-2018-15566 (tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html ...)
	NOT-FOR-US: tp5cms
CVE-2018-15565 (An issue was discovered in daveismyname simple-cms through 2014-03-11. ...)
	NOT-FOR-US: simple-cms
CVE-2018-15564 (An issue was discovered in daveismyname simple-cms through 2014-03-11. ...)
	NOT-FOR-US: simple-cms
CVE-2018-15563 (_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-15562 (CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiR ...)
	NOT-FOR-US: CMS ISWEB
CVE-2018-15561
	RESERVED
CVE-2018-15560 (PyCryptodome before 3.6.6 has an integer overflow in the data_len vari ...)
	- pycryptodome <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Legrandin/pycryptodome/issues/198
	NOTE: Introduced by: https://github.com/Legrandin/pycryptodome/commit/e1c7272f732abf3f2e2ea1326444ccbd339d17f2 (3.6.2)
	NOTE: Fixed by: https://github.com/Legrandin/pycryptodome/commit/d1739c62b9b845f8a5b342de08d6bf6e2722d247 (3.6.6)
CVE-2018-15559 (The editor in Xiuno BBS 4.0.4 allows stored XSS. ...)
	NOT-FOR-US: Xiuno BBS
CVE-2018-15558
	RESERVED
CVE-2018-15557 (An issue was discovered in the Quantenna WiFi Controller on Telus Acti ...)
	NOT-FOR-US: Telus Actiontec WEB6000Q devices
CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 a ...)
	NOT-FOR-US: Telus Actiontec WEB6000Q devices
CVE-2018-15555 (On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login  ...)
	NOT-FOR-US: Telus Actiontec WEB6000Q devices
CVE-2018-15554
	RESERVED
CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allo ...)
	NOT-FOR-US: Telus
CVE-2018-15552 (The "PayWinner" function of a simplelottery smart contract implementat ...)
	NOT-FOR-US: simplelottery smart contract implementation for The Ethereum Lottery
CVE-2018-15551
	RESERVED
CVE-2018-15550
	RESERVED
CVE-2018-15549
	RESERVED
CVE-2018-15548
	RESERVED
CVE-2018-15547
	RESERVED
CVE-2018-15546 (Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Sit ...)
	NOT-FOR-US: Accusoft PrizmDoc
CVE-2018-15545
	RESERVED
CVE-2018-15544
	RESERVED
CVE-2018-15543 (** DISPUTED ** An issue was discovered in the org.telegram.messenger a ...)
	NOT-FOR-US: org.telegram.messenger for Android
CVE-2018-15542 (** DISPUTED ** An issue was discovered in the org.telegram.messenger a ...)
	NOT-FOR-US: org.telegram.messenger for Android
CVE-2018-15541
	RESERVED
CVE-2018-15540 (Agentejo Cockpit performs actions on files without appropriate validat ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an att ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS Inventory ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9 ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9 ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauth ...)
	NOT-FOR-US: Geutebrueck
CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebrueck r ...)
	NOT-FOR-US: Geutebrueck
CVE-2018-15532 (SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local ...)
	NOT-FOR-US: Synaptics Touchpad drivers
CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javam ...)
	NOT-FOR-US: JavaMelody
CVE-2018-15530 (Cross-site scripting (XSS) in the web interface of the Xerox ColorQube ...)
	NOT-FOR-US: Xerox
CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny "Monito ...)
	NOT-FOR-US: Mutiny appliance
CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
	NOT-FOR-US: Java System Solutions SSO plugin
CVE-2018-15527
	RESERVED
CVE-2018-15526
	RESERVED
CVE-2018-15525
	RESERVED
CVE-2018-15524
	RESERVED
CVE-2018-15523
	RESERVED
CVE-2018-15522
	RESERVED
CVE-2018-15521
	RESERVED
CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). ...)
	NOT-FOR-US: Lexmark devices
CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...)
	NOT-FOR-US: Lexmark devices
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
	{DSA-4374-1 DLA-1786-1 DLA-1627-1}
	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
	- qtbase-opensource-src 5.11.3+dfsg-2
	- qt4-x11 4:4.8.7+dfsg-18 (low)
	[stretch] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/236691/
CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r00 ...)
	NOT-FOR-US: D-Link
CVE-2018-15516 (The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devic ...)
	NOT-FOR-US: D-Link
CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03  ...)
	NOT-FOR-US: D-Link
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ( ...)
	NOT-FOR-US: Docker for Windows
CVE-2018-15513 (Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs o ...)
	NOT-FOR-US: totemomail
CVE-2018-15512 (Cross-site scripting (XSS) vulnerability in the 'Authorisation Service ...)
	NOT-FOR-US: totemomail
CVE-2018-15511 (Cross-site scripting (XSS) vulnerability in the 'Notification template ...)
	NOT-FOR-US: totemomail
CVE-2018-15510 (Cross-site scripting (XSS) vulnerability in the 'Certificate' feature  ...)
	NOT-FOR-US: totemomail
CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
	NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
	NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15507
	RESERVED
CVE-2018-15506 (In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP func ...)
	NOT-FOR-US: BubbleUPnP
CVE-2018-15505 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb b ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb b ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks correct size c ...)
	NOT-FOR-US: Swoole
CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13  ...)
	NOT-FOR-US: Lone Wolf Technologies loadingDOCS
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27. ...)
	{DLA-1477-1}
	- libgit2 0.27.4+dfsg.1-0.1 (low)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
	NOTE: https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
CVE-2018-15500
	RESERVED
CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow lo ...)
	NOT-FOR-US: GEAR Software
CVE-2018-15498 (YSoft SafeQ Server 6 allows a replay attack. ...)
	NOT-FOR-US: YSoft SafeQ
CVE-2018-15497 (The Mitel MiVoice 5330e VoIP device is affected by memory corruption f ...)
	NOT-FOR-US: Mitel
CVE-2018-15496
	RESERVED
CVE-2018-15495 (/filemanager/upload.php in Responsive FileManager before 9.13.3 allows ...)
	NOT-FOR-US: Responsive FileManager
CVE-2018-15494 (In Dojo Toolkit before 1.14, there is unescaped string injection in do ...)
	{DLA-1492-1}
	- dojo 1.14.1+dfsg1-1 (bug #906540)
	NOTE: https://github.com/dojo/dojox/pull/283
CVE-2018-15493 (vBulletin 5.4.3 has an Open Redirect. ...)
	NOT-FOR-US: vBulletin
CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel License Manag ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2018-15491 (A vulnerability in the permission and encryption implementation of Zem ...)
	NOT-FOR-US: Zemana Anti-Logger
CVE-2018-15490 (An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe proces ...)
	NOT-FOR-US: ExpressVPN
CVE-2018-15489
	RESERVED
CVE-2018-15488
	RESERVED
CVE-2018-15487
	RESERVED
CVE-2018-15486 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15485 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15484 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15483 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
	NOT-FOR-US: LG devices specific issue
CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
	NOT-FOR-US: UCOPIA
CVE-2018-15480 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15479 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15478 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15477 (myStrom WiFi Switch V1 devices before 2.66 did not sanitize a paramete ...)
	NOT-FOR-US: myStrom
CVE-2018-15476 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15475
	RESERVED
CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Inj ...)
	NOTE: Dokuwiki non-issue
CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco TelePre ...)
	NOT-FOR-US: Cisco
CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy and Chargi ...)
	NOT-FOR-US: Cisco
CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive Secur ...)
	NOT-FOR-US: Cisco
CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR)  ...)
	NOT-FOR-US: Cisco
CVE-2018-15463 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15462 (A vulnerability in the TCP ingress handler for the data interfaces tha ...)
	NOT-FOR-US: Cisco
CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...)
	NOT-FOR-US: Cisco
CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2018-15459 (A vulnerability in the administrative web interface of Cisco Identity  ...)
	NOT-FOR-US: Cisco
CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower  ...)
	NOT-FOR-US: Cisco
CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services Engine  ...)
	NOT-FOR-US: Cisco
CVE-2018-15455 (A vulnerability in the logging component of Cisco Identity Services En ...)
	NOT-FOR-US: Cisco
CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection en ...)
	NOT-FOR-US: Cisco
CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S ...)
	NOT-FOR-US: Cisco
CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced Malware ...)
	NOT-FOR-US: Cisco
CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime S ...)
	NOT-FOR-US: Cisco
CVE-2018-15450 (A vulnerability in the web-based UI of Cisco Prime Collaboration Assur ...)
	NOT-FOR-US: Cisco
CVE-2018-15449 (A vulnerability in the web-based management interface of Cisco Video S ...)
	NOT-FOR-US: Cisco
CVE-2018-15448 (A vulnerability in the user management functions of Cisco Registered E ...)
	NOT-FOR-US: Cisco
CVE-2018-15447 (A vulnerability in the web framework code of Cisco Integrated Manageme ...)
	NOT-FOR-US: Cisco
CVE-2018-15446 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...)
	NOT-FOR-US: Cisco
CVE-2018-15445 (A vulnerability in the web-based management interface of Cisco Energy  ...)
	NOT-FOR-US: Cisco
CVE-2018-15444 (A vulnerability in the web-based user interface of Cisco Energy Manage ...)
	NOT-FOR-US: Cisco
CVE-2018-15443 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings Desktop  ...)
	NOT-FOR-US: Cisco
CVE-2018-15441 (A vulnerability in the web framework code of Cisco Prime License Manag ...)
	NOT-FOR-US: Cisco
CVE-2018-15440 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15439 (A vulnerability in the Cisco Small Business Switches software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2018-15437 (A vulnerability in the system scanning component of Cisco Immunet and  ...)
	NOT-FOR-US: Cisco
CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco Webex E ...)
	NOT-FOR-US: Cisco
CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco SocialM ...)
	NOT-FOR-US: Cisco
CVE-2018-15434 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-15433 (A vulnerability in the server backup function of Cisco Prime Infrastru ...)
	NOT-FOR-US: Cisco
CVE-2018-15432 (A vulnerability in the server backup function of Cisco Prime Infrastru ...)
	NOT-FOR-US: Cisco
CVE-2018-15431 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15430 (A vulnerability in the administrative web interface of Cisco Expresswa ...)
	NOT-FOR-US: Cisco
CVE-2018-15429 (A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platfor ...)
	NOT-FOR-US: Cisco
CVE-2018-15428 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
	NOT-FOR-US: Cisco
CVE-2018-15427 (A vulnerability in Cisco Video Surveillance Manager (VSM) Software run ...)
	NOT-FOR-US: Cisco
CVE-2018-15426 (A vulnerability in the web-based interface of Cisco Unity Connection c ...)
	NOT-FOR-US: Cisco
CVE-2018-15425 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15424 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15423 (A vulnerability in the web UI of Cisco HyperFlex Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2018-15422 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15421 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15420 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15419 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15418 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15417 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15416 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15415 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15414 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15413 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15412 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15411 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15410 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15409 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15408 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15407 (A vulnerability in the installation process of Cisco HyperFlex Softwar ...)
	NOT-FOR-US: Cisco
CVE-2018-15406 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2018-15405 (A vulnerability in the web interface for specific feature sets of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-15404 (A vulnerability in the web interface of Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2018-15403 (A vulnerability in the web interface of Cisco Emergency Responder, Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-15402 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
	NOT-FOR-US: Cisco
CVE-2018-15401 (A vulnerability in the web-based management interface of Cisco Hosted  ...)
	NOT-FOR-US: Cisco
CVE-2018-15400 (A vulnerability in the web-based management interface of Cisco Cloud S ...)
	NOT-FOR-US: Cisco
CVE-2018-15399 (A vulnerability in the TCP syslog module of Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco
CVE-2018-15398 (A vulnerability in the per-user-override feature of Cisco Adaptive Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-15397 (A vulnerability in the implementation of Traffic Flow Confidentiality  ...)
	NOT-FOR-US: Cisco
CVE-2018-15396 (A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity  ...)
	NOT-FOR-US: Cisco
CVE-2018-15395 (A vulnerability in the authentication and authorization checking mecha ...)
	NOT-FOR-US: Cisco
CVE-2018-15394 (A vulnerability in the Stealthwatch Management Console (SMC) of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-15393 (A vulnerability in the web-based management interface of Cisco Content ...)
	NOT-FOR-US: Cisco
CVE-2018-15392 (A vulnerability in the DHCP service of Cisco Industrial Network Direct ...)
	NOT-FOR-US: Cisco
CVE-2018-15391 (A vulnerability in certain IPv4 fragment-processing functions of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-15390 (A vulnerability in the FTP inspection engine of Cisco Firepower Threat ...)
	NOT-FOR-US: Cisco
CVE-2018-15389 (A vulnerability in the install function of Cisco Prime Collaboration P ...)
	NOT-FOR-US: Cisco
CVE-2018-15388 (A vulnerability in the WebVPN login process of Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2018-15387 (A vulnerability in the Cisco SD-WAN Solution could allow an unauthenti ...)
	NOT-FOR-US: Cisco
CVE-2018-15386 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2018-15385
	RESERVED
CVE-2018-15384
	RESERVED
CVE-2018-15383 (A vulnerability in the cryptographic hardware accelerator driver of Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-15382 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...)
	NOT-FOR-US: Cisco
CVE-2018-15381 (A Java deserialization vulnerability in Cisco Unity Express (CUE) coul ...)
	NOT-FOR-US: Cisco
CVE-2018-15380 (A vulnerability in the cluster service manager of Cisco HyperFlex Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-15379 (A vulnerability in which the HTTP web server for Cisco Prime Infrastru ...)
	NOT-FOR-US: Cisco
CVE-2018-15378 (A vulnerability in ClamAV versions prior to 0.100.2 could allow an att ...)
	{DLA-1553-1}
	- clamav 0.100.2+dfsg-1 (bug #910430)
	[stretch] - clamav 0.100.2+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html
	NOTE: http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html
CVE-2018-15377 (A vulnerability in the Cisco Network Plug and Play agent, also referre ...)
	NOT-FOR-US: Cisco
CVE-2018-15376 (A vulnerability in the embedded test subsystem of Cisco IOS Software f ...)
	NOT-FOR-US: Cisco
CVE-2018-15375 (A vulnerability in the embedded test subsystem of Cisco IOS Software f ...)
	NOT-FOR-US: Cisco
CVE-2018-15374 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-15373 (A vulnerability in the implementation of Cisco Discovery Protocol func ...)
	NOT-FOR-US: Cisco
CVE-2018-15372 (A vulnerability in the MACsec Key Agreement (MKA) using Extensible Aut ...)
	NOT-FOR-US: Cisco
CVE-2018-15371 (A vulnerability in the shell access request mechanism of Cisco IOS XE  ...)
	NOT-FOR-US: Cisco
CVE-2018-15370 (A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco C ...)
	NOT-FOR-US: Cisco
CVE-2018-15369 (A vulnerability in the TACACS+ client subsystem of Cisco IOS Software  ...)
	NOT-FOR-US: Cisco
CVE-2018-15368 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-15367 (A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalatio ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15366 (A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro De ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information Disclos ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micr ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15362 (XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 ...)
	NOT-FOR-US: GE Proficy Cimplicity GDS
CVE-2018-15361 (UltraVNC revision 1198 has a buffer underflow vulnerability in VNC cli ...)
	NOT-FOR-US: UltraVNC
CVE-2018-15360 (An attacker without authentication can login with default credentials  ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15359 (An authenticated attacker with low privileges can use insecure sudo co ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15358 (An authenticated attacker with low privileges can activate high privil ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15357 (An authenticated attacker with low privileges can extract password has ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15356 (An authenticated attacker can execute arbitrary code using command eje ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15355 (Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraft ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15354 (A Buffer Overflow exploited through web interface by remote attacker c ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15353 (A Buffer Overflow exploited through web interface by remote attacker c ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15352 (An attacker with low privileges can cause denial of service in Kraftwa ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15351 (Denial of service via crafting malicious link and sending it to a priv ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware version  ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...)
	{DSA-4280-1 DLA-1474-1}
	- openssh 1:7.7p1-4 (bug #906236)
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
	NOTE: https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
	NOTE: PoC at https://bugfuzz.com/stuff/ssh-check-username.py
CVE-2018-15349
	REJECTED
CVE-2018-15348
	REJECTED
CVE-2018-15347
	REJECTED
CVE-2018-15346
	REJECTED
CVE-2018-15345
	REJECTED
CVE-2018-15344
	REJECTED
CVE-2018-15343
	REJECTED
CVE-2018-15342
	REJECTED
CVE-2018-15341
	REJECTED
CVE-2018-15340
	REJECTED
CVE-2018-15339
	REJECTED
CVE-2018-15338
	REJECTED
CVE-2018-15337
	REJECTED
CVE-2018-15336
	REJECTED
CVE-2018-15335 (When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM be ...)
	NOT-FOR-US: F5
CVE-2018-15334 (A cross-site request forgery (CSRF) vulnerability in the APM webtop 11 ...)
	NOT-FOR-US: F5
CVE-2018-15333 (On versions 11.2.1. and greater, unrestricted Snapshot File Access all ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15331 (On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15330 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15329 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Ent ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15328 (On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15325 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15324 (On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15323 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15322 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15321 (When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15320 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patt ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malici ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Refle ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Refle ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Si ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-XXXX [libykneomgr memory corruption]
	- libykneomgr <removed> (low; bug #906138)
	[stretch] - libykneomgr <no-dsa> (Minor issue)
	[jessie] - libykneomgr <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxenstored ...)
	{DSA-4274-1 DLA-1577-1}
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant)
	NOTE: https://xenbits.xen.org/xsa/advisory-272.html
CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen- ...)
	{DSA-4313-1 DLA-1715-1}
	- linux 4.18.10-2
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-270.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contai ...)
	{DSA-4274-1}
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	[jessie] - xen <not-affected> (Only affects 4.6 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-269.html
CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never properly impl ...)
	{DSA-4274-1 DLA-1577-1}
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	NOTE: https://xenbits.xen.org/xsa/advisory-268.html
CVE-2018-15309
	RESERVED
CVE-2018-15308
	RESERVED
CVE-2018-15307
	RESERVED
CVE-2018-15306
	RESERVED
CVE-2018-15305
	RESERVED
CVE-2018-15304
	RESERVED
CVE-2018-15303
	RESERVED
CVE-2018-15302
	RESERVED
CVE-2018-15301
	RESERVED
CVE-2018-15300
	RESERVED
CVE-2018-15299
	RESERVED
CVE-2018-15298
	RESERVED
CVE-2018-15297
	RESERVED
CVE-2018-15296
	RESERVED
CVE-2018-15295
	RESERVED
CVE-2018-15294
	RESERVED
CVE-2018-15293
	RESERVED
CVE-2018-15292
	RESERVED
CVE-2018-15291
	RESERVED
CVE-2018-15290
	RESERVED
CVE-2018-15289
	RESERVED
CVE-2018-15288
	RESERVED
CVE-2018-15287
	RESERVED
CVE-2018-15286
	RESERVED
CVE-2018-15285
	RESERVED
CVE-2018-15284
	RESERVED
CVE-2018-15283
	RESERVED
CVE-2018-15282
	RESERVED
CVE-2018-15281
	RESERVED
CVE-2018-15280
	RESERVED
CVE-2018-15279
	RESERVED
CVE-2018-15278
	RESERVED
CVE-2018-15277
	RESERVED
CVE-2018-15276
	RESERVED
CVE-2018-15275
	RESERVED
CVE-2018-15274
	RESERVED
CVE-2018-15273
	RESERVED
CVE-2018-15272
	RESERVED
CVE-2018-15271
	RESERVED
CVE-2018-15270
	RESERVED
CVE-2018-15269
	RESERVED
CVE-2018-15268
	RESERVED
CVE-2018-15267
	RESERVED
CVE-2018-15266
	RESERVED
CVE-2018-15265
	RESERVED
CVE-2018-15264
	RESERVED
CVE-2018-15263
	RESERVED
CVE-2018-15262
	RESERVED
CVE-2018-15261
	RESERVED
CVE-2018-15260
	RESERVED
CVE-2018-15259
	RESERVED
CVE-2018-15258
	RESERVED
CVE-2018-15257
	RESERVED
CVE-2018-15256
	RESERVED
CVE-2018-15255
	RESERVED
CVE-2018-15254
	RESERVED
CVE-2018-15253
	RESERVED
CVE-2018-15252
	RESERVED
CVE-2018-15251
	RESERVED
CVE-2018-15250
	RESERVED
CVE-2018-15249
	RESERVED
CVE-2018-15248
	RESERVED
CVE-2018-15247
	RESERVED
CVE-2018-15246
	RESERVED
CVE-2018-15245
	RESERVED
CVE-2018-15244
	RESERVED
CVE-2018-15243
	RESERVED
CVE-2018-15242
	RESERVED
CVE-2018-15241
	RESERVED
CVE-2018-15240
	RESERVED
CVE-2018-15239
	RESERVED
CVE-2018-15238
	RESERVED
CVE-2018-15237
	RESERVED
CVE-2018-15236
	RESERVED
CVE-2018-15235
	RESERVED
CVE-2018-15234
	RESERVED
CVE-2018-15233
	RESERVED
CVE-2018-15232
	RESERVED
CVE-2018-15231
	RESERVED
CVE-2018-15230
	RESERVED
CVE-2018-15229
	RESERVED
CVE-2018-15228
	RESERVED
CVE-2018-15227
	RESERVED
CVE-2018-15226
	RESERVED
CVE-2018-15225
	RESERVED
CVE-2018-15224
	RESERVED
CVE-2018-15223
	RESERVED
CVE-2018-15222
	RESERVED
CVE-2018-15221
	RESERVED
CVE-2018-15220
	RESERVED
CVE-2018-15219
	RESERVED
CVE-2018-15218
	RESERVED
CVE-2018-15217
	RESERVED
CVE-2018-15216
	RESERVED
CVE-2018-15215
	RESERVED
CVE-2018-15214
	RESERVED
CVE-2018-15213
	RESERVED
CVE-2018-15212
	RESERVED
CVE-2018-15211
	RESERVED
CVE-2018-15210
	RESERVED
CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows ...)
	{DSA-4349-1}
	- tiff 4.0.9-5 (bug #905798)
	[jessie] - tiff <not-affected> (Cannot reproduce with crash file)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2808
	NOTE: Different issue than CVE-2017-11613 but adressed with same set of commits.
	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2018-15208 (BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. ...)
	NOT-FOR-US: BPC SmartVista
CVE-2018-15207 (BPC SmartVista 2 has Improper Access Control in the SVFE module, where ...)
	NOT-FOR-US: BPC SmartVista
CVE-2018-15206 (BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.js ...)
	NOT-FOR-US: BPC SmartVista
CVE-2018-15205
	RESERVED
CVE-2018-15204
	RESERVED
CVE-2018-15203 (An issue was discovered in Ignited CMS through 2017-02-19. ign/index.p ...)
	NOT-FOR-US: Ignited CMS
CVE-2018-15202 (An issue was discovered in Juunan06 eCommerce through 2018-08-05. Ther ...)
	NOT-FOR-US: Juunan06 eCommerce
CVE-2018-15201
	RESERVED
CVE-2018-15200
	RESERVED
CVE-2018-15199 (AuraCMS 2.3 allows XSS via a Bukutamu -&gt; AddGuestbook action. ...)
	NOT-FOR-US: AuraCMS
CVE-2018-15198 (An issue was discovered in OneThink v1.1. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: OneThink
CVE-2018-15197 (An issue was discovered in OneThink v1.1. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: OneThink
CVE-2018-15196
	RESERVED
CVE-2018-15195
	RESERVED
CVE-2018-15194
	RESERVED
CVE-2018-15193 (A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows ...)
	NOT-FOR-US: Go Git Service
CVE-2018-15192 (An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs  ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/issues/4624
CVE-2018-15191 (PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15190 (PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First N ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15189 (PHP Scripts Mall advanced-real-estate-script has XSS via the Name fiel ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15188 (PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attac ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15187 (PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-p ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15186 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15185 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows re ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15184 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Store ...)
	NOT-FOR-US: PHP Scripts Mall Naukri / Shine / Jobsite Clone Script
CVE-2018-15183 (PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 ...)
	NOT-FOR-US: PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script
CVE-2018-15182 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-15181 (JioFi 4G Hotspot M2S devices allow attackers to cause a denial of serv ...)
	NOT-FOR-US: JioFi 4G Hotspot M2S devices
CVE-2018-15180 (qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect vi ...)
	NOT-FOR-US: QASymphony qTest Manager
CVE-2018-15179
	RESERVED
CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote attacker ...)
	NOT-FOR-US: Go Git Service
CVE-2018-15177 (In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can a ...)
	NOT-FOR-US: Gxlcms
CVE-2018-15176 (XnView 2.45 allows remote attackers to cause a denial of service (User ...)
	NOT-FOR-US: XnView
CVE-2018-15175 (XnView 2.45 allows remote attackers to cause a denial of service (User ...)
	NOT-FOR-US: XnView
CVE-2018-15174 (XnView 2.45 allows remote attackers to cause a denial of service (Read ...)
	NOT-FOR-US: XnView
CVE-2018-15173 (Nmap through 7.70, when the -sV option is used, allows remote attacker ...)
	- nmap <unfixed> (unimportant)
	NOTE: No security impact
CVE-2018-15172 (TP-Link WR840N devices have a buffer overflow via a long Authorization ...)
	NOT-FOR-US: TP-Link WR840N devices
CVE-2018-15171
	RESERVED
CVE-2018-15170
	RESERVED
CVE-2018-15169 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEng ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-15168 (A SQL Injection vulnerability exists in the Zoho ManageEngine Applicat ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-15167
	RESERVED
CVE-2018-15166
	RESERVED
CVE-2018-15165
	RESERVED
CVE-2018-15164
	RESERVED
CVE-2018-15163
	RESERVED
CVE-2018-15162
	RESERVED
CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...)
	- libesedb <undetermined>
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in libese ...)
	- libesedb <undetermined>
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...)
	- libesedb <undetermined>
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...)
	- libesedb <undetermined>
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c  ...)
	NOT-FOR-US: libfsclfs
CVE-2018-15156 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15155 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15154 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15153 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15152 (Authentication bypass vulnerability in portal/account/register.php in  ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15151 (SQL injection vulnerability in interface/de_identification_forms/find_ ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15150 (SQL injection vulnerability in interface/de_identification_forms/de_id ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15149 (SQL injection vulnerability in interface/forms/eye_mag/php/Anything_si ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15148 (SQL injection vulnerability in interface/patient_file/encounter/search ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15147 (SQL injection vulnerability in interface/forms_admin/forms_admin.php f ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15146 (SQL injection vulnerability in interface/de_identification_forms/find_ ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15145 (Multiple SQL injection vulnerabilities in portal/add_edit_event_user.p ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15144 (SQL injection vulnerability in interface/de_identification_forms/find_ ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15143 (Multiple SQL injection vulnerabilities in portal/find_appt_popup_user. ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15142 (Directory traversal in portal/import_template.php in versions of OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15141 (Directory traversal in portal/import_template.php in versions of OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in v ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/down ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS 30M
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file  ...)
	NOT-FOR-US: CeLa Link CLR-M20 devices
CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation. This allo ...)
	NOT-FOR-US: TitanHQ
CVE-2018-15135
	RESERVED
CVE-2018-15134
	RESERVED
CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...)
	NOT-FOR-US: Laravel
CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...)
	- php7.2 <not-affected> (Windows-specific)
	- php7.1 <not-affected> (Windows-specific)
	- php7.0 <not-affected> (Windows-specific)
	- php5 <not-affected> (Windows-specific)
	NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76459
	NOTE: https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4
CVE-2018-15131 (An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x be ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-15130 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&amp;a ...)
	NOT-FOR-US: ThinkSAAS
CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not confi ...)
	- zoneminder <not-affected> (Vulnerable code never in a embedded copy version for zoneminder)
	- cacti <not-affected> (Vulnerable code never in any release inclusing embedded copy, i.e. pre 1.0.4)
	NOTE: Issue is in embedded csrf-magic
	NOTE: http://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4)
CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&amp ...)
	NOT-FOR-US: ThinkSAAS
CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, H ...)
	NOT-FOR-US: Polycom Group Series
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerabilit ...)
	{DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...)
	{DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	NOTE: https://github.com/LibVNC/libvncserver/issues/243
	NOTE: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
	NOTE: When fixing this issue make sure to not open CVE-2018-20749 and CVE-2018-20750
	NOTE: Additional commits:
	NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
	NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	NOTE: https://github.com/LibVNC/libvncserver/issues/242
	NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242)
	NOTE: Individual commits:
	NOTE: https://github.com/LibVNC/libvncserver/commit/89419fb1a0cef42b63528e6930f4e545cfef4c95
	NOTE: https://github.com/LibVNC/libvncserver/commit/f8912fee5a58fb3975eda2589f6d4686f0c1ae68
	NOTE: https://github.com/LibVNC/libvncserver/commit/73cb96fec028a576a5a24417b57723b55854ad7b (main part of the fix)
	NOTE: https://github.com/LibVNC/libvncserver/commit/2d939267a176bf4976dbad36399638956ad8cc34
	NOTE: https://github.com/LibVNC/libvncserver/commit/495ffa3f3a213ab058eee1d7da48fa5ef71914d8
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/
CVE-2018-15125 (Sensitive Information Disclosure in Zipato Zipabox Smart Home Controll ...)
	NOT-FOR-US: Zipato
CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD R ...)
	NOT-FOR-US: Zipato
CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Controller ...)
	NOT-FOR-US: Zipato
CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.323.2 a ...)
	NOT-FOR-US: Telerik
CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. A ...)
	NOT-FOR-US: Auth0 auth0-aspnet
CVE-2018-15120 (libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other  ...)
	- pango1.0 1.42.4-1 (low)
	[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
	[jessie] - pango1.0 <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
CVE-2018-15119
	RESERVED
CVE-2018-15118
	RESERVED
CVE-2018-15117
	RESERVED
CVE-2018-15116
	RESERVED
CVE-2018-15115
	RESERVED
CVE-2018-15114
	RESERVED
CVE-2018-15113
	RESERVED
CVE-2018-15112
	RESERVED
CVE-2018-15111
	RESERVED
CVE-2018-15110
	RESERVED
CVE-2018-15109
	RESERVED
CVE-2018-15108
	RESERVED
CVE-2018-15107
	RESERVED
CVE-2018-15106
	RESERVED
CVE-2018-15105
	RESERVED
CVE-2018-15104
	RESERVED
CVE-2018-15103
	RESERVED
CVE-2018-15102
	RESERVED
CVE-2018-15101
	RESERVED
CVE-2018-15100
	RESERVED
CVE-2018-15099
	RESERVED
CVE-2018-15098
	RESERVED
CVE-2018-15097
	RESERVED
CVE-2018-15096
	RESERVED
CVE-2018-15095
	RESERVED
CVE-2018-15094
	RESERVED
CVE-2018-15093
	RESERVED
CVE-2018-15092
	RESERVED
CVE-2018-15091
	RESERVED
CVE-2018-15090
	RESERVED
CVE-2018-15089
	RESERVED
CVE-2018-15088
	RESERVED
CVE-2018-15087
	RESERVED
CVE-2018-15086
	RESERVED
CVE-2018-15085
	RESERVED
CVE-2018-15084
	RESERVED
CVE-2018-15083
	RESERVED
CVE-2018-15082
	RESERVED
CVE-2018-15081
	RESERVED
CVE-2018-15080
	RESERVED
CVE-2018-15079
	RESERVED
CVE-2018-15078
	RESERVED
CVE-2018-15077
	RESERVED
CVE-2018-15076
	RESERVED
CVE-2018-15075
	RESERVED
CVE-2018-15074
	RESERVED
CVE-2018-15073
	RESERVED
CVE-2018-15072
	RESERVED
CVE-2018-15071
	RESERVED
CVE-2018-15070
	RESERVED
CVE-2018-15069
	RESERVED
CVE-2018-15068
	RESERVED
CVE-2018-15067
	RESERVED
CVE-2018-15066
	RESERVED
CVE-2018-15065
	RESERVED
CVE-2018-15064
	RESERVED
CVE-2018-15063
	RESERVED
CVE-2018-15062
	RESERVED
CVE-2018-15061
	RESERVED
CVE-2018-15060
	RESERVED
CVE-2018-15059
	RESERVED
CVE-2018-15058
	RESERVED
CVE-2018-15057
	RESERVED
CVE-2018-15056
	RESERVED
CVE-2018-15055
	RESERVED
CVE-2018-15054
	RESERVED
CVE-2018-15053
	RESERVED
CVE-2018-15052
	RESERVED
CVE-2018-15051
	RESERVED
CVE-2018-15050
	RESERVED
CVE-2018-15049
	RESERVED
CVE-2018-15048
	RESERVED
CVE-2018-15047
	RESERVED
CVE-2018-15046
	RESERVED
CVE-2018-15045
	RESERVED
CVE-2018-15044
	RESERVED
CVE-2018-15043
	RESERVED
CVE-2018-15042
	RESERVED
CVE-2018-15041
	RESERVED
CVE-2018-15040
	RESERVED
CVE-2018-15039
	RESERVED
CVE-2018-15038
	RESERVED
CVE-2018-15037
	RESERVED
CVE-2018-15036
	RESERVED
CVE-2018-15035
	RESERVED
CVE-2018-15034
	RESERVED
CVE-2018-15033
	RESERVED
CVE-2018-15032
	RESERVED
CVE-2018-15031
	RESERVED
CVE-2018-15030
	RESERVED
CVE-2018-15029
	RESERVED
CVE-2018-15028
	RESERVED
CVE-2018-15027
	RESERVED
CVE-2018-15026
	RESERVED
CVE-2018-15025
	RESERVED
CVE-2018-15024
	RESERVED
CVE-2018-15023
	RESERVED
CVE-2018-15022
	RESERVED
CVE-2018-15021
	RESERVED
CVE-2018-15020
	RESERVED
CVE-2018-15019
	RESERVED
CVE-2018-15018
	RESERVED
CVE-2018-15017
	RESERVED
CVE-2018-15016
	RESERVED
CVE-2018-15015
	RESERVED
CVE-2018-15014
	RESERVED
CVE-2018-15013
	RESERVED
CVE-2018-15012
	RESERVED
CVE-2018-15011
	RESERVED
CVE-2018-15010
	RESERVED
CVE-2018-15009
	RESERVED
CVE-2018-15008
	RESERVED
CVE-2018-15007 (The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x60 ...)
	NOT-FOR-US: Sky Elite
CVE-2018-15006 (The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917 ...)
	NOT-FOR-US: ZTE
CVE-2018-15005 (The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917 ...)
	NOT-FOR-US: ZTE
CVE-2018-15004 (The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/ ...)
	NOT-FOR-US: Coolpad
CVE-2018-15003 (The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:us ...)
	NOT-FOR-US: Coolpad
CVE-2018-15002 (The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2 ...)
	NOT-FOR-US: Vivo V7 device
CVE-2018-15001 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
	NOT-FOR-US: Vivo V7 device
CVE-2018-15000 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
	NOT-FOR-US: Vivo V7 device
CVE-2018-14999 (The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bir ...)
	NOT-FOR-US: Leagoo P1 Android device
CVE-2018-14998 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
	NOT-FOR-US: Leagoo P1 Android device
CVE-2018-14997 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
	NOT-FOR-US: Leagoo P1 Android device
CVE-2018-14996 (The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CP ...)
	NOT-FOR-US: Oppo F5
CVE-2018-14995 (The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z ...)
	NOT-FOR-US: ZTE
CVE-2018-14994 (The Essential Phone Android device with a build fingerprint of essenti ...)
	NOT-FOR-US: Essential Phone
CVE-2018-14993 (The ASUS Zenfone V Live Android device with a build fingerprint of asu ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14992 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14991 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
	NOT-FOR-US: Coolpad Defiant
CVE-2018-14990 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
	NOT-FOR-US: Coolpad Defiant
CVE-2018-14989 (The Plum Compass Android device with a build fingerprint of PLUM/c179_ ...)
	NOT-FOR-US: Plum Compass
CVE-2018-14988 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
	NOT-FOR-US: MXQ TV Box
CVE-2018-14987 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
	NOT-FOR-US: MXQ TV Box
CVE-2018-14986 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
	NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14985 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
	NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14984 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
	NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14983 (The Sony Xperia L1 Android device with a build fingerprint of Sony/G33 ...)
	NOT-FOR-US: Sony Xperia
CVE-2018-14982 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
	NOT-FOR-US: LG devices specific issue
CVE-2018-14981 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
	NOT-FOR-US: LG devices specific issue
CVE-2018-14980 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14979 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/use ...)
	NOT-FOR-US: QCMS
CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest. ...)
	NOT-FOR-US: QCMS
CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMSQCMS
CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.add ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.use ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=u ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=a ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/uploa ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. ...)
	NOT-FOR-US: zzcms
CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in user/manag ...)
	NOT-FOR-US: zzcms
CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql paramete ...)
	NOT-FOR-US: zzcms
CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...)
	NOT-FOR-US: Xiao5uCompany
CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the websi ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-14957 (CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file do ...)
	NOT-FOR-US: CMS ISWEB
CVE-2018-14956 (CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An atta ...)
	NOT-FOR-US: CMS ISWEB
CVE-2018-14949
	RESERVED
CVE-2018-14948 (An issue has been found in dilawar sound through 2017-11-27. The end o ...)
	NOT-FOR-US: dilawar
CVE-2018-14947 (An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlF ...)
	NOT-FOR-US: PDF2JSON
CVE-2018-14946 (An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgO ...)
	NOT-FOR-US: PDF2JSON
CVE-2018-14945 (An issue has been found in jpeg_encoder through 2015-11-27. It is a he ...)
	NOT-FOR-US: jpeg_encoder
CVE-2018-14944 (An issue has been found in jpeg_encoder through 2015-11-27. It is a SE ...)
	NOT-FOR-US: jpeg_encoder
CVE-2018-14943 (Harmonic NSG 9000 devices have a default password of nsgadmin for the  ...)
	NOT-FOR-US: Harmonic NSG 9000 devices
CVE-2018-14942 (Harmonic NSG 9000 devices allow remote authenticated users to conduct  ...)
	NOT-FOR-US: Harmonic NSG 9000 devices
CVE-2018-14941 (Harmonic NSG 9000 devices allow remote authenticated users to read the ...)
	NOT-FOR-US: Harmonic NSG 9000 devices
CVE-2018-14940 (PHPCMS 9 allows remote attackers to cause a denial of service (resourc ...)
	NOT-FOR-US: PHPCMS
CVE-2018-14939 (The get_app_path function in desktop/unx/source/start.c in LibreOffice ...)
	- libreoffice <not-affected> (Doesn't affect LibreOffice running on glibc)
CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Overflow vu ...)
	{DLA-1505-1}
	- zutils 1.7-3 (bug #902936; bug #904819)
	[stretch] - zutils 1.5-5+deb9u1
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/05/1
	NOTE: https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
	NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1. ...)
	- tcpflow 1.5.0+repack1-1 (bug #905483)
	[stretch] - tcpflow <no-dsa> (Minor issue)
	[jessie] - tcpflow <no-dsa> (Minor issue)
	NOTE: https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
	NOTE: https://github.com/simsong/tcpflow/issues/182
CVE-2018-14937 (The Add page option in my little forum 2.4.12 allows XSS via the Menu  ...)
	NOT-FOR-US: My Little Forum
CVE-2018-14936 (The Add page option in my little forum 2.4.12 allows XSS via the Title ...)
	NOT-FOR-US: My Little Forum
CVE-2018-14935 (The Web administration console on Polycom Trio devices with software b ...)
	NOT-FOR-US: Polycom Trio
CVE-2018-14934 (The Bluetooth subsystem on Polycom Trio devices with software before 5 ...)
	NOT-FOR-US: Polycom Trio
CVE-2018-14933 (upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execu ...)
	NOT-FOR-US: NUUO NVRmini devices
CVE-2018-14932
	RESERVED
CVE-2018-14931 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14930 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14929 (Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonst ...)
	NOT-FOR-US: Metara
CVE-2018-14928 (/contingency/servlet/ServletFileDownload executes as root and provides ...)
	NOT-FOR-US: Metara
CVE-2018-14927 (Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to ...)
	NOT-FOR-US: Metara
CVE-2018-14926 (Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/ ...)
	NOT-FOR-US: Metara
CVE-2018-14925 (Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstra ...)
	NOT-FOR-US: Metara
CVE-2018-14924 (Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrat ...)
	NOT-FOR-US: Metara
CVE-2018-14923 (A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to e ...)
	NOT-FOR-US: EZPlayer
CVE-2018-14922 (Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0 ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-14921
	RESERVED
CVE-2018-14920
	RESERVED
CVE-2018-14919 (LOYTEC LGATE-902 6.3.2 devices allow XSS. ...)
	NOT-FOR-US: LOYTEC LGATE-902 devices
CVE-2018-14918 (LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. ...)
	NOT-FOR-US: LOYTEC LGATE-902 devices
CVE-2018-14917
	REJECTED
CVE-2018-14916 (LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. ...)
	NOT-FOR-US: LOYTEC LGATE-902 devices
CVE-2018-14915
	REJECTED
CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a Buffer Overflo ...)
	- soundtouch 2.1.2+ds1-1 (bug #905491)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/6
CVE-2018-14914
	RESERVED
CVE-2018-14913
	RESERVED
CVE-2018-14912 (cgit_clone_objects in CGit before 1.2.1 has a directory traversal vuln ...)
	{DSA-4263-1 DLA-1459-1}
	- cgit 1.1+git2.10.2-3.1 (bug #905382)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
	NOTE: https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
	NOTE: https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680
CVE-2018-14911 (A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vu ...)
	NOT-FOR-US: ukcms
CVE-2018-14910 (SeaCMS v6.61 allows Remote Code execution by placing PHP code in an al ...)
	NOT-FOR-US: SeaCMS
CVE-2018-14909
	RESERVED
CVE-2018-14908 (Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every r ...)
	NOT-FOR-US: Samsung Syncthru Web Service
CVE-2018-14907 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Information ...)
	NOT-FOR-US: 3CX
CVE-2018-14906 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected X ...)
	NOT-FOR-US: 3CX
CVE-2018-14905 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected X ...)
	NOT-FOR-US: 3CX
CVE-2018-14904 (Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauth ...)
	NOT-FOR-US: Samsung Syncthru Web Service
CVE-2018-14903 (EPSON WF-2750 printers with firmware JP02I2 do not properly validate f ...)
	NOT-FOR-US: EPSON WF-2750 printers
CVE-2018-14902 (The ContentProvider in the EPSON iPrint application 6.6.3 for Android  ...)
	NOT-FOR-US: EPSON iPrint application for Android
CVE-2018-14901 (The EPSON iPrint application 6.6.3 for Android contains hard-coded API ...)
	NOT-FOR-US: EPSON iPrint application for Android
CVE-2018-14900 (On EPSON WF-2750 printers with firmware JP02I2, there is no filtering  ...)
	NOT-FOR-US: EPSON WF-2750 printers
CVE-2018-14899 (On the EPSON WF-2750 printer with firmware JP02I2, the Web interface A ...)
	NOT-FOR-US: EPSON WF-2750 printer
CVE-2018-14898
	RESERVED
CVE-2018-14897
	RESERVED
CVE-2018-14896
	RESERVED
CVE-2018-14895
	RESERVED
CVE-2018-14894 (CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an a ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
	NOT-FOR-US: ZyXEL
CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web appl ...)
	NOT-FOR-US: ZyXEL
CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor before  ...)
	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-s ...)
	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contain ...)
	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...)
	NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...)
	NOT-FOR-US: Odoo
CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...)
	NOT-FOR-US: Odoo
CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...)
	NOT-FOR-US: Odoo
CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...)
	- php7.2 7.2.1-1
	- php7.1 7.1.13-1
	- php7.0 7.0.27-1
	- php5 <not-affected> (vulnerable code not present)
	NOTE: Fixed in 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75535
	NOTE: Fixed by: https://github.com/php/php-src/commit/0e097f2c96ce31b16fa371981045f224e5a37160
	NOTE: Introduced in: https://github.com/php/php-src/commit/5146d9f8ac170d8ba7109370d732d56dc0777578
CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1 ...)
	{DSA-4353-1 DLA-1490-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.20-1
	- php7.0 7.0.31-1
	- php5 <removed>
	NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a buffer  ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key content]
	- xml-security-c 2.0.2-2 (bug #913136)
	[stretch] - xml-security-c 1.7.3-4+deb9u2
	[jessie] - xml-security-c 1.7.2-3+deb8u2
	NOTE: temporary entry for DLA-1594-1
	NOTE: https://issues.apache.org/jira/browse/SANTUARIO-496
	NOTE: patch 1/2: http://svn.apache.org/r1843562
	NOTE: patch 2/2: http://svn.apache.org/r1843566
CVE-2018-XXXX [Default KeyInfo resolver doesn't check for empty element content.]
	[experimental] - xml-security-c 2.0.1-1
	- xml-security-c 1.7.3-4+deb9u1 (bug #905332)
	[stretch] - xml-security-c 1.7.3-4+deb9u1
	[jessie] - xml-security-c 1.7.2-3+deb8u1
	NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
	NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt
CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 ...)
	NOT-FOR-US: JetBrains dotPeek
CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Langu ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in Fr ...)
	- flif <removed>
	NOTE: https://github.com/FLIF-hub/FLIF/issues/520
CVE-2018-14875 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14874 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site script ...)
	NOT-FOR-US: Rincewind
CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ex ...)
	NOT-FOR-US: Rincewind
CVE-2018-14871
	RESERVED
CVE-2018-14870
	RESERVED
CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...)
	NOT-FOR-US: PHP Template Store Script
CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...)
	NOT-FOR-US: Odoo
CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
	NOT-FOR-US: Odoo
CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
	NOT-FOR-US: Odoo
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo  ...)
	NOT-FOR-US: Odoo
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
	NOT-FOR-US: Odoo
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
	NOT-FOR-US: Odoo
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
	NOT-FOR-US: Odoo
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo  ...)
	NOT-FOR-US: Odoo
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
	NOT-FOR-US: Odoo
CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
	NOT-FOR-US: Odoo
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-14856 (Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wi ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14855 (Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wir ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14854 (Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wi ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14853 (A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/n ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14852 (Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcm ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...)
	{DSA-4353-1 DLA-1490-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.20-1
	- php7.0 7.0.31-1
	- php5 <removed>
	NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557
CVE-2018-14850 (Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow a ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/66990
CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related  ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/66809
CVE-2018-14848
	RESERVED
CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote attackers ...)
	NOT-FOR-US: Winbox for MikroTik RouterOS
CVE-2018-14846 (The Mondula Multi Step Form plugin before 1.2.8 for WordPress has mult ...)
	NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
CVE-2018-14845
	RESERVED
CVE-2018-14844
	RESERVED
CVE-2018-14843
	RESERVED
CVE-2018-14842
	RESERVED
CVE-2018-14841
	RESERVED
CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not  ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-14839 (LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The imp ...)
	NOT-FOR-US: LG N1A1 NAS
CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...)
	NOT-FOR-US: rejucms
CVE-2018-14837 (Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/a ...)
	NOT-FOR-US: Wolf CMS
CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user gr ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping  ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-14834
	RESERVED
CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect Access Control. ...)
	NOT-FOR-US: Intuit
CVE-2018-14832
	RESERVED
CVE-2018-14831 (An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote a ...)
	NOT-FOR-US: DamiCMS
CVE-2018-14830
	RESERVED
CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...)
	NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14828 (Advantech WebAccess 8.3.1 and earlier has an improper privilege manage ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remot ...)
	NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14826 (Entes EMG12 versions 2.57 and prior The application uses a web interfa ...)
	NOT-FOR-US: Entes EMG12
CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 runni ...)
	NOT-FOR-US: Honeywell
CVE-2018-14824 (Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior ha ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation PMSoft
CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflo ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14822 (Entes EMG12 versions 2.57 and prior an information exposure through qu ...)
	NOT-FOR-US: Entes EMG12
CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...)
	NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14820 (Advantech WebAccess 8.3.1 and earlier has a .dll component that is sus ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulner ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and  ...)
	NOT-FOR-US: PI Studio HMI
CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnera ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier has several stack-based buffer o ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write  ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14814 (WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio  ...)
	NOT-FOR-US: WECON
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) vulnerability has  ...)
	NOT-FOR-US: Fuji
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer d ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and  ...)
	NOT-FOR-US: PI Studio HMI
CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerabili ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users a ...)
	NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC Control Bas ...)
	NOT-FOR-US: Opto
CVE-2018-14806 (Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerabili ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system wh ...)
	NOT-FOR-US: ABB eSOMS
CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5.  A specially crafted script ...)
	NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips e-Alert Unit
CVE-2018-14802 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all v ...)
	NOT-FOR-US: Philips PageWriter
CVE-2018-14800 (Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, b ...)
	NOT-FOR-US: Delta Electronics ISPSoft
CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all v ...)
	NOT-FOR-US: Philips PageWriter
CVE-2018-14798 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a ...)
	NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-14796 (Tec4Data SmartCooler, all versions prior to firmware 180806, the devic ...)
	NOT-FOR-US: Tec4Data SmartCooler
CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable d ...)
	NOT-FOR-US: DeltaV
CVE-2018-14794 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device d ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable t ...)
	NOT-FOR-US: DeltaV
CVE-2018-14792 (WECON PLC Editor version 1.3.3U may allow an attacker to execute code  ...)
	NOT-FOR-US: WECON
CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may all ...)
	NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-14790 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version  ...)
	NOT-FOR-US: Philips
CVE-2018-14788 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer ove ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version  ...)
	NOT-FOR-US: Philips
CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps ( ...)
	NOT-FOR-US: medical pumps
CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14784 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14783 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14782 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14781 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL- ...)
	NOT-FOR-US: Medtronic
CVE-2018-14780 (An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 sma ...)
	- yubico-piv-tool 1.6.1-1 (low; bug #906128)
	[stretch] - yubico-piv-tool 1.4.2-2+deb9u1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
CVE-2018-14779 (A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartca ...)
	- yubico-piv-tool 1.6.1-1 (low; bug #906128)
	[stretch] - yubico-piv-tool 1.4.2-2+deb9u1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
CVE-2018-14778
	RESERVED
CVE-2015-9262 (_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows  ...)
	{DLA-1469-1}
	- libxcursor 1:1.1.15-1 (low; bug #906012)
	[stretch] - libxcursor 1:1.1.14-1+deb9u2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90857
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05
CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An atta ...)
	NOT-FOR-US: DataLife Engine
CVE-2018-1000631 (Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000630 (Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authen ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000629 (Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused b ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000628 (Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass securit ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000627 (Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensiti ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000626 (Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass securit ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000625 (Battelle V2I Hub 2.5.1 contains hard-coded credentials for the adminis ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000624 (Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authen ...)
	NOT-FOR-US: Click Studios Passwordstate
CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Loc ...)
	NOT-FOR-US: OpenBSD
CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...)
	- symfony 3.4.14+dfsg-1
	[stretch] - symfony <no-dsa> (Minor issue)
	[jessie] - symfony <not-affected> (Vulnerable code not present, introduced later in commit 4c8a25a6e2)
	NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through 2. ...)
	{DSA-4441-1 DLA-1707-1}
	- symfony 3.4.14+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution v ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
	NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
	NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. ...)
	NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*,  ...)
	NOT-FOR-US: VIVOTEK devices
CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TE ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999026 (A server-side request forgery vulnerability exists in Jenkins TraceTro ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999027 (An exposure of sensitive information vulnerability exists in Jenkins S ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999028 (An exposure of sensitive information vulnerability exists in Jenkins A ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999029 (A cross-site scripting vulnerability exists in Jenkins Shelve Project  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999041 (An exposure of sensitive information vulnerability exists in Jenkins T ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999040 (An exposure of sensitive information vulnerability exists in Jenkins K ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999039 (A server-side request forgery vulnerability exists in Jenkins Confluen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999038 (A confused deputy vulnerability exists in Jenkins Publisher Over CIFS  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999037 (A data modification vulnerability exists in Jenkins Resource Disposer  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999036 (An exposure of sensitive information vulnerability exists in Jenkins S ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999030 (An exposure of sensitive information vulnerability exists in Jenkins M ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999031 (An exposure of sensitive information vulnerability exists in Jenkins m ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999032 (A data modification vulnerability exists in Jenkins Agiletestware Pang ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999033 (An exposure of sensitive information vulnerability exists in Jenkins A ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999034 (A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999035 (A man in the middle vulnerability exists in Jenkins Inedo BuildMaster  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-14767 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
	{DSA-4267-1 DLA-1471-1}
	- kamailio 5.1.4-1
	NOTE: https://skalatan.de/blog/advisory-hw-2018-05
	NOTE: https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
	NOTE: https://github.com/kamailio/kamailio/commit/281a6c6b6eaaf30058b603325e8ded20b99e1456
CVE-2018-14766
	RESERVED
CVE-2018-14765
	RESERVED
CVE-2018-14764
	RESERVED
CVE-2018-14763
	RESERVED
CVE-2018-14762
	RESERVED
CVE-2018-14761
	RESERVED
CVE-2018-14760
	RESERVED
CVE-2018-14759
	RESERVED
CVE-2018-14758
	RESERVED
CVE-2018-14757
	RESERVED
CVE-2018-14756
	RESERVED
CVE-2018-14755
	RESERVED
CVE-2018-14754
	RESERVED
CVE-2018-14753
	RESERVED
CVE-2018-14752
	RESERVED
CVE-2018-14751
	RESERVED
CVE-2018-14750
	RESERVED
CVE-2018-14749 (Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 b ...)
	NOT-FOR-US: QNAP
CVE-2018-14748 (Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS  ...)
	NOT-FOR-US: QNAP
CVE-2018-14747 (NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QT ...)
	NOT-FOR-US: QNAP
CVE-2018-14746 (Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 ...)
	NOT-FOR-US: QNAP
CVE-2018-14955 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14954 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14953 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14952 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14951 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14950 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14745 (Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver  ...)
	NOT-FOR-US: bcmdhd4538 wifi driver (not in mainline)
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14742 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14741 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14740 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14739 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14738 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite  ...)
	NOT-FOR-US: Hitachi
CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...)
	NOT-FOR-US: Odoo
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.14-1
	NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server before  ...)
	NOT-FOR-US: webpack-dev-server
CVE-2018-14731 (An issue was discovered in HMRServer.js in Parcel parcel-bundler. Atta ...)
	NOT-FOR-US: parcel-bundler
CVE-2018-14730 (An issue was discovered in Browserify-HMR. Attackers are able to steal ...)
	NOT-FOR-US: Browserify-HMR
CVE-2018-14729 (The database backup feature in upload/source/admincp/admincp_db.php in ...)
	NOT-FOR-US: Discuz!
CVE-2018-14728 (upload.php in Responsive FileManager 9.13.1 allows SSRF via the url pa ...)
	NOT-FOR-US: Responsive FileManager
CVE-2018-14727
	RESERVED
CVE-2018-14726
	RESERVED
CVE-2018-14725
	RESERVED
CVE-2018-14724 (In the Ban List plugin 1.0 for MyBB, any forum user with mod privilege ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-14723
	RESERVED
CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenanc ...)
	- btrfsmaintenance 0.4.1-2 (bug #906131)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to c ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14717
	RESERVED
CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SEOmatic ...)
	NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the smart contra ...)
	NOT-FOR-US: smart contract implementations for Cryptogs
CVE-2018-14714 (System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0 ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14713 (Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3. ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14712 (Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50 ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14711 (Missing cross-site request forgery protection in appGet.cgi on ASUS RT ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14710 (Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.3 ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS version ...)
	NOT-FOR-US: Dashboard API on Drobo 5N2 NAS
CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on Drobo 5N ...)
	NOT-FOR-US: Drobo Dashboard API on Drobo 5N2 NAS
CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS  ...)
	NOT-FOR-US: Drobo Pix web application on Drobo 5N2 NAS
CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint o ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of authent ...)
	NOT-FOR-US: Drobo 5N2
CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS vers ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in D ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14702 (Incorrect access control in the /drobopix/api/drobo.php endpoint in Dr ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14701 (System command injection in the /DroboAccess/delete_user endpoint in D ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14700 (Incorrect access control in the /mysql/api/logfile.php endpoint in Dro ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14699 (System command injection in the /DroboAccess/enable_user endpoint in D ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14698 (Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14697 (Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14696 (Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14695 (Incorrect access control in the /mysql/api/diags.php endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14694
	RESERVED
CVE-2018-14693
	RESERVED
CVE-2018-14692
	RESERVED
CVE-2018-14691 (An issue was discovered in Subsonic 6.1.1. The music tags feature is a ...)
	NOT-FOR-US: Subsonic
CVE-2018-14690 (An issue was discovered in Subsonic 6.1.1. The general settings are af ...)
	NOT-FOR-US: Subsonic
CVE-2018-14689 (An issue was discovered in Subsonic 6.1.1. The transcoding settings ar ...)
	NOT-FOR-US: Subsonic
CVE-2018-14688 (An issue was discovered in Subsonic 6.1.1. The radio settings are affe ...)
	NOT-FOR-US: Subsonic
CVE-2018-14687
	RESERVED
CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do. ...)
	NOT-FOR-US: XYCMS
CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gx ...)
	NOT-FOR-US: Gxlcms
CVE-2018-14684
	RESERVED
CVE-2018-14683 (PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used i ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.14-1
	NOTE: https://xenbits.xen.org/xsa/advisory-274.html
	NOTE: https://git.kernel.org/linus/b3681dd548d06deb2e1573890829dff4b15abf46
CVE-2018-14677
	RESERVED
CVE-2018-14676
	RESERVED
CVE-2018-14675
	RESERVED
CVE-2018-14674
	RESERVED
CVE-2018-14673
	RESERVED
CVE-2018-14672 (In ClickHouse before 18.12.13, functions for loading CatBoost models a ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14671 (In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary share ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14670 (Incorrect configuration in deb package in ClickHouse before 1.1.54131  ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14669 (ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14668 (In ClickHouse before 1.1.54388, "remote" table function allowed arbitr ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904802)
	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904801)
	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904800)
	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in lib ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904799)
	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression  ...)
	NOT-FOR-US: RichFaces
CVE-2018-14666 (An improper authorization flaw was found in the Smart Class feature of ...)
	- foreman <itp> (bug #663101)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1638156
CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect permis ...)
	{DSA-4328-1}
	- xorg-server 2:1.20.3-1
	[jessie] - xorg-server <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c (1.19.0)
	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
CVE-2018-14664 (A flaw was found in foreman from versions 1.18. A stored cross-site sc ...)
	- foreman <itp> (bug #663101)
CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a re ...)
	- dnsdist 1.3.3-1 (bug #913231)
	[stretch] - dnsdist <no-dsa> (Minor issue)
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...)
	{DLA-1696-1}
	- ceph 12.2.11+dfsg1-1 (bug #921948)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
	NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2  ...)
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=be1e1785e2e4f3d6345ea5b5b684a1429784a01c
CVE-2018-14658 (A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for b ...)
	NOT-FOR-US: Keycloak
CVE-2018-14657 (A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabl ...)
	NOT-FOR-US: Keycloak
CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in the Li ...)
	- linux 4.18.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4
CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...)
	NOT-FOR-US: Keycloak
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1)
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5)
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable  ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21529/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable  ...)
	{DLA-1565-1}
	- glusterfs 5.0-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2c195712a9ecbda4fa02f5308138a1257a2558a
CVE-2018-14651 (It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018 ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <not-affected> (Incomplete fixes for CVE-2018-109{26,27,28,29,30} not applied)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632557
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21527/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5fdb7ae37f602894f81a2cadc5a4c609a4c85427
CVE-2018-14650 (It was discovered that sos-collector does not properly set the default ...)
	NOT-FOR-US: sos-collector (not same as sosreport itself, additional tool to sosreport)
CVE-2018-14649 (It was found that ceph-isci-cli package as shipped by Red Hat Ceph Sto ...)
	NOT-FOR-US: ceph-iscsi-cli
CVE-2018-14648 (A flaw was found in 389 Directory Server. A specially crafted search q ...)
	{DLA-1554-1}
	- 389-ds-base 1.4.0.18-1
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
	NOTE: https://pagure.io/389-ds-base/c/a49bd03d6 (1.4.0.17)
	NOTE: 1.3.7: https://pagure.io/389-ds-base/c/c8ec6e58c
	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/5fc374b43
	NOTE: Note that these patches are incomplete and cause a regression (crash). Bundle with
	NOTE: https://pagure.io/389-ds-base/c/a6369790c (1.4.0.17)
	NOTE: 1.3.7: https://pagure.io/389-ds-base/c/722a6f867
	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/bdb1af66c
	NOTE: see https://pagure.io/389-ds-base/issue/49969
CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash s ...)
	{DSA-4307-1 DSA-4306-1 DLA-1835-1 DLA-1834-1}
	- python3.7 3.7.0-7
	- python3.6 3.6.7~rc1-1
	- python3.5 <removed>
	- python3.4 <removed>
	[jessie] - python3.4 <postponed> (minor issue)
	- python2.7 2.7.15-5 (bug #921039)
	NOTE: https://bugs.python.org/issue34623
	NOTE: master: https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b
	NOTE: 3.7: https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305
	NOTE: 3.6: https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1
	NOTE: 2.7: https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2
CVE-2018-14646 (The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL  ...)
	- linux <not-affected> (Vulnerable code not present in any version released; apart experimental)
	NOTE: Fixed by: https://git.kernel.org/linus/f428fe4a04cc339166c8bbd489789760de3a0cee
CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14,  ...)
	- haproxy 1.8.13-2
	[stretch] - haproxy <not-affected> (Only affects 1.8.x)
	[jessie] - haproxy <not-affected> (Only affects 1.8.x)
	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to and incl ...)
	- pdns-recursor 4.1.7-1 (bug #913162)
	[stretch] - pdns-recursor 4.0.4-1+deb9u4
	[jessie] - pdns-recursor <ignored> (Minor issue)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
	NOTE: https://downloads.powerdns.com/patches/2018-07/
	NOTE: Patch backported for jessie https://git.fosscommunity.in/bhe/patches/raw/master/CVE-2018-14644.patch
CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow com ...)
	- foreman <itp> (bug #663101)
	NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source.
CVE-2018-14642 (An information leak vulnerability was found in Undertow. If all header ...)
	- undertow 2.0.23-1 (bug #911796)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1628702
CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net/ipv4/ ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/18/1
	NOTE: Fixed by: https://git.kernel.org/linus/5d407b071dc369c26a38398326ee2be53651cfe4
CVE-2018-14640
	RESERVED
CVE-2018-14639
	RESERVED
CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
	- 389-ds-base 1.4.0.18-1 (bug #908859)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
	NOTE: https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
CVE-2018-14637 (The SAML broker consumer endpoint in Keycloak before version 4.6.0.Fin ...)
	NOT-FOR-US: Keycloak
CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic for other  ...)
	- neutron 2:13.0.0-1 (low)
	[stretch] - neutron <ignored> (Minor issue)
	[jessie] - neutron <ignored> (Minor issue)
CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants are abl ...)
	- neutron 2:13.0.0-1
	[stretch] - neutron <ignored> (Minor issue)
	[jessie] - neutron <ignored> (Minor issue)
	NOTE: https://bugs.launchpad.net/neutron/+bug/1757482
	NOTE: https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
CVE-2018-14634 (An integer overflow flaw was found in the Linux kernel's create_elf_ta ...)
	{DLA-1529-1}
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/25/4
CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5() function in ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.10-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
CVE-2018-14632 (An out of bound write can occur when patching an Openshift object usin ...)
	NOT-FOR-US: OpenShift
CVE-2018-14631 (moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ...)
	- moodle <removed>
CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an ...)
	- moodle <removed>
CVE-2018-14629 (A denial of service vulnerability was discovered in Samba's LDAP serve ...)
	{DSA-4345-1 DLA-1607-1}
	- samba 2:4.9.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14628
	RESERVED
CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not h ...)
	- wildfly <itp> (bug #752018)
	NOTE: https://issues.jboss.org/browse/WFLY-9107
	NOTE: https://github.com/wildfly/wildfly/pull/10675
CVE-2018-14626 (PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS ...)
	- pdns 4.1.5-1 (bug #913163)
	[stretch] - pdns <not-affected> (Vulnerable code present only in >=  4.1.0)
	[jessie] - pdns <not-affected> (Vulnerable code not present)
	- pdns-recursor 4.1.7-1 (bug #913162)
	[stretch] - pdns-recursor 4.0.4-1+deb9u4
	[jessie] - pdns-recursor <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
	NOTE: https://downloads.powerdns.com/patches/2018-05/
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
	NOTE: https://downloads.powerdns.com/patches/2018-06/
CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to  ...)
	{DLA-1771-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.161-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
CVE-2018-14624 (A vulnerability was discovered in 389-ds-base through versions 1.3.7.1 ...)
	{DLA-1526-1}
	- 389-ds-base 1.4.0.18-1 (bug #907778)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://pagure.io/389-ds-base/issue/49937
	NOTE: https://pagure.io/389-ds-base/c/8ff8cb850 (master)
	NOTE: https://pagure.io/389-ds-base/c/c5e78249d (389-ds-base-1.3.8)
	NOTE: https://pagure.io/389-ds-base/c/9f28620d2 (389-ds-base-1.3.7)
CVE-2018-14623 (A SQL injection flaw was found in katello's errata-related API. An aut ...)
	NOT-FOR-US: Katello
CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc before  ...)
	{DLA-1487-1}
	[experimental] - libtirpc 1.0.2-0.1
	- libtirpc 0.2.5-1.3 (bug #907608)
	[stretch] - libtirpc 0.2.5-1.2+deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620293
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=968175
	NOTE: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
CVE-2018-14621 (An infinite loop vulnerability was found in libtirpc before version 1. ...)
	- libtirpc <not-affected> (Vulnerable code not in a released version)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620290
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=968175
	NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (0.3.3-rc3)
	NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
CVE-2018-14620 (The OpenStack RabbitMQ container image insecurely retrieves the rabbit ...)
	NOT-FOR-US: Insecure Red Hat container config
CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel before ve ...)
	- linux 4.14.12-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the NT ...)
	{DSA-4286-1 DLA-1498-1}
	- curl 7.62.0-1 (bug #908327)
	NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
	NOTE: https://github.com/curl/curl/issues/2756
	NOTE: https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.8-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200297
	NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
CVE-2018-14616 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200465
CVE-2018-14615 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	- linux 4.19.9-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200421
CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
	NOTE: https://patchwork.kernel.org/patch/10503147/
CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.18.8-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847
	NOTE: https://patchwork.kernel.org/patch/10503403/
	NOTE: https://patchwork.kernel.org/patch/10503413/
CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
	NOTE: https://patchwork.kernel.org/patch/10503099/
CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
	NOTE: https://patchwork.kernel.org/patch/10503415/
CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.8-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199833
	NOTE: https://patchwork.kernel.org/patch/10500521/
CVE-2018-14608 (Thomson Reuters UltraTax CS 2017 on Windows has a password protection  ...)
	NOT-FOR-US: Thomson Reuters UltraTax CS 2017
CVE-2018-14607 (Thomson Reuters UltraTax CS 2017 on Windows, in a client/server config ...)
	NOT-FOR-US: Thomson Reuters UltraTax CS 2017
CVE-2018-14600 (An issue was discovered in libX11 through 1.6.5. The function XListExt ...)
	{DLA-1482-1}
	- libx11 2:1.6.6-1 (low)
	[stretch] - libx11 2:1.6.4-3+deb9u1
	[wheezy] - libx11 <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/dbf72805fd9d7b1846fe9a11b46f3994bfc27fea
CVE-2018-14599 (An issue was discovered in libX11 through 1.6.5. The function XListExt ...)
	{DLA-1482-1}
	- libx11 2:1.6.6-1 (low)
	[stretch] - libx11 2:1.6.4-3+deb9u1
	[wheezy] - libx11 <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/b469da1430cdcee06e31c6251b83aede072a1ff0
CVE-2018-14598 (An issue was discovered in XListExtensions in ListExt.c in libX11 thro ...)
	{DLA-1482-1}
	- libx11 2:1.6.6-1 (low)
	[stretch] - libx11 2:1.6.4-3+deb9u1
	[wheezy] - libx11 <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/e83722768fd5c467ef61fa159e8c6278770b45c2
CVE-2018-14606 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 10.6 and later)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14605 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14604 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14603 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14602 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Affects 9.0 and later only)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14601 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (11.1.0 specific regression)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-timers.c  ...)
	- linux 4.14.12-1
	[stretch] - linux 4.9.82-1+deb9u1
	[jessie] - linux 3.16.56-1
	NOTE: Fixed by: https://git.kernel.org/linus/cef31d9af908243421258f1df35a4a644604efbe
CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA  ...)
	NOT-FOR-US: CA Technologies Identity Governance
CVE-2018-1002208 (SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...)
	- mono 5.18.0.240+dfsg-1
	[stretch] - mono <no-dsa> (Minor issue)
	[jessie] - mono <no-dsa> (Minor issue)
	- mono-reference-assemblies <unfixed> (unimportant)
	NOTE: https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
	NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232
	NOTE: https://github.com/mono/mono/issues/11492
CVE-2018-1002207 (mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393e ...)
	NOT-FOR-US: golang-github-mholt-archiver
CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory traversal, allo ...)
	NOT-FOR-US: SharpCompress library (for .NET Standard 1.0)
CVE-2018-1002205 (DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, ...)
	NOT-FOR-US: DotNetZip.Semvered library (.NET)
CVE-2018-1002203 (unzipper npm library before 0.8.13 is vulnerable to directory traversa ...)
	NOT-FOR-US: unzipper nodejs module
CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: wancms
CVE-2018-14595
	RESERVED
CVE-2018-14594
	RESERVED
CVE-2018-14593 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
	{DSA-4317-1 DLA-1473-1}
	- otrs2 6.0.10-1
	NOTE: https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/57cda14db8fdbcbfb8cabb32d85fbc89fde48c62
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/7b6802723e1f5d1764b617e9fcf0a8dd21e96216
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/78331ea187181d6130189d4563a50b4c30256320
CVE-2018-14592 (The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW  ...)
	NOT-FOR-US: CWJoomla
CVE-2018-14591
	RESERVED
CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in  ...)
	NOT-FOR-US: Bento4
CVE-2018-14589 (An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParse ...)
	NOT-FOR-US: Bento4
CVE-2018-14588 (An issue has been discovered in Bento4 1.5.1-624. A NULL pointer deref ...)
	NOT-FOR-US: Bento4
CVE-2018-14587 (An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream ...)
	NOT-FOR-US: Bento4
CVE-2018-14586 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in  ...)
	NOT-FOR-US: Bento4
CVE-2018-14585 (An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE  ...)
	NOT-FOR-US: Bento4
CVE-2018-14584 (An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create ...)
	NOT-FOR-US: Bento4
CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a backgroun ...)
	NOT-FOR-US: XYHCMS
CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a ...)
	NOT-FOR-US: BageCMS
CVE-2018-14581 (Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12 ...)
	NOT-FOR-US: Redgate .NET Reflector and SmartAssembly
CVE-2018-14580
	RESERVED
CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains active  ...)
	NOT-FOR-US: GolemCMS
CVE-2018-14578
	RESERVED
CVE-2018-14577
	RESERVED
CVE-2018-14576 (The mintToken function of a smart contract implementation for SunContr ...)
	NOT-FOR-US: smart contract implementation for SunContract
CVE-2018-14575 (Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a t ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11 ...)
	{DSA-4264-1}
	- python-django 1:1.11.15-1 (bug #905216)
	[jessie] - python-django <not-affected> (Vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
	NOTE: https://github.com/django/django/commit/a656a681272f8f3734b6eb38e9a88aa0d91806f1 (master)
	NOTE: https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c (2.1 release branch)
	NOTE: https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff (1.11 release branch)
	NOTE: https://github.com/django/django/commit/434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (vuln. introduced here?)
CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web Interface ...)
	NOT-FOR-US: TightRope Media Carousel Digital Signage
CVE-2018-14572 (In conference-scheduler-cli, a pickle.load call on imported data allow ...)
	NOT-FOR-US: conference-scheduler-cli
CVE-2018-14571
	RESERVED
CVE-2018-14570 (A file upload vulnerability in application/shop/controller/member.php  ...)
	NOT-FOR-US: Niushop B2B2C Multi-business basic
CVE-2018-14569
	RESERVED
CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site Scripting ...)
	- mathjax 2.7.4+dfsg-1
	[stretch] - mathjax <no-dsa> (Minor issue)
	[jessie] - mathjax <no-dsa> (Minor issue)
	NOTE: https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
CVE-2018-1999021 (Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Gleezcms Gleez Cms
CVE-2018-1999020 (Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier versi ...)
	NOT-FOR-US: ONOS
CVE-2018-1999019 (Chamilo LMS version 11.x contains an Unserialization vulnerability in  ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-1999018 (Pydio version 8.2.1 and prior contains an Unvalidated user input leadi ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-1999017 (Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-1999016 (Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS)  ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-1999015 (FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32
CVE-2018-1999014 (FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e7
CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...)
	{DSA-4249-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f
CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...)
	{DSA-4249-1 DLA-1740-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...)
	{DSA-4449-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286
CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e
CVE-2018-1999009 (October CMS version prior to Build 437 contains a Local File Inclusion ...)
	NOT-FOR-US: October CMS
CVE-2018-1999008 (October CMS version prior to build 437 contains a Cross Site Scripting ...)
	NOT-FOR-US: October CMS
CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from  ...)
	- suricata 1:4.0.5-1
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
	NOTE: https://redmine.openinfosecfoundation.org/issues/2501
CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
	{DLA-1524-1}
	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
	- libxml2 2.9.10+dfsg-2
	[buster] - libxml2 <no-dsa> (Minor issue)
	[stretch] - libxml2 <postponed> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14566
	RESERVED
CVE-2018-14565 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14564 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14563 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14562 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14561
	RESERVED
CVE-2018-14560
	RESERVED
CVE-2018-14559 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
	NOT-FOR-US: Tenda AC7 devices
CVE-2018-14558 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
	NOT-FOR-US: Tenda AC7 devices
CVE-2018-14557 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
	NOT-FOR-US: Tenda AC7 devices
CVE-2018-14556
	RESERVED
CVE-2018-14555
	RESERVED
CVE-2018-14554
	RESERVED
CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...)
	{DLA-2106-1}
	- libgd2 2.3.0-1 (low; bug #951287)
	[buster] - libgd2 <no-dsa> (Minor issue)
	[stretch] - libgd2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1599032
	NOTE: https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f
	NOTE: https://github.com/libgd/libgd/pull/580
CVE-2016-10728 (An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error p ...)
	{DLA-1508-1}
	- suricata 3.1.2-1
	NOTE: https://redmine.openinfosecfoundation.org/issues/1880
	NOTE: https://github.com/OISF/suricata/pull/2210
CVE-2018-14552
	RESERVED
CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 use ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (bug #904713)
	[stretch] - imagemagick <postponed> (Can be fixed along in a future DSA)
	[jessie] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/db7a4be592328af06d776ce3bab24b8c6de5be20
CVE-2018-14550 (An issue has been found in third-party PNM decoding associated with li ...)
	[experimental] - libpng1.6 1.6.37-1~exp1
	- libpng1.6 1.6.37-1 (unimportant)
	- libpng <removed> (unimportant)
	NOTE: https://github.com/glennrp/libpng/issues/246
	NOTE: https://github.com/glennrp/libpng/commit/1f0221fad7e7888ada87eda511dcbfd701de7d21
CVE-2018-14549 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14548
	RESERVED
CVE-2018-14547
	RESERVED
CVE-2018-14546
	RESERVED
CVE-2018-14545 (There exists one invalid memory read bug in AP4_SampleDescription::Get ...)
	NOT-FOR-US: Bento4
CVE-2018-14544 (There exists one invalid memory read bug in AP4_SampleDescription::Get ...)
	NOT-FOR-US: Bento4
CVE-2018-14543 (There exists one NULL pointer dereference vulnerability in AP4_JsonIns ...)
	NOT-FOR-US: Bento4
CVE-2018-14542
	RESERVED
CVE-2018-14541 (PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS v ...)
	NOT-FOR-US: PHP Scripts Mall Basic B2B Script
CVE-2018-14540
	RESERVED
CVE-2018-14539
	RESERVED
CVE-2018-14538
	RESERVED
CVE-2018-14537
	RESERVED
CVE-2018-14536
	RESERVED
CVE-2018-14535
	RESERVED
CVE-2018-14534
	RESERVED
CVE-2018-14533 (read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privil ...)
	NOT-FOR-US: Inteno IOPSYS
CVE-2018-14532 (An issue was discovered in Bento4 1.5.1-624. There is a heap-based buf ...)
	NOT-FOR-US: Bento4
CVE-2018-14531 (An issue was discovered in Bento4 1.5.1-624. There is an unspecified " ...)
	NOT-FOR-US: Bento4
CVE-2018-14530
	RESERVED
CVE-2018-14529 (Invoxia NVX220 devices allow access to /bin/sh via escape from a restr ...)
	NOT-FOR-US: Invoxia NVX220 devices
CVE-2018-14528 (Invoxia NVX220 devices allow TELNET access as admin with a default pas ...)
	NOT-FOR-US: Invoxia NVX220 devices
CVE-2018-14527 (Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection m ...)
	NOT-FOR-US: Xiao5uCompany
CVE-2018-14526 (An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 throug ...)
	{DLA-1462-1}
	- wpa 2:2.6-18 (bug #905739)
	[stretch] - wpa 2:2.4-1+deb9u2
	NOTE: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
	NOTE: https://w1.fi/security/2018-1/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
	NOTE: https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
CVE-2018-14525
	RESERVED
CVE-2018-14524 (dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a doubl ...)
	- libredwg <itp> (bug #595191)
CVE-2018-14523 (An issue was discovered in aubio 0.4.6. A buffer over-read can occur i ...)
	- aubio 0.4.6-1 (bug #904906)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/aubio/aubio/issues/189
CVE-2018-14522 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aub ...)
	- aubio 0.4.6-1 (bug #904907)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/aubio/aubio/issues/188
CVE-2018-14521 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aub ...)
	- aubio 0.4.6-1 (bug #904908)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/aubio/aubio/issues/187
CVE-2018-14520
	RESERVED
CVE-2018-14519
	RESERVED
CVE-2018-14518
	RESERVED
CVE-2018-14517 (SeaCMS 6.61 has two XSS issues in the admin_config.php file via certai ...)
	NOT-FOR-US: SeaCMS
CVE-2018-14516
	RESERVED
CVE-2018-14515 (A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote a ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14514 (An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that al ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-14513 (An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persi ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14512 (An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persi ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14511
	RESERVED
CVE-2018-14510
	RESERVED
CVE-2018-14509
	RESERVED
CVE-2018-14508
	RESERVED
CVE-2018-14507
	RESERVED
CVE-2018-14506
	RESERVED
CVE-2018-14504 (An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x ...)
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f
	NOTE: https://mantisbt.org/blog/archives/mantisbt/602
	NOTE: https://mantisbt.org/bugs/view.php?id=24608
CVE-2018-14503 (Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Corem ...)
	NOT-FOR-US: Coremail XT
CVE-2018-14502 (controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 ...)
	NOT-FOR-US: Kiboko Chained Quiz plugin for WordPress
CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demo ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.p ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-1999023 (The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a ...)
	- wesnoth-1.14 1:1.14.4-1
	- wesnoth-1.12 <removed>
	[stretch] - wesnoth-1.12 1:1.12.6-1+deb9u1
	- wesnoth-1.10 <removed>
	[jessie] - wesnoth-1.10 <end-of-life> (Games are not supported in Jessie)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1
	NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x)
CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to t ...)
	- mitmproxy 3.0.4-1 (bug #904293)
	[stretch] - mitmproxy <ignored> (Minor issue)
	[jessie] - mitmproxy <ignored> (Minor issue)
	NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
	NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS vulner ...)
	NOT-FOR-US: HYBBS
CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...)
	{DLA-1719-1}
	[experimental] - libjpeg-turbo 1:2.0.2-1~exp1
	- libjpeg-turbo <unfixed> (low; bug #924678)
	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
	[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
	- mozjpeg <itp> (bug #741487)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
	NOTE: https://github.com/mozilla/mozjpeg/issues/299
CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
	NOT-FOR-US: Tenda D152 ADSL routers
CVE-2018-14496 (** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption a ...)
	NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14495 (** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection,  ...)
	NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14494 (** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection,  ...)
	NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Au ...)
	NOT-FOR-US: Open-Audit Community
CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN,  ...)
	NOT-FOR-US: Tenda devices
CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) ...)
	- civicrm 5.3.1+dfsg-1 (bug #904215)
	NOTE: https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform
CVE-2018-14491
	RESERVED
CVE-2018-14490
	RESERVED
CVE-2018-14489
	RESERVED
CVE-2018-14488
	RESERVED
CVE-2018-14487
	RESERVED
CVE-2018-14486 (DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via  ...)
	NOT-FOR-US: DNN
CVE-2018-14485 (BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog. ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2018-14484
	RESERVED
CVE-2018-14483
	RESERVED
CVE-2018-14482
	RESERVED
CVE-2018-14481 (Osclass 3.7.4 has XSS via the query string to index.php, a different v ...)
	NOT-FOR-US: Osclass
CVE-2018-14480
	RESERVED
CVE-2018-14479
	RESERVED
CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sen ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2018-14477
	RESERVED
CVE-2018-14476 (GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step  ...)
	NOT-FOR-US: GeniXCMS
CVE-2018-14475
	RESERVED
CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the ne ...)
	NOT-FOR-US: Orange Forum
CVE-2018-14473 (OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing ...)
	- ocsinventory-server 2.5+dfsg-1 (unimportant; bug #905396)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is cor ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0 ...)
	- libredwg <itp> (bug #595191)
CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print- ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...)
	- libgig <unfixed> (low; bug #931309)
	[buster] - libgig <ignored> (Minor issue)
	[stretch] - libgig <ignored> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL poi ...)
	- untrunc <itp> (bug #702476)
CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds r ...)
	{DLA-1470-1}
	- confuse 3.2.1+dfsg-5 (bug #904159)
	[stretch] - confuse 3.0+dfsg-2+deb9u1
	NOTE: https://github.com/martinh/libconfuse/issues/109
CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remo ...)
	- mp4v2 <removed> (bug #904896)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://github.com/TechSmith/mp4v2/issues/20
CVE-2018-14445 (In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remo ...)
	NOT-FOR-US: Bento4
CVE-2018-14444 (libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18  ...)
	NOT-FOR-US: libdxfrw
CVE-2018-14443 (get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote ...)
	- libredwg <itp> (bug #595191)
CVE-2018-14442 (Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Fre ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14441 (An issue was discovered in cckevincyh SSH CompanyWebsite through 2018- ...)
	NOT-FOR-US: cckevincyh SSH CompanyWebsite
CVE-2018-14440 (An issue was discovered in cckevincyh SSH CompanyWebsite through 2018- ...)
	NOT-FOR-US: cckevincyh SSH CompanyWebsite
CVE-2018-14439 (espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 misha ...)
	NOT-FOR-US: eos4j
CVE-2018-14438 (In Wireshark through 2.6.2, the create_app_running_mutex function in w ...)
	- wireshark <not-affected> (Problem with SetSecurityDescriptorDacl() is Windows specific issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921
CVE-2018-14437 (ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1190
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/082223fb992448dbb574747deac9a30f986c116e
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/0812674565df667b1b3e4122ad259096de311c6c
CVE-2018-14436 (ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff. ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1191
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b352c0be410ad900469a079e389178f878aded8
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae3eecad2f59e27123c1a6c891be75d06fc03656
CVE-2018-14435 (ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1193
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/957b6397b958a5881005df27eb97319b3175a3c9
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e8f4f5e776002aa6ed490d7c6f65e10fa67359dd
CVE-2018-14434 (ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage  ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1192
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/98a2cceae0dceccbfe54051167c2c80be1f13c3f
CVE-2018-14433
	RESERVED
CVE-2018-14432 (In the Federation component of OpenStack Keystone before 11.0.4, 12.0. ...)
	{DSA-4275-1}
	- keystone 2:13.0.0-7 (bug #904616)
	[jessie] - keystone <end-of-life> (Not supported in Jessie)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/25/2
	NOTE: https://bugs.launchpad.net/keystone/+bug/1779205
CVE-2018-14431
	RESERVED
CVE-2018-14430 (The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows  ...)
	NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
CVE-2018-14429 (man-cgi before 1.16 allows Local File Inclusion via absolute path trav ...)
	NOT-FOR-US: man-cgi
CVE-2018-14428
	RESERVED
CVE-2018-14427
	RESERVED
CVE-2018-14426
	RESERVED
CVE-2018-14425 (There is a Persistent XSS vulnerability in the briefcase component of  ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2017-18343 (** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x befo ...)
	- symfony 3.4.0+dfsg-1 (unimportant)
	NOTE: https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c
	NOTE: https://github.com/symfony/symfony/issues/27987
	NOTE: https://github.com/symfony/symfony/pull/23684
CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx component in G ...)
	{DLA-1443-1}
	- evolution-data-server 3.22.0-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334842
	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
CVE-2018-14424 (The daemon in GDM through 3.29.1 does not properly unexport display ob ...)
	{DSA-4270-1 DLA-1494-1}
	- gdm3 3.28.2-4
	NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
	NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
	NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/765b306c364885dd89d47fe9fe8618ce6a467bc1
CVE-2018-14423 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...)
	{DSA-4405-1 DLA-1614-1}
	- openjpeg2 2.3.0-2 (low; bug #904873)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1123
	NOTE: https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
	NOT-FOR-US: SansCMS
CVE-2018-14421 (SeaCMS v6.61 allows Remote Code execution by placing PHP code in a mov ...)
	NOT-FOR-US: SeaCMS
CVE-2018-14420 (MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsa ...)
	NOT-FOR-US: MetInfo
CVE-2018-14419 (MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on  ...)
	NOT-FOR-US: MetInfo
CVE-2018-14418 (In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. ...)
	NOT-FOR-US: Msvod Cms
CVE-2018-14417 (A command injection vulnerability was found in the web administration  ...)
	NOT-FOR-US: SoftNAS
CVE-2018-14416
	RESERVED
CVE-2018-14415 (An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists v ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-14414
	RESERVED
CVE-2018-14413
	RESERVED
CVE-2018-14412
	RESERVED
CVE-2018-14411
	RESERVED
CVE-2018-14410
	RESERVED
CVE-2018-14409
	RESERVED
CVE-2018-14408
	RESERVED
CVE-2018-14407
	RESERVED
CVE-2018-14406
	RESERVED
CVE-2018-14405
	RESERVED
CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...)
	{DLA-1524-1}
	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
	- libxml2 2.9.10+dfsg-2 (low; bug #901817)
	[buster] - libxml2 <no-dsa> (Minor issue)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substring ...)
	- mp4v2 <removed> (bug #904897)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3
CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::p ...)
	NOT-FOR-US: axmldec
CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out- ...)
	NOT-FOR-US: AXML Parser
CVE-2018-14400
	REJECTED
CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attack ...)
	NOT-FOR-US: PHPCMS
CVE-2018-14398 (An issue was discovered in Creme CRM 1.6.12. The value of the cancel b ...)
	NOT-FOR-US: Creme CRM
CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization creation ...)
	NOT-FOR-US: Creme CRM
CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman creation pag ...)
	NOT-FOR-US: Creme CRM
CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause  ...)
	{DSA-4258-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (only version 2 is supported)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause  ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8
CVE-2018-14393
	RESERVED
CVE-2018-14392 (The New Threads plugin before 1.2 for MyBB has XSS. ...)
	NOT-FOR-US: New Threads plugin for MyBB
CVE-2018-14391
	RESERVED
CVE-2018-14390
	RESERVED
CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in J ...)
	NOT-FOR-US: Jenkins
CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...)
	NOT-FOR-US: Jenkins
CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
	NOT-FOR-US: Jenkins
CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
	NOT-FOR-US: Jenkins
CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
	NOT-FOR-US: Jenkins
CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...)
	NOT-FOR-US: Jenkins
CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
	NOT-FOR-US: Jenkins
CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_de ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14387 (An issue was discovered in WonderCMS before 2.5.2. An attacker can cre ...)
	NOT-FOR-US: WonderCMS
CVE-2018-14386
	RESERVED
CVE-2018-14385
	RESERVED
CVE-2018-14384 (The Website Manager module in SEO Panel 3.13.0 and earlier is affected ...)
	NOT-FOR-US: SEO Panel
CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows  ...)
	NOT-FOR-US: Transition Technologies "The Scheduler" app for Jira
CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
	NOT-FOR-US: InstantCMS
CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...)
	NOT-FOR-US: Pagekit CMS
CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead components, rel ...)
	- graylog2 <itp> (bug #652273)
CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP ...)
	- mp4v2 <removed> (bug #904898)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
CVE-2018-14378
	REJECTED
CVE-2018-14377
	RESERVED
CVE-2018-14376
	RESERVED
CVE-2018-14375
	REJECTED
CVE-2018-14374
	REJECTED
CVE-2018-14373
	REJECTED
CVE-2018-14372
	RESERVED
CVE-2018-14371 (The getLocalePrefix function in ResourceManager.java in Eclipse Mojarr ...)
	- mojarra <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protoc ...)
	- wireshark 2.6.2-1
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-43.html
CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html
CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-40.html
CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol diss ...)
	- wireshark 2.6.2-1
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-42.html
CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-14365
	RESERVED
CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 1 ...)
	- gitlab 10.7.7+dfsg-2 (bug #904026)
	NOTE: https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does no ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.9.1-1
	NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
	NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset
	NOTE: previous versions ship a neomutt patchset.
CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
	NOTE: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds  ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.9.1-1
	NOTE: https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
	NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset
	NOTE: previous versions ship a neomutt patchset.
CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group i ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.9.1-1
	NOTE: https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3
	NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset
	NOTE: previous versions ship a neomutt patchset.
CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
	NOTE: https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
	NOTE: https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
	NOTE: https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
	NOTE: https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
	NOTE: https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
	NOTE: https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
	NOTE: https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4
	NOTE: https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741
	NOTE: https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
	NOTE: https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
	NOTE: https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with mode 06 ...)
	{DLA-1472-1}
	- libcgroup 0.41-8.1 (low; bug #906308)
	[stretch] - libcgroup 0.41-8+deb9u1
	NOTE: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
	NOTE: cgred not enabled by default, shipped example config logs to syslog by default
CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...)
	{DSA-4290-1 DLA-1478-1}
	- libextractor 1:1.7-1 (bug #904905)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
	NOTE: https://gnunet.org/bugs/view.php?id=5399
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_re ...)
	{DSA-4290-1 DLA-1478-1}
	- libextractor 1:1.7-1 (bug #904903)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured with Reu ...)
	- sddm 0.18.0-1
	[stretch] - sddm <not-affected> (Re-use session feature introduced in 0.16.0)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450
	NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98
CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	- wireshark 2.6.2-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, introduced in v1.99.1rc0-224-g6720c80bab)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14672
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-35.html
CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14682
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9402f2f80c6bc7d25178a0875c5a1f5ee36361db
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-37.html
CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=36af43dbb7673495948cd65d0346e8b9812b941c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-34.html
CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-39.html
CVE-2018-14340 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, diss ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14675
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=672d882a53f96730e4ef1e5b1639c585823b0df8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-36.html
CVE-2018-14339 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-38.html
CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realp ...)
	- exiv2 <unfixed> (unimportant)
	NOTE: https://github.com/Exiv2/exiv2/issues/382
	NOTE: Issue in example code of Exiv2
CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1  ...)
	- mruby 2.0.0-1 (low; bug #903985)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/4062
	NOTE: https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b
	NOTE: https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a
CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a denial of ser ...)
	NOT-FOR-US: TP-Link
CVE-2018-14335 (An issue was discovered in H2 1.4.197. Insecure handling of permission ...)
	NOT-FOR-US: H2 (different from src:python-h2)
CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file u ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format withi ...)
	NOT-FOR-US: TeamViewer
CVE-2018-14332 (An issue was discovered in Clementine Music Player 1.3.1. Clementine.e ...)
	- clementine <unfixed> (unimportant)
	NOTE: https://github.com/clementine-player/Clementine/issues/6078
	NOTE: https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332
	NOTE: Crash in enduser tool, no security impact
CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulne ...)
	NOT-FOR-US: XiaoCms
CVE-2018-14330
	RESERVED
CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow local us ...)
	- htslib <unfixed> (unimportant)
	NOTE: https://github.com/samtools/htslib/issues/736
	NOTE: Neutralised by kernel hardening
CVE-2018-14328 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
	NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency investment system"
CVE-2018-14327 (The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40V ...)
	NOT-FOR-US: Alcatel
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP p ...)
	- glassfish <not-affected> (Vulnerable code not included, only builds a few classes)
CVE-2018-14323
	RESERVED
CVE-2018-14322
	RESERVED
CVE-2018-14321
	RESERVED
CVE-2018-14320 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	- libpodofo 0.9.6+dfsg-4 (bug #916240)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
	NOTE: https://sourceforge.net/p/podofo/code/1953
CVE-2018-14319
	RESERVED
CVE-2018-14318 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung
CVE-2018-14317 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14316 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14315 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14314 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14313 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14312 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14311 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14310 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14309 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14308 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14307 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14306 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14305 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14304 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14303 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14302 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14301 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14300 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14299 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14298 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14297 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14296 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14295 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-14294 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14293 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14292 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14291 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14290 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14289 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14288 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14287 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14286 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14285 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14284 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14283 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14282 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14281 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14280 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14279 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14278 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14277 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14276 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14275 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14274 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14273 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14272 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14271 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14270 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14269 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14268 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14267 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14266 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14265 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14264 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14263 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14262 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14261 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14260 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14259 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14258 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14257 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14256 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14254 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14253 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14252 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14251 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14250 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14249 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14248 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14247 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14246 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14245 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14244 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14243 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14242 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14241 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant memory co ...)
	- mp4v2 <removed> (bug #904900)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory c ...)
	- mp4v2 <removed> (bug #904901)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14240
	RESERVED
CVE-2018-14239
	RESERVED
CVE-2018-14238
	RESERVED
CVE-2018-14237
	RESERVED
CVE-2018-14236
	RESERVED
CVE-2018-14235
	RESERVED
CVE-2018-14234
	RESERVED
CVE-2018-14233
	RESERVED
CVE-2018-14232
	RESERVED
CVE-2018-14231
	RESERVED
CVE-2018-14230
	RESERVED
CVE-2018-14229
	RESERVED
CVE-2018-14228
	RESERVED
CVE-2018-14227
	RESERVED
CVE-2018-14226
	RESERVED
CVE-2018-14225
	RESERVED
CVE-2018-14224
	RESERVED
CVE-2018-14223
	RESERVED
CVE-2018-14222
	RESERVED
CVE-2018-14221
	RESERVED
CVE-2018-14220
	RESERVED
CVE-2018-14219
	RESERVED
CVE-2018-14218
	RESERVED
CVE-2018-14217
	RESERVED
CVE-2018-14216
	RESERVED
CVE-2018-14215
	RESERVED
CVE-2018-14214
	RESERVED
CVE-2018-14213
	RESERVED
CVE-2018-14212
	RESERVED
CVE-2018-14211
	RESERVED
CVE-2018-14210
	RESERVED
CVE-2018-14209
	RESERVED
CVE-2018-14208
	RESERVED
CVE-2018-14207
	RESERVED
CVE-2018-14206
	RESERVED
CVE-2018-14205
	RESERVED
CVE-2018-14204
	RESERVED
CVE-2018-14203
	RESERVED
CVE-2018-14202
	RESERVED
CVE-2018-14201
	RESERVED
CVE-2018-14200
	RESERVED
CVE-2018-14199
	RESERVED
CVE-2018-14198
	RESERVED
CVE-2018-14197
	RESERVED
CVE-2018-14196
	RESERVED
CVE-2018-14195
	RESERVED
CVE-2018-14194
	RESERVED
CVE-2018-14193
	RESERVED
CVE-2018-14192
	RESERVED
CVE-2018-14191
	RESERVED
CVE-2018-14190
	RESERVED
CVE-2018-14189
	RESERVED
CVE-2018-14188
	RESERVED
CVE-2018-14187
	RESERVED
CVE-2018-14186
	RESERVED
CVE-2018-14185
	RESERVED
CVE-2018-14184
	RESERVED
CVE-2018-14183
	RESERVED
CVE-2018-14182
	RESERVED
CVE-2018-14181
	RESERVED
CVE-2018-14180
	RESERVED
CVE-2018-14179
	RESERVED
CVE-2018-14178
	RESERVED
CVE-2018-14177
	RESERVED
CVE-2018-14176
	RESERVED
CVE-2018-14175
	RESERVED
CVE-2018-14174
	RESERVED
CVE-2018-14173
	RESERVED
CVE-2018-14172
	RESERVED
CVE-2018-14171
	RESERVED
CVE-2018-14170
	RESERVED
CVE-2018-14169
	RESERVED
CVE-2018-14168
	RESERVED
CVE-2018-14167
	RESERVED
CVE-2018-14166
	RESERVED
CVE-2018-14165
	RESERVED
CVE-2018-14164
	RESERVED
CVE-2018-14163
	RESERVED
CVE-2018-14162
	RESERVED
CVE-2018-14161
	RESERVED
CVE-2018-14160
	RESERVED
CVE-2018-14159
	RESERVED
CVE-2018-14158
	RESERVED
CVE-2018-14157
	RESERVED
CVE-2018-14156
	RESERVED
CVE-2018-14155
	RESERVED
CVE-2018-14154
	RESERVED
CVE-2018-14153
	RESERVED
CVE-2018-14152
	RESERVED
CVE-2018-14151
	RESERVED
CVE-2018-14150
	RESERVED
CVE-2018-14149
	RESERVED
CVE-2018-14148
	RESERVED
CVE-2018-14147
	RESERVED
CVE-2018-14146
	RESERVED
CVE-2018-14145
	RESERVED
CVE-2018-14144
	RESERVED
CVE-2018-14143
	RESERVED
CVE-2018-14142
	RESERVED
CVE-2018-14141
	RESERVED
CVE-2018-14140
	RESERVED
CVE-2018-14139
	RESERVED
CVE-2018-14138
	RESERVED
CVE-2018-14137
	RESERVED
CVE-2018-14136
	RESERVED
CVE-2018-14135
	RESERVED
CVE-2018-14134
	RESERVED
CVE-2018-14133
	RESERVED
CVE-2018-14132
	RESERVED
CVE-2018-14131
	RESERVED
CVE-2018-14130
	RESERVED
CVE-2018-14129
	RESERVED
CVE-2018-14128
	RESERVED
CVE-2018-14127
	RESERVED
CVE-2018-14126
	RESERVED
CVE-2018-14125
	RESERVED
CVE-2018-14124
	RESERVED
CVE-2018-14123
	RESERVED
CVE-2018-14122
	RESERVED
CVE-2018-14121
	RESERVED
CVE-2018-14120
	RESERVED
CVE-2018-14119
	RESERVED
CVE-2018-14118
	RESERVED
CVE-2018-14117
	RESERVED
CVE-2018-14116
	RESERVED
CVE-2018-14115
	RESERVED
CVE-2018-14114
	RESERVED
CVE-2018-14113
	RESERVED
CVE-2018-14112
	RESERVED
CVE-2018-14111
	RESERVED
CVE-2018-14110
	RESERVED
CVE-2018-14109
	RESERVED
CVE-2018-14108
	RESERVED
CVE-2018-14107
	RESERVED
CVE-2018-14106
	RESERVED
CVE-2018-14105
	RESERVED
CVE-2018-14104
	RESERVED
CVE-2018-14103
	RESERVED
CVE-2018-14102
	RESERVED
CVE-2018-14101
	RESERVED
CVE-2018-14100
	RESERVED
CVE-2018-14099
	RESERVED
CVE-2018-14098
	RESERVED
CVE-2018-14097
	RESERVED
CVE-2018-14096
	RESERVED
CVE-2018-14095
	RESERVED
CVE-2018-14094
	RESERVED
CVE-2018-14093
	RESERVED
CVE-2018-14092
	RESERVED
CVE-2018-14091
	RESERVED
CVE-2018-14090
	RESERVED
CVE-2018-14089 (An issue was discovered in a smart contract implementation for Virgo_Z ...)
	NOT-FOR-US: smart contract implementation for Virgo_ZodiacToken
CVE-2018-14088 (An issue was discovered in a smart contract implementation for STeX Wh ...)
	NOT-FOR-US: smart contract implementation for STeX White List (STE(WL))
CVE-2018-14087 (An issue was discovered in a smart contract implementation for EUC (EU ...)
	NOT-FOR-US: smart contract implementation for EUC (EUC)
CVE-2018-14086 (An issue was discovered in a smart contract implementation for Singapo ...)
	NOT-FOR-US: smart contract implementation for SingaporeCoinOrigin (SCO)
CVE-2018-14085 (An issue was discovered in a smart contract implementation for UserWal ...)
	NOT-FOR-US: smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42
CVE-2018-14084 (An issue was discovered in a smart contract implementation for MKCB, a ...)
	NOT-FOR-US: smart contract implementation for MKCB
CVE-2018-14083 (LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain se ...)
	NOT-FOR-US: LICA miniCMTS E8K(u/i/...) devices
CVE-2018-14082 (PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Script ...)
	NOT-FOR-US: PHP Scripts Mall JOB SITE (aka Job Portal)
CVE-2018-14081 (An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through  ...)
	NOT-FOR-US: D-Link
CVE-2018-14080 (An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through  ...)
	NOT-FOR-US: D-Link
CVE-2018-14079 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attack ...)
	NOT-FOR-US: Wi2be SMART HP WMT
CVE-2018-14078 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attack ...)
	NOT-FOR-US: Wi2be SMART HP WMT
CVE-2018-14077 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attack ...)
	NOT-FOR-US: Wi2be SMART HP WMT
CVE-2018-14076
	RESERVED
CVE-2018-14075
	RESERVED
CVE-2018-14074
	RESERVED
CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c ...)
	- libsixel 1.8.2-1 (low; bug #903858)
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <postponed> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
	NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, ...)
	- libsixel 1.8.2-1 (low; bug #903858)
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <postponed> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610
	NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has insufficient san ...)
	NOT-FOR-US: Geo Mashup plugin for WordPress
CVE-2018-14070
	RESERVED
CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
	NOT-FOR-US: SRCMS
CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
	NOT-FOR-US: SRCMS
CVE-2018-14067
	RESERVED
CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...)
	NOT-FOR-US: Lenovo
CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
	NOT-FOR-US: PHPOffice
CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices all ...)
	NOT-FOR-US: VelotiSmart WiFi B-380 camera devices
CVE-2018-14063 (The increaseApproval function of a smart contract implementation for T ...)
	NOT-FOR-US: smart contract
CVE-2018-14062 (The COSPAS-SARSAT protocol allows remote attackers to forge messages,  ...)
	NOT-FOR-US: COSPAS-SARSAT protocol
CVE-2018-14061
	RESERVED
CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci  ...)
	NOT-FOR-US: Xiaomi R3D
CVE-2018-14059 (Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails,  ...)
	NOT-FOR-US: Pimcore
CVE-2018-14058 (Pimcore before 5.3.0 allows SQL Injection via the REST web service API ...)
	NOT-FOR-US: Pimcore
CVE-2018-14057 (Pimcore before 5.3.0 allows remote attackers to conduct cross-site req ...)
	NOT-FOR-US: Pimcore
CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...)
	{DSA-4252-1 DLA-1427-1}
	- znc 1.7.1-1 (bug #903787)
	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/4
CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a we ...)
	{DSA-4252-1 DLA-1427-1}
	- znc 1.7.1-1 (bug #903788)
	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/5
CVE-2018-14053
	RESERVED
CVE-2018-14052 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14051 (The function wav_read in libwav.c in libwav through 2017-04-20 has an  ...)
	NOT-FOR-US: libwav
CVE-2018-14050 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14049 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14048 (An issue has been found in libpng 1.6.34. It is a SEGV in the function ...)
	[experimental] - libpng1.6 1.6.37-1~exp1
	- libpng1.6 1.6.37-1 (unimportant)
	- libpng <removed> (unimportant)
	NOTE: https://github.com/glennrp/libpng/issues/238
	NOTE: Issue in use of libpng in pnm2png not shipped in binary packages.
CVE-2018-14047 (** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEG ...)
	- pngwriter <removed>
	NOTE: https://github.com/pngwriter/pngwriter/issues/129
CVE-2018-14046 (Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunk ...)
	- exiv2 <not-affected> (Vulnerable code not present; only affecte experimental; bug #903763)
	NOTE: https://github.com/Exiv2/exiv2/issues/378
	NOTE: https://github.com/D4N/exiv2/commit/49bfe84b4b7277cc425572fb68db23c8820181c1
CVE-2018-14045 (The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSou ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #905504)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/7
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md
CVE-2018-14044 (The RateTransposer::setChannels function in RateTransposer.cpp in libS ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #905504)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/7
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md
CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file ac ...)
	NOT-FOR-US: mstdlib
CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container prope ...)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
	NOTE: https://github.com/twbs/bootstrap/issues/26423
	NOTE: https://github.com/twbs/bootstrap/issues/26628
	NOTE: https://github.com/twbs/bootstrap/pull/26630
	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
	NOTE: https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0 (v4.1.2)
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
	- twitter-bootstrap <not-affected> (Vulnerable code not present)
	- twitter-bootstrap3 <not-affected> (Vulnerable code not present)
	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
	NOTE: https://github.com/twbs/bootstrap/issues/26423
	NOTE: https://github.com/twbs/bootstrap/issues/26627
	NOTE: https://github.com/twbs/bootstrap/pull/26630
	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
	NOTE: https://snyk.io/vuln/npm:bootstrap:20160627
	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
	NOTE: https://github.com/twbs/bootstrap/commit/cc61edfa8af7b5ec9d4888c59bf94377e499b78b (v4.1.2)
CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
	{DLA-1479-1}
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
	NOTE: https://github.com/twbs/bootstrap/issues/26423
	NOTE: https://github.com/twbs/bootstrap/issues/26625
	NOTE: https://github.com/twbs/bootstrap/pull/26630
	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
	NOTE: https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0 (v4.1.2)
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-14039
	RESERVED
CVE-2018-14038
	REJECTED
CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v ...)
	NOT-FOR-US: Progress Kendo UI Editor
CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
	- ruby-doorkeeper 4.4.2-1 (bug #903980)
	[stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031
CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object ...)
	NOT-FOR-US: YamlDotNet
CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insec ...)
	NOT-FOR-US: Sensu
CVE-2018-1000208 (MODX Revolution version &lt;=2.6.4 contains a Directory Traversal vuln ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-1000207 (MODX Revolution version &lt;=2.6.4 contains a Incorrect Access Control ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite Request Forg ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4property.cpp ...)
	- mp4v2 <removed> (bug #903859)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService befor ...)
	- accountsservice 0.6.45-2 (low; bug #903828)
	[stretch] - accountsservice <no-dsa> (Minor issue)
	[jessie] - accountsservice <ignored> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/02/2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
	NOTE: https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a
CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14032
	REJECTED
CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14030
	RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allo ...)
	NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not verifi ...)
	- wordpress <unfixed> (bug #906565)
	[stretch] - wordpress <no-dsa> (Minor issue)
	[jessie] - wordpress <postponed> (no sanctioned patch)
	NOTE: https://core.trac.wordpress.org/ticket/44710
	NOTE: https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or ...)
	NOT-FOR-US: Digisol Wireless Wifi Home Router HR-3300
CVE-2018-14026
	RESERVED
CVE-2018-14025
	RESERVED
CVE-2018-14024
	RESERVED
CVE-2018-14023 (Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows  ...)
	- signal-desktop <itp> (bug #842943)
CVE-2018-14022
	RESERVED
CVE-2018-14021
	RESERVED
CVE-2018-14020 (An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and ...)
	NOT-FOR-US: Paymorrow module for OXID shop
CVE-2018-14019
	RESERVED
CVE-2018-14018
	RESERVED
CVE-2018-14017 (The r_bin_java_annotation_new function in shlr/java/class.c in radare2 ...)
	- radare2 2.8.0+dfsg-1 (bug #903726)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152
	NOTE: https://github.com/radare/radare2/issues/10498
CVE-2018-14016 (The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7. ...)
	- radare2 2.8.0+dfsg-1 (bug #903725)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/eb7deb281df54771fb8ecf5890dc325a7d22d3e2
	NOTE: https://github.com/radare/radare2/issues/10464
CVE-2018-14015 (The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote  ...)
	- radare2 2.8.0+dfsg-1 (bug #903724)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3
	NOTE: https://github.com/radare/radare2/issues/10465
CVE-2018-14014 (In waimai Super Cms 20150505, there is a CSRF vulnerability that can a ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-14013 (Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS ...)
	NOT-FOR-US: Zimbra
CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the defaul ...)
	NOT-FOR-US: WolfSight CMS
CVE-2018-14011
	RESERVED
CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in /cgi-bin/l ...)
	NOT-FOR-US: Xiaomi
CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different vulnera ...)
	NOT-FOR-US: Codiad
CVE-2018-14008 (Arista EOS through 4.21.0F allows a crash because 802.1x authenticatio ...)
	NOT-FOR-US: Arista EOS
CVE-2018-14007 (Citrix XenServer 7.1 and newer allows Directory Traversal. ...)
	NOT-FOR-US: xapi
CVE-2018-14006 (An integer overflow vulnerability exists in the function multipleTrans ...)
	NOT-FOR-US: Neo Genesis Token (NGT)
CVE-2018-14005 (An integer overflow vulnerability exists in the function transferAny o ...)
	NOT-FOR-US: Malaysia coins (Xmc)
CVE-2018-14004 (An integer overflow vulnerability exists in the function transfer_toke ...)
	NOT-FOR-US: GlobeCoin (GLB)
CVE-2018-14003 (An integer overflow vulnerability exists in the function batchTransfer ...)
	NOT-FOR-US: WeMediaChain (WMC)
CVE-2018-14002 (An integer overflow vulnerability exists in the function distribute of ...)
	NOT-FOR-US: MP3 Coin (MP3)
CVE-2018-14001 (An integer overflow vulnerability exists in the function batchTransfer ...)
	NOT-FOR-US: SHARKTECH (SKT)
CVE-2018-14000
	RESERVED
CVE-2018-13999 (Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorVal ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-13998 (ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Securit ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-13997 (Genann through 2018-07-08 has a SEGV in genann_run in genann.c. ...)
	NOT-FOR-US: Genann
CVE-2018-13996 (Genann through 2018-07-08 has a stack-based buffer over-read in genann ...)
	NOT-FOR-US: Genann
CVE-2018-13995
	RESERVED
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13994 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13993 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13992 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13991 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST ...)
	NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices
CVE-2018-13988 (Poppler through 0.62 contains an out of bounds read vulnerability due  ...)
	{DLA-1562-1}
	- poppler 0.69.0-2 (low; bug #904922)
	[stretch] - poppler <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee (poppler-0.67.0)
CVE-2018-13987
	RESERVED
CVE-2018-13986
	RESERVED
CVE-2018-13985
	RESERVED
CVE-2018-13984
	RESERVED
CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...)
	NOT-FOR-US: ImpressCMS
CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...)
	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - smarty3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe
	NOTE: https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8
	NOTE: https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50
	NOTE: https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/17/4
	NOTE: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal
	NOTE: CVE is about the fetch tag as an attack vector.
	NOTE: vulnerable code introduced in realpath() rewrite (c09b05cbe) released in 3.1.28
CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS before 14. ...)
	NOT-FOR-US: Zeta Producer Desktop CMS
CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS before 14. ...)
	NOT-FOR-US: Zeta Producer Desktop CMS
CVE-2018-13979
	RESERVED
CVE-2018-13978
	RESERVED
CVE-2018-13977
	RESERVED
CVE-2018-13976
	RESERVED
CVE-2018-13975
	RESERVED
CVE-2018-13974
	RESERVED
CVE-2018-13973
	RESERVED
CVE-2018-13972
	RESERVED
CVE-2018-13971
	RESERVED
CVE-2018-13970
	RESERVED
CVE-2018-13969
	RESERVED
CVE-2018-13968
	RESERVED
CVE-2018-13967
	RESERVED
CVE-2018-13966
	RESERVED
CVE-2018-13965
	RESERVED
CVE-2018-13964
	RESERVED
CVE-2018-13963
	RESERVED
CVE-2018-13962
	RESERVED
CVE-2018-13961
	RESERVED
CVE-2018-13960
	RESERVED
CVE-2018-13959
	RESERVED
CVE-2018-13958
	RESERVED
CVE-2018-13957
	RESERVED
CVE-2018-13956
	RESERVED
CVE-2018-13955
	RESERVED
CVE-2018-13954
	RESERVED
CVE-2018-13953
	RESERVED
CVE-2018-13952
	RESERVED
CVE-2018-13951
	RESERVED
CVE-2018-13950
	RESERVED
CVE-2018-13949
	RESERVED
CVE-2018-13948
	RESERVED
CVE-2018-13947
	RESERVED
CVE-2018-13946
	RESERVED
CVE-2018-13945
	RESERVED
CVE-2018-13944
	RESERVED
CVE-2018-13943
	RESERVED
CVE-2018-13942
	RESERVED
CVE-2018-13941
	RESERVED
CVE-2018-13940
	RESERVED
CVE-2018-13939
	RESERVED
CVE-2018-13938
	RESERVED
CVE-2018-13937
	RESERVED
CVE-2018-13936
	RESERVED
CVE-2018-13935
	RESERVED
CVE-2018-13934
	RESERVED
CVE-2018-13933
	RESERVED
CVE-2018-13932
	RESERVED
CVE-2018-13931
	RESERVED
CVE-2018-13930
	RESERVED
CVE-2018-13929
	RESERVED
CVE-2018-13928
	RESERVED
CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13926
	RESERVED
CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13923
	RESERVED
CVE-2018-13922
	RESERVED
CVE-2018-13921
	RESERVED
CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13919 (Use-after-free vulnerability will occur if reset of the routing table  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13918 (kernel could return a received message length higher than expected, wh ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13917
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13915
	RESERVED
CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13913 (Improper validation of array index can lead to unauthorized access whi ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in c ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13911 (Out of bounds memory read and access may lead to unexpected behavior i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13910 (Out-of-Bounds access in TZ due to invalid index calculated to check ag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13909 (Metadata verification and partial hash system calls by bootloader may  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13908 (Truncated access authentication token leads to weakened access control ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13907 (While deserializing any key blob during key operations, buffer overflo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13906 (The HMAC authenticating the message from QSEE is vulnerable to timing  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ca ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can l ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13903
	RESERVED
CVE-2018-13902 (Out of bounds memory read and access due to improper array index valid ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13901 (Due to missing permissions in Android Manifest file, Sensitive informa ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13899 (Processing messages after error may result in user after free memory f ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC in Snap ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13897 (Clients hostname gets added to DNS record on device which is running d ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13896 (XBL_SEC image authentication and other crypto related validations are  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13894
	RESERVED
CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13892
	RESERVED
CVE-2018-13891
	RESERVED
CVE-2018-13890
	RESERVED
CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de r ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13887 (Untrusted header fields in GNSS XTRA3 function can lead to integer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13886 (Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then bu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data in Sn ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13884
	REJECTED
CVE-2018-13883
	RESERVED
CVE-2018-13882
	RESERVED
CVE-2018-13881
	RESERVED
CVE-2018-13880
	RESERVED
CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in Rocke ...)
	NOT-FOR-US: Rocket.Chat
CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.j ...)
	NOT-FOR-US: Rocket.Chat
CVE-2018-13877 (The doPayouts() function of the smart contract implementation for Mega ...)
	NOT-FOR-US: MegaCryptoPolis
CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the c ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-13864 (A directory traversal vulnerability has been found in the Assets contr ...)
	NOT-FOR-US: Play Framework
CVE-2018-13862 (Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09 ...)
	NOT-FOR-US: Touchpad / Trivum WebTouch Setup
CVE-2018-13861 (Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09 ...)
	NOT-FOR-US: Touchpad / Trivum WebTouch Setup
CVE-2018-13860 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Pro ...)
	NOT-FOR-US: MusicCenter / Trivum Multiroom Setup
CVE-2018-13859 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Pro ...)
	NOT-FOR-US: MusicCenter / Trivum Multiroom Setup
CVE-2018-13858 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Pro ...)
	NOT-FOR-US: MusicCenter / Trivum Multiroom Setup
CVE-2018-13863 (The MongoDB bson JavaScript module (also known as js-bson) versions 0. ...)
	- node-mongodb 3.1.10+~3.1.9-1
	NOTE: https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a (1.0.5)
CVE-2018-13857
	RESERVED
CVE-2018-13856
	RESERVED
CVE-2018-13855
	RESERVED
CVE-2018-13854
	RESERVED
CVE-2018-13853
	RESERVED
CVE-2018-13852
	RESERVED
CVE-2018-13851
	RESERVED
CVE-2018-13850 (The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component s ...)
	NOT-FOR-US: Firebase Cloud Messaging
CVE-2018-13849 (edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XS ...)
	NOT-FOR-US: yTakkar Instagram-clone
CVE-2018-13848 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszA ...)
	NOT-FOR-US: Bento4
CVE-2018-13847 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoA ...)
	NOT-FOR-US: Bento4
CVE-2018-13846 (An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStr ...)
	NOT-FOR-US: Bento4
CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read in sam ...)
	- htslib 1.9-2 (low)
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105
CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...)
	- htslib 1.9-2 (low)
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403675330
CVE-2018-13843 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory l ...)
	- htslib 1.9-2 (low)
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
	NOTE: https://github.com/samtools/htslib/issues/731#issue-339662537
CVE-2018-13842
	RESERVED
CVE-2018-13841
	RESERVED
CVE-2018-13840
	RESERVED
CVE-2018-13839
	RESERVED
CVE-2018-13838
	RESERVED
CVE-2018-13837
	RESERVED
CVE-2018-13836 (An integer overflow vulnerability exists in the function multiTransfer ...)
	NOT-FOR-US: Rocket Coin (XRC)
CVE-2018-13835
	RESERVED
CVE-2018-13834
	RESERVED
CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFi ...)
	NOT-FOR-US: cmft
CVE-2018-13832 (Multiple Persistent cross-site scripting (XSS) issues in the Techotron ...)
	NOT-FOR-US: Techotronic all-in-one-favicon (aka All In One Favicon) plugin for WordPress
CVE-2018-13831
	RESERVED
CVE-2018-13830
	RESERVED
CVE-2018-13829
	REJECTED
CVE-2018-13828
	REJECTED
CVE-2018-13827
	REJECTED
CVE-2018-13826 (An XML external entity vulnerability in the XOG functionality, in CA P ...)
	NOT-FOR-US: CA PPM
CVE-2018-13825 (Insufficient input validation in the gridExcelExport functionality, in ...)
	NOT-FOR-US: CA PPM
CVE-2018-13824 (Insufficient input sanitization of two parameters in CA PPM 14.3 and b ...)
	NOT-FOR-US: CA PPM
CVE-2018-13823 (An XML external entity vulnerability in the XOG functionality, in CA P ...)
	NOT-FOR-US: CA PPM
CVE-2018-13822 (Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15. ...)
	NOT-FOR-US: CA PPM
CVE-2018-13821 (A lack of authentication, in CA Unified Infrastructure Management 8.5. ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13818 (** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection ...)
	- twig 2.4.4-2 (unimportant)
	NOTE: Fixed upstream in 2.4.4
	NOTE: Vendor of Twig disputes issue as Twig itself is not a web application and
	NOTE: it is the repsonsibility of the web applications using Twig to properly wrap
	NOTE: input to it.
CVE-2018-13817
	REJECTED
CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All version &lt;  ...)
	NOT-FOR-US: Siemens TIM 1531 IRC Modules
CVE-2018-13815 (A vulnerability has been identified in SIMATIC S7-1200 (All versions), ...)
	NOT-FOR-US: Siemens
CVE-2018-13814 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2018-13813 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2018-13812 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (Al ...)
	NOT-FOR-US: Siemens
CVE-2018-13810 (A vulnerability has been identified in CP 1604 (All versions), CP 1616 ...)
	NOT-FOR-US: Siemens
CVE-2018-13809 (A vulnerability has been identified in CP 1604 (All versions), CP 1616 ...)
	NOT-FOR-US: Siemens
CVE-2018-13808 (A vulnerability has been identified in CP 1604 (All versions), CP 1616 ...)
	NOT-FOR-US: Siemens
CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All versions &lt ...)
	NOT-FOR-US: Siemens
CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designer (All ...)
	NOT-FOR-US: Siemens
CVE-2018-13805 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
	NOT-FOR-US: SIMATIC
CVE-2018-13804 (A vulnerability has been identified in SIMATIC IT LMS (All versions),  ...)
	NOT-FOR-US: Siemens
CVE-2018-13803
	REJECTED
CVE-2018-13802 (A vulnerability has been identified in ROX II (All versions &lt; V2.12 ...)
	NOT-FOR-US: Siemens / ROX II
CVE-2018-13801 (A vulnerability has been identified in ROX II (All versions &lt; V2.12 ...)
	NOT-FOR-US: Siemens / ROX II
CVE-2018-13800 (A vulnerability has been identified in SIMATIC S7-1200 CPU family vers ...)
	NOT-FOR-US: SIMATIC
CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prio ...)
	NOT-FOR-US: SIMATIC
CVE-2018-13798 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A crafted URL ca ...)
	{DLA-1442-1}
	- mailman 1:2.1.27-1.1 (bug #903674)
	[stretch] - mailman 1:2.1.23-1+deb9u4
	NOTE: Fixed in 2.1.28; Regression fix in 2.1.29
	NOTE: https://mail.python.org/pipermail/mailman-users/2018-July/083536.html
	NOTE: https://bugs.launchpad.net/mailman/+bug/1780874
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1796
	NOTE: Needs as well a further regression fix as per
	NOTE: https://bugs.launchpad.net/mailman/+bug/1783417
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1798
CVE-2016-10726 (The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before ...)
	NOT-FOR-US: DSpave
CVE-2018-13797 (The macaddress module before 0.2.9 for Node.js is prone to an arbitrar ...)
	- node-macaddress 0.2.9-1 (unimportant)
	NOTE: https://github.com/scravy/node-macaddress/pull/20
	NOTE: nodejs not covered by security support
CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion depth. ...)
	NOT-FOR-US: Gravity
CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_imag ...)
	- catimg 2.5.0-1 (bug #903711)
	NOTE: https://github.com/posva/catimg/issues/34
	NOTE: Upstream fixed the issue by updating the stb_image copy to v2.19.
	NOTE: https://github.com/posva/catimg/pull/41
CVE-2018-13793 (Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP ...)
	NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13792 (Multiple SQL injection vulnerabilities in the monitoring feature in th ...)
	NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows ...)
	NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in tools/files/impo ...)
	NOT-FOR-US: concrete5
CVE-2018-13789 (An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauth ...)
	NOT-FOR-US: Descor Infocad FM
CVE-2018-13788
	RESERVED
CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, since version  ...)
	NOT-FOR-US: JFrog JFrog Artifactory
CVE-2018-1000621 (Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorre ...)
	NOT-FOR-US: Mycroft AI mycroft-core
CVE-2018-1000620 (Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insuff ...)
	NOT-FOR-US: Eran Hammer cryptiles
CVE-2018-1000619 (Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input  ...)
	NOT-FOR-US: Ovidentia
CVE-2018-1000618 (EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2 ...)
	NOT-FOR-US: EOSIO/eos
CVE-2018-1000617 (Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and e ...)
	NOT-FOR-US: Atlassian Floodlight Atlassian Floodlight Controller
CVE-2018-1000616 (ONOS ONOS controller version 1.13.1 and earlier contains a XML Externa ...)
	NOT-FOR-US: ONOS
CVE-2018-1000615 (ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of S ...)
	NOT-FOR-US: ONOS
CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a XML Externa ...)
	NOT-FOR-US: ONOS
CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptogra ...)
	- bouncycastle 1.60-1 (low)
	[stretch] - bouncycastle <not-affected> (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57)
	[jessie] - bouncycastle <not-affected> (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57)
	NOTE: https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
	NOTE: https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross ...)
	NOT-FOR-US: SURFnet OpenConext EngineBlock
CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 c ...)
	- rustc 1.27.1+dfsg1-1~exp1
	[stretch] - rustc <ignored> (Minor issue, can be fixed along in future rustc update for ESR69)
	[jessie] - rustc <ignored> (Minor issue)
	NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM
CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and  ...)
	NOT-FOR-US: Supermicro
CVE-2018-13786
	RESERVED
CVE-2018-13785 (In libpng 1.6.34, a wrong calculation of row_factor in the png_check_c ...)
	- libpng1.6 1.6.34-2 (bug #903430)
	[stretch] - libpng1.6 <not-affected> (Issue with wrong calculation of row_factor introduced after 1.6.32beta08)
	NOTE: https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
	NOTE: https://sourceforge.net/p/libpng/bugs/278/
CVE-2018-13784 (PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie  ...)
	NOT-FOR-US: PrestaShop
CVE-2018-1000612
	REJECTED
CVE-2018-13783 (The mintToken function of a smart contract implementation for JiucaiTo ...)
	NOT-FOR-US: smart contract implementation for JiucaiToken
CVE-2018-13782 (The mintToken function of a smart contract implementation for ENTER (E ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin)
CVE-2018-13781 (The mintToken function of a smart contract implementation for MyYLC, a ...)
	NOT-FOR-US: smart contract implementation for MyYLC
CVE-2018-13780 (The mintToken function of a smart contract implementation for ESH, an  ...)
	NOT-FOR-US: smart contract implementation for ESH
CVE-2018-13779 (The mintToken function of a smart contract implementation for YLCToken ...)
	NOT-FOR-US: smart contract implementation for YLCToken
CVE-2018-13778 (The mintToken function of a smart contract implementation for CGCToken ...)
	NOT-FOR-US: smart contract implementation for CGCToken
CVE-2018-13777 (The mintToken function of a smart contract implementation for RRToken, ...)
	NOT-FOR-US: smart contract implementation for RRToken
CVE-2018-13776 (The mintToken function of a smart contract implementation for AppleTok ...)
	NOT-FOR-US: smart contract implementation for AppleToken
CVE-2018-13775 (The mintToken function of a smart contract implementation for RCKT_Coi ...)
	NOT-FOR-US: smart contract implementation for RCKT_Coin
CVE-2018-13774 (The mintToken function of a smart contract implementation for Bitstart ...)
	NOT-FOR-US: smart contract implementation for Bitstarti
CVE-2018-13773 (The mintToken function of a smart contract implementation for Enterpri ...)
	NOT-FOR-US: smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken)
CVE-2018-13772 (The mintToken function of a smart contract implementation for TheFlash ...)
	NOT-FOR-US: smart contract implementation for TheFlashToken
CVE-2018-13771 (The mintToken function of a smart contract implementation for ExacoreC ...)
	NOT-FOR-US: smart contract implementation for ExacoreContract
CVE-2018-13770 (The mintToken function of a smart contract implementation for Ultimate ...)
	NOT-FOR-US: smart contract implementation for UltimateCoin
CVE-2018-13769 (The mintToken function of a smart contract implementation for JeansTok ...)
	NOT-FOR-US: smart contract implementation for JeansToken
CVE-2018-13768 (The mintToken function of a smart contract implementation for ZToken,  ...)
	NOT-FOR-US: smart contract implementation for ZToken
CVE-2018-13767 (The mintToken function of a smart contract implementation for Cornerst ...)
	NOT-FOR-US: smart contract implementation for Cornerstone
CVE-2018-13766 (The mintToken function of a smart contract implementation for Easticoi ...)
	NOT-FOR-US: smart contract implementation for Easticoin
CVE-2018-13765 (The mintToken function of a smart contract implementation for LandCoin ...)
	NOT-FOR-US: smart contract implementation for LandCoin
CVE-2018-13764 (The mintToken function of a smart contract implementation for BiquToke ...)
	NOT-FOR-US: smart contract implementation for BiquToken
CVE-2018-13763 (The mintToken function of a smart contract implementation for Ublasti, ...)
	NOT-FOR-US: smart contract implementation for Ublasti
CVE-2018-13762 (The mintToken function of a smart contract implementation for Yumerium ...)
	NOT-FOR-US: smart contract implementation for Yumerium
CVE-2018-13761 (The mintToken function of a smart contract implementation for Netkille ...)
	NOT-FOR-US: smart contract implementation for NetkillerAdvancedTokenAirDrop
CVE-2018-13760 (The mintToken function of a smart contract implementation for MoneyCha ...)
	NOT-FOR-US: smart contract implementation for MoneyChainNet (MCN)
CVE-2018-13759 (The mintToken function of a smart contract implementation for BIGCAdva ...)
	NOT-FOR-US: smart contract implementation for BIGCAdvancedToken
CVE-2018-13758 (The mintToken function of a smart contract implementation for LoliCoin ...)
	NOT-FOR-US: smart contract implementation for LoliCoin
CVE-2018-13757 (The mintToken function of a smart contract implementation for Coinquer ...)
	NOT-FOR-US: smart contract implementation for Coinquer
CVE-2018-13756 (The mintToken function of a smart contract implementation for CherryCo ...)
	NOT-FOR-US: smart contract implementation for CherryCoinFoundation
CVE-2018-13755 (The mintToken function of a smart contract implementation for OTAKUTok ...)
	NOT-FOR-US: smart contract implementation for OTAKUToken
CVE-2018-13754 (The mintToken function of a smart contract implementation for Cryptosi ...)
	NOT-FOR-US: smart contract implementation for CryptosisToken
CVE-2018-13753 (The mintToken function of a smart contract implementation for DeWeiSec ...)
	NOT-FOR-US: smart contract implementation for DeWeiSecurityServiceToken
CVE-2018-13752 (The mintToken function of a smart contract implementation for Thread,  ...)
	NOT-FOR-US: smart contract implementation for Thread
CVE-2018-13751 (The mintToken function of a smart contract implementation for JustWall ...)
	NOT-FOR-US: smart contract implementation for JustWallet
CVE-2018-13750 (The mintToken function of a smart contract implementation for RichiumT ...)
	NOT-FOR-US: smart contract implementation for RichiumToken
CVE-2018-13749 (The mintToken function of a smart contract implementation for FinalTok ...)
	NOT-FOR-US: smart contract implementation for FinalToken
CVE-2018-13748 (The mintToken function of a smart contract implementation for CarToken ...)
	NOT-FOR-US: smart contract implementation for CarToken
CVE-2018-13747 (The mintToken function of a smart contract implementation for VanMinhC ...)
	NOT-FOR-US: smart contract implementation for VanMinhCoin
CVE-2018-13746 (The mintToken function of a smart contract implementation for kBit, an ...)
	NOT-FOR-US: smart contract implementation for kBit
CVE-2018-13745 (The mintToken function of a smart contract implementation for STCToken ...)
	NOT-FOR-US: smart contract implementation for STCToken
CVE-2018-13744 (The mintToken function of a smart contract implementation for Crowdnex ...)
	NOT-FOR-US: smart contract implementation for Crowdnext (CNX)
CVE-2018-13743 (The mintToken function of a smart contract implementation for SuperEne ...)
	NOT-FOR-US: smart contract implementation for SuperEnergy (SEC)
CVE-2018-13742 (The mintToken function of a smart contract implementation for tickets  ...)
	NOT-FOR-US: smart contract implementation for tickets (TKT)
CVE-2018-13741 (The mintToken function of a smart contract implementation for ABLGenes ...)
	NOT-FOR-US: smart contract implementation for ABLGenesisToken
CVE-2018-13740 (The mintToken function of a smart contract implementation for OneChain ...)
	NOT-FOR-US: smart contract implementation for OneChain
CVE-2018-13739 (The mintToken function of a smart contract implementation for dopnetwo ...)
	NOT-FOR-US: smart contract implementation for dopnetwork
CVE-2018-13738 (The mintToken function of a smart contract implementation for PELOCoin ...)
	NOT-FOR-US: smart contract implementation for PELOCoinToken
CVE-2018-13737 (The mintToken function of a smart contract implementation for AnovaBac ...)
	NOT-FOR-US: smart contract implementation for AnovaBace
CVE-2018-13736 (The mintToken function of a smart contract implementation for ELearnin ...)
	NOT-FOR-US: smart contract implementation for ELearningCoinERC
CVE-2018-13735 (The mintToken function of a smart contract implementation for ENTER (E ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken)
CVE-2018-13734 (The mintToken function of a smart contract implementation for AZTToken ...)
	NOT-FOR-US: smart contract implementation for AZTToken
CVE-2018-13733 (The mintToken function of a smart contract implementation for ProjectJ ...)
	NOT-FOR-US: smart contract implementation for ProjectJ
CVE-2018-13732 (The mintToken function of a smart contract implementation for RiptideC ...)
	NOT-FOR-US: smart contract implementation for RiptideCoin (RIPT)
CVE-2018-13731 (The mintToken function of a smart contract implementation for TokenMAC ...)
	NOT-FOR-US: smart contract implementation for TokenMACHU
CVE-2018-13730 (The mintToken function of a smart contract implementation for HEY, an  ...)
	NOT-FOR-US: smart contract implementation for HEY
CVE-2018-13729 (The mintToken function of a smart contract implementation for JPMD100B ...)
	NOT-FOR-US: smart contract implementation for JPMD100B
CVE-2018-13728 (The mintToken function of a smart contract implementation for JixoCoin ...)
	NOT-FOR-US: smart contract implementation for JixoCoin
CVE-2018-13727 (The mintToken function of a smart contract implementation for Eastcoin ...)
	NOT-FOR-US: smart contract implementation for Eastcoin
CVE-2018-13726 (The mintToken function of a smart contract implementation for ISeeVoic ...)
	NOT-FOR-US: smart contract implementation for ISeeVoiceToken
CVE-2018-13725 (The mintToken function of a smart contract implementation for GlobalSu ...)
	NOT-FOR-US: smart contract implementation for GlobalSuperGameToken
CVE-2018-13724 (The mint function of a smart contract implementation for HYIPCrowdsale ...)
	NOT-FOR-US: smart contract implementation for HYIPCrowdsale1
CVE-2018-13723 (The mintToken function of a smart contract implementation for SERVVIZI ...)
	NOT-FOR-US: smart contract implementation for SERVVIZIOToken
CVE-2018-13722 (The mint function of a smart contract implementation for HYIPToken, an ...)
	NOT-FOR-US: smart contract implementation for HYIPToken
CVE-2018-13721 (The mintToken function of a smart contract implementation for GoMineWo ...)
	NOT-FOR-US: smart contract implementation for GoMineWorld
CVE-2018-13720 (The mintToken function of a smart contract implementation for Antoken, ...)
	NOT-FOR-US: smart contract implementation for Antoken
CVE-2018-13719 (The mintToken function of a smart contract implementation for BiteduTo ...)
	NOT-FOR-US: smart contract implementation for BiteduToken
CVE-2018-13718 (The mintToken function of a smart contract implementation for FuturXe, ...)
	NOT-FOR-US: smart contract implementation for FuturXe
CVE-2018-13717 (The mintToken function of a smart contract implementation for Hormitec ...)
	NOT-FOR-US: smart contract implementation for HormitechToken
CVE-2018-13716 (The mintToken function of a smart contract implementation for sexhdsol ...)
	NOT-FOR-US: smart contract implementation for sexhdsolo
CVE-2018-13715 (The mintToken function of a smart contract implementation for BpsToken ...)
	NOT-FOR-US: smart contract implementation for BpsToken
CVE-2018-13714 (The mintToken function of a smart contract implementation for CM, an E ...)
	NOT-FOR-US: smart contract implementation for CM
CVE-2018-13713 (The mintToken function of a smart contract implementation for Tradesma ...)
	NOT-FOR-US: smart contract implementation for Tradesman
CVE-2018-13712 (The mintToken function of a smart contract implementation for PMET, an ...)
	NOT-FOR-US: smart contract implementation for PMET
CVE-2018-13711 (The mintToken function of a smart contract implementation for Databits ...)
	NOT-FOR-US: smart contract implementation for Databits
CVE-2018-13710 (The mintToken function of a smart contract implementation for Mjolnir, ...)
	NOT-FOR-US: smart contract implementation for Mjolnir
CVE-2018-13709 (The mintToken function of a smart contract implementation for Tube, an ...)
	NOT-FOR-US: smart contract implementation for Tube
CVE-2018-13708 (The mintToken function of a smart contract implementation for Order (E ...)
	NOT-FOR-US: smart contract implementation for Order (ETH) (Contract Name: BuyToken)
CVE-2018-13707 (The mintToken function of a smart contract implementation for YSS, an  ...)
	NOT-FOR-US: smart contract implementation for YSS
CVE-2018-13706 (The mintToken function of a smart contract implementation for IdeaCoin ...)
	NOT-FOR-US: smart contract implementation for IdeaCoin
CVE-2018-13705 (The mintToken function of a smart contract implementation for PMHToken ...)
	NOT-FOR-US: smart contract implementation for PMHToken
CVE-2018-13704 (The mintToken function of a smart contract implementation for eddToken ...)
	NOT-FOR-US: smart contract implementation for eddToken
CVE-2018-13703 (The mintToken function of a smart contract implementation for CERB_Coi ...)
	NOT-FOR-US: smart contract implementation for CERB_Coin
CVE-2018-13702 (The mintToken function of a smart contract implementation for Essence, ...)
	NOT-FOR-US: smart contract implementation for Essence
CVE-2018-13701 (The mintToken function of a smart contract implementation for KissMe,  ...)
	NOT-FOR-US: smart contract implementation for KissMe
CVE-2018-13700 (The mintToken function of a smart contract implementation for IPMCoin, ...)
	NOT-FOR-US: smart contract implementation for IPMCoin
CVE-2018-13699 (The mintToken function of a smart contract implementation for DestiNee ...)
	NOT-FOR-US: smart contract implementation for DestiNeed (DSN)
CVE-2018-13698 (The mintTokens function of a smart contract implementation for Play2Li ...)
	NOT-FOR-US: smart contract implementation for Play2LivePromo
CVE-2018-13697 (The mintToken function of a smart contract implementation for RobotBTC ...)
	NOT-FOR-US: smart contract implementation for RobotBTC
CVE-2018-13696 (The mintToken function of a smart contract implementation for RedTicke ...)
	NOT-FOR-US: smart contract implementation for RedTicket
CVE-2018-13695 (The mint function of a smart contract implementation for CTest7, an Et ...)
	NOT-FOR-US: smart contract implementation for CTest7
CVE-2018-13694 (The mintToken function of a smart contract implementation for GMile, a ...)
	NOT-FOR-US: smart contract implementation for GMile
CVE-2018-13693 (The mintToken function of a smart contract implementation for GreenEne ...)
	NOT-FOR-US: smart contract implementation for GreenEnergyToken
CVE-2018-13692 (The mintToken function of a smart contract implementation for MehdiTAZ ...)
	NOT-FOR-US: smart contract implementation for MehdiTAZIToken
CVE-2018-13691 (The mintToken function of a smart contract implementation for R Time T ...)
	NOT-FOR-US: smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain)
CVE-2018-13690 (The mintToken function of a smart contract implementation for Instacoc ...)
	NOT-FOR-US: smart contract implementation for Instacocoa
CVE-2018-13689 (The mintToken function of a smart contract implementation for CJXToken ...)
	NOT-FOR-US: smart contract implementation for CJXToken
CVE-2018-13688 (The mintToken function of a smart contract implementation for MallToke ...)
	NOT-FOR-US: smart contract implementation for MallToken
CVE-2018-13687 (The mintToken function of a smart contract implementation for normikai ...)
	NOT-FOR-US: smart contract implementation for normikaivo
CVE-2018-13686 (The mintToken function of a smart contract implementation for ICO Doll ...)
	NOT-FOR-US: smart contract implementation for ICO Dollar (ICOD)
CVE-2018-13685 (The mintToken function of a smart contract implementation for Vornox ( ...)
	NOT-FOR-US: smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken)
CVE-2018-13684 (The mintToken function of a smart contract implementation for ZIP, an  ...)
	NOT-FOR-US: smart contract implementation for ZIP
CVE-2018-13683 (The mintToken function of a smart contract implementation for exsulcoi ...)
	NOT-FOR-US: smart contract implementation for exsulcoin
CVE-2018-13682 (The mintToken function of a smart contract implementation for ViteMone ...)
	NOT-FOR-US: smart contract implementation for ViteMoneyCoin
CVE-2018-13681 (The mintToken function of a smart contract implementation for SOSCoin, ...)
	NOT-FOR-US: smart contract implementation for SOSCoin
CVE-2018-13680 (The mintToken function of a smart contract implementation for LexitTok ...)
	NOT-FOR-US: smart contract implementation for LexitToken
CVE-2018-13679 (The mintToken function of a smart contract implementation for ZPEcoin, ...)
	NOT-FOR-US: smart contract implementation for ZPEcoin
CVE-2018-13678 (The mintToken function of a smart contract implementation for Lottery, ...)
	NOT-FOR-US: smart contract implementation for Lottery
CVE-2018-13677 (The mintToken function of a smart contract implementation for Goochain ...)
	NOT-FOR-US: smart contract implementation for Goochain
CVE-2018-13676 (The mintToken function of a smart contract implementation for Orderboo ...)
	NOT-FOR-US: smart contract implementation for Orderbook Presale Token (OBP)
CVE-2018-13675 (The mintToken function of a smart contract implementation for YAMBYO,  ...)
	NOT-FOR-US: smart contract implementation for YAMBYO
CVE-2018-13674 (The mintToken function of a smart contract implementation for ComBillA ...)
	NOT-FOR-US: smart contract implementation for ComBillAdvancedToken
CVE-2018-13673 (The mintToken function of a smart contract implementation for GoldToke ...)
	NOT-FOR-US: smart contract implementation for GoldTokenERC20
CVE-2018-13672 (The mintToken function of a smart contract implementation for OBTCoin, ...)
	NOT-FOR-US: smart contract implementation for OBTCoin
CVE-2018-13671 (The mintToken function of a smart contract implementation for Dinstein ...)
	NOT-FOR-US: smart contract implementation for DinsteinCoin
CVE-2018-13670 (The mintToken function of a smart contract implementation for GFCB, an ...)
	NOT-FOR-US: smart contract implementation for GFCB
CVE-2018-13669 (The mintToken function of a smart contract implementation for NCU, an  ...)
	NOT-FOR-US: smart contract implementation for NCU
CVE-2018-13668 (The mintToken function of a smart contract implementation for BTPCoin, ...)
	NOT-FOR-US: smart contract implementation for BTPCoin
CVE-2018-13667 (The mintToken function of a smart contract implementation for UTBToken ...)
	NOT-FOR-US: smart contract implementation for UTBTokenTest
CVE-2018-13666 (The mintToken function of a smart contract implementation for Eristica ...)
	NOT-FOR-US: smart contract implementation for EristicaICO
CVE-2018-13665 (The mintToken function of a smart contract implementation for BCaaS, a ...)
	NOT-FOR-US: smart contract implementation for BCaaS
CVE-2018-13664 (The mintToken function of a smart contract implementation for CWS, an  ...)
	NOT-FOR-US: smart contract implementation for CWS
CVE-2018-13663 (The mintToken function of a smart contract implementation for BSCToken ...)
	NOT-FOR-US: smart contract implementation for BSCToken
CVE-2018-13662 (The mintToken function of a smart contract implementation for WorldOpc ...)
	NOT-FOR-US: smart contract implementation for WorldOpctionChain
CVE-2018-13661 (The mintToken function of a smart contract implementation for APP, an  ...)
	NOT-FOR-US: smart contract implementation for APP
CVE-2018-13660 (The mint function of a smart contract implementation for BillionReward ...)
	NOT-FOR-US: smart contract implementation for BillionRewardsToken
CVE-2018-13659 (The mintToken function of a smart contract implementation for BrianCoi ...)
	NOT-FOR-US: smart contract implementation for BrianCoin
CVE-2018-13658 (The mintToken function of a smart contract implementation for TheGoDgi ...)
	NOT-FOR-US: smart contract implementation for TheGoDgital
CVE-2018-13657 (The mintToken function of a smart contract implementation for Rice, an ...)
	NOT-FOR-US: smart contract implementation for Rice
CVE-2018-13656 (The mintToken function of a smart contract implementation for Sample T ...)
	NOT-FOR-US: smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable)
CVE-2018-13655 (The mintToken function of a smart contract implementation for GFC, an  ...)
	NOT-FOR-US: smart contract implementation for GFC
CVE-2018-13654 (The mintToken function of a smart contract implementation for ESTSToke ...)
	NOT-FOR-US: smart contract implementation for ESTSToken
CVE-2018-13653 (The mintToken function of a smart contract implementation for ipshoots ...)
	NOT-FOR-US: smart contract implementation for ipshoots
CVE-2018-13652 (The mintToken function of a smart contract implementation for TheGoDig ...)
	NOT-FOR-US: smart contract implementation for TheGoDigital
CVE-2018-13651 (The mintToken function of a smart contract implementation for MicoinNe ...)
	NOT-FOR-US: smart contract implementation for MicoinNetworkToken
CVE-2018-13650 (The mintToken function of a smart contract implementation for Bitmaxer ...)
	NOT-FOR-US: smart contract implementation for BitmaxerToken
CVE-2018-13649 (The mintToken function of a smart contract implementation for Deploy,  ...)
	NOT-FOR-US: smart contract implementation for Deploy
CVE-2018-13648 (The mintToken function of a smart contract implementation for BGC, an  ...)
	NOT-FOR-US: smart contract implementation for BGC
CVE-2018-13647 (The mintToken function of a smart contract implementation for TrueGold ...)
	NOT-FOR-US: smart contract implementation for TrueGoldCoinToken
CVE-2018-13646 (The mintToken function of a smart contract implementation for Datiac,  ...)
	NOT-FOR-US: smart contract implementation for Datiac
CVE-2018-13645 (The mintToken function of a smart contract implementation for Fiocoin, ...)
	NOT-FOR-US: smart contract implementation for Fiocoin
CVE-2018-13644 (The mintToken function of a smart contract implementation for RoyalCla ...)
	NOT-FOR-US: smart contract implementation for RoyalClassicCoin
CVE-2018-13643 (The mintToken function of a smart contract implementation for GCRToken ...)
	NOT-FOR-US: smart contract implementation for GCRTokenERC20
CVE-2018-13642 (The mintToken function of a smart contract implementation for SECoin,  ...)
	NOT-FOR-US: smart contract implementation for SECoin
CVE-2018-13641 (The mintToken function of a smart contract implementation for MVGcoin, ...)
	NOT-FOR-US: smart contract implementation for MVGcoin
CVE-2018-13640 (The mintToken function of a smart contract implementation for Ethereum ...)
	NOT-FOR-US: smart contract implementation for EthereumSmart
CVE-2018-13639 (The mintToken function of a smart contract implementation for Virtual  ...)
	NOT-FOR-US: smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20)
CVE-2018-13638 (The mintToken function of a smart contract implementation for Bitpark, ...)
	NOT-FOR-US: smart contract implementation for Bitpark
CVE-2018-13637 (The mintToken function of a smart contract implementation for CikkaCoi ...)
	NOT-FOR-US: smart contract implementation for CikkaCoin
CVE-2018-13636 (The mintToken function of a smart contract implementation for TurdCoin ...)
	NOT-FOR-US: smart contract implementation for TurdCoin
CVE-2018-13635 (The mintToken function of a smart contract implementation for HBCM, an ...)
	NOT-FOR-US: smart contract implementation for HBCM
CVE-2018-13634 (The mintToken function of a smart contract implementation for MediaCub ...)
	NOT-FOR-US: smart contract implementation for MediaCubeToken
CVE-2018-13633 (The mintToken function of a smart contract implementation for Martcoin ...)
	NOT-FOR-US: smart contract implementation for Martcoin
CVE-2018-13632 (The mintToken function of a smart contract implementation for NEXPARA, ...)
	NOT-FOR-US: smart contract implementation for NEXPARA
CVE-2018-13631 (The mintToken function of a smart contract implementation for doccoin, ...)
	NOT-FOR-US: smart contract implementation for doccoin
CVE-2018-13630 (The mintToken function of a smart contract implementation for DoccoinP ...)
	NOT-FOR-US: smart contract implementation for DoccoinPreICO
CVE-2018-13629 (The mintToken function of a smart contract implementation for CrimsonS ...)
	NOT-FOR-US: smart contract implementation for CrimsonShilling
CVE-2018-13628 (The mintToken function of a smart contract implementation for Momentum ...)
	NOT-FOR-US: smart contract implementation for MomentumToken
CVE-2018-13627 (The mintToken function of a smart contract implementation for MyOffer, ...)
	NOT-FOR-US: smart contract implementation for MyOffer
CVE-2018-13626 (The mintToken function of a smart contract implementation for SemainTo ...)
	NOT-FOR-US: smart contract implementation for SemainToken
CVE-2018-13625 (The mintlvlToken function of a smart contract implementation for Krown ...)
	NOT-FOR-US: smart contract implementation for Krown
CVE-2018-13624 (The mintToken function of a smart contract implementation for WXSLToke ...)
	NOT-FOR-US: smart contract implementation for WXSLToken
CVE-2018-13623 (The mintToken function of a smart contract implementation for Airdropp ...)
	NOT-FOR-US: smart contract implementation for AirdropperCryptics
CVE-2018-13622 (The mintToken function of a smart contract implementation for ObjectTo ...)
	NOT-FOR-US: smart contract implementation for ObjectToken (OBJ)
CVE-2018-13621 (The mintToken function of a smart contract implementation for SoundTri ...)
	NOT-FOR-US: smart contract implementation for SoundTribeToken
CVE-2018-13620 (The mintToken function of a smart contract implementation for TripCash ...)
	NOT-FOR-US: smart contract implementation for TripCash
CVE-2018-13619 (The mintToken function of a smart contract implementation for MicoinTo ...)
	NOT-FOR-US: smart contract implementation for MicoinToken
CVE-2018-13618 (The mintToken function of a smart contract implementation for VICETOKE ...)
	NOT-FOR-US: smart contract implementation for VICETOKEN_ICO_IS_A_SCAM
CVE-2018-13617 (The mintToken function of a smart contract implementation for CAPTOZ,  ...)
	NOT-FOR-US: smart contract implementation for CAPTOZ
CVE-2018-13616 (The mintToken function of a smart contract implementation for IOCT_Coi ...)
	NOT-FOR-US: smart contract implementation for IOCT_Coin
CVE-2018-13615 (The mintToken function of a smart contract implementation for MJCToken ...)
	NOT-FOR-US: smart contract implementation for MJCToken
CVE-2018-13614 (The mintToken function of a smart contract implementation for MAVCash, ...)
	NOT-FOR-US: smart contract implementation for MAVCash
CVE-2018-13613 (The mintToken function of a smart contract implementation for CON0217, ...)
	NOT-FOR-US: smart contract implementation for CON0217
CVE-2018-13612 (The mintToken function of a smart contract implementation for Robincoi ...)
	NOT-FOR-US: smart contract implementation for Robincoin
CVE-2018-13611 (The mintToken function of a smart contract implementation for CDcurren ...)
	NOT-FOR-US: smart contract implementation for CDcurrency
CVE-2018-13610 (The mintToken function of a smart contract implementation for Medicayu ...)
	NOT-FOR-US: smart contract implementation for MedicayunLink
CVE-2018-13609 (The mintToken function of a smart contract implementation for CSAToken ...)
	NOT-FOR-US: smart contract implementation for CSAToken
CVE-2018-13608 (The mintToken function of a smart contract implementation for archerco ...)
	NOT-FOR-US: smart contract implementation for archercoin
CVE-2018-13607 (The mintToken function of a smart contract implementation for Residual ...)
	NOT-FOR-US: smart contract implementation for ResidualShare
CVE-2018-13606 (The mintToken function of a smart contract implementation for ARChain, ...)
	NOT-FOR-US: smart contract implementation for ARChain
CVE-2018-13605 (The mintToken function of a smart contract implementation for Extreme  ...)
	NOT-FOR-US: smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken)
CVE-2018-13604 (The mintToken function of a smart contract implementation for wellieat ...)
	NOT-FOR-US: smart contract implementation for wellieat
CVE-2018-13603 (The mintToken function of a smart contract implementation for Briant2T ...)
	NOT-FOR-US: smart contract implementation for Briant2Token
CVE-2018-13602 (The mint function of a smart contract implementation for MiningToken,  ...)
	NOT-FOR-US: smart contract implementation for MiningToken
CVE-2018-13601 (The mintToken function of a smart contract implementation for Galactic ...)
	NOT-FOR-US: smart contract implementation for GalacticX
CVE-2018-13600 (The mintToken function of a smart contract implementation for AMToken, ...)
	NOT-FOR-US: smart contract implementation for AMToken
CVE-2018-13599 (The mintToken function of a smart contract implementation for Residual ...)
	NOT-FOR-US: smart contract implementation for ResidualValue
CVE-2018-13598 (The mintToken function of a smart contract implementation for SendMe,  ...)
	NOT-FOR-US: smart contract implementation for SendMe
CVE-2018-13597 (The mintToken function of a smart contract implementation for testcoin ...)
	NOT-FOR-US: smart contract implementation for testcoin
CVE-2018-13596 (The mintToken function of a smart contract implementation for TESTAhih ...)
	NOT-FOR-US: smart contract implementation for TESTAhihi
CVE-2018-13595 (The mintToken function of a smart contract implementation for BitStore ...)
	NOT-FOR-US: smart contract implementation for BitStore
CVE-2018-13594 (The mintToken function of a smart contract implementation for CardFact ...)
	NOT-FOR-US: smart contract implementation for CardFactory
CVE-2018-13593 (The mintToken function of a smart contract implementation for CardToke ...)
	NOT-FOR-US: smart contract implementation for CardToken
CVE-2018-13592 (The mintToken function of a smart contract implementation for RajTest, ...)
	NOT-FOR-US: smart contract implementation for RajTest
CVE-2018-13591 (The mintToken function of a smart contract implementation for KAPcoin, ...)
	NOT-FOR-US: smart contract implementation for KAPcoin
CVE-2018-13590 (The mintToken function of a smart contract implementation for SIPCOIN, ...)
	NOT-FOR-US: smart contract implementation for SIPCOIN
CVE-2018-13589 (The mintToken function of a smart contract implementation for MooAdvTo ...)
	NOT-FOR-US: smart contract implementation for MooAdvToken
CVE-2018-13588 (The mintToken function of a smart contract implementation for Code47 ( ...)
	NOT-FOR-US: smart contract implementation for Code47 (C47)
CVE-2018-13587 (The mintToken function of a smart contract implementation for DECToken ...)
	NOT-FOR-US: smart contract implementation for DECToken
CVE-2018-13586 (The mintToken function of a smart contract implementation for Nectar ( ...)
	NOT-FOR-US: smart contract implementation for Nectar (NCTR)
CVE-2018-13585 (The mintToken function of a smart contract implementation for CHERRYCO ...)
	NOT-FOR-US: smart contract implementation for CHERRYCOIN
CVE-2018-13584 (The mintToken function of a smart contract implementation for yasudem, ...)
	NOT-FOR-US: smart contract implementation for yasudem
CVE-2018-13583 (The mintToken function of a smart contract implementation for Shmoo, a ...)
	NOT-FOR-US: smart contract implementation for Shmoo
CVE-2018-13582 (The mintToken function of a smart contract implementation for My2Token ...)
	NOT-FOR-US: smart contract implementation for My2Token
CVE-2018-13581 (The mintToken function of a smart contract implementation for TravelCo ...)
	NOT-FOR-US: smart contract implementation for TravelCoin (TRV)
CVE-2018-13580 (The mintToken function of a smart contract implementation for Providen ...)
	NOT-FOR-US: smart contract implementation for ProvidenceCasino (PVE)
CVE-2018-13579 (The mintToken function of a smart contract implementation for ForeverC ...)
	NOT-FOR-US: smart contract implementation for ForeverCoin
CVE-2018-13578 (The mintToken function of a smart contract implementation for GalaxyCo ...)
	NOT-FOR-US: smart contract implementation for GalaxyCoin
CVE-2018-13577 (The mintToken function of a smart contract implementation for ShitCoin ...)
	NOT-FOR-US: smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit)
CVE-2018-13576 (The mintToken function of a smart contract implementation for Escut (E ...)
	NOT-FOR-US: smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer)
CVE-2018-13575 (The mintToken function of a smart contract implementation for YESToken ...)
	NOT-FOR-US: smart contract implementation for YESToken
CVE-2018-13574 (The mintToken function of a smart contract implementation for DataShie ...)
	NOT-FOR-US: smart contract implementation for DataShieldCoin
CVE-2018-13573 (The mintToken function of a smart contract implementation for TripPay, ...)
	NOT-FOR-US: smart contract implementation for TripPay
CVE-2018-13572 (The mintToken function of a smart contract implementation for PGM_Coin ...)
	NOT-FOR-US: smart contract implementation for PGM_Coin
CVE-2018-13571 (The mintToken function of a smart contract implementation for GoramCoi ...)
	NOT-FOR-US: smart contract implementation for GoramCoin
CVE-2018-13570 (The mint function of a smart contract implementation for kkTestCoin1 ( ...)
	NOT-FOR-US: smart contract implementation for kkTestCoin1 (KTC1)
CVE-2018-13569 (The mintToken function of a smart contract implementation for HitToken ...)
	NOT-FOR-US: smart contract implementation for HitToken
CVE-2018-13568 (The mintToken function of a smart contract implementation for MktCoin, ...)
	NOT-FOR-US: smart contract implementation for MktCoin
CVE-2018-13567 (The mintToken function of a smart contract implementation for SDR, an  ...)
	NOT-FOR-US: smart contract implementation for SDR
CVE-2018-13566 (The mintToken function of a smart contract implementation for RETNToke ...)
	NOT-FOR-US: smart contract implementation for RETNToken
CVE-2018-13565 (The mintToken function of a smart contract implementation for Co2Bit,  ...)
	NOT-FOR-US: smart contract implementation for Co2Bit
CVE-2018-13564 (The mintToken function of a smart contract implementation for GATcoin, ...)
	NOT-FOR-US: smart contract implementation for GATcoin
CVE-2018-13563 (The mintToken function of a smart contract implementation for UPayToke ...)
	NOT-FOR-US: smart contract implementation for UPayToken
CVE-2018-13562 (The mintToken function of a smart contract implementation for BMVCoin, ...)
	NOT-FOR-US: smart contract implementation for BMVCoin
CVE-2018-13561 (The mintToken function of a smart contract implementation for YourCoin ...)
	NOT-FOR-US: smart contract implementation for YourCoin (ICO) (Contract Name: ETH033)
CVE-2018-13560 (The mintToken function of a smart contract implementation for KelvinTo ...)
	NOT-FOR-US: smart contract implementation for KelvinToken
CVE-2018-13559 (The mintToken function of a smart contract implementation for UTCT, an ...)
	NOT-FOR-US: smart contract implementation for UTCT
CVE-2018-13558 (The mintToken function of a smart contract implementation for rhovit,  ...)
	NOT-FOR-US: smart contract implementation for rhovit
CVE-2018-13557 (The mintToken function of a smart contract implementation for Trabet_C ...)
	NOT-FOR-US: smart contract implementation for Trabet_Coin
CVE-2018-13556 (The mintToken function of a smart contract implementation for COSMOTok ...)
	NOT-FOR-US: smart contract implementation for COSMOTokenERC20
CVE-2018-13555 (The mintToken function of a smart contract implementation for JaxBox,  ...)
	NOT-FOR-US: smart contract implementation for JaxBox
CVE-2018-13554 (The mintToken function of a smart contract implementation for MoneyTre ...)
	NOT-FOR-US: smart contract implementation for MoneyTree (TREE)
CVE-2018-13553 (The mintToken function of a smart contract implementation for Micro BT ...)
	NOT-FOR-US: smart contract implementation for Micro BTC (MBTC)
CVE-2018-13552 (The mintToken function of a smart contract implementation for Trabet_C ...)
	NOT-FOR-US: smart contract implementation for Trabet_Coin_PreICO
CVE-2018-13551 (The mintToken function of a smart contract implementation for Bgamecoi ...)
	NOT-FOR-US: smart contract implementation for Bgamecoin
CVE-2018-13550 (The mintToken function of a smart contract implementation for Coquinho ...)
	NOT-FOR-US: smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20)
CVE-2018-13549 (The mintToken function of a smart contract implementation for NeuroTok ...)
	NOT-FOR-US: smart contract implementation for NeuroToken
CVE-2018-13548 (The mintToken function of a smart contract implementation for Mimicoin ...)
	NOT-FOR-US: smart contract implementation for Mimicoin
CVE-2018-13547 (The mintToken function of a smart contract implementation for Providen ...)
	NOT-FOR-US: smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken)
CVE-2018-13546 (The mintToken function of a smart contract implementation for CCASH, a ...)
	NOT-FOR-US: smart contract implementation for CCASH
CVE-2018-13545 (The mintToken function of a smart contract implementation for HashShie ...)
	NOT-FOR-US: smart contract implementation for HashShield
CVE-2018-13544 (The mintToken function of a smart contract implementation for Numisma, ...)
	NOT-FOR-US: smart contract implementation for Numisma
CVE-2018-13543 (The mintToken function of a smart contract implementation for Gemstone ...)
	NOT-FOR-US: smart contract implementation for GemstoneToken
CVE-2018-13542 (The mintToken function of a smart contract implementation for ZIBToken ...)
	NOT-FOR-US: smart contract implementation for ZIBToken
CVE-2018-13541 (The mintToken function of a smart contract implementation for CryptoLe ...)
	NOT-FOR-US: smart contract implementation for CryptoLeu
CVE-2018-13540 (The mintToken function of a smart contract implementation for GSI, an  ...)
	NOT-FOR-US: smart contract implementation for GSI
CVE-2018-13539 (The mintToken function of a smart contract implementation for Bcxss, a ...)
	NOT-FOR-US: smart contract implementation for Bcxss
CVE-2018-13538 (The mintToken function of a smart contract implementation for SIPCToke ...)
	NOT-FOR-US: smart contract implementation for SIPCToken
CVE-2018-13537 (The mintToken function of a smart contract implementation for Ethereum ...)
	NOT-FOR-US: smart contract implementation for EthereumLegit
CVE-2018-13536 (The mintToken function of a smart contract implementation for ERC20_IC ...)
	NOT-FOR-US: smart contract implementation for ERC20_ICO
CVE-2018-13535 (The mintToken function of a smart contract implementation for PACCOIN, ...)
	NOT-FOR-US: smart contract implementation for PACCOIN
CVE-2018-13534 (The mintToken function of a smart contract implementation for SpeedCas ...)
	NOT-FOR-US: smart contract implementation for SpeedCashLite (SCSL)
CVE-2018-13533 (The mintToken function of a smart contract implementation for ALUXToke ...)
	NOT-FOR-US: smart contract implementation for ALUXToken
CVE-2018-13532 (The mintToken function of a smart contract implementation for Mindexco ...)
	NOT-FOR-US: smart contract implementation for Mindexcoin
CVE-2018-13531 (The mintToken function of a smart contract implementation for MaxHouse ...)
	NOT-FOR-US: smart contract implementation for MaxHouse
CVE-2018-13530 (The mintToken function of a smart contract implementation for HunterCo ...)
	NOT-FOR-US: smart contract implementation for HunterCoin
CVE-2018-13529 (The mintToken function of a smart contract implementation for BetterTh ...)
	NOT-FOR-US: smart contract implementation for BetterThanAdrien
CVE-2018-13528 (The mintToken function of a smart contract implementation for DhaCoin, ...)
	NOT-FOR-US: smart contract implementation for DhaCoin
CVE-2018-13527 (The mintToken function of a smart contract implementation for ElevateC ...)
	NOT-FOR-US: smart contract implementation for ElevateCoin
CVE-2018-13526 (The mintToken function of a smart contract implementation for WangWang ...)
	NOT-FOR-US: smart contract implementation for WangWangToken
CVE-2018-13525 (The mintToken function of a smart contract implementation for Flow, an ...)
	NOT-FOR-US: smart contract implementation for Flow
CVE-2018-13524 (The mintToken function of a smart contract implementation for PornCoin ...)
	NOT-FOR-US: smart contract implementation for PornCoin (PRNC)
CVE-2018-13523 (The mintToken function of a smart contract implementation for SmartPay ...)
	NOT-FOR-US: smart contract implementation for SmartPayment
CVE-2018-13522 (The mintToken function of a smart contract implementation for EXGROUP, ...)
	NOT-FOR-US: smart contract implementation for EXGROUP
CVE-2018-13521 (The mintToken function of a smart contract implementation for PinkyTok ...)
	NOT-FOR-US: smart contract implementation for PinkyToken
CVE-2018-13520 (The mintToken function of a smart contract implementation for Topscoin ...)
	NOT-FOR-US: smart contract implementation for TopscoinAdvanced
CVE-2018-13519 (The mint function of a smart contract implementation for DigitalCloudT ...)
	NOT-FOR-US: smart contract implementation for DigitalCloudToken
CVE-2018-13518 (The mintToken function of a smart contract implementation for TCash, a ...)
	NOT-FOR-US: smart contract implementation for TCash
CVE-2018-13517 (The mintToken function of a smart contract implementation for C3 Token ...)
	NOT-FOR-US: smart contract implementation for C3 Token (C3)
CVE-2018-13516 (The mintToken function of a smart contract implementation for Super Co ...)
	NOT-FOR-US: smart contract implementation for Super Cool Awesome Money (SCAM)
CVE-2018-13515 (The mintToken function of a smart contract implementation for aman, an ...)
	NOT-FOR-US: smart contract implementation for aman
CVE-2018-13514 (The mintToken function of a smart contract implementation for esportz, ...)
	NOT-FOR-US: smart contract implementation for esportz
CVE-2018-13513 (The mintToken function of a smart contract implementation for Ubiou, a ...)
	NOT-FOR-US: smart contract implementation for Ubiou
CVE-2018-13512 (The mintToken function of a smart contract implementation for SmartHom ...)
	NOT-FOR-US: smart contract implementation for SmartHomeCoin
CVE-2018-13511 (The mintToken function of a smart contract implementation for CorelliC ...)
	NOT-FOR-US: smart contract implementation for CorelliCoin
CVE-2018-13510 (The mintToken function of a smart contract implementation for Welfare  ...)
	NOT-FOR-US: smart contract implementation for Welfare Token Fund (WTF)
CVE-2018-13509 (The mintToken function of a smart contract implementation for IamRich, ...)
	NOT-FOR-US: smart contract implementation for IamRich
CVE-2018-13508 (The mintToken function of a smart contract implementation for VITToken ...)
	NOT-FOR-US: smart contract implementation for VITToken
CVE-2018-13507 (The mintToken function of a smart contract implementation for SLCAdvan ...)
	NOT-FOR-US: smart contract implementation for SLCAdvancedToken
CVE-2018-13506 (The mintToken function of a smart contract implementation for SDR22, a ...)
	NOT-FOR-US: smart contract implementation for SDR22
CVE-2018-13505 (The mintToken function of a smart contract implementation for ecogreen ...)
	NOT-FOR-US: smart contract implementation for ecogreenhouse
CVE-2018-13504 (The mintToken function of a smart contract implementation for MMCoin,  ...)
	NOT-FOR-US: smart contract implementation for MMCoin
CVE-2018-13503 (The mintToken function of a smart contract implementation for South Pa ...)
	NOT-FOR-US: smart contract implementation for South Park Token Token (SPTKN)
CVE-2018-13502 (The mintToken function of a smart contract implementation for HeliumNe ...)
	NOT-FOR-US: smart contract implementation for HeliumNetwork
CVE-2018-13501 (The mintToken function of a smart contract implementation for HRWtoken ...)
	NOT-FOR-US: smart contract implementation for HRWtoken
CVE-2018-13500 (The mintToken function of a smart contract implementation for MSXAdvan ...)
	NOT-FOR-US: smart contract implementation for MSXAdvanced
CVE-2018-13499 (The mintToken function of a smart contract implementation for Crowdsal ...)
	NOT-FOR-US: smart contract implementation for Crowdsale
CVE-2018-13498 (The mintToken function of a smart contract implementation for KAPAYcoi ...)
	NOT-FOR-US: smart contract implementation for KAPAYcoin
CVE-2018-13497 (The mintToken function of a smart contract implementation for COBToken ...)
	NOT-FOR-US: smart contract implementation for COBToken
CVE-2018-13496 (The mintToken function of a smart contract implementation for RajTestI ...)
	NOT-FOR-US: smart contract implementation for RajTestICO
CVE-2018-13495 (The mintToken function of a smart contract implementation for KMCToken ...)
	NOT-FOR-US: smart contract implementation for KMCToken
CVE-2018-13494 (The mintToken function of a smart contract implementation for SusanTok ...)
	NOT-FOR-US: smart contract implementation for SusanTokenERC20
CVE-2018-13493 (The mintToken function of a smart contract implementation for DaddyTok ...)
	NOT-FOR-US: smart contract implementation for DaddyToken
CVE-2018-13492 (The mintToken function of a smart contract implementation for naga, an ...)
	NOT-FOR-US: smart contract implementation for naga
CVE-2018-13491 (The mintToken function of a smart contract implementation for Carrot,  ...)
	NOT-FOR-US: smart contract implementation for Carrot
CVE-2018-13490 (The mintToken function of a smart contract implementation for FILM, an ...)
	NOT-FOR-US: smart contract implementation for FILM
CVE-2018-13489 (The mintToken function of a smart contract implementation for OllisCoi ...)
	NOT-FOR-US: smart contract implementation for OllisCoin
CVE-2018-13488 (The mintToken function of a smart contract implementation for Crypto A ...)
	NOT-FOR-US: smart contract implementation for Crypto Alley Shares (CAST)
CVE-2018-13487 (The mintToken function of a smart contract implementation for PlatoTok ...)
	NOT-FOR-US: smart contract implementation for PlatoToken
CVE-2018-13486 (The mintToken function of a smart contract implementation for HELP, an ...)
	NOT-FOR-US: smart contract implementation for HELP
CVE-2018-13485 (The mintToken function of a smart contract implementation for BitcoinA ...)
	NOT-FOR-US: smart contract implementation for BitcoinAgileToken
CVE-2018-13484 (The mintToken function of a smart contract implementation for CBRToken ...)
	NOT-FOR-US: smart contract implementation for CBRToken
CVE-2018-13483 (The mintToken function of a smart contract implementation for mkethTok ...)
	NOT-FOR-US: smart contract implementation for mkethToken
CVE-2018-13482 (The mintToken function of a smart contract implementation for ETHERCAS ...)
	NOT-FOR-US: smart contract implementation for ETHERCASH (ETC)
CVE-2018-13481 (The mintToken function of a smart contract implementation for TRIUM, a ...)
	NOT-FOR-US: smart contract implementation for TRIUM
CVE-2018-13480 (The mintToken function of a smart contract implementation for QRG, an  ...)
	NOT-FOR-US: smart contract implementation for QRG
CVE-2018-13479 (The mintToken function of a smart contract implementation for Slidebit ...)
	NOT-FOR-US: smart contract implementation for SlidebitsToken
CVE-2018-13478 (The mintToken function of a smart contract implementation for DMPToken ...)
	NOT-FOR-US: smart contract implementation for DMPToken
CVE-2018-13477 (The mintToken function of a smart contract implementation for CTESale, ...)
	NOT-FOR-US: smart contract implementation for CTESale
CVE-2018-13476 (The mintToken function of a smart contract implementation for PhilCoin ...)
	NOT-FOR-US: smart contract implementation for PhilCoin
CVE-2018-13475 (The mintToken function of a smart contract implementation for VSCToken ...)
	NOT-FOR-US: smart contract implementation for VSCToken
CVE-2018-13474 (The mintToken function of a smart contract implementation for FansChai ...)
	NOT-FOR-US: smart contract implementation for FansChainToken
CVE-2018-13473 (The mintToken function of a smart contract implementation for ohni_2 ( ...)
	NOT-FOR-US: smart contract implementation for ohni_2 (OHNI)
CVE-2018-13472 (The mint function of a smart contract implementation for CloutToken, a ...)
	NOT-FOR-US: smart contract implementation for CloutToken
CVE-2018-13471 (The mintToken function of a smart contract implementation for BeyondCa ...)
	NOT-FOR-US: smart contract implementation for BeyondCashToken
CVE-2018-13470 (The mintToken function of a smart contract implementation for BuyerTok ...)
	NOT-FOR-US: smart contract implementation for BuyerToken
CVE-2018-13469 (The mintToken function of a smart contract implementation for IcoContr ...)
	NOT-FOR-US: smart contract implementation for IcoContract
CVE-2018-13468 (The mintToken function of a smart contract implementation for Cavecoin ...)
	NOT-FOR-US: smart contract implementation for Cavecoin
CVE-2018-13467 (The mintToken function of a smart contract implementation for Epiphany ...)
	NOT-FOR-US: smart contract implementation for EpiphanyCoin
CVE-2018-13466 (The mintToken function of a smart contract implementation for Crystals ...)
	NOT-FOR-US: smart contract implementation for Crystals
CVE-2018-13465 (The mintToken function of a smart contract implementation for PaulyCoi ...)
	NOT-FOR-US: smart contract implementation for PaulyCoin
CVE-2018-13464 (The mintToken function of a smart contract implementation for t_swap,  ...)
	NOT-FOR-US: smart contract implementation for t_swap
CVE-2018-13463 (The mintToken function of a smart contract implementation for T-Swap-T ...)
	NOT-FOR-US: smart contract implementation for T-Swap-Token (T-S-T)
CVE-2018-13462 (The mintToken function of a smart contract implementation for MoonToke ...)
	NOT-FOR-US: smart contract implementation for MoonToken
CVE-2018-13461
	RESERVED
CVE-2018-13460
	RESERVED
CVE-2018-13459
	RESERVED
CVE-2018-13458 (qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer de ...)
	- nagios4 4.3.4-3 (low; bug #917160)
	NOTE: https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13457 (qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer de ...)
	- nagios4 4.3.4-3 (low; bug #917160)
	NOTE: https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13456
	RESERVED
CVE-2018-13455
	RESERVED
CVE-2018-13454
	RESERVED
CVE-2018-13453
	RESERVED
CVE-2018-13452
	RESERVED
CVE-2018-13451
	RESERVED
CVE-2018-13450 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13449 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13448 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13447 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line appli ...)
	NOT-FOR-US: LINE jp.naver.line application for Android
CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-13443 (EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted was ...)
	NOT-FOR-US: EOS.IO jit-wasm
CVE-2018-13442 (SolarWinds Network Performance Monitor 12.3 allows SQL Injection via t ...)
	NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL po ...)
	- nagios4 4.3.4-3 (low; bug #917160)
	NOTE: https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13440 (The audiofile Audio File Library 0.3.6 has a NULL pointer dereference  ...)
	- audiofile 0.3.6-5 (low; bug #903499)
	[stretch] - audiofile 0.3.6-4+deb9u1
	[jessie] - audiofile <no-dsa> (Minor issue)
	NOTE: https://github.com/mpruett/audiofile/issues/49
CVE-2018-13439 (WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a mercha ...)
	NOT-FOR-US: WeChat Pay Java SDK
CVE-2018-13438
	RESERVED
CVE-2018-13437
	RESERVED
CVE-2018-13436
	RESERVED
CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line appli ...)
	NOT-FOR-US: LINE jp.naver.line application for iOS
CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line appli ...)
	NOT-FOR-US: LINE jp.naver.line application for iOS
CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as  ...)
	NOT-FOR-US: Boostnote
CVE-2018-13432
	RESERVED
CVE-2018-13431
	RESERVED
CVE-2018-13430
	RESERVED
CVE-2018-13429
	RESERVED
CVE-2018-13428
	RESERVED
CVE-2018-13427
	RESERVED
CVE-2018-13426
	RESERVED
CVE-2018-13425
	RESERVED
CVE-2018-13424
	RESERVED
CVE-2018-13423 (admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows X ...)
	NOT-FOR-US: Omeka
CVE-2018-13422 (TCExam before 14.1.2 has XSS via an ff_ or xl_ field. ...)
	NOT-FOR-US: TCExam
CVE-2018-13421 (Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a  ...)
	- fast-cpp-csv-parser 0.0+git20160525~9bf299c-2 (low; bug #903247)
	[stretch] - fast-cpp-csv-parser <no-dsa> (Minor issue)
	[jessie] - fast-cpp-csv-parser <no-dsa> (Minor issue)
	NOTE: https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67
	NOTE: https://github.com/ben-strasser/fast-cpp-csv-parser/commit/8cf591aa7397f4372778cc927e184d28ee591093
CVE-2018-13420 (** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_exten ...)
	- google-perftools <unfixed> (unimportant; bug #903248)
	NOTE: https://github.com/gperftools/gperftools/issues/1013
CVE-2018-13419 (** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is  ...)
	NOTE: Misreport, not reprodiucible by upstream and no test file was provided
	NOTE: https://github.com/erikd/libsndfile/issues/398
CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 all ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPn ...)
	- azureus <removed>
CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP ...)
	NOT-FOR-US: Universal Media Server
CVE-2018-13415 (In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP ...)
	NOT-FOR-US: Plex Media Server
CVE-2018-13414
	RESERVED
CVE-2018-13413
	RESERVED
CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ManageEngin ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central before 10 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line opti ...)
	- zip <unfixed> (unimportant; bug #903196)
	NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
	NOTE: Negligible security impact, would involve that a untrusted party controls
	NOTE: the -TT value.
CVE-2018-13409 (An issue was discovered in Jirafeau before 3.4.1. The "search file by  ...)
	NOT-FOR-US: Jirafeau
CVE-2018-13408 (An issue was discovered in Jirafeau before 3.4.1. The "search file by  ...)
	NOT-FOR-US: Jirafeau
CVE-2018-13407 (A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file ...)
	NOT-FOR-US: Jirafeau
CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in drivers/video/f ...)
	{DLA-1715-1 DLA-1529-1}
	- linux 4.17.6-1
	[stretch] - linux 4.9.130-1
	NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713
CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel throug ...)
	{DSA-4266-1 DLA-1529-1 DLA-1466-1}
	- linux 4.17.6-1
	NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira before versio ...)
	NOT-FOR-US: Atlassian
CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira before  ...)
	NOT-FOR-US: Atlassian
CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from version 7. ...)
	NOT-FOR-US: Atlassian
CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, f ...)
	NOT-FOR-US: Atlassian
CVE-2018-13400 (Several administrative resources in Atlassian Jira before version 7.6. ...)
	NOT-FOR-US: Atlassian
CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucible bef ...)
	NOT-FOR-US: Atlassian
CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and Cru ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for Window ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ver ...)
	NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence Questions  ...)
	NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version 4.6 ...)
	NOT-FOR-US: Atlassian
CVE-2018-13391 (The ProfileLinkUserFormat component of Jira Server before version 7.6. ...)
	NOT-FOR-US: Atlassian Jira Server
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from  ...)
	NOT-FOR-US: Atlassian
CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6.6.1 a ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible befor ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server before versi ...)
	NOT-FOR-US: Atlassian
CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree for Window ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for macOS  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13379 (An Improper Limitation of a Pathname to a Restricted Directory ("Path  ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13378 (An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 an ...)
	NOT-FOR-US: Fortinet FortiSIEM
CVE-2018-13377
	RESERVED
CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 t ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...)
	NOT-FOR-US: FortiAnalyzer and FortiManager
CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13373
	RESERVED
CVE-2018-13372
	RESERVED
CVE-2018-13371 (An external control of system vulnerability in FortiOS may allow an au ...)
	NOT-FOR-US: Fortiguard
CVE-2018-13370
	RESERVED
CVE-2018-13369
	RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and belo ...)
	NOT-FOR-US: FortiOS
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13364
	RESERVED
CVE-2018-13363
	RESERVED
CVE-2018-13362
	RESERVED
CVE-2018-13361 (User enumeration in usertable.php in TerraMaster TOS version 3.1.03 al ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13360 (Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03  ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13359 (Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13358 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13357 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13355 (Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13353 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13352 (Session Exposure in the web application for TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13351 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13350 (SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13349 (Cross-site scripting in the web application taskbar in TerraMaster TOS ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13345
	RESERVED
CVE-2018-13344
	RESERVED
CVE-2018-13343
	RESERVED
CVE-2018-13342 (The server API in the Anda app relies on hardcoded credentials. ...)
	NOT-FOR-US: Anda app
CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all vers ...)
	NOT-FOR-US: Creston
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode  ...)
	NOT-FOR-US: Imperavi Redactor
CVE-2018-13338 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13337 (Session Fixation in the web application for TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13336 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13335 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13334 (Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 a ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13333 (Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13332 (Directory Traversal in the explorer application in TerraMaster TOS ver ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13331 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13330 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract imp ...)
	NOT-FOR-US: smart contract
CVE-2018-13327 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract
CVE-2018-13326 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract
CVE-2018-13325 (The _sell function of a smart contract implementation for GROWCHAIN (G ...)
	NOT-FOR-US: smart contract
CVE-2018-13324 (Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13323 (Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.6 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13322 (Directory traversal in list_folders method in Buffalo TS5600D1206 vers ...)
	NOT-FOR-US: Buffalo
CVE-2018-13321 (Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.6 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13320 (System Command Injection in network.set_auth_settings in Buffalo TS560 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13319 (Incorrect access control in get_portal_info in Buffalo TS5600D1206 ver ...)
	NOT-FOR-US: Buffalo
CVE-2018-13318 (System command injection in User.create method in Buffalo TS5600D1206  ...)
	NOT-FOR-US: Buffalo
CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8  ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002RU vers ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the  ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13310 (Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13309 (Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13307 (System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8  ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13306 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the mqu ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4#commitcomment-30094223
CVE-2018-13304 (In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235
CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bit ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRA ...)
	{DSA-4249-1}
	- ffmpeg 7:3.4.3-1
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
	NOTE: Fixed in 3.2.11
CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value before sett ...)
	- ffmpeg 7:4.0.2-1 (low)
	[stretch] - ffmpeg <not-affected> (3.2.x not affected)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code path not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
	NOTE: It looks like Jessie is not affected but we need the reproducer to confirm this assumption.
CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to th ...)
	{DSA-4249-1}
	- ffmpeg 7:3.4.3-1
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
	NOTE: Fixed in 3.2.11
CVE-2018-13299 (Relative path traversal vulnerability in Attachment Uploader in Synolo ...)
	NOT-FOR-US: Synology
CVE-2018-13298 (Channel accessible by non-endpoint vulnerability in privacy page in Sy ...)
	NOT-FOR-US: Synology
CVE-2018-13297 (Information exposure vulnerability in SYNO.SynologyDrive.Files in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-13296 (Uncontrolled resource consumption vulnerability in TLS configuration i ...)
	NOT-FOR-US: Synology
CVE-2018-13295 (Information exposure vulnerability in SYNO.Personal.Application.Info i ...)
	NOT-FOR-US: Synology
CVE-2018-13294 (Information exposure vulnerability in SYNO.Personal.Profile in Synolog ...)
	NOT-FOR-US: Synology
CVE-2018-13293 (Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings ...)
	NOT-FOR-US: Synology
CVE-2018-13292 (Information exposure vulnerability in /usr/syno/etc/mount.conf in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-13291 (Information exposure vulnerability in /usr/syno/etc/mount.conf in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-13290 (Information exposure vulnerability in SYNO.Core.ACL in Synology Router ...)
	NOT-FOR-US: Synology
CVE-2018-13289 (Information exposure vulnerability in SYNO.FolderSharing.List in Synol ...)
	NOT-FOR-US: Synology
CVE-2018-13288 (Information exposure vulnerability in SYNO.FolderSharing.List in Synol ...)
	NOT-FOR-US: Synology
CVE-2018-13287 (Incorrect default permissions vulnerability in synouser.conf in Synolo ...)
	NOT-FOR-US: Synology
CVE-2018-13286 (Incorrect default permissions vulnerability in synouser.conf in Synolo ...)
	NOT-FOR-US: Synology
CVE-2018-13285 (Command injection vulnerability in ftpd in Synology Router Manager (SR ...)
	NOT-FOR-US: Synology
CVE-2018-13284 (Command injection vulnerability in ftpd in Synology Diskstation Manage ...)
	NOT-FOR-US: Synology
CVE-2018-13283 (Lack of administrator control over security vulnerability in client.cg ...)
	NOT-FOR-US: Synology
CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology P ...)
	NOT-FOR-US: Synology Photo Station
CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in Synology DiskSt ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-13280 (Use of insufficiently random values vulnerability in SYNO.Encryption.G ...)
	NOT-FOR-US: Synology
CVE-2018-13279
	RESERVED
CVE-2018-13278
	RESERVED
CVE-2018-13277
	REJECTED
CVE-2018-13276
	REJECTED
CVE-2018-13275
	REJECTED
CVE-2018-13274
	REJECTED
CVE-2018-13273
	REJECTED
CVE-2018-13272
	REJECTED
CVE-2018-13271
	REJECTED
CVE-2018-13270
	REJECTED
CVE-2018-13269
	REJECTED
CVE-2018-13268
	REJECTED
CVE-2018-13267
	REJECTED
CVE-2018-13266
	REJECTED
CVE-2018-13265
	REJECTED
CVE-2018-13264
	REJECTED
CVE-2018-13263
	REJECTED
CVE-2018-13262
	REJECTED
CVE-2018-13261
	REJECTED
CVE-2018-13260
	REJECTED
CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64  ...)
	- zsh 5.6-1 (bug #908000)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/mla/zsh-announce/136
	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
CVE-2018-13258 (Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided ta ...)
	- mediawiki <not-affected> (Affected upstream tarball was never used)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T199029
CVE-2018-13257 (The bb-auth-provider-cas authentication module within Blackboard Learn ...)
	NOT-FOR-US: Blackboard Learn
CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or fir ...)
	NOT-FOR-US: PHP Scripts Mall Auditor Website
CVE-2018-13255
	RESERVED
CVE-2018-13254
	RESERVED
CVE-2018-13253
	RESERVED
CVE-2018-13252 (Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain  ...)
	NOT-FOR-US: Entrust Datacard Syntera CS
CVE-2018-13251 (In libming 0.4.8, there is an excessive memory allocation attempt in t ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/149
CVE-2018-13250 (libming 0.4.8 has a NULL pointer dereference in the getString function ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/147
CVE-2018-13249
	RESERVED
CVE-2018-13248
	RESERVED
CVE-2018-13247
	RESERVED
CVE-2018-13246
	RESERVED
CVE-2018-13245
	RESERVED
CVE-2018-13244
	RESERVED
CVE-2018-13243
	RESERVED
CVE-2018-13242
	RESERVED
CVE-2018-13241
	RESERVED
CVE-2018-13240
	RESERVED
CVE-2018-13239
	RESERVED
CVE-2018-13238
	RESERVED
CVE-2018-13237
	RESERVED
CVE-2018-13236
	RESERVED
CVE-2018-13235
	RESERVED
CVE-2018-13234
	RESERVED
CVE-2018-13233 (The sell function of a smart contract implementation for GSI, an Ether ...)
	NOT-FOR-US: smart contract implementation for GSI
CVE-2018-13232 (The sell function of a smart contract implementation for ENTER (ENTR)  ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR)
CVE-2018-13231 (The sell function of a smart contract implementation for ENTER (ENTR)  ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR)
CVE-2018-13230 (The sell function of a smart contract implementation for DestiNeed (DS ...)
	NOT-FOR-US: smart contract implementation for DestiNeed (DSN)
CVE-2018-13229 (The sell function of a smart contract implementation for RiptideCoin ( ...)
	NOT-FOR-US: smart contract implementation for RiptideCoin (RIPT)
CVE-2018-13228 (The sell function of a smart contract implementation for Crowdnext (CN ...)
	NOT-FOR-US: smart contract implementation for Crowdnext (CNX)
CVE-2018-13227 (The sell function of a smart contract implementation for MoneyChainNet ...)
	NOT-FOR-US: smart contract implementation for MoneyChainNet (MCN)
CVE-2018-13226 (The sell function of a smart contract implementation for YLCToken, an  ...)
	NOT-FOR-US: smart contract implementation for YLCToken
CVE-2018-13225 (The sell function of a smart contract implementation for MyYLC, an Eth ...)
	NOT-FOR-US: smart contract implementation for MyYLC
CVE-2018-13224 (The sell function of a smart contract implementation for Virtual Energ ...)
	NOT-FOR-US: smart contract implementation for Virtual Energy Units (VEU)
CVE-2018-13223 (The sell function of a smart contract implementation for R Time Token  ...)
	NOT-FOR-US: smart contract implementation for R Time Token v3 (RS)
CVE-2018-13222 (The sell function of a smart contract implementation for ObjectToken ( ...)
	NOT-FOR-US: smart contract implementation for ObjectToken (OBJ)
CVE-2018-13221 (The sell function of a smart contract implementation for Extreme Coin  ...)
	NOT-FOR-US: smart contract implementation for Extreme Coin (XT)
CVE-2018-13220 (The sell function of a smart contract implementation for MAVCash, an E ...)
	NOT-FOR-US: smart contract implementation for MAVCash
CVE-2018-13219 (The sell function of a smart contract implementation for YourCoin (ICO ...)
	NOT-FOR-US: smart contract implementation for YourCoin (ICO)
CVE-2018-13218 (The sell function of a smart contract implementation for ICO Dollar (I ...)
	NOT-FOR-US: smart contract implementation for ICO Dollar (ICOD)
CVE-2018-13217 (The sell function of a smart contract implementation for CoinToken, an ...)
	NOT-FOR-US: smart contract implementation for CoinToken
CVE-2018-13216 (The sell function of a smart contract implementation for GreenMed (GRM ...)
	NOT-FOR-US: smart contract implementation for GreenMed (GRMD)
CVE-2018-13215 (The sell function of a smart contract implementation for Sample Token  ...)
	NOT-FOR-US: smart contract implementation for Sample Token (STK)
CVE-2018-13214 (The sell function of a smart contract implementation for GMile, an Eth ...)
	NOT-FOR-US: smart contract implementation for GMile
CVE-2018-13213 (The sell function of a smart contract implementation for TravelCoin (T ...)
	NOT-FOR-US: smart contract implementation for TravelCoin
CVE-2018-13212 (The sell function of a smart contract implementation for EthereumLegit ...)
	NOT-FOR-US: smart contract implementation for EthereumLegit
CVE-2018-13211 (The sell function of a smart contract implementation for MyToken, an E ...)
	NOT-FOR-US: smart contract implementation for MyToken
CVE-2018-13210 (The sell function of a smart contract implementation for Providence Cr ...)
	NOT-FOR-US: smart contract implementation for Providence Crypto Casion (PVE)
CVE-2018-13209 (The sell function of a smart contract implementation for Nectar (NCTR) ...)
	NOT-FOR-US: smart contract implementation for Nectar (NCTR)
CVE-2018-13208 (The sell function of a smart contract implementation for MoneyTree (TR ...)
	NOT-FOR-US: smart contract implementation for MoneyTree (TREE)
CVE-2018-13207 (The sell function of a smart contract implementation for PornCoin (PRN ...)
	NOT-FOR-US: smart contract implementation for PornCoin
CVE-2018-13206 (The sell function of a smart contract implementation for ProvidenceCas ...)
	NOT-FOR-US: smart contract implementation for ProvidenceCasino (PVE)
CVE-2018-13205 (The sell function of a smart contract implementation for ohni_2 (OHNI) ...)
	NOT-FOR-US: smart contract implementation for ohni_2 (OHNI)
CVE-2018-13204 (The sell function of a smart contract implementation for ETHERCASH (ET ...)
	NOT-FOR-US: smart contract implementation for ETHERCASH
CVE-2018-13203 (The sellBuyerTokens function of a smart contract implementation for Sw ...)
	NOT-FOR-US: smart contract implementation for SwapToken
CVE-2018-13202 (The sell function of a smart contract implementation for MyBO, an Ethe ...)
	NOT-FOR-US: smart contract implementation for MyBO
CVE-2018-13201 (The sell function of a smart contract implementation for TiTok - Ticke ...)
	NOT-FOR-US: smart contract implementation for TiTok - Ticket Token
CVE-2018-13200 (The sell function of a smart contract implementation for DateMe (DMX)  ...)
	NOT-FOR-US: smart contract implementation for DateMe (DMX)
CVE-2018-13199 (The sell function of a smart contract implementation for ETHEREUMBLACK ...)
	NOT-FOR-US: smart contract implementation for ETHEREUMBLACK
CVE-2018-13198 (The sell function of a smart contract implementation for STeX Exchange ...)
	NOT-FOR-US: smart contract implementation for STeX Exchange ICO (STE)
CVE-2018-13197 (The sell function of a smart contract implementation for Welfare Token ...)
	NOT-FOR-US: smart contract implementation for Welfare Token Fund (WTF)
CVE-2018-13196 (The sell function of a smart contract implementation for T-Swap-Token  ...)
	NOT-FOR-US: smart contract implementation for T-Swap-Token
CVE-2018-13195 (The mintToken function of a smart contract implementation for Cranoo ( ...)
	NOT-FOR-US: smart contract implementation for Cranoo
CVE-2018-13194 (The mintToken function of a smart contract implementation for TongTong ...)
	NOT-FOR-US: smart contract implementation for TongTong Coin
CVE-2018-13193 (The mintToken function of a smart contract implementation for hentaiso ...)
	NOT-FOR-US: smart contract implementation for hentaisolo
CVE-2018-13192 (The mintToken function of a smart contract implementation for Jobscoin ...)
	NOT-FOR-US: smart contract implementation for Jobscoin
CVE-2018-13191 (The mintToken function of a smart contract implementation for Super Ca ...)
	NOT-FOR-US: smart contract implementation for Super Carbon Coin
CVE-2018-13190 (The mintToken function of a smart contract implementation for DVChain, ...)
	NOT-FOR-US: smart contract implementation for DVChain
CVE-2018-13189 (The mint function of a smart contract implementation for Unolabo (UNLB ...)
	NOT-FOR-US: smart contract implementation for Unolabo
CVE-2018-13188 (The mintToken function of a smart contract implementation for MyBO, an ...)
	NOT-FOR-US: smart contract implementation for MyBO
CVE-2018-13187 (The mintToken function of a smart contract implementation for CIBN Liv ...)
	NOT-FOR-US: smart contract implementation for CIBN Live Token
CVE-2018-13186 (The mintToken function of a smart contract implementation for MMTCoin  ...)
	NOT-FOR-US: smart contract implementation for MMTCoin
CVE-2018-13185 (The mintToken function of a smart contract implementation for appcoins ...)
	NOT-FOR-US: smart contract implementation for appcoins
CVE-2018-13184 (The mintToken function of a smart contract implementation for TravelZe ...)
	NOT-FOR-US: smart contract implementation for TravelZedi Token
CVE-2018-13183 (The mintToken function of a smart contract implementation for JWC, an  ...)
	NOT-FOR-US: smart contract implementation for JWC
CVE-2018-13182 (The mintToken function of a smart contract implementation for loncoin  ...)
	NOT-FOR-US: smart contract implementation for loncoin
CVE-2018-13181 (The mintToken function of a smart contract implementation for Troo, an ...)
	NOT-FOR-US: smart contract implementation for Troo
CVE-2018-13180 (The mintToken function of a smart contract implementation for IMM Coin ...)
	NOT-FOR-US: smart contract implementation for IMM Coin
CVE-2018-13179 (The mintToken function of a smart contract implementation for Air-Cont ...)
	NOT-FOR-US: smart contract implementation for Air-Contact Token
CVE-2018-13178 (The mintToken function of a smart contract implementation for ECToints ...)
	NOT-FOR-US: smart contract implementation for ECToints
CVE-2018-13177 (The mintToken function of a smart contract implementation for MiningRi ...)
	NOT-FOR-US: smart contract implementation for MiningRigRentals Token
CVE-2018-13176 (The mintToken function of a smart contract implementation for Trust Ze ...)
	NOT-FOR-US: smart contract implementation for Trust Zen Token
CVE-2018-13175 (The mintToken function of a smart contract implementation for AIChain, ...)
	NOT-FOR-US: smart contract implementation for AIChain
CVE-2018-13174 (The mintToken function of a smart contract implementation for CryptoAB ...)
	NOT-FOR-US: smart contract implementation for CryptoABS
CVE-2018-13173 (The mintToken function of a smart contract implementation for EliteShi ...)
	NOT-FOR-US: smart contract implementation for EliteShipperToken
CVE-2018-13172 (The mintToken function of a smart contract implementation for bzxcoin  ...)
	NOT-FOR-US: smart contract implementation for bzxcoin
CVE-2018-13171 (The mintToken function of a smart contract implementation for LadaToke ...)
	NOT-FOR-US: smart contract implementation for LadaToken
CVE-2018-13170 (The mintToken function of a smart contract implementation for Snoqualm ...)
	NOT-FOR-US: smart contract implementation for Snoqualmie Coin
CVE-2018-13169 (The mintToken function of a smart contract implementation for Ethereum ...)
	NOT-FOR-US: smart contract implementation for Ethereum Cash Pro
CVE-2018-13168 (The mintToken function of a smart contract implementation for Yu Gi Oh ...)
	NOT-FOR-US: smart contract implementation for Yu Gi Oh
CVE-2018-13167 (The mintToken function of a smart contract implementation for Yu Gi Oh ...)
	NOT-FOR-US: smart contract implementation for Yu Gi Oh
CVE-2018-13166 (The mintToken function of a smart contract implementation for AthletiC ...)
	NOT-FOR-US: smart contract implementation for AthletiCoin
CVE-2018-13165 (The mintToken function of a smart contract implementation for JustDCoi ...)
	NOT-FOR-US: smart contract implementation for JustDCoin
CVE-2018-13164 (The mintToken function of a smart contract implementation for EPPCOIN  ...)
	NOT-FOR-US: smart contract implementation for EPPCOIN
CVE-2018-13163 (The mintToken function of a smart contract implementation for Ethernet ...)
	NOT-FOR-US: smart contract implementation for Ethernet Cash
CVE-2018-13162 (The mintToken function of a smart contract implementation for ALEX, an ...)
	NOT-FOR-US: smart contract implementation for ALEX
CVE-2018-13161 (The mintToken function of a smart contract implementation for MultiGam ...)
	NOT-FOR-US: smart contract implementation for MultiGames
CVE-2018-13160 (The mintToken function of a smart contract implementation for etktoken ...)
	NOT-FOR-US: smart contract implementation for etktokens
CVE-2018-13159 (The mintToken function of a smart contract implementation for bankcoin ...)
	NOT-FOR-US: smart contract implementation for bankcoin
CVE-2018-13158 (The mintToken function of a smart contract implementation for AssetTok ...)
	NOT-FOR-US: smart contract implementation for AssetToken
CVE-2018-13157 (The mintToken function of a smart contract implementation for Cryptoni ...)
	NOT-FOR-US: smart contract implementation for CryptonitexCoin
CVE-2018-13156 (The mintToken function of a smart contract implementation for bonusTok ...)
	NOT-FOR-US: smart contract implementation for bonusToken
CVE-2018-13155 (The mintToken function of a smart contract implementation for GEMCHAIN ...)
	NOT-FOR-US: smart contract implementation for GEMCHAIN
CVE-2018-13154
	RESERVED
CVE-2018-13153 (In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand f ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1195
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ab4849d667e26df0e63ece9d63ae23bc7ab0fa1
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6ce6d25b47caf9b6b2979a510b6202ce0f3dd2d4
CVE-2018-13152
	RESERVED
CVE-2018-13151
	RESERVED
CVE-2018-13150
	RESERVED
CVE-2018-13149
	RESERVED
CVE-2018-13148
	RESERVED
CVE-2018-13147
	RESERVED
CVE-2018-13146 (The mintToken, buy, and sell functions of a smart contract implementat ...)
	NOT-FOR-US: smart contract
CVE-2018-13145 (The mintToken function of a smart contract implementation for JavaSwap ...)
	NOT-FOR-US: smart contract
CVE-2018-13144 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract
CVE-2018-13143
	RESERVED
CVE-2018-13142
	RESERVED
CVE-2018-13141
	RESERVED
CVE-2018-13140 (Druide Antidote through 9.5.1 on Windows and Linux allows remote code  ...)
	NOT-FOR-US: Druide Antidote
CVE-2018-13139 (A stack-based buffer overflow in psf_memset in common.c in libsndfile  ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (unimportant)
	NOTE: https://github.com/erikd/libsndfile/issues/397
	NOTE: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
	NOTE: Missing channel number check in sndfile-deinterleave program, not a
	NOTE: security issue in the library.
CVE-2018-13138
	RESERVED
CVE-2018-13137 (The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_eve ...)
	NOT-FOR-US: Events Manager plugin for WordPress
CVE-2018-13136 (The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-13135
	RESERVED
CVE-2018-13134 (TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have X ...)
	NOT-FOR-US: TP-Link
CVE-2018-13133 (Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated w ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2015-9260 (An issue was discovered in BEdita before 3.7.0. A cross-site scripting ...)
	NOT-FOR-US: BEdita
CVE-2018-13132 (Spadeico is a smart contract running on Ethereum. The mint function ha ...)
	NOT-FOR-US: Spadeico
CVE-2018-13131 (SpadePreSale is a smart contract running on Ethereum. The mint functio ...)
	NOT-FOR-US: SpadePreSale
CVE-2018-13130 (Bitotal (TFUND) is a smart contract running on Ethereum. The mintToken ...)
	NOT-FOR-US: Bitotal (TFUND)
CVE-2018-13129 (SP8DE Token (SPX) is a smart contract running on Ethereum. The mint fu ...)
	NOT-FOR-US: SP8DE Token (SPX)
CVE-2018-13128 (Etherty Token (ETY) is a smart contract running on Ethereum. The mint  ...)
	NOT-FOR-US: Etherty Token (ETY)
CVE-2018-13127 (SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. Th ...)
	NOT-FOR-US: SP8DE PreSale Token (DSPX)
CVE-2018-13126 (MoxyOnePresale is a smart contract running on Ethereum. The mint funct ...)
	NOT-FOR-US: MoxyOnePresale
CVE-2018-13125
	RESERVED
CVE-2018-13124
	RESERVED
CVE-2018-13123 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-13122 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-13121 (RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a ...)
	NOT-FOR-US: RealOne Player
CVE-2018-13120
	RESERVED
CVE-2018-13119
	RESERVED
CVE-2018-13118
	RESERVED
CVE-2018-13117
	RESERVED
CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the tablename para ...)
	NOT-FOR-US: zzcms
CVE-2018-13115 (Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YP ...)
	NOT-FOR-US: KERUI Wifi Endoscope Camera
CVE-2018-13114 (Missing authentication and improper input validation in KERUI Wifi End ...)
	NOT-FOR-US: KERUI Wifi Endoscope Camera
CVE-2018-13113 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token
CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attac ...)
	- tcpreplay 4.3.1-1 (low; bug #902952)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/477
	NOTE: https://github.com/appneta/tcpreplay/issues/408
	NOTE: https://github.com/appneta/tcpreplay/commit/0253c4707446b9500804101122a72dde2763ed8f
CVE-2018-13111 (There exists a partial Denial of Service vulnerability in Wanscam HW00 ...)
	NOT-FOR-US: Wanscam
CVE-2018-13110 (All ADB broadband gateways / routers based on the Epicentro platform a ...)
	NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13109 (All ADB broadband gateways / routers based on the Epicentro platform a ...)
	NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13108 (All ADB broadband gateways / routers based on the Epicentro platform a ...)
	NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13107
	RESERVED
CVE-2018-13106 (ClipperCMS 1.3.3 has stored XSS via the "Tools -&gt; Configuration" sc ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-13105
	RESERVED
CVE-2018-13104 (OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 ( ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2018-13103 (OX App Suite 7.8.4 and earlier allows SSRF. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2018-13102 (AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preload ...)
	NOT-FOR-US: AnyDesk
CVE-2018-13101 (KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from  ...)
	NOT-FOR-US: RedSwimmer KioskSimple
CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
	{DLA-1715-1}
	- linux 4.18.10-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel throug ...)
	{DSA-4308-1 DLA-1531-1}
	- linux 4.18.10-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a
	NOTE: https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
CVE-2018-13098 (An issue was discovered in fs/f2fs/inode.c in the Linux kernel through ...)
	- linux 4.18.10-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200173
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad
CVE-2018-13097 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200171
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15
CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
CVE-2018-13095 (An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux  ...)
	- linux 4.18.6-1
	[jessie] - linux <ignored> (Too risky to backport)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199915
	NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3
CVE-2018-13094 (An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux  ...)
	{DLA-2114-1 DLA-1529-1}
	- linux 4.17.14-1
	[stretch] - linux 4.9.210-1
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199969
	NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a
CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel thr ...)
	{DLA-2114-1 DLA-1529-1}
	- linux 4.17.14-1
	[stretch] - linux 4.9.210-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199367
	NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff
CVE-2018-13092 (The mintToken function of a smart contract implementation for Reimburs ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13091 (The mintToken function of a smart contract implementation for sumocoin ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13090 (The mintToken function of a smart contract implementation for YiTongCo ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13089 (The mintToken function of a smart contract implementation for Universa ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13088 (The mintToken function of a smart contract implementation for Futures  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13087 (The mintToken function of a smart contract implementation for Coinstar ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13086 (The mintToken function of a smart contract implementation for IADOWR C ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13085 (The mintToken function of a smart contract implementation for FreeCoin ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13084 (The mintToken function of a smart contract implementation for Good Tim ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13083 (The mintToken function of a smart contract implementation for Plaza To ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13082 (The mintToken function of a smart contract implementation for MODI Tok ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13081 (The mintToken function of a smart contract implementation for GZS Toke ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13080 (The mintToken function of a smart contract implementation for Goutex ( ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13079 (The mintToken function of a smart contract implementation for GoodTo ( ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13078 (The mintToken function of a smart contract implementation for Jitech ( ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13077 (The mintToken function of a smart contract implementation for CTB, an  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13076 (The mintToken function of a smart contract implementation for Betcash  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13075 (The mintToken function of a smart contract implementation for Carbon E ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13074 (The mintToken function of a smart contract implementation for FIBToken ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13073 (The mintToken function of a smart contract implementation for ETHEREUM ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13072 (The mintToken function of a smart contract implementation for Coffeeco ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13071 (The mintToken function of a smart contract implementation for CCindex1 ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13070 (The mintToken function of a smart contract implementation for Encrypte ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13069 (The mintToken function of a smart contract implementation for DYchain  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13068 (The mintToken function of a smart contract implementation for AzurionT ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13067 (/upload/catalog/controller/account/password.php in OpenCart through 3. ...)
	NOT-FOR-US: OpenCart
CVE-2018-13066 (There is a memory leak in util/parser.c in libming 0.4.8, which will l ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/146
CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of a ...)
	NOT-FOR-US: Bogus claim for ModSecurity, to be revoked
CVE-2018-13064
	RESERVED
CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue allowing ret ...)
	NOT-FOR-US: Easy!Appointments
CVE-2018-13062
	RESERVED
CVE-2018-13061
	RESERVED
CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...)
	NOT-FOR-US: Easy!Appointments
CVE-2018-13059
	RESERVED
CVE-2018-13058
	RESERVED
CVE-2018-13057
	RESERVED
CVE-2018-13056 (An issue was discovered on zzcms 8.3. There is a vulnerability at /use ...)
	NOT-FOR-US: zzcms
CVE-2018-13055 (A cross-site scripting (XSS) vulnerability in the View Filters page (v ...)
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a
	NOTE: https://mantisbt.org/blog/archives/mantisbt/602
	NOTE: https://mantisbt.org/bugs/view.php?id=24580
CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Lin ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privileg ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-13051
	RESERVED
CVE-2018-13050 (A SQL Injection vulnerability exists in Zoho ManageEngine Applications ...)
	NOT-FOR-US: Zoho
CVE-2018-13048
	RESERVED
CVE-2018-13047
	RESERVED
CVE-2018-13046
	RESERVED
CVE-2018-13045 (SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheq ...)
	NOT-FOR-US: Yeswiki
CVE-2018-13054 (An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon- ...)
	{DLA-1420-1}
	- cinnamon 3.8.8-1 (bug #903201)
	[stretch] - cinnamon <no-dsa> (Minor issue)
	NOTE: https://github.com/linuxmint/Cinnamon/pull/7683
	NOTE: https://github.com/linuxmint/Cinnamon/commit/66e54f43f179fdf041a3e5232178a9910963cfb5 (3.8.7)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1083067
CVE-2018-13049 (The constructSQL function in inc/search.class.php in GLPI 9.2.x throug ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/issues/4270
	NOTE: https://github.com/trasher/glpi/commit/5c58d4c57be7b1e0c1de925b97f22d4468291d41
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-13044
	RESERVED
CVE-2018-13042 (The 1Password application 6.8 for Android is affected by a Denial Of S ...)
	NOT-FOR-US: 1Password
CVE-2018-13041 (The mint function of a smart contract implementation for Link Platform ...)
	NOT-FOR-US: Link Platform
CVE-2018-13040 (OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can a ...)
	NOT-FOR-US: OpenSID
CVE-2018-13039 (OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the c ...)
	NOT-FOR-US: OpenSID
CVE-2018-13038 (OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via  ...)
	NOT-FOR-US: OpenSID
CVE-2018-13037 (An issue was discovered in jpeg-compressor 0.1. The bmp_load function  ...)
	NOT-FOR-US: jpeg-compressor
CVE-2018-13036
	RESERVED
CVE-2018-13035
	RESERVED
CVE-2018-13034 (Directory traversal in Jester web framework 0.2.0 allows remote attack ...)
	NOT-FOR-US: Jester web framework
CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.30.90.20180627-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23361
	NOTE: binutils not covered by security support
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser a ...)
	NOT-FOR-US: ECESSA ShieldLink
CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an admi ...)
	NOT-FOR-US: DamiCMS
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman func ...)
	NOT-FOR-US: jpeg-compressor
CVE-2018-13029
	RESERVED
CVE-2018-13028
	RESERVED
CVE-2018-13027
	RESERVED
CVE-2018-13026 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4.7 all ...)
	NOT-FOR-US: YXcms
CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
	NOT-FOR-US: Metinfo
CVE-2018-13023 (System command injection vulnerability in wifi_access in Xiaomi Mi Rou ...)
	NOT-FOR-US: Xiaomi Mi Router
CVE-2018-13022 (Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Ro ...)
	NOT-FOR-US: Xiaomi Mi Router
CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script ...)
	NOT-FOR-US: HongCMS
CVE-2018-13020
	RESERVED
CVE-2018-13019
	RESERVED
CVE-2018-13018
	RESERVED
CVE-2018-13017
	RESERVED
CVE-2018-13016
	RESERVED
CVE-2018-13015
	RESERVED
CVE-2018-13014 (Storing password in recoverable format in safensec.com (SysWatch servi ...)
	NOT-FOR-US: SysWatch
CVE-2018-13013 (Improper check of unusual conditions when launching msiexec.exe in saf ...)
	NOT-FOR-US: SysWatch
CVE-2018-13012 (Download of code with improper integrity check in snsupd.exe and upd.e ...)
	NOT-FOR-US: SysWatch
CVE-2018-13011 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13010 (WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&amp;c=Users&a ...)
	NOT-FOR-US: WSTMall
CVE-2018-13009 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13008 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...)
	{DLA-1432-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #902782)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...)
	{DLA-1432-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #902782)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/issues/1088
	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13004
	RESERVED
CVE-2018-13003 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ' ...)
	NOT-FOR-US: OpenTSDB
CVE-2018-13002 (An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core ...)
	NOT-FOR-US: Weblication CMS
CVE-2018-13001 (An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerabil ...)
	NOT-FOR-US: Sandoba CP:Shop
CVE-2018-13000 (An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2018-12999 (Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine  ...)
	NOT-FOR-US: Zoho
CVE-2018-12998 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEng ...)
	NOT-FOR-US: Zoho
CVE-2018-12997 (Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho
CVE-2018-12996 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEng ...)
	NOT-FOR-US: Zoho
CVE-2018-12995 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-12994 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-12993 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-12992 (An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in ...)
	NOT-FOR-US: CMS MaeloStore
CVE-2018-12991
	RESERVED
CVE-2018-12990 (phpwcms 1.8.9 allows remote attackers to discover the installation pat ...)
	NOT-FOR-US: phpwcms
CVE-2018-12989 (The report-viewing feature in Pearson VUE Certiport Console 8 and IQSy ...)
	NOT-FOR-US: Pearson VUE Certiport Console 8 and IQSystem 7
CVE-2018-12988 (GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an  ...)
	NOT-FOR-US: GreenCMS
CVE-2018-12987
	RESERVED
CVE-2018-12986
	RESERVED
CVE-2018-12985
	RESERVED
CVE-2018-12984 (Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credential ...)
	NOT-FOR-US: Hycus CMS
CVE-2018-12983 (A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryp ...)
	- libpodofo <unfixed> (low; bug #916580)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595693
	NOTE: https://sourceforge.net/p/podofo/tickets/23
CVE-2018-12982 (Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function  ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916581)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595689
	NOTE: https://sourceforge.net/p/podofo/tickets/22
	NOTE: https://sourceforge.net/p/podofo/code/1948
CVE-2018-12981 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 de ...)
	NOT-FOR-US: WAGO e!DISPLAY devices
CVE-2018-12980 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 de ...)
	NOT-FOR-US: WAGO e!DISPLAY devices
CVE-2018-12979 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 de ...)
	NOT-FOR-US: WAGO e!DISPLAY devices
CVE-2018-12978
	RESERVED
CVE-2018-12977 (A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite  ...)
	NOT-FOR-US: SoftExpert (SE) Excellence Suite
CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use spe ...)
	NOT-FOR-US: Go Doc Dot Org
CVE-2018-12975 (The random() function of the smart contract implementation for CryptoS ...)
	NOT-FOR-US: CryptoSaga
CVE-2018-12974
	RESERVED
CVE-2018-12973 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ' ...)
	NOT-FOR-US: OpenTSDB
CVE-2018-12972 (An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q U ...)
	NOT-FOR-US: OpenTSDB
CVE-2018-12971 (EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to del ...)
	NOT-FOR-US: EasyCMS
CVE-2018-12970
	RESERVED
CVE-2018-12969
	RESERVED
CVE-2018-12968
	RESERVED
CVE-2018-12967
	RESERVED
CVE-2018-12966
	RESERVED
CVE-2018-12965
	RESERVED
CVE-2018-12964
	RESERVED
CVE-2018-12963
	RESERVED
CVE-2018-12962
	RESERVED
CVE-2018-12961
	RESERVED
CVE-2018-12960
	RESERVED
CVE-2018-12959 (The approveAndCall function of a smart contract implementation for Adi ...)
	NOT-FOR-US: smart contract implementation for Aditus (ADI)
CVE-2018-12958
	RESERVED
CVE-2018-12957
	RESERVED
CVE-2018-12956
	RESERVED
CVE-2018-12955
	RESERVED
CVE-2018-12954
	RESERVED
CVE-2018-12953
	RESERVED
CVE-2018-12952
	RESERVED
CVE-2018-12951
	RESERVED
CVE-2018-12950
	RESERVED
CVE-2018-12949
	RESERVED
CVE-2018-12948
	RESERVED
CVE-2018-12947
	RESERVED
CVE-2018-12946
	RESERVED
CVE-2018-12945
	RESERVED
CVE-2018-12944 (Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12943 (Cross-Site Scripting (XSS) vulnerability in every page that includes t ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12942 (SQL injection vulnerability in the "Users management" functionality in ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12941 (This vulnerability allows remote attackers to execute arbitrary code i ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12940 (Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in  ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12939 (A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) bef ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12937
	RESERVED
CVE-2018-12938
	REJECTED
CVE-2018-12936
	RESERVED
CVE-2018-12935
	RESERVED
CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU  ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23059
	NOTE: binutils not covered by security support
CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
	- wine 4.0~rc1-1 (low)
	[stretch] - wine <ignored> (Minor issue)
	[jessie] - wine <postponed> (Minor issue)
	- wine-development 3.8-1 (low)
	[stretch] - wine-development <ignored> (Minor issue)
	[jessie] - wine-development <no-dsa> (Minor issue)
	NOTE: https://bugs.winehq.org/show_bug.cgi?id=45106
	NOTE: https://bugs.winehq.org/attachment.cgi?id=61285
	NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
	NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
	- wine 4.0~rc1-1 (low)
	[stretch] - wine <ignored> (Minor issue)
	[jessie] - wine <postponed> (Minor issue)
	- wine-development 3.8-1 (low)
	[stretch] - wine-development <ignored> (Minor issue)
	[jessie] - wine-development <no-dsa> (Minor issue)
	NOTE: https://bugs.winehq.org/show_bug.cgi?id=45105
	NOTE: https://bugs.winehq.org/attachment.cgi?id=61284
	NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
	NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4. ...)
	- linux 4.19.37-1
	[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Lin ...)
	- linux 4.19.37-1
	[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux k ...)
	- linux 4.19.37-1
	[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered  ...)
	- linux <unfixed> (low)
	[buster] - linux <ignored> (Minor issue)
	[stretch] - linux <ignored> (Minor issue)
	- linux-4.9 <removed>
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384
	NOTE: https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2
CVE-2018-12927 (Northern Electric &amp; Power (NEP) inverter devices allow remote atta ...)
	NOT-FOR-US: Northern Electric
CVE-2018-12926 (Pharos Controls devices allow remote attackers to obtain potentially s ...)
	NOT-FOR-US: Pharos Controls
CVE-2018-12925 (Baseon Lantronix MSS devices do not require a password for TELNET acce ...)
	NOT-FOR-US: Baseon Lantronix
CVE-2018-12924 (Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices hav ...)
	NOT-FOR-US: Sollae
CVE-2018-12923 (BWS Systems HA-Bridge devices allow remote attackers to obtain potenti ...)
	NOT-FOR-US: BWS Systems
CVE-2018-12922 (Emerson Liebert IntelliSlot Web Card devices allow remote attackers to ...)
	NOT-FOR-US: Emerson Liebert
CVE-2018-12921 (Electro Industries GaugeTech Nexus devices allow remote attackers to o ...)
	NOT-FOR-US: Electro Industries GaugeTech
CVE-2018-12920 (Brickstream 2300 devices allow remote attackers to obtain potentially  ...)
	NOT-FOR-US: Brickstream
CVE-2018-12919 (In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allow ...)
	NOT-FOR-US: CraftedWeb
CVE-2018-12918 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault i ...)
	NOT-FOR-US: PBC
CVE-2018-12917 (In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer ov ...)
	NOT-FOR-US: PBC
CVE-2018-12916 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault i ...)
	NOT-FOR-US: PBC
CVE-2018-12915 (In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in  ...)
	NOT-FOR-US: PBC
CVE-2018-12914 (A remote code execution issue was discovered in PublicCMS V4.0.2018021 ...)
	NOT-FOR-US: PublicCMS
CVE-2018-12913 (In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop ...)
	NOT-FOR-US: Miniz
CVE-2018-12912 (An issue wan discovered in admin\controllers\database.php in HongCMS 3 ...)
	NOT-FOR-US: HongCMS
CVE-2018-12911 (WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bou ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: https://trac.webkit.org/changeset/233404/webkit
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-12910 (The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows ...)
	{DSA-4241-1 DLA-1416-1}
	- libsoup2.4 2.62.2-2
	NOTE: https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
CVE-2018-12909 (** DISPUTED ** Webgrind 1.5 relies on user input to display a file, wh ...)
	NOT-FOR-US: Webgrind
CVE-2018-12908 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
	NOT-FOR-US: Brynamics
CVE-2018-12907 (In Rclone 1.42, use of "rclone sync" to migrate data between two Googl ...)
	NOT-FOR-US: Rclone
CVE-2018-12906
	RESERVED
CVE-2018-12905 (joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/inde ...)
	NOT-FOR-US: joyplus-cms
CVE-2017-18342 (In PyYAML before 5.1, the yaml.load() API could execute arbitrary code ...)
	- pyyaml 5.1.2-1 (unimportant; bug #902878)
	NOTE: This is a well-known design deficiency in pyyaml, various CVE IDs have been assigned
	NOTE: to applications misusing the API over the years. The CVE ID was assigned to raise
	NOTE: awareness (and 5.1 now fixes the default behaviour as well)
	NOTE: https://github.com/yaml/pyyaml/pull/74
CVE-2018-12904 (In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested v ...)
	- linux 4.16.16-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
	NOTE: https://git.kernel.org/linus/727ba748e110b4de50d142edca9d6a9b7e6111d8
CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.60 ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search bar of ...)
	NOT-FOR-US: Easy Magazine
CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, versio ...)
	NOT-FOR-US: Mitel
CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
	{DSA-4670-1 DLA-2009-1}
	- tiff 4.0.10-4 (bug #902718)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/60
	NOTE: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01
CVE-2018-12899
	RESERVED
CVE-2018-12898
	RESERVED
CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overf ...)
	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
	NOTE: https://github.com/lcytxw/bug_repro/tree/master/bug_200189
	NOTE: https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary code  ...)
	{DSA-4250-1 DLA-1452-1}
	- wordpress 4.9.7+dfsg1-1 (bug #902876)
	NOTE: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
	NOTE: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
CVE-2018-12894
	RESERVED
CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the fixes in XSA ...)
	{DSA-4236-1 DLA-1577-1}
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
	NOTE: https://xenbits.xen.org/xsa/advisory-265.html
CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass ...)
	{DSA-4236-1}
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
	[jessie] - xen <not-affected> (Issue introduced in 4.7)
	NOTE: https://xenbits.xen.org/xsa/advisory-266.html
CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU operatio ...)
	{DSA-4236-1 DLA-1577-1}
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
	NOTE: https://xenbits.xen.org/xsa/advisory-264.html
CVE-2018-12890
	RESERVED
CVE-2018-12889 (An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffe ...)
	NOT-FOR-US: CCN-lite
CVE-2018-12888
	RESERVED
CVE-2018-12887
	RESERVED
CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...)
	- gcc-snapshot <unfixed>
	- gcc-8 <unfixed>
	[buster] - gcc-8 <ignored> (Too intrusive to backport)
	- gcc-7 <unfixed>
	[buster] - gcc-7 <ignored> (Too intrusive to backport)
	- gcc-6 <removed>
	[stretch] - gcc-6 <ignored> (Too intrusive to backport)
	- gcc-4.9 <removed>
	[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
	- gcc-4.8 <removed>
	[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
	NOTE: https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
CVE-2018-12885 (The randMod() function of the smart contract implementation for MyCryp ...)
	NOT-FOR-US: MyCryptoChamp
CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in V ...)
	- u-boot <unfixed> (unimportant)
	NOTE: No security impact as supported/packaged in Debian
CVE-2018-13043 (scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows cod ...)
	- devscripts 2.18.4 (low; bug #902409)
	[stretch] - devscripts <not-affected> (Vulnerable code introduced in 2.17.7)
	[jessie] - devscripts <not-affected> (Vulnerable code introduced in 2.17.7)
CVE-2018-1000610 (A exposure of sensitive information vulnerability exists in Jenkins Co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000609 (A exposure of sensitive information vulnerability exists in Jenkins Co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000608 (A exposure of sensitive information vulnerability exists in Jenkins z/ ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000607 (A arbitrary file write vulnerability exists in Jenkins Fortify CloudSc ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000606 (A server-side request forgery vulnerability exists in Jenkins URLTrigg ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000605 (A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000604 (A persisted cross-site scripting vulnerability exists in Jenkins Badge ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000603 (A exposure of sensitive information vulnerability exists in Jenkins Op ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000602 (A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000601 (A arbitrary file read vulnerability exists in Jenkins SSH Credentials  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000600 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-12883
	RESERVED
CVE-2018-12882 (exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allo ...)
	- php7.2 7.2.8-1
	- php7.1 <not-affected> (Specific to 7.2.x)
	- php7.0 <not-affected> (Specific to 7.2.x)
	- php5 <not-affected> (Specific to 7.2.x)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76409
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5
CVE-2018-12881 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12880 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12879 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12878 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12877 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12876 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12875 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12874 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12873 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12872 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12871 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12870 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12869 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12868 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12867 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12866 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12865 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12864 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12863 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12862 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12861 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12860 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12859 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12858 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12857 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12856 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12855 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12854
	REJECTED
CVE-2018-12853 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12852 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12851 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12850 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12849 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12848 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12847 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12846 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12845 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12844 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12843 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12842 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12841 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12840 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12839 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12838 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12837 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12836 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12835 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12834 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12833 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12832 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12831 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12830 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-12829 (Adobe Creative Cloud Desktop Application before 4.6.1 has an improper  ...)
	NOT-FOR-US: Adobe
CVE-2018-12828 (Adobe Flash Player 30.0.0.134 and earlier have a "use of a component w ...)
	NOT-FOR-US: Adobe
CVE-2018-12827 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read v ...)
	NOT-FOR-US: Adobe
CVE-2018-12826 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read v ...)
	NOT-FOR-US: Adobe
CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulne ...)
	NOT-FOR-US: Adobe
CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read v ...)
	NOT-FOR-US: Adobe
CVE-2018-12823 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow v ...)
	NOT-FOR-US: Adobe
CVE-2018-12822 (Adobe Digital Editions versions 4.5.8 and below have an use after free ...)
	NOT-FOR-US: Adobe
CVE-2018-12821 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12820 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12819 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12818 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12817 (Adobe Digital Editions versions 4.5.9 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12816 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12814 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow v ...)
	NOT-FOR-US: Adobe
CVE-2018-12813 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow v ...)
	NOT-FOR-US: Adobe
CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18. ...)
	NOT-FOR-US: Adobe
CVE-2018-12810 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18. ...)
	NOT-FOR-US: Adobe
CVE-2018-12809 (Adobe Experience Manager versions 6.4 and earlier have a Server-Side R ...)
	NOT-FOR-US: Adobe
CVE-2018-12808 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12807 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an  ...)
	NOT-FOR-US: Adobe
CVE-2018-12806 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-12805 (Adobe Connect versions 9.7.5 and earlier have an Insecure Library Load ...)
	NOT-FOR-US: Adobe
CVE-2018-12804 (Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass ...)
	NOT-FOR-US: Adobe
CVE-2018-12803 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12802 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12801 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12800
	REJECTED
CVE-2018-12799 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12798 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12797 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12796 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12795 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12794 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12793 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12792 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12791 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12790 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12789 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12788 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12787 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12786 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12785 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12784 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12783 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12782 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12781 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12780 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12779 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12778 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12777 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12776 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12775 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12774 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12773 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12772 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12771 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12770 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12769 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12768 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12767 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12766 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12765 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12764 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12763 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12762 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12761 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12760 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12759 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12758 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12757 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12756 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12755 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12754 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12753
	RESERVED
CVE-2018-12752
	RESERVED
CVE-2018-12751
	RESERVED
CVE-2018-12750
	RESERVED
CVE-2018-12749
	RESERVED
CVE-2018-12748
	RESERVED
CVE-2018-12747
	RESERVED
CVE-2018-12746
	RESERVED
CVE-2018-12745
	RESERVED
CVE-2018-12744
	RESERVED
CVE-2018-12743
	RESERVED
CVE-2018-12742
	RESERVED
CVE-2018-12741
	RESERVED
CVE-2018-12740
	RESERVED
CVE-2018-12739 (In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a  ...)
	NOT-FOR-US: BEESCMS
CVE-2018-12738
	RESERVED
CVE-2018-12737
	RESERVED
CVE-2018-12736
	RESERVED
CVE-2018-12735 (SAJ Solar Inverter allows remote attackers to obtain potentially sensi ...)
	NOT-FOR-US: SAJ Solar Inverter
CVE-2018-12734
	RESERVED
CVE-2018-12733
	RESERVED
CVE-2016-10725 (In Bitcoin Core before v0.13.0, a non-final alert is able to block the ...)
	- bitcoin 0.13.0-0.1
CVE-2018-12732
	RESERVED
CVE-2018-12731
	RESERVED
CVE-2018-12730
	RESERVED
CVE-2018-12729
	RESERVED
CVE-2018-12728
	RESERVED
CVE-2018-12727
	RESERVED
CVE-2018-12726
	RESERVED
CVE-2018-12725
	RESERVED
CVE-2018-12724
	RESERVED
CVE-2018-12723
	RESERVED
CVE-2018-12722
	RESERVED
CVE-2018-12721
	RESERVED
CVE-2018-12720
	RESERVED
CVE-2018-12719
	RESERVED
CVE-2018-12718
	RESERVED
CVE-2018-12717
	RESERVED
CVE-2018-12716 (The API service on Google Home and Chromecast devices before mid-July  ...)
	NOT-FOR-US: Google services
CVE-2018-12715 (DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid ...)
	NOT-FOR-US: DIGISOL DG-HR3400 devices
CVE-2018-12714 (An issue was discovered in the Linux kernel through 4.17.2. The filter ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1
CVE-2018-12713 (GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary f ...)
	- gimp <unfixed> (unimportant)
	NOTE: https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f
	NOTE: https://gitlab.gnome.org/GNOME/gimp/issues/1689
	NOTE: No security impact
CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. T ...)
	NOT-FOR-US: Joomla!
CVE-2018-12711 (An XSS issue was discovered in the language switcher module in Joomla! ...)
	NOT-FOR-US: Joomla!
CVE-2018-12710 (An issue was discovered on D-Link DIR-601 2.02NA devices. Being local  ...)
	NOT-FOR-US: D-Link DIR-601 2.02NA devices
CVE-2016-10724 (Bitcoin Core before v0.13.0 allows denial of service (memory exhaustio ...)
	- bitcoin 0.13.0-0.1
CVE-2018-12709
	RESERVED
CVE-2018-12708
	RESERVED
CVE-2018-12707
	RESERVED
CVE-2018-12706 (DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authoriz ...)
	NOT-FOR-US: DIGISOL
CVE-2018-12705 (DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated onl ...)
	NOT-FOR-US: DIGISOL
CVE-2018-12704
	RESERVED
CVE-2018-12703 (The approveAndCallcode function of a smart contract implementation for ...)
	NOT-FOR-US: Block 18
CVE-2018-12702 (The approveAndCallcode function of a smart contract implementation for ...)
	NOT-FOR-US: Globalvillage ecosystem
CVE-2018-12701
	RESERVED
CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause  ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in G ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...)
	NOT-FOR-US: mao10cms
CVE-2018-12695 (mao10cms 6 allows XSS via the m=bbs&amp;a=index page. ...)
	NOT-FOR-US: mao10cms
CVE-2018-12694 (TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows ...)
	NOT-FOR-US: TP-Link
CVE-2018-12693 (Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender ...)
	NOT-FOR-US: TP-Link
CVE-2018-12692 (TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows ...)
	NOT-FOR-US: TP-Link
CVE-2018-12691 (Time-of-check to time-of-use (TOCTOU) race condition in org.onosprojec ...)
	NOT-FOR-US: ONOS
CVE-2018-12690
	RESERVED
CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id param ...)
	- phpldapadmin <unfixed> (unimportant; bug #902186)
	NOTE: https://www.exploit-db.com/exploits/44926/
	NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186
	NOTE: and disputed as security issue. Should be properly rejected by MITRE.
CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...)
	NOT-FOR-US: tinyexr
CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...)
	NOT-FOR-US: tinyexr
CVE-2018-12686
	RESERVED
CVE-2018-12685
	RESERVED
CVE-2018-12684 (Out-of-bounds Read in the send_ssi_file function in civetweb.c in Cive ...)
	NOT-FOR-US: CivetWeb
CVE-2018-12683
	RESERVED
CVE-2018-12682
	RESERVED
CVE-2018-12681
	RESERVED
CVE-2018-12680 (The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and  ...)
	NOT-FOR-US: CoAPthon
CVE-2018-12679 (The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandl ...)
	NOT-FOR-US: CoAPthon
CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to the webso ...)
	NOT-FOR-US: Portainer
CVE-2018-12677
	RESERVED
CVE-2018-12676
	RESERVED
CVE-2018-12675 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4 ...)
	NOT-FOR-US: SV3C
CVE-2018-12674 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4 ...)
	NOT-FOR-US: SV3C
CVE-2018-12673 (An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4. ...)
	NOT-FOR-US: SV3C
CVE-2018-12672 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not  ...)
	NOT-FOR-US: SV3C
CVE-2018-12671 (An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4. ...)
	NOT-FOR-US: SV3C
CVE-2018-12670 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103 ...)
	NOT-FOR-US: SV3C
CVE-2018-12669 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103 ...)
	NOT-FOR-US: SV3C
CVE-2018-12668 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103 ...)
	NOT-FOR-US: SV3C
CVE-2018-12667 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4 ...)
	NOT-FOR-US: SV3C
CVE-2018-12666 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices imprope ...)
	NOT-FOR-US: SV3C
CVE-2018-12665
	RESERVED
CVE-2018-12664
	RESERVED
CVE-2018-12663
	RESERVED
CVE-2018-12662
	RESERVED
CVE-2018-12661
	RESERVED
CVE-2018-12660
	RESERVED
CVE-2018-12659 (SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protec ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12658 (Reflected Cross-Site Scripting (XSS) exists in the Stock Take module i ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12657 (Reflected Cross-Site Scripting (XSS) exists in the Master File module  ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12656 (Reflected Cross-Site Scripting (XSS) exists in the Membership module i ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation module  ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the Bibliography module ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenal ...)
	NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12651 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Adrenalin HRMS
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting ...)
	NOT-FOR-US: Adrenalin HRMS
CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in MISP  ...)
	NOT-FOR-US: MISP
CVE-2018-12648 (The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Suppo ...)
	[experimental] - exempi 2.5.0-1
	- exempi 2.5.0-2 (low; bug #902175)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106981
	NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
	NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/commit/8ed2f034705fd2d032c81383eee8208fd4eee0ac
CVE-2018-12647
	RESERVED
CVE-2018-12646
	RESERVED
CVE-2018-12645
	RESERVED
CVE-2018-12644
	RESERVED
CVE-2018-12643
	RESERVED
CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not  ...)
	NOT-FOR-US: Floxlor
CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as  ...)
	NOTE: harmless crashes exposed by binutils, but underlying issue is in libiberty from GCC
	NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222 devices h ...)
	NOT-FOR-US: Insteon
CVE-2018-12639
	RESERVED
CVE-2018-12638 (An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. The ...)
	NOT-FOR-US: Bose
CVE-2018-1000559 (qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970b ...)
	- qutebrowser 1.3.3-1
	NOTE: https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
	NOTE: https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f
	NOTE: https://github.com/qutebrowser/qutebrowser/issues/4011
CVE-2018-1000558 (OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2 ...)
	- ocsinventory-server 2.4.1+dfsg-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-1000557 (OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross ...)
	- ocsinventory-server 2.4.1+dfsg-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-1000556 (WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerab ...)
	NOT-FOR-US: WP Statistics plugin
	NOTE: The CVE description is misleading, this is about a plugin, not Wordpress itself
CVE-2018-1000555
	REJECTED
CVE-2018-1000554 (Trovebox version &lt;= 4.0.0-rc6 contains a Unsafe password reset toke ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000553 (Trovebox version &lt;= 4.0.0-rc6 contains a Server-Side request forger ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000552 (Trovebox version &lt;= 4.0.0-rc6 contains a SQL Injection vulnerabilit ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000551 (Trovebox version &lt;= 4.0.0-rc6 contains a PHP Type juggling vulnerab ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a D ...)
	{DSA-4285-1 DLA-1441-1}
	- sympa 6.2.32~dfsg-1
	NOTE: https://sympa-community.github.io/security/2018-001.html
CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration vulnerabi ...)
	NOT-FOR-US: Wekan
CVE-2018-1000548 (Umlet version &lt; 14.3 contains a XML External Entity (XXE) vulnerabi ...)
	NOT-FOR-US: Umlet
CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control vu ...)
	NOT-FOR-US: CoreBOS
CVE-2018-1000546 (Triplea version &lt;= 1.9.0.0.10291 contains a XML External Entity (XX ...)
	- triplea <unfixed> (unimportant; bug #902719)
	NOTE: https://0dd.zone/2018/05/31/TripleA-XXE/
	NOTE: https://github.com/triplea-game/triplea/issues/3442
	NOTE: https://github.com/triplea-game/triplea/pull/4516
	NOTE: Per https://github.com/triplea-game/triplea/issues/3442#issuecomment-451654646 no security impact
CVE-2018-1000545
	REJECTED
CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...)
	{DLA-1467-1}
	- ruby-zip 1.2.2-1 (bug #902720)
	NOTE: https://github.com/rubyzip/rubyzip/issues/369
	NOTE: Part of fixes:
	NOTE: https://github.com/rubyzip/rubyzip/commit/6e0d23178a39f1b9ee0debc4fffb6d90994c6955
	NOTE: https://github.com/rubyzip/rubyzip/commit/8e78311d670ba70476fb46062c988849a82d1e02
	NOTE: And further followup fixes:
	NOTE: https://github.com/rubyzip/rubyzip/pull/376
CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to th ...)
	NOT-FOR-US: Akiee
CVE-2018-1000542 (netbeans-mmd-plugin version &lt;= 1.4.3 contains a XML External Entity ...)
	NOT-FOR-US: netbeans-mmd-plugin
CVE-2018-1000541
	REJECTED
CVE-2018-1000540 (LoboEvolution version &lt; 9b75694cedfa4825d4a2330abf2719d470c654cd co ...)
	NOT-FOR-US: LoboEvolution
CVE-2018-1000539 (Nov json-jwt version &gt;= 0.5.0 &amp;&amp; &lt; 1.9.4 contains a CWE- ...)
	{DSA-4283-1}
	- ruby-json-jwt 1.9.4-1 (bug #902721)
	NOTE: https://github.com/nov/json-jwt/pull/62
	NOTE: https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638
CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-3 ...)
	NOT-FOR-US: Minion
CVE-2018-1000537 (Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Ove ...)
	NOT-FOR-US: Marlin
CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability evolving  ...)
	NOT-FOR-US: Media
CVE-2018-1000535 (lms version &lt;= LMS_011123 contains a Local File Disclosure vulnerab ...)
	NOT-FOR-US: lms
CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into code execu ...)
	NOT-FOR-US: Joplin
CVE-2018-1000533 (klaussilveira GitList version &lt;= 0.6 contains a Passing incorrectly ...)
	NOT-FOR-US: klaussilveira GitList
CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or Pa ...)
	- beep 1.4.3-1 (low; bug #902722)
	[stretch] - beep <no-dsa> (Minor issue)
	[jessie] - beep <no-dsa> (Minor issue)
	NOTE: https://github.com/johnath/beep/issues/11#issuecomment-379514298
CVE-2018-1000531 (inversoft prime-jwt version prior to commit abb0d479389a2509f939452a67 ...)
	NOT-FOR-US: prime-jwt
CVE-2018-1000530
	REJECTED
CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XS ...)
	NOT-FOR-US: Grails Fields plugin
CVE-2018-1000528 (GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb756 ...)
	{DSA-4239-1 DLA-1436-1}
	- gosa 2.7.4+reloaded3-5 (low; bug #902723)
	NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
	NOTE: https://github.com/gosa-project/gosa-core/issues/14
CVE-2018-1000527 (Froxlor version &lt;= 0.9.39.5 contains a PHP Object Injection vulnera ...)
	NOT-FOR-US: Froxlor
CVE-2018-1000526 (Openpsa contains a XML Injection vulnerability in RSS file upload feat ...)
	NOT-FOR-US: openpsa
CVE-2018-1000525 (openpsa contains a PHP Object Injection vulnerability in Form data pas ...)
	NOT-FOR-US: openpsa
CVE-2018-1000524 (miniSphere version 5.2.9 and earlier contains a Integer Overflow vulne ...)
	NOT-FOR-US: miniSphere
CVE-2018-1000523 (topydo contains a CWE-20: Improper Input Validation vulnerability in L ...)
	NOT-FOR-US: topydo
CVE-2018-1000522
	REJECTED
CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /us ...)
	NOT-FOR-US: BigTree-CMS
CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows In ...)
	- mbedtls <unfixed> (unimportant)
	- polarssl <removed> (unimportant)
	NOTE: https://github.com/ARMmbed/mbedtls/issues/1561
	NOTE: No security impact
CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerability in  ...)
	NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling o ...)
	NOT-FOR-US: aaugustin websockets
CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-3 (low; bug #902724)
	[stretch] - busybox <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper N ...)
	NOT-FOR-US: Galaxy Project Galaxy
CVE-2018-1000515 (ventrian News-Articles version NewsArticles.00.09.11 contains a XML Ex ...)
	NOT-FOR-US: News-Articles
CVE-2018-1000514 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request For ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000513 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting  ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000512 (Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Sc ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000511 (WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulner ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000510 (WP Image Zoom version 1.23 contains a Incorrect Access Control vulnera ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000509 (Redirection version 2.7.1 contains a Serialisation vulnerability possi ...)
	NOT-FOR-US: Redirection
CVE-2018-1000508 (WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vuln ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000507 (WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSR ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000506 (Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forger ...)
	NOT-FOR-US: Metronet Tag Manager
CVE-2018-1000505 (Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forg ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000504 (Redirection version 2.7.3 contains a ACE via file inclusion vulnerabil ...)
	NOT-FOR-US: Redirection
CVE-2018-1000503 (MyBB Group MyBB contains a Incorrect Access Control vulnerability in P ...)
	NOT-FOR-US: MyBB Group MyBB
CVE-2018-1000502 (MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel ...)
	NOT-FOR-US: MyBB Group MyBB
CVE-2018-1000501 (Instant Update CMS contains a Password Reset Vulnerability vulnerabili ...)
	NOT-FOR-US: Instante Update CMS
CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerability in ...)
	- busybox <unfixed> (unimportant)
	NOTE: Intentional design decision:
	NOTE: https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74
	NOTE: https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55
	NOTE: Starting with 1:1.27.2-3 in unstable wget emmits a message that certificate
	NOTE: verification is not implemented.
CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-12637
	RESERVED
CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to t ...)
	NOT-FOR-US: CirCarLife Scada
CVE-2018-12634 (CirCarLife Scada before 4.3 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: CirCarLife Scada
CVE-2018-12633 (An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_d ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/bd23a7269834dc7c1f93e83535d16ebc44b75eba (4.18-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200131
CVE-2018-12632 (Redatam7 (formerly Redatam WebServer) allows remote attackers to disco ...)
	NOT-FOR-US: Redatam7
CVE-2018-12631 (Redatam7 (formerly Redatam WebServer) allows remote attackers to read  ...)
	NOT-FOR-US: Redatam7
CVE-2018-12630 (NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id  ...)
	NOT-FOR-US: NEWMARK (aka New Mark) NMCMS 2.1
CVE-2018-12629
	RESERVED
CVE-2018-12628 (An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users. ...)
	NOT-FOR-US: Eventum
CVE-2018-12627 (An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via ...)
	NOT-FOR-US: Eventum
CVE-2018-12626 (An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS vi ...)
	NOT-FOR-US: Eventum
CVE-2018-12625 (An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS ...)
	NOT-FOR-US: Eventum
CVE-2018-12624 (An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XS ...)
	NOT-FOR-US: Eventum
CVE-2018-12623 (An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS vi ...)
	NOT-FOR-US: Eventum
CVE-2018-12622 (An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has X ...)
	NOT-FOR-US: Eventum
CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...)
	NOT-FOR-US: Eventum
CVE-2018-12620
	RESERVED
CVE-2018-12619
	RESERVED
CVE-2018-12618
	RESERVED
CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c i ...)
	{DSA-4454-1 DLA-1694-1}
	- qemu 1:3.1+dfsg-1 (low; bug #902725)
	NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=141b197408ab398c4f474ac1a728ab316e921f2b
CVE-2018-12616
	RESERVED
CVE-2018-12615 (An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelpe ...)
	- passenger <not-affected> (Vulnerable code not present)
	- ruby-passenger <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
CVE-2018-12614
	RESERVED
CVE-2018-12613 (An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an  ...)
	- phpmyadmin <not-affected> (Affects 4.8.x)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7662d02939fb3cf6f0d9ec32ac664401dcfe7490
CVE-2018-12612
	RESERVED
CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...)
	NOT-FOR-US: OX App Suite
CVE-2018-12610 (OX App Suite 7.8.4 and earlier allows Information Exposure. ...)
	NOT-FOR-US: OX App Suite
CVE-2018-12609 (OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. ...)
	NOT-FOR-US: OX App Suite
CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The Docker engi ...)
	- docker.io 18.03.1+dfsg1-2
	NOTE: https://github.com/moby/moby/pull/33182
CVE-2018-1000403 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000402 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000401 (Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earli ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-12607 (An issue was discovered in GitLab Community Edition and Enterprise Edi ...)
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	[stretch] - gitlab <not-affected> (Only affects >= 10.5)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-XXXX [gitlab: Activity feed publicly displaying internal project names]
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	[stretch] - gitlab <not-affected> (Only affects >= 10.7)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-XXXX [gitlab: Content injection via username]
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12606 (An issue was discovered in GitLab Community Edition and Enterprise Edi ...)
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12605 (An issue was discovered in GitLab Community Edition and Enterprise Edi ...)
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	[stretch] - gitlab <not-affected> (Only affects 10.7)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12604 (GreenCMS 2.3.0603 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: GreenCMS
CVE-2018-12603 (Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS  ...)
	NOT-FOR-US: LFCMS
CVE-2018-12602 (A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitra ...)
	NOT-FOR-US: LFCMS
CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.ci in  ...)
	{DLA-1463-1}
	- sam2p <removed>
	NOTE: https://github.com/pts/sam2p/issues/41
	NOTE: https://github.com/pts/sam2p/commit/8b2b7151991e07ef262857c2325e95c3b2867f80
CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/d ...)
	{DSA-4245-1 DLA-1394-1}
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #902728)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1178
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/921f208c2ea3cc45847f380257f270ff424adfff
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae71c12bbaa34d942e036824ff389c22b7dacade
CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/b ...)
	{DSA-4245-1 DLA-1394-1}
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #902727)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1177
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ae04fa4be910255e5d363edebd77adeee99a525d
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/081f518eb9cb38e683b8b9ccb9e4ab5c52f82c2f
CVE-2018-12598
	RESERVED
CVE-2018-12597
	RESERVED
CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU ...)
	NOT-FOR-US: Episerver Ektron CMS
CVE-2018-12595
	RESERVED
CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers t ...)
	NOT-FOR-US: Reliable Controls MACH-ProWebCom devices
CVE-2018-12593
	RESERVED
CVE-2018-12592 (Polycom RealPresence Web Suite before 2.2.0 does not block a user's vi ...)
	NOT-FOR-US: Polycom RealPresence Web Suite
CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an im ...)
	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an ex ...)
	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: Polaris Office
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in templates/frontend/pages/s ...)
	NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in valeuraddons G ...)
	NOT-FOR-US: valeuraddons German Spelling Dictionary
CVE-2018-12586
	RESERVED
CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allo ...)
	NOT-FOR-US: OPC UA Java and .NET Legacy Stack
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...)
	{DLA-1439-1}
	- resiprocate <removed> (bug #905495)
	[stretch] - resiprocate <no-dsa> (Minor issue)
	NOTE: http://joachimdezutter.webredirect.org/advisory.html
	NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via a ...)
	NOT-FOR-US: AKCMS
CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin account vi ...)
	NOT-FOR-US: AKCMS
CVE-2018-12581 (An issue was discovered in js/designer/move.js in phpMyAdmin before 4. ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (low)
	[stretch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3 ...)
	NOT-FOR-US: DragonByte vBSecurity for vBulletin
CVE-2018-12579 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, ...)
	NOT-FOR-US: OXID eShop
CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in appliers ...)
	{DLA-1463-1}
	- sam2p <removed>
	NOTE: https://github.com/pts/sam2p/issues/39
	NOTE: https://github.com/pts/sam2p/commit/22e7a17e70e5f5eedf466b0b1855c8c954061a51
CVE-2018-12577 (The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9 ...)
	NOT-FOR-US: TP-Link
CVE-2018-12576 (TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.652 ...)
	NOT-FOR-US: TP-Link
CVE-2018-12575 (On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel. ...)
	NOT-FOR-US: TP-Link
CVE-2018-12574 (CSRF exists for all actions in the web interface on TP-Link TL-WR841N  ...)
	NOT-FOR-US: TP-Link
CVE-2018-12573
	RESERVED
CVE-2018-12572 (Avast Free Antivirus prior to 19.1.2360 stores user credentials in mem ...)
	NOT-FOR-US: Avast
CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified ...)
	NOT-FOR-US: Microsoft
CVE-2018-12570
	RESERVED
CVE-2018-12569
	RESERVED
CVE-2018-12568
	RESERVED
CVE-2018-12567
	RESERVED
CVE-2018-12566
	RESERVED
CVE-2018-12565 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
	{DSA-4234-1}
	- lava 2018.5.post1-1
	- lava-server <removed>
	[jessie] - lava-server <not-affected> (vulnerable code not present)
	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14
CVE-2018-12564 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
	{DSA-4234-1 DLA-1404-1}
	- lava 2018.5.post1-1
	- lava-server <removed>
	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3
CVE-2018-12563 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
	- lava 2018.5.post1-1
	- lava-server <removed>
	[stretch] - lava-server <not-affected> (Vulnerable code introduced in 2017.6)
	[jessie] - lava-server <not-affected> (vulnerable code not present)
	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214
CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12560 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 for Perl ...)
	- libemail-address-perl 1.912-1 (unimportant; bug #901873)
	[stretch] - libemail-address-perl 1.908-1+deb9u1
	NOTE: Possibility of DoS vs. usability issue for Email::Address
	NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
	NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offl ...)
	- zuul <itp> (bug #705844)
CVE-2018-12556 (The signature verification routine in install.sh in yarnpkg/website th ...)
	NOT-FOR-US: yarnpkg
CVE-2018-12555
	REJECTED
CVE-2018-12554
	REJECTED
CVE-2018-12553
	REJECTED
CVE-2018-12552
	REJECTED
CVE-2018-12551 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured  ...)
	{DSA-4388-1 DLA-1972-1}
	- mosquitto 1.5.6-1 (bug #921976)
	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
	NOTE: https://mosquitto.org/files/cve/2018-12551
CVE-2018-12550 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured  ...)
	{DSA-4388-1 DLA-1972-1}
	- mosquitto 1.5.6-1 (bug #921976)
	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
	NOTE: https://mosquitto.org/files/cve/2018-12550
CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrec ...)
	NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.cryp ...)
	NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12547 (In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and ...)
	NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12546 (In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client pu ...)
	{DSA-4388-1}
	- mosquitto 1.5.6-1 (bug #921976)
	[jessie] - mosquitto <ignored> (Minor issue)
	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
	NOTE: https://mosquitto.org/files/cve/2018-12546
CVE-2018-12545 (In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to  ...)
	- jetty9 <not-affected> (Vulnerable code never present in Debian released version)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096
	NOTE: Issue is not present in 9.2.x as there is no HTTP/2 support. Fixed upstream
	NOTE: in 9.4.12. Debian package moved directly to 9.4.14-1 containing the fix and
	NOTE: thus never including in unstable a vulnerable version.
	NOTE: Cf. https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096#c7
CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML  ...)
	NOT-FOR-US: Eclipse Vert.x
CVE-2018-12543 (In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is  ...)
	- mosquitto <not-affected> (Vulnerable code introduced in 1.5)
	NOTE: http://mosquitto.org/blog/2018/09/security-advisory-cve-2018-12543/
	NOTE: https://mosquitto.org/files/cve/2018-12543/
CVE-2018-12542 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler us ...)
	NOT-FOR-US: Eclipse Vert.x
CVE-2018-12541 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP u ...)
	NOT-FOR-US: Eclipse Vert.x
CVE-2018-12540 (In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do n ...)
	NOT-FOR-US: Eclipse Vertx
CVE-2018-12539 (In Eclipse OpenJ9 version 0.8, users other than the process owner may  ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional ...)
	- jetty9 <not-affected> (Only affects 9.4.x)
	- jetty8 <not-affected> (Only affects 9.4.x)
	- jetty <not-affected> (Only affects 9.4.x)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018
CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response header ...)
	NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...)
	- jetty9 9.2.25-1 (low; bug #902774)
	[stretch] - jetty9 <ignored> (Harmless information leak)
	- jetty8 <removed>
	[jessie] - jetty8 <ignored> (Harmless information leak)
	- jetty <removed>
	[jessie] - jetty <ignored> (Harmless information leak)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670
CVE-2018-12535
	RESERVED
CVE-2018-12534 (A SQL injection issue was discovered in the Quick Chat plugin before 4 ...)
	NOT-FOR-US: Quick Chat plugin for WordPress
CVE-2018-12533 (JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote atta ...)
	NOT-FOR-US: RichFaces
CVE-2018-12532 (JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote att ...)
	NOT-FOR-US: RichFaces
CVE-2018-12531 (An issue was discovered in MetInfo 6.0.0. install\index.php allows rem ...)
	NOT-FOR-US: MetInfo
CVE-2018-12530 (An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php al ...)
	NOT-FOR-US: MetInfo
CVE-2018-12529 (An issue was discovered on Intex N150 devices. The router firmware suf ...)
	NOT-FOR-US: Intex
CVE-2018-12528 (An issue was discovered on Intex N150 devices. The backup/restore opti ...)
	NOT-FOR-US: Intex
CVE-2018-12527
	RESERVED
CVE-2018-12526 (Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a defaul ...)
	NOT-FOR-US: Telesquare
CVE-2018-12525 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12524 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12523 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12522 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12521
	RESERVED
CVE-2018-12520 (An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG invo ...)
	- ntopng 3.8+dfsg1-1 (bug #903154)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Jul/14
	NOTE: https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f
	NOTE: https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a
CVE-2018-12519 (An issue was discovered in ShopNx through 2017-11-17. The vulnerabilit ...)
	NOT-FOR-US: ShopNx
CVE-2018-12518
	RESERVED
CVE-2018-12517
	RESERVED
CVE-2018-12516
	RESERVED
CVE-2018-12515
	RESERVED
CVE-2018-12514
	RESERVED
CVE-2018-12513
	RESERVED
CVE-2018-12512
	RESERVED
CVE-2018-12511 (In the mintToken function of a smart contract implementation for Subst ...)
	NOT-FOR-US: Substratum
CVE-2018-12510
	RESERVED
CVE-2018-12509
	RESERVED
CVE-2018-12508
	RESERVED
CVE-2018-12507
	RESERVED
CVE-2018-12506
	RESERVED
CVE-2018-12505
	RESERVED
CVE-2018-12504 (tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tiny ...)
	NOT-FOR-US: tinyexr
CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMem ...)
	NOT-FOR-US: tinyexr
CVE-2018-12502
	RESERVED
CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
	NOT-FOR-US: Nagios Fusion
CVE-2018-12500
	RESERVED
CVE-2018-12499 (The Motorola MBP853 firmware does not correctly validate server certif ...)
	NOT-FOR-US: Motoral
CVE-2018-12498 (spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id paramet ...)
	NOT-FOR-US: iCMS
CVE-2018-12497
	RESERVED
CVE-2018-12496
	RESERVED
CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2 ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-12494 (An issue was discovered in PublicCMS V4.0.20180210. There is a "Direct ...)
	NOT-FOR-US: PublicCMS
CVE-2018-12493 (An issue was discovered in PublicCMS V4.0.20180210. There is a "Direct ...)
	NOT-FOR-US: PublicCMS
CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delf ...)
	NOT-FOR-US: PHPOK
CVE-2018-12491 (PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import ...)
	NOT-FOR-US: PHPOK
CVE-2018-12490
	RESERVED
CVE-2018-12489
	RESERVED
CVE-2018-12488
	RESERVED
CVE-2018-12487
	RESERVED
CVE-2018-12486
	RESERVED
CVE-2018-12485
	RESERVED
CVE-2018-12484
	RESERVED
CVE-2018-12483 (OCS Inventory 2.4.1 is prone to a remote command-execution vulnerabili ...)
	- ocsinventory-server 2.5+dfsg-1 (unimportant; bug #905396)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-12482 (OCS Inventory 2.4.1 contains multiple SQL injections in the search eng ...)
	- ocsinventory-server 2.5+dfsg-1 (unimportant; bug #905396)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a "Sensitiv ...)
	NOT-FOR-US: Olive Tree Ftp Server application for Android
CVE-2018-12480 (Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 S ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-12479 (A Improper Input Validation vulnerability in Open Build Service allows ...)
	- open-build-service 2.9.4-1 (bug #911797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108435
	NOTE: https://github.com/openSUSE/open-build-service/pull/5880
	NOTE: https://github.com/openSUSE/open-build-service/commit/01b015ca2a320afc4fae823465d1e72da8bd60df
CVE-2018-12478 (A Improper Input Validation vulnerability in Open Build Service allows ...)
	NOT-FOR-US: obs-service replace_using_package_version
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108280
CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Open Buil ...)
	NOT-FOR-US: obs-service refresh_patches
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108189
	NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
	NOT-FOR-US: obs-service-tar_scm
CVE-2018-12475
	RESERVED
CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
	NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of Ope ...)
	NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT allo ...)
	NOT-FOR-US: SUSE Linux SMT
CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT al ...)
	NOT-FOR-US: SUSE Linux SMT
CVE-2018-12470 (A SQL Injection in the RegistrationSharing module of SUSE Linux SMT al ...)
	NOT-FOR-US: SUSE Linux SMT
CVE-2018-12469 (Incorrect handling of an invalid value for an HTTP request parameter b ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete pac ...)
	- open-build-service 2.9.4-1 (bug #911797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217
	NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
	NOTE: Introduced by: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-12466 (openSUSE openbuildservice before 9.2.4 allowed authenticated users to  ...)
	- open-build-service <unfixed> (bug #911797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1098934
	NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
	NOTE: Introduced by: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-12465 (An OS command injection vulnerability in the web administration compon ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12464 (A SQL injection vulnerability in the web administration and quarantine ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12463 (An XML external entity (XXE) vulnerability in Fortify Software Securit ...)
	NOT-FOR-US: Fortify
CVE-2018-12462 (NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. ...)
	NOT-FOR-US: NetIQ iManager
CVE-2018-12461 (Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certif ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2018-12460 (libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the ...)
	[experimental] - ffmpeg 7:4.0.1-1 (low)
	- ffmpeg <not-affected> (Introduced after 3.4)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d
CVE-2018-12459 (An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_h ...)
	[experimental] - ffmpeg 7:4.0.1-1 (low)
	- ffmpeg 7:4.0.1-2 (low)
	[stretch] - ffmpeg <not-affected> (Studio profile not yet supported)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c
CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in li ...)
	{DSA-4249-1}
	[experimental] - ffmpeg 7:4.0.1-1 (low)
	- ffmpeg 7:3.4.3-1 (low)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
	NOTE: Fixed in 3.2.11
CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin us ...)
	NOT-FOR-US: expressCart
CVE-2018-12456 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token  ...)
	NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices
CVE-2018-12455 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vul ...)
	NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices
CVE-2018-12454 (The _addguess function of a simplelottery smart contract implementatio ...)
	NOT-FOR-US: simplelottery
CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in redis-se ...)
	- redis <not-affected> (Vulnerable code introduced in 5.0-rc1)
	NOTE: https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5
	NOTE: https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6
CVE-2018-12452
	RESERVED
CVE-2018-12451
	RESERVED
CVE-2018-12450
	RESERVED
CVE-2018-12449 (The Whale browser installer 0.4.3.0 and earlier versions allows DLL hi ...)
	NOT-FOR-US: Whale browser installer
CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but only a t ...)
	NOT-FOR-US: Whale Browser
CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as use ...)
	NOT-FOR-US: libbpg
CVE-2018-12446 (** DISPUTED ** An issue was discovered in the com.dropbox.android appl ...)
	NOT-FOR-US: com.dropbox.android application for Android
CVE-2018-12445 (** DISPUTED ** An issue was discovered in the com.dropbox.android appl ...)
	NOT-FOR-US: com.dropbox.android application for Android
CVE-2018-12444
	RESERVED
CVE-2018-12443
	RESERVED
CVE-2018-12442
	RESERVED
CVE-2018-12441 (The CorsairService Service in Corsair Utility Engine is installed with ...)
	NOT-FOR-US: Corsair
CVE-2017-18341
	REJECTED
CVE-2017-18340
	REJECTED
CVE-2017-18339
	REJECTED
CVE-2017-18338
	REJECTED
CVE-2017-18337
	REJECTED
CVE-2017-18336
	REJECTED
CVE-2017-18335
	REJECTED
CVE-2017-18334
	REJECTED
CVE-2017-18333
	REJECTED
CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or reconfig ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18331 (Improper access control on secure display buffers in snapdragon automo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization v ...)
	NOT-FOR-US: snapdragon
CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
	NOT-FOR-US: snapdragon
CVE-2017-18328 (Use after free in QSH client rule processing in snapdragon mobile and  ...)
	NOT-FOR-US: snapdragon
CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or reconfig ...)
	NOT-FOR-US: snapdragon
CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon m ...)
	NOT-FOR-US: snapdragon
CVE-2017-18325
	REJECTED
CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in snapdra ...)
	NOT-FOR-US: snapdragon
CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in sna ...)
	NOT-FOR-US: snapdragon
CVE-2017-18322 (Cryptographic key material leaked in WCDMA debug messages in snapdrago ...)
	NOT-FOR-US: snapdragon
CVE-2017-18321 (Security keys used by the terminal and NW for a session could be leake ...)
	NOT-FOR-US: snapdragon
CVE-2017-18320 (QSEE unload attempt on a 3rd party TEE without previously loading resu ...)
	NOT-FOR-US: snapdragon
CVE-2017-18319 (Information leak in UIM API debug messages in snapdragon mobile and sn ...)
	NOT-FOR-US: snapdragon
CVE-2017-18318 (Missing validation check on CRL issuer name in Snapdragon Automobile,  ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18317 (Restrictions related to the modem (sim lock, sim kill) can be bypassed ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18316 (Secure application can access QSEE kernel memory through Ontario kerne ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18315 (Buffer over-read vulnerabilities in an older version of ASN.1 parser i ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18314 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18313 (Under certain mode of operations, HLOS may be able get direct or indir ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18312 (While accessing SafeSwitch services, third party can manipulate a give ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18311 (XPU Master privilege escalation is possible due to improper access con ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18310 (ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snap ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18309 (A micro-core of QMP transportation may cause a macro-core to read from ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18308 (Modem segments are unlocked after authentication, leaving modem segmen ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18307
	RESERVED
CVE-2017-18306
	RESERVED
CVE-2017-18305 (XBL sec mem dump system call allows complete control of EL3 by unlocki ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18304 (Insufficient memory allocation in boot due to incorrect size being pas ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18303 (While processing the sensors registry configuration file, if inputs ar ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18302 (In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 42 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18301 (In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18300 (Secure display content could be accessed by third party trusted applic ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18299 (Improper translation table consolidation logic leads to resource exhau ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18298 (Lack of Input Validation in SDMX API can lead to NULL pointer access i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18297 (Double memory free while closing TEE SE API Session management in Snap ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18296 (Access control on applications is not applied while accessing SafeSwit ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18295 (Possible buffer overflow if input is not null terminated in DSP Servic ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18294 (While reading file class type from ELF header, a buffer overread may h ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18293 (When a particular GPIO is protected by blocking access to the correspo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18292 (Secure app running in non secure space can restart TZ by calling Widev ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache side-channel attack ...)
	- boringssl <itp> (bug #823933)
CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack ...)
	- matrixssl <removed>
CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...)
	- openjdk-7 <not-affected> (Didn't include/build sunec, see #750400)
	- openjdk-8 <undetermined>
	- openjdk-11 <undetermined>
CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack o ...)
	- libtomcrypt 1.18.2-1 (low; bug #901626)
	[stretch] - libtomcrypt <no-dsa> (Minor issue)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://github.com/libtom/libtomcrypt/issues/407
	NOTE: https://github.com/libtom/libtomcrypt/pull/408
CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cac ...)
	- wolfssl 3.15.3+dfsg-1 (bug #901627)
	NOTE: https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca
	NOTE: https://www.wolfssl.com/wolfssh-and-rohnp/
CVE-2018-12435 (Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-chan ...)
	- botan 2.6.0-3 (bug #901619)
	- botan1.10 <not-affected> (Issue introduced in 2.5.0)
	NOTE: https://github.com/randombit/botan/pull/1604
	NOTE: https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3
CVE-2018-12434 (LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache sid ...)
	- libressl <itp> (bug #754513)
CVE-2018-12433 (** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-chann ...)
	NOT-FOR-US: cryptlib
CVE-2018-12432 (JavaMelody through 1.60.0 has XSS via the counter parameter in a clear ...)
	NOT-FOR-US: JavaMelody
CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_con ...)
	NOT-FOR-US: SeaCMS
CVE-2018-12430
	REJECTED
CVE-2018-12429 (JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish  ...)
	NOT-FOR-US: JEESNS
CVE-2018-12428
	RESERVED
CVE-2018-12427
	RESERVED
CVE-2018-12426 (The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vul ...)
	NOT-FOR-US: WP Live Chat Support Pro plugin for WordPress
CVE-2018-12425
	RESERVED
CVE-2018-12424
	RESERVED
CVE-2018-12422 (** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evol ...)
	- evolution-data-server 3.28.5-1 (unimportant; bug #901665)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796174
	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/34bad6173
	NOTE: non-issue, to be rejected
CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a chan ...)
	NOT-FOR-US: LTB Self Service Password
CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password in a re ...)
	NOT-FOR-US: IceHrm
CVE-2018-12419
	RESERVED
CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika and other  ...)
	NOT-FOR-US: Junrar
CVE-2018-12417
	REJECTED
CVE-2018-12416 (The GridServer Broker and GridServer Director components of TIBCO Soft ...)
	NOT-FOR-US: TIBCO
CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO Software  ...)
	NOT-FOR-US: TIBCO
CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
	NOT-FOR-US: TIBCO
CVE-2018-12413 (The Schema repository server (tibschemad) component of TIBCO Software  ...)
	NOT-FOR-US: TIBCO
CVE-2018-12412 (The realm server (tibrealmserver) component of TIBCO Software Inc. TIB ...)
	NOT-FOR-US: TIBCO
CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics S ...)
	NOT-FOR-US: TIBCO
CVE-2018-12409 (The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fab ...)
	NOT-FOR-US: TIBCO
CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO Acti ...)
	NOT-FOR-US: TIBCO
CVE-2018-12407 (A buffer overflow occurs when drawing and validating elements with the ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12407
CVE-2018-12406 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406
CVE-2018-12405 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
CVE-2018-12404 (A cached side channel attack during handshakes using RSA encryption co ...)
	{DLA-1704-1}
	- nss 2:3.41-1
	NOTE: http://cat.eyalro.net/
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes
	NOTE: Fixed in 3.36.6, 3.40.1
CVE-2018-12403 (If a site is loaded over a HTTPS connection but loads a favicon resour ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12403
CVE-2018-12402 (The internal WebBrowserPersist code does not use correct origin contex ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12402
CVE-2018-12401 (Some special resource URIs will cause a non-exploitable crash if loade ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12401
CVE-2018-12400 (In private browsing mode on Firefox for Android, favicons are cached i ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12400
CVE-2018-12399 (When a new protocol handler is registered, the API accepts a title arg ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12399
CVE-2018-12398 (By using the reflected URL in some special resource URIs, such as chro ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398
CVE-2018-12397 (A WebExtension can request access to local files without the warning p ...)
	{DSA-4324-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397
CVE-2018-12396 (A vulnerability where a WebExtension can run content scripts in disall ...)
	{DSA-4324-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396
CVE-2018-12395 (By rewriting the Host: request headers using the webRequest API, a Web ...)
	{DSA-4324-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12395
CVE-2018-12394
	RESERVED
CVE-2018-12393 (A potential vulnerability was found in 32-bit builds where an integer  ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12393
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
CVE-2018-12392 (When manipulating user events in nested loops while opening a document ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392
CVE-2018-12391 (During HTTP Live Stream playback on Firefox for Android, audio data ca ...)
	- firefox-esr <not-affected> (Android-specific)
	- firefox <not-affected> (Android-specific)
	- thunderbird <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12391
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12391
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
CVE-2018-12390 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
CVE-2018-12389 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12389
CVE-2018-12388 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12388
CVE-2018-12387 (A vulnerability where the JavaScript JIT compiler inlines Array.protot ...)
	{DSA-4310-1}
	- firefox 62.0.3-1
	- firefox-esr 60.2.2esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387
CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to type  ...)
	{DSA-4310-1}
	- firefox 62.0.3-1
	- firefox-esr 60.2.2esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL  ...)
	{DSA-4327-1 DSA-4304-1 DLA-1575-1}
	- firefox 62.0.2-1
	- firefox-esr 60.2.1esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
CVE-2018-12384 (When handling a SSLv2-compatible ClientHello request, the server doesn ...)
	- nss 2:3.39-1 (low; bug #908332)
	[stretch] - nss <postponed> (Minor issue, can be fixed along in future DSA)
	[jessie] - nss <postponed> (Minor issue, can be fixed along in future DSA)
	NOTE: https://hg.mozilla.org/projects/nss/rev/2ed9f6afd84e (NSS_3_39_BRANCH)
	NOTE: https://hg.mozilla.org/projects/nss/rev/46f9a1f40c3d (NSS_3_36_BRANCH)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a maste ...)
	{DSA-4327-1 DSA-4304-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.1esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
CVE-2018-12382 (The displayed addressbar URL can be spoofed on Firefox for Android usi ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12382
CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the brows ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12381
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12381
CVE-2018-12380
	REJECTED
CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...)
	{DSA-4327-1 DLA-1575-1}
	- firefox 62.0-1 (unimportant)
	- firefox-esr 60.2.0esr-1 (unimportant)
	[stretch] - firefox-esr 60.2.0esr-1~deb9u2
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12379
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is de ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ar ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12377
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12376
CVE-2018-12375 (Memory safety bugs present in Firefox 61. Some of these bugs showed ev ...)
	- firefox 62.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12375
CVE-2018-12374 (Plaintext of decrypted emails can leak through by user submitting an e ...)
	{DSA-4244-1 DLA-1425-1}
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12374
CVE-2018-12373 (dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can  ...)
	{DSA-4244-1 DLA-1425-1}
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12373
CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an attack, c ...)
	{DSA-4244-1 DLA-1425-1}
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
CVE-2018-12371
	RESERVED
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12371
CVE-2018-12370 (In Reader View SameSite cookie protections are not checked on exiting. ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12370
CVE-2018-12369 (WebExtensions bundled with embedded experiments were not correctly che ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12369
CVE-2018-12368 (Windows 10 does not warn users before opening executable files with th ...)
	- firefox-esr <not-affected> (Windows-specific)
	- firefox <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12368
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12368
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
CVE-2018-12367 (In the previous mitigations for Spectre, the resolution or precision o ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12367
CVE-2018-12366 (An invalid grid size during QCMS (color profile) transformations can r ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12366
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12366
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12366
CVE-2018-12365 (A compromised IPC child process can escape the content sandbox and lis ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12365
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12365
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12365
CVE-2018-12364 (NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12364
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12364
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12364
CVE-2018-12363 (A use-after-free vulnerability can occur when script uses mutation eve ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12363
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12363
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12363
CVE-2018-12362 (An integer overflow can occur during graphics operations done by the S ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12362
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12362
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
CVE-2018-12361 (An integer overflow can occur in the SwizzleData code while calculatin ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12361
CVE-2018-12360 (A use-after-free vulnerability can occur when deleting an input elemen ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12360
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12360
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12360
CVE-2018-12359 (A buffer overflow can occur when rendering canvas content while adjust ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12359
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12359
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12359
CVE-2018-12358 (Service workers can use redirection to avoid the tainting of cross-ori ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12358
CVE-2018-12423 (In Synapse before 0.31.2, unauthorised users can hijack rooms when the ...)
	- matrix-synapse 0.31.2+dfsg-1 (bug #901549)
	NOTE: https://github.com/matrix-org/synapse/pull/3397
CVE-2018-12357 (Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. ...)
	NOT-FOR-US: Arista CloudVision Portal
CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple Passwor ...)
	- password-store 1.7.2-1 (bug #901574)
	[stretch] - password-store <not-affected> (Signature verification support added in 1.7)
	[jessie] - password-store <not-affected> (Signature verification support added in 1.7)
	NOTE: https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html
	NOTE: Introduced in: https://git.zx2c4.com/password-store/commit/?id=ff62f87f41557ab7267defab662324927301485a
	NOTE: Fixed by: https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d
	NOTE: https://neopg.io/blog/pass-signature-spoof/
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/14/3
CVE-2018-12355 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or descriptio ...)
	NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12354 (Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demons ...)
	NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12353 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the  ...)
	NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12352
	RESERVED
CVE-2018-12351
	RESERVED
CVE-2018-12350
	RESERVED
CVE-2018-12349
	RESERVED
CVE-2018-12348
	RESERVED
CVE-2018-12347
	RESERVED
CVE-2018-12346
	RESERVED
CVE-2018-12345
	RESERVED
CVE-2018-12344
	RESERVED
CVE-2018-12343
	RESERVED
CVE-2018-12342
	RESERVED
CVE-2018-12341
	RESERVED
CVE-2018-12340
	RESERVED
CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an article" action. ...)
	NOT-FOR-US: ArticleCMS
CVE-2018-12338 (Undocumented Factory Backdoor in ECOS System Management Appliance (aka ...)
	NOT-FOR-US: ECOS System Management Appliance
CVE-2018-12337 (Reliance on Security Through Obscurity vulnerability in ECOS Secure Bo ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12336 (Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6. ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12335 (Incorrect access control in ECOS System Management Appliance (aka SMA) ...)
	NOT-FOR-US: ECOS System Management Appliance
CVE-2018-12334 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12333 (Insufficient Verification of Data Authenticity vulnerability in ECOS S ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12332 (Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12331 (Authentication Bypass by Spoofing vulnerability in ECOS System Managem ...)
	NOT-FOR-US: ECOS System Management Appliance
CVE-2018-12330 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12329 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12328
	RESERVED
CVE-2018-12327 (Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11  ...)
	- ntp <unfixed> (unimportant)
	NOTE: https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
	NOTE: Negligible security impact
CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...)
	{DSA-4230-1 DLA-1396-1}
	- redis 5:4.0.10-1 (bug #902410)
	NOTE: https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
	NOTE: https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
CVE-2018-12325
	RESERVED
CVE-2018-12324
	RESERVED
CVE-2018-12323 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. A passwor ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12322 (There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in l ...)
	- radare2 2.7.0+dfsg-1 (low; bug #901628)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017
	NOTE: https://github.com/radare/radare2/issues/10294
CVE-2018-12321 (There is a heap out of bounds read in radare2 2.6.0 in java_switch_op( ...)
	- radare2 2.7.0+dfsg-1 (low; bug #901629)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d
	NOTE: https://github.com/radare/radare2/issues/10296
CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr ...)
	- radare2 2.7.0+dfsg-1 (low; bug #901630)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
	NOTE: https://github.com/radare/radare2/issues/10293
CVE-2018-12319 (Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attack ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12318 (Information disclosure in the SNMP settings page in ASUSTOR ADM versio ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12317 (OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows  ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12316 (OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12315 (Missing verification of a password in ASUSTOR ADM version 3.1.1 allows ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12314 (Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3. ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12313 (OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows a ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12312 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows a ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12311 (Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM ver ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12310 (Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 al ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12309 (Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows  ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12308 (Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 al ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12307 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows a ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allo ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 all ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12304 (Cross-site scripting in Application Manager in Seagate NAS OS version  ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12303 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12302 (Missing HTTPOnly flag on session cookies in the Seagate NAS OS version ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12301 (Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12300 (Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12299 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12298 (Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows a ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12297 (Cross-site scripting in API error pages in Seagate NAS OS version 4.3. ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12296 (Insufficient access control in /api/external/7.0/system.System.get_inf ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12295 (SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3. ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12294 (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as  ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-12293 (The getImageData function in the ImageBufferCairo class in WebCore/pla ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-12292 (A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpand ...)
	NOT-FOR-US: Pale Moon
CVE-2018-12290 (The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. ...)
	NOT-FOR-US: Yii2-StateMachine extension for Yii2
CVE-2018-12289
	RESERVED
CVE-2018-12288
	RESERVED
CVE-2018-12287
	RESERVED
CVE-2018-12286
	RESERVED
CVE-2018-12285
	RESERVED
CVE-2018-12284
	RESERVED
CVE-2018-12283
	RESERVED
CVE-2018-12282
	RESERVED
CVE-2018-12281
	RESERVED
CVE-2018-12280
	RESERVED
CVE-2018-12279
	RESERVED
CVE-2018-12278
	RESERVED
CVE-2018-12277
	RESERVED
CVE-2018-12276
	RESERVED
CVE-2018-12275
	RESERVED
CVE-2018-12274
	RESERVED
CVE-2018-12273 (The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciuda ...)
	NOT-FOR-US: Ximdex
CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter. ...)
	NOT-FOR-US: Ximdex
CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox a ...)
	NOT-FOR-US: com.getdropbox.Dropbox app for IOS
CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a homograph  ...)
	NOT-FOR-US: Valve Steam
	NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
	NOTE: is started, so nothing really to be updated there
CVE-2018-12269
	RESERVED
CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metac ...)
	- acccheck <unfixed> (bug #901572)
	[stretch] - acccheck <no-dsa> (Non-free not supported)
CVE-2018-12267
	RESERVED
CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that  ...)
	NOT-FOR-US: HongCMS
CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in prev ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4 (bug #901706)
	NOTE: https://github.com/Exiv2/exiv2/issues/365
	NOTE: https://github.com/Exiv2/exiv2/commit/937a1a2bd067b8b3b787f3757089d972f3a39853
CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.c ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4 (bug #901707)
	NOTE: https://github.com/Exiv2/exiv2/issues/366
	NOTE: https://github.com/Exiv2/exiv2/commit/fe70939f54476e99046245ca69ff27012401f759
CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-12262
	REJECTED
CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All proce ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12260 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root  ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12259 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root acce ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12258 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Fi ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is  ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote ...)
	NOT-FOR-US: LiteCart
CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF  ...)
	NOT-FOR-US: InvoicePlane
CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for  ...)
	NOT-FOR-US: Harmis Ek rishta component for Joomla!
CVE-2018-12253
	RESERVED
CVE-2018-12252
	RESERVED
CVE-2018-12251
	RESERVED
CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.p ...)
	NOT-FOR-US: Elite CMS
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
	- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3
	NOTE: https://github.com/mruby/mruby/issues/4037
CVE-2018-12248 (An issue was discovered in mruby 1.4.1. There is a heap-based buffer o ...)
	- mruby 1.4.1+20180622+git640fca32-1 (bug #901653)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b
	NOTE: https://github.com/mruby/mruby/issues/4038
CVE-2018-12247 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
	- mruby <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://github.com/mruby/mruby/commit/f408143c289b8017883294f13d36d43b50c8bc5d
	NOTE: Fixed by: https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2
	NOTE: https://github.com/mruby/mruby/issues/4036
CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a  ...)
	NOT-FOR-US: Symantec
CVE-2018-12245 (Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2018-12244 (SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 ...)
	NOT-FOR-US: SEP
CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
	NOT-FOR-US: Symantec
CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
	NOT-FOR-US: Symantec
CVE-2018-12241 (The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susc ...)
	NOT-FOR-US: Symantec
CVE-2018-12240 (The Norton Identity Safe product prior to 5.3.0.976 may be susceptible ...)
	NOT-FOR-US: Norton
CVE-2018-12239 (Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12. ...)
	NOT-FOR-US: Norton
CVE-2018-12238 (Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12. ...)
	NOT-FOR-US: Norton
CVE-2018-12237 (The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10. ...)
	NOT-FOR-US: Symantec Reporter CLI
CVE-2018-12236
	RESERVED
CVE-2018-12235
	RESERVED
CVE-2018-12234 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12231
	RESERVED
CVE-2018-12230 (An wrong logical check identified in the transferFrom function of a sm ...)
	NOT-FOR-US: smart contract implementation for RemiCoin (RMC)
CVE-2018-12229 (Cross-site scripting (XSS) vulnerability in Public Knowledge Project ( ...)
	NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
CVE-2017-18291 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in  ...)
	NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities allowing integration with a PvPGN game server)
CVE-2017-18290 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in  ...)
	NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities allowing integration with a PvPGN game server)
CVE-2017-18289 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in l ...)
	NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities allowing integration with a PvPGN game server)
CVE-2017-18288 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in  ...)
	NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities allowing integration with a PvPGN game server)
CVE-2017-18287 (An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in  ...)
	NOT-FOR-US: PvPGN Stats (relates to pvpgn, but the PHP utilities allowing integration with a PvPGN game server)
CVE-2018-12233 (In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4 ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://lkml.org/lkml/2018/6/2/2
CVE-2018-12232 (In net/socket.c in the Linux kernel through 4.17.1, there is a race co ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/6d8c50dcb029872b298eea68cc6209c866fd3e14
CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before 15.4.1. Wh ...)
	- asterisk <not-affected> (Only affects 15.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-007.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27807
CVE-2018-12227 (An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 1 ...)
	{DSA-4320-1}
	- asterisk 1:13.22.0~dfsg-1 (bug #902954)
	[jessie] - asterisk <not-affected> (vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-008.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27818
CVE-2018-12226
	RESERVED
CVE-2018-12225
	RESERVED
CVE-2018-12224 (Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* ...)
	NOT-FOR-US: Intel
CVE-2018-12223 (Insufficient access control in User Mode Driver in Intel(R) Graphics D ...)
	NOT-FOR-US: Intel
CVE-2018-12222 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12221 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12220 (Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Window ...)
	NOT-FOR-US: Intel
CVE-2018-12219 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12218 (Unhandled exception in User Mode Driver in Intel(R) Graphics Driver fo ...)
	NOT-FOR-US: Intel
CVE-2018-12217 (Insufficient access control in Kernel Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12216 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12215 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12214 (Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12213 (Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12212 (Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Wi ...)
	NOT-FOR-US: Intel
CVE-2018-12211 (Insufficient input validation in User Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12210 (Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12209 (Insufficient access control in User Mode Driver in Intel(R) Graphics D ...)
	NOT-FOR-US: Intel
CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11. ...)
	NOT-FOR-US: Intel
CVE-2018-12207 (Improper invalidation for page table updates by a virtual guest operat ...)
	{DSA-4602-1 DSA-4564-1 DLA-1990-1}
	- linux 5.3.9-2
	[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0
	NOTE: https://xenbits.xen.org/xsa/advisory-304.html
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist Technol ...)
	NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-12205 (Improper certificate validation in Platform Sample/ Silicon Reference  ...)
	NOT-FOR-US: Intel
CVE-2018-12204 (Improper memory initialization in Platform Sample/Silicon Reference fi ...)
	NOT-FOR-US: Intel
CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon Reference  ...)
	NOT-FOR-US: Intel
CVE-2018-12202 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
	NOT-FOR-US: Intel
CVE-2018-12201 (Buffer overflow vulnerability in Platform Sample / Silicon Reference f ...)
	NOT-FOR-US: Intel
CVE-2018-12200 (Insufficient access control in Intel(R) Capability Licensing Service b ...)
	NOT-FOR-US: Intel
CVE-2018-12199 (Buffer overflow in an OS component in Intel CSME before versions 11.8. ...)
	NOT-FOR-US: Intel
CVE-2018-12198 (Insufficient input validation in Intel(R) Server Platform Services HEC ...)
	NOT-FOR-US: Intel
CVE-2018-12197
	RESERVED
CVE-2018-12196 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before  ...)
	NOT-FOR-US: Intel
CVE-2018-12195
	RESERVED
CVE-2018-12194
	RESERVED
CVE-2018-12193 (Insufficient access control in driver stack for Intel QuickAssist Tech ...)
	NOT-FOR-US: Intel
CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11 ...)
	NOT-FOR-US: Intel
CVE-2018-12191 (Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, ...)
	NOT-FOR-US: Intel
CVE-2018-12190 (Insufficient input validation in Intel(r) CSME subsystem before versio ...)
	NOT-FOR-US: Intel
CVE-2018-12189 (Unhandled exception in Content Protection subsystem in Intel CSME befo ...)
	NOT-FOR-US: Intel
CVE-2018-12188 (Insufficient input validation in Intel CSME before versions 11.8.60, 1 ...)
	NOT-FOR-US: Intel
CVE-2018-12187 (Insufficient input validation in Intel(R) Active Management Technology ...)
	NOT-FOR-US: Intel
CVE-2018-12186
	RESERVED
CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before  ...)
	NOT-FOR-US: Intel
CVE-2018-12184
	RESERVED
CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...)
	- edk2 0~20181115.85588389-1
	[buster] - edk2 <no-dsa> (Minor issue)
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://github.com/tianocore/edk2/commit/0a0d5296e448fc350de1594c49b9c0deff7fad60
CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may allow an ...)
	- edk2 <not-affected> (See https://bugzilla.tianocore.org/show_bug.cgi?id=1136#c13)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1136
CVE-2018-12181 (Stack overflow in corrupted bmp for EDK II may allow unprivileged user ...)
	- edk2 0~20181115.85588389-3 (bug #924615)
	[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u1
	[jessie] - edk2 <end-of-life> (non-free is not supported)
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-March/037626.html
CVE-2018-12180 (Buffer overflow in BlockIo service for EDK II may allow an unauthentic ...)
	- edk2 0~20181115.85588389-3 (bug #924615)
	[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u1
	[jessie] - edk2 <end-of-life> (non-free is not supported)
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037248.html
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037249.html
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037250.html
	NOTE: https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f
	NOTE: https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
CVE-2018-12179 (Improper configuration in system firmware for EDK II may allow unauthe ...)
	- edk2 0~20190606.20d2e5a1-2 (unimportant; bug #927484)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1133
	NOTE: OpalPassword code is not enabled in Debian images
CVE-2018-12178 (Buffer overflow in network stack for EDK II may allow unprivileged use ...)
	- edk2 0~20181115.85588389-3 (bug #924615)
	[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u1
	[jessie] - edk2 <end-of-life> (non-free is not supported)
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037251.html
	NOTE: https://github.com/tianocore/edk2/commit/84110bbe4bb3a346514b9bb12eadb7586bca7dfd
CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) P ...)
	NOT-FOR-US: Intel PROSet/Wireless WiFi Software
CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a p ...)
	NOT-FOR-US: Intel
CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
	NOT-FOR-US: Intel Distribution for Python
CVE-2018-12174 (Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE ...)
	NOT-FOR-US: Intel
CVE-2018-12173 (Insufficient access protection in firmware in Intel Server Board, Inte ...)
	NOT-FOR-US: Intel
CVE-2018-12172 (Improper password hashing in firmware in Intel Server Board (S7200AP,S ...)
	NOT-FOR-US: Intel
CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (BMC) fi ...)
	NOT-FOR-US: Intel Baseboard Management Controller firmware
CVE-2018-12170
	RESERVED
CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Processor,  ...)
	NOT-FOR-US: Intel
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing Improvemen ...)
	NOT-FOR-US: Intel
CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P ...)
	NOT-FOR-US: Intel
CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD  ...)
	NOT-FOR-US: Intel
CVE-2018-12165
	RESERVED
CVE-2018-12164
	RESERVED
CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 inst ...)
	NOT-FOR-US: Intel IoT Developers Kit
CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...)
	NOT-FOR-US: Intel OpenVINO Toolkit for Windows
CVE-2018-12161 (Insufficient session validation in the webserver component of the Inte ...)
	NOT-FOR-US: Intel Rapid Web Server
CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data Cente ...)
	NOT-FOR-US: Intel
CVE-2018-12159 (Buffer overflow in the command-line interface for Intel(R) PROSet Wire ...)
	NOT-FOR-US: Intel
CVE-2018-12158 (Insufficient input validation in BIOS update utility in Intel NUC FW k ...)
	NOT-FOR-US: Intel
CVE-2018-12157
	RESERVED
CVE-2018-12156
	RESERVED
CVE-2018-12155 (Data leakage in cryptographic libraries for Intel IPP before 2019 upda ...)
	NOT-FOR-US: Intel
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
	NOT-FOR-US: Intel
CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
	NOT-FOR-US: Intel
CVE-2018-12152 (Pointer corruption in Unified Shader Compiler in Intel Graphics Driver ...)
	NOT-FOR-US: Intel
CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility before 6 ...)
	NOT-FOR-US: Intel
CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning Utility  ...)
	NOT-FOR-US: Intel
CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utility befo ...)
	NOT-FOR-US: Intel
CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support A ...)
	NOT-FOR-US: Intel
CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R) CSME befor ...)
	NOT-FOR-US: Intel
CVE-2018-12146
	RESERVED
CVE-2018-12145
	RESERVED
CVE-2018-12144
	RESERVED
CVE-2018-12143
	RESERVED
CVE-2018-12142
	RESERVED
CVE-2018-12141
	RESERVED
CVE-2018-12140
	RESERVED
CVE-2018-12139
	RESERVED
CVE-2018-12138
	RESERVED
CVE-2018-12137
	RESERVED
CVE-2018-12136
	RESERVED
CVE-2018-12135
	RESERVED
CVE-2018-12134
	RESERVED
CVE-2018-12133
	RESERVED
CVE-2018-12132
	RESERVED
CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before versio ...)
	NOT-FOR-US: Intel
CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on  ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12129
	RESERVED
CVE-2018-12128
	RESERVED
CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers o ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12125
	RESERVED
CVE-2018-12124
	RESERVED
CVE-2018-12123 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/53a6e4eb2002efc66eb9aefe24529fb63715094e
CVE-2018-12122 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/696f063c5e9157fd10859515da00fd8bd190d76d
CVE-2018-12121 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/93dba83fb0fb46ee2ea87163f435392490b4d59b
CVE-2018-12120 (Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 list ...)
	- nodejs 8.9.3~dfsg-5 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Code got removed in 8.x, so marking first 8.x version in sid as fixed
	NOTE: Patch (v6): https://github.com/nodejs/node/commit/a9791c9090927b41a8bbfad254a2279204508059
CVE-2018-12119
	RESERVED
CVE-2018-12118
	RESERVED
CVE-2018-12117
	RESERVED
CVE-2018-12116 (Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/513e9747a22386bc9c93a12f9698561827a1e631
	NOTE: Only affects 6.x and 8.x, marking first 10.x release as fixed
CVE-2018-12115 (In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: https://github.com/nodejs/node/commit/fc14d812b7
CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user  ...)
	NOT-FOR-US: Maccms
CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulne ...)
	NOT-FOR-US: Core FTP LE
CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to  ...)
	NOT-FOR-US: md4c
CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webi ...)
	NOT-FOR-US: Canon PrintMe EFI webinterface
CVE-2018-12110 (portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php previ ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-12109 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The  ...)
	- flif <removed> (bug #902196)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/513
CVE-2018-12108 (An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompre ...)
	- lepton <removed> (bug #905494)
	NOTE: https://github.com/dropbox/lepton/issues/107
CVE-2018-12107
	RESERVED
CVE-2018-12106
	RESERVED
CVE-2018-12105
	RESERVED
CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7. ...)
	NOT-FOR-US: Airbnb Knowledge Repo
CVE-2018-12103 (An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 ...)
	NOT-FOR-US: D-Link
CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function md_process_l ...)
	NOT-FOR-US: md4c
CVE-2018-12101 (CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Res ...)
	NOT-FOR-US: CMS Clipper
CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS i ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
	- grafana <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/grafana/grafana/pull/11813
CVE-2018-12098 (** DISPUTED ** The liblnk_data_block_read function in liblnk_data_bloc ...)
	- liblnk 20180626-1 (unimportant; bug #901962)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
	NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
	NOTE: https://github.com/libyal/liblnk/issues/32
	NOTE: https://github.com/libyal/liblnk/issues/33
	NOTE: Questionable/negligabe security impact
CVE-2018-12097 (** DISPUTED ** The liblnk_location_information_read_data function in l ...)
	- liblnk <unfixed> (unimportant; bug #901962)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
	NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
	NOTE: https://github.com/libyal/liblnk/issues/32
	NOTE: https://github.com/libyal/liblnk/issues/33
	NOTE: Questionable/negligabe security impact
CVE-2018-12096 (** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in ...)
	- liblnk <unfixed> (unimportant; bug #901962)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
	NOTE: https://github.com/libyal/liblnk/issues/32
	NOTE: https://github.com/libyal/liblnk/issues/33
	NOTE: Questionable/negligabe security impact
CVE-2018-12095 (A Reflected Cross-Site Scripting web vulnerability has been discovered ...)
	NOT-FOR-US: OEcms
CVE-2018-12094 (Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS V ...)
	NOT-FOR-US: Dimofinf CMS
CVE-2018-12093 (tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr ...)
	NOT-FOR-US: tinyexr
CVE-2018-12092 (tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixe ...)
	NOT-FOR-US: tinyexr
CVE-2018-12091
	RESERVED
CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in LAMS  ...)
	NOT-FOR-US: LAMS
CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View  ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-12291 (The on_get_missing_events function in handlers/federation.py in Matrix ...)
	- matrix-synapse 0.31.1+dfsg-1 (bug #901293)
	NOTE: https://github.com/matrix-org/synapse/pull/3371
	NOTE: https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec
	NOTE: https://matrix.org/blog/2018/06/08/synapse-0-31-1-released/
CVE-2018-12088 (S3QL before 2.27 mishandles checksumming, and consequently allows repl ...)
	- s3ql 2.27.1+dfsg-1 (low)
	[stretch] - s3ql <ignored> (Minor issue, backports would change the file system revision rendering it unable to read older file systems)
	[jessie] - s3ql <ignored> (Minor issue, backports would change the file system revision rendering it unable to read older file systems)
	NOTE: https://groups.google.com/forum/#!topic/s3ql/4TzCVIMkA4o
	NOTE: https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
CVE-2018-12087 (Failure to validate certificates in OPC Foundation UA Client Applicati ...)
	NOT-FOR-US: OPC UA
CVE-2018-12086 (Buffer overflow in OPC UA applications allows remote attackers to trig ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <ignored> (changes are too intrusive to backport)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-50.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28a7a79cac425d1b1ecf06e73add41edd2241e49
CVE-2018-12085 (Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parse ...)
	- liblouis 3.5.0-4 (bug #901202)
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/595
	NOTE: https://github.com/liblouis/liblouis/commit/dbfa58bb128cae86729578ac596056b3385817ef
CVE-2018-12084 (The mintToken function of a smart contract implementation for BitAsean ...)
	NOT-FOR-US: BitAsean
CVE-2018-12083 (The mintToken function of a smart contract implementation for GOAL Bon ...)
	NOT-FOR-US: GOAL
CVE-2018-12082 (The mintToken function of a smart contract implementation for Fujinto  ...)
	NOT-FOR-US: Fujinto
CVE-2018-12081 (The mintToken function of a smart contract implementation for Target C ...)
	NOT-FOR-US: Target Coin
CVE-2018-12080 (The mintToken function of a smart contract implementation for Internet ...)
	NOT-FOR-US: Internet Node Token
CVE-2018-12079 (The mintToken function of a smart contract implementation for Substrat ...)
	NOT-FOR-US: Substratum
CVE-2018-12078 (The mintToken function of a smart contract implementation for PolyAI ( ...)
	NOT-FOR-US: PolyAI
CVE-2018-12077
	RESERVED
CVE-2018-12076 (A vulnerability in the UPC bar code of the Avanti Markets MarketCard c ...)
	NOT-FOR-US: Avanti Markets MarketCard
CVE-2018-12075
	RESERVED
CVE-2018-12074
	RESERVED
CVE-2018-12073 (An issue was discovered on Eminent EM4544 9.10 devices. The device doe ...)
	NOT-FOR-US: Eminent EM4544 9.10 devices
CVE-2018-12072 (An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-P ...)
	NOT-FOR-US: Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware
CVE-2018-12071 (A Session Fixation issue exists in CodeIgniter before 3.1.9 because se ...)
	- codeigniter <itp> (bug #471583)
CVE-2018-12070 (The sell function of a smart contract implementation for SEC, a tradab ...)
	NOT-FOR-US: SEC
CVE-2018-12069
	RESERVED
CVE-2018-12068 (The sell function of a smart contract implementation for Target Coin ( ...)
	NOT-FOR-US: Target Coin
CVE-2018-12067 (The sell function of a smart contract implementation for Substratum (S ...)
	NOT-FOR-US: Substratum
CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.php in C ...)
	NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...)
	NOT-FOR-US: tinyexr
CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...)
	NOT-FOR-US: Internet Node Token
CVE-2018-12062 (The sell function of a smart contract implementation for SwftCoin (SWF ...)
	NOT-FOR-US: SwfCoin
CVE-2018-12061
	RESERVED
CVE-2018-12060
	RESERVED
CVE-2018-12059
	RESERVED
CVE-2018-12058
	RESERVED
CVE-2018-12057
	RESERVED
CVE-2018-12056 (The maxRandom function of a smart contract implementation for All For  ...)
	NOT-FOR-US: smart contract implementation for All For One
CVE-2018-12055 (Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Manage ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12054 (Arbitrary File Read exists in PHP Scripts Mall Schools Alert Managemen ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12053 (Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Manag ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12052 (SQL Injection exists in PHP Scripts Mall Schools Alert Management Scri ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12051 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts M ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12050
	RESERVED
CVE-2018-13346 (The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorr ...)
	{DLA-1414-1}
	- mercurial 4.6.1-1 (bug #901050)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635
CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition and sub ...)
	{DLA-1414-1}
	- mercurial 4.6.1-1 (bug #901050)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
	NOTE: there are actually 6 more patches required to completely fix bug #901050,
	NOTE: see https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
	NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined behavior
	NOTE: cases which the 6 patches fix
CVE-2018-13348 (The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 misha ...)
	{DLA-1414-1}
	- mercurial 4.6.1-1 (bug #901050)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
CVE-2018-12049 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...)
	NOT-FOR-US: Canon
CVE-2018-12048 (** DISPUTED ** A remote attacker can bypass the Management Mode on the ...)
	NOT-FOR-US: Canon
CVE-2018-12047 (xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters ...)
	NOT-FOR-US: Ximdex
CVE-2018-12046 (DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage ...)
	NOT-FOR-US: DedeCMS
CVE-2018-12045 (DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_mana ...)
	NOT-FOR-US: DedeCMS
CVE-2018-12044
	RESERVED
CVE-2018-12043 (content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the  ...)
	NOT-FOR-US: Symphony CMS
CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the php/downlo ...)
	NOT-FOR-US: Roxy Fileman
CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB adapter ...)
	NOT-FOR-US: MediaTek
CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in t ...)
	- symfony 3.4.12+dfsg-1 (unimportant)
	NOTE: https://github.com/symfony/symfony/issues/28002
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-12038 (An issue was discovered on Samsung 840 EVO devices. Vendor-specific co ...)
	NOT-FOR-US: Samsung 840 EVO devices
CVE-2018-12037 (An issue was discovered on Samsung 840 EVO and 850 EVO devices (only i ...)
	NOT-FOR-US: Samsung
CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write to arbit ...)
	NOT-FOR-US: OWASP Dependency-Check
CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule fil ...)
	- yara 3.7.1-3 (low)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/891
CVE-2018-12034 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule fil ...)
	- yara 3.7.1-3 (low)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/891
CVE-2018-12033
	RESERVED
CVE-2018-12032
	RESERVED
CVE-2018-12031 (Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an ...)
	NOT-FOR-US: Eaton Intelligent Power Manager
CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
	NOT-FOR-US: Chevereto Free
CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through  ...)
	{DLA-1399-1}
	- passenger 5.0.30-1.1 (bug #921767; unimportant)
	[stretch] - passenger 5.0.30-1+deb9u1
	- ruby-passenger <removed> (unimportant)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
	NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)
	NOTE: unimportant as nginx module not built.
	NOTE: Related hardening commits:
	NOTE: https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)
	NOTE: https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)
	NOTE: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion Pa ...)
	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
CVE-2018-12027 (An Insecure Permissions vulnerability in SpawningKit in Phusion Passen ...)
	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
CVE-2018-12026 (During the spawning of a malicious Passenger-managed application, Spaw ...)
	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
CVE-2018-12025 (The transferFrom function of a smart contract implementation for Futur ...)
	NOT-FOR-US: FuturXE
CVE-2018-12024
	RESERVED
CVE-2018-12023 (An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2058
	NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
CVE-2018-12022 (An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2052
	NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect access con ...)
	- singularity-container 2.5.2-1
	NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2
CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...)
	{DSA-4224-1 DSA-4223-1 DSA-4222-1}
	- enigmail 2:2.0.7-1
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	- gnupg2 2.2.8-1
	- gnupg1 1.4.22-5 (bug #901088)
	- gnupg <removed>
	NOTE: https://dev.gnupg.org/T4012
	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=210e402acd3e284b32db1901e43bf1470e659e49 (STABLE-BRANCH-2-2)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
	NOTE: https://neopg.io/blog/gpg-signature-spoof/
CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
	- enigmail 2:2.0.7-1
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
	NOTE: https://neopg.io/blog/enigmail-signature-spoof/
CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in G ...)
	NOT-FOR-US: Go Ethereum
CVE-2018-12017
	RESERVED
CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ...)
	- epiphany-browser 3.28.3.1-1 (unimportant; bug #901018)
	NOTE: webkit not covered by security support
CVE-2018-12014 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12013 (Improper authentication in locked memory region can lead to unprivilge ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12012 (While updating blacklisting region shared buffered memory region is no ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12009
	RESERVED
CVE-2018-12008
	RESERVED
CVE-2018-12007
	RESERVED
CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system halt i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12004 (Secure keypad is unlocked with secure display still intact in Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12003
	RESERVED
CVE-2018-12002
	RESERVED
CVE-2018-12001
	RESERVED
CVE-2018-12000
	RESERVED
CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11997
	RESERVED
CVE-2018-11996 (When a malformed command is sent to the device programmer, an out-of-b ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access HL ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT connecti ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11992
	RESERVED
CVE-2018-11991
	RESERVED
CVE-2018-11990
	RESERVED
CVE-2018-11989
	REJECTED
CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	- linux <not-affected> (Vulnerable code path not present)
	NOTE: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=5e9ffcfa152ecb2832990c42fcd8a0f2e63c2c04
	NOTE: https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin#_CVE-2018-11987
	NOTE: ion not enabled in Debian build and in staging anyway
CVE-2018-11986 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11985 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11984 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11983 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MD ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11981
	RESERVED
CVE-2018-11980 (When a fake broadcast/multicast 11w rmf without mmie received, since n ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11979
	RESERVED
CVE-2018-11978
	REJECTED
CVE-2018-11977
	REJECTED
CVE-2018-11976 (ECDSA signature code leaks private keys from secure world to non-secur ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11975
	REJECTED
CVE-2018-11974
	REJECTED
CVE-2018-11973
	REJECTED
CVE-2018-11972
	REJECTED
CVE-2018-11971 (Interrupt exit code flow may undermine access control policy set forth ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
	REJECTED
CVE-2018-11968 (Improper check before assigning value can lead to integer overflow in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11967 (Signature verification of the skel library could potentially be disabl ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11966 (Undefined behavior in UE while processing unknown IEI in OTA message i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11964 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11962 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11959
	REJECTED
CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
	RESERVED
CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android
CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11954
	RESERVED
CVE-2018-11953 (While processing ssid IE length from remote AP, possible out-of-bounds ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11952
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11951 (Improper access control in core module lead XBL_LOADER performs the ZI ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in Snapdr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11949 (Failure to initialize the extra buffer can lead to an out of buffer ac ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the informati ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11947 (The txrx stats req might be double freed in the pdev detach when the h ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11945 (Improper input validation in wireless service messaging module for dat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11944
	RESERVED
CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11941
	REJECTED
CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function can lead  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan requests at  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11937 (Lack of input validation before copying can lead to a buffer over read ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11936 (Index of array is processed in a wrong way inside a while loop and res ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11934 (Possible out of bounds write due to improper input validation while pr ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11933
	REJECTED
CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11930 (Improper input validation on input data which is used to locate and co ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11929 (Lack of input validation in WLAN function can lead to potential heap o ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow while proc ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11926
	RESERVED
CVE-2018-11925 (Data length received from firmware is not validated against the max al ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a poten ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11923 (Improper buffer length check before copying can lead to integer overfl ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11922
	RESERVED
CVE-2018-11921 (Failure condition is not handled properly and the correct error code i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11920
	RESERVED
CVE-2018-11919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11918 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11917
	RESERVED
CVE-2018-11916
	RESERVED
CVE-2018-11915
	RESERVED
CVE-2018-11914 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11913 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11912 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11911 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11907 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11905 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11904 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11902 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11901
	RESERVED
CVE-2018-11900
	RESERVED
CVE-2018-11899 (While processing radio connection status change events, Radio index is ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11896
	RESERVED
CVE-2018-11895 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11893 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11892
	REJECTED
CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11890
	RESERVED
CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto Services TA wil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11887
	RESERVED
CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11885
	RESERVED
CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ne ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite in WLAN c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11881
	RESERVED
CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite in WLAN f ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11879 (When the buffer length passed is very large, bounds check could be byp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11878 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11877 (When the buffer length passed is very large in WLAN, bounds check coul ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11876 (Lack of input validation while copying to buffer in WLAN will lead to  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11875 (Lack of check of buffer size before copying in a WLAN function can lea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11874 (Buffer overflow if the length of passphrase is more than 32 when setti ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11873 (Improper input validation leads to buffer overwrite in the WLAN functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11872 (Improper input validation leads to buffer overwrite in the WLAN functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11871 (Buffer overwrite can happen in WLAN function while processing set pdev ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11870 (Buffer overwrite can occur when the legacy rates count received from t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11869 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11868 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11867 (Lack of buffer length check before copying in WLAN function while proc ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal struc ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11865 (Integer overflow may happen when calculating an internal structure siz ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11864 (Bytes can be written to fuses from Secure region which can be read lat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11862 (Buffer overflow can happen in WLAN module due to lack of validation of ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11861 (Buffer overflow can happen in WLAN function due to lack of validation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11860 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11859 (Buffer overwrite can happen in WLAN due to lack of validation of the i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11858 (When processing IE set command, buffer overwrite may occur due to lack ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11857 (Improper input validation in WLAN encrypt/decrypt module can lead to a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11856 (Improper input validation leads to buffer overwrite in the WLAN functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11855 (If an end user makes use of SCP11 sample OCE code without modification ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11854 (Lack of check of valid length of input parameter may cause buffer over ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11853 (Lack of check on out of range for channels When processing channel lis ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11852 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11851 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11850 (Lack of check on remaining length parameter When processing scan start ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing scan  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11848
	RESERVED
CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by corru ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to informatio ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11844
	RESERVED
CVE-2018-11843 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11842 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11841
	RESERVED
CVE-2018-11840 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11839
	RESERVED
CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11837
	RESERVED
CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11835
	RESERVED
CVE-2018-11834
	RESERVED
CVE-2018-11833
	RESERVED
CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11831
	RESERVED
CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11829
	RESERVED
CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11826 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11825
	REJECTED
CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine in Snapd ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11823 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory allocatio ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that lea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11819 (Use after issue in WLAN function due to multiple ACS scan requests at  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11817
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11816
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11815
	RESERVED
CVE-2018-12066 (BIRD Internet Routing Daemon before 1.6.4 allows local users to cause  ...)
	- bird 1.6.4-1 (low; bug #900967)
	[stretch] - bird <no-dsa> (Minor issue)
	[jessie] - bird <no-dsa> (Minor issue)
	NOTE: https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11
	NOTE: Fixed by: https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d
CVE-2018-1002209 (QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing att ...)
	- libquazip 0.7.6-1 (bug #902786)
	[stretch] - libquazip <no-dsa> (Minor issue)
	[jessie] - libquazip <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011
CVE-2018-1002204 (adm-zip npm library before 0.4.9 is vulnerable to directory traversal, ...)
	NOT-FOR-US: adm-zip nodejs module
CVE-2018-1002202 (zip4j before 1.3.3 is vulnerable to directory traversal, allowing atta ...)
	- zip4j <not-affected> (Fixed before initial upload to the archive)
CVE-2018-1002201 (zt-zip before 1.13 is vulnerable to directory traversal, allowing atta ...)
	NOT-FOR-US: zt-zip
CVE-2018-1002200 (plexus-archiver before 3.6.0 is vulnerable to directory traversal, all ...)
	{DSA-4227-1}
	- plexus-archiver 3.6.0-1 (bug #900953)
	NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87
	NOTE: https://github.com/codehaus-plexus/plexus-archiver/commit/58bc24e465c0842981692adbf6d75680298989de
CVE-2018-1000204 (** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles a ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	NOTE: Fixed by: https://git.kernel.org/linus/a45b599ad808c3c982fdcdc12b0b8611c2f92824
CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21 ...)
	NOT-FOR-US: Soar Labs Soar Coin
CVE-2018-11814
	RESERVED
CVE-2018-11813 (libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...)
	- libjpeg9 1:9d-1 (unimportant; bug #904719)
	- libjpeg-turbo <unfixed> (unimportant)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499
	NOTE: Infinite loop in CLI tool, no security impact
CVE-2018-11812
	RESERVED
CVE-2018-11811
	RESERVED
CVE-2018-11810
	RESERVED
CVE-2018-11809
	RESERVED
CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngi ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-11807
	RESERVED
CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via inc ...)
	{DSA-4454-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-1 (bug #901017)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=864036e251f54c99d31df124aad7f34f01f5344c
CVE-2018-1000202 (A persisted cross-site scripting vulnerability exists in Jenkins Groov ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000198 (A XML external entity processing vulnerability exists in Jenkins Black ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins Black Duck H ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000195 (A server-side request forgery vulnerability exists in Jenkins 2.120 an ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and older, LTS  ...)
	NOT-FOR-US: Jenkins
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...)
	NOT-FOR-US: Jenkins
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...)
	{DSA-4226-1}
	- perl 5.26.2-6 (bug #900834)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=125523
	NOTE: https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
CVE-2018-1000192 (A information exposure vulnerability exists in Jenkins 2.120 and older ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000191 (A exposure of sensitive information vulnerability exists in Jenkins Bl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000190 (A exposure of sensitive information vulnerability exists in Jenkins Bl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000189 (A command execution vulnerability exists in Jenkins Absint Astree Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000188 (A server-side request forgery vulnerability exists in Jenkins CAS Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000187 (A exposure of sensitive information vulnerability exists in Jenkins Ku ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000186 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000185 (A server-side request forgery vulnerability exists in Jenkins GitHub B ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000184 (A server-side request forgery vulnerability exists in Jenkins GitHub P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2019-19920 (sa-exim 4.2.1 allows attackers to execute arbitrary code if they can w ...)
	{DLA-2062-1}
	- sa-exim 4.2.1-19 (bug #947198)
	[buster] - sa-exim <no-dsa> (Minor issue; can be fixed via point release)
	[stretch] - sa-exim <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugs.debian.org/946829#24
	NOTE: https://marc.info/?l=spamassassin-users&m=157668107325768&w=2
	NOTE: https://marc.info/?l=spamassassin-users&m=157668305026635&w=2
	NOTE: The issue is "effectively" mitigating due to the CVE-2018-11805 fix in
	NOTE: spamassassin, making the Greylisting.pm non-functional (and so a functional
	NOTE: regression as well as tracked in #946829). The security implications are
	NOTE: as well documented in /usr/share/doc/sa-exim/README.greylisting.gz
CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be configu ...)
	{DSA-4584-1 DLA-2037-1}
	- spamassassin 3.4.3~rc6-1 (bug #946652)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/1
	NOTE: https://markmail.org/message/pyp425yrulfxyhrn
	NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (not public)
CVE-2018-11804 (Spark's Apache Maven-based build includes a convenience script, 'build ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-11803 (Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10. ...)
	- subversion 1.10.4-1
	[stretch] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
	[jessie] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
	NOTE: https://subversion.apache.org/security/CVE-2018-11803-advisory.txt
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/1
CVE-2018-11802 (In Apache Solr, the cluster can be partitioned into multiple collectio ...)
	- lucene-solr <not-affected> (Vulnerable code is not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-12514
	NOTE: Issue introduced around: https://github.com/apache/lucene-solr/commit/56e88400aefbeb7f1821cbd10a2997cde018df97 (4.2.0)
	NOTE: Fixed by: https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895 (releases/lucene-solr/6.6.6)
CVE-2018-11801 (SQL injection vulnerability in Apache Fineract before 1.3.0 allows att ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-11800 (SQL injection vulnerability in Apache Fineract before 1.3.0 allows att ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-11799 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0  ...)
	NOT-FOR-US: Apache Oozie
CVE-2018-11798 (The Apache Thrift Node.js static web server in versions 0.9.2 through  ...)
	- thrift 0.11.0-4 (unimportant; bug #918734)
	NOTE: https://issues.apache.org/jira/browse/THRIFT-4647
	NOTE: https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
	NOTE: src:thrift in Debian configured with --without-nodejs
CVE-2018-11797 (In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully c ...)
	{DLA-1547-1}
	- libpdfbox-java 1:1.8.16-1 (bug #910390)
	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
	- libpdfbox2-java 2.0.12-1 (bug #910391)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/05/4
	NOTE: https://svn.apache.org/r1842131 (branch 2.0)
	NOTE: https://svn.apache.org/r1842278 (branch 1.8)
CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion lim ...)
	- tika <not-affected> (Incomplete fix for CVE-2018-11761 not applied)
	NOTE: https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
	NOTE: https://issues.apache.org/jira/projects/TIKA/issues/TIKA-2727
	NOTE: https://github.com/apache/tika/commit/86d4ba1e
CVE-2018-11795
	REJECTED
CVE-2018-11794
	REJECTED
CVE-2018-11793 (When parsing a JSON payload with deeply nested JSON structures, the pa ...)
	- apache-mesos <itp> (bug #760315)
CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER  ...)
	NOT-FOR-US: Apache Impala
CVE-2018-11791
	REJECTED
CVE-2018-11790 (When loading a document with Apache Open Office 4.1.5 and earlier with ...)
	- libreoffice 1:4.0.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/16/2
	NOTE: https://github.com/LibreOffice/core/commit/bbc94edb9a91b27910d43610db9994df10dd99e1
CVE-2018-11789 (When accessing the heron-ui webpage, people can modify the file paths  ...)
	NOT-FOR-US: Apache Heron
CVE-2018-11788 (Apache Karaf provides a features deployer, which allows users to "hot  ...)
	- apache-karaf <itp> (bug #881297)
CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webcons ...)
	- apache-karaf <itp> (bug #881297)
CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf i ...)
	- apache-karaf <itp> (bug #881297)
CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1 allows a Ker ...)
	NOT-FOR-US: Apache Impala
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
	{DSA-4596-1 DLA-1545-1 DLA-1544-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.34-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: Fixed upstream in 9.0.12, 8.5.34, 7.0.91
	NOTE: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
	NOTE: https://svn.apache.org/r1840055 (9.0.x)
	NOTE: https://svn.apache.org/r1840056 (8.5.x)
	NOTE: https://svn.apache.org/r1840057 (7.0.x)
CVE-2018-11783 (sslheaders plugin extracts information from the client certificate and ...)
	- trafficserver 8.0.2+ds-1
	NOTE: https://github.com/apache/trafficserver/pull/4701
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/13/6
CVE-2018-11782 (In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12 ...)
	{DSA-4490-1 DLA-1903-1}
	- subversion 1.10.6-1
	NOTE: https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in the met ...)
	{DLA-1578-1}
	- spamassassin 3.4.2-1 (bug #908971)
	[stretch] - spamassassin 3.4.2-1~deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2018-11780 (A potential Remote Code Execution bug exists with the PDFInfo plugin i ...)
	{DLA-1578-1}
	- spamassassin 3.4.2-1 (bug #908970)
	[stretch] - spamassassin 3.4.2-1~deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2018-11779 (In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the st ...)
	NOT-FOR-US: Apache Storm
CVE-2018-11778 (UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correc ...)
	NOT-FOR-US: Apache Ranger
CVE-2018-11777 (In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer ...)
	NOT-FOR-US: Apache Hive
CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from pos ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...)
	- activemq 5.15.6-1 (low; bug #908950)
	[stretch] - activemq <no-dsa> (Minor issue)
	[jessie] - activemq <no-dsa> (Minor issue)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb
	NOTE: Fixed in 5.15.6
CVE-2018-11774 (Apache VCL versions 2.1 through 2.5 do not properly validate form inpu ...)
	NOT-FOR-US: Apache VCL
CVE-2018-11773 (Apache VCL versions 2.1 through 2.5 do not properly validate form inpu ...)
	NOT-FOR-US: Apache VCL
CVE-2018-11772 (Apache VCL versions 2.1 through 2.5 do not properly validate cookie in ...)
	NOT-FOR-US: Apache VCL
CVE-2018-11771 (When reading a specially crafted ZIP archive, the read method of Apach ...)
	- libcommons-compress-java 1.18-1 (bug #906301)
	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
	[jessie] - libcommons-compress-java <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/16/2
CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master exposes a  ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database s ...)
	- couchdb <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/08/2
CVE-2018-11768 (In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS b ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11765
	RESERVED
CVE-2018-11764
	RESERVED
CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...)
	- apache2 2.4.35-1 (bug #909591)
	[stretch] - apache2 2.4.25-3+deb9u6
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-11763
CVE-2018-11762 (In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not  ...)
	- tika 1.20-1
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/5
CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured to lim ...)
	- tika 1.20-1
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
	NOTE: When fixing this issue the fix needs to be made complete to not open
	NOTE: CVE-2018-11796. The full fix is only in 1.19.1 onwards.
CVE-2018-11760 (When using PySpark , it's possible for a different local user to conne ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised the reques ...)
	{DSA-4357-1 DLA-1609-1}
	- libapache-mod-jk 1:1.2.46-1
	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46
	NOTE: https://www.immunit.ch/blog/2018/11/01/cve-2018-11759-apache-mod_jk-access-bypass/
CVE-2018-11758 (This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1,  ...)
	NOT-FOR-US: Apache Cayenne
CVE-2018-11757 (In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inher ...)
	NOT-FOR-US: Docker Skeleton Runtime for Apache OpenWhisk
CVE-2018-11756 (In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of ...)
	NOT-FOR-US: PHP Runtime for Apache OpenWhisk
CVE-2018-11755
	RESERVED
CVE-2018-11754
	RESERVED
CVE-2018-11753
	RESERVED
CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
	NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
	- puppet <unfixed> (bug #952925)
	[buster] - puppet <no-dsa> (Minor issue)
	[stretch] - puppet <no-dsa> (Minor issue)
	[jessie] - puppet <ignored> (Patch too invasive to backport, minor issue)
	NOTE: https://puppet.com/security/cve/CVE-2018-11751/
	NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
	NOTE: https://github.com/puppetlabs/puppet/commit/b49c11b6425738441d6f33285d2630fa434a123e
CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...)
	NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at login tim ...)
	- puppet <not-affected> (RBAC is specific to Puppet Enterprise)
CVE-2018-11748 (Previous releases of the Puppet device_manager module creates configur ...)
	NOT-FOR-US: Puppet device_manager module
CVE-2018-11747 (Previously, Puppet Discovery was shipped with a default generated TLS  ...)
	NOT-FOR-US: Puppet Discovery
CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery against Win ...)
	NOT-FOR-US: Puppet Discovery
CVE-2018-11745
	RESERVED
CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...)
	NOT-FOR-US: Cloudera
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...)
	- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
	NOTE: https://github.com/mruby/mruby/issues/4027
CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Sto ...)
	NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session ID ...)
	NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from r ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[buster] - sleuthkit <no-dsa> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from re ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[buster] - sleuthkit <no-dsa> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[buster] - sleuthkit <no-dsa> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[buster] - sleuthkit <no-dsa> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can  ...)
	- ruby-ffi <not-affected> (Windows-specific)
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.p ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or  ...)
	NOT-FOR-US: Ximdex
CVE-2018-11734 (In e107 v2.1.7, output without filtering results in XSS. ...)
	NOT-FOR-US: e107
CVE-2018-11733
	RESERVED
CVE-2018-11732
	RESERVED
CVE-2018-11731 (** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in lib ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11730 (** DISPUTED ** The libfsntfs_security_descriptor_values_free function  ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11729 (** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsnt ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11728 (** DISPUTED ** The libfsntfs_reparse_point_values_read_data function i ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfs ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows ...)
	NOT-FOR-US: Libmobi
CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...)
	NOT-FOR-US: Libmobi
CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...)
	NOT-FOR-US: Libmobi
CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff ...)
	- libpff 20180714-1 (low; bug #901967)
	[stretch] - libpff <no-dsa> (Minor issue)
	[jessie] - libpff <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/15
	NOTE: https://github.com/libyal/libpff/issues/64
	NOTE: https://github.com/libyal/libpff/commit/7b92bcace7e743cc9417e3cc3e4eee29abb70cf5
CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' param ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11721
	RESERVED
CVE-2018-11720 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Travers ...)
	NOT-FOR-US: Xovis
CVE-2018-11719 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. ...)
	NOT-FOR-US: Xovis
CVE-2018-11718 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. ...)
	NOT-FOR-US: Xovis
CVE-2017-18286 (nZEDb v0.7.3.3 has XSS in the 404 error page. ...)
	NOT-FOR-US: nZEDb
CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES i ...)
	- bouncycastle 1.56-1
	[jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated by using a different mode than ECB)
	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
CVE-2016-1000346 (In the Bouncy Castle JCE Provider version 1.55 and earlier the other p ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
CVE-2016-1000345 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/E ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
CVE-2016-1000344 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES i ...)
	- bouncycastle 1.56-1
	[jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated by using a different mode than ECB)
	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
CVE-2018-11717 (An issue was discovered in Zoho ManageEngine Desktop Central before 10 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-11716 (An issue was discovered in Zoho ManageEngine Desktop Central before 10 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-11715 (The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread  ...)
	NOT-FOR-US: Recent Threads plugin for MyBB
CVE-2018-11714 (An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0 ...)
	NOT-FOR-US: TP-Link
CVE-2018-11713 (WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=126384
	NOTE: https://trac.webkit.org/changeset/228088/webkit
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11712 (WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=184804
	NOTE: https://trac.webkit.org/changeset/230886/webkit
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11711 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...)
	NOT-FOR-US: Canon MF210 and MF220 web interface
CVE-2018-11710 (soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers  ...)
	- libopenmpt 0.3.9-1
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150
CVE-2018-11709 (wpforo_get_request_uri in wpf-includes/functions.php in the wpForo For ...)
	NOT-FOR-US: wpForo Forum plugin for WordPress
CVE-2018-11708
	RESERVED
CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1,  ...)
	- kubernetes <not-affected> (Vulnerable code introduced later; Windows specific)
	NOTE: https://github.com/kubernetes/kubernetes/issues/65750
CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
CVE-2016-1000342 (In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does  ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
CVE-2016-1000341 (In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signatu ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
CVE-2016-1000340 (In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propa ...)
	- bouncycastle 1.56-1
	[jessie] - bouncycastle <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
CVE-2016-1000339 (In the Bouncy Castle JCE Provider version 1.55 and earlier the primary ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
	NOTE: https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
CVE-2018-11707 (FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x00 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11706 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11705 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11704 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11703 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11702 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11701 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11700
	RESERVED
CVE-2018-11699
	RESERVED
CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
	- libsass <unfixed>
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2662
CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
	- libsass <unfixed>
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2656
	NOTE: https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef
CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...)
	- libsass 3.5.5-1
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2665
	NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4
CVE-2018-11695 (An issue was discovered in LibSass through 3.5.2. A NULL pointer deref ...)
	- libsass 3.5.4-1 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2664
	NOTE: https://github.com/sass/libsass/commit/0bc35e3d26922229d5a3e3308860cf0fcee5d1cf (master)
	NOTE: https://github.com/sass/libsass/commit/e3512120403dc7863a38bf2f122e7523593718ad (3.5.3)
CVE-2018-11694 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...)
	- libsass <unfixed> (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2663
	NOTE: https://github.com/sass/libsass/commit/280ffd8c692cc24199b678f38fc796825d7df4a1
	NOTE: https://github.com/sass/libsass/commit/c93f0581c6b7794d8c1d5637c5c4dabd591b1d57
CVE-2018-11693 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
	- libsass 3.5.4+20180621~c0a6cf3-1 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2661
	NOTE: https://github.com/sass/libsass/commit/c0a6cf39dea9b2522a08d61b731bc72dfb362584 (3.5.5)
	NOTE: https://github.com/sass/libsass/commit/b3374e3fd1a0c3658644d2bad24e4a0ff2e0dcea (master)
CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3 ...)
	NOT-FOR-US: Canon devices
CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application, available in v ...)
	NOT-FOR-US: Emerson devices
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for  ...)
	NOT-FOR-US: Balbooa Gridbox extension for Joomla!
CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...)
	NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR
CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scri ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart contract  ...)
	NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR)
CVE-2018-11686 (The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allow ...)
	NOT-FOR-US: FlexPaper (later renamed FlowPaper)
CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compi ...)
	- liblouis 3.5.0-3
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/593
	NOTE: https://github.com/liblouis/liblouis/commit/b5049cb17ae3d15b2b26890de0e24d0fecc080f5
CVE-2018-11684 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function inclu ...)
	- liblouis 3.5.0-3
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/592
	NOTE: https://github.com/liblouis/liblouis/commit/fb2bfce4ed49ac4656a8f7e5b5526e4838da1dde
CVE-2018-11683 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parse ...)
	- liblouis 3.5.0-3
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/591
	NOTE: https://github.com/liblouis/liblouis/commit/e7eee2b7926668360a0d8e2abee6c35a00ebce3c
	NOTE: https://github.com/liblouis/liblouis/commit/d4fc803687e38a5355fb686bf98cc082951f3043
CVE-2017-18285 (The Gentoo app-backup/burp package before 2.1.32 has incorrect group o ...)
	- burp <not-affected> (/etc/burp is owned by root:root in Debian)
CVE-2017-18284 (The Gentoo app-backup/burp package before 2.1.32 sets the ownership of ...)
	- burp <not-affected> (Debian package uses /var/run for the PID file)
CVE-2018-11682 (** DISPUTED ** Default and unremovable support credentials allow attac ...)
	NOT-FOR-US: products using the Stanza Lutron integration protocol
CVE-2018-11681 (** DISPUTED ** Default and unremovable support credentials (user:nwk p ...)
	NOT-FOR-US: products using the RadioRA 2 Lutron integration protocol
CVE-2018-11680 (An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulne ...)
	NOT-FOR-US: CmsEasy
CVE-2018-11679 (An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulne ...)
	NOT-FOR-US: CmsEasy
CVE-2018-11678 (plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login R ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11677
	RESERVED
CVE-2018-11676
	RESERVED
CVE-2018-11675
	REJECTED
CVE-2018-11674
	RESERVED
CVE-2018-11673
	RESERVED
CVE-2018-11672
	RESERVED
CVE-2018-11671 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
	NOT-FOR-US: GreenCMS
CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
	NOT-FOR-US: GreenCMS
CVE-2018-11669
	RESERVED
CVE-2018-11668
	RESERVED
CVE-2018-11667
	RESERVED
CVE-2018-11666
	RESERVED
CVE-2018-11665
	RESERVED
CVE-2018-11664
	RESERVED
CVE-2018-11663
	RESERVED
CVE-2018-11662
	RESERVED
CVE-2018-11661
	RESERVED
CVE-2018-11660
	RESERVED
CVE-2018-11659
	RESERVED
CVE-2018-11658
	RESERVED
CVE-2018-11657 (ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg ...)
	NOT-FOR-US: ngiflib
CVE-2018-11656 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/931
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4da2cd650532ffd18fa11578fc2ec7c2467727bb
CVE-2018-11655 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/930
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7414b7322201a9c8a5cacf563f08468c329b4b1
CVE-2018-11654 (Information disclosure in Netwave IP camera at get_status.cgi (via HTT ...)
	NOT-FOR-US: Netwave IP camera
CVE-2018-11653 (Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (vi ...)
	NOT-FOR-US: Netwave IP camera
CVE-2018-11652 (CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote a ...)
	- nikto 1:2.1.5-3 (bug #900608)
	[stretch] - nikto <no-dsa> (non-free not supported)
	[jessie] - nikto <no-dsa> (non-free not supported)
	NOTE: https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7
CVE-2018-11651 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
	- graylog2 <itp> (bug #652273)
CVE-2018-11650 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
	- graylog2 <itp> (bug #652273)
CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters. ...)
	NOT-FOR-US: Hue
CVE-2018-11648
	RESERVED
CVE-2018-11647 (index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. ...)
	NOT-FOR-US: oauth2orize-fprm
CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIco ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=186164
	NOTE: Was found while investigting CVE-2018-11396 in epiphany, cf.
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795740 but is a
	NOTE: different issue.
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status c ...)
	{DSA-4336-1 DLA-1504-1}
	- ghostscript 9.21~dfsg-1 (low)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1)
CVE-2018-11644
	RESERVED
CVE-2018-11643 (SQL injection vulnerability in the administrative console in Dialogic  ...)
	NOT-FOR-US: Dialogic
CVE-2018-11642 (Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell  ...)
	NOT-FOR-US: Dialogic
CVE-2018-11641 (Use of Hard-coded Credentials in /var/www/xms/application/controllers/ ...)
	NOT-FOR-US: Dialogic
CVE-2018-11640 (XML External Entity (XXE) vulnerability in the web service in Dialogic ...)
	NOT-FOR-US: Dialogic
CVE-2018-11639 (Plaintext Storage of Passwords within Cookies in /var/www/xms/applicat ...)
	NOT-FOR-US: Dialogic
CVE-2018-11638 (Unrestricted Upload of a File with a Dangerous Type in the administrat ...)
	NOT-FOR-US: Dialogic
CVE-2018-11637 (Information leakage vulnerability in the administrative console in Dia ...)
	NOT-FOR-US: Dialogic
CVE-2018-11636 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: Dialogic
CVE-2018-11635 (Use of a Hard-coded Cryptographic Key used to protect cookie session d ...)
	NOT-FOR-US: Dialogic
CVE-2018-11634 (Plaintext Storage of Passwords in the administrative console in Dialog ...)
	NOT-FOR-US: Dialogic
CVE-2018-11633 (An issue was discovered in the MULTIDOTS Woo Checkout for Digital Good ...)
	NOT-FOR-US: MULTIDOTS Woo Checkout for Digital Goods plugin for WordPress
CVE-2018-11632 (An issue was discovered in the MULTIDOTS Add Social Share Messenger Bu ...)
	NOT-FOR-US: MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin for WordPress
CVE-2018-11631 (Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to s ...)
	NOT-FOR-US: Rondaful M1 Wristband Smart Band 1 devices
CVE-2018-11630
	RESERVED
CVE-2018-11629 (** DISPUTED ** Default and unremovable support credentials (user:lutro ...)
	NOT-FOR-US: products using the HomeWorks QS Lutron integration protocol
CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via URL par ...)
	NOT-FOR-US: EMS Master Calendar
CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs  ...)
	- ruby-sinatra <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/sinatra/sinatra/issues/1428
	NOTE: Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44
	NOTE: Fixed by: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
	NOT-FOR-US: SELA
CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5294966898532a6bd54699fbf04edf18902513ac
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/406ebfe09b62858b17ab3ee11f67171d43d9a76e
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1156
CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/172d82afe89d3499ef0cab06dc58d380cc1ab946
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1149
CVE-2018-11623 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11622 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11621 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11618 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11616 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Tencent Foxmail
CVE-2018-11615 (This vulnerability allows remote attackers to deny service on vulnerab ...)
	NOT-FOR-US: mosca
CVE-2018-11614 (This vulnerability allows remote attackers to escalate privileges on v ...)
	NOT-FOR-US: Samsung Members Fixed
CVE-2018-11613
	RESERVED
CVE-2018-11612
	RESERVED
CVE-2018-11611
	RESERVED
CVE-2018-11610
	RESERVED
CVE-2018-11609
	RESERVED
CVE-2018-11608
	RESERVED
CVE-2018-11607
	RESERVED
CVE-2018-11606
	RESERVED
CVE-2018-11605
	RESERVED
CVE-2018-11604
	RESERVED
CVE-2018-11603
	RESERVED
CVE-2018-11602
	RESERVED
CVE-2018-11601
	RESERVED
CVE-2018-11600
	RESERVED
CVE-2018-11599
	RESERVED
CVE-2018-11598 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11597 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11596 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11595 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11594 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11593 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11592 (Espruino before 1.98 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11591 (Espruino before 1.98 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11589 (Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Cen ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-11588 (Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authe ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-11587 (There is Remote Code Execution in Centreon 3.4.6 including Centreon We ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in SearchBl ...)
	NOT-FOR-US: SearchBlox
CVE-2018-11585
	RESERVED
CVE-2018-11584
	RESERVED
CVE-2018-11583 (SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parame ...)
	NOT-FOR-US: SeaCMS
CVE-2018-11582
	RESERVED
CVE-2018-11581 (Cross-site scripting (XSS) vulnerability on Brother HL series printers ...)
	NOT-FOR-US: Brother HL-L2340D and HL-L2380DW series printers
CVE-2018-11580 (An issue was discovered in mass-pages-posts-creator.php in the MULTIDO ...)
	NOT-FOR-US: MULTIDOTS Mass Pages/Posts Creator plugin for WordPress
CVE-2018-11579 (class-woo-banner-management.php in the MULTIDOTS WooCommerce Category  ...)
	NOT-FOR-US: MULTIDOTS WooCommerce Category Banner Management plugin for WordPress
CVE-2018-11578 (GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segment ...)
	NOT-FOR-US: ngiflib
CVE-2018-11577 (Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. ...)
	- liblouis 3.5.0-3 (bug #900607)
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/582
CVE-2018-11576 (ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in ...)
	NOT-FOR-US: ngiflib
CVE-2018-11575 (ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in ...)
	NOT-FOR-US: ngiflib
CVE-2018-11574 (Improper input validation together with an integer overflow in the EAP ...)
	- ppp 2.4.7-2+3
	[stretch] - ppp <not-affected> (Vulnerable code introduced later)
	[jessie] - ppp <not-affected> (Vulnerable code introduced later)
	[wheezy] - ppp <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/11/1
	NOTE: https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.101.patch
CVE-2018-11573
	RESERVED
CVE-2018-11572 (ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -&gt ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-11570
	RESERVED
CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deseri ...)
	NOT-FOR-US: Eventum
CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for W ...)
	NOT-FOR-US: GamePlan theme for WordPress
CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Ech ...)
	NOT-FOR-US: Amazon Echo devices
CVE-2018-11566
	RESERVED
CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before  ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/mahara/+bug/1772774
CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upl ...)
	NOT-FOR-US: Pagekit CMS
CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
	{DLA-1877-1}
	- otrs2 6.0.8-1
	[stretch] - otrs2 <no-dsa> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
	NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f
CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...)
	NOT-FOR-US: MISP
CVE-2018-11561 (An integer overflow in the unprotected distributeToken function of a s ...)
	NOT-FOR-US: smart contract implementation for EETHER (EETHER)
CVE-2018-11560 (The webService binary on Insteon HD IP Camera White 2864-222 devices h ...)
	NOT-FOR-US: Insteon
CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" n ...)
	NOT-FOR-US: DomainMod
CVE-2018-11558 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" n ...)
	NOT-FOR-US: DomainMod
CVE-2018-11557 (YIBAN Easy class education platform 2.0 has XSS via the articlelist.ph ...)
	NOT-FOR-US: YIBAN Easy
CVE-2018-11556 (tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipeline ...)
	NOT-FOR-US: Little CMS
CVE-2018-11555 (tificc in Little CMS 2.9 has an out-of-bounds write in the Precalculat ...)
	NOT-FOR-US: Little CMS
CVE-2018-11554 (The forgotten-password feature in index.php/member/reset/reset_email.h ...)
	NOT-FOR-US: YzmCMS
CVE-2018-11553 (SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter  ...)
	NOT-FOR-US: SGIN.CN xiangyun platform
CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON- ...)
	NOT-FOR-US: AXON PBX
CVE-2018-11551 (AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow  ...)
	NOT-FOR-US: AXON PBX
CVE-2018-11550
	REJECTED
CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulne ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11548 (An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plu ...)
	NOT-FOR-US: EOS.IO DAWN
CVE-2018-11547 (md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based  ...)
	NOT-FOR-US: md4c
CVE-2018-11546 (md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entit ...)
	NOT-FOR-US: md4c
CVE-2018-11545 (md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because  ...)
	NOT-FOR-US: md4c
CVE-2018-11544 (The Olive Tree Ftp Server application 1.32 for Android has Insecure Da ...)
	NOT-FOR-US: Olive Tree Ftp Server application
CVE-2018-11543 (A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC ...)
	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
CVE-2018-11542 (A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / ...)
	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
CVE-2018-11541 (A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC  ...)
	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2017-0921 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...)
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS - Selecting users as allowed merge request approvers]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 9.1)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS - Multiple locations of user selection drop downs]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 9.1)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: include directive in .gitlab-ci.yml allows SSRF requests]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.5)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Permissions issue in Merge Requests Create Service]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.6)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Arbitrary assignment of project fields using Import project]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.4)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-11540
	RESERVED
CVE-2018-11539
	RESERVED
CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_pas ...)
	NOT-FOR-US: SearchBlox
CVE-2018-11537 (Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as r ...)
	NOT-FOR-US: angular-jwt
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because md_split_si ...)
	NOT-FOR-US: md4c
CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access Contr ...)
	NOT-FOR-US: SITEMAKIN SLAC
CVE-2018-11534
	RESERVED
CVE-2018-11533
	RESERVED
CVE-2018-11532 (An issue was discovered in the ChangUonDyU Advanced Statistics plugin  ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/283
	NOTE: https://github.com/Exiv2/exiv2/commit/ed874703ad553338f973d537b8159d0eb4375cc4
	NOTE: https://github.com/Exiv2/exiv2/commit/863aaebc92ff0b0ee3d302b7b5291002c043bc7b
	NOTE: https://github.com/Exiv2/exiv2/commit/67a5a741153c876a6f1c189abb874721d1725c48
CVE-2018-11530
	RESERVED
CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free vulnerabi ...)
	{DSA-4251-1}
	- vlc 3.0.3-1-1
	[jessie] - vlc <end-of-life> (See https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
	NOTE: https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42
CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery (C ...)
	NOT-FOR-US: CScms
CVE-2018-11526 (The plugin "WordPress Comments Import &amp; Export" for WordPress (v2. ...)
	NOT-FOR-US: "WordPress Comments Import & Export" plugin for WordPress
CVE-2018-11525 (The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5 ...)
	NOT-FOR-US: "Advanced Order Export For WooCommerce" plugin for WordPress
CVE-2018-11524
	RESERVED
CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, suc ...)
	NOT-FOR-US: NUUO NVRmini
CVE-2018-11522 (Yosoro 1.0.4 has stored XSS. ...)
	NOT-FOR-US: Yosoro
CVE-2018-11521
	RESERVED
CVE-2018-11520
	RESERVED
CVE-2018-11519
	RESERVED
CVE-2018-11518 (A vulnerability allows a phreaking attack on HCL legacy IVR systems th ...)
	NOT-FOR-US: HCL legacy IVR systems
CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in  ...)
	NOT-FOR-US: mySCADA myPRO
CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c in Vide ...)
	- vlc 3.0.2-1
	[stretch] - vlc 3.0.2-0+deb9u1
	[jessie] - vlc <not-affected> (Only affects 3.x)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8
	NOTE: http://www.videolan.org/security/sa1801.html
CVE-2018-11515 (The wpForo plugin through 2018-02-05 for WordPress has SQL Injection v ...)
	NOT-FOR-US: wpForo plugin for WordPress
CVE-2018-11514 (PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted ...)
	NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
CVE-2018-11513
	RESERVED
CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the "Website's name ...)
	NOT-FOR-US: wityCMS
CVE-2018-11511 (The tree list functionality in the photo gallery application in ASUSTO ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-11510 (The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and p ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux kernel b ...)
	- linux 4.16.12-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
	NOTE: Fixed by: https://git.kernel.org/linus/0a0b98734479aa5b3c671d5190e86273372cab95
CVE-2018-11507 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An a ...)
	- flif <removed> (bug #902188)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/509
CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kerne ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.16-1
	[stretch] - linux 4.9.110-1
	NOTE: Fixed by: https://git.kernel.org/linus/f7068114d45ec55996b9040e98111afa56e010fe
CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to  ...)
	NOT-FOR-US: Werewolf Online application for Android
CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a  ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2 ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11502 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit. ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-11500 (An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vu ...)
	NOT-FOR-US: PublicCMS
CVE-2018-11499 (A use-after-free vulnerability exists in handle_error() in sass_contex ...)
	- libsass 3.5.5-3 (bug #900182)
	[stretch] - libsass <not-affected> (Vulnerability introduced in 3.4.7 upstream)
	NOTE: https://github.com/sass/libsass/issues/2643
	NOTE: https://github.com/sass/libsass/commit/84eaca254ca726531def3569c990089b3154e640
CVE-2018-11498 (In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was ...)
	NOT-FOR-US: Lizard
CVE-2018-11497
	RESERVED
CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read ...)
	- lrzip 0.631+git180528-1
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/96
	NOTE: https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd
	NOTE: https://github.com/ckolivas/lrzip/commit/a81248e47d276cf59b8c7e22558e2b5035e87b33
CVE-2018-11495 (OpenCart through 3.0.2.0 allows directory traversal in the editDownloa ...)
	NOT-FOR-US: OpenCart
CVE-2018-11494 (The "program extension upload" feature in OpenCart through 3.0.2.0 has ...)
	NOT-FOR-US: OpenCart
CVE-2018-11493 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11492 (ASUS HG100 devices allow denial of service via an IPv4 packet flood. ...)
	NOT-FOR-US: ASUS HG100 devices
CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated  ...)
	NOT-FOR-US: ASUS HG100 devices
CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
	[experimental] - giflib 5.1.7-1
	- giflib 5.1.9-1 (bug #904114)
	[buster] - giflib <no-dsa> (Minor issue)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	NOTE: https://github.com/pts/sam2p/issues/38
	NOTE: https://sourceforge.net/p/giflib/bugs/113/
	NOTE: https://sourceforge.net/p/giflib/code/ci/08438a5098f3bb1de23a29334af55eba663f75bd/
	NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
	- giflib <unfixed> (bug #904113)
	[buster] - giflib <no-dsa> (Minor issue)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	NOTE: https://github.com/pts/sam2p/issues/37
	NOTE: https://sourceforge.net/p/giflib/bugs/112/
	NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11488 (A stack exhaustion vulnerability in the search function of dtSearch 7. ...)
	NOT-FOR-US: dtSearch
CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the qu ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-11486 (An issue was discovered in the MULTIDOTS Advance Search for WooCommerc ...)
	NOT-FOR-US: MULTIDOTS Advance Search for WooCommerce plugin for WordPress
CVE-2018-11485 (The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for W ...)
	NOT-FOR-US: MULTIDOTS WooCommerce Quick Reports plugin for WordPress
CVE-2018-11484
	RESERVED
CVE-2018-11483
	RESERVED
CVE-2018-11482 (/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K ...)
	NOT-FOR-US: TP-LINK
CVE-2018-11481 (TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC4 ...)
	NOT-FOR-US: TP-LINK
CVE-2018-11480
	RESERVED
CVE-2018-11479 (The VPN component in Windscribe 1.81 uses the OpenVPN client for conne ...)
	NOT-FOR-US: VPN component in Windscribe
CVE-2018-11478 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
	NOT-FOR-US: Vgate iCar 2 Wi-Fi OBD2 Dongle devices
CVE-2018-11477 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
	NOT-FOR-US: Vgate iCar 2 Wi-Fi OBD2 Dongle devices
CVE-2018-11476 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
	NOT-FOR-US: Vgate iCar 2 Wi-Fi OBD2 Dongle devices
CVE-2018-11475 (Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A p ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11474 (Monstra CMS 3.0.4 has a Session Management Issue in the Administration ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11473 (Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login pa ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11472 (Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login para ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11471 (Cockpit 0.5.5 has XSS via a collection, form, or region. ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2018-11470 (iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' para ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-11469 (Incorrect caching of responses to requests including an Authorization  ...)
	- haproxy 1.8.9-2 (bug #900084)
	[stretch] - haproxy <not-affected> (Issue introduced in 1.8.0)
	[jessie] - haproxy <not-affected> (Issue introduced in 1.8.0)
	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2 ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189
	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11467
	RESERVED
CVE-2018-11466 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11465 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11464 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11463 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11462 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11461 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11460 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11459 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11458 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11457 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11456 (A vulnerability has been identified in Automation License Manager 5 (A ...)
	NOT-FOR-US: Automation License Manager
CVE-2018-11455 (A vulnerability has been identified in Automation License Manager 5 (A ...)
	NOT-FOR-US: Automation License Manager
CVE-2018-11454 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and ...)
	NOT-FOR-US: SIMATIC
CVE-2018-11453 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and ...)
	NOT-FOR-US: SIMATIC
CVE-2018-11452 (A vulnerability has been identified in Firmware variant IEC 61850 for  ...)
	NOT-FOR-US: Siemens
CVE-2018-11451 (A vulnerability has been identified in Firmware variant IEC 61850 for  ...)
	NOT-FOR-US: Siemens
CVE-2018-11450 (A reflected Cross-Site-Scripting (XSS) vulnerability has been identifi ...)
	NOT-FOR-US: Siemens PLM Software TEAMCENTER
CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-11448 (A vulnerability has been identified in SCALANCE M875 (All versions). T ...)
	NOT-FOR-US: SCALANCE
CVE-2018-11447 (A vulnerability has been identified in SCALANCE M875 (All versions). T ...)
	NOT-FOR-US: SCALANCE
CVE-2018-11446 (The buy function of a smart contract implementation for Gold Reward (G ...)
	NOT-FOR-US: Gold Reward
CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page (syst ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11444 (A SQL Injection issue was observed in the parameter "q" in jobcard-ong ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11443 (The parameter q is affected by Cross-site Scripting in jobcard-ongoing ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11442 (A CSRF issue was discovered in EasyService Billing 1.0, which was trig ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11441
	RESERVED
CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parse ...)
	- liblouis 3.5.0-3 (bug #900085)
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/575
	NOTE: https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLi ...)
	{DLA-1430-1}
	- taglib 1.11.1+dfsg.1-0.3 (bug #903847)
	[stretch] - taglib <no-dsa> (Minor issue)
	NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
	NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868
	NOTE: Pull request: https://github.com/taglib/taglib/pull/869
	NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...)
	NOT-FOR-US: Libmobi
CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...)
	NOT-FOR-US: Libmobi
CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...)
	NOT-FOR-US: Libmobi
CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...)
	NOT-FOR-US: Libmobi
CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...)
	NOT-FOR-US: Libmobi
CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...)
	NOT-FOR-US: Libmobi
CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...)
	NOT-FOR-US: Libmobi
CVE-2018-11431
	RESERVED
CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...)
	NOT-FOR-US: Moderator Log Notes plugin for MyBB
CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint functio ...)
	NOT-FOR-US: smart contract
CVE-2018-11428
	RESERVED
CVE-2018-11427 (CSRF tokens are not used in the web application of Moxa OnCell G3100-H ...)
	NOT-FOR-US: Moxa
CVE-2018-11426 (A weak Cookie parameter is used in the web application of Moxa OnCell  ...)
	NOT-FOR-US: Moxa
CVE-2018-11425 (Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Serie ...)
	NOT-FOR-US: Moxa
CVE-2018-11424 (There is Memory corruption in the web interface of Moxa OnCell G3470A- ...)
	NOT-FOR-US: Moxa
CVE-2018-11423 (There is Memory corruption in the web interface Moxa OnCell G3100-HSPA ...)
	NOT-FOR-US: Moxa
CVE-2018-11422 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
	NOT-FOR-US: Moxa
CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
	NOT-FOR-US: Moxa
CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...)
	NOT-FOR-US: Moxa
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
	NOT-FOR-US: JerryScript
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
	NOT-FOR-US: JerryScript
CVE-2018-11417
	RESERVED
CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of  ...)
	- jpegoptim <not-affected> (Introduced in 1.4.5)
	NOTE: https://github.com/tjko/jpegoptim/issues/57
CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Sit ...)
	NOT-FOR-US: SAP Internet Transaction Server
CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is admin/admin_log/ind ...)
	NOT-FOR-US: BearAdmin
CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can downloa ...)
	NOT-FOR-US: BearAdmin
CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in f ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
	[jessie] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
	[wheezy] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1580
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199803
	NOTE: Fixed by: https://git.kernel.org/linus/117166efb1ee8f13c38f9e96b258f16d4923f888
CVE-2018-11411 (The transferFrom function of a smart contract implementation for Dimon ...)
	NOT-FOR-US: DimonCoin
CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the compi ...)
	- liblouis 3.5.0-2 (bug #899999)
	[stretch] - liblouis 3.0.0-3+deb9u2
	[jessie] - liblouis <not-affected> (Code did not even exist at the time)
	[wheezy] - liblouis <not-affected> (Code did not even exist at the time)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1582024
	NOTE: https://github.com/liblouis/liblouis/issues/573
CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending __raw/ ...)
	NOT-FOR-US: Splunk
CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x be ...)
	{DLA-1707-1}
	- symfony 3.4.12+dfsg-1
	[stretch] - symfony <not-affected> (Incomplete fix for CVE-2017-16652 wasn't backported)
	NOTE: https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x before  ...)
	- symfony 3.4.12+dfsg-1
	[stretch] - symfony <not-affected> (Incomplete fix for CVE-2016-2403 not applied)
	[jessie] - symfony <not-affected> (Incomplete fix for CVE-2016-2403 not applied)
	NOTE: https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
CVE-2018-11406 (An issue was discovered in the Security component in Symfony 2.7.x bef ...)
	{DSA-4262-1}
	- symfony 3.4.12+dfsg-1
	[jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
	NOTE: https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
	NOT-FOR-US: Kliqqi
CVE-2018-11404 (DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.ph ...)
	NOT-FOR-US: DomainMod
CVE-2018-11403 (DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid p ...)
	NOT-FOR-US: DomainMod
CVE-2018-11402 (SimpliSafe Original has Unencrypted Keypad Transmissions, which allows ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11401 (In SimpliSafe Original, RF Interference (e.g., an extremely strong 433 ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11400 (In SimpliSafe Original, the Base Station fails to detect tamper attemp ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11399 (SimpliSafe Original has Unencrypted Sensor Transmissions, which allows ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11398
	RESERVED
CVE-2018-11397
	RESERVED
CVE-2018-11396 (ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3 ...)
	- epiphany-browser 3.28.2.1-1 (unimportant; bug #899409)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795740
	NOTE: webkit not covered by security support
CVE-2018-11395
	RESERVED
CVE-2018-11394
	RESERVED
CVE-2018-11393
	RESERVED
CVE-2018-11392 (An arbitrary file upload vulnerability in /classes/profile.class.php i ...)
	NOT-FOR-US: Jigowatt
CVE-2018-11391
	RESERVED
CVE-2018-11390
	RESERVED
CVE-2018-11389
	RESERVED
CVE-2018-11388
	RESERVED
CVE-2018-11387
	RESERVED
CVE-2018-11386 (An issue was discovered in the HttpFoundation component in Symfony 2.7 ...)
	{DSA-4262-1}
	- symfony 3.4.12+dfsg-1
	[jessie] - symfony <not-affected> (vulnerable code no present, no rollback mechanism in this version)
	NOTE: https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
CVE-2018-11385 (An issue was discovered in the Security component in Symfony 2.7.x bef ...)
	{DSA-4262-1 DLA-1707-1}
	- symfony 3.4.12+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add
	NOTE: https://github.com/radare/radare2/issues/9903
CVE-2018-11383 (The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers  ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a
	NOTE: https://github.com/radare/radare2/issues/9943
CVE-2018-11382 (The _inst__sts() function in radare2 2.5.0 allows remote attackers to  ...)
	- radare2 <not-affected> (Vulnerable code not yet present)
	NOTE: https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff
	NOTE: https://github.com/radare/radare2/issues/10091
CVE-2018-11381 (The string_scan_range() function in radare2 2.5.0 allows remote attack ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3
	NOTE: https://github.com/radare/radare2/issues/9902
CVE-2018-11380 (The parse_import_ptr() function in radare2 2.5.0 allows remote attacke ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134
	NOTE: https://github.com/radare/radare2/issues/9970
CVE-2018-11379 (The get_debug_info() function in radare2 2.5.0 allows remote attackers ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c
	NOTE: https://github.com/radare/radare2/issues/9926
CVE-2018-11378 (The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ha ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (Vulnerable code not present)
	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7
	NOTE: https://github.com/radare/radare2/issues/9969
CVE-2018-11377 (The avr_op_analyze() function in radare2 2.5.0 allows remote attackers ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4
	NOTE: https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422
	NOTE: https://github.com/radare/radare2/issues/9901
CVE-2018-11376 (The r_read_le32() function in radare2 2.5.0 allows remote attackers to ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf
	NOTE: https://github.com/radare/radare2/issues/9904
CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 allows remote attackers to  ...)
	- radare2 <not-affected> (Vulnerable code not yet present)
	NOTE: https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68
	NOTE: https://github.com/radare/radare2/issues/9928
CVE-2018-11374
	RESERVED
CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" U ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-11372 (iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php Use ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-11371 (SkyCaiji 1.2 allows CSRF to add an Administrator user. ...)
	NOT-FOR-US: SkyCaiji
CVE-2018-11370
	RESERVED
CVE-2018-11369 (An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection t ...)
	NOT-FOR-US: PbootCMS
CVE-2018-11368
	RESERVED
CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a denial of s ...)
	NOT-FOR-US: CppCMS
CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an ...)
	- r-cran-haven 1.1.1-2 (low; bug #899335)
CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in l ...)
	- r-cran-haven 1.1.1-2 (low; bug #899335)
CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buf ...)
	NOT-FOR-US: PDFGen
CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS diss ...)
	{DSA-4217-1 DLA-1388-1}
	- wireshark 2.6.1-1 (bug #900708)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. Th ...)
	- wireshark 2.6.1-1 (bug #900708)
	[jessie] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
	[wheezy] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b52f9929238ce3948ec924ae4f9456b5e9df558
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTA ...)
	- wireshark 2.6.1-1 (bug #900708)
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
	[wheezy] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC disse ...)
	{DLA-1634-1}
	- wireshark 2.6.1-1 (bug #900708)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dis ...)
	{DSA-4217-1 DLA-1388-1}
	- wireshark 2.6.1-1 (bug #900708)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP disse ...)
	{DLA-1634-1}
	- wireshark 2.6.1-1 (bug #900708)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ab8a33ef083b9732c89117747a83a905a676faf6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
CVE-2018-11356 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS disse ...)
	{DLA-1634-1}
	- wireshark 2.6.1-1 (bug #900708)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4425716ddba99374749bd033d9bc0f4add2fb973
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-29.html
CVE-2018-11355 (In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed ...)
	- wireshark <not-affected> (Vulnerable code, new RTCP dissector for transport-cc, introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a584eab239d55e441433ead40c993e08a24c59fe (v2.5.0)
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99d27a5fd2c540f837154aca3b3647f5ccfa0c33 (v2.6.1)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-27.html
CVE-2018-11354 (In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was a ...)
	- wireshark <not-affected> (Vulnerable code, IEEE 1905.1a dissector, introduced in v2.5.0~1187)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=05b1d35586aee37dad7d84fa27531fc9794a41c9 (v2.5.0)
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb517a4a434387e74a2f75ebb106ee3c3893251c (v2.6.1)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-26.html
CVE-2018-11353
	RESERVED
CVE-2018-11352 (The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site  ...)
	NOT-FOR-US: Wallabag
CVE-2018-11351 (script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Si ...)
	NOT-FOR-US: Jirafeau
CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file "search by  ...)
	NOT-FOR-US: Jirafeau
CVE-2018-11349 (The administration panel of Jirafeau before 3.4.1 is vulnerable to thr ...)
	NOT-FOR-US: Jirafeau
CVE-2018-11348 (Two XSS vulnerabilities are located in the profile edition page of the ...)
	NOT-FOR-US: Yunihost
CVE-2018-11347 (The YunoHost 2.7.2 through 2.7.14 web application is affected by one H ...)
	NOT-FOR-US: Yunihost
CVE-2018-11346 (An insecure direct object reference vulnerability in download.cgi in A ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6 ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11343 (A persistent cross site scripting vulnerability in playlistmanger.cgi  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5  ...)
	NOT-FOR-US: Frappe ERPNext
CVE-2018-11338 (Intuit Lacerte 2017 for Windows in a client/server environment transfe ...)
	NOT-FOR-US: Intuit Lacerte
CVE-2018-11337
	RESERVED
CVE-2018-11336
	RESERVED
CVE-2018-11335 (GVToken Genesis Vision (GVT) is a smart contract running on Ethereum.  ...)
	NOT-FOR-US: smart contract
CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allows Ever ...)
	NOT-FOR-US: Windscribe
CVE-2018-11333
	RESERVED
CVE-2018-11332 (Stored cross-site scripting (XSS) vulnerability in the "Site Name" fie ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code executi ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenticated  ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-11329 (The DrugDealer function of a smart contract implementation for Ether C ...)
	NOT-FOR-US: DrugDealer smart contractz
CVE-2018-11328 (An issue was discovered in Joomla! Core before 3.8.8. Under specific c ...)
	NOT-FOR-US: Joomla!
CVE-2018-11327 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate check ...)
	NOT-FOR-US: Joomla!
CVE-2018-11326 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate input ...)
	NOT-FOR-US: Joomla!
CVE-2018-11325 (An issue was discovered in Joomla! Core before 3.8.8. The web install  ...)
	NOT-FOR-US: Joomla!
CVE-2018-11324 (An issue was discovered in Joomla! Core before 3.8.8. A long running b ...)
	NOT-FOR-US: Joomla!
CVE-2018-11323 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate check ...)
	NOT-FOR-US: Joomla!
CVE-2018-11322 (An issue was discovered in Joomla! Core before 3.8.8. Depending on the ...)
	NOT-FOR-US: Joomla!
CVE-2018-11321 (An issue was discovered in com_fields in Joomla! Core before 3.8.8. In ...)
	NOT-FOR-US: Joomla!
CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that ar ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-1000181 (Kitura 2.3.0 and earlier have an unintended read access to unauthorise ...)
	NOT-FOR-US: Kitura
CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier h ...)
	{DSA-4233-1}
	- bouncycastle 1.59-2 (bug #900843)
	[jessie] - bouncycastle <not-affected> (Issue introduced in 1.54)
	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
	NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/a47c9eff26101f2969bb2a9627ca721b135c9d47
	NOTE: https://www.bouncycastle.org/jira/browse/BJA-694
CVE-2018-11318
	RESERVED
CVE-2018-11317 (Subrion CMS before 4.1.4 has XSS. ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-11316 (The UPnP HTTP server on Sonos wireless speaker products allow unauthor ...)
	NOT-FOR-US: Sonos
CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below ...)
	NOT-FOR-US: Radio Thermostat CT50 and CT80
CVE-2018-11314 (The External Control API in Roku and Roku TV products allow unauthoriz ...)
	NOT-FOR-US: Roku
CVE-2018-11313
	RESERVED
CVE-2018-11312
	RESERVED
CVE-2018-11311 (A hardcoded FTP username of myscada and password of Vikuk63 in 'myscad ...)
	NOT-FOR-US: mySCADA
CVE-2018-11310
	RESERVED
CVE-2018-11309 (Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and ...)
	NOT-FOR-US: MemberMouse plugin for WordPress
CVE-2018-11308
	RESERVED
CVE-2018-11307 (An issue was discovered in FasterXML jackson-databind 2.0.0 through 2. ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
	NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737
CVE-2018-11306
	RESERVED
CVE-2018-11305 (When a series of FDAL messages are sent to the modem, a Use After Free ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11304 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11303
	RESERVED
CVE-2018-11302 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11301 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11300 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11299 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11298 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11297 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11296 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11295 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11294 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11293 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11292 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11289 (Data truncation during higher to lower type conversion which causes le ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11287 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to the devi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11283
	RESERVED
CVE-2018-11282
	RESERVED
CVE-2018-11281 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11279 (Lack of check of input size can make device memory get corrupted becau ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996A ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11276 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11275 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11274 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11273 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11272
	RESERVED
CVE-2018-11271 (Improper authentication can happen on Remote command handling due to i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11270 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11269 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11268 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11267 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11266 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11265 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11264 (Possible buffer overflow in Ontario fingerprint code due to lack of in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11263 (In all Android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11262 (In Android for MSM, Firefox OS for MSM, and QRD Android with all Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11261 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11260 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11259 (Due to Improper Access Control of NAND-based EFS in Snapdragon Automob ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11258 (In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11257 (Permissions, Privileges, and Access Controls in TA in Snapdragon Mobil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18283 (Possible memory corruption when Read Val Blob Req is received with inv ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18282 (Non-secure SW can cause SDCC to generate secure bus accesses, which ma ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18281 (A bool variable in Video function, which gets typecasted to int before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18280 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18279 (Lack of check of buffer length before copying can lead to buffer overf ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18278 (An integer underflow may occur due to lack of check when received data ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18277 (When dynamic memory allocation fails, currently the process sleeps for ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18276 (Secure camera logic allows display/secure camera controllers to access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18275 (A new account can be inserted into simContacts service using Android c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18274 (While iterating through the models contained in a fixed-size array in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::App ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916583)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575851
	NOTE: https://sourceforge.net/p/podofo/tickets/21
	NOTE: https://sourceforge.net/p/podofo/code/1938
CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPage ...)
	- libpodofo <unfixed> (low; bug #916584)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502
	NOTE: https://sourceforge.net/p/podofo/tickets/20
	NOTE: https://sourceforge.net/p/podofo/code/1952 (this commit doesn't fix the crash)
CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursi ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916585)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576174
	NOTE: https://sourceforge.net/p/podofo/tickets/19
	NOTE: https://sourceforge.net/p/podofo/code/1941
CVE-2018-11253
	RESERVED
CVE-2018-11252
	RESERVED
CVE-2018-11251 (In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based b ...)
	{DSA-4245-1 DLA-1394-1 DLA-1381-1}
	- imagemagick 8:6.9.9.39+dfsg-1
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/956
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fbc6a557b4f63af18b2debe83f817859ef7481
CVE-2018-11250
	RESERVED
CVE-2018-11249
	RESERVED
CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an  ...)
	NOT-FOR-US: FileDownloader
CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require authenticat ...)
	NOT-FOR-US: SAP
CVE-2018-11246
	RESERVED
CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex  ...)
	NOT-FOR-US: MISP
CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch of an H ...)
	NOT-FOR-US: WordPress theme
CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attac ...)
	- upx-ucl 1.03+repack-5 (unimportant; bug #899190; bug #907426)
	NOTE: https://github.com/upx/upx/issues/206
	NOTE: https://github.com/upx/upx/issues/207
CVE-2018-11242 (An issue was discovered in the MakeMyTrip application 7.2.4 for Androi ...)
	NOT-FOR-US: MakeMyTrip application for Android
CVE-2018-11241 (An issue was discovered on SoftCase T-Router build 20112017 devices. A ...)
	NOT-FOR-US: SoftCase T-Router devices
CVE-2018-11240 (An issue was discovered on SoftCase T-Router build 20112017 devices. T ...)
	NOT-FOR-US: SoftCase T-Router devices
CVE-2018-11239 (An integer overflow in the _transfer function of a smart contract impl ...)
	NOT-FOR-US: Hexagon (HXG)
CVE-2018-11238
	RESERVED
CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in the GNU ...)
	- glibc 2.27-4 (low; bug #899070)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23196
CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...)
	- glibc 2.27-4 (low; bug #899071)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
CVE-2018-11235 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ...)
	{DSA-4212-1}
	- git 1:2.17.1-1
	NOTE: https://lkml.org/lkml/2018/5/29/889
CVE-2018-11234
	RESERVED
CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ...)
	- git 1:2.17.1-1 (unimportant)
	[stretch] - git 1:2.11.0-3+deb9u3
	[jessie] - git 1:2.1.4-2.1+deb8u6
	NOTE: Only an issue when running on an NTFS filesystem.
	NOTE: https://lkml.org/lkml/2018/5/29/889
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Swi ...)
	NOT-FOR-US: Kubernetes CRI-O
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
	{DLA-1785-1 DLA-1381-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-fr ...)
	- imagemagick 8:6.9.9.34+dfsg-3
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/918
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
	{DLA-1785-1 DLA-1381-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 ...)
	- glibc 2.27-3
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <not-affected> (Vulnerable code not present)
	- eglibc <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22644
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
CVE-2018-11232 (The etm_setup_aux function in drivers/hwtracing/coresight/coresight-et ...)
	- linux <not-affected> (Vulnerable code never present in unstable)
	NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers c ...)
	NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
	NOT-FOR-US: jbig2enc
CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
	NOT-FOR-US: Crestron devices
CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
	NOT-FOR-US: Crestron devices
CVE-2018-11227 (Monstra CMS 3.0.4 and earlier has XSS via index.php. ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 mishand ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/144
CVE-2018-11225 (The dcputs function in decompile.c in libming through 0.4.8 mishandles ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/143
CVE-2018-11224 (An issue was discovered in Libav 12.3. A read access violation in the  ...)
	- libav <removed> (low)
	[jessie] - libav <postponed> (Minor issue, oob read, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1129
	NOTE: ffmpeg PoC crash fixed but different vector:
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7248e735599bad765e1ef39c3ea9a6d469d74049
CVE-2018-11223 (XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to exec ...)
	NOT-FOR-US: Pandora FMS
CVE-2018-11222 (Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23  ...)
	NOT-FOR-US: Pandora FMS
CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS through ve ...)
	NOT-FOR-US: Pandora FMS
CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Executio ...)
	NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
CVE-2018-11219 (An Integer Overflow issue was discovered in the struct library in the  ...)
	{DSA-4230-1 DLA-1396-1}
	- redis 5:4.0.10-1 (bug #901495)
	NOTE: https://github.com/antirez/redis/issues/5017
	NOTE: http://antirez.com/news/119
CVE-2018-11218 (Memory Corruption was discovered in the cmsgpack library in the Lua su ...)
	{DSA-4230-1 DLA-1396-1}
	- redis 5:4.0.10-1 (bug #901495)
	NOTE: https://github.com/antirez/redis/issues/5017
	NOTE: http://antirez.com/news/119
CVE-2018-11217
	RESERVED
CVE-2018-11216
	RESERVED
CVE-2018-11215 (Remote code execution is possible in Cloudera Data Science Workbench v ...)
	NOT-FOR-US: Cloudera
CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function i ...)
	{DLA-1638-1}
	- libjpeg9 1:9c-1 (low; bug #902176)
	- libjpeg-turbo 1:1.4.2-1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row function  ...)
	{DLA-1638-1}
	- libjpeg9 1:9c-1 (low; bug #902176)
	- libjpeg-turbo 1:1.4.2-1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in jm ...)
	{DLA-1638-1}
	- libjpeg9 1:9c-1 (low; bug #902176)
	- libjpeg-turbo 1:1.4.2-1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0 (1.4.2)
CVE-2018-11211
	RESERVED
CVE-2018-11210 (** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)
	- tinyxml2 <unfixed> (bug #899063; unimportant)
	NOTE: https://github.com/leethomason/tinyxml2/issues/675
	NOTE: Non-real issue, missuse of API
CVE-2018-11209 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/c ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-11208 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a  ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in  ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10481
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and H5O_fi ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10480
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the  ...)
	- hdf5 <undetermined>
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10479
CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10478
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11203 (A division by zero was discovered in H5D__btree_decode_key in H5Dbtree ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10477
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
CVE-2018-11202 (A NULL pointer dereference was discovered in H5S_hyper_make_spans in H ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10476
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11201
	RESERVED
CVE-2018-11200 (An issue was discovered in Mautic 2.13.1. It has Stored XSS via the co ...)
	NOT-FOR-US: Mautic
CVE-2018-11199
	RESERVED
CVE-2018-11198 (An issue was discovered in Mautic 2.13.1. There is Stored XSS via the  ...)
	NOT-FOR-US: Mautic
CVE-2018-11197
	RESERVED
CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before  ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/bugs/1770535
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8270
CVE-2018-11195 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before  ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/mahara/+bug/1770561
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8269
CVE-2018-11194 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11193 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11192 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11191 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11190 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11189 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11188 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11187 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11186 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11185 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11184 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11183 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11182 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11181 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11180 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11179 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11178 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11177 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11176 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11175 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11174 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11173 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11172 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11171 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11170 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11169 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11168 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11167 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11166 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11165 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11164 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11163 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11162 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11161 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11160 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11159 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11158 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11157 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11156 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11155 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11154 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11153 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11152 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11151 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11150 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11149 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11148 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11147 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11146 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11145 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11144 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11143 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11142 (The 'systemui/settings_network.php' and 'systemui/settings_patching.ph ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/ad ...)
	NOT-FOR-US: Quest KACE System Management Virtual Appliance
CVE-2018-11140 (The 'reportID' parameter received by the '/common/run_report.php' scri ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11139 (The '/common/ajax_email_connection_test.php' script in the Quest KACE  ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11138 (The '/common/download_agent_installer.php' script in the Quest KACE Sy ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11137 (The 'checksum' parameter of the '/common/download_attachment.php' scri ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11136 (The 'orgID' parameter received by the '/common/download_agent_installe ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11135 (The script '/adminui/error_details.php' in the Quest KACE System Manag ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11134 (In order to perform actions that requires higher privileges, the Quest ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11133 (The 'fmt' parameter of the '/common/run_cross_report.php' script in th ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11132 (In order to perform actions that require higher privileges, the Quest  ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11131
	RESERVED
CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0 ...)
	{DLA-1807-1}
	- vcftools 0.1.16-1 (low; bug #902190)
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11129 (The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1 ...)
	{DLA-1807-1}
	- vcftools 0.1.16-1 (low; bug #902190)
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11128 (The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFP ...)
	NOT-FOR-US: vincent0629 PDFParser
CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary user deletion. ...)
	NOT-FOR-US: e107
CVE-2018-11126 (dg-user/?controller=users&amp;action=add in doorGets 7.0 has CSRF that ...)
	NOT-FOR-US: doorGets
CVE-2018-11125
	REJECTED
CVE-2018-11124 (Cross-site scripting (XSS) vulnerability in Attributes functionality i ...)
	NOT-FOR-US: Open-AudIT Community
CVE-2018-11123
	RESERVED
CVE-2018-11122
	RESERVED
CVE-2018-11121
	RESERVED
CVE-2018-11120 (Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x ...)
	NOT-FOR-US: ILIAS
CVE-2018-11119 (ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user  ...)
	NOT-FOR-US: ILIAS
CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XS ...)
	NOT-FOR-US: ILIAS
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5. ...)
	NOT-FOR-US: ILIAS
CVE-2018-11116 (** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd a ...)
	NOT-FOR-US: OpenWrt
CVE-2018-11115
	RESERVED
CVE-2018-11114
	RESERVED
CVE-2018-11113
	RESERVED
CVE-2018-11112
	RESERVED
CVE-2018-11111
	RESERVED
CVE-2018-11110
	RESERVED
CVE-2018-11109
	RESERVED
CVE-2018-11108
	RESERVED
CVE-2018-11107
	RESERVED
CVE-2018-11106 (NETGEAR has released fixes for a pre-authentication command injection  ...)
	NOT-FOR-US: Netgear
CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support plugi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-11104
	RESERVED
CVE-2018-11103
	RESERVED
CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the  ...)
	{DLA-1907-1}
	- libav <removed> (low)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1128
CVE-2018-11101 (Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via ...)
	- signal-desktop <itp> (bug #842943)
CVE-2018-11100 (The decompileSETTARGET function in decompile.c in libming through 0.4. ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/142
CVE-2018-11099 (The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1 ...)
	{DLA-1807-1}
	- vcftools 0.1.16-1 (low; bug #902190)
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file upload vuln ...)
	NOT-FOR-US: Frog CMS
CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There i ...)
	NOT-FOR-US: cloudwu
CVE-2018-11096 (Horse Market Sell &amp; Rent Portal Script 1.5.7 has a CSRF vulnerabil ...)
	NOT-FOR-US: Horse Market Sell & Rent Portal Script
CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 mis ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/141
CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ ...)
	NOT-FOR-US: Intelbras NCLOUD
CVE-2018-11093 (Cross-site scripting (XSS) vulnerability in the Link package for CKEdi ...)
	NOT-FOR-US: CKeditor addon
CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF a ...)
	NOT-FOR-US: Admin Notes plugin for MyBB
CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file  ...)
	NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerab ...)
	NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11089
	RESERVED
CVE-2018-11088 (Pivotal Applications Manager in Pivotal Application Service, versions  ...)
	NOT-FOR-US: Pivotal
CVE-2018-11087 (Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions pri ...)
	NOT-FOR-US: Spring AMQP
CVE-2018-11086 (Pivotal Usage Service in Pivotal Application Service, versions 2.0 pri ...)
	NOT-FOR-US: Pivotal
CVE-2018-11085
	REJECTED
CVE-2018-11084 (Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11083 (Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11082 (Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11081 (Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior ...)
	NOT-FOR-US: Pivotal
CVE-2018-11080 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contain ...)
	NOT-FOR-US: EMC Secure Remote Services
CVE-2018-11079 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contain ...)
	NOT-FOR-US: EMC Secure Remote Services
CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecu ...)
	NOT-FOR-US: EMC VPlex GeoSynchrony
CVE-2018-11077 ('getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3 ...)
	NOT-FOR-US: EMC
CVE-2018-11076 (Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and  ...)
	NOT-FOR-US: EMC
CVE-2018-11075 (RSA Authentication Manager versions prior to 8.3 P3 contain a reflecte ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-11074 (RSA Authentication Manager versions prior to 8.3 P3 are affected by a  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-11073 (RSA Authentication Manager versions prior to 8.3 P3 contain a stored c ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-11072 (Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection  ...)
	NOT-FOR-US: Dell Digital Delivery
CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1 ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J version ...)
	NOT-FOR-US: RSA BSAFE Crypto-J
CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channe ...)
	NOT-FOR-US: RSA BSAFE SSL-J
CVE-2018-11068 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vuln ...)
	NOT-FOR-US: RSA BSAFE SSL-J
CVE-2018-11067 (Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2. ...)
	NOT-FOR-US: EMC
CVE-2018-11066 (Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2. ...)
	NOT-FOR-US: EMC
CVE-2018-11065 (The WorkPoint component, which is embedded in all RSA Archer, versions ...)
	NOT-FOR-US: RSA
CVE-2018-11064 (Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE version ...)
	NOT-FOR-US: Dell
CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple unquoted serv ...)
	NOT-FOR-US: Dell WMS
CVE-2018-11062 (Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contai ...)
	NOT-FOR-US: Integrated Data Protection Appliance
CVE-2018-11061 (RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security An ...)
	NOT-FOR-US: RSA
CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass ...)
	NOT-FOR-US: RSA Archer
CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scr ...)
	NOT-FOR-US: RSA Archer
CVE-2018-11058 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11057 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11056 (RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BS ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11055 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11054 (RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer over ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11053 (Dell EMC iDRAC Service Module for all supported Linux and XenServer ve ...)
	NOT-FOR-US: Dell
CVE-2018-11052 (Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication by ...)
	NOT-FOR-US: EMC
CVE-2018-11051 (RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 c ...)
	NOT-FOR-US: RSA Certificate Manager
CVE-2018-11050 (Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, a ...)
	NOT-FOR-US: EMC
CVE-2018-11049 (RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governanc ...)
	NOT-FOR-US: RSA
CVE-2018-11048 (Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell ...)
	NOT-FOR-US: Dell
CVE-2018-11047 (Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.1 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version  ...)
	NOT-FOR-US: Pivotal
CVE-2018-11045 (Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior  ...)
	NOT-FOR-US: Pivotal
CVE-2018-11044 (Pivotal Apps Manager included in Pivotal Application Service, versions ...)
	NOT-FOR-US: Pivotal
CVE-2018-11043
	REJECTED
CVE-2018-11042
	REJECTED
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 excep ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...)
	- libspring-java 4.3.19-1
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <no-dsa> (unable to find relevant commits)
	NOTE: https://pivotal.io/security/cve-2018-11040
CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior  ...)
	- libspring-java 4.3.19-1
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2018-11039
CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create keyrings  ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.56-1
	[wheezy] - linux 3.2.101-1
	NOTE: Fixed by: https://git.kernel.org/linus/237bbd29f7a049d310d907f4b2716a7feef9abf3 (4.14-rc3)
CVE-2017-18268 (Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Ble ...)
	NOT-FOR-US: Symantec
CVE-2018-11038
	RESERVED
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <not-affected> (Jessie doesn't have '-pS', not reproducible, closed upstream)
	NOTE: https://github.com/Exiv2/exiv2/issues/307
CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3 ...)
	NOT-FOR-US: Ruckus devices
CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ve ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ve ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-11033 (The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842
CVE-2018-11032 (PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/ ...)
	NOT-FOR-US: PHPRAP
CVE-2018-11031 (application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 ha ...)
	NOT-FOR-US: PHPRAP
CVE-2018-11030
	RESERVED
CVE-2018-11029
	RESERVED
CVE-2018-11028
	RESERVED
CVE-2018-11027 (A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remo ...)
	NOT-FOR-US: Ruckus
CVE-2018-11026
	RESERVED
CVE-2018-11025 (kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Ama ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11024 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11023 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11022 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11021 (kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel compone ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11020 (kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazo ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11019 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11018 (An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery ...)
	NOT-FOR-US: PbootCMS
CVE-2018-11017 (The newVar_N function in decompile.c in libming through 0.4.8 mishandl ...)
	- ming <removed>
CVE-2018-11016
	RESERVED
CVE-2018-11015
	RESERVED
CVE-2018-11014
	RESERVED
CVE-2018-11013 (Stack-based buffer overflow in the websRedirect function in GoAhead on ...)
	NOT-FOR-US: D-Link
CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd param ...)
	NOT-FOR-US: ruibaby Halo
CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to Front ...)
	NOT-FOR-US: ruibaby Halo
CVE-2018-11010
	RESERVED
CVE-2018-11009
	RESERVED
CVE-2018-11008
	RESERVED
CVE-2018-11007
	RESERVED
CVE-2018-11006
	RESERVED
CVE-2018-11005
	RESERVED
CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery (CSR ...)
	NOT-FOR-US: SDcms
CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CS ...)
	NOT-FOR-US: YXcms
CVE-2018-11002 (Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on ...)
	NOT-FOR-US: Pulse Secure Desktop Client
CVE-2018-11001
	RESERVED
CVE-2018-11000
	RESERVED
CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk:: ...)
	{DSA-4238-1 DLA-1551-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/306
	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
	NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51
CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp al ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/303
	NOTE: https://github.com/Exiv2/exiv2/commit/f4e8ed2fd48d012467b99552f0d6378302a23c75
CVE-2018-10997 (Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injec ...)
	NOT-FOR-US: Etere EtereWeb
CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devic ...)
	NOT-FOR-US: D-Link
CVE-2018-10995 (SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles us ...)
	{DSA-4254-1 DLA-1437-1}
	- slurm-llnl 17.11.7-1 (bug #900548)
	NOTE: https://www.schedmd.com/news.php?id=203
	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html
	NOTE: https://github.com/SchedMD/slurm/commit/033dc0d1d28b8d2ba1a5187f564a01c15187eb4e
	NOTE: https://github.com/SchedMD/slurm/commit/df545955e4f119974c278bff0c47155257d5afc7
CVE-2018-10994 (js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) b ...)
	- signal-desktop <itp> (bug #842943)
CVE-2018-10993
	RESERVED
CVE-2018-10991
	REJECTED
CVE-2018-10990 (On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a log ...)
	NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distr ...)
	NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware update p ...)
	NOT-FOR-US: Diqee
CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices. The affect ...)
	NOT-FOR-US: Diqee
CVE-2018-10986 (OX Guard 2.8.0 has CSRF. ...)
	NOT-FOR-US: Open-Xchange OX Guard
CVE-2018-10985
	RESERVED
CVE-2018-10984
	RESERVED
CVE-2018-10983
	RESERVED
CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell Inspiron sys ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes code  ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital  ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings b ...)
	- lilypond 2.18.2-13 (bug #898373)
	[jessie] - lilypond <not-affected> (Incomplete fix not applied)
	[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest O ...)
	{DSA-4201-1 DLA-1549-1 DLA-1383-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest O ...)
	{DSA-4201-1 DLA-1559-1 DLA-1383-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	NOTE: https://xenbits.xen.org/xsa/advisory-262.html
CVE-2018-10980
	RESERVED
CVE-2018-10979
	RESERVED
CVE-2018-10978
	RESERVED
CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10973 (An integer overflow in the transferMulti function of a smart contract  ...)
	NOT-FOR-US: KoreaShow
CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The  ...)
	- flif <removed> (bug #898407)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/503
CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The  ...)
	- flif <removed> (bug #898406)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/501
CVE-2018-10970
	RESERVED
CVE-2018-10969 (SQL injection vulnerability in the Pie Register plugin before 3.0.10 f ...)
	NOT-FOR-US: Pie Register plugin for WordPress
CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious u ...)
	NOT-FOR-US: D-Link
CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious u ...)
	NOT-FOR-US: D-Link
CVE-2018-10966 (An issue was discovered in GamerPolls 0.4.6, related to config/environ ...)
	NOT-FOR-US: GamerPolls
CVE-2018-10965
	RESERVED
CVE-2018-10964
	RESERVED
CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF thro ...)
	{DSA-4349-1 DLA-1411-1}
	- tiff 4.0.9-6 (bug #898348)
	[stretch] - tiff <no-dsa> (Minor issue)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2795
	NOTE: https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
CVE-2018-10962 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10961
	RESERVED
CVE-2018-10960
	RESERVED
CVE-2018-10959 (Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Un ...)
	NOT-FOR-US: Avecto Defendpoint
CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT d ...)
	{DSA-4238-1 DLA-1551-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/302
	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
	NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51
CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for example) a cha ...)
	NOT-FOR-US: D-Link
CVE-2018-10956 (IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. ...)
	NOT-FOR-US: IPConfigure Orchid Core VMS
CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 bet ...)
	NOT-FOR-US: Zimbra
CVE-2018-10947 (An issue was discovered in versions earlier than 1.3.2 for Polycom Rea ...)
	NOT-FOR-US: Polycom
CVE-2018-10946 (An issue was discovered in versions earlier than 1.3.0-66872 for Polyc ...)
	NOT-FOR-US: Polycom
CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler thr ...)
	{DLA-1562-1}
	[experimental] - poppler 0.65.0-1
	- poppler 0.69.0-2 (bug #898357)
	[stretch] - poppler <no-dsa> (Minor issue)
	[wheezy] - poppler <ignored> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 does no ...)
	{DSA-4211-1 DLA-1384-1}
	- xdg-utils 1.1.3-1 (bug #898317)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
	NOTE: Upstream bug discussed possible other approach to fix the issue.
	NOTE: Fixed by: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
CVE-2018-10945 (The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remot ...)
	- smplayer 18.5.0~ds1-1
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-10944 (The request_dividend function of a smart contract implementation for R ...)
	NOT-FOR-US: Rasputin Online Coin
CVE-2018-10943 (An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Un ...)
	NOT-FOR-US: Barco ClickShare CSE-200 and CS-100 Base Units
CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute Wizard add ...)
	NOT-FOR-US: Attribute Wizard addon for PrestaShop
CVE-2018-10941
	RESERVED
CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the ...)
	{DLA-1423-1 DLA-1422-1 DLA-1392-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8 ...)
	NOT-FOR-US: Zimbra Web Client
CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and throug ...)
	{DSA-4308-1 DLA-1531-1}
	- linux 4.13.4-1 (unimportant)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/1
CVE-2018-10937 (A cross site scripting flaw exists in the tetonic-console component of ...)
	NOT-FOR-US: OpenShift
CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5. It was  ...)
	- libpgjava 42.2.5-1
	[stretch] - libpgjava <no-dsa> (Minor issue)
	[jessie] - libpgjava <no-dsa> (Minor issue)
	NOTE: https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e412309
CVE-2018-10935 (A flaw was found in the 389 Directory Server that allows users to caus ...)
	{DLA-1483-1}
	- 389-ds-base 1.4.0.15-1 (bug #906985)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://pagure.io/389-ds-base/issue/49890
CVE-2018-10934 (A cross-site scripting (XSS) vulnerability was found in the JBoss Mana ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10933 (A vulnerability was found in libssh's server-side state machine before ...)
	{DSA-4322-1 DLA-1548-1}
	- libssh 0.8.4-1 (bug #911149)
	NOTE: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
	NOTE: https://bugs.libssh.org/T101
	NOTE: https://www.libssh.org/security/advisories/CVE-2018-10933.txt
	NOTE: POC: https://www.openwall.com/lists/oss-security/2018/10/17/5
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=2bddafeb709eacc80ad31fec40479f9b628a8bd7 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=825f4ba96407abe8cebb046a7503fa2bf5de9df6 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=20981bf2296202e95d7919394d4610ae3a876cfa (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=5d7414467d6dac100a93df761b06de5cd07fc69a (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=459868c4a57d2d11cf7835655a8d1a5cf034ccb4 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=68b0c7a93448123cc0d6a04d3df40d92a3fd0a67 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=75be012b4a14f4550ce6ad3f126e559f44dbde76 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=e1548a71bdac73da084174ab1d6d2713edd93f6e (master)
	NOTE: Fixed in 0.7.6, 0.8.4 upstream
CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...)
	- lldpad 1.0.1+git20180808.4e642bd-1 (unimportant; bug #905901)
	NOTE: https://github.com/intel/openlldp/pull/7
	NOTE: https://github.com/intel/openlldp/commit/41feb359a9d0082b0bcf68b1f2b37227f02af4f1
	NOTE: Terminal emulators need to perform proper escaping
CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its Cobbler ...)
	- cobbler <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ...)
	{DSA-4269-1}
	- postgresql-10 10.5-1
	- postgresql-9.6 <removed>
	- postgresql-9.5 <removed>
	- postgresql-9.5 <not-affected> (Only affects PostgreSQL 9.5 onwards)
	- postgresql-9.4 <not-affected> (Only affects PostgreSQL 9.5 onwards)
	- postgresql-9.1 <not-affected> (Only affects PostgreSQL 9.5 onwards)
	NOTE: Fixed in 9.5.14, 9.6.10, 10.5
	NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client code l ...)
	- glusterfs 4.0.1-1
	[stretch] - glusterfs <not-affected> (Issue introduced in 3.13.2 and backported to 3.12 series)
	[jessie] - glusterfs <not-affected> (Issue introduced in 3.13.2 and backported to 3.12 series)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1611785
	NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
	NOTE: https://review.gluster.org/20723
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
	NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...)
	NOT-FOR-US: ttembed
CVE-2018-10921 (Certain input files may trigger an integer overflow in ttembed input f ...)
	NOT-FOR-US: ttembed
CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot Resolv ...)
	- knot-resolver 2.4.1-1 (bug #905325)
	NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an informatio ...)
	{DSA-4271-1 DLA-1539-1}
	- samba 2:4.8.4+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
CVE-2018-10918 (A null pointer dereference flaw was found in the way samba checked dat ...)
	- samba 2:4.8.4+dfsg-1
	[stretch] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
	[jessie] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
	NOTE: https://www.samba.org/samba/security/CVE-2018-10918.html
CVE-2018-10917 (pulp 2.16.x and possibly older is vulnerable to an improper path parsi ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2018-10916 (It has been discovered that lftp up to and including version 4.8.3 doe ...)
	- lftp 4.8.4-1 (bug #905163)
	[stretch] - lftp <no-dsa> (Minor issue)
	[jessie] - lftp <no-dsa> (Minor issue)
	NOTE: https://github.com/lavv17/lftp/issues/452
	NOTE: https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992
CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL client libr ...)
	{DSA-4269-1 DLA-1464-1}
	- postgresql-10 10.5-1
	- postgresql-9.6 <removed>
	- postgresql-9.5 <removed>
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <no-dsa> (package only serves as a means for upgrading to Stretch)
	NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
	NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
	NOT-FOR-US: Keycloak
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
	NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...)
	- bluez <unfixed> (low; bug #925369)
	[buster] - bluez <ignored> (Minor issue)
	[stretch] - bluez <ignored> (Minor issue, does not affected Gnome Bluetooth in stretch)
	[jessie] - bluez <no-dsa> (Minor issue because in gnome-bluetooth <= 3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no actual affect)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1606203
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602985
	NOTE: Bug in src:bluez itself and would need fixing there, but it is workaroundable in
	NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
	NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51
CVE-2018-10909
	RESERVED
CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...)
	- vdsm <itp> (bug #668538)
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
	NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...)
	{DSA-4257-1 DLA-1468-1}
	- fuse3 3.2.6-1 (bug #911343)
	- fuse 2.9.8-1 (bug #904439)
	NOTE: https://github.com/libfuse/libfuse/pull/268
	NOTE: https://sourceforge.net/p/fuse/mailman/message/36374753/
CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
	NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
CVE-2018-10903 (A flaw was found in python-cryptography versions between &gt;=1.9.0 an ...)
	- python-cryptography 2.3-1 (bug #904072)
	[stretch] - python-cryptography <not-affected> (Vulnerable code introduced later)
	[jessie] - python-cryptography <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com//pyca/cryptography/pull/4342
	NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
CVE-2018-10902 (It was found that the raw midi kernel driver does not protect against  ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
	NOTE: https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6)
CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The V ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/3444d7da1839b851eefedd372978d8a982316c36 (2.6.36-rc1)
CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1 ...)
	{DSA-4253-1 DLA-1454-1}
	- network-manager-vpnc 1.2.6-1 (bug #904255)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
	NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
CVE-2018-10899 (A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affecte ...)
	NOT-FOR-US: Jolokia
CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before v ...)
	- tripleo-heat-templates <removed>
CVE-2018-10897 (A directory traversal issue was found in reposync, a part of yum-utils ...)
	- yum-utils 1.1.31-2.2 (bug #921131)
	[stretch] - yum-utils <ignored> (Minor issue)
	[jessie] - yum-utils <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
	NOTE: https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
	NOTE: https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
	NOTE: https://github.com/rpm-software-management/yum-utils/pull/43
CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and newer, i ...)
	NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)
	- qutebrowser 1.4.1-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/11/7
	NOTE: https://github.com/qutebrowser/qutebrowser/issues/4060
	NOTE: Introduced in: https://github.com/qutebrowser/qutebrowser/commit/ffc29ee (v1.0.0)
	NOTE: Fixed in: https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 (v1.4.1)
CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final incorrec ...)
	NOT-FOR-US: Keycloak
CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were discovered i ...)
	- spice-gtk <unfixed> (bug #904161)
	[buster] - spice-gtk <no-dsa> (Minor issue)
	[stretch] - spice-gtk <no-dsa> (Minor issue)
	[jessie] - spice-gtk <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
	NOTE: Ongoing patch review: https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby f ...)
	[experimental] - docker.io 18.06.0+dfsg1-1
	- docker.io 18.06.1+dfsg1-1 (bug #908057)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598581
	NOTE: https://github.com/moby/moby/pull/37404
CVE-2018-10891 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...)
	- moodle <removed>
CVE-2018-10890 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...)
	- moodle <removed>
CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No opt ...)
	- moodle <removed>
CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in  ...)
	{DLA-1477-1}
	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been discove ...)
	{DLA-1477-1}
	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
	- ant 1.10.5-1 (bug #904191)
	[stretch] - ant <not-affected> (Incomplete fix for CVE-2018-10886 not applied)
	[jessie] - ant 1.9.4-3+deb8u2
	NOTE: Workaround entry for DLA-1457-1 (as no CVE will be assigned by its CNA)
	NOTE: https://github.com/apache/ant/commit/6a41d62cb9ab4e640b72cb4de42a6c211dea645d
	NOTE: https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a6300
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62502
CVE-2018-10886
	REJECTED
	{DSA-4255-1 DLA-1431-1}
	- ant 1.10.4-1
	NOTE: Fixed upstream in 1.9.12 and 1.10.4
	NOTE: https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
	NOTE: https://github.com/apache/ant/commit/1a2b1e37e3616991588f21efa89c474dd6ff83ff
	NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
	NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407
	NOTE: The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of
	NOTE: scope of the assigning CNA.
CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy c ...)
	NOT-FOR-US: atomic-openshift
CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-s ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200071
CVE-2018-10882 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200069
CVE-2018-10881 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200015
CVE-2018-10880 (Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4  ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200005
CVE-2018-10879 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596806
CVE-2018-10878 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199865
CVE-2018-10877 (Linux kernel ext4 filesystem is vulnerable to an out-of-bound access i ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199417
CVE-2018-10876 (A flaw was found in Linux kernel in the ext4 filesystem code. A use-af ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199403
CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the current work ...)
	{DSA-4396-1 DLA-1923-1}
	- ansible 2.6.1+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596533
	NOTE: https://github.com/ansible/ansible/pull/42070
	NOTE: https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
CVE-2018-10874 (In ansible it was found that inventory variables are loaded from curre ...)
	- ansible 2.6.1+dfsg-1
	[stretch] - ansible <not-affected> (Vulnerable code not present)
	[jessie] - ansible <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528
	NOTE: https://github.com/ansible/ansible/pull/42067
	NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 where th ...)
	{DSA-4319-1 DLA-1489-1 DLA-1486-1}
	- spice 0.14.0-1.1 (bug #906315)
	- spice-gtk 0.35-1 (bug #906316)
	[stretch] - spice-gtk <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions delive ...)
	- linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596094
CVE-2018-10871 (389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Clear ...)
	{DLA-1483-1}
	[experimental] - 389-ds-base 1.4.0.13-1
	- 389-ds-base 1.4.0.15-1
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://pagure.io/389-ds-base/issue/49789
CVE-2018-10870 (redhat-certification does not properly sanitize paths in rhcertStore.p ...)
	NOT-FOR-US: Red Hat Certification
CVE-2018-10869 (redhat-certification does not properly restrict files that can be down ...)
	NOT-FOR-US: Red Hat Certification
CVE-2018-10868
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10867
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10866
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10865
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in redha ...)
	NOT-FOR-US: Red Hat Certification
CVE-2018-10863
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any authen ...)
	{DSA-4339-1}
	- ceph 12.2.8+dfsg1-1 (bug #913470)
	[jessie] - ceph <no-dsa> (Intrusive changes)
	NOTE: http://tracker.ceph.com/issues/24838
	NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in Archive::Zi ...)
	{DSA-4300-1 DLA-1440-1}
	- libarchive-zip-perl 1.62-1 (bug #902882)
	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypting fil ...)
	{DLA-1495-1}
	- git-annex 6.20180626-1
	[stretch] - git-annex 6.20170101-1+deb9u2
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ex ...)
	{DSA-4271-1 DLA-1539-1}
	- samba 2:4.8.4+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltration at ...)
	{DLA-1495-1}
	- git-annex 6.20180626-1
	[stretch] - git-annex 6.20170101-1+deb9u2
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not drop  ...)
	- libpod <not-affected> (Fixed before initial upload)
CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the n ...)
	{DSA-4396-1}
	- ansible 2.5.5+dfsg-1 (low)
	[jessie] - ansible <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ansible/ansible/pull/41414
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855
CVE-2018-10854 (cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable t ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before 4.18 em ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.16-1
	[stretch] - linux 4.9.110-1
	NOTE: Fixed by: https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6
CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the available s ...)
	{DLA-1429-1}
	- sssd 1.16.3-1 (bug #902860)
	[stretch] - sssd <no-dsa> (Minor issue)
	NOTE: https://pagure.io/SSSD/sssd/issue/3766
	NOTE: https://pagure.io/SSSD/sssd/c/ed90a20a0f0e936eb00d268080716c0384ffb01d (master, ssd-1_16_3)
CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4. ...)
	- pdns 4.1.5-1 (bug #913163)
	[stretch] - pdns 4.0.3-1+deb9u3
	[jessie] - pdns <ignored> (Minor issue)
	- pdns-recursor 4.1.7-1 (bug #913162)
	[stretch] - pdns-recursor 4.0.4-1+deb9u4
	[jessie] - pdns-recursor <ignored> (Minor issue)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
	NOTE: https://downloads.powerdns.com/patches/2018-03/
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html
	NOTE: https://downloads.powerdns.com/patches/2018-04/
CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race  ...)
	{DLA-1428-1}
	[experimental] - 389-ds-base 1.4.0.13-1
	- 389-ds-base 1.4.0.15-1 (bug #903501)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588056
	NOTE: https://pagure.io/389-ds-base/c/8f04487f99a
	NOTE: https://pagure.io/389-ds-base/issue/49768
CVE-2018-10849
	REJECTED
CVE-2018-10848
	REJECTED
CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authenticat ...)
	{DSA-4216-1}
	- prosody 0.10.2-1 (bug #900524)
	NOTE: https://issues.prosody.im/1147
	NOTE: https://blog.prosody.im/prosody-0-10-2-security-release/
	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1)
	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch (0.9.x)
CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads to plai ...)
	{DLA-1560-1}
	[experimental] - gnutls28 3.6.3-1
	- gnutls28 3.5.19-1
	[stretch] - gnutls28 3.5.8-5+deb9u4
	- gnutls26 <removed>
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
	NOTE: https://gitlab.com/gnutls/gnutls/commit/ce671a6db9e47006cff152d485091141b1569f39 (master)
	NOTE: The proposed fix is to introduce a new option to force encrypt-then-mac
	NOTE: instead of correcting the issue.
	NOTE: https://eprint.iacr.org/2018/747
	NOTE: Backport of the MR657 to 3.5.x: https://gitlab.com/gnutls/gnutls/merge_requests/663
CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was vulner ...)
	{DLA-1560-1}
	- gnutls28 3.5.19-1
	[stretch] - gnutls28 3.5.8-5+deb9u4
	- gnutls26 <removed>
	NOTE: https://gitlab.com/gnutls/gnutls/issues/455
	NOTE: https://gitlab.com/gnutls/gnutls/commit/cc14ec5ece856cb083d64e6a5a8657323da661cb (master)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/e14d85eb8b1987d86f7b1d101a0e7795675d20d4 (gnutls_3_5_19)
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
	NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was vulner ...)
	{DLA-1560-1}
	- gnutls28 3.5.19-1
	[stretch] - gnutls28 3.5.8-5+deb9u4
	- gnutls26 <removed>
	NOTE: https://gitlab.com/gnutls/gnutls/issues/456
	NOTE: https://gitlab.com/gnutls/gnutls/commit/29ffa2a1fa4cc396c5d1563a3e5cdca0174de28b (master)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c32a8690f9f9b05994078fe9d2e7a41b18da5b09 (master)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c433cdf92349afae66c703bdacedf987f423605e (gnutls_3_5_19)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c2e094acd68f7159025b2e2556d6fb4427b41dd7 (gnutls_3_5_19)
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
	NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10843 (source-to-image component of Openshift Container Platform before versi ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-10842
	REJECTED
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
	- glusterfs 4.1.2-1 (bug #901968)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://review.gluster.org/#/c/20328/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in the fs/e ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199347
	NOTE: Fixed by: https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23
CVE-2018-10839 (Qemu emulator &lt;= 3.0.0 built with the NE2000 NIC emulation support  ...)
	{DSA-4338-1 DLA-1599-1}
	- qemu 1:3.1+dfsg-1 (bug #910431)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb
CVE-2018-10838
	RESERVED
CVE-2018-10837
	RESERVED
CVE-2018-10836
	RESERVED
CVE-2018-10835
	RESERVED
CVE-2018-10834
	RESERVED
CVE-2018-10833
	RESERVED
CVE-2018-10832 (ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. P ...)
	NOT-FOR-US: ModbusPal
CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier t ...)
	NOT-FOR-US: Z-NOMP
CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10829
	RESERVED
CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 10.1.101.207. A ...)
	NOT-FOR-US: Alps Pointing-device Driver
CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: LiteCart
CVE-2018-10826
	RESERVED
CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for the Bl ...)
	NOT-FOR-US: Mimo Baby 2
CVE-2018-10824 (An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L throu ...)
	NOT-FOR-US: D-Link
CVE-2018-10823 (An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 throug ...)
	NOT-FOR-US: D-Link
CVE-2018-10822 (Directory traversal vulnerability in the web interface on D-Link DWR-1 ...)
	NOT-FOR-US: D-Link
CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in backend/pages/modify.php i ...)
	NOT-FOR-US: BlackCatCMS
CVE-2018-10820
	RESERVED
CVE-2018-10819
	RESERVED
CVE-2018-10818
	RESERVED
CVE-2018-10817 (Severalnines ClusterControl before 1.6.0-4699 allows XSS. ...)
	NOT-FOR-US: Severalnines ClusterControl
CVE-2018-10816
	RESERVED
CVE-2018-10815 (An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x befo ...)
	NOT-FOR-US: Cloudera Manager
CVE-2018-10814 (Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for ...)
	NOT-FOR-US: Synametrics SynaMan
CVE-2018-10813 (In Dedos-web 1.0, the cookie and session secrets used in the Express.j ...)
	NOT-FOR-US: Dedos-web
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cleartex ...)
	NOT-FOR-US: Bitpie application for Android and iOS
CVE-2018-10811 (strongSwan 5.6.0 and older allows Remote Denial of Service because of  ...)
	{DSA-4229-1}
	- strongswan 5.6.3-1
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html
CVE-2018-10810 (chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affe ...)
	NOT-FOR-US: LiveZilla Live Chat
CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10808
	RESERVED
CVE-2018-10807
	RESERVED
CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross  ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (unimportant; bug #898218)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1054
CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (unimportant; bug #898217)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials functi ...)
	NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
CVE-2018-1000301 (curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-1 ...)
	{DSA-4202-1 DLA-1379-1}
	- curl 7.60.0-1 (bug #898856)
	NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
CVE-2018-1000300 (curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-1 ...)
	- curl 7.60.0-1
	[stretch] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	[jessie] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	NOTE: https://curl.haxx.se/docs/adv_2018-82c2.html
CVE-2018-1000177 (A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000176 (An exposure of sensitive information vulnerability exists in Jenkins E ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000175 (A path traversal vulnerability exists in Jenkins HTML Publisher Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000174 (An open redirect vulnerability exists in Jenkins Google Login Plugin 1 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google Login Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-10802
	RESERVED
CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as dem ...)
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2790
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
	NOTE: technically still present in the source package
CVE-2018-10800
	RESERVED
CVE-2018-10799 (A hang issue was discovered in Brave before 0.14.0 (on, for example, L ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-10798 (A hang issue was discovered in Brave before 0.14.0 (on, for example, L ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-10797
	RESERVED
CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10795 (** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration ...)
	NOT-FOR-US: Liferay
CVE-2017-18265 (Prosody before 0.10.0 allows remote attackers to cause a denial of ser ...)
	{DSA-4198-1}
	- prosody 0.10.0-1 (bug #875829)
	[jessie] - prosody <not-affected> (Only exploitable with a LuaSocket version not in jessie)
	[wheezy] - prosody <not-affected> (Vulnerable code not present)
	NOTE: https://prosody.im/issues/issue/987
CVE-2018-10794
	RESERVED
CVE-2018-10793
	RESERVED
CVE-2018-10792
	RESERVED
CVE-2018-10791
	RESERVED
CVE-2018-10790
	RESERVED
CVE-2018-10789
	RESERVED
CVE-2018-10788
	RESERVED
CVE-2018-10787
	RESERVED
CVE-2018-10786
	RESERVED
CVE-2018-10785
	RESERVED
CVE-2018-10784
	RESERVED
CVE-2018-10783
	RESERVED
CVE-2018-10782
	RESERVED
CVE-2018-10781
	RESERVED
CVE-2018-10780 (Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based bu ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575201
	NOTE: Commit https://github.com/Exiv2/exiv2/commit/74cb5bab132ed76adf15df172c5e8b58cddaa96c
	NOTE: adresses an overflow, but not solving the invalid write of size 1 via
	NOTE: Exiv2::Image::printIFDStructure.
	NOTE: Commit https://github.com/Exiv2/exiv2/commit/8ff26931e31bb25d66c69846f47f3f5b6d9a32f1
	NOTE: avoids using Image::printStructure() when reading images.
CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buf ...)
	- tiff 4.0.6-3 (bug #898359)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2788
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
	NOTE: technically still present in the source package
CVE-2018-10778 (Read access violation in the III_dequantize_sample function in mpglibD ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c in li ...)
	- bibutils <unfixed> (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10774 (Read access violation in the isiin_keyword function in isiin.c in libb ...)
	- bibutils <unfixed> (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10773 (NULL pointer deference in the addsn function in serialno.c in libbibco ...)
	- bibutils <unfixed> (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10772 (The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allow ...)
	[experimental] - exiv2 <unfixed>
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566260
CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c in abcm ...)
	- abcm2ps 8.14.2-0.1 (unimportant; bug #898130)
	NOTE: https://github.com/leesavide/abcm2ps/issues/17
	NOTE: https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
	NOTE: Crash in CLI tool (neutralised by toolchain hardening), no security impact
CVE-2018-10770 (download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attac ...)
	NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
CVE-2018-10769 (The transferProxy and approveProxy functions of a smart contract imple ...)
	NOT-FOR-US: smart contract
CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength  ...)
	{DLA-1562-1}
	- poppler 0.38.0-2
	[wheezy] - poppler <not-affected> (Vulnerable code is not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106408
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=942adfc25e7a00ac3cf032ced2d8949e99099f70 (poppler-0.37)
CVE-2018-10767 (There is a stack-based buffer over-read in calling GLib in the functio ...)
	- libgxps 0.3.0-3 (bug #898133)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	[wheezy] - libgxps <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575188
CVE-2018-10766
	RESERVED
CVE-2018-10765
	RESERVED
CVE-2018-10764
	RESERVED
CVE-2018-10763 (Multiple cross-site scripting (XSS) vulnerabilities in Synametrics Syn ...)
	NOT-FOR-US: Synametrics SynaMan
CVE-2018-10762
	REJECTED
CVE-2018-10761
	REJECTED
CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in ProjectP ...)
	NOT-FOR-US: Files plugin in ProjectPier
CVE-2018-10759 (PHP remote file inclusion vulnerability in public/patch/patch.php in P ...)
	NOT-FOR-US: Project Pier
CVE-2018-11319 (Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle s ...)
	{DSA-4261-1 DLA-1444-1}
	- vim-syntastic 3.9.0-1 (bug #894736)
	NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
	NOTE: https://github.com/vim-syntastic/syntastic/commit/6d7c0b394e001233dd09ec473fbea2002c72632f
CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action  ...)
	NOT-FOR-US: Datenstrom Yellow
CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
	NOT-FOR-US: CSP MySQL User Manager
CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
	{DLA-2218-1}
	- transmission 3.00-1 (bug #961461)
	NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00)
	NOTE: https://tomrichards.net/2020/05/cve-2018-10756-transmission/
CVE-2018-10755
	REJECTED
CVE-2018-10754
	REJECTED
CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c  ...)
	- abcm2ps 8.14.2-0.1 (unimportant; bug #897966)
	NOTE: https://github.com/leesavide/abcm2ps/issues/16
	NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title f ...)
	NOT-FOR-US: Tagregator plugin for WordPress
CVE-2018-10751 (A malformed OMACP WAP push message can cause memory corruption on a Sa ...)
	NOT-FOR-US: Samsung
CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10748 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10747 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10746 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10745
	RESERVED
CVE-2018-10744
	RESERVED
CVE-2018-10743
	RESERVED
CVE-2018-10742
	RESERVED
CVE-2018-10741
	RESERVED
CVE-2018-10740 (Axublog 1.1.0 allows remote Code Execution as demonstrated by injectio ...)
	NOT-FOR-US: Axublog
CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10738 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10737 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10736 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10735 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoo ...)
	NOT-FOR-US: KONGTOP DVR devices
CVE-2018-10733 (There is a heap-based buffer over-read in the function ft_font_face_ha ...)
	- libgxps 0.3.0-3 (low; bug #897954)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	[wheezy] - libgxps <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1574844
	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=b458226e162fe1ffe7acb4230c114a52ada5131b
	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=133fe2a96e020d4ca65c6f64fb28a404050ebbfd
CVE-2018-10732 (The REST API in Dataiku DSS before 4.2.3 allows remote attackers to ob ...)
	NOT-FOR-US: Dataiku DSS
CVE-2018-10731 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10730 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10729 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10728 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10727 (Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_refer ...)
	NOT-FOR-US: Joomla extension
CVE-2018-10726 (** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yell ...)
	NOT-FOR-US: Datenstrom Yellow
CVE-2018-10725
	RESERVED
CVE-2018-10724
	RESERVED
CVE-2018-10723 (Directus 6.4.9 has a hardcoded admin password for the Admin account be ...)
	NOT-FOR-US: Directus
CVE-2018-10722 (In Cylance CylancePROTECT before 1470, an unprivileged local user can  ...)
	NOT-FOR-US: Cylance CylancePROTECT
CVE-2018-10721
	RESERVED
CVE-2018-10720
	RESERVED
CVE-2018-10719
	RESERVED
CVE-2018-10718 (Stack-based buffer overflow in Activision Infinity Ward Call of Duty M ...)
	NOT-FOR-US: Activision
CVE-2018-10717 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does no ...)
	NOT-FOR-US: ngiflib
CVE-2018-10716 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10715
	RESERVED
CVE-2018-10714
	RESERVED
CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10712 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10711 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10710 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10709 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10708
	RESERVED
CVE-2018-10707
	RESERVED
CVE-2018-10706 (An integer overflow in the transferMulti function of a smart contract  ...)
	NOT-FOR-US: Social Chain
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an Ethe ...)
	NOT-FOR-US: Aurora DAD
CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...)
	NOT-FOR-US: yidashi yii2cmf
CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10701 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10700 (An issue was discovered on Moxa AWK-3121 1.19 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10699 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
	NOT-FOR-US: Moxa
CVE-2018-10698 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device enab ...)
	NOT-FOR-US: Moxa
CVE-2018-10697 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
	NOT-FOR-US: Moxa
CVE-2018-10696 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
	NOT-FOR-US: Moxa
CVE-2018-10695 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ale ...)
	NOT-FOR-US: Moxa
CVE-2018-10694 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
	NOT-FOR-US: Moxa
CVE-2018-10693 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides pin ...)
	NOT-FOR-US: Moxa
CVE-2018-10692 (An issue was discovered on Moxa AWK-3121 1.14 devices. The session coo ...)
	NOT-FOR-US: Moxa
CVE-2018-10691 (An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended  ...)
	NOT-FOR-US: Moxa
CVE-2018-10690 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device by d ...)
	NOT-FOR-US: Moxa
CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel a ...)
	- blktrace 1.2.0-1 (low; bug #897695)
	[stretch] - blktrace 1.1.0-2+deb9u1
	[jessie] - blktrace 1.0.5-1+deb8u1
	[wheezy] - blktrace <no-dsa> (Minor issue)
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
	NOTE: https://www.spinics.net/lists/linux-btrace/msg00847.html
CVE-2018-10688
	RESERVED
CVE-2018-10687
	RESERVED
CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is Refl ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the  ...)
	- lrzip 0.631+git180517-1 (low; bug #897645)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <ignored> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/95
CVE-2018-10684
	RESERVED
CVE-2018-10683 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10682 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is  ...)
	- wildfly <itp> (bug #752018)
CVE-2016-10723 (** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...)
	- linux <unfixed>
	- linux-4.9 <removed>
	NOTE: https://patchwork.kernel.org/patch/10395909/
CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based buff ...)
	- partclone 0.2.88-1
	[jessie] - partclone <no-dsa> (Minor issue)
	[wheezy] - partclone <no-dsa> (Minor issue)
	NOTE: https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/71
CVE-2016-10721 (partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer  ...)
	- partclone 0.2.88-1
	[jessie] - partclone <no-dsa> (Minor issue)
	[wheezy] - partclone <no-dsa> (Minor issue)
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/82
CVE-2018-10681
	RESERVED
CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulne ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-10679
	RESERVED
CVE-2018-10678 (MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_b ...)
	NOT-FOR-US: MyBB
CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks c ...)
	NOT-FOR-US: ngiflib
CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR dev ...)
	NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices
CVE-2018-10674
	RESERVED
CVE-2018-10673
	RESERVED
CVE-2018-10672
	RESERVED
CVE-2018-10671
	RESERVED
CVE-2018-10670
	RESERVED
CVE-2018-10669
	RESERVED
CVE-2018-10668
	RESERVED
CVE-2018-10667
	RESERVED
CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membership (ID ...)
	NOT-FOR-US: Aurora IDEX
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
	NOT-FOR-US: ILIAS
CVE-2018-10664 (An issue was discovered in the httpd process in multiple models of Axi ...)
	NOT-FOR-US: Axis
CVE-2018-10663 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10662 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10661 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10660 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10659 (There was a Memory Corruption issue discovered in multiple models of A ...)
	NOT-FOR-US: Axis
CVE-2018-10658 (There was a Memory Corruption issue discovered in multiple models of A ...)
	NOT-FOR-US: Axis
CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel be ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6)
CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service flaw wher ...)
	- matrix-synapse 0.28.1+dfsg-1
	NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
	NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
CVE-2018-10656
	RESERVED
CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 h ...)
	NOT-FOR-US: DeviceLock Plug and Play Auditor
CVE-2018-10654 (There is a Hazelcast Library Java Deserialization Vulnerability in Cit ...)
	NOT-FOR-US: Citrix
CVE-2018-10653 (There is an XML External Entity (XXE) Processing Vulnerability in Citr ...)
	NOT-FOR-US: Citrix
CVE-2018-10652 (There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10. ...)
	NOT-FOR-US: Citrix
CVE-2018-10651 (There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10. ...)
	NOT-FOR-US: Citrix
CVE-2018-10650 (There is an Insufficient Path Validation Vulnerability in Citrix XenMo ...)
	NOT-FOR-US: Citrix
CVE-2018-10649 (There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Serv ...)
	NOT-FOR-US: Citrix
CVE-2018-10648 (There are Unauthenticated File Upload Vulnerabilities in Citrix XenMob ...)
	NOT-FOR-US: Citrix
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation  ...)
	NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege esca ...)
	NOT-FOR-US: CyberGhost
CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM priv ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2018-10644
	RESERVED
CVE-2018-10643
	RESERVED
CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote au ...)
	NOT-FOR-US: Combodo iTop
CVE-2018-10641 (D-Link DIR-601 A1 1.02NA devices do not require the old password for a ...)
	NOT-FOR-US: D-Link
CVE-2018-10640
	RESERVED
CVE-2018-10639
	RESERVED
CVE-2018-10638
	RESERVED
CVE-2018-10637 (A maliciously crafted project file may cause a buffer overflow, which  ...)
	NOT-FOR-US: Fuji
CVE-2018-10636 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ha ...)
	NOT-FOR-US: CNCSoft
CVE-2018-10635 (In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5 ...)
	NOT-FOR-US: Universal Robots
CVE-2018-10634 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL- ...)
	NOT-FOR-US: Medtronic
CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-10 ...)
	NOT-FOR-US: Universal Robots
CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and pri ...)
	NOT-FOR-US: Moxa
CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Progra ...)
	NOT-FOR-US: Medtronic
CVE-2018-10630 (For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version p ...)
	NOT-FOR-US: Creston
CVE-2018-10629
	RESERVED
CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update ...)
	NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-10626 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
	NOT-FOR-US: Medtronic
CVE-2018-10625
	RESERVED
CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (B ...)
	NOT-FOR-US: Johnson Controls Metasys System
CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04  ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10622 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
	NOT-FOR-US: Medtronic
CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04  ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Editio ...)
	NOT-FOR-US: AVEVA
CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01  ...)
	NOT-FOR-US: RSLinx
CVE-2018-10618 (Davolink DVW-3200N all version prior to Version 1.00.06. The device ge ...)
	NOT-FOR-US: Davolink DVW-3200N
CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04  ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input validation vu ...)
	NOT-FOR-US: ABB Panel Builder 800
CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or deleted on  ...)
	NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10614 (An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be ...)
	NOT-FOR-US: LeviStudioU
CVE-2018-10613 (Multiple variants of XML External Entity (XXE) attacks may be used to  ...)
	NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10612 (In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior  ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Control V3 Products
CVE-2018-10611 (Java remote method invocation (RMI) input port in GE MDS PulseNET and  ...)
	NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10610 (An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8 ...)
	NOT-FOR-US: LeviStudioU
CVE-2018-10609 (Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-6 ...)
	NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited  ...)
	NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-6 ...)
	NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10606 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based b ...)
	NOT-FOR-US: WECON LeviStudio
CVE-2018-10605 (Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unp ...)
	NOT-FOR-US: Martem TELEM GW6/GWM
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to  ...)
	NOT-FOR-US: SEL Compass
CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-6 ...)
	NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10602 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based  ...)
	NOT-FOR-US: WECON LeviStudio
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
	NOT-FOR-US: Philips
CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitize ...)
	NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
	NOT-FOR-US: Philips
CVE-2018-10598 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ha ...)
	NOT-FOR-US: CNCSoft
CVE-2018-10597 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
	NOT-FOR-US: Philips
CVE-2018-10596 (Medtronic 2090 CareLink Programmer all versions The affected product u ...)
	NOT-FOR-US: Medtronic
CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an author ...)
	NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10594 (Delta Industrial Automation COMMGR from Delta Electronics versions 1.0 ...)
	NOT-FOR-US: Delta
CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and Perform ...)
	NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10592 (Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers  ...)
	NOT-FOR-US: Yokogawa
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-10588
	RESERVED
CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Injection vu ...)
	NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-S ...)
	NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10585
	RESERVED
CVE-2018-10584
	RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3  ...)
	- libreoffice <unfixed> (unimportant)
	NOTE: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
	NOTE: This is the generic behaviour of accessing remote SMB shares and not limited to
	NOTE: Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
	NOTE: from the local network
	NOTE: The following commit adds this class of access to the list of trusted locations:
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e
CVE-2018-10582
	RESERVED
CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-10580 (The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because ther ...)
	NOT-FOR-US: "Latest Posts on Profile" plugin for MyBB
CVE-2018-10579
	RESERVED
CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard AP100, AP102, and AP200 devices
CVE-2018-10577 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard AP100, AP102, and AP200 devices
CVE-2018-10576 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard devices
CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard devices
CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows r ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Si ...)
	NOT-FOR-US: Imagely NextGEN Gallery
CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10572 (interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remot ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10571 (Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1. ...)
	NOT-FOR-US: Edimax EW-7438RPn Mini v2
CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...)
	NOT-FOR-US: Flexense DiskSorter Enterprise
CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2018-10566 (XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. ...)
	NOT-FOR-US: Flexense DupScout Enterprise
CVE-2018-10565 (XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. ...)
	NOT-FOR-US: Flexense DiskSavvy Enterprise
CVE-2018-10564 (XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. ...)
	NOT-FOR-US: Flexense DiskPulse Enterprise
CVE-2018-10563 (An XSS in Flexense SyncBreeze affects all versions (tested from SyncBr ...)
	NOT-FOR-US: Flexense SyncBreeze
CVE-2018-10562 (An issue was discovered on Dasan GPON home routers. Command Injection  ...)
	NOT-FOR-US: Dasan GPON home routers
CVE-2018-10561 (An issue was discovered on Dasan GPON home routers. It is possible to  ...)
	NOT-FOR-US: Dasan GPON home routers
CVE-2018-10560
	RESERVED
CVE-2018-10559
	RESERVED
CVE-2018-10558
	RESERVED
CVE-2018-10557
	RESERVED
CVE-2018-10556
	RESERVED
CVE-2018-10555
	RESERVED
CVE-2018-10554 (An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10553 (An issue was discovered in Nagios XI 5.4.13. A registered user is able ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10552
	RESERVED
CVE-2018-10551
	RESERVED
CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag variable scop ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...)
	{DSA-4240-1 DLA-1397-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (vulnerable code is not present)
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76130
CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...)
	{DSA-4240-1 DLA-1397-1 DLA-1373-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76248
CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ...)
	{DSA-4240-1 DLA-1397-1 DLA-1373-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76129
CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...)
	{DSA-4240-1 DLA-1397-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (does not cause an infinite loop)
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76249
CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1 ...)
	{DSA-4240-1 DLA-1397-1 DLA-1373-1}
	- php7.2 7.2.4-1
	- php7.1 7.1.16-1
	- php7.0 7.0.29-1
	- php5 <removed>
	NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605
CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated admin. ...)
	NOT-FOR-US: Meross MSS110
CVE-2018-10543
	RESERVED
CVE-2018-10542
	RESERVED
CVE-2018-10541
	RESERVED
CVE-2018-10540 (An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Ou ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10539 (An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10538 (An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Ou ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10537 (An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser c ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
	NOTE: https://github.com/dbry/WavPack/issues/30
	NOTE: https://github.com/dbry/WavPack/issues/31
	NOTE: https://github.com/dbry/WavPack/issues/32
CVE-2018-10536 (An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser c ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
	NOTE: https://github.com/dbry/WavPack/issues/30
	NOTE: https://github.com/dbry/WavPack/issues/31
	NOTE: https://github.com/dbry/WavPack/issues/32
CVE-2018-10535 (The ignore_section_sym function in elf.c in the Binary File Descriptor ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23113
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db0c309f4011ca94a4abc8458e27f3734dab92ac
CVE-2018-10534 (The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23110
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
CVE-2018-10533
	RESERVED
CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 dev ...)
	NOT-FOR-US: EE 4GEE HH70VB-2BE8GB3s
CVE-2018-10531 (An issue was discovered in the America's Army Proving Grounds platform ...)
	NOT-FOR-US: America's Army Proving Grounds
CVE-2018-10530
	RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
	- libraw 0.18.11-1 (low; bug #897186)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
	NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...)
	- libraw 0.18.11-1 (low; bug #897185)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
	NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four field ...)
	NOT-FOR-US: EasyCMS
CVE-2018-10526
	RESERVED
CVE-2018-10525
	RESERVED
CVE-2017-18264 (An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0  ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.6-2
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7232271a379396ca1d4b083af051262057003c41 (4.7-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b6ca92cc75c8a16001425be7881e73430bcc35b8 (4.0-branch)
	NOTE: If the issue is triggerable depends as well on the used PHP version.
CVE-2017-18263 (Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has dir ...)
	NOT-FOR-US: Seagate
CVE-2018-10524
	RESERVED
CVE-2018-10523 (CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10522 (In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10521 (In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10520 (In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operatio ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10519 (CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerab ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10518 (In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10517 (In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operatio ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10514 (A Missing Impersonation Privilege Escalation vulnerability in Trend Mi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10513 (A Deserialization of Untrusted Data Privilege Escalation vulnerability ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0)  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0)  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10510 (A Directory Traversal Remote Code Execution vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10509 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10508 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10507 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10506 (A out-of-bounds read information disclosure vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10505 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105.  ...)
	NOT-FOR-US: baijiacms
CVE-2018-10502 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Galaxy Apps Fixed
CVE-2018-10501 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Notes Fixed
CVE-2018-10500 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-10499 (This vulnerability allows local attackers to execute arbitrary code on ...)
	NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-10498 (This vulnerability allows local attackers to disclose sensitive inform ...)
	NOT-FOR-US: Samsung Email Fixed
CVE-2018-10497 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Email Fixed
CVE-2018-10496 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung Internet Browser Fixed
CVE-2018-10495 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10494 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10493 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10492 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10491 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10490 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10489 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10488 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10487 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10486 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10485 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10484 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10483 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10482 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10481 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10480 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10479 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10478 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10477 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10476 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10475 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10474 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10473 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10470 (Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidity ...)
	NOT-FOR-US: Little Snitch
CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and e ...)
	NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2018-10468 (The transferFrom function of a smart contract implementation for Usele ...)
	NOT-FOR-US: Ethereum
CVE-2018-10467
	RESERVED
CVE-2018-10466 (Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQ ...)
	NOT-FOR-US: Zoho
CVE-2018-10465 (Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro use ...)
	NOT-FOR-US: Jamf Pro
CVE-2018-10464
	RESERVED
CVE-2018-10463
	RESERVED
CVE-2018-10462
	RESERVED
CVE-2018-10461
	RESERVED
CVE-2018-10460
	RESERVED
CVE-2018-10459
	RESERVED
CVE-2018-10458
	RESERVED
CVE-2018-10457
	RESERVED
CVE-2018-10456
	RESERVED
CVE-2018-10455
	RESERVED
CVE-2018-10454
	RESERVED
CVE-2018-10453
	RESERVED
CVE-2018-10452
	RESERVED
CVE-2018-10451
	RESERVED
CVE-2018-10450
	RESERVED
CVE-2018-10449
	RESERVED
CVE-2018-10448
	RESERVED
CVE-2018-10447
	RESERVED
CVE-2018-10446
	RESERVED
CVE-2018-10445
	RESERVED
CVE-2018-10444
	RESERVED
CVE-2018-10443
	RESERVED
CVE-2018-10442
	RESERVED
CVE-2018-10441
	RESERVED
CVE-2018-10440
	RESERVED
CVE-2018-10439
	RESERVED
CVE-2018-10438
	RESERVED
CVE-2018-10437
	RESERVED
CVE-2018-10436
	RESERVED
CVE-2018-10435
	RESERVED
CVE-2018-10434
	RESERVED
CVE-2018-10433
	RESERVED
CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed Unv ...)
	NOT-FOR-US: Blackboard Learn
CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
	{DSA-4201-1 DLA-1549-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-259.html
CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest O ...)
	{DSA-4201-1 DLA-1559-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	[wheezy] - xen <not-affected> (No QMP support in wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-258.html
CVE-2018-10432
	RESERVED
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell me ...)
	NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
	NOT-FOR-US: DiliCMS
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via th ...)
	NOT-FOR-US: Cosmo
CVE-2018-10428 (ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due  ...)
	NOT-FOR-US: ILIAS
CVE-2018-10427
	RESERVED
CVE-2018-10426
	RESERVED
CVE-2018-10425 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10424 (mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10423 (mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a  ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10422 (An issue was discovered in HongCMS 3.0.0. The post news feature has St ...)
	NOT-FOR-US: HongCMS
CVE-2018-10421
	RESERVED
CVE-2018-10420
	RESERVED
CVE-2018-10419
	RESERVED
CVE-2018-10418
	RESERVED
CVE-2018-10417
	RESERVED
CVE-2018-10416
	RESERVED
CVE-2018-10415
	RESERVED
CVE-2018-10414
	RESERVED
CVE-2018-10413
	RESERVED
CVE-2018-10412
	RESERVED
CVE-2018-10411
	RESERVED
CVE-2018-10410
	RESERVED
CVE-2018-10409
	RESERVED
CVE-2018-10408 (An issue was discovered in VirusTotal. A maliciously crafted Universal ...)
	NOT-FOR-US: VirusTotal
CVE-2018-10407 (An issue was discovered in Carbon Black Cb Response. A maliciously cra ...)
	NOT-FOR-US: Carbon Black Cb Response
CVE-2018-10406 (An issue was discovered in Yelp OSXCollector. A maliciously crafted Un ...)
	NOT-FOR-US: Yelp OSXCollector
CVE-2018-10405 (An issue was discovered in Google Santa and molcodesignchecker. A mali ...)
	NOT-FOR-US: Google Santa and molcodesignchecker
CVE-2018-10404 (An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplore ...)
	NOT-FOR-US: Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo
CVE-2018-10403 (An issue was discovered in F-Secure XFENCE and Little Flocker. A malic ...)
	NOT-FOR-US: F-Secure XFENCE and Little Flocker
CVE-2018-10402
	RESERVED
CVE-2018-10401
	RESERVED
CVE-2018-10400
	RESERVED
CVE-2018-10399
	RESERVED
CVE-2018-10398
	RESERVED
CVE-2018-10397
	RESERVED
CVE-2018-10396
	RESERVED
CVE-2018-10395
	RESERVED
CVE-2018-10394
	RESERVED
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
	{DLA-2013-1}
	- libvorbis 1.3.6-2 (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <ignored> (Minor issue)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
	NOTE: Same patch as for CVE-2017-14160
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
	{DLA-2013-1}
	- libvorbis 1.3.6-2 (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <ignored> (Minor issue)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10390
	RESERVED
CVE-2018-10389 (Format string vulnerability in the logMess function in TFTP Server MT  ...)
	NOT-FOR-US: TFTP Server SP
CVE-2018-10388 (Format string vulnerability in the logMess function in TFTP Server SP  ...)
	NOT-FOR-US: TFTP Server SP
CVE-2018-10387 (Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier a ...)
	NOT-FOR-US: TFTP Server SP
CVE-2018-10386
	RESERVED
CVE-2018-10385
	RESERVED
CVE-2018-10384
	RESERVED
CVE-2018-10383 (Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.as ...)
	NOT-FOR-US: Lantronix SecureLinx Spider
CVE-2018-10382 (MODX Revolution 2.6.3 has XSS. ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalat ...)
	NOT-FOR-US: TunnelBear for Windows
CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain  ...)
	{DSA-4200-1}
	- kwallet-pam 5.12.1-2
	NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
	NOTE: https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12)
	NOTE: https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 (Plasma 5.12)
	NOTE: https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 (Plasma 5.8)
	NOTE: https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b (Plasma 5.8)
CVE-2018-10379 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	- gitlab 10.6.5+dfsg-1
	[stretch] - gitlab <not-affected> (Vulnerable code introduced in 9.5)
	NOTE: https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/
CVE-2018-10378
	RESERVED
CVE-2018-10377 (PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validati ...)
	NOT-FOR-US: PortSwigger Burp Suite
CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract  ...)
	NOT-FOR-US: SmartMesh token
CVE-2018-10375 (A file uploading vulnerability exists in /include/helpers/upload.helpe ...)
	NOT-FOR-US: DedeCMS
CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value)  ...)
	NOT-FOR-US: EasyCMS
CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor (BFD) librar ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23065
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6327533b1fd29fa86f6bf34e61c332c010e3c689
CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote atta ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23064
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1 ...)
	NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.12.4 in  ...)
	{DSA-4189-1 DLA-1370-1}
	- quassel 1:0.12.5-1 (bug #896914)
	NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
	NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
	{DSA-4189-1}
	- quassel 1:0.12.5-1 (bug #896915)
	[wheezy] - quassel <no-dsa> (Minor issue)
	NOTE: https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master)
	NOTE: https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-10370
	RESERVED
CVE-2018-10369 (A Cross-site scripting (XSS) vulnerability was discovered on Intelbras ...)
	NOT-FOR-US: Intelbras Win devices
CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -&gt ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management fea ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user management) p ...)
	NOT-FOR-US: Users (aka Front-end user management) plugin for October CMS
CVE-2018-10365 (An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB ...)
	NOT-FOR-US: Threads to Link plugin for MyBB
CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via the nam ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-10363 (An issue was discovered in the WpDevArt "Booking calendar, Appointment ...)
	NOT-FOR-US: WpDevArt "Booking calendar, Appointment Booking System" plugin for WordPress
CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file 5.33 allo ...)
	- file 1:5.33-3 (bug #901351)
	[stretch] - file 1:5.30-1+deb9u2
	[jessie] - file 1:5.22+15-2+deb8u4
	NOTE: https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
CVE-2018-10359 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10358 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10357 (A directory traversal vulnerability in Trend Micro Endpoint Applicatio ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10356 (A SQL injection remote code execution vulnerability in Trend Micro Ema ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10355 (An authentication weakness vulnerability in Trend Micro Email Encrypti ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10354 (A command injection remote command execution vulnerability in Trend Mi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10353 (A SQL injection information disclosure vulnerability in Trend Micro Em ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allo ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allo ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10350 (A SQL injection remote code execution vulnerability in Trend Micro Sma ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10349
	RESERVED
CVE-2018-10348
	RESERVED
CVE-2018-10347
	RESERVED
CVE-2018-10346
	RESERVED
CVE-2018-10345
	RESERVED
CVE-2018-10344
	RESERVED
CVE-2018-10343
	RESERVED
CVE-2018-10342
	RESERVED
CVE-2018-10341
	RESERVED
CVE-2018-10340
	RESERVED
CVE-2018-10339
	RESERVED
CVE-2018-10338
	RESERVED
CVE-2018-10337
	RESERVED
CVE-2018-10336
	RESERVED
CVE-2018-10335
	RESERVED
CVE-2018-10334
	RESERVED
CVE-2018-10333
	RESERVED
CVE-2018-10332
	RESERVED
CVE-2018-10331
	RESERVED
CVE-2018-10330
	RESERVED
CVE-2018-10361 (An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure ...)
	- ktexteditor 5.47.0-1 (bug #896836)
	[stretch] - ktexteditor <not-affected> (Introduced in 5.34.0)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/24/1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033055
	NOTE: https://phabricator.kde.org/R39:c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590
CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on / ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/issues/1903
CVE-2018-10328 (Momentum Axel 720P 5.1.8 devices have a hardcoded password of streamin ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-10327 (PrinterOn Enterprise 4.1.3 stores the Active Directory bind credential ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-10326 (PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored  ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-10325
	RESERVED
CVE-2018-10324
	RESERVED
CVE-2018-10323 (The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in  ...)
	{DSA-4188-1 DLA-1529-1}
	- linux 4.16.5-1
	[wheezy] - linux <ignored> (Too much work to backport)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199423
CVE-2018-10322 (The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the ...)
	- linux 4.16.5-1
	[jessie] - linux <ignored> (dinode verifier not implemented)
	[wheezy] - linux <ignored> (dinode verifier not implemented)
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Ad ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10320 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parame ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10319 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] para ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10318 (Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parame ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10317
	RESERVED
CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the asse ...)
	- nasm 2.14-1 (unimportant)
	NOTE: No security impact
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392474
	NOTE: https://github.com/netwide-assembler/nasm/commit/f0ceb1e122dc3523123dd8dfd6113f2e68451452
CVE-2018-10315
	RESERVED
CVE-2018-10314 (Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 ...)
	NOT-FOR-US: Open-AudIT Community
CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D paramete ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10312 (index.php?m=member&amp;v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to ch ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10310 (A persistent cross-site scripting vulnerability has been identified in ...)
	NOT-FOR-US: web interface of the Catapult UK Cookie Consent plugin for WordPress
CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress mishandl ...)
	NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
CVE-2018-10308
	RESERVED
CVE-2018-10307 (error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the ...)
	NOT-FOR-US: ILIAS
CVE-2018-10306 (Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Fo ...)
	NOT-FOR-US: ILIAS
CVE-2018-10305 (The MessageSearch2 function in PersonalMessage.php in Simple Machines  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2018-10304
	RESERVED
CVE-2018-10303 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10302 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10362 (An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to  ...)
	- phpliteadmin 1.9.7.1-2 (bug #896682)
	NOTE: https://github.com/phpLiteAdmin/pla/issues/11
	NOTE: Fixed by: https://github.com/phpLiteAdmin/pla/commit/41545fe058e674a983f557bff13787df53167274
CVE-2018-10301 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram F ...)
	NOT-FOR-US: Web-Dorado Instagram Feed WD plugin Premium for WordPress
CVE-2018-10300 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram F ...)
	NOT-FOR-US: Web-Dorado Instagram Feed WD plugin for WordPress
CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart contract  ...)
	NOT-FOR-US: Beauty Chain
CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post& ...)
	NOT-FOR-US: DiscuzX
CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=por ...)
	NOT-FOR-US: DiscuzX
CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...)
	NOT-FOR-US: ChemCMS
CVE-2018-10294 (Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. ...)
	NOT-FOR-US: Flexense DiskBoss Enterprise
CVE-2018-10293
	RESERVED
CVE-2018-10292
	RESERVED
CVE-2018-10291
	RESERVED
CVE-2018-10290
	RESERVED
CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...)
	- mupdf 1.13.0+ds1-3 (unimportant; bug #896545)
	[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
	[wheezy] - mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699271
	NOTE: Introduced in http://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8)
CVE-2018-10288
	RESERVED
CVE-2018-10287
	RESERVED
CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive in ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access  ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/men ...)
	NOT-FOR-US: Adaltech G-Ticket v70 EME104
CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...)
	NOT-FOR-US: CliqueMania loja virtual
CVE-2018-10282
	RESERVED
CVE-2018-10281
	RESERVED
CVE-2018-10280
	RESERVED
CVE-2018-10279
	RESERVED
CVE-2018-10278
	RESERVED
CVE-2018-10277
	RESERVED
CVE-2018-10276
	RESERVED
CVE-2018-10275
	RESERVED
CVE-2018-10274
	RESERVED
CVE-2018-10273
	RESERVED
CVE-2018-10272
	RESERVED
CVE-2018-10271
	RESERVED
CVE-2018-10270
	RESERVED
CVE-2018-10269
	RESERVED
CVE-2018-10268 (An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XS ...)
	NOT-FOR-US: FastAdmin
CVE-2018-10267 (WTCMS 1.0 has a CSRF vulnerability to add an administrator account via ...)
	NOT-FOR-US: WTCMS
CVE-2018-10266 (BEESCMS 4.0 has a CSRF vulnerability to add an administrator account v ...)
	NOT-FOR-US: BEESCMS
CVE-2018-10265 (An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerabili ...)
	NOT-FOR-US: HongCMS
CVE-2018-10264
	RESERVED
CVE-2018-10263
	RESERVED
CVE-2018-10262
	RESERVED
CVE-2018-10261
	RESERVED
CVE-2018-10260 (A Local File Inclusion vulnerability was found in HRSALE The Ultimate  ...)
	NOT-FOR-US: HRSALE
CVE-2018-10259 (An Authenticated Stored XSS vulnerability was found in HRSALE The Ulti ...)
	NOT-FOR-US: HRSALE
CVE-2018-10258 (A CSV Injection vulnerability was discovered in Shopy Point of Sale v1 ...)
	NOT-FOR-US: Shopy
CVE-2018-10257 (A CSV Injection vulnerability was discovered in HRSALE The Ultimate HR ...)
	NOT-FOR-US: HRSALE
CVE-2018-10256 (A SQL Injection vulnerability was discovered in HRSALE The Ultimate HR ...)
	NOT-FOR-US: HRSALE
CVE-2018-10255 (A CSV Injection vulnerability was discovered in clustercoding Blog Mas ...)
	NOT-FOR-US: clustercoding
CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in th ...)
	- nasm 2.14-1 (bug #896523)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/nasm/bugs/561/
	NOTE: https://github.com/netwide-assembler/nasm/commit/55d09bbf6f7087339277b1e3b17c134b2afb2510
CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack mem ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-10252 (An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a device ...)
	NOT-FOR-US: Actiontec WCB6200Q
CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS ...)
	NOT-FOR-US: Sierra Wireless AirLink routers
CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin ...)
	NOT-FOR-US: iCMS
CVE-2018-10249 (baijiacms V3 has CSRF via index.php?mod=site&amp;op=edituser&amp;name= ...)
	NOT-FOR-US: baijiacms
CVE-2018-10248 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10247
	RESERVED
CVE-2018-10246
	RESERVED
CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ...)
	- awstats <unfixed> (unimportant)
	NOTE: Path disclosure for awstats negligible within Debian
CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/ ...)
	- suricata 1:4.0.5-1
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (EtherNet/IP and CIP support introduced in 3.2beta1)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2545
	NOTE: https://redmine.openinfosecfoundation.org/issues/2543
	NOTE: https://github.com/OISF/suricata/commit/f68bf3301ad4d25f0a5ecb13405f4e26316cdf8d
	NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allow ...)
	{DLA-1751-1}
	- libhtp 1:0.5.28-1
	- suricata 1:4.0.0-1
	[stretch] - suricata <no-dsa> (Minor issue)
	NOTE: suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
	NOTE: https://github.com/OISF/libhtp/issues/169
	NOTE: https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
	NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the SSH bann ...)
	{DLA-1751-1}
	- suricata 1:4.0.5-1
	[stretch] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2544
	NOTE: https://redmine.openinfosecfoundation.org/issues/2542
	NOTE: https://github.com/OISF/suricata/commit/9ba89a31efc89ec5cb72326dbcb9166b098f3ea0
	NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1. ...)
	{DLA-1361-1}
	- psensor 1.1.5-1 (low; bug #896195)
	[jessie] - psensor 1.1.3-2+deb8u1
	NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 H ...)
	NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a ...)
	NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...)
	NOT-FOR-US: Infoblox NIOS
CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affec ...)
	NOT-FOR-US: skarg BACnet Protocol Stack
CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...)
	NOT-FOR-US: Google Guava
CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code vi ...)
	NOT-FOR-US: POSCMS
CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code vi ...)
	NOT-FOR-US: POSCMS
CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile &amp; Me ...)
	NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10233 (The User Profile &amp; Membership plugin before 2.0.7 for WordPress ha ...)
	NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10232 (Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05 ...)
	NOT-FOR-US: TOPdesk
CVE-2018-10231 (Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (J ...)
	NOT-FOR-US: TOPdesk
CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. ...)
	NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to acc ...)
	NOT-FOR-US: GPU memory hardware issue
CVE-2018-10228
	RESERVED
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10226
	RESERVED
CVE-2018-10225 (thinkphp 3.1.3 has SQL Injection via the index.php s parameter. ...)
	NOT-FOR-US: thinkphp
CVE-2018-10224 (An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability t ...)
	NOT-FOR-US: YzmCMS
CVE-2018-10223 (An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability t ...)
	NOT-FOR-US: YzmCMS
CVE-2018-10222 (An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulne ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-10221 (An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10220 (** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc ...)
	NOT-FOR-US: Glastopf
CVE-2018-10219 (baijiacms V3 has physical path leakage via an index.php?mod=mobile&amp ...)
	NOT-FOR-US: baijiacms
CVE-2018-10218
	RESERVED
CVE-2018-10217
	RESERVED
CVE-2018-10216
	RESERVED
CVE-2018-10215
	RESERVED
CVE-2018-10214
	RESERVED
CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_se ...)
	NOT-FOR-US: HyperHQ Hyper
CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation v ...)
	NOT-FOR-US: PureVPN
CVE-2018-10203
	RESERVED
CVE-2018-10202
	RESERVED
CVE-2018-10201 (An issue was discovered in NcMonitorServer.exe in NC Monitor Server in ...)
	NOT-FOR-US: NC Monitor Server
CVE-2017-18261 (The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_ti ...)
	- linux 4.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4 (4.13-rc6)
CVE-2018-10200
	RESERVED
CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is ...)
	- otrs2 6.0.7-1
	[stretch] - otrs2 <not-affected> (Specific to OTRS 6)
	[jessie] - otrs2 <not-affected> (Specific to OTRS 6)
	NOTE: https://github.com/OTRS/otrs/commit/9f5f09e4eef283c2f38c003ba0685b77234750d1
	NOTE: https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework
CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access  ...)
	NOT-FOR-US: ELO
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function  ...)
	- graphviz 2.40.1-6 (low; bug #898841)
	[stretch] - graphviz <no-dsa> (Minor issue)
	[jessie] - graphviz <no-dsa> (Minor issue)
	[wheezy] - graphviz <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
	NOTE: https://issuetracker.google.com/issues/77810342
CVE-2018-10195 [rzsz: sz can leak data to receiving side]
	RESERVED
	- lrzsz 0.12.21-10 (low; bug #897010)
	[stretch] - lrzsz <no-dsa> (Minor issue)
	[jessie] - lrzsz <no-dsa> (Minor issue)
	[wheezy] - lrzsz <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1090051
	NOTE: Fedora patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the pdf ...)
	{DLA-1363-1}
	- ghostscript 9.22~dfsg-2.1 (bug #896069)
	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u2
	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public)
CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dere ...)
	- linux 4.16.12-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/27ae357fa82be5ab73b2ef8d39dcb8ca2563483a
CVE-2018-1000167 (OISF suricata-update version 1.0.0a1 contains an Insecure Deserializat ...)
	NOT-FOR-US: suricata-update (different from suricata)
CVE-2018-1000166
	REJECTED
CVE-2018-1000165 (LightSAML version prior to 1.3.5 contains a Incorrect Access Control v ...)
	NOT-FOR-US: LightSAML
CVE-2018-1000163 (Floodlight version 1.2 and earlier contains a Cross Site Scripting (XS ...)
	NOT-FOR-US: Floodlight
CVE-2018-1000162 (Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Parsedown
CVE-2018-1000160 (RisingStack protect version 1.2.0 and earlier contains a Cross Site Sc ...)
	NOT-FOR-US: RisingStack
CVE-2018-1000158 (cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulner ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10199 (In versions of mruby up to and including 1.4.0, a use-after-free vulne ...)
	- mruby 1.4.0+20180418+git54905e98-1 (bug #896021)
	[stretch] - mruby <not-affected> (Vulnerable code introduced later)
	[jessie] - mruby <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mruby/mruby/issues/4001
	NOTE: https://github.com/mruby/mruby/commit/b51b21fc63c9805862322551387d9036f2b63433
CVE-2018-10193 (LogMeIn LastPass through 4.15.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: LogMeIn LastPass
CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalation vul ...)
	NOT-FOR-US: IPVanish for macOS
CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer overflow ex ...)
	- mruby 1.4.0+20180418+git54905e98-1 (bug #896020)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/3995
	NOTE: https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626
CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access (PIA) VP ...)
	NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client for Windows
CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is pos ...)
	NOT-FOR-US: Mautic
CVE-2018-10188 (phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to exec ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #896490)
	[stretch] - phpmyadmin <not-affected> (Only affects 4.8.x)
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik ...)
	- radare2 2.6.0+dfsg-1 (low; bug #897305)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/9913
	NOTE: https://github.com/radare/radare2/commit/cdb278059b7b0aaaaa2315b82d0fa6ad50433db0
CVE-2018-10186 (In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_ ...)
	- radare2 2.6.0+dfsg-1 (low; bug #897305)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/9915
	NOTE: https://github.com/radare/radare2/commit/a0348bb1b512ef27301dd7cdfb327ef5e14813fc
	NOTE: Before applying the fix for CVE-2018-8808 the issue is covered/differently visible
CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerabili ...)
	NOT-FOR-US: TuziCMS
CVE-2018-10184 (An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...)
	- haproxy 1.8.8-1
	[stretch] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	[wheezy] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588
	NOTE: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28
CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site scripti ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-10182
	RESERVED
CVE-2018-1000199 (The Linux Kernel version 3.18 contains a dangerous feature vulnerabili ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/f67b15037a7a50c57f72e69a6d59941ad90a0f0f
CVE-2018-10181
	RESERVED
CVE-2018-10180
	RESERVED
CVE-2018-10179
	RESERVED
CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows rem ...)
	NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGIm ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9fdda6391e38aaad3bfd6a30bd6a72bd31aeee02
CVE-2018-10176 (Digital Guardian Management Console 7.1.2.0015 has a Directory Travers ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10175 (Digital Guardian Management Console 7.1.2.0015 has an XXE issue. ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10174 (Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that  ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10173 (Digital Guardian Management Console 7.1.2.0015 allows authenticated re ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10172 (7-Zip through 18.01 on Windows implements the "Large memory pages" opt ...)
	NOT-FOR-US: 7-Zip
CVE-2018-10171 (Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vul ...)
	NOT-FOR-US: Kromtech MacKeeper
CVE-2018-10170 (NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalatio ...)
	NOT-FOR-US: NordVPN for Windows
CVE-2018-10169 (ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation ...)
	NOT-FOR-US: ProtonVPN for Windows
CVE-2018-10168 (TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6 ...)
	NOT-FOR-US: TP-Link
CVE-2018-10167 (The web application backup file in the TP-Link EAP Controller and Omad ...)
	NOT-FOR-US: TP-Link
CVE-2018-10166 (The web management interface in the TP-Link EAP Controller and Omada C ...)
	NOT-FOR-US: TP-Link
CVE-2018-10165 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Con ...)
	NOT-FOR-US: TP-Link
CVE-2018-10164 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Con ...)
	NOT-FOR-US: TP-Link
CVE-2018-10163
	REJECTED
CVE-2018-10162
	REJECTED
CVE-2018-10161
	REJECTED
CVE-2018-10160
	REJECTED
CVE-2018-10159
	REJECTED
CVE-2018-10158
	REJECTED
CVE-2018-10157
	REJECTED
CVE-2018-10156
	REJECTED
CVE-2018-10155
	REJECTED
CVE-2018-10154
	REJECTED
CVE-2018-10153
	REJECTED
CVE-2018-10152
	REJECTED
CVE-2018-10151
	REJECTED
CVE-2018-10150
	REJECTED
CVE-2018-10149
	REJECTED
CVE-2018-10148
	REJECTED
CVE-2018-10147
	REJECTED
CVE-2018-10146
	REJECTED
CVE-2018-10145
	REJECTED
CVE-2018-10144
	REJECTED
CVE-2018-10143 (The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier m ...)
	NOT-FOR-US: Palo Alto Networks Expedition Migration tool
CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an unauthe ...)
	NOT-FOR-US: Expedition Migration
CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8. ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PA ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuk ...)
	NOT-FOR-US: DNN
CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the ...)
	NOT-FOR-US: iScripts UberforX
CVE-2018-10136 (iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section  ...)
	NOT-FOR-US: iScripts UberforX
CVE-2018-10135 (iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" ca ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10134
	RESERVED
CVE-2018-10133 (PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php ...)
	NOT-FOR-US: PbootCMS
CVE-2018-10132 (PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backu ...)
	NOT-FOR-US: PbootCMS
CVE-2018-10131
	RESERVED
CVE-2018-10130
	RESERVED
CVE-2018-10129
	RESERVED
CVE-2018-10128 (An issue was discovered in XYHCMS 3.5. It has XSS via the test paramet ...)
	NOT-FOR-US: XYHCMS
CVE-2018-10127 (An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g= ...)
	NOT-FOR-US: XYHCMS
CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 fu ...)
	- tiff <unfixed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...)
	NOT-FOR-US: Contao
CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to r ...)
	NOT-FOR-US: p910nd on Inteno IOPSYS
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhi ...)
	NOT-FOR-US: QingDao Nature Easy Soft Chanzhi Enterprise Portal System
CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XS ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10120 (The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx ...)
	{DSA-4178-1 DLA-1356-1}
	- libreoffice 1:6.0.2-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173
	NOTE: https://gerrit.libreoffice.org/#/c/49486/
	NOTE: https://gerrit.libreoffice.org/#/c/49499/
	NOTE: https://gerrit.libreoffice.org/#/c/49500/
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=017fcc2fcd00af17a97bd5463d89662404f57667
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/
CVE-2018-10119 (sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x b ...)
	{DSA-4178-1 DLA-1356-1}
	- libreoffice 1:6.0.1-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747
	NOTE: https://gerrit.libreoffice.org/#/c/48751/
	NOTE: https://gerrit.libreoffice.org/#/c/48756/
	NOTE: https://gerrit.libreoffice.org/#/c/48757/
	NOTE: https://gerrit.libreoffice.org/#/c/48758/
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/
CVE-2018-10118 (Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New  ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10117 (An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vul ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-10116
	RESERVED
CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 a ...)
	- p7zip-rar 16.02-3 (bug #897674)
	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
	NOTE: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterat ...)
	- gegl 0.3.34-1 (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
	NOTE: https://git.gnome.org/browse/gegl/commit/?id=c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#1-gegl-outbound-write-1
CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process function i ...)
	- gegl 0.3.34-1 (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
	NOTE: https://gitlab.gnome.org/GNOME/gegl/commit/c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_ ...)
	- gegl <unfixed> (low)
	[buster] - gegl <ignored> (Minor issue, architectual limitation)
	[stretch] - gegl <ignored> (Minor issue, architectual limitation)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
	NOTE: https://gitlab.gnome.org/GNOME/gegl/issues/65
	NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle f ...)
	- gegl <unfixed> (low)
	[buster] - gegl <ignored> (Minor issue, architectual limitation)
	[stretch] - gegl <ignored> (Minor issue, architectual limitation)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
	NOTE: https://gitlab.gnome.org/GNOME/gegl/issues/65
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#2-gegl-dos-1
CVE-2018-10110 (D-Link DIR-615 T1 devices allow XSS via the Add User feature. ...)
	NOT-FOR-US: D-Link
CVE-2018-10109 (Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has  ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10108 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
	NOT-FOR-US: D-Link
CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
	NOT-FOR-US: D-Link
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
	NOT-FOR-US: D-Link
CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2 ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: "Fixed" by disabling SMB printing
CVE-2018-10104
	RESERVED
CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2 ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: "Fixed" by disabling SMB printing
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search)  ...)
	NOT-FOR-US: Google Monorail
CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.14 ...)
	NOT-FOR-US: MicroWorld eScan
CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_addre ...)
	NOT-FOR-US: Domain Trader
CVE-2018-1000171
	REJECTED
CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...)
	- kubernetes 1.17.4-1 (bug #929225)
	NOTE: https://github.com/kubernetes/kubernetes/issues/61297
	NOTE: https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x)
CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...)
	- jenkins <removed>
CVE-2018-1000169 (An exposure of sensitive information vulnerability exists in Jenkins 2 ...)
	- jenkins <removed>
CVE-2018-10096 (joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/a ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10095 (Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allo ...)
	- dolibarr <removed>
CVE-2018-10094 (SQL injection vulnerability in Dolibarr before 7.0.2 allows remote att ...)
	- dolibarr <removed>
CVE-2018-10093 (AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 al ...)
	NOT-FOR-US: AudioCodes IP phone
CVE-2018-10092 (The admin panel in Dolibarr before 7.0.2 might allow remote attackers  ...)
	- dolibarr <removed>
CVE-2018-10091 (AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 al ...)
	NOT-FOR-US: AudioCodes IP phone
CVE-2018-10090
	RESERVED
CVE-2018-10089
	RESERVED
CVE-2018-10088 (Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and  ...)
	NOT-FOR-US: XiongMai uc-httpd
CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the Linux kerne ...)
	{DLA-1423-1}
	- linux 4.13.4-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/linus/4ea77014af0d6205b05503d1c7aac6eace11d473 (4.13-rc1)
CVE-2018-10087 (The kernel_wait4 function in kernel/exit.c in the Linux kernel before  ...)
	{DLA-1423-1}
	- linux 4.13.4-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/linus/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 (4.13-rc1)
CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execu ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection beca ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file delet ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_ ...)
	NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
CVE-2018-10079 (Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\Wa ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10078 (Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2 ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10077 (XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2. ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10076 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12.  ...)
	NOT-FOR-US: Zoho
CVE-2018-10075 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog ...)
	NOT-FOR-US: Zoho
CVE-2018-10073 (joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword par ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10072 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: WinDriver
CVE-2018-10071 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: WinDriver
CVE-2018-10070 (A vulnerability in MikroTik Version 6.41.4 could allow an unauthentica ...)
	NOT-FOR-US: MikroTik
CVE-2018-10069
	RESERVED
CVE-2018-10068 (The jDownloads extension before 3.2.59 for Joomla! has XSS. ...)
	NOT-FOR-US: jDownloads extension for Joomla!
CVE-2018-10067
	RESERVED
CVE-2018-10066 (An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN s ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2018-10065
	RESERVED
CVE-2018-10064
	RESERVED
CVE-2018-10063 (The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to  ...)
	NOT-FOR-US: Convert Forms extension for Joomla!
CVE-2018-10062
	RESERVED
CVE-2018-10074 (The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660 ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/9903e41ae1f5d50c93f268ca3304d4d7c64b9311 (4.16-rc7)
CVE-2018-10061 (Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars  ...)
	- cacti 1.1.37+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <no-dsa> (Minor issue)
	[wheezy] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10060 (Cacti before 1.1.37 has XSS because it does not properly reject uninte ...)
	- cacti 1.1.37+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <no-dsa> (Minor issue)
	[wheezy] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10059 (Cacti before 1.1.37 has XSS because the get_current_page function in l ...)
	- cacti 1.1.37+ds1-1
	[stretch] - cacti <not-affected> (Issue introduced later)
	[jessie] - cacti <not-affected> (Issue introduced later)
	[wheezy] - cacti <not-affected> (Issue introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/1457
	NOTE: get_current_page was added in the 1.x series
CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...)
	- cgminer <unfixed> (bug #900929)
	[stretch] - cgminer <no-dsa> (Minor issue)
	[jessie] - cgminer <no-dsa> (Minor issue)
	- bfgminer <removed> (bug #900930)
	[jessie] - bfgminer <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
	NOTE: Mitigated by toolchain hardening to plain crash
CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...)
	- cgminer <unfixed> (bug #900929)
	[stretch] - cgminer <no-dsa> (Minor issue)
	[jessie] - cgminer <no-dsa> (Minor issue)
	- bfgminer <removed> (bug #900930)
	[jessie] - bfgminer <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
CVE-2018-10056
	RESERVED
CVE-2018-10055 (Invalid memory access and/or a heap buffer overflow in the TensorFlow  ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-10054 (H2 1.4.197, as used in Datomic before 0.9.5697 and other products, all ...)
	NOT-FOR-US: H2 (different from src:python-h2)
CVE-2018-10053
	RESERVED
CVE-2018-10052 (iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult ...)
	NOT-FOR-US: iScripts SupportDesk
CVE-2018-10051 (iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult ...)
	NOT-FOR-US: iScripts SupportDesk
CVE-2018-10050 (iScripts eSwap v2.4 has SQL injection via the "registration_settings.p ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10049 (iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDat ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10048 (iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Ad ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10047
	RESERVED
CVE-2018-10046
	RESERVED
CVE-2018-10045
	RESERVED
CVE-2018-10044
	RESERVED
CVE-2018-10043
	RESERVED
CVE-2018-10042
	RESERVED
CVE-2018-10041
	RESERVED
CVE-2018-10040
	RESERVED
CVE-2018-10039
	RESERVED
CVE-2018-10038
	RESERVED
CVE-2018-10037
	RESERVED
CVE-2018-10036
	RESERVED
CVE-2018-10035
	RESERVED
CVE-2018-10034
	RESERVED
CVE-2018-10033 (CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.ph ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10032 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleint ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10031 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.ph ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10030 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10029 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleint ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10028 (joyplus-cms 1.6.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10027 (ESTsoft ALZip before 10.76 allows local users to execute arbitrary cod ...)
	NOT-FOR-US: ESTsoft ALZip
CVE-2018-10026 (The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/modu ...)
	NOT-FOR-US: WeChat module in YzmCMS
CVE-2018-10025
	RESERVED
CVE-2018-10024 (ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with  ...)
	NOT-FOR-US: ubiQuoss Switch VP5208A
CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/ ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-10022
	RESERVED
CVE-2018-10021 (** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.15.17-1
	[stretch] - linux 4.9.107-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/318aaf34f1179b39fa9c30fa0f3288b645beee39 (4.16-rc7)
	NOTE: Low security impact, failure can only occur for physically
	NOTE: proximate attackers who unplug SAS Host Bus Adapter cables.
CVE-2018-10020
	RESERVED
CVE-2018-10019
	RESERVED
CVE-2018-9999 (In Zulip Server versions before 1.7.2, there was an XSS issue with use ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9998 (Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40 ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-9997 (Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchan ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
	NOTE: binutils not covered by security support
CVE-2018-9995 (TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix ...)
	NOT-FOR-US: TBK DVR4104 and DVR4216 devices
CVE-2018-9994
	REJECTED
CVE-2018-9993 (YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcon ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-9992 (Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Director ...)
	NOT-FOR-US: Frog CMS
CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username para ...)
	NOT-FOR-US: Frog CMS
CVE-2018-9990 (In Zulip Server versions before 1.7.2, there was an XSS issue with str ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-10018 (The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Tota ...)
	NOT-FOR-US: GDASPAMLib.AntiSpam ActiveX control
CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before ...)
	- libopenmpt 0.3.8-1 (bug #895406)
	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3
	NOTE: https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76
CVE-2018-10016 (Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability  ...)
	- nasm 2.14-1 (bug #895408)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392473
	NOTE: https://github.com/netwide-assembler/nasm/commit/ceec0d818798aeaa75ed4907e6135b0247ed46b2
CVE-2018-10015
	RESERVED
CVE-2018-10014
	RESERVED
CVE-2018-10013
	RESERVED
CVE-2018-10012
	RESERVED
CVE-2018-10011
	RESERVED
CVE-2018-10010
	RESERVED
CVE-2018-10009
	RESERVED
CVE-2018-10008
	RESERVED
CVE-2018-10007
	RESERVED
CVE-2018-10006
	RESERVED
CVE-2018-10005
	RESERVED
CVE-2018-10004
	RESERVED
CVE-2018-10003
	RESERVED
CVE-2018-10002
	RESERVED
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through  ...)
	{DSA-4249-1}
	- ffmpeg 7:3.4.3-1 (low)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 3.2.11
CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 for Chro ...)
	NOT-FOR-US: The Video Downloader professional extension for Chrome
CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities ...)
	- dolibarr <removed>
CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in v ...)
	- dolibarr <removed>
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
	{DLA-1518-1}
	- mbedtls 2.8.0-1
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[wheezy] - polarssl <no-dsa> (Minor issue)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
	NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
	{DLA-1518-1}
	- mbedtls 2.8.0-1
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[wheezy] - polarssl <no-dsa> (Minor issue)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
	NOTE: https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9987 (In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there w ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9986 (In Zulip Server versions before 1.7.2, there were XSS issues with the  ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9985 (The front page of MetInfo 6.0 allows XSS by sending a feedback message ...)
	NOT-FOR-US: MetInfo
CVE-2018-9984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9983 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9982 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9981 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9980 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9979 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9978 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9977 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9976 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9975 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9974 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9973 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9972 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9971 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9970 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9969 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9968 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9967 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9966 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9965 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9964 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9963 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9962 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9961 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9960 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9959 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9958 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9957 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9956 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9955 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9954 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9953 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9952 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9951 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9950 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9949 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9948 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9947 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9946 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9944 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9943 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9942 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9939 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9938 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9937 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9936 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9935 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote attackers to c ...)
	NOT-FOR-US: MetInfo
CVE-2018-9933
	RESERVED
CVE-2018-9932
	RESERVED
CVE-2018-9931
	RESERVED
CVE-2018-9930
	RESERVED
CVE-2018-9929
	RESERVED
CVE-2018-9928 (Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 al ...)
	NOT-FOR-US: MetInfo
CVE-2018-9927 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-9926 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-9925 (An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists v ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9924 (An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injectio ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists  ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physical pat ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possibl ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-9920 (Server side request forgery exists in the runtime application in K2 sm ...)
	NOT-FOR-US: K2
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0. ...)
	NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionar ...)
	- qpdf 8.0.2-3 (bug #895443)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/202
CVE-2018-9917
	RESERVED
CVE-2018-9916
	RESERVED
CVE-2018-9915
	RESERVED
CVE-2018-9914
	RESERVED
CVE-2018-9913
	RESERVED
CVE-2018-9912
	RESERVED
CVE-2018-9911
	RESERVED
CVE-2018-9910
	RESERVED
CVE-2018-9909
	RESERVED
CVE-2018-9908
	RESERVED
CVE-2018-9907
	RESERVED
CVE-2018-9906
	RESERVED
CVE-2018-9905
	RESERVED
CVE-2018-9904
	RESERVED
CVE-2018-9903
	RESERVED
CVE-2018-9902
	RESERVED
CVE-2018-9901
	RESERVED
CVE-2018-9900
	RESERVED
CVE-2018-9899
	RESERVED
CVE-2018-9898
	RESERVED
CVE-2018-9897
	RESERVED
CVE-2018-9896
	RESERVED
CVE-2018-9895
	RESERVED
CVE-2018-9894
	RESERVED
CVE-2018-9893
	RESERVED
CVE-2018-9892
	RESERVED
CVE-2018-9891
	RESERVED
CVE-2018-9890
	RESERVED
CVE-2018-9889
	RESERVED
CVE-2018-9888
	RESERVED
CVE-2018-9887
	RESERVED
CVE-2018-9886
	RESERVED
CVE-2018-9885
	RESERVED
CVE-2018-9884
	RESERVED
CVE-2018-9883
	RESERVED
CVE-2018-9882
	RESERVED
CVE-2018-9881
	RESERVED
CVE-2018-9880
	RESERVED
CVE-2018-9879
	RESERVED
CVE-2018-9878
	RESERVED
CVE-2018-9877
	RESERVED
CVE-2018-9876
	RESERVED
CVE-2018-9875
	RESERVED
CVE-2018-9874
	RESERVED
CVE-2018-9873
	RESERVED
CVE-2018-9872
	RESERVED
CVE-2018-9871
	RESERVED
CVE-2018-9870
	RESERVED
CVE-2018-9869
	RESERVED
CVE-2018-9868
	RESERVED
CVE-2018-9867 (In SonicWall SonicOS, administrators without full permissions can down ...)
	NOT-FOR-US: SonicWall
CVE-2018-9866 (A vulnerability in lack of validation of user-supplied parameters pass ...)
	NOT-FOR-US: SonicWall
CVE-2018-9865
	RESERVED
CVE-2018-9864 (The WP Live Chat Support plugin before 8.0.06 for WordPress has stored ...)
	NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2018-9863
	RESERVED
CVE-2018-9862 (util.c in runV 1.0.0 for Docker mishandles a numeric username, which a ...)
	NOT-FOR-US: runV for Docker
CVE-2018-9861 (Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka im ...)
	NOT-FOR-US: ckeditor plugin
CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An  ...)
	- botan 2.4.0-6
	- botan1.10 <not-affected> (Issue introduced in 1.11.32)
	NOTE: https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
	NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale before 1. ...)
	NOT-FOR-US: Whale
CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 contains an Imp ...)
	- nghttp2 1.31.1-1 (low; bug #895566)
	[stretch] - nghttp2 <no-dsa> (Minor issue)
	[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
	NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0
	NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/4
CVE-2018-9858
	RESERVED
CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...)
	NOT-FOR-US: PHP Scripts Mall Match Clone Script
CVE-2018-9856 (Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles  ...)
	NOT-FOR-US: Kotti
CVE-2018-9855
	RESERVED
CVE-2018-9854
	RESERVED
CVE-2018-9853 (Insecure access control in freeSSHd version 1.3.1 allows attackers to  ...)
	NOT-FOR-US: freeSSHd
CVE-2018-9852 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allow ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9851 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allow ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9850 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allo ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8. ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\Up ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\Tp ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9846 (In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ena ...)
	{DSA-4181-1}
	- roundcube 1.3.6+dfsg.1-1 (bug #895184)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present in archive.php)
	NOTE: https://github.com/roundcube/roundcubemail/issues/6238
	NOTE: https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0 (release-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/cdeb6234a2e029c499898c3432fdf5b2cf093640 (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/5b7e9a2c960eb4fd2364921297020a5dcd2d7dbc (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/c69b851b8a704f6483ec9d1cae7cd1ecd33c3343 (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/7901047474729a7f466eb8c59c92a36fc7cf0e70 (release-1.2)
CVE-2018-9845 (Etherpad Lite before 1.6.4 is exploitable for admin access. ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9844 (The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mi ...)
	NOT-FOR-US: Iptanus WordPress File Upload plugin for WordPress
CVE-2018-9843 (The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10 ...)
	NOT-FOR-US: CyberArk Password Vault Web Access
CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to obtain s ...)
	NOT-FOR-US: CyberArk Password Vault
CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg through 3. ...)
	- ffmpeg 7:3.4.3-1 (low)
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically pr ...)
	NOT-FOR-US: Open Whisper Signal app for iOS
CVE-2018-9839 (An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a ...)
	- mantis <removed>
	NOTE: https://github.com/mantisbt/mantisbt/commit/1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea
	NOTE: https://mantisbt.org/bugs/view.php?id=24221
CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...)
	{DSA-4186-1 DLA-1357-1}
	- gunicorn 19.5.0-1 (bug #896548)
	NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
	NOTE: https://github.com/benoitc/gunicorn/issues/1227
	NOTE: https://github.com/benoitc/gunicorn/commit/5263a4ef2a63c62216680876f3813959839608ff
CVE-2018-1000161 (nmap version 6.49BETA6 through 7.60, up to and including SVN revision  ...)
	- nmap 7.70+dfsg1-1
	[stretch] - nmap <no-dsa> (Minor issue)
	[jessie] - nmap <not-affected> (Vulnerable code not present)
	[wheezy] - nmap <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/098e32713650f54732472f31245b7eca936b2bd8
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/da0c861299ae1ce6268e9591838f7a1144b327d7
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/88631b50676c38824e01d30819f46258a8497b0a
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/80e1977308e51b1b7aa038a38f8837a7e90b3849
	NOTE: Introduced in https://github.com/nmap/nmap/commit/88381c2e685297a4fafe7182a06877b27da34e1e
	NOTE: Script added in 6.49BETA6 (cf. https://bugzilla.suse.com/show_bug.cgi?id=1088608#c1)
CVE-2018-1000159 (tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd08 ...)
	- tlslite-ng 0.7.4-1 (low; bug #895728)
	[stretch] - tlslite-ng 0.6.0-1+deb9u1
	NOTE: https://github.com/tomato42/tlslite-ng/pull/234
	NOTE: https://github.com/tomato42/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8 (v0.8.0-alpha3)
	NOTE: https://github.com/tomato42/tlslite-ng/pull/235
	NOTE: https://github.com/tomato42/tlslite-ng/pull/235/commits/e5e9145558f4c1a81071c61c947aa55a52542585 (backport for tslite-ng-0.7)
CVE-2018-1000157
	REJECTED
CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the standard ...)
	- ocaml 4.05.0-11 (bug #895472)
	[stretch] - ocaml <no-dsa> (Minor issue)
	[jessie] - ocaml <no-dsa> (Minor issue)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	NOTE: https://caml.inria.fr/mantis/view.php?id=7765
	NOTE: https://github.com/ocaml/ocaml/pull/1718
	NOTE: https://github.com/ocaml/ocaml/commit/9664c7ee807c2dfa802f53cabd405ff58e219c47
	NOTE: Before 4.06.0+beta1 the code is present in otherlibs/bigarray/bigarray_stubs.c
CVE-2018-10101 (Before WordPress 4.9.5, the URL validator assumed URLs with the hostna ...)
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u3
	[jessie] - wordpress <not-affected> (vulnerable code is not present)
	[wheezy] - wordpress <not-affected> (vulnerable code is not present)
	NOTE: https://core.trac.wordpress.org/changeset/42894
	NOTE: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
	NOTE: Introduced via https://github.com/WordPress/WordPress/commit/c73a812109e1a64ecf21b6a198f949c58d1f2674 (4.5)
CVE-2018-10100 (Before WordPress 4.9.5, the redirection URL for the login page was not ...)
	{DSA-4193-1 DLA-1366-1}
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	NOTE: https://core.trac.wordpress.org/changeset/42892
	NOTE: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
CVE-2018-10102 (Before WordPress 4.9.5, the version string was not escaped in the get_ ...)
	{DSA-4193-1 DLA-1366-1}
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	NOTE: https://core.trac.wordpress.org/changeset/42893
	NOTE: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
CVE-2018-9837
	RESERVED
CVE-2018-9836
	RESERVED
CVE-2018-9835
	RESERVED
CVE-2018-9834
	RESERVED
CVE-2018-9833
	RESERVED
CVE-2018-9832
	RESERVED
CVE-2018-9831
	RESERVED
CVE-2018-9830
	RESERVED
CVE-2018-9829
	RESERVED
CVE-2018-9828
	RESERVED
CVE-2018-9827
	RESERVED
CVE-2018-9826
	RESERVED
CVE-2018-9825
	RESERVED
CVE-2018-9824
	RESERVED
CVE-2018-9823
	RESERVED
CVE-2018-9822
	RESERVED
CVE-2018-9821
	RESERVED
CVE-2018-9820
	RESERVED
CVE-2018-9819
	RESERVED
CVE-2018-9818
	RESERVED
CVE-2018-9817
	RESERVED
CVE-2018-9816
	RESERVED
CVE-2018-9815
	RESERVED
CVE-2018-9814
	RESERVED
CVE-2018-9813
	RESERVED
CVE-2018-9812
	RESERVED
CVE-2018-9811
	RESERVED
CVE-2018-9810
	RESERVED
CVE-2018-9809
	RESERVED
CVE-2018-9808
	RESERVED
CVE-2018-9807
	RESERVED
CVE-2018-9806
	RESERVED
CVE-2018-9805
	RESERVED
CVE-2018-9804
	RESERVED
CVE-2018-9803
	RESERVED
CVE-2018-9802
	RESERVED
CVE-2018-9801
	RESERVED
CVE-2018-9800
	RESERVED
CVE-2018-9799
	RESERVED
CVE-2018-9798
	RESERVED
CVE-2018-9797
	RESERVED
CVE-2018-9796
	RESERVED
CVE-2018-9795
	RESERVED
CVE-2018-9794
	RESERVED
CVE-2018-9793
	RESERVED
CVE-2018-9792
	RESERVED
CVE-2018-9791
	RESERVED
CVE-2018-9790
	RESERVED
CVE-2018-9789
	RESERVED
CVE-2018-9788
	RESERVED
CVE-2018-9787
	RESERVED
CVE-2018-9786
	RESERVED
CVE-2018-9785
	RESERVED
CVE-2018-9784
	RESERVED
CVE-2018-9783
	RESERVED
CVE-2018-9782
	RESERVED
CVE-2018-9781
	RESERVED
CVE-2018-9780
	RESERVED
CVE-2018-9779
	RESERVED
CVE-2018-9778
	RESERVED
CVE-2018-9777
	RESERVED
CVE-2018-9776
	RESERVED
CVE-2018-9775
	RESERVED
CVE-2018-9774
	RESERVED
CVE-2018-9773
	RESERVED
CVE-2018-9772
	RESERVED
CVE-2018-9771
	RESERVED
CVE-2018-9770
	RESERVED
CVE-2018-9769
	RESERVED
CVE-2018-9768
	RESERVED
CVE-2018-9767
	RESERVED
CVE-2018-9766
	RESERVED
CVE-2018-9765
	RESERVED
CVE-2018-9764
	RESERVED
CVE-2018-9763
	RESERVED
CVE-2018-9762
	RESERVED
CVE-2018-9761
	RESERVED
CVE-2018-9760
	RESERVED
CVE-2018-9759
	RESERVED
CVE-2018-9758
	RESERVED
CVE-2018-9757
	RESERVED
CVE-2018-9756
	RESERVED
CVE-2018-9755
	RESERVED
CVE-2018-9754
	RESERVED
CVE-2018-9753
	RESERVED
CVE-2018-9752
	RESERVED
CVE-2018-9751
	RESERVED
CVE-2018-9750
	RESERVED
CVE-2018-9749
	RESERVED
CVE-2018-9748
	RESERVED
CVE-2018-9747
	RESERVED
CVE-2018-9746
	RESERVED
CVE-2018-9745
	RESERVED
CVE-2018-9744
	RESERVED
CVE-2018-9743
	RESERVED
CVE-2018-9742
	RESERVED
CVE-2018-9741
	RESERVED
CVE-2018-9740
	RESERVED
CVE-2018-9739
	RESERVED
CVE-2018-9738
	RESERVED
CVE-2018-9737
	RESERVED
CVE-2018-9736
	RESERVED
CVE-2018-9735
	RESERVED
CVE-2018-9734
	RESERVED
CVE-2018-9733
	RESERVED
CVE-2018-9732
	RESERVED
CVE-2018-9731
	RESERVED
CVE-2018-9730
	RESERVED
CVE-2018-9729
	RESERVED
CVE-2018-9728
	RESERVED
CVE-2018-9727
	RESERVED
CVE-2018-9726
	RESERVED
CVE-2018-9725
	RESERVED
CVE-2018-9724
	RESERVED
CVE-2018-9723
	RESERVED
CVE-2018-9722
	RESERVED
CVE-2018-9721
	RESERVED
CVE-2018-9720
	RESERVED
CVE-2018-9719
	RESERVED
CVE-2018-9718
	RESERVED
CVE-2018-9717
	RESERVED
CVE-2018-9716
	RESERVED
CVE-2018-9715
	RESERVED
CVE-2018-9714
	RESERVED
CVE-2018-9713
	RESERVED
CVE-2018-9712
	RESERVED
CVE-2018-9711
	RESERVED
CVE-2018-9710
	RESERVED
CVE-2018-9709
	RESERVED
CVE-2018-9708
	RESERVED
CVE-2018-9707
	RESERVED
CVE-2018-9706
	RESERVED
CVE-2018-9705
	RESERVED
CVE-2018-9704
	RESERVED
CVE-2018-9703
	RESERVED
CVE-2018-9702
	RESERVED
CVE-2018-9701
	RESERVED
CVE-2018-9700
	RESERVED
CVE-2018-9699
	RESERVED
CVE-2018-9698
	RESERVED
CVE-2018-9697
	RESERVED
CVE-2018-9696
	RESERVED
CVE-2018-9695
	RESERVED
CVE-2018-9694
	RESERVED
CVE-2018-9693
	RESERVED
CVE-2018-9692
	RESERVED
CVE-2018-9691
	RESERVED
CVE-2018-9690
	RESERVED
CVE-2018-9689
	RESERVED
CVE-2018-9688
	RESERVED
CVE-2018-9687
	RESERVED
CVE-2018-9686
	RESERVED
CVE-2018-9685
	RESERVED
CVE-2018-9684
	RESERVED
CVE-2018-9683
	RESERVED
CVE-2018-9682
	RESERVED
CVE-2018-9681
	RESERVED
CVE-2018-9680
	RESERVED
CVE-2018-9679
	RESERVED
CVE-2018-9678
	RESERVED
CVE-2018-9677
	RESERVED
CVE-2018-9676
	RESERVED
CVE-2018-9675
	RESERVED
CVE-2018-9674
	RESERVED
CVE-2018-9673
	RESERVED
CVE-2018-9672
	RESERVED
CVE-2018-9671
	RESERVED
CVE-2018-9670
	RESERVED
CVE-2018-9669
	RESERVED
CVE-2018-9668
	RESERVED
CVE-2018-9667
	RESERVED
CVE-2018-9666
	RESERVED
CVE-2018-9665
	RESERVED
CVE-2018-9664
	RESERVED
CVE-2018-9663
	RESERVED
CVE-2018-9662
	RESERVED
CVE-2018-9661
	RESERVED
CVE-2018-9660
	RESERVED
CVE-2018-9659
	RESERVED
CVE-2018-9658
	RESERVED
CVE-2018-9657
	RESERVED
CVE-2018-9656
	RESERVED
CVE-2018-9655
	RESERVED
CVE-2018-9654
	RESERVED
CVE-2018-9653
	RESERVED
CVE-2018-9652
	RESERVED
CVE-2018-9651
	RESERVED
CVE-2018-9650
	RESERVED
CVE-2018-9649
	RESERVED
CVE-2018-9648
	RESERVED
CVE-2018-9647
	RESERVED
CVE-2018-9646
	RESERVED
CVE-2018-9645
	RESERVED
CVE-2018-9644
	RESERVED
CVE-2018-9643
	RESERVED
CVE-2018-9642
	RESERVED
CVE-2018-9641
	RESERVED
CVE-2018-9640
	RESERVED
CVE-2018-9639
	RESERVED
CVE-2018-9638
	RESERVED
CVE-2018-9637
	RESERVED
CVE-2018-9636
	RESERVED
CVE-2018-9635
	RESERVED
CVE-2018-9634
	RESERVED
CVE-2018-9633
	RESERVED
CVE-2018-9632
	RESERVED
CVE-2018-9631
	RESERVED
CVE-2018-9630
	RESERVED
CVE-2018-9629
	RESERVED
CVE-2018-9628
	RESERVED
CVE-2018-9627
	RESERVED
CVE-2018-9626
	RESERVED
CVE-2018-9625
	RESERVED
CVE-2018-9624
	RESERVED
CVE-2018-9623
	RESERVED
CVE-2018-9622
	RESERVED
CVE-2018-9621
	RESERVED
CVE-2018-9620
	RESERVED
CVE-2018-9619
	RESERVED
CVE-2018-9618
	RESERVED
CVE-2018-9617
	RESERVED
CVE-2018-9616
	RESERVED
CVE-2018-9615
	RESERVED
CVE-2018-9614
	RESERVED
CVE-2018-9613
	RESERVED
CVE-2018-9612
	RESERVED
CVE-2018-9611
	RESERVED
CVE-2018-9610
	RESERVED
CVE-2018-9609
	RESERVED
CVE-2018-9608
	RESERVED
CVE-2018-9607
	RESERVED
CVE-2018-9606
	RESERVED
CVE-2018-9605
	RESERVED
CVE-2018-9604
	RESERVED
CVE-2018-9603
	RESERVED
CVE-2018-9602
	RESERVED
CVE-2018-9601
	RESERVED
CVE-2018-9600
	RESERVED
CVE-2018-9599
	RESERVED
CVE-2018-9598
	RESERVED
CVE-2018-9597
	RESERVED
CVE-2018-9596
	RESERVED
CVE-2018-9595
	RESERVED
CVE-2018-9594 (In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1. ...)
	NOT-FOR-US: Android
CVE-2018-9593 (In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, A ...)
	NOT-FOR-US: Android
CVE-2018-9592 (In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Andro ...)
	NOT-FOR-US: Android
CVE-2018-9591 (In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, ...)
	NOT-FOR-US: Android
CVE-2018-9590 (In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android- ...)
	NOT-FOR-US: Android
CVE-2018-9589 (In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1. ...)
	NOT-FOR-US: Android
CVE-2018-9588 (In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1. ...)
	NOT-FOR-US: Android
CVE-2018-9587 (In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, And ...)
	NOT-FOR-US: Android
CVE-2018-9586 (In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Andro ...)
	NOT-FOR-US: Android
CVE-2018-9585 (In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7. ...)
	NOT-FOR-US: Android
CVE-2018-9584 (In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7 ...)
	NOT-FOR-US: Android
CVE-2018-9583 (In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, A ...)
	NOT-FOR-US: Android
CVE-2018-9582 (In package installer in Android-8.0, Android-8.1 and Android-9, there  ...)
	NOT-FOR-US: Android
CVE-2018-9581 (In WiFi, the RSSI value and SSID information is broadcast as part of a ...)
	NOT-FOR-US: Android
CVE-2018-9580 (A Elevation of privilege vulnerability in the HTC bootloader. Product: ...)
	NOT-FOR-US: HTC
CVE-2018-9579
	RESERVED
CVE-2018-9578 (In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is  ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9577 (In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payloa ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9576 (In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9575 (In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there i ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9574 (In impd_parse_split_drc_characteristic of impd_drc_static_payload.c th ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9573 (In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a poss ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9572 (In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possib ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9571 (In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9570 (In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a poss ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9569 (In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there i ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9568 (In sk_clone_lock of sock.c, there is a possible memory corruption due  ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.59-1
	NOTE: Fixed by: https://git.kernel.org/linus/9d538fa60bad4f7b23193c89e843797a1cf71ef3
CVE-2018-9567 (On Pixel devices there is a bug causing verified boot to show the same ...)
	NOT-FOR-US: Android
CVE-2018-9566 (In process_service_search_rsp of sdp_discovery.c, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2018-9565 (In readBytes of xltdecwbxml.c, there is a possible out of bounds read  ...)
	NOT-FOR-US: Android
CVE-2018-9564 (In llcp_util_parse_link_params of llcp_util.cc, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2018-9563 (In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-boun ...)
	NOT-FOR-US: Android
CVE-2018-9562 (In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound r ...)
	NOT-FOR-US: Android
CVE-2018-9561 (In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of ...)
	NOT-FOR-US: Android
CVE-2018-9560 (In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds  ...)
	NOT-FOR-US: Android
CVE-2018-9559 (In persist_set_key and other functions of cryptfs.cpp, there is a poss ...)
	NOT-FOR-US: Android
CVE-2018-9558 (In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9557 (In really_install_package of install.cpp, there is a possible free of  ...)
	NOT-FOR-US: Android
CVE-2018-9556 (In ParsePayloadHeader of payload_metadata.cc, there is a possible out  ...)
	NOT-FOR-US: Android
CVE-2018-9555 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...)
	NOT-FOR-US: Android
CVE-2018-9554 (In dumpExtractors of IMediaExtractor.cp, there is a possible disclosur ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9553 (In MasteringMetadata::Parse of mkvparser.cc there is a possible double ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9552 (In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bou ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9551 (In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-boun ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9550 (In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of boun ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9549 (In lppTransposer of lpp_tran.cpp there is a possible out of bounds wri ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9548 (In multiple functions of ContentProvider.java, there is a possible per ...)
	NOT-FOR-US: Android
CVE-2018-9547 (In unflatten of GraphicBuffer.cpp, there is a possible bad fd close du ...)
	NOT-FOR-US: Android
CVE-2018-9546
	RESERVED
CVE-2018-9545 (In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-boun ...)
	NOT-FOR-US: Android
CVE-2018-9544 (In register_app of btif_hd.cc, there is a possible out-of-bounds read  ...)
	NOT-FOR-US: Android
CVE-2018-9543 (In trim_device of f2fs_format_utils.c, it is possible that the data pa ...)
	NOT-FOR-US: Android
CVE-2018-9542 (In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2018-9541 (In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of ...)
	NOT-FOR-US: Android
CVE-2018-9540 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2018-9539 (In the ClearKey CAS descrambler, there is a possible use after free du ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9538 (In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9537 (In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-o ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9536 (In numerous functions of libFDK, there are possible out of bounds writ ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9535 (In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9534 (In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possib ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9533 (In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9532 (In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a po ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9531 (In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9530 (In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possibl ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9529 (In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a poss ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9528 (In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a  ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9527 (In vorbis_book_decodev_set of codebook.c there is a possible out of bo ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9526 (In device configuration data, there is an improperly configured settin ...)
	NOT-FOR-US: Android
CVE-2018-9525 (In the AndroidManifest.xml file defining the SliceBroadcastReceiver ha ...)
	NOT-FOR-US: Android
CVE-2018-9524 (In functionality implemented in System UI, there are insufficient prot ...)
	NOT-FOR-US: Android
CVE-2018-9523 (In Parcel.writeMapInternal of Parcel.java, there is a possible parcel  ...)
	NOT-FOR-US: Android
CVE-2018-9522 (In the serialization functions of StatsLogEventWrapper.java, there is  ...)
	NOT-FOR-US: Android
CVE-2018-9521 (In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9520
	RESERVED
CVE-2018-9519 (In easelcomm_hw_build_scatterlist, there is a possible out of bounds w ...)
	NOT-FOR-US: Android kernel
CVE-2018-9518 (In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible ou ...)
	- linux 4.16.5-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux 3.16.57-1
	NOTE: Fixed by: https://git.kernel.org/linus/fe9c842695e26d8116b61b80bfb905356f07834b (4.16-rc3)
CVE-2018-9517 (In pppol2tp_connect, there is possible memory corruption due to a use  ...)
	- linux 4.14.2-1
	[jessie] - linux 3.16.51-1
	NOTE: https://git.kernel.org/linus/f026bc29a8e093edfbb2a77700454b285c97e8ad
	NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
CVE-2018-9516 (In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possib ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.6-1
	NOTE: https://git.kernel.org/linus/717adfdaf14704fd3ec7fa2c04520c0723247eac
	NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
CVE-2018-9515 (In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible  ...)
	NOT-FOR-US: Android kernel (apparently not in mainline)
CVE-2018-9514 (In sdcardfs_open of file.c, there is a possible Use After Free due to  ...)
	NOT-FOR-US: Android kernel (apparently not in mainline)
CVE-2018-9513 (In copy_process of fork.c, there is possible memory corruption due to  ...)
	NOT-FOR-US: Android kernel (apparently not in mainline)
CVE-2018-9512
	RESERVED
CVE-2018-9511 (In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible ...)
	NOT-FOR-US: Android
CVE-2018-9510 (In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2018-9509 (In smp_proc_master_id of smp_act.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9508 (In smp_process_keypress_notification of smp_act.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2018-9507 (In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2018-9506 (In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound rea ...)
	NOT-FOR-US: Android
CVE-2018-9505 (In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds r ...)
	NOT-FOR-US: Android
CVE-2018-9504 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2018-9503 (In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9502 (In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9501 (In the SetupWizard, there is a possible Factory Reset Protection bypas ...)
	NOT-FOR-US: Android
CVE-2018-9500
	RESERVED
CVE-2018-9499 (In readVector of iCrypto.cpp, there is a possible invalid read due to  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9498 (In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9497 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9496 (In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possib ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9495
	RESERVED
CVE-2018-9494
	RESERVED
CVE-2018-9493 (In the content provider of the download manager, there is a possible S ...)
	NOT-FOR-US: Android
CVE-2018-9492 (In checkGrantUriPermissionLocked of ActivityManagerService.java, there ...)
	NOT-FOR-US: Android
CVE-2018-9491 (In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible ...)
	NOT-FOR-US: Android
CVE-2018-9490 (In CollectValuesOrEntriesImpl of elements.cc, there is possible remote ...)
	NOT-FOR-US: Android
CVE-2018-9489 (When wifi is switched, function sendNetworkStateChangeBroadcast of Wif ...)
	NOT-FOR-US: Android
CVE-2018-9488 (In the SELinux permissions of crash_dump.te, there is a permissions by ...)
	NOT-FOR-US: Android
CVE-2018-9487
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9486
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9485
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9484
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9483
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9482
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9481
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9480
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9479
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9478
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9477
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9476 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use- ...)
	NOT-FOR-US: Android
CVE-2018-9475
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9474
	RESERVED
CVE-2018-9473 (In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a poss ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9472
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9471
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9470
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9469
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9468
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9467
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9466
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memory co ...)
	- linux 4.14.12-1 (unimportant)
	[stretch] - linux 4.9.144-1
	NOTE: Android drivers from staging not enabled in any released suite
	NOTE: https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
CVE-2018-9464
	RESERVED
CVE-2018-9463
	RESERVED
CVE-2018-9462
	RESERVED
CVE-2018-9461
	RESERVED
CVE-2018-9460
	RESERVED
CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of EmlAttachmentProvi ...)
	NOT-FOR-US: Android
CVE-2018-9458 (In computeFocusedWindow of RootWindowContainer.java, and related funct ...)
	NOT-FOR-US: Android
CVE-2018-9457 (In onCheckedChanged of BluetoothPairingController.java, there is a pos ...)
	NOT-FOR-US: Android
CVE-2018-9456
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9455 (In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2018-9454 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2018-9453 (In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2018-9452 (In getOffsetForHorizontal of Layout.java, there is a possible applicat ...)
	NOT-FOR-US: Android
CVE-2018-9451 (In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2018-9449
	RESERVED
CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bou ...)
	NOT-FOR-US: Android
CVE-2018-9447
	RESERVED
CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible o ...)
	NOT-FOR-US: Android
CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path traversal bug d ...)
	NOT-FOR-US: Android
CVE-2018-9444 (In ih264d_video_decode of ih264d_api.c there is a possible resource ex ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9443
	RESERVED
CVE-2018-9442
	RESERVED
CVE-2018-9441
	RESERVED
CVE-2018-9440
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9439
	RESERVED
CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not receive  ...)
	NOT-FOR-US: Android
CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read due to  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2018-9435
	RESERVED
CVE-2018-9434
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9433
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9432
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9431
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9430
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9429
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9428
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9427 (In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9426
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9425 (In Platform, there is a possible bypass of user interaction requiremen ...)
	NOT-FOR-US: Android
CVE-2018-9424
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9423
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9422 (In get_futex_key of futex.c, there is a use-after-free due to improper ...)
	{DLA-1422-1}
	- linux 4.6.1-1
	NOTE: https://git.kernel.org/linus/65d8fc777f6dcfee12785c057a6b57f679641c90
CVE-2018-9421
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9420
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9419
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9418
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9417
	RESERVED
	NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9416
	RESERVED
	NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9415 (In driver_override_store and driver_override_show of bus.c, there is a ...)
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://source.android.com/security/bulletin/pixel/2018-07-01
	NOTE: https://patchwork.kernel.org/patch/10175615/
CVE-2018-9414
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9413
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9412
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9411
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9410
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9409
	RESERVED
CVE-2018-9408
	RESERVED
CVE-2018-9407
	RESERVED
CVE-2018-9406
	RESERVED
CVE-2018-9405
	RESERVED
CVE-2018-9404
	RESERVED
CVE-2018-9403
	RESERVED
CVE-2018-9402
	RESERVED
CVE-2018-9401
	RESERVED
CVE-2018-9400
	RESERVED
CVE-2018-9399
	RESERVED
CVE-2018-9398
	RESERVED
CVE-2018-9397
	RESERVED
CVE-2018-9396
	RESERVED
CVE-2018-9395
	RESERVED
CVE-2018-9394
	RESERVED
CVE-2018-9393
	RESERVED
CVE-2018-9392
	RESERVED
CVE-2018-9391
	RESERVED
CVE-2018-9390
	RESERVED
CVE-2018-9389
	RESERVED
CVE-2018-9388
	RESERVED
CVE-2018-9387
	RESERVED
CVE-2018-9386
	RESERVED
CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds w ...)
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100491
	NOTE: Related, but not the same as CVE-2018-9415
CVE-2018-9384
	RESERVED
CVE-2018-9383
	RESERVED
CVE-2018-9382
	RESERVED
CVE-2018-9381
	RESERVED
CVE-2018-9380
	RESERVED
CVE-2018-9379
	RESERVED
CVE-2018-9378
	RESERVED
CVE-2018-9377
	RESERVED
CVE-2018-9376
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9375
	RESERVED
CVE-2018-9374
	RESERVED
CVE-2018-9373
	RESERVED
CVE-2018-9372
	RESERVED
CVE-2018-9371
	RESERVED
CVE-2018-9370
	RESERVED
CVE-2018-9369
	RESERVED
CVE-2018-9368
	RESERVED
CVE-2018-9367
	RESERVED
CVE-2018-9366
	RESERVED
CVE-2018-9365
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9364
	RESERVED
CVE-2018-9363 (In the hidp_process_report in bluetooth, there is an integer overflow. ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
CVE-2018-9362 (In processMessagePart of InboundSmsHandler.java, there is a possible r ...)
	NOT-FOR-US: Android
CVE-2018-9361 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9360 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9359 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9358 (In gatts_process_attribute_req of gatt_sc.cc, there is a possible read ...)
	NOT-FOR-US: Android
CVE-2018-9357 (In BNEP_Write of bnep_api.cc, there is a possible out of bounds write  ...)
	NOT-FOR-US: Android
CVE-2018-9356 (In bnep_data_ind of bnep_main.c, there is a possible remote code execu ...)
	NOT-FOR-US: Android
CVE-2018-9355 (In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of boun ...)
	NOT-FOR-US: Android
CVE-2018-9354
	RESERVED
CVE-2018-9353
	RESERVED
CVE-2018-9352
	RESERVED
CVE-2018-9351
	RESERVED
CVE-2018-9350
	RESERVED
CVE-2018-9349
	RESERVED
CVE-2018-9348
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9347 (In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect in ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9346
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9345
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9344
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9343
	RESERVED
CVE-2018-9342
	RESERVED
CVE-2018-9341
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9340
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9339
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9338
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9337 (The PAN-OS web interface administration page in PAN-OS 6.1.20 and earl ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9336 (openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x  ...)
	- openvpn <not-affected> (Windows specific issue)
	NOTE: https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
CVE-2018-9335 (The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9333
	RESERVED
CVE-2018-9332
	RESERVED
CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote attac ...)
	NOT-FOR-US: zzcms
CVE-2016-10720
	RESERVED
CVE-2016-10719 (TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can ...)
	NOT-FOR-US: TP-Link
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...)
	NOT-FOR-US: Coremail XT3.0
CVE-2018-9329
	REJECTED
CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or ...)
	NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
CVE-2018-9327 (Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute ar ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9326 (Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary co ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9325 (Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9324
	REJECTED
CVE-2018-9323
	REJECTED
CVE-2018-9322 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9321
	REJECTED
CVE-2018-9320 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: BMW (Head Unit HU_NBT component) on BMW vehicles
CVE-2018-9319
	REJECTED
CVE-2018-9318 (The Telematics Control Unit (aka Telematic Communication Box or TCB),  ...)
	NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
CVE-2018-9317
	REJECTED
CVE-2018-9316
	REJECTED
CVE-2018-9315
	REJECTED
CVE-2018-9314 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9313 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9312 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9311 (The Telematics Control Unit (aka Telematic Communication Box or TCB),  ...)
	NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...)
	NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutr ...)
	- zammad <itp> (bug #841355)
CVE-2018-1000142 (An exposure of sensitive information vulnerability exists in Jenkins G ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000143 (An exposure of sensitive information vulnerability exists in Jenkins G ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000144 (A cross site scripting vulnerability exists in Jenkins Cucumber Living ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000145 (An exposure of sensitive information vulnerability exists in Jenkins P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000146 (An arbitrary code execution vulnerability exists in Liquibase Runner P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000147 (An exposure of sensitive information vulnerability exists in Jenkins P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000148 (An exposure of sensitive information vulnerability exists in Jenkins C ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000149 (A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000150 (An exposure of sensitive information vulnerability exists in Jenkins R ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000151 (A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.1 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins vSphere Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins vSphere P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H82 if setuid r ...)
	NOT-FOR-US: MagniComp SysInfo
CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection via the  ...)
	NOT-FOR-US: zzcms
CVE-2018-9308
	RESERVED
CVE-2018-9307 (dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.p ...)
	NOT-FOR-US: dsmall
CVE-2018-9306
	REJECTED
CVE-2018-9305 (In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ip ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/263
CVE-2018-9304 (In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffim ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.26; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/262
CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigti ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.26; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/262
CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpi ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2018-9301
	RESERVED
CVE-2018-9300
	RESERVED
CVE-2018-9299
	RESERVED
CVE-2018-9298
	RESERVED
CVE-2018-9297
	RESERVED
CVE-2018-9296
	RESERVED
CVE-2018-9295
	RESERVED
CVE-2018-9294
	RESERVED
CVE-2018-9293
	RESERVED
CVE-2018-9292
	RESERVED
CVE-2018-9291
	RESERVED
CVE-2018-9290
	RESERVED
CVE-2018-9289
	RESERVED
CVE-2018-9288
	RESERVED
CVE-2018-9287
	RESERVED
CVE-2018-9286
	RESERVED
CVE-2018-9243 (GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vu ...)
	- gitlab 10.6.3+dfsg-1 (bug #894869)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vu ...)
	- gitlab 10.6.3+dfsg-1 (bug #894868)
	[stretch] - gitlab <not-affected> (Vulnerable code introduced in 9.2)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-XXXX [Confidential issue comments in Slack, Mattermost, and webhook integrations]
	- gitlab 10.6.3+dfsg-1 (bug #894867)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT ...)
	NOT-FOR-US: ASUS
CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore StarHub f ...)
	NOT-FOR-US: D-Link
CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 s ...)
	NOT-FOR-US: Creme CRM
CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcas ...)
	NOT-FOR-US: Subsonic Media Server
CVE-2018-9281 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administ ...)
	NOT-FOR-US: Eaton
CVE-2018-9280 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The applianc ...)
	NOT-FOR-US: Eaton
CVE-2018-9279 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The applianc ...)
	NOT-FOR-US: Eaton
CVE-2018-9278
	RESERVED
CVE-2018-9277
	RESERVED
CVE-2018-9276 (An issue was discovered in PRTG Network Monitor before 18.2.39. An att ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_yubico ...)
	- yubico-pam 2.26-1 (bug #896491)
	[stretch] - yubico-pam <no-dsa> (Minor issue)
	[jessie] - yubico-pam <not-affected> (Vulnerable code introduced later)
	[wheezy] - yubico-pam <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
	NOTE: Fixed by: https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba
	NOTE: Introduced in: https://github.com/Yubico/yubico-pam/commit/d9780eacd9e61c5062cdabdce21c224de1884583 (2.18)
	NOTE: https://github.com/Yubico/yubico-pam/issues/136
CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux kernel be ...)
	{DSA-4188-1}
	- linux 4.11.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b86e33075ed1909d8002745b56ecf73b833db143
CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access con ...)
	- koji <not-affected> (Issue introduced in 1.12.0, cf. #894832)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/04/1
	NOTE: https://docs.pagure.org/koji/CVE-2018-1002150/
	NOTE: https://pagure.io/koji/issue/850
	NOTE: Fixed by: https://pagure.io/koji/c/ab1ade7
CVE-2018-9274 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c  ...)
	- wireshark 2.4.6-1
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14488
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1f8f1456f1e73b6c09e50a64749e43413ac12df7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14487
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e3b90824a82724f445a0374e99f0b76e4cf5e8b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
	NOTE: Applying patch for versions 1.12 and older requires introduction of a new
	NOTE: memory management system (wmem).
CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14486
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a mem ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14485
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14483
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c69d710d2bf39fe633800db65efddf55701131b6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: applying patch in jessie/wheezy requires introduction of a new memory management system (wmem)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14482
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ed057f7faa709dbde34b91f0715a957837f74d9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: applying patch in jessie/wheezy requires introduction of a new memory management system (wmem)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14480
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b12cc581cd4878d74b6116ca02c7dbe650c1f242
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector cou ...)
	- wireshark 2.4.6-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (Vulnerable code not present (only adb_cs available))
	[wheezy] - wireshark <not-affected> (Vulnerable code not present (only adb_cs available))
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0290a62be0fca8da9bb190f59dc1fe26c1d65024
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-16.html
CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissecto ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-23.html
CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector co ...)
	{DLA-1634-1}
	- wireshark 2.4.6-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14469
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f05c3b91f9571210b86576ee6284e71a3306109d
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-19.html
CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector co ...)
	{DSA-4217-1 DLA-1388-1}
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html
CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dis ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-17.html
CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector cou ...)
	{DLA-1634-1}
	- wireshark 2.4.6-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2113179835b37549f245ac7c05ff2b96276893e4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-15.html
CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was a ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2d4695de1477df60b0188fd581c0c279db601978
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-21.html
CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infini ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-22.html
CVE-2018-9256 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector c ...)
	{DLA-1634-1}
	- wireshark 2.4.6-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dac48f148538c706c446e5105d84ebcb54587528
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-20.html
CVE-2018-9255
	RESERVED
CVE-2018-9254
	RESERVED
CVE-2018-9253
	RESERVED
CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable assertion in th ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/173
	NOTE: Negligible impact
CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is  ...)
	- libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug #895195)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
	NOTE: Before upstream commit https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: the memlimit argument to lzma_auto_decoder was set to UINT64_MAX, possibly
	NOTE: allowing a malicious LZMA compressed files to consume large amounts of memory
	NOTE: when decompressed. Setting memlimit to UINT64_MAX the limiter is effectively
	NOTE: disabled and "lzma_auto_decoder(&state->strm, UINT64_MAX, 0)" can never result
	NOTE: in LZMA_MEMLIMIT_ERROR outcome because there is no way to exceed UINT64_MAX.
	NOTE: Thus CVE-2018-9251 is only affecting libxml2 if e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: is applied.
CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote  ...)
	{DLA-1524-1}
	[experimental] - libxml2 2.9.7+dfsg-1
	- libxml2 2.9.10+dfsg-2 (low; bug #895245)
	[buster] - libxml2 <no-dsa> (Minor issue)
	[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
	[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: When fixing this issue make sure to not open CVE-2018-9251 and apply
	NOTE: the fix for CVE-2018-9251 / https://bugzilla.gnome.org/show_bug.cgi?id=794914
CVE-2018-9250 (interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote ...)
	NOT-FOR-US: OpenEMR
CVE-2018-9249 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ...)
	NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass vi ...)
	NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gx ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9246 (The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...)
	- libpgobject-util-dbadmin-perl 0.130.1-1 (bug #900942)
	[stretch] - libpgobject-util-dbadmin-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/2c25c3dbc8b832a657247d3ea63ae80f3c5df6b1
	NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/f4e684008ca9e182833a70793ae91288d2c80218
	NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/dc48d0e1af0dbf861779b2c781e0f4c612c22cfb
	NOTE: https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html
CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulne ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal
CVE-2018-9242 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9241
	RESERVED
CVE-2018-9239
	RESERVED
CVE-2018-9238 (proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName paramet ...)
	NOT-FOR-US: Yahei-PHP Proberv
CVE-2018-9237 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site ...)
	NOT-FOR-US: iScripts EasyCreate
CVE-2018-9236 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site ...)
	NOT-FOR-US: iScripts EasyCreate
CVE-2018-9235 (iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query  ...)
	NOT-FOR-US: iScripts SonicBB
CVE-2017-18256 (Brave Browser before 0.13.0 allows remote attackers to cause a denial  ...)
	- brave-browser <itp> (bug #864795)
CVE-2016-10718 (Brave Browser before 0.13.0 allows a tab to close itself even if the t ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce ...)
	- gnupg2 2.2.7-1 (low; bug #894983)
	[stretch] - gnupg2 <no-dsa> (Minor issue)
	[jessie] - gnupg2 <no-dsa> (Minor issue)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	NOTE: https://dev.gnupg.org/T3844
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a u ...)
	{DLA-2186-1}
	- ncmpc 0.33-1 (low; bug #894724)
	[stretch] - ncmpc 0.25-0.1+deb9u1
	[wheezy] - ncmpc <no-dsa> (Minor issue)
CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for passwo ...)
	NOT-FOR-US: Sophos
CVE-2018-9232 (Due to the lack of firmware authentication in the upgrade process of T ...)
	NOT-FOR-US: T&W WIFI Repeater BE126 devices
CVE-2018-9231
	RESERVED
CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtai ...)
	NOT-FOR-US: OpenResty
CVE-2018-9229
	RESERVED
CVE-2018-9228
	RESERVED
CVE-2018-9227
	RESERVED
CVE-2018-9226
	RESERVED
CVE-2018-9225
	RESERVED
CVE-2018-9224
	RESERVED
CVE-2018-9223
	RESERVED
CVE-2018-9222
	RESERVED
CVE-2018-9221
	RESERVED
CVE-2018-9220
	RESERVED
CVE-2018-9219
	RESERVED
CVE-2018-9218
	RESERVED
CVE-2018-9217
	RESERVED
CVE-2018-9216
	RESERVED
CVE-2018-9215
	RESERVED
CVE-2018-9214
	RESERVED
CVE-2018-9213
	RESERVED
CVE-2018-9212
	RESERVED
CVE-2018-9211
	RESERVED
CVE-2018-9210
	RESERVED
CVE-2018-9209 (Unauthenticated arbitrary file upload vulnerability in FineUploader ph ...)
	NOT-FOR-US: FineUploader
CVE-2018-9208 (Unauthenticated arbitrary file upload vulnerability in jQuery Picture  ...)
	NOT-FOR-US: jQuery Picture
CVE-2018-9207 (Arbitrary file upload in jQuery Upload File &lt;= 4.0.2 ...)
	NOT-FOR-US: jQuery Upload File (different from src:libjs-jquery-file-upload)
CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery- ...)
	- libjs-jquery-file-upload 9.25.0-1
	NOTE: https://github.com/blueimp/jQuery-File-Upload/pull/3514
	NOTE: http://www.vapidlabs.com/advisory.php?v=204
CVE-2018-9205 (Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php ...)
	NOT-FOR-US: avatar_uploader
CVE-2018-9204
	RESERVED
CVE-2018-9203
	RESERVED
CVE-2018-9202
	RESERVED
CVE-2018-9201
	RESERVED
CVE-2018-9200
	RESERVED
CVE-2018-9199
	RESERVED
CVE-2018-9198
	RESERVED
CVE-2018-9197
	RESERVED
CVE-2018-9196
	RESERVED
CVE-2018-9195 (Use of a hardcoded cryptographic key in the FortiGuard services commun ...)
	NOT-FOR-US: FortiGuard
CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2018-9192 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-9191 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2018-9190 (A null pointer dereference vulnerability in Fortinet FortiClientWindow ...)
	NOT-FOR-US: Fortinet
CVE-2018-9189
	RESERVED
CVE-2018-9188
	RESERVED
CVE-2018-9187
	RESERVED
CVE-2018-9186 (A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthentica ...)
	NOT-FOR-US: Fortinet
CVE-2018-9185 (An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and  ...)
	NOT-FOR-US: Fortinet
CVE-2018-9184
	RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
	NOT-FOR-US: Joomla addon
CVE-2018-9182 (Twonky Server before 8.5.1 has XSS via a modified "language" parameter ...)
	NOT-FOR-US: Twonky Server
CVE-2018-9181
	RESERVED
CVE-2018-9180
	RESERVED
CVE-2018-9179
	RESERVED
CVE-2018-9178
	RESERVED
CVE-2018-9177 (Twonky Server before 8.5.1 has XSS via a folder name on the Shared Fol ...)
	NOT-FOR-US: Twonky Server
CVE-2018-9176
	RESERVED
CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via  ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arb ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in admin/template/js/uploadif ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9171
	RESERVED
CVE-2018-9170
	RESERVED
CVE-2018-9169 (Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit. ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-9168
	RESERVED
CVE-2018-9167
	RESERVED
CVE-2018-9166
	RESERVED
CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8 does ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/121
CVE-2018-9164
	RESERVED
CVE-2018-9163 (A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho
CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for new_u ...)
	NOT-FOR-US: Contec Smart Home
CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...)
	NOT-FOR-US: Prisma Industriale Checkweigher PrismaWEB
CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in HTTP r ...)
	NOT-FOR-US: SickRage
CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static fi ...)
	NOT-FOR-US: Spark Java framework (unrelated to src:spark)
CVE-2018-9158 (An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5 ...)
	NOT-FOR-US: AXIS
CVE-2018-9157 (** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Fir ...)
	NOT-FOR-US: AXIS
CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmw ...)
	NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2. ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in libj ...)
	- jasper <removed> (unimportant)
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...)
	{DLA-1423-1}
	- linux 4.11.6-1 (unimportant)
	[stretch] - linux 4.9.107-1
	NOTE: https://git.kernel.org/linus/1572e45a924f254d9570093abde46430c3172e3d
CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in gotuf/client/cl ...)
	- notary 0.1~ds1-1
CVE-2015-9258 (In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Al ...)
	- notary 0.1~ds1-1
CVE-2018-9152
	RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ObReferenceObjectByHand ...)
	NOT-FOR-US: Kingsoft Internet Security
CVE-2018-9150
	RESERVED
CVE-2018-9149 (The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a s ...)
	NOT-FOR-US: Zyxel
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session to ...)
	NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
	NOT-FOR-US: Gespage
CVE-2018-9146
	REJECTED
CVE-2018-9145 (In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issu ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #910909)
	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
	NOTE: https://github.com/Exiv2/exiv2/pull/470
	NOTE: Fixed with: https://github.com/Exiv2/exiv2/commit/c03f73268f65c73f9d3d7b670f13e48e92692750
	NOTE: Issue introduced after https://github.com/Exiv2/exiv2/commit/163f3ce7f17a143f58d857a5cba3cb7b24436a2a
CVE-2018-9144 (In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::bina ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/254
	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
	NOTE: https://github.com/Exiv2/exiv2/pull/180 intends to fix this
CVE-2018-9143 (On Samsung mobile devices with M(6.0) and N(7.x) software, a heap over ...)
	NOT-FOR-US: Samsung
CVE-2018-9142 (On Samsung mobile devices with N(7.x) software, attackers can install  ...)
	NOT-FOR-US: Samsung
CVE-2018-9141 (On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Ga ...)
	NOT-FOR-US: Samsung
CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email application  ...)
	NOT-FOR-US: Samsung
CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer overflow in t ...)
	NOT-FOR-US: Samsung
CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
	NOTE: binutils not covered by security support
CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)
	NOT-FOR-US: Open-AudIT
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: Jungo
CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1009
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/361ed689cc8e56fd125f9d0d6508e9eb303bdca6
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4f7196b0b7539b113f2580b6a77aa496813d8899
	NOTE: webp support not enabled, see #806425
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename acti ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072
	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/089fca04e0130549fa15f48ace3f56e30a06049a
	NOTE: IM7: https://github.com/ImageMagick/ImageMagick/commit/19b96ba61431914e2ac316b72c0789965f2b7c09
CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/133
CVE-2018-9131
	REJECTED
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
	NOT-FOR-US: IBOS
CVE-2018-9129 (ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in ...)
	NOT-FOR-US: ZyXEL ZyWALL/USG series devices
CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...)
	NOT-FOR-US: DVD X Player Standard
CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certi ...)
	- botan 2.4.0-5 (bug #894648)
CVE-2018-9126 (The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote a ...)
	NOT-FOR-US: DNN
CVE-2018-9125
	RESERVED
CVE-2018-9124
	RESERVED
CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User ...)
	NOT-FOR-US: Crea8social
CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the ...)
	NOT-FOR-US: Crea8social
CVE-2018-9121 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post ...)
	NOT-FOR-US: Crea8social
CVE-2018-9120 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post ...)
	NOT-FOR-US: Crea8social
CVE-2018-9119 (An attacker with physical access to a BrilliantTS FUZE card (MCU firmw ...)
	NOT-FOR-US: BrilliantTS FUZE card
CVE-2018-9118 (exports/download.php in the 99 Robots WP Background Takeover Advertise ...)
	NOT-FOR-US: 99 Robots WP Background Takeover Advertisements plugin for WordPress
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a remote u ...)
	NOT-FOR-US: WireMock
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a remote una ...)
	NOT-FOR-US: WireMock
CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not validate input from other sources ...)
	NOT-FOR-US: Systematic SitaWare
CVE-2018-9114
	RESERVED
CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows  ...)
	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
CVE-2018-9112 (A low privileged admin account with a weak default password of admin e ...)
	NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_ ...)
	NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9110 (Studio 42 elFinder before 2.1.37 has a directory traversal vulnerabili ...)
	NOT-FOR-US: Studio 42 elFinder
CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has a directory traversal vulnerabili ...)
	NOT-FOR-US: Studio 42 elFinder
CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an u ...)
	NOT-FOR-US: QuickAppsCMS
CVE-2018-9107 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
	NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
	NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege escalation vuln ...)
	NOT-FOR-US: NordVPN
CVE-2018-9104 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9103 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9102 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9101 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9100
	RESERVED
CVE-2018-9099
	RESERVED
CVE-2018-9098
	RESERVED
CVE-2018-9097
	RESERVED
CVE-2018-9096
	RESERVED
CVE-2018-9095
	RESERVED
CVE-2018-9094
	RESERVED
CVE-2018-9093
	RESERVED
CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 tha ...)
	NOT-FOR-US: MiniCMS
CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating System (LMOS ...)
	NOT-FOR-US: KEMP LoadMaster Operating System
CVE-2018-9090 (CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Gr ...)
	NOT-FOR-US: CoreOS Tectonic
CVE-2018-9089
	RESERVED
CVE-2018-9088
	RESERVED
CVE-2018-9087
	RESERVED
CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection vulner ...)
	NOT-FOR-US: Lenovo
CVE-2018-9085 (A write protection lock bit was left unset after boot on an older gene ...)
	NOT-FOR-US: IBM
CVE-2018-9084 (In System Management Module (SMM) versions prior to 1.06, if an attack ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-9083 (In System Management Module (SMM) versions prior to 1.06, the SMM cont ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-9082 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9081 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9080 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9079 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9078 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9077 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9076 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes ...)
	NOT-FOR-US: Lenovo Chassis Management Module
CVE-2018-9072 (In versions prior to 5.5, LXCI for VMware allows an authenticated user ...)
	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows u ...)
	NOT-FOR-US: Lenovo Chassis Management Module
CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than 12.1. ...)
	NOT-FOR-US: Lenovo
CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race condition in t ...)
	NOT-FOR-US: Lenovo
CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management modul ...)
	NOT-FOR-US: IBM
CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had insuf ...)
	NOT-FOR-US: Lenovo
CVE-2018-9066 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an authe ...)
	NOT-FOR-US: Lenovo xClarity Administrator
CVE-2018-9065 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an attac ...)
	NOT-FOR-US: Lenovo xClarity Administrator
CVE-2018-9064 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an authe ...)
	NOT-FOR-US: Lenovo xClarity Administrator
CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo Sy ...)
	NOT-FOR-US: Lenovo
CVE-2018-9062 (In some Lenovo ThinkPad products, one BIOS region is not properly incl ...)
	NOT-FOR-US: Lenovo
CVE-2018-9061
	RESERVED
CVE-2018-9060
	REJECTED
CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2  ...)
	NOT-FOR-US: Easy File Sharing (EFS)
CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the  ...)
	- lrzip 0.631+git180517-1 (unimportant)
	NOTE: https://github.com/ckolivas/lrzip/issues/93
	NOTE: No security impact
CVE-2018-7600 (Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x be ...)
	{DSA-4156-1 DLA-1325-1}
	- drupal7 7.58-1 (bug #894259)
	NOTE: https://www.drupal.org/sa-core-2018-002
	NOTE: https://groups.drupal.org/security/faq-2018-002
	NOTE: https://www.drupal.org/psa-2018-001
	NOTE: Drupal 7.x Patch: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform  ...)
	NOT-FOR-US: HashiCorp Terraform Amazon Web Services
CVE-2018-9056 (Systems with microprocessors utilizing speculative execution may allow ...)
	NOTE: Hardware side channel attack
	NOTE: http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf
CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in th ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/172
	NOTE: Negligible impact
CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9052 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9051 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9050 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9049 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9048 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9047 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9046 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9045 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via an admin ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an upload_file requ ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-9036 (CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Dis ...)
	NOT-FOR-US: CheckSec Canopy
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the R ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9033
	RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1 ...)
	NOT-FOR-US: D-Link
CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices prov ...)
	NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
CVE-2018-9030
	RESERVED
CVE-2018-9029 (An improper input validation vulnerability in CA Privileged Access Man ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9028 (Weak cryptography used for passwords in CA Privileged Access Manager 2 ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9027 (A reflected cross-site scripting vulnerability in CA Privileged Access ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9026 (A session fixation vulnerability in CA Privileged Access Manager 2.x a ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9025 (An input validation vulnerability in CA Privileged Access Manager 2.x  ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9024 (An improper authentication vulnerability in CA Privileged Access Manag ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9023 (An input validation vulnerability in CA Privileged Access Manager 2.x  ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9022 (An authentication bypass vulnerability in CA Privileged Access Manager ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9021 (An authentication bypass vulnerability in CA Privileged Access Manager ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerabil ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/24d5699753170c141b46816284430516c2d48fed
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/53ea13989003cdb4955024f95b4a0158a2e871c6
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/808
CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereferen ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/794
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList fun ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/802
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/12f34b60564de1cbec08e23e2413dab5b64daeb7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb04ccb34fd45e9c3020786857fb79b09f44d7db
CVE-2017-18251 (An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerabil ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/809
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/12a43437fec6f9245327636dc2730863bb9fdd8b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/99718b41102f26f802311045e882aa947ef2941b
CVE-2017-18250 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereferen ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/793
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2f368e74a51ec7541b6595af712d17d6d1376534
CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel before ...)
	{DLA-1715-1}
	- linux 4.12.6-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-4.9 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-B ...)
	{DLA-1412-1 DLA-1387-1}
	- cups 2.2.6-1
	[stretch] - cups 2.2.1-8+deb9u3
	NOTE: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
	NOTE: https://github.com/apple/cups/issues/5143
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allows re ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImag ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.28-2 (bug #894396)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the public/in ...)
	NOT-FOR-US: dsmall
CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the public ...)
	NOT-FOR-US: dsmall
CVE-2018-9015 (dsmall v20180320 allows XSS via the public/index.php/home/predeposit/i ...)
	NOT-FOR-US: dsmall
CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a public/index.php/h ...)
	NOT-FOR-US: dsmall
CVE-2018-9013
	RESERVED
CVE-2018-9012
	RESERVED
CVE-2018-9011
	RESERVED
CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote  ...)
	NOT-FOR-US: Intelbras
CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP funct ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/131
CVE-2018-9008
	RESERVED
CVE-2018-9007 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9006 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9005 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9004 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9003 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9002 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9001 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9000 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8999 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8998 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8997 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8996 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8995 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8994 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8993 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8992 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8991 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8990 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8989 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8988 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8987
	RESERVED
CVE-2018-8986
	RESERVED
CVE-2018-8985
	RESERVED
CVE-2018-8984
	RESERVED
CVE-2018-8983
	RESERVED
CVE-2018-8982
	RESERVED
CVE-2018-8981
	RESERVED
CVE-2018-8980
	RESERVED
CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a u ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an  ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonm ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental, bug #894179)
	NOTE: https://github.com/Exiv2/exiv2/issues/247
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial  ...)
	- exiv2 0.27.2-6 (low; bug #903813)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/246
	NOTE: https://github.com/Exiv2/exiv2/pull/256
CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
	NOTE: Debian uses an unaffected fork
CVE-2018-8974 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows  ...)
	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an article, as de ...)
	NOT-FOR-US: OTCMS
CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in ...)
	NOT-FOR-US: Creditwest Bank CMS Project (aka CWCMS)
CVE-2018-8970 (The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c ...)
	- libressl <itp> (bug #754513)
CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php allows rem ...)
	NOT-FOR-US: zzcms
CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows remote at ...)
	NOT-FOR-US: zzcms
CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection via the  ...)
	NOT-FOR-US: zzcms
CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code injection via ...)
	NOT-FOR-US: zzcms
CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows remote at ...)
	NOT-FOR-US: zzcms
CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 ...)
	NOT-FOR-US: BMC Remedy Action Request (AR) System
CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c has a us ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8963 (In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8962 (In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function o ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q1 ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/23f6beef78cfe806cabc090a015e73557d60788e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7c0b29f621ebcce1a35c0e6c1992c9043b3bb1bd
CVE-2018-8959
	RESERVED
CVE-2018-8958
	RESERVED
CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
	NOT-FOR-US: CoverCMS
CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...)
	- ntp <unfixed> (low)
	[buster] - ntp <no-dsa> (Minor issue)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <postponed> (Minor issue, requires being part of same broadcast network, no patch)
	- ntpsec <not-affected> (Broadcast mode not present, see #961748)
	NOTE: https://arxiv.org/abs/2005.01783
	NOTE: https://nikhiltripathi.in/NTP_attack.pdf
	NOTE: https://tools.ietf.org/html/rfc5905
CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string  ...)
	NOT-FOR-US: BitDefender GravityZone
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
	NOT-FOR-US: CA Workload Control Center
CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote attackers t ...)
	NOT-FOR-US: CA Workload Automation AE
CVE-2018-8952
	RESERVED
CVE-2018-8951
	RESERVED
CVE-2018-8950
	RESERVED
CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before 2.4. ...)
	NOT-FOR-US: MISP
CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has mul ...)
	NOT-FOR-US: MISP
CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encodin ...)
	NOT-FOR-US: rap2hpoutre Laravel Log Viewer
CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access Cont ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/124
CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow  ...)
	{DSA-4151-1}
	- librelp 1.2.15-1
	[wheezy] - librelp <not-affected> (vulnerable code not present)
	NOTE: https://www.rsyslog.com/cve-2018-1000140/
	NOTE: Fixed by: https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf
CVE-2018-1000139 (I, Librarian version 4.8 and earlier contains a Cross Site Scripting ( ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/119
CVE-2018-1000138 (I, Librarian version 4.8 and earlier contains a SSRF vulnerability in  ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/120
CVE-2018-1000137 (I, Librarian version 4.8 and earlier contains a Cross site Request For ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/121
CVE-2017-18247 (The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12. ...)
	- libav <removed> (low)
	[jessie] - libav <ignored> (Minor issue, clean crash, not reproducible with 11.12)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1089
	NOTE: referenced patch 27085d1b should protect direct ./avconv vectors but situation is unclear for library vectors
CVE-2017-18246 (The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows ...)
	- libav <removed> (low)
	[jessie] - libav <ignored> (Minor issue, oob read, not reproducible with 11.12, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1095
CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows rem ...)
	{DLA-2021-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
	NOTE: new 2019 PoC crash with non-null, non-asan segfault, 32-bit only
CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, a ...)
	{DSA-4206-1}
	- gitlab 10.5.6+dfsg-1 (bug #893905)
	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8946
	RESERVED
CVE-2018-8945 (The bfd_section_from_shdr function in elf.c in the Binary File Descrip ...)
	- binutils 2.30.90.20180627-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22809
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=95a6d23566165208853a68d9cd3c6eedca840ec6
CVE-2018-8944 (PHPOK 4.8.338 has an arbitrary file upload vulnerability. ...)
	NOT-FOR-US: PHPOK
CVE-2018-8943 (There is a SQL injection in the PHPSHE 1.6 userbank parameter. ...)
	NOT-FOR-US: PHPSE
CVE-2018-8942 (Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. ...)
	NOT-FOR-US: Xiuno BBS
CVE-2017-18244 (The stereo_processing function in libavcodec/aacps.c in Libav 12.2 all ...)
	- libav <removed> (low)
	[jessie] - libav <ignored> (not reproducible with 11.12, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1105
CVE-2017-18243 (The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 1 ...)
	- libav <removed> (low)
	[jessie] - libav <ignored> (not reproducible with 11.12, 32-bit only, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1088
CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in Libav  ...)
	- libav <removed> (low)
	[jessie] - libav <ignored> (not reproducible with 11.12, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1093
CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU  ...)
	NOT-FOR-US: D-Link
CVE-2018-8940 (ClientServiceConfigController.cs in Enghouse Cloud Contact Center Plat ...)
	NOT-FOR-US: Enghouse Cloud Contact Center Platform
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold bef ...)
	NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswi ...)
	NOT-FOR-US: Ipswitch
CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chip ...)
	NOT-FOR-US: AMD
CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms,  ...)
	NOT-FOR-US: AMD
CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms,  ...)
	NOT-FOR-US: AMD
CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access control f ...)
	NOT-FOR-US: AMD
CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient access c ...)
	NOT-FOR-US: AMD
CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insuff ...)
	NOT-FOR-US: AMD
CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chip ...)
	NOT-FOR-US: AMD
CVE-2018-8929 (Improper restriction of communication channel to intended endpoints vu ...)
	NOT-FOR-US: Synology
CVE-2018-8928 (Cross-site scripting (XSS) vulnerability in Address Book Editor in Syn ...)
	NOT-FOR-US: Synology
CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in Calendar bef ...)
	NOT-FOR-US: Synology
CVE-2018-8926 (Permissive regular expression vulnerability in synophoto_dsm_user in S ...)
	NOT-FOR-US: Synology
CVE-2018-8925 (Cross-site request forgery (CSRF) vulnerability in admin/user.php in S ...)
	NOT-FOR-US: Synology
CVE-2018-8924 (Cross-site scripting (XSS) vulnerability in Title Tootip in Synology O ...)
	NOT-FOR-US: Synology
CVE-2018-8923 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-8922 (Improper access control vulnerability in Synology Drive before 1.0.2-1 ...)
	NOT-FOR-US: Synology Drive
CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast  ...)
	NOT-FOR-US: Synology Drive
CVE-2018-8920 (Improper neutralization of escape vulnerability in Log Exporter in Syn ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-8919 (Information exposure vulnerability in SYNO.Core.Desktop.SessionData in ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-8918 (Cross-site scripting (XSS) vulnerability in info.cgi in Synology Route ...)
	NOT-FOR-US: Synology Router Manager
CVE-2018-8917 (Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskS ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-8916 (Unverified password change vulnerability in Change Password in Synolog ...)
	NOT-FOR-US: Synology
CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center in Syn ...)
	NOT-FOR-US: Synology
CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media Server befor ...)
	NOT-FOR-US: Synology Media Server
CVE-2018-8913 (Missing custom error page vulnerability in Synology Web Station before ...)
	NOT-FOR-US: Synology
CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in S ...)
	NOT-FOR-US: Synology Note Station
CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
	NOT-FOR-US: Synology Note Station
CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
	NOT-FOR-US: Wire application for Android
CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ap ...)
	NOT-FOR-US: Frog CMS
CVE-2018-8907
	RESERVED
CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to public/index. ...)
	NOT-FOR-US: dsmall
CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function  ...)
	{DSA-4349-1 DLA-1411-1 DLA-1378-1 DLA-1377-1}
	- tiff 4.0.9-6 (bug #893806)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
	NOTE: https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Optimization Master
CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description fie ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8902 (An issue was discovered in Ivanti Avalanche for all versions between 5 ...)
	NOT-FOR-US: Ivanti
CVE-2018-8901 (An issue was discovered in Ivanti Avalanche for all versions between 5 ...)
	NOT-FOR-US: Ivanti
CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel LD ...)
	NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 d ...)
	NOT-FOR-US: IdentityServer
CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router D- ...)
	NOT-FOR-US: D-Link
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32  ...)
	{DSA-4201-1 DSA-4196-1 DLA-1577-1 DLA-1392-1 DLA-1383-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	NOTE: https://xenbits.xen.org/xsa/advisory-260.html
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/4
CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows  ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the abi ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-8892 (A cross-site request forgery (CSRF) vulnerability in the Management Co ...)
	NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8891 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Mana ...)
	NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8890 (An information disclosure vulnerability in the Management Console of B ...)
	NOT-FOR-US: BlackBerry
CVE-2018-8889 (A directory traversal vulnerability in the Connect Service of the Blac ...)
	NOT-FOR-US: BlackBerry
CVE-2018-8888 (A stored cross-site scripting (XSS) vulnerability in the Management Co ...)
	NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8887
	RESERVED
CVE-2018-8886
	RESERVED
CVE-2018-8885 (screenresolution-mechanism in screen-resolution-extra 0.17.2 does not  ...)
	NOT-FOR-US: screen-resolution-extra
CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0 ...)
	- electron <itp> (bug #842420)
CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users t ...)
	{DSA-4188-1 DSA-4187-1}
	- linux 4.13.4-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
CVE-2016-10717 (A vulnerability in the encryption and permission implementation of Mal ...)
	NOT-FOR-US: Malwarebytes Anti-Malware
CVE-2018-8884
	RESERVED
CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the pars ...)
	- nasm 2.14-1 (low; bug #894847)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392447
	NOTE: https://github.com/netwide-assembler/nasm/commit/3c755dac88039b718d52ef56e8f74b5f65f3b55b
CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-rea ...)
	- nasm 2.14-1 (low; bug #894846)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392445
	NOTE: https://github.com/netwide-assembler/nasm/commit/c7c28357c85fb0bf4105419195bc204aea0fef35
CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read  ...)
	- nasm 2.13.02-0.1 (low)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
	NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
	NOT-FOR-US: Lutron Quantum BACnet Integration
CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
	NOT-FOR-US: ASUS
CVE-2018-8878 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...)
	NOT-FOR-US: ASUS
CVE-2018-8877 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...)
	NOT-FOR-US: ASUS
CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions  ...)
	NOT-FOR-US: Schneider
CVE-2018-8871 (In Delta Electronics Automation TPEditor version 1.89 or prior, parsin ...)
	NOT-FOR-US: Delta Electronics Automation TPEditor
CVE-2018-8870 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ve ...)
	NOT-FOR-US: Medtronic
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for a ...)
	NOT-FOR-US: Lantech
CVE-2018-8868 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ve ...)
	NOT-FOR-US: Medtronic
CVE-2018-8867 (In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 v ...)
	NOT-FOR-US: GE PACSystems
CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an ad ...)
	NOT-FOR-US: Vecna VGo Robot
CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulne ...)
	NOT-FOR-US: Lantech
CVE-2018-8864 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MH ...)
	NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8863
	RESERVED
CVE-2018-8862 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MH ...)
	NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment (Br ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be a ...)
	NOT-FOR-US: Vecna VGo Robot
CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-8858 (If an attacker has access to the firmware from the VGo Robot (Versions ...)
	NOT-FOR-US: VGo Robot
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8856 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8855 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-8854 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a con ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8852 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Whe ...)
	NOT-FOR-US: Philips
CVE-2018-8851 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-8850 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Progra ...)
	NOT-FOR-US: Medtronic
CVE-2018-8848 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8847 (Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer  ...)
	NOT-FOR-US: Eaton
CVE-2018-8846 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-8844 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8843 (Rockwell Automation Arena versions 15.10.00 and prior contains a use a ...)
	NOT-FOR-US: Rockwell
CVE-2018-8842 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-8840 (A remote attacker could send a carefully crafted packet in InduSoft We ...)
	NOT-FOR-US: InduSoft
CVE-2018-8839 (Delta PMSoft versions 2.10 and prior have multiple stack-based buffer  ...)
	NOT-FOR-US: Delta PMSoft
CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions, CENTUM C ...)
	NOT-FOR-US: CENTUM
CVE-2018-8837 (Processing specially crafted .pm3 files in Advantech WebAccess HMI Des ...)
	NOT-FOR-US: Advantech
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include a remo ...)
	NOT-FOR-US: Wago 750 Series PLCs
CVE-2018-8835 (Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7. ...)
	NOT-FOR-US: Advantech
CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 and prio ...)
	NOT-FOR-US: Omron
CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI  ...)
	NOT-FOR-US: Advantech
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable JavaScr ...)
	NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through  ...)
	- kodi <unfixed> (low)
	[buster] - kodi <ignored> (Minor issue)
	[stretch] - kodi <ignored> (Minor issue)
	- xbmc <removed>
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Apr/36
	NOTE: https://trac.kodi.tv/ticket/17814
	NOTE: Fixed in v18
CVE-2018-8830
	RESERVED
CVE-2018-8829
	RESERVED
CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...)
	{DSA-4148-1}
	- kamailio 5.1.2-1
	NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
	NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP devi ...)
	NOT-FOR-US: Technicolor
CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...)
	NOT-FOR-US: ASUS routers
CVE-2018-8825 (Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The i ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horiz ...)
	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horiz ...)
	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel function in fs ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a Information ...)
	[experimental] - network-manager 1.11.4-1
	- network-manager 1.12.0-2 (bug #895658)
	[stretch] - network-manager <no-dsa> (Minor issue)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746422
	NOTE: https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=bg/dns-bgo746422
	NOTE: Merge: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d9782589248e61c0cb5aec90e3eb62612891116b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553634
CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQ ...)
	NOT-FOR-US: Square 9
CVE-2018-8819 (An XXE issue was discovered in Automated Logic Corporation (ALC) WebCT ...)
	NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL
CVE-2018-8818
	RESERVED
CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
	NOT-FOR-US: Wampserver
CVE-2018-8816
	RESERVED
CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in Al ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 all ...)
	NOT-FOR-US: WolfCMS
CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login fun ...)
	NOT-FOR-US: WolfCMS
CVE-2018-8812
	REJECTED
CVE-2018-8811 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in syst ...)
	NOT-FOR-US: OpenCMS
CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...)
	- radare2 2.6.0+dfsg-1 (bug #895749)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/issues/9727
	NOTE: https://github.com/radare/radare2/commit/06c9903be9a1ca46b74571d49027bee2168fbd69
CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik ...)
	- radare2 2.6.0+dfsg-1 (low; bug #895751)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
	NOTE: https://github.com/radare/radare2/issues/9726
	NOTE: https://github.com/radare/radare2/commit/24282de142000d2ed2c19783b40a1351872dfc54
CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_ ...)
	- radare2 2.6.0+dfsg-1 (low; bug #895752)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
	NOTE: https://github.com/radare/radare2/issues/9725
	NOTE: https://github.com/radare/radare2/commit/a88069940950999d5e2fd16cd7d16c7e956bf516
CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function decompileC ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/129
CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the decompileArithmetic ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/128
CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the c ...)
	NOT-FOR-US: Yxcms
CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remot ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6355db269e03f879c516cf9d592c72e157bc75d6
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
CVE-2018-8803
	RESERVED
CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal  Ma ...)
	NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
	- gitlab 10.5.6+dfsg-1 (bug #893905)
	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800 (rdesktop versions up to and including v1.8.3 contain a Heap-Based Buff ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8799 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8798 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8797 (rdesktop versions up to and including v1.8.3 contain a Heap-Based Buff ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8796 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8795 (rdesktop versions up to and including v1.8.3 contain an Integer Overfl ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8794 (rdesktop versions up to and including v1.8.3 contain an Integer Overfl ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8793 (rdesktop versions up to and including v1.8.3 contain a Heap-Based Buff ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8792 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8791 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8790 (Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF se ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Read ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of  ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that l ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...)
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...)
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
CVE-2018-8783
	RESERVED
CVE-2018-8782
	RESERVED
CVE-2018-8781 (The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux  ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://patchwork.freedesktop.org/patch/211845/
	NOTE: Fixed by: https://git.kernel.org/linus/3b82a4db8eaccce735dffd50b4d4e1578099b8e8
CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
	NOTE: https://hackerone.com/reports/302338
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
	NOTE: https://hackerone.com/reports/302997
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
	NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
	NOTE: https://hackerone.com/reports/298246
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-XXXX [Multiple vulnerabilities in CiviCRM]
	- civicrm 4.7.30+dfsg-1 (bug #887330)
	NOTE: https://civicrm.org/blog/dev-team/security-release-civicrm-4726-and-4633-monthly-release-4727
CVE-2017-18240 (The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownersh ...)
	- collectd <not-affected> (Init scripts shipped by Debian are not affected)
CVE-2018-8776
	RESERVED
CVE-2018-8775
	RESERVED
CVE-2018-8774
	RESERVED
CVE-2018-8773
	RESERVED
CVE-2018-8772 (Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on t ...)
	NOT-FOR-US: Coship RT3052 4.0.0.48 devices
CVE-2018-8771
	RESERVED
CVE-2018-8770 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via g ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8769 (elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name func ...)
	- elfutils <not-affected> (Issue introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22976
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q1/msg00078.html
	NOTE: Issue introduced with a merge/update of elf.h from glibc in
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=88f3d2daa107b09fdba376a82bce7ed534c93645
	NOTE: when SYMTAB_SHNDX was introduced, but not yet handled in the
	NOTE: ebl_dynamic_tag_name function.
CVE-2018-8767 (joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&amp;ta ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8764 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 plac ...)
	- ldap-account-manager 6.3-1
	[stretch] - ldap-account-manager 5.5-1+deb9u1
	[jessie] - ldap-account-manager <not-affected> (Issue introduced later)
	[wheezy] - ldap-account-manager <not-affected> (Issue introduced later)
	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
	NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
CVE-2018-8763 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has  ...)
	{DSA-4165-1 DLA-1342-1}
	- ldap-account-manager 6.3-1
	NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
	NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
	NOTE: https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
CVE-2018-8762
	RESERVED
CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms buildi ...)
	NOT-FOR-US: Yxcms
CVE-2018-8760
	RESERVED
CVE-2018-8759
	RESERVED
CVE-2018-8758
	RESERVED
CVE-2018-8757
	RESERVED
CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-8755 (NuCom WR644GACV devices before STA006 allow an attacker to download th ...)
	NOT-FOR-US: NuCom
CVE-2018-8754 (** DISPUTED ** The libevt_record_values_read_event() function in libev ...)
	{DSA-4160-1}
	- libevt 20180317-1 (bug #893431)
	NOTE: https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
	NOTE: Impact limited to OOB read, not write
CVE-2018-8753 (The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20. ...)
	NOT-FOR-US: Clavister cOS Core
CVE-2018-8752
	RESERVED
CVE-2018-8751
	RESERVED
CVE-2018-8750
	RESERVED
CVE-2018-8749
	RESERVED
CVE-2018-8748
	RESERVED
CVE-2018-8747
	RESERVED
CVE-2018-8746
	RESERVED
CVE-2018-8745
	RESERVED
CVE-2018-8744
	RESERVED
CVE-2018-8743
	RESERVED
CVE-2018-8742
	RESERVED
CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the JsonWebTok ...)
	NOT-FOR-US: authentikat-jwt
CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...)
	- jupyter-notebook 5.4.1-1 (bug #893436)
	[stretch] - jupyter-notebook <no-dsa> (Minor issue)
	- ipython 5.1.0-2
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <ignored> (Too invasive to fix)
	NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental
	NOTE: src:ipython does not provide anymore the Notebook
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2
	NOTE: Fixed by: https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831
	NOTE: Ipython in Wheezy lacks sanitization of untrusted HTML completely
	NOTE: which means in theory this CVE does not apply. However due to the absence of
	NOTE: sanitization it is recommended not to use Ipython's notebook with untrusted
	NOTE: content. This issue is no-dsa because it cannot be determined if Ipython
	NOTE: in Wheezy is still affected, a fix appears to be to intrusive though. We recommend to
	NOTE: upgrade to a newer version instead.
CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authentica ...)
	{DSA-4168-1 DLA-1344-1}
	- squirrelmail <removed> (bug #893202)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/17/2
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
	NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a  ...)
	{DLA-1633-1}
	- sqlite3 3.22.0-2 (bug #893195)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[wheezy] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964
CVE-2018-8739 (VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: VPN Unlimited
CVE-2018-1000134 (UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c ...)
	NOT-FOR-US: UnboundID LDAP SDK
CVE-2018-1000133 (Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management  ...)
	NOT-FOR-US: Pitchfork
CVE-2016-10716 (The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS ...)
	NOT-FOR-US: Atlassian Jira plugin
CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira h ...)
	NOT-FOR-US: Atlassian Jira plugin
CVE-2018-8738 (Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. ...)
	NOT-FOR-US: Airties
CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored XSS withi ...)
	NOT-FOR-US: Bookme Control Panel Application
CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8735 (Remote command execution (RCE) vulnerability in Nagios XI 5.2.x throug ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8734 (SQL injection vulnerability in the core config manager in Nagios XI 5. ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8733 (Authentication bypass vulnerability in the core config manager in Nagi ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8732 (Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows re ...)
	NOT-FOR-US: WampServer
CVE-2018-8731
	RESERVED
CVE-2018-8730
	RESERVED
CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the Activity Lo ...)
	NOT-FOR-US: Activity Log plugin for WordPress
CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows XSS i ...)
	NOT-FOR-US: Kontena
CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earli ...)
	NOT-FOR-US: Path Traversal in Gateway in Mirasys DVMS Workstation
CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::Pa ...)
	{DLA-1310-1}
	- exempi 2.4.4-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102483
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331
CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The PostScript_Support ...)
	- exempi 2.4.3-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101914
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048
CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadH ...)
	{DLA-1310-1}
	- exempi 2.4.4-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102484
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806
CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk class in  ...)
	- exempi 2.4.3-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101913
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4
CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows remote attac ...)
	{DLA-1310-1}
	- exempi 2.4.3-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100397
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c
CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer overflow in th ...)
	{DLA-1310-1}
	- exempi 2.4.4-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102151
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260
CVE-2018-8726
	RESERVED
CVE-2018-8725
	RESERVED
CVE-2018-8724
	RESERVED
CVE-2018-8723
	RESERVED
CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multip ...)
	NOT-FOR-US: Zoho
CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Store ...)
	NOT-FOR-US: Zoho
CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name fie ...)
	NOT-FOR-US: ServiceNow ITSM
CVE-2018-8719 (An issue was discovered in the WP Security Audit Log plugin 3.1.1 for  ...)
	NOT-FOR-US: WP Security Audit Log plugin for WordPress
CVE-2018-8718 (Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1 ...)
	- jenkins-mailer-plugin <removed>
CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel thro ...)
	{DSA-4187-1}
	- linux 4.15.17-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <not-affected> (Vulnerability introduced later)
	- linux-4.9 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8716 (WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing  ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3, have a l ...)
	NOT-FOR-US: Embedthis HTTP library / Appweb
CVE-2018-8714 (Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users ...)
	NOT-FOR-US: Honeywell MatrikonOPC OPC Controller
CVE-2018-8713
	RESERVED
CVE-2018-8712 (An issue was discovered in Webmin 1.840 and 1.880 when the default Yes ...)
	- webmin <removed>
CVE-2018-8711 (A local file inclusion issue was discovered in the WooCommerce Product ...)
	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
CVE-2018-8710 (A remote code execution issue was discovered in the WooCommerce Produc ...)
	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
CVE-2018-8709
	RESERVED
CVE-2018-8708
	RESERVED
CVE-2018-8707
	RESERVED
CVE-2018-8706
	RESERVED
CVE-2018-8705
	RESERVED
CVE-2018-8704
	RESERVED
CVE-2018-8703
	RESERVED
CVE-2018-8702
	RESERVED
CVE-2018-8701
	RESERVED
CVE-2018-8700
	RESERVED
CVE-2018-8699
	RESERVED
CVE-2018-8698
	RESERVED
CVE-2018-8697
	RESERVED
CVE-2018-8696
	RESERVED
CVE-2018-8695
	RESERVED
CVE-2018-8694
	RESERVED
CVE-2018-8693
	RESERVED
CVE-2018-8692
	RESERVED
CVE-2018-8691
	RESERVED
CVE-2018-8690
	RESERVED
CVE-2018-8689
	RESERVED
CVE-2018-8688
	RESERVED
CVE-2018-8687
	RESERVED
CVE-2018-8686
	RESERVED
CVE-2018-8685
	RESERVED
CVE-2018-8684
	RESERVED
CVE-2018-8683
	RESERVED
CVE-2018-8682
	RESERVED
CVE-2018-8681
	RESERVED
CVE-2018-8680
	RESERVED
CVE-2018-8679
	RESERVED
CVE-2018-8678
	RESERVED
CVE-2018-8677
	RESERVED
CVE-2018-8676
	RESERVED
CVE-2018-8675
	RESERVED
CVE-2018-8674
	RESERVED
CVE-2018-8673
	RESERVED
CVE-2018-8672
	RESERVED
CVE-2018-8671
	RESERVED
CVE-2018-8670
	RESERVED
CVE-2018-8669
	RESERVED
CVE-2018-8668
	RESERVED
CVE-2018-8667
	RESERVED
CVE-2018-8666
	RESERVED
CVE-2018-8665
	RESERVED
CVE-2018-8664
	RESERVED
CVE-2018-8663
	RESERVED
CVE-2018-8662
	RESERVED
CVE-2018-8661
	RESERVED
CVE-2018-8660
	RESERVED
CVE-2018-8659
	RESERVED
CVE-2018-8658
	RESERVED
CVE-2018-8657
	RESERVED
CVE-2018-8656
	RESERVED
CVE-2018-8655
	RESERVED
CVE-2018-8654 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8653 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows Azure P ...)
	NOT-FOR-US: Windows Azure Pack Rollup
CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft Dynamics NA ...)
	NOT-FOR-US: Microsoft Dynamics NAV
CVE-2018-8650 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2018-8649 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8648
	RESERVED
CVE-2018-8647
	RESERVED
CVE-2018-8646
	RESERVED
CVE-2018-8645
	RESERVED
CVE-2018-8644
	RESERVED
CVE-2018-8643 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8642
	RESERVED
CVE-2018-8641 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8640
	RESERVED
CVE-2018-8639 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8638 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8637 (An information disclosure vulnerability exists in Windows kernel that  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8636 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8635 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8634 (A remote code execution vulnerability exists in Windows where Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8633
	RESERVED
CVE-2018-8632
	RESERVED
CVE-2018-8631 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8630
	RESERVED
CVE-2018-8629 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8628 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8627 (An information disclosure vulnerability exists when Microsoft Excel so ...)
	NOT-FOR-US: Microsoft
CVE-2018-8626 (A remote code execution vulnerability exists in Windows Domain Name Sy ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8625 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8624 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8623
	RESERVED
CVE-2018-8622 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8621 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8620
	RESERVED
CVE-2018-8619 (A remote code execution vulnerability exists when the Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2018-8618 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8617 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8616
	RESERVED
CVE-2018-8615
	RESERVED
CVE-2018-8614
	RESERVED
CVE-2018-8613
	RESERVED
CVE-2018-8612 (A Denial Of Service vulnerability exists when Connected User Experienc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8611 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8610
	RESERVED
CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8608 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8607 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8606 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8604 (A tampering vulnerability exists when Microsoft Exchange Server fails  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8603
	RESERVED
CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2018-8601
	RESERVED
CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure App Servi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8599 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8598 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8597 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8596 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8595 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8594
	RESERVED
CVE-2018-8593
	RESERVED
CVE-2018-8592 (An elevation of privilege vulnerability exists in Windows 10 version 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8591
	RESERVED
CVE-2018-8590
	RESERVED
CVE-2018-8589 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8588 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8587 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8586
	RESERVED
CVE-2018-8585
	RESERVED
CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8583 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8582 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
	NOT-FOR-US: Microsoft
CVE-2018-8580 (An information disclosure vulnerability exists where certain modes of  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8579 (An information disclosure vulnerability exists when attaching files to ...)
	NOT-FOR-US: Microsoft
CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8577 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8576 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8575 (A remote code execution vulnerability exists in Microsoft Project soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8574 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8573 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-8572 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8571
	RESERVED
CVE-2018-8570 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8569 (A remote code execution vulnerability exists in the Yammer desktop app ...)
	NOT-FOR-US: Yammer
CVE-2018-8568 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8567 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
	NOT-FOR-US: Microsoft
CVE-2018-8566 (A security feature bypass vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8565 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2018-8564 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8563 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8562 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8561 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8560
	RESERVED
CVE-2018-8559
	RESERVED
CVE-2018-8558 (An information disclosure vulnerability exists when Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8557 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8556 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8555 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8554 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8553 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8552 (An information disclosure vulnerability exists when VBScript improperl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8551 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8550 (An elevation of privilege exists in Windows COM Aggregate Marshaler, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8549 (A security feature bypass exists when Windows incorrectly validates ke ...)
	NOT-FOR-US: Microsoft
CVE-2018-8548
	RESERVED
CVE-2018-8547 (A cross-site-scripting (XSS) vulnerability exists when an open source  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8546 (A denial of service vulnerability exists in Skype for Business, aka "M ...)
	NOT-FOR-US: Microsoft
CVE-2018-8545 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-8544 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8543 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8542 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8541 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8540 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
	NOT-FOR-US: Microsoft .NET
CVE-2018-8539 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-8538
	RESERVED
CVE-2018-8537
	RESERVED
CVE-2018-8536
	RESERVED
CVE-2018-8535
	RESERVED
CVE-2018-8534
	RESERVED
CVE-2018-8533 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-8532 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-8531 (A remote code execution vulnerability exists in the way that Azure IoT ...)
	NOT-FOR-US: Microsoft
CVE-2018-8530 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8529 (A remote code execution vulnerability exists when Team Foundation Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-8528
	RESERVED
CVE-2018-8527 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-8526
	RESERVED
CVE-2018-8525
	RESERVED
CVE-2018-8524 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8523
	RESERVED
CVE-2018-8522 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8521
	RESERVED
CVE-2018-8520
	RESERVED
CVE-2018-8519
	RESERVED
CVE-2018-8518 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8517 (A denial of service vulnerability exists when .NET Framework improperl ...)
	NOT-FOR-US: Microsoft .NET
CVE-2018-8516
	RESERVED
CVE-2018-8515
	RESERVED
CVE-2018-8514 (An information disclosure vulnerability exists when Remote Procedure C ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8513 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8512 (A security feature bypass vulnerability exists in Microsoft Edge when  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8511 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8510 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8509 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8508
	RESERVED
CVE-2018-8507
	RESERVED
CVE-2018-8506 (An Information Disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-8505 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8504 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-8503 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8502 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8501 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8500 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8499
	RESERVED
CVE-2018-8498 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8497 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8496
	RESERVED
CVE-2018-8495 (A remote code execution vulnerability exists when Windows Shell improp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8494 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8493 (An information disclosure vulnerability exists when the Windows TCP/IP ...)
	NOT-FOR-US: Microsoft
CVE-2018-8492 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8491 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8490 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8489 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8488 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8487
	RESERVED
CVE-2018-8486 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8485 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8484 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8483
	RESERVED
CVE-2018-8482 (An information disclosure vulnerability exists when Windows Media Play ...)
	NOT-FOR-US: Microsoft
CVE-2018-8481 (An information disclosure vulnerability exists when Windows Media Play ...)
	NOT-FOR-US: Microsoft
CVE-2018-8480 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8479 (A spoofing vulnerability exists for the Azure IoT Device Provisioning  ...)
	NOT-FOR-US: Azure
CVE-2018-8478
	RESERVED
CVE-2018-8477 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8476 (A remote code execution vulnerability exists in the way that Windows D ...)
	NOT-FOR-US: Microsoft
CVE-2018-8475 (A remote code execution vulnerability exists when Windows does not pro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8474 (A security feature bypass vulnerability exists when Lync for Mac 2011  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8473 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8472 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8471 (An elevation of privilege vulnerability exists in the way that the Mic ...)
	NOT-FOR-US: Microsoft
CVE-2018-8470 (A security feature bypass vulnerability exists in Internet Explorer du ...)
	NOT-FOR-US: Microsoft
CVE-2018-8469 (An elevation of privilege vulnerability exists in Microsoft Edge that  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8468 (An elevation of privilege vulnerability exists when Windows, allowing  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8467 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8466 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8465 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8464 (An remote code execution vulnerability exists when Microsoft Edge PDF  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8463 (An elevation of privilege vulnerability exists in Microsoft Edge that  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8462 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8461 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8460 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8459 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8458
	RESERVED
CVE-2018-8457 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8456 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8455 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8454 (An information disclosure vulnerability exists when Windows Audio Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-8453 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8452 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8451
	RESERVED
CVE-2018-8450 (A remote code execution vulnerability exists when Windows Search handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8449 (A security feature bypass exists when Device Guard incorrectly validat ...)
	NOT-FOR-US: Microsoft
CVE-2018-8448 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8447 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8446 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8445 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8444 (An information disclosure vulnerability exists in the way that the Mic ...)
	NOT-FOR-US: Microsoft
CVE-2018-8443 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8442 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8441 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft
CVE-2018-8440 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8439 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8438 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8437 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8436 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8435 (A security feature bypass vulnerability exists when Windows Hyper-V BI ...)
	NOT-FOR-US: Microsoft
CVE-2018-8434 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-8433 (An information disclosure vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8432 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8431 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8430 (A remote code execution vulnerability exists in Microsoft Word if a us ...)
	NOT-FOR-US: Microsoft
CVE-2018-8429 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8428 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8427 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-8426 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2018-8425 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8424 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8423 (A remote code execution vulnerability exists in the Microsoft JET Data ...)
	NOT-FOR-US: Microsoft
CVE-2018-8422 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8421 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
	NOT-FOR-US: Microsoft
CVE-2018-8420 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8419 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8418
	RESERVED
CVE-2018-8417 (A security feature bypass vulnerability exists in Microsoft JScript th ...)
	NOT-FOR-US: Microsoft
CVE-2018-8416 (A tampering vulnerability exists when .NET Core improperly handles spe ...)
	NOT-FOR-US: .dotnet CoreFX
CVE-2018-8415 (A tampering vulnerability exists in PowerShell that could allow an att ...)
	NOT-FOR-US: Microsoft
CVE-2018-8414 (A remote code execution vulnerability exists when the Windows Shell do ...)
	NOT-FOR-US: Microsoft
CVE-2018-8413 (A remote code execution vulnerability exists when "Windows Theme API"  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8412 (An elevation of privilege vulnerability exists when the Microsoft Auto ...)
	NOT-FOR-US: Microsoft
CVE-2018-8411 (An elevation of privilege vulnerability exists when NTFS improperly ch ...)
	NOT-FOR-US: Microsoft
CVE-2018-8410 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8409 (A denial of service vulnerability exists when System.IO.Pipelines impr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8408 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8407 (An information disclosure vulnerability exists when "Kernel Remote Pro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8406 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8405 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8404 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8403 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8402
	RESERVED
CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8400 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8399 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8398 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8397 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2018-8396 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8395
	RESERVED
CVE-2018-8394 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8393 (A buffer overflow vulnerability exists in the Microsoft JET Database E ...)
	NOT-FOR-US: Microsoft
CVE-2018-8392 (A buffer overflow vulnerability exists in the Microsoft JET Database E ...)
	NOT-FOR-US: Microsoft
CVE-2018-8391 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8390 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8389 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8388 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8387 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8386
	RESERVED
CVE-2018-8385 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8384 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8383 (A spoofing vulnerability exists when Microsoft Edge does not properly  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8382 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8381 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8380 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8379 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8378 (An information disclosure vulnerability exists when Microsoft Office s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8377 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8376 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8375 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8374 (A tampering vulnerability exists when Microsoft Exchange Server fails  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8373 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8372 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8371 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8370 (A information disclosure vulnerability exists when WebAudio Library im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8369
	RESERVED
CVE-2018-8368
	RESERVED
CVE-2018-8367 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8366 (An information disclosure vulnerability exists when the Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-8365
	RESERVED
CVE-2018-8364
	RESERVED
CVE-2018-8363
	RESERVED
CVE-2018-8362
	RESERVED
CVE-2018-8361
	RESERVED
CVE-2018-8360 (An information disclosure vulnerability exists in Microsoft .NET Frame ...)
	NOT-FOR-US: Microsoft
CVE-2018-8359 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8358 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8357 (An elevation of privilege vulnerability exists in Microsoft browsers a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET Fra ...)
	NOT-FOR-US: Microsoft .NET, doesn't affect src:mono
CVE-2018-8355 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8354 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8353 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8352
	RESERVED
CVE-2018-8351 (An information disclosure vulnerability exists when affected Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8350 (A remote code execution vulnerability exists when Microsoft Windows PD ...)
	NOT-FOR-US: Microsoft
CVE-2018-8349 (A remote code execution vulnerability exists in "Microsoft COM for Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8348 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8347 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2018-8346 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2018-8345 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2018-8344 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-8343 (An elevation of privilege vulnerability exists in the Network Driver I ...)
	NOT-FOR-US: Microsoft
CVE-2018-8342 (An elevation of privilege vulnerability exists in the Network Driver I ...)
	NOT-FOR-US: Microsoft
CVE-2018-8341 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8340 (A security feature bypass vulnerability exists when Active Directory F ...)
	NOT-FOR-US: Microsoft
CVE-2018-8339 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2018-8338
	RESERVED
CVE-2018-8337 (A security feature bypass vulnerability exists when Windows Subsystem  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8336 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8335 (A denial of service vulnerability exists in the Microsoft Server Block ...)
	NOT-FOR-US: Microsoft
CVE-2018-8334
	RESERVED
CVE-2018-8333 (An Elevation of Privilege vulnerability exists in Filter Manager when  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8332 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-8331 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8330 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8329 (An Elevation of Privilege vulnerability exists in Windows Subsystem fo ...)
	NOT-FOR-US: Microsoft
CVE-2018-8328
	RESERVED
CVE-2018-8327 (A remote code execution vulnerability exists in PowerShell Editor Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-8326 (A cross-site-scripting (XSS) vulnerability exists when an open source  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8325 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8324 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8323 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8322
	RESERVED
CVE-2018-8321
	RESERVED
CVE-2018-8320 (A security feature bypass vulnerability exists in DNS Global Blocklist ...)
	NOT-FOR-US: Microsoft
CVE-2018-8319 (A Security Feature Bypass vulnerability exists in MSR JavaScript Crypt ...)
	NOT-FOR-US: Microsoft
CVE-2018-8318
	RESERVED
CVE-2018-8317
	RESERVED
CVE-2018-8316 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8315 (An information disclosure vulnerability exists when the browser script ...)
	NOT-FOR-US: Microsoft
CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows fails a ch ...)
	NOT-FOR-US: Microsoft
CVE-2018-8313 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8312 (A remote code execution vulnerability exists when Microsoft Access fai ...)
	NOT-FOR-US: Microsoft
CVE-2018-8311 (A remote code execution vulnerability exists when Skype for Business a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8310 (A tampering vulnerability exists when Microsoft Outlook does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2018-8309 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8308 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8307 (A security feature bypass vulnerability exists when Microsoft WordPad  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8306 (A command injection vulnerability exists in the Microsoft Wireless Dis ...)
	NOT-FOR-US: Microsoft
CVE-2018-8305 (An information disclosure vulnerability exists in Windows Mail Client  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name System ...)
	NOT-FOR-US: Microsoft
CVE-2018-8303
	RESERVED
CVE-2018-8302 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
	NOT-FOR-US: Microsoft
CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2018-8299 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8298 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8297 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8296 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8295
	RESERVED
CVE-2018-8294 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8293
	RESERVED
CVE-2018-8292 (An information disclosure vulnerability exists in .NET Core when authe ...)
	NOT-FOR-US: .dotnet CoreFX
	NOTE: https://github.com/dotnet/corefx/commit/56aae8a7076f283e334b88f642ef6bb7c59e02c3
CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8290 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8289 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8288 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8287 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8286 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8285
	RESERVED
CVE-2018-8284 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
	NOT-FOR-US: Microsoft
CVE-2018-8283 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8282 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8281 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8280 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8279 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8278 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8277
	RESERVED
CVE-2018-8276 (A security feature bypass vulnerability exists in the Microsoft Chakra ...)
	NOT-FOR-US: Microsoft
CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8273 (A buffer overflow vulnerability exists in the Microsoft SQL Server tha ...)
	NOT-FOR-US: Microsoft
CVE-2018-8272
	RESERVED
CVE-2018-8271 (An information disclosure vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8270
	RESERVED
CVE-2018-8269 (A denial of service vulnerability exists when OData Library improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8268
	RESERVED
CVE-2018-8267 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8266 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8265 (A remote code execution vulnerability exists in the way Microsoft Exch ...)
	NOT-FOR-US: Microsoft
CVE-2018-8264
	RESERVED
CVE-2018-8263
	RESERVED
CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8261
	REJECTED
CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software when the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8259
	RESERVED
CVE-2018-8258
	RESERVED
CVE-2018-8257
	RESERVED
CVE-2018-8256 (A remote code execution vulnerability exists when PowerShell improperl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8255
	RESERVED
CVE-2018-8254 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8253 (An elevation of privilege vulnerability exists when Microsoft Cortana  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8252 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8251 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2018-8250
	RESERVED
CVE-2018-8249 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8248 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8247 (An elevation of privilege vulnerability exists when Office Web Apps Se ...)
	NOT-FOR-US: Microsoft
CVE-2018-8246 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8245 (A remote code execution vulnerability exists when Microsoft Publisher  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8243 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8242 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8241
	RESERVED
CVE-2018-8240
	RESERVED
CVE-2018-8239 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8238 (A security feature bypass vulnerability exists when Skype for Business ...)
	NOT-FOR-US: Microsoft
CVE-2018-8237
	RESERVED
CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8235 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8234 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8232 (A Tampering vulnerability exists when Microsoft Macro Assembler improp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol Stack  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8230
	RESERVED
CVE-2018-8229 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8228
	RESERVED
CVE-2018-8227 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8226 (A denial of service vulnerability exists in the HTTP 2.0 protocol stac ...)
	NOT-FOR-US: Microsoft
CVE-2018-8225 (A remote code execution vulnerability exists in Windows Domain Name Sy ...)
	NOT-FOR-US: Microsoft
CVE-2018-8224 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8223
	RESERVED
CVE-2018-8222 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8220
	RESERVED
CVE-2018-8219 (An elevation of privilege vulnerability exists when Windows Hyper-V in ...)
	NOT-FOR-US: Microsoft
CVE-2018-8218 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8217 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8216 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8215 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8214 (An elevation of privilege vulnerability exists in Windows when Desktop ...)
	NOT-FOR-US: Microsoft
CVE-2018-8213 (A remote code execution vulnerability exists when Windows improperly h ...)
	NOT-FOR-US: Microsoft
CVE-2018-8212 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8211 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8210 (A remote code execution vulnerability exists when Windows improperly h ...)
	NOT-FOR-US: Microsoft
CVE-2018-8209 (An information disclosure vulnerability exists when Windows allows a n ...)
	NOT-FOR-US: Microsoft
CVE-2018-8208 (An elevation of privilege vulnerability exists in Windows when Desktop ...)
	NOT-FOR-US: Microsoft
CVE-2018-8207 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8206 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8204 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8203
	RESERVED
CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
	NOT-FOR-US: Microsoft
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8200 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8199
	RESERVED
CVE-2018-8198
	RESERVED
CVE-2018-8197
	RESERVED
CVE-2018-8196
	RESERVED
CVE-2018-8195
	RESERVED
CVE-2018-8194
	RESERVED
CVE-2018-8193
	RESERVED
CVE-2018-8192
	RESERVED
CVE-2018-8191
	RESERVED
CVE-2018-8190
	RESERVED
CVE-2018-8189
	RESERVED
CVE-2018-8188
	RESERVED
CVE-2018-8187
	RESERVED
CVE-2018-8186
	RESERVED
CVE-2018-8185
	RESERVED
CVE-2018-8184
	RESERVED
CVE-2018-8183
	RESERVED
CVE-2018-8182
	RESERVED
CVE-2018-8181
	RESERVED
CVE-2018-8180
	RESERVED
CVE-2018-8179 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8178 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8177 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8175 (An denial of service vulnerability exists when Windows NT WEBDAV Minir ...)
	NOT-FOR-US: Microsoft
CVE-2018-8174 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath whe ...)
	NOT-FOR-US: Microsoft
CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio software ...)
	NOT-FOR-US: Microsoft
CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when the num ...)
	NOT-FOR-US: Microsoft
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human Interfa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2018-8166 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8165 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8164 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8163 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8162 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8161 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8160 (An information disclosure vulnerability exists in Outlook when a messa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8159 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8158 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8157 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8156 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8155 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8154 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
	NOT-FOR-US: Microsoft
CVE-2018-8153 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8152 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8151 (An information disclosure vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8150 (A security feature bypass vulnerability exists when the Microsoft Outl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8149 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8148 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8147 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8146
	RESERVED
CVE-2018-8145 (An information disclosure vulnerability exists when Chakra improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8144
	RESERVED
CVE-2018-8143
	RESERVED
CVE-2018-8142 (A security feature bypass exists when Windows incorrectly validates ke ...)
	NOT-FOR-US: Microsoft
CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8140 (An Elevation of Privilege vulnerability exists when Cortana retrieves  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8139 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8138
	RESERVED
CVE-2018-8137 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8136 (A remote code execution vulnerability exists in the way that Windows h ...)
	NOT-FOR-US: Microsoft
CVE-2018-8135
	RESERVED
CVE-2018-8134 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8133 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8132 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8131
	RESERVED
CVE-2018-8130 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8129 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8128 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8127 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8122 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8121 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8120 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8119 (A spoofing vulnerability exists when the Azure IoT Device Provisioning ...)
	NOT-FOR-US: Microsoft
CVE-2018-8118 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft Wirele ...)
	NOT-FOR-US: Microsoft
CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host Com ...)
	NOT-FOR-US: Microsoft
CVE-2018-8114 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8113 (A security feature bypass vulnerability exists in Internet Explorer th ...)
	NOT-FOR-US: Microsoft
CVE-2018-8112 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8111 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control  ...)
	{DLA-1414-1 DLA-1331-1}
	- mercurial 4.5.2-1 (bug #892964)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
	NOTE: Backports for older branches in https://hg.mozilla.org/users/gszorc_mozilla.com/hg
	NOTE: 4.4: 4843835c835::7cf827e5f8af
	NOTE: 4.3: db527ae12671::86f9a022ccb8
CVE-2018-1000131 (Pradeep Makone wordpress Support Plus Responsive Ticket System version ...)
	NOT-FOR-US: Pradeep Makone wordpress Support Plus Responsive Ticket System
CVE-2018-1000130 (A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 i ...)
	NOT-FOR-US: Jolokia
CVE-2018-1000129 (An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the  ...)
	NOT-FOR-US: Jolokia
CVE-2018-8109
	RESERVED
CVE-2018-8108 (The select component in bui through 2018-03-13 has XSS because it perf ...)
	NOT-FOR-US: bui
CVE-2018-8107 (The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows atta ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8106 (The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8105 (The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allow ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8104 (The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows atta ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8103 (The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8102 (The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4 ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8101 (The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allo ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8099 (Incorrect returning of an error code in the index.c:read_entry() funct ...)
	[experimental] - libgit2 0.27.0+dfsg.1-0.1
	- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892962)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
CVE-2018-8098 (Integer overflow in the index.c:read_entry() function while decompress ...)
	[experimental] - libgit2 0.27.0+dfsg.1-0.1
	- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892961)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1
	NOTE: https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0
CVE-2018-8097 (io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attac ...)
	NOT-FOR-US: pyeve
CVE-2018-8096 (Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (wi ...)
	NOT-FOR-US: Datalust Seq
CVE-2018-8095
	RESERVED
CVE-2018-1000128
	REJECTED
CVE-2018-1000127 (memcached version prior to 1.4.37 contains an Integer Overflow vulnera ...)
	{DSA-4218-1 DLA-1329-1}
	- memcached 1.5.0-1 (bug #894404)
	NOTE: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
	NOTE: https://github.com/memcached/memcached/issues/271
CVE-2018-1000126 (Ajenti version 2 contains an Information Disclosure vulnerability in L ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior to commit  ...)
	NOT-FOR-US: inversoft prime-jwt
CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML Externa ...)
	- i-librarian <itp> (bug #649291)
CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25 ...)
	NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer deref ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer deref ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failur ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
CVE-2018-8094
	RESERVED
CVE-2018-8093
	RESERVED
CVE-2018-8092 (Mautic before 2.13.0 allows CSV injection. ...)
	NOT-FOR-US: Mautic
CVE-2018-8091
	RESERVED
CVE-2018-8090 (Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) -  ...)
	NOT-FOR-US: Quick Heal
CVE-2018-8089
	RESERVED
CVE-2018-8088 (org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...)
	- libslf4j-java 1.7.25-3 (bug #893684; unimportant)
	NOTE: slf4j-ext module is not built by default
	NOTE: https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
	NOTE: https://jira.qos.ch/browse/SLF4J-430
	NOTE: https://jira.qos.ch/browse/SLF4J-431
CVE-2018-8087 (Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless ...)
	{DSA-4188-1}
	- linux 4.15.11-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/0ddcff49b672239dda94d70d0fcf50317a9f4b51
CVE-2018-8086
	REJECTED
CVE-2018-8085
	RESERVED
CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer  ...)
	{DSA-4167-1}
	- sharutils 1:4.15.2-3 (bug #893525)
	[wheezy] - sharutils <not-affected> (Vulnerable code not present)
	NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit 9b8e74a23 ...)
	NOT-FOR-US: tiny-json-http
CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vul ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnera ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey  ...)
	NOT-FOR-US: Remedy Mid Tier in BMC Remedy AR System
CVE-2018-8084
	RESERVED
CVE-2018-8083
	RESERVED
CVE-2018-8082
	RESERVED
CVE-2018-8081
	RESERVED
CVE-2018-8080
	RESERVED
CVE-2018-8079
	RESERVED
CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adv ...)
	NOT-FOR-US: YzmCMS
CVE-2018-8077
	RESERVED
CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability wi ...)
	NOT-FOR-US: ZenMate
CVE-2018-8075
	RESERVED
CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintended sea ...)
	- yii <itp> (bug #597899)
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
	- yii <itp> (bug #597899)
CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W thro ...)
	NOT-FOR-US: EDIMAX
CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...)
	NOT-FOR-US: Mautic
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the /guest/index.h ...)
	NOT-FOR-US: QCMS
CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the /backend/sys ...)
	NOT-FOR-US: QCMS
CVE-2018-8068
	RESERVED
CVE-2018-8067
	RESERVED
CVE-2018-8066
	RESERVED
CVE-2018-8065 (An issue was discovered in the web server in Flexense SyncBreeze Enter ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation for the  ...)
	NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
	- jabberd2 <unfixed> (low; bug #902783)
	[buster] - jabberd2 <ignored> (Minor issue, default init system not affected)
	[stretch] - jabberd2 <ignored> (Minor issue, default init system not affected)
	NOTE: https://bugs.gentoo.org/631068
CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jab ...)
	- jabberd2 <not-affected> (Installed with correct permissions in Debian)
	NOTE: https://bugs.gentoo.org/629412
CVE-2017-18224 (In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaph ...)
	{DSA-4188-1}
	- linux 4.15.4-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/3e4c56d41eef5595035872a2ec5a483f42e8917f
CVE-2018-8064
	RESERVED
CVE-2018-8063
	RESERVED
CVE-2018-8062
	RESERVED
CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
	NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
	NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE Portus  ...)
	NOT-FOR-US: Portus
CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-8057 (A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8 ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8056 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via a ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8055
	RESERVED
CVE-2018-8054
	RESERVED
CVE-2018-8053
	RESERVED
CVE-2018-8052
	RESERVED
CVE-2018-8051
	RESERVED
CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFL ...)
	- afflib 3.7.16-3 (unimportant; bug #892599)
	NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
	NOTE: Negligible security impact
CVE-2018-8049 (The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.199 ...)
	NOT-FOR-US: Unisys Stealth SVG
CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attribu ...)
	{DSA-4171-1}
	- ruby-loofah 2.2.1-1 (bug #893596)
	NOTE: https://github.com/flavorjones/loofah/issues/144
	NOTE: https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
	NOTE: https://github.com/flavorjones/loofah/commit/56e95a6696b1e17a242eb8ebbbab64d613c4f1fe
CVE-2018-8047 (vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XS ...)
	NOT-FOR-US: vtiger CRM
CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6 ...)
	NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...)
	NOT-FOR-US: Joomla!
CVE-2018-8044
	RESERVED
CVE-2017-18223 (BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is  ...)
	NOT-FOR-US: BMC Remedy AR System
CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...)
	- linux <unfixed> (unimportant)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
	NOTE: Negligible security impact, only enabled on armhf
CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential ...)
	NOT-FOR-US: Apache Ambari
CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2 ...)
	NOT-FOR-US: Apache Camel Mail component
CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the co ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/2
	NOTE: https://github.com/apache/trafficserver/pull/3926
	NOTE: https://github.com/apache/trafficserver/commit/cea07c03274807c1588dbdf03baa1537d958c92f
CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl impl ...)
	NOT-FOR-US: Apache CXF
CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Docum ...)
	NOT-FOR-US: Apache CXF
CVE-2018-8037 (If an async request was completed by the application at the same time  ...)
	{DSA-4281-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.32-1
	[jessie] - tomcat8 <not-affected> (vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
	- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
	NOTE: https://svn.apache.org/r1833906 (9.0.x)
	NOTE: https://svn.apache.org/r1833907 (8.5.x)
CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...)
	- libpdfbox-java 1:1.8.15-1 (low; bug #902776)
	- libpdfbox2-java 2.0.11-1 (low)
	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
	NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA)
	NOTE: https://uima.apache.org/security_report#CVE-2018-8035
CVE-2018-8034 (The host name verification when using TLS with the WebSocket client wa ...)
	{DSA-4281-1 DLA-1491-1 DLA-1453-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.32-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1833757 (9.0.x)
	NOTE: https://svn.apache.org/r1833758 (8.5.x)
	NOTE: https://svn.apache.org/r1833759 (8.0.x)
	NOTE: https://svn.apache.org/r1833760 (7.0.x)
CVE-2018-8033 (In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apach ...)
	NOT-FOR-US: Apache OFBiz
CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site  ...)
	- axis 1.4-28 (bug #905328)
	[stretch] - axis <no-dsa> (Minor issue)
	[jessie] - axis <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/AXIS-2924
	NOTE: https://svn.apache.org/r1831943
CVE-2018-8031 (The Apache TomEE console (tomee-webapp) has a XSS vulnerability which  ...)
	NOT-FOR-US: Apache TomEE
CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...)
	- qpid-java <itp> (bug #840131)
CVE-2018-8029 (In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-8028 (An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS with ...)
	NOT-FOR-US: Apache Sentry
CVE-2018-8027 (Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in  ...)
	NOT-FOR-US: Apache Camel
CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 re ...)
	- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
	NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
	NOTE: those versions do not allow to upload configsets via the API.
	NOTE: https://issues.apache.org/jira/browse/SOLR-12450
CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the opti ...)
	NOT-FOR-US: Apache HBase
CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possib ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-8023 (Apache Mesos can be configured to require authentication to call the E ...)
	- apache-mesos <itp> (bug #760315)
CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ...)
	- trafficserver 7.0.0-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/1
	NOTE: Only affects 6.x, marking 7.0 as the fixed version
	NOTE: https://github.com/apache/trafficserver/pull/2147
CVE-2018-8021 (Versions of Superset prior to 0.23 used an unsafe load method from the ...)
	NOT-FOR-US: Apache Superset
CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw t ...)
	{DLA-1475-1}
	- tomcat-native 1.2.17-1
	[stretch] - tomcat-native 1.2.12-2+deb9u2
	NOTE: https://svn.apache.org/r1832863
CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and  ...)
	{DLA-1475-1}
	- tomcat-native 1.2.17-1
	[stretch] - tomcat-native 1.2.12-2+deb9u2
	NOTE: https://svn.apache.org/r1832832
CVE-2018-8018 (In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serializatio ...)
	NOT-FOR-US: Apache Ignite
CVE-2018-8017 (In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an in ...)
	- tika 1.20-1 (bug #914643)
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/6
CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1 binds ...)
	- cassandra <itp> (bug #585905)
CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endle ...)
	NOT-FOR-US: Apache ORC
CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomcat 9. ...)
	{DSA-4596-1 DLA-1883-1 DLA-1400-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.32-1 (bug #898935)
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	[wheezy] - tomcat7 <not-affected> (vulnerable code not present)
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1831728 (8.5.x)
	NOTE: https://svn.apache.org/r1831729 (8.0.x)
	NOTE: https://svn.apache.org/r1831730 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
	NOTE: It is expected that users of the CORS filter will have configured it appropriately
	NOTE: for their einvironment rather than using it in the default configuration
CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of `Abstr ...)
	{DSA-4215-1 DLA-1385-1}
	- batik 1.10-1 (bug #899374)
	NOTE: https://issues.apache.org/jira/browse/BATIK-1222
	NOTE: https://svn.apache.org/r1831241
	NOTE: https://marc.info/?l=oss-security&m=152707788503264&w=2
CVE-2018-8012 (No authentication/authorization is enforced when a server attempts to  ...)
	{DSA-4214-1}
	- zookeeper 3.4.10-2 (bug #899332)
	[wheezy] - zookeeper <ignored> (changes are too intrusive to backport)
	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
	NOTE: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
	NOTE: https://issues.apache.org/jira/secure/attachment/12840904/ZOOKEEPER-1045-br-3-4.patch
CVE-2018-8011 (By specially crafting HTTP requests, the mod_md challenge handler woul ...)
	- apache2 2.4.34-1 (bug #904107)
	[stretch] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
	[jessie] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/2
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relat ...)
	- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
	NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
	NOTE: those versions do not allow to upload configsets via the API.
	NOTE: https://issues.apache.org/jira/browse/SOLR-12316
CVE-2018-8009 (Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2. ...)
	- hadoop <itp> (bug #793644)
CVE-2018-8008 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
	NOT-FOR-US: Apache Storm
CVE-2018-8007 (Apache CouchDB administrative users can configure the database server  ...)
	- couchdb <removed>
	NOTE: https://blog.couchdb.org/2018/07/10/cve-2018-8007/
CVE-2018-8006 (An instance of a cross-site scripting vulnerability was identified to  ...)
	- activemq 5.15.6-1 (unimportant)
	NOTE: https://issues.apache.org/jira/browse/AMQ-6954
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d25de5d
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d8c80a9
	NOTE: Admin console not enabled in the Debian package, see #702670)
	NOTE: Fixed in 5.15.6, 5.16.0
CVE-2018-8005 (When there are multiple ranges in a range request, Apache Traffic Serv ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/4
	NOTE: https://github.com/apache/trafficserver/pull/3106
	NOTE: https://github.com/apache/trafficserver/pull/3124
	NOTE: https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when clie ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/5
	NOTE: https://github.com/apache/trafficserver/pull/3192
	NOTE: https://github.com/apache/trafficserver/pull/3201
	NOTE: https://github.com/apache/trafficserver/pull/3231
	NOTE: https://github.com/apache/trafficserver/pull/3251
	NOTE: https://github.com/apache/trafficserver/commit/05d734c773900dd589480ff07572c0d7db7c3d44
	NOTE: https://github.com/apache/trafficserver/commit/9659d12a21cf1870c2790fdd5acab712ed87f16e
	NOTE: https://github.com/apache/trafficserver/commit/2616e580de7d66b9098c464d503a049c7814e35a
	NOTE: https://github.com/apache/trafficserver/commit/3d2fdab8b0606bc8b35006f7aeb73729d364b333
CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory  ...)
	NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...)
	- libpodofo <unfixed> (low; bug #892557)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerabil ...)
	- libpodofo 0.9.6+dfsg-3 (low; bug #892556)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
	NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerabili ...)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/13/
	NOTE: Upstream tracked this down as a of CVE-2017-5886
CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulner ...)
	- graphite2 1.3.11-2 (bug #892590)
	[stretch] - graphite2 <no-dsa> (Minor issue)
	[jessie] - graphite2 <no-dsa> (Minor issue)
	[wheezy] - graphite2 <no-dsa> (Minor issue)
	NOTE: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
	NOTE: https://github.com/silnrsi/graphite/issues/22
CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference vulnerabi ...)
	{DLA-1306-1}
	- vips 8.4.5-2 (low; bug #892589)
	[stretch] - vips 8.4.5-1+deb9u1
	[jessie] - vips <no-dsa> (Minor issue)
	NOTE: https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
	NOTE: https://github.com/jcupitt/libvips/issues/893
CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file  ...)
	NOT-FOR-US: Eramba
CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programSc ...)
	NOT-FOR-US: Eramba
CVE-2018-7994 (Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50;  ...)
	NOT-FOR-US: Huawei
CVE-2018-7993 (HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.3 ...)
	NOT-FOR-US: Huawei
CVE-2018-7992 (Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 ...)
	NOT-FOR-US: Huawei
CVE-2018-7991 (Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0 ...)
	NOT-FOR-US: Huawei
CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) ...)
	NOT-FOR-US: Huawei
CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1. ...)
	NOT-FOR-US: Huawei
CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
	NOT-FOR-US: Huawei
CVE-2018-7987 (There is an out-of-bounds write vulnerability on Huawei P20 smartphone ...)
	NOT-FOR-US: Huawei
CVE-2018-7986
	REJECTED
CVE-2018-7985
	REJECTED
CVE-2018-7984
	REJECTED
CVE-2018-7983
	REJECTED
CVE-2018-7982
	REJECTED
CVE-2018-7981
	REJECTED
CVE-2018-7980
	REJECTED
CVE-2018-7979
	REJECTED
CVE-2018-7978
	REJECTED
CVE-2018-7977 (There is an information leakage vulnerability on several Huawei produc ...)
	NOT-FOR-US: Huawei
CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in Huawei e ...)
	NOT-FOR-US: Huawei
CVE-2018-7975
	REJECTED
CVE-2018-7974
	REJECTED
CVE-2018-7973
	REJECTED
CVE-2018-7972
	REJECTED
CVE-2018-7971
	REJECTED
CVE-2018-7970
	REJECTED
CVE-2018-7969
	REJECTED
CVE-2018-7968
	REJECTED
CVE-2018-7967
	REJECTED
CVE-2018-7966
	REJECTED
CVE-2018-7965
	REJECTED
CVE-2018-7964
	REJECTED
CVE-2018-7963
	REJECTED
CVE-2018-7962
	RESERVED
CVE-2018-7961 (There is a smart SMS verification code vulnerability in some Huawei sm ...)
	NOT-FOR-US: Huawei
CVE-2018-7960 (There is a SRTP icon display vulnerability in Huawei eSpace product. A ...)
	NOT-FOR-US: Huawei
CVE-2018-7959 (There is a short key vulnerability in Huawei eSpace product. An unauth ...)
	NOT-FOR-US: Huawei
CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability in Hua ...)
	NOT-FOR-US: Huawei
CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
	NOT-FOR-US: Huawei
CVE-2018-7956 (Huawei VIP App is a mobile app for Malaysia customers that purchased P ...)
	NOT-FOR-US: Huawei
CVE-2018-7955
	REJECTED
CVE-2018-7954
	RESERVED
CVE-2018-7953
	RESERVED
CVE-2018-7952
	RESERVED
CVE-2018-7951 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7950 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7949 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7948
	REJECTED
CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.15 ...)
	NOT-FOR-US: Huawei
CVE-2018-7946 (There is an information leak vulnerability in some Huawei smartphones. ...)
	NOT-FOR-US: Huawei
CVE-2018-7945
	REJECTED
CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8. ...)
	NOT-FOR-US: Huawei
CVE-2018-7943 (There is an authentication bypass vulnerability in some Huawei servers ...)
	NOT-FOR-US: Huawei
CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...)
	NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
	NOT-FOR-US: Huawei
CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the vers ...)
	NOT-FOR-US: Huawei
CVE-2018-7938 (P10 Huawei smartphones with the versions before Victoria-AL00AC00B217  ...)
	NOT-FOR-US: Huawei
CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7936 (Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0 ...)
	NOT-FOR-US: Huawei
CVE-2018-7935
	RESERVED
CVE-2018-7934 (Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C4 ...)
	NOT-FOR-US: Huawei
CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the version ...)
	NOT-FOR-US: Huawei
CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascrip ...)
	NOT-FOR-US: Huawei
CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism  ...)
	NOT-FOR-US: Huawei
CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei mobile phon ...)
	NOT-FOR-US: Mate 9 Huawei mobile phones
CVE-2018-7929 (Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.16 ...)
	NOT-FOR-US: Huawei
CVE-2018-7928 (There is a security vulnerability which could lead to Factory Reset Pr ...)
	NOT-FOR-US: Huawei
CVE-2018-7927
	REJECTED
CVE-2018-7926 (Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have  ...)
	NOT-FOR-US: Huawei
CVE-2018-7925 (The radio module of some Huawei smartphones Emily-AL00A The versions b ...)
	NOT-FOR-US: Huawei
CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have ...)
	NOT-FOR-US: Huawei
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have an info ...)
	NOT-FOR-US: Huawei
CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R0 ...)
	NOT-FOR-US: Huawei
CVE-2018-7919
	RESERVED
CVE-2018-7918
	RESERVED
CVE-2018-7917
	RESERVED
CVE-2018-7916
	REJECTED
CVE-2018-7915
	REJECTED
CVE-2018-7914
	REJECTED
CVE-2018-7913
	REJECTED
CVE-2018-7912
	REJECTED
CVE-2018-7911 (Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00),  ...)
	NOT-FOR-US: Huawei
CVE-2018-7910 (Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118 ...)
	NOT-FOR-US: Huawei
CVE-2018-7909
	REJECTED
CVE-2018-7908
	REJECTED
CVE-2018-7907 (Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), ...)
	NOT-FOR-US: Huawei
CVE-2018-7905
	REJECTED
CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON i ...)
	NOT-FOR-US: Huawei
CVE-2018-7903 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON i ...)
	NOT-FOR-US: Huawei
CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON i ...)
	NOT-FOR-US: Huawei
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ear ...)
	NOT-FOR-US: Huawei
CVE-2018-7900 (There is an information leak vulnerability in some Huawei HG products. ...)
	NOT-FOR-US: Huawei
CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones w ...)
	NOT-FOR-US: Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones
CVE-2018-7898
	RESERVED
CVE-2018-7897
	RESERVED
CVE-2018-7896
	RESERVED
CVE-2018-7895
	RESERVED
CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyR ...)
	NOT-FOR-US: Eramba
CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-7892
	RESERVED
CVE-2018-7891 (The Milestone XProtect Video Management Software (Corporate, Expert, P ...)
	NOT-FOR-US: Milestone XProtect Video Management Software
CVE-2018-7995 (** DISPUTED ** Race condition in the store_int_with_restart() function ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://lkml.org/lkml/2018/3/2/970
CVE-2018-7890 (A remote code execution issue was discovered in Zoho ManageEngine Appl ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on i ...)
	- calibre 3.19.0+dfsg-1 (bug #892242)
	[stretch] - calibre <no-dsa> (Minor issue)
	[jessie] - calibre <no-dsa> (Minor issue)
	[wheezy] - calibre <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
	NOTE: deserialization fix https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
	NOTE: insufficient as import also loads configuration files, which are python executables,
	NOTE: see https://lists.debian.org/87muy0usv1.fsf@curie.anarc.at
	NOTE: The CVE assignment is specific to the issue fixed by upstream commit
	NOTE: aeb5b036a0bf657951756688b3c72bd68b6e4a7d.
CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0  ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
	NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
	NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 i ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
	NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-7888
	RESERVED
CVE-2018-7887
	RESERVED
CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated local at ...)
	NOT-FOR-US: CloudMe
CVE-2018-7885
	RESERVED
CVE-2018-7884 (An issue was discovered in DisplayLink Core Software Cleaner Applicati ...)
	NOT-FOR-US: DisplayLink Core Software Cleaner Application
CVE-2018-7883
	RESERVED
CVE-2018-7882
	RESERVED
CVE-2018-7881
	RESERVED
CVE-2018-7880
	RESERVED
CVE-2018-7879
	RESERVED
CVE-2018-7878
	RESERVED
CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of uti ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/110
CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the f ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/109
CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ut ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/112
CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in u ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/115
CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of uti ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/111
CVE-2018-7872 (An invalid memory address dereference was discovered in the function g ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/114
CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of util ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/120
CVE-2018-7870 (An invalid memory address dereference was discovered in getString in u ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/117
CVE-2018-7869 (There is a memory leak triggered in the function dcinit of util/decomp ...)
	- ming <removed>
	[wheezy] - ming <ignored> (Minor issue present everywhere in the source code, hard to fix)
	NOTE: https://github.com/libming/libming/issues/119
CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of util ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/113
CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of uti ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/116
CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in util/decompile ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/118
CVE-2018-7865
	REJECTED
CVE-2018-7864
	REJECTED
CVE-2018-7863
	REJECTED
CVE-2018-7862
	REJECTED
CVE-2018-7861
	REJECTED
CVE-2018-7860
	RESERVED
CVE-2018-7859 (A security vulnerability in D-Link DGS-1510-series switches with firmw ...)
	NOT-FOR-US: D-Link
CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Em ...)
	- qemu 1:2.12~rc3+dfsg-1 (bug #892497)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
CVE-2018-7857 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7856 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7855 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7854 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7853 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7852 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7851 (CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmw ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7850 (A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnera ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7849 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7848 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7847 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7846 (A CWE-501: Trust Boundary Violation vulnerability on connection to the ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7845 (A CWE-125: Out-of-bounds Read vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7844 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7843 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7842 (A CWE-290: Authentication Bypass by Spoofing vulnerability exists in a ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7841 (A SQL Injection (CWE-89) vulnerability exists in U.motion Builder soft ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7840 (A Uncontrolled Search Path Element (CWE-427) vulnerability exists in V ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7838 (A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BME ...)
	NOT-FOR-US: Modicon
CVE-2018-7837 (An Improper Restriction of XML External Entity Reference ('XXE') vulne ...)
	NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7836 (An unrestricted Upload of File with Dangerous Type vulnerability exist ...)
	NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7835 (An Improper Limitation of a Pathname to a Restricted Directory ('Path  ...)
	NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7834 (A CWE-79 Cross-Site Scripting vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7832 (An Improper Input Validation vulnerability exists in Pro-Face GP-Pro E ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web Page ( ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Respo ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7829 (An Improper Neutralization of Special Elements in Query vulnerability  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7828 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Ge ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7827 (A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelc ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7826 (A Command Injection vulnerability exists in the web-based GUI of the 1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7825 (A Command Injection vulnerability exists in the web-based GUI of the 1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7824 (An Externally Controlled Reference to a Resource (CWE-610) vulnerabili ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7823 (A Environment (CWE-2) vulnerability exists in SoMachine Basic, all ver ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7822 (An Incorrect Default Permissions (CWE-276) vulnerability exists in SoM ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic, all ve ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7820 (A Credentials Management CWE-255 vulnerability exists in the APC UPS N ...)
	NOT-FOR-US: APC
CVE-2018-7819
	RESERVED
CVE-2018-7818
	RESERVED
CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 a ...)
	NOT-FOR-US: Zolio
CVE-2018-7816 (A Permissions, Privileges, and Access Control vulnerability exists in  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7814 (A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Euroth ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7813 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability exists in th ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7811 (An Unverified Password Change vulnerability exists in the embedded web ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7809 (An Unverified Password Change vulnerability exists in the embedded web ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7808
	RESERVED
CVE-2018-7807 (Data Center Expert, versions 7.5.0 and earlier, allows for the upload  ...)
	NOT-FOR-US: Data Center Expert
CVE-2018-7806 (Data Center Operation allows for the upload of a zip file from its use ...)
	NOT-FOR-US: Data Center Operation
CVE-2018-7805
	RESERVED
CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the embedd ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7803 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7802 (A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 a ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7801 (A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7800 (A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2. ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Software Up ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) vulnerabili ...)
	NOT-FOR-US: Schneider
CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring Expert, Ene ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7796 (A Buffer Error vulnerability exists in PowerSuite 2, all released vers ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider Electric' ...)
	NOT-FOR-US: Schneider
CVE-2018-7794 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Modicon
CVE-2018-7793 (A Credential Management vulnerability exists in FoxView HMI SCADA (All ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7792 (A Permissions, Privileges, and Access Control vulnerability exists in  ...)
	NOT-FOR-US: Schneider
CVE-2018-7791 (A Permissions, Privileges, and Access Control vulnerability exists in  ...)
	NOT-FOR-US: Schneider
CVE-2018-7790 (An Information Management Error vulnerability exists in Schneider Elec ...)
	NOT-FOR-US: Schneider
CVE-2018-7789 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
	NOT-FOR-US: Schneider
CVE-2018-7788 (A CWE-255 Credentials Management vulnerability exists in Modicon Quant ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7787 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7786 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7785 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7784 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7783 (Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an X ...)
	NOT-FOR-US: Schneider
CVE-2018-7782 (In Schneider Electric Pelco Sarix Professional 1st generation cameras  ...)
	NOT-FOR-US: Schneider
CVE-2018-7781 (In Schneider Electric Pelco Sarix Professional 1st generation cameras  ...)
	NOT-FOR-US: Schneider
CVE-2018-7780 (In Schneider Electric Pelco Sarix Professional 1st generation cameras  ...)
	NOT-FOR-US: Schneider
CVE-2018-7779 (In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1  ...)
	NOT-FOR-US: Schneider
CVE-2018-7778 (In Schneider Electric Evlink Charging Station versions prior to v3.2.0 ...)
	NOT-FOR-US: Schneider
CVE-2018-7777 (The vulnerability is due to insufficient handling of update_file reque ...)
	NOT-FOR-US: Schneider
CVE-2018-7776 (The vulnerability exists within error.php in Schneider Electric U.moti ...)
	NOT-FOR-US: Schneider
CVE-2018-7775
	REJECTED
CVE-2018-7774 (The vulnerability exists within processing of localize.php in Schneide ...)
	NOT-FOR-US: Schneider
CVE-2018-7773 (The vulnerability exists within processing of nfcserver.php in Schneid ...)
	NOT-FOR-US: Schneider
CVE-2018-7772 (The vulnerability exists within processing of applets which are expose ...)
	NOT-FOR-US: Schneider
CVE-2018-7771 (The vulnerability exists within processing of editscript.php in Schnei ...)
	NOT-FOR-US: Schneider
CVE-2018-7770 (The vulnerability exists within processing of sendmail.php in Schneide ...)
	NOT-FOR-US: Schneider
CVE-2018-7769 (The vulnerability exists within processing of xmlserver.php in Schneid ...)
	NOT-FOR-US: Schneider
CVE-2018-7768 (The vulnerability exists within processing of loadtemplate.php in Schn ...)
	NOT-FOR-US: Schneider
CVE-2018-7767 (The vulnerability exists within processing of editobject.php in Schnei ...)
	NOT-FOR-US: Schneider
CVE-2018-7766 (The vulnerability exists within processing of track_getdata.php in Sch ...)
	NOT-FOR-US: Schneider
CVE-2018-7765 (The vulnerability exists within processing of track_import_export.php  ...)
	NOT-FOR-US: Schneider
CVE-2018-7764 (The vulnerability exists within runscript.php applet in Schneider Elec ...)
	NOT-FOR-US: Schneider
CVE-2018-7763 (The vulnerability exists within css.inc.php in Schneider Electric U.mo ...)
	NOT-FOR-US: Schneider
CVE-2018-7762 (A vulnerability exists in the web services to process SOAP requests in ...)
	NOT-FOR-US: Schneider
CVE-2018-7761 (A vulnerability exists in the HTTP request parser in Schneider Electri ...)
	NOT-FOR-US: Schneider
CVE-2018-7760 (An authorization bypass vulnerability exists in Schneider Electric's M ...)
	NOT-FOR-US: Schneider
CVE-2018-7759 (A buffer overflow vulnerability exists in Schneider Electric's Modicon ...)
	NOT-FOR-US: Schneider
CVE-2018-7758 (A denial of service vulnerability exists in Schneider Electric's MiCOM ...)
	NOT-FOR-US: Schneider
CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in drivers/scsi/lib ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 (4.16-rc1)
CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) doe ...)
	{DSA-4188-1}
	- linux 4.15.17-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices d ...)
	NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in drivers/blo ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.10-1
	- linux-4.9 <removed>
	NOTE: https://lkml.org/lkml/2018/5/29/495
CVE-2018-7754 (The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (debugfs restricted to root by default)
	[jessie] - linux <ignored> (debugfs restricted to root by default)
	NOTE: https://git.kernel.org/linus/ad67b74d2469d9b82aaa572d76474c95bc484d57
CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4. ...)
	- ffmpeg 7:3.4.3-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...)
	{DLA-1556-1}
	- paramiko 2.4.2-0.1 (bug #892859)
	[stretch] - paramiko <no-dsa> (Minor issue)
	[wheezy] - paramiko <no-dsa> (Minor issue)
	NOTE: https://github.com/paramiko/paramiko/issues/1175
	NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
CVE-2018-7749 (The SSH server implementation of AsyncSSH before 1.12.1 does not prope ...)
	- python-asyncssh 1.12.1-1 (bug #892787)
	NOTE: https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
CVE-2018-7748 (report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier all ...)
	NOT-FOR-US: ServiceNow
CVE-2018-7747 (Multiple cross-site scripting (XSS) vulnerabilities in the Caldera For ...)
	NOT-FOR-US: Caldera Forms plugin for WordPress
CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentic ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentic ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7744
	RESERVED
CVE-2018-7743
	RESERVED
CVE-2018-7742
	RESERVED
CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created ...)
	NOT-FOR-US: Eramba
CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a C ...)
	- electron <itp> (bug #842420)
CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...)
	{DSA-4154-1 DLA-1317-1}
	- net-snmp 5.7.3+dfsg-1.1 (bug #894110)
	NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621)
	NOTE: adresses CVE-2018-1000116 as well.
CVE-2018-7753 (An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that  ...)
	- python-bleach 2.1.3-1 (bug #892252)
	[stretch] - python-bleach <not-affected> (Vulnerable code introduced later)
	[jessie] - python-bleach <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mozilla/bleach/pull/356
	NOTE: https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ...)
	- python3.7 <not-affected> (Windows-specific)
	- python3.6 <not-affected> (Windows-specific)
	- python3.5 <not-affected> (Windows-specific)
	- python3.4 <not-affected> (Windows-specific)
	NOTE: http://hg.python.org/lookup/6921e73e33edc3c61bc2d78ed558eaa22a89a564
	NOTE: https://bugs.python.org/issue33001
CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel thro ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199037
CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass authenti ...)
	NOT-FOR-US: antsle antman
CVE-2018-7737 (** DISPUTED ** In Z-BlogPHP 1.5.1.1740, there is Web Site physical pat ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-7736 (** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLO ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux kernel befor ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.48-1
	[wheezy] - linux <not-affected> (Vulnerable code introduce later)
CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection  ...)
	NOT-FOR-US: Afian FileRun
CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection  ...)
	NOT-FOR-US: Afian FileRun
CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php has CS ...)
	NOT-FOR-US: YxtCMF
CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiCo ...)
	NOT-FOR-US: YxtCMF
CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. XMPFiles/source/Forma ...)
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <not-affected> (Vulnerable code introduced later)
	[wheezy] - exempi <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a 0 ...)
	{DLA-1310-1}
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105204
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-base ...)
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileH ...)
	{DLA-1310-1}
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105205
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak tri ...)
	- zziplib <unfixed> (unimportant)
	NOTE: https://github.com/gdraheim/zziplib/issues/40
	NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 (v0.13.69)
	NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary packages.
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error cause ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (low; bug #913165)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/27
	NOTE: https://github.com/gdraheim/zziplib/issues/41
	NOTE: https://github.com/gdraheim/zziplib/commit/8f48323c181e20b7e527b8be7229d6eb1148ec5f (v0.13.69)
	NOTE: https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be (v0.13.69)
	NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b (v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address  ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (low; bug #913165)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/39
	NOTE: https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 (v0.13.69)
CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the name param ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/872
	NOTE: https://github.com/Piwigo/Piwigo/commit/55a9754b111309d7a85c6dd86efe47954e984072
CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the virtual_na ...)
	- piwigo <removed>
CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name param ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/871
	NOTE: https://github.com/Piwigo/Piwigo/commit/0ec289769ee1fc314dbc7d90fdc480389e786942
CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index ...)
	NOT-FOR-US: MetInfo
CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western Br ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...)
	NOT-FOR-US: Acrolinx Server
CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps  ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #892526)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	[wheezy] - gpac <not-affected> (vulnerable code not present)
	NOTE: https://github.com/gpac/gpac/issues/997
	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
	NOTE: CVE is for the issue in av_parsers.c and fixed in same commit as
	NOTE: CVE-2018-1000100
CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulne ...)
	- gpac <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/gpac/gpac/issues/994
	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows local use ...)
	{DSA-4134-1}
	- bash-completion <unfixed> (unimportant)
	- util-linux 2.31.1-0.5 (bug #892179)
	[jessie] - util-linux <not-affected> (umount completion added later)
	[wheezy] - util-linux <not-affected> (umount completion added later)
	NOTE: Fix in bash-completion's from util-linux:
	NOTE: https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55#diff-a47601b5dbce9dc06c3af1deb02758c7
	NOTE: src:util-linux/2.28-1 takes over the umount completion from
	NOTE: src:bash-completion (which in turn starting from 1:2.1-4.3
	NOTE: does not provide the umount completion in the binary packaage)
CVE-2018-7718 (An issue was discovered in Telexy QPath 5.4.462. A low privileged auth ...)
	NOT-FOR-US: Telexy QPath
CVE-2018-7717 (The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik ...)
	NOT-FOR-US: Kubik-Rubik Simple Image Gallery Extended (SIGE) extension for Joomla!
CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7714 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
	NOTE: Non-issue, needs to be handled within applications using opencv
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7713 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
	NOTE: Non-issue, needs to be handled within applications using opencv
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7712 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
	NOTE: Non-issue, needs to be handled within applications using opencv
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7710
	RESERVED
CVE-2018-7709
	RESERVED
CVE-2018-7708
	RESERVED
CVE-2018-7707 (Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail befor ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7706 (Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.5 ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7705 (Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.5 ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7704 (SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users  ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7703 (Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail befor ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof t ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnv ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in Grap ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.26-8
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
	NOTE: Issue is related to CVE-2017-11403 but not the same issue.
CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failur ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
CVE-2018-7700 (DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, becau ...)
	NOT-FOR-US: DedeCMS
CVE-2018-7699
	RESERVED
CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933 ...)
	NOT-FOR-US: D-Link
CVE-2018-7697
	RESERVED
CVE-2018-7696
	RESERVED
CVE-2018-7695
	RESERVED
CVE-2018-7694
	RESERVED
CVE-2018-7693
	RESERVED
CVE-2018-7692 (Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2018-7691 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
	NOT-FOR-US: Micro Focus
CVE-2018-7690 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
	NOT-FOR-US: Micro Focus
CVE-2018-7689 (Lack of permission checks in the InitializeDevelPackage function in op ...)
	- open-build-service 2.9.4-1 (low; bug #903797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094819
	NOTE: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-7688 (A missing permission check in the review handling of openSUSE Open Bui ...)
	- open-build-service 2.9.4-1 (low; bug #903796)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094820
	NOTE: https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnera ...)
	NOT-FOR-US: Micro Focus Client for OES
CVE-2018-7686 (Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2018-7685 (The decoupled download and installation steps in libzypp before 17.5.0 ...)
	- libzypp 17.6.1-1
	[jessie] - libzypp <ignored> (Minor issue, very low popcon)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1091624
	NOTE: https://github.com/openSUSE/libzypp/commit/5186110992f29c5e3b1b5bfe9e1ca899a155399c
CVE-2018-7684
	RESERVED
CVE-2018-7683 (Micro Focus Solutions Business Manager versions prior to 11.4 might re ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7682 (Micro Focus Solutions Business Manager versions prior to 11.4 allows a ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7681 (Micro Focus Solutions Business Manager versions prior to 11.4 allows J ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7680 (Micro Focus Solutions Business Manager versions prior to 11.4 can refl ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7679 (Micro Focus Solutions Business Manager versions prior to 11.4 when ASP ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration Conso ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Serv ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp with log ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sen ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 4.7, is  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel b ...)
	{DSA-4188-1}
	- linux 4.13.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2
CVE-2017-18217 (An issue was discovered in InvoicePlane before 1.5.5. It was observed  ...)
	NOT-FOR-US: InvoicePlane
CVE-2017-18216 (In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, loc ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: Fixed by: https://git.kernel.org/linus/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2
CVE-2017-18215 (xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when d ...)
	- xv <removed>
CVE-2018-7672
	RESERVED
CVE-2018-7671
	RESERVED
CVE-2018-7670
	RESERVED
CVE-2018-7669 (An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfi ...)
	NOT-FOR-US: Sitecore
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary atta ...)
	NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
	{DLA-1311-1}
	- adminer 4.5.0-1 (bug #893668)
	[stretch] - adminer 4.2.5-3+deb9u1
	[jessie] - adminer 3.3.3-1+deb8u1
	NOTE: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
	NOTE: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
	NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus not "enumerating"
	NOTE: services on (another) host for ports < 1024.
	NOTE: Additionally 4.4.0 rate-limits password-less login attempts from the same
	NOTE: IP address:
	NOTE: https://github.com/vrana/adminer/commit/0e5df34ea87ad34c1bc0ceac162eb86175d611a3
CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL i ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. A mal ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7664 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any O ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7663 (An issue was discovered in resources/views/layouts/app.blade.php in Vo ...)
	NOT-FOR-US: Voten.co
CVE-2018-7662 (Couch through 2.0 allows remote attackers to discover the full path vi ...)
	NOT-FOR-US: CouchCMS
CVE-2018-7661 (Papenmeier WiFi Baby Monitor Free &amp; Lite before 2.02.2 allows remo ...)
	NOT-FOR-US: Papenmeier WiFi Baby Monitor Free & Lite
CVE-2018-7660 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cros ...)
	NOT-FOR-US: OpenText Documentum D2 Webtop
CVE-2018-7659 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-S ...)
	NOT-FOR-US: OpenText Documentum D2 Webtop
CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 h ...)
	{DLA-1314-1}
	- simplesamlphp 1.15.4-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important
	NOTE: https://simplesamlphp.org/security/201803-01
	NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 al ...)
	NOT-FOR-US: Softros Network Time System
CVE-2018-7657
	RESERVED
CVE-2018-7656
	RESERVED
CVE-2018-7655
	RESERVED
CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/ ...)
	NOT-FOR-US: 3CX 15.5.6354.2 devices
CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.1 ...)
	NOT-FOR-US: Zonemaster Web GUI
	NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regular expr ...)
	- node-moment 2.19.3+ds-1 (unimportant)
	NOTE: fixed in 2.19.3 upstream
	NOTE: https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb
	NOTE: https://github.com/moment/moment/pull/4326
	NOTE: https://github.com/moment/moment/issues/4163
	NOTE: https://nodesecurity.io/advisories/532
	NOTE: nodejs not covered by security support
CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...)
	- node-ssri 5.2.4-1 (unimportant; bug #891980)
	NOTE: fixed in 5.2.2
	NOTE: https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
	NOTE: https://github.com/zkat/ssri/issues/10
	NOTE: https://nodesecurity.io/advisories/565
	NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier conta ...)
	{DSA-4247-1}
	- ruby-rack-protection 1.5.3-2.1 (bug #892250)
	[jessie] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
	[wheezy] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
	NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
	NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
	NOTE: https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Network Me ...)
	{DSA-4218-1}
	- memcached 1.5.6-1
	[wheezy] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
	NOTE: Upstream 1.5.6 disables by default the UDP protocol
	NOTE: https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
	NOTE: Documentation in memcached's config files clearly mentions the
	NOTE: issues: "Specify which IP address to listen on. The default
	NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
	NOTE: it's listening on a firewalled interface."
CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Appli ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application
CVE-2018-7649 (Monitorix before 3.10.1 allows XSS via CGI variables. ...)
	NOT-FOR-US: Monitorix
CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Th ...)
	- openjpeg2 2.3.1-1 (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d
	NOTE: https://github.com/uclouvain/openjpeg/issues/1088
	NOTE: The Debian package is built with -DBUILD_MJ2:BOOL=OFF
CVE-2018-7647
	RESERVED
CVE-2018-7646
	RESERVED
CVE-2018-7645
	RESERVED
CVE-2018-7643 (The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allo ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22905
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11ae95ea3403559f052903ab053f43ad7821e37
CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Descripto ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7636 (The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier  ...)
	NOT-FOR-US: PAN-OS
CVE-2018-7635 (Whale Browser before 1.0.41.8 displays no URL information but only a t ...)
	NOT-FOR-US: Whale Browser
CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mi ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-7633 (Code injection in the /ui/login form Language parameter in Epicentro E ...)
	NOT-FOR-US: Epicentro
CVE-2018-7632 (Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cau ...)
	NOT-FOR-US: Epicentro
CVE-2018-7631 (Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to exe ...)
	NOT-FOR-US: Epicentro
CVE-2018-7630
	RESERVED
CVE-2018-7629
	RESERVED
CVE-2018-7628
	RESERVED
CVE-2018-7627
	RESERVED
CVE-2018-7626
	RESERVED
CVE-2018-7625
	RESERVED
CVE-2018-7624
	RESERVED
CVE-2018-7623
	RESERVED
CVE-2018-7622
	RESERVED
CVE-2018-7621
	RESERVED
CVE-2018-7620
	RESERVED
CVE-2018-7619
	RESERVED
CVE-2018-7618
	RESERVED
CVE-2018-7617
	RESERVED
CVE-2018-7616
	RESERVED
CVE-2018-7615
	RESERVED
CVE-2018-7614
	RESERVED
CVE-2018-7613
	RESERVED
CVE-2018-7612
	RESERVED
CVE-2018-7611
	RESERVED
CVE-2018-7610
	RESERVED
CVE-2018-7609
	RESERVED
CVE-2018-7608
	RESERVED
CVE-2018-7607
	RESERVED
CVE-2018-7606
	RESERVED
CVE-2018-7605
	RESERVED
CVE-2018-7604
	RESERVED
CVE-2018-7603 (In Drupal's 3rd party module search auto complete prior to versions 7. ...)
	NOT-FOR-US: Drupal addon
CVE-2018-7602 (A remote code execution vulnerability exists within multiple subsystem ...)
	{DSA-4180-1 DLA-1365-1}
	- drupal7 <removed> (bug #896701)
	NOTE: https://www.drupal.org/psa-2018-003
	NOTE: https://www.drupal.org/sa-core-2018-004
	NOTE: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0
CVE-2018-7601
	RESERVED
CVE-2018-7599
	RESERVED
CVE-2018-7598
	RESERVED
CVE-2018-7597
	RESERVED
CVE-2018-7596
	RESERVED
CVE-2018-7595
	RESERVED
CVE-2018-7594
	RESERVED
CVE-2018-7593
	RESERVED
CVE-2018-7592
	RESERVED
CVE-2018-7591
	RESERVED
CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in acco ...)
	NOT-FOR-US: Hoosk
CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/184
	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/183
	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a craft ...)
	- cimg <unfixed> (low; bug #892780; bug #940951)
	[buster] - cimg <no-dsa> (Minor issue)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery pat ...)
	NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
	NOT-FOR-US: JerryScript
CVE-2018-7585
	RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and  ...)
	{DSA-4240-1 DLA-1397-1 DLA-1326-1}
	- php7.2 7.2.3-1
	- php7.1 7.1.15-1
	- php7.0 7.0.28-1
	- php5 <removed>
	NOTE: Fixed in 5.6.34, 7.0.28, 7.1.15, 7.2.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75981
	NOTE: https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash ...)
	NOT-FOR-US: Proxy.exe in DualDesk 20
CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Servic ...)
	NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert We ...)
	NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7580
	RESERVED
CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/792
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96c2fab85e1699c87080271254c5a01387805564
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/22eec833cd72b5abab2627fcacc27d2dfb6aa6e7
CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/791
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d2b87b403059af21db3002db95f4603f32b492ef
	NOTE: The commit referenced the wrong issue in the upstream issue tracker, but
	NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314
CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in Im ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/790
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6ac2858a87df6d645813e43928b4f01a3169ad3f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cca91aa1861818342e3d072bb0fad7dc4ffac24a
CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has  ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7578
	RESERVED
CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...)
	- snappy <undetermined>
	NOTE: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md
	NOTE: There are no useful details, could just as well be a misuse of snappy by Tensorflow
CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-7574
	REJECTED
CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server ca ...)
	NOT-FOR-US: FTPShell Client
CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to a ...)
	NOT-FOR-US: Pulse Secure Client
CVE-2018-7571
	RESERVED
CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in t ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22881
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as  ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22895
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9
CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22894
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2
CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kernel befo ...)
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux 3.16.57-1
	[wheezy] - linux <ignored> (Only affects ARM with XIP enabled)
	NOTE: Fixed by: https://git.kernel.org/linus/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py i ...)
	NOTE: Nonsense report for Python
CVE-2018-1000103
	REJECTED
CVE-2018-1000102
	REJECTED
CVE-2018-1000114 (An improper authorization vulnerability exists in Jenkins Promoted Bui ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000113 (A cross-site scripting vulnerability exists in Jenkins TestLink Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000112 (An improper authorization vulnerability exists in Jenkins Mercurial Pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000111 (An improper authorization vulnerability exists in Jenkins Subversion P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000110 (An improper authorization vulnerability exists in Jenkins Git Plugin v ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000109 (An improper authorization vulnerability exists in Jenkins Google Play  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000108 (A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000107 (An improper authorization vulnerability exists in Jenkins Job and Node ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000106 (An improper authorization vulnerability exists in Jenkins Gerrit Trigg ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000105 (An improper authorization vulnerability exists in Jenkins Gerrit Trigg ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000104 (A plaintext storage of a password vulnerability exists in Jenkins Cove ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Request Sys ...)
	- otrs2 <unfixed> (unimportant)
	NOTE: PoC https://0day.today/exploit/29938
	NOTE: Admin Package Manager works as designed and warns if a package is beeing
	NOTE: installed which is not verified by the OTRS Group. Responsiblity of the
	NOTE: respective admin to check packages before installation.
CVE-2018-7566 (The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da
CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
	NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
	NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is affe ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. Th ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14 ...)
	NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
	NOT-FOR-US: aws-lambda-multipart-parser NPM package
CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample Code  ...)
	NOT-FOR-US: OPC UA .NET
CVE-2018-7558
	RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through  ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:3.4.3-1
	- libav <removed>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
	NOTE: Fixed in 3.2.11
CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3. ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-7555
	RESERVED
CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a  ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/29
	NOTE: https://github.com/pts/sam2p/commit/a6621e996f976912252018be8a8836ee6a966ee3
	NOTE: https://github.com/pts/sam2p/commit/118cb8102b767df4100d8a14184e44b33a822861
	NOTE: https://github.com/pts/sam2p/commit/1e43ec5fe34b009cb43f90a9d562442ca347cd75
	NOTE: https://github.com/pts/sam2p/commit/beea3bd8dd05a731fddfa447ff0bad19fe32c973
	NOTE: https://github.com/pts/sam2p/commit/47378716ab03d6b39ee959c949df551c643942f1
CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/32
CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp  ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/30
	NOTE: CVE-2018-7554 patches will address this issue too.
CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads t ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/28
CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ( ...)
	{DSA-4213-1 DLA-1497-1 DLA-1351-1 DLA-1350-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #892041)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=patch;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...)
	- zsh 5.5-1 (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
	NOTE: no security impact
CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer dereference w ...)
	- zsh 5.5-1 (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
	NOTE: no security impact
CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /a ...)
	NOT-FOR-US: lyadmin
CVE-2018-7546 (wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 al ...)
	NOT-FOR-US: Kingsoft WPS Office 2016 and Jinshan PDF
CVE-2018-7545
	RESERVED
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
	{DLA-1304-1}
	- zsh 5.4.1-1
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...)
	- zsh 5.4.1-1 (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58
	NOTE: no security impact
CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized buffers  ...)
	{DLA-1304-1}
	- zsh 5.3-1
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60
CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow when scanni ...)
	{DLA-1304-1}
	- zsh 5.0.6-1
	NOTE: https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210
CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for very lon ...)
	{DLA-1304-1}
	- zsh 5.0.7-3
	NOTE: https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055
	NOTE: Debian needed to add cherry-pick-9982ab6f-missing-changelog-entry
CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of integer va ...)
	{DLA-1304-1}
	- zsh 5.0.7-3
	NOTE: https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting issue was discovered in the  ...)
	- openvpn <unfixed> (unimportant)
	NOTE: Not a security issue per se, later versions might explicitly warn in
	NOTE: affected problematic configurations in both the documentation and with
	NOTE: a runtime warning.
CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in installer/build/view.step4 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-7539 (On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is p ...)
	NOT-FOR-US: Appear TV XC5000 and XC5100 devices
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean  ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH g ...)
	{DSA-4131-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	[jessie] - xen <not-affected> (Vulnerable code introduced later)
	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-256.html
CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users  ...)
	{DSA-4131-1 DLA-1577-1 DLA-1300-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-255.html
CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
	{DSA-4131-1 DLA-1577-1 DLA-1300-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-252.html
CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp b ...)
	{DSA-4127-1 DLA-1298-1}
	- simplesamlphp 1.15.3-1
	NOTE: https://simplesamlphp.org/security/201802-01
	NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...)
	{DSA-4161-1 DLA-1303-1}
	- python-django 1:1.11.11-1
	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
	NOTE: Patch https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...)
	{DSA-4161-1 DLA-1303-1}
	- python-django 1:1.11.11-1
	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
	NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
CVE-2018-7535 (An issue was discovered in TotalAV v4.1.7. An unprivileged user could  ...)
	NOT-FOR-US: TotalAV
CVE-2018-7534 (In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Sol ...)
	NOT-FOR-US: Stealth Authorization Server
CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI Da ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck G- ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data A ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7530 (Parsing malformed project files in Omron CX-One versions 4.42 and prio ...)
	NOT-FOR-US: Omron
CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck G-Cam ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1 ...)
	NOT-FOR-US: LeviStudio HMI Editor
CVE-2018-7526 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Syste ...)
	NOT-FOR-US: TotalAlert Web Application
CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in Geut ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7522 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions  ...)
	NOT-FOR-US: Schneider
CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnera ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7520 (An improper access control vulnerability has been identified in Geuteb ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7518 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Syste ...)
	NOT-FOR-US: TotalAlert Web Application
CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7516 (A server-side request forgery vulnerability has been identified in Geu ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialize ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7514 (Parsing malformed project files in Omron CX-One versions 4.42 and prio ...)
	NOT-FOR-US: Omron
CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7512 (A cross-site scripting vulnerability has been identified in Geutebruck ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases  ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2018-7510 (In the web application in BeaconMedaes TotalAlert Scroll Medical Air S ...)
	NOT-FOR-US: BeaconMedaes TotalAlert
CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes data fro ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API vers ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixe ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and prio ...)
	NOT-FOR-US: Moxa
CVE-2018-7505 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI Visi ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7503 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2 ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2018-7501 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7499 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper  ...)
	NOT-FOR-US: Philips Alice 6 System
CVE-2018-7497 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision vers ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7495 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixe ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege escalati ...)
	NOT-FOR-US: CactusVPN for macOS
CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel befo ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux kerne ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/b9a41d21dceadf8104812626ef85dc56ee8a60ed
CVE-2017-18202 (The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel b ...)
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/687cb0884a714ff484d038e9190edc874edcf146
CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_ ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerabil ...)
	NOT-FOR-US: PrestaShop
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
	{DSA-4142-1}
	- uwsgi 2.0.15-10.4 (bug #891639)
	[wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
	NOTE: Fixed in 2.0.17 upstream
	NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
	NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
CVE-2018-7489 (FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2 ...)
	{DSA-4190-1}
	- jackson-databind 2.9.5-1 (bug #891614)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
	NOTE: https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
CVE-2018-7488
	RESERVED
CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function of in_pc ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/18
CVE-2018-7486 (Blue River Mura CMS before v7.0.7029 supports inline function calls wi ...)
	NOT-FOR-US: Blue River Mura CMS
CVE-2018-7485 (The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC ...)
	- unixodbc <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
	NOTE: Issue introduced with https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
	NOTE: when actually fixing another potential (security) issue, "Buffer
	NOTE: overflows and missing null checks in SQLConfigDataSource,
	NOTE: SQLInstallDriverEx, and SQLWriteFileDSN"
CVE-2017-18201 (An issue was discovered in GNU libcdio before 2.0.0. There is a double ...)
	- libcdio 2.0.0-2 (bug #891638)
	[stretch] - libcdio <not-affected> (Vulnerable code introduced post 0.92)
	[jessie] - libcdio <not-affected> (Vulnerable code introduced post 0.92)
	[wheezy] - libcdio <not-affected> (Vulnerable code introduced post 0.92)
	NOTE: Fixed by https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d
	NOTE: with https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=dec2f876c2d7162da213429bce1a7140cdbdd734
CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. The cl ...)
	NOT-FOR-US: PureVPN on Windows
CVE-2018-7483
	RESERVED
CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access ...)
	NOT-FOR-US: K2 component for Joomla!
CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ref ...)
	- linux <not-affected> (Vulnerable code not present)
CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninit ...)
	{DSA-4170-1}
	- pjproject 2.7.2~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
	NOTE: https://trac.pjsip.org/repos/ticket/2092
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vuln ...)
	{DSA-4170-1}
	- pjproject 2.7.2~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
	NOTE: https://trac.pjsip.org/repos/ticket/2093
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null Terminat ...)
	- mingw-w64 <unfixed> (low; bug #897196)
	[buster] - mingw-w64 <ignored> (Minor issue)
	[stretch] - mingw-w64 <ignored> (Minor issue)
	[jessie] - mingw-w64 <ignored> (Minor issue)
	[wheezy] - mingw-w64 <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/mingw-w64/bugs/709/
CVE-2018-7481
	RESERVED
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux kerne ...)
	{DSA-4188-1}
	- linux 4.11.6-1
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a dir ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7478
	RESERVED
CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management Script 3.0. ...)
	NOT-FOR-US: PHP Scripts Mall School Management Script
CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site S ...)
	NOT-FOR-US: FineCms
CVE-2018-7475 (Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in Ic ...)
	NOT-FOR-US: IceWarp
CVE-2018-7474 (An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is po ...)
	- textpattern <removed>
CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web inte ...)
	NOT-FOR-US: SO Connect SO WIFI
CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service d ...)
	NOT-FOR-US: INVT Studio
CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...)
	NOT-FOR-US: KingView
CVE-2018-7470 (An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLo ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (unimportant; bug #891420)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/998
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e80713e5132a3bd26702ee0a833306f7e801469
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
	NOTE: webp support not enabled, see #806425
CVE-2018-7469 (PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the  ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-7468
	RESERVED
CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2 ...)
	NOT-FOR-US: AxxonSoft Axxon Next
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote atta ...)
	NOT-FOR-US: TestLink
CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the texta ...)
	NOT-FOR-US: VirtueMart
CVE-2018-7464
	RESERVED
CVE-2018-7463 (SQL injection vulnerability in files.php in the "files" component in A ...)
	NOT-FOR-US: ASANHAMAYESH CMS
CVE-2018-7462
	RESERVED
CVE-2018-7461
	RESERVED
CVE-2018-7460
	RESERVED
CVE-2018-7459
	RESERVED
CVE-2018-7458
	RESERVED
CVE-2018-7457
	RESERVED
CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory i ...)
	{DSA-4349-1 DLA-1411-1 DLA-1347-1 DLA-1346-1}
	- tiff 4.0.9-5 (bug #891288)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2778
	NOTE: https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b
CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xp ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpd ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?p=814#p814
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc i ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7451
	RESERVED
CVE-2018-7450
	RESERVED
CVE-2018-7449 (SEGGER FTP Server for Windows before 3.22a allows remote attackers to  ...)
	NOT-FOR-US: SEGGER embOS/IP FTP Server
CVE-2018-7448 (Remote code execution vulnerability in /cmsms-2.1.6-install.php/index. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-7447 (** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persist ...)
	NOT-FOR-US: mojoPortal
CVE-2018-7446
	RESERVED
CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service when  ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2018-7444
	RESERVED
CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote at ...)
	- libcdio 1.0.0-1 (low)
	[stretch] - libcdio <ignored> (Minor issue)
	[jessie] - libcdio <no-dsa> (Minor issue)
	[wheezy] - libcdio <no-dsa> (Minor issue)
	NOTE: https://savannah.gnu.org/bugs/?52264
CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows ...)
	- libcdio 1.0.0-1 (low)
	[stretch] - libcdio <no-dsa> (Minor issue)
	[jessie] - libcdio <no-dsa> (Minor issue)
	[wheezy] - libcdio <no-dsa> (Minor issue)
	NOTE: https://savannah.gnu.org/bugs/?52265
CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserF ...)
	{DLA-1299-1}
	- libjgraphx-java 2.1.0.7-2 (low; bug #891796)
	[stretch] - libjgraphx-java <no-dsa> (Minor issue)
	[jessie] - libjgraphx-java <no-dsa> (Minor issue)
	NOTE: https://github.com/jgraph/mxgraph/issues/124
	NOTE: https://bitbucket.org/jgraph/mxgraph2/commits/7d159ca3259b961cbb1c51b4ea42cb408c624ff1
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q1 ...)
	{DLA-1293-1}
	- imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5c0e1a31bc44829b1024ce599097f43285a05a42
CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via a dire ...)
	NOT-FOR-US: zzcms
CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not proper ...)
	NOT-FOR-US: iThemes Security plugin for WordPress
CVE-2018-7432 (Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x befo ...)
	NOT-FOR-US: Splunk
CVE-2018-7431 (Directory traversal vulnerability in the Splunk Django App in Splunk E ...)
	NOT-FOR-US: Splunk
CVE-2018-7430
	RESERVED
CVE-2018-7429 (Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11,  ...)
	NOT-FOR-US: Splunk
CVE-2018-7428
	RESERVED
CVE-2018-7427 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk
CVE-2018-7426
	RESERVED
CVE-2018-7425
	RESERVED
CVE-2018-7424
	RESERVED
CVE-2018-7423
	RESERVED
CVE-2017-18195 (An issue was discovered in tools/conversations/view_ajax.php in Concre ...)
	NOT-FOR-US: Concrete5
CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Valid ...)
	[experimental] - elinks 0.13~20190125-1
	- elinks 0.13~20190125-3 (low; bug #891575)
	[stretch] - elinks <ignored> (Minor issue)
	[jessie] - elinks <ignored> (Minor issue)
	[wheezy] - elinks <ignored> (Minor issue)
	- links2 2.6-1 (bug #694658; bug #510417)
	NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html
	NOTE: tested links2 against badssl.com, no apparent issue back in wheezy
	NOTE: src:links2/2.6-1 adds verify-ssl-certs-510417.diff to verify SSL certs.
	NOTE: src:links2 upstream in 2.11 adds support for verifying SSL certificates.
CVE-2018-7422 (A Local File Inclusion vulnerability in the Site Editor plugin through ...)
	NOT-FOR-US: Site Editor plugin for WordPress
CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector cou ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14408
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=656812ee1f2a8ddfd383b02a066e888f5919e17a
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e8be5adae469ba563acfad2c2b98673e1afaf901
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parse ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=129e41f9f63885ad8224ef413c2860788fb9e849
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-11.html
CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector co ...)
	{DSA-4217-1 DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14443
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bebd3a1f50b0a27738d8d3da5b33c1b392eb7273
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-14.html
CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14410
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=29d920b8309905dda11ad397596fe8aafc9b4bf7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-13.html
CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector co ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14409
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81216a176b25dd8a616e11808a951e141a467009
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-12.html
CVE-2018-7416
	RESERVED
CVE-2018-7439 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
CVE-2018-7438 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
CVE-2018-7437 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
CVE-2018-7436 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
CVE-2018-7435 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
CVE-2018-7415
	RESERVED
CVE-2018-7414
	RESERVED
CVE-2018-7413
	RESERVED
CVE-2018-7412
	RESERVED
CVE-2018-7411
	RESERVED
CVE-2018-7410
	RESERVED
CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to ...)
	- unixodbc 2.3.6-0.1 (bug #891596)
	[stretch] - unixodbc <no-dsa> (Minor issue)
	[jessie] - unixodbc <no-dsa> (Minor issue)
	[wheezy] - unixodbc <ignored> (Minor issue)
	NOTE: Fixed by: https://sourceforge.net/p/unixodbc/code/136/
	NOTE: https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...)
	- npm <not-affected> (Vulnerable code introduced later)
CVE-2018-7407 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF befo ...)
	NOT-FOR-US: Foxit
CVE-2018-7406 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF befo ...)
	NOT-FOR-US: Foxit
CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer befo ...)
	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2018-7404
	RESERVED
CVE-2018-7403
	RESERVED
CVE-2018-7402
	RESERVED
CVE-2018-7401
	RESERVED
CVE-2018-7400
	RESERVED
CVE-2018-7399
	RESERVED
CVE-2018-7398
	RESERVED
CVE-2018-7397
	RESERVED
CVE-2018-7396
	RESERVED
CVE-2018-7395
	RESERVED
CVE-2018-7394
	RESERVED
CVE-2018-7393
	RESERVED
CVE-2018-7392
	RESERVED
CVE-2018-7391
	RESERVED
CVE-2018-7390
	RESERVED
CVE-2018-7389
	RESERVED
CVE-2018-7388
	RESERVED
CVE-2018-7387
	RESERVED
CVE-2018-7386
	RESERVED
CVE-2018-7385
	RESERVED
CVE-2018-7384
	RESERVED
CVE-2018-7383
	RESERVED
CVE-2018-7382
	RESERVED
CVE-2018-7381
	RESERVED
CVE-2018-7380
	RESERVED
CVE-2018-7379
	RESERVED
CVE-2018-7378
	RESERVED
CVE-2018-7377
	RESERVED
CVE-2018-7376
	RESERVED
CVE-2018-7375
	RESERVED
CVE-2018-7374
	RESERVED
CVE-2018-7373
	RESERVED
CVE-2018-7372
	RESERVED
CVE-2018-7371
	RESERVED
CVE-2018-7370
	RESERVED
CVE-2018-7369
	RESERVED
CVE-2018-7368
	REJECTED
CVE-2018-7367
	REJECTED
CVE-2018-7366 (ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions  ...)
	NOT-FOR-US: ZTE
CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product ...)
	NOT-FOR-US: ZTE
CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Europe ...)
	NOT-FOR-US: ZTE
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7361 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7360 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7359 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V ...)
	NOT-FOR-US: ZTE ZXHN H168N product
CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V ...)
	NOT-FOR-US: ZTE ZXHN H168N product
CVE-2018-7356 (All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impac ...)
	NOT-FOR-US: ZTE ZXR10 8905E
CVE-2018-7355 (All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0 ...)
	NOT-FOR-US: ZTE
CVE-2018-7354
	RESERVED
CVE-2018-7353
	RESERVED
CVE-2018-7352
	RESERVED
CVE-2018-7351
	RESERVED
CVE-2018-7350
	RESERVED
CVE-2018-7349
	RESERVED
CVE-2018-7348
	RESERVED
CVE-2018-7347
	RESERVED
CVE-2018-7346
	RESERVED
CVE-2018-7345
	RESERVED
CVE-2018-7344
	RESERVED
CVE-2018-7343
	RESERVED
CVE-2018-7342
	RESERVED
CVE-2018-7341
	RESERVED
CVE-2018-7340 (Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the resu ...)
	NOT-FOR-US: Duo Network Gateway
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Ent ...)
	- mp4v2 <removed> (low; bug #893544)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	[wheezy] - mp4v2 <ignored> (Minor issue)
	NOTE: https://github.com/pingsuewim/libmp4_bof
CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "signup" compon ...)
	NOT-FOR-US: HamayeshNegar CMS
CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles exte ...)
	{DSA-4188-1}
	- linux 4.13.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link injection vu ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal7 7.57-1 (bug #891154)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6929 (A jQuery cross site scripting vulnerability is present when making Aja ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal7 7.57-1 (bug #891153)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6928 (Drupal core 7.x versions before 7.57 when using Drupal's private file  ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal7 7.57-1 (bug #891152)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6927 (Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.57-1 (bug #891150)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-7338
	RESERVED
	NOT-FOR-US: Duo Network Gateway
	NOTE: https://duo.com/labs/psa/duo-psa-2017-003
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-08.html
CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol diss ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-09.html
CVE-2018-7335 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 disse ...)
	{DSA-4217-1 DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14442
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2901dcf45c9f1b07abfbf2a0b0cd654371d72a4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-05.html
CVE-2018-7334 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissecto ...)
	{DSA-4217-1 DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14339
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ed705e1227d3d582e3f0de435bba606d053d686
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-07.html
CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.7)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.7)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bd6313181317bfe83842b27650b65f3c2b8d5dc9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1}
	- wireshark 2.4.5-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7330 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7329 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7328 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7327 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=293b999425e998d6cde0d9149648e421ea7687d0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1}
	- wireshark 2.4.5-1 (low)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7be234d06ea39ab6a88115ae41d71060f1f15e3c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f9199ea8cff56c6704e9828c3d80360b27c4565
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5d45b69b590cabc5127282d1ade3bca1598e5f5c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afc780e2c796e971bb7d164103f4f0d10d3c25b5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.6)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.6)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol  ...)
	- wireshark 2.4.5-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14398
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=015e3399390b8b5cfbfcfcda30589983ab6cc129
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-10.html
CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component f ...)
	NOT-FOR-US: OS Property Real Estate component for Joomla!
CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via  ...)
	NOT-FOR-US: CheckList component for Joomla!
CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...)
	NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for Jooml ...)
	NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via th ...)
	NOT-FOR-US: Ek Rishta component for Joomla!
CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! v ...)
	NOT-FOR-US: PrayerCenter component for Joomla!
CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via th ...)
	NOT-FOR-US: CW Tags component for Joomla!
CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component fo ...)
	NOT-FOR-US: Alexandria Book Library component for Joomla!
CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root privile ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7310
	RESERVED
CVE-2018-7309
	RESERVED
CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting thr ...)
	NOT-FOR-US: DanWin hosting
CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles t ...)
	NOT-FOR-US: Auth0 Auth0.js library
CVE-2018-7306
	RESERVED
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...)
	NOT-FOR-US: MyBB
CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...)
	NOT-FOR-US: Tiki
CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
	NOT-FOR-US: Tiki
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content,  ...)
	NOT-FOR-US: Tiki
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...)
	NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in  ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG Hom ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG Homemat ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method i ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7295 (ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Wi ...)
	NOT-FOR-US: Final Fantasy
CVE-2018-7294
	RESERVED
CVE-2018-7293
	RESERVED
CVE-2018-7292
	RESERVED
CVE-2018-7291
	RESERVED
CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...)
	NOT-FOR-US: Tiki
CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
	NOT-FOR-US: Armadito
CVE-2018-7288
	RESERVED
CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x throu ...)
	- asterisk <not-affected> (Only affects Asterisk 15.x)
	NOTE: downloads.digium.com/pub/security/AST-2018-006.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27658
CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7 ...)
	{DSA-4320-1}
	- asterisk 1:13.20.0~dfsg-1 (bug #891228)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27618
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005-13.diff
CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through 15 ...)
	- asterisk <not-affected> (Only affects Asterisk 15.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-001.html
CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14 ...)
	{DSA-4320-1}
	- asterisk 1:13.20.0~dfsg-1 (bug #891227)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27640
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004-13.diff
CVE-2018-7283
	RESERVED
CVE-2018-7282 (The username parameter of the TITool PrintMonitor solution during the  ...)
	NOT-FOR-US: TITool
CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnera ...)
	NOT-FOR-US: CactusVPN for macOS
CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-1000093 (CryptoNote version version 0.8.9 and possibly later contain a local RP ...)
	NOT-FOR-US: CryptoNote
CVE-2018-1000092 (CMS Made Simple version versions 2.2.5 contains a Cross ite Request Fo ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-1000091 (KadNode version version 2.2.0 contains a Buffer Overflow vulnerability ...)
	NOT-FOR-US: KadNode
CVE-2018-1000090 (textpattern version version 4.6.2 contains a XML Injection vulnerabili ...)
	- textpattern <removed>
CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contains a CWE- ...)
	- django-anymail 1.4-1 (bug #890097)
	[stretch] - django-anymail <ignored> (Minor issue; non-free/contrib not security supported)
	NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...)
	- ruby-doorkeeper 4.3.1-1 (bug #891069)
	[stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Script ...)
	NOT-FOR-US: WolfCMS
CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a  ...)
	NOT-FOR-US: pym.js
CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory rea ...)
	{DLA-1307-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
CVE-2018-1000084 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site S ...)
	NOT-FOR-US: WolfCMS
CVE-2018-1000083 (Ajenti version version 2 contains a Improper Error Handling vulnerabil ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000082 (Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) v ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000081 (Ajenti version version 2 contains a Input Validation vulnerability in  ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000080 (Ajenti version version 2 contains a Insecure Permissions vulnerability ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1421-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code not present)
	- jruby 9.1.17.0-1 (bug #895778)
	[jessie] - jruby <not-affected> (Vulnerable code not present)
	[wheezy] - jruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759
	NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1480-1 DLA-1352-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
	- rubygems <removed>
	[wheezy] - rubygems <no-dsa> (Minor issue)
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1480-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code not present)
	- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
	[jessie] - jruby <not-affected> (Vulnerable code not present)
	[wheezy] - jruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000072 (iRedMail version prior to commit f04b8ef contains a Insecure Permissio ...)
	NOT-FOR-US: iRedMail
CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permissions v ...)
	- roundcube 1.3.10+dfsg.1-1 (unimportant; bug #897014)
	[buster] - roundcube 1.3.10+dfsg.1-1~deb10u1
	[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
	NOTE: https://github.com/roundcube/roundcubemail/issues/6173
	NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5
	NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
	NOTE: That plugin is not functional in stretch due to a missing package dependency, setting it
	NOTE: up would require several additional manual changes on the admin's side
	NOTE: Can be mitigated by moving home folder outside the scope of the webserver
CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after com ...)
	NOT-FOR-US: PyBitmessage
CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External Entity (XX ...)
	{DSA-4175-1 DLA-1316-1}
	- freeplane 1.6.6-1 (bug #893663)
	NOTE: https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
	NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f
CVE-2018-7279 (A remote code execution issue was discovered in AlienVault USM and OSS ...)
	NOT-FOR-US: AlienVault
CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2 ...)
	NOT-FOR-US: RLE Protocol Converter FDS-PC / FDS-PC-DP devices
CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent X ...)
	NOT-FOR-US: RLE Wi-MGR/FDS-Wi 6.2 devices
CVE-2018-7276 (An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firm ...)
	NOT-FOR-US: Lutron Quantum BACnet Integration 2.0 devices
CVE-2018-7275
	RESERVED
CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scr ...)
	NOT-FOR-US: Yab Quarx
CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the addr ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	- linux-4.9 <removed>
	NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as par ...)
	NOT-FOR-US: ForgeRock AM
CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php in th ...)
	NOT-FOR-US: MetInfo
CVE-2018-7270
	RESERVED
CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii 2 ...)
	- yii <itp> (bug #597899)
CVE-2018-7268 (MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automa ...)
	NOT-FOR-US: MagniComp
CVE-2018-7267
	RESERVED
CVE-2018-7266
	RESERVED
CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that e ...)
	NOT-FOR-US: Shimmie
CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF toolki ...)
	NOT-FOR-US: ActivePDF
CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b mispar ...)
	- libid3tag 0.15.1b-5 (bug #304913)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
	NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...)
	NOTE: Seems like a duplicate of CVE-2017-11552 relates to the issue raised in
	NOTE: https://bugs.debian.org/870608
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
	NOTE: MITRE stated, that "[...] However, if there are two different code
	NOTE: paths by which libmad is used incorrectly, and both code paths result
	NOTE: in "double free or corruption" errors, then we would represent this
	NOTE: with two CVEs."
CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGW ...)
	- ceph <not-affected> (Issue introduced later)
	NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in
	NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
	NOTE: version of the embedded webserver in RADOS gateway which does not return
	NOTE: null strings on malformed HTTP requests.
	NOTE: Original pull request: https://github.com/ceph/ceph/pull/20403
	NOTE: Superseeded by: https://github.com/ceph/ceph/pull/20488
CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4 ...)
	NOT-FOR-US: Radiant CMS
CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in  ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #893539)
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-1/
CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...)
	NOT-FOR-US: Flight Sim Labs
CVE-2018-7258
	RESERVED
CVE-2018-7257
	RESERVED
CVE-2018-7256
	RESERVED
CVE-2018-7255
	RESERVED
CVE-2018-7252
	RESERVED
CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. The erro ...)
	NOT-FOR-US: Anchor CMS
CVE-2018-7250 (An issue was discovered in secdrv.sys as shipped in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-7249 (An issue was discovered in secdrv.sys as shipped in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Vid ...)
	NOT-FOR-US: "Photo,Video Locker-Calculator" application for Android
CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5 ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889274)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/dbry/WavPack/issues/26
	NOTE: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPa ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889559)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/dbry/WavPack/issues/28
	NOTE: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Buil ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Lepto ...)
	- leptonlib 1.76.0-1 (unimportant)
	NOTE: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
CVE-2018-7246 (A cleartext transmission of sensitive information vulnerability exists ...)
	NOT-FOR-US: Schneider
CVE-2018-7245 (An improper authorization vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7244 (An information disclosure vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7243 (An authorization bypass vulnerability exists In Schneider Electric's 6 ...)
	NOT-FOR-US: Schneider
CVE-2018-7242 (Vulnerable hash algorithms exists in Schneider Electric's Modicon Prem ...)
	NOT-FOR-US: Schneider
CVE-2018-7241 (Hard coded accounts exist in Schneider Electric's Modicon Premium, Mod ...)
	NOT-FOR-US: Schneider
CVE-2018-7240 (A vulnerability exists in Schneider Electric's Modicon Quantum in all  ...)
	NOT-FOR-US: Schneider
CVE-2018-7239 (A DLL hijacking vulnerability exists in Schneider Electric's SoMove So ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7238 (A buffer overflow vulnerability exist in the web-based GUI of Schneide ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7237 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7236 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7235 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7234 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7233 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7232 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7231 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7230 (A XML external entity (XXE) vulnerability exists in the import.cgi of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7229 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7228 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7227 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-18191 (An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x ...)
	- nova 2:17.0.0-1
	[stretch] - nova <no-dsa> (Minor issue)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <end-of-life> (Not supported in Wheezy)
	NOTE: https://launchpad.net/bugs/1739593
	NOTE: https://review.openstack.org/539893
CVE-2015-9253 (An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before  ...)
	- php7.3 <not-affected> (Fixed with initial upload to unstable)
	- php7.2 7.2.8-1 (unimportant)
	- php7.1 7.1.20-1 (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: https://bugs.php.net/bug.php?id=73342
	NOTE: https://bugs.php.net/bug.php?id=70185
	NOTE: https://bugs.php.net/bug.php?id=75968
	NOTE: Only exploitable with malicious script
CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in Linux ...)
	- vncterm <unfixed> (low; bug #898453)
	[stretch] - vncterm <no-dsa> (Minor issue)
	NOTE: https://github.com/LibVNC/vncterm/issues/6
CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...)
	{DSA-4221-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
	- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- vino 3.22.0-6 (bug #945784)
	[buster] - vino <no-dsa> (Minor issue)
	[stretch] - vino <no-dsa> (Minor issue)
	NOTE: https://github.com/LibVNC/libvncserver/issues/218
	NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
CVE-2018-7224
	RESERVED
CVE-2018-7223
	RESERVED
CVE-2018-7222
	RESERVED
CVE-2018-7221
	RESERVED
CVE-2018-7220
	RESERVED
CVE-2018-7219 (application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as d ...)
	NOT-FOR-US: NoneCms
CVE-2018-7218 (The AppFirewall functionality in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix
CVE-2018-7217 (In Bravo Tejari Procurement Portal, uploaded files are not properly va ...)
	NOT-FOR-US: Bravo Tejari Procurement Portal
CVE-2018-7216 (Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profil ...)
	NOT-FOR-US: Bravo Tejari Procurement Portal
CVE-2018-7215
	RESERVED
CVE-2018-7214
	RESERVED
CVE-2018-7213 (The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428  ...)
	NOT-FOR-US: Password Manager Extension in Abine Blur
CVE-2018-7212 (An issue was discovered in rack-protection/lib/rack/protection/path_tr ...)
	NOT-FOR-US: Sinatra
CVE-2018-7211 (An issue was discovered in iDashboards 9.6b. The SSO implementation is ...)
	NOT-FOR-US: iDashboards
CVE-2018-7210 (An issue was discovered in iDashboards 9.6b. It allows remote attacker ...)
	NOT-FOR-US: iDashboards
CVE-2018-7209 (An issue was discovered in iDashboards 9.6b. It allows remote attacker ...)
	NOT-FOR-US: iDashboards
CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary File De ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22741
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815
CVE-2018-7207
	REJECTED
CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0 ...)
	NOT-FOR-US: JupyterHub
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design ...)
	NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for Wor ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 throu ...)
	NOT-FOR-US: Twonky Server
CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists in the ...)
	NOT-FOR-US: ProjectSend
CVE-2018-7201 (CSV Injection was discovered in ProjectSend before r1053, affecting vi ...)
	NOT-FOR-US: ProjectSend
CVE-2018-7200
	RESERVED
CVE-2018-7199
	RESERVED
CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the Add Pos ...)
	NOT-FOR-US: October CMS
CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored cross-site sc ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhances ...)
	NOT-FOR-US: osTicket
CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to reset ar ...)
	NOT-FOR-US: osTicket
CVE-2018-7194 (Integer format vulnerability in the ticket number generator in Enhance ...)
	NOT-FOR-US: osTicket
CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enha ...)
	NOT-FOR-US: osTicket
CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic  ...)
	NOT-FOR-US: osTicket
CVE-2018-7191 (In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.56-1+deb8u1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792
	NOTE: https://git.kernel.org/linus/0ad646c81b2182f7fa67ec0c8c825e0ee165696d
	NOTE: https://git.kernel.org/linus/5c25f65fd1e42685f7ccd80e0621829c105785d9
CVE-2018-7190
	RESERVED
CVE-2018-7189
	RESERVED
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...)
	NOT-FOR-US: Tiki
CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...)
	{DSA-4380-1 DSA-4379-1 DLA-1294-1}
	- golang-1.10 1.10.1-1
	- golang-1.9 <removed> (bug #895663)
	- golang-1.8 <removed> (bug #895664)
	- golang-1.7 <removed> (bug #895665)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/23867
	NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attac ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <ignored> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating  ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <ignored> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a76f46bK1M87GD1tJounOczC-5Zow
CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 throu ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7182 (The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows r ...)
	- ntp 1:4.2.8p11+dfsg-1
	[stretch] - ntp <postponed> (Can be fixed along in a future update)
	[jessie] - ntp <postponed> (Can be fixed along in a future update)
	[wheezy] - ntp <not-affected> (Issue not present)
	- ntpsec 1.0.0+dfsg1-5
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: Fixed by (ntpsec): https://gitlab.com/NTPsec/ntpsec/commit/6d6aa6da0fe685011f5a9633c3618409af8349d7
	NOTE: https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
CVE-2018-7181
	RESERVED
CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in scheduler/c ...)
	{DLA-1412-1 DLA-1288-1}
	- cups 2.2.3-2
	[stretch] - cups 2.2.1-8+deb9u1
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
	NOTE: https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 (v2.2.2)
CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters in a % ...)
	{DLA-1302-1}
	- leptonlib 1.75.3-2 (low; bug #890548)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! v ...)
	NOT-FOR-US: Saxum Astro component for Joomla!
CVE-2018-7179 (SQL Injection exists in the SquadManagement 1.0.3 component for Joomla ...)
	NOT-FOR-US: SquadManagement component for Joomla!
CVE-2018-7178 (SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla!  ...)
	NOT-FOR-US: Saxum Picker component for Joomla!
CVE-2018-7177 (SQL Injection exists in the Saxum Numerology 3.0.4 component for Jooml ...)
	NOT-FOR-US: Saxum Numerology component for Joomla!
CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding  ...)
	- frontaccounting <removed> (bug #890604)
	[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973)
	NOTE: https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference in re ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref a ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions  ...)
	- jenkins <removed>
CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions 2.1 ...)
	- jenkins <removed>
CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ar ...)
	NOT-FOR-US: WonderCMS
CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5  ...)
	NOT-FOR-US: Twonky Server
CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ...)
	- ntp 1:4.2.8p11+dfsg-1
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is  ...)
	- shadow 1:4.7-1 (low; bug #890557)
	[buster] - shadow <no-dsa> (Minor issue)
	[stretch] - shadow <no-dsa> (Minor issue)
	[jessie] - shadow <no-dsa> (Minor issue)
	[wheezy] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
	NOTE: https://github.com/shadow-maint/shadow/pull/97
CVE-2018-7168
	RESERVED
CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can lead  ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#calls-to-buffer-fill-and-or-buffer-alloc-may-hang-cve-2018-7167
	NOTE: Doesn't affect 10.x, marking first 10.x upload to sid as fixed
CVE-2018-7166 (In all versions of Node.js 10 prior to 10.9.0, an argument processing  ...)
	- nodejs <not-affected> (Only affects 10.x and later)
	NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
	NOTE: https://github.com/nodejs/node/commit/40a7beeddac9b9ec9ef5b49157daaf8470648b08
CVE-2018-7165
	RESERVED
CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	[stretch] - nodejs <not-affected> (Only affects >= 9.x)
	[jessie] - nodejs <not-affected> (Only affects >= 9.x)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#memory-exhaustion-dos-on-v9-x-cve-2018-7164
	NOTE: https://github.com/nodejs/node/commit/3217e8e66fa81e
CVE-2018-7163
	RESERVED
CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	[stretch] - nodejs <not-affected> (Only affects >= 8.x)
	[jessie] - nodejs <not-affected> (Only affects >= 8.x)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-tls-cve-2018-7162
	NOTE: https://github.com/nodejs/node/commit/0cb3325f1
CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	[stretch] - nodejs <not-affected> (Only affects >= 8.x)
	[jessie] - nodejs <not-affected> (Only affects >= 8.x)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-http-2-cve-2018-7161
	NOTE: https://github.com/nodejs/node/commit/8bf213dbdc7e
CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS rebindi ...)
	- nodejs 8.11.1~dfsg-2 (unimportant)
	[stretch] - nodejs <not-affected> (Vulnerable code not present)
	[jessie] - nodejs <not-affected> (Vulnerable code not present)
	[wheezy] - nodejs <not-affected> (Vulnerable code not present)
CVE-2018-7159 (The HTTP parser in all current versions of Node.js ignores spaces in t ...)
	- nodejs 8.11.1~dfsg-2 (unimportant)
CVE-2018-7158 (The `'path'` module in the Node.js 4.x release line contains a potenti ...)
	- nodejs 6.0.0~dfsg-1 (unimportant)
CVE-2018-7157
	RESERVED
CVE-2018-7156
	RESERVED
CVE-2018-7155
	RESERVED
CVE-2018-7154
	RESERVED
CVE-2018-7153
	RESERVED
CVE-2018-7152
	RESERVED
CVE-2018-7151
	RESERVED
CVE-2018-7150
	RESERVED
CVE-2018-7149
	RESERVED
CVE-2018-7148
	RESERVED
CVE-2018-7147
	RESERVED
CVE-2018-7146
	RESERVED
CVE-2018-7145
	RESERVED
CVE-2018-7144
	RESERVED
CVE-2018-7143
	RESERVED
CVE-2018-7142
	RESERVED
CVE-2018-7141
	RESERVED
CVE-2018-7140
	RESERVED
CVE-2018-7139
	RESERVED
CVE-2018-7138
	RESERVED
CVE-2018-7137
	RESERVED
CVE-2018-7136
	RESERVED
CVE-2018-7135
	RESERVED
CVE-2018-7134
	RESERVED
CVE-2018-7133
	RESERVED
CVE-2018-7132
	RESERVED
CVE-2018-7131
	RESERVED
CVE-2018-7130
	RESERVED
CVE-2018-7129
	RESERVED
CVE-2018-7128
	RESERVED
CVE-2018-7127
	RESERVED
CVE-2018-7126
	RESERVED
CVE-2018-7125 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7124 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7123 (A remote denial of service vulnerability was identified in HPE Intelli ...)
	NOT-FOR-US: HPE
CVE-2018-7122 (A remote disclosure of information vulnerability was identified in HPE ...)
	NOT-FOR-US: HPE
CVE-2018-7121 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7120 (A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Chan ...)
	NOT-FOR-US: HPE
CVE-2018-7119 (A Local Disclosure of Sensitive Information vulnerability was identifi ...)
	NOT-FOR-US: HPE
CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE  ...)
	NOT-FOR-US: HPE Service Pack for ProLiant (SPP) Bundled Software
CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
	NOT-FOR-US: HPE
CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
	NOT-FOR-US: HPE
CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
	NOT-FOR-US: HPE
CVE-2018-7114 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
	NOT-FOR-US: HPE
CVE-2018-7113 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior  ...)
	NOT-FOR-US: HPE
CVE-2018-7112 (The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7 ...)
	NOT-FOR-US: HPE
CVE-2018-7111 (A remote unauthorized access vulnerability was identified in HPE UIoT  ...)
	NOT-FOR-US: HPE
CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability was iden ...)
	NOT-FOR-US: HPE
CVE-2018-7109 (HPE has addressed a remote arbitrary file modification vulnerability i ...)
	NOT-FOR-US: HPE
CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to ...)
	NOT-FOR-US: HPE
CVE-2018-7107 (A potential security vulnerability has been identified in HPE Device E ...)
	NOT-FOR-US: HPE
CVE-2018-7106
	REJECTED
CVE-2018-7105 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HP ...)
	NOT-FOR-US: HPE
CVE-2018-7104 (A Remote Code Execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7103 (A Remote Code Execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7102 (A security vulnerability in HPE Intelligent Management Center (iMC) PL ...)
	NOT-FOR-US: HPE
CVE-2018-7101 (A potential remote denial of service security vulnerability has been i ...)
	NOT-FOR-US: HPE
CVE-2018-7100 (A potential security vulnerability has been identified in HPE OfficeCo ...)
	NOT-FOR-US: HPE OfficeConnect 1810 Switch Series
CVE-2018-7099 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7098 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7097 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7096 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7095 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7094 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7093 (A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90 ...)
	NOT-FOR-US: HPE
CVE-2018-7092 (A potential security vulnerability has been identified in HPE Intellig ...)
	NOT-FOR-US: HPE
CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has open UR ...)
	NOT-FOR-US: HPE
CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has local a ...)
	NOT-FOR-US: HPE
CVE-2018-7089
	RESERVED
CVE-2018-7088
	RESERVED
CVE-2018-7087
	RESERVED
CVE-2018-7086
	RESERVED
CVE-2018-7085
	RESERVED
CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...)
	NOT-FOR-US: Aruba
CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...)
	NOT-FOR-US: Aruba
CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
	NOT-FOR-US: Aruba
CVE-2018-7081 (A remote code execution vulnerability is present in network-listening  ...)
	NOT-FOR-US: Aruba
CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
	NOT-FOR-US: Aruba
CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ad ...)
	NOT-FOR-US: Aruba
CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-Out 4  ...)
	NOT-FOR-US: HPE
CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced Edition ...)
	NOT-FOR-US: HPE
CVE-2018-7076 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was identified in HP ...)
	NOT-FOR-US: HPE
CVE-2018-7074 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7073 (A local arbitrary file modification vulnerability was identified in HP ...)
	NOT-FOR-US: HPE
CVE-2018-7072 (A remote bypass of security restrictions vulnerability was identified  ...)
	NOT-FOR-US: HPE
CVE-2018-7071 (HPE has identified a remote access to sensitive information vulnerabil ...)
	NOT-FOR-US: HPE
CVE-2018-7070 (HPE has identified a remote disclosure of information vulnerability in ...)
	NOT-FOR-US: HPE
CVE-2018-7069 (HPE has identified a remote unauthenticated access to files vulnerabil ...)
	NOT-FOR-US: HPE
CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in HPE Ce ...)
	NOT-FOR-US: HPE
CVE-2018-7067 (A Remote Authentication bypass in Aruba ClearPass Policy Manager leads ...)
	NOT-FOR-US: Aruba
CVE-2018-7066 (An unauthenticated remote command execution exists in Aruba ClearPass  ...)
	NOT-FOR-US: Aruba
CVE-2018-7065 (An authenticated SQL injection vulnerability in Aruba ClearPass Policy ...)
	NOT-FOR-US: Aruba
CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present in an  ...)
	NOT-FOR-US: Aruba
CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...)
	NOT-FOR-US: Aruba
CVE-2018-7062
	RESERVED
CVE-2018-7061
	RESERVED
CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulne ...)
	NOT-FOR-US: Aruba ClearPass
CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that hel ...)
	NOT-FOR-US: Aruba ClearPass
CVE-2018-7058 (Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by  ...)
	NOT-FOR-US: Aruba ClearPass
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName  ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially  ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the u ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #890674)
	[jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
	[wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Some netsplit related changes as introduced in 1.0.0 were reverted:
	NOTE: https://github.com/irssi/irssi/commit/7605f67f95b6ee1ac26dd8fb7f3121f319497943
	NOTE: https://github.com/irssi/irssi/commit/fa8508404f4c4a02749cae5148662e2322c2abf0
	NOTE: https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
	NOTE: But the CVE is specifically for the use-after-free issue.
CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #890674)
	[jessie] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
	[wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1 DLA-1289-1}
	- irssi 1.0.7-1 (bug #890676)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1 DLA-1318-1}
	- irssi 1.0.7-1 (bug #890677)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1 DLA-1289-1}
	- irssi 1.0.7-1 (bug #890678)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703
CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) through 14.4 ...)
	{DLA-1695-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #881121)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53
CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There  ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7048 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There  ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7047 (An issue was discovered in the MBeans Server in Wowza Streaming Engine ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 thr ...)
	NOT-FOR-US: Kentico
CVE-2018-7045
	RESERVED
CVE-2018-7044
	RESERVED
CVE-2018-7043
	RESERVED
CVE-2018-7042
	RESERVED
CVE-2018-7041
	RESERVED
CVE-2018-7040
	RESERVED
CVE-2018-7039 (CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-7038
	RESERVED
CVE-2018-7037
	RESERVED
CVE-2018-7036
	RESERVED
CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 mi ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B0 ...)
	NOT-FOR-US: TRENDnet devices
CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL In ...)
	{DSA-4254-1 DLA-1437-1 DLA-1367-1}
	- slurm-llnl 17.11.5-1 (bug #893044)
	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4792 (not yet public)
	NOTE: https://github.com/SchedMD/slurm/commit/db468895240ad6817628d07054fe54e71273b2fe
	NOTE: https://github.com/SchedMD/slurm/commit/2f5e924bf6e018dbcef24bcda9683d6b3662f6d4
CVE-2018-7031
	REJECTED
CVE-2018-7030
	REJECTED
CVE-2018-7029
	REJECTED
CVE-2018-7028
	REJECTED
CVE-2018-7027
	REJECTED
CVE-2018-7026
	REJECTED
CVE-2018-7025
	REJECTED
CVE-2018-7024
	REJECTED
CVE-2018-7023
	REJECTED
CVE-2018-7022
	REJECTED
CVE-2018-7021
	REJECTED
CVE-2018-7020
	REJECTED
CVE-2018-7019
	REJECTED
CVE-2018-7018
	REJECTED
CVE-2018-7017
	REJECTED
CVE-2018-7016
	REJECTED
CVE-2018-7015
	REJECTED
CVE-2018-7014
	REJECTED
CVE-2018-7013
	REJECTED
CVE-2018-7012
	REJECTED
CVE-2018-7011
	REJECTED
CVE-2018-7010
	REJECTED
CVE-2018-7009
	REJECTED
CVE-2018-7008
	REJECTED
CVE-2018-7007
	REJECTED
CVE-2018-7006
	REJECTED
CVE-2018-7005
	REJECTED
CVE-2018-7004
	REJECTED
CVE-2018-7003
	REJECTED
CVE-2018-7002
	REJECTED
CVE-2018-7001
	REJECTED
CVE-2018-7000
	REJECTED
CVE-2018-6999
	REJECTED
CVE-2018-6998
	REJECTED
CVE-2018-6997
	REJECTED
CVE-2018-6996
	REJECTED
CVE-2018-6995
	REJECTED
CVE-2018-6994
	REJECTED
CVE-2018-6993
	REJECTED
CVE-2018-6992
	REJECTED
CVE-2018-6991
	REJECTED
CVE-2018-6990
	REJECTED
CVE-2018-6989
	REJECTED
CVE-2018-6988
	REJECTED
CVE-2018-6987
	REJECTED
CVE-2018-6986
	REJECTED
CVE-2018-6985
	REJECTED
CVE-2018-6984
	RESERVED
CVE-2018-6983 (VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fus ...)
	NOT-FOR-US: VMware
CVE-2018-6982 (VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 witho ...)
	NOT-FOR-US: VMware
	NOTE: https://seclists.org/bugtraq/2018/Nov/12
CVE-2018-6981 (VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 witho ...)
	NOT-FOR-US: VMware
	NOTE: https://seclists.org/bugtraq/2018/Nov/12
CVE-2018-6980 (VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2 ...)
	NOT-FOR-US: VMware
CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console (A/W Cons ...)
	NOT-FOR-US: VMware
CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.112 ...)
	NOT-FOR-US: VMware
CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (1 ...)
	NOT-FOR-US: VMware
CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data protec ...)
	NOT-FOR-US: VMware
CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data protection v ...)
	NOT-FOR-US: AirWatch Agent for iOS
CVE-2018-6974 (VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-20180 ...)
	NOT-FOR-US: VMware
CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3 ...)
	NOT-FOR-US: VMware
CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-20180 ...)
	NOT-FOR-US: VMware
CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local inform ...)
	NOT-FOR-US: VMware
CVE-2018-6970 (VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), ...)
	NOT-FOR-US: VMware
CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds  ...)
	NOT-FOR-US: VMware
CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent  ...)
	NOT-FOR-US: VMware AirWatch Agent
CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x befor ...)
	NOT-FOR-US: VMware
CVE-2018-6966 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x befor ...)
	NOT-FOR-US: VMware
CVE-2018-6965 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x befor ...)
	NOT-FOR-US: VMware
CVE-2018-6964 (VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains  ...)
	NOT-FOR-US: VMware
CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2 ...)
	NOT-FOR-US: VMware
CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnera ...)
	NOT-FOR-US: VMware
CVE-2018-6961 (VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a  ...)
	NOT-FOR-US: VMware NSX SD-WAN Edge by VeloCloud
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken authenticatio ...)
	NOT-FOR-US: VMware Horizon DaaS
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerabili ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerabili ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before  ...)
	NOT-FOR-US: VMware
CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sys ...)
	NOT-FOR-US: opentmpfiles
CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through a ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28
CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs that  ...)
	- myrepos 1.20180726 (bug #840014)
	[stretch] - myrepos <no-dsa> (Minor issue)
	[jessie] - myrepos <no-dsa> (Minor issue)
	- mr 1.16
	[wheezy] - mr <no-dsa> (Minor issue)
	NOTE: 1.16 was made a source-based transitional package to myrepos not containg
	NOTE: in particular webcheckout anymore.
	NOTE: http://source.myrepos.branchable.com/?p=source.git;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
CVE-2018-6956
	RESERVED
CVE-2018-6955
	RESERVED
CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks present in ...)
	- systemd 238-1 (low; bug #890779)
	[stretch] - systemd <ignored> (Minor issue, too intrusive to backport)
	[jessie] - systemd <postponed> (Minor issue, revisit if/when fixed upstream)
	[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
	NOTE: https://github.com/systemd/systemd/issues/7986
	NOTE: https://github.com/systemd/systemd/pull/8822
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/1
CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain  ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in GNU patc ...)
	- patch <unfixed> (unimportant)
	NOTE: https://savannah.gnu.org/bugs/index.php?53133
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
	NOTE: When fixing this issue make sure to not apply only the incomplete fix,
	NOTE: and opening CVE-2019-20633, cf. https://savannah.gnu.org/bugs/index.php?56683
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a segment ...)
	- patch <unfixed> (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
	NOTE: https://savannah.gnu.org/bugs/index.php?53132
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6950
	RESERVED
CVE-2018-6949
	RESERVED
CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a bu ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is part o ...)
	NOT-FOR-US: DokanFS
CVE-2018-6946
	RESERVED
CVE-2018-6945
	RESERVED
CVE-2018-6944 (core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 fo ...)
	NOT-FOR-US: UltimateMember plugin for WordPress
CVE-2018-6943 (core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 f ...)
	NOT-FOR-US: UltimateMember plugin for WordPress
CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer dere ...)
	- freetype 2.9.1-3 (bug #890450)
	[stretch] - freetype <not-affected> (Vulnerable code introduced later)
	[jessie] - freetype <not-affected> (Vulnerable code introduced later)
	[wheezy] - freetype <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
	NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
CVE-2018-6941 (A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 B ...)
	NOT-FOR-US: NAT32 devices
CVE-2018-6940 (A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Bu ...)
	NOT-FOR-US: NAT32 devices
CVE-2018-6939
	RESERVED
CVE-2018-6938
	RESERVED
CVE-2018-6937
	RESERVED
CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via t ...)
	NOT-FOR-US: D-Link
CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has X ...)
	NOT-FOR-US: PHP Scripts Mall Student Profile Management System Script
CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online Tutori ...)
	NOT-FOR-US: PHP Scripts Mall Online Tutoring Script
CVE-2018-6933
	RESERVED
CVE-2018-6932
	RESERVED
CVE-2018-6931
	RESERVED
CVE-2018-6930 (A stack-based buffer over-read in the ComputeResizeImage function in t ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/967
CVE-2018-6929
	RESERVED
CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a sea ...)
	NOT-FOR-US: PHP Scripts Mall News Website Script
CVE-2018-1000066
	REJECTED
CVE-2018-1000065
	REJECTED
CVE-2018-1000064
	REJECTED
CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an infinite loo ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937
	NOTE: https://github.com/qpdf/qpdf/issues/149
CVE-2017-18185 (An issue was discovered in QPDF before 7.0.0. There is a large heap-ba ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71
	NOTE: https://github.com/qpdf/qpdf/issues/150
CVE-2017-18184 (An issue was discovered in QPDF before 7.0.0. There is a stack-based o ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317
	NOTE: https://github.com/qpdf/qpdf/issues/147
CVE-2017-18183 (An issue was discovered in QPDF before 7.0.0. There is an infinite loo ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481
	NOTE: https://github.com/qpdf/qpdf/issues/143
CVE-2017-18182
	RESERVED
CVE-2017-18181
	RESERVED
CVE-2017-18180
	RESERVED
CVE-2016-10713 (An issue was discovered in GNU patch before 2.7.6. Out-of-bounds acces ...)
	- patch 2.7.6-1 (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866
	NOTE: Crash in CLI tool, no security impact
CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion causes ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e
	NOTE: https://github.com/qpdf/qpdf/issues/51
CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel befor ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server setti ...)
	NOT-FOR-US: MISP
CVE-2018-6925 (In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE- ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4 ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip f ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6922 (One of the data structures that holds TCP segments in all versions of  ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.kb.cert.org/vuls/id/962459
	NOTE: kfreebsd not covered by security support
CVE-2018-6921 (In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to in ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6920 (In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE( ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6918 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6917 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:04.vt.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/patches/SA-18:01/ipsec-10.patch
	NOTE: kfreebsd not covered by security support
CVE-2018-6915
	RESERVED
CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the tm ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
	NOTE: https://hackerone.com/reports/302298
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b (2.2.10)
CVE-2018-1000063
	REJECTED
CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authe ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18177 (Progress Sitefinity 9.1 has XSS via the Last name, First name, and Abo ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file upload, because JavaScript co ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management Template Co ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2018-6913 (Heap-based buffer overflow in the pack function in Perl before 5.26.2  ...)
	{DSA-4172-1 DLA-1345-1}
	- perl 5.26.1-6
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131844
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
	- ffmpeg 7:4.0.1-2 (low)
	[stretch] - ffmpeg <not-affected> (Code in 3.2 is different/not affected)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3 ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-6910 (DedeCMS 5.7 allows remote attackers to discover the full path via a di ...)
	NOT-FOR-US: DedeCMS
CVE-2018-6909 (A missing X-Frame-Options header in the Green Electronics RainMachine  ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6908 (An authentication bypass vulnerability exists in the Green Electronics ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6907 (A Cross Site Request Forgery (CSRF) vulnerability in the Green Electro ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6906 (A persistent Cross Site Scripting (XSS) vulnerability in the Green Ele ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBAL ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life>
CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name fie ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the cli ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name  ...)
	NOT-FOR-US: PHP Scripts Mall Image Sharing Script
CVE-2018-6901
	RESERVED
CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...)
	NOT-FOR-US: PHP Scripts Mall Website Broker Script
CVE-2018-6899
	RESERVED
CVE-2018-6898
	RESERVED
CVE-2018-6897
	RESERVED
CVE-2018-6896
	RESERVED
CVE-2018-6895
	RESERVED
CVE-2018-6894
	RESERVED
CVE-2018-6893 (controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection:  ...)
	NOT-FOR-US: FineCms
CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthenticated r ...)
	NOT-FOR-US: CloudMe
CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQue ...)
	NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the p ...)
	NOT-FOR-US: Wolf CMS
CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host head ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ( ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-6887
	RESERVED
CVE-2018-6886
	RESERVED
CVE-2018-6885 (An issue was discovered in MicroStrategy Web Services (the Microsoft O ...)
	NOT-FOR-US: MicroStrategy Web Services
CVE-2018-6884
	RESERVED
CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the adminis ...)
	- piwigo <removed>
CVE-2018-6882 (Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttac ...)
	NOT-FOR-US: Zimbra
CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
	NOT-FOR-US: WonderCMS
CVE-2018-1000061
	REJECTED
CVE-2018-1000060 (Sensu, Inc. Sensu Core version Before 1.2.0 &amp; before commit 46ff10 ...)
	- sensu <itp> (bug #838484)
CVE-2018-1000059 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnera ...)
	NOT-FOR-US: ValidFormBuilder
CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path via an ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to e ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6877
	RESERVED
CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used i ...)
	NOT-FOR-US: libfpx
CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows attackers  ...)
	NOT-FOR-US: KeepKey
CVE-2018-6874 (CSRF exists in the Auth0 authentication service through 14591 if the L ...)
	NOT-FOR-US: Auth0
CVE-2018-6873 (The Auth0 authentication service before 2017-10-15 allows privilege es ...)
	NOT-FOR-US: Auth0
CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor (B ...)
	- binutils 2.30-4
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers  ...)
	{DSA-4111-2 DSA-4111-1}
	- libreoffice 1:6.0.1-1
	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 v ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a c ...)
	{DLA-2258-1 DLA-1287-1}
	- zziplib 0.13.62-3.2 (bug #889089)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	NOTE: https://github.com/gdraheim/zziplib/issues/22
	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / Dea ...)
	NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script
CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Sc ...)
	NOT-FOR-US: PHP Scripts Mall Alibaba Clone Script
CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Exa ...)
	NOT-FOR-US: PHP Scripts Mall Learning and Examination Management System Script
CVE-2018-6865
	RESERVED
CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion R ...)
	NOT-FOR-US: PHP Scripts Mall Multi religion Responsive Matrimonial
CVE-2018-6863 (SQL Injection exists in PHP Scripts Mall Select Your College Script 2. ...)
	NOT-FOR-US: PHP Scripts Mall Select Your College Script
CVE-2018-6862 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Soft ...)
	NOT-FOR-US: PHP Scripts Mall Bitcoin MLM Software
CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Sc ...)
	NOT-FOR-US: PHP Scripts Mall Lawyer Search Script
CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts M ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management Scri ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone S ...)
	NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
CVE-2018-6857 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6856 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6855 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6854 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6853 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6852 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6851 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6850
	RESERVED
CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site ...)
	NOT-FOR-US: DuckDuckGo
CVE-2018-6848
	RESERVED
CVE-2018-6847
	RESERVED
CVE-2018-6846 (Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via  ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-6845 (PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Multi Language Olx Clone Script
CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit For ...)
	NOT-FOR-US: MyBB
CVE-2018-6843 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in th ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-6842 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a craf ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-6841
	RESERVED
CVE-2018-6840
	RESERVED
CVE-2018-6839
	RESERVED
CVE-2018-6838
	RESERVED
CVE-2018-6837
	RESERVED
CVE-2018-6836 (The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshar ...)
	- wireshark <not-affected> (Vulnerable code introduced in v2.5.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=52823805b29a44a83eacd0e5b415b11227ec313b
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef
CVE-2018-6835 (node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandl ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via wind ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-6833
	RESERVED
CVE-2018-6832 (Stack-based buffer overflow in the getSWFlag function in Foscam Camera ...)
	NOT-FOR-US: Foscam Cameras
CVE-2018-6831 (The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 wit ...)
	NOT-FOR-US: Foscam Cameras
CVE-2018-6830 (Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 ...)
	NOT-FOR-US: Foscam Cameras
CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...)
	- libgcrypt20 <unfixed> (unimportant)
	- libgcrypt11 <removed> (unimportant)
	- gnupg1 <unfixed> (unimportant)
	- gnupg <removed> (unimportant)
	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
	NOTE: GnuPG uses ElGamal in hybrid mode only.
	NOTE: This is not a vulnerability in libgcrypt, but in an application using
	NOTE: it in an insecure manner, see also
	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
CVE-2018-6828
	RESERVED
CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates fr ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Clearte ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH  ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6824 (Cozy version 2 has XSS allowing remote attackers to obtain administrat ...)
	NOT-FOR-US: Cozy
CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com ...)
	NOT-FOR-US: Mailbutler Shimo
CVE-2018-6822 (In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unpro ...)
	NOT-FOR-US: PureVPN
CVE-2018-6821
	REJECTED
CVE-2018-6820
	REJECTED
CVE-2018-6819
	REJECTED
CVE-2018-6818
	REJECTED
CVE-2018-6817
	REJECTED
CVE-2018-6816
	RESERVED
CVE-2018-6815
	RESERVED
CVE-2018-6814
	RESERVED
CVE-2018-6813
	RESERVED
CVE-2018-6812
	RESERVED
CVE-2018-6811 (Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScale ...)
	NOT-FOR-US: Citrix
CVE-2018-6810 (Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, a ...)
	NOT-FOR-US: Citrix
CVE-2018-6809 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5,  ...)
	NOT-FOR-US: Citrix
CVE-2018-6808 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5,  ...)
	NOT-FOR-US: Citrix
CVE-2018-6807
	RESERVED
CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: Marked 2
CVE-2018-6805
	RESERVED
CVE-2018-6804
	RESERVED
CVE-2018-6803
	RESERVED
CVE-2018-6802
	RESERVED
CVE-2018-6801
	RESERVED
CVE-2018-6800
	RESERVED
CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagi ...)
	{DSA-4321-1 DLA-1456-1 DLA-1282-1}
	- graphicsmagick 1.3.28-1
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87
CVE-2018-6798 (An issue was discovered in Perl 5.22 through 5.26. Matching a crafted  ...)
	- perl 5.26.1-6
	[stretch] - perl 5.24.1-3+deb9u3
	[jessie] - perl <not-affected> (Issue introduced later)
	[wheezy] - perl <not-affected> (Issue introduced later)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132063
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
CVE-2018-6797 (An issue was discovered in Perl 5.18 through 5.26. A crafted regular e ...)
	- perl 5.26.1-6
	[stretch] - perl 5.24.1-3+deb9u3
	[jessie] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
	[wheezy] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132227
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2
CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored X ...)
	NOT-FOR-US: PHP Scripts Mall Multilanguage Real Estate MLM Script
CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every pr ...)
	NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
CVE-2018-6794 (Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerabili ...)
	{DLA-1603-1}
	- suricata 1:4.0.4-1 (bug #889842)
	[stretch] - suricata <no-dsa> (Minor issue)
	[wheezy] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2427
	NOTE: https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1
CVE-2018-6793
	RESERVED
CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow  ...)
	NOT-FOR-US: Saifor CVMS HUB
CVE-2018-6791 (An issue was discovered in soliduiserver/deviceserviceaction.cpp in KD ...)
	{DSA-4116-1}
	- plasma-workspace 4:5.12.0-2
	- kde-runtime <not-affected> (Performs correct escaping)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=389815
	NOTE: https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57 (Plasma/5.12)
	NOTE: https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212 (Plasma/5.8)
CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. dataeng ...)
	- plasma-workspace 4:5.12.0-2
	[stretch] - plasma-workspace <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://phabricator.kde.org/D10188
	NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
	NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener i ...)
	{DSA-4110-1 DLA-1274-1}
	- exim4 4.90.1-1 (bug #890000)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/07/2
	NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2235
	NOTE: https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700
CVE-2018-6788 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6787 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6786 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6785 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6784 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6783 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6782 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6781 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6780 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6779 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6778 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6777 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6776 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6775 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6774 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6773 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6772 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6771 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6770 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6766 (Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could al ...)
	NOT-FOR-US: Swisscom TVMediaHelper
CVE-2018-6765 (Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that ...)
	NOT-FOR-US: Swisscom MySwisscomAssistant
CVE-2018-6763
	RESERVED
CVE-2018-6762
	RESERVED
CVE-2018-6761
	RESERVED
CVE-2018-6760
	RESERVED
CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig function o ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889276)
	[jessie] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
	NOTE: https://github.com/dbry/WavPack/issues/27
	NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on L ...)
	- libvirt 4.0.0-2 (bug #889839)
	[stretch] - libvirt 3.0.0-4+deb9u3
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later in 1.3.1)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later in 1.3.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1541444
	NOTE: introduced-by https://libvirt.org/git/?p=libvirt.git;a=commit;h=759b4d1b0fe5f4d84d98b99153dfa7ac289dd167
CVE-2018-6759 (The bfd_get_debug_link_info_1 function in opncls.c in the Binary File  ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22794
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=64e234d417d5685a4aec0edc618114d9991c031b
CVE-2018-6757 (Privilege Escalation vulnerability in Microsoft Windows client in McAf ...)
	NOT-FOR-US: McAfee True Key
CVE-2018-6756 (Authentication Abuse vulnerability in Microsoft Windows client in McAf ...)
	NOT-FOR-US: McAfee True Key
CVE-2018-6755 (Weak Directory Permission Vulnerability in Microsoft Windows client in ...)
	NOT-FOR-US: McAfee True Key
CVE-2018-6754
	RESERVED
CVE-2018-6753
	RESERVED
CVE-2018-6752
	RESERVED
CVE-2018-6751
	RESERVED
CVE-2018-6750
	RESERVED
CVE-2018-6749
	RESERVED
CVE-2018-6748
	RESERVED
CVE-2018-6747
	RESERVED
CVE-2018-6746
	RESERVED
CVE-2018-6745
	RESERVED
CVE-2018-6744
	RESERVED
CVE-2018-6743
	RESERVED
CVE-2018-6742
	RESERVED
CVE-2018-6741
	RESERVED
CVE-2018-6740
	RESERVED
CVE-2018-6739
	RESERVED
CVE-2018-6738
	RESERVED
CVE-2018-6737
	RESERVED
CVE-2018-6736
	RESERVED
CVE-2018-6735
	RESERVED
CVE-2018-6734
	RESERVED
CVE-2018-6733
	RESERVED
CVE-2018-6732
	RESERVED
CVE-2018-6731
	RESERVED
CVE-2018-6730
	RESERVED
CVE-2018-6729
	RESERVED
CVE-2018-6728
	RESERVED
CVE-2018-6727
	RESERVED
CVE-2018-6726
	RESERVED
CVE-2018-6725
	RESERVED
CVE-2018-6724
	RESERVED
CVE-2018-6723
	RESERVED
CVE-2018-6722
	RESERVED
CVE-2018-6721
	RESERVED
CVE-2018-6720
	RESERVED
CVE-2018-6719
	RESERVED
CVE-2018-6718
	RESERVED
CVE-2018-6717
	RESERVED
CVE-2018-6716
	RESERVED
CVE-2018-6715
	RESERVED
CVE-2018-6714
	RESERVED
CVE-2018-6713
	RESERVED
CVE-2018-6712
	RESERVED
CVE-2018-6711
	RESERVED
CVE-2018-6710
	RESERVED
CVE-2018-6709
	RESERVED
CVE-2018-6708
	RESERVED
CVE-2018-6707 (Denial of Service through Resource Depletion vulnerability in the agen ...)
	NOT-FOR-US: McAfee
CVE-2018-6706 (Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 ...)
	NOT-FOR-US: McAfee
CVE-2018-6705 (Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0. ...)
	NOT-FOR-US: McAfee
CVE-2018-6704 (Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0. ...)
	NOT-FOR-US: McAfee
CVE-2018-6703 (Use After Free in Remote logging (which is disabled by default) in McA ...)
	NOT-FOR-US: McAfee
CVE-2018-6702
	RESERVED
CVE-2018-6701
	RESERVED
CVE-2018-6700 (DLL Search Order Hijacking vulnerability in Microsoft Windows Client i ...)
	NOT-FOR-US: McAfee
CVE-2018-6699
	RESERVED
CVE-2018-6698
	RESERVED
CVE-2018-6697
	RESERVED
CVE-2018-6696
	RESERVED
CVE-2018-6695 (SSH host keys generation vulnerability in the server in McAfee Threat  ...)
	NOT-FOR-US: McAfee
CVE-2018-6694
	RESERVED
CVE-2018-6693 (An unprivileged user can delete arbitrary files on a Linux system runn ...)
	NOT-FOR-US: McAfee
CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin ...)
	NOT-FOR-US: Belkin Wemo Insight Smart Plug
CVE-2018-6691
	RESERVED
CVE-2018-6690 (Accessing, modifying, or executing executable files vulnerability in M ...)
	NOT-FOR-US: McAfee
CVE-2018-6689 (Authentication Bypass vulnerability in McAfee Data Loss Prevention End ...)
	NOT-FOR-US: McAfee
CVE-2018-6688
	RESERVED
CVE-2018-6687 (Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSu ...)
	NOT-FOR-US: McAfee
CVE-2018-6686 (Authentication Bypass vulnerability in TPM autoboot in McAfee Drive En ...)
	NOT-FOR-US: McAfee
CVE-2018-6685
	RESERVED
CVE-2018-6684
	RESERVED
CVE-2018-6683 (Exploiting Incorrectly Configured Access Control Security Levels vulne ...)
	NOT-FOR-US: McAfee
CVE-2018-6682 (Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earl ...)
	NOT-FOR-US: McAfee
CVE-2018-6681 (Abuse of Functionality vulnerability in the web interface in McAfee Ne ...)
	NOT-FOR-US: McAfee
CVE-2018-6680
	RESERVED
CVE-2018-6679
	RESERVED
CVE-2018-6678 (Configuration/Environment manipulation vulnerability in the administra ...)
	NOT-FOR-US: McAfee
CVE-2018-6677 (Directory Traversal vulnerability in the administrative user interface ...)
	NOT-FOR-US: McAfee
CVE-2018-6676
	RESERVED
CVE-2018-6675
	RESERVED
CVE-2018-6674 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
	NOT-FOR-US: McAfee
CVE-2018-6673
	RESERVED
CVE-2018-6672 (Information disclosure vulnerability in McAfee ePolicy Orchestrator (e ...)
	NOT-FOR-US: McAfee
CVE-2018-6671 (Application Protection Bypass vulnerability in McAfee ePolicy Orchestr ...)
	NOT-FOR-US: McAfee
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in McAfee Co ...)
	NOT-FOR-US: McAfee
CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control / Chang ...)
	NOT-FOR-US: McAfee
CVE-2018-6668 (A whitelist bypass vulnerability in McAfee Application Control / Chang ...)
	NOT-FOR-US: McAfee
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user interfa ...)
	NOT-FOR-US: McAfee
CVE-2018-6666
	RESERVED
CVE-2018-6665
	RESERVED
CVE-2018-6664 (Application Protections Bypass vulnerability in Microsoft Windows in M ...)
	NOT-FOR-US: McAfee
CVE-2018-6663
	RESERVED
CVE-2018-6662 (Privilege Escalation vulnerability in McAfee Management of Native Encr ...)
	NOT-FOR-US: McAfee
CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee T ...)
	NOT-FOR-US: McAfee
CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
	NOT-FOR-US: McAfee
CVE-2018-6659 (Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchest ...)
	NOT-FOR-US: McAfee
CVE-2018-6658
	RESERVED
CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through  ...)
	{DLA-1275-1}
	- uwsgi 2.0.15-10.2 (bug #889753)
	[stretch] - uwsgi 2.0.14+20161117-3+deb9u1
	[jessie] - uwsgi 2.0.7-1+deb8u2
	NOTE: http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
	NOTE: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
CVE-2018-6657
	RESERVED
CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbi ...)
	NOT-FOR-US: PHP Scripts Mall Doctor Search Script
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote att ...)
	NOT-FOR-US: Grammarly extension for Chrome
CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in  ...)
	NOT-FOR-US: comforte SWAP
CVE-2018-6652
	RESERVED
CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...)
	NOT-FOR-US: uncurl
CVE-2018-6650
	RESERVED
CVE-2018-6649
	RESERVED
CVE-2018-6648
	RESERVED
CVE-2018-6647
	RESERVED
CVE-2018-6646
	RESERVED
CVE-2018-6645
	RESERVED
CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...)
	- sblim-sfcb <itp> (bug #754493)
CVE-2018-6643 (Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/ ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2018-6642
	RESERVED
CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in Desi ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6640 (A Heap Overflow (Remote Code Execution) issue was discovered in Design ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6639 (An out-of-bounds write (Remote Code Execution) issue was discovered in ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6638 (A stack-based buffer overflow (Remote Code Execution) issue was discov ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6637
	RESERVED
CVE-2018-6636
	RESERVED
CVE-2018-6635 (System Manager in Avaya Aura before 7.1.2 does not properly use SSL in ...)
	NOT-FOR-US: System Manager in Avaya Aura
CVE-2018-6634 (A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 ...)
	NOT-FOR-US: Parsec
CVE-2018-6633 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6632 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6631 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6630 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6629 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6628 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6627 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS ...)
	NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6626 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS ...)
	NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass auth ...)
	NOT-FOR-US: OMRON NS devices
CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could m ...)
	NOT-FOR-US: Hola
CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbi ...)
	NOT-FOR-US: jenkins-plugin-workflow-support
CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...)
	NOT-FOR-US: jenkins-plugin-credentials-binding
CVE-2018-1000056 (Jenkins JUnit Plugin 1.23 and earlier processes XML external entities  ...)
	NOT-FOR-US: jenkins-plugin-junit
CVE-2018-1000055 (Jenkins Android Lint Plugin 2.5 and earlier processes XML external ent ...)
	NOT-FOR-US: Jenkins Android Lint Plugin
CVE-2018-1000054 (Jenkins CCM Plugin 3.1 and earlier processes XML external entities in  ...)
	NOT-FOR-US: Jenkins CCM Plugin
CVE-2018-1000053 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request For ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000052 (fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890a ...)
	- fmtlib 5.2.1+ds-1 (unimportant; bug #890033)
	NOTE: https://github.com/fmtlib/fmt/issues/642
	NOTE: https://github.com/fmtlib/fmt/commit/8cf30aa2be256eba07bb1cefb998c52326e846e7
	NOTE: This looks bogus, how would that come from untrusted input
CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability i ...)
	{DSA-4152-1}
	- mupdf 1.12.0+ds1-1 (bug #891245)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present, introduced in version 1.3)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698825
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698873
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Ove ...)
	- libstb <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2018-1000049 (Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote ...)
	NOT-FOR-US: nanopool Claymore Dual Miner
CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerabilit ...)
	NOT-FOR-US: NASA RtRetrievalFramework
CVE-2018-1000047 (NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak li ...)
	NOT-FOR-US: NASA Kodiak
CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in R ...)
	NOT-FOR-US: NASA Pyblock
CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA S ...)
	NOT-FOR-US: NASA Singledop
CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000041 (GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd52 ...)
	{DLA-1278-1}
	- librsvg <not-affected> (Specific to Windows)
	NOTE: Merge of changes: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
	NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in driver ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: double-free introduced and fixed in the 4.11 release cycle
CVE-2017-18173 (In case of using an invalid android verified boot signature with very  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18172 (In a device, with screen size 1440x2560, the check of contiguous buffe ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18171 (Improper input validation for GATT data packet received in Bluetooth C ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18170 (Improper input validation in Bluetooth Controller function can lead to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing cache mai ...)
	- linux <not-affected> (Android-specific)
CVE-2017-18168
	RESERVED
CVE-2017-18167
	RESERVED
CVE-2017-18166
	RESERVED
CVE-2017-18165
	RESERVED
CVE-2017-18164
	RESERVED
CVE-2017-18163
	RESERVED
CVE-2017-18162
	RESERVED
CVE-2017-18161
	RESERVED
CVE-2017-18160 (AGPS session failure in GNSS module due to cyphersuites are hardcoded  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18157 (A Use After Free Condition can occur in Thermal Engine in Snapdragon A ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18156 (While processing camera buffers in camera driver, a use after free con ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon Automobile and S ...)
	NOT-FOR-US: Snapdragon
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in MediaServer i ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-18153
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18152
	RESERVED
CVE-2017-18151
	RESERVED
CVE-2017-18150
	RESERVED
CVE-2017-18149
	RESERVED
CVE-2017-18148
	RESERVED
CVE-2017-18147 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18146 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18145 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18144 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18143 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18142 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18141 (When a 3rd party TEE has been loaded it is possible for the non-secure ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18140 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18139 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18138 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18137 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18136 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18135 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18134 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18133 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18131 (In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18129 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18128 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18127 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18126 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18125 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18124 (During secure boot, addition is performed on uint8 ptrs which led to o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-6622 (An issue was discovered that affects all producers of BIOS firmware wh ...)
	NOT-FOR-US: Generic TPM issue
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:3.4.2-1 (low)
	- libav <removed>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
	NOTE: Fixed in 3.2.11
CVE-2018-6620
	REJECTED
CVE-2018-6619 (Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attac ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6618 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtai ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_c ...)
	{DSA-4405-1 DLA-1614-1}
	- openjpeg2 2.3.0-2 (bug #889683)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1059
	NOTE: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
CVE-2018-6615
	RESERVED
CVE-2018-6614
	RESERVED
CVE-2018-6613
	RESERVED
CVE-2018-6612 (An integer underflow bug in the process_EXIF function of the exif.c fi ...)
	- jhead 1:3.00-6 (unimportant; bug #889272)
	NOTE: https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6611 (soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt be ...)
	- libopenmpt 0.3.6-1 (bug #889545)
	[stretch] - libopenmpt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/OpenMPT/openmpt/commit/61fc6d3030a4d4283105cb5fb46b27b42fa5575e
CVE-2018-6610 (Information Leakage exists in the jLike 1.0 component for Joomla! via  ...)
	NOT-FOR-US: jLike component for Joomla!
CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via  ...)
	NOT-FOR-US: JSP Tickets component for Joomla!
CVE-2018-6608 (In the WebRTC component in Opera 51.0.2830.55, after visiting a web si ...)
	NOT-FOR-US: WebRTC component in Opera
CVE-2018-6607
	RESERVED
CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
	NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla!  ...)
	NOT-FOR-US: Zh BaiduMap component for Joomla!
CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! ...)
	NOT-FOR-US: Zh YandexMap component for Joomla!
CVE-2018-6603 (Promise Technology WebPam Pro-E devices allow remote attackers to cond ...)
	NOT-FOR-US: Promise Technology WebPam Pro-E devices
CVE-2018-6602
	RESERVED
CVE-2018-6601
	RESERVED
CVE-2018-6600
	RESERVED
CVE-2018-6599 (An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G4 ...)
	NOT-FOR-US: Orbic
CVE-2018-6598 (An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G4 ...)
	NOT-FOR-US: Orbic
CVE-2018-6597 (The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US ...)
	NOT-FOR-US: Alcatel A30 device
CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone ...)
	{DSA-4107-1}
	- django-anymail 1.3-1 (bug #889450)
	NOTE: https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5 (v1.3)
	NOTE: https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b (v1.2.x-branch)
CVE-2018-6595
	RESERVED
CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates we ...)
	- pycryptodome 3.4.11-1 (bug #889998)
	- python-crypto 2.6.1-9 (bug #889999)
	[stretch] - python-crypto <no-dsa> (Minor issue)
	[jessie] - python-crypto <no-dsa> (Minor issue)
	[wheezy] - python-crypto <no-dsa> (Minor issue)
	NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
	NOTE: The issue is found as well in pycryptodome (fork from python-crypto)
	NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
	NOTE: PyCrytpodome: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8 (3.4.10)
	NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
	NOTE: Upstream feels that this is not a vulnerability in pycryptodome/python-crypto,
	NOTE: but in an application using it in an insecure manner.
CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
	NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local user ...)
	NOT-FOR-US: Unisys Stealth Windows endpoints
CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtai ...)
	NOT-FOR-US: Converse.js
CVE-2018-6590 (CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an un ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6589 (CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10 ...)
	NOT-FOR-US: CA Spectrum
CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflecte ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflecte ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored c ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs  ...)
	{DSA-4334-1}
	- mupdf 1.13.0+ds1-1
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5596
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5600
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607
CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the  ...)
	- mupdf 1.13.0+ds1-1
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_l ...)
	- mupdf 1.13.0+ds1-1
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF  ...)
	{DSA-4334-1}
	- mupdf 1.13.0+ds1-1
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...)
	- mupdf 1.14.0+ds1-1 (unimportant; bug #900129)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2
	NOTE: negligible security impact, memory leak in CLI tool
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6. ...)
	{DLA-2082-1}
	- unzip 6.0-22 (bug #889838)
	[stretch] - unzip 6.0-21+deb9u1
	[wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
	NOTE: Patch used in openSUSE:Factory/unzip: https://bugzilla.suse.com/attachment.cgi?id=759406
CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that al ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000033 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that al ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000032 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22  ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000031 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22  ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19 ...)
	{DLA-1413-1 DLA-1269-1}
	- dokuwiki 0.0.20160626.a-2.1 (bug #889281)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2029
	NOTE: https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86
CVE-2018-6585 (SQL Injection exists in the JTicketing 2.0.16 component for Joomla! vi ...)
	NOT-FOR-US: JTicketing component for Joomla!
CVE-2018-6584 (SQL Injection exists in the DT Register 3.2.7 component for Joomla! vi ...)
	NOT-FOR-US: DT Register component for Joomla!
CVE-2018-6583 (SQL Injection exists in the Timetable Responsive Schedule 1.5 componen ...)
	NOT-FOR-US: Timetable Responsive Schedule component for Joomla!
CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! ...)
	NOT-FOR-US: Zh GoogleMap component for Joomla!
CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via  ...)
	NOT-FOR-US: JMS Music component for Joomla!
CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component  ...)
	NOT-FOR-US: Jimtawl component for Joomla!
CVE-2018-6579 (SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for  ...)
	NOT-FOR-US: JEXTN Reverse Auction component for Joomla!
CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! ...)
	NOT-FOR-US: JE PayperVideo component for Joomla!
CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component for Jooml ...)
	NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id paramet ...)
	NOT-FOR-US: Event Manager
CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for Jooml ...)
	NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases befor ...)
	{DSA-4380-1}
	- golang-1.10 1.10~rc2-1
	- golang-1.9 1.9.4-1
	- golang-1.8 <removed>
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	[wheezy] - golang <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/23672
	NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
	NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
CVE-2018-6573
	RESERVED
CVE-2018-6572
	RESERVED
CVE-2018-6571
	RESERVED
CVE-2018-6570
	RESERVED
CVE-2018-6569 (West Wind Web Server 6.x does not require authentication for /ADMIN.AS ...)
	NOT-FOR-US: West Wind Web Server
CVE-2018-6568
	RESERVED
CVE-2018-6567
	RESERVED
CVE-2018-6566
	RESERVED
CVE-2018-6565
	RESERVED
CVE-2018-6564
	RESERVED
CVE-2018-6563 (Multiple cross-site request forgery (CSRF) vulnerabilities in totemoma ...)
	NOT-FOR-US: totemomail Encryption Gateway
CVE-2018-6562 (totemomail Encryption Gateway before 6.0_b567 allows remote attackers  ...)
	NOT-FOR-US: totemomail Encryption Gateway
CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute  ...)
	- dojo 1.13.0+dfsg1-1 (bug #898944)
	[jessie] - dojo <ignored> (Minor issue)
	[wheezy] - dojo <no-dsa> (Minor issue)
	NOTE: https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
CVE-2018-6560 (In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0 ...)
	- flatpak 0.10.3-1 (bug #888842)
	[stretch] - flatpak 0.8.9-0+deb9u1
	NOTE: https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
CVE-2018-6559 (The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows ...)
	- linux <not-affected> (Ubuntu-specific issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793458
CVE-2018-6558 (The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore ...)
	- fscrypt 0.2.4-1 (bug #907074)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1787548
	NOTE: https://github.com/google/fscrypt/issues/77
	NOTE: https://github.com/google/fscrypt/pull/103
CVE-2018-6557 (The MOTD update script in the base-files package in Ubuntu 18.04 LTS b ...)
	- base-files <not-affected> (Ubuntu specific motd update code; vulnerable code not present)
CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will uncondition ...)
	- lxc 1:2.0.9-6.1 (bug #905586)
	[stretch] - lxc <not-affected> (Vulnerable code introduced later)
	[jessie] - lxc <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
	NOTE: Prerequisite: https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c
	NOTE: Fixed by: https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d
CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in driver ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and later  ...)
	{DSA-4308-1 DLA-1715-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due t ...)
	{DSA-4243-1 DLA-1426-1}
	- cups 2.2.8-5 (bug #903605)
CVE-2018-6552 (Apport does not properly handle crashes originating from a PID namespa ...)
	NOT-FOR-US: Apport
CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), f ...)
	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
	- glibc 2.27-1
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <not-affected> (Issue introduced in 2.24, 2.26 only for i386)
	- eglibc <not-affected> (Issue introduced in 2.24 for powerpc, 2.26 only for i386)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774
	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in plugins/box ...)
	NOT-FOR-US: Monstra CMS
CVE-2017-18122 (A signature-validation bypass issue was discovered in SimpleSAMLphp th ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.0-1 (bug #889286)
	NOTE: https://simplesamlphp.org/security/201710-01
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca (v1.14.17)
CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.0-1 (bug #889286)
	NOTE: https://simplesamlphp.org/security/201709-01
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8 (v1.14.16)
CVE-2018-6549
	RESERVED
CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-02. I ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: Chromium is built with support for VP9 disabled in Debian
	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
CVE-2018-6547 (plays_service.exe in the plays.tv service before 1.27.7.0, as distribu ...)
	NOT-FOR-US: plays_service.exe in the plays.tv service
CVE-2018-6546 (plays_service.exe in the plays.tv service before 1.27.7.0, as distribu ...)
	NOT-FOR-US: plays_service.exe in the plays.tv service
CVE-2018-6545 (Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (X ...)
	NOT-FOR-US: Ipswitch MoveIt
CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could refer ...)
	{DSA-4152-1}
	- mupdf 1.12.0+ds1-1 (bug #891245)
	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
	NOTE: above patch is not needed in Jessie, as there is no fz_try() used in this version
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698830
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698965
	NOTE: https://lists.debian.org/debian-lts/2018/03/msg00043.html
CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function load ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22769
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0
CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trail ...)
	- zziplib <unfixed> (unimportant)
	NOTE: https://github.com/gdraheim/zziplib/issues/17
	NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e (v0.13.68)
	NOTE: Negligible impact and unzzipcat utility not installed into binary packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #889089)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/16
	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #923659)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/15
	NOTE: https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07 (v0.13.68)
CVE-2018-6539
	RESERVED
CVE-2018-6538
	REJECTED
CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of Flexense Sy ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon create ...)
	- icinga2 2.8.4-1
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/5991
CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of a con ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/4920
	NOTE: https://github.com/Icinga/icinga2/pull/5715
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6534 (An issue was discovered in Icinga 2.x through 2.8.1. By sending specia ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/6104
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing the in ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/5850
	NOTE: CVE is related to CVE-2017-16933 but for "the issue in using
	NOTE: init.conf to support run-time reconfiguration of an account is
	NOTE: design flaw". CVE-2018-6533 larger issue than CVE-2017-16933.
CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending specia ...)
	- icinga2 2.8.4-1 (low)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/6103
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6531
	RESERVED
CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin ...)
	NOT-FOR-US: D-Link
CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR- ...)
	NOT-FOR-US: D-Link
CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR ...)
	NOT-FOR-US: D-Link
CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Lin ...)
	NOT-FOR-US: D-Link
CVE-2018-6526 (view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://mantisbt.org/bugs/view.php?id=23921
CVE-2018-6525 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) all ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6524 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) all ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6523 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) all ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6522 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) a ...)
	NOT-FOR-US: nProtect AVS
CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsicle 1. ...)
	- gifsicle 1.91-1 (unimportant; bug #878739; bug #881120)
	NOTE: https://github.com/kohler/gifsicle/issues/117
	NOTE: https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL  ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.2-1
	NOTE: https://simplesamlphp.org/security/201801-03
CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open  ...)
	- simplesamlphp 1.15.2-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 1.12)
	NOTE: https://simplesamlphp.org/security/201801-02
CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1. ...)
	{DSA-4127-1}
	- simplesamlphp 1.15.2-1
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
	NOTE: minor issue
	NOTE: https://simplesamlphp.org/security/201801-01
	NOTE: The issue lies in the simplesamlphp/saml2 part, which is
	NOTE: updated in 1.15.2 to the respective fixed version.
	NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admi ...)
	NOT-FOR-US: Composr CMS
CVE-2018-6517 (Prior to version 0.3.0, chloride's use of net-ssh resulted in host fin ...)
	NOT-FOR-US: chloride
CVE-2018-6516 (On Windows only, with a specifically crafted configuration file an att ...)
	- puppet <not-affected> (Specific issue Windows only)
CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3. ...)
	- puppet <not-affected> (Specific issue Windows only)
	NOTE: https://puppet.com/security/cve/CVE-2018-6515
CVE-2018-6514 (In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5 ...)
	- facter <not-affected> (Specific to Facter on Windows)
	NOTE: https://puppet.com/security/cve/CVE-2018-6514
CVE-2018-6513 (Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017. ...)
	- puppet <not-affected> (Windows-specific)
	NOTE: https://puppet.com/security/cve/CVE-2018-6513
CVE-2018-6512 (The previous version of Puppet Enterprise 2018.1 is vulnerable to unsa ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
	NOTE: https://puppet.com/security/cve/CVE-2018-6512
CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise Console of P ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise Console of P ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6509
	RESERVED
CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remot ...)
	- puppet-module-puppetlabs-apt <unfixed> (unimportant)
	- puppet-module-puppetlabs-apache <unfixed> (unimportant)
	- puppet-module-puppetlabs-mysql <unfixed> (unimportant)
	NOTE: https://puppet.com/security/cve/CVE-2018-6508
	NOTE: Issue in various puppet modules: facter_task, puppet_conf, apt, apache and mysql modules
	NOTE: https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
	NOTE: https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
	NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
	NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c
	NOTE: This is only exploitable with Puppet Tasks, which aren't packaged/available in Debian
CVE-2018-6507
	RESERVED
CVE-2018-6506 (Cross-Site Scripting (XSS) exists in the Add Forum feature in the Admi ...)
	NOT-FOR-US: miniBB
CVE-2018-6505 (A potential Unauthenticated File Download vulnerability has been ident ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6504 (A potential Cross-Site Request Forgery (CSRF) vulnerability has been i ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6503 (A potential Access Control vulnerability has been identified in ArcSig ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6502 (A potential Reflected Cross-Site Scripting (XSS) Security vulnerabilit ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6501 (Potential security vulnerability of Insufficient Access Controls has b ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6500 (A potential Directory Traversal Security vulnerability has been identi ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6499 (Remote Code Execution in the following products Hybrid Cloud Managemen ...)
	NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6498 (Remote Code Execution in the following products Hybrid Cloud Managemen ...)
	NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
	NOT-FOR-US: UCMDB Server
CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
	NOT-FOR-US: UCMBD Browser
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.2 ...)
	NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
	NOT-FOR-US: HP
CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version 20 ...)
	NOT-FOR-US: HP
CVE-2018-6492 (Persistent Cross-Site Scripting, and non-persistent HTML Injection in  ...)
	NOT-FOR-US: HP
CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus Universal C ...)
	NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations Orchestratio ...)
	NOT-FOR-US: Micro Focus Operations Orchestration Software
CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project and Por ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB,  ...)
	NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB Foundat ...)
	NOT-FOR-US: Micro Focus Universal CMDB Foundation Software
CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit W ...)
	NOT-FOR-US: Micro Focus Fortify Audit Workbench
CVE-2017-18119
	RESERVED
CVE-2017-18118
	RESERVED
CVE-2017-18117
	RESERVED
CVE-2017-18116
	RESERVED
CVE-2017-18115
	RESERVED
CVE-2017-18114
	RESERVED
CVE-2017-18113
	RESERVED
CVE-2017-18112
	RESERVED
CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10,  ...)
	NOT-FOR-US: Atlassian Application Links
CVE-2017-18110 (The administration backup restore resource in Atlassian Crowd before v ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2017-18109 (The login resource of CrowdId in Atlassian Crowd before version 3.0.2  ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2017-18108 (The administration SMTP configuration resource in Atlassian Crowd befo ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2017-18107 (Various resources in the Crowd Demo application of Atlassian Crowd bef ...)
	NOT-FOR-US: Atlassian
CVE-2017-18106 (The identifier_hash for a session token in Atlassian Crowd before vers ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2017-18105 (The console login resource in Atlassian Crowd before version 3.0.2 and ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2017-18104 (The Webhooks component of Atlassian Jira before version 7.6.7 and from ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-18103 (The atlassian-http library, as used in various Atlassian products, bef ...)
	NOT-FOR-US: Atlassian
CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 8.0.0 bef ...)
	NOT-FOR-US: wiki markup component of atlassian-renderer
CVE-2017-18101 (Various administrative external system import resources in Atlassian J ...)
	NOT-FOR-US: Atlassian
CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 7.8.1 allo ...)
	NOT-FOR-US: Atlassian
CVE-2017-18099
	RESERVED
CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before version 7.6.1  ...)
	NOT-FOR-US: Atlassian
CVE-2017-18097 (The Trello board importer resource in Atlassian Jira before version 7. ...)
	NOT-FOR-US: Atlassian
CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links before v ...)
	NOT-FOR-US: Atlassian Application Links
CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version 4 ...)
	NOT-FOR-US: Atlassian Crucible
CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18092 (The print snippet resource in Atlassian Crucible before version 4.4.3  ...)
	NOT-FOR-US: Atlassian Crucible
CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and Crucible befo ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 (the fixed ...)
	NOT-FOR-US: Atlassian Fisheye
CVE-2017-18089 (The view review history resource in Atlassian Crucible before version  ...)
	NOT-FOR-US: Atlassian Crucible
CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server before  ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server from versio ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2017-18086 (Various resources in Atlassian Confluence Server before version 6.4.2  ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence Server befor ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18084 (The usermacros resource in Atlassian Confluence Server before version  ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18083 (The editinword resource in Atlassian Confluence Server before version  ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18082 (The plan configure branches resource in Atlassian Bamboo before versio ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18081 (The signupUser resource in Atlassian Bamboo before version 6.3.1 allow ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before version  ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in mem ...)
	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
	- glibc 2.27-1 (bug #878159)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #889089)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/14
	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6483
	RESERVED
CVE-2018-6482
	RESERVED
CVE-2018-6481 (A buffer overflow vulnerability in the control protocol of Disk Savvy  ...)
	NOT-FOR-US: Disk Savvy Enterprise
CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a memo ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An unauthenticat ...)
	NOT-FOR-US: Netwave IP Camera devices
CVE-2018-6478
	RESERVED
CVE-2018-6477
	RESERVED
CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driv ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe  ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directo ...)
	NOT-FOR-US: Nibbleblog on macOS
CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the fli ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the fli ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the fli ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the bo ...)
	NOT-FOR-US: PropertyHive plugin for WordPress
CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a T ...)
	NOT-FOR-US: Simditor
CVE-2018-6463
	RESERVED
CVE-2018-6462 (Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandl ...)
	NOT-FOR-US: Tracker PDF-XChange Viewer and Viewer AX SDK
CVE-2018-6461 (March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R ...)
	NOT-FOR-US: March Hare
CVE-2018-6460 (Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and ...)
	NOT-FOR-US: Hotspot Shield
CVE-2018-6459 (The rsa_pss_params_parse function in libstrongswan/credentials/keys/si ...)
	- strongswan 5.6.2-1
	[stretch] - strongswan <not-affected> (Vulnerable code introduced later)
	[jessie] - strongswan <not-affected> (Vulnerable code introduced later)
	[wheezy] - strongswan <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
CVE-2018-6458 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers t ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6457
	RESERVED
CVE-2018-6456
	RESERVED
CVE-2018-6455
	RESERVED
CVE-2018-6454
	RESERVED
CVE-2018-6453
	RESERVED
CVE-2018-6452
	RESERVED
CVE-2018-6451
	RESERVED
CVE-2018-6450
	RESERVED
CVE-2018-6449
	RESERVED
CVE-2018-6448
	RESERVED
CVE-2018-6447
	RESERVED
CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...)
	TODO: check
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...)
	NOT-FOR-US: Brocade
CVE-2018-6444 (A Vulnerability in Brocade Network Advisor versions before 14.1.0 coul ...)
	NOT-FOR-US: Brocade
CVE-2018-6443 (A vulnerability in Brocade Network Advisor Versions before 14.3.1 coul ...)
	NOT-FOR-US: Brocade
CVE-2018-6442 (A vulnerability in the Brocade Webtools firmware update section of Bro ...)
	NOT-FOR-US: Brocade
CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade Fabric OS ve ...)
	NOT-FOR-US: Brocade
CVE-2018-6440 (A vulnerability in the proxy service of Brocade Fabric OS versions bef ...)
	NOT-FOR-US: Brocade
CVE-2018-6439 (A Vulnerability in the configdownload command of Brocade Fabric OS com ...)
	NOT-FOR-US: Brocade
CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS comman ...)
	NOT-FOR-US: Brocade
CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS command line  ...)
	NOT-FOR-US: Brocade
CVE-2018-6436 (A Vulnerability in the firmwaredownload command of Brocade Fabric OS c ...)
	NOT-FOR-US: Brocade
CVE-2018-6435 (A Vulnerability in the secryptocfg command of Brocade Fabric OS comman ...)
	NOT-FOR-US: Brocade
CVE-2018-6434 (A vulnerability in the web management interface of Brocade Fabric OS v ...)
	NOT-FOR-US: Brocade
CVE-2018-6433 (A vulnerability in the secryptocfg export command of Brocade Fabric OS ...)
	NOT-FOR-US: Brocade
CVE-2018-6432
	RESERVED
CVE-2018-6431
	RESERVED
CVE-2018-6430
	RESERVED
CVE-2018-6429
	RESERVED
CVE-2018-6428
	RESERVED
CVE-2018-6427
	RESERVED
CVE-2018-6426
	RESERVED
CVE-2018-6425
	RESERVED
CVE-2018-6424
	RESERVED
CVE-2018-6423
	RESERVED
CVE-2018-6422
	RESERVED
CVE-2018-6421
	RESERVED
CVE-2018-6420
	RESERVED
CVE-2018-6419
	RESERVED
CVE-2018-6418
	RESERVED
CVE-2018-6417
	RESERVED
CVE-2018-6416
	RESERVED
CVE-2018-6415
	RESERVED
CVE-2018-6414 (A buffer overflow vulnerability in the web server of some Hikvision IP ...)
	NOT-FOR-US: Hikvision IP Cameras
CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4. ...)
	NOT-FOR-US: Hikvision Camera DS-2CD9111-S
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...)
	{DLA-1423-1}
	- linux 4.16.5-1 (unimportant)
	[stretch] - linux 4.9.107-1
	[jessie] - linux 3.16.57-1
	[wheezy] - linux 3.2.102-1
	NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
	NOTE: The issue only affects SPARC systems.
CVE-2018-6411 (An issue was discovered in Appnitro MachForm before 4.2.3. When the fo ...)
	NOT-FOR-US: Appnitro MachForm
CVE-2018-6410 (An issue was discovered in Appnitro MachForm before 4.2.3. There is a  ...)
	NOT-FOR-US: Appnitro MachForm
CVE-2018-6409 (An issue was discovered in Appnitro MachForm before 4.2.3. The module  ...)
	NOT-FOR-US: Appnitro MachForm
CVE-2018-6408 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devi ...)
	NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devi ...)
	NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libw ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: Chromium is built with support for VP9 disabled in Debian
	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0 ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/964
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
CVE-2018-6404
	RESERVED
CVE-2018-6403
	RESERVED
CVE-2018-6402 (Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and c ...)
	NOT-FOR-US: Ecobee Ecobee4 4.2.0.171 devices
CVE-2018-6401 (Meross MSS110 devices before 1.1.24 contain a TELNET listener providin ...)
	NOT-FOR-US: Meross
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privil ...)
	NOT-FOR-US: Kingsoft WPS Office Free
CVE-2018-6399
	RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for Joom ...)
	NOT-FOR-US: CP Event Calendar component for Joomla!
CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...)
	NOT-FOR-US: Picture Calendar  component for Joomla!
CVE-2018-6396 (SQL Injection exists in the Google Map Landkarten through 4.2.3 compon ...)
	NOT-FOR-US: Google Map Landkarten component for Joomla!
CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla ...)
	NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! via th ...)
	NOT-FOR-US: InviteX component for Joomla!
CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-17 ...)
	NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg thro ...)
	{DSA-4249-1 DLA-1740-1}
	- ffmpeg 7:3.4.2-1
	- libav <removed>
	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
	NOTE: Needs as well: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
	NOTE: fixing a (functional) regression introduced by the original fix.
	NOTE: Fixed in 3.2.11, the commit in the 3.2 branch (c4ba170cad2ccdd896ea6fd3a890980008606541)
	NOTE: has the regression fix squashed in
	NOTE: The vulnerable function is filter_frame in libav.
CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on  ...)
	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.710 ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause a deni ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
	NOTE: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
	NOTE: https://wpvulndb.com/vulnerabilities/9021
	NOTE: disputed by upstream as best fixed at the server level
	NOTE: patch in progress in https://core.trac.wordpress.org/ticket/43308
	NOTE: Architectual limitation, marginal impact
CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote au ...)
	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcode ...)
	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6386
	RESERVED
CVE-2018-6385
	RESERVED
CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before 0.4.1. ...)
	NOT-FOR-US: NSClient++
CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden types" list tha ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injec ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
	NOTE: https://mantisbt.org/bugs/view.php?id=23908
CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #889096)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/12
	NOTE: https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598 (v0.13.68)
CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads  ...)
	NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ( ...)
	NOT-FOR-US: Joomla!
CVE-2018-6378 (In Joomla! Core before 3.8.8, inadequate filtering of file and folder  ...)
	NOT-FOR-US: Joomla!
CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields lead ...)
	NOT-FOR-US: Joomla!
CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a S ...)
	NOT-FOR-US: Joomla!
CVE-2018-1000030 (Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Hea ...)
	- python3.7 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.6 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.5 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.4 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.2 <not-affected> (Reading ahead of file objects implemented differently)
	- python2.7 2.7.14-5 (unimportant)
	- python2.6 <removed> (unimportant)
	NOTE: Original report: https://bugs.python.org/issue31530
	NOTE: https://bugs.python.org/file47157/0001-stop-crashes-when-iterating-over-a-file-on-multiple-.patch
	NOTE: which was followed by a pull request to fix the issue:
	NOTE: https://github.com/python/cpython/pull/3670
	NOTE: https://github.com/python/cpython/pull/3672
	NOTE: https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6
	NOTE: The original approach caused a regression leading to
	NOTE: https://github.com/python/cpython/pull/5060
	NOTE: https://bugs.python.org/msg309265
	NOTE: where the 6401e56 commit was mostly reverted again.
	NOTE: Needed: https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b
	NOTE: No practical security impact, why DWF assigned a CVE ID is hard to tell
CVE-2018-1000029 (mcholste Enterprise Log Search and Archive (ELSA) version revision 120 ...)
	NOT-FOR-US: mcholste Enterprise Log Search and Archive
CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably well before ...)
	{DLA-1771-1}
	- linux 4.16.5-1
	[stretch] - linux 4.9.161-1
	[jessie] - linux <ignored> (Minor issue, requires core networking changes)
	- linux-4.9 <removed>
	NOTE: https://patchwork.ozlabs.org/patch/859410/
	NOTE: http://lists.openwall.net/netdev/2018/01/16/40
	NOTE: http://lists.openwall.net/netdev/2018/01/18/96
	NOTE: https://git.kernel.org/linus/8914a595110a6eca69a5e275b323f5d09e18f4f9
	NOTE: https://git.kernel.org/linus/2b16f048729bf35e6c28a40cbfad07239f9dcd90
CVE-2018-1000025 (Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 co ...)
	NOT-FOR-US: Jerome Gamez Firebase Admin SDK for PHP
CVE-2018-1000023 (Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CW ...)
	NOT-FOR-US: Bitpay/insight-api Insight-api
CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation Error vulne ...)
	- git <unfixed> (unimportant; bug #889680)
	NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
	NOTE: Terminal emulators need to perform proper escaping
CVE-2018-1000020 (OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerabil ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000019 (OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Croogo
CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerabi ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site Scriptin ...)
	NOT-FOR-US: Invoice Plane
CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulne ...)
	NOT-FOR-US: Canvs Canvas
CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS ...)
	NOT-FOR-US: Mautic
CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers,  ...)
	{DLA-2196-1 DLA-1280-1}
	[experimental] - pound 2.8-1+patrodyne20190113
	- pound 2.8-2 (bug #888786)
	[stretch] - pound 2.7-1.3+deb9u1
	NOTE: http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
	NOTE: https://www.suse.com/de-de/security/cve/CVE-2016-10711/
	NOTE: Fixed by https://build.opensuse.org/request/show/571084
	NOTE: Confirmed that the SUSE patch is the security relevant diff between
	NOTE: version 2.7 and 2.8a
	NOTE: an additional fix of the fix is needed to avoid that pound uses 100% CPU
	NOTE: https://github.com/graygnuorg/pound/commit/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c
CVE-2018-6375
	RESERVED
CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients  ...)
	NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
CVE-2018-6373 (SQL Injection exists in the Fastball 2.5 component for Joomla! via the ...)
	NOT-FOR-US: Fastball component for Joomla!
CVE-2018-6372 (SQL Injection exists in the JB Bus 2.3 component for Joomla! via the o ...)
	NOT-FOR-US: JB Bus component for Joomla!
CVE-2018-6371
	RESERVED
CVE-2018-6370 (SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via t ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2018-6369
	RESERVED
CVE-2018-6368 (SQL Injection exists in the JomEstate PRO through 3.7 component for Jo ...)
	NOT-FOR-US: JomEstate PRO component for Joomla!
CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9  ...)
	NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
CVE-2018-6366
	RESERVED
CVE-2018-6365 (SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site ...)
	NOT-FOR-US: TSiteBuilder
CVE-2018-6364 (SQL Injection exists in Multilanguage Real Estate MLM Script through 3 ...)
	NOT-FOR-US: Multilanguage Real Estate MLM Script
CVE-2018-6363 (SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php  ...)
	NOT-FOR-US: Task Rabbit Clone
CVE-2017-18079 (drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows a ...)
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: Fixed by: https://git.kernel.org/linus/340d394a789518018f834ff70f7534fc463d3226
CVE-2017-18078 (systemd-tmpfiles in systemd before 237 attempts to support ownership/p ...)
	{DLA-1762-1}
	- systemd 237-1 (unimportant)
	NOTE: https://github.com/systemd/systemd/issues/7736
	NOTE: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada (v237)
	NOTE: Neutralised by kernel hardening
CVE-2018-6362 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop  ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6361 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parame ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary code v ...)
	{DSA-4105-1}
	- mpv 0.27.0-3 (bug #888654)
	[jessie] - mpv <not-affected> (Vulnerable code not present, youtube-dl hook script added in 0.7.0)
	NOTE: https://github.com/mpv-player/mpv/issues/5456
	NOTE: https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43
CVE-2018-6359 (The decompileIF function (util/decompile.c) in libming through 0.4.8 i ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/105
CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through 0.4. ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/104
CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the acurax ...)
	NOT-FOR-US: acurax-social-media-widget plugin for WordPress
CVE-2018-6356 (Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly pr ...)
	- jenkins <removed>
CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 201 ...)
	NOT-FOR-US: iBall 300M devices
CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS  ...)
	NOT-FOR-US: Formspree
CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 sup ...)
	- electrum <unfixed> (bug #890003; unimportant)
	NOTE: https://github.com/spesmilo/electrum/issues/3678
	NOTE: https://github.com/spesmilo/electrum/pull/3700
CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::Rea ...)
	- libpodofo 0.9.6+dfsg-3
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1539237
	NOTE: https://sourceforge.net/p/podofo/tickets/3/
CVE-2018-6351
	RESERVED
CVE-2018-6350 (An out-of-bounds read was possible in WhatsApp due to incorrect parsin ...)
	NOT-FOR-US: WhatsApp
CVE-2018-6349 (When receiving calls using WhatsApp for Android, a missing size check  ...)
	NOT-FOR-US: WhatsApp
CVE-2018-6348
	RESERVED
CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/trailers ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of invali ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2018-6345 (The function number_format is vulnerable to a heap overflow issue when ...)
	- hhvm <removed>
CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP packet  ...)
	NOT-FOR-US: Whatsapp
CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set before ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2018-6342 (react-dev-utils on Windows allows developers to run a local webserver  ...)
	NOT-FOR-US: react-dev-utils
CVE-2018-6341 (React applications which rendered to HTML using the ReactDOMServer API ...)
	NOT-FOR-US: React
CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger an out- ...)
	- hhvm <removed>
CVE-2018-6339 (When receiving calls using WhatsApp on Android, a stack allocation fai ...)
	NOT-FOR-US: WhatsApp
CVE-2018-6338
	RESERVED
CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and child proc ...)
	- hhvm <not-affected> (Only affects 3.26)
	NOTE: https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
	NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted Universal/fa ...)
	NOT-FOR-US: osquery
CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception when pars ...)
	- hhvm 3.24.7+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
CVE-2018-6334 (Multipart-file uploads call variables to be improperly registered in t ...)
	- hhvm 3.24.7+dfsg-1 (bug #895194)
	NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
	NOTE: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
CVE-2018-6333 (The hhvm-attach deep link handler in Nuclide did not properly sanitize ...)
	NOT-FOR-US: Nuclide
CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of invali ...)
	- hhvm 3.24.7+dfsg-1 (bug #895194)
	NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
	NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php  ...)
	NOT-FOR-US: Laravel Framework
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
	NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
	NOT-FOR-US: Unitrends Backup
CVE-2018-6327
	RESERVED
CVE-2018-6326
	RESERVED
CVE-2018-6325
	RESERVED
CVE-2017-18077 (index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expr ...)
	- node-brace-expansion 1.1.8-1 (unimportant; bug #862712)
	[stretch] - node-brace-expansion 1.1.6-1+deb9u1
	NOTE: https://nodesecurity.io/advisories/338
	NOTE: https://github.com/juliangruber/brace-expansion/issues/33
	NOTE: https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3
	NOTE: nodejs not covered by security support
CVE-2017-18076 (In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value  ...)
	{DSA-4109-1}
	[experimental] - ruby-omniauth 1.6.1-1
	- ruby-omniauth 1.3.1-2 (bug #888523)
	NOTE: https://github.com/omniauth/omniauth/pull/867
CVE-2018-6324 (F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redi ...)
	NOT-FOR-US: F-Secure Radar
CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ( ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges o ...)
	NOT-FOR-US: Panda Global Protection
CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering  ...)
	NOT-FOR-US: Panda Global Protection
CVE-2018-6320 (A vulnerability has been discovered in login.cgi in Pulse Secure Pulse ...)
	NOT-FOR-US: Pulse Secure
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special Devic ...)
	NOT-FOR-US: Sophos Tester Tool
CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context o ...)
	NOT-FOR-US: Sophos Tester Tool
CVE-2018-6317 (The remote management interface in Claymore Dual Miner 10.5 and earlie ...)
	NOT-FOR-US: Claymore's Dual Ethereum
CVE-2018-6316 (Ivanti Endpoint Security (formerly HEAT Endpoint Management and Securi ...)
	NOT-FOR-US: Ivanti Endpoint Security
CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming th ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/101
CVE-2018-6314
	RESERVED
CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticat ...)
	NOT-FOR-US: WBCE CMS
CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not v ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, users with ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2017-1000468
	REJECTED
CVE-2017-1000464
	REJECTED
CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division b ...)
	NOT-FOR-US: ImpulseAdventure JPEGsnoop
CVE-2018-6312 (A privileged account with a weak default password on the Foxconn femto ...)
	NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
CVE-2018-6311 (One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T ve ...)
	NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
CVE-2018-6310
	RESERVED
CVE-2018-6309
	RESERVED
CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...)
	NOT-FOR-US: SugarCRM
CVE-2018-6307 (LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	NOTE: https://github.com/LibVNC/libvncserver/issues/241
	NOTE: https://github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/
CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as DLL Hija ...)
	NOT-FOR-US: Kaspersky Password Manager
CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 ...)
	NOT-FOR-US: Gemalto
CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE vers ...)
	NOT-FOR-US: Gemalto
CVE-2018-6303 (Denial of service by uploading malformed firmware in Hanwha Techwin Sm ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6302 (Denial of service by blocking of new camera registration on the cloud  ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6301 (Arbitrary camera access and monitoring via cloud in Hanwha Techwin Sma ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6300 (Remote password change in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6299 (Authentication bypass in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6298 (Remote code execution in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6297 (Buffer overflow in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6296 (An undocumented (hidden) capability for switching the web interface in ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6295 (Unencrypted way of remote control and communications in Hanwha Techwin ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6294 (Unsecured way of firmware update in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. ...)
	NOT-FOR-US: Saperion Web Client
CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 83166. ...)
	NOT-FOR-US: Saperion Web Client
CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway versi ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1. ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6289 (Configuration file injection leading to Code Execution as Root in Kasp ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6288 (Cross-site Request Forgery leading to Administrative account takeover  ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6287
	RESERVED
CVE-2018-6286
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6285
	RESERVED
CVE-2018-6284
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6283
	RESERVED
CVE-2018-6282
	RESERVED
CVE-2018-6281
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6280
	RESERVED
CVE-2018-6279
	RESERVED
CVE-2018-6278
	RESERVED
CVE-2018-6277
	RESERVED
CVE-2018-6276
	RESERVED
CVE-2018-6275
	RESERVED
CVE-2018-6274
	RESERVED
CVE-2018-6273
	RESERVED
CVE-2018-6272
	RESERVED
CVE-2018-6271 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in whi ...)
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6270
	RESERVED
CVE-2018-6269 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where  ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6268 (NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, ...)
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6267 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in whi ...)
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6266 (NVIDIA GeForce Experience contains a vulnerability in all versions pri ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6265 (NVIDIA GeForce Experience contains a vulnerability in all versions pri ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6264
	RESERVED
CVE-2018-6263 (NVIDIA GeForce Experience contains a vulnerability in all versions pri ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6262 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when  ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when  ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow access  ...)
	[experimental] - nvidia-graphics-drivers 418.43-1
	- nvidia-graphics-drivers 410.104-1 (bug #913467)
	[stretch] - nvidia-graphics-drivers 390.116-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-390xx 390.116-1
	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
CVE-2018-6259 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a pote ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6258 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a pote ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6257 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a pote ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6256
	RESERVED
CVE-2018-6255
	RESERVED
CVE-2018-6254 (In Android before the 2018-05-05 security patch level, NVIDIA Media Se ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX and  ...)
	- nvidia-graphics-drivers 390.48-1 (bug #894338)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the Dire ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode laye ...)
	- nvidia-graphics-drivers 390.48-1 (bug #894338)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6246 (In Android before the 2018-05-05 security patch level, NVIDIA Widevine ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2018-6245
	RESERVED
CVE-2018-6244
	RESERVED
CVE-2018-6243 (NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability i ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a b ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in whic ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user with ker ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of speculative exe ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6238
	RESERVED
CVE-2018-6237 (A vulnerability in Trend Micro Smart Protection Server (Standalone) 3. ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6236 (A Time-of-Check Time-of-Use privilege escalation vulnerability in Tren ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6235 (An Out-of-Bounds write privilege escalation vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6234 (An Out-of-Bounds Read Information Disclosure vulnerability in Trend Mi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6233 (A buffer overflow privilege escalation vulnerability in Trend Micro Ma ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6232 (A buffer overflow privilege escalation vulnerability in Trend Micro Ma ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption Gatew ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email Encryption Gatew ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption Gatewa ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend Micro Email ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micr ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend Micro Em ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection vulnerability i ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6223 (A missing authentication for appliance registration vulnerability in T ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 co ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro Email Encr ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email Encryption  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email Encrypt ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Modul ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Offi ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6216
	RESERVED
CVE-2018-6215
	RESERVED
CVE-2018-6214
	RESERVED
CVE-2018-6213 (In the web server on D-Link DIR-620 devices with a certain customized  ...)
	NOT-FOR-US: D-Link
CVE-2018-6212 (On D-Link DIR-620 devices with a certain customized (by ISP) variant o ...)
	NOT-FOR-US: D-Link
CVE-2018-6211 (On D-Link DIR-620 devices with a certain customized (by ISP) variant o ...)
	NOT-FOR-US: D-Link
CVE-2018-6210 (D-Link DIR-620 devices, with a certain Rostelekom variant of firmware  ...)
	NOT-FOR-US: D-Link
CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) a ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allo ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allo ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allo ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the r ...)
	NOT-FOR-US: vBulletin
CVE-2018-6199
	RESERVED
CVE-2018-6195 (admin/partials/wp-splashing-admin-main.php in the Splashing Images plu ...)
	NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in admin/partials/wp-splash ...)
	NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
	NOT-FOR-US: Routers2
CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xre ...)
	{DSA-4334-1 DLA-1838-1}
	- mupdf 1.13.0+ds1-1 (bug #888487)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?5e411a99604ff6be5db9e273ee84737204113299
CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has a ...)
	NOT-FOR-US: MuJS
CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...)
	NOT-FOR-US: Netis WF2419 V3.2.41381 devices
CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier s ...)
	- jenkins <removed>
CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1  ...)
	- jenkins <removed>
CVE-2017-1000502 (Users with permission to create or configure agents in Jenkins 1.37 an ...)
	- jenkins <removed>
CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is ...)
	NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when the ~/ ...)
	- w3m 0.5.3-36 (bug #888097; unimportant)
	[stretch] - w3m 0.5.3-34+deb9u1
	NOTE: https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
	NOTE: Neutralised by kernel hardening
CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formU ...)
	{DLA-2195-1}
	- w3m 0.5.3-36 (low)
	[stretch] - w3m 0.5.3-34+deb9u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/89
	NOTE: https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlinepr ...)
	{DLA-2195-1}
	- w3m 0.5.3-36 (low)
	[stretch] - w3m 0.5.3-34+deb9u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/88
	NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
CVE-2018-6189 (F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors inv ...)
	NOT-FOR-US: F-Secure Radar
CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0. ...)
	- python-django 1:1.11.10-1
	[stretch] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	[jessie] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	[wheezy] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	NOTE: https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnera ...)
	{DSA-4334-1}
	- mupdf 1.13.0+ds1-1 (bug #888464)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
	NOTE: https://lists.debian.org/debian-lts/2018/03/msg00041.html
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?3e30fbb7bf5efd88df431e366492356e7eb969ec
	NOTE: issued covered by: http://www.ghostscript.com/cgi-bin/findgit.cgi?fa9cd085533f68367c299e058ab3fbb7ad8a2dc6
CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
	NOT-FOR-US: Citrix NetScaler VPX
CVE-2018-6185 (In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ...)
	NOT-FOR-US: Cloudera Navigator Key Trustee KMS
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next r ...)
	NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges  ...)
	NOT-FOR-US: BitDefender Total Security
CVE-2018-6182 (Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before  ...)
	- mahara <removed>
CVE-2018-6181
	RESERVED
CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0 allows an un ...)
	NOT-FOR-US: Online Voting System
CVE-2018-1000017
	REJECTED
CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allow ...)
	NOT-FOR-US: FreeSSHd
CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing  ...)
	- linux 4.14.13-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68
CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7  ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-6179 (Insufficient enforcement of file access permission in the activeTab ca ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6178 (Eliding from the wrong side in an infobar in DevTools in Google Chrome ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6177 (Information leak in media engine in Google Chrome prior to 68.0.3440.7 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6176 (Insufficient file type enforcement in Extensions API in Google Chrome  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6175 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6174 (Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.7 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6173 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6172 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6171 (Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 all ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6170 (A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6169 (Lack of timeout on extension install prompt in Extensions in Google Ch ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6168 (Information leak in media engine in Google Chrome prior to 68.0.3440.7 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6167 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6166 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6165 (Incorrect handling of reloads in Navigation in Google Chrome prior to  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6164 (Insufficient origin checks for CSS content in Blink in Google Chrome p ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6163 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6162 (Improper deserialization in WebGL in Google Chrome on Mac prior to 68. ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6161 (Insufficient policy enforcement in Blink in Google Chrome prior to 68. ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6160 (JavaScript alert handling in Prompts in Google Chrome prior to 68.0.34 ...)
	- chromium-browser <not-affected> (Only affects Chrome on iOS)
CVE-2018-6159 (Insufficient policy enforcement in ServiceWorker in Google Chrome prio ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6158 (A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allo ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6157 (Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowe ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6156 (Incorect derivation of a packet length in WebRTC in Google Chrome prio ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	- firefox 70.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
CVE-2018-6155 (Incorrect handling of frames in the VP8 parser in Google Chrome prior  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6154 (Insufficient data validation in WebGL in Google Chrome prior to 68.0.3 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6153 (A precision error in Skia in Google Chrome prior to 68.0.3440.75 allow ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6152 (The implementation of the Page.downloadBehavior backend unconditionall ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6151 (Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS pr ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6150 (Incorrect handling of CORS in ServiceWorker in Google Chrome prior to  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6149 (Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 al ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.87-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6148 (Incorrect implementation in Content Security Policy in Google Chrome p ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.79-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6147 (Lack of secure text entry mode in Browser UI in Google Chrome on Mac p ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6146
	RESERVED
CVE-2018-6145 (Insufficient data validation in HTML parser in Google Chrome prior to  ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6144 (Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allo ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6143 (Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 a ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6142 (Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.6 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6141 (Insufficient validation of an image filter in Skia in Google Chrome pr ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6140 (Allowing the chrome.debugger API to attach to Web UI pages in DevTools ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6139 (Insufficient target checks on the chrome.debugger API in DevTools in G ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6138 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6137 (CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed  ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6136 (Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowe ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6135 (Lack of clearing the previous site before loading alerts from a new on ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6134 (Information leak in Blink in Google Chrome prior to 67.0.3396.62 allow ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6133 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6132 (Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 al ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6131 (Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6130 (Incorrect handling of object lifetimes in WebRTC in Google Chrome prio ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6129 (Out of bounds array access in WebRTC in Google Chrome prior to 67.0.33 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6128 (Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0. ...)
	- chromium-browser <not-affected> (ios specific)
CVE-2018-6127 (Early free of object in use in IndexDB in Google Chrome prior to 67.0. ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62 allow ...)
	{DSA-4237-1 DSA-4220-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- firefox 60.0.2-1
	- firefox-esr 52.8.1esr-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
CVE-2018-6125
	RESERVED
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6124 (Type confusion in ReadableStreams in Blink in Google Chrome prior to 6 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62 allow ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6122
	RESERVED
	{DSA-4237-1}
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6121 (Insufficient validation of input in Blink in Google Chrome prior to 66 ...)
	{DSA-4237-1}
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6120 (An integer overflow that could lead to an attacker-controlled heap out ...)
	{DSA-4237-1}
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.1 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6118 (A double-eviction in the Incognito mode cache that lead to a user-afte ...)
	{DSA-4237-1}
	- chromium-browser 66.0.3359.139-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6117 (Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6116 (A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.33 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6115 (Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file download ...)
	- chromium-browser <not-affected> (windows specific)
CVE-2018-6114 (Incorrect enforcement of CSP for &lt;object&gt; tags in Blink in Googl ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6113 (Improper handling of pending navigation entries in Navigation in Googl ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6112 (Making URLs clickable and allowing them to be styled in DevTools in Go ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6111 (An object lifetime issue in the developer tools network handler in Goo ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6110 (Parsing documents as HTML in Downloads in Google Chrome prior to 66.0. ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6109 (readAsText() can indefinitely read the file picked by the user, rather ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6108 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6107 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6106 (An asynchronous generator may return an incorrect state in V8 in Googl ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6105 (Incorrect handling of confusable characters in Omnibox in Google Chrom ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6104 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6103 (A stagnant permission prompt in Prompts in Google Chrome prior to 66.0 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6102 (Missing confusable characters in Internationalization in Google Chrome ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6101 (A lack of host validation in DevTools in Google Chrome prior to 66.0.3 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6100 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6098 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6097 (Incorrect handling of asynchronous methods in Fullscreen in Google Chr ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6096 (A JavaScript focused window could overlap the fullscreen notification  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6095 (Inappropriate dismissal of file picker on keyboard events in Blink in  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6094 (Inline metadata in GarbageCollection in Google Chrome prior to 66.0.33 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6093 (Insufficient origin checks in Blink in Google Chrome prior to 66.0.335 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6092 (An integer overflow on 32-bit systems in WebAssembly in Google Chrome  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6091 (Service Workers can intercept any request made by an &lt;embed&gt; or  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6090 (An integer overflow that lead to a heap buffer-overflow in Skia in Goo ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6089 (A lack of CORS checks, after a Service Worker redirected to a cross-or ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6088 (An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0. ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6087 (A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.11 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6086 (A double-eviction in the Incognito mode cache that lead to a user-afte ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6085 (Re-entry of a destructor in Networking Disk Cache in Google Chrome pri ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6084 (Insufficiently sanitized distributed objects in Updater in Google Chro ...)
	- chromium-browser <not-affected> (Specific to MacOS)
CVE-2018-6083 (Failure to disallow PWA installation from CSP sandboxed pages in AppMa ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6082 (Including port 22 in the list of allowed FTP ports in Networking in Go ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6081 (XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.33 ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6080 (Lack of access control checks in Instrumentation in Google Chrome prio ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6079 (Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6078 (Incorrect handling of confusable characters in Omnibox in Google Chrom ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6077 (Displacement map filters being applied to cross-origin images in Blink ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6076 (Insufficient encoding of URL fragment identifiers in Blink in Google C ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6075 (Incorrect handling of specified filenames in file downloads in Google  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6074 (Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior t ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6073 (A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.14 ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6072 (An integer overflow leading to use after free in PDFium in Google Chro ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6071 (An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 al ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6070 (Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6069 (Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6068 (Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6067 (Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.332 ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6066 (Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Go ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6065 (Integer overflow in computing the required allocation size when instan ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6064 (Type Confusion in the implementation of __defineGetter__ in V8 in Goog ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6063 (Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6062 (Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 al ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6061 (A race in the handling of SharedArrayBuffers in WebAssembly in Google  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6060 (Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 all ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6059
	RESERVED
	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6058
	RESERVED
	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior to 65. ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6056 (Type confusion could lead to a heap out-of-bounds write in V8 in Googl ...)
	{DSA-4182-1}
	[experimental] - chromium-browser 65.0.3325.73-1
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google Chrome pr ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowe ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6053 (Inappropriate implementation in New Tab Page in Google Chrome prior to ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6052 (Lack of support for a non standard no-referrer policy value in Blink i ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6051 (XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure th ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6050 (Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.1 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6049 (Incorrect security UI in permissions prompt in Google Chrome prior to  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6048 (Insufficient policy enforcement in Blink in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6047 (Insufficient policy enforcement in WebGL in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6046 (Insufficient data validation in DevTools in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6044
	RESERVED
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6043 (Insufficient data validation in External Protocol Handler in Google Ch ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6042 (Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.1 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6041 (Incorrect security UI in navigation in Google Chrome prior to 64.0.328 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6040 (Insufficient policy enforcement in Blink in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6039 (Insufficient data validation in DevTools in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6038 (Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6037 (Inappropriate implementation in autofill in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6036 (Insufficient data validation in V8 in Google Chrome prior to 64.0.3282 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6035 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6034 (Insufficient data validation in WebGL in Google Chrome prior to 64.0.3 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6033 (Insufficient data validation in Downloads in Google Chrome prior to 64 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6032 (Insufficient policy enforcement in Blink in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6031 (Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allow ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6030
	RESERVED
CVE-2018-1000016
	REJECTED
CVE-2018-1000015 (On Jenkins instances with Authorize Project plugin, the authentication ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000014 (Jenkins Translation Assistance Plugin 1.15 and earlier did not require ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000013 (Jenkins Release Plugin 2.9 and earlier did not require form submission ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000012 (Jenkins Warnings Plugin 4.64 and earlier processes XML external entiti ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000011 (Jenkins FindBugs Plugin 4.71 and earlier processes XML external entiti ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000010 (Jenkins DRY Plugin 2.49 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000009 (Jenkins Checkstyle Plugin 3.49 and earlier processes XML external enti ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000008 (Jenkins PMD Plugin 3.49 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2015-1142857 (On multiple SR-IOV cars it is possible for VF's assigned to guests to  ...)
	NOT-FOR-US: SR-IOV cars
CVE-2018-6029 (The copy function in application/admin/controller/Article.php in NoneC ...)
	NOT-FOR-US: NoneCms
CVE-2018-6028
	RESERVED
CVE-2018-6027
	RESERVED
CVE-2018-6026
	RESERVED
CVE-2018-6025
	RESERVED
CVE-2018-6024 (SQL Injection exists in the Project Log 1.5.3 component for Joomla! vi ...)
	NOT-FOR-US: Project Log component for Joomla!
CVE-2018-6023 (Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts  ...)
	NOT-FOR-US: Fastweb FASTgate
CVE-2018-6022 (Directory traversal vulnerability in application/admin/controller/Main ...)
	NOT-FOR-US: NoneCms
CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN)  ...)
	NOT-FOR-US: Silex Technology products
CVE-2018-6020 (In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 a ...)
	NOT-FOR-US: Silex Technology products
CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows man-in-th ...)
	NOT-FOR-US: Samsung Display Solutions App for Android
CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ap ...)
	NOT-FOR-US: Tinder
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder Androi ...)
	NOT-FOR-US: Tinder
CVE-2018-6016 (Unquoted Windows search path vulnerability in the srvInventoryWebServe ...)
	NOT-FOR-US: 10-Strike Network Monitor
CVE-2018-6015 (An issue was discovered in the "Email Subscribers &amp; Newsletters" p ...)
	NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cro ...)
	NOT-FOR-US: Subsonic
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users t ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-6012 (The 'Weather Service' feature of the Green Electronics RainMachine Min ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6011 (The time-based one-time-password (TOTP) function in the application lo ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain pote ...)
	- yii <itp> (bug #597899)
CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in web ...)
	- yii <itp> (bug #597899)
CVE-2018-6008 (Arbitrary File Download exists in the Jtag Members Directory 5.3.7 com ...)
	NOT-FOR-US: Jtag Members Directory component for Joomla!
CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and a ...)
	NOT-FOR-US: Support Ticket component for Joomla!
CVE-2018-6006 (SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via t ...)
	NOT-FOR-US: JS Autoz component for Joomla!
CVE-2018-6005 (SQL Injection exists in the Realpin through 1.5.04 component for Jooml ...)
	NOT-FOR-US: Realpin component for Joomla!
CVE-2018-6004 (SQL Injection exists in the File Download Tracker 3.0 component for Jo ...)
	NOT-FOR-US: File Download Tracker component for Joomla!
CVE-2017-18074 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18073 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18072 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18071 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18070 (In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18068 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18066 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18065 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18058 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3 ...)
	NOT-FOR-US: SilverStripe
CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads  ...)
	NOT-FOR-US: Monstra CMS
CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic  ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting i ...)
	- axtls <not-affected> (Fixed with initial upload to Debian)
CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in dec ...)
	{DSA-4106-1}
	- libtasn1-6 4.13-2
	[jessie] - libtasn1-6 <not-affected> (Vulnerable code introduced in 4.3)
	- libtasn1-3 <not-affected> (Vulnerable code introduced in 4.3)
	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html
	NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3)
	NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13)
CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has Cro ...)
	NOT-FOR-US: Soundy Background Music plugin for WordPress
CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross ...)
	NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vp ...)
	NOT-FOR-US: AsusWRT
CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ha ...)
	NOT-FOR-US: AsusWRT
CVE-2018-5998
	RESERVED
CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.0 ...)
	NOT-FOR-US: RAVPower Filehub
CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...)
	{DSA-4098-1 DLA-1263-1}
	- curl 7.58.0-1
	NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
	NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
CVE-2018-5996 (Insufficient exception handling in the method NCompress::NRar3::CDecod ...)
	- p7zip-rar 16.02-2 (bug #888314)
	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
	NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995 (The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel ...)
	{DSA-4497-1 DLA-1885-1 DLA-1799-1}
	- linux 4.15.4-1
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via th ...)
	NOT-FOR-US: JS Jobs component for Joomla!
CVE-2018-5993 (SQL Injection exists in the Aist through 2.0 component for Joomla! via ...)
	NOT-FOR-US: Aist component for Joomla!
CVE-2018-5992 (SQL Injection exists in the Staff Master through 1.0 RC 1 component fo ...)
	NOT-FOR-US: Staff Master component for Joomla!
CVE-2018-5991 (SQL Injection exists in the Form Maker 3.6.12 component for Joomla! vi ...)
	NOT-FOR-US: Form Maker component for Joomla!
CVE-2018-5990 (SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joo ...)
	NOT-FOR-US: AllVideos Reloaded component for Joomla!
CVE-2018-5989 (SQL Injection exists in the ccNewsletter 2.x component for Joomla! via ...)
	NOT-FOR-US: ccNewsletter component for Joomla!
CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobi ...)
	NOT-FOR-US: Flexible Poll
CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 compon ...)
	NOT-FOR-US: Pinterest Clone Social Pinboard component for Joomla!
CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row  ...)
	NOT-FOR-US: Easy Car Script
CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Jooml ...)
	NOT-FOR-US: LiveCRM SaaS Cloud
CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 comp ...)
	NOT-FOR-US: Tumder
CVE-2018-5983 (SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joom ...)
	NOT-FOR-US: JquickContact component for Joomla!
CVE-2018-5982 (SQL Injection exists in the Advertisement Board 3.1.0 component for Jo ...)
	NOT-FOR-US: Advertisement Board component for Joomla!
CVE-2018-5981 (SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via ...)
	NOT-FOR-US: Gallery WD component for Joomla!
CVE-2018-5980 (SQL Injection exists in the Solidres 2.5.1 component for Joomla! via t ...)
	NOT-FOR-US: Solidres component for Joomla!
CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1. ...)
	NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via th ...)
	NOT-FOR-US: Facebook Style Php Ajax Chat Zechat
CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management Syste ...)
	NOT-FOR-US: Affiligator Affiliate Webshop Management System
CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...)
	NOT-FOR-US: RSVP Invitation Online
CVE-2018-5975 (SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! ...)
	NOT-FOR-US: Smart Shoutbox component for Joomla!
CVE-2018-5974 (SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! ...)
	NOT-FOR-US: SimpleCalendar component for Joomla!
CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via th ...)
	NOT-FOR-US: Professional Local Directory Script
CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keyword ...)
	NOT-FOR-US: Classified Ads CMS Quickad
CVE-2018-5971 (SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joo ...)
	NOT-FOR-US: MediaLibrary Free component for Joomla!
CVE-2018-5970 (SQL Injection exists in the JGive 2.0.9 component for Joomla! via the  ...)
	NOT-FOR-US: JGive component for Joomla!
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via cl ...)
	NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allo ...)
	{DSA-4114-1}
	- jackson-databind 2.9.4-1 (bug #888316)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
	NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description paramete ...)
	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-5966
	RESERVED
CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0 ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has X ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of or ...)
	NOT-FOR-US: Zenario
CVE-2018-5959
	RESERVED
CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows loca ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows loca ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows loca ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled in ...)
	NOT-FOR-US: GitStack
CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...)
	NOT-FOR-US: LabF nfsAxe
CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1 ...)
	NOT-FOR-US: Dasan GPON ONT WiFi Router devices
CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute arbitr ...)
	NOT-FOR-US: pfSense
CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial o ...)
	{DLA-1500-1 DLA-1257-1}
	- openssh 1:7.4p1-1
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
	NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
	NOTE: Flaw is not crashing the whole sshd daemon, rather the privsep process
CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: phpFreeChat
CVE-2018-5953 (The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel t ...)
	{DLA-1731-1}
	- linux 4.15.4-1
	[stretch] - linux 4.9.161-1
CVE-2018-5952
	RESERVED
CVE-2018-5951 (An issue was discovered in Mikrotik RouterOS. Crafting a packet that h ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change setti ...)
	NOT-FOR-US: JBMC DirectAdmin
CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman befo ...)
	{DSA-4108-1 DLA-1272-1}
	- mailman 1:2.1.26-1 (bug #888201)
	NOTE: https://mail.python.org/pipermail/mailman-users/2018-February/083011.html
	NOTE: Patch: https://launchpadlibrarian.net/355686141/options.patch
	NOTE: https://bugs.launchpad.net/mailman/+bug/1747209
CVE-2018-5949
	RESERVED
CVE-2018-5948
	RESERVED
CVE-2018-5947
	RESERVED
CVE-2018-5946
	RESERVED
CVE-2018-5945
	RESERVED
CVE-2018-5944
	RESERVED
CVE-2018-5943
	RESERVED
CVE-2018-5942
	RESERVED
CVE-2018-5941
	RESERVED
CVE-2018-5940
	RESERVED
CVE-2018-5939
	RESERVED
CVE-2018-5938
	RESERVED
CVE-2018-5937
	RESERVED
CVE-2018-5936
	RESERVED
CVE-2018-5935
	RESERVED
CVE-2018-5934
	RESERVED
CVE-2018-5933
	RESERVED
CVE-2018-5932
	RESERVED
CVE-2018-5931
	RESERVED
CVE-2018-5930
	RESERVED
CVE-2018-5929
	RESERVED
CVE-2018-5928
	RESERVED
CVE-2018-5927 (HP Support Assistant before 8.7.50.3 allows an unauthorized person wit ...)
	NOT-FOR-US: HP Support Assistant
CVE-2018-5926 (A potential vulnerability has been identified in HP Remote Graphics So ...)
	NOT-FOR-US: HP
CVE-2018-5925 (A security vulnerability has been identified with certain HP Inkjet pr ...)
	NOT-FOR-US: HP Inkjet printers
CVE-2018-5924 (A security vulnerability has been identified with certain HP Inkjet pr ...)
	NOT-FOR-US: HP Inkjet printers
CVE-2018-5923 (In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed ...)
	NOT-FOR-US: HP
CVE-2018-5922
	RESERVED
CVE-2018-5921 (A potential security vulnerability has been identified with certain HP ...)
	NOT-FOR-US: HP printers
CVE-2018-5920
	RESERVED
CVE-2018-5919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android
CVE-2018-5918 (Possible buffer overflow in DRM Trusted application due to lack of che ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper input  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5916 (Buffer overread while decoding PDP modify request or network initiated ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5913 (A non-time constant function memcmp is used which creates a side chann ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5912 (Potential buffer overflow in Video due to lack of input validation in  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5911 (Buffer overflow in WLAN function due to improper check of buffer size  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5907 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5905 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5903 (Out of bounds read occurs due to improper validation of array while pr ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5902
	RESERVED
CVE-2018-5901
	RESERVED
CVE-2018-5900
	RESERVED
CVE-2018-5899 (In Android releases from CAF using the linux kernel (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5898 (Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5897 (While reading the data from buffer in dci_process_ctrl_status() there  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5896 (In Android releases from CAF using the linux kernel (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5895 (Buffer over-read may happen in wma_process_utf_event() due to improper ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5894 (Improper Validation of Array Index in Multimedia While parsing an mp4  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5893 (While processing a message from firmware in htt_t2h_msg_handler_fast() ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5892 (The Touch Pal application can collect user behavior data without aware ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5891 (While processing modem SSR after IMS is registered, the IMS data daemo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5890 (If the fdt_totalsize is reported as 0 for the current device tree, it  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5889 (While processing a compressed kernel image, a buffer overflow can occu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5888 (While processing the system path, an out of bounds access can occur in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5887 (While processing the USB StrSerialDescriptor array, an array index out ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5886 (A pointer in an ADSPRPC command is not properly validated in all Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5885 (While loading dynamic fonts, a buffer overflow may occur if the number ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5884 (Improper Access Control in Multimedia in Snapdragon Mobile and Snapdra ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5883 (Buffer overflow in WLAN driver event handlers due to improper validati ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device manage ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5880 (Improper data length check while processing an event report indication ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5879 (Improper length check while processing an MQTT message can lead to hea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5877 (In the device programmer target-side code for firehose, a string may n ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5876 (While parsing an mp4 file, a buffer overflow can occur in Snapdragon A ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5875 (While parsing an mp4 file, an integer overflow leading to a buffer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5874 (While parsing an mp4 file, a stack-based buffer overflow can occur in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5873 (An issue was discovered in the __ns_get_path function in fs/nsfs.c in  ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.82-1+deb9u1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/073c516ff73557a8f7315066856c04b50383ac34
CVE-2018-5872 (While parsing over-the-air information elements in all Android release ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5870 (While loading a service image, an untrusted pointer dereference can oc ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to invali ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to by an u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5865 (While processing a debug log event from firmware in all Android releas ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5864 (While processing a WMI_APFIND event in all Android releases from CAF u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg802 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5862 (In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5861 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5859 (Due to a race condition in the MDSS MDP driver in all Android releases ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5858 (In the audio debugfs in all Android releases from CAF using the Linux  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5856 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5855 (While padding or shrinking a nested wmi packet in all Android releases ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android r ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5853 (A race condition exists in a driver in all Android releases from CAF u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5852
	RESERVED
CVE-2018-5851 (Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMP ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient validation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5849 (Due to a race condition in the QTEECOM driver in all Android releases  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5848 (In the function wmi_set_ie(), the length validation code does not hand ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.16.5-1
	[stretch] - linux 4.9.144-1
	NOTE: Fixed by: https://git.kernel.org/linus/b5a8ffcae4103a9d823ea3aa3a761f65779fbe2a (4.16-rc1)
CVE-2018-5847 (Early or late retirement of rotation requests can result in a Use Afte ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5846 (A Use After Free condition can occur in the IPA driver whenever the IP ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5845 (A race condition in drm_atomic_nonblocking_commit() in the display dri ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5844 (In the video driver function set_output_buffers(), binfo can be access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5843 (In the function wma_pdev_div_info_evt_handler() in all Android release ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5842 (An arbitrary address write can occur if a compromised WLAN firmware se ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is expe ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the DRM SD ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5839 (Improperly configured memory protection allows read/write access to mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in Snap ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5837 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5836 (In wma_nan_rsp_event_handler() in Android releases from CAF using the  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5835 (If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in _ ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5834 (In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potential ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5833
	RESERVED
CVE-2018-5832 (Due to a race condition in a camera driver ioctl handler in Android re ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5831 (In the KGSL driver in Android releases from CAF using the linux kernel ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5830 (While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buf ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5829 (In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5826 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5825 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5824 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5823 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
	{DLA-1734-1}
	- libraw 0.19.1-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
	{DLA-1734-1}
	- libraw 0.19.1-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
	{DLA-1734-1}
	- libraw 0.19.1-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5816 (An integer overflow error within the "identify()" function (internal/d ...)
	- libraw 0.18.13-1 (low)
	[stretch] - libraw <not-affected> (Fix for CVE-2018-5804 not released in stretch)
	[jessie] - libraw <not-affected> (Fix for CVE-2018-5804 not in jessie LTS)
	NOTE: http://seclists.org/bugtraq/2018/Jul/58
	NOTE: Issue caused by an incomplete fix for CVE-2018-5804
CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...)
	- libraw 0.18.13-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: http://seclists.org/bugtraq/2018/Jul/58
CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
	NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...)
	- libraw 0.18.11-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
	NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
	{DLA-1734-1}
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
	NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...)
	- libraw 0.18.8-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...)
	- libraw 0.18.8-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...)
	- libraw 0.18.8-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4 ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
	{DLA-1734-1}
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
	{DLA-1734-1}
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
	{DLA-1734-1}
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)
	- electron <itp> (bug #842420)
	NOTE: Linux is not affected
	NOTE: https://electronjs.org/blog/protocol-handler-fix
	NOTE: https://nodesecurity.io/advisories/563
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
	NOT-FOR-US: Zoho
CVE-2018-5798 (This CVE relates to an unspecified cross site scripting vulnerability  ...)
	NOT-FOR-US: Cloudera Manager
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5795 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5794 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5793 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5792 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5791 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5790 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5789 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5788 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2017-18044 (A Command Injection issue was discovered in ContentStore/Base/CVDataPi ...)
	NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
	- lrzip 0.631+git180517-1 (bug #888506)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/91
CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bo ...)
	{DSA-4405-1}
	- openjpeg2 2.3.0-2 (low; bug #888533)
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1057
	NOTE: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
	NOTE: vulnerable code introduced in
	NOTE: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8
CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
	{DSA-4349-1 DLA-1411-1 DLA-1391-1}
	- tiff 4.0.9-4 (bug #890441)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoD ...)
	- libpodofo 0.9.6+dfsg-4 (bug #916142)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/4/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1536179
	NOTE: https://sourceforge.net/p/podofo/code/1949
CVE-2018-5782 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5781 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5780 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5779 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1  ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1  ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5775
	RESERVED
CVE-2018-5774
	RESERVED
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through 2. ...)
	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...)
	{DSA-4213-1 DLA-1497-1}
	- qemu 1:2.10.0+dfsg-2
	[wheezy] - qemu <not-affected> (vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854
	NOTE: Broken since: https://git.qemu.org/?p=qemu.git;a=object;h=292c8e50 (v1.5.0)
	NOTE: Fix included in 1:2.10.0+dfsg-2 via debian/patches/qemu-2.10.1.diff patch
CVE-2016-10707 (jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to remo ...)
	- jquery <not-affected> (Vulnerable code never in unstable; only experimental)
	NOTE: https://github.com/jquery/jquery/issues/3133
	NOTE: https://github.com/jquery/jquery/pull/3134
	NOTE: https://snyk.io/vuln/npm:jquery:20160529
	NOTE: Only 3.0.0-rc1 affected: https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attack ...)
	- jquery 3.1.1-1
	[jessie] - jquery <ignored> (Too intrusive to backport)
	[wheezy] - jquery <ignored> (Too invasive to fix)
	NOTE: https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
	NOTE: https://github.com/jquery/jquery/issues/2432
	NOTE: https://github.com/jquery/jquery/pull/2588
	NOTE: https://snyk.io/vuln/npm:jquery:20150627
	NOTE: only 3.0 was fixed upstream, because fix considered too invasive: https://github.com/jquery/jquery/issues/2432#issuecomment-290983196
CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attack ...)
	- jquery 1.11.3+dfsg-1
	[jessie] - jquery <ignored> (Too intrusive to backport)
	[wheezy] - jquery <ignored> (Too invasive to fix)
	NOTE: https://bugs.jquery.com/ticket/11290
	NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
	NOTE: https://snyk.io/vuln/npm:jquery:20120206
	NOTE: 1.9 release introduced backwards incompatible changes to fix this, so may be too invasive to fix
CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in MediaEle ...)
	- wordpress 4.9.2+dfsg-1 (bug #887596)
	[stretch] - wordpress <not-affected> (Vulnerable files have been removed before)
	[jessie] - wordpress <not-affected> (Vulnerable files have been removed before)
	[wheezy] - wordpress <not-affected> (Vulnerable files have been removed before)
	NOTE: For jessie and stretch version the files silverlightmediaelement.xap and
	NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version.
	NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the
	NOTE: final wordpress version 4.9.2 which finally removed the mediaelement files.
	NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled re ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888862)
	NOTE: https://github.com/Exiv2/exiv2/issues/216
CVE-2018-5771
	RESERVED
CVE-2018-5770 (An issue was discovered on Tenda AC15 devices. A remote, unauthenticat ...)
	NOT-FOR-US: Tenda AC15 devices
CVE-2018-5769
	RESERVED
CVE-2018-5768 (A remote, unauthenticated attacker can gain remote code execution on t ...)
	NOT-FOR-US: Tenda AC15 router
CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A rem ...)
	NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices
CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...)
	{DLA-1907-1}
	- libav <removed>
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1112
CVE-2018-5765
	RESERVED
CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
	{DLA-1725-1 DLA-1247-1}
	- rsync 3.1.2-2.2 (bug #887588)
	[stretch] - rsync <no-dsa> (Minor issue)
	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7  ...)
	NOT-FOR-US: OXID eShop Enterprise Edition
CVE-2018-5762 (The TLS implementation in the TCP/IP networking module in Unisys Clear ...)
	NOT-FOR-US: Unisys ClearPath MCP systems
CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found  ...)
	NOT-FOR-US: Rubrik CDM
CVE-2018-5760
	RESERVED
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
	NOT-FOR-US: MuJS
CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0. ...)
	NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757 (An issue was discovered on AudioCodes 450HD IP Phone devices with firm ...)
	NOT-FOR-US: AudioCodes 450HD IP Phone devices
CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine component in ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5754 (Cross-site scripting (XSS) vulnerability in the office-web component i ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5753 (The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31 ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5752 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5751 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
	NOT-FOR-US: Open-Xchange
CVE-2017-18042 (The update user administration resource in Atlassian Bamboo before ver ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18040 (The viewDeploymentVersionCommits resource in Atlassian Bamboo before v ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18039 (The IncomingMailServers resource in Atlassian Jira from version 6.2.1  ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-18038 (The repository settings resource in Atlassian Bitbucket Server before  ...)
	NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18037 (The git repository tag rest resource in Atlassian Bitbucket Server fro ...)
	NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server before ve ...)
	NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/&lt;repository_name&gt;/.json ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ve ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allow ...)
	NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ke ...)
	{DSA-4187-1 DSA-4120-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: https://patchwork.kernel.org/patch/10174835/
CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and P ...)
	NOT-FOR-US: Minecraft Servers List Lite
CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of s ...)
	{DLA-1315-1}
	- libvirt 4.0.0-1 (bug #887700)
	[stretch] - libvirt 3.0.0-4+deb9u2
	[jessie] - libvirt 1.2.9-9+deb8u5
	NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the  ...)
	- lrzip 0.631+git180517-1 (bug #898451)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/90
CVE-2018-5746
	REJECTED
CVE-2018-5745 ("managed-keys" is a feature which allows a BIND resolver to automatica ...)
	{DSA-4440-1 DLA-1697-1}
	- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922954)
	NOTE: https://kb.isc.org/docs/cve-2018-5745
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/235a64a5a4c0143b183bd55f6ed756741d4d7880
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/38c2bdba0a5b785ef9f2da2329838b931754b3e4 (test)
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f09352d20a9d360e50683cd1d2fc52ccedcd77a0
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3022633d795bc9f04103ac9a354c026ce9b4eea3 (test)
CVE-2018-5744 (A failure to free memory can occur when processing messages having a s ...)
	- bind9 1:9.11.5.P4+dfsg-1 (bug #922953)
	[stretch] - bind9 <not-affected> (Vulnerable code introduced later; in .9.10 branch in 9.10.7 only)
	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
	NOTE: https://kb.isc.org/docs/cve-2018-5744
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/35025b6e88b726ae89caacbb312d1b40e5c20b4d
	NOTE: Test: https://gitlab.isc.org/isc-projects/bind9/commit/fe4810f1f8f75a4d5a96542fc6085109c94a3ee5
CVE-2018-5743 (By design, BIND is intended to limit the number of TCP clients that ca ...)
	{DSA-4440-1 DLA-1859-1}
	- bind9 1:9.11.5.P4+dfsg-4 (bug #927932)
	NOTE: https://kb.isc.org/docs/cve-2018-5743
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9689ffc485df8f971f0ad81ab8ab1f5389493776
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/55a7a458e30e47874d34bdf1079eb863a0512396
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9446629b730c59c4215f08d37fbaf810282fbccb
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/87d431161450777ea093821212abfb52d51b36e3
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/13f7c918b8720d890408f678bd73c20e634539d9
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/d01023aaac35543daffbdf48464e320150235d41
	NOTE: Additionally: https://lists.isc.org/pipermail/bind-users/2019-April/101673.html
	NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1864.patch
CVE-2018-5742 (While backporting a feature for a newer branch of BIND9, RedHat introd ...)
	- bind9 <not-affected> (Introduced via RedHat specific backport of Negative Trust Anchor (NTA) feature)
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/19/6
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1655844
	NOTE: https://bugs.centos.org/view.php?id=15528
	NOTE: Introduced by https://bugzilla.redhat.com/show_bug.cgi?id=1452091
CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic DNS ( ...)
	- bind9 1:9.11.5+dfsg-1 (unimportant; bug #908595)
	NOTE: https://kb.isc.org/docs/cve-2018-5741
	NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies.
	NOTE: Will be adressed in 9.11.5, 9.12.3
CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...)
	{DLA-1485-1}
	- bind9 1:9.11.4.P1+dfsg-1 (bug #905743)
	[stretch] - bind9 <postponed> (Can be fixed along in the next DSA)
	NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
	NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits
CVE-2018-5739 (An extension to hooks capabilities which debuted in Kea 1.4.0 introduc ...)
	- isc-kea <not-affected> (Vulnerable code introduced in Kea 1.4.0)
	NOTE: https://kb.isc.org/article/AA-01626
	NOTE: 1.4.0-1 was uploaded to experimental as https://tracker.debian.org/news/973011
	NOTE: Tracking bug as #903729 with RC severity so this version does
	NOTE: not enter unstable without fix.
CVE-2018-5738 (Change #4777 (introduced in October 2017) introduced an unforeseen iss ...)
	- bind9 1:9.11.3+dfsg-2 (bug #901483)
	[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by upstream change #4777
	NOTE: Introduced by: https://gitlab.isc.org/isc-projects/bind9/commit/89636d8f305956ad42e95a988502c7345e85ffe1
	NOTE: https://kb.isc.org/article/AA-01616/0/CVE-2018-5738
CVE-2018-5737 (A problem with the implementation of the new serve-stale feature in BI ...)
	- bind9 <not-affected> (only affects 9.12, not yet packaged)
	NOTE: https://kb.isc.org/article/AA-01606
CVE-2018-5736 (An error in zone database reference counting can lead to an assertion  ...)
	- bind9 <not-affected> (only affects 9.12, not yet packaged)
	NOTE: https://kb.isc.org/article/AA-01602
CVE-2018-5735 (The Debian backport of the fix for CVE-2017-3137 leads to assertion fa ...)
	{DLA-1285-1}
	- bind9 1:9.9.3.dfsg.P2-1 (bug #889285)
	NOTE: Issue similar/closely related to the CVE-2017-3139 issue in Red Hat.
	NOTE: Mark as fixed version the 1:9.9.3.dfsg.P2-1 as the related code was
	NOTE: added upstream in 9.9.3b1. The issue though does not affect bind9 upstream
	NOTE: and is only triggered as described in #889285.
CVE-2018-5734 (While handling a particular type of malformed packet BIND erroneously  ...)
	- bind9 <not-affected> (Only affects Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
CVE-2018-5733 (A malicious client which is allowed to send very large amounts of traf ...)
	{DSA-4133-1 DLA-1313-1}
	- isc-dhcp 4.3.5-3.1 (bug #891785)
	NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1)
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-5732 (Failure to properly bounds-check a buffer used for processing DHCP opt ...)
	{DSA-4133-1 DLA-1313-1}
	- isc-dhcp 4.3.5-3.1 (bug #891786)
	NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in  ...)
	- curl 7.58.0-1
	[stretch] - curl 7.52.1-5+deb9u4
	[jessie] - curl <not-affected> (Vulnerable code introduce later)
	[wheezy] - curl <not-affected> (Vulnerable code introduce later)
	NOTE: https://github.com/curl/curl/pull/2231
	NOTE: https://curl.haxx.se/docs/adv_2018-824a.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5
	NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scannin ...)
	NOT-FOR-US: Heimdal PRO
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
	{DLA-1643-1}
	- krb5 1.16.1-1 (bug #891869)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
	{DLA-1643-1}
	- krb5 1.16.1-1 (bug #891869)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the o ...)
	- openjpeg2 2.3.1-1 (unimportant; bug #888532)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1053
	NOTE: https://github.com/rouault/openjpeg/commit/a1d32a596a94280178c44a55d7e
	NOTE: ubsan error (integer overflow), no security impact per se and unlikely
	NOTE: to trigger any security relevant issue
CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain  ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5725 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configurati ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5724 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configurati ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5723 (MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1 ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5722
	RESERVED
CVE-2018-5721 (Stack-based buffer overflow in the ej_update_variables function in rou ...)
	NOT-FOR-US: ASUS routers
CVE-2018-5720 (An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Ran ...)
	NOT-FOR-US: DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices
CVE-2018-5719
	RESERVED
CVE-2018-5718 (Improper restriction of write operations within the bounds of a memory ...)
	NOT-FOR-US: SoftControl
CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before firmware  ...)
	NOT-FOR-US: NCR S2 Dispenser controller
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This vulnerab ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the quer ...)
	NOT-FOR-US: SugarCRM
CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allow ...)
	NOT-FOR-US: Malwarefox Anti-Malware
CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allow ...)
	NOT-FOR-US: Malwarefox Anti-Malware
CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ...)
	{DSA-4081-1 DSA-4080-1 DLA-1251-1}
	- php7.1 7.1.13-1
	- php7.0 7.0.27-1
	- php5 <removed>
	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ...)
	{DSA-4081-1 DSA-4080-1 DLA-1651-1 DLA-1248-1}
	- php7.1 7.1.13-1 (unimportant)
	- php7.0 7.0.27-1 (unimportant)
	- php5 <removed> (unimportant)
	- hhvm 3.24.7+dfsg-1
	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75571
	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
	- libgd2 2.2.5-4.1 (bug #887485)
	[stretch] - libgd2 2.2.4-2+deb9u3
	NOTE: https://github.com/libgd/libgd/issues/420
	NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
	- krb5 1.16.1-1 (bug #889685)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[jessie] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <not-affected> (all strlen() parameters are checked for NULL)
	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
	NOTE: The CVE is a duplicate of the #891869 issue(s) due to reporter not
	NOTE: having coordinated with upstream and the CVE assignment ist sill for
	NOTE: slight different coverage. Thus keep it distinct (for now) and mark
	NOTE: CVE-2018-5710 issue as well as fixed once #891869 is adressed.
CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
	- krb5 <unfixed> (unimportant; bug #889684)
	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
	NOTE: non-issue, codepath is only run on trusted input, potential integer
	NOTE: overflow is non-issue
CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on  ...)
	NOT-FOR-US: D-Link
CVE-2018-5707
	RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with  ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected f ...)
	NOT-FOR-US: Reservo Image Hosting
CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components in Powe ...)
	- pdns-recursor 4.1.1-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1)
	[wheezy] - pdns-recursor <not-affected> (Only affects 4.1)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
CVE-2018-1000002 (Improper input validation bugs in DNSSEC validators components in Knot ...)
	- knot-resolver 1.5.2-1
	NOTE: https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html
	NOTE: prior to 1.5.1 memcached module was called kmemcached
CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use  ...)
	{DSA-4093-1 DLA-1253-1}
	- openocd 0.10.0-4 (bug #887488)
	NOTE: https://sourceforge.net/p/openocd/mailman/message/36188041/
	NOTE: http://openocd.zylin.com/4330
	NOTE: http://openocd.zylin.com/4331
	NOTE: http://openocd.zylin.com/4335
CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux  ...)
	- linux 4.15.11-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/1/16/53
CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via th ...)
	NOT-FOR-US: download-manager plugin for WordPress
CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys ...)
	NOT-FOR-US: Iolo System Shield AntiVirus and AntiSpyware
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by authenticat ...)
	NOT-FOR-US: Winmail Server
CVE-2018-5699
	RESERVED
CVE-2017-18031
	RESERVED
CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over ...)
	- r-cran-haven 1.1.1-1
	NOTE: https://github.com/WizardMac/ReadStat/issues/108
	NOTE: https://github.com/WizardMac/ReadStat/commit/79793dba3b665ff037ca60140441a6679a8971cf
CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to ...)
	NOT-FOR-US: Icy Phoenix
CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection ...)
	NOT-FOR-US: iJoomla com_adagency plugin for Joomla!
CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the ...)
	NOT-FOR-US: WpJobBoard plugin for WordPress
CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ( ...)
	NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel
CVE-2018-5693 (The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows lo ...)
	NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk
CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `install ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/847
	NOTE: https://github.com/Piwigo/Piwigo/commit/18e4b861992e8412fd70a3a7e0b2bf9b676c42ed
CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` ...)
	NOT-FOR-US: SonicWall Global Management System
CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclea ...)
	- dotclear <removed>
CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear ...)
	- dotclear <removed>
CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader  ...)
	NOT-FOR-US: ILIAS
CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ad ...)
	NOT-FOR-US: NewsBee CMS
CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and applicati ...)
	{DSA-4334-1 DLA-1838-1}
	- mupdf 1.13.0+ds1-1 (bug #887130)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
	NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider
	NOTE: EOF.
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ha ...)
	{DSA-4321-1 DLA-1456-1 DLA-1245-1}
	- graphicsmagick 1.3.27-4 (bug #887158)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
	NOTE: Before 1.3.27, the problem only affects 32-bit architectures (i.e., 4-byte long) it
	NOTE: expanded to 64-bit architectures with upstream commit be5e89e6032d
CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ff_mov_r ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110
CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged us ...)
	{DSA-4213-1 DLA-1497-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #887392)
	[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Minor issue, can be fixed along in next DLA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html
CVE-2017-18030 (The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qe ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-4
	[wheezy] - qemu 1.1.2+dfsg-6+deb7u22
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u21
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3
CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feat ...)
	NOT-FOR-US: PrestaShop
CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages &gt;  ...)
	NOT-FOR-US: PrestaShop
CVE-2018-5680 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5679 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5678 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5677 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5676 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5675 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5674 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5671 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5670 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5669 (An issue was discovered in the read-and-understood plugin 2.1 for Word ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5668 (An issue was discovered in the read-and-understood plugin 2.1 for Word ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5667 (An issue was discovered in the read-and-understood plugin 2.1 for Word ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5666 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5665 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5664 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5663 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5662 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5661 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5660 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5659 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5658 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5657 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5656 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5655 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5654 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5653 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
	NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
	NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
	- lrzip 0.631+git180517-1 (bug #887065)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/88
	NOTE: https://github.com/ckolivas/lrzip/commit/50cfb3b9f68c7458822795e8b87a07dc06b39816
CVE-2018-5649
	RESERVED
CVE-2018-5648
	RESERVED
CVE-2018-5647
	RESERVED
CVE-2018-5646
	RESERVED
CVE-2018-5645
	RESERVED
CVE-2018-5644
	RESERVED
CVE-2018-5643
	RESERVED
CVE-2018-5642
	RESERVED
CVE-2018-5641
	RESERVED
CVE-2018-5640
	RESERVED
CVE-2018-5639
	RESERVED
CVE-2018-5638
	RESERVED
CVE-2018-5637
	RESERVED
CVE-2018-5636
	RESERVED
CVE-2018-5635
	RESERVED
CVE-2018-5634
	RESERVED
CVE-2018-5633
	RESERVED
CVE-2018-5632
	RESERVED
CVE-2018-5631
	RESERVED
CVE-2018-5630
	RESERVED
CVE-2018-5629
	RESERVED
CVE-2018-5628
	RESERVED
CVE-2018-5627
	RESERVED
CVE-2018-5626
	RESERVED
CVE-2018-5625
	RESERVED
CVE-2018-5624
	RESERVED
CVE-2018-5623
	RESERVED
CVE-2018-5622
	RESERVED
CVE-2018-5621
	RESERVED
CVE-2018-5620
	RESERVED
CVE-2018-5619
	RESERVED
CVE-2018-5618
	RESERVED
CVE-2018-5617
	RESERVED
CVE-2018-5616
	RESERVED
CVE-2018-5615
	RESERVED
CVE-2018-5614
	RESERVED
CVE-2018-5613
	RESERVED
CVE-2018-5612
	RESERVED
CVE-2018-5611
	RESERVED
CVE-2018-5610
	RESERVED
CVE-2018-5609
	RESERVED
CVE-2018-5608
	RESERVED
CVE-2018-5607
	RESERVED
CVE-2018-5606
	RESERVED
CVE-2018-5605
	RESERVED
CVE-2018-5604
	RESERVED
CVE-2018-5603
	RESERVED
CVE-2018-5602
	RESERVED
CVE-2018-5601
	RESERVED
CVE-2018-5600
	RESERVED
CVE-2018-5599
	RESERVED
CVE-2018-5598
	RESERVED
CVE-2018-5597
	RESERVED
CVE-2018-5596
	RESERVED
CVE-2018-5595
	RESERVED
CVE-2018-5594
	RESERVED
CVE-2018-5593
	RESERVED
CVE-2018-5592
	RESERVED
CVE-2018-5591
	RESERVED
CVE-2018-5590
	RESERVED
CVE-2018-5589
	RESERVED
CVE-2018-5588
	RESERVED
CVE-2018-5587
	RESERVED
CVE-2018-5586
	RESERVED
CVE-2018-5585
	RESERVED
CVE-2018-5584
	RESERVED
CVE-2018-5583
	RESERVED
CVE-2018-5582
	RESERVED
CVE-2018-5581
	RESERVED
CVE-2018-5580
	RESERVED
CVE-2018-5579
	RESERVED
CVE-2018-5578
	RESERVED
CVE-2018-5577
	RESERVED
CVE-2018-5576
	RESERVED
CVE-2018-5575
	RESERVED
CVE-2018-5574
	RESERVED
CVE-2018-5573
	RESERVED
CVE-2018-5572
	RESERVED
CVE-2018-5571
	RESERVED
CVE-2018-5570
	RESERVED
CVE-2018-5569
	RESERVED
CVE-2018-5568
	RESERVED
CVE-2018-5567
	RESERVED
CVE-2018-5566
	RESERVED
CVE-2018-5565
	RESERVED
CVE-2018-5564
	RESERVED
CVE-2018-5563
	RESERVED
CVE-2018-5562
	RESERVED
CVE-2018-5561
	RESERVED
CVE-2018-5560 (A reliance on a static, hard-coded credential in the design of the clo ...)
	NOT-FOR-US: Guardzilla
CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are  ...)
	NOT-FOR-US: Rapid7 Komand
CVE-2018-5558
	RESERVED
CVE-2018-5557
	RESERVED
CVE-2018-5556
	RESERVED
CVE-2018-5555
	RESERVED
CVE-2018-5554
	RESERVED
CVE-2018-5553 (The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS- ...)
	NOT-FOR-US: Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices
CVE-2018-5552 (Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLI ...)
	NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
CVE-2018-5551 (Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLI ...)
	NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
CVE-2018-5550 (Versions of Epson AirPrint released prior to January 19, 2018 contain  ...)
	NOT-FOR-US: Epson AirPrint
CVE-2015-9250 (An issue was discovered in Skybox Platform before 7.5.201. Directory T ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9249 (An issue was discovered in Skybox Platform before 7.5.201. SQL Injecti ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9248 (An issue was discovered in Skybox Platform before 7.5.201. Stored cros ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9247 (An issue was discovered in Skybox Platform before 7.5.401. Reflected c ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9246 (An issue was discovered in Skybox Platform before 7.5.201. Remote Unau ...)
	NOT-FOR-US: Skybox Platform
CVE-2018-5549 (On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5548 (On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior to ver ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM client prior ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5545 (On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated use ...)
	NOT-FOR-US: F5 WebSafe Alert Server
CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5543 (The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) p ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5542 (F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS hea ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5541 (When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5539 (Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5538 (On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Z ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5537 (A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5536 (A remote attacker via undisclosed measures, may be able to exploit an  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5535 (On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 sp ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5533 (Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5531 (Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5530 (F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file whil ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5526 (Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5525 (A local file vulnerability exists in the F5 BIG-IP Configuration utili ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5524 (Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5523 (On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5522 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5521 (On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 s ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, adm ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enter ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses fr ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frame ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5513 (On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrat ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TM ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5508 (On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5507 (On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5506 (In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 t ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both pro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM) does n ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5503 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5502 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disr ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5499 (ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulne ...)
	NOT-FOR-US: ATTO FibreBridge 7500N firmware
CVE-2018-5498 (Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vul ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are su ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptib ...)
	NOT-FOR-US: Data ONTAP
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerability w ...)
	NOT-FOR-US: NetApp
CVE-2018-5494
	RESERVED
CVE-2018-5493 (ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible ...)
	NOT-FOR-US: ATTO
CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and later vers ...)
	NOT-FOR-US: NetApp
CVE-2018-5491
	REJECTED
CVE-2018-5490 (Read-Only export policy rules are not correctly enforced in Clustered  ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2018-5489 (NetApp 7-Mode Transition Tool allows users with valid credentials to a ...)
	NOT-FOR-US: NetApp
CVE-2018-5488 (NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2 ...)
	NOT-FOR-US: NetApp SANtricity Web Services Proxy
CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 sh ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 shi ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
CVE-2018-5485 (NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3  ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Windows
CVE-2018-5484
	REJECTED
CVE-2018-5483
	RESERVED
CVE-2018-5482 (NetApp SnapCenter Server prior to 4.1 does not set the secure flag for ...)
	NOT-FOR-US: NetApp SnapCenter Server
CVE-2018-5481 (OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 use ...)
	NOT-FOR-US: OnCommand Unified Manager
CVE-2018-5480
	REJECTED
CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulnerable ...)
	NOT-FOR-US: FoxSash ImgHosting
CVE-2018-5478
	RESERVED
CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS Web Appl ...)
	NOT-FOR-US: ABB netCADOPS Web Application
CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line Dist ...)
	NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5474 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...)
	NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5472 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insec ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was discovered ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5470 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an u ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5468 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request issue was ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5466 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a se ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, RSR,  ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an u ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5463 (A structured exception handler overflow vulnerability in Leao Consulto ...)
	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA
CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an S ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden Hirsc ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5460
	RESERVED
CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series  ...)
	NOT-FOR-US: WAGO PFC200
CVE-2018-5458 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vu ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire Medi ...)
	NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility
CVE-2018-5456
	RESERVED
CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking issue  ...)
	NOT-FOR-US: Moxa
CVE-2018-5454 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vu ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was disco ...)
	NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process  ...)
	NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller
CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an actor claim ...)
	NOT-FOR-US: Philips Alice 6 System
CVE-2018-5450
	RESERVED
CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-H ...)
	NOT-FOR-US: Moxa
CVE-2018-5448 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
	NOT-FOR-US: Medtronic
CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 rel ...)
	NOT-FOR-US: Nari PCS-9611 relay
CVE-2018-5446 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
	NOT-FOR-US: Medtronic
CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ver ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5444
	RESERVED
CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA vers ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electric V- ...)
	NOT-FOR-US: Fuji Electric V-Server VPR
CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered i ...)
	NOT-FOR-US: PHOENIX CONTACT mGuard firmware
CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS ...)
	NOT-FOR-US: 3S-Smart
CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge E3 se ...)
	NOT-FOR-US: Nortek Linear eMerge E3 series
CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an insufficient se ...)
	NOT-FOR-US: Philips ISCV application
CVE-2018-5437 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client compone ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2018-5436 (The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2018-5435 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client compone ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Ag ...)
	NOT-FOR-US: TIBCO Runtime Agent
CVE-2018-5433 (The TIBCO Administrator server component of TIBCO Software Inc.'s TIBC ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2018-5432 (The TIBCO Administrator server component of of TIBCO Software Inc.'s T ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ...)
	- jasperreports <undetermined>
	[jessie] - jasperreports <end-of-life> (not supported in Jessie)
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431
CVE-2018-5430 (The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ...)
	- jasperreports <undetermined>
	[jessie] - jasperreports <end-of-life> (not supported in Jessie)
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430
CVE-2018-5429 (A vulnerability in the report scripting component of TIBCO Software In ...)
	- jasperreports <undetermined>
	[jessie] - jasperreports <end-of-life> (not supported in Jessie)
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429
CVE-2018-5428 (The version control adapters component of TIBCO Data Virtualization (f ...)
	NOT-FOR-US: TIBCO Data Virtualization
CVE-2018-5427
	REJECTED
CVE-2018-5426
	REJECTED
CVE-2018-5425
	REJECTED
CVE-2018-5424
	REJECTED
CVE-2018-5423
	REJECTED
CVE-2018-5422
	REJECTED
CVE-2018-5421
	REJECTED
CVE-2018-5420
	REJECTED
CVE-2018-5419
	REJECTED
CVE-2018-5418
	REJECTED
CVE-2018-5417
	REJECTED
CVE-2018-5416
	REJECTED
CVE-2018-5415
	REJECTED
CVE-2018-5414
	REJECTED
CVE-2018-5413 (Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privile ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-5412 (Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitra ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a stored c ...)
	NOT-FOR-US: Pixar Tractor
CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a ...)
	NOT-FOR-US: Dokan
CVE-2018-5409 (The PrinterLogic Print Management software, versions up to and includi ...)
	NOT-FOR-US: PrinterLogic Print Management software
CVE-2018-5408 (The PrinterLogic Print Management software, versions up to and includi ...)
	NOT-FOR-US: PrinterLogic Print Management software
CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable local user ...)
	{DSA-4355-1 DSA-4348-1 DLA-1586-1}
	- openssl 1.1.1~~pre9-1
	- openssl1.0 1.0.2q-1
	NOTE: https://www.openssl.org/news/secadv/20181112.txt
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b18162a7c9bbfb57112459a4d6631fa258fd8c0c
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/4
	NOTE: https://github.com/bbbrumley/portsmash
	NOTE: This is not an issue in software but in a hardware issue. Issue can be
	NOTE: mitigated e.g. for OpenSSL.
CVE-2018-5406 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a re ...)
	NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5405 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an a ...)
	NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5404 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an a ...)
	NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both pre-First Time ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5400 (The Auto-Maskin products utilize an undocumented custom protocol to se ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5399 (The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SS ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5398
	RESERVED
CVE-2018-5397
	RESERVED
CVE-2018-5396
	RESERVED
CVE-2018-5395
	RESERVED
CVE-2018-5394
	RESERVED
CVE-2018-5393 (The TP-LINK EAP Controller is TP-LINK's software for remotely controll ...)
	NOT-FOR-US: TP-LINK
CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that opt in to ...)
	- mingw-w64 <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/mingw-w64/mailman/message/31034877/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17321
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
	NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround)
CVE-2018-5391 (The Linux kernel, versions 3.9+, is vulnerable to a denial of service  ...)
	{DSA-4272-1 DLA-1715-1 DLA-1529-1 DLA-1466-1}
	- linux 4.17.15-1
	NOTE: Mitigation: Change the default values of net.ipv4.ipfrag_high_thresh and
	NOTE: net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively) or
	NOTE: below.
CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive calls  ...)
	{DSA-4266-1 DLA-1466-1}
	- linux 4.17.14-1 (bug #905751)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.kb.cert.org/vuls/id/962459
CVE-2018-5389 (The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...)
	- strongswan <unfixed> (unimportant)
	- libreswan <unfixed> (unimportant)
	- ipsec-tools <unfixed> (unimportant)
	- isakmpd <unfixed> (unimportant)
	NOTE: https://www.usenix.org/conference/usenixsecurity18/presentation/felsch
	NOTE: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf
	NOTE: https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_felsch.pdf
	NOTE: vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-key cryptography
CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...)
	{DSA-4229-1}
	- strongswan 5.6.3-1
	[stretch] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
	[jessie] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
	[wheezy] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
	NOTE: https://www.kb.cert.org/vuls/id/338343
	NOTE: https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
CVE-2018-5387 (Wizkunde SAMLBase may incorrectly utilize the results of XML DOM trave ...)
	NOT-FOR-US: Wizkunde SAMLBase
CVE-2018-5386 (Some Navarino Infinity functions, up to version 2.2, placed in the URL ...)
	NOT-FOR-US: Navarino Infinity
CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The server acc ...)
	NOT-FOR-US: Navarino Infinity
CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an unauthent ...)
	NOT-FOR-US: Navarino Infinity
CVE-2018-5383 (Bluetooth firmware or operating system software drivers in macOS versi ...)
	{DLA-1747-1}
	- firmware-nonfree 20190114-1
	[stretch] - firmware-nonfree 20161130-5
	NOTE: http://www.cs.technion.ac.il/~biham/BT/
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that i ...)
	- bouncycastle 1.48+dfsg-2
	[wheezy] - bouncycastle <ignored> (this only affects the integrity verification and not the content of the BKS keystore)
	NOTE: https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html
	NOTE: https://www.kb.cert.org/vuls/id/306792
	NOTE: Issue fixed in 1.47 upstream. The default MAC for a BKS key store was
	NOTE: 2 bytes before and has been upgraded to 20 bytes.
CVE-2018-5381 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its p ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=ce07207c50a3d1f05d6dd49b5294282e59749787
CVE-2018-5380 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun intern ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=9e5251151894aefdf8e9392a2371615222119ad8
CVE-2018-5379 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free me ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded
CVE-2018-5378 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly  ...)
	- quagga 1.2.4-1 (bug #890563)
	[stretch] - quagga 1.1.1-3+deb9u2
	[jessie] - quagga <not-affected> (Vulnerable code not present)
	[wheezy] - quagga <not-affected> (Vulnerable code not present)
	NOTE: https://www.quagga.net/security/Quagga-2018-0543.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=cc2e6770697e343f4af534114ab7e633d5beabec
CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.ph ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was foun ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/740985d9bd3f1c50d622c3496bb2e75d44b65a91
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/32a3eeb9e0da083cbc05909e4935efdbf9846df9
CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/734
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a43f4155ee916fbed080acd534232a9d2396b5b5
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6a88a234cbb88a06fcb7e7ebe6668267b72fa787
CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vi ...)
	NOT-FOR-US: WordPress plugin jetpack
CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes mo ...)
	NOT-FOR-US: WordPress plugin jetpack
CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which i ...)
	{DSA-4087-1 DLA-1246-1}
	- transmission 2.92-3 (bug #886990)
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
	NOTE: https://github.com/transmission/transmission/pull/468
	NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Inj ...)
	NOT-FOR-US: Dbox 3D Slider Lite plugin for WordPress
CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection ...)
	NOT-FOR-US: Smooth Slider plugin for WordPress
CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Inje ...)
	NOT-FOR-US: Testimonial Slider plugin for WordPress
CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME ...)
	NOT-FOR-US: D-Link
CVE-2018-5370 (BizLogic xnami 1.0 has XSS via the comment parameter in an addComment  ...)
	NOT-FOR-US: BizLogic xnami
CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslat ...)
	NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtransla ...)
	NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options. ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstr ...)
	- tiff 4.0.6-3
	[jessie] - tiff <no-dsa> (Minor issue, duplicate of CVE-2014-8127)
	- tiff3 <undetermined>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
	NOTE: Same issue as http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127)
	NOTE: fixed as per 2016-10-25 (first release to ship the patch seems to be 4.0.7)
	NOTE: https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be e ...)
	NOT-FOR-US: Flexense SysGauge
CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e72d445220287727d7886a5f17a10caf944a802
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed80c93e4cbf2727ead75fd8bd5e5d9ecbe762f9
CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/941
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4b60459202805cb4c9a96cdeeb70db594b1d3c72
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/152d81b91fc83d72da1989518685b1d70fc5e60a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fcce81295235f39aace870e1ed4785eec40790c1
CVE-2018-5356
	RESERVED
CVE-2018-5355
	RESERVED
CVE-2018-5354
	RESERVED
CVE-2018-5353
	RESERVED
CVE-2018-5352
	RESERVED
CVE-2018-5351
	RESERVED
CVE-2018-5350
	RESERVED
CVE-2018-5349 (A vulnerability has been found in Heimdal PRO v2.2.190, but it is most ...)
	NOT-FOR-US: Heimdal PRO
CVE-2018-5348
	RESERVED
CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticated com ...)
	NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud
CVE-2018-5346
	RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ra ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd()  ...)
	- glibc 2.26-4 (bug #887001)
	[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
	[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
	- eglibc <removed>
	[wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA)
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/11/5
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be e ...)
	{DSA-4095-1}
	- gcab 0.7-7 (bug #887776)
	NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles l ...)
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	[wheezy] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
CVE-2018-5343
	RESERVED
CVE-2018-5342 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5341 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5340 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5339 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5338 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5337 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, X ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-01.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0
CVE-2018-5335 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector cou ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-04.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07
CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file p ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-03.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in n ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() funct ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
CVE-2017-1000441
	REJECTED
CVE-2017-1000439
	REJECTED
CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/s ...)
	NOT-FOR-US: Discuz!
CVE-2018-5330 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of s ...)
	NOT-FOR-US: ZyXEL
CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Re ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /User ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5327 (Cheetah Mobile Armorfly Browser &amp; Downloader 1.1.05.0010, when ins ...)
	NOT-FOR-US: Cheetah Mobile Armorfly Browser & Downloader
CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified  ...)
	NOT-FOR-US: Cheetah Mobile CM Browser
CVE-2018-5325
	RESERVED
CVE-2018-5324
	RESERVED
CVE-2018-5323
	RESERVED
CVE-2018-5322
	RESERVED
CVE-2018-5321
	RESERVED
CVE-2018-5320
	RESERVED
CVE-2018-5319 (RAVPower FileHub 2.000.056 allows remote users to steal sensitive info ...)
	NOT-FOR-US: RAVPower FileHub
CVE-2018-5318
	RESERVED
CVE-2018-5317
	RESERVED
CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for W ...)
	NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress
CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Inject ...)
	NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
CVE-2018-5314 (Command injection vulnerability in Citrix NetScaler ADC and NetScaler  ...)
	NOT-FOR-US: Citrix
CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripti ...)
	NOT-FOR-US: Sulu-standard
CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Wei ...)
	NOT-FOR-US: rui Li finecms
CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.p ...)
	NOT-FOR-US: flatCore-CMS
CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does  ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #887307)
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/issues/27516 (private)
	NOTE: https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd
	NOTE: https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
	NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
	NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4
CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid  ...)
	NOT-FOR-US: Rapid Scada
CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_ti ...)
	NOT-FOR-US: tabs-responsive plugin for WordPress
CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via th ...)
	NOT-FOR-US: Easy Custom Auto Excerpt plugin for WordPress
CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for WordPress, Directory Tr ...)
	NOT-FOR-US: "Media from FTP" plugin for WordPress
CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamPa ...)
	- libpodofo 0.9.6+dfsg-3 (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/5/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1907
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMem ...)
	- libpodofo 0.9.5-9 (low; bug #854602)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532390
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876
	NOTE: duplicate CVE: CVE-2017-5854
CVE-2018-5307 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus  ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus  ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5305
	RESERVED
CVE-2018-5304 (An issue was discovered on the Impinj Speedway Connect R420 RFID Reade ...)
	NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5303 (An issue was discovered on the Impinj Speedway Connect R420 RFID Reade ...)
	NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5302
	RESERVED
CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1 ...)
	NOT-FOR-US: Magento
CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote a ...)
	NOT-FOR-US: Innotube ITGuard-Manager
CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default  ...)
	NOT-FOR-US: AvantFAX
CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the /otw ...)
	NOT-FOR-US: Office Tracker
CVE-2018-1000028 (Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4 ...)
	- linux 4.14.17-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420
	NOTE: Introducing commit backported to 4.14.8 and 4.9.76. But Debian stretch
	NOTE: did never contain the vulnerable code alone without the fix.
CVE-2018-1000027 (The Squid Software Foundation Squid HTTP Caching Proxy version prior t ...)
	{DSA-4122-1 DLA-1267-1 DLA-1266-1}
	[experimental] - squid 4.0.23-1~exp8
	- squid 4.1-1
	- squid3 3.5.27-1 (bug #888720)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024 (The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to  ...)
	{DSA-4122-1 DLA-1266-1}
	[experimental] - squid 4.0.23-1~exp8
	- squid 4.1-1
	[wheezy] - squid <not-affected> (Not affected according to upstream advisory)
	- squid3 3.5.27-1 (bug #888719)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
	NOTE: Squid3 in Debian builds to use the libxml2 or libexpat XML parsers.
CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to ve ...)
	- electrum 3.0.5-1 (bug #886683)
	[jessie] - electrum <not-affected> (Only affects >= 2.6)
	NOTE: https://github.com/spesmilo/electrum/issues/3374
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/10/4
CVE-2018-5300
	RESERVED
CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server i ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-5298 (In the Procter &amp; Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) a ...)
	NOT-FOR-US: Procter & Gamble "Oral-B App" for Android
CVE-2018-5297
	RESERVED
CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the Pdf ...)
	- libpodofo 0.9.6+dfsg-3 (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/6/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1925
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamPars ...)
	- libpodofo 0.9.5-9 (low; bug #889511)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: upstream thread: https://sourceforge.net/p/podofo/mailman/message/36180168/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1889
CVE-2018-5294 (In libming 0.4.8, there is an integer overflow (caused by an out-of-ra ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/98
CVE-2018-5293 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5292 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5291 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5290 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5289 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5288 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5287 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5286 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5285 (The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/option ...)
	NOT-FOR-US: ImageInject plugin for WordPress
CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid ...)
	NOT-FOR-US: ImageInject plugin for WordPress
CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal v ...)
	NOT-FOR-US: Photos in Wifi application for iOS
CVE-2018-5282 (** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overf ...)
	NOT-FOR-US: Kentico
CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices  ...)
	NOT-FOR-US: SonicWall SonicOS
CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices  ...)
	NOT-FOR-US: SonicWall SonicOS
CVE-2018-5279 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5278 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5277 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5276 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5275 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5274 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5273 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5272 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setP ...)
	{DLA-1438-1 DLA-1354-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #886675)
	[stretch] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/10540
	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...)
	{DLA-1438-1 DLA-1354-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #886674)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/10541
	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypa ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attacke ...)
	NOT-FOR-US: Ubiquiti EdgeOS
CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote att ...)
	NOT-FOR-US: Ubiquiti UniFi 52 devices
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0. ...)
	NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier  ...)
	NOT-FOR-US: Flexense DiskBoss
CVE-2018-5261 (An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due t ...)
	NOT-FOR-US: Flexense DiskBoss
CVE-2018-5260
	RESERVED
CVE-2018-5259 (Discuz! DiscuzX X3.4 allows remote authenticated users to bypass inten ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5258 (The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL se ...)
	NOT-FOR-US: Neon app
CVE-2018-5257
	RESERVED
CVE-2018-5256 (CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-t ...)
	NOT-FOR-US: CoreOS Tectonic
CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared ...)
	NOT-FOR-US: Hitron CVE-30360 devices
CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20. ...)
	NOT-FOR-US: Arista
CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...)
	NOT-FOR-US: Arista EOS
CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has a ...)
	NOT-FOR-US: Bento4
CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, ha ...)
	NOT-FOR-US: ImageWorsener
CVE-2018-5251 (In libming 0.4.8, there is an integer signedness error vulnerability ( ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/97
CVE-2018-5250
	RESERVED
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0 ...)
	- shaarli <itp> (bug #864559)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4245-1 DSA-4204-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886588)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d
CVE-2018-5247 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/928
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0ecb22aa909e52d86b4545aa7a51f7a0922147e6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d85c34f8bd699c31b94118babc6c0445eecc9920
CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImag ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/929
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c3dd700bbb17837ee6f540aff3eafc76262accf
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f
CVE-2018-5245
	RESERVED
CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior to ver ...)
	NOT-FOR-US: Symantec
CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a byp ...)
	NOT-FOR-US: Norton App Lock
CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6 ...)
	NOT-FOR-US: Symantec
CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 POST H ...)
	NOT-FOR-US: Inventory Plugin for Symantec Management Agent
CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exp ...)
	NOT-FOR-US: Norton
CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) ...)
	NOT-FOR-US: Norton
CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 coul ...)
	NOT-FOR-US: Symantec
CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may  ...)
	NOT-FOR-US: Symantec
CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Prel ...)
	NOT-FOR-US: Norton
CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command i ...)
	NOT-FOR-US: Norton Core router
CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCom ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/904
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8cf0676455929a067257400e8020dea6ca94c1a4
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e7649e96a7730dd116afb629b372c5772be0b900
CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an overhaul  ...)
	- xen <not-affected> (Only affects Xen 4.10 onwards)
	NOTE: https://xenbits.xen.org/xsa/advisory-253.html
CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twi ...)
	NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232 (The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6 ...)
	NOT-FOR-US: Atlassian
CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from versi ...)
	NOT-FOR-US: Atlassian
CVE-2018-5229 (The NotificationRepresentationFactoryImpl class in Atlassian Universal ...)
	NOT-FOR-US: Atlassian
CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ver ...)
	NOT-FOR-US: Atlassian
CVE-2018-5227 (Various administrative application link resources in Atlassian Applica ...)
	NOT-FOR-US: Atlassian
CVE-2018-5226 (There was an argument injection vulnerability in Sourcetree for Window ...)
	NOT-FOR-US: Atlassian
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 b ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository UR ...)
	NOT-FOR-US: Atlassian
CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured Mercurial ...)
	NOT-FOR-US: Atlassian
CVE-2018-5222
	RESERVED
CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX con ...)
	NOT-FOR-US: BarCodeWiz BarCode
CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5218 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5217 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_ ...)
	NOT-FOR-US: Radiant CMS
CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title paramet ...)
	NOT-FOR-US: Fork CMS
CVE-2018-5214 (The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS vi ...)
	NOT-FOR-US: "Add Link to Facebook" plugin for WordPress
CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS  ...)
	NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS  ...)
	NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack o ...)
	NOT-FOR-US: PHP Melody
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, at ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-5209
	RESERVED
CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion code coul ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 may acc ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5206 (When the channel topic is set without specifying a sender, Irssi befor ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may access data ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5204 (ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a v ...)
	NOT-FOR-US: ML Report
CVE-2018-5203 (DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerabil ...)
	NOT-FOR-US: DEXTUploadX5
CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that could al ...)
	NOT-FOR-US: SKCertService
CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10 ...)
	NOT-FOR-US: Hancom Office
CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulner ...)
	NOT-FOR-US: KMPlayer (different from src:kmplayer)
CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validation, It ...)
	NOT-FOR-US: Veraport G3 ALL
CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the Verapor ...)
	NOT-FOR-US: Veraport G3 ALL
CVE-2018-5197 (A vulnerability in the ExtCommon.dll user extension module version 9.2 ...)
	NOT-FOR-US: Xplatform ActiveX
CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused b ...)
	NOT-FOR-US: ALZip
CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vuln ...)
	NOT-FOR-US: Hancom NEO
CVE-2018-5194
	RESERVED
CVE-2018-5193
	RESERVED
CVE-2018-5192
	RESERVED
CVE-2018-5191
	REJECTED
CVE-2018-5190 (PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows rem ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to cause a ...)
	NOT-FOR-US: Jungo Windriver
CVE-2018-5188 (Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox  ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5188
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
CVE-2018-5187 (Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of t ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-5187
CVE-2018-5186 (Memory safety bugs present in Firefox 60. Some of these bugs showed ev ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5186
CVE-2018-5185 (Plaintext of decrypted emails can leak through by user submitting an e ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
CVE-2018-5184 (Using remote content in encrypted messages can lead to the disclosure  ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1 (bug #898631)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
CVE-2018-5183 (Mozilla developers backported selected changes in the Skia library. Th ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5183
CVE-2018-5182 (If a text string that happens to be a filename in the operating system ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182
CVE-2018-5181 (If a URL using the "file:" protocol is dragged and dropped onto an ope ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5181
CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL operations. Whil ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
CVE-2018-5179 (A service worker can send the activate event on itself periodically wh ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-5178 (A buffer overflow was found during UTF8 to Unicode string conversion w ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5178
CVE-2018-5177 (A vulnerability exists in XSLT during number formatting where a negati ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5177
CVE-2018-5176 (The JSON Viewer displays clickable hyperlinks for strings that are par ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5176
CVE-2018-5175 (A mechanism to bypass Content Security Policy (CSP) protections on sit ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175
CVE-2018-5174 (In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5174
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5174
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5174
CVE-2018-5173 (The filename appearing in the "Downloads" panel improperly renders som ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5173
CVE-2018-5172 (The Live Bookmarks page and the PDF viewer can run injected script con ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
CVE-2018-5171
	RESERVED
CVE-2018-5170 (It is possible to spoof the filename of an attachment and display an a ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
CVE-2018-5169 (If manipulated hyperlinked text with "chrome:" URL contained in it is  ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
CVE-2018-5168 (Sites can bypass security checks on permissions to install lightweight ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5168
CVE-2018-5167 (The web console and JavaScript debugger do not sanitize all output tha ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5167
CVE-2018-5166 (WebExtensions can use request redirection and a "filterReponseData" fi ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5166
CVE-2018-5165 (In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Ena ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5165
CVE-2018-5164 (Content Security Policy (CSP) is not applied correctly to all parts of ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5164
CVE-2018-5163 (If a malicious attacker has used another vulnerability to gain full co ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
CVE-2018-5162 (Plaintext of decrypted emails can leak through the src attribute of re ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
CVE-2018-5161 (Crafted message headers can cause a Thunderbird process to hang on rec ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
CVE-2018-5160 (WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
CVE-2018-5159 (An integer overflow can occur in the Skia library due to 32-bit intege ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5159
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5159
CVE-2018-5158 (The PDF viewer does not sufficiently sanitize PostScript calculator fu ...)
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allowing a ...)
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156 (A vulnerability can occur when capturing a media stream when the media ...)
	{DSA-4295-1 DSA-4235-1 DLA-1575-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5156
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5156
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-5156
CVE-2018-5155 (A use-after-free vulnerability can occur while adjusting layout during ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5155
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
CVE-2018-5154 (A use-after-free vulnerability can occur while enumerating attributes  ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5154
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5154
CVE-2018-5153 (If websocket data is sent with mixed text and binary in a single messa ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5153
CVE-2018-5152 (WebExtensions with the appropriate permissions can attach content scri ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
CVE-2018-5151 (Memory safety bugs were reported in Firefox 59. Some of these bugs sho ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
CVE-2018-5150 (Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and  ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5150
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5150
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5150
CVE-2018-5149
	RESERVED
CVE-2018-5148 (A use-after-free vulnerability can occur in the compositor during cert ...)
	{DSA-4153-1 DLA-1321-1}
	- firefox 59.0.2-1
	- firefox-esr 52.7.3esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
CVE-2018-5147 (The libtremor library has the same flaw as CVE-2018-5146. This library ...)
	{DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
	- firefox 59.0.1-1
	- firefox-esr 52.7.2esr-1
	- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
	NOTE: https://git.xiph.org/?p=tremor.git;a=commit;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
CVE-2018-5146 (An out of bounds memory write while processing Vorbis audio data was r ...)
	{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1368-1 DLA-1327-1 DLA-1319-1}
	- firefox 59.0.1-1
	- firefox-esr 52.7.2esr-1
	- thunderbird 1:52.7.0-1
	- libvorbis 1.3.5-4.2 (bug #893130)
	NOTE: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5145 (Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5144 (An integer overflow can occur during conversion of text to some Unicod ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5143 (URLs using "javascript:" have the protocol removed when pasted into th ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5142 (If Media Capture and Streams API permission is requested from document ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5141 (A vulnerability in the notifications Push API where notifications can  ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5140 (Image for moz-icons can be accessed through the "moz-icon:" protocol t ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5139
	RESERVED
CVE-2018-5138 (A spoofing vulnerability can occur when a malicious site with an extre ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5137 (A legacy extension's non-contentaccessible, defined resources can be l ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5136 (A shared worker created from a "data:" URL in one tab can be shared by ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5135 (WebExtensions can bypass normal restrictions in some circumstances and ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5134 (WebExtensions may use "view-source:" URLs to view local "file:" URL co ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5133 (If the "app.support.baseURL" preference is changed by a malicious loca ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5132 (The Find API for WebExtensions can search some privileged pages, such  ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5131 (Under certain circumstances the "fetch()" API can return transient loc ...)
	{DSA-4139-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5130 (When packets with a mismatched RTP payload type are sent in WebRTC con ...)
	{DSA-4139-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5129 (A lack of parameter validation on IPC messages results in a potential  ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5128 (A use-after-free vulnerability can occur when manipulating elements, e ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5127 (A buffer overflow can occur when manipulating the SVG "animatedPathSeg ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5126 (Memory safety bugs were reported in Firefox 58. Some of these bugs sho ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5125 (Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5124 (Unsanitized output in the browser UI leaves HTML tags in place and can ...)
	- firefox 58.0.1-1
	- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
CVE-2018-5123 (A third party website can access information available to a user with  ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
CVE-2018-5122 (A potential integer overflow in the "DoCrypt" function of WebCrypto wa ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122
CVE-2018-5121 (Low descenders on some Tibetan characters in several fonts on OS X are ...)
	- firefox <not-affected> (Only affects Firefox on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5121
CVE-2018-5120
	RESERVED
CVE-2018-5119 (The reader view will display cross-origin content when CORS headers ar ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119
CVE-2018-5118 (The screenshot images displayed in the Activity Stream page displayed  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
CVE-2018-5117 (If right-to-left text is used in the addressbar with left-to-right ali ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5117
CVE-2018-5116 (WebExtensions with the "ActiveTab" permission are able to access frame ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116
CVE-2018-5115 (If an HTTP authentication prompt is triggered by a background network  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115
CVE-2018-5114 (If an existing cookie is changed to be "HttpOnly" while a document is  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114
CVE-2018-5113 (The "browser.identity.launchWebAuthFlow" function of WebExtensions is  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113
CVE-2018-5112 (Development Tools panels of an extension are required to load URLs for ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
CVE-2018-5111 (When the text of a specially formatted URL is dragged to the addressba ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111
CVE-2018-5110 (If cursor visibility is toggled by script using from 'none' to an imag ...)
	- firefox <not-affected> (Only affects Firefox on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110
CVE-2018-5109 (An audio capture session can started under an incorrect origin from th ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
CVE-2018-5108 (A Blob URL can violate origin attribute segregation, allowing it to be ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108
CVE-2018-5107 (The printing process can bypass local access protections to read files ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
CVE-2018-5106 (Style editor traffic in the Developer Tools can be routed through a se ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
CVE-2018-5105 (WebExtensions can bypass user prompts to first save and then open an a ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
CVE-2018-5104 (A use-after-free vulnerability can occur during font face manipulation ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
CVE-2018-5103 (A use-after-free vulnerability can occur during mouse event handling d ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
CVE-2018-5102 (A use-after-free vulnerability can occur when manipulating HTML media  ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
CVE-2018-5101 (A use-after-free vulnerability can occur when manipulating floating "f ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101
CVE-2018-5100 (A use-after-free vulnerability can occur when arguments passed to the  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
CVE-2018-5099 (A use-after-free vulnerability can occur when the widget listener is h ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
CVE-2018-5098 (A use-after-free vulnerability can occur when form input elements, foc ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
CVE-2018-5097 (A use-after-free vulnerability can occur during XSL transformations wh ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
CVE-2018-5096 (A use-after-free vulnerability can occur while editing events in form  ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
CVE-2018-5095 (An integer overflow vulnerability in the Skia library when allocating  ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- skia <itp> (bug #818180)
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5095
CVE-2018-5094 (A heap buffer overflow vulnerability may occur in WebAssembly when "sh ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5094
CVE-2018-5093 (A heap buffer overflow vulnerability may occur in WebAssembly during M ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093
CVE-2018-5092 (A use-after-free vulnerability can occur when the thread for a Web Wor ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
CVE-2018-5091 (A use-after-free vulnerability can occur during WebRTC connections whe ...)
	{DSA-4102-1 DSA-4096-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091
CVE-2018-5090 (Memory safety bugs were reported in Firefox 57. Some of these bugs sho ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
CVE-2018-5089 (Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5089
CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5087 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5086 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5085 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5084 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5083 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5082 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5081 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5080 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5079 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2017-18021 (It was discovered that QtPass before 1.2.1, when using the built-in pa ...)
	- qtpass 1.2.1-1
	[stretch] - qtpass 1.1.6-1+deb9u1
	NOTE: https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
	NOTE: https://github.com/IJHack/QtPass/issues/338
CVE-2017-18020 (On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to the K ...)
	NOT-FOR-US: K7 Total Security
CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...)
	- coreutils <unfixed> (unimportant)
	NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
	NOTE: Documentation patches proposed:
	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
	NOTE: Neutralised by kernel hardening
CVE-2018-5078 (Online Ticket Booking has XSS via the admin/eventlist.php cast paramet ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5077 (Online Ticket Booking has XSS via the admin/movieedit.php moviename pa ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5076 (Online Ticket Booking has XSS via the admin/newsedit.php newstitle par ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5075 (Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_nam ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5074 (Online Ticket Booking has XSS via the admin/manageownerlist.php contac ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5073 (Online Ticket Booking has CSRF via admin/movieedit.php. ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5072 (Online Ticket Booking has XSS via the admin/sitesettings.php keyword p ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5071 (Persistent XSS exists in the web server on Cobham Sea Tel 116 build 22 ...)
	NOT-FOR-US: Cobham Sea Tel 116 build 222429 satellite communication system devices
CVE-2018-5070 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5069 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5068 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5067 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5066 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5065 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5064 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5063 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5062 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5061 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5060 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5059 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5058 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5057 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5056 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5055 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5054 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5053 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5052 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5051 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5050 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5049 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5048 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5047 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5046 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5045 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5044 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5043 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5042 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5041 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5040 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5039 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5038 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5037 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5036 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5035 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5034 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5033 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5032 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5031 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5030 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5029 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5028 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5027 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5026 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5025 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5024 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5023 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5022 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5021 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5020 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5019 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5018 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5017 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5016 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5015 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5014 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5013
	REJECTED
CVE-2018-5012 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5011 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5010 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5009 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5008 (Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-boun ...)
	NOT-FOR-US: Adobe
CVE-2018-5007 (Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusi ...)
	NOT-FOR-US: Adobe
CVE-2018-5006 (Adobe Experience Manager versions 6.4 and earlier have a Server-Side R ...)
	NOT-FOR-US: Adobe
CVE-2018-5005 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a C ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-5004 (Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Reque ...)
	NOT-FOR-US: Adobe
CVE-2018-5003 (Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer)  ...)
	NOT-FOR-US: Adobe
CVE-2018-5002 (Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based  ...)
	NOT-FOR-US: Adobe
CVE-2018-5001 (Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-boun ...)
	NOT-FOR-US: Adobe
CVE-2018-5000 (Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Ove ...)
	NOT-FOR-US: Adobe
CVE-2018-4999 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4998 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4997 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4996 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4995 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4994 (Adobe Connect versions 9.7.5 and earlier have an exploitable Authentic ...)
	NOT-FOR-US: Adobe
CVE-2018-4993 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4992 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlie ...)
	NOT-FOR-US: Adobe
CVE-2018-4991 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlie ...)
	NOT-FOR-US: Adobe
CVE-2018-4990 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4989 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4988 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4987 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4986 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4985 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4984 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4983 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4982 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4981 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4980 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4979 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4978 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4977 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4976 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4975 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4974 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4973 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4972 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4971 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4970 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4969 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4968 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4967 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4966 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4965 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4964 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4963 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4962 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4961 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4960 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4959 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4958 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4957 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4956 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4955 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4954 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4953 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4952 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: VMware Xenon
CVE-2018-4951 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4950 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4949 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4948 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4947 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: VMware Xenon
CVE-2018-4946 (Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, an ...)
	NOT-FOR-US: Adobe
CVE-2018-4945 (Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusi ...)
	NOT-FOR-US: Adobe
CVE-2018-4944 (Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4943 (Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploita ...)
	NOT-FOR-US: Adobe
CVE-2018-4942 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4941 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4940 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4939 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4938 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4937 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4936 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4935 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4934 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4933 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4932 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4931 (Adobe Experience Manager versions 6.1 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2018-4930 (Adobe Experience Manager versions 6.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2018-4929 (Adobe Experience Manager versions 6.2 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2018-4928 (Adobe InDesign versions 13.0 and below have an exploitable Memory corr ...)
	NOT-FOR-US: Adobe
CVE-2018-4927 (Adobe InDesign versions 13.0 and below have an exploitable Untrusted S ...)
	NOT-FOR-US: Adobe
CVE-2018-4926 (Adobe Digital Editions versions 4.5.7 and below have an exploitable St ...)
	NOT-FOR-US: Adobe
CVE-2018-4925 (Adobe Digital Editions versions 4.5.7 and below have an exploitable Ou ...)
	NOT-FOR-US: Adobe
CVE-2018-4924 (Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Inje ...)
	NOT-FOR-US: Adobe
CVE-2018-4923 (Adobe Connect versions 9.7 and earlier have an exploitable OS Command  ...)
	NOT-FOR-US: Adobe
CVE-2018-4922
	REJECTED
CVE-2018-4921 (Adobe Connect versions 9.7 and earlier have an exploitable unrestricte ...)
	NOT-FOR-US: Adobe
CVE-2018-4920 (Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4919 (Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4918 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4917 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4916 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4915 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4914 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4913 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4912 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4911 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4910 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4909 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4908 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4907 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4906 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4905 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4904 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4903 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4902 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4901 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4900 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4899 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4898 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4897 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4896 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4895 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4894 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4893 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4892 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4891 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4890 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4889 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4888 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4887 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4886 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4885 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4884 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4883 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4882 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4881 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4880 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4879 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4878 (A use-after-free vulnerability was discovered in Adobe Flash Player be ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4877 (A use-after-free vulnerability was discovered in Adobe Flash Player be ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4876 (Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to  ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-4875 (Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a refl ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-4874
	REJECTED
CVE-2018-4873 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlie ...)
	NOT-FOR-US: Adobe
CVE-2018-4872 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash Player befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4870
	RESERVED
CVE-2018-4869
	RESERVED
CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0. ...)
	- exiv2 <not-affected> (Vulnerable code introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/202
CVE-2017-1000500
	REJECTED
CVE-2017-1000499 (phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a ...)
	- phpmyadmin <not-affected> (Only affects phpMyAdmin starting from 4.7.0)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db44db0fed0e1b (4.7-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/72f109a99c82b14c07dcb19946ba9b76efc32a1b (4.8-branch)
CVE-2017-1000498 (AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsi ...)
	NOT-FOR-US: AndroidSVG
CVE-2017-1000497 (Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the gets ...)
	NOT-FOR-US: Pepperminty-Wiki
CVE-2017-1000496 (Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration ...)
	NOT-FOR-US: Commsy
CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripti ...)
	NOT-FOR-US: QuickApps CMS
CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt (u ...)
	{DLA-1811-1}
	- miniupnpd 2.0.20171212-1 (bug #887129)
	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u1
	- miniupnpc 2.0.20171212-3 (unimportant)
	NOTE: https://github.com/miniupnp/miniupnp/issues/268
	NOTE: https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
	NOTE: https://github.com/miniupnp/miniupnp/commit/a0573e251817ec090a8c9f9f41b56d720c835a6c
CVE-2017-1000490 (Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authoriz ...)
	NOT-FOR-US: Mautic
CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow ...)
	NOT-FOR-US: Mautic
CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...)
	NOT-FOR-US: Mautic
CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because  ...)
	{DSA-4149-1 DSA-4146-1 DLA-1237-1 DLA-1236-1}
	- plexus-utils 1:1.5.15-5
	- plexus-utils2 3.0.22-1
	NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
	NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41
CVE-2017-1000486 (Primetek Primefaces 5.x is vulnerable to a weak encryption flaw result ...)
	NOT-FOR-US: Primetek Primefaces
CVE-2017-1000485 (Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, wh ...)
	NOT-FOR-US: Nylas Mail Lives
CVE-2017-1000484 (By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an  ...)
	NOT-FOR-US: Plone
CVE-2017-1000483 (Accessing private content via str.format in through-the-web templates  ...)
	NOT-FOR-US: Plone
CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in the home ...)
	NOT-FOR-US: Plone
CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends  ...)
	NOT-FOR-US: Plone
CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when call ...)
	{DSA-4094-1 DLA-1249-1}
	- smarty <removed>
	- smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460)
	NOTE: https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking attack ...)
	NOT-FOR-US: pfSense
CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in  ...)
	NOT-FOR-US: ELabftw
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result  ...)
	NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in  ...)
	{DLA-1785-1 DLA-1229-1}
	- imagemagick 8:6.9.9.34+dfsg-3
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
CVE-2017-1000473 (Linux Dash up to version v2 is vulnerable to multiple command injectio ...)
	NOT-FOR-US: Linux Dash
CVE-2017-1000472 (The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO ...)
	{DSA-4083-1 DLA-1239-1}
	- poco 1.8.0-2
	NOTE: https://github.com/pocoproject/poco/issues/1968
CVE-2017-1000471 (EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL poin ...)
	NOT-FOR-US: EmbedThis GoAhead Webserver
CVE-2017-1000470 (EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable t ...)
	NOT-FOR-US: EmbedThis GoAhead Webserver
CVE-2017-1000469 (Cobbler version up to 2.8.2 is vulnerable to a command injection vulne ...)
	- cobbler <removed> (bug #886480)
	NOTE: https://github.com/cobbler/cobbler/issues/1845
CVE-2017-1000467 (LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vu ...)
	NOT-FOR-US: LavaLite
CVE-2017-1000462 (BookStack version 0.18.4 is vulnerable to stored cross-site scripting, ...)
	NOT-FOR-US: BookStack
CVE-2017-1000461 (Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulne ...)
	- brave-browser <itp> (bug #864795)
CVE-2017-1000460 (In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chr ...)
	{DLA-1740-1}
	- libav <removed>
	- ffmpeg 7:3.1.1-1
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=952
	NOTE: https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html
CVE-2018-4867
	RESERVED
CVE-2018-4866
	RESERVED
CVE-2018-4865
	RESERVED
CVE-2018-4864
	RESERVED
CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an intend ...)
	NOT-FOR-US: Sophos
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authent ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-4861 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system configurator ( ...)
	NOT-FOR-US: IEC
CVE-2018-4857
	REJECTED
CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4855 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4854 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4853 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4852 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4851 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU ha ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for Andro ...)
	NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS A ...)
	NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846 (A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPo ...)
	NOT-FOR-US: RAPIDLab
CVE-2018-4845 (A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPo ...)
	NOT-FOR-US: RAPIDLab
CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All  ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch family ...)
	NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions &lt; ...)
	NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
	NOT-FOR-US: Siemens
CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
	NOT-FOR-US: Siemens
CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...)
	NOT-FOR-US: Siemens
CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic &lt; V ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic &lt; V ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic &lt; V ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...)
	NOT-FOR-US: Desigo
CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), RU ...)
	NOT-FOR-US: Siemens
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
	NOT-FOR-US: Siemens
CVE-2018-4831
	RESERVED
CVE-2018-4830
	RESERVED
CVE-2018-4829
	RESERVED
CVE-2018-4828
	RESERVED
CVE-2018-4827
	RESERVED
CVE-2018-4826
	RESERVED
CVE-2018-4825
	RESERVED
CVE-2018-4824
	RESERVED
CVE-2018-4823
	RESERVED
CVE-2018-4822
	RESERVED
CVE-2018-4821
	RESERVED
CVE-2018-4820
	RESERVED
CVE-2018-4819
	RESERVED
CVE-2018-4818
	RESERVED
CVE-2018-4817
	RESERVED
CVE-2018-4816
	RESERVED
CVE-2018-4815
	RESERVED
CVE-2018-4814
	RESERVED
CVE-2018-4813
	RESERVED
CVE-2018-4812
	RESERVED
CVE-2018-4811
	RESERVED
CVE-2018-4810
	RESERVED
CVE-2018-4809
	RESERVED
CVE-2018-4808
	RESERVED
CVE-2018-4807
	RESERVED
CVE-2018-4806
	RESERVED
CVE-2018-4805
	RESERVED
CVE-2018-4804
	RESERVED
CVE-2018-4803
	RESERVED
CVE-2018-4802
	RESERVED
CVE-2018-4801
	RESERVED
CVE-2018-4800
	RESERVED
CVE-2018-4799
	RESERVED
CVE-2018-4798
	RESERVED
CVE-2018-4797
	RESERVED
CVE-2018-4796
	RESERVED
CVE-2018-4795
	RESERVED
CVE-2018-4794
	RESERVED
CVE-2018-4793
	RESERVED
CVE-2018-4792
	RESERVED
CVE-2018-4791
	RESERVED
CVE-2018-4790
	RESERVED
CVE-2018-4789
	RESERVED
CVE-2018-4788
	RESERVED
CVE-2018-4787
	RESERVED
CVE-2018-4786
	RESERVED
CVE-2018-4785
	RESERVED
CVE-2018-4784
	RESERVED
CVE-2018-4783
	RESERVED
CVE-2018-4782
	RESERVED
CVE-2018-4781
	RESERVED
CVE-2018-4780
	RESERVED
CVE-2018-4779
	RESERVED
CVE-2018-4778
	RESERVED
CVE-2018-4777
	RESERVED
CVE-2018-4776
	RESERVED
CVE-2018-4775
	RESERVED
CVE-2018-4774
	RESERVED
CVE-2018-4773
	RESERVED
CVE-2018-4772
	RESERVED
CVE-2018-4771
	RESERVED
CVE-2018-4770
	RESERVED
CVE-2018-4769
	RESERVED
CVE-2018-4768
	RESERVED
CVE-2018-4767
	RESERVED
CVE-2018-4766
	RESERVED
CVE-2018-4765
	RESERVED
CVE-2018-4764
	RESERVED
CVE-2018-4763
	RESERVED
CVE-2018-4762
	RESERVED
CVE-2018-4761
	RESERVED
CVE-2018-4760
	RESERVED
CVE-2018-4759
	RESERVED
CVE-2018-4758
	RESERVED
CVE-2018-4757
	RESERVED
CVE-2018-4756
	RESERVED
CVE-2018-4755
	RESERVED
CVE-2018-4754
	RESERVED
CVE-2018-4753
	RESERVED
CVE-2018-4752
	RESERVED
CVE-2018-4751
	RESERVED
CVE-2018-4750
	RESERVED
CVE-2018-4749
	RESERVED
CVE-2018-4748
	RESERVED
CVE-2018-4747
	RESERVED
CVE-2018-4746
	RESERVED
CVE-2018-4745
	RESERVED
CVE-2018-4744
	RESERVED
CVE-2018-4743
	RESERVED
CVE-2018-4742
	RESERVED
CVE-2018-4741
	RESERVED
CVE-2018-4740
	RESERVED
CVE-2018-4739
	RESERVED
CVE-2018-4738
	RESERVED
CVE-2018-4737
	RESERVED
CVE-2018-4736
	RESERVED
CVE-2018-4735
	RESERVED
CVE-2018-4734
	RESERVED
CVE-2018-4733
	RESERVED
CVE-2018-4732
	RESERVED
CVE-2018-4731
	RESERVED
CVE-2018-4730
	RESERVED
CVE-2018-4729
	RESERVED
CVE-2018-4728
	RESERVED
CVE-2018-4727
	RESERVED
CVE-2018-4726
	RESERVED
CVE-2018-4725
	RESERVED
CVE-2018-4724
	RESERVED
CVE-2018-4723
	RESERVED
CVE-2018-4722
	RESERVED
CVE-2018-4721
	RESERVED
CVE-2018-4720
	RESERVED
CVE-2018-4719
	RESERVED
CVE-2018-4718
	RESERVED
CVE-2018-4717
	RESERVED
CVE-2018-4716
	RESERVED
CVE-2018-4715
	RESERVED
CVE-2018-4714
	RESERVED
CVE-2018-4713
	RESERVED
CVE-2018-4712
	RESERVED
CVE-2018-4711
	RESERVED
CVE-2018-4710
	RESERVED
CVE-2018-4709
	RESERVED
CVE-2018-4708
	RESERVED
CVE-2018-4707
	RESERVED
CVE-2018-4706
	RESERVED
CVE-2018-4705
	RESERVED
CVE-2018-4704
	RESERVED
CVE-2018-4703
	RESERVED
CVE-2018-4702
	RESERVED
CVE-2018-4701
	RESERVED
CVE-2018-4700
	REJECTED
CVE-2018-4699
	RESERVED
CVE-2018-4698
	RESERVED
CVE-2018-4697
	RESERVED
CVE-2018-4696
	RESERVED
CVE-2018-4695
	RESERVED
CVE-2018-4694
	RESERVED
CVE-2018-4693
	RESERVED
CVE-2018-4692
	RESERVED
CVE-2018-4691
	RESERVED
CVE-2018-4690
	RESERVED
CVE-2018-4689
	RESERVED
CVE-2018-4688
	RESERVED
CVE-2018-4687
	RESERVED
CVE-2018-4686
	RESERVED
CVE-2018-4685
	RESERVED
CVE-2018-4684
	RESERVED
CVE-2018-4683
	RESERVED
CVE-2018-4682
	RESERVED
CVE-2018-4681
	RESERVED
CVE-2018-4680
	RESERVED
CVE-2018-4679
	RESERVED
CVE-2018-4678
	RESERVED
CVE-2018-4677
	RESERVED
CVE-2018-4676
	RESERVED
CVE-2018-4675
	RESERVED
CVE-2018-4674
	RESERVED
CVE-2018-4673
	RESERVED
CVE-2018-4672
	RESERVED
CVE-2018-4671
	RESERVED
CVE-2018-4670
	RESERVED
CVE-2018-4669
	RESERVED
CVE-2018-4668
	RESERVED
CVE-2018-4667
	RESERVED
CVE-2018-4666
	RESERVED
CVE-2018-4665
	RESERVED
CVE-2018-4664
	RESERVED
CVE-2018-4663
	RESERVED
CVE-2018-4662
	RESERVED
CVE-2018-4661
	RESERVED
CVE-2018-4660
	RESERVED
CVE-2018-4659
	RESERVED
CVE-2018-4658
	RESERVED
CVE-2018-4657
	RESERVED
CVE-2018-4656
	RESERVED
CVE-2018-4655
	RESERVED
CVE-2018-4654
	RESERVED
CVE-2018-4653
	RESERVED
CVE-2018-4652
	RESERVED
CVE-2018-4651
	RESERVED
CVE-2018-4650
	RESERVED
CVE-2018-4649
	RESERVED
CVE-2018-4648
	RESERVED
CVE-2018-4647
	RESERVED
CVE-2018-4646
	RESERVED
CVE-2018-4645
	RESERVED
CVE-2018-4644
	RESERVED
CVE-2018-4643
	RESERVED
CVE-2018-4642
	RESERVED
CVE-2018-4641
	RESERVED
CVE-2018-4640
	RESERVED
CVE-2018-4639
	RESERVED
CVE-2018-4638
	RESERVED
CVE-2018-4637
	RESERVED
CVE-2018-4636
	RESERVED
CVE-2018-4635
	RESERVED
CVE-2018-4634
	RESERVED
CVE-2018-4633
	RESERVED
CVE-2018-4632
	RESERVED
CVE-2018-4631
	RESERVED
CVE-2018-4630
	RESERVED
CVE-2018-4629
	RESERVED
CVE-2018-4628
	RESERVED
CVE-2018-4627
	RESERVED
CVE-2018-4626
	RESERVED
CVE-2018-4625
	RESERVED
CVE-2018-4624
	RESERVED
CVE-2018-4623
	RESERVED
CVE-2018-4622
	RESERVED
CVE-2018-4621
	RESERVED
CVE-2018-4620
	RESERVED
CVE-2018-4619
	RESERVED
CVE-2018-4618
	RESERVED
CVE-2018-4617
	RESERVED
CVE-2018-4616
	RESERVED
CVE-2018-4615
	RESERVED
CVE-2018-4614
	RESERVED
CVE-2018-4613
	RESERVED
CVE-2018-4612
	RESERVED
CVE-2018-4611
	RESERVED
CVE-2018-4610
	RESERVED
CVE-2018-4609
	RESERVED
CVE-2018-4608
	RESERVED
CVE-2018-4607
	RESERVED
CVE-2018-4606
	RESERVED
CVE-2018-4605
	RESERVED
CVE-2018-4604
	RESERVED
CVE-2018-4603
	RESERVED
CVE-2018-4602
	RESERVED
CVE-2018-4601
	RESERVED
CVE-2018-4600
	RESERVED
CVE-2018-4599
	RESERVED
CVE-2018-4598
	RESERVED
CVE-2018-4597
	RESERVED
CVE-2018-4596
	RESERVED
CVE-2018-4595
	RESERVED
CVE-2018-4594
	RESERVED
CVE-2018-4593
	RESERVED
CVE-2018-4592
	RESERVED
CVE-2018-4591
	RESERVED
CVE-2018-4590
	RESERVED
CVE-2018-4589
	RESERVED
CVE-2018-4588
	RESERVED
CVE-2018-4587
	RESERVED
CVE-2018-4586
	RESERVED
CVE-2018-4585
	RESERVED
CVE-2018-4584
	RESERVED
CVE-2018-4583
	RESERVED
CVE-2018-4582
	RESERVED
CVE-2018-4581
	RESERVED
CVE-2018-4580
	RESERVED
CVE-2018-4579
	RESERVED
CVE-2018-4578
	RESERVED
CVE-2018-4577
	RESERVED
CVE-2018-4576
	RESERVED
CVE-2018-4575
	RESERVED
CVE-2018-4574
	RESERVED
CVE-2018-4573
	RESERVED
CVE-2018-4572
	RESERVED
CVE-2018-4571
	RESERVED
CVE-2018-4570
	RESERVED
CVE-2018-4569
	RESERVED
CVE-2018-4568
	RESERVED
CVE-2018-4567
	RESERVED
CVE-2018-4566
	RESERVED
CVE-2018-4565
	RESERVED
CVE-2018-4564
	RESERVED
CVE-2018-4563
	RESERVED
CVE-2018-4562
	RESERVED
CVE-2018-4561
	RESERVED
CVE-2018-4560
	RESERVED
CVE-2018-4559
	RESERVED
CVE-2018-4558
	RESERVED
CVE-2018-4557
	RESERVED
CVE-2018-4556
	RESERVED
CVE-2018-4555
	RESERVED
CVE-2018-4554
	RESERVED
CVE-2018-4553
	RESERVED
CVE-2018-4552
	RESERVED
CVE-2018-4551
	RESERVED
CVE-2018-4550
	RESERVED
CVE-2018-4549
	RESERVED
CVE-2018-4548
	RESERVED
CVE-2018-4547
	RESERVED
CVE-2018-4546
	RESERVED
CVE-2018-4545
	RESERVED
CVE-2018-4544
	RESERVED
CVE-2018-4543
	RESERVED
CVE-2018-4542
	RESERVED
CVE-2018-4541
	RESERVED
CVE-2018-4540
	RESERVED
CVE-2018-4539
	RESERVED
CVE-2018-4538
	RESERVED
CVE-2018-4537
	RESERVED
CVE-2018-4536
	RESERVED
CVE-2018-4535
	RESERVED
CVE-2018-4534
	RESERVED
CVE-2018-4533
	RESERVED
CVE-2018-4532
	RESERVED
CVE-2018-4531
	RESERVED
CVE-2018-4530
	RESERVED
CVE-2018-4529
	RESERVED
CVE-2018-4528
	RESERVED
CVE-2018-4527
	RESERVED
CVE-2018-4526
	RESERVED
CVE-2018-4525
	RESERVED
CVE-2018-4524
	RESERVED
CVE-2018-4523
	RESERVED
CVE-2018-4522
	RESERVED
CVE-2018-4521
	RESERVED
CVE-2018-4520
	RESERVED
CVE-2018-4519
	RESERVED
CVE-2018-4518
	RESERVED
CVE-2018-4517
	RESERVED
CVE-2018-4516
	RESERVED
CVE-2018-4515
	RESERVED
CVE-2018-4514
	RESERVED
CVE-2018-4513
	RESERVED
CVE-2018-4512
	RESERVED
CVE-2018-4511
	RESERVED
CVE-2018-4510
	RESERVED
CVE-2018-4509
	RESERVED
CVE-2018-4508
	RESERVED
CVE-2018-4507
	RESERVED
CVE-2018-4506
	RESERVED
CVE-2018-4505
	RESERVED
CVE-2018-4504
	RESERVED
CVE-2018-4503
	RESERVED
CVE-2018-4502
	RESERVED
CVE-2018-4501
	RESERVED
CVE-2018-4500
	RESERVED
CVE-2018-4499
	RESERVED
CVE-2018-4498
	RESERVED
CVE-2018-4497
	RESERVED
CVE-2018-4496
	RESERVED
CVE-2018-4495
	RESERVED
CVE-2018-4494
	RESERVED
CVE-2018-4493
	RESERVED
CVE-2018-4492
	RESERVED
CVE-2018-4491
	RESERVED
CVE-2018-4490
	RESERVED
CVE-2018-4489
	RESERVED
CVE-2018-4488
	RESERVED
CVE-2018-4487
	RESERVED
CVE-2018-4486
	RESERVED
CVE-2018-4485
	RESERVED
CVE-2018-4484
	RESERVED
CVE-2018-4483
	RESERVED
CVE-2018-4482
	RESERVED
CVE-2018-4481
	RESERVED
CVE-2018-4480
	RESERVED
CVE-2018-4479
	RESERVED
CVE-2018-4478
	RESERVED
CVE-2018-4477
	RESERVED
CVE-2018-4476
	RESERVED
CVE-2018-4475
	RESERVED
CVE-2018-4474
	RESERVED
CVE-2018-4473
	RESERVED
CVE-2018-4472
	RESERVED
CVE-2018-4471
	RESERVED
CVE-2018-4470 (A privacy issue in the handling of Open Directory records was addresse ...)
	NOT-FOR-US: Apple
CVE-2018-4469
	RESERVED
CVE-2018-4468
	RESERVED
CVE-2018-4467
	RESERVED
CVE-2018-4466
	RESERVED
CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4464 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4463 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4462 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4461 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4460 (A denial of service issue was addressed by removing the vulnerable cod ...)
	NOT-FOR-US: Apple
CVE-2018-4459
	RESERVED
CVE-2018-4458
	RESERVED
CVE-2018-4457
	RESERVED
CVE-2018-4456 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4455
	RESERVED
CVE-2018-4454
	RESERVED
CVE-2018-4453
	RESERVED
CVE-2018-4452
	RESERVED
CVE-2018-4451
	RESERVED
CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4448
	RESERVED
CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...)
	NOT-FOR-US: Apple
CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue  ...)
	NOT-FOR-US: Apple
CVE-2018-4444
	RESERVED
CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4442 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4441 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4440 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4439 (A logic issue was addressed with improved validation. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4438 (A logic issue existed resulting in memory corruption. This was address ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4437 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.5-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4436 (A certificate validation issue existed in configuration profiles. This ...)
	NOT-FOR-US: Apple
CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issue aff ...)
	NOT-FOR-US: Apple
CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4433
	RESERVED
CVE-2018-4432
	RESERVED
CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
	NOT-FOR-US: Apple
CVE-2018-4428
	RESERVED
CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4425 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4424 (A buffer overflow was addressed with improved size validation. This is ...)
	NOT-FOR-US: Apple
CVE-2018-4423 (A logic issue was addressed with improved validation. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4422 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4421 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4420 (A memory corruption issue was addressed by removing the vulnerable cod ...)
	NOT-FOR-US: Apple
CVE-2018-4419 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4418 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4417 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4416 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4415 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4414 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4413 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4412 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4411 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4410 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4409 (A resource exhaustion issue was addressed with improved input validati ...)
	NOT-FOR-US: Apple
CVE-2018-4408 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4407 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4406 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4405
	RESERVED
CVE-2018-4404 (In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corr ...)
	NOT-FOR-US: Apple
CVE-2018-4403 (This issue was addressed by removing additional entitlements. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4402 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4401 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4400 (A validation issue was addressed with improved logic. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4399 (An access issue existed with privileged API calls. This issue was addr ...)
	NOT-FOR-US: Apple
CVE-2018-4398 (An issue existed in the method for determining prime numbers. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4397 (Analytics data was sent using HTTP rather than HTTPS. This was address ...)
	NOT-FOR-US: Apple
CVE-2018-4396 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4395 (This issue was addressed with improved checks. This issue affected ver ...)
	NOT-FOR-US: Apple
CVE-2018-4394 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4393 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4392 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4391
	RESERVED
CVE-2018-4390
	RESERVED
CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...)
	NOT-FOR-US: Apple
CVE-2018-4387 (A lock screen issue allowed access to photos via Reply With Message on ...)
	NOT-FOR-US: Apple
CVE-2018-4386 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4385 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4384 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4383 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2018-4382 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4381
	RESERVED
CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked  ...)
	NOT-FOR-US: Apple
CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...)
	NOT-FOR-US: Apple
CVE-2018-4378 (A memory corruption issue was addressed with improved validation. This ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4377 (A cross-site scripting issue existed in Safari. This issue was address ...)
	NOT-FOR-US: Apple
CVE-2018-4376 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4375 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4374 (A logic issue was addressed with improved validation. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4373 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4372 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4371 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4370
	RESERVED
CVE-2018-4369 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4368 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4367 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4366 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4365 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4364
	RESERVED
CVE-2018-4363 (An input validation issue existed in the kernel. This issue was addres ...)
	NOT-FOR-US: Apple
CVE-2018-4362 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4361 (A memory consumption issue was addressed with improved memory handling ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4360 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4359 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4358 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4357 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple Xcode
CVE-2018-4356 (A permissions issue existed. This issue was addressed with improved pe ...)
	NOT-FOR-US: Apple
CVE-2018-4355 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4354 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4353 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4352 (A consistency issue existed in the handling of application snapshots.  ...)
	NOT-FOR-US: Apple
CVE-2018-4351 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4350 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4349
	RESERVED
CVE-2018-4348 (A validation issue was addressed with improved logic. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4347 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2018-4346 (A validation issue existed which allowed local file access. This was a ...)
	NOT-FOR-US: Apple
CVE-2018-4345 (A cross-site scripting issue existed in Safari. This issue was address ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4344 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4343 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4342 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4341 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4339
	RESERVED
CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4336 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4335 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4334 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4333 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4332 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4331 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4330 (In iOS before 11.4, a memory corruption issue exists and was addressed ...)
	NOT-FOR-US: Apple
CVE-2018-4329 (Clearing a history item may not clear visits with redirect chains. The ...)
	NOT-FOR-US: Apple
CVE-2018-4328 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4327 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4326 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4325 (A logic issue was addressed with improved restrictions. This issue aff ...)
	NOT-FOR-US: Apple
CVE-2018-4324 (A permissions issue existed in the handling of the Apple ID. This issu ...)
	NOT-FOR-US: Apple
CVE-2018-4323 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4322 (This issue was addressed with improved entitlements. This issue affect ...)
	NOT-FOR-US: Apple
CVE-2018-4321 (A validation issue existed in the entitlement verification. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4320
	RESERVED
CVE-2018-4319 (A cross-origin issue existed with "iframe" elements. This was addresse ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4318 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4317 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4316 (A memory corruption issue was addressed with improved state management ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4315 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4314 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4313 (A consistency issue existed in the handling of application snapshots.  ...)
	NOT-FOR-US: Apple
CVE-2018-4312 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4311 (The issue was addressed by removing origin information. This issue aff ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4310 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4309 (A cross-site scripting issue existed in Safari. This issue was address ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4308 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4307 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4306 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4305 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4304 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4302
	RESERVED
CVE-2018-4301
	RESERVED
	NOT-FOR-US: Apple
CVE-2018-4300 (The session cookie generated by the CUPS web interface was easy to gue ...)
	{DLA-1936-1}
	- cups 2.2.10-1 (bug #915909)
	[stretch] - cups 2.2.1-8+deb9u3
	NOTE: https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
	NOTE: https://github.com/apple/cups/commit/b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3 (2.3b6)
	NOTE: Clarification about typo for CVE id: https://github.com/apple/cups/issues/5561
CVE-2018-4299 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra,  ...)
	NOT-FOR-US: Apple
CVE-2018-4297
	RESERVED
CVE-2018-4296
	RESERVED
CVE-2018-4295 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4294
	RESERVED
CVE-2018-4293 (A cookie management issue was addressed with improved checks. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4292
	RESERVED
CVE-2018-4291 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4290 (A denial of service issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4289 (An information disclosure issue was addressed by removing the vulnerab ...)
	NOT-FOR-US: Apple
CVE-2018-4288 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4287 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4286 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4285 (A type confusion issue was addressed with improved memory handling. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4284 (A type confusion issue was addressed with improved memory handling. Th ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4283 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2018-4282 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2018-4281 (In SwiftNIO before 1.8.0, a buffer overflow was addressed with improve ...)
	NOT-FOR-US: Apple
CVE-2018-4280 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4279 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple Safari
CVE-2018-4278 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4277 (In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari ...)
	NOT-FOR-US: Apple
CVE-2018-4276 (A null pointer dereference was addressed with improved validation. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4275 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4274 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
	NOT-FOR-US: Apple
CVE-2018-4273 (Multiple memory corruption issues were addressed with improved input v ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4272 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4271 (Multiple memory corruption issues were addressed with improved input v ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4270 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4269 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4268 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4267 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4266 (A race condition was addressed with additional validation. This issue  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4265 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4264 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4263 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4262 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4261 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4260 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4259 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4258 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed w ...)
	NOT-FOR-US: Apple
CVE-2018-4257 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed w ...)
	NOT-FOR-US: Apple
CVE-2018-4256 (In macOS High Sierra before 10.13.5, an out-of-bounds read was address ...)
	NOT-FOR-US: Apple
CVE-2018-4255 (In macOS High Sierra before 10.13.5, an out-of-bounds read was address ...)
	NOT-FOR-US: Apple
CVE-2018-4254 (In macOS High Sierra before 10.13.5, an input validation issue existed ...)
	NOT-FOR-US: Apple
CVE-2018-4253 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4252 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4251 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4250 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4249 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4248 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4247 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4246 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4245
	RESERVED
CVE-2018-4244 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4243 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4242 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4241 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4240 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4239 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4238 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4237 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4236 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4235 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4234 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4233 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4232 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4231
	RESERVED
CVE-2018-4230 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4229 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4228 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4227 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4226 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4225 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4224 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4223 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4222 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4221 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4220 (An issue was discovered in certain Apple products. Swift before 4.1.1  ...)
	NOT-FOR-US: Apple
CVE-2018-4219 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4218 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4217 (In macOS High Sierra before 10.13.5, a privacy issue in the handling o ...)
	NOT-FOR-US: Apple
CVE-2018-4216 (A logic issue existed in the handling of call URLs. This issue was add ...)
	NOT-FOR-US: Apple
CVE-2018-4215 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4214 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4213 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4212 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4211 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4210 (In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS befo ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4209 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4208 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4207 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4206 (An issue was discovered in certain Apple products. iOS before 11.3.1 i ...)
	NOT-FOR-US: Apple
CVE-2018-4205 (An issue was discovered in certain Apple products. Safari before 11.1. ...)
	NOT-FOR-US: Apple
CVE-2018-4204 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4203 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4202 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple (iBooks component)
CVE-2018-4201 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.1-2 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4200 (An issue was discovered in certain Apple products. iOS before 11.3.1 i ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4199 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4198 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple (UIKit component)
CVE-2018-4197 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4196 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple (Accessibility Framework component)
CVE-2018-4195 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4194 (In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3. ...)
	NOT-FOR-US: Apple
CVE-2018-4193 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple (Windows Server component)
CVE-2018-4192 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.1-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4191 (A memory corruption issue was addressed with improved validation. This ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4190 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4189 (In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Updat ...)
	NOT-FOR-US: Apple
CVE-2018-4188 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Safari
CVE-2018-4187 (An issue was discovered in certain Apple products. iOS before 11.3.1 i ...)
	NOT-FOR-US: Apple (LinkPresentation component)
CVE-2018-4186 (In Safari before 11.1, an information leakage issue existed in the han ...)
	NOT-FOR-US: Apple
CVE-2018-4185 (In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS be ...)
	NOT-FOR-US: Apple
CVE-2018-4184 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple (Speech component)
CVE-2018-4183 (In macOS High Sierra before 10.13.5, an access issue was addressed wit ...)
	- cups <not-affected> (MacOS X specific issue)
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4182 (In macOS High Sierra before 10.13.5, an access issue was addressed wit ...)
	- cups <not-affected> (MacOS X specific issue)
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4181 (In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is ...)
	{DSA-4243-1 DLA-1426-1}
	- cups 2.2.8-2
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4180 (In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is ...)
	{DSA-4243-1 DLA-1426-1}
	- cups 2.2.8-2
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4179 (In macOS High Sierra before 10.13.4, there was an issue with the handl ...)
	NOT-FOR-US: Apple
CVE-2018-4178 (A permissions issue existed in which execute permission was incorrectl ...)
	NOT-FOR-US: Apple
CVE-2018-4177
	RESERVED
CVE-2018-4176 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4175 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4174 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4173 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4172 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4171 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4170 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4169 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra,  ...)
	NOT-FOR-US: Apple
CVE-2018-4168 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4167 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4166 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4165 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4164 (An issue was discovered in certain Apple products. Xcode before 9.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4163 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4162 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4161 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4160 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4159 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4158 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4157 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4156 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4155 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4154 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4153 (An injection issue was addressed with improved validation. This issue  ...)
	NOT-FOR-US: Apple
CVE-2018-4152 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4151 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4150 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4149 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4148 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4147 (In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before  ...)
	NOT-FOR-US: Apple
CVE-2018-4146 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4145 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4144 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4143 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4142 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4141 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4140 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4139 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4138 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: NVIDIA graphics driver for MacOS
CVE-2018-4137 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4136 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4135 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4134 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4133 (An issue was discovered in certain Apple products. Safari before 11.1  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4132 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Intel graphics driver for MacOS
CVE-2018-4131 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4130 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4129 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4128 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4127 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4126 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4125 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4124 (An issue was discovered in certain Apple products. iOS before 11.2.6 i ...)
	NOT-FOR-US: Apple
CVE-2018-4123 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4122 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4121 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4120 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4119 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4118 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4117 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4116 (An issue was discovered in certain Apple products. Safari before 11.1  ...)
	NOT-FOR-US: Apple
CVE-2018-4115 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4114 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4113 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4112 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4111 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4110 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4109 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4108 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4107 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4106 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4105 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4104 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4103
	RESERVED
CVE-2018-4102 (An issue was discovered in certain Apple products. Safari before 11.1  ...)
	NOT-FOR-US: Apple
CVE-2018-4101 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4100 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4099
	RESERVED
CVE-2018-4098 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4097 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4096 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4095 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple bluetoothd
	NOTE: https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
CVE-2018-4094 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4093 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4092 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4091 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4090 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4089 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4088 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4087 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple bluetoothd
	NOTE: https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
CVE-2018-4086 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4085 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4084 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4083 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4082 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4081
	RESERVED
CVE-2018-4080
	REJECTED
CVE-2018-4079
	REJECTED
CVE-2018-4078
	REJECTED
CVE-2018-4077
	REJECTED
CVE-2018-4076
	REJECTED
CVE-2018-4075
	REJECTED
CVE-2018-4074
	REJECTED
CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4069 (An information disclosure vulnerability exists in the ACEManager authe ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4068 (An exploitable information disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4067 (An exploitable information disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in the  ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4064 (An exploitable unverified password change vulnerability exists in the  ...)
	NOT-FOR-US: Sierra Wireless AirLink ES250 firmware
CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4060
	REJECTED
CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...)
	{DSA-4373-1 DLA-1671-1}
	- coturn 4.5.1.0-1
CVE-2018-4058 (An exploitable unsafe default configuration vulnerability exists in th ...)
	{DSA-4373-1 DLA-1671-1}
	- coturn 4.5.1.0-1
CVE-2018-4057
	REJECTED
CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the administrator ...)
	{DSA-4373-1 DLA-1671-1}
	- coturn 4.5.1.0-1
CVE-2018-4055 (A local privilege escalation vulnerability exists in the install helpe ...)
	NOT-FOR-US: Renderman
CVE-2018-4054 (A local privilege escalation vulnerability exists in the install helpe ...)
	NOT-FOR-US: Renderman
CVE-2018-4053 (An exploitable local denial-of-service vulnerability exists in the pri ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4052 (An exploitable local information leak vulnerability exists in the priv ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4051 (An exploitable local privilege escalation vulnerability exists in the  ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4050 (An exploitable local privilege escalation vulnerability exists in the  ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4049 (An exploitable local privilege elevation vulnerability exists in the f ...)
	NOT-FOR-US: GOG Galaxy's Games for Windows
CVE-2018-4048 (An exploitable local privilege elevation vulnerability exists in the f ...)
	NOT-FOR-US: GOG Galaxy
CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4046 (An exploitable denial-of-service vulnerability exists in the helper se ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4045 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4044 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4043 (An exploitable privilege escalation vulnerability exists in the Clean  ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4042 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4041 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4040 (An exploitable uninitialized pointer vulnerability exists in the rich  ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4039 (An exploitable out-of-bounds write vulnerability exists in the PNG imp ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4038 (An exploitable arbitrary write vulnerability exists in the open docume ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4037 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4036 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4035 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4034 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4033 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the way th ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4031 (An exploitable vulnerability exists in the safe browsing function of t ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the  ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP request ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4028 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4027 (An exploitable denial-of-service vulnerability exists in the XML_Uploa ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4026 (An exploitable denial-of-service vulnerability exists in the XML_GetSc ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4025 (An exploitable denial-of-service vulnerability exists in the XML_GetRa ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4024 (An exploitable denial-of-service vulnerability exists in the thumbnail ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4023 (An exploitable code execution vulnerability exists in the XML_UploadFi ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v2 ...)
	- mkvtoolnix 28.2.0-1
	[stretch] - mkvtoolnix <not-affected> (Vulnerable code introduced later)
	[jessie] - mkvtoolnix <not-affected> (vulnerable code is not present)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
	NOTE: https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
CVE-2018-4021 (An exploitable command injection vulnerability exists in the way Netga ...)
	NOT-FOR-US: pfSense
CVE-2018-4020 (An exploitable command injection vulnerability exists in the way Netga ...)
	NOT-FOR-US: pfSense
CVE-2018-4019 (An exploitable command injection vulnerability exists in the way Netga ...)
	NOT-FOR-US: pfSense
CVE-2018-4018 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4017 (An exploitable vulnerability exists in the Wi-Fi Access Point feature  ...)
	NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4016 (An exploitable code execution vulnerability exists in the URL-parsing  ...)
	NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4015 (An exploitable vulnerability exists in the HTTP client functionality o ...)
	NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4014 (An exploitable code execution vulnerability exists in Wi-Fi Command 99 ...)
	NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP packet- ...)
	{DSA-4343-1 DLA-1582-1}
	- liblivemedia 2018.10.17-1
	NOTE: http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
CVE-2018-4012 (An exploitable buffer overflow vulnerability exists in the HTTP header ...)
	NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4011 (An exploitable integer underflow vulnerability exists in the mdnscap b ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect func ...)
	NOT-FOR-US: ProtonVPN client
CVE-2018-4009 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4007 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4006 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4005 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4004 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the mdnscap binar ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4002 (An exploitable denial-of-service vulnerability exists in the mdnscap b ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the Offic ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office Open XML ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists in the  ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3991 (An exploitable heap overflow vulnerability exists in the WkbProgramLow ...)
	NOT-FOR-US: WibuKey
CVE-2018-3990 (An exploitable pool corruption vulnerability exists in the 0x8200E804  ...)
	NOT-FOR-US: WibuKey
CVE-2018-3989 (An exploitable kernel memory disclosure vulnerability exists in the 0x ...)
	NOT-FOR-US: WibuKey
CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private information whe ...)
	NOT-FOR-US: Signal Messenger
CVE-2018-3987 (An exploitable information disclosure vulnerability exists in the 'Sec ...)
	NOT-FOR-US: Rakuten Viber on Android
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the "Sec ...)
	NOT-FOR-US: Telegram Android
CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap binary  ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the Wo ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983 (An exploitable uninitialized pointer vulnerability exists in the Word  ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word docume ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
	- xserver-xorg-video-nouveau <unfixed> (low)
	[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.3+dfsg1-3 (bug #912617)
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-10 (bug #912618)
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645
	NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
	NOTE: follow-up fix (TALOS-2019-0842): https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
	NOTE: which got a separate CVE assigned as CVE-2019-5058.
CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster file form ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the RTF- ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974 (An exploitable local privilege elevation vulnerability exists in the f ...)
	NOT-FOR-US: GOG Galaxy's
CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing functiona ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin deseri ...)
	NOT-FOR-US: Epee library
CVE-2018-3971 (An exploitable arbitrary write vulnerability exists in the 0x2222CC IO ...)
	NOT-FOR-US: Sophos
CVE-2018-3970 (An exploitable memory disclosure vulnerability exists in the 0x222000  ...)
	NOT-FOR-US: Sophos
CVE-2018-3969 (An exploitable vulnerability exists in the verified boot protection of ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3968 (An exploitable vulnerability exists in the verified boot protection of ...)
	- u-boot 2014.07+dfsg1-1
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633
CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3964 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3963 (An exploitable command injection vulnerability exists in the DHCP daem ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3962 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3961 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3960 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3959 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3958 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3956 (An exploitable out-of-bounds read vulnerability exists in the handling ...)
	NOT-FOR-US: Foxit
CVE-2018-3955 (An exploitable operating system command injection exists in the Linksy ...)
	NOT-FOR-US: Linksys
CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
	NOT-FOR-US: Linksys
CVE-2018-3953 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
	NOT-FOR-US: Linksys
CVE-2018-3952 (An exploitable code execution vulnerability exists in the connect func ...)
	NOT-FOR-US: NordVPN
CVE-2018-3951 (An exploitable remote code execution vulnerability exists in the HTTP  ...)
	NOT-FOR-US: TP-Link
CVE-2018-3950 (An exploitable remote code execution vulnerability exists in the ping  ...)
	NOT-FOR-US: TP-Link
CVE-2018-3949 (An exploitable information disclosure vulnerability exists in the HTTP ...)
	NOT-FOR-US: TP-Link
CVE-2018-3948 (An exploitable denial-of-service vulnerability exists in the URI-parsi ...)
	NOT-FOR-US: TP-Link
CVE-2018-3947 (An exploitable information disclosure vulnerability exists in the phon ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3944 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3943 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3942 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3941 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3940 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-3938 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Sony
CVE-2018-3937 (An exploitable command injection vulnerability exists in the measureme ...)
	NOT-FOR-US: Sony
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
	NOT-FOR-US: Antenna House Office Server Document Converter
CVE-2018-3935 (An exploitable code execution vulnerability exists in the UDP network  ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3934 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word docume ...)
	NOT-FOR-US: Microsoft
CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft Wor ...)
	NOT-FOR-US: Microsoft
CVE-2018-3931 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document conve ...)
	NOT-FOR-US: Microsoft
CVE-2018-3928 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the cras ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee fi ...)
	NOT-FOR-US: Samsung
CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the remote vide ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3920 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Samsung S ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3915 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3914 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3913 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the remot ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3910 (An exploitable code execution vulnerability exists in the cloud OTA se ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of video-core's ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-core's ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250-Firmware
CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3906 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the camera "cre ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the camera 'upd ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3903 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the camera "rep ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3901
	RESERVED
CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR code scan ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3899 (An exploitable code execution vulnerability exists in the QR code scan ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3898 (An exploitable code execution vulnerability exists in the QR code scan ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3897 (An exploitable buffer overflow vulnerabilities exist in the /cameras/X ...)
	NOT-FOR-US: Samsung
CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the /cameras/X ...)
	NOT-FOR-US: Samsung
CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the /cameras/XX ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the /cameras/XX ...)
	NOT-FOR-US: Samsung
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the /cameras/XX ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3892 (An exploitable firmware downgrade vulnerability exists in the time syn ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3891 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3890 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3889 (A specially crafted PCX image processed via the application can lead t ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerability wa ...)
	NOT-FOR-US: FocalScope
CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the credentials  ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in the cred ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3877 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3876 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3874 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3873 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing functiona ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing functiona ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3869
	REJECTED
CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead  ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3866 (An exploitable buffer overflow vulnerability exists in the samsungWifi ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3865 (An exploitable buffer overflow vulnerability exists in the Samsung Wif ...)
	NOT-FOR-US: Samsung
CVE-2018-3864 (An exploitable buffer overflow vulnerability exists in the Samsung Wif ...)
	NOT-FOR-US: Samsung
CVE-2018-3863 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead  ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead  ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3860 (An exploitable out-of-bounds write exists in the TIFF parsing function ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3859 (An exploitable out-of-bounds write exists in the TIFF parsing function ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3858 (An exploitable heap overflow exists in the TIFF parsing functionality  ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3857 (An exploitable heap overflow exists in the TIFF parsing functionality  ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3856 (An exploitable vulnerability exists in the smart cameras RTSP configur ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3854 (An exploitable information disclosure vulnerability exists in the pass ...)
	NOT-FOR-US: Quicken
CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3852 (An exploitable denial of service vulnerability exists in the Ocularis  ...)
	NOT-FOR-US: Ocularis Recorder
CVE-2018-3851 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted images  ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3848 (In the ffghbn function in NASA CFITSIO 3.42, specially crafted images  ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3847 (Multiple exploitable buffer overflow vulnerabilities exist in image pa ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530
CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially cra ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3845 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3844 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3843 (An exploitable type confusion vulnerability exists in the way Foxit PD ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3842 (An exploitable use of an uninitialized pointer vulnerability exists in ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3841 (A denial-of-service vulnerability exists in the Pixar Renderman IT Dis ...)
	NOT-FOR-US: Renderman
CVE-2018-3840 (A denial-of-service vulnerability exists in the Pixar Renderman IT Dis ...)
	NOT-FOR-US: Renderman
CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF image re ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
CVE-2018-3838 (An exploitable information vulnerability exists in the XCF image rende ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the PCX  ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519
CVE-2018-7442 (An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...)
	- leptonlib 1.76.0-1 (bug #898439)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	[wheezy] - leptonlib <ignored> (Minor issue)
	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
CVE-2018-7441 (Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might al ...)
	- leptonlib 1.76.0-1 (unimportant)
	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
	NOTE: Neutralised by kernel hardening
CVE-2017-18196 (Leptonica 1.74.4 constructs unintended pathnames (containing duplicate ...)
	- leptonlib 1.74.4-2 (low; bug #885704)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <not-affected> (Vulnerable code not present)
	[wheezy] - leptonlib <not-affected> (Vulnerable code not present)
CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...)
	{DLA-1302-1}
	- leptonlib 1.75.3-3 (bug #891932)
	[stretch] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied)
	[jessie] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied)
	NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
CVE-2018-3836 (An exploitable command injection vulnerability exists in the gplotMake ...)
	{DLA-1284-1}
	- leptonlib 1.75.3-1 (bug #889759)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516
	NOTE: https://github.com/DanBloomberg/leptonica/issues/303
	NOTE: When fixing this issue make sure the fix is complete and includes as well
	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
	NOTE: to not open CVE-2018-7440.
CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...)
	NOT-FOR-US: Per Face Texture (PTEX)
CVE-2018-3834 (An exploitable permanent denial of service vulnerability exists in Ins ...)
	NOT-FOR-US: Insteon Hub
CVE-2018-3833 (An exploitable firmware downgrade vulnerability exists in Insteon Hub  ...)
	NOT-FOR-US: Insteon Hub
CVE-2018-3832 (An exploitable firmware update vulnerability exists in Insteon Hub run ...)
	NOT-FOR-US: Insteon Hub
CVE-2018-3831 (Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6. ...)
	- elasticsearch <removed>
CVE-2018-3830 (Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulner ...)
	- kibana <itp> (bug #700337)
CVE-2018-3829 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was disco ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3828 (Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an info ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3827 (A sensitive data disclosure flaw was found in the Elasticsearch reposi ...)
	NOT-FOR-US: Elasticsearch repository-azure
CVE-2018-3826 (In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was f ...)
	- elasticsearch <removed>
CVE-2018-3825 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default ma ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3824 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-si ...)
	NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3823 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-si ...)
	NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a u ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-sit ...)
	- kibana <itp> (bug #700337)
CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scriptin ...)
	- kibana <itp> (bug #700337)
CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security ...)
	- kibana <itp> (bug #700337)
CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (X ...)
	- kibana <itp> (bug #700337)
CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before 5 ...)
	- logstash <itp> (bug #664841)
CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the  ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.11.6-1
	[stretch] - linux 4.9.47-1
	NOTE: Fixed by: https://git.kernel.org/linus/2638fd0f92d4397884fd991d8f4925cb3f081901
CVE-2017-18016 (Parity Browser 1.6.10 and earlier allows remote attackers to bypass th ...)
	NOT-FOR-US: Paritytech Parity Ethereum
CVE-2017-1000493 (Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL inj ...)
	NOT-FOR-US: Rocket.Chat Server
CVE-2017-1000492 (Leanote-desktop version v2.5 is vulnerable to a XSS which leads to cod ...)
	NOT-FOR-US: Leanote-desktop
CVE-2017-1000491 (Shiba markdown live preview app version 1.1.0 is vulnerable to XSS whi ...)
	NOT-FOR-US: Shiba markdown live preview app
CVE-2017-1000466 (Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripti ...)
	NOT-FOR-US: Invoice Ninja
CVE-2017-1000463 (Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripti ...)
	NOT-FOR-US: Leafpub
CVE-2017-1000459 (Leanote version &lt;= 2.5 is vulnerable to XSS due to not sanitized in ...)
	NOT-FOR-US: Leanote
CVE-2017-1000438 (In OMERO 5.3.3 or earlier a user could create an OriginalFile and adju ...)
	NOT-FOR-US: OMERO
CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in the ope ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redir ...)
	NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with pyth ...)
	{DLA-1410-1}
	- python-pysaml2 4.5.0-2 (bug #886423)
	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
	NOTE: https://github.com/rohe/pysaml2/issues/451
	NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting to ...)
	NOT-FOR-US: Vanilla Forums
CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...)
	- node-marked 0.3.9+dfsg-1 (unimportant; bug #886451)
	NOTE: https://github.com/chjj/marked/commit/cd2f6f5b7091154c5526e79b5f3bfb4d15995a51
	NOTE: nodejs not covered by security support
CVE-2017-1000426 (MapProxy version 1.10.3 and older is vulnerable to a Cross Site Script ...)
	- mapproxy 1.10.4-1 (low)
	[stretch] - mapproxy 1.9.0-3+deb9u1
	NOTE: https://github.com/mapproxy/mapproxy/issues/322
	NOTE: https://github.com/mapproxy/mapproxy/commit/2e102843203c11b02c002daa08ca59d05d5eff5a (master)
	NOTE: https://github.com/mapproxy/mapproxy/commit/87faa667007b00ef11ee09b16707aa9ad2e8da28 (1.10.x)
CVE-2017-1000425 (Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp ...)
	NOT-FOR-US: Liferay Portal CE
CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the C ...)
	- bro 2.5.2-1
	[stretch] - bro <no-dsa> (Minor issue)
	NOTE: https://bro-tracker.atlassian.net/browse/BIT-1856
	NOTE: https://github.com/bro/bro/commit/6c0f101a62489b1c5927b4ed63b0e1d37db40282
CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal ve ...)
	NOT-FOR-US: mojoPortal
CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate boundaries in Text ...)
	{DSA-4097-1 DLA-1228-1}
	- poppler 0.61.1-2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b
CVE-2017-1000455 (GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d us ...)
	- guix <itp> (bug #850644)
	NOTE: https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html
CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template In ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templat ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and ea ...)
	NOT-FOR-US: Samlify
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git versio ...)
	NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and  ...)
	{DLA-1438-1 DLA-1235-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #886282)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9723
	NOTE: https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
	NOTE: https://github.com/opencv/opencv/pull/9726
CVE-2017-1000449
	REJECTED
CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a di ...)
	NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer d ...)
	{DLA-1785-1 DLA-1229-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/839a14e43d0c88db7b3fffe8aa4ec57d80c93623
CVE-2017-1000444 (Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in t ...)
	NOT-FOR-US: Eleix Openhacker
CVE-2017-1000443 (Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability i ...)
	NOT-FOR-US: Eleix Openhacker
CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS in the ur ...)
	NOT-FOR-US: Passbolt API
CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is ...)
	NOT-FOR-US: eZ Systems eZ Publish
CVE-2017-1000430 (rust-base64 version &lt;= 0.5.1 is vulnerable to a buffer overflow whe ...)
	NOTE: https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml
	NOT-FOR-US: rust-base64
CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable ...)
	- electron <itp> (bug #842420)
CVE-2017-1000423 (b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation ( ...)
	- b2evolution <removed>
CVE-2017-1000422 (Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer ove ...)
	{DSA-4088-1 DLA-1234-1}
	- gdk-pixbuf 2.36.11-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785973
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e066ba37439d402ce46afbc1311530a4ec61
CVE-2017-1000421 (Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in t ...)
	{DSA-4084-1 DLA-1233-1}
	- gifsicle 1.90-1
	NOTE: https://github.com/kohler/gifsicle/issues/114
	NOTE: https://github.com/kohler/gifsicle/commit/81fd7823f6d9c85ab598bc850e40382068361185
CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink traversal ...)
	- syncthing 0.14.36+ds1-1
	[stretch] - syncthing <no-dsa> (Minor issue)
	NOTE: https://github.com/syncthing/syncthing/commit/1f09488a0f1fdca07076b007b9789f23a6df1060 (v0.14.34)
	NOTE: https://github.com/syncthing/syncthing/commit/a0f771c221f6ef18fcc496e736670d85f36b8dec
	NOTE: https://github.com/syncthing/syncthing/issues/4286
CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar functio ...)
	- phpbb3 <removed>
	[jessie] - phpbb3 <not-affected> (Vulnerable code not present)
	[wheezy] - phpbb3 <not-affected> (Vulnerable code not present)
CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1 ...)
	- wildmidi 0.4.2-1 (bug #886503)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (Vulnerable code introduced later)
	[wheezy] - wildmidi <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Mindwerks/wildmidi/issues/178
	NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ol ...)
	NOT-FOR-US: OP-TEE
CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ol ...)
	NOT-FOR-US: OP-TEE
CVE-2018-3816
	RESERVED
CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) pr ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS vi ...)
	NOT-FOR-US: ILLID Share This Image plugin for WordPress
CVE-2017-18014 (An NC-25986 issue was discovered in the Logging subsystem of Sophos XG ...)
	NOT-FOR-US: Sophos
CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP co ...)
	NOT-FOR-US: Craft CMS
CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.16 ...)
	NOT-FOR-US: FLIR Brickstream 2300 devices
CVE-2018-3812
	RESERVED
CVE-2018-3811 (SQL Injection vulnerability in the Oturia Smart Google Code Inserter p ...)
	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Code In ...)
	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
CVE-2017-18013 (In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print ...)
	{DSA-4100-1 DLA-1260-1 DLA-1259-1}
	- tiff 4.0.9-3 (bug #885985)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2770
	NOTE: https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
CVE-2017-18012 (The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zli ...)
	NOT-FOR-US: Z-URL Preview plugin for WordPress
CVE-2017-18011 (The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6  ...)
	NOT-FOR-US: MyCBGenie Affiliate Ads for Clickbank Products plugin WordPress
CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0. ...)
	NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress
CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function  ...)
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 4.1.2+dfsg-3 (low; bug #924884)
	[buster] - opencv <no-dsa> (Minor issue)
	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
	[jessie] - opencv <not-affected> (Vulnerable code introduced later)
	[wheezy] - opencv <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/opencv/opencv/issues/10479
	NOTE: Introduced after: https://github.com/opencv/opencv/commit/7469c935f3ec8e9fe4f56b7eed07b284b7b7b5df
	NOTE: Fixed: https://github.com/opencv/opencv/commit/4ca89db22dea962690f31c1781bce5937ee91837
CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/921
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a5f95fc018a5667de5a9448aee9d7251b2eb952
CVE-2017-18007
	RESERVED
CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in the quick ...)
	NOT-FOR-US: Extensis Portfolio NetPublish
CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toL ...)
	- exiv2 0.27.2-6 (low; bug #885981)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/168
	NOTE: Fixed via: https://github.com/Exiv2/exiv2/pull/199
CVE-2017-18004 (Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps ...)
	NOT-FOR-US: Zurmo
CVE-2017-18003
	RESERVED
CVE-2017-18002
	RESERVED
CVE-2017-18001 (Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote att ...)
	NOT-FOR-US: Trustwave Secure Web Gateway
CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1 ...)
	NOT-FOR-US: Magento
CVE-2017-18000
	RESERVED
CVE-2017-17999 (SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allow ...)
	NOT-FOR-US: RISE Ultimate Project Manager
CVE-2017-17998
	RESERVED
CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointe ...)
	{DLA-1634-1}
	- wireshark 2.4.0-1
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-02.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299
	NOTE: https://code.wireshark.org/review/#/c/25063/
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50
CVE-2017-17996 (A buffer overflow vulnerability in "Add command" functionality exists  ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-17995 (Biometric Shift Employee Management System has XSS via the Last_Name p ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17994 (Biometric Shift Employee Management System has XSS via the criteria pa ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17993 (Biometric Shift Employee Management System has XSS via the amount para ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17992 (Biometric Shift Employee Management System allows Arbitrary File Downl ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17991 (Biometric Shift Employee Management System has XSS via the expense_nam ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17990 (Biometric Shift Employee Management System has CSRF via index.php in a ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17989 (Biometric Shift Employee Management System has XSS via the index.php h ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17988 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17987 (PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file uploa ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17986 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17985 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17984 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17983 (PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the v ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17982 (PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17981 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slide ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17980
	RESERVED
CVE-2017-17979
	RESERVED
CVE-2017-17978
	RESERVED
CVE-2017-17977
	RESERVED
CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lea ...)
	NOT-FOR-US: Perfex CRM
CVE-2017-17975 (Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/ ...)
	{DSA-4188-1}
	- linux 4.15.17-1
	[jessie] - linux <not-affected> (Vulnerable code path not present)
	[wheezy] - linux <not-affected> (Vulnerable code path not present)
CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPser ...)
	NOT-FOR-US: BA SYSTEMS BAS Web on BAS920 devices
CVE-2017-17973 (** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free  ...)
	- tiff <unfixed> (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769
	NOTE: Details on the issue are not confirmed by the reporter after several attempts
	NOTE: and this does like a non-issue. More reprodicibly reports are from SUSE in
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1074318#c5 claiming this might be
	NOTE: a duplicate of CVE-2017-9935. Unless the reporter provides more details on
	NOTE: upstream report go and consider this as non-issue.
CVE-2017-1000447
	REJECTED
CVE-2017-1000446
	REJECTED
CVE-2017-1000440
	REJECTED
CVE-2017-1000436
	REJECTED
CVE-2017-1000435
	REJECTED
CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...)
	{DSA-4092-1 DLA-1238-1}
	- awstats 7.6+dfsg-2 (bug #885835)
	NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
	NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
CVE-2017-17972 (packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the ...)
	NOT-FOR-US: Archon
CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in Doli ...)
	- dolibarr <removed> (bug #885828)
	NOTE: https://github.com/Dolibarr/dolibarr/issues/8000
CVE-2018-3809 (Information exposure through directory listings in serve 6.5.3 allows  ...)
	NOT-FOR-US: serve nodejs module
CVE-2018-3808
	RESERVED
CVE-2018-3807
	RESERVED
CVE-2018-3806
	RESERVED
CVE-2018-3805
	RESERVED
CVE-2018-3804
	RESERVED
CVE-2018-3803
	RESERVED
CVE-2018-3802
	RESERVED
CVE-2018-3801
	RESERVED
CVE-2018-3800
	RESERVED
CVE-2018-3799
	RESERVED
CVE-2018-3798
	RESERVED
CVE-2018-3797
	RESERVED
CVE-2018-3796
	RESERVED
CVE-2018-3795
	RESERVED
CVE-2018-3794
	RESERVED
CVE-2018-3793
	RESERVED
CVE-2018-3792
	RESERVED
CVE-2018-3791
	RESERVED
CVE-2018-3790
	RESERVED
CVE-2018-3789
	RESERVED
CVE-2018-3788
	RESERVED
CVE-2018-3787 (Path traversal in simplehttpserver &lt;v0.2.1 allows listing any file  ...)
	NOT-FOR-US: simplehttpserver node module
CVE-2018-3786 (A command injection vulnerability in egg-scripts &lt;v2.8.1 allows arb ...)
	NOT-FOR-US: egg-scripts
CVE-2018-3785 (A command injection in git-dummy-commit v1.3.0 allows os level command ...)
	NOT-FOR-US: Node.js third-party module git-dummy-commit
CVE-2018-3784 (A code injection in cryo 0.0.6 allows an attacker to arbitrarily execu ...)
	NOT-FOR-US: cryo
CVE-2018-3783 (A privilege escalation detected in flintcms versions &lt;= 1.1.9 allow ...)
	NOT-FOR-US: flintcms
CVE-2018-3782
	REJECTED
CVE-2018-3781 (A missing sanitization of search results for an autocomplete field in  ...)
	NOT-FOR-US: NextCloud Talk
CVE-2018-3780 (A missing sanitization of search results for an autocomplete field in  ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...)
	NOT-FOR-US: Trojaned gem release
CVE-2018-3778 (Improper authorization in aedes version &lt;0.35.0 will publish a LWT  ...)
	NOT-FOR-US: aedes
CVE-2018-3777 (Insufficient URI encoding in restforce before 3.0.0 allows attacker to ...)
	NOT-FOR-US: restforce
CVE-2018-3776 (Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0. ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3775 (Improper Authentication in Nextcloud Server prior to version 12.0.3 wo ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3774 (Incorrect parsing in url-parse &lt;1.4.3 returns wrong hostname which  ...)
	- node-url-parse 1.2.0-2 (bug #906058)
	[stretch] - node-url-parse <ignored> (Nodejs in stretch not covered by security support)
	NOTE: https://hackerone.com/reports/384029
	NOTE: https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
	NOTE: https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
CVE-2018-3773 (There is a stored Cross-Site Scripting vulnerability in Open Graph met ...)
	NOT-FOR-US: metascrape nodejs module
CVE-2018-3772 (Concatenating unsanitized user input in the `whereis` npm module &lt;  ...)
	NOT-FOR-US: whereis nodejs module
CVE-2018-3771 (An XSS in statics-server &lt;= 0.0.9 can be used via injected iframe i ...)
	NOT-FOR-US: statics-server nodejs module
CVE-2018-3770 (A path traversal exists in markdown-pdf version &lt;9.0.0 that allows  ...)
	NOT-FOR-US: markdown-pdf nodejs module
CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerab ...)
	- ruby-grape 1.1.0-1 (bug #903086)
	[stretch] - ruby-grape <no-dsa> (Minor issue)
	NOTE: https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af
	NOTE: https://github.com/ruby-grape/grape/issues/1762
	NOTE: https://github.com/ruby-grape/grape/pull/1763
CVE-2018-3768
	REJECTED
CVE-2018-3767 (`memjs` versions &lt;= 1.1.0 allocates and stores buffers on typed inp ...)
	NOT-FOR-US: memjs node module
CVE-2018-3766 (Path traversal in buttle module versions &lt;= 0.2.0 allows to read an ...)
	NOT-FOR-US: buttle node module
CVE-2018-3765
	RESERVED
CVE-2018-3764 (In Nextcloud Contacts before 2.1.2, a missing sanitization of search r ...)
	NOT-FOR-US: Nextcloud Contacts
CVE-2018-3763 (In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization o ...)
	NOT-FOR-US: Nextcloud Contacts
CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authent ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions Affe ...)
	{DSA-4242-1 DLA-1419-1}
	- ruby-sprockets 3.7.0-1.1 (bug #901913)
	NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
	NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f (master)
	NOTE: https://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441 (3.x)
	NOTE: https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5 (2.x)
CVE-2018-3759 (private_address_check ruby gem before 0.5.0 is vulnerable to a time-of ...)
	NOT-FOR-US: private_address_check
CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 all ...)
	NOT-FOR-US: express-cart
CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped strin ...)
	NOT-FOR-US: node pdf-image
CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable  ...)
	NOT-FOR-US: Hyperledger Iroha
CVE-2018-3755 (XSS in sexstatic &lt;=0.6.2 causes HTML injection in directory name(s) ...)
	NOT-FOR-US: sexstatic
CVE-2018-3754 (Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0. ...)
	NOT-FOR-US: query-mysql
CVE-2018-3753 (The utilities function in all versions &lt;= 1.0.0 of the merge-object ...)
	NOT-FOR-US: merge-objects
CVE-2018-3752 (The utilities function in all versions &lt;= 1.0.0 of the merge-option ...)
	NOT-FOR-US: merge-options
CVE-2018-3751 (The utilities function in all versions &lt;= 0.3.0 of the merge-recurs ...)
	NOT-FOR-US: merge-recursive
CVE-2018-3750 (The utilities function in all versions &lt;= 0.5.0 of the deep-extend  ...)
	- node-deep-extend 0.4.1-2 (unimportant; bug #926616)
	NOTE: https://nodesecurity.io/advisories/612
	NOTE: nodejs not covered by security support
CVE-2018-3749 (The utilities function in all versions &lt; 1.0.1 of the deap node mod ...)
	NOT-FOR-US: deap
CVE-2018-3748 (There is a Stored XSS vulnerability in the glance node module versions ...)
	NOT-FOR-US: glance node module (different from src:glance)
CVE-2018-3747 (The public node module versions &lt;= 1.0.3 allows to embed HTML in fi ...)
	NOT-FOR-US: public node module versions
CVE-2018-3746 (The pdfinfojs NPM module versions &lt;= 0.3.6 has a command injection  ...)
	NOT-FOR-US: pdfinfojs nodejs module
CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is  ...)
	NOT-FOR-US: nodejs atob module
CVE-2018-3744 (The html-pages node module contains a path traversal vulnerabilities t ...)
	NOT-FOR-US: html-pages nodejs module
CVE-2018-3743 (Open redirect in hekto &lt;=0.2.3 when target domain name is used as h ...)
	NOT-FOR-US: hekto nodejs module
CVE-2018-3742
	REJECTED
CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem  ...)
	- ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
	[stretch] - ruby-rails-html-sanitizer <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to a ...)
	{DSA-4358-1}
	[experimental] - ruby-sanitize 4.6.5-1
	- ruby-sanitize 4.6.6-1 (bug #893610)
	[jessie] - ruby-sanitize <ignored> (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1)
	NOTE: https://github.com/rgrove/sanitize/issues/176
	NOTE: https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e (v4.6.3)
	NOTE: Fixes for 2.1.x: https://github.com/rgrove/sanitize/compare/v2.1.0...v2.1.1
	NOTE: Only an issue in combination with libxml2 >= 2.9.2
	NOTE: The 'fragment' method was renamed from 'clean' method in earlier version
	NOTE: in v3.0.0
CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer constr ...)
	NOT-FOR-US: https-proxy-agent
CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto  ...)
	NOT-FOR-US: protobufjs
CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. ...)
	- node-sshpk 1.13.1+dfsg-2 (bug #901093)
	NOTE: https://github.com/joyent/node-sshpk/issues/44
	NOTE: https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957
CVE-2018-3736
	REJECTED
CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable pas ...)
	NOT-FOR-US: bracket-template nodejs module
CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...)
	NOT-FOR-US: stattic nodejs module
CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path Traversa ...)
	NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3732 (resolve-path node module before 1.4.0 suffers from a Path Traversal vu ...)
	NOT-FOR-US: resolve-path nodejs module
CVE-2018-3731 (public node module suffers from a Path Traversal vulnerability due to  ...)
	NOT-FOR-US: public nodejs module
CVE-2018-3730 (mcstatic node module suffers from a Path Traversal vulnerability due t ...)
	NOT-FOR-US: mcstatic nodejs module
CVE-2018-3729 (localhost-now node module suffers from a Path Traversal vulnerability  ...)
	NOT-FOR-US: localhost-now nodejs module
CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Mo ...)
	- node-hoek 5.0.3-1 (unimportant)
	NOTE: fixed in 4.2.1
	NOTE: https://github.com/hapijs/hoek/issues/230
	NOTE: https://hackerone.com/reports/310439
	NOTE: https://snyk.io/vuln/npm:hoek:20180212
	NOTE: https://nodesecurity.io/advisories/566
	NOTE: nodejs not covered by security support
CVE-2018-3727 (626 node module suffers from a Path Traversal vulnerability due to lac ...)
	NOT-FOR-US: 626 node module
CVE-2018-3726 (crud-file-server node module before 0.8.0 suffers from a Cross-Site Sc ...)
	NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3725 (hekto node module suffers from a Path Traversal vulnerability due to l ...)
	NOT-FOR-US: hekto nodejs module
CVE-2018-3724 (general-file-server node module suffers from a Path Traversal vulnerab ...)
	NOT-FOR-US: general-file-server node module
CVE-2018-3723 (defaults-deep node module before 0.2.4 suffers from a Modification of  ...)
	NOT-FOR-US: defaults-deep node module
CVE-2018-3722 (merge-deep node module before 3.0.1 suffers from a Modification of Ass ...)
	NOT-FOR-US: merge-deep node module
CVE-2018-3721 (lodash node module before 4.17.5 suffers from a Modification of Assume ...)
	- node-lodash 4.17.11+dfsg-1 (unimportant; bug #890575)
	NOTE: https://snyk.io/vuln/npm:lodash:20180130
	NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
	NOTE: nodejs not covered by security support
CVE-2018-3720 (assign-deep node module before 0.4.7 suffers from a Modification of As ...)
	NOT-FOR-US: assign-deep node module
CVE-2018-3719 (mixin-deep node module before 1.3.1 suffers from a Modification of Ass ...)
	- node-mixin-deep 1.1.3-2 (bug #898315)
	[stretch] - node-mixin-deep 1.1.3-1+deb9u1
	NOTE: https://nodesecurity.io/advisories/578
CVE-2018-3718 (serve node module suffers from Improper Handling of URL Encoding by pe ...)
	NOT-FOR-US: serve node module
CVE-2018-3717 (connect node module before 2.14.0 suffers from a Cross-Site Scripting  ...)
	- node-connect 3.0.0-1
	NOTE: https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
CVE-2018-3716 (simplehttpserver node module suffers from a Cross-Site Scripting vulne ...)
	NOT-FOR-US: simplehttpserver node module
CVE-2018-3715 (glance node module before 3.0.4 suffers from a Path Traversal vulnerab ...)
	NOT-FOR-US: glance node module
CVE-2018-3714 (node-srv node module suffers from a Path Traversal vulnerability due t ...)
	NOT-FOR-US: node-srv node module
CVE-2018-3713 (angular-http-server node module suffers from a Path Traversal vulnerab ...)
	NOT-FOR-US: angular-http-server node module
CVE-2018-3712 (serve node module before 6.4.9 suffers from a Path Traversal vulnerabi ...)
	NOT-FOR-US: npm serve
	NOTE: fixed in 6.4.9 upstream
	NOTE: https://github.com/zeit/serve/commit/6adad6881c61991da61ebc857857c53409544575
	NOTE: https://github.com/zeit/serve/pull/316
	NOTE: https://hackerone.com/reports/307666
	NOTE: https://nodesecurity.io/advisories/561
CVE-2018-3711 (Fastify node module before 0.38.0 is vulnerable to a denial-of-service ...)
	NOT-FOR-US: Fastify
	NOTE: fixed in 0.38.0 upstream
	NOTE: https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
	NOTE: https://hackerone.com/reports/303632
	NOTE: https://nodesecurity.io/advisories/564
CVE-2018-3710 (Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable  ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote atta ...)
	NOT-FOR-US: Muviko
CVE-2017-17969 (Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeRe ...)
	{DSA-4104-1 DLA-1268-1}
	- p7zip 16.02+dfsg-5 (bug #888297)
	NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
	NOTE: Fixed in upstream 18.00-beta.
CVE-2018-3709
	RESERVED
CVE-2018-3708
	RESERVED
CVE-2018-3707
	RESERVED
CVE-2018-3706
	RESERVED
CVE-2018-3705 (Improper directory permissions in the installer for the Intel(R) Syste ...)
	NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
	NOT-FOR-US: Intel Parallel Studio
CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) SSD D ...)
	NOT-FOR-US: Intel
CVE-2018-3702 (Improper permissions in the installer for the ITE Tech* Consumer Infra ...)
	NOT-FOR-US: ITE Tech* Consumer Infrared Driver for Windows 10
CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...)
	NOT-FOR-US: Intel
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...)
	NOT-FOR-US: Intel
CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for Windows may  ...)
	NOT-FOR-US: Intel RAID Web Console
CVE-2018-3698 (Improper file permissions in the installer for the Intel Ready Mode Te ...)
	NOT-FOR-US: Intel
CVE-2018-3697 (Improper directory permissions in the installer for the Intel Media Se ...)
	NOT-FOR-US: Intel
CVE-2018-3696 (Authentication bypass in the Intel RAID Web Console 3 for Windows befo ...)
	NOT-FOR-US: Intel RAID Web Console
CVE-2018-3695
	RESERVED
CVE-2018-3694
	RESERVED
CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and branc ...)
	- linux <unfixed>
	NOTE: https://access.redhat.com/solutions/3523601
	NOTE: https://01.org/security/advisories/intel-oss-10002
	NOTE: Speculative Bounds Checks Bypass with Store (BCBS)
CVE-2018-3692
	RESERVED
CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives Crypto ...)
	NOT-FOR-US: Intel
CVE-2018-3690
	REJECTED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software Compo ...)
	NOT-FOR-US: Intel
CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tools in  ...)
	NOT-FOR-US: Intel
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ver ...)
	NOT-FOR-US: Intel
CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool before v ...)
	NOT-FOR-US: Intel
CVE-2018-3685
	RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 all ...)
	NOT-FOR-US: Intel
CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0  ...)
	NOT-FOR-US: Intel
CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems pote ...)
	NOT-FOR-US: Intel
CVE-2018-3681
	RESERVED
CVE-2018-3680
	RESERVED
CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center Manager S ...)
	NOT-FOR-US: Intel
CVE-2018-3678
	RESERVED
CVE-2018-3677
	RESERVED
CVE-2018-3676
	RESERVED
CVE-2018-3675
	RESERVED
CVE-2018-3674
	RESERVED
CVE-2018-3673
	RESERVED
CVE-2018-3672 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
	NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application before 11.4 ...)
	NOT-FOR-US: Intel Saffron admin application
CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
	NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wi ...)
	NOT-FOR-US: Intel
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) befor ...)
	NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
	NOT-FOR-US: Intel
CVE-2018-3666 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
	NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems u ...)
	{DSA-4232-1 DLA-1422-1}
	- linux 4.6.1-1
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://xenbits.xen.org/xsa/advisory-267.html
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
	NOTE: Default eagerfpu=on on all CPUs: https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
	NOTE: Hard-disable lazy FPU mode: https://git.kernel.org/linus/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7
CVE-2018-3664
	RESERVED
CVE-2018-3663 (Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows ...)
	NOT-FOR-US: Intel Saffron MemoryBase
CVE-2018-3662 (Escalation of privilege in Intel Saffron MemoryBase before version 11. ...)
	NOT-FOR-US: Intel Saffron MemoryBase
CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.exe an ...)
	NOT-FOR-US: Intel
CVE-2018-3660
	RESERVED
CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware before vers ...)
	NOT-FOR-US: Intel
CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware versions bef ...)
	NOT-FOR-US: Intel
CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware versions ...)
	NOT-FOR-US: Intel
CVE-2018-3656
	RESERVED
CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version 11.21.55,  ...)
	NOT-FOR-US: Intel
CVE-2018-3654
	RESERVED
CVE-2018-3653
	RESERVED
CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect Interface)  ...)
	NOT-FOR-US: Intel
CVE-2018-3651
	RESERVED
CVE-2018-3650 (Insufficient Input Validation in Bleach module in INTEL Distribution f ...)
	NOT-FOR-US: Intel
CVE-2018-3649 (DLL injection vulnerability in the installation executables (Autorun.e ...)
	NOT-FOR-US: Intel
CVE-2018-3648
	RESERVED
CVE-2018-3647
	RESERVED
CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and addre ...)
	{DSA-4279-1 DSA-4274-1 DLA-1481-1}
	- linux 4.17.15-1
	[jessie] - linux <ignored> (Too invasive and risky to apply)
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	- intel-microcode 3.20180703.1
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
	NOTE: https://foreshadowattack.eu/
	NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
	NOTE: https://xenbits.xen.org/xsa/advisory-273.html
	NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
	NOT-FOR-US: Intel
CVE-2018-3644
	RESERVED
CVE-2018-3643 (A vulnerability in Power Management Controller firmware in systems usi ...)
	NOT-FOR-US: Intel
CVE-2018-3642
	RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
	NOT-FOR-US: Intel
CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that  ...)
	{DSA-4273-2 DSA-4273-1 DLA-1446-1}
	- intel-microcode 3.20180703.1
	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
	NOTE: No software mitigations planned to be implemented in src:linux
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and specu ...)
	{DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1731-1 DLA-1715-1 DLA-1529-1 DLA-1446-1 DLA-1423-1}
	- intel-microcode 3.20180703.1
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[wheezy] - linux <ignored> (Too much work to backport)
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://xenbits.xen.org/xsa/advisory-263.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
	NOTE: Qemu part of the mitigations for the speculative store buffer bypass
	NOTE: vulnerabilities on x86 are needed: #908682
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd
CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
	NOT-FOR-US: Intel
CVE-2018-3637
	RESERVED
CVE-2018-3636
	RESERVED
CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store Techno ...)
	NOT-FOR-US: Intel
CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect Acc ...)
	NOT-FOR-US: Intel
CVE-2018-3633
	RESERVED
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel Conve ...)
	NOT-FOR-US: Intel
CVE-2018-3631
	RESERVED
CVE-2018-3630
	REJECTED
CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
	NOT-FOR-US: Intel
CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology  ...)
	NOT-FOR-US: Intel
CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may allow ...)
	NOT-FOR-US: Intel
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9 ...)
	NOT-FOR-US: Intel
CVE-2018-3625
	RESERVED
CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM7 ...)
	NOT-FOR-US: Intel
CVE-2018-3623
	RESERVED
CVE-2018-3622
	RESERVED
CVE-2018-3621 (Insufficient input validation in the Intel Driver &amp; Support Assist ...)
	NOT-FOR-US: Intel
CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and addre ...)
	{DSA-4279-1 DSA-4274-1 DLA-1529-1 DLA-1481-1}
	- linux 4.17.15-1
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	- intel-microcode 3.20180703.1
	NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
	NOTE: https://foreshadowattack.eu/
	NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
	NOTE: https://xenbits.xen.org/xsa/advisory-273.html
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with  ...)
	NOT-FOR-US: Intel
CVE-2018-3618
	RESERVED
CVE-2018-3617
	REJECTED
CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS implementation  ...)
	NOT-FOR-US: Intel
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and Intel ...)
	- intel-microcode 3.20180703.1
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
	NOTE: https://foreshadowattack.eu/
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3614
	RESERVED
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
CVE-2018-3613 (Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2 ...)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=415
	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=44
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html
CVE-2018-3612 (Intel NUC kits with insufficient input validation in system firmware,  ...)
	NOT-FOR-US: Intel
CVE-2018-3611 (Bounds check vulnerability in User Mode Driver in Intel Graphics Drive ...)
	NOT-FOR-US: Intel
CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...)
	NOT-FOR-US: Intel
CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport Do ...)
	NOT-FOR-US: NetTransport Download Manager
CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attacke ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2017-17966
	RESERVED
CVE-2017-17965
	RESERVED
CVE-2017-17964
	RESERVED
CVE-2017-17963
	RESERVED
CVE-2017-17962
	RESERVED
CVE-2017-17961
	RESERVED
CVE-2017-17960 (PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerup ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17959 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the s ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17958 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17957 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the m ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17956 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/selle ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17955 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-ca ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17954 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17953 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.ph ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17952 (PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registrati ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17951 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the s ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17950 (Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid paramet ...)
	NOT-FOR-US: Cells Blog
CVE-2017-17949 (Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. ...)
	NOT-FOR-US: Cells Blog
CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic req ...)
	NOT-FOR-US: Cells Blog
CVE-2017-17947 (A cross site scripting issue has been found in custompage.cgi in Pulse ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, ...)
	NOT-FOR-US: OpenDayLight
CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to e ...)
	NOT-FOR-US: Handy Password
CVE-2017-17945 (The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing  ...)
	NOT-FOR-US: ASUS HiVivo
CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has Missing SS ...)
	NOT-FOR-US: ASUS Vivobaby application
CVE-2017-17943
	RESERVED
CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in the functi ...)
	- tiff 4.0.6-3 (unimportant; bug #885579)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2767
	NOTE: https://gitlab.com/libtiff/libtiff/issues/120
	NOTE: No patch available. Marked as wontfix by upstream.
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed
	NOTE: although technically still present in the source package.
CVE-2017-17941 (PHP Scripts Mall Single Theater Booking has SQL Injection via the admi ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17940 (PHP Scripts Mall Single Theater Booking has XSS via the title paramete ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17939 (PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesetting ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17938 (PHP Scripts Mall Single Theater Booking has XSS via the admin/viewthea ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17937 (Vanguard Marketplace Digital Products PHP has XSS via the phps_query p ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17936 (Vanguard Marketplace Digital Products PHP has CSRF via /search. ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2018-3609 (A vulnerability in the Trend Micro InterScan Messaging Security Virtua ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3608 (A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (ver ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3607 (XXXTreeNode method SQL injection remote code execution (RCE) vulnerabi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3606 (XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL inj ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3605 (TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3604 (GetXXX method SQL injection remote code execution (RCE) vulnerabilitie ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3603 (A CGGIServlet SQL injection remote code execution (RCE) vulnerability  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3602 (An AdHocQuery_Processor SQL injection remote code execution (RCE) vuln ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3601 (A password hash usage authentication bypass vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3600 (A external entity processing information disclosure (XXE) vulnerabilit ...)
	NOT-FOR-US: Trend Micro
CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wireshark th ...)
	{DLA-1634-1}
	- wireshark 2.4.4-1 (bug #885831)
	[wheezy] - wireshark <ignored> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
	NOTE: https://code.wireshark.org/review/#/c/24997/
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, rela ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or ...)
	NOT-FOR-US: NetWin SurgeFTP
CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...)
	NOT-FOR-US: ALLPlayer
CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the forget. ...)
	NOT-FOR-US: PHP Scripts Mall Resume Clone Script
CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via admin/genera ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17929 (PHP Scripts Mall Professional Service Script has XSS via the admin/ban ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17928 (PHP Scripts Mall Professional Service Script has SQL injection via the ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17927 (PHP Scripts Mall Professional Service Script allows remote attackers t ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17926 (PHP Scripts Mall Professional Service Script has a predicable registra ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17925 (PHP Scripts Mall Professional Service Script has XSS via the admin/gen ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17924 (PHP Scripts Mall Professional Service Script allows remote attackers t ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17923
	RESERVED
CVE-2017-17922
	RESERVED
CVE-2017-17921
	RESERVED
CVE-2017-17920 (** DISPUTED ** SQL injection vulnerability in the 'reorder' method in  ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17919 (** DISPUTED ** SQL injection vulnerability in the 'order' method in Ru ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17918
	RESERVED
CVE-2017-17917 (** DISPUTED ** SQL injection vulnerability in the 'where' method in Ru ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17916 (** DISPUTED ** SQL injection vulnerability in the 'find_by' method in  ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buff ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
	{DLA-1785-1 DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buf ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.27-3
	[jessie] - graphicsmagick <not-affected> (webp feature was not compiled in)
	[wheezy] - graphicsmagick <not-affected> (webp feature has not been implemented)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/88313ebe379c
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/536/
CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buff ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/
CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer  ...)
	NOT-FOR-US: Archon
CVE-2017-17910 (On Hoermann BiSecur devices before 2018, a vulnerability can be exploi ...)
	NOT-FOR-US: Hoermann BiSecur
CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the admin/ge ...)
	NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via admin/gener ...)
	NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
CVE-2017-17907 (PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php  ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2017-17906 (PHP Scripts Mall Car Rental Script has SQL Injection via the admin/car ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2017-17905 (PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the  ...)
	NOT-FOR-US: FS Lynda Clone
CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by addi ...)
	NOT-FOR-US: FS Lynda Clone
CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of  ...)
	NOT-FOR-US: Kliqqi CMS
CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of s ...)
	NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ver ...)
	- dolibarr <removed> (bug #885321)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in Doli ...)
	- dolibarr <removed> (bug #885321)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl ...)
	- dolibarr <removed> (bug #885321)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
	NOTE: https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c
CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM  ...)
	- dolibarr <removed> (bug #885321)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /jo ...)
	NOT-FOR-US: Readymade Job Site Script
CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the location_name arra ...)
	NOT-FOR-US: Readymade Job Site Script
CVE-2017-17894 (Readymade Job Site Script has CSRF via the /job URI. ...)
	NOT-FOR-US: Readymade Job Site Script
CVE-2017-17893 (Readymade Video Sharing Script has XSS via the search_video.php search ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17892 (Readymade Video Sharing Script has SQL Injection via the viewsubs.php  ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.php. ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17890
	RESERVED
CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, ...)
	NOT-FOR-US: Kliqqi CMS
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS ...)
	NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a42f63927e7f2e26846b7ed4560e9cb4984af7b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dddce3e790b5b0f5dad91a7960de67af5bdea789
CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/874
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8204599ef0e85324876459e5d45db00660920482
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4a71d71f4ae289b6672102efaef6543643e8efb8
CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/879
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba085736fd49ad89c1937d1ee2b80ae4e11ab97
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/5e863ae629010110772321fd181bac34c4b57345
CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/902
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4d6accd355119d54429a86a1859b8329f0130f30
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/82f20a898107a9c1ef6ad2024c4b191719b294ea
CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/877
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0a7241df0f889cc3158ba82774ff21fa1da87ec
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2a1ec7d97f356e9fb6dbc328da17d93ab7a8167c
CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/880
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/903f14eb94521aa6dca9d9ac55d3d9a6c7676a63
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/92fbef516b94ed96fa2a672831acd5dafb242ac5
CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/878
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ece953bbe14e8514afc23e05e4030eea872e29da
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/aa601d79a630f6de0694fadbeee31456a357fa73
CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based  ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/907
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b5d1edb02c432040e3ff894d0c461bcce6fd2c9
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/663b3b432c202cd2aeda7ea7e82b74cce51ab1cf
	NOTE: webp support not enabled, see #806425
CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based b ...)
	{DSA-4204-1 DSA-4074-1 DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #885125)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e41f18ecccbdd1c38e1382057718e91e8f8d6d80
CVE-2017-17878 (An issue was discovered in Valve Steam Link build 643. Root passwords  ...)
	NOT-FOR-US: Valve Steam Link
CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When the SSH da ...)
	NOT-FOR-US: Valve Steam Link
CVE-2017-17876 (Biometric Shift Employee Management System 3.0 allows remote attackers ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17875 (The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via th ...)
	NOT-FOR-US: JEXTN FAQ Pro extension for Joomla!
CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file up ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via th ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17872 (The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection  ...)
	NOT-FOR-US: JEXTN Video Gallery extension for Joomla!
CVE-2017-17871 (The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL In ...)
	NOT-FOR-US: "JEXTN Question And Answer" extension for Joomla!
CVE-2017-17870 (The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the a ...)
	NOT-FOR-US: JBuildozer extension for Joomla!
CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the single- ...)
	NOT-FOR-US: mgl-instagram-gallery plugin for WordPress
CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render  ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated user ...)
	NOT-FOR-US: Inteno iopsys
CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain leng ...)
	{DSA-4334-1}
	- mupdf 1.12.0+ds1-1 (bug #885120)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public)
CVE-2017-17865
	RESERVED
CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles st ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-17863 (kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does no ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.spinics.net/lists/stable/msg206985.html
CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unrea ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
	NOTE: https://www.spinics.net/lists/stable/msg206984.html
CVE-2017-17861
	RESERVED
CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the differe ...)
	NOT-FOR-US: Samsung
CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass t ...)
	NOT-FOR-US: Samsung Internet Browser
CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in pdf/pd ...)
	- mupdf <not-affected> (Vulnerable code introduced in 1.11.1)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
	NOTE: Commit http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd
	NOTE: switches to use int64_t for public file API offsets and introduced the flaw.
	NOTE: https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
CVE-2017-17851
	RESERVED
CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and olde ...)
	- asterisk 1:13.18.5~dfsg-1 (bug #885072)
	[stretch] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
	[jessie] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
	[wheezy] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 a ...)
	NOT-FOR-US: GetGo Download Manager
CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linu ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
CVE-2017-17856 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local  ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
CVE-2017-17855 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local  ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
CVE-2017-17854 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local  ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
CVE-2017-17853 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local  ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local  ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a
CVE-2017-17842
	RESERVED
CVE-2017-17841 (Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an in ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacke ...)
	- open-iscsi 2.0.874-5 (bug #885021)
	[stretch] - open-iscsi <no-dsa> (Minor issue)
	[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
	[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
	NOTE: Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
	NOTE: But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
	NOTE: should be applied.
	NOTE: Not marking the issue as unimportant, since vulnerable source is present, but
	NOTE: not in all suites iscsiuio is built.
CVE-2017-17839
	REJECTED
CVE-2017-17838
	REJECTED
CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
	NOT-FOR-US: Apache DeltaSpike-JSF module
CVE-2017-17836 (In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature d ...)
	- airflow <itp> (bug #819700)
CVE-2017-17835 (In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for  ...)
	- airflow <itp> (bug #819700)
CVE-2017-17834
	REJECTED
CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-relat ...)
	{DLA-2025-1 DLA-1364-1}
	- openslp-dfsg <removed> (low)
	NOTE: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a cross-sit ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote at ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote attacker ca ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper Random Secr ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular expressions  ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature spoofing i ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant of CVE- ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitra ...)
	- git-lfs <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/git-lfs/git-lfs/pull/2242
	NOTE: https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1
CVE-2017-17830 (Bus Booking Script has CSRF via admin/new_master.php. ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17829 (Bus Booking Script has SQL Injection via the admin/view_seatseller.php ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17828 (Bus Booking Script has XSS via the results.php datepicker parameter or ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17827 (Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.ph ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/822
	NOTE: https://github.com/Piwigo/Piwigo/commit/c3b4c6f7f0ddeaea492080fb8211d7b4cfedaf6f
	NOTE: https://github.com/Piwigo/Piwigo/commit/77f02bfd76ed13dd14044d04cdd8d28213e1848d
CVE-2017-17826 (The Configuration component of Piwigo 2.9.2 is vulnerable to Persisten ...)
	- piwigo <removed>
CVE-2017-17825 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persisten ...)
	- piwigo <removed>
CVE-2017-17824 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injec ...)
	- piwigo <removed>
CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injec ...)
	- piwigo <removed>
CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via  ...)
	- piwigo <removed>
CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=181020 (not public)
	NOTE: Not covered by security support
CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_l ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392433
CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435
	NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3)
CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392428
CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_v ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392427
CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_g ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392426
CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436
CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_d ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392430
CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the  ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392429
CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424
CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392432
CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown addre ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431
CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservic ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2017-17808
	RESERVED
CVE-2018-3599 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3598 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the linux ke ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app loading du ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3592 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3591 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3590 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3589 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3588 (There is improper access control of the SSC and GPU mapped regions whi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3587 (In a firmware memory dump feature in all Android releases from CAF usi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3586 (An integer overflow to buffer overflow vulnerability exists in the ADS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3585
	RESERVED
CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3583 (A buffer overflow can occur while processing an extscan hotlist event  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-3582 (Buffer overflow can occur due to improper input validation in multiple ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3581 (In the WLAN driver in all Android releases from CAF (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3580 (Stack-based buffer overflow can occur In the WLAN driver if the pmkid_ ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3579 (In the WLAN driver in all Android releases from CAF (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3578 (Type mismatch for ie_len can cause the WLAN driver to allocate less me ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3577 (While processing fragments, when the fragment count becomes very large ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3576 (improper validation of array index in WiFi driver function sapInterfer ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3575
	RESERVED
CVE-2018-3574 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	- linux <not-affected> (Qualcomm specific changes)
CVE-2018-3573 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3572 (While processing a DSP buffer in an audio driver's event handler, an i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3570 (In the cpuidle driver in all Android releases(Android for MSM, Firefox ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3569 (A buffer over-read can occur during a fast initial link setup (FILS) c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3565 (While sending a probe request indication in lim_send_sme_probe_req_ind ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3564 (In the FastRPC driver in Android releases from CAF using the linux ker ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3563 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3562 (Buffer over -read can occur while processing a FILS authentication fra ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3561 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3560 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.1 ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 doe ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows loc ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-17803 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17802 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17801 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17800 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17799 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17798 (In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17797 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows loc ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-17796 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17795 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows loc ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-17794 (validate_form_preferences in admin/preferences.php in BlogoText throug ...)
	NOT-FOR-US: BlogoText
CVE-2017-17793 (Information Disclosure vulnerability in creer_fichier_zip in admin/mai ...)
	NOT-FOR-US: BlogoText
CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_href func ...)
	NOT-FOR-US: BlogoText
CVE-2017-17791
	RESERVED
CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 us ...)
	{DSA-4259-1 DLA-1421-1 DLA-1222-1 DLA-1221-1}
	- ruby2.5 2.5.0-1 (bug #884878)
	- ruby2.3 <removed> (bug #884879)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://github.com/ruby/ruby/pull/1777
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/e7464561b5151501beb356fc750d5dd1a88014f7
CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImag ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.27-2 (bug #884904)
	[jessie] - graphicsmagick <no-dsa> (Minor issue)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present, unreproducible with ASAN)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/529/
CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in R ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-2 (bug #884905)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
CVE-2017-17781
	REJECTED
CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a c ...)
	NOT-FOR-US: Clockwork SMS plugins for WordPress
CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id p ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17778 (Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17777 (Paid To Read Script 2.0.5 has authentication bypass in the admin panel ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17776 (Paid To Read Script 2.0.5 has full path disclosure via an invalid admi ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17775 (Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album ...)
	- piwigo <removed>
CVE-2017-17774 (admin/configuration.php in Piwigo 2.9.2 has CSRF. ...)
	- piwigo <removed>
CVE-2017-17773 (In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MD ...)
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2017-17772
	RESERVED
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17771 (In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, an ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17770 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Android Linux component (source code not availalable, so probably Android-specific)
CVE-2017-17769 (Information leakage in Android for MSM, Firefox OS for MSM, and QRD An ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17768
	RESERVED
CVE-2017-17767 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17766 (In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MS ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17765 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17764 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share featu ...)
	NOT-FOR-US: SuperBeam
CVE-2017-17762 (XML external entity (XXE) vulnerability in Episerver 7 patch 4 and ear ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...)
	NOT-FOR-US: Ichano AtHome IP Camera
CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5. ...)
	{DSA-4069-1 DLA-1215-1}
	- otrs2 6.0.3-1 (bug #884801)
	NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_ ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (bug #884836)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 (gimp-2-8)
	NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp <reproducerfile>"
CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #884862)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=8ea316667c8a3296bce2832b3986b58d0fdfc077 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12 (gimp-2-8)
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366 (gimp-2-8)
	NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_st ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #885347)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 (master)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
	NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in load_image i ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #884925)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 (gimp-2-8)
	NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_ ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (bug #884837)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8 (master)
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f (gimp-2-8)
	NOTE: Cannot be reproduced in wheezy with "valgrind --trace-children=yes gimp <reproducerfile>"
	NOTE: Some OOB read/write can be reproduced in sid with "valgrind --trace-children=yes gimp <reproducerfile>"
CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #884927)
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d (master)
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
	NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData fun ...)
	{DLA-1438-1 DLA-1235-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #885843)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/10351
	NOTE: https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Conarc iChannel
CVE-2017-17758 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to  ...)
	NOT-FOR-US: TP-Link
CVE-2017-17757 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to  ...)
	NOT-FOR-US: TP-Link
CVE-2017-17756
	RESERVED
CVE-2017-17755
	RESERVED
CVE-2017-17754
	RESERVED
CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-imp ...)
	NOT-FOR-US: esb-csv-import-export plugin for WordPress
CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body  ...)
	NOT-FOR-US: Ability Mail Server
CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve remote cont ...)
	NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public playlist from S ...)
	NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a music s ...)
	NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17748
	RESERVED
CVE-2017-17747 (Weak access controls in the Device Logout functionality on the TP-Link ...)
	NOT-FOR-US: TP-Link
CVE-2017-17746 (Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any u ...)
	NOT-FOR-US: TP-Link
CVE-2017-17745 (Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP- ...)
	NOT-FOR-US: TP-Link
CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin th ...)
	NOT-FOR-US: custom-map plugin for WordPress
CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
	NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
	{DSA-4259-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows attac ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: https://www.spinics.net/lists/kvm/msg160796.html
CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when bot ...)
	- openldap <unfixed> (unimportant)
	NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=8759
	NOTE: nops slapd-module not built
CVE-2017-17739 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and bel ...)
	NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17738 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and bel ...)
	NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17737 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and bel ...)
	NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17736 (Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attack ...)
	NOT-FOR-US: Kentico
CVE-2017-17735 (CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login inf ...)
	NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2017-17734 (CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login inf ...)
	NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2017-17733 (Maccms 8.x allows remote command execution via the wd parameter in an  ...)
	NOT-FOR-US: Maccms
CVE-2017-17732
	RESERVED
CVE-2017-17731 (DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to p ...)
	NOT-FOR-US: DedeCMS
CVE-2017-17730 (DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/f ...)
	NOT-FOR-US: DedeCMS
CVE-2017-17729
	RESERVED
CVE-2017-17728
	RESERVED
CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary file upload and PHP code executio ...)
	NOT-FOR-US: DedeCMS
CVE-2017-17726
	RESERVED
CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a heap-based bu ...)
	- exiv2 <not-affected> (Introduced in 0.26; only affected experimental)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1525055
	NOTE: https://github.com/Exiv2/exiv2/issues/188
	NOTE: https://github.com/Exiv2/exiv2/pull/193
CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Ip ...)
	- exiv2 <not-affected> (Introduced in 0.26; only affected experimental; bug #891783)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524107
	NOTE: https://github.com/Exiv2/exiv2/issues/210
	NOTE: https://github.com/Exiv2/exiv2/commit/962962a8e9885ccbca28f624492f1427152a0695
CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Im ...)
	- exiv2 <not-affected> (Introduced in 0.26; only affected experimental)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524104
	NOTE: https://github.com/Exiv2/exiv2/issues/229
	NOTE: https://github.com/Exiv2/exiv2/commit/36df4bc997d74ecc447e4541e2fc3fda10586103
CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader functi ...)
	- exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental; bug #891044)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524116
	NOTE: https://github.com/Exiv2/exiv2/issues/208
	NOTE: https://github.com/Exiv2/exiv2/issues/228 (duplicate)
	NOTE: https://github.com/Kicer86/exiv2/commit/1647908e00a4df7246d76678e59587e62c690dcd
CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allo ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2017-17720
	RESERVED
CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours plugin t ...)
	NOT-FOR-US: wp-concours plugin for WordPress
CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SS ...)
	- ruby-net-ldap 0.16.1-1 (bug #884693)
	[stretch] - ruby-net-ldap <no-dsa> (Minor issue)
	[jessie] - ruby-net-ldap <not-affected> (Documentation already states that there is no validation)
	[wheezy] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
	NOTE: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
	NOTE: Versions < 0.10 properly acknowledge in their documentation the lack of any SSL
	NOTE: validation, see https://sources.debian.org/src/ruby-net-ldap/0.8.0-1/lib/net/ldap.rb/#L476
	NOTE: In wheezy/jessie, only reverse dependencies are redmine (which is unsupported in wheezy)
	NOTE: and ruby-omniauth-ldap (which has no reverse dep either).
CVE-2017-17717 (Sonatype Nexus Repository Manager through 2.14.5 has weak password enc ...)
	NOT-FOR-US: Sonatype Nexus
CVE-2017-17716 (GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verifi ...)
	- gitlab <not-affected> (vulnerable version never uploaded to the archive)
CVE-2017-17715 (The saveFile method in MediaController.java in the Telegram Messenger  ...)
	NOT-FOR-US: Telegram Messenger for Android
CVE-2017-17714 (Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId ...)
	NOT-FOR-US: Trape
CVE-2017-17713 (Trape before 2017-11-05 has SQL injection via the /nr red parameter, t ...)
	NOT-FOR-US: Trape
CVE-2017-17712 (The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel throu ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
CVE-2017-17711
	RESERVED
CVE-2017-17710
	RESERVED
CVE-2017-17709
	RESERVED
CVE-2017-17708 (Because of insufficient authorization checks it is possible for any au ...)
	NOT-FOR-US: Pleasant Password Server
CVE-2017-17707 (Due to missing authorization checks, any authenticated user is able to ...)
	NOT-FOR-US: Pleasant Password Server
CVE-2017-17706
	RESERVED
CVE-2017-17705
	RESERVED
CVE-2017-17704 (A door-unlocking issue was discovered on Software House iStar Ultra de ...)
	NOT-FOR-US: Software House iStar Ultra devices
CVE-2017-17703 (Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent X ...)
	NOT-FOR-US: Zimbra
CVE-2017-17702
	RESERVED
CVE-2018-3559
	RESERVED
CVE-2018-3558
	RESERVED
CVE-2018-3557
	RESERVED
CVE-2018-3556
	RESERVED
CVE-2018-3555
	RESERVED
CVE-2018-3554
	RESERVED
CVE-2018-3553
	RESERVED
CVE-2018-3552
	RESERVED
CVE-2018-3551
	RESERVED
CVE-2018-3550
	RESERVED
CVE-2018-3549
	RESERVED
CVE-2018-3548
	RESERVED
CVE-2018-3547
	RESERVED
CVE-2018-3546
	RESERVED
CVE-2018-3545
	RESERVED
CVE-2018-3544
	RESERVED
CVE-2018-3543
	RESERVED
CVE-2018-3542
	RESERVED
CVE-2018-3541
	RESERVED
CVE-2018-3540
	RESERVED
CVE-2018-3539
	RESERVED
CVE-2018-3538
	RESERVED
CVE-2018-3537
	RESERVED
CVE-2018-3536
	RESERVED
CVE-2018-3535
	RESERVED
CVE-2018-3534
	RESERVED
CVE-2018-3533
	RESERVED
CVE-2018-3532
	RESERVED
CVE-2018-3531
	RESERVED
CVE-2018-3530
	RESERVED
CVE-2018-3529
	RESERVED
CVE-2018-3528
	RESERVED
CVE-2018-3527
	RESERVED
CVE-2018-3526
	RESERVED
CVE-2018-3525
	RESERVED
CVE-2018-3524
	RESERVED
CVE-2018-3523
	RESERVED
CVE-2018-3522
	RESERVED
CVE-2018-3521
	RESERVED
CVE-2018-3520
	RESERVED
CVE-2018-3519
	RESERVED
CVE-2018-3518
	RESERVED
CVE-2018-3517
	RESERVED
CVE-2018-3516
	RESERVED
CVE-2018-3515
	RESERVED
CVE-2018-3514
	RESERVED
CVE-2018-3513
	RESERVED
CVE-2018-3512
	RESERVED
CVE-2018-3511
	RESERVED
CVE-2018-3510
	RESERVED
CVE-2018-3509
	RESERVED
CVE-2018-3508
	RESERVED
CVE-2018-3507
	RESERVED
CVE-2018-3506
	RESERVED
CVE-2018-3505
	RESERVED
CVE-2018-3504
	RESERVED
CVE-2018-3503
	RESERVED
CVE-2018-3502
	RESERVED
CVE-2018-3501
	RESERVED
CVE-2018-3500
	RESERVED
CVE-2018-3499
	RESERVED
CVE-2018-3498
	RESERVED
CVE-2018-3497
	RESERVED
CVE-2018-3496
	RESERVED
CVE-2018-3495
	RESERVED
CVE-2018-3494
	RESERVED
CVE-2018-3493
	RESERVED
CVE-2018-3492
	RESERVED
CVE-2018-3491
	RESERVED
CVE-2018-3490
	RESERVED
CVE-2018-3489
	RESERVED
CVE-2018-3488
	RESERVED
CVE-2018-3487
	RESERVED
CVE-2018-3486
	RESERVED
CVE-2018-3485
	RESERVED
CVE-2018-3484
	RESERVED
CVE-2018-3483
	RESERVED
CVE-2018-3482
	RESERVED
CVE-2018-3481
	RESERVED
CVE-2018-3480
	RESERVED
CVE-2018-3479
	RESERVED
CVE-2018-3478
	RESERVED
CVE-2018-3477
	RESERVED
CVE-2018-3476
	RESERVED
CVE-2018-3475
	RESERVED
CVE-2018-3474
	RESERVED
CVE-2018-3473
	RESERVED
CVE-2018-3472
	RESERVED
CVE-2018-3471
	RESERVED
CVE-2018-3470
	RESERVED
CVE-2018-3469
	RESERVED
CVE-2018-3468
	RESERVED
CVE-2018-3467
	RESERVED
CVE-2018-3466
	RESERVED
CVE-2018-3465
	RESERVED
CVE-2018-3464
	RESERVED
CVE-2018-3463
	RESERVED
CVE-2018-3462
	RESERVED
CVE-2018-3461
	RESERVED
CVE-2018-3460
	RESERVED
CVE-2018-3459
	RESERVED
CVE-2018-3458
	RESERVED
CVE-2018-3457
	RESERVED
CVE-2018-3456
	RESERVED
CVE-2018-3455
	RESERVED
CVE-2018-3454
	RESERVED
CVE-2018-3453
	RESERVED
CVE-2018-3452
	RESERVED
CVE-2018-3451
	RESERVED
CVE-2018-3450
	RESERVED
CVE-2018-3449
	RESERVED
CVE-2018-3448
	RESERVED
CVE-2018-3447
	RESERVED
CVE-2018-3446
	RESERVED
CVE-2018-3445
	RESERVED
CVE-2018-3444
	RESERVED
CVE-2018-3443
	RESERVED
CVE-2018-3442
	RESERVED
CVE-2018-3441
	RESERVED
CVE-2018-3440
	RESERVED
CVE-2018-3439
	RESERVED
CVE-2018-3438
	RESERVED
CVE-2018-3437
	RESERVED
CVE-2018-3436
	RESERVED
CVE-2018-3435
	RESERVED
CVE-2018-3434
	RESERVED
CVE-2018-3433
	RESERVED
CVE-2018-3432
	RESERVED
CVE-2018-3431
	RESERVED
CVE-2018-3430
	RESERVED
CVE-2018-3429
	RESERVED
CVE-2018-3428
	RESERVED
CVE-2018-3427
	RESERVED
CVE-2018-3426
	RESERVED
CVE-2018-3425
	RESERVED
CVE-2018-3424
	RESERVED
CVE-2018-3423
	RESERVED
CVE-2018-3422
	RESERVED
CVE-2018-3421
	RESERVED
CVE-2018-3420
	RESERVED
CVE-2018-3419
	RESERVED
CVE-2018-3418
	RESERVED
CVE-2018-3417
	RESERVED
CVE-2018-3416
	RESERVED
CVE-2018-3415
	RESERVED
CVE-2018-3414
	RESERVED
CVE-2018-3413
	RESERVED
CVE-2018-3412
	RESERVED
CVE-2018-3411
	RESERVED
CVE-2018-3410
	RESERVED
CVE-2018-3409
	RESERVED
CVE-2018-3408
	RESERVED
CVE-2018-3407
	RESERVED
CVE-2018-3406
	RESERVED
CVE-2018-3405
	RESERVED
CVE-2018-3404
	RESERVED
CVE-2018-3403
	RESERVED
CVE-2018-3402
	RESERVED
CVE-2018-3401
	RESERVED
CVE-2018-3400
	RESERVED
CVE-2018-3399
	RESERVED
CVE-2018-3398
	RESERVED
CVE-2018-3397
	RESERVED
CVE-2018-3396
	RESERVED
CVE-2018-3395
	RESERVED
CVE-2018-3394
	RESERVED
CVE-2018-3393
	RESERVED
CVE-2018-3392
	RESERVED
CVE-2018-3391
	RESERVED
CVE-2018-3390
	RESERVED
CVE-2018-3389
	RESERVED
CVE-2018-3388
	RESERVED
CVE-2018-3387
	RESERVED
CVE-2018-3386
	RESERVED
CVE-2018-3385
	RESERVED
CVE-2018-3384
	RESERVED
CVE-2018-3383
	RESERVED
CVE-2018-3382
	RESERVED
CVE-2018-3381
	RESERVED
CVE-2018-3380
	RESERVED
CVE-2018-3379
	RESERVED
CVE-2018-3378
	RESERVED
CVE-2018-3377
	RESERVED
CVE-2018-3376
	RESERVED
CVE-2018-3375
	RESERVED
CVE-2018-3374
	RESERVED
CVE-2018-3373
	RESERVED
CVE-2018-3372
	RESERVED
CVE-2018-3371
	RESERVED
CVE-2018-3370
	RESERVED
CVE-2018-3369
	RESERVED
CVE-2018-3368
	RESERVED
CVE-2018-3367
	RESERVED
CVE-2018-3366
	RESERVED
CVE-2018-3365
	RESERVED
CVE-2018-3364
	RESERVED
CVE-2018-3363
	RESERVED
CVE-2018-3362
	RESERVED
CVE-2018-3361
	RESERVED
CVE-2018-3360
	RESERVED
CVE-2018-3359
	RESERVED
CVE-2018-3358
	RESERVED
CVE-2018-3357
	RESERVED
CVE-2018-3356
	RESERVED
CVE-2018-3355
	RESERVED
CVE-2018-3354
	RESERVED
CVE-2018-3353
	RESERVED
CVE-2018-3352
	RESERVED
CVE-2018-3351
	RESERVED
CVE-2018-3350
	RESERVED
CVE-2018-3349
	RESERVED
CVE-2018-3348
	RESERVED
CVE-2018-3347
	RESERVED
CVE-2018-3346
	RESERVED
CVE-2018-3345
	RESERVED
CVE-2018-3344
	RESERVED
CVE-2018-3343
	RESERVED
CVE-2018-3342
	RESERVED
CVE-2018-3341
	RESERVED
CVE-2018-3340
	RESERVED
CVE-2018-3339
	RESERVED
CVE-2018-3338
	RESERVED
CVE-2018-3337
	RESERVED
CVE-2018-3336
	RESERVED
CVE-2018-3335
	RESERVED
CVE-2018-3334
	RESERVED
CVE-2018-3333
	RESERVED
CVE-2018-3332
	RESERVED
CVE-2018-3331
	RESERVED
CVE-2018-3330
	RESERVED
CVE-2018-3329
	RESERVED
CVE-2018-3328
	RESERVED
CVE-2018-3327
	RESERVED
CVE-2018-3326
	RESERVED
CVE-2018-3325
	RESERVED
CVE-2018-3324
	RESERVED
CVE-2018-3323
	RESERVED
CVE-2018-3322
	RESERVED
CVE-2018-3321
	RESERVED
CVE-2018-3320
	RESERVED
CVE-2018-3319
	RESERVED
CVE-2018-3318
	RESERVED
CVE-2018-3317
	RESERVED
CVE-2018-3316 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2018-3315 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2018-3314 (Vulnerability in the MICROS Relate CRM Software component of Oracle Re ...)
	NOT-FOR-US: Oracle
CVE-2018-3313
	RESERVED
CVE-2018-3312 (Vulnerability in the Oracle Retail Customer Engagement component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3311 (Vulnerability in the Oracle Retail Xstore Payment component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3310
	RESERVED
CVE-2018-3309 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.22-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3308
	RESERVED
CVE-2018-3307
	RESERVED
CVE-2018-3306
	RESERVED
CVE-2018-3305 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3304 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3303 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3302 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3300 (Vulnerability in the Oracle Retail Xstore Office product of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2018-3299 (Vulnerability in the Oracle Text component of Oracle Database Server.  ...)
	NOT-FOR-US: Oracle
CVE-2018-3298 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3297 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3296 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3295 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3294 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3293 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3292 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3291 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3289 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3288 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3287 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3286 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3285 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3284 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3283 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1 DLA-1566-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <removed>
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB: 10.1.37, 10.0.37
CVE-2018-3281 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-3280 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3279 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3278 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3277 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3276 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3275 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3274 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3273 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3272 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3271 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3270 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3269 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3268 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3267 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3266 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3265 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3264 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3263 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3262 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3261 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3260
	RESERVED
CVE-2018-3259 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-3258 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-java <not-affected> (Only affects 8.x, bug #912916)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CVE-2018-3257 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3256 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2018-3255 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3254 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3253 (Vulnerability in the Oracle Virtual Directory component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-3252 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3251 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3250 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3249 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3247 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3246 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3245 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3244 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3243 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-3242 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-3241 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-3240
	RESERVED
CVE-2018-3239 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3238 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3237 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2018-3236 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-3235 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2018-3234 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3233 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3232 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3231 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3230 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3229 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3228 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3227 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3226 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3225 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3224 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3223 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3222 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3221 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3220 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3219 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3218 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3217 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3216
	RESERVED
CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery Integrator co ...)
	NOT-FOR-US: Oracle
CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3212 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3211 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-8 <not-affected> (Specific to Oracle Java)
CVE-2018-3210 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3209 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjfx 11+26-1
	[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
	NOTE: CPU marks this as only affecting 8.x, so marking first 11 upload as fixed
CVE-2018-3208 (Vulnerability in the Hyperion Data Relationship Management component o ...)
	NOT-FOR-US: Oracle
CVE-2018-3207 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3206 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3205 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3204 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2018-3203 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3202 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3201 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3200 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3199
	RESERVED
CVE-2018-3198 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3197 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3196 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2018-3195 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3194 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3193 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3192 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3191 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3190 (Vulnerability in the Oracle E-Business Intelligence component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-3189 (Vulnerability in the Oracle Customer Interaction History component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-3188 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-3187 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3186 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3185 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3184 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2018-3183 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1}
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3179 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3178 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3177 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3176 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1 DLA-1566-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <removed>
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3173 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3172 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3171 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3170 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3168 (Vulnerability in the Oracle Identity Analytics component of Oracle Fus ...)
	NOT-FOR-US: Oracle
CVE-2018-3167 (Vulnerability in the Application Management Pack for Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2018-3166 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3165 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3164 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3163 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3162 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3161 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3160 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-3159 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3158 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3157 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-11 11.0.1+13-1
CVE-2018-3156 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3155 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3154 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3153 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3152 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3151 (Vulnerability in the Oracle iProcurement component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3148 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-3147 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3146 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...)
	NOT-FOR-US: Oracle
CVE-2018-3145 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3144 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3143 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3142 (Vulnerability in the Hyperion Essbase Administration Services componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3141 (Vulnerability in the Hyperion Essbase Administration Services componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3138 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3137 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3135 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3134 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
	NOT-FOR-US: Oracle
CVE-2018-3133 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DLA-1566-1}
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <removed>
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3132 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3131 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-3130 (Vulnerability in the PeopleSoft Enterprise Interaction Hub component o ...)
	NOT-FOR-US: Oracle
CVE-2018-3129 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3128 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3127 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3126 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2018-3125 (Vulnerability in the Oracle Retail Merchandising System component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3124
	RESERVED
CVE-2018-3123 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1
CVE-2018-3122 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2018-3121
	RESERVED
CVE-2018-3120 (Vulnerability in the MICROS Lucas component of Oracle Retail Applicati ...)
	NOT-FOR-US: Oracle
CVE-2018-3119
	RESERVED
CVE-2018-3118
	RESERVED
CVE-2018-3117
	RESERVED
CVE-2018-3116
	RESERVED
CVE-2018-3115 (Vulnerability in the Oracle Retail Sales Audit component of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2018-3114
	RESERVED
CVE-2018-3113
	RESERVED
CVE-2018-3112
	RESERVED
CVE-2018-3111 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2018-3110 (A vulnerability was discovered in the Java VM component of Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2018-3109 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3108 (Vulnerability in the Oracle Fusion Middleware component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-3107
	RESERVED
CVE-2018-3106
	RESERVED
CVE-2018-3105 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2018-3104 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3103 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3102 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3101 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3100 (Vulnerability in the Oracle Business Process Management Suite componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3099 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3098 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3097 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3096 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3095 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3094 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3093 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3092 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3091 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3090 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3089 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3088 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3087 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3086 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3085 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3084 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3083
	RESERVED
CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB: 10.2.15, 10.1.33, 10.0.35
CVE-2018-3080 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3079 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3078 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3077 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3076 (Vulnerability in the PeopleSoft Enterprise CS Financial Aid component  ...)
	NOT-FOR-US: Oracle
CVE-2018-3075 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3074 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3073 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3072 (Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Pr ...)
	NOT-FOR-US: Oracle
CVE-2018-3071 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3070 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DLA-1566-1}
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
CVE-2018-3069 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
	NOT-FOR-US: Oracle
CVE-2018-3068 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources compone ...)
	NOT-FOR-US: Oracle
CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	NOTE: MariaDB fixed in 10.0.36, 10.1.35
CVE-2018-3065 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3064 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.5 <removed>
	NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3062 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3061 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3059 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	NOTE: MariaDB fixed in 10.0.36, 10.1.35
CVE-2018-3057 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3056 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3055 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3054 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3053 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2018-3052 (Vulnerability in the MICROS Relate CRM Software component of Oracle Re ...)
	NOT-FOR-US: Oracle
CVE-2018-3051 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3050 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3049 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3048 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3047 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3046 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3045 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3044 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3043 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3042 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3041 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3040 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3039 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3038 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3037 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3036 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3035 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3034 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3033 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3032 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3031 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3030 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3029 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3028 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3027 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3026 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3025 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3024 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3023 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3022 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3021 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3020 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3019 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3018 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-3017 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-3016 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3015 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3014 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-3013 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-3012 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-3011 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-3010 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3009 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3008 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-3007 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2018-3006 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-3005 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3004 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-3003 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-3002 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-3001 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-3000 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-2999 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2998 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2997 (Vulnerability in the Oracle Scripting component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-2996 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2018-2995 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-2994 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-2993 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2992 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2991 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-2990 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2989 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...)
	NOT-FOR-US: Oracle
CVE-2018-2988 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-2987 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2986 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2984 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-2983
	RESERVED
CVE-2018-2982 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2981 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2980 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2979 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2978 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2977 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2976 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2975 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2974 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2973 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2972 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-1
CVE-2018-2971 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2970 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2969 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2968 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2967 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2966 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2965 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2964 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-10 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2963 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2962 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2961 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2960 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2959 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2018-2958 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2018-2957 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-2956 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-2955 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-2954 (Vulnerability in the Oracle Order Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-2953 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2952 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4268-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-1
	- openjdk-10 10.0.2+13-1
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/baac18e216fb
CVE-2018-2951 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2950 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2949 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2948 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2947 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2946 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2945 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2944 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2943 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2942 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-8 <not-affected> (Windows-specific)
CVE-2018-2941 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjfx 11+26-1 (bug #905215)
	[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
CVE-2018-2940 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2018-2938 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, OpenJDK doesn't bundle Derby)
	- openjdk-8 <not-affected> (Specific to Oracle Java, OpenJDK doesn't bundle Derby)
CVE-2018-2937 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2936 (Vulnerability in the Oracle Communications Messaging Server component  ...)
	NOT-FOR-US: Oracle
CVE-2018-2935 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2934 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2933 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2932 (Vulnerability in the Oracle SuperCluster Specific Software component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2931
	RESERVED
CVE-2018-2930 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Oracle
CVE-2018-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2928 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2927 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2926 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2925 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2018-2924 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2923 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2922 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2921 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2920 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2919 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2918 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2917 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2916 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2915 (Vulnerability in the Hyperion Data Relationship Management component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2914 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate  ...)
	NOT-FOR-US: Oracle
CVE-2018-2913 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate  ...)
	NOT-FOR-US: Oracle
CVE-2018-2912 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate  ...)
	NOT-FOR-US: Oracle
CVE-2018-2911 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-2910
	RESERVED
CVE-2018-2909 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-2908 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2907 (Vulnerability in the Hyperion Financial Reporting component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2906 (Vulnerability in the Hardware Management Pack component of Oracle Sun  ...)
	NOT-FOR-US: Oracle
CVE-2018-2905 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2904 (Vulnerability in the Oracle Communications EAGLE LNP Application Proce ...)
	NOT-FOR-US: Oracle
CVE-2018-2903 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2902 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2901 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2900 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2018-2899 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2898 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2897 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-2896 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2895 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2894 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2893 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2892 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2891 (Vulnerability in the Oracle Retail Bulk Data Integration component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-2890
	RESERVED
CVE-2018-2889 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2888 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2887 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2886
	RESERVED
CVE-2018-2885
	RESERVED
CVE-2018-2884
	RESERVED
CVE-2018-2883 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2018-2882 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2881 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2880 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2879 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2018-2878 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components compo ...)
	NOT-FOR-US: Oracle
CVE-2018-2877 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	- mysql-cluster <itp> (bug #833356)
CVE-2018-2876 (Vulnerability in the Oracle Retail Integration Bus component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2875 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2018-2874 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2873 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2872 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2871 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2870 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2869 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2868 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2867 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2866 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2865 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2864 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2863 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2862 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2861 (Vulnerability in the Oracle Retail Back Office component of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2018-2860 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2859 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2858 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2857 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2856 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2855 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2854 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2853 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2852 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2851 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2850 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-2849 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2848 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2847 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2846 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2845 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2844 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
CVE-2018-2843 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2842 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2841 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-2840 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2839 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2838 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2837 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2836 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2835 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2834 (Vulnerability in the Oracle Data Visualization Desktop component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2833 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2832 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. ...)
	NOT-FOR-US: Oracle
CVE-2018-2831 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2830 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2829 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2828 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-2827 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2018-2826 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-1
CVE-2018-2825 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-1
CVE-2018-2824 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2823 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2822 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Oracle
CVE-2018-2821 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4176-1 DLA-1355-1}
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2816 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2815 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2812 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2811 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Specific to Oracle Java, our installation procedure are obviously different)
CVE-2018-2810 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2809 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2808 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2807 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2806 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2805 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects GIS Extension in Oracle MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects GIS Extension in Oracle MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2804 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2803 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2802 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2801 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2800 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2799 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
CVE-2018-2798 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2797 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2796 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
CVE-2018-2795 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2794 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2793 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2792 (Vulnerability in the Hardware Management Pack component of Oracle Sun  ...)
	NOT-FOR-US: Oracle
CVE-2018-2791 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2790 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2789 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2788 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2787 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2785 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2784 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-6 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2780 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2779 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2778 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2777 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2776 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2775 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2774 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4176-1 DLA-1355-1}
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2770 (Vulnerability in the Oracle Adaptive Access Manager component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1407-1}
	- mariadb-10.2 <removed>
	- mariadb-10.1 1:10.1.34-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	[wheezy] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
	NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
	NOTE: Oracle products.
	NOTE: For MariaDB: if one connects to the remote server using the embedded library
	NOTE: (libmysqld), then SSL is not enforced.
	NOTE: Fixed in MariaDB: 5.5.60, 10.0.35, 10.1.33, 10.2.15, and 10.3.7
	NOTE: https://github.com/MariaDB/server/commit/f5369faf5bbf
	NOTE: For Oracle: https://github.com/mysql/mysql-server/commit/bbc2e37fe4e
	NOTE: fixed in 5.5.61, 5.6.41, 5.7.23
	NOTE: Strictly speaking though the CVE would be only for Oracle MySQL, for practical
	NOTE: reasons still tracking as well MariaDB here.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2765 (Vulnerability in the Oracle Security Service component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-2764 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2763 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2760 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2018-2759 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2758 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2757
	RESERVED
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2754 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2753 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2752 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...)
	NOT-FOR-US: Oracle
CVE-2018-2751
	RESERVED
CVE-2018-2750 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2749 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2748 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2747 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2746 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2745
	RESERVED
CVE-2018-2744
	RESERVED
CVE-2018-2743
	RESERVED
CVE-2018-2742 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2741
	RESERVED
CVE-2018-2740
	RESERVED
CVE-2018-2739 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2018-2738 (Vulnerability in the Oracle Retail Central Office component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2737 (Vulnerability in the Oracle Retail Returns Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2736
	RESERVED
CVE-2018-2735
	RESERVED
CVE-2018-2734
	RESERVED
CVE-2018-2733 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...)
	NOT-FOR-US: Oracle
CVE-2018-2732 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2731 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component  ...)
	NOT-FOR-US: Oracle
CVE-2018-2730 (Vulnerability in the Oracle Retail Merchandising System component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2729 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing  ...)
	NOT-FOR-US: Oracle
CVE-2018-2728 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing  ...)
	NOT-FOR-US: Oracle
CVE-2018-2727 (Vulnerability in the Oracle Financial Services Market Risk Measurement ...)
	NOT-FOR-US: Oracle
CVE-2018-2726 (Vulnerability in the Oracle Financial Services Market Risk component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2725 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
	NOT-FOR-US: Oracle
CVE-2018-2724 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
	NOT-FOR-US: Oracle
CVE-2018-2723 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2722 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...)
	NOT-FOR-US: Oracle
CVE-2018-2721 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...)
	NOT-FOR-US: Oracle
CVE-2018-2720 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
	NOT-FOR-US: Oracle
CVE-2018-2719 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
	NOT-FOR-US: Oracle
CVE-2018-2718 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2717 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2716 (Vulnerability in the Oracle Financial Services Market Risk Measurement ...)
	NOT-FOR-US: Oracle
CVE-2018-2715 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2018-2714 (Vulnerability in the Oracle Financial Services Market Risk component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2713 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-2712 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
	NOT-FOR-US: Oracle
CVE-2018-2711 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle
CVE-2018-2710 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2709 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2708 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2707 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2706 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2705 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2704 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2703 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2702 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2018-2701 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2700 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2699 (Vulnerability in the Application Express component of Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2018-2698 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2697 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2696 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2695 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox-guest-additions-iso 5.2.6-1
	[jessie] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2691 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2689 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2688 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2687 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2686 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2685 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2684 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2683 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2682 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
	NOT-FOR-US: Oracle
CVE-2018-2681 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2680 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-2679 (Vulnerability in the Oracle Financial Services Profitability Managemen ...)
	NOT-FOR-US: Oracle Financial Services Applications
CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2677 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2676 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2675 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2018-2674 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2673 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2672 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2671 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2663 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2662 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2661 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2660 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2659 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2658 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2657 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	- openjdk-9 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-8 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-7 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-6 <not-affected> (Seems to be specific to Oracle Java)
CVE-2018-2656 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2655 (Vulnerability in the Oracle Work in Process component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2654 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2653 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2652 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2651 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2650 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2649 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2648 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2647 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2646 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2645 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2644 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2643 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2639 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2638 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2637 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2636 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2635 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2633 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2632 (Vulnerability in the Siebel Engineering - Installer and Deployment com ...)
	NOT-FOR-US: Oracle
CVE-2018-2631 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2630 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2629 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2628 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2627 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Specific to installer for Windows)
	- openjdk-8 <not-affected> (Specific to installer for Windows)
CVE-2018-2626 (Vulnerability in the Oracle Financial Services Balance Sheet Planning  ...)
	NOT-FOR-US: Oracle
CVE-2018-2625 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2621 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-2620 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2619 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2618 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2617 (Vulnerability in the OSS Support Tools component of Oracle Support Too ...)
	NOT-FOR-US: Oracle
CVE-2018-2616 (Vulnerability in the OSS Support Tools component of Oracle Support Too ...)
	NOT-FOR-US: Oracle
CVE-2018-2615 (Vulnerability in the OSS Support Tools component of Oracle Support Too ...)
	NOT-FOR-US: Oracle
CVE-2018-2614 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2613 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2612 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2611 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2610 (Vulnerability in the Hyperion Data Relationship Management component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2609 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2018-2608 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2607 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2606 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2605 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2604 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2601 (Vulnerability in the Oracle Internet Directory component of Oracle Fus ...)
	NOT-FOR-US: Oracle
CVE-2018-2600 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2598 (Vulnerability in the MySQL Workbench component of Oracle MySQL (subcom ...)
	- mysql-workbench 8.0.17+dfsg-1 (bug #904112)
	[stretch] - mysql-workbench <ignored> (Exact details undisclosed, but marginal CVSS score)
	[jessie] - mysql-workbench <postponed> (Exact details undisclosed, but marginal CVSS score)
CVE-2018-2597 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management  ...)
	NOT-FOR-US: Oracle
CVE-2018-2596 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-2595 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2018-2594 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2018-2593 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2592 (Vulnerability in the Oracle Financial Services Balance Sheet Planning  ...)
	NOT-FOR-US: Oracle
CVE-2018-2591 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2590 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2589 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2588 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2587 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2018-2586 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2585 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-net <removed> (bug #887751)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2584 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2583 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2582 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4144-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjfx 8u161-b12-1 (bug #888530)
	[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
CVE-2018-2580 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-2579 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2578 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2577 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2576 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2575 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2018-2574 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...)
	NOT-FOR-US: Oracle
CVE-2018-2573 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2572 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
	NOT-FOR-US: Oracle
CVE-2018-2571 (Vulnerability in the Oracle Communications Unified Inventory Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2570 (Vulnerability in the Oracle Communications Unified Inventory Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2569 (Vulnerability in the Java ME SDK component of Oracle Java Micro Editio ...)
	NOT-FOR-US: Oracle
CVE-2018-2568 (Vulnerability in the Integrated Lights Out Manager (ILOM) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2567 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2566 (Vulnerability in the Integrated Lights Out Manager (ILOM) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2565 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-2563 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2561 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2018-2560 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2559
	RESERVED
CVE-2018-2558
	RESERVED
CVE-2018-2557
	RESERVED
CVE-2018-2556
	RESERVED
CVE-2018-2555
	RESERVED
CVE-2018-2554
	RESERVED
CVE-2018-2553
	RESERVED
CVE-2018-2552
	RESERVED
CVE-2018-2551
	RESERVED
CVE-2018-2550
	RESERVED
CVE-2018-2549
	RESERVED
CVE-2018-2548
	RESERVED
CVE-2018-2547
	RESERVED
CVE-2018-2546
	RESERVED
CVE-2018-2545
	RESERVED
CVE-2018-2544
	RESERVED
CVE-2018-2543
	RESERVED
CVE-2018-2542
	RESERVED
CVE-2018-2541
	RESERVED
CVE-2018-2540
	RESERVED
CVE-2018-2539
	RESERVED
CVE-2018-2538
	RESERVED
CVE-2018-2537
	RESERVED
CVE-2018-2536
	RESERVED
CVE-2018-2535
	RESERVED
CVE-2018-2534
	RESERVED
CVE-2018-2533
	RESERVED
CVE-2018-2532
	RESERVED
CVE-2018-2531
	RESERVED
CVE-2018-2530
	RESERVED
CVE-2018-2529
	RESERVED
CVE-2018-2528
	RESERVED
CVE-2018-2527
	RESERVED
CVE-2018-2526
	RESERVED
CVE-2018-2525
	RESERVED
CVE-2018-2524
	RESERVED
CVE-2018-2523
	RESERVED
CVE-2018-2522
	RESERVED
CVE-2018-2521
	RESERVED
CVE-2018-2520
	RESERVED
CVE-2018-2519
	RESERVED
CVE-2018-2518
	RESERVED
CVE-2018-2517
	RESERVED
CVE-2018-2516
	RESERVED
CVE-2018-2515
	REJECTED
CVE-2018-2514
	RESERVED
CVE-2018-2513
	RESERVED
CVE-2018-2512
	RESERVED
CVE-2018-2511
	RESERVED
CVE-2018-2510
	RESERVED
CVE-2018-2509
	RESERVED
CVE-2018-2508
	RESERVED
CVE-2018-2507
	RESERVED
CVE-2018-2506
	RESERVED
CVE-2018-2505 (SAP Commerce does not sufficiently validate user-controlled inputs, re ...)
	NOT-FOR-US: SAP
CVE-2018-2504 (SAP NetWeaver AS Java Web Container service does not validate against  ...)
	NOT-FOR-US: SAP
CVE-2018-2503 (By default, the SAP NetWeaver AS Java keystore service does not suffic ...)
	NOT-FOR-US: SAP
CVE-2018-2502 (TRACE method is enabled in SAP Business One Service Layer . Attacker c ...)
	NOT-FOR-US: SAP
CVE-2018-2501
	RESERVED
CVE-2018-2500 (Under certain conditions SAP Mobile Secure Android client (before vers ...)
	NOT-FOR-US: SAP
CVE-2018-2499 (A security weakness in SAP Financial Consolidation Cube Designer (BOBJ ...)
	NOT-FOR-US: SAP
CVE-2018-2498
	RESERVED
CVE-2018-2497 (The security audit log of SAP HANA, versions 1.0 and 2.0, does not log ...)
	NOT-FOR-US: SAP
CVE-2018-2496
	RESERVED
CVE-2018-2495
	RESERVED
CVE-2018-2494 (Necessary authorization checks for an authenticated user, resulting in ...)
	NOT-FOR-US: SAP
CVE-2018-2493
	RESERVED
CVE-2018-2492 (SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently ...)
	NOT-FOR-US: SAP
CVE-2018-2491 (When opening a deep link URL in SAP Fiori Client with log level set to ...)
	NOT-FOR-US: SAP
CVE-2018-2490 (The broadcast messages received by SAP Fiori Client are not protected  ...)
	NOT-FOR-US: SAP
CVE-2018-2489 (Locally, without any permission, an arbitrary android application coul ...)
	NOT-FOR-US: SAP
CVE-2018-2488 (It is possible for a malware application installed on an Android devic ...)
	NOT-FOR-US: SAP
CVE-2018-2487 (SAP Disclosure Management 10.x allows an attacker to exploit through a ...)
	NOT-FOR-US: SAP
CVE-2018-2486 (SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does  ...)
	NOT-FOR-US: SAP
CVE-2018-2485 (It is possible for a malicious application or malware to execute JavaS ...)
	NOT-FOR-US: SAP
CVE-2018-2484 (SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; ...)
	NOT-FOR-US: SAP
CVE-2018-2483 (HTTP Verb Tampering is possible in SAP BusinessObjects Business Intell ...)
	NOT-FOR-US: SAP
CVE-2018-2482 (SAP Mobile Secure Android Application, Mobile-secure.apk Android clien ...)
	NOT-FOR-US: SAP
CVE-2018-2481 (In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to ...)
	NOT-FOR-US: SAP
CVE-2018-2480
	RESERVED
CVE-2018-2479 (SAP BusinessObjects Business Intelligence Platform (BIWorkspace), vers ...)
	NOT-FOR-US: SAP
CVE-2018-2478 (An attacker can use specially crafted inputs to execute commands on th ...)
	NOT-FOR-US: SAP
CVE-2018-2477 (Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, ...)
	NOT-FOR-US: SAP
CVE-2018-2476 (Due to insufficient URL Validation in forums in SAP NetWeaver versions ...)
	NOT-FOR-US: SAP
CVE-2018-2475 (Following the Gardener architecture, the Kubernetes apiserver of a Gar ...)
	NOT-FOR-US: SAP
CVE-2018-2474 (SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) appli ...)
	NOT-FOR-US: SAP
CVE-2018-2473 (SAP BusinessObjects Business Intelligence Platform Server, versions 4. ...)
	NOT-FOR-US: SAP
CVE-2018-2472 (SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web  ...)
	NOT-FOR-US: SAP
CVE-2018-2471 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
	NOT-FOR-US: SAP
CVE-2018-2470 (In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30,  ...)
	NOT-FOR-US: SAP
CVE-2018-2469 (Under certain conditions SAP Adaptive Server Enterprise (ASE), version ...)
	NOT-FOR-US: SAP
CVE-2018-2468 (Under certain conditions the backup server in SAP Adaptive Server Ente ...)
	NOT-FOR-US: SAP
CVE-2018-2467 (In the Software Development Kit in SAP BusinessObjects BI Platform Ser ...)
	NOT-FOR-US: SAP
CVE-2018-2466 (In Impact and Lineage Analysis in SAP Data Services, version 4.2, the  ...)
	NOT-FOR-US: SAP
CVE-2018-2465 (SAP HANA (versions 1.0 and 2.0) Extended Application Services classic  ...)
	NOT-FOR-US: SAP
CVE-2018-2464 (SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not su ...)
	NOT-FOR-US: SAP
CVE-2018-2463 (The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6 ...)
	NOT-FOR-US: SAP
CVE-2018-2462 (In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWe ...)
	NOT-FOR-US: SAP
CVE-2018-2461 (Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 H ...)
	NOT-FOR-US: SAP
CVE-2018-2460 (SAP Business One Android application, version 1.2, does not verify the ...)
	NOT-FOR-US: SAP
CVE-2018-2459 (Users of an SAP Mobile Platform (version 3.0) Offline OData applicatio ...)
	NOT-FOR-US: SAP
CVE-2018-2458 (Under certain conditions, Crystal Report using SAP Business One, versi ...)
	NOT-FOR-US: SAP
CVE-2018-2457 (Under certain conditions SAP Adaptive Server Enterprise, version 16.0, ...)
	NOT-FOR-US: SAP
CVE-2018-2456
	RESERVED
CVE-2018-2455 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6. ...)
	NOT-FOR-US: SAP
CVE-2018-2454 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6. ...)
	NOT-FOR-US: SAP
CVE-2018-2453
	RESERVED
CVE-2018-2452 (The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.3 ...)
	NOT-FOR-US: SAP
CVE-2018-2451 (XS Command-Line Interface (CLI) user sessions with the SAP HANA Extend ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who ge ...)
	NOT-FOR-US: SAP MaxDB
CVE-2018-2449 (SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - ...)
	NOT-FOR-US: SAP SRM MDM Catalog
CVE-2018-2448 (Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02 ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence Platform
CVE-2018-2447 (SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2446 (Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1 ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2445 (AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2444 (SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does ...)
	NOT-FOR-US: SAP BusinessObjects Financial Consolidation
CVE-2018-2443
	RESERVED
CVE-2018-2442 (In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4. ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2441 (Under certain conditions the SAP Change and Transport System (ABAP), S ...)
	NOT-FOR-US: SAP Change and Transport System
CVE-2018-2440 (Under certain circumstances SAP Dynamic Authorization Management (DAM) ...)
	NOT-FOR-US: SAP
CVE-2018-2439 (The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.5 ...)
	NOT-FOR-US: SAP
CVE-2018-2438 (The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.5 ...)
	NOT-FOR-US: SAP
CVE-2018-2437 (The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7. ...)
	NOT-FOR-US: SAP
CVE-2018-2436 (Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does no ...)
	NOT-FOR-US: SAP
CVE-2018-2435 (SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7. ...)
	NOT-FOR-US: SAP
CVE-2018-2434 (A content spoofing vulnerability in the following components allows to ...)
	NOT-FOR-US: SAP
CVE-2018-2433 (SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 N ...)
	NOT-FOR-US: SAP
CVE-2018-2432 (SAP BusinessObjects Business Intelligence (BI Launchpad and Central Ma ...)
	NOT-FOR-US: SAP
CVE-2018-2431 (SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.2 ...)
	NOT-FOR-US: SAP
CVE-2018-2430
	RESERVED
CVE-2018-2429
	RESERVED
CVE-2018-2428 (Under certain conditions SAP UI5 Handler allows an attacker to access  ...)
	NOT-FOR-US: SAP
CVE-2018-2427 (SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.2 ...)
	NOT-FOR-US: SAP
CVE-2018-2426
	RESERVED
CVE-2018-2425 (Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA bac ...)
	NOT-FOR-US: SAP
CVE-2018-2424 (SAP UI5 did not validate user input before adding it to the DOM struct ...)
	NOT-FOR-US: SAP
CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, H ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2421 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2420 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, a ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2419 (SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1 ...)
	NOT-FOR-US: SAP Enterprise Financial Services
CVE-2018-2418 (SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attack ...)
	NOT-FOR-US: SAP MaxDB ODBC driver
CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass of typ ...)
	NOT-FOR-US: SAP Identity Management
CVE-2018-2416 (SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XM ...)
	NOT-FOR-US: SAP Identity Management
CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP Service ( ...)
	NOT-FOR-US: SAP NetWeaver Application Server Java Web Container and HTTP Service
CVE-2018-2414
	RESERVED
CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary authorizatio ...)
	NOT-FOR-US: SAP
CVE-2018-2412 (SAP Disclosure Management 10.1 does not perform necessary authorizatio ...)
	NOT-FOR-US: SAP
CVE-2018-2411
	RESERVED
CVE-2018-2410 (SAP Business One, 9.2, 9.3, browser access does not sufficiently encod ...)
	NOT-FOR-US: SAP
CVE-2018-2409 (Improper session management when using SAP Cloud Platform 2.0 (Connect ...)
	NOT-FOR-US: SAP
CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.10, f ...)
	NOT-FOR-US: SAP
CVE-2018-2407
	RESERVED
CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability  ...)
	NOT-FOR-US: Crystal Reports Server
CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allo ...)
	NOT-FOR-US: SAP
CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file w ...)
	NOT-FOR-US: SAP
CVE-2018-2403 (Under certain conditions, SAP Disclosure Management 10.1 allows an att ...)
	NOT-FOR-US: SAP
CVE-2018-2402 (In systems using the optional capture &amp; replay functionality of SA ...)
	NOT-FOR-US: SAP
CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not sufficiently ...)
	NOT-FOR-US: SAP
CVE-2018-2400 (Under certain conditions SAP Business Process Automation (BPA) By Redw ...)
	NOT-FOR-US: SAP
CVE-2018-2399 (Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 t ...)
	NOT-FOR-US: SAP
CVE-2018-2398 (Under certain conditions SAP Business Client 6.5 allows an attacker to ...)
	NOT-FOR-US: SAP
CVE-2018-2397 (In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4. ...)
	NOT-FOR-US: SAP
CVE-2018-2396 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2395 (Under certain conditions a malicious user may retrieve information on  ...)
	NOT-FOR-US: SAP Internet Graphic Server
CVE-2018-2394 (Under certain conditions an unauthenticated malicious user can prevent ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2393 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2392 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2391 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2390 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2389 (Under certain conditions a malicious user can inject log files of SAP  ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2388 (Stored cross-site scripting vulnerability in SAP internet Graphics Ser ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2387 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7. ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2386 (Under certain conditions a malicious user provoking an out of bounds b ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2385 (Under certain conditions a malicious user provoking a divide by zero c ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2384 (Under certain conditions a malicious user provoking a Null Pointer der ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2383 (Reflected cross-site scripting vulnerability in SAP internet Graphics  ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7. ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04 ...)
	NOT-FOR-US: SAP ERP Financials Information System
CVE-2018-2380 (SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to expl ...)
	NOT-FOR-US: SAP CRM
CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an unauthenticated use ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized users can ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2377 (In SAP HANA Extended Application Services, 1.0, some general server st ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2376 (In SAP HANA Extended Application Services, 1.0, a controller user who  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2375 (In SAP HANA Extended Application Services, 1.0, a controller user who  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2374 (In SAP HANA Extended Application Services, 1.0, a controller user who  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2373 (Under certain circumstances, a specific endpoint of the Controller's A ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2372 (A plain keystore password is written to a system log file in SAP HANA  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2371 (The SAML 2.0 service provider of SAP Netweaver AS Java Web Application ...)
	NOT-FOR-US: SAP Netweaver AS Java Web Application
CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central Manage ...)
	NOT-FOR-US: SAP Central Management Console
CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticat ...)
	NOT-FOR-US: SAP HANA
CVE-2018-2368 (SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7. ...)
	NOT-FOR-US: SAP NetWeaver System Landscape Directory
CVE-2018-2367 (ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.1 ...)
	NOT-FOR-US: SAP BASIS
CVE-2018-2366 (SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an  ...)
	NOT-FOR-US: SAP
CVE-2018-2365 (SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1 ...)
	NOT-FOR-US: SAP
CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send  ...)
	NOT-FOR-US: SAP HANA
CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Busine ...)
	NOT-FOR-US: SAP Solution Manager
CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an au ...)
	NOT-FOR-US: SAP Startup Service
CVE-2017-17701 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer de ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17700 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer de ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17699 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer de ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17698 (Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflect ...)
	NOT-FOR-US: Zoho ManageEngine Password Manager Pro
CVE-2017-17697 (The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 ha ...)
	NOT-FOR-US: Harbor
CVE-2017-17696 (Techno - Portfolio Management Panel through 2017-11-16 allows full pat ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17695 (Techno - Portfolio Management Panel through 2017-11-16 allows SQL Inje ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17694 (Techno - Portfolio Management Panel through 2017-11-16 allows XSS via  ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does not check  ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass th ...)
	NOT-FOR-US: Samsung Internet Browser
CVE-2017-17691 (Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses clea ...)
	NOT-FOR-US: Homeputer CL Studio fur HomeMatic
CVE-2017-17690
	RESERVED
CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) malleabi ...)
	- evolution <unfixed> (bug #898633; unimportant)
	- kf5-messagelib 4:18.08.1-1 (bug #899127)
	[stretch] - kf5-messagelib <no-dsa> (Defaults to secure handling, change to disable it entirely can be fixed via spu)
	- kdepim <removed> (bug #899128)
	[stretch] - kdepim <no-dsa> (Defaults to secure handling, change to disable it entirely can be fixed via spu)
	[jessie] - kdepim <no-dsa> (Defaults to secure handling, change to disable it entirely can be fixed via spu)
	NOTE: https://efail.de
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135
	NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
	NOTE: protocol vulnerability can't be fixed in implementations but they can prevent exploitation by disabling loading of remote content
	NOTE: kmail bug is #898634, but src:kmail is not affected, the code in question is in kf5-messagelib
	NOTE: kf5-messagelib: https://phabricator.kde.org/D12391 (v18.04.1)
	NOTE: kf5-messagelib: https://phabricator.kde.org/D12393 (v18.04.1)
	NOTE: kmail: https://phabricator.kde.org/D12394
CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode ...)
	- enigmail 2:2.0.6.1-4 (bug #898630)
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: vulnerability is in the clients handling, not in OpenPGP
	NOTE: https://efail.de
	NOTE: possibly https://sourceforge.net/p/enigmail/source/ci/f6c111 and https://sourceforge.net/p/enigmail/source/ci/d2a83a
	NOTE: Marking the first 2.x version which reached unstable as fixed, see discussion in #898630
CVE-2017-17687
	RESERVED
CVE-2017-17686
	RESERVED
CVE-2017-17685
	RESERVED
CVE-2016-10703 (A regular expression Denial of Service (DoS) vulnerability in the file ...)
	NOT-FOR-US: ecstatic npm
CVE-2018-2359
	REJECTED
CVE-2018-2358
	REJECTED
CVE-2018-2357
	REJECTED
CVE-2018-2356
	REJECTED
CVE-2018-2355
	REJECTED
CVE-2018-2354
	REJECTED
CVE-2018-2353
	REJECTED
CVE-2018-2352
	REJECTED
CVE-2018-2351
	REJECTED
CVE-2018-2350
	REJECTED
CVE-2018-2349
	REJECTED
CVE-2018-2348
	REJECTED
CVE-2018-2347
	REJECTED
CVE-2018-2346
	REJECTED
CVE-2018-2345
	REJECTED
CVE-2018-2344
	REJECTED
CVE-2018-2343
	REJECTED
CVE-2018-2342
	REJECTED
CVE-2018-2341
	REJECTED
CVE-2018-2340
	REJECTED
CVE-2018-2339
	REJECTED
CVE-2018-2338
	REJECTED
CVE-2018-2337
	REJECTED
CVE-2018-2336
	REJECTED
CVE-2018-2335
	REJECTED
CVE-2018-2334
	REJECTED
CVE-2018-2333
	REJECTED
CVE-2018-2332
	REJECTED
CVE-2018-2331
	REJECTED
CVE-2018-2330
	REJECTED
CVE-2018-2329
	REJECTED
CVE-2018-2328
	REJECTED
CVE-2018-2327
	REJECTED
CVE-2018-2326
	REJECTED
CVE-2018-2325
	REJECTED
CVE-2018-2324
	REJECTED
CVE-2018-2323
	REJECTED
CVE-2018-2322
	REJECTED
CVE-2018-2321
	REJECTED
CVE-2018-2320
	REJECTED
CVE-2018-2319
	REJECTED
CVE-2018-2318
	REJECTED
CVE-2018-2317
	REJECTED
CVE-2018-2316
	REJECTED
CVE-2018-2315
	REJECTED
CVE-2018-2314
	REJECTED
CVE-2018-2313
	REJECTED
CVE-2018-2312
	REJECTED
CVE-2018-2311
	REJECTED
CVE-2018-2310
	REJECTED
CVE-2018-2309
	REJECTED
CVE-2018-2308
	REJECTED
CVE-2018-2307
	REJECTED
CVE-2018-2306
	REJECTED
CVE-2018-2305
	REJECTED
CVE-2018-2304
	REJECTED
CVE-2018-2303
	REJECTED
CVE-2018-2302
	REJECTED
CVE-2018-2301
	REJECTED
CVE-2018-2300
	REJECTED
CVE-2018-2299
	REJECTED
CVE-2018-2298
	REJECTED
CVE-2018-2297
	REJECTED
CVE-2018-2296
	REJECTED
CVE-2018-2295
	REJECTED
CVE-2018-2294
	REJECTED
CVE-2018-2293
	REJECTED
CVE-2018-2292
	REJECTED
CVE-2018-2291
	REJECTED
CVE-2018-2290
	REJECTED
CVE-2018-2289
	REJECTED
CVE-2018-2288
	REJECTED
CVE-2018-2287
	REJECTED
CVE-2018-2286
	REJECTED
CVE-2018-2285
	REJECTED
CVE-2018-2284
	REJECTED
CVE-2018-2283
	REJECTED
CVE-2018-2282
	REJECTED
CVE-2018-2281
	REJECTED
CVE-2018-2280
	REJECTED
CVE-2018-2279
	REJECTED
CVE-2018-2278
	REJECTED
CVE-2018-2277
	REJECTED
CVE-2018-2276
	REJECTED
CVE-2018-2275
	REJECTED
CVE-2018-2274
	REJECTED
CVE-2018-2273
	REJECTED
CVE-2018-2272
	REJECTED
CVE-2018-2271
	REJECTED
CVE-2018-2270
	REJECTED
CVE-2018-2269
	REJECTED
CVE-2018-2268
	REJECTED
CVE-2018-2267
	REJECTED
CVE-2018-2266
	REJECTED
CVE-2018-2265
	REJECTED
CVE-2018-2264
	REJECTED
CVE-2018-2263
	REJECTED
CVE-2018-2262
	REJECTED
CVE-2018-2261
	REJECTED
CVE-2018-2260
	REJECTED
CVE-2018-2259
	REJECTED
CVE-2018-2258
	REJECTED
CVE-2018-2257
	REJECTED
CVE-2018-2256
	REJECTED
CVE-2018-2255
	REJECTED
CVE-2018-2254
	REJECTED
CVE-2018-2253
	REJECTED
CVE-2018-2252
	REJECTED
CVE-2018-2251
	REJECTED
CVE-2018-2250
	REJECTED
CVE-2018-2249
	REJECTED
CVE-2018-2248
	REJECTED
CVE-2018-2247
	REJECTED
CVE-2018-2246
	REJECTED
CVE-2018-2245
	REJECTED
CVE-2018-2244
	REJECTED
CVE-2018-2243
	REJECTED
CVE-2018-2242
	REJECTED
CVE-2018-2241
	REJECTED
CVE-2018-2240
	REJECTED
CVE-2018-2239
	REJECTED
CVE-2018-2238
	REJECTED
CVE-2018-2237
	REJECTED
CVE-2018-2236
	REJECTED
CVE-2018-2235
	REJECTED
CVE-2018-2234
	REJECTED
CVE-2018-2233
	REJECTED
CVE-2018-2232
	REJECTED
CVE-2018-2231
	REJECTED
CVE-2018-2230
	REJECTED
CVE-2018-2229
	REJECTED
CVE-2018-2228
	REJECTED
CVE-2018-2227
	REJECTED
CVE-2018-2226
	REJECTED
CVE-2018-2225
	REJECTED
CVE-2018-2224
	REJECTED
CVE-2018-2223
	REJECTED
CVE-2018-2222
	REJECTED
CVE-2018-2221
	REJECTED
CVE-2018-2220
	REJECTED
CVE-2018-2219
	REJECTED
CVE-2018-2218
	REJECTED
CVE-2018-2217
	REJECTED
CVE-2018-2216
	REJECTED
CVE-2018-2215
	REJECTED
CVE-2018-2214
	REJECTED
CVE-2018-2213
	REJECTED
CVE-2018-2212
	REJECTED
CVE-2018-2211
	REJECTED
CVE-2018-2210
	REJECTED
CVE-2018-2209
	REJECTED
CVE-2018-2208
	REJECTED
CVE-2018-2207
	REJECTED
CVE-2018-2206
	REJECTED
CVE-2018-2205
	REJECTED
CVE-2018-2204
	REJECTED
CVE-2018-2203
	REJECTED
CVE-2018-2202
	REJECTED
CVE-2018-2201
	REJECTED
CVE-2018-2200
	REJECTED
CVE-2018-2199
	REJECTED
CVE-2018-2198
	REJECTED
CVE-2018-2197
	REJECTED
CVE-2018-2196
	REJECTED
CVE-2018-2195
	REJECTED
CVE-2018-2194
	REJECTED
CVE-2018-2193
	REJECTED
CVE-2018-2192
	REJECTED
CVE-2018-2191
	REJECTED
CVE-2018-2190
	REJECTED
CVE-2018-2189
	REJECTED
CVE-2018-2188
	REJECTED
CVE-2018-2187
	REJECTED
CVE-2018-2186
	REJECTED
CVE-2018-2185
	REJECTED
CVE-2018-2184
	REJECTED
CVE-2018-2183
	REJECTED
CVE-2018-2182
	REJECTED
CVE-2018-2181
	REJECTED
CVE-2018-2180
	REJECTED
CVE-2018-2179
	REJECTED
CVE-2018-2178
	REJECTED
CVE-2018-2177
	REJECTED
CVE-2018-2176
	REJECTED
CVE-2018-2175
	REJECTED
CVE-2018-2174
	REJECTED
CVE-2018-2173
	REJECTED
CVE-2018-2172
	REJECTED
CVE-2018-2171
	REJECTED
CVE-2018-2170
	REJECTED
CVE-2018-2169
	REJECTED
CVE-2018-2168
	REJECTED
CVE-2018-2167
	REJECTED
CVE-2018-2166
	REJECTED
CVE-2018-2165
	REJECTED
CVE-2018-2164
	REJECTED
CVE-2018-2163
	REJECTED
CVE-2018-2162
	REJECTED
CVE-2018-2161
	REJECTED
CVE-2018-2160
	REJECTED
CVE-2018-2159
	REJECTED
CVE-2018-2158
	REJECTED
CVE-2018-2157
	REJECTED
CVE-2018-2156
	REJECTED
CVE-2018-2155
	REJECTED
CVE-2018-2154
	REJECTED
CVE-2018-2153
	REJECTED
CVE-2018-2152
	REJECTED
CVE-2018-2151
	REJECTED
CVE-2018-2150
	REJECTED
CVE-2018-2149
	REJECTED
CVE-2018-2148
	REJECTED
CVE-2018-2147
	REJECTED
CVE-2018-2146
	REJECTED
CVE-2018-2145
	REJECTED
CVE-2018-2144
	REJECTED
CVE-2018-2143
	REJECTED
CVE-2018-2142
	REJECTED
CVE-2018-2141
	REJECTED
CVE-2018-2140
	REJECTED
CVE-2018-2139
	REJECTED
CVE-2018-2138
	REJECTED
CVE-2018-2137
	REJECTED
CVE-2018-2136
	REJECTED
CVE-2018-2135
	REJECTED
CVE-2018-2134
	REJECTED
CVE-2018-2133
	REJECTED
CVE-2018-2132
	REJECTED
CVE-2018-2131
	REJECTED
CVE-2018-2130
	REJECTED
CVE-2018-2129
	REJECTED
CVE-2018-2128
	REJECTED
CVE-2018-2127
	REJECTED
CVE-2018-2126
	REJECTED
CVE-2018-2125
	REJECTED
CVE-2018-2124
	REJECTED
CVE-2018-2123
	REJECTED
CVE-2018-2122
	REJECTED
CVE-2018-2121
	REJECTED
CVE-2018-2120
	REJECTED
CVE-2018-2119
	REJECTED
CVE-2018-2118
	REJECTED
CVE-2018-2117
	REJECTED
CVE-2018-2116
	REJECTED
CVE-2018-2115
	REJECTED
CVE-2018-2114
	REJECTED
CVE-2018-2113
	REJECTED
CVE-2018-2112
	REJECTED
CVE-2018-2111
	REJECTED
CVE-2018-2110
	REJECTED
CVE-2018-2109
	REJECTED
CVE-2018-2108
	REJECTED
CVE-2018-2107
	REJECTED
CVE-2018-2106
	REJECTED
CVE-2018-2105
	REJECTED
CVE-2018-2104
	REJECTED
CVE-2018-2103
	REJECTED
CVE-2018-2102
	REJECTED
CVE-2018-2101
	REJECTED
CVE-2018-2100
	REJECTED
CVE-2018-2099
	REJECTED
CVE-2018-2098
	REJECTED
CVE-2018-2097
	REJECTED
CVE-2018-2096
	REJECTED
CVE-2018-2095
	REJECTED
CVE-2018-2094
	REJECTED
CVE-2018-2093
	REJECTED
CVE-2018-2092
	REJECTED
CVE-2018-2091
	REJECTED
CVE-2018-2090
	REJECTED
CVE-2018-2089
	REJECTED
CVE-2018-2088
	REJECTED
CVE-2018-2087
	REJECTED
CVE-2018-2086
	REJECTED
CVE-2018-2085
	REJECTED
CVE-2018-2084
	REJECTED
CVE-2018-2083
	REJECTED
CVE-2018-2082
	REJECTED
CVE-2018-2081
	REJECTED
CVE-2018-2080
	REJECTED
CVE-2018-2079
	REJECTED
CVE-2018-2078
	REJECTED
CVE-2018-2077
	REJECTED
CVE-2018-2076
	REJECTED
CVE-2018-2075
	REJECTED
CVE-2018-2074
	REJECTED
CVE-2018-2073
	REJECTED
CVE-2018-2072
	REJECTED
CVE-2018-2071
	REJECTED
CVE-2018-2070
	REJECTED
CVE-2018-2069
	REJECTED
CVE-2018-2068
	REJECTED
CVE-2018-2067
	REJECTED
CVE-2018-2066
	REJECTED
CVE-2018-2065
	REJECTED
CVE-2018-2064
	REJECTED
CVE-2018-2063
	REJECTED
CVE-2018-2062
	REJECTED
CVE-2018-2061
	REJECTED
CVE-2018-2060
	REJECTED
CVE-2018-2059
	REJECTED
CVE-2018-2058
	REJECTED
CVE-2018-2057
	REJECTED
CVE-2018-2056
	REJECTED
CVE-2018-2055
	REJECTED
CVE-2018-2054
	REJECTED
CVE-2018-2053
	REJECTED
CVE-2018-2052
	REJECTED
CVE-2018-2051
	REJECTED
CVE-2018-2050
	REJECTED
CVE-2018-2049
	REJECTED
CVE-2018-2048
	REJECTED
CVE-2018-2047
	REJECTED
CVE-2018-2046
	REJECTED
CVE-2018-2045
	REJECTED
CVE-2018-2044
	REJECTED
CVE-2018-2043
	REJECTED
CVE-2018-2042
	REJECTED
CVE-2018-2041
	REJECTED
CVE-2018-2040
	REJECTED
CVE-2018-2039
	REJECTED
CVE-2018-2038
	REJECTED
CVE-2018-2037
	REJECTED
CVE-2018-2036
	REJECTED
CVE-2018-2035
	REJECTED
CVE-2018-2034
	REJECTED
CVE-2018-2033
	REJECTED
CVE-2018-2032
	REJECTED
CVE-2018-2031
	REJECTED
CVE-2018-2030
	RESERVED
CVE-2018-2029
	RESERVED
CVE-2018-2028 (IBM Maximo Asset Management 7.6 could allow a an authenticated user to ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-2027
	RESERVED
CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments could all ...)
	NOT-FOR-US: IBM
CVE-2018-2025 (IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect fo ...)
	NOT-FOR-US: IBM
CVE-2018-2024 (IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-criti ...)
	NOT-FOR-US: IBM
CVE-2018-2023
	RESERVED
CVE-2018-2022 (IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unautho ...)
	NOT-FOR-US: IBM
CVE-2018-2021 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2018-2020
	RESERVED
CVE-2018-2019 (IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2018-2018
	RESERVED
CVE-2018-2017
	RESERVED
CVE-2018-2016
	RESERVED
CVE-2018-2015 (IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2018-2014
	RESERVED
CVE-2018-2013 (IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive inf ...)
	NOT-FOR-US: IBM
CVE-2018-2012
	RESERVED
CVE-2018-2011 (IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to o ...)
	NOT-FOR-US: IBM
CVE-2018-2010
	RESERVED
CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an information dis ...)
	NOT-FOR-US: IBM
CVE-2018-2008 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensit ...)
	NOT-FOR-US: IBM
CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected crypto ...)
	NOT-FOR-US: IBM
CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
	NOT-FOR-US: IBM
CVE-2018-2005 (IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive informati ...)
	NOT-FOR-US: IBM
CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2018-2003
	RESERVED
CVE-2018-2002
	RESERVED
CVE-2018-2001 (IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is v ...)
	NOT-FOR-US: IBM
CVE-2018-2000 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1999 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
	NOT-FOR-US: IBM
CVE-2018-1998 (IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inj ...)
	NOT-FOR-US: IBM
CVE-2018-1997 (IBM Business Automation Workflow and Business Process Manager 18.0.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide  ...)
	NOT-FOR-US: IBM
CVE-2018-1995
	RESERVED
CVE-2018-1994 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL i ...)
	NOT-FOR-US: IBM
CVE-2018-1993 (IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is  ...)
	NOT-FOR-US: IBM
CVE-2018-1991 (IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive info ...)
	NOT-FOR-US: IBM
CVE-2018-1990 (IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1989
	RESERVED
CVE-2018-1988
	RESERVED
CVE-2018-1987 (IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if  ...)
	NOT-FOR-US: IBM
CVE-2018-1986
	RESERVED
CVE-2018-1985
	RESERVED
CVE-2018-1984 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1983 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1982 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1981
	RESERVED
CVE-2018-1980 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1979
	RESERVED
CVE-2018-1978 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...)
	NOT-FOR-US: IBM
CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive infor ...)
	NOT-FOR-US: IBM
CVE-2018-1975 (IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9 ...)
	NOT-FOR-US: IBM
CVE-2018-1974 (IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attac ...)
	NOT-FOR-US: IBM
CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'AP ...)
	NOT-FOR-US: IBM
CVE-2018-1972
	RESERVED
CVE-2018-1971
	RESERVED
CVE-2018-1970 (IBM Security Identity Manager 7.0.1 is vulnerable to a XML External En ...)
	NOT-FOR-US: IBM
CVE-2018-1969 (IBM Security Identity Manager 6.0.0 allows the attacker to upload or t ...)
	NOT-FOR-US: IBM
CVE-2018-1968 (IBM Security Identity Manager 7.0.1 discloses sensitive information to ...)
	NOT-FOR-US: IBM
CVE-2018-1967 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2018-1966
	RESERVED
CVE-2018-1965
	RESERVED
CVE-2018-1964
	RESERVED
CVE-2018-1963
	RESERVED
CVE-2018-1962 (IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalid ...)
	NOT-FOR-US: IBM
CVE-2018-1961 (IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose se ...)
	NOT-FOR-US: IBM
CVE-2018-1960
	RESERVED
CVE-2018-1959 (IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-co ...)
	NOT-FOR-US: IBM
CVE-2018-1958
	RESERVED
CVE-2018-1957 (IBM WebSphere Application Server 9 could allow sensitive information t ...)
	NOT-FOR-US: IBM
CVE-2018-1956 (IBM Security Identity Manager 6.0.0 does not require that users should ...)
	NOT-FOR-US: IBM
CVE-2018-1955
	RESERVED
CVE-2018-1954
	RESERVED
CVE-2018-1953
	RESERVED
CVE-2018-1952 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1951 (IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1950 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1949 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1948 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1947 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1946 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1945 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1944 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1943 (IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header in ...)
	NOT-FOR-US: IBM
CVE-2018-1942
	RESERVED
CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini ...)
	NOT-FOR-US: IBM
CVE-2018-1940
	RESERVED
CVE-2018-1939 (IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phish ...)
	NOT-FOR-US: IBM
CVE-2018-1938 (IBM Cloud Private 3.1.1 could alllow a local user with administrator p ...)
	NOT-FOR-US: IBM
CVE-2018-1937 (IBM Cloud Private 3.1.1 could alllow a local user with administrator p ...)
	NOT-FOR-US: IBM
CVE-2018-1936 (IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stac ...)
	NOT-FOR-US: IBM
CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2018-1934 (IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site re ...)
	NOT-FOR-US: IBM
CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site s ...)
	NOT-FOR-US: IBM
CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability ...)
	NOT-FOR-US: IBM
CVE-2018-1931
	RESERVED
CVE-2018-1930
	RESERVED
CVE-2018-1929 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1928 (IBM StoredIQ 7.6.0 does not implement proper authorization of user rol ...)
	NOT-FOR-US: IBM
CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which cou ...)
	NOT-FOR-US: IBM
CVE-2018-1926 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console  ...)
	NOT-FOR-US: IBM
CVE-2018-1925 (IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryp ...)
	NOT-FOR-US: IBM
CVE-2018-1924
	RESERVED
CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1922 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1921 (IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML Ex ...)
	NOT-FOR-US: IBM
CVE-2018-1919
	RESERVED
CVE-2018-1918 (IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vul ...)
	NOT-FOR-US: IBM
CVE-2018-1917 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an  ...)
	NOT-FOR-US: IBM
CVE-2018-1916 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1915
	RESERVED
CVE-2018-1914 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulner ...)
	NOT-FOR-US: IBM
CVE-2018-1913 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1912 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2018-1911 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1910 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulner ...)
	NOT-FOR-US: IBM
CVE-2018-1909
	RESERVED
CVE-2018-1908 (IBM Robotic Process Automation with Automation Anywhere 11 is vulnerab ...)
	NOT-FOR-US: IBM
CVE-2018-1907
	RESERVED
CVE-2018-1906 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an a ...)
	NOT-FOR-US: IBM
CVE-2018-1905 (IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2018-1904 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow re ...)
	NOT-FOR-US: IBM
CVE-2018-1903 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1902 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2018-1900 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...)
	NOT-FOR-US: IBM
CVE-2018-1899 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an  ...)
	NOT-FOR-US: IBM
CVE-2018-1898
	RESERVED
CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcf ...)
	NOT-FOR-US: IBM
CVE-2018-1896 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host heade ...)
	NOT-FOR-US: IBM
CVE-2018-1895 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1894
	RESERVED
CVE-2018-1893 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1892 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1891 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2018-1890 (IBM SDK, Java Technology Edition Version 8 on the AIX platform uses ab ...)
	NOT-FOR-US: IBM Java on AIX
CVE-2018-1889 (IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2018-1888 (An untrusted search path vulnerability in IBM i Access for Windows ver ...)
	NOT-FOR-US: IBM
CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1886 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1885 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
	NOT-FOR-US: IBM
CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3. ...)
	NOT-FOR-US: IBM Case Manager
CVE-2018-1883 (A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Co ...)
	NOT-FOR-US: IBM
CVE-2018-1882 (In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, ...)
	NOT-FOR-US: IBM
CVE-2018-1881
	RESERVED
CVE-2018-1880
	RESERVED
CVE-2018-1879
	RESERVED
CVE-2018-1878 (IBM Robotic Process Automation with Automation Anywhere 11 could discl ...)
	NOT-FOR-US: IBM
CVE-2018-1877 (IBM Robotic Process Automation with Automation Anywhere 11 could store ...)
	NOT-FOR-US: IBM
CVE-2018-1876 (IBM Robotic Process Automation with Automation Anywhere 11 could under ...)
	NOT-FOR-US: IBM
CVE-2018-1875 (IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 cou ...)
	NOT-FOR-US: IBM
CVE-2018-1874 (IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive ...)
	NOT-FOR-US: IBM
CVE-2018-1873
	RESERVED
CVE-2018-1872 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1871 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2018-1870
	RESERVED
CVE-2018-1869
	RESERVED
CVE-2018-1868
	RESERVED
CVE-2018-1867
	RESERVED
CVE-2018-1866
	RESERVED
CVE-2018-1865
	RESERVED
CVE-2018-1864
	RESERVED
CVE-2018-1863
	RESERVED
CVE-2018-1862
	RESERVED
CVE-2018-1861
	RESERVED
CVE-2018-1860
	RESERVED
CVE-2018-1859 (IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticat ...)
	NOT-FOR-US: IBM
CVE-2018-1858 (IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site re ...)
	NOT-FOR-US: IBM
CVE-2018-1857 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1856
	RESERVED
CVE-2018-1855
	RESERVED
CVE-2018-1854
	RESERVED
CVE-2018-1853 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could al ...)
	NOT-FOR-US: IBM
CVE-2018-1852
	RESERVED
CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could allow a  ...)
	NOT-FOR-US: IBM
CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 cou ...)
	NOT-FOR-US: IBM
CVE-2018-1849
	RESERVED
CVE-2018-1848 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1847 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 t ...)
	NOT-FOR-US: IBM
CVE-2018-1845 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML Ext ...)
	NOT-FOR-US: IBM
CVE-2018-1843 (The Identity and Access Management (IAM) services (IBM Cloud Private 3 ...)
	NOT-FOR-US: IBM
CVE-2018-1842 (IBM Cognos Analytics 11 Configuration tool, under certain circumstance ...)
	NOT-FOR-US: IBM
CVE-2018-1841 (IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Priv ...)
	NOT-FOR-US: IBM
CVE-2018-1840 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2018-1839
	RESERVED
CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1837
	RESERVED
CVE-2018-1836 (IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 cons ...)
	NOT-FOR-US: IBM
CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2018-1834 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1833 (IBM Event Streams 2018.3.0 could allow a remote attacker to submit an  ...)
	NOT-FOR-US: IBM Event Streams
CVE-2018-1832
	RESERVED
CVE-2018-1831
	RESERVED
CVE-2018-1830
	RESERVED
CVE-2018-1829 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1828 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1827 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1826 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1825 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1824 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1823 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1822 (IBM FlashSystem 900 product GUI allows a specially crafted attack to b ...)
	NOT-FOR-US: IBM
CVE-2018-1821 (IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vul ...)
	NOT-FOR-US: IBM
CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2018-1818 (IBM Security Guardium 10 and 10.5 contains hard-coded credentials, suc ...)
	NOT-FOR-US: IBM
CVE-2018-1817 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2018-1816
	RESERVED
CVE-2018-1815 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1814 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1813 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1812 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10  ...)
	NOT-FOR-US: IBM
CVE-2018-1811
	RESERVED
CVE-2018-1810
	RESERVED
CVE-2018-1809
	RESERVED
CVE-2018-1808 (IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server ...)
	NOT-FOR-US: IBM
CVE-2018-1807
	RESERVED
CVE-2018-1806
	RESERVED
CVE-2018-1805 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1804 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1803 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1802 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1801 (IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could ...)
	NOT-FOR-US: IBM
CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterpri ...)
	NOT-FOR-US: IBM
CVE-2018-1796 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10  ...)
	NOT-FOR-US: IBM
CVE-2018-1794 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ea ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1793 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1792 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9. ...)
	NOT-FOR-US: IBM
CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service ...)
	NOT-FOR-US: IBM
CVE-2018-1790 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
	NOT-FOR-US: IBM
CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitiv ...)
	NOT-FOR-US: IBM
CVE-2018-1787 (IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vu ...)
	NOT-FOR-US: IBM
CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses wea ...)
	NOT-FOR-US: IBM
CVE-2018-1784 (IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection i ...)
	NOT-FOR-US: IBM
CVE-2018-1783 (IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1782 (IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unpr ...)
	NOT-FOR-US: IBM
CVE-2018-1781 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1779 (IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated ...)
	NOT-FOR-US: IBM
CVE-2018-1778 (IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4)  ...)
	NOT-FOR-US: IBM
CVE-2018-1777 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2018-1776
	RESERVED
CVE-2018-1775 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an aut ...)
	NOT-FOR-US: IBM
CVE-2018-1772 (IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2018-1771 (IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands o ...)
	NOT-FOR-US: IBM
CVE-2018-1770 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2018-1769
	RESERVED
CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive i ...)
	NOT-FOR-US: IBM
CVE-2018-1767 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor i ...)
	NOT-FOR-US: IBM
CVE-2018-1766 (IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vul ...)
	NOT-FOR-US: IBM
CVE-2018-1765
	RESERVED
CVE-2018-1764 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1763 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1762 (IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and  ...)
	NOT-FOR-US: IBM
CVE-2018-1761 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1760 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1759 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1758 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1757 (IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 co ...)
	NOT-FOR-US: IBM
CVE-2018-1756 (IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is ...)
	NOT-FOR-US: IBM
CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1754
	RESERVED
CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error  ...)
	NOT-FOR-US: IBM
CVE-2018-1752
	RESERVED
CVE-2018-1751 (IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker tha ...)
	NOT-FOR-US: IBM
CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions for a sec ...)
	NOT-FOR-US: IBM
CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete bla ...)
	NOT-FOR-US: IBM
CVE-2018-1748
	RESERVED
CVE-2018-1747 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerabl ...)
	NOT-FOR-US: IBM
CVE-2018-1746
	RESERVED
CVE-2018-1745 (IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthen ...)
	NOT-FOR-US: IBM
CVE-2018-1744 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive ...)
	NOT-FOR-US: IBM
CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded ...)
	NOT-FOR-US: IBM
CVE-2018-1741 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly l ...)
	NOT-FOR-US: IBM
CVE-2018-1740 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1739
	RESERVED
CVE-2018-1738 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2018-1737
	RESERVED
CVE-2018-1736 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2018-1735
	RESERVED
CVE-2018-1734 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 di ...)
	NOT-FOR-US: IBM
CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled ...)
	NOT-FOR-US: IBM
CVE-2018-1732 (IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information  ...)
	NOT-FOR-US: IBM
CVE-2018-1731 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1730 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Inj ...)
	NOT-FOR-US: IBM
CVE-2018-1729 (IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized us ...)
	NOT-FOR-US: IBM
CVE-2018-1728 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2018-1727 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnera ...)
	NOT-FOR-US: IBM
CVE-2018-1726
	RESERVED
CVE-2018-1725
	RESERVED
CVE-2018-1724 (IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user ...)
	NOT-FOR-US: IBM
CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1721 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Ent ...)
	NOT-FOR-US: IBM
CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
	NOT-FOR-US: IBM
CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vuln ...)
	NOT-FOR-US: IBM
CVE-2018-1717
	RESERVED
CVE-2018-1716 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1715 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1714
	RESERVED
CVE-2018-1713
	RESERVED
CVE-2018-1712 (IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerab ...)
	NOT-FOR-US: IBM
CVE-2018-1711 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1710 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1709
	RESERVED
CVE-2018-1708 (IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated u ...)
	NOT-FOR-US: IBM
CVE-2018-1707
	RESERVED
CVE-2018-1706 (IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM
CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Sympho ...)
	NOT-FOR-US: IBM Platform Symphony
CVE-2018-1704 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Sympho ...)
	NOT-FOR-US: IBM
CVE-2018-1703
	RESERVED
CVE-2018-1702 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Sympho ...)
	NOT-FOR-US: IBM
CVE-2018-1701 (IBM InfoSphere Information Server 11.7 could allow an authenciated use ...)
	NOT-FOR-US: IBM
CVE-2018-1700
	RESERVED
CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL inj ...)
	NOT-FOR-US: IBM
CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthent ...)
	NOT-FOR-US: IBM
CVE-2018-1697 (IBM Maximo Asset Management 7.6 could allow an authenticated user to e ...)
	NOT-FOR-US: IBM
CVE-2018-1696
	RESERVED
CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations usi ...)
	NOT-FOR-US: IBM
CVE-2018-1694 (IBM Jazz applications (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2018-1693
	RESERVED
CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1691 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1690 (IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Rhapsody Model Manager
CVE-2018-1689
	RESERVED
CVE-2018-1688 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2018-1687
	RESERVED
CVE-2018-1686 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1684 (IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT to ...)
	NOT-FOR-US: IBM
CVE-2018-1683 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1682 (IBM Watson Studio Local 1.2.3 could disclose sensitive information ove ...)
	NOT-FOR-US: IBM
CVE-2018-1681
	RESERVED
CVE-2018-1680 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does  ...)
	NOT-FOR-US: IBM
CVE-2018-1679 (IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could a ...)
	NOT-FOR-US: IBM
CVE-2018-1678
	RESERVED
CVE-2018-1677 (IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and I ...)
	NOT-FOR-US: IBM
CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Planning Analytics
CVE-2018-1675 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 coul ...)
	NOT-FOR-US: IBM
CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1673 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correc ...)
	NOT-FOR-US: IBM
CVE-2018-1671 (IBM Curam Social Program Management 7.0.3 is vulnerable to HTML inject ...)
	NOT-FOR-US: IBM
CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM
CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0  ...)
	NOT-FOR-US: IBM
CVE-2018-1668 (IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1. ...)
	NOT-FOR-US: IBM
CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2. ...)
	NOT-FOR-US: IBM
CVE-2018-1666 (IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1665 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2. ...)
	NOT-FOR-US: IBM
CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0  ...)
	NOT-FOR-US: IBM
CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1662
	RESERVED
CVE-2018-1661 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cro ...)
	NOT-FOR-US: IBM
CVE-2018-1660 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1658 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2018-1657 (IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1656 (The IBM Java Runtime Environment's Diagnostic Tooling Framework for Ja ...)
	NOT-FOR-US: IBM JDK
CVE-2018-1655 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock  ...)
	NOT-FOR-US: IBM AIX
CVE-2018-1654 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...)
	NOT-FOR-US: IBM
CVE-2018-1653 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1652 (IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0. ...)
	NOT-FOR-US: IBM
CVE-2018-1651
	RESERVED
CVE-2018-1650 (IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could al ...)
	NOT-FOR-US: IBM
CVE-2018-1649 (IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2018-1648 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic al ...)
	NOT-FOR-US: IBM
CVE-2018-1647 (IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict t ...)
	NOT-FOR-US: IBM
CVE-2018-1646
	RESERVED
CVE-2018-1645
	RESERVED
CVE-2018-1644 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2018-1643 (The Installation Verification Tool of IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM
CVE-2018-1642
	RESERVED
CVE-2018-1641
	RESERVED
CVE-2018-1640 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could ...)
	NOT-FOR-US: IBM
CVE-2018-1639 (The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two  ...)
	NOT-FOR-US: IBM
CVE-2018-1637
	RESERVED
CVE-2018-1636 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
	NOT-FOR-US: IBM
CVE-2018-1635 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
	NOT-FOR-US: IBM
CVE-2018-1634 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1633 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1632 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1631 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1630 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1629
	RESERVED
CVE-2018-1628
	RESERVED
CVE-2018-1627
	RESERVED
CVE-2018-1626 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does  ...)
	NOT-FOR-US: IBM
CVE-2018-1625 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 gener ...)
	NOT-FOR-US: IBM
CVE-2018-1624
	RESERVED
CVE-2018-1623 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allow ...)
	NOT-FOR-US: IBM
CVE-2018-1622 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2018-1621 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1620
	RESERVED
CVE-2018-1619
	RESERVED
CVE-2018-1618 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could ...)
	NOT-FOR-US: IBM
CVE-2018-1617
	RESERVED
CVE-2018-1616
	RESERVED
CVE-2018-1615
	RESERVED
CVE-2018-1614 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malforme ...)
	NOT-FOR-US: IBM
CVE-2018-1613
	RESERVED
CVE-2018-1612 (IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could all ...)
	NOT-FOR-US: IBM
CVE-2018-1611
	RESERVED
CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6 ...)
	NOT-FOR-US: IBM
CVE-2018-1609
	RESERVED
CVE-2018-1608 (IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weak ...)
	NOT-FOR-US: IBM
CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle Mana ...)
	NOT-FOR-US: IBM
CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1603 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1602 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critic ...)
	NOT-FOR-US: IBM
CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker  ...)
	NOT-FOR-US: IBM
CVE-2018-1598
	RESERVED
CVE-2018-1597
	RESERVED
CVE-2018-1596
	RESERVED
CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could al ...)
	NOT-FOR-US: IBM
CVE-2018-1594
	RESERVED
CVE-2018-1593 (IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized  ...)
	NOT-FOR-US: IBM
CVE-2018-1592
	RESERVED
CVE-2018-1591
	RESERVED
CVE-2018-1590
	RESERVED
CVE-2018-1589
	RESERVED
CVE-2018-1588 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1586
	RESERVED
CVE-2018-1585 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1584 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certa ...)
	NOT-FOR-US: IBM
CVE-2018-1582
	RESERVED
CVE-2018-1581
	RESERVED
CVE-2018-1580
	RESERVED
CVE-2018-1579
	RESERVED
CVE-2018-1578
	RESERVED
CVE-2018-1577
	RESERVED
CVE-2018-1576
	RESERVED
CVE-2018-1575
	RESERVED
CVE-2018-1574
	RESERVED
CVE-2018-1573
	RESERVED
CVE-2018-1572
	RESERVED
CVE-2018-1571 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to  ...)
	NOT-FOR-US: IBM
CVE-2018-1570
	RESERVED
CVE-2018-1569
	RESERVED
CVE-2018-1568 (IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally whic ...)
	NOT-FOR-US: IBM
CVE-2018-1567 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow re ...)
	NOT-FOR-US: IBM
CVE-2018-1566 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1565 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1564 (IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could a ...)
	NOT-FOR-US: IBM
CVE-2018-1563 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...)
	NOT-FOR-US: IBM
CVE-2018-1562
	RESERVED
CVE-2018-1561
	RESERVED
CVE-2018-1560 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1559
	RESERVED
CVE-2018-1558 (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6 ...)
	NOT-FOR-US: IBM
CVE-2018-1557 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow ...)
	NOT-FOR-US: IBM
CVE-2018-1552 (IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0  ...)
	NOT-FOR-US: IBM
CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 c ...)
	NOT-FOR-US: IBM
CVE-2018-1550 (IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt o ...)
	NOT-FOR-US: IBM
CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2018-1548 (IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1547 (IBM Robotic Process Automation with Automation Anywhere 10.0 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1546 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker  ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1545 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses wea ...)
	NOT-FOR-US: IBM
CVE-2018-1544 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1543 (IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain s ...)
	NOT-FOR-US: IBM
CVE-2018-1542 (IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foun ...)
	NOT-FOR-US: IBM
CVE-2018-1541 (IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2018-1540
	RESERVED
CVE-2018-1539 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1538
	RESERVED
CVE-2018-1537
	RESERVED
CVE-2018-1536 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1535 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1534 (IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1533 (IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1532 (IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the S ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1531
	RESERVED
CVE-2018-1530
	RESERVED
CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0. ...)
	NOT-FOR-US: IBM Rational DOORS Next Generation
CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2018-1527
	RESERVED
CVE-2018-1526
	RESERVED
CVE-2018-1525 (IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1524 (IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default  ...)
	NOT-FOR-US: IBM
CVE-2018-1523 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2018-1522 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1521 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are  ...)
	NOT-FOR-US: IBM
CVE-2018-1520
	RESERVED
CVE-2018-1519
	RESERVED
CVE-2018-1518 (IBM InfoSphere Information Server 11.7 is affected by a weak password  ...)
	NOT-FOR-US: IBM
CVE-2018-1517 (A flaw in the java.math component in IBM SDK, Java Technology Edition  ...)
	NOT-FOR-US: IBM JDK
CVE-2018-1516
	RESERVED
CVE-2018-1515 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
	NOT-FOR-US: IBM
CVE-2018-1514 (IBM Robotic Process Automation with Automation Anywhere 10.0 is vulner ...)
	NOT-FOR-US: IBM
CVE-2018-1513 (IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vu ...)
	NOT-FOR-US: IBM
CVE-2018-1512
	RESERVED
CVE-2018-1511
	RESERVED
CVE-2018-1510
	RESERVED
CVE-2018-1509 (IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly ...)
	NOT-FOR-US: IBM
CVE-2018-1508
	RESERVED
CVE-2018-1507 (IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2018-1506
	RESERVED
CVE-2018-1505 (IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored ...)
	NOT-FOR-US: IBM
CVE-2018-1504 (IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1503 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticate ...)
	NOT-FOR-US: IBM
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5  ...)
	NOT-FOR-US: IBM
CVE-2018-1501
	RESERVED
CVE-2018-1500
	RESERVED
CVE-2018-1499
	RESERVED
CVE-2018-1498 (IBM Security Guardium EcoSystem 10.5 stores user credentials in plain  ...)
	NOT-FOR-US: IBM
CVE-2018-1497
	RESERVED
CVE-2018-1496 (IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnera ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1495 (IBM FlashSystem V840 and V900 products could allow an authenticated at ...)
	NOT-FOR-US: IBM
CVE-2018-1494 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1493
	RESERVED
CVE-2018-1492 (IBM Jazz Foundation products could allow a user with physical access t ...)
	NOT-FOR-US: IBM
CVE-2018-1491
	RESERVED
CVE-2018-1490
	RESERVED
CVE-2018-1489
	RESERVED
CVE-2018-1488 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
	NOT-FOR-US: IBM
CVE-2018-1487 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1486
	RESERVED
CVE-2018-1485 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does no ...)
	NOT-FOR-US: IBM
CVE-2018-1484 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does no ...)
	NOT-FOR-US: IBM
CVE-2018-1483 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1482
	RESERVED
CVE-2018-1481 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores  ...)
	NOT-FOR-US: IBM
CVE-2018-1480 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does no ...)
	NOT-FOR-US: IBM
CVE-2018-1479 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request fo ...)
	NOT-FOR-US: IBM
CVE-2018-1478 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could a ...)
	NOT-FOR-US: IBM
CVE-2018-1477
	RESERVED
CVE-2018-1476 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 disclos ...)
	NOT-FOR-US: IBM
CVE-2018-1475 (IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout set ...)
	NOT-FOR-US: IBM
CVE-2018-1474 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vuln ...)
	NOT-FOR-US: IBM
CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1472
	RESERVED
CVE-2018-1471
	REJECTED
CVE-2018-1470 (IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote aut ...)
	NOT-FOR-US: IBM
CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow a ...)
	NOT-FOR-US: IBM API Connect Developer Portal
CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access t ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1467 (The IBM Storwize V7000 Unified management Web interface 1.6 exposes in ...)
	NOT-FOR-US: IBM
CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1464 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1463 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1460 (IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1458 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1457 (An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1456 (IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2018-1455 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is v ...)
	NOT-FOR-US: IBM
CVE-2018-1454 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a r ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1453 (IBM Security Identity Manager Virtual Appliance 7.0 allows an authenti ...)
	NOT-FOR-US: IBM
CVE-2018-1452 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1451 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1450 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1449 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1446
	RESERVED
CVE-2018-1445 (IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1444 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on (SS ...)
	NOT-FOR-US: IBM
CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring Agen ...)
	NOT-FOR-US: IBM
CVE-2018-1441 (IBM Application Performance Management - Response Time Monitoring Agen ...)
	NOT-FOR-US: IBM
CVE-2018-1440 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1439 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary cod ...)
	NOT-FOR-US: IBM
CVE-2018-1436
	RESERVED
CVE-2018-1435 (IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remot ...)
	NOT-FOR-US: IBM
CVE-2018-1434 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnera ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2. ...)
	NOT-FOR-US: IBM
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11 ...)
	NOT-FOR-US: IBM
CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11 ...)
	NOT-FOR-US: IBM
CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11 ...)
	NOT-FOR-US: IBM
CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker t ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1424 (IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML E ...)
	NOT-FOR-US: IBM
CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to a ...)
	NOT-FOR-US: IBM
CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 t ...)
	NOT-FOR-US: IBM
CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7. ...)
	NOT-FOR-US: IBM WebSphere DataPower Appliances
CVE-2018-1420 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control sett ...)
	NOT-FOR-US: IBM
CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for  ...)
	NOT-FOR-US: IBM
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass auth ...)
	NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Techn ...)
	NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1413 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2018-1412
	RESERVED
CVE-2018-1411 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) co ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1410 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) co ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1409 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) co ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1408 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are  ...)
	NOT-FOR-US: IBM
CVE-2018-1407 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are  ...)
	NOT-FOR-US: IBM
CVE-2018-1406
	RESERVED
CVE-2018-1405 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1404 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1403 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1402
	RESERVED
CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1400
	RESERVED
CVE-2018-1399 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5 and 5.0 i ...)
	NOT-FOR-US: IBM Daeja ViewONE Professional
CVE-2018-1398 (IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2018-1397
	RESERVED
CVE-2018-1396 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2018-1395 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1394 (Multiple IBM Rational products are vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for Multi-Platfor ...)
	NOT-FOR-US: IBM
CVE-2018-1389 (IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopB ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies betwe ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1387 (IBM Application Performance Management for Monitoring &amp; Diagnostic ...)
	NOT-FOR-US: IBM
CVE-2018-1386 (IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9. ...)
	NOT-FOR-US: IBM
CVE-2018-1385
	RESERVED
CVE-2018-1384 (IBM Business Process Manager 8.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7 ...)
	NOT-FOR-US: AIX
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vu ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1381
	RESERVED
CVE-2018-1380 (IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, ...)
	NOT-FOR-US: IBM
CVE-2018-1379
	RESERVED
CVE-2018-1378
	RESERVED
CVE-2018-1377 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user c ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1376 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2018-1375 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not rene ...)
	NOT-FOR-US: IBM
CVE-2018-1374 (An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7 ...)
	NOT-FOR-US: IBM
CVE-2018-1373 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inade ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not requ ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1371 (An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1370 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies per ...)
	NOT-FOR-US: IBM
CVE-2018-1369 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensit ...)
	NOT-FOR-US: IBM
CVE-2018-1368 (IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 coul ...)
	NOT-FOR-US: IBM Security Guardium Database Activity Monitor
CVE-2018-1367
	RESERVED
CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Val ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1365
	RESERVED
CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Enti ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0 ...)
	NOT-FOR-US: IBM Jazz Reporting Service
CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 wit ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04  ...)
	NOT-FOR-US: Panda Global Protection
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44  ...)
	NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in t ...)
	{DLA-1785-1 DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f6ca1441a5260165dabc627d26f60c32af1d5678
	NOTE: different fix: https://github.com/ImageMagick/ImageMagick/commit/73d59a74e0b0a864c1a9581b8a4bdbee427125e2
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/edf1b9408492b97cd08111a0a9cb123f6391dc5b
	NOTE: different fix for IM-6: https://github.com/ImageMagick/ImageMagick/commit/cae42160e5ab6de4b2a9433267e143ce295ae957
	NOTE: The fix involves all done changes on the relevant part of coders/psd.c between
	NOTE: (and including) edf1b9408492b97cd08111a0a9cb123f6391dc5b and cae42160e5ab6de4b2a9433267e143ce295ae957 .
CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/873
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/69601843684dd038a8397e1a12dd15777d2513bf
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9
CVE-2017-17679
	RESERVED
CVE-2017-17678
	RESERVED
CVE-2017-17677
	RESERVED
CVE-2017-17676
	RESERVED
CVE-2017-17675
	RESERVED
CVE-2017-17674
	RESERVED
CVE-2017-17673
	RESERVED
CVE-2017-17672 (In vBulletin through 5.3.x, there is an unauthenticated deserializatio ...)
	NOT-FOR-US: vBulletin
CVE-2017-17671 (vBulletin through 5.3.x on Windows allows remote PHP code execution be ...)
	NOT-FOR-US: vBulletin
CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conversion ...)
	{DSA-4203-1}
	- vlc 3.0.0~rc2-1
	[jessie] - vlc <end-of-life> (See DSA-4203-1)
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/15/1
	NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
CVE-2017-17669 (There is a heap-based buffer over-read in the Exiv2::Internal::PngChun ...)
	- exiv2 0.27.2-6 (bug #886006)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/187
CVE-2017-17668 (Memory write mechanism in NCR S1 Dispenser controller before firmware  ...)
	NOT-FOR-US: NCR S1 Dispenser controller
CVE-2017-17667
	RESERVED
CVE-2017-17666
	RESERVED
CVE-2017-17665 (In Octopus Deploy before 4.1.3, the machine update process doesn't che ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x befor ...)
	- asterisk 1:13.18.5~dfsg-1 (bug #884345)
	[stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
	[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
	[wheezy] - asterisk <not-affected> (Vulnerable code introduced later)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-012.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27382
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27429
CVE-2017-17663 (The htpasswd implementation of mini_httpd before v1.28 and of thttpd b ...)
	- mini-httpd <unfixed> (unimportant)
	- thttpd <removed> (unimportant)
	NOTE: http://acme.com/updates/archive/199.html
CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 d ...)
	NOT-FOR-US: Yawcam
CVE-2017-17661
	RESERVED
CVE-2017-17660
	RESERVED
CVE-2017-17659 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17658 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17657 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17654 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17651 (Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17650
	RESERVED
CVE-2017-17649 (Readymade Video Sharing Script 3.2 has HTML Injection via the single-v ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_resu ...)
	NOT-FOR-US: Entrepreneur Dating Script
CVE-2017-17647
	RESERVED
CVE-2017-17646
	RESERVED
CVE-2017-17645 (Bus Booking Script 1.0 has SQL Injection via the txtname parameter to  ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17644
	RESERVED
CVE-2017-17643 (FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tut ...)
	NOT-FOR-US: FS Lynda Clone
CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword paramete ...)
	NOT-FOR-US: Basic Job Site Script
CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the preview.php id par ...)
	NOT-FOR-US: Resume Clone Script
CVE-2017-17640 (Advanced World Database 2.0.5 has SQL Injection via the city.php count ...)
	NOT-FOR-US: Advanced World Database
CVE-2017-17639 (Muslim Matrimonial Script 3.02 has SQL Injection via the success-story ...)
	NOT-FOR-US: Muslim Matrimonial Script
CVE-2017-17638 (Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php stat ...)
	NOT-FOR-US: Groupon Clone Script
CVE-2017-17637 (Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val ...)
	NOT-FOR-US: Car Rental Script
CVE-2017-17636 (MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newi ...)
	NOT-FOR-US: MLM Forced Matrix
CVE-2017-17635 (MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_deta ...)
	NOT-FOR-US: MLM Forex Market Plan Script
CVE-2017-17634 (Single Theater Booking Script 3.2.1 has SQL Injection via the findcity ...)
	NOT-FOR-US: Single Theater Booking Script
CVE-2017-17633 (Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the ...)
	NOT-FOR-US: Multiplex Movie Theater Booking Script
CVE-2017-17632 (Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Inject ...)
	NOT-FOR-US: Responsive Events And Movie Ticket Booking Script
CVE-2017-17631 (Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the s ...)
	NOT-FOR-US: Multireligion Responsive Matrimonial
CVE-2017-17630 (Yoga Class Script 1.0 has SQL Injection via the /list city parameter. ...)
	NOT-FOR-US: Yoga Class Script
CVE-2017-17629 (Secure E-commerce Script 2.0.1 has SQL Injection via the category.php  ...)
	NOT-FOR-US: Secure E-commerce Script
CVE-2017-17628 (Responsive Realestate Script 3.2 has SQL Injection via the property-li ...)
	NOT-FOR-US: Responsive Realestate Script
CVE-2017-17627 (Readymade Video Sharing Script 3.2 has SQL Injection via the single-vi ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17626 (Readymade PHP Classified Script 3.3 has SQL Injection via the /categor ...)
	NOT-FOR-US: Readymade PHP Classified Script
CVE-2017-17625 (Professional Service Script 1.0 has SQL Injection via the service-list ...)
	NOT-FOR-US: Professional Service Script
CVE-2017-17624 (PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail. ...)
	NOT-FOR-US: PHP Multivendor Ecommerce
CVE-2017-17623 (Opensource Classified Ads Script 3.2 has SQL Injection via the advance ...)
	NOT-FOR-US: Opensource Classified Ads Script
CVE-2017-17622 (Online Exam Test Application Script 1.6 has SQL Injection via the exam ...)
	NOT-FOR-US: Online Exam Test Application Script
CVE-2017-17621 (Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the P ...)
	NOT-FOR-US: Multivendor Penny Auction Clone Script
CVE-2017-17620 (Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city p ...)
	NOT-FOR-US: Lawyer Search Script
CVE-2017-17619 (Laundry Booking Script 1.0 has SQL Injection via the /list city parame ...)
	NOT-FOR-US: Laundry Booking Script
CVE-2017-17618 (Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php  ...)
	NOT-FOR-US: Kickstarter Clone Script
CVE-2017-17617 (Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.ph ...)
	NOT-FOR-US: Foodspotting Clone Script
CVE-2017-17616 (Event Search Script 1.0 has SQL Injection via the /event-list city par ...)
	NOT-FOR-US: Event Search Script
CVE-2017-17615 (Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php ...)
	NOT-FOR-US: Facebook Clone Script
CVE-2017-17614 (Food Order Script 1.0 has SQL Injection via the /list city parameter. ...)
	NOT-FOR-US: Food Order Script
CVE-2017-17613 (Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.ph ...)
	NOT-FOR-US: Freelance Website Script
CVE-2017-17612 (Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or ...)
	NOT-FOR-US: Hot Scripts Clone
CVE-2017-17611 (Doctor Search Script 1.0 has SQL Injection via the /list city paramete ...)
	NOT-FOR-US: Doctor Search Script
CVE-2017-17610 (E-commerce MLM Software 1.0 has SQL Injection via the service_detail.p ...)
	NOT-FOR-US: E-commerce MLM Software
CVE-2017-17609 (Chartered Accountant Booking Script 1.0 has SQL Injection via the /ser ...)
	NOT-FOR-US: Chartered Accountant Booking Script
CVE-2017-17608 (Child Care Script 1.0 has SQL Injection via the /list city parameter. ...)
	NOT-FOR-US: Child Care Script
CVE-2017-17607 (CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-d ...)
	NOT-FOR-US: CMS Auditor Website
CVE-2017-17606 (Co-work Space Search Script 1.0 has SQL Injection via the /list city p ...)
	NOT-FOR-US: Co-work Space Search Script
CVE-2017-17605 (Consumer Complaints Clone Script 1.0 has SQL Injection via the other-u ...)
	NOT-FOR-US: Consumer Complaints Clone Script
CVE-2017-17604 (Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker ...)
	NOT-FOR-US: Entrepreneur Bus Booking Script
CVE-2017-17603 (Advanced Real Estate Script 4.0.7 has SQL Injection via the search-res ...)
	NOT-FOR-US: Advanced Real Estate Script
CVE-2017-17602 (Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-deta ...)
	NOT-FOR-US: Advance B2B Script
CVE-2017-17601 (Cab Booking Script 1.0 has SQL Injection via the /service-list city pa ...)
	NOT-FOR-US: Cab Booking Script
CVE-2017-17600 (Basic B2B Script 2.0.8 has SQL Injection via the product_details.php i ...)
	NOT-FOR-US: Basic B2B Script
CVE-2017-17599 (Advance Online Learning Management Script 3.1 has SQL Injection via th ...)
	NOT-FOR-US: Advance Online Learning Management Script
CVE-2017-17598 (Affiliate MLM Script 1.0 has SQL Injection via the product-category.ph ...)
	NOT-FOR-US: Affiliate MLM Script
CVE-2017-17597 (Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php s ...)
	NOT-FOR-US: Nearbuy Clone Script
CVE-2017-17596 (Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsear ...)
	NOT-FOR-US: Entrepreneur Job Portal Script
CVE-2017-17595 (Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gend ...)
	NOT-FOR-US: Beauty Parlour Booking Script
CVE-2017-17594 (DomainSale PHP Script 1.0 has SQL Injection via the domain.php id para ...)
	NOT-FOR-US: DomainSale PHP Script
CVE-2017-17593 (Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_pr ...)
	NOT-FOR-US: Simple Chatting System
CVE-2017-17592 (Website Auction Marketplace 2.0.5 has SQL Injection via the search.php ...)
	NOT-FOR-US: Website Auction Marketplace
CVE-2017-17591 (Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single- ...)
	NOT-FOR-US: Realestate Crowdfunding Script
CVE-2017-17590 (FS Stackoverflow Clone 1.0 has SQL Injection via the /question keyword ...)
	NOT-FOR-US: FS Stackoverflow Clone
CVE-2017-17589 (FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php c ...)
	NOT-FOR-US: FS Thumbtack Clone
CVE-2017-17588 (FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvs ...)
	NOT-FOR-US: FS IMDB Clone
CVE-2017-17587 (FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token  ...)
	NOT-FOR-US: FS Indiamart Clone
CVE-2017-17586 (FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter  ...)
	NOT-FOR-US: FS Olx Clone
CVE-2017-17585 (FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id ...)
	NOT-FOR-US: FS Monster Clone
CVE-2017-17584 (FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.p ...)
	NOT-FOR-US: FS Makemytrip Clone
CVE-2017-17583 (FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords ...)
	NOT-FOR-US: FS Shutterstock Clone
CVE-2017-17582 (FS Grubhub Clone 1.0 has SQL Injection via the /food keywords paramete ...)
	NOT-FOR-US: FS Grubhub Clone
CVE-2017-17581 (FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid pa ...)
	NOT-FOR-US: FS Quibids Clone
CVE-2017-17580 (FS Linkedin Clone 1.0 has SQL Injection via the group.php grid paramet ...)
	NOT-FOR-US: FS Linkedin Clone
CVE-2017-17579 (FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parame ...)
	NOT-FOR-US: FS Freelancer Clone
CVE-2017-17578 (FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_detai ...)
	NOT-FOR-US: FS Crowdfunding Script
CVE-2017-17577 (FS Trademe Clone 1.0 has SQL Injection via the search_item.php search  ...)
	NOT-FOR-US: FS Trademe Clone
CVE-2017-17576 (FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat p ...)
	NOT-FOR-US: FS Gigs Script
CVE-2017-17575 (FS Groupon Clone 1.0 has SQL Injection via the item_details.php id par ...)
	NOT-FOR-US: FS Groupon Clone
CVE-2017-17574 (FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or j ...)
	NOT-FOR-US: FS Care Clone
CVE-2017-17573 (FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter,  ...)
	NOT-FOR-US: FS Ebay Clone
CVE-2017-17572 (FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. ...)
	NOT-FOR-US: FS Amazon Clone
CVE-2017-17571 (FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parame ...)
	NOT-FOR-US: FS Foodpanda Clone
CVE-2017-17570 (FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.ph ...)
	NOT-FOR-US: FS Expedia Clone
CVE-2017-17569 (Scubez Posty Readymade Classifieds has XSS via the admin/user_activate ...)
	NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17568 (Scubez Posty Readymade Classifieds has Incorrect Access Control for vi ...)
	NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the admin/use ...)
	NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is  ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute arbi ...)
	NOT-FOR-US: SeaCMS
CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.172 dev ...)
	NOT-FOR-US: Western Digital MyCloud
CVE-2017-17559
	RESERVED
CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS user ...)
	{DSA-4112-1 DLA-1549-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-251.html
CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users t ...)
	{DSA-4112-1 DLA-1549-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-250.html
CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users t ...)
	{DSA-4112-1 DLA-1549-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-249.html
CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS user ...)
	{DSA-4112-1 DLA-1549-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
	NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
CVE-2017-17557 (In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exi ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-17556 (A debug tool in Synaptics TouchPad drivers allows local users with adm ...)
	NOT-FOR-US: debug tool in Synaptics TouchPad drivers
CVE-2017-17555 (The swri_audio_convert function in audioconvert.c in FFmpeg libswresam ...)
	- aubio 0.4.6-1 (low; bug #884232)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	[wheezy] - aubio <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/aubio/aubio/commit/265fe9a2ca606f8b9ae4a110390f26c139c01ad7
	NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
	NOTE: aubio initializes libswresample with 2 channels and then passes data
	NOTE: that contains just one channel. Not an issue in src:ffmpeg.
	NOTE: https://github.com/aubio/aubio/issues/137
CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the functi ...)
	- aubio 0.4.6-1 (low; bug #884237)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	[wheezy] - aubio <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/aubio/aubio/commit/a81b12a3b4174953b3bc7ef4c37103f4d5636740
	NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md
	NOTE: https://github.com/aubio/aubio/issues/137
CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsin ...)
	NOT-FOR-US: Dolphin Browser for Android
CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allo ...)
	NOT-FOR-US: Zoho ManageEngine AD Manager Plus
CVE-2018-1360 (A cleartext transmission of sensitive information vulnerability in For ...)
	NOT-FOR-US: Fortinet
CVE-2018-1359
	RESERVED
CVE-2018-1358
	RESERVED
CVE-2018-1357
	RESERVED
CVE-2018-1356 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
	NOT-FOR-US: Fortinet FortiSandbox
CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 a ...)
	NOT-FOR-US: Fortinet
CVE-2018-1354 (An improper access control vulnerability in Fortinet FortiManager 6.0. ...)
	NOT-FOR-US: Fortinet
CVE-2018-1353 (An information disclosure vulnerability in Fortinet FortiManager 6.0.1 ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2018-1352 (A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacke ...)
	NOT-FOR-US: Fortinet
CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6. ...)
	NOT-FOR-US: Fortinet
CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android  ...)
	NOT-FOR-US: Dolphin Browser for Android
CVE-2017-17550 (ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a C ...)
	NOT-FOR-US: ZyXEL
CVE-2017-17549 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2017-17548
	RESERVED
CVE-2017-17547
	RESERVED
CVE-2017-17546
	RESERVED
CVE-2017-17545
	RESERVED
CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in Fortin ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2017-17542
	RESERVED
CVE-2017-17541 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6. ...)
	NOT-FOR-US: Fortinet
CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows  ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and ea ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denial of s ...)
	NOT-FOR-US: MikroTik
CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated rem ...)
	NOT-FOR-US: MikroTik
CVE-2018-1350 (The NetIQ Identity Manager driver log file, in versions prior to 4.7,  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1349 (The NetIQ Identity Manager driver log file, in versions prior to 4.7,  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1348 (NetIQ Identity Manager driver, in versions prior to 4.7, allows for an ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to  ...)
	NOT-FOR-US: NetIQ
CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to 9.1 ...)
	NOT-FOR-US: NetIQ
CVE-2018-1345 (NetIQ iManager, versions prior to 3.1, under some circumstances could  ...)
	NOT-FOR-US: NetIQ
CVE-2018-1344 (Addresses potential communication downgrade attack in NetIQ iManager v ...)
	NOT-FOR-US: NetIQ
CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
	NOT-FOR-US: NetIQ
CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload f ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-1341
	RESERVED
CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and --debugg ...)
	- phabricator <unfixed> (unimportant)
	NOTE: Fixed by: https://github.com/phacility/phabricator/commit/a7921a4448093d00defa8bd18f35b8c8f8bf3314
	NOTE: Starting with 0~git20160726-3 the Phabricator package is not built
	NOTE: The issue is unfixed in the source up to 0~git20170812-1
	NOTE: Fixed in 0~git20171202-1 (not yet accepted from NEW)
CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...)
	- gjots2 <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before launchi ...)
	- mensis <removed> (unimportant)
	NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings be ...)
	NOTE: Originally assigned for src:tkabber
	NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
	NOTE: TCL's exec call does not involve the shell. It does its own argument parsing
	NOTE: which safely forwards the content of any variable. No command injection is
	NOTE: thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
	NOTE: MITRE only considers this as DISPUTED rather than fully REJECT The CVE.
CVE-2017-17532 (examples/framework/news/news3.py in Kiwi 1.9.22 does not validate stri ...)
	- kiwi <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/kiwi/1.9.22-4/examples/framework/news/news3.py/?hl=88#L88
	NOTE: Only in examples code, negligible impact
CVE-2017-17531 (gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launchi ...)
	- global 6.6.1-1 (unimportant; bug #884912)
	[stretch] - global 6.5.6-2+deb9u1
	NOTE: https://sources.debian.org/src/global/4.8.6-2/gozilla/gozilla.c/#L269
CVE-2017-17530 (common/help.c in Geomview 1.9.5 does not validate strings before launc ...)
	- geomview <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83
CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...)
	- abiword <unfixed> (unimportant; bug #884923)
	NOTE: Non-issue, nothing exploitable, should be rejected
CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not valida ...)
	- scummvm <unfixed> (unimportant)
	[wheezy] - scummvm <not-affected> (Vulnerable code not there)
	NOTE: https://sources.debian.org/src/scummvm/1.9.0+dfsg-2/backends/platform/sdl/posix/posix.cpp/?hl=274#L274
CVE-2017-17527 (** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does n ...)
	- pasdoc 0.15.0-1 (unimportant)
	NOTE: https://sources.debian.org/src/pasdoc/0.14.0-1/source/delphi_gui/WWWBrowserRunnerDM.pas/?hl=63#L63
	NOTE: Marked as unimportant since issue in unused code. MITRE marks CVE as
	NOTE: disputed.
CVE-2017-17526 (Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings be ...)
	- giac <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/giac/1.2.3.57+dfsg1-2/src/Input.cc/?hl=68#L77
CVE-2017-17525 (guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate st ...)
	- postbooks <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/postbooks/4.7.0-3/guiclient/guiclient.cpp/?hl=1610#L1610
CVE-2017-17524 (library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings b ...)
	- swi-prolog <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68
	NOTE: In wheezy it is technically possible to trigger an argument injection
	NOTE: vulnerability however it is quoted in an unusual way which makes it highly
	NOTE: unlikely that it going to be.
CVE-2017-17523 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings b ...)
	- lilypond 2.18.2-12 (bug #884136)
	[jessie] - lilypond <no-dsa> (Minor issue)
	[wheezy] - lilypond <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not vali ...)
	- jython <unfixed> (unimportant)
	[wheezy] - jython <not-affected> (Vulnerable code is not provided in the binary package)
	- python2.6 <removed> (unimportant)
	- python2.7 <unfixed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python3.4 <removed> (unimportant)
	- python3.5 <removed> (unimportant)
	- python3.6 <removed> (unimportant)
	- python3.7 <removed> (unimportant)
	NOTE: Lib/webbrowser.py does not validate strings before launching the program
	NOTE: specified by the BROWSER environment variable.
	NOTE: https://bugs.python.org/issue32367
	NOTE: Hardly an issue with security impact, as the problematic code further relies
	NOTE: on subprocess.Popen with the default shell=False.
CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings befor ...)
	- fontforge <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate str ...)
	- tin <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
	NOTE: Documentation has a clear SECURITY section mentioning that [...] url_handler
	NOTE: does not try hard to shell escape its input nor does it convert relative URLs
	NOTE: into abosulte ones. If you use url_handler.pl from other applications be sure to
	NOTE: at least shell escaped its input.
CVE-2017-17519 (batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries)  ...)
	- ocaml-batteries <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/ocaml-batteries/2.6.0-1/src/batteriesConfig.mlp/?hl=23#L23
CVE-2017-17518 (** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30. ...)
	- whitedune <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/whitedune/0.30.10-2.1/src/swt/motif/browser.c/?hl=159#L214
CVE-2017-17517 (libsylph/utils.c in Sylpheed through 3.6 does not validate strings bef ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/sylpheed/3.5.1-1/libsylph/utils.c/?hl=4292#L4292
CVE-2017-17516 (scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 d ...)
	- rtv <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/rtv/1.20.0+dfsg-1/scripts/inspect_webbrowser.py/
CVE-2017-17515 (** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strin ...)
	- metview <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/metview/4.7.2-3/share/metview/etc/ObjectList/?hl=2857#L2857
CVE-2017-17514 (** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before  ...)
	- nip2 <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/nip2/8.4.0-1/src/boxes.c/?hl=727#L727
CVE-2017-17513 (TeX Live through 20170524 does not validate strings before launching t ...)
	- texlive-base <unfixed> (unimportant)
	[wheezy] - texlive-base <not-affected> (Vulnerable code do not exist)
	- texlive-bin <unfixed> (unimportant)
	[wheezy] - texlive-bin <not-affected> (Vulnerable code do not exist)
	- context <unfixed> (unimportant)
	[wheezy] - context <not-affected> (Vulnerable code do not exist)
	NOTE: https://sources.debian.org/src/texlive-base/2017.20171128-1/texmf-dist/tex/luatex/lualibs/lualibs-os.lua/#L153
	NOTE: https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004
	NOTE: https://sources.debian.org/src/context/2017.05.15.20170613-2/texmf-dist/scripts/context/stubs/mswin/mtxrun.lua/?hl=3424#L3424
CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not validate str ...)
	{DSA-4071-1 DLA-1209-1}
	- sensible-utils 0.0.11 (bug #881767)
	NOTE: https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the progra ...)
	{DLA-1210-1}
	- kildclient 3.2.0-1 (bug #885007)
	[stretch] - kildclient 3.1.0-1+deb9u1
	[jessie] - kildclient <no-dsa> (Minor issue)
	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
CVE-2017-17510
	RESERVED
CVE-2017-17509 (In HDF5 1.10.1, there is an out of bounds write vulnerability in the f ...)
	- hdf5 1.10.4+repack-1 (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/5-hdf5-heap-overflow-H5G__ent_decode_vec
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2636f401ba236e99adda4cc50fb89bebbe0b73fd
CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the functio ...)
	- hdf5 1.10.4+repack-1 (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/1-hdf5-divbyzero-H5T_set_loc
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/0a7128c0d5bd035288be7b02ca9cf9bba321aadd
CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...)
	- hdf5 <unfixed> (low; bug #915807)
	[buster] - hdf5 <no-dsa> (Minor issue, requires ABI change)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
	NOTE: Fixing the bug requires an ABI changes thus upstream will only include a fix
	NOTE: on a major version bump.
CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...)
	- hdf5 1.10.4+repack-1 (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/4-hdf5-outbound-read-H5Opline_pline_decode
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/b1a6873b1021c967b661727edae9de87d194f744
CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the function H5 ...)
	- hdf5 1.10.4+repack-1 (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7e3f95679677db07a5cc606f5edfb723ea56d04e
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_pro ...)
	{DSA-4204-1 DSA-4074-1 DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #885340)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/59c49559e302e06bfba46cb6feb4e39adbe675b6
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/fb89192c4ca1600741af79dd22166a7d91e76924
CVE-2017-17503 (ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/i ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/522/
CVE-2017-17502 (ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/i ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/521/
CVE-2017-17501 (WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-b ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/526/
CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/imp ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-fr ...)
	{DSA-4074-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #885339)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1
CVE-2017-17498 (WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote a ...)
	{DSA-4321-1 DLA-1401-1 DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/525/
CVE-2017-17497 (In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows a ...)
	- tidy-html5 2:5.6.0-3
	[stretch] - tidy-html5 <not-affected> (Vulnerable code introduced after 5.6.0)
	- tidy <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/htacg/tidy-html5/issues/656
	NOTE: https://github.com/htacg/tidy-html5/commit/a111d7a9691953f903ffa1fdbc3762dec22fc215
	NOTE: Issue originally never in DEbian because teh vulnerable code was
	NOTE: introduced in 5.6.0. But with the 2:5.6.0-1 upload the package got
	NOTE: vulnerable and needed a targeted fix via 2:5.6.0-3 upload.
CVE-2017-17496
	REJECTED
CVE-2017-17495
	RESERVED
CVE-2017-17494
	RESERVED
CVE-2017-17493
	RESERVED
CVE-2017-17492
	RESERVED
CVE-2017-17491
	RESERVED
CVE-2017-17490
	RESERVED
CVE-2017-17489
	RESERVED
CVE-2017-17488
	RESERVED
CVE-2017-17487
	RESERVED
CVE-2017-17486
	RESERVED
CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allo ...)
	{DSA-4114-1}
	- jackson-databind 2.9.4-1 (bug #888318)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Compone ...)
	- icu <not-affected> (Vulnerable code not present, only experimental was ever affected and fixed in 60.2-1)
	NOTE: https://ssl.icu-project.org/trac/ticket/13510
	NOTE: https://ssl.icu-project.org/trac/ticket/13490
	NOTE: Fixed by: https://ssl.icu-project.org/trac/changeset/40714
	NOTE: Testcase: https://ssl.icu-project.org/trac/changeset/40715
	NOTE: POC: https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.2.cpp
	NOTE: Introduced by https://ssl.icu-project.org/trac/changeset/40455/
CVE-2017-17483
	RESERVED
CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and throu ...)
	NOT-FOR-US: OpenVMS
CVE-2017-17481
	RESERVED
CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
	{DSA-4405-1 DLA-1579-1}
	- openjpeg2 2.3.0-2 (bug #884738)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
	NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
	NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega Pla ...)
	NOT-FOR-US: Pegasystems Pega Platform
CVE-2017-17477
	RESERVED
CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17473 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17472 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17471 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17470 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17469 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17468 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privile ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17467 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17466 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privile ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17465 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer de ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17464 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer de ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17463 (Vivo modems allow remote attackers to obtain sensitive information by  ...)
	NOT-FOR-US: Vivo modems
CVE-2017-17462
	RESERVED
CVE-2017-17461
	REJECTED
CVE-2017-17460
	RESERVED
CVE-2018-1340 (Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage ...)
	- guacamole-client <unfixed> (bug #920796)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
	- guacamole <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/24/2
	NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-549
	NOTE: https://github.com/apache/guacamole-client/pull/273
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/02/1
CVE-2018-1339 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
	- tika 1.18-1 (low; bug #900000)
	[jessie] - tika <ignored> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/7
CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
	- tika 1.18-1
	[jessie] - tika <not-affected> (BGP parser introduced in 1.7)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
CVE-2018-1337 (In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Fi ...)
	NOT-FOR-US: Apache LDAP API
CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with supplementar ...)
	{DSA-4281-1 DLA-1491-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.31-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	[jessie] - tomcat7 7.0.56-3+really7.0.88-1
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1830373 (9.0.x)
	NOTE: https://svn.apache.org/r1830374 (8.5.x)
	NOTE: https://svn.apache.org/r1830375 (8.0.x)
	NOTE: https://svn.apache.org/r1830376 (7.0.x)
CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully cr ...)
	- tika 1.18-1
	[jessie] - tika <not-affected> (Server functionality not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using  ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-1333 (By specially crafting HTTP/2 requests, workers would be allocated 60 s ...)
	- apache2 2.4.34-1 (bug #904106)
	[stretch] - apache2 2.4.25-3+deb9u6
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: Affects 2.4.18-2.4.33
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/1
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
	NOT-FOR-US: Apache Storm
CVE-2018-1331 (In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 thro ...)
	NOT-FOR-US: Apache Storm
CVE-2018-1330 (When parsing a malformed JSON payload, libprocess in Apache Mesos vers ...)
	- apache-mesos <itp> (bug #760315)
CVE-2018-1329
	REJECTED
CVE-2018-1328 (Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permiss ...)
	NOT-FOR-US: Apache Zeppelin
CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is vulner ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-056
CVE-2018-1326
	REJECTED
CVE-2018-1325 (In Apache wicket-jquery-ui &lt;= 6.29.0, &lt;= 7.10.1, &lt;= 8.0.0-M9. ...)
	NOT-FOR-US: Wicket jQuery UI
CVE-2018-1324 (A specially crafted ZIP archive can be used to cause an infinite loop  ...)
	- libcommons-compress-java 1.13-2 (bug #893174)
	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
	[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	[wheezy] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=blobdiff;f=src/main/java/org/apache/commons/compress/archivers/zip/X0017_StrongEncryptionHeader.java;h=acc3b22346b49845e85b5ef27a5814b69e834139;hp=0feb9c98cc622cde1defa3bbd268ef82b4ae5c18;hb=2a2f1dc48e22a34ddb72321a4db211da91aa933b;hpb=dcb0486fb4cb2b6592c04d6ec2edbd3f690df5f2
	NOTE: https://issues.apache.org/jira/browse/COMPRESS-432
CVE-2018-1323 (The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1. ...)
	- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific issue)
	NOTE: http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.43
	NOTE: Fixed by: http://svn.apache.org/r1825658
CVE-2018-1322 (An administrator with user search entitlements in Apache Syncope 1.2.x ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-1321 (An administrator with report and template entitlements in Apache Synco ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 can by ...)
	{DLA-1662-1}
	- libthrift-java 0.9.1-2.1 (bug #918736)
	[stretch] - libthrift-java 0.9.1-2.1~deb9u1
	NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
	NOTE: https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause H ...)
	NOT-FOR-US: Apache Allura
CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the user  ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
	NOTE: https://github.com/apache/trafficserver/pull/3195
	NOTE: https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3
CVE-2018-1317 (In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by de ...)
	NOT-FOR-US: Apache Zeppelin
CVE-2018-1316 (The ODE process deployment web service was sensible to deployment mess ...)
	NOT-FOR-US: Apache ODE
CVE-2018-1315 (In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run u ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1314 (In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network pac ...)
	- derby 10.14.2.0-1
	[jessie] - derby <no-dsa> (Minor issue)
	[stretch] - derby <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/05/1
CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authen ...)
	{DSA-4164-1 DLA-1389-1}
	- apache2 2.4.33-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-fre ...)
	- xerces-c <unfixed> (bug #947431)
	[jessie] - xerces-c <postponed> (slow upstream interest, proper fix likely to break ABI compatibility)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
	NOTE: https://issues.apache.org/jira/browse/XERCESC-2188
	NOTE: http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm (fix with memory leak)
	NOTE: Mitigation by setting the XERCES_DISABLE_DTD environment variable
CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client vulne ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 rela ...)
	{DSA-4194-1 DLA-1360-1}
	- lucene-solr 3.6.2+dfsg-12 (bug #896604)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3
	NOTE: https://issues.apache.org/jira/browse/SOLR-11971
	NOTE: master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
	NOTE: branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
	NOTE: branch_6_6: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/dd3be31f
CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java ...)
	NOT-FOR-US: Apache juddi-client
CVE-2018-1306 (The PortletV3AnnotatedDemo Multipart Portlet war file code provided in ...)
	NOT-FOR-US: Apache Portals Pluto
CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache Tomc ...)
	{DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.28-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1823314 (8.5.x)
	NOTE: https://svn.apache.org/r1824358 (8.5.x)
	NOTE: https://svn.apache.org/r1823319 (8.0.x)
	NOTE: https://svn.apache.org/r1824359 (8.0.x)
	NOTE: https://svn.apache.org/r1823322 (7.0.x)
	NOTE: https://svn.apache.org/r1824360 (7.0.x)
CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly maps to the con ...)
	{DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.28-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1823307 (8.5.x)
	NOTE: https://svn.apache.org/r1823308 (8.0.x)
	NOTE: https://svn.apache.org/r1823309 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62067
CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Apache  ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache HT ...)
	- apache2 2.4.33-1
	[stretch] - apache2 2.4.25-3+deb9u5
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server  ...)
	{DSA-4164-1 DLA-1389-1}
	- apache2 2.4.33-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1300
	REJECTED
CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve  ...)
	NOT-FOR-US: Apache Allura
CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker-J 7. ...)
	- qpid-java <itp> (bug #840131)
	NOTE: https://issues.apache.org/jira/browse/QPID-8046
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...)
	- jakarta-jmeter <unfixed> (low; bug #897259)
	[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1296 (In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not  ...)
	NOT-FOR-US: Apache Ignite
CVE-2018-1294 (If a user of Apache Commons Email (typically an application programmer ...)
	- commons-email <not-affected> (Fixed with first upload to Debian)
	NOTE: https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
	NOTE: Fixed by: https://svn.apache.org/r1777030
CVE-2018-1293
	REJECTED
CVE-2018-1292 (Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incu ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1291 (Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incub ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to  ...)
	- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...)
	- jakarta-jmeter <unfixed> (low)
	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external entities whe ...)
	{DLA-2211-1}
	- log4net <unfixed> (low)
	[buster] - log4net <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
	NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
CVE-2018-1284 (In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to for ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ca ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which IP a ...)
	NOT-FOR-US: Apache MXNet
CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protocol is u ...)
	- fossil 1:2.4-1
	[stretch] - fossil <ignored> (Minor issue)
	[jessie] - fossil <no-dsa> (Minor issue)
	[wheezy] - fossil <no-dsa> (Minor issue)
	NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed r ...)
	{DLA-1414-2 DLA-1414-1 DLA-1224-1}
	- mercurial 4.4.1-1
	NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
	NOTE: https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
	NOTE: Fixed by: https://mercurial-scm.org/repo/hg/rev/071cbeba4212
	NOTE: Alternative workaround/additionally needed: https://mercurial-scm.org/repo/hg/rev/5e27afeddaee
CVE-2017-1002102 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...)
	- kubernetes 1.7.16+dfsg-1 (bug #894051)
	NOTE: https://github.com/kubernetes/kubernetes/issues/60814
CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...)
	- kubernetes 1.7.16+dfsg-1 (bug #892801)
	NOTE: https://github.com/kubernetes/kubernetes/issues/60813
CVE-2017-17457
	REJECTED
CVE-2017-17456
	REJECTED
CVE-2017-17455 (Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17 ...)
	- mahara <removed>
CVE-2017-17454 (Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before  ...)
	- mahara <removed>
CVE-2017-17453
	RESERVED
CVE-2017-17452
	RESERVED
CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsub ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not req ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <ignored> (User namespaces not supported)
	NOTE: https://lkml.org/lkml/2017/12/5/982
CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in  ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2017/12/5/950
CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4  ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <ignored> (User namespaces not supported)
	NOTE: https://patchwork.kernel.org/patch/10089373/
CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains  ...)
	NOT-FOR-US: Pivotal
CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a deterministically gener ...)
	- rabbitmq-server <not-affected> (Specific to RabbitMQ setup in Pivotal, see bug #924768)
	NOTE: https://pivotal.io/security/cve-2018-1279
CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x  ...)
	NOT-FOR-US: Pivotal
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctl ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1276 (Windows 2012R2 stemcells, versions prior to 1200.17, contain an inform ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1274 (Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1273 (Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,  ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java 4.3.19-1 (bug #895114)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <not-affected> (vulnerable code not found)
	[wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
	NOTE: https://pivotal.io/security/cve-2018-1272
CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java <not-affected> (Issue specific when served from a file system on Windows)
	NOTE: https://pivotal.io/security/cve-2018-1271
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java 4.3.19-1 (bug #895114)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <not-affected> (vulnerable code not found)
	[wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
	NOTE: https://pivotal.io/security/cve-2018-1270
	NOTE: when addressing this issue make sure to not only apply a partial fix but
	NOTE: make it complete, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1269 (Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1268 (Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1267 (Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an im ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1266 (Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains inf ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1265 (Cloud Foundry Diego, release versions prior to 2.8.0, does not properl ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1264 (Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip ...)
	NOT-FOR-US: Spring-integration-zip
CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a ...)
	NOT-FOR-US: Cloud Foundry Foundation UAA
CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary fi ...)
	NOT-FOR-US: Spring-integration-zip
CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2 ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2 ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any versi ...)
	- libspring-security-2.0-java <removed>
	[jessie] - libspring-security-2.0-java <not-affected> (Affected version not in jessie)
	NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior  ...)
	- libspring-java 4.3.19-1
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <no-dsa> (hard to find upstream commits regarding this)
	NOTE: https://pivotal.io/security/cve-2018-1257
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
	NOT-FOR-US: Spring Cloud SSO Connector
CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0  ...)
	NOT-FOR-US: RSA
CVE-2018-1254 (RSA Authentication Manager Security Console, versions 8.3 P1 and earli ...)
	NOT-FOR-US: RSA Authentication Manager Security Console
CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and earl ...)
	NOT-FOR-US: RSA Authentication Manager Operation Console
CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL injecti ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2018-1251 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contain ...)
	NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1250 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contain ...)
	NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1249 (Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use o ...)
	NOT-FOR-US: EMC
CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and Sel ...)
	NOT-FOR-US: RSA Authentication Mamager
CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier,  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-1246 (Dell EMC Unity and UnityVSA contains reflected cross-site scripting vu ...)
	NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1245 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0  ...)
	NOT-FOR-US: RSA
CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versi ...)
	NOT-FOR-US: EMC
CVE-2018-1243 (Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior ...)
	NOT-FOR-US: EMC
CVE-2018-1242 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell
CVE-2018-1241 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell
CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an informat ...)
	NOT-FOR-US: EMC ViPR Controller
CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522 ...)
	NOT-FOR-US: EMC Unity Operating Environment
CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection vu ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction o ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1236
	REJECTED
CVE-2018-1235 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is  ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both II ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for both II ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site  ...)
	NOT-FOR-US: Pivotal
CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS vulner ...)
	NOT-FOR-US: Pivotal
CVE-2018-1228
	REJECTED
CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers to hav ...)
	NOT-FOR-US: Pivotal
CVE-2018-1226
	REJECTED
CVE-2018-1225
	REJECTED
CVE-2018-1224
	REJECTED
CVE-2018-1223 (Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1222
	REJECTED
CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnera ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1 ...)
	NOT-FOR-US: EMC NetWorker
CVE-2018-1217 (Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, an ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager whi ...)
	NOT-FOR-US: EMC
CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager  ...)
	NOT-FOR-US: EMC
CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows  ...)
	NOT-FOR-US: EMC
CVE-2018-1213 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8. ...)
	NOT-FOR-US: Dell
CVE-2018-1212 (The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versi ...)
	NOT-FOR-US: EMC
CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path t ...)
	NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1210
	REJECTED
CVE-2018-1209
	REJECTED
CVE-2018-1208
	REJECTED
CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI inje ...)
	NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and D ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some p ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8. ...)
	NOT-FOR-US: Dell
CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary  ...)
	NOT-FOR-US: Dell
CVE-2018-1202 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1201 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.2 ...)
	NOT-FOR-US: Pivotal
CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2. ...)
	- libspring-java 4.3.14-1 (bug #890001)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
	[jessie] - libspring-java <no-dsa> (fix for spring-security available but not for springframework)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2018-1199
CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser passw ...)
	NOT-FOR-US: Pivotal Cloud Cache
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside co ...)
	NOT-FOR-US: Windows Stemcells
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to eas ...)
	NOT-FOR-US: Spring Boot
CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions p ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1194
	REJECTED
CVE-2018-1193 (Cloud Foundry routing-release, versions prior to 0.175.0, lacks saniti ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; cf-depl ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an infor ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all v ...)
	NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1188 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1187 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1186 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1185 (An issue was discovered in EMC RecoverPoint for Virtual Machines versi ...)
	NOT-FOR-US: EMC
CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines versi ...)
	NOT-FOR-US: EMC
CVE-2018-1183 (In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4 ...)
	NOT-FOR-US: EMC
CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle v ...)
	NOT-FOR-US: EMC
CVE-2018-1181
	REJECTED
CVE-2017-17447
	RESERVED
CVE-2017-17445
	RESERVED
CVE-2017-17444
	RESERVED
CVE-2017-17443 (OPC Foundation Local Discovery Server (LDS) 1.03.370 required a securi ...)
	NOT-FOR-US: OPC Foundation Local Discovery Server
CVE-2017-17442 (In BlackBerry UEM Management Console version 12.7.1 and earlier, a ref ...)
	NOT-FOR-US: BlackBerry
CVE-2017-17441
	RESERVED
CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Gam ...)
	- game-music-emu 0.6.2-1 (bug #883691)
	[stretch] - game-music-emu <no-dsa> (Minor issue)
	[jessie] - game-music-emu <no-dsa> (Minor issue)
	[wheezy] - game-music-emu <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
	NOTE: Patch: https://bitbucket.org/mpyne/game-music-emu/commits/205290614cdc057541b26adeea05a9d45993f860
	NOTE: Additional hardening: https://bitbucket.org/mpyne/game-music-emu/commits/4a441e94cba14268bc4e983d4dfd6ed112084d00
CVE-2017-17440 (GNU Libextractor 1.6 allows remote attackers to cause a denial of serv ...)
	- libextractor 1:1.6-2 (bug #883528)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	[wheezy] - libextractor <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are able to c ...)
	{DSA-4055-1}
	- heimdal 7.5.0+dfsg-1 (bug #878144)
	[jessie] - heimdal <not-affected> (Vulnerability introduced in 7.0)
	[wheezy] - heimdal <not-affected> (Vulnerability introduced in 7.0)
	NOTE: https://github.com/heimdal/heimdal/issues/353
	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/749d377fa357351a7bbba51f8aae72cdf0629592 (7.1)
	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887 (master)
CVE-2017-17438
	RESERVED
CVE-2017-17437
	RESERVED
CVE-2017-17436 (An issue was discovered in the software on Vaultek Gun Safe VT20i prod ...)
	NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe VT20i prod ...)
	NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, do ...)
	{DSA-4068-1 DLA-1218-1}
	- rsync 3.1.2-2.1 (bug #883665)
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 3.1.2, an ...)
	{DSA-4068-1 DLA-1218-1}
	- rsync 3.1.2-2.1 (bug #883667)
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows ...)
	NOT-FOR-US: Sangoma NetBorder / Vega Session Controller
CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17428 (Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kit ...)
	NOT-FOR-US: Cisco ACE
	NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
	NOTE: https://robotattack.org/
CVE-2017-17427 (Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3 ...)
	NOT-FOR-US: Radware
	NOTE: https://portals.radware.com/getattachment/21be0b7b-fa1c-4cbc-8bd2-c19946aee270/Security-Advisory-Adaptive-chosen-ciphertext-atta/
	NOTE: https://robotattack.org/
CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 cou ...)
	- glibc <not-affected> (Issue introduced in glibc-2.26 with addition of per-thread cache to malloc)
	- eglibc <not-affected> (Issue introduced in glibc-2.26 with addition of per-thread cache to malloc)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22375
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
	NOTE: The upload of 2.26-0experimental2 to experimental fixed the issue (cf. #883729).
CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a vulnerabil ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...)
	- glibc 2.25-5 (bug #884133)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...)
	- glibc 2.25-5 (bug #884132)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, w ...)
	{DSA-4067-1 DLA-1213-1}
	- openafs 1.6.22-1 (bug #883602)
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
CVE-2018-1180 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1179 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1178 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1177 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1176 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1175 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1174 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1173 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1172 (This vulnerability allows remote attackers to deny service on vulnerab ...)
	[experimental] - squid 4.0.21-1~exp5 (unimportant)
	- squid 4.1-1 (unimportant)
	[wheezy] - squid <not-affected> (Vunerable code introduced in 3.1)
	- squid3 <unfixed> (unimportant)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_3.txt
	NOTE: Squid 3.5 patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_3.patch
	NOTE: Only affects custom builds with OpenSSL support enabled
CVE-2018-1171 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1170 (This vulnerability allows adjacent attackers to inject arbitrary Contr ...)
	NOT-FOR-US: Volkswagen Customer-Link App and HTC Customer-Link Bridge
CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Amazon Music Player
CVE-2018-1168 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: ABB MicroSCADA
CVE-2018-1167 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Spotify Music Player
CVE-2018-1166 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1165 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1164 (This vulnerability allows remote attackers to cause a denial-of-servic ...)
	NOT-FOR-US: ZyXEL
CVE-2018-1163 (This vulnerability allows remote attackers to bypass authentication on ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1162 (This vulnerability allows remote attackers to create a denial-of-servi ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1161 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1160 (Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_ ...)
	{DSA-4356-1}
	- netatalk 2.2.6-2 (bug #916930)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13711
CVE-2018-1159 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory c ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1158 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack ex ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1157 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory e ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1156 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buff ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1155 (In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS ...)
	NOT-FOR-US: SecurityCenter
CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration issu ...)
	NOT-FOR-US: SecurityCenter
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the se ...)
	NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...)
	{DLA-1638-1}
	[experimental] - libjpeg-turbo 1:2.0.2-1~exp1
	- libjpeg-turbo <unfixed> (low; bug #902950)
	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
	[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live  ...)
	NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub
CVE-2018-1150 (NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow a ...)
	NOT-FOR-US: NUUO
CVE-2018-1149 (cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers  ...)
	NOT-FOR-US: NUUO
CVE-2018-1148 (In Nessus before 7.1.0, Session Fixation exists due to insufficient se ...)
	NOT-FOR-US: Nessus
CVE-2018-1147 (In Nessus before 7.1.0, a XSS vulnerability exists due to improper inp ...)
	NOT-FOR-US: Nessus
CVE-2018-1146 (A remote unauthenticated user can enable telnet on the Belkin N750 usi ...)
	NOT-FOR-US: Belkin
CVE-2018-1145 (A remote unauthenticated user can overflow a stack buffer in the Belki ...)
	NOT-FOR-US: Belkin
CVE-2018-1144 (A remote unauthenticated user can execute commands as root in the Belk ...)
	NOT-FOR-US: Belkin
CVE-2018-1143 (A remote unauthenticated user can execute commands as root in the Belk ...)
	NOT-FOR-US: Belkin
CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to contai ...)
	NOT-FOR-US: Tenable
CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...)
	NOT-FOR-US: Nessus
CVE-2017-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17422 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17420 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17415 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17414 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17411 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: web management portal of Linksys WVBR0 WVBR0
CVE-2017-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17409 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17408 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: NetGain
CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: NetGain
CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, get ...)
	{DSA-4259-1 DLA-1421-1 DLA-1222-1 DLA-1221-1}
	- ruby2.5 2.5.0~rc1-1 (bug #884437)
	- ruby2.3 2.3.6-1 (bug #884438)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
	NOTE: https://github.com/ruby/ruby/commit/6d3f72e5be2312be312f2acbf3465b05293c1431
	NOTE: ruby2.3: https://github.com/ruby/ruby/commit/1cfe43fd85c66a9e2b5068480b3e043c31e6b8ca
	NOTE: ruby2.3: https://github.com/ruby/ruby/commit/3ec034c597e6d40543bb844dc8f96645bef4bed2
CVE-2017-17404
	RESERVED
CVE-2017-17403
	RESERVED
CVE-2017-17402
	RESERVED
CVE-2017-17401
	RESERVED
CVE-2017-17400
	RESERVED
CVE-2017-17399
	RESERVED
CVE-2017-17398
	RESERVED
CVE-2017-17397
	RESERVED
CVE-2017-17396
	RESERVED
CVE-2017-17395
	RESERVED
CVE-2017-17394
	RESERVED
CVE-2017-17393
	RESERVED
CVE-2017-17392
	RESERVED
CVE-2017-17391
	RESERVED
CVE-2017-17390
	RESERVED
CVE-2017-17389
	RESERVED
CVE-2017-17388
	RESERVED
CVE-2017-17387
	RESERVED
CVE-2017-17386
	RESERVED
CVE-2017-17385
	RESERVED
CVE-2017-17384 (ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain ...)
	NOT-FOR-US: ISPConfig
CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated administrators to con ...)
	- jenkins <removed>
CVE-2017-17382 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...)
	NOT-FOR-US: Citrix
	NOTE: https://support.citrix.com/article/CTX230238
	NOTE: https://robotattack.org/
CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest users to ...)
	{DSA-4213-1}
	- qemu 1:2.11+dfsg-1 (bug #883625)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <postponed> (Can be fixed along in later update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
CVE-2018-1140 (A missing input sanitization flaw was found in the implementation of L ...)
	- samba 2:4.8.4+dfsg-1
	[stretch] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
	[jessie] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1140.html
CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the u ...)
	- samba 2:4.8.4+dfsg-1
	[stretch] - samba <not-affected> (Issue introduced in 4.7.0)
	[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1139.html
CVE-2018-1138
	RESERVED
CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...)
	- moodle <removed>
CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is allowe ...)
	- moodle <removed>
CVE-2018-1135 (An issue was discovered in Moodle 3.x. Students who posted on forums a ...)
	- moodle <removed>
CVE-2018-1134 (An issue was discovered in Moodle 3.x. Students who submitted assignme ...)
	- moodle <removed>
CVE-2018-1133 (An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...)
	- moodle <removed>
CVE-2018-1132 (A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers c ...)
	NOT-FOR-US: OpenDaylight
CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via XML an ...)
	NOT-FOR-US: infinispan
CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer d ...)
	{DLA-1423-1 DLA-1422-1 DLA-1392-1}
	- linux 4.15.17-1
	[stretch] - linux 4.9.107-1
	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...)
	{DSA-4339-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Message signatures not implemented)
	NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1
	- ceph 12.2.8+dfsg1-1 (bug #913472)
	[jessie] - ceph <no-dsa> (Intrusive changes)
	NOTE: http://tracker.ceph.com/issues/24837
	NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
CVE-2018-1128 (It was found that cephx authentication protocol did not verify ceph cl ...)
	{DSA-4339-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Protocol change is too difficult)
	NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
	- ceph 12.2.8+dfsg1-1 (bug #913471)
	[jessie] - ceph <no-dsa> (Intrusive changes)
	NOTE: http://tracker.ceph.com/issues/24836
	NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
CVE-2018-1127 (Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediatel ...)
	NOT-FOR-US: tendrl-api
CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer  ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer overfl ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer over ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service i ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege esc ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race condi ...)
	- linux <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. By mm ...)
	{DLA-1423-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <ignored> (Too risky to backport)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Fixed by: https://git.kernel.org/linus/7f7ccc2ccc2e70c6054685f5e3522efa81556830
CVE-2018-1119
	REJECTED
CVE-2018-1118 (Linux kernel vhost since version 4.8 does not properly initialize memo ...)
	{DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/4/27/833
	NOTE: Fixed by: https://git.kernel.org/linus/670ae9caaca467ea1bfd325cb2a5c98ba87f94ad
CVE-2018-1117 (ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a  ...)
	NOT-FOR-US: ovirt-ansible-roles
CVE-2018-1116 (A flaw was found in polkit before version 0.116. The implementation of ...)
	{DLA-1448-1}
	- policykit-1 0.105-21 (bug #903563)
	[stretch] - policykit-1 <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad53643a9c80231fc41f5582d6a8931c32c
	NOTE: https://lists.freedesktop.org/archives/polkit-devel/2018-July/000583.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1099031
CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack  ...)
	- postgresql-10 10.4-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.9-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <not-affected> (Code not present)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (Code not present)
	[wheezy] - postgresql-9.1 <not-affected> (Code not present)
CVE-2018-1114 (It was found that URLResource.getLastModified() in Undertow closes the ...)
	- undertow 1.4.25-1 (bug #897247)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
	NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
	NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
CVE-2018-1113 (setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Li ...)
	NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups (nologin listed in /etc/shells violates security expectations)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094
CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when usi ...)
	- glusterfs <not-affected> (Fix for CVE-2018-1088 was not applied/ incomplete fix not applied)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1570891
CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earl ...)
	NOT-FOR-US: Red Hat Specific script
	NOTE: https://access.redhat.com/security/vulnerabilities/3442151
CVE-2018-1110 [Improper Input Validation]
	RESERVED
	- knot-resolver 2.3.0-1 (bug #896681)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
CVE-2018-1109
	RESERVED
	- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
	NOTE: https://snyk.io/vuln/npm:braces:20180219
	NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0)
	NOTE: Fixed by: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 (2.3.1)
	NOTE: Cf. analysis in https://bugs.debian.org/927716#38
CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakness in ...)
	- linux 4.16.5-1
	[stretch] - linux <ignored> (Can't be fixed without many user-space changes)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
CVE-2018-1107
	RESERVED
	NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before 1.1. ...)
	{DSA-4207-1}
	- packagekit 1.1.10-1 (bug #896703)
	[jessie] - packagekit <not-affected> (Issue introduced later)
	[wheezy] - packagekit <not-affected> (Issue introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/3
	NOTE: Fixed by: https://github.com/hughsie/PackageKit/commit/7e8a7905ea9abbd1f384f05f36a4458682cd4697 (PACKAGEKIT_1_1_10)
	NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
	NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
CVE-2018-1105
	RESERVED
CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows us ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-1103 (Openshift Enterprise source-to-image before version 1.1.10 is vulnerab ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Openshift ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of sys ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
	- zsh 5.5-1 (bug #895225)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	[wheezy] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
	NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attack ...)
	- etcd <unfixed> (low; bug #921156)
	[buster] - etcd <no-dsa> (Minor issue)
	NOTE: https://github.com/coreos/etcd/issues/9353
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...)
	- etcd <unfixed> (low; bug #921156)
	[buster] - etcd <no-dsa> (Minor issue)
	NOTE: https://github.com/coreos/etcd/issues/9353
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
	- foreman <itp> (bug #663101)
	NOTE: https://projects.theforeman.org/issues/22546
	NOTE: https://github.com/theforeman/foreman/pull/5369
CVE-2018-1096 (An input sanitization flaw was found in the id field in the dashboard  ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/23028
	NOTE: https://github.com/theforeman/foreman/pull/5363
CVE-2018-1095 (The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux  ...)
	- linux 4.16.5-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185
CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...)
	- linux 4.15.17-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183
CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux  ...)
	{DSA-4188-1 DLA-1422-1 DLA-1392-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181
CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel through  ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179
	NOTE: Fixed by: https://git.kernel.org/linus/8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Hardware not supported; POWER9 support missing)
	[wheezy] - linux <not-affected> (Hardware not supported)
	NOTE: Fixed by: https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
CVE-2018-1090 (In Pulp before version 2.16.2, secrets are passed into override_config ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properl ...)
	{DLA-1428-1}
	- 389-ds-base 1.3.8.2-1 (bug #898138)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
	- glusterfs 4.0.2-1 (bug #896128)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	[wheezy] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721
	NOTE: https://review.gluster.org/#/c/19899/
	NOTE: https://review.gluster.org/#/c/19898/
	NOTE: When fixing the issue it's important to not apply the incomplete fix and open
	NOTE: CVE-2018-1112 causing that auth.allow allows all clients to mount volumes.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1570891
	NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-r ...)
	{DSA-4196-1}
	- linux 4.15.17-1
	[wheezy] - linux <not-affected> (Issue introduced in 3.16)
	NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/5
CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is vulnerable to a debug paramete ...)
	{DSA-4169-1}
	- pcs 0.9.164-1 (bug #895313)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1085 (openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigur ...)
	NOT-FOR-US: openshift-ansible
CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflow in  ...)
	{DSA-4174-1}
	- corosync 2.4.4-1 (bug #895653)
	[jessie] - corosync <not-affected> (Vulnerable code introduced later)
	[wheezy] - corosync <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552830
	NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
	NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in  ...)
	{DLA-1335-1}
	- zsh 5.4.2-4 (low; bug #894043)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user a ...)
	- moodle <removed>
CVE-2018-1081 (A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3 ...)
	- moodle <removed>
CVE-2018-1080 (Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.j ...)
	[experimental] - dogtag-pki 10.6.0-2
	- dogtag-pki 10.6.6-1 (bug #893690)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1556657
	NOTE: https://pagure.io/freeipa/issue/7453
	NOTE: https://review.gerrithub.io/#/c/404435/
CVE-2018-1079 (pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escal ...)
	- pcs 0.9.164-1 (bug #895314)
	[stretch] - pcs <not-affected> (Vulnerable code introduced in 0.9.157)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerability du ...)
	NOT-FOR-US: OpenDayLight
CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the d ...)
	NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
	RESERVED
CVE-2018-1075 (ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered passwo ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1074 (ovirt-engine API and administration web portal before versions 4.2.2.5 ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 return ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an informatio ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
	{DLA-1335-1}
	- zsh 5.4.2-4 (low; bug #894044)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
CVE-2018-1070 (routing before version 3.10 is vulnerable to an improper input validat ...)
	NOT-FOR-US: OpenShift (Routing configuration)
CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to access contr ...)
	NOT-FOR-US: OpenShift
CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-bit sy ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://git.kernel.org/linus/b71812168571fa55e44cdd0254471331b9c4c4c6
	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
	NOTE: non-standard setups
CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the  ...)
	- undertow 1.4.25-1 (bug #900323)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1302
	NOTE: Issue is incomplete fix for CVE-2016-4993
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b86 (1.4.25.Final)
CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer d ...)
	{DSA-4188-1 DSA-4187-1 DLA-1422-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb
CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishandles  ...)
	{DSA-4188-1}
	- linux 4.15.11-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustio ...)
	{DSA-4137-1 DLA-1315-1}
	- libvirt 4.1.0-1
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link attac ...)
	- policycoreutils 2.7-1
	[stretch] - policycoreutils <no-dsa> (Minor issue)
	[jessie] - policycoreutils <no-dsa> (Minor issue)
	[wheezy] - policycoreutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
	NOTE: Mitigation by removing any symbolic link in /tmp and /var/tmp directories
	NOTE: before relabeling the file system. Futhtermore only triggerable at
	NOTE: relabeling time.
	NOTE: https://github.com/SELinuxProject/selinux/commit/2608b4d6660af0fb8ad93f2cc144bdaab3c2afa8
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the  ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is  ...)
	{DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1}
	- python3.7 3.7.0~b3-1 (low)
	- python3.6 3.6.5~rc1-1 (low)
	- python3.5 3.5.6-1 (low)
	- python3.4 <removed> (low)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python2.7 2.7.14-7 (low)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue32981
	NOTE: https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
	NOTE: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
	NOTE: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is  ...)
	{DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1}
	- python3.7 3.7.0~b3-1 (low)
	- python3.6 3.6.5~rc1-1 (low)
	- python3.5 3.5.6-1 (low)
	- python3.4 <removed> (low)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python2.7 2.7.14-7 (low)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue32981
	NOTE: https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
	NOTE: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
	NOTE: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1059 (The DPDK vhost-user interface does not check to verify that all the re ...)
	- dpdk 17.11.2-1 (bug #896688)
	[stretch] - dpdk 16.11.6-1+deb9u1
CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify the be ...)
	- postgresql-10 10.3-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.8-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <no-dsa> (Minor issue; documentation update for recommendations)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
	[wheezy] - postgresql-9.1 <no-dsa> (Minor issue)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3d2aed664ee8271fd6c721ed0aa10168cda112ea
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=582edc369cdbd348d68441fc50fa26a84afd0c1a
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5770172cb0c9df9e6ce27c507b449557e5b45124
CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 ...)
	{DSA-4135-1 DLA-1754-1}
	- samba 2:4.7.4+dfsg-2
	[wheezy] - samba <not-affected> (Vulnerable code introduced later in 4.0.0alpha13)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
	NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...)
	{DLA-1702-1 DLA-1281-1}
	- advancecomp 2.1-1 (bug #889270)
	[stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://sourceforge.net/p/advancemame/bugs/259/
	NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
CVE-2018-1055
	REJECTED
CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way 389-ds-base han ...)
	{DLA-1428-1}
	- 389-ds-base 1.3.7.10-1 (bug #892124)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
	NOTE: https://pagure.io/389-ds-base/issue/49545
	NOTE: https://pagure.io/389-ds-base/c/14ce2fe0dfa67405dae0ae2e7fde13f6a1360d30?branch=master
CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9 ...)
	{DLA-1271-1}
	- postgresql-10 10.2-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.7-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <no-dsa> (Minor issue)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca
CVE-2018-1052 (Memory disclosure vulnerability in table partitioning was found in pos ...)
	- postgresql-10 10.2-1
	- postgresql-9.6 <not-affected> (code introduced in 10)
	- postgresql-9.4 <not-affected> (code introduced in 10)
	- postgresql-9.1 <not-affected> (code introduced in 10)
CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1 ...)
	- resteasy <unfixed>
	[jessie] - resteasy <not-affected> (Incomplete fix for CVE-2016-9606 wasn't backported)
	- resteasy3.0 <not-affected> (Incomplete fix for CVE-2016-9606 not applied)
	NOTE: Removing deprecated YamlProvider was done in 4.0.0.Beta4
CVE-2018-1050 (All versions of Samba from 4.0.0 onwards are vulnerable to a denial of ...)
	{DSA-4135-1 DLA-1754-1 DLA-1320-1}
	- samba 2:4.7.4+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount and .au ...)
	{DLA-1580-1}
	- systemd 234-1
	[stretch] - systemd 232-25+deb9u10
	[wheezy] - systemd <postponed>  (Minor issue, can be fixed along in next DLA)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
	NOTE: https://github.com/systemd/systemd/pull/5916
	NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in Jboss E ...)
	- undertow 1.4.22-1 (bug #891928)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1245
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability throug ...)
	- wildfly <itp> (bug #752018)
	NOTE: https://issues.jboss.org/browse/WFLY-9620
	NOTE: https://developer.jboss.org/thread/276826
	NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
CVE-2018-1046 (pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsrep ...)
	- pdns 4.1.2-1 (bug #898255)
	[stretch] - pdns 4.0.3-1+deb9u3
	[jessie] - pdns <not-affected> (Vulnerable code not present)
	[wheezy] - pdns <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
	NOTE: Fixed by https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8
CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...)
	- moodle <removed>
CVE-2018-1044 (In Moodle 3.x, quiz web services allow students to see quiz results wh ...)
	- moodle <removed>
CVE-2018-1043 (In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...)
	- moodle <removed>
CVE-2018-1042 (Moodle 3.x has Server Side Request Forgery in the filepicker. ...)
	- moodle <removed>
CVE-2018-1041 (A vulnerability was found in the way RemoteMessageChannel, introduced  ...)
	- libjboss-remoting-java <removed>
	[wheezy] - libjboss-remoting-java <ignored> (unimportant leaf package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1530457
CVE-2017-17380
	RESERVED
CVE-2017-17379
	RESERVED
CVE-2017-17378
	RESERVED
CVE-2017-17377
	RESERVED
CVE-2017-17376
	RESERVED
CVE-2017-17375
	RESERVED
CVE-2017-17374
	RESERVED
CVE-2017-17373
	RESERVED
CVE-2017-17372
	RESERVED
CVE-2017-17371
	RESERVED
CVE-2017-17370
	RESERVED
CVE-2017-17369
	RESERVED
CVE-2017-17368
	RESERVED
CVE-2017-17367
	RESERVED
CVE-2017-17366
	RESERVED
CVE-2017-17365
	RESERVED
CVE-2017-17364
	RESERVED
CVE-2017-17363
	RESERVED
CVE-2017-17362
	RESERVED
CVE-2017-17361
	RESERVED
CVE-2017-17360
	RESERVED
CVE-2017-17359
	RESERVED
CVE-2017-17358
	RESERVED
CVE-2017-17357
	RESERVED
CVE-2017-17356
	RESERVED
CVE-2017-17355
	RESERVED
CVE-2017-17354
	RESERVED
CVE-2017-17353
	RESERVED
CVE-2017-17352
	RESERVED
CVE-2017-17351
	RESERVED
CVE-2017-17350
	RESERVED
CVE-2017-17349
	RESERVED
CVE-2017-17348
	RESERVED
CVE-2017-17347
	RESERVED
CVE-2017-17346
	RESERVED
CVE-2017-17345
	RESERVED
CVE-2017-17344
	RESERVED
CVE-2017-17343
	RESERVED
CVE-2017-17342
	RESERVED
CVE-2017-17341
	RESERVED
CVE-2017-17340
	RESERVED
CVE-2017-17339
	RESERVED
CVE-2017-17338
	RESERVED
CVE-2017-17337
	RESERVED
CVE-2017-17336
	RESERVED
CVE-2017-17335
	RESERVED
CVE-2017-17334
	RESERVED
CVE-2017-17333
	RESERVED
CVE-2017-17332
	RESERVED
CVE-2017-17331
	RESERVED
CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200 ...)
	NOT-FOR-US: Huawei
CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. Th ...)
	NOT-FOR-US: Huawei
CVE-2017-17328 (Huawei smartphones with software of MHA-AL00AC00B125 have an integer o ...)
	NOT-FOR-US: Huawei
CVE-2017-17327 (Huawei smartphones with software of MHA-AL00AC00B125 have an improper  ...)
	NOT-FOR-US: Huawei
CVE-2017-17326 (Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON- ...)
	NOT-FOR-US: Huawei
CVE-2017-17325 (Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.3 ...)
	NOT-FOR-US: Huawei
CVE-2017-17324 (Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17323 (Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper aut ...)
	NOT-FOR-US: Huawei
CVE-2017-17322 (Huawei Honor Smart Scale Application with software of 1.1.1 has an inf ...)
	NOT-FOR-US: Huawei
CVE-2017-17321 (Huawei eNSP software with software of versions earlier than V100R002C0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17320 (Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON- ...)
	NOT-FOR-US: Huawei
CVE-2017-17319 (Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 hav ...)
	NOT-FOR-US: Huawei
CVE-2017-17318 (Huawei MBB (Mobile Broadband) products E5771h-937 with the versions be ...)
	NOT-FOR-US: Huawei
CVE-2017-17317 (Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17316 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earl ...)
	NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones
CVE-2017-17312 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
	NOT-FOR-US: Huawei
CVE-2017-17311 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
	NOT-FOR-US: Huawei
CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei product ...)
	NOT-FOR-US: Huawei
CVE-2017-17309 (Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerabili ...)
	NOT-FOR-US: Huawei
CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C ...)
	NOT-FOR-US: Huawei
CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an ou ...)
	NOT-FOR-US: Huawei
CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17305 (Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR ...)
	NOT-FOR-US: Huawei
CVE-2017-17304 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
	NOT-FOR-US: Huawei
CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17300 (Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17299 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C ...)
	NOT-FOR-US: Huawei
CVE-2017-17298 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17297 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17296 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17295 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17294 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17293 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17292 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17291 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17290 (The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with ...)
	NOT-FOR-US: Huawei
CVE-2017-17289 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17288 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17287 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V20 ...)
	NOT-FOR-US: Huawei
CVE-2017-17286 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V20 ...)
	NOT-FOR-US: Huawei
CVE-2017-17285 (Bluetooth module in some Huawei mobile phones with software LON-AL00BC ...)
	NOT-FOR-US: Huawei
CVE-2017-17284 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17283 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17282 (SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R ...)
	NOT-FOR-US: Huawei
CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R ...)
	NOT-FOR-US: Huawei
CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones with sof ...)
	NOT-FOR-US: Huawei
CVE-2017-17279 (The soundtrigger module in Huawei Mate 9 Pro smart phones with softwar ...)
	NOT-FOR-US: Huawei
CVE-2017-17278
	REJECTED
CVE-2017-17277
	REJECTED
CVE-2017-17276
	REJECTED
CVE-2017-17275
	REJECTED
CVE-2017-17274
	REJECTED
CVE-2017-17273
	REJECTED
CVE-2017-17272
	REJECTED
CVE-2017-17271
	REJECTED
CVE-2017-17270
	REJECTED
CVE-2017-17269
	REJECTED
CVE-2017-17268
	REJECTED
CVE-2017-17267
	REJECTED
CVE-2017-17266
	REJECTED
CVE-2017-17265
	REJECTED
CVE-2017-17264
	REJECTED
CVE-2017-17263
	REJECTED
CVE-2017-17262
	REJECTED
CVE-2017-17261
	REJECTED
CVE-2017-17260
	REJECTED
CVE-2017-17259
	REJECTED
CVE-2017-17258 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17257 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17256 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17255 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17254 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17253 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17252 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17251 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32;  ...)
	NOT-FOR-US: Huawei
CVE-2017-17249
	REJECTED
CVE-2017-17248
	REJECTED
CVE-2017-17247
	REJECTED
CVE-2017-17246
	REJECTED
CVE-2017-17245
	REJECTED
CVE-2017-17244
	REJECTED
CVE-2017-17243
	REJECTED
CVE-2017-17242
	REJECTED
CVE-2017-17241
	REJECTED
CVE-2017-17240
	REJECTED
CVE-2017-17239
	REJECTED
CVE-2017-17238
	REJECTED
CVE-2017-17237
	REJECTED
CVE-2017-17236
	REJECTED
CVE-2017-17235
	REJECTED
CVE-2017-17234
	REJECTED
CVE-2017-17233
	REJECTED
CVE-2017-17232
	REJECTED
CVE-2017-17231
	REJECTED
CVE-2017-17230
	REJECTED
CVE-2017-17229
	REJECTED
CVE-2017-17228
	REJECTED
CVE-2017-17227 (GPU driver in Huawei Mate 10 smart phones with the versions before ALP ...)
	NOT-FOR-US: Huawei
CVE-2017-17226 (The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-in ...)
	NOT-FOR-US: The TripAdvisor app on Huawei
CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile  ...)
	NOT-FOR-US: Huawei
CVE-2017-17224 (Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0. ...)
	NOT-FOR-US: Huawei smart phones
CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V ...)
	NOT-FOR-US: Huawei
CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950 V200R003C30; eS ...)
	NOT-FOR-US: Huawei
CVE-2017-17221 (Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace  ...)
	NOT-FOR-US: Huawei
CVE-2017-17220 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C ...)
	NOT-FOR-US: Huawei
CVE-2017-17219 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C ...)
	NOT-FOR-US: Huawei
CVE-2017-17218 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C ...)
	NOT-FOR-US: Huawei
CVE-2017-17217 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP2 ...)
	NOT-FOR-US: Huawei
CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP2 ...)
	NOT-FOR-US: Huawei
CVE-2017-17215 (Huawei HG532 with some customized versions has a remote code execution ...)
	NOT-FOR-US: Huawei
CVE-2017-17214
	REJECTED
CVE-2017-17213
	REJECTED
CVE-2017-17212
	REJECTED
CVE-2017-17211
	REJECTED
CVE-2017-17210
	REJECTED
CVE-2017-17209
	REJECTED
CVE-2017-17208
	REJECTED
CVE-2017-17207
	REJECTED
CVE-2017-17206
	REJECTED
CVE-2017-17205
	REJECTED
CVE-2017-17204
	REJECTED
CVE-2017-17203
	REJECTED
CVE-2017-17202 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V20 ...)
	NOT-FOR-US: Huawei
CVE-2017-17201 (Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC4 ...)
	NOT-FOR-US: Huawei
CVE-2017-17200 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17199 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17198
	REJECTED
CVE-2017-17197
	REJECTED
CVE-2017-17196
	REJECTED
CVE-2017-17195
	REJECTED
CVE-2017-17194
	REJECTED
CVE-2017-17193
	REJECTED
CVE-2017-17192
	REJECTED
CVE-2017-17191
	REJECTED
CVE-2017-17190
	REJECTED
CVE-2017-17189
	REJECTED
CVE-2017-17188
	REJECTED
CVE-2017-17187 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17186 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17185 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17184 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17183 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17182 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17181
	REJECTED
CVE-2017-17180
	REJECTED
CVE-2017-17179
	REJECTED
CVE-2017-17178
	REJECTED
CVE-2017-17177
	REJECTED
CVE-2017-17176 (The hardware security module of Mate 9 and Mate 9 Pro Huawei smart pho ...)
	NOT-FOR-US: Huawei
CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones w ...)
	NOT-FOR-US: Huawei
CVE-2017-17174 (Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP ...)
	NOT-FOR-US: Huawei
CVE-2017-17173 (Due to insufficient parameters verification GPU driver of Mate 9 Pro H ...)
	NOT-FOR-US: Huawei
CVE-2017-17172 (Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479 ...)
	NOT-FOR-US: Huawei
CVE-2017-17171 (Some Huawei smart phones have the denial of service (DoS) vulnerabilit ...)
	NOT-FOR-US: Huawei
CVE-2017-17170 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
	NOT-FOR-US: Huawei
CVE-2017-17169 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
	NOT-FOR-US: Huawei
CVE-2017-17168 (The CIDAM Protocol on some Huawei Products has multiple input validati ...)
	NOT-FOR-US: Huawei
CVE-2017-17167 (Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C ...)
	NOT-FOR-US: Huawei
CVE-2017-17166 (Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20,  ...)
	NOT-FOR-US: Huawei
CVE-2017-17165 (IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 ...)
	NOT-FOR-US: Huawei
CVE-2017-17164 (Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vul ...)
	NOT-FOR-US: Huawei
CVE-2017-17163 (Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory ...)
	NOT-FOR-US: Huawei
CVE-2017-17162 (Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001 ...)
	NOT-FOR-US: Huawei
CVE-2017-17161 (The 'Find Phone' function in some Huawei smart phones with software ea ...)
	NOT-FOR-US: Huawei
CVE-2017-17160 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C ...)
	NOT-FOR-US: Huawei
CVE-2017-17159 (Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92 ...)
	NOT-FOR-US: Huawei
CVE-2017-17158 (Some Huawei smart phones with the versions before Berlin-L21HNC185B381 ...)
	NOT-FOR-US: Huawei
CVE-2017-17157 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17156 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17155 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17154 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17153 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17152 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17151 (Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR15 ...)
	NOT-FOR-US: Huawei
CVE-2017-17150 (Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17149 (Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lo ...)
	NOT-FOR-US: Huawei
CVE-2017-17148 (Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of v ...)
	NOT-FOR-US: Huawei
CVE-2017-17147 (Huawei DP300 V500R002C00 have an integer overflow vulnerability due to ...)
	NOT-FOR-US: Huawei
CVE-2017-17146 (Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to t ...)
	NOT-FOR-US: Huawei
CVE-2017-17145 (Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00A ...)
	NOT-FOR-US: Huawei
CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; V500R002C00S ...)
	NOT-FOR-US: Huawei
CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17142 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17141 (Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200 ...)
	NOT-FOR-US: Huawei
CVE-2017-17140 (Huawei Enjoy 5s and Y6 Pro smartphones with software the versions befo ...)
	NOT-FOR-US: Huawei
CVE-2017-17139 (Huawei Mate 9 and Mate 9 pro smart phones with software the versions b ...)
	NOT-FOR-US: Huawei
CVE-2017-17138 (PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30;  ...)
	NOT-FOR-US: Huawei
CVE-2017-17137 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17136 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17135 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-17134 (XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R ...)
	NOT-FOR-US: Huawei
CVE-2017-17133 (Huawei VP9660 V500R002C10 has a null pointer reference vulnerability i ...)
	NOT-FOR-US: Huawei
CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerabili ...)
	NOT-FOR-US: Huawei
CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in Lib ...)
	{DLA-1630-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100
CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12. ...)
	- libav <not-affected> (Vulnerable code introduced in 12.x)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1101
CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2  ...)
	- libav <removed>
	[jessie] - libav <not-affected> (Unable to reproduce on i386 and amd64 with current version and upstream Git; upstream bug also closed WORKSFORME)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104
CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 all ...)
	{DLA-2021-1}
	- libav <removed>
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
	NOTE: Duplicate of CVE-2018-19130
CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 al ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22510
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8
CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global sym ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22443
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4
CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Binary Fi ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22507
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c
CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary File D ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22509
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543
CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29. ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22508
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22506
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b
CVE-2017-17120
	RESERVED
CVE-2017-17119
	RESERVED
CVE-2017-17118
	RESERVED
CVE-2017-17117
	RESERVED
CVE-2017-17116
	RESERVED
CVE-2017-17115
	RESERVED
CVE-2017-17114 (ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16. ...)
	NOT-FOR-US: IKARUS
CVE-2017-17113 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL po ...)
	NOT-FOR-US: IKARUS
CVE-2017-17112 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Co ...)
	NOT-FOR-US: IKARUS
CVE-2017-17111 (Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQ ...)
	NOT-FOR-US: Posty Readymade Classifieds Script
CVE-2017-17110 (Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL ...)
	NOT-FOR-US: Techno Portfolio Management Panel
CVE-2017-17109
	RESERVED
CVE-2017-17108 (Path traversal vulnerability in the administrative panel in KonaKart e ...)
	NOT-FOR-US: KonaKart eCommerce Platform
CVE-2017-17107 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1 ...)
	NOT-FOR-US: Zivif web cameras
CVE-2017-17106 (Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtain ...)
	NOT-FOR-US: Zivif web cameras
CVE-2017-17105 (Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-betw ...)
	NOT-FOR-US: Zivif web cameras
CVE-2017-17104 (Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/ ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-17103 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_ ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-17102 (Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['li ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-17101 (An issue was discovered in Apexis APM-H803-MPC software, as used with  ...)
	NOT-FOR-US: Apexis
CVE-2017-17100
	RESERVED
CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow vulnerabilit ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-17098 (The writeLog function in fn_common.php in gps-server.net GPS Tracking  ...)
	NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17097 (gps-server.net GPS Tracking Software (self hosted) 2.x has a password  ...)
	NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin b ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18 ...)
	{DSA-4076-1 DLA-1225-1}
	- asterisk 1:13.18.3~dfsg-1 (bug #883342)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27452
CVE-2018-1040 (A denial of service vulnerability exists in the way that the Windows C ...)
	NOT-FOR-US: Microsoft
CVE-2018-1039 (A security feature bypass vulnerability exists in .Net Framework which ...)
	NOT-FOR-US: Microsoft
CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 all ...)
	NOT-FOR-US: Microsoft
CVE-2018-1037 (An information disclosure vulnerability exists when Visual Studio impr ...)
	NOT-FOR-US: Microsoft
CVE-2018-1036 (An elevation of privilege vulnerability exists when NTFS improperly ch ...)
	NOT-FOR-US: Microsoft
CVE-2018-1035 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-1034 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1033
	RESERVED
CVE-2018-1032 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1031
	RESERVED
CVE-2018-1030 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-1029 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-1028 (A remote code execution vulnerability exists when the Office graphics  ...)
	NOT-FOR-US: Microsoft
CVE-2018-1027 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-1026 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-1025 (An information disclosure vulnerability exists when affected Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1024
	RESERVED
CVE-2018-1023 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1022 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-1021 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-1020 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-1019 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-1018 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-1017
	RESERVED
CVE-2018-1016 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1015 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1014 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1013 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1012 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1011 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-1010 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1009 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-1008 (An elevation of privilege vulnerability exists in Windows Adobe Type M ...)
	NOT-FOR-US: Microsoft
CVE-2018-1007 (An information disclosure vulnerability exists when Microsoft Office i ...)
	NOT-FOR-US: Microsoft
CVE-2018-1006
	RESERVED
CVE-2018-1005 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1004 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-1003 (A buffer overflow vulnerability exists in the Microsoft JET Database E ...)
	NOT-FOR-US: Microsoft
CVE-2018-1002
	RESERVED
CVE-2018-1001 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-1000 (An information disclosure vulnerability exists in the way that the scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0999
	RESERVED
CVE-2018-0998 (An information disclosure vulnerability exists when Microsoft Edge PDF ...)
	NOT-FOR-US: Microsoft
CVE-2018-0997 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0996 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0995 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0994 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0993 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0992
	RESERVED
CVE-2018-0991 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0990 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0989 (An information disclosure vulnerability exists in the way that the scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0988 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0987 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0986 (A remote code execution vulnerability exists when the Microsoft Malwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-0985
	RESERVED
CVE-2018-0984
	RESERVED
CVE-2018-0983 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0982 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0981 (An information disclosure vulnerability exists in the way that the scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0980 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0979 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0978 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0977 (The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0976 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
	NOT-FOR-US: Microsoft
CVE-2018-0975 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0974 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0973 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0972 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0971 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0970 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0969 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0968 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0967 (A denial of service vulnerability exists in the way that Windows SNMP  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0966 (A security feature bypass exists when Device Guard incorrectly validat ...)
	NOT-FOR-US: Microsoft
CVE-2018-0965 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0964 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-0963 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0962
	RESERVED
CVE-2018-0961 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0960 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0959 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0958 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0957 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-0956 (A denial of service vulnerability exists in the HTTP 2.0 protocol stac ...)
	NOT-FOR-US: Microsoft
CVE-2018-0955 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0954 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0953 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0952 (An Elevation of Privilege vulnerability exists when Diagnostics Hub St ...)
	NOT-FOR-US: Microsoft
CVE-2018-0951 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0950 (An information disclosure vulnerability exists when Office renders Ric ...)
	NOT-FOR-US: Microsoft
CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2018-0948
	RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Ente ...)
	NOT-FOR-US: Microsoft
CVE-2018-0946 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0945 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0944 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0943 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0942 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0941 (Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Excha ...)
	NOT-FOR-US: Microsoft
CVE-2018-0940 (Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-0939 (ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow inform ...)
	NOT-FOR-US: Microsoft
CVE-2018-0938
	RESERVED
CVE-2018-0937 (ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code ex ...)
	NOT-FOR-US: Microsoft
CVE-2018-0936 (ChakraCore and Microsoft Windows 10 1709 allow remote code execution,  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0935 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0934 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0933 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0932 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0931 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0930 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2018-0929 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0928
	RESERVED
CVE-2018-0927 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0926 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0925 (ChakraCore allows remote code execution, due to how the ChakraCore scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0924 (Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Micros ...)
	NOT-FOR-US: Microsoft
CVE-2018-0923 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2018-0922 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 C ...)
	NOT-FOR-US: Microsoft
CVE-2018-0921 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2018-0920 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-0919 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 C ...)
	NOT-FOR-US: Microsoft
CVE-2018-0918
	RESERVED
CVE-2018-0917 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2018-0916 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0915 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0914 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0913 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0912 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0911 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0910 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0909 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0908 (Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevate ...)
	NOT-FOR-US: Microsoft
CVE-2018-0907 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 20 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0906
	RESERVED
CVE-2018-0905
	RESERVED
CVE-2018-0904 (The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0903 (Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access ...)
	NOT-FOR-US: Microsoft
CVE-2018-0902 (The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0901 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0900 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0899 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0898 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0897 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0896 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0895 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0894 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0893 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0892 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-0891 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0890 (A security feature bypass vulnerability exists when Active Directory i ...)
	NOT-FOR-US: Microsoft
CVE-2018-0889 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0888 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2018-0887 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0886 (The Credential Security Support Provider protocol (CredSSP) in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-0885 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2018-0884 (Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0883 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0882 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0881 (The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2018-0880 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0879 (Microsoft Edge in Windows 10 1709 allows information disclosure, due t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0878 (Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0877 (The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0876 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0875 (.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0874 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0873 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0872 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0871 (An information disclosure vulnerability exists when Edge improperly ma ...)
	NOT-FOR-US: Microsoft
CVE-2018-0870 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0868 (Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0867
	RESERVED
CVE-2018-0866 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0865
	RESERVED
CVE-2018-0864 (SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0863
	RESERVED
CVE-2018-0862 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0861 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0860 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0859 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0858 (ChakraCore allows remote code execution, due to how the ChakraCore scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0857 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0856 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 al ...)
	NOT-FOR-US: Microsoft
CVE-2018-0855 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0854 (A security feature bypass vulnerability exists in Windows Scripting Ho ...)
	NOT-FOR-US: Microsoft
CVE-2018-0853 (Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0852 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outl ...)
	NOT-FOR-US: Microsoft
CVE-2018-0851 (Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Off ...)
	NOT-FOR-US: Microsoft
CVE-2018-0850 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0849 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0848 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0847 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0846 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0845 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0844 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0843 (The Windows kernel in Windows 10 version 1709 and Windows Server, vers ...)
	NOT-FOR-US: Microsoft
CVE-2018-0842 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0841 (Microsoft Office 2016 Click-to-Run allows a remote code execution vuln ...)
	NOT-FOR-US: Microsoft
CVE-2018-0840 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0839 (Microsoft Edge in Microsoft Windows 10 1703 allows information disclos ...)
	NOT-FOR-US: Microsoft
CVE-2018-0838 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0837 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0836 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 al ...)
	NOT-FOR-US: Microsoft
CVE-2018-0835 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0834 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0833 (The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0832 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0831 (The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0830 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0829 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0828 (Windows 10 version 1607 and Windows Server 2016 allow an elevation of  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0827 (Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0826 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0825 (StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-0824 (A remote code execution vulnerability exists in "Microsoft COM for Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0823 (The Named Pipe File System in Windows 10 version 1709 and Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-0822 (NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 201 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0821 (AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2018-0820 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specially c ...)
	NOT-FOR-US: Microsoft
CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ( ...)
	NOT-FOR-US: Microsoft
CVE-2018-0817 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2018-0816 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2018-0815 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2018-0814 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0813 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0811 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0810 (The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0809 (The Windows kernel in Windows 10, versions 1703 and 1709, and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0808 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnera ...)
	NOT-FOR-US: Microsoft
CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obta ...)
	NOT-FOR-US: Microsoft
CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Mi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 201 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 201 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Micros ...)
	NOT-FOR-US: Microsoft
CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote code exec ...)
	NOT-FOR-US: Microsoft
CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2018-0787 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnera ...)
	NOT-FOR-US: Microsoft
CVE-2018-0786 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vuln ...)
	NOT-FOR-US: Microsoft
CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnera ...)
	NOT-FOR-US: Microsoft
CVE-2018-0783
	RESERVED
CVE-2018-0782
	RESERVED
CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0779
	RESERVED
CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0771 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0765 (A denial of service vulnerability exists when .NET and .NET Core impro ...)
	NOT-FOR-US: .dotnet CoreFX
	NOTE: https://github.com/dotnet/announcements/issues/67
	NOTE: https://github.com/dotnet/corefx/issues/29578
CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0763 (Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows informatio ...)
	NOT-FOR-US: Microsoft
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0761 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0760 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0759
	RESERVED
CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0757 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0756 (The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2018-0755 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10 version 1709 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ver ...)
	NOT-FOR-US: Microsoft
CVE-2018-0742 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated admi ...)
	- webmin <removed>
CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser k ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 does not pr ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not properly restr ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not require t ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to ...)
	{DSA-4349-1 DLA-2009-1}
	- tiff 4.0.9-5 (unimportant; bug #883320)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
	NOTE: Crash in CLI tool not treated as a security issue
	NOTE: https://gitlab.com/libtiff/libtiff/commit/9171da596c88e6a2dadcab4a3a89dddd6e1b4655
CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected b ...)
	NOT-FOR-US: SyncBreeze
CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...)
	{DLA-1871-1}
	- vim 2:8.0.1401-1
	[stretch] - vim <no-dsa> (Minor issue)
	[wheezy] - vim <no-dsa> (Minor issue)
	NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263)
CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "&lt;/script&gt;" substring in  ...)
	NOT-FOR-US: Indeo Otter
CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissec ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html
CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissect ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html
CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html
CVE-2017-17082
	REJECTED
CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 do ...)
	{DSA-4099-1}
	- ffmpeg 7:3.4.1-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as dis ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22421
CVE-2018-0740
	REJECTED
CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be fo ...)
	{DSA-4158-1 DSA-4157-1 DLA-1330-1}
	- openssl 1.1.0h-1
	- openssl1.0 1.0.2o-1
	- libtomcrypt 1.18.2-1 (low)
	[stretch] - libtomcrypt <no-dsa> (Minor issue)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://www.openssl.org/news/secadv/20180327.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d
	NOTE: https://github.com/libtom/libtomcrypt/pull/373
CVE-2018-0738
	REJECTED
CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be vulnerab ...)
	{DSA-4355-1 DSA-4348-1 DLA-1449-1}
	- openssl 1.1.0h-3 (low; bug #895844)
	[wheezy] - openssl <postponed> (Can wait for next update)
	- openssl1.0 1.0.2q-1 (low; bug #895845)
	NOTE: https://www.openssl.org/news/secadv/20180416.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
	NOTE: https://eprint.iacr.org/2018/367
CVE-2018-0736
	REJECTED
CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable  ...)
	{DSA-4348-1 DLA-1586-1}
	- openssl 1.1.1a-1
	- openssl1.0 <not-affected> (Vulnerable code never present in 1.0.2 series)
	NOTE: https://www.openssl.org/news/secadv/20181029.txt
	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1
CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...)
	{DSA-4355-1 DSA-4348-1}
	- openssl 1.1.1a-1
	[jessie] - openssl <postponed> (vulnerable code not present, but see note below)
	- openssl1.0 1.0.2q-1
	NOTE: https://www.openssl.org/news/secadv/20181030.txt
	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac
	NOTE: Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which
	NOTE: futher reduces the amount of leaked timing information. It got no CVE on its own and
	NOTE: introduced this vulnerability. In order to not forget this issue and probably get more
	NOTE: information about it later, it is marked as <postponed> instead of <not-affected>
	NOTE: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600
CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...)
	- openssl 1.1.0h-1 (unimportant)
	[stretch] - openssl 1.1.0f-3+deb9u2
	[jessie] - openssl <not-affected> (vulnerable code not present)
	[wheezy] - openssl <not-affected> (vulnerable code not present)
	- openssl1.0 <not-affected> (Only affects OpenSSL 1.1.0)
	NOTE: Issue specific to HP-UX
	NOTE: https://www.openssl.org/news/secadv/20180327.txt
CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ciphersuit ...)
	{DSA-4355-1 DSA-4348-1 DLA-1449-1}
	- openssl 1.1.1-1 (low)
	- openssl1.0 1.0.2q-1 (low)
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098
	NOTE: https://www.openssl.org/news/secadv/20180612.txt
CVE-2018-0731
	REJECTED
CVE-2017-17079
	REJECTED
CVE-2017-17078
	REJECTED
CVE-2017-17077
	REJECTED
CVE-2017-17076
	REJECTED
CVE-2017-17075
	REJECTED
CVE-2017-17074
	REJECTED
CVE-2017-17073
	REJECTED
CVE-2017-17072
	REJECTED
CVE-2017-17071
	REJECTED
CVE-2017-17070
	REJECTED
CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 al ...)
	NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows
CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...)
	NOT-FOR-US: Auth0 auth0.js library
CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6 ...)
	NOT-FOR-US: Splunk Web
CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of th ...)
	- i2pd <not-affected> (Fixed before/with the initial upload to Debian)
	NOTE: Issue fixed with 2.17.0 upstream
CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB0 ...)
	NOT-FOR-US: D-Link
CVE-2017-17064
	RESERVED
CVE-2017-17063
	RESERVED
CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...)
	NOT-FOR-US: Open-Xchange
CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross  ...)
	NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecu ...)
	NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb post ...)
	NOT-FOR-US: WordPress plugin wp-thumb-post
CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to differe ...)
	{DSA-4057-1 DLA-1207-1}
	- erlang 1:20.1.7+dfsg-1
	NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM
	NOTE: https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7)
	NOTE: https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4)
	NOTE: https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7)
	NOTE: https://robotattack.org/
CVE-2017-17058 (** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a  ...)
	NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The  ...)
	NOT-FOR-US: ZKTeco ZKTime Web Software
CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevat ...)
	NOT-FOR-US: ZKTeco ZKTime Web Software
CVE-2017-17055 (Artica Web Proxy before 3.06.112911 allows remote attackers to execute ...)
	NOT-FOR-US: Artica Web Proxy
CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function new_aubi ...)
	- aubio 0.4.6-1 (bug #883355)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <not-affected> (Vulnerability introduced in 0.4.3)
	[wheezy] - aubio <not-affected> (Vulnerability introduced in 0.4.3)
	NOTE: https://github.com/aubio/aubio/issues/148
CVE-2017-17050 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17049 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17048
	RESERVED
CVE-2017-17047
	RESERVED
CVE-2017-17043 (The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflecte ...)
	NOT-FOR-US: Emag Marketplace Connector for WordPress
CVE-2017-17053 (The init_new_context function in arch/x86/include/asm/mmu_context.h in ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc
CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before 4.12. ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a
CVE-2018-0730 (This command injection vulnerability in File Station allows attackers  ...)
	NOT-FOR-US: QNAP
CVE-2018-0729 (This command injection vulnerability in Music Station allows attackers ...)
	NOT-FOR-US: QNAP
CVE-2018-0728 (This improper access control vulnerability in Helpdesk allows attacker ...)
	NOT-FOR-US: QNAP
CVE-2018-0727
	RESERVED
CVE-2018-0726
	RESERVED
CVE-2018-0725
	RESERVED
CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
	NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
	NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2 and earl ...)
	NOT-FOR-US: QNAP
CVE-2018-0721 (Buffer Overflow vulnerability in NAS devices. QTS allows attackers to  ...)
	NOT-FOR-US: QNAP QTS
CVE-2018-0720
	RESERVED
CVE-2018-0719 (Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP System ...)
	NOT-FOR-US: QNAP QTS
CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlier ver ...)
	NOT-FOR-US: Music Station
CVE-2018-0717
	RESERVED
CVE-2018-0716 (Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4. ...)
	NOT-FOR-US: QNAP
CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station versions 5.7. ...)
	NOT-FOR-US: QNAP Photo Station
CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and earlie ...)
	NOT-FOR-US: Helpdesk
CVE-2018-0713
	RESERVED
CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...)
	NOT-FOR-US: QNAP
CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180 ...)
	NOT-FOR-US: QNAP
CVE-2018-0710 (Command injection vulnerability in SSH of QNAP Q'center Virtual Applia ...)
	NOT-FOR-US: QNAP
CVE-2018-0709 (Command injection vulnerability in date of QNAP Q'center Virtual Appli ...)
	NOT-FOR-US: QNAP
CVE-2018-0708 (Command injection vulnerability in networking of QNAP Q'center Virtual ...)
	NOT-FOR-US: QNAP
CVE-2018-0707 (Command injection vulnerability in change password of QNAP Q'center Vi ...)
	NOT-FOR-US: QNAP
CVE-2018-0706 (Exposure of Private Information in QNAP Q'center Virtual Appliance ver ...)
	NOT-FOR-US: QNAP
CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...)
	- yard 0.9.12-1
	[stretch] - yard <no-dsa> (Minor issue)
	[jessie] - yard <no-dsa> (Minor issue)
	[wheezy] - yard <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4 (0.9.11)
CVE-2017-17041
	RESERVED
CVE-2017-17040
	RESERVED
CVE-2017-17039
	RESERVED
CVE-2017-17038
	RESERVED
CVE-2017-17037
	RESERVED
CVE-2017-17036
	RESERVED
CVE-2017-17035
	RESERVED
CVE-2017-17034
	RESERVED
CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP QTS versi ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP QTS versi ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP QTS versi ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS version  ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS version  ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17028 (A buffer overflow vulnerability in external device function in QNAP QT ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2 ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS use ...)
	{DSA-4050-1 DLA-1559-1 DLA-1230-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-247.html
CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS use ...)
	{DSA-4050-1 DLA-1559-1 DLA-1230-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-246.html
CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform allow ...)
	{DSA-4050-1 DLA-1549-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: https://xenbits.xen.org/xsa/advisory-245.html
CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allow ...)
	NOT-FOR-US: Cybozu
CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...)
	NOT-FOR-US: Cybozu
CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...)
	NOT-FOR-US: Cybozu
CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 al ...)
	NOT-FOR-US: Cybozu
CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31 ...)
	NOT-FOR-US: BlueStacks App Player
CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request prope ...)
	NOT-FOR-US: YukiWiki
CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allow ...)
	NOT-FOR-US: YukiWiki
CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows  ...)
	NOT-FOR-US: GROWI
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and earl ...)
	NOT-FOR-US: Metabase
CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly manage s ...)
	NOT-FOR-US: OpenAM (different from src:openam)
CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...)
	NOT-FOR-US: User-friendly SVN
CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: FileZen
CVE-2018-0693 (Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows r ...)
	NOT-FOR-US: FileZen
CVE-2018-0692 (Untrusted search path vulnerability in Baidu Browser Version 43.23.100 ...)
	NOT-FOR-US: Baidu
CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior to ver ...)
	NOT-FOR-US: Softbank +Message App for Android
CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ve ...)
	NOT-FOR-US: Music Center for PC
CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and scanne ...)
	NOT-FOR-US: SEIKO
CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-5 ...)
	NOT-FOR-US: SEIKO
CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun  ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0685 (SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and e ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0684 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0683 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0682 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0681 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network device ...)
	NOT-FOR-US: FXC
CVE-2018-0678 (Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows ...)
	NOT-FOR-US: BN-SDWBP3
CVE-2018-0677 (BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with admi ...)
	NOT-FOR-US: BN-SDWBP3
CVE-2018-0676 (BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the ...)
	NOT-FOR-US: BN-SDWBP3
CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script executi ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script executi ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to V ...)
	- movabletype-opensource <removed>
CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers t ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK Express  ...)
	NOT-FOR-US: INplc
CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...)
	NOT-FOR-US: Yamaha
CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...)
	NOT-FOR-US: Yamaha
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...)
	NOT-FOR-US: NoMachine App for Android
CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...)
	NOT-FOR-US: I-O DATA network camera products
CVE-2018-0662 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...)
	NOT-FOR-US: I-O DATA network camera products
CVE-2018-0661 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...)
	NOT-FOR-US: I-O DATA network camera products
CVE-2018-0660 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0659 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0658 (Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0657 (Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-P ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital Paper  ...)
	NOT-FOR-US: Digital Paper App
CVE-2018-0655 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0654 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA product ...)
	NOT-FOR-US: YOKOGAWA
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 do ...)
	NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple Cano ...)
	NOT-FOR-US: CANON
CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork Desktop A ...)
	NOT-FOR-US: installer of ChatWork Desktop App for Windows
CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware  ...)
	NOT-FOR-US: WL-330NUL Firmware
CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows  ...)
	NOT-FOR-US: Explzh
CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via uns ...)
	NOT-FOR-US: MTAppjQuery
CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage ...)
	NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-serv ...)
	NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...)
	NOT-FOR-US: FV Flowplayer Video Player
CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker  ...)
	NOT-FOR-US: Aterm
CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker  ...)
	NOT-FOR-US: Aterm
CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...)
	NOT-FOR-US: Aterm
CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...)
	NOT-FOR-US: Aterm
CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...)
	NOT-FOR-US: Aterm
CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...)
	NOT-FOR-US: Aterm
CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...)
	NOT-FOR-US: Aterm
CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...)
	NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...)
	NOT-FOR-US: Yayoi
CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...)
	NOT-FOR-US: DHC Online Shop App for Android
CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOF ...)
	NOT-FOR-US: LOGICOOL
CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...)
	NOT-FOR-US: LOGICOOL
CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft Glar ...)
	NOT-FOR-US: Glarysoft
CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allow ...)
	{DSA-4246-1 DLA-1442-1}
	- mailman 1:2.1.27-1
	NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
	NOTE: https://launchpad.net/mailman/+milestone/2.1.27
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1747
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1754
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785
CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.22 ...)
	NOT-FOR-US: ChamaNet MemoCGI
CVE-2018-0616
	RESERVED
CVE-2018-0615
	RESERVED
CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CS ...)
	NOT-FOR-US: NEC
CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 an ...)
	NOT-FOR-US: NEC
CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter v1.0 ...)
	NOT-FOR-US: 5000 trillion yen converter
CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 c ...)
	NOT-FOR-US: ANA App
CVE-2018-0610 (Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allo ...)
	NOT-FOR-US: Zenphoto
CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions befor ...)
	NOT-FOR-US: LINE
CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote attacke ...)
	- h2o 2.2.5+dfsg1-1
	NOTE: https://github.com/h2o/h2o/issues/1775
CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the Cy ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...)
	NOT-FOR-US: Pixelpost
CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier all ...)
	NOT-FOR-US: Pixelpost
CVE-2018-0604 (Pixelpost v1.7.3 and earlier allows remote code execution via unspecif ...)
	NOT-FOR-US: Pixelpost
CVE-2018-0603 (Cross-site scripting vulnerability in Site Reviews versions prior to 2 ...)
	NOT-FOR-US: Site Reviews
CVE-2018-0602 (Cross-site scripting vulnerability in Email Subscribers &amp; Newslett ...)
	NOT-FOR-US: Email Subscribers & Newsletters
CVE-2018-0601 (Untrusted search path vulnerability in axpdfium v0.01 allows an attack ...)
	NOT-FOR-US: axpdfium
CVE-2018-0600 (Untrusted search path vulnerability in the installer of PlayMemories H ...)
	NOT-FOR-US: PlayMemories
CVE-2018-0599 (Untrusted search path vulnerability in the installer of Visual C++ Red ...)
	NOT-FOR-US: Visual C++
CVE-2018-0598 (Untrusted search path vulnerability in Self-extracting archive files c ...)
	NOT-FOR-US: IExpress
CVE-2018-0597 (Untrusted search path vulnerability in the installer of Visual Studio  ...)
	NOT-FOR-US: Visual Studio
CVE-2018-0596 (Untrusted search path vulnerability in the installer of Visual Studio  ...)
	NOT-FOR-US: Visual Studio
CVE-2018-0595 (Untrusted search path vulnerability in the installer of Skype for Wind ...)
	NOT-FOR-US: Skype
CVE-2018-0594 (Untrusted search path vulnerability in Skype for Windows allows an att ...)
	NOT-FOR-US: Skype
CVE-2018-0593 (Untrusted search path vulnerability in the installer of Microsoft OneD ...)
	NOT-FOR-US: OneDrive
CVE-2018-0592 (Untrusted search path vulnerability in Microsoft OneDrive allows an at ...)
	NOT-FOR-US: OneDrive
CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3. ...)
	NOT-FOR-US: KINEPASS
CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of Ultimate Mem ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member plugin prior ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of Ultima ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to  ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0584 (IIJ SmartKey App for Android version 2.1.0 and earlier allows remote a ...)
	NOT-FOR-US: IIJ SmartKey
CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware versio ...)
	NOT-FOR-US: ASUS
CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version p ...)
	NOT-FOR-US: ASUS
CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version p ...)
	NOT-FOR-US: ASUS
CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series  ...)
	NOT-FOR-US: CELSYS
CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, Google+ ...)
	NOT-FOR-US: WordPress plugin wonderm00ns-simple-facebook-open-graph-tags
CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin prior to ve ...)
	NOT-FOR-US: WordPress plugin pixelyoursite
CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior to ve ...)
	NOT-FOR-US: WordPress plugin wp-google-map-plugin
CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to v ...)
	NOT-FOR-US: WordPress plugin events-manager
CVE-2018-0575 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0574 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0573 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0572 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0571 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0570 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0569 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ve ...)
	NOT-FOR-US: Joruri Gw
CVE-2018-0567 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0566 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0565 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 a ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0. ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0563 (Untrusted search path vulnerability in the installer of FLET'S VIRUS C ...)
	NOT-FOR-US: FLET
CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free v ...)
	NOT-FOR-US: Installer of SoundEngine Free
CVE-2018-0561 (Untrusted search path vulnerability in The installer of PhishWall Clie ...)
	NOT-FOR-US: Installer of PhishWall Client Internet Explorer
CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attacker ...)
	NOT-FOR-US: Hatena Bookmark App for iOS
CVE-2018-0559 (Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 a ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2018-0558 (Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0  ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2018-0557 (Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to  ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execut ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does not ve ...)
	NOT-FOR-US: iRemoconWiFi App for Android
CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall Clie ...)
	NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows)
CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0545 (LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: LXR
CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier (Inst ...)
	NOT-FOR-US: WinShot
CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier (Instal ...)
	NOT-FOR-US: Jtrim installer
CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an  ...)
	NOT-FOR-US: WebProxy (some software released by LunarLight)
CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to caus ...)
	NOT-FOR-US: Tiny FTP Daemon
CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows a ...)
	NOT-FOR-US: ViX
CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary comma ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...)
	NOT-FOR-US: PHP 2chBBS
CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an at ...)
	NOT-FOR-US: ArsenoL
CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0529 (Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0528 (Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0527 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 a ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0526 (Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an im ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows  ...)
	- jubatus <itp> (bug #704100)
CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...)
	- jubatus <itp> (bug #704100)
CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker  ...)
	NOT-FOR-US: Buffalo
CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier  ...)
	NOT-FOR-US: Buffalo
CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker  ...)
	NOT-FOR-US: Buffalo
CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS0 ...)
	NOT-FOR-US: FS010W firmware
CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...)
	NOT-FOR-US: FS010W firmware
CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...)
	NOT-FOR-US: LINE for iOS
CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
	NOT-FOR-US: Anshin net security for Windows
CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address selectio ...)
	NOT-FOR-US: FLET'S v4 / v6 address selection tool
CVE-2018-0515 (Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" ve ...)
	NOT-FOR-US: FLET'S Azukeru Backup Tool
CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remot ...)
	NOT-FOR-US: MP Form Mail CGI eCommerce Edition
CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...)
	NOT-FOR-US: MTS Simple Booking
CVE-2018-0512 (Devices with IP address setting tool "MagicalFinder" provided by I-O D ...)
	NOT-FOR-US: IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC.
CVE-2018-0511 (Cross-site scripting vulnerability in WP Retina 2x prior to version 5. ...)
	NOT-FOR-US: WP Retina
CVE-2018-0510 (Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlie ...)
	NOT-FOR-US: kkcal
CVE-2018-0509 (Cross-site request forgery (CSRF) vulnerability in epg search result v ...)
	NOT-FOR-US: kkcal
CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer (kkcald ...)
	NOT-FOR-US: kkcal
CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...)
	NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Nootka
CVE-2018-0505 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...)
	{DSA-4301-1}
	- mediawiki 1:1.31.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T194605
CVE-2018-0504 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an in ...)
	{DSA-4301-1}
	- mediawiki 1:1.31.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T187638
CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...)
	{DSA-4301-1}
	- mediawiki 1:1.31.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T169545
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...)
	- zsh 5.6-1 (bug #908000)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/mla/zsh-announce/136
	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ...)
	- apt 1.6.4
	[stretch] - apt <not-affected> (Vulnerable code introduced in 1.6~alpha6)
	[jessie] - apt <not-affected> (Vulnerable code introduced in 1.6~alpha6)
	NOTE: https://mirror.fail/
CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including cur ...)
	- curl 7.61.0-1 (bug #903546)
	[stretch] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
	[jessie] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
	NOTE: https://curl.haxx.se/docs/adv_2018-70a2.html
CVE-2018-0499 (A cross-site scripting vulnerability in queryparser/termgenerator_inte ...)
	- xapian-core 1.4.6-1 (bug #902886)
	[stretch] - xapian-core 1.4.3-2+deb9u1
	[jessie] - xapian-core <not-affected> (vulnerable code not present)
	NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows loc ...)
	{DSA-4296-1 DLA-1518-1}
	- mbedtls 2.12.0-1 (bug #904821)
	- polarssl <removed>
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows rem ...)
	{DSA-4296-1 DLA-1518-1}
	- mbedtls 2.12.0-1 (bug #904821)
	- polarssl <removed>
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DFArc2  ...)
	{DLA-1686-1}
	- freedink-dfarc 3.14-1
	[stretch] - freedink-dfarc 3.12-1+deb9u1
	NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
	NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s ...)
	{DSA-4231-1 DLA-1405-1}
	- libgcrypt20 1.8.3-1
	NOTE: https://dev.gnupg.org/T4011
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...)
	{DSA-4195-1 DLA-1375-1}
	- wget 1.19.5-1 (bug #898076)
	NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
	NOTE: https://savannah.gnu.org/bugs/?53763
	NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
	NOTE: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
CVE-2018-0493 (remctld in remctl before 3.14, when an attacker is authorized to execu ...)
	{DSA-4159-1}
	- remctl 3.14-1
	[jessie] - remctl <not-affected> (Affected code introduced in 3.12)
	[wheezy] - remctl <not-affected> (Affected code introduced in 3.12)
	NOTE: https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html
	NOTE: https://git.eyrie.org/?p=kerberos/remctl.git;a=commitdiff;h=e2b34e086f199b39f8ea36dd621684003835d172
CVE-2018-0492 (Johnathan Nightingale beep through 1.3.4, if setuid, has a race condit ...)
	{DSA-4163-1 DLA-1338-1}
	- beep 1.3-5 (bug #894667)
	NOTE: https://github.com/johnath/beep/issues/11
CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10.  ...)
	- tor 0.3.2.10-1
	[stretch] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	[jessie] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	[wheezy] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	NOTE: https://trac.torproject.org/projects/tor/ticket/25117
	NOTE: https://trac.torproject.org/projects/tor/ticket/24700
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=adaf3e9b89f62d68ab631b8f672d9bff996689b9
CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.1 ...)
	{DSA-4183-1}
	- tor 0.3.2.10-1
	[jessie] - tor <not-affected> (Vulnerable code introduced after tor-0.2.9.4-alpha)
	[wheezy] - tor <not-affected> (Vulnerable code introduced after tor-0.2.9.4-alpha)
	NOTE: https://trac.torproject.org/projects/tor/ticket/25074
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=65f2eec694f18a64291cc85317b9f22dacc1d8e4
CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Pr ...)
	{DSA-4126-1 DLA-1296-1}
	- xmltooling 1.6.4-1
	NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the  ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2 (bug #890287)
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
	NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
	NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows rem ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2 (bug #890288)
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
	NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Pr ...)
	{DSA-4085-1 DLA-1242-1}
	- xmltooling 1.6.3-1
	[stretch] - xmltooling 1.6.0-4+deb9u1
	NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
	NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already
	NOTE: disallow DTD use.
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-127
	NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=a02314e96d6746d29c5697b504d37f2e04a6e6cd
CVE-2017-17026
	RESERVED
CVE-2017-17025
	RESERVED
CVE-2017-17024
	RESERVED
CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...)
	NOT-FOR-US: Sophos IPSec Client and NCP "Secure Entry Client"
CVE-2017-17022
	RESERVED
CVE-2017-17021
	RESERVED
CVE-2017-17020 (On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 ...)
	NOT-FOR-US: D-Link
CVE-2017-17019
	RESERVED
CVE-2017-17018
	RESERVED
CVE-2017-17017
	RESERVED
CVE-2017-17016
	RESERVED
CVE-2017-17015
	RESERVED
CVE-2017-17014
	RESERVED
CVE-2017-17013
	RESERVED
CVE-2017-17012
	RESERVED
CVE-2017-17011
	RESERVED
CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for P ...)
	NOT-FOR-US: Content Manager Assistant for PlayStation
CVE-2017-17009
	REJECTED
CVE-2017-17008
	REJECTED
CVE-2017-17007
	REJECTED
CVE-2017-17006
	REJECTED
CVE-2017-17005
	REJECTED
CVE-2017-17004
	REJECTED
CVE-2017-17003
	REJECTED
CVE-2017-17002
	REJECTED
CVE-2017-17001
	REJECTED
CVE-2017-17000
	REJECTED
CVE-2017-16999
	REJECTED
CVE-2017-16998
	REJECTED
CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...)
	- glibc 2.25-6 (bug #884615)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625
	NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local  ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which al ...)
	NOT-FOR-US: Pebble
CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exist ...)
	NOT-FOR-US: Hitachi Vantara Pentaho BA Platform
CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution in the Ja ...)
	NOT-FOR-US: typed-function
CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties such as a  ...)
	NOT-FOR-US: math.js
CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the JavaScrip ...)
	NOT-FOR-US: math.js
CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
	NOT-FOR-US: GitPHP
CVE-2017-1000207 (A vulnerability in Swagger-Parser's version &lt;= 1.0.30 and Swagger c ...)
	NOT-FOR-US: Swagger-Parser
CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...)
	{DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1}
	- atril 1.20.0-1 (low)
	[stretch] - atril <no-dsa> (Minor issue)
	- evince 3.25.92-1 (low)
	[stretch] - evince <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
	NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1)
	NOTE: Fixed by: https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e (3.25.91)
CVE-2018-0485 (A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation I ...)
	NOT-FOR-US: Cisco
CVE-2018-0484 (A vulnerability in the access control logic of the Secure Shell (SSH)  ...)
	NOT-FOR-US: Cisco
CVE-2018-0483 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2018-0482 (A vulnerability in the web-based management interface of Cisco Prime N ...)
	NOT-FOR-US: Cisco
CVE-2018-0481 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0480 (A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Sof ...)
	NOT-FOR-US: Cisco
CVE-2018-0479
	RESERVED
CVE-2018-0478
	RESERVED
CVE-2018-0477 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0476 (A vulnerability in the Network Address Translation (NAT) Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2018-0475 (A vulnerability in the implementation of the cluster feature of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0474 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0473 (A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0472 (A vulnerability in the IPsec driver code of multiple Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0471 (A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0468 (A vulnerability in the configuration of a local database installed as  ...)
	NOT-FOR-US: Cisco
CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE So ...)
	NOT-FOR-US: Cisco
CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) imp ...)
	NOT-FOR-US: Cisco
CVE-2018-0465 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2018-0464 (A vulnerability in Cisco Data Center Network Manager software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0463 (A vulnerability in the Cisco Network Plug and Play server component of ...)
	NOT-FOR-US: Cisco
CVE-2018-0462 (A vulnerability in the user management functionality of Cisco Enterpri ...)
	NOT-FOR-US: Cisco
CVE-2018-0461 (A vulnerability in the Cisco IP Phone 8800 Series Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0460 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2018-0459 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
	NOT-FOR-US: Cisco
CVE-2018-0458 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording Format ( ...)
	NOT-FOR-US: Cisco
CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) and Vers ...)
	NOT-FOR-US: Cisco
CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco Cloud S ...)
	NOT-FOR-US: Cisco
CVE-2018-0453 (A vulnerability in the Sourcefire tunnel control channel protocol in C ...)
	NOT-FOR-US: Cisco
CVE-2018-0452 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
	NOT-FOR-US: Cisco
CVE-2018-0451 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
	NOT-FOR-US: Cisco
CVE-2018-0450 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0449 (A vulnerability in the Cisco Jabber Client Framework (JCF) software, i ...)
	NOT-FOR-US: Cisco
CVE-2018-0448 (A vulnerability in the identity management service of Cisco Digital Ne ...)
	NOT-FOR-US: Cisco
CVE-2018-0447 (A vulnerability in the anti-spam protection mechanisms of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2018-0446 (A vulnerability in the web-based management interface of Cisco Industr ...)
	NOT-FOR-US: Cisco
CVE-2018-0445 (A vulnerability in the web-based management interface of Cisco Package ...)
	NOT-FOR-US: Cisco
CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco Package ...)
	NOT-FOR-US: Cisco
CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center Network Mana ...)
	NOT-FOR-US: Cisco
CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco Meeting ...)
	NOT-FOR-US: Cisco
CVE-2018-0438 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC)  ...)
	NOT-FOR-US: Cisco
CVE-2018-0437 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC)  ...)
	NOT-FOR-US: Cisco
CVE-2018-0436 (A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allo ...)
	NOT-FOR-US: Cisco
CVE-2018-0435 (A vulnerability in the Cisco Umbrella API could allow an authenticated ...)
	NOT-FOR-US: Cisco
CVE-2018-0434 (A vulnerability in the Zero Touch Provisioning feature of the Cisco SD ...)
	NOT-FOR-US: Cisco
CVE-2018-0433 (A vulnerability in the command-line interface (CLI) in the Cisco SD-WA ...)
	NOT-FOR-US: Cisco
CVE-2018-0432 (A vulnerability in the error reporting feature of the Cisco SD-WAN Sol ...)
	NOT-FOR-US: Cisco
CVE-2018-0431 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2018-0430 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before commit 18 ...)
	NOT-FOR-US: Cisco
CVE-2018-0428 (A vulnerability in the account management subsystem of Cisco Web Secur ...)
	NOT-FOR-US: Cisco
CVE-2018-0427 (A vulnerability in the CronJob scheduler API of Cisco Digital Network  ...)
	NOT-FOR-US: Cisco
CVE-2018-0426 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0425 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0424 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0423 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0422 (A vulnerability in the folder permissions of Cisco Webex Meetings clie ...)
	NOT-FOR-US: Cisco
CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime Access Reg ...)
	NOT-FOR-US: Cisco
CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of Cisco Em ...)
	NOT-FOR-US: Cisco
CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) feature  ...)
	NOT-FOR-US: Cisco
CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication Pro ...)
	NOT-FOR-US: Cisco
CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access Control Ser ...)
	NOT-FOR-US: Cisco
CVE-2018-0413 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0412 (A vulnerability in the implementation of Extensible Authentication Pro ...)
	NOT-FOR-US: Cisco
CVE-2018-0411 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0410 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0409 (A vulnerability in the XCP Router service of the Cisco Unified Communi ...)
	NOT-FOR-US: Cisco
CVE-2018-0408 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2018-0407 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2018-0406 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-0405 (A vulnerability in the web framework code for Cisco RV180W Wireless-N  ...)
	NOT-FOR-US: Cisco
CVE-2018-0404 (A vulnerability in the web framework code for Cisco RV180W Wireless-N  ...)
	NOT-FOR-US: Cisco
CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software inst ...)
	NOT-FOR-US: Cisco
CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...)
	NOT-FOR-US: Cisco
CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services Pla ...)
	NOT-FOR-US: Cisco
CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder int ...)
	NOT-FOR-US: Cisco
CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an authen ...)
	NOT-FOR-US: Cisco
CVE-2018-0391 (A vulnerability in the password change function of Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2018-0389 (A vulnerability in the implementation of Session Initiation Protocol ( ...)
	NOT-FOR-US: Cisco
CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could all ...)
	NOT-FOR-US: Cisco
CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager Softwar ...)
	NOT-FOR-US: Cisco
CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket Lay ...)
	NOT-FOR-US: Cisco
CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0382 (A vulnerability in the session identification management functionality ...)
	NOT-FOR-US: Cisco
CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...)
	NOT-FOR-US: Cisco
CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...)
	NOT-FOR-US: Cisco
CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interfac ...)
	NOT-FOR-US: Cisco
CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite  ...)
	NOT-FOR-US: Cisco
CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite before 18 ...)
	NOT-FOR-US: Cisco
CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy Suite b ...)
	NOT-FOR-US: Cisco
CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys fo ...)
	NOT-FOR-US: Cisco
CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series F ...)
	NOT-FOR-US: Cisco
CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0369 (A vulnerability in the reassembly logic for fragmented IPv4 packets of ...)
	NOT-FOR-US: Cisco
CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0367 (A vulnerability in the web-based management interface of the Cisco Reg ...)
	NOT-FOR-US: Cisco
CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0363 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 Series ...)
	NOT-FOR-US: Cisco
CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...)
	{DLA-1461-1}
	- clamav 0.100.1+dfsg-1
	[stretch] - clamav 0.100.1+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant inf ...)
	{DLA-1461-1}
	- clamav 0.100.1+dfsg-1
	[stretch] - clamav 0.100.1+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
CVE-2018-0359 (A vulnerability in the session identification management functionality ...)
	NOT-FOR-US: Cisco
CVE-2018-0358 (A vulnerability in the file descriptor handling of Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2018-0355 (A vulnerability in the web UI of Cisco Unified Communications Manager  ...)
	NOT-FOR-US: Cisco
CVE-2018-0354 (A vulnerability in the web framework of Cisco Unity Connection could a ...)
	NOT-FOR-US: Cisco
CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Security  ...)
	NOT-FOR-US: Cisco
CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide  ...)
	NOT-FOR-US: Cisco
CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the Cisco SD-WA ...)
	NOT-FOR-US: Cisco (tcpdump utility in Cisco SD-WAN Solution, but CVE is Cisco specific assigned)
CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN ...)
	NOT-FOR-US: Cisco
CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
	NOT-FOR-US: Cisco
CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the  ...)
	NOT-FOR-US: Cisco
CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the Cisco SD ...)
	NOT-FOR-US: Cisco
CVE-2018-0345 (A vulnerability in the configuration and management database of the Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration and man ...)
	NOT-FOR-US: Cisco
CVE-2018-0343 (A vulnerability in the configuration and management service of the Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0342 (A vulnerability in the configuration and monitoring service of the Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and  ...)
	NOT-FOR-US: Cisco
CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0337 (A vulnerability in the role-based access-checking mechanisms of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco Prime Colla ...)
	NOT-FOR-US: Cisco
CVE-2018-0335 (A vulnerability in the web portal authentication process of Cisco Prim ...)
	NOT-FOR-US: Cisco
CVE-2018-0334 (A vulnerability in the certificate management subsystem of Cisco AnyCo ...)
	NOT-FOR-US: Cisco
CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP) ingress packe ...)
	NOT-FOR-US: Cisco
CVE-2018-0331 (A vulnerability in the Cisco Discovery Protocol (formerly known as CDP ...)
	NOT-FOR-US: Cisco
CVE-2018-0330 (A vulnerability in the NX-API management application programming inter ...)
	NOT-FOR-US: Cisco
CVE-2018-0329 (A vulnerability in the default configuration of the Simple Network Man ...)
	NOT-FOR-US: Cisco
CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco
CVE-2018-0326 (A vulnerability in the web UI of Cisco TelePresence Server Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0325 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...)
	NOT-FOR-US: Cisco
CVE-2018-0324 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0323 (A vulnerability in the web management interface of Cisco Enterprise NF ...)
	NOT-FOR-US: Cisco
CVE-2018-0322 (A vulnerability in the web management interface of Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2018-0321 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could  ...)
	NOT-FOR-US: Cisco
CVE-2018-0320 (A vulnerability in the web framework code of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2018-0319 (A vulnerability in the password recovery function of Cisco Prime Colla ...)
	NOT-FOR-US: Cisco
CVE-2018-0318 (A vulnerability in the password reset function of Cisco Prime Collabor ...)
	NOT-FOR-US: Cisco
CVE-2018-0317 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...)
	NOT-FOR-US: Cisco
CVE-2018-0316 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...)
	NOT-FOR-US: Cisco
CVE-2018-0315 (A vulnerability in the authentication, authorization, and accounting ( ...)
	NOT-FOR-US: Cisco
CVE-2018-0314 (A vulnerability in the Cisco Fabric Services (CFS) component of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0313 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0312 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0311 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0310 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0309 (A vulnerability in the implementation of a specific CLI command and th ...)
	NOT-FOR-US: Cisco
CVE-2018-0308 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0307 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2018-0306 (A vulnerability in the CLI parser of Cisco NX-OS Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2018-0305 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0304 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0303 (A vulnerability in the Cisco Discovery Protocol component of Cisco FXO ...)
	NOT-FOR-US: Cisco
CVE-2018-0302 (A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS ...)
	NOT-FOR-US: Cisco
CVE-2018-0301 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0300 (A vulnerability in the process of uploading new application images to  ...)
	NOT-FOR-US: Cisco
CVE-2018-0299 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...)
	NOT-FOR-US: Cisco
CVE-2018-0298 (A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Inter ...)
	NOT-FOR-US: Cisco
CVE-2018-0297 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...)
	NOT-FOR-US: Cisco
CVE-2018-0296 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco
CVE-2018-0295 (A vulnerability in the Border Gateway Protocol (BGP) implementation of ...)
	NOT-FOR-US: Cisco
CVE-2018-0294 (A vulnerability in the write-erase feature of Cisco FXOS Software and  ...)
	NOT-FOR-US: Cisco
CVE-2018-0293 (A vulnerability in role-based access control (RBAC) for Cisco NX-OS So ...)
	NOT-FOR-US: Cisco
CVE-2018-0292 (A vulnerability in the Internet Group Management Protocol (IGMP) Snoop ...)
	NOT-FOR-US: Cisco
CVE-2018-0291 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2018-0290 (A vulnerability in the TCP stack of Cisco SocialMiner could allow an u ...)
	NOT-FOR-US: Cisco
CVE-2018-0289 (A vulnerability in the logs component of Cisco Identity Services Engin ...)
	NOT-FOR-US: Cisco
CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could all ...)
	NOT-FOR-US: Cisco
CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...)
	NOT-FOR-US: Cisco
CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software coul ...)
	NOT-FOR-US: Cisco
CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0284 (A vulnerability in the local status page functionality of the Cisco Me ...)
	NOT-FOR-US: Cisco
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE Softwar ...)
	NOT-FOR-US: Cisco
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream pr ...)
	NOT-FOR-US: Cisco
CVE-2018-0279 (A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Ente ...)
	NOT-FOR-US: Cisco
CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System So ...)
	NOT-FOR-US: Cisco
CVE-2018-0277 (A vulnerability in the Extensible Authentication Protocol-Transport La ...)
	NOT-FOR-US: Cisco
CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an unauthenticat ...)
	NOT-FOR-US: Cisco
CVE-2018-0275 (A vulnerability in the support tunnel feature of Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2018-0274 (A vulnerability in the CLI parser of Cisco Network Services Orchestrat ...)
	NOT-FOR-US: Cisco
CVE-2018-0273 (A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggrega ...)
	NOT-FOR-US: Cisco
CVE-2018-0272 (A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Fire ...)
	NOT-FOR-US: Cisco
CVE-2018-0271 (A vulnerability in the API gateway of the Cisco Digital Network Archit ...)
	NOT-FOR-US: Cisco
CVE-2018-0270 (A vulnerability in the web-based management interface of Cisco IoT Fie ...)
	NOT-FOR-US: Cisco
CVE-2018-0269 (A vulnerability in the web framework of the Cisco Digital Network Arch ...)
	NOT-FOR-US: Cisco
CVE-2018-0268 (A vulnerability in the container management subsystem of Cisco Digital ...)
	NOT-FOR-US: Cisco
CVE-2018-0267 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0265
	REJECTED
CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...)
	NOT-FOR-US: Cisco
CVE-2018-0263 (A vulnerability in Cisco Meeting Server (CMS) could allow an unauthent ...)
	NOT-FOR-US: Cisco
CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...)
	NOT-FOR-US: Cisco
CVE-2018-0261
	RESERVED
CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE Co ...)
	NOT-FOR-US: Cisco
CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting multi ...)
	NOT-FOR-US: Cisco
CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series C ...)
	NOT-FOR-US: Cisco
CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality o ...)
	NOT-FOR-US: Cisco
CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Industria ...)
	NOT-FOR-US: Cisco
CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access Con ...)
	NOT-FOR-US: Cisco
CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly functio ...)
	NOT-FOR-US: Cisco
CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of th ...)
	NOT-FOR-US: Cisco
CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect A ...)
	NOT-FOR-US: Cisco
CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...)
	NOT-FOR-US: Cisco
CVE-2018-0248 (A vulnerability in the administrative GUI configuration feature of Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0246
	REJECTED
CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...)
	NOT-FOR-US: Cisco
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0242 (A vulnerability in the WebVPN web-based management interface of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0241 (A vulnerability in the UDP broadcast forwarding function of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2018-0240 (Multiple vulnerabilities in the Application Layer Protocol Inspection  ...)
	NOT-FOR-US: Cisco
CVE-2018-0239 (A vulnerability in the egress packet processing functionality of the C ...)
	NOT-FOR-US: Cisco
CVE-2018-0238 (A vulnerability in the role-based resource checking functionality of t ...)
	NOT-FOR-US: Cisco
CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco Adva ...)
	NOT-FOR-US: Cisco
CVE-2018-0236
	REJECTED
CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling Prot ...)
	NOT-FOR-US: Cisco
CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly fu ...)
	NOT-FOR-US: Cisco
CVE-2018-0232
	RESERVED
CVE-2018-0231 (A vulnerability in the Transport Layer Security (TLS) library of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0230 (A vulnerability in the internal packet-processing functionality of Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0229 (A vulnerability in the implementation of Security Assertion Markup Lan ...)
	NOT-FOR-US: Cisco
CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cisco Ad ...)
	NOT-FOR-US: Cisco
CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Netw ...)
	NOT-FOR-US: Cisco
CVE-2018-0226 (A vulnerability in the assignment and management of default user accou ...)
	NOT-FOR-US: Cisco
CVE-2018-0225 (The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4 ...)
	NOT-FOR-US: Cisco
CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management interfac ...)
	NOT-FOR-US: Cisco
CVE-2018-0222 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0221 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2018-0220 (A vulnerability in the web-based management interface of Cisco Videosc ...)
	NOT-FOR-US: Cisco
CVE-2018-0219 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0218 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...)
	NOT-FOR-US: Cisco
CVE-2018-0217 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0216 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0215 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0214 (A vulnerability in certain CLI commands of Cisco Identity Services Eng ...)
	NOT-FOR-US: Cisco
CVE-2018-0213 (A vulnerability in the credential reset functionality for Cisco Identi ...)
	NOT-FOR-US: Cisco
CVE-2018-0212 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0211 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2018-0210 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0209 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2018-0208 (A vulnerability in the web-based management interface of the (cloud ba ...)
	NOT-FOR-US: Cisco
CVE-2018-0207 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...)
	NOT-FOR-US: Cisco
CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime Collab ...)
	NOT-FOR-US: Cisco
CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...)
	NOT-FOR-US: Cisco
CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allo ...)
	NOT-FOR-US: Cisco
CVE-2018-0202 (clamscan in ClamAV before 0.99.4 contains a vulnerability that could a ...)
	{DLA-1307-1}
	- clamav 0.100.0~beta+dfsg-2
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11973
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11980
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/87aaa10b29476958f5bf54b6119a133069f944fc
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/700ed96af56077cb1a9bff7b91d21db112f6465d
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/0df2fedf2805e574512c486b32a0fff4ed394560
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/495fce917445063d519f14b0009cee025f817bc3
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/99eadf7a9ad351210165312362d1f32b77c6f857
CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service Cata ...)
	NOT-FOR-US: Cisco
CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0197 (A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an a ...)
	NOT-FOR-US: Cisco
CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0192
	RESERVED
CVE-2018-0191
	REJECTED
CVE-2018-0190 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0189 (A vulnerability in the Forwarding Information Base (FIB) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0188 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0187 (A vulnerability in the Admin portal of Cisco Identity Services Engine  ...)
	NOT-FOR-US: Cisco
CVE-2018-0186 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0185 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0184 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco Policy S ...)
	NOT-FOR-US: Cisco
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...)
	NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...)
	NOT-FOR-US: Cisco
CVE-2018-0178
	REJECTED
CVE-2018-0177 (A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2018-0176 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0175 (Format String vulnerability in the Link Layer Discovery Protocol (LLDP ...)
	NOT-FOR-US: Cisco
CVE-2018-0174 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0173 (A vulnerability in the Cisco IOS Software and Cisco IOS XE Software fu ...)
	NOT-FOR-US: Cisco
CVE-2018-0172 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0171 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...)
	NOT-FOR-US: Cisco
CVE-2018-0170 (A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0169 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0168
	RESERVED
CVE-2018-0167 (Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery P ...)
	NOT-FOR-US: Cisco
CVE-2018-0166
	RESERVED
CVE-2018-0165 (A vulnerability in the Internet Group Management Protocol (IGMP) packe ...)
	NOT-FOR-US: Cisco
CVE-2018-0164 (A vulnerability in the Switch Integrated Security Features of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2018-0163 (A vulnerability in the 802.1x multiple-authentication (multi-auth) fea ...)
	NOT-FOR-US: Cisco
CVE-2018-0162
	RESERVED
CVE-2018-0161 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2018-0160 (A vulnerability in Simple Network Management Protocol (SNMP) subsystem ...)
	NOT-FOR-US: Cisco
CVE-2018-0159 (A vulnerability in the implementation of Internet Key Exchange Version ...)
	NOT-FOR-US: Cisco
CVE-2018-0158 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module  ...)
	NOT-FOR-US: Cisco
CVE-2018-0157 (A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0156 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...)
	NOT-FOR-US: Cisco
CVE-2018-0155 (A vulnerability in the Bidirectional Forwarding Detection (BFD) offloa ...)
	NOT-FOR-US: Cisco
CVE-2018-0154 (A vulnerability in the crypto engine of the Cisco Integrated Services  ...)
	NOT-FOR-US: Cisco
CVE-2018-0153
	REJECTED
CVE-2018-0152 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
	NOT-FOR-US: Cisco
CVE-2018-0149 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure Access Co ...)
	NOT-FOR-US: Cisco
CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework applicati ...)
	NOT-FOR-US: Cisco
CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Dat ...)
	NOT-FOR-US: Cisco
CVE-2018-0144 (A vulnerability in the web-based management interface of Cisco Prime D ...)
	NOT-FOR-US: Cisco
CVE-2018-0143
	REJECTED
CVE-2018-0142
	RESERVED
CVE-2018-0141 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security Applian ...)
	NOT-FOR-US: Cisco
CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) management con ...)
	NOT-FOR-US: Cisco
CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network c ...)
	NOT-FOR-US: Cisco
CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
	NOT-FOR-US: Cisco
CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...)
	NOT-FOR-US: Cisco
CVE-2018-0133
	RESERVED
CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0131 (A vulnerability in the implementation of RSA-encrypted nonces in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based service ...)
	NOT-FOR-US: Cisco
CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...)
	NOT-FOR-US: Cisco
CVE-2018-0126
	RESERVED
CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wirele ...)
	NOT-FOR-US: Cisco
CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager could a ...)
	NOT-FOR-US: Cisco
CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS a ...)
	NOT-FOR-US: Cisco
CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0121 (A vulnerability in the authentication functionality of the web-based s ...)
	NOT-FOR-US: Cisco
CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0119 (A vulnerability in certain authentication controls in the account serv ...)
	NOT-FOR-US: Cisco
CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the  ...)
	NOT-FOR-US: Cisco
CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...)
	NOT-FOR-US: Cisco
CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before 0.11 ...)
	NOT-FOR-US: Cisco node-jose
CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could all ...)
	NOT-FOR-US: Cisco
CVE-2018-0112 (A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Mee ...)
	NOT-FOR-US: Cisco
CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2018-0110 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2018-0109 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2018-0108 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2018-0107 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...)
	NOT-FOR-US: Cisco
CVE-2018-0106 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...)
	NOT-FOR-US: Cisco
CVE-2018-0105 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0104 (A vulnerability in Cisco WebEx Network Recording Player for Advanced R ...)
	NOT-FOR-US: Cisco
CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...)
	NOT-FOR-US: Cisco
CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow a ...)
	NOT-FOR-US: Cisco
CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure M ...)
	NOT-FOR-US: Cisco
CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network T ...)
	NOT-FOR-US: Cisco
CVE-2018-0098 (A vulnerability in the web-based management interface of Cisco WAP150  ...)
	NOT-FOR-US: Cisco
CVE-2018-0097 (A vulnerability in the web interface of Cisco Prime Infrastructure cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0096 (A vulnerability in the role-based access control (RBAC) functionality  ...)
	NOT-FOR-US: Cisco
CVE-2018-0095 (A vulnerability in the administrative shell of Cisco AsyncOS on Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0094 (A vulnerability in IPv6 ingress packet processing for Cisco UCS Centra ...)
	NOT-FOR-US: Cisco
CVE-2018-0093 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-0092 (A vulnerability in the network-operator user role implementation for C ...)
	NOT-FOR-US: Cisco
CVE-2018-0091 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0090 (A vulnerability in management interface access control list (ACL) conf ...)
	NOT-FOR-US: Cisco
CVE-2018-0089 (A vulnerability in the Policy and Charging Rules Function (PCRF) of th ...)
	NOT-FOR-US: Cisco
CVE-2018-0088 (A vulnerability in one of the diagnostic test CLI commands on Cisco In ...)
	NOT-FOR-US: Cisco
CVE-2018-0087 (A vulnerability in the FTP server of the Cisco Web Security Appliance  ...)
	NOT-FOR-US: Cisco
CVE-2018-0086 (A vulnerability in the application server of the Cisco Unified Custome ...)
	NOT-FOR-US: Cisco
CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel b ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.0)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
	NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1)
CVE-2017-16993
	REJECTED
CVE-2017-16992
	REJECTED
CVE-2017-16991
	REJECTED
CVE-2017-16990
	REJECTED
CVE-2017-16989
	REJECTED
CVE-2017-16988
	REJECTED
CVE-2017-16987
	REJECTED
CVE-2017-16986
	REJECTED
CVE-2017-16985
	REJECTED
CVE-2017-16984
	REJECTED
CVE-2017-16983
	REJECTED
CVE-2017-16982
	REJECTED
CVE-2017-16981
	REJECTED
CVE-2017-16980
	REJECTED
CVE-2017-16979
	REJECTED
CVE-2017-16978
	REJECTED
CVE-2017-16977
	REJECTED
CVE-2017-16976
	REJECTED
CVE-2017-16975
	REJECTED
CVE-2017-16974
	REJECTED
CVE-2017-16973
	REJECTED
CVE-2017-16972
	REJECTED
CVE-2017-16971
	REJECTED
CVE-2017-16970
	REJECTED
CVE-2017-16969
	REJECTED
CVE-2017-16968
	REJECTED
CVE-2017-16967
	REJECTED
CVE-2017-16966
	REJECTED
CVE-2017-16965
	REJECTED
CVE-2017-16964
	REJECTED
CVE-2017-16963
	RESERVED
CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate P ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in BigTree  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...)
	NOT-FOR-US: TP-Link
CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, a ...)
	NOT-FOR-US: TP-Link
CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...)
	NOT-FOR-US: TP-Link
CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...)
	NOT-FOR-US: TP-Link
CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a priva ...)
	NOT-FOR-US: b3log Symphony
CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 for Word ...)
	NOT-FOR-US: InLinks plugin for WordPress
CVE-2017-16954
	RESERVED
CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic A ...)
	NOT-FOR-US: ZTE
CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: K-Multimedia Player
CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Winamp
CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before 2 ...)
	- urbackup-server <itp> (bug #697325)
CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post P ...)
	NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for WordPress
CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-16947
	RESERVED
CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP  ...)
	NOT-FOR-US: MISP
CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows loc ...)
	NOT-FOR-US: standardrestorer binary in Arq
CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists  ...)
	- libsndfile 1.0.27-1
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/341
CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88  ...)
	{DSA-4053-1}
	- exim4 4.89-13 (bug #882671)
	[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	[wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2201
	NOTE: https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542
	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
	NOTE: 4.89-10 adds a workaround which disables the affected code by default
CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88  ...)
	{DSA-4053-1}
	- exim4 4.89-12 (bug #882648)
	[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	[wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2199
	NOTE: https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
	NOTE: https://twitter.com/philpennock/status/934270613811875840
	NOTE: 4.89-10 adds a workaround which disables the affected code by default
CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use of .ht ...)
	NOT-FOR-US: October CMS
CVE-2017-16940
	RESERVED
CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Lin ...)
	{DSA-4082-1 DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to c ...)
	{DSA-4058-1 DLA-1196-1}
	- optipng 0.7.6-1.1 (bug #878839)
	NOTE: https://sourceforge.net/p/optipng/bugs/69/
CVE-2017-16937
	RESERVED
CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...)
	NOT-FOR-US: Shenzhen Tenda
CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...)
	NOT-FOR-US: Ametys CMS
CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execut ...)
	NOT-FOR-US: DBL DBLTek devices
CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown ca ...)
	- icinga2 2.8.4-1 (low; bug #883247)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/5793
	NOTE: CVE is for the unsafe use of chown(1)
CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...)
	- cacti 0.8.8h+ds1-5 (bug #833420)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u6
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u9
	NOTE: https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697
	NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
	NOTE: Fix for the incomplete fix for CVE-2016-2313
CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...)
	{DLA-1194-1}
	[experimental] - libxml2 2.9.7+dfsg-1
	- libxml2 2.9.10+dfsg-2 (bug #882613)
	[buster] - libxml2 <ignored> (Minor issue; too intrusive to backport)
	[stretch] - libxml2 <ignored> (Minor issue; too intrusive to backport)
	[jessie] - libxml2 <ignored> (Minor issue; too intrusive to backport)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
	NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
	NOTE: Applying only 899a5d9f0ed13b8e32449a08a361e0de127dd961 does not completely
	NOTE: fix the issue, see https://bugs.debian.org/882613#12 for discussion.
CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity reference ...)
	{DLA-1194-1}
	- libxml2 2.9.4+dfsg1-3.1
	[stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
	[jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
	NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
	NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050
CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 al ...)
	NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
	NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local us ...)
	NOT-FOR-US: arq_updater binary in Arq
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the sessio ...)
	{DLA-1203-1}
	- xrdp 0.9.4-3 (bug #882463)
	[stretch] - xrdp 0.9.1-9+deb9u2
	[jessie] - xrdp <no-dsa> (Minor issue)
	NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958
	NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
	NOTE: Originally fixed with upstream patch in 0.9.4-2 but which caused regression
	NOTE: thus marking it only as fixed in the followup version, cf. #884702
CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted fi ...)
	- ohcount 3.1.0-1 (bug #882372)
	[stretch] - ohcount <no-dsa> (Minor issue)
	[jessie] - ohcount <no-dsa> (Minor issue)
	[wheezy] - ohcount <no-dsa> (Minor issue)
	NOTE: https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac (v3.1.0)
CVE-2017-16925
	RESERVED
CVE-2017-16924 (Remote Information Disclosure and Escalation of Privileges in ManageEn ...)
	NOT-FOR-US: ManageEngine Desktop Central
CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda A ...)
	NOT-FOR-US: Shenzhen Tenda
CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Strea ...)
	NOT-FOR-US: Wowza
CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and includin ...)
	{DSA-4066-1 DLA-1212-1}
	- otrs2 6.0.2-1 (bug #883774)
	NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/d12797bf1efa6722c2ba9af6d8238446c2903cd1
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/d433518d7bd8e9e079af67ef9ea7079cd2f59646
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/368bc37f137e6344f4db014ee2e03c38e2fc62d2
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/4043ebb2580cd8f87e7758e95bf0d77eea5c82ae
CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY val ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulne ...)
	NOT-FOR-US: MapOS
CVE-2017-16918
	RESERVED
CVE-2017-16917
	RESERVED
CVE-2017-16916
	RESERVED
CVE-2017-16915
	RESERVED
CVE-2017-16914 (The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a
CVE-2017-16913 (The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366
CVE-2017-16912 (The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux K ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43
CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4. ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...)
	- libraw 0.18.6-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
	NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...)
	- libraw 0.18.6-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
	NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during crea ...)
	- php-horde-kronolith 4.2.24-1 (bug #909738)
	[stretch] - php-horde-kronolith <no-dsa> (Minor issue)
	[jessie] - php-horde-kronolith <not-affected> (vulnerable code not present)
	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
	NOTE: https://bugs.horde.org/ticket/14857
	NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716
CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...)
	{DLA-1536-1 DLA-1535-1}
	- php-horde 5.2.18+debian0-1 (bug #909739)
	[stretch] - php-horde <no-dsa> (Minor issue)
	- php-horde-core 2.31.3+debian0-1 (bug #909800)
	[stretch] - php-horde-core <no-dsa> (Minor issue)
	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
	NOTE: https://bugs.horde.org/ticket/14857
	NOTE: php-horde: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230
	NOTE: php-horde-core: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a
CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a  ...)
	{DLA-1537-1}
	- php-horde-kronolith 4.2.24-1 (bug #909737)
	[stretch] - php-horde-kronolith <no-dsa> (Minor issue)
	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
	NOTE: https://bugs.horde.org/ticket/14857
	NOTE: https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d
CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use  ...)
	NOT-FOR-US: DuoLingo TinyCards application
CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows  ...)
	NOT-FOR-US: LvyeCMS
CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute arbi ...)
	NOT-FOR-US: LvyeCMS
CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long str ...)
	NOT-FOR-US: Vonage VDV-23 115 3.2.11-0.9.40 home router
CVE-2017-16901
	RESERVED
CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the ...)
	NOT-FOR-US: Hunesion i-oneNet
CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows remo ...)
	- fig2dev 1:3.2.6a-5 (bug #881143)
	[stretch] - fig2dev 1:3.2.6a-2+deb9u1
	- transfig <removed>
	[jessie] - transfig 1:3.2.5.e-4+deb8u1
	[wheezy] - transfig <no-dsa> (Minor issue)
CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ea ...)
	{DLA-1240-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/75
CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2  ...)
	NOT-FOR-US: Auth0 passport-wsfed-saml2 library
CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass compon ...)
	- tt-rss 17.4+git20180312+dfsg-1 (bug #882543)
	NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
	NOTE: https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815
CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
	NOT-FOR-US: Arq
CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
	NOT-FOR-US: Laravel framework
CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
	- piwigo <removed>
CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)
	- bftpd <itp> (bug #640469)
	NOTE: http://bftpd.sourceforge.net/news.html#032390
CVE-2017-16891
	RESERVED
CVE-2017-16890 (SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono func ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/57
	NOTE: Crash in CLI tool, no security impact
CVE-2017-16889
	RESERVED
CVE-2017-16888
	RESERVED
CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
	NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38
CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
	NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38
CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R ...)
	NOT-FOR-US: FiberHome LM53Q1 VH519R05C01S38 devices
CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
	{DSA-4082-1 DSA-4073-1 DLA-1200-1}
	- linux 4.14.7-1
	NOTE: https://www.spinics.net/lists/kvm/msg159809.html
CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a passw ...)
	NOT-FOR-US: OpenDayLight
CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use o ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (vulnerable code not present, cf. kernel-sec information)
	NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
	NOTE: https://github.com/bindecy/HugeDirtyCowPOC
CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used th ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users with Job/Co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the c ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control  ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(j ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/ ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /com ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the  ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information abou ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the  ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to  ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestion ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metada ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check permiss ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 an ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perfor ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier stores credent ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier allowed users  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 all ...)
	NOT-FOR-US: MistServer
CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming & ...)
	{DLA-1240-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/77
CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but s ...)
	- icinga <not-affected> (Doesn't affect Icinga 1.x as packaged in Debian)
	NOTE: https://github.com/Icinga/icinga-core/issues/1601
	NOTE: State is not fully correct, since "affected" source would be there,
	NOTE: But Debian does not install the binaries nor configuration files as
	NOTE: respective icinga user.
CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON o ...)
	NOT-FOR-US: b3log Symphony
CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before 2.1 ...)
	NOT-FOR-US: filp whoops
CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
	NOT-FOR-US: Snap7 Server
CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme versi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
	NOT-FOR-US: Opencast
CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections  ...)
	NOT-FOR-US: Opencast
CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...)
	- simple-xml 2.7.1-3 (low; bug #888547)
	[stretch] - simple-xml <ignored> (Minor issue)
	[jessie] - simple-xml <no-dsa> (Minor issue)
	[wheezy] - simple-xml <no-dsa> (Minor issue)
	NOTE: https://github.com/ngallagher/simplexml/issues/18
	NOTE: Fixing commit in a new fork of the library (which is renamed simple-xml-safe):
	NOTE: https://github.com/dweiss/simplexml/commit/c8d4b4310549bfaf6dc0a20abea7fbcca6e51edd
CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...)
	NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
	- exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
	NOTE: https://github.com/Exiv2/exiv2/issues/177
CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888863)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
	NOTE: https://github.com/Exiv2/exiv2/issues/176
CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
	- exiv2 <not-affected> (WebP support introduced in 0.26; only affected experimental; bug #888864)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
	NOTE: https://github.com/Exiv2/exiv2/issues/175
CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...)
	- ncurses 6.0+20171125-1 (bug #882620)
	[stretch] - ncurses 6.0+20161126-1+deb9u2
	[jessie] - ncurses 5.9+20140913-1+deb8u3
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz
	NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125
CVE-2017-16878 (Cross-site scripting (XSS) vulnerability in the Captive Portal functio ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
	NOT-FOR-US: ZEIT Next.js
CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in mi ...)
	- mistune 0.8.1-1
	[stretch] - mistune <no-dsa> (Minor issue)
	NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98
CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in P ...)
	{DSA-4170-1}
	- pjproject 2.7.1~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: https://trac.pjsip.org/repos/ticket/2055
	NOTE: https://trac.pjsip.org/repos/changeset/5680
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2017-16874
	RESERVED
CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid binary that  ...)
	NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-1000233
	REJECTED
CVE-2017-1000222
	REJECTED
CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticate ...)
	- xrootd <itp> (bug #687222)
CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code execut ...)
	NOT-FOR-US: Elixir's vim plugin
CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML  ...)
	{DLA-1175-1}
	- lynx 2.8.9dev16-1
	[stretch] - lynx <no-dsa> (Minor issue)
	- lynx-cur <removed>
	[jessie] - lynx-cur <no-dsa> (Minor issue)
	NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to buf ...)
	- htslib 1.4.1-1
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
CVE-2017-1000204
	REJECTED
CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell  ...)
	- root-system <removed>
	[jessie] - root-system <ignored> (Minor issue)
	[wheezy] - root-system <ignored> (Minor issue as it's restricted to authenticated users)
	NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e
CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File I ...)
	NOT-FOR-US: Cygnux sysPass
CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting i ...)
	NOT-FOR-US: Jool
CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
	NOT-FOR-US: jqueryFileTree
CVE-2017-1000169 (QuickerBB version &lt;= 0.7.2 is vulnerable to arbitrary file writes w ...)
	NOT-FOR-US: QuickerBB
CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate pub ...)
	NOT-FOR-US: sodiumoxide
CVE-2017-1000161
	REJECTED
CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in P ...)
	{DSA-4170-1}
	- pjproject 2.7.1~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: https://trac.pjsip.org/repos/ticket/2056
	NOTE: https://trac.pjsip.org/repos/changeset/5682
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress al ...)
	NOT-FOR-US: UpdraftPlus plugin for WordPress
CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ha ...)
	NOT-FOR-US: UpdraftPlus plugin for WordPress
CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...)
	- upx-ucl 3.94-4 (bug #882041; unimportant)
	NOTE: https://github.com/upx/upx/issues/146
	NOTE: crash in CLI tool, no security impact
CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/52
	NOTE: Crash in CLI tool, no security impact
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentica ...)
	NOT-FOR-US: Amazon Key
CVE-2017-1000248 (Redis-store &lt;=v1.3.0 allows unsafe objects to be loaded from redis ...)
	- ruby-redis-store 1.1.6-2 (bug #882034)
	[stretch] - ruby-redis-store 1.1.6-1+deb9u1
	NOTE: https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e
CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerab ...)
	- codeigniter <itp> (bug #471583)
CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the initializa ...)
	- python-pysaml2 4.5.0-4 (bug #882012)
	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
	[jessie] - python-pysaml2 <no-dsa> (Minor issue)
	NOTE: https://github.com/rohe/pysaml2/issues/417
	NOTE: https://github.com/c00kiemon5ter/pysaml2/commit/7323f5c20efb59424d853c822e7a26d1aa3e84aa
CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...)
	NOT-FOR-US: OpenEMR
CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected &amp; stored ...)
	NOT-FOR-US: OpenEMR
CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scrip ...)
	NOT-FOR-US: InvoicePlane
CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload r ...)
	NOT-FOR-US: InvoicePlane
CVE-2017-1000237 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Server-Side R ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000236 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Reflected Cro ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000235 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to OS Command In ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000234 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Directory Enu ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...)
	- ldns 1.7.0-4 (bug #882014)
	[stretch] - ldns <no-dsa> (Minor issue)
	[jessie] - ldns <no-dsa> (Minor issue)
	[wheezy] - ldns <not-affected> (Vulnerable code not present)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified  ...)
	{DLA-1182-1}
	- ldns 1.7.0-4 (bug #882015)
	[stretch] - ldns <no-dsa> (Minor issue)
	[jessie] - ldns <no-dsa> (Minor issue)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
	{DSA-4058-1 DLA-1184-1}
	- optipng 0.7.6-1.1 (bug #882032)
	NOTE: https://sourceforge.net/p/optipng/bugs/65/
	NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...)
	NOT-FOR-US: nodejs ejs
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using relevans ...)
	NOT-FOR-US: Relevanssi
CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated attacke ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is prese ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-1000220 (soyuka/pidusage &lt;=1.1.4 is vulnerable to command injection in the m ...)
	NOT-FOR-US: soyuka/pidusage
CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection  ...)
	NOT-FOR-US: npm/KyleRoss windows-cpu
CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the "writel ...)
	NOT-FOR-US: LightFTP
CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST par ...)
	NOT-FOR-US: WBCE
CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflo ...)
	NOT-FOR-US: picoTCP
CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...)
	NOT-FOR-US: Java WebSocket client nv-websocket-client
CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version &lt;= 1.0.30) yaml parsin ...)
	NOT-FOR-US: Swagger-Parser
CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...)
	NOT-FOR-US: October CMS
CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...)
	NOT-FOR-US: October CMS
CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset m ...)
	NOT-FOR-US: October CMS
CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration modificati ...)
	NOT-FOR-US: October CMS
CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...)
	NOT-FOR-US: October CMS
CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-servi ...)
	NOT-FOR-US: nodejs ejs
CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scri ...)
	NOT-FOR-US: nodejs ejs
CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/36
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/34
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...)
	- swftools <removed>
	[stretch] - swftools <ignored> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/33
CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/30
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...)
	- swftools <removed>
	[stretch] - swftools <ignored> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/23
CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump swf_GetB ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/21
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution.  ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution.  ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook res ...)
	NOT-FOR-US: Tine groupware
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting  ...)
	NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
	{DSA-4307-1 DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1}
	- python3.5 3.5.5-1
	- python3.4 <removed>
	- python2.7 2.7.13-4
	[stretch] - python2.7 2.7.13-2+deb9u2
	- python2.6 <removed>
	NOTE: https://bugs.python.org/issue30657
	NOTE: 2.7 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae (v2.7.14rc1)
	NOTE: 3.4 https://github.com/python/cpython/commit/6c004b40f9d51872d848981ef1a18bb08c2dfc42 (v3.4.8rc1)
	NOTE: 3.5 https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9 (v3.5.5rc1)
	NOTE: The 2.7.13-4 upload included the commit in debian/patches/git-updates.diff
CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog compone ...)
	- serendipity <removed>
CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...)
	NOT-FOR-US: Codiad
CVE-2018-0085
	RESERVED
CVE-2018-0084
	RESERVED
CVE-2018-0083
	RESERVED
CVE-2018-0082
	RESERVED
CVE-2018-0081
	RESERVED
CVE-2018-0080
	RESERVED
CVE-2018-0079
	RESERVED
CVE-2018-0078
	RESERVED
CVE-2018-0077
	RESERVED
CVE-2018-0076
	RESERVED
CVE-2018-0075
	RESERVED
CVE-2018-0074
	RESERVED
CVE-2018-0073
	RESERVED
CVE-2018-0072
	RESERVED
CVE-2018-0071
	RESERVED
CVE-2018-0070
	RESERVED
CVE-2018-0069
	RESERVED
CVE-2018-0068
	RESERVED
CVE-2018-0067
	RESERVED
CVE-2018-0066
	RESERVED
CVE-2018-0065
	RESERVED
CVE-2018-0064
	RESERVED
CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 m ...)
	NOT-FOR-US: Juniper
CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote  ...)
	NOT-FOR-US: Juniper
CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS a ...)
	NOT-FOR-US: Juniper
CVE-2018-0060 (An improper input validation weakness in the device control daemon pro ...)
	NOT-FOR-US: Juniper
CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user  ...)
	NOT-FOR-US: Juniper
CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to tr ...)
	NOT-FOR-US: Juniper
CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge (B ...)
	NOT-FOR-US: Juniper
CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on a ...)
	NOT-FOR-US: Juniper
CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS d ...)
	NOT-FOR-US: Juniper
CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause f ...)
	NOT-FOR-US: Juniper
CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...)
	NOT-FOR-US: Juniper
CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...)
	NOT-FOR-US: Juniper
CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...)
	NOT-FOR-US: Juniper
CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of J ...)
	NOT-FOR-US: Juniper
CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS  ...)
	NOT-FOR-US: Juniper
CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Ext ...)
	NOT-FOR-US: Juniper
CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework us ...)
	NOT-FOR-US: Juniper
CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included wit ...)
	NOT-FOR-US: Juniper
CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ro ...)
	NOT-FOR-US: Juniper
CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and hos ...)
	NOT-FOR-US: Juniper
CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol daemo ...)
	NOT-FOR-US: Juniper
CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log  ...)
	NOT-FOR-US: Juniper Networks CSO
CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...)
	NOT-FOR-US: Juniper
CVE-2018-0040 (Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 ...)
	NOT-FOR-US: Juniper
CVE-2018-0039 (Juniper Networks Contrail Service Orchestration releases prior to 4.0. ...)
	NOT-FOR-US: Juniper
CVE-2018-0038 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...)
	NOT-FOR-US: Juniper
CVE-2018-0037 (Junos OS routing protocol daemon (RPD) process may crash and restart o ...)
	NOT-FOR-US: Junos OS
CVE-2018-0036
	RESERVED
CVE-2018-0035 (QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1 ...)
	NOT-FOR-US: Junos OS
CVE-2018-0034 (A Denial of Service vulnerability exists in the Juniper Networks Junos ...)
	NOT-FOR-US: Juniper
CVE-2018-0033
	RESERVED
CVE-2018-0032 (The receipt of a crafted BGP UPDATE can lead to a routing process daem ...)
	NOT-FOR-US: Juniper
CVE-2018-0031 (Receipt of specially crafted UDP/IP packets over MPLS may be able to b ...)
	NOT-FOR-US: Juniper
CVE-2018-0030 (Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1 ...)
	NOT-FOR-US: Juniper
CVE-2018-0029 (While experiencing a broadcast storm, placing the fxp0 interface into  ...)
	NOT-FOR-US: Juniper
CVE-2018-0028
	RESERVED
CVE-2018-0027 (Receipt of a crafted or malformed RSVP PATH message may cause the rout ...)
	NOT-FOR-US: Juniper
CVE-2018-0026 (After Junos OS device reboot or upgrade, the stateless firewall filter ...)
	NOT-FOR-US: Juniper
CVE-2018-0025 (When an SRX Series device is configured to use HTTP/HTTPS pass-through ...)
	NOT-FOR-US: Juniper
CVE-2018-0024 (An Improper Privilege Management vulnerability in a shell session of J ...)
	NOT-FOR-US: Juniper
CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot Administrato ...)
	NOT-FOR-US: JSNAPy
CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more i ...)
	NOT-FOR-US: Juniper
CVE-2018-0021 (If all 64 digits of the connectivity association name (CKN) key or all ...)
	NOT-FOR-US: Juniper
CVE-2018-0020 (Junos OS may be impacted by the receipt of a malformed BGP UPDATE whic ...)
	NOT-FOR-US: Juniper
CVE-2018-0019 (A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may al ...)
	NOT-FOR-US: Juniper
CVE-2018-0018 (On SRX Series devices during compilation of IDP policies, an attacker  ...)
	NOT-FOR-US: Juniper
CVE-2018-0017 (A vulnerability in the Network Address Translation - Protocol Translat ...)
	NOT-FOR-US: Juniper
CVE-2018-0016 (Receipt of a specially crafted Connectionless Network Protocol (CLNP)  ...)
	NOT-FOR-US: Juniper
CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix application ...)
	NOT-FOR-US: AppFormix
CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with zer ...)
	NOT-FOR-US: Juniper
CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos Space N ...)
	NOT-FOR-US: Juniper
CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability that m ...)
	NOT-FOR-US: Juniper
CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos Space ma ...)
	NOT-FOR-US: Juniper
CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security Director  ...)
	NOT-FOR-US: Juniper
CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules configured to m ...)
	NOT-FOR-US: Juniper
CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a commit scri ...)
	NOT-FOR-US: Juniper
CVE-2018-0007 (An unauthenticated network-based attacker able to send a maliciously c ...)
	NOT-FOR-US: Juniper
CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an adjacent host ...)
	NOT-FOR-US: Juniper
CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the MAC mov ...)
	NOT-FOR-US: Juniper
CVE-2018-0004 (A sustained sequence of different types of normal transit traffic can  ...)
	NOT-FOR-US: Juniper
CVE-2018-0003 (A specially crafted MPLS packet received or processed by the system, o ...)
	NOT-FOR-US: Juniper
CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any ALG en ...)
	NOT-FOR-US: Juniper
CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by expl ...)
	NOT-FOR-US: Juniper
CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS)  ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allows remo ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 allow ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3 allows remo ...)
	NOT-FOR-US: PieChart gadget in Atlassian Jira
CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version 7.6. ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect action  ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links before  ...)
	NOT-FOR-US: Atlassian
CVE-2017-16859 (The review attachment resource in Atlassian Fisheye and Crucible befor ...)
	NOT-FOR-US: Atlassian
CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
	NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via minim ...)
	NOT-FOR-US: Atlassian
CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-16855
	REJECTED
CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...)
	{DSA-4066-1 DLA-1212-1}
	- otrs2 6.0.2-1
	NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/867aba14900f17caacb0285a08b6981bbdbbe016
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0
CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values dur ...)
	{DSA-4213-1 DLA-1497-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #882136)
	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=802cbcb73002b92e6ddc8464d39b668a71b78d74
CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in for ...)
	{DSA-4041-1 DLA-1173-1}
	- procmail 3.22-26 (bug #876511)
CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKey ...)
	NOT-FOR-US: Vonage VDV-23
CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in admin/google_search_consol ...)
	NOT-FOR-US: Yoast SEO plugin for WordPress
CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to /Calend ...)
	NOT-FOR-US: LanSweeper
CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attacke ...)
	{DSA-4049-1}
	- ffmpeg 7:3.4.1-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...)
	NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16838
	RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...)
	- tboot <itp> (bug #803180)
CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC2 ...)
	NOT-FOR-US: Arris TG1682G devices
CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has a ...)
	NOT-FOR-US: Photo Video Locker-Calculator application for Android
CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an u ...)
	- pnp4nagios <not-affected> (/etc/pnp4nagios and its content is installed as root by the Debian package)
	NOTE: https://github.com/lingej/pnp4nagios/issues/140
CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16 ...)
	NOT-FOR-US: Gemirro
CVE-2017-16853 (The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicM ...)
	{DSA-4039-1 DLA-1178-1}
	- opensaml2 2.6.1-1 (bug #881856)
	NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
	NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataPro ...)
	{DSA-4038-1 DLA-1179-1}
	- shibboleth-sp2 2.6.1+dfsg1-1 (bug #881857)
	NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16
	NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File Descr ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b
CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22385
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca
CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils 2.29 ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22384
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4
CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the  ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163
CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 al ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22386
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d
CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File D ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22306
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419
CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File De ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22376
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d
CVE-2017-16825
	RESERVED
CVE-2017-16824
	RESERVED
CVE-2017-16823
	RESERVED
CVE-2017-16822
	RESERVED
CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.jav ...)
	NOT-FOR-US: b3log Symphony
CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems R ...)
	NOT-FOR-US: Icon Time Systems RTC-1000
CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ...)
	- ceph <not-affected> (Vulnerable code introduced after 12.1.0)
	NOTE: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
CVE-2017-16817
	RESERVED
CVE-2017-16816 (The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before  ...)
	- condor 8.6.8~dfsg.1-1
	[stretch] - condor <not-affected> (VOMS support disabled)
	[jessie] - condor <no-dsa> (Minor issue)
	[wheezy] - condor <no-dsa> (Minor issue)
	NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html
CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...)
	NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress
CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...)
	- collectd 5.8.0-1 (bug #881757)
	[stretch] - collectd <no-dsa> (Minor issue)
	[jessie] - collectd <no-dsa> (Minor issue)
	[wheezy] - collectd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/collectd/collectd/issues/2291
CVE-2017-16814 (A Directory Traversal issue was discovered in the Foxit MobilePDF app  ...)
	NOT-FOR-US: Foxit
CVE-2017-16813 (A denial-of-service issue was discovered in the Foxit MobilePDF app be ...)
	NOT-FOR-US: Foxit
CVE-2017-16812
	RESERVED
CVE-2017-16811
	RESERVED
CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables tab in O ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-16809
	RESERVED
CVE-2017-16808 (tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_ ...)
	- tcpdump 4.9.3~git20190901-1 (unimportant; bug #881862)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645
	NOTE: Crash in CLI tool, no security impact
CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3 ...)
	NOT-FOR-US: Kirby Panel
CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ul ...)
	NOT-FOR-US: Ulterius
CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a  ...)
	- radare2 2.1.0+dfsg-1 (bug #882134)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <not-affected> (Vulnerable code does not exist; no dwarf support)
	NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
	NOTE: https://github.com/radare/radare2/issues/8813
CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree  ...)
	{DSA-4119-1}
	- libav <removed> (low)
	- ffmpeg 7:2.2.1-1
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
	NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
	NOTE: ffmpeg: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
	NOTE: ffmpeg originally fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/b829da363985cb2f80130bba304cc29a632f6446
CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in app/webroot/js/mi ...)
	NOT-FOR-US: MISP
CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/issues/25713 (private)
	NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
	NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17. ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-16800
	RESERVED
CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, sto ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properl ...)
	- swftools <removed>
	[stretch] - swftools <ignored> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/51
CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check t ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/51
	NOTE: Crash in CLI tool, no security implications
CVE-2017-16795
	RESERVED
CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...)
	- swftools <removed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/50
	NOTE: Crash in CLI tool, no security implications
CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not  ...)
	- swftools <removed>
	[stretch] - swftools <ignored> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/47
CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...)
	NOT-FOR-US: geminabox
CVE-2017-16791
	RESERVED
CVE-2017-16790 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...)
	{DSA-4262-1}
	- symfony 3.4.0+dfsg-1
	[jessie] - symfony <not-affected> (vulnerable code introduced in 2.4.*)
	NOTE: https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
	NOTE: https://github.com/symfony/symfony/pull/24993
CVE-2017-16789 (Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS  ...)
	NOT-FOR-US: TIBCO
CVE-2017-16788 (Directory traversal vulnerability in the "Upload Groupkey" functionali ...)
	NOT-FOR-US: Meinberg LANTIME
CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with firmwar ...)
	NOT-FOR-US: Meinberg LANTIME
CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with firmwar ...)
	NOT-FOR-US: Meinberg LANTIME
CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detail ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject JavaScript cod ...)
	NOT-FOR-US: Home Assistant
CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS. ...)
	NOT-FOR-US: MyBB
CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to execute ...)
	NOT-FOR-US: MyBB
CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ...)
	- cacti 1.1.27+ds1-3
	[stretch] - cacti <not-affected> (Vulnerable code does not exist)
	[jessie] - cacti <not-affected> (Vulnerable code does not exist)
	[wheezy] - cacti <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/Cacti/cacti/issues/1071
	NOTE: this is more or less a dublicate of CVE-2017-16641
	NOTE: one of the applied patches reopened the vulnerability
CVE-2017-16779
	RESERVED
CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax Outdoor ...)
	NOT-FOR-US: Fermax Outdoor Panel
CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion)  ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...)
	NOT-FOR-US: Conserus Workflow Intelligence
CVE-2017-16775 (Improper restriction of rendered UI layers or frames vulnerability in  ...)
	NOT-FOR-US: Synology
CVE-2017-16774 (Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotifica ...)
	NOT-FOR-US: Synology
CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in Synology  ...)
	NOT-FOR-US: Synology
CVE-2017-16772 (Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUploa ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Pho ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-16770 (File and directory information exposure vulnerability in SYNO.Surveill ...)
	NOT-FOR-US: Synology Surveillance Station
CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in Synol ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in Syno ...)
	NOT-FOR-US: Synology MailPlus Server
CVE-2017-16767 (Cross-site scripting (XSS) vulnerability in User Profile in Synology S ...)
	NOT-FOR-US: Synology Surveillance Station
CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology  ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...)
	NOT-FOR-US: D-Link
CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality  ...)
	NOT-FOR-US: django_make_app
CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality  ...)
	NOT-FOR-US: Confire
CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with directory trave ...)
	NOT-FOR-US: Sanic
CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allow ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote a ...)
	NOT-FOR-US: LibreNMS
CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in admin/partials/uif-access- ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%,  ...)
	NOT-FOR-US: Hola VPN
CVE-2017-16756 (An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-si ...)
	NOT-FOR-US: Userscape HelpSpot
CVE-2017-16755 (An issue was discovered in Userscape HelpSpot before 4.7.2. A reflecte ...)
	NOT-FOR-US: Userscape HelpSpot
CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler route ...)
	NOT-FOR-US: Bolt CMS
CVE-2017-16753 (An Improper Input Validation issue was discovered in Advantech WebAcce ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16752
	RESERVED
CVE-2017-16751 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16750
	RESERVED
CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics Delta Indus ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16748 (An attacker can log into the local Niagara platform (Niagara AX Framew ...)
	NOT-FOR-US: Niagara AX
CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta Electronics Delta ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16746
	RESERVED
CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics Delta Indus ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16744 (A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and  ...)
	NOT-FOR-US: Niagara AX
CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL S ...)
	NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16742
	RESERVED
CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL SWI ...)
	NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation Allen-Br ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor v1. ...)
	NOT-FOR-US: WECON Technology LEVI Studio HMI Editor
CVE-2017-16738
	RESERVED
CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor v1. ...)
	NOT-FOR-US: WECON Technology LEVI Studio HMI Editor
CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovere ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1  ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2017-16734
	RESERVED
CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1  ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB El ...)
	NOT-FOR-US: Ellipse
CVE-2017-16730
	RESERVED
CVE-2017-16729
	RESERVED
CVE-2017-16728 (An Untrusted Pointer Dereference issue was discovered in Advantech Web ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ver ...)
	NOT-FOR-US: Moxa
CVE-2017-16726 (Beckhoff TwinCAT supports communication over ADS. ADS is a protocol fo ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai Technol ...)
	NOT-FOR-US: Xiongmai Technology IP Cameras and DVRs
CVE-2017-16724 (A Stack-based Buffer Overflow issue was discovered in Advantech WebAcc ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMS ...)
	NOT-FOR-US: PHOENIX
CVE-2017-16722
	RESERVED
CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA V ...)
	NOT-FOR-US: Geovap Reliance SCADA
CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions 8.3.2 and  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPor ...)
	NOT-FOR-US: Moxa
CVE-2017-16718 (Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol  ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio  ...)
	NOT-FOR-US: WECON LeviStudio HMI
CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior to 8. ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Versio ...)
	NOT-FOR-US: Moxa
CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13,  ...)
	NOT-FOR-US: Ice Qube Thermal Management Center
CVE-2017-16713
	RESERVED
CVE-2017-16712
	RESERVED
CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...)
	- swftools <removed> (unimportant; bug #881390)
	NOTE: https://github.com/matthiaskramm/swftools/issues/46
	NOTE: Crash in CLI tool, no security implications
CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 d ...)
	NOT-FOR-US: Creston
CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 ...)
	NOT-FOR-US: Creston
CVE-2017-16708
	RESERVED
CVE-2017-16707
	RESERVED
CVE-2017-16706
	RESERVED
CVE-2017-16705
	RESERVED
CVE-2017-16704
	RESERVED
CVE-2017-16703
	RESERVED
CVE-2017-16702
	RESERVED
CVE-2017-16701
	RESERVED
CVE-2017-16700
	RESERVED
CVE-2017-16699
	RESERVED
CVE-2017-16698
	RESERVED
CVE-2017-16697
	RESERVED
CVE-2017-16696
	RESERVED
CVE-2017-16695
	RESERVED
CVE-2017-16694
	RESERVED
CVE-2017-16693
	RESERVED
CVE-2017-16692
	RESERVED
CVE-2017-16691 (SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.1 ...)
	NOT-FOR-US: SAP Note Assistant
CVE-2017-16690 (A malicious DLL preload attack possible on NwSapSetup and Installation ...)
	NOT-FOR-US: SAP Plant Connectivity
CVE-2017-16689 (A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SA ...)
	NOT-FOR-US: SAP KERNEL
CVE-2017-16688
	RESERVED
CVE-2017-16687 (The user self-service tools of SAP HANA extended application services, ...)
	NOT-FOR-US: SAP HANA
CVE-2017-16686
	RESERVED
CVE-2017-16685 (Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data In ...)
	NOT-FOR-US: SAP Business Warehouse Universal Data Integration
CVE-2017-16684 (SAP Business Intelligence Promotion Management Application, Enterprise ...)
	NOT-FOR-US: SAP Business Intelligence Promotion Management Application
CVE-2017-16683 (Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4 ...)
	NOT-FOR-US: SAP Business Objects Platform
CVE-2017-16682 (SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 t ...)
	NOT-FOR-US: SAP NetWeaver Internet Transaction Server
CVE-2017-16681 (Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence  ...)
	NOT-FOR-US: SAP Business Intelligence Promotion Management Application
CVE-2017-16680 (Two potential audit log injections in SAP HANA extended application se ...)
	NOT-FOR-US: SAP HANA extended application services
CVE-2017-16679 (URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32  ...)
	NOT-FOR-US: SAP's Startup Service
CVE-2017-16678 (Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Know ...)
	NOT-FOR-US: SAP NetWeaver Knowledge Management Configuration Service
CVE-2017-16677
	RESERVED
CVE-2017-16676
	RESERVED
CVE-2017-16675
	RESERVED
CVE-2017-16674 (Datto Windows Agent allows unauthenticated remote command execution vi ...)
	NOT-FOR-US: Datto Windows Agent
CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming  ...)
	NOT-FOR-US: Datto Backup Agent
CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14  ...)
	- asterisk 1:13.18.1~dfsg-1 (bug #881256)
	[stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-011.html
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27345
CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 13 befo ...)
	- asterisk 1:13.18.1~dfsg-1 (bug #881257)
	[stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
	[jessie] - asterisk <not-affected> (Vulnerable code do not exist)
	[wheezy] - asterisk <not-affected> (Vulnerable code do not exist)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-010.html
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-010-13.diff
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27337
CVE-2017-16670 (The project import functionality in SoapUI 5.3.0 allows remote attacke ...)
	NOT-FOR-US: SoapUI
CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...)
	{DSA-4321-1 DLA-1401-1 DLA-1168-1}
	- graphicsmagick 1.3.26-19 (bug #881391)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6
CVE-2017-16668
	RESERVED
CVE-2017-16666 (Xplico before 1.2.1 allows remote authenticated users to execute arbit ...)
	NOT-FOR-US: Xplico
CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflec ...)
	NOT-FOR-US: RemObjects Remoting SDK
CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket Requ ...)
	{DSA-4047-1 DLA-1212-1}
	- otrs2 5.0.24-1 (bug #882370)
	NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
	NOTE: OTRS 3.3: https://github.com/OTRS/otrs/commit/2e58a4bbd99b2477d72c3b2d9fef009537ab19ce
CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper escaping/quot ...)
	- backintime 1.1.24-0.1 (bug #881205)
	[stretch] - backintime <no-dsa> (Minor issue)
	[jessie] - backintime <no-dsa> (Minor issue)
	[wheezy] - backintime <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/bit-team/backintime/issues/834
	NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-base ...)
	{DLA-1185-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/16
CVE-2017-16662
	RESERVED
CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows loc ...)
	NOT-FOR-US: assp as packaged by Gentoo
CVE-2017-16658
	RESERVED
CVE-2017-16657
	RESERVED
CVE-2017-16656
	RESERVED
CVE-2017-16655
	RESERVED
CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...)
	{DSA-4262-1 DLA-1707-1}
	- symfony 3.4.0+dfsg-1
	NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
	NOTE: https://github.com/symfony/symfony/pull/24994
CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...)
	{DSA-4262-1}
	- symfony 3.4.0+dfsg-1
	[jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
	NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
	NOTE: https://github.com/symfony/symfony/pull/24992
CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2 ...)
	{DSA-4262-1 DLA-1707-1}
	- symfony 3.4.0+dfsg-1
	NOTE: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
	NOTE: https://github.com/symfony/symfony/pull/24995
	NOTE: See CVE-2018-11408 to address original incomplete fix for CVE-2017-16652
CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before  ...)
	{DSA-4030-1 DLA-1193-1}
	- roundcube 1.3.3+dfsg.1-1
	NOTE: master: https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d
	NOTE: release-1.3: https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806
	NOTE: release-1.2: https://github.com/roundcube/roundcubemail/commit/9be2224c779d7abc7b29eea2b83a8a3671c543e0
	NOTE: release-1.1: https://github.com/roundcube/roundcubemail/commit/e757cc410145d043c30889d28fa0b5f67a5cf2fd
	NOTE: release-1.0: https://github.com/roundcube/roundcubemail/commit/8d87bb34f3c6103ab81e5342d8b3d297832d178a
	NOTE: https://github.com/roundcube/roundcubemail/issues/6026
CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux  ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend. ...)
	- linux <not-affected> (Vulnerable code not present)
CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 all ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel throug ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu. ...)
	- linux 4.14.2-1 (unimportant)
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.56-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: CONFIG_INPUT_IMS_PCU is not set in Debian config
CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in th ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco. ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ...)
	{DSA-4081-1 DSA-4080-1}
	- php7.1 7.1.11-1
	- php7.0 7.0.25-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present; proof of concept produces expected non-buggy output; upstream patch also appears overly intrusive)
	NOTE: Fixed in: 5.6.32, 7.0.25, 7.1.11
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75055
	NOTE: https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536
	NOTE: https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1
CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read arbitr ...)
	- cacti 1.1.27+ds1-3
	[stretch] - cacti <not-affected> (Vulnerable code does not exist)
	[jessie] - cacti <not-affected> (Vulnerable code does not exist)
	[wheezy] - cacti <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/Cacti/cacti/issues/1066
	NOTE: affected code was introduced in the 1.x release
CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct Rem ...)
	- cacti 1.1.27+ds1-3
	[stretch] - cacti <not-affected> (Vulnerable code does not exist)
	[jessie] - cacti <not-affected> (Vulnerable code does not exist)
	[wheezy] - cacti <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/Cacti/cacti/issues/1066
	NOTE: affected code was introduced in the 1.x release
CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...)
	- cacti 1.1.27+ds1-3 (bug #881110)
	[stretch] - cacti <ignored> (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream)
	[jessie] - cacti <ignored> (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream)
	[wheezy] - cacti <no-dsa> (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream)
	NOTE: https://github.com/Cacti/cacti/issues/1057
	NOTE: https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e
CVE-2017-16640
	RESERVED
CVE-2017-16639 (Tor Browser on Windows before 8.0 allows remote attackers to bypass th ...)
	NOT-FOR-US: Tor Browser on Windows
CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not prope ...)
	- libnet-ping-external-perl <removed> (bug #881097)
	[wheezy] - libnet-ping-external-perl <ignored> (Package may be removed from Wheezy, see #881102)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230
	NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch
CVE-2017-16638 (The Gentoo net-misc/vde package before version 2.3.2-r4 may allow memb ...)
	NOT-FOR-US: Gentoo net-misc/vde packaging issue
CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when res ...)
	NOT-FOR-US: Vectura Perfect Privacy VPN Manager
CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the ne ...)
	NOT-FOR-US: Bludit
CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname ...)
	NOT-FOR-US: TinyWebGallery
CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a user' ...)
	NOT-FOR-US: Joomla!
CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only i ...)
	NOT-FOR-US: Joomla!
CVE-2017-16632
	RESERVED
CVE-2017-16631
	RESERVED
CVE-2017-16630
	RESERVED
CVE-2017-16629
	RESERVED
CVE-2017-16628
	RESERVED
CVE-2017-16627
	RESERVED
CVE-2017-16626
	RESERVED
CVE-2017-16625
	RESERVED
CVE-2017-16624
	RESERVED
CVE-2017-16623
	RESERVED
CVE-2017-16622
	RESERVED
CVE-2017-16621
	RESERVED
CVE-2017-16620
	RESERVED
CVE-2017-16619
	RESERVED
CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality  ...)
	NOT-FOR-US: OwlMixin
CVE-2017-16617
	RESERVED
CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality  ...)
	NOT-FOR-US: pyanyapi
CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality  ...)
	NOT-FOR-US: MLAlchemy
CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows re ...)
	NOT-FOR-US: tpshop
CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through 1 ...)
	{DSA-4044-1}
	- swauth 1.2.0-4 (bug #882314)
	NOTE: https://bugs.launchpad.net/swift/+bug/1655781
CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...)
	{DSA-4059-1 DLA-1201-1}
	- libxcursor 1:1.1.14-3.1 (bug #883792)
	- wayland 1.14.0-2 (bug #889681)
	[stretch] - wayland 1.12.0-1+deb9u1
	[jessie] - wayland <no-dsa> (Minor issue)
	[wheezy] - wayland <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
	NOTE: Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961
	NOTE: Wayland: https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
	NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
	NOTE: did not merge in the 1.14.0-2 upload.
CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker  ...)
	- libxfont 1:2.0.3-1 (low; bug #883929)
	[stretch] - libxfont <no-dsa> (Minor issue)
	[jessie] - libxfont <no-dsa> (Minor issue)
	[wheezy] - libxfont <postponed> (Minor issue)
	- libxfont1 <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/7
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8
	NOTE: (for 1.5.x): https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
CVE-2017-16610 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Netgain
CVE-2017-16609 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Netgain
CVE-2017-16608 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Netgain
CVE-2017-16607 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Netgain
CVE-2017-16606 (This vulnerability allows remote attackers to execute code by creating ...)
	NOT-FOR-US: Netgain
CVE-2017-16605 (This vulnerability allows remote attackers to overwrite arbitrary file ...)
	NOT-FOR-US: Netgain
CVE-2017-16604 (This vulnerability allows remote attackers to overwrite arbitrary file ...)
	NOT-FOR-US: Netgain
CVE-2017-16603 (This vulnerability allows remote attackers to execute code by creating ...)
	NOT-FOR-US: Netgain
CVE-2017-16602 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Netgain
CVE-2017-16601 (This vulnerability allows remote attackers to overwrite arbitrary file ...)
	NOT-FOR-US: Netgain
CVE-2017-16600 (This vulnerability allows remote attackers to overwrite files on vulne ...)
	NOT-FOR-US: Netgain
CVE-2017-16599 (This vulnerability allows remote attackers to delete arbitrary files o ...)
	NOT-FOR-US: Netgain
CVE-2017-16598 (This vulnerability allows remote attackers to execute code by overwrit ...)
	NOT-FOR-US: Netgain
CVE-2017-16597 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Netgain
CVE-2017-16596 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Netgain
CVE-2017-16595 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Netgain
CVE-2017-16594 (This vulnerability allows remote attackers to create arbitrary files o ...)
	NOT-FOR-US: Netgain
CVE-2017-16593 (This vulnerability allows remote attackers to delete arbitrary files o ...)
	NOT-FOR-US: Netgain
CVE-2017-16592 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Netgain
CVE-2017-16591 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Netgain
CVE-2017-16590 (This vulnerability allows remote attackers to bypass authentication on ...)
	NOT-FOR-US: Netgain
CVE-2017-16589 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16588 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16587 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16586 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16585 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16584 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16583 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16582 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16581 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16580 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16579 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16578 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16577 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16576 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16575 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16574 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16573 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16572 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16571 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by  ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an h ...)
	NOT-FOR-US: Zurmo
CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...)
	NOT-FOR-US: Logitech Media Server
CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...)
	NOT-FOR-US: Logitech Media Server
CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not  ...)
	NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices
CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandst ...)
	NOT-FOR-US: Vonage
CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...)
	NOT-FOR-US: Vonage
CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vona ...)
	NOT-FOR-US: Vonage
CVE-2017-16562 (The UserPro plugin before 4.9.17.1 for WordPress, when used on a site  ...)
	NOT-FOR-US: WordPress plugin userpro
CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 i ...)
	NOT-FOR-US: Ingenious School Management System
CVE-2017-16560 (SanDisk Secure Access 3.01 vault decrypts and copies encrypted files t ...)
	NOT-FOR-US: SanDisk Secure Access
CVE-2017-16559
	RESERVED
CVE-2017-16558 (Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vu ...)
	NOT-FOR-US: Contao
CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-develo ...)
	{DSA-4068-1 DLA-1218-1}
	- rsync 3.1.2-2.1 (bug #880954)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 doe ...)
	{DSA-4321-1 DLA-1456-1 DLA-1170-1}
	- graphicsmagick 1.3.26-18
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does  ...)
	{DSA-4074-1 DSA-4040-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #881392)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/851
CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 doe ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.26-18
	[jessie] - graphicsmagick 1.3.20-3+deb8u3
	[wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with presented test case)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/
	NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this
	NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
	NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-2 (bug #882258)
	[stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
	NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 allows SQ ...)
	NOT-FOR-US: Zoho
CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows Po ...)
	NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...)
	{DSA-4327-1 DLA-1575-1}
	- firefox 62.0-1 (unimportant)
	- firefox-esr 60.2.0esr-1 (unimportant)
	[stretch] - firefox-esr 60.2.0esr-1~deb9u2
	- thunderbird 1:60.2.1-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/24052
	NOTE: https://blog.torproject.org/tor-browser-709-released
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2017-16541
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2017-16541
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2017-16541
CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database co ...)
	NOT-FOR-US: OpenEMR
CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby throug ...)
	- docker.io 1.13.1~ds3-1 (bug #900140)
	NOTE: https://github.com/moby/moby/pull/35399
	NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.1 ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16536 (The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-ca ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in th ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/1c0edc3633b56000e18d82fc241e3995ca18a69e
CVE-2017-16534 (The cdc_parse_cdc_header function in drivers/usb/core/message.c in the ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/2e1c42391ff2556387b3cb6308b24f6f65619feb
CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linu ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/f043bfc98c193c284e2cd768fefabe18ac2fed9b
CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux  ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows loc ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb
CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local users to ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/786de92b3cb26012d3d0f00ee37adf14527f35c4
CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux k ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991
CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local ...)
	- linux 4.13.4-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57
CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/124751d5e63c823092060074bd0abaae61aaa9c4
CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local user ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	NOTE: Fixed by: https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043
CVE-2017-16525 (The usb_serial_console_disconnect function in drivers/usb/serial/conso ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unre ...)
	NOT-FOR-US: Samsung SRN-1670D devices
CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b ...)
	NOT-FOR-US: MitraStar
CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b ...)
	NOT-FOR-US: MitraStar
CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where XslComp ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict creation of  ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16519
	RESERVED
CVE-2017-16518
	RESERVED
CVE-2017-16517
	RESERVED
CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is suppl ...)
	{DLA-1167-1}
	- ruby-yajl 1.2.0-3.1 (low; bug #880691)
	[stretch] - ruby-yajl <no-dsa> (Minor issue)
	[jessie] - ruby-yajl <no-dsa> (Minor issue)
	NOTE: https://github.com/brianmario/yajl-ruby/issues/176
	NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
CVE-2017-16515
	RESERVED
CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities  ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in t ...)
	NOT-FOR-US: Ipswitch WS_FTP Professional
CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 th ...)
	NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16511
	RESERVED
CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to th ...)
	- mahara <removed>
CVE-2017-1000157 (Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before ...)
	- mahara <removed>
CVE-2017-1000156 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-1000155 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-1000154 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-1000153 (Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000152 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 a ...)
	- mahara <removed>
CVE-2017-1000151 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-1000150 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to ...)
	- mahara <removed>
CVE-2017-1000149 (Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15 ...)
	- mahara <removed>
CVE-2017-1000148 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-1000147 (Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04. ...)
	- mahara <removed>
CVE-2017-1000146 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04. ...)
	- mahara <removed>
CVE-2017-1000145 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04. ...)
	- mahara <removed>
CVE-2017-1000144 (Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04. ...)
	- mahara <removed>
CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...)
	- mahara <removed>
CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...)
	- mahara <removed>
CVE-2017-1000141 (An issue was discovered in Mahara before 18.10.0. It mishandled user r ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/mahara/+bug/1422492
CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...)
	- mahara <removed>
CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...)
	- mahara <removed>
CVE-2017-1000138 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to p ...)
	- mahara <removed>
CVE-2017-1000137 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to p ...)
	- mahara <removed>
CVE-2017-1000136 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 an ...)
	- mahara <removed>
CVE-2017-1000135 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...)
	- mahara <removed>
CVE-2017-1000134 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 an ...)
	- mahara <removed>
CVE-2017-1000133 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...)
	- mahara <removed>
CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before  ...)
	- mahara <removed>
CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb-&gt;prepare ...)
	{DSA-4090-1 DLA-1160-1}
	- wordpress 4.8.3+dfsg-1 (bug #880528)
	NOTE: https://wpvulndb.com/vulnerabilities/8941
	NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
	NOTE: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
CVE-2017-16509
	REJECTED
CVE-2017-16508
	REJECTED
CVE-2017-16507
	REJECTED
CVE-2017-16506
	REJECTED
CVE-2017-16505
	REJECTED
CVE-2017-16504
	REJECTED
CVE-2017-16503
	REJECTED
CVE-2017-16502
	REJECTED
CVE-2017-16501
	REJECTED
CVE-2017-16500
	REJECTED
CVE-2017-16499
	REJECTED
CVE-2017-16498
	REJECTED
CVE-2017-16497
	REJECTED
CVE-2017-16496
	REJECTED
CVE-2017-16495
	REJECTED
CVE-2017-16494
	REJECTED
CVE-2017-16493
	REJECTED
CVE-2017-16492
	REJECTED
CVE-2017-16491
	REJECTED
CVE-2017-16490
	REJECTED
CVE-2017-16489
	REJECTED
CVE-2017-16488
	REJECTED
CVE-2017-16487
	REJECTED
CVE-2017-16486
	REJECTED
CVE-2017-16485
	REJECTED
CVE-2017-16484
	REJECTED
CVE-2017-16483
	REJECTED
CVE-2017-16482
	REJECTED
CVE-2017-16481
	REJECTED
CVE-2017-16480
	REJECTED
CVE-2017-16479
	REJECTED
CVE-2017-16478
	REJECTED
CVE-2017-16477
	REJECTED
CVE-2017-16476
	REJECTED
CVE-2017-16475
	REJECTED
CVE-2017-16474
	REJECTED
CVE-2017-16473
	REJECTED
CVE-2017-16472
	REJECTED
CVE-2017-16471
	REJECTED
CVE-2017-16470
	REJECTED
CVE-2017-16469
	REJECTED
CVE-2017-16468
	REJECTED
CVE-2017-16467
	REJECTED
CVE-2017-16466
	REJECTED
CVE-2017-16465
	REJECTED
CVE-2017-16464
	REJECTED
CVE-2017-16463
	REJECTED
CVE-2017-16462
	REJECTED
CVE-2017-16461
	REJECTED
CVE-2017-16460
	REJECTED
CVE-2017-16459
	REJECTED
CVE-2017-16458
	REJECTED
CVE-2017-16457
	REJECTED
CVE-2017-16456
	REJECTED
CVE-2017-16455
	REJECTED
CVE-2017-16454
	REJECTED
CVE-2017-16453
	REJECTED
CVE-2017-16452
	REJECTED
CVE-2017-16451
	REJECTED
CVE-2017-16450
	REJECTED
CVE-2017-16449
	REJECTED
CVE-2017-16448
	REJECTED
CVE-2017-16447
	REJECTED
CVE-2017-16446
	REJECTED
CVE-2017-16445
	REJECTED
CVE-2017-16444
	REJECTED
CVE-2017-16443
	REJECTED
CVE-2017-16442
	REJECTED
CVE-2017-16441
	REJECTED
CVE-2017-16440
	REJECTED
CVE-2017-16439
	REJECTED
CVE-2017-16438
	REJECTED
CVE-2017-16437
	REJECTED
CVE-2017-16436
	REJECTED
CVE-2017-16435
	REJECTED
CVE-2017-16434
	REJECTED
CVE-2017-16433
	REJECTED
CVE-2017-16432
	REJECTED
CVE-2017-16431
	REJECTED
CVE-2017-16430
	REJECTED
CVE-2017-16429
	REJECTED
CVE-2017-16428
	REJECTED
CVE-2017-16427
	REJECTED
CVE-2017-16426
	REJECTED
CVE-2017-16425
	REJECTED
CVE-2017-16424
	REJECTED
CVE-2017-16423
	REJECTED
CVE-2017-16422
	REJECTED
CVE-2017-16421
	REJECTED
CVE-2017-16420 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16419 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16418 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16417 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16416 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16415 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16414 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16413 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16412 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16411 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16410 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16409 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16408 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16407 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16406 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16405 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16404 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16403 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16402 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16401 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16400 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16399 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16398 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16397 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16396 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16395 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16394 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16393 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16392 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16391 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16390 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16389 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16388 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16387 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16386 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16385 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16384 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16383 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16382 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16381 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16380 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16379 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16378 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16377 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16376 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16375 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16374 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16373 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16372 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16371 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16370 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16369 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16368 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16367 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16366 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16365 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16364 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16363 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16362 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16361 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16360 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in store_ve ...)
	- radare2 2.1.0+dfsg-1 (bug #880616)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e
	NOTE: https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882
	NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d
	NOTE: https://github.com/radare/radare2/issues/8764
CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in string_ ...)
	- radare2 2.1.0+dfsg-1 (bug #880619)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9
	NOTE: https://github.com/radare/radare2/issues/8748
CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in store_ver ...)
	- radare2 2.1.0+dfsg-1 (bug #880620)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
	NOTE: https://github.com/radare/radare2/issues/8742
CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended)  ...)
	NOT-FOR-US: Kubik-Rubik SIGE
CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...)
	{DSA-4415-1}
	- passenger 5.0.30-1.1 (bug #884463)
	- ruby-passenger <removed>
	[jessie] - ruby-passenger <no-dsa> (Minor issue)
	[wheezy] - ruby-passenger <not-affected> (Vulnerable code introduced later)
	NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
	NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
	NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
	NOTE: get the status information.
CVE-2017-16354
	RESERVED
CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...)
	{DSA-4321-1 DLA-1401-1 DLA-1159-1}
	- graphicsmagick 1.3.26-17
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8
	NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vu ...)
	{DSA-4321-1 DLA-1456-1 DLA-1159-1}
	- graphicsmagick 1.3.26-17
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185
	NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting vulner ...)
	- pluxml 5.6-1 (bug #881796)
	[stretch] - pluxml <no-dsa> (Minor issue)
	[jessie] - pluxml <no-dsa> (Minor issue)
	NOTE: https://github.com/pluxml/PluXml/issues/253
CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000243 (Jenkins Favorite Plugin 2.1.4 and older does not perform permission ch ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000242 (Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file wit ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-16351
	REJECTED
CVE-2017-16350
	REJECTED
CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the reporti ...)
	NOT-FOR-US: SAP
CVE-2017-16348 (An exploitable denial of service vulnerability exists in Insteon Hub r ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16347 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16346 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16345 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16344 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16343 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16342 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16341 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16340 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16339 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16338 (An attacker could send an authenticated HTTP request to trigger this v ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16337 (On Insteon Hub 2245-222 devices with firmware version 1012, specially  ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16336
	RESERVED
CVE-2017-16335
	RESERVED
CVE-2017-16334
	RESERVED
CVE-2017-16333
	RESERVED
CVE-2017-16332
	RESERVED
CVE-2017-16331
	RESERVED
CVE-2017-16330
	RESERVED
CVE-2017-16329
	RESERVED
CVE-2017-16328
	RESERVED
CVE-2017-16327
	RESERVED
CVE-2017-16326
	RESERVED
CVE-2017-16325
	RESERVED
CVE-2017-16324
	RESERVED
CVE-2017-16323
	RESERVED
CVE-2017-16322
	RESERVED
CVE-2017-16321
	RESERVED
CVE-2017-16320
	RESERVED
CVE-2017-16319
	RESERVED
CVE-2017-16318
	RESERVED
CVE-2017-16317
	RESERVED
CVE-2017-16316
	RESERVED
CVE-2017-16315
	RESERVED
CVE-2017-16314
	RESERVED
CVE-2017-16313
	RESERVED
CVE-2017-16312
	RESERVED
CVE-2017-16311
	RESERVED
CVE-2017-16310
	RESERVED
CVE-2017-16309
	RESERVED
CVE-2017-16308
	RESERVED
CVE-2017-16307
	RESERVED
CVE-2017-16306
	RESERVED
CVE-2017-16305
	RESERVED
CVE-2017-16304
	RESERVED
CVE-2017-16303
	RESERVED
CVE-2017-16302
	RESERVED
CVE-2017-16301
	RESERVED
CVE-2017-16300
	RESERVED
CVE-2017-16299
	RESERVED
CVE-2017-16298
	RESERVED
CVE-2017-16297
	RESERVED
CVE-2017-16296
	RESERVED
CVE-2017-16295
	RESERVED
CVE-2017-16294
	RESERVED
CVE-2017-16293
	RESERVED
CVE-2017-16292
	RESERVED
CVE-2017-16291
	RESERVED
CVE-2017-16290
	RESERVED
CVE-2017-16289
	RESERVED
CVE-2017-16288
	RESERVED
CVE-2017-16287
	RESERVED
CVE-2017-16286
	RESERVED
CVE-2017-16285
	RESERVED
CVE-2017-16284
	RESERVED
CVE-2017-16283
	RESERVED
CVE-2017-16282
	RESERVED
CVE-2017-16281
	RESERVED
CVE-2017-16280
	RESERVED
CVE-2017-16279
	RESERVED
CVE-2017-16278
	RESERVED
CVE-2017-16277
	RESERVED
CVE-2017-16276
	RESERVED
CVE-2017-16275
	RESERVED
CVE-2017-16274
	RESERVED
CVE-2017-16273
	RESERVED
CVE-2017-16272
	RESERVED
CVE-2017-16271
	RESERVED
CVE-2017-16270
	RESERVED
CVE-2017-16269
	RESERVED
CVE-2017-16268
	RESERVED
CVE-2017-16267
	RESERVED
CVE-2017-16266
	RESERVED
CVE-2017-16265
	RESERVED
CVE-2017-16264
	RESERVED
CVE-2017-16263
	RESERVED
CVE-2017-16262
	RESERVED
CVE-2017-16261
	RESERVED
CVE-2017-16260
	RESERVED
CVE-2017-16259
	RESERVED
CVE-2017-16258
	RESERVED
CVE-2017-16257
	RESERVED
CVE-2017-16256
	RESERVED
CVE-2017-16255 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16254 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16253 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16252 (Specially crafted commands sent through the PubNub service in Insteon  ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, releas ...)
	NOT-FOR-US: Mitel
CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allo ...)
	NOT-FOR-US: Mitel
CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial  ...)
	NOT-FOR-US: Debut embedded http server
CVE-2017-16247
	RESERVED
CVE-2017-16246
	RESERVED
CVE-2017-16245
	RESERVED
CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426 ...)
	NOT-FOR-US: OctoberCMS
CVE-2017-16243
	RESERVED
CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint MECO ...)
	NOT-FOR-US: MECO
CVE-2017-1000384
	REJECTED
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores umas ...)
	NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original
	NOTE: file when creating a backup file. That's hardly incorrect behaviour
	NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...)
	- vim <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
	NOTE: Cf. http://www.openwall.com/lists/oss-security/2017/11/01/4
	NOTE: vim creates the .swp file according to the permissions of the file being
	NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp
	NOTE: file is readable by others. But that seem to be the intended behaviour.
CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows r ...)
	- libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458)
	[stretch] - libcatalyst-plugin-static-simple-perl <no-dsa> (Minor issue)
	[jessie] - libcatalyst-plugin-static-simple-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558
CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controller ...)
	NOT-FOR-US: AMAG Symmetry Door Edge Network Controllers
CVE-2017-16240
	RESERVED
CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack No ...)
	- nova 2:16.0.3-6 (bug #883621)
	[stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y)
	[jessie] - nova <not-affected> (Vulnerable code not present)
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5
	NOTE: https://launchpad.net/bugs/1732976
CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x throug ...)
	{DSA-4056-1}
	- nova 2:16.0.3-1 (bug #882009)
	[jessie] - nova <not-affected> (Vulnerble code introduced later)
	[wheezy] - nova <not-affected> (Vulnerble code introduced later)
	NOTE: https://launchpad.net/bugs/1664931
	NOTE: https://security.openstack.org/ossa/OSSA-2017-005.html
	NOTE: Regression fix: http://www.openwall.com/lists/oss-security/2017/12/05/4
CVE-2017-16238
	RESERVED
CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64 ...)
	NOT-FOR-US: Vir.IT eXplorer Anti-Virus
CVE-2017-16236
	RESERVED
CVE-2017-16235
	RESERVED
CVE-2017-16234
	RESERVED
CVE-2017-16233
	RESERVED
CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS  ...)
	NOT-FOR-US: D-Link devices
CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2017-16232 (** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, ...)
	- tiff <unfixed> (unimportant)
	NOTE: http://seclists.org/oss-sec/2017/q4/168
	NOTE: Related commit: https://gitlab.com/libtiff/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0
	NOTE: This is actually only a partial fix, but upstream will not fix it completely.
	NOTE: The related commit is included in 4.0.9. The underlying memory-based DOS
	NOTE: would still be present.
CVE-2017-16231 (** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC ...)
	- pcre3 <unfixed> (unimportant)
CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the  ...)
	NOT-FOR-US: Typecho
CVE-2017-16229 (In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based b ...)
	- ruby-ox 2.8.2-1
	[stretch] - ruby-ox <no-dsa> (Minor issue)
	[jessie] - ruby-ox <no-dsa> (Minor issue)
	NOTE: https://github.com/ohler55/ox/issues/195
	NOTE: https://github.com/ohler55/ox/pull/196
	NOTE: https://github.com/ohler55/ox/commit/0708ae44faf2ffc3d9330daf6ae023859a8b168b
CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote a ...)
	- dulwich 0.18.5-1
	[stretch] - dulwich <no-dsa> (Minor issue)
	[jessie] - dulwich <no-dsa> (Minor issue)
	[wheezy] - dulwich <no-dsa> (Minor issue)
	NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/
	NOTE: This is similar class of issue as for CVE-2017-1000117/git
	NOTE: But needs a separate CVE since different codebasis.
CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 al ...)
	{DSA-4011-1 DLA-1152-1}
	- quagga 1.2.2-1 (bug #879474)
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
CVE-2017-16226 (The static-eval module is intended to evaluate statically-analyzable e ...)
	NOT-FOR-US: static-eval module
CVE-2017-16225 (aegir is a module to help automate JavaScript project management. Vers ...)
	NOT-FOR-US: aegir
CVE-2017-16224 (st is a module for serving static files. An attacker is able to craft  ...)
	NOT-FOR-US: st
CVE-2017-16223 (nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a direct ...)
	NOT-FOR-US: nodeaaaaa
CVE-2017-16222 (elding is a simple web server. elding is vulnerable to a directory tra ...)
	NOT-FOR-US: elding
CVE-2017-16221 (yzt is a simple file server. yzt is vulnerable to a directory traversa ...)
	NOT-FOR-US: yzt
CVE-2017-16220 (wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory tr ...)
	NOT-FOR-US: wind-mvc
CVE-2017-16219 (yttivy is a static file server. yttivy is vulnerable to a directory tr ...)
	NOT-FOR-US: yttivy
CVE-2017-16218 (dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a di ...)
	NOT-FOR-US: dgard8.lab6
CVE-2017-16217 (fbr-client sends files through sockets via socket.io and webRTC. fbr-c ...)
	NOT-FOR-US: fbr-client
CVE-2017-16216 (tencent-server is a simple web server. tencent-server is vulnerable to ...)
	NOT-FOR-US: tencent-server
CVE-2017-16215 (sgqserve is a simple file server. sgqserve is vulnerable to a director ...)
	NOT-FOR-US: sgqserve
CVE-2017-16214 (peiserver is a static file server. peiserver is vulnerable to a direct ...)
	NOT-FOR-US: peiserver
CVE-2017-16213 (mfrserver is a simple file server. mfrserver is vulnerable to a direct ...)
	NOT-FOR-US: mfrserver
CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory traversa ...)
	NOT-FOR-US: ltt
CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to a direct ...)
	NOT-FOR-US: lessindex
CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is vulnerable to a  ...)
	NOT-FOR-US: jn_jj_server
CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a directory ...)
	NOT-FOR-US: enserver
CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a direc ...)
	NOT-FOR-US: dmmcquay.lab6
CVE-2017-16207 (discordi.js is a malicious module based on the discord.js library that ...)
	NOT-FOR-US: discordi.js
CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a user's pr ...)
	NOT-FOR-US: cofee-script
CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a user's pri ...)
	NOT-FOR-US: coffescript
CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's private S ...)
	NOT-FOR-US: jquey
CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a user's pr ...)
	NOT-FOR-US: coffe-script
CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a user's pri ...)
	NOT-FOR-US: cofeescript
CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to a direct ...)
	NOT-FOR-US: zjjserver
CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a dire ...)
	NOT-FOR-US: uv-tj-demo
CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a director ...)
	NOT-FOR-US: sus-sum
CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory travers ...)
	NOT-FOR-US: ritp
CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a director ...)
	NOT-FOR-US: sinserve
CVE-2017-16196 (quickserver is a simple static file server. quickserver is vulnerable  ...)
	NOT-FOR-US: quickserver
CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to a direct ...)
	NOT-FOR-US: pytservce
CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a directory trave ...)
	NOT-FOR-US: picard
CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a directory traver ...)
	NOT-FOR-US: mfrs
CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerab ...)
	NOT-FOR-US: getcityapi.yoehoehne
CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to a direct ...)
	NOT-FOR-US: cypserver
CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a dire ...)
	NOT-FOR-US: dcdcdcdcdc
CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a directory ...)
	NOT-FOR-US: sly07
CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a directory trav ...)
	NOT-FOR-US: reecerver
CVE-2017-16187 (open-device creates a web interface for any device. open-device is vul ...)
	NOT-FOR-US: open-device
CVE-2017-16186 (360class.jansenhm is a static file server. 360class.jansenhm is vulner ...)
	NOT-FOR-US: 360class.jansenhm
CVE-2017-16185 (uekw1511server is a static file server. uekw1511server is vulnerable t ...)
	NOT-FOR-US: uekw1511server
CVE-2017-16184 (scott-blanch-weather-app is a sample Node.js app using Express 4. scot ...)
	NOT-FOR-US: scott-blanch-weather-app
CVE-2017-16183 (iter-server is a static file server. iter-server is vulnerable to a di ...)
	NOT-FOR-US: iter-server
CVE-2017-16182 (serverxxx is a static file server. serverxxx is vulnerable to a direct ...)
	NOT-FOR-US: serverxxx
CVE-2017-16181 (wintiwebdev is a static file server. wintiwebdev is vulnerable to a di ...)
	NOT-FOR-US: wintiwebdev
CVE-2017-16180 (serverabc is a static file server. serverabc is vulnerable to a direct ...)
	NOT-FOR-US: serverabc
CVE-2017-16179 (dasafio is a web server. dasafio is vulnerable to a directory traversa ...)
	NOT-FOR-US: dasafio
CVE-2017-16178 (intsol-package is a file server. intsol-package is vulnerable to a dir ...)
	NOT-FOR-US: intsol-package
CVE-2017-16177 (chatbyvista is a file server. chatbyvista is vulnerable to a directory ...)
	NOT-FOR-US: chatbyvista
CVE-2017-16176 (jansenstuffpleasework is a file server. jansenstuffpleasework is vulne ...)
	NOT-FOR-US: jansenstuffpleasework
CVE-2017-16175 (ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a direc ...)
	NOT-FOR-US: ewgaddis.lab6
CVE-2017-16174 (whispercast is a file server. whispercast is vulnerable to a directory ...)
	NOT-FOR-US: whispercast
CVE-2017-16173 (utahcityfinder constructs lists of Utah cities with a certain prefix.  ...)
	NOT-FOR-US: utahcityfinder
CVE-2017-16172 (section2.madisonjbrooks12 is a simple web server. section2.madisonjbro ...)
	NOT-FOR-US: section2.madisonjbrooks12
CVE-2017-16171 (hcbserver is a static file server. hcbserver is vulnerable to a direct ...)
	NOT-FOR-US: hcbserver
CVE-2017-16170 (liuyaserver is a static file server. liuyaserver is vulnerable to a di ...)
	NOT-FOR-US: liuyaserver
CVE-2017-16169 (looppake is a simple http server. looppake is vulnerable to a director ...)
	NOT-FOR-US: looppake
CVE-2017-16168 (wffserve is vulnerable to a directory traversal issue, giving an attac ...)
	NOT-FOR-US: wffserve
CVE-2017-16167 (yyooopack is a simple file server. yyooopack is vulnerable to a direct ...)
	NOT-FOR-US: yyooopack
CVE-2017-16166 (byucslabsix is an http server. byucslabsix is vulnerable to a director ...)
	NOT-FOR-US: byucslabsix
CVE-2017-16165 (calmquist.static-server is a static file server. calmquist.static-serv ...)
	NOT-FOR-US: calmquist.static-server
CVE-2017-16164 (desafio is a simple web server. desafio is vulnerable to a directory t ...)
	NOT-FOR-US: desafio
CVE-2017-16163 (dylmomo is a simple file server. dylmomo is vulnerable to a directory  ...)
	NOT-FOR-US: dylmomo
CVE-2017-16162 (22lixian is a simple file server. 22lixian is vulnerable to a director ...)
	NOT-FOR-US: 22lixian
CVE-2017-16161 (shenliru is a simple file server. shenliru is vulnerable to a director ...)
	NOT-FOR-US: shenliru
CVE-2017-16160 (11xiaoli is a simple file server. 11xiaoli is vulnerable to a director ...)
	NOT-FOR-US: 11xiaoli
CVE-2017-16159 (caolilinode is a simple file server. caolilinode is vulnerable to a di ...)
	NOT-FOR-US: caolilinode
CVE-2017-16158 (dcserver is a static file server. dcserver is vulnerable to a director ...)
	NOT-FOR-US: dcserver
CVE-2017-16157 (censorify.tanisjr is a simple web server and API RESTful service. cens ...)
	NOT-FOR-US: censorify.tanisjr
CVE-2017-16156 (myprolyz is a static file server. myprolyz is vulnerable to a director ...)
	NOT-FOR-US: myprolyz
CVE-2017-16155 (fast-http-cli is the command line interface for fast-http, a simple we ...)
	NOT-FOR-US: fast-http-cli
CVE-2017-16154 (earlybird is a web server module for early development. earlybird is v ...)
	NOT-FOR-US: earlybird
CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an attac ...)
	NOT-FOR-US: gaoxuyan
CVE-2017-16152 (static-html-server is a static file server. static-html-server is vuln ...)
	NOT-FOR-US: static-html-server
CVE-2017-16151 (Based on details posted by the ElectronJS team; A remote code executio ...)
	NOT-FOR-US: Electron
CVE-2017-16150 (wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to  ...)
	NOT-FOR-US: wanggoujing123
CVE-2017-16149 (zwserver is a weather web server. zwserver is vulnerable to a director ...)
	NOT-FOR-US: zwserver
CVE-2017-16148 (serve46 is a static file server. serve46 is vulnerable to a directory  ...)
	NOT-FOR-US: serve46
CVE-2017-16147 (shit-server is a file server. shit-server is vulnerable to a directory ...)
	NOT-FOR-US: shit-server
CVE-2017-16146 (mockserve is a file server. mockserve is vulnerable to a directory tra ...)
	NOT-FOR-US: mockserve
CVE-2017-16145 (sspa is a server dedicated to single-page apps. sspa is vulnerable to  ...)
	NOT-FOR-US: sspa
CVE-2017-16144 (myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vul ...)
	NOT-FOR-US: myserver.alexcthomas18
CVE-2017-16143 (commentapp.stetsonwood is an http server. commentapp.stetsonwood is vu ...)
	NOT-FOR-US: commentapp.stetsonwood
CVE-2017-16142 (infraserver is a RESTful server. infraserver is vulnerable to a direct ...)
	NOT-FOR-US: infraserver
CVE-2017-16141 (lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a di ...)
	NOT-FOR-US: lab6drewfusbyu
CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory ...)
	NOT-FOR-US: lab6.brit95
CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal i ...)
	NOT-FOR-US: jikes
CVE-2017-16138 (The mime module &lt; 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expr ...)
	- node-mime 2.3.1-1 (unimportant; bug #901277)
	NOTE: https://github.com/broofa/node-mime/issues/167
	NOTE: https://nodesecurity.io/advisories/535
	NOTE: https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x)
	NOTE: https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x)
	NOTE: nodejs not covered by security support
CVE-2017-16137 (The debug module is vulnerable to regular expression denial of service ...)
	- node-debug 3.1.0-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/534
	NOTE: nodejs not covered by security support
CVE-2017-16136 (method-override is a module used by the Express.js framework to let yo ...)
	NOT-FOR-US: method-override nodejs module
CVE-2017-16135 (serverzyy is a static file server. serverzyy is vulnerable to a direct ...)
	NOT-FOR-US: serverzyy
CVE-2017-16134 (http_static_simple is an http server. http_static_simple is vulnerable ...)
	NOT-FOR-US: http_static_simple
CVE-2017-16133 (goserv is an http server. goserv is vulnerable to a directory traversa ...)
	NOT-FOR-US: goserv
CVE-2017-16132 (simple-npm-registry is a local npm package cache. simple-npm-registry  ...)
	NOT-FOR-US: simple-npm-registry
CVE-2017-16131 (unicorn-list is a web framework. unicorn-list is vulnerable to a direc ...)
	NOT-FOR-US: unicorn-list
CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxx ...)
	NOT-FOR-US: exxxxxxxxxxx
CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb attacks. I ...)
	- node-superagent 0.20.0+dfsg-2
	[stretch] - node-superagent 0.20.0+dfsg-1+deb9u2
	[jessie] - node-superagent <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://github.com/visionmedia/superagent/issues/1259
	NOTE: https://nodesecurity.io/advisories/479
CVE-2017-16128 (The module npm-script-demo opened a connection to a command and contro ...)
	NOT-FOR-US: npm-script-demo
CVE-2017-16127 (The module pandora-doomsday infects other modules. It's since been unp ...)
	NOT-FOR-US: pandora-doomsday
CVE-2017-16126 (The module botbait is a tool to be used to track bot and automated too ...)
	NOT-FOR-US: botbait
CVE-2017-16125 (rtcmulticonnection-client is a signaling implementation for RTCMultiCo ...)
	NOT-FOR-US: rtcmulticonnection-client
CVE-2017-16124 (node-server-forfront is a simple static file server. node-server-forfr ...)
	NOT-FOR-US: node-server-forfront
CVE-2017-16123 (welcomyzt is a simple file server. welcomyzt is vulnerable to a direct ...)
	NOT-FOR-US: welcomyzt
CVE-2017-16122 (cuciuci is a simple fileserver. cuciuci is vulnerable to a directory t ...)
	NOT-FOR-US: cuciuci
CVE-2017-16121 (datachannel-client is a signaling implementation for DataChannel.js. d ...)
	NOT-FOR-US: datachannel-client
CVE-2017-16120 (liyujing is a static file server. liyujing is vulnerable to a director ...)
	NOT-FOR-US: liyujing
CVE-2017-16119 (Fresh is a module used by the Express.js framework for HTTP response f ...)
	- node-fresh 0.2.0-2 (bug #927715)
	[stretch] - node-fresh <end-of-life> (Nodejs in stretch not covered by security support)
	[jessie] - node-fresh <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://nodesecurity.io/advisories/526
CVE-2017-16118 (The forwarded module is used by the Express.js framework to handle the ...)
	NOT-FOR-US: forwarded nodejs module
CVE-2017-16117 (slug is a module to slugify strings, even if they contain unicode. slu ...)
	NOT-FOR-US: slug node module
CVE-2017-16116 (The string module is a module that provides extra string operations. T ...)
	NOT-FOR-US: string node module
CVE-2017-16115 (The timespan module is vulnerable to regular expression denial of serv ...)
	NOT-FOR-US: timespane node module
CVE-2017-16114 (The marked module is vulnerable to a regular expression denial of serv ...)
	- node-marked 0.3.9+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/531
CVE-2017-16113 (The parsejson module is vulnerable to regular expression denial of ser ...)
	NOT-FOR-US: parsejson node module
CVE-2017-16112
	REJECTED
CVE-2017-16111 (The content module is a module to parse HTTP Content-* headers. It is  ...)
	NOT-FOR-US: node content
CVE-2017-16110 (weather.swlyons is a simple web server for weather updates. weather.sw ...)
	NOT-FOR-US: weather.swlyons
CVE-2017-16109 (easyquick is a simple web server. easyquick is vulnerable to a directo ...)
	NOT-FOR-US: easyquick
CVE-2017-16108 (gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerab ...)
	NOT-FOR-US: gaoxiaotingtingting
CVE-2017-16107 (pooledwebsocket is vulnerable to a directory traversal issue, giving a ...)
	NOT-FOR-US: pooledwebsocket
CVE-2017-16106 (tmock is a static file server. tmock is vulnerable to a directory trav ...)
	NOT-FOR-US: tmock
CVE-2017-16105 (serverwzl is a simple http server. serverwzl is vulnerable to a direct ...)
	NOT-FOR-US: serverwzl
CVE-2017-16104 (citypredict.whauwiller is vulnerable to a directory traversal issue, g ...)
	NOT-FOR-US: citypredict.whauwiller
CVE-2017-16103 (serveryztyzt is a simple http server. serveryztyzt is vulnerable to a  ...)
	NOT-FOR-US: serveryztyzt
CVE-2017-16102 (serverhuwenhui is a simple http server. serverhuwenhui is vulnerable t ...)
	NOT-FOR-US: serverhuwenhui
CVE-2017-16101 (serverwg is a simple http server. serverwg is vulnerable to a director ...)
	NOT-FOR-US: serverwg
CVE-2017-16100 (dns-sync is a sync/blocking dns resolver. If untrusted user input is a ...)
	NOT-FOR-US: dns-sync
CVE-2017-16099 (The no-case module is vulnerable to regular expression denial of servi ...)
	NOT-FOR-US: no-case
CVE-2017-16098 (charset 1.0.0 and below are vulnerable to regular expression denial of ...)
	NOT-FOR-US: charset
CVE-2017-16097 (tiny-http is a simple http server. tiny-http is vulnerable to a direct ...)
	NOT-FOR-US: tiny-http
CVE-2017-16096 (serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable t ...)
	NOT-FOR-US: serveryaozeyan
CVE-2017-16095 (serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable ...)
	NOT-FOR-US: serverliujiayi1
CVE-2017-16094 (iter-http is a server for static files. iter-http is vulnerable to a d ...)
	NOT-FOR-US: iter-http
CVE-2017-16093 (cyber-js is a simple http server. A cyberjs server is vulnerable to a  ...)
	NOT-FOR-US: cyber-js
CVE-2017-16092 (Sencisho is a simple http server for local development. Sencisho is vu ...)
	NOT-FOR-US: Sencisho
CVE-2017-16091 (xtalk helps your browser talk to nodex, a simple web framework. xtalk  ...)
	NOT-FOR-US: xtalk (not the chat client)
CVE-2017-16090 (fsk-server is a simple http server. fsk-server is vulnerable to a dire ...)
	NOT-FOR-US: fsk-server
CVE-2017-16089 (serverlyr is a simple http server. serverlyr is vulnerable to a direct ...)
	NOT-FOR-US: serverlyr
CVE-2017-16088 (The safe-eval module describes itself as a safer version of eval. By a ...)
	NOT-FOR-US: safe-eval
CVE-2017-16087
	RESERVED
CVE-2017-16086 (ua-parser is a port of Browserscope's user agent parser. ua-parser is  ...)
	NOT-FOR-US: ua-parser
CVE-2017-16085 (tinyserver2 is a webserver for static files. tinyserver2 is vulnerable ...)
	NOT-FOR-US: tinyserver2
CVE-2017-16084 (list-n-stream is a server for static files to list and stream local vi ...)
	NOT-FOR-US: list-n-stream
CVE-2017-16083 (node-simple-router is a minimalistic router for Node. node-simple-rout ...)
	NOT-FOR-US: node-simple-router
CVE-2017-16082 (A remote code execution vulnerability was found within the pg module w ...)
	- node-postgres 7.7.1-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/521
	NOTE: nodejs not covered by security support
CVE-2017-16081 (cross-env.js was a malicious module published with the intent to hijac ...)
	NOT-FOR-US: malicious node module
CVE-2017-16080 (nodesass was a malicious module published with the intent to hijack en ...)
	NOT-FOR-US: malicious node module
CVE-2017-16079 (smb was a malicious module published with the intent to hijack environ ...)
	NOT-FOR-US: malicious node module
CVE-2017-16078 (shadowsock was a malicious module published with the intent to hijack  ...)
	NOT-FOR-US: malicious node module
CVE-2017-16077 (mongose was a malicious module published with the intent to hijack env ...)
	NOT-FOR-US: malicious node module
CVE-2017-16076 (proxy.js was a malicious module published with the intent to hijack en ...)
	NOT-FOR-US: malicious node module
CVE-2017-16075 (http-proxy.js was a malicious module published with the intent to hija ...)
	NOT-FOR-US: malicious node module
CVE-2017-16074 (crossenv was a malicious module published with the intent to hijack en ...)
	NOT-FOR-US: malicious node module
CVE-2017-16073 (noderequest was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16072 (nodemailer.js was a malicious module published with the intent to hija ...)
	NOT-FOR-US: malicious node module
CVE-2017-16071 (nodemailer-js was a malicious module published with the intent to hija ...)
	NOT-FOR-US: malicious node module
CVE-2017-16070 (nodecaffe was a malicious module published with the intent to hijack e ...)
	NOT-FOR-US: malicious node module
CVE-2017-16069 (nodeffmpeg was a malicious module published with the intent to hijack  ...)
	NOT-FOR-US: malicious node module
CVE-2017-16068 (ffmepg was a malicious module published with the intent to hijack envi ...)
	NOT-FOR-US: malicious node module
CVE-2017-16067 (node-opencv was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16066 (opencv.js was a malicious module published with the intent to hijack e ...)
	NOT-FOR-US: malicious node module
CVE-2017-16065 (openssl.js was a malicious module published with the intent to hijack  ...)
	NOT-FOR-US: malicious node module
CVE-2017-16064 (node-openssl was a malicious module published with the intent to hijac ...)
	NOT-FOR-US: malicious node module
CVE-2017-16063 (node-opensl was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16062 (node-tkinter was a malicious module published with the intent to hijac ...)
	NOT-FOR-US: malicious node module
CVE-2017-16061 (tkinter was a malicious module published with the intent to hijack env ...)
	NOT-FOR-US: malicious node module
CVE-2017-16060 (babelcli was a malicious module published with the intent to hijack en ...)
	NOT-FOR-US: malicious node module
CVE-2017-16059 (mssql-node was a malicious module published with the intent to hijack  ...)
	NOT-FOR-US: malicious node module
CVE-2017-16058 (gruntcli was a malicious module published with the intent to hijack en ...)
	NOT-FOR-US: malicious node module
CVE-2017-16057 (nodemssql was a malicious module published with the intent to hijack e ...)
	NOT-FOR-US: malicious node module
CVE-2017-16056 (mssql.js was a malicious module published with the intent to hijack en ...)
	NOT-FOR-US: malicious node module
CVE-2017-16055 (`sqlserver` was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16054 (`nodefabric` was a malicious module published with the intent to hijac ...)
	NOT-FOR-US: malicious node module
CVE-2017-16053 (`fabric-js` was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16052 (`node-fabric` was a malicious module published with the intent to hija ...)
	NOT-FOR-US: malicious node module
CVE-2017-16051 (`sqliter` was a malicious module published with the intent to hijack e ...)
	NOT-FOR-US: malicious node module
CVE-2017-16050 (`sqlite.js` was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16049 (`nodesqlite` was a malicious module published with the intent to hijac ...)
	NOT-FOR-US: malicious node module
CVE-2017-16048 (`node-sqlite` was a malicious module published with the intent to hija ...)
	NOT-FOR-US: malicious node module
CVE-2017-16047 (mysqljs was a malicious module published with the intent to hijack env ...)
	NOT-FOR-US: malicious node module
CVE-2017-16046 (`mariadb` was a malicious module published with the intent to hijack e ...)
	NOT-FOR-US: malicious node module
CVE-2017-16045 (`jquery.js` was a malicious module published with the intent to hijack ...)
	NOT-FOR-US: malicious node module
CVE-2017-16044 (`d3.js` was a malicious module published with the intent to hijack env ...)
	NOT-FOR-US: malicious node module
CVE-2017-16043 (Shout is an IRC client. Because the `/topic` command in messages is un ...)
	NOT-FOR-US: Shout
CVE-2017-16042 (Growl adds growl notification support to nodejs. Growl before 1.10.2 d ...)
	- node-growl 1.10.5-1 (unimportant; bug #900868)
	[stretch] - node-growl 1.7.0-1+deb9u1
	NOTE: Issue: https://github.com/tj/node-growl/issues/60
	NOTE: https://github.com/tj/node-growl/pull/61
	NOTE: https://nodesecurity.io/advisories/146
	NOTE: nodejs not covered by security support
CVE-2017-16041 (ikst versions before 1.1.2 download resources over HTTP, which leaves  ...)
	NOT-FOR-US: ikst
CVE-2017-16040 (gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass  ...)
	NOT-FOR-US: gfe-sass
CVE-2017-16039 (`hftp` is a static http or ftp server `hftp` is vulnerable to a direct ...)
	NOT-FOR-US: hftp
CVE-2017-16038 (`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversa ...)
	NOT-FOR-US: f2e-server
CVE-2017-16037 (`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allo ...)
	NOT-FOR-US: gomeplus-h5-proxy
CVE-2017-16036 (`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `ba ...)
	NOT-FOR-US: badjs-sourcemap-server
CVE-2017-16035 (The hubl-server module is a wrapper for the HubL Development Server. D ...)
	NOT-FOR-US: hubl-server
CVE-2017-16034
	RESERVED
CVE-2017-16033
	RESERVED
CVE-2017-16032
	RESERVED
CVE-2017-16031 (Socket.io is a realtime application framework that provides communicat ...)
	NOT-FOR-US: Socket.io
CVE-2017-16030 (Useragent is used to parse useragent headers. It uses several regular  ...)
	NOT-FOR-US: useragent nodejs module
CVE-2017-16029 (hostr is a simple web server that serves up the contents of the curren ...)
	NOT-FOR-US: hostr
CVE-2017-16028 (react-native-meteor-oauth is a library for Oauth2 login to a Meteor se ...)
	NOT-FOR-US: react-native-meteor-oauth
CVE-2017-16027
	RESERVED
CVE-2017-16026 (Request is an http client. If a request is made using ```multipart```, ...)
	- node-request 2.88.1-1 (bug #901708)
	[stretch] - node-request <end-of-life> (Nodejs in stretch not covered by security support)
	[jessie] - node-request <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://github.com/request/request/issues/1904
	NOTE: https://nodesecurity.io/advisories/309
	NOTE: https://github.com/request/request/pull/2018
CVE-2017-16025 (Nes is a websocket extension library for hapi. Hapi is a webserver fra ...)
	NOT-FOR-US: Nes
CVE-2017-16024 (The sync-exec module is used to simulate child_process.execSync in nod ...)
	NOT-FOR-US: sync-exec
CVE-2017-16023 (Decamelize is used to convert a dash/dot/underscore/space separated st ...)
	- node-decamelize <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/sindresorhus/decamelize/issues/5
	NOTE: https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0
	NOTE: nodejs not covered by security support
CVE-2017-16022 (Morris.js creates an svg graph, with labels that appear when hovering  ...)
	NOT-FOR-US: Morris.js
CVE-2017-16021 (uri-js is a module that tries to fully implement RFC 3986. One of thes ...)
	NOT-FOR-US: uri-js nodejs module
CVE-2017-16020 (Summit is a node web framework. When using the PouchDB driver in the m ...)
	NOT-FOR-US: Summit
CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for building beau ...)
	NOT-FOR-US: GitBook
CVE-2017-16018 (Restify is a framework for building REST APIs. Restify &gt;=2.0.0 &lt; ...)
	NOT-FOR-US: Restify
CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious valu ...)
	NOT-FOR-US: sanitize-html
CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious value ...)
	NOT-FOR-US: sanitize-html
CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before 1.3 ...)
	NOT-FOR-US: Forms
CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are handle ...)
	- node-http-proxy <itp> (bug #896978)
	NOTE: https://nodesecurity.io/advisories/323
	NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101
CVE-2017-16013 (hapi is a web and services application framework. When hapi &gt;= 15.0 ...)
	NOT-FOR-US: hapi
CVE-2017-16012
	REJECTED
CVE-2017-16011
	REJECTED
CVE-2017-16010 (i18next is a language translation framework. When using the .init meth ...)
	- libjs-i18next <unfixed> (unimportant)
	NOTE: https://github.com/i18next/i18next/pull/826
	NOTE: https://nodesecurity.io/advisories/326
	NOTE: nodejs not covered by security support
CVE-2017-16009 (ag-grid is an advanced data grid that is library agnostic. ag-grid is  ...)
	NOT-FOR-US: ag-grid
CVE-2017-16008 (i18next is a language translation framework. Because of how the interp ...)
	NOT-FOR-US: i18next
CVE-2017-16007 (node-jose is a JavaScript implementation of the JSON Object Signing an ...)
	NOT-FOR-US: node-jose
CVE-2017-16006 (Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkab ...)
	NOT-FOR-US: Remarkable
CVE-2017-16005 (Http-signature is a "Reference implementation of Joyent's HTTP Signatu ...)
	- node-http-signature <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/joyent/node-http-signature/issues/10
	NOTE: https://nodesecurity.io/advisories/318
	NOTE: nodejs not covered by security support
CVE-2017-16004
	RESERVED
CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools for Win ...)
	NOT-FOR-US: windows-build-tools
CVE-2017-16002
	RESERVED
CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion)  ...)
	NOT-FOR-US: VMware
CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface (aka eo ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15999 (In the "NQ Contacts Backup &amp; Restore" application 1.1 for Android, ...)
	NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15998 (In the "NQ Contacts Backup &amp; Restore" application 1.1 for Android, ...)
	NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15997 (In the "NQ Contacts Backup &amp; Restore" application 1.1 for Android, ...)
	NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to c ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22361
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b
CVE-2017-15995
	RESERVED
CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...)
	NOT-FOR-US: mystem-fix
CVE-2016-10697 (react-native-baidu-voice-synthesizer is a baidu voice speech synthesiz ...)
	NOT-FOR-US: react-native-baidu-voice-synthesizer
CVE-2016-10696 (windows-latestchromedriver downloads the latest version of chromedrive ...)
	NOT-FOR-US: windows-latestchromedriver
CVE-2016-10695 (The npm-test-sqlite3-trunk module provides asynchronous, non-blocking  ...)
	NOT-FOR-US: npm-test-sqlite3-trunk
CVE-2016-10694 (alto-saxophone is a module to install and launch Chromedriver for Mac, ...)
	NOT-FOR-US: alto-saxophone
CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka server pm2-ka ...)
	NOT-FOR-US: pm2-kafka
CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim download ...)
	NOT-FOR-US: haxeshim
CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium Jar file w ...)
	NOT-FOR-US: windows-seleniumjar
CVE-2016-10690 (openframe-ascii-image module is an openframe plugin which adds support ...)
	NOT-FOR-US: openframe-ascii-image
CVE-2016-10689 (The windows-iedriver module downloads fixed version of iedriverserver. ...)
	NOT-FOR-US: The windows-iedriver
CVE-2016-10688 (Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoeb ...)
	NOT-FOR-US: Haxe node module, different from src:haxe
CVE-2016-10687 (windows-selenium-chromedriver is a module that downloads the Selenium  ...)
	NOT-FOR-US: windows-selenium-chromedriver
CVE-2016-10686 (fis-sass-all is another libsass wrapper for node. fis-sass-all downloa ...)
	NOT-FOR-US: fis-sass-all
CVE-2016-10685 (pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox dow ...)
	NOT-FOR-US: pk-app-wonderbox
CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health Center agent ...)
	NOT-FOR-US: IBM
CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it vulnerable to  ...)
	NOT-FOR-US: arcanist node module, different from src:arcanist
CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...)
	NOT-FOR-US: massif
CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add sup ...)
	NOT-FOR-US: roslib-socketio
CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation o ...)
	NOT-FOR-US: adamvr-geoip-lite
CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to  ...)
	NOT-FOR-US: selenium-standalone-painful
CVE-2016-10678 (serc.js is a Selenium RC process wrapper serc.js downloads binary reso ...)
	NOT-FOR-US: serc.js
CVE-2016-10677 (google-closure-tools-latest is a Node.js module wrapper for downloadin ...)
	NOT-FOR-US: google-closure-tools-latest
CVE-2016-10676 (rs-brightcove is a wrapper around brightcove's web api rs-brightcove d ...)
	NOT-FOR-US: rs-brightcove
CVE-2016-10675 (libsbmlsim is a module that installs linux binaries for libsbmlsim lib ...)
	NOT-FOR-US: libsbmlsim
CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ve ...)
	NOT-FOR-US: limbus-buildgen
CVE-2016-10673 (ipip-coffee queries geolocation information from IP ipip-coffee downlo ...)
	NOT-FOR-US: ipip-coffee
CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis  ...)
	NOT-FOR-US: cloudpub-redis
CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper d ...)
	NOT-FOR-US: mystem-wrapper
CVE-2016-10670 (windows-seleniumjar-mirror downloads the Selenium Jar file windows-sel ...)
	NOT-FOR-US: windows-seleniumjar-mirror
CVE-2016-10669 (soci downloads binary resources over HTTP, which leaves it vulnerable  ...)
	NOT-FOR-US: soci
CVE-2016-10668 (libsbml is a module that installs Linux binaries for libSBML libsbml d ...)
	NOT-FOR-US: libsbml node integration, different from src:libsml
CVE-2016-10667 (selenium-portal is a Selenium Testing Framework selenium-portal downlo ...)
	NOT-FOR-US: selenium-portal
CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...)
	NOT-FOR-US: tomita-parser
CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on libtins  ...)
	NOT-FOR-US: herbivore
CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text analyzer by Yan ...)
	NOT-FOR-US: mystem
CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset binaries wix ...)
	NOT-FOR-US: wixtoolset
CVE-2016-10662 (tomita is a node wrapper for Yandex Tomita Parser tomita downloads bin ...)
	NOT-FOR-US: tomita
CVE-2016-10661 (phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu dow ...)
	NOT-FOR-US: phantomjs-cheniu
CVE-2016-10660 (fis-parser-sass-bin a plugin for fis to compile sass using node-sass-b ...)
	NOT-FOR-US: fis-parser-sass-bin
CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for co ...)
	NOT-FOR-US: nodejs poco module
CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv do ...)
	NOT-FOR-US: native-opencv binding for node, different from src:opencv
CVE-2016-10657 (co-cli-installer downloads the co-cli module as part of the install pr ...)
	NOT-FOR-US: co-cli-installer
CVE-2016-10656 (qbs is a build tool that helps simplify the build process for developi ...)
	NOT-FOR-US: npm qbs (different from src:qbs)
CVE-2016-10655 (The clang-extra module installs LLVM's clang-extra tools. clang-extra  ...)
	NOT-FOR-US: npm clang-extra
CVE-2016-10654 (sfml downloads resources over HTTP, which leaves it vulnerable to MITM ...)
	NOT-FOR-US: node-sfml
CVE-2016-10653 (xd-testing is a testing library for cross-device (XD) web applications ...)
	NOT-FOR-US: node xp-testing
CVE-2016-10652 (prebuild-lwip is a module for comprehensive, fast, and simple image pr ...)
	NOT-FOR-US: node prebuild-lwip
CVE-2016-10651 (webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver ...)
	NOT-FOR-US: webdriver-launcher
CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads b ...)
	NOT-FOR-US: ntfserver
CVE-2016-10649 (frames-compiler downloads binary resources over HTTP, which leaves it  ...)
	NOT-FOR-US: frames-compiler
CVE-2016-10648 (marionette-socket-host is a marionette-js-runner host for sending acti ...)
	NOT-FOR-US: marionette-socket-host
CVE-2016-10647 (node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary r ...)
	NOT-FOR-US: node-air-sdk
CVE-2016-10646 (resourcehacker is a Node wrapper of Resource Hacker (windows executabl ...)
	NOT-FOR-US: resourcehacker
CVE-2016-10645 (grunt-images is a grunt plugin for processing images. grunt-images dow ...)
	NOT-FOR-US: grunt-images
CVE-2016-10644 (slimerjs-edge is a npm wrapper for installing the bleeding edge versio ...)
	NOT-FOR-US: slimerjs-edge
CVE-2016-10643 (jstestdriver is a wrapper for Google's jstestdriver. jstestdriver down ...)
	NOT-FOR-US: jstestdriver
CVE-2016-10642 (cmake installs the cmake x86 linux binaries. cmake downloads binary re ...)
	NOT-FOR-US: cmake node intregration
CVE-2016-10641 (node-bsdiff-android downloads resources over HTTP, which leaves it vul ...)
	NOT-FOR-US: node-bsdiff-android
CVE-2016-10640 (node-thulac is a node binding for thulac. node-thulac downloads binary ...)
	NOT-FOR-US: node-thulac
CVE-2016-10639 (redis-srvr is a npm wrapper for redis-server. redis-srvr downloads bin ...)
	NOT-FOR-US: redis-srvr
CVE-2016-10638 (js-given is a JavaScript frontend to jgiven. js-given downloads binary ...)
	NOT-FOR-US: js-given
CVE-2016-10637 (haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resour ...)
	NOT-FOR-US: haxe-dev, different from src:haxe
CVE-2016-10636 (grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler do ...)
	NOT-FOR-US: grunt-ccompiler
CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-c ...)
	NOT-FOR-US: broccoli-closure
CVE-2016-10634 (scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone ...)
	NOT-FOR-US: scala-standalone-bin
CVE-2016-10633 (dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp ...)
	NOT-FOR-US: dwebp-bin
CVE-2016-10632 (apk-parser2 is a module which extracts Android Manifest info from an A ...)
	NOT-FOR-US: apk-parser2
CVE-2016-10631 (jvminstall is a module for downloading and unpacking jvm to local syst ...)
	NOT-FOR-US: jvminstall
CVE-2016-10630 (install-g-test downloads resources over HTTP, which leaves it vulnerab ...)
	NOT-FOR-US: install-g-test
CVE-2016-10629 (nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloa ...)
	NOT-FOR-US: nw-with-arm
CVE-2016-10628 (selenium-wrapper is a selenium server wrapper, including installation  ...)
	NOT-FOR-US: selenium-wrapper
CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary re ...)
	NOT-FOR-US: scala-bin
CVE-2016-10626 (mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads ...)
	NOT-FOR-US: mystem3
CVE-2016-10625 (headless-browser-lite is a minimal npm installer for phantomjs and sli ...)
	NOT-FOR-US: headless-browser-lite
CVE-2016-10624 (selenium-chromedriver is a simple utility for downloading the Selenium ...)
	NOT-FOR-US: selenium-chromedriver
CVE-2016-10623 (macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedr ...)
	NOT-FOR-US: macaca-chromedriver-zxa
CVE-2016-10622 (nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschn ...)
	NOT-FOR-US: nodeschnaps
CVE-2016-10621 (fibjs is a runtime for javascript applictions built on google v8 JS. f ...)
	NOT-FOR-US: fibjs
CVE-2016-10620 (atom-node-module-installer installs node modules for atom-shell applic ...)
	NOT-FOR-US: atom-node-module-installer
CVE-2016-10619 (pennyworth is a natural language templating engine. pennyworth downloa ...)
	NOT-FOR-US: pennyworth
CVE-2016-10618 (node-browser is a wrapper webdriver by nodejs. node-browser downloads  ...)
	NOT-FOR-US: node-browser
CVE-2016-10617 (box2d-native downloads binary resources over HTTP, which leaves it vul ...)
	NOT-FOR-US: box2d-native (different from src:box2d)
CVE-2016-10616 (openframe-image is an Openframe extension which adds support for image ...)
	NOT-FOR-US: openframe-image
CVE-2016-10615 (curses is bindings for the native curses library, a full featured cons ...)
	NOT-FOR-US: curses node module
CVE-2016-10614 (httpsync is a port of libcurl to node.js. httpsync downloads binary re ...)
	NOT-FOR-US: httpsync node module
CVE-2016-10613 (bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra download ...)
	NOT-FOR-US: bionode-sra
CVE-2016-10612 (dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dal ...)
	NOT-FOR-US: dalek-browser-ie-canary
CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. strider-sa ...)
	NOT-FOR-US: strider-sauce
CVE-2016-10610 (unicode-json is a unicode lookup table. unicode-json before 2.0.0 down ...)
	NOT-FOR-US: unicode-json
CVE-2016-10609 (chromedriver126 is chromedriver version 1.26 for linux OS. chromedrive ...)
	NOT-FOR-US: chromedriver126
CVE-2016-10608 (robot-js is a module for native system automation for node.js. robot-j ...)
	NOT-FOR-US: robot-js
CVE-2016-10607 (openframe-glsviewer is a Openframe extension which adds support for sh ...)
	NOT-FOR-US: openframe-glsviewer
CVE-2016-10606 (grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...)
	NOT-FOR-US: grunt-webdriver-qunit
CVE-2016-10605 (dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-brow ...)
	NOT-FOR-US: dalek-browser-ie
CVE-2016-10604 (dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-brow ...)
	NOT-FOR-US: dalek-browser-chrome
CVE-2016-10603 (air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads bina ...)
	NOT-FOR-US: air-sdk
CVE-2016-10602 (haxe is a cross-platform toolkit haxe downloads zipped resources over  ...)
	NOT-FOR-US: Haxe node module, different from src:haxe
CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...)
	NOT-FOR-US: webdrvr
CVE-2016-10600 (webrtc-native uses WebRTC from chromium project. webrtc-native downloa ...)
	NOT-FOR-US: webrtc-native
CVE-2016-10599 (sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar ...)
	NOT-FOR-US: sauce-connect
CVE-2016-10598 (arrayfire-js is a module for ArrayFire for the Node.js platform. array ...)
	NOT-FOR-US: arrayfire-js
CVE-2016-10597 (cobalt-cli downloads resources over HTTP, which leaves it vulnerable t ...)
	NOT-FOR-US: cobalt-cli
CVE-2016-10596 (imageoptim is a Node.js wrapper for some images compression algorithms ...)
	NOT-FOR-US: imageoptim
CVE-2016-10595 (jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads ex ...)
	NOT-FOR-US: jdf-sass
CVE-2016-10594 (ipip is a Node.js module to query geolocation information for an IP or ...)
	NOT-FOR-US: ibip
CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads  ...)
	NOT-FOR-US: ibapi
CVE-2016-10592 (jser-stat is a JSer.info stat library. jser-stat downloads data resour ...)
	NOT-FOR-US: jser-stat
CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML  ...)
	NOT-FOR-US: Prince Node API
CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node do ...)
	NOT-FOR-US: cue-sdk-node
CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. sel ...)
	NOT-FOR-US: selenium-binaries
CVE-2016-10588 (nw is an installer for nw.js. nw downloads zipped resources over HTTP, ...)
	NOT-FOR-US: nw
CVE-2016-10587 (wasdk is a toolkit for creating WebAssembly modules. wasdk downloads b ...)
	NOT-FOR-US: wasdk
CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium chromedriver ...)
	NOT-FOR-US: macaca-chromedriver
CVE-2016-10585 (libxl provides Node bindings for the libxl library for reading and wri ...)
	NOT-FOR-US: libxl node bindings
CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for DalekJ ...)
	NOT-FOR-US: dalek-browser-chrome-canary
CVE-2016-10583 (closure-utils is Utilities for Closure Library based projects. closure ...)
	NOT-FOR-US: closure-utils
CVE-2016-10582 (closurecompiler is a Closure Compiler for node.js. closurecompiler dow ...)
	NOT-FOR-US: closurecompiler
CVE-2016-10581 (Steroids is PhoneGap on Steroids, providing native UI elements, multip ...)
	NOT-FOR-US: PhoneGap on Steroids
CVE-2016-10580 (nodewebkit is an installer for node-webkit. nodewebkit downloads zippe ...)
	NOT-FOR-US: nodewebkit
CVE-2016-10579 (Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver ...)
	NOT-FOR-US: Chromedriver
CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. Un ...)
	NOT-FOR-US: nodejs unicode module
CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...)
	NOT-FOR-US: ibm_db node.js module
CVE-2016-10576 (Fuseki server wrapper and management API in fuseki before 1.0.1 downlo ...)
	NOT-FOR-US: Fuseki
CVE-2016-10575 (Kindlegen is a simple Node.js wrapper of the official kindlegen progra ...)
	NOT-FOR-US: Kindlegen
CVE-2016-10574 (apk-parser3 is a module to extract Android Manifest info from an APK f ...)
	NOT-FOR-US: apk-parser3
CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server fo ...)
	NOT-FOR-US: baryton-saxophone
CVE-2016-10572 (mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instan ...)
	NOT-FOR-US: mongodb-instance
CVE-2016-10571 (bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-w ...)
	NOT-FOR-US: bkjs-wand
CVE-2016-10570 (pngcrush-installer is an installer for Pngcrush. pngcrush-installer ve ...)
	NOT-FOR-US: pngcrush-installer
CVE-2016-10569 (embedza is a module to create HTML snippets/embeds from URLs using inf ...)
	NOT-FOR-US: embedza
CVE-2016-10568 (geoip-lite-country is a stripped down version of geoip-lite, supportin ...)
	NOT-FOR-US: geoip-lite-country
CVE-2016-10567 (product-monitor is a HTML/JavaScript template for monitoring a product ...)
	NOT-FOR-US: product-monitor
CVE-2016-10566 (install-nw is a module which quickly and robustly installs and caches  ...)
	NOT-FOR-US: install-nw
CVE-2016-10565 (operadriver is a Opera Driver for Selenium. operadriver versions below ...)
	NOT-FOR-US: operadriver
CVE-2016-10564 (apk-parser is a tool to extract Android Manifest info from an APK file ...)
	NOT-FOR-US: apk-parser
CVE-2016-10563 (During the installation process, the go-ipfs-deps module before 0.4.4  ...)
	NOT-FOR-US: go-ipfs-deps
CVE-2016-10562 (iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions be ...)
	NOT-FOR-US: iedriver
CVE-2016-10561 (Bitty is a development web server tool that functions similar to `pyth ...)
	NOT-FOR-US: Bitty
CVE-2016-10560 (galenframework-cli is the node wrapper for the Galen Framework. galenf ...)
	NOT-FOR-US: galenframework-cli
CVE-2016-10559 (selenium-download downloads the latest versions of the selenium standa ...)
	NOT-FOR-US: selenium-download
CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike version ...)
	NOT-FOR-US: aerospike
CVE-2016-10557 (appium-chromedriver is a Node.js wrapper around Chromedriver. Versions ...)
	NOT-FOR-US: appium-chromedriver
CVE-2016-10556 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10555 (Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 an ...)
	NOT-FOR-US: nodejs-jwt-simple
CVE-2016-10554 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10553 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10552 (igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over ...)
	NOT-FOR-US: igniteui
CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for Wa ...)
	NOT-FOR-US: waterline-sequel
CVE-2016-10550 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10549 (Sails is an MVC style framework for building realtime web applications ...)
	NOT-FOR-US: Sails
CVE-2016-10548 (Arbitrary code execution is possible in reduce-css-calc node module &l ...)
	NOT-FOR-US: reduce-css-calc
CVE-2016-10547 (Nunjucks is a full featured templating engine for JavaScript. Versions ...)
	NOT-FOR-US: Nunjucks
CVE-2016-10546 (An arbitrary code injection vector was found in PouchDB 6.0.4 and less ...)
	NOT-FOR-US: PouchDB
CVE-2016-10545
	REJECTED
CVE-2016-10544 (uws is a WebSocket server library. By sending a 256mb websocket messag ...)
	NOT-FOR-US: uws
CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi framework. T ...)
	NOT-FOR-US: call HTTP router
CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested websocket c ...)
	- node-ws 1.1.0+ds1.e6ddaae4-5 (bug #927671)
	[stretch] - node-ws 1.1.0+ds1.e6ddaae4-3+deb9u1
	[jessie] - node-ws <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://nodesecurity.io/advisories/120
	NOTE: https://github.com/nodejs/node/issues/7388
CVE-2016-10541 (The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ...)
	- node-shell-quote <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://nodesecurity.io/advisories/117
	NOTE: nodejs not covered by security support
CVE-2016-10540 (Minimatch is a minimal matching utility that works by converting glob  ...)
	- node-minimatch 3.0.3-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/118
	NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
	NOTE: libv8 is not covered by security support
CVE-2016-10539 (negotiator is an HTTP content negotiator for Node.js and is used by ma ...)
	- node-negotiator 0.6.1-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/106
	NOTE: nodejs not covered by security support
CVE-2016-10538 (The package `node-cli` before 1.0.0 insecurely uses the lock_file and  ...)
	- node-cli <removed> (unimportant; bug #809252)
	NOTE: https://github.com/node-js-libs/cli/issues/81
	NOTE: https://nodesecurity.io/advisories/95
CVE-2016-10537 (backbone is a module that adds in structure to a JavaScript heavy appl ...)
	- backbone 0.5.3-1
	NOTE: https://nodesecurity.io/advisories/108
CVE-2016-10536 (engine.io-client is the client for engine.io, the implementation of a  ...)
	NOT-FOR-US: engine.io-client
CVE-2016-10535 (csrf-lite is a cross-site request forgery protection library for frame ...)
	NOT-FOR-US: csrf-lite
CVE-2016-10534 (electron-packager is a command line tool that packages Electron source ...)
	NOT-FOR-US: electron-packager
CVE-2016-10533 (express-restify-mongoose is a module to easily create a flexible REST  ...)
	NOT-FOR-US: express-restify-mongoose
CVE-2016-10532 (console-io is a module that allows users to implement a web console in ...)
	NOT-FOR-US: console-io
CVE-2016-10531 (marked is an application that is meant to parse and compile markdown.  ...)
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/101
	NOTE: nodejs not covered by security support
CVE-2016-10530 (The airbrake module 0.3.8 and earlier defaults to sending environment  ...)
	NOT-FOR-US: airbrake
CVE-2016-10529 (Droppy versions &lt;3.5.0 does not perform any verification for cross- ...)
	NOT-FOR-US: Droppy
CVE-2016-10528 (restafary is a REpresentful State Transfer API for Creating, Reading,  ...)
	NOT-FOR-US: restafary
CVE-2016-10527 (The riot-compiler version version 2.3.21 has an issue in a regex (Cata ...)
	NOT-FOR-US: riot-compiler
CVE-2016-10526 (A common setup to deploy to gh-pages on every commit via a CI system i ...)
	NOT-FOR-US: gh-pages
CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, hapi-auth- ...)
	NOT-FOR-US: hapi
CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n and angula ...)
	NOT-FOR-US: i18n-node-angular
CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted M ...)
	- node-mqtt-packet <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://nodesecurity.io/advisories/75
CVE-2016-10522 (rails_admin ruby gem &lt;v1.1.1 is vulnerable to cross-site request fo ...)
	- ruby-rails-admin <removed> (bug #903855)
	[stretch] - ruby-rails-admin <no-dsa> (Minor issue; has regression potential)
	NOTE: https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
	NOTE: Regression: https://github.com/sferik/rails_admin/issues/2830
CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service (ReDo ...)
	NOT-FOR-US: jshamcrest
CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...)
	NOT-FOR-US: jadedown
CVE-2016-10519 (A security issue was found in bittorrent-dht before 5.1.3 that allows  ...)
	NOT-FOR-US: bittorrent-dht
CVE-2016-10518 (A vulnerability was found in the ping functionality of the ws module b ...)
	- node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/67
	NOTE: Nodefs not covered by security support
CVE-2015-9243 (When server level, connection level or route level CORS configurations ...)
	NOT-FOR-US: hapi
CVE-2015-9242 (Certain input strings when passed to new Date() or Date.parse() in ecs ...)
	NOT-FOR-US: ecstatic
CVE-2015-9241 (Certain input passed into the If-Modified-Since or Last-Modified heade ...)
	NOT-FOR-US: hapi
CVE-2015-9240 (Due to a bug in the the default sign in functionality in the keystone  ...)
	NOT-FOR-US: keystone node module
CVE-2015-9239 (ansi2html is vulnerable to regular expression denial of service (ReDoS ...)
	NOT-FOR-US: ansi2html
CVE-2015-9238 (secure-compare 3.0.0 and below do not actually compare two strings pro ...)
	NOT-FOR-US: secure-compare node module
CVE-2015-9237
	RESERVED
CVE-2015-9236 (Hapi versions less than 11.0.0 implement CORS incorrectly and allowed  ...)
	NOT-FOR-US: hapi
CVE-2015-9235 (In jsonwebtoken node module before 4.2.2 it is possible for an attacke ...)
	NOT-FOR-US: jsonwebtoken node module
CVE-2014-10068 (The inert directory handler in inert node module before 1.1.1 always a ...)
	NOT-FOR-US: inert
CVE-2014-10067 (paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...)
	NOT-FOR-US: paypal-ipn
CVE-2014-10066 (Versions less than 0.1.4 of the static file server module fancy-server ...)
	NOT-FOR-US: fancy-server
CVE-2014-10065 (Certain input when passed into remarkable before 1.4.1 will bypass the ...)
	NOT-FOR-US: remarkable
CVE-2014-10064 (The qs module before 1.0.0 does not have an option or default for spec ...)
	- node-qs 2.2.4-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/28
	NOTE: nodejs not security by security support
CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums ...)
	- rsync <not-affected> (Problematic code to allow checksum choice only introduced after 3.1.2 release)
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
	NOTE: And possibly the following two commits on top:
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3
	NOTE: The following commit introduced special handling of archaic versions / handling of
	NOTE: --checksum-choice option to choose the checksum algorithms:
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598
CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php r ...)
	NOT-FOR-US: Zomato Clone Script
CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' Paramet ...)
	NOT-FOR-US: Website Broker Script
CVE-2017-15991 (Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injec ...)
	NOT-FOR-US: Vastal I-Tech Agent Zone
CVE-2017-15990 (Php Inventory &amp; Invoice Management System allows Arbitrary File Up ...)
	NOT-FOR-US: Php Inventory & Invoice Management System
CVE-2017-15989 (Online Exam Test Application allows SQL Injection via the resources.ph ...)
	NOT-FOR-US: Online Exam Test Application
CVE-2017-15988 (Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme  ...)
	NOT-FOR-US: PHP FAQ Script
CVE-2017-15987 (Fake Magazine Cover Script allows SQL Injection via the rate.php value ...)
	NOT-FOR-US: Fake Magazine Cover Script
CVE-2017-15986 (CPA Lead Reward Script allows SQL Injection via the username parameter ...)
	NOT-FOR-US: CPA Lead Reward Script
CVE-2017-15985 (Basic B2B Script allows SQL Injection via the product_view1.php pid or ...)
	NOT-FOR-US: Basic B2B Script
CVE-2017-15984 (Creative Management System (CMS) Lite 1.4 allows SQL Injection via the ...)
	NOT-FOR-US: Creative Management System (CMS) Lite
CVE-2017-15983 (MyMagazine Magazine &amp; Blog CMS 1.0 allows SQL Injection via the id ...)
	NOT-FOR-US: MyMagazine Magazine & Blog CMS
CVE-2017-15982 (Dynamic News Magazine &amp; Blog CMS 1.0 allows SQL Injection via the  ...)
	NOT-FOR-US: Dynamic News Magazine & Blog CMS
CVE-2017-15981 (Responsive Newspaper Magazine &amp; Blog CMS 1.0 allows SQL Injection  ...)
	NOT-FOR-US: Responsive Newspaper Magazine & Blog CMS
CVE-2017-15980 (US Zip Codes Database Script 1.0 allows SQL Injection via the state pa ...)
	NOT-FOR-US: US Zip Codes Database Script
CVE-2017-15979 (Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via th ...)
	NOT-FOR-US: Shareet - Photo Sharing Social Network
CVE-2017-15978 (AROX School ERP PHP Script 1.0 allows SQL Injection via the office_adm ...)
	NOT-FOR-US: AROX School ERP PHP Script
CVE-2017-15977 (Protected Links - Expiring Download Links 1.0 allows SQL Injection via ...)
	NOT-FOR-US: Protected Links - Expiring Download Links
CVE-2017-15976 (ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid ...)
	NOT-FOR-US: ZeeBuddy
CVE-2017-15975 (Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_ ...)
	NOT-FOR-US: Vastal I-Tech Dating Zone
CVE-2017-15974 (tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 ...)
	NOT-FOR-US: tPanel
CVE-2017-15973 (Sokial Social Network Script 1.0 allows SQL Injection via the id param ...)
	NOT-FOR-US: Sokial Social Network Script
CVE-2017-15972 (SoftDatepro Dating Social Network 1.3 allows SQL Injection via the vie ...)
	NOT-FOR-US: SoftDatepro Dating Social Network
CVE-2017-15971 (Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprof ...)
	NOT-FOR-US: Same Sex Dating Software Pro
CVE-2017-15970 (PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index ...)
	NOT-FOR-US: PHP CityPortal
CVE-2017-15969 (PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to searc ...)
	NOT-FOR-US: PG All Share Video
CVE-2017-15968 (MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.p ...)
	NOT-FOR-US: MyBuilder Clone
CVE-2017-15967 (Mailing List Manager Pro 3.0 allows SQL Injection via the edit paramet ...)
	NOT-FOR-US: Mailing List Manager Pro
CVE-2017-15966 (The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! a ...)
	NOT-FOR-US: Zh YandexMap
CVE-2017-15965 (The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joo ...)
	NOT-FOR-US: NS Download Shop
CVE-2017-15964 (Job Board Script Software allows SQL Injection via the PATH_INFO to a  ...)
	NOT-FOR-US: Job Board Script Software
CVE-2017-15963 (iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.p ...)
	NOT-FOR-US: iTech Gigs Script
CVE-2017-15962 (iStock Management System 1.0 allows Arbitrary File Upload via user/pro ...)
	NOT-FOR-US: iStock Management System
CVE-2017-15961 (iProject Management System 1.0 allows SQL Injection via the ID paramet ...)
	NOT-FOR-US: iProject Management System
CVE-2017-15960 (Article Directory Script 3.0 allows SQL Injection via the id parameter ...)
	NOT-FOR-US: Article Directory Scrip
CVE-2017-15959 (Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /do ...)
	NOT-FOR-US: Adult Script Pro
CVE-2017-15958 (D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the user ...)
	NOT-FOR-US: D-Park Pro Domain Parking Script
CVE-2017-15957 (my_profile.php in Ingenious School Management System 2.3.0 allows a st ...)
	NOT-FOR-US: Ingenious School Management System
CVE-2017-15956 (ConverTo Video Downloader &amp; Converter 1.4.1 allows Arbitrary File  ...)
	NOT-FOR-US: ConverTo Video Downloader
CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Ac ...)
	{DSA-4026-1 DLA-1158-1}
	- bchunk 1.2.0-12.1 (bug #880116)
	NOTE: https://github.com/extramaster/bchunk/issues/4
CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap ...)
	{DSA-4026-1 DLA-1158-1}
	- bchunk 1.2.0-12.1 (bug #880116)
	NOTE: https://github.com/extramaster/bchunk/issues/3
CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap ...)
	{DSA-4026-1 DLA-1158-1}
	- bchunk 1.2.0-12.1 (bug #880116)
	NOTE: https://github.com/extramaster/bchunk/issues/2
CVE-2017-15952
	RESERVED
CVE-2017-15951 (The KEYS subsystem in the Linux kernel before 4.13.10 does not correct ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76 (v4.14-rc6)
CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buff ...)
	NOT-FOR-US: Flexense SyncBreeze
CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedi ...)
	NOT-FOR-US: Xavier PHP Management Panel
CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file upload  ...)
	NOT-FOR-US: Perch Content Management System
CVE-2017-15947 (Simple ASC Content Management System v1.2 has XSS in the location fiel ...)
	NOT-FOR-US: Simple ASC Content Management
CVE-2017-15946 (In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerabil ...)
	NOT-FOR-US: Joomla addon
CVE-2017-15945 (The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, d ...)
	NOT-FOR-US: Gentoo installation scripts
CVE-2017-15944 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x be ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15943 (The configuration file import for applications, spyware and vulnerabil ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x be ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS  ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15940 (The web interface packet capture management component in Palo Alto Net ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as  ...)
	- binutils <not-affected> (Incomplete fix not applied)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22205
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9
	NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/
CVE-2017-15938 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as  ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22209
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a
	NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/
CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via  ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write Permission c ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execut ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scri ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web int ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an  ...)
	- radare2 2.1.0+dfsg-1 (bug #880024)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	NOTE: https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9
	NOTE: https://github.com/radare/radare2/issues/8743
CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an  ...)
	- radare2 2.1.0+dfsg-1 (bug #880025)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
	NOTE: https://github.com/radare/radare2/issues/8731
CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Po ...)
	{DSA-4321-1 DLA-1456-1 DLA-1154-1}
	- graphicsmagick 1.3.26-16 (bug #879999)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/518/
CVE-2017-15929
	RESERVED
CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation  ...)
	- ruby-ox 2.8.2-1 (bug #881445)
	[stretch] - ruby-ox 2.1.1-2+deb9u1
	[jessie] - ruby-ox 2.1.1-2+deb8u1
	NOTE: https://github.com/ohler55/ox/issues/194
	NOTE: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8
CVE-2017-15927
	RESERVED
CVE-2017-15926
	RESERVED
CVE-2017-15925
	RESERVED
CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote  ...)
	{DSA-4033-1 DLA-1174-1}
	- konversation 1.7.3-1 (bug #881586)
	NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACT ...)
	{DLA-1198-1}
	- libextractor 1:1.6-2 (low; bug #880016)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
	NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186 ...)
	NOT-FOR-US: Watchdog Anti-Malware
CVE-2017-15920 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186 ...)
	NOT-FOR-US: Watchdog Anti-Malware
CVE-2017-15918 (Sera 1.2 stores the user's login password in plain text in their home  ...)
	NOT-FOR-US: Sera
CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond with a cus ...)
	- systemd 235-3 (bug #880026)
	[stretch] - systemd 232-25+deb9u2
	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
	[wheezy] - systemd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
	NOTE: https://github.com/systemd/systemd/pull/7184
	NOTE: Fix: https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62
CVE-2017-15919 (The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has S ...)
	NOT-FOR-US: WordPress plugin ultimate-form-builder-lite
CVE-2017-15916
	RESERVED
CVE-2017-15915
	RESERVED
CVE-2017-15914 (Incorrect implementation of access controls allows remote users to ove ...)
	- borgbackup 1.1.3-1
	[stretch] - borgbackup <not-affected> (Only affects 1.1.0, 1.1.1 and 1.1.2 releases)
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#version-1-1-3-2017-11-27
CVE-2017-15913 (The Installer in Whale allows DLL hijacking. ...)
	NOT-FOR-US: Installer in Whale
CVE-2017-15912
	RESERVED
CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allo ...)
	NOT-FOR-US: Ignite Realtime Openfire Server
CVE-2017-15910
	RESERVED
CVE-2017-15909 (D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password,  ...)
	NOT-FOR-US: D-Link
CVE-2017-15907 (SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remo ...)
	NOT-FOR-US: phpCollab
CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before 7.6 does  ...)
	{DLA-1500-1}
	- openssh 1:7.6p1-1 (low)
	[stretch] - openssh 1:7.4p1-10+deb9u3
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
CVE-2017-15905
	RESERVED
CVE-2017-15904
	RESERVED
CVE-2017-15903
	RESERVED
CVE-2017-15902
	RESERVED
CVE-2017-15901
	RESERVED
CVE-2017-15900
	RESERVED
CVE-2017-15899
	RESERVED
CVE-2017-15898
	RESERVED
CVE-2017-15897 (Node.js had a bug in versions 8.X and 9.X which caused buffers to not  ...)
	- nodejs <not-affected> (Only affects 8.x and 9.x)
CVE-2017-15896 (Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ...)
	- nodejs <not-affected> (HTTP2 module only in 8.x and 9.x and Debian package uses the system copy of OpenSSL)
CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...)
	NOT-FOR-US: Synology Router Manager
CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...)
	NOT-FOR-US: Synology File Station
CVE-2017-15892 (Multiple cross-site scripting (XSS) vulnerabilities in Slash Command C ...)
	NOT-FOR-US: Synology Chat
CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in Synolog ...)
	NOT-FOR-US: Synology Calendar
CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology Mai ...)
	NOT-FOR-US: Synology
CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation M ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
	NOT-FOR-US: Synology
CVE-2017-15887 (An improper restriction of excessive authentication attempts vulnerabi ...)
	NOT-FOR-US: Synology
CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in Sy ...)
	NOT-FOR-US: Synology Chat
CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Networ ...)
	NOT-FOR-US: Axis
CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion)  ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remo ...)
	NOT-FOR-US: Sitefinity
CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application befor ...)
	NOT-FOR-US: London Trust Media Private Internet Access (PIA) application
CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 a ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-15880 (SQL injection vulnerability vulnerability in the EyesOfNetwork web int ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15879 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in fields/types/mark ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allo ...)
	NOT-FOR-US: GPWeb
CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote a ...)
	NOT-FOR-US: GPWeb
CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allow ...)
	NOT-FOR-US: GPWeb
CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integ ...)
	- busybox 1:1.27.2-2 (bug #879732)
	[stretch] - busybox <not-affected> (Vulnerable code not present)
	[jessie] - busybox <not-affected> (Vulnerable code not present)
	[wheezy] - busybox <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=10436
	NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b
CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-2 (bug #879732)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431
CVE-2017-15872 (phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and  ...)
	NOT-FOR-US: phpwcms
CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js through 1.1 ...)
	NOT-FOR-US: Disputed serialize-to-js issue
CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers w ...)
	NOT-FOR-US: Palo Alto Networks GlobalProtect Agent
CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZ ...)
	NOT-FOR-US: LiveZilla
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the L ...)
	{DSA-4082-1 DLA-1200-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3)
CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the user-login- ...)
	NOT-FOR-US: user-login-history plugin for WordPress
CVE-2017-15866
	RESERVED
CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in  ...)
	- frr <not-affected> (Fixed before initial upload)
CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x throu ...)
	{DLA-1212-1}
	- otrs2 4.0.7-2
	[jessie] - otrs2 3.3.18-1+deb8u2
	NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/
	NOTE: https://github.com/OTRS/otrs/compare/3bc58ebeb9bdbe8107251a03cf7b9b8cfc515f53...80a0a9a138278d63a2621d146eb3c29e982aa2d5
	NOTE: Root cause for the issue is the recursive parsing handling in the old
	NOTE: DTL template engine that OTRS used up to OTRS 3.3. Starting with OTRS 4
	NOTE: OTRS switched to a new Template::Toolkit based engine which does not perform
	NOTE: recursive parsing and not affected by this issue.
CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" b ...)
	{DLA-1161-1}
	- redis 3:3.2.7-1
	[stretch] - redis <no-dsa> (Minor issue)
	[jessie] - redis <no-dsa> (Minor issue)
	NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin bef ...)
	NOT-FOR-US: WordPress plugin wp-noexternallinks
CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15859 (While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_ ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15858
	RESERVED
CVE-2017-15857 (In the camera driver, an out-of-bounds access can occur due to an erro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15856 (Due to a race condition while processing the power stats debug file to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15854 (The value of fix_param-&gt;num_chans is received from firmware and if  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15853 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15851 (Lack of copy_from_user and information leak in function "msm_ois_subde ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android for MSM ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15844 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15843 (Due to a race condition in a bus driver, a double free in msm_bus_floo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the mutex b ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15841 (When HOST sends a Special command ID packet, Controller triggers a RAM ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15840
	REJECTED
CVE-2017-15839
	REJECTED
CVE-2017-15838
	REJECTED
CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15835 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15834 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15832
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15831 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15830 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15828 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15827
	RESERVED
CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15825 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15824 (In Android releases from CAF using the linux kernel (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM,  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15821 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15819
	RESERVED
CVE-2017-15818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15816
	REJECTED
CVE-2017-15815 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm closed-source components on Android
CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the as ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a cr ...)
	NOT-FOR-US: phpMyFaq
CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. ...)
	NOT-FOR-US: phpMyFaq
CVE-2017-15807
	RESERVED
CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components  ...)
	NOT-FOR-US: Zeta Components Mail
CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function i ...)
	{DLA-1191-1}
	- python-werkzeug 0.11.11+dfsg1-1
	[jessie] - python-werkzeug <no-dsa> (Minor issue)
	NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
	NOTE: https://github.com/pallets/werkzeug/pull/1001
	NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and  ...)
	NOT-FOR-US: Cisco
CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6)  ...)
	- glibc 2.25-3 (low; bug #879955)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8
CVE-2017-15803 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15802 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15801 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15800
	REJECTED
CVE-2017-15799
	REJECTED
CVE-2017-15798
	REJECTED
CVE-2017-15797
	REJECTED
CVE-2017-15796
	REJECTED
CVE-2017-15795
	REJECTED
CVE-2017-15794
	REJECTED
CVE-2017-15793
	REJECTED
CVE-2017-15792
	REJECTED
CVE-2017-15791
	REJECTED
CVE-2017-15790
	REJECTED
CVE-2017-15789 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15788 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15787 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15786 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15785 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15784 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15783 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15782 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15781 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15780 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15779 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15778 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15777 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15776 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15775 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15774 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-15773 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-15771
	REJECTED
CVE-2017-15770
	REJECTED
CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service o ...)
	NOT-FOR-US: IrfanView
CVE-2017-15768 (IrfanView version 4.50 - 64bit allows attackers to cause a denial of s ...)
	NOT-FOR-US: IrfanView
CVE-2017-15767 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15766 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15765 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15764 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15763 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15762 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15761 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15760 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15759 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15758 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15757 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15756 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15755 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15754 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15753 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15752 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15751 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15750 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15749 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15748 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15747 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15746 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15745 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15744 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15743 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15742 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15741 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15740 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15739 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15738 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15737 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...)
	NOT-FOR-US: IrfanView
CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...)
	{DSA-4228-1}
	- spip 3.1.4-4 (bug #879954)
	[wheezy] - spip <not-affected> (vulnerable code not present)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23701
CVE-2017-15735 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) f ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15734 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15733 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15732 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15731 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15730 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15729 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) f ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15728 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) v ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15727 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) v ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15726
	RESERVED
CVE-2017-15725 (An XML External Entity Injection vulnerability exists in Dzone AnswerH ...)
	NOT-FOR-US: Dzone AnswerHub
CVE-2017-15724
	RESERVED
CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in a NULL  ...)
	{DSA-4016-1}
	- irssi 1.0.5-1 (bug #879521)
	[wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.17)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15722 (In certain cases, Irssi before 1.0.5 may fail to verify that a Safe ch ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can execute ...)
	- airflow <itp> (bug #819700)
CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M ...)
	NOT-FOR-US: Wicket jQuery UI
CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the pas ...)
	- hadoop <itp> (bug #793644)
CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the org.apache.sling ...)
	NOT-FOR-US: Apache Sling
CVE-2017-15716
	REJECTED
CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in &lt;Files ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/6
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape u ...)
	NOT-FOR-US: BIRT plugin in Apache OFBiz
CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before  ...)
	- hadoop <itp> (bug #793644)
CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0  ...)
	NOT-FOR-US: Apache Oozie
CVE-2017-15711
	REJECTED
CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ...)
	{DSA-4164-1 DLA-1389-1}
	- apache2 2.4.33-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
	- activemq 5.15.3-1 (bug #890352)
	[stretch] - activemq <no-dsa> (Minor issue)
	[jessie] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
	[wheezy] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
CVE-2017-15708 (In Apache Synapse, by default no authentication is required for Java R ...)
	NOT-FOR-US: Apache Synapse
CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated J ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache Tomcat  ...)
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.24-1
	[stretch] - tomcat8 <not-affected> (Issue introduced later)
	[jessie] - tomcat8 <not-affected> (Issue introduced later)
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 <not-affected> (Only affects 7.0.79 to 7.0.82, Upstream bugzilla entry bz#61201 not addressed)
	NOTE: https://svn.apache.org/r1814828 (7.0.x)
	NOTE: https://svn.apache.org/r1814827 (8.0.x)
	NOTE: https://svn.apache.org/r1814826 (8.5.x)
	NOTE: Introduced by fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=61201
	NOTE: https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E
CVE-2017-15705 (A denial of service vulnerability was identified that exists in Apache ...)
	{DLA-1578-1}
	- spamassassin 3.4.2-1 (bug #908969)
	[stretch] - spamassassin 3.4.2-1~deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2017-15704
	REJECTED
CVE-2017-15703 (Any authenticated user (valid client certificate but without ACL permi ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...)
	- qpid-java <itp> (bug #840131)
CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the b ...)
	- qpid-java <itp> (bug #840131)
CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid meth ...)
	NOT-FOR-US: Apache Sling Authentication Service
CVE-2017-15699 (A Denial of Service vulnerability was found in Apache Qpid Dispatch Ro ...)
	- qpid-dispatch <itp> (bug #737776)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/13/5
CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache T ...)
	{DSA-4118-1 DLA-1276-1}
	- tomcat-native 1.2.16-1
	NOTE: https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
	NOTE: http://svn.apache.org/r1815200
	NOTE: http://svn.apache.org/r1815218
	NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34
CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header containin ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure mode ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15694 (When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in se ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores application obj ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15692 (In Apache Geode before v1.4.0, the TcpServer within the Geode locator  ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0 ...)
	- uimaj 2.10.2-1 (bug #897009)
	[stretch] - uimaj <no-dsa> (Minor issue)
	[jessie] - uimaj <no-dsa> (Minor issue)
	[wheezy] - uimaj <no-dsa> (Minor issue)
	NOTE: https://uima.apache.org/security_report#CVE-2017-15691
CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsin ...)
	{DSA-4009-1}
	- shadowsocks-libev 3.1.0+ds-2
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275
CVE-2017-15690
	RESERVED
CVE-2017-15689
	RESERVED
CVE-2017-15688
	RESERVED
CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...)
	NOT-FOR-US: Logitech
CVE-2017-15686
	RESERVED
CVE-2017-15685
	RESERVED
CVE-2017-15684
	RESERVED
CVE-2017-15683
	RESERVED
CVE-2017-15682
	RESERVED
CVE-2017-15681
	RESERVED
CVE-2017-15680
	RESERVED
CVE-2017-15679
	RESERVED
CVE-2017-15678
	RESERVED
CVE-2017-15677
	RESERVED
CVE-2017-15676
	RESERVED
CVE-2017-15675
	RESERVED
CVE-2017-15674
	RESERVED
CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and  ...)
	NOT-FOR-US: CS-Cart
CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and e ...)
	{DSA-4049-1 DLA-1630-1}
	- ffmpeg 7:3.4-1
	- libav <removed>
	NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6)  ...)
	[experimental] - glibc 2.26-0experimental0
	- glibc 2.25-3 (low; bug #879500)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c66c908230169c1bab1f83b071eb585baa214b9f
CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- ...)
	[experimental] - glibc 2.26-0experimental0
	- glibc 2.25-3 (low; bug #879501)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c369d66e5426a30e4725b100d5cd28e372754f90 (master)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a76376df7c07e577a9515c3faa5dbd50bda5da07 (release/2.26/master)
CVE-2017-15669
	RESERVED
CVE-2017-15668
	RESERVED
CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from  ...)
	NOT-FOR-US: Flexense SysGauge Server
CVE-2017-15666
	RESERVED
CVE-2017-15665 (In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers f ...)
	NOT-FOR-US: Flexense DiskBoss Enterprise
CVE-2017-15664 (In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suff ...)
	NOT-FOR-US: Flexense Sync Breeze Enterprise
CVE-2017-15663 (In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffe ...)
	NOT-FOR-US: Flexense Disk Pulse Enterprise
CVE-2017-15662 (In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffer ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2017-15661
	RESERVED
CVE-2017-15660
	RESERVED
CVE-2017-15659
	RESERVED
CVE-2017-15658
	RESERVED
CVE-2017-15657
	RESERVED
CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all c ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in  ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current v ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd serv ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...)
	- ghostscript 9.25~dfsg-1
	[stretch] - ghostscript 9.25~dfsg-0+deb9u1
	[jessie] - ghostscript 9.26a~dfsg-0+deb8u1
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local  ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/008ba2a13f2d04c947adc536d19debb8fe66f110
	NOTE: Fixed by: https://git.kernel.org/linus/4971613c1639d8e5f102c4e797c3bf8f83a5a69e
CVE-2017-15648 (In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the  ...)
	NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15647 (On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc v ...)
	NOT-FOR-US: On FiberHome
CVE-2017-15646 (Webmin before 1.860 has XSS with resultant remote code execution. Unde ...)
	- webmin <removed>
CVE-2017-15645 (CSRF exists in Webmin 1.850. By sending a GET request to at/create_job ...)
	- webmin <removed>
CVE-2017-15644 (SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as d ...)
	- webmin <removed>
CVE-2017-15643 (An active network attacker (MiTM) can achieve remote code execution on ...)
	NOT-FOR-US: IKARUS Anti Virus
CVE-2017-15650 (musl libc before 1.1.17 has a buffer overflow via crafted DNS replies  ...)
	- musl 1.1.17-1
	[stretch] - musl <no-dsa> (Minor issue)
	[jessie] - musl <no-dsa> (Minor issue)
	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there i ...)
	{DLA-1695-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #882144)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://sourceforge.net/p/sox/bugs/298/
	NOTE: https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2
CVE-2017-15641
	RESERVED
CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip  ...)
	NOT-FOR-US: phpIPAM
CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypa ...)
	NOT-FOR-US: Mura CMS
CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterpri ...)
	NOT-FOR-US: SuSEfirewall2 in SUSE
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...)
	- wordpress <unfixed> (bug #880868)
	[buster] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	[stretch] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	[jessie] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	[wheezy] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	NOTE: https://core.trac.wordpress.org/ticket/21022
	NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
	NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following.
CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...)
	NOT-FOR-US: TP-Link
CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...)
	- mistune 0.8-1 (bug #879098)
	[stretch] - mistune <no-dsa> (Minor issue)
	NOTE: https://github.com/lepture/mistune/pull/140
	NOTE: https://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe
CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly gra ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the special Gue ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext i ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-15608 (Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change ...)
	NOT-FOR-US: Inedo ProGet
CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based r ...)
	NOT-FOR-US: Inedo Otter
CVE-2017-15606
	RESERVED
CVE-2017-15605
	RESERVED
CVE-2017-15604
	RESERVED
CVE-2017-15603
	RESERVED
CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the  ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (low)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
	NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc
CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the  ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (low)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
	NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091
CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EX ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (low)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695
	NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
CVE-2017-15599
	RESERVED
CVE-2017-15598
	RESERVED
CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made  ...)
	{DSA-4050-1 DLA-1549-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-236.html
CVE-2017-15586
	RESERVED
CVE-2017-15585
	RESERVED
CVE-2017-15584
	RESERVED
CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Lo ...)
	NOT-FOR-US: ABB Fox515T 1.0 devices
CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4. ...)
	NOT-FOR-US: Diary with lock
CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for Android ...)
	NOT-FOR-US: Diary with lock
CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with a ...)
	NOT-FOR-US: osTicket
CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pa ...)
	NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the imag ...)
	NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15567 (** DISPUTED ** The certificate import component in IDEMIA (formerly Mo ...)
	NOT-FOR-US: IDEMIA
CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm b ...)
	{DSA-4023-1}
	- slurm-llnl 17.02.9-1 (bug #880530)
	[jessie] - slurm-llnl <not-affected> (Vulnerable code introduced later)
	[wheezy] - slurm-llnl <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
	NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageCo ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (bug #879066)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
CVE-2017-15564
	REJECTED
CVE-2017-15563
	REJECTED
CVE-2017-15562
	REJECTED
CVE-2017-15561
	REJECTED
CVE-2017-15560
	REJECTED
CVE-2017-15559
	REJECTED
CVE-2017-15558
	REJECTED
CVE-2017-15557
	REJECTED
CVE-2017-15556
	REJECTED
CVE-2017-15555
	REJECTED
CVE-2017-15554
	REJECTED
CVE-2017-15553
	REJECTED
CVE-2017-15552
	REJECTED
CVE-2017-15551
	REJECTED
CVE-2017-15550 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2017-15549 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2017-15548 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2017-15547
	REJECTED
CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and  ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2017-15545
	REJECTED
CVE-2017-15544
	REJECTED
CVE-2017-15543
	REJECTED
CVE-2017-15542
	REJECTED
CVE-2017-15541
	REJECTED
CVE-2017-15540
	REJECTED
CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id pa ...)
	NOT-FOR-US: zorovavi/blog
CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in pdf ...)
	{DSA-4006-2 DSA-4006-1 DLA-1164-1}
	- mupdf 1.11+ds1-2 (bug #879055)
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
	NOTE: https://nandynarwhals.org/CVE-2017-15587/
CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...)
	NOT-FOR-US: ILIAS
CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x  ...)
	NOT-FOR-US: Cloudera Data Science Workbench
CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...)
	- mongodb <not-affected> (wire protocol compression introduced in 3.4.x and disabled by default)
	NOTE: https://jira.mongodb.org/browse/SERVER-31273
CVE-2017-15534 (The Norton App Lock prior to version 1.3.0.13 can be susceptible to an ...)
	NOT-FOR-US: Noron App Lock
CVE-2017-15533 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11,  ...)
	NOT-FOR-US: Symantec
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a pa ...)
	NOT-FOR-US: Symantec
CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does ...)
	NOT-FOR-US: Symantec
CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
	NOT-FOR-US: Norton
CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
	NOT-FOR-US: Norton
CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be susce ...)
	NOT-FOR-US: Install Norton Security
CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be suscepti ...)
	NOT-FOR-US: Symantec
CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptib ...)
	NOT-FOR-US: Symantec
CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptib ...)
	NOT-FOR-US: Symantec
CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) comp ...)
	NOT-FOR-US: Kemp Load Balancer
CVE-2017-15523
	REJECTED
CVE-2017-15522
	REJECTED
CVE-2017-15521
	REJECTED
CVE-2017-15520
	REJECTED
CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote  ...)
	NOT-FOR-US: SnapCenter
CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...)
	NOT-FOR-US: NetApp
CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to o ...)
	NOT-FOR-US: AltaVault OST Plug-in
CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...)
	NOT-FOR-US: NetApp
CVE-2017-15515 (NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scr ...)
	NOT-FOR-US: NetApp SnapCenter Server
CVE-2017-15514
	REJECTED
CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882544)
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
	NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882545)
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882547)
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882548)
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because mar ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/25503 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can o ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/24416 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a che ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/24307 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/24199 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rend ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/23803 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering o ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/23793 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affectin ...)
	- redmine 3.2.3-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: upstream fixed in 3.2.3
CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/814fb7bb7db5433757d76f4c4502c96fc53b0b5e (v4.14-rc3)
CVE-2017-15513
	REJECTED
CVE-2017-15512
	REJECTED
CVE-2017-15511
	REJECTED
CVE-2017-15510
	REJECTED
CVE-2017-15509
	REJECTED
CVE-2017-15508
	REJECTED
CVE-2017-15507
	REJECTED
CVE-2017-15506
	REJECTED
CVE-2017-15505
	REJECTED
CVE-2017-15504
	REJECTED
CVE-2017-15503
	REJECTED
CVE-2017-15502
	REJECTED
CVE-2017-15501
	REJECTED
CVE-2017-15500
	REJECTED
CVE-2017-15499
	REJECTED
CVE-2017-15498
	REJECTED
CVE-2017-15497
	REJECTED
CVE-2017-15496
	REJECTED
CVE-2017-15495
	REJECTED
CVE-2017-15494
	REJECTED
CVE-2017-15493
	REJECTED
CVE-2017-15492
	REJECTED
CVE-2017-15491
	REJECTED
CVE-2017-15490
	REJECTED
CVE-2017-15489
	REJECTED
CVE-2017-15488
	REJECTED
CVE-2017-15487
	REJECTED
CVE-2017-15486
	REJECTED
CVE-2017-15485
	REJECTED
CVE-2017-15484
	REJECTED
CVE-2017-15483
	REJECTED
CVE-2017-15482
	REJECTED
CVE-2017-15481
	REJECTED
CVE-2017-15480
	REJECTED
CVE-2017-15479
	REJECTED
CVE-2017-15478
	REJECTED
CVE-2017-15477
	REJECTED
CVE-2017-15476
	REJECTED
CVE-2017-15475
	REJECTED
CVE-2017-15474
	REJECTED
CVE-2017-15473
	REJECTED
CVE-2017-15472
	REJECTED
CVE-2017-15471
	REJECTED
CVE-2017-15470
	REJECTED
CVE-2017-15469
	REJECTED
CVE-2017-15468
	REJECTED
CVE-2017-15467
	REJECTED
CVE-2017-15466
	REJECTED
CVE-2017-15465
	REJECTED
CVE-2017-15464
	REJECTED
CVE-2017-15463
	REJECTED
CVE-2017-15462
	REJECTED
CVE-2017-15461
	REJECTED
CVE-2017-15460
	REJECTED
CVE-2017-15459
	REJECTED
CVE-2017-15458
	REJECTED
CVE-2017-15457
	REJECTED
CVE-2017-15456
	REJECTED
CVE-2017-15455
	REJECTED
CVE-2017-15454
	REJECTED
CVE-2017-15453
	REJECTED
CVE-2017-15452
	REJECTED
CVE-2017-15451
	REJECTED
CVE-2017-15450
	REJECTED
CVE-2017-15449
	REJECTED
CVE-2017-15448
	REJECTED
CVE-2017-15447
	REJECTED
CVE-2017-15446
	REJECTED
CVE-2017-15445
	REJECTED
CVE-2017-15444
	REJECTED
CVE-2017-15443
	REJECTED
CVE-2017-15442
	REJECTED
CVE-2017-15441
	REJECTED
CVE-2017-15440
	REJECTED
CVE-2017-15439
	REJECTED
CVE-2017-15438
	REJECTED
CVE-2017-15437
	REJECTED
CVE-2017-15436
	REJECTED
CVE-2017-15435
	REJECTED
CVE-2017-15434
	REJECTED
CVE-2017-15433
	REJECTED
CVE-2017-15432
	REJECTED
CVE-2017-15431
	RESERVED
CVE-2017-15430 (Insufficient data validation in Chromecast plugin in Google Chrome pri ...)
	- chromium-browser <not-affected> (Plugin specific to Chrome)
CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Google C ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15428 (Insufficient data validation in V8 builtins string generator could lea ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15426 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15425 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15424 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15423 (Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prio ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15422 (Integer overflow in international date handling in International Compo ...)
	{DSA-4150-1}
	- icu 57.1-9 (bug #892766)
	[wheezy] - icu <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/chromium/issues/detail?id=774382
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1523136
	NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654
CVE-2017-15421
	RESERVED
CVE-2017-15420 (Incorrect handling of back navigations in error pages in Navigation in ...)
	{DSA-4103-1 DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15419 (Insufficient policy enforcement in Resource Timing API in Google Chrom ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15418 (Use of uninitialized memory in Skia in Google Chrome prior to 63.0.323 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15417 (Inappropriate implementation in Skia canvas composite operations in Go ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15416 (Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.8 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15415 (Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84  ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15414
	RESERVED
CVE-2017-15413 (Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.323 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15412 (Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...)
	{DSA-4086-1 DLA-1211-1}
	- libxml2 2.9.4+dfsg1-5.2 (bug #883790)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
CVE-2017-15411 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowe ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15410 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowe ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15409 (Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 al ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15408 (Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15407 (Out-of-bounds Write in the QUIC networking stack in Google Chrome prio ...)
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 a ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15405 (Inappropriate symlink handling and a race condition in the stateful re ...)
	NOT-FOR-US: Chrome OS
CVE-2017-15404 (An ability to process crash dumps under root privileges and inappropri ...)
	NOT-FOR-US: Chrome OS
CVE-2017-15403 (Insufficient data validation in crosh could lead to a command injectio ...)
	NOT-FOR-US: Chrome OS
CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer which all ...)
	NOT-FOR-US: Chrome OS
CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of bounds rea ...)
	NOT-FOR-US: Chrome OS
CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS pr ...)
	{DSA-4243-1}
	- cups 2.2.3-2
	[jessie] - cups <not-affected> (Vulnerable code not present, ppdCreateFromIPP() introduced in v2.2.0)
	[wheezy] - cups <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=777215
	NOTE: Patches from upstream to restrict what filters will be accpeted
	NOTE: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 (v2.2.2)
	NOTE: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b (v2.2.2)
CVE-2017-15399 (A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed  ...)
	{DSA-4024-1}
	- chromium-browser 62.0.3202.89-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15398 (A stack buffer overflow in the QUIC networking stack in Google Chrome  ...)
	{DSA-4024-1}
	- chromium-browser 62.0.3202.89-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...)
	NOT-FOR-US: ChromeVox in Google Chrome OS
CVE-2017-15396 (A stack buffer overflow in NumberingSystem in International Components ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15395 (A use after free in Blink in Google Chrome prior to 62.0.3202.62 allow ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15394 (Insufficient Policy Enforcement in Extensions in Google Chrome prior t ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15393 (Insufficient Policy Enforcement in Devtools remote debugging in Google ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15392 (Insufficient data validation in V8 in Google Chrome prior to 62.0.3202 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15391 (Insufficient Policy Enforcement in Extensions in Google Chrome prior t ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15390 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15389 (An insufficient watchdog timer in navigation in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15388 (Iteration through non-finite points in Skia in Google Chrome prior to  ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15387 (Insufficient enforcement of Content Security Policy in Blink in Google ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15386 (Incorrect implementation in Blink in Google Chrome prior to 62.0.3202. ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15385 (The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...)
	- radare2 2.1.0+dfsg-1 (bug #879119)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	NOTE: https://github.com/radare/radare2/issues/8685
	NOTE: https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4
CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. ...)
	NOT-FOR-US: Rate Me
CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploita ...)
	NOT-FOR-US: Nero
CVE-2017-15382
	RESERVED
CVE-2017-15381 (SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/res ...)
	NOT-FOR-US: E-Sic
CVE-2017-15380 (XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester ...)
	NOT-FOR-US: E-Sic
CVE-2017-15379 (An authentication bypass exists in the E-Sic 1.0 /index (aka login) UR ...)
	NOT-FOR-US: E-Sic
CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter (aka th ...)
	NOT-FOR-US: E-Sic
CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of redundant c ...)
	{DLA-1603-1}
	- suricata 1:4.0.0-1 (low)
	[stretch] - suricata <no-dsa> (Minor issue)
	[wheezy] - suricata <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57
	NOTE: https://redmine.openinfosecfoundation.org/issues/2231
	NOTE: introduced in https://github.com/OISF/suricata/commit/35f1f7e8d944a3
CVE-2017-15376 (The TELNET service in Mobatek MobaXterm 10.4 does not require authenti ...)
	NOT-FOR-US: Mobatek MobaXterm
CVE-2017-15375 (Multiple client-side cross site scripting vulnerabilities have been di ...)
	NOT-FOR-US: WpJobBoard
CVE-2017-15374 (Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the cu ...)
	NOT-FOR-US: Shopware
CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restri ...)
	NOT-FOR-US: E-Sic
CVE-2017-15372 (There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expan ...)
	{DLA-1695-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #878808)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
	NOTE: https://github.com/mansr/sox/commit/001c337552912d286ba68086ac378f6fdc1e8b50
CVE-2017-15371 (There is a reachable assertion abort in the function sox_append_commen ...)
	{DLA-1705-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #878809)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
	NOTE: https://github.com/mansr/sox/commit/818bdd0ccc1e5b6cae742c740c17fd414935cf39
CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of im ...)
	{DLA-1695-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #878810)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
	NOTE: https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e
CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF b ...)
	- mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a
	NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592
CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...)
	- radare2 2.1.0+dfsg-1 (bug #878767)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
	NOTE: https://github.com/radare/radare2/issues/8673
	NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vuln ...)
	NOT-FOR-US: Bacula-Web
CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
	NOT-FOR-US: Thornberry NDoc
CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before  ...)
	{DSA-4341-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 1:10.1.34-1 (bug #885345)
	- mariadb-10.0 <removed>
	[jessie] - mariadb-10.0 <not-affected> (vulnerable code not present)
	- percona-xtrabackup <undetermined>
	[jessie] - percona-xtrabackup <not-affected> (vulnerable code not present)
	- mysql-5.7 <undetermined>
	- mysql-5.5 <not-affected> (Vulnerable code not present)
	NOTE: MariaDB: Fixed in 10.2.10, 10.1.30
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234
	NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
	NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified
	NOTE: Possibly only introduced with https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93 (mariadb-10.1.1)
	NOTE: starting to be present in mariadb-10.1.1.
CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attacke ...)
	NOT-FOR-US: ccsv
CVE-2017-15363 (Directory traversal vulnerability in public/examples/resources/getsour ...)
	NOT-FOR-US: Luracast Restler
CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...)
	NOT-FOR-US: osTicket
CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module  ...)
	NOT-FOR-US: Infineon RSA library
CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console typically  ...)
	NOT-FOR-US: 3CX Phone System
CVE-2017-15358 (Race condition in the Charles Proxy Settings suid binary in Charles Pr ...)
	NOT-FOR-US: Charles Proxy
CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 fo ...)
	NOT-FOR-US: Arq
CVE-2017-15356 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...)
	NOT-FOR-US: Huawei
CVE-2017-15355 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...)
	NOT-FOR-US: Huawei
CVE-2017-15354 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...)
	NOT-FOR-US: Huawei
CVE-2017-15353 (Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V ...)
	NOT-FOR-US: Huawei
CVE-2017-15352 (Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, ...)
	NOT-FOR-US: Huawei
CVE-2017-15351 (The 'Find Phone' function in Huawei Honor V9 play smart phones with ve ...)
	NOT-FOR-US: Huawei
CVE-2017-15350 (The Common Open Policy Service Protocol (COPS) module in Huawei DP300  ...)
	NOT-FOR-US: Huawei
CVE-2017-15349 (Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-15348 (Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-15347 (Huawei Mate 9 Pro mobile phones with software of versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-15346 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15345 (Huawei Smartphones with software LON-L29DC721B186 have a denial of ser ...)
	NOT-FOR-US: Huawei
CVE-2017-15344 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V20 ...)
	NOT-FOR-US: Huawei
CVE-2017-15343 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V20 ...)
	NOT-FOR-US: Huawei
CVE-2017-15342 (Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace ...)
	NOT-FOR-US: Huawei
CVE-2017-15341 (Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15340 (Huawei smartphones with software of TAG-AL00C92B168 have an informatio ...)
	NOT-FOR-US: Huawei
CVE-2017-15339 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...)
	NOT-FOR-US: Huawei
CVE-2017-15338 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...)
	NOT-FOR-US: Huawei
CVE-2017-15337 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...)
	NOT-FOR-US: Huawei
CVE-2017-15336 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15335 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15334 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15333 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15332 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-15331 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...)
	NOT-FOR-US: Huawei
CVE-2017-15330 (The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC ...)
	NOT-FOR-US: Huawei
CVE-2017-15329 (Huawei UMA V200R001C00 has a SQL injection vulnerability in the operat ...)
	NOT-FOR-US: Huawei
CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an authentic ...)
	NOT-FOR-US: Huawei
CVE-2017-15327 (S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01 ...)
	NOT-FOR-US: Huawei
CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algori ...)
	NOT-FOR-US: Huawei
CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier  ...)
	NOT-FOR-US: Bdat driver of Prague smart phones
CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnera ...)
	NOT-FOR-US: Huawei
CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C3 ...)
	NOT-FOR-US: Huawei
CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 a ...)
	NOT-FOR-US: Huawei
CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an informat ...)
	NOT-FOR-US: Huawei
CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V20 ...)
	NOT-FOR-US: Huawei
CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before MHA- ...)
	NOT-FOR-US: Huawei
CVE-2017-15315 (Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, N ...)
	NOT-FOR-US: Huawei
CVE-2017-15314 (Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V ...)
	NOT-FOR-US: Huawei
CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An rem ...)
	NOT-FOR-US: Huawei
CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) v ...)
	NOT-FOR-US: Huawei
CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawe ...)
	NOT-FOR-US: Huawei
CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vul ...)
	NOT-FOR-US: Huawei
CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...)
	NOT-FOR-US: Huawei
CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation vulnerabil ...)
	NOT-FOR-US: Huawei
CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than FRD-L04C ...)
	NOT-FOR-US: Huawei
CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc. ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/ac64115a66c18c01745bbd3c47a36b124e5fd8c0 (4.14-rc7)
CVE-2017-15305 (XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. ...)
	NOT-FOR-US: NexusPHP
CVE-2017-15304 (/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmwa ...)
	NOT-FOR-US: Airtame HDMI dongle
CVE-2017-15303 (In CPUID CPU-Z before 1.43, there is an arbitrary memory write that re ...)
	NOT-FOR-US: CPUID CPU-Z
CVE-2017-15302 (In CPUID CPU-Z through 1.81, there are improper access rights to a ker ...)
	NOT-FOR-US: CPUID CPU-Z
CVE-2017-15301
	RESERVED
CVE-2017-15300 (The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b  ...)
	NOT-FOR-US: EWBF Cuda Zcash Miner
CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use o ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/60ff5b2f547af3828aebafd54daded44cfb0807a (4.14-rc6)
CVE-2017-15298 (Git through 2.14.2 mishandles layers of tree objects, which allows rem ...)
	- git 1:2.16.1-1 (unimportant)
	NOTE: https://kate.io/blog/git-bomb/
	NOTE: https://github.com/Katee/git-bomb
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a937b37e766479c8e780b17cce9c4b252fd97e40
	NOTE: No practical security implications
CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP SAPContro ...)
	NOT-FOR-US: SAP
CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security Note 2478 ...)
	NOT-FOR-US: SAP
CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for read/writ ...)
	NOT-FOR-US: SAP
CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is SAP Securi ...)
	NOT-FOR-US: SAP
CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for file read ...)
	NOT-FOR-US: SAP
CVE-2017-15292
	RESERVED
CVE-2017-15291 (Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering ...)
	NOT-FOR-US: TP-LINK TL-MR3220 wireless routers
CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5 ...)
	NOT-FOR-US: Mirasys Video Management System
CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...)
	{DSA-4050-1 DLA-1559-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <ignored> (minor issue)
	NOTE: https://xenbits.xen.org/xsa/advisory-244.html
CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
	{DSA-4050-1 DLA-1559-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-243.html
CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS  ...)
	{DSA-4050-1 DLA-1559-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-242.html
CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS  ...)
	{DSA-4050-1 DLA-1549-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-241.html
CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS  ...)
	{DSA-4050-1 DLA-1559-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-240.html
CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
	{DSA-4050-1 DLA-1549-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-239.html
CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers  ...)
	{DSA-4050-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	[wheezy] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-238.html
CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS use ...)
	{DSA-4050-1 DLA-1549-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <no-dsa> (Patches too intrusive to backport)
	NOTE: https://xenbits.xen.org/xsa/advisory-237.html
CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
	{DSA-4213-1 DLA-1497-1}
	- qemu 1:2.11+dfsg-1 (bug #880832)
	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51
CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12,  ...)
	- scala 2.11.12-1 (unimportant)
	NOTE: http://scala-lang.org/news/security-update-nov17.html
	NOTE: For 2.11.x: https://github.com/scala/scala/pull/6108
	NOTE: For 2.12.x: https://github.com/scala/scala/pull/6120
	NOTE: For 2.10.x: https://github.com/scala/scala/pull/6128
	NOTE: Neutralised by kernel hardening
CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dream ...)
	NOT-FOR-US: BouquetEditor WebPlugin
CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in she ...)
	- sqlite3 3.20.1-2 (low; bug #878680)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md
	NOTE: https://www.sqlite.org/src/info/5d0ceb8dcdef92cd
CVE-2017-15285 (X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Co ...)
	NOT-FOR-US: X-Cart
CVE-2017-15284 (Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), all ...)
	NOT-FOR-US: OctoberCMS
CVE-2017-15283
	RESERVED
CVE-2017-15282
	RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...)
	{DLA-1785-1 DLA-1139-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb
CVE-2017-15280 (XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 al ...)
	NOT-FOR-US: Umbraco CMS
CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 a ...)
	NOT-FOR-US: Umbraco CMS
CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...)
	- teampass <itp> (bug #730180)
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
	{DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878578)
	- graphicsmagick 1.3.26-14
	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/592
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/923c4a525c99
	NOTE: https://github.com/neex/gifoeb
CVE-2017-15276 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-15275 (Samba before 4.7.3 might allow remote attackers to obtain sensitive in ...)
	{DSA-4043-1 DLA-1183-1}
	- samba 2:4.7.1+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html
CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does not cons ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.48-1
	[wheezy] - linux 3.2.93-1
	NOTE: Fixed by: https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5)
CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10 ...)
	- mahara <removed>
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSF ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP compone ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data befor ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans b ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by  ...)
	{DSA-4213-1}
	- qemu 1:2.11+dfsg-1 (bug #880836)
	[jessie] - qemu <not-affected> (I/O channels driver websockets introduced later)
	[wheezy] - qemu <not-affected> (I/O channels driver websockets introduced later)
	- qemu-kvm <not-affected> (I/O channels driver websockets introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1496879
	NOTE: https://bugs.launchpad.net/bugs/1718964
	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493
CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_m ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (bug #878314)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600
	NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2
CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_ex ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (bug #878314)
	[stretch] - libextractor 1:1.3-4+deb9u1
	[jessie] - libextractor 1:1.3-2+deb8u1
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
	NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...)
	{DLA-1200-1}
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
	NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of s ...)
	NOT-FOR-US: IrfanView
CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...)
	NOT-FOR-US: IrfanView
CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-aft ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.26-14
	[jessie] - graphicsmagick <not-affected> (Vulnerable code not present)
	[wheezy] - graphicsmagick <not-affected> (Vulnerable code do not exist)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=93bdb9b30076
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=df946910910d
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/469/
CVE-2017-15237
	RESERVED
CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a certain propr ...)
	NOT-FOR-US: Tiandy IP cameras
CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allo ...)
	- php-horde-gollem 3.0.12-1
	[stretch] - php-horde-gollem <no-dsa> (Minor issue)
	[jessie] - php-horde-gollem <no-dsa> (Minor issue)
	NOTE: https://blogs.securiteam.com/index.php/archives/3454
	NOTE: https://lists.horde.org/archives/announce/2017/001260.html
	NOTE: https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51
CVE-2017-15234
	RESERVED
CVE-2017-15233
	RESERVED
CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...)
	[experimental] - libjpeg-turbo 1:2.0.2-1~exp1
	- libjpeg-turbo <unfixed> (unimportant; bug #878567)
	- libjpeg6b <not-affected> (Vulnerable code not present)
	- libjpeg8 <not-affected> (Vulnerable code not present)
	- libjpeg9 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
	NOTE: https://github.com/mozilla/mozjpeg/issues/268
	NOTE: IJG libjpeg releases not affected, see https://lists.debian.org/debian-lts/2017/10/msg00061.html
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/073b0e88a192adebbb479ee2456beb089d8b5de7
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5bc43c7821df982f65aa1c738f67fbf7cba8bd69
	NOTE: Crash in CLI tools, no security impact
CVE-2017-15231
	RESERVED
CVE-2017-15230
	RESERVED
CVE-2017-15229
	RESERVED
CVE-2017-15228 (Irssi before 1.0.5, when installing themes with unterminated colour fo ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15227 (Irssi before 1.0.5, while waiting for the channel synchronisation, may ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the o ...)
	NOT-FOR-US: Zyxel
CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descript ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22212
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0
CVE-2017-15224
	RESERVED
CVE-2017-15223 (Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 a ...)
	NOT-FOR-US: ArGoSoft Mini Mail Server
CVE-2017-15222 (Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows r ...)
	NOT-FOR-US: Ayukov NFTPD
CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a cr ...)
	NOT-FOR-US: ASX to MP3 converter
CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overfl ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Script ...)
	NOT-FOR-US: dotCMS
CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/760
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844
CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...)
	[experimental] - imagemagick 8:6.9.9.34+dfsg-1
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/759
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8fa3c10977f668c92688272a4802f4477df61076
CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 a ...)
	- piwigo <removed>
CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...)
	- piwigo <removed>
CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete acti ...)
	NOT-FOR-US: MISP
CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticate ...)
	- shaarli <itp> (bug #864559)
CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an  ...)
	NOT-FOR-US: Flyspray
CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...)
	NOT-FOR-US: Flyspray
CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector cou ...)
	- wireshark 2.4.2-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056
	NOTE: https://code.wireshark.org/review/23537
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-43.html
CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector c ...)
	- wireshark 2.4.2-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code introduced in version 1.99)
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced in version 1.99)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049
	NOTE: https://code.wireshark.org/review/23470
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-42.html
CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the  ...)
	{DLA-1634-1}
	- wireshark 2.4.2-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
	NOTE: https://code.wireshark.org/review/23591
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-44.html
CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was  ...)
	- wireshark 2.4.2-1 (low)
	[stretch] - wireshark <not-affected> (Only affects 2.4)
	[jessie] - wireshark <not-affected> (Only affects 2.4)
	[wheezy] - wireshark <not-affected> (Only affects 2.4)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077
	NOTE: https://code.wireshark.org/review/23635
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html
CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an inf ...)
	- wireshark 2.4.2-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code not present)
	[wheezy] - wireshark <not-affected> (vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
	NOTE: https://code.wireshark.org/review/23663
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-46.html
	NOTE: vulnerable introduced in https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3e1828e35188e1
CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork web inter ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15187
	RESERVED
CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to (1) the  ...)
	- cacti 1.1.25+ds1-1 (bug #878304)
	[stretch] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
	[jessie] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
	NOTE: https://github.com/Cacti/cacti/issues/1010
	NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
	NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d
CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote at ...)
	{DSA-4049-1}
	- ffmpeg 7:3.4-1
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code was introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_cle ...)
	- mp3splt 2.6.2+20170630-2
	[jessie] - mp3splt <not-affected> (Vulnerable code not present)
	[wheezy] - mp3splt <not-affected> (Vulnerable code does not exist)
	- libmp3splt <removed>
	[stretch] - libmp3splt <no-dsa> (Minor issue)
	[jessie] - libmp3splt <no-dsa> (Minor issue)
	[wheezy] - libmp3splt <no-dsa> (Minor issue)
	NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
CVE-2017-15184
	RESERVED
CVE-2017-15183
	RESERVED
CVE-2017-15182
	RESERVED
CVE-2017-15181
	RESERVED
CVE-2017-15180
	RESERVED
CVE-2017-15179
	RESERVED
CVE-2017-15178
	RESERVED
CVE-2017-15177
	RESERVED
CVE-2017-15176
	RESERVED
CVE-2017-15175
	RESERVED
CVE-2017-15174
	RESERVED
CVE-2017-15173
	RESERVED
CVE-2017-15172
	RESERVED
CVE-2017-15171
	RESERVED
CVE-2017-15170
	RESERVED
CVE-2017-15169
	RESERVED
CVE-2017-15168
	RESERVED
CVE-2017-15167
	RESERVED
CVE-2017-15166
	RESERVED
CVE-2017-15165
	RESERVED
CVE-2017-15164
	RESERVED
CVE-2017-15163
	RESERVED
CVE-2017-15162
	RESERVED
CVE-2017-15161
	RESERVED
CVE-2017-15160
	RESERVED
CVE-2017-15159
	RESERVED
CVE-2017-15158
	RESERVED
CVE-2017-15157
	RESERVED
CVE-2017-15156
	RESERVED
CVE-2017-15155
	RESERVED
CVE-2017-15154
	RESERVED
CVE-2017-15153
	RESERVED
CVE-2017-15152
	RESERVED
CVE-2017-15151
	RESERVED
CVE-2017-15150
	RESERVED
CVE-2017-15149
	RESERVED
CVE-2017-15148
	RESERVED
CVE-2017-15147
	RESERVED
CVE-2017-15146
	RESERVED
CVE-2017-15145
	RESERVED
CVE-2017-15144
	RESERVED
CVE-2017-15143
	RESERVED
CVE-2017-15142
	RESERVED
CVE-2017-15141
	RESERVED
CVE-2017-15140
	RESERVED
CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...)
	[experimental] - cinder 2:13.0.0-1
	- cinder 2:13.0.0-2
	[stretch] - cinder <no-dsa> (Minor issue)
	[jessie] - cinder <not-affected> (ScaleIO Driver support does not exist)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084
	NOTE: https://bugs.launchpad.net/ossn/+bug/1699573
CVE-2017-15138 (The OpenShift Enterprise cluster-read can access webhook tokens which  ...)
	NOT-FOR-US: atomic-openshift
CVE-2017-15137 (The OpenShift image import whitelist failed to enforce restrictions co ...)
	NOT-FOR-US: atomic-openshift
CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6  ...)
	NOT-FOR-US: Red Hat Satellite 6
CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0. ...)
	- 389-ds-base 1.3.7.9-1 (bug #888451)
	[stretch] - 389-ds-base <not-affected> (Affected code was never backported)
	[jessie] - 389-ds-base <not-affected> (vulnerable code (patch for CVE-2016-5405) not applied)
CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x  ...)
	{DLA-1428-1}
	- 389-ds-base 1.3.7.9-1 (bug #888452)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9
CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...)
	- golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777)
	[stretch] - golang-github-miekg-dns <no-dsa> (Minor issue)
	NOTE: https://github.com/miekg/dns/issues/627
	NOTE: https://github.com/miekg/dns/pull/631
CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SA ...)
	{DSA-4130-1 DLA-1333-1}
	- dovecot 1:2.2.34-1 (bug #888432)
	NOTE: Fixed by: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
	NOTE: Regression fix needed on top: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22
CVE-2017-15131 (It was found that system umask policy is not being honored when creati ...)
	- xdg-user-dirs <unfixed> (unimportant)
	NOTE: The CVE relates that created directories by xdg-user-dirs might not
	NOTE: respect a system policy for user created files by setting a umask
	NOTE: system-wide in e.g. /etc/profile due to xdg-user-dirs beeing invoked
	NOTE: from Xsession scripts. This can be mitigated by e.g. using pam_umask
	NOTE: on session start and having it when xdg-user-dirs is executed.
	NOTE: In Debian xdg-user-dirs starting from 0.15-3 replaces the use of
	NOTE: /etc/X11/Xsession.d/*xdg-user-dirs-update with an autostart .desktop
	NOTE: file for user-dirs-update primarly to work as well with Wayland
	NOTE: sessions.
	NOTE: Enforcements can be achieved e.g. by using pam_umask.
	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303
CVE-2017-15130 (A denial of service flaw was found in dovecot before 2.2.34. An attack ...)
	{DSA-4130-1 DLA-1333-1}
	- dovecot 1:2.2.34-1 (bug #891820)
	NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
	NOTE: https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
	NOTE: https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21
	NOTE: https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1
	NOTE: https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f
	NOTE: https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb
	NOTE: https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1
CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code af ...)
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetl ...)
	- linux 4.13.13-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html
CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetl ...)
	- linux 3.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995
CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux kerne ...)
	- linux 4.13.10-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/384632e67e0829deb8015ee6ad916b180049d252
CVE-2017-15125 (A flaw was found in CloudForms before 5.9.0.22 in the self-service UI  ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older wa ...)
	{DSA-4213-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #884806)
	[jessie] - qemu <ignored> (invasive patch, also builds on 2.5 socket refactoring, tentative backport crashes, no other distro fix for 2.1)
	[wheezy] - qemu <postponed> (Can be fixed along in later update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/19/4
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg00796.html
CVE-2017-15123 (A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, ...)
	NOT-FOR-US: CloudForms
CVE-2017-15122
	RESERVED
CVE-2017-15121 (A non-privileged user is able to mount a fuse filesystem on RHEL 6 or  ...)
	- linux 3.11.5-1
	[wheezy] - linux <ignored> (Too much work to backport)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1520893
	NOTE: Fixed by: https://git.kernel.org/linus/5a7203947a1d9b6f3a00a39fda08c2466489555f (v3.11-rc1)
CVE-2017-15120 (An issue has been found in the parsing of authoritative answers in Pow ...)
	{DSA-4063-1}
	- pdns-recursor 4.1.0-1
	[jessie] - pdns-recursor <not-affected> (Vulnerable code introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced in 4.0.0)
	NOTE: Patch: https://downloads.powerdns.com/patches/2017-08
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html
CVE-2017-15119 (The Network Block Device (NBD) server in Quick Emulator (QEMU) before  ...)
	{DSA-4213-1}
	- qemu 1:2.11+dfsg-1 (bug #883399)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html
CVE-2017-15118 (A stack-based buffer overflow vulnerability was found in NBD server im ...)
	- qemu 1:2.11+dfsg-1 (bug #883406)
	[stretch] - qemu <not-affected> (Vulnerable code introduced in 2.10)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.10)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.10)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.10)
	NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=f37708f6b8
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
CVE-2017-15117
	REJECTED
CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before 4 ...)
	- linux 4.2.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel  ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6)
CVE-2017-15114 (When libvirtd is configured by OSP director (tripleo-heat-templates) t ...)
	- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015
	NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370
	NOTE: TLS libvirt live migration disabled in: https://review.openstack.org/#/c/519015/
	NOTE: TLS libvirt live migration introduced in: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa740c5e49994ffdd3a5aa1f43a0305c8e5a0b3a
	NOTE: Re-enabled libvirt TLS with SASL auth:
	NOTE: https://bugs.launchpad.net/tripleo/+bug/1732479
CVE-2017-15113 (ovirt-engine before version 4.1.7.6 with log level set to DEBUG includ ...)
	NOT-FOR-US: ovirt-engine
CVE-2017-15112 (keycloak-httpd-client-install versions before 0.8 allow users to insec ...)
	NOT-FOR-US: Keycloak
CVE-2017-15111 (keycloak-httpd-client-install versions before 0.8 insecurely creates t ...)
	NOT-FOR-US: Keycloak
CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...)
	- moodle <removed>
CVE-2017-15109
	RESERVED
CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...)
	- spice-vdagent 0.18.0-1 (bug #883238)
	[stretch] - spice-vdagent <no-dsa> (Minor issue)
	[jessie] - spice-vdagent <no-dsa> (Minor issue)
	[wheezy] - spice-vdagent <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864
CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq u ...)
	- dnsmasq 2.79-1 (bug #888200)
	[stretch] - dnsmasq <no-dsa> (Minor issue)
	[jessie] - dnsmasq <no-dsa> (Minor issue)
	[wheezy] - dnsmasq <no-dsa> (Minor issue)
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404
	NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be
CVE-2017-15106
	RESERVED
CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated wildcard-sy ...)
	{DLA-1676-1 DLA-1264-1}
	- unbound 1.7.1-1 (bug #887733)
	[stretch] - unbound 1.6.0-3+deb9u2
	NOTE: https://unbound.net/downloads/CVE-2017-15105.txt
	NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff
	NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be
CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json configurat ...)
	- heketi <itp> (bug #903384)
CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API han ...)
	- heketi <itp> (bug #903384)
CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the Lin ...)
	- linux 4.7.8-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux 3.2.86-1
	NOTE: Fixed by: https://git.kernel.org/linus/2fae9e5a7babada041e2e161699ade2447a01989 (4.9-rc1)
CVE-2017-15101 (A missing patch for a stack-based buffer overflow in findTable() was f ...)
	- liblouis <not-affected> (Incomplete fix not applied in Debian)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023
CVE-2017-15100 (An attacker submitting facts to the Foreman server containing HTML can ...)
	- foreman <itp> (bug #663101)
CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10 ...)
	{DSA-4028-1}
	- postgresql-10 10.1-1
	- postgresql-9.6 <removed>
	- postgresql-9.4 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5)
	- postgresql-9.1 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5)
CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset function c ...)
	{DSA-4028-1 DSA-4027-1}
	- postgresql-10 10.1-1
	- postgresql-9.6 <removed>
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code does not exist)
CVE-2017-15097 (Privilege escalation flaws were found in the Red Hat initialization sc ...)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1508985
	NOTE: Similar issues as CVE-2016-1255 in Debian
	NOT-FOR-US: Red Hat specific provides scripts for starting the database server during system boot and for initializing the database
CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null pointe ...)
	- glusterfs 3.12.2-2 (bug #880017)
	[stretch] - glusterfs <not-affected> (Vulnerable code introduced later)
	[jessie] - glusterfs <not-affected> (Vulnerable code introduced later)
	[wheezy] - glusterfs <not-affected> (Vulnerable code introduced later)
	NOTE: https://review.gluster.org/18538 (master)
	NOTE: https://review.gluster.org/18539 (release-3.10)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
	NOTE: Fixed by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac
CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...)
	{DSA-4037-1 DLA-2091-1}
	- jackson-databind 2.9.1-1
	- libjackson-json-java <unfixed>
	NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1)
	NOTE: misses the further sets of blacklists, in particular as well
	NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
	NOTE: which was already for CVE-2017-7525 but then the further tickets and patches
	NOTE: to block more dangerous types (at leas they are):
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1680
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1723
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1737
	NOTE: https://github.com/FasterXML/jackson-databind/commit/e8f043d1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/ddfddfba
	NOTE: This CVE-2017-15095 should be considered to include everything in
	NOTE: NO_DESER_CLASS_NAMES as of:
	NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
	NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3
	NOTE: For libjackson-json-java:
	NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS Recurso ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
	NOTE: https://downloads.powerdns.com/patches/2017-07/
CVE-2017-15093 (When api-config-dir is set to a non-empty value, which is not the case ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor 3.6.2-2+deb8u4
	[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced later)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
	NOTE: https://downloads.powerdns.com/patches/2017-06/
CVE-2017-15092 (A cross-site scripting issue has been found in the web interface of Po ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
	NOTE: https://downloads.powerdns.com/patches/2017-05/
CVE-2017-15091 (An issue has been found in the API component of PowerDNS Authoritative ...)
	- pdns 4.0.5-1
	[stretch] - pdns 4.0.3-1+deb9u2
	[jessie] - pdns 3.4.1-4+deb8u8
	[wheezy] - pdns <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
	NOTE: https://downloads.powerdns.com/patches/2017-04/
CVE-2017-15090 (An issue has been found in the DNSSEC validation component of PowerDNS ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
	NOTE: https://downloads.powerdns.com/patches/2017-03/
CVE-2017-15089 (It was found that the Hotrod client in Infinispan before 9.2.0.CR1 wou ...)
	NOT-FOR-US: infinispan
CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka  ...)
	- krb5 1.15.2-2 (unimportant; bug #871698)
	NOTE: https://github.com/krb5/krb5/pull/707
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
	NOTE: Red Hat eanbled the code in question in the KDC and thus having it
	NOTE: exposed as network-facing issue. For Debian and upstream the code only
	NOTE: runs on client systems, and only with a certificate that is explicitly
	NOTE: configured locally, leading to a local kinit crash if passed a crafted
	NOTE: local certificate. This is hardly has any harmful security implication.
CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not properly shi ...)
	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12163)
CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not properly shi ...)
	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12151)
CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not properly shi ...)
	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12150)
CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout C ...)
	NOT-FOR-US: Metasploit Framework
CVE-2017-15083
	REJECTED
CVE-2017-15082
	RESERVED
CVE-2017-15081 (In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlis ...)
	NOT-FOR-US: PHPSUGAR PHP Melody CMS
CVE-2017-15080
	RESERVED
CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for W ...)
	NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress
CVE-2017-15078
	REJECTED
CVE-2017-15077
	REJECTED
CVE-2017-15076
	REJECTED
CVE-2017-15075
	REJECTED
CVE-2017-15074
	REJECTED
CVE-2017-15073
	REJECTED
CVE-2017-15072
	REJECTED
CVE-2017-15071
	REJECTED
CVE-2017-15070
	REJECTED
CVE-2017-15069
	REJECTED
CVE-2017-15068
	REJECTED
CVE-2017-15067
	REJECTED
CVE-2017-15066
	REJECTED
CVE-2017-15065
	REJECTED
CVE-2017-15064
	REJECTED
CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...)
	- koji 1.16.0-1 (bug #877921)
	[stretch] - koji 1.10.0-1+deb9u1
	NOTE: https://pagure.io/koji/issue/563
	NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
CVE-2017-1000257 (An IMAP FETCH response line indicates the size of the returned data, i ...)
	{DSA-4007-1 DLA-1143-1}
	- curl 7.56.1-1
	NOTE: https://curl.haxx.se/docs/adv_20171023.html
CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad default configu ...)
	{DSA-4003-1}
	- libvirt 3.8.0-3 (bug #878799)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
	NOTE: https://security.libvirt.org/2017/0002.html
	NOTE: Broken by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ce61c16450d4992612d1fc6f39a39e79bfccead5 (master)
	NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157 (master)
CVE-2017-1000255 (On Linux running on PowerPC hardware (Power8 or later) a user process  ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/265e60a170d0a0ecfc2d20490134ed2c48dd45ab
CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-15062
	RESERVED
CVE-2017-15061
	RESERVED
CVE-2017-15060
	RESERVED
CVE-2017-15059
	RESERVED
CVE-2017-15058
	RESERVED
CVE-2017-15057
	RESERVED
CVE-2017-15056 (p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote a ...)
	- upx-ucl 3.94-4 (unimportant)
	NOTE: https://github.com/upx/upx/issues/128
	NOTE: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317
	NOTE: crash in CLI tool, no security impact
CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access control ...)
	- teampass <itp> (bug #730180)
CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass before 2.1 ...)
	- teampass <itp> (bug #730180)
CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager access cont ...)
	- teampass <itp> (bug #730180)
CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager access cont ...)
	- teampass <itp> (bug #730180)
CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass ...)
	- teampass <itp> (bug #730180)
CVE-2017-15050
	RESERVED
CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900 ...)
	NOT-FOR-US: Zoom
CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the Zoom cli ...)
	NOT-FOR-US: Zoom
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows atta ...)
	- redis 4:4.0.2-5 (bug #878076; unimportant)
	[jessie] - redis <not-affected> (Vulnerable code introduced later)
	[wheezy] - redis <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/antirez/redis/issues/4278
	NOTE: Pull request: https://github.com/antirez/redis/pull/4365
CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples i ...)
	- lame 3.99.5+repack1-8
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://sourceforge.net/p/lame/bugs/479/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3 ...)
	- lame 3.99.5+repack1-8
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://sourceforge.net/p/lame/bugs/478/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through 6. ...)
	NOT-FOR-US: DocuWare Fulltext Search server
CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS ...)
	NOT-FOR-US: Sierra Wireless AirLink routers
CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ...)
	- golang-1.9 1.9.1-1
	- golang-1.8 1.8.4-1
	[stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue, would require builds of all go packages in stable)
	[wheezy] - golang <not-affected> (Vulnerable code introduced later in version 1.1)
	NOTE: https://github.com/golang/go/issues/22134
	NOTE: https://golang.org/cl/68023
	NOTE: https://golang.org/cl/68210
	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command  ...)
	{DLA-1148-1}
	- golang-1.9 1.9.1-1
	- golang-1.8 1.8.4-1
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/
	NOTE: https://github.com/golang/go/issues/22125
	NOTE: https://golang.org/cl/68022
	NOTE: https://golang.org/cl/68190
	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15040
	RESERVED
CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a da ...)
	NOT-FOR-US: Zurmo
CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU  ...)
	{DSA-4213-1 DLA-1497-1 DLA-1129-1 DLA-1128-1}
	- qemu 1:2.10.0+dfsg-2 (bug #877890)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html
CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_s ...)
	- kfreebsd-10 <unfixed> (unimportant; bug #877903)
	NOTE: kfreebsd not covered by security support
CVE-2017-15036
	RESERVED
CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial ...)
	NOT-FOR-US: EmTec PyroBatchFTP
CVE-2017-15034
	RESERVED
CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in  ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/756
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683
CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage i ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not  ...)
	NOT-FOR-US: ARM Trusted Firmware
CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-15028
	RESERVED
CVE-2017-15027
	RESERVED
CVE-2017-15026
	RESERVED
CVE-2017-15025 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48
CVE-2017-15024 (find_abstract_instance_name in dwarf2.c in the Binary File Descriptor  ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22187
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2
CVE-2017-15023 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22200
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf
	NOTE: When this issue is fixed it is to make sure to not open CVE-2017-15939, i.e.
	NOTE: not to apply the incomplete fix. See notes on CVE-2017-15939
CVE-2017-15022 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as  ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22201
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8
CVE-2017-15021 (bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (B ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22197
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d
CVE-2017-15020 (dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as  ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22202
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5
CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init func ...)
	- lame 3.100-1
	[stretch] - lame <ignored> (Minor issue)
	[jessie] - lame <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/477/
CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malforme ...)
	- lame 3.99.5+repack1-8
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://sourceforge.net/p/lame/bugs/480/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
	NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
	{DLA-1785-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
	[stretch] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a0cef9db632ef8e1b9de4c463700c6a24d4f96ca
CVE-2017-15014 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-15013 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-15012 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-1000120 ([ERPNext][Frappe Version &lt;= 7.1.27] SQL injection vulnerability in  ...)
	NOT-FOR-US: ERPNext Frappe framework
CVE-2017-1000119 (October CMS build 412 is vulnerable to PHP code execution in the file  ...)
	NOT-FOR-US: October CMS
CVE-2017-1000118 (Akka HTTP versions &lt;= 10.0.5 Illegal Media Range in Accept Header C ...)
	NOT-FOR-US: Akka HTTP
CVE-2017-1000114 (The Datadog Plugin stores an API key to access the Datadog service in  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000113 (The Deploy to container Plugin stored passwords unencrypted as part of ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000110 (Blue Ocean allows the creation of GitHub organization folders that are ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000109 (The custom Details view of the Static Analysis Utilities based OWASP D ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000106 (Blue Ocean allows the creation of GitHub organization folders that are ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000105 (The optional Run/Artifacts permission can be enabled by setting a Java ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000104 (The Config File Provider Plugin is used to centrally manage configurat ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000103 (The custom Details view of the Static Analysis Utilities based DRY Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000102 (The Details view of some Static Analysis Utilities based plugins, was  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000098 (The net/http package's Request.ParseMultipartForm method starts writin ...)
	{DLA-1123-1}
	- golang-1.9 <not-affected> (Fixed before initial release to Debian)
	- golang-1.8 <not-affected> (Fixed before initial release to Debian)
	- golang-1.7 1.7.4-1
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
	NOTE: https://golang.org/cl/30410
	NOTE: https://golang.org/issue/17965
CVE-2017-1000097 (On Darwin, user's trust preferences for root certificates were not hon ...)
	- golang <not-affected> (OS X specific issue)
	- golang-1.7 <not-affected> (OS X specific issue)
	- golang-1.8 <not-affected> (OS X specific issue)
	- golang-1.9 <not-affected> (OS X specific issue)
	NOTE: https://github.com/golang/go/issues/18141
CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and S ...)
	- qbittorrent <not-affected> (Only affects Windows)
CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the t ...)
	- node-tough-cookie 2.3.4+dfsg-1 (bug #877660)
	NOTE: https://github.com/salesforce/tough-cookie/issues/92
	NOTE: https://nodesecurity.io/advisories/525
CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected C ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15007
	RESERVED
CVE-2017-15006
	RESERVED
CVE-2017-15005
	RESERVED
CVE-2017-15004
	RESERVED
CVE-2017-15003
	RESERVED
CVE-2017-15002
	RESERVED
CVE-2017-15001
	RESERVED
CVE-2017-15000
	RESERVED
CVE-2017-14999
	RESERVED
CVE-2017-14998
	RESERVED
CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ser ...)
	{DSA-4321-1 DLA-1456-1 DLA-1130-1}
	- graphicsmagick 1.3.26-13
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/
CVE-2017-14996
	RESERVED
CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...)
	NOT-FOR-US: WSO2 Application Server
CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote at ...)
	{DSA-4321-1 DLA-1456-1 DLA-1130-1}
	- graphicsmagick 1.3.26-13
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x be ...)
	NOT-FOR-US: OXID eShop Community Edition
CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) version ...)
	- docker.io 18.03.1+dfsg1-2 (bug #908055)
	- golang-github-vbatts-tar-split 0.10.2-1 (bug #908056)
	[stretch] - golang-github-vbatts-tar-split <no-dsa> (Minor issue)
	NOTE: Issue needs to be fixed in src:golang-github-vbatts-tar-split first
	NOTE: https://github.com/vbatts/tar-split/issues/41
	NOTE: docker.io needs then a rebuild with a fixed golang-github-vbatts-tar-split
	NOTE: version.
	NOTE: 17.12.1+dfsg-1 was the first upload (to experimental) using the fixed version
	NOTE: golang-github-vbatts-tar-split.
CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before  ...)
	- linux 4.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/3e0097499839e0fe3af380410eababe5a47c4cf9
CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...)
	NOT-FOR-US: EMC
CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...)
	{DSA-3997-1}
	- wordpress 4.8.2+dfsg-2 (bug #877629)
	[wheezy] - wordpress <ignored> (Fix requires database upgrade which is too intrusive compared to the actual benefit.)
	NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMa ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878562)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093
CVE-2017-14988 (** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2 ...)
	- openexr <unfixed> (bug #878551; unimportant)
	NOTE: https://github.com/openexr/openexr/issues/248
	NOTE: Issue in the use of openexr via ImageMagick, no real security impact
CVE-2017-14987
	RESERVED
CVE-2017-14986
	RESERVED
CVE-2017-14985 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14984 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14983 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14982
	RESERVED
CVE-2017-14981 (Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The  ...)
	NOT-FOR-US: ATutor
CVE-2017-14980 (Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attack ...)
	NOT-FOR-US: Sync Breeze Enterprise
CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an attempt to  ...)
	NOT-FOR-US: Gxlcms
CVE-2017-14978
	RESERVED
CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0 ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (low; bug #877952)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (low; bug #877954)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (low; bug #877957)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102653
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff
CVE-2017-14974 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...)
	- binutils 2.29.1-2
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by
	NOTE: a fixed 2.29.1-3 for unrelated issues.
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22163
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf
CVE-2017-14973 (IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is ...)
	NOT-FOR-US: IDenticard Two-Reader Controller Configuration Manager
CVE-2017-14972 (InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when ac ...)
	NOT-FOR-US: InFocus Mondopad
CVE-2017-14971 (Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosur ...)
	NOT-FOR-US: InFocus Mondopad
CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multip ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #877543)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
	NOTE: Not considered a security issue by upstream, see #877543
CVE-2017-14969 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14968 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14967 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14966 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14965 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14964 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14963 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitr ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC Docum ...)
	NOT-FOR-US: EMC Document Sciences xPression
CVE-2017-14959
	RESERVED
CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous  ...)
	NOT-FOR-US: PivotX
CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText be ...)
	NOT-FOR-US: BlogoText
CVE-2017-14956 (AlienVault USM v5.4.2 and earlier offers authenticated users the funct ...)
	NOT-FOR-US: AlienVault
CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles certain errors within the failed-l ...)
	- check-mk 1.2.8p26-1
	[wheezy] - check-mk <not-affected> (Vulnerable code not present)
	NOTE: http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
	NOTE: https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54
CVE-2017-14954 (The waitid implementation in kernel/exit.c in the Linux kernel through ...)
	- linux <not-affected> (Vulnerable code introduced in v4.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
CVE-2017-14953 (** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired config ...)
	NOT-FOR-US: HikVision
CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for Unico ...)
	- icu 57.1-7 (bug #878840)
	[stretch] - icu 57.1-6+deb9u1
	[jessie] - icu 52.1-8+deb8u6
	[wheezy] - icu <postponed> (Can be fixed in next update)
	NOTE: http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
	NOTE: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
CVE-2017-14951
	RESERVED
CVE-2017-14950
	RESERVED
CVE-2015-9234 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access arbi ...)
	- restlet <itp> (bug #596472)
CVE-2017-14948 (Certain D-Link products are affected by: Buffer Overflow. This affects ...)
	NOT-FOR-US: D-Link
CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitra ...)
	NOT-FOR-US: GSView (different from gv)
CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial  ...)
	NOT-FOR-US: GSView (different from gv)
CVE-2017-14945 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial  ...)
	NOT-FOR-US: GSView (different from gv)
CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...)
	NOT-FOR-US: Inedo ProGet
CVE-2017-14943 (Trapeze TransitMaster is vulnerable to information disclosure (emails  ...)
	NOT-FOR-US: Trapeze TransitMaster
CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the configura ...)
	NOT-FOR-US: Intelbras WRN 150 devices
CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ...)
	- jasperreports <undetermined> (bug #880467; bug #884131)
	[jessie] - jasperreports <ignored> (no detailed information available, only needed as build-dependency for Spring)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941
CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD)  ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe
	NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c
CVE-2017-14939 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22169
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724
	NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c
CVE-2017-14938 (_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor ( ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6
	NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/
CVE-2017-14937 (The airbag detonation algorithm allows injury to passenger-car occupan ...)
	NOT-FOR-US: passenger-car
CVE-2017-14936
	RESERVED
CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for main ...)
	NOT-FOR-US: MultiTech FaxFinder
CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly ...)
	NOT-FOR-US: Pulse Secure
CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor (BFD) libr ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22219
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b
CVE-2017-14933 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22210
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32
CVE-2017-14932 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22204
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005
CVE-2017-14931 (ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allo ...)
	NOT-FOR-US: OpenExif
CVE-2017-14930 (Memory leak in decode_line_info in dwarf2.c in the Binary File Descrip ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22191
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e
CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object::dictL ...)
	- poppler 0.61.1-2 (bug #877222)
	[stretch] - poppler 0.48.0-2+deb9u2
	[jessie] - poppler <ignored> (Minor impact, too intrusive to backport)
	[wheezy] - poppler <ignored> (unreproducible, requires API change which appears to be too intrusive in this case.)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d
CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
	- poppler 0.61.1-2 (low; bug #877231)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
	[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=1316c7a41f4dd7276f404f775ebb5fef2d24ab1c
CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutp ...)
	- poppler 0.61.1-2 (low; bug #877237)
	[stretch] - poppler <not-affected> (Vulnerable code introduced in 0.49)
	[jessie] - poppler <not-affected> (Vulnerable code introduced in 0.49)
	[wheezy] - poppler <not-affected> (Vulnerable code introduced in 0.49)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d
CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
	- poppler 0.61.1-2 (low; bug #877239)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
	[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb
CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
	NOT-FOR-US: Tiki
CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
	NOT-FOR-US: Tiki
CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine  ...)
	NOT-FOR-US: Tine groupware
CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...)
	NOT-FOR-US: Tine groupware
CVE-2017-14921 (Stored XSS vulnerability via IMG element at "Filename" of Filemanager  ...)
	NOT-FOR-US: Tine groupware
CVE-2017-14920 (Stored XSS vulnerability in eGroupware Community Edition before 16.1.2 ...)
	NOT-FOR-US: eGroupware
CVE-2017-14919 (Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ...)
	- nodejs <not-affected> (Debian didn't use an affected zlib version)
	NOTE: Debian doesn't use zlib 1.2.9 yet
	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14915 (In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14913 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14912 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14911 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14910 (In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm closed-source components on Android
CVE-2017-14906 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android MediaServer
CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android
CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android
CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android
CVE-2017-14894 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14893 (While flashing meta image, a buffer over-read may potentially occur wh ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14890 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14889 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14888 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14887 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14886
	RESERVED
CVE-2017-14885 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in Andro ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in An ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14880 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14877 (While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD A ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE i ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14874
	RESERVED
CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14871
	RESERVED
CVE-2017-14870 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14869 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows  ...)
	- restlet <itp> (bug #596472)
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
	- exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet; only affected experimental; bug #880015)
	NOTE: https://github.com/Exiv2/exiv2/issues/140
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function o ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888865)
	NOTE: https://github.com/Exiv2/exiv2/issues/134
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
	NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULon ...)
	{DLA-1147-1}
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/73
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
CVE-2017-14863 (A NULL pointer dereference was discovered in Exiv2::Image::printIFDStr ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888866)
	NOTE: https://github.com/Exiv2/exiv2/issues/132
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::DataVal ...)
	{DLA-1147-1}
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/75
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786
	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
CVE-2017-14861 (There is a stack consumption vulnerability in the Exiv2::Internal::str ...)
	- exiv2 <not-affected> (printIFDStructure introduced in 0.26; only affected experimental; bug #880027)
	NOTE: https://github.com/Exiv2/exiv2/issues/139
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
CVE-2017-14860 (There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMet ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888867)
	NOTE: https://github.com/Exiv2/exiv2/issues/71
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
	NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::StringV ...)
	{DLA-1147-1}
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/74
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
	- exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134)
	NOTE: https://github.com/Exiv2/exiv2/issues/138
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...)
	- exiv2 <not-affected> (Vulnerable code not present; only affected experimental; bug #888869)
	NOTE: https://github.com/Exiv2/exiv2/issues/76
	NOTE: https://github.com/Exiv2/exiv2/issues/124
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
CVE-2017-14856
	RESERVED
CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Red Lion HMI
CVE-2017-14854 (A stack buffer overflow exists in one of the Orpak SiteOmat CGI compon ...)
	NOT-FOR-US: Orpak SiteOmat
CVE-2017-14853 (The Orpak SiteOmat OrCU component is vulnerable to code injection, for ...)
	NOT-FOR-US: Orpak SiteOmat
CVE-2017-14852 (An insecure communication was found between a user and the Orpak SiteO ...)
	NOT-FOR-US: Orpak SiteOmat
CVE-2017-14851 (A SQL injection vulnerability exists in all Orpak SiteOmat versions pr ...)
	NOT-FOR-US: Orpak SiteOmat
CVE-2017-14850 (All known versions of the Orpak SiteOmat web management console is vul ...)
	NOT-FOR-US: Orpak SiteOmat
CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...)
	- nodejs <not-affected> (Vulnerable code introduced in 8.5.0)
	NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
	NOTE: https://twitter.com/nodejs/status/913131152868876288
CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL In ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL In ...)
	NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress
CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...)
	NOT-FOR-US: Mojoomla Hospital Management System for WordPress
CVE-2017-14845 (Mojoomla WPCHURCH Church Management System for WordPress allows SQL In ...)
	NOT-FOR-US: Mojoomla WPCHURCH Church Management System for WordPress
CVE-2017-14844 (Mojoomla WPGYM WordPress Gym Management System allows SQL Injection vi ...)
	NOT-FOR-US: Mojoomla WPGYM WordPress Gym Management System
CVE-2017-14843 (Mojoomla School Management System for WordPress allows SQL Injection v ...)
	NOT-FOR-US: Mojoomla School Management System for WordPress
CVE-2017-14842 (Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL I ...)
	NOT-FOR-US: Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress
CVE-2017-14841 (Mojoomla Annual Maintenance Contract (AMC) Management System allows Ar ...)
	NOT-FOR-US: Mojoomla Annual Maintenance Contract (AMC) Management System
CVE-2017-14840 (TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. ...)
	NOT-FOR-US: TeamWork TicketPlus
CVE-2017-14839 (TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and ...)
	NOT-FOR-US: TeamWork Photo Fusion
CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and c ...)
	NOT-FOR-US: TeamWork Job Links
CVE-2017-14837 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14836 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14835 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14834 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14833 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14832 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14831 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14830 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14829 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14828 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14827 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14826 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14825 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14824 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14823 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14822 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14821 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14820 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14819 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14818 (This vulnerability allows remote attackers to disclose sensitive on vu ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14817
	REJECTED
CVE-2017-14816
	REJECTED
CVE-2017-14815
	REJECTED
CVE-2017-14814
	REJECTED
CVE-2017-14813
	REJECTED
CVE-2017-14812
	REJECTED
CVE-2017-14811
	REJECTED
CVE-2017-14810
	REJECTED
CVE-2017-14809
	REJECTED
CVE-2017-14808
	REJECTED
CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command  ...)
	NOT-FOR-US: SUSE Studio
CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...)
	NOT-FOR-US: SUSE Studio
CVE-2017-14805
	RESERVED
CVE-2017-14804 (The build package before 20171128 did not check directory names during ...)
	- obs-build 20180302-1 (bug #887306)
	[stretch] - obs-build 20160921-1+deb9u1
	[jessie] - obs-build <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1069904
CVE-2017-14803 (In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server w ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-14802 (Novell Access Manager Admin Console and IDP servers before 4.3.3 have  ...)
	NOT-FOR-US: Novell Access Manager Admin Console
CVE-2017-14801 (Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attacke ...)
	NOT-FOR-US: NetIQ
CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access Manager be ...)
	NOT-FOR-US: NetIQ
CVE-2017-14799 (A cross site scripting attack in handling the ESP login parameter hand ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-14798 (A race condition in the postgresql init script could be used by attack ...)
	NOT-FOR-US: SuSE-specific flaw in Postgres init script
CVE-2017-14797 (Lack of Transport Encryption in the public API in Philips Hue Bridge B ...)
	NOT-FOR-US: Philips Hue
CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remot ...)
	NOT-FOR-US: libbpg
CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remot ...)
	NOT-FOR-US: libbpg
CVE-2017-14794
	REJECTED
CVE-2017-14793
	REJECTED
CVE-2017-14792
	REJECTED
CVE-2017-14791
	REJECTED
CVE-2017-14790
	REJECTED
CVE-2017-14789
	REJECTED
CVE-2017-14788
	REJECTED
CVE-2017-14787
	REJECTED
CVE-2017-14786
	REJECTED
CVE-2017-14785
	REJECTED
CVE-2017-14784
	REJECTED
CVE-2017-14783
	REJECTED
CVE-2017-14782
	REJECTED
CVE-2017-14781
	REJECTED
CVE-2017-14780
	REJECTED
CVE-2017-14779
	REJECTED
CVE-2017-14778
	REJECTED
CVE-2017-14777
	REJECTED
CVE-2017-14776
	REJECTED
CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...)
	NOT-FOR-US: Laravel
CVE-2017-14774
	RESERVED
CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14772 (Skybox Manager Client Application is prone to information disclosure v ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to an arbi ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to an info ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14769
	RESERVED
CVE-2017-14768
	RESERVED
CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c i ...)
	{DSA-3996-1 DLA-1630-1}
	- ffmpeg 7:3.3.4-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d
	NOTE: Fixed in 3.2.8
	NOTE: The check is completely missing in Jessie. It should be added.
CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an Aut ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in  ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14764 (In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated use ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14763 (In the Install Themes page in GeniXCMS 1.1.4, remote authenticated use ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14762 (In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS  ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14761 (In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the  ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php in the ev ...)
	NOT-FOR-US: Event Espresso Lite
CVE-2017-14759 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14757 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14756 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14755 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14754 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10 ...)
	- mahara <removed>
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8083
CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14750
	RESERVED
CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: JerryScript
CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...)
	NOT-FOR-US: Blizzard Overwatch
CVE-2017-14747
	RESERVED
CVE-2017-14746 (Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote a ...)
	{DSA-4043-1}
	- samba 2:4.7.1+dfsg-2
	[wheezy] - samba <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html
CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...)
	- binutils 2.29-11
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=94670f6cf11fc29cc6db6814b38c4305d9bcac96 (master)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6ff33ca50c1180725dde11c84ee93fcdb4235ef (binutils-2_29-branch)
CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x  ...)
	{DSA-3984-1 DLA-1120-1}
	- git 1:2.14.2-1 (bug #876854)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
	NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. ...)
	NOT-FOR-US: UEditor
CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL inje ...)
	NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices
CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...)
	NOT-FOR-US: LabF nfsAxe
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089
	NOTE: Requires additional fixes:
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bbc582d5439a7f9338c6bdc8c34b1ae221ae5214
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/67a633df9386704f45d1ad24f7f5af8a5d11f4a3
CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL injec ...)
	NOT-FOR-US: FileRun
CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in  ...)
	{DLA-1125-1}
	- botan1.10 1.10.17-0.1 (bug #877436)
	[stretch] - botan1.10 <no-dsa> (Minor issue)
	[jessie] - botan1.10 <no-dsa> (Minor issue)
	NOTE: https://github.com/randombit/botan/issues/1222
	NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
	NOTE: for 1.10: https://github.com/randombit/botan/commit/aeb87170d1b9013b079c300c8858bad477d30bd4
	NOTE: for 2.x: https://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da
CVE-2017-14736
	RESERVED
CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstr ...)
	NOT-FOR-US: OWASP AntiSamy
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...)
	NOT-FOR-US: libbpg
CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE h ...)
	{DSA-4321-1 DLA-1401-1 DLA-1130-1}
	- graphicsmagick 1.3.26-13
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/
CVE-2017-14732
	RESERVED
CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attack ...)
	{DLA-1192-1}
	- libofx 1:0.9.11-5 (bug #877442)
	[stretch] - libofx 1:0.9.10-2+deb9u1
	[jessie] - libofx 1:0.9.10-1+deb8u1
	NOTE: https://github.com/libofx/libofx/issues/10
	NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd
CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before 5. ...)
	NOT-FOR-US: Gentoo packagin flaw for Logstash
CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...)
	- binutils 2.29.1-2
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by
	NOTE: a fixed 2.29.1-3 for unrelated issues.
	NOTE: https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22170
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
CVE-2017-14728 (An authentication bypass was found in an unknown area of the SiteOmat  ...)
	NOT-FOR-US: Orpak SiteOmat
CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...)
	{DSA-3997-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/41395
CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect at ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41398
CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...)
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u1
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/41448
CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41470
	NOTE: https://core.trac.wordpress.org/changeset/41496
	NOTE: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
	NOTE: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
	NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
	NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack i ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41397
CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the pl ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack  ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversa ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41457
CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site Script ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41393
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash v ...)
	{DLA-1111-1}
	- weechat 1.9.1-1 (bug #876553)
	[stretch] - weechat 1.6-1+deb9u2
	[jessie] - weechat 1.0.1-1+deb8u2
	NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Descripti ...)
	NOT-FOR-US: EPESI
CVE-2017-14716 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title par ...)
	NOT-FOR-US: EPESI
CVE-2017-14715 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Ti ...)
	NOT-FOR-US: EPESI
CVE-2017-14714 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subj ...)
	NOT-FOR-US: EPESI
CVE-2017-14713 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Desc ...)
	NOT-FOR-US: EPESI
CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...)
	NOT-FOR-US: EPESI
CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- ak ...)
	NOT-FOR-US: Kickbase GmbH "Kickbase Bundesliga Manager"
CVE-2017-14710 (The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashi ...)
	NOT-FOR-US: Fashion Shopping app
CVE-2017-14709 (The komoot GmbH "Komoot - Cycling &amp; Hiking Maps" app before 9.3.2  ...)
	NOT-FOR-US: Cycling & Hiking Maps app
CVE-2017-14708
	RESERVED
CVE-2017-14707
	RESERVED
CVE-2017-14706 (DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to ob ...)
	NOT-FOR-US: DenyAll WAF
CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command executi ...)
	NOT-FOR-US: DenyAll WAF
CVE-2017-14704 (Multiple unrestricted file upload vulnerabilities in the (1) imageSubm ...)
	NOT-FOR-US: Claydip Laravel Airbnb Clone
CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows  ...)
	NOT-FOR-US: Cash Back Comparison Script
CVE-2017-14702 (ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: ERS Data System
CVE-2017-14701
	RESERVED
CVE-2017-14700
	RESERVED
CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud feat ...)
	NOT-FOR-US: ASUS routers
CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC5 ...)
	NOT-FOR-US: ASUS routers
CVE-2017-14697
	RESERVED
CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7 ...)
	- salt 2016.11.8+dfsg1-1 (bug #879090)
	[stretch] - salt 2016.11.2+ds-1+deb9u1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/89e084bda356739de645c15e7d1968afebdcc56e (2016.11)
CVE-2017-14695 (Directory traversal vulnerability in minion id validation in SaltStack ...)
	- salt 2016.11.8+dfsg1-1 (bug #879089)
	[stretch] - salt 2016.11.2+ds-1+deb9u1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/206ae23f15cb7ec95a07dee4cbe9802da84f9c42 (2016.11)
CVE-2017-14694 (Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013  ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14693 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...)
	NOT-FOR-US: IrfanView
CVE-2017-14692 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14691 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14690 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14689 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...)
	{DSA-4006-1 DLA-1164-1}
	- mupdf 1.11+ds1-1.1 (bug #877379)
	[jessie] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
	NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions
CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...)
	{DSA-4006-1}
	- mupdf 1.11+ds1-1.1 (bug #877379)
	[jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...)
	{DSA-4006-1}
	- mupdf 1.11+ds1-1.1 (bug #877379)
	[jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff
CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated b ...)
	NOT-FOR-US: geminabox
CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote  ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #876488)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file aft ...)
	- p3scan <removed> (bug #876674)
	[stretch] - p3scan <ignored> (Minor issue)
	[jessie] - p3scan <ignored> (Minor issue)
	[wheezy] - p3scan <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/p3scan/bugs/33/
CVE-2017-14680 (ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: ZKTeco ZKTime Web
CVE-2017-14679
	REJECTED
CVE-2017-14678
	REJECTED
CVE-2017-14677
	REJECTED
CVE-2017-14676
	REJECTED
CVE-2017-14675
	REJECTED
CVE-2017-14674
	REJECTED
CVE-2017-14673
	REJECTED
CVE-2017-14672
	REJECTED
CVE-2017-14671
	REJECTED
CVE-2017-14670
	REJECTED
CVE-2017-14669
	REJECTED
CVE-2017-14668
	REJECTED
CVE-2017-14667
	REJECTED
CVE-2017-14666
	REJECTED
CVE-2017-14665
	REJECTED
CVE-2017-14664
	REJECTED
CVE-2017-14663
	REJECTED
CVE-2017-14662
	REJECTED
CVE-2017-14661
	REJECTED
CVE-2017-14660
	REJECTED
CVE-2017-14659
	REJECTED
CVE-2017-14658
	REJECTED
CVE-2017-14657
	REJECTED
CVE-2017-14656
	REJECTED
CVE-2017-14655
	REJECTED
CVE-2017-14654
	RESERVED
CVE-2017-14653 (member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticat ...)
	NOT-FOR-US: ASP4CMS AspCMS
CVE-2017-14652 (SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tap ...)
	NOT-FOR-US: Tapatalk plugin for MyBB
CVE-2017-14651 (WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_colle ...)
	NOT-FOR-US: WSO2 Data Analytics Server
CVE-2017-14649 (ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does  ...)
	- graphicsmagick 1.3.26-12 (unimportant; bug #876460)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a
	NOTE: https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/439/
CVE-2017-14648 (A global buffer overflow was discovered in the iteration_loop function ...)
	NOT-FOR-US: BladeEnc
CVE-2017-14647 (A heap-based buffer overflow was discovered in AP4_VisualSampleEntry:: ...)
	NOT-FOR-US: Bento4
CVE-2017-14646 (The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617  ...)
	NOT-FOR-US: Bento4
CVE-2017-14645 (A heap-based buffer over-read was discovered in AP4_BitStream::ReadByt ...)
	NOT-FOR-US: Bento4
CVE-2017-14644 (A heap-based buffer overflow was discovered in the AP4_HdlrAtom class  ...)
	NOT-FOR-US: Bento4
CVE-2017-14643 (The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0 ...)
	NOT-FOR-US: Bento4
CVE-2017-14642 (A NULL pointer dereference was discovered in the AP4_HdlrAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14641 (A NULL pointer dereference was discovered in the AP4_DataAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14640 (A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetS ...)
	NOT-FOR-US: Bento4
CVE-2017-14639 (AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 ...)
	NOT-FOR-US: Bento4
CVE-2017-14638 (AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Be ...)
	NOT-FOR-US: Bento4
CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb f ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 5)
CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffff ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4 ...)
	{DSA-4021-1 DLA-1119-1}
	- otrs2 5.0.23-1 (bug #876462)
	NOTE: https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/b69c2533c951fa72bfe238f255ce76352f054897 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/b92ec17196ac3e1fdcab40fbb16dbb602d5d52b5 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/3ccc426ec220267d0cac8e3fdc39015a3db7d720 (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/f27dc65e4a937ba832d60e212ce6c9e3a28e406b (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/454c50116c2bf82dcd9dfee9146a7416be686875 (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/5468720cc8225a85699b1977ff230adbf9f8362d (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3)
	NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Horde_Imag ...)
	{DSA-4276-1 DLA-1395-1}
	- php-horde-image 2.5.2-1 (bug #876400)
	NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
	NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (bug #876783)
	[stretch] - libsndfile <ignored> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/318
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
	{DSA-4113-1 DLA-2039-1 DLA-1368-1}
	- libvorbis 1.3.5-4.1 (bug #876778)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
	NOTE: https://github.com/xiph/vorbis/pull/34
	NOTE: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uni ...)
	{DSA-4113-1 DLA-1368-1}
	- libvorbis 1.3.5-4.1 (bug #876779)
	[jessie] - libvorbis <not-affected> (Vulnerable code not present)
	[wheezy] - libvorbis <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328
	NOTE: https://github.com/xiph/vorbis/issues/29
	NOTE: https://github.com/xiph/vorbis/pull/34
CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integ ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 1)
CVE-2017-14630 (In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 func ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 6)
CVE-2017-14629 (In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integ ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 3)
CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadIma ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 2)
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote  ...)
	NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
	{DLA-1785-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
	[stretch] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
	{DLA-1785-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
	[stretch] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
	{DLA-1785-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
	[stretch] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
CVE-2017-14623 (In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker ...)
	- golang-github-go-ldap-ldap 2.5.1-1 (low; bug #876404)
	[stretch] - golang-github-go-ldap-ldap 2.4.1-1+deb9u1
	NOTE: https://github.com/go-ldap/ldap/pull/126
	NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66
CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon  ...)
	NOT-FOR-US: 2kb Amazon Affiliates Store plugin for WordPress
CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead. ...)
	NOT-FOR-US: Portus
CVE-2017-14620 (SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP L ...)
	NOT-FOR-US: SmarterStats
CVE-2017-14619 (Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 all ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFA ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-14617 (In Poppler 0.59.0, a floating point exception occurs in the ImageStrea ...)
	{DLA-1116-1}
	- poppler 0.61.1-2 (bug #876385)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <ignored> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102854
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=939465c40902d72e0c05d4f3a27ee67e4a007ed7
	NOTE: The patch applied in 0.48.0-2+deb9u1 (stretch) and 0.26.5-2+deb8u2 (jessie)
	NOTE: does not completely fix the issue thus still marked as unfixed even if the
	NOTE: CVE is recorded in debian/changelog.
CVE-2015-9232 (The Good for Enterprise application 3.0.0.415 for Android does not use ...)
	NOT-FOR-US: Good for Enterprise application for Android
CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. I ...)
	NOT-FOR-US: WatchGuard Fireware
CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. W ...)
	NOT-FOR-US: WatchGuard Fireware
CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in GridGain ...)
	NOT-FOR-US: GridGain
CVE-2017-14613
	RESERVED
CVE-2017-14612 ("Shpock Boot Sale &amp; Classifieds" app before 3.17.0 -- aka shpock-b ...)
	NOT-FOR-US: Book sale app
CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote att ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 a ...)
	- bareos <unfixed> (low; bug #877334)
	[buster] - bareos <ignored> (Minor issue)
	[stretch] - bareos <ignored> (Minor issue)
	[jessie] - bareos <no-dsa> (Minor issue)
	NOTE: https://bugs.bareos.org/view.php?id=847
CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file after ...)
	- kannel <not-affected> (No real security issue in combination with start-stop-daemon from dpkg, see #877361)
	NOTE: https://redmine.kannel.org/issues/771
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...)
	{DLA-1109-1}
	- libraw 0.18.5-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
	NOTE: https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to Read ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878527)
	NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
CVE-2017-14606
	RESERVED
CVE-2017-14605
	RESERVED
CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords  ...)
	NOT-FOR-US: iTerm2
CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by ...)
	{DSA-3994-1}
	- nautilus 3.25.90-1 (bug #860268)
	[jessie] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
	[wheezy] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
	NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
	NOTE: https://github.com/freedomofpress/securedrop/issues/2238
	NOTE: https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0
CVE-2017-14603 (In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before  ...)
	{DSA-3990-1}
	- asterisk 1:13.17.2~dfsg-1 (bug #876328)
	[wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252
CVE-2017-14602 (A vulnerability has been identified in the management interface of Cit ...)
	NOT-FOR-US: Citrix
CVE-2017-14601 (Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms ...)
	NOT-FOR-US: Pragyan CMS
CVE-2017-14600 (Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/ ...)
	NOT-FOR-US: Pragyan CMS
CVE-2017-14599
	RESERVED
CVE-2017-14598
	RESERVED
CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the  ...)
	NOT-FOR-US: AfterLogic WebMail
CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authenticatio ...)
	NOT-FOR-US: Joomla!
CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the  ...)
	NOT-FOR-US: Joomla!
CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ve ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs i ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4. ...)
	NOT-FOR-US: Atlassian
CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial reposito ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...)
	NOT-FOR-US: Atlassian
CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and Cru ...)
	NOT-FOR-US: Atlassian
CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...)
	NOT-FOR-US: Atlassian
CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to remot ...)
	NOT-FOR-US: Atlassian
CVE-2017-14584
	RESERVED
CVE-2017-14583 (NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are ...)
	NOT-FOR-US: NetApp Clustered Data ONTAP
CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for A ...)
	NOT-FOR-US: Zoho
CVE-2017-XXXX [pcb code injection by malicious layout file]
	- pcb-rnd 1.2.5-2 (bug #876540)
	[stretch] - pcb-rnd 1.1.4-2
CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5  ...)
	NOT-FOR-US: SAP
CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14578 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...)
	NOT-FOR-US: IrfanView
CVE-2017-14577 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14576 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14575 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14574 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14573 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14572 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14571 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14570 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14569 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14568 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14567 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14566 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14565 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14564 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14563 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14562 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14561 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14560 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14559 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14558 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14557 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14556 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14555 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14554 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14553 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14552 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14551 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14550 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14549 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14548 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14547 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14546 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14545 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14544 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14543 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14542 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14541 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14540 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...)
	NOT-FOR-US: IrfanView
CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...)
	NOT-FOR-US: IrfanView
CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14537 (trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter t ...)
	NOT-FOR-US: trixbox
CVE-2017-14536 (trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user ...)
	NOT-FOR-US: trixbox
CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacters in t ...)
	NOT-FOR-US: trixbox
CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via t ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/648
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...)
	{DLA-1785-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
	[stretch] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590
CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in c ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/718
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1385a09732c261f1f403a9af6700979ca56c76d3
CVE-2017-14530 (WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordP ...)
	NOT-FOR-US: Crony Cronjob Manager plugin for WordPress
CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Descripto ...)
	- binutils 2.29-10
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22113
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #878544)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560
CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...)
	NOT-FOR-US: OpenText Documentum Webtop
CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...)
	NOT-FOR-US: OpenText Documentum Administrator
CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6 ...)
	NOT-FOR-US: OpenText Documentum Webtop
CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum Administ ...)
	NOT-FOR-US: OpenText Documentum Administrator
CVE-2017-14523 (** DISPUTED **  WonderCMS 2.3.1 is vulnerable to an HTTP Host header i ...)
	NOT-FOR-US: WonderCMS
CVE-2017-14522 (** DISPUTED **  In WonderCMS 2.3.1, the application's input fields acc ...)
	NOT-FOR-US: WonderCMS
CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random applicatio ...)
	NOT-FOR-US: WonderCMS
CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in Splash::scaleI ...)
	{DSA-4079-1}
	- poppler 0.61.1-2 (low; bug #876081)
	[wheezy] - poppler <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102719
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262
CVE-2017-14519 (In Poppler 0.59.0, memory corruption occurs in a call to Object::strea ...)
	{DSA-4079-1 DLA-1116-1}
	- poppler 0.61.1-2 (bug #876086)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102701
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee
CVE-2017-14518 (In Poppler 0.59.0, a floating point exception exists in the isImageInt ...)
	{DSA-4079-1}
	- poppler 0.61.1-2 (low; bug #876082)
	[wheezy] - poppler <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102688
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2
CVE-2017-14517 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::pars ...)
	{DSA-4079-1 DLA-1116-1}
	- poppler 0.61.1-2 (low; bug #876079)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f
CVE-2017-14516 (Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Co ...)
	NOT-FOR-US: SAP Business Objects Financial Consolidation
CVE-2017-14515 (Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 all ...)
	NOT-FOR-US: Tenda W15E devices
CVE-2017-14514 (Directory Traversal on Tenda W15E devices before 15.11.0.14 allows rem ...)
	NOT-FOR-US: Tenda W15E devices
CVE-2017-14513 (Directory traversal vulnerability in MetInfo 5.3.17 allows remote atta ...)
	NOT-FOR-US: MetInfo
CVE-2017-14512 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via t ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14511 (An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through ...)
	NOT-FOR-US: SAP
CVE-2017-14510 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...)
	NOT-FOR-US: SugarCRM
CVE-2017-14509 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...)
	NOT-FOR-US: SugarCRM
CVE-2017-14508 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...)
	NOT-FOR-US: SugarCRM
CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitt ...)
	NOT-FOR-US: Twitter iOS client
CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline plugin  ...)
	NOT-FOR-US: Content Timeline plugin for WordPress
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
	NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure  ...)
	{DSA-4321-1 DLA-1456-1 DLA-1130-1}
	- graphicsmagick 1.3.26-11
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/466/
CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_da ...)
	{DSA-4360-1 DLA-1600-1}
	- libarchive 3.2.2-4.1 (bug #875960)
	[wheezy] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/948
	NOTE: https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14
CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 s ...)
	{DSA-4360-1 DLA-1600-1}
	- libarchive 3.2.2-4.1 (bug #875974)
	[wheezy] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in archive_read_s ...)
	{DSA-4360-1 DLA-1600-1}
	- libarchive 3.2.2-4.2 (bug #875966)
	[wheezy] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/949
	NOTE: https://github.com/libarchive/libarchive/commit/f9569c086ff29259c73790db9cbf39fe8fb9d862
CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in t ...)
	{DSA-3977-1 DLA-1104-1}
	- newsbeuter 2.9-7 (bug #876004)
	NOTE: http://openwall.com/lists/oss-security/2017/09/16/1
	NOTE: newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
	NOTE: master: https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
	NOTE: https://github.com/akrennmair/newsbeuter/issues/598
CVE-2017-14499
	RESERVED
CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mish ...)
	NOT-FOR-US: SilverStripe CMS
CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...)
	- linux 4.12.13-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13)
CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq before 2 ...)
	- dnsmasq 2.78-1
	[stretch] - dnsmasq 2.76-5+deb9u1
	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id o ...)
	- dnsmasq 2.78-1
	[stretch] - dnsmasq 2.76-5+deb9u1
	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote attacke ...)
	{DSA-3989-1 DLA-1124-1}
	- dnsmasq 2.78-1
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows remote attac ...)
	{DSA-3989-1}
	- dnsmasq 2.78-1
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote attack ...)
	{DSA-3989-1 DLA-1124-1}
	- dnsmasq 2.78-1
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote attack ...)
	{DSA-3989-1 DLA-1124-1}
	- dnsmasq 2.78-1
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=62cb936cb7ad5f219715515ae7d32dd281a5aa1f
CVE-2017-14490
	RESERVED
CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: https://patchwork.kernel.org/patch/9923803/
	NOTE: Fixed by: https://git.kernel.org/linus/c88f0e6b06f4092995688211a631bb436125d77b
CVE-2017-14488
	RESERVED
CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote attackers to  ...)
	NOT-FOR-US: OhMiBod Remote app
CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the Vibease C ...)
	NOT-FOR-US: Vibease Wireless Remote Vibrator app
CVE-2017-14485
	RESERVED
CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Int ...)
	NOT-FOR-US: Gentoo packaging flaw in gimps
CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 f ...)
	- flower <not-affected> (Gentoo-specific issue, Debian doesn't provide an init script at all)
CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...)
	- kubernetes <not-affected> (Vulnerable code not yet present)
CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation v1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002027 (Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002026 (Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, Th ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002025 (Vulnerability in wordpress plugin add-edit-delete-listing-for-member-m ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002023 (Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code d ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002022 (Vulnerability in wordpress plugin surveys v1.01.8, The code in questio ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002021 (Vulnerability in wordpress plugin surveys v1.01.8, The code in individ ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002020 (Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_ ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002019 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002018 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002017 (Vulnerability in wordpress plugin gift-certificate-creator v1.0, The c ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002016 (Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002015 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002014 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002013 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002012 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002011 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002010 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002009 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002008 (Vulnerability in wordpress plugin membership-simplified-for-oap-member ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002007 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002006 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002005 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/de ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002004 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/do ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002003 (Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002002 (Vulnerability in wordpress plugin webapp-builder v2.0, The plugin incl ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002000 (Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easyt ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi- ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Re ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14473 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14472 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14471 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14470 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14469 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14468 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14467 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14466 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14465 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14464 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14463 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14462 (An exploitable access control vulnerability exists in the data, progra ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14461 (A specially crafted email delivered over SMTP and passed on to Dovecot ...)
	{DSA-4130-1 DLA-1333-1}
	- dovecot 1:2.2.34-1 (bug #891819)
	NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
	NOTE: https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4
	NOTE: https://github.com/dovecot/core/commit/8d65e2345e1dbedb00b662ee0abd05be2e7e6b7e
	NOTE: https://github.com/dovecot/core/commit/b72d864b8c34cb21076214c0b28101baec530141
	NOTE: https://github.com/dovecot/core/commit/e9b86842441a668b30796bff7d60828614570a1b
	NOTE: https://github.com/dovecot/core/commit/f5cd17a27f0b666567747f8c921ebe1026970f11
	NOTE: https://github.com/dovecot/core/commit/18a7a161c8dae6f630770a3cbab7374a0c3dd732
	NOTE: https://github.com/dovecot/core/commit/0ed696987e5e5d44e971da2a10f6275b276ece34
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0510
CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist vulnera ...)
	- parity <itp> (bug #890550)
CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the Telnet ...)
	NOT-FOR-US: Moxa
CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...)
	- cpp-etherum <itp> (bug #860434)
CVE-2017-14456
	REJECTED
CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially  ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14454
	RESERVED
CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, specially  ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14451
	RESERVED
CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
	NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84
CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering function ...)
	{DSA-4177-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 <not-affected> (Vulnerable code not present)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
	NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF image re ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
	NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability exists in Ins ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon Hub run ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon Hub run ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14443 (An exploitable information leak vulnerability exists in Insteon Hub ru ...)
	NOT-FOR-US: Insteon Hub
CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image re ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
	NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO image re ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
	NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM image r ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
	NOTE: https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c
CVE-2017-14439 (Exploitable denial of service vulnerabilities exists in the Service Ag ...)
	NOT-FOR-US: Moxa
CVE-2017-14438 (Exploitable denial of service vulnerabilities exists in the Service Ag ...)
	NOT-FOR-US: Moxa
CVE-2017-14437 (An exploitable denial of service vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-14436 (An exploitable denial of service vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-14435 (An exploitable denial of service vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-14434 (An exploitable command injection vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-14433 (An exploitable command injection vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-14432 (An exploitable command injection vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-14430 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14429 (The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114 ...)
	NOT-FOR-US: D-Link
CVE-2017-14428 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14427 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14426 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14425 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14424 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14423 (htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmw ...)
	NOT-FOR-US: D-Link
CVE-2017-14422 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...)
	NOT-FOR-US: D-Link
CVE-2017-14421 (D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have ...)
	NOT-FOR-US: D-Link
CVE-2017-14420 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with fi ...)
	NOT-FOR-US: D-Link
CVE-2017-14419 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with fi ...)
	NOT-FOR-US: D-Link
CVE-2017-14418 (The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850 ...)
	NOT-FOR-US: D-Link
CVE-2017-14417 (register_send.php on D-Link DIR-850L REV. B (with firmware through FW2 ...)
	NOT-FOR-US: D-Link
CVE-2017-14416 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...)
	NOT-FOR-US: D-Link
CVE-2017-14415 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...)
	NOT-FOR-US: D-Link
CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...)
	NOT-FOR-US: D-Link
CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...)
	NOT-FOR-US: D-Link
CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in mp ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in mpgli ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/
CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c  ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/
CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in  ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/
CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in gain_an ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/
CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface. ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/
CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote comma ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14404 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file i ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14403 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
	NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
	NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591
CVE-2017-14399 (In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14398 (rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. ...)
	NOT-FOR-US: AnyDesk
CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by constructing a ...)
	NOT-FOR-US: osTicket
CVE-2017-14395 (Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM)  ...)
	NOT-FOR-US: OpenAM
CVE-2017-14394 (OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...)
	NOT-FOR-US: OpenAM
CVE-2017-14393
	REJECTED
CVE-2017-14392
	REJECTED
CVE-2017-14391
	REJECTED
CVE-2017-14390 (In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-14389 (An issue was discovered in Cloud Foundry Foundation capi-release (all  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30. ...)
	NOT-FOR-US: Cloud Foundry Foundation GrootFS
CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8. ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser P ...)
	NOT-FOR-US: Dell
CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, versions  ...)
	NOT-FOR-US: EMC Data Domain DD OS
CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMig ...)
	NOT-FOR-US: EMConfigMigration service
CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for File 8.1. ...)
	NOT-FOR-US: EMC VNX
CVE-2017-14382
	REJECTED
CVE-2017-14381
	REJECTED
CVE-2017-14380 (In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2 ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scri ...)
	NOT-FOR-US: EMC RSA
CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agen ...)
	NOT-FOR-US: EMC RSA
CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 an ...)
	NOT-FOR-US: EMC RSA
CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ha ...)
	NOT-FOR-US: EMC AppSync Server
CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4. ...)
	NOT-FOR-US: EMC
CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier than 16.3.2 ...)
	NOT-FOR-US: Dell
CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a refle ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cros ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cros ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-s ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege es ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14368
	RESERVED
CVE-2017-14367
	RESERVED
CVE-2017-14366
	RESERVED
CVE-2017-14365
	RESERVED
CVE-2017-14364
	RESERVED
CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro  ...)
	NOT-FOR-US: Micro Focus Operations Manager
CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and Po ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio M ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content  ...)
	NOT-FOR-US: HPE
CVE-2017-14359 (A potential security vulnerability has been identified in HPE Performa ...)
	NOT-FOR-US: HPE Performance Center
CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP ArcSight ESM a ...)
	NOT-FOR-US: HP ArcSight
CVE-2017-14357 (A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP  ...)
	NOT-FOR-US: HP ArcSight
CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM  ...)
	NOT-FOR-US: HP ArcSight
CVE-2017-14355 (A potential security vulnerability has been identified in HPE Connecte ...)
	NOT-FOR-US: HPE Connected Backup
CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation Sof ...)
	NOT-FOR-US: HP UCMDB Foundation
CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software  ...)
	NOT-FOR-US: HP UCMDB Foundation
CVE-2017-14352 (A potential security vulnerability has been identified in HP UCMDB Con ...)
	NOT-FOR-US: HP
CVE-2017-14351 (A potential security vulnerability has been identified in HP UCMDB Con ...)
	NOT-FOR-US: HP
CVE-2017-14350 (A potential security vulnerability has been identified in HPE Applicat ...)
	NOT-FOR-US: HP
CVE-2017-14349 (An authentication vulnerability in HPE SiteScope product versions 11.2 ...)
	NOT-FOR-US: HP
CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the Bul ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...)
	NOT-FOR-US: Photocrati NextGEN Gallery
CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.p ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted fil ...)
	NOT-FOR-US: tianchoy/blog
CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the id pa ...)
	NOT-FOR-US: tianchoy/blog
CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on Ju ...)
	NOT-FOR-US: Jungo WinDriver
CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/649
CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGIm ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/650
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in  ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...)
	- libraw 0.18.5-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/100
	NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ker ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check for the pr ...)
	{DSA-4001-1}
	- yadifa 2.2.6-1 (bug #876315)
	NOTE: https://www.tarlogic.com/blog/fuzzing-yadifa-dns/
	NOTE: https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog
CVE-2017-14338
	RESERVED
CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate authentic ...)
	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
CVE-2017-14336
	RESERVED
CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...)
	NOT-FOR-US: Beijing Hanbang Hanbanggaoke devices
CVE-2017-14334
	RESERVED
CVE-2017-14333 (The process_version_sections function in readelf.c in GNU Binutils 2.2 ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21990
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de
CVE-2017-14332 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hij ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14331 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the  ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14330 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ro ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14329 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ro ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to tri ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitr ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/740
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0
CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/741
CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...)
	NOT-FOR-US: Onethink
CVE-2017-14322 (The function in charge to check whether the user is already logged in  ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to exec ...)
	NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When remo ...)
	{DSA-4050-1 DLA-1549-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-234.html
CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gn ...)
	{DSA-4050-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-232.html
	NOTE: Wheezy will be affected with the upcoming grant table backport
CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka cx ...)
	{DSA-4050-1 DLA-1549-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-233.html
CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. Th ...)
	{DSA-4050-1 DLA-1549-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-231.html
CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementatio ...)
	NOT-FOR-US: Apple
CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in Graph ...)
	{DSA-4321-1 DLA-1401-1 DLA-1130-1}
	- graphicsmagick 1.3.26-10
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/
CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root  ...)
	- nagios3 <not-affected> (Doesn't affect Nagios as packaged in Debian)
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/424
	NOTE: State is not fully correct, since "affected" source would be there.
CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for Wo ...)
	NOT-FOR-US: Photocrati NextGEN Gallery plugin for WordPress
CVE-2017-15596 (An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest  ...)
	{DSA-3969-1}
	- xen 4.8.1-1+deb9u3
	[wheezy] - xen <not-affected> (No arm support in Wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-235.html
CVE-2017-14311 (The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows lo ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14308 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14307 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14306 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14305 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14304 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14303 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14302 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14301 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14300 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14299 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14298 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14297 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14296 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14295 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14294 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14293 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14292 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14291 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14290 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14289 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14288 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14287 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14286 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14285 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14284 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14283 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14282 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14281 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14280 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14279 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14278 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14277 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14276 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...)
	NOT-FOR-US: XnView
CVE-2017-14275 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14274 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14273 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14272 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14271 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-14270 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function in up ...)
	NOT-FOR-US: AlegroCart
CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remot ...)
	NOT-FOR-US: AlegroCart
CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitrary cod ...)
	{DSA-3975-1 DSA-3970-1 DLA-1101-1}
	- emacs25 25.2+1-6 (bug #875447)
	- emacs24 <removed> (bug #875448)
	- emacs23 <removed> (bug #875449)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
	{DSA-3973-1 DLA-1096-1}
	- wordpress-shibboleth 1.8-1 (bug #874416)
	NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
	NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
CVE-2017-14269 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attack ...)
	NOT-FOR-US: EE 4GEE WiFi MBB
CVE-2017-14268 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms ...)
	NOT-FOR-US: EE 4GEE WiFi MBB
CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related  ...)
	NOT-FOR-US: EE 4GEE WiFi MBB
CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnera ...)
	- tcpreplay 3.4.4-3
	[jessie] - tcpreplay 3.4.4-2+deb8u1
	[wheezy] - tcpreplay 3.4.3-2+wheezy2
	NOTE: Fixed by http://launchpadlibrarian.net/270778908/tcpreplay_3.4.4-2_3.4.4-3.diff.gz
	NOTE: Not a duplicate of CVE-2016-6160 the detailed MITRE description, but both issues
	NOTE: are addressed with the same patch:
	NOTE: Patch enforce-maxpacket.patch addresses the issue
CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in  ...)
	- libraw 0.18.5-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/99
	NOTE: https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60
CVE-2017-14264
	RESERVED
CVE-2017-14263 (Honeywell NVR devices allow remote attackers to create a user account  ...)
	NOT-FOR-US: Honeywell
CVE-2017-14262 (On Samsung NVR devices, remote attackers can read the MD5 password has ...)
	NOT-FOR-US: Samsung
CVE-2017-14261 (In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom. ...)
	NOT-FOR-US: Bento4
CVE-2017-14260 (In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom. ...)
	NOT-FOR-US: Bento4
CVE-2017-14259 (In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom. ...)
	NOT-FOR-US: Bento4
CVE-2017-14258 (In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h fil ...)
	NOT-FOR-US: Bento4
CVE-2017-14257 (In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core ...)
	NOT-FOR-US: Bento4
CVE-2017-14256
	RESERVED
CVE-2017-14255
	RESERVED
CVE-2017-14254
	RESERVED
CVE-2017-14253
	RESERVED
CVE-2017-14252 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in sysex ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Fir ...)
	NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04
CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/resize.c  ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/717
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5402b6e0fcf8b694ae2af6a6652ebb8ce0ccf46
CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (low; bug #876682)
	[stretch] - libsndfile <ignored> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/317
	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (low; bug #876682)
	[stretch] - libsndfile <ignored> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/317
	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
CVE-2017-14244 (An authentication bypass vulnerability on iBall Baton ADSL2+ Home Rout ...)
	NOT-FOR-US: iBall
CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadba ...)
	NOT-FOR-US: UTStar
CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0  ...)
	- dolibarr <removed> (bug #885319)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb
CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 all ...)
	- dolibarr <removed> (bug #885320)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14240 (There is a sensitive information disclosure vulnerability in document. ...)
	- dolibarr <removed> (bug #885320)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...)
	- dolibarr <removed> (bug #885320)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CR ...)
	- dolibarr <removed> (bug #885320)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14237
	RESERVED
CVE-2017-14236
	RESERVED
CVE-2017-14235
	RESERVED
CVE-2017-14234
	RESERVED
CVE-2017-14233
	RESERVED
CVE-2017-14232 (The read_chunk function in flif-dec.cpp in Free Lossless Image Format  ...)
	- flif <removed>
CVE-2017-14231 (GeniXCMS before 1.1.0 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: GenixCMS
CVE-2017-14230 (In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP befo ...)
	- cyrus-imapd <not-affected> (Vulnerable code introduced later)
	- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79
	NOTE: Introduced by: https://github.com/cyrusimap/cyrus-imapd/commit/1fe918087237f55e09a37fa414bf988873739021 (cyrus-imapd-3.0.0-beta1)
	NOTE: https://github.com/cyrusimap/cyrus-imapd/issues/2132
CVE-2017-14229 (There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_ ...)
	- jasper <removed>
	[jessie] - jasper <ignored> (Minor issue)
	[wheezy] - jasper <ignored> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/issues/146
	NOTE: Possible false-positive, cf. https://github.com/mdadams/jasper/issues/146#issuecomment-330674648
CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...)
	- nasm 2.13.02-0.1 (unimportant; bug #874731)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423
	NOTE: Crash in CLI tool, no securiy impact
CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-it ...)
	- libbson 1.8.0-1 (bug #874754)
	[stretch] - libbson <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362
	NOTE: Latest https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0)
	NOTE: uncovers the issue, which introduces UTF-8 validation during JSON encoding.
	NOTE: Only after that the utf8_len=4294967295 as shown with the POC is passed to
	NOTE: bson_utf8_validate via src/bson/bson-iter.c:2069
	NOTE: Still the underlying issue in bson-iter.c when parsing BSON with a codewscope
	NOTE: type is present in earlier versions.
	NOTE: Upstream issue: https://jira.mongodb.org/browse/CDRIVER-2269
	NOTE: Fixed by: https://github.com/mongodb/libbson/commit/42900956dc461dfe7fb91d93361d10737c1602b3
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.c ...)
	- libwpd 0.10.2-1 (bug #876001)
	[stretch] - libwpd 0.10.1-5+deb9u1
	[jessie] - libwpd 0.10.0-2+deb8u1
	[wheezy] - libwpd <not-affected> (Vulnerable code do not exist)
	NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
	NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
	NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg  ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in Image ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #876097)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_i ...)
	{DSA-3996-1 DLA-1654-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382
CVE-2017-14221
	RESERVED
CVE-2017-14220
	RESERVED
CVE-2017-14219 (XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmw ...)
	NOT-FOR-US: Intelbras Wireless N 150Mbps router
CVE-2017-14218
	RESERVED
CVE-2017-14217
	RESERVED
CVE-2017-14216
	RESERVED
CVE-2017-14215
	RESERVED
CVE-2017-14214
	RESERVED
CVE-2017-14213
	RESERVED
CVE-2017-14212
	RESERVED
CVE-2017-14211
	RESERVED
CVE-2017-14210
	RESERVED
CVE-2017-14209
	RESERVED
CVE-2017-14208
	REJECTED
CVE-2017-14207
	REJECTED
CVE-2017-14206
	REJECTED
CVE-2017-14205
	REJECTED
CVE-2017-14204
	REJECTED
CVE-2017-14203
	REJECTED
CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
	NOT-FOR-US: Zephyr
CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...)
	NOT-FOR-US: Zephyr
CVE-2017-14200
	REJECTED
CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)
	NOT-FOR-US: Zephyr OS
CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)
	NOT-FOR-US: Squiz Matrix
CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)
	NOT-FOR-US: Squiz Matrix
CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 an ...)
	NOT-FOR-US: Squiz Matrix
CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms 5.0 ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineCms 5.0 ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCm ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up ...)
	NOT-FOR-US: Fortinet
CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager 5 ...)
	NOT-FOR-US: Fortinet
CVE-2017-14188
	RESERVED
CVE-2017-14187 (A local privilege escalation and local code execution vulnerability in ...)
	NOT-FOR-US: Fortinet
CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...)
	NOT-FOR-US: Fortinet
CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-14184 (An Information Disclosure vulnerability in Fortinet FortiClient for Wi ...)
	NOT-FOR-US: Fortinet
CVE-2017-14183
	RESERVED
CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5 ...)
	NOT-FOR-US: Fortinet
CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes originatin ...)
	NOT-FOR-US: Apport
CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...)
	NOT-FOR-US: Apport
CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to  ...)
	- snapd 2.30-1
	[stretch] - snapd <not-affected> (Issue introduced in 2.27)
	NOTE: https://launchpad.net/bugs/1730255
CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid  ...)
	NOT-FOR-US: Apport
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...)
	NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due  ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_heade ...)
	{DSA-3996-1 DLA-1630-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry ...)
	{DSA-3996-1 DLA-1630-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...)
	{DSA-3996-1 DLA-1654-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: libav in Jessie uses a different guard for item_num. Check whether
	NOTE: the guard is necessary at all.
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
CVE-2017-14168
	RESERVED
CVE-2017-14167 (Integer overflow in the load_multiboot function in hw/i386/multiboot.c ...)
	{DSA-3991-1 DLA-1497-1 DLA-1129-1 DLA-1128-1}
	- qemu 1:2.10.0-1 (bug #874606)
	- qemu-kvm <removed>
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489375
CVE-2017-14163 (An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8 ...)
	- mahara <removed>
CVE-2017-14162
	RESERVED
CVE-2017-14161
	RESERVED
CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service  ...)
	{DSA-4360-1 DLA-1600-1 DLA-1092-1}
	- libarchive 3.2.2-3.1 (bug #874539)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
	NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
	NOTE: https://github.com/libarchive/libarchive/issues/935
CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
	- graphicsmagick 1.3.26-9 (unimportant; bug #874724)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5  ...)
	{DLA-2013-1}
	- libvorbis 1.3.6-2 (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
	NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attac ...)
	{DSA-4052-1 DLA-1107-1}
	- bzr 2.7.0+bzr6622-7 (bug #874429)
	- breezy 3.0.0~bzr6772-1
	NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...)
	- openldap <unfixed> (unimportant)
	NOTE: http://www.openldap.org/its/index.cgi?findid=8703
	NOTE: Negligible security impact, but filed #877512
CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of service (memor ...)
	- python-scrapy <unfixed> (unimportant; bug #875947)
	NOTE: http://blog.csdn.net/wangtua/article/details/75228728
	NOTE: https://github.com/scrapy/scrapy/issues/482
	NOTE: Negligable security impact
CVE-2017-14157
	RESERVED
CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in th ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1 (low)
CVE-2017-14155
	RESERVED
CVE-2017-14154
	RESERVED
CVE-2017-14153 (This vulnerability allows local attackers to escalate privileges on Ju ...)
	NOT-FOR-US: Jungo WinDriver
CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in lib/ope ...)
	- openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied)
CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874431)
	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
	NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
	NOTE: https://github.com/uclouvain/openjpeg/issues/985
	NOTE: When fixing this issue make sure to apply the complete fix including the following
	NOTE: commit:
	NOTE: https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
	NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
CVE-2017-14151 (An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_ ...)
	- openjpeg2 2.3.0-1 (bug #874430)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u2
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874430)
	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
	NOTE: https://github.com/uclouvain/openjpeg/issues/982
CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. Wh ...)
	{DSA-3992-1 DLA-1121-1}
	- curl 7.56.1-1 (bug #877671)
	NOTE: https://curl.haxx.se/docs/adv_20171004.html
	NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
	NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7
	NOTE: Upstream fix: https://github.com/curl/curl/commit/5ff2c5ff25750aba1a8f64fbcad8e5b891512584
CVE-2017-1000253 (Linux distributions that have not patched their long-term kernels with ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
CVE-2017-1000252 (The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS u ...)
	- linux 4.12.13-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb (v4.14-rc1)
	NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2
	NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2
CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at th ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1 (bug #875881)
	NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
	NOTE: https://www.armis.com/blueborne/
	NOTE: https://access.redhat.com/security/vulnerabilities/blueborne
CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are vulnerabl ...)
	{DSA-3972-1 DLA-1103-1}
	- bluez 5.46-1 (bug #875633)
	NOTE: https://www.armis.com/blueborne/
	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09
CVE-2017-1000249 (An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b ...)
	{DSA-3965-1}
	- file 1:5.32-1
	[jessie] - file <not-affected> (Vulnerable code introduced later)
	[wheezy] - file <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
	NOTE: Introduced by: https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d1
CVE-2017-14150
	RESERVED
CVE-2017-14149 (GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the webs ...)
	NOT-FOR-US: GoAhead
CVE-2017-14148
	RESERVED
CVE-2017-14147 (An issue was discovered on FiberHome User End Routers Bearing Model Nu ...)
	NOT-FOR-US: FiberHome
CVE-2017-14146 (HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary  ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-14145 (HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\logi ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-14144
	RESERVED
CVE-2017-14143 (The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcod ...)
	NOT-FOR-US: Kaltura
CVE-2017-14142 (Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before  ...)
	NOT-FOR-US: Kaltura
CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin panel in ...)
	NOT-FOR-US: Kaltura
CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before  ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.12-1
	NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage i ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/578
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dbe0008c6fa225d01085ca86f3e425c306ee6240
	NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6
	NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e
CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage i ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/639
CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue whe ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/641
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb63560ba25e4a6c51ab282538c24877fff7d471
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004
	NOTE: ImageMagick in Debian not compiled with webp support (--with-webp=yes)
CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds  ...)
	- opencv <not-affected> (Incomplete patch never shipped)
	NOTE: https://github.com/opencv/opencv/issues/9443
	NOTE: https://github.com/opencv/opencv/pull/9448
CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the we ...)
	NOT-FOR-US: webadmin plugin for opendreambox
CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password page of M ...)
	NOT-FOR-US: Maplesoft Maple
CVE-2017-14133
	RESERVED
CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service (he ...)
	{DLA-1583-1}
	- jasper <removed> (low)
	[wheezy] - jasper <ignored> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/issues/147
	NOTE: The suggested fix by thoger addresses the reported issue.
CVE-2017-14131
	RESERVED
CVE-2017-14130 (The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary Fi ...)
	- binutils 2.29-9 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22058
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229
CVE-2017-14129 (The read_section function in dwarf2.c in the Binary File Descriptor (B ...)
	- binutils 2.29-10 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22047
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643
CVE-2017-14128 (The decode_line_info function in dwarf2.c in the Binary File Descripto ...)
	- binutils 2.29-9 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22059
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780
CVE-2017-14127 (Command Injection in the Ping Module in the Web Interface on Technicol ...)
	NOT-FOR-US: Technicolor
CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin bef ...)
	NOT-FOR-US: Responsive Image Gallery plugin for WordPress
CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when cla ...)
	NOT-FOR-US: eLux
CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...)
	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
	NOTE: Crash in CLI tool, no security impact
CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
	NOTE: Crash in CLI tool, no security impact
CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...)
	{DLA-1091-1}
	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
	[stretch] - unrar-free <no-dsa> (Minor issue)
	[jessie] - unrar-free <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14118 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14117 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG5 ...)
	NOT-FOR-US: Arris
CVE-2017-14116 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device,  ...)
	NOT-FOR-US: Arris
CVE-2017-14115 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG5 ...)
	NOT-FOR-US: Arris
CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in  ...)
	- rtpproxy <unfixed> (unimportant; bug #874070)
	NOTE: https://rtpbleed.com/
	NOTE: https://github.com/sippy/rtpproxy/issues/70
	NOTE: Design limitation in RTP protocol
CVE-2017-14113
	REJECTED
CVE-2017-14112
	RESERVED
CVE-2017-14111 (The workstation logging function in Philips IntelliSpace Cardiovascula ...)
	NOT-FOR-US: Philips IntelliSpace Cardiovascular and Xcelera
CVE-2017-14110
	RESERVED
CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulner ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-1000200 (tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered N ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-1000199 (tcmu-runner version 0.91 up to 1.20 is vulnerable to information discl ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-1000198 (tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid mem ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-14109
	RESERVED
CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ca ...)
	- gedit <unfixed> (unimportant; bug #875311)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037
	NOTE: negligible security impact
CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...)
	[experimental] - libzip 1.3.0+dfsg.1-1
	- libzip 1.5.1-3 (low; bug #874010)
	[stretch] - libzip <no-dsa> (Minor issue)
	[jessie] - libzip <no-dsa> (Minor issue)
	[wheezy] - libzip <no-dsa> (Minor issue)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.33+dfsg-0+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
	NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
	NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
	NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1
CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution  ...)
	NOT-FOR-US: HiveManager
CVE-2017-14104
	RESERVED
CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel befo ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3)
CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in Grap ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-8
	[stretch] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
	[jessie] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/01/6
	NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/
CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping privileg ...)
	- mimedefang 2.83-1 (bug #877363)
	[stretch] - mimedefang <no-dsa> (Minor issue)
	[jessie] - mimedefang <no-dsa> (Minor issue)
	[wheezy] - mimedefang <ignored> (Minor issue only exploitable if daemon is compromised in some other way)
	NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html
	NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html
CVE-2017-14101 (A security researcher found an XML External Entity (XXE) vulnerability ...)
	NOT-FOR-US: Conserus Image Repository
CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart Protecti ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend Micro Smart ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ve ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ve ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro ScanMail for E ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 1 ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14091 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in wh ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14090 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in wh ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14089 (An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeS ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14088 (Memory Corruption Privilege Escalation vulnerabilities in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14087 (A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12 ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14086 (Pre-authorization Start Remote Process vulnerabilities in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14085 (Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0  ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote un ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability in Trend ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security (En ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14079 (Unrestricted file uploads in Trend Micro Mobile Security (Enterprise)  ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14078 (SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterpri ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14098 (In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17. ...)
	- asterisk 1:13.17.1~dfsg-1 (bug #873909)
	[stretch] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
	[jessie] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152
	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27152
CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before  ...)
	{DSA-3964-1 DLA-1122-1}
	- asterisk 1:13.17.1~dfsg-1 (bug #873908)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103
	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27103
CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...)
	{DSA-3964-1}
	- asterisk 1:13.17.1~dfsg-1 (bug #873907)
	[wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013
CVE-2017-14077 (HTML Injection in Securimage 3.6.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Securimage
CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id paramet ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on Ju ...)
	NOT-FOR-US: Jungo WinDriver
CVE-2017-14074
	RESERVED
CVE-2017-14073
	RESERVED
CVE-2017-14072
	RESERVED
CVE-2017-14071
	RESERVED
CVE-2017-14070 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via t ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14069 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw arr ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14068
	RESERVED
CVE-2017-14067
	RESERVED
CVE-2017-14066
	RESERVED
CVE-2017-14065
	RESERVED
CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can e ...)
	{DSA-3966-1 DLA-1421-1 DLA-1114-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873906)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	NOTE: https://bugs.ruby-lang.org/issues/13853
	NOTE: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
CVE-2017-14062 (Integer overflow in the decode_digit function in puny_decode.c in Libi ...)
	{DSA-3988-1 DLA-1447-1 DLA-1085-1 DLA-1084-1}
	- libidn2-0 2.0.2-4 (bug #873902)
	- libidn 1.33-2 (bug #873903)
	[stretch] - libidn 1.33-1+deb9u1
	NOTE: https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd
CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2 ...)
	- libidn2-0 2.0.2-4 (bug #873904)
	[stretch] - libidn2-0 <not-affected> (Vulnerable code not present)
	[jessie] - libidn2-0 <not-affected> (Vulnerable code not present)
	[wheezy] - libidn2-0 <not-affected> (Vulnerable code not present)
	- libidn <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF che ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not  ...)
	{DSA-3996-1 DLA-1740-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
	{DSA-3996-1 DLA-1630-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
	NOTE: libav: The vulnerable code is in asfdec.c.
CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due t ...)
	{DSA-3996-1 DLA-1630-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due  ...)
	{DSA-3996-1 DLA-1630-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...)
	NOT-FOR-US: NetApp
CVE-2017-14052
	RESERVED
CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of  ...)
	{DLA-1241-1}
	- libkohana2-php <removed>
	[jessie] - libkohana2-php <ignored> (Minor issue)
	NOTE: https://github.com/kohana/kohana/issues/107
	NOTE: Fixed by https://github.com/kohana/core/pull/697
CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function  ...)
	NOT-FOR-US: OpenCart
CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() befo ...)
	NOT-FOR-US: phpThumb
CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...)
	- async-http-client <not-affected> (Vulnerable code introduced later after port to new Request API)
	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455
	NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/eb9e3347e45319be494db24d285a2aee4396f5d3
CVE-2017-14050 (In BlackCat CMS 1.2, backend/addons/install.php allows remote authenti ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14049 (In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows re ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14048 (BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14047
	RESERVED
CVE-2017-14046
	RESERVED
CVE-2017-14045
	RESERVED
CVE-2017-14044
	RESERVED
CVE-2017-14043
	RESERVED
CVE-2017-14038 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerabilit ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14037 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerab ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14036 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability. ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in  ...)
	{DLA-1200-1}
	- linux 4.12.13-1 (unimportant)
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux 3.16.43-2+deb8u5
	NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
	NOTE: https://patchwork.kernel.org/patch/9929625/
	NOTE: Non issue, only "exploitable" with root access
CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as use ...)
	NOT-FOR-US: libbpg
	NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ...)
	{DSA-4031-1 DLA-1421-1 DLA-1114-1}
	- ruby2.3 2.3.5-1 (bug #875928)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <not-affected> (vunlerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1058757
	NOTE: https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
	NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada 1 ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted se ...)
	NOT-FOR-US: Moxa MXview
CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral  ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version  ...)
	NOT-FOR-US: Moxa
CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...)
	NOT-FOR-US: Korenix
CVE-2017-14026 (In Ice Qube Thermal Management Center versions prior to version 4.13,  ...)
	NOT-FOR-US: Ice Qube Thermal Management Center
CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T relea ...)
	NOT-FOR-US: ABB FOX515T
CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider Electr ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC P ...)
	NOT-FOR-US: Siemens
CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell Automati ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events
CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix  ...)
	NOT-FOR-US: Korenix
CVE-2017-14020 (In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW)  ...)
	NOT-FOR-US: AutomationDirect
CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea Movi ...)
	NOT-FOR-US: Progea Movicon
CVE-2017-14018 (An improper authentication issue was discovered in Johnson &amp; Johns ...)
	NOT-FOR-US: Johnson & Johnson Ethicon Endo-Surgery Generator Gen11
CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea Mov ...)
	NOT-FOR-US: Progea Movicon
CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech WebAcc ...)
	NOT-FOR-US: Advantech
CVE-2017-14015
	RESERVED
CVE-2017-14014 (Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded crypt ...)
	NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120
CVE-2017-14013 (A Client-Side Enforcement of Server-Side Security issue was discovered ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14012 (Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at ...)
	NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120
CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent MultiFL ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14010 (In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions  ...)
	NOT-FOR-US: SpiderControl
CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX M1 ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current vers ...)
	NOT-FOR-US: GE Centricity PACS RA1000
CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in ProMinent M ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14006 (GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all  ...)
	NOT-FOR-US: GE Xeleris
CVE-2017-14005 (An Unverified Password Change issue was discovered in ProMinent MultiF ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14004 (GE GEMNet License server (EchoServer) all current versions are affecte ...)
	NOT-FOR-US: GE GEMNet License server
CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA Ethe ...)
	NOT-FOR-US: LAVA Ether-Serial Link
CVE-2017-14002 (GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current  ...)
	NOT-FOR-US: GE Infinia/Infinia with Hawkeye 4 medical imaging systems
CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command i ...)
	NOT-FOR-US: Asterisk GUI
	NOTE: Different from standard asterisk: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI
CVE-2017-14000 (An Improper Authentication issue was discovered in Ctek SkyRouter Seri ...)
	NOT-FOR-US: Ctek SkyRouter
CVE-2017-13999 (A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studi ...)
	NOT-FOR-US: WECON LEVI Studio HMI Editor
CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
	NOT-FOR-US: Schneider
CVE-2017-13996 (A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME vers ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13995 (An Improper Authentication issue was discovered in iniNet Solutions in ...)
	NOT-FOR-US: iniNet Solutions iniNet Webserver
CVE-2017-13994 (A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME version ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13993 (An Uncontrolled Search Path or Element issue was discovered in i-SENS  ...)
	NOT-FOR-US: i-SENS SmartLog Diabetes Management Software
CVE-2017-13992 (An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versio ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM  ...)
	NOT-FOR-US: ArcSight
CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM  ...)
	NOT-FOR-US: ArcSight
CVE-2017-13989 (An improper access control vulnerability in ArcSight ESM and ArcSight  ...)
	NOT-FOR-US: ArcSight
CVE-2017-13988 (An improper access control vulnerability in ArcSight ESM and ArcSight  ...)
	NOT-FOR-US: ArcSight
CVE-2017-13987 (An insufficient access control vulnerability in ArcSight ESM and ArcSi ...)
	NOT-FOR-US: ArcSight
CVE-2017-13986 (A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM an ...)
	NOT-FOR-US: ArcSight
CVE-2017-13985 (An authentication vulnerability in HPE BSM Platform Application Perfor ...)
	NOT-FOR-US: HP
CVE-2017-13984 (An authentication vulnerability in HPE BSM Platform Application Perfor ...)
	NOT-FOR-US: HP
CVE-2017-13983 (An authentication vulnerability in HPE BSM Platform Application Perfor ...)
	NOT-FOR-US: HP
CVE-2017-13982 (A directory traversal vulnerability in HPE BSM Platform Application Pe ...)
	NOT-FOR-US: HP
CVE-2017-13981
	RESERVED
CVE-2017-13980
	RESERVED
CVE-2017-13979
	RESERVED
CVE-2017-13978
	RESERVED
CVE-2017-13977
	RESERVED
CVE-2017-13976
	RESERVED
CVE-2017-13975
	RESERVED
CVE-2017-13974
	RESERVED
CVE-2017-13973
	RESERVED
CVE-2017-13972
	RESERVED
CVE-2017-13971
	RESERVED
CVE-2017-13970
	RESERVED
CVE-2017-13969
	RESERVED
CVE-2017-13968
	RESERVED
CVE-2017-13967
	RESERVED
CVE-2017-13966
	RESERVED
CVE-2017-13965
	RESERVED
CVE-2017-13964
	RESERVED
CVE-2017-13963
	RESERVED
CVE-2017-13962
	RESERVED
CVE-2017-13961
	RESERVED
CVE-2017-13960
	RESERVED
CVE-2017-13959
	RESERVED
CVE-2017-13958
	RESERVED
CVE-2017-13957
	RESERVED
CVE-2017-13956
	RESERVED
CVE-2017-13955
	RESERVED
CVE-2017-13954
	RESERVED
CVE-2017-13953
	RESERVED
CVE-2017-13952
	RESERVED
CVE-2017-13951
	RESERVED
CVE-2017-13950
	RESERVED
CVE-2017-13949
	RESERVED
CVE-2017-13948
	RESERVED
CVE-2017-13947
	RESERVED
CVE-2017-13946
	RESERVED
CVE-2017-13945
	RESERVED
CVE-2017-13944
	RESERVED
CVE-2017-13943
	RESERVED
CVE-2017-13942
	RESERVED
CVE-2017-13941
	RESERVED
CVE-2017-13940
	RESERVED
CVE-2017-13939
	RESERVED
CVE-2017-13938
	RESERVED
CVE-2017-13937
	RESERVED
CVE-2017-13936
	RESERVED
CVE-2017-13935
	RESERVED
CVE-2017-13934
	RESERVED
CVE-2017-13933
	RESERVED
CVE-2017-13932
	RESERVED
CVE-2017-13931
	RESERVED
CVE-2017-13930
	RESERVED
CVE-2017-13929
	RESERVED
CVE-2017-13928
	RESERVED
CVE-2017-13927
	RESERVED
CVE-2017-13926
	RESERVED
CVE-2017-13925
	RESERVED
CVE-2017-13924
	RESERVED
CVE-2017-13923
	RESERVED
CVE-2017-13922
	RESERVED
CVE-2017-13921
	RESERVED
CVE-2017-13920
	RESERVED
CVE-2017-13919
	RESERVED
CVE-2017-13918
	RESERVED
CVE-2017-13917
	RESERVED
CVE-2017-13916
	RESERVED
CVE-2017-13915
	RESERVED
CVE-2017-13914
	RESERVED
CVE-2017-13913
	RESERVED
CVE-2017-13912
	RESERVED
CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2017-13910
	RESERVED
CVE-2017-13909
	RESERVED
CVE-2017-13908
	RESERVED
CVE-2017-13907
	RESERVED
CVE-2017-13906
	RESERVED
CVE-2017-13905
	RESERVED
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...)
	NOT-FOR-US: Apple
CVE-2017-13902
	RESERVED
CVE-2017-13901
	RESERVED
CVE-2017-13900
	RESERVED
CVE-2017-13899
	RESERVED
CVE-2017-13898
	RESERVED
CVE-2017-13897
	RESERVED
CVE-2017-13896
	RESERVED
CVE-2017-13895
	RESERVED
CVE-2017-13894
	RESERVED
CVE-2017-13893
	RESERVED
CVE-2017-13892
	RESERVED
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...)
	NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13889 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra,  ...)
	NOT-FOR-US: Apple
CVE-2017-13888 (In iOS before 11.2, a type confusion issue was addressed with improved ...)
	NOT-FOR-US: Apple
CVE-2017-13887 (In macOS High Sierra before 10.13.2, a logic issue existed in APFS whe ...)
	NOT-FOR-US: Apple
CVE-2017-13886 (In macOS High Sierra before 10.13.2, an access issue existed with priv ...)
	NOT-FOR-US: Apple
CVE-2017-13885 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-13884 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13882
	RESERVED
CVE-2017-13881
	RESERVED
CVE-2017-13880
	RESERVED
CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13877 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13873 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra b ...)
	NOT-FOR-US: Apple
CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud before 7.2 o ...)
	NOT-FOR-US: Apple
CVE-2017-13863 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13860 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13859
	RESERVED
CVE-2017-13858 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13857
	RESERVED
CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13854 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-13853 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13851 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-13850 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13848 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13847 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13846 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Potentially src:pcre3, but Apple doesn't play by the rules
CVE-2017-13845
	RESERVED
CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13843 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13842 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13841 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13840 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13839 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-13838 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13835
	RESERVED
CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13832 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13831 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13830 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13829 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13828 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13827 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-13826
	REJECTED
CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13824 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13823 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13822 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13821 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13820 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13819 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13818 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple products.  ...)
	NOT-FOR-US: Apple
CVE-2017-13816 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
CVE-2017-13815 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-13814 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13813 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
CVE-2017-13812 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
CVE-2017-13811 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13810 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13809 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13808 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13807 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13806 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-13805 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13804 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13803 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13802 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13801 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13800 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13799 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-13798 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13797 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple-specific Webkit change (since not mentioned in webkitgtk releases)
CVE-2017-13796 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13795 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13794 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13793 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13792 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13791 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13790 (An issue was discovered in certain Apple products. Safari before 11.0. ...)
	NOT-FOR-US: Apple Safari
CVE-2017-13789 (An issue was discovered in certain Apple products. Safari before 11.0. ...)
	NOT-FOR-US: Apple Safari
CVE-2017-13788 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13787
	RESERVED
CVE-2017-13786 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13785 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13784 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13783 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13782 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-13781
	RESERVED
CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory tr ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentic ...)
	{DSA-3967-1}
	- mbedtls 2.6.0-1 (bug #873557)
	- polarssl <removed>
	[jessie] - polarssl <not-affected> (Vulnerable code not present)
	[wheezy] - polarssl <not-affected> (Vulnerable code not present)
	NOTE: Affected versions: all from version 1.3.10 up and including 2.1 and later releases
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
	NOTE: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
	NOTE: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offli ...)
	NOT-FOR-US: India Goods and Services Tax Network
CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage()  ...)
	{DSA-4321-1 DLA-1456-1 DLA-1082-1}
	- graphicsmagick 1.3.26-8 (low)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage()  ...)
	{DSA-4321-1 DLA-1456-1 DLA-1082-1}
	- graphicsmagick 1.3.26-8 (low)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage()  ...)
	{DSA-4321-1 DLA-1456-1}
	- graphicsmagick 1.3.26-8 (low)
	[wheezy] - graphicsmagick <not-affected> (Vulnerable code not present)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
CVE-2017-13774 (Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to gener ...)
	NOT-FOR-US: Hikvision
CVE-2017-13773
	RESERVED
CVE-2017-13772 (Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers w ...)
	NOT-FOR-US: TP-Link
CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configu ...)
	NOT-FOR-US: Lexmark Scan To Network
CVE-2017-13770
	RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick  ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878507)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/457e63263de6f732785608504b6e607799ad3dd5
	NOTE: Extra checks:
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP diss ...)
	- wireshark 2.4.1-1
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector coul ...)
	- wireshark 2.4.1-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html
CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM di ...)
	{DLA-1634-1}
	- wireshark 2.4.1-1
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html
CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL point ...)
	- wireshark 2.4.1-1
	[jessie] - wireshark <not-affected> (vulnerable request not implemented)
	[wheezy] - wireshark <not-affected> (vulnerable request not implemented)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html
CVE-2017-13763 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of m ...)
	NOT-FOR-US: ONOS
CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ...)
	NOT-FOR-US: ONOS
CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used with a thi ...)
	NOT-FOR-US: Fastly CDN module for Magento2
CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in t ...)
	- sleuthkit 4.4.2-3 (unimportant; bug #873724)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/906
	NOTE: Negligible security impact
CVE-2017-13759
	RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the  ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878508)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/57eced684ad0660fe580800d977ba94623ec67ac
CVE-2017-13757 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.29-10
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22018
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a
CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers i ...)
	- sleuthkit 4.4.2-3 (unimportant; bug #873725)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/914
	NOTE: Negligible security impact
CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image trigge ...)
	- sleuthkit 4.4.2-3 (unimportant; bug #873726)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
	NOTE: Negligible security impact
CVE-2017-13754 (Cross-site scripting (XSS) vulnerability in the "advanced settings - t ...)
	NOT-FOR-US: Wibu-Systems
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in convert ...)
	- openjpeg2 2.1.2-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 (v2.1.1)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2)
	NOTE: https://github.com/uclouvain/openjpeg/issues/833
CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
	NOTE: https://github.com/uclouvain/openjpeg/issues/731
	NOTE: https://github.com/uclouvain/openjpeg/issues/732
	NOTE: https://github.com/uclouvain/openjpeg/issues/777
	NOTE: https://github.com/uclouvain/openjpeg/issues/778
	NOTE: https://github.com/uclouvain/openjpeg/issues/779
	NOTE: https://github.com/uclouvain/openjpeg/issues/780
CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/776
	NOTE: https://github.com/uclouvain/openjpeg/issues/784
	NOTE: https://github.com/uclouvain/openjpeg/issues/785
	NOTE: https://github.com/uclouvain/openjpeg/issues/792
CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout functi ...)
	- openjpeg2 2.2.0-1 (bug #874113)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u2
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874113)
	NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
	NOTE: https://github.com/uclouvain/openjpeg/issues/835
CVE-2017-13753
	REJECTED
CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize()  ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485276
CVE-2017-13751 (There is a reachable assertion abort in the function calcstepsizes() i ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485283
CVE-2017-13750 (There is a reachable assertion abort in the function jpc_dec_process_s ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485280
CVE-2017-13749 (There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485285
CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the func ...)
	{DLA-1583-1}
	- jasper <removed> (low)
	[wheezy] - jasper <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287
	NOTE: https://github.com/mdadams/jasper/issues/168
	NOTE: Fixed by https://github.com/mdadams/jasper/pull/159 but still no upstream comment.
CVE-2017-13747 (There is a reachable assertion abort in the function jpc_floorlog2() i ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485282
CVE-2017-13746 (There is a reachable assertion abort in the function jpc_dec_process_s ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485286
CVE-2017-13745 (There is a reachable assertion abort in the function jpc_dec_process_s ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485274
CVE-2017-13744 (There is an illegal address access in the function _lou_getALine() in  ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484338
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13743 (There is a buffer overflow in Liblouis 3.2.0, triggered in the functio ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484335
CVE-2017-13742 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484332
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/af5791ea792acc0a9707738001aa1df3daff7a66
CVE-2017-13740 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two thou ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in co ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
	{DSA-4321-1 DLA-1456-1 DLA-1140-1}
	- graphicsmagick 1.3.26-15 (low; bug #878511)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/
CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magick/com ...)
	- graphicsmagick <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...)
	- libraw 0.18.5-1 (low; bug #874729)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/issues/96
	NOTE: Isolated patch: https://github.com/LibRaw/LibRaw/files/1276421/radc_divbyzero.txt
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988
CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in  ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291
CVE-2017-13733 (There is an illegal address access in the fmt_entry function in progs/ ...)
	- ncurses 6.0+20170902-1 (bug #873746)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290
CVE-2017-13732 (There is an illegal address access in the function dump_uses() in prog ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287
CVE-2017-13731 (There is an illegal address access in the function postprocess_termcap ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285
CVE-2017-13730 (There is an illegal address access in the function _nc_read_entry_sour ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284
CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in all ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276
CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in  ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
CVE-2017-13727 (There is a reachable assertion abort in the function TIFFWriteDirector ...)
	{DSA-4100-1 DLA-1093-1}
	- tiff 4.0.8-5 (bug #873879)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc
CVE-2017-13726 (There is a reachable assertion abort in the function TIFFWriteDirector ...)
	{DSA-4100-1 DLA-1093-1}
	- tiff 4.0.8-5 (bug #873880)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e
CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ov ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scri ...)
	NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local a ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.4-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
	NOTE: This is in libxkbfile in wheezy
CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in libXfont throu ...)
	{DSA-3995-1 DLA-1126-1}
	- libxfont 1:2.0.1-4
	- libxfont1 <removed> (unimportant)
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
	NOTE: libxfont1 is only used by xfonts-utils, no security impact
CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attack ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.4-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...)
	{DSA-3995-1 DLA-1126-1}
	- libxfont 1:2.0.1-4
	- libxfont1 <removed> (unimportant)
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
	NOTE: libxfont1 is only used by xfonts-utils, no security impact
CVE-2017-13719 (The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322  ...)
	NOT-FOR-US: Amcrest
CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) allows br ...)
	NOT-FOR-US: Starry Station
CVE-2017-13717 (Starry Station (aka Starry Router) sets the Access-Control-Allow-Origi ...)
	NOT-FOR-US: Starry Station
CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009
	NOTE: Underlying bug is though in the C++ demangler part of libiberty, but MITRE
	NOTE: has assigned it specifically to the issue as raised within binutils.
	NOTE: binutils not covered by security support
CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the Li ...)
	- linux 4.3.1-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 (4.3-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 (4.2-rc1)
CVE-2017-13714
	RESERVED
CVE-2017-13713 (T&amp;W WIFI Repeater BE126 allows remote authenticated users to execu ...)
	NOT-FOR-US: T&W WIFI Repeater BE126
CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in libm ...)
	- lame 3.100-1 (low)
	[stretch] - lame <no-dsa> (Minor issue)
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/472/
CVE-2017-13711 (Use-after-free vulnerability in the sofree function in slirp/socket.c  ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (bug #873875)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage functio ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874115)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
	NOTE: https://github.com/uclouvain/openjpeg/issues/997
CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPE ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874117)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
	NOTE: https://github.com/uclouvain/openjpeg/issues/995
CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packe ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874118)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
	NOTE: https://github.com/uclouvain/openjpeg/issues/992
	NOTE: The issue is covered by https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
CVE-2017-14042 (A memory allocation failure was discovered in the ReadPNMImage functio ...)
	- graphicsmagick 1.3.26-9 (unimportant; bug #873538)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
	NOTE: https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/441/
CVE-2017-13710 (The setup_group function in elf.c in the Binary File Descriptor (BFD)  ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b
CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterprise 10.0 ...)
	NOT-FOR-US: VX Search Enterprise
CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version 2 ...)
	NOT-FOR-US: Replibit
CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package function ...)
	NOT-FOR-US: Lansweeper
CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
	- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
	[stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1
	[jessie] - flightgear 3.0.0-5+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
CVE-2017-13705
	RESERVED
CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the expe ...)
	- dnsmasq 2.78-1 (bug #877102)
	[stretch] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
	[jessie] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928
CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.  ...)
	NOT-FOR-US: Moxa
CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.  ...)
	NOT-FOR-US: Moxa
CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.  ...)
	NOT-FOR-US: Moxa
CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.  ...)
	NOT-FOR-US: Moxa
CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.  ...)
	NOT-FOR-US: MOXA
CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.  ...)
	NOT-FOR-US: MOXA
CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
	NOT-FOR-US: FineCMS
CVE-2017-13696 (A buffer overflow vulnerability lies in the web server component of Du ...)
	NOT-FOR-US: Dup Scout Enterprise
CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
	NOTE: Not covered by security support
CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
	NOTE: Not covered by security support
CVE-2017-13695 (The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...)
	- acpica-unix 20180209-1 (unimportant)
	- linux 4.17.3-1 (unimportant)
	NOTE: https://patchwork.kernel.org/patch/9850567/
	NOTE: non-issue/no relevant security impact
CVE-2017-13694 (The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...)
	- acpica-unix 20180209-1 (unimportant)
	- linux <unfixed> (unimportant)
	NOTE: https://patchwork.kernel.org/patch/9806085/
	NOTE: non-issue/no relevant security impact
CVE-2017-13693 (The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...)
	- acpica-unix 20180209-1 (unimportant)
	- linux <unfixed> (unimportant)
	NOTE: https://patchwork.kernel.org/patch/9919053/
	NOTE: non-issue/no relevant security impact
CVE-2017-13692 (In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attacker ...)
	- tidy-html5 <not-affected> (Vulnerable code introduced later)
	- tidy <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/htacg/tidy-html5/issues/588
CVE-2017-13691
	RESERVED
CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read i ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too  ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205
CVE-2016-1000245
	RESERVED
CVE-2017-13685 (The dump_callback function in SQLite 3.20.0 allows remote attackers to ...)
	- sqlite3 3.20.1-1 (unimportant; bug #873762)
	NOTE: https://sqlite.org/src/info/02f0f4c54f2819b3
	NOTE: http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
	NOTE: Crash in the command-line shell program, not the the core SQLite library.
CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE b ...)
	NOT-FOR-US: Unisys Libra
CVE-2017-13683 (In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory  ...)
	NOT-FOR-US: Symantec
CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memo ...)
	NOT-FOR-US: Symantec
CVE-2017-13681 (Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be suscep ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9 &amp; SEP 14 RU1 Symantec Endpoint Protectio ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...)
	NOT-FOR-US: Symantec
CVE-2017-13678 (Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) ...)
	NOT-FOR-US: Symantec
CVE-2017-13677 (Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure  ...)
	NOT-FOR-US: Symantec
CVE-2017-13676 (Norton Remove &amp; Reinstall can be susceptible to a DLL preloading v ...)
	NOT-FOR-US: Symantec
CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption befor ...)
	NOT-FOR-US: Symantec
CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege esc ...)
	NOT-FOR-US: Symantec ProxyClient
CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty bitm ...)
	- qemu 1:2.10.0+dfsg-2
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=d6f7f3b0cf4b6c5e7cdff9dfa6d20545e1051375 (v2.10.1)
	NOTE: Introduced by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72
	NOTE: In the unstable upload the fix is integrated in debian/patches/qemu-2.10.1.diff
CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator su ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (low; bug #873851)
	[jessie] - qemu <ignored> (Minor issue, root DoS, too complex to backport)
	[wheezy] - qemu <postponed> (Can be fixed along in a future DSA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future DSA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
	NOTE: Fixed by https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
	NOTE: CentOS7 has a backport/upgrade(?) for their frankenstein version
	NOTE: http://vault.centos.org/7.6.1810/updates/Source/SPackages/qemu-kvm-1.5.3-160.el7_6.3.src.rpm
CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...)
	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any file vi ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswere ...)
	NOT-FOR-US: NexusPHP
CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross  ...)
	NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
	NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...)
	- x265 <not-affected> (Affected code is not enabled)
CVE-2017-13665
	RESERVED
CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne version 2.2. ...)
	NOT-FOR-US: iSmartAlarm CubeOne
CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2 ...)
	NOT-FOR-US: iSmartAlarm CubeOne
CVE-2017-13662
	RESERVED
CVE-2017-13661
	RESERVED
CVE-2017-13660
	RESERVED
CVE-2017-13659
	RESERVED
CVE-2017-13657
	REJECTED
CVE-2017-13656
	REJECTED
CVE-2017-13655
	REJECTED
CVE-2017-13654
	REJECTED
CVE-2017-13653
	REJECTED
CVE-2017-13652 (NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are ...)
	NOT-FOR-US: NetApp
CVE-2017-13651
	REJECTED
CVE-2017-13650
	RESERVED
CVE-2017-1002150 (python-fedora 0.8.0 and lower is vulnerable to an open redirect result ...)
	- python-fedora 0.9.0-1
	[stretch] - python-fedora <no-dsa> (Minor issue)
	[jessie] - python-fedora <no-dsa> (Minor issue)
	NOTE: https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch
CVE-2017-13649 (UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privil ...)
	- unrealircd <itp> (bug #515130)
CVE-2017-13648 (In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...)
	- graphicsmagick 1.3.27-1 (unimportant)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/433/
CVE-2017-13647
	RESERVED
CVE-2017-13646
	RESERVED
CVE-2017-13645
	RESERVED
CVE-2017-13644
	RESERVED
CVE-2017-13643
	RESERVED
CVE-2017-13642
	RESERVED
CVE-2017-13641
	RESERVED
CVE-2017-13640
	RESERVED
CVE-2017-13639
	RESERVED
CVE-2017-13638
	RESERVED
CVE-2017-13637
	RESERVED
CVE-2017-13636
	RESERVED
CVE-2017-13635
	RESERVED
CVE-2017-13634
	RESERVED
CVE-2017-13633
	RESERVED
CVE-2017-13632
	RESERVED
CVE-2017-13631
	RESERVED
CVE-2017-13630
	RESERVED
CVE-2017-13629
	RESERVED
CVE-2017-13628
	RESERVED
CVE-2017-13627
	RESERVED
CVE-2017-13626
	RESERVED
CVE-2017-13625
	RESERVED
CVE-2017-13624
	RESERVED
CVE-2017-13623
	RESERVED
CVE-2017-13622
	RESERVED
CVE-2017-13621
	RESERVED
CVE-2017-13620
	RESERVED
CVE-2017-13619
	RESERVED
CVE-2017-13618
	RESERVED
CVE-2017-13617
	RESERVED
CVE-2017-13616
	RESERVED
CVE-2017-13615
	RESERVED
CVE-2017-13614
	RESERVED
CVE-2017-13613
	RESERVED
CVE-2017-13612
	RESERVED
CVE-2017-13611
	RESERVED
CVE-2017-13610
	RESERVED
CVE-2017-13609
	RESERVED
CVE-2017-13608
	RESERVED
CVE-2017-13607
	RESERVED
CVE-2017-13606
	RESERVED
CVE-2017-13605
	RESERVED
CVE-2017-13604
	RESERVED
CVE-2017-13603
	RESERVED
CVE-2017-13602
	RESERVED
CVE-2017-13601
	RESERVED
CVE-2017-13600
	RESERVED
CVE-2017-13599
	RESERVED
CVE-2017-13598
	RESERVED
CVE-2017-13597
	RESERVED
CVE-2017-13596
	RESERVED
CVE-2017-13595
	RESERVED
CVE-2017-13594
	RESERVED
CVE-2017-13593
	RESERVED
CVE-2017-13592
	RESERVED
CVE-2017-13591
	RESERVED
CVE-2017-13590
	RESERVED
CVE-2017-13589
	RESERVED
CVE-2017-13588
	RESERVED
CVE-2017-13587
	RESERVED
CVE-2017-13586
	RESERVED
CVE-2017-13585
	RESERVED
CVE-2017-13584
	RESERVED
CVE-2017-13583
	RESERVED
CVE-2017-13582
	RESERVED
CVE-2017-13581
	RESERVED
CVE-2017-13580
	RESERVED
CVE-2017-13579
	RESERVED
CVE-2017-13578
	RESERVED
CVE-2017-13577
	RESERVED
CVE-2017-13576
	RESERVED
CVE-2017-13575
	RESERVED
CVE-2017-13574
	RESERVED
CVE-2017-13573
	RESERVED
CVE-2017-13572
	RESERVED
CVE-2017-13571
	RESERVED
CVE-2017-13570
	RESERVED
CVE-2017-13569
	RESERVED
CVE-2017-13568
	RESERVED
CVE-2017-13567
	RESERVED
CVE-2017-13566
	RESERVED
CVE-2017-13565
	RESERVED
CVE-2017-13564
	RESERVED
CVE-2017-13563
	RESERVED
CVE-2017-13562
	RESERVED
CVE-2017-13561
	RESERVED
CVE-2017-13560
	RESERVED
CVE-2017-13559
	RESERVED
CVE-2017-13558
	RESERVED
CVE-2017-13557
	RESERVED
CVE-2017-13556
	RESERVED
CVE-2017-13555
	RESERVED
CVE-2017-13554
	RESERVED
CVE-2017-13553
	RESERVED
CVE-2017-13552
	RESERVED
CVE-2017-13551
	RESERVED
CVE-2017-13550
	RESERVED
CVE-2017-13549
	RESERVED
CVE-2017-13548
	RESERVED
CVE-2017-13547
	RESERVED
CVE-2017-13546
	RESERVED
CVE-2017-13545
	RESERVED
CVE-2017-13544
	RESERVED
CVE-2017-13543
	RESERVED
CVE-2017-13542
	RESERVED
CVE-2017-13541
	RESERVED
CVE-2017-13540
	RESERVED
CVE-2017-13539
	RESERVED
CVE-2017-13538
	RESERVED
CVE-2017-13537
	RESERVED
CVE-2017-13536
	RESERVED
CVE-2017-13535
	RESERVED
CVE-2017-13534
	RESERVED
CVE-2017-13533
	RESERVED
CVE-2017-13532
	RESERVED
CVE-2017-13531
	RESERVED
CVE-2017-13530
	RESERVED
CVE-2017-13529
	RESERVED
CVE-2017-13528
	RESERVED
CVE-2017-13527
	RESERVED
CVE-2017-13526
	RESERVED
CVE-2017-13525
	RESERVED
CVE-2017-13524
	RESERVED
CVE-2017-13523
	RESERVED
CVE-2017-13522
	RESERVED
CVE-2017-13521
	RESERVED
CVE-2017-13520
	RESERVED
CVE-2017-13519
	RESERVED
CVE-2017-13518
	RESERVED
CVE-2017-13517
	RESERVED
CVE-2017-13516
	RESERVED
CVE-2017-13515
	RESERVED
CVE-2017-13514
	RESERVED
CVE-2017-13513
	RESERVED
CVE-2017-13512
	RESERVED
CVE-2017-13511
	RESERVED
CVE-2017-13510
	RESERVED
CVE-2017-13509
	RESERVED
CVE-2017-13508
	RESERVED
CVE-2017-13507
	RESERVED
CVE-2017-13506
	RESERVED
CVE-2017-13505
	RESERVED
CVE-2017-13504
	RESERVED
CVE-2017-13503
	RESERVED
CVE-2017-13502
	RESERVED
CVE-2017-13501
	RESERVED
CVE-2017-13500
	RESERVED
CVE-2017-13499
	RESERVED
CVE-2017-13498
	RESERVED
CVE-2017-13497
	RESERVED
CVE-2017-13496
	RESERVED
CVE-2017-13495
	RESERVED
CVE-2017-13494
	RESERVED
CVE-2017-13493
	RESERVED
CVE-2017-13492
	RESERVED
CVE-2017-13491
	RESERVED
CVE-2017-13490
	RESERVED
CVE-2017-13489
	RESERVED
CVE-2017-13488
	RESERVED
CVE-2017-13487
	RESERVED
CVE-2017-13486
	RESERVED
CVE-2017-13485
	RESERVED
CVE-2017-13484
	RESERVED
CVE-2017-13483
	RESERVED
CVE-2017-13482
	RESERVED
CVE-2017-13481
	RESERVED
CVE-2017-13480
	RESERVED
CVE-2017-13479
	RESERVED
CVE-2017-13478
	RESERVED
CVE-2017-13477
	RESERVED
CVE-2017-13476
	RESERVED
CVE-2017-13475
	RESERVED
CVE-2017-13474
	RESERVED
CVE-2017-13473
	RESERVED
CVE-2017-13472
	RESERVED
CVE-2017-13471
	RESERVED
CVE-2017-13470
	RESERVED
CVE-2017-13469
	RESERVED
CVE-2017-13468
	RESERVED
CVE-2017-13467
	RESERVED
CVE-2017-13466
	RESERVED
CVE-2017-13465
	RESERVED
CVE-2017-13464
	RESERVED
CVE-2017-13463
	RESERVED
CVE-2017-13462
	RESERVED
CVE-2017-13461
	RESERVED
CVE-2017-13460
	RESERVED
CVE-2017-13459
	RESERVED
CVE-2017-13458
	RESERVED
CVE-2017-13457
	RESERVED
CVE-2017-13456
	RESERVED
CVE-2017-13455
	RESERVED
CVE-2017-13454
	RESERVED
CVE-2017-13453
	RESERVED
CVE-2017-13452
	RESERVED
CVE-2017-13451
	RESERVED
CVE-2017-13450
	RESERVED
CVE-2017-13449
	RESERVED
CVE-2017-13448
	RESERVED
CVE-2017-13447
	RESERVED
CVE-2017-13446
	RESERVED
CVE-2017-13445
	RESERVED
CVE-2017-13444
	RESERVED
CVE-2017-13443
	RESERVED
CVE-2017-13442
	RESERVED
CVE-2017-13441
	RESERVED
CVE-2017-13440
	RESERVED
CVE-2017-13439
	RESERVED
CVE-2017-13438
	RESERVED
CVE-2017-13437
	RESERVED
CVE-2017-13436
	RESERVED
CVE-2017-13435
	RESERVED
CVE-2017-13434
	RESERVED
CVE-2017-13433
	RESERVED
CVE-2017-13432
	RESERVED
CVE-2017-13431
	RESERVED
CVE-2017-13430
	RESERVED
CVE-2017-13429
	RESERVED
CVE-2017-13428
	RESERVED
CVE-2017-13427
	RESERVED
CVE-2017-13426
	RESERVED
CVE-2017-13425
	RESERVED
CVE-2017-13424
	RESERVED
CVE-2017-13423
	RESERVED
CVE-2017-13422
	RESERVED
CVE-2017-13421
	RESERVED
CVE-2017-13420
	RESERVED
CVE-2017-13419
	RESERVED
CVE-2017-13418
	RESERVED
CVE-2017-13417
	RESERVED
CVE-2017-13416
	RESERVED
CVE-2017-13415
	RESERVED
CVE-2017-13414
	RESERVED
CVE-2017-13413
	RESERVED
CVE-2017-13412
	RESERVED
CVE-2017-13411
	RESERVED
CVE-2017-13410
	RESERVED
CVE-2017-13409
	RESERVED
CVE-2017-13408
	RESERVED
CVE-2017-13407
	RESERVED
CVE-2017-13406
	RESERVED
CVE-2017-13405
	RESERVED
CVE-2017-13404
	RESERVED
CVE-2017-13403
	RESERVED
CVE-2017-13402
	RESERVED
CVE-2017-13401
	RESERVED
CVE-2017-13400
	RESERVED
CVE-2017-13399
	RESERVED
CVE-2017-13398
	RESERVED
CVE-2017-13397
	RESERVED
CVE-2017-13396
	RESERVED
CVE-2017-13395
	RESERVED
CVE-2017-13394
	RESERVED
CVE-2017-13393
	RESERVED
CVE-2017-13392
	RESERVED
CVE-2017-13391
	RESERVED
CVE-2017-13390
	RESERVED
CVE-2017-13389
	RESERVED
CVE-2017-13388
	RESERVED
CVE-2017-13387
	RESERVED
CVE-2017-13386
	RESERVED
CVE-2017-13385
	RESERVED
CVE-2017-13384
	RESERVED
CVE-2017-13383
	RESERVED
CVE-2017-13382
	RESERVED
CVE-2017-13381
	RESERVED
CVE-2017-13380
	RESERVED
CVE-2017-13379
	RESERVED
CVE-2017-13378
	RESERVED
CVE-2017-13377
	RESERVED
CVE-2017-13376
	RESERVED
CVE-2017-13375
	RESERVED
CVE-2017-13374
	RESERVED
CVE-2017-13373
	RESERVED
CVE-2017-13372
	RESERVED
CVE-2017-13371
	RESERVED
CVE-2017-13370
	RESERVED
CVE-2017-13369
	RESERVED
CVE-2017-13368
	RESERVED
CVE-2017-13367
	RESERVED
CVE-2017-13366
	RESERVED
CVE-2017-13365
	RESERVED
CVE-2017-13364
	RESERVED
CVE-2017-13363
	RESERVED
CVE-2017-13362
	RESERVED
CVE-2017-13361
	RESERVED
CVE-2017-13360
	RESERVED
CVE-2017-13359
	RESERVED
CVE-2017-13358
	RESERVED
CVE-2017-13357
	RESERVED
CVE-2017-13356
	RESERVED
CVE-2017-13355
	RESERVED
CVE-2017-13354
	RESERVED
CVE-2017-13353
	RESERVED
CVE-2017-13352
	RESERVED
CVE-2017-13351
	RESERVED
CVE-2017-13350
	RESERVED
CVE-2017-13349
	RESERVED
CVE-2017-13348
	RESERVED
CVE-2017-13347
	RESERVED
CVE-2017-13346
	RESERVED
CVE-2017-13345
	RESERVED
CVE-2017-13344
	RESERVED
CVE-2017-13343
	RESERVED
CVE-2017-13342
	RESERVED
CVE-2017-13341
	RESERVED
CVE-2017-13340
	RESERVED
CVE-2017-13339
	RESERVED
CVE-2017-13338
	RESERVED
CVE-2017-13337
	RESERVED
CVE-2017-13336
	RESERVED
CVE-2017-13335
	RESERVED
CVE-2017-13334
	RESERVED
CVE-2017-13333
	RESERVED
CVE-2017-13332
	RESERVED
CVE-2017-13331
	RESERVED
CVE-2017-13330
	RESERVED
CVE-2017-13329
	RESERVED
CVE-2017-13328
	RESERVED
CVE-2017-13327
	RESERVED
CVE-2017-13326
	RESERVED
CVE-2017-13325
	RESERVED
CVE-2017-13324
	RESERVED
CVE-2017-13323
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13322
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13321
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13320
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13319
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13318
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13317
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13316
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13315
	RESERVED
CVE-2017-13314
	RESERVED
CVE-2017-13313
	RESERVED
CVE-2017-13312
	RESERVED
CVE-2017-13311
	RESERVED
CVE-2017-13310
	RESERVED
CVE-2017-13309
	RESERVED
CVE-2017-13308
	RESERVED
CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci sysf ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh driv ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel encrypte ...)
	{DLA-1731-1}
	- linux 4.12.6-1
	[stretch] - linux 4.9.82-1+deb9u1
	NOTE: Fixed by: https://git.kernel.org/linus/794b4bc292f5d31739d89c0202c54e7dc9bc3add
CVE-2017-13304 (A information disclosure vulnerability in the Upstream kernel mnh_sm d ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13303 (A information disclosure vulnerability in the Broadcom bcmdhd driver.  ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2017-13302 (A denial of service vulnerability in the Android system (system ui). P ...)
	NOT-FOR-US: Android
CVE-2017-13301 (A denial of service vulnerability in the Android system (system ui). P ...)
	NOT-FOR-US: Android
CVE-2017-13300 (A denial of service vulnerability in the Android media framework (libh ...)
	NOT-FOR-US: Android media framework
CVE-2017-13299 (A other vulnerability in the Android media framework (libavc). Product ...)
	NOT-FOR-US: Android media framework
CVE-2017-13298 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13297 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13296 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13295 (A denial of service vulnerability in the Android framework (package in ...)
	NOT-FOR-US: Android
CVE-2017-13294 (A information disclosure vulnerability in the Android framework (aosp  ...)
	NOT-FOR-US: Android framework (aosp email application)
CVE-2017-13293 (In the nfc_hci_cmd_received() function of core.c, there is a possible  ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13292 (In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bound ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2017-13291 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible N ...)
	NOT-FOR-US: Android
CVE-2017-13290 (In sdp_server_handle_client_req of sdp_server.cc, there is an out of b ...)
	NOT-FOR-US: Android
CVE-2017-13289 (In writeToParcel and createFromParcel of RttManager.java, there is a p ...)
	NOT-FOR-US: Android
CVE-2017-13288 (In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, ...)
	NOT-FOR-US: Android
CVE-2017-13287 (In createFromParcel of VerifyCredentialResponse.java, there is a possi ...)
	NOT-FOR-US: Android
CVE-2017-13286 (In writeToParcel and readFromParcel of OutputConfiguration.java, there ...)
	NOT-FOR-US: Android
CVE-2017-13285 (In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a ...)
	NOT-FOR-US: Android
CVE-2017-13284 (In config_set_string of config.cc, it is possible to pair a second BT  ...)
	NOT-FOR-US: Android
CVE-2017-13283 (In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possi ...)
	NOT-FOR-US: Android
CVE-2017-13282 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible s ...)
	NOT-FOR-US: Android
CVE-2017-13281 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stac ...)
	NOT-FOR-US: Android
CVE-2017-13280 (In the FrameSequence_gif::FrameSequence_gif function of libframesequen ...)
	NOT-FOR-US: Android media framework
CVE-2017-13279 (In M3UParser::parse of M3UParser.cpp, there is a memory resource exhau ...)
	NOT-FOR-US: Android media framework
CVE-2017-13278 (In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there ...)
	NOT-FOR-US: Android media framework
CVE-2017-13277 (In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bo ...)
	NOT-FOR-US: Android media framework
CVE-2017-13276 (In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13275 (In getVSCoverage of CmapCoverage.cpp, there is a possible out of bound ...)
	NOT-FOR-US: Android
CVE-2017-13274 (In the getHost() function of UriTest.java, there is the possibility of ...)
	NOT-FOR-US: Android
CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient locking ...)
	NOT-FOR-US: Android
CVE-2017-13272 (In alarm_ready_generic of alarm.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2017-13271 (A elevation of privilege vulnerability in the upstream kernel mnh_sm d ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13270 (A elevation of privilege vulnerability in the upstream kernel mnh_sm d ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13269 (A information disclosure vulnerability in the Android system (bluetoot ...)
	NOT-FOR-US: Android
CVE-2017-13268 (A information disclosure vulnerability in the Android system (bluetoot ...)
	NOT-FOR-US: Android
CVE-2017-13267 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack  ...)
	NOT-FOR-US: Android
CVE-2017-13266 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack  ...)
	NOT-FOR-US: Android
CVE-2017-13265 (A elevation of privilege vulnerability in the Android system (OTA upda ...)
	NOT-FOR-US: Android
CVE-2017-13264 (A other vulnerability in the Android media framework (Avcdec). Product ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13263 (A elevation of privilege vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-13262 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2017-13261 (In bnep_process_control_packet of bnep_utils.cc, there is a possible o ...)
	NOT-FOR-US: Android
CVE-2017-13260 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2017-13259 (In functionality implemented in sdp_discovery.cc, there are possible o ...)
	NOT-FOR-US: Android
CVE-2017-13258 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2017-13257 (In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after f ...)
	NOT-FOR-US: Android
CVE-2017-13256 (In process_service_search_attr_req of sdp_server.cc, there is an out o ...)
	NOT-FOR-US: Android
CVE-2017-13255 (In process_service_attr_req of sdp_server.c, there is an out of bounds ...)
	NOT-FOR-US: Android
CVE-2017-13254 (A other vulnerability in the Android media framework (AACExtractor). P ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13253 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13252 (In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds writ ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13251 (In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possib ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13250 (In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13249 (In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an ou ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13248 (In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check which b ...)
	NOT-FOR-US: HTC Android components
CVE-2017-13246 (A information disclosure vulnerability in the Upstream kernel network  ...)
	NOT-FOR-US: Closed source network driver for Pixel phones
CVE-2017-13245 (A elevation of privilege vulnerability in the Upstream kernel audio dr ...)
	NOT-FOR-US: Closed source audio driver for Pixel phones
CVE-2017-13244 (A elevation of privilege vulnerability in the Upstream kernel easel. P ...)
	NOT-FOR-US: Easel driver for Pixel phones
CVE-2017-13243 (A information disclosure vulnerability in the Android system (ui). Pro ...)
	NOT-FOR-US: Android
CVE-2017-13242 (A information disclosure vulnerability in the Android system (bluetoot ...)
	NOT-FOR-US: Android
CVE-2017-13241 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13240 (A information disclosure vulnerability in the Android framework (crypt ...)
	NOT-FOR-US: Android
CVE-2017-13239 (A information disclosure vulnerability in the Android framework (ui fr ...)
	NOT-FOR-US: Android
CVE-2017-13238 (In XBLRamDump mode, there is a debug feature that can be used to dump  ...)
	NOT-FOR-US: HTC Android components
CVE-2017-13237
	RESERVED
CVE-2017-13236 (In the KeyStore service, there is a permissions bypass that allows acc ...)
	NOT-FOR-US: Android
CVE-2017-13235 (A other vulnerability in the Android media framework (n/a). Product: A ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13234 (In DLSParser of the sonivox library, there is possible resource exhaus ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13233 (In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13232 (In audioserver, there is an out-of-bounds write due to a log statement ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13231 (In libmediadrm, there is an out-of-bounds write due to improper input  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13230 (In hevc codec, there is an out-of-bounds write due to an incorrect bou ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13229 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an out-of-bo ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13227
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13226 (An elevation of privilege vulnerability in the MediaTek mtk. Product:  ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2017-13225 (In libMtkOmxVdec.so there is a possible heap buffer overflow. This cou ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2017-13224
	RESERVED
CVE-2017-13223
	RESERVED
CVE-2017-13222 (An information disclosure vulnerability in the Upstream kernel kernel. ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13221 (An elevation of privilege vulnerability in the Upstream kernel wifi dr ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel bluez.  ...)
	{DSA-4187-1}
	- linux 4.0.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/51bda2bca53b265715ca1852528f38dc67429d9a
CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics tou ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13218 (Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdra ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write d ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to in ...)
	- linux 4.14.17-1 (unimportant)
	[stretch] - linux 4.9.80-1
	[jessie] - linux 3.16.56-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f
CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel skcipher ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
CVE-2017-13214 (In the hardware HEVC decoder, some media files could cause a page faul ...)
	NOT-FOR-US: HTC components for Android
CVE-2017-13213 (An elevation of privilege vulnerability in the Broadcom bcmdhd driver. ...)
	NOT-FOR-US: Broadcom component for Android
CVE-2017-13212 (An elevation of privilege vulnerability in the Android system (systemu ...)
	NOT-FOR-US: Android
CVE-2017-13211 (In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible  ...)
	NOT-FOR-US: Android
CVE-2017-13210 (In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, th ...)
	NOT-FOR-US: Android
CVE-2017-13209 (In the ServiceManager::add function in the hardware service manager, t ...)
	NOT-FOR-US: Android
CVE-2017-13208 (In receive_packet of libnetutils/packet.c, there is a possible out-of- ...)
	NOT-FOR-US: Android
CVE-2017-13207 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13206 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13205 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13204 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13203 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13202 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13201 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13200 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13199 (In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13198 (A vulnerability in the Android media framework (ex) related to composi ...)
	NOT-FOR-US: Android media framework
CVE-2017-13197 (In the ihevcd_parse_slice.c function, slave threads are not joined if  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur due to i ...)
	NOT-FOR-US: Android media framework
CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several pa ...)
	NOT-FOR-US: Android media framework
CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...)
	{DSA-4132-1 DLA-1290-1}
	- libvpx 1.7.0-2
	NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13192 (In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header ...)
	NOT-FOR-US: Android media framework
CVE-2017-13191 (In the ihevcd_decode function of ihevcd_decode.c, there is an infinite ...)
	NOT-FOR-US: Android media framework
CVE-2017-13190 (A vulnerability in the Android media framework (libhevc) related to ha ...)
	NOT-FOR-US: Android media framework
CVE-2017-13189 (A vulnerability in the Android media framework (libavc) related to han ...)
	NOT-FOR-US: Android media framework
CVE-2017-13188 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13187 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13186 (A vulnerability in the Android media framework (libavc) related to inc ...)
	NOT-FOR-US: Android media framework
CVE-2017-13185 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13184 (In the enableVSyncInjections function of SurfaceFlinger, there is a po ...)
	NOT-FOR-US: Android media framework
CVE-2017-13183 (In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, ther ...)
	NOT-FOR-US: Android media framework
CVE-2017-13182 (In the sendFormatChange function of ACodec, there is a possible intege ...)
	NOT-FOR-US: Android media framework
CVE-2017-13181 (In the doGetThumb and getThumbnail functions of MtpServer, there is a  ...)
	NOT-FOR-US: Android media framework
CVE-2017-13180 (In the onQueueFilled function of SoftAVCDec, there is a possible out-o ...)
	NOT-FOR-US: Android media framework
CVE-2017-13179 (In the ihevcd_allocate_static_bufs and ihevcd_create functions of Soft ...)
	NOT-FOR-US: Android media framework
CVE-2017-13178 (In the initDecoder function of SoftAVCDec, there is a possible out-of- ...)
	NOT-FOR-US: Android media framework
CVE-2017-13177 (In several functions of libhevc, NEON registers are not preserved. Thi ...)
	NOT-FOR-US: Android media framework
CVE-2017-13176 (In the parseURL function of URLStreamHandler, there is improper input  ...)
	NOT-FOR-US: Android
CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. Prod ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: An ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system server. ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek bluetooth driv ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek performance se ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek display driver ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13169 (An information disclosure vulnerability in the kernel camera server. P ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi driver. Pro ...)
	- linux 4.17.6-1
	[stretch] - linux 4.9.130-1
	NOTE: Fixed by: https://git.kernel.org/linus/26b5b874aff5659a7e26e5b1997e3df2c41fa7fd
CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. Pro ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	NOTE: Fixed by: https://git.kernel.org/linus/c3b1681375dc6e71d89a3ae00cc3ce9e775a8917
	NOTE: Fixed by: https://git.kernel.org/linus/4dff5c7b7093b19c19d3a100f8a3ad87cb7cd9e7
CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video drive ...)
	{DSA-4187-1 DSA-4120-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html
	NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a
CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. Pro ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. P ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver.  ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless drive ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2017-13160 (A remote code execution vulnerability in the Android system (bluetooth ...)
	NOT-FOR-US: Android
CVE-2017-13159 (An information disclosure vulnerability in the Android system (activit ...)
	NOT-FOR-US: Android
CVE-2017-13158 (An information disclosure vulnerability in the Android system (activit ...)
	NOT-FOR-US: Android
CVE-2017-13157 (An information disclosure vulnerability in the Android system (activit ...)
	NOT-FOR-US: Android
CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (art). P ...)
	- android-platform-system-core <not-affected> (Not exploitable on Debian, see #890949)
CVE-2017-13155
	RESERVED
CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13148 (A denial of service vulnerability in the Android media framework (libm ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was foun ...)
	- graphicsmagick 1.3.27-1 (unimportant)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memor ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870013)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430
CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file c ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/600
CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in th ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ov ...)
	NOT-FOR-US: libbpg
CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg  ...)
	- x265 2.6-3 (low)
	[stretch] - x265 <ignored> (Minor issue)
	NOTE: https://github.com/ebel34/bpg-web-encoder/issues/1
	NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135
	NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer  ...)
	{DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1401-1 DLA-1170-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #873099)
	- graphicsmagick 1.3.26-19 (bug #881524)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
	NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks  ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5
CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c ope ...)
	- imagemagick <not-affected> (Vulnerable code not present, introduced in 7.0.1-0)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/674
CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/676
CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafte ...)
	NOT-FOR-US: BMC Patrol
CVE-2017-13129 (Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2 ...)
	NOT-FOR-US: ZKTeco ZKTime Web
CVE-2017-13128
	RESERVED
CVE-2017-13127 (The VIP.com application for IOS and Android allows remote attackers to ...)
	NOT-FOR-US: VIP.com app
CVE-2017-13126
	REJECTED
CVE-2017-13125
	REJECTED
CVE-2017-13124
	REJECTED
CVE-2017-13123
	REJECTED
CVE-2017-13122
	REJECTED
CVE-2017-13121
	REJECTED
CVE-2017-13120
	REJECTED
CVE-2017-13119
	REJECTED
CVE-2017-13118
	REJECTED
CVE-2017-13117
	REJECTED
CVE-2017-13116
	REJECTED
CVE-2017-13115
	REJECTED
CVE-2017-13114
	REJECTED
CVE-2017-13113
	REJECTED
CVE-2017-13112
	REJECTED
CVE-2017-13111
	REJECTED
CVE-2017-13110
	REJECTED
CVE-2017-13109
	REJECTED
CVE-2017-13108 (DFNDR Security Antivirus, Anti-hacking &amp; Cleaner, 5.0.9, 2017-11-0 ...)
	NOT-FOR-US: DFNDR Security Antivirus, Anti-hacking & Cleaner
CVE-2017-13107 (Live.me - live stream video chat, 3.7.20, 2017-11-06, Android applicat ...)
	NOT-FOR-US: Live.me - live stream video chat Android application
CVE-2017-13106 (Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5. ...)
	NOT-FOR-US: Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient Android application
CVE-2017-13105 (Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13 ...)
	NOT-FOR-US: Hi Security Virus Cleaner - Antivirus, Booster Android application
CVE-2017-13104 (Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, ...)
	NOT-FOR-US: Uber Technologies, Inc. UberEATS: Uber for Food Delivery iOS application
CVE-2017-13103
	REJECTED
CVE-2017-13102 (Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS  ...)
	NOT-FOR-US: Gameloft Asphalt Xtreme: Offroad Rally Racing iOS application
CVE-2017-13101 (Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-1 ...)
	NOT-FOR-US: Musical.ly Inc., musical.ly - your video social network iOS application
CVE-2017-13100 (DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application  ...)
	NOT-FOR-US: DistinctDev, Inc., The Moron Test iOS application
CVE-2017-13099 (wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle  ...)
	- wolfssl 3.13.0+dfsg-1 (bug #884235)
	NOTE: https://github.com/wolfSSL/wolfssl/pull/1229
	NOTE: https://robotattack.org/
CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the JC ...)
	{DSA-4072-1}
	- bouncycastle 1.58-1 (bug #884241)
	[jessie] - bouncycastle <not-affected> (Vulnerable code introduced in 1.56 with tls API addition)
	[wheezy] - bouncycastle <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3
	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
	NOTE: Fixed in 1.59 beta 9
	NOTE: https://robotattack.org/
CVE-2017-13097 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13096 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13095 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13094 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13093 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13092 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13091 (The P1735 IEEE standard describes flawed methods for encrypting electr ...)
	NOT-FOR-US: P1735 IEEE standard
CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK respon ...)
	{DSA-4008-1 DLA-1149-1}
	- wget 1.19.2-1 (bug #879957)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
CVE-2017-13089 (The http.c:skip_short_body() function is called in some circumstances, ...)
	{DSA-4008-1 DLA-1149-1}
	- wget 1.19.2-1 (bug #879957)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tun ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13085
	RESERVED
CVE-2017-13084 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Sta ...)
	- wpa <unfixed> (unimportant)
	NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
	NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in
	NOTE: the PeerKey handshake) is concerned, it should be noted that PeerKey
	NOTE: implementation in wpa_supplicant is not fully functional and the actual
	NOTE: installation of the key into the driver does not work. As such, this
	NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake
	NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed.
CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not adequately v ...)
	NOT-FOR-US: Akeo Consulting Rufus
CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allow ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allow ...)
	{DSA-3999-1 DLA-1573-1 DLA-1150-1}
	- firmware-nonfree 20180825-1
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...)
	{DSA-3999-1 DLA-1573-1 DLA-1200-1 DLA-1150-1}
	- firmware-nonfree 20180825-1
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	- wpa 2:2.4-1.1
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://w1.fi/security/2017-1/
	NOTE: https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e (v4.14-rc6)
CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allow ...)
	{DSA-3999-1 DLA-1573-1 DLA-1150-1}
	- firmware-nonfree 20180825-1
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...)
	{DSA-3999-1 DLA-1573-1 DLA-1150-1}
	- firmware-nonfree 20180825-1
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pai ...)
	{DSA-3999-1 DLA-1573-1 DLA-1150-1}
	- firmware-nonfree 20180825-1
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13076
	RESERVED
CVE-2017-13075
	RESERVED
CVE-2017-13074
	RESERVED
CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...)
	NOT-FOR-US: NAP NAS application Photo Station
CVE-2017-13072 (Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2 ...)
	NOT-FOR-US: QNAP
CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern all ...)
	NOT-FOR-US: QNAP
CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version  ...)
	NOT-FOR-US: QNAP
CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...)
	NOT-FOR-US: QNAP
CVE-2017-13068 (QNAP has already patched this vulnerability. This security concern all ...)
	NOT-FOR-US: QNAP
CVE-2017-13067 (QNAP has patched a remote code execution vulnerability affecting the Q ...)
	NOT-FOR-US: QNAP
CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function  ...)
	- graphicsmagick 1.3.27-1 (unimportant)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/
CVE-2017-13065 (GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in  ...)
	{DSA-4321-1 DLA-1401-1 DLA-1082-1}
	- graphicsmagick 1.3.26-7 (bug #873119)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/435/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13064 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability i ...)
	{DSA-4321-1 DLA-1401-1 DLA-1082-1}
	- graphicsmagick 1.3.26-7 (bug #873129)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/436/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability i ...)
	{DSA-4321-1 DLA-1401-1 DLA-1082-1}
	- graphicsmagick 1.3.26-7 (bug #873130)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #873131)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/645
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/644
CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/667
CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
CVE-2017-13057
	RESERVED
CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might a ...)
	NOT-FOR-US: PDF-XChange Viewer
CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13046 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13045 (The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13044 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13043 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13042 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13041 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13040 (The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13039 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13038 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13037 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in print- ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13036 (The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13035 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13034 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13033 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13032 (The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13031 (The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buf ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13030 (The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13029 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13028 (The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13027 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13026 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13025 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13024 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13023 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13022 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in print- ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13021 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13020 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13019 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13018 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13017 (The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13016 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13015 (The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13014 (The White Board protocol parser in tcpdump before 4.9.2 has a buffer o ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13013 (The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13012 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13011 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13010 (The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13009 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13008 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13007 (The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13006 (The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13005 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13004 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13003 (The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13002 (The AODV parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13001 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13000 (The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-rea ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12999 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12998 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12997 (The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop d ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12996 (The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12995 (The DNS parser in tcpdump before 4.9.2 could enter an infinite loop du ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12994 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12993 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12992 (The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12991 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12990 (The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12989 (The RESP parser in tcpdump before 4.9.2 could enter an infinite loop d ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12988 (The telnet parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12987 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12986 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ov ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12985 (The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, adm ...)
	NOT-FOR-US: PHPMyWind
CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw. ...)
	{DSA-4040-1 DSA-4032-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #873134)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/26078285f49c361ad8ddc8e14bd1d4aab7ed5682
CVE-2017-12981 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via t ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12980 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...)
	- dokuwiki 0.0.20180422.a-1 (bug #872941)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2081
	NOTE: https://github.com/splitbrain/dokuwiki/commit/f883db117a4fdeae72071db41b3ef5932d6335da
CVE-2017-12979 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...)
	- dokuwiki 0.0.20180422.a-1 (bug #872940)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2080
	NOTE: https://github.com/splitbrain/dokuwiki/commit/56bd9509ab2037512829392fda6427af7f390724
CVE-2017-12978 (lib/html.php in Cacti before 1.1.18 has XSS via the title field of an  ...)
	- cacti 1.1.18+ds1-1
	[stretch] - cacti <not-affected> (Vulnerable code, external link support, introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code, external link support, introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code, external link support, introduced later)
	NOTE: https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24
	NOTE: https://github.com/Cacti/cacti/issues/918
CVE-2017-12977 (The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin ...)
	NOT-FOR-US: Web-Dorado plugin for Wordpress
CVE-2017-1000216
	REJECTED
CVE-2017-1000205
	REJECTED
CVE-2017-1000202
	REJECTED
CVE-2017-1000184
	REJECTED
CVE-2017-1000183
	REJECTED
CVE-2017-1000181
	REJECTED
CVE-2017-1000180
	REJECTED
CVE-2017-1000179
	REJECTED
CVE-2017-1000178
	REJECTED
CVE-2017-1000177
	REJECTED
CVE-2017-1000175
	REJECTED
CVE-2017-1000167
	REJECTED
CVE-2017-1000166
	REJECTED
CVE-2017-1000165
	REJECTED
CVE-2017-1000162
	REJECTED
CVE-2017-1000124
	REJECTED
CVE-2017-1000123
	REJECTED
CVE-2017-12982 (The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG  ...)
	- openjpeg2 2.3.0-1 (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/983
	NOTE: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
CVE-2017-12975
	RESERVED
CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without e ...)
	NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an  ...)
	NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check whe ...)
	NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute arbitra ...)
	{DSA-4010-1 DLA-1495-1 DLA-1144-1}
	- git-annex 6.20170818-1 (bug #873088)
	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn
	NOTE: jessie patch: https://gitlab.com/anarcat/git-annex/commit/58daf6cbe4c1ea1cf71f3a538a0e27b5075c7265
	NOTE: stretch patch: https://gitlab.com/anarcat/git-annex/commit/115585df48dce16aa702663dab220de625b9de7d
	NOTE: This is similar class of issue as for CVE-2017-1000117/git
CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows  ...)
	NOT-FOR-US: Apache2Triad
CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4  ...)
	NOT-FOR-US: Apache2Triad
CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Ava ...)
	NOT-FOR-US: Avaya IP Office Contact Center
CVE-2017-12968
	RESERVED
CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) li ...)
	- binutils 2.29-5
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21962
CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1 ...)
	- asn1c <unfixed> (unimportant)
CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...)
	NOT-FOR-US: Apache2Triad
CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered  ...)
	- libsass <undetermined> (low; bug #873034)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397
CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...)
	- libsass <undetermined> (low; bug #873034)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335
	NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed
	NOTE: with the upstream patch for CVE-2017-11555.
CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...)
	- libsass <undetermined> (low; bug #873034)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331
CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12960 (There is a reachable assertion abort in the function dict_rename_var() ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482433
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12959 (There is a reachable assertion abort in the function dict_add_mrset()  ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482432
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12958 (There is an illegal address access in the function output_hex() in dat ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482429
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that  ...)
	- exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/60
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
	NOTE: Experimental is affected, tracking as #876242
CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888872)
	NOTE: https://github.com/Exiv2/exiv2/issues/59
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Th ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888873)
	NOTE: https://github.com/Exiv2/exiv2/issues/58
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4 ...)
	- libgig 4.0.0-5 (low; bug #877652)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3350
CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgi ...)
	- libgig 4.0.0-4 (low; bug #873718)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote atta ...)
	- libgig 4.0.0-4 (low; bug #873718)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in l ...)
	- libgig 4.0.0-5 (low; bug #877651)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3349
CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows rem ...)
	- libgig 4.0.0-4 (low; bug #873718)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove Pod ...)
	NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress
CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlie ...)
	NOT-FOR-US: PressForward plugin for Wordpress
CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...)
	NOT-FOR-US: Easy Modal plugin for WordPress
CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...)
	NOT-FOR-US: Easy Modal plugin for WordPress
CVE-2017-12945 (Insufficient validation of user-supplied input for the Solstice Pod be ...)
	NOT-FOR-US: Solstice Pod
CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mish ...)
	{DSA-4100-1 DLA-1093-1}
	- tiff 4.0.8-6 (bug #872607)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2725
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/dc02f9050311a90b3c0655147cee09bfa7081cfc
CVE-2017-12943 (D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attacker ...)
	NOT-FOR-US: D-Link DIR-600 Rev Bx devices
CVE-2017-12939 (A Remote Code Execution vulnerability was identified in all Windows ve ...)
	NOT-FOR-US: Unity Editor
CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack:: ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpa ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Enco ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a directory-trave ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
	{DSA-4321-1 DLA-1401-1 DLA-1082-1}
	- graphicsmagick 1.3.26-6 (bug #872574)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
	{DSA-4321-1 DLA-1456-1 DLA-1082-1}
	- graphicsmagick 1.3.26-6 (bug #872575)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mis ...)
	{DSA-4321-1 DLA-1456-1 DLA-1082-1}
	- graphicsmagick 1.3.26-6 (bug #872576)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x  ...)
	{DSA-4080-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	NOTE: Fixed in 7.1.7, 7.0.21
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101
CVE-2017-12933 (The finish_nested_data function in ext/standard/var_unserializer.re in ...)
	{DSA-4081-1 DSA-4080-1 DLA-1076-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	- php5 <removed>
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74111
CVE-2017-12932 (ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...)
	{DSA-4080-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	NOTE: Fixed in 7.1.8, 7.0.22
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74103
	NOTE: https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4
CVE-2017-12931
	RESERVED
CVE-2017-12930 (SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 v ...)
	NOT-FOR-US: TecnoVISION DLX Spot Player4
CVE-2017-12929 (Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4  ...)
	NOT-FOR-US: TecnoVISION DLX Spot Player4
CVE-2017-12928 (A hard-coded password of tecn0visi0n for the dlxuser account in TecnoV ...)
	NOT-FOR-US: TecnoVISION DLX Spot Player4
CVE-2017-12926
	RESERVED
CVE-2017-12918
	RESERVED
CVE-2017-12917
	RESERVED
CVE-2017-12916
	RESERVED
CVE-2017-12915
	RESERVED
CVE-2017-12914
	RESERVED
CVE-2017-12913
	RESERVED
CVE-2017-12912 (The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability  ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU
CVE-2017-12911 (The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which resu ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU
CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows rem ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remo ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12908 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows  ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow  ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12905 (Server Side Request Forgery vulnerability in Vebto Pixie Image Editor  ...)
	NOT-FOR-US: Vebto Pixie Image Editor
CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in b ...)
	{DSA-3947-1 DLA-1061-1}
	- newsbeuter 2.9-6
	NOTE: https://github.com/akrennmair/newsbeuter/issues/591
	NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
CVE-2017-12903
	RESERVED
CVE-2017-12902 (The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12901 (The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12900 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12899 (The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12898 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12897 (The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12896 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in pr ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12895 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12894 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12893 (The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in  ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p ...)
	NOT-FOR-US: libfpx
CVE-2017-12924 (CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote a ...)
	NOT-FOR-US: libfpx
CVE-2017-12923 (OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remo ...)
	NOT-FOR-US: libfpx
CVE-2017-12922 (wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: libfpx
CVE-2017-12921 (PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3. ...)
	NOT-FOR-US: libfpx
CVE-2017-12920 (CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote at ...)
	NOT-FOR-US: libfpx
CVE-2017-12919 (Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp  ...)
	NOT-FOR-US: libfpx
CVE-2017-12927 (A cross-site scripting vulnerability exists in Cacti 1.1.17 in the met ...)
	- cacti 1.1.17+ds1-2 (bug #872478)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/907
	NOTE: https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99
CVE-2017-1000108 (The Pipeline: Input Step Plugin by default allowed users with Item/Rea ...)
	NOT-FOR-US: Jenkins Input Step Plugin
CVE-2017-1000107 (Script Security Plugin did not apply sandboxing restrictions to constr ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2017-12892 (Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2. ...)
	NOT-FOR-US: Foxit PDF Compressor
CVE-2017-12891
	RESERVED
CVE-2017-12890
	RESERVED
CVE-2017-12889
	RESERVED
CVE-2017-12888
	RESERVED
CVE-2017-12887
	RESERVED
CVE-2017-12886
	RESERVED
CVE-2017-12885 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Sit ...)
	NOT-FOR-US: OX Software GmbH App Suite
CVE-2017-12884 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Informati ...)
	NOT-FOR-US: OX Software GmbH App Suite
CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...)
	{DSA-3982-1}
	- perl 5.26.0-8 (bug #875597)
	[wheezy] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public)
	NOTE: https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/2692dda97731c37082a0075eff50d741901c665f
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/40b3cdad3649334585cee8f4630ec9a025e62be6
CVE-2017-12882 (Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin  ...)
	NOT-FOR-US: Spring Batch Admin
CVE-2017-12881 (Cross-site request forgery (CSRF) vulnerability in the Spring Batch Ad ...)
	NOT-FOR-US: Spring Batch Admin
CVE-2017-12880
	REJECTED
CVE-2017-12879 (Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENS ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2017-12878
	RESERVED
CVE-2016-10502 (While generating trusted application id, An integer overflow can occur ...)
	NOT-FOR-US: Snapdragon
CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10500
	REJECTED
CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10497 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10496 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10495 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10494 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10493 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10492 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10491 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10488
	REJECTED
CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10485 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10484 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10483 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10482 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10481 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10480 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10479 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10478 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10477 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10476 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10475 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10474 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10473 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10470
	REJECTED
CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10468
	REJECTED
CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10465
	REJECTED
CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10463
	REJECTED
CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10460 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10459 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10458 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10457 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10456 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10453
	REJECTED
CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10450 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10449 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10448 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10447 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10446 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10445 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10444 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10443 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10442 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10441 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10440 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10439 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10438 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10437 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10436 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10435 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10434 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10433 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10432 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10431 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10430 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10429 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10428 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10427 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10426 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10425 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10424 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10423 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10422 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10421 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10420 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10419 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10418 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10417 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10416 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10413
	REJECTED
CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10410 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10409 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10408
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10407 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10406 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9225
	RESERVED
CVE-2015-9224 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9223 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9222 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9221 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9220 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9219 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9218 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9217 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9216 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9215 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9214
	RESERVED
CVE-2015-9213 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9212 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9211 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9210 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9209 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9208 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9207 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9206 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9205 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9204 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9203 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9202 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9201 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9200 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9199 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9198 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9197 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9196 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9195 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9194 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9193 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9192 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9191 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9190 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9189 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9188 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9187 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9186 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9185 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9184 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9183 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9182 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9181 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9180 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9179 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9178 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9177 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9176 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9175 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9174 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9173 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9172 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9171 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9170 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9169 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9168
	RESERVED
CVE-2015-9167 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9166 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9165 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9164 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9163 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9162 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9161 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9160 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9159 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9158 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9157 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9156 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9155
	RESERVED
CVE-2015-9154
	RESERVED
CVE-2015-9153 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9152 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9151 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9150 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9149 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9148 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9147 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9146 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9145 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9144 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9143 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9142 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9141 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9140 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9139 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9138 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9137 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9136 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9135 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9134 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9133 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9132 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9131 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9130 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9129 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9128 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9127 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9126 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9125
	RESERVED
CVE-2015-9124 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9122 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9121
	RESERVED
CVE-2015-9120 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9118 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9117
	RESERVED
CVE-2015-9116 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9115 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9114 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9113 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9112 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9111 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9110 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9109 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9108 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9998 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9997 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9996 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9995 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9992
	REJECTED
CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9989 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9988 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9987 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9986 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9985 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10061
	REJECTED
CVE-2014-10060
	REJECTED
CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10057 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10056 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10055 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10054 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10053 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10052 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10049
	REJECTED
CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10046 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10045 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10044 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10043 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10039 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c i ...)
	{DSA-4074-1 DSA-4040-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #872373)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890
	NOTE: This doesn't affect the base releases, but got introduced via security fixes, which got backported to older suites
CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6  ...)
	- imagemagick <not-affected> (Specific to Imagemagick 7, 6.x uses fixed pixel cache morphology)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/663
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd
CVE-2017-12866
	RESERVED
CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlie ...)
	{DSA-3956-1 DLA-1078-1}
	- connman 1.35-1 (bug #872844)
	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #875345)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #875344)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #875342)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users com ...)
	NOT-FOR-US: Epson "EasyMP"
CVE-2017-12860 (The Epson "EasyMP" software is designed to remotely stream a users com ...)
	NOT-FOR-US: Epson "EasyMP"
CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS enviro ...)
	NOT-FOR-US: NetApp
CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in zip_dire ...)
	- libzip <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
	NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running s ...)
	NOT-FOR-US: Polycom
CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote  ...)
	NOT-FOR-US: C.P.Sub
CVE-2017-12854
	RESERVED
CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XM ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.11-1
	NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
	NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
	NOTE: https://simplesamlphp.org/security/201612-03
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain se ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.11-1
	NOTE: https://simplesamlphp.org/security/201612-04
	NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f
CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...)
	{DLA-1408-1 DLA-1205-1}
	- simplesamlphp 1.14.15-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201703-01
	NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAML ...)
	- simplesamlphp 1.14.15-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue mitigated by HTTPS usage, hard to backport)
	[jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
	NOTE: https://simplesamlphp.org/security/201703-02
CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...)
	- simplesamlphp 1.14.15-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue mitigated by HTTPS usage, hard to backport)
	[jessie] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport)
	[wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport)
	NOTE: https://simplesamlphp.org/security/201704-01
CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remot ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.15-1
	NOTE: https://simplesamlphp.org/security/201704-02
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleS ...)
	{DLA-1408-1 DLA-1205-1}
	- simplesamlphp 1.14.15-1
	[stretch] - simplesamlphp <not-affected> (Only affects setups with old PHP versions not found in stable)
	NOTE: https://simplesamlphp.org/security/201705-01
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 an ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.15-1
	NOTE: https://simplesamlphp.org/security/201708-01
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform t ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-230.html
CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affecte ...)
	NOT-FOR-US: RealTime RWR-3G-100 Router Firmware
CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is missing i ...)
	- python-numpy 1:1.14.3-1 (unimportant; bug #872407)
	NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
	NOTE: Negligible security impact
CVE-2017-12851 (An authenticated standard user could reset the password of the admin b ...)
	- kanboard <itp> (bug #790814)
CVE-2017-12850 (An authenticated standard user could reset the password of other users ...)
	- kanboard <itp> (bug #790814)
	NOTE: https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae
CVE-2017-12849 (Response discrepancy in the login and password reset forms in SilverSt ...)
	NOT-FOR-US: SilverStripe CMS
CVE-2017-12848
	RESERVED
CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...)
	- nagios3 <removed>
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/16/7
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/404
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752
	NOTE: https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb
CVE-2017-12846
	RESERVED
CVE-2017-12845
	RESERVED
CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...)
	NOT-FOR-US: IceWarp
CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to  ...)
	- cyrus-imapd <not-affected> (Vulnerable code introduced later)
	- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0
CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...)
	- bitcoin 0.14.2~dfsg-1~exp2
CVE-2017-12841
	RESERVED
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client  ...)
	NOTE: DESLock+
CVE-2017-12839 (A heap-based buffer over-read in the getbits function in src/libmpg123 ...)
	- mpg123 1.25.6-1
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/mpg123/bugs/255/
	NOTE: https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...)
	{DSA-3982-1}
	- perl 5.26.0-8 (bug #875596)
	[wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131582 (not yet public)
	NOTE: https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/66288bb3f44c8aa5122e5f40d8cfc0eada8b1695
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f7e5417e7bffba03947b66e4d8622d7c220f2876
CVE-2017-12835
	REJECTED
CVE-2017-12834
	REJECTED
CVE-2017-12833
	REJECTED
CVE-2017-12832
	REJECTED
CVE-2017-12831
	REJECTED
CVE-2017-12830
	REJECTED
CVE-2017-12829
	REJECTED
CVE-2017-12828
	REJECTED
CVE-2017-12827
	REJECTED
CVE-2017-12826
	REJECTED
CVE-2017-12825
	RESERVED
CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in I ...)
	NOT-FOR-US: InPage
CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded  ...)
	NOT-FOR-US: Kaspersky
CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, S ...)
	NOT-FOR-US: Gemalto
CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LD ...)
	NOT-FOR-US: Gemalto
CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...)
	NOT-FOR-US: Gemalto
CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay att ...)
	NOT-FOR-US: Gemalto
CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HA ...)
	NOT-FOR-US: Gemalto
CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the a ...)
	NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of appli ...)
	NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 5279 ...)
	NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet
CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in win32/perl ...)
	- perl <not-affected> (Windows specific issue)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public)
CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments sect ...)
	NOT-FOR-US: PHPJabbers File Sharing Script
CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name para ...)
	NOT-FOR-US: PHPJabbers Night Club Booking Software
CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. ...)
	NOT-FOR-US: PHPJabbers Star Rating Script
CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ad ...)
	NOT-FOR-US: PHPJabbers PHP Newsletter Script
CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (bug #873849)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
CVE-2017-12808
	RESERVED
CVE-2017-12807
	REJECTED
CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/664
CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0. ...)
	NOT-FOR-US: mkclean
CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 201 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-0 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 through 20 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) wi ...)
	NOT-FOR-US: D-Link
CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might  ...)
	{DSA-3940-1 DLA-1056-1}
	- cvs 2:1.12.13+real-24 (bug #871810)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/11/1
CVE-2017-12799 (The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows re ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21933
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=957e1fc1c5d0262e4b2f764cf031ad1458446498
CVE-2017-12798 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q p ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12797 (Integer overflow in the INT123_parse_new_id3 function in the ID3 parse ...)
	- mpg123 1.25.6-1
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <no-dsa> (Minor issue)
	[wheezy] - mpg123 <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/mpg123/bugs/254/
	NOTE: https://sourceforge.net/p/mpg123/mailman/message/35987663/
CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distri ...)
	NOT-FOR-US: OpenMRS addon
CVE-2017-12795 (OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper I ...)
	NOT-FOR-US: OpenMRS
CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...)
	- python-django 1:1.11.5-1 (low; bug #874415)
	[stretch] - python-django 1:1.10.7-2+deb9u2
	[jessie] - python-django <not-affected> (Vulnerable code do not exist)
	[wheezy] - python-django <not-affected> (Vulnerable code do not exist)
	NOTE: https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
CVE-2017-12793
	RESERVED
CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...)
	- salt 2016.11.8+dfsg1-1 (bug #872399)
	[stretch] - salt 2016.11.2+ds-1+deb9u1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://github.com/saltstack/salt/pull/42944
	NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a
	NOTE: https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The  ...)
	NOT-FOR-US: Metinfo
CVE-2017-12789 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The  ...)
	NOT-FOR-US: Metinfo
CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: Metinfo
CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, includ ...)
	NOT-FOR-US: NoviWare
CVE-2017-12786 (Network interfaces of the cliengine and noviengine services, included  ...)
	NOT-FOR-US: NoviWare
CVE-2017-12785 (The novish command-line interface, included in the NoviWare software d ...)
	NOT-FOR-US: NoviWare
CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted  ...)
	NOT-FOR-US: Youngzsoft CCFile
CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 a ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 a ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator 0. ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12778 (** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vu ...)
	NOT-FOR-US: qBittorrent non issue
CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...)
	{DSA-3981-1}
	- linux 4.12.6-1 (low)
	[wheezy] - linux <ignored> (Low severity and difficult to backport)
	NOTE: Introduced by: https://git.kernel.org/linus/e89e9cf539a28df7d0eb1d0a545368e9920b34ac (2.6.15-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
CVE-2017-1000111 (Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue  ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://..." URL to an unsus ...)
	{DSA-3934-1 DLA-1068-1}
	- git 1:2.14.1-1
	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...)
	{DSA-3963-1 DLA-1072-1}
	- mercurial 4.3.1-1 (bug #871710)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
	NOTE: 11 patches need to be applied, the following are for 4.2:
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/f9134e96ed0f
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/92b583e3e522
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/08cfc4baf3ba
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/55681baf4cf9
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/173ecccb9ee7
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23
	NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7
	NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1
CVE-2017-1000115 (Mercurial prior to version 4.3 is vulnerable to a missing symlink chec ...)
	{DSA-3963-1 DLA-1072-1}
	- mercurial 4.3.1-1 (bug #871709)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test)
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef (fix)
	NOTE: 3.7 and 4.1 backports available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7
	NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1CVE-2017-12777
CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some pa ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remo ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12775 (qa-include/qa-install.php in Question2Answer before 1.7.5 allows remot ...)
	NOT-FOR-US: question2answer
CVE-2017-12774 (finecms in 1.9.5\controllers\member\ContentController.php allows remot ...)
	NOT-FOR-US: FineCMS
CVE-2017-12773
	RESERVED
CVE-2017-12772
	RESERVED
CVE-2017-12771
	RESERVED
CVE-2017-12770
	RESERVED
CVE-2017-12769
	RESERVED
CVE-2017-12768
	RESERVED
CVE-2017-12767
	RESERVED
CVE-2017-12766
	RESERVED
CVE-2017-12765
	RESERVED
CVE-2017-12764
	RESERVED
CVE-2017-12763 (An unspecified server utility in NoMachine before 5.3.10 on Mac OS X a ...)
	NOT-FOR-US: NoMachine
CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied in ...)
	- linux 4.13.4-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967 (v4.13-rc4)
	NOTE: Driver is disabled since squeeze and unmaintained for a long time
CVE-2017-12761 (http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by ...)
	NOT-FOR-US: Endober WebFile Explorer
CVE-2017-12760 (Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa  ...)
	NOT-FOR-US: Ynet Interactive
CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Man ...)
	NOT-FOR-US: Ynet Interactive
CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1  ...)
	NOT-FOR-US: Joomla! Component Appointment
CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Inje ...)
	NOT-FOR-US: Ambit
CVE-2017-12756 (Command inject in transfer from another server in extplorer 2.1.9 and  ...)
	{DLA-1063-1}
	- extplorer <removed>
	NOTE: http://extplorer.net/news/21
CVE-2017-12755
	RESERVED
CVE-2017-12754 (Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-A ...)
	NOT-FOR-US: Asuswrt-Merlin firmware
CVE-2017-12753
	RESERVED
CVE-2017-12752
	RESERVED
CVE-2017-12751
	RESERVED
CVE-2017-12750
	RESERVED
CVE-2017-12749
	RESERVED
CVE-2017-12748
	RESERVED
CVE-2017-12747
	RESERVED
CVE-2017-12746
	RESERVED
CVE-2017-12745
	RESERVED
CVE-2017-12744
	RESERVED
CVE-2017-12743
	RESERVED
CVE-2017-12742
	RESERVED
CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All versi ...)
	NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity  ...)
	NOT-FOR-US: Siemens
CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...)
	NOT-FOR-US: Siemens
CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...)
	NOT-FOR-US: Siemens
CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...)
	NOT-FOR-US: Siemens
CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...)
	NOT-FOR-US: Siemens
CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An attac ...)
	NOT-FOR-US: Siemens
CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before V1 ...)
	NOT-FOR-US: Siemens
CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...)
	NOT-FOR-US: SiteSentinel
CVE-2017-12732 (A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Ve ...)
	NOT-FOR-US: GE CIMPLICITY
CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Systems Si ...)
	NOT-FOR-US: SiteSentinel
CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...)
	NOT-FOR-US: mySCADA myPRO
CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer throu ...)
	NOT-FOR-US: Moxa SoftCMS Live Viewer
CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...)
	NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-12727
	RESERVED
CVE-2017-12726 (A Use of Hard-coded Password issue was discovered in Smiths Medical Me ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12725 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12724 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12723 (A Password in Configuration File issue was discovered in Smiths Medica ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12722 (An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12721 (An Improper Certificate Validation issue was discovered in Smiths Medi ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12720 (An Improper Access Control issue was discovered in Smiths Medical Medf ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech Web ...)
	NOT-FOR-US: Advantech
CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical Medfu ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured prior to ...)
	NOT-FOR-US: Abbott Laboratories Accent and Anthem pacemakers
CVE-2017-12715
	RESERVED
CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do n ...)
	NOT-FOR-US: Abbott Laboratories pacemakers
CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was dis ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers manufac ...)
	NOT-FOR-US: Abbott Laboratories pacemakers
CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech We ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions p ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ve ...)
	NOT-FOR-US: Westermo devices
CVE-2017-12708 (An Improper Restriction Of Operations Within The Bounds Of A Memory Bu ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl SC ...)
	NOT-FOR-US: SpiderControl SCADA MicroBrowser
CVE-2017-12706 (A stack-based buffer overflow issue was discovered in Advantech WebAcc ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12705 (A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP.  ...)
	NOT-FOR-US: Advantech
CVE-2017-12704 (A heap-based buffer overflow issue was discovered in Advantech WebAcce ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo M ...)
	NOT-FOR-US: Westermo
CVE-2017-12702 (An Externally Controlled Format String issue was discovered in Advante ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12701 (BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain ...)
	NOT-FOR-US: BMC Medical Luna CPAP Machines
CVE-2017-12700
	RESERVED
CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTech DAQF ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and Sh ...)
	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-12696
	RESERVED
CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...)
	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web  ...)
	NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...)
	{DSA-3992-1}
	- curl 7.55.0-1 (bug #871554)
	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced later in 7.34.0)
	NOTE: https://curl.haxx.se/docs/adv_20170809A.html
	NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
CVE-2017-1000100 (When doing a TFTP transfer and curl/libcurl is given a URL that contai ...)
	{DSA-3992-1 DLA-1062-1}
	- curl 7.55.0-1 (bug #871555)
	NOTE: https://curl.haxx.se/docs/adv_20170809B.html
	NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides a featu ...)
	- curl <not-affected> (Only affects 7.54.1, no affected version ever in the archive)
	NOTE: https://curl.haxx.se/docs/adv_20170809C.html
	NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
	NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...)
	{DLA-1785-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519
CVE-2017-12690
	RESERVED
CVE-2017-12689
	RESERVED
CVE-2017-12688
	RESERVED
CVE-2017-12687
	RESERVED
CVE-2017-12686
	RESERVED
CVE-2017-12685
	RESERVED
CVE-2017-12684
	RESERVED
CVE-2017-12683
	RESERVED
CVE-2017-12682
	RESERVED
CVE-2017-12681
	RESERVED
CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type paramet ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefac ...)
	- taglib 1.11.1+dfsg.1-0.2 (bug #871511)
	[stretch] - taglib <no-dsa> (Minor issue)
	[jessie] - taglib <not-affected> (Vulnerable code not present)
	[wheezy] - taglib <not-affected> (Vulnerable code not present)
	- silverjuke <not-affected> (Vulnerable code not present, based on older taglib version)
	NOTE: https://github.com/taglib/taglib/issues/829
	NOTE: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97
CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Ang ...)
	NOT-FOR-US: IdentityServer
CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870118)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/387adbe4b05a545b9f3972e862602480c850303c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7287f50888c26b133ee173816332fcaec4e8cb62
CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional data was  ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870022)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/616
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c
CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/619
CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...)
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/617
CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/ ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/621
CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage  ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/571
CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage i ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870489)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/575
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba8f335fa06daf1165e0878462686028e633a74
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/560e6e512961008938aa1d1b9aab06347b1c8f9b
CVE-2017-12667 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...)
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/553
CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImag ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870482)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/572
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5559407ce29f4371e5df9c1cbde65455fe5854c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/45aeda5da9eb328689afc221fa3b7dfa5cdea54d
CVE-2017-12665 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage  ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870501)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/577
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c1b09bbec148f6ae11d0b686fdb89ac6dc0ab14e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/859084b4fd966ac007965c3d85caabccd8aee9b4
CVE-2017-12663 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage i ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870483)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/573
CVE-2017-12662 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage i ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870492)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/576
CVE-2017-12661
	RESERVED
CVE-2017-12660
	RESERVED
CVE-2017-12659
	RESERVED
CVE-2017-12658
	RESERVED
CVE-2017-12657
	RESERVED
CVE-2017-12656
	RESERVED
CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the que ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 all ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870502)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/620
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ffcb8f8e2248fde38a2cb30aeb48403d2b3471cc
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f2c26fa4db84e92d754c7f8b269db2883cf7f32c
CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escal ...)
	NOT-FOR-US: 360 Total Security
CVE-2017-12652 (libpng before 1.6.32 does not properly check the length of chunks agai ...)
	- libpng1.6 1.6.32-1
	[stretch] - libpng1.6 <ignored> (Minor issue)
	NOTE: https://github.com/glennrp/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55
	NOTE: https://github.com/glennrp/libpng/commit/a1fe2c98489519d415b72bc0026f0c86d82278b7
	NOTE: https://github.com/glennrp/libpng/commit/095b4ce16bb46acb259ea1a4ca6562a623e58d93
	NOTE: https://github.com/glennrp/libpng/commit/2dbef2f2a9e759a80d2decb6862518acf4919c59
	NOTE: https://github.com/glennrp/libpng/commit/2dca15686fadb1b8951cb29b02bad4cae73448da
	NOTE: https://github.com/glennrp/libpng/commit/fcd1bb93124d76059abef98216d8390f520c577b
	NOTE: https://github.com/glennrp/libpng/commit/13bc0b6b1f8f2f2491fcc9f0c1c939ff06e13c15
CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelis ...)
	NOT-FOR-US: Loginizer plugin for WordPress
CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPres ...)
	NOT-FOR-US: Loginizer plugin for WordPress
CVE-2017-12649 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or  ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12648 (XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12647 (XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base ar ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, passw ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletI ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/551
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a33f7498f9052b50e8fe8c8422a11ba84474cb42
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0
CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869796)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/552
CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870108)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOne ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and includi ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and includi ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2017-12637 (Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/ ...)
	NOT-FOR-US: SAP
CVE-2017-12636 (CouchDB administrative users can configure the database server via HTT ...)
	{DLA-1252-1}
	- couchdb <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
	NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/9a28df7e9703a1a3420e7616c4d33a523ee06354
	NOTE: Possibly needs more updates: https://github.com/apache/couchdb/commit/bf6b6a1c84321baee2c4ad354059a45e0b8fdec7
CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and JavaScript-base ...)
	{DLA-1252-1}
	- couchdb <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
	NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/3706a77c13a78672e5a3fbde06e7bffd3665f73b
CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20. ...)
	NOT-FOR-US: Apache Camel
CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20 ...)
	NOT-FOR-US: Apache Camel
CVE-2017-12632 (A malicious host header in an incoming HTTP request could cause NiFi t ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to  ...)
	NOT-FOR-US: Apache CXF
CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query pag ...)
	NOT-FOR-US: Apache Drill
CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache Luc ...)
	{DSA-4124-1 DLA-1254-1}
	- lucene-solr 3.6.2+dfsg-11
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html
	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-tt4358355.html
	NOTE: Patch removing RunExecutableListener: https://github.com/apache/lucene-solr/commit/7b313bb597a6d1f78773dc9c00f484c078a46c25
	NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4
CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...)
	NOT-FOR-US: Apache James
CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing of exte ...)
	{DLA-1328-1}
	- xerces-c 3.2.1+debian-1 (bug #894050)
	[stretch] - xerces-c 3.1.4+debian-2+deb9u1
	[jessie] - xerces-c 3.1.1-5.1+deb8u4
	NOTE: https://svn.apache.org/r1819998
	NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial  ...)
	- libapache-poi-java 3.17-1 (bug #888651)
	[stretch] - libapache-poi-java <no-dsa> (Minor issue)
	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61338
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61294
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=52372
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61295
CVE-2017-12625 (Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2 ...)
	NOT-FOR-US: Apache Hive
CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either the J ...)
	NOT-FOR-US: Apache CXF
CVE-2017-12623 (An authorized user could upload a template which contained malicious c ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...)
	NOT-FOR-US: Apache Geode
CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom doctyp ...)
	- jenkins-commons-jelly <removed>
	[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
	[wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...)
	NOT-FOR-US: Apache OpenNLP
CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation whic ...)
	NOT-FOR-US: Apache Zeppelin
CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to val ...)
	{DLA-1163-1}
	- apr-util 1.6.1-1 (low; bug #879996)
	[stretch] - apr-util <no-dsa> (Minor issue)
	[jessie] - apr-util <no-dsa> (Minor issue)
	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
	NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147
CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22 ...)
	{DLA-1166-1}
	- tomcat8 <not-affected> (Specific to running Tomcat on Windows)
	- tomcat8.0 <not-affected> (Specific to running Tomcat on Windows)
	- tomcat7 <not-affected> (Specific to running Tomcat on Windows)
	NOTE: https://svn.apache.org/r1809673 (8.5.x)
	NOTE: https://svn.apache.org/r1809675 (8.5.x)
	NOTE: https://svn.apache.org/r1809896 (8.5.x)
	NOTE: https://svn.apache.org/r1809921 (8.0.x)
	NOTE: https://svn.apache.org/r1809978 (7.0.x)
	NOTE: https://svn.apache.org/r1809992 (7.0.x)
	NOTE: https://svn.apache.org/r1810014 (7.0.x)
	NOTE: https://svn.apache.org/r1810026 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it w ...)
	{DLA-1400-1 DLA-1108-1}
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
	NOTE: https://svn.apache.org/r1804729
CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs e ...)
	- tomcat7 <not-affected> (Windows-specific)
CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to  ...)
	- airflow <itp> (bug #819700)
CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with  ...)
	{DLA-1162-1}
	- apr 1.6.3-1 (low; bug #879708)
	[stretch] - apr <no-dsa> (Minor issue)
	[jessie] - apr <no-dsa> (Minor issue)
	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
	NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a
CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe de ...)
	- apache-spark <itp> (bug #802194)
CVE-2017-12611 (In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using  ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <ignored> (Minor issue)
	NOTE: Only a problem if the application programmer has made a security mistake.
	NOTE: https://struts.apache.org/docs/s2-053.html
CVE-2017-12610 (In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authent ...)
	- kafka <itp> (bug #786460)
CVE-2017-12609
	REJECTED
CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1 ...)
	{DSA-4022-1 DLA-1214-1}
	- libreoffice 1:5.0.2-1
	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and spec ...)
	{DSA-4022-1 DLA-1214-1}
	- libreoffice 1:5.0.2-1
	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1
CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect  ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial  ...)
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872045)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <ignored> (Minor issue)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer  ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial  ...)
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872045)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <ignored> (Minor issue)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872044)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
	- openexr 2.2.0-11.1 (bug #877352)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	[wheezy] - openexr 1.6.1-6+deb7u1
	NOTE: https://github.com/openexr/openexr/issues/238
	NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c
CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dic ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <ignored> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/146
	NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b
CVE-2017-12594
	RESERVED
CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. ...)
	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnera ...)
	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross sit ...)
	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vu ...)
	NOT-FOR-US: ASUS RT-N14UHP devices
CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protecti ...)
	NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices
CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...)
	- rsyslog 8.28.0-1 (unimportant)
	NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b
	NOTE: https://github.com/rsyslog/rsyslog/pull/1565
	NOTE: The zmq3 input and output modules are not enabled and built in Debian
CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...)
	{DSA-4019-1 DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d4192df5eb03892089806d52a317cc3101856726
CVE-2017-12586 (SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue becau ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2017-12585 (SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_ha ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2017-12584 (There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an  ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2017-12583 (DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE ...)
	- dokuwiki 0.0.20180422.a-1 (bug #870903)
	[jessie] - dokuwiki <not-affected> (Vulnerable code not present)
	[wheezy] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2061
CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance Station ...)
	NOT-FOR-US: QNAP
CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because o ...)
	- electron <itp> (bug #842420)
CVE-2017-12580 (An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploi ...)
	NOT-FOR-US: IDM UltraEdit
CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-12578
	RESERVED
CVE-2017-12577 (An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded accoun ...)
	NOT-FOR-US: PLANEX
CVE-2017-12576 (An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undoc ...)
	NOT-FOR-US: PLANEX
CVE-2017-12575 (An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router h ...)
	NOT-FOR-US: NEC
CVE-2017-12574 (An issue was discovered on PLANEX CS-W50HD devices with firmware befor ...)
	NOT-FOR-US: PLANEX
CVE-2017-12573 (An issue was discovered on PLANEX CS-W50HD devices with firmware befor ...)
	NOT-FOR-US: PLANEX
CVE-2017-12572 (Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5. ...)
	NOT-FOR-US: Splunk
CVE-2017-12571
	RESERVED
CVE-2017-12570
	RESERVED
CVE-2017-12569
	RESERVED
CVE-2017-12568 (Denial of Service vulnerability in Debut embedded httpd 1.20 in Brothe ...)
	NOT-FOR-US: Brother
CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance 6.4.1208 ...)
	NOT-FOR-US: Quest KACE Asset Management Appliance
CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870503)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/603
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2477eacf09d3a26efe814590a5dbbe1efd16764f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/27b3b9ca5cfb7b8935852cf315abc005ea7c1e16
CVE-2017-12565 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870115)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/602
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e0e544bb173213df00f82a810d66321e1bb4f3c8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4d0ac66c9778faebd2d1fac7140462b043626458
CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870017)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/601
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
CVE-2017-12561 (A remote code execution vulnerability in HPE intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12560 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12559 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12558 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12557 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12556 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12555 (A remote arbitrary file download and disclosure of information vulnera ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12554 (A remote code execution vulnerability in HPE intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12553 (A local authentication bypass vulnerability in HPE System Management H ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12552 (A local arbitrary execution of commands vulnerability in HPE System Ma ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12551 (A local arbitrary execution of commands vulnerability in HPE System Ma ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12550 (A local security misconfiguration vulnerability in HPE System Manageme ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12549 (A local authentication bypass vulnerability in HPE System Management H ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12548 (A local arbitrary command execution vulnerability in HPE System Manage ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System Manage ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management Homepag ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management Home ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12543 (A remote disclosure of information vulnerability in Moonshot Remote Co ...)
	NOT-FOR-US: Moonshot Remote Console Administrator Pro
CVE-2017-12542 (A authentication bypass and execution of code vulnerability in HPE Int ...)
	NOT-FOR-US: HPE ILO 4
CVE-2017-12541 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12540 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12539 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12538 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12537 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12536 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12535 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12534 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12533 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12532 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12531 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12530 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12529 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12528 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12527 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12526 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12525 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12524 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12523 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12522 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12521 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12520 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12519 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12518 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12517 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12516 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12515 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12514 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12513 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12512 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12511 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12510 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12509 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12508 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12507 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12506 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12505 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12504 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12503 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12502 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12501 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12500 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12499 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12498 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12497 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12496 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12495 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12494 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12493 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12492 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12491 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12490 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12489 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12488 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12487 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12486
	RESERVED
CVE-2017-12485
	RESERVED
CVE-2017-12484
	RESERVED
CVE-2017-12483
	RESERVED
CVE-2017-12482 (The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1 ...)
	- ledger 3.1.2+dfsg1-1 (low; bug #870900)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1224
	NOTE: https://github.com/ledger/ledger/issues/1224
	NOTE: https://github.com/ledger/ledger/commit/7c0ae5b02571e21f97d45f5d091cb78af9885713
CVE-2017-12481 (The find_option function in option.cc in Ledger 3.1.1 allows remote at ...)
	- ledger 3.1.2+dfsg1-1 (low; bug #870900)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1222
	NOTE: https://github.com/ledger/ledger/issues/1222
	NOTE: https://github.com/ledger/ledger/commit/c5343f18744d0f6fddcc590f9a54c23674d8c489
CVE-2017-12480 (Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading  ...)
	NOT-FOR-US: Sandboxie
CVE-2017-12479 (It was discovered that an issue in the session logic in Unitrends Back ...)
	NOT-FOR-US: Unitrends Backup
CVE-2017-12478 (It was discovered that the api/storage web interface in Unitrends Back ...)
	NOT-FOR-US: Unitrends Backup
CVE-2017-12477 (It was discovered that the bpserverd proprietary protocol in Unitrends ...)
	NOT-FOR-US: Unitrends Backup
CVE-2017-12476 (The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Be ...)
	NOT-FOR-US: Bento4
CVE-2017-12475 (The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 ...)
	NOT-FOR-US: Bento4
CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable ...)
	NOT-FOR-US: Bento4
CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers t ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attac ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows context-depe ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in CCN-lite before ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows c ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows  ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent attackers ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to have unspec ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow context-depen ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent atta ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite bef ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12462
	RESERVED
CVE-2017-12461
	RESERVED
CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7 ...)
	NOT-FOR-US: Barco ClickShare CSM-1 firmware
CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Bina ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12458 (The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Bin ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12457 (The bfd_make_section_with_flags function in section.c in the Binary Fi ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12456 (The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binuti ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12455 (The evax_bfd_print_emh function in vms-alpha.c in the Binary File Desc ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12454 (The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12453 (The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descri ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12452 (The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386 ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12451 (The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff6 ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21786
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=29866fa186ee3ebda5242221607dba360b2e541e
CVE-2017-12450 (The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File  ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a2df5e2df374289e00ecd8f099eb46d76ef982e
CVE-2017-12449 (The _bfd_vms_save_sized_string function in vms-misc.c in the Binary Fi ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12448 (The bfd_cache_close function in bfd/cache.c in the Binary File Descrip ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21787
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24
CVE-2017-12447 (GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus ...)
	- gdk-pixbuf 2.34.0-1
	[jessie] - gdk-pixbuf 2.31.1-2+deb8u5
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785979
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 (2.33.2)
CVE-2017-12446
	RESERVED
CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cp ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12444 (The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidj ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12443 (The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 c ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ca ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ca ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11 ...)
	{DSA-3953-1}
	- aodh 5.0.0-2 (bug #872605)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0080
	NOTE: Master: https://review.openstack.org/#/c/493823/
	NOTE: Ocata: https://review.openstack.org/#/c/493824/
	NOTE: Newton: https://review.openstack.org/#/c/493826/
	NOTE: https://github.com/openstack/aodh/commit/cb90d3ad472bba8d648803ca94a9196dff97f0e8
CVE-2017-12439 (SocuSoft Flash Slideshow Maker Professional through v5.20, when the ad ...)
	NOT-FOR-US: SocuSoft Flash Slideshow Maker Professional
CVE-2017-12438
	RESERVED
CVE-2017-12437
	RESERVED
CVE-2017-12436
	RESERVED
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872481)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/548
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DSA-4019-1 DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870491)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74
CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/545
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ac6c73d39d59a7b0285b3756810272121759a31
	NOTE: The fix applied for #869727 included the change for upstream issue 545, cf.
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/546#issuecomment-313968413
CVE-2017-12427 (The ProcessMSLScript function in coders/msl.c in ImageMagick before 6. ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870525)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/636
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/841f7b27dc88c685c61252d59b7e20e94c982456
CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17. ...)
	- gitlab 9.5.4+dfsg-7 (bug #872190; unimportant)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
	NOTE: The fix for git for CVE-2017-1000117 mitgates the issue in gitlab itself.
	NOTE: The CVE is for the issue when importing a project via crafted SSH URLs,
	NOTE: which becomes ineffective with a fixed git version itself.
CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...)
	- shadow 1:4.5-1 (bug #756630)
	[stretch] - shadow <no-dsa> (Minor issue)
	[jessie] - shadow <no-dsa> (Minor issue)
	[wheezy] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
	NOTE: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 (4.5)
CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authen ...)
	NOT-FOR-US: NetApp
CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3 ...)
	NOT-FOR-US: NetApp
CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authen ...)
	NOT-FOR-US: NetApp
CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp Cluster ...)
	NOT-FOR-US: NetApp
CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on MySQL/M ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
	NOTE: https://mantisbt.org/bugs/view.php?id=23173
CVE-2017-12418 (ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM  ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872498)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/643
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/46382526a3f09cebf9f2af680fc55b2a668fcbef
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bfd93888beccf2eff49cc9abfa6b5167c9c9109d
CVE-2017-12417
	RESERVED
CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x be ...)
	NOT-FOR-US: OXID eShop
CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption a ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untr ...)
	NOT-FOR-US: Format Factory
CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin ...)
	NOT-FOR-US: AXIS 2100 devices
CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent at ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12411
	RESERVED
CVE-2017-12410 (It is possible to exploit a Time of Check &amp; Time of Use (TOCTOU) v ...)
	NOT-FOR-US: Kaseya Virtual System Administrator agent
CVE-2017-12409
	RESERVED
CVE-2017-12408
	RESERVED
CVE-2017-12407
	RESERVED
CVE-2017-12406
	RESERVED
CVE-2017-12405
	RESERVED
CVE-2017-12404
	RESERVED
CVE-2017-12403
	RESERVED
CVE-2017-12402
	RESERVED
CVE-2017-12401
	RESERVED
CVE-2017-12400
	RESERVED
CVE-2017-12399
	RESERVED
CVE-2017-12398
	RESERVED
CVE-2017-12397
	RESERVED
CVE-2017-12396
	RESERVED
CVE-2017-12395
	RESERVED
CVE-2017-12394
	RESERVED
CVE-2017-12393
	RESERVED
CVE-2017-12392
	RESERVED
CVE-2017-12391
	RESERVED
CVE-2017-12390
	RESERVED
CVE-2017-12389
	RESERVED
CVE-2017-12388
	RESERVED
CVE-2017-12387
	RESERVED
CVE-2017-12386
	RESERVED
CVE-2017-12385
	RESERVED
CVE-2017-12384
	RESERVED
CVE-2017-12383
	RESERVED
CVE-2017-12382
	RESERVED
CVE-2017-12381
	RESERVED
CVE-2017-12380 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11945
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897
CVE-2017-12379 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11944
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b
CVE-2017-12378 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11946
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0cf813f835e48ab0f94dd54200ceba0dc25fa1c4
CVE-2017-12377 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11943
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/e887f113242ffcb0ea8735c3f567c6be77f382d6
CVE-2017-12376 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11942
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb
CVE-2017-12375 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11940
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209
CVE-2017-12374 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11939
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326
CVE-2017-12373 (A vulnerability in the TLS protocol implementation of legacy Cisco ASA ...)
	NOT-FOR-US: Cisco
CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...)
	NOT-FOR-US: Cisco
CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...)
	NOT-FOR-US: Cisco
CVE-2017-12370 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...)
	NOT-FOR-US: Cisco
CVE-2017-12369 (A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" e ...)
	NOT-FOR-US: Cisco
CVE-2017-12368 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...)
	NOT-FOR-US: Cisco
CVE-2017-12367 (A "Cisco WebEx Network Recording Player Denial of Service Vulnerabilit ...)
	NOT-FOR-US: Cisco
CVE-2017-12366 (A vulnerability in Cisco WebEx Meeting Center could allow an unauthent ...)
	NOT-FOR-US: Cisco
CVE-2017-12365 (A vulnerability in Cisco WebEx Event Center could allow an authenticat ...)
	NOT-FOR-US: Cisco
CVE-2017-12364 (A SQL Injection vulnerability in the web framework of Cisco Prime Serv ...)
	NOT-FOR-US: Cisco
CVE-2017-12363 (A vulnerability in Cisco WebEx Meeting Server could allow an unauthent ...)
	NOT-FOR-US: Cisco
CVE-2017-12362 (A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could  ...)
	NOT-FOR-US: Cisco
CVE-2017-12361 (A vulnerability in Cisco Jabber for Windows could allow an unauthentic ...)
	NOT-FOR-US: Cisco
CVE-2017-12360 (A vulnerability in Cisco WebEx Network Recording Player for WebEx Reco ...)
	NOT-FOR-US: Cisco
CVE-2017-12359 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...)
	NOT-FOR-US: Cisco
CVE-2017-12358 (A vulnerability in the web-based management interface of Cisco Jabber  ...)
	NOT-FOR-US: Cisco
CVE-2017-12357 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-12356 (A vulnerability in the web-based management interface of Cisco Jabber  ...)
	NOT-FOR-US: Cisco
CVE-2017-12355 (A vulnerability in the Local Packet Transport Services (LPTS) ingress  ...)
	NOT-FOR-US: Cisco
CVE-2017-12354 (A vulnerability in the web-based interface of Cisco Secure Access Cont ...)
	NOT-FOR-US: Cisco
CVE-2017-12353 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...)
	NOT-FOR-US: Cisco
CVE-2017-12352 (A vulnerability in certain system script files that are installed at b ...)
	NOT-FOR-US: Cisco
CVE-2017-12351 (A vulnerability in the guest shell feature of Cisco NX-OS System Softw ...)
	NOT-FOR-US: Cisco
CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 an ...)
	NOT-FOR-US: Cisco
CVE-2017-12349 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2017-12348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2017-12347 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...)
	NOT-FOR-US: Cisco
CVE-2017-12346 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...)
	NOT-FOR-US: Cisco
CVE-2017-12345 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...)
	NOT-FOR-US: Cisco
CVE-2017-12344 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...)
	NOT-FOR-US: Cisco
CVE-2017-12343 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...)
	NOT-FOR-US: Cisco
CVE-2017-12342 (A vulnerability in the Open Agent Container (OAC) feature of Cisco Nex ...)
	NOT-FOR-US: Cisco
CVE-2017-12341 (A vulnerability in the CLI of Cisco NX-OS System Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-12340 (A vulnerability in Cisco NX-OS System Software running on Cisco MDS Mu ...)
	NOT-FOR-US: Cisco
CVE-2017-12339 (A vulnerability in the CLI of Cisco NX-OS System Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-12338 (A vulnerability in the CLI of Cisco NX-OS System Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration produc ...)
	NOT-FOR-US: Cisco
CVE-2017-12336 (A vulnerability in the TCL scripting subsystem of Cisco NX-OS System S ...)
	NOT-FOR-US: Cisco
CVE-2017-12335 (A vulnerability in the CLI of Cisco NX-OS System Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-12334 (A vulnerability in the CLI of Cisco NX-OS System Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-12333 (A vulnerability in Cisco NX-OS System Software could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2017-12332 (A vulnerability in Cisco NX-OS System Software patch installation coul ...)
	NOT-FOR-US: Cisco
CVE-2017-12331 (A vulnerability in Cisco NX-OS System Software could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2017-12330 (A vulnerability in the CLI of Cisco NX-OS System Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-12329 (A vulnerability in the CLI of Cisco Firepower Extensible Operating Sys ...)
	NOT-FOR-US: Cisco
CVE-2017-12328 (A vulnerability in Session Initiation Protocol (SIP) call handling in  ...)
	NOT-FOR-US: Cisco
CVE-2017-12327
	RESERVED
CVE-2017-12326
	RESERVED
CVE-2017-12325
	RESERVED
CVE-2017-12324
	RESERVED
CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet  ...)
	NOT-FOR-US: Cisco
CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...)
	NOT-FOR-US: Cisco
CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...)
	NOT-FOR-US: Cisco
CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco Identity Servi ...)
	NOT-FOR-US: Cisco
CVE-2017-12315 (A vulnerability in system logging when replication is being configured ...)
	NOT-FOR-US: Cisco
CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility could al ...)
	NOT-FOR-US: Cisco
CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in the Cis ...)
	NOT-FOR-US: Cisco
CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server  ...)
	NOT-FOR-US: Cisco
CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark Hybrid Cale ...)
	NOT-FOR-US: Cisco
CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allo ...)
	NOT-FOR-US: Cisco
CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business Managed S ...)
	NOT-FOR-US: Cisco
CVE-2017-12307 (A vulnerability in the web framework of Cisco Small Business Managed S ...)
	NOT-FOR-US: Cisco
CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allo ...)
	NOT-FOR-US: Cisco
CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series c ...)
	NOT-FOR-US: Cisco
CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management interfac ...)
	NOT-FOR-US: Cisco
CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file filterin ...)
	NOT-FOR-US: Cisco
CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager SQL databa ...)
	NOT-FOR-US: Cisco
CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...)
	NOT-FOR-US: Cisco
CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco Firepower Syste ...)
	NOT-FOR-US: Cisco
CVE-2017-12299 (A vulnerability exists in the process of creating default IP blocks du ...)
	NOT-FOR-US: Cisco
CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an unauthent ...)
	NOT-FOR-US: Cisco
CVE-2017-12297 (A vulnerability in Cisco WebEx Meeting Center could allow an authentic ...)
	NOT-FOR-US: Cisco
CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco Registered  ...)
	NOT-FOR-US: Cisco
CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec fe ...)
	NOT-FOR-US: Cisco
CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-12287 (A vulnerability in the cluster database (CDB) management component of  ...)
	NOT-FOR-US: Cisco
CVE-2017-12286 (A vulnerability in the web interface of Cisco Jabber could allow an au ...)
	NOT-FOR-US: Cisco
CVE-2017-12285 (A vulnerability in the web interface of Cisco Network Analysis Module  ...)
	NOT-FOR-US: Cisco
CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Clien ...)
	NOT-FOR-US: Cisco
CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...)
	NOT-FOR-US: Cisco
CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress fr ...)
	NOT-FOR-US: Cisco
CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible Authenti ...)
	NOT-FOR-US: Cisco
CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software fo ...)
	NOT-FOR-US: Cisco
CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco Fi ...)
	NOT-FOR-US: Cisco
CVE-2017-12276 (A vulnerability in the web framework code for the SQL database interfa ...)
	NOT-FOR-US: Cisco
CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set (BS ...)
	NOT-FOR-US: Cisco
CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress fr ...)
	NOT-FOR-US: Cisco
CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...)
	NOT-FOR-US: Cisco
CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...)
	NOT-FOR-US: Cisco
CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allo ...)
	NOT-FOR-US: Cisco
CVE-2017-12270 (A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Ne ...)
	NOT-FOR-US: Cisco
CVE-2017-12269 (A vulnerability in the web UI of Cisco Spark Messaging Software could  ...)
	NOT-FOR-US: Cisco
CVE-2017-12268 (A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnec ...)
	NOT-FOR-US: Cisco
CVE-2017-12267 (A vulnerability in the Independent Computing Architecture (ICA) accele ...)
	NOT-FOR-US: Cisco
CVE-2017-12266 (A vulnerability in the routine that loads DLL files in Cisco Meeting A ...)
	NOT-FOR-US: Cisco
CVE-2017-12265 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
	NOT-FOR-US: Cisco
CVE-2017-12264 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...)
	NOT-FOR-US: Cisco
CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...)
	NOT-FOR-US: Cisco
CVE-2017-12262 (A vulnerability within the firewall configuration of the Cisco Applica ...)
	NOT-FOR-US: Cisco
CVE-2017-12261 (A vulnerability in the restricted shell of the Cisco Identity Services ...)
	NOT-FOR-US: Cisco
CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ( ...)
	NOT-FOR-US: Cisco
CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ( ...)
	NOT-FOR-US: Cisco
CVE-2017-12258 (A vulnerability in the web-based UI of Cisco Unified Communications Ma ...)
	NOT-FOR-US: Cisco
CVE-2017-12257 (A vulnerability in the web framework of Cisco WebEx Meetings Server co ...)
	NOT-FOR-US: Cisco
CVE-2017-12256 (A vulnerability in the Akamai Connect feature of Cisco Wide Area Appli ...)
	NOT-FOR-US: Cisco
CVE-2017-12255 (A vulnerability in the CLI of Cisco UCS Central Software could allow a ...)
	NOT-FOR-US: Cisco
CVE-2017-12254 (A vulnerability in the web interface of Cisco Unified Intelligence Cen ...)
	NOT-FOR-US: Cisco
CVE-2017-12253 (A vulnerability in the Cisco Unified Intelligence Center could allow a ...)
	NOT-FOR-US: Cisco
CVE-2017-12252 (A vulnerability in the Cisco FindIT Network Discovery Utility could al ...)
	NOT-FOR-US: Cisco
CVE-2017-12251 (A vulnerability in the web console of the Cisco Cloud Services Platfor ...)
	NOT-FOR-US: Cisco
CVE-2017-12250 (A vulnerability in the HTTP web interface for Cisco Wide Area Applicat ...)
	NOT-FOR-US: Cisco
CVE-2017-12249 (A vulnerability in the Traversal Using Relay NAT (TURN) server include ...)
	NOT-FOR-US: Cisco Meeting Server
CVE-2017-12248 (A vulnerability in the web framework code of Cisco Unified Intelligenc ...)
	NOT-FOR-US: Cisco
CVE-2017-12247
	RESERVED
CVE-2017-12246 (A vulnerability in the implementation of the direct authentication fea ...)
	NOT-FOR-US: Cisco
CVE-2017-12245 (A vulnerability in SSL traffic decryption for Cisco Firepower Threat D ...)
	NOT-FOR-US: Cisco
CVE-2017-12244 (A vulnerability in the detection engine parsing of IPv6 packets for Ci ...)
	NOT-FOR-US: Cisco
CVE-2017-12243 (A vulnerability in the Cisco Unified Computing System (UCS) Manager, C ...)
	NOT-FOR-US: Cisco
CVE-2017-12242
	RESERVED
CVE-2017-12241
	RESERVED
CVE-2017-12240 (The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2017-12239 (A vulnerability in motherboard console ports of line cards for Cisco A ...)
	NOT-FOR-US: Cisco
CVE-2017-12238 (A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2017-12237 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module  ...)
	NOT-FOR-US: Cisco
CVE-2017-12236 (A vulnerability in the implementation of the Locator/ID Separation Pro ...)
	NOT-FOR-US: Cisco
CVE-2017-12235 (A vulnerability in the implementation of the PROFINET Discovery and Co ...)
	NOT-FOR-US: Cisco
CVE-2017-12234 (Multiple vulnerabilities in the implementation of the Common Industria ...)
	NOT-FOR-US: Cisco
CVE-2017-12233 (Multiple vulnerabilities in the implementation of the Common Industria ...)
	NOT-FOR-US: Cisco
CVE-2017-12232 (A vulnerability in the implementation of a protocol in Cisco Integrate ...)
	NOT-FOR-US: Cisco
CVE-2017-12231 (A vulnerability in the implementation of Network Address Translation ( ...)
	NOT-FOR-US: Cisco
CVE-2017-12230 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2017-12229 (A vulnerability in the REST API of the web-based user interface (web U ...)
	NOT-FOR-US: Cisco
CVE-2017-12228 (A vulnerability in the Cisco Network Plug and Play application of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2017-12227 (A vulnerability in the SQL database interface for Cisco Emergency Resp ...)
	NOT-FOR-US: Cisco
CVE-2017-12226 (A vulnerability in the web-based Wireless Controller GUI of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2017-12225 (A vulnerability in the web functionality of the Cisco Prime LAN Manage ...)
	NOT-FOR-US: Cisco
CVE-2017-12224 (A vulnerability in the ability for guest users to join meetings via a  ...)
	NOT-FOR-US: Cisco
CVE-2017-12223 (A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integr ...)
	NOT-FOR-US: Cisco
CVE-2017-12222 (A vulnerability in the wireless controller manager of Cisco IOS XE cou ...)
	NOT-FOR-US: Cisco
CVE-2017-12221 (A vulnerability in the web framework of Cisco Firepower Management Cen ...)
	NOT-FOR-US: Cisco
CVE-2017-12220 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2017-12219 (A vulnerability in the handling of IP fragments for the Cisco Small Bu ...)
	NOT-FOR-US: Cisco
CVE-2017-12218 (A vulnerability in the malware detection functionality within Advanced ...)
	NOT-FOR-US: Cisco
CVE-2017-12217 (A vulnerability in the General Packet Radio Service (GPRS) Tunneling P ...)
	NOT-FOR-US: Cisco
CVE-2017-12216 (A vulnerability in the web-based user interface of Cisco SocialMiner c ...)
	NOT-FOR-US: Cisco
CVE-2017-12215 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2017-12214 (A vulnerability in the Operations, Administration, Maintenance, and Pr ...)
	NOT-FOR-US: Cisco
CVE-2017-12213 (A vulnerability in the dynamic access control list (ACL) feature of Ci ...)
	NOT-FOR-US: Cisco
CVE-2017-12212 (A vulnerability in the web framework of Cisco Unity Connection could a ...)
	NOT-FOR-US: Cisco
CVE-2017-12211 (A vulnerability in the IPv6 Simple Network Management Protocol (SNMP)  ...)
	NOT-FOR-US: Cisco
CVE-2017-12210
	RESERVED
CVE-2017-12209
	RESERVED
CVE-2017-12208
	RESERVED
CVE-2017-12207
	RESERVED
CVE-2017-12206
	RESERVED
CVE-2017-12205
	RESERVED
CVE-2017-12204
	RESERVED
CVE-2017-12203
	RESERVED
CVE-2017-12202
	RESERVED
CVE-2017-12201
	RESERVED
CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1 ...)
	{DSA-3924-1}
	- varnish 5.0.0-7.1 (bug #870467)
	[wheezy] - varnish <not-affected> (code path is not exposed to clients)
	NOTE: https://www.varnish-cache.org/security/VSV00001.html#vsv00001
	NOTE: https://github.com/varnishcache/varnish-cache/issues/2379
	NOTE: https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e
CVE-2017-12200 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQ ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12198
	RESERVED
CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly va ...)
	{DSA-4025-1 DLA-1165-1}
	- libpam4j 1.4-3 (bug #879001)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
	NOTE: https://github.com/kohsuke/libpam4j/issues/18
	NOTE: (Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was fou ...)
	- undertow 1.4.25-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
	NOTE: See also https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
CVE-2017-12195 (A flaw was found in all Openshift Enterprise versions using the opensh ...)
	NOT-FOR-US: OpenShift
CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages se ...)
	- spice-gtk 0.35-1 (bug #898503)
	[stretch] - spice-gtk <no-dsa> (Minor issue)
	[jessie] - spice-gtk <no-dsa> (Minor issue)
	[wheezy] - spice-gtk <not-affected> (Vulnerable code is not in any binary package, only in the source package)
	NOTE: Proposed patches in: https://bugzilla.redhat.com/show_bug.cgi?id=1240165
	NOTE: Although not present in the binary packages the (de)marshal.py are used to
	NOTE: generate repsecitve code which should be in libspice-common-client.
CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array. ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7)
	NOTE: Introduced by: https://git.kernel.org/linus/3cb989501c2688cacbb7dc4b0d353faf838f53a1 (3.13-rc1)
CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key Mana ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
CVE-2017-12191 (A flaw was found in the CloudForms account configuration when using VM ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in th ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
CVE-2017-12189 (It was discovered that the jboss init script as used in Red Hat JBoss  ...)
	NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested vir ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380
	NOTE: https://www.spinics.net/lists/kvm/msg156651.html
CVE-2017-12187 (xorg-x11-server before 1.19.5 was missing length validation in RENDER  ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12186 (xorg-x11-server before 1.19.5 was missing length validation in X-Resou ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.5-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12185 (xorg-x11-server before 1.19.5 was missing length validation in MIT-SCR ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12184 (xorg-x11-server before 1.19.5 was missing length validation in XINERAM ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12183 (xorg-x11-server before 1.19.5 was missing length validation in XFIXES  ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5
CVE-2017-12182 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12181 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.5-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12180 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12179 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.5-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
CVE-2017-12178 (xorg-x11-server before 1.19.5 had wrong extra length check in ProcXICh ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821
CVE-2017-12177 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in Pr ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831
CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validation in P ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81
CVE-2017-12175 (Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule  ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2017-12174 (It was found that when Artemis and HornetQ before 2.4.0 are configured ...)
	NOT-FOR-US: Artemis and HornetQ
CVE-2017-12173 (It was found that sssd's sysdb_search_user_by_upn_res() function befor ...)
	- sssd 1.15.3-2 (bug #877885)
	[stretch] - sssd 1.15.0-3+deb9u1
	[jessie] - sssd <not-affected> (Vulnerable code introduced later)
	[wheezy] - sssd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1498173
	NOTE: Fixed by: https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835
	NOTE: Introduced by https://pagure.io/SSSD/sssd/c/7ecb5aea65cb1899f16e7a41bffa93d074defd4a (sssd-1_12_0)
CVE-2017-12172 (PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10,  ...)
	- postgresql-10 10.1-1 (unimportant)
	- postgresql-9.6 <removed> (unimportant)
	[stretch] - postgresql-9.6 9.6.6-0+deb9u1
	- postgresql-9.4 <removed> (unimportant)
	[jessie] - postgresql-9.4 9.4.15-0+deb8u1
	- postgresql-9.1 <removed> (unimportant)
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not installed)
	NOTE: Issue in sample init-scirpt as provided by postgresql project, but not installed
CVE-2017-12171 (A regression was found in the Red Hat Enterprise Linux 6.9 version of  ...)
	- apache2 <not-affected> (Introduced by Red Hat RHEL 6.9 specific non-security patch)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1493056
CVE-2017-12170 (Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vuln ...)
	- pure-ftpd <not-affected> (Fedora specific packaging error)
CVE-2017-12169 (It was found that FreeIPA 4.2.0 and later could disclose password hash ...)
	- freeipa <unfixed> (unimportant; bug #895950)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1487697
	NOTE: Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=1331008
	NOTE: Negligible security impact
CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Lin ...)
	- linux 4.8.11-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/9e3f7a29694049edd728e2400ab57ad7553e5aa9 (4.9-rc6)
CVE-2017-12167 (It was found in EAP 7 before 7.0.9 that properties based files of the  ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...)
	- openvpn 2.4.4-1 (bug #877089)
	[stretch] - openvpn <no-dsa> (Minor issue)
	[jessie] - openvpn <no-dsa> (Minor issue)
	[wheezy] - openvpn <no-dsa> (Minor issue)
	NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/28/2
	NOTE: https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master)
	NOTE: https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4)
	NOTE: https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3)
	NOTE: https://community.openvpn.net/openvpn/changeset/a9f5c744d6b09f2495ca48d2c926efd3a4b981e6/ (release/2.2)
CVE-2017-12165 (It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 proces ...)
	- undertow 2.0.23-1 (bug #885338)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301
	NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559
	NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
CVE-2017-12164 (A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer se ...)
	- gdm3 3.26.0-1
	[stretch] - gdm3 <not-affected> (Vulnerable code not present)
	[jessie] - gdm3 <not-affected> (Vulnerable code not present)
	[wheezy] - gdm3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490417
	NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28
CVE-2017-12163 (An information leak flaw was found in the way SMB1 protocol was implem ...)
	{DSA-3983-1 DLA-1110-1}
	- samba 2:4.6.7+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html
CVE-2017-12162
	RESERVED
CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit misuse of a ...)
	NOT-FOR-US: Keycloak
CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated resourc ...)
	NOT-FOR-US: Keycloak
CVE-2017-12159 (It was found that the cookie used for CSRF prevention in Keycloak was  ...)
	NOT-FOR-US: Keycloak
CVE-2017-12158 (It was found that Keycloak would accept a HOST header URL in the admin ...)
	NOT-FOR-US: Keycloak
CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view details a ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=358586
CVE-2017-12156 (Moodle 3.x has XSS in the contact form on the "non-respondents" page i ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=358585
CVE-2017-12155 (A resource-permission flaw was found in the openstack-tripleo-heat-tem ...)
	- tripleo-heat-templates <removed> (bug #900176)
	NOTE: https://bugs.launchpad.net/tripleo/+bug/1720787
CVE-2017-12154 (The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel  ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1)
	NOTE: https://www.spinics.net/lists/kvm/msg155414.html
CVE-2017-12153 (A security flaw was discovered in the nl80211_set_rekey_data() functio ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: https://marc.info/?t=150525503100001&r=1&w=2
	NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
CVE-2017-12152
	RESERVED
CVE-2017-12151 (A flaw was found in the way samba client before samba 4.4.16, samba 4. ...)
	{DSA-3983-1}
	- samba 2:4.6.7+dfsg-2
	[wheezy] - samba <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html
CVE-2017-12150 (It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x  ...)
	{DSA-3983-1 DLA-1110-1}
	- samba 2:4.6.7+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise Applica ...)
	- jbossas4 <removed>
	[wheezy] - jbossas4 <end-of-life> (incomplete packaging, 4.x series released more than nine years ago.)
CVE-2017-12148 (A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 w ...)
	NOT-FOR-US: Ansible Tower
CVE-2017-12147
	RESERVED
CVE-2017-12146 (The driver_override implementation in drivers/base/platform.c in the L ...)
	- linux 4.11.11-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/6265539776a0810b7ce6398c27866ddb9c6bd154 (v4.13-rc1)
CVE-2017-12145 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
	- libquicktime <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the function TNEFFi ...)
	- libytnef 1.9.3-1 (bug #870817)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/51
	NOTE: https://github.com/ohwgiles/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0
CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
	- libquicktime <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found in the  ...)
	- libytnef 1.9.3-1 (low; bug #870816)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/49
	NOTE: https://github.com/Yeraze/ytnef/commit/35dc50190aac54947bafb3d84ab7727e940c6236
CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found i ...)
	- libytnef 1.9.3-1 (low; bug #870815)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c
CVE-2017-12139 (XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing ...)
	NOT-FOR-US: XOOPS
CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /mo ...)
	NOT-FOR-US: XOOPS
CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS pr ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-227.html
CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x allo ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <not-affected> (Only affects 4.6 and later)
	[wheezy] - xen <not-affected> (Only affects 4.6 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-228.html
CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) o ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xe ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.12-1
	NOTE: https://xenbits.xen.org/xsa/advisory-229.html
	NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6)
CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sunrpc/cl ...)
	- glibc 2.24-15 (bug #870648)
	[stretch] - glibc 2.24-11+deb9u2
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: issue introduced by fix for CVE-2016-4429
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21115
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491
CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...)
	[experimental] - glibc 2.25-0experimental1
	- glibc 2.25-1 (bug #870650)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21361
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25
	NOTE: https://arxiv.org/pdf/1205.4011.pdf
CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/se ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ti ...)
	NOT-FOR-US: tinysvcmdns
CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2017-12128 (An exploitable information disclosure vulnerability exists in the Serv ...)
	NOT-FOR-US: Moxa
CVE-2017-12127 (A password storage vulnerability exists in the operating system functi ...)
	NOT-FOR-US: Moxa
CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists in the  ...)
	NOT-FOR-US: Moxa
CVE-2017-12125 (An exploitable command injection vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-12124 (An exploitable denial of service vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-12123 (An exploitable clear text transmission of password vulnerability exist ...)
	NOT-FOR-US: Moxa
CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image r ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
	NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09
	NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665
CVE-2017-12121 (An exploitable command injection vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-12120 (An exploitable command injection vulnerability exists in the web serve ...)
	NOT-FOR-US: Moxa
CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in multiple AP ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12118 (An exploitable improper authorization vulnerability exists in miner_st ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12117 (An exploitable improper authorization vulnerability exists in miner_st ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12116 (An exploitable improper authorization vulnerability exists in miner_se ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12115 (An exploitable improper authorization vulnerability exists in miner_se ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12114 (An exploitable improper authorization vulnerability exists in admin_pe ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12113 (An exploitable improper authorization vulnerability exists in admin_no ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12112 (An exploitable improper authorization vulnerability exists in admin_ad ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell f ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the xls_append ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the xls_prepar ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461
CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the xls_prepar ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460
CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing function ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing functiona ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ope ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ope ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ope ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ope ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
CVE-2017-12101 (An exploitable integer overflow exists in the 'modifier_mdef_compact_i ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' f ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy Me ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451
CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the  ...)
	- ruby-rails-admin <removed> (bug #900178)
	[stretch] - ruby-rails-admin <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450
	NOTE: https://github.com/sferik/rails_admin/issues/2985
	NOTE: https://github.com/sferik/rails_admin/commit/44f09ed72b5e0e917a5d61bd89c48d97c494b41c
CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists in the  ...)
	NOT-FOR-US: delayed_job_web rails gem
CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle w ...)
	NOT-FOR-US: Circle of Disney
CVE-2017-12095 (An exploitable vulnerability exists in the WiFi Access Point feature o ...)
	NOT-FOR-US: Circle of Disney
CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of Cir ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12093 (An exploitable insufficient resource pool vulnerability exists in the  ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12092 (An exploitable file write vulnerability exists in the memory module fu ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12091
	REJECTED
CVE-2017-12090 (An exploitable denial of service vulnerability exists in the processin ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12089 (An exploitable denial of service vulnerability exists in the program d ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12088 (An exploitable denial of service vulnerability exists in the Ethernet  ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvcmdns l ...)
	- shairport-sync 3.1.4-1 (unimportant; bug #882508)
	NOTE: Debian build uses Avahi instead
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
CVE-2017-12086 (An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_t ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438
CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney  ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of Cir ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh loadin ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433
CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration fi ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-12079 (Files or directories accessible to external parties vulnerability in p ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-12078 (Command injection vulnerability in EZ-Internet in Synology Router Mana ...)
	NOT-FOR-US: Synology
CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwa ...)
	NOT-FOR-US: Synology
CVE-2017-12076 (Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwa ...)
	NOT-FOR-US: Synology
CVE-2017-12075 (Command injection vulnerability in EZ-Internet in Synology DiskStation ...)
	NOT-FOR-US: Synology
CVE-2017-12074 (Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZon ...)
	NOT-FOR-US: Synology
CVE-2017-12073
	RESERVED
CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in  ...)
	NOT-FOR-US: Synology
CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
	NOT-FOR-US: Synology
CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC Foundation may be ...)
	NOT-FOR-US: OPC Foundation
CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET Sam ...)
	NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array pa ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubi ...)
	- potrace 1.15-1 (unimportant; bug #870356)
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
	NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/
	NOTE: Crash only in CLI tool mkbitmap, negligible security impact
CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...)
	- cacti 1.1.16+ds1-1 (bug #870354)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
	NOTE: https://github.com/Cacti/cacti/issues/877
CVE-2017-12065 (spikekill.php in Cacti before 1.1.16 might allow remote attackers to e ...)
	- cacti 1.1.16+ds1-1 (bug #870353)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
	NOTE: https://github.com/Cacti/cacti/issues/877
CVE-2017-12064 (The csv_log_html function in library/edihistory/edih_csv_inc.php in Op ...)
	NOT-FOR-US: OpenEMR
CVE-2017-12063
	RESERVED
CVE-2017-12062 (An XSS issue was discovered in manage_user_page.php in MantisBT 2.x be ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
CVE-2017-12061 (An XSS issue was discovered in admin/install.php in MantisBT before 1. ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
CVE-2017-12060
	RESERVED
CVE-2017-12059
	RESERVED
CVE-2017-12058
	RESERVED
CVE-2017-12057
	RESERVED
CVE-2017-12056
	RESERVED
CVE-2017-12055
	RESERVED
CVE-2017-12054
	RESERVED
CVE-2017-12053
	RESERVED
CVE-2017-12052
	RESERVED
CVE-2017-12051
	RESERVED
CVE-2017-12050
	RESERVED
CVE-2017-12049
	RESERVED
CVE-2017-12048
	RESERVED
CVE-2017-12047
	RESERVED
CVE-2017-12046
	RESERVED
CVE-2017-12045
	RESERVED
CVE-2017-12044
	RESERVED
CVE-2017-12043
	RESERVED
CVE-2017-12042
	RESERVED
CVE-2017-12041
	RESERVED
CVE-2017-12040
	RESERVED
CVE-2017-12039
	RESERVED
CVE-2017-12038
	RESERVED
CVE-2017-12037
	RESERVED
CVE-2017-12036
	RESERVED
CVE-2017-12035
	RESERVED
CVE-2017-12034
	RESERVED
CVE-2017-12033
	RESERVED
CVE-2017-12032
	RESERVED
CVE-2017-12031
	RESERVED
CVE-2017-12030
	RESERVED
CVE-2017-12029
	RESERVED
CVE-2017-12028
	RESERVED
CVE-2017-12027
	RESERVED
CVE-2017-12026
	RESERVED
CVE-2017-12025
	RESERVED
CVE-2017-12024
	RESERVED
CVE-2017-12023
	RESERVED
CVE-2017-12022
	RESERVED
CVE-2017-12021
	RESERVED
CVE-2017-12020
	RESERVED
CVE-2017-12019
	RESERVED
CVE-2017-12018
	RESERVED
CVE-2017-12017
	RESERVED
CVE-2017-12016
	RESERVED
CVE-2017-12015
	RESERVED
CVE-2017-12014
	RESERVED
CVE-2017-12013
	RESERVED
CVE-2017-12012
	RESERVED
CVE-2017-12011
	RESERVED
CVE-2017-12010
	RESERVED
CVE-2017-12009
	RESERVED
CVE-2017-12008
	RESERVED
CVE-2017-12007
	RESERVED
CVE-2017-12006
	RESERVED
CVE-2017-12005
	RESERVED
CVE-2017-12004
	RESERVED
CVE-2017-12003
	RESERVED
CVE-2017-12002
	RESERVED
CVE-2017-12001
	RESERVED
CVE-2017-12000
	RESERVED
CVE-2017-11999
	RESERVED
CVE-2017-11998
	RESERVED
CVE-2017-11997
	RESERVED
CVE-2017-11996
	RESERVED
CVE-2017-11995
	RESERVED
CVE-2017-11994
	RESERVED
CVE-2017-11993
	RESERVED
CVE-2017-11992
	RESERVED
CVE-2017-11991
	RESERVED
CVE-2017-11990
	RESERVED
CVE-2017-11989
	RESERVED
CVE-2017-11988
	RESERVED
CVE-2017-11987
	RESERVED
CVE-2017-11986
	RESERVED
CVE-2017-11985
	RESERVED
CVE-2017-11984
	RESERVED
CVE-2017-11983
	RESERVED
CVE-2017-11982
	RESERVED
CVE-2017-11981
	RESERVED
CVE-2017-11980
	RESERVED
CVE-2017-11979
	RESERVED
CVE-2017-11978
	RESERVED
CVE-2017-11977
	RESERVED
CVE-2017-11976
	RESERVED
CVE-2017-11975
	RESERVED
CVE-2017-11974
	RESERVED
CVE-2017-11973
	RESERVED
CVE-2017-11972
	RESERVED
CVE-2017-11971
	RESERVED
CVE-2017-11970
	RESERVED
CVE-2017-11969
	RESERVED
CVE-2017-11968
	RESERVED
CVE-2017-11967
	RESERVED
CVE-2017-11966
	RESERVED
CVE-2017-11965
	RESERVED
CVE-2017-11964
	RESERVED
CVE-2017-11963
	RESERVED
CVE-2017-11962
	RESERVED
CVE-2017-11961
	RESERVED
CVE-2017-11960
	RESERVED
CVE-2017-11959
	RESERVED
CVE-2017-11958
	RESERVED
CVE-2017-11957
	RESERVED
CVE-2017-11956
	RESERVED
CVE-2017-11955
	RESERVED
CVE-2017-11954
	RESERVED
CVE-2017-11953
	RESERVED
CVE-2017-11952
	RESERVED
CVE-2017-11951
	RESERVED
CVE-2017-11950
	RESERVED
CVE-2017-11949
	RESERVED
CVE-2017-11948
	RESERVED
CVE-2017-11947
	RESERVED
CVE-2017-11946
	RESERVED
CVE-2017-11945
	RESERVED
CVE-2017-11944
	RESERVED
CVE-2017-11943
	RESERVED
CVE-2017-11942
	RESERVED
CVE-2017-11941
	RESERVED
CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-11939 (Microsoft Office 2016 Click-to-Run (C2R) allows an information disclos ...)
	NOT-FOR-US: Microsoft
CVE-2017-11938
	RESERVED
CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-11936 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2017-11935 (Microsoft Office 2016 Click-to-Run (C2R) allows a remote code executio ...)
	NOT-FOR-US: Microsoft
CVE-2017-11934 (Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11933
	RESERVED
CVE-2017-11932 (Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11931
	RESERVED
CVE-2017-11930 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11929
	RESERVED
CVE-2017-11928
	RESERVED
CVE-2017-11927 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11926
	RESERVED
CVE-2017-11925
	RESERVED
CVE-2017-11924
	RESERVED
CVE-2017-11923
	RESERVED
CVE-2017-11922
	RESERVED
CVE-2017-11921
	RESERVED
CVE-2017-11920
	RESERVED
CVE-2017-11919 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11918 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11917
	RESERVED
CVE-2017-11916 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11915
	RESERVED
CVE-2017-11914 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11913 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11912 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11911 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2 ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11910 (ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Se ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11909 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2 ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11908 (ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11907 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11906 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11905 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11904
	RESERVED
CVE-2017-11903 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11902
	RESERVED
CVE-2017-11901 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11900
	RESERVED
CVE-2017-11899 (Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11898
	RESERVED
CVE-2017-11897
	RESERVED
CVE-2017-11896
	RESERVED
CVE-2017-11895 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11894 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11893 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11892
	RESERVED
CVE-2017-11891
	RESERVED
CVE-2017-11890 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11889 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11888 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft Edge
CVE-2017-11887 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11886 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11885 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbi ...)
	NOT-FOR-US: Microsoft
CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remot ...)
	NOT-FOR-US: .NET core
CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pa ...)
	NOT-FOR-US: Microsoft
CVE-2017-11881
	RESERVED
CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session informatio ...)
	NOT-FOR-US: Microsoft
CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...)
	NOT-FOR-US: Microsoft
CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...)
	NOT-FOR-US: Microsoft
CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11875
	RESERVED
CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ver ...)
	NOT-FOR-US: Microsoft
CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11868
	RESERVED
CVE-2017-11867
	RESERVED
CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11865
	RESERVED
CVE-2017-11864
	RESERVED
CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, v ...)
	NOT-FOR-US: Microsoft
CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-11860
	RESERVED
CVE-2017-11859
	RESERVED
CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11857
	RESERVED
CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 a ...)
	NOT-FOR-US: Microsoft
CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 160 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege vulnerability wh ...)
	NOT-FOR-US: Microsoft
CVE-2017-11828
	RESERVED
CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for ...)
	NOT-FOR-US: Microsoft
CVE-2017-11824 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11823 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, a ...)
	NOT-FOR-US: Microsoft
CVE-2017-11822 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11821 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...)
	NOT-FOR-US: Microsoft
CVE-2017-11820 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2017-11819 (Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code i ...)
	NOT-FOR-US: Microsoft
CVE-2017-11818 (The Microsoft Windows Storage component on Microsoft Windows 8.1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-11817 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11816 (The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-11815 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11814 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11813 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11812 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11811 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11810 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11809 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11808 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11807 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...)
	NOT-FOR-US: Microsoft
CVE-2017-11806 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...)
	NOT-FOR-US: Microsoft
CVE-2017-11805 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...)
	NOT-FOR-US: Microsoft
CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
	NOT-FOR-US: Microsoft
CVE-2017-11800 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11799 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11798 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-11797 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
	NOT-FOR-US: Microsoft
CVE-2017-11796 (ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-11795
	RESERVED
CVE-2017-11794 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...)
	NOT-FOR-US: Microsoft
CVE-2017-11793 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an at ...)
	NOT-FOR-US: Microsoft
CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11789
	RESERVED
CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-11787
	RESERVED
CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2 ...)
	NOT-FOR-US: Skype
CVE-2017-11785 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11784 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11783 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11782 (The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11781 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11780 (The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11779 (The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11778
	RESERVED
CVE-2017-11777 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2017-11776 (Microsoft Outlook 2016 allows an attacker to obtain the email content  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11775 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2017-11774 (Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11773
	RESERVED
CVE-2017-11772 (The Microsoft Windows Search component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11771 (The Microsoft Windows Search component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11770 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remot ...)
	NOT-FOR-US: .NET Core
CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 151 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the curr ...)
	NOT-FOR-US: Microsoft
CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-11765 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11764 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11763 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11762 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-11761 (Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allo ...)
	NOT-FOR-US: Microsoft
CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated  ...)
	NOT-FOR-US: ProjeQtOr
CVE-2017-11759
	RESERVED
CVE-2017-11758
	RESERVED
CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...)
	NOT-FOR-US: Actian Pervasive PSQL server
CVE-2017-XXXX [executes javascript code downloaded from insecure URL]
	- smplayer 17.7.0~ds0-1 (low; bug #870233)
	[stretch] - smplayer <no-dsa> (Minor issue)
	[jessie] - smplayer <no-dsa> (Minor issue)
	[wheezy] - smplayer <not-affected> (vulnerable code not present)
	NOTE: The version tracking here is not 100% since the vulnerable code still would
	NOTE: be present in the source. Users though need to explicitly rebuilt the package
	NOTE: changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is
	NOTE: disabled by default on upstream since 17.2.0
CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGIm ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870111)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/596
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGIm ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...)
	{DSA-4019-1 DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated u ...)
	NOT-FOR-US: Earcms
CVE-2017-11755 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/634
	NOTE: Possibly fixed by same commit as issue #631 upstream
CVE-2017-11754 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/633
	NOTE: ossibly fixed by same commit as issue #631 upstream
CVE-2017-11753 (The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7. ...)
	- imagemagick <not-affected> (Affects only ImageMagick-7; vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/629
CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870481)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/628
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/21d19d0c64ff070dbf37279432837bf425c0d5dd
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eccfd52199616da66c93b6d627d4d4126f5a5f0
CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870480)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/631
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb713211bad3fa4f0c535255fa043917482fc964
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323
CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 an ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870478)
	[stretch] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
	[jessie] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
	[wheezy] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/632
	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08
	NOTE: Introduced by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
	NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
	NOTE: Issue introduced by the original patch for https://github.com/ImageMagick/ImageMagick/issues/618
CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path ...)
	NOT-FOR-US: InternetSoft FTP Commander
CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hij ...)
	NOT-FOR-US: VIT Spider Player
CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...)
	{DLA-2163-1}
	- tinyproxy 1.10.0-1 (bug #870307)
	[stretch] - tinyproxy <no-dsa> (Minor issue)
	[wheezy] - tinyproxy <no-dsa> (Minor issue)
	NOTE: https://github.com/tinyproxy/tinyproxy/issues/106
CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a n ...)
	{DLA-1069-1}
	- tenshi 0.13-2.1 (unimportant; bug #871321)
	[stretch] - tenshi 0.13-2.1~deb9u1
	NOTE: https://github.com/inversepath/tenshi/issues/6
	NOTE: https://github.com/inversepath/tenshi/commit/d0e7f28c13ffbd5888b31d6532c2faf78f10f176
	NOTE: Negligible security impact
CVE-2017-11745
	RESERVED
CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and "name" parameters in the Syste ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-11743 (MEDHOST Connex contains a hard-coded Mirth Connect admin credential th ...)
	NOT-FOR-US: MEDHOST Connex
CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat i ...)
	- expat <not-affected> (Windows specfic issue)
CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) bef ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the adminis ...)
	NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...)
	NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid'  ...)
	NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
	- rspamd 1.7.6-1
	[jessie] - rspamd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/vstakhov/rspamd/issues/1738
	NOTE: https://github.com/rspamd/rspamd/pull/1739
CVE-2017-11736 (SQL injection vulnerability in core\admin\auto-modules\forms\process.p ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-11735
	REJECTED
CVE-2017-11734 (A heap-based buffer over-read was found in the function decompileCALLF ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/83
CVE-2017-11733 (A null pointer dereference vulnerability was found in the function sta ...)
	{DLA-1176-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/78
CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function d ...)
	{DLA-1240-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/80
CVE-2017-11731 (An invalid memory read vulnerability was found in the function OpCode  ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/84
CVE-2017-11730 (A heap-based buffer over-read was found in the function OpCode (called ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/81
CVE-2017-11729 (A heap-based buffer over-read was found in the function OpCode (called ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/79
CVE-2017-11728 (A heap-based buffer over-read was found in the function OpCode (called ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/82
CVE-2017-11727 (services/system_io/actionprocessor/Contact.rails in ConnectWise Manage ...)
	NOT-FOR-US: ConnectWise Manage
CVE-2017-11726 (services/system_io/actionprocessor/System.rails in ConnectWise Manage  ...)
	NOT-FOR-US: ConnectWise Manage
CVE-2017-11725 (The share function in Thycotic Secret Server before 10.2.000019 mishan ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2017-11723 (Directory traversal vulnerability in plugins/ImageManager/backend.php  ...)
	NOT-FOR-US: Xinha
CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9 ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870023)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/624
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c,  ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found i ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (bug #870014)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (bug #870012)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/362
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f86268752ffc70e40b6e1afdebfc96dcc29452db
CVE-2017-11722 (The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.26-4 (bug #870158)
	[jessie] - graphicsmagick <not-affected> (vulnerable code not present)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
CVE-2017-11721 (Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers  ...)
	{DSA-3948-1 DSA-3941-1}
	- ioquake3 1.36+u20170803+dfsg1-1 (bug #870725)
	[wheezy] - ioquake3 <end-of-life> (games are not supported in Wheezy)
	NOTE: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1
	- iortcw 1.51+dfsg1-3 (bug #870811)
	NOTE: https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934
	NOTE: Also affects openjk (only in experimental; fixed in 0~20170718+dfsg1-2
CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused by a  ...)
	- lame 3.99.5+repack1-6 (low; bug #870809; bug #777159)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: https://sourceforge.net/p/lame/bugs/460/
	NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg th ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	- libav <removed>
	[jessie] - libav <not-affected> (Issue only present in ffmpeg since 6f1ccca4)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92
	NOTE: Fixed in 3.2.7
CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl  ...)
	NOT-FOR-US: MetInfo
CVE-2017-11717 (MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 secon ...)
	NOT-FOR-US: MetInfo
CVE-2017-11716 (MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. ...)
	NOT-FOR-US: MetInfo
CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php exte ...)
	NOT-FOR-US: MetInfo
CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the  ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869977)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1)
CVE-2017-11713
	RESERVED
CVE-2017-11712
	RESERVED
CVE-2017-11711
	RESERVED
CVE-2017-11710
	RESERVED
CVE-2017-11709
	RESERVED
CVE-2017-11708
	RESERVED
CVE-2017-11707
	RESERVED
CVE-2017-11706 (The Boozt Fashion application before 2.3.4 for Android allows remote a ...)
	NOT-FOR-US: Boozt Fashion application
CVE-2017-11705 (A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in uti ...)
	- ming <removed>
	[wheezy] - ming <ignored> (Minor issue present everywhere in the source code, hard to fix)
	NOTE: https://github.com/libming/libming/issues/71
CVE-2017-11704 (A heap-based buffer over-read was found in the function decompileIF in ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/76
CVE-2017-11703 (A memory leak vulnerability was found in the function parseSWF_DOACTIO ...)
	- ming <removed>
	[wheezy] - ming <ignored> (Minor issue present everywhere in the source code, hard to fix)
	NOTE: https://github.com/libming/libming/issues/72
CVE-2017-11702
	RESERVED
CVE-2017-11701
	RESERVED
CVE-2017-11700
	RESERVED
CVE-2017-11699
	RESERVED
CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in lib/dbm/src/h ...)
	- nss <unfixed> (bug #873259; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779
CVE-2017-11697 (The __hash_open function in hash.c:229 in Mozilla Network Security Ser ...)
	- nss <unfixed> (bug #873258; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900
CVE-2017-11696 (Heap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...)
	- nss <unfixed> (bug #873257; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778
CVE-2017-11695 (Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...)
	- nss <unfixed> (bug #873256; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360782
CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentials tha ...)
	NOT-FOR-US: MEDHOST Document Management System
CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials tha ...)
	NOT-FOR-US: MEDHOST Document Management System
CVE-2017-11692 (The function "Token&amp; Scanner::peek" in scanner.cpp in yaml-cpp 0.5 ...)
	- yaml-cpp 0.6.3-1 (low; bug #870326)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <no-dsa> (Minor issue)
	[wheezy] - yaml-cpp <no-dsa> (Minor issue)
	- yaml-cpp0.3 <removed> (bug #870327)
	[stretch] - yaml-cpp0.3 <no-dsa>  (Minor issue)
	[jessie] - yaml-cpp0.3 <no-dsa>  (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/519
	NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18
CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code exe ...)
	NOT-FOR-US: Avira
CVE-2017-11690
	RESERVED
CVE-2017-11689
	RESERVED
CVE-2017-11688
	RESERVED
CVE-2017-11687 (Multiple Persistent cross-site scripting (XSS) vulnerabilities in Even ...)
	NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11686 (Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attac ...)
	NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities in sear ...)
	NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11684 (There is an illegal address access in the build_table function in liba ...)
	- libav <removed>
	[jessie] - libav 6:11.11-1~deb8u1
	- ffmpeg 7:2.3.1-1
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1073
	NOTE: Fixed by https://github.com/libav/libav/commit/ec683ed527cef9aad208d1daeb10d0e7fb63e75e.patch
CVE-2017-11683 (There is a reachable assertion in the Internal::TiffReader::visitDirec ...)
	{DLA-1147-1}
	- exiv2 0.27.2-6 (unimportant)
	NOTE: http://dev.exiv2.org/issues/1307
	NOTE: https://github.com/Exiv2/exiv2/issues/57
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
	NOTE: Problematic assert() exists in all versions in Debian.
	NOTE: Negligable security impact
CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows  ...)
	NOT-FOR-US: Hashtopussy
CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows rem ...)
	NOT-FOR-US: Hashtopussy
CVE-2017-11680 (Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowin ...)
	NOT-FOR-US: Hashtopussy
CVE-2017-11679 (Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the pas ...)
	NOT-FOR-US: Hashtopus
CVE-2017-11678 (SQL injection vulnerability in Hashtopus 1.5g allows remote authentica ...)
	NOT-FOR-US: Hashtopus
CVE-2017-11677 (Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remo ...)
	NOT-FOR-US: Hashtopus
CVE-2017-11676
	RESERVED
CVE-2017-11675 (The traverseStrictSanitize function in admin_dir/includes/classes/Admi ...)
	NOT-FOR-US: ZenCart
CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Acunetix
CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Acunetix
CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ins ...)
	NOT-FOR-US: OPC Foundation Local Discovery Server
CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386. ...)
	- gcc-6 6.3.0-12
	- gcc-5 5.4.1-10
	- gcc-4.9 <removed>
	[jessie] - gcc-4.9 <no-dsa> (Minor issue)
	- gcc-4.8 <removed>
	[jessie] - gcc-4.8 <no-dsa> (Minor issue)
	- gcc-4.7 <removed>
	[wheezy] - gcc-4.7 <no-dsa> (Minor issue)
	- gcc-4.6 <removed>
	[wheezy] - gcc-4.6 <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2017/07/27/2
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html
CVE-2017-11670 (A length validation (leading to out-of-bounds read and write) flaw was ...)
	NOT-FOR-US: eapmd5pass
CVE-2017-11669 (An out-of-bounds read flaw related to the assess_packet function in ea ...)
	NOT-FOR-US: eapmd5pass
CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ea ...)
	NOT-FOR-US: eapmd5pass
CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...)
	{DSA-4019-1 DLA-1785-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/501
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc
CVE-2017-11691 (Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti  ...)
	- cacti 1.1.15+ds1-1 (bug #869848)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
	NOTE: https://github.com/Cacti/cacti/issues/867
	NOTE: /for/fohttps://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c
CVE-2017-11667 (OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expir ...)
	NOT-FOR-US: OpenProject
CVE-2017-11666 (Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the f ...)
	NOT-FOR-US: Kopano
CVE-2017-11665 (The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130
	NOTE: Fixed in 3.2.7
CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0. ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0. ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause  ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0. ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11660
	RESERVED
CVE-2017-11659
	RESERVED
CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-11657 (Dashlane might allow local users to gain privileges by placing a Troja ...)
	NOT-FOR-US: Dashlane
CVE-2017-11656
	RESERVED
CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of  ...)
	- sipcrack <unfixed> (unimportant; bug #869803)
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
	NOTE: Negligible security impact
CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...)
	- sipcrack <unfixed> (unimportant; bug #869803)
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
	NOTE: Negligible security impact
CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the D ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the C ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url  ...)
	NOT-FOR-US: NexusPHP
CVE-2017-11650 (Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devic ...)
	NOT-FOR-US: DrayTek
CVE-2017-11649 (Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910 ...)
	NOT-FOR-US: DrayTek
CVE-2017-11648 (Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do ...)
	NOT-FOR-US: Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices
CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...)
	NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11646 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...)
	NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...)
	NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870016)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc
CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() func ...)
	{DSA-4321-1 DLA-1401-1 DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870157)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPIm ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870156)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function i ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870155)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870067)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/584
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86
CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a
CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImag ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870154)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLIm ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870153)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257
CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() funct ...)
	{DSA-4321-1 DLA-1401-1 DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870149)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c
CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices. Attackers c ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11634 (An issue was discovered on Wireless IP Camera 360 devices. Remote atta ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11633 (An issue was discovered on Wireless IP Camera 360 devices. Remote atta ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11632 (An issue was discovered on Wireless IP Camera 360 devices. A root acco ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11631 (dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL inj ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11629 (dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in contro ...)
	NOT-FOR-US: FineCMS
CVE-2017-11628 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ...)
	{DSA-4081-1 DSA-4080-1 DLA-1066-1}
	- php7.1 7.1.8-1 (low)
	- php7.0 7.0.22-1 (low)
	- php5 <removed> (low)
	NOTE: https://bugs.php.net/bug.php?id=74603
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: Fixed by https://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e
CVE-2017-11627 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0,  ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/118
CVE-2017-11626 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0,  ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/119
CVE-2017-11625 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0,  ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/120
CVE-2017-11624 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0,  ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/117
CVE-2017-11623
	RESERVED
CVE-2017-11622
	RESERVED
CVE-2017-11621
	RESERVED
CVE-2017-11620
	RESERVED
CVE-2017-11619
	RESERVED
CVE-2017-XXXX [out-of-bounds read in eexec_line()]
	- t1utils 1.40-1 (bug #868134; unimportant)
	[jessie] - t1utils <not-affected> (Vulnerable code introduced in 1.39)
	[wheezy] - t1utils <not-affected> (Vulnerable code introduced in 1.39)
	NOTE: Crash in CLI tool, no security impact
	NOTE: https://github.com/kohler/t1utils/issues/6
CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869728)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
	[stretch] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9
CVE-2017-XXXX [memory leak in quantize]
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869722)
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u16
	NOTE: Workaround entry for DLA-1081-1 since no CVE assigned
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123
CVE-2017-12664 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage  ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in th ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869715)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/555
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5660836f9197107e9c38f14f27a45c2d9f26afe2
CVE-2017-12428 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869713)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/544
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b2b48d50300a9fbcd0aa0d9230fd6d7a08f7671e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277
CVE-2017-11618
	RESERVED
CVE-2017-11617 (Cross-site scripting (XSS) vulnerability in atmail prior to version 7. ...)
	- atmailopen <removed>
CVE-2017-11616
	RESERVED
CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.15.31  ...)
	NOT-FOR-US: Wube Factorio
CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for custo ...)
	NOT-FOR-US: MEDHOST Connex
CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the TI ...)
	{DSA-4349-1 DLA-1411-1 DLA-1391-1}
	- tiff 4.0.9-5 (low; bug #869823)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2724
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475530
	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...)
	NOT-FOR-US: Joomla!
CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
	NOT-FOR-US: ZyXEL
CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulner ...)
	NOT-FOR-US: Wolf CMS
CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2 ...)
	{DSA-3942-1 DLA-1047-1}
	- supervisor 3.3.1-1.1 (bug #870187)
	NOTE: https://github.com/Supervisor/supervisor/issues/964
	NOTE: 3.3.3 https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e
	NOTE: 3.2.4 https://github.com/Supervisor/supervisor/commit/aac3c21893cab7361f5c35c8e20341b298f6462e
	NOTE: 3.1.4 https://github.com/Supervisor/supervisor/commit/dbe0f55871a122eac75760aef511efc3a8830b88
	NOTE: 3.0.1 https://github.com/Supervisor/supervisor/commit/83060f3383ebd26add094398174f1de34cf7b7f0
CVE-2017-11609
	RESERVED
CVE-2017-11608 (There is a heap-based buffer over-read in the Sass::Prelexer::re_lineb ...)
	- libsass 3.4.6-1 (bug #870186)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474276
	NOTE: https://github.com/sass/libsass/commit/648f763ede97f9a2c2c843a0a18ac18bbde3507b (3.4.6)
CVE-2017-11607
	RESERVED
CVE-2017-11606
	RESERVED
CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...)
	- libsass <undetermined> (bug #870184)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019
CVE-2017-11604
	RESERVED
CVE-2017-11603
	RESERVED
CVE-2017-11602
	RESERVED
CVE-2017-11601
	RESERVED
CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: http://seclists.org/bugtraq/2017/Jul/30
CVE-2017-11599
	RESERVED
CVE-2017-11598
	RESERVED
CVE-2017-11597
	RESERVED
CVE-2017-11596
	RESERVED
CVE-2017-11595
	RESERVED
CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser in Loo ...)
	- loomio <itp> (bug #756319)
CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus  ...)
	NOT-FOR-US: Chrome extension Markdown Preview Plus
CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the  ...)
	- exiv2 <not-affected> (printTiffStructure introduced in 0.26; only affected experimental; bug #895568)
	NOTE: https://github.com/Exiv2/exiv2/issues/56
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function i ...)
	{DLA-1147-1}
	- exiv2 0.27.2-6 (low; bug #876893)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/55
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
	NOTE: Reproducible in wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1).
CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in g ...)
	{DLA-1054-1}
	- libgxps 0.3.0-1 (low; bug #870183)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473167
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785479
	NOTE: Fixed by: https://git.gnome.org/browse/libgxps/commit/?id=9d5d2920
CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...)
	NOT-FOR-US: Cisco
CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...)
	NOT-FOR-US: Cisco
CVE-2017-11587 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...)
	NOT-FOR-US: Cisco
CVE-2017-11586 (dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in ...)
	NOT-FOR-US: FineCms
CVE-2017-11585 (dayrui FineCms 5.0.9 has remote PHP code execution via the param param ...)
	NOT-FOR-US: FineCms
CVE-2017-11584 (dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an a ...)
	NOT-FOR-US: FineCms
CVE-2017-11583 (dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an a ...)
	NOT-FOR-US: FineCms
CVE-2017-11582 (dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an act ...)
	NOT-FOR-US: FineCms
CVE-2017-11581 (dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php ...)
	NOT-FOR-US: FineCms
CVE-2017-11580 (Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory c ...)
	NOT-FOR-US: Blipcare Wifi blood pressure monitor BP700 10.1 devices
CVE-2017-11579 (In the most recent firmware for Blipcare, the device provides an open  ...)
	NOT-FOR-US: Blipcare
CVE-2017-11578 (It was discovered as a part of the research on IoT devices in the most ...)
	NOT-FOR-US: Blipcare
CVE-2017-11577 (FontForge 20161012 is vulnerable to a buffer over-read in getsid (pars ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3088
	NOTE: https://github.com/fontforge/fontforge/commit/3245d354865def9d712bdffe61fa211ad6aa4081
CVE-2017-11576 (FontForge 20161012 does not ensure a positive size in a weight vector  ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3091
	NOTE: https://github.com/fontforge/fontforge/commit/df349365630344ef3004a3c7934c7e7496692fb1
CVE-2017-11575 (FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (c ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3096
	NOTE: https://github.com/fontforge/fontforge/commit/4de0c58a01e5e30610c200e9aea98bc7db12c7ac
CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow in re ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3090
	NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3
CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...)
	- fontforge <unfixed> (unimportant; bug #873588)
	NOTE: https://github.com/fontforge/fontforge/issues/3098
	NOTE: Crash in GUI tool/related desktop libs, no security impact
CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3092
CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflow in a ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3087
	NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b
CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...)
	- fontforge <unfixed> (unimportant; bug #873587)
	NOTE: https://github.com/fontforge/fontforge/issues/3097
	NOTE: Crash in GUI tool/related desktop libs, no security impact
CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3093
	NOTE: https://github.com/fontforge/fontforge/commit/7bfec47910293bf149b8debe44c6f3f788506092
CVE-2017-11568 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in P ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3089
CVE-2017-11567 (Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server ...)
	NOT-FOR-US: Mongoose
CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field. ...)
	NOT-FOR-US: AppUse
CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due t ...)
	- pagure <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://pagure.io/pagure/pull-request/2426
CVE-2017-11564 (The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command i ...)
	NOT-FOR-US: D-Link
CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code executio ...)
	NOT-FOR-US: D-Link
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegur ...)
	NOT-FOR-US: MT4 SenhaSegura
CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authen ...)
	NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding ...)
	NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiK ...)
	NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11558
	RESERVED
CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications Manager 12.3 ...)
	NOT-FOR-US: ZOHO ManageEngine Applications Manager
CVE-2017-11556 (There is a stack consumption vulnerability in the Parser::advanceToNex ...)
	- libsass 3.5.4-1 (bug #870182)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2447
	NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623
CVE-2017-11555 (There is an illegal address access in the Eval::operator function in e ...)
	- libsass 3.5.4-1 (bug #870182)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2446
	NOTE: https://github.com/sass/libsass/commit/946ef4995bee1b19de581b69850e1eb841c06b12
CVE-2017-11554 (There is a stack consumption vulnerability in the lex function in pars ...)
	- libsass 3.5.4-1 (bug #870182)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2445
	NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623
CVE-2017-11553 (There is an illegal address access in the extend_alias_table function  ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only present in experimental; bug #888874)
	NOTE: https://github.com/Exiv2/exiv2/issues/54
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
CVE-2017-11552 (mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use wit ...)
	- mpg321 0.3.2-2 (bug #870406)
	[stretch] - mpg321 <no-dsa> (Minor issue)
	[jessie] - mpg321 <no-dsa> (Minor issue)
	[wheezy] - mpg321 <no-dsa> (Minor issue)
	NOTE: CVE was originally assigned for libmad, but further analysis has shown
	NOTE: that the underlying issue is in src:mpg321
	NOTE: Cf. https://bugs.debian.org/870406#25 for more Details.
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/94
CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows re ...)
	- libid3tag 0.15.1b-5 (bug #870333)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/85
	NOTE: Same issue as #304913
CVE-2017-11550 (The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows rem ...)
	- libid3tag 0.15.1b-9 (bug #405801)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/85
	NOTE: Addressed by the 11_unknown_encoding.dpatch patch
CVE-2017-11549 (The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remot ...)
	- timidity <unfixed> (unimportant; bug #870338)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/83
	NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11548 (The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 a ...)
	- libao <unfixed> (unimportant; bug #870608)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/84
	NOTE: Not a security issue in ao, needs to be validated in applications using it, see #870608
CVE-2017-11547 (The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows  ...)
	- timidity 2.14.0-4 (unimportant; bug #870338)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/83
	NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11546 (The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allo ...)
	- timidity 2.14.0-4 (unimportant; bug #870338)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/83
	NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11545
	REJECTED
CVE-2017-11544
	REJECTED
CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in  ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-3 (bug #873806)
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print fun ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-3 (bug #873805)
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim
CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print func ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-3 (bug #873804)
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print
CVE-2017-11540 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	- imagemagick <not-affected> (Only affects ImageMagick-7 series)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/581
CVE-2017-11539 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870120)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/582
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4e81160d66f02bf7b4f569669ca7dd80d416ba6e
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/36aad912d1f405a28a9a1204120b569e7da5898e
CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	- imagemagick <not-affected> (Vulnerable code introduced later, cf bug #870110)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/569
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f
	NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697
CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DSA-4019-1 DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869712)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/560
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bac384563f557d1ac7413d2eaec00dd59c3cc29b
CVE-2017-11536 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869831)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/567
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6
CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869827)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/561
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441
CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869711)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/564
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90
CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869834)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/562
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed1fd69231ab21dc540167c63bc3b0fa3282ec59
CVE-2017-11532 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869726)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/563
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d60d705cddac7fa5d0e6596c183bbb9b46a57161
CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869725)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/566
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...)
	{DLA-1439-1 DLA-1040-1}
	- resiprocate <removed> (low; bug #869404)
	[stretch] - resiprocate <no-dsa> (Minor issue)
	NOTE: https://github.com/resiprocate/resiprocate/pull/88
	NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8
CVE-2016-10400 (Directory Traversal exists in ATutor before 2.2.2 via the icon paramet ...)
	NOT-FOR-US: ATutor
CVE-2017-11520
	RESERVED
CVE-2017-11519 (passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an a ...)
	NOT-FOR-US: TP-Link
CVE-2016-10399 (Sendio versions before 8.2.1 were affected by a Local File Inclusion v ...)
	NOT-FOR-US: Sendio
CVE-2017-11518
	RESERVED
CVE-2017-11517 (Stack-based buffer overflow in GCoreServer.exe in the server in Geuteb ...)
	NOT-FOR-US: Geutebrueck Gcore
CVE-2017-11516 (An XSS vulnerability exists in framework/views/errorHandler/exception. ...)
	NOT-FOR-US: Yii Framework
CVE-2017-11515
	RESERVED
CVE-2017-11514
	RESERVED
CVE-2017-11513
	RESERVED
CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file  ...)
	NOT-FOR-US: ManageEngine ServiceDesk
CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file  ...)
	NOT-FOR-US: ManageEngine ServiceDesk
CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...)
	NOT-FOR-US: Wanscam's HW0021 network camera
CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...)
	{DLA-2129-1 DLA-1374-1}
	- firebird3.0 3.0.3.32900.ds4-3
	[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
	- firebird2.5 <removed>
	NOTE: https://www.tenable.com/security/research/tra-2017-36
	NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed
	NOTE: in "any current release".
	NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix,
	NOTE: and might actually be considered more justof a mitigation.
	NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at
CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
	NOT-FOR-US: SecurityCenter
CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
	- check-mk 1.2.8p26-1
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
	NOTE: https://www.tenable.com/security/research/tra-2017-20
CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other manager, ...)
	NOT-FOR-US: Nessus
CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor wa ...)
	- tor 0.3.1.7-1 (bug #869153)
	[stretch] - tor <no-dsa> (Minor issue)
	[jessie] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)
	[wheezy] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)
	NOTE: https://twitter.com/pissquark/status/888142796414226432
CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9 ...)
	{DSA-4019-1 DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #869210)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
	NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78
CVE-2017-11522 (The WriteOnePNGImage function in coders/png.c in ImageMagick through 6 ...)
	- imagemagick <not-affected> (bug #869209; vulnerable code not present, ImageMagick-7 issue only)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/586
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f
CVE-2017-11504
	RESERVED
CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Add ...)
	- libphp-phpmailer 6.0.6-0.1 (unimportant)
	NOTE: code_generator.phps installed to examples
CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ar ...)
	NOT-FOR-US: Technicolor
CVE-2017-11501 (NixOS 17.03 and earlier has an unintended default absence of SSL Certi ...)
	NOT-FOR-US: NixOS
CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...)
	NOT-FOR-US: MetInfo
CVE-2017-11499 (Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...)
	- nodejs 4.8.4~dfsg-1 (bug #868162; unimportant)
	NOTE: https://nodejs.org/en/blog/release/v6.11.1/
	NOTE: https://nodejs.org/en/blog/release/v4.8.4/
CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all  ...)
	NOT-FOR-US: Gemalto ACC
CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center) ...)
	NOT-FOR-US: Gemalto ACC
CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center) ...)
	NOT-FOR-US: Gemalto ACC
CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticat ...)
	NOT-FOR-US: PHICOMM
CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and  ...)
	NOT-FOR-US: SOL.Connect ISET-mpp meter
CVE-2017-11493
	REJECTED
CVE-2017-11492
	REJECTED
CVE-2017-11491
	REJECTED
CVE-2017-11490
	REJECTED
CVE-2017-11489
	REJECTED
CVE-2017-11488
	REJECTED
CVE-2017-11487
	REJECTED
CVE-2017-11486
	REJECTED
CVE-2017-11485
	REJECTED
CVE-2017-11484
	REJECTED
CVE-2017-11483
	REJECTED
CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pa ...)
	- kibana <itp> (bug #700337)
CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (X ...)
	- kibana <itp> (bug #700337)
CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...)
	NOT-FOR-US: Packetbeat
CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulner ...)
	- kibana <itp> (bug #700337)
CVE-2017-11477
	RESERVED
CVE-2017-11476
	RESERVED
CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exp ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/com ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/upt ...)
	NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/upt ...)
	NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in th ...)
	NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11468 (Docker Registry before 2.6.2 in Docker Distribution does not properly  ...)
	- docker-registry 2.6.2~ds1-1 (bug #869242)
CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...)
	NOT-FOR-US: OrientDB
CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows a ...)
	- ruby2.3 <not-affected> (Specific to Ruby 2.4)
	- ruby2.1 <not-affected> (Specific to Ruby 2.4)
CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in G ...)
	- librsvg 2.40.18-1 (bug #869129)
	[stretch] - librsvg <no-dsa> (Minor issue)
	[jessie] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
	[wheezy] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783835
	NOTE: Introduced in: https://git.gnome.org/browse/librsvg/commit/?id=054807726db76558728e7a7513aabc4698b3dc95 (2.40.9)
	NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a
CVE-2017-11473 (Buffer overflow in the mp_override_legacy_irq() function in arch/x86/k ...)
	- linux 4.13.4-1 (unimportant)
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: Fixed by: https://git.kernel.org/linus/dad5ab0db8deac535d03e3fe3d8f2892173fa6a4
	NOTE: Non-issue since ACPI tables are trusted
CVE-2017-11472 (The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in t ...)
	- linux 4.12.6-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/3b2d69114fefa474fca542e51119036dceb4aa6f (4.12-rc1)
	NOTE: Non-issue since ACPI tables are trusted
CVE-2017-11466 (Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxF ...)
	NOT-FOR-US: dotCMS
CVE-2017-11463 (In Ivanti Service Desk (formerly LANDESK Management Suite) versions be ...)
	NOT-FOR-US: LANDESK
CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker ...)
	- krb5 1.15.2-1 (low; bug #873563)
	[stretch] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
	[jessie] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
	[wheezy] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions pr ...)
	NOT-FOR-US: NetApp
CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService s ...)
	NOT-FOR-US: SAP
CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via  ...)
	NOT-FOR-US: SAP
CVE-2017-11458 (Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol s ...)
	NOT-FOR-US: SAP
CVE-2017-11457 (XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP Ne ...)
	NOT-FOR-US: SAP
CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...)
	NOT-FOR-US: Geneko GWR routers
CVE-2017-11455 (diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8. ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11454
	RESERVED
CVE-2017-11453
	RESERVED
CVE-2017-11452
	RESERVED
CVE-2017-11451
	RESERVED
CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867894)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable st ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0. ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867893)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...)
	{DSA-3914-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867897)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has a ...)
	{DSA-4019-1 DLA-1785-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #868950)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/537
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96182884778bfc43d6a9a0abd90cedb5d8cf8977
CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/a ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-11444 (Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /fron ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-11443
	RESERVED
CVE-2017-11442
	RESERVED
CVE-2017-11441 (The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before  ...)
	NOT-FOR-US: WHM Upload Locale interface in cPanel
CVE-2017-11440 (In Sitecore 8.2, there is absolute path traversal via the shell/Applic ...)
	NOT-FOR-US: Sitecore
CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tool ...)
	NOT-FOR-US: Sitecore
CVE-2017-11438 (GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.1 ...)
	- gitlab <not-affected> (Only affects 8.5 onwards)
	NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
CVE-2017-11437 (GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, an ...)
	- gitlab <not-affected> (Only affects Enterprise Edition)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/2905
	NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x ...)
	NOT-FOR-US: D-Link
CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authenticat ...)
	NOT-FOR-US: Humax Wi-Fi Router model HG100R-*
CVE-2017-11434 (The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) ...)
	{DSA-3925-1 DLA-1497-1 DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-7 (bug #869171)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
CVE-2017-11433
	RESERVED
CVE-2017-11432
	RESERVED
CVE-2017-11431
	RESERVED
CVE-2017-11430 (OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the  ...)
	- ruby-omniauth-saml <not-affected> (The actual vulnerability is in ruby-saml, which is used by the Debian package)
	NOTE: The change in 1.10.0 simply bumps the version requirement
	NOTE: https://github.com/omniauth/omniauth-saml/issues/156
	NOTE: https://github.com/omniauth/omniauth-saml/pull/157
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11429 (Clever saml2-js 2.0 and earlier may incorrectly utilize the results of ...)
	NOT-FOR-US: Clever saml2-js
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://nodesecurity.io/advisories/567
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11428 (OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the resul ...)
	- ruby-saml 1.7.2-1 (bug #892865)
	[stretch] - ruby-saml <no-dsa> (Minor issue)
	NOTE: fixed in 1.7.0
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
	NOTE: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
CVE-2017-11427 (OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the resu ...)
	NOT-FOR-US: OneLogin python-saml
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11426
	RESERVED
CVE-2017-11425
	RESERVED
CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm ...)
	{DSA-3979-1}
	- pyjwt 1.4.2-1.1 (bug #873244)
	NOTE: https://github.com/jpadilla/pyjwt/pull/277
CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,  ...)
	{DSA-3946-1 DLA-1279-1}
	- libmspack 0.6-1 (bug #868956)
	- clamav 0.99.3~beta1+dfsg-1 (unimportant)
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
	NOTE: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
	NOTE: ClamAV: https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
	NOTE: ClamaV: https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
	NOTE: ClamAV uses the libmspack system library when available. This is the
	NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
	NOTE: libmspack and thus need to have the fix as well in the src:clamav source package.
CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's p ...)
	NOT-FOR-US: Statamic
CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asusw ...)
	NOT-FOR-US: ASUS
CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/edito ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/inser ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/ ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY di ...)
	- wireshark 2.4.0-1 (bug #870179)
	[stretch] - wireshark <not-affected> (Incomplete fix for CVE-2017-9350 not applied)
	[jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-9350 not applied)
	[wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-9350 not applied)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a83a324acdfc07a0ca8b65e6ebaba3374ab19c76
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissect ...)
	- wireshark 2.4.0-1 (bug #870180)
	[jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied)
	[wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c7168cc5f044b4da8747d35da0b2b204dabf398
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html
CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a l ...)
	{DLA-1634-1}
	- wireshark 2.2.0~rc1+g438c022-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=57b83bbbd76f543eb8d108919f13b662910bff9a
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-37.html
	NOTE: Technically the 2.2.0~rc1+g438c022-1 is just the first version in unstable
	NOTE: after 2.1.0 from upstream. Upstream changed the types in llc_gprs_dissect_xid
	NOTE: in version 2.1.0.
CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector co ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.0-1 (bug #870172)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-34.html
CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector coul ...)
	{DLA-1634-1}
	- wireshark 2.4.0-1 (low; bug #870172)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html
CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector  ...)
	{DLA-1634-1}
	- wireshark 2.4.0-1 (bug #870172)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html
CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-3
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
	NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
	NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6
	NOTE: The addition required commit is: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...)
	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...)
	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...)
	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection wh ...)
	- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
	[stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
	NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
	NOTE: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
CVE-2017-11399 (Integer overflow in the ape_decode_frame function in libavcodec/apedec ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0
	NOTE: Fixed in 3.2.7
CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend Micro Sm ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro Encryption for E ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11396 (Vulnerability issues with the web service inspection of input paramete ...)
	NOT-FOR-US: Trend Micro Web Security Virtual Appliance
CVE-2017-11395 (Command injection vulnerability in Trend Micro Smart Protection Server ...)
	NOT-FOR-US: Trend Micro Smart Protection Server
CVE-2017-11394 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11393 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11392 (Proxy command injection vulnerability in Trend Micro InterScan Messagi ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11391 (Proxy command injection vulnerability in Trend Micro InterScan Messagi ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11390 (XML external entity (XXE) processing vulnerability in Trend Micro Cont ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11389 (Directory traversal vulnerability in Trend Micro Control Manager 6.0 a ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11388 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11387 (Authentication Bypass in Trend Micro Control Manager 6.0 causes Inform ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11386 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11385 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11384 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11383 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11382 (Denial of Service vulnerability in Trend Micro Deep Discovery Email In ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11381 (A command injection vulnerability exists in Trend Micro Deep Discovery ...)
	NOT-FOR-US: Trend Micro Deep Discovery Director
CVE-2017-11380 (Backup archives were found to be encrypted with a static password acro ...)
	NOT-FOR-US: Trend Micro Deep Discovery Director
CVE-2017-11379 (Configuration and database backup archives are not signed or validated ...)
	NOT-FOR-US: Trend Micro Deep Discovery Director
CVE-2017-11378
	RESERVED
CVE-2017-11377
	RESERVED
CVE-2017-11376
	RESERVED
CVE-2017-11375
	RESERVED
CVE-2017-11374
	RESERVED
CVE-2017-11373
	RESERVED
CVE-2017-11372
	RESERVED
CVE-2017-11371
	RESERVED
CVE-2017-11370
	RESERVED
CVE-2017-11369
	RESERVED
CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker  ...)
	{DLA-1058-1}
	- krb5 1.15.1-2 (bug #869260)
	[stretch] - krb5 1.15-1+deb9u1
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2
CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 a ...)
	NOT-FOR-US: shoco
CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...)
	NOT-FOR-US: Codiad
CVE-2017-11365 (Certain Symfony products are affected by: Incorrect Access Control. Th ...)
	- symfony <not-affected> (introduced in versions that were never packaged in Debian)
	NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's own ...)
	NOT-FOR-US: Joomla!
CVE-2017-11363
	RESERVED
CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ...)
	- php7.1 7.1.8-1 (unimportant)
	- php7.0 7.0.22-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73473
	NOTE: Fixed in 7.1.7, 7.0.21
	NOTE: Only triggerable by malicious script
CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the "user" ...)
	NOT-FOR-US: Inteno routers
CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allow ...)
	{DLA-1705-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #870328)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
	NOTE: https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60
CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 all ...)
	{DLA-1705-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #870328)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
	NOTE: https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00
CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not prope ...)
	NOT-FOR-US: Progress Telerik UI
CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...)
	NOT-FOR-US: PEGA Platform
CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7 ...)
	NOT-FOR-US: PEGA Platform
CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_a ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11351 (Axesstel MU553S MU55XS-V1.14 devices have a default password of admin  ...)
	NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-11350 (Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axess ...)
	NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose program ...)
	NOT-FOR-US: dataTaker
CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with Packag ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a  ...)
	NOT-FOR-US: MetInfo
CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows remote at ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASU ...)
	NOT-FOR-US: ASUS
CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin firmware for AS ...)
	NOT-FOR-US: ASUS
CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition (relate ...)
	- yadm 1.11.1-1 (bug #868300)
	[stretch] - yadm 1.06-1+deb9u1
	NOTE: https://github.com/TheLocehiliosan/yadm/issues/74
CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Sc ...)
	- chicken 4.12.0-0.2 (bug #870266)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...)
	- libsass <undetermined> (bug #868577)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722
CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5.  ...)
	- libsass <undetermined> (bug #868577)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714
CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
	NOTE: https://github.com/Exiv2/exiv2/issues/53
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950
	NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type".
	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure  ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
	NOTE: https://github.com/Exiv2/exiv2/issues/52
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946
	NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type".
	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
	NOTE: https://github.com/Exiv2/exiv2/issues/51
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913
	NOTE: Not reproducible in wheezy/jessie/stretch, I get "No Exif data found in the file".
	NOTE: Reproducible with 0.26-1 (experimental).
CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function  ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
	NOTE: https://github.com/Exiv2/exiv2/issues/50
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737
	NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind), I get "No Exif data found in the file".
	NOTE: Reproducible with 0.26-1 (experimental).
	NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption.
CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
	NOTE: https://github.com/Exiv2/exiv2/issues/49
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729
	NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind).
	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4 ...)
	{DSA-4100-1 DLA-1094-1 DLA-1093-1}
	- tiff 4.0.8-4 (bug #868513)
	[stretch] - tiff <no-dsa> (Minor issue)
	[jessie] - tiff <no-dsa> (Minor issue)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2715
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556
CVE-2017-11529 (The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9- ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867823)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/525
CVE-2017-11478 (The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through  ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867826)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/528
CVE-2017-11526 (The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9 ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867825)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/527
CVE-2017-11505 (The ReadOneJNGImage function in coders/png.c in ImageMagick through 6. ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867824)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/526
CVE-2017-11530 (The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9- ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867821)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/524
CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9. ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867798)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/506
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
	{DSA-3925-1}
	- qemu 1:2.8+dfsg-7 (bug #869173)
	[jessie] - qemu <postponed> (Minor issue, root DoS, backport caused Xen regression in Ubuntu and was reverted)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
	NOTE: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1752761
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...)
	{DSA-4113-1 DLA-2039-1 DLA-1368-1}
	- libvorbis 1.3.5-4.1 (low; bug #870341)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows  ...)
	{DLA-1705-1 DLA-1197-1}
	- sox 14.4.2-2 (bug #870328)
	[stretch] - sox 14.4.1-5+deb9u2
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
	NOTE: https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571
CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
	- vorbis-tools <unfixed> (unimportant)
	NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
	NOTE: still the return of malloc is not checked.
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/80
	NOTE: Crash in CLI tool only, negligible security impact
CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFi ...)
	NOT-FOR-US: DivFix++
CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.ph ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-10398 (Android 6.0 has an authentication bypass for attackers with root and p ...)
	NOT-FOR-US: Android
CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item() function in obj ...)
	- yara 3.6.3+dfsg-1
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f
CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11326 (An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass t ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11325 (An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be rea ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11323 (Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows r ...)
	NOT-FOR-US: ESTsoft ALZip
CVE-2017-11322 (The chroothole_client executable in UCOPIA Wireless Appliance before 5 ...)
	NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-11321 (The restricted shell interface in UCOPIA Wireless Appliance before 5.1 ...)
	NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...)
	NOT-FOR-US: Technicolor TC7337 routers
CVE-2017-11319 (Perspective ICM Investigation &amp; Case 5.1.1.16 allows remote authen ...)
	NOT-FOR-US: Perspective ICM Investigation
CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and  ...)
	NOT-FOR-US: Cobian
CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017  ...)
	NOT-FOR-US: Progress Telerik UI
CVE-2017-11316
	RESERVED
CVE-2017-11315
	RESERVED
CVE-2017-11314
	RESERVED
CVE-2017-11313
	RESERVED
CVE-2017-11312
	RESERVED
CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt bef ...)
	- libopenmpt 0.2.8461~beta26-1 (bug #867579)
	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u2
CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick 7 ...)
	- imagemagick <not-affected> (Vulnerable code not present, Only affects ImageMagick-7)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before 10 ...)
	NOT-FOR-US: Avaya IP Office
CVE-2017-11308 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2017-11307 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2017-11306 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2017-11305 (A regression affecting Adobe Flash Player version 27.0.0.187 (and earl ...)
	NOT-FOR-US: Adobe
CVE-2017-11304 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earli ...)
	NOT-FOR-US: Adobe
CVE-2017-11303 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earli ...)
	NOT-FOR-US: Adobe
CVE-2017-11302 (An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. ...)
	NOT-FOR-US: Adobe
CVE-2017-11301 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...)
	NOT-FOR-US: Adobe
CVE-2017-11300 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...)
	NOT-FOR-US: Adobe
CVE-2017-11299 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...)
	NOT-FOR-US: Adobe
CVE-2017-11298 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...)
	NOT-FOR-US: Adobe
CVE-2017-11297 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...)
	NOT-FOR-US: Adobe
CVE-2017-11296 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...)
	NOT-FOR-US: Adobe
CVE-2017-11295 (An issue was discovered in Adobe DNG Converter 9.12.1 and earlier vers ...)
	NOT-FOR-US: Adobe
CVE-2017-11294 (An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An  ...)
	NOT-FOR-US: Adobe
CVE-2017-11293 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...)
	NOT-FOR-US: Adobe
CVE-2017-11292 (Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecod ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-11291 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11290 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11289 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11288 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11287 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection vulnerabil ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability  ...)
	NOT-FOR-US: Adobe
CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability  ...)
	NOT-FOR-US: Adobe
CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...)
	NOT-FOR-US: Adobe
CVE-2017-11279 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after  ...)
	NOT-FOR-US: Adobe
CVE-2017-11278 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...)
	NOT-FOR-US: Adobe
CVE-2017-11277 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...)
	NOT-FOR-US: Adobe
CVE-2017-11276 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...)
	NOT-FOR-US: Adobe
CVE-2017-11275 (Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overf ...)
	NOT-FOR-US: Adobe
CVE-2017-11274 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after  ...)
	NOT-FOR-US: Adobe
CVE-2017-11273 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...)
	NOT-FOR-US: Adobe
CVE-2017-11272 (Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnera ...)
	NOT-FOR-US: Adobe
CVE-2017-11271 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11270 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11269 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11268 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11267 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11266
	REJECTED
CVE-2017-11265 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11264
	REJECTED
CVE-2017-11263 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11262 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11261 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11260 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11259 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11258 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11257 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11256 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11255 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11254 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11253 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2017-11252 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11251 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11250 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2017-11249 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11248 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11247
	REJECTED
CVE-2017-11246 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11245 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11244 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11243 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11242 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11241 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11240 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2017-11239 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11238 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11237 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11236 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11235 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11234 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11233 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11232 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11231 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11230 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11229 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11228 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11227 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11226 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11225 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...)
	NOT-FOR-US: Adobe
CVE-2017-11224 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11223 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11222 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11221 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11220 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11219 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11218 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11217 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11216 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11215 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...)
	NOT-FOR-US: Adobe
CVE-2017-11214 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11213 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...)
	NOT-FOR-US: Adobe
CVE-2017-11212 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11211 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11210 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11209 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-1000083 (backend/comics/comics-document.c (aka the comic book backend) in GNOME ...)
	{DSA-3916-1 DSA-3911-1 DLA-1031-1}
	- evince 3.22.1-4
	- atril 1.16.1-2.1 (bug #868500)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
CVE-2017-11208
	RESERVED
CVE-2017-11207
	RESERVED
CVE-2017-11206
	RESERVED
CVE-2017-11205
	RESERVED
CVE-2017-11204
	RESERVED
CVE-2017-11203
	RESERVED
CVE-2017-11202 (FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScri ...)
	NOT-FOR-US: FineCMS
CVE-2017-11201 (application/core/controller/images.php in FineCMS through 2017-07-12 a ...)
	NOT-FOR-US: FineCMS
CVE-2017-11200 (SQL Injection exists in FineCMS through 2017-07-12 via the application ...)
	NOT-FOR-US: FineCMS
CVE-2017-11199
	RESERVED
CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_ ...)
	NOT-FOR-US: FineCMS
CVE-2017-11197
	RESERVED
CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...)
	{DLA-1049-1}
	- libsndfile 1.0.28-3 (bug #869166)
	[stretch] - libsndfile <ignored> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/292
	NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The he ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetai ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the dia ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11192
	RESERVED
CVE-2017-11191 (** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote auth ...)
	NOTE: non-issue claimed for freepia
CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...)
	- unrar-free <unfixed> (unimportant)
	NOTE: Affected debug code not enabled
CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
	- unrar-free <unfixed> (unimportant)
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-11186
	RESERVED
CVE-2017-11185 (The gmp plugin in strongSwan before 5.6.0 allows remote attackers to c ...)
	{DSA-3962-1 DLA-1059-1}
	- strongswan 5.6.0-1 (bug #872155)
	NOTE: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html
	NOTE: https://git.strongswan.org/?p=strongswan.git;a=commit;h=ef5c37fcdf47273feea320091598135688df4ef7
CVE-2017-11184 (SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11183 (front/backup.php in GLPI before 9.1.5 allows remote authenticated admi ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11182 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found  ...)
	NOT-FOR-US: Rise Ultimate Project Manager
CVE-2017-11181 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found  ...)
	NOT-FOR-US: Rise Ultimate Project Manager
CVE-2017-11180 (FineCMS through 2017-07-11 has stored XSS in the logging functionality ...)
	NOT-FOR-US: FineCMS
CVE-2017-11179 (FineCMS through 2017-07-11 has stored XSS in route=admin when modifyin ...)
	NOT-FOR-US: FineCMS
CVE-2017-11178 (In FineCMS through 2017-07-11, application/core/controller/style.php a ...)
	NOT-FOR-US: FineCMS
CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file acce ...)
	NOT-FOR-US: TRITON
CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.11.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
CVE-2017-11175 (In J2 Innovations FIN Stack 4.0, the authentication webform is vulnera ...)
	NOT-FOR-US: J2 Innovations FIN Stack
CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8 ...)
	NOT-FOR-US: XOOPS
CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1 allows a  ...)
	{DSA-3931-1}
	- ruby-rack-cors 0.4.1-1
	[jessie] - ruby-rack-cors <not-affected> (Vulnerable code not present)
CVE-2017-11172
	RESERVED
CVE-2017-1000096 (Arbitrary code execution due to incomplete sandbox protection: Constru ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000095 (The default whitelist included the following unsafe entries: DefaultGr ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000094 (Docker Commons Plugin provides a list of applicable credential IDs to  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000093 (Poll SCM Plugin was not requiring requests to its API be sent via POST ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000092 (Git Plugin connects to a user-specified Git repository as part of form ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000091 (GitHub Branch Source Plugin connects to a user-specified GitHub API UR ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000090 (Role-based Authorization Strategy Plugin was not requiring requests to ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000089 (Builds in Jenkins are associated with an authentication that controls  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000088 (The Sidebar Link plugin allows users able to configure jobs, views, an ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000087 (GitHub Branch Source provides a list of applicable credential IDs to a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000086 (The Periodic Backup Plugin did not perform any permission checks, allo ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000085 (Subversion Plugin connects to a user-specified Subversion repository a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000084 (Parameterized Trigger Plugin fails to check Item/Build permission: The ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in gs ...)
	- gnome-session 2.30.0-1
	NOTE: https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d
CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 device ...)
	NOT-FOR-US: iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices
CVE-2017-11168
	RESERVED
CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...)
	NOT-FOR-US: FineCMS
CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...)
	- imagemagick 8:6.9.7.4+dfsg-7 (unimportant; bug #868263)
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u14
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/471
CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: dataTaker
CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...)
	- pcre3 <unfixed> (unimportant)
	NOTE: http://openwall.com/lists/oss-security/2017/07/11/3
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...)
	- cacti 1.1.12+ds1-1 (bug #868080)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/847
	NOTE: aggregate_graphs.php not available in 0.8.8.
	NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
	NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology Photo Stat ...)
	NOT-FOR-US: Synology
CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo Station befor ...)
	NOT-FOR-US: Synology
CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in Synolog ...)
	NOT-FOR-US: Installer in Synology Assistant
CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in Synolog ...)
	NOT-FOR-US: Installer in Synology Photo Station Uploader
CVE-2017-11158 (Multiple untrusted search path vulnerabilities in the installer in Syn ...)
	NOT-FOR-US: Synology Cloud Station Drive
CVE-2017-11157 (Multiple untrusted search path vulnerabilities in the installer in Syn ...)
	NOT-FOR-US: Synology
CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2 ...)
	NOT-FOR-US: Synology Download Station
CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo S ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11154 (Unrestricted file upload vulnerability in PixlrEditorHandler.php in Sy ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11153 (Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11152 (Directory traversal vulnerability in PixlrEditorHandler.php in Synolog ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11151 (A vulnerability in synotheme_upload.php in Synology Photo Station befo ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11150 (Command injection vulnerability in Document.php in Synology Office 2.2 ...)
	NOT-FOR-US: Synology Office
CVE-2017-11149 (Server-side request forgery (SSRF) vulnerability in Downloader in Syno ...)
	NOT-FOR-US: Synology Download Station
CVE-2017-11148 (Server-side request forgery (SSRF) vulnerability in link preview in Sy ...)
	NOT-FOR-US: Synology Chat
CVE-2017-11146
	REJECTED
CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an er ...)
	{DSA-4081-1 DSA-4080-1 DLA-1034-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: Fixed by: https://github.com/php/php-src/commit/e8b7698f5ee757ce2c8bd10a192a491a498f891c
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and re-encryp ...)
	- jenkins <removed>
CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...)
	NOT-FOR-US: ONOS
CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. ...)
	NOT-FOR-US: ONOS
CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS. ...)
	NOT-FOR-US: ONOS
CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registra ...)
	NOT-FOR-US: ONOS
CVE-2017-1000077
	REJECTED
CVE-2017-1000076
	REJECTED
CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the  ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the  ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an un ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass i ...)
	- php-cas 1.3.6-1 (bug #868466)
	[stretch] - php-cas <no-dsa> (Minor issue)
	[jessie] - php-cas <no-dsa> (Minor issue)
	[wheezy] - php-cas <no-dsa> (Minor issue, only works with old CAS server)
	NOTE: https://github.com/Jasig/phpCAS/issues/228
	NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd
	NOTE: The vulnerability only exists when the server is affected by
	NOTE: another very old vulnerability fixed in 2010.
CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an o ...)
	NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...)
	NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an authent ...)
	NOT-FOR-US: TestTrack
CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injecti ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-1000066 (The entry details view function in KeePass version 1.32 inadvertently  ...)
	- keepass2 <not-affected> (Only affects 1.x)
CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in Open ...)
	NOT-FOR-US: OpenMediaVault
CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion  ...)
	NOT-FOR-US: kittoframework kitto
CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404  ...)
	NOT-FOR-US: kittoframework kitto
CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...)
	NOT-FOR-US: kittoframework kitto
CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansio ...)
	- xmlsec1 1.2.24-1
	[stretch] - xmlsec1 <no-dsa> (Minor issue)
	[jessie] - xmlsec1 <no-dsa> (Minor issue)
	[wheezy] - xmlsec1 <no-dsa> (Minor issue)
	NOTE: https://github.com/lsh123/xmlsec/issues/43
CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leadin ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site S ...)
	NOT-FOR-US: Live Helper Chat
CVE-2017-1000058 (Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one ...)
	NOT-FOR-US: chevereto CMS
CVE-2017-1000057
	REJECTED
CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...)
	- kubernetes 1.5.5+dfsg-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/43459
CVE-2017-1000055
	REJECTED
CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdo ...)
	NOT-FOR-US: Rocket.Chat
CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to  ...)
	NOT-FOR-US: Elixir Plug
CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to  ...)
	NOT-FOR-US: Elixir Plug
CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs C ...)
	NOT-FOR-US: XWiki labs
CVE-2017-1000049
	REJECTED
CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3,  ...)
	NOT-FOR-US: ljharb
CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in t ...)
	- rbenv <unfixed> (bug #869702)
	[buster] - rbenv <no-dsa> (Minor issue)
	[stretch] - rbenv <no-dsa> (Minor issue)
	[jessie] - rbenv <no-dsa> (Minor issue)
	[wheezy] - rbenv <no-dsa> (Minor issue)
	NOTE: https://github.com/rbenv/rbenv/issues/977
	NOTE: .ruby-version is .rbenv-version in wheezy
CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
	NOT-FOR-US: Mautic
CVE-2017-1000045
	REJECTED
CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulne ...)
	NOT-FOR-US: Mapbox.js
CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulne ...)
	NOT-FOR-US: Mapbox.js
CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV Ex ...)
	NOT-FOR-US: Framadate
CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XS ...)
	NOT-FOR-US: WordPress plugin
CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD resul ...)
	NOT-FOR-US: RVM
CVE-2017-1000036
	REJECTED
CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attac ...)
	- tt-rss 17.1+git20170410+dfsg-1
	NOTE: https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47
CVE-2017-1000034 (Akka versions &lt;=2.4.16 and 2.5-M1 are vulnerable to a java deserial ...)
	NOT-FOR-US: Akka
CVE-2017-1000033 (Wordpress Plugin Vospari Forms version &lt; 1.4 is vulnerable to a ref ...)
	NOT-FOR-US: WordPress plugin
CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remot ...)
	- cacti 0.8.8b+dfsg-6
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u3
	NOTE: MITRE will not reject the entry, but the issue is already covered by the
	NOTE: patch as for CVE-2014-4002. See discussion in
	NOTE: https://github.com/distributedweaknessfiling/DWF-CVE-Database/issues/27
CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8 ...)
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls)
	[wheezy] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls)
	NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789
	NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172.
	NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability than
	NOTE: CVE-2014-4002 and CVE-2016-3172. This is because they seprate on vulnerability
	NOTE: type, so it cannot be a duplicate of CVE-2014-4002 despite sharing attack
	NOTE: vectors with this vulnerability, and covers different attack vectors than
	NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to be
	NOTE: independently fixable from said vulnerability based on the fix provided here:
	NOTE: https://github.com/Cacti/cacti/issues/866
	NOTE: According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448
	NOTE: the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46
	NOTE: whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5
	NOTE: After the request to MITRE to reject this CVE, elbrus discovered that also
	NOTE: CVE-2015-4634 seems part of the duplication. Upstream commit 4e4dd67 was in the
	NOTE: preperation git tree for 1.x, its equivalent svn commit was used to fix
	NOTE: CVE-2015-4634 in Debian.
CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulne ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulne ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable t ...)
	NOT-FOR-US: Koozali Foundation SME Server
CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...)
	{DSA-3915-1}
	- ruby-mixlib-archive 0.4.1-1 (bug #868572)
	NOTE: https://github.com/chef/mixlib-archive/pull/6
	NOTE: https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d
CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 befo ...)
	- epiphany-browser 3.22.6-1 (unimportant)
	NOTE: webkit not covered by security support
CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
	- shotwell 0.25.4+really0.24.5-0.1 (unimportant)
CVE-2017-1000023 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS w ...)
	NOT-FOR-US: LogicalDoc Community Edition
CVE-2017-1000022 (LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect acce ...)
	NOT-FOR-US: LogicalDoc Community Edition
CVE-2017-1000021 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when ...)
	NOT-FOR-US: LogicalDoc Community Edition
CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded de ...)
	NOT-FOR-US: ECos
CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the re ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-7
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/afe84645f29f5acc9970f3ffa5673585bf2dee7d (4.0-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1af76a88545352 (4.4-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/96b4f13e54c9ebbebfd19d0690bfa0812b6818c1 (4.6-branch)
CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user  ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-6
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8ad5bd759156c8c00a1c3e0ef374660027a3bb4 (4.0-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e675c1ab20387 (4.{4,6}-branch)
CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary value ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-5
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f9ecaab86c488d106b1588d7683a6d53ef
CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack  ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-4
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/8a0816266cc1db9e9889829f9f0d88a19650c977 (4.0-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e65355bf49f342 (4.4-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3a6247674e653507294f23480b4c0e1c532badbe (4.6-branch)
CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the t ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-3
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3d230b6ab76ff018645f2090c2664169835f465b (4.{0,4,6}-branch)
CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakne ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-1
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7fe97a1f3c4695f630e39d9433b8fa7539eee30e (4.0-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b92497767c8677653cba (4.4-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4c84070ad6136c3158caa93286754ebbfbce61ab (4.6-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/e37bf40f44a3272a6709eb5b38feccac41658e3f (4.6-branch)
CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying  ...)
	NOT-FOR-US: MySQL Dumper
CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database manag ...)
	NOT-FOR-US: MyWebSQL
CVE-2017-1000010 (Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avf ...)
	- audacity <not-affected> (Specific to Windows packaging)
CVE-2017-1000009 (Akeneo PIM CE and EE &lt;1.6.6, &lt;1.5.15, &lt;1.4.28 are vulnerable  ...)
	NOT-FOR-US: Akeneo PIM
CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user setting ...)
	NOT-FOR-US: Chyrp Lite
CVE-2017-1000007 (txAWS (all current versions) fail to perform complete certificate veri ...)
	NOT-FOR-US: txAWS
CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an X ...)
	NOT-FOR-US: plotly.js (different from the plotly Python package)
CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the nam ...)
	NOT-FOR-US: PHPMiniAdmin
CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in  ...)
	NOT-FOR-US: ATutor
CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to an incorrect acces ...)
	NOT-FOR-US: ATutor
CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory traver ...)
	NOT-FOR-US: ATutor
CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw res ...)
	- fedmsg <removed> (bug #868508)
	[jessie] - fedmsg <no-dsa> (Minor issue)
	NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a
CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 c ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-3 (low)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJN ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.26-2 (low)
	[jessie] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Jessie)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Wheezy)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
CVE-2017-11138
	RESERVED
CVE-2017-11137
	RESERVED
CVE-2017-11136 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11135 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11134 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11133 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11132 (An issue was discovered in heinekingmedia StashCat before 1.5.18 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11131 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11130 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11129 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11128 (Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by t ...)
	NOT-FOR-US: Bolt CMS
CVE-2017-11127 (Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a  ...)
	NOT-FOR-US: Bolt CMS
CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...)
	- mpg123 1.25.3-1 (unimportant)
	NOTE: no security impact
CVE-2017-11125 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_p ...)
	- xar <removed>
CVE-2017-11124 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unser ...)
	- xar <removed>
CVE-2017-11123
	RESERVED
CVE-2017-11122 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can t ...)
	NOT-FOR-US: Broadcom
CVE-2017-11121 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, p ...)
	NOT-FOR-US: Broadcom
CVE-2017-11120 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, a ...)
	NOT-FOR-US: Broadcom
CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a  ...)
	- xine-lib-1.2 <not-affected> (it is built with --disable-nosefart)
	- xine-lib <not-affected> (it is built with --disable-nosefart)
	NOTE: https://sourceforge.net/p/nosefart/bugs/6/
CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in Open ...)
	NOT-FOR-US: OpenExif
CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenEx ...)
	NOT-FOR-US: OpenExif
CVE-2017-11116 (The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenEx ...)
	NOT-FOR-US: OpenExif
CVE-2017-11115 (The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in ...)
	NOT-FOR-US: OpenExif
CVE-2017-11114 (The put_chars function in html_r.c in Twibright Links 2.14 allows remo ...)
	- links2 2.14-3 (unimportant; bug #870299)
	NOTE: PoC: http://seclists.org/fulldisclosure/2017/Jul/76
CVE-2017-11527 (The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9- ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867812)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/523
CVE-2017-11528 (The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9- ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867811)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/522
CVE-2017-11525 (The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9- ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867810)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/519
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867806)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_e ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691
CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...)
	{DLA-1041-1}
	- nasm 2.13.02-0.1 (bug #867988)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415
CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote attackers  ...)
	{DSA-3917-1 DLA-1037-1}
	- catdoc 1:0.95-3 (bug #867717)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471
CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) o ...)
	{DLA-1871-1 DLA-1030-1}
	- vim 2:8.0.0197-5 (low; bug #867720)
	[stretch] - vim 2:8.0.0197-4+deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service (he ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-1 (bug #867718)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468504
	NOTE: Proposed patch: https://github.com/the-tcpdump-group/tcpdump/pull/617
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d9e65de3d94698ec90dbca42962a30dd2f0680e1 (4.9.1)
CVE-2017-11107 (phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the ...)
	{DLA-1561-1 DLA-1019-1}
	- phpldapadmin 1.2.2-6.2 (bug #867719)
	NOTE: https://github.com/leenooks/phpLDAPadmin/issues/50
	NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731
CVE-2017-11106
	RESERVED
CVE-2017-11105 (The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 part ...)
	NOT-FOR-US: OnePlus
CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the functio ...)
	- jasper <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
	NOTE: https://github.com/mdadams/jasper/issues/120
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/u ...)
	NOT-FOR-US: kindeditor
CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services wit ...)
	{DSA-3912-1 DSA-3909-1 DLA-1027-1}
	- heimdal 7.4.0.dfsg.1-1 (bug #868208)
	- samba 2:4.6.5+dfsg-4 (bug #868209)
	[wheezy] - samba <not-affected> (Heimdal is only used in 4.x, wheezy ships 3.6.6)
	- samba4 <removed>
	[wheezy] - samba4 <not-affected> (dynamically linked against system heimdal)
	NOTE: https://orpheus-lyre.info/
	NOTE: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
	NOTE: samba's source package embeds heimdal but the binary is statically linked to src:heimdal
	NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html
	NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894
CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26  ...)
	{DSA-4321-1 DLA-1456-1 DLA-1045-1}
	- graphicsmagick 1.3.26-2 (bug #867746)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230
CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...)
	- swftools <removed> (unimportant; bug #871022)
	NOTE: https://github.com/matthiaskramm/swftools/issues/26
CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lea ...)
	- swftools <removed> (unimportant; bug #871024)
	NOTE: https://github.com/matthiaskramm/swftools/issues/27
CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead t ...)
	- swftools <removed> (unimportant; bug #871018)
	NOTE: https://github.com/matthiaskramm/swftools/issues/31
CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead t ...)
	- swftools <removed> (unimportant; bug #871020)
	NOTE: https://github.com/matthiaskramm/swftools/issues/32
CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...)
	- swftools <removed> (unimportant; bug #871025)
	NOTE: https://github.com/matthiaskramm/swftools/issues/24
CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...)
	- swftools <removed> (unimportant; bug #871026)
	NOTE: https://github.com/matthiaskramm/swftools/issues/25
CVE-2017-11095
	RESERVED
CVE-2017-11094
	RESERVED
CVE-2017-11093 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11092 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11091 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/8feb69c7bd89513be80eb19198d48f154b254021
CVE-2017-11088 (Improper Input Validation in Linux io-prefetch in Snapdragon Mobile an ...)
	NOT-FOR-US: Snapdragon
CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android cop ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-11086
	RESERVED
CVE-2017-11085 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11084
	RESERVED
CVE-2017-11083
	RESERVED
CVE-2017-11082 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11081 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11080 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11077
	RESERVED
CVE-2017-11076
	RESERVED
CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: HTC component for Android
CVE-2017-11071
	RESERVED
CVE-2017-11070
	RESERVED
CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11068
	RESERVED
CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11066 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11065
	RESERVED
CVE-2017-11064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11058 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11039
	RESERVED
CVE-2017-11038 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11037
	RESERVED
CVE-2017-11036
	RESERVED
CVE-2017-11035 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11034
	RESERVED
CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android
CVE-2017-11027 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11026 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11025 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11024 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11023 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11021
	RESERVED
CVE-2017-11020
	RESERVED
CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11011 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11009
	RESERVED
CVE-2017-11008
	REJECTED
CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11004 (A non-secure user may be able to access certain registers in snapdrago ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11001 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11000 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10999 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10998 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10997 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10996 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allow ...)
	{DSA-4204-1 DLA-1081-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #867748)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/24430226caf7eb468b4180f2883b2563e8cc1b23
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fdc09dc8f9522f07f5f501fe8453765ad82556c
	NOTE: The second commit is not security sensitive relevant, cf.
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/538#issuecomment-317047977
CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrar ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...)
	NOT-FOR-US: Contao
CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...)
	NOT-FOR-US: HPE
CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-10990
	RESERVED
CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3 ...)
	{DLA-1633-1 DLA-1018-1}
	- sqlite3 3.19.3-3 (bug #867618)
	[stretch] - sqlite3 3.16.2-5+deb9u1
	NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
	NOTE: https://sqlite.org/src/info/66de6f4a
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
	NOTE: http://marc.info/?l=sqlite-users&m=149933696214713&w=2
CVE-2017-10988
	REJECTED
CVE-2017-10987 (An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buff ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-304
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866
CVE-2017-10986 (An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infi ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-303
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/21e2e95751bfb54c0fb0328392d06671a75c191c
CVE-2017-10985 (An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite lo ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-302
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6726c16549b131ed39f6f8886cdf5d9d922a9a97
CVE-2017-10984 (An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overf ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-301
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/931850e5d2f65193520c2d9c9878148c0cdc16a6
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/4b059296e14b6ab75dc17163077490528a819806
CVE-2017-10983 (An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...)
	{DSA-3930-1 DLA-1064-1}
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-206
	NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d
	NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/5759b20af99af6d30924f0efd8da5eac2a17163d
CVE-2017-10982 (An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buff ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-205
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/10b6de9345c9e0d9d4d5e0426fa5c3d68d702875
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10981 (An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-204
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/812766e2150faa07b4c574e51393b014feaffe6c
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10980 (An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-203
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ef0727fc68e211a36637b5c4e4a6fa1326f0a029
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10979 (An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overf ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-202
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ae3ba0011e7d299e92c45300e0137a56a650e8f5
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10978 (An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...)
	{DSA-3930-1 DLA-1064-1}
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201
	NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68
	NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/fc8662d7e827f630d515eaa0bddfa94754c8047f
CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...)
	- systemd 234-1 (unimportant)
	[jessie] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
	[wheezy] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
	NOTE: https://github.com/systemd/systemd/issues/6237
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/02/1
CVE-2017-10977
	RESERVED
CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...)
	- swftools <removed> (unimportant)
	NOTE: ttftool not shipped in Debian package
CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might all ...)
	NOT-FOR-US: Lutim
CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Direc ...)
	- yaws 1.91-2
	NOTE: Slightly different, additional CVE assignment which MITRE insists on, but fixed by the
	NOTE: original patch for CVE-2011-4350
CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php  ...)
	NOT-FOR-US: FineCMS
CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 a ...)
	- cacti 1.1.12+ds1-1 (bug #867532)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/838
	NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5
CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler c ...)
	{DLA-1034-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773
	NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ...)
	{DLA-1034-1}
	- php7.1 <not-affected> (Fixed with initial upload to unstable)
	- php7.0 7.0.13-1
	- php5 <removed>
	[jessie] - php5 5.6.28+dfsg-0+deb8u1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192
	NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ...)
	{DSA-4081-1 DSA-4080-1 DLA-1034-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ...)
	{DSA-4081-1 DLA-1034-1}
	- php7.1 <not-affected> (Only affected 5.6)
	- php7.0 <not-affected> (Only affected 5.6)
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ...)
	{DSA-4081-1}
	- php7.1 7.1.3+-1
	- php7.0 7.0.17-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (vulnerable code not present)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807
	NOTE: Fixed in 7.1.3, 7.0.17, 5.6.31
	NOTE: https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3
	NOTE: https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handling of  ...)
	{DSA-3905-1 DLA-1026-1}
	- xorg-server 2:1.19.3-2 (bug #867492)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X  ...)
	{DSA-3905-1 DLA-1026-1}
	- xorg-server 2:1.19.3-2 (bug #867492)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10969
	RESERVED
CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.ph ...)
	NOT-FOR-US: FineCMS
CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php a ...)
	NOT-FOR-US: FineCMS
CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the inte ...)
	{DLA-1089-1}
	- irssi 1.0.4-1 (low; bug #867598)
	[stretch] - irssi 1.0.2-1+deb9u2
	[jessie] - irssi 0.8.17-1+deb8u5
	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...)
	{DLA-1089-1}
	- irssi 1.0.4-1 (low; bug #867598)
	[stretch] - irssi 1.0.2-1+deb9u2
	[jessie] - irssi 0.8.17-1+deb8u5
	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
CVE-2017-10964
	RESERVED
CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobil ...)
	NOT-FOR-US: Samsung
CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
	NOT-FOR-US: REDCap
CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File Repos ...)
	NOT-FOR-US: REDCap
CVE-2017-10960
	RESERVED
CVE-2017-10959 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10958 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10957 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10956 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to execute a ...)
	NOT-FOR-US: EMC
CVE-2017-10954 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Bitdefender Internet Security Internet Security 2018
CVE-2017-10953 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10952 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10951 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10950 (This vulnerability allows local attackers to execute arbitrary code on ...)
	NOT-FOR-US: Bitdefender Total Security
CVE-2017-10949 (Directory Traversal in Dell Storage Manager 2016 R2.1 causes Informati ...)
	NOT-FOR-US: Dell Storage Manager
CVE-2017-10948 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10947 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10944 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10943 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10942 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Joyent
CVE-2017-10939
	REJECTED
CVE-2017-10938
	REJECTED
CVE-2017-10937 (SQL injection vulnerability in all versions prior to V2.01.05.09 of th ...)
	NOT-FOR-US: ZTE
CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01 of the Z ...)
	NOT-FOR-US: ZTE ZXCDN-SNS
CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products ...)
	NOT-FOR-US: ZTE ZXR10 1800-2S products
CVE-2017-10934 (All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use  ...)
	NOT-FOR-US: ZTE ZXIPTV-EPG product
CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring sy ...)
	NOT-FOR-US: ZTE ZXDT22 SF01
CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series pro ...)
	NOT-FOR-US: ZTE Microwave
CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download o ...)
	NOT-FOR-US: ZXR10 1800-2S
CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a re ...)
	NOT-FOR-US: ZXR10 1800-2S
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
	{DLA-1044-1}
	- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
	[stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
	[jessie] - ipsec-tools <no-dsa> (Will be fixed via point release)
	NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
	NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
	NOTE: Patch disputed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1047443#c1
	NOTE: Updated patch: https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b
CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...)
	{DLA-1016-1}
	- radare2 1.6.0+dfsg-1 (low; bug #867369)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7855
	NOTE: https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextTo ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867367)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/539
CVE-2017-10927
	RESERVED
CVE-2017-10926 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to c ...)
	NOT-FOR-US: IrfanView
CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to c ...)
	NOT-FOR-US: IrfanView
CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...)
	NOT-FOR-US: IrfanView
CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...)
	- node-mqtt <not-affected> (Fixed before initial upload)
CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...)
	NOT-FOR-US: Music Center for PC
CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...)
	- h2o 2.2.4+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1544
CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85 and e ...)
	NOT-FOR-US: OneThird CMS Show Off
CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 th ...)
	NOT-FOR-US: Fluentd
CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to  ...)
	NOT-FOR-US: Qt for Android
CVE-2017-10904 (Qt for Android prior to 5.9.0 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Qt for Android
CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 a ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10901 (Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote a ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10900 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass  ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10899 (SQL injection vulnerability in the A-Reserve and A-Reserve for MT clou ...)
	NOT-FOR-US: A-Reserve
CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud  ...)
	NOT-FOR-US: A-Member
CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband ro ...)
	NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers
CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG  ...)
	NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers
CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause  ...)
	NOT-FOR-US: sDNSProxy
CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: StreamRelay.NET
CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification Servic ...)
	NOT-FOR-US: The Public Certification Service for Individuals
CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...)
	NOT-FOR-US: Music Center for PC
CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and  ...)
	NOT-FOR-US: Media Go
CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to 09.87.1 ...)
	NOT-FOR-US: RX-V200 firmware
CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML Ex ...)
	NOT-FOR-US: TablePress
CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver ...)
	NOT-FOR-US: BOOK WALKER
CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2 ...)
	NOT-FOR-US: BOOK WALKER
CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 ...)
	NOT-FOR-US: CS-Cart
CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier  ...)
	NOT-FOR-US: HYPER SBI
CVE-2017-10884
	RESERVED
CVE-2017-10883
	RESERVED
CVE-2017-10882
	RESERVED
CVE-2017-10881
	RESERVED
CVE-2017-10880
	RESERVED
CVE-2017-10879
	RESERVED
CVE-2017-10878
	RESERVED
CVE-2017-10877
	RESERVED
CVE-2017-10876
	RESERVED
CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacke ...)
	NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect
CVE-2017-10874 (PWR-Q200 does not use random values for source ports of DNS query pack ...)
	NOT-FOR-US: PWR-Q200
CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass authenticati ...)
	NOT-FOR-US: OpenAM
CVE-2017-10872 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...)
	- h2o 2.2.4+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1543
CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02 ...)
	NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software
CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 20 ...)
	NOT-FOR-US: Rakuraku Hagaki
CVE-2017-10869 (Buffer overflow in H2O version 2.2.2 and earlier allows remote attacke ...)
	- h2o 2.2.3+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1460
CVE-2017-10868 (H2O version 2.2.2 and earlier allows remote attackers to cause a denia ...)
	- h2o 2.2.3+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1459
CVE-2017-10867
	RESERVED
CVE-2017-10866
	RESERVED
CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File Decrypt ...)
	NOT-FOR-US: HIBUN Confidential File Decryption
CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN Confidential ...)
	NOT-FOR-US: HIBUN Confidential File Decryption
CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File Decrypt ...)
	NOT-FOR-US: HIBUN Confidential File Decryption
CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...)
	NOT-FOR-US: jwt-scala
CVE-2017-10861 (Directory traversal vulnerability in QND Advance/Standard allows an at ...)
	NOT-FOR-US: QND Advance/Standard
CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" timest ...)
	NOT-FOR-US: i-filter 6.0 installer
CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0 installer" timest ...)
	NOT-FOR-US: i-filter 6.0 installer
CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program"  ...)
	NOT-FOR-US: i-filter 6.0 install program
CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu
CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL ...)
	NOT-FOR-US: SEIL
CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4 ...)
	NOT-FOR-US: FENCE-Explorer for Windows
CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypa ...)
	NOT-FOR-US: Corega CG-WGR1200 firmware
CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows  ...)
	NOT-FOR-US: Corega CG-WGR1200 firmware
CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows  ...)
	NOT-FOR-US: Corega CG-WGR1200 firmware
CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge Ut ...)
	NOT-FOR-US: Installer for ContentsBridge Utility for Windows
CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...)
	NOT-FOR-US: Various installer for Drivers for ApeosPort-VI and DocuCentre-VI products
CVE-2017-10849 (Untrusted search path vulnerability in Self-extracting document genera ...)
	NOT-FOR-US: DocuWorks
CVE-2017-10848 (Untrusted search path vulnerability in Installers for DocuWorks 8.0.7  ...)
	NOT-FOR-US: Installers for DocuWorks
CVE-2017-10847
	RESERVED
CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows remote at ...)
	NOT-FOR-US: Wi-Fi STATION L-02F Software
CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows remote at ...)
	NOT-FOR-US: Wi-Fi STATION L-02F Software
CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to e ...)
	NOT-FOR-US: baserCMS
CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote a ...)
	NOT-FOR-US: baserCMS
CVE-2017-10842 (SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5  ...)
	NOT-FOR-US: baserCMS
CVE-2017-10841 (Directory traversal vulnerability in WebCalendar 1.2.7 and earlier all ...)
	- webcalendar <removed>
CVE-2017-10840 (Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier al ...)
	- webcalendar <removed>
CVE-2017-10839 (SQL injection vulnerability in the SEO Panel prior to version 3.11.0 a ...)
	NOT-FOR-US: SEO Panel
CVE-2017-10838 (Cross-site scripting vulnerability in SEO Panel prior to version 3.11. ...)
	NOT-FOR-US: SEO Panel
CVE-2017-10837 (Cross-site scripting vulnerability in BackupGuard prior to version 1.1 ...)
	NOT-FOR-US: BackupGuard
CVE-2017-10836 (Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlie ...)
	NOT-FOR-US: Optimal Guard
CVE-2017-10835 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10834 (Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD F ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10833 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10832 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10831 (Untrusted search path vulnerability in The electronic authentication s ...)
	NOT-FOR-US: The CRCA user's Software system
CVE-2017-10830 (Untrusted search path vulnerability in Security Setup Tool all version ...)
	NOT-FOR-US: Security Setup Tool
CVE-2017-10829 (Untrusted search path vulnerability in Remote Support Tool (Enkaku Sup ...)
	NOT-FOR-US: Remote Support Tool (Enkaku Support Tool)
CVE-2017-10828 (Untrusted search path vulnerability in Flets Install Tool all versions ...)
	NOT-FOR-US: Flets Install Tool
CVE-2017-10827 (Untrusted search path vulnerability in Flets Azukeru for Windows Auto  ...)
	NOT-FOR-US: Flets Azukeru for Windows Auto Backup Tool
CVE-2017-10826 (Untrusted search path vulnerability in Security Kinou Mihariban v1.0.2 ...)
	NOT-FOR-US: Security Kinou Mihariban
CVE-2017-10825 (Untrusted search path vulnerability in Installer of Flets Easy Setup T ...)
	NOT-FOR-US: Installer of Flets Easy Setup Tool
CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software Versi ...)
	NOT-FOR-US: TDB CA TypeA use software
CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji Hou ...)
	NOT-FOR-US: Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program
CVE-2017-10822 (Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu ...)
	NOT-FOR-US: Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program
CVE-2017-10821 (Untrusted search path vulnerability in Installer for Shin Kikan Toukei ...)
	NOT-FOR-US: Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program
CVE-2017-10820 (Untrusted search path vulnerability in Installer of IP Messenger for W ...)
	NOT-FOR-US: Installer of IP Messenger for Win
CVE-2017-10819 (MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, ...)
	NOT-FOR-US: MaLion
CVE-2017-10818 (MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cr ...)
	NOT-FOR-US: MaLion
CVE-2017-10817 (MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to b ...)
	NOT-FOR-US: MaLion
CVE-2017-10816 (SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to ...)
	NOT-FOR-US: MaLion
CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is in ...)
	NOT-FOR-US: MaLion
CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allow ...)
	NOT-FOR-US: CG-WLR300NM Firmware
CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to ex ...)
	NOT-FOR-US: CG-WLR300NM Firmware
CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC Software Ve ...)
	NOT-FOR-US: Photo Collection PC Software
CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an att ...)
	NOT-FOR-US: Buffalo WCR-1166DS devices
CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in drivers/gpu/dr ...)
	{DSA-3927-1}
	- linux 4.11.11-1 (low)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/385aee965b4e4c36551c362a334378d2985b722a
CVE-2017-10809
	RESERVED
CVE-2017-10808
	RESERVED
CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Em ...)
	{DSA-3925-1 DLA-1497-1}
	- qemu 1:2.8+dfsg-7 (bug #867751)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate  ...)
	{DSA-3902-1}
	- jabberd2 2.6.1-1 (bug #867032)
	NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
	NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise  ...)
	NOT-FOR-US: Odoo
CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise  ...)
	NOT-FOR-US: Odoo
CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise  ...)
	NOT-FOR-US: Odoo
CVE-2017-10802
	RESERVED
CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO  ...)
	NOT-FOR-US: phpSocial
CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, i ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.26-1 (bug #867060)
	[jessie] - graphicsmagick <no-dsa> (Minor issue)
	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012
	NOTE: The above commit unfortunately is not enough. There are more related
	NOTE: changes, and Bob Friesenhahn commented that it's not complete. All
	NOTE: the rlated changesets to mat.c since the one referenced should be
	NOTE: picked up.
CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata indica ...)
	{DSA-4321-1 DLA-1755-1 DLA-1045-1}
	- graphicsmagick 1.3.26-1 (bug #867077)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62
CVE-2017-10798 (In ObjectPlanet Opinio before 7.6.4, there is XSS. ...)
	NOT-FOR-US: ObjectPlanet Opinio
CVE-2017-10797
	RESERVED
CVE-2017-10796 (On TP-Link NC250 devices with firmware through 1.2.1 build 170515, any ...)
	NOT-FOR-US: TP-Link
CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows r ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadat ...)
	{DSA-4321-1}
	- graphicsmagick 1.3.26-1 (bug #867085)
	[jessie] - graphicsmagick <not-affected> (vulnerable code not present)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a20bee0a0ad2
CVE-2017-10793 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, ...)
	NOT-FOR-US: Arris
CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...)
	- pspp 1.0.0-1 (unimportant; bug #866890)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467005
	NOTE: No security impact, crash in CLI tool
CVE-2017-10791 (There is an Integer overflow in the hash_int function of the libpspp l ...)
	- pspp 1.0.0-1 (unimportant; bug #866890)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
	NOTE: No security impact as built in Debian
CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...)
	{DSA-4106-1 DLA-2255-1 DLA-1038-1}
	- libtasn1-6 4.12-2.1 (bug #867398)
	- libtasn1-3 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
	NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39
CVE-2017-10789 (The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 sett ...)
	{DLA-1079-1}
	- libdbd-mysql-perl 4.046-1 (bug #866821)
	[stretch] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/110
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/114
	NOTE: Upstream 4.042 fixed this issue, but was reverted upstream in 4.043:
	NOTE: https://www.nntp.perl.org/group/perl.dbi.dev/2017/08/msg8037.html
	NOTE: No upstream-blessed patch available.
CVE-2017-10788 (The DBD::mysql module through 4.043 for Perl allows remote attackers t ...)
	{DLA-1079-1}
	- libdbd-mysql-perl 4.046-1 (bug #866818)
	[stretch] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: http://seclists.org/oss-sec/2017/q2/443
	NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/120
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/142
CVE-2017-10787
	RESERVED
CVE-2017-10786
	RESERVED
CVE-2017-10785
	RESERVED
CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...)
	{DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1}
	- ruby2.3 2.3.5-1 (bug #875931)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
	NOTE: https://github.com/ruby/ruby/commit/6617c41292b7d1e097abb8fdb0cab9ddd83c77e7
	NOTE: https://hackerone.com/reports/223363
CVE-2017-10783 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10782 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10781 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10780 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10779 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10778 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10777 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10776 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10775 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10774 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10773 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10772 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10771 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10770 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10769 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10768 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10767 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10766 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10765 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10764 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10763 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10762 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10761 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10760 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10759 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10758 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10757 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10756 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10755 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10754 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10753 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10752 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10751 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10750 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10749 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10748 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10747 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10746 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10745 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10744 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10743 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10742 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10741 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10740 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10739 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10738 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10737 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10736 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...)
	NOT-FOR-US: XnView
CVE-2017-10735 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10734 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10733 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10732 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10731 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...)
	NOT-FOR-US: IrfanView
CVE-2017-10730 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...)
	NOT-FOR-US: IrfanView
CVE-2017-10729 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...)
	NOT-FOR-US: IrfanView
CVE-2017-10728 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...)
	NOT-FOR-US: Winamp
CVE-2017-10727 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...)
	NOT-FOR-US: Winamp
CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...)
	NOT-FOR-US: Winamp
CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Winamp
CVE-2017-10724 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10723 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10722 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10721 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10720 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10719 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10718 (Recently it was discovered as a part of the research on IoT devices in ...)
	NOT-FOR-US: Shekar Endoscope
CVE-2017-10717
	RESERVED
CVE-2017-10716
	RESERVED
CVE-2017-10715
	RESERVED
CVE-2017-10714
	RESERVED
CVE-2017-10713
	RESERVED
CVE-2017-10712
	RESERVED
CVE-2017-10711 (In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send P ...)
	NOT-FOR-US: SimpleRisk
CVE-2017-10710
	RESERVED
CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows  ...)
	NOT-FOR-US: Elephone P9000 devices
CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...)
	NOT-FOR-US: Apport
CVE-2017-10707
	RESERVED
CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP  ...)
	NOT-FOR-US: When Antiy Antivirus Engine
CVE-2017-10705
	RESERVED
CVE-2017-10704
	RESERVED
CVE-2017-10703
	RESERVED
CVE-2017-10702
	RESERVED
CVE-2017-10701 (Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 ...)
	NOT-FOR-US: SAP Enterprise Portal
CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authentica ...)
	NOT-FOR-US: QNAP
CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 201 ...)
	{DSA-4045-1}
	- vlc 2.2.6-3
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
	NOTE: https://trac.videolan.org/vlc/ticket/18467
CVE-2017-10698
	RESERVED
CVE-2017-10697
	RESERVED
CVE-2017-10696
	RESERVED
CVE-2017-10695
	RESERVED
CVE-2017-10694
	RESERVED
CVE-2017-10693
	RESERVED
CVE-2017-10692
	RESERVED
CVE-2017-10691
	RESERVED
CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to  ...)
	- puppet <not-affected> (Only affects Puppet 5, only in experimental)
	NOTE: https://puppet.com/security/cve/CVE-2017-10690
	NOTE: https://tickets.puppetlabs.com/browse/PUP-8225
	NOTE: Fixed by: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b
CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a modu ...)
	- puppet 5.4.0-1 (bug #890412)
	[stretch] - puppet <no-dsa> (Minor issue)
	[jessie] - puppet <no-dsa> (Minor issue)
	[wheezy] - puppet <not-affected> (vulnerable code not present)
	NOTE: https://puppet.com/security/cve/CVE-2017-10689
	NOTE: https://tickets.puppetlabs.com/browse/PUP-7866
	NOTE: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
	NOTE: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399
CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectory ...)
	{DSA-3903-1 DLA-1022-1}
	- tiff 4.0.8-3 (bug #866611)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...)
	- libsass <undetermined> (low; bug #866672)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411
CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...)
	{DLA-1041-1}
	- nasm 2.13.02-0.1 (bug #867988)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414
CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entr ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692
CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entr ...)
	- ncurses 6.0+20170708-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687
CVE-2017-10683 (In mpg123 1.25.0, there is a heap-based buffer over-read in the conver ...)
	{DLA-1017-1}
	- mpg123 1.25.1-1 (bug #866860)
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465819
	NOTE: Duplicate of https://sourceforge.net/p/mpg123/bugs/252/
	NOTE: Patch: http://scm.orgis.org/view/mpg123/trunk/src/libmpg123/id3.c?sortby=date&r1=4249&r2=4248&pathrev=4249
CVE-2017-10682 (SQL injection vulnerability in the administrative backend in Piwigo th ...)
	- piwigo <removed>
CVE-2017-10681 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...)
	- piwigo <removed>
CVE-2017-10680 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...)
	- piwigo <removed>
CVE-2017-10679 (Piwigo through 2.9.1 allows remote attackers to obtain sensitive infor ...)
	- piwigo <removed>
CVE-2017-10678 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...)
	- piwigo <removed>
CVE-2017-10677 (Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices wit ...)
	NOT-FOR-US: Linksys EA4500 devices
CVE-2017-10676 (On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was ...)
	NOT-FOR-US: D-Link
CVE-2017-10675
	RESERVED
CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a de ...)
	NOT-FOR-US: Antiy Antivirus Engine
CVE-2015-9106
	RESERVED
	NOT-FOR-US: WordPress plugin the-holiday-calendar
CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Video  ...)
	NOT-FOR-US: Synology
CVE-2015-9104 (Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5 ...)
	NOT-FOR-US: Synology
CVE-2015-9103 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Note S ...)
	NOT-FOR-US: Synology
CVE-2015-9102 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo  ...)
	NOT-FOR-US: Synology
CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field. ...)
	NOT-FOR-US: GetSimple CMS
CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...)
	{DSA-4042-1 DLA-1171-1}
	- libxml-libxml-perl 2.0128+dfsg-5 (bug #866676)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246
	NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8
CVE-2017-10671 (Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in  ...)
	- thttpd <removed>
CVE-2017-10670 (An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as use ...)
	NOT-FOR-US: OSCI-Transport
CVE-2017-10669 (Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transp ...)
	NOT-FOR-US: OSCI-Transport
CVE-2017-10668 (A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transpor ...)
	NOT-FOR-US: OSCI-Transport
CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can cause XS ...)
	NOT-FOR-US: Zen Cart
CVE-2017-10666
	RESERVED
CVE-2017-10665 (Directory traversal vulnerability in ajaxfileupload.php in Kayson Grou ...)
	NOT-FOR-US: Kayson Group Ltd. phpGrid
CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf thr ...)
	- dwarfutils 20170416-3 (bug #866968)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465756
CVE-2017-9997
	RESERVED
CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which a ...)
	{DSA-3920-1 DLA-1599-1 DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-7 (bug #866674)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
	NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel  ...)
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1)
CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ke ...)
	- linux 4.9.30-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1)
CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allo ...)
	{DLA-1099-1}
	- linux 4.9.30-1
	[jessie] - linux 3.16.43-2+deb8u5
	NOTE: Fixed by: https://git.kernel.org/linus/1e38da300e1e395a15048b0af1e5305bd91402f6 (v4.11-rc1)
CVE-2017-10660
	REJECTED
CVE-2017-10659
	REJECTED
CVE-2017-10658
	REJECTED
CVE-2017-10657
	REJECTED
CVE-2017-10656
	REJECTED
CVE-2017-10655
	REJECTED
CVE-2017-10654
	REJECTED
CVE-2017-10653
	REJECTED
CVE-2017-10652
	REJECTED
CVE-2017-10651
	REJECTED
CVE-2017-10650
	RESERVED
CVE-2017-10649
	RESERVED
CVE-2017-10648
	RESERVED
CVE-2017-10647
	RESERVED
CVE-2017-10646
	RESERVED
CVE-2017-10645
	RESERVED
CVE-2017-10644
	RESERVED
CVE-2017-10643
	RESERVED
CVE-2017-10642
	RESERVED
CVE-2017-10641
	RESERVED
CVE-2017-10640
	RESERVED
CVE-2017-10639
	RESERVED
CVE-2017-10638
	RESERVED
CVE-2017-10637
	RESERVED
CVE-2017-10636
	RESERVED
CVE-2017-10635
	RESERVED
CVE-2017-10634
	RESERVED
CVE-2017-10633
	RESERVED
CVE-2017-10632
	RESERVED
CVE-2017-10631
	RESERVED
CVE-2017-10630
	RESERVED
CVE-2017-10629
	RESERVED
CVE-2017-10628
	RESERVED
CVE-2017-10627
	RESERVED
CVE-2017-10626
	RESERVED
CVE-2017-10625
	RESERVED
CVE-2017-10624 (Insufficient verification of node certificates in Juniper Networks Jun ...)
	NOT-FOR-US: Juniper
CVE-2017-10623 (Lack of authentication and authorization of cluster messages in Junipe ...)
	NOT-FOR-US: Juniper
CVE-2017-10622 (An authentication bypass vulnerability in Juniper Networks Junos Space ...)
	NOT-FOR-US: Juniper
CVE-2017-10621 (A denial of service vulnerability in telnetd service on Juniper Networ ...)
	NOT-FOR-US: Juniper
CVE-2017-10620 (Juniper Networks Junos OS on SRX series devices do not verify the HTTP ...)
	NOT-FOR-US: Juniper
CVE-2017-10619 (When Express Path (formerly known as service offloading) is configured ...)
	NOT-FOR-US: Juniper
CVE-2017-10618 (When the 'bgp-error-tolerance' feature &amp;#xe2;&amp;#x80;" designed  ...)
	NOT-FOR-US: Juniper
CVE-2017-10617 (The ifmap service that comes bundled with Contrail has an XML External ...)
	NOT-FOR-US: Juniper
CVE-2017-10616 (The ifmap service that comes bundled with Juniper Networks Contrail re ...)
	NOT-FOR-US: Juniper
CVE-2017-10615 (A vulnerability in the pluggable authentication module (PAM) of Junipe ...)
	NOT-FOR-US: Juniper
CVE-2017-10614 (A vulnerability in telnetd service on Junos OS allows a remote attacke ...)
	NOT-FOR-US: Juniper
CVE-2017-10613 (A vulnerability in a specific loopback filter action command, processe ...)
	NOT-FOR-US: Juniper
CVE-2017-10612 (A persistent site scripting vulnerability in Juniper Networks Junos Sp ...)
	NOT-FOR-US: Juniper
CVE-2017-10611 (If extended statistics are enabled via 'set chassis extended-statistic ...)
	NOT-FOR-US: Juniper
CVE-2017-10610 (On SRX Series devices, a crafted ICMP packet embedded within a NAT64 I ...)
	NOT-FOR-US: Juniper
CVE-2017-10609
	RESERVED
CVE-2017-10608 (Any Juniper Networks SRX series device with one or more ALGs enabled m ...)
	NOT-FOR-US: Juniper
CVE-2017-10607 (Juniper Networks Junos OS 16.1R1, and services releases based off of 1 ...)
	NOT-FOR-US: Juniper
CVE-2017-10606 (Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper  ...)
	NOT-FOR-US: Juniper
CVE-2017-10605 (On all vSRX and SRX Series devices, when the DHCP or DHCP relay is con ...)
	NOT-FOR-US: Juniper
CVE-2017-10604 (When the device is configured to perform account lockout with a define ...)
	NOT-FOR-US: Juniper
CVE-2017-10603 (An XML injection vulnerability in Junos OS CLI can allow a locally aut ...)
	NOT-FOR-US: Juniper
CVE-2017-10602 (A buffer overflow vulnerability in Junos OS CLI may allow a local auth ...)
	NOT-FOR-US: Juniper
CVE-2017-10601 (A specific device configuration can result in a commit failure conditi ...)
	NOT-FOR-US: Juniper
CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates  ...)
	NOT-FOR-US: ubuntu-image
CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x be ...)
	- ffmpeg 7:3.2.5-1
	- libav <not-affected> (Vulnerable feature not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
	NOTE: The bug affects FFmpeg's support for CHUNKY cdxl files, a feature that is
	NOTE: not present in Libav. Libav detects CHUNKY files and bails out early.
CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validat ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706
CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x b ...)
	{DLA-1630-1}
	- ffmpeg 7:3.2.5-1
	- libav <removed>
	[wheezy] - libav <not-affected> (Vulnerable code not present, WebP decoder feature introduced in v10)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6 ...)
	{DSA-3957-1 DLA-1630-1}
	- ffmpeg 7:3.2.6-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb
	NOTE: Fixed in 3.2.6
	NOTE: Jessie is only partially affected. Only the second commit is
	NOTE: relevant. HTTP Live Streaming filename extension code is not present.
CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in libavcodec/d ...)
	{DSA-4012-1 DLA-1142-1}
	- ffmpeg 7:3.2.5-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360
	NOTE: Fixed in 11.11
CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in libavco ...)
	- ffmpeg 7:3.2.5-1
	- libav <not-affected> (Vulnerable feature not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06
	NOTE: The error occurs in the support for 8bpp XWD images where bpp and image
	NOTE: depth are not checked thoroughly enough. Libav does not support 8bpp
	NOTE: images and bails out early -- Diego Biurrun (libav project)
CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba function in li ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879
CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A craf ...)
	{DLA-1176-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/86
CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles  ...)
	{DLA-1176-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/85
CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in m ...)
	{DLA-1907-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1067
	NOTE: Five different issues but only one POC instead of five attached.
	NOTE: Requires more information.
CVE-2017-9986 (The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel thr ...)
	- linux 4.15.4-1 (unimportant)
	NOTE: No security issue, only "exploitable" with malicious ISA cards
CVE-2017-9985 (The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in  ...)
	- linux 4.13.4-1 (unimportant)
	[stretch] - linux 4.9.51-1
	NOTE: No security issue, only "exploitable" with malicious ISA cards
	NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196133
CVE-2017-9984 (The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in t ...)
	- linux 4.13.4-1 (unimportant)
	[stretch] - linux 4.9.51-1
	NOTE: No security issue, only "exploitable" with malicious ISA cards
	NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196131
CVE-2017-9983
	RESERVED
CVE-2017-9982 (TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of s ...)
	- teamspeak-client <removed>
	[wheezy] - teamspeak-client <end-of-life> (non-free is not supported)
CVE-2017-9981
	RESERVED
CVE-2017-9980 (In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "P ...)
	NOT-FOR-US: Green Packet
CVE-2017-9979 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the RE ...)
	NOT-FOR-US: QuantaStor
CVE-2017-9978 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw wa ...)
	NOT-FOR-US: QuantaStor
CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow remot ...)
	NOT-FOR-US: AVG
CVE-2017-9976
	RESERVED
CVE-2017-9975
	REJECTED
CVE-2017-9974
	REJECTED
CVE-2017-9973
	REJECTED
CVE-2017-9972
	REJECTED
CVE-2017-9971
	REJECTED
CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's S ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's Pe ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco Vide ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure Gatewa ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX vers ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9960 (An information disclosure vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9959 (A vulnerability exists in Schneider Electric's U.motion Builder softwa ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9958 (An improper access control vulnerability exists in Schneider Electric' ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9957 (A vulnerability exists in Schneider Electric's U.motion Builder softwa ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9956 (An authentication bypass vulnerability exists in Schneider Electric's  ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9955 (The get_build_id function in opncls.c in the Binary File Descriptor (B ...)
	- binutils 2.29-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21665
CVE-2017-9954 (The getvalue function in tekhex.c in the Binary File Descriptor (BFD)  ...)
	- binutils 2.29-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21670
CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads to a S ...)
	- exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465061
	NOTE: Possibly introduced after https://github.com/Exiv2/exiv2/commit/fd5e983746c336336039e91cb6b656cf8eeccdea
	NOTE: which introduces printIFDStructure function and later restructurated
	NOTE: again. Around that commit upstream source though does not build.
CVE-2017-9952
	RESERVED
CVE-2017-9951 (The try_read_command function in memcached.c in memcached before 1.4.3 ...)
	{DSA-4218-1 DLA-1033-1}
	- memcached 1.5.0-1 (bug #868701)
	NOTE: https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/
	NOTE: https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167
CVE-2017-9950
	RESERVED
CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...)
	- radare2 1.6.0+dfsg-1 (bug #866068)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7683
	NOTE: https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191
CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in Microsoft ...)
	NOT-FOR-US: Microsoft Skype
CVE-2017-9947 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...)
	NOT-FOR-US: Siemens
CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...)
	NOT-FOR-US: Siemens
CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (Al ...)
	NOT-FOR-US: Siemens
CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data manage ...)
	NOT-FOR-US: Siemens
CVE-2017-9943
	RESERVED
CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...)
	NOT-FOR-US: Siemens
CVE-2017-9941 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...)
	NOT-FOR-US: Siemens
CVE-2017-9940 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...)
	NOT-FOR-US: Siemens
CVE-2017-9939 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...)
	NOT-FOR-US: Siemens
CVE-2017-9938 (A vulnerability was discovered in Siemens SIMATIC Logon (All versions  ...)
	NOT-FOR-US: Siemens
CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A cr ...)
	- jbigkit <unfixed> (unimportant; bug #869708)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2707
	NOTE: The CVE was assigned for src:tiff by MITRE, but the issue actually lies
	NOTE: in jbigkit itself.
CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
	{DSA-3903-1 DLA-1023-1 DLA-1022-1}
	- tiff 4.0.8-3 (bug #866113)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_wri ...)
	{DSA-4100-1 DLA-1206-1}
	- tiff 4.0.9-2 (bug #866109)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
	NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...)
	NOT-FOR-US: Joomla!
CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads t ...)
	NOT-FOR-US: Joomla!
CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a defa ...)
	NOT-FOR-US: Green Packet
CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware vers ...)
	NOT-FOR-US: Green Packet
CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmwa ...)
	NOT-FOR-US: Green Packet
CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
	- lrzip 0.631+git180517-1 (bug #866020)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/75
CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
	- lrzip 0.631+git180517-1 (bug #866022)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/74
CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...)
	- swftools <removed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...)
	- swftools <removed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...)
	- swftools <removed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...)
	- swftools <removed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9922 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9921 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9920 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9919 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9918 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9917 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9916 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9915 (IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers ...)
	NOT-FOR-US: IrfanView
CVE-2017-9914 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9913 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9912 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9911 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9910 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9909 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9908 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9907 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9906 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9905 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9904 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...)
	NOT-FOR-US: XnView
CVE-2017-9903 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9902 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9901 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9900 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9899 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9898 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9897 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9896 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9895 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9894 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9893 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9892 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9891 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9890 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9889 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9888 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9887 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9886 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9885 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9884 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9883 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9882 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9881 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9880 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9879 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9878 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9877 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9876 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9875 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9874 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in l ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
	NOTE: https://sourceforge.net/p/lame/bugs/482/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in libmpgdeco ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
	NOTE: https://sourceforge.net/p/lame/bugs/483/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in libmpgdeco ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/
	NOTE: https://sourceforge.net/p/lame/bugs/481/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in libmpgdecod ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame 3.99.5+repack1-7+deb8u2
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
	NOTE: https://sourceforge.net/p/lame/bugs/475/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) i ...)
	{DLA-1525-1 DLA-1146-1}
	- mosquitto 1.4.14-1 (bug #865959)
	[stretch] - mosquitto 1.4.10-3+deb9u1
	NOTE: https://github.com/eclipse/mosquitto/issues/468
	NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7
CVE-2017-9867
	RESERVED
CVE-2017-9866
	RESERVED
CVE-2017-9865 (The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54. ...)
	{DSA-4079-1 DLA-1074-1}
	- poppler 0.57.0-2 (bug #867477)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774
	NOTE: http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=75fff6556eaf0ef3a6fcdef2c2229d0b6d1c58d9
CVE-2017-9864 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9863 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9862 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9861 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9860 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9859 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9858 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9857 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9856 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9855 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9854 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9853 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9852 (** DISPUTED ** An Incorrect Password Management issue was discovered i ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9851 (** DISPUTED ** An issue was discovered in SMA Solar Technology product ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9850
	RESERVED
CVE-2017-9849
	RESERVED
CVE-2017-9848 (SQL injection vulnerability in C_InfoService.asmx in WebServices in Ea ...)
	NOT-FOR-US: Easysite
CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote  ...)
	- libtorrent-rasterbar 1.1.4-1 (bug #865845)
	[stretch] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <not-affected> (new bdecode introduced in 1.1.0; vulnerable code not present)
	NOTE: https://github.com/arvidn/libtorrent/issues/2099
	NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
	NOTE: Pre-1.1.0 versions possibly similarly affected in lazy_bdecode.cpp
CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...)
	NOT-FOR-US: Winmail Server
CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attacke ...)
	NOT-FOR-US: SAP
CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a deni ...)
	NOT-FOR-US: SAP
CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with cert ...)
	NOT-FOR-US: SAP
CVE-2017-9842
	RESERVED
CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3  ...)
	- phpunit 5.4.6-2 (bug #866200)
	[stretch] - phpunit 5.4.6-2~deb9u1
	[jessie] - phpunit <not-affected> (Issue introduced later; vulnerable code not present)
	[wheezy] - phpunit <not-affected> (Issue introduced later; vulnerable code not present)
	NOTE: https://github.com/sebastianbergmann/phpunit/pull/1956
	NOTE: https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5
	NOTE: http://phpunit.vulnbusters.com/
CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload  ...)
	- dolibarr <removed> (bug #867495)
CVE-2017-9839 (Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 ...)
	- dolibarr <removed>
CVE-2017-9838 (Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scriptin ...)
	- dolibarr <removed>
CVE-2017-9837
	REJECTED
CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...)
	- piwigo <removed>
CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869907)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1)
CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...)
	NOT-FOR-US: WatuPRO plugin for WordPress
CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of  ...)
	NOT-FOR-US: Undetermined product
	NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
	NOTE: script used in some embedded product relying on BOA as webserver.
	NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog
CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL functi ...)
	{DLA-2169-1 DLA-1029-1}
	- libmtp 1.1.13-1
	NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/
	NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/
	NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at
CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx f ...)
	{DLA-2169-1 DLA-1029-1}
	- libmtp 1.1.13-1
	NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/
	NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/
	NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at
CVE-2017-9830 (Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the or ...)
	NOT-FOR-US: Code42
CVE-2017-9829 ('/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the  ...)
	NOT-FOR-US: VIVOTEK Network Cameras
CVE-2017-9828 ('/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVO ...)
	NOT-FOR-US: VIVOTEK Network Cameras
CVE-2017-9827
	RESERVED
CVE-2017-9826
	RESERVED
CVE-2017-11104 (Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within th ...)
	{DSA-3910-1}
	- knot 2.5.3-1 (bug #865678)
	NOTE: https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
	NOTE: http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
CVE-2017-9825
	RESERVED
CVE-2017-9824
	RESERVED
CVE-2017-9823
	RESERVED
CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cook ...)
	NOT-FOR-US: DotNetNuke
CVE-2017-9821 (The National Payments Corporation of India BHIM application 1.3 for An ...)
	NOT-FOR-US: India BHIM
CVE-2017-9820 (The National Payments Corporation of India BHIM application 1.3 for An ...)
	NOT-FOR-US: India BHIM
CVE-2017-9819 (The National Payments Corporation of India BHIM application 1.3 for An ...)
	NOT-FOR-US: India BHIM
CVE-2017-9818 (The National Payments Corporation of India BHIM application 1.3 for An ...)
	NOT-FOR-US: India BHIM
CVE-2017-9817
	RESERVED
CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Moni ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/t ...)
	- tiff 4.0.8-1
	[jessie] - tiff 4.0.3-12.3+deb8u4
	[wheezy] - tiff 4.0.2-6+deb7u14
	- tiff3 <removed>
	[wheezy] - tiff3 3.9.6-11+deb7u6
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2682
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
	NOTE: The issue is addressed with the same commit as for CVE-2017-9403
CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote atta ...)
	- cairo <unfixed> (low; bug #868580)
	[buster] - cairo <no-dsa> (Minor issue)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/264
CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack  ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be abu ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary in Kaspe ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface in Kas ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9809 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Inform ...)
	NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-9808 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross  ...)
	NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attack ...)
	NOT-FOR-US: Redgate SQL Monitor
CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 o ...)
	NOT-FOR-US: OpenWebif plugin for E2
CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, ...)
	- libreoffice 1:3.4.3-1
	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10
CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
	NOTE: https://struts.apache.org/docs/s2-052.html
CVE-2017-9804 (In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an ap ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <ignored> (Minor issue)
	NOTE: DOS class vulnerability and classified as low by upstream.
	NOTE: https://struts.apache.org/docs/s2-050.html
CVE-2017-9803 (Apache Solr's Kerberos plugin can be configured to use delegation toke ...)
	- lucene-solr <not-affected> (Introduced in 6.2)
CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...)
	NOT-FOR-US: Apache Sling
CVE-2017-9801 (When a call-site passes a subject for an email that contains line-brea ...)
	- commons-email <not-affected> (Fixed with first upload to Debian)
	NOTE: https://commons.apache.org/proper/commons-email/security-reports.html
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801385
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801388
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801389
CVE-2017-9800 (A maliciously constructed svn+ssh:// URL would cause Subversion client ...)
	{DSA-3932-1 DLA-1052-1}
	- subversion 1.9.7-1
	NOTE: Fixed by: http://svn.apache.org/viewvc?view=revision&amp;sortby=rev&amp;revision=1804691
	NOTE: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
CVE-2017-9799 (It was found that under some situations and configurations of Apache S ...)
	NOT-FOR-US: Apache Storm
CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from process  ...)
	{DSA-3980-1 DLA-1102-1}
	- apache2 2.4.27-6 (bug #876109)
	NOTE: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
	NOTE: https://github.com/hannob/optionsbleed
	NOTE: Patch: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
	NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in secure mode ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9794 (When a cluster is operating in secure mode, a user with read privilege ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9793 (The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 t ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
	NOTE: https://struts.apache.org/docs/s2-051.html
CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with "AL ...)
	NOT-FOR-US: Apache Impala
CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remot ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: Issue is specific to Struts 2.x.
CVE-2017-9790 (When handling a libprocess message wrapped in an HTTP request, libproc ...)
	- apache-mesos <itp> (bug #760315)
CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code  ...)
	- apache2 <not-affected> (Only affected 2.4.26)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ...)
	{DSA-3913-1 DLA-1028-1}
	- apache2 2.4.27-1 (bug #868467)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
	NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955
	NOTE: 2.4.x: https://github.com/apache/httpd/commit/549ba6a39aa0df78a610025f74f3a06503a70f67
	NOTE: trunk: https://github.com/apache/httpd/commit/c5d3719133b9e5dab0d540c5aa03b2fdabc30395
CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is p ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: Issue is specific to Struts 2.x.
	NOTE: https://struts.apache.org/docs/s2-049.html
CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...)
	NOT-FOR-US: ProjectSend
CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse h ...)
	NOT-FOR-US: NancyFX Nancy
CVE-2017-9784
	RESERVED
CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...)
	NOT-FOR-US: ProjectSend
CVE-2017-10599
	RESERVED
CVE-2017-10598
	RESERVED
CVE-2017-10597
	RESERVED
CVE-2017-10596
	RESERVED
CVE-2017-10595
	RESERVED
CVE-2017-10594
	RESERVED
CVE-2017-10593
	RESERVED
CVE-2017-10592
	RESERVED
CVE-2017-10591
	RESERVED
CVE-2017-10590
	RESERVED
CVE-2017-10589
	RESERVED
CVE-2017-10588
	RESERVED
CVE-2017-10587
	RESERVED
CVE-2017-10586
	RESERVED
CVE-2017-10585
	RESERVED
CVE-2017-10584
	RESERVED
CVE-2017-10583
	RESERVED
CVE-2017-10582
	RESERVED
CVE-2017-10581
	RESERVED
CVE-2017-10580
	RESERVED
CVE-2017-10579
	RESERVED
CVE-2017-10578
	RESERVED
CVE-2017-10577
	RESERVED
CVE-2017-10576
	RESERVED
CVE-2017-10575
	RESERVED
CVE-2017-10574
	RESERVED
CVE-2017-10573
	RESERVED
CVE-2017-10572
	RESERVED
CVE-2017-10571
	RESERVED
CVE-2017-10570
	RESERVED
CVE-2017-10569
	RESERVED
CVE-2017-10568
	RESERVED
CVE-2017-10567
	RESERVED
CVE-2017-10566
	RESERVED
CVE-2017-10565
	RESERVED
CVE-2017-10564
	RESERVED
CVE-2017-10563
	RESERVED
CVE-2017-10562
	RESERVED
CVE-2017-10561
	RESERVED
CVE-2017-10560
	RESERVED
CVE-2017-10559
	RESERVED
CVE-2017-10558
	RESERVED
CVE-2017-10557
	RESERVED
CVE-2017-10556
	RESERVED
CVE-2017-10555
	RESERVED
CVE-2017-10554
	RESERVED
CVE-2017-10553
	RESERVED
CVE-2017-10552
	RESERVED
CVE-2017-10551
	RESERVED
CVE-2017-10550
	RESERVED
CVE-2017-10549
	RESERVED
CVE-2017-10548
	RESERVED
CVE-2017-10547
	RESERVED
CVE-2017-10546
	RESERVED
CVE-2017-10545
	RESERVED
CVE-2017-10544
	RESERVED
CVE-2017-10543
	RESERVED
CVE-2017-10542
	RESERVED
CVE-2017-10541
	RESERVED
CVE-2017-10540
	RESERVED
CVE-2017-10539
	RESERVED
CVE-2017-10538
	RESERVED
CVE-2017-10537
	RESERVED
CVE-2017-10536
	RESERVED
CVE-2017-10535
	RESERVED
CVE-2017-10534
	RESERVED
CVE-2017-10533
	RESERVED
CVE-2017-10532
	RESERVED
CVE-2017-10531
	RESERVED
CVE-2017-10530
	RESERVED
CVE-2017-10529
	RESERVED
CVE-2017-10528
	RESERVED
CVE-2017-10527
	RESERVED
CVE-2017-10526
	RESERVED
CVE-2017-10525
	RESERVED
CVE-2017-10524
	RESERVED
CVE-2017-10523
	RESERVED
CVE-2017-10522
	RESERVED
CVE-2017-10521
	RESERVED
CVE-2017-10520
	RESERVED
CVE-2017-10519
	RESERVED
CVE-2017-10518
	RESERVED
CVE-2017-10517
	RESERVED
CVE-2017-10516
	RESERVED
CVE-2017-10515
	RESERVED
CVE-2017-10514
	RESERVED
CVE-2017-10513
	RESERVED
CVE-2017-10512
	RESERVED
CVE-2017-10511
	RESERVED
CVE-2017-10510
	RESERVED
CVE-2017-10509
	RESERVED
CVE-2017-10508
	RESERVED
CVE-2017-10507
	RESERVED
CVE-2017-10506
	RESERVED
CVE-2017-10505
	RESERVED
CVE-2017-10504
	RESERVED
CVE-2017-10503
	RESERVED
CVE-2017-10502
	RESERVED
CVE-2017-10501
	RESERVED
CVE-2017-10500
	RESERVED
CVE-2017-10499
	RESERVED
CVE-2017-10498
	RESERVED
CVE-2017-10497
	RESERVED
CVE-2017-10496
	RESERVED
CVE-2017-10495
	RESERVED
CVE-2017-10494
	RESERVED
CVE-2017-10493
	RESERVED
CVE-2017-10492
	RESERVED
CVE-2017-10491
	RESERVED
CVE-2017-10490
	RESERVED
CVE-2017-10489
	RESERVED
CVE-2017-10488
	RESERVED
CVE-2017-10487
	RESERVED
CVE-2017-10486
	RESERVED
CVE-2017-10485
	RESERVED
CVE-2017-10484
	RESERVED
CVE-2017-10483
	RESERVED
CVE-2017-10482
	RESERVED
CVE-2017-10481
	RESERVED
CVE-2017-10480
	RESERVED
CVE-2017-10479
	RESERVED
CVE-2017-10478
	RESERVED
CVE-2017-10477
	RESERVED
CVE-2017-10476
	RESERVED
CVE-2017-10475
	RESERVED
CVE-2017-10474
	RESERVED
CVE-2017-10473
	RESERVED
CVE-2017-10472
	RESERVED
CVE-2017-10471
	RESERVED
CVE-2017-10470
	RESERVED
CVE-2017-10469
	RESERVED
CVE-2017-10468
	RESERVED
CVE-2017-10467
	RESERVED
CVE-2017-10466
	RESERVED
CVE-2017-10465
	RESERVED
CVE-2017-10464
	RESERVED
CVE-2017-10463
	RESERVED
CVE-2017-10462
	RESERVED
CVE-2017-10461
	RESERVED
CVE-2017-10460
	RESERVED
CVE-2017-10459
	RESERVED
CVE-2017-10458
	RESERVED
CVE-2017-10457
	RESERVED
CVE-2017-10456
	RESERVED
CVE-2017-10455
	RESERVED
CVE-2017-10454
	RESERVED
CVE-2017-10453
	RESERVED
CVE-2017-10452
	RESERVED
CVE-2017-10451
	RESERVED
CVE-2017-10450
	RESERVED
CVE-2017-10449
	RESERVED
CVE-2017-10448
	RESERVED
CVE-2017-10447
	RESERVED
CVE-2017-10446
	RESERVED
CVE-2017-10445
	RESERVED
CVE-2017-10444
	RESERVED
CVE-2017-10443
	RESERVED
CVE-2017-10442
	RESERVED
CVE-2017-10441
	RESERVED
CVE-2017-10440
	RESERVED
CVE-2017-10439
	RESERVED
CVE-2017-10438
	RESERVED
CVE-2017-10437
	RESERVED
CVE-2017-10436
	RESERVED
CVE-2017-10435
	RESERVED
CVE-2017-10434
	RESERVED
CVE-2017-10433
	RESERVED
CVE-2017-10432
	RESERVED
CVE-2017-10431
	RESERVED
CVE-2017-10430
	RESERVED
CVE-2017-10429
	RESERVED
CVE-2017-10428 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10427 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2017-10426 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2017-10425 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10424 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...)
	NOT-FOR-US: MySQL Enterprise Monitor component of Oracle MySQL
CVE-2017-10423 (Vulnerability in the Oracle Retail Back Office component of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2017-10422 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10421 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10420 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10419 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10418 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10417 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-10416 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-10415 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-10414 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-10413 (Vulnerability in the Oracle Mobile Field Service component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-10412 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-10411 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-10410 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-10409 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-10408 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10407 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10406 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10405 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10404 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10403 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10402 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10401 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...)
	NOT-FOR-US: Oracle
CVE-2017-10400 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10399 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10398 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10397 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10396 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component o ...)
	NOT-FOR-US: Oracle
CVE-2017-10395 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10394 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10393 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10392 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10391 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10390
	RESERVED
CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10387 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4002-1 DSA-3944-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10383 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10382 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4002-1 DSA-3944-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.29-1
	- mariadb-10.0 <removed>
	- mysql-5.7 <not-affected> (Fixed before initial release to Debian, upstream 5.7.12)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
	NOTE: https://jira.mariadb.org/browse/MDEV-13819
	NOTE: https://github.com/MariaDB/server/commit/b000e169562697aa072600695d4f0c0412f94f4f
CVE-2017-10377
	RESERVED
CVE-2017-10376
	RESERVED
CVE-2017-10375 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10374
	RESERVED
CVE-2017-10373 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10372 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10371
	RESERVED
CVE-2017-10370 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10369 (Vulnerability in the Oracle Virtual Directory component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2017-10368 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component  ...)
	NOT-FOR-US: Oracle
CVE-2017-10367 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.2 <removed> (bug #884065)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10364 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10363 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10362 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10361 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2017-10360 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2017-10359 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion  ...)
	NOT-FOR-US: Oracle
CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10354 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10353 (Vulnerability in the Oracle Hospitality Hotel Mobile component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10352 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10344 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10343 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10342 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10341 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10340 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10339 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10338 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10337 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10336 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10335 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10334 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10333 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2017-10332 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-10331 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10330 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2017-10329 (Vulnerability in the Oracle Global Order Promising component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10328 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10327 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10326 (Vulnerability in the Oracle Common Applications Calendar component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10325 (Vulnerability in the Oracle Common Applications Calendar component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10324 (Vulnerability in the Oracle Applications Technology Stack component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10323 (Vulnerability in the Oracle Web Applications Desktop Integrator compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10322 (Vulnerability in the Oracle Common Applications Calendar component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mariadb-10.2 <removed> (bug #884065)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10319 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10318 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10317 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10316 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10315 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2017-10314 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10313 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10312 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion  ...)
	NOT-FOR-US: Oracle
CVE-2017-10311 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10310 (Vulnerability in the Oracle Hyperion Financial Reporting component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10309 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-10308 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10307
	RESERVED
CVE-2017-10306 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...)
	NOT-FOR-US: Oracle
CVE-2017-10305
	RESERVED
CVE-2017-10304 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...)
	NOT-FOR-US: Oracle
CVE-2017-10303 (Vulnerability in the Oracle Interaction Center Intelligence component  ...)
	NOT-FOR-US: Oracle
CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2017-10301 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...)
	NOT-FOR-US: Oracle
CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10298
	RESERVED
CVE-2017-10297
	RESERVED
CVE-2017-10296 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10294 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10293 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-7 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-6 <not-affected> (Seems to be specific to Oracle Java)
CVE-2017-10292 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
	NOT-FOR-US: Oracle
CVE-2017-10291
	RESERVED
CVE-2017-10290
	RESERVED
CVE-2017-10289
	RESERVED
CVE-2017-10288
	RESERVED
CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3944-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10284 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10283 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10282 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10280 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10279 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-net <removed> (bug #883923)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
CVE-2017-10276 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10273 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle
CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.29-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...)
	NOT-FOR-US: Oracle
CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2017-10262 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...)
	NOT-FOR-US: Oracle
CVE-2017-10259 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2017-10258 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10257 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10256 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10255 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10254 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10253 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10252 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10251 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10250 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10249 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10248 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10247 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10246 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10245 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10242 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10241 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10240 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10239 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10238 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10237 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10236 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10235 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10234 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Oracle
CVE-2017-10233 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10232 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10231 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component o ...)
	NOT-FOR-US: Oracle
CVE-2017-10230 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management  ...)
	NOT-FOR-US: Oracle
CVE-2017-10229 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...)
	NOT-FOR-US: Oracle
CVE-2017-10228 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2017-10227 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10226 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10225 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10224 (Vulnerability in the Oracle Hospitality Inventory Management component ...)
	NOT-FOR-US: Oracle
CVE-2017-10223 (Vulnerability in the Oracle Hospitality Materials Control component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10222 (Vulnerability in the Oracle Hospitality Materials Control component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10221 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10220 (Vulnerability in the Hospitality Property Interfaces component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10219 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10218 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10217 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10216 (Vulnerability in the Hospitality Property Interfaces component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10215 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10214 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2017-10213 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...)
	NOT-FOR-US: Oracle
CVE-2017-10212 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...)
	NOT-FOR-US: Oracle
CVE-2017-10211 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...)
	NOT-FOR-US: Oracle
CVE-2017-10210 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10209 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10208 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...)
	NOT-FOR-US: Oracle
CVE-2017-10207 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10206 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10205 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10204 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10203 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-net <removed> (bug #883923)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
CVE-2017-10202 (Vulnerability in the OJVM component of Oracle Database Server. Support ...)
	NOT-FOR-US: Oracle
CVE-2017-10201 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...)
	NOT-FOR-US: Oracle
CVE-2017-10200 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...)
	NOT-FOR-US: Oracle
CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...)
	NOT-FOR-US: Oracle
CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10197 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-10196 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-10195 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10194 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...)
	NOT-FOR-US: Oracle
CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10192 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-10191 (Vulnerability in the Oracle Web Analytics component of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2017-10190 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2017-10189 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...)
	NOT-FOR-US: Oracle
CVE-2017-10188 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2017-10187 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10186 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-10185 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10184 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2017-10183 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2017-10182 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-10181 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-10180 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10179 (Vulnerability in the Application Management Pack for Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10178 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
CVE-2017-10175 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-10174 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-10173 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10172 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10171 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-10170 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...)
	NOT-FOR-US: Oracle
CVE-2017-10169 (Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospi ...)
	NOT-FOR-US: Oracle
CVE-2017-10168 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2017-10167 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10166 (Vulnerability in the Oracle Security Service component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2017-10165 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10164 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2017-10163 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2017-10162 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-10161 (Vulnerability in the Oracle Engineering Data Management component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-10160 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Primavera
CVE-2017-10159 (Vulnerability in the Oracle Communications Policy Management component ...)
	NOT-FOR-US: Oracle
CVE-2017-10158 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10157 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10156 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10155 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10154 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10153 (Vulnerability in the Oracle Communications WebRTC Session Controller c ...)
	NOT-FOR-US: Oracle
CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10151 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...)
	NOT-FOR-US: Primavera
CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...)
	NOT-FOR-US: Primavera
CVE-2017-10148 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10147 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10146 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10145 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2017-10144 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-10143 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10142 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10141 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3 ...)
	{DLA-1137-1 DLA-1136-1 DLA-1135-1}
	- db5.3 5.3.28-13.1 (bug #872436)
	[stretch] - db5.3 5.3.28-12+deb9u1
	[jessie] - db5.3 5.3.28-9+deb8u1
	- db5.2 <removed>
	- db5.1 <removed>
	- db4.8 <removed>
	- db4.7 <removed>
	- db4.6 <removed>
	- db4.5 <removed>
	- db4.4 <removed>
	- db4.3 <removed>
	- db4.2 <removed>
	- db4.1 <removed>
	- db4.0 <removed>
	- db <removed>
	[jessie] - db 5.1.29-9+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
	NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
	NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
CVE-2017-10139
	RESERVED
CVE-2017-10138
	RESERVED
CVE-2017-10137 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
	NOTE: OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27
CVE-2017-10134 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2017-10133 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2017-10132 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2017-10131 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2017-10130 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-10129 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10128 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10127
	RESERVED
CVE-2017-10126 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10125 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-10124
	RESERVED
CVE-2017-10123 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10122 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10121 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10120 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
	NOT-FOR-US: Oracle
CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
CVE-2017-10117 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10116 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10115 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4005-1}
	- openjfx 8u141-b14-1 (low; bug #870860)
CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-10111 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3919-1}
	- openjdk-8 8u141-b15-1
CVE-2017-10110 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10109 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10108 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10107 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10106 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10105 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-10104 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <unfixed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10101 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10100 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10099 (Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-10098 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10095 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10094 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10093 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10092 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
CVE-2017-10089 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-4005-1}
	- openjfx 8u141-b14-1 (low; bug #870860)
CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10083 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10080 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10079 (Vulnerability in the Oracle Hospitality Suites Management component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10078 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-3919-1}
	- openjdk-8 8u141-b15-1
CVE-2017-10077 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-10076 (Vulnerability in the Oracle Hospitality Simphony First Edition Venue M ...)
	NOT-FOR-US: Oracle
CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10073 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10072 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10071 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10070 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of Oracle Hosp ...)
	NOT-FOR-US: Oracle
CVE-2017-10068 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10066 (Vulnerability in the Oracle Applications Technology Stack component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10065 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-10064 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-10063 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10062 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10061 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10060 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2017-10059 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10058 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2017-10057 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10056 (Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospi ...)
	NOT-FOR-US: Oracle
CVE-2017-10055 (Vulnerability in the Oracle iPlanet Web Server component of Oracle Fus ...)
	NOT-FOR-US: Oracle
CVE-2017-10054 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...)
	NOT-FOR-US: Oracle
CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10052 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10051 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-10050 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2017-10049 (Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (s ...)
	NOT-FOR-US: Oracle
CVE-2017-10048 (Vulnerability in the Oracle Enterprise Repository component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-10047 (Vulnerability in the MICROS BellaVita component of Oracle Hospitality  ...)
	NOT-FOR-US: Oracle
CVE-2017-10046 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2017-10045 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10044 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-10043 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10042 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10041 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10040 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2017-10039 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10038 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2017-10037 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...)
	NOT-FOR-US: Oracle
CVE-2017-10036 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10035 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10034 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...)
	NOT-FOR-US: Oracle
CVE-2017-10033 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10032 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2017-10031 (Vulnerability in the Oracle Communications Convergence component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10030 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10029 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10028 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10027 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10026 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2017-10025 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10024 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2017-10023 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10022 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10021 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10020 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10019 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10018 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2017-10017 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10016 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-10015 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-10014 (Vulnerability in the Oracle Hospitality Hotel Mobile component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10013 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-10012 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10011 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10010 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10009 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10008 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10007 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10006 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10005 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-10004 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10003 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2017-10002 (Vulnerability in the Oracle Hospitality Inventory Management component ...)
	NOT-FOR-US: Oracle
CVE-2017-10001 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2017-10000 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service (he ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/issues/140
CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
	[experimental] - check-mk 1.4.0p9-1
	- check-mk <removed> (bug #865497)
	[wheezy] - check-mk <ignored> (Minor issue)
	NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=4757
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1
CVE-2017-9779 (OCaml compiler allows attackers to have unspecified impact via unknown ...)
	- ocaml 4.05.0-9 (bug #874700)
	[stretch] - ocaml <no-dsa> (Minor issue)
	[jessie] - ocaml <no-dsa> (Minor issue)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	NOTE: https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html
	NOTE: https://caml.inria.fr/mantis/view.php?id=7557
	NOTE: Make sure any potential advisories are clear that any created suid
	NOTE: binaries using ocaml must be re-created once ocaml has been updated.
CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, a ...)
	{DLA-1014-1 DLA-1003-1}
	- unrar-nonfree 1:5.5.5-1 (bug #865461)
	[stretch] - unrar-nonfree 1:5.3.2-1+deb9u1
	[jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1
	- libclamunrar 0.99-4 (bug #867223)
	[stretch] - libclamunrar 0.99-3+deb9u1
	[jessie] - libclamunrar 0.99-0+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
CVE-2017-9778 (GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length f ...)
	- gdb 8.3.1-1 (unimportant; bug #865607)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21600
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=723adb650a31859d7cc45832cb8adca0206455ed
CVE-2017-9777
	RESERVED
CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in  ...)
	{DSA-4079-2 DSA-4079-1 DLA-1074-1}
	- poppler 0.57.0-2 (bug #865679)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13
CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0 ...)
	{DSA-4079-1 DLA-1074-1}
	- poppler 0.57.0-2 (bug #865680)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a  ...)
	{DSA-4276-1 DLA-1395-1}
	- php-horde-image 2.5.1-1 (bug #865505)
	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
	NOTE: https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13
	NOTE: Regression in upstream patch, fixing in https://github.com/horde/Image/pull/1
CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a craf ...)
	{DSA-4276-1}
	- php-horde-image 2.5.1-1 (bug #865504)
	[jessie] - php-horde-image <not-affected> (Only Horde_Image above 2.3.0 affected)
	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
	NOTE: https://github.com/horde/horde/commit/2b8a6fe1a5fc0fc662178145f853c65956985538
CVE-2017-9772 (Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4. ...)
	- ocaml <not-affected> (Only affects 4.04.0 and 4.04.1)
	NOTE: https://caml.inria.fr/mantis/view.php?id=7557
CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ex ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-9770 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in Raz ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in Raz ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-9768
	RESERVED
CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShel ...)
	NOT-FOR-US: Quali CloudShell
CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allow ...)
	{DLA-1634-1}
	- wireshark 2.4.0-1 (low; bug #870175)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2 ...)
	{DLA-1036-1}
	- gsoap 2.8.48-1
	[stretch] - gsoap 2.8.35-4+deb9u1
	[jessie] - gsoap 2.8.17-1+deb8u1
	- r-other-x4r 1.0.1+git20150806.c6bd9bd-2
	NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
	NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
	NOTE: SuSE patch: https://bugzilla.suse.com/attachment.cgi?id=733005
CVE-2017-9764 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remo ...)
	NOT-FOR-US: MetInfo
CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ma ...)
	{DSA-3895-1}
	- flatpak 0.8.7-1 (bug #865413)
	NOTE: https://github.com/flatpak/flatpak/issues/845
CVE-2017-10923 (Xen through 4.8.x does not validate a vCPU array index upon the sendin ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <not-affected> (Vulnerable code not present)
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-225.html
CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region gr ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficien ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_devic ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <ignored> (No backport available, limited to arm)
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: https://xenbits.xen.org/xsa/advisory-223.html
CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain  ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-222.html
CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event c ...)
	{DSA-3969-1}
	- xen 4.8.1-1+deb9u3
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-221.html
CVE-2017-10916 (The vCPU context-switch implementation in Xen through 4.8.x improperly ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <not-affected> (Vulnerable code not present)
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-220.html
CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page referen ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-219.html
CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition lead ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping in ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS user ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in t ...)
	{DSA-3945-1 DSA-3927-1 DSA-3920-1 DLA-1497-1 DLA-1099-1}
	- linux 4.11.11-1
	- qemu 1:2.8+dfsg-7 (bug #869706)
	[wheezy] - qemu <no-dsa> (Wheezy's xen uses an embedded qemu copy)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Wheezy's xen uses an embedded qemu copy)
	NOTE: https://xenbits.xen.org/xsa/advisory-216.html
CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for pars ...)
	{DLA-998-1}
	- c-ares 1.12.0-4 (bug #865360)
	[stretch] - c-ares 1.12.0-1+deb9u1
	[jessie] - c-ares 1.10.0-2+deb8u2
	NOTE: https://c-ares.haxx.se/adv_20170620.html
	NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...)
	- grub2 2.02~beta2-8 (unimportant)
	- radare2 1.6.0+dfsg-1 (bug #869423)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd
	NOTE: https://github.com/radare/radare2/issues/7723
	NOTE: Not a security issue for Grub
CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows  ...)
	- radare2 1.6.0+dfsg-1 (low; bug #869426)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7726
	NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remot ...)
	- radare2 1.6.0+dfsg-1 (low; bug #869428)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c
	NOTE: https://github.com/radare/radare2/issues/7727
CVE-2017-9760
	RESERVED
CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the fi ...)
	NOT-FOR-US: Zenbership
CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ce ...)
	NOT-FOR-US: Savitech driver packages for Windows
CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi vi ...)
	NOT-FOR-US: IPFire
CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack re ...)
	NOT-FOR-US: NetBSD
CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard page that  ...)
	NOT-FOR-US: NetBSD
CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not randomized, an atta ...)
	NOT-FOR-US: OpenBSD
CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...)
	NOT-FOR-US: OpenBSD
CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux,  ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.11.6-1
	[stretch] - linux 4.9.30-2+deb9u1
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and envir ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.11.11-1
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
	NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted LD_LIBRAR ...)
	{DSA-3887-1 DLA-992-1}
	- glibc 2.24-12
	- eglibc <removed>
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000369 (Exim supports the use of multiple "-p" command line arguments which ar ...)
	{DSA-3888-1 DLA-1001-1}
	- exim4 4.89-3
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a vulnerabil ...)
	{DSA-3981-1}
	- linux 4.11.11-1
	[wheezy] - linux <not-affected> (Memory layout is different)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a vulnerabil ...)
	{DSA-3981-1}
	- linux 4.11.11-1
	[wheezy] - linux <not-affected> (Memory layout is different)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000376 (libffi requests an executable stack allowing attackers to more easily  ...)
	{DSA-3889-1 DLA-997-1}
	- libffi 3.2.1-4
	NOTE: https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d
	NOTE: and additionally cf. #751907 for the configure flag.
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000377 (An issue was discovered in the size of the default stack guard page on ...)
	NOT-FOR-US: GRSecurity/PAX Linux specific assignment
CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU  ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21595
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cd3ea7c69acc5045eb28f9bf80d923116e15e4f5
CVE-2017-9755 (opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number o ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21594
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d96e4df4812c3bad77c229dfef47a9bc115ac12
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8cac017d35ef374e65acc98818a17cf8a652cbd0
CVE-2017-9754 (The process_otr function in bfd/versados.c in the Binary File Descript ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac
CVE-2017-9753 (The versados_mkobject function in bfd/versados.c in the Binary File De ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac
CVE-2017-9752 (bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbf ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21589
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c53d2e6d744da000aaafe0237bced090aab62818
CVE-2017-9751 (opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE  ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21588
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63323b5b23bd83fa7b04ea00dff593c933e9b0e3
CVE-2017-9750 (opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for cer ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21587
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db5fa770268baf8cc82cf9b141d69799fd485fe2
CVE-2017-9749 (The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow rem ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21586
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c7881b814c546efc3996fd1decdf0877f7a779
CVE-2017-9748 (The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21582
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63634bb4a107877dd08b6282e28e11cfd1a1649e
CVE-2017-9747 (The ieee_archive_p function in bfd/ieee.c in the Binary File Descripto ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21581
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=62b76e4b6e0b4cb5b3e0053d1de4097b32577049
CVE-2017-9746 (The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allow ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21580
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ae87f7e73eba29bd38b3a9684a10b948ed715612
CVE-2017-9745 (The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21579
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=76800cba595efc3fe95a446c2d664e42ae4ee869
CVE-2017-9744 (The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binar ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21578
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f461bbd847f15657f3dd2f317c30c75a7520da1f
CVE-2017-9743 (The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Bin ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21577
CVE-2017-9742 (The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.2 ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21576
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e
CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...)
	NOT-FOR-US: ProjectSend
CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghos ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626
CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869910)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1)
CVE-2017-9738
	RESERVED
CVE-2017-9737
	RESERVED
CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell  ...)
	{DSA-3890-1}
	- spip 3.1.4-3 (bug #864921)
	[jessie] - spip <not-affected> (Vulnerable code not present)
	[wheezy] - spip <not-affected> (Vulnerable code not present)
	NOTE: https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23593
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23594
CVE-2017-9734
	RESERVED
CVE-2017-9733
	RESERVED
CVE-2017-9732 (The read_packet function in knc (Kerberised NetCat) before 1.11-1 is v ...)
	NOT-FOR-US: knc (Kerberised NetCat)
CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yo ...)
	NOT-FOR-US: Poky for Yocto Project
CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and  ...)
	NOT-FOR-US: nuevoMailer
CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...)
	- uclibc <unfixed> (unimportant)
CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp f ...)
	- uclibc <unfixed> (unimportant)
CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscrip ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869913)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1)
CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869915)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1)
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...)
	{DLA-1021-1 DLA-1020-1}
	- jetty9 9.2.22-1 (bug #864898)
	[stretch] - jetty9 <ignored> (Harmless information leak)
	- jetty8 <removed>
	[jessie] - jetty8 <no-dsa> (Minor issue)
	- jetty <removed>
	[jessie] - jetty <no-dsa> (Minor issue)
	NOTE: https://github.com/eclipse/jetty.project/issues/1556
	NOTE: https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02
	NOTE: https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58
	NOTE: https://github.com/eclipse/jetty.project/commit/2baa1abe4b1c380a30deacca1ed367466a1a62ea
CVE-2017-9725 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	- linux 4.3.1-1
	NOTE: Fixed by: https://git.kernel.org/linus/67a2e213e7e937c41c52ab5bc46bf3f4de469f6e (4.3-rc7)
CVE-2017-9724 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9723 (The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS fo ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android boot loader (aboot)
CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: qbt1000 driver in Android
CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9713
	RESERVED
CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9711
	RESERVED
CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9707
	RESERVED
CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9704 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9699
	RESERVED
CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9695
	RESERVED
CVE-2017-9694 (While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9693 (The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_cha ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9692 (When an atomic commit is issued on a writeback panel with a NULL outpu ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9691 (There is a race condition in Android for MSM, Firefox OS for MSM, and  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9689 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9688
	REJECTED
CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9681 (In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD  ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9679 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9678 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9677 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9676 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows a ...)
	NOT-FOR-US: D-Link DIR-605L devices
CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on ind ...)
	NOT-FOR-US: SimpleCE
CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an adm ...)
	NOT-FOR-US: SimpleCE
CVE-2017-9672
	RESERVED
CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows a remot ...)
	NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in  ...)
	- gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
	[stretch] - gnuplot 5.0.5+dfsg1-6+deb9u1
	[jessie] - gnuplot <not-affected> (Vulnerable code introduced later)
	[wheezy] - gnuplot <not-affected> (Vulnerable code introduced later)
	- gnuplot5 <removed> (unimportant; bug #864903)
	[jessie] - gnuplot5 <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/
	NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1044638#c5
	NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
	NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
	NOTE: Crash in a CLI tool, no security impact
CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows a remot ...)
	NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user gro ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-9667
	RESERVED
CVE-2017-9666
	RESERVED
CVE-2017-9665
	RESERVED
CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, a ...)
	NOT-FOR-US: ABB
CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in  ...)
	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...)
	NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight  ...)
	NOT-FOR-US: SIMPlight SCADA Software
CVE-2017-9660 (A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch ...)
	NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9659 (A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Mo ...)
	NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9658 (Certain 802.11 network management messages have been determined to inv ...)
	NOT-FOR-US: Philips IntelliVue MX40
CVE-2017-9657 (Under specific 802.11 network conditions, a partial re-association of  ...)
	NOT-FOR-US: Philips IntelliVue MX40
CVE-2017-9656 (The backend database of the Philips DoseWise Portal application versio ...)
	NOT-FOR-US: Philips DoseWise Portal
CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator f ...)
	NOT-FOR-US: OSIsoft
CVE-2017-9654 (The Philips DoseWise Portal web-based application versions 1.1.7.333 a ...)
	NOT-FOR-US: Philips DoseWise Portal
CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI Integrato ...)
	NOT-FOR-US: OSIsoft
CVE-2017-9652
	RESERVED
CVE-2017-9651
	RESERVED
CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovere ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion T ...)
	NOT-FOR-US: Mirion
CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar Cont ...)
	NOT-FOR-US: Solar Controls WATTConfig M Software
CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental  ...)
	NOT-FOR-US: Continental AG Infineon S-Gold
CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in Solar Cont ...)
	NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader)
CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in Mirion Techn ...)
	NOT-FOR-US: Mirion
CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated L ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9643
	RESERVED
CVE-2017-9642
	RESERVED
CVE-2017-9641 (PI Coresight 2016 R2 contains a cross-site request forgery vulnerabili ...)
	NOT-FOR-US: PI Coresight
CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ( ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sectio ...)
	NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9637 (Schneider Electric Ampla MES 6.4 provides capability to interact with  ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9636 (Mitsubishi E-Designer, Version 7.52 Build 344 contains five code secti ...)
	NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9635 (Schneider Electric Ampla MES 6.4 provides capability to configure user ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9634 (Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sectio ...)
	NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...)
	NOT-FOR-US: Continental AG Infineon S-Gold 2
CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in PDQ Man ...)
	NOT-FOR-US: PDQ Manufacturing LaserWash
CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric  ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ Manufacturing L ...)
	NOT-FOR-US: PDQ Manufacturing LaserWash
CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider Electr ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9628 (An Information Exposure issue was discovered in Saia Burgess Controls  ...)
	NOT-FOR-US: Saia Burgess Controls
CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9626 (Systems using the Marel Food Processing Systems Pluto platform do not  ...)
	NOT-FOR-US: Marel Food Processing Systems Pluto platform
CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS Ul ...)
	NOT-FOR-US: Envitech EnviDAS Ultimate
CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9623 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9622 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administ ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghos ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9
CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323
CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
	- wireshark 2.4.0-1 (low; bug #870174)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=82fc557bed30b1aa69ca43a4291b64a9ce54c78a
CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion  ...)
	- wireshark 2.4.0-1 (low; bug #870173)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=620f69a74b18908e3424920c7bb01cb5e4cbd8b1
CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier all ...)
	NOT-FOR-US: Cognito Software Moneyworks
CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 al ...)
	NOT-FOR-US: Not a bug in libjpeg itself, but incorrect API usage
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors  ...)
	NOT-FOR-US: SAP SuccessFactors
CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869916)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1)
CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869917)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1)
CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows re ...)
	NOT-FOR-US: Blackcat CMS
CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...)
	NOT-FOR-US: ARM Trusted Firmware
CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local  ...)
	NOT-FOR-US: Infotecs ViPNet Client and Coordinator
CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in  ...)
	- kdepim 4:16.04.3-4 (bug #864804)
	[stretch] - kdepim 4:16.04.3-4~deb9u1
	[jessie] - kdepim 4:4.14.1-1+deb8u1
	[wheezy] - kdepim <not-affected> (sendlater issue is not present in kdepim-4.4.11.1+l10n)
	- kf5-messagelib 4:16.04.3-3 (bug #864803)
	[stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
	NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
	NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197
	NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt
CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map the conte ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.30-2+deb9u1
	[jessie] - linux 3.16.43-2+deb8u1
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an attac ...)
	NOT-FOR-US: NetBSD
CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
	NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5)
CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordP ...)
	NOT-FOR-US: WP Jobs plugin for WordPress
CVE-2017-9602 (KBVault Mysql Free Knowledge Base application package 0.16a comes with ...)
	NOT-FOR-US: KBVault Mysql Free Knowledge Base application
CVE-2017-9601 (The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 ...)
	NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app
CVE-2017-9600 (The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples ...)
	NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app
CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app befo ...)
	NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app
CVE-2017-9598 (The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3. ...)
	NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union app
CVE-2017-9597 (The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank  ...)
	NOT-FOR-US: "Blue Ridge Bank and Trust Co. Mobile Banking" app
CVE-2017-9596 (The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- ...)
	NOT-FOR-US: "CFB Mobile Banking" by Citizens First Bank Wisconsin app
CVE-2017-9595 (The "First State Bank of Bigfork Mobile Banking" by First State Bank o ...)
	NOT-FOR-US: "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app
CVE-2017-9594 (The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka s ...)
	NOT-FOR-US: "SVB Mobile" by Sauk Valley Bank Mobile Banking app
CVE-2017-9593 (The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina- ...)
	NOT-FOR-US: "Oculina Mobile Banking" by Oculina Bank app
CVE-2017-9592 (The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy F ...)
	NOT-FOR-US: "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app
CVE-2017-9591 (The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id4 ...)
	NOT-FOR-US: "PCB Mobile" by Phelps County Bank app
CVE-2017-9590 (The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo  ...)
	NOT-FOR-US: "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app
CVE-2017-9589 (The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank a ...)
	NOT-FOR-US: "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app
CVE-2017-9588 (The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani- ...)
	NOT-FOR-US: "Oritani Mobile Banking" by Oritani Bank app
CVE-2017-9587 (The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/ ...)
	NOT-FOR-US: "PCSB BANK Mobile" by PCSB Bank app
CVE-2017-9586 (The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 - ...)
	NOT-FOR-US: "FSBY Mobile Banking" by First State Bank of Yoakum TX app
CVE-2017-9585 (The "Community State Bank - Lamar Mobile Banking" by Community State B ...)
	NOT-FOR-US: "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app
CVE-2017-9584 (The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka h ...)
	NOT-FOR-US: "HBO Mobile Banking" by Heritage Bank of Ozarks app
CVE-2017-9583 (The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka  ...)
	NOT-FOR-US: "Charlevoix State Bank" by Charlevoix State Bank app
CVE-2017-9582 (The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-m ...)
	NOT-FOR-US: "BNB Mobile Banking" by Brady National Bank app
CVE-2017-9581 (The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app  ...)
	NOT-FOR-US: "Algonquin State Bank Mobile Banking" by Algonquin State Bank app
CVE-2017-9580 (The "Pioneer Bank &amp; Trust Mobile Banking" by PIONEER BANK AND TRUS ...)
	NOT-FOR-US: "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app
CVE-2017-9579 (The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- ak ...)
	NOT-FOR-US: "JMCU Mobile Banking" by Joplin Metro Credit Union app
CVE-2017-9578 (The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/ ...)
	NOT-FOR-US: "RVCB Mobile" by RVCB Mobile Banking app
CVE-2017-9577 (The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) a ...)
	NOT-FOR-US: "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app
CVE-2017-9576 (The "Middleton Community Bank Mobile Banking" by Middleton Community B ...)
	NOT-FOR-US: "Middleton Community Bank Mobile Banking" by Middleton Community Bank app
CVE-2017-9575 (The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1. ...)
	NOT-FOR-US: "FVB Mobile Banking" by First Volunteer Bank of Tennessee app
CVE-2017-9574 (The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app ...)
	NOT-FOR-US: "KC Area Credit Union Mobile Banking" by K C Area Credit Union app
CVE-2017-9573 (The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app  ...)
	NOT-FOR-US: North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app
CVE-2017-9572 (The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS doe ...)
	NOT-FOR-US: athens-state-bank-mobile-banking/id719748589 app
CVE-2017-9571 (The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3. ...)
	NOT-FOR-US: Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app
CVE-2017-9570 (The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for i ...)
	NOT-FOR-US: mount-vernon-bank-trust-mobile-banking/id542706679 app
CVE-2017-9569 (The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS do ...)
	NOT-FOR-US: Citizens Bank (TX) cbtx-on-the-go/id892396102 app
CVE-2017-9568 (The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does n ...)
	NOT-FOR-US: financial-plus-mobile-banking/id731070564 app
CVE-2017-9567 (The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not ver ...)
	NOT-FOR-US: avb-bank-mobile-banking/id592565443 app
CVE-2017-9566 (The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not ...)
	NOT-FOR-US: fsb-dequeen-mobile-banking/id1091025340 app
CVE-2017-9565 (The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iO ...)
	NOT-FOR-US: first-security-bank-sleepy-eye-mobile/id870531890 app
CVE-2017-9564 (The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verif ...)
	NOT-FOR-US: community-banks-cb2go/id445828071 app
CVE-2017-9563 (The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS d ...)
	NOT-FOR-US: First Citizens Community Bank fccb/id809930960 app
CVE-2017-9562 (The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 ...)
	NOT-FOR-US: Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app
CVE-2017-9561 (The Lee Bank &amp; Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS do ...)
	NOT-FOR-US: Lee Bank & Trust lbtc-mobile/id1068984753 app
CVE-2017-9560 (The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not  ...)
	NOT-FOR-US: cayuga-lake-national-bank/id1151601539 app
CVE-2017-9559 (The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not v ...)
	NOT-FOR-US: MEA Financial vision-bank/id420406345 app
CVE-2017-9558 (The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS  ...)
	NOT-FOR-US: wawa-employees-credit-union-mobile/id1158082793 app
CVE-2017-9557 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allo ...)
	NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9556 (Cross-site scripting (XSS) vulnerability in Video Metadata Editor in S ...)
	NOT-FOR-US: Synology Video Station
CVE-2017-9555 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in  ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in Synology ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Manager ( ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 thr ...)
	NOT-FOR-US: Synology Photo Station
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
	{DSA-3966-1 DLA-1421-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #864860)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)
	- ruby1.8 <removed>
	[wheezy] - ruby1.8 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)
	NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee
	NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215
CVE-2017-9551 (Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before ...)
	- mahara <removed>
CVE-2017-9550
	RESERVED
CVE-2017-9549
	RESERVED
CVE-2017-9548 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) v ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9547 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) v ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9546 (admin.php in BigTree through 4.2.18 allows remote authenticated users  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9545 (The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows  ...)
	- mpg123 1.25.4-1 (low; bug #870799)
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <no-dsa> (Minor issue)
	[wheezy] - mpg123 <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/65
CVE-2017-9544 (There is a remote stack-based buffer overflow (SEH) in register.ghp in ...)
	NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9543 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allo ...)
	NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9542 (D-Link DIR-615 Wireless N 300 Router allows authentication bypass via  ...)
	NOT-FOR-US: D-Link
CVE-2017-9541
	RESERVED
CVE-2017-9540
	RESERVED
CVE-2017-9539
	RESERVED
CVE-2017-9538 (The 'Upload logo from external path' function of SolarWinds Network Pe ...)
	NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2017-9537 (Persistent cross-site scripting (XSS) in the Add Node function of Sola ...)
	NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9534 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9533 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9532 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9531 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2017-9530 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-9529 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...)
	NOT-FOR-US: XnView
CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows  ...)
	[experimental] - mruby 1.2.0+20170601+git51e0e690-1
	- mruby 1.3.0-1 (low; bug #865778)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/3486
	NOTE: Fixed by: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99
CVE-2017-9526 (In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session ke ...)
	{DSA-3880-1}
	- libgcrypt20 1.7.6-2
	- libgcrypt11 <not-affected> (Curve Ed25519 signing and verification introduced in 1.6.0)
	NOTE: master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b
	NOTE: 1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
	NOTE: Curve Ed25519 signing and verification inplemented in 1.6.0 with
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
	NOTE: and following refactorings.
CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with the  ...)
	{DSA-3925-1}
	- qemu 1:2.8+dfsg-7 (bug #865755)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html
CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...)
	{DLA-1723-1}
	- cron 3.0pl1-129 (bug #864466)
	[stretch] - cron <no-dsa> (Minor issue)
	[wheezy] - cron <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/08/3
CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...)
	NOT-FOR-US: Sophos
CVE-2017-9522 (The Time Warner firmware on Technicolor TC8717T devices sets the defau ...)
	NOT-FOR-US: Time Warner firmware on Technicolor TC8717T devices
CVE-2017-9521 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2 1.5.0 all ...)
	- radare2 1.6.0+dfsg-1 (low; bug #864533)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
	NOTE: https://github.com/radare/radare2/issues/7698
CVE-2017-9519 (atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user  ...)
	NOT-FOR-US: atmail
CVE-2017-9518 (atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMT ...)
	NOT-FOR-US: atmail
CVE-2017-9517 (atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and imp ...)
	NOT-FOR-US: atmail
CVE-2017-9516 (Craft CMS before 2.6.2982 allows for a potential XSS attack vector by  ...)
	NOT-FOR-US: Craft CMS
CVE-2017-9515
	RESERVED
CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a  ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...)
	NOT-FOR-US: Atlassian Activity Streams
CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and Crucible ...)
	NOT-FOR-US: Atlassian
CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before  ...)
	NOT-FOR-US: Atlassian
CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version  ...)
	NOT-FOR-US: Atlassian
CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...)
	NOT-FOR-US: Atlassian
CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...)
	NOT-FOR-US: Atlassian
CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...)
	NOT-FOR-US: Atlassian
CVE-2017-9506 (The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 be ...)
	NOT-FOR-US: Atlassian
CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-9504
	REJECTED
CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ...)
	{DLA-1497-1}
	- qemu 1:2.10.0-1 (low; bug #865754)
	[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=87e459a810d7b1ec1638085b5a80ea3d9b43119a
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=b356807fcdfc45583c437f761fc579ab2a8eab11
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=36c327a69d723571f02a7691631667cdb1865ee1
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=5104fac8539eaf155fc6de93e164be43e1e62242
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=24c0c77af515acbf0f9705e8096f33ef24d37430
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=134550bf81a026e18cf58b81e2c2cceaf516f92e
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=660174fc1b346803b3f1d7c260e2a36329b66435
CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol f ...)
	- curl <not-affected> (Windows only)
CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the func ...)
	{DSA-3914-1 DLA-1081-1 DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/491
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the func ...)
	{DSA-4019-1 DLA-1785-1 DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
	NOTE: Fixed by (6.x): https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79
CVE-2017-9499 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the func ...)
	- imagemagick <not-affected> (Vulnerable code introduced later, only affects ImageMagick 7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/492
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44
CVE-2017-9498 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9497 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9496 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9495 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9494 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9493 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9492 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9491 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9490 (The Comcast firmware on Arris TG1682G (eMTA&amp;DOCSIS version 10.0.13 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9489 (The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9488 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9487 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9486 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9485 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9484 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9483 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9482 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9481 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9480 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9479 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9478 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9477 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9476 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9475 (Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to sp ...)
	NOT-FOR-US: Comcast XFINITY WiFi Home Hotspot devices
CVE-2017-9474 (In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remot ...)
	- libytnef 1.9.3-1 (low; bug #870192)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/40
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote ...)
	- libytnef 1.9.3-1 (low; bug #870197)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/42
	NOTE: https?//github.com/Yeraze/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote at ...)
	- libytnef 1.9.3-1 (low; bug #870193)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/41
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote att ...)
	- libytnef 1.9.3-1 (low; bug #870194)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/39
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote at ...)
	- libytnef 1.9.3-1 (low; bug #870196)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/37
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC f ...)
	{DSA-3885-1 DLA-1088-1}
	- irssi 1.0.3-1 (bug #864400)
	NOTE: https://github.com/irssi/irssi/commit/30a92754bb650c3dedd507d41110443142899a65
	NOTE: https://irssi.org/security/irssi_sa_2017_06.txt
CVE-2017-9468 (In Irssi before 1.0.3, when receiving a DCC message without source nic ...)
	{DSA-3885-1 DLA-1088-1}
	- irssi 1.0.3-1 (bug #864400)
	NOTE: https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586
	NOTE: https://irssi.org/security/irssi_sa_2017_06.txt
CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect external ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before TL-WR841N( ...)
	NOT-FOR-US: TP-Link
CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...)
	- yara 3.6.2+dfsg-1 (low; bug #864517)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/678
	NOTE: https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and probably p ...)
	- piwigo <removed>
CVE-2017-9463 (The application Piwigo is affected by a SQL injection vulnerability in ...)
	- piwigo <removed>
CVE-2017-9460
	RESERVED
CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web interfa ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect internal  ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform capsule s ...)
	NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
CVE-2017-9456
	RESERVED
CVE-2017-9455
	RESERVED
CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedded are ...)
	- resiprocate 1:1.11.0~beta4-1 (unimportant)
	NOTE: https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
	NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses the
	NOTE: system library.
CVE-2017-9453
	RESERVED
CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0  ...)
	- piwigo <removed>
CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in fla ...)
	NOT-FOR-US: flatCore CMS
CVE-2017-9450 (The Amazon Web Services (AWS) CloudFormation bootstrap tools package ( ...)
	NOT-FOR-US: Amazon Web Services (AWS) CloudFormation bootstrap tools package
CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remot ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2. ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9462 (In Mercurial before 4.1.3, "hg serve --stdio" allows remote authentica ...)
	{DLA-1414-1 DLA-1005-1}
	- mercurial 4.3.1-1 (bug #861243)
	[stretch] - mercurial 4.0-1+deb9u1
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of ser ...)
	{DLA-1754-1}
	- samba 2:4.5.6+dfsg-1 (bug #864291)
	[wheezy] - samba <no-dsa> (Minor, non reproducible issue)
	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572
CVE-2017-9447 (In the web interface of Parallels Remote Application Server (RAS) 15.5 ...)
	NOT-FOR-US: Parallels Remote Application Server
CVE-2017-9446
	RESERVED
CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in syst ...)
	- systemd 233-10 (bug #866147)
	[stretch] - systemd 232-25+deb9u1
	[jessie] - systemd <not-affected> (Vulnerable code not present)
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/27/8
CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\ ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9442 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPS ...)
	{DSA-3914-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864273)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/462
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c2be129c25763680afeca59f4de5d6d4240ca2cf
CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPD ...)
	{DSA-3914-1 DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864274)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/460
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attacker ...)
	- yara 3.6.1+dfsg-1 (low; bug #864518)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/674
	NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This vulner ...)
	NOT-FOR-US: Openbravo Business Suite
CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.que ...)
	- teampass <itp> (bug #730180)
CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #864569)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read v ...)
	- libcrypto++ 5.6.4-7 (bug #864214)
	[jessie] - libcrypto++ <no-dsa> (Minor issue)
	[wheezy] - libcrypto++ <no-dsa> (Minor issue)
	NOTE: https://github.com/weidai11/cryptopp/issues/414
	NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
CVE-2017-9433 (Document Liberation Project libmwaw before 2017-04-08 has an out-of-bo ...)
	{DSA-3875-1}
	- libmwaw 0.3.9-2 (bug #864366)
	NOTE: https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/
CVE-2017-9432 (Document Liberation Project libstaroffice before 2017-04-07 has an out ...)
	- libstaroffice 0.0.3-3 (bug #864207)
CVE-2017-9431 (Google gRPC before 2017-04-05 has an out-of-bounds write caused by a h ...)
	- grpc 1.3.2-0.1 (bug #864210)
	NOTE: https://github.com/grpc/grpc/pull/10492
	NOTE: Fixed by: https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064
CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows attackers  ...)
	- dnstracer <unfixed> (unimportant)
	NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace.
	NOTE: One scenario would be to have a web application that launches dnstracer
	NOTE: with user supplied name strings to evaluate.
CVE-2017-9429 (SQL injection vulnerability in the Event List plugin 0.7.8 for WordPre ...)
	NOT-FOR-US: Event List plugin for WordPress
CVE-2017-9428 (A directory traversal vulnerability exists in core\admin\ajax\develope ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remot ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection  ...)
	NOT-FOR-US: Piwigo extension
CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name paramet ...)
	NOT-FOR-US: Piwigo extension
CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attacker ...)
	NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET
CVE-2017-9423
	RESERVED
CVE-2017-9422
	REJECTED
CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks before 2017 ...)
	NOT-FOR-US: Accellion kiteworks
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...)
	NOT-FOR-US: Spiffy Calendar plugin for WordPress
CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fi ...)
	NOT-FOR-US: Webhammer WP Custom Fields Search plugin for WordPress
CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for Wo ...)
	NOT-FOR-US: WP-Testimonials plugin for WordPress
CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitra ...)
	{DLA-1573-1}
	- firmware-nonfree 20180518-1 (bug #869639)
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	[wheezy] - firmware-nonfree <no-dsa> (non-free not supported)
	NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603
	NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
	NOT-FOR-US: Odoo
CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...)
	NOT-FOR-US: Subsonic
CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...)
	NOT-FOR-US: Subsonic
CVE-2017-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Podc ...)
	NOT-FOR-US: Subsonic
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...)
	NOT-FOR-US: Jamroom
CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME 3.99. ...)
	- lame 3.99.5+repack1-7
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: Fixed by the improved 0001-Add-check-for-invalid-input-sample-rate.patch in
	NOTE: 3.99.5+repack1-7, https://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/debian/patches?id=1c7c62d3c5614443524b5ad170ba2713a14d4e09
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
	NOTE: https://sourceforge.net/p/lame/bugs/463/
	NOTE: Invalid read in command line tool so no CVE is needed. MITRE contacted by ago@gentoo
CVE-2017-9411
	REJECTED
CVE-2017-9410
	REJECTED
CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows atta ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864090)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/458
CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...)
	{DSA-4079-1}
	- poppler 0.57.0-2 (low; bug #864009)
	[wheezy] - poppler <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100776
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b21b041f7948680c03109f0c404400a9dbc4544c
CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows at ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864089)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/459
CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...)
	{DSA-4079-1}
	- poppler 0.57.0-2 (low; bug #864010)
	[wheezy] - poppler <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100775
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4
CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allow ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864087)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/457
CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the functio ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-1
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
	NOTE: Possibly sensible to add the other memory leaks fixes in OJPEGReadHeaderInfoSecTables
	NOTE: method from tif_ojpeg.c, i.e.:
	NOTE: https://github.com/vadz/libtiff/commit/e9bd1b06fe25219cf0873fca70e46f01843fd9f4
	NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
	NOTE: Reproducing the issue itself is "covered" after fixing https://github.com/vadz/libtiff/commit/5ed9fea523316c2f5cec4d393e4d5d671c2dbc33
	NOTE: To verify 2ea32f7372b65c24b2816f11c04bf59b5090d05b fixes the issue build src:tiff
	NOTE: with ASAN with 5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 reverted. Before the
	NOTE: 2ea32f7372b65c24b2816f11c04bf59b5090d05b commit the Direct leak of 73 byte
	NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688
	NOTE: is shown.
CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the functio ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-1
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
CVE-2017-9402
	RESERVED
CVE-2017-9401
	RESERVED
CVE-2017-9400
	RESERVED
CVE-2017-9399
	RESERVED
CVE-2017-9398
	RESERVED
CVE-2017-9397
	RESERVED
CVE-2017-9396
	RESERVED
CVE-2017-9395
	RESERVED
CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Governance  ...)
	NOT-FOR-US: CA Identity Governance
CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote a ...)
	NOT-FOR-US: CA Identity Manager
CVE-2017-9392 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9391 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera devices
CVE-2017-9389 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera devices
CVE-2017-9387 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9386 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9385 (An issue was discovered on Vera Veralite 1.7.481 devices. The device h ...)
	NOT-FOR-US: Vera
CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera devices
CVE-2017-9383 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9382 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera
CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...)
	NOT-FOR-US: Vera devices
CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of  ...)
	NOT-FOR-US: OpenEMR
CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear p ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit devic ...)
	NOT-FOR-US: Barco ClickShare Base Unit device
CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file inclus ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller emulato ...)
	{DSA-3991-1 DLA-1927-1}
	- qemu 1:2.10.0-1 (bug #864219)
	[wheezy] - qemu <not-affected> (vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emu ...)
	{DSA-3920-1 DLA-1497-1}
	- qemu 1:2.8+dfsg-7 (bug #864568)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
CVE-2017-9373 (Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emu ...)
	{DSA-3920-1 DLA-1497-1}
	- qemu 1:2.8+dfsg-7 (bug #864216)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04
CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0  ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-9370 (An information disclosure / elevation of privilege vulnerability in th ...)
	NOT-FOR-US: BlackBerry
CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0  ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry Workspaces S ...)
	NOT-FOR-US: BlackBerry Workspaces Server
CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry Workspaces Serve ...)
	NOT-FOR-US: BlackBerry Workspaces Server
CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS ...)
	NOT-FOR-US: Telaxus EPESI
CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an a ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...)
	NOT-FOR-US: Soffid IAM console
CVE-2017-9362 (ManageEngine ServiceDesk Plus before 9312 contains an XML injection at ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/detail ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/det ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-9357
	RESERVED
CVE-2017-9356 (Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability  ...)
	NOT-FOR-US: Sitecore.NET
CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x  ...)
	- asterisk 1:13.14.1~dfsg-2 (bug #863906)
	[jessie] - asterisk <not-affected> (11.x series not affected)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt
CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source 1 ...)
	{DSA-3933-1}
	- pjproject 2.5.5~dfsg-6 (bug #863902)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939
CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x be ...)
	{DSA-3933-1}
	- pjproject 2.5.5~dfsg-6 (bug #863901)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt
CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist feature ...)
	NOT-FOR-US: Subsonic
CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector co ...)
	- wireshark 2.2.7-1 (bug #864058)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5debcf56eda16064c10f4e22b3db326c8b53406b
CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was  ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector  ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8d7690a59059821e2a2a84ac8d925aa5e70b7ba
CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector co ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-24.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609
CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissec ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6431695049116176361ce4691dfd3c77ab19858
	NOTE: When fixing this entry make sure to apply the complete fix and adding
	NOTE: the related commits from the CVE-2017-11411. Otherwise those releases
	NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix.
CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector h ...)
	{DLA-1729-1}
	- wireshark 2.2.7-1 (low; bug #864058)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...)
	- wireshark 2.2.7-1 (bug #864058)
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-23.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...)
	- wireshark 2.2.7-1 (bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissecto ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7eab596c0824e6fa20aad6932bcd2fdb94b86edf
CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector cou ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6408d6a8e842148f677a9f9413776ebaa150bb0
CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP d ...)
	{DLA-1729-1}
	- wireshark 2.2.7-1 (low; bug #864058)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701
CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector m ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7c39a77e8b6ed204d7c1ec9afd712ef30ac2db26
CVE-2017-9342
	RESERVED
CVE-2017-9341
	RESERVED
CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make admin t ...)
	- owncloud <removed>
CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosure of  ...)
	- owncloud <removed>
CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in  ...)
	- owncloud <removed>
CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerabili ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-9335
	RESERVED
CVE-2017-9333 (OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG ...)
	NOT-FOR-US: OpenWebif
CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...)
	NOT-FOR-US: PivotX
CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored C ...)
	NOT-FOR-US: Telaxus EPESI
CVE-2017-9329
	RESERVED
CVE-2017-9328 (Shell metacharacter injection vulnerability in /usr/www/include/ajax/G ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2017-9327 (Secret data of processes managed by CM is not secured by file permissi ...)
	NOT-FOR-US: Cloudera
CVE-2017-9326 (The keystore password for the Spark History Server may be exposed in u ...)
	NOT-FOR-US: Cloudera
CVE-2017-9325 (The provided secure solrconfig.xml sample configuration does not enfor ...)
	NOT-FOR-US: Cloudera
CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length" procedure results in ...)
	- chicken 4.12.0-0.2 (low; bug #863884)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html
	NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI E ...)
	{DSA-3920-1 DLA-1497-1}
	- qemu 1:2.8+dfsg-7 (bug #863943)
	[wheezy] - qemu <not-affected> (Vulnerable code no present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code no present)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d
CVE-2017-9324 (In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through ...)
	{DSA-3876-1}
	- otrs2 5.0.20-1 (bug #864319)
	[stretch] - otrs2 5.0.16-1+deb9u1
	[wheezy] - otrs2 <not-affected> (does not affect version 3.1.7)
	NOTE: https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
	NOTE: https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
CVE-2017-9323
	REJECTED
CVE-2017-9322
	REJECTED
CVE-2017-9321
	REJECTED
CVE-2017-9320
	RESERVED
CVE-2017-9319
	RESERVED
CVE-2017-9318
	RESERVED
CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP devices. Att ...)
	NOT-FOR-US: Dahua
CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in Dahu ...)
	NOT-FOR-US: Dahua
CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device inf ...)
	NOT-FOR-US: Dahua
CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52X ...)
	NOT-FOR-US: Dahua NVR
CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1 ...)
	- webmin <removed>
CVE-2017-9312 (Improperly implemented option-field processing in the TCP/IP stack on  ...)
	NOT-FOR-US: Allen-Bradley
CVE-2017-9311
	RESERVED
CVE-2017-9309
	RESERVED
CVE-2017-9308
	RESERVED
CVE-2017-9307 (SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remo ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9306 (inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to ...)
	NOT-FOR-US: sysPass
CVE-2017-9305 (lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 all ...)
	- tikiwiki <removed>
CVE-2017-9304 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attacker ...)
	- yara 3.6.1+dfsg-1 (bug #863842)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/674
	NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699
CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running Fle ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2016-10394
	RESERVED
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2016-10393 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9095
	RESERVED
CVE-2015-9094
	RESERVED
CVE-2015-9093
	RESERVED
CVE-2015-9092
	RESERVED
CVE-2015-9091
	RESERVED
CVE-2015-9090
	RESERVED
CVE-2015-9089
	RESERVED
CVE-2015-9088
	RESERVED
CVE-2015-9087
	RESERVED
CVE-2015-9086
	RESERVED
CVE-2015-9085
	RESERVED
CVE-2015-9084
	RESERVED
CVE-2015-9083
	RESERVED
CVE-2015-9082
	RESERVED
CVE-2015-9081
	RESERVED
CVE-2015-9080
	RESERVED
CVE-2015-9079
	RESERVED
CVE-2015-9078
	RESERVED
CVE-2015-9077
	RESERVED
CVE-2015-9076
	RESERVED
CVE-2015-9075
	RESERVED
CVE-2015-9074
	RESERVED
CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9071 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9070 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9069 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9068 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9067 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9066 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9065 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9064 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9063 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9062 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.20 doe ...)
	- glibc 2.19-14
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f
CVE-2014-9982
	REJECTED
CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-1000380 (sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to  ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.11.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5)
	NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5)
CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an in ...)
	{DLA-1011-1}
	- sudo 1.8.20p1-1.1 (bug #863897)
	[buster] - sudo 1.8.19p1-2.1
	[stretch] - sudo 1.8.19p1-2.1
	[jessie] - sudo 1.8.10p3-1+deb8u5
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...)
	{DSA-3867-1 DLA-970-1}
	- sudo 1.8.20p1-1 (bug #863731)
	[buster] - sudo 1.8.19p1-2
	[stretch] - sudo 1.8.19p1-2
	NOTE: https://www.sudo.ws/alerts/linux_tty.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/30/16
	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation su ...)
	{DSA-3920-1}
	- qemu 1:2.8+dfsg-7 (bug #863840)
	[jessie] - qemu <not-affected> (Vulnerable code not present; e1000e introduced in 2.7.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7
CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...)
	NOT-FOR-US: Laravel
CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: RealPlayer
CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)
	- vlc 2.2.5.1-1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 al ...)
	{DSA-4045-1}
	- vlc 2.2.6-3
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3
CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=Age ...)
	NOTE: This report for OTRS is quite vague/unclear and upstream can
	NOTE: not track the issue down to a specific fixed release claims though that
	NOTE: it should not be reproducible with versions later than 3.3.17.
CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager before 8. ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01  ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9296 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01  ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9295 (XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitach ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9294 (RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows rem ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9293
	RESERVED
CVE-2017-9292 (Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug  ...)
	NOT-FOR-US: Lansweeper
CVE-2017-9291
	RESERVED
CVE-2017-9290
	RESERVED
CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in no ...)
	NOT-FOR-US: Bram Korsten Note
CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsa ...)
	NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud
CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions whe ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive in ...)
	NOT-FOR-US: IDM
CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus Vi ...)
	NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787)  ...)
	NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an out-of-bounds rea ...)
	NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9280 (Some NetIQ Identity Manager Applications before Identity Manager 4.5.6 ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-9279 (NetIQ Identity Manager before 4.5.6.1 allowed uploading files with dou ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-9278 (The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS l ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate parameter ...)
	NOT-FOR-US: Novell Access Manager iManager
CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is  ...)
	NOT-FOR-US: NetIQ Identity Reporting
CVE-2017-9274 (A shell command injection in the obs-service-source_validator before 0 ...)
	- osc 0.162.1-1 (bug #887391)
	[stretch] - osc <no-dsa> (Minor issue)
	[jessie] - osc <no-dsa> (Minor issue)
	[wheezy] - osc <no-dsa> (Minor issue)
	NOTE: Details in https://bugzilla.suse.com/show_bug.cgi?id=938556
	NOTE: SUSE adressed the issue not only in the obs-service-source_validator
	NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.:
	NOTE: https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1
CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...)
	NOT-FOR-US: IDM
CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...)
	NOT-FOR-US: IDM
CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy credentia ...)
	- zypper <unfixed> (low)
	[buster] - zypper <ignored> (Minor issue)
	[jessie] - zypper <ignored> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625
CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC reque ...)
	NOT-FOR-US: SuSE cryptctl
CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositories we ...)
	- libzypp 17.3.1-1 (bug #899065)
	[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...)
	- open-build-service <unfixed> (low)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519
CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictl ...)
	NOT-FOR-US: Novell eDirectory
CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL  ...)
	NOT-FOR-US: Joomla addon
CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...)
	NOT-FOR-US: e107
CVE-2017-9266
	RESERVED
CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsin ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863662)
	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
	NOTE: OpenFlow 1.5 support still incomplete
CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863661)
	[jessie] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
	[wheezy] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
	NOTE: Userspace data path not enabled in Debian packaging
CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status mes ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863655)
	[jessie] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
	[wheezy] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
	NOTE: Controllers shipped in Debian not vulnerable, see #863655
CVE-2017-9262 (In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c  ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863834)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/475
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4649578df8dcbfb2b08d8623d52486dc124da3a8
CVE-2017-9261 (In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c  ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863833)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/476
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/01d522e990aa57cbe67d222dd5e8f7196cc6d199
CVE-2017-9260 (The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_opti ...)
	- soundtouch 1.9.2-3 (low; bug #870857)
	[stretch] - soundtouch 1.9.2-2+deb9u1
	[jessie] - soundtouch 1.8.0-1+deb8u1
	[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9259 (The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TD ...)
	- soundtouch 1.9.2-3 (low; bug #870856)
	[stretch] - soundtouch 1.9.2-2+deb9u1
	[jessie] - soundtouch 1.8.0-1+deb8u1
	[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9258 (The TDStretch::processSamples function in source/SoundTouch/TDStretch. ...)
	- soundtouch 1.9.2-3 (low; bug #870854)
	[stretch] - soundtouch 1.9.2-2+deb9u1
	[jessie] - soundtouch 1.8.0-1+deb8u1
	[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switc ...)
	- openvswitch 2.6.1+git20161123-1
	[jessie] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
	[wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...)
	{DSA-3868-1 DLA-972-1}
	- openldap 2.4.44+dfsg-5 (bug #863563)
	NOTE: http://www.openldap.org/its/?findid=8655
	NOTE: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
CVE-2017-9252 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: FineCMS
CVE-2017-9251 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: FineCMS
CVE-2017-9250 (The lexer_process_char_literal function in jerry-core/parser/js/js-lex ...)
	NOT-FOR-US: jerryscript
CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remo ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2 ...)
	NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2017-9247 (Multiple unquoted service path vulnerabilities in Sierra Wireless Wind ...)
	NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages
CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...)
	NOT-FOR-US: New Relic .NET Agent
CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allow ...)
	NOT-FOR-US: Google News and Weather application for Android
CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app before 4.0. ...)
	NOT-FOR-US: Trello
CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913  ...)
	NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send  ...)
	{DLA-2259-1 DLA-974-1}
	- picocom 1.7-2 (bug #863671)
	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux k ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
CVE-2017-9241
	RESERVED
CVE-2017-9240
	RESERVED
CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote  ...)
	{DSA-3943-1 DLA-967-1}
	- gajim 0.16.6-1.1 (bug #863445)
	NOTE: https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
	NOTE: https://dev.gajim.org/gajim/gajim/issues/8378
CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function  ...)
	{DLA-2194-1 DLA-976-1}
	- yodl 3.07.01-1
	NOTE: https://github.com/fbb-git/yodl/issues/1
	NOTE: https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3
CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the  ...)
	{DLA-963-1}
	- exiv2 0.25-3.1 (bug #863410)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: http://dev.exiv2.org/issues/1296
	NOTE: fix: https://github.com/Exiv2/exiv2/commit/2f8681e120d277e418941c4361c83b5028f67fd8
CVE-2017-9238
	RESERVED
CVE-2017-9237
	RESERVED
CVE-2017-9236
	RESERVED
CVE-2017-9235
	RESERVED
CVE-2017-9234
	RESERVED
CVE-2017-9233 (XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...)
	{DSA-3898-1 DLA-990-1}
	- expat 2.2.1-1
	NOTE: https://libexpat.github.io/doc/cve-2017-9233/
	NOTE: https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a ...)
	- juju <removed>
CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x ...)
	NOT-FOR-US: Citrix
CVE-2017-9230 (** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a ...)
	NOT-FOR-US: Bitcoin Proof-of-Work algorithm
CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863318)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/issues/59
	NOTE: https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863316)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
	NOTE: https://github.com/kkos/oniguruma/issues/60
CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863315)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
	NOTE: https://github.com/kkos/oniguruma/issues/58
CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863314)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
	NOTE: https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6
	NOTE: https://github.com/kkos/oniguruma/issues/55
CVE-2017-9225 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...)
	- libonig 6.1.3-2 (bug #863313)
	[jessie] - libonig <not-affected> (Vulnerable code introduced later)
	[wheezy] - libonig <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f
	NOTE: https://github.com/kkos/oniguruma/issues/56
CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863312)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
	NOTE: https://github.com/kkos/oniguruma/issues/57
CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Adv ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 2.8.0~cvs20161113-1+deb9u1
	[jessie] - faad2 2.7-8+deb8u1
CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...)
	[experimental] - systemd 233-8
	- systemd 232-24 (bug #863277)
	[jessie] - systemd <not-affected> (vulnerable code introduced later)
	[wheezy] - systemd <not-affected> (vulnerable code introduced later)
	NOTE: https://github.com/systemd/systemd/pull/5998
CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscri ...)
	- jbig2dec 0.13-5 (bug #863279)
	[stretch] - jbig2dec <no-dsa> (Minor issue)
	[jessie] - jbig2dec <no-dsa> (Minor issue)
	[wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future update)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853
CVE-2017-9215
	RESERVED
CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (bug #863228)
	[stretch] - openvswitch <no-dsa> (Minor issue)
	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
CVE-2017-9213
	RESERVED
CVE-2017-9212 (The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the  ...)
	NOT-FOR-US: Bluetooth stack on the BMW 330i 2011
CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linu ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be rep ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a  ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel bef ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07
CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #863390)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
	NOTE: https://github.com/qpdf/qpdf/issues/101
CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #863390)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
	NOTE: https://github.com/qpdf/qpdf/issues/100
CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #863390)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
	NOTE: https://github.com/qpdf/qpdf/issues/99
CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allo ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allow ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allow ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before  ...)
	{DLA-977-1}
	- freeradius 3.0.12+dfsg-5 (bug #863673)
	[jessie] - freeradius <not-affected> (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
	NOTE: http://freeradius.org/security.html#session-resumption-2017
	NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ti ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-2 (bug #863185)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2693
CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through  ...)
	- libytnef 1.9.3-1 (bug #862707)
	[stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
	[jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/47
	NOTE: https://github.com/Yeraze/ytnef/commit/c576639e7e6bd9c7de0a288b9f94590d34ac9215
CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not p ...)
	- tikiwiki <removed>
CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a cras ...)
	{DSA-4040-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23
CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash becaus ...)
	{DSA-3863-1 DLA-1081-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863126)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198
CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion  ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863125)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/490
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a
CVE-2017-9141 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion  ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863124)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/489
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd
CVE-2017-9143 (In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allo ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863123)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/456
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebFo ...)
	NOT-FOR-US: Telerik
CVE-2017-9139 (There is a stack-based buffer overflow on some Tenda routers (FH1202/F ...)
	NOT-FOR-US: Tenda
CVE-2017-9138 (There is a debug-interface vulnerability on some Tenda routers (FH1202 ...)
	NOT-FOR-US: Tenda
CVE-2017-9137 (Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default pas ...)
	NOT-FOR-US: Ceragon FibeAir
CVE-2017-9136 (An issue was discovered on Mimosa Client Radios before 2.2.3. In the d ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9135 (An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimos ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9134 (An information-leakage issue was discovered on Mimosa Client Radios be ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9133 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimos ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9132 (A hard-coded credentials issue was discovered on Mimosa Client Radios  ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9131 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimos ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9130 (The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio ...)
	- faac 1.29+git20170704-1 (bug #865909)
	[stretch] - faac <no-dsa> (Non-free not supported)
	[jessie] - faac <no-dsa> (Non-free not supported)
	NOTE: https://www.exploit-db.com/exploits/42207/
CVE-2017-9129 (The wav_open_read function in frontend/input.c in Freeware Advanced Au ...)
	- faac 1.29+git20170704-1 (bug #865909)
	[stretch] - faac <no-dsa> (Non-free not supported)
	[jessie] - faac <no-dsa> (Non-free not supported)
	NOTE: https://www.exploit-db.com/exploits/42207/
CVE-2017-9128 (The quicktime_video_width function in lqt_quicktime.c in libquicktime  ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9127 (The quicktime_user_atoms_read_atom function in useratoms.c in libquick ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9126 (The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9125 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2 ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9124 (The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9123 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2 ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allow ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9121
	RESERVED
CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ...)
	- php7.2 <unfixed> (unimportant)
	- php7.1 <removed> (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <not-affected> (Not reproducible, vulnerable code not present.)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544
	NOTE: Not treated as a security issue by upstream
CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...)
	- php7.1 <removed> (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593
	NOTE: Only triggerable by malicious script
CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...)
	- php7.2 <unfixed> (unimportant)
	- php7.1 <removed> (unimportant)
	- php7.0 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Check for Jessie again as soon as more information are available.
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604
	NOTE: Not treated as a security issue by upstream
CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying t ...)
	- tiff <unfixed> (unimportant)
	- tiff3 <not-affected> (Does not ship libtiff-tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
	{DLA-1083-1}
	- openexr 2.2.0-11.1 (bug #864078)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...)
	- openexr <unfixed> (bug #873885)
	[buster] - openexr <no-dsa> (Minor issue)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in  ...)
	- openexr <unfixed> (bug #873885)
	[buster] - openexr <no-dsa> (Minor issue)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
	- openexr <unfixed> (low; bug #873885)
	[buster] - openexr <no-dsa> (Minor issue)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
	{DLA-1083-1}
	- openexr 2.2.0-11.1 (bug #864078)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function  ...)
	- openexr <unfixed> (bug #873885)
	[buster] - openexr <no-dsa> (Minor issue)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function  ...)
	{DLA-1083-1}
	- openexr 2.2.0-11.1 (bug #864078)
	[stretch] - openexr <no-dsa> (Minor issue)
	[jessie] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9108 (An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9107 (An issue was discovered in adns before 1.5.2. It overruns reading a bu ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9106 (An issue was discovered in adns before 1.5.2. adns_rr_info mishandles  ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9105 (An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9104 (An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9103 (An issue was discovered in adns before 1.5.2. pap_mailbox822 does not  ...)
	- adns <unfixed> (unimportant)
	NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2
	NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9102
	RESERVED
CVE-2017-9101 (import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows re ...)
	NOT-FOR-US: PlaySMS
CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash c ...)
	- jasypt 1.9.2-1
	[jessie] - jasypt <no-dsa> (Minor issue)
	[wheezy] - jasypt <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/jasypt/code/668/
CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote  ...)
	NOT-FOR-US: D-Link
CVE-2017-9099
	RESERVED
CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninit ...)
	{DSA-3863-1 DLA-1456-1 DLA-960-1 DLA-953-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #862967)
	- graphicsmagick 1.3.24-1
	NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
	NOTE: GraphicsMagick fix: http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c
	NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through  ...)
	NOT-FOR-US: Anti-Web
CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not dis ...)
	NOT-FOR-US: iText
CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files th ...)
	NOT-FOR-US: Diving Log
CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in  ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsene ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9092
	RESERVED
CVE-2017-9091 (/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION[' ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9090 (reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha'][ ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9089
	RESERVED
CVE-2017-9088
	RESERVED
CVE-2017-9087
	RESERVED
CVE-2017-9086
	RESERVED
CVE-2017-9085 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6. ...)
	NOT-FOR-US: Kodak InSite
CVE-2017-9084
	RESERVED
CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a NULL point ...)
	- poppler <unfixed> (unimportant; bug #863016)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101084
	NOTE: Does not use JPX decoder but openjpeg; affected only source wise
CVE-2017-9082
	RESERVED
CVE-2017-9081
	RESERVED
CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name  ...)
	NOT-FOR-US: PlaySMS
CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files  ...)
	{DSA-3859-1 DLA-948-1}
	- dropbear 2016.74-5 (bug #862970)
	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication  ...)
	{DSA-3859-1}
	- dropbear 2016.74-5 (bug #862970)
	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux  ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux  ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through 4.11 ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
CVE-2017-9073
	REJECTED
CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. Calend ...)
	NOT-FOR-US: CalendarXP
CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to trigger  ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9070 (In MODX Revolution before 2.5.7, a user with resource edit permissions ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9069 (In MODX Revolution before 2.5.7, a user with file upload permissions i ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9068 (In MODX Revolution before 2.5.7, an attacker is able to trigger Reflec ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker i ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9060 (Memory leak in the virtio_gpu_set_scanout function in hw/display/virti ...)
	- qemu 1:2.10.0-1 (unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d
CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows loc ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Introduced in 4.9)
	[wheezy] - linux <not-affected> (Introduced in 4.9)
CVE-2017-9057
	RESERVED
CVE-2017-9056
	RESERVED
CVE-2017-9055 (An issue, also known as DW201703-001, was discovered in libdwarf 2017- ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-001
CVE-2017-9054 (An issue, also known as DW201703-002, was discovered in libdwarf 2017- ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-002
CVE-2017-9053 (An issue, also known as DW201703-005, was discovered in libdwarf 2017- ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-005
CVE-2017-9052 (An issue, also known as DW201703-006, was discovered in libdwarf 2017- ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006
CVE-2017-9051 (libav before 12.1 is vulnerable to an invalid read of size 1 due to NU ...)
	- libav <removed> (low)
	[jessie] - libav <not-affected> (Tested with the original reproducer, 0.11 branch not vulnerable)
	[wheezy] - libav <not-affected> (Tested with the original reproducer, 0.8 branch not vulnerable)
	- ffmpeg 7:2.6.1-1 (low)
	NOTE: Fix in libav: https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24.patch
	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039
CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863018)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863019)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863021)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9047 (A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863022)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code e ...)
	NOT-FOR-US: Pegasus Mail
CVE-2017-9045 (The Google I/O 2017 application before 5.1.4 for Android downloads mul ...)
	NOT-FOR-US: Google I/O 2017 application
CVE-2017-9044 (The print_symbol_for_build_attribute function in readelf.c in GNU Binu ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
CVE-2017-9043 (readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large f ...)
	- binutils 2.29-1 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
CVE-2017-9042 (readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in t ...)
	- binutils 2.29-1 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9041 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
	- binutils 2.28-6 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
CVE-2017-9040 (GNU Binutils 2017-04-03 allows remote attackers to cause a denial of s ...)
	- binutils 2.29-1 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9039 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
	- binutils 2.28-6 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
CVE-2017-9038 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
	- binutils 2.28-6 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
CVE-2017-9037 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Ser ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9036 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local us ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9035 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attacker ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9034 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attacker ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9033 (Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerP ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Ser ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer over- ...)
	- libytnef 1.9.2-2 (low; bug #862556)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/45
CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...)
	NOT-FOR-US: Joomla extension
CVE-2017-9029
	RESERVED
CVE-2017-9028
	RESERVED
CVE-2017-9027
	RESERVED
CVE-2017-9026 (Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6 ...)
	NOT-FOR-US: HooHoo Trip Mate
CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...)
	NOT-FOR-US: HooHoo Trip Mate
CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect validation i ...)
	{DLA-1075-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	[jessie] - wordpress 4.1+dfsg-1+deb8u16
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for po ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability  ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta dat ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability  ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
CVE-2017-9024 (Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes S ...)
	NOT-FOR-US: Secure Bytes Cisco Configuration Manager
CVE-2017-9023 (The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE  ...)
	{DSA-3866-1 DLA-973-1}
	- strongswan 5.5.1-4
	NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=407fcca200fdf6a41a04ac0885a770b6b53c5d23
CVE-2017-9022 (The gmp plugin in strongSwan before 5.5.3 does not properly validate R ...)
	{DSA-3866-1 DLA-973-1}
	- strongswan 5.5.1-4
	NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=6681d98d18d24b31410fc12c3d61f150107481b3
CVE-2017-9021
	REJECTED
CVE-2017-9020
	RESERVED
CVE-2016-10373
	REJECTED
CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protocol, wh ...)
	NOT-FOR-US: Eir D1000 modem
CVE-2017-9019
	RESERVED
CVE-2017-9018
	RESERVED
CVE-2017-9017
	RESERVED
CVE-2017-9016
	RESERVED
CVE-2017-9015
	RESERVED
CVE-2017-9014
	RESERVED
CVE-2017-9013
	RESERVED
CVE-2017-9012
	RESERVED
CVE-2017-9011
	RESERVED
CVE-2017-9010
	RESERVED
CVE-2017-9009
	RESERVED
CVE-2017-9008
	RESERVED
CVE-2017-9007
	RESERVED
CVE-2017-9006
	RESERVED
CVE-2017-9005
	RESERVED
CVE-2017-9004
	RESERVED
CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could al ...)
	NOT-FOR-US: Aruba
CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross ...)
	NOT-FOR-US: Aruba
CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout ...)
	NOT-FOR-US: Aruba
CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x  ...)
	NOT-FOR-US: Aruba
CVE-2017-8999
	RESERVED
CVE-2017-8998
	RESERVED
CVE-2017-8997
	RESERVED
CVE-2017-8996
	RESERVED
CVE-2017-8995
	RESERVED
CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration produ ...)
	NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and Portfol ...)
	NOT-FOR-US: HPE Project and Portfolio Management
CVE-2017-8992 (HPE has identified a remote privilege escalation vulnerability in HPE  ...)
	NOT-FOR-US: HPE
CVE-2017-8991 (HPE has identified a cross site scripting (XSS) vulnerability in HPE C ...)
	NOT-FOR-US: HPE
CVE-2017-8990 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2017-8989 (A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, ...)
	NOT-FOR-US: HPE
CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identified  ...)
	NOT-FOR-US: HPE
CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was identifie ...)
	NOT-FOR-US: HPE
CVE-2017-8986
	RESERVED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local au ...)
	NOT-FOR-US: HPE XP Storage
CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE Intell ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent Ma ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) fi ...)
	NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware
CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE I ...)
	NOT-FOR-US: HPE IceWall Products
CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...)
	NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
CVE-2017-8976 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise Mo ...)
	NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
CVE-2017-8975 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise Mo ...)
	NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
CVE-2017-8974 (A Local Authentication Restriction Bypass vulnerability in HPE NonStop ...)
	NOT-FOR-US: HPE NonStop Server
CVE-2017-8973 (An improper input validation vulnerability in HPE Matrix Operating Env ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8972 (A clickjacking vulnerability in HPE Matrix Operating Environment versi ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8971 (A clickjacking vulnerability in HPE Matrix Operating Environment versi ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8970 (A remote unauthenticated disclosure of information vulnerability in HP ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8969 (An improper input validation vulnerability in HPE Insight Control vers ...)
	NOT-FOR-US: HPE Insight Control
CVE-2017-8968 (A remote execution of arbitrary code vulnerability has been identified ...)
	NOT-FOR-US: HPE
CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8965 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8964 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8963 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8962 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8961 (A directory traversal vulnerability in HPE Intelligent Management Cent ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8960 (An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SA ...)
	NOT-FOR-US: HPE MSA
CVE-2017-8959 (An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 204 ...)
	NOT-FOR-US: HPE MSA
CVE-2017-8958 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8957 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8956 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8955 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8954 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8953 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v1 ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2017-8952 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8951 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8950 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8949 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8948 (A Remote Bypass Security Restriction vulnerability in HPE Network Node ...)
	NOT-FOR-US: HPE Network Node Manager
CVE-2017-8947 (A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10 ...)
	NOT-FOR-US: HPE UCMDB
CVE-2017-8946 (A Remote Code Execution vulnerability in HPE Aruba AirWave Glass versi ...)
	NOT-FOR-US: HPE Aruba AirWave Glass
CVE-2017-8945 (A Remote Unauthorized Disclosure of Information vulnerability in HPE I ...)
	NOT-FOR-US: HPE IceWall Federation Agent
CVE-2017-8944 (A Remote Disclosure of Information vulnerability in HPE Cloud Optimize ...)
	NOT-FOR-US: HPE Cloud Optimizer
CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates ...)
	NOT-FOR-US: PUMA PUMATRAC app
CVE-2017-8942 (The YottaMark ShopWell - Healthy Diet &amp; Grocery Food Scanner app 5 ...)
	NOT-FOR-US: YottaMark ShopWell app
CVE-2017-8941 (The Interval International app 3.3 through 3.5.1 for iOS does not veri ...)
	NOT-FOR-US: Interval International app
CVE-2017-8940 (The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS ...)
	NOT-FOR-US: Zipongo app
CVE-2017-8939 (The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not ve ...)
	NOT-FOR-US: ellentube app
CVE-2017-8938 (The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509  ...)
	NOT-FOR-US: Radio Javan app
CVE-2017-8937 (The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certific ...)
	NOT-FOR-US: Life Before Us Yo app
CVE-2017-8936 (The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.2 ...)
	NOT-FOR-US: MoboTap Dolphin Web Browser
CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS does n ...)
	NOT-FOR-US: Quest Information Systems Indiana Voters app
CVE-2016-10374 (perltidy through 20160302, as used by perlcritic, check-all-the-things ...)
	- perltidy 20140328-2 (bug #862667)
	[jessie] - perltidy <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - perltidy <no-dsa> (Minor issue)
CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...)
	- golang-1.8 1.8.3-1 (bug #863307)
	[stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang-1.7 1.7.6-1 (bug #863308)
	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang <removed>
	[wheezy] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve)
	[jessie] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve)
	NOTE: Upstream issue: https://github.com/golang/go/issues/20040
	NOTE: Upstream patch: https://golang.org/cl/41070
	NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773
	NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770
CVE-2017-8931 (Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow a ...)
	NOT-FOR-US: Bitdefender
CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple I ...)
	NOT-FOR-US: Simple Invoices
CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allo ...)
	- yara 3.6.0+dfsg-1
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/658
	NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e
CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...)
	NOT-FOR-US: mailcow
CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a directory trave ...)
	{DSA-3856-1 DLA-943-1}
	- deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
	NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
	NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local ...)
	- pcmanfm 1.2.5-3 (low; bug #862571)
	[jessie] - pcmanfm <no-dsa> (Minor issue)
	[wheezy] - pcmanfm <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
CVE-2017-8933 (Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a ...)
	- menu-cache 1.0.2-3 (low; bug #862570)
	[jessie] - menu-cache <no-dsa> (Minor issue)
	[wheezy] - menu-cache <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
CVE-2017-8927 (Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause ...)
	NOT-FOR-US: Larson VizEx Reader
CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to  ...)
	NOT-FOR-US: Halliburton LogView Pro
CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.16-1 (low)
	NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8
CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in th ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.16-1 (low)
	NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e
CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through 7 ...)
	- php7.1 <removed> (bug #881539)
	- php7.0 <removed> (bug #881538)
	[stretch] - php7.0 <ignored> (Minor issue)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577
	NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122
CVE-2017-8922
	RESERVED
CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows overwrit ...)
	- flightgear 1:2016.4.4+dfsg-3 (bug #862689)
	[jessie] - flightgear 3.0.0-5+deb8u2
	NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ (next)
	NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ (2016.4)
	NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0)
CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the ...)
	- cgiirc <removed>
CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...)
	NOT-FOR-US: NetApp
CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...)
	NOT-FOR-US: Dive Assistant
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attac ...)
	NOT-FOR-US: Joomla!
CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...)
	NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard
CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...)
	NOT-FOR-US: SAP
CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticat ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() func ...)
	{DSA-3869-1 DLA-962-1}
	- tnef 1.4.12-1.2 (bug #862442)
	NOTE: https://github.com/verdammelt/tnef/issues/23
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/a686971a1f124d9ae18946b1844dbc2c1f30df10
CVE-2017-8910
	RESERVED
CVE-2017-8909
	RESERVED
CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 all ...)
	- ghostscript 9.22~dfsg-1 (unimportant)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810
	NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
	NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correc ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...)
	- x265 <not-affected> (Affected code is not enabled)
	NOTE: https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common
CVE-2017-8902
	RESERVED
CVE-2017-8901
	RESERVED
CVE-2017-8900 (LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, ...)
	- lightdm <not-affected> (No guest account support in Debian, cf. #661230)
CVE-2017-8899 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
	NOT-FOR-US: Invision Power Services
CVE-2017-8898 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
	NOT-FOR-US: Invision Power Services
CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
	NOT-FOR-US: Invision Power Services
CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6 ...)
	- owncloud <removed>
CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before bui ...)
	NOT-FOR-US: Veritas
CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software upd ...)
	NOT-FOR-US: AeroAdmin
CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where  ...)
	NOT-FOR-US: AeroAdmin
CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3  ...)
	NOT-FOR-US: OpenText Tempo Box
CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a mal ...)
	- lepton 1.2.1+20170405-1 (bug #862446)
	NOTE: https://github.com/dropbox/lepton/issues/87
	NOTE: https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
CVE-2017-8889
	RESERVED
CVE-2017-8888
	RESERVED
CVE-2017-8887
	RESERVED
CVE-2017-8886
	RESERVED
CVE-2017-8885
	RESERVED
CVE-2017-8884
	RESERVED
CVE-2017-8883
	RESERVED
CVE-2017-8882
	RESERVED
CVE-2017-8881
	RESERVED
CVE-2017-8880
	RESERVED
CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the c ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 al ...)
	NOT-FOR-US: ASUS
CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 a ...)
	NOT-FOR-US: ASUS
CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to c ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote  ...)
	NOT-FOR-US: Wordpress addon
CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1 ...)
	NOT-FOR-US: Mautic
CVE-2017-8873
	RESERVED
CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...)
	- libxml2 2.9.4+dfsg1-6.1 (bug #862450)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	[jessie] - libxml2 <no-dsa> (Minor issue)
	[wheezy] - libxml2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco  ...)
	- libcroco <unfixed> (bug #864666; low)
	[buster] - libcroco <ignored> (Minor issue)
	[stretch] - libcroco <ignored> (Minor issue)
	[jessie] - libcroco <no-dsa> (Minor issue)
	[wheezy] - libcroco <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782649
CVE-2017-8870 (Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execut ...)
	NOT-FOR-US: AudioCoder
CVE-2017-8869 (Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to e ...)
	NOT-FOR-US: MediaCoder
CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via  ...)
	NOT-FOR-US: flatCore
CVE-2017-8867 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...)
	NOT-FOR-US: Elemental Path's CogniToys Dino smart toys
CVE-2017-8866 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...)
	NOT-FOR-US: Elemental Path's CogniToys Dino smart toys
CVE-2017-8865 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...)
	NOT-FOR-US: Elemental Path's CogniToys Dino smart toys
CVE-2017-8864 (Client-side enforcement using JavaScript of server-side security optio ...)
	NOT-FOR-US: Cohu
CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 allows an  ...)
	NOT-FOR-US: Cohu
CVE-2017-8862 (The webupgrade function on the Cohu 3960HD does not verify the firmwar ...)
	NOT-FOR-US: Cohu
CVE-2017-8861 (Missing authentication for the remote configuration port 1236/tcp on t ...)
	NOT-FOR-US: Cohu
CVE-2017-8860 (Information disclosure through directory listing on the Cohu 3960HD al ...)
	NOT-FOR-US: Cohu
CVE-2017-8859 (In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users  ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-8858 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-8857 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
	{DLA-969-1}
	- tiff 4.0.7-7 (low; bug #862929)
	[jessie] - tiff 4.0.3-12.3+deb8u5
	- tiff3 <removed>
	[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly ...)
	- gtk-vnc 0.4.3-1
	NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3)
CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a mal ...)
	- wolfssl 3.12.0+dfsg-1 (bug #870170)
	NOTE: Fixed upstream in 3.11.0, https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable
CVE-2017-8854 (wolfSSL before 3.10.2 has an out-of-bounds memory access with loading  ...)
	- wolfssl 3.10.2+dfsg-1
CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/ap ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It  ...)
	NOT-FOR-US: SAP
CVE-2017-8851 (An issue was discovered on OnePlus One and X devices. Due to a lenient ...)
	NOT-FOR-US: OnePlus One
CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due t ...)
	NOT-FOR-US: OnePlus One
CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by lever ...)
	{DSA-3951-1 DLA-1002-1}
	- smb4k 1.2.1-2 (bug #862505)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
	NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
	NOTE: https://github.com/stealth/plasmapulsar
	NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e
	NOTE: smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce
CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a pa ...)
	NOT-FOR-US: Allen Disk
CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863145)
	NOTE: https://github.com/ckolivas/lrzip/issues/67
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...)
	- lrzip 0.631+git180517-1 (bug #863150)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/71
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863151)
	NOTE: https://github.com/ckolivas/lrzip/issues/68
	NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows  ...)
	- lrzip 0.631+git180517-1 (bug #863153)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/70
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863155)
	NOTE: https://github.com/ckolivas/lrzip/issues/69
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863156)
	NOTE: https://github.com/ckolivas/lrzip/issues/66
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710,  ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580,  ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, a ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, 71 ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devi ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and  ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...)
	NOT-FOR-US: OnePlus
CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a so ...)
	{DLA-935-1}
	- lxterminal 0.3.0-2 (low; bug #862098)
	[jessie] - lxterminal 0.2.0-1+deb8u1
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 a ...)
	- libcroco <unfixed> (bug #864666; low)
	[buster] - libcroco <ignored> (Minor issue)
	[stretch] - libcroco <ignored> (Minor issue)
	[jessie] - libcroco <no-dsa> (Minor issue)
	[wheezy] - libcroco <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782647
CVE-2017-8833 (Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE:  ...)
	NOT-FOR-US: Zen Cart
CVE-2017-8832 (Allen Disk 1.6 has XSS in the id parameter to downfile.php. ...)
	NOT-FOR-US: Allen Disk
CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus. ...)
	{DLA-1200-1}
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559
CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862637)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/467
CVE-2017-8828
	RESERVED
CVE-2017-8827 (forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might a ...)
	NOT-FOR-US: GenixCMS
CVE-2017-8826 (FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly  ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling c ...)
	- libetpan 1.6-3 (bug #862151)
	[jessie] - libetpan <no-dsa> (Minor issue)
	[wheezy] - libetpan <no-dsa> (Minor issue)
	NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
	NOTE: https://github.com/dinhviethoa/libetpan/issues/274
CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel t ...)
	{DSA-4082-1 DSA-4073-1 DLA-1200-1}
	- linux 4.14.7-1
	NOTE: http://lists.openwall.net/netdev/2017/12/04/224
	NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24313
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/21534
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24246
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24245
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24244
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to  ...)
	- curl 7.57.0-1
	[stretch] - curl <not-affected> (Vulnerable code not present)
	[jessie] - curl <not-affected> (Vulnerable code not present)
	[wheezy] - curl <not-affected> (Vulnerable code not present)
	NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html
	NOTE: https://curl.haxx.se/CVE-2017-8818.patch
CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows rem ...)
	{DSA-4051-1 DLA-1195-1}
	- curl 7.57.0-1
	NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html
	NOTE: https://curl.haxx.se/CVE-2017-8817.patch
CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 7.57.0 on 3 ...)
	{DSA-4051-1}
	- curl 7.57.0-1
	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced in 7.36.0)
	NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html
	NOTE: https://curl.haxx.se/CVE-2017-8816.patch
CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28. ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T119158
CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28. ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T124404
CVE-2017-8813
	REJECTED
CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T125163
CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki bef ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T176247
CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T134100
CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x b ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T128209
CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T178451
CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cach ...)
	{DSA-4034-1}
	- varnish 5.2.1-1 (bug #881808)
	[jessie] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0)
	[wheezy] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0)
	NOTE: http://varnish-cache.org/security/VSV00002.html
	NOTE: https://github.com/varnishcache/varnish-cache/pull/2429
	NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/176f8a075a
CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scri ...)
	{DSA-4029-1 DLA-1169-1}
	- postgresql-common 188
CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links opt ...)
	- archvsync 20171017
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/17/2
	NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016
CVE-2017-1000041
	REJECTED
CVE-2017-1000040
	REJECTED
CVE-2017-1000019
	REJECTED
CVE-2016-1000393
	REJECTED
CVE-2016-1000373
	REJECTED
CVE-2016-1000372
	REJECTED
CVE-2016-1000371
	REJECTED
CVE-2016-1000370
	REJECTED
CVE-2016-1000369
	REJECTED
CVE-2016-1000368
	REJECTED
CVE-2016-1000367
	REJECTED
CVE-2016-1000366
	REJECTED
CVE-2016-1000365
	REJECTED
CVE-2016-1000364
	REJECTED
CVE-2016-1000363
	REJECTED
CVE-2016-1000362
	REJECTED
CVE-2016-1000361
	REJECTED
CVE-2016-1000360
	REJECTED
CVE-2016-1000338 (In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows attac ...)
	- lintian 2.5.50.4 (bug #861958)
	[jessie] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
	[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...)
	NOTE: This is not a vulnerability in glibc, but a bug in the application, see
	NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00128.html and
	NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/05/2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow use ...)
	NOT-FOR-US: Notepad++
CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
	NOT-FOR-US: Zimbra
CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Buil ...)
	NOT-FOR-US: Trend Micro
CVE-2017-8800
	RESERVED
CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before 4. ...)
	NOT-FOR-US: iRODS
CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v ...)
	{DLA-2197-1 DLA-949-1}
	- miniupnpc 1.9.20140610-3 (bug #862273)
	NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly v ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1)
CVE-2017-8796 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8795 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8794 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8793 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8792 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8791 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8790 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8789 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8788 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...)
	- libpodofo 0.9.5-7 (bug #861738)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: Possible unspecified impact. Needs further analysis.
	NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1851
CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial o ...)
	- pcre2 10.31-1 (unimportant; bug #861873)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2079
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697
CVE-2017-8785 (FastStone Image Viewer 6.2 has a "Data from Faulting Address may be us ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2017-8784
	REJECTED
CVE-2017-8783 (Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent  ...)
	NOT-FOR-US: Zimbra
CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in libming  ...)
	{DLA-980-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/70
CVE-2017-8781 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...)
	NOT-FOR-US: XnView
CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled durin ...)
	NOT-FOR-US: GenixCMS
CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...)
	- gitlab <not-affected> (SVG rendering feature introduced later, cf. bug #861870)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
CVE-2017-8777 (Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: M ...)
	NOT-FOR-US: Open-Xchange GmbH OX Cloud Plugins
CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0 ...)
	{DSA-3845-1 DLA-937-1 DLA-936-1}
	- rpcbind 0.2.3-0.6 (bug #861835)
	- libtirpc 0.2.5-1.2 (bug #861834)
	- ntirpc 1.4.4-1 (bug #861836)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/04/1
	NOTE: https://github.com/guidovranken/rpcbomb/
CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8775 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8774 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (w ...)
	NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (w ...)
	NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 device ...)
	NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android ...)
	NOT-FOR-US: WhatsApp Messenger
CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command injecti ...)
	NOT-FOR-US: Atlassian SourceTree
CVE-2017-8767
	REJECTED
CVE-2017-8766 (IrfanView version 4.44 (32bit) allows remote attackers to execute code ...)
	NOT-FOR-US: IrfanView
CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5 ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862653)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/466
CVE-2017-8764
	RESERVED
CVE-2017-8763 (Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for ...)
	NOT-FOR-US: EPESI
CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits  ...)
	NOT-FOR-US: GenixCMS
CVE-2017-8761 [Swift tempurl middleware reveals signatures in the logfiles]
	RESERVED
	- swift <unfixed>
	[buster] - swift <no-dsa> (Minor issue)
	[stretch] - swift <no-dsa> (Minor issue)
	[jessie] - swift <end-of-life> (Not supported in Jessie LTS)
	NOTE: https://bugs.launchpad.net/swift/+bug/1685798
CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8759 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8758 (Microsoft Exchange Server 2016 allows an elevation of privilege vulner ...)
	NOT-FOR-US: Microsoft
CVE-2017-8757 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8756 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8755 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8754 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8753 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8752 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-8751 (Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8750 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8749 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8748 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8747 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8746 (Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8745 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2017-8744 (A remote code execution vulnerability exists in Excel Services, Micros ...)
	NOT-FOR-US: Microsoft
CVE-2017-8743 (A remote code execution vulnerability exists in Microsoft PowerPoint 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8742 (A remote code execution vulnerability exists in Microsoft PowerPoint 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8741 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8740 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-8739 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...)
	NOT-FOR-US: Microsoft
CVE-2017-8738 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8737 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8736 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8735 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8734 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8733 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8732
	RESERVED
CVE-2017-8731 (Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 al ...)
	NOT-FOR-US: Microsoft
CVE-2017-8730
	RESERVED
CVE-2017-8729 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-8728 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8727 (Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8726 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8725 (A remote code execution vulnerability exists in Microsoft Publisher 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8724 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...)
	NOT-FOR-US: Microsoft
CVE-2017-8723 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8722
	RESERVED
CVE-2017-8721
	RESERVED
CVE-2017-8720 (The Microsoft Windows graphics component on Microsoft Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8719 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8718 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8717 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8716 (Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8715 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, a ...)
	NOT-FOR-US: Microsoft
CVE-2017-8714 (The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8713 (The Windows Hyper-V component on Microsoft Windows Windows 8.1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8712 (The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8711 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8710 (The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8709 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8708 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8707 (The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8706 (The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8705
	RESERVED
CVE-2017-8704 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8703 (The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8702 (Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8701
	RESERVED
CVE-2017-8700 (ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8698
	RESERVED
CVE-2017-8697
	RESERVED
CVE-2017-8696 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8695 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8694 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8693 (The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8692 (The Windows Uniscribe component on Microsoft Windows 8.1, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2017-8691 (Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacke ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-8690
	RESERVED
CVE-2017-8689 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8688 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8687 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8686 (The Windows Server DHCP service in Windows Server 2012 Gold and R2, an ...)
	NOT-FOR-US: Microsoft
CVE-2017-8685 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-8684 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8683 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-8682 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-8681 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8680 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8679 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8678 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8677 (The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8676 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2017-8675 (The Windows Kernel-Mode Drivers component on Microsoft Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8674 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-8673 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8672 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8671 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8670 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8669 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8668 (The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8667
	RESERVED
CVE-2017-8666 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8665 (The Xamarin.iOS update component on systems running macOS allows an at ...)
	NOT-FOR-US: Xamarin.iOS
CVE-2017-8664 (Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8663 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8662 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disc ...)
	NOT-FOR-US: Microsoft
CVE-2017-8661 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8660 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...)
	NOT-FOR-US: Microsoft
CVE-2017-8658 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2017-8657 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8656 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8655 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8654 (Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site sc ...)
	NOT-FOR-US: Microsoft
CVE-2017-8653 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8652 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8651 (Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2017-8650 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to expl ...)
	NOT-FOR-US: Microsoft
CVE-2017-8649 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8648 (Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8647 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2017-8646 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8645 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8644 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8643 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8642 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elev ...)
	NOT-FOR-US: Microsoft
CVE-2017-8641 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8640 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2017-8639 (Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allow ...)
	NOT-FOR-US: Microsoft
CVE-2017-8638 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-8637 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypa ...)
	NOT-FOR-US: Microsoft
CVE-2017-8636 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8635 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: MIcrosoft
CVE-2017-8634 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-8633 (Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-8632 (A remote code execution vulnerability exists in Microsoft Excel 2010 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8631 (A remote code execution vulnerability exists in Excel Services, Micros ...)
	NOT-FOR-US: Microsoft
CVE-2017-8630 (Microsoft Office 2016 allows a remote code execution vulnerability whe ...)
	NOT-FOR-US: Microsoft
CVE-2017-8629 (Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2017-8628 (Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1,  ...)
	NOT-FOR-US: Microsoft Windows
	NOTE: https://www.armis.com/blueborne/
CVE-2017-8627 (Windows Subsystem for Linux in Windows 10 1703, allows a denial of ser ...)
	NOT-FOR-US: Microsoft
CVE-2017-8626
	RESERVED
CVE-2017-8625 (Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2017-8624 (CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8623 (Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8622 (Windows Subsystem for Linux in Windows 10 1703 allows an elevation of  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8621 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2017-8620 (Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-8619 (Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8618 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8617 (Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8616
	RESERVED
CVE-2017-8615
	RESERVED
CVE-2017-8614
	RESERVED
CVE-2017-8613 (Azure AD Connect Password writeback, if misconfigured during enablemen ...)
	NOT-FOR-US: Azure AD Connect Password writeback
CVE-2017-8612
	RESERVED
CVE-2017-8611 (Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8610 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...)
	NOT-FOR-US: Microsoft
CVE-2017-8609 (Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8608 (Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8. ...)
	NOT-FOR-US: Microsoft
CVE-2017-8607 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8606 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8605 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8604 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8603 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8602 (Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8601 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8600
	RESERVED
CVE-2017-8599 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8598 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8597 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...)
	NOT-FOR-US: Microsoft
CVE-2017-8596 (Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2017-8595 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8594 (Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8593 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8592 (Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8591 (Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8590 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8589 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8588 (Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8587 (Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8586
	RESERVED
CVE-2017-8585 (Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8584 (Windows 10 1607 and Windows Server 2016 allow an attacker to execute c ...)
	NOT-FOR-US: Microsoft
CVE-2017-8583
	RESERVED
CVE-2017-8582 (HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8581 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8580 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8579 (The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8578 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8577 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8576 (The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8575 (The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Windows
CVE-2017-8574 (Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 a ...)
	NOT-FOR-US: Microsoft
CVE-2017-8573 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8572 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8571 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8570 (Microsoft Office allows a remote code execution vulnerability due to t ...)
	NOT-FOR-US: Microsoft
CVE-2017-8569 (Microsoft SharePoint Server allows an elevation of privilege vulnerabi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8568
	RESERVED
CVE-2017-8567 (A remote code execution vulnerability exists in Microsoft Excel for Ma ...)
	NOT-FOR-US: Microsoft
CVE-2017-8566 (Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevat ...)
	NOT-FOR-US: Microsoft
CVE-2017-8565 (Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8564 (Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8563 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8562 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8561 (Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8560 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2017-8559 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2017-8558 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8557 (Windows System Information Console in Windows Server 2008 SP2 and R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8556 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8555 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to tric ...)
	NOT-FOR-US: Microsoft
CVE-2017-8554 (The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8550 (A remote code execution vulnerability exists in Skype for Business whe ...)
	NOT-FOR-US: Microsoft
CVE-2017-8549 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8548 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8547 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8546
	RESERVED
CVE-2017-8545 (A spoofing vulnerability exists in when Microsoft Outlook for Mac does ...)
	NOT-FOR-US: Microsoft
CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8534 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8533 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8532 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8531 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8530 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8529 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8528 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8527 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8526
	RESERVED
CVE-2017-8525
	RESERVED
CVE-2017-8524 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8523 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8522 (Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8521 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2017-8520 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2017-8519 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8518 (Microsoft Edge allows a remote code execution vulnerability due to the ...)
	NOT-FOR-US: Microsoft
CVE-2017-8517 (Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8516 (Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, M ...)
	NOT-FOR-US: Microsoft
CVE-2017-8515 (Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 all ...)
	NOT-FOR-US: Microsoft
CVE-2017-8514 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8513 (A remote code execution vulnerability exists in Microsoft PowerPoint w ...)
	NOT-FOR-US: Microsoft
CVE-2017-8512 (A remote code execution vulnerability exists in Microsoft Office when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8511 (A remote code execution vulnerability exists in Microsoft Office when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8510 (A remote code execution vulnerability exists in Microsoft Office when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8509 (A remote code execution vulnerability exists in Microsoft Office when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8508 (A security feature bypass vulnerability exists in Microsoft Office sof ...)
	NOT-FOR-US: Microsoft
CVE-2017-8507 (A remote code execution vulnerability exists in the way Microsoft Offi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8506 (A remote code execution vulnerability exists in Microsoft Office when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8505
	RESERVED
CVE-2017-8504 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 al ...)
	NOT-FOR-US: Microsoft
CVE-2017-8503 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8502 (Microsoft Office allows a remote code execution vulnerability due to t ...)
	NOT-FOR-US: Microsoft
CVE-2017-8501 (Microsoft Office allows a remote code execution vulnerability due to t ...)
	NOT-FOR-US: Microsoft
CVE-2017-8500
	RESERVED
CVE-2017-8499 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2017-8498 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 al ...)
	NOT-FOR-US: Microsoft
CVE-2017-8497 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an at ...)
	NOT-FOR-US: Microsoft
CVE-2017-8496 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an at ...)
	NOT-FOR-US: Microsoft
CVE-2017-8495 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8494 (Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8493 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-8492 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8491 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8490 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8489 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an attacker t ...)
	NOT-FOR-US: Microsoft
CVE-2017-8486 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8484 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8483 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8482 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8481 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8480 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8479 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8478 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8477 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8476 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8475 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8474 (The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-8473 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-8472 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-8471 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8470 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8469 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8468 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-8467 (Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-8466 (Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-8465 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-8464 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8463 (Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows XP and W ...)
	NOT-FOR-US: Microsoft
CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows R ...)
	NOT-FOR-US: Microsoft
CVE-2017-8459 (** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in whic ...)
	- brave-browser <itp> (bug #864795)
CVE-2017-8458 (Brave 0.12.4 has a URI Obfuscation issue in which a string such as htt ...)
	- brave-browser <itp> (bug #864795)
CVE-2017-8457
	RESERVED
CVE-2017-8456
	RESERVED
CVE-2017-8455 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-8454 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-8453 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-10368 (Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162 ...)
	NOT-FOR-US: Opsview Monitor Pro
CVE-2016-10367 (In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475 ...)
	NOT-FOR-US: Opsview Monitor Pro
CVE-2015-9058 (Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4. ...)
	NOT-FOR-US: Proxmox Mail Gateway
CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Ga ...)
	NOT-FOR-US: Proxmox Mail Gateway
CVE-2017-8452 (Kibana versions prior to 5.2.1 configured for SSL client access, file  ...)
	- kibana <itp> (bug #700337)
CVE-2017-8451 (With X-Pack installed, Kibana versions before 5.3.1 have an open redir ...)
	NOT-FOR-US: Kibana addon
CVE-2017-8450 (X-Pack 5.1.1 did not properly apply document and field level security  ...)
	NOT-FOR-US: Kibana addon
CVE-2017-8449 (X-Pack Security 5.2.x would allow access to more fields than the user  ...)
	NOT-FOR-US: Kibana addon
CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting 5.0 ...)
	- kibana <itp> (bug #700337)
CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enf ...)
	NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and standal ...)
	NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for versio ...)
	NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch
CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0 ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ope ...)
	NOT-FOR-US: Kibana X-Pack Security
CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, c ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not alwa ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vul ...)
	- kibana <itp> (bug #700337)
CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug  ...)
	- kibana <itp> (bug #700337)
CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege es ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8437
	RESERVED
CVE-2017-8436
	RESERVED
CVE-2017-8435
	RESERVED
CVE-2017-8434
	RESERVED
CVE-2017-8433
	RESERVED
CVE-2017-8432
	RESERVED
CVE-2017-8431
	RESERVED
CVE-2017-8430
	RESERVED
CVE-2017-8429
	RESERVED
CVE-2017-8428
	RESERVED
CVE-2017-8427
	RESERVED
CVE-2017-8426
	RESERVED
CVE-2017-8425
	RESERVED
CVE-2017-8424
	RESERVED
CVE-2017-8423
	RESERVED
CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to  ...)
	{DSA-3849-1 DLA-952-1}
	- kauth 5.28.0-2
	- kde4libs 4:4.14.26-2
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
	NOTE: patch for kauth: https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
	NOTE: patch for kde4libs: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=264e97625abe2e0334f97de17f6ffb52582888ab
	NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt
CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File Desc ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address  ...)
	- swftools <removed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values  ...)
	- lame 3.99.5+repack1-7
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: https://sourceforge.net/p/lame/bugs/458/
	NOTE: Issue addressed in Debian via: https://sources.debian.org/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/
	NOTE: in the revised version as included in 3.99.5+repack1-7
CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are vulnerabl ...)
	- kibana <itp> (bug #700337)
CVE-2016-10365 (Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerabi ...)
	- kibana <itp> (bug #700337)
CVE-2016-10364 (With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not proper ...)
	NOT-FOR-US: Kibana addon
CVE-2016-10363 (Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, ...)
	- logstash <itp> (bug #664841)
CVE-2016-10362 (Prior to Logstash version 5.0.1, Elasticsearch Output plugin when upda ...)
	- logstash <itp> (bug #664841)
CVE-2016-10361
	REJECTED
CVE-2016-10360
	REJECTED
CVE-2016-10359
	REJECTED
CVE-2016-10358
	REJECTED
CVE-2016-10357
	REJECTED
CVE-2016-10356
	REJECTED
CVE-2016-10355
	REJECTED
CVE-2016-10354
	REJECTED
CVE-2016-10353
	REJECTED
CVE-2016-10352
	REJECTED
CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attac ...)
	- kibana <itp> (bug #700337)
CVE-2017-8905 (Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback,  ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.0~rc3-1 (bug #861662)
	NOTE: https://xenbits.xen.org/xsa/advisory-215.html
CVE-2017-8904 (Xen through 4.8.x mishandles the "contains segment descriptors" proper ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.1-1+deb9u1 (bug #861660)
	NOTE: https://xenbits.xen.org/xsa/advisory-214.html
CVE-2017-8903 (Xen through 4.8.x on 64-bit platforms mishandles page tables after an  ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.1-1+deb9u1 (bug #861659)
	NOTE: https://xenbits.xen.org/xsa/advisory-213.html
CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing loc ...)
	- rubocop 0.49.1+dfsg-1 (bug #870852)
	NOTE: https://github.com/bbatsov/rubocop/issues/4336
	NOTE: https://github.com/bbatsov/rubocop/commit/dcb258fabd5f2624c1ea0e1634763094590c09d7
CVE-2017-8417 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...)
	NOT-FOR-US: D-Link
CVE-2017-8416 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...)
	NOT-FOR-US: D-Link
CVE-2017-8415 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...)
	NOT-FOR-US: D-Link
CVE-2017-8414 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The b ...)
	NOT-FOR-US: D-Link
CVE-2017-8413 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...)
	NOT-FOR-US: D-Link
CVE-2017-8412 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...)
	NOT-FOR-US: D-Link
CVE-2017-8411 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
	NOT-FOR-US: D-Link
CVE-2017-8410 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The b ...)
	NOT-FOR-US: D-Link
CVE-2017-8409 (An issue was discovered on D-Link DCS-1130 devices. The device require ...)
	NOT-FOR-US: D-Link
CVE-2017-8408 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
	NOT-FOR-US: D-Link
CVE-2017-8407 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
	NOT-FOR-US: D-Link
CVE-2017-8406 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
	NOT-FOR-US: D-Link
CVE-2017-8405 (An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The b ...)
	NOT-FOR-US: D-Link
CVE-2017-8404 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...)
	NOT-FOR-US: D-Link
CVE-2017-8403 (360fly 4K cameras allow unauthenticated Wi-Fi password changes and com ...)
	NOT-FOR-US: 360fly
CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute arbitrary P ...)
	NOT-FOR-US: PivotX
CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...)
	{DLA-995-1}
	- swftools <removed> (unimportant; bug #861998)
	NOTE: https://github.com/matthiaskramm/swftools/issues/14
	NOTE: https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2
	NOTE: Crash in CLI tool not considered a security issue
CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in th ...)
	{DLA-995-1}
	- swftools 0.9.2+git20130725-4.1 (bug #861693)
	[jessie] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/13
	NOTE: https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a
CVE-2017-8399 (PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based  ...)
	- pcre2 <not-affected> (Did only affect revision after r670 upstream; not in a released version)
	NOTE: Fixed by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783
	NOTE: https://vcs.pcre.org/pcre2?view=revision&revision=674
CVE-2017-8398 (dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size  ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21438
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
CVE-2017-8397 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21434
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
CVE-2017-8396 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21432
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
CVE-2017-8395 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21431
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3
CVE-2017-8394 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21414
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2
CVE-2017-8393 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21412
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
CVE-2017-8392 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21409
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97e83a100aa8250be783304bfe0429761c6e6b6b
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3239a4231ff79bf8b67b8faaf414b1667486167c
CVE-2017-8391 (The OS Installation Management component in CA Client Automation r12.9 ...)
	NOT-FOR-US: OS Installation Management component in CA Client Automation
CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-8389
	RESERVED
CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_U ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-8387 (STDU Viewer version 1.6.375 might allow user-assisted attackers to exe ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7 ...)
	{DSA-3848-1 DLA-938-1}
	- git 1:2.11.0-3
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html
	NOTE: https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
CVE-2017-8385 (Craft CMS before 2.6.2976 does not prevent modification of the URL in  ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8384 (Craft CMS before 2.6.2976 allows XSS attacks because an array returned ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing the conte ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8382 (admidio 3.2.8 has CSRF in adm_program/modules/members/members_function ...)
	NOT-FOR-US: admidio
CVE-2017-8381 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...)
	NOT-FOR-US: XnView Classic for Windows
CVE-2017-8380 (Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 all ...)
	- qemu 1:2.8+dfsg-5 (bug #862282)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-5 (bug #862289)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in b ...)
	- libpodofo 0.9.5-9 (bug #861597)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
	NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/
CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.cont ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is m ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-8375
	RESERVED
CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allo ...)
	{DSA-4192-1 DLA-1380-1}
	- libmad 0.15.1b-9
	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
	NOTE: The patch from #508133 fixed things related to this, but did not fix this.
	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch
CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b  ...)
	{DSA-4192-1 DLA-1380-1}
	- libmad 0.15.1b-9 (bug #287519)
	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
	NOTE: "Duplicate with"/basically same as CVE-2017-8372
	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
	{DSA-4192-1 DLA-1380-1}
	- libmad 0.15.1b-9 (bug #287519)
	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
	NOTE: "Duplicate" with/basically same as CVE-2017-8373
	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses c ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-8370 (IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2017-8369 (IrfanView version 4.44 (32bit) has a "Data from Faulting Address contr ...)
	NOT-FOR-US: IrfanView
CVE-2017-8368 (Sublime Text 3 Build 3126 allows user-assisted attackers to cause a de ...)
	- sublime-text <itp> (bug #682158)
CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD  ...)
	NOT-FOR-US: Ether Software
CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...)
	{DSA-3874-1}
	- ettercap 1:0.8.2-5 (bug #861604)
	NOTE: https://github.com/Ettercap/ettercap/issues/792
	NOTE: Fixed by: https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90
CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote a ...)
	{DLA-1618-1 DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862202)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
	NOTE: https://github.com/erikd/libsndfile/issues/230
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers  ...)
	{DLA-2189-1 DLA-955-1}
	- rzip 2.1-4.1 (bug #861614)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
	NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...)
	{DLA-1618-1 DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862203)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
	NOTE: https://github.com/erikd/libsndfile/issues/233
	NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
	NOTE: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8
CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...)
	{DLA-1618-1 DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862204)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
	NOTE: https://github.com/erikd/libsndfile/issues/231
	NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...)
	{DLA-1618-1 DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862205)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
	NOTE: https://github.com/erikd/libsndfile/issues/232
	NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8360 (Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBo ...)
	NOT-FOR-US: Conexant Systems mictray64 task
CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused by a h ...)
	- grpc 1.3.2-0.1
	NOTE: https://github.com/grpc/grpc/pull/10353
	NOTE: Fixed by: https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7
CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused by a h ...)
	- libreoffice <not-affected> (Vulnerable code introduced on 2017-03-15; never in released version)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c
	NOTE: Introduced by: https://github.com/LibreOffice/core/commit/ceb53ad9f34ae05d09f61845d581546eac0c6d60
CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862636)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/453
CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862635)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/449
CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862634)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/450
CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862633)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/451
CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows at ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862632)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/454
CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows atta ...)
	{DSA-3863-1 DLA-1081-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862590)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/452
CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862589)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/448
CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862587)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/447
CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862579)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/443
CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862578)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/445
CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862577)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/441
CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862575)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/440
CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862573)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/442
CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862574)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/446
CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows atta ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862572)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
CVE-2017-8341 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-8340 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a  ...)
	NOT-FOR-US: Panda Free Antivirus
CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...)
	NOT-FOR-US: MikroTik
CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
	NOT-FOR-US: Securifi
CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...)
	- telegram-desktop 1.1.19-2
	NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666
CVE-2016-10350 (The archive_read_format_cab_read_header function in archive_read_suppo ...)
	{DSA-4360-1 DLA-1600-1 DLA-1006-1}
	- libarchive 3.2.2-3.1 (bug #861609)
	NOTE: https://github.com/libarchive/libarchive/issues/835
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 a ...)
	{DSA-4360-1 DLA-1600-1 DLA-1006-1}
	- libarchive 3.2.2-3.1 (bug #861609)
	NOTE: https://github.com/libarchive/libarchive/issues/834
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracl ...)
	{DLA-2187-1 DLA-934-1}
	- radicale 1.1.1+20160115-4 (bug #861514)
	NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x)
	NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master)
CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsene ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-8326 (libimageworsener.a in ImageWorsener before 1.3.1 has "left shift canno ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-8325 (The iw_process_cols_to_intermediate function in imagew-main.c in libim ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-8324
	RESERVED
CVE-2017-8323
	RESERVED
CVE-2017-8322
	RESERVED
CVE-2017-8321
	RESERVED
CVE-2017-8320
	RESERVED
CVE-2017-8319
	RESERVED
CVE-2017-8318
	RESERVED
CVE-2017-8317
	RESERVED
CVE-2017-8316 (IntelliJ IDEA XML parser was found vulnerable to XML External Entity a ...)
	NOT-FOR-US: IntelliJ IDEA XML parser
CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier w ...)
	- apktool 2.2.4-1 (low)
	[stretch] - apktool <no-dsa> (Minor issue)
	NOTE: Upstream bug with details is restricted
	NOTE: According to Red Hat only eclipse-andmore was affected but it was
	NOTE: never shipped with Debian. Apktool is affected though.
	NOTE: Possible fixes: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c
	NOTE: https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed
	NOTE: https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063
CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi 17.1 a ...)
	{DLA-1243-1}
	- kodi 2:17.1+dfsg1-3 (bug #863230)
	- xbmc <removed>
	[jessie] - xbmc <no-dsa> (Minor issue)
	NOTE: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
	NOTE: https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release
	NOTE: Fixed by https://github.com/xbmc/xbmc/commit/35cfe35608b15335ef21d798947fceab3f47c8d7
CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to ...)
	{DSA-3899-1}
	- vlc 2.2.5-1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c
CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...)
	{DSA-3899-1}
	- vlc 2.2.6-1~deb9u1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa
CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...)
	{DSA-3899-1}
	- vlc 2.2.5-1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...)
	{DSA-3899-1}
	- vlc 2.2.5.1-1~deb9u1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...)
	{DLA-1497-1 DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-5 (bug #862280)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=3268a845f41253fb55852a8429c32b50f36f349a
CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by  ...)
	NOT-FOR-US: Avast Antivirus
CVE-2017-8306
	RESERVED
CVE-2017-8304 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8303 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ad ...)
	NOT-FOR-US: Mura CMS
CVE-2017-8300
	RESERVED
CVE-2017-8299
	RESERVED
CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Pos ...)
	NOT-FOR-US: cnvs.io Canvas
CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before 20 ...)
	NOT-FOR-US: simple-file-manager
CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is w ...)
	{DLA-925-1}
	- kedpm <removed> (bug #860817)
	[jessie] - kedpm 1.0+deb8u1
	NOTE: patch in BTS gives workaround to always prompt for password and do not save
	NOTE: to database.
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a password- ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-2 (bug #862053)
	NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
	NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
	NOTE: https://core.trac.wordpress.org/ticket/25239
CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote attack ...)
	- yara 3.6.0+dfsg-1 (bug #861590)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/646
	NOTE: https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e
CVE-2017-8293
	RESERVED
CVE-2017-8292
	RESERVED
CVE-2017-8290 (A potential Buffer Overflow Vulnerability (from a BB Code handling iss ...)
	- teamspeak-server <removed>
	[wheezy] - teamspeak-server <end-of-life> (non-free is not supported)
CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function in sys/ ...)
	NOT-FOR-US: RIOS OS
CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to rel ...)
	- gnome-shell 3.22.3-3
	[jessie] - gnome-shell <no-dsa> (Minor issue)
	[wheezy] - gnome-shell <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781728
	NOTE: https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1
CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a buffe ...)
	- udfclient 0.8.8-1 (bug #861347)
CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_ ...)
	- libressl <itp> (bug #754513)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...)
	{DSA-3838-1 DLA-932-1}
	- ghostscript 9.20~dfsg-3.1 (bug #861295)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private)
	NOTE: Full report viewable at: https://bugzilla.suse.com/show_bug.cgi?id=1036453
	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a he ...)
	{DSA-3839-1 DLA-931-1}
	- freetype 2.6.3-3.2 (bug #861308)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
CVE-2017-8286
	RESERVED
CVE-2017-8285
	RESERVED
CVE-2017-8284 (** DISPUTED ** The disas_insn function in target/i386/translate.c in Q ...)
	- qemu 1:2.10.0-1 (unimportant)
	- qemu-kvm <removed> (unimportant)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=30663fd26c0307e414622c7a8607fbc04f92ec14
	NOTE: qemu issue without security implication per upstream
CVE-2017-8282 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...)
	NOT-FOR-US: XnView Classic for Windows
CVE-2017-8281 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8280 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8279 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon aut ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8271 (Out of bound memory write can happen in the MDSS Rotator driver in all ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8270 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8269 (Userspace-controlled non null terminated parameter for IPA WAN ioctl i ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8268 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8267 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8266 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8265 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8264 (A userspace process can cause a Denial of Service in the camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8263 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8262 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8261 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8260 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8259 (In the service locator in all Qualcomm products with Android releases  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8258 (An array out-of-bounds access in all Qualcomm products with Android re ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8257 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8256 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8255 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8252 (Kernel can inject faults in computations during the execution of Trust ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8249
	RESERVED
CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS messag ...)
	NOT-FOR-US: Qualcomm Telephony
CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8246 (In function msm_pcm_playback_close() in all Android releases from CAF  ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8245 (In all Android releases from CAF using the Linux kernel, while process ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8244 (In core_info_read and inst_info_read in all Android releases from CAF  ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8243 (A buffer overflow can occur in all Qualcomm products with Android for  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race condit ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Android driver
CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a kernel driv ...)
	- linux 4.0.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, userspace-con ...)
	NOT-FOR-US: Android driver
CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Android driver
CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Android driver
CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Android driver
CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a memory stru ...)
	NOT-FOR-US: Android driver
CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out of bou ...)
	NOT-FOR-US: Android driver
CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...)
	NOT-FOR-US: Android driver
CVE-2017-8232
	RESERVED
CVE-2017-8231
	RESERVED
CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...)
	NOT-FOR-US: Amcrest
CVE-2017-8229 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenti ...)
	NOT-FOR-US: Amcrest
CVE-2017-8228 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots w ...)
	NOT-FOR-US: Amcrest
CVE-2017-8227 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout poli ...)
	NOT-FOR-US: Amcrest
CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default creden ...)
	NOT-FOR-US: Amcrest
CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...)
	- dpkg 1.18.24 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2
CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (con ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account  ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8223 (On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the R ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8222 (Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8221 (Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunne ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8220 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...)
	NOT-FOR-US: TP-Link
CVE-2017-8219 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...)
	NOT-FOR-US: TP-Link
CVE-2017-8218 (vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032 ...)
	NOT-FOR-US: TP-Link
CVE-2017-8217 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...)
	NOT-FOR-US: TP-Link
CVE-2017-8216 (Warsaw Huawei Smart phones with software of versions earlier than Wars ...)
	NOT-FOR-US: Huawei
CVE-2017-8215 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toron ...)
	NOT-FOR-US: Huawei
CVE-2017-8214 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toron ...)
	NOT-FOR-US: Huawei
CVE-2017-8213 (Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-8212 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...)
	NOT-FOR-US: Huawei
CVE-2017-8211 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...)
	NOT-FOR-US: Huawei
CVE-2017-8210 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...)
	NOT-FOR-US: Huawei
CVE-2017-8209 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...)
	NOT-FOR-US: Huawei
CVE-2017-8208 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...)
	NOT-FOR-US: Huawei
CVE-2017-8207 (The driver of honor 5C, honor 6x Huawei smart phones with software of  ...)
	NOT-FOR-US: Huawei
CVE-2017-8206 (HONOR 7 Lite mobile phones with software of versions earlier than NEM- ...)
	NOT-FOR-US: Huawei
CVE-2017-8205 (The Bastet driver of Honor 9 Huawei smart phones with software of vers ...)
	NOT-FOR-US: Huawei
CVE-2017-8204 (The Bastet driver of Honor 9 Huawei smart phones with software of vers ...)
	NOT-FOR-US: Huawei
CVE-2017-8203 (The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with softw ...)
	NOT-FOR-US: Huawei
CVE-2017-8202 (The CameraISP driver of some Huawei smart phones with software of vers ...)
	NOT-FOR-US: Huawei
CVE-2017-8201 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have  ...)
	NOT-FOR-US: Huawei
CVE-2017-8200 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have  ...)
	NOT-FOR-US: Huawei
CVE-2017-8199 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have  ...)
	NOT-FOR-US: Huawei
CVE-2017-8198 (FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability ...)
	NOT-FOR-US: Huawei
CVE-2017-8197 (FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerabil ...)
	NOT-FOR-US: Huawei
CVE-2017-8196 (FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vul ...)
	NOT-FOR-US: Huawei
CVE-2017-8195 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper auth ...)
	NOT-FOR-US: Huawei
CVE-2017-8194 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper auth ...)
	NOT-FOR-US: Huawei
CVE-2017-8193 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command inject ...)
	NOT-FOR-US: Huawei
CVE-2017-8192 (FusionSphere OpenStack V100R006C00 has an improper authorization vulne ...)
	NOT-FOR-US: Huawei
CVE-2017-8191 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic  ...)
	NOT-FOR-US: Huawei
CVE-2017-8190 (FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verificat ...)
	NOT-FOR-US: Huawei
CVE-2017-8189 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vuln ...)
	NOT-FOR-US: Huawei
CVE-2017-8188 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection v ...)
	NOT-FOR-US: Huawei
CVE-2017-8187 (Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege e ...)
	NOT-FOR-US: Huawei
CVE-2017-8186 (The Bastet of some Huawei mobile phones with software of earlier than  ...)
	NOT-FOR-US: Huawei
CVE-2017-8185 (ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a p ...)
	NOT-FOR-US: Huawei
CVE-2017-8184 (MTK platform in Huawei smart phones with software of earlier than Nice ...)
	NOT-FOR-US: Huawei
CVE-2017-8183 (MTK platform in Huawei smart phones with software of earlier than Nice ...)
	NOT-FOR-US: Huawei
CVE-2017-8182 (MTK platform in Huawei smart phones with software of earlier than Nice ...)
	NOT-FOR-US: Huawei
CVE-2017-8181 (The camera driver of MTK platform in Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8180 (The camera driver of MTK platform in Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8179 (The camera driver of MTK platform in Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8178 (Huawei Email APP Vicky-AL00 smartphones with software of earlier than  ...)
	NOT-FOR-US: Huawei
CVE-2017-8177 (Huawei APP HiWallet earlier than 5.0.3.100 versions do not support sig ...)
	NOT-FOR-US: Huawei
CVE-2017-8176 (Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 ver ...)
	NOT-FOR-US: Huawei
CVE-2017-8175 (The Bastet of some Huawei mobile phones with software earlier than Vic ...)
	NOT-FOR-US: Huawei
CVE-2017-8174 (Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001 ...)
	NOT-FOR-US: Huawei
CVE-2017-8173 (Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart  ...)
	NOT-FOR-US: Huawei
CVE-2017-8172 (Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL ...)
	NOT-FOR-US: Huawei
CVE-2017-8171 (Huawei smart phones with software earlier than Vicky-AL00AC00B172D ver ...)
	NOT-FOR-US: Huawei
CVE-2017-8170 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8169 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8168 (FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2017-8167 (Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A ...)
	NOT-FOR-US: Huawei
CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before Duke-A ...)
	NOT-FOR-US: Huawei
CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 ...)
	NOT-FOR-US: Huawei
CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; ...)
	NOT-FOR-US: Huawei
CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...)
	NOT-FOR-US: Huawei
CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...)
	NOT-FOR-US: Huawei
CVE-2017-8161 (EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D0 ...)
	NOT-FOR-US: Huawei
CVE-2017-8160 (The Madapt Driver of some Huawei smart phones with software Earlier th ...)
	NOT-FOR-US: Huawei
CVE-2017-8159 (Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019, ...)
	NOT-FOR-US: Huawei
CVE-2017-8158 (FusionCompute V100R005C00 and V100R005C10 have an improper authorizati ...)
	NOT-FOR-US: Huawei
CVE-2017-8157 (OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor ...)
	NOT-FOR-US: Huawei
CVE-2017-8156 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...)
	NOT-FOR-US: Huawei
CVE-2017-8155 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...)
	NOT-FOR-US: Huawei
CVE-2017-8154 (The Themes App Honor 8 Lite Huawei mobile phones with software of vers ...)
	NOT-FOR-US: Huawei
CVE-2017-8153 (Huawei VMall (for Android) with the versions before 1.5.8.5 have a pri ...)
	NOT-FOR-US: Huawei
CVE-2017-8152 (Huawei Honor 5S smart phones with software the versions before TAG-TL0 ...)
	NOT-FOR-US: Huawei
CVE-2017-8151 (Huawei Honor 5S smart phones with software the versions before TAG-TL0 ...)
	NOT-FOR-US: Huawei
CVE-2017-8150 (The boot loaders of P10 and P10 Plus Huawei mobile phones with softwar ...)
	NOT-FOR-US: Huawei
CVE-2017-8149 (The boot loaders of P10 and P10 Plus Huawei mobile phones with softwar ...)
	NOT-FOR-US: Huawei
CVE-2017-8148 (Audio driver in P9 smartphones with software The versions before EVA-A ...)
	NOT-FOR-US: Huawei
CVE-2017-8147 (AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8146 (The call module of P10 and P10 Plus smartphones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8145 (The call module of P10 and P10 Plus smartphones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8144 (Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones  ...)
	NOT-FOR-US: Huawei
CVE-2017-8143 (Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8142 (The Trusted Execution Environment (TEE) module driver of Mate 9 and Ma ...)
	NOT-FOR-US: Huawei
CVE-2017-8141 (The Touch Panel (TP) driver in P10 Plus smart phones with software ver ...)
	NOT-FOR-US: Huawei
CVE-2017-8140 (The soundtrigger driver in P9 Plus smart phones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8139 (HedEx Earlier than V200R006C00 versions have the stored cross-site scr ...)
	NOT-FOR-US: Huawei
CVE-2017-8138 (HedEx Earlier than V200R006C00 versions has a cross-site request forge ...)
	NOT-FOR-US: Huawei
CVE-2017-8137 (HedEx Earlier than V200R006C00 versions has a dynamic link library (DL ...)
	NOT-FOR-US: Huawei
CVE-2017-8136 (HedEx Earlier than V200R006C00 versions has an arbitrary file download ...)
	NOT-FOR-US: Huawei
CVE-2017-8135 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...)
	NOT-FOR-US: Huawei
CVE-2017-8134 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...)
	NOT-FOR-US: Huawei
CVE-2017-8133 (Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a ...)
	NOT-FOR-US: Huawei
CVE-2017-8132 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...)
	NOT-FOR-US: Huawei
CVE-2017-8131 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...)
	NOT-FOR-US: Huawei
CVE-2017-8130 (The UMA product with software V200R001 and V300R001 has an information ...)
	NOT-FOR-US: Huawei
CVE-2017-8129 (The UMA product with software V200R001 and V300R001 has a privilege el ...)
	NOT-FOR-US: Huawei
CVE-2017-8128 (The UMA product with software V200R001 and V300R001 has a privilege el ...)
	NOT-FOR-US: Huawei
CVE-2017-8127 (The UMA product with software V200R001 has a cross-site scripting (XSS ...)
	NOT-FOR-US: Huawei
CVE-2017-8126 (The UMA product with software V200R001 has a privilege elevation vulne ...)
	NOT-FOR-US: Huawei
CVE-2017-8125 (The UMA product with software V200R001 and V300R001 has a cross-site s ...)
	NOT-FOR-US: Huawei
CVE-2017-8124 (The UMA product with software V200R001 has a privilege elevation vulne ...)
	NOT-FOR-US: Huawei
CVE-2017-8123 (The UMA product with software V200R001 has a privilege elevation vulne ...)
	NOT-FOR-US: Huawei
CVE-2017-8122 (The UMA product with software V200R001 has a privilege elevation vulne ...)
	NOT-FOR-US: Huawei
CVE-2017-8121 (The UMA product with software V200R001 and V300R001 has an information ...)
	NOT-FOR-US: Huawei
CVE-2017-8120 (The UMA product with software V200R001 and V300R001 has a privilege el ...)
	NOT-FOR-US: Huawei
CVE-2017-8119 (The UMA product with software V200R001 and V300R001 has a privilege el ...)
	NOT-FOR-US: Huawei
CVE-2017-8118 (The UMA product with software V200R001 and V300R001 has an information ...)
	NOT-FOR-US: Huawei
CVE-2017-8117 (The UMA product with software V200R001 and V300R001 has a privilege el ...)
	NOT-FOR-US: Huawei
CVE-2017-8116 (The management interface for the Teltonika RUT9XX routers (aka LuCI) w ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...)
	NOT-FOR-US: MODX
CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by authenticated us ...)
	{DLA-933-1}
	- roundcube 1.2.3+dfsg.1-4 (bug #861388)
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.2.5
	NOTE: https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003 (1.2.x)
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.9
	NOTE: https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50 (1.1.x)
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.0.11
	NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x)
CVE-2017-8113
	RESERVED
CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-5 (bug #861351)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1445621
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=f68826989cd4d1217797251339579c57b3c0934e
CVE-2017-8111
	RESERVED
CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 1069 ...)
	NOT-FOR-US: modified eCommerce Shopsoftware
CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 co ...)
	- salt 2016.11.5+ds-1 (bug #861219)
	[stretch] - salt 2016.11.2+ds-1+deb9u2
	[jessie] - salt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/saltstack/salt/issues/40075
	NOTE: https://github.com/saltstack/salt/pull/40609
	NOTE: https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151
CVE-2017-8108 (Unspecified tests in Lynis before 2.5.0 allow local users to write to  ...)
	- lynis 2.5.0-1 (unimportant)
	[wheezy] - lynis <not-affected> (Vulnerable code do not exist)
	NOTE: Neutralised by kernel hardening
CVE-2017-8107
	RESERVED
CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3 ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4)
CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a he ...)
	{DSA-3839-1 DLA-918-1}
	- freetype 2.6.3-3.2 (bug #861220)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
CVE-2017-8104 (In MyBB before 1.8.11, the smilie module allows Directory Traversal vi ...)
	NOT-FOR-US: MyBB
CVE-2017-8103 (In MyBB before 1.8.11, the Email MyCode component allows XSS, as demon ...)
	NOT-FOR-US: MyBB
CVE-2017-8102 (Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admi ...)
	- serendipity <removed>
CVE-2017-8101 (There is CSRF in Serendipity 2.0.5, allowing attackers to install any  ...)
	- serendipity <removed>
CVE-2017-8100 (There is CSRF in the CopySafe Web Protection plugin before 2.6 for Wor ...)
	NOT-FOR-US: CopySafe Web Protection plugin
CVE-2017-8099 (There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing ...)
	NOT-FOR-US: WHIZZ plugin for Wordpress
CVE-2017-8098 (e107 2.1.4 is vulnerable to cross-site request forgery in plugin-insta ...)
	NOT-FOR-US: e107
CVE-2017-8097
	RESERVED
CVE-2017-8096
	RESERVED
CVE-2017-8095
	RESERVED
CVE-2017-8094
	RESERVED
CVE-2017-8093
	RESERVED
CVE-2017-8092
	RESERVED
CVE-2017-8091
	RESERVED
CVE-2017-8090
	RESERVED
CVE-2017-8089
	RESERVED
CVE-2017-8088
	RESERVED
CVE-2017-8087 (Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with ...)
	NOT-FOR-US: AVM
CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in Q ...)
	{DLA-1497-1 DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-5 (bug #861348)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4)
	NOTE: Introduced possibly by the fix d10142c11bdcecebe97fd834a834167053b7a05c to
	NOTE: partially fix CVE-2016-9602.
CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds c ...)
	{DSA-3945-1 DLA-1099-1}
	- linux 4.9.30-1 (low)
	NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
	NOTE: https://alephsecurity.com/vulns/aleph-2017023
CVE-2017-1000361 (DOMRpcImplementationNotAvailableException when sending Port-Status pac ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000360 (StreamCorruptedException and NullPointerException in OpenDaylight odl- ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000359 (Java out of memory error and significant increase in resource consumpt ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000358 (Controller throws an exception and does not allow user to add subseque ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive packets fr ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000356 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...)
	- jenkins <removed>
CVE-2017-1000355 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...)
	- jenkins <removed>
CVE-2017-1000354 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...)
	- jenkins <removed>
CVE-2017-1000353 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...)
	- jenkins <removed>
CVE-2017-8084
	RESERVED
CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21  ...)
	NOT-FOR-US: CompuLab Intense PC and MintBox 2 devices
CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, whic ...)
	NOT-FOR-US: concrete5
CVE-2017-8081 (Poor cryptographic salt initialization in admin/inc/template_functions ...)
	NOT-FOR-US: GetSimple CMS
CVE-2017-8080 (Atlassian Hipchat Server before 2.2.4 allows remote authenticated user ...)
	NOT-FOR-US: HipChat
CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2)
CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6. ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6)
CVE-2017-8079
	RESERVED
CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested rem ...)
	NOT-FOR-US: TP-Link
CVE-2017-8077 (On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a l ...)
	NOT-FOR-US: TP-Link
CVE-2017-8076 (On the TP-Link TL-SG108E 1.0, admin network communications are RC4 enc ...)
	NOT-FOR-US: TP-Link
CVE-2017-8075 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credent ...)
	NOT-FOR-US: TP-Link
CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credent ...)
	NOT-FOR-US: TP-Link
CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via D ...)
	{DSA-3836-1 DLA-919-1}
	- weechat 1.7-3 (bug #861121)
	[stretch] - weechat 1.6-1+deb9u1
	NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c i ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8e9faa15469ed7c7467423db4c62aeed3ff4cae3
CVE-2017-8071 (drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/7a7b5df84b6b4e5d599c7289526eed96541a0654
CVE-2017-8070 (drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interac ...)
	- linux 4.9.13-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/2d6a0e9de03ee658a9adc3bfb2f0ca55dff1e478
CVE-2017-8069 (drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 inte ...)
	- linux 4.9.13-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/7926aff5c57b577ab0f43364ff0c59d968f6a414
CVE-2017-8068 (drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 inte ...)
	- linux 4.9.10-1 (bug #852556)
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/5593523f968bc86d42a035c6df47d5e0979b5ace
CVE-2017-8067 (drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x bef ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/c4baad50297d84bde1a7ad45e50c73adae4a2192
CVE-2017-8066 (drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x befo ...)
	- linux 4.9.16-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c919a3069c775c1c876bec55e00b2305d5125caa
CVE-2017-8065 (crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 inte ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032
CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x  ...)
	{DSA-3886-1}
	- linux 4.9.25-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a
CVE-2017-8063 (drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/3f190e3aec212fc8c61e202c51400afa7384d4bc
CVE-2017-8062 (drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10. ...)
	- linux 4.9.16-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/606142af57dad981b78707234cfbd15f9f7b7125
CVE-2017-8061 (drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef
CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Se ...)
	NOT-FOR-US: Panda
CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF ...)
	NOT-FOR-US: Foxit
CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipCha ...)
	NOT-FOR-US: HipChat
CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...)
	NOT-FOR-US: Joomla!
CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...)
	NOT-FOR-US: WatchGuard
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML- ...)
	NOT-FOR-US: WatchGuard
CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...)
	- libpodofo 0.9.5-9 (bug #860995)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: The motivation for no-dsa in wheezy is that there are no known
	NOTE: services that use this library (apart from desktop applications)
	NOTE: and the worst case is a DoS.
	NOTE: http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/
	NOTE: PoC: https://github.com/qwertwwwe/PoC/blob/master/podofo/PoC
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1872
	NOTE: partially reverted in: https://sourceforge.net/p/podofo/code/1881
	NOTE: ... and re-fixed in: https://sourceforge.net/p/podofo/code/1882
	NOTE: and https://sourceforge.net/p/podofo/code/1883
CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack co ...)
	- libpodofo 0.9.6+dfsg-3 (bug #860994)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2017/04/22/1
	NOTE: https://sourceforge.net/p/podofo/tickets/7/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1834
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1924
CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks. ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...)
	NOT-FOR-US: Tenable Appliance
CVE-2017-8050 (Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the We ...)
	NOT-FOR-US: Tenable Appliance
CVE-2017-8049
	REJECTED
CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8046 (Malicious PATCH requests submitted to servers using Spring Data REST v ...)
	NOT-FOR-US: Spring Data REST
CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an  ...)
	NOT-FOR-US: Spring AMQP
CVE-2017-8044 (In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1 ...)
	NOT-FOR-US: Pivotal SSO
CVE-2017-8043
	REJECTED
CVE-2017-8042
	REJECTED
CVE-2017-8041 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...)
	NOT-FOR-US: Pivotal
CVE-2017-8040 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...)
	NOT-FOR-US: Pivotal
CVE-2017-8039 (An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Appl ...)
	NOT-FOR-US: Spring Web Flow
CVE-2017-8038 (In Cloud Foundry Foundation Credhub-release version 1.1.0, access cont ...)
	NOT-FOR-US: Cloud Foundry Foundation Credhub-release
CVE-2017-8037 (In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and pri ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8035 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ve ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8033 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ve ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8031 (An issue was discovered in Cloud Foundry Foundation cf-release (all ve ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8030
	REJECTED
CVE-2017-8029
	REJECTED
CVE-2017-8028 (In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some  ...)
	{DSA-4046-1 DLA-1180-1}
	- libspring-ldap-java <removed>
	NOTE: https://pivotal.io/security/cve-2017-8028
	NOTE: https://github.com/spring-projects/spring-ldap/issues/430
CVE-2017-8027
	REJECTED
CVE-2017-8026
	REJECTED
CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary f ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2 ...)
	NOT-FOR-US: EMC
CVE-2017-8023 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...)
	NOT-FOR-US: EMC
CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all suppor ...)
	NOT-FOR-US: EMC
CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumen ...)
	NOT-FOR-US: EMC Elastic Cloud Storage
CVE-2017-8020 (An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vuln ...)
	NOT-FOR-US: EMC
CVE-2017-8019 (An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in mes ...)
	NOT-FOR-US: EMC
CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only ...)
	NOT-FOR-US: EMC AppSync
CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9 ...)
	NOT-FOR-US: EMC Network Configuration Manager
CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-s ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection vulne ...)
	NOT-FOR-US: EMC
CVE-2017-8014
	REJECTED
CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before pat ...)
	NOT-FOR-US: EMC Data Protection Adv
CVE-2017-8012 (In EMC ViPR SRM, Storage M&amp;R, VNX M&amp;R, and M&amp;R (Watch4Net) ...)
	NOT-FOR-US: EMC
CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&amp;R, EMC VNX M&amp;R, EMC M&amp;R for SA ...)
	NOT-FOR-US: EMC
CVE-2017-8010
	REJECTED
CVE-2017-8009
	REJECTED
CVE-2017-8008
	REJECTED
CVE-2017-8007 (In EMC ViPR SRM, Storage M&amp;R, VNX M&amp;R, and M&amp;R (Watch4Net) ...)
	NOT-FOR-US: EMC
CVE-2017-8006 (In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malic ...)
	NOT-FOR-US: EMC
CVE-2017-8005 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and G ...)
	NOT-FOR-US: EMC
CVE-2017-8004 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and G ...)
	NOT-FOR-US: EMC
CVE-2017-8003 (EMC Data Protection Advisor prior to 6.4 contains a path traversal vul ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2017-8002 (EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL i ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2017-8001 (An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment ...)
	NOT-FOR-US: EMC
CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA ...)
	NOT-FOR-US: EMC
CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote au ...)
	NOT-FOR-US: Atlassian Eucalyptus
CVE-2017-7998 (Multiple cross-site scripting (XSS) vulnerabilities in Gespage before  ...)
	NOT-FOR-US: Gespage
CVE-2017-7997 (Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow r ...)
	NOT-FOR-US: Gespage
CVE-2017-7996
	RESERVED
CVE-2017-7995 (Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges  ...)
	{DLA-964-1}
	- xen 4.3.0-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033948
CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoD ...)
	- libpodofo 0.9.5-7 (bug #860930)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://github.com/icepng/PoC/tree/master/PoC1
	NOTE: https://icepng.github.io/2017/04/21/PoDoFo-1/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1849
CVE-2017-7993
	RESERVED
CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2 ...)
	NOT-FOR-US: Heartland Payment Systems Payment Gateway PHP SDK
CVE-2016-10348
	RESERVED
CVE-2017-7991 (Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serializ ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resul ...)
	NOT-FOR-US: OpenMRS
CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type  ...)
	NOT-FOR-US: Joomla!
CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering  ...)
	NOT-FOR-US: Joomla!
CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping o ...)
	NOT-FOR-US: Joomla!
CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering  ...)
	NOT-FOR-US: Joomla!
CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering  ...)
	NOT-FOR-US: Joomla!
CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering  ...)
	NOT-FOR-US: Joomla!
CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the J ...)
	NOT-FOR-US: Joomla!
CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in libimob ...)
	{DLA-2168-1}
	- libplist 1.12+git+1+e37ca00-0.3 (bug #860945)
	[wheezy] - libplist <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325
	NOTE: https://github.com/libimobiledevice/libplist/issues/103
	NOTE: The issue seems covered in prior versions of upstream dccd9290745345896e3a4a73154576a599fd8b7b
	NOTE: which is CVE-2017-6440.
CVE-2017-7981 (Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 Synt ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2017-7980 (Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick E ...)
	{DLA-1497-1 DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ffaf857778286ca54e3804432a2369a279e73aa7
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f019722cbbb45aea153294fc8921fcc96a4d3fa2
CVE-2017-7978 (Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software a ...)
	NOT-FOR-US: Samsung
CVE-2017-7979 (The cookie feature in the packet action API implementation in net/sche ...)
	- linux <not-affected> (Only affects 4.11-rc1 onwards)
CVE-2017-7977 (The Screensavercc component in eLux RP before 5.5.0 allows attackers t ...)
	NOT-FOR-US: Screensavercc component in eLux RP
CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
	{DSA-3855-1 DLA-942-1}
	- jbig2dec 0.13-4.1 (bug #860787)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds wr ...)
	{DSA-3855-1 DLA-942-1}
	- jbig2dec 0.13-4.1 (bug #860788)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
CVE-2017-7974 (A path traversal information disclosure vulnerability exists in Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion  ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7972 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7971 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7970 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7969 (A cross-site request forgery vulnerability exists on the Secure Gatewa ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider Ele ...)
	NOT-FOR-US: Schneider
CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
	NOT-FOR-US: Schneider
CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in Schneider ...)
	NOT-FOR-US: Schneider
CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software executa ...)
	NOT-FOR-US: Schneider
CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the r ...)
	NOT-FOR-US: Zyxel
CVE-2017-7963 (** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) int ...)
	NOTE: PHP non-issue, might get rejected
CVE-2017-7962 (The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7961 (** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcro ...)
	{DLA-909-1}
	- libcroco 0.6.11-3 (bug #860961)
	[jessie] - libcroco <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
	NOTE: https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
CVE-2017-7960 (The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 an ...)
	{DLA-909-1}
	- libcroco 0.6.11-3 (bug #860961)
	[jessie] - libcroco <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
	NOTE: https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
CVE-2017-7959
	RESERVED
CVE-2017-7958
	RESERVED
CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used ...)
	{DSA-3841-1 DLA-930-1}
	- libxstream-java 1.4.9-2 (bug #861521)
	NOTE: https://x-stream.github.io/CVE-2017-7957.html
	NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be
CVE-2017-7956
	RESERVED
CVE-2017-7955
	RESERVED
CVE-2017-7954
	RESERVED
CVE-2017-7953 (INFOR EAM V11.0 Build 201410 has XSS via comment fields. ...)
	NOT-FOR-US: INFOR EAM
CVE-2017-7952 (INFOR EAM V11.0 Build 201410 has SQL injection via search fields, rela ...)
	NOT-FOR-US: INFOR EAM
CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspe ...)
	NOT-FOR-US: WonderCMS
CVE-2017-7950 (Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Nitro Pro
CVE-2017-7949
	RESERVED
CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.2 ...)
	- ghostscript 9.22~dfsg-1 (unimportant)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
	NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
	NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 be ...)
	NOT-FOR-US: NetApp
CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9055 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use  ...)
	NOT-FOR-US: aescrypt gem for Ruby
CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...)
	- radare2 1.1.0+dfsg-5 (low; bug #860962)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7301
	NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92
CVE-2017-7945 (The GlobalProtect external interface in Palo Alto Networks PAN-OS befo ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install  ...)
	NOT-FOR-US: XOOPS
CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remot ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/427
CVE-2017-7942 (The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remot ...)
	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860735)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present, does not use pixel_info yet)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present, does not use pixel_info yet)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/429
CVE-2017-7941 (The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remot ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860734)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/428
CVE-2017-7940 (The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
	NOT-FOR-US: DMitry
CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact Gmb ...)
	NOT-FOR-US: Phoenix Contact
CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.M ...)
	NOT-FOR-US: NXP i.MX devices
CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGu ...)
	NOT-FOR-US: Phoenix Contact
CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server 2 ...)
	NOT-FOR-US: OSIsoft
CVE-2017-7933 (In ABB IP GATEWAY 3.39 and prior, some configuration files contain pas ...)
	NOT-FOR-US: ABB
CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...)
	NOT-FOR-US: NXP i.MX devices
CVE-2017-7931 (In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform reso ...)
	NOT-FOR-US: ABB
CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server 2 ...)
	NOT-FOR-US: OSIsoft
CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer Engineer ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories Security Gateway
CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue wa ...)
	NOT-FOR-US: Dahua
CVE-2017-7926 (A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web AP ...)
	NOT-FOR-US: OSIsoft
CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua DH-IPC- ...)
	NOT-FOR-US: Dahua
CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell Automati ...)
	NOT-FOR-US: Rockwell
CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision DS- ...)
	NOT-FOR-US: Hikvision
CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium Netwo ...)
	NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision DS-2CD2xx ...)
	NOT-FOR-US: Hikvision
CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 WiFi Log ...)
	NOT-FOR-US: ABB WiFi Logger Card
CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and  ...)
	NOT-FOR-US: Newport
CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks eP ...)
	NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110 ...)
	NOT-FOR-US: Moxa
CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
	NOT-FOR-US: ABB WiFi Logger Card
CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Moxa
CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automation Pa ...)
	NOT-FOR-US: Rockwell Rockwell PanelView Plus
CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell  ...)
	NOT-FOR-US: Moxa
CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v ...)
	NOT-FOR-US: Hanwha Techwin firmware
CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...)
	NOT-FOR-US: CyberVision Kaa IoT Platform
CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal St ...)
	NOT-FOR-US: Digital Canal Structural Wind Analysis
CVE-2017-7909 (A Use of Client-Side Authentication issue was discovered in Advantech  ...)
	NOT-FOR-US: Advantech
CVE-2017-7908 (A heap-based buffer overflow exists in the third-party product Gigasof ...)
	NOT-FOR-US: Gigasoft
CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider
CVE-2017-7906 (In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently ...)
	NOT-FOR-US: ABB
CVE-2017-7905 (A Weak Cryptography for Passwords issue was discovered in General Elec ...)
	NOT-FOR-US: General Electric
CVE-2017-7904
	RESERVED
CVE-2017-7903 (A Weak Password Requirements issue was discovered in Rockwell Automati ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7902 (A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Ro ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7901 (A Predictable Value Range from Previous Values issue was discovered in ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7900
	RESERVED
CVE-2017-7899 (An Information Exposure issue was discovered in Rockwell Automation Al ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7898 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7897 (A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x befo ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
	NOT-FOR-US: Trend Micro
CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.25-1
	NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...)
	- passenger <unfixed> (unimportant)
	NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
	NOTE: Source present, but passenger-install-nginx-module not installed
CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party TEE ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer un ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS can over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some validati ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt w ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a dynamically ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive s ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack protect ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo St ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID progra ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...)
	NOT-FOR-US: Synology Photo Station
CVE-2015-9054 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9053 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9052 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9051 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9050 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9049 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9048 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9047 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9046 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9045 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9044 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9043 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9042 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9041 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9040 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9039 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9038 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9037 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9036 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9035 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9034 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ memory a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the Hyperviso ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an untrusted  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an untrusted  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some interfac ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9022 (In all Android releases from CAF using the Linux kernel, time-of-check ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access contro ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an untrusted  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a Time-of-che ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ov ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code via  ...)
	NOT-FOR-US: WinDjView
CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can impers ...)
	- salt 2016.11.5+ds-1
	[stretch] - salt <no-dsa> (Minor issue)
	[jessie] - salt <ignored> (Vulnerable code introduced later, but older versions did not verify master anyways)
	NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
	NOTE: https://github.com/saltstack/salt/issues/48939
	NOTE: https://patch-diff.githubusercontent.com/raw/saltstack/salt/pull/40159.patch
	NOTE: https://patch-diff.githubusercontent.com/raw/saltstack/salt/pull/40206.patch
	NOTE: The behaviour though was back off by default in a later commit again
	NOTE: cf. https://github.com/saltstack/salt/pull/40206
	NOTE: The fix is the second part of the #40159 PR, but the behaviour is turned
	NOTE: off by default and needs considerations of admins before enabling. We still
	NOTE: consider the issue as fixed starting with this change. Details in
	NOTE: https://github.com/saltstack/salt/issues/48939#issuecomment-410777638
CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to  ...)
	- capnproto 0.6.1-1 (unimportant; bug #860960)
	NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
	NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4
	NOTE: So far only Apple's compiler has been shown to apply the problematic optimization, fixed in 0.5.3.1 upstream
CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via th ...)
	NOT-FOR-US: SourceBans++
CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in th ...)
	{DSA-3938-1 DLA-1055-1}
	- php7.1 7.1.8-1 (unimportant)
	- php7.0 7.0.22-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74435
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	- libgd2 2.2.5-1 (bug #869263)
	NOTE: https://github.com/libgd/libgd/issues/399
	NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which  ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall p ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css. ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to den ...)
	{DSA-3855-1 DLA-942-1}
	- jbig2dec 0.13-4.1 (bug #860460)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...)
	- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
	{DSA-3945-1 DLA-1099-1}
	- linux 4.9.25-1
	NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
CVE-2017-7883
	RESERVED
CVE-2017-7882 (LibreOffice before 2017-03-14 has an out-of-bounds write related to th ...)
	- libreoffice <not-affected> (Vulnerable code not present in any release)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/65dcd1d8195069c8c8acb3a188b8e5616c51029c
CVE-2017-7881 (BigTree CMS through 4.2.17 relies on a substring check for CSRF protec ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-7880
	RESERVED
CVE-2017-7879 (SQL Injection vulnerability in flatCore version 1.4.6 allows an attack ...)
	NOT-FOR-US: flatCore
CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an attack ...)
	NOT-FOR-US: flatCore
CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers t ...)
	NOT-FOR-US: flatCore
CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...)
	{DLA-2219-1 DLA-899-1}
	- feh 2.18-2 (low; bug #860367)
	NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
CVE-2017-7874
	REJECTED
CVE-2017-7873
	RESERVED
CVE-2017-7872
	RESERVED
CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: trollepierre/tdm
CVE-2016-1000259
	REJECTED
CVE-2016-1000258
	REJECTED
CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a h ...)
	{DSA-3837-1 DLA-910-1}
	- libreoffice 1:5.2.5-1
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integ ...)
	- gnutls28 3.5.8-4
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-3
CVE-2017-7868 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...)
	{DSA-3830-1 DLA-947-1}
	- icu 57.1-6 (bug #860314)
	NOTE: http://bugs.icu-project.org/trac/changeset/39671
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437
CVE-2017-7867 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...)
	{DSA-3830-1 DLA-947-1}
	- icu 57.1-6 (bug #860314)
	NOTE: http://bugs.icu-project.org/trac/changeset/39671
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213
CVE-2017-7866 (FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack- ...)
	- ffmpeg 7:3.2.4-1
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264
CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-b ...)
	{DLA-1654-1}
	- ffmpeg 7:3.2.4-1
	- libav <removed>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a he ...)
	- freetype <not-affected> (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313)
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-b ...)
	{DLA-1654-1}
	- ffmpeg 7:3.2.4-1
	- libav <removed>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e
	NOTE: libav in jessie only supports transparency with RGB palette, only parts of the upstream fix apply
CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-b ...)
	{DSA-4012-1 DLA-1142-1}
	- ffmpeg 7:3.2.4-1
	- libav <removed>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a
	NOTE: Fixed in 11.11
CVE-2017-7861 (Google gRPC before 2017-02-22 has an out-of-bounds write related to th ...)
	- grpc 1.2.5-1+nmu0 (bug #860316)
CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused by a h ...)
	- grpc 1.2.5-1+nmu0 (bug #860316)
CVE-2017-7859 (FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-b ...)
	- ffmpeg <not-affected> (Only affected master, not present in a release)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1034183
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/70ebc05bce51215cd0857194d6cabf1e4d1440fb
CVE-2017-7858 (FreeType 2 before 2017-03-07 has an out-of-bounds write related to the ...)
	- freetype <not-affected> (Vulnerable code introduced in 2.6.4)
	NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
CVE-2017-7857 (FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a he ...)
	- freetype <not-affected> (Vulnerable code introduced in 2.6.4)
	NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a h ...)
	- libreoffice <not-affected> (Didn't affect any released version of LibreOffice)
CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a he ...)
	- freetype <not-affected> (Only affected head for about a day, see bug #860303)
	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739
	NOTE: Fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
	NOTE: http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
CVE-2016-10327 (LibreOffice before 2016-12-22 has an out-of-bounds write caused by a h ...)
	- libreoffice 1:5.2.5-1
	[jessie] - libreoffice <not-affected> (Vulnerable code not present)
	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416
CVE-2017-7855 (In the webmail component in IceWarp Server 11.3.1.5, there was an XSS  ...)
	NOT-FOR-US: IceWarp
CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remot ...)
	- radare2 <not-affected> (Vulnerable code introduced later)
CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can l ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109265
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allo ...)
	NOT-FOR-US: D-Link
CVE-2017-7851 (D-Link DCS-936L devices with firmware before 1.05.07 have an inadequat ...)
	NOT-FOR-US: D-Link
CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109132
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead
CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109131
	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696
CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109133
	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local priv ...)
	NOT-FOR-US: Nessus
CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local deni ...)
	NOT-FOR-US: Nessus
CVE-2017-7848 (RSS fields can inject new lines into the created email structure, modi ...)
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
CVE-2017-7847 (Crafted CSS in an RSS feed can leak and reveal local path strings, whi ...)
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
CVE-2017-7846 (It is possible to execute JavaScript in the parsed RSS feed when RSS f ...)
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
CVE-2017-7845 (A buffer overflow occurs when drawing and validating elements using Di ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
	- thunderbird <not-affected> (Only affects Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/#CVE-2017-7845
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7845
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7845
CVE-2017-7844 (A combination of an external SVG image referenced on a page and the co ...)
	- firefox 57.0.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844
CVE-2017-7843 (When Private Browsing mode is used, it is possible for a web worker to ...)
	{DSA-4062-1 DLA-1202-1}
	- firefox 57.0.1-1
	- firefox-esr 52.5.2esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7843
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
CVE-2017-7842 (If a document's Referrer Policy attribute is set to "no-referrer" some ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7842
CVE-2017-7841
	RESERVED
CVE-2017-7840 (JavaScript can be injected into an exported bookmarks file by placing  ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840
CVE-2017-7839 (Control characters prepended before "javascript:" URLs pasted in the a ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839
CVE-2017-7838 (Punycode format text will be displayed for entire qualified internatio ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838
CVE-2017-7837 (SVG loaded through "&lt;img&gt;" tags can use "&lt;meta&gt;" tags with ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7837
CVE-2017-7836 (The "pingsender" executable used by the Firefox Health Report dynamica ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836
CVE-2017-7835 (Mixed content blocking of insecure (HTTP) sub-resources in a secure (H ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7835
CVE-2017-7834 (A "data:" URL loaded in a new tab did not inherit the Content Security ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834
CVE-2017-7833 (Some Arabic and Indic vowel marker characters can be combined with Lat ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833
CVE-2017-7832 (The combined, single character, version of the letter 'i' with any of  ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7832
CVE-2017-7831 (A vulnerability where the security wrapper does not deny access to som ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
CVE-2017-7830 (The Resource Timing API incorrectly revealed navigations in cross-orig ...)
	{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
	- firefox 57.0-1
	- firefox-esr 52.5.0esr-1
	- thunderbird 1:52.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
CVE-2017-7829 (It is possible to spoof the sender's email address and display an arbi ...)
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
CVE-2017-7828 (A use-after-free vulnerability can occur when flushing and resizing la ...)
	{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
	- firefox 57.0-1
	- firefox-esr 52.5.0esr-1
	- thunderbird 1:52.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828
CVE-2017-7827 (Memory safety bugs were reported in Firefox 56. Some of these bugs sho ...)
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
CVE-2017-7826 (Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ...)
	{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
	- firefox 57.0-1
	- firefox-esr 52.5.0esr-1
	- thunderbird 1:52.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826
CVE-2017-7825 (Several fonts on OS X display some Tibetan and Arabic characters as wh ...)
	- firefox <not-affected> (Only affects Firefox on OS X)
	- firefox-esr <not-affected> (Only affects Firefox on OS X)
	- icedove <not-affected> (Only affects Thunderbird on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7825
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7825
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
CVE-2017-7824 (A buffer overflow occurs when drawing and validating elements with the ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
CVE-2017-7823 (The content security policy (CSP) "sandbox" directive did not create a ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7823
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
CVE-2017-7822 (The AES-GCM implementation in WebCrypto API accepts 0-length IV when i ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822
CVE-2017-7821 (A vulnerability where WebExtensions can download and attempt to open a ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821
CVE-2017-7820 (The "instanceof" operator can bypass the Xray wrapper mechanism. When  ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
CVE-2017-7819 (A use-after-free vulnerability can occur in design mode when image obj ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
CVE-2017-7818 (A use-after-free vulnerability can occur when manipulating arrays of A ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7818
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
CVE-2017-7817 (A spoofing vulnerability can occur when a page switches to fullscreen  ...)
	- firefox <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7817
CVE-2017-7816 (WebExtensions could use popups and panels in the extension UI to load  ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7816
CVE-2017-7815 (On pages containing an iframe, the "data:" protocol can be used to cre ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
CVE-2017-7814 (File downloads encoded with "blob:" and "data:" URL elements bypassed  ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
CVE-2017-7813 (Inside the JavaScript parser, a cast of an integer to a narrower type  ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7813
CVE-2017-7812 (If web content on a page is dragged onto portions of the browser UI, s ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812
CVE-2017-7811 (Memory safety bugs were reported in Firefox 55. Some of these bugs sho ...)
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
CVE-2017-7810 (Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7810
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
CVE-2017-7809 (A use-after-free vulnerability can occur when an editor DOM node is de ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7808 (A content security policy (CSP) "frame-ancestors" directive containing ...)
	- firefox 55.0-1
CVE-2017-7807 (A mechanism that uses AppCache to hijack a URL in a domain using fallb ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7806 (A use-after-free vulnerability can occur when the layer manager is fre ...)
	- firefox 55.0-1
CVE-2017-7805 (During TLS 1.2 exchanges, handshake hashes are generated which point t ...)
	{DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	- nss 2:3.33-1
	NOTE: https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1377618 (not public)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7805
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
CVE-2017-7804 (The destructor function for the "WindowsDllDetourPatcher" class can be ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
CVE-2017-7803 (When a page's content security policy (CSP) header contains a "sandbox ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7802 (A use-after-free vulnerability can occur when manipulating the DOM dur ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7801 (A use-after-free vulnerability can occur while re-computing layout for ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7800 (A use-after-free vulnerability can occur in WebSockets when the object ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7799 (JavaScript in the "about:webrtc" page is not sanitized properly being  ...)
	- firefox 55.0-1
CVE-2017-7798 (The Developer Tools feature suffers from a XUL injection vulnerability ...)
	{DSA-3928-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
CVE-2017-7797 (Response header name interning does not have same-origin protections a ...)
	- firefox 55.0-1
CVE-2017-7796 (On Windows systems, the logger run by the Windows updater deletes the  ...)
	- firefox <not-affected> (Windows-specific)
CVE-2017-7795
	RESERVED
CVE-2017-7794 (On Linux systems, if the content process is compromised, the sandbox b ...)
	- firefox 55.0-1
CVE-2017-7793 (A use-after-free vulnerability can occur in the Fetch API when the wor ...)
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7793
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
CVE-2017-7792 (A buffer overflow will occur when viewing a certificate in the certifi ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7791 (On pages containing an iframe, the "data:" protocol can be used to cre ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7790 (On Windows systems, if non-null-terminated strings are copied into the ...)
	- firefox <not-affected> (Windows-specific)
CVE-2017-7789 (If a server sends two Strict-Transport-Security (STS) headers for a si ...)
	- firefox 55.0-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642
CVE-2017-7788 (When an "iframe" has a "sandbox" attribute and its content is specifie ...)
	- firefox 55.0-1
CVE-2017-7787 (Same-origin policy protections can be bypassed on pages with embedded  ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7786 (A buffer overflow can occur when the image renderer attempts to paint  ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7785 (A buffer overflow can occur when manipulating Accessible Rich Internet ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7784 (A use-after-free vulnerability can occur when reading an image observe ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7783 (If a long user name is used in a username/password combination in a si ...)
	- firefox 55.0-1
CVE-2017-7782 (An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Exe ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
CVE-2017-7781 (An error occurs in the elliptic curve point addition algorithm that us ...)
	- firefox 55.0-1
CVE-2017-7780 (Memory safety bugs were reported in Firefox 54. Some of these bugs sho ...)
	- firefox 55.0-1
CVE-2017-7779 (Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and  ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7778 (A number of security vulnerabilities in the Graphite 2 library includi ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
CVE-2017-7777 (Use of uninitialized memory in Graphite2 library in Firefox before 54  ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776 (Heap-based Buffer Overflow read in Graphite2 library in Firefox before ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
	REJECTED
CVE-2017-7774 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773 (Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772 (Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 i ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...)
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
CVE-2017-7770 (A mechanism where when a new tab is loaded through JavaScript events,  ...)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770
CVE-2017-7769
	RESERVED
CVE-2017-7768 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7768
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7768
CVE-2017-7767 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7767
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7767
CVE-2017-7766 (An attack using manipulation of "updater.ini" contents, used by the Mo ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7766
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7766
CVE-2017-7765 (The "Mark of the Web" was not correctly saved on Windows when files wi ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	- icedove <not-affected> (Only Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7765
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765
CVE-2017-7764 (Characters from the "Canadian Syllabics" unicode block can be mixed wi ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7764
CVE-2017-7763 (Default fonts on OS X display some Tibetan characters as whitespace. W ...)
	- firefox <not-affected> (Only firefox on Mac OS X)
	- firefox-esr <not-affected> (Only Firefox ESR on Mac OS X)
	- icedove <not-affected> (Only Thunderbird on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7763
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7763
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7763
CVE-2017-7762 (When entered directly, Reader Mode did not strip the username and pass ...)
	- firefox 54.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762
CVE-2017-7761 (The Mozilla Maintenance Service "helper.exe" application creates a tem ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7761
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7761
CVE-2017-7760 (The Mozilla Windows updater modifies some files to be updated by readi ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7760
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7760
CVE-2017-7759 (Android intent URLs given to Firefox for Android can be used to naviga ...)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
CVE-2017-7758 (An out-of-bounds read vulnerability with the Opus encoder when the num ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758
CVE-2017-7757 (A use-after-free vulnerability in IndexedDB when one of its objects is ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757
CVE-2017-7756 (A use-after-free and use-after-scope vulnerability when logging errors ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7756
CVE-2017-7755 (The Firefox installer on Windows can be made to load malicious DLL fil ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7755
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
CVE-2017-7754 (An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo"  ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
CVE-2017-7753 (An out-of-bounds read occurs when applying style rules to pseudo-eleme ...)
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7752 (A use-after-free vulnerability during specific user interactions with  ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752
CVE-2017-7751 (A use-after-free vulnerability with content viewer listeners that resu ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751
CVE-2017-7750 (A use-after-free vulnerability during video control operations when a  ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750
CVE-2017-7749 (A use-after-free vulnerability when using an incorrect URL during the  ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7749
CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector cou ...)
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-21.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581
CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissecto ...)
	{DLA-1634-1}
	- wireshark 2.2.6+g32dac6a-1
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559
CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector co ...)
	{DLA-1634-1}
	- wireshark 2.2.6+g32dac6a-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576
CVE-2017-7745 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-20.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578
CVE-2017-7744
	RESERVED
CVE-2017-7743
	RESERVED
CVE-2017-7742 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...)
	{DLA-928-1}
	- libsndfile 1.0.27-3 (bug #860255)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
CVE-2017-7741 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...)
	{DLA-928-1}
	- libsndfile 1.0.27-2
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7740
	RESERVED
CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy disc ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7738 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...)
	NOT-FOR-US: Fortinet
CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb ...)
	NOT-FOR-US: Fortinet
CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 t ...)
	NOT-FOR-US: Fortinet
CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet Forti ...)
	NOT-FOR-US: Fortinet
CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal version ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood  ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7727
	REJECTED
CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation Vulnerabil ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during  ...)
	NOT-FOR-US: concrete5
CVE-2017-7724
	RESERVED
CVE-2017-7723 (XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the ...)
	NOT-FOR-US: Easy WP SMTP WordPress plugin
CVE-2017-7722 (In SolarWinds Log &amp; Event Manager (LEM) before 6.3.1 Hotfix 4, a m ...)
	NOT-FOR-US: SolarWinds
CVE-2017-7721 (IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Acce ...)
	NOT-FOR-US: IrfanView
CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...)
	NOT-FOR-US: PrivateTunnel
CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
	NOT-FOR-US: Spider Event Calendar
CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local  ...)
	{DLA-1497-1 DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4
	- qemu-kvm <removed>
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=3328c14e63f08fb07e8c6dec779c9d365e9e9864 (v2.8.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443441
CVE-2017-7717 (SQL injection vulnerability in the getUserUddiElements method in the E ...)
	NOT-FOR-US: SAP
CVE-2017-7716 (The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 a ...)
	- radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/issues/7260
CVE-2017-7715
	RESERVED
CVE-2017-7714
	RESERVED
CVE-2017-7713
	RESERVED
CVE-2017-7712
	RESERVED
CVE-2017-7711
	RESERVED
CVE-2017-7710
	RESERVED
CVE-2017-7709
	RESERVED
CVE-2017-7708
	RESERVED
CVE-2017-7707
	RESERVED
CVE-2017-7706
	RESERVED
CVE-2017-7705 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dis ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-15.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13558
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=08d392bbecc8fb666bf979e70a34536007b83ea2
CVE-2017-7704 (In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infini ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-17.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8
CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector co ...)
	{DLA-1634-1}
	- wireshark 2.2.6+g32dac6a-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=671e32820ab29d41d712cc8a472eab9b672684d9
CVE-2017-7702 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector c ...)
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7
	NOTE: When for older releases fixing this entry, make sure to fix apply the
	NOTE: complete patch including https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7
	NOTE: to not open CVE-2017-11410.
CVE-2017-7701 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector cou ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-16.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13557
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a
CVE-2017-7700 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file pa ...)
	{DLA-1634-1 DLA-858-1}
	- wireshark 2.2.6+g32dac6a-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-14.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53
CVE-2017-7699
	RESERVED
CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier all ...)
	- swftools 0.9.2+ds1-2
	NOTE: https://github.com/matthiaskramm/swftools/pull/19
	NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload
CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_o ...)
	- libsamplerate 0.1.9-1 (bug #860159)
	[stretch] - libsamplerate <no-dsa> (Minor issue)
	[jessie] - libsamplerate <no-dsa> (Minor issue)
	[wheezy] - libsamplerate <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsamplerate/issues/11
	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/
	NOTE: Fixed by: https://github.com/erikd/libsamplerate/commit/c3b66186656de44da18b7058aec099dbe782dd0b
CVE-2017-7696 (SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote at ...)
	NOT-FOR-US: SAP
CVE-2017-7695 (Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an at ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-7694 (Remote Code Execution vulnerability in symphony/content/content.bluepr ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-7693 (Directory traversal vulnerability in viewer_script.jsp in Riverbed OPN ...)
	NOT-FOR-US: Riverbed OPNET App Response Xpert (ARX)
CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allo ...)
	{DSA-3852-1 DLA-941-1}
	- squirrelmail <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
	NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
	NOT-FOR-US: SAP TREX
CVE-2017-7690 (Proxifier for Mac before 2.19.2, when first run, allows local users to ...)
	NOT-FOR-US: Proxifier for Mac
CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric homeLYnk Contr ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7688 (Apache OpenMeetings 1.0.0 updates user password in insecure manner. ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7687 (When handling a decoding failure for a malformed URL path of an HTTP r ...)
	- apache-mesos <itp> (bug #760315)
CVE-2017-7686 (Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to up ...)
	NOT-FOR-US: Apache Ignite
CVE-2017-7685 (Apache OpenMeetings 1.0.0 responds to the following insecure HTTP meth ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7684 (Apache OpenMeetings 1.0.0 doesn't check contents of files being upload ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7683 (Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error s ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7682 (Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation atta ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7681 (Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows  ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7680 (Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml fil ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime  ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-7678 (In Apache Spark before 2.2.0, it is possible for an attacker to take a ...)
	- apache-spark <itp> (bug #802194)
CVE-2017-7677 (In environments that use external location for hive tables, Hive Autho ...)
	NOT-FOR-US: Apache Ranger
CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores characte ...)
	NOT-FOR-US: Apache Ranger
CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ...)
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.16-1
	[stretch] - tomcat8 8.5.14-1+deb9u2
	[jessie] - tomcat8 <not-affected> (Only affects 8.5.0 to 8.5.15)
	- tomcat7 <not-affected> (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present)
	- tomcat6 <not-affected> (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present)
	NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.1 ...)
	{DSA-3974-1 DLA-1400-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.16-1
	- tomcat7 7.0.72-3
	[wheezy] - tomcat7 <not-affected> (Vulnerable code not present)
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: Fixed by: http://svn.apache.org/r1795814 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1795815 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1795816 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61101
CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage,  ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7672 (If an application allows enter an URL in a form field and built-in URL ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: Issue is specific to Struts 2.x.
CVE-2017-7671 (There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2 ...)
	{DSA-4128-1}
	- trafficserver 7.1.2+ds-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/apache/trafficserver/pull/1941
CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control  ...)
	NOT-FOR-US: Apache Traffic Control
CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxConta ...)
	- hadoop <itp> (bug #793644)
CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.2 ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the re ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-7666 (Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery  ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7665 (In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain us ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-7664 (Uploaded XML documents were not correctly validated in Apache OpenMeet ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7663 (Both global and Room chat are vulnerable to XSS attack in Apache OpenM ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has ...)
	NOT-FOR-US: Apache CXF
CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to  ...)
	NOT-FOR-US: Apache CXF
CVE-2017-7660 (Apache Solr uses a PKI based mechanism to secure inter-node communicat ...)
	- lucene-solr <not-affected> (Vulnerable code introduced later)
	NOTE: https://issues.apache.org/jira/browse/SOLR-10624
	NOTE: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf
CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 in Apac ...)
	- apache2 2.4.25-4
	[stretch] - apache2 2.4.25-3+deb9u1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/19/5
CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...)
	{DSA-4278-1}
	- jetty <removed>
	[jessie] - jetty <ignored> (very hard to exploit, complex patch)
	- jetty8 <removed>
	[jessie] - jetty8 <ignored> (very hard to exploit, complex patch)
	- jetty9 9.2.25-1 (low; bug #902953)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
	NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
	NOTE: Exploit very unlikely, needs a very particular intermediary behaviour.
CVE-2017-7657 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...)
	{DSA-4278-1}
	- jetty <removed>
	[jessie] - jetty <ignored> (very hard to exploit, complex patch)
	- jetty8 <removed>
	[jessie] - jetty8 <ignored> (very hard to exploit, complex patch)
	- jetty9 9.2.25-1 (low; bug #902953)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668
	NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...)
	{DSA-4278-1}
	- jetty <removed>
	[jessie] - jetty <ignored> (very hard to exploit, complex patch)
	- jetty8 <removed>
	[jessie] - jetty8 <ignored> (very hard to exploit, complex patch)
	- jetty9 9.2.25-1 (low; bug #902953)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
	NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...)
	{DLA-1972-1}
	- mosquitto 1.5.4-1 (low)
	[stretch] - mosquitto <no-dsa> (Minor issue)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
	NOTE: https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24
CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ...)
	{DSA-4325-1 DLA-1525-1}
	- mosquitto 1.5.4-1 (bug #911265)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
	NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject stri ...)
	{DSA-4325-1 DLA-1525-1}
	- mosquitto 1.5.4-1 (bug #911266)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
	NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4
CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running wi ...)
	{DSA-4325-1 DLA-1409-1 DLA-1334-1}
	- mosquitto 1.4.15-1
	NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
	NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server  ...)
	{DSA-4325-1 DLA-1409-1 DLA-1334-1}
	- mosquitto 1.4.15-1
	NOTE: Patches: https://mosquitto.org/files/cve/2017-7651
	NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
CVE-2017-7650 (In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clie ...)
	{DSA-3865-1 DLA-961-1}
	- mosquitto 1.4.10-3
	NOTE: http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
	NOTE: Patches: https://mosquitto.org/files/cve/2017-7650/
CVE-2017-7649 (The network enabled distribution of Kura before 2.1.0 takes control ov ...)
	NOT-FOR-US: Kura
CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key across ...)
	NOT-FOR-US: Foscam
CVE-2017-7647 (SolarWinds Log &amp; Event Manager (LEM) before 6.3.1 Hotfix 4 allows  ...)
	NOT-FOR-US: SolarWinds
CVE-2017-7646 (SolarWinds Log &amp; Event Manager (LEM) before 6.3.1 Hotfix 4 allows  ...)
	NOT-FOR-US: SolarWinds
CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel throu ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.25-1
	NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e
CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.1 ...)
	NOT-FOR-US: Management Web Interface in Palo Alto Networks PAN-OS
CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges vi ...)
	NOT-FOR-US: Proxifier for Mac
CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vag ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7639 (QNAP NAS application Proxy Server through version 1.2.0 does not authe ...)
	NOT-FOR-US: QNAP
CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7637 (QNAP NAS application Proxy Server through version 1.2.0 allows remote  ...)
	NOT-FOR-US: QNAP
CVE-2017-7636 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy ...)
	NOT-FOR-US: QNAP
CVE-2017-7635 (QNAP NAS application Proxy Server through version 1.2.0 does not utili ...)
	NOT-FOR-US: QNAP
CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive informati ...)
	NOT-FOR-US: QNAP
CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4 ...)
	NOT-FOR-US: File Station of QNAP QTS
CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link function of ...)
	NOT-FOR-US: File Station of QNAP
CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier al ...)
	NOT-FOR-US: QNAP
CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL injecti ...)
	NOT-FOR-US: Joomla extension
CVE-2017-7627 (The "Smart related articles" extension 1.1 for Joomla! does not preven ...)
	NOT-FOR-US: Joomla extension
CVE-2017-7626 (The "Smart related articles" extension 1.1 for Joomla! has XSS in dial ...)
	NOT-FOR-US: Joomla extension
CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsene ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15. ...)
	NOT-FOR-US: dde-daemon
CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technomet ...)
	NOT-FOR-US: core-eMLi
CVE-2017-7620 (MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://mantisbt.org/bugs/view.php?id=22909
	NOTE: https://mantisbt.org/bugs/view.php?id=22702
CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to  ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscall ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
	NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain priv ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated gue ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and unauthentic ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/16/2
CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	- binutils 2.28-4 (low; bug #859989)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections a ...)
	{DLA-1689-1}
	- elfutils 0.168-1 (bug #859990)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322
CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows rem ...)
	{DLA-1689-1}
	- elfutils 0.168-1 (bug #859991)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd
CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows  ...)
	{DLA-1689-1}
	- elfutils 0.168-1 (bug #859992)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38
CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote  ...)
	{DLA-1689-1}
	- elfutils 0.168-1 (bug #859993)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21
CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compressio ...)
	- elfutils 0.168-1 (bug #859994)
	[jessie] - elfutils <not-affected> (Vulnerable code not present)
	[wheezy] - elfutils <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in elfu ...)
	{DLA-1689-1}
	- elfutils 0.168-1 (bug #859995)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603
CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows rem ...)
	- elfutils 0.168-1 (bug #859996)
	[jessie] - elfutils <not-affected> (vulnerable code not present)
	[wheezy] - elfutils <not-affected> (vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21299
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/
CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion  ...)
	NOT-FOR-US: libaacplus
CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift  ...)
	NOT-FOR-US: libaacplus
CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed inte ...)
	NOT-FOR-US: libaacplus
CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote  ...)
	{DSA-3844-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" un ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
	{DSA-3844-1 DLA-911-1}
	- tiff 4.0.7-6 (low)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representa ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows re ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6 (low; bug #860003)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
	NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in Lib ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6 (low; bug #860001)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
	NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
	NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is proper ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6 (bug #860000)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
	NOTE: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a lef ...)
	{DSA-3844-1 DLA-911-1}
	- tiff 4.0.7-6 (bug #859998)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
	NOTE: https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before 13 ...)
	- asterisk 1:13.14.1~dfsg-1 (bug #859910)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html
CVE-2017-7619 (In ImageMagick 7.0.4-9, an infinite loop can occur because of a floati ...)
	{DSA-3863-1 DLA-902-1}
	- imagemagick 8:6.9.7.4+dfsg-4 (bug #859769)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of repre ...)
	{DSA-3863-1 DLA-902-1}
	- imagemagick 8:6.9.7.4+dfsg-4 (bug #859771)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/415
	NOTE: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
CVE-2017-7591 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site  ...)
	NOT-FOR-US: ForgeRock OpenIDM
CVE-2017-7590 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site ...)
	NOT-FOR-US: ForgeRock OpenIDM
CVE-2017-7589 (In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sens ...)
	NOT-FOR-US: ForgeRock OpenIDM
CVE-2017-7588 (On certain Brother devices, authorization is mishandled by including a ...)
	NOT-FOR-US: Brother devices
CVE-2017-7587
	RESERVED
CVE-2017-7586 (In libsndfile before 1.0.28, an error in the "header_read()" function  ...)
	{DLA-928-1}
	- libsndfile 1.0.27-2
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074
	NOTE: https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236
	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...)
	{DLA-928-1}
	- libsndfile 1.0.27-2
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/
	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...)
	NOT-FOR-US: Foxit PDF Toolkit
CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents. ...)
	NOT-FOR-US: ILIAS
CVE-2017-7582
	RESERVED
CVE-2017-7581 (SQL injection vulnerability in NewsController.php in the News module 5 ...)
	NOT-FOR-US: News module for TYPO3
CVE-2017-7580
	RESERVED
CVE-2017-7579 (inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware)  ...)
	NOT-FOR-US: Dataprobe iBootBar
CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...)
	NOT-FOR-US: Dataprobe iBootBar
CVE-2017-7577 (XiongMai uc-httpd has directory traversal allowing the reading of arbi ...)
	NOT-FOR-US: XiongMai uc-httpd
CVE-2017-7576 (DragonWave Horizon 1.01.03 wireless radios have hardcoded login creden ...)
	NOT-FOR-US: DragonWave Horizon
CVE-2017-7575 (Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote att ...)
	NOT-FOR-US: Schneider
CVE-2017-7574 (Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modi ...)
	NOT-FOR-US: Schneider
CVE-2017-7573
	RESERVED
CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...)
	- backintime 1.1.12-2 (bug #859815)
	[jessie] - backintime <no-dsa> (Minor issue)
	[wheezy] - backintime <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/2
	NOTE: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtai ...)
	NOT-FOR-US: Faveo
CVE-2017-7570 (PivotX 2.3.11 allows remote authenticated Advanced users to execute ar ...)
	NOT-FOR-US: PivotX
CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-64 ...)
	NOT-FOR-US: vBulletin
CVE-2017-7568 (NetApp OnCommand Unified Manager for 7-Mode (core package) versions pr ...)
	NOT-FOR-US: NetApp
CVE-2017-7567
	RESERVED
CVE-2017-7566 (MyBB before 1.8.11 allows remote attackers to bypass an SSRF protectio ...)
	NOT-FOR-US: MyBB
CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that allo ...)
	NOT-FOR-US: Splunk Hadoop Connect App
CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted invasive d ...)
	NOT-FOR-US: ARM
CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 ...)
	NOT-FOR-US: ARM
CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a filena ...)
	NOT-FOR-US: textract
CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC c ...)
	NOT-FOR-US: ARM
CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8 ...)
	NOT-FOR-US: ClipBucket
CVE-2016-1000306
	REJECTED
CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allo ...)
	{DLA-890-1}
	- ming <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
	NOTE: https://github.com/libming/libming/issues/68
CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth int ...)
	- krb5 <not-affected> (Vulnerable code introduced later, cf. #873281)
	NOTE: https://github.com/krb5/krb5/pull/694
	NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
	NOTE: https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
	NOTE: https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
CVE-2017-7561 (Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerab ...)
	- resteasy 3.6.2-1 (bug #873392)
	[jessie] - resteasy <not-affected> (CORS Filter added in 3.0.7.Final)
	- resteasy3.0 3.0.26-1 (bug #908836)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483823
	NOTE: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
	NOTE: Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028
	NOTE: Fixed in 4.0.0.Beta1, 3.0.25.Final, 3.5.0.CR1
CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable that a ...)
	- rhnsd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
	NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1. ...)
	- undertow 1.4.23-1 (bug #885576)
	NOTE: CVE is for an incomplete fix of CVE-2017-2666
	NOTE: Invalid characters were still allowed in the query string and path parameters.
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1165
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1295
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
CVE-2017-7558 (A kernel data leak due to an out-of-bound read was found in the Linux  ...)
	- linux 4.12.13-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechan ...)
	- dnsdist 1.2.0-1 (low; bug #872854)
	[stretch] - dnsdist 1.1.0-2+deb9u1
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
	NOTE: https://downloads.powerdns.com/patches/2017-02
CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulne ...)
	NOT-FOR-US: hawtio
CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...)
	{DSA-3949-1 DLA-1067-1}
	- augeas 1.8.1-1 (bug #872400)
	NOTE: https://github.com/hercules-team/augeas/pull/480
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373
CVE-2017-7554 (It was found that the App Studio component of RHMAP 4.4 executes javas ...)
	NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7553 (The external_request api call in App Studio (millicore) allows server  ...)
	NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7552 (A flaw was discovered in the file editor of millicore, affecting versi ...)
	NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to pass ...)
	- 389-ds-base 1.3.6.7-1 (bug #870752)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
	NOTE: https://pagure.io/389-ds-base/issue/49336
CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...)
	- ansible 2.4.2.0+dfsg-1 (unimportant)
	NOTE: https://github.com/ansible/ansible/issues/30874
	NOTE: https://github.com/ansible/ansible/pull/30875
	NOTE: Just an insecure example
CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat Op ...)
	NOT-FOR-US: instack-undercloud
CVE-2017-7548 (PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to a ...)
	{DSA-3936-1 DSA-3935-1}
	- postgresql-9.6 9.6.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not present)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7547 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...)
	{DSA-3936-1 DSA-3935-1 DLA-1051-1}
	- postgresql-9.6 9.6.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...)
	{DSA-3936-1 DSA-3935-1 DLA-1051-1}
	- postgresql-9.6 9.6.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 perform ...)
	NOT-FOR-US: jbpm-designer / jBPM
CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...)
	{DLA-2214-1}
	- libexif 0.6.21-2.1 (bug #876466)
	[stretch] - libexif <no-dsa> (Minor issue)
	[wheezy] - libexif <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libexif/bugs/130/
CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before 7.2.0 ...)
	- neutron <not-affected> (Specific to Red Hat packaging)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792
CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linu ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/b ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are v ...)
	NOT-FOR-US: Safemode ruby gem
CVE-2017-7539 (An assertion-failure flaw was found in Qemu before 2.10.1, in the Netw ...)
	- qemu <not-affected> (Vulnerable code introduced in v2.9.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.9.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19
CVE-2017-7538 (A cross-site scripting (XSS) flaw was found in how an organization nam ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2017-7537 (It was found that a mock CMC authentication plugin with a hardcoded se ...)
	- dogtag-pki 10.3.5+12-5 (bug #869261)
	NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817
CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it  ...)
	- libhibernate-validator-java 4.3.3-4 (bug #885577)
	[stretch] - libhibernate-validator-java 4.3.3-1+deb9u1
	[jessie] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
	[wheezy] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
	NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573
CVE-2017-7535 (foreman before version 1.16.0 is vulnerable to a stored XSS in organiz ...)
	- foreman <itp> (bug #663101)
CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...)
	NOT-FOR-US: OpenShift
CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel thro ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
	NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1)
CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default setti ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=355556
CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden  ...)
	- moodle <not-affected> (Only affects 3.3)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=355555
CVE-2017-7530 (In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5 ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...)
	{DSA-3908-1 DLA-1024-1}
	- nginx 1.13.3-1 (bug #868109)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
	NOTE: Fixed in 1.13.3, 1.12.1.
CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 i ...)
	NOT-FOR-US: Ansible Tower
CVE-2017-7527
	RESERVED
CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...)
	{DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1}
	- libgcrypt20 1.7.8-1
	- libgcrypt11 <removed>
	- gnupg2 <not-affected> (Uses system libgcrypt)
	- gnupg1 1.4.22-1
	[stretch] - gnupg1 <no-dsa> (Only affects the legacy packages)
	- gnupg <removed>
	NOTE: https://eprint.iacr.org/2017/627
	NOTE: Fixes for RSA exponent blinding fixes (A):
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38
	NOTE: Fixes for mpi_powm itsef (B):
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3
	NOTE: For the particular attack to RSA, either (A) or (B) is enough. In
	NOTE: general cases, (A) plus (B) is needed.
	NOTE: For GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058598.html
	NOTE: GnuPG: https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce
	NOTE: GnuPG1: https://dev.gnupg.org/D438
CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...)
	{DSA-4004-1 DLA-2091-1}
	- jackson-databind 2.9.1-1 (bug #870848)
	- libjackson-json-java <unfixed>
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
	NOTE: For libjackson-json-java:
	NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...)
	- tpm2-tools 2.1.0-1 (bug #866257)
	NOTE: https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
CVE-2017-7523 (Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buff ...)
	NOT-FOR-US: Cygwin
CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...)
	- openvpn 2.4.3-1 (unimportant)
	[jessie] - openvpn <not-affected> (x509-track implemented in 2.4.0)
	[wheezy] - openvpn <not-affected> (x509-track implemented in 2.4.0)
	NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
	NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected
	NOTE: code present.
CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...)
	{DSA-3900-1}
	- openvpn 2.4.3-1 (bug #865480)
	[wheezy] - openvpn <not-affected> (Vulnerable code not present)
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/2d032c7fcdfd692c851ea2fa858b4c2d9ea7d52d
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/cb4e35ece4a5b70b10ef9013be3bff263d82f32b
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/2341f716198fa90193e040b3fdb16959a47c6c27
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/040084067119dd5a9e15eb3bcfc0079debaa3777
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/84e1775961de1c9d2ab32159fc03f758591f5238
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...)
	{DSA-3900-1 DLA-999-1}
	- openvpn 2.4.3-1 (bug #865480)
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/7718c8984f04b507c1885f363970e2124e3c6c77
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper par ...)
	{DSA-4339-1}
	- ceph 12.2.8+dfsg1-1 (bug #864535)
	[jessie] - ceph <not-affected> (Vulnerable code not present)
	NOTE: http://tracker.ceph.com/issues/20240
CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the way th ...)
	{DSA-3981-1}
	- linux 4.11.11-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/23/5
	NOTE: https://www.spinics.net/lists/kvm/msg151817.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473
	NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4
CVE-2017-7517
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2017-7516
	REJECTED
CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled recurs ...)
	- poppler 0.57.0-2 (unimportant)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3
	NOTE: Crash in CLI tool, no security implications
CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed action e ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2017-7513 (It was found that Satellite 5 configured with SSL/TLS for the PostgreS ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2. ...)
	NOT-FOR-US: Red Hat 3scale
CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer deref ...)
	- poppler 0.57.0-2 (unimportant; bug #863759)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101149
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101153
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
	NOTE: Crash in CLI tool, no security implications
CVE-2017-7510 (In ovirt-engine 4.1, if a host was provisioned with cloud-init, the ro ...)
	NOT-FOR-US: ovirt-engine
CVE-2017-7509 (An input validation error was found in Red Hat Certificate System's ha ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...)
	{DSA-3900-1}
	- openvpn 2.4.3-1 (bug #865480)
	[wheezy] - openvpn <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/c3f47077a7756de5929094569421a95aa66f2022
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/ed28cde3d8bf3f1459b2f42f0e27d64801009f92
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/fc61d1bda112ffc669dbde961fab19f60b3c7439
CVE-2017-7507 (GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dere ...)
	{DSA-3884-1}
	[experimental] - gnutls28 3.5.13-1
	- gnutls28 3.5.8-6 (bug #864560)
	- gnutls26 <removed>
	[wheezy] - gnutls26 <not-affected> (Vulnerable code not present)
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-4
	NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
	NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
	NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory acce ...)
	{DSA-3907-1}
	- spice 0.12.8-2.2 (bug #868083)
	[wheezy] - spice <not-affected> (Vulnerable code not introduced later)
CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization  ...)
	- foreman <itp> (bug #663101)
CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the Jbos ...)
	NOT-FOR-US: Red Hat JBoss
CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax. ...)
	NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory
CVE-2017-7502 (Null pointer dereference vulnerability in NSS since 3.24.0 was found w ...)
	{DSA-3872-1 DLA-971-1}
	[experimental] - nss 2:3.29-1
	- nss 2:3.26.2-1.1 (bug #863839)
	NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
CVE-2017-7501 (It was found that versions of rpm before 4.13.0.2 use temporary files  ...)
	- rpm <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133
	NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
CVE-2017-7500 (It was found that rpm did not properly handle RPM installations when a ...)
	- rpm <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369
	NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
CVE-2017-7499
	REJECTED
CVE-2017-7498
	REJECTED
CVE-2017-7497 (The dialog for creating cloud volumes (cinder provider) in CloudForms  ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-7496 (fedora-arm-installer up to and including 1.99.16 is vulnerable to loca ...)
	NOT-FOR-US: fedora-arm-installer
CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=order ...)
	- linux 4.6.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824
CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulne ...)
	{DSA-3860-1 DLA-951-1}
	- samba 2:4.5.8+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html
CVE-2017-7493 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...)
	{DLA-1497-1 DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-6
	- qemu-kvm <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
CVE-2017-7492
	REJECTED
CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=352355
CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible becaus ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=352354
CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership o ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=352353
CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure whil ...)
	NOT-FOR-US: authconfig in Red Hat
CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel thro ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg ...)
	{DSA-3851-1 DLA-1051-1}
	- postgresql-9.6 9.6.3-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <not-affected> (feature not present in 8.x)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808
CVE-2017-7485 (In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9 ...)
	{DSA-3851-1}
	- postgresql-9.6 9.6.3-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <not-affected> (bug introduced in 9.3)
	- postgresql-8.4 <not-affected> (bug introduced in 9.3)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c
CVE-2017-7484 (It was found that some selectivity estimation functions in PostgreSQL  ...)
	{DSA-3851-1}
	- postgresql-9.6 9.6.3-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code do not exist)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (Vulnerable code do not exist)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c33c42362256382ed398df9dcda559cd547c68a7
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6
CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...)
	- rxvt 1:2.7.10-7.1 (low; bug #861694)
	[stretch] - rxvt <no-dsa> (Minor issue)
	[jessie] - rxvt <no-dsa> (Minor issue)
	[wheezy] - rxvt <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decoded wh ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.11.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...)
	- ansible 2.3.1.0+dfsg-1 (bug #862666)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <not-affected> (vulnerable code introduced in version 2.x)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over in ...)
	{DLA-1039-1}
	- rkhunter 1.4.4-1 (bug #866677)
	[stretch] - rkhunter 1.4.2-6+deb9u1
	[jessie] - rkhunter 1.4.2-0.4+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/29/2
	NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch
CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...)
	{DLA-944-1}
	- openvpn 2.4.0-5 (low)
	[jessie] - openvpn 2.3.4-5+deb8u2
	NOTE: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master)
	NOTE: https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 (2.4.x)
	NOTE: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 (2.3.x)
	NOTE: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html (3 patches for 2.2.x)
	NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
CVE-2017-7478 (OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ...)
	- openvpn 2.4.0-5
	[jessie] - openvpn <not-affected> (Vulnerable code introduced later)
	[wheezy] - openvpn <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/OpenVPN/openvpn/commit/5774cf4c25e1d8bf4e544702db8f157f111c9d93 (master)
	NOTE: https://github.com/OpenVPN/openvpn/commit/66b99a0753352c5cc43e11e39835b6423112df98 (2.4.x)
	NOTE: https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3 (2.3.x)
	NOTE: Introduced in: https://github.com/OpenVPN/openvpn/commit/3c1b19e04745177185decd14da82c71458442b82 (2.4.0)
	NOTE: Introduced in (backported to 2.3.12): https://github.com/OpenVPN/openvpn/commit/358f513c008bf01fadb82759ac75ffb8613fc785
	NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec modul ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Introduced in 4.6)
	[wheezy] - linux <not-affected> (Introduced in 4.6)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/4
	NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
	NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b
CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ  ...)
	- gnulib <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571
	NOTE: Introduced with 4bc76593 and 4e6e16b3f.
CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference relat ...)
	- cairo <unfixed> (low; bug #870264)
	[buster] - cairo <no-dsa> (Minor issue)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/80
CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handl ...)
	NOT-FOR-US: Keycloak
CVE-2017-7473
	REJECTED
CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows local use ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: https://lkml.org/lkml/2017/4/1/235
	NOTE: https://lkml.org/lkml/2017/4/3/724
CVE-2017-7471 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...)
	{DLA-1035-1}
	- qemu 1:2.8+dfsg-5 (bug #860785)
	[jessie] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
	- qemu-kvm <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
	NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e
	NOTE: Fixed by (stable-2.8): http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=96bae145e27d4df62671b4eebd6c735f412016cf (v2.8.1.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443401
	NOTE: Introduced by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=acf22d2264a131ad2695b5a18746dabf0cc8b843
	NOTE: which is part of the fix for CVE-2016-9602.
CVE-2017-7470 (It was found that spacewalk-channel can be used by a non-admin user or ...)
	NOT-FOR-US: Red Hat / spacewalk-backend
CVE-2017-7469
	REJECTED
CVE-2017-7468 (In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would atte ...)
	- curl 7.52.1-5
	[jessie] - curl <not-affected> (Only affects 7.52 and later)
	[wheezy] - curl <not-affected> (Only affects 7.52 and later)
	NOTE: https://curl.haxx.se/docs/adv_20170419.html
CVE-2017-7467 (A buffer overflow flaw was found in the way minicom before version 2.7 ...)
	{DLA-914-1}
	- minicom 2.7-1.1 (bug #860940)
	[jessie] - minicom 2.7-1+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
CVE-2017-7466 (Ansible before version 2.3 has an input validation vulnerability in th ...)
	- ansible 2.2.1.0-2
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 (v2.3.0.0-0.1.rc1)
CVE-2017-7465 (It was found that the JAXP implementation used in JBoss EAP 7.0 for XS ...)
	NOT-FOR-US: JBoss JAXP
CVE-2017-7464 (It was found that the JAXP implementation used in JBoss EAP 7.0 for SA ...)
	NOT-FOR-US: JBoss JAXP
CVE-2017-7463 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflecte ...)
	NOT-FOR-US: Red Hat business central
CVE-2017-7462 (Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a r ...)
	NOT-FOR-US: Intellinet NFC-30ir IP Camera
CVE-2017-7461 (Directory traversal vulnerability in the web-based management site on  ...)
	NOT-FOR-US: Intellinet NFC-30ir IP Camera
CVE-2017-7460
	RESERVED
CVE-2017-7459 (ntopng before 3.0 allows HTTP Response Splitting. ...)
	- ntopng 2.4+dfsg1-4 (bug #866719)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: https://github.com/ntop/ntopng/commit/9469e58f07e043da712e6d6c41244852a11bcaeb
CVE-2017-7458 (The NetworkInterface::getHost function in NetworkInterface.cpp in ntop ...)
	- ntopng 2.4+dfsg1-4 (bug #866721)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f
CVE-2017-7457 (XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 r ...)
	NOT-FOR-US: Moxa
CVE-2017-7456 (Moxa MXView 2.8 allows remote attackers to cause a Denial of Service b ...)
	NOT-FOR-US: Moxa
CVE-2017-7455 (Moxa MXView 2.8 allows remote attackers to read web server's private k ...)
	NOT-FOR-US: Moxa
CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a  ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a  ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7452 (The iwbmp_read_info_header function in imagew-bmp.c in libimageworsene ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7451
	RESERVED
CVE-2017-7450 (AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated  ...)
	NOT-FOR-US: AIRTAME HDMI dongle
CVE-2017-7449
	RESERVED
CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.h ...)
	- lepton 1.2.1-3 (bug #859714)
	NOTE: https://github.com/dropbox/lepton/issues/86
	NOTE: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7
CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtai ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-7445
	RESERVED
CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspe ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not  ...)
	- libxslt <unfixed> (unimportant; bug #859796)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119
	NOTE: There's no indication that math.random() in intended to ensure cryptographic
	NOTE: randomness requirements. Proper seeding needs to happen in the application
	NOTE: using libxslt.
CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking vul ...)
	NOT-FOR-US: Veritas System Recovery
CVE-2017-7442 (Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Nitro Pro
CVE-2017-7441 (In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the ...)
	NOT-FOR-US: Sophos
CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ap ...)
	NOT-FOR-US: Kerio
CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might ...)
	NOT-FOR-US: NetApp
CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cro ...)
	NOT-FOR-US: NetIQ Privileged Account Manager
CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cro ...)
	NOT-FOR-US: NetIQ Privileged Account Manager
CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned packag ...)
	- libzypp 17.3.1-1 (bug #899065)
	[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM reposit ...)
	- libzypp 17.3.1-1 (bug #899065)
	[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending out in ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe  ...)
	NOT-FOR-US: Micro Focus Vibe
CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...)
	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...)
	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
CVE-2017-7430 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...)
	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Pat ...)
	NOT-FOR-US: NetIQ eDirectory PKI plugin
CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...)
	NOT-FOR-US: NetIQ iManager
CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity Manag ...)
	NOT-FOR-US: NetIQ Identity Manager Plug-in
CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML  ...)
	NOT-FOR-US: NetIQ Identity Manager Plugins
CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager versio ...)
	NOT-FOR-US: NetIQ
CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus  ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7422 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilitie ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7421 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilitie ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7420 (An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterpr ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7419 (A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 b ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the h ...)
	- proftpd-dfsg 1.3.5b-4 (low; bug #859592)
	[jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4295
	NOTE: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed
	NOTE: https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f
CVE-2017-7417
	RESERVED
CVE-2017-7416 (ntopng before 3.0 allows XSS because GET and POST parameters are impro ...)
	- ntopng 3.2+dfsg1-1 (bug #866722)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
CVE-2017-7415 (Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypas ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function i ...)
	- linux 4.7.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-7414 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...)
	{DLA-1398-1}
	- php-horde-crypt 2.7.5-2 (bug #859635)
CVE-2017-7413 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...)
	{DLA-1398-1}
	- php-horde-crypt 2.7.5-2 (bug #859635)
CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...)
	NOT-FOR-US: NixOS specific Docker issue
CVE-2017-7411 (An issue was discovered in Enalean Tuleap 9.6 and prior versions. The  ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and accou ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect e ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to  ...)
	NOT-FOR-US: Palo Alto Networks Traps ESM Console
CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
	{DLA-883-1}
	- curl 7.52.1-4 (unimportant; bug #859500)
	NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
	NOTE: Negligible security impact
CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any o ...)
	NOT-FOR-US: D-Link
CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated, this dev ...)
	NOT-FOR-US: D-Link
CVE-2017-7404 (On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the ...)
	NOT-FOR-US: D-Link
CVE-2017-7403
	RESERVED
CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ar ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7401 (Incorrect interaction of the parse_packet() and parse_part_sign_sha256 ...)
	{DLA-884-1}
	- collectd 5.7.2-1 (bug #859494)
	[stretch] - collectd <no-dsa> (Minor issue)
	[jessie] - collectd <no-dsa> (Minor issue)
	NOTE: https://github.com/collectd/collectd/issues/2174
	NOTE: https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211
CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 a ...)
	- horizon 3:10.0.1-1 (bug #859559)
	[jessie] - horizon <not-affected> (Vulnerable code not present)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: https://launchpad.net/bugs/1667086
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex S ...)
	- ghostscript 9.22~dfsg-2.1 (bug #860869)
	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u2
	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
	[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
	NOTE: I got the reproducer file from the bug submitter and tried to reproduce it.
	NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are
	NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2
	NOTE: and jessie 9.06~dfsg-2+deb8u4, we have no segfault and valgrind
	NOTE: reports no buffer overrun. -- Raphael Hertzog
CVE-2017-1001000 (The register_routes function in wp-includes/rest-api/endpoints/class-w ...)
	- wordpress 4.7.2+dfsg-1
	[jessie] - wordpress <not-affected> (Vulnerable code introduced after 4.4)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
	NOTE: rest-api introduced in 4.4 upstream
CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-1000351
	REJECTED
CVE-2016-1000350
	REJECTED
CVE-2016-1000349
	REJECTED
CVE-2016-1000348
	REJECTED
CVE-2016-1000268
	REJECTED
CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...)
	NOT-FOR-US: Cloudera
CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...)
	NOT-FOR-US: D-Link
CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a de ...)
	NOT-FOR-US: BackBox OS specific CVE assignment
CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unaut ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0
CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by c ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689
CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), una ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/440
CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an a ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/438
CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityV ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/441
CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vul ...)
	NOT-FOR-US: Magmi
CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. ...)
	NOT-FOR-US: SocialNetwork
CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Rel ...)
	NOT-FOR-US: The Open eClass Platform
CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. Th ...)
	NOT-FOR-US: WallacePOS
CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a r ...)
	NOT-FOR-US: HelpMeWatchWho
CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie ...)
	NOT-FOR-US: symetrie
CVE-2017-7385
	RESERVED
CVE-2017-7384 (Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allow ...)
	NOT-FOR-US: FlipBuilder Flip PDF
CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attac ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attac ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attacker ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attacker ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncodi ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #859331)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
	NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoF ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859330)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in  ...)
	{DLA-1497-1 DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-4 (bug #859854)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/03/2
	NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
CVE-2017-7376 (Buffer overflow in libxml2 allows remote attackers to execute arbitrar ...)
	{DSA-3952-1 DLA-1060-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #870865)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
	NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
	NOTE: The upstream patch has the slight consequence that some port values end up
	NOTE: negative when cast to a 32-bit int. A negative port though in the URL would
	NOTE: make the URL invalid. It is discussed if instead it would be best to prevent
	NOTE: the port from ever being negative. Upstream decided to leave the above patch.
CVE-2017-7375 (A flaw in libxml2 allows remote XML entity inclusion with default pars ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #870867)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
	NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before  ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4)
CVE-2017-7373 (In all Android releases from CAF using the Linux kernel, a double free ...)
	NOT-FOR-US: Android display driver
CVE-2017-7372 (In all Android releases from CAF using the Linux kernel, a race condit ...)
	NOT-FOR-US: Android
CVE-2017-7371 (In all Android releases from CAF using the Linux kernel, a data pointe ...)
	NOT-FOR-US: Android
CVE-2017-7370 (In all Android releases from CAF using the Linux kernel, a race condit ...)
	NOT-FOR-US: Android
CVE-2017-7369 (In all Android releases from CAF using the Linux kernel, an array inde ...)
	- linux <not-affected> (Android-specific)
CVE-2017-7368 (In all Android releases from CAF using the Linux kernel, a race condit ...)
	NOT-FOR-US: Android driver
CVE-2017-7367 (In all Android releases from CAF using the Linux kernel, an integer un ...)
	NOT-FOR-US: Android
CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL ioctl  ...)
	NOT-FOR-US: Android driver
CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Android
CVE-2017-7364 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=module&amp;x= XS ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=dynamic&amp;x= X ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7361 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=static&amp;x= XS ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7360 (Pixie 1.0.4 allows an admin/index.php s=settings&amp;x= XSS attack. ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7359 (Pixie 1.0.4 allows an admin/index.php s=login&amp;m= XSS attack. ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7358 (In LightDM through 1.22.0, a directory traversal issue in debian/guest ...)
	- lightdm <not-affected> (Vulnerable code not present)
	NOTE: https://launchpad.net/bugs/1677924
	NOTE: Specific script debian/guest-account.sh not merged from Ubuntu
CVE-2017-7357 (Hipchat Server before 2.2.3 allows remote authenticated users with Ser ...)
	NOT-FOR-US: Hipchat Server
CVE-2017-7356
	RESERVED
CVE-2017-7355
	RESERVED
CVE-2017-7354
	RESERVED
CVE-2017-7353
	RESERVED
CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity ...)
	NOT-FOR-US: Pure Storage Purity
CVE-2017-7351 (A SQL injection issue exists in a file upload handler in REDCap 7.x be ...)
	NOT-FOR-US: REDCap
CVE-2017-7350
	RESERVED
CVE-2017-7349
	RESERVED
CVE-2017-7348
	RESERVED
CVE-2017-7347
	RESERVED
CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmw ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
	NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf
CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...)
	NOT-FOR-US: NetApp
CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows re ...)
	NOT-FOR-US: SAP
CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in SA ...)
	NOT-FOR-US: MobiLink Synchronization Server
CVE-2017-7344 (A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earli ...)
	NOT-FOR-US: Fortinet FortiClient Windows
CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7342 (A weak password recovery process vulnerability in Fortinet FortiPortal ...)
	NOT-FOR-US: Fortinet
CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 throu ...)
	NOT-FOR-US: Fortinet
CVE-2017-7340 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions  ...)
	NOT-FOR-US: Fortinet
CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions  ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions 4 ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal versi ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7336 (A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lo ...)
	NOT-FOR-US: Fortinet
CVE-2017-7335 (A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x  ...)
	NOT-FOR-US: Fortinet
CVE-2017-7334
	RESERVED
CVE-2017-7333
	RESERVED
CVE-2017-7332
	RESERVED
CVE-2017-7331
	RESERVED
CVE-2017-7330
	RESERVED
CVE-2017-7329
	RESERVED
CVE-2017-7328
	RESERVED
CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking ...)
	NOT-FOR-US: Yandex Browser installer for Desktop
CVE-2017-7326 (Race condition issue in Yandex Browser for Android before 17.4.0.16 al ...)
	NOT-FOR-US: Yandex Browser for Android
CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof the addr ...)
	NOT-FOR-US: Yandex Browser
CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier a ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7323 (The (1) update and (2) package-installation features in MODX Revolutio ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7322 (The (1) update and (2) package-installation features in MODX Revolutio ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7321 (setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier  ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7319
	REJECTED
CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote comman ...)
	NOT-FOR-US: Siklu EtherHaul
CVE-2017-7317 (An issue was discovered on Humax Digital HG100 2.0.6 devices. The atta ...)
	NOT-FOR-US: Humax Digital HG100
CVE-2017-7316 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. There i ...)
	NOT-FOR-US: Humax Digital HG100R
CVE-2017-7315 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. To down ...)
	NOT-FOR-US: Humax Digital HG100R
CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...)
	NOT-FOR-US: Personify360 e-Business
CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...)
	NOT-FOR-US: Personify360 e-Business
CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...)
	NOT-FOR-US: Personify360 e-Business
CVE-2017-7311
	RESERVED
CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze before ...)
	NOT-FOR-US: Sync Breeze Enterprise
CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in  ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-7306 (** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-7305 (** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a bootload ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <not-affected> (vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20931
CVE-2017-7303 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <not-affected> (vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20922
CVE-2017-7302 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20921
CVE-2017-7301 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20924
CVE-2017-7300 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20909
CVE-2017-7299 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.27.51.20161220-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20908
CVE-2016-10309 (In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote a ...)
	NOT-FOR-US: Ceragon FibeAir
CVE-2016-10308 (Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built- ...)
	NOT-FOR-US: Siklu EtherHaul
CVE-2016-10307 (Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and S ...)
	NOT-FOR-US: Trango
CVE-2016-10306 (Trango Altum AC600 devices have a built-in, hidden root account, with  ...)
	NOT-FOR-US: Trango
CVE-2016-10305 (Trango Apex &lt;= 2.1.1, ApexLynx &lt; 2.0, ApexOrion &lt; 2.0, ApexPl ...)
	NOT-FOR-US: Trango
CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remot ...)
	NOT-FOR-US: SAP
CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ke ...)
	{DLA-922-1}
	- linux 4.9.18-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2
	NOTE: Fixed by: https://git.kernel.org/linus/8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b
	NOTE: Fixed by: https://git.kernel.org/linus/bcc5364bdcfe131e6379363f089e7b4108d35b70
	NOTE: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
CVE-2017-7298 (In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Ad ...)
	- moodle <removed> (unimportant)
	NOTE: http://www.daimacn.com/post/12.html
	NOTE: https://tracker.moodle.org/browse/MDL-52038
	NOTE: Not considered a security issue/bug upstream, disputed that it got a CVE
	NOTE: assigned. Mark as unimportant as non-issue.
CVE-2017-7297 (Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated user ...)
	NOT-FOR-US: Rancher Labs rancher server
CVE-2017-7296 (An issue was discovered in Contiki Operating System 3.0. A Persistent  ...)
	NOT-FOR-US: Contiki Operating System
CVE-2017-7295 (An issue was discovered in Contiki Operating System 3.0. A use-after-f ...)
	NOT-FOR-US: Contiki Operating System
CVE-2017-7293 (The Dolby DAX2 and DAX3 API services are vulnerable to a privilege esc ...)
	NOT-FOR-US: Dolby
CVE-2017-7294 (The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx ...)
	{DLA-922-1}
	- linux 4.9.18-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/e7e11f99564222d82f0ce84bd521e57d78a6b678
CVE-2017-7292
	RESERVED
CVE-2017-7291
	RESERVED
CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before ...)
	NOT-FOR-US: XOOPS
CVE-2017-7289
	RESERVED
CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
	NOT-FOR-US: Zimbra
CVE-2017-7287
	RESERVED
CVE-2017-7286
	REJECTED
CVE-2016-10303
	RESERVED
CVE-2016-10302
	RESERVED
CVE-2016-10301
	RESERVED
CVE-2016-10300
	RESERVED
CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could e ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10279
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10278
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader cou ...)
	NOT-FOR-US: Motorola component for Android
CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2015-9018
	RESERVED
CVE-2015-9017
	RESERVED
CVE-2015-9016 (In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a pos ...)
	{DSA-4187-1}
	- linux 4.2.3-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
CVE-2015-9015 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9014 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9013 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9012 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9011 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9010 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9009 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9008 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles counte ...)
	- linux 3.16.7-ckt7-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2014-9959 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9958 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9957 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9956 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the L ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux kernel ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux kernel ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9944 (In the Secure File System in all Android releases from CAF using the L ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux kernel ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux kernel, a Use ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in th ...)
	{DSA-3945-1}
	- linux 4.0.2-1 (low)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 releas ...)
	NOT-FOR-US: MikroTik
CVE-2017-7284 (An attacker that has hijacked a Unitrends Enterprise Backup (before 9. ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7283 (An authenticated user of Unitrends Enterprise Backup before 9.1.2 can  ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7282 (An issue was discovered in Unitrends Enterprise Backup before 9.1.1. T ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7281 (An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends Enter ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 w ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7278 (Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 44 ...)
	NOT-FOR-US: ASSA ABLOY APTUS Styra Porttelefonkort 4400
CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TI ...)
	- linux <not-affected> (Vulnerable code introduced in 4.10-rc1)
CVE-2017-7276 (There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before  ...)
	NOT-FOR-US: TOPdesk
CVE-2017-7275 (The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allow ...)
	- imagemagick <unfixed> (unimportant; bug #859025)
	NOTE: https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/271
	NOTE: Furthermore: upstream is not able to reproduce the problem as well
	NOTE: The problem result in a memory allocation issue when compiled with ASAN
	NOTE: but unreproducible from unstream. Since no more details can be provided
	NOTE: and the issue not addressed, treat this as "non-issue" (and thus marked
	NOTE: unimportant). If in future details can be elaborated by the reporter
	NOTE: we might re-evaluate this entry.
CVE-2017-7274 (The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...)
	- radare2 <not-affected> (Vulnerable parsers introduced in 1.3.0-git, cf. #858873)
	NOTE: https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf
	NOTE: https://github.com/radare/radare2/issues/7152
CVE-2017-7271 (Reflected Cross-site scripting (XSS) vulnerability in Yii Framework be ...)
	- yii <itp> (bug #597899)
CVE-2017-7270
	RESERVED
CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...)
	{DLA-922-1}
	- linux 4.9.6-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept  ...)
	{DLA-875-1}
	- php7.3 <removed>
	[buster] - php7.3 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
	- php7.1 <removed>
	- php7.0 <removed>
	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, revisit if a new approach has been identified)
	- php5 <removed>
	[jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks existing applications)
	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
	NOTE: https://bugs.php.net/bug.php?id=74216
	NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3
CVE-2017-7269 (Buffer overflow in the ScStoragePathFromUrl function in the WebDAV ser ...)
	NOT-FOR-US: Windows
CVE-2017-7268
	RESERVED
CVE-2017-7267
	RESERVED
CVE-2017-7266 (Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout  ...)
	NOT-FOR-US: Netflix Security Monkey
CVE-2017-7265
	RESERVED
CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function in fi ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-3 (bug #854734)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
	NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
	NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
	NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free
	NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
	NOTE: in fz_subsample_pixmap.
CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows rem ...)
	- potrace 1.15-1 (bug #858763)
	[stretch] - potrace <no-dsa> (Minor issue)
	[jessie] - potrace <no-dsa> (Minor issue)
	[wheezy] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
	NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH
	NOTE: This CVE is for an incomplete fix of CVE-2016-8698
CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavi ...)
	NOT-FOR-US: Jensen of Scandinavia Air:Link Routers
CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...)
	NOT-FOR-US: Hardware bug in AMD Ryzen CPUs, cannot be fixed via micro code updates, but only BIOS updates
CVE-2017-7261 (The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx ...)
	{DLA-922-1}
	- linux 4.9.18-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/36274ab8c596f1240c606bb514da329add2a1bcd
CVE-2017-7260
	RESERVED
CVE-2017-7259
	REJECTED
CVE-2017-7258 (HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi a ...)
	NOT-FOR-US: AuroMeera Technometrix
CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content--&gt;News--&g ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-7256 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content--&gt;News--&g ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content--&gt;News--&g ...)
	NOT-FOR-US: CMS Made Simple
CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a d ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
	{DSA-3844-1}
	- tiff 4.0.7-2 (bug #846837)
	[wheezy] - tiff 4.0.2-6+deb7u9
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2604
CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a den ...)
	{DLA-877-1}
	- tiff 4.0.7-2 (unimportant)
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (issue in tiffcp that is not shipped by the source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598
	NOTE: Crash in CLI tool not treated as a security issue
CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible, BigTIFF not supported by this version)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero/
	NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611
CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero
	NOTE: https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2596
CVE-2017-7254
	RESERVED
CVE-2017-7253 (Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: ...)
	NOT-FOR-US: Dahua IP Camera devices
CVE-2017-7252 [Incorrect bcrypt computation]
	RESERVED
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Bug introduced in 1.11.0, fixed in 2.1.0.
CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...)
	NOT-FOR-US: pi-engine
CVE-2017-7250 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03- ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7249 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before  ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03- ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before  ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...)
	- pcre3 <unfixed> (bug #858679; unimportant)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2057
	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...)
	- pcre3 <unfixed> (bug #858678; unimportant)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2055
	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40  ...)
	- pcre3 2:8.39-3 (bug #858683)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2054
	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
	NOTE: Bisected and the following change addresses the issue for pcre3:
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1688 (8.41)
CVE-2017-7243 (Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to caus ...)
	NOT-FOR-US: Eclipse tinydtls for Eclipse IoT
CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules c ...)
	NOT-FOR-US: SLiMS
CVE-2017-7241 (A cross-site scripting (XSS) vulnerability in the MantisBT Move Attach ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7240 (An issue was discovered on Miele Professional PST10 devices. The corre ...)
	NOT-FOR-US: Miele Professional PG 8528 PST10 devices
CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive in ...)
	- ninka <not-affected> (Fixed with the initial release to Debian)
	NOTE: https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf
CVE-2017-7238
	RESERVED
CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7 ...)
	NOT-FOR-US: Spiceworks
CVE-2017-7236 (SQL injection vulnerability in NetApp OnCommand Unified Manager Core P ...)
	NOT-FOR-US: NetApp
CVE-2016-10265
	RESERVED
CVE-2016-10264
	RESERVED
CVE-2016-10263
	RESERVED
CVE-2016-10262
	RESERVED
CVE-2016-10261
	RESERVED
CVE-2016-10260
	RESERVED
CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...)
	NOT-FOR-US: Blue Coat
CVE-2016-10258 (Unrestricted file upload vulnerability in the Symantec Advanced Secure ...)
	NOT-FOR-US: Symantec
CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7. ...)
	NOT-FOR-US: Symantec
CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6 ...)
	NOT-FOR-US: Symantec
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ma ...)
	NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before  ...)
	{DSA-3835-1 DLA-885-1}
	- python-django 1:1.10.7-1 (bug #859516)
	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
	NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 re ...)
	{DSA-3835-1 DLA-885-1}
	- python-django 1:1.10.7-1 (bug #859515)
	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
	NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
CVE-2017-7232
	RESERVED
CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow v ...)
	NOT-FOR-US: pngdefry
CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and e ...)
	NOT-FOR-US: Disk Sorter Enterprise
CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5. ...)
	NOT-FOR-US: Vaultive O365
CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes availabl ...)
	{DSA-3847-1 DLA-907-1}
	- xen 4.8.1-1 (bug #859560)
	NOTE: https://xenbits.xen.org/xsa/advisory-212.html
CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buf ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20906
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=406bd128dba2a59d0736839fc87a59bce319076c
CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) libra ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20905
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa6631b4eecfcca00c13b9594e6336dffd40982f
CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does  ...)
	- binutils 2.27.51.20161201-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20891
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=50455f1ab2935f7321215dfa681745c9b1cb5b19
CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is vuln ...)
	- binutils 2.27.51.20161201-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20892
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e82ab856bb4689330c29fb9f1c57a8555b26380e
CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ov ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20898
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17
CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 al ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
CVE-2017-7221 (OpenText Documentum Content Server has an inadequate protection mechan ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via sys_obj ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10. ...)
	NOT-FOR-US: Citrix
CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.1 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils  ...)
	- elfutils 0.168-0.2 (low)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: 0.168-0.2 first version uploaded to unstable
	NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=09ec02ec7f7e6913d10943148e2a898264345b07
CVE-2016-10254 (The allocate_elf function in common.h in elfutils before 0.168 allows  ...)
	- elfutils 0.168-0.2 (low)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: 0.168-0.2 first version uploaded to unstable
	NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=191000fdedba3fafe4d5b8cddad3f3318b49c3fb
CVE-2017-7215 (Cross site scripting in some view elements in the index filter tool in ...)
	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
CVE-2017-7214 (An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x ...)
	- nova 2:14.0.0-4 (bug #858568)
	[jessie] - nova <not-affected> (Vulnerable code not present)
	[wheezy] - nova <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://bugs.launchpad.net/nova/+bug/1673569
CVE-2017-7213 (Zoho ManageEngine Desktop Central before build 100082 allows remote at ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2017-7212
	RESERVED
CVE-2017-7211
	RESERVED
CVE-2017-7210 (objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buff ...)
	- binutils 2.28-3 (low; bug #858324)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21157
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a2dea0b20bc66a4c287c3c50002b8c3b3e9d953a
CVE-2017-7209 (The dump_section_as_bytes function in readelf in GNU Binutils 2.28 acc ...)
	- binutils 2.28-3 (low; bug #858323)
	[jessie] - binutils <not-affected> (Vulnerable code introduced later)
	[wheezy] - binutils <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21135
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f
CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows remote ...)
	{DSA-4012-1 DLA-1142-1}
	- libav <removed> (low)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a
CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...)
	{DSA-3838-1 DLA-1048-1}
	- ghostscript 9.20~dfsg-3 (bug #858350)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676
CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows  ...)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (bug #872517; Previous patches mitigated the issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1002
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=83b2b34d06e74cc8775ba3d833f9782505e17539
CVE-2017-7205 (A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. T ...)
	NOT-FOR-US: GamePanelX-V3
CVE-2017-7204 (A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vuln ...)
	NOT-FOR-US: imdbphp
CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30. ...)
	- zoneminder 1.30.4+dfsg-1 (bug #858329)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797
	NOTE: Fixed in 1.30.2 upstream.
CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana ...)
	NOT-FOR-US: SLiMS
CVE-2017-7201
	RESERVED
CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions  ...)
	NOT-FOR-US: Nessus
CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The 'c ...)
	- glance 2:13.0.0-1
	[jessie] - glance <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - glance <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0078
	NOTE: https://bugs.launchpad.net/ossn/+bug/1606495
	NOTE: https://bugs.launchpad.net/ossn/+bug/1153614
	NOTE: The only implemented solution is to move to the v2 API (deprecated in
	NOTE: 2:13.0.0-1, using that as the fixed version)
CVE-2017-7198
	RESERVED
CVE-2017-7197
	RESERVED
CVE-2017-7196
	RESERVED
CVE-2017-7195
	RESERVED
CVE-2017-7194
	RESERVED
CVE-2017-7193
	RESERVED
CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypas ...)
	NOT-FOR-US: Starscream
CVE-2017-7190
	RESERVED
CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...)
	- php7.3 <removed>
	[buster] - php7.3 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
	- php7.0 <removed>
	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
	- php5 <removed>
	[jessie] - php5 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192
	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
	NOTE: The commit was later on reverted again because of breaking some features.
	NOTE: See as well the related CVE-2017-7272.
CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a b ...)
	NOT-FOR-US: Zurmo
CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)
	- linux 4.9.18-1
	[jessie] - linux <not-affected> (Introduced in 3.17)
	[wheezy] - linux <not-affected> (Introduced in 3.17)
	NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5)
	NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1)
CVE-2017-7185 (Use-after-free vulnerability in the mg_http_multipart_wait_for_boundar ...)
	NOT-FOR-US: Mongoose
CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...)
	NOT-FOR-US: ExtraPuTTY
CVE-2017-7182
	RESERVED
CVE-2017-7181
	RESERVED
CVE-2017-7180 (Net Monitor for Employees Pro through 5.3.4 has an unquoted service pa ...)
	NOT-FOR-US: Net Monitor for Employees Pro
CVE-2017-7179
	RESERVED
CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of com ...)
	- erlang 1:19.2.1+dfsg-2 (bug #858313)
	[jessie] - erlang 1:17.3-dfsg-4+deb8u1
	[wheezy] - erlang <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/erlang/otp/pull/1108
CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Lin ...)
	{DLA-922-1}
	- linux 4.9.18-1 (low)
	[jessie] - linux 3.16.43-1
	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
	NOTE: non-standard setups
CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attacke ...)
	- pcre3 2:8.39-3 (bug #858230)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	- pcre2 10.22-3 (bug #858233)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2052
	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date (for pcre3)
	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date (for pcre3)
	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date (for pcre2)
	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date (for pcre2)
CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The exploit ...)
	{DSA-3856-1 DLA-863-1}
	- deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
	NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to p ...)
	- mat 0.6.1-4 (bug #858058)
	[jessie] - mat <not-affected> (Vulnerable code not present)
	[wheezy] - mat <not-affected> (Vulnerable code not present)
	NOTE: https://0xacab.org/mat/mat/issues/11527
	NOTE: Fixed by: https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
	NOTE: Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
	NOTE: Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5
CVE-2017-7176
	REJECTED
CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary OS com ...)
	NOT-FOR-US: NfSen
CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 a ...)
	NOT-FOR-US: Chef Manage
CVE-2017-7173 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-7172 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7171 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7170 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-7169
	RESERVED
CVE-2017-7168
	RESERVED
CVE-2017-7167 (An issue was discovered in certain Apple products. Xcode before 9.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7166
	RESERVED
CVE-2017-7165 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7164 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Intel Graphics Driver on Apple / macOS
CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7161 (An issue was discovered in certain Apple products. Safari before 11.0. ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-7156 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Intel Graphics Driver on Apple / macOS
CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7153 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7151 (A race condition was addressed with additional validation. This issue  ...)
	NOT-FOR-US: Apple
CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7148 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7147 (An issue was discovered in certain Apple products. The Apple Support a ...)
	NOT-FOR-US: Apple
CVE-2017-7146 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7145 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7144 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7143 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7142 (An issue was discovered in certain Apple products. Safari before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7141 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7140 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7139 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7138 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7137 (An issue was discovered in certain Apple products. Xcode before 9 is a ...)
	NOT-FOR-US: Apple
CVE-2017-7136 (An issue was discovered in certain Apple products. Xcode before 9 is a ...)
	NOT-FOR-US: Apple
CVE-2017-7135 (An issue was discovered in certain Apple products. Xcode before 9 is a ...)
	NOT-FOR-US: Apple
CVE-2017-7134 (An issue was discovered in certain Apple products. Xcode before 9 is a ...)
	NOT-FOR-US: Apple
CVE-2017-7133 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7132 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7129 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7128 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7127 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7126 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7125 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7124 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7123 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7122 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7121 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7120 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7119 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7118 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7117 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7116 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7115 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7114 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7113 (An issue was discovered in certain Apple products. iOS before 11.1 is  ...)
	NOT-FOR-US: Apple
CVE-2017-7112 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7111 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7110 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7109 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7108 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7107 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7106 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7105 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7104 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7103 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7102 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7101
	RESERVED
CVE-2017-7100 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7099 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7098 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7097 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7096 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7095 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7094 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7093 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7092 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7091 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7090 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7089 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7088 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7087 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7086 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7085 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7084 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7083 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7082 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7081 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7080 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7079 (An issue was discovered in certain Apple products. iTunes before 12.7  ...)
	NOT-FOR-US: Apple
CVE-2017-7078 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7077 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7076 (An issue was discovered in certain Apple products. Xcode before 9 is a ...)
	NOT-FOR-US: Apple
CVE-2017-7075 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7074 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
	NOT-FOR-US: Apple
CVE-2017-7073
	RESERVED
CVE-2017-7072 (An issue was discovered in certain Apple products. iOS before 11 is af ...)
	NOT-FOR-US: Apple
CVE-2017-7071 (An issue was discovered in certain Apple products. Safari before 10.1  ...)
	NOT-FOR-US: Apple
CVE-2017-7070 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7066 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7065 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7063 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7062 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7061 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: Not covered by security support
CVE-2017-7060 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7059 (A DOMParser XSS issue was discovered in certain Apple products. iOS be ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-7058 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7057
	RESERVED
CVE-2017-7056 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: Not covered by security support
CVE-2017-7055 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7054 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7053 (An issue was discovered in certain Apple products. iTunes before 12.6. ...)
	NOT-FOR-US: Apple
CVE-2017-7052 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.4-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7051 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7050 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7049 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7048 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7047 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7046 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7045 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7044 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7043 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7042 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7041 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7040 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7039 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7038 (A DOMParser XSS issue was discovered in certain Apple products. iOS be ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7037 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7036 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7035 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7034 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7033 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7032 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7031 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7030 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7029 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7028 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7027 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7026 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7025 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7024 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7023 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7022 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7021 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7020 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7019 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7018 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7017 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7016 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7015 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7014 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-7013 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2017-7012 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7011 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7010 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2017-7009 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7008 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7007 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple
CVE-2017-7006 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7005 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-7004 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-7003 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-7002 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7001 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7000 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-6999 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6998 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6997 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6996 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6995 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6994 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6993
	RESERVED
CVE-2017-6992
	RESERVED
CVE-2017-6991 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOTE: Unspecified sqlite issue found by Apple, no further details available
CVE-2017-6990 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6989 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6988 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6987 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6986 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6985 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6984 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-6983 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOTE: Unspecified sqlite issue found by Apple, no further details available
CVE-2017-6982 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6981 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6980 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-6979 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-6978 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6977 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6976 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-6975 (Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack  ...)
	NOT-FOR-US: Applie
CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an e ...)
	NOT-FOR-US: AlienVault
CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow rem ...)
	NOT-FOR-US: AlienVault
CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow loc ...)
	NOT-FOR-US: AlienVault
CVE-2017-6968 (GMV Checker ATM Security prior to 5.0.18 allows remote authenticated u ...)
	NOT-FOR-US: GMV Checker ATM Security
CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over ...)
	- binutils 2.28-3 (bug #858256)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21156
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14
CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect ...)
	{DLA-872-1}
	[experimental] - xrdp 0.9.2~20170325-1~exp1
	- xrdp 0.9.1-9 (bug #858143)
	[jessie] - xrdp <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
	NOTE: https://github.com/neutrinolabs/xrdp/issues/350
	NOTE: First attempt: https://github.com/neutrinolabs/xrdp/pull/694
	NOTE: Followed by: https://github.com/neutrinolabs/xrdp/pull/696
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/18/1
	NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f
CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically read-a ...)
	- binutils 2.28-3 (bug #858263)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21139
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9
CVE-2017-6965 (readelf in GNU Binutils 2.28 writes to illegal addresses while process ...)
	- binutils 2.28-3 (bug #858264)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and Ubun ...)
	{DSA-3823-1 DLA-876-1}
	- eject 2.1.5+deb1+cvs20081104-13.2 (bug #858872)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627
CVE-2017-6963
	RESERVED
CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
	- apng2gif 1.8-0.1 (bug #854447)
	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...)
	- apng2gif 1.8-0.1 (bug #854441)
	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
	{DLA-2165-1 DLA-981-1}
	- apng2gif 1.8-0.1 (bug #854367)
	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
CVE-2017-6959
	REJECTED
CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
	NOT-FOR-US: MantisBT Source Integration Plugin
CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC  ...)
	NOT-FOR-US: Firmware on some Broadcom SoCs
CVE-2017-6956 (On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer ov ...)
	NOT-FOR-US: Firmware on some Broadcom SoCs
CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone  ...)
	NOT-FOR-US: wordpress Anyone plugin
CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress Do ...)
	NOT-FOR-US: wordpress buddypress docs plugin
CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflo ...)
	NOT-FOR-US: Gemalto SmartDiag Diagnosis Tool
CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...)
	- capstone <not-affected> (Vulnerable code not present, in Windows specific distribution)
CVE-2017-9999
	REJECTED
CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linu ...)
	{DLA-922-1}
	- linux 4.0.2-1
	[jessie] - linux 3.16.43-1
CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended sec ...)
	NOT-FOR-US: SAP
CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...)
	{DLA-908-1}
	- chicken 4.12.0-0.2 (bug #858057)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html
CVE-2017-6948
	RESERVED
CVE-2017-6947
	RESERVED
CVE-2017-6946
	RESERVED
CVE-2017-6945
	RESERVED
CVE-2017-6944
	RESERVED
CVE-2017-6943
	RESERVED
CVE-2017-6942
	RESERVED
CVE-2017-6941
	RESERVED
CVE-2017-6940
	RESERVED
CVE-2017-6939
	RESERVED
CVE-2017-6938
	RESERVED
CVE-2017-6937
	RESERVED
CVE-2017-6936
	RESERVED
CVE-2017-6935
	RESERVED
CVE-2017-6934
	RESERVED
CVE-2017-6933
	RESERVED
CVE-2017-6931 (In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray modul ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node access  ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permission t ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6925 (In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability  ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6924 (In Drupal 8 prior to 8.3.7; When using the REST API, users without the ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6923 (In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally  ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6922 (In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; P ...)
	{DSA-3897-1 DLA-1004-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.56-1 (bug #865498)
	NOTE: https://www.drupal.org/SA-CORE-2017-003
	NOTE: http://cgit.drupalcode.org/drupal/diff/?h=7.x&id=600c1346ed976e6f35fc2b0f907a7837f0f7c145&id2=9eebe462d1e93e785e6c028dc6cf689623c4d936
CVE-2017-6921 (In Drupal 8 prior to 8.3.4; The file REST resource does not properly v ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-003
CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to execute ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-003
CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypa ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-002
CVE-2017-6918 (CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to th ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6917 (CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admi ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6916 (CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6915 (CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the a ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to  ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail b ...)
	NOT-FOR-US: Open-Xchange
CVE-2017-6912 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores  ...)
	NOT-FOR-US: USB Pratirodh
CVE-2017-6910 (The HTTP and WebSocket engine components in the server in Kaazing Gate ...)
	NOT-FOR-US: Kaazing Gateway
CVE-2017-6909 (An issue was discovered in Shimmie &lt;= 2.5.1. The vulnerability exis ...)
	NOT-FOR-US: Shimmie
CVE-2017-6908 (An issue was discovered in concrete5 &lt;= 5.6.3.4. The vulnerability  ...)
	NOT-FOR-US: concrete5
CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The vulnerabilit ...)
	NOT-FOR-US: Open.GL
CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0.  The vulnerabili ...)
	NOT-FOR-US: SiberianCMS
CVE-2017-6905 (An issue was discovered in concrete5 &lt;= 5.6.3.4. The vulnerability  ...)
	NOT-FOR-US: concrete5
CVE-2017-6904
	RESERVED
CVE-2017-6902
	REJECTED
CVE-2017-6901
	RESERVED
CVE-2017-6900 (An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue  ...)
	NOT-FOR-US: Riello NetMan
CVE-2017-6899 (The msm_bus_dbg_update_request_write function in drivers/platform/msm/ ...)
	NOT-FOR-US: android_kernel_huawei_msm8916 in LineageOS (and other kernels for MSM devices)
CVE-2017-6898
	RESERVED
CVE-2017-6897
	RESERVED
CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wi ...)
	NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router
CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ( ...)
	NOT-FOR-US: USB Pratirodh
CVE-2017-6894
	RESERVED
CVE-2017-6893
	RESERVED
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...)
	{DLA-985-1}
	- libsndfile 1.0.28-1 (bug #864704)
	[stretch] - libsndfile <ignored> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...)
	{DSA-3861-1 DLA-950-1}
	- libtasn1-6 4.10-1.1 (bug #863186)
	- libtasn1-3 <removed>
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
	NOTE: https://gitlab.com/gnutls/libtasn1/commit/5520704d075802df25ce4ffccc010ba1641bd484
CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function (dcraw_foveo ...)
	NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function (dc ...)
	NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC ...)
	- flac 1.3.2-2 (low; bug #897015)
	[stretch] - flac <no-dsa> (Minor issue)
	[jessie] - flac <no-dsa> (Minor issue)
	[wheezy] - flac <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
	NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function (internal/dcra ...)
	{DSA-3950-1 DLA-1057-1}
	- libraw 0.18.2-2 (bug #864183)
	NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
CVE-2017-6886 (An error within the "parse_tiff_ifd()" function (internal/dcraw_common ...)
	{DSA-3950-1 DLA-1057-1}
	- libraw 0.18.2-2 (bug #864183)
	NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
CVE-2017-6885 (An error when handling certain external commands and services related  ...)
	NOT-FOR-US: FlexNet
CVE-2017-6903 (In ioquake3 before 2017-03-14, the auto-downloading feature has insuff ...)
	{DSA-3812-1}
	- ioquake3 1.36+u20161101+dfsg1-2 (bug #857699)
	[wheezy] - ioquake3 <end-of-life> (Not supported in Wheezy LTS)
	- iortcw 1.50a+dfsg1-3 (bug #857714)
	NOTE: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
	NOTE: Also affects openjk (only in experimental; bug #857715)
CVE-2017-6884 (A command injection vulnerability was discovered on the Zyxel EMG2926  ...)
	NOT-FOR-US: Zyxel
CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF be ...)
	NOT-FOR-US: Foxit
CVE-2017-6882
	RESERVED
CVE-2017-6881
	RESERVED
CVE-2017-6880 (Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attacker ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2017-6879
	RESERVED
CVE-2017-6878 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remo ...)
	NOT-FOR-US: MetInfo
CVE-2017-6877 (Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim ...)
	NOT-FOR-US: Lutim
CVE-2017-6876
	RESERVED
CVE-2017-6875
	RESERVED
CVE-2017-6874 (Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 a ...)
	- linux 4.9.16-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/040757f738e13caaa9c5078bca79aa97e11dde88
CVE-2017-6873 (A vulnerability was discovered in Siemens OZW672 (all versions) and OZ ...)
	NOT-FOR-US: Siemens
CVE-2017-6872 (A vulnerability was discovered in Siemens OZW672 (all versions) and OZ ...)
	NOT-FOR-US: Siemens
CVE-2017-6871 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient fo ...)
	NOT-FOR-US: Siemens
CVE-2017-6870 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient fo ...)
	NOT-FOR-US: Siemens
CVE-2017-6869 (A vulnerability was discovered in Siemens ViewPort for Web Office Port ...)
	NOT-FOR-US: Siemens
CVE-2017-6868 (An Improper Authentication issue was discovered in Siemens SIMATIC CP  ...)
	NOT-FOR-US: Siemens
CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before U ...)
	NOT-FOR-US: Siemens
CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before ...)
	NOT-FOR-US: Siemens
CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool (PST) (All v ...)
	NOT-FOR-US: Siemens
CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...)
	NOT-FOR-US: Siemens
CVE-2017-6863
	RESERVED
CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-6861
	RESERVED
CVE-2017-6860
	RESERVED
CVE-2017-6859
	RESERVED
CVE-2017-6858
	RESERVED
CVE-2017-6857
	RESERVED
CVE-2017-6856
	RESERVED
CVE-2017-6855
	RESERVED
CVE-2017-6854
	RESERVED
CVE-2017-6853
	RESERVED
CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka aud ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
	NOTE: https://github.com/mpruett/audiofile/issues/41
	NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9
CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka  ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
	NOTE: https://github.com/mpruett/audiofile/issues/41
	NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote att ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
	NOTE: https://github.com/mpruett/audiofile/issues/41
	NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in li ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
	NOTE: https://github.com/mpruett/audiofile/issues/40
	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio Fi ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/39
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/38
	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio F ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/37
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio  ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/36
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp  ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/35
	NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/34
	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka audiof ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://github.com/mpruett/audiofile/issues/33
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
	NOTE: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f
CVE-2017-6828 (Heap-based buffer overflow in the readValue function in FileHandle.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://github.com/mpruett/audiofile/issues/31
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6827 (Heap-based buffer overflow in the MSADPCM::initializeCoefficients func ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://github.com/mpruett/audiofile/issues/32
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.c in I ...)
	{DSA-3808-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #857426)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b
CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...)
	{DSA-3827-1 DLA-920-1}
	- jasper <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
	NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
	NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl
CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...)
	- jasper <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/20/5
	NOTE: Not suitable for code injection, hardly denial of service
	NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/20
CVE-2017-XXXX [Server certificates are not verified]
	- profanity 0.5.1-1 (bug #857546)
	[jessie] - profanity <no-dsa> (Minor issue)
	NOTE: https://github.com/boothj5/profanity/issues/280
CVE-2017-7191 (The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to c ...)
	- irssi 1.0.2-1 (bug #857502)
	[jessie] - irssi <not-affected> (Different code path caused the netjoins to be flushed prior reaching use-after-free condition)
	[wheezy] - irssi <not-affected> (Different code path caused the netjoins to be flushed prior reaching use-after-free condition)
	NOTE: https://irssi.org/security/irssi_sa_2017_03.txt
	NOTE: https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3
CVE-2017-6826
	RESERVED
CVE-2017-6825
	RESERVED
CVE-2017-6824
	RESERVED
CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges  ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-6822
	RESERVED
CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka Z ...)
	NOT-FOR-US: Zimbra
CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is su ...)
	{DLA-855-1}
	- roundcube 1.2.3+dfsg.1-3 (bug #857473)
	NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305
	NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8
CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fa ...)
	NOT-FOR-US: Zimbra
CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6810 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6809 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6808 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Tr ...)
	- libapache2-mod-auth-mellon 0.12.0-2
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2017-6806
	RESERVED
CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm Pers ...)
	NOT-FOR-US: MobaXterm
CVE-2017-6804
	REJECTED
CVE-2017-6803 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: SolarWinds (formerly Serv-U) FTP Voyager
CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulne ...)
	NOT-FOR-US: Trend Micro Endpoint Sensor
CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential he ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.2-1
	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc
CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ou ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.2-1
	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7
CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory acces ...)
	{DSA-3846-1}
	- libytnef 1.9.2-1
	[wheezy] - libytnef <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89
CVE-2017-6799 (A cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
	- mantis <not-affected> (Vulnerable versions only 2.1.0 through 2.2.0)
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95
	NOTE: http://www.mantisbt.org/bugs/view.php?id=22497
CVE-2017-6797 (A cross-site scripting (XSS) vulnerability in bug_change_status_page.p ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f
	NOTE: https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e
	NOTE: http://www.mantisbt.org/bugs/view.php?id=22486
CVE-2017-6796 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...)
	NOT-FOR-US: Cisco
CVE-2017-6795 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...)
	NOT-FOR-US: Cisco
CVE-2017-6794 (A vulnerability in the CLI command-parsing code of Cisco Meeting Serve ...)
	NOT-FOR-US: Cisco
CVE-2017-6793 (A vulnerability in the Inventory Management feature of Cisco Prime Col ...)
	NOT-FOR-US: Cisco
CVE-2017-6792 (A vulnerability in the batch provisioning feature in Cisco Prime Colla ...)
	NOT-FOR-US: Cisco
CVE-2017-6791 (A vulnerability in the Trust Verification Service (TVS) of Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2017-6790 (A vulnerability in the Session Initiation Protocol (SIP) on the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2017-6789 (A vulnerability in the Cisco Unified Intelligence Center web interface ...)
	NOT-FOR-US: Cisco
CVE-2017-6788 (The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2017-6787
	RESERVED
CVE-2017-6786 (A vulnerability in Cisco Elastic Services Controller could allow an au ...)
	NOT-FOR-US: Cisco
CVE-2017-6785 (A vulnerability in configuration modification permissions validation f ...)
	NOT-FOR-US: Cisco
CVE-2017-6784 (A vulnerability in the web interface of the Cisco RV340, RV345, and RV ...)
	NOT-FOR-US: Cisco
CVE-2017-6783 (A vulnerability in SNMP polling for the Cisco Web Security Appliance ( ...)
	NOT-FOR-US: Cisco
CVE-2017-6782 (A vulnerability in the administrative web interface of Cisco Prime Inf ...)
	NOT-FOR-US: Cisco
CVE-2017-6781 (A vulnerability in the management of shell user accounts for Cisco Pol ...)
	NOT-FOR-US: Cisco
CVE-2017-6780 (A vulnerability in the TCP throttling process for Cisco IoT Field Netw ...)
	NOT-FOR-US: Cisco
CVE-2017-6779 (Multiple Cisco products are affected by a vulnerability in local file  ...)
	NOT-FOR-US: Cisco
CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web interface ...)
	NOT-FOR-US: Cisco
CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...)
	NOT-FOR-US: Cisco
CVE-2017-6776 (A vulnerability in the web framework of Cisco Elastic Services Control ...)
	NOT-FOR-US: Cisco
CVE-2017-6775 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Service ...)
	NOT-FOR-US: Cisco
CVE-2017-6774 (A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers r ...)
	NOT-FOR-US: Cisco
CVE-2017-6773 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Service ...)
	NOT-FOR-US: Cisco
CVE-2017-6772 (A vulnerability in Cisco Elastic Services Controller (ESC) could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-6771 (A vulnerability in the AutoVNF automation tool of the Cisco Ultra Serv ...)
	NOT-FOR-US: Cisco
CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Softwar ...)
	NOT-FOR-US: Cisco
CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco Sec ...)
	NOT-FOR-US: Cisco
CVE-2017-6768 (A vulnerability in the build procedure for certain executable system f ...)
	NOT-FOR-US: Cisco
CVE-2017-6767 (A vulnerability in Cisco Application Policy Infrastructure Controller  ...)
	NOT-FOR-US: Cisco
CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspe ...)
	NOT-FOR-US: Cisco
CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
	NOT-FOR-US: Cisco
CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
	NOT-FOR-US: Cisco
CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in Cisco M ...)
	NOT-FOR-US: Cisco
CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco Jabber  ...)
	NOT-FOR-US: Cisco
CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco Finesse ...)
	NOT-FOR-US: Cisco
CVE-2017-6760
	RESERVED
CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5 ...)
	NOT-FOR-US: Cisco
CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime Collabora ...)
	NOT-FOR-US: Cisco
CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...)
	NOT-FOR-US: Cisco
CVE-2017-6754 (A vulnerability in the web-based management interface of the Cisco Sma ...)
	NOT-FOR-US: Cisco
CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome an ...)
	NOT-FOR-US: Cisco
CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco
CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web Securi ...)
	NOT-FOR-US: Cisco
CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA)  ...)
	NOT-FOR-US: Cisco
CVE-2017-6749 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance  ...)
	NOT-FOR-US: Cisco
CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity Service ...)
	NOT-FOR-US: Cisco
CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security Applian ...)
	NOT-FOR-US: Cisco
CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape Distributi ...)
	NOT-FOR-US: Cisco
CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco FireS ...)
	NOT-FOR-US: Cisco
CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2017-6733 (A vulnerability in the web-based application interface of the Cisco Id ...)
	NOT-FOR-US: Cisco
CVE-2017-6732 (A vulnerability in the installation procedure for Cisco Prime Network  ...)
	NOT-FOR-US: Cisco
CVE-2017-6731 (A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress  ...)
	NOT-FOR-US: Cisco
CVE-2017-6730 (A vulnerability in the web-based GUI of Cisco Wide Area Application Se ...)
	NOT-FOR-US: Cisco
CVE-2017-6729 (A vulnerability in the Border Gateway Protocol (BGP) processing functi ...)
	NOT-FOR-US: Cisco
CVE-2017-6728 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2017-6727 (A vulnerability in the Server Message Block (SMB) protocol of Cisco Wi ...)
	NOT-FOR-US: Cisco
CVE-2017-6726 (A vulnerability in the CLI of the Cisco Prime Network Gateway could al ...)
	NOT-FOR-US: Cisco
CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...)
	NOT-FOR-US: Cisco
CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...)
	NOT-FOR-US: Cisco
CVE-2017-6723
	RESERVED
CVE-2017-6722 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
	NOT-FOR-US: Cisco
CVE-2017-6721 (A vulnerability in the ingress processing of fragmented TCP packets by ...)
	NOT-FOR-US: Cisco
CVE-2017-6720 (A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Bus ...)
	NOT-FOR-US: Cisco
CVE-2017-6719 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2017-6718 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
	NOT-FOR-US: Cisco
CVE-2017-6717 (A vulnerability in the web framework of Cisco Firepower Management Cen ...)
	NOT-FOR-US: Cisco
CVE-2017-6716 (A vulnerability in the web framework code of Cisco Firepower Managemen ...)
	NOT-FOR-US: Cisco
CVE-2017-6715 (A vulnerability in the web framework of Cisco Firepower Management Cen ...)
	NOT-FOR-US: Cisco
CVE-2017-6714 (A vulnerability in the AutoIT service of Cisco Ultra Services Framewor ...)
	NOT-FOR-US: Cisco
CVE-2017-6713 (A vulnerability in the Play Framework of Cisco Elastic Services Contro ...)
	NOT-FOR-US: Cisco
CVE-2017-6712 (A vulnerability in certain commands of Cisco Elastic Services Controll ...)
	NOT-FOR-US: Cisco
CVE-2017-6711 (A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ult ...)
	NOT-FOR-US: Cisco
CVE-2017-6710 (A vulnerability in the Cisco Virtual Network Function (VNF) Element Ma ...)
	NOT-FOR-US: Cisco
CVE-2017-6709 (A vulnerability in the AutoVNF tool for the Cisco Ultra Services Frame ...)
	NOT-FOR-US: Cisco
CVE-2017-6708 (A vulnerability in the symbolic link (symlink) creation functionality  ...)
	NOT-FOR-US: Cisco
CVE-2017-6707 (A vulnerability in the CLI command-parsing code of the Cisco StarOS op ...)
	NOT-FOR-US: Cisco
CVE-2017-6706 (A vulnerability in the logging subsystem of the Cisco Prime Collaborat ...)
	NOT-FOR-US: Cisco
CVE-2017-6705 (A vulnerability in the filesystem of the Cisco Prime Collaboration Pro ...)
	NOT-FOR-US: Cisco
CVE-2017-6704 (A vulnerability in the web application in the Cisco Prime Collaboratio ...)
	NOT-FOR-US: Cisco
CVE-2017-6703 (A vulnerability in the web application in the Cisco Prime Collaboratio ...)
	NOT-FOR-US: Cisco
CVE-2017-6702 (A vulnerability in the web framework of Cisco SocialMiner could allow  ...)
	NOT-FOR-US: Cisco
CVE-2017-6701 (A vulnerability in the web application interface of the Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2017-6700 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2017-6699 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2017-6698 (A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Pro ...)
	NOT-FOR-US: Cisco
CVE-2017-6697 (A vulnerability in the web interface of Cisco Elastic Services Control ...)
	NOT-FOR-US: Cisco
CVE-2017-6696 (A vulnerability in the file system of Cisco Elastic Services Controlle ...)
	NOT-FOR-US: Cisco
CVE-2017-6695 (A vulnerability in the ConfD server in Cisco Ultra Services Platform c ...)
	NOT-FOR-US: Cisco
CVE-2017-6694 (A vulnerability in the Virtual Network Function Manager's (VNFM) loggi ...)
	NOT-FOR-US: Cisco
CVE-2017-6693 (A vulnerability in the ConfD server component of Cisco Elastic Service ...)
	NOT-FOR-US: Cisco
CVE-2017-6692 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...)
	NOT-FOR-US: Cisco
CVE-2017-6691 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...)
	NOT-FOR-US: Cisco
CVE-2017-6690 (A vulnerability in the file check operation of Cisco ASR 5000 Series A ...)
	NOT-FOR-US: Cisco
CVE-2017-6689 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...)
	NOT-FOR-US: Cisco
CVE-2017-6688 (A vulnerability in Cisco Elastic Services Controllers could allow an a ...)
	NOT-FOR-US: Cisco
CVE-2017-6687 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...)
	NOT-FOR-US: Cisco
CVE-2017-6686 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...)
	NOT-FOR-US: Cisco
CVE-2017-6685 (A vulnerability in Cisco Ultra Services Framework Staging Server could ...)
	NOT-FOR-US: Cisco
CVE-2017-6684 (A vulnerability in Cisco Elastic Services Controllers could allow an a ...)
	NOT-FOR-US: Cisco
CVE-2017-6683 (A vulnerability in the esc_listener.py script of Cisco Elastic Service ...)
	NOT-FOR-US: Cisco
CVE-2017-6682 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...)
	NOT-FOR-US: Cisco
CVE-2017-6681 (A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Ser ...)
	NOT-FOR-US: Cisco
CVE-2017-6680 (A vulnerability in the AutoVNF logging function of Cisco Ultra Service ...)
	NOT-FOR-US: Cisco
CVE-2017-6679 (The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained ...)
	NOT-FOR-US: Cisco
CVE-2017-6678 (A vulnerability in the ingress UDP packet processing functionality of  ...)
	NOT-FOR-US: Cisco
CVE-2017-6677
	RESERVED
CVE-2017-6676
	RESERVED
CVE-2017-6675 (A vulnerability in the web interface of Cisco Industrial Network Direc ...)
	NOT-FOR-US: Cisco
CVE-2017-6674 (A vulnerability in the feature-license management functionality of Cis ...)
	NOT-FOR-US: Cisco
CVE-2017-6673 (A vulnerability in Cisco Firepower Management Center could allow an au ...)
	NOT-FOR-US: Cisco
CVE-2017-6672 (A vulnerability in certain filtering mechanisms of access control list ...)
	NOT-FOR-US: Cisco
CVE-2017-6671 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
	NOT-FOR-US: Cisco
CVE-2017-6670 (A vulnerability in the web-based GUI of Cisco Unified Communications D ...)
	NOT-FOR-US: Cisco
CVE-2017-6669 (Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Netw ...)
	NOT-FOR-US: Cisco
CVE-2017-6668 (Vulnerabilities in the web-based GUI of Cisco Unified Communications D ...)
	NOT-FOR-US: Cisco
CVE-2017-6667 (A vulnerability in the update process for the dynamic JAR file of the  ...)
	NOT-FOR-US: Cisco
CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR Software f ...)
	NOT-FOR-US: Cisco
CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco IOS Softw ...)
	NOT-FOR-US: Cisco
CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco IOS XE So ...)
	NOT-FOR-US: Cisco
CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco IOS Softw ...)
	NOT-FOR-US: Cisco
CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime Infrast ...)
	NOT-FOR-US: Cisco
CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco Email S ...)
	NOT-FOR-US: Cisco
CVE-2017-6660
	RESERVED
CVE-2017-6659 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2017-6658 (Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread rela ...)
	NOT-FOR-US: Cisco
CVE-2017-6657 (Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Vali ...)
	NOT-FOR-US: Cisco
CVE-2017-6656 (A vulnerability in Session Initiation Protocol (SIP) call handling of  ...)
	NOT-FOR-US: Cisco
CVE-2017-6655 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol imp ...)
	NOT-FOR-US: Cisco
CVE-2017-6654 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-6653 (A vulnerability in the TCP throttling process for the GUI of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6652 (A vulnerability in the web framework of the Cisco TelePresence IX5000  ...)
	NOT-FOR-US: Cisco
CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow unauthentic ...)
	NOT-FOR-US: Cisco
CVE-2017-6650 (A vulnerability in the Telnet CLI command of Cisco NX-OS System Softwa ...)
	NOT-FOR-US: Cisco
CVE-2017-6649 (A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through  ...)
	NOT-FOR-US: Cisco
CVE-2017-6648 (A vulnerability in the Session Initiation Protocol (SIP) of the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2017-6647 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...)
	NOT-FOR-US: Cisco
CVE-2017-6646 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...)
	NOT-FOR-US: Cisco
CVE-2017-6645 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...)
	NOT-FOR-US: Cisco
CVE-2017-6644 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...)
	NOT-FOR-US: Cisco
CVE-2017-6643 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...)
	NOT-FOR-US: Cisco
CVE-2017-6642 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...)
	NOT-FOR-US: Cisco
CVE-2017-6641 (A vulnerability in the TCP connection handling functionality of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2017-6640 (A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Soft ...)
	NOT-FOR-US: Cisco
CVE-2017-6639 (A vulnerability in the role-based access control (RBAC) functionality  ...)
	NOT-FOR-US: Cisco
CVE-2017-6638 (A vulnerability in how DLL files are loaded with Cisco AnyConnect Secu ...)
	NOT-FOR-US: Cisco
CVE-2017-6637 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...)
	NOT-FOR-US: Cisco
CVE-2017-6636 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...)
	NOT-FOR-US: Cisco
CVE-2017-6635 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...)
	NOT-FOR-US: Cisco
CVE-2017-6634 (A vulnerability in the Device Manager web interface of Cisco Industria ...)
	NOT-FOR-US: Cisco
CVE-2017-6633 (A vulnerability in the TCP throttling process of Cisco UCS C-Series Ra ...)
	NOT-FOR-US: Cisco
CVE-2017-6632 (A vulnerability in the logging configuration of Secure Sockets Layer ( ...)
	NOT-FOR-US: Cisco
CVE-2017-6631 (A vulnerability in the HTTP remote procedure call (RPC) service of set ...)
	NOT-FOR-US: Cisco
CVE-2017-6630 (A vulnerability in the Session Initiation Protocol (SIP) implementatio ...)
	NOT-FOR-US: Cisco
CVE-2017-6629 (A vulnerability in the ImageID parameter of Cisco Unity Connection 10. ...)
	NOT-FOR-US: Cisco
CVE-2017-6628 (A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide  ...)
	NOT-FOR-US: Cisco
CVE-2017-6627 (A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, an ...)
	NOT-FOR-US: Cisco
CVE-2017-6626 (A vulnerability in the Cisco Finesse Notification Service for Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2017-6625 (A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA wi ...)
	NOT-FOR-US: Cisco
CVE-2017-6624 (A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager E ...)
	NOT-FOR-US: Cisco
CVE-2017-6623 (A vulnerability in a script file that is installed as part of the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2017-6622 (A vulnerability in the web interface for Cisco Prime Collaboration Pro ...)
	NOT-FOR-US: Cisco
CVE-2017-6621 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...)
	NOT-FOR-US: Cisco
CVE-2017-6620 (A vulnerability in the remote management access control list (ACL) fea ...)
	NOT-FOR-US: Cisco
CVE-2017-6619 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2017-6618 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2017-6617 (A vulnerability in the session identification management functionality ...)
	NOT-FOR-US: Cisco
CVE-2017-6616 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2017-6615 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2017-6614 (A vulnerability in the file-download feature of the web user interface ...)
	NOT-FOR-US: Cisco
CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime Netw ...)
	NOT-FOR-US: Cisco
CVE-2017-6612 (A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5 ...)
	NOT-FOR-US: Cisco
CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...)
	NOT-FOR-US: Cisco
CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH c ...)
	NOT-FOR-US: Cisco
CVE-2017-6609 (A vulnerability in the IPsec code of Cisco ASA Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6608 (A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer  ...)
	NOT-FOR-US: Cisco
CVE-2017-6607 (A vulnerability in the DNS code of Cisco ASA Software could allow an u ...)
	NOT-FOR-US: Cisco
CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could all ...)
	NOT-FOR-US: Cisco
CVE-2017-6605 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2017-6604 (A vulnerability in the web interface of Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2017-6603 (A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running wit ...)
	NOT-FOR-US: Cisco
CVE-2017-6602 (A vulnerability in the CLI of Cisco Unified Computing System (UCS) Man ...)
	NOT-FOR-US: Cisco
CVE-2017-6601 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...)
	NOT-FOR-US: Cisco
CVE-2017-6600 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...)
	NOT-FOR-US: Cisco
CVE-2017-6599 (A vulnerability in Google-defined remote procedure call (gRPC) handlin ...)
	NOT-FOR-US: Cisco
CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco Unifie ...)
	NOT-FOR-US: Cisco
CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified Com ...)
	NOT-FOR-US: Cisco
CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer o ...)
	{DLA-923-1}
	[experimental] - partclone 0.2.90-1
	- partclone 0.2.89-3 (bug #857966)
	[jessie] - partclone <no-dsa> (Minor issue)
	NOTE: https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/91
	NOTE: https://github.com/Thomas-Tsai/partclone/commit/2d6bcfd8016dc6090090934bab71c663d9a4d36d
	NOTE: https://github.com/Thomas-Tsai/partclone/commit/96401fb5b7221fc5f44df7079485c395f9c3a428
CVE-2017-6595
	RESERVED
CVE-2017-6594 (The transit path validation code in Heimdal before 7.3 might allow att ...)
	- heimdal 7.1.0+dfsg-12
	[jessie] - heimdal <no-dsa> (Minor issue)
	[wheezy] - heimdal <no-dsa> (Minor issue)
	NOTE: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
	NOTE: See https://lists.debian.org/debian-lts/2017/05/msg00010.html
CVE-2017-6593
	RESERVED
CVE-2017-6592
	RESERVED
CVE-2017-6591 (There is a cross-site scripting vulnerability in django-epiceditor 0.2 ...)
	NOT-FOR-US: django-epiceditor
CVE-2017-6590 (An issue was discovered in network-manager-applet (aka network-manager ...)
	- network-manager-applet <unfixed> (unimportant)
	NOTE: Marked as 'unimportant', since not exploitable in Debian, although the source
	NOTE: would be affected as well for Debian.
	NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321
CVE-2017-6589 (EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecu ...)
	NOT-FOR-US: django-epiceditor
CVE-2017-6588
	RESERVED
CVE-2017-6587
	RESERVED
CVE-2017-6586
	RESERVED
CVE-2017-6585
	RESERVED
CVE-2017-6584
	RESERVED
CVE-2017-6583
	RESERVED
CVE-2017-6582
	RESERVED
CVE-2017-6581
	RESERVED
CVE-2017-6580
	RESERVED
CVE-2017-6579
	RESERVED
CVE-2017-6578 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6577 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6576 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6575 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6574 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6573 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6572 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6571 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6570 (A SQL injection issue is exploitable, with WordPress admin access, in  ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6569
	RESERVED
CVE-2017-6568
	RESERVED
CVE-2017-6567
	RESERVED
CVE-2017-6566
	RESERVED
CVE-2017-6565 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDia ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550 evo
CVE-2017-6564 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest u ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550 evo
CVE-2017-6563
	RESERVED
CVE-2017-6562 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&amp;targ ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6561 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&amp;ac ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6560 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&amp;acti ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6559 (XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&amp;m ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n  ...)
	NOT-FOR-US: iball Baton
CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the p ...)
	NOT-FOR-US: ArrayOS
CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...)
	NOT-FOR-US: Quest Privilege Manager
CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix befor ...)
	NOT-FOR-US: Quest One Identity Privilege Manager for Unix
CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...)
	NOT-FOR-US: Livebox 3 Sagemcom
CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Pexip Infinity
CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerl ...)
	NOT-FOR-US: Kinsey Infor-Lawson
CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC6 ...)
	NOT-FOR-US: ASUS
CVE-2017-6548 (Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT- ...)
	NOT-FOR-US: ASUS
CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT- ...)
	NOT-FOR-US: ASUS
CVE-2017-6546
	RESERVED
CVE-2017-6545
	RESERVED
CVE-2017-6544 (Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuh ...)
	NOT-FOR-US: wuhu
CVE-2017-6543 (Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance be ...)
	NOT-FOR-US: Nessus
CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...)
	- putty 0.67-3 (bug #857642)
	[jessie] - putty <no-dsa> (Minor issue)
	[wheezy] - putty <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68)
	NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if
	NOTE: the attacker can already be able to connect to the  Unix-domain socket
	NOTE: representing the forwarded agent connection.
CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...)
	NOT-FOR-US: webpagetest
CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...)
	NOT-FOR-US: webpagetest
CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...)
	NOT-FOR-US: webpagetest
CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.  ...)
	NOT-FOR-US: webpagetest
CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.  ...)
	NOT-FOR-US: webpagetest
CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...)
	NOT-FOR-US: webpagetest
CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...)
	NOT-FOR-US: webpagetest
CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.  ...)
	NOT-FOR-US: webpagetest
CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0.  ...)
	NOT-FOR-US: webpagetest
CVE-2017-6532 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ha ...)
	NOT-FOR-US: Televes COAXDATA GATEWAY
CVE-2017-6531 (On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ...)
	NOT-FOR-US: Televes COAXDATA GATEWAY
CVE-2017-6530 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do ...)
	NOT-FOR-US: Televes COAXDATA GATEWAY
CVE-2017-6529 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6528 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affe ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6527 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6526 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6525
	RESERVED
CVE-2017-6524
	RESERVED
CVE-2017-6523
	RESERVED
CVE-2017-6522
	RESERVED
CVE-2017-6521
	RESERVED
CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvert ...)
	NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30
CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to ...)
	- avahi 0.7-5 (unimportant; bug #917047)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1426712
	NOTE: https://github.com/lathiat/avahi/issues/203
	NOTE: https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f
CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...)
	NOT-FOR-US: SanaCMS
CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow a ...)
	NOT-FOR-US: Microsoft
CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo befo ...)
	NOT-FOR-US: MagniComp
CVE-2017-6515
	RESERVED
CVE-2017-6514 (WordPress 4.7.2 mishandles listings of post authors, which allows remo ...)
	- wordpress <unfixed> (unimportant)
	NOTE: No security impact
CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2 ...)
	NOT-FOR-US: Softaculous Virtualizor
CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the File-Pat ...)
	{DSA-3873-1 DLA-978-1}
	- perl 5.24.1-3 (bug #863870)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
	NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...)
	{DLA-1812-1}
	- doxygen 1.8.12-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762934
	NOTE: https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081 (Release_1_8_12)
CVE-2017-6511 (andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in  ...)
	NOT-FOR-US: FineCMS
CVE-2017-6510 (Easy File Sharing FTP Server version 3.6 is vulnerable to a directory  ...)
	NOT-FOR-US: Easy File Sharing FTP Server
CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XS ...)
	NOT-FOR-US: burgundy-cms
CVE-2017-6507 (An issue was discovered in AppArmor before 2.12. Incorrect handling of ...)
	- apparmor 2.11.0-3 (bug #858768)
	[jessie] - apparmor <no-dsa> (Minor issue)
	[wheezy] - apparmor <no-dsa> (Experimental/unsupported feature)
	NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647
	NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648
	NOTE: https://bugs.launchpad.net/apparmor/+bug/1668892
	NOTE: affects only third-party rules, e.g. from Docker or LXC
	NOTE: LXC in wheezy doesn't support proper isolation
CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...)
	{DSA-3815-1 DLA-860-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...)
	{DSA-3815-1 DLA-860-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...)
	{DSA-3815-1 DLA-860-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...)
	{DSA-3815-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	[wheezy] - wordpress <not-affected> (vulnerable code was introduced later)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...)
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	[jessie] - wordpress <not-affected> (Only affects 4.7.x)
	[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF)  ...)
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	[jessie] - wordpress <not-affected> (Only affects 4.2 and later)
	[wheezy] - wordpress <not-affected> (Only affects 4.2 and later)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
CVE-2017-6508 (CRLF injection vulnerability in the url_parse function in url.c in Wge ...)
	{DLA-851-1}
	- wget 1.19.1-2 (bug #857073)
	[buster] - wget 1.18-5
	[stretch] - wget 1.18-5
	[jessie] - wget 1.16-1+deb8u2
	NOTE: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification function s ...)
	NOT-FOR-US: Azure Data Expert Ultimate
CVE-2017-6505 (The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Qu ...)
	{DLA-1497-1 DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-4 (bug #856969)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options hea ...)
	{DLA-897-1}
	- qbittorrent 3.3.7-3 (low; bug #856978)
	[jessie] - qbittorrent <no-dsa> (Minor issue)
	NOTE: https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d
	NOTE: Fixed upstream in 3.3.11
CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, which c ...)
	{DLA-897-1}
	- qbittorrent 3.3.7-3 (low; bug #856977)
	[jessie] - qbittorrent <no-dsa> (Minor issue)
	NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16
	NOTE: Fixed upstream in 3.3.11
CVE-2017-6502 (An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #856883)
	NOTE: webp is disable under Debian, cf. https://bugs.debian.org/856883#14
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df
CVE-2017-6501 (An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf  ...)
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856881)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751
CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially crafted sun  ...)
	{DSA-3808-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856879)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/375
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/376
CVE-2017-6499 (An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially  ...)
	{DSA-3808-1}
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856880)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543
CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files coul ...)
	{DSA-3808-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856878)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/359
CVE-2017-6497 (An issue was discovered in ImageMagick 6.9.7. A specially crafted psd  ...)
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856882)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94
CVE-2017-6496
	RESERVED
CVE-2017-6495
	RESERVED
CVE-2017-6494
	RESERVED
CVE-2017-6493
	RESERVED
CVE-2017-6492 (SQL Injection was discovered in adm_program/modules/dates/dates_functi ...)
	NOT-FOR-US: Admidio
CVE-2017-6491 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...)
	NOT-FOR-US: EPESI
CVE-2017-6490 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...)
	NOT-FOR-US: EPESI
CVE-2017-6489 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...)
	NOT-FOR-US: EPESI
CVE-2017-6488 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...)
	NOT-FOR-US: EPESI
CVE-2017-6487 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...)
	NOT-FOR-US: EPESI
CVE-2017-6486 (A Cross-Site Scripting (XSS) issue was discovered in reasoncms before  ...)
	NOT-FOR-US: reasoncms
CVE-2017-6485 (A Cross-Site Scripting (XSS) issue was discovered in php-calendar befo ...)
	NOT-FOR-US: PHP-Calendar
CVE-2017-6484 (Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Me ...)
	NOT-FOR-US: INTER-Mediator
CVE-2017-6483 (Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2 ...)
	NOT-FOR-US: ATutor
CVE-2017-6482
	REJECTED
CVE-2017-6481 (Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam  ...)
	NOT-FOR-US: phpipam
CVE-2017-6480 (groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS  ...)
	NOT-FOR-US: cmsgroovel
CVE-2017-6479 (FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a re ...)
	NOT-FOR-US: FenixHosting (different than fenix game engine)
CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before  ...)
	{DSA-3839-1 DLA-848-1}
	[experimental] - freetype 2.7.1-0.1
	- freetype 2.6.3-3.1 (bug #856971)
	NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7)
CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by leve ...)
	{DSA-3803-1 DLA-847-1}
	- texlive-bin 2019.20190605.51237-2 (unimportant)
	- texlive-base 2016.20161130-1
	NOTE: https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/
	NOTE: http://www.tug.org/svn/texlive?view=revision&revision=42605
CVE-2017-6477
	RESERVED
CVE-2017-6476
	RESERVED
CVE-2017-6475
	RESERVED
CVE-2017-6474 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler  ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-07.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a998c9195f183d85f5b0bbeebba21a2d4d303d47
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429
CVE-2017-6473 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file p ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-09.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7edc761a01cda8e1b37677f673985582330317d2
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13431
CVE-2017-6472 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dis ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-04.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b3a0909beff8963b390034c594e0b6be6a4e531
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347
CVE-2017-6471 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infini ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-05.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348
CVE-2017-6470 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infi ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-10.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432
CVE-2017-6469 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS diss ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-03.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346
CVE-2017-6468 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler  ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-08.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9f3bc84b7e7e435c50b8b68f0fc526d0f5676cbf
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13430
CVE-2017-6467 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler  ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-11.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=284ad58d288722a8725401967bff0c4455488f0c
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12083
CVE-2017-6466 (F-Secure Software Updater 2.20, as distributed in several F-Secure pro ...)
	NOT-FOR-US: F-Secure
CVE-2017-6465 (Remote Code Execution was discovered in FTPShell Client 6.53. By defau ...)
	NOT-FOR-US: FTPShell Client
CVE-2017-6464 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...)
	- ntp 1:4.2.8p10+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3389
	NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6463 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticate ...)
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3387
	NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6462 (Buffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...)
	- ntp 1:4.2.8p10+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3388
	NOTE: https://cure53.de/pentest-report_ntp.pdf
	NOTE: Obscure legacy feature, no real impact
CVE-2017-6461
	REJECTED
CVE-2017-6460 (Stack-based buffer overflow in the reslist function in ntpq in NTP bef ...)
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3377
	NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6459 (The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94  ...)
	- ntp <not-affected> (NTP on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3382
CVE-2017-6458 (Multiple buffer overflows in the ctl_put* functions in NTP before 4.2. ...)
	- ntp 1:4.2.8p10+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3379
	NOTE: https://cure53.de/pentest-report_ntp.pdf
	NOTE: This is not a vulnerability per se, but a weakness in an internal helper function
CVE-2017-6457
	REJECTED
CVE-2017-6456
	REJECTED
CVE-2017-6455 (NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...)
	- ntp <not-affected> (NTP on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3384
CVE-2017-6454
	REJECTED
CVE-2017-6453
	REJECTED
CVE-2017-6452 (Stack-based buffer overflow in the Windows installer for NTP before 4. ...)
	- ntp <not-affected> (NTP on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3383
CVE-2017-6451 (The mx4200_send function in the legacy MX4200 refclock in NTP before 4 ...)
	- ntp <not-affected> (Vulnerable code not enabled at build time)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3378
CVE-2017-6450
	RESERVED
CVE-2017-6449
	RESERVED
CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2  ...)
	{DLA-901-1}
	[experimental] - radare2 1.3.0+dfsg-1
	- radare2 1.1.0+dfsg-4 (bug #859447)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257 (1.3.0-git)
	NOTE: https://github.com/radare/radare2/issues/6885
CVE-2017-6447
	RESERVED
CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and  ...)
	- dotclear <removed>
CVE-2017-6445 (The auto-update feature of Open Embedded Linux Entertainment Center (O ...)
	NOT-FOR-US: OpenELEC
CVE-2017-6444 (The MikroTik Router hAP Lite 6.25 has no protection mechanism for unso ...)
	NOT-FOR-US: MikroTik Router hAP Lite
CVE-2017-6443 (Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 ...)
	NOT-FOR-US: EPSON TMNet WebConfig
CVE-2002-2447
	RESERVED
CVE-2017-XXXX [dns: out of bound memory read]
	- suricata 3.2.1-1 (bug #856648)
	[jessie] - suricata 2.0.7-2+deb8u3
	[wheezy] - suricata <not-affected> (vulnerable code not present)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2022
	NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1)
CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...)
	{DLA-1603-1 DLA-865-1}
	- suricata 3.2.1-1 (bug #856649)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2019
	NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1)
CVE-2017-6442
	RESERVED
CVE-2017-6441 (** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in  ...)
	NOTE: PHP bug without security relevance
CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice libplist  ...)
	- libplist 1.12+git+1+e37ca00-0.2 (bug #858055)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libplist/issues/99
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in bplist ...)
	{DLA-2168-1 DLA-870-1}
	- libplist 1.12+git+1+e37ca00-0.1
	NOTE: https://github.com/libimobiledevice/libplist/issues/95
	NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd
CVE-2017-6438 (Heap-based buffer overflow in the parse_unicode_node function in bplis ...)
	- libplist 1.12+git+1+e37ca00-0.2 (bug #858786)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libplist/issues/98
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
CVE-2017-6437 (The base64encode function in base64.c in libimobiledevice libplist 1.1 ...)
	- libplist 1.12+git+1+e37ca00-0.2 (bug #858787)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libplist/issues/100
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice libplis ...)
	{DLA-2168-1 DLA-870-1}
	- libplist 1.12+git+1+e37ca00-0.1
	NOTE: https://github.com/libimobiledevice/libplist/issues/94
	NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd
CVE-2017-6435 (The parse_string_node function in bplist.c in libimobiledevice libplis ...)
	{DLA-2168-1 DLA-870-1}
	- libplist 1.12+git+1+e37ca00-0.1
	NOTE: https://github.com/libimobiledevice/libplist/issues/93
	NOTE: https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56
CVE-2017-6434
	RESERVED
CVE-2017-6433
	RESERVED
CVE-2017-6432 (An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build  ...)
	NOT-FOR-US: Dahua DVR
CVE-2017-6431
	RESERVED
CVE-2017-6430 (The compile_tree function in ef_compiler.c in the Etterfilter utility  ...)
	{DSA-3874-1}
	- ettercap 1:0.8.2-4 (bug #857035)
	NOTE: https://github.com/Ettercap/ettercap/issues/782
	NOTE: Patch: https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506
CVE-2017-6429 (Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Be ...)
	- tcpreplay <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/appneta/tcpreplay/issues/278
	NOTE: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9
CVE-2017-6428
	RESERVED
CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A cr ...)
	NOT-FOR-US: EvoStream Media Server
CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in Po ...)
	- libpodofo 0.9.5-9 (bug #861566)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
	NOTE: https://sourceforge.net/p/podofo/tickets/8/
	NOTE: Same fix as for CVE-2017-6845
CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoF ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861565)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861564)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace fun ...)
	- libpodofo 0.9.5-9 (bug #861563)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
	NOTE: https://sourceforge.net/p/podofo/tickets/9/
	NOTE: Same fix as for CVE-2017-6845
CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9. ...)
	- libpodofo 0.9.5-9 (bug #861562)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: The motivation for no-dsa in wheezy is that there are no known
	NOTE: services that use this library (apart from desktop applications)
	NOTE: and the worst case is a DoS.
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/6
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1892
CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function  ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #861561)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad func ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861560)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in Po ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861559)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement funct ...)
	- libpodofo 0.9.5-9 (bug #861558)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
	NOTE: https://sourceforge.net/p/podofo/tickets/10/
	NOTE: Same fix as for CVE-2017-6845
CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in Po ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861557)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6426 (An information disclosure vulnerability in the Qualcomm SPMI driver. P ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6425 (An information disclosure vulnerability in the Qualcomm video driver.  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6424 (An elevation of privilege vulnerability in the Qualcomm WiFi driver. P ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6423 (An elevation of privilege vulnerability in the Qualcomm kyro L2 driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in  ...)
	NOT-FOR-US: Qualcomm component/driver for Android
CVE-2016-10241
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10240
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed in all  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10237 (If shared content protection memory were passed as the secure camera m ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10236 (An information disclosure vulnerability in the Qualcomm USB driver. Pr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. Product ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. Pr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver.  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver.  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec dr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10230 (A remote code execution vulnerability in the Qualcomm crypto driver. P ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to execut ...)
	- linux 4.5.1-1 (bug #808293)
	[jessie] - linux 3.16.7-ckt20-1+deb8u2
	[wheezy] - linux 3.2.73-2+deb7u2
	NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
CVE-2015-9003 (In TrustZone a cryptographic issue can potentially occur in all Androi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9002 (In TrustZone an out-of-range pointer offset vulnerability can potentia ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9001 (In TrustZone an information exposure vulnerability can potentially occ ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9000 (In TrustZone an untrusted pointer dereference vulnerability can potent ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8999 (In TrustZone a buffer overflow vulnerability can potentially occur in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8998 (In TrustZone an integer overflow vulnerability can potentially occur i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8997 (In TrustZone a time-of-check time-of-use race condition could potentia ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8996 (In TrustZone a time-of-check time-of-use race condition could potentia ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8995 (In TrustZone an integer overflow vulnerability can potentially occur i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...)
	- git 1:2.0.0~rc2-1
	[wheezy] - git <not-affected> (Vulnerable code introduced in 1.8.1-rc0)
	NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
	NOTE: https://github.com/njhartwell/pw3nage
	NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250
CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially occur in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could potentia ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a buffer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android releases f ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9933 (Due to missing input validation in all Android releases from CAF using ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially occur  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux kernel, a Bu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel, a Buff ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux kernel, a Use ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel, a Buff ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel, a Signe ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel, a Buff ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local us ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux 3.2.82-1
	NOTE: Fixed by: https://git.kernel.org/linus/69c433ed2ecd2d3264efd7afec4439524b319121 (v3.18-rc2)
CVE-2017-6422
	RESERVED
CVE-2017-6421 (In the touch controller function in all Qualcomm products with Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows  ...)
	{DLA-1261-1 DLA-1105-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11798
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/60671e3deb1df6c626e5c7e13752c2eec1649f98
CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows  ...)
	{DSA-3946-1 DLA-1279-1}
	- libmspack 0.6-1 (bug #871263)
	- clamav 0.99.3~beta1+dfsg-1 (unimportant)
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
	NOTE: ClamAV uses the libmspack system library when available. This is the
	NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
	NOTE: have libmspack and thus need to have the fix as well in the
	NOTE: src:clamav source package.
	NOTE: libmspack: https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229
CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause  ...)
	{DLA-1261-1 DLA-1105-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u3
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11797
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c
CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 (and e ...)
	NOT-FOR-US: Avira Total Security Suite
CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerab ...)
	NOT-FOR-US: SysGauge
CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...)
	- radare2 1.1.0+dfsg-3 (bug #856572)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	NOTE: https://github.com/radare/radare2/issues/6872
	NOTE: https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308
CVE-2017-6414 (Memory leak in the vcard_apdu_new function in card_7816.c in libcacard ...)
	- libcacard 1:2.5.0-3 (bug #856501)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka  ...)
	- libapache2-mod-auth-openidc 2.1.6-1
	[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
	NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could o ...)
	NOT-FOR-US: Sophos
CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devic ...)
	NOT-FOR-US: D-Link
CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 call ...)
	{DSA-3849-1 DLA-952-1}
	- kio 5.28.0-2 (bug #856889)
	- kde4libs 4:4.14.26-2 (bug #856890)
	NOTE: https://www.kde.org/info/security/advisory-20170228-1.txt
	NOTE: Patch for kio: https://commits.kde.org/kio/f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
	NOTE: Patch for kde4libs: https://commits.kde.org/kdelibs/1804c2fde7bf4e432c6cf5bb8cce5701c7010559
CVE-2017-6409 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6408 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6407 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6406 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6405 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6404 (An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup  ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6403 (An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup  ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6402 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6401 (An issue was discovered in Veritas NetBackup before 8.0 and NetBackup  ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6400 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6398 (An issue was discovered in Trend Micro InterScan Messaging Security (V ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerabilit ...)
	NOT-FOR-US: FlightAirMap
CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnera ...)
	NOT-FOR-US: WPO-Foundation WebPageTest
CVE-2017-6395 (An issue was discovered in HashOver 2.0. The vulnerability exists due  ...)
	NOT-FOR-US: HashOveer
CVE-2017-6394 (Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR  ...)
	NOT-FOR-US: OpenEMR
CVE-2017-6393 (An issue was discovered in NagVis 1.9b12. The vulnerability exists due ...)
	- nagvis <not-affected> (Vulnerable code introduced in nagvis-1.8.0)
	NOTE: https://github.com/NagVis/nagvis/issues/91
CVE-2017-6392 (An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerabil ...)
	NOT-FOR-US: Kaltura server
CVE-2017-6391 (An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerabil ...)
	NOT-FOR-US: Kaltura server
CVE-2017-6390 (An issue was discovered in whatanime.ga before c334dd8499a681587dd4199 ...)
	NOT-FOR-US: whatanime.ga
CVE-2017-6389
	RESERVED
CVE-2017-6388
	RESERVED
CVE-2017-6387 (The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 all ...)
	- radare2 1.1.0+dfsg-3 (bug #856574)
	[jessie] - radare2 <not-affected> (Vulnerable code not present)
	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb
	NOTE: https://github.com/radare/radare2/issues/6857
CVE-2017-6386 (Memory leak in the vrend_create_vertex_elements_state function in vren ...)
	- virglrenderer 0.6.0-2 (bug #858255; bug #872884)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920
CVE-2017-6385
	RESERVED
CVE-2017-6383
	REJECTED
CVE-2017-6382
	RESERVED
CVE-2017-6381 (A 3rd party development library including with Drupal 8 development de ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6380
	RESERVED
CVE-2017-6379 (Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6378
	RESERVED
CVE-2017-6377 (When adding a private file via the editor in Drupal 8.2.x before 8.2.7 ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6376
	RESERVED
CVE-2017-6375
	RESERVED
CVE-2017-6374
	RESERVED
CVE-2017-6373
	RESERVED
CVE-2017-6372
	RESERVED
CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...)
	NOT-FOR-US: Synchronet BBS
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...)
	NOT-FOR-US: TYPO3
CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...)
	{DSA-3824-1 DLA-879-1}
	- firebird2.5 <unfixed> (bug #858641)
	- firebird3.0 3.0.1.32609.ds4-14 (bug #858644)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-5474
	NOTE: Fixed by: https://github.com/FirebirdSQL/firebird/commit/8b2a9cb44bf6055e15f016d70a6842b8ada60375 (3.0)
	NOTE: https://github.com/FirebirdSQL/firebird/commit/9d9b9e0c94e201da489d1da81f858c570d3ca6ef (2.5)
	NOTE: https://github.com/FirebirdSQL/firebird/commit/a802126cd501f641f00d6cda12d5d9ee3ecda6f5 (2.5)
CVE-2017-6368
	RESERVED
CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Win ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2017-6366 (Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 rou ...)
	NOT-FOR-US: Netgear
CVE-2017-6365
	RESERVED
CVE-2017-6364
	RESERVED
CVE-2017-6363 (** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, t ...)
	- libgd2 2.3.0-1
	[buster] - libgd2 <no-dsa> (Minor issue)
	[stretch] - libgd2 <no-dsa> (Minor issue)
	[jessie] - libgd2 <ignored> (Minor issue)
	NOTE: https://github.com/libgd/libgd/commit/0be86e1926939a98afbd2f3a23c673dfc4df2a7c
	NOTE: https://github.com/libgd/libgd/commit/2dbd8f6e66b73ed43d9b81a45350922b80f75397
	NOTE: https://github.com/libgd/libgd/issues/383
CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 befo ...)
	{DSA-3961-1 DLA-1106-1}
	- libgd2 2.2.5-1
	NOTE: https://github.com/libgd/libgd/issues/381
	NOTE: https://github.com/libgd/libgd/commit/56ce6ef068b954ad28379e83cca04feefc51320c
CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbit ...)
	NOT-FOR-US: QNAP
CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administ ...)
	NOT-FOR-US: QNAP
CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administ ...)
	NOT-FOR-US: QNAP
CVE-2017-6358
	RESERVED
CVE-2017-6357
	RESERVED
CVE-2017-6356 (Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0  ...)
	NOT-FOR-US: Palo Alto Networks Terminal Services
CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the configuration use ...)
	- php7.1 <not-affected> (Fixed before initial upload to Debian)
	- php7.0 7.0.14-1
	- php5 <removed>
	[jessie] - php5 5.6.29+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (vulnerable code not present)
	NOTE: Fixed in 7.1.0, 7.0.14, 5.6.29
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=69090
CVE-2015-8993 (Malicious file execution vulnerability in Intel Security CloudAV (Beta ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8992 (Malicious file execution vulnerability in Intel Security WebAdvisor be ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8991 (Malicious file execution vulnerability in Intel Security McAfee Securi ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8990 (Detection bypass vulnerability in Intel Security Advanced Threat Defen ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8989 (Unsalted password vulnerability in the Enterprise Manager (web portal) ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8988 (Unquoted executable path vulnerability in Client Management and Gatewa ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8987 (Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in  ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8986 (Sandbox detection evasion vulnerability in hardware appliances in McAf ...)
	NOT-FOR-US: Intel antivirus
CVE-2014-9921 (Information disclosure vulnerability in McAfee (now Intel Security) Cl ...)
	NOT-FOR-US: Intel antivirus
CVE-2014-9920 (Unauthorized execution of binary vulnerability in McAfee (now Intel Se ...)
	NOT-FOR-US: Intel antivirus
CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ( ...)
	NOT-FOR-US: Intel antivirus
CVE-2013-7461 (A write protection and execution bypass vulnerability in McAfee (now I ...)
	NOT-FOR-US: Intel antivirus
CVE-2013-7460 (A write protection and execution bypass vulnerability in McAfee (now I ...)
	NOT-FOR-US: Intel antivirus
CVE-2017-6355 (Integer overflow in the vrend_create_shader function in vrend_renderer ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6 (0.6.0)
CVE-2017-6354
	RESERVED
CVE-2017-6352
	RESERVED
CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacture ...)
	NOT-FOR-US: WePresent WiPG-1500
CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
	{DLA-850-1}
	- vim 2:8.0.0197-3 (bug #856266)
	[jessie] - vim 2:7.4.488-7+deb8u3
	- neovim 0.1.7-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occu ...)
	{DLA-850-1}
	- vim 2:8.0.0197-3 (bug #856266)
	[jessie] - vim 2:7.4.488-7+deb8u3
	- neovim 0.1.7-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allow ...)
	NOT-FOR-US: Grails PDF plugin
CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware  ...)
	NOT-FOR-US: Dahua devices
CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Fir ...)
	NOT-FOR-US: Dahua devices
CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06 ...)
	NOT-FOR-US: Dahua devices
CVE-2017-6340 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 befor ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6339 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 befor ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6338 (Multiple Access Control issues in Trend Micro InterScan Web Security V ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6337
	RESERVED
CVE-2017-6336
	RESERVED
CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0. ...)
	NOT-FOR-US: NETGEAR
CVE-2017-6333
	RESERVED
CVE-2017-6332
	RESERVED
CVE-2017-6331 (Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter ...)
	NOT-FOR-US: Symantec
CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote atta ...)
	NOT-FOR-US: Symantec
CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a ...)
	NOT-FOR-US: Symantec
CVE-2017-6328 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an issu ...)
	NOT-FOR-US: Symantec
CVE-2017-6327 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an issu ...)
	NOT-FOR-US: Symantec
CVE-2017-6326 (The Symantec Messaging Gateway can encounter an issue of remote code e ...)
	NOT-FOR-US: Symantec
CVE-2017-6325 (The Symantec Messaging Gateway can encounter a file inclusion vulnerab ...)
	NOT-FOR-US: Symantec
CVE-2017-6324 (The Symantec Messaging Gateway, when processing a specific email attac ...)
	NOT-FOR-US: Symantec
CVE-2017-6323 (The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_H ...)
	NOT-FOR-US: Symantec
CVE-2017-6322
	RESERVED
CVE-2017-XXXX [scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)]
	- pax-utils 1.2.3-1 (unimportant; bug #856196)
	NOTE: https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/
	NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
	NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559
CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2
CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux kernel  ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788
CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Li ...)
	- linux 4.9.13-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.0)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
	NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel before 4. ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b
CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensure th ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
CVE-2017-6321
	RESERVED
CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load  ...)
	NOT-FOR-US: Barracuda
CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...)
	- radare2 1.1.0+dfsg-3 (bug #856579)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	NOTE: https://github.com/radare/radare2/issues/6836
	NOTE: https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431
CVE-2017-6318 (saned in sane-backends 1.0.25 allows remote attackers to obtain sensit ...)
	{DLA-940-1}
	- sane-backends 1.0.25-4 (low; bug #854804)
	[jessie] - sane-backends 1.0.24-8+deb8u2
	NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d
CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote  ...)
	NOT-FOR-US: Citrix
CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...)
	NOT-FOR-US: Astaro
CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1. ...)
	{DLA-1456-1}
	- graphicsmagick 1.3.25-8
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
CVE-2017-6317 (Memory leak in the add_shader_program function in vrend_renderer.c in  ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0)
CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...)
	{DLA-2043-1}
	- gdk-pixbuf 2.36.11-2 (low; bug #856448)
	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f
CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in gdk-p ...)
	{DLA-2043-1}
	- gdk-pixbuf 2.36.11-2 (low; bug #856445)
	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4
	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8
CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent at ...)
	{DLA-2043-1}
	- gdk-pixbuf 2.36.11-2 (low; bug #856444)
	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dec9ca22d70c0f0d4492333b4e8147afb038afd2
	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d
CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...)
	- gdk-pixbuf 2.36.10-1 (bug #858491; unimportant)
	[jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
	[wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Upload of gdk-pixbuf 2.36.5-3 to experimental added a new binary package containing
	NOTE: the thumbnailer.
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=57362ed4c1f37c05723e25e136327e262f32d35f
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=758655315bc3760c2d646e1e935f7448847073af
	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=67a02e1bfef1ae8f7fa50ca36f6d922c1b6d3ed6
CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ha ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
	NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/9c4015433ecd3177976f820f7aa524c7e64c7c92
	NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/c0b99164d14dcc61348a2ddffd47dfe31d087bad
CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type confusions hav ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer Overflo ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes have bee ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1}
	- libytnef 1.9.1-1
	[wheezy] - libytnef <not-affected> (vulnerable code not present)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does n ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM applicati ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster im ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6294 (In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6292 (In Android before the 2018-06-05 security patch level, NVIDIA TLZ Trus ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6291
	RESERVED
CVE-2017-6290 (In Android before the 2018-06-05 security patch level, NVIDIA TLK Trus ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted  ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6286 (NVIDIA libnvomx contains a possible out of bounds write due to a missi ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6285 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic R ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function wh ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an  ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6281 (NVIDIA libnvomx contains a possible out of bounds write due to a impro ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnera ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6278 (NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal  ...)
	NOT-FOR-US: NVIDIA Tegra
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver,  ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver,  ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader compo ...)
	NOT-FOR-US: NVIDIA ADSP Firmware
CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode  ...)
	[experimental] - nvidia-graphics-drivers 384.90-1
	- nvidia-graphics-drivers 384.98-2 (bug #876414)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6270 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6269 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6268 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode  ...)
	[experimental] - nvidia-graphics-drivers 384.90-1
	- nvidia-graphics-drivers 384.98-2 (bug #876414)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode  ...)
	[experimental] - nvidia-graphics-drivers 384.90-1
	- nvidia-graphics-drivers 384.98-2 (bug #876414)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6265
	RESERVED
CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU drive ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use afte ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use afte ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6261 (NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerabili ...)
	NOT-FOR-US: NVIDIA Vibrante Linux
CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode  ...)
	- nvidia-graphics-drivers 375.82-1 (bug #869783)
	[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Limited to E384 and E375)
CVE-2017-6258 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnera ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode  ...)
	- nvidia-graphics-drivers 375.82-1 (bug #869783)
	[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Limited to E384 and E375)
CVE-2017-6256 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6255 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6254 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6253 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helpe ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6246
	RESERVED
CVE-2017-6245
	RESERVED
CVE-2017-6244
	RESERVED
CVE-2017-6243
	RESERVED
CVE-2017-6242
	RESERVED
CVE-2017-6241
	RESERVED
CVE-2017-6240
	RESERVED
CVE-2017-6239
	RESERVED
CVE-2017-6238
	RESERVED
CVE-2017-6237
	RESERVED
CVE-2017-6236
	RESERVED
CVE-2017-6235
	RESERVED
CVE-2017-6234
	RESERVED
CVE-2017-6233
	RESERVED
CVE-2017-6232
	RESERVED
CVE-2017-6231
	RESERVED
CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...)
	NOT-FOR-US: Ruckus Networks firmware
CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...)
	NOT-FOR-US: Ruckus Networks firmware
CVE-2017-6228
	RESERVED
CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN product ...)
	NOT-FOR-US: Brocade
CVE-2017-6226
	RESERVED
CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Brocade
CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10 ...)
	NOT-FOR-US: Ruckus
CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD ...)
	NOT-FOR-US: Ruckus
CVE-2017-6222
	RESERVED
CVE-2017-6221
	RESERVED
CVE-2017-6220
	RESERVED
CVE-2017-6219
	RESERVED
CVE-2017-6218
	RESERVED
CVE-2017-6217 (paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XS ...)
	NOT-FOR-US: paypal/adaptivepayments-sdk-php
CVE-2017-6216 (novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a ref ...)
	NOT-FOR-US: novaksolutions/infusionsoft-php-sdk
CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the sampl ...)
	NOT-FOR-US: PayPal permissions-sdk-php
CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permi ...)
	NOT-FOR-US: PayPal invoice-sdk-php
CVE-2017-6212
	REJECTED
CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel bef ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8)
CVE-2017-6210 (The vrend_decode_reset function in vrend_decode.c in virglrenderer bef ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab (0.6.0)
CVE-2017-6209 (Stack-based buffer overflow in the parse_identifier function in tgsi_t ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27 (0.6.0)
CVE-2017-6208
	RESERVED
CVE-2017-6207
	REJECTED
CVE-2017-6206 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-15 ...)
	NOT-FOR-US: D-Link
CVE-2017-6205 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-15 ...)
	NOT-FOR-US: D-Link
CVE-2017-6204
	RESERVED
CVE-2017-6203
	RESERVED
CVE-2017-6202
	RESERVED
CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the install app  ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read any speci ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization restriction  ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the resource limit ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 all ...)
	{DLA-837-1}
	- radare2 1.1.0+dfsg-2 (bug #856063)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/6816
	NOTE: Fixed by: https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
	NOTE: Although the respective new versions were only introduced in 0.10.3
	NOTE: The NULL pointer dereferences are still triggerable, via the shown
	NOTE: vector and seen under valgrind. It might be disputable if that is the
	NOTE: same vulnerability though.
CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...)
	- ghostscript <not-affected> (Issue introduced later, cf. bug #856142)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
	NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blin ...)
	NOT-FOR-US: Ipswitch MOVEit Transfer
CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...)
	[experimental] - radare2 1.3.0+dfsg-1
	- radare2 1.1.0+dfsg-4 (bug #859448)
	[jessie] - radare2 <not-affected> (Vulnerable code not present)
	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git)
	NOTE: https://github.com/radare/radare2/issues/6829
CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to  ...)
	NOT-FOR-US: APNGDis
CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers t ...)
	NOT-FOR-US: APNGDis
CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to e ...)
	NOT-FOR-US: APNGDis
CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link D ...)
	NOT-FOR-US: D-Link
CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before 1.1 ...)
	NOT-FOR-US: Amazon Kindle
CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4 ...)
	NOT-FOR-US: DiskSavvy Enterprise
CVE-2017-6186 (Code injection vulnerability in Bitdefender Total Security 12.0 (and e ...)
	NOT-FOR-US: Bitdefender
CVE-2017-6185
	RESERVED
CVE-2017-6184 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...)
	NOT-FOR-US: Sophos
CVE-2017-6183 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...)
	NOT-FOR-US: Sophos
CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...)
	NOT-FOR-US: Sophos
CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka Oniguru ...)
	- ruby2.3 <not-affected> (Introduced in v2_4_0_rc1)
	- ruby2.1 <not-affected> (Introduced in v2_4_0_rc1)
	NOTE: Introduced by: https://github.com/ruby/ruby/commit/2873edeafb6f6df1fc99bb9b1167591b99dd378c
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/ea940cc4dcff8d6c345d7015eda0bf06671f87e9
	NOTE: https://bugs.ruby-lang.org/issues/13234
CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vuln ...)
	NOT-FOR-US: Keekoon KK002 devices
CVE-2017-6179
	RESERVED
CVE-2017-6178 (The IofCallDriver function in USBPcap 1.1.0.0 allows local users to ga ...)
	NOT-FOR-US: USBPcap
CVE-2017-6177
	REJECTED
CVE-2017-6176
	REJECTED
CVE-2017-6175
	REJECTED
CVE-2017-6174
	REJECTED
CVE-2017-6173
	REJECTED
CVE-2017-6172
	REJECTED
CVE-2017-6171
	REJECTED
CVE-2017-6170
	REJECTED
CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virt ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2  ...)
	NOT-FOR-US: F5 BIG-IP
	NOTE: https://support.f5.com/csp/article/K21905460
	NOTE: https://robotattack.org/
CVE-2017-6167 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PE ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6164 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM softwa ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controlle ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6158 (In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 th ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6156 (When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6153 (Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the  ...)
	NOT-FOR-US: F5 BIG-IQ Centralized Management
CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6149
	REJECTED
CVE-2017-6148 (Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6146
	REJECTED
CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Li ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Alloc ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6143 (X509 certificate verification was not correctly implemented in the IP  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6142 (X509 certificate verification was not correctly implemented in the ear ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSaf ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6139 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare condit ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6138 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...)
	NOT-FOR-US: F5
CVE-2017-6136 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6135 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6134 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6133 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6132 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6131 (In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0. ...)
	NOT-FOR-US: F5
CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulner ...)
	NOT-FOR-US: F5
CVE-2017-6129 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumsta ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6128 (An attacker may be able to cause a denial-of-service (DoS) attack agai ...)
	NOT-FOR-US: F5
CVE-2017-6188 (Munin before 2.999.6 has a local file write vulnerability when CGI gra ...)
	{DSA-3794-1 DLA-836-1}
	- munin 2.0.31-1 (bug #855705)
	NOTE: https://github.com/munin-monitoring/munin/issues/721
CVE-2017-6127 (Multiple cross-site request forgery (CSRF) vulnerabilities in the acce ...)
	NOT-FOR-US: DIGISOL DG-HR1400 Wireless Router
CVE-2017-6126
	RESERVED
CVE-2017-6125
	RESERVED
CVE-2017-6124
	RESERVED
CVE-2017-6123
	RESERVED
CVE-2017-6122
	RESERVED
CVE-2017-6121
	RESERVED
CVE-2017-6120
	RESERVED
CVE-2017-6119
	RESERVED
CVE-2017-6118
	RESERVED
CVE-2017-6117
	RESERVED
CVE-2017-6116
	RESERVED
CVE-2017-6115
	RESERVED
CVE-2017-6114
	RESERVED
CVE-2017-6113
	RESERVED
CVE-2017-6112
	RESERVED
CVE-2017-6111
	RESERVED
CVE-2017-6110
	RESERVED
CVE-2017-6109
	RESERVED
CVE-2017-6108
	RESERVED
CVE-2017-6107
	RESERVED
CVE-2017-6106
	RESERVED
CVE-2017-6105
	RESERVED
CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in saslserv/ ...)
	- atheme-services 7.2.9-1 (bug #855588)
	[jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not vulnerable)
	NOTE: 7.2.7 vulnerable, fixed in 7.2.8, but the fix introduced another DOS, fixed in 7.2.9
	NOTE: (Possibly) introduced in https://github.com/atheme/atheme/commit/8ac7aa8d007331ae694f099c288e27f911e8cad1 (v7.2.7)
CVE-2017-6101
	RESERVED
CVE-2017-6099 (Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in ...)
	NOT-FOR-US: PayPal PHP Merchant SDK
CVE-2017-6098 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6097 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6096 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6094 (CPEs used by subscribers on the access network receive their individua ...)
	NOT-FOR-US: Genexis GASP
CVE-2017-6093
	RESERVED
CVE-2017-6092
	RESERVED
CVE-2017-6091
	RESERVED
CVE-2017-6090 (Unrestricted file upload vulnerability in clients/editclient.php in Ph ...)
	NOT-FOR-US: PhpCollab
CVE-2017-6089 (SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remo ...)
	NOT-FOR-US: PhpCollab
CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0  ...)
	NOT-FOR-US: EyesOfNetwork
CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated user ...)
	NOT-FOR-US: EyesOfNetwork
CVE-2017-6086 (Multiple cross-site request forgery (CSRF) vulnerabilities in the addA ...)
	NOT-FOR-US: ViMbAdmin
CVE-2017-6085
	RESERVED
CVE-2017-6084
	RESERVED
CVE-2017-6083
	RESERVED
CVE-2017-6082
	RESERVED
CVE-2017-6081 (A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3 ...)
	- zammad <itp> (bug #841355)
CVE-2017-6080 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...)
	- zammad <itp> (bug #841355)
CVE-2017-6079 (The HTTP web-management application on Edgewater Networks Edgemarc app ...)
	NOT-FOR-US: Edgewater
CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause  ...)
	NOT-FOR-US: FastStone MaxView
CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 al ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and e ...)
	- glibc <unfixed> (low; bug #856503)
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19519
CVE-2016-10227 (Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote ...)
	NOT-FOR-US: Zyxel
CVE-2017-6076 (In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes i ...)
	- wolfssl 3.10.2+dfsg-1 (bug #856114)
	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable
	NOTE: https://github.com/wolfSSL/wolfssl/commit/345df93978c41da1ac8047a37f1fed5286883d8d
CVE-2017-6075
	RESERVED
CVE-2017-6074 (The dccp_rcv_state_process function in net/dccp/input.c in the Linux k ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
CVE-2017-6073
	RESERVED
CVE-2017-6072 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6071 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6070 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6069 (Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add an ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6068 (Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can crea ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6067 (Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom  ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-6066 (Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker ca ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6065 (SQL injection vulnerability in inc/lib/Control/Backend/menus.control.p ...)
	NOT-FOR-US: GenixCMS
CVE-2017-6064
	RESERVED
CVE-2017-6063
	RESERVED
CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview  ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP  ...)
	NOT-FOR-US: SAP
CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/18/1
CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ( ...)
	- qemu 1:2.8+dfsg-3 (bug #855616)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1423358
CVE-2017-6057
	RESERVED
CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3. ...)
	NOT-FOR-US: eParakstitajs and eParaksts Java lib
CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai  ...)
	NOT-FOR-US: Hyundai
CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral VTScada Versi ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...)
	NOT-FOR-US: Hyundai
CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech L ...)
	NOT-FOR-US: BLF-Tech LLC VisualView HMI
CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2. ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2017-6049 (Detcon Sitewatch Gateway, all versions without cellular, an attacker c ...)
	NOT-FOR-US: Detcon Sitewatch Gateway
CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data L ...)
	NOT-FOR-US: Satel Iberia SenNet Data Logger and Electricity Meters
CVE-2017-6047 (Detcon Sitewatch Gateway, all versions without cellular, Passwords are ...)
	NOT-FOR-US: Detcon Sitewatch Gateway
CVE-2017-6046 (An Insufficiently Protected Credentials issue was discovered in Sierra ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada Vers ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-6044 (An Improper Authorization issue was discovered in Sierra Wireless AirL ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral VTScada Versi ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-6042 (A Cross-Site Request Forgery issue was discovered in Sierra Wireless A ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6041 (An Unrestricted Upload issue was discovered in Marel Food Processing S ...)
	NOT-FOR-US: Marel
CVE-2017-6040 (An Information Exposure issue was discovered in Belden Hirschmann GECK ...)
	NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch
CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix Broadband ...)
	NOT-FOR-US: Phoenix
CVE-2017-6038 (A Cross-Site Request Forgery issue was discovered in Belden Hirschmann ...)
	NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch
CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologie ...)
	NOT-FOR-US: Wecon
CVE-2017-6036 (A Server-Side Request Forgery issue was discovered in Belden Hirschman ...)
	NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch
CVE-2017-6035 (A Stack-Based Buffer Overflow issue was discovered in Wecon Technologi ...)
	NOT-FOR-US: Wecon
CVE-2017-6034 (An Authentication Bypass by Capture-Replay issue was discovered in Sch ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6033 (A DLL Hijacking issue was discovered in Schneider Electric Interactive ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6032 (A Violation of Secure Design Principles issue was discovered in Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6031 (A Header Injection issue was discovered in Certec EDV GmbH atvise scad ...)
	NOT-FOR-US: Certec EDV GmbH atvise scada
CVE-2017-6030 (A Predictable Value Range from Previous Values issue was discovered in ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6029 (A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise  ...)
	NOT-FOR-US: Certec EDV GmbH atvise scada
CVE-2017-6028 (An Insufficiently Protected Credentials issue was discovered in Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6027 (An Arbitrary File Upload issue was discovered in 3S-Smart Software Sol ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server
CVE-2017-6026 (A Use of Insufficiently Random Values issue was discovered in Schneide ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6025 (A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solu ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server
CVE-2017-6024 (A Resource Exhaustion issue was discovered in Rockwell Automation Cont ...)
	NOT-FOR-US: Rockwell
CVE-2017-6023 (An issue was discovered in Fatek Automation PLC Ethernet Module. The a ...)
	NOT-FOR-US: Fatek
CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson and Co ...)
	NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 20 ...)
	NOT-FOR-US: Schneider
CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis S ...)
	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software
CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, model 865 ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6018 (An open redirect issue was discovered in B. Braun Medical SpaceCom mod ...)
	NOT-FOR-US: SpaceCom / SpaceStation
CVE-2017-6017 (A Resource Exhaustion issue was discovered in Schneider Electric Modic ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao Consult ...)
	NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA)
CVE-2017-6015 (Without quotation marks, any whitespace in the file path for Rockwell  ...)
	NOT-FOR-US: Rockwell
CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 cap ...)
	{DSA-3811-1 DLA-826-1}
	- wireshark 2.2.5+g440fd4d-2 (bug #855408)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
CVE-2017-6013 (Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the quer ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6012
	RESERVED
CVE-2017-6011 (An issue was discovered in icoutils 0.31.1. An out-of-bounds read lead ...)
	{DSA-3807-1 DLA-854-1}
	- icoutils 0.31.2-1 (bug #854054)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74
	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393
CVE-2017-6010 (An issue was discovered in icoutils 0.31.1. A buffer overflow was obse ...)
	{DSA-3807-1 DLA-854-1}
	- icoutils 0.31.2-1 (bug #854054)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74
	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393
CVE-2017-6009 (An issue was discovered in icoutils 0.31.1. A buffer overflow was obse ...)
	{DSA-3807-1 DLA-854-1}
	- icoutils 0.31.2-1 (bug #854050)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e
	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256407
CVE-2017-6008 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRig ...)
	NOT-FOR-US: Sophos
CVE-2017-6007 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRig ...)
	NOT-FOR-US: Sophos
CVE-2017-6006
	REJECTED
CVE-2017-6005 (Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Wi ...)
	NOT-FOR-US: Waves MaxxAudio
CVE-2017-6004 (The compile_bracket_matchingpath function in pcre_jit_compile.c in PCR ...)
	- pcre3 2:8.39-2.1 (bug #855405)
	[jessie] - pcre3 <not-affected> (Vulnerable code introduced later)
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2035
CVE-2017-6003 (dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_languag ...)
	NOT-FOR-US: dotCMS
CVE-2017-6002 (Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add ...)
	NOT-FOR-US: Subrion CMS
CVE-2014-9919 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the f ...)
	NOT-FOR-US: Bilboplanet
CVE-2014-9918 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the u ...)
	NOT-FOR-US: Bilboplanet
CVE-2014-9917 (An issue was discovered in Bilboplanet 2.0. There is a stored XSS vuln ...)
	NOT-FOR-US: Bilboplanet
CVE-2014-9916 (Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 ...)
	NOT-FOR-US: Bilboplanet
CVE-2017-6001 (Race condition in kernel/events/core.c in the Linux kernel before 4.9. ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.10-1
	NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290
CVE-2017-6000
	REJECTED
CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an algorit ...)
	NOT-FOR-US: sysPass
CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE E ...)
	NOT-FOR-US: InterSect Alliance SNARE Epilog
CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remo ...)
	NOT-FOR-US: SAP Message Server
CVE-2017-5996 (The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before ...)
	NOT-FOR-US: Bomgar Remote Support
CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2. ...)
	NOT-FOR-US: NetApp ONTAP Select Deploy administration utility
CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a  ...)
	{DLA-1493-1}
	- xen 4.8.1-1 (bug #856229)
	[wheezy] - xen <no-dsa> (Minor issue)
	NOTE: https://xenbits.xen.org/xsa/advisory-207.html
CVE-2017-XXXX [XSA-206: xenstore denial of service via repeated update]
	- xen 4.8.1-1 (bug #860565)
	[jessie] - xen 4.4.4lts1-0+deb8u1
	[wheezy] - xen <ignored> (Too intrusive to backport)
	NOTE: https://xenbits.xen.org/xsa/advisory-206.html
CVE-2017-5994 (Heap-based buffer overflow in the vrend_create_vertex_elements_state f ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422452
CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blit ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438
CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5 ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-4 (low)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The vulner ...)
	NOT-FOR-US: PhreeBooksERP
CVE-2017-5989
	RESERVED
CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enab ...)
	NOT-FOR-US: NetApp
CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-3 (bug #855159)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.10-1
	NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90
CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-u ...)
	- lxc 1:2.0.7-2 (bug #857295)
	[jessie] - lxc 1:1.0.6-6+deb8u6
	[wheezy] - lxc <not-affected> (vulnerable code not present)
	NOTE: https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html
	NOTE: https://launchpad.net/bugs/1654676
	NOTE: master: https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
	NOTE: stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3
	NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec
CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a h ...)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code introduced later)
	- ffmpeg <not-affected> (ffmpeg not affected)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1019
	NOTE: https://patches.libav.org/patch/62534/
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...)
	NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
	- kodi <unfixed> (bug #855225)
	[buster] - kodi <ignored> (Minor issue)
	[stretch] - kodi <ignored> (Minor issue)
	[jessie] - kodi <ignored> (Minor issue)
	- xbmc <removed> (bug #861274)
	[jessie] - xbmc <ignored> (Minor issue)
	[wheezy] - xbmc <ignored> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Feb/27
	NOTE: http://trac.kodi.tv/ticket/17314
	NOTE: https://lists.debian.org/debian-lts/2017/04/msg00025.html
	NOTE: https://lists.debian.org/debian-lts/2017/04/msg00055.html (and followups)
	NOTE: https://lists.debian.org/debian-lts/2017/05/msg00006.html
CVE-2017-5681 (The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) E ...)
	NOT-FOR-US: Intel QuickAssist Technology (QAT) Engine
CVE-2017-6056 (It was discovered that a programming error in the processing of HTTPS  ...)
	{DSA-3788-1 DSA-3787-1 DLA-823-1}
	- tomcat8 8.0.21-2 (bug #851304)
	- tomcat7 7.0.72-3 (bug #854551)
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57544
CVE-2017-5981 (seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial o ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/
CVE-2017-5980 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/
CVE-2017-5979 (The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remot ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/
CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.6 ...)
	{DSA-3878-1}
	- zziplib 0.13.62-3.1 (bug #864150; bug #854727)
	[jessie] - zziplib <ignored> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block function  ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
CVE-2017-5975 (Heap-based buffer overflow in the __zzip_get64 function in fetch.c in  ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/
	NOTE: https://github.com/gdraheim/zziplib/commit/33d6e9c52fcf1a8983896a512033994dc2ca5734 (v0.13.63)
	NOTE: https://github.com/gdraheim/zziplib/commit/64e745f8a3604ba1c444febed86b5e142ce03dd7 (v0.13.63)
CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in fetch.c in  ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ...)
	{DLA-1497-1 DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (bug #855611)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/13/11
CVE-2017-5972 (The TCP stack in the Linux kernel 3.x does not properly implement a SY ...)
	- linux 4.4.2-1
	[jessie] - linux <ignored> (Known perfomance limitation)
	[wheezy] - linux <no-dsa> (Known perfomance limitation)
CVE-2016-10225 (The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and ...)
	NOT-FOR-US: sunxi-debug driver in Allwinner kernel
CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application use ...)
	NOT-FOR-US: Sauter NovaWeb
CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerabilit ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-5971 (SQL injection vulnerability in NewsBee CMS allow remote attackers to e ...)
	NOT-FOR-US: NewsBee CMS
CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Lin ...)
	{DSA-3791-1 DLA-922-1}
	- linux 4.9.10-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277 (v2.6.35-rc1)
CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote ...)
	- libxml2 2.9.4+dfsg1-5.1 (bug #855001)
	[stretch] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
	[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
	[wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
	NOTE: Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882
CVE-2017-5968
	RESERVED
CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIME ...)
	- linux 4.9.13-1 (low)
CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...)
	NOT-FOR-US: Sitecore
CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authe ...)
	NOT-FOR-US: Sitecore
CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ex ...)
	NOT-FOR-US: Emoncms
CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulner ...)
	NOT-FOR-US: TYPO3 extension
CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. Th ...)
	NOT-FOR-US: TYPO3 extension
CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability exi ...)
	NOT-FOR-US: ionize
CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerabilit ...)
	NOT-FOR-US: Phalcon Eye
CVE-2017-5959 (CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation  ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5958
	RESERVED
CVE-2017-5957 (Stack-based buffer overflow in the vrend_decode_set_framebuffer_state  ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126
CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073
	NOTE: The original fix opens a memory leak: http://www.openwall.com/lists/oss-security/2017/02/24/2
	NOTE: Additional patch required: https://bugzilla.suse.com/attachment.cgi?id=715395
CVE-2017-5955
	RESERVED
CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0 for Node. ...)
	NOT-FOR-US: serialize-to-js Node package
CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree l ...)
	{DSA-3786-1 DLA-822-1}
	- vim 2:8.0.0197-2 (bug #854969)
	- neovim 0.1.7-4
	NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
CVE-2017-5952
	RESERVED
CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Softw ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859696)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
	NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
	- yaml-cpp 0.6.3-1 (low; bug #859891)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <no-dsa> (Minor issue)
	[wheezy] - yaml-cpp <no-dsa> (Minor issue)
	- yaml-cpp0.3 <removed> (low; bug #859892)
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/459
	NOTE: possible fix: https://github.com/jbeder/yaml-cpp/pull/489
CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview  ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Oxyge ...)
	NOT-FOR-US: OnePlus One
CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices wit ...)
	NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS
CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...)
	{DSA-3801-1 DLA-846-1}
	- ruby-zip 1.2.0-1.1 (bug #856269)
	- libzip-ruby <removed>
	NOTE: https://github.com/rubyzip/rubyzip/issues/315
CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
	NOT-FOR-US: Moodle plugin
CVE-2017-5944 (The dashboard subscription interface in Request Tracker (RT) 4.x befor ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in  ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. Mu ...)
	- mupdf <not-affected> (Vulnerable code not yet present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400
CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Soft ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859694)
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450
CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. Ghos ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859666)
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453
CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...)
	- ghostscript <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
	NOTE: Introduced by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444
CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...)
	- ghostscript 9.20~dfsg-3.1 (bug #859662)
	[jessie] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
	[wheezy] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456
CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The  ...)
	NOT-FOR-US: IT ITems DataBase
CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder befor ...)
	NOT-FOR-US: Fastspot BigTree bigtree-form-builder
CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for Node.j ...)
	NOT-FOR-US: node-serialize
CVE-2017-5939
	RESERVED
CVE-2017-5936 (OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pair ...)
	NOT-FOR-US: Nova-LXD
CVE-2017-5937 (The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d ...)
	- virglrenderer 0.6.0-1 (bug #854728)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246
CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in virglrend ...)
	- virglrenderer 0.6.0-1 (bug #854728)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
CVE-2017-5935
	RESERVED
CVE-2017-5934 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...)
	{DSA-4318-1 DLA-1546-1}
	- moin 1.9.9-1+deb9u1 (bug #910776)
	NOTE: https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11 ...)
	NOT-FOR-US: Citrix
CVE-2016-10213 (A10 AX1030 and possibly other devices with software before 2.7.2-P8 us ...)
	NOT-FOR-US: A10
CVE-2016-10212 (Radware devices use the same value for the first two GCM nonces, which ...)
	NOT-FOR-US: Radware devices
CVE-2017-5932 (The path autocompletion feature in Bash 4.4 allows local users to gain ...)
	- bash 4.4-3
	[jessie] - bash <not-affected> (Introduced in 4.4)
	[wheezy] - bash <not-affected> (Introduced in 4.4)
	NOTE: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
	NOTE: Fix http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
CVE-2017-5931 (Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emula ...)
	- qemu 1:2.8+dfsg-3 (bug #854730)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote  ...)
	- postfixadmin 3.0.2-1 (bug #854742)
	[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
	[wheezy] - postfixadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affectin ...)
	{DLA-888-1}
	- logback 1:1.1.9-3 (bug #857343)
	[jessie] - logback 1:1.1.2-1+deb8u1
	NOTE: https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
	NOTE: https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9
	NOTE: https://github.com/qos-ch/logback/commit/7fbea6127fa98fc48368ca5e8540eefe0e60cec5
	NOTE: https://github.com/qos-ch/logback/commit/3b4f605454534b304770eeee3cb343521fcd6968
	NOTE: Information asked about complete patchset to fix CVE-2017-5929: http://mailman.qos.ch/pipermail/logback-user/2017-March/004875.html
CVE-2017-5928 (The W3C High Resolution Time API, as implemented in various web browse ...)
	NOT-FOR-US: Design limitation of W3C High Resolution Time API
CVE-2017-5927 (Page table walks conducted by the MMU during virtual to physical addre ...)
	NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5926 (Page table walks conducted by the MMU during virtual to physical addre ...)
	NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical addre ...)
	NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/593
CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/597
CVE-2017-5922
	RESERVED
CVE-2017-5921
	RESERVED
CVE-2017-5920
	RESERVED
CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/575
CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denia ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/576
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in li ...)
	{DSA-4360-1 DLA-1600-1 DLA-1006-1}
	- libarchive 3.2.2-3.1 (low; bug #859456)
	NOTE: https://github.com/libarchive/libarchive/issues/842
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ce ...)
	NOT-FOR-US: 21st Century Insurance app for iOS
CVE-2017-5918 (The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.50 ...)
	NOT-FOR-US: Banco de Costa Rica BCR Movil app for iOS
CVE-2017-5917
	REJECTED
CVE-2017-5916 (The America's First Federal Credit Union (FCU) Mobile Banking app 3.1. ...)
	NOT-FOR-US: America's First Federal Credit Union (FCU) Mobile Banking app
CVE-2017-5915 (The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10 ...)
	NOT-FOR-US: Emirates NBD Bank P.J.S.C Emirates NBD KSA app
CVE-2017-5914 (The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certif ...)
	NOT-FOR-US: DOT IT Banque Zitouna app
CVE-2017-5913 (The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 ...)
	NOT-FOR-US: TradeKing Forex for iPhone app
CVE-2017-5912 (The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS ...)
	NOT-FOR-US: FOREX.com FOREXTrader for iPhone app
CVE-2017-5911 (The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS d ...)
	NOT-FOR-US: Banco Santander Mexico SA Supermovil app
CVE-2017-5910
	RESERVED
CVE-2017-5909 (The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS ...)
	NOT-FOR-US: Electronic Funds Source (EFS) Mobile Driver Source app
CVE-2017-5908
	REJECTED
CVE-2017-5907 (The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 ...)
	NOT-FOR-US: Great Southern Bank Great Southern Mobile Banking app
CVE-2017-5906 (The Everyday Health Diabetes in Check: Blood Glucose &amp; Carb Tracke ...)
	NOT-FOR-US: Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app
CVE-2017-5905 (The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certifi ...)
	NOT-FOR-US: Dollar Bank Mobile app
CVE-2017-5904
	RESERVED
CVE-2017-5903
	RESERVED
CVE-2017-5902 (The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates fr ...)
	NOT-FOR-US: PayQuicker app
CVE-2017-5901 (The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not ...)
	NOT-FOR-US: State Bank of India State Bank Anywhere app
CVE-2017-5900 (Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 rout ...)
	NOT-FOR-US: NetComm
CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in fitz ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-3 (bug #854734)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
	NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
	NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/10/1
CVE-2017-5895
	RESERVED
CVE-2017-5894
	RESERVED
CVE-2017-5893
	RESERVED
CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 al ...)
	NOT-FOR-US: ASUS
CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ha ...)
	NOT-FOR-US: ASUS
CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in usb/dev-s ...)
	{DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (bug #854729)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1419699
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
CVE-2017-5897 (The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allo ...)
	{DSA-3791-1}
	- linux 4.9.13-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/c12b395a46646bab69089ce7016ac78177f6001f (3.7-rc1)
CVE-2017-5890
	RESERVED
CVE-2017-5889
	RESERVED
CVE-2017-5888
	RESERVED
CVE-2017-5887 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypas ...)
	NOT-FOR-US: Starscream
CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message an ...)
	{DLA-831-1}
	- gtk-vnc 0.6.0-3 (bug #854450)
	[jessie] - gtk-vnc <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2017/02/05/5
CVE-2017-5884 (gtk-vnc before 0.7.0 does not properly check boundaries of subrectangl ...)
	{DLA-831-1}
	- gtk-vnc 0.6.0-3 (bug #854450)
	[jessie] - gtk-vnc <no-dsa> (Minor issue)
	NOTE: Scope of the CVE is all of https://bugzilla.gnome.org/show_bug.cgi?id=778048#c1
	NOTE: http://openwall.com/lists/oss-security/2017/02/05/5
CVE-2017-5883
	RESERVED
CVE-2017-5882 (Cross-site scripting (XSS) vulnerability in index.asp in SANADATA Sana ...)
	NOT-FOR-US: SanaCMS
CVE-2017-5881 (GOM Player 2.3.10.5266 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: GOM Player
CVE-2017-5880 (Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x bef ...)
	NOT-FOR-US: Splunk
CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL inj ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restric ...)
	NOT-FOR-US: AMF unmarshallers in Red5 Media Server
CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial  ...)
	- tigervnc 1.7.0-1
	NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1023012
CVE-2016-10200 (Race condition in the L2TPv3 IP Encapsulation feature in the Linux ker ...)
	{DLA-922-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/32c231164b762dddefa13af5a0101032c70b50ef (v4.9-rc7)
CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in l ...)
	{DSA-3784-1 DLA-820-1}
	- viewvc 1.1.26-1 (bug #854681)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
	NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows rem ...)
	- openpyxl 2.3.0-3 (bug #854442)
	[jessie] - openpyxl <not-affected> (vulnerable code not present)
	[wheezy] - openpyxl <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/5
	NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749
	NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication  ...)
	- libapache2-mod-auth-openidc 2.1.5-1
	[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka  ...)
	- libapache2-mod-auth-openidc 2.1.5-1
	[jessie] - libapache2-mod-auth-openidc <not-affected> (support for OIDCUnAuthAction added in 1.8.5rc1)
	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/222
CVE-2017-XXXX [irssi memory leak]
	- irssi 1.0.1-1 (bug #855108)
	[jessie] - irssi <not-affected> (support for sasl not present)
	[wheezy] - irssi <not-affected> (support for sasl not present)
	NOTE: Patch: https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
CVE-2017-XXXX [irssi missing null terminator]
	- irssi 1.0.1-1 (unimportant)
	NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows r ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows remo ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...)
	{DLA-1200-1}
	- linux 4.9.10-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1)
CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken f ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #854604)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837
CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack aga ...)
	NOT-FOR-US: dotCMS
CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack aga ...)
	NOT-FOR-US: dotCMS
CVE-2017-5875 (XSS was discovered in dotCMS 3.7.0, with an authenticated attack again ...)
	NOT-FOR-US: dotCMS
CVE-2017-5874 (CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_ ...)
	NOT-FOR-US: D-Link
CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service in Uni ...)
	NOT-FOR-US: Unisys
CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...)
	NOT-FOR-US: Unisys ClearPath
CVE-2017-5871 (Odoo Version &lt;= 8.0-20160726 and Version 9 is affected by: CWE-601: ...)
	NOT-FOR-US: Odoo
CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...)
	NOT-FOR-US: ViMbAdmin
CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo  ...)
	NOT-FOR-US: Nuxeo
CVE-2017-5868 (CRLF injection vulnerability in the web interface in OpenVPN Access Se ...)
	NOT-FOR-US: OpenVPN Access Server
CVE-2017-5867 (ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, ...)
	- owncloud <removed>
CVE-2017-5866 (The autocomplete feature in the E-Mail share dialog in ownCloud Server ...)
	- owncloud <removed>
CVE-2017-5865 (The password reset functionality in ownCloud Server before 8.1.11, 8.2 ...)
	- owncloud <removed>
CVE-2017-5864 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5862
	RESERVED
CVE-2017-5861
	REJECTED
CVE-2017-5860
	RESERVED
CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vu ...)
	NOT-FOR-US: Cambium Networks cnPilot
CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	NOT-FOR-US: converse.js
CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attackers t ...)
	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <no-dsa> (pointers are not incorrectly freed and non-string key nodes are officially allowed)
	NOTE: https://github.com/libimobiledevice/libplist/issues/86
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory a ...)
	{DLA-2168-1 DLA-840-1}
	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
	NOTE: https://github.com/libimobiledevice/libplist/issues/88
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers  ...)
	{DLA-2168-1 DLA-840-1}
	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
	NOTE: https://github.com/libimobiledevice/libplist/issues/89
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass Poli ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass Po ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5827 (A reflected cross site scripting vulnerability in HPE Aruba ClearPass  ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5826 (An authenticated remote code execution vulnerability in HPE Aruba Clea ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5825 (A privilege escalation vulnerability in HPE Aruba ClearPass Policy Man ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5824 (An unauthenticated remote code execution vulnerability in HPE Aruba Cl ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5823 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5822 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5821 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5820 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5819 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5818 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5817 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network Automation ...)
	NOT-FOR-US: HPE
CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network Automatio ...)
	NOT-FOR-US: HPE
CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE Network Autom ...)
	NOT-FOR-US: HPE
CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation versio ...)
	NOT-FOR-US: HPE
CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation version ...)
	NOT-FOR-US: HPE
CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector  ...)
	NOT-FOR-US: HPE
CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector  ...)
	NOT-FOR-US: HPE
CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector  ...)
	NOT-FOR-US: HPE
CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5804 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5803 (A Remote Disclosure of Information vulnerability in HPE NonStop Server ...)
	NOT-FOR-US: HPE NonStop Servers
CVE-2017-5802 (A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics ...)
	NOT-FOR-US: HPE Vertica Analytics Platform
CVE-2017-5801 (A Remote Unauthorized Access to Data vulnerability in HPE Business Pro ...)
	NOT-FOR-US: HPE Business Process Monitor
CVE-2017-5800 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Br ...)
	NOT-FOR-US: HPE Operations Bridge Analytics
CVE-2017-5799 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ( ...)
	NOT-FOR-US: HPE OpenCall Media Platform
CVE-2017-5798 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ( ...)
	NOT-FOR-US: HPE OpenCall Media Platform
CVE-2017-5797 (A Remote Unauthenticated Disclosure of Information vulnerability in HP ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5796 (A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 S ...)
	NOT-FOR-US: HPE 2620 Series Network Switches
CVE-2017-5795 (A Local Arbitrary File Download vulnerability in HPE Intelligent Manag ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5794 (A Remote Arbitrary File Download vulnerability in HPE Intelligent Mana ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5793 (A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Man ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5792 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5791 (The doFilter method in UrlAccessController in HPE Intelligent Manageme ...)
	NOT-FOR-US: HPE Intelligent Management Center
	NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
CVE-2017-5790 (A remote deserialization of untrusted data vulnerability in HPE Intell ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5789 (HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before  ...)
	NOT-FOR-US: HPE LoadRunner
	NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
CVE-2017-5788 (A Local Disclosure of Sensitive Information vulnerability in HPE NonSt ...)
	NOT-FOR-US: HPE NonStop Software Essentials
CVE-2017-5787 (A remote denial of service vulnerability in HPE Version Control Reposi ...)
	NOT-FOR-US: HPE Version Control Manager
CVE-2017-5786 (A local Unauthorized Data Modification vulnerability in HPE OfficeConn ...)
	NOT-FOR-US: HPE OfficeConnect Network Switches
CVE-2017-5785 (A remote information disclosure vulnerability in HPE Matrix Operating  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5784 (A missing HSTS Header vulnerability in HPE Matrix Operating Environmen ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5783 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5782 (A missing HSTS Header vulnerability in HPE Matrix Operating Environmen ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version v7.6  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5779
	RESERVED
CVE-2017-5778
	RESERVED
CVE-2017-5777
	RESERVED
CVE-2017-5776
	RESERVED
CVE-2017-5775
	RESERVED
CVE-2017-5774
	RESERVED
CVE-2017-5773
	RESERVED
CVE-2017-5772
	RESERVED
CVE-2017-5771
	RESERVED
CVE-2017-5770
	RESERVED
CVE-2017-5769
	RESERVED
CVE-2017-5768
	RESERVED
CVE-2017-5767
	RESERVED
CVE-2017-5766
	RESERVED
CVE-2017-5765
	RESERVED
CVE-2017-5764
	RESERVED
CVE-2017-5763
	RESERVED
CVE-2017-5762
	RESERVED
CVE-2017-5761
	RESERVED
CVE-2017-5760
	RESERVED
CVE-2017-5759
	RESERVED
CVE-2017-5758
	RESERVED
CVE-2017-5757
	RESERVED
CVE-2017-5756
	RESERVED
CVE-2017-5755
	RESERVED
CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and indir ...)
	{DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1}
	- linux 4.14.12-1
	- nvidia-graphics-drivers 384.111-1 (bug #886852)
	[stretch] - nvidia-graphics-drivers 384.111-4~deb9u1
	[jessie] - nvidia-graphics-drivers 340.106-1
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.106-1
	[stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	- linux-grsec <removed>
	- xen 4.11.1~pre+1.733450b39b-1
	[stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4
	[jessie] - xen <ignored> (Too intrusive to backport)
	NOTE: https://meltdownattack.com/
	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
	NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
	NOTE: Paper: https://meltdownattack.com/meltdown.pdf
	NOTE: https://01.org/security/advisories/intel-oss-10003
CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and branc ...)
	{DSA-4188-1 DSA-4187-1 DLA-1731-1 DLA-1423-1 DLA-1422-1}
	- linux 4.15.11-1
	- nvidia-graphics-drivers 384.111-1 (bug #886852)
	[stretch] - nvidia-graphics-drivers 384.111-4~deb9u1
	[jessie] - nvidia-graphics-drivers 340.106-1
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.106-1
	[stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	- linux-grsec <removed>
	NOTE: https://spectreattack.com/
	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
	NOTE: Paper: https://spectreattack.com/spectre.pdf
	NOTE: https://01.org/security/advisories/intel-oss-10002
CVE-2017-5752
	RESERVED
CVE-2017-5751
	RESERVED
CVE-2017-5750
	RESERVED
CVE-2017-5749
	RESERVED
CVE-2017-5748
	RESERVED
CVE-2017-5747
	RESERVED
CVE-2017-5746
	RESERVED
CVE-2017-5745
	RESERVED
CVE-2017-5744
	RESERVED
CVE-2017-5743
	RESERVED
CVE-2017-5742
	RESERVED
CVE-2017-5741
	RESERVED
CVE-2017-5740
	RESERVED
CVE-2017-5739
	RESERVED
CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel Unite  ...)
	NOT-FOR-US: Intel Unite App
CVE-2017-5737
	RESERVED
CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform  ...)
	NOT-FOR-US: Intel
CVE-2017-5735
	REJECTED
CVE-2017-5734
	REJECTED
CVE-2017-5733
	REJECTED
CVE-2017-5732
	REJECTED
CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allow an  ...)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
CVE-2017-5730
	RESERVED
CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and T ...)
	NOT-FOR-US: Intel
CVE-2017-5728
	RESERVED
CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 1 ...)
	NOT-FOR-US: Intel
CVE-2017-5726
	RESERVED
CVE-2017-5725
	RESERVED
CVE-2017-5724
	RESERVED
CVE-2017-5723
	RESERVED
CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, N ...)
	NOT-FOR-US: Intel
CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK,  ...)
	NOT-FOR-US: Intel
CVE-2017-5720
	RESERVED
CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...)
	NOT-FOR-US: Intel
CVE-2017-5718
	RESERVED
CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics Dr ...)
	NOT-FOR-US: Intel graphics driver
CVE-2017-5716
	REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...)
	{DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
	- linux 4.15.11-1
	- intel-microcode 3.20180425.1
	[stretch] - intel-microcode 3.20180425.1~deb9u1
	[jessie] - intel-microcode 3.20180425.1~deb8u1
	- amd64-microcode 3.20180515.1
	[stretch] - amd64-microcode <no-dsa> (Can be fixed via point release)
	NOTE: https://spectreattack.com/
	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
	NOTE: Paper: https://spectreattack.com/spectre.pdf
	NOTE: https://www.suse.com/de-de/support/kb/doc/?id=7022512
	NOTE: https://www.suse.com/support/update/announcement/2018/suse-su-20180009-1/
	NOTE: For the required microcode updates in advance:
	NOTE: intel-microcode: https://bugs.debian.org/886367
	NOTE: intel-microcode: Some microcode updates to partially adress CVE-2017-5715 included in 3.20171215.1
	NOTE: Further updates in 3.20180312.1
	NOTE: amd64-microcode: https://bugs.debian.org/886382
	NOTE: amd64-microcode updates in 3.20180515.1
	- qemu 1:2.12~rc3+dfsg-1 (bug #886532)
	- qemu-kvm <removed>
	NOTE: Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html
	NOTE: to pass thorugh new MSR and CPUID flags from the host VM to the CPU, to
	NOTE: allow (future) enabling/disabling ranch prediction features in the Intel
	NOTE: CPU.
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	- nvidia-graphics-drivers 384.111-1 (bug #886852)
	[stretch] - nvidia-graphics-drivers 384.111-4~deb9u1
	[jessie] - nvidia-graphics-drivers 340.106-1
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.106-1
	[stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	- linux-grsec <removed>
	- xen 4.11.1~pre+1.733450b39b-1
	[jessie] - xen <ignored> (Too intrusive to backport)
CVE-2017-5714
	RESERVED
CVE-2017-5713
	RESERVED
CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel Managea ...)
	NOT-FOR-US: Intel
CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in Int ...)
	NOT-FOR-US: Intel
CVE-2017-5710 (Multiple privilege escalations in kernel in Intel Trusted Execution En ...)
	NOT-FOR-US: Intel
CVE-2017-5709 (Multiple privilege escalations in kernel in Intel Server Platform Serv ...)
	NOT-FOR-US: Intel
CVE-2017-5708 (Multiple privilege escalations in kernel in Intel Manageability Engine ...)
	NOT-FOR-US: Intel
CVE-2017-5707 (Multiple buffer overflows in kernel in Intel Trusted Execution Engine  ...)
	NOT-FOR-US: Intel
CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Services  ...)
	NOT-FOR-US: Intel
CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine Firm ...)
	NOT-FOR-US: Intel
CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core Process ...)
	NOT-FOR-US: Intel
CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel platfo ...)
	NOT-FOR-US: Intel
CVE-2017-5702
	RESERVED
CVE-2017-5701 (Insecure platform configuration in system firmware for Intel NUC7i3BNK ...)
	NOT-FOR-US: Intel
CVE-2017-5700 (Insufficient protection of password storage in system firmware for Int ...)
	NOT-FOR-US: Intel
CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions prior  ...)
	NOT-FOR-US: Intel MinnowBoard 3 Firmware
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html
CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and  ...)
	NOT-FOR-US: Intel
CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of Inte ...)
	NOT-FOR-US: Intel
CVE-2017-5696 (Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, a ...)
	NOT-FOR-US: Intel
CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State Drive C ...)
	NOT-FOR-US: Intel
CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Drive P ...)
	NOT-FOR-US: Intel
CVE-2017-5693 (Firmware in the Intel Puma 5, 6, and 7 Series might experience resourc ...)
	NOT-FOR-US: Intel Puma
CVE-2017-5692 (Out-of-bounds read condition in older versions of some Intel Graphics  ...)
	NOT-FOR-US: Intel Graphics Driver for Windows
CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel  ...)
	NOT-FOR-US: Intel CPUs
CVE-2017-5690
	RESERVED
CVE-2017-5689 (An unprivileged network attacker could gain system privileges to provi ...)
	NOT-FOR-US: Intel AMT
CVE-2017-5688 (There is an escalation of privilege vulnerability in the Intel Solid S ...)
	NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2017-5687
	RESERVED
CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...)
	NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...)
	NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5684 (The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core pr ...)
	NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Acc ...)
	NOT-FOR-US: Intel Hardware Accelerated Execution Manager
CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, In ...)
	NOT-FOR-US: Intel PSET
CVE-2017-5680
	RESERVED
CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6-beta  ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/332
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/318
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/317
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...)
	{DSA-3818-1 DLA-2164-1 DLA-830-1}
	- gst-plugins-bad1.0 1.10.4-1 (low)
	- gst-plugins-bad0.10 <unfixed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
	NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gs ...)
	{DSA-3821-1 DLA-2226-1 DLA-829-1}
	- gst-plugins-ugly1.0 1.10.4-1 (low)
	- gst-plugins-ugly0.10 <removed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
	NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gs ...)
	{DSA-3821-1 DLA-2226-1 DLA-829-1}
	- gst-plugins-ugly1.0 1.10.3-1 (low)
	- gst-plugins-ugly0.10 <removed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
	{DSA-3819-1 DLA-2126-1 DLA-827-1}
	- gst-plugins-base1.0 1.10.3-1 (low)
	- gst-plugins-base0.10 <removed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...)
	{DSA-3818-1 DLA-2164-1 DLA-830-1}
	- gst-plugins-bad1.0 1.10.3-1
	- gst-plugins-bad0.10 <unfixed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...)
	{DSA-3819-1}
	- gst-plugins-base1.0 1.10.3-1
	- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plug ...)
	{DSA-3820-1 DLA-2225-1 DLA-828-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <removed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
CVE-2017-5839 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
	{DSA-3819-1}
	- gst-plugins-base1.0 1.10.3-1
	- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in gst/gstdatetime. ...)
	{DSA-3822-1}
	- gstreamer1.0 1.10.3-1 (low)
	- gstreamer0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
	{DSA-3819-1 DLA-2126-1 DLA-827-1}
	- gst-plugins-base1.0 1.10.3-1 (low)
	- gst-plugins-base0.10 <removed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...)
	{DSA-3820-1 DLA-2225-1 DLA-828-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <removed> (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
	- iio-sensor-proxy 2.0-4 (bug #853951)
CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0. ...)
	- ffmpeg 7:3.2.2-1
	- libav <not-affected> (Vulnerable code not present in libav, only in ffmpeg)
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2 ...)
	{DLA-1611-1}
	- ffmpeg 7:3.2.2-1
	- libav <removed>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8. ...)
	{DLA-1611-1}
	- ffmpeg 7:3.2.2-1
	- libav <removed>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
	- mp3splt <unfixed> (unimportant)
	NOTE: https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c
	NOTE: No security impact, crash in CLI tool
CVE-2017-5679
	RESERVED
CVE-2017-5678
	REJECTED
CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerab ...)
	NOT-FOR-US: PEAR HTML_AJAX
	NOTE: http://karmainsecurity.com/KIS-2017-01
CVE-2017-5676
	RESERVED
CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in hw/display/vir ...)
	- qemu 1:2.8+dfsg-3 (bug #853996; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21
CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c i ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-3 (bug #853996)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342
CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to e ...)
	NOT-FOR-US: espeak-ruby Ruby gem
CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute arbi ...)
	NOT-FOR-US: festivaltts4r
CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection functi ...)
	{DLA-929-1}
	- libpodofo 0.9.4-1 (bug #854599)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
	NOTE: https://sourceforge.net/p/podofo/code/1672
CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...)
	- libpodofo 0.9.4-6 (bug #854603)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843
CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ca ...)
	- libpodofo 0.9.5-9 (bug #854602)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876
	NOTE: duplicate CVE: CVE-2018-5308
CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote a ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #854601)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVar ...)
	{DLA-929-1}
	- libpodofo 0.9.5-7 (low; bug #854600)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1838
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1841
	NOTE: further patch for ABI compatibility: https://sourceforge.net/p/podofo/mailman/message/36084628/
CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRG ...)
	- netpbm-free <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2
	NOTE: Debian uses an unaffected fork:
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
CVE-2017-5850 (httpd in OpenBSD allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: OpenBSD httpd
CVE-2017-5833 (Cross-site scripting (XSS) vulnerability in the invocation code genera ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5832 (Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0 ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5831 (Session fixation vulnerability in the forgot password mechanism in Rev ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5830 (Revive Adserver before 4.0.1 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5675 (A command-injection vulnerability exists in a web application on a cus ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2017-5674 (A vulnerability in a custom-built GoAhead web server used on Foscam, V ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum mes ...)
	NOT-FOR-US: Joomla extension
CVE-2017-5672 (Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnera ...)
	NOT-FOR-US: Kony Enterprise Mobile Management
CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 indust ...)
	NOT-FOR-US: Honeywell
CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm progr ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12  ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931
CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
	- mp3splt <unfixed> (unimportant; bug #854278)
	NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c
	NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
	NOTE: Negligable security impact
CVE-2017-5665 (The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allo ...)
	- mp3splt <unfixed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c
	NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
	NOTE: No security impact, crash in CLI tool
CVE-2017-5664 (The error page mechanism of the Java Servlet Specification requires th ...)
	{DSA-3892-1 DSA-3891-1 DLA-996-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.14-2 (bug #864447)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	[wheezy] - tomcat6 <end-of-life> (Not supported in Wheezy)
	NOTE: https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E
	NOTE: Fixed by: http://svn.apache.org/r1793469 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1793488 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1793489 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1793470 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x)
CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incub ...)
	NOT-FOR-US: Apache Fineract
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the serve ...)
	{DSA-4215-1 DLA-926-1}
	- batik 1.9-1 (bug #860566)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1
	NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139
	NOTE: Fixed by: http://svn.apache.org/r1743326
	NOTE: Similar issue to CVE-2015-0250
CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server  ...)
	{DSA-3864-1 DLA-927-1}
	- fop 1:2.1-6 (bug #860567)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/2
	NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668
	NOTE: Fixed by: http://svn.apache.org/r1769967
	NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6)
CVE-2017-5660 (There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prio ...)
	{DSA-4128-1}
	- trafficserver 7.1.2+ds-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/apache/trafficserver/pull/1657
	NOTE: https://issues.apache.org/jira/browse/TS-4930
CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is  ...)
	- trafficserver 7.0.0-1
	[wheezy] - trafficserver <not-affected> (PoC doesn't crash the server, fix too hard to backport)
	NOTE: https://issues.apache.org/jira/browse/TS-4507
	NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above)
	NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb
	NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153
CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to b ...)
	NOT-FOR-US: Apache Pony Mail
CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected aga ...)
	NOT-FOR-US: Apache Archiva
CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of c ...)
	NOT-FOR-US: Apache CXF
CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be  ...)
	NOT-FOR-US: Apache Ambari
CVE-2017-5654 (In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of ...)
	NOT-FOR-US: Apache Ambari
CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and  ...)
	NOT-FOR-US: Apache CXF
CVE-2017-5652 (During a routine security analysis, it was found that one of the ports ...)
	NOT-FOR-US: Impala
CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...)
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.11-2 (bug #860071)
	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
	NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...)
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.11-2 (bug #860070)
	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/22
	NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by sett ...)
	NOT-FOR-US: Apache Geode
CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to appli ...)
	{DSA-3843-1 DSA-3842-1 DLA-924-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.11-2 (bug #860069)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 <not-affected> (Only affects 7.0 an later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/23
	NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...)
	{DSA-3843-1 DSA-3842-1 DLA-924-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.11-2 (bug #860068)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/24
	NOTE: Fixed by: http://svn.apache.org/r1788932 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1788999 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789008 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x)
CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated us ...)
	NOT-FOR-US: Apache Knox
CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or  ...)
	- apache-log4j2 2.7-2 (bug #860489)
	[jessie] - apache-log4j2 <ignored> (Minor issue, no consumers of liblog4j2-java in Jessie)
	NOTE: https://issues.apache.org/jira/browse/LOG4J2-1863
	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d
CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attackers t ...)
	- libapache-poi-java 3.17-1 (bug #858301)
	[stretch] - libapache-poi-java <no-dsa> (Minor issue)
	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/20/9
CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via rem ...)
	NOT-FOR-US: Apache Camel
CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artif ...)
	NOT-FOR-US: Apache Ambari
CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not r ...)
	NOT-FOR-US: Apache Flex BlazeDS
CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...)
	NOT-FOR-US: Impala
CVE-2017-5639
	REJECTED
CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 an ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
CVE-2017-5637 (Two four letter word commands "wchp/wchc" are CPU intensive and could  ...)
	{DSA-3871-1 DLA-986-1}
	- zookeeper 3.4.9-3 (bug #863811)
	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
CVE-2017-5636 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environm ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-5635 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environm ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows phy ...)
	NOT-FOR-US: Norwegian
CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Li ...)
	NOT-FOR-US: D-Link
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with Firmw ...)
	NOT-FOR-US: Asus router
CVE-2017-5631 (An issue was discovered in KMCIS CaseAware. Reflected cross site scrip ...)
	NOT-FOR-US: KMCIS CaseAware
CVE-2017-5630 (PECL in the download utility class in the Installer in PEAR Base Syste ...)
	- php5 <unfixed> (unimportant)
	- php-pear <unfixed> (unimportant)
	NOTE: https://pear.php.net/bugs/bug.php?id=21171
	NOTE: pear performs no kind of authentication/integrity checks for downloads, so an attacker can MITM freely anyway
CVE-2017-5629
	RESERVED
CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fas ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5625 (In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized  ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T d ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5622 (With OxygenOS before 4.0.3, when a charger is connected to a powered-o ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5621 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...)
	- zammad <itp> (bug #841355)
CVE-2017-5620 (An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3 ...)
	- zammad <itp> (bug #841355)
CVE-2017-5619 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...)
	- zammad <itp> (bug #841355)
CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in Se ...)
	- serendipity <removed>
CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x befo ...)
	NOT-FOR-US: Splunk
CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	NOT-FOR-US: Xabber
CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	NOT-FOR-US: Movim
CVE-2017-5604 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	- mcabber 1.0.4-1.1 (bug #854738)
	[jessie] - mcabber <not-affected> (XEP-0280: Message Carbons not implemented)
	[wheezy] - mcabber <not-affected> (XEP-0280: Message Carbons not implemented)
CVE-2017-5603 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	- jitsi <removed> (bug #854737)
CVE-2017-5602 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	- jappix <itp> (bug #619347)
CVE-2017-5601 (An error in the lha_read_file_header_1() function (archive_read_suppor ...)
	{DLA-1600-1 DLA-810-1}
	- libarchive 3.2.1-6 (bug #853278)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
	NOTE: https://secunia.com/secunia_research/2017-3/
CVE-2016-10186 (An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd. ...)
	NOT-FOR-US: D-Link
CVE-2016-10185 (An issue was discovered on the D-Link DWR-932B router. A secure_mode=n ...)
	NOT-FOR-US: D-Link
CVE-2016-10184 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows f ...)
	NOT-FOR-US: D-Link
CVE-2016-10183 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows d ...)
	NOT-FOR-US: D-Link
CVE-2016-10182 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows c ...)
	NOT-FOR-US: D-Link
CVE-2016-10181 (An issue was discovered on the D-Link DWR-932B router. qmiweb provides ...)
	NOT-FOR-US: D-Link
CVE-2016-10180 (An issue was discovered on the D-Link DWR-932B router. WPS PIN generat ...)
	NOT-FOR-US: D-Link
CVE-2016-10179 (An issue was discovered on the D-Link DWR-932B router. There is a hard ...)
	NOT-FOR-US: D-Link
CVE-2016-10178 (An issue was discovered on the D-Link DWR-932B router. HELODBG on port ...)
	NOT-FOR-US: D-Link
CVE-2016-10177 (An issue was discovered on the D-Link DWR-932B router. Undocumented TE ...)
	NOT-FOR-US: D-Link
CVE-2016-10176 (The NETGEAR WNR2000v5 router allows an administrator to perform sensit ...)
	NOT-FOR-US: Netgear
CVE-2016-10175 (The NETGEAR WNR2000v5 router leaks its serial number when performing a ...)
	NOT-FOR-US: Netgear
CVE-2016-10174 (The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_ ...)
	NOT-FOR-US: Netgear
CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending o ...)
	NOT-FOR-US: Gentoo ebuilds dir permissions at install time
CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-3 (bug #853996)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2
CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a deni ...)
	- bitlbee 3.5.1-1 (bug #853282)
	[jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
	[wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
	NOTE: https://bugs.bitlbee.org/ticket/1282
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
	NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of servic ...)
	{DSA-3853-1 DLA-832-1}
	- bitlbee 3.5-1
	NOTE: https://bugs.bitlbee.org/ticket/1282
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
	NOTE: When fixing this CVE make sure to apply as well
	NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
	NOTE: to not open CVE-2017-5668
CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows re ...)
	{DSA-3853-1 DLA-832-1}
	- bitlbee 3.5-1
	NOTE: https://bugs.bitlbee.org/ticket/1281
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does no ...)
	- firejail 0.9.44.6-1
	NOTE: Changelog mentions the new fix for CVE-2017-5180 in RELNOTES for 0.9.44.6
	NOTE: an needs series of commits after 0.9.44.4
	NOTE: https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES
	NOTE: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6)
	NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/4
CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to re ...)
	{DLA-859-1}
	- calibre 2.75.1+dfsg-1 (low; bug #853004)
	[jessie] - calibre <no-dsa> (Minor issue)
	NOTE: Upstream report: https://launchpad.net/bugs/1651728
	NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/8
CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binary in  ...)
	- s-nail 14.8.16-1 (bug #852934)
	NOTE: https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
	NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160
	NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/7
CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10 ...)
	NOT-FOR-US: MuJS
CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before 4006739a ...)
	NOT-FOR-US: MuJS
CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a web app ...)
	{DSA-3781-1 DLA-816-1}
	- svgsalamander 1.1.1+dfsg-2 (bug #853134)
	NOTE: https://github.com/blackears/svgSalamander/issues/11
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/3
CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload function  ...)
	- piwigo <removed>
CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 7.2.3  ...)
	NOT-FOR-US: NetApp OnCommand Insight
CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 8. Thi ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.2+dfsg-1 (bug #852767)
	NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.2+dfsg-1 (bug #852767)
	NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.2+dfsg-1 (bug #852767)
	NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in web/views/file ...)
	{DLA-1145-1}
	- zoneminder 1.30.4+dfsg-1 (bug #854733)
	NOTE: Check https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3
CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerab ...)
	NOT-FOR-US: Pagekit CMS
CVE-2017-5593 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	- psi-plus <not-affected> (vulnerable code not present, XEP-0280 not implemented)
CVE-2017-5592 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	- profanity 0.5.1-1 (bug #854735)
	[jessie] - profanity <not-affected> (Vulnerable code not present)
CVE-2017-5591 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	- sleekxmpp 1.3.1-6 (bug #854739)
	[jessie] - sleekxmpp <not-affected> (vulnerable code not present, XEP-0280 not implemented)
	[wheezy] - sleekxmpp <not-affected> (vulnerable code not present, XEP-0280 not implemented)
	- slixmpp 1.2.2-1.1 (bug #854740)
CVE-2017-5590 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	NOT-FOR-US: ChatSecure / Zom
CVE-2017-5589 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
	NOT-FOR-US: yaxim / Bruno
CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and archiv ...)
	{DSA-3778-1 DLA-808-1}
	- ruby-minitar 0.5.4-3.1 (bug #853075)
	- ruby-archive-tar-minitar <removed> (bug #853249)
	NOTE: https://github.com/halostatue/minitar/issues/16
	NOTE: https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
CVE-2016-10172 (The read_new_config_info function in open_utils.c in Wavpack before 5. ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10171 (The unreorder_channels function in cli/wvunpack.c in Wavpack before 5. ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 all ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows  ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <no-dsa> (Minor issue)
	[wheezy] - wavpack <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in gd_interpol ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...)
	{DSA-3777-1 DLA-804-1}
	- php7.1 7.1.1-1 (unimportant)
	- php7.0 7.0.15-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73868
	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...)
	{DSA-3777-1 DLA-804-1}
	- php7.1 7.1.1-1 (unimportant)
	- php7.0 7.0.15-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73869
	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2017-5588
	RESERVED
CVE-2017-5587
	RESERVED
CVE-2017-5586 (OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote  ...)
	NOT-FOR-US: OpenText Documentum D2
CVE-2017-5585 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-5584 (Cross-site scripting (XSS) vulnerability in the Management Web Interfa ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2017-5583 (The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.1 ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2017-5582
	RESERVED
CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2 ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
	NOTE: The POC only triggers an assertion failure but an overflow cannot be observed.
CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 all ...)
	- jasper <removed> (unimportant)
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows r ...)
	- jasper <removed> (unimportant)
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files a ...)
	- screen 4.5.0-3 (bug #852484)
	[stretch] - screen <not-affected> (Vulnerable code not present/never migrated to stretch)
	[jessie] - screen <not-affected> (Vulnerable code not present)
	[wheezy] - screen <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
	NOTE: https://savannah.gnu.org/bugs/?50142
	NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
	NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/24/10
CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector c ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.4+gcc3dc1b-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-02.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345
CVE-2017-5596 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector  ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.4+gcc3dc1b-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-01.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344
CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ...)
	{DSA-3774-1 DLA-803-1}
	- lcms2 2.8-4 (bug #852627)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
	NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a program req ...)
	{DSA-3772-1 DLA-801-1}
	- libxpm 1:3.5.12-1
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in  ...)
	- virglrenderer 0.6.0-1 (bug #852603)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944
CVE-2017-5581 (Buffer overflow in the ModifiablePixelBuffer::fillRect function in Tig ...)
	- tigervnc 1.7.0+dfsg-3 (bug #852213)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/399
	NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
CVE-2017-5580 (The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c i ...)
	- virglrenderer 0.6.0-1 (bug #852604)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=28894a30a17a84529be102b21118e55d6c9f23fa (0.6.0)
	NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html
CVE-2017-5579 (Memory leak in the serial_exit_core function in hw/char/serial.c in QE ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-3 (bug #853002)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157
CVE-2017-5578 (Memory leak in the virtio_gpu_resource_attach_backing function in hw/d ...)
	- qemu 1:2.10.0-1 (unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b (v2.9.0-rc0)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=62232bf48456bda4058ceae05851bc58c1032338 (v2.4.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415795
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 upload reverts
	NOTE: enable virtio gpu (virglrenderer) and opengl support
CVE-2017-5577 (The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the Video ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/6b8ac63847bc2f958dd93c09edc941a0118992d9
	NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1)
CVE-2017-5576 (Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/0f2ff82e11c86c05d051cae32b58226392d33bbf
	NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1)
CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS b ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5573 (An issue was discovered in Linux Foundation xapi in Citrix XenServer t ...)
	NOT-FOR-US: Citrix
CVE-2017-5572 (An issue was discovered in Linux Foundation xapi in Citrix XenServer t ...)
	NOT-FOR-US: Citrix
CVE-2017-5571 (Open redirect vulnerability in the lmadmin component in Flexera FlexNe ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5568
	RESERVED
CVE-2017-5567 (Code injection vulnerability in Avast Premier 12.3 (and earlier), Inte ...)
	NOT-FOR-US: Avast
CVE-2017-5566 (Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG I ...)
	NOT-FOR-US: AVG
CVE-2017-5565 (Code injection vulnerability in Trend Micro Maximum Security 11.0 (and ...)
	NOT-FOR-US: Trend Micro
CVE-2017-5564
	RESERVED
CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...)
	- tiff <unfixed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2664
	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-5562
	RESERVED
CVE-2017-5561
	RESERVED
CVE-2017-5560
	RESERVED
CVE-2017-5559
	RESERVED
CVE-2017-5558
	RESERVED
CVE-2017-5557
	RESERVED
CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF befo ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-5555
	RESERVED
CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4 ...)
	NOT-FOR-US: OnePlus 3 / 3T OxygenOS
CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_m ...)
	- b2evolution <removed>
CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through  ...)
	{DLA-2168-1 DLA-811-1}
	- libplist 1.12+git+1+e37ca00-0.1 (low; bug #852385)
	NOTE: https://github.com/libimobiledevice/libplist/issues/87
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee
CVE-2017-5544 (An issue was discovered on FiberHome Fengine S5800 switches V210R240.  ...)
	NOT-FOR-US: FiberHome switches
CVE-2017-5543 (includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote  ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-5542 (Cross-site scripting (XSS) vulnerability in template/usererror.missing ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-5541 (Directory traversal vulnerability in template/usererror.missing_extens ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-5540
	RESERVED
CVE-2017-5539 (The patch for directory traversal (CVE-2017-5480) in b2evolution versi ...)
	- b2evolution <removed>
CVE-2017-5536 (The GridServer Broker, and GridServer Director components of TIBCO Sof ...)
	NOT-FOR-US: TIBCO GridServer
CVE-2017-5535 (The GridServer Broker, GridServer Driver, and GridServer Engine compon ...)
	NOT-FOR-US: TIBCO GridServer
CVE-2017-5534 (The tibbr user profiles components of tibbr Community, and tibbr Enter ...)
	NOT-FOR-US: tibbr
CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports Ser ...)
	- jasperreports <undetermined> (bug #884131)
	[jessie] - jasperreports <ignored> (no detailed information available, only needed as build-dependency for Spring)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017
CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO JasperReport ...)
	- jasperreports <undetermined> (bug #884131)
	[jessie] - jasperreports <ignored> (no detailed information available, only needed as build-dependency for Spring)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532
CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions 8.0 ...)
	NOT-FOR-US: TIBCO
CVE-2017-5530 (The tibbr web server components of tibbr Community, and tibbr Enterpri ...)
	NOT-FOR-US: tibbr
CVE-2017-5529 (JasperReports library components contain an information disclosure vul ...)
	- jasperreports <undetermined> (bug #880467)
	[jessie] - jasperreports <ignored> (no detailed information available, only needed as build-dependency for Spring)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0
CVE-2017-5528 (Multiple JasperReports Server components contain vulnerabilities which ...)
	- jasperreports <undetermined> (bug #880467)
	[jessie] - jasperreports <ignored> (no detailed information available, only needed as build-dependency for Spring)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017
CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x be ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...)
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	NOTE: PHP Bug: http://bugs.php.net/73831
	NOTE: Fixed in 7.0.15, 7.1.1
CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP  ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73825
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73768
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73764
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before  ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73737
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to  ...)
	NOT-FOR-US: Akamai NetSession
CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable s ...)
	- systemd 229-1
	[jessie] - systemd <not-affected> (Vulnerability introduced in v228)
	[wheezy] - systemd <not-affected> (Vulnerability introduced in v228)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)
CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allow ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote atta ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote atta ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2016-10155 (Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-2 (low; bug #852232)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
CVE-2016-10154 (The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x ...)
	- linux 4.9.2-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1)
CVE-2016-10153 (The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 inte ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1)
CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ba ...)
	{DLA-796-1}
	- hesiod 3.2.1-3.1 (low; bug #852093)
	[stretch] - hesiod <no-dsa> (Minor issue)
	[jessie] - hesiod <no-dsa> (Minor issue)
	NOTE: https://github.com/achernya/hesiod/pull/10
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID ...)
	{DLA-796-1}
	- hesiod 3.2.1-3.1 (low; bug #852094)
	[stretch] - hesiod <no-dsa> (Minor issue)
	[jessie] - hesiod <no-dsa> (Minor issue)
	NOTE: https://github.com/achernya/hesiod/pull/9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function i ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 (v4.9-rc8)
	NOTE: Introduced by: https://git.kernel.org/linus/a28ebea2adc4a2bef5989a5a181ec238f59fbcad (v4.8-rc2)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414506
CVE-2016-10148 (The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.p ...)
	- wordpress 4.6.1+dfsg-1
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: https://core.trac.wordpress.org/ticket/37490
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2017-5552 (Memory leak in the virgl_resource_attach_backing function in hw/displa ...)
	- qemu 1:2.10.0-1 (bug #852119; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689 (v2.9.0-rc0)
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
CVE-2017-5551 (The simple_set_acl function in fs/posix_acl.c in the Linux kernel befo ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux 3.2.84-1
	NOTE: Backported fix for CVE-2016-7097 already covered this CVE for wheezy
	NOTE: Fixed by: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4)
CVE-2017-5550 (Off-by-one error in the pipe_advance function in lib/iov_iter.c in the ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9)
	[wheezy] - linux <not-affected> (Introduced in 4.9)
	NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/241699cd72a8489c9446ae3910ddd243e9b9061b (4.9-rc1)
CVE-2017-5549 (The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105. ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4)
CVE-2017-5548 (drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6  ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655
CVE-2017-5547 (drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 inter ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d
CVE-2017-5546 (The freelist-randomization feature in mm/slab.c in the Linux kernel 4. ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (freelist randomisation introduced in 4.7)
	[wheezy] - linux <not-affected> (freelist randomisation introduced in 4.7)
	NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4)
CVE-2017-5538 (The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c i ...)
	NOT-FOR-US: Samsung Exynos
CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers  ...)
	NOT-FOR-US: Plone
CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different er ...)
	- weblate <itp> (bug #745661)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/18/11
CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows l ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-2 (bug #851910)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414209
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
	NOTE: Sound device hotplug not supported by libvirt
CVE-2017-5525 (Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows loc ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-2 (bug #852021)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401
	NOTE: Sound device hotplug not supported by libvirt
CVE-2017-5523
	RESERVED
CVE-2017-5522 (Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6. ...)
	{DSA-3766-1 DLA-790-1}
	- mapserver 7.0.4-1
	NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html
	NOTE: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df
CVE-2017-2578 (In Moodle 3.x, there is XSS in the assignment submission page. ...)
	- moodle 2.7.18+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=345915
CVE-2017-2576 (In Moodle 2.x and 3.x, there is incorrect sanitization of attributes i ...)
	- moodle 2.7.18+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=345912
CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300,  ...)
	NOT-FOR-US: NETGEAR
CVE-2017-5520 (The media rename feature in GeniXCMS through 0.0.8 does not consider a ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5519 (SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0 ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5518 (The media-file upload feature in GeniXCMS through 0.0.8 allows remote  ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5517 (SQL injection vulnerability in author.control.php in GeniXCMS through  ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5516 (Multiple cross-site scripting (XSS) vulnerabilities in the user forms  ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5515 (Cross-site scripting (XSS) vulnerability in the user prompt function i ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5514
	RESERVED
CVE-2017-5513
	RESERVED
CVE-2017-5512
	RESERVED
CVE-2017-5497
	RESERVED
CVE-2017-5496 (Sawmill Enterprise 8.7.9 allows remote attackers to gain login access  ...)
	NOT-FOR-US: Sawmill Enterprise
CVE-2017-5495 (All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbou ...)
	- quagga 1.1.1-1 (bug #852454)
	[jessie] - quagga <no-dsa> (Minor issue)
	[wheezy] - quagga <no-dsa> (Minor issue)
	NOTE: http://savannah.nongnu.org/forum/forum.php?forum_id=8783
	NOTE: http://mirror.easyname.at/nongnu//quagga/quagga-1.1.1.changelog.txt
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=b7ceefea77a246fe5c1dcd1b91bf6079d1b97c02
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7d66284a5817a1613b1e4d64a0775ec04fdf8c01
CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file types  ...)
	- b2evolution <removed>
CVE-2017-5486 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5485 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in a ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5484 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5483 (The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in prin ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5481 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 a ...)
	NOT-FOR-US: Trend Micro
CVE-2017-5480 (Directory traversal vulnerability in inc/files/files.ctrl.php in b2evo ...)
	- b2evolution <removed>
CVE-2017-5479
	RESERVED
CVE-2017-5478
	RESERVED
CVE-2017-5477
	RESERVED
CVE-2017-5476 (Serendipity through 2.0.5 allows CSRF for the installation of an event ...)
	- serendipity <removed>
CVE-2017-5475 (comment.php in Serendipity through 2.0.5 allows CSRF in deleting any c ...)
	- serendipity <removed>
CVE-2017-5474 (Open redirect vulnerability in comment.php in Serendipity through 2.0. ...)
	- serendipity <removed>
CVE-2017-5473 (Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4  ...)
	- ntopng 2.4+dfsg1-3 (bug #852109)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3
	NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
CVE-2017-5472 (A use-after-free vulnerability with the frameloader during tree recons ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5472
CVE-2017-5471 (Memory safety bugs were reported in Firefox 53. Some of these bugs sho ...)
	- firefox 54.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
CVE-2017-5470 (Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. S ...)
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5470
CVE-2017-5469 (Fixed potential buffer overflows in generated Firefox code due to CVE- ...)
	{DSA-3831-1 DLA-906-1}
	- firefox-esr 45.9.0esr-1
	- firefox 52.0.1-1
CVE-2017-5468 (An issue with incorrect ownership model of "privateBrowsing" informati ...)
	- firefox 52.0.1-1
CVE-2017-5467 (A potential memory corruption and crash when using Skia content when d ...)
	- firefox 52.0.1-1
CVE-2017-5466 (If a page is loaded from an original site through a hyperlink and cont ...)
	- firefox 52.0.1-1
CVE-2017-5465 (An out-of-bounds read while processing SVG content in "ConvolvePixel". ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5464 (During DOM manipulations of the accessibility tree through script, the ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5463 (Android intents can be used to launch Firefox for Android in reader mo ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2017-5462 (A flaw in DRBG number generation within the Network Security Services  ...)
	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
	[experimental] - nss 2:3.30-1
	- nss 2:3.26.2-1.1 (bug #862958)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
	NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through  ...)
	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
	- firefox 52.0.1-1
	[experimental] - nss 2:3.30.1-1
	- nss 2:3.26.2-1.1 (bug #862958)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
	NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by a combi ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5459 (A buffer overflow in WebGL triggerable by web content, resulting in a  ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5458 (When a "javascript:" URL is drag and dropped by a user into the addres ...)
	- firefox 52.0.1-1
CVE-2017-5457
	RESERVED
CVE-2017-5456 (A mechanism to bypass file system access protections in the sandbox us ...)
	- firefox 52.0.1-1
CVE-2017-5455 (The internal feed reader APIs that crossed the sandbox barrier allowed ...)
	- firefox 52.0.1-1
CVE-2017-5454 (A mechanism to bypass file system access protections in the sandbox to ...)
	- firefox 52.0.1-1
CVE-2017-5453 (A mechanism to inject static HTML into the RSS reader preview page due ...)
	- firefox 52.0.1-1
CVE-2017-5452 (Malicious sites can display a spoofed addressbar on a page when the ex ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2017-5451 (A mechanism to spoof the addressbar through the user interaction on th ...)
	- firefox 52.0.1-1
CVE-2017-5450 (A mechanism to spoof the Firefox for Android addressbar using a "javas ...)
	- firefox 52.0.1-1
CVE-2017-5449 (A possibly exploitable crash triggered during layout and manipulation  ...)
	- firefox 52.0.1-1
CVE-2017-5448 (An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5447 (An out-of-bounds read during the processing of glyph widths during tex ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5446 (An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5445 (A vulnerability while parsing "application/http-index-format" format c ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5444 (A buffer overflow vulnerability while parsing "application/http-index- ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5443 (An out-of-bounds write vulnerability while decoding improperly formed  ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5442 (A use-after-free vulnerability during changes in style when manipulati ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5441 (A use-after-free vulnerability when holding a selection during scroll  ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5440 (A use-after-free vulnerability during XSLT processing due to a failure ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5439 (A use-after-free vulnerability during XSLT processing due to poor hand ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5438 (A use-after-free vulnerability during XSLT processing due to the resul ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5437
	REJECTED
CVE-2017-5436 (An out-of-bounds write in the Graphite 2 library triggered with a mali ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5435 (A use-after-free vulnerability occurs during transaction processing in ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5434 (A use-after-free vulnerability occurs when redirecting focus handling  ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5433 (A use-after-free vulnerability in SMIL animation functions occurs when ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5432 (A use-after-free vulnerability occurs during certain text input select ...)
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5431
	RESERVED
CVE-2017-5430 (Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Th ...)
	- firefox 52.0.1-1
	- firefox-esr <not-affected> (Only affects ESR52 and Firefox)
CVE-2017-5429 (Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Fire ...)
	{DSA-3831-1 DLA-906-1}
	- firefox-esr 45.9.0esr-1
	- firefox 52.0.1-1
CVE-2017-5428 (An integer overflow in "createImageBitmap()" was reported through the  ...)
	- firefox-esr <not-affected> (Only affects 52 ESR, which isn't packaged yet except experimental where it's fixed)
	- firefox 52.0.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428
CVE-2017-5427 (A non-existent chrome.manifest file will attempt to be loaded during s ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427
CVE-2017-5426 (On Linux, if the secure computing mode BPF (seccomp-bpf) filter is run ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5426
CVE-2017-5425 (The Gecko Media Plugin sandbox allows access to local files that match ...)
	- firefox <not-affected> (Only Firefox on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5425
CVE-2017-5424
	RESERVED
CVE-2017-5423
	RESERVED
CVE-2017-5422 (If a malicious site uses the "view-source:" protocol in a series withi ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5422
CVE-2017-5421 (A malicious site could spoof the contents of the print preview window  ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5421
CVE-2017-5420 (A "javascript:" url loaded by a malicious page can obfuscate its locat ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5420
CVE-2017-5419 (If a malicious site repeatedly triggers a modal authentication prompt, ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419
CVE-2017-5418 (An out of bounds read error occurs when parsing some HTTP digest autho ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418
CVE-2017-5417 (When dragging content from the primary browser pane to the addressbar  ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417
CVE-2017-5416 (In certain circumstances a networking event listener can be prematurel ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416
CVE-2017-5415 (An attack can use a blob URL and script to spoof an arbitrary addressb ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415
CVE-2017-5414 (The file picker dialog can choose and display the wrong local default  ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414
CVE-2017-5413 (A segmentation fault can occur during some bidirectional layout operat ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413
CVE-2017-5412 (A buffer overflow read during SVG filter color value operations, resul ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412
CVE-2017-5411 (A use-after-free can occur during buffer storage operations within the ...)
	- firefox <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
CVE-2017-5410 (Memory corruption resulting in a potentially exploitable crash during  ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5410
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
CVE-2017-5409 (The Mozilla Windows updater can be called by a non-privileged user to  ...)
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5409
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
CVE-2017-5408 (Video files loaded video captions cross-origin without checking for th ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5408
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
CVE-2017-5407 (Using SVG filters that don't use the fixed point math implementation o ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5407
CVE-2017-5406 (A segmentation fault can occur in the Skia graphics library during som ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
CVE-2017-5405 (Certain response codes in FTP connections can result in the use of uni ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
CVE-2017-5404 (A use-after-free error can occur when manipulating ranges in selection ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5404
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
CVE-2017-5403 (When adding a range to an object in the DOM, it is possible to use "ad ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
CVE-2017-5402 (A use-after-free can occur when events are fired for a "FontFace" obje ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5402
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
CVE-2017-5401 (A crash triggerable by web content in which an "ErrorResult" reference ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5401
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
CVE-2017-5400 (JIT-spray targeting asm.js combined with a heap spray allows for a byp ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
CVE-2017-5399 (Memory safety bugs were reported in Firefox 51. Some of these bugs sho ...)
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
CVE-2017-5398 (Memory safety bugs were reported in Thunderbird 45.7. Some of these bu ...)
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5398
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
CVE-2017-5397 (The cache directory on the local file system is set to be world writab ...)
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397
CVE-2017-5396 (A use-after-free vulnerability in the Media Decoder when working with  ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5396
CVE-2017-5395 (Malicious sites can display a spoofed location bar on a subsequently l ...)
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395
CVE-2017-5394 (A location bar spoofing attack where the location bar of loaded page w ...)
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394
CVE-2017-5393 (The "mozAddonManager" allows for the installation of extensions from t ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393
CVE-2017-5392 (Weak proxy objects have weak references on multiple threads when they  ...)
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392
CVE-2017-5391 (Special "about:" pages used by web content, such as RSS feeds, can loa ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
CVE-2017-5390 (The JSON viewer in the Developer Tools uses insecure methods to create ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5390
CVE-2017-5389 (WebExtensions could use the "mozAddonManager" API by modifying the CSP ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389
CVE-2017-5388 (A STUN server in conjunction with a large number of "webkitRTCPeerConn ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5388
CVE-2017-5387 (The existence of a specifically requested local file can be found due  ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387
CVE-2017-5386 (WebExtension scripts can use the "data:" protocol to affect pages load ...)
	{DSA-3771-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386
CVE-2017-5385 (Data sent with in multipart channels, such as the multipart/x-mixed-re ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5385
CVE-2017-5384 (Proxy Auto-Config (PAC) files can specify a JavaScript function called ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
CVE-2017-5383 (URLs containing certain unicode glyphs for alternative hyphens and quo ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383
CVE-2017-5382 (Feed preview for RSS feeds can be used to capture errors and exception ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5382
CVE-2017-5381 (The "export" function in the Certificate Viewer can force local filesy ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
CVE-2017-5380 (A potential use-after-free found through fuzzing during DOM manipulati ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5380
CVE-2017-5379 (Use-after-free vulnerability in Web Animations when interacting with c ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
CVE-2017-5378 (Hashed codes of JavaScript objects are shared between pages. This allo ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378
CVE-2017-5377 (A memory corruption vulnerability in Skia that can occur when using tr ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
CVE-2017-5376 (Use-after-free while manipulating XSL in XSLT documents. This vulnerab ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376
CVE-2017-5375 (JIT code allocation can allow for a bypass of ASLR and DEP protections ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5375
CVE-2017-5374 (Memory safety bugs were reported in Firefox 50.1. Some of these bugs s ...)
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
CVE-2017-5373 (Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ...)
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5373
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5373
CVE-2017-5372 (The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE compon ...)
	NOT-FOR-US: SAP
CVE-2017-5371 (Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote  ...)
	NOT-FOR-US: SAP
CVE-2017-5370
	RESERVED
CVE-2017-5369
	RESERVED
CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854733)
	[wheezy] - zoneminder <no-dsa> (Too intrusive to backport)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1822
CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link inpu ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854733)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2017-5366
	RESERVED
CVE-2017-5365
	RESERVED
CVE-2017-5364 (Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an at ...)
	NOT-FOR-US: Foxit PDF Toolkit
CVE-2017-5363
	RESERVED
CVE-2017-5362
	RESERVED
CVE-2017-5361 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...)
	{DSA-3883-1 DSA-3882-1 DLA-988-1 DLA-987-1}
	- request-tracker4 4.4.1-4
	- rt-authen-externalauth <removed>
	NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9
CVE-2017-5360
	RESERVED
CVE-2017-5359 (EasyCom SQL iPlug allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: EasyCom
CVE-2017-5358 (Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PH ...)
	NOT-FOR-US: EasyCom
CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users  ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9)
CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...)
	- tikiwiki <removed>
CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...)
	NOTE: Generic IPv6 issue
CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...)
	NOT-FOR-US: BLU
CVE-2016-10138 (An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with  ...)
	NOT-FOR-US: BLU
CVE-2016-10137 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...)
	NOT-FOR-US: BLU
CVE-2016-10136 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...)
	NOT-FOR-US: BLU
CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset with L(5.0 ...)
	NOT-FOR-US: LG
CVE-2017-5505 (The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows rem ...)
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c
	NOTE: https://github.com/mdadams/jasper/issues/88
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5504 (The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.2 ...)
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
	NOTE: https://github.com/mdadams/jasper/issues/89
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5503 (The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900. ...)
	- jasper <not-affected> (Vulnerable code introduced later)
	NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c
	NOTE: https://github.com/mdadams/jasper/issues/90
CVE-2017-5502 (libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to  ...)
	- jasper <removed> (unimportant)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/76
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5501 (Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/70
	NOTE: Only crashes with debug builds using ubsan
CVE-2017-5500 (libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to  ...)
	- jasper <removed> (unimportant)
	NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/64
CVE-2017-5499 (Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows  ...)
	- jasper <removed> (unimportant)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/63
	NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service
CVE-2017-5498 (libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote a ...)
	- jasper <removed> (unimportant)
	NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/62
CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allows re ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x befo ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ImageMa ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in ImageM ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists  ...)
	{DLA-806-1}
	- zoneminder 1.30.4+dfsg-1 (bug #851710)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697
	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63
	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4
CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851377)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/350
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unspecific ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote attacker ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5487 (wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ...)
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	[jessie] - wordpress <not-affected> (vulnerable code not present)
	[wheezy] - wordpress <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8715
	NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8716
	NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8717
CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8718
	NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to  ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8719
	NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing  ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8720
	NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8721
	NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of servi ...)
	{DLA-1217-1}
	- irssi 0.8.21-1 (low)
	[jessie] - irssi 0.8.17-1+deb8u3
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5355
	RESERVED
CVE-2017-5354
	RESERVED
CVE-2017-5353
	RESERVED
CVE-2017-5352
	RESERVED
CVE-2017-5351 (Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software all ...)
	NOT-FOR-US: Samsung
CVE-2017-5350 (Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allo ...)
	NOT-FOR-US: Samsung
CVE-2017-5349
	RESERVED
CVE-2017-5348
	RESERVED
CVE-2017-5347 (SQL injection vulnerability in inc/mod/newsletter/options.php in GeniX ...)
	NOT-FOR-US: GeniXMS
CVE-2017-5346 (SQL injection vulnerability in inc/lib/Control/Backend/posts.control.p ...)
	NOT-FOR-US: GeniXMS
CVE-2017-5345 (SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control. ...)
	NOT-FOR-US: GeniXMS
CVE-2017-5344 (An issue was discovered in dotCMS through 3.6.1. The findChildrenByFil ...)
	NOT-FOR-US: dotCMS
CVE-2017-5343
	RESERVED
CVE-2017-5342 (In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, G ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
	NOT-FOR-US: MuJS
CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
	NOT-FOR-US: MuJS
CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a de ...)
	NOT-FOR-US: MuJS
CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...)
	- codeigniter <itp> (bug #471583)
CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of  ...)
	- ed <not-affected> (Vulnerable code not present, cf #851159)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/5
	NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream
	NOTE: changed a malloc'ed buffer for a static one.
	NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html
CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows local u ...)
	NOT-FOR-US: Palo Alto Networks Terminal Services Agent
CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows attacke ...)
	NOT-FOR-US: Palo Alto Networks Terminal Services Agent
CVE-2017-5327
	RESERVED
CVE-2017-5326
	RESERVED
CVE-2017-5325
	RESERVED
CVE-2017-5324
	RESERVED
CVE-2017-5323
	RESERVED
CVE-2017-5322
	RESERVED
CVE-2017-5321
	RESERVED
CVE-2017-5320
	RESERVED
CVE-2017-5319
	RESERVED
CVE-2017-5318
	RESERVED
CVE-2017-5317
	RESERVED
CVE-2017-5316
	RESERVED
CVE-2017-5315
	RESERVED
CVE-2017-5314
	RESERVED
CVE-2017-5313
	RESERVED
CVE-2017-5312
	RESERVED
CVE-2017-5311
	RESERVED
CVE-2017-5310
	RESERVED
CVE-2017-5309
	RESERVED
CVE-2017-5308
	RESERVED
CVE-2017-5307
	RESERVED
CVE-2017-5306
	RESERVED
CVE-2017-5305
	RESERVED
CVE-2017-5304
	RESERVED
CVE-2017-5303
	RESERVED
CVE-2017-5302
	RESERVED
CVE-2017-5301
	RESERVED
CVE-2017-5300
	RESERVED
CVE-2017-5299
	RESERVED
CVE-2017-5298
	RESERVED
CVE-2017-5297
	RESERVED
CVE-2017-5296
	RESERVED
CVE-2017-5295
	RESERVED
CVE-2017-5294
	RESERVED
CVE-2017-5293
	RESERVED
CVE-2017-5292
	RESERVED
CVE-2017-5291
	RESERVED
CVE-2017-5290
	RESERVED
CVE-2017-5289
	RESERVED
CVE-2017-5288
	RESERVED
CVE-2017-5287
	RESERVED
CVE-2017-5286
	RESERVED
CVE-2017-5285
	RESERVED
CVE-2017-5284
	RESERVED
CVE-2017-5283
	RESERVED
CVE-2017-5282
	RESERVED
CVE-2017-5281
	RESERVED
CVE-2017-5280
	RESERVED
CVE-2017-5279
	RESERVED
CVE-2017-5278
	RESERVED
CVE-2017-5277
	RESERVED
CVE-2017-5276
	RESERVED
CVE-2017-5275
	RESERVED
CVE-2017-5274
	RESERVED
CVE-2017-5273
	RESERVED
CVE-2017-5272
	RESERVED
CVE-2017-5271
	RESERVED
CVE-2017-5270
	RESERVED
CVE-2017-5269
	RESERVED
CVE-2017-5268
	RESERVED
CVE-2017-5267
	RESERVED
CVE-2017-5266
	RESERVED
CVE-2017-5265
	RESERVED
CVE-2017-5264 (Versions of Nexpose prior to 6.4.66 fail to adequately validate the so ...)
	NOT-FOR-US: Nexpose
CVE-2017-5263 (Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack  ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5262 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, t ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5261 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, t ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5260 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, a ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5259 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, a ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5258 (In version 3.5 and prior of Cambium Networks ePMP firmware, an attacke ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5257 (In version 3.5 and prior of Cambium Networks ePMP firmware, an attacke ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5256 (In version 3.5 and prior of Cambium Networks ePMP firmware, all authen ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5255 (In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of  ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5254 (In version 3.5 and prior of Cambium Networks ePMP firmware, the non-ad ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5253
	RESERVED
CVE-2017-5252
	RESERVED
CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio transmis ...)
	NOT-FOR-US: Insteon
CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, t ...)
	NOT-FOR-US: Insteon
CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...)
	NOT-FOR-US: Wink
CVE-2017-5248
	RESERVED
CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in t ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression inje ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5245
	REJECTED
CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones o ...)
	NOT-FOR-US: Metasploit
CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances sh ...)
	NOT-FOR-US: Rapid7 Nexpose hardware appliances
CVE-2017-5242
	RESERVED
CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...)
	NOT-FOR-US: Rapid7 AppSpider Pro
CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive infor ...)
	NOT-FOR-US: Eview GPS trackers
CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields f ...)
	NOT-FOR-US: Eview GPS trackers
CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...)
	NOT-FOR-US: Eview GPS trackers
CVE-2017-5236 (Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060  ...)
	NOT-FOR-US: Rapid7 AppSpider Pro
CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 co ...)
	NOT-FOR-US: Rapid7
CVE-2017-5234 (Rapid7 Insight Collector installers prior to version 1.0.16 contain a  ...)
	NOT-FOR-US: Rapid7
CVE-2017-5233 (Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DL ...)
	NOT-FOR-US: Rapid7
CVE-2017-5232 (All editions of Rapid7 Nexpose installers prior to version 6.4.24 cont ...)
	NOT-FOR-US: Rapid7
CVE-2017-5231 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...)
	NOT-FOR-US: Rapid7
CVE-2017-5230 (The Java keystore in all versions and editions of Rapid7 Nexpose prior ...)
	NOT-FOR-US: Rapid7
CVE-2017-5229 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...)
	NOT-FOR-US: Rapid7
CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...)
	NOT-FOR-US: Rapid7
CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sens ...)
	NOT-FOR-US: QNAP
CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the t ...)
	{DSA-3844-1 DLA-795-1}
	- tiff 4.0.7-5 (bug #851297)
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2657
CVE-2017-5224
	RESERVED
CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTM ...)
	{DLA-1591-1 DLA-817-1}
	- libphp-phpmailer 5.2.14+dfsg-2.3 (bug #853232)
	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 (v5.2.22)
	NOTE: http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
CVE-2017-5222
	RESERVED
CVE-2017-5221
	RESERVED
CVE-2017-5220
	RESERVED
CVE-2017-5219 (An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component M ...)
	NOT-FOR-US: SageCRM
CVE-2017-5218 (A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. Th ...)
	NOT-FOR-US: SageCRM
CVE-2017-5217 (Installing a zero-permission Android application on certain Samsung An ...)
	NOT-FOR-US: Samsung
CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote Control vers ...)
	NOT-FOR-US: Netop Remote Control
CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...)
	NOT-FOR-US: Joomla extension
CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...)
	NOT-FOR-US: Joomla extension
CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access  ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Infor ...)
	NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist thr ...)
	{DLA-2168-1 DLA-811-1}
	- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
	NOTE: Upstream bug: https://github.com/libimobiledevice/libplist/issues/84
	NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957
CVE-2017-5205 (The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in pri ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5204 (The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5203 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in prin ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow rem ...)
	NOT-FOR-US: NetApp
CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...)
	- salt 2016.11.2+ds-1
	[jessie] - salt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/saltstack/salt/compare/c0e5a1171d7ce2ba8747a971c024632e0d96d848~1...97b0f64923bc5382531b931625267a3c30d2f17e
CVE-2017-5339
	REJECTED
CVE-2017-5338
	REJECTED
CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before 0.24. ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <not-affected> (Vulnerable code not present)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6)
CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x bef ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6)
CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in transports/smart ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6)
CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0. ...)
	NOT-FOR-US: Splunk
CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded  ...)
	NOT-FOR-US: D-Link
CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...)
	- python-pysaml2 <unfixed> (low; bug #859135)
	[buster] - python-pysaml2 <no-dsa> (Minor issue)
	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
	[jessie] - python-pysaml2 <no-dsa> (Minor issue)
	NOTE: https://github.com/rohe/pysaml2/issues/366
	NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE)
CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...)
	{DSA-3759-1}
	- python-pysaml2 3.0.0-5 (bug #850716)
	NOTE: https://github.com/rohe/pysaml2/pull/379
	NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
CVE-2017-XXXX [multiple new security issues]
	- w3m 0.5.3-34 (bug #850432)
	[jessie] - w3m 0.5.3-19+deb8u2
	[wheezy] - w3m <no-dsa> (Minor issues)
CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0 ...)
	{DSA-3802-1}
	- zabbix 1:3.0.4+dfsg-1 (bug #850936)
	NOTE: https://support.zabbix.com/browse/ZBX-11023
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
CVE-2017-5337 (Multiple heap-based buffer overflows in the read_attribute function in ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
	NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/op ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
	NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS be ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
	NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b
CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitrary c ...)
	- ark 4:16.08.3-2 (bug #850874)
	[jessie] - ark <not-affected> (Vulnerable code introduced later)
	[wheezy] - ark <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
	NOTE: "Open File" action introduced in  https://cgit.kde.org/ark.git/commit/?id=f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv sessi ...)
	- bubblewrap 0.1.5-2 (bug #850702)
	NOTE: https://github.com/projectatomic/bubblewrap/issues/142
CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allows loc ...)
	- firejail 0.9.44.4-1 (bug #850528)
	NOTE: https://github.com/netblue30/firejail/issues/1023
	NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/07/3
CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, a ...)
	- firejail 0.9.44.4-1 (bug #850558)
	NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
CVE-2017-5199 (The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allo ...)
	NOT-FOR-US: SolarWinds LEM
CVE-2017-5198 (SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configura ...)
	NOT-FOR-US: SolarWinds LEM
CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2.  ...)
	NOT-FOR-US: SilverStripe
CVE-2017-5192 (When using the local_batch client from salt-api in SaltStack Salt befo ...)
	- salt 2016.11.2+ds-1
	[jessie] - salt <not-affected> (Vulnerable code not present)
CVE-2017-5191 (An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when c ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-5189 (NetIQ iManager before 3.0.3 delivered a SSL private key in a Java appl ...)
	NOT-FOR-US: NetIQ iManager
CVE-2017-5188 (The bs_worker code in open build service before 20170320 followed rela ...)
	- open-build-service 2.7.4-3 (low; bug #900133)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/00ec3c6f4132422f00d5c15e854755c331ef1661 (2.7.x)
	NOTE: https://github.com/openSUSE/open-build-service/commit/8595d06570ded81d8514c8c5a147b250541bf388 (2.9.x)
	NOTE: A followup https://bugzilla.suse.com/show_bug.cgi?id=1029824 shows
	NOTE: it might be wise to disallow as well other types (devices, sockets,
	NOTE: directories, symlinks, ...) and needs:
	NOTE: https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d
CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Serv ...)
	NOT-FOR-US: Micro Focus
CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0. ...)
	NOT-FOR-US: Novell iManager
CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0 ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0 ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2017-5183 (NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated  ...)
	NOT-FOR-US: Open Enterprise Server
CVE-2017-5181
	REJECTED
CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial o ...)
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi <not-affected> (Affects only 0.8.18 and later)
	[wheezy] - irssi <not-affected> (Affects only 0.8.18 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial o ...)
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi 0.8.17-1+deb8u3
	[wheezy] - irssi <not-affected> (Affects only 0.8.17 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote atta ...)
	{DLA-1217-1}
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi 0.8.17-1+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...)
	{DLA-1217-1}
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi 0.8.17-1+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...)
	NOT-FOR-US: Nessus
CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau Server/Desktop V ...)
	NOT-FOR-US: Schneider
CVE-2017-5177 (A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7  ...)
	NOT-FOR-US: VIPA Controls WinPLC7
CVE-2017-5176 (A DLL Hijack issue was discovered in Rockwell Automation Connected Com ...)
	NOT-FOR-US: Rockwell Automation Connected Components Workbench
CVE-2017-5175 (Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerabi ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-5174 (An Authentication Bypass issue was discovered in Geutebruck IP Camera  ...)
	NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250
CVE-2017-5173 (An Improper Neutralization of Special Elements (in an OS command) issu ...)
	NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250
CVE-2017-5172
	RESERVED
CVE-2017-5171
	RESERVED
CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa SoftN ...)
	NOT-FOR-US: Moxa
CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager Versi ...)
	NOT-FOR-US: Hanwha Techwin
CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager Versi ...)
	NOT-FOR-US: Hanwha Techwin
CVE-2017-5167 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...)
	NOT-FOR-US: BINOM3
CVE-2017-5166 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...)
	NOT-FOR-US: BINOM3
CVE-2017-5165 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...)
	NOT-FOR-US: BINOM3
CVE-2017-5164 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...)
	NOT-FOR-US: BINOM3
CVE-2017-5163 (An issue was discovered in Belden Hirschmann GECKO Lite Managed switch ...)
	NOT-FOR-US: Belden Hirschmann
CVE-2017-5162 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...)
	NOT-FOR-US: BINOM3
CVE-2017-5161 (An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software,  ...)
	NOT-FOR-US: Sielco Sistemi
CVE-2017-5160 (An Inadequate Encryption Strength issue was discovered in Schneider El ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-5159 (An issue was discovered on Phoenix Contact mGuard devices that have be ...)
	NOT-FOR-US: Phoenix Contact mGuard
CVE-2017-5158 (An Information Exposure issue was discovered in Schneider Electric Won ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-5157 (An issue was discovered in Schneider Electric homeLYnk Controller, LSS ...)
	NOT-FOR-US: Schneider
CVE-2017-5156 (A Cross-Site Request Forgery issue was discovered in Schneider Electri ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-5155 (An issue was discovered in Schneider Electric Wonderware Historian 201 ...)
	NOT-FOR-US: Schneider
CVE-2017-5154 (An issue was discovered in Advantech WebAccess Version 8.1. To be able ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-5153 (An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier ve ...)
	NOT-FOR-US: OSIsoft PI Coresight
CVE-2017-5152 (An issue was discovered in Advantech WebAccess Version 8.1. By accessi ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-5151 (An issue was discovered in VideoInsight Web Client Version 6.3.5.11 an ...)
	NOT-FOR-US: VideoInsight Web Client
CVE-2017-5150
	RESERVED
CVE-2017-5149 (An issue was discovered in St. Jude Medical Merlin@home, versions prio ...)
	NOT-FOR-US: St. Jude Medical Merlin@home
CVE-2017-5148
	RESERVED
CVE-2017-5147 (An Uncontrolled Search Path Element issue was discovered in AzeoTech D ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2017-5146 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...)
	NOT-FOR-US: Carlo Gavazzi
CVE-2017-5145 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...)
	NOT-FOR-US: Carlo Gavazzi
CVE-2017-5144 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...)
	NOT-FOR-US: Carlo Gavazzi
CVE-2017-5143 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...)
	NOT-FOR-US: Honeywell
CVE-2017-5142 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...)
	NOT-FOR-US: Honeywell
CVE-2017-5141 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...)
	NOT-FOR-US: Honeywell
CVE-2017-5140 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...)
	NOT-FOR-US: Honeywell
CVE-2017-5139 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...)
	NOT-FOR-US: Honeywell
CVE-2017-5138
	RESERVED
CVE-2017-5137 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. W ...)
	- lxc 1:2.0.0-1
	[jessie] - lxc <no-dsa> (Minor issue)
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
	NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2)
CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might al ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1)
CVE-2016-10122 (Firejail does not properly clean environment variables, which allows l ...)
	- firejail 0.9.44.2-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f
	NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2)
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2)
CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly othe ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38)
CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ( ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1)
CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local  ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38)
CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot  ...)
	- firejail 0.9.44.2-1 (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2)
CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)
CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo  ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10115 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo  ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10114 (SQL injection vulnerability in the "aWeb Cart Watching System for Virt ...)
	NOT-FOR-US: Joomla extension
CVE-2016-10113
	RESERVED
CVE-2016-10112 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
	NOT-FOR-US: WordPress plugin woocommerce
CVE-2016-10111
	RESERVED
CVE-2016-10110
	RESERVED
CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...)
	- firejail 0.9.44.2-3 (bug #850160)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
	NOTE: https://github.com/netblue30/firejail/issues/1020
CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, possib ...)
	NOT-FOR-US: Technicolor
CVE-2017-5134
	RESERVED
CVE-2017-5133 (Off-by-one read/write on the heap in Blink in Google Chrome prior to 6 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5132 (Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 all ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...)
	{DLA-1188-1}
	- libxml2 2.9.4+dfsg1-5.1 (bug #880000)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	[jessie] - libxml2 <no-dsa> (Minor issue)
	- chromium-browser 62.0.3202.75-1 (unimportant)
	NOTE: chromium-browser uses system libxml2.
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not public)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public)
	NOTE: xmlMemoryStrdup is only for debugging with excpetion in xmlint when invoked
	NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc.
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
	NOTE: Needs follow up: https://git.gnome.org/browse/libxml2/commit/?id=ed48d65b4d6c5cec7be035ad5eebeba873b4b955
CVE-2017-5129 (A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5128 (Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 a ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5127 (Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowe ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5126 (A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allo ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5125 (Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 al ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5123 [waitid() not calling access_ok()]
	RESERVED
	- linux 4.13.4-2
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/96ca579a1ecc943b75beba58bebb0356f6cc4b51
CVE-2017-5122 (Inappropriate use of table size handling in V8 in Google Chrome prior  ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5121 (Inappropriate use of JIT optimisation in V8 in Google Chrome prior to  ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5120 (Inappropriate use of www mismatch redirects in browser navigation in G ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5119 (Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3 ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5118 (Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Lin ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5117 (Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3 ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5116 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, W ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5115 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Window ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5114 (Inappropriate use of partition alloc in PDFium in Google Chrome prior  ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5113 (Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac,  ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5112 (Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 f ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5111 (A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for  ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5110 (Inappropriate implementation of the web payments API on blob: and data ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5109 (Inappropriate implementation of unload handler handling in permission  ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5108 (Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Ma ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5107 (A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.7 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5106 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5105 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5104 (Inappropriate implementation in interstitials in Google Chrome prior t ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5103 (Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5102 (Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5101 (Inappropriate implementation in Omnibox in Google Chrome prior to 60.0 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5100 (A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Wi ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5099 (Insufficient validation of untrusted input in PPAPI Plugins in Google  ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5098 (A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5097 (Insufficient validation of untrusted input in Skia in Google Chrome pr ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5096 (Insufficient policy enforcement during navigation between different sc ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2017-5095 (Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Li ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5094 (Type confusion in extensions JavaScript bindings in Google Chrome prio ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5093 (Inappropriate implementation in modal dialog handling in Blink in Goog ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5092 (Insufficient validation of untrusted input in PPAPI Plugins in Google  ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5091 (A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 f ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5090 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...)
	- chromium-browser <not-affected> (Chrome on Mac)
CVE-2017-5089 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...)
	{DSA-3926-1}
	- chromium-browser 59.0.3071.104-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5088 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
	{DSA-3926-1}
	- chromium-browser 59.0.3071.104-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5087 (A use after free in Blink in Google Chrome prior to 59.0.3071.104 for  ...)
	{DSA-3926-1}
	- chromium-browser 59.0.3071.104-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5086 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5085 (Inappropriate implementation in Bookmarks in Google Chrome prior to 59 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5084 (Inappropriate implementation in image-burner in Google Chrome OS prior ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5083 (Inappropriate implementation in Blink in Google Chrome prior to 59.0.3 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5082 (Failure to take advantage of available mitigations in credit card auto ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5081 (Lack of verification of an extension's locale folder in Google Chrome  ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5080 (A use after free in credit card autofill in Google Chrome prior to 59. ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5079 (Inappropriate implementation in Blink in Google Chrome prior to 59.0.3 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5078 (Insufficient validation of untrusted input in Blink's mailto: handling ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5077 (Insufficient validation of untrusted input in Skia in Google Chrome pr ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5076 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5075 (Inappropriate implementation in CSP reporting in Blink in Google Chrom ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5074 (A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5073 (Use after free in print preview in Blink in Google Chrome prior to 59. ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5072 (Inappropriate implementation in Omnibox in Google Chrome prior to 59.0 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5071 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5070 (Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5069 (Incorrect MIME type of XSS-Protection reports in Blink in Google Chrom ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5068 (Incorrect handling of picture ID in WebRTC in Google Chrome prior to 5 ...)
	- chromium-browser 58.0.3029.96-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5067 (An insufficient watchdog timer in navigation in Google Chrome prior to ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5066 (Insufficient consistency checks in signature handling in the networkin ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5065 (Lack of an appropriate action on page navigation in Blink in Google Ch ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5064 (Incorrect handling of DOM changes in Blink in Google Chrome prior to 5 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5063 (A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for  ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5062 (A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5061 (A race condition in navigation in Google Chrome prior to 58.0.3029.81  ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5060 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5059 (Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Lin ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5058 (A use after free in PrintPreview in Google Chrome prior to 58.0.3029.8 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5057 (Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Ma ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5056 (A use after free in Blink in Google Chrome prior to 57.0.2987.133 for  ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5055 (A use after free in printing in Google Chrome prior to 57.0.2987.133 f ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5054 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 fo ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5053 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 fo ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5052 (An incorrect assumption about block structure in Blink in Google Chrom ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5050 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5049 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5048 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5047 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5046 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5045 (XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, a ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5044 (Heap buffer overflow in filter processing in Skia in Google Chrome pri ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5043 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5042 (Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linu ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5041 (Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5040 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5039 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5038 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5037 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5036 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5035 (Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race con ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5034 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5033 (Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Lin ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5032 (PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be mad ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5031 (A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for W ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5030 (Incorrect handling of complex species in V8 in Google Chrome prior to  ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt 1.1.29, as us ...)
	{DSA-3810-1 DLA-866-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libxslt 1.1.29-2.1 (bug #858546)
	[jessie] - libxslt 1.1.28-2+deb8u3
	NOTE: Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
CVE-2017-5028 (Insufficient data validation in V8 in Google Chrome prior to 56.0.2924 ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
CVE-2017-5027 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5026 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5025 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...)
	{DSA-3776-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2.4-1
CVE-2017-5024 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...)
	{DSA-3776-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2.4-1
CVE-2017-5023 (Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5022 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5021 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Win ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5020 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5019 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Win ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5018 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5017 (Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5016 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5015 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5014 (Heap buffer overflow during image processing in Skia in Google Chrome  ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5013 (Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new  ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5012 (A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 fo ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5011 (Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitiz ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5010 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5009 (WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5008 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5007 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5006 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5005 (Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 ...)
	NOT-FOR-US: Quickheal
CVE-2016-10108 (Unauthenticated Remote Command injection as root occurs in the Western ...)
	NOT-FOR-US: Western Digital MyCloud NAS
CVE-2016-10107 (Unauthenticated Remote Command injection as root occurs in the Western ...)
	NOT-FOR-US: Western Digital MyCloud NAS
CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR  ...)
	NOT-FOR-US: NETGEAR devices
CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...)
	- piwigo <removed>
CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software' ...)
	NOT-FOR-US: Hitek
CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek So ...)
	NOT-FOR-US: Hitek
CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when encry ...)
	NOT-FOR-US: Hitek
CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...)
	NOT-FOR-US: Hitek
CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate arc ...)
	- borgbackup 1.0.9-1
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic pro ...)
	- borgbackup 1.0.9-1
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2017-5333 (Integer overflow in the extract_group_icon_cursor_resource function in ...)
	{DSA-3765-1 DLA-789-1}
	- icoutils 0.31.1-1
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
	NOTE: CVE for "the separate vulnerability fixed by the introduction of the "size >= sizeof(uint16_t)*2" test in
	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a"
	NOTE: http://seclists.org/oss-sec/2017/q1/56
CVE-2017-5332 (The extract_group_icon_cursor_resource in wrestool/extract.c in icouti ...)
	{DSA-3765-1 DLA-789-1}
	- icoutils 0.31.1-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
	NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in
	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
CVE-2017-5331 (Integer overflow in the check_offset function in b/wrestool/fileread.c ...)
	{DSA-3765-1 DLA-789-1}
	- icoutils 0.31.1-1
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 all ...)
	{DSA-3756-1 DLA-789-1}
	- icoutils 0.31.0-4 (bug #850017)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...)
	- php7.1 7.1.1-1 (bug #852022)
	- php7.0 7.0.15-1 (bug #850158)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73832
	NOTE: Fixed in PHP 7.1.1, 7.0.15
CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remot ...)
	{DSA-3752-1 DLA-778-1}
	- pcsc-lite 1.8.20-1
	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/03/2
CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10097 (XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/ ...)
	NOT-FOR-US: OpenAM
CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...)
	NOT-FOR-US: GenixCMS
CVE-2016-10090
	RESERVED
CVE-2016-10086 (RESTful web services in CA Service Desk Manager 12.9 and CA Service De ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2017-5004 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all p ...)
	NOT-FOR-US: RSA Identity Governance and Lifecycle
CVE-2017-5003 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all p ...)
	NOT-FOR-US: RSA Identity Governance and Lifecycle
CVE-2017-5002 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-5001 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-5000 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-4999 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-4998 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-4997 (EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an un ...)
	NOT-FOR-US: EMC
CVE-2017-4996
	REJECTED
CVE-2017-4995 (An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE throu ...)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2017-4995
CVE-2017-4994 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4993
	REJECTED
CVE-2017-4992 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-23 ...)
	NOT-FOR-US: EMC
CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-3 ...)
	NOT-FOR-US: EMC
CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is a ...)
	NOT-FOR-US: EMC
CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions  ...)
	NOT-FOR-US: EMC
CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could  ...)
	NOT-FOR-US: EMC
CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions  ...)
	NOT-FOR-US: EMC
CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions  ...)
	NOT-FOR-US: EMC
CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1 ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1 ...)
	NOT-FOR-US: EMC Mainframe
CVE-2017-4981 (EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper cert ...)
	NOT-FOR-US: EMC
CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that ma ...)
	NOT-FOR-US: EMC
CVE-2017-4979 (EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2 ...)
	NOT-FOR-US: EMC
CVE-2017-4978 (EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2  ...)
	NOT-FOR-US: EMC
CVE-2017-4977 (EMC RSA Archer Security Operations Management with RSA Unified Collect ...)
	NOT-FOR-US: EMC
CVE-2017-4976 (EMC ESRS Policy Manager prior to 6.8 contains an undocumented account  ...)
	NOT-FOR-US: EMC
CVE-2017-4975 (An issue was discovered in Pivotal PCF Tile Generator versions prior t ...)
	NOT-FOR-US: Pivotal PCF Tile Generator
CVE-2017-4974 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4973 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4972 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4971 (An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Appl ...)
	NOT-FOR-US: Spring Web Flow
CVE-2017-4970 (An issue was discovered in Cloud Foundry Foundation cf-release v255 an ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior to v25 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4968
	REJECTED
CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x  ...)
	- rabbitmq-server 3.6.10-1 (low; bug #863586)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x  ...)
	- rabbitmq-server 3.6.10-1 (low; bug #863586)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
	NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x  ...)
	- rabbitmq-server 3.6.10-1 (low; bug #863586)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry rele ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4962
	REJECTED
CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through v252, UA ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4959 (An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions  ...)
	NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2017-4958
	REJECTED
CVE-2017-4957
	REJECTED
CVE-2017-4956
	REJECTED
CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions  ...)
	NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in tif_dir. ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-2 (bug #850316)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit
	NOTE: While the _TIFFVGetField function is a generic function, CVE IDs seem to be
	NOTE: assigned per tool using it, so CVE-2015-7554/CVE-2016-10095 refers to the
	NOTE: tiffsplit tool
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
	NOTE: Fixes as per http://bugzilla.maptools.org/show_bug.cgi?id=2580
CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools ...)
	{DSA-3762-1}
	- tiff 4.0.7-4
	[wheezy] - tiff <not-affected> (vulnerable code introduced later)
	- tiff3 <not-affected> (vulnerable code introduced later)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote atta ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer function  ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
CVE-2016-10091 (Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote att ...)
	- unrtf 0.21.9-clean-3 (bug #849705)
	[jessie] - unrtf 0.21.5-3+deb8u1
	[wheezy] - unrtf <no-dsa> (Minor issue)
	NOTE: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406
CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote authenticate ...)
	- piwigo <removed>
CVE-2016-10084 (admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenti ...)
	- piwigo <removed>
CVE-2016-10083 (Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo ...)
	- piwigo <removed>
CVE-2016-10082 (include/functions_installer.inc.php in Serendipity through 2.0.5 is vu ...)
	- serendipity <removed>
CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote ...)
	- shutter 0.93.1-1.3 (bug #849777)
	[jessie] - shutter 0.92-0.1+deb8u2
	[wheezy] - shutter <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/shutter/+bug/1652600
CVE-2016-10080
	RESERVED
CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...)
	NOT-FOR-US: SAPlpd
CVE-2016-10078
	RESERVED
CVE-2016-10077
	RESERVED
CVE-2016-10076
	RESERVED
CVE-2017-4954
	RESERVED
CVE-2017-4953
	RESERVED
CVE-2017-4952 (VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR ...)
	NOT-FOR-US: VMware Xenon
CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) co ...)
	NOT-FOR-US: VMware AirWatch Console
CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow vulnerabilit ...)
	NOT-FOR-US: VMware
CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...)
	NOT-FOR-US: VMware
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Clie ...)
	NOT-FOR-US: VMware
CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Contain ...)
	NOT-FOR-US: VMware Realize Automation
CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a pr ...)
	NOT-FOR-US: VMware
CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a ...)
	NOT-FOR-US: VMware
CVE-2017-4944
	RESERVED
CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...)
	NOT-FOR-US: VMware
CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control vulnera ...)
	NOT-FOR-US: VMware
CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG ...)
	NOT-FOR-US: VMware
CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG,  ...)
	NOT-FOR-US: VMware
CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL hijac ...)
	NOT-FOR-US: VMware
CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9)  ...)
	NOT-FOR-US: VMware
CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...)
	NOT-FOR-US: VMware
CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...)
	NOT-FOR-US: VMware
CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...)
	NOT-FOR-US: VMware
CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9)  ...)
	NOT-FOR-US: VMware
CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x befor ...)
	NOT-FOR-US: VMware
CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnera ...)
	NOT-FOR-US: VMware
CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability th ...)
	NOT-FOR-US: VMware
CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability th ...)
	NOT-FOR-US: VMware
CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a ...)
	NOT-FOR-US: VMware
CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior ...)
	NOT-FOR-US: VMware
CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) d ...)
	NOT-FOR-US: VMware
CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability t ...)
	NOT-FOR-US: VMware
CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without p ...)
	NOT-FOR-US: VMware
CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation ...)
	NOT-FOR-US: VMware
CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information di ...)
	NOT-FOR-US: VMware
CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information di ...)
	NOT-FOR-US: VMware
CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure libra ...)
	NOT-FOR-US: VMware
CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x pri ...)
	NOT-FOR-US: VMware
CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, ...)
	NOT-FOR-US: VMware vCenter Server
CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains  ...)
	NOT-FOR-US: VMware
CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x lo ...)
	NOT-FOR-US: VMware
CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference vuln ...)
	NOT-FOR-US: VMware
CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading vul ...)
	NOT-FOR-US: VMware
CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x co ...)
	NOT-FOR-US: VMware
CVE-2017-4913 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4912 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4911 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4910 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4909 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4908 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4907 (VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and ...)
	NOT-FOR-US: VMware
CVE-2017-4906
	RESERVED
CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without pat ...)
	NOT-FOR-US: VMware
CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410 ...)
	NOT-FOR-US: VMware
CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without pat ...)
	NOT-FOR-US: VMware
CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without pat ...)
	NOT-FOR-US: VMware
CVE-2017-4901 (The drag-and-drop (DnD) function in VMware Workstation 12.x before ver ...)
	NOT-FOR-US: VMware
CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL point ...)
	NOT-FOR-US: VMware
CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security v ...)
	NOT-FOR-US: VMware
CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loadin ...)
	NOT-FOR-US: VMware
CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists  ...)
	NOT-FOR-US: VMware Horizon DaaS
CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a r ...)
	NOT-FOR-US: Airwatch Inbox for Android
CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may allow a d ...)
	NOT-FOR-US: Airwatch Inbox for Android
CVE-2017-4894
	REJECTED
CVE-2017-4893
	REJECTED
CVE-2017-4892
	REJECTED
CVE-2017-4891
	REJECTED
CVE-2017-4890
	REJECTED
CVE-2017-4889
	REJECTED
CVE-2017-4888
	REJECTED
CVE-2017-4887
	REJECTED
CVE-2017-4886
	REJECTED
CVE-2017-4885
	REJECTED
CVE-2017-4884
	REJECTED
CVE-2017-4883
	REJECTED
CVE-2017-4882
	REJECTED
CVE-2017-4881
	REJECTED
CVE-2017-4880
	REJECTED
CVE-2017-4879
	REJECTED
CVE-2017-4878
	REJECTED
CVE-2017-4877
	REJECTED
CVE-2017-4876
	REJECTED
CVE-2017-4875
	REJECTED
CVE-2017-4874
	REJECTED
CVE-2017-4873
	REJECTED
CVE-2017-4872
	REJECTED
CVE-2017-4871
	REJECTED
CVE-2017-4870
	REJECTED
CVE-2017-4869
	REJECTED
CVE-2017-4868
	REJECTED
CVE-2017-4867
	REJECTED
CVE-2017-4866
	REJECTED
CVE-2017-4865
	REJECTED
CVE-2017-4864
	REJECTED
CVE-2017-4863
	REJECTED
CVE-2017-4862
	REJECTED
CVE-2017-4861
	REJECTED
CVE-2017-4860
	REJECTED
CVE-2017-4859
	REJECTED
CVE-2017-4858
	REJECTED
CVE-2017-4857
	REJECTED
CVE-2017-4856
	REJECTED
CVE-2017-4855
	REJECTED
CVE-2017-4854
	REJECTED
CVE-2017-4853
	REJECTED
CVE-2017-4852
	REJECTED
CVE-2017-4851
	REJECTED
CVE-2017-4850
	REJECTED
CVE-2017-4849
	REJECTED
CVE-2017-4848
	REJECTED
CVE-2017-4847
	REJECTED
CVE-2017-4846
	REJECTED
CVE-2017-4845
	REJECTED
CVE-2017-4844
	REJECTED
CVE-2017-4843
	REJECTED
CVE-2017-4842
	REJECTED
CVE-2017-4841
	REJECTED
CVE-2017-4840
	REJECTED
CVE-2017-4839
	REJECTED
CVE-2017-4838
	REJECTED
CVE-2017-4837
	REJECTED
CVE-2017-4836
	REJECTED
CVE-2017-4835
	REJECTED
CVE-2017-4834
	REJECTED
CVE-2017-4833
	REJECTED
CVE-2017-4832
	REJECTED
CVE-2017-4831
	REJECTED
CVE-2017-4830
	REJECTED
CVE-2017-4829
	REJECTED
CVE-2017-4828
	REJECTED
CVE-2017-4827
	REJECTED
CVE-2017-4826
	REJECTED
CVE-2017-4825
	REJECTED
CVE-2017-4824
	REJECTED
CVE-2017-4823
	REJECTED
CVE-2017-4822
	REJECTED
CVE-2017-4821
	REJECTED
CVE-2017-4820
	REJECTED
CVE-2017-4819
	REJECTED
CVE-2017-4818
	REJECTED
CVE-2017-4817
	REJECTED
CVE-2017-4816
	REJECTED
CVE-2017-4815
	REJECTED
CVE-2017-4814
	REJECTED
CVE-2017-4813
	REJECTED
CVE-2017-4812
	REJECTED
CVE-2017-4811
	REJECTED
CVE-2017-4810
	REJECTED
CVE-2017-4809
	REJECTED
CVE-2017-4808
	REJECTED
CVE-2017-4807
	REJECTED
CVE-2017-4806
	REJECTED
CVE-2017-4805
	REJECTED
CVE-2017-4804
	REJECTED
CVE-2017-4803
	REJECTED
CVE-2017-4802
	REJECTED
CVE-2017-4801
	REJECTED
CVE-2017-4800
	REJECTED
CVE-2017-4799
	REJECTED
CVE-2017-4798
	REJECTED
CVE-2017-4797
	REJECTED
CVE-2017-4796
	REJECTED
CVE-2017-4795
	REJECTED
CVE-2017-4794
	REJECTED
CVE-2017-4793
	REJECTED
CVE-2017-4792
	REJECTED
CVE-2017-4791
	REJECTED
CVE-2017-4790
	REJECTED
CVE-2017-4789
	REJECTED
CVE-2017-4788
	REJECTED
CVE-2017-4787
	REJECTED
CVE-2017-4786
	REJECTED
CVE-2017-4785
	REJECTED
CVE-2017-4784
	REJECTED
CVE-2017-4783
	REJECTED
CVE-2017-4782
	REJECTED
CVE-2017-4781
	REJECTED
CVE-2017-4780
	REJECTED
CVE-2017-4779
	REJECTED
CVE-2017-4778
	REJECTED
CVE-2017-4777
	REJECTED
CVE-2017-4776
	REJECTED
CVE-2017-4775
	REJECTED
CVE-2017-4774
	REJECTED
CVE-2017-4773
	REJECTED
CVE-2017-4772
	REJECTED
CVE-2017-4771
	REJECTED
CVE-2017-4770
	REJECTED
CVE-2017-4769
	REJECTED
CVE-2017-4768
	REJECTED
CVE-2017-4767
	REJECTED
CVE-2017-4766
	REJECTED
CVE-2017-4765
	REJECTED
CVE-2017-4764
	REJECTED
CVE-2017-4763
	REJECTED
CVE-2017-4762
	REJECTED
CVE-2017-4761
	REJECTED
CVE-2017-4760
	REJECTED
CVE-2017-4759
	REJECTED
CVE-2017-4758
	REJECTED
CVE-2017-4757
	REJECTED
CVE-2017-4756
	REJECTED
CVE-2017-4755
	REJECTED
CVE-2017-4754
	REJECTED
CVE-2017-4753
	REJECTED
CVE-2017-4752
	REJECTED
CVE-2017-4751
	REJECTED
CVE-2017-4750
	REJECTED
CVE-2017-4749
	REJECTED
CVE-2017-4748
	REJECTED
CVE-2017-4747
	REJECTED
CVE-2017-4746
	REJECTED
CVE-2017-4745
	REJECTED
CVE-2017-4744
	REJECTED
CVE-2017-4743
	REJECTED
CVE-2017-4742
	REJECTED
CVE-2017-4741
	REJECTED
CVE-2017-4740
	REJECTED
CVE-2017-4739
	REJECTED
CVE-2017-4738
	REJECTED
CVE-2017-4737
	REJECTED
CVE-2017-4736
	REJECTED
CVE-2017-4735
	REJECTED
CVE-2017-4734
	REJECTED
CVE-2017-4733
	REJECTED
CVE-2017-4732
	REJECTED
CVE-2017-4731
	REJECTED
CVE-2017-4730
	REJECTED
CVE-2017-4729
	REJECTED
CVE-2017-4728
	REJECTED
CVE-2017-4727
	REJECTED
CVE-2017-4726
	REJECTED
CVE-2017-4725
	REJECTED
CVE-2017-4724
	REJECTED
CVE-2017-4723
	REJECTED
CVE-2017-4722
	REJECTED
CVE-2017-4721
	REJECTED
CVE-2017-4720
	REJECTED
CVE-2017-4719
	REJECTED
CVE-2017-4718
	REJECTED
CVE-2017-4717
	REJECTED
CVE-2017-4716
	REJECTED
CVE-2017-4715
	REJECTED
CVE-2017-4714
	REJECTED
CVE-2017-4713
	REJECTED
CVE-2017-4712
	REJECTED
CVE-2017-4711
	REJECTED
CVE-2017-4710
	REJECTED
CVE-2017-4709
	REJECTED
CVE-2017-4708
	REJECTED
CVE-2017-4707
	REJECTED
CVE-2017-4706
	REJECTED
CVE-2017-4705
	REJECTED
CVE-2017-4704
	REJECTED
CVE-2017-4703
	REJECTED
CVE-2017-4702
	REJECTED
CVE-2017-4701
	REJECTED
CVE-2017-4700
	REJECTED
CVE-2017-4699
	REJECTED
CVE-2017-4698
	REJECTED
CVE-2017-4697
	REJECTED
CVE-2017-4696
	REJECTED
CVE-2017-4695
	REJECTED
CVE-2017-4694
	REJECTED
CVE-2017-4693
	REJECTED
CVE-2017-4692
	REJECTED
CVE-2017-4691
	REJECTED
CVE-2017-4690
	REJECTED
CVE-2017-4689
	REJECTED
CVE-2017-4688
	REJECTED
CVE-2017-4687
	REJECTED
CVE-2017-4686
	REJECTED
CVE-2017-4685
	REJECTED
CVE-2017-4684
	REJECTED
CVE-2017-4683
	REJECTED
CVE-2017-4682
	REJECTED
CVE-2017-4681
	REJECTED
CVE-2017-4680
	REJECTED
CVE-2017-4679
	REJECTED
CVE-2017-4678
	REJECTED
CVE-2017-4677
	REJECTED
CVE-2017-4676
	REJECTED
CVE-2017-4675
	REJECTED
CVE-2017-4674
	REJECTED
CVE-2017-4673
	REJECTED
CVE-2017-4672
	REJECTED
CVE-2017-4671
	REJECTED
CVE-2017-4670
	REJECTED
CVE-2017-4669
	REJECTED
CVE-2017-4668
	REJECTED
CVE-2017-4667
	REJECTED
CVE-2017-4666
	REJECTED
CVE-2017-4665
	REJECTED
CVE-2017-4664
	REJECTED
CVE-2017-4663
	REJECTED
CVE-2017-4662
	REJECTED
CVE-2017-4661
	REJECTED
CVE-2017-4660
	REJECTED
CVE-2017-4659
	REJECTED
CVE-2017-4658
	REJECTED
CVE-2017-4657
	REJECTED
CVE-2017-4656
	REJECTED
CVE-2017-4655
	REJECTED
CVE-2017-4654
	REJECTED
CVE-2017-4653
	REJECTED
CVE-2017-4652
	REJECTED
CVE-2017-4651
	REJECTED
CVE-2017-4650
	REJECTED
CVE-2017-4649
	REJECTED
CVE-2017-4648
	REJECTED
CVE-2017-4647
	REJECTED
CVE-2017-4646
	REJECTED
CVE-2017-4645
	REJECTED
CVE-2017-4644
	REJECTED
CVE-2017-4643
	REJECTED
CVE-2017-4642
	REJECTED
CVE-2017-4641
	REJECTED
CVE-2017-4640
	REJECTED
CVE-2017-4639
	REJECTED
CVE-2017-4638
	REJECTED
CVE-2017-4637
	REJECTED
CVE-2017-4636
	REJECTED
CVE-2017-4635
	REJECTED
CVE-2017-4634
	REJECTED
CVE-2017-4633
	REJECTED
CVE-2017-4632
	REJECTED
CVE-2017-4631
	REJECTED
CVE-2017-4630
	REJECTED
CVE-2017-4629
	REJECTED
CVE-2017-4628
	REJECTED
CVE-2017-4627
	REJECTED
CVE-2017-4626
	REJECTED
CVE-2017-4625
	REJECTED
CVE-2017-4624
	REJECTED
CVE-2017-4623
	REJECTED
CVE-2017-4622
	REJECTED
CVE-2017-4621
	REJECTED
CVE-2017-4620
	REJECTED
CVE-2017-4619
	REJECTED
CVE-2017-4618
	REJECTED
CVE-2017-4617
	REJECTED
CVE-2017-4616
	REJECTED
CVE-2017-4615
	REJECTED
CVE-2017-4614
	REJECTED
CVE-2017-4613
	REJECTED
CVE-2017-4612
	REJECTED
CVE-2017-4611
	REJECTED
CVE-2017-4610
	REJECTED
CVE-2017-4609
	REJECTED
CVE-2017-4608
	REJECTED
CVE-2017-4607
	REJECTED
CVE-2017-4606
	REJECTED
CVE-2017-4605
	REJECTED
CVE-2017-4604
	REJECTED
CVE-2017-4603
	REJECTED
CVE-2017-4602
	REJECTED
CVE-2017-4601
	REJECTED
CVE-2017-4600
	REJECTED
CVE-2017-4599
	REJECTED
CVE-2017-4598
	REJECTED
CVE-2017-4597
	REJECTED
CVE-2017-4596
	REJECTED
CVE-2017-4595
	REJECTED
CVE-2017-4594
	REJECTED
CVE-2017-4593
	REJECTED
CVE-2017-4592
	REJECTED
CVE-2017-4591
	REJECTED
CVE-2017-4590
	REJECTED
CVE-2017-4589
	REJECTED
CVE-2017-4588
	REJECTED
CVE-2017-4587
	REJECTED
CVE-2017-4586
	REJECTED
CVE-2017-4585
	REJECTED
CVE-2017-4584
	REJECTED
CVE-2017-4583
	REJECTED
CVE-2017-4582
	REJECTED
CVE-2017-4581
	REJECTED
CVE-2017-4580
	REJECTED
CVE-2017-4579
	REJECTED
CVE-2017-4578
	REJECTED
CVE-2017-4577
	REJECTED
CVE-2017-4576
	REJECTED
CVE-2017-4575
	REJECTED
CVE-2017-4574
	REJECTED
CVE-2017-4573
	REJECTED
CVE-2017-4572
	REJECTED
CVE-2017-4571
	REJECTED
CVE-2017-4570
	REJECTED
CVE-2017-4569
	REJECTED
CVE-2017-4568
	REJECTED
CVE-2017-4567
	REJECTED
CVE-2017-4566
	REJECTED
CVE-2017-4565
	REJECTED
CVE-2017-4564
	REJECTED
CVE-2017-4563
	REJECTED
CVE-2017-4562
	REJECTED
CVE-2017-4561
	REJECTED
CVE-2017-4560
	REJECTED
CVE-2017-4559
	REJECTED
CVE-2017-4558
	REJECTED
CVE-2017-4557
	REJECTED
CVE-2017-4556
	REJECTED
CVE-2017-4555
	REJECTED
CVE-2017-4554
	REJECTED
CVE-2017-4553
	REJECTED
CVE-2017-4552
	REJECTED
CVE-2017-4551
	REJECTED
CVE-2017-4550
	REJECTED
CVE-2017-4549
	REJECTED
CVE-2017-4548
	REJECTED
CVE-2017-4547
	REJECTED
CVE-2017-4546
	REJECTED
CVE-2017-4545
	REJECTED
CVE-2017-4544
	REJECTED
CVE-2017-4543
	REJECTED
CVE-2017-4542
	REJECTED
CVE-2017-4541
	REJECTED
CVE-2017-4540
	REJECTED
CVE-2017-4539
	REJECTED
CVE-2017-4538
	REJECTED
CVE-2017-4537
	REJECTED
CVE-2017-4536
	REJECTED
CVE-2017-4535
	REJECTED
CVE-2017-4534
	REJECTED
CVE-2017-4533
	REJECTED
CVE-2017-4532
	REJECTED
CVE-2017-4531
	REJECTED
CVE-2017-4530
	REJECTED
CVE-2017-4529
	REJECTED
CVE-2017-4528
	REJECTED
CVE-2017-4527
	REJECTED
CVE-2017-4526
	REJECTED
CVE-2017-4525
	REJECTED
CVE-2017-4524
	REJECTED
CVE-2017-4523
	REJECTED
CVE-2017-4522
	REJECTED
CVE-2017-4521
	REJECTED
CVE-2017-4520
	REJECTED
CVE-2017-4519
	REJECTED
CVE-2017-4518
	REJECTED
CVE-2017-4517
	REJECTED
CVE-2017-4516
	REJECTED
CVE-2017-4515
	REJECTED
CVE-2017-4514
	REJECTED
CVE-2017-4513
	REJECTED
CVE-2017-4512
	REJECTED
CVE-2017-4511
	REJECTED
CVE-2017-4510
	REJECTED
CVE-2017-4509
	REJECTED
CVE-2017-4508
	REJECTED
CVE-2017-4507
	REJECTED
CVE-2017-4506
	REJECTED
CVE-2017-4505
	REJECTED
CVE-2017-4504
	REJECTED
CVE-2017-4503
	REJECTED
CVE-2017-4502
	REJECTED
CVE-2017-4501
	REJECTED
CVE-2017-4500
	REJECTED
CVE-2017-4499
	REJECTED
CVE-2017-4498
	REJECTED
CVE-2017-4497
	REJECTED
CVE-2017-4496
	REJECTED
CVE-2017-4495
	REJECTED
CVE-2017-4494
	REJECTED
CVE-2017-4493
	REJECTED
CVE-2017-4492
	REJECTED
CVE-2017-4491
	REJECTED
CVE-2017-4490
	REJECTED
CVE-2017-4489
	REJECTED
CVE-2017-4488
	REJECTED
CVE-2017-4487
	REJECTED
CVE-2017-4486
	REJECTED
CVE-2017-4485
	REJECTED
CVE-2017-4484
	REJECTED
CVE-2017-4483
	REJECTED
CVE-2017-4482
	REJECTED
CVE-2017-4481
	REJECTED
CVE-2017-4480
	REJECTED
CVE-2017-4479
	REJECTED
CVE-2017-4478
	REJECTED
CVE-2017-4477
	REJECTED
CVE-2017-4476
	REJECTED
CVE-2017-4475
	REJECTED
CVE-2017-4474
	REJECTED
CVE-2017-4473
	REJECTED
CVE-2017-4472
	REJECTED
CVE-2017-4471
	REJECTED
CVE-2017-4470
	REJECTED
CVE-2017-4469
	REJECTED
CVE-2017-4468
	REJECTED
CVE-2017-4467
	REJECTED
CVE-2017-4466
	REJECTED
CVE-2017-4465
	REJECTED
CVE-2017-4464
	REJECTED
CVE-2017-4463
	REJECTED
CVE-2017-4462
	REJECTED
CVE-2017-4461
	REJECTED
CVE-2017-4460
	REJECTED
CVE-2017-4459
	REJECTED
CVE-2017-4458
	REJECTED
CVE-2017-4457
	REJECTED
CVE-2017-4456
	REJECTED
CVE-2017-4455
	REJECTED
CVE-2017-4454
	REJECTED
CVE-2017-4453
	REJECTED
CVE-2017-4452
	REJECTED
CVE-2017-4451
	REJECTED
CVE-2017-4450
	REJECTED
CVE-2017-4449
	REJECTED
CVE-2017-4448
	REJECTED
CVE-2017-4447
	REJECTED
CVE-2017-4446
	REJECTED
CVE-2017-4445
	REJECTED
CVE-2017-4444
	REJECTED
CVE-2017-4443
	REJECTED
CVE-2017-4442
	REJECTED
CVE-2017-4441
	REJECTED
CVE-2017-4440
	REJECTED
CVE-2017-4439
	REJECTED
CVE-2017-4438
	REJECTED
CVE-2017-4437
	REJECTED
CVE-2017-4436
	REJECTED
CVE-2017-4435
	REJECTED
CVE-2017-4434
	REJECTED
CVE-2017-4433
	REJECTED
CVE-2017-4432
	REJECTED
CVE-2017-4431
	REJECTED
CVE-2017-4430
	REJECTED
CVE-2017-4429
	REJECTED
CVE-2017-4428
	REJECTED
CVE-2017-4427
	REJECTED
CVE-2017-4426
	REJECTED
CVE-2017-4425
	REJECTED
CVE-2017-4424
	REJECTED
CVE-2017-4423
	REJECTED
CVE-2017-4422
	REJECTED
CVE-2017-4421
	REJECTED
CVE-2017-4420
	REJECTED
CVE-2017-4419
	REJECTED
CVE-2017-4418
	REJECTED
CVE-2017-4417
	REJECTED
CVE-2017-4416
	REJECTED
CVE-2017-4415
	REJECTED
CVE-2017-4414
	REJECTED
CVE-2017-4413
	REJECTED
CVE-2017-4412
	REJECTED
CVE-2017-4411
	REJECTED
CVE-2017-4410
	REJECTED
CVE-2017-4409
	REJECTED
CVE-2017-4408
	REJECTED
CVE-2017-4407
	REJECTED
CVE-2017-4406
	REJECTED
CVE-2017-4405
	REJECTED
CVE-2017-4404
	REJECTED
CVE-2017-4403
	REJECTED
CVE-2017-4402
	REJECTED
CVE-2017-4401
	REJECTED
CVE-2017-4400
	REJECTED
CVE-2017-4399
	REJECTED
CVE-2017-4398
	REJECTED
CVE-2017-4397
	REJECTED
CVE-2017-4396
	REJECTED
CVE-2017-4395
	REJECTED
CVE-2017-4394
	REJECTED
CVE-2017-4393
	REJECTED
CVE-2017-4392
	REJECTED
CVE-2017-4391
	REJECTED
CVE-2017-4390
	REJECTED
CVE-2017-4389
	REJECTED
CVE-2017-4388
	REJECTED
CVE-2017-4387
	REJECTED
CVE-2017-4386
	REJECTED
CVE-2017-4385
	REJECTED
CVE-2017-4384
	REJECTED
CVE-2017-4383
	REJECTED
CVE-2017-4382
	REJECTED
CVE-2017-4381
	REJECTED
CVE-2017-4380
	REJECTED
CVE-2017-4379
	REJECTED
CVE-2017-4378
	REJECTED
CVE-2017-4377
	REJECTED
CVE-2017-4376
	REJECTED
CVE-2017-4375
	REJECTED
CVE-2017-4374
	REJECTED
CVE-2017-4373
	REJECTED
CVE-2017-4372
	REJECTED
CVE-2017-4371
	REJECTED
CVE-2017-4370
	REJECTED
CVE-2017-4369
	REJECTED
CVE-2017-4368
	REJECTED
CVE-2017-4367
	REJECTED
CVE-2017-4366
	REJECTED
CVE-2017-4365
	REJECTED
CVE-2017-4364
	REJECTED
CVE-2017-4363
	REJECTED
CVE-2017-4362
	REJECTED
CVE-2017-4361
	REJECTED
CVE-2017-4360
	REJECTED
CVE-2017-4359
	REJECTED
CVE-2017-4358
	REJECTED
CVE-2017-4357
	REJECTED
CVE-2017-4356
	REJECTED
CVE-2017-4355
	REJECTED
CVE-2017-4354
	REJECTED
CVE-2017-4353
	REJECTED
CVE-2017-4352
	REJECTED
CVE-2017-4351
	REJECTED
CVE-2017-4350
	REJECTED
CVE-2017-4349
	REJECTED
CVE-2017-4348
	REJECTED
CVE-2017-4347
	REJECTED
CVE-2017-4346
	REJECTED
CVE-2017-4345
	REJECTED
CVE-2017-4344
	REJECTED
CVE-2017-4343
	REJECTED
CVE-2017-4342
	REJECTED
CVE-2017-4341
	REJECTED
CVE-2017-4340
	REJECTED
CVE-2017-4339
	REJECTED
CVE-2017-4338
	REJECTED
CVE-2017-4337
	REJECTED
CVE-2017-4336
	REJECTED
CVE-2017-4335
	REJECTED
CVE-2017-4334
	REJECTED
CVE-2017-4333
	REJECTED
CVE-2017-4332
	REJECTED
CVE-2017-4331
	REJECTED
CVE-2017-4330
	REJECTED
CVE-2017-4329
	REJECTED
CVE-2017-4328
	REJECTED
CVE-2017-4327
	REJECTED
CVE-2017-4326
	REJECTED
CVE-2017-4325
	REJECTED
CVE-2017-4324
	REJECTED
CVE-2017-4323
	REJECTED
CVE-2017-4322
	REJECTED
CVE-2017-4321
	REJECTED
CVE-2017-4320
	REJECTED
CVE-2017-4319
	REJECTED
CVE-2017-4318
	REJECTED
CVE-2017-4317
	REJECTED
CVE-2017-4316
	REJECTED
CVE-2017-4315
	REJECTED
CVE-2017-4314
	REJECTED
CVE-2017-4313
	REJECTED
CVE-2017-4312
	REJECTED
CVE-2017-4311
	REJECTED
CVE-2017-4310
	REJECTED
CVE-2017-4309
	REJECTED
CVE-2017-4308
	REJECTED
CVE-2017-4307
	REJECTED
CVE-2017-4306
	REJECTED
CVE-2017-4305
	REJECTED
CVE-2017-4304
	REJECTED
CVE-2017-4303
	REJECTED
CVE-2017-4302
	REJECTED
CVE-2017-4301
	REJECTED
CVE-2017-4300
	REJECTED
CVE-2017-4299
	REJECTED
CVE-2017-4298
	REJECTED
CVE-2017-4297
	REJECTED
CVE-2017-4296
	REJECTED
CVE-2017-4295
	REJECTED
CVE-2017-4294
	REJECTED
CVE-2017-4293
	REJECTED
CVE-2017-4292
	REJECTED
CVE-2017-4291
	REJECTED
CVE-2017-4290
	REJECTED
CVE-2017-4289
	REJECTED
CVE-2017-4288
	REJECTED
CVE-2017-4287
	REJECTED
CVE-2017-4286
	REJECTED
CVE-2017-4285
	REJECTED
CVE-2017-4284
	REJECTED
CVE-2017-4283
	REJECTED
CVE-2017-4282
	REJECTED
CVE-2017-4281
	REJECTED
CVE-2017-4280
	REJECTED
CVE-2017-4279
	REJECTED
CVE-2017-4278
	REJECTED
CVE-2017-4277
	REJECTED
CVE-2017-4276
	REJECTED
CVE-2017-4275
	REJECTED
CVE-2017-4274
	REJECTED
CVE-2017-4273
	REJECTED
CVE-2017-4272
	REJECTED
CVE-2017-4271
	REJECTED
CVE-2017-4270
	REJECTED
CVE-2017-4269
	REJECTED
CVE-2017-4268
	REJECTED
CVE-2017-4267
	REJECTED
CVE-2017-4266
	REJECTED
CVE-2017-4265
	REJECTED
CVE-2017-4264
	REJECTED
CVE-2017-4263
	REJECTED
CVE-2017-4262
	REJECTED
CVE-2017-4261
	REJECTED
CVE-2017-4260
	REJECTED
CVE-2017-4259
	REJECTED
CVE-2017-4258
	REJECTED
CVE-2017-4257
	REJECTED
CVE-2017-4256
	REJECTED
CVE-2017-4255
	REJECTED
CVE-2017-4254
	REJECTED
CVE-2017-4253
	REJECTED
CVE-2017-4252
	REJECTED
CVE-2017-4251
	REJECTED
CVE-2017-4250
	REJECTED
CVE-2017-4249
	REJECTED
CVE-2017-4248
	REJECTED
CVE-2017-4247
	REJECTED
CVE-2017-4246
	REJECTED
CVE-2017-4245
	REJECTED
CVE-2017-4244
	REJECTED
CVE-2017-4243
	REJECTED
CVE-2017-4242
	REJECTED
CVE-2017-4241
	REJECTED
CVE-2017-4240
	REJECTED
CVE-2017-4239
	REJECTED
CVE-2017-4238
	REJECTED
CVE-2017-4237
	REJECTED
CVE-2017-4236
	REJECTED
CVE-2017-4235
	REJECTED
CVE-2017-4234
	REJECTED
CVE-2017-4233
	REJECTED
CVE-2017-4232
	REJECTED
CVE-2017-4231
	REJECTED
CVE-2017-4230
	REJECTED
CVE-2017-4229
	REJECTED
CVE-2017-4228
	REJECTED
CVE-2017-4227
	REJECTED
CVE-2017-4226
	REJECTED
CVE-2017-4225
	REJECTED
CVE-2017-4224
	REJECTED
CVE-2017-4223
	REJECTED
CVE-2017-4222
	REJECTED
CVE-2017-4221
	REJECTED
CVE-2017-4220
	REJECTED
CVE-2017-4219
	REJECTED
CVE-2017-4218
	REJECTED
CVE-2017-4217
	REJECTED
CVE-2017-4216
	REJECTED
CVE-2017-4215
	REJECTED
CVE-2017-4214
	REJECTED
CVE-2017-4213
	REJECTED
CVE-2017-4212
	REJECTED
CVE-2017-4211
	REJECTED
CVE-2017-4210
	REJECTED
CVE-2017-4209
	REJECTED
CVE-2017-4208
	REJECTED
CVE-2017-4207
	REJECTED
CVE-2017-4206
	REJECTED
CVE-2017-4205
	REJECTED
CVE-2017-4204
	REJECTED
CVE-2017-4203
	REJECTED
CVE-2017-4202
	REJECTED
CVE-2017-4201
	REJECTED
CVE-2017-4200
	REJECTED
CVE-2017-4199
	REJECTED
CVE-2017-4198
	REJECTED
CVE-2017-4197
	REJECTED
CVE-2017-4196
	REJECTED
CVE-2017-4195
	REJECTED
CVE-2017-4194
	REJECTED
CVE-2017-4193
	REJECTED
CVE-2017-4192
	REJECTED
CVE-2017-4191
	REJECTED
CVE-2017-4190
	REJECTED
CVE-2017-4189
	REJECTED
CVE-2017-4188
	REJECTED
CVE-2017-4187
	REJECTED
CVE-2017-4186
	REJECTED
CVE-2017-4185
	REJECTED
CVE-2017-4184
	REJECTED
CVE-2017-4183
	REJECTED
CVE-2017-4182
	REJECTED
CVE-2017-4181
	REJECTED
CVE-2017-4180
	REJECTED
CVE-2017-4179
	REJECTED
CVE-2017-4178
	REJECTED
CVE-2017-4177
	REJECTED
CVE-2017-4176
	REJECTED
CVE-2017-4175
	REJECTED
CVE-2017-4174
	REJECTED
CVE-2017-4173
	REJECTED
CVE-2017-4172
	REJECTED
CVE-2017-4171
	REJECTED
CVE-2017-4170
	REJECTED
CVE-2017-4169
	REJECTED
CVE-2017-4168
	REJECTED
CVE-2017-4167
	REJECTED
CVE-2017-4166
	REJECTED
CVE-2017-4165
	REJECTED
CVE-2017-4164
	REJECTED
CVE-2017-4163
	REJECTED
CVE-2017-4162
	REJECTED
CVE-2017-4161
	REJECTED
CVE-2017-4160
	REJECTED
CVE-2017-4159
	REJECTED
CVE-2017-4158
	REJECTED
CVE-2017-4157
	REJECTED
CVE-2017-4156
	REJECTED
CVE-2017-4155
	REJECTED
CVE-2017-4154
	REJECTED
CVE-2017-4153
	REJECTED
CVE-2017-4152
	REJECTED
CVE-2017-4151
	REJECTED
CVE-2017-4150
	REJECTED
CVE-2017-4149
	REJECTED
CVE-2017-4148
	REJECTED
CVE-2017-4147
	REJECTED
CVE-2017-4146
	REJECTED
CVE-2017-4145
	REJECTED
CVE-2017-4144
	REJECTED
CVE-2017-4143
	REJECTED
CVE-2017-4142
	REJECTED
CVE-2017-4141
	REJECTED
CVE-2017-4140
	REJECTED
CVE-2017-4139
	REJECTED
CVE-2017-4138
	REJECTED
CVE-2017-4137
	REJECTED
CVE-2017-4136
	REJECTED
CVE-2017-4135
	REJECTED
CVE-2017-4134
	REJECTED
CVE-2017-4133
	REJECTED
CVE-2017-4132
	REJECTED
CVE-2017-4131
	REJECTED
CVE-2017-4130
	REJECTED
CVE-2017-4129
	REJECTED
CVE-2017-4128
	REJECTED
CVE-2017-4127
	REJECTED
CVE-2017-4126
	REJECTED
CVE-2017-4125
	REJECTED
CVE-2017-4124
	REJECTED
CVE-2017-4123
	REJECTED
CVE-2017-4122
	REJECTED
CVE-2017-4121
	REJECTED
CVE-2017-4120
	REJECTED
CVE-2017-4119
	REJECTED
CVE-2017-4118
	REJECTED
CVE-2017-4117
	REJECTED
CVE-2017-4116
	REJECTED
CVE-2017-4115
	REJECTED
CVE-2017-4114
	REJECTED
CVE-2017-4113
	REJECTED
CVE-2017-4112
	REJECTED
CVE-2017-4111
	REJECTED
CVE-2017-4110
	REJECTED
CVE-2017-4109
	REJECTED
CVE-2017-4108
	REJECTED
CVE-2017-4107
	REJECTED
CVE-2017-4106
	REJECTED
CVE-2017-4105
	REJECTED
CVE-2017-4104
	REJECTED
CVE-2017-4103
	REJECTED
CVE-2017-4102
	REJECTED
CVE-2017-4101
	REJECTED
CVE-2017-4100
	REJECTED
CVE-2017-4099
	REJECTED
CVE-2017-4098
	REJECTED
CVE-2017-4097
	REJECTED
CVE-2017-4096
	REJECTED
CVE-2017-4095
	REJECTED
CVE-2017-4094
	REJECTED
CVE-2017-4093
	REJECTED
CVE-2017-4092
	REJECTED
CVE-2017-4091
	REJECTED
CVE-2017-4090
	REJECTED
CVE-2017-4089
	REJECTED
CVE-2017-4088
	REJECTED
CVE-2017-4087
	REJECTED
CVE-2017-4086
	REJECTED
CVE-2017-4085
	REJECTED
CVE-2017-4084
	REJECTED
CVE-2017-4083
	REJECTED
CVE-2017-4082
	REJECTED
CVE-2017-4081
	REJECTED
CVE-2017-4080
	REJECTED
CVE-2017-4079
	REJECTED
CVE-2017-4078
	REJECTED
CVE-2017-4077
	REJECTED
CVE-2017-4076
	REJECTED
CVE-2017-4075
	REJECTED
CVE-2017-4074
	REJECTED
CVE-2017-4073
	REJECTED
CVE-2017-4072
	REJECTED
CVE-2017-4071
	REJECTED
CVE-2017-4070
	REJECTED
CVE-2017-4069
	REJECTED
CVE-2017-4068
	REJECTED
CVE-2017-4067
	REJECTED
CVE-2017-4066
	REJECTED
CVE-2017-4065
	REJECTED
CVE-2017-4064
	REJECTED
CVE-2017-4063
	REJECTED
CVE-2017-4062
	REJECTED
CVE-2017-4061
	REJECTED
CVE-2017-4060
	REJECTED
CVE-2017-4059
	REJECTED
CVE-2017-4058
	REJECTED
CVE-2017-4057 (Privilege Escalation vulnerability in the web interface in McAfee Adva ...)
	NOT-FOR-US: McAfee
CVE-2017-4056
	REJECTED
CVE-2017-4055 (Exploitation of Authentication vulnerability in the web interface in M ...)
	NOT-FOR-US: McAfee
CVE-2017-4054 (Command Injection vulnerability in the web interface in McAfee Advance ...)
	NOT-FOR-US: McAfee
CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee Advance ...)
	NOT-FOR-US: McAfee
CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee Adv ...)
	NOT-FOR-US: McAfee
CVE-2017-4051
	RESERVED
CVE-2017-4050
	RESERVED
CVE-2017-4049
	REJECTED
CVE-2017-4048
	REJECTED
CVE-2017-4047
	REJECTED
CVE-2017-4046
	REJECTED
CVE-2017-4045
	REJECTED
CVE-2017-4044
	REJECTED
CVE-2017-4043
	REJECTED
CVE-2017-4042
	REJECTED
CVE-2017-4041
	REJECTED
CVE-2017-4040
	REJECTED
CVE-2017-4039
	REJECTED
CVE-2017-4038
	REJECTED
CVE-2017-4037
	REJECTED
CVE-2017-4036
	RESERVED
CVE-2017-4035
	REJECTED
CVE-2017-4034
	REJECTED
CVE-2017-4033
	REJECTED
CVE-2017-4032
	REJECTED
CVE-2017-4031
	REJECTED
CVE-2017-4030
	REJECTED
CVE-2017-4029
	REJECTED
CVE-2017-4028 (Maliciously misconfigured registry vulnerability in all Microsoft Wind ...)
	NOT-FOR-US: MacAfee
CVE-2017-4027
	REJECTED
CVE-2017-4026
	REJECTED
CVE-2017-4025
	REJECTED
CVE-2017-4024
	REJECTED
CVE-2017-4023
	REJECTED
CVE-2017-4022
	REJECTED
CVE-2017-4021
	REJECTED
CVE-2017-4020
	REJECTED
CVE-2017-4019
	REJECTED
CVE-2017-4018
	REJECTED
CVE-2017-4017 (User Name Disclosure in the server in McAfee Network Data Loss Prevent ...)
	NOT-FOR-US: McAfee
CVE-2017-4016 (Web Server method disclosure in the server in McAfee Network Data Loss ...)
	NOT-FOR-US: McAfee
CVE-2017-4015 (Clickjacking vulnerability in the server in McAfee Network Data Loss P ...)
	NOT-FOR-US: McAfee
CVE-2017-4014 (Session Side jacking vulnerability in the server in McAfee Network Dat ...)
	NOT-FOR-US: McAfee
CVE-2017-4013 (Banner Disclosure in the server in McAfee Network Data Loss Prevention ...)
	NOT-FOR-US: McAfee
CVE-2017-4012 (Privilege Escalation vulnerability in the server in McAfee Network Dat ...)
	NOT-FOR-US: McAfee
CVE-2017-4011 (Embedding Script (XSS) in HTTP Headers vulnerability in the server in  ...)
	NOT-FOR-US: McAfee
CVE-2017-4010
	REJECTED
CVE-2017-4009
	REJECTED
CVE-2017-4008
	REJECTED
CVE-2017-4007
	REJECTED
CVE-2017-4006
	REJECTED
CVE-2017-4005
	REJECTED
CVE-2017-4004
	REJECTED
CVE-2017-4003
	REJECTED
CVE-2017-4002
	REJECTED
CVE-2017-4001
	REJECTED
CVE-2017-4000
	REJECTED
CVE-2017-3999
	REJECTED
CVE-2017-3998
	REJECTED
CVE-2017-3997
	REJECTED
CVE-2017-3996
	RESERVED
CVE-2017-3995
	REJECTED
CVE-2017-3994
	REJECTED
CVE-2017-3993
	REJECTED
CVE-2017-3992
	REJECTED
CVE-2017-3991
	REJECTED
CVE-2017-3990
	REJECTED
CVE-2017-3989
	REJECTED
CVE-2017-3988
	RESERVED
CVE-2017-3987
	REJECTED
CVE-2017-3986
	REJECTED
CVE-2017-3985
	REJECTED
CVE-2017-3984
	REJECTED
CVE-2017-3983
	REJECTED
CVE-2017-3982
	REJECTED
CVE-2017-3981
	REJECTED
CVE-2017-3980 (A directory traversal vulnerability in the ePO Extension in McAfee ePo ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2017-3979
	REJECTED
CVE-2017-3978
	REJECTED
CVE-2017-3977
	REJECTED
CVE-2017-3976
	REJECTED
CVE-2017-3975
	REJECTED
CVE-2017-3974
	REJECTED
CVE-2017-3973
	REJECTED
CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface  ...)
	NOT-FOR-US: McAfee
CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network Sec ...)
	NOT-FOR-US: McAfee
CVE-2017-3970
	RESERVED
CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee  ...)
	NOT-FOR-US: McAfee
CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network  ...)
	NOT-FOR-US: McAfee
CVE-2017-3967 (Target influence via framing vulnerability in the web interface in McA ...)
	NOT-FOR-US: McAfee
CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted cred ...)
	NOT-FOR-US: McAfee
CVE-2017-3965 (Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability i ...)
	NOT-FOR-US: McAfee
CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web interfa ...)
	NOT-FOR-US: McAfee
CVE-2017-3963
	REJECTED
CVE-2017-3962 (Password recovery exploitation vulnerability in the non-certificate-ba ...)
	NOT-FOR-US: McAfee
CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in McAfe ...)
	NOT-FOR-US: McAfee
CVE-2017-3960 (Exploitation of Authorization vulnerability in the web interface in Mc ...)
	NOT-FOR-US: McAfee
CVE-2017-3959
	REJECTED
CVE-2017-3958
	REJECTED
CVE-2017-3957
	REJECTED
CVE-2017-3956
	REJECTED
CVE-2017-3955
	REJECTED
CVE-2017-3954
	REJECTED
CVE-2017-3953
	REJECTED
CVE-2017-3952
	REJECTED
CVE-2017-3951
	REJECTED
CVE-2017-3950
	REJECTED
CVE-2017-3949
	REJECTED
CVE-2017-3948 (Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee  ...)
	NOT-FOR-US: McAfee
CVE-2017-3947
	REJECTED
CVE-2017-3946
	REJECTED
CVE-2017-3945
	REJECTED
CVE-2017-3944
	REJECTED
CVE-2017-3943
	REJECTED
CVE-2017-3942
	REJECTED
CVE-2017-3941
	REJECTED
CVE-2017-3940
	REJECTED
CVE-2017-3939
	REJECTED
CVE-2017-3938
	REJECTED
CVE-2017-3937
	RESERVED
CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO ...)
	NOT-FOR-US: McAfee
CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...)
	NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...)
	NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...)
	NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3932
	RESERVED
CVE-2017-3931
	REJECTED
CVE-2017-3930
	REJECTED
CVE-2017-3929
	REJECTED
CVE-2017-3928
	RESERVED
CVE-2017-3927
	RESERVED
CVE-2017-3926
	RESERVED
CVE-2017-3925
	RESERVED
CVE-2017-3924
	RESERVED
CVE-2017-3923
	RESERVED
CVE-2017-3922
	RESERVED
CVE-2017-3921
	RESERVED
CVE-2017-3920
	RESERVED
CVE-2017-3919
	RESERVED
CVE-2017-3918
	RESERVED
CVE-2017-3917
	RESERVED
CVE-2017-3916
	RESERVED
CVE-2017-3915
	RESERVED
CVE-2017-3914
	RESERVED
CVE-2017-3913
	RESERVED
CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application and Ch ...)
	NOT-FOR-US: McAfee
CVE-2017-3911
	RESERVED
CVE-2017-3910
	RESERVED
CVE-2017-3909
	RESERVED
CVE-2017-3908
	RESERVED
CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...)
	NOT-FOR-US: McAfee
CVE-2017-3906
	RESERVED
CVE-2017-3905
	RESERVED
CVE-2017-3904
	RESERVED
CVE-2017-3903
	RESERVED
CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...)
	NOT-FOR-US: Intel Security ePO
CVE-2017-3901
	RESERVED
CVE-2017-3900
	RESERVED
CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense  ...)
	NOT-FOR-US: Intel antivirus
CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based  ...)
	NOT-FOR-US: McAfee
CVE-2017-3897 (A Code Injection vulnerability in the non-certificate-based authentica ...)
	NOT-FOR-US: McAfee
CVE-2017-3896 (Unvalidated parameter vulnerability in the remote log viewing capabili ...)
	NOT-FOR-US: Intel McAfee
CVE-2017-3895
	REJECTED
CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...)
	- libpng1.6 1.6.27-1 (bug #849799)
	- libpng <removed>
	[jessie] - libpng 1.2.50-2+deb8u3
	[wheezy] - libpng <no-dsa> (Minor issue)
	NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27
	NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba
	NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16)
	NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12)
CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local  ...)
	- tqdm 4.11.2-1 (bug #849632)
	NOTE: https://github.com/tqdm/tqdm/issues/328
CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...)
	{DSA-3769-1 DLA-792-1}
	- libphp-swiftmailer 5.4.2-1.1 (bug #849626)
	NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
	NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
	NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums befo ...)
	NOT-FOR-US: Vanilla Forums
CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' ...)
	NOT-FOR-US: WampServer
CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 do ...)
	- linux 4.7.8-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux <no-dsa> (Changes required are too invasive)
CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM ...)
	NOT-FOR-US: Radisys MRF Web Panel
CVE-2016-10042 (Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (ak ...)
	NOT-FOR-US: Arcadyan SLT-00 Star* devices
CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service Progr ...)
	NOT-FOR-US: Sprecher Automation SPRECON-E Service
CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows rem ...)
	- qt4-x11 4:4.8.7+dfsg-1 (low; bug #851058)
	[jessie] - qt4-x11 <ignored> (Minor issue)
	[wheezy] - qt4-x11 <ignored> (Minor issue)
	- qtbase-opensource-src 5.2.0+dfsg-7
	NOTE: CVE assignment specific to http://www.openwall.com/lists/oss-security/2016/12/24/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/24/1
	NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac
CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10038 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10037 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10036 (Unrestricted file upload vulnerability in ui/artifact/upload in JFrog  ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2016-10035
	RESERVED
CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail componen ...)
	- zendframework <not-affected> (Vulnerable code not present in ZF1, cf. #850215)
	NOTE: https://framework.zend.com/security/advisory/ZF2016-04
	NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
	NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
CVE-2014-9914 (Race condition in the ip4_datagram_release_cb function in net/ipv4/dat ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow remote att ...)
	- libphp-phpmailer <not-affected> (Incomplete fix not applied)
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before 5.2. ...)
	{DSA-3750-1 DLA-770-1}
	- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
	NOTE: Fix potentially incomplete, cf http://www.openwall.com/lists/oss-security/2016/12/28/1
	NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the
	NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045.
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
	NOTE: Needs followup: https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
	NOTE: Another followup: https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
CVE-2016-10032
	RESERVED
CVE-2016-10031 (** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapac ...)
	NOT-FOR-US: WampServer
CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 1 ...)
	{DLA-921-1}
	- slurm-llnl 16.05.8-1 (bug #850491)
	[jessie] - slurm-llnl 14.03.9-5+deb8u1
	NOTE: https://www.schedmd.com/news.php?id=178
	NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console  ...)
	NOT-FOR-US: BlackBerry
CVE-2017-3893 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the defau ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-3892 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an inform ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-3891 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevat ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-3890 (A reflected cross-site scripting vulnerability in the BlackBerry Watch ...)
	NOT-FOR-US: BlackBerry
CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered Envelope  ...)
	NOT-FOR-US: Cisco
CVE-2017-3888 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3887 (A vulnerability in the detection engine that handles Secure Sockets La ...)
	NOT-FOR-US: Cisco
CVE-2017-3886 (A vulnerability in the Cisco Unified Communications Manager web interf ...)
	NOT-FOR-US: Cisco
CVE-2017-3885 (A vulnerability in the detection engine reassembly of Secure Sockets L ...)
	NOT-FOR-US: Cisco
CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime Infrastructure and ...)
	NOT-FOR-US: Cisco
CVE-2017-3883 (A vulnerability in the authentication, authorization, and accounting ( ...)
	NOT-FOR-US: Cisco
CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP) implementation i ...)
	NOT-FOR-US: Cisco
CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) process ...)
	NOT-FOR-US: Cisco
CVE-2017-3880 (An Authentication Bypass vulnerability in Cisco WebEx Meetings Server  ...)
	NOT-FOR-US: Cisco
CVE-2017-3879 (A Denial of Service vulnerability in the remote login functionality fo ...)
	NOT-FOR-US: Cisco
CVE-2017-3878 (A Denial of Service vulnerability in the Telnet remote login functiona ...)
	NOT-FOR-US: Cisco
CVE-2017-3877 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2017-3876 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in certain ...)
	NOT-FOR-US: Cisco
CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2017-3873 (A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Airo ...)
	NOT-FOR-US: Cisco
CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the web-ba ...)
	NOT-FOR-US: Cisco
CVE-2017-3871 (A RADIUS Secret Disclosure vulnerability in the web network management ...)
	NOT-FOR-US: Cisco
CVE-2017-3870 (A vulnerability in the URL filtering feature of Cisco AsyncOS Software ...)
	NOT-FOR-US: Cisco
CVE-2017-3869 (An API Credentials Management vulnerability in the APIs for Cisco Prim ...)
	NOT-FOR-US: Cisco
CVE-2017-3868 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2017-3867 (A vulnerability in the Border Gateway Protocol (BGP) Bidirectional For ...)
	NOT-FOR-US: Cisco
CVE-2017-3866 (A vulnerability in the web framework code of Cisco Prime Service Catal ...)
	NOT-FOR-US: Cisco
CVE-2017-3865 (A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5 ...)
	NOT-FOR-US: Cisco
CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2,  ...)
	NOT-FOR-US: Cisco
CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...)
	NOT-FOR-US: Cisco
CVE-2017-3862 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...)
	NOT-FOR-US: Cisco
CVE-2017-3861 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...)
	NOT-FOR-US: Cisco
CVE-2017-3860 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...)
	NOT-FOR-US: Cisco
CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning featu ...)
	NOT-FOR-US: Cisco
CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could al ...)
	NOT-FOR-US: Cisco
CVE-2017-3857 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing funct ...)
	NOT-FOR-US: Cisco
CVE-2017-3856 (A vulnerability in the web user interface of Cisco IOS XE 3.1 through  ...)
	NOT-FOR-US: Cisco
CVE-2017-3855
	RESERVED
CVE-2017-3854 (A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC ...)
	NOT-FOR-US: Cisco
CVE-2017-3853 (A vulnerability in the Data-in-Motion (DMo) process installed with the ...)
	NOT-FOR-US: Cisco
CVE-2017-3852 (A vulnerability in the Cisco application-hosting framework (CAF) compo ...)
	NOT-FOR-US: Cisco
CVE-2017-3851 (A Directory Traversal vulnerability in the web framework code of the C ...)
	NOT-FOR-US: Cisco
CVE-2017-3850 (A vulnerability in the Autonomic Networking Infrastructure (ANI) featu ...)
	NOT-FOR-US: Cisco
CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) regis ...)
	NOT-FOR-US: Cisco
CVE-2017-3848 (A vulnerability in the HTTP web-based management interface of Cisco Pr ...)
	NOT-FOR-US: Cisco
CVE-2017-3847 (A vulnerability in the web framework of Cisco Firepower Management Cen ...)
	NOT-FOR-US: Cisco
CVE-2017-3846 (A vulnerability in the Client Manager Server of Cisco Workload Automat ...)
	NOT-FOR-US: Cisco
CVE-2017-3845 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2017-3844 (A vulnerability in exporting functions of the user interface for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3843 (A vulnerability in the file download functions for Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2017-3842 (A vulnerability in the web-based management interface of the Cisco Int ...)
	NOT-FOR-US: Cisco
CVE-2017-3841 (A vulnerability in the web interface of the Cisco Secure Access Contro ...)
	NOT-FOR-US: Cisco
CVE-2017-3840 (A vulnerability in the web interface of the Cisco Secure Access Contro ...)
	NOT-FOR-US: Cisco
CVE-2017-3839 (An XML External Entity vulnerability in the web-based user interface o ...)
	NOT-FOR-US: Cisco
CVE-2017-3838 (A vulnerability in Cisco Secure Access Control System (ACS) could allo ...)
	NOT-FOR-US: Cisco
CVE-2017-3837 (An HTTP Packet Processing vulnerability in the Web Bridge interface of ...)
	NOT-FOR-US: Cisco
CVE-2017-3836 (A vulnerability in the web framework Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco
CVE-2017-3835 (A vulnerability in the sponsor portal of Cisco Identity Services Engin ...)
	NOT-FOR-US: Cisco
CVE-2017-3834 (A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Se ...)
	NOT-FOR-US: Cisco
CVE-2017-3833 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2017-3832 (A vulnerability in the web management interface of Cisco Wireless LAN  ...)
	NOT-FOR-US: Cisco
CVE-2017-3831 (A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Se ...)
	NOT-FOR-US: Cisco
CVE-2017-3830 (A vulnerability in an internal API of the Cisco Meeting Server (CMS) c ...)
	NOT-FOR-US: Cisco
CVE-2017-3829 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3828 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3827 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...)
	NOT-FOR-US: Cisco
CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol (SCTP) dec ...)
	NOT-FOR-US: Cisco
CVE-2017-3825 (A vulnerability in the ICMP ingress packet processing of Cisco TelePre ...)
	NOT-FOR-US: Cisco
CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series Co ...)
	NOT-FOR-US: Cisco
CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on G ...)
	NOT-FOR-US: Cisco
CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower Threat ...)
	NOT-FOR-US: Cisco Firepower Threat Defense
CVE-2017-3821 (A vulnerability in the serviceability page of Cisco Unified Communicat ...)
	NOT-FOR-US: Cisco
CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) functions ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2017-3819 (A privilege escalation vulnerability in the Secure Shell (SSH) subsyst ...)
	NOT-FOR-US: Cisco
CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...)
	NOT-FOR-US: Cisco Email Security Appliances
CVE-2017-3817 (A vulnerability in the role-based resource checking functionality of C ...)
	NOT-FOR-US: Cisco
CVE-2017-3816
	RESERVED
CVE-2017-3815 (An API Privilege vulnerability in Cisco TelePresence Server Software c ...)
	NOT-FOR-US: Cisco
CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow an unau ...)
	NOT-FOR-US: Cisco Firepower System Software
CVE-2017-3813 (A vulnerability in the Start Before Logon (SBL) module of Cisco AnyCon ...)
	NOT-FOR-US: Cisco
CVE-2017-3812 (A vulnerability in the implementation of Common Industrial Protocol (C ...)
	NOT-FOR-US: Cisco Industrial Ethernet 2000 Series Switches
CVE-2017-3811 (An XML External Entity vulnerability in Cisco WebEx Meetings Server co ...)
	NOT-FOR-US: Cisco
CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...)
	NOT-FOR-US: Cisco Prime Service Catalog
CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...)
	NOT-FOR-US: Cisco Firepower Management Center
CVE-2017-3808 (A vulnerability in the Session Initiation Protocol (SIP) UDP throttlin ...)
	NOT-FOR-US: Cisco
CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in the Clien ...)
	NOT-FOR-US: Cisco
CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100  ...)
	NOT-FOR-US: Cisco Firepower
CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco IOS and ...)
	NOT-FOR-US: Cisco IOS
CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System (IS-IS)  ...)
	NOT-FOR-US: Cisco
CVE-2017-3803 (A vulnerability in the Cisco IOS Software forwarding queue of Cisco 29 ...)
	NOT-FOR-US: Cisco
CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and ...)
	NOT-FOR-US: Cisco
CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS Softwa ...)
	NOT-FOR-US: Cisco Email Security Appliance
CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...)
	NOT-FOR-US: Cisco
CVE-2017-3798 (A cross-site scripting (XSS) filter bypass vulnerability in the web-ba ...)
	NOT-FOR-US: Cisco
CVE-2017-3797 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2017-3796 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2017-3795 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2017-3793 (A vulnerability in the TCP normalizer of Cisco Adaptive Security Appli ...)
	NOT-FOR-US: Cisco
CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco  ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow a ...)
	NOT-FOR-US: Cisco
CVE-2017-3790 (A vulnerability in the received packet parser of Cisco Expressway Seri ...)
	NOT-FOR-US: Cisco Expressway
CVE-2016-5103
	REJECTED
CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when the Sec ...)
	- libsmack-java <itp> (bug #640873)
CVE-2016-10023
	REJECTED
CVE-2016-10022
	REJECTED
CVE-2016-10021
	REJECTED
CVE-2016-10020
	REJECTED
CVE-2016-10019
	REJECTED
CVE-2016-10018
	REJECTED
CVE-2016-10017
	REJECTED
CVE-2016-10016
	REJECTED
CVE-2016-10015
	REJECTED
CVE-2016-10014
	REJECTED
CVE-2016-9645 (The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in edi ...)
	- ikiwiki 3.20161229
	[jessie] - ikiwiki <not-affected> (Incomplete fix for CVE-2016-10026 not applied)
	[wheezy] - ikiwiki <not-affected> (Incomplete fix for CVE-2016-10026 not applied)
	NOTE: https://ikiwiki.info/security/#cve-2016-9645
CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes the a ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20161219
	NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
	NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7
	NOTE: When fixing this issue make sure to apply the complete correct fix to
	NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645.
CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD v ...)
	- xen 4.8.0-1
	[jessie] - xen <not-affected> (Vulnerable code introduced later)
	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-203.html
CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators t ...)
	{DSA-3847-1 DLA-783-1}
	- xen 4.8.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...)
	- qemu 1:2.10.0-1 (bug #849798; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/1
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31 (v2.9.0-rc0)
CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...)
	- qemu 1:2.7+dfsg-1
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2
CVE-2017-3789
	REJECTED
CVE-2017-3788
	REJECTED
CVE-2017-3787
	REJECTED
CVE-2017-3786
	REJECTED
CVE-2017-3785
	REJECTED
CVE-2017-3784
	REJECTED
CVE-2017-3783
	REJECTED
CVE-2017-3782
	REJECTED
CVE-2017-3781
	REJECTED
CVE-2017-3780
	REJECTED
CVE-2017-3779
	REJECTED
CVE-2017-3778
	REJECTED
CVE-2017-3777
	REJECTED
CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowe ...)
	NOT-FOR-US: Lenovo Help Android mobile app
CVE-2017-3775 (Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3774 (A stack overflow vulnerability was discovered within the web administr ...)
	NOT-FOR-US: IBM
CVE-2017-3773
	REJECTED
CVE-2017-3772
	RESERVED
CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and ThinkC ...)
	NOT-FOR-US: Lenovo
CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 ...)
	NOT-FOR-US: Lenovo LXCA
CVE-2017-3769
	RESERVED
CVE-2017-3768 (An unprivileged attacker with connectivity to the IMM2 could cause a d ...)
	NOT-FOR-US: IBM System x / IMM2
CVE-2017-3767 (A local privilege escalation vulnerability was identified in the Realt ...)
	NOT-FOR-US: Lenovo
CVE-2017-3766
	RESERVED
CVE-2017-3765 (In Enterprise Networking Operating System (ENOS) in Lenovo and IBM Rac ...)
	NOT-FOR-US: IBM RackSwitch and BladeCenter products
CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (LXCA) ...)
	NOT-FOR-US: Lenovo XClarity Administrator
CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file sys ...)
	NOT-FOR-US: Lenovo LXCA
CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01. ...)
	NOT-FOR-US: Lenovo Fingerprint Manager Pro
CVE-2017-3761 (The Lenovo Service Framework Android application executes some system  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of nonsecu ...)
	NOT-FOR-US: Lenovo
CVE-2017-3759 (The Lenovo Service Framework Android application accepts some response ...)
	NOT-FOR-US: Lenovo
CVE-2017-3758 (Improper access controls on several Android components in the Lenovo S ...)
	NOT-FOR-US: Lenovo
CVE-2017-3757 (An unquoted service path vulnerability was identified in the driver fo ...)
	NOT-FOR-US: Lenovo
CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active P ...)
	NOT-FOR-US: Lenovo
CVE-2017-3755
	RESERVED
CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections prope ...)
	NOT-FOR-US: Lenovo
CVE-2017-3753 (A vulnerability has been identified in some Lenovo products that use U ...)
	NOT-FOR-US: Lenovo
CVE-2017-3752 (An industry-wide vulnerability has been identified in the implementati ...)
	NOT-FOR-US: Lenovo
CVE-2017-3751 (An unquoted service path vulnerability was identified in the driver fo ...)
	NOT-FOR-US: driver for the ThinkPad Compact USB Keyboard with TrackPoint
CVE-2017-3750 (On Lenovo VIBE mobile phones, the Lenovo Security Android application  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3749 (On Lenovo VIBE mobile phones, the Idea Friend Android application allo ...)
	NOT-FOR-US: Lenovo
CVE-2017-3748 (On Lenovo VIBE mobile phones, improper access controls on the nac_serv ...)
	NOT-FOR-US: Lenovo
CVE-2017-3747 (Privilege escalation vulnerability in Lenovo Nerve Center for Windows  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3746 (ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, var ...)
	NOT-FOR-US: Lenovo
CVE-2017-3745 (In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3744 (In the IMM2 firmware of Lenovo System x servers, remote commands issue ...)
	NOT-FOR-US: Lenovo
CVE-2017-3743 (If multiple users are concurrently logged into a single system where o ...)
	NOT-FOR-US: Lenovo
CVE-2017-3742 (In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4. ...)
	NOT-FOR-US: Lenovo
CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local user  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an attacker with  ...)
	NOT-FOR-US: Lenovo
CVE-2017-3739
	REJECTED
CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication procedu ...)
	{DSA-4065-1}
	- openssl 1.1.0h-1 (low)
	[stretch] - openssl 1.1.0f-3+deb9u2
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	- openssl1.0 1.0.2n-1 (low)
	NOTE: https://www.openssl.org/news/secadv/20171207.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error stat ...)
	{DSA-4065-1}
	- openssl 1.1.0b-2
	[jessie] - openssl <not-affected> (Issue introduced in 1.0.2b)
	[wheezy] - openssl <not-affected> (Issue introduced in 1.0.2b)
	- openssl1.0 1.0.2n-1
	NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
	NOTE: thus mark as fixed in the first 1.1.0 version which entered unstable.
	NOTE: https://www.openssl.org/news/secadv/20171207.txt
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=898fb884b706aaeb283de4812340bb0bde8476dc
	NOTE: 1.0.2b introduced a hardening mechanism designed to protect against bugs
	NOTE: in application code. This CVE applies to the hardening mechanism being
	NOTE: incomplete. OpenSSL versions older than 1.0.2b don't have the hardening
	NOTE: mechanism at all.
	NOTE: Hardening mechanism introduced in:
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589
CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring pro ...)
	{DSA-4017-1}
	- openssl 1.1.0g-1
	[stretch] - openssl 1.1.0f-3+deb9u1
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	- openssl1.0 1.0.2m-1
	NOTE: https://www.openssl.org/news/secadv/20171102.txt
	NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b
	NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871
CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...)
	{DSA-4018-1 DSA-4017-1 DLA-1157-1}
	- openssl 1.1.0g-1
	- openssl1.0 1.0.2m-1
	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db
	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822
CVE-2017-3734
	REJECTED
CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is  ...)
	- openssl 1.1.0e-1
	[jessie] - openssl <not-affected> (Only affects 1.1)
	[wheezy] - openssl <not-affected> (Only affects 1.1)
	- openssl1.0 <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20170216.txt
CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery squaring pro ...)
	- openssl 1.1.0d-1
	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	- openssl1.0 1.0.2k-1
	NOTE: https://www.openssl.org/news/secadv/20170126.txt
CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and a spec ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.1.0d-1
	- openssl1.0 1.0.2k-1
	NOTE: https://www.openssl.org/news/secadv/20170126.txt
	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
	NOTE: and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad par ...)
	- openssl 1.1.0d-1
	[jessie] - openssl <not-affected> (Only affects OpenSSL 1.1)
	[wheezy] - openssl <not-affected> (Only affects OpenSSL 1.1)
	- openssl1.0 <not-affected> (Only affects OpenSSL 1.1)
	NOTE: https://www.openssl.org/news/secadv/20170126.txt
CVE-2016-9999
	RESERVED
CVE-2016-9996
	REJECTED
CVE-2016-9995
	REJECTED
CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2016-9989 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9988 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9987 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9986 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information  ...)
	NOT-FOR-US: IBM
CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authentic ...)
	NOT-FOR-US: IBM
CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an a ...)
	NOT-FOR-US: IBM
CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cro ...)
	NOT-FOR-US: IBM
CVE-2016-9974
	RESERVED
CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-9972 (IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensiti ...)
	NOT-FOR-US: IBM
CVE-2016-9971
	RESERVED
CVE-2016-9970
	RESERVED
CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux. ...)
	- libwebp 0.5.2-1
	[jessie] - libwebp <not-affected> (Vulnerable code not present; introduced later)
	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=322
	NOTE: https://chromium.googlesource.com/webm/libwebp/+/5ab6d9de1fb690dc20a27e5120e4d976b96502aa
CVE-2016-9968
	RESERVED
CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Teleco ...)
	NOT-FOR-US: Samsung
CVE-2016-9966 (Lack of appropriate exception handling in some receivers of the Teleco ...)
	NOT-FOR-US: Samsung
CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Teleco ...)
	NOT-FOR-US: Samsung
CVE-2016-9962 (RunC allowed additional container processes via 'runc exec' to be ptra ...)
	- docker.io 1.13.1~ds1-2 (bug #850952)
	- runc 0.1.1+dfsg1-2 (bug #850951)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
	NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6
	NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular E ...)
	- chicken 4.12.0-0.2 (low; bug #851278)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
	NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
	NOTE: For chicken vulnerable code in ./irregex-core.scm
CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...)
	- curl <not-affected> (Windows CE specific issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221C.html
CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...)
	- curl <not-affected> (Windows CE specific issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221B.html
CVE-2016-10008 (SQL injection vulnerability in the "Content Types &gt; Content Types"  ...)
	NOT-FOR-US: dotCMS
CVE-2016-10007 (SQL injection vulnerability in the "Marketing &gt; Forms" screen in do ...)
	NOT-FOR-US: dotCMS
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...)
	NOT-FOR-US: OWASP AntiSamy
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...)
	NOT-FOR-US: SAP
CVE-2016-10004
	RESERVED
CVE-2016-10001
	RESERVED
CVE-2016-10000
	RESERVED
CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain p ...)
	{DSA-3847-1 DLA-783-1}
	- xen 4.8.0-1 (bug #848713)
	NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 (The shared memory manager (associated with pre-authentication compress ...)
	{DLA-1500-1}
	- openssh 1:7.4p1-1 (low; bug #848717)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20
CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...)
	{DLA-1500-1}
	- openssh 1:7.4p1-1 (low; bug #848716)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122
CVE-2016-10010 (sshd in OpenSSH before 7.4, when privilege separation is not used, cre ...)
	- openssh 1:7.4p1-1 (unimportant; bug #848715)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189
	NOTE: Privilege separation is enabled in the Debian package
CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...)
	{DLA-1500-1}
	- openssh 1:7.4p1-1 (low; bug #848714)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215
CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability  ...)
	{DLA-760-1}
	- spip 3.1.4-2 (bug #848641)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...)
	{DLA-760-1}
	- spip 3.1.4-2 (bug #848641)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2015-8980 (The plural form formula in ngettext family of calls in php-gettext bef ...)
	- php-gettext 1.0.12-0.1 (bug #851770)
	[jessie] - php-gettext <no-dsa> (Minor issue)
	[wheezy] - php-gettext <no-dsa> (Minor issue)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: For phpmyadmin, unimportant, since embeds lib but does not use in exploitable way
	NOTE: http://seclists.org/fulldisclosure/2016/Aug/76
	NOTE: Upstream patch: https://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/61
CVE-2015-8979 (Stack-based buffer overflow in the parsePresentationContext function i ...)
	{DSA-3749-1 DLA-755-1}
	- dcmtk 3.6.1~20160216-2 (bug #848830)
	NOTE: 3.6.1~20160216-2 is the first version in unstable containing the fix
	NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
	NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2
CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 t ...)
	- squid3 3.5.23-1 (bug #848491)
	[jessie] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
	[wheezy] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
	NOTE: Marked as not-affected, vulnerable vulnerability not present due to
	NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch (for squid 3.5.22 only)
	NOTE: Vulnerable Squid Versions:
	NOTE: 3.5.0.1 up to and including 3.5.22
	NOTE: 4.0.1 up to and including 4.0.16
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...)
	{DSA-3745-1 DLA-763-1}
	- squid3 3.5.23-1 (bug #848493)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4169
	NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2016_11.patch
	NOTE: Vulnerable squid versions:
	NOTE: 3.1.10 up to and including 3.1.23
	NOTE: 3.2.0.3 up to and including 3.5.22
	NOTE: 4.0.1 up to and including 4.0.16
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-582384
	REJECTED
CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...)
	{DSA-3743-1 DLA-761-1}
	- python-bottle 0.12.11-1 (bug #848392)
	NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
	NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the private  ...)
	{DSA-3747-1 DLA-762-1}
	- exim4 4.88~RC6-2
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
	NOTE: https://exim.org/static/doc/CVE-2016-9963.txt
CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values. ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of se ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to arbitr ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1. ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote attacker ...)
	{DSA-3742-1}
	- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11
CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...)
	NOT-FOR-US: Apport
CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...)
	NOT-FOR-US: Apport
CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, Appo ...)
	NOT-FOR-US: Apport
CVE-2016-9948
	RESERVED
CVE-2016-9947
	RESERVED
CVE-2016-9946
	RESERVED
CVE-2016-9945
	RESERVED
CVE-2016-9944
	RESERVED
CVE-2016-9943
	RESERVED
CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer  ...)
	{DSA-3753-1 DLA-1979-1 DLA-777-1}
	- libvncserver 0.9.11+dfsg-1 (bug #850008)
	- italc 1:3.0.2+dfsg1-1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/pull/137
	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb
CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...)
	{DSA-3753-1 DLA-1979-1 DLA-777-1}
	- libvncserver 0.9.11+dfsg-1 (bug #850007)
	- italc 1:3.0.2+dfsg1-1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/pull/137
	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9940
	RESERVED
CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ...)
	{DLA-1298-1}
	- simplesamlphp 1.14.11-1 (low)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201612-02
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/7
CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its A ...)
	{DSA-3748-1 DLA-766-1}
	- libcrypto++ 5.6.4-5 (bug #848009)
	NOTE: https://github.com/weidai11/cryptopp/issues/346
CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows l ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.0~rc3-1 (bug #848081)
	NOTE: https://xenbits.xen.org/xsa/advisory-200.html
CVE-2016-9931
	RESERVED
CVE-2016-9930
	RESERVED
CVE-2016-9929
	RESERVED
CVE-2016-9927
	RESERVED
CVE-2016-9926
	RESERVED
CVE-2016-9925
	RESERVED
CVE-2016-9924 (Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers  ...)
	NOT-FOR-US: Zimbra
CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x before ...)
	- php7.0 7.0.14-1
	NOTE: Fixed in PHP 7.0.14 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
	NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...)
	{DSA-3737-1 DLA-818-1}
	- php7.0 7.0.14-1
	- php5 <removed>
	NOTE: Fixed in PHP 5.6.29 and 7.0.14
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
	NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...)
	{DSA-3732-1 DLA-818-1}
	- php7.0 7.0.13-1
	- php5 <removed>
	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
	NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...)
	{DSA-3751-1 DSA-3732-1 DLA-758-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
	NOTE: This problem could be seen as a programmer fault but the fix is easy and
	NOTE: the effect is rather dramatic so it should be fixed anyway.
	NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2)
	NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
	NOTE: GD release info: https://libgd.github.io/release-2.2.2.html
	- php7.0 7.0.13-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
	NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...)
	- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
	NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
	NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending
	NOTE: function. Thus Debian was never vulnerable.
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
	NOTE: Cf. https://bugs.debian.org/847666
CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 1 ...)
	- asterisk 1:13.13.1~dfsg-1 (bug #847668)
	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u2
	[wheezy] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
	NOTE: Only applicable if a proxy is in use.
CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is vuln ...)
	- qemu 1:2.8+dfsg-1 (bug #847957)
	[jessie] - qemu <ignored> (Minor issue; too complex to backport)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05597.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480 (v2.8.0-rc0)
CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Qu ...)
	{DLA-1497-1 DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847960)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
	NOTE: CVE for the "blit pitch values" issue.
	NOTE: Should be fixed along with CVE-2014-8106
CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator sup ...)
	{DLA-1497-1 DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847960)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
	NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero" issue.
CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
	NOTE: Crash in btmon CLI tool, no security impact
CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in  ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9906
	REJECTED
CVE-2016-9905 (A potentially exploitable crash in "EnumerateSubDocuments" while addin ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox <not-affected> (Only affects Firefox 45 ESR series)
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905
CVE-2016-9904 (An attacker could use a JavaScript Map/Set timing attack to determine  ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904
CVE-2016-9903 (Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903
CVE-2016-9902 (The Pocket toolbar button, once activated, listens for events fired fr ...)
	{DSA-3734-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902
CVE-2016-9901 (HTML tags received from the Pocket server will be processed without sa ...)
	{DSA-3734-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
CVE-2016-9900 (External resources that should be blocked when loaded by SVG images ca ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900
CVE-2016-9899 (Use-after-free while manipulating DOM events and removing audio elemen ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899
CVE-2016-9898 (Use-after-free resulting in potentially exploitable crash when manipul ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898
CVE-2016-9897 (Memory corruption resulting in a potentially exploitable crash during  ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897
CVE-2016-9896 (Use-after-free while manipulating the "navigator" object within WebVR. ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
CVE-2016-9895 (Event handlers on "marquee" elements were executed despite a strict Co ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895
CVE-2016-9894 (A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
CVE-2016-9893 (Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893
CVE-2017-3729
	RESERVED
CVE-2017-3728
	RESERVED
CVE-2017-3727
	RESERVED
CVE-2017-3726
	RESERVED
CVE-2017-3725
	RESERVED
CVE-2017-3724
	RESERVED
CVE-2017-3723
	RESERVED
CVE-2017-3722
	RESERVED
CVE-2017-3721
	RESERVED
CVE-2017-3720
	RESERVED
CVE-2017-3719
	RESERVED
CVE-2017-3718 (Improper setting of device configuration in system firmware for Intel( ...)
	NOT-FOR-US: Intel
CVE-2017-3717
	RESERVED
CVE-2017-3716
	RESERVED
CVE-2017-3715
	RESERVED
CVE-2017-3714
	RESERVED
CVE-2017-3713
	RESERVED
CVE-2017-3712
	RESERVED
CVE-2017-3711
	RESERVED
CVE-2017-3710
	RESERVED
CVE-2017-3709
	RESERVED
CVE-2017-3708
	RESERVED
CVE-2017-3707
	RESERVED
CVE-2017-3706
	RESERVED
CVE-2017-3705
	RESERVED
CVE-2017-3704
	RESERVED
CVE-2017-3703
	RESERVED
CVE-2017-3702
	RESERVED
CVE-2017-3701
	RESERVED
CVE-2017-3700
	RESERVED
CVE-2017-3699
	RESERVED
CVE-2017-3698
	RESERVED
CVE-2017-3697
	RESERVED
CVE-2017-3696
	RESERVED
CVE-2017-3695
	RESERVED
CVE-2017-3694
	RESERVED
CVE-2017-3693
	RESERVED
CVE-2017-3692
	RESERVED
CVE-2017-3691
	RESERVED
CVE-2017-3690
	RESERVED
CVE-2017-3689
	RESERVED
CVE-2017-3688
	RESERVED
CVE-2017-3687
	RESERVED
CVE-2017-3686
	RESERVED
CVE-2017-3685
	RESERVED
CVE-2017-3684
	RESERVED
CVE-2017-3683
	RESERVED
CVE-2017-3682
	RESERVED
CVE-2017-3681
	RESERVED
CVE-2017-3680
	RESERVED
CVE-2017-3679
	RESERVED
CVE-2017-3678
	RESERVED
CVE-2017-3677
	RESERVED
CVE-2017-3676
	RESERVED
CVE-2017-3675
	RESERVED
CVE-2017-3674
	RESERVED
CVE-2017-3673
	RESERVED
CVE-2017-3672
	RESERVED
CVE-2017-3671
	RESERVED
CVE-2017-3670
	RESERVED
CVE-2017-3669
	RESERVED
CVE-2017-3668
	RESERVED
CVE-2017-3667
	RESERVED
CVE-2017-3666
	RESERVED
CVE-2017-3665
	RESERVED
CVE-2017-3664
	RESERVED
CVE-2017-3663
	RESERVED
CVE-2017-3662
	RESERVED
CVE-2017-3661
	RESERVED
CVE-2017-3660
	RESERVED
CVE-2017-3659
	RESERVED
CVE-2017-3658
	RESERVED
CVE-2017-3657
	RESERVED
CVE-2017-3656
	RESERVED
CVE-2017-3655
	RESERVED
CVE-2017-3654
	RESERVED
CVE-2017-3653 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.26-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3652 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3651 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3650 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3649 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3648 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3647 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3646 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3645 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3644 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3643 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3642 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3641 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.26-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3640 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3639 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3638 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3637 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3636 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.26-1
	- mariadb-10.0 <removed>
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3635
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3634 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3633 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3632 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3629 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3628
	RESERVED
CVE-2017-3627
	RESERVED
CVE-2017-3626 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2017-3625 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2017-3624
	RESERVED
CVE-2017-3623 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3622 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3621 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Solaris
CVE-2017-3620 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3619 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3618 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3617 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3616 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3615 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3614 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3613 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3612 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3611 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3610 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3609 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3608 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3607 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3606 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3605 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3604 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
	NOT-FOR-US: Oracle
CVE-2017-3603 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3602 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3834-1 DLA-916-1}
	- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
	- mariadb-10.0 10.0.28-1
	[jessie] - mariadb-10.0 10.0.28-0+deb8u1
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
	NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/
	NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1
	NOTE: Per MariaDB Security fixed with the following three commits:
	NOTE: https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d
	NOTE: https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e
	NOTE: https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e
CVE-2017-3599 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (ONly affects MySQL 5.6 and 5.7)
CVE-2017-3598 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3597 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3596 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3595 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3594 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3593 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3592 (Vulnerability in the Oracle Payables component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-3591 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-python 2.1.6-1 (bug #861511)
	[jessie] - mysql-connector-python <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-python <postponed> (Minor issue, can be fixed along in a future update)
CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	{DSA-3857-1 DLA-945-1}
	- mysql-connector-java 5.1.42-1
CVE-2017-3588 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Oracle
CVE-2017-3587 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	{DSA-3857-1 DLA-945-1}
	- mysql-connector-java 5.1.42-1
CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Solaris
CVE-2017-3584 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Solaris
CVE-2017-3583 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2017-3582 (Vulnerability in the Oracle SuperCluster Specific Software component o ...)
	NOT-FOR-US: Solaris
CVE-2017-3581 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3580 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Solaris
CVE-2017-3579 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2017-3578 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Solaris
CVE-2017-3577 (Vulnerability in the PeopleSoft Enterprise CS Campus Community compone ...)
	NOT-FOR-US: Oracle
CVE-2017-3576 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3575 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3574 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3573 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3572 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
	NOT-FOR-US: Oracle
CVE-2017-3571 (Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component ...)
	NOT-FOR-US: Oracle
CVE-2017-3570 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2017-3569 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3568 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3567 (Vulnerability in the OJVM component of Oracle Database Server. Support ...)
	NOT-FOR-US: Oracle
CVE-2017-3566
	RESERVED
CVE-2017-3565 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3564 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3563 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3562 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-3561 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3560 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3559 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3558 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3557 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3556 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3555 (Vulnerability in the Oracle iReceivables component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2017-3554 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3553 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2017-3552 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3551 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3550 (Vulnerability in the Oracle Customer Interaction History component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-3549 (Vulnerability in the Oracle Scripting component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3548 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3547 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3546 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3543 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3542 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3541 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3538 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3537 (Vulnerability in the Oracle Real-Time Scheduler component of Oracle Ut ...)
	NOT-FOR-US: Oracle
CVE-2017-3536 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3535 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3532 (Vulnerability in the Oracle Retail Warehouse Management System compone ...)
	NOT-FOR-US: Oracle
CVE-2017-3531 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3530 (Vulnerability in the Oracle Transportation Manager component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3529 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3528 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3525 (Vulnerability in the PeopleSoft Enterprise SCM Service Procurement com ...)
	NOT-FOR-US: Oracle
CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing comp ...)
	NOT-FOR-US: Oracle
CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	{DSA-3840-1 DLA-945-1}
	- mysql-connector-java 5.1.41-1
	NOTE: https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt
CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection co ...)
	NOT-FOR-US: Oracle
CVE-2017-3521 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3520 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3519 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3518 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2017-3517 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-3516 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3515 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2017-3514 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Windows builds only)
	- openjdk-7 <not-affected> (Windows builds only)
	NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/95fd1952637b
CVE-2017-3513 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3512 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (MacOSX builds only)
	- openjdk-7 <not-affected> (MacOSX builds only)
	NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a
CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3508 (Vulnerability in the Primavera Gateway component of Oracle Primavera P ...)
	NOT-FOR-US: Oracle
CVE-2017-3507 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2017-3506 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3505 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3504 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3503 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2017-3502 (Vulnerability in the PeopleSoft Enterprise FIN Receivables component o ...)
	NOT-FOR-US: Oracle
CVE-2017-3501 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...)
	NOT-FOR-US: Oracle
CVE-2017-3500 (Vulnerability in the Primavera Gateway component of Oracle Primavera P ...)
	NOT-FOR-US: Oracle
CVE-2017-3499 (Vulnerability in the Oracle Social Network component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2017-3498 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3497 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3496 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3495 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-3494 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3493 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3492 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3491 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3490 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3489 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3488 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3487 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3486 (Vulnerability in the SQL*Plus component of Oracle Database Server. Sup ...)
	NOT-FOR-US: Oracle
CVE-2017-3485 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3484 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3483 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2017-3482 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3481 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3480 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3479 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3478 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3477 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3476 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3475 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3474 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3473 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3472 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3471 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3470 (Vulnerability in the Oracle Communications Security Gateway component  ...)
	NOT-FOR-US: Oracle
CVE-2017-3469 (Vulnerability in the MySQL Workbench component of Oracle MySQL (subcom ...)
	- mysql-workbench 6.3.10+dfsg-1 (low; bug #861487)
	[stretch] - mysql-workbench <no-dsa> (Minor issue)
	[jessie] - mysql-workbench <no-dsa> (Minor issue)
	[wheezy] - mysql-workbench <no-dsa> (Minor issue)
CVE-2017-3468 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3467 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3466
	RESERVED
CVE-2017-3465 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3459 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3458 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3457 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3454 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
CVE-2017-3451 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3450 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3449
	RESERVED
CVE-2017-3448
	RESERVED
CVE-2017-3447
	REJECTED
CVE-2017-3446 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-3445 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-3444 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-3441 (Vulnerability in the Oracle Customer Interaction History component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-3440 (Vulnerability in the Oracle Customer Interaction History component of  ...)
	NOT-FOR-US: Oracle
CVE-2017-3439 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3438 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3437 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3436 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3434 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3429 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3428 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3427 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3426 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3425 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3424 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3423 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3422 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3421 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3420 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3419 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3418 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3417 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3416 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3415 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3414 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3413 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3412 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3411 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3410 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3409 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3408 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3407 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3406 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3405 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3404 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3403 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3402 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3401 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3400 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3399 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3398 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3397 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3396 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3395 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3393 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
	NOT-FOR-US: Oracle
CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3356 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3355 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3347 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3345 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3342 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3337 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3331 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle Siebel
CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2017-3327 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2017-3326 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2017-3325 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle Siebel
CVE-2017-3324 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle Primavera
CVE-2017-3323 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	NOT-FOR-US: MySQL Cluster
CVE-2017-3322 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	NOT-FOR-US: MySQL Cluster
CVE-2017-3321 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	NOT-FOR-US: MySQL Cluster
CVE-2017-3320 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3319 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3318 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3317 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3316 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3315 (Vulnerability in the PeopleSoft Enterprise HCM ePerformance component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3809-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3312 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3311 (Vulnerability in the Application Testing Suite component of Oracle Ent ...)
	NOT-FOR-US: Oracle
CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. Support ...)
	NOT-FOR-US: Oracle
CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
	- mysql-5.5 <removed> (bug #860544)
	NOTE: The issue arises because of an improper fix for the issue known under
	NOTE: the name BACKRONYM. The CVE CVE-2015-3152 though is explicitly only
	NOTE: assigned for MariaDB and Percona, thus Oracle MySQL products are not
	NOTE: tracked below that CVE. Later, Oracle tried to address the corresonding
	NOTE: issue as well in 5.5 (in 5.5.49) and 5.6 (5.6.30) series resulting in
	NOTE: opening CVE-2017-3305.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/17/4
CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	- mysql-cluster <itp> (bug #833356)
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x bef ...)
	{DSA-3834-1 DSA-3809-1 DLA-916-1 DLA-819-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 <not-affected> (Fixed before initial release in Debian)
	- mysql-5.6 <not-affected> (Fixed before initial release in Debian)
	- mysql-5.5 <removed> (bug #854713; bug #860544)
	NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
	NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
	NOTE: https://bugs.mysql.com/bug.php?id=70429
	NOTE: https://bugs.mysql.com/bug.php?id=63363
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3299 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3298 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3297 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3296 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...)
	NOT-FOR-US: Oracle Commerce
CVE-2017-3295 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3294 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3293 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3292 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3291 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3289 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2017-3288 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3284 (Vulnerability in the Oracle Service Fulfillment Manager component of O ...)
	NOT-FOR-US: Oracle
CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2017-3282 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2017-3281 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2017-3280 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2017-3279 (Vulnerability in the Oracle Leads Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2017-3278 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3277 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2017-3276 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2017-3275 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2017-3274 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2017-3273 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3272 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3271 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3270 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3269 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3268 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3267 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3266 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2017-3265 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle Siebel
CVE-2017-3263 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle Primavera
CVE-2017-3262 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2017-3261 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3260 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2017-3259 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-3258 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3256 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle
CVE-2017-3254 (Vulnerability in the Oracle Retail Invoice Matching component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3252 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3251 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-3246 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3244 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3243 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3242 (Vulnerability in the Oracle VM Server for Sparc component of Oracle Su ...)
	NOT-FOR-US: Solaris
CVE-2017-3241 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3240 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
	NOT-FOR-US: Oracle
CVE-2017-3239 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2017-3238 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3237 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3234 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3233 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3232 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3230 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...)
	NOT-FOR-US: Oracle
CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before 6 ...)
	NOT-FOR-US: ESET
CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and admin/ ...)
	- dotclear <removed>
CVE-2016-9890
	RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki  ...)
	NOT-FOR-US: Tiki Wiki
CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...)
	{DLA-2183-1 DLA-740-1}
	- libgsf 1.14.41-1
	NOTE: Fixed by: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
CVE-2016-9887
	RESERVED
CVE-2016-9886
	REJECTED
CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prio ...)
	NOT-FOR-US: Pivotal GemFire for PCF
CVE-2016-9884
	REJECTED
CVE-2016-9883
	REJECTED
CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry Foundation cf-release
CVE-2016-9881
	REJECTED
CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x befo ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1. ...)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2016-9879
CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...)
	{DLA-1853-1}
	- libspring-java 4.3.5-1 (bug #849167)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2016-9878
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch)
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98 (4.2.x branch)
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0 (3.2.x branch)
	NOTE: https://jira.spring.io/browse/SPR-14946
CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...)
	{DSA-3761-1}
	- rabbitmq-server 3.6.6-1 (bug #849849)
	[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://pivotal.io/security/cve-2016-9877
	NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/issues/96
	NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/pull/98
CVE-2016-9876
	REJECTED
CVE-2016-9875
	REJECTED
CVE-2016-9874
	REJECTED
CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Re ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isil ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isil ...)
	NOT-FOR-US: EMC
CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorr ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9867 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
	NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...)
	- qemu 1:2.8+dfsg-1 (bug #847391)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, virtfs-proxy-helper not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2)
	NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (handle driver not included during compilation)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2)
	NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
	NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during compilation)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
	NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented:
	NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ...)
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ...)
	{DLA-1497-1 DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847951)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847953)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
	NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776
CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...)
	- qemu 1:2.8+dfsg-1 (bug #847400)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2
CVE-2017-3229
	REJECTED
CVE-2017-3228
	REJECTED
CVE-2017-3227
	RESERVED
CVE-2017-3226 (Das U-Boot is a device bootloader that can read its configuration from ...)
	- u-boot <unfixed> (unimportant)
	[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
	NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
	NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove
	NOTE: it in future versions.
	NOTE: https://www.kb.cert.org/vuls/id/166743
	NOTE: Negligible security impact
CVE-2017-3225 (Das U-Boot is a device bootloader that can read its configuration from ...)
	- u-boot <unfixed> (unimportant)
	[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
	NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
	NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove
	NOTE: it in future versions.
	NOTE: https://www.kb.cert.org/vuls/id/166743
	NOTE: Negligible security impact
CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may improperl ...)
	- quagga <unfixed> (low; bug #871617)
	[buster] - quagga <no-dsa> (Minor issue)
	[stretch] - quagga <no-dsa> (Minor issue)
	[jessie] - quagga <no-dsa> (Minor issue)
	[wheezy] - quagga <no-dsa> (Minor issue)
	NOTE: http://www.kb.cert.org/vuls/id/793496
CVE-2017-3223 (Dahua IP camera products using firmware versions prior to V2.400.0000. ...)
	NOT-FOR-US: Dahua IP camera products
CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...)
	NOT-FOR-US: AmosConnect
CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote ...)
	NOT-FOR-US: AmosConnect
CVE-2017-3220
	RESERVED
CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 perform ...)
	NOT-FOR-US: Acronis True Image
CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS soft ...)
	NOT-FOR-US: Samsung
CVE-2017-3217 (CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text me ...)
	NOT-FOR-US: CalAmp LMU 3030 series OBD-II CDMA and GSM devices
CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom htt ...)
	NOT-FOR-US: WiMAX routers
CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens wi ...)
	NOT-FOR-US: Milwaukee ONE-KEY Android mobile application
CVE-2017-3214 (The Milwaukee ONE-KEY Android mobile application stores the master tok ...)
	NOT-FOR-US: Milwaukee ONE-KEY Android mobile application
CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify ...)
	NOT-FOR-US: Think Mutual Bank Mobile Banking app
CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...)
	NOT-FOR-US: Space Coast Credit Union Mobile app
CVE-2017-3211 (Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks ...)
	NOT-FOR-US: Yopify (e-commerce notification plugin)
CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 t ...)
	NOT-FOR-US: Portrait Display SDK
CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its o ...)
	NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone
CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java  ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by M ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3206 (The Java implementation of AMF3 deserializers used by Flamingo amf-ser ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3205
	RESERVED
CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host keys ...)
	- golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 (bug #859655)
	[jessie] - golang-go.crypto <ignored> (In jessie no rdeps using SSH, that version doesn't even support host key validation)
	NOTE: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
	NOTE: https://github.com/golang/go/issues/19767
CVE-2017-3203 (The Java implementations of AMF3 deserializers in Pivotal/Spring Sprin ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3202 (The Java implementation of AMF3 deserializers used in Flamingo amf-ser ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3201 (The Java implementation of AMF3 deserializers used in Flamingo amf-ser ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3200 (The Java implementation of AMF3 deserializers used in GraniteDS, versi ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3199 (The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deseriali ...)
	NOT-FOR-US: AMF3 deserialisers
CVE-2017-3198 (GIGABYTE BRIX UEFI firmware does not cryptographically validate images ...)
	NOT-FOR-US: GIGABYTE
CVE-2017-3197 (GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB- ...)
	NOT-FOR-US: GIGABYTE
CVE-2017-3196 (PCAUSA Rawether framework does not properly validate BPF data, allowin ...)
	NOT-FOR-US: PCAUSA Rawether
CVE-2017-3195 (Commvault Edge Communication Service (cvd) prior to version 11 SP7 or  ...)
	NOT-FOR-US: Commvault Edge Communication Service
CVE-2017-3194 (Pandora iOS app prior to version 8.3.2 fails to properly validate SSL  ...)
	NOT-FOR-US: Pandora iOS app
CVE-2017-3193 (Multiple D-Link devices including the DIR-850L firmware versions 1.14B ...)
	NOT-FOR-US: D-Link
CVE-2017-3192 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...)
	NOT-FOR-US: D-Link
CVE-2017-3191 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...)
	NOT-FOR-US: D-Link
CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier and for i ...)
	NOT-FOR-US: Flash Seats Mobile App
CVE-2017-3189 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push Pub ...)
	NOT-FOR-US: dotCMS
CVE-2017-3188 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push Pub ...)
	NOT-FOR-US: dotCMS
CVE-2017-3187 (The dotCMS administration panel, versions 3.7.1 and earlier, are vulne ...)
	NOT-FOR-US: dotCMS
CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware versio ...)
	NOT-FOR-US: ACTi cameras
CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware versio ...)
	NOT-FOR-US: ACTi cameras
CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware versio ...)
	NOT-FOR-US: ACTi cameras
CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database acce ...)
	NOT-FOR-US: Sage XRT Treasury
CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail t ...)
	NOT-FOR-US: ThreatMetrix SDK
CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified SQL-injectio ...)
	NOT-FOR-US: TIBCO
CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site s ...)
	NOT-FOR-US: TIBCO
CVE-2017-3179
	REJECTED
CVE-2017-3178
	REJECTED
CVE-2017-3177
	REJECTED
CVE-2017-3176
	REJECTED
CVE-2017-3175
	REJECTED
CVE-2017-3174
	REJECTED
CVE-2017-3173
	REJECTED
CVE-2017-3172
	REJECTED
CVE-2017-3171
	REJECTED
CVE-2017-3170
	REJECTED
CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-3168
	REJECTED
CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of th ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-al ...)
	- hadoop <itp> (bug #793644)
CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cro ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2017-3164 (Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ...)
	- lucene-solr <unfixed> (unimportant; bug #922242)
	NOTE: https://issues.apache.org/jira/browse/SOLR-12770
CVE-2017-3163 (When using the Index Replication feature, Apache Solr nodes can pull i ...)
	{DSA-4124-1 DLA-1046-1}
	- lucene-solr 3.6.2+dfsg-11 (bug #867712)
	NOTE: https://issues.apache.org/jira/browse/SOLR-10031
	NOTE: https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4db
CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse the HDF ...)
	- hadoop <itp> (bug #793644)
CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross ...)
	- hadoop <itp> (bug #793644)
CVE-2017-3160 (After the Android platform is added to Cordova the first time, or afte ...)
	NOT-FOR-US: Apache Cordova
CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object  ...)
	NOT-FOR-US: Apache Camel
CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 th ...)
	- guacamole-client <unfixed> (bug #891798)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <no-dsa> (Minor issue)
	- guacamole <removed>
	[wheezy] - guacamole <not-affected> (Version not vulnerable)
CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded  ...)
	{DSA-3792-1 DLA-910-1}
	- libreoffice 1:5.2.3-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
CVE-2017-3156 (The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3. ...)
	NOT-FOR-US: Apache CXF
CVE-2017-3155 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3154 (Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0- ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3153 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3152 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3151 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3150 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookie ...)
	NOT-FOR-US: Apache Atlas
CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...)
	{DLA-737-1}
	- roundcube 1.2.3+dfsg.1-1 (bug #847287)
	NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f
CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote attack ...)
	- html5lib 0.999999999-1
	[jessie] - html5lib <no-dsa> (Minor issue)
	[wheezy] - html5lib <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote attack ...)
	- html5lib 0.999999999-1
	[jessie] - html5lib <no-dsa> (Minor issue)
	[wheezy] - html5lib <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2017-3149
	REJECTED
CVE-2017-3148
	REJECTED
CVE-2017-3147
	REJECTED
CVE-2017-3146
	REJECTED
CVE-2017-3145 (BIND was improperly sequencing cleanup operations on upstream recursio ...)
	{DSA-4089-1 DLA-1255-1}
	- bind9 1:9.11.2.P1-1
	NOTE: https://kb.isc.org/article/AA-01542
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d
	NOTE: Fixed by (9.10.6-P1): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=55baf7d7e25c0e6444cb7e415f14d9e0819b5508
CVE-2017-3144 (A vulnerability stemming from failure to properly clean up closed OMAP ...)
	{DSA-4133-1}
	- isc-dhcp 4.3.5-3.1 (bug #887413)
	[wheezy] - isc-dhcp <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=46767
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2017-3143 (An attacker who is able to send and receive messages to an authoritati ...)
	{DSA-3904-1 DLA-1025-1}
	- bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564)
	NOTE: https://kb.isc.org/article/AA-01503
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
CVE-2017-3142 (An attacker who is able to send and receive messages to an authoritati ...)
	{DSA-3904-1 DLA-1025-1}
	- bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564)
	NOTE: https://kb.isc.org/article/AA-01504
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
CVE-2017-3141 (The BIND installer on Windows uses an unquoted service path which can  ...)
	- bind9 <not-affected> (Affects only Windows systems)
	NOTE: https://kb.isc.org/article/AA-01496
CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an error pro ...)
	- bind9 <not-affected> (Upstream change #4377 not backported/included)
	NOTE: https://kb.isc.org/article/AA-01495
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7
	NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
	NOTE: CVE-2017-3140 is introduced by the upstream change #4377
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4
CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...)
	- bind9 <not-affected> (RHEL6 specific)
CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...)
	{DSA-3854-1 DLA-957-1}
	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226)
	NOTE: https://kb.isc.org/article/AA-01471
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610
	NOTE: In practice for any Debian version applying this commit is merely
	NOTE: hardening, since the feature to allow only a subset of "read only"
	NOTE: commands was added only in 9.11.0 and before existing commands permitted
	NOTE: over the control channel were already be given to cause the server to stop.
	NOTE: The CVE-2017-3138 is barely an issue in practice anyway.
CVE-2017-3137 (Mistaken assumptions about the ordering of records in the answer secti ...)
	{DSA-3854-1 DLA-957-1}
	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
	NOTE: https://kb.isc.org/article/AA-01466
	NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation)
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)
CVE-2017-3136 (A query with a specific set of characteristics could cause a server us ...)
	{DSA-3854-1 DLA-957-1}
	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224)
	NOTE: https://kb.isc.org/article/AA-01465
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a
CVE-2017-3135 (Under some conditions when using both DNS64 and RPZ to rewrite query r ...)
	{DSA-3795-1 DLA-843-1}
	- bind9 1:9.10.3.dfsg.P4-12 (bug #855520)
	NOTE: https://kb.isc.org/article/AA-01453
	NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434
CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD versi ...)
	NOT-FOR-US: Fortinet FortiWLC-SD
CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4 ...)
	NOT-FOR-US: Fortinet
CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7 ...)
	NOT-FOR-US: Fortinet FortiWeb
CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS  ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3127 (A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 throu ...)
	NOT-FOR-US: Fortinet
CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...)
	NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and  ...)
	NOT-FOR-US: FortiMail
CVE-2017-3124 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3123 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3122 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3121 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3120 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3119 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3118 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3117 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3116 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3115 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3114 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...)
	NOT-FOR-US: Adobe
CVE-2017-3113 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3112 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...)
	NOT-FOR-US: Adobe
CVE-2017-3111 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...)
	NOT-FOR-US: Adobe
CVE-2017-3110 (Adobe Experience Manager 6.1 and earlier has a sensitive data exposure ...)
	NOT-FOR-US: Adobe
CVE-2017-3109 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...)
	NOT-FOR-US: Adobe
CVE-2017-3108 (Adobe Experience Manager 6.2 and earlier has a malicious file executio ...)
	NOT-FOR-US: Adobe
CVE-2017-3107 (Adobe Experience Manager 6.3 and earlier has a misconfiguration vulner ...)
	NOT-FOR-US: Adobe
CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects versio ...)
	NOT-FOR-US: Adobe
CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This af ...)
	NOT-FOR-US: Adobe
CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site scri ...)
	NOT-FOR-US: Adobe Connect
CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site s ...)
	NOT-FOR-US: Adobe Connect
CVE-2017-3101 (Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerabi ...)
	NOT-FOR-US: Adobe Connect
CVE-2017-3100 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3099 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3098 (Adobe Captivate versions 9 and earlier have a remote code execution vu ...)
	NOT-FOR-US: Adobe
CVE-2017-3097 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure  ...)
	NOT-FOR-US: Adobe
CVE-2017-3096 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-3095 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-3094 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-3093 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-3092 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure  ...)
	NOT-FOR-US: Adobe
CVE-2017-3091 (Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier ha ...)
	NOT-FOR-US: Adobe
CVE-2017-3090 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure  ...)
	NOT-FOR-US: Adobe
CVE-2017-3089 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-3088 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-3087 (Adobe Captivate versions 9 and earlier have an information disclosure  ...)
	NOT-FOR-US: Adobe
CVE-2017-3086 (Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable me ...)
	NOT-FOR-US: Adobe
CVE-2017-3085 (Adobe Flash Player versions 26.0.0.137 and earlier have a security byp ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3084 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3083 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3082 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3081 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3080 (Adobe Flash Player versions 26.0.0.131 and earlier have a security byp ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3079 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3078 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3077 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3076 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3075 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3073 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3072 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3071 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3070 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3069 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3068 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3067 (Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an informat ...)
	NOT-FOR-US: Adobe
CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 an ...)
	NOT-FOR-US: Adobe
CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3064 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3063 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3062 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3061 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3060 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3059 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3058 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3057 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3056 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3055 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3054 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3053 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3052 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3051 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3050 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3049 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3048 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3047 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3046 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3045 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3044 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3043 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3042 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3041 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3040 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3039 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3038 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3037 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3036 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3035 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3034 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3033 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3032 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3031 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3030 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3029 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3028 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3027 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3026 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3025 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3024 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3023 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3022 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3021 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3020 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3019 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3018 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3017 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3016 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3015 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3014 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3013 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3012 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3011 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe
CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe
CVE-2017-3008 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 an ...)
	NOT-FOR-US: Adobe
CVE-2017-3007 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the  ...)
	NOT-FOR-US: Adobe Thor
CVE-2017-3006 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related ...)
	NOT-FOR-US: Adobe Thor
CVE-2017-3005 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2017-3004 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2017-3003 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3002 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3001 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3000 (Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerabilit ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2999 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2998 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2997 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2994 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2993 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2992 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2991 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2990 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2989 (Adobe Campaign versions Build 8770 and earlier have an input validatio ...)
	NOT-FOR-US: Adobe
CVE-2017-2988 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2987 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2986 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2985 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2983 (Adobe Shockwave versions 12.2.7.197 and earlier have an insecure libra ...)
	NOT-FOR-US: Adobe
CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2980 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2979 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2978 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2977 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2976 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2975 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2974 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2973 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2969 (Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site  ...)
	NOT-FOR-US: Adobe
CVE-2017-2968 (Adobe Campaign versions 16.4 Build 8724 and earlier have a code inject ...)
	NOT-FOR-US: Adobe
CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2965 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2964 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2963 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2962 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2961 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2960 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2959 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2958 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2957 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2956 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2955 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2954 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2953 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2952 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2951 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2950 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2949 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2948 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2947 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2946 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2945 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2944 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2943 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2942 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2941 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2940 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2939 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2938 (Adobe Flash Player versions 24.0.0.186 and earlier have a security byp ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2937 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2936 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2935 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2934 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2933 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2932 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2931 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM ...)
	NOT-FOR-US: Adobe Acrobat Chrome extension
CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2926 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2925 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose a ...)
	{DLA-734-1}
	- mapserver 7.0.3-1
	[jessie] - mapserver 6.4.1-5+deb8u1
	NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
	NOTE: https://github.com/mapserver/mapserver/pull/4928
	NOTE: https://github.com/mapserver/mapserver/pull/5356
CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.ph ...)
	NOT-FOR-US: Joomla!
CVE-2016-9837 (An issue was discovered in templates/beez3/html/com_content/article/de ...)
	NOT-FOR-US: Joomla!
CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! C ...)
	NOT-FOR-US: Joomla!
CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x b ...)
	NOT-FOR-US: Zikula
CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary clie ...)
	NOT-FOR-US: Sophos
CVE-2016-9833
	RESERVED
CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...)
	NOT-FOR-US: ACE-ABAP
CVE-2016-9805
	RESERVED
CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs i ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client Automat ...)
	NOT-FOR-US: CA Common Services
CVE-2016-9792
	REJECTED
CVE-2016-9791
	REJECTED
CVE-2016-9790
	REJECTED
CVE-2016-9789
	REJECTED
CVE-2016-9788
	REJECTED
CVE-2016-9787
	REJECTED
CVE-2016-9786
	REJECTED
CVE-2016-9785
	REJECTED
CVE-2016-9784
	REJECTED
CVE-2016-9783
	REJECTED
CVE-2016-9782
	REJECTED
CVE-2016-9781
	REJECTED
CVE-2016-9780
	REJECTED
CVE-2016-9779
	REJECTED
CVE-2016-9778 (An error in handling certain queries can cause an assertion failure wh ...)
	- bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition and 9.11.x)
	NOTE: https://kb.isc.org/article/AA-01442/0
CVE-2016-9771
	REJECTED
CVE-2016-9770
	REJECTED
CVE-2016-9769
	REJECTED
CVE-2016-9768
	REJECTED
CVE-2016-9767
	REJECTED
CVE-2016-9766
	REJECTED
CVE-2016-9765
	REJECTED
CVE-2016-9764
	REJECTED
CVE-2016-9763
	REJECTED
CVE-2016-9762
	REJECTED
CVE-2016-9761
	REJECTED
CVE-2016-9760
	REJECTED
CVE-2016-9759
	REJECTED
CVE-2016-9758
	REJECTED
CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user inte ...)
	NOT-FOR-US: Rapid7 Nexpose
CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...)
	- qemu 1:2.8+dfsg-1 (bug #847382)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...)
	- qemu 1:2.8+dfsg-1 (bug #847381)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-3 (bug #847275)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-3 (bug #847274)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-4 (bug #847270)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-3 (bug #847270)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZi ...)
	{DLA-741-1}
	- unzip 6.0-21 (bug #847486)
	[jessie] - unzip 6.0-16+deb8u3
	NOTE: https://launchpad.net/bugs/1643750
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13
	NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19
CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip UnZip ...)
	{DLA-741-1}
	- unzip 6.0-21 (bug #847485)
	[jessie] - unzip 6.0-16+deb8u3
	NOTE: Upstream bug: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
	NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
	NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash
	NOTE: in different areas of the unzip codebase)
	NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5
CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing]
	- tiff 4.0.7-2 (unimportant; bug #846838)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
CVE-2016-9831 (Heap-based buffer overflow in the parseSWF_RGBA function in parser.c i ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
CVE-2016-9830 (The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows ...)
	{DSA-3746-1}
	- graphicsmagick 1.3.25-6 (bug #847055)
	[wheezy] - graphicsmagick <no-dsa> (fix too intrusive, depends on jan 15th magickresources changes)
	NOTE: upstream patch requires major refactor from jan 2015, see https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
	NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
CVE-2016-9829 (Heap-based buffer overflow in the parseSWF_DEFINEFONT function in pars ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
CVE-2016-9828 (The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
CVE-2016-9827 (The _iprintf function in outputtxt.c in the listswf tool in libming 0. ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
CVE-2016-9826 (libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=985
CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to cause a de ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=984
CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remo ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue, usan-only no-crash warning, no patch)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=983
CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to ca ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue, usan-only no-crash warning, no patch)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982
CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote ...)
	{DSA-3833-1 DLA-791-1}
	- libav <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9)
CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows ...)
	{DSA-3833-1 DLA-791-1}
	- libav <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9)
CVE-2016-9820 (libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...)
	{DLA-791-1}
	- libav <removed> (unimportant)
	[jessie] - libav <not-affected> (The fixing patches are included in the upstream version)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
CVE-2016-9819 (libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause  ...)
	{DLA-791-1}
	- libav <removed> (unimportant)
	[jessie] - libav <not-affected> (The fixing patches are included in the upstream version)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
	NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch
CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSAMLphp ...)
	{DLA-1298-1}
	- simplesamlphp 1.14.10-1 (low)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201612-01
	NOTE: https://github.com/simplesamlphp/saml2/pull/81
	NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
	NOTE: only exploitable in hard to achieve conditions
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5
CVE-2017-2924 (An exploitable heap-based buffer overflow vulnerability exists in the  ...)
	{DSA-3976-1 DLA-1098-1}
	- freexl 1.0.4-1 (bug #875691)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431
	NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
CVE-2017-2923 (An exploitable heap based buffer overflow vulnerability exists in the  ...)
	{DSA-3976-1 DLA-1098-1}
	- freexl 1.0.4-1 (bug #875690)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
	NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
CVE-2017-2922 (An exploitable memory corruption vulnerability exists in the Websocket ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the Websocket ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing function ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918 (An exploitable integer overflow exists in the Image loading functional ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: :https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425
CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore functio ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2915 (An exploitable vulnerability exists in the WiFi configuration function ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2914 (An exploitable authentication bypass vulnerability exists in the API d ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2913 (An exploitable vulnerability exists in the filtering functionality of  ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2912 (An exploitable vulnerability exists in the remote control functionalit ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2910
	RESERVED
CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality  ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
CVE-2017-2907 (An exploitable integer overflow exists in the animation playing functi ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
CVE-2017-2906 (An exploitable integer overflow exists in the animation playing functi ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading functionalit ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading functio ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading functionalit ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading functionalit ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading functionali ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading functionalit ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading functionali ...)
	{DSA-4248-1 DLA-1465-1}
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406
CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of t ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the read_MS ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the xls_mer ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2894 (An exploitable stack buffer overflow vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2893 (An exploitable NULL pointer dereference vulnerability exists in the MQ ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2892 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2891 (An exploitable use-after-free vulnerability exists in the HTTP server  ...)
	- smplayer 18.5.0~ds1-1 (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore functio ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...)
	- libsdl2 2.0.6+dfsg1-4 (bug #878264)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	[jessie] - libsdl2 <no-dsa> (Minor issue)
	- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
	NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
	NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0
CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF propert ...)
	{DSA-4184-1 DSA-4177-1 DLA-1134-1}
	- libsdl2-image 2.0.1+dfsg-4 (bug #878266)
	- sdl-image1.2 1.2.12-7 (bug #878267)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
	NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705
CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
	NOT-FOR-US: ACDSee Ultimate
CVE-2017-2885 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	{DSA-3929-1}
	- libsoup2.4 2.56.1-1 (bug #871650)
	[wheezy] - libsoup2.4 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785774
CVE-2017-2884 (An exploitable vulnerability exists in the user photo update functiona ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2883 (An exploitable vulnerability exists in the database update functionali ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2882 (An exploitable vulnerability exists in the servers update functionalit ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2881 (An exploitable vulnerability exists in the torlist update functionalit ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing function ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-2879 (An exploitable buffer overflow vulnerability exists in the UPnP implem ...)
	NOT-FOR-US: Foscam
CVE-2017-2878 (An exploitable buffer overflow vulnerability exists in the web managem ...)
	NOT-FOR-US: Foscam
CVE-2017-2877 (A missing error check exists in the Multi-Camera interface used by the ...)
	NOT-FOR-US: Foscam
CVE-2017-2876 (An exploitable buffer overflow vulnerability exists in the Multi-Camer ...)
	NOT-FOR-US: Foscam
CVE-2017-2875 (An exploitable buffer overflow vulnerability exists in the Multi-Camer ...)
	NOT-FOR-US: Foscam
CVE-2017-2874 (An information disclosure vulnerability exists in the Multi-Camera int ...)
	NOT-FOR-US: Foscam
CVE-2017-2873 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam
CVE-2017-2872 (Insufficient security checks exist in the recovery procedure used by t ...)
	NOT-FOR-US: Foscam
CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used by t ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...)
	{DLA-2043-1}
	- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
	NOTE: Built with GCC in Debian, which doesn't remove the check
CVE-2017-2869 (An exploitable code execution vulnerability exists in the OpenProducer ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2868 (An exploitable code execution vulnerability exists in the NewProducerS ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2867 (An exploitable code execution vulnerability exists in the SavePatientM ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup function ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2865 (An exploitable vulnerability exists in the firmware update functionali ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2864 (An exploitable vulnerability exists in the generation of authenticatio ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing functio ...)
	NOT-FOR-US: Iceni Infix
CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the gdk_pixbuf__j ...)
	{DSA-3978-1 DLA-1100-1}
	- gdk-pixbuf 2.36.10-1 (bug #874552)
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a  ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2860 (An exploitable denial-of-service vulnerability exists in the lookup en ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2859
	REJECTED
CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2857 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
	NOT-FOR-US: Foscam
CVE-2017-2856 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
	NOT-FOR-US: Foscam
CVE-2017-2855 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
	NOT-FOR-US: Foscam
CVE-2017-2854 (An exploitable buffer overflow vulnerability exists in the DDNS client ...)
	NOT-FOR-US: Foscam
CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the RequestForPa ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2852 (An exploitable denial-of-service vulnerability exists in the unseriali ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2850 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2849 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2848 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2847 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2846 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2845 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2844 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2843 (In the web management interface in Foscam C1 Indoor HD Camera running  ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera running  ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2841 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing functionalit ...)
	NOT-FOR-US: EZB Systems UltraISO
CVE-2017-2839 (An exploitable denial of service vulnerability exists within the handl ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2838 (An exploitable denial of service vulnerability exists within the handl ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2837 (An exploitable denial of service vulnerability exists within the handl ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2836 (An exploitable denial of service vulnerability exists within the readi ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2835 (An exploitable code execution vulnerability exists in the RDP receive  ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2834 (An exploitable code execution vulnerability exists in the authenticati ...)
	{DSA-3923-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	[wheezy] - freerdp <not-affected> (vulnerable code not present)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2833 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2832 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web managem ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web managem ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the web man ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2828 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2827 (An exploitable command injection vulnerability exists in the web manag ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy re ...)
	{DLA-1708-1}
	- zabbix <unfixed> (low)
	[buster] - zabbix <ignored> (Minor issue, workaround exists)
	[stretch] - zabbix <ignored> (Minor issue, workaround exists)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327
	NOTE: Relates to the information disclosure as mentioned in (but is not the same issue)
	NOTE: https://support.zabbix.com/browse/ZBX-12076
	NOTE: Workaround for Zabbix 3.0 exists: https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration
	NOTE: using encyrpted connections with the proxy.
CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x, specifically craf ...)
	{DSA-3937-1}
	- zabbix 1:3.0.7+dfsg-3 (bug #863584)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/
	NOTE: https://support.zabbix.com/browse/ZBX-12076
CVE-2017-2824 (An exploitable code execution vulnerability exists in the trapper comm ...)
	{DSA-3937-1}
	- zabbix 1:3.0.7+dfsg-3 (bug #863584)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0325/
	NOTE: https://support.zabbix.com/browse/ZBX-12075
CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing functionalit ...)
	NOT-FOR-US: PowerISO
CVE-2017-2822 (An exploitable code execution vulnerability exists in the image render ...)
	NOT-FOR-US: Lexmark
CVE-2017-2821 (An exploitable use-after-free exists in the PDF parsing functionality  ...)
	NOT-FOR-US: Lexmark
CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000  ...)
	- poppler <unfixed> (unimportant)
	NOTE: Debian uses openjpeg for processing JPEG 2000 images, this advisory is
	NOTE: against Ubuntu, which disables openjpeg due to being in universe
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321
CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word Pr ...)
	NOT-FOR-US: Hancom Thinkfree Office NEO
CVE-2017-2818 (An exploitable heap overflow vulnerability exists in the image renderi ...)
	- poppler <unfixed> (unimportant)
	NOTE: Debian links against libjpeg which is unaffected
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing functi ...)
	NOT-FOR-US: PowerISO
CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
	{DLA-1192-1}
	- libofx 1:0.9.11-4 (bug #875801)
	[stretch] - libofx 1:0.9.10-2+deb9u1
	[jessie] - libofx 1:0.9.10-1+deb8u1
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
	NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
	NOTE: https://github.com/libofx/libofx/issues/9
CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in OpenFire U ...)
	NOT-FOR-US: OpenFire User Import Export Plugin
CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image renderi ...)
	- poppler <unfixed> (unimportant)
	NOTE: Debian links against libjpeg which is unaffected
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000  ...)
	NOT-FOR-US: IrfanView
CVE-2017-2812 (A code execution vulnerability exists in the kdu_buffered_expand funct ...)
	NOT-FOR-US: Kakadu
CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's parsing  ...)
	NOT-FOR-US: Kakadu
CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading functional ...)
	- python-tablib 0.9.11-3 (bug #864818)
	[stretch] - python-tablib 0.9.11-2+deb8u1
	[jessie] - python-tablib 0.9.11-2+deb8u1
	NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality  ...)
	NOT-FOR-US: Ansible Vault
CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account pars ...)
	- ledger 3.1.2+dfsg1-1 (low; bug #876659)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304
	NOTE: https://github.com/ledger/ledger/issues/1723
	NOTE: https://github.com/ledger/ledger/commit/f3bad93db256db07b6cb831d4d24f47543f57e4a
CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
	- ledger 3.1.2+dfsg1-1 (low; bug #876660)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
	NOTE: https://github.com/ledger/ledger/issues/1722
	NOTE: https://github.com/ledger/ledger/commit/5682f377aed5b0db6b6c4a44b1d8868103b7e9f7
CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
	NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality
CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF parsing f ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF parsing f ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the poaService.ex ...)
	NOT-FOR-US: Dell
CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic libr ...)
	{DSA-3939-1 DLA-915-1}
	- botan1.10 1.10.16-1 (bug #860072)
	NOTE: https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4 (1.10.16)
	NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16
CVE-2017-2800 (A specially crafted x509 certificate can cause a single out of bounds  ...)
	- wolfssl 3.12.0+dfsg-1 (bug #862154)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0293/
CVE-2017-2799 (An exploitable heap corruption vulnerability exists in the AddSst func ...)
	NOT-FOR-US: Antenna House DMC HTMLFilter
CVE-2017-2798 (An exploitable heap corruption vulnerability exists in the GetIndexArr ...)
	NOT-FOR-US: Antenna House DMC HTMLFilter
CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ParseEnvironm ...)
	NOT-FOR-US: Antenna House
CVE-2017-2796
	RESERVED
CVE-2017-2795 (An exploitable heap corruption vulnerability exists in the Txo functio ...)
	NOT-FOR-US: Antenna House
CVE-2017-2794 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Antenna House
CVE-2017-2793 (An exploitable heap corruption vulnerability exists in the UnCompressU ...)
	NOT-FOR-US: Antenna House
CVE-2017-2792 (An exploitable heap corruption vulnerability exists in the iBldDirInfo ...)
	NOT-FOR-US: Antenna House
CVE-2017-2791 (JustSystems Ichitaro 2016 Trial contains a vulnerability that exists w ...)
	NOT-FOR-US: JustSystems Ichitaro 2016 Trial
CVE-2017-2790 (When processing a record type of 0x3c from a Workbook stream from an E ...)
	NOT-FOR-US: JustSystems Ichitaro Office
CVE-2017-2789 (When copying filedata into a buffer, JustSystems Ichitaro Office 2016  ...)
	NOT-FOR-US: JustSystems Ichitaro Office 2016 Trial
CVE-2017-2788 (A buffer overflows exists in the psnotifyd application of the Pharos P ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2787 (A buffer overflows exists in the psnotifyd application of the Pharos P ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2786 (A denial of service vulnerability exists in the psnotifyd application  ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2785 (An exploitable buffer overflow exists in the psnotifyd application of  ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the x50 ...)
	- mbedtls 2.4.2-1 (bug #857560)
	- polarssl <removed> (bug #857561)
	[jessie] - polarssl 1.3.9-2.1+deb8u2
	[wheezy] - polarssl <not-affected> (Vulnerable code not present)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
	NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however.
CVE-2017-2783 (An exploitable heap corruption vulnerability exists in the FillRowForm ...)
	NOT-FOR-US: AntennaHouse
CVE-2017-2782 (An integer overflow vulnerability exists in the X509 certificate parsi ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278
CVE-2017-2781 (An exploitable heap buffer overflow vulnerability exists in the X509 c ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277
CVE-2017-2780 (An exploitable heap buffer overflow vulnerability exists in the X509 c ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276
CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC segm ...)
	NOT-FOR-US: Labview
CVE-2017-2778
	REJECTED
CVE-2017-2777 (An exploitable heap overflow vulnerability exists in the ipStringCreat ...)
	NOT-FOR-US: Iceni Argus
CVE-2017-2776
	REJECTED
CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the LvVariant ...)
	NOT-FOR-US: Labview
CVE-2017-2774
	REJECTED
CVE-2017-2773 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions  ...)
	NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2017-2772
	REJECTED
CVE-2017-2771
	REJECTED
CVE-2017-2770
	REJECTED
CVE-2017-2769
	REJECTED
CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configurati ...)
	NOT-FOR-US: EMC Network Configuration Manager
CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configurati ...)
	NOT-FOR-US: EMC Network Configuration Manager
CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2017-2765 (EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1,  ...)
	NOT-FOR-US: EMC Isilon InsightIQ
CVE-2017-2764
	RESERVED
CVE-2017-2763
	RESERVED
CVE-2017-2762
	RESERVED
CVE-2017-2761
	RESERVED
CVE-2017-2760
	RESERVED
CVE-2017-2759
	RESERVED
CVE-2017-2758
	RESERVED
CVE-2017-2757
	RESERVED
CVE-2017-2756
	RESERVED
CVE-2017-2755
	RESERVED
CVE-2017-2754
	RESERVED
CVE-2017-2753
	RESERVED
CVE-2017-2752 (A potential security vulnerability caused by incomplete obfuscation of ...)
	NOT-FOR-US: Tommy Hilfiger TH24/7 Android app
CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on certain  ...)
	NOT-FOR-US: firmware on HP notebooks
CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential execut ...)
	NOT-FOR-US: HP printers
CVE-2017-2749
	RESERVED
CVE-2017-2748 (A potential security vulnerability caused by the use of insecure (http ...)
	NOT-FOR-US: Isaac Mizrahi Smartwatch mobile app
CVE-2017-2747 (HP has identified a potential security vulnerability before IG_11_00_0 ...)
	NOT-FOR-US: HP printers
CVE-2017-2746 (Potential security vulnerabilities have been identified with HP JetAdv ...)
	NOT-FOR-US: HP JetAdvantage Security Manager
CVE-2017-2745 (Potential security vulnerabilities have been identified with HP JetAdv ...)
	NOT-FOR-US: HP JetAdvantage Security Manager
CVE-2017-2744 (The vulnerability allows attacker to extract binaries into protected f ...)
	NOT-FOR-US: HP Support Assistant
CVE-2017-2743 (HP has identified a potential security vulnerability with HP Enterpris ...)
	NOT-FOR-US: HP printers
CVE-2017-2742 (A potential security vulnerability has been identified with HP Web Jet ...)
	NOT-FOR-US: HP Web JetAdmin
CVE-2017-2741 (A potential security vulnerability has been identified with HP PageWid ...)
	NOT-FOR-US: HP printers
CVE-2017-2740 (A potential security vulnerability has been identified with the comman ...)
	NOT-FOR-US: HP ThinPro
CVE-2017-2739 (The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 v ...)
	NOT-FOR-US: Huawei
CVE-2017-2738 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-2737 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-2736 (VCM5010 with software versions earlier before V100R002C50SPC100 has a  ...)
	NOT-FOR-US: Huawei
CVE-2017-2735 (TIT-AL00 smartphones with software versions earlier before TIT-AL00C58 ...)
	NOT-FOR-US: Huawei
CVE-2017-2734 (P9 Plus smartphones with software versions earlier before VIE-AL10BC00 ...)
	NOT-FOR-US: Huawei
CVE-2017-2733 (Honor 6X smartphones with software versions earlier than BLN-AL10C00B3 ...)
	NOT-FOR-US: Huawei
CVE-2017-2732 (Huawei Hilink APP Versions earlier before 5.0.25.306 has an informatio ...)
	NOT-FOR-US: Huawei
CVE-2017-2731 (The vibrator service in P9 Plus smart phones with software versions ea ...)
	NOT-FOR-US: Huawei
CVE-2017-2730 (HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUA ...)
	NOT-FOR-US: Huawei
CVE-2017-2729 (The boot loaders in Honor 5A smart phones with software Versions earli ...)
	NOT-FOR-US: Huawei
CVE-2017-2728 (Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier vers ...)
	NOT-FOR-US: Huawei
CVE-2017-2727 (Huawei P9 smart phones with software versions earlier before EVA-AL00C ...)
	NOT-FOR-US: Huawei
CVE-2017-2726 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...)
	NOT-FOR-US: Huawei
CVE-2017-2725 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...)
	NOT-FOR-US: Huawei
CVE-2017-2724 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...)
	NOT-FOR-US: Huawei
CVE-2017-2723 (The Files APP 7.1.1.308 and earlier versions in some Huawei mobile pho ...)
	NOT-FOR-US: Huawei
CVE-2017-2722 (DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2017-2721 (Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C18 ...)
	NOT-FOR-US: Huawei
CVE-2017-2720 (FusionSphere OpenStack V100R006C00 has an information exposure vulnera ...)
	NOT-FOR-US: Huawei
CVE-2017-2719 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ha ...)
	NOT-FOR-US: Huawei
CVE-2017-2718 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ha ...)
	NOT-FOR-US: Huawei
CVE-2017-2717 (honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L0 ...)
	NOT-FOR-US: Huawei
CVE-2017-2716 (The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 h ...)
	NOT-FOR-US: Huawei
CVE-2017-2715 (The Files APP 7.1.1.309 and earlier versions in some Huawei mobile pho ...)
	NOT-FOR-US: Huawei
CVE-2017-2714 (The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier ve ...)
	NOT-FOR-US: Huawei
CVE-2017-2713 (HUAWEI P9 smartphones with software versions earlier before EVA-L09C43 ...)
	NOT-FOR-US: Huawei
CVE-2017-2712 (S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vu ...)
	NOT-FOR-US: Huawei
CVE-2017-2711 (P9 Plus smartphones with software earlier than VIE-AL10C00B352 version ...)
	NOT-FOR-US: Huawei
CVE-2017-2710 (BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B ...)
	NOT-FOR-US: Huawei
CVE-2017-2709 (HiGame with software earlier than 7.3.0 versions, SkyTone with softwar ...)
	NOT-FOR-US: Huawei
CVE-2017-2708 (The 'Find Phone' function in Nice smartphones with software versions e ...)
	NOT-FOR-US: Huawei
CVE-2017-2707 (Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege esc ...)
	NOT-FOR-US: Huawei
CVE-2017-2706 (Mate 9 smartphones with software MHA-AL00AC00B125 have a directory tra ...)
	NOT-FOR-US: Huawei
CVE-2017-2705 (Huawei P9 smartphones with software versions earlier before EVA-AL10C0 ...)
	NOT-FOR-US: Huawei
CVE-2017-2704 (Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier v ...)
	NOT-FOR-US: Huawei
CVE-2017-2703 (Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earl ...)
	NOT-FOR-US: Huawei
CVE-2017-2702 (Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. ...)
	NOT-FOR-US: Huawei
CVE-2017-2701 (Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vu ...)
	NOT-FOR-US: Huawei
CVE-2017-2700 (AC6005 with software V200R006C10, AC6605 with software V200R006C10 hav ...)
	NOT-FOR-US: Huawei
CVE-2017-2699 (The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versio ...)
	NOT-FOR-US: Huawei
CVE-2017-2698 (The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has bu ...)
	NOT-FOR-US: Huawei
CVE-2017-2697 (The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C4 ...)
	NOT-FOR-US: Huawei
CVE-2017-2696 (The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C ...)
	NOT-FOR-US: Huawei
CVE-2017-2695 (TIT-AL00C583B211 has a directory traversal vulnerability which allows  ...)
	NOT-FOR-US: Huawei
CVE-2017-2694 (The AlarmService component in HwVmall with software earlier than 1.5.2 ...)
	NOT-FOR-US: Huawei
CVE-2017-2693 (ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versi ...)
	NOT-FOR-US: Huawei
CVE-2017-2692 (The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L ...)
	NOT-FOR-US: Huawei
CVE-2017-2691 (Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier be ...)
	NOT-FOR-US: Huawei
CVE-2017-2690 (SoftCo with software V200R003C20,eSpace U1910 with software V200R003C0 ...)
	NOT-FOR-US: Huawei
CVE-2017-2689 (Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to  ...)
	NOT-FOR-US: Siemens
CVE-2017-2688 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...)
	NOT-FOR-US: Siemens
CVE-2017-2687 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the  ...)
	NOT-FOR-US: Siemens
CVE-2017-2686 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that co ...)
	NOT-FOR-US: Siemens
CVE-2017-2685 (Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (incl ...)
	NOT-FOR-US: Siemens
CVE-2017-2684 (Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attack ...)
	NOT-FOR-US: Siemens
CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NMS &lt ...)
	NOT-FOR-US: Siemens
CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS &lt; V1.2 on port 8080/TCP a ...)
	NOT-FOR-US: Siemens
CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All versi ...)
	NOT-FOR-US: Siemens
CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
	NOT-FOR-US: Siemens
CVE-2017-2679
	REJECTED
CVE-2017-2678
	REJECTED
CVE-2017-2677
	REJECTED
CVE-2017-2676
	REJECTED
CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege  ...)
	NOT-FOR-US: Little Snitch
CVE-2017-2674 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored X ...)
	NOT-FOR-US: Red Hat business central
CVE-2017-2673 (An authorization-check flaw was discovered in federation configuration ...)
	- keystone 2:10.0.0-9 (bug #861189)
	[jessie] - keystone <not-affected> (Vulnerable code not present)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1677723
CVE-2017-2672 (A flaw was found in foreman before version 1.15 in the logging of addi ...)
	- foreman <itp> (bug #663101)
CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel throug ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
	NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893
CVE-2017-2670 (It was found in Undertow before 1.3.28 that with non-clean TCP close,  ...)
	{DSA-3906-1}
	- undertow 1.4.18-1 (bug #864405)
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1035
CVE-2017-2669 (Dovecot before version 2.2.29 is vulnerable to a denial of service. Wh ...)
	- dovecot 1:2.2.27-3 (bug #860049)
	[jessie] - dovecot <not-affected> (Vulnerable code not present)
	[wheezy] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735
	NOTE: Introduced by: https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22
CVE-2017-2668 (389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an  ...)
	- 389-ds-base 1.3.5.17-1 (bug #860125)
	[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
	NOTE: CentOS fix: https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575
CVE-2017-2667 (Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not  ...)
	- foreman <itp> (bug #663101)
CVE-2017-2666 (It was discovered in Undertow that the code that parsed the HTTP reque ...)
	{DSA-3906-1}
	- undertow 1.4.18-1 (bug #864405)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1101
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
CVE-2017-2665 (The skyring-setup command creates random password for mongodb skyring  ...)
	NOT-FOR-US: Red Hat Storage / skyring
CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8. ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-2663 (It was found that subscription-manager's DBus interface before 1.19.4  ...)
	NOT-FOR-US: candlepin / subscription-manager
CVE-2017-2662 (A flaw was found in Foreman's katello plugin version 3.4.5. After sett ...)
	- foreman <itp> (bug #663101)
CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site s ...)
	- pcs 0.9.155+dfsg-2 (bug #858379)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948
	NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/23/2
CVE-2017-2660
	REJECTED
CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...)
	- dropbear 2013.60-1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...)
	NOT-FOR-US: JBoss BPMS
CVE-2017-2657
	RESERVED
CVE-2017-2656
	REJECTED
CVE-2017-2655
	REJECTED
CVE-2017-2654 (jenkins-email-ext before version 2.57.1 is vulnerable to an Informatio ...)
	NOT-FOR-US: jenkins-email-ext
CVE-2017-2653 (A number of unused delete routes are present in CloudForms before 5.7. ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-2652 (It was found that there were no permission checks performed in the Dis ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-2651 (jenkins-mailer-plugin before version 1.20 is vulnerable to an informat ...)
	NOT-FOR-US: jenkins-mailer-plugin
CVE-2017-2650 (It was found that the use of Pipeline: Classpath Step Jenkins plugin e ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-2649 (It was found that the Active Directory Plugin for Jenkins up to and in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-2648 (It was found that jenkins-ssh-slaves-plugin before version 1.15 did no ...)
	NOT-FOR-US: jenkins-ssh-slaves-plugin
CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local users  ...)
	{DLA-922-1}
	- linux 4.0.2-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 (v3.18-rc1)
CVE-2017-2646 (It was found that when Keycloak before 2.5.5 receives a Logout request ...)
	NOT-FOR-US: Keycloak
CVE-2017-2645 (In Moodle 3.x, XSS can occur via attachments to evidence of prior lear ...)
	- moodle <not-affected> (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4)
	NOTE: https://tracker.moodle.org/browse/MDL-57597
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57597
CVE-2017-2644 (In Moodle 3.x, XSS can occur via evidence of prior learning. ...)
	- moodle <not-affected> (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4)
	NOTE: https://tracker.moodle.org/browse/MDL-57596
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57596
CVE-2017-2643 (In Moodle 3.2.x, global search displays user names for unauthenticated ...)
	- moodle <not-affected> (Only affects 3.2 to 3.2.1)
	NOTE: https://tracker.moodle.org/browse/MDL-56526
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56526
CVE-2017-2642 (Moodle 3.x has user fullname disclosure on the user preferences page. ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=355554
CVE-2017-2641 (In Moodle 2.x and 3.x, SQL injection can occur via user preferences. ...)
	- moodle 2.7.19+dfsg-1
	NOTE: https://tracker.moodle.org/browse/MDL-58010
	NOTE: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010
CVE-2017-2640 (An out-of-bounds write flaw was found in the way Pidgin before 2.12.0  ...)
	{DSA-3806-1 DLA-853-1}
	- pidgin 2.12.0-1 (bug #859159)
	NOTE: https://www.pidgin.im/news/security/?id=109
	NOTE: https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9
CVE-2017-2639 (It was found that CloudForms does not verify that the server hostname  ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-2638 (It was found that the REST API in Infinispan before version 9.0.0 did  ...)
	NOT-FOR-US: infinispan
CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform direct ...)
	NOT-FOR-US: Red Hat OpenStack Platform director
CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.1 ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.16-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6
	NOTE: Fixed by: https://git.kernel.org/linus/82f2341c94d270421f383641b7cd670e474db56b (v4.11-rc2)
	NOTE: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
CVE-2017-2635 (A NULL pointer deference flaw was found in the way libvirt from 2.5.0  ...)
	- libvirt 3.0.0-3 (bug #856313)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390ff0a8e65014172bb8c0a8d312c3353 (v3.0.0-rc1)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875 (v3.1.0-rc1)
CVE-2017-2634 (It was found that the Linux kernel's Datagram Congestion Control Proto ...)
	- linux <not-affected> (Fixed before initial rename to src:linux)
	NOTE: Fixed by: https://git.kernel.org/linus/f53dc67c5e7babafe239b93a11678b0e05bead51 (2.6.25-rc1)
CVE-2017-2633 (An out-of-bounds memory access issue was found in Quick Emulator (QEMU ...)
	- qemu 2.1+dfsg-1
	[wheezy] - qemu <postponed> (Can be fixed along when more severe issues are being fixed)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along when more severe issues are being fixed)
	NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef
	NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commit;h=9f64916da20eea67121d544698676295bbb105a7
CVE-2017-2632 (A logic error in valid_role() in CloudForms role validation before 5.7 ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-2631
	RESERVED
CVE-2017-2630 (A stack buffer overflow flaw was found in the Quick Emulator (QEMU) be ...)
	- qemu 1:2.8+dfsg-3 (bug #855227)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.8.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.8.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422415
CVE-2017-2629 (curl before 7.53.0 has an incorrect TLS Certificate Status Request ext ...)
	- curl 7.52.1-3
	[jessie] - curl <not-affected> (Vulnerable code introduced later)
	[wheezy] - curl <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/curl/curl/commit/ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0
	NOTE: Patch: https://curl.haxx.se/CVE-2017-2629.patch
	NOTE: https://curl.haxx.se/docs/adv_20170222.html
CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-5 ...)
	- curl <not-affected> (Red Hat specific backport issue)
CVE-2017-2627 (A flaw was found in openstack-tripleo-common as shipped with Red Hat O ...)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917
	NOT-FOR-US: RHEL packaging flaw for openstack
CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy to ge ...)
	{DLA-2002-1}
	- libice 2:1.0.9-2 (bug #856400)
	[wheezy] - libice <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2625 (It was discovered that libXdmcp before 1.1.2 including used weak entro ...)
	{DLA-2006-1}
	- libxdmcp 1:1.1.2-2 (bug #856399)
	[wheezy] - libxdmcp <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2624 (It was found that xorg-x11-server before 1.19.0 including uses memcmp( ...)
	{DLA-1186-1}
	- xorg-server 2:1.19.2-1 (low; bug #856398)
	[jessie] - xorg-server 2:1.16.4-1+deb8u2
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2623 (It was discovered that rpm-ostree and rpm-ostree-client before 2017.3  ...)
	NOT-FOR-US: Red Hat rpm-ostree
CVE-2017-2622 (An accessibility flaw was found in the OpenStack Workflow (mistral) se ...)
	- mistral <not-affected> (Red Hat-specific)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992
	NOTE: tracing the installation shows that mkdir -p /var/log/mistral
	NOTE: is executed, which depending on the umask might end in wrong
	NOTE: permissions. But for Debian the final permissions seem to end
	NOTE: to 0750, despite, owned by mistral:adm. Thus might need more
	NOTE: investigation to determine the affected status.
CVE-2017-2621 (An access-control flaw was found in the OpenStack Orchestration (heat) ...)
	- heat <not-affected> (heat-common postinst chmod's 0750 /var/log/heat)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620 (Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA E ...)
	{DLA-1497-1 DLA-1270-1 DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (bug #855791)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-209.html
	NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
CVE-2017-2619 (Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a mali ...)
	{DSA-3816-1 DLA-894-1}
	- samba 2:4.5.6+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html
CVE-2017-2618 (A flaw was found in the Linux kernel's handling of clearing SELinux at ...)
	{DSA-3791-1}
	- linux 4.9.10-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/0c461cb727d146c9ef2d3e86214f498b78b7d125
CVE-2017-2617 (hawtio before version 1.5.5 is vulnerable to remote code execution via ...)
	NOT-FOR-US: hawtio
CVE-2017-2616 (A race condition was found in util-linux before 2.32.1 in the way su h ...)
	{DSA-3793-1 DLA-838-1}
	- shadow 1:4.4-4 (bug #855943)
	NOTE: https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
	- util-linux 2.29.2-1 (unimportant)
	NOTE: https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
	- coreutils 8.20-1 (unimportant)
	NOTE: Coreutils: Removed from source in https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=928dd737
	NOTE: and not installed by default since 2007.
CVE-2017-2615 (Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator sup ...)
	{DLA-1497-1 DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (low; bug #854731)
	NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
CVE-2017-2614 (When updating a password in the rhvm database the ovirt-aaa-jdbc-tool  ...)
	NOT-FOR-US: Red Hat ovirt-aaa-jdbc-tool tools
CVE-2017-2613 (jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation  ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2612 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able  ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient  ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2610 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2609 (jenkins before versions 2.44, 2.32.2 is vulnerable to an information d ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ex ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2607 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an information e ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2605
	REJECTED
CVE-2017-2604 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able  ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2603 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2602 (jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blac ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could be vie ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficie ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2598 (Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode wi ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2597
	RESERVED
CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux ...)
	{DSA-3791-1}
	- linux 4.9.13-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.spinics.net/lists/kvm/msg144319.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417812
CVE-2017-2595 (It was found that the log file viewer in Red Hat JBoss Enterprise Appl ...)
	- wildfly <itp> (bug #752018)
CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3,  ...)
	NOT-FOR-US: hawtio
CVE-2017-2593
	RESERVED
CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulner ...)
	- python-oslo.middleware 3.19.0-3 (bug #852742)
	NOTE: https://launchpad.net/bugs/1628031
CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly NULL t ...)
	- 389-ds-base 1.3.5.15-2 (bug #851769)
	[jessie] - 389-ds-base <not-affected> (Only affects 1.3.4.0 and later)
	NOTE: https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/
CVE-2017-2590 (A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ...)
	- freeipa <not-affected> (ca plugin introduced in 4.4)
	NOTE: https://pagure.io/freeipa/issue/6713
	NOTE: Fixed by (master): https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master
	NOTE: Fixed by (ipa-4.4): https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4
CVE-2017-2589 (It was discovered that the hawtio servlet 1.4 uses a single HttpClient ...)
	NOT-FOR-US: hawtio
CVE-2017-2588
	RESERVED
CVE-2017-2587 (A memory allocation vulnerability was found in netpbm before 10.61. A  ...)
	- netpbm-free <not-affected> (vulnerable code not present)
	NOTE: Debian uses an old fork of netpbm
	NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
CVE-2017-2586 (A null pointer dereference vulnerability was found in netpbm before 10 ...)
	- netpbm-free <not-affected> (vulnerable code not present)
	NOTE: Debian uses an old fork of netpbm
	NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of HMAC ve ...)
	NOT-FOR-US: Keycloak
CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local  ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
	NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html
	NOTE: Fixed by: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d
CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulate.c i ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserUtil c ...)
	NOT-FOR-US: Keycloak
CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
	- netpbm-free <undetermined> (bug #854978)
	NOTE: Debian uses an old fork of netpbm
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
	NOTE: PoC+report attached to #854978
	NOTE: Similar code path seems protected by earlier stricter size checks ("object too large")
CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
	- netpbm-free <undetermined> (bug #854978)
	[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c and bpm/libpm.c rewritten, PoC triggers clean check "Zero byte allocation" missing in later versions)
	NOTE: Debian uses an old fork of netpbm
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
	NOTE: PoC+report attached to #854978
CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before 10.61.  ...)
	- netpbm-free <undetermined> (bug #854978)
	[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c rewritten, PoC triggers clean application error handling)
	NOTE: Debian uses an old fork of netpbm
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1024288 (reproducer)
CVE-2017-2577
	REJECTED
CVE-2017-2575 (A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL poi ...)
	NOT-FOR-US: libbpg
CVE-2017-2574
	RESERVED
CVE-2017-2573
	RESERVED
CVE-2017-2572
	RESERVED
CVE-2017-2571
	RESERVED
CVE-2017-2570
	RESERVED
CVE-2017-2569
	RESERVED
CVE-2017-2568
	RESERVED
CVE-2017-2567
	RESERVED
CVE-2017-2566
	RESERVED
CVE-2017-2565
	RESERVED
CVE-2017-2564
	RESERVED
CVE-2017-2563
	RESERVED
CVE-2017-2562
	RESERVED
CVE-2017-2561
	RESERVED
CVE-2017-2560
	RESERVED
CVE-2017-2559
	RESERVED
CVE-2017-2558
	RESERVED
CVE-2017-2557
	RESERVED
CVE-2017-2556
	RESERVED
CVE-2017-2555
	RESERVED
CVE-2017-2554
	RESERVED
CVE-2017-2553
	RESERVED
CVE-2017-2552
	RESERVED
CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possib ...)
	NOT-FOR-US: Wordpress plugin BackWPup
CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a cop ...)
	NOT-FOR-US: Easy Joomla Backup
CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2548 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2547 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2546 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2545 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2544 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2543 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2542 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2541 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2540 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2539 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2538 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.4-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: Not covered by security support
CVE-2017-2537 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2536 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2535 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2534 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2533 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2532
	RESERVED
CVE-2017-2531 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2530 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2529
	RESERVED
CVE-2017-2528 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2527 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2526 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2525 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2524 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2523 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2522 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	{DLA-1633-1}
	- sqlite3 3.16.2-1
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
	NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	{DLA-1633-1}
	- sqlite3 3.16.0-1
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632
	NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6
CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	{DLA-1633-1}
	- sqlite3 3.15.2-1
	[wheezy] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936
	NOTE: Fixed by: https://www.sqlite.org/src/info/0a98c8d76ac86412
CVE-2017-2517 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2516 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2515 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2514 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2513 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- sqlite3 3.15.2-1
	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=171
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5770842466156544
	NOTE: Fixed by: https://www.sqlite.org/src/info/c5dbc599b910c02a
CVE-2017-2512 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2511 (An issue was discovered in certain Apple products. Safari before 10.1. ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2510 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2509 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2508 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2507 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2506 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2505 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2504 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2503 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2502 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2501 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2500 (An issue was discovered in certain Apple products. Safari before 10.1. ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2499 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2498 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2497 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple
CVE-2017-2496 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	- webkit2gtk 2.16.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2495 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2494 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2493 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2492 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2491 (Use after free vulnerability in the String.replace method JavaScriptCo ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple involving Intel Graphics Driver
CVE-2017-2488
	RESERVED
CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving FontParser component
CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2485 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Security component
CVE-2017-2484 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Phone component
CVE-2017-2483 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2482 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2481 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2480 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2479 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2478 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2477 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2475 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2474 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2473 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2472 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2471 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2470 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2469 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2468 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2467 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving ImageIO component
CVE-2017-2466 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2465 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2464 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2463 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2462 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2461 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving CoreText component
CVE-2017-2460 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2459 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2458 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2457 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2456 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2455 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2454 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2453 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2452 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple Siri
CVE-2017-2451 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Security component
CVE-2017-2450 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving CoreText component
CVE-2017-2449 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple invovling Bluetooth component
CVE-2017-2448 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Keychain component
CVE-2017-2447 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2446 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2445 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2444 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving CoreGraphics component
CVE-2017-2443 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple involving Intel Graphics Driver
CVE-2017-2442 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2441 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple libc++abi component
CVE-2017-2440 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2439 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving FontParser component
CVE-2017-2438 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple involving AppleRAID component
CVE-2017-2437 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple involving IOFireWireAVC component
CVE-2017-2436 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple involving IOFireWireAVC component
CVE-2017-2435 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving CoreText component
CVE-2017-2434 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving HomeKit component
CVE-2017-2433 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2432 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple involving ImageIO component
CVE-2017-2431 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2430 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2429 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2428 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2427 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2426 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2425 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2424 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2423 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2422 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2421 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2420 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2419 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2418 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2417 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2416 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2415 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2414 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2413 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2412 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2411 (In iOS before 11.2, exchange rates were retrieved from HTTP rather tha ...)
	NOT-FOR-US: Apple
CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2408 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2407 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2406 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2405 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2404 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2403 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2402 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2401 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2400 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2399 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2398 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2397 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2396 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2395 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2394 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2393 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2392 (An issue was discovered in certain Apple products. Safari before 10.1  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2391 (An issue was discovered in certain Apple products. Pages before 6.1, N ...)
	NOT-FOR-US: Apple
CVE-2017-2390 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2017-2389 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2387 (The Apple Music (aka com.apple.android.music) application before 2.0 f ...)
	NOT-FOR-US: Apple Music application for Android
CVE-2017-2386 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2385 (An issue was discovered in certain Apple products. Safari before 10.1  ...)
	NOT-FOR-US: Apple
CVE-2017-2384 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2383 (An issue was discovered in certain Apple products. iCloud before 6.2 o ...)
	NOT-FOR-US: Apple
CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...)
	NOT-FOR-US: Apple
CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple, that's likely just a broken sudo config
CVE-2017-2380 (An issue was discovered in certain Apple products.  iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Apple
CVE-2017-2378 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2375
	RESERVED
CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...)
	NOT-FOR-US: Apple
CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2372 (An issue was discovered in certain Apple products. GarageBand before 1 ...)
	NOT-FOR-US: Apple
CVE-2017-2371 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2370 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	NOT-FOR-US: Apple
CVE-2017-2369 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2368 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	NOT-FOR-US: Apple
CVE-2017-2367 (An issue was discovered in certain Apple products. iOS before 10.3 is  ...)
	- webkitgtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2366 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2365 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2364 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2363 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2362 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2361 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2360 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	NOT-FOR-US: Apple
CVE-2017-2359 (An issue was discovered in certain Apple products. Safari before 10.0. ...)
	NOT-FOR-US: Apple
CVE-2017-2358 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2357 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2356 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2355 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2354 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2353 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2017-2352 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	NOT-FOR-US: Apple
CVE-2017-2351 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	NOT-FOR-US: Apple
CVE-2017-2350 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2349 (A command injection vulnerability in the IDP feature of Juniper Networ ...)
	NOT-FOR-US: Juniper
CVE-2017-2348 (The Juniper Enhanced jdhcpd daemon may experience high CPU utilization ...)
	NOT-FOR-US: Juniper
CVE-2017-2347 (A denial of service vulnerability in rpd daemon of Juniper Networks Ju ...)
	NOT-FOR-US: Juniper
CVE-2017-2346 (An MS-MPC or MS-MIC Service PIC may crash when large fragmented packet ...)
	NOT-FOR-US: Juniper
CVE-2017-2345 (On Junos OS devices with SNMP enabled, a network based attacker with u ...)
	NOT-FOR-US: Juniper
CVE-2017-2344 (A routine within an internal Junos OS sockets library is vulnerable to ...)
	NOT-FOR-US: Juniper
CVE-2017-2343 (The Integrated User Firewall (UserFW) feature was introduced in Junos  ...)
	NOT-FOR-US: Juniper
CVE-2017-2342 (MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D ...)
	NOT-FOR-US: Juniper
CVE-2017-2341 (An insufficient authentication vulnerability on platforms where Junos  ...)
	NOT-FOR-US: Juniper
CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...)
	NOT-FOR-US: Juniper
CVE-2017-2339 (A persistent cross site scripting vulnerability in NetScreen WebUI of  ...)
	NOT-FOR-US: Juniper
CVE-2017-2338 (A persistent cross site scripting vulnerability in NetScreen WebUI of  ...)
	NOT-FOR-US: Juniper
CVE-2017-2337 (A persistent cross site scripting vulnerability in NetScreen WebUI of  ...)
	NOT-FOR-US: Juniper
CVE-2017-2336 (A reflected cross site scripting vulnerability in NetScreen WebUI of J ...)
	NOT-FOR-US: Juniper
CVE-2017-2335 (A persistent cross site scripting vulnerability in NetScreen WebUI of  ...)
	NOT-FOR-US: Juniper
CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2333 (A persistent denial of service vulnerability in Juniper Networks North ...)
	NOT-FOR-US: Juniper
CVE-2017-2332 (An insufficient authentication vulnerability in Juniper Networks North ...)
	NOT-FOR-US: Juniper
CVE-2017-2331 (A firewall bypass vulnerability in Juniper Networks NorthStar Controll ...)
	NOT-FOR-US: Juniper
CVE-2017-2330 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2329 (An insufficient authentication vulnerability in Juniper Networks North ...)
	NOT-FOR-US: Juniper
CVE-2017-2328 (An information leak vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2327 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2326 (An information disclosure vulnerability in Juniper Networks NorthStar  ...)
	NOT-FOR-US: Juniper
CVE-2017-2325 (A buffer overflow vulnerability in Juniper Networks NorthStar Controll ...)
	NOT-FOR-US: Juniper
CVE-2017-2324 (A command injection vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2323 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2322 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2321 (A vulnerability in Juniper Networks NorthStar Controller Application p ...)
	NOT-FOR-US: Juniper
CVE-2017-2320 (A vulnerability in Juniper Networks NorthStar Controller Application p ...)
	NOT-FOR-US: Juniper
CVE-2017-2319 (A vulnerability in Juniper Networks NorthStar Controller Application p ...)
	NOT-FOR-US: Juniper
CVE-2017-2318 (A vulnerability in Juniper Networks NorthStar Controller Application p ...)
	NOT-FOR-US: Juniper
CVE-2017-2317 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...)
	NOT-FOR-US: Juniper
CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar Controll ...)
	NOT-FOR-US: Juniper
CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running affected Junos ...)
	NOT-FOR-US: Juniper
CVE-2017-2314 (Receipt of a malformed BGP OPEN message may cause the routing protocol ...)
	NOT-FOR-US: Juniper
CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may be imp ...)
	NOT-FOR-US: Juniper
CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions and wit ...)
	NOT-FOR-US: Juniper
CVE-2017-2311 (On Juniper Networks Junos Space versions prior to 16.1R1, an unauthent ...)
	NOT-FOR-US: Juniper
CVE-2017-2310 (A firewall bypass vulnerability in the host based firewall of Juniper  ...)
	NOT-FOR-US: Juniper
CVE-2017-2309 (On Juniper Networks Junos Space versions prior to 16.1R1 when certific ...)
	NOT-FOR-US: Juniper
CVE-2017-2308 (An XML External Entity Injection vulnerability in Juniper Networks Jun ...)
	NOT-FOR-US: Juniper
CVE-2017-2307 (A reflected cross site scripting vulnerability in the administrative i ...)
	NOT-FOR-US: Juniper
CVE-2017-2306 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an in ...)
	NOT-FOR-US: Juniper
CVE-2017-2305 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an in ...)
	NOT-FOR-US: Juniper
CVE-2017-2304 (Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 ...)
	NOT-FOR-US: Juniper
CVE-2017-2303 (On Juniper Networks products or platforms running Junos OS 12.1X46 pri ...)
	NOT-FOR-US: Juniper
CVE-2017-2302 (On Juniper Networks products or platforms running Junos OS 12.1X46 pri ...)
	NOT-FOR-US: Juniper
CVE-2017-2301 (On Juniper Networks products or platforms running Junos OS 11.4 prior  ...)
	NOT-FOR-US: Juniper
CVE-2017-2300 (On Juniper Networks SRX Series Services Gateways chassis clusters runn ...)
	NOT-FOR-US: Juniper
CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 mak ...)
	- puppet-module-puppetlabs-apache 3.0.0-1 (bug #875983)
	[stretch] - puppet-module-puppetlabs-apache <no-dsa> (Minor issue)
	[jessie] - puppet-module-puppetlabs-apache <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/CVE-2017-2299
	NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/7bb35c2293c12ce52329a4391fe1f20389efef06
CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a  ...)
	NOT-FOR-US: mcollective-sshkey-security plugin
CVE-2017-2297 (Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not corr ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2017-2296 (In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted  ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the wire  ...)
	{DSA-3862-1 DLA-1012-1}
	- puppet 4.8.2-5 (bug #863212)
	NOTE: https://puppet.com/security/cve/cve-2017-2295
	NOTE: https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea
CVE-2017-2294 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to  ...)
	- puppet <not-affected> (Doesn't affect Puppet as shipped in Debian)
	NOTE: Puppet as shipped in Debian doesn't provide puppetdb yet
CVE-2017-2293 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped wi ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents  ...)
	- mcollective 2.12.0+dfsg-1 (bug #866711)
	[jessie] - mcollective <no-dsa> (Minor issue)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/cve-2017-2292
	NOTE: https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0
CVE-2017-2291
	RESERVED
CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, versi ...)
	NOT-FOR-US: mcollective-puppet-agent plugin on Windows
CVE-2017-2289 (Untrusted search path vulnerability in Installer of Qua station connec ...)
	NOT-FOR-US: Installer of Qua station connection tool for Windows
CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier  ...)
	NOT-FOR-US: LhaForge
CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover Ver.1 ...)
	NOT-FOR-US: NFC Port Software remover
CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software Version 5.5.0 ...)
	NOT-FOR-US: NFC Port Software
CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS prior t ...)
	NOT-FOR-US: Simple Custom CSS and JS
CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to version 1.6 ...)
	NOT-FOR-US: Popup Maker
CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credential ...)
	NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allow ...)
	NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an attacker to ex ...)
	NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentia ...)
	NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier al ...)
	NOT-FOR-US: Tween
CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEE ...)
	NOT-FOR-US: RBB SPEED TEST App
CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access restric ...)
	NOT-FOR-US: WG-C10
CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to ex ...)
	NOT-FOR-US: WG-C10
CVE-2017-2275 (WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS  ...)
	NOT-FOR-US: WG-C10
CVE-2017-2274 (Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and ea ...)
	NOT-FOR-US: WMR-433* firmware
CVE-2017-2273 (Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ve ...)
	NOT-FOR-US: WMR-433* firmware
CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
	NOT-FOR-US: AttacheCase
CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
	NOT-FOR-US: AttacheCase
CVE-2017-2270 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2269 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2268 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2267 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2266 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2265 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2264
	RESERVED
CVE-2017-2263
	RESERVED
CVE-2017-2262
	RESERVED
CVE-2017-2261
	RESERVED
CVE-2017-2260
	RESERVED
CVE-2017-2259
	RESERVED
CVE-2017-2258 (Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allo ...)
	NOT-FOR-US: Cybozu
CVE-2017-2257 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 all ...)
	NOT-FOR-US: Cybozu
CVE-2017-2256 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 all ...)
	NOT-FOR-US: Cybozu
CVE-2017-2255 (Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 all ...)
	NOT-FOR-US: Cybozu
CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of s ...)
	NOT-FOR-US: Cybozu
CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar (fo ...)
	NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer)
CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive files c ...)
	NOT-FOR-US: File Compact
CVE-2017-2251
	RESERVED
CVE-2017-2250
	RESERVED
CVE-2017-2249 (Untrusted search path vulnerability in Self-extracting archive files c ...)
	NOT-FOR-US: Lhaz+
CVE-2017-2248 (Untrusted search path vulnerability in Installer of Lhaz+ version 3.4. ...)
	NOT-FOR-US: Lhaz+
CVE-2017-2247 (Untrusted search path vulnerability in Self-extracting archive files c ...)
	NOT-FOR-US: Lhaz
CVE-2017-2246 (Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 ...)
	NOT-FOR-US: Lhaz
CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to vers ...)
	NOT-FOR-US: Shortcodes Ultimate
CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmwar ...)
	NOT-FOR-US: MFC-J960DWN firmware
CVE-2017-2243 (Cross-site scripting vulnerability in Responsive Lightbox prior to ver ...)
	NOT-FOR-US: Responsive Lightbox
CVE-2017-2242 (Untrusted search path vulnerability in Flets Setsuzoku Tool for Window ...)
	NOT-FOR-US: Flets Setsuzoku Tool for Windows
CVE-2017-2241 (SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and e ...)
	NOT-FOR-US: AssetView for MacOS
CVE-2017-2240 (Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and ...)
	NOT-FOR-US: AssetView for MacOS
CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access loca ...)
	NOT-FOR-US: Marp
CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home gatewa ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A
CVE-2017-2237 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2236 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2235 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2234 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2233 (Untrusted search path vulnerability in Installer of PDF Digital Signat ...)
	NOT-FOR-US: PDF Digital Signature Plugin
CVE-2017-2232 (Untrusted search path vulnerability in Installer of Shinseiyo Sogo Sof ...)
	NOT-FOR-US: Installer of Shinseiyo Sogo Soft
CVE-2017-2231 (Untrusted search path vulnerability in The installer of MLIT DenshiSei ...)
	NOT-FOR-US: installer of MLIT DenshiSeikabutsuSakuseiShienKensa system
CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Check P ...)
	NOT-FOR-US: Douro Kouji Kanseizutou Check Program
CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...)
	NOT-FOR-US: Douroshisetu Kihon Data Sakusei System
CVE-2017-2228 (Untrusted search path vulnerability in Teikihoukokusho Sakuseishien To ...)
	NOT-FOR-US: Teikihoukokusho Sakuseishien Tool
CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP V ...)
	NOT-FOR-US: installer of Charamin OMP
CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance preparati ...)
	NOT-FOR-US: e-Tax
CVE-2017-2225 (Untrusted search path vulnerability in EbidSettingChecker.exe (version ...)
	NOT-FOR-US: EbidSettingChecker.exe
CVE-2017-2224 (Cross-site scripting vulnerability in Event Calendar WD prior to versi ...)
	NOT-FOR-US: Event Calendar WD
CVE-2017-2223 (Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM ...)
	NOT-FOR-US: TS-WPTCAM
CVE-2017-2222 (Cross-site scripting vulnerability in WP-Members prior to version 3.1. ...)
	NOT-FOR-US: WP-Members
CVE-2017-2221 (Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1 ...)
	NOT-FOR-US: Installer of Baidu IME
CVE-2017-2220 (Untrusted search path vulnerability in Installer of CASL II simulator  ...)
	NOT-FOR-US: Installer of CASL II simulator
CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] instal ...)
	NOT-FOR-US: Simeji
CVE-2017-2218 (Untrusted search path vulnerability in Installer of QuickTime for Wind ...)
	NOT-FOR-US: Installer of QuickTime for Windows
CVE-2017-2217 (Open redirect vulnerability in WordPress Download Manager prior to ver ...)
	NOT-FOR-US: WordPress Download Manager
CVE-2017-2216 (Cross-site scripting vulnerability in WordPress Download Manager prior ...)
	NOT-FOR-US: WordPress Download Manager
CVE-2017-2215 (Untrusted search path vulnerability in Installer of "Setup file of adv ...)
	NOT-FOR-US: Installer of "Setup file of advance preparation"
CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...)
	NOT-FOR-US: AppCheck
CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EX ...)
	NOT-FOR-US: SemiDynaEXE
CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver.  ...)
	NOT-FOR-US: TKY2JGD
CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101. ...)
	NOT-FOR-US: PatchJGD
CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. ...)
	NOT-FOR-US: PatchJGD
CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo Sak ...)
	NOT-FOR-US: Houkokusyo Sakusei Shien Tool
CVE-2017-2208 (Untrusted search path vulnerability in Installer of Electronic tenderi ...)
	NOT-FOR-US: Installer of Electronic tendering and bid opening system
CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal  ...)
	NOT-FOR-US: SaAT Personal
CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen v ...)
	NOT-FOR-US: SaAT Netizen
CVE-2017-2205
	RESERVED
CVE-2017-2204
	RESERVED
CVE-2017-2203
	RESERVED
CVE-2017-2202
	RESERVED
CVE-2017-2201
	RESERVED
CVE-2017-2200
	RESERVED
CVE-2017-2199
	RESERVED
CVE-2017-2198
	RESERVED
CVE-2017-2197
	RESERVED
CVE-2017-2196
	RESERVED
CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version  ...)
	NOT-FOR-US: Multi Feed Reader plugin for wordpress
CVE-2017-2194 (Cross-site scripting vulnerability in Source code security studying to ...)
	NOT-FOR-US: iCodeChecker
CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...)
	NOT-FOR-US: Tera Term
CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify executio ...)
	NOT-FOR-US: RW5100 installer
CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer for Wi ...)
	NOT-FOR-US: RW5100 installer
CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify executio ...)
	NOT-FOR-US: RW4040
CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for Wi ...)
	NOT-FOR-US: RW4040
CVE-2017-2188 (Untrusted search path vulnerability in Installer of Denshinouhin Check ...)
	NOT-FOR-US: Installer of Denshinouhin Check System
CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ve ...)
	NOT-FOR-US: WP Live Chat
CVE-2017-2186 (HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2185 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attacke ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2184 (Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2183 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attacke ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2180 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2179 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2178 (Untrusted search path vulnerability in Installer of electronic tenderi ...)
	NOT-FOR-US: electronic tendering and bid opening system
CVE-2017-2177 (Untrusted search path vulnerability in Installer of Shogyo Touki Densh ...)
	NOT-FOR-US: Shogyo Touki Denshi Ninsho
CVE-2017-2176 (Untrusted search path vulnerability in screensaver installers (jasdf_0 ...)
	NOT-FOR-US: screensaver installers for Windows
CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - eXt ...)
	NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - eXte ...)
	NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - eXte ...)
	NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2172 (Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 t ...)
	NOT-FOR-US: Cybozu
CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0,  ...)
	NOT-FOR-US: WordPress plugins provided by BestWebSoft
CVE-2017-2170
	RESERVED
CVE-2017-2169 (Cross-site scripting vulnerability in MaxButtons prior to version 6.19 ...)
	NOT-FOR-US: MaxButtons plugin for WordPress
CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free version p ...)
	NOT-FOR-US: WP Booking System
CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive Deskto ...)
	NOT-FOR-US: PrimeDrive
CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and earlier  ...)
	NOT-FOR-US: GroupSession
CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated at ...)
	NOT-FOR-US: GroupSession
CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 an ...)
	NOT-FOR-US: SOY CMS
CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 a ...)
	NOT-FOR-US: SOY CMS
CVE-2017-2162 (FlashAirTM SDHC Memory Card (SD-WE Series &lt;W-03&gt;) V3.00.02 and e ...)
	NOT-FOR-US: FlashAirTM
CVE-2017-2161 (FlashAirTM SDHC Memory Card (SD-WE Series &lt;W-03&gt;) V3.00.02 and e ...)
	NOT-FOR-US: FlashAirTM
CVE-2017-2160
	RESERVED
CVE-2017-2159
	RESERVED
CVE-2017-2158 (Improper verification when expanding ZIP64 archives in Lhaplus version ...)
	NOT-FOR-US: Lhaplus
CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public Certi ...)
	NOT-FOR-US: The Public Certification Service
CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows p ...)
	NOT-FOR-US: Vivaldi installer Windows
CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13  ...)
	NOT-FOR-US: Hoozin Viewer
CVE-2017-2154 (Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanak ...)
	NOT-FOR-US: Booking Calendar
CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5. ...)
	NOT-FOR-US: SEIL
CVE-2017-2152 (WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to ...)
	NOT-FOR-US: WNC01WH firmware
CVE-2017-2151 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...)
	NOT-FOR-US: Booking Calendar
CVE-2017-2150 (Directory traversal vulnerability in Booking Calendar version 7.0 and  ...)
	NOT-FOR-US: Booking Calendar
CVE-2017-2149 (Untrusted search path vulnerability in installers of the software for  ...)
	NOT-FOR-US: installers of the software for SDHC/SDXC Memory Cards
CVE-2017-2148 (Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.0 ...)
	NOT-FOR-US: WN-AC1167GR firmware
CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
	NOT-FOR-US: WP Statistics
CVE-2017-2146 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2017-2145 (Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2017-2144 (Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another use ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...)
	NOT-FOR-US: CS-Cart
CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remo ...)
	NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2141 (WN-G300R3 firmware 1.03 and earlier allows attackers with administrato ...)
	NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2140 (Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be e ...)
	NOT-FOR-US: Tablacus Explorer
CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS ...)
	NOT-FOR-US: CS-Cart
CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Ed ...)
	NOT-FOR-US: CS-Cart
CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attac ...)
	NOT-FOR-US: ProSAFE Plus Configuration Utility
CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
	NOT-FOR-US: WP Statistics
CVE-2017-2135 (Cross-site scripting vulnerability in WP Statistics version 12.0.1 and ...)
	NOT-FOR-US: WP Statistics
CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...)
	NOT-FOR-US: ASSETBASE
CVE-2017-2133 (SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices  ...)
	NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices
CVE-2017-2132 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or H ...)
	NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices
CVE-2017-2131 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or H ...)
	NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices
CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall Clie ...)
	NOT-FOR-US: installer of PhishWall Client Internet Explorer
CVE-2017-2129
	RESERVED
CVE-2017-2128 (Security guide for website operators allows remote attackers to execut ...)
	NOT-FOR-US: Security guide for website operators
CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...)
	NOT-FOR-US: YOP Poll
CVE-2017-2126 (WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1 ...)
	NOT-FOR-US: WAPM-* firmware
CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote authe ...)
	NOT-FOR-US: CentreCOM AR260S
CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
	NOT-FOR-US: OneThird CMS
CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
	NOT-FOR-US: OneThird CMS
CVE-2017-2122 (Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6. ...)
	NOT-FOR-US: Nessus
CVE-2017-2121
	RESERVED
CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows  ...)
	NOT-FOR-US: WBCE CMS
CVE-2017-2119 (Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allow ...)
	NOT-FOR-US: WBCE CMS
CVE-2017-2118 (Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allo ...)
	NOT-FOR-US: WBCE CMS
CVE-2017-2117 (Directory traversal vulnerability in CubeCart versions prior to 6.1.5  ...)
	NOT-FOR-US: CubeCart
CVE-2017-2116 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers t ...)
	NOT-FOR-US: Cybozu
CVE-2017-2115 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers t ...)
	NOT-FOR-US: Cybozu
CVE-2017-2114 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 a ...)
	NOT-FOR-US: Cybozu
CVE-2017-2113 (Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPT ...)
	NOT-FOR-US: firmware in network cameras by I-O DATA
CVE-2017-2112 (TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware versi ...)
	NOT-FOR-US: firmware in network cameras by I-O DATA
CVE-2017-2111 (HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 ...)
	NOT-FOR-US: firmware in network cameras by I-O DATA
CVE-2017-2110 (The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2. ...)
	NOT-FOR-US: CX App for Android
CVE-2017-2109 (Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to ob ...)
	NOT-FOR-US: Cybozu
CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Application  ...)
	NOT-FOR-US: PrimeDrive Desktop Application
CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files c ...)
	NOT-FOR-US: 7-ZIP32.DLL
CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...)
	- webmin <removed>
CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 certi ...)
	NOT-FOR-US: TVer App for Android
CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not veri ...)
	NOT-FOR-US: Business LaLa Call App for Android
CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509  ...)
	NOT-FOR-US: LaLa Call App for Android
CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerabil ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2101 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2100 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2099 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4  ...)
	NOT-FOR-US: CubeCart
CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions  ...)
	NOT-FOR-US: Knowledge
CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute  ...)
	NOT-FOR-US: smalruby-editor
CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens u ...)
	NOT-FOR-US: Cybozu
CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 all ...)
	NOT-FOR-US: Cybozu
CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4  ...)
	NOT-FOR-US: CubeCart
CVE-2017-2089
	REJECTED
CVE-2017-2088
	REJECTED
CVE-2017-2087
	REJECTED
CVE-2017-2086
	REJECTED
CVE-2017-2085
	REJECTED
CVE-2017-2084
	REJECTED
CVE-2017-2083
	REJECTED
CVE-2017-2082
	REJECTED
CVE-2017-2081
	REJECTED
CVE-2017-2080
	REJECTED
CVE-2017-2079
	REJECTED
CVE-2017-2078
	REJECTED
CVE-2017-2077
	REJECTED
CVE-2017-2076
	REJECTED
CVE-2017-2075
	REJECTED
CVE-2017-2074
	REJECTED
CVE-2017-2073
	REJECTED
CVE-2017-2072
	REJECTED
CVE-2017-2071
	REJECTED
CVE-2017-2070
	REJECTED
CVE-2017-2069
	REJECTED
CVE-2017-2068
	REJECTED
CVE-2017-2067
	REJECTED
CVE-2017-2066
	REJECTED
CVE-2017-2065
	REJECTED
CVE-2017-2064
	REJECTED
CVE-2017-2063
	REJECTED
CVE-2017-2062
	REJECTED
CVE-2017-2061
	REJECTED
CVE-2017-2060
	REJECTED
CVE-2017-2059
	REJECTED
CVE-2017-2058
	REJECTED
CVE-2017-2057
	REJECTED
CVE-2017-2056
	REJECTED
CVE-2017-2055
	REJECTED
CVE-2017-2054
	REJECTED
CVE-2017-2053
	REJECTED
CVE-2017-2052
	REJECTED
CVE-2017-2051
	REJECTED
CVE-2017-2050
	REJECTED
CVE-2017-2049
	REJECTED
CVE-2017-2048
	REJECTED
CVE-2017-2047
	REJECTED
CVE-2017-2046
	REJECTED
CVE-2017-2045
	REJECTED
CVE-2017-2044
	REJECTED
CVE-2017-2043
	REJECTED
CVE-2017-2042
	REJECTED
CVE-2017-2041
	REJECTED
CVE-2017-2040
	REJECTED
CVE-2017-2039
	REJECTED
CVE-2017-2038
	REJECTED
CVE-2017-2037
	REJECTED
CVE-2017-2036
	REJECTED
CVE-2017-2035
	REJECTED
CVE-2017-2034
	REJECTED
CVE-2017-2033
	REJECTED
CVE-2017-2032
	REJECTED
CVE-2017-2031
	REJECTED
CVE-2017-2030
	REJECTED
CVE-2017-2029
	REJECTED
CVE-2017-2028
	REJECTED
CVE-2017-2027
	REJECTED
CVE-2017-2026
	REJECTED
CVE-2017-2025
	REJECTED
CVE-2017-2024
	REJECTED
CVE-2017-2023
	REJECTED
CVE-2017-2022
	REJECTED
CVE-2017-2021
	REJECTED
CVE-2017-2020
	REJECTED
CVE-2017-2019
	REJECTED
CVE-2017-2018
	REJECTED
CVE-2017-2017
	REJECTED
CVE-2017-2016
	REJECTED
CVE-2017-2015
	REJECTED
CVE-2017-2014
	REJECTED
CVE-2017-2013
	REJECTED
CVE-2017-2012
	REJECTED
CVE-2017-2011
	REJECTED
CVE-2017-2010
	REJECTED
CVE-2017-2009
	REJECTED
CVE-2017-2008
	REJECTED
CVE-2017-2007
	REJECTED
CVE-2017-2006
	REJECTED
CVE-2017-2005
	REJECTED
CVE-2017-2004
	REJECTED
CVE-2017-2003
	REJECTED
CVE-2017-2002
	REJECTED
CVE-2017-2001
	REJECTED
CVE-2017-2000
	REJECTED
CVE-2017-1999
	REJECTED
CVE-2017-1998
	REJECTED
CVE-2017-1997
	REJECTED
CVE-2017-1996
	REJECTED
CVE-2017-1995
	REJECTED
CVE-2017-1994
	REJECTED
CVE-2017-1993
	REJECTED
CVE-2017-1992
	REJECTED
CVE-2017-1991
	REJECTED
CVE-2017-1990
	REJECTED
CVE-2017-1989
	REJECTED
CVE-2017-1988
	REJECTED
CVE-2017-1987
	REJECTED
CVE-2017-1986
	REJECTED
CVE-2017-1985
	REJECTED
CVE-2017-1984
	REJECTED
CVE-2017-1983
	REJECTED
CVE-2017-1982
	REJECTED
CVE-2017-1981
	REJECTED
CVE-2017-1980
	REJECTED
CVE-2017-1979
	REJECTED
CVE-2017-1978
	REJECTED
CVE-2017-1977
	REJECTED
CVE-2017-1976
	REJECTED
CVE-2017-1975
	REJECTED
CVE-2017-1974
	REJECTED
CVE-2017-1973
	REJECTED
CVE-2017-1972
	REJECTED
CVE-2017-1971
	REJECTED
CVE-2017-1970
	REJECTED
CVE-2017-1969
	REJECTED
CVE-2017-1968
	REJECTED
CVE-2017-1967
	REJECTED
CVE-2017-1966
	REJECTED
CVE-2017-1965
	REJECTED
CVE-2017-1964
	REJECTED
CVE-2017-1963
	REJECTED
CVE-2017-1962
	REJECTED
CVE-2017-1961
	REJECTED
CVE-2017-1960
	REJECTED
CVE-2017-1959
	REJECTED
CVE-2017-1958
	REJECTED
CVE-2017-1957
	REJECTED
CVE-2017-1956
	REJECTED
CVE-2017-1955
	REJECTED
CVE-2017-1954
	REJECTED
CVE-2017-1953
	REJECTED
CVE-2017-1952
	REJECTED
CVE-2017-1951
	REJECTED
CVE-2017-1950
	REJECTED
CVE-2017-1949
	REJECTED
CVE-2017-1948
	REJECTED
CVE-2017-1947
	REJECTED
CVE-2017-1946
	REJECTED
CVE-2017-1945
	REJECTED
CVE-2017-1944
	REJECTED
CVE-2017-1943
	REJECTED
CVE-2017-1942
	REJECTED
CVE-2017-1941
	REJECTED
CVE-2017-1940
	REJECTED
CVE-2017-1939
	REJECTED
CVE-2017-1938
	REJECTED
CVE-2017-1937
	REJECTED
CVE-2017-1936
	REJECTED
CVE-2017-1935
	REJECTED
CVE-2017-1934
	REJECTED
CVE-2017-1933
	REJECTED
CVE-2017-1932
	REJECTED
CVE-2017-1931
	REJECTED
CVE-2017-1930
	REJECTED
CVE-2017-1929
	REJECTED
CVE-2017-1928
	REJECTED
CVE-2017-1927
	REJECTED
CVE-2017-1926
	REJECTED
CVE-2017-1925
	REJECTED
CVE-2017-1924
	REJECTED
CVE-2017-1923
	REJECTED
CVE-2017-1922
	REJECTED
CVE-2017-1921
	REJECTED
CVE-2017-1920
	REJECTED
CVE-2017-1919
	REJECTED
CVE-2017-1918
	REJECTED
CVE-2017-1917
	REJECTED
CVE-2017-1916
	REJECTED
CVE-2017-1915
	REJECTED
CVE-2017-1914
	REJECTED
CVE-2017-1913
	REJECTED
CVE-2017-1912
	REJECTED
CVE-2017-1911
	REJECTED
CVE-2017-1910
	REJECTED
CVE-2017-1909
	REJECTED
CVE-2017-1908
	REJECTED
CVE-2017-1907
	REJECTED
CVE-2017-1906
	REJECTED
CVE-2017-1905
	REJECTED
CVE-2017-1904
	REJECTED
CVE-2017-1903
	REJECTED
CVE-2017-1902
	REJECTED
CVE-2017-1901
	REJECTED
CVE-2017-1900
	REJECTED
CVE-2017-1899
	REJECTED
CVE-2017-1898
	REJECTED
CVE-2017-1897
	REJECTED
CVE-2017-1896
	REJECTED
CVE-2017-1895
	REJECTED
CVE-2017-1894
	REJECTED
CVE-2017-1893
	REJECTED
CVE-2017-1892
	REJECTED
CVE-2017-1891
	REJECTED
CVE-2017-1890
	REJECTED
CVE-2017-1889
	REJECTED
CVE-2017-1888
	REJECTED
CVE-2017-1887
	REJECTED
CVE-2017-1886
	REJECTED
CVE-2017-1885
	REJECTED
CVE-2017-1884
	REJECTED
CVE-2017-1883
	REJECTED
CVE-2017-1882
	REJECTED
CVE-2017-1881
	REJECTED
CVE-2017-1880
	REJECTED
CVE-2017-1879
	REJECTED
CVE-2017-1878
	REJECTED
CVE-2017-1877
	REJECTED
CVE-2017-1876
	REJECTED
CVE-2017-1875
	REJECTED
CVE-2017-1874
	REJECTED
CVE-2017-1873
	REJECTED
CVE-2017-1872
	REJECTED
CVE-2017-1871
	REJECTED
CVE-2017-1870
	REJECTED
CVE-2017-1869
	REJECTED
CVE-2017-1868
	REJECTED
CVE-2017-1867
	REJECTED
CVE-2017-1866
	REJECTED
CVE-2017-1865
	REJECTED
CVE-2017-1864
	REJECTED
CVE-2017-1863
	REJECTED
CVE-2017-1862
	REJECTED
CVE-2017-1861
	REJECTED
CVE-2017-1860
	REJECTED
CVE-2017-1859
	REJECTED
CVE-2017-1858
	REJECTED
CVE-2017-1857
	REJECTED
CVE-2017-1856
	REJECTED
CVE-2017-1855
	REJECTED
CVE-2017-1854
	REJECTED
CVE-2017-1853
	REJECTED
CVE-2017-1852
	REJECTED
CVE-2017-1851
	REJECTED
CVE-2017-1850
	REJECTED
CVE-2017-1849
	REJECTED
CVE-2017-1848
	REJECTED
CVE-2017-1847
	REJECTED
CVE-2017-1846
	REJECTED
CVE-2017-1845
	REJECTED
CVE-2017-1844
	REJECTED
CVE-2017-1843
	REJECTED
CVE-2017-1842
	REJECTED
CVE-2017-1841
	REJECTED
CVE-2017-1840
	REJECTED
CVE-2017-1839
	REJECTED
CVE-2017-1838
	REJECTED
CVE-2017-1837
	REJECTED
CVE-2017-1836
	REJECTED
CVE-2017-1835
	REJECTED
CVE-2017-1834
	REJECTED
CVE-2017-1833
	REJECTED
CVE-2017-1832
	REJECTED
CVE-2017-1831
	REJECTED
CVE-2017-1830
	REJECTED
CVE-2017-1829
	REJECTED
CVE-2017-1828
	REJECTED
CVE-2017-1827
	REJECTED
CVE-2017-1826
	REJECTED
CVE-2017-1825
	REJECTED
CVE-2017-1824
	REJECTED
CVE-2017-1823
	REJECTED
CVE-2017-1822
	REJECTED
CVE-2017-1821
	REJECTED
CVE-2017-1820
	REJECTED
CVE-2017-1819
	REJECTED
CVE-2017-1818
	REJECTED
CVE-2017-1817
	REJECTED
CVE-2017-1816
	REJECTED
CVE-2017-1815
	REJECTED
CVE-2017-1814
	REJECTED
CVE-2017-1813
	REJECTED
CVE-2017-1812
	REJECTED
CVE-2017-1811
	REJECTED
CVE-2017-1810
	RESERVED
CVE-2017-1809
	RESERVED
CVE-2017-1808
	RESERVED
CVE-2017-1807
	RESERVED
CVE-2017-1806
	RESERVED
CVE-2017-1805
	RESERVED
CVE-2017-1804
	RESERVED
CVE-2017-1803
	RESERVED
CVE-2017-1802
	RESERVED
CVE-2017-1801
	RESERVED
CVE-2017-1800
	RESERVED
CVE-2017-1799
	RESERVED
CVE-2017-1798
	RESERVED
CVE-2017-1797
	RESERVED
CVE-2017-1796
	RESERVED
CVE-2017-1795 (IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local u ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1794 (IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7  ...)
	NOT-FOR-US: IBM
CVE-2017-1793 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2017-1792 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2017-1791 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2017-1790 (IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through ...)
	NOT-FOR-US: IBM DOORS Next Generation
CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticate ...)
	NOT-FOR-US: IBM
CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login coul ...)
	NOT-FOR-US: IBM
CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerab ...)
	NOT-FOR-US: IBM Publishing Engine
CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under speci ...)
	NOT-FOR-US: IBM
CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote us ...)
	NOT-FOR-US: IBM API Connect
CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files tha ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change parameter ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2017-1782
	RESERVED
CVE-2017-1781
	RESERVED
CVE-2017-1780
	RESERVED
CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials locally that  ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2017-1778
	RESERVED
CVE-2017-1777
	RESERVED
CVE-2017-1776
	RESERVED
CVE-2017-1775
	RESERVED
CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sen ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker  ...)
	NOT-FOR-US: IBM DataPower Gateways
CVE-2017-1772 (IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and  ...)
	NOT-FOR-US: IBM
CVE-2017-1771
	RESERVED
CVE-2017-1770
	RESERVED
CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request f ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2017-1768 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an  ...)
	NOT-FOR-US: IBM
CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an  ...)
	NOT-FOR-US: IBM
CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user wit ...)
	NOT-FOR-US: IBM
CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, u ...)
	NOT-FOR-US: IBM
CVE-2017-1763
	RESERVED
CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash t ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1759
	RESERVED
CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for Multi-Platform
CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote at ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...)
	NOT-FOR-US: IBM
CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1754
	RESERVED
CVE-2017-1753 (Multiple IBM Rational products are vulnerable to HTML injection. A rem ...)
	NOT-FOR-US: IBM
CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileg ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vuln ...)
	NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0 ...)
	NOT-FOR-US: IBM Jazz Reporting Service
CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to con ...)
	NOT-FOR-US: IBM
CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM Web ...)
	NOT-FOR-US: IBM
CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulne ...)
	NOT-FOR-US: IBM Jazz for Service Management
CVE-2017-1745
	RESERVED
CVE-2017-1744
	RESERVED
CVE-2017-1743 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2017-1742
	RESERVED
CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is  ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2017-1738 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 c ...)
	NOT-FOR-US: IBM
CVE-2017-1737
	RESERVED
CVE-2017-1736
	RESERVED
CVE-2017-1735
	RESERVED
CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...)
	NOT-FOR-US: IBM
CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files t ...)
	NOT-FOR-US: IBM
CVE-2017-1732 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does n ...)
	NOT-FOR-US: IBM
CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1730
	RESERVED
CVE-2017-1729 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2017-1728
	RESERVED
CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1726
	RESERVED
CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...)
	NOT-FOR-US: IBM
CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to  ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated us ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrar ...)
	NOT-FOR-US: IBM Notes
CVE-2017-1719
	RESERVED
CVE-2017-1718
	RESERVED
CVE-2017-1717 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose s ...)
	NOT-FOR-US: IBM Tivoli Workload Scheduler
CVE-2017-1715 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated loca ...)
	NOT-FOR-US: IBM Notes and Domino NSD
CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic a ...)
	NOT-FOR-US: IBM
CVE-2017-1712 ("A vulnerability in the TLS protocol implementation of the Domino serv ...)
	TODO: check
CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicio ...)
	NOT-FOR-US: IBM iNotes
CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (20 ...)
	NOT-FOR-US: IBM
CVE-2017-1709
	RESERVED
CVE-2017-1708
	RESERVED
CVE-2017-1707
	RESERVED
CVE-2017-1706
	RESERVED
CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains left-over, sen ...)
	NOT-FOR-US: IBM
CVE-2017-1704
	RESERVED
CVE-2017-1703
	RESERVED
CVE-2017-1702
	RESERVED
CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6. ...)
	NOT-FOR-US: IBM
CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...)
	NOT-FOR-US: IBM
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissio ...)
	NOT-FOR-US: IBM MQ Managed File Transfer Agent
CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive inf ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1697
	RESERVED
CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to  ...)
	NOT-FOR-US: IBM QRadar
CVE-2017-1695 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic al ...)
	NOT-FOR-US: IBM
CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain i ...)
	NOT-FOR-US: IBM Integration Bus
CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has capt ...)
	NOT-FOR-US: IBM Integration Bus
CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability t ...)
	NOT-FOR-US: IBM AIX
CVE-2017-1691 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1690 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1689 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2017-1688 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2017-1687
	RESERVED
CVE-2017-1686
	RESERVED
CVE-2017-1685
	RESERVED
CVE-2017-1684
	RESERVED
CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site scri ...)
	NOT-FOR-US: IBM Connections Engagement Center
CVE-2017-1682 (IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM Connections
CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.1 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1680
	RESERVED
CVE-2017-1679 (IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attac ...)
	NOT-FOR-US: IBM
CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and  ...)
	NOT-FOR-US: IBM
CVE-2017-1676
	RESERVED
CVE-2017-1675
	RESERVED
CVE-2017-1674
	RESERVED
CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cr ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remot ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQ ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive in ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remot ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1667
	RESERVED
CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a  ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ex ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ex ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1663
	RESERVED
CVE-2017-1662
	RESERVED
CVE-2017-1661
	RESERVED
CVE-2017-1660
	RESERVED
CVE-2017-1659 ("HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerabili ...)
	NOT-FOR-US: HCL iNotes
CVE-2017-1658
	RESERVED
CVE-2017-1657
	RESERVED
CVE-2017-1656
	RESERVED
CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivi ...)
	NOT-FOR-US: IBM
CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6 ...)
	NOT-FOR-US: IBM Jazz Foundation
CVE-2017-1652 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1651 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2017-1649 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2017-1648
	RESERVED
CVE-2017-1647
	RESERVED
CVE-2017-1646
	RESERVED
CVE-2017-1645
	RESERVED
CVE-2017-1644
	RESERVED
CVE-2017-1643
	RESERVED
CVE-2017-1642
	RESERVED
CVE-2017-1641
	RESERVED
CVE-2017-1640
	RESERVED
CVE-2017-1639
	RESERVED
CVE-2017-1638
	RESERVED
CVE-2017-1637
	RESERVED
CVE-2017-1636
	RESERVED
CVE-2017-1635 (IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to exec ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2017-1634
	RESERVED
CVE-2017-1633 (IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulne ...)
	NOT-FOR-US: IBM Jazz for Service Management
CVE-2017-1630
	RESERVED
CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to sto ...)
	NOT-FOR-US: IBM
CVE-2017-1627
	RESERVED
CVE-2017-1626
	RESERVED
CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to  ...)
	NOT-FOR-US: IBM
CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical ...)
	NOT-FOR-US: IBM
CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM QRadar
CVE-2017-1622 (IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly valida ...)
	NOT-FOR-US: IBM
CVE-2017-1621 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1620
	RESERVED
CVE-2017-1619
	RESERVED
CVE-2017-1618
	RESERVED
CVE-2017-1617
	RESERVED
CVE-2017-1616
	RESERVED
CVE-2017-1615
	RESERVED
CVE-2017-1614
	RESERVED
CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to  ...)
	NOT-FOR-US: IBM Connections
CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module coul ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1611
	RESERVED
CVE-2017-1610
	RESERVED
CVE-2017-1609 (IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are  ...)
	NOT-FOR-US: IBM
CVE-2017-1608 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2017-1606 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0. ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2017-1605
	RESERVED
CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Maximo Anywhere
CVE-2017-1603
	RESERVED
CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6. ...)
	NOT-FOR-US: IBM
CVE-2017-1601 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database A ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to  ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1599
	RESERVED
CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than  ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1597 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and  ...)
	NOT-FOR-US: IBM
CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a loc ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a loc ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1594
	RESERVED
CVE-2017-1593 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1592 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1591 (IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2017-1590
	RESERVED
CVE-2017-1589
	RESERVED
CVE-2017-1588
	RESERVED
CVE-2017-1587
	RESERVED
CVE-2017-1586
	RESERVED
CVE-2017-1585
	RESERVED
CVE-2017-1584
	RESERVED
CVE-2017-1583 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1582
	RESERVED
CVE-2017-1581
	RESERVED
CVE-2017-1580
	RESERVED
CVE-2017-1579
	RESERVED
CVE-2017-1578
	RESERVED
CVE-2017-1577 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2017-1576
	RESERVED
CVE-2017-1575 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...)
	NOT-FOR-US: IBM
CVE-2017-1574
	RESERVED
CVE-2017-1573
	RESERVED
CVE-2017-1572
	RESERVED
CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user to obta ...)
	NOT-FOR-US: IBM
CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2017-1568 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1567 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1566
	RESERVED
CVE-2017-1565 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1564 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1563 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1562 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1561 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1560 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1559 (Multiple IBM Rational products could disclose sensitive information by ...)
	NOT-FOR-US: IBM
CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2017-1557 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with au ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular exp ...)
	NOT-FOR-US: IBM
CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated u ...)
	NOT-FOR-US: IBM
CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injec ...)
	NOT-FOR-US: IBM
CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker  ...)
	NOT-FOR-US: IBM
CVE-2017-1550 (IBM Sterling File Gateway 2.2 could allow an authenticated user to cha ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1549 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1548 (IBM Sterling File Gateway 2.2 could allow a remote attacker to travers ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1547
	RESERVED
CVE-2017-1546 (IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable t ...)
	NOT-FOR-US: IBM DOORS Next Generation
CVE-2017-1545 (IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1544 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...)
	NOT-FOR-US: IBM
CVE-2017-1543
	RESERVED
CVE-2017-1542
	RESERVED
CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep  ...)
	NOT-FOR-US: IBM
CVE-2017-1540 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privil ...)
	NOT-FOR-US: IBM
CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM
CVE-2017-1537
	RESERVED
CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 an ...)
	NOT-FOR-US: IBM Support Tools for Lotus WCM
CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2017-1534 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a re ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1532 (IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vuln ...)
	NOT-FOR-US: IBM DOORS
CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2017-1530 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2017-1529
	RESERVED
CVE-2017-1528
	RESERVED
CVE-2017-1527 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML  ...)
	NOT-FOR-US: IBM
CVE-2017-1526
	RESERVED
CVE-2017-1525
	RESERVED
CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition 11.5 cou ...)
	NOT-FOR-US: IBM
CVE-2017-1522 (IBM Content Navigator &amp; CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2017-1521 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and A ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized com ...)
	NOT-FOR-US: IBM
CVE-2017-1519 (IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A re ...)
	NOT-FOR-US: IBM
CVE-2017-1518
	RESERVED
CVE-2017-1517
	RESERVED
CVE-2017-1516 (IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hija ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1515 (IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to  ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1514
	RESERVED
CVE-2017-1513
	RESERVED
CVE-2017-1512
	RESERVED
CVE-2017-1511
	RESERVED
CVE-2017-1510
	RESERVED
CVE-2017-1509 (IBM Jazz Foundation products could allow an authenticated user to obta ...)
	NOT-FOR-US: IBM
CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in wi ...)
	NOT-FOR-US: IBM
CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive information duri ...)
	NOT-FOR-US: IBM Jazz Foundation Products
CVE-2017-1506 (IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting.  ...)
	NOT-FOR-US: IBM Cognos TM1
CVE-2017-1505
	RESERVED
CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide weaker  ...)
	NOT-FOR-US: IBM
CVE-2017-1503 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2017-1502 (IBM Content Navigator &amp; CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weake ...)
	NOT-FOR-US: IBM
CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the aut ...)
	NOT-FOR-US: IBM
CVE-2017-1499 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user to view ...)
	NOT-FOR-US: IBM
CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a pr ...)
	NOT-FOR-US: IBM
CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated us ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1492
	RESERVED
CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple  ...)
	NOT-FOR-US: IBM
CVE-2017-1490 (An unspecified vulnerability in the Lifecycle Query Engine of Jazz Rep ...)
	NOT-FOR-US: IBM
CVE-2017-1489 (IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configu ...)
	NOT-FOR-US: IBM
CVE-2017-1488 (An undisclosed vulnerability in Jazz common products exists with poten ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is ...)
	NOT-FOR-US: IBM
CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...)
	NOT-FOR-US: IBM
CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view ...)
	NOT-FOR-US: IBM
CVE-2017-1480 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1479
	RESERVED
CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be sto ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML Ext ...)
	NOT-FOR-US: IBM
CVE-2017-1476 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, an ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1475
	RESERVED
CVE-2017-1474 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, an ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0  ...)
	NOT-FOR-US: IBM
CVE-2017-1472
	RESERVED
CVE-2017-1471
	RESERVED
CVE-2017-1470
	RESERVED
CVE-2017-1469 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a lo ...)
	NOT-FOR-US: IBM
CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a lo ...)
	NOT-FOR-US: IBM
CVE-2017-1467 (A network layer security vulnerability in InfoSphere Information Serve ...)
	NOT-FOR-US: IBM
CVE-2017-1466
	RESERVED
CVE-2017-1465 (IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hi ...)
	NOT-FOR-US: IBM
CVE-2017-1464
	RESERVED
CVE-2017-1463
	RESERVED
CVE-2017-1462 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM Rhapsody DM
CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router sp ...)
	NOT-FOR-US: IBM
CVE-2017-1459 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permis ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1458 (IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity ...)
	NOT-FOR-US: IBM
CVE-2017-1457 (IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2017-1456
	RESERVED
CVE-2017-1455
	RESERVED
CVE-2017-1454
	RESERVED
CVE-2017-1453 (IBM Security Access Manager Appliance 9.0.3 could allow a remote authe ...)
	NOT-FOR-US: IBM
CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2017-1450 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to co ...)
	NOT-FOR-US: IBM
CVE-2017-1449 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to co ...)
	NOT-FOR-US: IBM
CVE-2017-1448 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could all ...)
	NOT-FOR-US: IBM
CVE-2017-1447 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2017-1446 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2017-1445 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2017-1444 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2017-1443 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1442 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1441 (IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to ...)
	NOT-FOR-US: IBM
CVE-2017-1440 (IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2017-1439 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2017-1438 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2017-1437
	RESERVED
CVE-2017-1436
	RESERVED
CVE-2017-1435
	RESERVED
CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...)
	NOT-FOR-US: IBM
CVE-2017-1433 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user t ...)
	NOT-FOR-US: IBM
CVE-2017-1432
	RESERVED
CVE-2017-1431 (IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site s ...)
	NOT-FOR-US: IBM
CVE-2017-1430
	RESERVED
CVE-2017-1429 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the  ...)
	NOT-FOR-US: IBM
CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2017-1426
	RESERVED
CVE-2017-1425 (IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripti ...)
	NOT-FOR-US: IBM
CVE-2017-1423 (IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are  ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper verifi ...)
	NOT-FOR-US: IBM
CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM iNotes
CVE-2017-1420
	RESERVED
CVE-2017-1419
	RESERVED
CVE-2017-1418 (IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (includ ...)
	NOT-FOR-US: IBM
CVE-2017-1417
	RESERVED
CVE-2017-1416
	RESERVED
CVE-2017-1415
	RESERVED
CVE-2017-1414
	RESERVED
CVE-2017-1413
	RESERVED
CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1410
	RESERVED
CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1408
	RESERVED
CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allo ...)
	NOT-FOR-US: IBM
CVE-2017-1406
	RESERVED
CVE-2017-1405 (IBM Security Identity Manager Virtual Appliance 7.0 processes patches, ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2017-1404
	RESERVED
CVE-2017-1403
	RESERVED
CVE-2017-1402
	RESERVED
CVE-2017-1401
	RESERVED
CVE-2017-1400
	RESERVED
CVE-2017-1399
	RESERVED
CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2017-1397
	RESERVED
CVE-2017-1396 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual Appliance 5. ...)
	NOT-FOR-US: IBM
CVE-2017-1394
	RESERVED
CVE-2017-1393
	RESERVED
CVE-2017-1392
	RESERVED
CVE-2017-1391
	RESERVED
CVE-2017-1390
	RESERVED
CVE-2017-1389
	RESERVED
CVE-2017-1388
	RESERVED
CVE-2017-1387
	RESERVED
CVE-2017-1386 (IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictio ...)
	NOT-FOR-US: IBM
CVE-2017-1385
	RESERVED
CVE-2017-1384
	RESERVED
CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create f ...)
	NOT-FOR-US: IBM
CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or On-demand-router (ODR ...)
	NOT-FOR-US: IBM
CVE-2017-1380 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensit ...)
	NOT-FOR-US: IBM
CVE-2017-1378 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) dis ...)
	NOT-FOR-US: IBM
CVE-2017-1377 (IBM Runbook Automation reveals sensitive information in error messages ...)
	NOT-FOR-US: IBM
CVE-2017-1376 (A flaw in the IBM J9 VM class verifier allows untrusted code to disabl ...)
	NOT-FOR-US: IBM JDK
CVE-2017-1375 (IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses we ...)
	NOT-FOR-US: IBM
CVE-2017-1374 (Sensitive data can be exposed in the IBM TRIRIGA Application Platform  ...)
	NOT-FOR-US: IBM
CVE-2017-1373 (Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and ...)
	NOT-FOR-US: IBM
CVE-2017-1372 (IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2017-1371 (Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4 ...)
	NOT-FOR-US: IBM
CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive  ...)
	NOT-FOR-US: IBM
CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1368 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual Appliance 5. ...)
	NOT-FOR-US: IBM
CVE-2017-1366 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle M ...)
	NOT-FOR-US: IBM Team Concert
CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1363 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credent ...)
	NOT-FOR-US: IBM
CVE-2017-1361
	RESERVED
CVE-2017-1360
	RESERVED
CVE-2017-1359 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1358
	RESERVED
CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated u ...)
	NOT-FOR-US: IBM
CVE-2017-1356 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL inj ...)
	NOT-FOR-US: IBM
CVE-2017-1355 (IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive informa ...)
	NOT-FOR-US: IBM
CVE-2017-1354 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2017-1353 (IBM Atlas eDiscovery Process Management 6.0.3 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated u ...)
	NOT-FOR-US: IBM
CVE-2017-1351
	RESERVED
CVE-2017-1350 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allo ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2017-1349 (IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially se ...)
	NOT-FOR-US: IBM
CVE-2017-1348 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2017-1347 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores file ...)
	NOT-FOR-US: IBM
CVE-2017-1345 (IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2017-1344
	RESERVED
CVE-2017-1343
	RESERVED
CVE-2017-1342 (IBM Insights Foundation for Energy 2.0 could reveal sensitive informat ...)
	NOT-FOR-US: IBM
CVE-2017-1341 (IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, ...)
	NOT-FOR-US: IBM
CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated us ...)
	NOT-FOR-US: IBM
CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Ser ...)
	NOT-FOR-US: IBM
CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly  ...)
	NOT-FOR-US: IBM
CVE-2017-1336 (IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject cod ...)
	NOT-FOR-US: IBM
CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenti ...)
	NOT-FOR-US: IBM
CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2017-1331 (IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scri ...)
	NOT-FOR-US: IBM
CVE-2017-1330
	RESERVED
CVE-2017-1329 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...)
	NOT-FOR-US: IBM Quality Manager
CVE-2017-1328 (IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to byp ...)
	NOT-FOR-US: IBM
CVE-2017-1327 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user requests bas ...)
	NOT-FOR-US: IBM
CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2017-1324 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1323
	RESERVED
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Inject ...)
	NOT-FOR-US: IBM
CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ad ...)
	NOT-FOR-US: IBM
CVE-2017-1317 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1316 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1315 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1314 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1313 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1312 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1311 (IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. ...)
	NOT-FOR-US: IBM
CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to  ...)
	NOT-FOR-US: IBM
CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user c ...)
	NOT-FOR-US: IBM
CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1307
	RESERVED
CVE-2017-1306 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utiliz ...)
	NOT-FOR-US: IBM
CVE-2017-1303 (IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is ...)
	NOT-FOR-US: IBM
CVE-2017-1302 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local u ...)
	NOT-FOR-US: IBM
CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launc ...)
	NOT-FOR-US: IBM
CVE-2017-1300 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2017-1299 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1298
	REJECTED
CVE-2017-1297 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2017-1296
	RESERVED
CVE-2017-1295 (IBM RSA DM contains unspecified vulnerability in CLM Applications with ...)
	NOT-FOR-US: IBM
CVE-2017-1294 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1293 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error messages that  ...)
	NOT-FOR-US: IBM
CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...)
	NOT-FOR-US: IBM
CVE-2017-1290 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity Inj ...)
	NOT-FOR-US: IBM JDK
CVE-2017-1288
	RESERVED
CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct p ...)
	NOT-FOR-US: IBM
CVE-2017-1286 (Sensitive information about the configuration of the IBM UrbanCode Dep ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user wit ...)
	NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...)
	NOT-FOR-US: IBM
CVE-2017-1283 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to caus ...)
	NOT-FOR-US: IBM
CVE-2017-1282 (IBM Content Navigator &amp; CMIS 2.0 and 3.0 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2017-1281 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1280 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1279 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remo ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2017-1278 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2017-1277 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1276 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2017-1275 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in t ...)
	NOT-FOR-US: IBM
CVE-2017-1273
	RESERVED
CVE-2017-1272 (IBM Security Guardium 10.0 and 10.5 stores sensitive information in UR ...)
	NOT-FOR-US: IBM
CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between m ...)
	NOT-FOR-US: IBM
CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a s ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A  ...)
	NOT-FOR-US: IBM
CVE-2017-1268 (IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash ag ...)
	NOT-FOR-US: IBM
CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups a ...)
	NOT-FOR-US: IBM
CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a security-critic ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1265 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and  ...)
	NOT-FOR-US: IBM
CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves tha ...)
	NOT-FOR-US: IBM
CVE-2017-1263
	RESERVED
CVE-2017-1262 (IBM Security Guardium 10.0 is vulnerable to HTTP response splitting at ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1261 (IBM Security Guardium 10.0 stores potentially sensitive information in ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1260
	RESERVED
CVE-2017-1259
	RESERVED
CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an authentication ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to unauthor ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1255 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weake ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External Entity Inje ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1252
	RESERVED
CVE-2017-1251 (An undisclosed vulnerability in CLM applications may result in some ad ...)
	NOT-FOR-US: IBM
CVE-2017-1250 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle  ...)
	NOT-FOR-US: IBM
CVE-2017-1249 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2017-1248 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...)
	NOT-FOR-US: IBM Quality Manager
CVE-2017-1247 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2017-1246
	RESERVED
CVE-2017-1245 (IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerab ...)
	NOT-FOR-US: IBM
CVE-2017-1244
	RESERVED
CVE-2017-1243
	RESERVED
CVE-2017-1242 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...)
	NOT-FOR-US: IBM Quality Manager
CVE-2017-1241 (An unspecified vulnerability in IBM Jazz Foundation based applications ...)
	NOT-FOR-US: IBM
CVE-2017-1240 (IBM Rhapsody DM products could reveal sensitive information in HTTP 50 ...)
	NOT-FOR-US: IBM
CVE-2017-1239 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sen ...)
	NOT-FOR-US: IBM Quality Manager
CVE-2017-1238 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...)
	NOT-FOR-US: IBM Quality Manager
CVE-2017-1237 (IBM Jazz based applications are vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentiall ...)
	NOT-FOR-US: IBM
CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a prem ...)
	NOT-FOR-US: IBM
CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the component to ...)
	NOT-FOR-US: IBM Remote Control
CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmit ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1231 (IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in cl ...)
	NOT-FOR-US: IBM
CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ins ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a rem ...)
	NOT-FOR-US: IBM
CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could al ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to consume ...)
	NOT-FOR-US: IBM
CVE-2017-1226 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generate ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1225 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores s ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic al ...)
	NOT-FOR-US: IBM
CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct p ...)
	NOT-FOR-US: IBM
CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1221 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require  ...)
	NOT-FOR-US: IBM
CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) disclose ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Inj ...)
	NOT-FOR-US: IBM
CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request forger ...)
	NOT-FOR-US: IBM
CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2017-1216
	RESERVED
CVE-2017-1215
	RESERVED
CVE-2017-1214 (IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malform ...)
	NOT-FOR-US: IBM
CVE-2017-1213
	RESERVED
CVE-2017-1212 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1211 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1210 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1209 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1208 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2017-1207 (IBM WebSphere Message Broker stores user credentials in plain in clear ...)
	NOT-FOR-US: IBM
CVE-2017-1206
	RESERVED
CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...)
	NOT-FOR-US: IBM
CVE-2017-1204 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-code ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and A ...)
	NOT-FOR-US: IBM
CVE-2017-1202 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulne ...)
	NOT-FOR-US: IBM
CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores use ...)
	NOT-FOR-US: IBM
CVE-2017-1200 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not ...)
	NOT-FOR-US: IBM
CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2017-1198 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores s ...)
	NOT-FOR-US: IBM
CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account  ...)
	NOT-FOR-US: IBM
CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require tha ...)
	NOT-FOR-US: IBM
CVE-2017-1195 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow ...)
	NOT-FOR-US: IBM
CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2017-1193 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to o ...)
	NOT-FOR-US: IBM
CVE-2017-1192 (IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entit ...)
	NOT-FOR-US: IBM
CVE-2017-1191 (An undisclosed vulnerability in CLM applications (including IBM Ration ...)
	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could  ...)
	NOT-FOR-US: IBM
CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vuln ...)
	NOT-FOR-US: IBM
CVE-2017-1188
	RESERVED
CVE-2017-1187
	RESERVED
CVE-2017-1186
	RESERVED
CVE-2017-1185
	RESERVED
CVE-2017-1184
	RESERVED
CVE-2017-1183 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...)
	NOT-FOR-US: IBM
CVE-2017-1182 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...)
	NOT-FOR-US: Oracle Primavera
CVE-2017-1181 (IBM Tivoli Monitoring Portal V6 client could allow a local attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could a ...)
	NOT-FOR-US: IBM TRIRIGA Document Manager
CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected crypt ...)
	NOT-FOR-US: IBM
CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2017-1177 (IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive informati ...)
	NOT-FOR-US: IBM
CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user ...)
	NOT-FOR-US: IBM
CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL inj ...)
	NOT-FOR-US: IBM
CVE-2017-1174 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2017-1173
	RESERVED
CVE-2017-1172
	RESERVED
CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulne ...)
	NOT-FOR-US: IBM
CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2017-1169 (IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2017-1168 (IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulner ...)
	NOT-FOR-US: IBM
CVE-2017-1167
	RESERVED
CVE-2017-1166
	RESERVED
CVE-2017-1165
	RESERVED
CVE-2017-1164 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2017-1163
	RESERVED
CVE-2017-1162 (IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized ...)
	NOT-FOR-US: IBM
CVE-2017-1161 (IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbit ...)
	NOT-FOR-US: IBM
CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM
CVE-2017-1159 (IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2017-1158
	RESERVED
CVE-2017-1157 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authentica ...)
	NOT-FOR-US: IBM
CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to cond ...)
	NOT-FOR-US: IBM
CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
	NOT-FOR-US: IBM
CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
	NOT-FOR-US: IBM
CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability th ...)
	NOT-FOR-US: IBM
CVE-2017-1152 (IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly up ...)
	NOT-FOR-US: IBM
CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...)
	NOT-FOR-US: IBM
CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial ...)
	NOT-FOR-US: IBM
CVE-2017-1148 (IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry ...)
	NOT-FOR-US: IBM
CVE-2017-1147 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2017-1146 (IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents wh ...)
	NOT-FOR-US: IBM
CVE-2017-1144 (IBM WebSphere Message Broker could allow a local user with specialized ...)
	NOT-FOR-US: IBM
CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2017-1139
	RESERVED
CVE-2017-1138
	RESERVED
CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker th ...)
	NOT-FOR-US: IBM
CVE-2017-1136
	RESERVED
CVE-2017-1135
	RESERVED
CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local user to e ...)
	NOT-FOR-US: IBM
CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2017-1132 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2017-1131 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2017-1130 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user  ...)
	NOT-FOR-US: IBM
CVE-2017-1129 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user  ...)
	NOT-FOR-US: IBM
CVE-2017-1128 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could  ...)
	NOT-FOR-US: IBM
CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...)
	NOT-FOR-US: IBM
CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local atta ...)
	NOT-FOR-US: IBM
CVE-2017-1123
	RESERVED
CVE-2017-1122 (IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that ...)
	NOT-FOR-US: IBM
CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2017-1119 (IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote a ...)
	NOT-FOR-US: IBM
CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker ...)
	NOT-FOR-US: IBM
CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to caus ...)
	NOT-FOR-US: IBM
CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive  ...)
	NOT-FOR-US: IBM
CVE-2017-1115 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A rem ...)
	NOT-FOR-US: IBM
CVE-2017-1114 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2017-1113 (IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2017-1112
	RESERVED
CVE-2017-1111
	RESERVED
CVE-2017-1110 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an ...)
	NOT-FOR-US: IBM
CVE-2017-1109
	RESERVED
CVE-2017-1108
	RESERVED
CVE-2017-1107 (IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive  ...)
	NOT-FOR-US: IBM
CVE-2017-1106 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1105 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...)
	NOT-FOR-US: IBM
CVE-2017-1102 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2017-1101 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2017-1100 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive information to  ...)
	NOT-FOR-US: IBM
CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2017-1095
	RESERVED
CVE-2017-1094
	RESERVED
CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulner ...)
	NOT-FOR-US: IBM AIX
CVE-2017-1092 (IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unaut ...)
	NOT-FOR-US: IBM
CVE-2017-1091
	RESERVED
CVE-2017-1090
	REJECTED
CVE-2017-1089
	REJECTED
CVE-2017-1088 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: kfreebsd not covered by security support
CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE- ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: kfreebsd not covered by security support
CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: kfreebsd not covered by security support
CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
	NOTE: kfreebsd not covered by security support
CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the implementatio ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
	NOTE: kfreebsd not covered by security support
CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
	NOTE: kfreebsd not covered by security support
CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the  ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
	NOTE: kfreebsd not covered by security support
CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3 ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
	NOTE: kfreebsd not covered by security support
CVE-2017-1080
	RESERVED
CVE-2017-1079
	RESERVED
CVE-2017-1078
	RESERVED
CVE-2017-1077
	RESERVED
CVE-2017-1076
	RESERVED
CVE-2017-1075
	RESERVED
CVE-2017-1074
	RESERVED
CVE-2017-1073
	RESERVED
CVE-2017-1072
	RESERVED
CVE-2017-1071
	RESERVED
CVE-2017-1070
	RESERVED
CVE-2017-1069
	RESERVED
CVE-2017-1068
	RESERVED
CVE-2017-1067
	RESERVED
CVE-2017-1066
	RESERVED
CVE-2017-1065
	RESERVED
CVE-2017-1064
	RESERVED
CVE-2017-1063
	RESERVED
CVE-2017-1062
	RESERVED
CVE-2017-1061
	RESERVED
CVE-2017-1060
	RESERVED
CVE-2017-1059
	RESERVED
CVE-2017-1058
	RESERVED
CVE-2017-1057
	RESERVED
CVE-2017-1056
	RESERVED
CVE-2017-1055
	RESERVED
CVE-2017-1054
	RESERVED
CVE-2017-1053
	RESERVED
CVE-2017-1052
	RESERVED
CVE-2017-1051
	RESERVED
CVE-2017-1050
	RESERVED
CVE-2017-1049
	RESERVED
CVE-2017-1048
	RESERVED
CVE-2017-1047
	RESERVED
CVE-2017-1046
	RESERVED
CVE-2017-1045
	RESERVED
CVE-2017-1044
	RESERVED
CVE-2017-1043
	RESERVED
CVE-2017-1042
	RESERVED
CVE-2017-1041
	RESERVED
CVE-2017-1040
	RESERVED
CVE-2017-1039
	RESERVED
CVE-2017-1038
	RESERVED
CVE-2017-1037
	RESERVED
CVE-2017-1036
	RESERVED
CVE-2017-1035
	RESERVED
CVE-2017-1034
	RESERVED
CVE-2017-1033
	RESERVED
CVE-2017-1032
	RESERVED
CVE-2017-1031
	RESERVED
CVE-2017-1030
	RESERVED
CVE-2017-1029
	RESERVED
CVE-2017-1028
	RESERVED
CVE-2017-1027
	RESERVED
CVE-2017-1026
	RESERVED
CVE-2017-1025
	RESERVED
CVE-2017-1024
	RESERVED
CVE-2017-1023
	RESERVED
CVE-2017-1022
	RESERVED
CVE-2017-1021
	RESERVED
CVE-2017-1020
	RESERVED
CVE-2017-1019
	RESERVED
CVE-2017-1018
	RESERVED
CVE-2017-1017
	RESERVED
CVE-2017-1016
	RESERVED
CVE-2017-1015
	RESERVED
CVE-2017-1014
	RESERVED
CVE-2017-1013
	RESERVED
CVE-2017-1012
	RESERVED
CVE-2017-1011
	RESERVED
CVE-2017-1010
	RESERVED
CVE-2017-1009
	RESERVED
CVE-2017-1008
	RESERVED
CVE-2017-1007
	RESERVED
CVE-2017-1006
	RESERVED
CVE-2017-1005
	RESERVED
CVE-2017-1004
	RESERVED
CVE-2017-1003
	RESERVED
CVE-2017-1002
	RESERVED
CVE-2017-1001
	RESERVED
CVE-2017-1000
	RESERVED
	- linux 4.12.6-1
	[stretch] - linux 4.9.30-2+deb9u4
	[jessie] - linux 3.16.43-2+deb8u4
	NOTE: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
	NOTE: Same commit as for CVE-2017-1000112 and thus probably should be treated
	NOTE: as duplicate. Defer decision to MITRE.
CVE-2017-0999
	RESERVED
CVE-2017-0998
	RESERVED
CVE-2017-0997
	RESERVED
CVE-2017-0996
	RESERVED
CVE-2017-0995
	RESERVED
CVE-2017-0994
	RESERVED
CVE-2017-0993
	RESERVED
CVE-2017-0992
	RESERVED
CVE-2017-0991
	RESERVED
CVE-2017-0990
	RESERVED
CVE-2017-0989
	RESERVED
CVE-2017-0988
	RESERVED
CVE-2017-0987
	RESERVED
CVE-2017-0986
	RESERVED
CVE-2017-0985
	RESERVED
CVE-2017-0984
	RESERVED
CVE-2017-0983
	RESERVED
CVE-2017-0982
	RESERVED
CVE-2017-0981
	RESERVED
CVE-2017-0980
	RESERVED
CVE-2017-0979
	RESERVED
CVE-2017-0978
	RESERVED
CVE-2017-0977
	RESERVED
CVE-2017-0976
	RESERVED
CVE-2017-0975
	RESERVED
CVE-2017-0974
	RESERVED
CVE-2017-0973
	RESERVED
CVE-2017-0972
	RESERVED
CVE-2017-0971
	RESERVED
CVE-2017-0970
	RESERVED
CVE-2017-0969
	RESERVED
CVE-2017-0968
	RESERVED
CVE-2017-0967
	RESERVED
CVE-2017-0966
	RESERVED
CVE-2017-0965
	RESERVED
CVE-2017-0964
	RESERVED
CVE-2017-0963
	RESERVED
CVE-2017-0962
	RESERVED
CVE-2017-0961
	RESERVED
CVE-2017-0960
	RESERVED
CVE-2017-0959
	RESERVED
CVE-2017-0958
	RESERVED
CVE-2017-0957
	RESERVED
CVE-2017-0956
	RESERVED
CVE-2017-0955
	RESERVED
CVE-2017-0954
	RESERVED
CVE-2017-0953
	RESERVED
CVE-2017-0952
	RESERVED
CVE-2017-0951
	RESERVED
CVE-2017-0950
	RESERVED
CVE-2017-0949
	RESERVED
CVE-2017-0948
	RESERVED
CVE-2017-0947
	RESERVED
CVE-2017-0946
	RESERVED
CVE-2017-0945
	RESERVED
CVE-2017-0944
	RESERVED
CVE-2017-0943
	RESERVED
CVE-2017-0942
	RESERVED
CVE-2017-0941
	RESERVED
CVE-2017-0940
	RESERVED
CVE-2017-0939
	RESERVED
CVE-2017-0938 (Denial of Service attack in airMAX &lt; 8.3.2 , airMAX &lt; 6.0.7 and  ...)
	NOT-FOR-US: airMAX
CVE-2017-0937
	RESERVED
CVE-2017-0936 (Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorizatio ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Impr ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improp ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-S ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Impr ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0931 (html-janitor node module suffers from a Cross-Site Scripting (XSS) vul ...)
	NOT-FOR-US: html-janitor node module
CVE-2017-0930 (augustine node module suffers from a Path Traversal vulnerability due  ...)
	NOT-FOR-US: augustine node module
CVE-2017-0929 (DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request F ...)
	NOT-FOR-US: DNN (aka DotNetNuke)
CVE-2017-0928 (html-janitor node module suffers from an External Control of Critical  ...)
	NOT-FOR-US: html-janitor node module
CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...)
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insuffici ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...)
	- gitlab 10.5.5+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 9.0 and later)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of input va ...)
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an authorizati ...)
	- gitlab 10.5.5+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 9.1 and later)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...)
	{DSA-4206-1}
	- gitlab 10.5.5+dfsg-1
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0919 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...)
	- gitlab 10.5.5+dfsg-1
	NOTE: https://hackerone.com/reports/301137
	NOTE: Fixed in 10.1.6, 10.2.6, and 10.3.4
CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path traversa ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack of inp ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2. ...)
	- gitlab 10.5.5+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0913 (Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to r ...)
	NOT-FOR-US: Ubiquiti UCRM
CVE-2017-0912 (Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-s ...)
	NOT-FOR-US: Ubiquiti UCRM
CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback  ...)
	NOT-FOR-US: Twitter Kit for iOS
CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a vuln ...)
	- zulip-server <itp> (bug #800052)
CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a byp ...)
	NOT-FOR-US: private_address_check ruby gem
CVE-2017-0908
	REJECTED
CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1. ...)
	NOT-FOR-US: Recurly Client .NET Library
CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...)
	NOT-FOR-US: Recurly Client Python Library
CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10,  ...)
	NOT-FOR-US: Recurly Client Ruby Library
CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a byp ...)
	NOT-FOR-US: private_address_check ruby gem
CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ...)
	{DSA-4031-1 DLA-1421-1}
	- ruby2.3 2.3.5-1 (bug #879231)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/10/2
	NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
	NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...)
	{DSA-3966-1 DLA-1421-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification na ...)
	{DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...)
	{DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...)
	{DSA-3966-1 DLA-1421-1 DLA-1114-1}
	- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
	- ruby2.1 <removed> (unimportant)
	- ruby1.9.1 <removed> (unimportant)
	- rubygems <removed> (unimportant)
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
	NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ...)
	{DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1}
	- ruby2.3 2.3.5-1 (bug #875936)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://github.com/mruby/mruby/issues/3722
	NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
	NOTE: https://bugs.ruby-lang.org/issues/13499
CVE-2017-0897 (ExpressionEngine version 2.x &lt; 2.11.8 and version 3.x &lt; 3.5.5 cr ...)
	NOT-FOR-US: ExpressionEngine
CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the implementatio ...)
	- zulip-server <itp> (bug #800052)
CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid sh ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vu ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper session ha ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde  ...)
	NOT-FOR-US: paperclip ruby gem
CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoof ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Ser ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0885 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0884 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of f ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0883 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission in ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0882 (Multiple versions of GitLab expose sensitive user credentials when ass ...)
	- gitlab 8.13.11+dfsg-7 (bug #858410)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
	NOTE: https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
CVE-2017-0881 (An error in the implementation of an autosubscribe feature in the chec ...)
	NOT-FOR-US: Zulip
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/59643d1535eb220668692a5359de22545af579f6 (v4.7-rc1)
CVE-2016-9753
	RESERVED
CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...)
	- serendipity <removed>
CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front e ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text  ...)
	NOT-FOR-US: IBM
CVE-2016-9749 (IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive inf ...)
	NOT-FOR-US: IBM
CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-9746 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2016-9745
	RESERVED
CVE-2016-9744
	RESERVED
CVE-2016-9743
	RESERVED
CVE-2016-9742
	RESERVED
CVE-2016-9741
	RESERVED
CVE-2016-9740 (IBM QRadar 7.2 could allow a remote attacker to consume all resources  ...)
	NOT-FOR-US: IBM
CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user credential ...)
	NOT-FOR-US: IBM
CVE-2016-9738 (IBM QRadar 7.2 and 7.3 does not require that users should have strong  ...)
	NOT-FOR-US: IBM
CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM
CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could a ...)
	NOT-FOR-US: IBM
CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain sensit ...)
	NOT-FOR-US: IBM
CVE-2016-9734
	RESERVED
CVE-2016-9733 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2016-9732 (IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerabl ...)
	NOT-FOR-US: IBM
CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2016-9730 (IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request  ...)
	NOT-FOR-US: IBM
CVE-2016-9729 (IBM QRadar 7.2 does not perform an authentication check for a critical ...)
	NOT-FOR-US: IBM
CVE-2016-9728 (IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could ...)
	NOT-FOR-US: IBM
CVE-2016-9727 (IBM QRadar 7.2 could allow a remote authenticated attacker to execute  ...)
	NOT-FOR-US: IBM
CVE-2016-9726 (IBM QRadar Incident Forensics 7.2 could allow a remote authenticated a ...)
	NOT-FOR-US: IBM
CVE-2016-9725 (IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sha ...)
	NOT-FOR-US: IBM
CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML  ...)
	NOT-FOR-US: IBM
CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical r ...)
	NOT-FOR-US: IBM QRadar
CVE-2016-9721
	RESERVED
CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized users.  ...)
	NOT-FOR-US: IBM
CVE-2016-9719 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2016-9718 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2016-9717 (HTTP Parameter Override is identified in the IBM Infosphere Master Dat ...)
	NOT-FOR-US: IBM
CVE-2016-9716 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...)
	NOT-FOR-US: IBM
CVE-2016-9715 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...)
	NOT-FOR-US: IBM
CVE-2016-9714 (IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2016-9713
	RESERVED
CVE-2016-9712
	RESERVED
CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveal ...)
	NOT-FOR-US: IBM
CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a remot ...)
	NOT-FOR-US: IBM
CVE-2016-9709
	RESERVED
CVE-2016-9708
	RESERVED
CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...)
	NOT-FOR-US: IBM
CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLO ...)
	NOT-FOR-US: IBM
CVE-2016-9705
	RESERVED
CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2016-9703 (IBM Security Identity Manager Virtual Appliance does not invalidate se ...)
	NOT-FOR-US: IBM
CVE-2016-9702
	RESERVED
CVE-2016-9701 (IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2016-9700 (IBM Jazz Foundation could allow an authenticated attacker to obtain se ...)
	NOT-FOR-US: IBM
CVE-2016-9699
	RESERVED
CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service ...)
	NOT-FOR-US: IBM
CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 coul ...)
	NOT-FOR-US: IBM
CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A r ...)
	NOT-FOR-US: IBM
CVE-2016-9695
	RESERVED
CVE-2016-9694 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download cap ...)
	NOT-FOR-US: IBM
CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to Ex ...)
	NOT-FOR-US: IBM
CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a  ...)
	NOT-FOR-US: IBM
CVE-2016-9690
	REJECTED
CVE-2016-9689
	REJECTED
CVE-2016-9688
	REJECTED
CVE-2016-9687
	REJECTED
CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates  ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2017-0880 (A denial of service vulnerability in the Android media framework (libs ...)
	- skia <itp> (bug #818180)
CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0876 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0875
	RESERVED
CVE-2017-0874 (A denial of service vulnerability in the Android media framework (liba ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0873 (A denial of service vulnerability in the Android media framework (libm ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0872 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework (fram ...)
	NOT-FOR-US: Android
CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework (libm ...)
	NOT-FOR-US: Android
CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could c ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-0868
	RESERVED
CVE-2017-0867
	RESERVED
CVE-2017-0866 (An elevation of privilege vulnerability in the Direct rendering infras ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-0865 (An elevation of privilege vulnerability in the MediaTek soc driver. Pr ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0864 (An elevation of privilege vulnerability in the MediaTek ioctl (flashli ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0863 (An elevation of privilege vulnerability in the Upstream kernel video d ...)
	NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel kernel. ...)
	NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA  ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.13.4-1
	[stretch] - linux 4.9.80-1
	NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229
	NOTE: UAF actually already removed in https://git.kernel.org/linus/e11f0f90a626f93899687b1cc909ee37dd6c5809
CVE-2017-0860 (An elevation of privilege vulnerability in the Android system (inputdi ...)
	NOT-FOR-US: Android
CVE-2017-0859 (Another vulnerability in the Android media framework (n/a). Product: A ...)
	NOT-FOR-US: Android media framework
CVE-2017-0858 (Another vulnerability in the Android media framework (n/a). Product: A ...)
	NOT-FOR-US: Android media framework
CVE-2017-0857 (Another vulnerability in the Android media framework (n/a). Product: A ...)
	NOT-FOR-US: Android media framework
CVE-2017-0856
	RESERVED
CVE-2017-0855 (In MPEG4Extractor.cpp, there are several places where functions return ...)
	NOT-FOR-US: Android media framework
CVE-2017-0854 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0853 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0852 (A denial of service vulnerability in the Android media framework (libh ...)
	NOT-FOR-US: Android media framework
CVE-2017-0851 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0850 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0849 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0848 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0847 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0846 (An information disclosure vulnerability in the Android framework (clip ...)
	NOT-FOR-US: Android
CVE-2017-0845 (A denial of service vulnerability in the Android framework (syncstorag ...)
	NOT-FOR-US: Android
CVE-2017-0844
	RESERVED
CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2017-0842 (An elevation of privilege vulnerability in the Android system (bluetoo ...)
	NOT-FOR-US: Fluoride Bluetooth stack in Android
CVE-2017-0841 (A remote code execution vulnerability in the Android system (libutils) ...)
	- android-platform-system-core <unfixed> (unimportant)
	NOTE: Fixed by https://android.googlesource.com/platform/system/core/+/47efc676c849e3abf32001d66e2d6eb887e83c48%5E!/
CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0837 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0834 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0833 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework (wind ...)
	NOT-FOR-US: Android
CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework (devi ...)
	NOT-FOR-US: Android
CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. Pr ...)
	NOT-FOR-US: Motorola bootloader
CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. Prod ...)
	NOT-FOR-US: Huawei bootloader
CVE-2017-0827 (An elevation of privilege vulnerability in the MediaTek soc driver. Pr ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0826 (An elevation of privilege vulnerability in the HTC bootloader. Product ...)
	NOT-FOR-US: HTC bootloader
CVE-2017-0825 (An information disclosure vulnerability in the Broadcom wifi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0824 (An elevation of privilege vulnerability in the Broadcom wifi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0823 (An information disclosure vulnerability in the Android system (rild).  ...)
	NOT-FOR-US: Android (rild)
CVE-2017-0822 (An elevation of privilege vulnerability in the Android system (camera) ...)
	- android-framework-23 <unfixed> (unimportant)
	NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a
CVE-2017-0821
	RESERVED
CVE-2017-0820 (A vulnerability in the Android media framework (n/a). Product: Android ...)
	NOT-FOR-US: Android media framework
CVE-2017-0819 (A vulnerability in the Android media framework (n/a). Product: Android ...)
	NOT-FOR-US: Android media framework
CVE-2017-0818 (A vulnerability in the Android media framework (n/a). Product: Android ...)
	NOT-FOR-US: Android media framework
CVE-2017-0817 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0816 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0815 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0814 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0813 (A denial of service vulnerability in the Android media framework (libs ...)
	NOT-FOR-US: Android media framework
CVE-2017-0812 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0811 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0810 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0809 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0808 (An information disclosure vulnerability in the Android framework (file ...)
	NOT-FOR-US: Android
CVE-2017-0807 (An elevation of privilege vulnerability in the Android framework (ui f ...)
	NOT-FOR-US: Android
CVE-2017-0806 (An elevation of privilege vulnerability in the Android framework (gate ...)
	NOT-FOR-US: Android
CVE-2017-0805 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0804 (A elevation of privilege vulnerability in the MediaTek mmc driver. Pro ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0803 (A elevation of privilege vulnerability in the MediaTek accessory detec ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0802 (A elevation of privilege vulnerability in the MediaTek kernel. Product ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0801 (A elevation of privilege vulnerability in the MediaTek libmtkomxvdec.  ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0800 (A elevation of privilege vulnerability in the MediaTek teei. Product:  ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0799 (A elevation of privilege vulnerability in the MediaTek lastbus. Produc ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0798 (A elevation of privilege vulnerability in the MediaTek kernel. Product ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0797 (A elevation of privilege vulnerability in the MediaTek accessory detec ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0796 (A elevation of privilege vulnerability in the MediaTek auxadc driver.  ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0795 (A elevation of privilege vulnerability in the MediaTek accessory detec ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0794 (A elevation of privilege vulnerability in the Upstream kernel scsi dri ...)
	NOT-FOR-US: Android kernel on Nexus (probably)
	NOTE: https://source.android.com/security/bulletin/2017-09-01 doesn't link a public patch, so probably related to some binary-only component on Nexus
CVE-2017-0793 (A information disclosure vulnerability in the N/A memory subsystem. Pr ...)
	NOT-FOR-US: Imagetech driver for Android
CVE-2017-0792 (A information disclosure vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0791 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0790 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0789 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0788 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0787 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/17df6453d4be17910456e99c5a85025aa1b7a246 (v4.14-rc4)
CVE-2017-0785 (A information disclosure vulnerability in the Android system (bluetoot ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0784 (A elevation of privilege vulnerability in the Android system (nfc). Pr ...)
	NOT-FOR-US: Android
CVE-2017-0783 (A information disclosure vulnerability in the Android system (bluetoot ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0782 (A remote code execution vulnerability in the Android system (bluetooth ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0781 (A remote code execution vulnerability in the Android system (bluetooth ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android mess ...)
	NOT-FOR-US: Android messaging
CVE-2017-0779 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0778 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0777 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0776 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0775 (A denial of service vulnerability in the Android media framework (libs ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0774 (A denial of service vulnerability in the Android media framework (libs ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0773 (A denial of service vulnerability in the Android media framework (libh ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0772 (A denial of service vulnerability in the Android media framework (liba ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0771 (A denial of service vulnerability in the Android media framework (libs ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0770 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0769 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0768 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0767 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0766 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0765 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0764 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0763 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0762 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0761 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0760 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0759 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0758 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0757 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0756 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0755 (A elevation of privilege vulnerability in the Android libraries (libmi ...)
	NOT-FOR-US: Android
CVE-2017-0754
	RESERVED
CVE-2017-0753 (A remote code execution vulnerability in the Android libraries (libgdx ...)
	NOT-FOR-US: Android (libgdx)
CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework (windo ...)
	- android-framework-23 <unfixed> (unimportant)
	NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/
CVE-2017-0751 (An elevation of privilege vulnerability in the Qualcomm QCE driver. Pr ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux file syst ...)
	- linux <not-affected> (Android-specific change)
	NOTE: https://source.android.com/security/bulletin/2017-08-01
CVE-2017-0749 (A elevation of privilege vulnerability in the Upstream Linux linux ker ...)
	- linux <not-affected> (Android-specific change)
	NOTE: https://source.android.com/security/bulletin/2017-08-01
CVE-2017-0748 (An information disclosure vulnerability in the Qualcomm audio driver.  ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-0747 (A elevation of privilege vulnerability in the Qualcomm proprietary com ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0746 (A elevation of privilege vulnerability in the Qualcomm ipa driver. Pro ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0745 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: libstagefright
CVE-2017-0744 (An elevation of privilege vulnerability in the NVIDIA firmware process ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-0743
	RESERVED
CVE-2017-0742 (A elevation of privilege vulnerability in the MediaTek video driver. P ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0741 (A elevation of privilege vulnerability in the MediaTek gpu driver. Pro ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0740 (A remote code execution vulnerability in the Broadcom networking drive ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0739 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0738 (A information disclosure vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0737 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: libstagefright
CVE-2017-0736 (A denial of service vulnerability in the Android media framework (liba ...)
	NOT-FOR-US: Android media framework
CVE-2017-0735 (A denial of service vulnerability in the Android media framework (liba ...)
	NOT-FOR-US: Android media framework
CVE-2017-0734 (A denial of service vulnerability in the Android media framework (liba ...)
	NOT-FOR-US: Android media framework
CVE-2017-0733 (A denial of service vulnerability in the Android media framework (libm ...)
	NOT-FOR-US: Android media framework
CVE-2017-0732 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: libstagefright
CVE-2017-0731 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: libstagefright
CVE-2017-0730 (A denial of service vulnerability in the Android media framework (h264 ...)
	NOT-FOR-US: Android media framework
CVE-2017-0729 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0728 (A denial of service vulnerability in the Android media framework (hevc ...)
	NOT-FOR-US: Android media framework
CVE-2017-0727 (A elevation of privilege vulnerability in the Android media framework  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0726 (A denial of service vulnerability in the Android media framework (libs ...)
	NOT-FOR-US: libstagefright
CVE-2017-0725 (A denial of service vulnerability in the Android media framework (libs ...)
	NOT-FOR-US: Android media framework
CVE-2017-0724 (A denial of service vulnerability in the Android media framework (libm ...)
	NOT-FOR-US: Android media framework
CVE-2017-0723 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0722 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: libstagefright
CVE-2017-0721 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0720 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0719 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0718 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0717
	RESERVED
CVE-2017-0716 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0715 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0714 (A remote code execution vulnerability in the Android media framework ( ...)
	NOT-FOR-US: Android media framework
CVE-2017-0713 (A remote code execution vulnerability in the Android libraries (sfntly ...)
	NOT-FOR-US: Android
CVE-2017-0712 (A elevation of privilege vulnerability in the Android framework (wi-fi ...)
	NOT-FOR-US: Android
CVE-2017-0711 (A elevation of privilege vulnerability in the MediaTek networking driv ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0710 (A elevation of privilege vulnerability in the Upstream Linux tcb. Prod ...)
	NOT-FOR-US: Android Trusted Computing Base
CVE-2017-0709 (A information disclosure vulnerability in the HTC sensor hub driver. P ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0708 (A information disclosure vulnerability in the HTC sound driver. Produc ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0707 (A elevation of privilege vulnerability in the HTC led driver. Product: ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0706 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0705 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0704 (A elevation of privilege vulnerability in the Android system ui. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0703 (A elevation of privilege vulnerability in the Android system ui. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0702 (A remote code execution vulnerability in the Android system ui. Produc ...)
	NOT-FOR-US: Android
CVE-2017-0701 (A remote code execution vulnerability in the Android system ui. Produc ...)
	NOT-FOR-US: Android
CVE-2017-0700 (A remote code execution vulnerability in the Android system ui. Produc ...)
	NOT-FOR-US: Android
CVE-2017-0699 (A information disclosure vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0698 (A information disclosure vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0697 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0696 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0695 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0694 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0693 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0692 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0691 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0690 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0689 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0688 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0687 (A denial of service vulnerability in the Android media framework (liba ...)
	NOT-FOR-US: Android media framework
CVE-2017-0686 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0685 (A denial of service vulnerability in the Android media framework. Prod ...)
	NOT-FOR-US: Android media framework
CVE-2017-0684 (A elevation of privilege vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0683 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0682 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0681 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0680 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0679 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0678 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0677 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0676 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0675 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0674 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0673 (A remote code execution vulnerability in the Android media framework.  ...)
	NOT-FOR-US: Android media framework
CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: A ...)
	NOT-FOR-US: Android
CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. Produc ...)
	NOT-FOR-US: Android
	NOTE: Not publicly available
CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: A ...)
	NOT-FOR-US: Android
CVE-2017-0669 (A information disclosure vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0668 (A information disclosure vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0667 (A elevation of privilege vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0666 (A elevation of privilege vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0665 (A elevation of privilege vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. Produ ...)
	NOT-FOR-US: Android
CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an attac ...)
	{DSA-3952-1 DLA-1060-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #870870)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
	NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
CVE-2017-0662
	RESERVED
CVE-2017-0661
	RESERVED
CVE-2017-0660
	RESERVED
CVE-2017-0659
	RESERVED
CVE-2017-0658
	RESERVED
CVE-2017-0657
	RESERVED
CVE-2017-0656
	RESERVED
CVE-2017-0655
	RESERVED
CVE-2017-0654
	RESERVED
CVE-2017-0653
	RESERVED
CVE-2017-0652
	RESERVED
CVE-2017-0651 (An information disclosure vulnerability in the kernel ION subsystem co ...)
	NOT-FOR-US: Android
CVE-2017-0650 (An information disclosure vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0649 (An elevation of privilege vulnerability in the MediaTek sound driver c ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0648 (An elevation of privilege vulnerability in the kernel FIQ debugger cou ...)
	NOT-FOR-US: Android
CVE-2017-0647 (An information disclosure vulnerability in libziparchive could enable  ...)
	- android-platform-system-core 1:7.0.0+r33-2 (unimportant; bug #867229)
	[jessie] - android-platform-system-core <not-affected> (Vulnerable code not present)
	NOTE: No impact on SDK usage
CVE-2017-0646 (An information disclosure vulnerability in Bluetooth component could e ...)
	NOT-FOR-US: Android
CVE-2017-0645 (An elevation of privilege vulnerability in Bluetooth could enable a lo ...)
	NOT-FOR-US: Android
CVE-2017-0644 (A remote denial of service vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0643 (A remote denial of service vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0642 (A remote denial of service vulnerability in libhevc in Mediaserver cou ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0641 (A remote denial of service vulnerability in libvpx in Mediaserver coul ...)
	- libvpx <unfixed> (unimportant; bug #871931)
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb
	NOTE: Debian builds configures with --size-limit=16384x16384, Android lowered
	NOTE: the limit to something more aligned for smart phones
CVE-2017-0640 (A remote denial of service vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0639 (An information disclosure vulnerability in Bluetooth component could e ...)
	NOT-FOR-US: Android
CVE-2017-0638 (A remote code execution vulnerability in System UI component could ena ...)
	NOT-FOR-US: Android
CVE-2017-0637 (A remote code execution vulnerability in libhevc in Mediaserver could  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0636 (An elevation of privilege vulnerability in the MediaTek command queue  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in libstagef ...)
	NOT-FOR-US: libstagefright
CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0633 (An information disclosure vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound codec dr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem  ...)
	- linux <unfixed>
	NOTE: https://lore.kernel.org/lkml/20180725202238.165314-1-salyzyn@android.com/
CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...)
	NOT-FOR-US: Android kernel
CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue  ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0624 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0623 (An elevation of privilege vulnerability in the HTC bootloader could en ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0622 (An elevation of privilege vulnerability in the Goodix touchscreen driv ...)
	NOT-FOR-US: Goodix driver for Android
CVE-2017-0621 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0620 (An elevation of privilege vulnerability in the Qualcomm Secure Channel ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0619 (An elevation of privilege vulnerability in the Qualcomm pin controller ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0618 (An elevation of privilege vulnerability in the MediaTek command queue  ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0617 (An elevation of privilege vulnerability in the MediaTek video driver c ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0616 (An elevation of privilege vulnerability in the MediaTek system managem ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0615 (An elevation of privilege vulnerability in the MediaTek power driver c ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0614 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0613 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0612 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0611 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0610 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0609 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0608 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0607 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0605
	REJECTED
CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power d ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver cou ...)
	NOT-FOR-US: libstagefright
CVE-2017-0602 (An information disclosure vulnerability in Bluetooth could allow a loc ...)
	NOT-FOR-US: Android
CVE-2017-0601 (An Elevation of Privilege vulnerability in Bluetooth could potentially ...)
	NOT-FOR-US: Android
CVE-2017-0600 (A remote denial of service vulnerability in libstagefright in Mediaser ...)
	NOT-FOR-US: libstagefright
CVE-2017-0599 (A remote denial of service vulnerability in libhevc in Mediaserver cou ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0598 (An information disclosure vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0597 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0596 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2017-0595 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2017-0594 (An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncode ...)
	NOT-FOR-US: libstagefright
CVE-2017-0593 (An elevation of privilege vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0592 (A remote code execution vulnerability in FLACExtractor.cpp in libstage ...)
	NOT-FOR-US: Android
CVE-2017-0591 (A remote code execution vulnerability in libavc in Mediaserver could e ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0590 (A remote code execution vulnerability in libhevc in Mediaserver could  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0589 (A remote code execution vulnerability in libhevc in Mediaserver could  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0588 (A remote code execution vulnerability in id3/ID3.cpp in libstagefright ...)
	NOT-FOR-US: libstagefright
CVE-2017-0587 (A remote code execution vulnerability in libmpeg2 in Mediaserver could ...)
	NOT-FOR-US: libstagefright
CVE-2017-0586 (An information disclosure vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0585 (An information disclosure vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0584 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0583 (An elevation of privilege vulnerability in the Qualcomm CP access driv ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0582 (An elevation of privilege vulnerability in the HTC OEM fastboot comman ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0581 (An elevation of privilege vulnerability in the Synaptics Touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0580 (An elevation of privilege vulnerability in the Synaptics Touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0579 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0578 (An elevation of privilege vulnerability in the DTS sound driver could  ...)
	NOT-FOR-US: DTS driver for Android
CVE-2017-0577 (An elevation of privilege vulnerability in the HTC touchscreen driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0576 (An elevation of privilege vulnerability in the Qualcomm crypto engine  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0575 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0574 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0573 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0572 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0571 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0570 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0569 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0568 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0567 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0566 (An elevation of privilege vulnerability in the MediaTek camera driver  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0565 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0564 (An elevation of privilege vulnerability in the kernel ION subsystem co ...)
	NOT-FOR-US: Android ION subsystem
	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
	NOTE: patch has been made available it's likely some closed-source addon
CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware c ...)
	{DLA-1573-1}
	- firmware-nonfree 20180518-1 (bug #869639)
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
CVE-2017-0560 (An information disclosure vulnerability in the factory reset process c ...)
	NOT-FOR-US: Android
CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a loca ...)
	- skia <itp> (bug #818180)
CVE-2017-0558 (An information disclosure vulnerability in Mediaserver could enable a  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0557 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0556 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0555 (An information disclosure vulnerability in libavc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver/ libavc
CVE-2017-0554 (An elevation of privilege vulnerability in the Telephony component cou ...)
	NOT-FOR-US: Android
CVE-2017-0553 (An elevation of privilege vulnerability in libnl could enable a local  ...)
	{DLA-892-1 DLA-891-1}
	- libnl3 3.2.27-2 (unimportant; bug #859948)
	- libnl <removed> (unimportant)
	NOTE: Fixed by: http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
	NOTE: Fix via Android: https://android.googlesource.com/platform/external/libnl/+/f83d9c1c67b6be69a96995e384f50b572b667df0
	NOTE: Not a security issue by itself, the upstream patch protects against API misuse,
	NOTE: this still requires missing input validation in the application using libnl
CVE-2017-0552 (A remote denial of service vulnerability in libavc in Mediaserver coul ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0551 (A remote denial of service vulnerability in libavc in Mediaserver coul ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0550 (A remote denial of service vulnerability in libavc in Mediaserver coul ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0549 (A remote denial of service vulnerability in libavc in Mediaserver coul ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0548 (A remote denial of service vulnerability in libskia could enable an at ...)
	- skia <itp> (bug #818180)
CVE-2017-0547 (An information disclosure vulnerability in libmedia in Mediaserver cou ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0546 (An elevation of privilege vulnerability in SurfaceFlinger could enable ...)
	NOT-FOR-US: Android
CVE-2017-0545 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android
CVE-2017-0544 (An elevation of privilege vulnerability in CameraBase could enable a l ...)
	NOT-FOR-US: Android
CVE-2017-0543 (A remote code execution vulnerability in libavc in Mediaserver could e ...)
	NOT-FOR-US: Android Mediaserver/ libavc
CVE-2017-0542 (A remote code execution vulnerability in libavc in Mediaserver could e ...)
	NOT-FOR-US: Android Mediaserver/ libavc
CVE-2017-0541 (A remote code execution vulnerability in sonivox in Mediaserver could  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0540 (A remote code execution vulnerability in libhevc in Mediaserver could  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0539 (A remote code execution vulnerability in libhevc in Mediaserver could  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0538 (A remote code execution vulnerability in libavc in Mediaserver could e ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0537 (An information disclosure vulnerability in the kernel USB gadget drive ...)
	NOT-FOR-US: Nvidia driver for Android
	NOTE: https://source.android.com/security/bulletin/2017-03-01.html
	NOTE: Android bulletin lists as affecting only Pixel C (Tegra X1) and Tegra USB gadget mode is not in mainline Linux
CVE-2017-0536 (An information disclosure vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0535 (An information disclosure vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0534 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0533 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0532 (An information disclosure vulnerability in the MediaTek video codec dr ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0531 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0530
	RESERVED
CVE-2017-0529 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0528 (An elevation of privilege vulnerability in the kernel security subsyst ...)
	NOT-FOR-US: Android bulletin lists as affecting only Pixel and Pixel XL (Qualcomm Snapdragon) so probably relates to Qualcomm driver
	NOTE: https://source.android.com/security/bulletin/2017-03-01.html
CVE-2017-0527 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver c ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0526 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver c ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0525 (An elevation of privilege vulnerability in the Qualcomm IPA driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0524 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0523 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0522 (An elevation of privilege vulnerability in a MediaTek APK could enable ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0521 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0520 (An elevation of privilege vulnerability in the Qualcomm crypto engine  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0519 (An elevation of privilege vulnerability in the Qualcomm fingerprint se ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0518 (An elevation of privilege vulnerability in the Qualcomm fingerprint se ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0517 (An elevation of privilege vulnerability in the MediaTek hardware senso ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0516 (An elevation of privilege vulnerability in the Qualcomm input hardware ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0515
	RESERVED
CVE-2017-0514
	RESERVED
CVE-2017-0513
	RESERVED
CVE-2017-0512
	RESERVED
CVE-2017-0511
	RESERVED
CVE-2017-0510 (An elevation of privilege vulnerability in the kernel FIQ debugger cou ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-0509 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0508 (An elevation of privilege vulnerability in the kernel ION subsystem co ...)
	NOT-FOR-US: Android ION subsystem
	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
	NOTE: patch has been made available it's likely some closed-source addon
CVE-2017-0507 (An elevation of privilege vulnerability in the kernel ION subsystem co ...)
	NOT-FOR-US: Android ION subsystem
	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
	NOTE: patch has been made available it's likely some closed-source addon
CVE-2017-0506 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0505 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0504 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0503 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0502 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0501 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0500 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0499 (A denial of service vulnerability in Audioserver could enable a local  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0498 (A denial of service vulnerability in Setup Wizard could allow a local  ...)
	NOT-FOR-US: Android
CVE-2017-0497 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0496 (A denial of service vulnerability in Setup Wizard could allow a local  ...)
	NOT-FOR-US: Android
CVE-2017-0495 (An information disclosure vulnerability in Mediaserver could enable a  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0494 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0493 (An information disclosure vulnerability in File-Based Encryption could ...)
	NOT-FOR-US: Android
CVE-2017-0492 (An elevation of privilege vulnerability in the System UI could enable  ...)
	NOT-FOR-US: Android
CVE-2017-0491 (An elevation of privilege vulnerability in Package Manager could enabl ...)
	NOT-FOR-US: Android
CVE-2017-0490 (An elevation of privilege vulnerability in Wi-Fi could enable a local  ...)
	NOT-FOR-US: Android
CVE-2017-0489 (An elevation of privilege vulnerability in Location Manager could enab ...)
	NOT-FOR-US: Android
CVE-2017-0488 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0487 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0486 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0485 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0484 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0483 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0482 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0481 (An elevation of privilege vulnerability in NFC could enable a proximat ...)
	NOT-FOR-US: Android
CVE-2017-0480 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0479 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0478 (A remote code execution vulnerability in the Framesequence library cou ...)
	NOT-FOR-US: Framesequence library
CVE-2017-0477 (A remote code execution vulnerability in libgdx could enable an attack ...)
	- libgdx <itp> (bug #686673)
CVE-2017-0476 (A remote code execution vulnerability in AOSP Messaging could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0475 (An elevation of privilege vulnerability in the recovery verifier could ...)
	NOT-FOR-US: Android
CVE-2017-0474 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0473 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0472 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0471 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0470 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0469 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0468 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0467 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0466 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0465 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0464 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0463 (An elevation of privilege vulnerability in the Qualcomm networking dri ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0462 (An elevation of privilege vulnerability in the Qualcomm Seemp driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0461 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0460 (An elevation of privilege vulnerability in the Qualcomm networking dri ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0459 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0458 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0457 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0456 (An elevation of privilege vulnerability in the Qualcomm IPA driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0455 (An information disclosure vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0454 (An elevation of privilege vulnerability in the Qualcomm audio driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0453 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0452 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0451 (An information disclosure vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0450 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0449 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0448 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0447 (An elevation of privilege vulnerability in the HTC touchscreen driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0446 (An elevation of privilege vulnerability in the HTC touchscreen driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0445 (An elevation of privilege vulnerability in the HTC touchscreen driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0444 (An elevation of privilege vulnerability in the Realtek sound driver co ...)
	NOT-FOR-US: Realtek driver for Android
CVE-2017-0443 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0442 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0441 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0440 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0439 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0438 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0437 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0436 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0435 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0434 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file system coul ...)
	NOT-FOR-US: Unspecified Android filesystem, apparently not in mainline
	NOTE: https://source.android.com/security/bulletin/2017-02-01.html
	NOTE: Android bulletin lists all recent devices as affected.
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2017-0426 (An information disclosure vulnerability in the Filesystem could enable ...)
	NOT-FOR-US: Android filesystem layout
CVE-2017-0425 (An information disclosure vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0424 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0423 (An elevation of privilege vulnerability in Bluetooth could enable a pr ...)
	NOT-FOR-US: Android
CVE-2017-0422 (A denial of service vulnerability in Bionic DNS could enable a remote  ...)
	NOT-FOR-US: Android
CVE-2017-0421 (An information disclosure vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0420 (An information disclosure vulnerability in AOSP Mail could enable a lo ...)
	NOT-FOR-US: Android
CVE-2017-0419 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0418 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0417 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0416 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0415 (An elevation of privilege vulnerability in Mediaserver could enable a  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0414 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0413 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0412 (An elevation of privilege vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0411 (An elevation of privilege vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0410 (An elevation of privilege vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0409 (A remote code execution vulnerability in libstagefright could enable a ...)
	NOT-FOR-US: libstagefright
CVE-2017-0408 (A remote code execution vulnerability in libgdx could enable an attack ...)
	- libgdx <itp> (bug #686673)
CVE-2017-0407 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0406 (A remote code execution vulnerability in Mediaserver could enable an a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0405 (A remote code execution vulnerability in Surfaceflinger could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound subsystem  ...)
	- linux <not-affected> (Android-specific sound system)
CVE-2017-0403 (An elevation of privilege vulnerability in the kernel performance subs ...)
	- linux <not-affected> (Android-specific performance subsystem)
CVE-2017-0402 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0401 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...)
	NOT-FOR-US: Android Qualcomm audio post processor
CVE-2017-0400 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0399 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...)
	NOT-FOR-US: Android Qualcomm audio post processor
CVE-2017-0398 (An information disclosure vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in libstagefrig ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0396 (An information disclosure vulnerability in visualizer/EffectVisualizer ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could enable a loc ...)
	NOT-FOR-US: Android Contacts
CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a remote a ...)
	NOT-FOR-US: Android Telephony
CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could enabl ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minor issue)
	[wheezy] - libvpx <no-dsa> (Minor issue)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: The wheezy source is confirmed (by code inspection) to be vulnerable.
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc
CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright  ...)
	NOT-FOR-US: libstagefright
CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in libhev ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in Mediaserver cou ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0389 (A denial of service vulnerability in core networking could enable a re ...)
	NOT-FOR-US: Android
CVE-2017-0388 (An elevation of privilege vulnerability in the External Storage Provid ...)
	NOT-FOR-US: Android
CVE-2017-0387 (An elevation of privilege vulnerability in Mediaserver could enable a  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0386 (An elevation of privilege vulnerability in the libnl library could ena ...)
	- libnl3 <not-affected> (Specific to Android's use of libnl)
	NOTE: https://github.com/thom311/libnl/issues/124
CVE-2017-0385 (An elevation of privilege vulnerability in Audioserver could enable a  ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0384 (An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBu ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0383 (An elevation of privilege vulnerability in the Framework APIs could en ...)
	NOT-FOR-US: Android
CVE-2017-0382 (A remote code execution vulnerability in the Framesequence library cou ...)
	NOT-FOR-US: Android
CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c in li ...)
	{DLA-793-1}
	- opus 1.2~alpha2-1 (bug #851612)
	[jessie] - opus <ignored> (Minor issue, https://bugs.debian.org/851612#10)
	NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha)
	NOTE: https://git.xiph.org/?p=opus.git;a=commitdiff;h=70a3d641b
CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in CLI tools, no security impact
CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
	NOTE: Crash in btmon CLI tool, no security impact
CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in CLI tools, no security impact
CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in CLI tools, no security impact
CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
	NOTE: Crash in btmon CLI tool, no security impact
CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in "conf_opt" function  ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in sound/core/pc ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: https://patchwork.kernel.org/patch/8752621/
	NOTE: Fixed by: https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
	NOTE: http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 o ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.5.8-2 (bug #845385)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...)
	{DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1}
	- tomcat8 8.5.8-2 (bug #845393)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does  ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804
	NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7)
	NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #846797)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Coldfire is not emulated by kvm)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829
CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not prop ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468
	NOTE: Fixed by: https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c
CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa (v4.9-rc8)
	NOTE: https://groups.google.com/forum/#!topic/syzkaller/GFbGpX7nTEo
CVE-2016-9684 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...)
	NOT-FOR-US: SonicWall
CVE-2016-9683 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...)
	NOT-FOR-US: SonicWall
CVE-2016-9682 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...)
	NOT-FOR-US: SonicWall
CVE-2016-9681 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity bef ...)
	- serendipity <removed>
CVE-2016-9680 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...)
	NOT-FOR-US: Citrix
CVE-2016-9679 (Citrix Provisioning Services before 7.12 allows attackers to execute a ...)
	NOT-FOR-US: Citrix
CVE-2016-9678 (Use-after-free vulnerability in Citrix Provisioning Services before 7. ...)
	NOT-FOR-US: Citrix
CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...)
	NOT-FOR-US: Citrix
CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows att ...)
	NOT-FOR-US: Citrix
CVE-2016-9674
	REJECTED
CVE-2016-9673
	REJECTED
CVE-2016-9672
	REJECTED
CVE-2016-9671
	REJECTED
CVE-2016-9670
	REJECTED
CVE-2016-9669
	REJECTED
CVE-2016-9668
	REJECTED
CVE-2016-9667
	REJECTED
CVE-2016-9666
	REJECTED
CVE-2016-9665
	REJECTED
CVE-2016-9664
	REJECTED
CVE-2016-9663
	REJECTED
CVE-2016-9662
	REJECTED
CVE-2016-9661
	REJECTED
CVE-2016-9660
	REJECTED
CVE-2016-9659
	REJECTED
CVE-2016-9658
	REJECTED
CVE-2016-9657
	REJECTED
CVE-2016-9656
	REJECTED
CVE-2016-9655
	REJECTED
CVE-2016-9654
	REJECTED
CVE-2016-9653
	REJECTED
CVE-2016-9652 (Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-9651 (A missing check for whether a property of a JS object is private in V8 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-9650 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linu ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...)
	{DSA-3993-1}
	- tor 0.3.1.7-1 (bug #876221)
	[jessie] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
	[wheezy] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
	NOTE: https://trac.torproject.org/projects/tor/ticket/23490
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=09ea89764a4d3a907808ed7d4fe42abfe64bd486
CVE-2017-0379 (Libgcrypt before 1.8.1 does not properly consider Curve25519 side-chan ...)
	{DSA-3959-1}
	- libgcrypt20 1.7.9-1 (bug #873383)
	[jessie] - libgcrypt20 <not-affected> (Vulnerable code not present, no Curve25519 support)
	- libgcrypt11 <not-affected> (Vulnerable code not present, no Curve25519 support)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b
	NOTE: https://eprint.iacr.org/2017/806
CVE-2017-0378 (XSS exists in the login_form function in views/helpers.php in Phamm be ...)
	- phamm 0.6.8-1 (bug #868988)
	[stretch] - phamm <no-dsa> (Minor issue)
	[jessie] - phamm <no-dsa> (Minor issue)
	[wheezy] - phamm <no-dsa> (Minor issue)
	NOTE: https://github.com/lota/phamm/issues/21
	NOTE: https://github.com/lota/phamm/commit/331bdbf0e79632385495fa62e087a6b4cf78857e
CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only con ...)
	- tor <not-affected> (Affects only 0.3.x series)
	NOTE: https://trac.torproject.org/projects/tor/ticket/22753
	NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients
CVE-2017-0376 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...)
	{DSA-3877-1 DLA-982-1}
	- tor 0.2.9.11-1 (bug #864424)
	NOTE: https://trac.torproject.org/22494
	NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=56a7c5bc15e0447203a491c1ee37de9939ad1dcd
	NOTE: Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha
CVE-2017-0375 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...)
	- tor <not-affected> (Introduced in 0.3.0.1-alpha)
	NOTE: https://trac.torproject.org/22493
	NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=79b59a2dfcb68897ee89d98587d09e55f07e68d7
	NOTE: Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha
CVE-2017-0374 (lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before  ...)
	- libconfig-model-perl 2.097-2
	[jessie] - libconfig-model-perl <no-dsa> (Minor issue)
	[wheezy] - libconfig-model-perl <no-dsa> (Minor issue. Perl itself has to fix this and this can not be done easily)
	NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573
CVE-2017-0373 (The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod ...)
	- libconfig-model-perl 2.097-2
	[jessie] - libconfig-model-perl <no-dsa> (Minor issue)
	[wheezy] - libconfig-model-perl <not-affected> (Vulnerable code do not exist)
	NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773
CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawiki bef ...)
	- mediawiki 1:1.27.3-1 (bug #861585)
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T158689
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
CVE-2017-0371
	RESERVED
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T68404
CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam b ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T48143
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0369 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T108138
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0368 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawH ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T156184
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0367 (Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary d ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://phabricator.wikimedia.org/T161453
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0366 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T151735
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0365 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerabilit ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T144845
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0364 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Speci ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T122209
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0363 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:Us ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T109140
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0362 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the " ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T150044
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0361 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information dis ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T125177
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authentica ...)
	{DSA-3826-1 DLA-882-1}
	- tryton-server 4.2.1-2
	NOTE: Fixed by: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 (4.2.x)
CVE-2017-0359 (diffoscope before 77 writes to arbitrary locations on disk based on th ...)
	- diffoscope 77 (bug #854723)
CVE-2017-0358 (Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...)
	{DSA-3780-1 DLA-815-1}
	- ntfs-3g 1:2016.2.22AR.1-4
	NOTE: PoC http://www.openwall.com/lists/oss-security/2017/02/04/1
CVE-2017-0357 (A heap-overflow flaw exists in the -tr loader of iucode-tool starting  ...)
	- iucode-tool 2.1.1-1
	[jessie] - iucode-tool <not-affected> (Vulnerable code not present)
	[wheezy] - iucode-tool <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.com/iucode-tool/iucode-tool/issues/3
CVE-2017-0356 (A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.201701 ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20170111
	NOTE: https://ikiwiki.info/security/#cve-2017-0356
CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive ...)
	{DLA-733-1}
	- openafs 1.6.20-1 (bug #846922)
	[jessie] - openafs 1.6.9-2+deb8u6
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master)
	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/01/12
CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the  ...)
	- linux 4.5.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f (v4.6-rc1)
CVE-2016-9649
	REJECTED
CVE-2016-9648
	REJECTED
CVE-2016-9647
	REJECTED
CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-&gt; ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20161229
	NOTE: https://ikiwiki.info/security/#cve-2016-9646
CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...)
	- webkitgtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/26/2
CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-9641
	RESERVED
CVE-2016-9640
	RESERVED
CVE-2017-0355 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0354 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0353 (All versions of the NVIDIA GPU Display Driver contain a vulnerability  ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0352 (All versions of the NVIDIA GPU Display Driver contain a vulnerability  ...)
	- nvidia-graphics-drivers 375.66-1 (bug #863515)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Only affects later driver series)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Only affects later driver series)
CVE-2017-0351 (All versions of the NVIDIA GPU Display Driver contain a vulnerability  ...)
	- nvidia-graphics-drivers 375.66-1 (bug #863515)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Only affects later driver series)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Only affects later driver series)
CVE-2017-0350 (All versions of the NVIDIA GPU Display Driver contain a vulnerability  ...)
	- nvidia-graphics-drivers 375.66-1 (bug #863515)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Only affects later driver series)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Only affects later driver series)
CVE-2017-0349 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0348 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0347 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0346 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0345 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0344 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0343 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0342 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0341 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0340 (An elevation of privilege vulnerability in the NVIDIA Libnvparser comp ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0339 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0337 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0336 (An information disclosure vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0335 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0334 (An information disclosure vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0333 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0332 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0331 (An elevation of privilege vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0330 (An information disclosure vulnerability in the NVIDIA crypto driver co ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0329 (An elevation of privilege vulnerability in the NVIDIA boot and power m ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0328 (An information disclosure vulnerability in the NVIDIA crypto driver co ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0327 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0326 (An information disclosure vulnerability in the NVIDIA Video Driver due ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0325 (An elevation of privilege vulnerability in the NVIDIA I2C HID driver c ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a vulnerabilit ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a  ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0316 (In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Fra ...)
	NOT-FOR-US: NVIDIA Installer Framework
CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel  ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0307 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0306 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary "listguests64" is configur ...)
	NOT-FOR-US: BMC Patrol
CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when qemu i ...)
	{DLA-1270-1}
	- qemu <not-affected> (Vulnerability specific to Xen)
	- qemu-kvm <not-affected> (Vulnerability specific to Xen)
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-199.html
CVE-2016-9620
	REJECTED
CVE-2016-9619
	REJECTED
CVE-2016-9618
	REJECTED
CVE-2016-9617
	REJECTED
CVE-2016-9616
	REJECTED
CVE-2016-9615
	REJECTED
CVE-2016-9614
	REJECTED
CVE-2016-9613
	REJECTED
CVE-2016-9612
	REJECTED
CVE-2016-9611
	REJECTED
CVE-2016-9610
	REJECTED
CVE-2016-9609
	REJECTED
CVE-2016-9608
	REJECTED
CVE-2016-9607
	REJECTED
CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into parsing a req ...)
	- resteasy 3.1.4-1 (bug #851430)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 3.0.26-1
	NOTE: See CVE-2018-1051 to address original incomplete fix for CVE-2016-9606
CVE-2016-9605 (A flaw was found in cobbler software component version 2.6.11-1. It su ...)
	- cobbler <removed> (bug #858844)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1433950
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1399333
CVE-2016-9604 (It was discovered in the Linux kernel before 4.11-rc8 that root can ga ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA e ...)
	{DLA-1497-1 DLA-1270-1 DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4 (bug #857744)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-211.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2
	NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following wh ...)
	{DLA-1497-1 DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-3 (bug #853006)
	- qemu-kvm <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
	NOTE: The original proposed patch does not fix the issue, cf.
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/17/14
	NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
	NOTE: If fixing this issue for older suites, then make sure not to open the
	NOTE: CVE-2017-7471 vulnerability and apply as well 9c6b899f7a46893ab3b671e341a2234e9c0c060e
	NOTE: See further details in the CVE-2017-7471 tracker entry.
CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buffer o ...)
	{DSA-3817-1 DLA-874-1}
	- jbig2dec 0.13-4 (bug #850497)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
	NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/109
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access ...)
	NOT-FOR-US: puppet-tripleo
CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows context-depend ...)
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 f ...)
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in recovery m ...)
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain scripts a ...)
	NOT-FOR-US: Katello
CVE-2016-9594 (curl before version 7.52.1 is vulnerable to an uninitialized random in ...)
	- curl <not-affected> (Only affects 7.52.0)
	NOTE: https://curl.haxx.se/docs/adv_20161223.html
CVE-2016-9593 (foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman ...)
	- foreman <itp> (bug #663101)
CVE-2016-9592 (openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a f ...)
	NOT-FOR-US: OpenShift
CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in the  ...)
	{DSA-3827-1 DLA-920-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/105
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an informat ...)
	- puppet-module-swift 9.4.4-1 (bug #851293)
CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable  ...)
	NOT-FOR-US: Red Hat specific use of undertow in Wildfly
CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP  ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.8.15-2
	NOTE: https://www.spinics.net/lists/kvm/msg142495.html
	NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper inpu ...)
	- ansible 2.2.0.0-3 (bug #850846)
	[jessie] - ansible <not-affected> (Vulnerable code not present, way ssh commands was reworked in 2.x branch)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)
	NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3
CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when doi ...)
	{DLA-1568-1 DLA-767-1}
	- curl 7.52.1-1 (bug #848958)
	NOTE: https://curl.haxx.se/docs/adv_20161221A.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
	NOTE: There are no known vulnerable applications but as this is a
	NOTE: library it should be fixed as we do not know the full impact.
CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untr ...)
	NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
CVE-2016-9584 (libical allows remote attackers to cause a denial of service (use-afte ...)
	{DLA-959-1}
	- libical3 3.0.1-1
	- libical <removed> (bug #852034)
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
	NOTE: Upstream ticket: https://github.com/libical/libical/issues/253
CVE-2016-9583 (An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/103
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27
	NOTE: The issue exists due to an overflow check which is not present
	NOTE: in Wheezy and Jessie. However it makes sense to implement this check.
	NOTE: This can be done when more important issues are found [wheezy].
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-9582
	REJECTED
CVE-2016-9581 (An infinite loop vulnerability in tiftoimage that results in heap buff ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/872
	NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
	NOTE: not built into the binary packages
CVE-2016-9580 (An integer overflow vulnerability was found in tiftoimage function in  ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/871
	NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
	NOTE: not built into the binary packages
CVE-2016-9579 (A flaw was found in the way Ceph Object Gateway would process cross-or ...)
	- ceph 10.2.5-2 (bug #849048)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/18187
CVE-2016-9578 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...)
	{DSA-3790-1 DLA-825-1}
	- spice 0.12.8-2.1 (bug #854336)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556 (0.12.x)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a (0.12.x)
CVE-2016-9577 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...)
	{DSA-3790-1 DLA-825-1}
	- spice 0.12.8-2.1 (bug #854336)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 (0.12.x)
CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not properl ...)
	{DLA-772-1}
	- linux 4.8.15-2
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1)
CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
	NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
	NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9)
CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not  ...)
	- freeipa 4.4.4-1 (bug #849950)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15
	NOTE: https://fedorahosted.org/freeipa/ticket/6560
CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of service du ...)
	- nss 2:3.25-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695
	NOTE: The CVE is specific to the segfault resulting from the reproducing steps
	NOTE: as per buzilla entry, and https://bugzilla.redhat.com/show_bug.cgi?id=1397482
	NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735
CVE-2016-9573 (An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in th ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1.1 (bug #851422)
	NOTE: https://github.com/uclouvain/openjpeg/issues/863
	NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9572 (A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 de ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1.1 (bug #851422)
	NOTE: https://github.com/uclouvain/openjpeg/issues/863
	NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9571
	REJECTED
CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial  ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9568 (A security design issue can allow an unprivileged user to interact wit ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) soft ...)
	NOT-FOR-US: Samsung
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with acc ...)
	{DLA-1615-1 DLA-751-1}
	- nagios3 <removed>
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
	NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile
	- icinga 1.13.4-1
	[jessie] - icinga <no-dsa> (Minor issue)
	[wheezy] - icinga <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.com/issues/13709
	NOTE: https://github.com/Icinga/icinga-core/commit/a0eb8471673b6b1e9b37e1b7b91151aa00bedb65
	NOTE: https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0
CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core before 4. ...)
	{DLA-751-1}
	- nagios3 3.5.1-1
	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
	NOTE: The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected
	NOTE: function was removed.
	NOTE: The scope of the CVE is specific to Nagios.
	NOTE: impact lessened by the hardened permissions in Debian: files can be extracted, but no backdoor can be installed as the web root is not writable
CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remot ...)
	- boa <not-affected> (the vuln was removed in 0.93.14)
	NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r
CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticate ...)
	NOT-FOR-US: SAP
CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...)
	NOT-FOR-US: SAP
CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg b ...)
	- ffmpeg 7:3.2.4-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/1
	NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media
	NOTE: files, it needs to set resource limits
CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version 4 ...)
	NOT-FOR-US: Sophos
CVE-2016-9553 (The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote ...)
	NOT-FOR-US: Sophos
CVE-2016-9552
	RESERVED
CVE-2016-9551
	RESERVED
CVE-2016-9550
	RESERVED
CVE-2016-9549
	RESERVED
CVE-2016-9548
	RESERVED
CVE-2016-9547
	RESERVED
CVE-2016-9546
	RESERVED
CVE-2016-9545
	RESERVED
CVE-2016-9544
	RESERVED
CVE-2016-9543
	RESERVED
CVE-2016-9542
	RESERVED
CVE-2016-9541
	RESERVED
CVE-2016-9531
	REJECTED
CVE-2016-9530
	REJECTED
CVE-2016-9529
	REJECTED
CVE-2016-9528
	REJECTED
CVE-2016-9527
	REJECTED
CVE-2016-9526
	REJECTED
CVE-2016-9525
	REJECTED
CVE-2016-9524
	REJECTED
CVE-2016-9523
	REJECTED
CVE-2016-9522
	REJECTED
CVE-2016-9521
	REJECTED
CVE-2016-9520
	REJECTED
CVE-2016-9519
	REJECTED
CVE-2016-9518
	REJECTED
CVE-2016-9517
	REJECTED
CVE-2016-9516
	REJECTED
CVE-2016-9515
	REJECTED
CVE-2016-9514
	REJECTED
CVE-2016-9513
	REJECTED
CVE-2016-9512
	REJECTED
CVE-2016-9511
	REJECTED
CVE-2016-9510
	REJECTED
CVE-2016-9509
	REJECTED
CVE-2016-9508
	REJECTED
CVE-2016-9507
	REJECTED
CVE-2016-9506
	REJECTED
CVE-2016-9505
	REJECTED
CVE-2016-9504
	REJECTED
CVE-2016-9503
	REJECTED
CVE-2016-9502
	REJECTED
CVE-2016-9501
	REJECTED
CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft P ...)
	NOT-FOR-US: Accellion
CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the us ...)
	NOT-FOR-US: Accellion
CVE-2016-9498 (ManageEngine Applications Manager 12 and 13 before build 13200, allows ...)
	NOT-FOR-US: ManageEngine
CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9496 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9495 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9494 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 before build 13690 allows  ...)
	NOT-FOR-US: ManageEngine
CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13 before build 13200, an  ...)
	NOT-FOR-US: ManageEngine
CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9487 (EpubCheck 4.0.1 does not properly restrict resolving external entities ...)
	NOT-FOR-US: EpubCheck
CVE-2016-9486 (On Windows endpoints, the SecureConnector agent must run under the loc ...)
	NOT-FOR-US: SecureConnector agent
CVE-2016-9485 (On Windows endpoints, the SecureConnector agent must run under the loc ...)
	NOT-FOR-US: SecureConnector agent
CVE-2016-9484 (The generated PHP form code does not properly validate user input fold ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9483 (The PHP form code generated by PHP FormMail Generator deserializes unt ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9482 (Code generated by PHP FormMail Generator may allow a remote unauthenti ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2014-9912 (The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...)
	- php5 5.6.0+dfsg-1
	[wheezy] - php5 5.4.34-0+deb7u1
	NOTE: Fixed in 5.6.0, 5.5.14, 5.4.30, 5.3.29
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=67397
	NOTE: Upstream patch: https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest
	NOTE: PHP workaround for CVE-2014-9911 in icu
CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into foll ...)
	{DLA-757-1}
	- phpmyadmin 4:4.1.7-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
	NOTE: may affect wheezy only.
CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not specify  ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/
	NOTE: Debian packaging generates blowfish secret
CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
	NOTE: disabled by default, debugging setting required
CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass AllowR ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the allow ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/
CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an improper fix f ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because of a we ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user can exe ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ma ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...)
	- phpmyadmin 4:4.6.5.1-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/
CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request to ta ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ta ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized stri ...)
	{DLA-1415-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/17b34be (RELEASE_4_6_5)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1fc004d (MAINT_4_4_15)
CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is diffe ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
	NOTE: unlikely PHP configuration required, unclear impact
CVE-2014-9911 (Stack-based buffer overflow in the ures_getByKeyWithFallback function  ...)
	{DSA-3725-1 DLA-744-1}
	- icu 55.1-3
	NOTE: http://bugs.icu-project.org/trac/ticket/10891
	NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699
	NOTE: The patch addressing CVE-2014-9911 is applied in 54.1 , but the
	NOTE: first fixed package version uploaded to unstable is 55.1-3 .
CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to minio ...)
	- salt 2016.3.0+ds-1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...)
	{DSA-3818-1}
	- gst-plugins-bad1.0 1.10.2-1 (low)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120
CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in GStreamer ...)
	{DSA-3818-1}
	- gst-plugins-bad1.0 1.10.2-1 (low)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048
CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStreamer be ...)
	{DSA-3819-1 DLA-2126-1 DLA-735-1}
	- gst-plugins-base1.0 1.10.2-1
	- gst-plugins-base0.10 <removed>
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder in g ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer  ...)
	{DSA-3818-1 DLA-2164-1 DLA-736-1}
	- gst-plugins-bad1.0 1.10.2-1
	- gst-plugins-bad0.10 <removed>
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
	NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
	NOTE: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
CVE-2016-9807 (The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer bef ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
	NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9806 (Race condition in the netlink_dump function in net/netlink/af_netlink. ...)
	- linux 4.6.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/23
CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/43
CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/42
CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/41
CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/40
CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/39
CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/38
	NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/37
CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/36
CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/35
CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/33
CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/32
CVE-2016-9621
	REJECTED
CVE-2016-9560 (Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_ ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
CVE-2016-9558 ((1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf  ...)
	- dwarfutils 20161124-1 (bug #845408)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5
CVE-2016-9557 (Integer overflow in jas_image.c in JasPer before 1.900.25 allows remot ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (There is no application crash unless jasper is built with ASAN)
	[wheezy] - jasper <no-dsa> (the fix is too invasive)
	NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kern ...)
	{DLA-772-1}
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of Expo ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain sensi ...)
	- dwarfutils 20161124-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201611-006
	NOTE: https://sourceforge.net/p/libdwarf/bugs/5/
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/
	NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older
	NOTE: versions, but there  seem to be still back then an unchecked dereference
	NOTE: of val_ptr.
CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows r ...)
	- b2evolution <removed>
CVE-2016-9478
	REJECTED
CVE-2016-9477
	REJECTED
CVE-2016-9476
	REJECTED
CVE-2016-9475
	REJECTED
CVE-2016-9474
	REJECTED
CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and e ...)
	- brave-browser <itp> (bug #864795)
CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element In ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Dow ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any authentic ...)
	- gitlab 8.13.6+dfsg2-2 (bug #847157)
	NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064
CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9466 (Nextcloud Server before 10.0.1 &amp; ownCloud Server before 9.0.6 and  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9465 (Nextcloud Server before 10.0.1 &amp; ownCloud Server before 9.0.6 and  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9462 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9461 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9460 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9459 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9458
	REJECTED
CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/st ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
	NOTE: https://kb.isc.org/article/AA-01441/0
CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which allow ...)
	{DLA-2260-1 DLA-724-1}
	- mcabber 0.10.2-1.1 (bug #845258)
	NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/09/5
CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688]
	- slixmpp 1.2.2-1
	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE)
CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory]
	- tomcat8 8.0.38-1 (bug #840685)
	[jessie] - tomcat8 8.0.14-1+deb8u4
	NOTE: Workaround entry for DSA-3720-1 since no CVE assinged
	- tomcat7 7.0.72-3 (bug #841655)
	[jessie] - tomcat7 7.0.56-3+deb8u5
	[wheezy] - tomcat7 7.0.28-4+deb7u7
	NOTE: Workaround entry for DSA-3721-1 since no CVE assinged
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9773 (Heap-based buffer overflow in the IsPixelGray function in MagickCore/p ...)
	- imagemagick <not-affected> (Affects only the ImageMagick-7 branch, cf. NOTE)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/312
	NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045
CVE-2016-9556 (The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master)
CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attack ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...)
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
	[jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
	[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in Imag ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0. ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not  ...)
	{DSA-3799-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/352
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
	NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was
	NOTE: specifically noted at the beginning of issues/196, but not fixed in
	NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor
	NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same
	NOTE: as the fputc issue in ReadGROUP4Image.
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/41e955984b034777903cfa61e500a0b922eb9cbd
CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7. ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagi ...)
	{DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...)
	- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
	NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the Ad ...)
	NOT-FOR-US: MyBB
CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...)
	NOT-FOR-US: MyBB
CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1. ...)
	NOT-FOR-US: MyBB
CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka MyB ...)
	NOT-FOR-US: MyBB
CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...)
	NOT-FOR-US: MyBB
CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
	NOT-FOR-US: MyBB
CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
	NOT-FOR-US: MyBB
CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in M ...)
	NOT-FOR-US: MyBB
CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in  ...)
	NOT-FOR-US: MyBB
CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...)
	NOT-FOR-US: MyBB
CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka MyBull ...)
	NOT-FOR-US: MyBB
CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as u ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845663)
	NOTE: https://xenbits.xen.org/xsa/advisory-191.html
CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x throug ...)
	{DSA-3729-1}
	- xen 4.8.0-1 (bug #845665)
	[wheezy] - xen <not-affected> (Only affects Xen >= 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-193.html
CVE-2016-9384 (Xen 4.7 allows local guest OS users to obtain sensitive host informati ...)
	- xen 4.8.0-1 (bug #845667)
	[jessie] - xen <not-affected> (Only affects Xen >= 4.7)
	[wheezy] - xen <not-affected> (Only affects Xen >= 4.7)
	NOTE: https://xenbits.xen.org/xsa/advisory-194.html
CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 guest OS us ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845668)
	NOTE: https://xenbits.xen.org/xsa/advisory-195.html
CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, whic ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845664)
	NOTE: https://xenbits.xen.org/xsa/advisory-192.html
CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS administra ...)
	{DLA-720-1}
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-197.html
CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited output form ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845670)
	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression output forma ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845670)
	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
CVE-2016-9378 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when  ...)
	- xen 4.8.0-1 (bug #845669)
	[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
	[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
	NOTE: https://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when  ...)
	- xen 4.8.0-1 (bug #845669)
	[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
	[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
	NOTE: https://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9370
	REJECTED
CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication Inter ...)
	NOT-FOR-US: Eaton xComfort Ethernet Communication Interface
CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9364 (An issue was discovered in Fidelix FX-20 series controllers, versions  ...)
	NOT-FOR-US: Moxa
CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9362 (An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (release ...)
	NOT-FOR-US: WAGO
CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFI ...)
	NOT-FOR-US: General Electric
CVE-2016-9359
	REJECTED
CVE-2016-9358 (A Hard-Coded Passwords issue was discovered in Marel Food Processing S ...)
	NOT-FOR-US: Marel
CVE-2016-9357 (An issue was discovered in certain legacy Eaton ePDUs -- the affected  ...)
	NOT-FOR-US: legacy Eaton ePDUs
CVE-2016-9356 (An issue was discovered in Moxa DACenter Versions 1.4 and older. The a ...)
	NOT-FOR-US: Moxa
CVE-2016-9355 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8 ...)
	NOT-FOR-US: Alaris 8015 Point of Care
CVE-2016-9354 (An issue was discovered in Moxa DACenter Versions 1.4 and older. A spe ...)
	NOT-FOR-US: Moxa
CVE-2016-9353 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9352
	REJECTED
CVE-2016-9351 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9350
	REJECTED
CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9347 (An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Ca ...)
	NOT-FOR-US: Emerson
CVE-2016-9346 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...)
	NOT-FOR-US: Moxa
CVE-2016-9345 (An issue was discovered in Emerson DeltaV Easy Security Management Del ...)
	NOT-FOR-US: Emerson
CVE-2016-9344 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...)
	NOT-FOR-US: Moxa
CVE-2016-9343 (An issue was discovered in Rockwell Automation Logix5000 Programmable  ...)
	NOT-FOR-US: Rockwell
CVE-2016-9342
	REJECTED
CVE-2016-9341
	REJECTED
CVE-2016-9340
	REJECTED
CVE-2016-9339 (An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versio ...)
	NOT-FOR-US: INTERSCHALT Maritime Systems
CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...)
	NOT-FOR-US: Rockwell
CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all firmwa ...)
	NOT-FOR-US: Tesla car
CVE-2016-9336
	REJECTED
CVE-2016-9335 (A hard-coded cryptographic key vulnerability was identified in Red Lio ...)
	NOT-FOR-US: Red Lion Controls Sixnet-Managed Industrial Switches
CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...)
	NOT-FOR-US: Rockwell
CVE-2016-9333 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-9332 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...)
	{DLA-723-1}
	- libsoap-lite-perl 1.19-1
	[jessie] - libsoap-lite-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/redhotpenguin/soaplite/pull/21
	NOTE: https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124
CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and My ...)
	NOT-FOR-US: MyBB
CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in the admi ...)
	NOT-FOR-US: MyBB
CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x befo ...)
	NOT-FOR-US: MyBB
CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote att ...)
	{DSA-3762-1}
	- tiff 4.0.6-3
	[wheezy] - tiff 4.0.2-6+deb7u7
	NOTE: CVE-2016-9453 for wheezy fixed via CVE-2016-5652
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
	NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
	NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652
	NOTE: and included in patches/09-CVE-2016-5652.patch
	NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or error with valgrind):
	NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered.
	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
	NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample".
	NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading.
CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the render canva ...)
	{DSA-3717-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	- gst-plugins-bad1.0 1.10.1-1
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows remote at ...)
	{DSA-3717-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	- gst-plugins-bad1.0 1.10.1-1
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ...)
	- drupal8 <itp> (bug #756305)
	- drupal7 <not-affected> (Only affects Drupal 8)
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...)
	{DSA-3718-1 DLA-715-1}
	- drupal7 7.52-1
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote  ...)
	- drupal8 <itp> (bug #756305)
	- drupal7 <not-affected> (Only affects Drupal 8)
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...)
	{DSA-3718-1 DLA-715-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.52-1
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/28
CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/24
CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/22
CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33 (bug #844726)
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/20
CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/18
CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/17
CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly initiali ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/16
	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 do ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/16
	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/15
CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/14
CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/13
CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/10
CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/7
CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/29
CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/26
CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows attac ...)
	{DLA-721-1}
	[experimental] - libgc 1:7.4.4-1
	- libgc 1:7.6.4-0.3 (bug #844771)
	[stretch] - libgc <no-dsa> (Minor issue)
	[jessie] - libgc <no-dsa> (Minor issue)
	NOTE: https://github.com/ivmai/bdwgc/issues/135
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/25
CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/21
CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/12
CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/9
CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/8
CVE-2016-9401 (popd in bash might allow local users to bypass the restricted shell an ...)
	{DLA-1726-1}
	- bash 4.4-3 (bug #844727)
	[wheezy] - bash <no-dsa> (Minor issue)
	NOTE: Upstream bash considers this issue only to be a bug.
	NOTE: Proposed patch: https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html
	NOTE: Fixed by (4.4): https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remo ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
	NOTE: Negligible security impact
CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 all ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2
	NOTE: Negligible security impact
CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows rem ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
	NOTE: Negligible security impact
CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0. ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
	NOTE: Negligible security impact
CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 a ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 a ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17  ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl
	NOTE: Negligible security impact
CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allo ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes
	NOTE: Negligible security impact
CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
	NOTE: Negligible security impact
CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 a ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.90 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict
	NOTE: Negligible security impact
CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap
	NOTE: Negligible security impact
CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/ ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop exc ...)
	- wireshark 2.2.2+g9c5aae3-1
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html
CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector c ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html
CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector  ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html
CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector coul ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html
CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html
CVE-2016-9331
	REJECTED
CVE-2016-9330
	REJECTED
CVE-2016-9329
	REJECTED
CVE-2016-9328
	REJECTED
CVE-2016-9327
	REJECTED
CVE-2016-9326
	REJECTED
CVE-2016-9325
	REJECTED
CVE-2016-9324
	REJECTED
CVE-2016-9323
	REJECTED
CVE-2016-9322
	REJECTED
CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...)
	- teeworlds 0.6.4+dfsg-1 (bug #844546)
	[jessie] - teeworlds <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
	NOTE: https://www.teeworlds.com/?page=news&id=12086
	NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/8
CVE-2016-9321
	RESERVED
CVE-2016-9320
	RESERVED
CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro Enterpr ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...)
	[experimental] - libxml2 2.9.8+dfsg-1
	- libxml2 2.9.10+dfsg-2 (bug #844581)
	[buster] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[wheezy] - libxml2 <no-dsa> (Minor issue)
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
	NOTE: The patch introduces a new option that can be specified if this
	NOTE: behaviour is wanted. Not enforced by default.
	NOTE: The option though was reverted in https://git.gnome.org/browse/libxml2/commit/?id=030b1f7a27c22f9237eddca49ec5e620b6258d7d
	NOTE: New proposed/commited fix: https://git.gnome.org/browse/libxml2/commit/?id=ad88b54f1a28a8565964a370b5d387927b633c0d
CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) befo ...)
	{DSA-3777-1 DLA-804-1}
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1
	NOTE: https://github.com/libgd/libgd/issues/340
CVE-2016-9316 (Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.tren ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9315 (Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updat ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9314 (Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigB ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9313 (security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles un ...)
	- linux 4.8.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb (v4.9-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/13100a72f40f5748a04017e0ab3df4cf27c809ef (v4.7-rc1)
CVE-2016-9312 (ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ...)
	- ntp <not-affected> (Only ntpd on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3110
	NOTE: Only relevant for ntpd on Windows, but fixed source-wise in 1:4.2.8p9+dfsg-1
CVE-2016-9311 (ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, not vulnerable by default)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0204/
	NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction.
CVE-2016-9310 (The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9  ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, not vulnerable by default)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0203/
	NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction.
CVE-2016-9309
	RESERVED
CVE-2016-9308
	RESERVED
CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismat ...)
	NOT-FOR-US: Autodesk
CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9295
	RESERVED
CVE-2016-9293
	RESERVED
CVE-2016-9292
	RESERVED
CVE-2016-9291
	RESERVED
CVE-2016-9290
	RESERVED
CVE-2016-9289
	RESERVED
CVE-2016-9288 (In framework/modules/navigation/controllers/navigationController.php i ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9287 (In /framework/modules/notfound/controllers/notfoundController.php of E ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9286 (framework/modules/users/controllers/usersController.php in Exponent CM ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9285 (framework/modules/addressbook/controllers/addressController.php in Exp ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9284 (getUsersByJSON in framework/modules/users/controllers/usersController. ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9283 (SQL Injection in framework/core/subsystems/expRouter.php in Exponent C ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9282 (SQL Injection in framework/modules/search/controllers/searchController ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9281
	RESERVED
CVE-2016-9280
	RESERVED
CVE-2016-9277 (Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note ...)
	NOT-FOR-US: Samsung
CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows loca ...)
	NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches)
CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...)
	NOT-FOR-US: Cloudera
CVE-2016-9270
	RESERVED
CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9268 (Unrestricted file upload vulnerability in the Blog appearance in the " ...)
	- dotclear <removed>
	NOTE: http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2
	NOTE: http://dev.dotclear.org/2.0/ticket/2214
CVE-2016-9267
	RESERVED
CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...)
	{DLA-1151-1}
	- wordpress 4.1+dfsg-1
	NOTE: https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/
	NOTE: flashmediaelement.swf removed from source tree starting in 4.1+dfsg-1
CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote a ...)
	{DSA-3713-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allow ...)
	- jenkins <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c i ...)
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #844211)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
CVE-2016-9300
	REJECTED
CVE-2016-9301
	REJECTED
CVE-2016-9302
	REJECTED
CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844226)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
	NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
	NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
	NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
	NOTE: When fixing this CVE make sure to make the fix complete and not
	NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
	NOTE: Fix in 4.0.7 is complete.
	NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled im ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readCon ...)
	- tiff 4.0.7-1 (unimportant)
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
	NOTE: Crash in CLI tool, no security impact
CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readCon ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that  ...)
	{DSA-3844-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
	NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of TI ...)
	{DSA-3762-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilitie ...)
	{DSA-3762-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in tiffcr ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844057)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
	NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
	- p7zip 16.02+dfsg-2 (unimportant; bug #844344)
	[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
	[wheezy] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
	NOTE: https://sourceforge.net/p/p7zip/bugs/185/
	NOTE: no security impact
CVE-2016-9294 (Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225 ...)
	NOT-FOR-US: MuJS
CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for A ...)
	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, o ...)
	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9276 (The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf bef ...)
	- dwarfutils 20161124-1 (bug #844011)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
	NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit.
CVE-2016-9275 (Heap-based buffer overflow in the _dwarf_skim_forms function in libdwa ...)
	- dwarfutils 20161124-1 (bug #844012)
	[jessie] - dwarfutils <not-affected> (Vulnerable code not present)
	[wheezy] - dwarfutils <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
	NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit.
CVE-2016-9273 (tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial o ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844013)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
	NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
	NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7
	NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1
CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation En ...)
	NOT-FOR-US: Tenable Log Correlation Engine
CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9  ...)
	NOT-FOR-US: Nessus
CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...)
	NOT-FOR-US: Nessus
CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauth ...)
	NOT-FOR-US: F5
CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM management UI o ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...)
	NOT-FOR-US: F5
CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated us ...)
	NOT-FOR-US: F5
CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified impa ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
	NOTE: https://github.com/libming/libming/issues/53
CVE-2016-9265 (The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remo ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list
	NOTE: https://github.com/libming/libming/issues/52
CVE-2016-9264 (Buffer overflow in the printMP3Headers function in listmp3.c in Libmin ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c
	NOTE: https://github.com/libming/libming/issues/51
CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in base/jas ...)
	- jasper <removed>
	[jessie] - jasper <not-affected> (Vulnerable code introduced later)
	[wheezy] - jasper <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
	NOTE: The use-afer-free seems to be introduced in a version later tha 1.900.1 but the
	NOTE: CVE is assigned for everything fixed in the above commit, a such seems till
	NOTE: present in the 1.900.1 based versions. Still ok to mark as not-affected
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
CVE-2016-9258
	REJECTED
CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...)
	NOT-FOR-US: F5
CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl c ...)
	NOT-FOR-US: F5
CVE-2016-9255
	REJECTED
CVE-2016-9254
	REJECTED
CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic pattern ...)
	NOT-FOR-US: F5
CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be a ...)
	NOT-FOR-US: F5
CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...)
	NOT-FOR-US: F5
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server wit ...)
	NOT-FOR-US: F5
CVE-2016-9248
	REJECTED
CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server wit ...)
	NOT-FOR-US: F5
CVE-2016-9246
	REJECTED
CVE-2016-9245 (In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtu ...)
	NOT-FOR-US: F5
CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile that has  ...)
	NOT-FOR-US: F5 TLS stack
	NOTE: https://ticketbleed.com/
CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if used ...)
	- python-cryptography 1.5.3-1
	[jessie] - python-cryptography 0.6.1-1+deb8u1
	NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211
	NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/08/6
CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in framewo ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9241
	REJECTED
CVE-2016-9240
	REJECTED
CVE-2016-9239
	REJECTED
CVE-2016-9238
	REJECTED
CVE-2016-9237
	REJECTED
CVE-2016-9236
	REJECTED
CVE-2016-9235
	REJECTED
CVE-2016-9234
	REJECTED
CVE-2016-9233
	REJECTED
CVE-2016-9232
	REJECTED
CVE-2016-9231
	REJECTED
CVE-2016-9230
	REJECTED
CVE-2016-9229
	REJECTED
CVE-2016-9228
	REJECTED
CVE-2016-9227
	REJECTED
CVE-2016-9226
	REJECTED
CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco Ada ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an unauth ...)
	NOT-FOR-US: Cisco
CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco CloudCente ...)
	NOT-FOR-US: Cisco
CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...)
	NOT-FOR-US: Cisco
CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection authent ...)
	NOT-FOR-US: Cisco
CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing  ...)
	NOT-FOR-US: Cisco
CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco Wirel ...)
	NOT-FOR-US: Cisco
CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco Inte ...)
	NOT-FOR-US: Cisco
CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr  ...)
	NOT-FOR-US: Cisco ASR 5000
CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability that cou ...)
	NOT-FOR-US: Cisco
CVE-2016-9213
	REJECTED
CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification configuration ...)
	NOT-FOR-US: Cisco
CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454 Series Multi ...)
	NOT-FOR-US: Cisco
CVE-2016-9210 (A vulnerability in the Cisco Unified Reporting upload tool accessed vi ...)
	NOT-FOR-US: Cisco
CVE-2016-9209 (A vulnerability in TCP processing in Cisco FirePOWER system software c ...)
	NOT-FOR-US: Cisco
CVE-2016-9208 (A vulnerability in the File Management Utility, the Download File form ...)
	NOT-FOR-US: Cisco
CVE-2016-9207 (A vulnerability in the HTTP traffic server component of Cisco Expressw ...)
	NOT-FOR-US: Cisco
CVE-2016-9206 (A vulnerability in the ccmadmin page of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2016-9205 (A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR  ...)
	NOT-FOR-US: Cisco
CVE-2016-9204 (A vulnerability in the Cisco Intercloud Fabric (ICF) Director could al ...)
	NOT-FOR-US: Cisco
CVE-2016-9203 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature ...)
	NOT-FOR-US: Cisco
CVE-2016-9202 (A vulnerability in the web-based management interface of Cisco Email S ...)
	NOT-FOR-US: Cisco
CVE-2016-9201 (A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-9200 (A vulnerability in the web framework code of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2016-9199 (A vulnerability in the Cisco application-hosting framework (CAF) of Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-9198 (A vulnerability in the Active Directory integration component of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9197 (A vulnerability in the CLI command parser of the Cisco Mobility Expres ...)
	NOT-FOR-US: Cisco
CVE-2016-9196 (A vulnerability in login authentication management in Cisco Aironet 18 ...)
	NOT-FOR-US: Cisco
CVE-2016-9195 (A vulnerability in RADIUS Change of Authorization (CoA) request proces ...)
	NOT-FOR-US: Cisco
CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action  ...)
	NOT-FOR-US: Cisco
CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features  ...)
	NOT-FOR-US: Cisco
CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
	NOT-FOR-US: Cisco
CVE-2015-8972 (Stack-based buffer overflow in the ValidateMove function in frontend/m ...)
	- gnuchess 6.2.4-1 (unimportant)
	NOTE: Built with hardening flags, no security impact
	NOTE: http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html
	NOTE: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134
CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary command ...)
	{DSA-3712-1}
	- terminology 0.7.0-2 (bug #843434)
	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 m ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa (v3.11-rc1)
CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...)
	{DSA-3710-1 DLA-705-1}
	- pillow 3.4.2-1
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/issues/2105
	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...)
	{DSA-3710-1 DLA-705-1}
	- pillow 3.4.2-1
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/issues/2105
	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before  ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension support ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9186 (Unrestricted file upload vulnerability in the "legacy course files" an ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local URL an a ...)
	- heat 1:7.0.0-2 (bug #843232)
	[jessie] - heat <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ossa/+bug/1606500
CVE-2016-9184 (In /framework/modules/core/controllers/expHTMLEditorController.php of  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9183 (In /framework/modules/ecommerce/controllers/orderController.php of Exp ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9182 (Exponent CMS 2.4 uses PHP reflection to call a method of a controller  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote attackers ...)
	NOT-FOR-US: Spark (sparkjava)
CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe components of Mi ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-9175
	REJECTED
CVE-2016-9174
	REJECTED
CVE-2016-9173
	REJECTED
CVE-2016-9172
	REJECTED
CVE-2016-9171
	REJECTED
CVE-2016-9170
	REJECTED
CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Documen ...)
	NOT-FOR-US: Novell
CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...)
	NOT-FOR-US: Novell
CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP  ...)
	NOT-FOR-US: Novell
CVE-2016-9166 (NetIQ eDirectory versions prior to 9.0.2, under some circumstances, co ...)
	NOT-FOR-US: Novell
CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management (form ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified Infra ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9163
	REJECTED
CVE-2016-9162
	REJECTED
CVE-2016-9161
	REJECTED
CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions &lt; SIMATIC Wi ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All  ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All  ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR,  ...)
	NOT-FOR-US: Siemens
CVE-2016-9154 (Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo  ...)
	NOT-FOR-US: Siemens Desigo PX
CVE-2016-9153
	RESERVED
CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...)
	{DLA-738-1}
	- spip 3.1.4-2 (bug #847156)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23290
CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x be ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks  ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9149 (The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20 ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9148 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (f ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows  ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851063)
	NOTE: https://kb.isc.org/article/AA-01440/0
CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings directly to  ...)
	NOT-FOR-US: git-fastclone
CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command execution f ...)
	NOT-FOR-US: git-fastclone
CVE-2015-8970 (crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not veri ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1386286
	NOTE: Fixed by: https://git.kernel.org/linus/dd504589577d8e8e70f51f997ad487a4cb6c026f (v4.5-rc1)
	NOTE: Followed by a complete set of related upstrema commits. See kernel-sec
	NOTE: triage for details.
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/6
CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority component of  ...)
	{DLA-719-1}
	- lynx 2.8.9dev11-1 (bug #843258)
	- lynx-cur <removed>
	[jessie] - lynx-cur <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/4
	NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream
	NOTE: the uplaod to unstable as 2.8.9dev10-1
CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: No incorrect backport of CVE-2016-9178 done in Debian
	NOTE: This is only an issue if 1c109fabbd51863475cd12ac206bdd249aee35af
	NOTE: (added in 4.8) is backported without also backporting
	NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such
	NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to
	NOTE: the 3.2 and 3.16 LTS series
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/2
CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
	{DLA-772-1}
	- linux 4.7.5-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/1c109fabbd51863475cd12ac206bdd249aee35af (4.8-rc7)
	NOTE: If this issue is fixed for older versions be careful to not open same issue as CVE-2016-9644
CVE-2016-9146
	RESERVED
CVE-2016-9145
	REJECTED
CVE-2016-9144
	REJECTED
CVE-2016-9143
	REJECTED
CVE-2016-9142
	REJECTED
CVE-2016-9141
	REJECTED
CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expansion ( ...)
	- libimage-info-perl 1.39-1 (bug #842891)
	[jessie] - libimage-info-perl <no-dsa> (Minor issue)
	[wheezy] - libimage-info-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556
	NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
	NOTE: Older versions of libimage-info-perl only can use XML::Simple.
	NOTE: Controlling XXE processing behavior in XML::Simple is not really
	NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794),
	NOTE: so as a workaround the underlying SAX parser is fixed to
	NOTE: XML::SAX::PurePerl which is uncapable of processing external entities
	NOTE: but unfortunately it is also a slow parser.
CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented as con ...)
	- libxml-twig-perl 1:3.50-1.1 (low; bug #842893)
	[stretch] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - libxml-twig-perl <no-dsa> (Minor issue, new flag would require changes to applications too, not worth the effort)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
	NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
	NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...)
	NOT-FOR-US: MuJS
CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/fra ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/exp ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9133
	RESERVED
CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an integer over ...)
	{DLA-786-1}
	- botan1.10 1.10.14-1
	[jessie] - botan1.10 <ignored> (Minor issue, not believed to be exploitable in practice)
	NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected.
	NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851065)
	NOTE: https://kb.isc.org/article/AA-01439/0
CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames ar ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by allowin ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of Exce ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bi ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. Th ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9140
	REJECTED
CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-787-1}
	- otrs2 5.0.14-1 (bug #843091)
	[jessie] - otrs2 3.3.18-1+deb8u1
	NOTE: https://community.otrs.com/security-advisory-2016-02-security-update-otrs
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/5
	NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
CVE-2016-9120 (Race condition in the ion_ioctl function in drivers/staging/android/io ...)
	- linux 4.6.1-1 (unimportant)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1)
CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...)
	{DSA-3715-1 DLA-717-1}
	- moin 1.9.9-1 (bug #844338)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of conve ...)
	{DSA-4013-1}
	- openjpeg2 2.1.2-1.2 (bug #844557)
	NOTE: https://github.com/uclouvain/openjpeg/issues/861
	NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41
CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...)
	- openjpeg2 <unfixed> (unimportant; bug #844556)
	NOTE: https://github.com/uclouvain/openjpeg/issues/860
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...)
	- openjpeg2 <unfixed> (unimportant; bug #844555)
	NOTE: https://github.com/uclouvain/openjpeg/issues/859
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in  ...)
	- openjpeg2 <unfixed> (unimportant; bug #844554)
	NOTE: https://github.com/uclouvain/openjpeg/issues/858
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of convert.c:194 ...)
	- openjpeg2 <unfixed> (unimportant; bug #844553)
	NOTE: https://github.com/uclouvain/openjpeg/issues/857
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of convertb ...)
	- openjpeg2 <unfixed> (unimportant; bug #844552)
	NOTE: https://github.com/uclouvain/openjpeg/issues/856
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cp ...)
	{DLA-1851-1}
	- openjpeg2 2.1.2-1.2 (bug #844551)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
	NOTE: https://github.com/uclouvain/openjpeg/issues/855
CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4. ...)
	NOT-FOR-US: Citrix
CVE-2016-9110
	RESERVED
CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7  ...)
	NOT-FOR-US: Symantec
CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1,  ...)
	NOT-FOR-US: Symantec
CVE-2016-9098
	REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, Proxy ...)
	NOT-FOR-US: Symantec
CVE-2016-9096
	REJECTED
CVE-2016-9095
	REJECTED
CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in quarant ...)
	NOT-FOR-US: Symantec
CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec Endpoint P ...)
	NOT-FOR-US: Symantec
CVE-2016-9092 (The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail ...)
	NOT-FOR-US: Symantec
CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content ...)
	NOT-FOR-US: Blue Coat Advanced Secure Gateway
CVE-2016-9090
	RESERVED
CVE-2016-9089
	RESERVED
CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...)
	- linux 4.0.2-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/c623b33b4e9599c6ac5076f7db7369eb9869aa04 (v4.0-rc1)
	NOTE: Missing security mitigation, not a vulnerability per se
CVE-2015-8966 (arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allow ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8)
CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service (c ...)
	NOT-FOR-US: MuJS
CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex Sof ...)
	NOT-FOR-US: MuJS
CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using XHT ...)
	- gajim-otr <itp> (bug #722130)
	NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
	NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2
CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Android Broadcom driver
CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Android Broadcom driver
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842455)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/14
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0)
CVE-2016-9088
	RESERVED
CVE-2016-9087 (SQL injection vulnerability in framework/modules/filedownloads/control ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw in th ...)
	- gitlab 8.13.3+dfsg1-2 (bug #843519)
	NOTE: https://hackerone.com/reports/178152
	NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, passwo ...)
	NOT-FOR-US: Joomla!
CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080
CVE-2016-9079 (A use-after-free vulnerability in SVG Animation has been discovered. A ...)
	{DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1}
	- firefox 50.0.2-1
	- firefox-esr 45.5.1esr-1
	- icedove 1:45.5.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
CVE-2016-9078 (Redirection from an HTTP connection to a "data:" URL assigns the refer ...)
	- firefox 50.0.2-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
CVE-2016-9077 (Canvas allows the use of the "feDisplacementMap" filter on images load ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9076 (An issue where a "&lt;select&gt;" dropdown menu can be used to cover l ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9075 (An issue where WebExtensions can use the mozAddonManager API to elevat ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9074 (An existing mitigation of timing side-channel attacks is insufficient  ...)
	{DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
	- nss 2:3.26.2-1
	[jessie] - nss 2:3.26-1+debu8u5
	NOTE: Fixed by (3_26_BRANCH): https://hg.mozilla.org/projects/nss/rev/d38536fcc726 (3.26.1)
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074
CVE-2016-9073 (WebExtensions can bypass security checks to load privileged URLs and p ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9072 (When a new Firefox profile is created on 64-bit Windows installations, ...)
	- firefox <not-affected> (Only affects Firefox on Windows 64bit)
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9071 (Content Security Policy combined with HTTP to HTTPS redirection can be ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9070 (A maliciously crafted page loaded to the sidebar through a bookmark ca ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9069 (A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operatio ...)
	- firefox 50.0-1
CVE-2016-9068 (A use-after-free during web animations when working with timelines res ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9067 (Two use-after-free errors during DOM operations resulting in potential ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9066 (A buffer overflow resulting in a potentially exploitable crash due to  ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-9065 (The location bar in Firefox for Android can be spoofed by forcing a us ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9064 (Add-on updates failed to verify that the add-on ID inside the signed p ...)
	{DSA-3716-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
CVE-2016-9063 (An integer overflow during the parsing of XML using the Expat library. ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
	- expat 2.2.0-2
	[jessie] - expat 2.1.0-6+deb8u4
	[wheezy] - expat <no-dsa> (Minor issue)
	NOTE: Expat upstream fix: https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
CVE-2016-9062 (Private browsing mode leaves metadata information, such as URLs, for s ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9061 (A previously installed malicious Android application which defines a s ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9060
	REJECTED
CVE-2016-9059
	REJECTED
CVE-2016-9058
	REJECTED
CVE-2016-9057
	REJECTED
CVE-2016-9056
	REJECTED
CVE-2016-9055
	REJECTED
CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9053 (An exploitable out-of-bounds indexing vulnerability exists within the  ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9051 (An exploitable out-of-bounds write vulnerability exists in the batch t ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the client m ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9049 (An exploitable denial-of-service vulnerability exists in the fabric-wo ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9048 (Multiple exploitable SQL Injection vulnerabilities exists in ProcessMa ...)
	NOT-FOR-US: ProcessMaker Enterprise Core
CVE-2016-9047
	REJECTED
CVE-2016-9046
	REJECTED
CVE-2016-9045 (A code execution vulnerability exists in ProcessMaker Enterprise Core  ...)
	NOT-FOR-US: ProcessMaker Enterprise Core
CVE-2016-9044 (An exploitable command execution vulnerability exists in Information B ...)
	NOT-FOR-US: Information Builders WebFOCUS Business Intelligence Porta
CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing function ...)
	NOT-FOR-US: CorelDRAW X8
CVE-2016-9042 (An exploitable denial of service vulnerability exists in the origin ti ...)
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <not-affected> (Doesn't use the affected upstream patch)
	[wheezy] - ntp <not-affected> (Doesn't use the affected upstream patch)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0260/
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3361
	NOTE: This vulnerability affects the upstream fix for CVE-2015-8138, but Debian
	NOTE: jessie and wheezy use a less invasive patch by Miroslav Lichvar
	NOTE: of Red Hat, as available here:
	NOTE: http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2015-8138.patch?h=f24
CVE-2016-9041
	REJECTED
CVE-2016-9040 (An exploitable denial of service exists in the the Joyent SmartOS OS 2 ...)
	NOT-FOR-US: Joyent
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS 20161110 ...)
	NOT-FOR-US: Joyent
CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys dr ...)
	NOT-FOR-US: Invincea-X
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the  ...)
	- tarantool 1.7.2.385.g952d79e-1
	[jessie] - tarantool <not-affected> (Vulnerable code not present)
	[wheezy] - tarantool <not-affected> (Not vulnerable)
	NOTE: https://github.com/tarantool/tarantool/issues/1992
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0255/
CVE-2016-9036 (An exploitable incorrect return value vulnerability exists in the mp_c ...)
	- msgpuck 1.0.3-1.1 (bug #849212)
	NOTE: https://github.com/rtsisyk/msgpuck/issues/12
	- tarantool 1.7.2.385.g952d79e-1
	[jessie] - tarantool <not-affected> (Vulnerable code not present)
	[wheezy] - tarantool <not-affected> (Not vulnerable)
	NOTE: https://github.com/tarantool/tarantool/issues/1991
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0254/
CVE-2016-9035 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9034 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9033 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9032 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS 20161110T ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have unspeci ...)
	- libwebp <unfixed> (unimportant; bug #842714)
	[wheezy] - libwebp <not-affected> (vulnerable code not present)
	NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
	NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)
	NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c
	NOTE: Origin of the file seems to be from libav
	NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patches
	NOTE: look different, needs further investigation before marking as fixed
CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 m ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.kernel.org/patch/9373631/
	NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9083 (drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows  ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.kernel.org/patch/9373631/
	NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9082 (Integer overflow in the write_png function in cairo 1.14.6 allows remo ...)
	{DLA-688-1}
	- cairo 1.14.6-1.1 (bug #842289)
	[jessie] - cairo 1.14.0-2.1+deb8u2
	NOTE: Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=98165
	NOTE: Proposed patch upstream: https://bugs.freedesktop.org/attachment.cgi?id=127421
CVE-2016-9030
	RESERVED
CVE-2016-9029
	RESERVED
CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10. ...)
	NOT-FOR-US: Citrix
CVE-2016-9027
	RESERVED
CVE-2016-9026
	RESERVED
CVE-2016-9025
	RESERVED
CVE-2016-9024
	RESERVED
CVE-2016-9023
	RESERVED
CVE-2016-9022
	RESERVED
CVE-2016-9021
	RESERVED
CVE-2016-9020 (SQL injection vulnerability in framework/modules/help/controllers/help ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9019 (SQL injection vulnerability in the activate_address function in framew ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9018 (Improper handling of a repeating VRAT chunk in qcpfformat.dll allows a ...)
	NOT-FOR-US: RealPlayer
CVE-2016-9017 (Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf ...)
	NOT-FOR-US: MuJS
CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...)
	- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ...)
	{DSA-3835-1 DLA-706-1}
	- python-django 1:1.10.3-1 (bug #842856)
	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
	NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ...)
	{DSA-3835-1}
	- python-django 1:1.10.3-1 (bug #842856)
	[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
	NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated ...)
	NOT-FOR-US: CloudVision Portal
CVE-2016-9010 (IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2016-9009 (IBM WebSphere MQ 8.0 could allow an authenticated user with authority  ...)
	NOT-FOR-US: IBM
CVE-2016-9008 (IBM UrbanCode Deploy could allow a malicious user to access the Agent  ...)
	NOT-FOR-US: IBM
CVE-2016-9007
	RESERVED
CVE-2016-9006 (IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an unauthent ...)
	NOT-FOR-US: IBM
CVE-2016-9004
	RESERVED
CVE-2016-9003
	RESERVED
CVE-2016-9002
	RESERVED
CVE-2016-9001
	RESERVED
CVE-2016-9000 (IBM InfoSphere DataStage is vulnerable to cross-frame scripting, cause ...)
	NOT-FOR-US: IBM
CVE-2016-8999 (IBM InfoSphere Information Server contains a Path-relative stylesheet  ...)
	NOT-FOR-US: IBM
CVE-2016-8998 (IBM Tivoli Storage Manager Server 7.1 could allow an authenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-8997
	RESERVED
CVE-2016-8996
	RESERVED
CVE-2016-8995
	RESERVED
CVE-2016-8994
	RESERVED
CVE-2016-8993
	RESERVED
CVE-2016-8992
	RESERVED
CVE-2016-8991
	RESERVED
CVE-2016-8990
	RESERVED
CVE-2016-8989
	RESERVED
CVE-2016-8988
	RESERVED
CVE-2016-8987 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to  ...)
	NOT-FOR-US: IBM
CVE-2016-8985
	RESERVED
CVE-2016-8984
	RESERVED
CVE-2016-8983
	RESERVED
CVE-2016-8982 (IBM InfoSphere Information Server stores sensitive information in URL  ...)
	NOT-FOR-US: IBM
CVE-2016-8981 (IBM BigFix Inventory v9 allows web pages to be stored locally which ca ...)
	NOT-FOR-US: IBM
CVE-2016-8980 (IBM BigFix Inventory v9 is vulnerable to a denial of service, caused b ...)
	NOT-FOR-US: IBM
CVE-2016-8979
	RESERVED
CVE-2016-8978
	RESERVED
CVE-2016-8977 (IBM BigFix Inventory v9 could disclose sensitive information to an una ...)
	NOT-FOR-US: IBM
CVE-2016-8976
	RESERVED
CVE-2016-8975 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2016-8974 (IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, ...)
	NOT-FOR-US: IBM
CVE-2016-8973 (IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-8972 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privil ...)
	NOT-FOR-US: IBM
CVE-2016-8971 (IBM WebSphere MQ 8.0 could allow an authenticated user with queue mana ...)
	NOT-FOR-US: IBM
CVE-2016-8970
	RESERVED
CVE-2016-8969
	RESERVED
CVE-2016-8968 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-8967 (IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear  ...)
	NOT-FOR-US: IBM
CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain sensit ...)
	NOT-FOR-US: IBM
CVE-2016-8965
	RESERVED
CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting ...)
	NOT-FOR-US: IBM
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in lo ...)
	NOT-FOR-US: IBM
CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have stron ...)
	NOT-FOR-US: IBM
CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct phish ...)
	NOT-FOR-US: IBM
CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with lower pr ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2016-8959
	RESERVED
CVE-2016-8958
	RESERVED
CVE-2016-8957
	RESERVED
CVE-2016-8956
	RESERVED
CVE-2016-8955
	RESERVED
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8949 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could all ...)
	NOT-FOR-US: IBM
CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8945
	RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a speciall ...)
	NOT-FOR-US: IBM
CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an authenticated us ...)
	NOT-FOR-US: IBM
CVE-2016-8941 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site req ...)
	NOT-FOR-US: IBM
CVE-2016-8940 (IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7 ...)
	NOT-FOR-US: IBM
CVE-2016-8939 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/ ...)
	NOT-FOR-US: IBM
CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a specia ...)
	NOT-FOR-US: IBM
CVE-2016-8937 (The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) defa ...)
	NOT-FOR-US: IBM
CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is vulnerabl ...)
	NOT-FOR-US: IBM
CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0  ...)
	NOT-FOR-US: IBM
CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse dire ...)
	NOT-FOR-US: IBM
CVE-2016-8932 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitr ...)
	NOT-FOR-US: IBM
CVE-2016-8931 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitr ...)
	NOT-FOR-US: IBM
CVE-2016-8930 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-8929 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-8928 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-8927 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is v ...)
	NOT-FOR-US: IBM
CVE-2016-8926 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 coul ...)
	NOT-FOR-US: IBM
CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 coul ...)
	NOT-FOR-US: IBM
CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulne ...)
	NOT-FOR-US: IBM
CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This vulnerabil ...)
	NOT-FOR-US: Exphox WebRadar
CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload arbit ...)
	NOT-FOR-US: IBM
CVE-2016-8920 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2016-8919 (IBM WebSphere Application Server may be vulnerable to a denial of serv ...)
	NOT-FOR-US: IBM
CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a r ...)
	NOT-FOR-US: IBM
CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site re ...)
	NOT-FOR-US: IBM
CVE-2016-8916 (IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password infor ...)
	NOT-FOR-US: IBM
CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to  ...)
	NOT-FOR-US: IBM
CVE-2016-8914
	RESERVED
CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-8912 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sens ...)
	NOT-FOR-US: IBM
CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands out ...)
	- firejail 0.9.44-1
	NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3
CVE-2016-9011 (The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attac ...)
	{DLA-694-1}
	- libwmf 0.2.8.4-10.6 (bug #842090)
	[jessie] - libwmf 0.2.8.4-10.3+deb8u2
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/9
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10
CVE-2016-8908 (SQL injection vulnerability in the "Site Browser &gt; HTML pages" scre ...)
	NOT-FOR-US: dotCMS
CVE-2016-8907 (SQL injection vulnerability in the "Content Types &gt; Content Types"  ...)
	NOT-FOR-US: dotCMS
CVE-2016-8906 (SQL injection vulnerability in the "Site Browser &gt; Links pages" scr ...)
	NOT-FOR-US: dotCMS
CVE-2016-8905 (SQL injection vulnerability in the JSONTags servlet in dotCMS before 3 ...)
	NOT-FOR-US: dotCMS
CVE-2016-8904 (SQL injection vulnerability in the "Site Browser &gt; Containers pages ...)
	NOT-FOR-US: dotCMS
CVE-2016-8903 (SQL injection vulnerability in the "Site Browser &gt; Templates pages" ...)
	NOT-FOR-US: dotCMS
CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability in /ht ...)
	- b2evolution <removed>
CVE-2016-8900 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8898 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8896
	RESERVED
CVE-2016-8895
	RESERVED
CVE-2016-8894
	RESERVED
CVE-2016-8893
	RESERVED
CVE-2016-8892
	RESERVED
CVE-2016-8891
	RESERVED
CVE-2016-8890
	RESERVED
CVE-2016-8889 (In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fi ...)
	NOT-FOR-US: Bitcoin Knots
CVE-2016-8888
	RESERVED
CVE-2016-8879 (The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in  ...)
	NOT-FOR-US: Foxit
CVE-2016-8878 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-8877 (Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Read ...)
	NOT-FOR-US: Foxit
CVE-2016-8876 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-8875 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on W ...)
	NOT-FOR-US: Foxit
CVE-2016-8874
	RESERVED
CVE-2016-8873
	RESERVED
CVE-2016-8872
	RESERVED
CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding  ...)
	- botan1.10 <not-affected> (Only affects 1.11.29 through 1.11.32)
CVE-2016-8870 (The register method in the UsersModelRegistration class in controllers ...)
	NOT-FOR-US: Joomla!
CVE-2016-8869 (The register method in the UsersModelRegistration class in controllers ...)
	NOT-FOR-US: Joomla!
CVE-2016-8868
	RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured c ...)
	- docker.io <not-affected> (Not built from/with a runc with "ambient capabilities")
	- runc <not-affected> ("ambient capabilities" introduced later, cf bug #853240)
	NOTE: https://github.com/docker/docker/issues/27590
	NOTE: docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3)
	NOTE: runc: https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f
	NOTE: docker.io not directly affected but will need to be updated to include new runc version
	NOTE: runc: "ambient capabilities" functionality added upstream with https://github.com/opencontainers/runc/pull/1086
	NOTE: and later changes.
	NOTE: The actual fix seem to be to revert the commit which introduced ambient capabilities
	NOTE: in runc.
CVE-2016-8865
	RESERVED
CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9. ...)
	{DSA-3703-1 DLA-696-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #842858)
	NOTE: https://kb.isc.org/article/AA-01434
	NOTE: upstream fix https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=8bd0c12d53bea6f299e92d20ee0a23b16a7f65bc
CVE-2016-8863 (Heap-based buffer overflow in the create_url_list function in gena/gen ...)
	{DSA-3736-1 DLA-748-1 DLA-747-1}
	- libupnp 1:1.6.19+git20160116-1.2 (bug #842093)
	- libupnp4 <removed>
	NOTE: https://sourceforge.net/p/pupnp/bugs/133/
	NOTE: Patch: https://sourceforge.net/p/pupnp/bugs/_discuss/thread/f2781a77/d8a2/attachment/0001-Fix-out-of-bound-access-in-create_url_list-CVE-2016-.patch
CVE-2016-8861
	RESERVED
CVE-2016-8857
	RESERVED
CVE-2016-8856 (Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux ...)
	NOT-FOR-US: Foxit
CVE-2016-8855 (Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Mana ...)
	NOT-FOR-US: Sitecore Experience Platform
CVE-2016-8854
	REJECTED
CVE-2016-8853
	REJECTED
CVE-2016-8852
	REJECTED
CVE-2016-8851
	REJECTED
CVE-2016-8850
	REJECTED
CVE-2016-8849
	REJECTED
CVE-2016-8848
	REJECTED
CVE-2016-8847
	REJECTED
CVE-2016-8846
	REJECTED
CVE-2016-8845
	REJECTED
CVE-2016-8844
	REJECTED
CVE-2016-8843
	REJECTED
CVE-2016-8842
	REJECTED
CVE-2016-8841
	REJECTED
CVE-2016-8840
	REJECTED
CVE-2016-8839
	REJECTED
CVE-2016-8838
	REJECTED
CVE-2016-8837
	REJECTED
CVE-2016-8836
	REJECTED
CVE-2016-8835
	REJECTED
CVE-2016-8834
	REJECTED
CVE-2016-8833
	REJECTED
CVE-2016-8832
	REJECTED
CVE-2016-8831
	REJECTED
CVE-2016-8830
	REJECTED
CVE-2016-8829
	REJECTED
CVE-2016-8828
	REJECTED
CVE-2016-8827 (NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerabi ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2016-8826 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...)
	- nvidia-graphics-drivers 375.26-1 (bug #848195)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.101-1 (bug #848196)
	- nvidia-graphics-drivers-legacy-304xx 304.134-1 (bug #848197)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4278
CVE-2016-8825 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8824 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8823 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8822 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8821 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8820 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8819 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8818 (All versions of NVIDIA Windows GPU Display contain a vulnerability in  ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8817 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8816 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8815 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8814 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8813 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8812 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Exper ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8811 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8810 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8809 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8808 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8807 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8806 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8805 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8804
	RESERVED
CVE-2016-8803 (The maintenance module in Huawei FusionStorage V100R003C30U1 allows at ...)
	NOT-FOR-US: Huawei
CVE-2016-8802 (The security policy processing module in Huawei Secospace USG6300 with ...)
	NOT-FOR-US: Huawei
CVE-2016-8801 (Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allo ...)
	NOT-FOR-US: Huawei
CVE-2016-8800
	REJECTED
CVE-2016-8799
	REJECTED
CVE-2016-8798 (Huawei USG5500 with software V300R001C00 and V300R001C00 allows attack ...)
	NOT-FOR-US: Huawei
CVE-2016-8797 (Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12 ...)
	NOT-FOR-US: Huawei
CVE-2016-8796 (Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C ...)
	NOT-FOR-US: Huawei
CVE-2016-8795 (Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R ...)
	NOT-FOR-US: Huawei
CVE-2016-8794 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8793 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8792 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8791 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8790 (Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudE ...)
	NOT-FOR-US: Huawei
CVE-2016-8789 (Huawei eSpace Integrated Access Device (IAD) with software V300R001C03 ...)
	NOT-FOR-US: Huawei
CVE-2016-8788
	REJECTED
CVE-2016-8787
	REJECTED
CVE-2016-8786 (Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S570 ...)
	NOT-FOR-US: Huawei
CVE-2016-8785 (Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R ...)
	NOT-FOR-US: Huawei
CVE-2016-8784 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2016-8783 (Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L0 ...)
	NOT-FOR-US: Huawei
CVE-2016-8782 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2016-8781 (Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC2 ...)
	NOT-FOR-US: Huawei
CVE-2016-8780 (Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, Clo ...)
	NOT-FOR-US: Huawei
CVE-2016-8779 (Huawei FusionAccess with software V100R005C10 and V100R005C20 could al ...)
	NOT-FOR-US: Huawei
CVE-2016-8778
	REJECTED
CVE-2016-8777
	REJECTED
CVE-2016-8776 (Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA ...)
	NOT-FOR-US: Huawei
CVE-2016-8775 (Touch Panel (TP) driver in Huawei NEM phones with software Versions be ...)
	NOT-FOR-US: Huawei
CVE-2016-8774 (The HIFI driver in Huawei Mate 8 phones with software versions before  ...)
	NOT-FOR-US: Huawei
CVE-2016-8773 (Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200 ...)
	NOT-FOR-US: Huawei
CVE-2016-8772
	REJECTED
CVE-2016-8771
	REJECTED
CVE-2016-8770
	REJECTED
CVE-2016-8769 (Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted ...)
	NOT-FOR-US: Huawei
CVE-2016-8768 (Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions ea ...)
	NOT-FOR-US: Huawei
CVE-2016-8767
	REJECTED
CVE-2016-8766
	REJECTED
CVE-2016-8765
	REJECTED
CVE-2016-8764 (The TrustZone driver in Huawei P9 phones with software Versions earlie ...)
	NOT-FOR-US: Huawei
CVE-2016-8763 (The TrustZone driver in Huawei P9 phones with software Versions earlie ...)
	NOT-FOR-US: Huawei
CVE-2016-8762 (The TrustZone driver in Huawei P9 phones with software Versions earlie ...)
	NOT-FOR-US: Huawei
CVE-2016-8761 (Video driver in Huawei P9 phones with software versions before EVA-AL1 ...)
	NOT-FOR-US: Huawei
CVE-2016-8760 (Touchscreen driver in Huawei P9 phones with software versions before E ...)
	NOT-FOR-US: Huawei
CVE-2016-8759 (Video driver in Huawei P9 phones with software versions before EVA-AL1 ...)
	NOT-FOR-US: Huawei
CVE-2016-8758 (ION memory management module in Huawei Mate8 phones with software NXT- ...)
	NOT-FOR-US: Huawei
CVE-2016-8757 (ION memory management module in Huawei P9 phones with software EVA-AL1 ...)
	NOT-FOR-US: Huawei
CVE-2016-8756 (ION memory management module in Huawei Mate 8 phones with software NXT ...)
	NOT-FOR-US: Huawei
CVE-2016-8755
	REJECTED
CVE-2016-8754 (Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerabi ...)
	NOT-FOR-US: Huawei
CVE-2016-8753
	REJECTED
CVE-2016-8752 (Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7. ...)
	NOT-FOR-US: Apache Atlas
CVE-2016-8751 (Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Script ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-8750 (Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate u ...)
	- apache-karaf <itp> (bug #881297)
CVE-2016-8749 (Apache Camel's Jackson and JacksonXML unmarshalling operation are vuln ...)
	NOT-FOR-US: Apache Camel
CVE-2016-8748 (In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-s ...)
	NOT-FOR-US: Apache NiFi
CVE-2016-8747 (An information disclosure issue was discovered in Apache Tomcat 8.5.7  ...)
	- tomcat8 8.5.9-1
	[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
	NOTE: http://svn.apache.org/r1774166
CVE-2016-8746 (Apache Ranger before 0.6.3 policy engine incorrectly matches paths in  ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-8745 (A bug in the error handling of the send file code for the NIO HTTP con ...)
	{DSA-3755-1 DSA-3754-1 DLA-779-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.9-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60409
	NOTE: Fixed by: http://svn.apache.org/r1777469 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1777471 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1777472 (6.0.x)
CVE-2016-8744 (Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. Sn ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was li ...)
	{DSA-3796-1 DLA-841-2 DLA-841-1}
	- apache2 2.4.25-1
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
	NOTE: The fix is not fully backwards compatible so upstream have
	NOTE: created a new option to control this behaviour. This means that
	NOTE: if this is fixed the security advisory need to mention this.
	NOTE: The fix is invasive and should require some extra testing before reaching
	NOTE: stable and old-stable.
	NOTE: Affects: 2.2.0 to 2.4.23.
	NOTE: Fixed in 2.4.25.
	NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was vulner ...)
	NOT-FOR-US: Windows installer for Apache CouchDB
CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so  ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23,  ...)
	- apache2 2.4.25-1 (bug #847124)
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
CVE-2016-8739 (The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1 ...)
	NOT-FOR-US: Apache CXF
CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows entering  ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
	NOTE: https://struts.apache.org/docs/s2-044.html
CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cro ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2016-8736 (Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Executio ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 6.0.48, 7. ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.39-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: Fixed by: http://svn.apache.org/r1767656 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767676 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767684 (6.0.x)
CVE-2016-8734 (Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 throu ...)
	- subversion 1.9.5-1 (low)
	[jessie] - subversion 1.8.10-6+deb8u5
	[wheezy] - subversion <no-dsa> (Minor issue, binary packages not affected since built against Neon as HTTP library)
	NOTE: Above wheezy entry workarounded; binary packages not affected (since in wheezy build against Neon as HTTP
	NOTE: library), though source is. (unimporant) for individual lines is not supported, thus workaround by marking
	NOTE: as no-dsa.
	NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS 20161110T ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-8732 (Multiple security flaws exists in InvProtectDrv.sys which is a part of ...)
	NOT-FOR-US: Invincea Dell Protected Workspace
CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...)
	NOT-FOR-US: Foscam C1
CVE-2016-8730 (An of bound write / memory corruption vulnerability exists in the GIF  ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG2 par ...)
	{DSA-3817-1 DLA-874-1}
	- jbig2dec 0.13-4 (bug #863886)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
	NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the Fi ...)
	- mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
CVE-2016-8727 (An exploitable information disclosure vulnerability exists in the Web  ...)
	NOT-FOR-US: Moxa
CVE-2016-8726 (An exploitable null pointer dereference vulnerability exists in the We ...)
	NOT-FOR-US: Moxa
CVE-2016-8725 (An exploitable information disclosure vulnerability exists in the Web  ...)
	NOT-FOR-US: Moxa
CVE-2016-8724 (An exploitable information disclosure vulnerability exists in the serv ...)
	NOT-FOR-US: Moxa
CVE-2016-8723 (An exploitable null pointer dereference exists in the Web Application  ...)
	NOT-FOR-US: Moxa
CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in the Web  ...)
	NOT-FOR-US: Moxa
CVE-2016-8721 (An exploitable OS Command Injection vulnerability exists in the web ap ...)
	NOT-FOR-US: Moxa
CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in the Web A ...)
	NOT-FOR-US: Moxa
CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exists in  ...)
	NOT-FOR-US: Moxa
CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists in the  ...)
	NOT-FOR-US: Moxa
CVE-2016-8717 (An exploitable Use of Hard-coded Credentials vulnerability exists in t ...)
	NOT-FOR-US: Moxa
CVE-2016-8716 (An exploitable Cleartext Transmission of Password vulnerability exists ...)
	NOT-FOR-US: Moxa
CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8714 (An exploitable buffer overflow vulnerability exists in the LoadEncodin ...)
	{DSA-3813-1 DLA-861-1}
	- r-base 3.3.3-1 (bug #857466)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0227/
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists i ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8712 (An exploitable nonce reuse vulnerability exists in the Web Application ...)
	NOT-FOR-US: Moxa
CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF pars ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the de ...)
	- ffmpeg <not-affected> (Vulnerable code wasn't part of ffmpeg according to upstream)
	NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
	NOTE: http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/
CVE-2016-8709 (A remote out of bound write / memory corruption vulnerability exists i ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8708
	REJECTED
CVE-2016-8707 (An exploitable out of bounds write exists in the handling of compresse ...)
	{DSA-3799-1 DLA-756-1}
	- imagemagick 8:6.9.7.0+dfsg-2 (bug #848139)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0 (7.0.3-9)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93 (6.9.6-7)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5dc6d628a1c6049dc95adcea5e49aaa7ef2c778 (6.9.6-7)
CVE-2016-8706 (An integer overflow in process_bin_sasl_auth function in Memcached, wh ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842814)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0221/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8705 (Multiple integer overflows in process_bin_update function in Memcached ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842812)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0220/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8704 (An integer overflow in the process_bin_append_prepend function in Memc ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842811)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0219/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-1000036
	RESERVED
CVE-2016-1000035
	RESERVED
CVE-2016-1000034
	RESERVED
CVE-2016-1000032 (TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a mis ...)
	NOT-FOR-US: TGCaptcha2
CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Q ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #841955)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #841950)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
CVE-2016-XXXX [Privilege escalation possible to other user than root]
	- bash <unfixed> (unimportant; bug #841856)
	NOTE: This is strongly related to the problem described in CVE-2016-7543 and the correction
	NOTE: is very similar.
	NOTE: https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
CVE-2016-10249 (Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in Ja ...)
	{DSA-3827-1 DLA-739-1}
	- jasper <removed>
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/23/7
CVE-2016-10250 (The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 a ...)
	- jasper <not-affected> (Incomplete fix for CVE-206-8887 not applied)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
CVE-2016-8887 (The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer bef ...)
	{DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d (version-1.900.10)
	NOTE: When fixing this issue look at the followup report
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
	NOTE: and include the fix to not make jasper vulnerable to the incomplete fix.
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8886 (The jas_malloc function in libjasper/base/jas_malloc.c in JasPer befor ...)
	- jasper <removed> (low)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
	NOTE: The memory exhaustion has no real impact unless when jasper is compiled with ASAN.
	NOTE: Without ASAN the failure is handled gracefully. In addition the fix is marked as experimental
	NOTE: and not suitable for a backport.
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
	- sendmail 8.15.2-7 (bug #841257)
	[jessie] - sendmail 8.14.4-8+deb8u2
	[wheezy] - sendmail <no-dsa> (Minor issue)
	NOTE: no unprivileged user should be in smmsp group and there is no known vulnerability to gain smmsp group membership
CVE-2016-8885 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1 ...)
	- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
CVE-2016-8884 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5  ...)
	- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
CVE-2016-8883 (The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8  ...)
	{DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/32
	NOTE: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8882 (The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer bef ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/30
	NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8881
	REJECTED
CVE-2016-8880
	REJECTED
CVE-2016-8866 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
	{DLA-756-1}
	- imagemagick <not-affected>
	NOTE: For incomplete fix of CVE-2016-8862
	NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
	NOTE: This is not a real problem in imagemagick but caused by the "observer" (the address sanitizer), cf.
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 .
CVE-2016-8859 (Multiple integer overflows in the TRE library and musl libc allow atta ...)
	{DLA-687-1}
	- tre 0.8.0-5 (bug #842169)
	[jessie] - tre 0.8.0-4+deb8u1
	- musl 1.1.15-2 (bug #842171)
	[jessie] - musl 1.1.5-2+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
	NOTE: other issues may still be present in tre after this: https://github.com/laurikari/tre/issues/37
	NOTE: musl patch: http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7, not released yet
CVE-2016-8858 (** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x  ...)
	- openssh 1:7.3p1-2 (bug #841884)
	[jessie] - openssh <ignored> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
	NOTE: Only thing the attacker could do here is self-dos own connection
CVE-2016-8862 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
	NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
	NOTE: The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing
	NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
	NOTE: The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal funct ...)
	{DSA-3694-1 DLA-663-1}
	- tor 0.2.8.9-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/20384
	NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...)
	{DSA-3732-1}
	- php7.0 7.0.12-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ext/cur ...)
	{DSA-3698-1}
	- php7.0 7.0.12-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
	NOTE: Fixed in 7.0.12, 5.6.27
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8672 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...)
	NOT-FOR-US: Generic protocol issue
CVE-2005-4899
	RESERVED
CVE-2005-4898
	RESERVED
CVE-2005-4897
	RESERVED
CVE-2005-4896
	RESERVED
CVE-2016-6911 (The dynamicGetbuf function in the GD Graphics Library (aka libgd) befo ...)
	{DSA-3693-1 DLA-665-1}
	- libgd2 2.2.3-87-gd0fec80-2 (bug #840806)
	NOTE: Corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
	NOTE: https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae
CVE-2016-8703 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8702 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8701 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8700 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8699 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8698 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8697 (The bm_new function in bitmap.h in potrace before 1.13 allows remote a ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
CVE-2016-8696 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 all ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8695 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 all ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8694 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 all ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 (Double free vulnerability in the mem_close function in jas_stream.c in ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (bug #841110)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
	NOTE: https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
CVE-2016-8692 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer  ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant; bug #841111)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8691 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer  ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant; bug #841111)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1 ...)
	{DLA-1583-1}
	- jasper <removed> (low; bug #841112)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
	NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and
	NOTE: CVE-2016-8885.
CVE-2016-8689 (The read_Header function in archive_read_support_format_7zip.c in liba ...)
	{DLA-1600-1 DLA-661-1}
	- libarchive 3.2.1-5 (bug #840934)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
	NOTE: https://github.com/libarchive/libarchive/issues/761
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
CVE-2016-8688 (The mtree bidder in libarchive 3.2.1 does not keep track of line sizes ...)
	{DLA-1600-1 DLA-661-1}
	- libarchive 3.2.1-5 (bug #840935)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca
CVE-2016-8687 (Stack-based buffer overflow in the safe_fprintf function in tar/util.c ...)
	{DLA-1600-1 DLA-661-1}
	- libarchive 3.2.1-5 (bug #840936)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
	NOTE: https://github.com/libarchive/libarchive/issues/767
CVE-2016-8678 (The IsPixelMonochrome function in MagickCore/pixel-accessor.h in Image ...)
	- imagemagick <unfixed> (unimportant; bug #845204)
	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/
	NOTE: unimportant: Only an issue with a QuantumDepth=64 build, thus not affecting the binary packages
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/272
CVE-2016-8677 (The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagi ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-1 (bug #845206)
	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
CVE-2016-8676 (The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attack ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
CVE-2016-8675 (The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...)
	- libav <removed>
	[jessie] - libav 6:11.9-1~deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
	NOTE: Fixed by: https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
	NOTE: Cf. CVE-2016-8676 as well which remain unfixed after e5b019725f53b79159931d3a7317107cbbfd0860
CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows re ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-2 (bug #840957)
	[wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019
CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...)
	{DSA-3693-1 DLA-665-1}
	- libgd2 2.2.3-87-gd0fec80-1 (bug #840805)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73280
	NOTE: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/15/1
CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
	- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not applied)
	NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in QEMU (aka ...)
	{DLA-1497-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840945)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Q ...)
	- qemu 1:2.8+dfsg-1 (bug #840948)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulat ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-4 (bug #840950)
	[wheezy] - qemu <no-dsa> (minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Code only affects mips platform)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
CVE-2016-8665
	REJECTED
CVE-2016-8664
	REJECTED
CVE-2016-8663
	REJECTED
CVE-2016-8662
	REJECTED
CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow  ...)
	NOT-FOR-US: Little Snitch
CVE-2016-8657 (It was discovered that EAP packages in certain versions of Red Hat Ent ...)
	NOT-FOR-US: Red Hat JBoss; jbossas Red Hat configuration file permissions and init script
CVE-2016-8656 (Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to ...)
	NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through 4 ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: http://seclists.org/oss-sec/2016/q4/607
	NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2016-8654 (A heap-buffer overflow vulnerability was found in QMFB code in JPC cod ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed>
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/93
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/94
	NOTE: https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a
CVE-2016-8653 (It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Ha ...)
	NOT-FOR-US: JMX endpoint of Red Hat JBoss Fuse 6 and Red Hat A-MQ 6
CVE-2016-8652 (The auth component in Dovecot before 2.2.27, when auth-policy is confi ...)
	- dovecot 1:2.2.27-1 (bug #846605)
	[jessie] - dovecot <not-affected> (Only affects 2.2.25 up and including 2.2.26.1)
	[wheezy] - dovecot <not-affected> (Only affects 2.2.25 up and including 2.2.26.1)
CVE-2016-8651 (An input validation flaw was found in the way OpenShift 3 handles requ ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: http://seclists.org/fulldisclosure/2016/Nov/76
	NOTE: Proposed fix: https://lkml.org/lkml/2016/11/23/477
	NOTE: Fixed by: https://git.kernel.org/linus/f5527fffff3f002b0a6b376163613b82f69de073
	NOTE: Introduced by https://git.kernel.org/linus/cdec9cb5167ab1113ba9c58e395f664d9d3f9acb (v3.3-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343162 (not yet opened)
CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker ...)
	- lxc 1:2.0.6-1 (bug #845465)
	[jessie] - lxc 1:1.0.6-6+deb8u5
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c
	NOTE: Details: https://launchpad.net/bugs/1639345
	NOTE: To be complete this needs as well changes to src:linux
CVE-2016-8648 (It was found that the Karaf container used by Red Hat JBoss Fuse 6.x,  ...)
	NOT-FOR-US: Karaf container uses by Red Hat products
CVE-2016-8647 (An input validation vulnerability was found in Ansible's mysql_user mo ...)
	- ansible 2.2.0.0-4 (bug #844691)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5388
CVE-2016-8646 (The hash_accept function in crypto/algif_hash.c in the Linux kernel be ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: https://lkml.org/lkml/2016/10/12/198
	NOTE: Fixed by: https://git.kernel.org/linus/4afa5f9617927453ac04b24b584f6c718dfb4f45 (v4.4-rc2)
CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncat ...)
	{DLA-772-1}
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
CVE-2016-8644 (In Moodle 2.x and 3.x, the capability to view course notes is checked  ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343277
CVE-2016-8643 (In Moodle 2.x and 3.x, non-admin site managers may accidentally edit a ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343276
CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to files that ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root privileges vi ...)
	- nagios3 <not-affected> (Vulnerable code not present)
	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8641 (A privilege escalation vulnerability was found in nagios 4.2.x that oc ...)
	- nagios3 <not-affected> (Vulnerable code not present)
	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8640 (A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10 ...)
	- pycsw 2.0.2+dfsg-1
	NOTE: https://github.com/geopython/pycsw/pull/474/files
	NOTE: https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
CVE-2016-8639 (It was found that foreman before 1.13.0 is vulnerable to a stored XSS  ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/15037
	NOTE: https://github.com/theforeman/foreman/pull/3523
CVE-2016-8638 (A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 bef ...)
	- ipsilon <itp> (bug #826838)
	NOTE: https://ipsilon-project.org/advisory/CVE-2016-8638.txt
	NOTE: https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
CVE-2016-8637 (A local information disclosure issue was found in dracut before 045 wh ...)
	- dracut 044+189-1 (low; bug #843697)
	[jessie] - dracut <no-dsa> (Minor issue)
	[wheezy] - dracut <not-affected> (Introduced in 030 upstream)
	NOTE: Fixed by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
	NOTE: Introduced by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90 (030)
CVE-2016-8636 (Integer overflow in the mem_check_range function in drivers/infiniband ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fix https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66
CVE-2016-8635 (It was found that Diffie Hellman Client key exchange handling in NSS 3 ...)
	- nss 2:3.25-1
	NOTE: Patch as applied in CentOS (but contains other changes):
	NOTE: https://git.centos.org/blob/rpms!nss!/aada6b10b73091276397404059605d13e7548462/SOURCES!moz-1314604.patch
	NOTE: Further info: https://bugzilla.redhat.com/show_bug.cgi?id=1391818
	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1314604
CVE-2016-8634 (A vulnerability was found in foreman 1.14.0. When creating an organiza ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/17195
CVE-2016-8633 (drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain un ...)
	{DLA-772-1}
	- linux 4.8.7-1
	[jessie] - linux 3.16.39-1
	NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac
	NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
CVE-2016-8632 (The tipc_msg_build function in net/tipc/msg.c in the Linux kernel thro ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
	NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3de81b758853f0b29c61e246679d20b513c4cfec (v4.9-rc8)
CVE-2016-8631 (The OpenShift Enterprise 3 router does not properly sort routes when p ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux ke ...)
	- linux 4.8.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check permissi ...)
	NOT-FOR-US: Keycloak
CVE-2016-8628 (Ansible before version 2.2.0 fails to properly sanitize fact variables ...)
	- ansible 2.2.0.0-1 (bug #842985)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: Fixed upstream in v2.2.0.0-1
	NOTE: Needs an attacker to compromise a controlled server.
CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-8626 (A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object  ...)
	- ceph 10.2.5-1 (bug #844200)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/17635
CVE-2016-8625 (curl before version 7.51.0 uses outdated IDNA 2003 standard to handle  ...)
	- curl 7.51.0-1
	[jessie] - curl <no-dsa> (the fix is too invasive)
	[wheezy] - curl <no-dsa> (the fix is too invasive)
	NOTE: https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
	NOTE: https://curl.haxx.se/docs/adv_20161102K.html
	NOTE: https://curl.haxx.se/CVE-2016-8625.patch
CVE-2016-8624 (curl before version 7.51.0 doesn't parse the authority component of th ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/3bb273db7e40ebc284cff45f3ce3f0475c8339c2
	NOTE: https://curl.haxx.se/docs/adv_20161102J.html
	NOTE: https://curl.haxx.se/CVE-2016-8624.patch
CVE-2016-8623 (A flaw was found in curl before version 7.51.0. The way curl handles c ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5
	NOTE: https://curl.haxx.se/docs/adv_20161102I.html
	NOTE: https://curl.haxx.se/CVE-2016-8623.patch
CVE-2016-8622 (The URL percent-encoding decode function in libcurl before 7.51.0 is c ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/53e71e47d6b81650d26ec33a58d0dca24c7ffb2c
	NOTE: https://curl.haxx.se/docs/adv_20161102H.html
	NOTE: https://curl.haxx.se/CVE-2016-8622.patch
CVE-2016-8621 (The `curl_getdate` function in curl before version 7.51.0 is vulnerabl ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/96a80b5a262fb6dd2ddcea7987296f3b9a405618
	NOTE: https://curl.haxx.se/docs/adv_20161102G.html
	NOTE: https://curl.haxx.se/CVE-2016-8621.patch
CVE-2016-8620 (The 'globbing' feature in curl before version 7.51.0 has a flaw that l ...)
	{DSA-3705-1}
	- curl 7.51.0-1
	[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.34.0)
	NOTE: https://github.com/curl/curl/commit/fbb5f1aa0326d485d5a7ac643b48481897ca667f
	NOTE: https://curl.haxx.se/docs/adv_20161102F.html
	NOTE: https://curl.haxx.se/CVE-2016-8620.patch
CVE-2016-8619 (The function `read_data()` in security.c in curl before version 7.51.0 ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd
	NOTE: https://curl.haxx.se/docs/adv_20161102E.html
	NOTE: https://curl.haxx.se/CVE-2016-8619.patch
CVE-2016-8618 (The libcurl API function called `curl_maprintf()` before version 7.51. ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/8732ec40db652c53fa58cd13e2acb8eab6e40874
	NOTE: https://curl.haxx.se/docs/adv_20161102D.html
	NOTE: https://curl.haxx.se/CVE-2016-8618.patch
CVE-2016-8617 (The base64 encode function in curl before version 7.51.0 is prone to a ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/efd24d57426bd77c9b5860e6b297904703750412
	NOTE: https://curl.haxx.se/docs/adv_20161102C.html
	NOTE: https://curl.haxx.se/CVE-2016-8617.patch
CVE-2016-8616 (A flaw was found in curl before version 7.51.0 When re-using a connect ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/b3ee26c5df75d97f6895e6ec4538894ebaf76e48
	NOTE: https://curl.haxx.se/docs/adv_20161102B.html
	NOTE: https://curl.haxx.se/CVE-2016-8616.patch
CVE-2016-8615 (A flaw was found in curl before version 7.51. If cookie state is writt ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/cff89bc088b7884098ea0c5378bbda3d49c437bc
	NOTE: https://curl.haxx.se/docs/adv_20161102A.html
	NOTE: https://curl.haxx.se/CVE-2016-8615.patch
CVE-2016-8614 (A flaw was found in Ansible before version 2.2.0. The apt_key module d ...)
	- ansible 2.2.0.0-1 (bug #842984)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed upstream in v2.2.0.0-1
	NOTE: https://github.com/ansible/ansible-modules-core/issues/5237
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5353
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5357
CVE-2016-8613 (A flaw was found in foreman 1.5.1. The remote execution plugin runs co ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/17066/
	NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208
CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerab ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-8611 (A vulnerability was found in Openstack Glance. No limits are enforced  ...)
	- glance <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 thro ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.0.2j-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls
	NOTE: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
CVE-2016-8609 (It was found that the keycloak before 2.3.0 did not implement authenti ...)
	NOT-FOR-US: Keycloak
CVE-2016-8608 (JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via busine ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-8607
	RESERVED
CVE-2016-8604
	RESERVED
CVE-2016-8603
	RESERVED
CVE-2016-8600 (In dotCMS 3.2.1, attacker can load captcha once, fill it with correct  ...)
	NOT-FOR-US: dotCMS
CVE-2016-8599
	RESERVED
CVE-2016-8598 (Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp  ...)
	- libcsp <removed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8597 (Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp libr ...)
	- libcsp <removed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8596 (Buffer overflow in the csp_can_process_frame in csp_if_can.c in the li ...)
	- libcsp <removed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8595 (The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1 ...)
	- ffmpeg 7:3.1.5-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/2
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/987690799dd86433bf98b897aaa4c8d93ade646d
CVE-2016-8594
	RESERVED
CVE-2016-8666 (The IP stack in the Linux kernel before 4.6 allows remote attackers to ...)
	- linux 4.6.1-1
	[jessie] - linux 3.6.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971
	NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...)
	- linux <unfixed> (low)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-4.9 <removed> (low)
CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might all ...)
	- bubblewrap 0.1.2-2 (bug #840605)
	NOTE: https://github.com/projectatomic/bubblewrap/issues/107
CVE-2016-8658 (Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in ...)
	- linux 4.7.5-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
CVE-2016-8606 (The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to e ...)
	{DLA-666-1}
	- guile-2.0 2.0.13+1-1 (low; bug #840555)
	[jessie] - guile-2.0 2.0.11+1-9+deb8u1
	- guile-1.8 <not-affected> (repl server introduced in 2.0)
	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03
CVE-2016-8605 (The mkdir procedure of GNU Guile temporarily changed the process' umas ...)
	{DLA-666-1}
	- guile-2.0 2.0.13+1-1 (low; bug #840556)
	[jessie] - guile-2.0 2.0.11+1-9+deb8u1
	- guile-1.8 <removed> (low; bug #841494)
	[jessie] - guile-1.8 <no-dsa> (Minor issue)
	[wheezy] - guile-1.8 <no-dsa> (Minor issue)
	NOTE: http://bugs.gnu.org/24659
	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614
CVE-2016-8593 (Directory traversal vulnerability in upload.cgi in Trend Micro Threat  ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8592 (log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.106 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8591 (log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8590 (log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8589 (log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8588 (The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.10 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8587 (dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.10 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8586 (detected_potential_files.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8585 (admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8584 (Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses pre ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of AlienVa ...)
	NOT-FOR-US: AlienVault
CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...)
	NOT-FOR-US: AlienVault
CVE-2016-8581 (A persistent XSS vulnerability exists in the User-Agent header of the  ...)
	NOT-FOR-US: AlienVault
CVE-2016-8580 (PHP object injection vulnerabilities exist in multiple widget files in ...)
	NOT-FOR-US: AlienVault
CVE-2016-8579 (docker2aci &lt;= 0.12.3 has an infinite loop when handling local image ...)
	- golang-github-appc-docker2aci 0.12.3+dfsg-2 (bug #840711)
	NOTE: https://github.com/appc/docker2aci/issues/203
	NOTE: https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f
CVE-2016-8575 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in prin ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-8574 (The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in pri ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-8573
	RESERVED
CVE-2016-8572
	RESERVED
CVE-2016-8571
	RESERVED
CVE-2016-8570
	RESERVED
CVE-2016-8567 (An issue was discovered in Siemens SICAM PAS before 8.00. A factory ac ...)
	NOT-FOR-US: Siemens
CVE-2016-8566 (An issue was discovered in Siemens SICAM PAS before 8.00. Because of S ...)
	NOT-FOR-US: Siemens
CVE-2016-8565 (Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote  ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License Manager (ALM ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allow ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8562 (Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or S ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8561 (Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated us ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8560
	REJECTED
CVE-2016-8559
	REJECTED
CVE-2016-8558
	REJECTED
CVE-2016-8557
	REJECTED
CVE-2016-8556
	REJECTED
CVE-2016-8555
	REJECTED
CVE-2016-8554
	REJECTED
CVE-2016-8553
	REJECTED
CVE-2016-8552
	REJECTED
CVE-2016-8551
	REJECTED
CVE-2016-8550
	REJECTED
CVE-2016-8549
	REJECTED
CVE-2016-8548
	REJECTED
CVE-2016-8547
	REJECTED
CVE-2016-8546
	REJECTED
CVE-2016-8545
	REJECTED
CVE-2016-8544
	REJECTED
CVE-2016-8543
	REJECTED
CVE-2016-8542
	REJECTED
CVE-2016-8541
	REJECTED
CVE-2016-8540
	REJECTED
CVE-2016-8539
	REJECTED
CVE-2016-8538
	REJECTED
CVE-2016-8537
	REJECTED
CVE-2016-8536
	REJECTED
CVE-2016-8535 (A remote HTTP parameter Pollution vulnerability in HPE Matrix Operatin ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8534 (A remote privilege elevation vulnerability in HPE Matrix Operating Env ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8533 (A remote priviledge escalation vulnerability in HPE Matrix Operating E ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8532 (A cross site scripting vulnerability in HPE Matrix Operating Environme ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8531 (A remote information disclosure vulnerability in HPE Matrix Operating  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8530 (A remote denial of service vulnerability in HPE iMC PLAT version v7.2  ...)
	NOT-FOR-US: HPE iMC PLAT
CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual ...)
	NOT-FOR-US: HPE StoreVirtual
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptu ...)
	NOT-FOR-US: HPE Helion Eucalyptus
CVE-2016-8527 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulner ...)
	NOT-FOR-US: Aruba
CVE-2016-8526 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulner ...)
	NOT-FOR-US: Aruba
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC PLAT versi ...)
	NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
	REJECTED
CVE-2016-8523 (A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage A ...)
	NOT-FOR-US: HP Smart Storage Administrator
CVE-2016-8522 (A cross-site scripting vulnerability in HPE Diagnostics version 9.24 I ...)
	NOT-FOR-US: HPE Diagnostics
CVE-2016-8521 (A Remote click jacking vulnerability in HPE Diagnostics version 9.24 I ...)
	NOT-FOR-US: HPE Diagnostics
CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM  ...)
	- eucalyptus <removed>
CVE-2016-8519 (A remote code execution vulnerability in HPE Operations Orchestration  ...)
	NOT-FOR-US: HPE Operations Orchestration
CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight Manage ...)
	NOT-FOR-US: HPE
CVE-2016-8517 (A cross site scripting vulnerability in HPE Systems Insight Manager in ...)
	NOT-FOR-US: HPE
CVE-2016-8516 (A remote denial of service vulnerability in HPE Systems Insight Manage ...)
	NOT-FOR-US: HPE
CVE-2016-8515 (A remote malicious file upload vulnerability in HPE Version Control Re ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8514 (A remote information disclosure in HPE Version Control Repository Mana ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8513 (A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Contr ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8512 (A Remote Code Execution vulnerability in all versions of HPE LoadRunne ...)
	NOT-FOR-US: HPE
CVE-2016-8511 (A Remote Code Execution vulnerability in HPE Network Automation using  ...)
	NOT-FOR-US: HPE
CVE-2016-8510
	REJECTED
CVE-2016-8509
	REJECTED
CVE-2016-8508 (Yandex Browser for desktop before 17.1.1.227 does not show Protect (si ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8507 (Yandex Browser for iOS before 16.10.0.2357 does not properly restrict  ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8506 (XSS in Yandex Browser Translator in Yandex browser for desktop for ver ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8505 (XSS in Yandex Browser BookReader in Yandex browser for desktop for ver ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8504 (CSRF of synchronization form in Yandex Browser for desktop before vers ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8503 (Yandex Protect Anti-phishing warning in Yandex Browser for desktop fro ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8502 (Yandex Protect Anti-phishing warning in Yandex Browser for desktop fro ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8501 (Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 all ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8500
	REJECTED
CVE-2016-8499
	REJECTED
CVE-2016-8498
	REJECTED
CVE-2016-8497
	REJECTED
CVE-2016-8496
	REJECTED
CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet FortiMana ...)
	NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with webu ...)
	NOT-FOR-US: Fortiguard
CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privil ...)
	NOT-FOR-US: Fortiguard
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows a ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC  ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2015-8965 (Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows re ...)
	NOT-FOR-US: Rogue Wave JViews
CVE-2016-XXXX [dbus format string vulnerability]
	- dbus 1.10.12-1
	[jessie] - dbus 1.8.22-0+deb8u1
	[wheezy] - dbus <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
	NOTE: Versions affected: dbus >= 1.4.0
	NOTE: Fixed in: dbus >= 1.11.6, 1.10.x >= 1.10.12, 1.8.x >= 1.8.22
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/10/9
	NOTE: In Debian CVE-2015-0245 was already fixed, and this issue is
	NOTE: not believed to be exploitable in practice, because the relevant
	NOTE: message is ignored unless it comes from the owner of the bus name
	NOTE: org.freedesktop.systemd1. On the system bus, this bus name is only
	NOTE: allowed to be owned by uid 0; it is intended to be owned by systemd,
	NOTE: and no mechanism is currently known by which an attacker who does not
	NOTE: already have root privileges could induce systemd to send messages
	NOTE: that would trigger the format string vulnerability.
CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote attacker ...)
	- potrace 1.14-1 (low; bug #850595)
	[stretch] - potrace <no-dsa> (Minor issue)
	[jessie] - potrace <no-dsa> (Minor issue)
	[wheezy] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
	NOTE: http://potrace.sourceforge.net/ChangeLog claims that it's fixed in 1.14
	NOTE: but see https://lists.debian.org/debian-lts/2017/05/msg00032.html
CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote att ...)
	{DLA-889-1}
	- potrace 1.13-3 (bug #843861)
	[jessie] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
CVE-2016-8684 (The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25  ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
CVE-2016-8683 (The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 all ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
CVE-2016-8682 (The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 all ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwa ...)
	- dwarfutils 20161001-2 (bug #840958)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/11
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
	NOTE: Same fix as CVE-2016-8681 but different issue
CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20 ...)
	- dwarfutils 20161001-2 (bug #840960)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20 ...)
	- dwarfutils 20161001-2 (bug #840961)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 al ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #840451)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
CVE-2016-8601
	REJECTED
CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ...)
	{DLA-1599-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840340)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Qui ...)
	{DLA-1599-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840341)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ...)
	{DLA-1497-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840343)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
CVE-2016-8569 (The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows  ...)
	- libgit2 0.24.2-2 (bug #840227)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860989)
	NOTE: https://github.com/libgit2/libgit2/issues/3937
CVE-2016-8568 (The git_commit_message function in oid.c in libgit2 before 0.24.3 allo ...)
	- libgit2 0.24.5-1 (bug #840227)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860989)
	NOTE: https://github.com/libgit2/libgit2/issues/3936
CVE-2016-8490
	RESERVED
CVE-2016-8489
	REJECTED
CVE-2016-8488 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8487 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8486 (An information disclosure vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8485 (An information disclosure vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU driver. Prod ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8479 (An elevation of privilege vulnerability in the Qualcomm GPU driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8478 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8477 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8476 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8475 (An information disclosure vulnerability in the HTC input driver could  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-8474 (An information disclosure vulnerability in the STMicroelectronics driv ...)
	NOT-FOR-US: STMicroelectronics driver for Android
CVE-2016-8473 (An information disclosure vulnerability in the STMicroelectronics driv ...)
	NOT-FOR-US: STMicroelectronics driver for Android
CVE-2016-8472 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8471 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8470 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8469 (An information disclosure vulnerability in the camera driver could ena ...)
	NOT-FOR-US: camera driver for Android
CVE-2016-8468 (An elevation of privilege vulnerability in Binder could enable a local ...)
	NOT-FOR-US: Android Binder
CVE-2016-8467 (An elevation of privilege vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8466 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8465 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8464 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8463 (A denial of service vulnerability in the Qualcomm FUSE file system cou ...)
	NOT-FOR-US: Qualcomm file system for Android
CVE-2016-8462 (An information disclosure vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8461 (An information disclosure vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8460 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8459 (Possible buffer overflow in storage subsystem. Bad parameters as part  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8458 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8457 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8456 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8455 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8454 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8453 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8452 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8451 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8450 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8449 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8448 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8447 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8446 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8445 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8444 (An elevation of privilege vulnerability in the Qualcomm camera could e ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8443 (Possible unauthorized memory access in the hypervisor. Incorrect confi ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8442 (Possible unauthorized memory access in the hypervisor. Lack of input v ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8441 (Possible buffer overflow in the hypervisor. Inappropriate usage of a s ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8440 (Possible buffer overflow in SMMU system call. Improper input validatio ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8439 (Possible buffer overflow in trust zone access control API. Buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8438 (Integer overflow leading to a TOCTOU condition in hypervisor PIL. An i ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8437 (Improper input validation in Access Control APIs. Access control API m ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8436 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8435 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8434 (An elevation of privilege vulnerability in the Qualcomm GPU driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8433 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-8432 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8431 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8430 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8427 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8426 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8425 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8424 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8423 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-8422 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-8421 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8420 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8419 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8418 (A remote code execution vulnerability in the Qualcomm crypto driver co ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8417 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8416 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8415 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8414 (An information disclosure vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm Secure Execution Environment Communicator
CVE-2016-8413 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera could e ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8411 (Buffer overflow vulnerability while processing QMI QOS TLVs. Product:  ...)
	NOT-FOR-US: Android
CVE-2016-8410 (An information disclosure vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8408 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8407 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8406 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8405 (An information disclosure vulnerability in kernel components including ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/2dc705a9930b4806250fbf5a76e55266e59389f2
CVE-2016-8404 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8403 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8402 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8401 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8400 (An information disclosure vulnerability in the NVIDIA librm library (l ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8399 (An elevation of privilege vulnerability in the kernel networking subsy ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
CVE-2016-8398 (Unauthenticated messages processed by the UE. Certain NAS messages are ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8397 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8396 (An information disclosure vulnerability in the MediaTek video driver c ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8395 (A denial of service vulnerability in the NVIDIA camera driver could en ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8394 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8393 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8392 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8391 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-1000246
	RESERVED
CVE-2017-1000245 (The SSH Plugin stores credentials which allow jobs to access remote se ...)
	NOT-FOR-US: Jenkins SSH plugin
CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #839846)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #839845)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2015-8964 (The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the L ...)
	{DLA-772-1}
	- linux 4.5.1-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/dd42bf1197144ede075a9d4793123f7689e164bc (v4.5-rc1)
CVE-2015-8963 (Race condition in kernel/events/core.c in the Linux kernel before 4.4  ...)
	{DLA-772-1}
	- linux 4.4.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/12ca6ad2e3a896256f086497a7c7406a547ee373 (v4.4)
CVE-2015-8962 (Double free vulnerability in the sg_common_write function in drivers/s ...)
	{DLA-772-1}
	- linux 4.4.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/f3951a3709ff50990bf3e188c27d346792103432 (v4.4-rc1)
CVE-2015-8961 (The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux k ...)
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/6934da9238da947628be83635e365df41064b09b (v4.4-rc5)
CVE-2014-9908 (A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0. ...)
	NOT-FOR-US: Android
CVE-2016-1000247 [mpg123 memory overread]
	{DLA-655-1}
	- mpg123 1.23.8-1 (low; bug #838960)
	[jessie] - mpg123 1.20.1-2+deb8u1
	NOTE: http://mpg123.org/bugs/240
CVE-2016-XXXX [nspr, nss: unprotected environment variables]
	- nspr 2:4.12-1 (low)
	[jessie] - nspr 2:4.12-1+debu8u1
	[wheezy] - nspr 2:4.12-1+deb7u1
	NOTE: Workaround entry for DSA-3687-1/DLA-676-1 until CVE is assigned
	- nss 2:3.23-1 (low)
	[jessie] - nss 2:3.26-1+debu8u1
	[wheezy] - nss 2:3.26-1+debu7u1
	NOTE: Workaround entry for DSA-3688-1/DLA-677-1 until CVE is assigned
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
CVE-2016-8390 (An exploitable out of bounds write vulnerability exists in the parsing ...)
	NOT-FOR-US: Hopper Disassembler
CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni Argu ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8388 (An exploitable arbitrary heap-overwrite vulnerability exists within Ic ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni Argus. When  ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus. When  ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a s ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8384 (An exploitable heap corruption vulnerability exists in the DHFSummary  ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the Doc_GetFont ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the Doc_SetSumm ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8381
	REJECTED
CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and w ...)
	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8377 (An issue was discovered in Fatek Automation PLC WinProladder Version 3 ...)
	NOT-FOR-US: Fatek
CVE-2016-8376 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona AB WebDatorCentral
CVE-2016-8375 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8 ...)
	NOT-FOR-US: Alaris 8015 Point of Care
CVE-2016-8374 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO  ...)
	NOT-FOR-US: Schneider
CVE-2016-8373
	RESERVED
CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed without aut ...)
	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ser ...)
	NOT-FOR-US: Mitsubishi
CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8368 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ser ...)
	NOT-FOR-US: Mitsubishi
CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO  ...)
	NOT-FOR-US: Schneider
CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to protec ...)
	NOT-FOR-US: Phoenix Contact ILC PLCs
CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset Framework (AF) ...)
	NOT-FOR-US: OSIsoft PI
CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object ...)
	NOT-FOR-US: IBHsoftec
CVE-2016-8363 (An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/313 ...)
	NOT-FOR-US: Moxa
CVE-2016-8362 (An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/313 ...)
	NOT-FOR-US: Moxa
CVE-2016-8361 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8360 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-8359 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8358 (An issue was discovered in Smiths-Medical CADD-Solis Medication Safety ...)
	NOT-FOR-US: Smiths-Medical
CVE-2016-8357 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8356 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona
CVE-2016-8355 (An issue was discovered in Smiths-Medical CADD-Solis Medication Safety ...)
	NOT-FOR-US: Smiths-Medical
CVE-2016-8354 (An issue was discovered in Schneider Electric Unity PRO prior to V11.1 ...)
	NOT-FOR-US: Schneider
CVE-2016-8353 (An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). ...)
	NOT-FOR-US: OSISoft PI Web API
CVE-2016-8352 (An issue was discovered in Schneider Electric ConneXium firewalls TCSE ...)
	NOT-FOR-US: Schneider
CVE-2016-8351
	RESERVED
CVE-2016-8350 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8349
	REJECTED
CVE-2016-8348 (An XML External Entity (XXE) issue was discovered in Emerson Liebert S ...)
	NOT-FOR-US: Emerson
CVE-2016-8347 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona
CVE-2016-8346 (An issue was discovered in Moxa EDR-810 Industrial Secure Router. By a ...)
	NOT-FOR-US: Moxa
CVE-2016-8345
	REJECTED
CVE-2016-8344 (An issue was discovered in Honeywell Experion Process Knowledge System ...)
	NOT-FOR-US: Honeywell
CVE-2016-8343 (Directory traversal vulnerability in INDAS Web SCADA before 3 allows r ...)
	NOT-FOR-US: INDAS Web SCADA
CVE-2016-8342
	REJECTED
CVE-2016-8341 (An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Eca ...)
	NOT-FOR-US: Ecava
CVE-2016-8340
	RESERVED
CVE-2016-8339 (A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code  ...)
	- redis 3:3.2.4-1
	[jessie] - redis <not-affected> (Vulnerable code introduced later)
	[wheezy] - redis <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0206/
	NOTE: CLIENT_MASTER introduced within 3.2-rc1
CVE-2016-8338
	REJECTED
CVE-2016-8337
	RESERVED
CVE-2016-8336
	RESERVED
CVE-2016-8335 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8334 (A large out-of-bounds read on the heap vulnerability in Foxit PDF Read ...)
	NOT-FOR-US: Foxit PDF
CVE-2016-8333 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution wh ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0193/
	NOTE: https://github.com/uclouvain/openjpeg/pull/820
CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the handl ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	- tiff3 <removed>
	[jessie] - tiff 4.0.3-12.3+deb8u2
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
	NOTE: From the backtrace shared in the report, we can see that the crash is triggered though the thumbnail tool which has been dropped upstream.
CVE-2016-8330 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2016-8329 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-8328 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2016-8327 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8326
	RESERVED
CVE-2016-8325 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-8324 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8323 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8322 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8321
	REJECTED
CVE-2016-8320 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8319 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8318 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8317 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8316 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8315 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8314 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8313 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8312 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8311 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8310 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8309 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8308 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8307 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8306 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8305 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8304 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8303 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8302 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8301 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8300 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8299 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8298 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8297 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8296 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8295 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8294 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8293 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8292 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8291 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8290 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8289 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows lo ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8288 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8287 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8286 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8285 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle
CVE-2016-8284 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8283 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-8282 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for Java com ...)
	NOT-FOR-US: Oracle
CVE-2016-1000244
	RESERVED
CVE-2016-1000243
	RESERVED
CVE-2016-7553 (The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permiss ...)
	{DLA-722-1}
	- irssi 0.8.20-2 (bug #838762)
	[jessie] - irssi 0.8.17-1+deb8u2
	NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
	NOTE: https://irssi.org/2016/09/22/buf.pl-update/
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1
CVE-2016-1000242
	RESERVED
CVE-2016-1000241
	RESERVED
CVE-2016-1000240
	RESERVED
CVE-2016-1000239
	RESERVED
CVE-2016-1000238
	RESERVED
CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...)
	NOT-FOR-US: sanitize-html
CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due  ...)
	- node-cookie-signature 1.1.0-1 (unimportant; bug #838618)
	NOTE: https://nodesecurity.io/advisories/134
	NOTE: https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e
	NOTE: nodejs not covered by security support
CVE-2016-1000235
	RESERVED
CVE-2016-1000234
	RESERVED
CVE-2016-1000233
	RESERVED
CVE-2016-1000232 (NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsin ...)
	NOT-FOR-US: nodejs tough-cookie
	NOTE: https://nodesecurity.io/advisories/130
CVE-2016-1000231
	RESERVED
CVE-2016-1000230
	RESERVED
CVE-2016-1000229 (swagger-ui has XSS in key names ...)
	NOT-FOR-US: nodejs swagger-ui
	NOTE: https://github.com/swagger-api/swagger-ui/issues/1865
CVE-2016-1000228
	RESERVED
CVE-2016-1000227
	RESERVED
CVE-2016-1000226
	RESERVED
CVE-2016-1000225
	RESERVED
CVE-2016-1000224
	RESERVED
CVE-2016-1000223
	RESERVED
CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation  ...)
	- libcommons-fileupload-java <unfixed> (unimportant)
	NOTE: https://www.tenable.com/security/research/tra-2016-12
	NOTE: Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload
	NOTE: Apache say that issue needs to be fixed in any vendor/product using Apache Commons FileUpload
	NOTE: DiskFileItem as described in the given advisory.
	NOTE: Thus we are not going to diverge from Apache upstream here.
CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU ...)
	- qemu 1:2.7+dfsg-1 (bug #838687)
	[jessie] - qemu <not-affected> (Vulnerable code not present. Introduced in 2.2.x)
	[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
	NOTE: The usb_xhci_exit and thus the patched code was introduced in:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34 (v2.2.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/19/8
CVE-2016-8280 (Directory traversal vulnerability in Huawei eSight before V300R003C20S ...)
	NOT-FOR-US: Huawei eSight UMS
CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 b ...)
	NOT-FOR-US: Huawei
CVE-2016-8278 (Huawei USG9520, USG9560, and USG9580 unified security gateways with so ...)
	NOT-FOR-US: Huawei Firewalls
CVE-2016-8277 (Huawei USG9520, USG9560, and USG9580 unified security gateways with so ...)
	NOT-FOR-US: Huawei Firewalls
CVE-2016-8276 (Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) m ...)
	NOT-FOR-US: Huawei
CVE-2016-8275 (Huawei AnyOffice V200R006C00 could allow an authenticated, remote atta ...)
	NOT-FOR-US: Huawei
CVE-2016-8274 (Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link lib ...)
	NOT-FOR-US: Huawei
CVE-2016-8273 (Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for ...)
	NOT-FOR-US: Huawei
CVE-2016-8272 (Huawei PC client software HiSuite 4.0.5.300_OVE has an information lea ...)
	NOT-FOR-US: Huawei
CVE-2016-8271 (Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an infor ...)
	NOT-FOR-US: Huawei
CVE-2016-8270
	REJECTED
CVE-2016-8269
	REJECTED
CVE-2016-8268
	REJECTED
CVE-2016-8267
	REJECTED
CVE-2016-8266
	REJECTED
CVE-2016-8265
	REJECTED
CVE-2016-8264
	REJECTED
CVE-2016-8263
	REJECTED
CVE-2016-8262
	REJECTED
CVE-2016-8261
	REJECTED
CVE-2016-8260
	REJECTED
CVE-2016-8259
	REJECTED
CVE-2016-8258
	REJECTED
CVE-2016-8257
	REJECTED
CVE-2016-8256
	REJECTED
CVE-2016-8255
	REJECTED
CVE-2016-8254
	REJECTED
CVE-2016-8253
	REJECTED
CVE-2016-8252
	REJECTED
CVE-2016-8251
	REJECTED
CVE-2016-8250
	REJECTED
CVE-2016-8249
	REJECTED
CVE-2016-8248
	REJECTED
CVE-2016-8247
	REJECTED
CVE-2016-8246
	REJECTED
CVE-2016-8245
	REJECTED
CVE-2016-8244
	REJECTED
CVE-2016-8243
	REJECTED
CVE-2016-8242
	REJECTED
CVE-2016-8241
	REJECTED
CVE-2016-8240
	REJECTED
CVE-2016-8239
	REJECTED
CVE-2016-8238
	REJECTED
CVE-2016-8237 (Remote code execution in Lenovo Updates (not Lenovo System Update) all ...)
	NOT-FOR-US: Lenovo
CVE-2016-8236 (Reset to default settings may occur in Lenovo ThinkServer TSM RD350, R ...)
	NOT-FOR-US: Lenovo
CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software Development Kit  ...)
	NOT-FOR-US: Lenovo
CVE-2016-8234
	REJECTED
CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions e ...)
	NOT-FOR-US: Lenovo
CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting vulnerability i ...)
	NOT-FOR-US: Lenovo
CVE-2016-8231 (In Lenovo Service Bridge before version 4, a bug found in the signatur ...)
	NOT-FOR-US: Lenovo
CVE-2016-8230 (In Lenovo Service Bridge before version 4, an insecure HTTP connection ...)
	NOT-FOR-US: Lenovo
CVE-2016-8229 (A cross-site request forgery vulnerability in Lenovo Service Bridge be ...)
	NOT-FOR-US: Lenovo
CVE-2016-8228 (In Lenovo Service Bridge before version 4, a user with local privilege ...)
	NOT-FOR-US: Lenovo
CVE-2016-8227 (Privilege escalation vulnerability in Lenovo Transition application us ...)
	NOT-FOR-US: Lenovo
CVE-2016-8226 (The BIOS in Lenovo System X M5, M6, and X6 systems allows administrato ...)
	NOT-FOR-US: Lenovo
CVE-2016-8225 (Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB ...)
	NOT-FOR-US: Lenovo
CVE-2016-8224 (A vulnerability has been identified in some Lenovo Notebook and ThinkS ...)
	NOT-FOR-US: Lenovo
CVE-2016-8223 (During an internal security review, Lenovo identified a local privileg ...)
	NOT-FOR-US: Lenovo
CVE-2016-8222 (A vulnerability has been identified in a signed kernel driver for the  ...)
	NOT-FOR-US: Lenovo
CVE-2016-8221 (Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2 ...)
	NOT-FOR-US: Lenovo
CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulato ...)
	- qemu 1:2.7+dfsg-1 (bug #838145)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/5
	NOTE: LSI SAS1068 (mptsas) device support added in
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ...)
	- qemu 1:2.7+dfsg-1 (bug #838146)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
	{DLA-1599-1}
	- qemu 1:2.7+dfsg-1 (bug #838147)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
	- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/3
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=d251157ac1928191af851d199a9ff255d330bec9
CVE-2016-8220 (Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x pri ...)
	NOT-FOR-US: Pivotal
CVE-2016-8219 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-8218 (An issue was discovered in Cloud Foundry Foundation routing-release ve ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-8217 (EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing At ...)
	NOT-FOR-US: EMC RSA
CVE-2016-8216 (EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS ...)
	NOT-FOR-US: EMC
CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Refl ...)
	NOT-FOR-US: RSA Security Analytics
CVE-2016-8214 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions  ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, pri ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-8212 (An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6. ...)
	NOT-FOR-US: EMC RSA
CVE-2016-8211 (EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EM ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2016-8210
	RESERVED
CVE-2016-8209 (Improper checks for unusual or exceptional conditions in Brocade NetIr ...)
	NOT-FOR-US: Brocade
CVE-2016-8208
	RESERVED
CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet in the  ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8206 (A Directory Traversal vulnerability in servlet SoftwareImageUpload in  ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8205 (A Directory Traversal vulnerability in DashboardFileReceiveServlet in  ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8204 (A Directory Traversal vulnerability in FileReceiveServlet in the Broca ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron OS on Br ...)
	NOT-FOR-US: Brocade
CVE-2016-8202 (A privilege escalation vulnerability in Brocade Fibre Channel SAN prod ...)
	NOT-FOR-US: Brocade
CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager versions relea ...)
	NOT-FOR-US: Brocade
CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS b ...)
	- gnutls28 3.5.3-4
	[jessie] - gnutls28 3.3.8-6+deb8u4
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
	NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374266
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/18/3
CVE-2017-0300 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0299 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0298 (A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0297 (The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0296 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0295 (Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0294 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0293 (Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0292 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows R ...)
	NOT-FOR-US: Microsoft
CVE-2017-0291 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows R ...)
	NOT-FOR-US: Microsoft
CVE-2017-0290 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-0289 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0288 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0287 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0286 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0285 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-0284 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-0283 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-0282 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-0281 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0280 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of servic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0279 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0278 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0277 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0276 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0275 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0274 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0273 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of servic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0272 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0271 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0270 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0269 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of servic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0268 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0267 (Microsoft Server Message Block 1.0 (SMBv1) allows an information discl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0266 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0265 (Microsoft PowerPoint for Mac 2011 allows a remote code execution vulne ...)
	NOT-FOR-US: Microsoft
CVE-2017-0264 (Microsoft PowerPoint for Mac 2011 allows a remote code execution vulne ...)
	NOT-FOR-US: Microsoft
CVE-2017-0263 (The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-0262 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a re ...)
	NOT-FOR-US: Microsoft
CVE-2017-0261 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a re ...)
	NOT-FOR-US: Microsoft
CVE-2017-0260 (A remote code execution vulnerability exists in Microsoft Office when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0259 (The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-0258 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0257
	RESERVED
CVE-2017-0256 (A spoofing vulnerability exists when the ASP.NET Core fails to properl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0255 (Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privil ...)
	NOT-FOR-US: Microsoft
CVE-2017-0254 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibil ...)
	NOT-FOR-US: Microsoft
CVE-2017-0253
	RESERVED
CVE-2017-0252 (A remote code execution vulnerability exists in Microsoft Chakra Core  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0251
	RESERVED
CVE-2017-0250 (Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-0249 (An elevation of privilege vulnerability exists when the ASP.NET Core f ...)
	NOT-FOR-US: Microsoft
CVE-2017-0248 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0247 (A denial of service vulnerability exists when the ASP.NET Core fails t ...)
	NOT-FOR-US: Microsoft
CVE-2017-0246 (The Graphics Component in the kernel-mode drivers in Windows Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0245 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 al ...)
	NOT-FOR-US: Microsoft
CVE-2017-0243 (Microsoft Office allows a remote code execution vulnerability due to t ...)
	NOT-FOR-US: Microsoft
CVE-2017-0242 (An information disclosure vulnerability exists in the way some ActiveX ...)
	NOT-FOR-US: Microsoft
CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft Edge ren ...)
	NOT-FOR-US: Microsoft
CVE-2017-0240 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0239
	RESERVED
CVE-2017-0238 (A remote code execution vulnerability exists in Microsoft browsers in  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0237
	RESERVED
CVE-2017-0236 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0235 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0234 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0233 (An elevation of privilege vulnerability exists in Microsoft Edge that  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0232
	RESERVED
CVE-2017-0231 (A spoofing vulnerability exists when Microsoft browsers render SmartSc ...)
	NOT-FOR-US: Microsoft
CVE-2017-0230 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0229 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0228 (A remote code execution vulnerability exists in Microsoft browsers in  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0227 (A remote code execution vulnerability exists in Microsoft Edge in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0226 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2017-0225
	RESERVED
CVE-2017-0224 (A remote code execution vulnerability exists in the way JavaScript eng ...)
	NOT-FOR-US: Microsoft
CVE-2017-0223 (A remote code execution vulnerability exists in Microsoft Chakra Core  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0222 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2017-0221 (A vulnerability exists when Microsoft Edge improperly accesses objects ...)
	NOT-FOR-US: Microsoft
CVE-2017-0220 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-0219 (Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-0218 (Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-0217
	RESERVED
CVE-2017-0216 (Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 al ...)
	NOT-FOR-US: Microsoft
CVE-2017-0215 (Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0214 (Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0213 (Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0212 (Windows Hyper-V allows an elevation of privilege vulnerability when Mi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0211 (An elevation of privilege vulnerability exists in Windows 10, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0210 (An elevation of privilege vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0209
	RESERVED
CVE-2017-0208 (An information disclosure vulnerability exists in Microsoft Edge when  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0207 (Microsoft Outlook for Mac 2011 allows remote attackers to spoof web co ...)
	NOT-FOR-US: Microsoft
CVE-2017-0206
	RESERVED
CVE-2017-0205 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0204 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outl ...)
	NOT-FOR-US: Microsoft
CVE-2017-0203 (A vulnerability exists in Microsoft Edge when the Edge Content Securit ...)
	NOT-FOR-US: Microsoft
CVE-2017-0202 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2017-0201 (A remote code execution vulnerability exists in Internet Explorer in t ...)
	NOT-FOR-US: Microsoft
CVE-2017-0200 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0199 (Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-0198
	RESERVED
CVE-2017-0197 (Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0196 (An information disclosure vulnerability in Microsoft scripting engine  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0195 (Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0194 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compati ...)
	NOT-FOR-US: Microsoft
CVE-2017-0193 (Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-0192 (The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0191 (A denial of service vulnerability exists in the way that Windows 7, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0190 (The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0189 (An elevation of privilege vulnerability exists in Windows 10 when the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0188 (A Win32k information disclosure vulnerability exists in Windows 8.1, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-0187
	RESERVED
CVE-2017-0186 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2017-0185 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2017-0184 (A denial of service vulnerability exists when Microsoft Hyper-V runnin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0183 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2017-0182 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2017-0181 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2017-0180 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2017-0179 (A denial of service vulnerability exists when Microsoft Hyper-V runnin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0178 (A denial of service vulnerability exists when Microsoft Hyper-V runnin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0177
	RESERVED
CVE-2017-0176 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in M ...)
	NOT-FOR-US: Microsoft
CVE-2017-0175 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0174 (Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0173 (Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0172
	RESERVED
CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability when Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0170 (Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0169 (An information disclosure vulnerability exists when Windows Hyper-V ru ...)
	NOT-FOR-US: Microsoft
CVE-2017-0168 (An information disclosure vulnerability exists when the Windows Hyper- ...)
	NOT-FOR-US: Microsoft
CVE-2017-0167 (An information disclosure vulnerability exists in Windows 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0166 (An elevation of privilege vulnerability exists in Windows when LDAP re ...)
	NOT-FOR-US: Microsoft
CVE-2017-0165 (An elevation of privilege vulnerability exists when Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0164 (A denial of service vulnerability exists in Windows 10 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-0163 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2017-0162 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...)
	NOT-FOR-US: Microsoft
CVE-2017-0161 (The Windows NetBT Session Services component on Microsoft Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2017-0160 (Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 al ...)
	NOT-FOR-US: Microsoft
CVE-2017-0159 (A security feature bypass vulnerability exists in Windows 10 1607, Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0158 (An elevation of privilege vulnerability exists when Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0157
	RESERVED
CVE-2017-0156 (An elevation of privilege vulnerability exists in Windows 7, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0155 (The Graphics component in the kernel in Microsoft Windows Vista SP2; W ...)
	NOT-FOR-US: Microsoft
CVE-2017-0154 (Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2017-0153
	RESERVED
CVE-2017-0152 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0151 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0150 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0149 (Microsoft Internet Explorer 9 through 11 allow remote attackers to exe ...)
	NOT-FOR-US: Microsoft
CVE-2017-0148 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0147 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0146 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0145 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0144 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0143 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0142
	RESERVED
CVE-2017-0141 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0140 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0139
	RESERVED
CVE-2017-0138 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0137 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0136 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0135 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0134 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0133 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0132 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0131 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0130 (The scripting engine in Microsoft Internet Explorer 9 through 11 allow ...)
	NOT-FOR-US: Microsoft
CVE-2017-0129 (Microsoft Lync for Mac 2011 fails to properly validate certificates, a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0128 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0127 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0126 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0125 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0124 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0123 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0122 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0121 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0120 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0119 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0118 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0117 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0116 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0115 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0114 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0113 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0112 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0111 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0110 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2017-0109 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0108 (The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0107 (Microsoft SharePoint Server fails to sanitize crafted web requests, al ...)
	NOT-FOR-US: Microsoft
CVE-2017-0106 (Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outloo ...)
	NOT-FOR-US: Microsoft
CVE-2017-0105 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0104 (The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, W ...)
	NOT-FOR-US: Microsoft
CVE-2017-0103 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0102 (Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0101 (The kernel-mode drivers in Transaction Manager in Microsoft Windows Vi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0100 (A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2017-0099 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0098 (Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2017-0097 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0096 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0095 (Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2017-0094 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0093 (A remote code execution vulnerability in Microsoft Edge exists in the  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0092 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0091 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0090 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0089 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0088 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0087 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0086 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0085 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0084 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0083 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0082 (The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow lo ...)
	NOT-FOR-US: Microsoft
CVE-2017-0081 (The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0080 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0079 (The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Window ...)
	NOT-FOR-US: Microsoft
CVE-2017-0078 (The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0077 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0076 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0075 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0074 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0073 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0072 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0071 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0070 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0069 (Microsoft Edge allows remote attackers to spoof web content via a craf ...)
	NOT-FOR-US: Microsoft
CVE-2017-0068 (Browsers in Microsoft Edge allow remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0067 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0066 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0065 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0064 (A security feature bypass vulnerability exists in Internet Explorer th ...)
	NOT-FOR-US: Microsoft
CVE-2017-0063 (The Color Management Module (ICM32.dll) memory handling functionality  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0062 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0061 (The Color Management Module (ICM32.dll) memory handling functionality  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0060 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0059 (Microsoft Internet Explorer 9 through 11 allow remote attackers to obt ...)
	NOT-FOR-US: Microsoft
CVE-2017-0058 (A Win32k information disclosure vulnerability exists in Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-0057 (DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows R ...)
	NOT-FOR-US: Microsoft
CVE-2017-0056 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-0055 (Microsoft Internet Information Server (IIS) in Windows Vista SP2; Wind ...)
	NOT-FOR-US: Microsoft
CVE-2017-0054
	RESERVED
CVE-2017-0053 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-0052 (Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0051 (Microsoft Windows 10 1607 and Windows Server 2016 allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2017-0050 (The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0049 (The VBScript engine in Microsoft Internet Explorer 11 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2017-0048
	RESERVED
CVE-2017-0047 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0046
	RESERVED
CVE-2017-0045 (Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0044
	RESERVED
CVE-2017-0043 (Active Directory Federation Services in Microsoft Windows 10 1607, Win ...)
	NOT-FOR-US: Microsoft
CVE-2017-0042 (Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0041
	RESERVED
CVE-2017-0040 (The scripting engine in Microsoft Internet Explorer 9 through 11 allow ...)
	NOT-FOR-US: Microsoft
CVE-2017-0039 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link ...)
	NOT-FOR-US: Microsoft
CVE-2017-0038 (gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vist ...)
	NOT-FOR-US: Microsoft
CVE-2017-0037 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type c ...)
	NOT-FOR-US: Microsoft
CVE-2017-0036
	RESERVED
CVE-2017-0035 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0034 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0033 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2017-0032 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0031 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP ...)
	NOT-FOR-US: Microsoft
CVE-2017-0030 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web A ...)
	NOT-FOR-US: Microsoft
CVE-2017-0029 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0028 (A remote code execution vulnerability exists when Microsoft scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0027 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 201 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0026 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0025 (The kernel-mode drivers in Microsoft Windows Vista; Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0024 (The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2017-0023 (The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 an ...)
	NOT-FOR-US: Microsoft
CVE-2017-0022 (Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0021 (Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0020 (Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office We ...)
	NOT-FOR-US: Microsoft
CVE-2017-0019 (Microsoft Word 2016 allows remote attackers to execute arbitrary code  ...)
	NOT-FOR-US: Microsoft
CVE-2017-0018 (Microsoft Internet Explorer 10 and 11 allow remote attackers to execut ...)
	NOT-FOR-US: Microsoft
CVE-2017-0017 (The RegEx class in the XSS filter in Microsoft Edge allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2017-0016 (Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0015 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0014 (The Windows Graphics Component in Microsoft Office 2010 SP2; Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2017-0013
	RESERVED
CVE-2017-0012 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2017-0011 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0010 (A remote code execution vulnerability exists in the way affected Micro ...)
	NOT-FOR-US: Microsoft
CVE-2017-0009 (Microsoft Internet Explorer 9 through 11 allow remote attackers to obt ...)
	NOT-FOR-US: Microsoft
CVE-2017-0008 (Microsoft Internet Explorer 9 through 11 allow remote attackers to obt ...)
	NOT-FOR-US: Microsoft
CVE-2017-0007 (Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2017-0006 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0005 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft
CVE-2017-0001 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-8200
	RESERVED
CVE-2016-8199
	RESERVED
CVE-2016-8198
	RESERVED
CVE-2016-8197
	RESERVED
CVE-2016-8196
	RESERVED
CVE-2016-8195
	RESERVED
CVE-2016-8194
	RESERVED
CVE-2016-8193
	RESERVED
CVE-2016-8192
	RESERVED
CVE-2016-8191
	RESERVED
CVE-2016-8190
	RESERVED
CVE-2016-8189
	RESERVED
CVE-2016-8188
	RESERVED
CVE-2016-8187
	RESERVED
CVE-2016-8186
	RESERVED
CVE-2016-8185
	RESERVED
CVE-2016-8184
	RESERVED
CVE-2016-8183
	RESERVED
CVE-2016-8182
	RESERVED
CVE-2016-8181
	RESERVED
CVE-2016-8180
	RESERVED
CVE-2016-8179
	RESERVED
CVE-2016-8178
	RESERVED
CVE-2016-8177
	RESERVED
CVE-2016-8176
	RESERVED
CVE-2016-8175
	RESERVED
CVE-2016-8174
	RESERVED
CVE-2016-8173
	RESERVED
CVE-2016-8172
	RESERVED
CVE-2016-8171
	RESERVED
CVE-2016-8170
	RESERVED
CVE-2016-8169
	RESERVED
CVE-2016-8168
	RESERVED
CVE-2016-8167
	RESERVED
CVE-2016-8166
	RESERVED
CVE-2016-8165
	RESERVED
CVE-2016-8164
	RESERVED
CVE-2016-8163
	RESERVED
CVE-2016-8162
	RESERVED
CVE-2016-8161
	RESERVED
CVE-2016-8160
	RESERVED
CVE-2016-8159
	RESERVED
CVE-2016-8158
	RESERVED
CVE-2016-8157
	RESERVED
CVE-2016-8156
	RESERVED
CVE-2016-8155
	RESERVED
CVE-2016-8154
	RESERVED
CVE-2016-8153
	RESERVED
CVE-2016-8152
	RESERVED
CVE-2016-8151
	RESERVED
CVE-2016-8150
	RESERVED
CVE-2016-8149
	RESERVED
CVE-2016-8148
	RESERVED
CVE-2016-8147
	RESERVED
CVE-2016-8146
	RESERVED
CVE-2016-8145
	RESERVED
CVE-2016-8144
	RESERVED
CVE-2016-8143
	RESERVED
CVE-2016-8142
	RESERVED
CVE-2016-8141
	RESERVED
CVE-2016-8140
	RESERVED
CVE-2016-8139
	RESERVED
CVE-2016-8138
	RESERVED
CVE-2016-8137
	RESERVED
CVE-2016-8136
	RESERVED
CVE-2016-8135
	RESERVED
CVE-2016-8134
	RESERVED
CVE-2016-8133
	RESERVED
CVE-2016-8132
	RESERVED
CVE-2016-8131
	RESERVED
CVE-2016-8130
	RESERVED
CVE-2016-8129
	RESERVED
CVE-2016-8128
	RESERVED
CVE-2016-8127
	RESERVED
CVE-2016-8126
	RESERVED
CVE-2016-8125
	RESERVED
CVE-2016-8124
	RESERVED
CVE-2016-8123
	RESERVED
CVE-2016-8122
	RESERVED
CVE-2016-8121
	RESERVED
CVE-2016-8120
	RESERVED
CVE-2016-8119
	RESERVED
CVE-2016-8118
	RESERVED
CVE-2016-8117
	RESERVED
CVE-2016-8116
	RESERVED
CVE-2016-8115
	RESERVED
CVE-2016-8114
	RESERVED
CVE-2016-8113
	RESERVED
CVE-2016-8112
	RESERVED
CVE-2016-8111
	RESERVED
CVE-2016-8110
	RESERVED
CVE-2016-8109
	RESERVED
CVE-2016-8108
	RESERVED
CVE-2016-8107
	RESERVED
CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non ...)
	NOT-FOR-US: Intel driver
CVE-2016-8105 (Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Cont ...)
	NOT-FOR-US: Intel driver
CVE-2016-8104 (Buffer overflow in Intel PROSet/Wireless Software and Drivers in versi ...)
	NOT-FOR-US: Intel driver
CVE-2016-8103 (SMM call out in all Intel Branded NUC Kits allows a local privileged u ...)
	NOT-FOR-US: Intel driver
CVE-2016-8102 (Unquoted service path vulnerability in Intel Wireless Bluetooth Driver ...)
	NOT-FOR-US: Intel driver
CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local u ...)
	NOT-FOR-US: Intel SSD Toolbox
CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography before  ...)
	NOT-FOR-US: Intel
CVE-2016-8099
	REJECTED
CVE-2016-8098
	REJECTED
CVE-2016-8097
	REJECTED
CVE-2016-8096
	REJECTED
CVE-2016-8095
	REJECTED
CVE-2016-8094
	REJECTED
CVE-2016-8093
	REJECTED
CVE-2016-8092
	REJECTED
CVE-2016-8091
	REJECTED
CVE-2016-8090
	REJECTED
CVE-2016-8089
	REJECTED
CVE-2016-8088
	REJECTED
CVE-2016-8087
	REJECTED
CVE-2016-8086
	REJECTED
CVE-2016-8085
	REJECTED
CVE-2016-8084
	REJECTED
CVE-2016-8083
	REJECTED
CVE-2016-8082
	REJECTED
CVE-2016-8081
	REJECTED
CVE-2016-8080
	REJECTED
CVE-2016-8079
	REJECTED
CVE-2016-8078
	REJECTED
CVE-2016-8077
	REJECTED
CVE-2016-8076
	REJECTED
CVE-2016-8075
	REJECTED
CVE-2016-8074
	REJECTED
CVE-2016-8073
	REJECTED
CVE-2016-8072
	REJECTED
CVE-2016-8071
	REJECTED
CVE-2016-8070
	REJECTED
CVE-2016-8069
	REJECTED
CVE-2016-8068
	REJECTED
CVE-2016-8067
	REJECTED
CVE-2016-8066
	REJECTED
CVE-2016-8065
	REJECTED
CVE-2016-8064
	REJECTED
CVE-2016-8063
	REJECTED
CVE-2016-8062
	REJECTED
CVE-2016-8061
	REJECTED
CVE-2016-8060
	REJECTED
CVE-2016-8059
	REJECTED
CVE-2016-8058
	REJECTED
CVE-2016-8057
	REJECTED
CVE-2016-8056
	REJECTED
CVE-2016-8055
	REJECTED
CVE-2016-8054
	REJECTED
CVE-2016-8053
	REJECTED
CVE-2016-8052
	REJECTED
CVE-2016-8051
	REJECTED
CVE-2016-8050
	REJECTED
CVE-2016-8049
	RESERVED
CVE-2016-8048
	RESERVED
CVE-2016-8047
	RESERVED
CVE-2016-8046
	RESERVED
CVE-2016-8045
	RESERVED
CVE-2016-8044
	RESERVED
CVE-2016-8043
	RESERVED
CVE-2016-8042
	RESERVED
CVE-2016-8041
	RESERVED
CVE-2016-8040
	RESERVED
CVE-2016-8039
	REJECTED
CVE-2016-8038
	REJECTED
CVE-2016-8037
	REJECTED
CVE-2016-8036
	REJECTED
CVE-2016-8035
	REJECTED
CVE-2016-8034
	REJECTED
CVE-2016-8033
	REJECTED
CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus  ...)
	NOT-FOR-US: Intel Security Anti-Virus
CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in McAfee V ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8029
	REJECTED
CVE-2016-8028
	RESERVED
CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security McAfee  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security McAfee Sec ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8025 (SQL injection vulnerability in Intel Security VirusScan Enterprise Lin ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8024 (Improper neutralization of CRLF sequences in HTTP headers vulnerabilit ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8023 (Authentication bypass by assumed-immutable data vulnerability in Intel ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8022 (Authentication bypass by spoofing vulnerability in Intel Security Viru ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8021 (Improper verification of cryptographic signature vulnerability in Inte ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8020 (Improper control of generation of code vulnerability in Intel Security ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8019 (Cross-site scripting (XSS) vulnerability in attributes in Intel Securi ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8018 (Cross-site request forgery (CSRF) vulnerability in Intel Security Viru ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8017 (Special element injection vulnerability in Intel Security VirusScan En ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise Linux (VSE ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8015
	RESERVED
CVE-2016-8014
	RESERVED
CVE-2016-8013
	RESERVED
CVE-2016-8012 (Access control vulnerability in Intel Security Data Loss Prevention En ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8011 (Cross-site scripting vulnerability in Intel Security McAfee Endpoint S ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8010 (Application protections bypass vulnerability in Intel Security McAfee  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8009 (Privilege escalation vulnerability in Intel Security McAfee Applicatio ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8008 (Privilege escalation vulnerability in Windows 7 and Windows 10 in McAf ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8007 (Authentication bypass vulnerability in McAfee Host Intrusion Preventio ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8006 (Authentication bypass vulnerability in Enterprise Security Manager (ES ...)
	NOT-FOR-US: Intel Security McAfee Security Information and Event Management
CVE-2016-8005 (File extension filtering vulnerability in Intel Security McAfee Email  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8004
	RESERVED
CVE-2016-8003
	RESERVED
CVE-2016-8002
	REJECTED
CVE-2016-8001
	RESERVED
CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/78
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7998 (The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows r ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/76
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23186 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23189 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23192 (3.0)
	NOTE: reproducible in Jessie (3.0.17-2+deb8u2)
CVE-2016-7997 (The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remo ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-4
	NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4
CVE-2016-7996 (Heap-based buffer overflow in the WPG format reader in GraphicsMagick  ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.21-2
	NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
	NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as
	NOTE: 1.3.21-2 the build is done with --with-quantum-depth=16 switching
	NOTE: away from the default with QuantumDepth=8
	NOTE: patch for this and CVE-2016-7997 at: http://openwall.com/lists/oss-security/2016/10/07/4
CVE-2016-7995 (Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in Q ...)
	- qemu 1:2.8+dfsg-1 (bug #840236)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
	NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
	NOTE: Though this commit fixed an OOB read access issue which might need
	NOTE: potentially a new separate CVE id if it does not have one yet.
CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in hw/displa ...)
	- qemu 1:2.8+dfsg-1 (bug #840228)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
CVE-2016-7993 (A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could caus ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7992 (The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer  ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores secur ...)
	NOT-FOR-US: Samsung
CVE-2016-7990 (On Samsung Galaxy S4 through S7 devices, an integer overflow condition ...)
	NOT-FOR-US: Samsung
CVE-2016-7989 (On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS  ...)
	NOT-FOR-US: Samsung
CVE-2016-7988 (On Samsung Galaxy S4 through S7 devices, absence of permissions on the ...)
	NOT-FOR-US: Samsung
CVE-2016-7987 (An issue was discovered in Siemens ETA4 firmware (all versions prior t ...)
	NOT-FOR-US: Siemens
CVE-2016-7986 (The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7985 (The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in  ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7984 (The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7983 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in prin ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in SP ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/73
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23185 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23188 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23191 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23187 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23190 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23193 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23206 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23207 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23208 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7981 (Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3. ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/68
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7980 (Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/67
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7975 (The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7974 (The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-i ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7973 (The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in  ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7972 (The check_allocations function in libass/ass_shaper.c in libass before ...)
	{DLA-668-1}
	- libass 0.13.4-1
	[jessie] - libass <no-dsa> (Minor issue)
	NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
CVE-2016-7971
	REJECTED
CVE-2016-7970 (Buffer overflow in the calc_coeff function in libass/ass_blur.c in lib ...)
	- libass 0.13.4-1
	[jessie] - libass <not-affected> (Vulnerable code introduced later)
	[wheezy] - libass <not-affected> (Vulnerable code first introduced in July 2015)
	NOTE: Fixed by: https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75
	NOTE: Vulnerable function calc_coeff introduced in: https://github.com/libass/libass/commit/d787615845d78d8f8e6d1a4ffc3dc3eecd8a92f6 (0.13.0)
CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0.13.4  ...)
	{DLA-668-1}
	- libass 0.13.4-1
	[jessie] - libass <no-dsa> (Minor issue)
	NOTE: https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26
CVE-2016-7968 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
	- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
	NOTE: https://www.kde.org/info/security/advisory-20161006-3.txt
	NOTE: Would by fixed by: https://cgit.kde.org/messagelib.git/commit/?id=f601f9ffb706f7d3a5893b04f067a1f75da62c99
	NOTE: and building with Qt 5.7.0.
	NOTE: Following patches partly sanitize mails but still make it possible to inject code:
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
	NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
	NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7967 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
	- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
	NOTE: https://www.kde.org/info/security/advisory-20161006-2.txt
	NOTE: Fixed by: https://cgit.kde.org/messagelib.git/commit/?id=dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
	NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
	NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7966 (Through a malicious URL that contained a quote character it was possib ...)
	{DSA-3697-1 DLA-673-1}
	- kdepimlibs 4:4.14.10-7 (bug #840546)
	- kcoreaddons 5.26.0-3 (bug #840547)
	NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt
CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...)
	- dokuwiki <unfixed> (bug #844732; unimportant)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709
	NOTE: Can be adresesd by properly configure dokuwiki as per
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709#issuecomment-262337572
CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
	- dokuwiki <unfixed> (low; bug #844731)
	[buster] - dokuwiki <ignored> (Minor issue)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1708
CVE-2016-7963
	RESERVED
CVE-2016-7962
	RESERVED
CVE-2016-7961
	RESERVED
CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format  ...)
	NOT-FOR-US: Siemens
CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-sh ...)
	NOT-FOR-US: Siemens
CVE-2016-7958 (In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet ...)
	- wireshark 2.2.1+ga6fbd27-1
	[jessie] - wireshark <not-affected> (Introduced with "Add checkAPI calls to CMake")
	[wheezy] - wireshark <not-affected> (Introduced with "Add checkAPI calls to CMake")
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12945
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67597cb2457fb843fa97d3f2c87b82dad6f0de07
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-57.html
CVE-2016-7957 (In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, trigger ...)
	- wireshark 2.2.1+ga6fbd27-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-56.html
CVE-2016-7956
	RESERVED
CVE-2016-7955 (The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary Ruby code ...)
	- bundler 2.1.4-1 (bug #842504)
	[buster] - bundler <ignored> (Minor issue, too intrusive to backport)
	[stretch] - bundler <ignored> (Minor issue, too intrusive to backport)
	[jessie] - bundler <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - bundler <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
	NOTE: There is no plan from upstream to address this for bundler 1.x
	NOTE: due to lockfile format.
CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X server ...)
	{DLA-671-1}
	- libxvmc 2:1.0.10-1 (low; bug #840445)
	[jessie] - libxvmc 2:1.0.8-2+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
CVE-2016-7952 (X.org libXtst before 1.2.3 allows remote X servers to cause a denial o ...)
	{DLA-686-1}
	- libxtst 2:1.2.3-1 (low; bug #840444)
	[jessie] - libxtst 2:1.2.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7951 (Multiple integer overflows in X.org libXtst before 1.2.3 allow remote  ...)
	{DLA-686-1}
	- libxtst 2:1.2.3-1 (low; bug #840444)
	[jessie] - libxtst 2:1.2.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7950 (The XRenderQueryFilters function in X.org libXrender before 0.9.10 all ...)
	{DLA-664-1}
	- libxrender 1:0.9.10-1 (low; bug #840443)
	[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point release)
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
CVE-2016-7949 (Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEn ...)
	{DLA-664-1}
	- libxrender 1:0.9.10-1 (low; bug #840443)
	[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point release)
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
CVE-2016-7948 (X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of ...)
	{DLA-660-1}
	- libxrandr 2:1.5.1-1 (low; bug #840441)
	[jessie] - libxrandr 2:1.4.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7947 (Multiple integer overflows in X.org libXrandr before 1.5.1 allow remot ...)
	{DLA-660-1}
	- libxrandr 2:1.5.1-1 (low; bug #840441)
	[jessie] - libxrandr 2:1.4.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7946 (X.org libXi before 1.7.7 allows remote X servers to cause a denial of  ...)
	{DLA-685-1}
	- libxi 2:1.7.8-1 (low; bug #840440)
	[jessie] - libxi 2:1.7.4-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7945 (Multiple integer overflows in X.org libXi before 1.7.7 allow remote X  ...)
	{DLA-685-1}
	- libxi 2:1.7.8-1 (low; bug #840440)
	[jessie] - libxi 2:1.7.4-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7944 (Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms m ...)
	{DLA-654-1}
	- libxfixes 1:5.0.3-1 (low; bug #840442)
	[jessie] - libxfixes 1:5.0.1-2+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
CVE-2016-7943 (The XListFonts function in X.org libX11 before 1.6.4 might allow remot ...)
	{DLA-684-1}
	- libx11 2:1.6.4-1 (low; bug #840439)
	[jessie] - libx11 2:1.6.2-3+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
CVE-2016-7942 (The XGetImage function in X.org libX11 before 1.6.4 might allow remote ...)
	{DLA-684-1}
	- libx11 2:1.6.4-1 (low; bug #840439)
	[jessie] - libx11 2:1.6.2-3+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
CVE-2016-7941
	RESERVED
CVE-2016-7940 (The STP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7939 (The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7938 (The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7937 (The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7936 (The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7935 (The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7934 (The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7933 (The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7932 (The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7931 (The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7930 (The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7929 (The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer over ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7928 (The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in pri ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7927 (The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow i ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7926 (The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7925 (The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overfl ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7924 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7923 (The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7922 (The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-a ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7920
	RESERVED
CVE-2016-7919 (** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitiv ...)
	NOTE: Disputed moodle non-issue
CVE-2016-7918
	RESERVED
CVE-2016-7917 (The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the L ...)
	- linux 4.5.1-1 (low)
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c58d6c93680f28ac58984af61d0a7ebf4319c241 (v4.5-rc6)
CVE-2016-7916 (Race condition in the environ_read function in fs/proc/base.c in the L ...)
	- linux 4.5.4-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/8148a73c9901a8794a50f950083c00ccf97d43b3 (v4.6-rc7)
CVE-2016-7915 (The hid_input_field function in drivers/hid/hid-core.c in the Linux ke ...)
	{DLA-772-1}
	- linux 4.6.1-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/50220dead1650609206efe91f0cc116132d59b3f (v4.6-rc1)
CVE-2016-7914 (The assoc_array_insert_into_terminal_node function in lib/assoc_array. ...)
	- linux 4.5.3-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 (v4.6-rc4)
CVE-2016-7913 (The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c  ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (v4.6-rc1)
CVE-2016-7912 (Use-after-free vulnerability in the ffs_user_copy_worker function in d ...)
	- linux 4.5.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/38740a5b87d53ceb89eb2c970150f6e94e00373a (v4.6-rc5)
CVE-2016-7911 (Race condition in the get_task_ioprio function in block/ioprio.c in th ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/8ba8682107ee2ca3347354e018865d8e1967c5f4 (v4.7-rc7)
CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in block/g ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/77da160530dd1dc94f6ae15a981f24e5f0021e84 (v4.8-rc1)
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emul ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #839834)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emul ...)
	{DLA-1599-1 DLA-653-1 DLA-652-1}
	- qemu 1:2.8+dfsg-1 (bug #839835)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
CVE-2016-7907 (The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emul ...)
	- qemu 1:2.8+dfsg-3 (bug #839986)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
	NOTE: i.MX Fast Ethernet Controller emulation introduced in v2.5.0-rc0 with
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3 (v2.5.0-rc0)
CVE-2016-7906 (magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to c ...)
	{DSA-3726-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840435)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/281
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0
CVE-2016-7905 (The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3. ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/622ccbd8ab894e3ac6cdf607e3d4f39e406786e9 (n3.1.4)
CVE-2016-7904 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple bef ...)
	NOT-FOR-US: CMS Made Simple
CVE-2016-7903 (Dotclear before 2.10.3, when the Host header is not part of the web se ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/bb06343f4247
CVE-2016-7902 (Unrestricted file upload vulnerability in the fileUnzip-&gt;unzip meth ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/a9db771a5a70
CVE-2016-7901
	REJECTED
CVE-2016-7900
	REJECTED
CVE-2016-7899
	REJECTED
CVE-2016-7898
	REJECTED
CVE-2016-7897
	REJECTED
CVE-2016-7896
	REJECTED
CVE-2016-7895
	REJECTED
CVE-2016-7894
	REJECTED
CVE-2016-7893
	REJECTED
CVE-2016-7892 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7891 (Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier h ...)
	NOT-FOR-US: Adobe
CVE-2016-7890 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7889 (Adobe Digital Editions versions 4.5.2 and earlier has an issue with pa ...)
	NOT-FOR-US: Adobe
CVE-2016-7888 (Adobe Digital Editions versions 4.5.2 and earlier has an important vul ...)
	NOT-FOR-US: Adobe
CVE-2016-7887 (Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and ...)
	NOT-FOR-US: Adobe
CVE-2016-7886 (Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0. ...)
	NOT-FOR-US: Adobe
CVE-2016-7885 (Adobe Experience Manager versions 6.2 and earlier have a vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2016-7884 (Adobe Experience Manager versions 6.1 and earlier have an input valida ...)
	NOT-FOR-US: Adobe
CVE-2016-7883 (Adobe Experience Manager version 6.2 has an input validation issue in  ...)
	NOT-FOR-US: Adobe
CVE-2016-7882 (Adobe Experience Manager versions 6.2 and earlier have an input valida ...)
	NOT-FOR-US: Adobe
CVE-2016-7881 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7880 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7879 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7878 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7877 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7876 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7875 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7874 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7873 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7872 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7871 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7870 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7869 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7868 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7867 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7866 (Adobe Animate versions 15.2.1.95 and earlier have an exploitable memor ...)
	NOT-FOR-US: Adobe Animate
CVE-2016-7865 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7864 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7863 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7862 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7861 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7860 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7859 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7858 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7857 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7856 (Adobe DNG Converter versions 9.7 and earlier have an exploitable memor ...)
	NOT-FOR-US: Adobe DNG Converter
CVE-2016-7855 (Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7854 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7853 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7852 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7851 (Adobe Connect version 9.5.6 and earlier does not adequately validate i ...)
	NOT-FOR-US: Adobe
CVE-2016-7850
	REJECTED
CVE-2016-7849
	REJECTED
CVE-2016-7848
	REJECTED
CVE-2016-7847
	REJECTED
CVE-2016-7846
	REJECTED
CVE-2016-7845 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload ar ...)
	NOT-FOR-US: GigaCC OFFICE
CVE-2016-7844 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute a ...)
	NOT-FOR-US: GigaCC OFFICE
CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ear ...)
	NOT-FOR-US: AttacheCase
CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier a ...)
	NOT-FOR-US: AttacheCase
CVE-2016-7841 (Cross-site scripting vulnerability in Olive Diary DX allows remote att ...)
	NOT-FOR-US: Olive Diary DX
CVE-2016-7840 (Cross-site scripting vulnerability in WEB SCHEDULE allows remote attac ...)
	NOT-FOR-US: WEB SCHEDULE
CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote attacke ...)
	NOT-FOR-US: Olive Blog
CVE-2016-7838 (Untrusted search path vulnerability in WinSparkle versions prior to 0. ...)
	NOT-FOR-US: WinSparkle
CVE-2016-7837 (Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execut ...)
	- bluez 5.43-1
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 (5.42)
CVE-2016-7836 (SKYSEA Client View Ver.11.221.03 and earlier allows remote code execut ...)
	NOT-FOR-US: SKYSEA Client View
CVE-2016-7835 (Use-after-free vulnerability in H2O allows remote attackers to cause a ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/1144
CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, ...)
	NOT-FOR-US: SONY
CVE-2016-7833 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access r ...)
	NOT-FOR-US: Cybozu
CVE-2016-7832 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access r ...)
	NOT-FOR-US: Cybozu
CVE-2016-7831 (Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for  ...)
	NOT-FOR-US: Sleipnir
CVE-2016-7830 (Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C ...)
	NOT-FOR-US: Sony
CVE-2016-7829
	REJECTED
CVE-2016-7828
	REJECTED
CVE-2016-7827
	REJECTED
CVE-2016-7826 (Directory traversal vulnerability in Buffalo WNC01WH devices with firm ...)
	NOT-FOR-US: Buffalo
CVE-2016-7825 (Directory traversal vulnerability in Buffalo WNC01WH devices with firm ...)
	NOT-FOR-US: Buffalo
CVE-2016-7824 (Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allow ...)
	NOT-FOR-US: Buffalo
CVE-2016-7823 (Cross-site scripting vulnerability in Buffalo WNC01WH devices with fir ...)
	NOT-FOR-US: Buffalo
CVE-2016-7822 (Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH dev ...)
	NOT-FOR-US: Buffalo
CVE-2016-7821 (Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allo ...)
	NOT-FOR-US: Buffalo
CVE-2016-7820 (Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 an ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7819 (I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WR ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7818 (Untrusted search path vulnerability in Installers for Specification ch ...)
	NOT-FOR-US: Untrusted search path vulnerability in various installers
CVE-2016-7817 (Cross-site scripting vulnerability in Simple keitai chat 2.0 and earli ...)
	NOT-FOR-US: Simple keitai chat
CVE-2016-7816 (The Cybozu kintone mobile for Android 1.0.6 and earlier does not verif ...)
	NOT-FOR-US: Cybozu
CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certifica ...)
	NOT-FOR-US: Remote Service Manager provided by Cybozu
CVE-2016-7814 (I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WR ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and e ...)
	NOT-FOR-US: DERAEMON-CMS
CVE-2016-7812 (The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5. ...)
	NOT-FOR-US: Bank of Tokyo-Mitsubishi UFJ, Ltd. App
CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker o ...)
	NOT-FOR-US: Corega
CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. ...)
	NOT-FOR-US: Corega
CVE-2016-7809 (Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX  ...)
	NOT-FOR-US: Corega
CVE-2016-7808 (Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARG ...)
	NOT-FOR-US: Corega
CVE-2016-7807 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remot ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7806 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remot ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7805 (The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate  ...)
	NOT-FOR-US: mobiGate App
CVE-2016-7804 (Untrusted search path vulnerability in 7 Zip for Windows 16.02 and ear ...)
	NOT-FOR-US: 7 Zip for Windows
CVE-2016-7803 (SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows ...)
	NOT-FOR-US: Cybozu
CVE-2016-7802 (Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allo ...)
	NOT-FOR-US: Cybozu
CVE-2016-7801 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access  ...)
	NOT-FOR-US: Cybozu
CVE-2016-7800 (Integer underflow in the parse8BIM function in coders/meta.c in Graphi ...)
	{DSA-3746-1 DLA-651-1}
	- graphicsmagick 1.3.25-3
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
CVE-2016-7799 (MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attac ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in G ...)
	{DSA-3966-1 DLA-1421-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #842432)
	- ruby2.1 <removed> (bug #842544)
	NOTE: https://github.com/ruby/openssl/issues/49
	NOTE: https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062
	- ruby-attr-encrypted 3.0.1-2
	NOTE: https://github.com/attr-encrypted/attr_encrypted/issues/203
	- ruby-encryptor 3.0.0-1
	NOTE: https://github.com/attr-encrypted/encryptor/pull/22
CVE-2016-7797 (Pacemaker before 1.1.15, when using pacemaker remote, might allow remo ...)
	- pacemaker 1.1.15~rc3-1
	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced after 1.1.10)
	NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269
	NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 (Pacemaker-1.1.15-rc1)
	NOTE: Vulnerable code introduced in: https://github.com/ClusterLabs/pacemaker/commit/87f40917feb5109f827d83765c924acbbd824379 (Pacemaker-1.1.12-rc1)
CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local users  ...)
	{DLA-659-1}
	- systemd 231-9 (bug #839607)
	[jessie] - systemd 215-17+deb8u6
	NOTE: https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
	NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240
CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and earlier  ...)
	- systemd 231-9 (bug #839171)
	[jessie] - systemd <not-affected> (Introduced in 219)
	[wheezy] - systemd <not-affected> (Introduced in 219)
	NOTE: https://github.com/systemd/systemd/issues/4234
	NOTE: https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020
	NOTE: Originally fixed in 231-8 but caused a regression fixed in 231-9
	NOTE: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
CVE-2016-7794 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to e ...)
	- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to e ...)
	- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7792 (Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database ...)
	NOT-FOR-US: Ubiquiti Networks UniFi
CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7789 (SQL injection vulnerability in framework/core/models/expConfig.php in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7788 (SQL injection vulnerability in framework/modules/users/models/user.php ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7787 (A maliciously crafted command line for kdesu can result in the user on ...)
	- kde-cli-tools 4:5.8.0-1 (bug #839865)
	- kde-runtime 4:16.08.3-2 (bug #842498)
	[jessie] - kde-runtime <no-dsa> (Minor issue)
	[wheezy] - kde-runtime <not-affected> (Unicode string terminator is not interpreted)
	- kdesudo <removed> (bug #843790)
	[stretch] - kdesudo <no-dsa> (Minor issue)
	[jessie] - kdesudo <no-dsa> (Minor issue)
	[wheezy] - kdesudo <not-affected> (Unicode string terminator is not interpreted)
	NOTE: https://www.kde.org/info/security/advisory-20160930-1.txt
	NOTE: https://github.com/KDE/kde-cli-tools/commit/5eda179a099ba68a20dc21dc0da63e85a565a171
	NOTE: For kde-cli-tools fixed in 5.7.5 upstream
	NOTE: kde-runtime's affected binary is /usr/lib/kde4/libexec/kdesu-distrib/kdesu
	NOTE: kdesudo's affected binary is /usr/bin/kdesudo
CVE-2016-7786 (Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated us ...)
	NOT-FOR-US: Sophos
CVE-2016-7785 (The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3. ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c8c5f66b42edc37474baa5cb51460cbf6f33075b (n3.1.4)
CVE-2016-7784 (SQL injection vulnerability in the getSection function in framework/co ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7783 (SQL injection vulnerability in framework/core/models/expRecord.php in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7782 (SQL injection vulnerability in framework/core/models/expConfig.php in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7781 (SQL injection vulnerability in framework/modules/blog/controllers/blog ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7780 (SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3. ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7779
	RESERVED
CVE-2016-7778
	RESERVED
CVE-2016-7777 (Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which ...)
	{DSA-3729-1 DLA-699-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-190.html
CVE-2016-7776
	RESERVED
CVE-2016-7775
	REJECTED
CVE-2016-7774
	REJECTED
CVE-2016-7773
	REJECTED
CVE-2016-7772
	REJECTED
CVE-2016-7771
	REJECTED
CVE-2016-7770
	REJECTED
CVE-2016-7769
	REJECTED
CVE-2016-7768
	REJECTED
CVE-2016-7767
	REJECTED
CVE-2016-7766
	REJECTED
CVE-2016-7765 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7764
	REJECTED
CVE-2016-7763
	REJECTED
CVE-2016-7762 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7761 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7760
	REJECTED
CVE-2016-7759 (An issue was discovered in certain Apple products. iOS before 10 is af ...)
	NOT-FOR-US: Apple
CVE-2016-7758
	REJECTED
CVE-2016-7757
	REJECTED
CVE-2016-7756
	REJECTED
CVE-2016-7755
	REJECTED
CVE-2016-7754
	REJECTED
CVE-2016-7753
	REJECTED
CVE-2016-7752
	REJECTED
CVE-2016-7751
	REJECTED
CVE-2016-7750
	REJECTED
CVE-2016-7749
	REJECTED
CVE-2016-7748
	REJECTED
CVE-2016-7747
	REJECTED
CVE-2016-7746
	REJECTED
CVE-2016-7745
	REJECTED
CVE-2016-7744
	REJECTED
CVE-2016-7743
	REJECTED
CVE-2016-7742 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7741
	REJECTED
CVE-2016-7740
	REJECTED
CVE-2016-7739
	REJECTED
CVE-2016-7738
	REJECTED
CVE-2016-7737
	REJECTED
CVE-2016-7736
	REJECTED
CVE-2016-7735
	REJECTED
CVE-2016-7734
	REJECTED
CVE-2016-7733
	REJECTED
CVE-2016-7732
	REJECTED
CVE-2016-7731
	REJECTED
CVE-2016-7730
	REJECTED
CVE-2016-7729
	REJECTED
CVE-2016-7728
	REJECTED
CVE-2016-7727
	REJECTED
CVE-2016-7726
	REJECTED
CVE-2016-7725
	REJECTED
CVE-2016-7724
	REJECTED
CVE-2016-7723
	REJECTED
CVE-2016-7722
	REJECTED
CVE-2016-7721
	REJECTED
CVE-2016-7720
	REJECTED
CVE-2016-7719
	REJECTED
CVE-2016-7718
	REJECTED
CVE-2016-7717
	REJECTED
CVE-2016-7716
	REJECTED
CVE-2016-7715
	REJECTED
CVE-2016-7714 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7713
	REJECTED
CVE-2016-7712
	REJECTED
CVE-2016-7711
	REJECTED
CVE-2016-7710
	REJECTED
CVE-2016-7709
	REJECTED
CVE-2016-7708
	REJECTED
CVE-2016-7707
	REJECTED
CVE-2016-7706
	REJECTED
CVE-2016-7705
	REJECTED
CVE-2016-7704
	RESERVED
CVE-2016-7703
	REJECTED
CVE-2016-7702
	REJECTED
CVE-2016-7701
	REJECTED
CVE-2016-7700
	REJECTED
CVE-2016-7699
	REJECTED
CVE-2016-7698
	REJECTED
CVE-2016-7697
	REJECTED
CVE-2016-7696
	REJECTED
CVE-2016-7695
	REJECTED
CVE-2016-7694
	REJECTED
CVE-2016-7693
	REJECTED
CVE-2016-7692
	REJECTED
CVE-2016-7691
	REJECTED
CVE-2016-7690
	REJECTED
CVE-2016-7689
	REJECTED
CVE-2016-7688
	REJECTED
CVE-2016-7687
	REJECTED
CVE-2016-7686
	REJECTED
CVE-2016-7685
	REJECTED
CVE-2016-7684
	REJECTED
CVE-2016-7683
	REJECTED
CVE-2016-7682
	REJECTED
CVE-2016-7681
	REJECTED
CVE-2016-7680
	REJECTED
CVE-2016-7679
	REJECTED
CVE-2016-7678
	REJECTED
CVE-2016-7677
	REJECTED
CVE-2016-7676
	REJECTED
CVE-2016-7675
	REJECTED
CVE-2016-7674
	REJECTED
CVE-2016-7673
	REJECTED
CVE-2016-7672
	REJECTED
CVE-2016-7671
	REJECTED
CVE-2016-7670
	REJECTED
CVE-2016-7669
	REJECTED
CVE-2016-7668
	REJECTED
CVE-2016-7667 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7666 (An issue was discovered in certain Apple products. Transporter before  ...)
	NOT-FOR-US: Apple
CVE-2016-7665 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7664 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7663 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7662 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7661 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7660 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7659 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7658 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7657 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7656 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7655 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7654 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7653 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7652 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7651 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7650 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7649 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7648 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7647
	REJECTED
CVE-2016-7646 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7645 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7644 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7643 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7642 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7641 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7640 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7639 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7638 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7637 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7636 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7635 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7634 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7633 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7632 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7631
	REJECTED
CVE-2016-7630 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7629 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7628 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7627 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7626 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7625 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7624 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7623 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7622 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7621 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7620 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7619 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7618 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7617 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7616 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7615 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7614 (An issue was discovered in certain Apple products. iCloud before 6.1 i ...)
	NOT-FOR-US: Apple
CVE-2016-7613 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7612 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7611 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7610 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7609 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7608 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7607 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7606 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7605 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7604 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7603 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7602 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7601 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7600 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7599 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7598 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7597 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7596 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7595 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7594 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7593
	REJECTED
CVE-2016-7592 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7591 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7590
	REJECTED
CVE-2016-7589 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7588 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7587 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7586 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7585 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7584 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7583 (An issue was discovered in certain Apple products. iCloud before 6.0.1 ...)
	NOT-FOR-US: Apple
CVE-2016-7582 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-7581 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7580 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-7579 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7578 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7577 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7576 (In iOS before 9.3.3, a memory corruption issue existed in the kernel.  ...)
	NOT-FOR-US: Apple
CVE-2016-7574
	RESERVED
CVE-2016-7573
	RESERVED
CVE-2016-7572 (The system.temporary route in Drupal 8.x before 8.1.10 does not proper ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7571 (Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 a ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7570 (Drupal 8.x before 8.1.10 does not properly check for "Administer comme ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7569 (Directory traversal vulnerability in docker2aci before 0.13.0 allows r ...)
	- golang-github-appc-docker2aci 0.14.0+dfsg-1 (bug #839282)
	NOTE: https://github.com/appc/docker2aci/issues/201
CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...)
	{DSA-3693-1}
	- libgd2 2.2.3-87-gd0fec80-1 (bug #839659)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: libgd bug: https://github.com/libgd/libgd/issues/308
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
	- php7.0 7.0.12-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.27+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003
	NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
CVE-2016-7567 (Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compar ...)
	- openslp-dfsg <not-affected> (Only affects openslp 2)
	NOTE: https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/
CVE-2016-7566
	RESERVED
CVE-2016-7565 (install/index.php in Exponent CMS 2.3.9 allows remote attackers to exe ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7564 (Heap-based buffer overflow in the Fp_toString function in jsfunction.c ...)
	NOT-FOR-US: MuJS
CVE-2016-7563 (The chartorune function in Artifex Software MuJS allows attackers to c ...)
	NOT-FOR-US: MuJS
CVE-2016-7562 (The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/496267f8e9ec218351e4359e1fde48722d4fc804 (n3.1.4)
CVE-2016-7561 (Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8. ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-7560 (The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1,  ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-7559
	RESERVED
CVE-2016-7558
	RESERVED
CVE-2016-7557
	RESERVED
CVE-2016-7556
	RESERVED
CVE-2016-7555 (The avi_read_header function in libavformat/avidec.c in FFmpeg before  ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8834e080c20d3d23c3ffe779371359f9b9b835ec (n3.1.4)
CVE-2016-7554
	REJECTED
CVE-2016-7552 (On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory tr ...)
	NOT-FOR-US: Trend Micro Threat Discovery Appliance
CVE-2016-7549 (Google Chrome before 53.0.2785.113 does not ensure that the recipient  ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-7548
	RESERVED
CVE-2016-7547 (A command execution flaw on the Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro Threat Discovery Appliance
CVE-2016-7546
	RESERVED
CVE-2016-7545 (SELinux policycoreutils allows local users to execute arbitrary comman ...)
	{DLA-638-1}
	- policycoreutils 2.5-3 (bug #838599)
	[jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
	NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
	NOTE: Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
	NOTE: Marked as exception as not-affected, although the source is affected but the built
	NOTE: binary packages do not contain the sandbox binary. We cannot use 'unimportant'
	NOTE: severity here since the unstable version builts a binary package which contains it.
CVE-2016-7544 (Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _ ...)
	- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers)
CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands with  ...)
	{DLA-680-1}
	- bash 4.4-1
	[jessie] - bash 4.3-11+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9
	NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
	NOTE: Wheezy are affected.
	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048
CVE-2016-7542 (A read-only administrator on Fortinet devices with FortiOS 5.2.x befor ...)
	NOT-FOR-US: FortiOS
CVE-2016-7541 (Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x bef ...)
	NOT-FOR-US: FortiOS
CVE-2016-7512
	RESERVED
CVE-2016-7511 (Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows  ...)
	{DLA-635-1}
	- dwarfutils 20160923-1 (bug #838757)
	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://sourceforge.net/p/libdwarf/bugs/3/
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-002
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
	NOTE: found.
CVE-2016-7510 (The read_line_table_program function in dwarf_line_table_reader_common ...)
	{DLA-635-1}
	- dwarfutils 20160923-1 (bug #838756)
	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://sourceforge.net/p/libdwarf/bugs/4/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1377015
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-004
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
	NOTE: found.
CVE-2016-7509 (Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote  ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authent ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/issues/1047
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows  ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp  ...)
	NOT-FOR-US: MuJS
CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of Arti ...)
	NOT-FOR-US: MuJS
CVE-2016-7504 (A use-after-free vulnerability was observed in Rp_toString function of ...)
	NOT-FOR-US: MuJS
CVE-2016-7503
	RESERVED
CVE-2016-7502 (The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9d738e6968757d4e70c8e07e0b720ac0004accc4 (n3.1.4)
CVE-2016-7501
	RESERVED
	NOT-FOR-US: Oracle
CVE-2016-7500
	RESERVED
CVE-2016-7499 (The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances fro ...)
	- nova 2:13.1.0-1
	[jessie] - nova <not-affected> (Vulnerable code (re)introduced later)
	[wheezy] - nova <not-affected> (Vulnerable code (re)introduced later)
	NOTE: Relates to OSSA-2015-017 (CVE-2015-3280) which was previously fixed
	NOTE: and then reintroduced with 13.0.0 and refixed in 13.1.0.
CVE-2016-7497
	REJECTED
CVE-2016-7496
	REJECTED
CVE-2016-7495
	REJECTED
CVE-2016-7494
	REJECTED
CVE-2016-7493
	REJECTED
CVE-2016-7492
	REJECTED
CVE-2016-7491
	REJECTED
CVE-2016-7490 (The installation script studioexpressinstall for Teradata Studio Expre ...)
	NOT-FOR-US: Teradata Studio Express
CVE-2016-7489 (Teradata Virtual Machine Community Edition v15.10's perl script /opt/t ...)
	NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7488 (Teradata Virtual Machine Community Edition v15.10 has insecure file pe ...)
	NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7487
	REJECTED
CVE-2016-7486
	REJECTED
CVE-2016-7485
	REJECTED
CVE-2016-7484
	REJECTED
CVE-2016-7483
	REJECTED
CVE-2016-7482
	REJECTED
CVE-2016-7481
	REJECTED
CVE-2016-7480 (The SplObjectStorage unserialize implementation in ext/spl/spl_observe ...)
	- php7.0 7.0.12-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
	NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
	{DSA-3783-1 DLA-875-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
	NOTE: Fixed in 7.0.15
	NOTE: PHP 5.x/7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
	NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
	NOTE: The change is in 5.6+, even though the property table issue only affects
	NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based
	NOTE: attacks.
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ...)
	{DSA-3732-1 DLA-875-1}
	- php7.1 <not-affected> (Fixed before initial upload to Debian)
	- php7.0 7.0.13-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
	NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28)
	NOTE: backported patch for 5.4: https://lists.debian.org/87efysy07p.fsf@curie.anarc.at
CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 al ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, A ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7475 (Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a u ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
	REJECTED
CVE-2016-7472 (F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to ca ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7471
	REJECTED
CVE-2016-7470
	REJECTED
CVE-2016-7469 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
	NOT-FOR-US: BIG-IP
CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on  ...)
	NOT-FOR-US: F5
CVE-2016-7467 (The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 H ...)
	NOT-FOR-US: F5
CVE-2016-7465
	REJECTED
CVE-2016-7464
	REJECTED
CVE-2016-7463 (Cross-site scripting (XSS) vulnerability in the Host Client in VMware  ...)
	NOT-FOR-US: VMware
CVE-2016-7462 (The Suite REST API in VMware vRealize Operations (aka vROps) 6.x befor ...)
	NOT-FOR-US: VMware
CVE-2016-7461 (The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x be ...)
	NOT-FOR-US: VMware
CVE-2016-7460 (The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and ...)
	NOT-FOR-US: VMware
CVE-2016-7459 (VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote  ...)
	NOT-FOR-US: VMware
CVE-2016-7458 (VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote  ...)
	NOT-FOR-US: VMware
CVE-2016-7457 (VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote  ...)
	NOT-FOR-US: VMware
CVE-2016-7456 (VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH pri ...)
	NOT-FOR-US: VMware
CVE-2016-7455
	RESERVED
CVE-2016-7454 (CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T ...)
	NOT-FOR-US: Technicolor TC dpc3941T
CVE-2016-7453 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7452 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7451
	RESERVED
CVE-2016-7450 (The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3 ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ac8ac46641adef208485baebc3734463bf0bd266 (n3.1.4)
CVE-2016-7449 (The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 al ...)
	{DLA-1401-1 DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: The scope of the CVE is for all of these reported TIFF problems.
	NOTE: The ultimate vulnerability was use of:
	NOTE: strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
	NOTE: three times in coders/tiff.c, where strlcpy is not an appropriate
	NOTE: function choice for this type of scenario of untrusted-data copying.
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
	NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5
CVE-2016-7448 (The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote atta ...)
	{DLA-1401-1 DLA-683-1}
	- graphicsmagick 1.3.25-1
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d
CVE-2016-7447 (Heap-based buffer overflow in the EscapeParenthesis function in Graphi ...)
	{DLA-1401-1 DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d580e3c3c034
CVE-2016-7446 (Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1. ...)
	{DLA-1401-1 DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: For the http://www.graphicsmagick.org/NEWS.html#september-5-2016 case
	NOTE: which remained present in the 1.3.24 release (and was not fixed until 1.3.25)
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
CVE-2016-7445 (convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a  ...)
	- openjpeg2 2.1.2-1 (unimportant; bug #838690)
	NOTE: https://github.com/uclouvain/openjpeg/issues/843
	NOTE: PoC: https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2017-7443 (apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP respo ...)
	{DLA-873-1}
	- apt-cacher-ng 3-1 (bug #858833)
	[buster] - apt-cacher-ng 2-2
	[stretch] - apt-cacher-ng 2-2
	[jessie] - apt-cacher-ng <no-dsa> (Minor issue)
	[wheezy] - apt-cacher-ng <no-dsa> (Minor issue)
	- apt-cacher 1.7.15 (bug #858739)
	[buster] - apt-cacher 1.7.13+deb9u1
	[stretch] - apt-cacher 1.7.13+deb9u1
	[jessie] - apt-cacher 1.7.10+deb8u1
CVE-2016-7442 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
	NOT-FOR-US: Sophos UTM
CVE-2016-7441
	RESERVED
CVE-2016-7440 (The C software implementation of AES Encryption and Decryption in wolf ...)
	{DSA-3711-1 DSA-3706-1 DLA-708-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.16-1 (bug #841163)
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed> (bug #841050)
	NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly CyaSSL) befo ...)
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly CyaSSL) befo ...)
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the S ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-7436
	RESERVED
CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and  ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-7434 (The read_mru_list function in NTP before 4.2.8p9 allows remote attacke ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, vulnerable code not present)
	[wheezy] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3082
	NOTE: Only possible to trigger from hosts in allow mrulist query.
CVE-2016-7433 (NTP before 4.2.8p9 does not properly perform the initial sync calculat ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code introduced in ntp-4.2.7p385)
	[wheezy] - ntp <not-affected> (Vulnerable code introduced in ntp-4.2.7p385)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3067
	NOTE: Although the CVE is only for the issue introduced by the fix for
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2085, he root-distance calculation
	NOTE: itself in general is incorrect in all version of ntp-4 until ntp-4.2.8p9
CVE-2016-7432
	RESERVED
CVE-2016-7431 (NTP before 4.2.8p9 allows remote attackers to bypass the origin timest ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code introduced later)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3102
CVE-2016-7430
	RESERVED
CVE-2016-7429 (NTP before 4.2.8p9 changes the peer structure to the interface it rece ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, only possible if rp_filter is 0)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3072
CVE-2016-7428 (ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial o ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3113
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0130/
	NOTE: The fixes for CVE-2015-7973 have added several new integrity checks on incoming
	NOTE: broadcast mode packets and issue got introduced with code changes to fix that
	NOTE: issue.
CVE-2016-7427 (The broadcast mode replay prevention functionality in ntpd in NTP befo ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3114
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0131/
	NOTE: The fixes for CVE-2015-7973 have added several new integrity checks on incoming
	NOTE: broadcast mode packets and issue got introduced with code changes to fix that
	NOTE: issue.
CVE-2016-7426 (NTP before 4.2.8p9 rate limits responses received from the configured  ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3071
CVE-2016-7425 (The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
	NOTE: Upstream commit: https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
CVE-2016-7424 (The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav ...)
	{DSA-3685-1 DLA-780-1}
	- libav <removed>
	- ffmpeg <not-affected> (Fixed before introduction into the archive)
	NOTE: Fixed by: https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee
	NOTE: https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7420 (Crypto++ (aka cryptopp) through 5.6.4 does not document the requiremen ...)
	- libcrypto++ <unfixed> (unimportant)
	NOTE: https://github.com/weidai11/cryptopp/issues/277
	NOTE: The scope of this CVE is the documentation bug, lacking treatment of
	NOTE: -DNDEBUG and Static Initialization
	NOTE: Documentation added in https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6
CVE-2016-7419 (Cross-site scripting (XSS) vulnerability in share.js in the gallery ap ...)
	- nextcloud <itp> (bug #835086)
	- owncloud <not-affected> (Vulnerable code introduced later)
	NOTE: up to version which was removed, not included, as the vulnerable code was
	NOTE: introduced later in a migration of the Gallery app to a new sharing endpoint
	NOTE: where a parameter changed from an interger to a string value, and that value
	NOTE: not beeing sanitized.
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-011
	NOTE: https://github.com/owncloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
	NOTE: https://hackerone.com/reports/145355
CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
	NOTE: The scope of this CVE also includes all of the "other four similar issues"
	NOTE: in the "[2016-09-12 06:44 UTC]" comment.
CVE-2016-7417 (ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceed ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
CVE-2016-7416 (ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x bef ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
CVE-2016-7415 (Stack-based buffer overflow in the Locale class in common/locid.cpp in ...)
	{DSA-3725-1 DLA-744-1}
	[experimental] - icu 58.1-1
	- icu 57.1-5 (bug #838694)
	NOTE: Related code in http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
	NOTE: PHP fix: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
	NOTE: Upstream bug: http://bugs.icu-project.org/trac/ticket/12745
CVE-2016-7414 (The ZIP signature-verification feature in PHP before 5.6.26 and 7.x be ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
CVE-2016-7413 (Use-after-free vulnerability in the wddx_stack_destroy function in ext ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
CVE-2016-7412 (ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
CVE-2016-7411 (ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles objec ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 <not-affected> (Only affects 5.x)
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
	NOTE: Fixed in 5.6.26
	NOTE: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1
CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 201606 ...)
	- dwarfutils 20160923-1 (bug #838019)
	[jessie] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
	[wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-003
	NOTE: http://seclists.org/oss-sec/2016/q3/490
	NOTE: Initial addressed upstream in refactoring in:
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/e12f6c0b69c20f58dccc4505309cf7f974c34dc2
	NOTE: with final fix/follow up: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
CVE-2016-7409 (The dbclient and server in Dropbear SSH before 2016.74, when compiled  ...)
	- dropbear 2016.74-1 (unimportant)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
	NOTE: Not an issue for the the Debian binary package since we do not
	NOTE: compile with DEBUG_TRACE.
CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...)
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows atta ...)
	{DLA-634-1}
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows remo ...)
	{DLA-634-1}
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
CVE-2016-7404 (OpenStack Magnum passes OpenStack credentials into the Heat templates  ...)
	- magnum 3.1.1-5 (bug #863547)
	NOTE: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
CVE-2016-7403
	RESERVED
CVE-2016-7402 (SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own Sour ...)
	NOT-FOR-US: SAP ASE
CVE-2016-7401 (The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.1 ...)
	{DSA-3678-1 DLA-649-1}
	- python-django 1:1.10-1 (low)
	NOTE: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
CVE-2016-7400 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 al ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6. ...)
	NOT-FOR-US: Veritas NetBackup Applianc
CVE-2016-7398 (A type confusion vulnerability in the merge_param() function of php_ht ...)
	{DLA-1929-1}
	- php-pecl-http 3.1.0+2.6.0-1
	NOTE: https://bugs.php.net/bug.php?id=73055
	NOTE: https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83
CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
	NOT-FOR-US: Sophos UTM
CVE-2016-7396
	RESERVED
CVE-2016-7395 (SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Wi ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.92-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-7394 (tiki wiki cms groupware &lt;=15.2 has a xss vulnerability, allow attac ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/59653/
CVE-2016-7391 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7390 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7389 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Di ...)
	- nvidia-graphics-drivers 367.57-1 (bug #846331)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
	- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7388 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7387 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7386 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7385 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7384 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7383 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7382 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Di ...)
	- nvidia-graphics-drivers 367.57-1 (bug #846331)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
	- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7381 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7380
	RESERVED
CVE-2016-7379
	RESERVED
CVE-2016-7378
	RESERVED
CVE-2016-7377
	RESERVED
CVE-2016-7376
	RESERVED
CVE-2016-7375
	RESERVED
CVE-2016-7374
	RESERVED
CVE-2016-7373
	RESERVED
CVE-2016-7372
	RESERVED
CVE-2016-7371
	RESERVED
CVE-2016-7370
	RESERVED
CVE-2016-7369
	RESERVED
CVE-2016-7368
	RESERVED
CVE-2016-7367
	REJECTED
CVE-2016-7366
	REJECTED
CVE-2016-7365
	REJECTED
CVE-2016-7364
	REJECTED
CVE-2016-7363
	REJECTED
CVE-2016-7362
	REJECTED
CVE-2016-7361
	REJECTED
CVE-2016-7360
	REJECTED
CVE-2016-7359
	REJECTED
CVE-2016-7358
	REJECTED
CVE-2016-7357
	REJECTED
CVE-2016-7356
	REJECTED
CVE-2016-7355
	REJECTED
CVE-2016-7354
	REJECTED
CVE-2016-7353
	REJECTED
CVE-2016-7352
	REJECTED
CVE-2016-7351
	REJECTED
CVE-2016-7350
	REJECTED
CVE-2016-7349
	REJECTED
CVE-2016-7348
	REJECTED
CVE-2016-7347
	REJECTED
CVE-2016-7346
	REJECTED
CVE-2016-7345
	REJECTED
CVE-2016-7344
	REJECTED
CVE-2016-7343
	REJECTED
CVE-2016-7342
	REJECTED
CVE-2016-7341
	REJECTED
CVE-2016-7340
	REJECTED
CVE-2016-7339
	REJECTED
CVE-2016-7338
	REJECTED
CVE-2016-7337
	REJECTED
CVE-2016-7336
	REJECTED
CVE-2016-7335
	REJECTED
CVE-2016-7334
	REJECTED
CVE-2016-7333
	REJECTED
CVE-2016-7332
	REJECTED
CVE-2016-7331
	REJECTED
CVE-2016-7330
	REJECTED
CVE-2016-7329
	REJECTED
CVE-2016-7328
	REJECTED
CVE-2016-7327
	REJECTED
CVE-2016-7326
	REJECTED
CVE-2016-7325
	REJECTED
CVE-2016-7324
	REJECTED
CVE-2016-7323
	REJECTED
CVE-2016-7322
	REJECTED
CVE-2016-7321
	REJECTED
CVE-2016-7320
	REJECTED
CVE-2016-7319
	REJECTED
CVE-2016-7318
	REJECTED
CVE-2016-7317
	REJECTED
CVE-2016-7316
	REJECTED
CVE-2016-7315
	REJECTED
CVE-2016-7314
	REJECTED
CVE-2016-7313
	REJECTED
CVE-2016-7312
	REJECTED
CVE-2016-7311
	REJECTED
CVE-2016-7310
	REJECTED
CVE-2016-7309
	REJECTED
CVE-2016-7308
	REJECTED
CVE-2016-7307
	REJECTED
CVE-2016-7306
	REJECTED
CVE-2016-7305
	REJECTED
CVE-2016-7304
	REJECTED
CVE-2016-7303
	REJECTED
CVE-2016-7302
	REJECTED
CVE-2016-7301
	REJECTED
CVE-2016-7300 (Untrusted search path vulnerability in Microsoft Auto Updater for Mac  ...)
	NOT-FOR-US: Microsoft Auto Updater for Mac
CVE-2016-7299
	REJECTED
CVE-2016-7298 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Ma ...)
	NOT-FOR-US: Microsoft
CVE-2016-7297 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-7294
	REJECTED
CVE-2016-7293
	REJECTED
CVE-2016-7292 (The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7291 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-7290 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-7289 (Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2016-7288 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7287 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7286 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7285
	REJECTED
CVE-2016-7284 (Microsoft Internet Explorer 10 and 11 allows remote attackers to obtai ...)
	NOT-FOR-US: Microsoft
CVE-2016-7283 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-7282 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2016-7281 (The Web Workers implementation in Microsoft Internet Explorer 10 and 1 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-7280 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7279 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7278 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ob ...)
	NOT-FOR-US: Microsoft
CVE-2016-7277 (Microsoft Office 2016 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Microsoft
CVE-2016-7276 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office fo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7275 (Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7274 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7273 (The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 an ...)
	NOT-FOR-US: Microsoft
CVE-2016-7272 (The Graphics component in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7271 (The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 15 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7270 (The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mis ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2016-7269
	REJECTED
CVE-2016-7268 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-7267 (Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses fi ...)
	NOT-FOR-US: Microsoft
CVE-2016-7266 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7265 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7264 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7263 (Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7262 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7261
	REJECTED
CVE-2016-7260 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7259 (The Graphics Component in the kernel-mode drivers in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7258 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Se ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7257 (The GDI component in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7256 (atmfd.dll in the Windows font library in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7255 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7254 (Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a ...)
	NOT-FOR-US: Microsoft
CVE-2016-7253 (The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-7252 (Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-7251 (Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft S ...)
	NOT-FOR-US: Microsoft
CVE-2016-7250 (Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly pe ...)
	NOT-FOR-US: Microsoft
CVE-2016-7249 (Microsoft SQL Server 2016 does not properly perform a cast of an unspe ...)
	NOT-FOR-US: Microsoft
CVE-2016-7248 (Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7247 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7246 (The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7245 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7244 (Microsoft Office 2007 SP3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2016-7243 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7242 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7241 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-7240 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7239 (The RegEx class in the XSS filter in Microsoft Internet Explorer 9 thr ...)
	NOT-FOR-US: Microsoft
CVE-2016-7238 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7237 (Local Security Authority Subsystem Service (LSASS) in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7236 (Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7235 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7234 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Wo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7233 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7232 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7231 (Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7230 (Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7229 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7228 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7227 (The scripting engines in Microsoft Internet Explorer 9 through 11 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7226 (Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7225 (Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7224 (Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7223 (Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7222 (Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7221 (Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2016-7220 (Virtual Secure Mode in Microsoft Windows 10 allows local users to obta ...)
	NOT-FOR-US: Microsoft
CVE-2016-7219 (The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7218 (Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7217 (Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold an ...)
	NOT-FOR-US: Microsoft
CVE-2016-7216 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7215 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7214 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7213 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7212 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7211 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7210 (atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7209 (Microsoft Edge allows remote attackers to spoof web content via a craf ...)
	NOT-FOR-US: Mircosoft
CVE-2016-7208 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7207
	REJECTED
CVE-2016-7206 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7205 (Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-7204 (Microsoft Edge allows remote attackers to access arbitrary "My Documen ...)
	NOT-FOR-US: Microsoft
CVE-2016-7203 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7202 (The scripting engines in Microsoft Internet Explorer 9 through 11 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7201 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7200 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7199 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7198 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7197
	REJECTED
CVE-2016-7196 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7195 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7192
	REJECTED
CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD)  ...)
	NOT-FOR-US: Microsoft Azure Active Directory Passport
CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-7187
	REJECTED
CVE-2016-7186
	REJECTED
CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7184 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-7183
	REJECTED
CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-7393 (Stack-based buffer overflow in the aac_sync function in aac_parser.c i ...)
	{DLA-644-1}
	- ffmpeg 7:2.4-1
	- libav <removed>
	[jessie] - libav 6:11.6-1~deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
CVE-2016-7392 (Heap-based buffer overflow in the pstoedit_suffix_table_init function  ...)
	{DLA-621-1}
	- autotrace 0.31.1-17 (bug #837599)
	NOTE: https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
	NOTE: Also reproducible with valgrind
CVE-2016-7180 (epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wir ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-55.html
	NOTE: https://code.wireshark.org/review/17289
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7179 (Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000 ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-54.html
	NOTE: https://code.wireshark.org/review/17095
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7178 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-53.html
	NOTE: https://code.wireshark.org/review/17094
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7177 (epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 diss ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-52.html
	NOTE: https://code.wireshark.org/review/17096
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7176 (epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x  ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-51.html
	NOTE: https://code.wireshark.org/review/16852
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7175 (epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark ...)
	- wireshark 2.2.0~rc1+g438c022-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-50.html
	NOTE: https://code.wireshark.org/review/16965
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-1000222 (Logstash prior to version 2.1.2, the CSV output can be attacked via en ...)
	- logstash <itp> (bug #664841)
CVE-2016-1000221 (Logstash prior to version 2.3.4, Elasticsearch Output plugin would log ...)
	- logstash <itp> (bug #664841)
CVE-2016-1000220 (Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that wo ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000219 (Kibana before 4.5.4 and 4.1.11 when a custom output is configured for  ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000217 (Zotpress plugin for WordPress SQLi in zp_get_account() ...)
	NOT-FOR-US: WordPress plugin zotpress
CVE-2016-1000216 (Ruckus Wireless H500 web management interface authenticated command in ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000215 (Ruckus Wireless H500 web management interface denial of service ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000214 (Ruckus Wireless H500 web management interface authentication bypass ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000213 (Ruckus Wireless H500 web management interface CSRF ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not p ...)
	- linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename)
	- linux-2.6 2.6.37-1
CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to exe ...)
	NOT-FOR-US: Liferay Portal
CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...)
	{DSA-3700-1 DLA-781-1}
	- asterisk 1:13.11.2~dfsg-1 (bug #838832)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
CVE-2016-7550 (asterisk 13.10.0 is affected by: denial of service issues in asterisk. ...)
	- asterisk 1:13.11.2~dfsg-1 (bug #838833)
	[jessie] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
	[wheezy] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-006.html
CVE-2016-7174
	RESERVED
CVE-2016-7173
	RESERVED
CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive informa ...)
	NOT-FOR-US: NetApp
CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...)
	NOT-FOR-US: NetApp
CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Q ...)
	{DLA-1599-1 DLA-653-1 DLA-652-1}
	- qemu 1:2.8+dfsg-1 (bug #837316)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
CVE-2016-7169 (Directory traversal vulnerability in the File_Upload_Upgrader class in ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.6.1+dfsg-1
	NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
	NOTE: Fixed in 4.6.1 release upstream
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38524
CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_upload fu ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.6.1+dfsg-1
	NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
	NOTE: Fixed in 4.6.1 release upstream
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escap ...)
	{DLA-1568-1 DLA-625-1}
	- curl 7.51.0-1 (bug #837945)
	NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
	NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
	NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
	NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST) (All v ...)
	NOT-FOR-US: Microsoft
CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller 3 ...)
	- file-roller 3.20.3-1
	[jessie] - file-roller <no-dsa> (Minor issue)
	[wheezy] - file-roller <not-affected> (Vulnerable code introduced in 3.5.4)
	NOTE: Ubuntu Bug: https://launchpad.net/bugs/1171236
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554
	NOTE: Introduced by: https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec (3.5.4)
	NOTE: Fixed by: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5 (3.20.3)
CVE-2016-7161 (Heap-based buffer overflow in the .receive callback of xlnx.xps-ethern ...)
	{DLA-1599-1 DLA-653-1 DLA-652-1}
	- qemu 1:2.7+dfsg-1 (bug #838850)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
	NOTE: http://patchwork.ozlabs.org/patch/657076/
CVE-2016-7160 (A vulnerability on Samsung Mobile M(6.0) devices exists because extern ...)
	NOT-FOR-US: Samsumg
CVE-2016-7159
	RESERVED
CVE-2016-7158
	RESERVED
CVE-2016-7405 (The qstr method in the PDO driver in the ADOdb Library for PHP before  ...)
	{DLA-620-1}
	- libphp-adodb 5.20.6-1 (bug #837211)
	[jessie] - libphp-adodb 5.15-1+deb8u1
	NOTE: https://github.com/ADOdb/ADOdb/issues/226
	NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
	NOTE: Issue only with the PDO driver and only if queries built by inlining
	NOTE: the quoted string (not recommended).
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/07/8
CVE-2016-7154 (Use-after-free vulnerability in the FIFO event channel code in Xen 4.4 ...)
	{DSA-3663-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (Versions 4.3 and earlier are not vulnerable)
	NOTE: http://xenbits.xen.org/xsa/advisory-188.html
	NOTE: Only affects Xen 4.4, as workaround it is marked as fixed in the first xen version entering unstable
	NOTE: after the 4.4 series.
CVE-2016-7166 (libarchive before 3.2.0 does not limit the number of recursive decompr ...)
	{DSA-3677-1 DLA-617-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/660
	NOTE: (with reproducer) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0
	NOTE: Fix improved by: https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e
CVE-2016-7164 (The construct function in puff.cpp in Libtorrent 1.1.0 allows remote t ...)
	- libtorrent-rasterbar 1.1.1-1 (bug #837338)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <not-affected> (Vulnerable code not present, reproducer does not crash)
	NOTE: https://github.com/arvidn/libtorrent/issues/1021
	NOTE: https://github.com/arvidn/libtorrent/pull/1022
	NOTE: https://github.com/arvidn/libtorrent/commit/debf3c6e3688aab8394fe5c47737625faffe6f9e
	NOTE: Fixed upstream in 1.1.1.
CVE-2016-7163 (Integer overflow in the opj_pi_create_decode function in pi.c in OpenJ ...)
	{DSA-3665-1}
	- openjpeg2 2.1.2-1 (bug #837604)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
	NOTE: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congestion w ...)
	NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion wi ...)
	NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a re ...)
	- capstone <unfixed> (low; bug #930002)
	[buster] - capstone <no-dsa> (Minor issue)
	[stretch] - capstone <no-dsa> (Minor issue)
	[jessie] - capstone <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06 (4.0-alpha4)
	NOTE: https://github.com/aquynh/capstone/pull/725
CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
	NOT-FOR-US: b2evolution
CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
	NOT-FOR-US: b2evolution
CVE-2016-7148 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injectio ...)
	{DSA-3715-1}
	- moin 1.9.9-1 (bug #844341)
	[wheezy] - moin <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/eceb70c41ecc
	NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7147 (Cross-site scripting (XSS) vulnerability in the manage_findResult comp ...)
	NOT-FOR-US: Plone
CVE-2016-7146 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injectio ...)
	{DSA-3715-1 DLA-717-1}
	- moin 1.9.9-1 (bug #844340)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/1563d6db198c
	NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7122 (The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3 ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ed38046c5c2e3b310980be32287179895c83e0d8 (n3.1.4)
CVE-2016-7121
	RESERVED
CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #837174)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (ak ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #837339)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 func ...)
	- qemu 1:2.6+dfsg-3.1 (bug #837603)
	[jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
	NOTE: Vulnerable code introduced after version 2.6: http://wiki.qemu.org/ChangeLog/2.6
CVE-2016-7140 (Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in ...)
	NOT-FOR-US: Plone
CVE-2016-7139 (Cross-site scripting (XSS) vulnerability in an unspecified page templa ...)
	NOT-FOR-US: Plone
CVE-2016-7138 (Cross-site scripting (XSS) vulnerability in the URL checking infrastru ...)
	NOT-FOR-US: Plone
CVE-2016-7137 (Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, ...)
	NOT-FOR-US: Plone
CVE-2016-7136 (z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows  ...)
	NOT-FOR-US: Plone
CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4 ...)
	NOT-FOR-US: Plone
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the libnsspem. ...)
	{DLA-1568-1 DLA-616-1}
	- curl 7.51.0-1 (bug #836918)
	NOTE: Only affects libcurl3-nss
	NOTE: http://seclists.org/oss-sec/2016/q3/419
	NOTE: https://curl.haxx.se/docs/adv_20160907.html
CVE-2016-7145 (The m_authenticate function in ircd/m_authenticate.c in nefarious2 all ...)
	NOT-FOR-US: Nefarious 2
CVE-2016-7144 (The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3 ...)
	- unrealircd <itp> (bug #515130)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
	NOTE: unrealircd reportedly vulnerable, and ircd-seven reportedly not vulnerable
CVE-2016-7143 (The m_authenticate function in modules/m_sasl.c in Charybdis before 3. ...)
	{DSA-3661-1}
	- charybdis 3.5.3-1 (bug #836714)
	[wheezy] - charybdis <no-dsa> (unsupported)
	NOTE: charybdis patch: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7142 (The m_sasl module in InspIRCd before 2.0.23, when used with a service  ...)
	{DSA-3662-1}
	- inspircd 2.0.23-1 (bug #836706)
	[wheezy] - inspircd <end-of-life> (not supported in Wheezy)
	NOTE: http://www.inspircd.org/2016/09/03/v2023-released.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7120
	RESERVED
CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ...)
	- php7.0 7.0.10-1
	- php5 <not-affected> (Only affects PHP 7)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
	NOTE: Fixed in 7.0.10
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
CVE-2016-7133 (Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ...)
	- php7.0 7.0.10-1
	- php5 <not-affected> (Only affects PHP 7)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
	NOTE: Fixed in 7.0.10
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
	NOTE: commit is about the pop issue in 72799.
CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
	NOTE: Cf. as well https://bugs.php.net/bug.php?id=72799
	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
	NOTE: commit is about the pop issue in 72799.
CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...)
	{DSA-3689-1}
	- libgd2 <not-affected> (gamma correction is only implemented in PHP)
	- php7.0 7.0.10-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ...)
	{DSA-3689-1}
	- libgd2 <not-affected> (libgd upstream not affected, overflow2 function check prevents the issue)
	- php7.0 7.0.10-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
	{DSA-3689-1 DLA-628-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
	NOTE: handler" part of 72681.
CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1
CVE-2016-7123 (Cross-site request forgery (CSRF) vulnerability in the admin web inter ...)
	- mailman 2.1.15-1
	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841/comments/8
	NOTE: https://bugs.launchpad.net/mailman/+bug/775294
CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
	NOT-FOR-US: DotNetNuke
CVE-2016-7117 (Use-after-free vulnerability in the __sys_recvmmsg function in net/soc ...)
	- linux 4.5.2-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/34b88a68f26a75e4fded796f1a49c40f82234b7d (4.6-rc1)
CVE-2016-7115 (Buffer overflow in the handle_packet function in mactelnet.c in the cl ...)
	{DLA-639-1}
	- mactelnet 0.4.4-4 (bug #836320)
	[jessie] - mactelnet 0.4.0-1+deb8u1
	NOTE: https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
CVE-2016-7114 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-7113 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-7112 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2015-8960 (The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_ ...)
	NOTE: Vulnerability "in the TLS documentation", not assigned to a specific source/implentation
	NOTE: https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf
CVE-2015-8956 (The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Li ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.2.1-1
	NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1)
CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
CVE-2016-10057 (Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in I ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10056 (Buffer overflow in the sixel_decode function in coders/sixel.c in Imag ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10055 (Buffer overflow in the WritePDBImage function in coders/pdb.c in Image ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10054 (Buffer overflow in the WriteMAPImage function in coders/map.c in Image ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9 ...)
	{DSA-3675-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image p ...)
	{DLA-609-1}
	- linux <not-affected>
	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick E ...)
	{DLA-1599-1 DLA-619-1 DLA-618-1}
	- qemu 1:2.6+dfsg-3.1 (bug #836502)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
	NOTE: May as well need: http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
CVE-2016-7110 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7109 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7108 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7107 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7106
	RESERVED
CVE-2016-7105
	RESERVED
CVE-2016-7104
	RESERVED
CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute arbitrary  ...)
	NOT-FOR-US: ownCloud Desktop
CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers t ...)
	{DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7100
	RESERVED
CVE-2016-7099 (The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...)
	- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	NOTE: 0.10.x: https://github.com/nodejs/node/commit/0d7e21ee7bcc79046f898f8c202d2ec87d23d711
	NOTE: 4.x: https://github.com/nodejs/node/commit/3ff82deb2c3bd580d64be75dbafe460393c952fb
CVE-2016-7096
	RESERVED
CVE-2016-7095 (Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a mal ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content  ...)
	- mantis <not-affected> (Vulnerable code introduced in 1.3.0-rc.2)
	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
	NOTE: https://mantisbt.org/bugs/view.php?id=21263
CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
	- jqueryui 1.12.1+dfsg-1
	[jessie] - jqueryui <no-dsa> (Minor issue)
	[wheezy] - jqueryui <no-dsa> (Minor issue)
	NOTE: https://nodesecurity.io/advisories/127
	NOTE: https://github.com/jquery/jquery-ui/pull/1622
	NOTE: https://github.com/jquery/jquery-ui/pull/1632
	NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
	{DSA-3663-1 DLA-614-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-187.html
CVE-2016-7093 (Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to ...)
	- xen <not-affected> (Affects only 4.7.0 and later; 4.6.3 and 4.5.3)
	NOTE: http://xenbits.xen.org/xsa/advisory-186.html
CVE-2016-7092 (The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32 ...)
	{DSA-3663-1 DLA-614-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-185.html
CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules w ...)
	NOT-FOR-US: Siemens
CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or mir ...)
	{DLA-2086-1}
	- wget 1.18-4 (low; bug #836503)
	[wheezy] - wget <no-dsa> (Minor issue)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
CVE-2016-7097 (The filesystem implementation in the Linux kernel through 4.8.2 preser ...)
	{DLA-772-1}
	- linux 4.7.8-1
	[jessie] - linux 3.16.39-1
	NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
	NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1368938
	NOTE: Fixed by: https://git.kernel.org/linus/073931017b49d9458aa351605b43a7e34598caef
CVE-2016-7091 (sudo: It was discovered that the default sudo configuration on Red Hat ...)
	- sudo <not-affected> (Debian not including INPUTRC in /etc/sudoers)
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1339935
	NOTE: The scope of this CVE is the entire 'INPUTRC should
	NOTE: not be included in "env_keep" at all, or else somehow restricted'
	NOTE: problem, which has both the information disclosure and segmentation
	NOTE: fault outcomes.
	NOTE: Debian does not include INPUTRC by default in /etc/sudoers
CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...)
	NOT-FOR-US: WatchGuard
CVE-2016-7088
	RESERVED
CVE-2016-7087 (Directory traversal vulnerability in the Connection Server in VMware H ...)
	NOT-FOR-US: VMware
CVE-2016-7086 (The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware  ...)
	NOT-FOR-US: VMware
CVE-2016-7085 (Untrusted search path vulnerability in the installer in VMware Worksta ...)
	NOT-FOR-US: VMware
CVE-2016-7084 (tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Wor ...)
	NOT-FOR-US: VMware
CVE-2016-7083 (VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Playe ...)
	NOT-FOR-US: VMware
CVE-2016-7082 (VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Playe ...)
	NOT-FOR-US: VMware
CVE-2016-7081 (Multiple heap-based buffer overflows in VMware Workstation Pro 12.x be ...)
	NOT-FOR-US: VMware
CVE-2016-7080 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
	NOT-FOR-US: VMware
CVE-2016-7079 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
	NOT-FOR-US: VMware
CVE-2016-7078 (foreman before version 1.15.0 is vulnerable to an information leak thr ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/16982
CVE-2016-7077 (foreman before 1.14.0 is vulnerable to an information leak. It was fou ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/16971
CVE-2016-7076 (sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noe ...)
	{DLA-707-1}
	- sudo 1.8.18p1-1 (bug #842507)
	[jessie] - sudo <no-dsa> (Minor issue)
	NOTE: https://www.sudo.ws/alerts/noexec_wordexp.html
	NOTE: https://www.sudo.ws/repos/sudo/rev/e7d09243e51b
	NOTE: https://www.sudo.ws/repos/sudo/rev/7b8357b0a358
	NOTE: https://www.sudo.ws/repos/sudo/rev/167a518d8129
	NOTE: Might need as well: https://bugzilla.sudo.ws/show_bug.cgi?id=761
CVE-2016-7075 (It was found that Kubernetes as used by Openshift Enterprise 3 did not ...)
	- kubernetes 1.5.5+dfsg-1 (bug #795652)
	NOTE: https://github.com/kubernetes/kubernetes/issues/34517
CVE-2016-7074 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7073 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7072 (An issue has been found in PowerDNS Authoritative Server before 3.4.11 ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
CVE-2016-7071 (It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not p ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-7070 (A privilege escalation flaw was found in the Ansible Tower. When Tower ...)
	NOT-FOR-US: Ansible Tower
CVE-2016-7069 (An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT r ...)
	- dnsdist 1.2.0-1 (low; bug #872854)
	[stretch] - dnsdist 1.1.0-2+deb9u1
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
	NOTE: https://downloads.powerdns.com/patches/2017-01
CVE-2016-7068 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
	{DSA-3764-1 DSA-3763-1 DLA-798-1 DLA-788-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
CVE-2016-7067 (Monit before version 5.20.0 is vulnerable to a cross site request forg ...)
	{DLA-732-1}
	- monit 1:5.20.0-1
	[jessie] - monit <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
	NOTE: Although configured only on localhost, the httpd service is started by
	NOTE: default and accessible.
CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth direct ...)
	NOT-FOR-US: admin-cli / jboss-cli in Red Hat
CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-7064
	RESERVED
CVE-2016-7063
	RESERVED
CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...)
	NOT-FOR-US: Red Hat rhscon-core
CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise  ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2016-7060 (The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does ...)
	NOT-FOR-US: Red Hat QCI
CVE-2016-7059
	REJECTED
CVE-2016-7058
	REJECTED
CVE-2016-7057
	REJECTED
CVE-2016-7056 (A timing attack flaw was found in OpenSSL 1.0.1u and before that could ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.0.2a-1
	- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://eprint.iacr.org/2016/1195.pdf
	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12
	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (OpenSSL_1_0_2-beta3)
CVE-2016-7055 (There is a carry propagating bug in the Broadwell-specific Montgomery  ...)
	- openssl 1.1.0c-1 (low)
	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	- openssl1.0 1.0.2k-1 (low)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a
CVE-2016-7054 (In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1 ...)
	- openssl 1.1.0c-1
	[jessie] - openssl <not-affected> (Only affects 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
	- openssl1.0 <not-affected> (Only affects 1.1.0)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
CVE-2016-7053 (In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS struc ...)
	- openssl 1.1.0c-1
	[jessie] - openssl <not-affected> (Only affects 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
	- openssl1.0 <not-affected> (Only affects 1.1.0)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
CVE-2016-7052 (crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to ca ...)
	- openssl 1.0.2j-1
	[jessie] - openssl <not-affected> (Introduced in 1.0.2i)
	[wheezy] - openssl <not-affected> (Introduced in 1.0.2i)
	NOTE: https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-7051 (XmlMapper in the Jackson XML dataformat component (aka jackson-datafor ...)
	- jackson-dataformat-xml 2.8.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378673#c7
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/issues/211
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/eeff2c312e9d4caa8c9f27b8f740c7529d00524a (2.7.8)
CVE-2016-7050 (SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7 ...)
	- resteasy 3.0.18-1
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <not-affected> (Fixed before initial release to Debian)
	NOTE: The SerializableProvider has been disabled by default in 3.0.17
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378613
CVE-2016-7049
	RESERVED
CVE-2016-7048 (The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9. ...)
	NOT-FOR-US: interactive installer used in EnterpriseDB-supplied PostgreSQL packages
CVE-2016-7047 (A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8 ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-7046 (Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating  ...)
	- undertow 1.4.3-1 (bug #838600)
	NOTE: https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
CVE-2016-7045 (The format_send_to_gui function in the format parsing code in Irssi be ...)
	{DSA-3672-1}
	- irssi 0.8.20-1
	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
	NOTE: http://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in Irssi  ...)
	{DSA-3672-1}
	- irssi 0.8.20-1
	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
	NOTE: http://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7043 (It has been reported that KIE server and Busitess Central before versi ...)
	NOT-FOR-US: Kie server
CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux kerne ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499
	NOTE: https://git.kernel.org/linus/03dab869b7b239c4e013ec82aea22e181e441cfc
CVE-2016-7041 (Drools Workbench contains a path traversal vulnerability. The vulnerab ...)
	NOT-FOR-US: JBoss Drolls Workbench
CVE-2016-7040 (Red Hat CloudForms Management Engine 4.1 does not properly handle regu ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-7039 (The IP stack in the Linux kernel through 4.8.2 allows remote attackers ...)
	- linux 4.7.8-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fcd91dd449867c6bfe56a81cabba76b829fd05cd
	NOTE: Introduced by: https://git.kernel.org/linus/9b174d88c257150562b0101fcc6cb6c3cb74275c (v4.0-rc1)
	NOTE: Intorduced by: https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1)
CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...)
	- moodle 2.7.16+dfsg-1
CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt be ...)
	NOT-FOR-US: Malcolm Fell jwt
CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact b ...)
	NOT-FOR-US: Python jose
CVE-2016-7035 (An authorization flaw was found in Pacemaker before 1.1.16, where it d ...)
	- pacemaker 1.1.15-3 (bug #843041)
	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1166/commits/5a20855d6054ebaae590c09262b328d957cc1fc2
CVE-2016-7034 (The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly han ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-7033 (Multiple cross-site scripting (XSS) vulnerabilities in the admin pages ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-7032 (sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users  ...)
	{DLA-707-1}
	- sudo 1.8.15-1
	[jessie] - sudo <no-dsa> (Minor issue)
	NOTE: https://www.sudo.ws/alerts/noexec_bypass.html
	NOTE: This CVE is for the bypass via system() and popen(). The wordpexp() bypass
	NOTE: is tracked under CVE-2016-7076.
	NOTE: https://www.sudo.ws/devel.html#1.8.15rc1
	NOTE: https://www.sudo.ws/repos/sudo/rev/58a5c06b5257
	NOTE: https://www.sudo.ws/repos/sudo/rev/a826cd7787e9
CVE-2016-7031 (The RGW code in Ceph before 10.0.1, when authenticated-read ACL is app ...)
	- ceph 10.2.5-1 (bug #838026)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/13207
	NOTE: https://github.com/ceph/ceph/pull/6057
	NOTE: https://github.com/ceph/ceph/pull/11045
CVE-2016-7030 (FreeIPA uses a default password policy that locks an account after 5 u ...)
	- freeipa 4.4.4-1 (bug #849970)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1370493
	NOTE: https://fedorahosted.org/freeipa/ticket/6561
	NOTE: Upstream patch: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d92746
	NOTE: Additional dependency: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c
CVE-2016-7029
	RESERVED
CVE-2016-7027
	REJECTED
CVE-2016-7026
	REJECTED
CVE-2016-7025
	REJECTED
CVE-2016-7024
	REJECTED
CVE-2016-7023
	REJECTED
CVE-2016-7022
	REJECTED
CVE-2016-7021
	REJECTED
CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7018 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7017 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7016 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7015 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7014 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7013 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7012 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7011 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7010 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7009 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7008 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7007 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7006 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7005 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7004 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7003 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7002 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7001 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7000 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6999 (Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat a ...)
	NOT-FOR-US: Adobe
CVE-2016-6998 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6997 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6996 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6995 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6994 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
	NOT-FOR-US: Adobe
CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6991
	REJECTED
CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6988 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 a ...)
	NOT-FOR-US: Adobe
CVE-2016-6986 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6985 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6984 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6983 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6982 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6981 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 a ...)
	NOT-FOR-US: Adobe
CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 al ...)
	NOT-FOR-US: Adobe
CVE-2016-6979 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6978 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6977 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6976 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6975 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6974 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6973 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6972 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6971 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6970 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6969 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6968 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6967 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6966 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6965 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6964 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6963 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6962 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6961 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6960 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6959 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6958 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6957 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6956 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6955 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6954 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6953 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6952 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6951 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6950 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6949 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6948 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6947 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6946 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6945 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6944 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6943 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6942 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6941 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6940 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6939 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
	NOT-FOR-US: Adobe
CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6936 (Adobe AIR SDK &amp; Compiler before 23.0.0.257 on Windows does not sup ...)
	NOT-FOR-US: Adobe
CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud Des ...)
	NOT-FOR-US: Adobe
CVE-2016-6934 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11. ...)
	NOT-FOR-US: Adobe
CVE-2016-6933 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11. ...)
	NOT-FOR-US: Adobe
CVE-2016-6932 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6931 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6930 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6929 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6928
	REJECTED
CVE-2016-6927 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6926 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6925 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6924 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6923 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6922 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavcodec/ ...)
	- ffmpeg 7:3.1.3-1
	- libav <not-affected>
	NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6919
	RESERVED
CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...)
	NOT-FOR-US: Lexmark
CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for Androi ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6914 (Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions fo ...)
	NOT-FOR-US: Ubiquiti UniFi Video
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5. ...)
	NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD Grap ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-6910 (The non-existent notification listener vulnerability was introduced in ...)
	NOT-FOR-US: Android build by Samsung
CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4. ...)
	NOT-FOR-US: Fortinet
CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are displayed fro ...)
	NOT-FOR-US: Opera
CVE-2016-6907
	RESERVED
CVE-2016-6906 (The read_image_tga function in gd_tga.c in the GD Graphics Library (ak ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
CVE-2016-6904 (Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 cont ...)
	NOT-FOR-US: NetAPP
CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR50 ...)
	NOT-FOR-US: Huawei Routers
CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in Huawei RH128 ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6899 (The Intelligent Baseboard Management Controller (iBMC) in Huawei RH128 ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6898 (XML external entity (XXE) vulnerability in the Hyper Management Module ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6895
	REJECTED
CVE-2016-6894 (Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4 ...)
	NOT-FOR-US: Arista EOS
CVE-2016-6892 (The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remot ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6891 (MatrixSSL before 3.8.6 allows remote attackers to cause a denial of se ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6890 (Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote att ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6889
	RESERVED
CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1. ...)
	- ffmpeg 7:3.1.3-1 (unimportant)
	- libav <not-affected>
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
	NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
	- lshell <removed> (bug #834949)
	[wheezy] - lshell <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ghantoos/lshell/issues/147
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
	NOTE: As for 2016-08-23 https://github.com/ghantoos/lshell/issues/147#issuecomment-241366750 ist still
	NOTE: as well under the scope of CVE-2016-6902, until "there is further vendor followup
	NOTE: about issues/147" and possibly a new/additional CVE assignment.
CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
	- lshell <removed> (bug #834946)
	[wheezy] - lshell <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ghantoos/lshell/issues/149
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
CVE-2016-6897 (Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...)
	- wordpress 4.6.1+dfsg-1 (bug #837090)
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: http://seclists.org/oss-sec/2016/q3/347
	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-6896 (Directory traversal vulnerability in the wp_ajax_update_plugin functio ...)
	- wordpress 4.6.1+dfsg-1 (bug #837090)
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: http://seclists.org/oss-sec/2016/q3/347
	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-6893 (Cross-site request forgery (CSRF) vulnerability in the user options pa ...)
	{DSA-3668-1 DLA-608-1}
	- mailman 1:2.1.23-1 (bug #835970)
	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000225.html
	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841
	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
CVE-2016-6880
	RESERVED
CVE-2016-6879 (The X509_Certificate::allowed_usage function in botan 1.11.x before 1. ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.31
CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a nati ...)
	- botan1.10 <not-affected> (Introduced in 1.11.12)
	NOTE: Introduced in 1.11.12, fixed in 1.11.31
CVE-2016-6877 (** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in- ...)
	NOT-FOR-US: Citrix
CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link  ...)
	NOT-FOR-US: F5
CVE-2016-6869
	RESERVED
CVE-2016-6868
	RESERVED
CVE-2016-6867
	RESERVED
CVE-2016-6865
	RESERVED
CVE-2016-6864
	RESERVED
CVE-2016-6863
	RESERVED
CVE-2016-6862
	RESERVED
CVE-2016-6861
	RESERVED
CVE-2016-6860
	RESERVED
CVE-2016-6859 (Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6858 (Cross-site scripting (XSS) vulnerability in the Create Employee featur ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create Catalogue featu ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search feature i ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, a ...)
	{DLA-2185-1 DLA-605-1}
	- eog 3.20.4-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143
	NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Sc ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Sc ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Sc ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6849
	RESERVED
CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6846 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6841
	RESERVED
CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Huawei
CVE-2016-6839 (CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 ...)
	NOT-FOR-US: Huawei FusionAccess
CVE-2016-6838 (Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC6 ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6829 (The trove service user in (1) Openstack deployment (aka crowbar-openst ...)
	NOT-FOR-US: Crowbar Framework
CVE-2016-6827 (Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES key ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2016-6826 (Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a ...)
	NOT-FOR-US: Huawei AnyMail
CVE-2016-6825 (Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V ...)
	NOT-FOR-US: Huawei FusionServer Node
CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with softwa ...)
	NOT-FOR-US: Huawei Campus Switch
CVE-2016-6888 (Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt. ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834902)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
CVE-2016-6875 (Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attac ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
CVE-2016-6874 (The array_*_recursive functions in Facebook HHVM before 3.15.0 allows  ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
CVE-2016-6873 (Self recursion in compact in Facebook HHVM before 3.15.0 allows attack ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
CVE-2016-6872 (Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
CVE-2016-6871 (Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attac ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
CVE-2016-6870 (Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, a ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors involving ...)
	{DLA-598-1}
	- suckless-tools 41-1
	[jessie] - suckless-tools 40-1+deb8u2
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
	NOTE: http://s1m0n.dft-labs.eu/files/slock/
	NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
	NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
	NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly
	NOTE: empty pws.
CVE-2016-6837 (Cross-site scripting (XSS) vulnerability in MantisBT Filter API in Man ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (unsupported)
	NOTE: https://mantisbt.org/bugs/view.php?id=21611
	NOTE: https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e
CVE-2016-6832 (Heap-based buffer overflow in the ff_audio_resample function in resamp ...)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
	NOTE: Claimed to not affect ffmpeg
CVE-2016-6831 (The "process-execute" and "process-spawn" procedures did not free memo ...)
	{DLA-643-1}
	- chicken 4.12.0-0.2 (bug #834845)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
CVE-2016-6830 (The "process-execute" and "process-spawn" procedures in CHICKEN Scheme ...)
	{DLA-643-1}
	- chicken 4.12.0-0.2 (bug #834845)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
	NOTE: https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
	NOTE: http://bugs.call-cc.org/ticket/1308
CVE-2016-6828 (The tcp_check_send_head function in include/net/tcp.h in the Linux ker ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4
CVE-2016-6822
	RESERVED
CVE-2016-6821
	RESERVED
CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1. ...)
	NOT-FOR-US: MetroCluster Tiebreaker
CVE-2016-6819
	RESERVED
CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence platform befo ...)
	NOT-FOR-US: SAP
CVE-2016-6817 (The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ...)
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
	- tomcat7 <not-affected> (Only affects 9.x and 8.5.x)
	- tomcat6 <not-affected> (Only affects 9.x and 8.5.x)
CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0 ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.39-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: Fixed by: http://svn.apache.org/r1767653 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767675 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x)
CVE-2016-6815 (In Apache Ranger before 0.6.2, users with "keyadmin" role should not b ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy from  ...)
	{DLA-794-1}
	- groovy 2.4.8-1 (bug #851408)
	[jessie] - groovy 1.8.6-4+deb8u2
	- groovy2 <removed>
	[jessie] - groovy2 2.2.2+dfsg-3+deb8u2
CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call desig ...)
	NOT-FOR-US: Apache CloudStack
CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prio ...)
	NOT-FOR-US: Apache CXF
CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn use ...)
	- hadoop <itp> (bug #793644)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ...)
	- activemq 5.14.2+dfsg-1 (unimportant)
	NOTE: Admin console not enabled in the Debian package, see #702670
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
	NOTE: http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000245.html
	NOTE: https://jvn.jp/en/jp/JVN78980598/index.html
CVE-2016-6809 (Apache Tika before 1.14 allows Java code execution for serialized obje ...)
	- tika 1.18-1
	[jessie] - tika <not-affected> (Matlab file parser introduced in 1.6)
	NOTE: http://seclists.org/bugtraq/2016/Nov/40
CVE-2016-6808 (Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. ...)
	- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific issue)
	NOTE: Fixed by: http://svn.apache.org/r1762057
	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42
	NOTE: This is though only Windows/IIS specific, thus marked as not-affected, cf. #840000
CVE-2016-6807 (Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2)  ...)
	NOT-FOR-US: Ambari Agent
CVE-2016-6806 (Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provid ...)
	NOT-FOR-US: Apache Wicket
CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ar ...)
	NOT-FOR-US: Apache Ignite
CVE-2016-6804 (The Apache OpenOffice installer (versions prior to 4.1.3, including so ...)
	NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6803 (An installer defect known as an "unquoted Windows search path vulnerab ...)
	NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6802 (Apache Shiro before 1.3.2 allows attackers to bypass intended servlet  ...)
	- shiro 1.3.2-1
	[jessie] - shiro <no-dsa> (Minor issue)
CVE-2016-6801 (Cross-site request forgery (CSRF) vulnerability in the CSRF content-ty ...)
	{DSA-3679-1 DLA-629-1}
	- jackrabbit 2.12.4-1 (bug #838204)
	NOTE: http://svn.apache.org/r1758791 (2.4.x)
	NOTE: http://svn.apache.org/r1758771 (2.6.x)
	NOTE: http://svn.apache.org/r1758764 (2.8.x)
CVE-2016-6800 (The default configuration of the Apache OFBiz framework offers a blog  ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application cal ...)
	NOT-FOR-US: Apache Cordova
CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the me ...)
	NOT-FOR-US: Apache Sling
CVE-2016-6797 (The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9. ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842666)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1757273 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1757275 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)
CVE-2016-6796 (A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0 ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842665)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/hynaeawxxhpvvctu?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1758494 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1758495 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5 ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
	NOTE: https://struts.apache.org/docs/s2-042.html
CVE-2016-6794 (When a SecurityManager is configured, a web application's ability to r ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842664)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1754727 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1754728 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1754733 (6.0.x)
CVE-2016-6793 (The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x be ...)
	NOT-FOR-US: Apache Wicket
CVE-2015-8954 (The MemcmpLowercase function in Suricata before 2.0.6 improperly exclu ...)
	- suricata 2.0.6-1 (bug #777523)
	[wheezy] - suricata <no-dsa> (Minor issue)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1364
	NOTE: https://github.com/OISF/suricata/commit/17dfd59bc31a21e103e2f1216443cd1418398aa9
CVE-2015-8953 (fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorr ...)
	- linux 4.2.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/ab79efab0a0ba01a74df782eb7fa44b044dae8b5 (v4.3)
CVE-2015-8952 (The mbcache feature in the ext2 and ext4 filesystem implementations in ...)
	- linux 4.6.1-1 (low)
	[jessie] - linux <ignored> (Minor issue and too intrusive to backport, workaround exists with the no_mbcache mount flag)
	[wheezy] - linux <no-dsa> (Minor issue and too intrusive to backport)
	NOTE: https://git.kernel.org/linus/f9a61eb4e2471c56a63cd804c7474128138c38ac (v4.6-rc1)
	NOTE: https://git.kernel.org/linus/82939d7999dfc1f1998c4b1c12e2f19edbdff272 (v4.6-rc1)
	NOTE: https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1)
CVE-2015-8951 (Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-l ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6823 (Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allow ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
CVE-2016-10052 (Buffer overflow in the WriteProfile function in coders/jpeg.c in Image ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834501)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6792
	RESERVED
CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6790 (An elevation of privilege vulnerability in the NVIDIA libomx library ( ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6789 (An elevation of privilege vulnerability in the NVIDIA libomx library ( ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C driver cou ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux kernel  ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6786 (kernel/events/core.c in the performance subsystem in the Linux kernel  ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6784 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6783 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6782 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6781 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6780 (An elevation of privilege vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6779 (An elevation of privilege vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6778 (An elevation of privilege vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6777 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6776 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6774 (An information disclosure vulnerability in Package Manager could enabl ...)
	NOT-FOR-US: Android
CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder in Media ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6772 (An elevation of privilege vulnerability in Wi-Fi could enable a local  ...)
	NOT-FOR-US: Android
CVE-2016-6771 (An elevation of privilege vulnerability in Telephony could enable a lo ...)
	NOT-FOR-US: Android
CVE-2016-6770 (An elevation of privilege vulnerability in the Framework API could ena ...)
	NOT-FOR-US: Android
CVE-2016-6769 (An elevation of privilege vulnerability in Smart Lock could enable a l ...)
	NOT-FOR-US: Android
CVE-2016-6768 (A remote code execution vulnerability in the Framesequence library cou ...)
	NOT-FOR-US: Android
CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6766 (A denial of service vulnerability in libmedia and libstagefright in Me ...)
	NOT-FOR-US: libstagefright
CVE-2016-6765 (A denial of service vulnerability in libstagefright in Mediaserver cou ...)
	NOT-FOR-US: libstagefright
CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a local ma ...)
	NOT-FOR-US: Android
CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive library c ...)
	- android-platform-system-core 1:7.0.0+r1-1
	[jessie] - android-platform-system-core <not-affected> (Vulnerable code not present)
CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6759 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6758 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6757 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6756 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6755 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 5.0.x befo ...)
	NOT-FOR-US: Webview for Android
CVE-2016-6753 (An information disclosure vulnerability in kernel components, includin ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-11-01.html
CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6750 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6749 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android before 201 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6745 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6744 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6743 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6739 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto engine  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6734 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6733 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6732 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6731 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6730 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6729 (An elevation of privilege vulnerability in the Qualcomm bootloader in  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
	NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
	NOTE: https://www.vusec.net/projects/drammer/
CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices allows re ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on Nexus 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in Andr ...)
	NOT-FOR-US: Android
CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in Android 4.x  ...)
	NOT-FOR-US: Android
CVE-2016-6722 (An information disclosure vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in Android 6.x  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6720 (An information disclosure vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth component in  ...)
	NOT-FOR-US: Android
CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager Service ...)
	NOT-FOR-US: Android
CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in Android 4.x  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in Androi ...)
	NOT-FOR-US: Android
CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs in Andro ...)
	NOT-FOR-US: Android
CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in A ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minpr issue)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/fdb1b40e7bb147c07bda988c9501ad223795d12d
CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in A ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minpr issue)
	[wheezy] - libvpx <no-dsa> (Minor issue)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: Wheezy is confirmed (by code inspection) to have vulnerable source.
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693
CVE-2016-6710 (An information disclosure vulnerability in the download manager in And ...)
	NOT-FOR-US: Android
CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and BoringSSL in  ...)
	NOT-FOR-US: Android
CVE-2016-6708 (An elevation of privilege in the System UI in Android 7.0 before 2016- ...)
	NOT-FOR-US: Android
CVE-2016-6707 (An elevation of privilege vulnerability in System Server in Android 6. ...)
	NOT-FOR-US: Android
CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in Android 5.0. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in Android 4.x  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6703 (A remote code execution vulnerability in an Android runtime library in ...)
	NOT-FOR-US: Android
CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x before ...)
	- libjpeg-turbo <not-affected> (Android-specific patch, jpeg_open_backing_store in standard releases is just a stub)
CVE-2016-6701 (A remote code execution vulnerability in libskia in Android 7.0 before ...)
	- skia <itp> (bug #818180)
CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in Android 4.x b ...)
	NOT-FOR-US: Android
CVE-2016-6699 (A remote code execution vulnerability in libstagefright in Mediaserver ...)
	NOT-FOR-US: libstagefright
CVE-2016-6698 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6697
	RESERVED
CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in An ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on Nexus 5 ...)
	NOT-FOR-US: Sound driver for Android
CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus devices all ...)
	NOT-FOR-US: Android Binder
CVE-2016-6688 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices al ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6687 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices al ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6686 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices al ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6685 (The kernel in Android before 2016-10-05 on Nexus 6P devices allows att ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6684 (The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows attack ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver i ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver i ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android b ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Androi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 dev ...)
	NOT-FOR-US: Motorola driver for Android
CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices  ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows att ...)
	NOT-FOR-US: Android
CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devic ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used  ...)
	- linux 4.0.4-1
	[jessie] - linux 3.16.7-ckt17-1
	[wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/6829e274a623187c24f7cfc0e3d35f25d087fcc5 (4.1-rc2)
CVE-2016-10051 (Use-after-free vulnerability in the ReadPWPImage function in coders/pw ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834183)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in  ...)
	{DLA-1497-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834904)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834905)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in  ...)
	{DLA-1497-1}
	- qemu 1:2.6+dfsg-3.1 (bug #835031)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834944)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/5
CVE-2016-6671 (The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2  ...)
	- ffmpeg 7:3.1.2-1
CVE-2016-6670 (Huawei S7700, S9300, S9700, and S12700 devices with software before V2 ...)
	NOT-FOR-US: Huawei
CVE-2016-6669 (Buffer overflow in the Authentication, Authorization and Accounting (A ...)
	NOT-FOR-US: Huawei
CVE-2016-6668 (The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 b ...)
	NOT-FOR-US: Atlassian Hipchat Integration Plugin for Bitbucket Server
CVE-2016-6667 (NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through  ...)
	NOT-FOR-US: NetApp
CVE-2016-6666
	RESERVED
CVE-2016-6665
	RESERVED
CVE-2016-6664 (mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and  ...)
	{DSA-3770-1}
	- mariadb-10.1 10.1.21-1 (bug #849435; bug #851759)
	- mariadb-10.0 <removed> (bug #842895; bug #851755)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
	NOTE: Possible fixed by: https://github.com/MariaDB/server/commit/684a165f28b3718160a3e4c5ebd18a465d85e97c
	NOTE: https://mariadb.com/blog/update-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-mariadb-server
CVE-2016-6663 (Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7 ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed by: https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805
	NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
	NOTE: Fixed in Oracle MySQL: 5.5.52, 5.6.33, and 5.7.15.
	NOTE: http://legalhackers.com/advisories/MySQL-MariaDB-PerconaDB-PrivEsc-Race-CVE-2016-6663-OCVE-2016-5616-Exploit.html
CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5 ...)
	{DSA-3666-1 DLA-624-1}
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1
	- mysql-5.5 <removed>
	NOTE: This will likely be split by MITRE, unclear what precisely maps to CVE-2016-6662
	NOTE: As well unclear which commits from https://bugzilla.redhat.com/show_bug.cgi?id=1375198#c5 are associated
	NOTE: yet to which CVE; those will unlikely made public before the next Oracle CPU.
	NOTE: https://marc.info/?l=oss-security&m=147367658314062&w=2
	NOTE: http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=998309
	NOTE: Fixed in upstream Oracle MySQL 5.5.52, 5.6.33 and 5.7.15
	NOTE: MariaDB: https://jira.mariadb.org/browse/MDEV-10465
	NOTE: Fixed in upstream MariaDB  5.5.51, 10.0.27, 10.1.17
	NOTE: PerconaDB: https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/
	NOTE: Although Oracle mentions this CVE only to be fixed in 5.5.53 this is not
	NOTE: true for src:mysql-5.5 as in Debian and other Linux distributions, so
	NOTE: this CVE should not be listed for a DSA/DLA based on 5.5.53, cf #841050
CVE-2016-6661
	RESERVED
CVE-2016-6660
	REJECTED
CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, a ...)
	NOT-FOR-US: Pivotal
CVE-2016-6658 (Applications in cf-release before 245 can be configured and pushed wit ...)
	NOT-FOR-US: cf-release
CVE-2016-6657 (An open redirect vulnerability has been detected with some Pivotal Clo ...)
	NOT-FOR-US: Pivotal
CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation ...)
	NOT-FOR-US: Pivotal
CVE-2016-6655 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry rele ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-6654
	REJECTED
CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-m ...)
	NOT-FOR-US: Pivotal
CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (G ...)
	NOT-FOR-US: Pivotal Spring Data
CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 24 ...)
	NOT-FOR-US: Pivotal
CVE-2016-6650 (EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtua ...)
	NOT-FOR-US: EMC
CVE-2016-6649 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virt ...)
	NOT-FOR-US: EMC
CVE-2016-6648 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virt ...)
	NOT-FOR-US: EMC
CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1  ...)
	NOT-FOR-US: EMC
CVE-2016-6646 (The vApp Managers web application in EMC Unisphere for VMAX Virtual Ap ...)
	NOT-FOR-US: VMAX
CVE-2016-6645 (The vApp Managers web application in EMC Unisphere for VMAX Virtual Ap ...)
	NOT-FOR-US: VMAX
CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows r ...)
	NOT-FOR-US: EMC
CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2  ...)
	NOT-FOR-US: EMC
CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before ...)
	NOT-FOR-US: EMC
CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2  ...)
	NOT-FOR-US: EMC
CVE-2016-6640
	REJECTED
CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP  ...)
	NOT-FOR-US: Pivotal
CVE-2016-6638
	REJECTED
CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal  ...)
	NOT-FOR-US: Pivotal
CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF)  ...)
	NOT-FOR-US: Pivotal
CVE-2016-1000038
	RESERVED
CVE-2016-10050 (Heap-based buffer overflow in the ReadRLEImage function in coders/rle. ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833744)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10049 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageM ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10048 (Directory traversal vulnerability in magick/module.c in ImageMagick 6. ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10047 (Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMa ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10046 (Heap-based buffer overflow in the DrawImage function in magick/draw.c  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6887 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6886 (The pstm_reverse function in MatrixSSL before 3.8.4 allows remote atta ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6885 (The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote atta ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6884 (TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6883 (MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: Fixed in 3.8.3 https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md#changes-in-383
	NOTE: https://robotattack.org/
CVE-2016-6882 (MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is support ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6635 (Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_comp ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: https://github.com/WordPress/WordPress/commit/9b7a7754133c50b82bd9d976fb5b24094f658aab
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37143
CVE-2016-6634 (Cross-site scripting (XSS) vulnerability in the network settings page  ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: http://codex.wordpress.org/Version_4.5
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37124
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
CVE-2016-6633 (An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigg ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: dbase extension not available in Debian
CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain conditions, ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a remote cod ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user can trigg ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the $cfg['ArbitrarySer ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <postponed> (probably not affected, needs more investigation)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able to trig ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can determine the p ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a us ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can determine wheth ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
	NOTE: The solution is to remove a configuration option. This option
	NOTE: is by default disabled so a default installation is not
	NOTE: vulnerable. It should be fairly obvious that enabling phpinfo
	NOTE: printing can show more information than what should be used in
	NOTE: a production environment. This is the motivation that it is not
	NOTE: solved for wheezy.
CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper enforcement o ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can cause a  ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
CVE-2016-6622 (An issue was discovered in phpMyAdmin. An unauthenticated user is able ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
CVE-2016-6621 (The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15. ...)
	{DLA-1415-1 DLA-834-1}
	- phpmyadmin 4:4.6.6-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
CVE-2016-6620 (An issue was discovered in phpMyAdmin. Some data is passed to the PHP  ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
CVE-2016-6619 (An issue was discovered in phpMyAdmin. In the user interface preferenc ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
CVE-2016-6618 (An issue was discovered in phpMyAdmin. The transformation feature allo ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
CVE-2016-6617 (An issue was discovered in phpMyAdmin. A specially crafted database an ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6616 (An issue was discovered in phpMyAdmin. In the "User group" and "Design ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
CVE-2016-6615 (XSS issues were discovered in phpMyAdmin. This affects navigation pane ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username replac ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially craft a sy ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOC ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted database an ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in phpMyAdmin wher ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
	NOTE: Not relevant to packaged version in Debian
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted database na ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the database pr ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom search (sp ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
	NOT-FOR-US: Impala
CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android L ...)
	NOT-FOR-US: Samsung
CVE-2016-7513 (Off-by-one error in magick/cache.c in ImageMagick allows remote attack ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832455)
	[wheezy] - imagemagick <not-affected> (Affected code does not exist in version 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allow ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
	NOTE: https://bugs.launchpad.net/bugs/1533442
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/83
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7515 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
	NOTE: https://bugs.launchpad.net/bugs/1533445
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8957 (Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attac ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832464)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attacker ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533452
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533449
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533447
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7519 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533445
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remot ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
	NOTE: https://bugs.launchpad.net/bugs/1537213
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows remot ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
	NOTE: https://bugs.launchpad.net/bugs/1537418
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7522 (The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
	NOTE: https://bugs.launchpad.net/bugs/1537419
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7523 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
	NOTE: https://bugs.launchpad.net/bugs/1537420
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7524 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
	NOTE: https://bugs.launchpad.net/bugs/1537422
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows remot ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832480)
	[wheezy] - imagemagick <not-affected> (The affected function, GetPSDRowSize, does not exist in version 6.7.7.10)
	NOTE: https://bugs.launchpad.net/bugs/1537424
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
	NOTE: https://bugs.launchpad.net/bugs/1539050
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
	NOTE: https://bugs.launchpad.net/bugs/1542115
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7528 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
	NOTE: https://bugs.launchpad.net/bugs/1537425
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
	NOTE: https://bugs.launchpad.net/bugs/1539051
	NOTE: https://bugs.launchpad.net/bugs/1539052
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/104
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ca ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
	NOTE: https://bugs.launchpad.net/bugs/1539067
	NOTE: https://bugs.launchpad.net/bugs/1539053
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/105
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/110
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7531 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
	NOTE: https://bugs.launchpad.net/bugs/1539061
	NOTE: https://bugs.launchpad.net/bugs/1542112
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
	NOTE: https://bugs.launchpad.net/bugs/1539066
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7533 (The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
	NOTE: https://bugs.launchpad.net/bugs/1542114
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
	NOTE: https://bugs.launchpad.net/bugs/1542785
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
	NOTE: https://bugs.launchpad.net/bugs/1545180
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a den ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
	NOTE: https://bugs.launchpad.net/bugs/1545367
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7537 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
	NOTE: https://bugs.launchpad.net/bugs/1553366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
	NOTE: https://bugs.launchpad.net/bugs/1556273
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8959 (coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attacker ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2014-9907 (coders/dds.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832942)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7539 (Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows rem ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
	[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
	NOTE: https://bugs.launchpad.net/bugs/1594060
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypas ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6601 (Directory traversal vulnerability in the file download functionality i ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in  ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET rem ...)
	NOT-FOR-US: BMC Track-It!
CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET rem ...)
	NOT-FOR-US: BMC Track-It!
CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Tr ...)
	NOT-FOR-US: Sophos EAS Proxy
	NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
CVE-2016-6596
	RESERVED
CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and  ...)
	NOT-FOR-US: Blue Coat
CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll and ot ...)
	NOT-FOR-US: Symantec VIP Access
CVE-2016-6592 (A vulnerability was found in Symantec Norton Download Manager versions ...)
	NOT-FOR-US: Symantec
CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App Lock 1.0 ...)
	NOT-FOR-US: Symantec
CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs during b ...)
	NOT-FOR-US: Symantec
CVE-2016-6589 (A Denial of Service vulnerability exists in the ITMS workflow process  ...)
	NOT-FOR-US: Symantec
CVE-2016-6588 (A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow ...)
	NOT-FOR-US: Symantec
CVE-2016-6587 (An Information Disclosure vulnerability exists in the mid.dat file sto ...)
	NOT-FOR-US: Symantec
CVE-2016-6586 (A security bypass vulnerability exists in Symantec Norton Mobile Secur ...)
	NOT-FOR-US: Symantec
CVE-2016-6585 (A Denial of Service vulnerability exists in Symantec Norton Mobile Sec ...)
	NOT-FOR-US: Symantec
CVE-2016-6584
	RESERVED
CVE-2016-6583
	RESERVED
CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers  ...)
	- ruby-doorkeeper 4.2.0-3 (bug #834843)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875
CVE-2016-6579
	REJECTED
CVE-2016-6578 (CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a glob ...)
	NOT-FOR-US: CodeLathe FileCloud
CVE-2016-6577
	RESERVED
CVE-2016-6576
	RESERVED
CVE-2016-6575
	RESERVED
CVE-2016-6574
	RESERVED
CVE-2016-6573
	RESERVED
CVE-2016-6572
	RESERVED
CVE-2016-6571
	RESERVED
CVE-2016-6570
	RESERVED
CVE-2016-6569
	RESERVED
CVE-2016-6568
	RESERVED
CVE-2016-6567 (SHDesigns' Resident Download Manager provides firmware update capabili ...)
	NOT-FOR-US: SHDesigns
CVE-2016-6566 (The valueAsString parameter inside the JSON payload contained by the u ...)
	NOT-FOR-US: Sungard
CVE-2016-6565 (The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-6564 (Android devices with code from Ragentek contain a privileged binary th ...)
	NOT-FOR-US: Ragentek
CVE-2016-6563 (Processing malformed SOAP messages when performing the HNAP Login acti ...)
	NOT-FOR-US: HNAP
CVE-2016-6562 (On iOS and Android devices, the ShoreTel Mobility Client app version 9 ...)
	NOT-FOR-US: ShoreTel Mobility Client
CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash. ...)
	NOT-FOR-US: illumos
CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations make s ...)
	NOT-FOR-US: illumos
CVE-2016-6559 (Improper bounds checking of the obuf variable in the link_ntoa() funct ...)
	NOT-FOR-US: freebsd libc
CVE-2016-6558 (A command injection vulnerability exists in apply.cgi on the ASUS RP-A ...)
	NOT-FOR-US: ASUS
CVE-2016-6557 (In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possi ...)
	NOT-FOR-US: ASUS RP-AC52 access points
CVE-2016-6556
	RESERVED
CVE-2016-6555
	RESERVED
CVE-2016-6554 (Synology NAS servers DS107, firmware version 3.1-1639 and prior, and D ...)
	NOT-FOR-US: Synology
CVE-2016-6553 (Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-ra ...)
	NOT-FOR-US: Nuuo NT-4040 Titan
CVE-2016-6552 (Green Packet DX-350 uses non-random default credentials of: root:wimax ...)
	NOT-FOR-US: Green Packet DX-350
CVE-2016-6551 (Intellian Satellite TV antennas t-Series and v-Series, firmware versio ...)
	NOT-FOR-US: Intellian
CVE-2016-6550 (The U by BB&amp;T app 1.5.4 and earlier for iOS does not properly veri ...)
	NOT-FOR-US: BB&T
CVE-2016-6549 (The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, wh ...)
	NOT-FOR-US: Zizai Tech Nut device
CVE-2016-6548 (The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS ...)
	NOT-FOR-US: Zizai Tech Nut mobile app
CVE-2016-6547 (The Zizai Tech Nut mobile app stores the account password used to auth ...)
	NOT-FOR-US: Zizai Tech Nut mobile app
CVE-2016-6546 (The iTrack Easy mobile application stores the account password used to ...)
	NOT-FOR-US: iTrack
CVE-2016-6545 (Session cookies are not used for maintaining valid sessions in iTrack  ...)
	NOT-FOR-US: iTrack
CVE-2016-6544 (getgps data in iTrack Easy can be modified without authentication by s ...)
	NOT-FOR-US: iTrack
CVE-2016-6543 (A captured MAC/device ID of an iTrack Easy can be registered under mul ...)
	NOT-FOR-US: iTrack
CVE-2016-6542 (The iTrack device tracking ID number, also called "LosserID" in the we ...)
	NOT-FOR-US: iTrack
CVE-2016-6541 (TrackR Bravo device allows unauthenticated pairing, which enables unau ...)
	NOT-FOR-US: TrackR
CVE-2016-6540 (Unauthenticated access to the cloud-based service maintained by TrackR ...)
	NOT-FOR-US: TrackR
CVE-2016-6539 (The Trackr device ID is constructed of a manufacturer identifier of fo ...)
	NOT-FOR-US: TrackR
CVE-2016-6538 (The TrackR Bravo mobile app stores the account password used to authen ...)
	NOT-FOR-US: TrackR
CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store  ...)
	NOT-FOR-US: AVer
CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware X9.0 ...)
	NOT-FOR-US: AVer
CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have h ...)
	NOT-FOR-US: AVer
CVE-2016-6534 (Opmantek NMIS before 4.3.7c has command injection via man, finger, pin ...)
	NOT-FOR-US: Opmantek NMIS
CVE-2016-6533
	RESERVED
CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, wh ...)
	NOT-FOR-US: DEXIS
CVE-2016-6531 (** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root ...)
	NOT-FOR-US: Open Dental
CVE-2016-6530 (Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default  ...)
	NOT-FOR-US: Dentsply Sirona
CVE-2016-6529
	RESERVED
CVE-2016-6528
	RESERVED
CVE-2016-6524
	RESERVED
CVE-2008-7318
	RESERVED
CVE-2008-7317
	RESERVED
CVE-2016-6527 (The SmartCall Activity component in Telecom application on Samsung Not ...)
	NOT-FOR-US: Samsung
	NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6526 (The SpamCall Activity component in Telecom application on Samsung Note ...)
	NOT-FOR-US: Samsung
	NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6595 (** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote au ...)
	- docker.io <not-affected> (Only affects Docker 1.12)
	NOTE: http://seclists.org/oss-sec/2016/q3/198
CVE-2016-6581 (A HTTP/2 implementation built using any version of the Python HPACK li ...)
	- python-hpack 2.3.0-1 (bug #833467)
	NOTE: https://github.com/python-hyper/hpack/pull/56
CVE-2016-6580 (A HTTP/2 implementation built using any version of the Python priority ...)
	NOT-FOR-US: Python Priority
	NOTE: https://github.com/python-hyper/priority/pull/23
CVE-2016-6519 (Cross-site scripting (XSS) vulnerability in the "Shares" overview in O ...)
	- manila-ui 2.5.1-0 (bug #838017)
CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S1 ...)
	NOT-FOR-US: Huawei
CVE-2016-6517 (Directory traversal vulnerability in Liferay 5.1.0 allows remote attac ...)
	NOT-FOR-US: Liferay
CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before  ...)
	{DLA-1500-1 DLA-594-1}
	- openssh 1:7.3p1-1 (bug #833823)
	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97
CVE-2016-6514
	RESERVED
CVE-2016-6502
	RESERVED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute arbit ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in  ...)
	NOT-FOR-US: ForgeRock
CVE-2016-6499
	RESERVED
CVE-2016-6498
	RESERVED
CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...)
	NOT-FOR-US: Groovy LDAP extension
CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function in pdf ...)
	{DSA-3655-1 DLA-589-1}
	- mupdf 1.9a+ds1-1.2 (bug #833417)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media manag ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
CVE-2016-6522 (Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in O ...)
	NOT-FOR-US: OpenBSD
CVE-2016-6521 (Cross-site request forgery (CSRF) vulnerability in Grails console (aka ...)
	- grails <itp> (bug #473213)
CVE-2016-6520 (Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7  ...)
	- imagemagick <not-affected> (Only affects imagemagick 7, which isn't packaged yet, bug #833485)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30259&p=136359#p136359
CVE-2016-6516 (Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c i ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/54dbc15172375641ef03399e8f911d7165eb90fb (v4.5-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/10eec60ce79187686e052092e5383c99b4420a20
CVE-2016-6495 (NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows rem ...)
	NOT-FOR-US: NetApp
CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDe ...)
	NOT-FOR-US: Citrix
CVE-2016-XXXX [bruteforcable challenge responses in unprotected logfile]
	- mongodb 1:2.6.12-1 (bug #833087)
	[jessie] - mongodb 1:2.4.10-5+deb8u1
	[wheezy] - mongodb 1:2.0.6-1.1+deb7u1
	NOTE: Fixed in experimental 1:2.6.11-1, first version in unstable 1:2.6.12-1
	NOTE: https://jira.mongodb.org/browse/SERVER-9476
	NOTE: Fixed by: https://github.com/mongodb/mongo/commit/f85ceb17b37210eef71e8113162c41368bfd5c12
CVE-2016-6492 (The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driv ...)
	NOT-FOR-US: Out of tree driver from https://github.com/jawad6233/MT6795.kernel
CVE-2016-6488
	RESERVED
CVE-2016-6487
	RESERVED
CVE-2016-6486 (Siemens SINEMA Server uses weak permissions for the application folder ...)
	NOT-FOR-US: Siemens Sinema Server
	NOTE: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf
CVE-2016-6494 (The client in MongoDB uses world-readable permissions on .dbshell hist ...)
	{DLA-588-1}
	- mongodb 1:2.6.12-3 (bug #832908)
	[jessie] - mongodb 1:2.4.10-5+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
CVE-2016-6491 (Buffer overflow in the Get8BIMProperty function in MagickCore/property ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 (The RSA and DSA decryption code in Nettle makes it easier for attacker ...)
	{DLA-593-1}
	- nettle 3.3-1 (bug #832983)
	[jessie] - nettle 2.7.1-5+deb8u2
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
	NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
	NOTE: Cf. http://www.openwall.com/lists/oss-security/2016/07/30/2
	NOTE: Additionally needed: https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
	NOTE: GnuTLS needs an update when/before src:nettle is fixed to continue working with patched src:nettle for CVE-2016-6489
	NOTE: but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
CVE-2016-6485 (The __construct function in Framework/Encryption/Crypt.php in Magento  ...)
	NOT-FOR-US: Magento
CVE-2016-6484 (CRLF injection vulnerability in Infoblox Network Automation NetMRI bef ...)
	NOT-FOR-US: Infoblox Network Automation NetMR
CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x ...)
	- wireshark 2.0.5+ga3be9c6-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-49.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an ov ...)
	- wireshark 2.0.5+ga3be9c6-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-48.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 a ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-47.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector  ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-46.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12. ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-45.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x  ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-44.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
	NOTE: Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12. ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-43.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5a10743258bd016c07ebf6479137fda3d172a0f
	NOTE: Affects 1.12.0 to 1.12.12, fixed 1.12.13
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x  ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-42.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5, 1.12.13
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wiresha ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-41.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1 ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-40.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99
	NOTE: Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6503 (The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windo ...)
	- wireshark <not-affected> (Only affects Wireshark on Windows)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-39.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ...)
	- qemu 1:2.6+dfsg-3.1 (bug #832767)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Issue introduced later)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Issue introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
CVE-2016-6483 (The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, ...)
	NOT-FOR-US: vBulletin
CVE-2016-6482
	RESERVED
CVE-2016-6481
	RESERVED
CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templace.c  ...)
	{DLA-773-1}
	- python-crypto 2.6.1-7 (bug #849495)
	[jessie] - python-crypto 2.6.1-5+deb8u1
	NOTE: https://github.com/dlitz/pycrypto/issues/176
	NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
	NOTE: All users of pycrypto's AES module in Debian that allow the mode
	NOTE: of operation to be specified from outside check for ECB explicitly
	NOTE: and  create the objects without specifying an IV.
CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...)
	{DSA-3634-1 DLA-577-1}
	- redis 2:3.2.1-4 (bug #832460)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
CVE-2016-6480 (Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/ ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3
CVE-2016-6478
	RESERVED
CVE-2016-6477
	RESERVED
CVE-2016-6476
	RESERVED
CVE-2016-6475
	RESERVED
CVE-2016-6474 (A vulnerability in the implementation of X.509 Version 3 for SSH authe ...)
	NOT-FOR-US: Cisco
CVE-2016-6473 (A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Serie ...)
	NOT-FOR-US: Cisco
CVE-2016-6472 (A vulnerability in several parameters of the ccmivr page of Cisco Unif ...)
	NOT-FOR-US: Cisco
CVE-2016-6471 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2016-6470 (A vulnerability in the installation procedure of the Cisco Hybrid Medi ...)
	NOT-FOR-US: Cisco
CVE-2016-6469 (A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2016-6468 (A vulnerability in the web-based management interface of Cisco Emergen ...)
	NOT-FOR-US: Cisco
CVE-2016-6467 (A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6466 (A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Se ...)
	NOT-FOR-US: Cisco
CVE-2016-6465 (A vulnerability in the content filtering functionality of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-6464 (A vulnerability in the web management interface of the Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2016-6463 (A vulnerability in the email filtering functionality of Cisco AsyncOS  ...)
	NOT-FOR-US: Cisco
CVE-2016-6462 (A vulnerability in the email filtering functionality of Cisco AsyncOS  ...)
	NOT-FOR-US: Cisco
CVE-2016-6461 (A vulnerability in the HTTP web-based management interface of the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2016-6460 (A vulnerability in the FTP Representational State Transfer Application ...)
	NOT-FOR-US: Cisco
CVE-2016-6459 (Cisco TelePresence endpoints running either CE or TC software contain  ...)
	NOT-FOR-US: Cisco
CVE-2016-6458 (A vulnerability in the content filtering functionality of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-6457 (A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches  ...)
	NOT-FOR-US: Cisco
CVE-2016-6456
	RESERVED
CVE-2016-6455 (A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series ro ...)
	NOT-FOR-US: Cisco
CVE-2016-6454 (A cross-site request forgery (CSRF) vulnerability in the web interface ...)
	NOT-FOR-US: Cisco
CVE-2016-6453 (A vulnerability in the web framework code of Cisco Identity Services E ...)
	NOT-FOR-US: Cisco
CVE-2016-6452 (A vulnerability in the web-based graphical user interface (GUI) of Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-6451 (Multiple vulnerabilities in the web framework code of the Cisco Prime  ...)
	NOT-FOR-US: Cisco
CVE-2016-6450 (A vulnerability in the package unbundle utility of Cisco IOS XE Softwa ...)
	NOT-FOR-US: Cisco
CVE-2016-6449 (A vulnerability in the system management of certain FireAMP system pro ...)
	NOT-FOR-US: Cisco
CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP) parser of Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-6447 (A vulnerability in Cisco Meeting Server and Meeting App could allow an ...)
	NOT-FOR-US: Cisco Meeting Server and Meeting App
CVE-2016-6446 (A vulnerability in Web Bridge for Cisco Meeting Server could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2016-6445 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
	NOT-FOR-US: Cisco
CVE-2016-6444 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...)
	NOT-FOR-US: Cisco
CVE-2016-6443 (A vulnerability in the Cisco Prime Infrastructure and Evolved Programm ...)
	NOT-FOR-US: Cisco
CVE-2016-6442 (A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6441 (A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR  ...)
	NOT-FOR-US: Cisco ASR 900 Series Aggregation Services Routers
CVE-2016-6440 (The Cisco Unified Communications Manager (CUCM) may be vulnerable to d ...)
	NOT-FOR-US: Cisco
CVE-2016-6439 (A vulnerability in the detection engine reassembly of HTTP packets for ...)
	NOT-FOR-US: Cisco
CVE-2016-6438 (A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Conver ...)
	NOT-FOR-US: Cisco
CVE-2016-6437 (A vulnerability in the SSL session cache management of Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2016-6436 (Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062  ...)
	NOT-FOR-US: Cisco
CVE-2016-6435 (The web console in Cisco Firepower Management Center 6.0.1 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2016-6434 (Cisco Firepower Management Center 6.0.1 has hardcoded database credent ...)
	NOT-FOR-US: Cisco
CVE-2016-6433 (The Threat Management Console in Cisco Firepower Management Center 5.2 ...)
	NOT-FOR-US: Cisco
CVE-2016-6432 (A vulnerability in the Identity Firewall feature of Cisco ASA Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6431 (A vulnerability in the local Certificate Authority (CA) feature of Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-6430 (A vulnerability in the command-line interface of the Cisco IP Interope ...)
	NOT-FOR-US: Cisco
CVE-2016-6429 (A vulnerability in the web framework code of the Cisco IP Interoperabi ...)
	NOT-FOR-US: Cisco
CVE-2016-6428 (Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands ...)
	NOT-FOR-US: Cisco
CVE-2016-6427 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intel ...)
	NOT-FOR-US: Cisco
CVE-2016-6426 (The j_spring_security_switch_user function in Cisco Unified Intelligen ...)
	NOT-FOR-US: Cisco
CVE-2016-6425 (Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence ...)
	NOT-FOR-US: Cisco
CVE-2016-6424 (The DHCP Relay implementation in Cisco Adaptive Security Appliance (AS ...)
	NOT-FOR-US: Cisco
CVE-2016-6423 (The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M a ...)
	NOT-FOR-US: Cisco
CVE-2016-6422 (Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 650 ...)
	NOT-FOR-US: Cisco
CVE-2016-6421 (Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Cisco
CVE-2016-6420 (Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Mana ...)
	NOT-FOR-US: Cisco
CVE-2016-6419 (SQL injection vulnerability in Cisco Firepower Management Center 4.10. ...)
	NOT-FOR-US: Cisco
CVE-2016-6418 (Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribut ...)
	NOT-FOR-US: Cisco
CVE-2016-6417 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT Sys ...)
	NOT-FOR-US: Cisco
CVE-2016-6416 (The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) dev ...)
	NOT-FOR-US: Cisco
CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15. ...)
	NOT-FOR-US: Cisco
CVE-2016-6414 (iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 ...)
	NOT-FOR-US: Cisco
CVE-2016-6413 (The installation procedure on Cisco Application Policy Infrastructure  ...)
	NOT-FOR-US: Cisco
CVE-2016-6412 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6411 (Cisco Firepower Management Center and FireSIGHT System Software 6.0.1  ...)
	NOT-FOR-US: Cisco
CVE-2016-6410 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6409 (The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, w ...)
	NOT-FOR-US: Cisco
CVE-2016-6408 (Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Cisco
CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) device ...)
	NOT-FOR-US: Cisco
CVE-2016-6406 (Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7 ...)
	NOT-FOR-US: Cisco
CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, ...)
	NOT-FOR-US: Cisco
CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computi ...)
	NOT-FOR-US: Cisco
CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carri ...)
	NOT-FOR-US: Cisco
CVE-2016-6400
	RESERVED
CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4 ...)
	NOT-FOR-US: Cisco
CVE-2016-6398 (The PPTP server in Cisco IOS 15.5(3)M does not properly initialize pac ...)
	NOT-FOR-US: Cisco
CVE-2016-6397 (A vulnerability in the interdevice communications interface of the Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-6396 (Cisco Firepower Management Center before 6.1 and FireSIGHT System Soft ...)
	NOT-FOR-US: Cisco
CVE-2016-6395 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-6394 (Session fixation vulnerability in Cisco Firepower Management Center an ...)
	NOT-FOR-US: Cisco
CVE-2016-6393 (The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 a ...)
	NOT-FOR-US: Cisco
CVE-2016-6392 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow  ...)
	NOT-FOR-US: Cisco
CVE-2016-6391 (Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco
CVE-2016-6390
	REJECTED
CVE-2016-6389
	REJECTED
CVE-2016-6388
	REJECTED
CVE-2016-6387
	REJECTED
CVE-2016-6386 (Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remo ...)
	NOT-FOR-US: Cisco
CVE-2016-6385 (Memory leak in the Smart Install client implementation in Cisco IOS 12 ...)
	NOT-FOR-US: Cisco
CVE-2016-6384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 throu ...)
	NOT-FOR-US: Cisco
CVE-2016-6383
	REJECTED
CVE-2016-6382 (Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow ...)
	NOT-FOR-US: Cisco
CVE-2016-6381 (Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6380 (The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 ...)
	NOT-FOR-US: Cisco
CVE-2016-6379 (Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote atta ...)
	NOT-FOR-US: Cisco
CVE-2016-6378 (Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote atta ...)
	NOT-FOR-US: Cisco
CVE-2016-6377 (Media Origination System Suite Software 2.6 and earlier in Cisco Virtu ...)
	NOT-FOR-US: Cisco
CVE-2016-6376 (The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-6375 (Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x an ...)
	NOT-FOR-US: Cisco
CVE-2016-6374 (Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers t ...)
	NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6373 (The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allo ...)
	NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6372 (A vulnerability in the email message and content filtering for malform ...)
	NOT-FOR-US: Cisco
CVE-2016-6371 (Directory traversal vulnerability in the web interface in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2016-6370 (Directory traversal vulnerability in the web interface in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x bef ...)
	NOT-FOR-US: Cisco
CVE-2016-6368 (A vulnerability in the detection engine parsing of Pragmatic General M ...)
	NOT-FOR-US: Cisco
CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA  ...)
	NOT-FOR-US: Cisco
CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software th ...)
	NOT-FOR-US: Cisco
CVE-2016-6365 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2016-6364 (The User Data Services (UDS) API implementation in Cisco Unified Commu ...)
	NOT-FOR-US: Cisco
CVE-2016-6363 (The rate-limit feature in the 802.11 protocol implementation on Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2016-6362 (Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.11 ...)
	NOT-FOR-US: Cisco
CVE-2016-6361 (The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2016-6360 (A vulnerability in Advanced Malware Protection (AMP) for Cisco Email S ...)
	NOT-FOR-US: Cisco
CVE-2016-6359 (Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway In ...)
	NOT-FOR-US: Cisco
CVE-2016-6358 (A vulnerability in local FTP to the Cisco Email Security Appliance (ES ...)
	NOT-FOR-US: Cisco
CVE-2016-6357 (A vulnerability in the configured security policies, including drop em ...)
	NOT-FOR-US: Cisco
CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5,  ...)
	NOT-FOR-US: Cisco
CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...)
	NOT-FOR-US: Cloudera
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception hand ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a  ...)
	NOT-FOR-US: Red Hat JBoss bpm Suite
CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-6342 (elog 3.1.1 allows remote attackers to post data as any username in the ...)
	- elog 3.1.2-1-1 (bug #836505)
	[jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1
	NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
	NOTE: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
CVE-2016-6341 (oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6340 (The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces  ...)
	NOT-FOR-US: Red Hat QCI
CVE-2016-6339
	REJECTED
CVE-2016-6338 (ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Ma ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6337 (MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass  ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6336 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6335 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6334 (Cross-site scripting (XSS) vulnerability in the Parser::replaceInterna ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6333 (Cross-site scripting (XSS) vulnerability in the CSS user subpage previ ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6332 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL authent ...)
	NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for remote  ...)
	- openvpn <unfixed> (unimportant)
	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...)
	{DLA-2214-1}
	- libexif 0.6.21-2.1 (bug #873022)
	[stretch] - libexif <no-dsa> (Minor issue)
	[wheezy] - libexif <no-dsa> (Minor issue)
	NOTE: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26&r2=1.27
CVE-2016-6327 (drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/51093254bf879bc9ce96590400a87897c7498463 (4.6-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/3e4f574857eebce60bb56d7524f3f9eaa2a126d0 (v3.8-rc1)
CVE-2016-6326
	RESERVED
CVE-2016-6325 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBo ...)
	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367447
CVE-2016-6324
	RESERVED
CVE-2016-6323 (The makecontext function in the GNU C Library (aka glibc or libc6) bef ...)
	- glibc 2.24-1 (bug #834752)
	[jessie] - glibc 2.19-18+deb8u6
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20435
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
CVE-2016-6322 (Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissio ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6321 (Directory traversal vulnerability in the safer_name_suffix function in ...)
	{DSA-3702-1 DLA-690-1}
	- tar 1.29b-1.1 (bug #842339)
	NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
	NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
	NOTE: Proposed patch by Antoine Beaupre: https://lists.debian.org/debian-lts/2016/10/msg00206.html
	NOTE: Proposed patch upstream: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in app/assets/javascripts/hos ...)
	- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
	- foreman <itp> (bug #663101)
CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in lib/fa ...)
	{DLA-2220-1 DLA-599-1}
	- cracklib2 2.9.2-2 (bug #834502)
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
CVE-2016-6317 (Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly  ...)
	- rails 2:4.2.7.1-1 (bug #834154)
	[jessie] - rails <not-affected> (Vulnerable code not present, introduced in 4.2)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package and introduced in 4.2 anyway)
CVE-2016-6316 (Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rai ...)
	{DSA-3651-1 DLA-604-1}
	- rails 2:4.2.7.1-1 (low; bug #834155)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-actionpack-3.2 <removed>
	NOTE: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164
CVE-2016-6315
	RESERVED
CVE-2016-6314
	RESERVED
CVE-2016-6313 (The mixing functions in the random number generator in Libgcrypt befor ...)
	{DSA-3650-1 DSA-3649-1 DLA-602-1 DLA-600-1}
	- gnupg2 <not-affected> (Uses system libgcrypt)
	- gnupg1 1.4.21-1 (bug #834894)
	- gnupg <removed> (bug #834893)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	- libgcrypt20 1.7.3-1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 (1.7)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501 (1.7)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=190b0429b70eb4a3573377e95755d9cc13c38461 (1.6)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=c748f87436d693f092a4484571a3cc7f650b5c81 (1.6)
	- libgcrypt11 <removed>
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a
	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6312 (The mod_dontdothat component of the mod_dav_svn Apache module in Subve ...)
	- apr-util <not-affected> (RHEL-5.11 specific regression)
CVE-2016-6311 (Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose ...)
	NOT-FOR-US: WildFly / Red Hat JBoss EAP
CVE-2016-6310 (oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /v ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6309 (statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movem ...)
	[experimental] - openssl 1.1.0b-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-6308 (statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 befor ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=48c054fec3506417b2598837b8062aae7114c200
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6307 (The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a alloca ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=c1ef7c971d0bbf117c3c80f65b5875e2e7b024b1
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6306 (The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6305 (The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.1.0a
CVE-2016-6304 (Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 befo ...)
	{DSA-3673-1 DLA-637-1}
	[experimental] - openssl 1.1.0a-1
	- openssl 1.0.2i-1
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.1.0a, 1.0.2i, 1.0.1u
CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1. ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6301 (The recv_and_process_client_pkt function in networking/ntpd.c in busyb ...)
	- busybox 1:1.27.2-1 (unimportant; bug #833442)
	NOTE: NTP server not enabled by default in debian/config/pkg/* via CONFIG_NTPD
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
CVE-2016-6300
	REJECTED
CVE-2016-6299 (The scm plug-in in mock might allow attackers to bypass the intended c ...)
	- mock 1.3.2-1 (bug #850320)
	[jessie] - mock <not-affected> (Parsing is done before, after temporarily dropping super-user privileges at startup)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1375490
	NOTE: https://github.com/rpm-software-management/mock/commit/8b02f43beadacf6911200b48d94e39e891a41da9 (mock-1.2.21)
CVE-2016-6298 (The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in  ...)
	- python-jwcrypto 0.3.2-1
	NOTE: https://github.com/latchset/jwcrypto/issues/65
	NOTE: https://github.com/latchset/jwcrypto/pull/66
	NOTE: https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba
	NOTE: Code moved around in git, for 0.3.2 it is in jwe.py
CVE-2016-6354 (Heap-based buffer overflow in the yy_get_next_buffer function in Flex  ...)
	{DSA-3653-2 DSA-3653-1}
	- flex 2.6.1-1 (bug #832768)
	[wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
	NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
	NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-3.1 (bug #832621)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
	NOTE: According to maintainer the fix relies on the fix for CVE-2016-4439
CVE-2016-6350 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (N ...)
	NOT-FOR-US: OpenBSD
CVE-2016-6349 (The machinectl command in oci-register-machine allows local users to l ...)
	NOT-FOR-US: oci-register-machine
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
	NOTE: Requirement is that docker containers would register themselves to
	NOTE: to systemd-machined by oci-register-machine (not packaged in Debian,
	NOTE: and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
	NOTE: not applied to docker.io).
	NOTE: https://github.com/systemd/systemd/issues/3815
	NOTE: The problem as well only arises with docker fork in RedHat, not with upstream docker
	NOTE: https://github.com/projectatomic/oci-register-machine/pull/22
CVE-2016-6287 (The "http-client" egg always used a HTTP_PROXY environment variable to ...)
	NOT-FOR-US: Addons for Chicken
CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" head ...)
	NOT-FOR-US: Addons for Chicken
CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in includes/decorators/global ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2016-6284
	RESERVED
CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence befor ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-6282
	RESERVED
CVE-2016-6281
	RESERVED
CVE-2016-6280
	RESERVED
CVE-2016-6279
	RESERVED
CVE-2016-6278
	RESERVED
CVE-2016-6277 (NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 b ...)
	NOT-FOR-US: Netgear routers
CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual D ...)
	NOT-FOR-US: Citrix
CVE-2016-6275
	RESERVED
CVE-2016-6274
	RESERVED
CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License M ...)
	NOT-FOR-US: Flexera
CVE-2016-6272 (XPath injection vulnerability in Epic MyChart allows remote attackers  ...)
	NOT-FOR-US: EPIC MyChart
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip/zip_ ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72520
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...)
	{DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72606
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
	- xmlrpc-epi 0.54.2-1.2 (bug #832959)
	NOTE: In stretch/sid php7.0 is using the system library not the embedded one.
CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72479
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6294 (The locale_accept_from_http function in ext/intl/locale/locale_methods ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72533
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in Interna ...)
	{DSA-3725-1 DLA-615-1}
	- icu 57.1-4
	NOTE: http://bugs.icu-project.org/trac/changeset/39109
	NOTE: http://bugs.icu-project.org/trac/ticket/12652
	NOTE: And possibly needs some more follow-up fixes, cf. with upstream changes
	NOTE: around/later than changeset 39109.
CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP befor ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72618
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72603
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72562
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6289 (Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72513
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the- ...)
	- bzrtp 1.0.2-1.2 (bug #859277)
	NOTE: Fixed by: https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b
CVE-2016-6270 (The handle_certificate function in /vmi/manager/engine/management/comm ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6269 (Multiple directory traversal vulnerabilities in Trend Micro Smart Prot ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6268 (Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before  ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6267 (SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6266 (ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6260
	RESERVED
CVE-2016-6259 (Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Preven ...)
	- xen 4.8.0~rc3-1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	[wheezy] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: http://xenbits.xen.org/xsa/advisory-183.html
CVE-2016-6258 (The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows ...)
	{DSA-3633-1 DLA-571-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-182.html
CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon S ...)
	NOT-FOR-US: Lenovo
CVE-2016-6256 (SAP Business One for Android 1.2.3 allows remote attackers to conduct  ...)
	NOT-FOR-US: SAP
CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in network.c i ...)
	{DSA-3636-1 DLA-575-1}
	- collectd 5.5.2-1 (bug #832507)
	NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
	NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, an ...)
	NOT-FOR-US: mail.local in NetBSD
CVE-2016-1000218 (Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerab ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability]
	{DSA-3642-1 DLA-583-1}
	- lighttpd 1.4.43-1 (bug #832571)
	NOTE: https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff
	NOTE: CVE assigned for the mitigation to identify the fix. But it is not a vulnerability in lighttpd itself.
CVE-2016-1000211
	RESERVED
CVE-2016-1000210
	RESERVED
CVE-2016-1000209
	RESERVED
CVE-2016-1000208
	RESERVED
CVE-2016-1000207
	RESERVED
CVE-2016-1000206
	RESERVED
CVE-2016-1000205
	RESERVED
CVE-2016-1000204
	RESERVED
CVE-2016-1000203
	RESERVED
CVE-2016-1000202
	RESERVED
CVE-2016-1000201
	RESERVED
CVE-2016-1000200
	RESERVED
CVE-2016-1000199
	RESERVED
CVE-2016-1000198
	RESERVED
CVE-2016-1000197
	RESERVED
CVE-2016-1000196
	RESERVED
CVE-2016-1000195
	RESERVED
CVE-2016-1000194
	RESERVED
CVE-2016-1000193
	RESERVED
CVE-2016-1000192
	RESERVED
CVE-2016-1000191
	RESERVED
CVE-2016-1000190
	RESERVED
CVE-2016-1000189
	RESERVED
CVE-2016-1000188
	RESERVED
CVE-2016-1000187
	RESERVED
CVE-2016-1000186
	RESERVED
CVE-2016-1000185
	RESERVED
CVE-2016-1000184
	RESERVED
CVE-2016-1000183
	RESERVED
CVE-2016-1000182
	RESERVED
CVE-2016-1000181
	RESERVED
CVE-2016-1000180
	RESERVED
CVE-2016-1000179
	RESERVED
CVE-2016-1000178
	RESERVED
CVE-2016-1000177
	RESERVED
CVE-2016-1000176
	RESERVED
CVE-2016-1000175
	RESERVED
CVE-2016-1000174
	RESERVED
CVE-2016-1000173
	RESERVED
CVE-2016-1000172
	RESERVED
CVE-2016-1000171
	RESERVED
CVE-2016-1000170
	RESERVED
CVE-2016-1000169
	RESERVED
CVE-2016-1000168
	RESERVED
CVE-2016-1000167
	RESERVED
CVE-2016-1000166
	RESERVED
CVE-2016-1000165
	RESERVED
CVE-2016-1000164
	RESERVED
CVE-2016-1000163
	RESERVED
CVE-2016-1000162
	RESERVED
CVE-2016-1000161
	RESERVED
CVE-2016-1000160
	RESERVED
CVE-2016-1000159
	RESERVED
CVE-2016-1000158
	RESERVED
CVE-2016-1000157
	RESERVED
CVE-2016-1000156 (Mailcwp remote file upload vulnerability incomplete fix v1.100 ...)
	NOT-FOR-US: WordPress plugin mailcwp
CVE-2016-1000155 (Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 ...)
	NOT-FOR-US: Wordpress plugin wpsolr-search-engine
CVE-2016-1000154 (Reflected XSS in wordpress plugin whizz v1.0.7 ...)
	NOT-FOR-US: Wordpress plugin whizz
CVE-2016-1000153 (Reflected XSS in wordpress plugin tidio-gallery v1.1 ...)
	NOT-FOR-US: Wordpress plugin tidio-gallery
CVE-2016-1000152 (Reflected XSS in wordpress plugin tidio-form v1.0 ...)
	NOT-FOR-US: Wordpress plugin tidio-form
CVE-2016-1000151 (Reflected XSS in wordpress plugin tera-charts v1.0 ...)
	NOT-FOR-US: Wordpress plugin tera-charts
CVE-2016-1000150 (Reflected XSS in wordpress plugin simplified-content v1.0.0 ...)
	NOT-FOR-US: Wordpress plugin simplified-content
CVE-2016-1000149 (Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 ...)
	NOT-FOR-US: Wordpress plugin simpel-reserveren
CVE-2016-1000148 (Reflected XSS in wordpress plugin s3-video v0.983 ...)
	NOT-FOR-US: Wordpress plugin s3-video
CVE-2016-1000147 (Reflected XSS in wordpress plugin recipes-writer v1.0.4 ...)
	NOT-FOR-US: Wordpress plugin recipes-writer
CVE-2016-1000146 (Reflected XSS in wordpress plugin pondol-formmail v1.1 ...)
	NOT-FOR-US: Wordpress plugin pondol-formmail
CVE-2016-1000145 (Reflected XSS in wordpress plugin pondol-carousel v1.0 ...)
	NOT-FOR-US: Wordpress plugin pondol-carousel
CVE-2016-1000144 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
	NOT-FOR-US: Wordpress plugin photoxhibit
CVE-2016-1000143 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
	NOT-FOR-US: Wordpress plugin photoxhibit
CVE-2016-1000142 (Reflected XSS in wordpress plugin parsi-font v4.2.5 ...)
	NOT-FOR-US: Wordpress plugin parsi-font
CVE-2016-1000141 (Reflected XSS in wordpress plugin page-layout-builder v1.9.3 ...)
	NOT-FOR-US: Wordpress plugin page-layout-builder
CVE-2016-1000140 (Reflected XSS in wordpress plugin new-year-firework v1.1.9 ...)
	NOT-FOR-US: Wordpress plugin new-year-firework
CVE-2016-1000139 (Reflected XSS in wordpress plugin infusionsoft v1.5.11 ...)
	NOT-FOR-US: Wordpress plugin infusionsoft
CVE-2016-1000138 (Reflected XSS in wordpress plugin indexisto v1.0.5 ...)
	NOT-FOR-US: Wordpress plugin indexisto
CVE-2016-1000137 (Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 ...)
	NOT-FOR-US: Wordpress plugin hero-maps-pro
CVE-2016-1000136 (Reflected XSS in wordpress plugin heat-trackr v1.0 ...)
	NOT-FOR-US: Wordpress plugin heat-trackr
CVE-2016-1000135 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
	NOT-FOR-US: Wordpress plugin hdw-tube
CVE-2016-1000134 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
	NOT-FOR-US: Wordpress plugin hdw-tube
CVE-2016-1000133 (Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1. ...)
	NOT-FOR-US: Wordpress plugin forget-about-shortcode-buttons
CVE-2016-1000132 (Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 ...)
	NOT-FOR-US: Wordpress plugin enhanced-tooltipglossary
CVE-2016-1000131 (Reflected XSS in wordpress plugin e-search v1.0 ...)
	NOT-FOR-US: Wordpress plugin e-search
CVE-2016-1000130 (Reflected XSS in wordpress plugin e-search v1.0 ...)
	NOT-FOR-US: Wordpress plugin e-search
CVE-2016-1000129 (Reflected XSS in wordpress plugin defa-online-image-protector v3.3 ...)
	NOT-FOR-US: Wordpress plugin defa-online-image-protector
CVE-2016-1000128 (Reflected XSS in wordpress plugin anti-plagiarism v3.60 ...)
	NOT-FOR-US: Wordpress plugin anti-plagiarism
CVE-2016-1000127 (Reflected XSS in wordpress plugin ajax-random-post v2.00 ...)
	NOT-FOR-US: Wordpress plugin ajax-random-post
CVE-2016-1000126 (Reflected XSS in wordpress plugin admin-font-editor v1.8 ...)
	NOT-FOR-US: Wordpress plugin admin-font-editor
CVE-2016-1000125 (Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla ...)
	NOT-FOR-US: Joomla component Huge-IT Catalog
CVE-2016-1000124 (Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0 ...)
	NOT-FOR-US: Joomla component Huge-IT Portfolio Gallery
CVE-2016-1000123 (Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joom ...)
	NOT-FOR-US: Joomla component Huge-IT Video Gallery
CVE-2016-1000122 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
	NOT-FOR-US: Joomla extension Huge IT Joomla Slider
CVE-2016-1000121 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
	NOT-FOR-US: Joomla extension Huge IT Joomla Slider
CVE-2016-1000120 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
	NOT-FOR-US: Joomla extension Huge IT catalog
CVE-2016-1000119 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
	NOT-FOR-US: Joomla extension Huge IT catalog
CVE-2016-1000118 (XSS &amp; SQLi in HugeIT slideshow v1.0.4 ...)
	NOT-FOR-US: Joomla extension HugeIT slideshow
CVE-2016-1000117 (XSS &amp; SQLi in HugeIT slideshow v1.0.4 ...)
	NOT-FOR-US: Joomla extension HugeIT slideshow
CVE-2016-1000116 (Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS ...)
	NOT-FOR-US: Joomla extension Huge-IT Portfolio Gallery manager
CVE-2016-1000115 (Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS ...)
	NOT-FOR-US: Joomla extension Huge-IT Portfolio Gallery manager
CVE-2016-1000114 (XSS in huge IT gallery v1.1.5 for Joomla ...)
	NOT-FOR-US: Joomla extension huge IT gallery
CVE-2016-1000113 (XSS and SQLi in huge IT gallery v1.1.5 for Joomla ...)
	NOT-FOR-US: Joomla extension huge IT gallery
CVE-2016-1000112 (Unauthenticated remote .jpg file upload in contus-video-comments v1.0  ...)
	NOT-FOR-US: WordPress plugin contus-video-comments
CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf- ...)
	{DSA-3655-1}
	- mupdf 1.9a+ds1-1.1 (bug #832031)
	[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
	NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
	NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs,
	NOTE: that part of the code went trough several iterations before it settled down, and
	NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks
	NOTE: quite similar, although the reproducer does not lead to a heap-use-after-free in
	NOTE: the 1.5-1 case.
CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc and uCl ...)
	{DLA-561-1}
	- uclibc-ng <itp> (bug #811275)
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
	NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
	NOTE: Fixed in 1.0.16 of uClibc-ng
CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn be ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2015-8949 (Use-after-free vulnerability in the my_login function in DBD::mysql be ...)
	{DSA-3635-1 DLA-576-1}
	- libdbd-mysql-perl 4.035-1
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
CVE-2015-8948 (idn in GNU libidn before 1.33 might allow remote attackers to obtain s ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 (libidn-1-33)
	NOTE: When fixing this issue, the followup fix http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
	NOTE: is required to fix the problem. (Resultet in followup CVE, CVE-2016-6262
	NOTE: if not applied completely).
CVE-2016-6262 (idn in libidn before 1.33 might allow remote attackers to obtain sensi ...)
	- libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
	NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allo ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d (libidn-1-33)
	NOTE: Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 (libidn-1-33)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout durin ...)
	NOT-FOR-US: F5
CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
	- pagure <not-affected> (Fixed before initial upload to the archive)
CVE-2016-1000030 (Pidgin version &lt;2.11.0 contains a vulnerability in X.509 Certificat ...)
	- pidgin 2.11.0-1 (unimportant)
	[jessie] - pidgin 2.11.0-0+deb8u1
	NOTE: http://www.pidgin.im/news/security/?id=91
	NOTE: https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe
	NOTE: Furthermore pidgin in Debian is not compiled to use GnuTLS (--enable-gnutls=no)
CVE-2016-XXXX [insecure default PATH]
	- dietlibc 0.34~cvs20160606-2 (bug #832169)
	[jessie] - dietlibc 0.33~cvs20120325-6+deb8u1
	[wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1
	NOTE: Workaround entry for DLA-557-1 until CVE is assigned
	NOTE: Following reverse dependencies need to be recompiled: minit (wheezy, jessie),
	NOTE: util-vserver (jessie, sid), mksh (sid, experimental)
	NOTE: http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
CVE-2016-6250 (Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allo ...)
	{DSA-3677-1 DLA-554-1}
	- libarchive 3.2.1-1 (low)
	NOTE: https://github.com/libarchive/libarchive/issues/711
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
	{DSA-3793-1}
	- shadow 1:4.4-1 (bug #832170)
	[wheezy] - shadow <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/shadow-maint/shadow/issues/27
	NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1 (4.3.1)
CVE-2016-6251
	REJECTED
CVE-2016-6248
	RESERVED
CVE-2016-1000029 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...)
	NOT-FOR-US: Nessus
CVE-2016-1000028 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...)
	NOT-FOR-US: Nessus
CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of se ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount pri ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6245 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (k ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6244 (The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6243 (thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local user ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6242 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (a ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6241 (Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 al ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6240 (Integer truncation error in the amap_alloc function in OpenBSD 5.8 and ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6239 (The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attacke ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6238 (The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 al ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6237 (The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1 ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6236 (The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6235 (The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6234 (The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0  ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6231 (Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certific ...)
	NOT-FOR-US: Kaspersky
CVE-2016-6230
	RESERVED
CVE-2016-6229
	RESERVED
CVE-2016-6228
	RESERVED
CVE-2016-6227
	RESERVED
CVE-2016-6226
	RESERVED
CVE-2016-6225 (xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does ...)
	- percona-xtrabackup <removed> (bug #851244)
	[jessie] - percona-xtrabackup <no-dsa> (Minor issue)
	NOTE: https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly
	NOTE: https://github.com/percona/percona-xtrabackup/pull/266
	NOTE: https://github.com/percona/percona-xtrabackup/pull/267
CVE-2016-6222
	RESERVED
CVE-2016-6221
	RESERVED
CVE-2016-6220 (Information Disclosure vulnerability in the Dashboard and Error Pages  ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2016-6219
	RESERVED
CVE-2016-6218
	RESERVED
CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect against  ...)
	- python3.5 3.5.2-3 (unimportant)
	- python3.4 <removed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python2.7 2.7.12-2 (unimportant)
	- python2.6 <removed> (unimportant)
	NOTE: https://bugs.python.org/issue27568
	NOTE: https://github.com/python/cpython/commit/436fe5a447abb69e5e5a4f453325c422af02dcaa (3.4)
	NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
	NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
	NOTE: running as a CGI script
CVE-2016-1000109 (HHVM does not attempt to address RFC 3875 section 4.1.18 namespace con ...)
	- hhvm 3.12.11+dfsg-1 (unimportant)
CVE-2016-1000107 (inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ...)
	- erlang <unfixed> (unimportant)
	NOTE: https://bugs.erlang.org/browse/ERL-198
	NOTE: No part of Erlang does set HTTP_PROXY based on a Proxy: header, just hardening
CVE-2016-1000106
	REJECTED
CVE-2016-1000105
	REJECTED
CVE-2016-1000103
	REJECTED
CVE-2016-1000102
	REJECTED
CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
	- libspring-java 4.2.7-1 (unimportant)
	NOTE: https://www.tenable.com/security/research/tra-2016-20
	NOTE: This is not a vulnerability in Spring itself, just how applications are using it
CVE-2016-6255 (Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers  ...)
	{DSA-3736-1 DLA-597-1}
	- libupnp 1:1.6.19+git20160116-1.1 (bug #831857)
	NOTE: https://twitter.com/mjg59/status/755062278513319936
	NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/18/13
CVE-2016-6233 (The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...)
	- zendframework 1.12.19+dfsg-1
	[jessie] - zendframework <not-affected> (introduced after 1.12.9)
	[wheezy] - zendframework <not-affected> (introduced after 1.12.9)
	NOTE: http://framework.zend.com/security/advisory/ZF2016-02
	NOTE: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
CVE-2016-6232 (Directory traversal vulnerability in KArchive before 5.24, as used in  ...)
	{DSA-3643-1 DLA-570-1}
	- karchive 5.24.0-1
	- kde4libs 4:4.14.22-2 (bug #832620)
	NOTE: The fix for 4:4.14.22-1 was incomplete, cf.
	NOTE: https://lists.debian.org/debian-lts/2016/07/msg00144.html
	NOTE: Fix: https://git.reviewboard.kde.org/r/128185/
CVE-2016-6217 (Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNI ...)
	NOT-FOR-US: Sophos
CVE-2016-6216
	RESERVED
CVE-2016-6215
	RESERVED
CVE-2016-6212 (The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views m ...)
	- drupal8 <itp> (bug #756305)
CVE-2016-6210 (sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...)
	{DSA-3626-1 DLA-578-1}
	- openssh 1:7.2p2-6 (bug #831902)
	NOTE: http://seclists.org/fulldisclosure/2016/Jul/51
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
	NOTE: Suggested to cherry-pick as well: https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
	NOTE: otherwise the mitigiation isn't very effective for systems with a locked root account.
CVE-2016-6208
	RESERVED
CVE-2016-6207 (Integer overflow in the _gdContributionsAlloc function in gd_interpola ...)
	{DSA-3630-1}
	- libgd2 2.2.2-43-g22cba39-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989
	NOTE: https://github.com/libgd/libgd/commit/d325888a9fe3c9681e4a9aad576de2c5cd5df2ef
	NOTE: https://github.com/libgd/libgd/commit/ff9113c80a32205d45205d3ea30965b25480e0fb
	NOTE: https://github.com/libgd/libgd/commit/f60ec7a546499f9446063a4dbe755be9523d8232
	NOTE: https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef
	- php7.0 7.0.9-1 (unimportant)
	- php5 5.6.24+dfsg-1 (unimportant)
	[jessie] - php5 5.6.24+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-6209 (Cross-site scripting (XSS) vulnerability in Nagios. ...)
	- nagios3 <removed> (bug #831698)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	- icinga <not-affected> (Vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2016/Jun/20
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/297
	NOTE: Fixed by https://github.com/NagiosEnterprises/nagioscore/commit/78b7bdde3ab4dec265879ff1b4d49a398bf3ba9c
CVE-2016-6206 (Huawei AR3200 routers with software before V200R007C00SPC600 allow rem ...)
	NOT-FOR-US: Huawei
CVE-2016-6205
	RESERVED
CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web server  ...)
	NOT-FOR-US: Siemens
CVE-2016-6203
	RESERVED
CVE-2016-6202
	RESERVED
CVE-2016-6201 (Cross-site scripting (XSS) vulnerability in Ektron Content Management  ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2016-6200
	RESERVED
CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to exe ...)
	- gradle 2.13-1
	[jessie] - gradle <ignored> (Minor issue)
	NOTE: Starting from 2.13-1 it uses commons-collections:commons-collections:3.2.2
	NOTE: https://philwantsfish.github.io/security/java-deserialization-github
	NOTE: https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726
	NOTE: ObjectSocketWrapper only used by Gradle UI, which was removed in current releases (4.x)
CVE-2016-6196
	RESERVED
CVE-2016-6195 (SQL injection vulnerability in forumrunner/includes/moderation.php in  ...)
	NOT-FOR-US: vBulletin
CVE-2016-6194
	RESERVED
CVE-2016-6193 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with soft ...)
	NOT-FOR-US: Huawei
CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with soft ...)
	NOT-FOR-US: Huawei
CVE-2016-1000026
	RESERVED
CVE-2016-1000025
	REJECTED
CVE-2016-1000024
	RESERVED
CVE-2016-1000022
	REJECTED
CVE-2016-1000021
	REJECTED
CVE-2016-1000020
	RESERVED
CVE-2016-1000019
	RESERVED
CVE-2016-1000018
	RESERVED
CVE-2016-1000017
	RESERVED
CVE-2016-1000016
	RESERVED
CVE-2016-1000015
	RESERVED
CVE-2016-1000014
	REJECTED
CVE-2016-1000013
	REJECTED
CVE-2016-1000012
	RESERVED
CVE-2016-1000011
	RESERVED
CVE-2016-1000010
	RESERVED
CVE-2016-6905 (The read_image_tga function in gd_tga.c in the GD Graphics Library (ak ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/248
	NOTE: https://github.com/libgd/libgd/pull/251
	NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
	NOTE: followed by: https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/12/4
CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows  ...)
	{DLA-2043-1}
	- gdk-pixbuf 2.35.4-1 (bug #832496)
	[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap  ...)
	- ecryptfs-utils <not-affected> (Broken code not present; incomplete fix for CVE-2015-8946 not applied)
	NOTE: Actually due to an incomplete fix of LP#1447282
	NOTE: https://launchpad.net/bugs/1597154
	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2015-8947 (hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote atta ...)
	{DLA-2040-1}
	- harfbuzz 1.2.6-1
	NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e (1.0.5)
CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencr ...)
	- ecryptfs-utils 111-1
	[jessie] - ecryptfs-utils <no-dsa> (Minor issue)
	[wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 onward)
	NOTE: https://launchpad.net/bugs/1447282
	NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows re ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
	NOTE: https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
	NOTE: Different issue than CVE-2016-6132
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in  ...)
	{DSA-3762-1 DLA-693-1 DLA-610-1}
	- tiff 4.0.6-2 (bug #842270)
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
	NOTE: Upstream patch: https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
CVE-2016-1000023
	REJECTED
CVE-2016-6213 (fs/namespace.c in the Linux kernel before 4.9 does not restrict how ma ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: https://lkml.org/lkml/2016/8/28/269
	NOTE: Fixed by: https://git.kernel.org/linus/d29216842a85c7970c536108e093963f02714498 (v4.9-rc1)
CVE-2016-6186 (Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedOb ...)
	{DSA-3622-1 DLA-555-1}
	- python-django 1:1.9.8-1 (bug #831799)
	NOTE: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
CVE-2016-1000009 (TP-LINK lost control of two domains, www.tplinklogin.net and tplinkext ...)
	NOT-FOR-US: TP-LINK
CVE-2016-XXXX [Insecure use of /tmp]
	- leptonlib 1.73-5 (unimportant; bug #830660)
	NOTE: Neutralised by kernel hardening
CVE-2016-6198 (The filesystem layer in the Linux kernel before 4.5.5 proceeds with po ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/54d5ca871e72f2bb172ec9323497f01cd5091ec7 (v4.6)
	NOTE: https://git.kernel.org/linus/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca (v4.6)
CVE-2016-6197 (fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the L ...)
	- linux 4.6.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/11f3710417d026ea2f4fcf362d866342c5274185 (v4.6-rc1)
CVE-2016-6191 (Multiple cross-site scripting (XSS) vulnerabilities in the View Raw So ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://sogo.nu/bugs/view.php?id=3718
	NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa (SOGo-3.1.3)
CVE-2016-6190 (SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to th ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
	NOTE: https://sogo.nu/bugs/view.php?id=3696
CVE-2016-6189 (Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
	NOTE: https://sogo.nu/bugs/view.php?id=3695
CVE-2016-6188 (Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d (SOGo-2.3.9)
	NOTE: https://sogo.nu/bugs/view.php?id=3510
CVE-2016-6187 (The apparmor_setprocattr function in security/apparmor/lsm.c in the Li ...)
	- linux 4.6.4-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/bb646cdb12e75d82258c2f2e7746d5952d3e321a (v4.5-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/30a46a4647fd1df9cf52e43bf467f0d9265096ca (v4.7-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/09/1
CVE-2016-XXXX [GNUTLS-SA-2016-2: certificate verification issue]
	- gnutls28 3.4.14-1 (unimportant)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-2
	NOTE: Unimportant since Debian's binary packages are not built
	NOTE: with --with-default-trust-store-pkcs11=
CVE-2016-6184 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6183 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6182 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6181 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6180 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6179 (The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 be ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6178 (Huawei NE40E and CX600 devices with software before V800R007SPH017; PT ...)
	NOT-FOR-US: Huawei
CVE-2016-6177 (The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerab ...)
	NOT-FOR-US: Huawei
CVE-2016-6176
	RESERVED
CVE-2016-6185 (The XSLoader::load method in XSLoader in Perl does not properly locate ...)
	{DSA-3628-1 DLA-565-1}
	- perl 5.22.2-2 (bug #829578)
CVE-2016-6175 (Eval injection vulnerability in php-gettext 1.0.12 and earlier allows  ...)
	- php-gettext <unfixed> (bug #851771)
	[buster] - php-gettext <no-dsa> (Minor issue)
	[stretch] - php-gettext <no-dsa> (Minor issue)
	[jessie] - php-gettext <no-dsa> (Minor issue)
	[wheezy] - php-gettext <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/php-gettext/+bug/1606184
	NOTE: https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html
CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power S ...)
	NOT-FOR-US: Inivision
CVE-2016-6169 (Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 an ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-6168 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311  ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 0.67 allo ...)
	- putty <not-affected> (Windows-specific)
CVE-2016-6166
	RESERVED
CVE-2016-6165
	RESERVED
CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c  ...)
	- ffmpeg 7:3.1.1-1
	NOTE: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
CVE-2016-1000101
	REJECTED
CVE-2016-1000100
	REJECTED
CVE-2016-1000008
	RESERVED
CVE-2016-1000006 (hhvm before 3.12.11 has a use-after-free in the serialize_memoize_para ...)
	- hhvm 3.12.11+dfsg-1
CVE-2016-1000005 (mcrypt_get_block_size did not enforce that the provided "module" param ...)
	- hhvm 3.12.11+dfsg-1
CVE-2016-1000004 (Insufficient type checks were employed prior to casting input data in  ...)
	- hhvm 3.12.11+dfsg-1
CVE-2016-6173 (NSD before 4.1.11 allows remote DNS master servers to cause a denial o ...)
	- nsd 4.1.11-1 (unimportant; bug #830806)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
	NOTE: Not considered a security issue due to trust relationship, see #830806
CVE-2016-6172 (PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote pr ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.1-1 (bug #830808)
	NOTE: https://github.com/PowerDNS/pdns/issues/4128
	NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
	NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134
CVE-2016-6171 (Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of s ...)
	- knot 2.3.0-1 (bug #830809)
	[jessie] - knot <no-dsa> (Minor issue)
	NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
	NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464
CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...)
	- bind9 1:9.10.6+dfsg-1 (unimportant; bug #830810)
	NOTE: Not fixed upstream, proposed patches below are unofficial:
	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
	NOTE: Negligible security impact
CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librs ...)
	- librsvg 2.40.9-2
	[jessie] - librsvg <no-dsa> (Minor issue)
	[wheezy] - librsvg <not-affected> (vulnerable code not present, no segfault)
	NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7)
	NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7
CVE-2016-6162 (net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to ca ...)
	- linux <not-affected> (Vulnerable code introduced in 4.7-rc1)
CVE-2016-6161 (The output function in gd_gif_out.c in the GD Graphics Library (aka li ...)
	{DSA-3619-1 DLA-563-1}
	- libgd2 2.2.1-1
	NOTE: https://github.com/libgd/libgd/issues/209
	NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
CVE-2016-6159 (The management interface of Huawei WS331a routers with software before ...)
	NOT-FOR-US: Huawei
CVE-2016-6158 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei W ...)
	NOT-FOR-US: Huawei
CVE-2016-6157
	RESERVED
CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in drivers/platfor ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e
	NOTE: Introduced by: https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1)
CVE-2016-6155
	RESERVED
CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11 Operating Syste ...)
	NOT-FOR-US: Watchguard
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...)
	NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial o ...)
	NOT-FOR-US: eHealth
CVE-2016-6150 (The multi-tenant database container feature in SAP HANA does not prope ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6149 (SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensi ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denia ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote at ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides diffe ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the n ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6143 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbit ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers t ...)
	NOT-FOR-US: SAP
CVE-2016-6141
	RESERVED
CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrar ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6139 (SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary fi ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows  ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote att ...)
	NOT-FOR-US: SAP
CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in kernel/a ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120681
	NOTE: https://github.com/linux-audit/audit-kernel/issues/18
	NOTE: Fixed by: https://git.kernel.org/linus/43761473c254b45883a64441dd0bc85a42f3645c (4.8-rc1)
CVE-2016-6135
	RESERVED
CVE-2016-6134
	RESERVED
CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...)
	- pagure <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause  ...)
	{DLA-544-1}
	- tcpreplay 3.4.4-3 (bug #829350)
	[jessie] - tcpreplay 3.4.4-2+deb8u1
CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content Management  ...)
	NOT-FOR-US: Ektron
CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary  ...)
	{DLA-543-1}
	- sqlite3 3.13.0-1
	[jessie] - sqlite3 3.8.7.1-1+deb8u2
	NOTE: http://www.sqlite.org/cgi/src/info/67985761aa93fb61
	NOTE: http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
	NOTE: and possibly http://www.sqlite.org/cgi/src/info/614bb709d34e1148
	NOTE: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
CVE-2016-6129 (The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, a ...)
	{DLA-612-1}
	- libtomcrypt 1.17-8 (bug #837042)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://github.com/OP-TEE/optee_os/commit/30d13250c390c4f56adefdcd3b64b7cc672f9fe2
	NOTE: libtomcrypt ship the corresponding patch in
	NOTE: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
	NOTE: The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
	NOTE: libtomcrypt, thus keep that source package as well for now associated.
CVE-2016-6127 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x b ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2016-6124 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-6123 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to se ...)
	NOT-FOR-US: IBM
CVE-2016-6121 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6120
	RESERVED
CVE-2016-6119
	RESERVED
CVE-2016-6118 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2016-6117 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with acti ...)
	NOT-FOR-US: IBM
CVE-2016-6116 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer overflow. A ...)
	NOT-FOR-US: IBM
CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability al ...)
	NOT-FOR-US: IBM
CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10 ...)
	NOT-FOR-US: IBM
CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a de ...)
	NOT-FOR-US: IBM
CVE-2016-6110 (IBM Tivoli Storage Manager discloses unencrypted login credentials to  ...)
	NOT-FOR-US: IBM
CVE-2016-6109
	RESERVED
CVE-2016-6108
	RESERVED
CVE-2016-6107
	RESERVED
CVE-2016-6106
	RESERVED
CVE-2016-6105 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authent ...)
	NOT-FOR-US: IBM
CVE-2016-6104 (IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-6103 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6102 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive informat ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2016-6101
	RESERVED
CVE-2016-6100 (IBM Disposal and Governance Management for IT and IBM Global Retention ...)
	NOT-FOR-US: IBM
CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive infor ...)
	NOT-FOR-US: IBM
CVE-2016-6098 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permiss ...)
	NOT-FOR-US: IBM
CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages  ...)
	NOT-FOR-US: IBM
CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2016-6095 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate accoun ...)
	NOT-FOR-US: IBM
CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an erro ...)
	NOT-FOR-US: IBM
CVE-2016-6093 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
	NOT-FOR-US: IBM
CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user crede ...)
	NOT-FOR-US: IBM
CVE-2016-6091
	REJECTED
CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability that coul ...)
	NOT-FOR-US: IBM
CVE-2016-6089 (IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write t ...)
	NOT-FOR-US: IBM
CVE-2016-6088
	RESERVED
CVE-2016-6087 (IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials us ...)
	NOT-FOR-US: IBM
CVE-2016-6086
	RESERVED
CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network to cr ...)
	NOT-FOR-US: IBM
CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local network to cr ...)
	NOT-FOR-US: IBM
CVE-2016-6083 (IBM Tivoli Monitoring V6 could allow an unauthenticated user to access ...)
	NOT-FOR-US: IBM
CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute arbitrary ...)
	NOT-FOR-US: IBM
CVE-2016-6081
	RESERVED
CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows directory lis ...)
	NOT-FOR-US: IBM
CVE-2016-6079 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability t ...)
	NOT-FOR-US: IBM
CVE-2016-6078
	RESERVED
CVE-2016-6077 (IBM Cognos Disclosure Management 10.2 could allow a malicious attacker ...)
	NOT-FOR-US: IBM
CVE-2016-6076
	RESERVED
CVE-2016-6075
	RESERVED
CVE-2016-6074
	RESERVED
CVE-2016-6073
	RESERVED
CVE-2016-6072 (IBM Maximo Asset Management is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2016-6071
	RESERVED
CVE-2016-6070
	RESERVED
CVE-2016-6069
	RESERVED
CVE-2016-6068 (IBM UrbanCode Deploy could allow an authenticated user with access to  ...)
	NOT-FOR-US: IBM
CVE-2016-6067
	RESERVED
CVE-2016-6066
	RESERVED
CVE-2016-6065 (IBM Security Guardium Database Activity Monitor appliance could allow  ...)
	NOT-FOR-US: IBM
CVE-2016-6064
	RESERVED
CVE-2016-6063
	RESERVED
CVE-2016-6062 (IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scri ...)
	NOT-FOR-US: IBM
CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6060 (An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of service ...)
	NOT-FOR-US: IBM
CVE-2016-6058
	RESERVED
CVE-2016-6057
	RESERVED
CVE-2016-6056 (IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site s ...)
	NOT-FOR-US: IBM Call Center for Commerce
CVE-2016-6055 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6053
	RESERVED
CVE-2016-6052
	RESERVED
CVE-2016-6051
	RESERVED
CVE-2016-6050
	RESERVED
CVE-2016-6049
	RESERVED
CVE-2016-6048
	RESERVED
CVE-2016-6047 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-6046 (IBM Tivoli Storage Manager Operations Center is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6045 (IBM Tivoli Storage Manager Operations Center is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6044 (IBM Tivoli Storage Manager Operations Center could allow an authentica ...)
	NOT-FOR-US: IBM
CVE-2016-6043 (Tivoli Storage Manager Operations Center could allow a local user to t ...)
	NOT-FOR-US: IBM
CVE-2016-6042 (IBM AppScan Enterprise Edition could allow a remote attacker to execut ...)
	NOT-FOR-US: IBM
CVE-2016-6041
	RESERVED
CVE-2016-6040 (IBM Jazz Foundation could allow an authenticated user to take over a p ...)
	NOT-FOR-US: IBM
CVE-2016-6039 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightw ...)
	NOT-FOR-US: Tivoli
CVE-2016-6037 (IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A rem ...)
	NOT-FOR-US: IBM
CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6035 (IBM Rational Quality Manager is vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could dis ...)
	NOT-FOR-US: IBM
CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vu ...)
	NOT-FOR-US: IBM
CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6031 (IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6029 (IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could  ...)
	NOT-FOR-US: IBM
CVE-2016-6028 (IBM Jazz technology based products might allow an attacker to view wor ...)
	NOT-FOR-US: IBM
CVE-2016-6027 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 bef ...)
	NOT-FOR-US: IBM
CVE-2016-6026 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 bef ...)
	NOT-FOR-US: IBM
CVE-2016-6025 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 bef ...)
	NOT-FOR-US: IBM
CVE-2016-6024 (IBM Jazz technology based products might divulge information that migh ...)
	NOT-FOR-US: IBM
CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM  ...)
	NOT-FOR-US: IBM
CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6021 (IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vul ...)
	NOT-FOR-US: IBM
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2016-6018 (IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error  ...)
	NOT-FOR-US: IBM
CVE-2016-6017
	RESERVED
CVE-2016-6016
	RESERVED
CVE-2016-6015
	RESERVED
CVE-2016-6014
	RESERVED
CVE-2016-6013
	RESERVED
CVE-2016-6012
	RESERVED
CVE-2016-6011
	RESERVED
CVE-2016-6010
	RESERVED
CVE-2016-6009
	RESERVED
CVE-2016-6008
	RESERVED
CVE-2016-6007
	RESERVED
CVE-2016-6006
	RESERVED
CVE-2016-6005
	RESERVED
CVE-2016-6004
	RESERVED
CVE-2016-6003
	RESERVED
CVE-2016-6002
	RESERVED
CVE-2016-6001 (IBM Forms Experience Builder could be susceptible to a server-side req ...)
	NOT-FOR-US: IBM
CVE-2016-6000 (IBM TRIRIGA Application Platform is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5999
	RESERVED
CVE-2016-5998
	RESERVED
CVE-2016-5997 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5996 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5995 (Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1  ...)
	NOT-FOR-US: IBM
CVE-2016-5994 (IBM InfoSphere Information Server contains a vulnerability that would  ...)
	NOT-FOR-US: IBM
CVE-2016-5993
	RESERVED
CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix0 ...)
	NOT-FOR-US: IBM
CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix0 ...)
	NOT-FOR-US: IBM
CVE-2016-5990 (IBM Security Privileged Identity Manager Virtual Appliance allows an a ...)
	NOT-FOR-US: IBM
CVE-2016-5989
	RESERVED
CVE-2016-5988 (IBM Security Privileged Identity Manager Virtual Appliance could discl ...)
	NOT-FOR-US: IBM
CVE-2016-5987 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10  ...)
	NOT-FOR-US: IBM
CVE-2016-5986 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x befo ...)
	NOT-FOR-US: IBM
CVE-2016-5985 (The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vu ...)
	NOT-FOR-US: IBM
CVE-2016-5984 (IBM InfoSphere Information Server is vulnerable to cross-frame scripti ...)
	NOT-FOR-US: IBM
CVE-2016-5983 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-5982
	RESERVED
CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT t ...)
	NOT-FOR-US: IBM
CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5979 (IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged  ...)
	NOT-FOR-US: IBM
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web port ...)
	NOT-FOR-US: IBM
CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf Customer  ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5976 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5975 (Cross-site scripting (XSS) vulnerability in the Web UI in the web port ...)
	NOT-FOR-US: IBM
CVE-2016-5974 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
	NOT-FOR-US: IBM
CVE-2016-5973
	RESERVED
CVE-2016-5972 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5971 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5970 (Directory traversal vulnerability in IBM Security Privileged Identity  ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5969
	RESERVED
CVE-2016-5968 (The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1. ...)
	NOT-FOR-US: IBM
CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0  ...)
	NOT-FOR-US: IBM
CVE-2016-5966 (IBM Security Privileged Identity Manager Virtual Appliance could allow ...)
	NOT-FOR-US: IBM
CVE-2016-5965
	RESERVED
CVE-2016-5964 (IBM Security Privileged Identity Manager Virtual Appliance version 2.0 ...)
	NOT-FOR-US: IBM
CVE-2016-5963 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM
CVE-2016-5962
	RESERVED
CVE-2016-5961
	RESERVED
CVE-2016-5960 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user c ...)
	NOT-FOR-US: IBM
CVE-2016-5959 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensit ...)
	NOT-FOR-US: IBM
CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM
CVE-2016-5956
	RESERVED
CVE-2016-5955 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Ge ...)
	NOT-FOR-US: IBM
CVE-2016-5954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2016-5953 (IBM Sterling Order Management transmits the session identifier within  ...)
	NOT-FOR-US: IBM
CVE-2016-5952 (IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A rem ...)
	NOT-FOR-US: IBM
CVE-2016-5951 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5950 (IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in c ...)
	NOT-FOR-US: IBM
CVE-2016-5949 (IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to  ...)
	NOT-FOR-US: IBM
CVE-2016-5948 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5947 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2 ...)
	NOT-FOR-US: IBM
CVE-2016-5946 (Directory traversal vulnerability in IBM Spectrum Control (formerly Ti ...)
	NOT-FOR-US: IBM
CVE-2016-5945 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2 ...)
	NOT-FOR-US: IBM
CVE-2016-5944 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum ...)
	NOT-FOR-US: IBM
CVE-2016-5943 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2 ...)
	NOT-FOR-US: IBM
CVE-2016-5942 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vu ...)
	NOT-FOR-US: IBM
CVE-2016-5941 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse dire ...)
	NOT-FOR-US: IBM
CVE-2016-5940 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vu ...)
	NOT-FOR-US: IBM
CVE-2016-5939 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-5938 (IBM Kenexa LMS on Cloud allows web pages to be stored locally which ca ...)
	NOT-FOR-US: IBM
CVE-2016-5937 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request f ...)
	NOT-FOR-US: IBM
CVE-2016-5936
	RESERVED
CVE-2016-5935 (IBM Jazz for Service Management could allow a remote attacker to obtai ...)
	NOT-FOR-US: IBM
CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-5933 (IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host heade ...)
	NOT-FOR-US: IBM
CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2016-5931
	RESERVED
CVE-2016-5930
	RESERVED
CVE-2016-5929
	RESERVED
CVE-2016-5928
	RESERVED
CVE-2016-5927 (IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect  ...)
	NOT-FOR-US: IBM
CVE-2016-5926
	RESERVED
CVE-2016-5925
	RESERVED
CVE-2016-5924
	RESERVED
CVE-2016-5923
	RESERVED
CVE-2016-5922
	RESERVED
CVE-2016-5921
	RESERVED
CVE-2016-5920 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financia ...)
	NOT-FOR-US: IBM
CVE-2016-5919 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weake ...)
	NOT-FOR-US: IBM
CVE-2016-5918 (IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivo ...)
	NOT-FOR-US: IBM
CVE-2016-5917
	RESERVED
CVE-2016-5916
	RESERVED
CVE-2016-5915
	RESERVED
CVE-2016-5914
	RESERVED
CVE-2016-5913
	RESERVED
CVE-2016-5912
	RESERVED
CVE-2016-5911
	RESERVED
CVE-2016-5910
	RESERVED
CVE-2016-5909
	RESERVED
CVE-2016-5908
	RESERVED
CVE-2016-5907
	RESERVED
CVE-2016-5906
	RESERVED
CVE-2016-5905 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2016-5904
	RESERVED
CVE-2016-5903
	RESERVED
CVE-2016-5902 (IBM Maximo Asset Management is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2016-5901 (Cross-site scripting (XSS) vulnerability in a test page in IBM Busines ...)
	NOT-FOR-US: IBM
CVE-2016-5900 (IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could  ...)
	NOT-FOR-US: IBM
CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker to obta ...)
	NOT-FOR-US: IBM
CVE-2016-5897 (IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A re ...)
	NOT-FOR-US: IBM
CVE-2016-5896 (IBM Maximo Asset Management could disclose sensitive information from  ...)
	NOT-FOR-US: IBM
CVE-2016-5895
	RESERVED
CVE-2016-5894 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2016-5893 (IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to b ...)
	NOT-FOR-US: IBM
CVE-2016-5892 (Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi- ...)
	NOT-FOR-US: IBM
CVE-2016-5891
	RESERVED
CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 50 ...)
	NOT-FOR-US: IBM
CVE-2016-5889 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site reque ...)
	NOT-FOR-US: IBM
CVE-2016-5888 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2016-5887
	RESERVED
CVE-2016-5886
	RESERVED
CVE-2016-5885
	RESERVED
CVE-2016-5884 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5883 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2016-5882 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5881 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5880 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5879 (MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users t ...)
	NOT-FOR-US: IBM
CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0. ...)
	NOT-FOR-US: IBM
CVE-2016-5877
	RESERVED
CVE-2016-6132 (The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka l ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829694)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/247
	NOTE: https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d
CVE-2016-6131 (The demangler in GNU Libiberty allows remote attackers to cause a deni ...)
	{DLA-552-1}
	- libiberty 20161017-1 (low; bug #840889)
	[jessie] - libiberty <no-dsa> (Minor issue)
	- ht 2.1.0+repack1-2 (low)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143
CVE-2016-6130 (Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/cha ...)
	{DSA-3616-1}
	- linux 4.6.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/532c34b5fbf1687df63b3fcd5b2846312ac943c6
CVE-2016-6128 (The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829062)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd
	NOTE: Crop support introduced in https://github.com/libgd/libgd/commit/f67452e1f82f1c2496e0859d638172bee74b43a0 (gd-2.1.0-alpha1)
	- php7.0 7.0.9-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	[jessie] - php5 5.6.26+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72494
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery ap ...)
	- owncloud <removed>
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
CVE-2016-5875
	REJECTED
CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers  ...)
	NOT-FOR-US: Siemens
CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5871 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5870 (The msm_ipc_router_close function in net/ipc_router/ipc_router_socket. ...)
	- linux <not-affected> (Qualcomm-specific kernel patch)
CVE-2016-5869
	RESERVED
CVE-2016-5868 (drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5867 (In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5866
	RESERVED
CVE-2016-5865
	RESERVED
CVE-2016-5864 (In an audio driver function in all Qualcomm products with Android for  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5863 (In an ioctl handler in all Qualcomm products with Android for MSM, Fir ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5862 (When a control related to codec is issued from userspace in all Qualco ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5861 (In a display driver in all Qualcomm products with Android for MSM, Fir ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5860 (In an audio driver in all Qualcomm products with Android for MSM, Fire ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5859 (In a sound driver in all Qualcomm products with Android for MSM, Firef ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5858 (In an ioctl handler in all Qualcomm products with Android for MSM, Fir ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5857 (The Qualcomm SPCom driver in Android before 7.0 allows local users to  ...)
	NOTE: Red Hat seem to have typoed the CVE, which should be CVE-2016-5875, asked to confirm
CVE-2016-5856 (Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android k ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5855 (In a driver in all Qualcomm products with Android for MSM, Firefox OS  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5854 (In a driver in all Qualcomm products with Android for MSM, Firefox OS  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5853 (In an audio driver in all Qualcomm products with Android releases from ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5852 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and N ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup service  ...)
	NOT-FOR-US: Huawei
CVE-2016-5873 (Buffer overflow in the HTTP URL parsing functions in pecl_http before  ...)
	- php-pecl-http 3.0.1-0.1
	[jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=71719
	NOTE: https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def
CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct ...)
	NOT-FOR-US: python-docx
CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain sensitive  ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-5848 (Siemens SICAM PAS before 8.07 does not properly restrict password data ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-5847 (SAP SAPCAR allows local users to change the permissions of arbitrary f ...)
	NOT-FOR-US: SAP SAPCAR
CVE-2016-5846
	RESERVED
CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations when ext ...)
	NOT-FOR-US: SAP SAPCAR
CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2 ...)
	NOT-FOR-US: OTRS addon
CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3 ...)
	NOT-FOR-US: Trend Micro Deep Discovery Inspector
CVE-2016-5831
	RESERVED
CVE-2016-5830
	RESERVED
CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers ...)
	NOT-FOR-US: Huawei
CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.30 ...)
	NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
	REJECTED
CVE-2016-5819 (Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G ...)
	NOT-FOR-US: Moxa
CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC device ...)
	NOT-FOR-US: Schneider
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess  ...)
	NOT-FOR-US: Cargotec
CVE-2016-5816 (A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305- ...)
	NOT-FOR-US: Westermo
CVE-2016-5815 (An issue was discovered on Schneider Electric IONXXXX series power met ...)
	NOT-FOR-US: Schneider
CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSL ...)
	NOT-FOR-US: Rockwell
CVE-2016-5813 (An issue was discovered in Visonic PowerLink2, all versions prior to O ...)
	NOT-FOR-US: Visonic PowerLink
CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3 ...)
	NOT-FOR-US: Moxa
CVE-2016-5811 (An issue was discovered in Visonic PowerLink2, all versions prior to O ...)
	NOT-FOR-US: Visonic PowerLink
CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series power met ...)
	NOT-FOR-US: Schneider
CVE-2016-5808
	REJECTED
CVE-2016-5807 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticate ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5806
	REJECTED
CVE-2016-5805 (An issue was discovered in Delta Electronics WPLSoft, Versions prior t ...)
	NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 be ...)
	NOT-FOR-US: Moxa
CVE-2016-5803 (An issue was discovered in CA Unified Infrastructure Management Versio ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-5802 (An issue was discovered in Delta Electronics WPLSoft, Versions prior t ...)
	NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2. Insuffici ...)
	NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5800 (A malicious attacker can trigger a remote buffer overflow in the Commu ...)
	NOT-FOR-US: Fatek
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3 ...)
	NOT-FOR-US: Moxa
CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3 Version 2.1 ...)
	NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5797 (Tollgrade LightHouse SMS before 5.1 patch 3 provides different error m ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5796 (An issue was discovered in Fatek Automation PM Designer V3 Version 2.1 ...)
	NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5795 (An XXE issue was discovered in Automated Logic Corporation (ALC) Liebe ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2016-5794
	REJECTED
CVE-2016-5793 (Unquoted Windows search path vulnerability in Moxa Active OPC Server b ...)
	NOT-FOR-US: Moxa
CVE-2016-5792 (SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote a ...)
	NOT-FOR-US: Moxa
CVE-2016-5791 (An Improper Authentication issue was discovered in JanTek JTC-200, all ...)
	NOT-FOR-US: JanTek JTC-200
CVE-2016-5790 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5789 (A Cross-site Request Forgery issue was discovered in JanTek JTC-200, a ...)
	NOT-FOR-US: JanTek JTC-200
CVE-2016-5788 (General Electric (GE) Bently Nevada 3500/22M USB with firmware before  ...)
	NOT-FOR-US: General Electric (GE) Bently Nevada
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8. ...)
	NOT-FOR-US: CIMPLICITY
CVE-2016-5786 (An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniV ...)
	NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5785
	RESERVED
CVE-2016-5784
	RESERVED
CVE-2016-5783
	RESERVED
CVE-2016-5782 (An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50 ...)
	NOT-FOR-US: Locus Energy LGate
CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote attacker ...)
	NOT-FOR-US: LeviStudio
CVE-2016-5780
	RESERVED
CVE-2016-5779
	RESERVED
CVE-2016-5778
	RESERVED
CVE-2016-5777
	RESERVED
CVE-2016-5776
	RESERVED
CVE-2016-5775
	RESERVED
CVE-2016-5774 (The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5 ...)
	NOT-FOR-US: Blue Coat
CVE-2016-5765 (Administrative Server in Micro Focus Host Access Management and Securi ...)
	NOT-FOR-US: Micro Focus
CVE-2016-5764 (Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to  ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-5763 (Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Sch ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2016-5762 (Integer overflow in the Post Office Agent in Novell GroupWise before 2 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5761 (Cross-site scripting (XSS) vulnerability in Novell GroupWise before 20 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5759 (The mkdumprd script called "dracut" in the current working directory " ...)
	NOT-FOR-US: SuSE-specific Dracut script mkdumprd
CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access Mana ...)
	NOT-FOR-US: NetIQ
CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fi ...)
	NOT-FOR-US: NetIQ
CVE-2016-5756 (Multiple components of the web tools in NetIQ Access Manager 4.1 befor ...)
	NOT-FOR-US: NetIQ
CVE-2016-5755 (NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 w ...)
	NOT-FOR-US: NetIQ
CVE-2016-5754 (Presence of a .htaccess file could leak information in NetIQ Access Ma ...)
	NOT-FOR-US: NetIQ
CVE-2016-5753
	RESERVED
CVE-2016-5752 (The SAML2 implementation in Identity Server in NetIQ Access Manager 4. ...)
	NOT-FOR-US: NetIQ
CVE-2016-5751 (An unfiltered finalizer target URL in the SAML processing feature in I ...)
	NOT-FOR-US: NetIQ
CVE-2016-5750 (The certificate upload feature in iManager in NetIQ Access Manager 4.1 ...)
	NOT-FOR-US: NetIQ
CVE-2016-5749 (NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was pa ...)
	NOT-FOR-US: NetIQ
CVE-2016-5748 (External Entity Processing (XXE) vulnerability in the "risk score" app ...)
	NOT-FOR-US: NetIQ
CVE-2016-5747 (A security vulnerability in cookie handling in the http stack implemen ...)
	NOT-FOR-US: Novell
CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store passphras ...)
	NOT-FOR-US: libstorage
CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores ...)
	NOT-FOR-US: OpenShift
CVE-2015-8944 (The ioresources_init function in kernel/resource.c in the Linux kernel ...)
	- linux <not-affected> (Android-specific patch, /proc/iomem is root-restricted already)
CVE-2015-8943 (drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in A ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8942 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualco ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8941 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qua ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8940 (Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm comp ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8939 (drivers/video/msm/mdp4_util.c in the Qualcomm components in Android be ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8938 (The MSM camera driver in the Qualcomm components in Android before 201 ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8937 (drivers/char/diag/diagchar_core.c in the Qualcomm components in Androi ...)
	- linux <not-affected> (Android-specific patch)
CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows attacke ...)
	{DSA-3635-1 DLA-576-1}
	- libdbd-mysql-perl 4.033-1
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
CVE-2014-9905 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Calenda ...)
	- sogo 2.2.5-1
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9 (SOGo-2.2.0)
	NOTE: https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765 (SOGo-2.2.0)
	NOTE: https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501 (SOGo-2.2.0)
	NOTE: https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625 (SOGo-2.2.0)
	NOTE: https://sogo.nu/bugs/view.php?id=2598
CVE-2014-9904 (The snd_compress_check_input function in sound/core/compress_offload.c ...)
	{DSA-3616-1}
	- linux 4.0.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: 4.0.2-1 the first version in unstable after 3.17-rc1
	NOTE: Fixed by: https://git.kernel.org/linus/6217e5ede23285ddfee10d2e4ba0cc2d4c046205 (3.17-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
CVE-2014-9903 (The sched_read_attr function in kernel/sched/core.c in the Linux kerne ...)
	- linux <not-affected>
	NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4
CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualc ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9901 (The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9900 (The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...)
	- linux <unfixed> (unimportant)
CVE-2014-9899 (drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android bef ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9898 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components  ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9897 (sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in A ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9896 (drivers/char/adsprpc.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9895 (drivers/media/media-device.c in the Linux kernel before 3.11, as used  ...)
	{DLA-833-1}
	- linux 3.11.5-1
CVE-2014-9894 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9893 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in And ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9892 (The snd_compr_tstamp function in sound/core/compress_offload.c in the  ...)
	- linux <unfixed> (unimportant)
	NOTE: Not considered a security issue/invalid issue by the Debian kernel team
CVE-2014-9891 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9890 (Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/ms ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9889 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualco ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9888 (arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platf ...)
	{DLA-833-1}
	- linux 3.13.4-1
CVE-2014-9887 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9886 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components  ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9885 (Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qu ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9884 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9883 (Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm compo ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9882 (Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm co ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9881 (drivers/media/radio/radio-iris.c in the Qualcomm components in Android ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9880 (drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9879 (The mdss mdp3 driver in the Qualcomm components in Android before 2016 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9878 (drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Androi ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9877 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9876 (drivers/char/diag/diagfwd.c in the Qualcomm components in Android befo ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9875 (drivers/char/diag/diag_dci.c in the Qualcomm components in Android bef ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9874 (Buffer overflow in the Qualcomm components in Android before 2016-08-0 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9873 (Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm comp ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9872 (The diag driver in the Qualcomm components in Android before 2016-08-0 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9871 (Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/ ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9870 (The Linux kernel before 3.11 on ARM platforms, as used in Android befo ...)
	- linux 3.11.5-1
	[wheezy] - linux <no-dsa> (Minor issue, hardly a security impact, cf. kernel-sec)
CVE-2014-9869 (drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Q ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9868 (drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9867 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qua ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9866 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qua ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9865 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9864 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9863 (Integer underflow in the diag driver in the Qualcomm components in And ...)
	- linux <not-affected> (Android-specific driver)
CVE-2016-5844 (Integer overflow in the ISO parser in libarchive before 3.2.1 allows r ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: Upstream ticket: https://github.com/libarchive/libarchive/issues/717
	NOTE: Upstream fix: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22 (v3.2.1)
CVE-2016-5842 (MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote atta ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841 (Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage functio ...)
	{DSA-3616-1 DLA-609-1}
	- linux 4.6.3-1
	NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5
CVE-2016-5828 (The start_thread function in arch/powerpc/kernel/process.c in the Linu ...)
	{DSA-3616-1}
	- linux 4.6.3-1
	[wheezy] - linux <not-affected> (Introduced in v3.10-rc1)
	NOTE: https://patchwork.ozlabs.org/patch/636776/
	NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1)
CVE-2016-5827 (The icaltime_from_string function in libical 0.47 and 1.0 allows remot ...)
	- libical <removed>
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
	NOTE: This issue fixed by the commits referenced via https://github.com/libical/libical/issues/251
	NOTE: https://github.com/libical/libical/commit/38757abb495ea6cb40faa5418052278bf75040f7
	NOTE: https://github.com/libical/libical/commit/04d84749e53db08c71ed0ce8b6ba5c11082743cd
	NOTE: https://github.com/libical/libical/commit/830d9530817516377c2bc3b532798ce2c6b4765a
CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0 allows remot ...)
	- libical <removed>
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0 allows re ...)
	- libical <removed>
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service (use- ...)
	{DLA-959-1}
	- libical <removed> (bug #860451)
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	- thunderbird 1:60.5.0-1
	NOTE: Original report: https://github.com/libical/libical/issues/235
	NOTE: Reopened at: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
	NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553
	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/286
	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/251
	NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself
	NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned
	NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824
	NOTE: thunderbird uses embedded libical copy
CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows rem ...)
	- libical 1.0-1
	[wheezy] - libical <no-dsa> (Only possible denial of service, not severe enough to solve)
	NOTE: possibly correct upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1275787
	NOTE: Exact fixing commit unfortunately not bisected, need more investigation
CVE-2016-5744 (Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers  ...)
	NOT-FOR-US: Siemens
CVE-2016-5743 (Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SI ...)
	NOT-FOR-US: Siemens
CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the sanitize_ ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/ticket/37111
	NOTE: https://core.trac.wordpress.org/changeset/37818
CVE-2016-5838 (WordPress before 4.5.3 allows remote attackers to bypass intended pass ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://core.trac.wordpress.org/changeset/37762/
	NOTE: https://core.trac.wordpress.org/ticket/37047
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended acce ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Upstream bug: https://core.trac.wordpress.org/ticket/36379
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37781
CVE-2016-5836 (The oEmbed protocol implementation in WordPress before 4.5.3 allows re ...)
	{DLA-1452-1 DLA-633-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Upstream ticket: https://core.trac.wordpress.org/ticket/36767
	NOTE: Fixed by (Branch 4.4): https://core.trac.wordpress.org/changeset/37798
CVE-2016-5835 (WordPress before 4.5.3 allows remote attackers to obtain sensitive rev ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/changeset/37800
CVE-2016-5834 (Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/changeset/37790/
CVE-2016-5833 (Cross-site scripting (XSS) vulnerability in the column_title function  ...)
	- wordpress 4.5.3+dfsg-1
	[jessie] - wordpress <not-affected> (vulnerable code not present)
	[wheezy] - wordpress <not-affected> (vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to by ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37773/
CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in wdd ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 <not-affected> (Does not affect PHP 7.x)
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
	NOTE: Fixed in 5.5.37, 5.6.23
CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in spl_directory ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP  ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...)
	- php7.0 7.0.8-1 (unimportant)
	- php5 5.6.23+dfsg-1 (unimportant)
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
	- libgd2 2.0.34~rc1-1
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
CVE-2016-5766 (Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...)
	{DSA-3619-1 DLA-534-1}
	- php7.0 7.0.8-1 (unimportant)
	- php5 5.6.23+dfsg-1 (unimportant)
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829014)
	NOTE: https://github.com/libgd/libgd/issues/243
	NOTE: https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0
CVE-2016-5741
	RESERVED
CVE-2016-5740 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-5739 (The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16 ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1
CVE-2016-5738
	RESERVED
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP  ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c  ...)
	{DLA-2257-1 DLA-966-1}
	- pngquant 2.5.0-2 (bug #863469)
	NOTE: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in jessie)
	[wheezy] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in wheezy)
CVE-2016-5733 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1
CVE-2016-5732 (Multiple cross-site scripting (XSS) vulnerabilities in the partition-r ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5731 (Cross-site scripting (XSS) vulnerability in examples/openid.php in php ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1 (low)
CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...)
	- phpmyadmin 4:4.6.3-1 (unimportant)
	NOTE: path disclosure irrelevant in Debian
CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable Type P ...)
	{DLA-532-1}
	- movabletype-opensource <removed>
	NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/06/22/3
	NOTE: https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
CVE-2016-5737 (The Gerrit configuration in the Openstack Puppet module for Gerrit (ak ...)
	NOT-FOR-US: Openstack-infra puppet-gerrit module
CVE-2016-5729 (Lenovo BIOS EFI Driver allows local administrators to execute arbitrar ...)
	NOT-FOR-US: Lenovo
CVE-2016-5728 (Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_v ...)
	{DSA-3616-1}
	- linux 4.6.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/linus/9bf292bfca94694a721449e3fd752493856710f6 (v4.7-rc1)
	NOTE: Introduced in: https://git.kernel.org/linus/f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5 (v3.13-rc1)
CVE-2015-8936 (Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGua ...)
	{DLA-524-1}
	- squidguard 1.5-5 (unimportant)
	NOTE: Only affects an example script
	NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5
	NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2
CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on Wind ...)
	{DLA-2184-1 DLA-611-1}
	- jsch 0.1.54-1 (low)
	NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...)
	NOT-FOR-US: Cloudera
CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
	NOT-FOR-US: Huawei
CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 ...)
	NOT-FOR-US: OceanStor
CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-5720 (Multiple untrusted search path vulnerabilities in Microsoft Skype allo ...)
	NOT-FOR-US: Skype
CVE-2016-5719
	RESERVED
CVE-2016-5718
	RESERVED
CVE-2016-5717
	RESERVED
CVE-2016-5716 (The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 i ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agen ...)
	- puppet 4.8.0-1
	[jessie] - puppet <not-affected> (Vulnerable code introduced later)
	[wheezy] - puppet <not-affected> (Vulnerable code introduced later)
	NOTE: https://puppet.com/security/cve/pxp-agent-oct-2016
	NOTE: triaged away in Ubuntu: "Default configurations of FOSS Puppet Agent are not vulnerable."
	NOTE: gentoo released a fix: https://security.gentoo.org/glsa/201710-12
	NOTE: rosetta stone for puppet version numbers: https://puppet.com/docs/puppet/4.10/about_agent.html
CVE-2016-5713 (Versions of Puppet Agent prior to 1.6.0 included a version of the Pupp ...)
	- puppet 4.7.0-1
	[jessie] - puppet <not-affected> (Vulnerable code introduced later)
	[wheezy] - puppet <not-affected> (Vulnerable code introduced later)
	NOTE: Puppet Agent 1.3.0 (puppet: 4.3.0) - 1.5.x affected
	NOTE: Resolved in Puppet Agent 1.6.0 (4.6.0)
	NOTE: https://puppet.com/security/cve/cve-2016-5713
CVE-2016-5712
	RESERVED
CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a  ...)
	NOT-FOR-US: NetApp
CVE-2016-5710 (NetApp Snap Creator Framework before 4.3P1 allows remote authenticated ...)
	NOT-FOR-US: NetApp Snap Creator Framework
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encrypti ...)
	NOT-FOR-US: SolarWinds
CVE-2016-5708
	RESERVED
CVE-2016-5707
	RESERVED
CVE-2016-5706 (js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x befo ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5705 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5704 (Cross-site scripting (XSS) vulnerability in the table-structure page i ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5703 (SQL injection vulnerability in libraries/central_columns.lib.php in ph ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5702 (phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF v ...)
	- phpmyadmin 4:4.6.3-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5701 (setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5700 (Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5698
	RESERVED
CVE-2016-5697 (Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapp ...)
	- ruby-saml 1.3.0-1 (bug #828076)
	NOTE: https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
CVE-2016-5695
	RESERVED
CVE-2016-5694
	RESERVED
CVE-2016-5693
	RESERVED
CVE-2016-5692
	RESERVED
CVE-2016-5686 (Johnson &amp; Johnson Animas OneTouch Ping devices mishandle acknowled ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5685 (Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow a ...)
	NOT-FOR-US: Dell
CVE-2016-5684 (An exploitable out-of-bounds write vulnerability exists in the XMP ima ...)
	{DSA-3692-1 DLA-647-1}
	- freeimage 3.17.0+ds1-3 (bug #839827)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0189/
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19
CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server cre ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the Definitio ...)
	- node-swagger-ui <itp> (bug #871461)
	- swagger-ui <itp> (bug #895422)
CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.0 ...)
	NOT-FOR-US: D-Link
CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7. ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5679 (cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR Rea ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5678 (NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0. ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5677 (NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0,  ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5676 (cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1 ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5675 (handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO  ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5674 (__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP address ...)
	NOT-FOR-US: UltraVNC
CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x bef ...)
	- crosswalk <itp> (bug #775876)
CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...)
	NOT-FOR-US: Creston
CVE-2016-5670 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5669 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5668 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5667 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5666 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5665
	RESERVED
CVE-2016-5664 (Directory traversal vulnerability on Accellion Kiteworks appliances be ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5663 (Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback. ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5662 (Accellion Kiteworks appliances before kw2016.03.00 use setuid-root per ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5661 (Accela Civic Platform Citizen Access portal relies on the client to re ...)
	NOT-FOR-US: Accela
CVE-2016-5660 (Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Ac ...)
	NOT-FOR-US: Accela
CVE-2016-5659
	RESERVED
CVE-2016-5658
	RESERVED
CVE-2016-5657
	RESERVED
	NOT-FOR-US: Apache Archiva
CVE-2016-5656
	RESERVED
CVE-2016-5655 (Misys FusionCapital Opics Plus does not verify X.509 certificates from ...)
	NOT-FOR-US: Misys
CVE-2016-5654 (Misys FusionCapital Opics Plus allows remote authenticated users to ga ...)
	NOT-FOR-US: Misys
CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Pl ...)
	NOT-FOR-US: Misys
CVE-2016-5652 (An exploitable heap-based buffer overflow exists in the handling of TI ...)
	{DSA-3762-1 DLA-693-1}
	- tiff 4.0.6-3 (bug #842361)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0187/
	NOTE: https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63
CVE-2016-5651
	RESERVED
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configura ...)
	NOT-FOR-US: ZModo
CVE-2016-5649 (A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN22 ...)
	NOT-FOR-US: Netgear
CVE-2016-5648 (Acer Portal app before 3.9.4.2000 for Android does not properly valida ...)
	NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, ...)
	NOT-FOR-US: Intel Windows drivers
CVE-2016-5646 (An exploitable heap overflow vulnerability exists in the Compound Bina ...)
	NOT-FOR-US: Lexmark
CVE-2016-5645 (Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766 ...)
	NOT-FOR-US: Rockwell
CVE-2016-5644
	RESERVED
CVE-2016-5643
	RESERVED
CVE-2016-5642 (Opmantek NMIS before 8.5.12G has XSS via SNMP. ...)
	NOT-FOR-US: Opmantek NMIS
CVE-2016-5641
	RESERVED
CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron Ai ...)
	NOT-FOR-US: Creston
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on Crestron Air ...)
	NOT-FOR-US: Creston
CVE-2016-5638 (There are few web pages associated with the genie app on the Netgear W ...)
	NOT-FOR-US: Netgear
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandl ...)
	NOTE: https://www.kb.cert.org/vuls/id/123799
	NOTE: No further information provided, but this is very likely a dupe of CVE-2016-8710
CVE-2016-1000003 (Mirror Manager version 0.7.2 and older is vulnerable to remote code ex ...)
	NOT-FOR-US: Fedora Mirror Manager
CVE-2016-5727 (LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attacker ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2016-5726 (Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attacker ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2016-5691 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 al ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833044)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5690 (The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833043)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5689 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 al ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833042)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
	NOTE: Will be fixed in a 6.9.4-3 based version
CVE-2016-5688 (The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, w ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833003)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5687 (The VerticalFilter function in the DDS coder in ImageMagick before 6.9 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832890)
	NOTE: https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0b7172f2ba2c9e664d4df148e7d6e14a50edb57a
CVE-2016-5699 (CRLF injection vulnerability in the HTTPConnection.putheader function  ...)
	{DLA-1663-1 DLA-522-1}
	- python3.5 <not-affected> (Fixed with initial upload to Debian)
	- python3.4 3.4.4~rc1-1
	- python2.7 2.7.10~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: https://bugs.python.org/issue22928
	NOTE: Fixed in 3.4 / 3.5: revision 94952: https://hg.python.org/cpython/rev/bf3e1c9b80e9
	NOTE: Fixed in 2.7: revision 94951: https://hg.python.org/cpython/rev/1c45047c5102
CVE-2016-5635 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5634 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5633 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5632 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5631 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5630 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5629 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5628 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5627 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5626 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5625 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows lo ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5624 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows re ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5623 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5622 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5621 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5620 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5619 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5618 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5617
	REJECTED
CVE-2016-5616
	REJECTED
CVE-2016-5615 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5614 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5613 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5612 (Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 a ...)
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
CVE-2016-5611 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5610 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5609 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5608 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5607 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5606 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5605 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.4-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5604 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-5603 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5602 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5601 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5600 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Pr ...)
	NOT-FOR-US: Oracle
CVE-2016-5599 (Unspecified vulnerability in the Oracle Advanced Supply Chain Planning ...)
	NOT-FOR-US: Oracle
CVE-2016-5598 (Unspecified vulnerability in the MySQL Connector component 2.1.3 and e ...)
	- mysql-connector-python 2.1.5-1 (bug #841677)
	[jessie] - mysql-connector-python <not-affected> (Vulnerable code not present)
	[wheezy] - mysql-connector-python <not-affected> (Only the Python 3 code is affected which is not shipped in binary package)
	NOTE: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
CVE-2016-5597 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5596 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-5595 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5594 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5593 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5592 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5591 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5590 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-5589 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-5588 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5587 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5586 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-5585 (Unspecified vulnerability in the Oracle Interaction Center Intelligenc ...)
	NOT-FOR-US: Oracle
CVE-2016-5584 (Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 a ...)
	{DSA-3711-1 DSA-3706-1 DLA-708-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.16-1 (bug #841163)
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed> (bug #841050)
	NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment compone ...)
	NOT-FOR-US: Oracle
CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5581 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-5580 (Unspecified vulnerability in the Secure Global Desktop component in Or ...)
	NOT-FOR-US: Secure Global Desktop
CVE-2016-5579 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5578 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5577 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5576 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5575 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-5574 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5573 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5572 (Unspecified vulnerability in the Kernel PDB component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2016-5571 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5570 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5569 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
	NOT-FOR-US: Oracle
CVE-2016-5568 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 al ...)
	- openjdk-8 <not-affected> (Only affects Windows)
	- openjdk-7 <not-affected> (Only affects Windows)
	- openjdk-6 <not-affected> (Only affects Windows)
CVE-2016-5567 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5566 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2016-5565 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property S ...)
	NOT-FOR-US: Oracle
CVE-2016-5564 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property S ...)
	NOT-FOR-US: Oracle
CVE-2016-5563 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property S ...)
	NOT-FOR-US: Oracle
CVE-2016-5562 (Unspecified vulnerability in the Oracle iProcurement component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-5561 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2016-5560 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel
CVE-2016-5559 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-5558 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5557 (Unspecified vulnerability in the Oracle Advanced Pricing component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5556 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 al ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2016-5555 (Unspecified vulnerability in the OJVM component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2016-5554 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5553 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-5552 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5551 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Solaris
CVE-2016-5550
	REJECTED
CVE-2016-5549 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-8 8u121-b13-1
	- openjdk-7 <not-affected> (In the Debian package, the code is removed during build time)
CVE-2016-5548 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5547 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2016-5546 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5545 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5544 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-5543 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
	NOT-FOR-US: Oracle
CVE-2016-5542 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5541 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	NOT-FOR-US: MySQL Cluster
CVE-2016-5540 (Unspecified vulnerability in the Oracle Retail Xstore Payment componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5539 (Unspecified vulnerability in the Oracle Retail Xstore Payment componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5538 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5537 (Unspecified vulnerability in the NetBeans component in Oracle Fusion M ...)
	[experimental] - netbeans 8.2+dfsg1-1
	- netbeans 10.0-1 (bug #852029)
	[stretch] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
	[wheezy] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
CVE-2016-5536 (Unspecified vulnerability in the Oracle Platform Security for Java com ...)
	NOT-FOR-US: Oracle
CVE-2016-5535 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5534 (Unspecified vulnerability in the Siebel Apps - Customer Order Manageme ...)
	NOT-FOR-US: Oracle Siebel
CVE-2016-5533 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-5532 (Unspecified vulnerability in the Oracle Shipping Execution component i ...)
	NOT-FOR-US: Oracle
CVE-2016-5531 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5530 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5525 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-5524 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5523 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5522 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5521 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5520
	REJECTED
CVE-2016-5519 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2016-5518 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-5517 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5516 (Unspecified vulnerability in the Kernel PDB component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2016-5515 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5514 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5513 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5512 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5511 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5510 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5509 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5508 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Solaris
CVE-2016-5507 (Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5506 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5505 (Unspecified vulnerability in the RDBMS Programmable Interface componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5504 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...)
	NOT-FOR-US: Oracle
CVE-2016-5503 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5502 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5501 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5500 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5499 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-5498 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-5497 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-5496
	REJECTED
CVE-2016-5495 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5494
	REJECTED
CVE-2016-5493 (Unspecified vulnerability in the Oracle FLEXCUBE Private Banking compo ...)
	NOT-FOR-US: Oracle
CVE-2016-5492 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5491 (Unspecified vulnerability in the Oracle Commerce Service Center compon ...)
	NOT-FOR-US: Oracle
CVE-2016-5490 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5489 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2016-5488 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5487 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5486 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5485
	REJECTED
CVE-2016-5484
	REJECTED
CVE-2016-5483
	REJECTED
CVE-2016-5482 (Unspecified vulnerability in the Oracle Commerce Guided Search compone ...)
	NOT-FOR-US: Oracle
CVE-2016-5481 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5480 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2016-5479 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5478
	REJECTED
CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus compone ...)
	NOT-FOR-US: Oracle
CVE-2016-5475 (Unspecified vulnerability in the Oracle Retail Service Backbone compon ...)
	NOT-FOR-US: Oracle
CVE-2016-5474 (Unspecified vulnerability in the Oracle Retail Service Backbone compon ...)
	NOT-FOR-US: Oracle
CVE-2016-5473 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-5471 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5470 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-5469 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-5468 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5467 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: Oracle
CVE-2016-5466 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5465 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-5464 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5463 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5462 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5461 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5460 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5459 (Unspecified vulnerability in the Siebel Core - Common Components compo ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5458 (Unspecified vulnerability in the Oracle Communications EAGLE Applicati ...)
	NOT-FOR-US: Oracle
CVE-2016-5457 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5456 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5455 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...)
	NOT-FOR-US: Oracle
CVE-2016-5454 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-5453 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5452 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-5451 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5450 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5449 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5448 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5447 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5446 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5445 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5444 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.30-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.49-0+deb8u1
	[wheezy] - mysql-5.5 5.5.49-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5443 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5442 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5441 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5440 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5439 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5438
	REJECTED
CVE-2016-5437 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5436 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and S ...)
	NOT-FOR-US: Huawei
CVE-2016-6211 (The User module in Drupal 7.x before 7.44 allows remote authenticated  ...)
	{DSA-3604-1 DLA-550-1}
	- drupal7 7.44-1
	NOTE: https://www.drupal.org/SA-CORE-2016-002
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/4
	NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
	NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff
CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in CPython (a ...)
	{DLA-1663-1 DLA-522-1}
	- python3.5 3.5.2~rc1-1
	- python3.4 <removed>
	- python2.7 2.7.12~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: https://bugs.python.org/issue26171
	NOTE: 2.7: https://hg.python.org/cpython/rev/985fc64c60d6
	NOTE: 3.5: https://hg.python.org/cpython/rev/2df462852464
CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS certifica ...)
	NOT-FOR-US: Citrix
CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to cause a d ...)
	NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-5431 (The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable t ...)
	NOT-FOR-US: jose-php
CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php  ...)
	NOT-FOR-US: jose-php
CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC c ...)
	NOT-FOR-US: jose-php
CVE-2016-5428
	RESERVED
CVE-2016-5427 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not proper ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.0~alpha1-1
	NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5426 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote a ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.0~alpha1-1
	NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5425 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentO ...)
	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
	NOTE: http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
CVE-2016-5424 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9. ...)
	{DSA-3646-1 DLA-592-1}
	- postgresql-9.5 9.5.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
	NOTE: https://www.postgresql.org/about/news/1688/
CVE-2016-5423 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9. ...)
	{DSA-3646-1 DLA-592-1}
	- postgresql-9.5 9.5.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f0c7b789ab12fbc8248b671c7882dd96ac932ef4
	NOTE: https://www.postgresql.org/about/news/1688/
CVE-2016-5422 (The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2016-5421 (Use-after-free vulnerability in libcurl before 7.50.1 allows attackers ...)
	{DSA-3638-1}
	- curl 7.50.1-1
	[wheezy] - curl <not-affected> (introduced in 7.32.0)
	NOTE: https://curl.haxx.se/docs/adv_20160803C.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
CVE-2016-5420 (curl and libcurl before 7.50.1 do not check the client certificate whe ...)
	{DSA-3638-1 DLA-586-1}
	- curl 7.50.1-1
	NOTE: https://curl.haxx.se/docs/adv_20160803B.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5419 (curl and libcurl before 7.50.1 do not prevent TLS session resumption w ...)
	{DSA-3638-1 DLA-586-1}
	- curl 7.50.1-1
	NOTE: https://curl.haxx.se/docs/adv_20160803A.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5418 (The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlin ...)
	{DSA-3677-1 DLA-657-1}
	- libarchive 3.2.1-4 (bug #837714)
	NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
	NOTE: Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
	NOTE: Fixed by (for #744): https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
	NOTE: Fixed by (for #745 and #746): https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1362601, relates to upstream bugs #744, #745 and #746
	NOTE: https://github.com/libarchive/libarchive/issues/743 (umbrella report)
	NOTE: https://github.com/libarchive/libarchive/issues/744
	NOTE: https://github.com/libarchive/libarchive/issues/745
	NOTE: https://github.com/libarchive/libarchive/issues/746
	NOTE: Testcase: https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49
	NOTE: Fix for testcase: https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
CVE-2016-5417 (Memory leak in the __res_vinit function in the IPv6 name server manage ...)
	- glibc 2.22-4 (bug #833302)
	[jessie] - glibc <not-affected> (Introduced in 2.22)
	- eglibc <not-affected> (Introduced in 2.22)
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2212c1420c92a33b0e0bd9a34938c9814a56c0f7 (glibc-2.22)
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e7fdabd7df1fc6c56d104e61390bf5a6b526c38 (glibc-2.24)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19257
CVE-2016-5416 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7,  ...)
	- 389-ds-base <unfixed> (bug #834233)
	[buster] - 389-ds-base <no-dsa> (Minor issue)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	[jessie] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://fedorahosted.org/389/ticket/48852
	NOTE: Potentially related: https://fedorahosted.org/389/ticket/48354
CVE-2016-5415
	RESERVED
CVE-2016-5414 (FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ...)
	- freeipa <not-affected> (Vulnerable code introduced in the 4.4.0 release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1360757
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=25ed36fda14b30d6a50746a536939e3b428993cb
CVE-2016-5413
	RESERVED
CVE-2016-5412 (arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4. ...)
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Transactional memory not supported)
	NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2
	NOTE: https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1)
CVE-2016-5411 (/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart  ...)
	NOT-FOR-US: ovirt engine
CVE-2016-5410 (firewalld.py in firewalld before 0.4.3.3 allows local users to bypass  ...)
	- firewalld 0.4.3.3-1 (bug #834529)
	[jessie] - firewalld <ignored> (Minor issue)
	NOTE: Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11
CVE-2016-5409 (Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-5408 (Stack-based buffer overflow in the munge_other_line function in cachem ...)
	{DLA-556-1}
	- squid3 <not-affected> (Incomplete fix for CVE-2016-4051 not applied)
	NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
	NOTE: by some vendors.
CVE-2016-5407 (The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org li ...)
	{DLA-667-1}
	- libxv 2:1.0.11-1 (low; bug #840438)
	[jessie] - libxv 2:1.0.10-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...)
	NOT-FOR-US: JBoss EAP
CVE-2016-5405 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7,  ...)
	- 389-ds-base 1.3.5.15-1 (bug #842121)
	[jessie] - 389-ds-base <no-dsa> (minor issue)
	NOTE: This affects systems storing passwords in plain text.
	NOTE: Systems using unsalted hashes might be unsafe as well if using weak
	NOTE: hash algorithms, however the attack would be very time-consuming.
	NOTE: the patch for this CVE causes CVE-2017-15135
CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the "revoke cert ...)
	- freeipa 4.3.2-5 (bug #835131)
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master)
	NOTE: https://fedorahosted.org/freeipa/ticket/6232
CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local  ...)
	{DLA-1927-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-3.1 (bug #832619)
	- qemu-kvm <removed>
CVE-2016-5402 (A code injection flaw was found in the way capacity and utilization im ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS  ...)
	NOT-FOR-US: JBoss BPMS business-central
CVE-2016-5400 (Memory leak in the airspy_probe function in drivers/media/usb/airspy/a ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
	NOTE: Partial fixes in 7.0.9, 5.6.24, 5.5.38
	NOTE: CVE is assigned for the issue in PHP in adequate error handling in the
	NOTE: bzread() function. Disputed by PHP upstream, which considers that the
	NOTE: underlying bzip2 library is at fault.
CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Editor in ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code  ...)
	- thrift-compiler <unfixed> (unimportant; bug #894577)
	[experimental] - thrift 0.10.0-1 (unimportant)
	- thrift 0.11.0-3 (unimportant)
	NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
	NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
	NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
	NOTE: src:thrift only present in experimental
	NOTE: Go bindings only enabled in 0.9.3-2 (not yet in unstable)
	NOTE: Only ever affected src:thrift in experimental, and fixed in src:thrift/0.10.0-1
	NOTE: so any future upload of thrift to unstable can mark this item as <not-affected>
	NOTE: (fixed before the initial upload to Debian unstable)
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Att ...)
	- trafficserver 7.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/TS-5019
CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user functional ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-5394 (In the XSS Protection API module before 1.0.12 in Apache Sling, the en ...)
	NOT-FOR-US: Apache Sling
CVE-2016-5393 (In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote u ...)
	- hadoop <itp> (bug #793644)
CVE-2016-5392 (The API server in Kubernetes, as used in Red Hat OpenShift Enterprise  ...)
	NOT-FOR-US: OpenShift
CVE-2016-5391 (libreswan before 3.18 allows remote attackers to cause a denial of ser ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authentica ...)
	- foreman <itp> (bug #663101)
CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly  ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
CVE-2016-5389
	REJECTED
CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI S ...)
	{DLA-1883-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.37-1
	- tomcat7 7.0.72-1
	[jessie] - tomcat7 7.0.56-3+really7.0.88-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: The Tomcat CGI servlet sets HTTP_PROXY based on a Proxy: header.
	NOTE: This CVE was special since not assigned to a vulnerability but for a mitigation
	NOTE: thus marking as fixed for 8.0.37 and 7.0.71 (upstream) and with according
	NOTE: versions in Debian.
	NOTE: https://svn.apache.org/r1756941 (8.0.x)
	NOTE: https://svn.apache.org/r1756942 (7.0.x)
CVE-2016-1000111 (Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...)
	- twisted 16.4.0-1 (unimportant)
	[wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web)
	- twisted-web <removed>
	[wheezy] - twisted-web <no-dsa> (Minor issue)
	NOTE: https://twistedmatrix.com/trac/ticket/8623
	NOTE: https://github.com/twisted/twisted/commit/bcac75e6180c9eee4337322c109eb5d1cac51165
	NOTE: No part of Twisted does set HTTP_PROXY based on a Proxy: header, upstream plans
	NOTE: to drop related CGI code in future release
CVE-2016-1000108 (yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18  ...)
	- yaws 2.0.3-2 (bug #832433)
	[jessie] - yaws 1.98-4+deb8u1
	[wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future DSA)
	NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
CVE-2016-1000104 (A security Bypass vulnerability exists in the FcgidPassHeader Proxy in ...)
	NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: header unless
	NOTE: explicitly configured so and mitigations for Apache in CVE-2016-5387 prevent
	NOTE: exploitation anyway
CVE-2016-5387 (The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18  ...)
	{DSA-3623-1 DLA-553-1}
	- apache2 2.4.23-2
	NOTE: https://www.apache.org/security/asf-httpoxy-response.txt
	NOTE: https://httpoxy.org
CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...)
	- golang <unfixed> (unimportant)
	NOTE: No part of Go does set HTTP_PROXY based on a Proxy: header, 1.6.3 and 1.7
	NOTE: provide hardening to discard HTTP_PROXY
CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18  ...)
	{DSA-3631-1 DLA-749-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72573
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-5384 (fontconfig before 2.12.1 does not validate offsets, which allows local ...)
	{DSA-3644-1 DLA-587-1}
	- fontconfig 2.11.0-6.5 (bug #833570)
	NOTE: https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
	NOTE: Fixed by: https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 (2.12.1)
CVE-2016-5383 (The web UI in Red Hat CloudForms 4.1 allows remote authenticated users ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-5382
	RESERVED
CVE-2016-5381
	RESERVED
CVE-2016-5380
	RESERVED
CVE-2016-5379
	RESERVED
CVE-2016-5378
	RESERVED
CVE-2016-5377
	RESERVED
CVE-2016-5376
	RESERVED
CVE-2016-5375
	RESERVED
CVE-2016-5374 (NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated ...)
	NOT-FOR-US: NetApp
CVE-2016-5373
	RESERVED
CVE-2016-5372 (Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator ...)
	NOT-FOR-US: NetApp
CVE-2016-5371
	RESERVED
CVE-2016-5370
	RESERVED
CVE-2016-5369
	RESERVED
CVE-2016-5368 (Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote at ...)
	NOT-FOR-US: Huawei
CVE-2016-5367 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow re ...)
	NOT-FOR-US: Huawei
CVE-2016-5366 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow re ...)
	NOT-FOR-US: Huawei
CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with softwar ...)
	NOT-FOR-US: Huawei
CVE-2016-5364 (Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_p ...)
	{DLA-512-1}
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/5068df2d (1.2.x)
	NOTE: https://mantisbt.org/bugs/view.php?id=20956
CVE-2016-5363 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 thro ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5362 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 thro ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5349 (The high level operating systems (HLOS) was not providing sufficient m ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5348 (The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1 ...)
	NOT-FOR-US: Android
CVE-2016-5347 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5346 (An Information Disclosure vulnerability exists in the Google Pixel/Pix ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5345 (Buffer overflow in the Qualcomm radio driver in Android before 2017-01 ...)
	NOT-FOR-US: Qualcomm radio driver for Android
CVE-2016-5344 (Multiple integer overflows in the MDSS driver for the Linux kernel 3.x ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5343 (drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driv ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5342 (Heap-based buffer overflow in the wcnss_wlan_write function in drivers ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5341 (The GPS component in Android before 2016-12-05 allows man-in-the-middl ...)
	NOT-FOR-US: Android
CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c in a c ...)
	- linux <not-affected> (Android-specific kernel patch, is_ashmem_file/put_ashmem_file not present in mainline kernel)
CVE-2016-5339
	RESERVED
CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...)
	{DLA-2010-1 DLA-697-1}
	- bsdiff 4.3-17
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
	NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
	NOTE: Huzaifa Sidhpurwala <huzaifas@redhat.com> pointed out that is not a libreswan issue, rather
	NOTE: the protocol is flawed.
CVE-2016-5360 (HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, all ...)
	- haproxy 1.6.5-2 (bug #826869)
	[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
	NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
CVE-2016-5338 (The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #827024)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
CVE-2016-5337 (The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #827026)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6
CVE-2016-5336 (VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to ...)
	NOT-FOR-US: VMware
CVE-2016-5335 (VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x b ...)
	NOT-FOR-US: VMware
CVE-2016-5334 (VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x b ...)
	NOT-FOR-US: VMware
CVE-2016-5333 (VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public ke ...)
	NOT-FOR-US: VMware
CVE-2016-5332 (Directory traversal vulnerability in VMware vRealize Log Insight 2.x a ...)
	NOT-FOR-US: vRealize Log Insight
CVE-2016-5331 (CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 an ...)
	NOT-FOR-US: VMware
CVE-2016-5330 (Untrusted search path vulnerability in the HGFS (aka Shared Folders) f ...)
	NOT-FOR-US: VMware
CVE-2016-5329 (VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection ...)
	NOT-FOR-US: VMware
CVE-2016-5328 (VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity ...)
	NOT-FOR-US: VMware
CVE-2016-5327
	RESERVED
CVE-2016-5326
	RESERVED
CVE-2016-5325 (CRLF injection vulnerability in the ServerResponse#writeHead function  ...)
	- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
CVE-2016-5359 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.1 ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-38.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
	NOTE: https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0
CVE-2016-5358 (epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark  ...)
	- wireshark 2.0.4+gdd7746e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0)
	[wheezy] - wireshark <not-affected> (Only affects 2.0)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-37.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
	NOTE: https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7
CVE-2016-5357 (wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x b ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-36.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
	NOTE: https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
	NOTE: https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78
CVE-2016-5356 (wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before  ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-35.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
	NOTE: https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
	NOTE: https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500
CVE-2016-5355 (wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x befor ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-34.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
	NOTE: https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
	NOTE: https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b
CVE-2016-5354 (The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2. ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-33.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
	NOTE: https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6
CVE-2016-5353 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-32.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
	NOTE: https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4
CVE-2016-5352 (epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x be ...)
	- wireshark 2.0.4+gdd7746e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0)
	[wheezy] - wireshark <not-affected> (Only affects 2.0)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-31.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
	NOTE: https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185
CVE-2016-5351 (epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-30.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
	NOTE: https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4
CVE-2016-5350 (epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wir ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-29.html
	NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b
CVE-2016-5324
	RESERVED
CVE-2016-5323 (The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote a ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2559
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659
	NOTE: No security impact, just a crash in a CLI tool
CVE-2016-5322 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier al ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2560
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows attack ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2
	- tiff3 <removed>
	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
CVE-2016-5320
	REJECTED
CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in the Pi ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653
	NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5316 (Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c i ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2556
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=656
	NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5315 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier al ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=655
	NOTE: Possible duplicate with PixarLogDecode() issue
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
	NOTE: Upstream marked this duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5314 (Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in Li ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=654
	NOTE: Upstream fix https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated us ...)
	NOT-FOR-US: Symantec
CVE-2016-5312 (Directory traversal vulnerability in the charting component in Symante ...)
	NOT-FOR-US: Symantec
CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton Antivir ...)
	NOT-FOR-US: Symantec
CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
	NOT-FOR-US: Symantec
CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
	NOT-FOR-US: Symantec
CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in S ...)
	NOT-FOR-US: Norton
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection Mana ...)
	NOT-FOR-US: Symantec
CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does n ...)
	NOT-FOR-US: Symantec
CVE-2016-5305 (Multiple cross-site scripting (XSS) vulnerabilities in management scri ...)
	NOT-FOR-US: Symantec
CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec  ...)
	NOT-FOR-US: Symantec
CVE-2016-5303 (Cross-site scripting (XSS) vulnerability in the Horde Text Filter API  ...)
	- php-horde-text-filter 2.3.5-1 (bug #837150)
	[jessie] - php-horde-text-filter <no-dsa> (Minor issue)
CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has bee ...)
	NOT-FOR-US: Citrix
CVE-2015-8935 (The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...)
	- php5 5.6.6+dfsg-1
	[wheezy] - php5 5.4.38-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=68978
	NOTE: https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b
	NOTE: Fixed in 5.6.6, 5.5.22 and 5.4.38
CVE-2015-8934 (The copy_from_lzss_window function in archive_read_support_format_rar. ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: https://github.com/libarchive/libarchive/issues/521
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/603454ec03040c29bd051fcc749e3c1433c11a8e (v3.2.1)
CVE-2015-8933 (Integer overflow in the archive_read_format_tar_skip function in archi ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/548
	NOTE: https://github.com/libarchive/libarchive/issues/582
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3c7a6dc6694d9b26400d2bd672e04d09ed8a4276 (v3.1.900a)
CVE-2015-8932 (The compress_bidder_init function in archive_read_support_filter_compr ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/547
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/f0b1dbbc325a2d922015eee402b72edd422cb9ea (v3.1.900a)
	NOTE: and part of https://github.com/libarchive/libarchive/commit/55ce98e829eda3a4356c2be64a778d8740c2cf6c (v3.1.900a)
	NOTE: and https://github.com/libarchive/libarchive/commit/618618c8a6be453f79e0bdbdeab6e1dd8bf429b3 (v3.1.900a)
	NOTE: Part of the problematic code was introduced with commit bf4f6ec64ef3edefbc41172692868fb8df514805
	NOTE: to fix https://github.com/libarchive/libarchive/issues/356
CVE-2015-8931 (Multiple integer overflows in the (1) get_time_t_max and (2) get_time_ ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/539
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b31744df71084a8734f97199e42418f55d08c6c5 (v3.1.900a)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/c0c52e9aaafb0860c4151c5374372051e9354301 (v3.1.900a)
CVE-2015-8930 (bsdtar in libarchive before 3.2.0 allows remote attackers to cause a d ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/522
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/39fc59391b7cf2a007bffce280c1e3e66674258f (v3.1.900a)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/01cfbca4fdae1492a8a09c001b61bbca46f869f2 (v3.1.900a)
CVE-2015-8929 (Memory leak in the __archive_read_get_extract function in archive_read ...)
	- libarchive 3.2.0-2
	[jessie] - libarchive <not-affected> (Introduced in 3.2.0)
	[wheezy] - libarchive <not-affected> (Introduced in 3.2.0)
	NOTE: https://github.com/libarchive/libarchive/issues/517
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/d24e79e8f9547ae475a3a0c9516e079a14010838
CVE-2015-8928 (The process_add_entry function in archive_read_support_format_mtree.c  ...)
	{DSA-3657-1}
	- libarchive 3.2.0-2
	[wheezy] - libarchive <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libarchive/libarchive/issues/550
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/64d5628
CVE-2015-8927 (The trad_enc_decrypt_update function in archive_read_support_format_zi ...)
	- libarchive 3.2.0-2
	[jessie] - libarchive <not-affected> (vulnerable code not present)
	[wheezy] - libarchive <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libarchive/libarchive/issues/523
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/eff35d4
CVE-2015-8926 (The archive_read_format_rar_read_data function in archive_read_support ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/518
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/aab73938
CVE-2015-8925 (The readline function in archive_read_support_format_mtree.c in libarc ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/516
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1e18cbb71
CVE-2015-8924 (The archive_read_format_tar_read_header function in archive_read_suppo ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/515
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/bb9b157
CVE-2015-8923 (The process_extra function in libarchive before 3.2.0 uses the size fi ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/514
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c
CVE-2015-8922 (The read_CodersInfo function in archive_read_support_format_7zip.c in  ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/513
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/d094dc
CVE-2015-8921 (The ae_strtofflags function in archive_entry.c in libarchive before 3. ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/512
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1cbc76f
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/05a875fdb876e7a2f56a2937f756927cbed919e0
CVE-2015-8920 (The _ar_read_header function in archive_read_support_format_ar.c in li ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/511
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/97f964e
CVE-2015-8919 (The lha_read_file_extended_header function in archive_read_support_for ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/510
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/e8a2e4d
CVE-2015-8918 (The archive_string_append function in archive_string.c in libarchive b ...)
	- libarchive <not-affected> (Vulnerable code not in a released version)
	NOTE: Introduced in  https://github.com/libarchive/libarchive/commit/cf8e67ffc8a2227b63fc6d3d1569b0214f160f54
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b6ba56037f0da44efebfa271cc4b1a736a74c62f
	NOTE: https://github.com/libarchive/libarchive/issues/506
CVE-2015-8917 (bsdtar in libarchive before 3.2.0 allows remote attackers to cause a d ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/505
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
CVE-2015-8916 (bsdtar in libarchive before 3.2.0 returns a success code without filli ...)
	{DSA-3657-1}
	- libarchive 3.2.0-2
	[wheezy] - libarchive <not-affected> (no segfault, not reproducible with reproducer)
	NOTE: https://github.com/libarchive/libarchive/issues/504
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
CVE-2015-8915 (bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a  ...)
	{DLA-1600-1 DLA-617-1}
	- libarchive 3.2.0-2 (low; bug #784213)
	[squeeze] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/503
	NOTE: https://github.com/libarchive/libarchive/issues/502
	NOTE: 502 is a duplicate of https://github.com/libarchive/libarchive/issues/503
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e6c9668f3202215ddb71617b41c19b6f05acf008
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3865cf2bcb0eebc1baef28a7841b1cadae6e0f7c
CVE-2015-8914 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 thro ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1502933
CVE-2015-8913
	REJECTED
CVE-2015-8912
	REJECTED
CVE-2015-8911
	REJECTED
CVE-2015-8910
	REJECTED
CVE-2015-8909
	REJECTED
CVE-2015-8908
	REJECTED
CVE-2015-8907
	REJECTED
CVE-2015-8906
	REJECTED
CVE-2015-8905
	REJECTED
CVE-2015-8904
	REJECTED
CVE-2015-1000013 (Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v ...)
	NOT-FOR-US: WordPress plugin csv2wpec-coupon
CVE-2015-1000012 (Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin mypixs
CVE-2015-1000011 (Blind SQL Injection in wordpress plugin dukapress v2.5.9 ...)
	NOT-FOR-US: WordPress plugin dukapress
CVE-2015-1000010 (Remote file download in simple-image-manipulator v1.0 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin simple-image-manipulator
CVE-2015-1000009 (Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 ...)
	NOT-FOR-US: WordPress plugin google-adsense-and-hotel-booking
CVE-2015-1000008 (Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 ...)
	NOT-FOR-US: WordPress plugin MP3-jPlayer
CVE-2015-1000007 (Remote file download vulnerability in wptf-image-gallery v1.03 ...)
	NOT-FOR-US: WordPress plugin wptf-image-gallery
CVE-2015-1000006 (Remote file download vulnerability in recent-backups v0.7 wordpress pl ...)
	NOT-FOR-US: WordPress plugin recent-backups
CVE-2015-1000005 (Remote file download vulnerability in candidate-application-form v1.0  ...)
	NOT-FOR-US: WordPress plugin candidate-application-form
CVE-2015-1000004 (XSS in filedownload v1.4 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin filedownload
CVE-2015-1000003 (Blind SQL Injection in filedownload v1.4 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin filedownload
CVE-2015-1000002 (Open Proxy in filedownload v1.4 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin filedownload
CVE-2015-1000001 (Remote file upload vulnerability in fast-image-adder v1.1 Wordpress pl ...)
	NOT-FOR-US: WordPress plugin fast-image-adder
CVE-2015-1000000 (Remote file upload vulnerability in mailcwp v1.99 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin mailcwp
CVE-2016-5299 (A previously installed malicious Android application with same signatu ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5298 (A mechanism where disruption of the loading of a new web page can caus ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5297 (An error in argument length checking in JavaScript, leading to potenti ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5296 (A heap-buffer-overflow in Cairo when processing SVG content caused by  ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5295 (This vulnerability allows an attacker to use the Mozilla Maintenance S ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
CVE-2016-5294 (The Mozilla Updater can be made to choose an arbitrary target working  ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
	- icedove <not-affected> (Only affects Thunderbird on Windows)
CVE-2016-5293 (When the Mozilla Updater is run, if the Updater's log file in the work ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
CVE-2016-5292 (During URL parsing, a maliciously crafted URL can cause a potentially  ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5291 (A same-origin policy bypass with local shortcut files to load arbitrar ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5290 (Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. S ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5289 (Memory safety bugs were reported in Firefox 49. Some of these bugs sho ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5288 (Web content could access information in the HTTP cache if e10s is disa ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox releases < 48)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1310183 (not yet public)
CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destructio ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox releases < 49)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
CVE-2016-5286
	RESERVED
CVE-2016-5285 (A Null pointer dereference vulnerability exists in Mozilla Network Sec ...)
	- nss 2:3.25-1
	NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
CVE-2016-5284 (Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunder ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5283 (Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5282 (Mozilla Firefox before 49.0 does not properly restrict the scheme in f ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5281 (Use-after-free vulnerability in the DOMSVGLength class in Mozilla Fire ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5280 (Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityM ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5279 (Mozilla Firefox before 49.0 allows user-assisted remote attackers to o ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5278 (Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5277 (Use-after-free vulnerability in the nsRefreshDriver::Tick function in  ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5276 (Use-after-free vulnerability in the mozilla::a11y::DocAccessible::Proc ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5275 (Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeede ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5274 (Use-after-free vulnerability in the nsFrameManager::CaptureFrameState  ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5273 (The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5271 (The PropertyProvider::GetSpacingInternal function in Mozilla Firefox b ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5270 (Heap-based buffer overflow in the nsCaseTransformTextRunFactory::Trans ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5269
	RESERVED
CVE-2016-5268 (Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
CVE-2016-5267 (Mozilla Firefox before 48.0 on Android allows remote attackers to spoo ...)
	- firefox <not-affected> (Android-specific)
	- firefox-esr <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
CVE-2016-5266 (Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ( ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
CVE-2016-5265 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow use ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
CVE-2016-5264 (Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildL ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
CVE-2016-5263 (The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
CVE-2016-5262 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process J ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
CVE-2016-5261 (Integer overflow in the WebSocketChannel class in the WebSockets subsy ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 48.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: For Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
	NOTE: For Firefox https://www.mozilla.org/security/advisories/mfsa2016-86/
CVE-2016-5260 (Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="passw ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
CVE-2016-5259 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
CVE-2016-5258 (Use-after-free vulnerability in the WebRTC socket thread in Mozilla Fi ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
CVE-2016-5257 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3690-1 DSA-3674-1 DLA-658-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	- icedove 1:45.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVE-2016-5256 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
CVE-2016-5255 (Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep  ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
CVE-2016-5254 (Use-after-free vulnerability in the nsXULPopupManager::KeyDown functio ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
CVE-2016-5253 (The Updater in Mozilla Firefox before 48.0 on Windows allows local use ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
CVE-2016-5252 (Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
CVE-2016-5251 (Mozilla Firefox before 48.0 allows remote attackers to spoof the locat ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
CVE-2016-5250 (Mozilla Firefox before 48.0, Firefox ESR &lt; 45.4 and Thunderbird &lt ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 48.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: For Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
	NOTE: For Firefox ESR: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVE-2016-5249 (Lenovo Solution Center (LSC) before 3.3.003 allows local users to exec ...)
	NOT-FOR-US: Lenovo
CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo Solution ...)
	NOT-FOR-US: Lenovo
CVE-2016-5247 (The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s ...)
	NOT-FOR-US: Lenovo
CVE-2016-5246
	RESERVED
CVE-2016-5245
	RESERVED
CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows r ...)
	- gnutls28 3.4.13-1
	[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/06/07/2
CVE-2016-1000002 (gdm3 3.14.2 and possibly later has an information leak before screen l ...)
	- gdm3 <unfixed> (low; bug #849432)
	[buster] - gdm3 <ignored> (Minor issue)
	[stretch] - gdm3 <ignored> (Minor issue)
	[jessie] - gdm3 <ignored> (Minor issue)
	[wheezy] - gdm3 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1391126
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=753678
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=776051
CVE-2014-9861
	RESERVED
CVE-2014-9860
	RESERVED
CVE-2014-9859
	RESERVED
CVE-2014-9858
	RESERVED
CVE-2014-9857
	RESERVED
CVE-2014-9856
	RESERVED
CVE-2014-9855
	RESERVED
CVE-2016-5319 (Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earl ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #842046)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (tools like bmp2tiff not shipped by tiff3 source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2562
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=652
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: No patch available. Marked as wontfix by upstream.
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-5318 (Stack-based buffer overflow in the _TIFFVGetField function in libtiff  ...)
	{DLA-693-1 DLA-692-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
	NOTE: _TIFFVGetField isn't specific to thumbnail tool, there's http://bugzilla.maptools.org/show_bug.cgi?id=2580 to enhance that,
	NOTE: but treating this bug (as related to thumbmail) as fixed.
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2561
	NOTE: This seems a duplicate of CVE-2015-7554 ( http://bugzilla.maptools.org/show_bug.cgi?id=2564 ). At the very least, a generic fix for CVE-2015-7554 would also fix this one as the illegal write is at the exact same location in the code.
	NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=671
	NOTE: With 4.0.6-2 (sid), I get a segfault.
	NOTE: With 4.0.3-12.3+deb8u1 (jessie), I get a segfault.
	NOTE: With 3.9.6-11+deb7u1 (wheezy), I get a failure: MissingRequired: ../CVE-2016-5318.tiff: TIFF directory is missing required "StripOffsets" field.
CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 allows remo ...)
	{DLA-511-1}
	- libtorrent-rasterbar 1.1.0-1 (bug #826380)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	NOTE: https://github.com/arvidn/libtorrent/issues/780
	NOTE: https://github.com/arvidn/libtorrent/pull/782
CVE-2016-5300 (The XML parser in Expat does not use sufficient entropy for hash initi ...)
	{DSA-3597-1 DLA-508-1}
	- expat 2.1.1-3
CVE-2016-5244 (The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel t ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb
CVE-2016-5243 (The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2
CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: http://xenbits.xen.org/xsa/advisory-181.html
CVE-2016-5241 (magick/render.c in GraphicsMagick before 1.3.24 allows remote attacker ...)
	{DLA-1401-1 DLA-547-1}
	- graphicsmagick 1.3.24-1
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in GraphicsMagick befo ...)
	{DSA-3746-1 DLA-547-1}
	- graphicsmagick 1.3.24-1
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
	NOTE: DLA-547-1 didn't fix this properly
CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in the Stea ...)
	NOT-FOR-US: Valve Steam
CVE-2016-5236 (Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9 ...)
	NOT-FOR-US: F5 WebSafe
CVE-2016-5235 (A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe D ...)
	NOT-FOR-US: F5 WebSafe
CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-n ...)
	- linux <not-affected> (Vulnerable code never present, introduced and fixed in 3.16 development cycle)
	NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1)
	NOTE: Fixed by (revert of commit): https://git.kernel.org/linus/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (v3.16-rc1)
CVE-2014-9804 (vision.c in ImageMagick allows remote attackers to cause a denial of s ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later)
CVE-2014-9805 (ImageMagick allows remote attackers to cause a denial of service (segm ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9806 (ImageMagick allows remote attackers to cause a denial of service (file ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9807 (The pdb coder in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9808 (ImageMagick allows remote attackers to cause a denial of service (segm ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9809 (ImageMagick allows remote attackers to cause a denial of service (segm ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9810 (The dpx file handler in ImageMagick allows remote attackers to cause a ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9811 (The xwd file handler in ImageMagick allows remote attackers to cause a ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9812 (ImageMagick allows remote attackers to cause a denial of service (NULL ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9813 (ImageMagick allows remote attackers to cause a denial of service (appl ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9814 (ImageMagick allows remote attackers to cause a denial of service (NULL ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9815 (ImageMagick allows remote attackers to cause a denial of service (appl ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9816 (ImageMagick allows remote attackers to cause a denial of service (out- ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9817 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9818 (ImageMagick allows remote attackers to cause a denial of service (out- ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9819 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9820 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9821 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9822 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9823 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9824 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9825 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9826 (ImageMagick allows remote attackers to have unspecified impact via vec ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <no-dsa> (No apparent security impact)
CVE-2014-9827 (coders/xpm.c in ImageMagick allows remote attackers to have unspecifie ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9828 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9829 (coders/sun.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9830 (coders/sun.c in ImageMagick allows remote attackers to have unspecifie ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9831 (coders/wpg.c in ImageMagick allows remote attackers to have unspecifie ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9832 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9833 (Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9834 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9835 (Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9836 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of servi ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9837 (coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote att ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9838 (magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9839 (magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attacke ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9840 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of servi ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9841 (The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allo ...)
	{DLA-960-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9842 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Leak in a code path that does not exist in this version)
CVE-2014-9843 (The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 al ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9844 (The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allow ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9845 (The ReadDIBImage function in coders/dib.c in ImageMagick allows remote ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9846 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageM ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9847 (The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9848 (Memory leak in ImageMagick allows remote attackers to cause a denial o ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9849 (The png coder in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9850 (Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a  ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Affected section of code not present in wheezy; examine diff introduced by commit 2257d1eadd02d89d225fce21013a1219d221dc7d with context of 20)
	NOTE: patch supposed to be https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=2257d1eadd02d89d225fce21013a1219d221dc7d
CVE-2014-9851 (ImageMagick 6.8.9.9 allows remote attackers to cause a denial of servi ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	NOTE: https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=33b2d377b94eb738011bc7d5e90ca0a16ce4d471
CVE-2014-9852 (distribute-cache.c in ImageMagick re-uses objects after they have been ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (distribute-cache.c does not exist in 6.7.7.10)
CVE-2014-9853 (Memory leak in coders/rle.c in ImageMagick allows remote attackers to  ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9854 (coders/tiff.c in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
	- mat 0.6.1-3 (bug #826101)
	[jessie] - mat 0.5.2-3+deb8u1
	[wheezy] - mat 0.3.2-1+deb7u1
	NOTE: Workaround entry for DLA-650-1/DSA-3708-1 until/if CVE is assigned
	NOTE: https://0xacab.org/mat/mat/issues/11067
	NOTE: Patch in 0.6.1-3 disabled PDF support
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and G ...)
	{DSA-3580-1 DLA-1456-1 DLA-486-1 DLA-484-1}
	- graphicsmagick 1.3.24-1
	- imagemagick 8:6.9.6.2+dfsg-2
	NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e38b4f74ca19
CVE-2016-5238 (The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3 (bug #826152)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint contro ...)
	NOT-FOR-US: Huawei
CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B18 ...)
	NOT-FOR-US: Huawei
CVE-2016-5232 (Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL  ...)
	NOT-FOR-US: Huawei
CVE-2016-5231 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B ...)
	NOT-FOR-US: Huawei
CVE-2016-5230 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B ...)
	NOT-FOR-US: Huawei
CVE-2016-5229 (Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not p ...)
	NOT-FOR-US: Atlassian
CVE-2016-5228 (Stack-based buffer overflow in the PlayMacro function in ObjectXMacro. ...)
	NOT-FOR-US: Rumba
CVE-2016-5227
	RESERVED
CVE-2016-5226 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Ma ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5225 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linu ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5224 (A timing attack on denormalized floating point arithmetic in SVG filte ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5223 (Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5222 (Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5221 (Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.28 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5220 (PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Lin ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5219 (A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5218 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Win ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5217 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Win ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5216 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5215 (A use after free in webaudio in Google Chrome prior to 55.0.2883.75 fo ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5214 (Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5213 (A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5212 (Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5211 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5210 (Heap buffer overflow during TIFF image parsing in PDFium in Google Chr ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5209 (Bad casting in bitmap manipulation in Blink in Google Chrome prior to  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5208 (Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, an ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5207 (In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and L ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5206 (The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5205 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Ma ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5204 (Leaking of an SVG shadow tree leading to corruption of the DOM tree in ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5203 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5202 (browser/extensions/api/dial/dial_registry.cc in Google Chrome before 5 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5201 (A leak of privateClass in the extensions API in Google Chrome prior to ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5200 (V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 fo ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5199 (An off by one error resulting in an allocation of zero size in FFmpeg  ...)
	{DSA-3731-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://chromium-review.googlesource.com/383956
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/347cb14b7cba7560e53f4434b419b9d8800253e7
CVE-2016-5198 (V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85  ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5197 (The content view client in Google Chrome prior to 54.0.2840.85 for And ...)
	- chromium-browser <not-affected> (Only affects Chrome on Android)
CVE-2016-5196 (The content renderer client in Google Chrome prior to 54.0.2840.85 for ...)
	- chromium-browser <not-affected> (Only affects Chrome on Android)
CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before  ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
	NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
CVE-2016-5194 (Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5193 (Google Chrome prior to 54.0 for iOS had insufficient validation of URL ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5192 (Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5191 (Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows,  ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5190 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0. ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5189 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0. ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5188 (Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Wi ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5187 (Google Chrome prior to 54.0.2840.85 for Android incorrectly handled ra ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5186 (Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and  ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5185 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Lin ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5184 (PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Li ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5183 (A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5182 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Lin ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5181 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Lin ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5180 (Heap-based buffer overflow in the ares_create_query function in c-ares ...)
	{DSA-3682-1 DLA-648-1}
	- c-ares 1.12.0-1 (medium; bug #839151)
	NOTE: https://c-ares.haxx.se/adv_20160929.html
	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
CVE-2016-5179 (Chrome OS before 53.0.2785.144 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Chrome OS
CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
	{DSA-3683-1}
	- chromium-browser 53.0.2785.143-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.1 ...)
	{DSA-3683-1}
	- chromium-browser 53.0.2785.143-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5176 (Google Chrome before 53.0.2785.113 allows remote attackers to bypass t ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5175 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5174 (browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5173 (The extensions subsystem in Google Chrome before 53.0.2785.113 does no ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5172 (The parser in Google V8, as used in Google Chrome before 53.0.2785.113 ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5171 (WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Go ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5170 (WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5169 (Format string vulnerability in Google Chrome OS before 53.0.2785.103 a ...)
	NOT-FOR-US: Google Chrome OS
CVE-2016-5168 (Skia, as used in Google Chrome before 50.0.2661.94, allows remote atta ...)
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- skia <itp> (bug #818180)
CVE-2016-5167 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5166 (The download implementation in Google Chrome before 53.0.2785.89 on Wi ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5165 (Cross-site scripting (XSS) vulnerability in the Developer Tools (aka D ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5164 (Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_ ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5163 (The bidirectional-text implementation in Google Chrome before 53.0.278 ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5162 (The AllowCrossRendererResourceLoad function in extensions/browser/url_ ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5161 (The EditingStyle::mergeStyle function in WebKit/Source/core/editing/Ed ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5160 (The AllowCrossRendererResourceLoad function in extensions/browser/url_ ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5159 (Multiple integer overflows in OpenJPEG, as used in PDFium in Google Ch ...)
	{DSA-3768-1 DSA-3660-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
CVE-2016-5158 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c  ...)
	{DSA-3768-1 DSA-3660-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
	NOTE: https://github.com/uclouvain/openjpeg/issues/854
CVE-2016-5157 (Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt ...)
	{DSA-3660-1}
	- openjpeg2 2.1.2-1
	[jessie] - openjpeg2 2.1.0-2+deb8u3
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/08/8
	NOTE: https://github.com/uclouvain/openjpeg/pull/823
CVE-2016-5156 (extensions/renderer/event_bindings.cc in the event bindings in Google  ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5155 (Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0. ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5154 (Multiple heap-based buffer overflows in PDFium, as used in Google Chro ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5153 (The Web Animations implementation in Blink, as used in Google Chrome b ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5152 (Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd. ...)
	{DSA-4013-1 DSA-3660-1}
	- openjpeg2 2.1.2-1.2
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/3fbe71369019df0b47c7a2be4fab8c05768f2f32
	NOTE: https://github.com/uclouvain/openjpeg/issues/854
CVE-2016-5151 (PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and be ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5150 (WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5149 (The extensions subsystem in Google Chrome before 53.0.2785.89 on Windo ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5148 (Cross-site scripting (XSS) vulnerability in Blink, as used in Google C ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5147 (Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS  ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5146 (Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743 ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5145 (Blink, as used in Google Chrome before 52.0.2743.116, does not ensure  ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5144 (The Developer Tools (aka DevTools) subsystem in Blink, as used in Goog ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5143 (The Developer Tools (aka DevTools) subsystem in Blink, as used in Goog ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5142 (The Web Cryptography API (aka WebCrypto) implementation in Blink, as u ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5141 (Blink, as used in Google Chrome before 52.0.2743.116, allows remote at ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5140 (Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5139 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c  ...)
	{DSA-3645-1 DLA-1433-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Fixed in Google with: https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d
	NOTE: https://github.com/uclouvain/openjpeg/pull/819
CVE-2016-5138 (Integer overflow in the kbasep_vinstr_attach_client function in midgar ...)
	- chromium-browser <not-affected> (Chrome on Chrome OS)
CVE-2016-5137 (The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/ ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5136 (Use-after-free vulnerability in extensions/renderer/user_script_inject ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5135 (WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as use ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5134 (net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in G ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5133 (Google Chrome before 52.0.2743.82 mishandles origin information during ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5132 (The Service Workers subsystem in Google Chrome before 52.0.2743.82 doe ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5131 (Use-after-free vulnerability in libxml2 through 2.9.4, as used in Goog ...)
	{DSA-3744-1 DSA-3637-1 DLA-691-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libxml2 2.9.4+dfsg1-2.1 (bug #840554)
	NOTE: Google fix: https://codereview.chromium.org/2127493002
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
	NOTE: Requisite for the test: https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
CVE-2016-5130 (content/renderer/history_controller.cc in Google Chrome before 52.0.27 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5129 (Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5128 (objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome be ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5127 (Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnit ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2015-8899 (Dnsmasq before 2.76 allows remote servers to cause a denial of service ...)
	- dnsmasq 2.76-1
	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
	NOTE: Fixed by: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87 (v2.76rc1)
	NOTE: Introduced by: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=cbc652423403e3cef00e00240f6beef713142246 (v2.73rc1)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1581181
CVE-2015-8898 (The WriteImages function in magick/constitute.c in ImageMagick before  ...)
	- imagemagick 8:6.8.9.9-7
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/34
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5b4bebaa91849c592a8448bc353ab25a54ff8c44
CVE-2015-8897 (The SpliceImage function in MagickCore/transform.c in ImageMagick befo ...)
	- imagemagick 8:6.8.9.9-7
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231
CVE-2015-8896 (Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5- ...)
	{DLA-353-1}
	- imagemagick 8:6.8.9.9-7 (bug #806441)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2015-8895 (Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later all ...)
	{DLA-353-1}
	- imagemagick 8:6.8.9.9-7 (bug #806441)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
	NOTE: The issue is only exploitable on 32 bit architectures.
CVE-2015-8894 (Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and lat ...)
	- imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
	[jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
	[squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
CVE-2015-8893 (app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8892 (platform/msm_shared/boot_verifier.c in the Qualcomm components in Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8891 (Multiple integer overflows in app/aboot/aboot.c in the Qualcomm compon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8890 (platform/msm_shared/partition_parser.c in the Qualcomm components in A ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8889 (The aboot implementation in the Qualcomm components in Android before  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8888 (Integer overflow in app/aboot/aboot.c in the Qualcomm components in An ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9802 (Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm compone ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9801 (Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9800 (Integer overflow in lib/heap/heap.c in the Qualcomm components in Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9799 (The makefile in the Qualcomm components in Android before 2016-07-05 o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9798 (platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android b ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9797
	REJECTED
CVE-2014-9796 (app/aboot/aboot.c in the Qualcomm components in Android before 2016-07 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9795 (app/aboot/aboot.c in the Qualcomm components in Android before 2016-07 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9794
	REJECTED
CVE-2014-9793 (platform/msm_shared/mmc.c in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9792 (arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android b ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9791
	REJECTED
CVE-2014-9790 (drivers/mmc/core/debugfs.c in the Qualcomm components in Android befor ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9789 (The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9788 (Multiple buffer overflows in the voice drivers in the Qualcomm compone ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm components  ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9786 (Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sen ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9785 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9784 (Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Q ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9783 (drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualc ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9782 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9781 (Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components i ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9780 (drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Andro ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9779 (arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components i ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9778 (The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/com ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9777 (The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common ...)
	- linux <not-affected> (Android-specific)
CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-5125
	REJECTED
CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-5123
	RESERVED
CVE-2016-5122
	RESERVED
CVE-2016-5121
	RESERVED
CVE-2016-5120
	RESERVED
CVE-2016-5119 (The automatic update feature in KeePass 2.33 and earlier allows man-in ...)
	- keepass2 2.18+dfsg-1
	NOTE: autoupdate dialog disabled in Debian via patch, but basically not-affected
CVE-2016-5113
	RESERVED
CVE-2016-5112
	RESERVED
CVE-2016-5111
	RESERVED
CVE-2016-5110
	RESERVED
CVE-2016-5109 (Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for i ...)
	NOT-FOR-US: Citrix
CVE-2015-8887
	RESERVED
CVE-2015-8886
	RESERVED
CVE-2015-8885
	RESERVED
CVE-2015-8884
	RESERVED
CVE-2015-8883
	RESERVED
CVE-2015-8882
	RESERVED
CVE-2015-8881
	RESERVED
CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in block/is ...)
	{DLA-1927-1}
	- qemu 1:2.6+dfsg-2 (bug #826151)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/30/6
CVE-2016-XXXX [CSRF protection for POST requests]
	- postfixadmin 2.93-2 (bug #825151)
	[jessie] - postfixadmin <no-dsa> (Minor issue)
	[wheezy] - postfixadmin <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2016/May/59
	NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
	NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and Im ...)
	{DSA-3746-1 DSA-3591-1 DLA-502-1 DLA-500-1}
	- imagemagick 8:6.8.9.9-7.1 (bug #825799)
	- graphicsmagick 1.3.24-1 (bug #825800)
	NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
	NOTE: patch available at http://www.openwall.com/lists/oss-security/2016/05/29/7
CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used  ...)
	{DSA-3619-1}
	- libgd2 2.2.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0)
	NOTE: Introduced by: https://github.com/libgd/libgd/commit/decf4407d41230fc54dea8058bf887a2696fd4c2 (gd-2.1.0-alpha1)
	NOTE: https://github.com/libgd/libgd/issues/211
	- php5 <removed> (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat 57.34. ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: This is an issue in ffmpeg/libav, which is fixed in stretch's ffmpeg, but it's unclear when it was fixed exactly
	NOTE: https://trac.mplayerhq.hu/ticket/2298
CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the gif2 ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff-tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2552
	NOTE: confirmed this still crashes with latest CVS, version v4.0.6
	NOTE: also confirmed this crashes v4.0.2 in wheezy
	NOTE: Upstream will remove gif2tiff from 4.0.7 release
	NOTE: No patch available. Marked as wontfix by upstream
	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5102.gif
	NOTE: gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-5101 (Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows a ...)
	NOT-FOR-US: Opera
CVE-2016-5100 (Froxlor before 0.9.35 uses the PHP rand function for random number gen ...)
	NOT-FOR-US: Froxlor
CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.2-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/
CVE-2016-5098 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
	- phpmyadmin <not-affected> (Only affected git versions but not released versions, cf. PMASA-2016-15)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-15/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2dc9481d2af25b035778c67eaf0bfd2d2c59dd8
CVE-2016-5097 (phpMyAdmin before 4.6.2 places tokens in query strings and does not ar ...)
	- phpmyadmin 4:4.6.2-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
CVE-2016-5092 (Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 al ...)
	NOT-FOR-US: Fortinet
CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpc ...)
	{DSA-3598-1}
	- vlc 2.2.3-2 (bug #825728)
	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
CVE-2016-5090
	RESERVED
CVE-2016-5089
	RESERVED
CVE-2016-5088
	RESERVED
CVE-2016-5087 (Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak perm ...)
	NOT-FOR-US: Alertus
CVE-2016-5086 (Johnson &amp; Johnson Animas OneTouch Ping devices allow remote attack ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5085 (Johnson &amp; Johnson Animas OneTouch Ping devices do not properly gen ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5084 (Johnson &amp; Johnson Animas OneTouch Ping devices do not use encrypti ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5083
	RESERVED
CVE-2016-5082
	RESERVED
CVE-2016-5081 (ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, ...)
	NOT-FOR-US: ZModo
CVE-2016-5080 (Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Ob ...)
	NOT-FOR-US: Objective Systems Inc. ASN1C compiler
	NOTE: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
CVE-2016-5079
	RESERVED
CVE-2016-5078 (Paessler PRTG before 16.2.24.4045 has XSS via SNMP. ...)
	NOT-FOR-US: Paessler PRTG
CVE-2016-5077 (Netikus EventSentry before 3.2.1.44 has XSS via SNMP. ...)
	NOT-FOR-US: Netikus EventSentry
CVE-2016-5076 (CloudView NMS before 2.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5075 (CloudView NMS before 2.10a has XSS via a TELNET login. ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5074 (CloudView NMS before 2.10a has a format string issue exploitable over  ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5073 (CloudView NMS before 2.10a has XSS via SNMP. ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5072 (OXID eShop before 2016-06-13 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: OXID eShop
CVE-2016-5071 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the m ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5070 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwor ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5069 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5068 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not requir ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5067 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes A ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5066 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak pas ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5065 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedde ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5064
	RESERVED
CVE-2016-5063 (The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 ...)
	NOT-FOR-US: BMC Server Automation
CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require authenticatio ...)
	NOT-FOR-US: Aternity
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web server  ...)
	NOT-FOR-US: Aternity
CVE-2016-5060 (Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before ...)
	NOT-FOR-US: nGrinder
CVE-2016-5059 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers t ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5058 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee rep ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5057 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL  ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5056 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex di ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5055 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the use ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5054 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee re ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5053 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote att ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5052 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5051 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in c ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5050 (Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyD ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5049 (Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5048 (SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9. ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5047 (NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote aut ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5046
	RESERVED
CVE-2016-5045 (NetApp OnCommand System Manager before 9.0 allows remote attackers to  ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5025 (For the NVIDIA Quadro, NVS, and GeForce products, improper sanitizatio ...)
	NOT-FOR-US: NVIDIA Quadro, NVS, and GeForce product
CVE-2016-5024 (Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1 ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5023 (Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1  ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5022 (F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM,  ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5020 (F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modif ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5019 (CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0. ...)
	NOT-FOR-US: Apache MyFaces Trinidad
CVE-2016-5018 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8. ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842663)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/lixw6iyojoxwfizv?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1754901 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1754902 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1754904
CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 an ...)
	{DLA-630-1}
	- zookeeper 3.4.9-1
	[jessie] - zookeeper 3.4.5+dfsg-2+deb8u1
	NOTE: The C cli shell is intended as a sample/example of how to use the C
	NOTE: client interface, not as a production tool
	NOTE: https://zookeeper.apache.org/security.html#CVE-2016-5017
	NOTE: Fixed by https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f
CVE-2016-5016 (Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authe ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-5015
	REJECTED
CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...)
	- moodle <not-affected> (Only affects 2.8 and later)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=336699
CVE-2016-5013 (In Moodle 2.x and 3.x, text injection can occur in email headers, pote ...)
	- moodle 2.7.15+dfsg-1
CVE-2016-5012 (In Moodle 3.x, glossary search displays entries without checking user  ...)
	- moodle <not-affected> (Only affects 3.1)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=336697
CVE-2016-5011 (The parse_dos_extended function in partitions/dos.c in the libblkid li ...)
	- util-linux 2.28.1-1 (bug #830802)
	[jessie] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
CVE-2016-5010 (coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows remote au ...)
	- ceph 10.2.5-1 (bug #829661)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/16297
	NOTE: https://github.com/ceph/ceph/pull/9700
	NOTE: https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when the pa ...)
	{DSA-3613-1 DLA-541-1}
	- libvirt 2.0.0-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1180092
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 (v2.0.0)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf (v1.2.9-maint)
	NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...)
	- libspring-java 4.3.2-1
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
	NOTE: https://pivotal.io/security/cve-2016-5007
	NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab30 (v4.3.1.RELEASE)
	NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
	NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964
	NOTE: Upstream bug: https://github.com/spring-projects/spring-framework/issues/18893
	NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
	NOTE: Other (already unsupported) versions are affected as well by the issue; the
	NOTE: fix introduces a new API, so jessie and older should instead rely on mitigations
CVE-2016-5006 (The Cloud Controller in Cloud Foundry before 239 logs user-provided se ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and e ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5003 (The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Ar ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5002 (XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws- ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5001 (This is an information disclosure vulnerability in Apache Hadoop befor ...)
	- hadoop <itp> (bug #793644)
CVE-2016-5000 (The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...)
	- libapache-poi-java <unfixed> (unimportant)
	NOTE: Versions affected: POI 3.5-3.13; Fixed in 3.14
	NOTE: XLSX2CSV example is not installed
CVE-2016-4999 (SQL injection vulnerability in the getStringParameterSQL method in mai ...)
	NOT-FOR-US: JBoss dashbuilder
CVE-2016-4998 (The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subs ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4997 (The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt imple ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4996 (discovery-debug in Foreman before 6.2 when the ssh service has been en ...)
	- foreman <itp> (bug #663101)
CVE-2016-4995 (Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restr ...)
	- foreman <itp> (bug #663101)
CVE-2016-4994 (Use-after-free vulnerability in the xcf_load_image function in app/xcf ...)
	{DSA-3612-1 DLA-525-1}
	- gimp 2.8.16-2.2 (bug #828179)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
CVE-2016-4993 (CRLF injection vulnerability in the Undertow web server in WildFly 10. ...)
	- undertow 1.4.3-1
	NOTE: https://issues.jboss.org/browse/UNDERTOW-827
CVE-2016-4992 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7,  ...)
	- 389-ds-base 1.3.5.13-1
	[jessie] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-5-13.html
CVE-2016-4991
	RESERVED
CVE-2016-4990
	REJECTED
CVE-2016-4989 (setroubleshoot allows local users to bypass an intended container prot ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4988 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4987 (Directory traversal vulnerability in the Image Gallery plugin before 1 ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4986 (Directory traversal vulnerability in the TAP plugin before 1.25 in Jen ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and  ...)
	- ironic 1:5.1.2-1 (bug #827886)
	NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
CVE-2016-4984 (/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...)
	- openldap <not-affected> (Red Hat-specific)
CVE-2016-4983 (A postinstall script in the dovecot rpm allows local users to read the ...)
	- dovecot <not-affected> (Specific to Red Hat packaging)
CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows local use ...)
	NOT-FOR-US: authd
CVE-2016-4981
	RESERVED
CVE-2016-4980 (A password generation weakness exists in xquest through 2016-06-13. ...)
	NOT-FOR-US: Red Hat xguest kiosk mode
CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_s ...)
	- apache2 2.4.23-1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: Upstream fix: https://svn.apache.org/r1750779
CVE-2016-4978 (The getObject method of the javax.jms.ObjectMessage class in the (1) J ...)
	NOT-FOR-US: ApacheMQ Artemis
CVE-2016-4977 (When processing authorization requests using the whitelabel views in S ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2016-4976 (Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-4975 (Possible CRLF injection allowing HTTP response splitting attacks for s ...)
	- apache2 2.4.25-1 (low)
	[jessie] - apache2 2.4.10-10+deb8u8
	NOTE: https://svn.apache.org/r1772678
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-4973 (Binaries compiled against targets that use the libssp library in GCC f ...)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759
	- gcc-6 <not-affected> (Uses glibc-internal SSP)
	- gcc-5 <not-affected> (Uses glibc-internal SSP)
	- gcc-4.9 <not-affected> (Uses glibc-internal SSP)
	- gcc-mingw-w64 <unfixed> (unimportant; bug #848704)
	- mingw32 <removed>
	[wheezy] - mingw32 <no-dsa> (Minor issue)
	NOTE: Missing security feature, not a direct vulnerability
CVE-2016-4972 (OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), ...)
	- murano 1:2.0.1-1 (bug #828062)
	NOTE: Affects: Murano: <=2015.1.1; <=1.0.2; ==2.0.0
	- murano-dashboard 1:2.0.0-5 (bug #828064)
	NOTE: Affects: Murano-dashboard: <=2015.1.1; <=1.0.2; ==2.0.0
	- python-muranoclient 0.8.3-4 (bug #828063)
	NOTE: Affects: Python-muranoclient: <=0.7.2; >=0.8.0<=0.8.4
CVE-2016-4971 (GNU wget before 1.18 allows remote servers to write to arbitrary files ...)
	{DLA-536-1}
	- wget 1.18-1 (bug #827003)
	[jessie] - wget 1.16-1+deb8u1
	NOTE: http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1 (v1.18)
CVE-2016-4970 (handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and  ...)
	- netty 1:4.0.37-1 (bug #827620)
	[jessie] - netty <not-affected> (Vulnerable code not present)
	[wheezy] - netty <not-affected> (Vulnerable code not present)
	NOTE: Versions affected: Netty 4.0.0.Final - 4.0.36.Final and 4.1.0.Final
CVE-2016-4969 (Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerl ...)
	NOT-FOR-US: Fortinet
CVE-2016-4968 (The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly As ...)
	NOT-FOR-US: Fortinet
CVE-2016-4967 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote aut ...)
	NOT-FOR-US: Fortinet
CVE-2016-4966 (The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLi ...)
	NOT-FOR-US: Fortinet
CVE-2016-4965 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote aut ...)
	NOT-FOR-US: Fortinet
CVE-2016-XXXX [AST-2016-005]
	- asterisk 1:13.8.2~dfsg-1
	[jessie] - asterisk <not-affected> (Only affects 13.x)
	[wheezy] - asterisk <not-affected> (Only affects 13.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-005.html
CVE-2016-5107 (The megasas_lookup_frame function in QEMU, when built with MegaRAID SA ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825616)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
CVE-2016-5106 (The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825615)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825614)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
CVE-2016-5104 (The socket_create function in common/socket.c in libimobiledevice and  ...)
	{DLA-2122-1 DLA-2121-1}
	- libimobiledevice 1.2.0+dfsg-3 (bug #825553)
	[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
	- libusbmuxd 1.0.10-3 (bug #825554)
	NOTE: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
	- roundcube 1.2.0+dfsg.1-1
	[wheezy] - roundcube <not-affected> (vulnerable code not present)
	NOTE: https://github.com/roundcube/roundcubemail/issues/5240
	NOTE: https://github.com/roundcube/roundcubemail/pull/5241
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 (Integer overflow in the fread function in ext/standard/file.c in PHP b ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 (Integer overflow in the php_escape_html_entities_ex function in ext/st ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
	NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
CVE-2016-5094 (Integer overflow in the php_html_entities function in ext/standard/htm ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 (The get_icu_value_internal function in ext/intl/locale/locale_methods. ...)
	{DSA-3602-1 DLA-533-1}
	- php7.0 7.0.7-1
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ...)
	{DSA-3602-1 DSA-3587-1}
	- libgd2 2.1.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a (gd-2.1.1)
	- php7.0 7.0.7-1 (unimportant)
	- php5 5.6.22+dfsg-1 (unimportant)
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227
	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allo ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-5044 (The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before  ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5043 (The dwarf_dealloc function in libdwarf before 20160923 allows remote a ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5042 (The dwarf_get_aranges_list function in libdwarf before 20160923 allows ...)
	{DLA-669-1}
	- dwarfutils 20160507-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5041 (dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to  ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5040 (libdwarf before 20160923 allows remote attackers to cause a denial of  ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5039 (The get_attr_value function in libdwarf before 20160923 allows remote  ...)
	{DLA-669-1}
	- dwarfutils 20160507-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
CVE-2016-5038 (The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwa ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5037 (The _dwarf_load_section function in libdwarf before 20160923 allows re ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
CVE-2016-5036 (The dump_block function in print_sections.c in libdwarf before 2016092 ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5035 (The _dwarf_read_line_table_header function in dwarf_line_table_reader. ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5034 (dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
CVE-2016-5033 (The print_exprloc_content function in libdwarf before 20160923 allows  ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5032 (The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allow ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5031 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5030 (The _dwarf_calculate_info_section_end_ptr function in libdwarf before  ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
CVE-2016-5029 (The create_fullest_file_path function in libdwarf before 20160923 allo ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
CVE-2016-5028 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/a55b958926cc67f89a512ed30bb5a22b0adb10f4/
CVE-2016-5027 (dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a d ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237
CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify the hidd ...)
	- onionshare 0.8.1-2 (unimportant)
	[jessie] - onionshare <not-affected> (Vulnerable code not present)
	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local guest OS u ...)
	{DLA-1493-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport, libvirt doesn't have libxl driver enabled)
	NOTE: http://xenbits.xen.org/xsa/advisory-178.html
CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local OS gue ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <no-dsa> (Too intrusive to backport, libvirt doesn't have libxl driver enabled)
	NOTE: http://xenbits.xen.org/xsa/advisory-175.html
CVE-2016-4961 (For the NVIDIA Quadro, NVS, and GeForce products, improper sanitizatio ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4960 (For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamK ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4959 (For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote De ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4958
	RESERVED
CVE-2016-4957 (ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial o ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3046
CVE-2016-4956 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3042
CVE-2016-4955 (ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3043
CVE-2016-4954 (The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4 ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3044
CVE-2016-4953 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Upstream fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045
CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint re ...)
	- openntpd 1:6.0p1-1 (bug #825856; unimportant)
	[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
	[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/23/2
	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
	NOTE: Option is not enabled at buildtime.
CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Qu ...)
	- qemu 1:2.6+dfsg-2 (bug #825207)
	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
	- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
CVE-2016-4950 (Cloudera Manager 5.5 and earlier allows remote attackers to enumerate  ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4949 (Cloudera Manager 5.5 and earlier allows remote attackers to obtain sen ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4948 (Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manage ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4947 (Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate us ...)
	NOT-FOR-US: Cloudera HUE
CVE-2016-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3. ...)
	NOT-FOR-US: Cloudera HUE
CVE-2016-4945 (Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_ ...)
	NOT-FOR-US: Citrix NetScaler Gateway
CVE-2015-8880 (Double free vulnerability in the format printer in PHP 7.x before 7.0. ...)
	- php7.0 7.0.1-1
CVE-2015-8879 (The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...)
	{DLA-499-1}
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	- php7.0 7.0.0-1
	NOTE: Fixed in PHP 5.6.12, 7.0.0
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=69975
CVE-2015-8878 (main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ...)
	{DLA-499-1}
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	NOTE: Fixed in PHP 5.6.12, 5.5.28
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=70002
CVE-2015-8877 (The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ...)
	{DSA-3587-1}
	- libgd2 2.2.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24 (gd-2.2.0)
	NOTE: https://github.com/libgd/libgd/issues/173
	- php5 5.6.12+dfsg-1 (unimportant)
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	- php7.0 7.0.0-1 (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=70064
	NOTE: Fixed in PHP 5.6.12, 7.0.0
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2015-8876 (Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and  ...)
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	- php7.0 7.0.0-1
	NOTE: Fixed in PHP 7.0.0, 5.6.12, 5.5.28, 5.4.44
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=70121
CVE-2016-XXXX [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14]
	- mediawiki 1:1.27.0-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual S ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825210)
	[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
	- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kerne ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Introduced in 3.19)
	[wheezy] - linux <not-affected> (Introduced in 3.19)
	NOTE: http://lists.openwall.net/netdev/2016/05/14/28
	NOTE: Fixed by: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
	NOTE: Introduced by: https://git.kernel.org/linus/1a1a143daf84db95dd7212086042004a3abb7bc2 (v3.19-rc1)
CVE-2016-4944
	RESERVED
CVE-2016-4943
	RESERVED
CVE-2016-4942
	RESERVED
CVE-2016-4941
	REJECTED
CVE-2016-4940
	REJECTED
CVE-2016-4939
	REJECTED
CVE-2016-4938
	REJECTED
CVE-2016-4937
	REJECTED
CVE-2016-4936
	REJECTED
CVE-2016-4935
	REJECTED
CVE-2016-4934
	REJECTED
CVE-2016-4933
	REJECTED
CVE-2016-4932
	REJECTED
CVE-2016-4931 (XML entity injection in Junos Space before 15.2R2 allows attackers to  ...)
	NOT-FOR-US: Juniper
CVE-2016-4930 (Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2  ...)
	NOT-FOR-US: Juniper
CVE-2016-4929 (Command injection vulnerability in Junos Space before 15.2R2 allows at ...)
	NOT-FOR-US: Juniper
CVE-2016-4928 (Cross site request forgery vulnerability in Junos Space before 15.2R2  ...)
	NOT-FOR-US: Juniper
CVE-2016-4927 (Insufficient validation of SSH keys in Junos Space before 15.2R2 allow ...)
	NOT-FOR-US: Juniper
CVE-2016-4926 (Insufficient authentication vulnerability in Junos Space before 15.2R2 ...)
	NOT-FOR-US: Juniper
CVE-2016-4925 (Receipt of a specifically malformed IPv6 packet processed by the route ...)
	NOT-FOR-US: Juniper
CVE-2016-4924 (An incorrect permissions vulnerability in Juniper Networks Junos OS on ...)
	NOT-FOR-US: Juniper
CVE-2016-4923 (Insufficient cross site scripting protection in J-Web component in Jun ...)
	NOT-FOR-US: Juniper
CVE-2016-4922 (Certain combinations of Junos OS CLI commands and arguments have been  ...)
	NOT-FOR-US: Juniper
CVE-2016-4921 (By flooding a Juniper Networks router running Junos OS with specially  ...)
	NOT-FOR-US: Juniper
CVE-2016-4920
	RESERVED
CVE-2016-4919
	RESERVED
CVE-2016-4918
	RESERVED
CVE-2016-4917
	RESERVED
CVE-2016-4916
	RESERVED
CVE-2016-4915
	RESERVED
CVE-2016-4914
	RESERVED
CVE-2016-1000001 (flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect ...)
	NOT-FOR-US: flask-oidc
CVE-2016-1000000 (Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Bl ...)
	NOT-FOR-US: Ipswitch
CVE-2016-4910 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4909 (Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4908 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4907 (Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tok ...)
	NOT-FOR-US: Cybozu
CVE-2016-4906 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 all ...)
	NOT-FOR-US: Cybozu
CVE-2016-4905 (SQL injection vulnerability in the WP-OliveCart versions prior to 3.1. ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4904 (Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versio ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4903 (Cross-site scripting vulnerability in WP-OliveCart versions prior to 3 ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4902 (Untrusted search path vulnerability in The Public Certification Servic ...)
	NOT-FOR-US: Public Certification Service for Individuals
CVE-2016-4901 (Untrusted search path vulnerability in The installer of e-Tax Software ...)
	NOT-FOR-US: e-Tax
CVE-2016-4900 (Untrusted search path vulnerability in Evernote for Windows versions p ...)
	NOT-FOR-US: Evernote
CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP DataCenter bef ...)
	NOT-FOR-US: NovaBACKUP
CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP DataCenter bef ...)
	NOT-FOR-US: NovaBACKUP
CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save ...)
	NOT-FOR-US: Usermin
CVE-2016-4896 (SetsucoCMS all versions does not properly manage sessions, which allow ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4895 (SetsucoCMS all versions allows remote authenticated attackers to condu ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4894 (SetsucoCMS all versions allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4893 (SQL injection vulnerability in the SetsucoCMS all versions allows remo ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4892 (Cross-site scripting vulnerability in SetsucoCMS all versions allows r ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all vers ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method  ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4889 (ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authentica ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceD ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4887 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Upl ...)
	NOT-FOR-US: baserCMS
CVE-2016-4886 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mai ...)
	NOT-FOR-US: baserCMS
CVE-2016-4885 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Fee ...)
	NOT-FOR-US: baserCMS
CVE-2016-4884 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blo ...)
	NOT-FOR-US: baserCMS
CVE-2016-4883 (Cross-site scripting vulnerability in baserCMS version 3.0.10 and earl ...)
	NOT-FOR-US: baserCMS
CVE-2016-4882 (Cross-site request forgery (CSRF) vulnerability in baserCMS version 3. ...)
	NOT-FOR-US: baserCMS
CVE-2016-4881 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blo ...)
	NOT-FOR-US: baserCMS
CVE-2016-4880 (Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0 ...)
	NOT-FOR-US: baserCMS
CVE-2016-4879 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mai ...)
	NOT-FOR-US: baserCMS
CVE-2016-4878 (Cross-site request forgery (CSRF) vulnerability in baserCMS version 3. ...)
	NOT-FOR-US: baserCMS
CVE-2016-4877 (Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0 ...)
	NOT-FOR-US: baserCMS
CVE-2016-4876 (Cross-site request forgery (CSRF) vulnerability in baserCMS version 3. ...)
	NOT-FOR-US: baserCMS
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) A ...)
	NOT-FOR-US: IVYWE
CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4873 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4872 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4870 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 al ...)
	NOT-FOR-US: Cybozu
CVE-2016-4869 (Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session ...)
	NOT-FOR-US: Cybozu
CVE-2016-4868 (Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4867 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4866 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 al ...)
	NOT-FOR-US: Cybozu
CVE-2016-4865 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 al ...)
	NOT-FOR-US: Cybozu
CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remo ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/1077
CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware versi ...)
	NOT-FOR-US: Toshiba FlashAir
CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with  ...)
	NOT-FOR-US: Twigmo
CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...)
	{DLA-1403-1 DLA-646-1}
	- zendframework 1.12.20+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2016-03
	NOTE: This security fix can be considered an improvement of the previous ZF2016-02
	NOTE: and ZF2014-04 advisories.
	NOTE: Fixed by: https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b (1.12.20)
CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not requi ...)
	NOT-FOR-US: Yokogawa STARDOM
CVE-2016-4859 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, ...)
	NOT-FOR-US: Splunk
CVE-2016-4858 (Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to ...)
	NOT-FOR-US: Splunk
CVE-2016-4857 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, ...)
	NOT-FOR-US: Splunk
CVE-2016-4856 (Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to ...)
	NOT-FOR-US: Splunk
CVE-2016-4855 (Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 a ...)
	{DLA-620-1}
	- libphp-adodb 5.20.6-1 (unimportant; bug #837418)
	[jessie] - libphp-adodb 5.15-1+deb8u1
	NOTE: https://github.com/ADOdb/ADOdb/issues/274
	NOTE: https://jvn.jp/en/jp/JVN48237713/
	NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
	NOTE: Vulnerable file is shipped as an example only
CVE-2016-4854 (Cross-site request forgery (CSRF) vulnerability in L-04D firmware vers ...)
	NOT-FOR-US: L-04D firmware
CVE-2016-4853 (AKABEi SOFT2 games allow remote attackers to execute arbitrary OS comm ...)
	NOT-FOR-US: AKABEi SOFT2
CVE-2016-4852 (YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-to ...)
	NOT-FOR-US: YoruFukurou
CVE-2016-4851 (Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat bef ...)
	NOT-FOR-US: Let's PHP! simple chat
CVE-2016-4850 (LINE for Windows before 4.8.3 allows man-in-the-middle attackers to ex ...)
	NOT-FOR-US: LINE for Windows
CVE-2016-4849 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE e ...)
	NOT-FOR-US: Geeklog
CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC ...)
	NOT-FOR-US: ClipBucket
CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC W ...)
	NOT-FOR-US: OSSEC Web UI
CVE-2016-4846 (Untrusted search path vulnerability in the installer of PhishWall Clie ...)
	NOT-FOR-US: PhishWall Client Internet Explorer
CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickj ...)
	NOT-FOR-US: Cybozu
CVE-2016-4843 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Cybozu
CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain informa ...)
	NOT-FOR-US: Cybozu
CVE-2016-4841 (Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitra ...)
	NOT-FOR-US: Cybozu
CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus  ...)
	NOT-FOR-US: Coordinate Plus App for Android
CVE-2016-4839 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for T ...)
	NOT-FOR-US: Money Forward
CVE-2016-4838 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for T ...)
	NOT-FOR-US: Money Forward
CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for E ...)
	NOT-FOR-US: EC-CUBE
CVE-2016-4836
	REJECTED
CVE-2016-4835
	REJECTED
CVE-2016-4834 (modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does no ...)
	NOT-FOR-US: Vtiger
CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin  ...)
	NOT-FOR-US: Nofollow Links plugin for WordPress
CVE-2016-4832 (WAON "Service Application" for Android 1.4.1 and earlier does not veri ...)
	NOT-FOR-US: WAON "Service Application" for Android
CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 a ...)
	NOT-FOR-US: LINE
CVE-2016-4830 (Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1 ...)
	NOT-FOR-US: Sushiro App
CVE-2016-4829 (DMM Movie Player App for Android before 1.2.1, and DMM Movie Player Ap ...)
	NOT-FOR-US: DMM Movie Player App
CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishan ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Comme ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4826 (Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Comme ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4825 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4824 (The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV  ...)
	NOT-FOR-US: Corega
CVE-2016-4823 (Corega CG-WLBARAGM devices allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Corega
CVE-2016-4822 (Corega CG-WLBARGL devices allow remote authenticated users to execute  ...)
	NOT-FOR-US: Corega
CVE-2016-4821 (I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4820 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13 ...)
	NOT-FOR-US: Borland
CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Androi ...)
	NOT-FOR-US: DMMFX
CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5  ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/pull/920
	NOTE: https://github.com/h2o/h2o/commit/1c0808d580da09fdec5a9a74ff09e103ea058dd4
CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S60 ...)
	NOT-FOR-US: BUFFALO
CVE-2016-4815 (Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with  ...)
	NOT-FOR-US: BUFFALO
CVE-2016-4814 (Directory traversal vulnerability in kml2jsonp.php in Geospatial Infor ...)
	NOT-FOR-US: Old_GSI_Maps
CVE-2016-4813 (NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat ...)
	NOT-FOR-US: NetCommons
CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save Impro ...)
	NOT-FOR-US: Markdown on Save Improved plugin for WordPress
CVE-2016-4811 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15 ...)
	NOT-FOR-US: NTT
CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR C ...)
	NOT-FOR-US: Citrix
CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux k ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
CVE-2016-4912 (The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remot ...)
	- openslp-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Issue present only in OpenSLP 2.x where the return from malloc isn't checked.
CVE-2016-4911 (The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befor ...)
	- keystone 2:9.0.0-2 (bug #824683)
	[jessie] - keystone <not-affected> (affects only 9.0.0)
	[wheezy] - keystone <not-affected> (affects only 9.0.0)
	NOTE: https://launchpad.net/bugs/1577558
CVE-2016-4809 (The archive_read_format_cpio_read_header function in archive_read_supp ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: https://github.com/libarchive/libarchive/issues/705
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
CVE-2016-10321 (web2py before 2.14.6 does not properly check if a host is denied befor ...)
	- web2py <removed> (bug #860038)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
	NOTE: https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Requ ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS vulnera ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1
CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion  ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/issues/1316
	NOTE: https://github.com/web2py/web2py/commit/1b42fe65472930668435007cfcb077207051ba34
CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl bef ...)
	- curl <not-affected> (Windows only)
CVE-2016-4801
	RESERVED
CVE-2016-4800 (The path normalization mechanism in PathResource class in Eclipse Jett ...)
	- jetty9 <not-affected> (Only affects Jetty >= 9.3.0, Jetty <= 9.3.8)
	- jetty8 <not-affected> (Only affects 9.3.x)
	- jetty <not-affected> (Only affects 9.3.x)
	NOTE: http://www.ocert.org/advisories/ocert-2016-001.html
CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows remo ...)
	{DSA-3587-1 DLA-482-1}
	- libgd2 2.2.1-1 (bug #824627)
	NOTE: https://github.com/libgd/libgd/commit/38241013cc048af7c03daf6e9a75b4f42bffb200
	- php5 5.6.12+dfsg-1 (unimportant)
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	- php7.0 7.0.0-1 (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=66387
	NOTE: Fixed in 5.6.12, 7.0.0
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2015-8873 (Stack consumption vulnerability in Zend/zend_exceptions.c in PHP befor ...)
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=69793
CVE-2016-4805 (Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the L ...)
	{DSA-3607-1}
	- linux 4.5.2-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
CVE-2016-4804 (The read_boot function in boot.c in dosfstools before 4.0 allows attac ...)
	{DLA-2224-1 DLA-474-1}
	- dosfstools 4.0-1
	NOTE: https://github.com/dosfstools/dosfstools/issues/25
	NOTE: https://github.com/dosfstools/dosfstools/issues/26
	NOTE: https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
CVE-2016-4799
	RESERVED
CVE-2016-4798
	RESERVED
CVE-2016-4795
	RESERVED
CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote attac ...)
	{DLA-835-1}
	- cakephp 2.8.3-1
	[jessie] - cakephp <no-dsa> (Minor issue)
	NOTE: http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
	NOTE: https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
	NOTE: Fixed by https://github.com/cakephp/cakephp/commit/48af49ddde16c8b99edb701f1c31283455b2b0b6
CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 8.2 be ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4790 (Cross-site scripting (XSS) vulnerability in the administrative user in ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4789 (Cross-site scripting (XSS) vulnerability in the system configuration s ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4788 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 bef ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4787 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 bef ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4786 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 bef ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2014-9776
	RESERVED
CVE-2014-9775
	RESERVED
CVE-2014-9774
	RESERVED
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java platforms ...)
	NOT-FOR-US: SAP
CVE-2016-4785 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-4784 (A vulnerability has been identified in firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5. ...)
	NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote at ...)
	NOT-FOR-US: Lenovo
CVE-2016-4781 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4780 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4779 (Apple Type Services (ATS) in Apple OS X before 10.12 allows remote att ...)
	NOT-FOR-US: Apple
CVE-2016-4778 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4777 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4776 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4775 (The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS bef ...)
	NOT-FOR-US: Apple
CVE-2016-4774 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4773 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4772 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4771 (The kernel in Apple iOS before 10 and OS X before 10.12 allows local u ...)
	NOT-FOR-US: Apple
CVE-2016-4770
	REJECTED
CVE-2016-4769 (WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 a ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4768 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4767 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4766 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4765 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4764 (An issue was discovered in certain Apple products. iOS before 10 is af ...)
	NOT-FOR-US: Apple
CVE-2016-4763 (WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Wi ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4761 (WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...)
	- webkitgtk <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/14
	NOTE: Not covered by security support
CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4759 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4758 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4757
	REJECTED
CVE-2016-4756
	REJECTED
CVE-2016-4755 (Terminal in Apple OS X before 10.12 uses weak permissions for the .bas ...)
	NOT-FOR-US: Apple
CVE-2016-4754 (ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cip ...)
	NOT-FOR-US: Apple
CVE-2016-4753 (Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS be ...)
	NOT-FOR-US: Apple
CVE-2016-4752 (The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does  ...)
	NOT-FOR-US: Apple
CVE-2016-4751 (The Safari Tabs component in Apple Safari before 10 allows remote atta ...)
	NOT-FOR-US: Apple
CVE-2016-4750 (S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-4749 (Printing UIKit in Apple iOS before 10 mishandles environment variables ...)
	NOT-FOR-US: Apple
CVE-2016-4748 (Perl in Apple OS X before 10.12 allows local users to bypass the taint ...)
	NOT-FOR-US: Apple
CVE-2016-4747 (Mail in Apple iOS before 10 mishandles certificates, which makes it ea ...)
	NOT-FOR-US: Apple
CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not properly use a ...)
	NOT-FOR-US: Apple
CVE-2016-4745 (The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does n ...)
	NOT-FOR-US: Apple
CVE-2016-4744
	REJECTED
CVE-2016-4743 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-4742 (NSSecureTextField in Apple OS X before 10.12 does not enable Secure In ...)
	NOT-FOR-US: Apple
CVE-2016-4741 (The Assets component in Apple iOS before 10 allows man-in-the-middle a ...)
	NOT-FOR-US: Apple
CVE-2016-4740 (Apple iOS before 10, when Handoff for Messages is used, does not ensur ...)
	NOT-FOR-US: Apple
CVE-2016-4739 (mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used ...)
	NOT-FOR-US: Apple
CVE-2016-4738 (libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
	{DSA-3709-1 DLA-700-1}
	- libxslt 1.1.29-2 (bug #842570)
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=619006
CVE-2016-4737 (WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and w ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4736 (libarchive in Apple OS X before 10.12 allows remote attackers to cause ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2016-4735 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4733 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4732
	REJECTED
CVE-2016-4731 (WebKit in Apple iOS before 10 and Safari before 10 allows remote attac ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4730 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4729 (WebKit in Apple iOS before 10 and Safari before 10 allows remote attac ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4728 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4727 (IOThunderboltFamily in Apple OS X before 10.12 allows attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2016-4726 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS be ...)
	NOT-FOR-US: Apple
CVE-2016-4725 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS be ...)
	NOT-FOR-US: Apple
CVE-2016-4724 (IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allow ...)
	NOT-FOR-US: Apple
CVE-2016-4723 (Intel Graphics Driver in Apple OS X before 10.12 allows attackers to e ...)
	NOT-FOR-US: Intel driver for OS X
CVE-2016-4722 (The IDS - Connectivity component in Apple iOS before 10 and OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-4721 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4720
	REJECTED
CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS before 3  ...)
	NOT-FOR-US: Apple
CVE-2016-4718 (Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2016-4717 (The File Bookmark component in Apple OS X before 10.12 mishandles scop ...)
	NOT-FOR-US: Apple
CVE-2016-4716 (diskutil in DiskArbitration in Apple OS X before 10.12 allows local us ...)
	NOT-FOR-US: Apple
CVE-2016-4715 (The Date &amp; Time Pref Pane component in Apple OS X before 10.12 mis ...)
	NOT-FOR-US: Apple
CVE-2016-4714
	REJECTED
CVE-2016-4713 (CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitr ...)
	NOT-FOR-US: Apple
CVE-2016-4712 (CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4711 (CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X b ...)
	NOT-FOR-US: Apple
CVE-2016-4710 (WindowServer in Apple OS X before 10.12 allows local users to obtain r ...)
	NOT-FOR-US: Apple
CVE-2016-4709 (WindowServer in Apple OS X before 10.12 allows local users to obtain r ...)
	NOT-FOR-US: Apple
CVE-2016-4708 (CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, a ...)
	NOT-FOR-US: Apple
CVE-2016-4707 (CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Loca ...)
	NOT-FOR-US: Apple
CVE-2016-4706 (cd9660 in Apple OS X before 10.12 allows local users to cause a denial ...)
	NOT-FOR-US: Apple
CVE-2016-4705 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
	NOT-FOR-US: Apple
CVE-2016-4704 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
	NOT-FOR-US: Apple
CVE-2016-4703 (Bluetooth in Apple OS X before 10.12 allows attackers to execute arbit ...)
	NOT-FOR-US: Apple
CVE-2016-4702 (Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and w ...)
	NOT-FOR-US: Apple
CVE-2016-4701 (Application Firewall in Apple OS X before 10.12 allows local users to  ...)
	NOT-FOR-US: Apple
CVE-2016-4700 (AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitr ...)
	NOT-FOR-US: Apple
CVE-2016-4699 (AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitr ...)
	NOT-FOR-US: Apple
CVE-2016-4698 (AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-4697 (Apple HSSPI Support in Apple OS X before 10.12 allows attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2016-4696 (AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4695
	REJECTED
CVE-2016-4694 (The Apache HTTP Server in Apple OS X before 10.12 and OS X Server befo ...)
	NOT-FOR-US: Apple CVE assignment to the equivalent of CVE-2016-5387
CVE-2016-4693 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4692 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-4691 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4690 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4689 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4688 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4687
	REJECTED
CVE-2016-4686 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4685 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4684
	REJECTED
CVE-2016-4683 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4682 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-4681 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4680 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4679 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari before 1 ...)
	NOT-FOR-US: Apple
CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4673 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4672
	REJECTED
CVE-2016-4671 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4670 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4669 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4668
	REJECTED
CVE-2016-4667 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4666 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4665 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4664 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4663 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4662 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4661 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4659
	REJECTED
CVE-2016-4658 (xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...)
	{DSA-3744-1 DLA-691-1}
	- libxml2 2.9.4+dfsg1-2.1 (bug #840553)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ar ...)
	- webkitgtk <removed> (unimportant)
	NOTE: https://www.youtube.com/watch?v=xkdPjbaLngE
	NOTE: Not covered by security support
CVE-2016-4656 (The kernel in Apple iOS before 9.3.5 allows attackers to execute arbit ...)
	NOT-FOR-US: Apple
CVE-2016-4655 (The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensit ...)
	NOT-FOR-US: Apple
CVE-2016-4654 (IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bind ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4650 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, O ...)
	NOT-FOR-US: Apple
CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a denia ...)
	NOT-FOR-US: Apple
CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain sensit ...)
	NOT-FOR-US: Apple
CVE-2016-4647 (Audio in Apple OS X before 10.11.6 allows local users to gain privileg ...)
	NOT-FOR-US: Apple
CVE-2016-4646 (Audio in Apple OS X before 10.11.6 mishandles a size value, which allo ...)
	NOT-FOR-US: Apple
CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-b ...)
	NOT-FOR-US: Apple
CVE-2016-4644 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10 ...)
	NOT-FOR-US: Apple
CVE-2016-4643 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10 ...)
	NOT-FOR-US: Apple
CVE-2016-4642 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10 ...)
	NOT-FOR-US: Apple
CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2016-4639 (Login Window in Apple OS X before 10.11.6 does not properly initialize ...)
	NOT-FOR-US: Apple
CVE-2016-4638 (Login Window in Apple OS X before 10.11.6 allows attackers to gain pri ...)
	NOT-FOR-US: Apple
CVE-2016-4637 (CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS befo ...)
	NOT-FOR-US: Apple
CVE-2016-4636
	REJECTED
CVE-2016-4635 (FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man- ...)
	NOT-FOR-US: Apple
CVE-2016-4634 (The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows loc ...)
	NOT-FOR-US: Apple
CVE-2016-4633 (Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4632 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-4631 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-4630 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2016-4629 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2016-4628 (IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 ...)
	NOT-FOR-US: Apple
CVE-2016-4627 (IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and  ...)
	NOT-FOR-US: Apple
CVE-2016-4626 (IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-4625 (Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 ...)
	NOT-FOR-US: Apple
CVE-2016-4624 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4623 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4622 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-4620 (The Sandbox Profiles component in Apple iOS before 10 does not properl ...)
	NOT-FOR-US: Apple
CVE-2016-4619
	REJECTED
CVE-2016-4618 (Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS ...)
	NOT-FOR-US: Apple
CVE-2016-4617 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4615 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4614 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4613 (An issue was discovered in certain Apple products. Safari before 10.0. ...)
	NOT-FOR-US: Apple
CVE-2016-4612
	REJECTED
CVE-2016-4611 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4610 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	{DLA-1860-1}
	- libxslt 1.1.29-1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/93bb314768aafaffad1df15bbee10b7c5423e283 (v1.1.29-rc1)
CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	{DLA-1860-1}
	- libxslt 1.1.29-1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/8b90c9a699e0eaa98bbeec63a473ddc73aaa238c (v1.1.29-rc1)
CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	- libxslt 1.1.29-1
	[jessie] - libxslt 1.1.28-2+deb8u1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7 (v1.1.29-rc1)
CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
	NOTE: contacted Apple for more information, but no reply for quite a while.
	NOTE: Apple still does not provide information on this CVE, although it is
	NOTE: possible that it's fixed in 1.1.29 upstream.
CVE-2016-4606 (Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 al ...)
	- curl <not-affected> (Only applies to Curl on Mac OS)
CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a  ...)
	NOT-FOR-US: Apple
CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the  ...)
	NOT-FOR-US: Apple
CVE-2016-4603 (Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Pri ...)
	NOT-FOR-US: Apple
CVE-2016-4602 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4601 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4600 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4599 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4598 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4597 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4596 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4595 (Safari Login AutoFill in Apple OS X before 10.11.6 allows physically p ...)
	NOT-FOR-US: Apple
CVE-2016-4594 (The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before  ...)
	NOT-FOR-US: Apple
CVE-2016-4593 (The Siri Contacts component in Apple iOS before 9.3.3 allows physicall ...)
	NOT-FOR-US: Apple
CVE-2016-4592 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4591 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4590 (WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ab ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4589 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4588 (WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute a ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4587 (WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote a ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4586 (WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remot ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4585 (Cross-site scripting (XSS) vulnerability in the WebKit Page Loading im ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4584 (The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safa ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4583 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4582 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in t ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW Modu ...)
	NOT-FOR-US: Huawei
CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) fu ...)
	NOT-FOR-US: Huawei
CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in Huawei PL ...)
	NOT-FOR-US: Huawei
CVE-2016-4796 (Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c  ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code not present)
	[wheezy] - openjpeg <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91
CVE-2016-4797 (Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd. ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
	NOTE: CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947
CVE-2016-4794 (Use-after-free vulnerability in mm/percpu.c in the Linux kernel throug ...)
	- linux 4.6.2-2
	[jessie] - linux <not-affected> (Introduced in v3.18-rc1)
	[wheezy] - linux <not-affected> (Introduced in v3.18-rc1)
	NOTE: https://git.kernel.org/linus/4f996e234dad488e5d9ba0858bc1bae12eff82c3
	NOTE: https://git.kernel.org/linus/6710e594f71ccaad8101bc64321152af7cd9ea28
CVE-2016-4573 (Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-PO ...)
	NOT-FOR-US: Fortinet
CVE-2016-4581 (fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse ...)
	{DSA-3607-1}
	- linux 4.5.4-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/5ec0811d30378ae104f250bfc9b3640242d81e3f (v4.6-rc7)
	NOTE: Introduced by: https://git.kernel.org/linus/f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 (v3.15-rc1)
CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of serv ...)
	{DLA-470-1}
	- libksba 1.3.4-3
	[jessie] - libksba 1.3.2-1+deb8u1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do  ...)
	NOT-FOR-US: Cloudera
CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ( ...)
	- libksba 1.3.4-3
	[jessie] - libksba <not-affected> (Incomplete fix not applied)
	[wheezy] - libksba <not-affected> (Incomplete fix not applied)
	NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
	NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-4578 (sound/core/timer.c in the Linux kernel through 4.6 does not initialize ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
	NOTE: https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5
CVE-2016-4569 (The snd_timer_user_params function in sound/core/timer.c in the Linux  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9. ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832888)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick be ...)
	{DSA-3652-1 DLA-517-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832887)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick befor ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832885)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows  ...)
	NOT-FOR-US: Flexera
CVE-2016-4559
	RESERVED
CVE-2016-4567 (Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...)
	- mediaelement <unfixed> (unimportant; bug #823649)
	NOTE: https://core.trac.wordpress.org/changeset/37370
	NOTE: Fixed by: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
	NOTE: Vulnerable code present, but Flash Player disabled in Debian
	NOTE: See 0004-Deactivate-Flash-and-Silverlight.patch
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4566 (Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plup ...)
	- wordpress 4.5.2+dfsg-1 (bug #823640)
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/05/wordpress-4-5-2/
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37382
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4568 (drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4. ...)
	- linux 4.5.3-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.4)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.4)
	NOTE: Fixed by: https://git.kernel.org/linus/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab (v4.6-rc6)
	NOTE: Introduced by: https://git.kernel.org/linus/b0e0e1f83de31aa0428c38b692c590cc0ecd3f03 (v4.4-rc1)
CVE-2016-4565 (The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorre ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.3-1
	NOTE: Fixed by: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
CVE-2016-4551 (The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP ...)
	NOT-FOR-US: SAP
CVE-2016-4550
	RESERVED
CVE-2016-4549
	RESERVED
CVE-2016-4548
	RESERVED
CVE-2016-4545 (Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, al ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror function in C ...)
	{DSA-3571-1 DLA-463-1}
	- ikiwiki 3.20160506
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/8
CVE-2016-4547 (Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow atta ...)
	NOT-FOR-US: Samsung Android component
CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users t ...)
	NOT-FOR-US: Samsung Android component
CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly  ...)
	{DLA-1641-1}
	- mxml 2.9-1 (bug #825855)
	[wheezy] - mxml <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
	NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and poss ...)
	{DLA-1641-1}
	- mxml 2.9-2 (bug #825855)
	[wheezy] - mxml <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
	NOTE: https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb
CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles referenc ...)
	- linux 4.5.3-1
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e
	NOTE: Introduced by: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc(v4.4-rc1)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=809
CVE-2016-4557 (The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in t ...)
	- linux 4.5.3-1 (bug #823603)
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=808
	NOTE: Fixed by: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 (v4.6-rc6)
	NOTE: Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
	NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4
CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.1 ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	[wheezy] - squid3 <not-affected> (3.1 not vulnerable)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to bypas ...)
	{DSA-3625-1 DLA-558-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	- squid 4.1-1
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10496.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11842.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12698.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13236.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14038.patch
	NOTE: Regression and fix: http://bugs.squid-cache.org/show_bug.cgi?id=4515
	NOTE: Complete patch for 3.4 branch: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch
CVE-2016-4553 (client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not p ...)
	{DSA-3625-1}
	- squid3 3.5.19-1 (bug #823968)
	[wheezy] - squid3 <not-affected> (issue introduced by CVE-2009-0801 fix, not applied in wheezy)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
	NOTE: Fix for 3.5.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
	NOTE: Fix for 3.5 relies on SBuf.
	NOTE: Fix for 3.4.x: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13240.patch
CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as used in  ...)
	NOT-FOR-US: McAfee / AV engine
CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterp ...)
	NOT-FOR-US: McAfee VirusScan Console
CVE-2016-4533 (Heap-based buffer overflow in WECON LeviStudio allows remote attackers ...)
	NOT-FOR-US: LeviStudio
CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral VT ...)
	NOT-FOR-US: Trihedral
CVE-2016-4531 (Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not i ...)
	NOT-FOR-US: Rockwell
CVE-2016-4530 (OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote  ...)
	NOT-FOR-US: OSISoft
CVE-2016-4529 (An unspecified ActiveX control in Schneider Electric SoMachine HVAC Pr ...)
	NOT-FOR-US: Schneider
CVE-2016-4528 (Buffer overflow in Advantech WebAccess before 8.1_20160519 allows loca ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication credenti ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4526 (ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privile ...)
	NOT-FOR-US: ABB DataManagerPro
CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before 8.1_2016051 ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords  ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
	NOT-FOR-US: Trihedral
CVE-2016-4522 (SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyM ...)
	NOT-FOR-US: Rockwell
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before  ...)
	NOT-FOR-US: Sixnet
CVE-2016-4520 (Schneider Electric Pelco Digital Sentry Video Management System with f ...)
	NOT-FOR-US: Schneider
CVE-2016-4519 (Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9. ...)
	NOT-FOR-US: Unitronics VisiLogic
CVE-2016-4518 (OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated use ...)
	NOT-FOR-US: OSIsoft PI AF Server
CVE-2016-4517
	RESERVED
CVE-2016-4516 (ABB PCM600 before 2.7 improperly stores the main application password  ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4515
	REJECTED
CVE-2016-4514 (Moxa PT-7728 devices with software 3.4 build 15081113 allow remote aut ...)
	NOT-FOR-US: Moxa
CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric Pow ...)
	NOT-FOR-US: Schneider
CVE-2016-4512 (Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 an ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main app ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and  ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2016-4508 (Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol ...)
	NOT-FOR-US: Rexroth Bosch
CVE-2016-4507 (SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 ...)
	NOT-FOR-US: Rexroth Bosch
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data Manag ...)
	NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices be ...)
	NOT-FOR-US: Resource Data Management
CVE-2016-4504 (A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB' ...)
	NOT-FOR-US: Meteocontrol WEB'log
CVE-2016-4503 (Moxa Device Server Web Console 5232-N allows remote attackers to bypas ...)
	NOT-FOR-US: Moxa
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and  ...)
	NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and  ...)
	NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500 (Moxa UC-7408 LX-Plus devices allow remote authenticated users to write ...)
	NOT-FOR-US: Moxa
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x befo ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitial ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4497 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4495 (KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow rem ...)
	NOT-FOR-US: KMC
CVE-2016-4494 (Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-50 ...)
	NOT-FOR-US: KMC
CVE-2016-4493 (The demangle_template_value_parm and do_hpacc_template_literal functio ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4492 (Buffer overflow in the do_type function in cplus-dem.c in libiberty al ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4491 (The d_print_comp function in cp-demangle.c in libiberty allows remote  ...)
	- binutils 2.28-3 (low)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	- libiberty 20170627-1 (low)
	[stretch] - libiberty <ignored> (Minor issue)
	[jessie] - libiberty <ignored> (Minor issue)
	[wheezy] - libiberty <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
	NOTE: https://gcc.gnu.org/viewcvs?rev=247056&root=gcc&view=rev
CVE-2016-4490 (Integer overflow in cp-demangle.c in libiberty allows remote attackers ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=235767
CVE-2016-4489 (Integer overflow in the gnu_special function in libiberty allows remot ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234828
CVE-2016-4488 (Use-after-free vulnerability in libiberty allows remote attackers to c ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
CVE-2016-4487 (Use-after-free vulnerability in libiberty allows remote attackers to c ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5. ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=72099
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015
CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72093
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
	{DSA-3602-1 DLA-628-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72093
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72061
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72061
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ( ...)
	{DLA-493-1}
	- openafs 1.6.17-1
	[jessie] - openafs 1.6.9-2+deb8u6
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2016-4486 (The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
CVE-2016-4485 (The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel befo ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
CVE-2016-4484 (The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earl ...)
	- cryptsetup 2:1.7.3-2 (unimportant)
	NOTE: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
	NOTE: Negligible security impact
	NOTE: in #860981 claimed to still be unresolved as per 2:1.7.3-3
CVE-2016-4481
	RESERVED
CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6. ...)
	{DSA-3633-1 DLA-571-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-176.html
CVE-2016-4479
	RESERVED
CVE-2016-4475 (The (1) Organization and (2) Locations APIs and UIs in Foreman before  ...)
	- foreman <itp> (bug #663101)
CVE-2016-4474 (The image build process for the overcloud images in Red Hat OpenStack  ...)
	NOT-FOR-US: Red Hat OpenStack Overcloud image
CVE-2016-4473 (/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ...)
	{DLA-628-1}
	- php5 5.6.23+dfsg-1
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream
	NOTE: in versions 5.4.44, 5.5.28, and 5.6.12.
	NOTE: https://bugs.php.net/bug.php?id=72321
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84
	NOTE: Fixed in 5.6.23
CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain  ...)
	{DSA-3582-1 DLA-483-1}
	- expat 2.1.1-2
	NOTE: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/tree/expat/lib/xmlparse.c?diff=a238d7ea7a715ef3850c4cbdd86aeda7077b6bbc
CVE-2016-4471 (ManageIQ in CloudForms before 4.1 allows remote authenticated users to ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-4470 (The key_reject_and_link function in security/keys/key.c in the Linux k ...)
	{DSA-3607-1 DLA-609-1}
	- linux 4.6.2-2
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache A ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-4467 (The C client and C-based client bindings in the Apache Qpid Proton lib ...)
	- qpid-proton <not-affected> (Windows-specific)
CVE-2016-4466
	REJECTED
CVE-2016-4465 (The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and  ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1 and 2.5)
	NOTE: https://struts.apache.org/docs/s2-041.html
CVE-2016-4464 (The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3 ...)
	NOT-FOR-US: Apache CXF
CVE-2016-4463 (Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows c ...)
	{DSA-3610-1 DLA-535-1}
	- xerces-c 3.1.3+debian-2.1 (bug #828990)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
CVE-2016-4462 (By manipulating the URL parameter externalLoginKey, a malicious, logge ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-4461 (Apache Struts 2.x before 2.3.29 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present, CVE for incomplete fix for CVE-2016-0785)
CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass a ...)
	NOT-FOR-US: Apache Pony Mail
CVE-2016-4459 (Stack-based buffer overflow in native/mod_manager/node.c in mod_cluste ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-4458
	RESERVED
CVE-2016-4457 (CloudForms Management Engine before 5.8 includes a default SSL/TLS cer ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-4455 (The Subscription Manager package (aka subscription-manager) before 1.1 ...)
	NOT-FOR-US: Red Hat Subscription Manager
CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU a ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
CVE-2016-4452
	RESERVED
CVE-2016-4451 (The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 a ...)
	- foreman <itp> (bug #663101)
CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 al ...)
	{DSA-3592-1}
	- nginx 1.10.1-1 (bug #825960)
	[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
CVE-2016-4449 (XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntit ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4)
CVE-2016-4448 (Format string vulnerability in libxml2 before 2.9.4 allows attackers t ...)
	- libxml2 2.9.4+dfsg1-1 (bug #829718)
	[jessie] - libxml2 <ignored> (Minor impact; too intrusive to backport)
	[wheezy] - libxml2 <no-dsa> (Minor impact; too intrusive to backport)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761029
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 (v2.9.4)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b (v2.9.4)
CVE-2016-4447 (The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 a ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4)
CVE-2016-4446 (The allow_execstack plugin for setroubleshoot allows local users to ex ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4445 (The fix_lookup_id function in sealert in setroubleshoot before 3.2.23  ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4444 (The allow_execmod plugin for setroubleshoot before 3.2.23 allows local ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local user ...)
	NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat)
CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attack ...)
	NOT-FOR-US: rack-mini-profiler gem
CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controlle ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #824856)
	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the AP ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Introduced in 4.5)
	[wheezy] - linux <not-affected> (Introduced in 4.5)
	NOTE: Upstream patch: https://github.com/torvalds/linux/commit/3ce424e45411cf5a13105e0386b6ecf6eeb4f66f
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806
	NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100
CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Con ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-2 (bug #824856)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remo ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-037.html
CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been configured f ...)
	- shiro 1.2.5-1 (bug #826653)
	[jessie] - shiro <no-dsa> (Minor issue)
CVE-2016-4436 (Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers t ...)
	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-035.html
CVE-2016-4435 (An endpoint of the Agent running on the BOSH Director VM with stemcell ...)
	NOT-FOR-US: BOSH
CVE-2016-4434 (Apache Tika before 1.13 does not properly initialize the XML parser or ...)
	- tika 1.18-1 (bug #825501)
	[jessie] - tika <no-dsa> (Minor issue, no standard alone package, just a reverse dependency of jmeter)
CVE-2016-4433 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to byp ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-039.html
CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid J ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to byp ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-040.html
CVE-2016-4430 (Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, w ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...)
	{DLA-2256-1}
	- glibc 2.22-10
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20112
	- libtirpc 0.2.5-1.1 (bug #840347)
	[wheezy] - libtirpc <no-dsa> (Minor issue)
CVE-2016-4428 (Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horiz ...)
	{DSA-3617-1 DLA-520-1}
	- horizon 3:9.0.1-2 (bug #828967)
	NOTE: https://bugs.launchpad.net/bugs/1567673
CVE-2016-4427
	RESERVED
CVE-2016-4426
	RESERVED
CVE-2016-4424
	RESERVED
CVE-2016-4423 (The attemptAuthentication function in Component/Security/Http/Firewall ...)
	{DSA-3588-1}
	- symfony 2.8.6+dfsg-1
	NOTE: https://github.com/symfony/symfony/pull/18733
	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
CVE-2015-8872 (The set_fat function in fat.c in dosfstools before 4.0 might allow att ...)
	{DLA-2224-1 DLA-474-1}
	- dosfstools 4.0-1
	NOTE: https://github.com/dosfstools/dosfstools/issues/12
	NOTE: https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
CVE-2015-8870 (Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows re ...)
	- tiff 4.0.3-12
	[wheezy] - tiff 4.0.2-6+deb7u4
	NOTE: Fixed already with the patch applied in 4.0.3-12 in unstable for the
	NOTE: CVE-2014-9330 issue.
	- tiff3 <not-affected> (libtiff-tools not shipped in tiff3)
CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in cmscnvr ...)
	- lcms2 2.6-1
	[wheezy] - lcms2 <not-affected> (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part)
	NOTE: https://www.kb.cert.org/vuls/id/369800
	NOTE: https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b
CVE-2016-XXXX [XSS]
	- dotclear <removed>
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/04/9
CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
CVE-2016-4483 (The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 all ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #823405)
	NOTE: Minor issue, only when using libxml2 using recovery mode
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766414
CVE-2016-4477 (wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters  ...)
	{DLA-473-1}
	- wpa 2.3-2.4 (bug #823411)
	[jessie] - wpa 2.3-1+deb8u4
	NOTE: http://w1.fi/security/2016-1/
CVE-2016-4476 (hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not  ...)
	{DLA-473-1}
	- wpa 2.3-2.4 (bug #823411)
	[jessie] - wpa 2.3-1+deb8u4
	NOTE: http://w1.fi/security/2016-1/
CVE-2016-4413
	RESERVED
CVE-2016-4411
	RESERVED
CVE-2016-4410
	RESERVED
CVE-2016-4409
	RESERVED
CVE-2016-4408
	RESERVED
CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not ...)
	NOT-FOR-US: SAP
CVE-2016-4406 (A remote cross site scripting vulnerability was identified in HPE iLO  ...)
	NOT-FOR-US: HPE iLO
CVE-2016-4405 (A remote code execution vulnerability was identified in HP Business Se ...)
	NOT-FOR-US: HP
CVE-2016-4404 (A security vulnerability was identified in the Filter SDK component of ...)
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4403 (A security vulnerability was identified in the Filter SDK component of ...)
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4402 (A security vulnerability was identified in the Filter SDK component of ...)
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4401 (Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 all ...)
	NOT-FOR-US: Aruba ClearPass Policy Manager
CVE-2016-4400 (A security vulnerability was identified in HP Network Node Manager i ( ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4399 (A security vulnerability was identified in HP Network Node Manager i ( ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4398 (A remote arbitrary code execution vulnerability was identified in HP N ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4397 (A local code execution security vulnerability was identified in HP Net ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote attackers to  ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote attackers to  ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4394 (HPE System Management Homepage before v7.6 allows remote attackers to  ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4393 (HPE System Management Homepage before v7.6 allows "remote authenticate ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4392 (A remote cross site scripting vulnerability has been identified in HP  ...)
	NOT-FOR-US: HP Business Service Management
CVE-2016-4391 (A remote code execution security vulnerability has been identified in  ...)
	NOT-FOR-US: HP ArcSight WINC Connector
CVE-2016-4390 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4389 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4388 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4387 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4386 (HPE Network Automation Software 10.10 allows local users to write to a ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-4385 (The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x be ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow  ...)
	NOT-FOR-US: HPE Performance Center
CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack Glance al ...)
	- glance <unfixed> (unimportant; bug #868185)
	NOTE: https://bugs.launchpad.net/glance/+bug/1593799/
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0075
	NOTE: No code fix, documented shortcoming
CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows re ...)
	NOT-FOR-US: HPE Performance Center
CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x bef ...)
	NOT-FOR-US: HPE
CVE-2016-4380 (Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operati ...)
	NOT-FOR-US: HPE
CVE-2016-4379 (The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmw ...)
	NOT-FOR-US: HPE
CVE-2016-4378 (The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Ma ...)
	NOT-FOR-US: HPE
CVE-2016-4377 (HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrast ...)
	NOT-FOR-US: HPE
CVE-2016-4376 (HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches a ...)
	NOT-FOR-US: HPE
CVE-2016-4375 (Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (a ...)
	NOT-FOR-US: HPE
CVE-2016-4374 (HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allo ...)
	NOT-FOR-US: HPE
CVE-2016-4373 (The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, U ...)
	NOT-FOR-US: HPE
CVE-2016-4372 (HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM ...)
	NOT-FOR-US: HPE
CVE-2016-4371 (HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, ...)
	NOT-FOR-US: HPE Service Manager
CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before ...)
	NOT-FOR-US: HPE Project and Portfolio Management Center
CVE-2016-4369 (HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32 ...)
	NOT-FOR-US: HPE Discovery and Dependency Mapping Inventory
CVE-2016-4368 (HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Ma ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-4367 (The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 1 ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-4366 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-4365 (HPE Insight Control server deployment allows remote attackers to obtai ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4364 (HPE Insight Control server deployment allows local users to gain privi ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4363 (HPE Insight Control server deployment allows remote attackers to modif ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4362 (HPE Insight Control server deployment allows remote authenticated user ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4361 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 thr ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4360 (web/admin/data.js in the Performance Center Virtual Table Server (VTS) ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4359 (Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunne ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4358 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-4357 (HPE Matrix Operating Environment before 7.5.1 allows remote authentica ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in Tre ...)
	NOT-FOR-US: Trend Micro
CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server  ...)
	NOT-FOR-US: SolarWinds Storage Resource Monitor
CVE-2014-9773 (modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attacker ...)
	- atheme-services 7.0.7-2
	[jessie] - atheme-services <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/atheme/atheme/issues/397
	NOTE: Fixed by: https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b
	NOTE: Introduced in: https://github.com/atheme/atheme/commit/5c734f28068cf47b9b450af4dcf37195734b15be
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2016-4478 (Buffer overflow in the xmlrpc_char_encode function in modules/transpor ...)
	{DSA-3586-1}
	- atheme-services 7.0.7-2
	NOTE: https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2016-4425 (Jansson 2.7 and earlier allows context-dependent attackers to cause a  ...)
	{DSA-3577-1 DLA-471-1}
	- jansson 2.7-5 (bug #823238)
	NOTE: https://github.com/akheron/jansson/issues/282
	NOTE: https://github.com/akheron/jansson/pull/284
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/5
CVE-2016-4422 (The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth mi ...)
	{DSA-3567-1}
	- libpam-sshauth 0.4.1-2
	NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c
	NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel before ...)
	- quassel 1:0.12.4-2 (bug #826402)
	[jessie] - quassel 1:0.10.0-2.3+deb8u3
	[wheezy] - quassel <not-affected> (Vulnerable code introduced with 0.10.0)
	NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
	NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
	NOTE: Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2
CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools  ...)
	NOT-FOR-US: Cisco
CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.c in  ...)
	{DLA-458-1 DLA-457-1}
	- mplayer 2:1.3.0-2 (bug #823723)
	- mplayer2 <removed> (low)
	[jessie] - mplayer2 <no-dsa> (Minor issue)
	NOTE: https://trac.mplayerhq.hu/ticket/2295
	NOTE: Fixed in Revision r37857 upstream
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
CVE-2015-8869 (OCaml before 4.03.0 does not properly handle sign extensions, which al ...)
	{DLA-466-1}
	- ocaml 4.02.3-9 (bug #824139)
	[jessie] - ocaml <no-dsa> (Minor issue; can be fixed via point release and sheduling binNMUs there)
	NOTE: https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/1
	NOTE: Ocaml applications using the patched functions need to be recompiled with the
	NOTE: fixed ocaml version.
CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to  ...)
	NOT-FOR-US: NetApp
CVE-2016-4339
	RESERVED
CVE-2016-4338 (The mysql user parameter configuration script (userparameter_mysql.con ...)
	- zabbix 1:3.0.3+dfsg-1 (bug #823329)
	[jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1
	NOTE: http://seclists.org/bugtraq/2016/May/11
	NOTE: https://support.zabbix.com/browse/ZBX-10741
CVE-2016-4337 (SQL injection vulnerability in the mgr.login.php file in Ktools.net Ph ...)
	NOT-FOR-US: Photostore
CVE-2016-4336 (An exploitable out-of-bounds write exists in the Bzip2 parsing of the  ...)
	NOT-FOR-US: Lexmark Document Filters
CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the Lexmar ...)
	NOT-FOR-US: Lexmark Document Filters
CVE-2016-4334 (Jive before 2016.3.1 has an open redirect from the external-link.jspa  ...)
	NOT-FOR-US: Jive
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a value f ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0179/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/73640612aad91d3f04e4d8f1ea71d42acbc85f6e
CVE-2016-4332 (The library's failure to check if certain message types support a part ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0178/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88
CVE-2016-4331 (When decoding data out of a dataset encoded with the H5Z_NBIT decoding ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0177/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1c4ec3d541eecda78b3afcb1a0fa071c4b52afa
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/43ec23616697ce0ea3f99e40900fec55fe9107ef
CVE-2016-4330 (In the HDF5 1.8.16 library's failure to check if the number of dimensi ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0176/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2e7e1899d3d7131bcbad65233ba713f6b79e2d69
CVE-2016-4329 (A local denial of service vulnerability exists in window broadcast mes ...)
	NOT-FOR-US: Kaspersky
CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS or VPIMS ...)
	NOT-FOR-US: MEDHOST Perioperative Information Management System
CVE-2016-4327 (Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server ...)
	NOT-FOR-US: WSO2 SOA Enablement Server
CVE-2016-4326 (The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Che ...)
	NOT-FOR-US: Chef Manage addon
CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have hard ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2016-4324 (Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote ...)
	{DSA-3608-1 DLA-581-1}
	- libreoffice 1:5.1.4~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0126/
CVE-2016-4323 (A directory traversal exists in the handling of the MXIT protocol in P ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/
	NOTE: http://www.pidgin.im/news/security/?id=97
CVE-2016-4322 (BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remot ...)
	NOT-FOR-US: BMC
CVE-2016-4321
	RESERVED
CVE-2016-4320 (Atlassian Bitbucket Server before 4.7.1 allows remote attackers to rea ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2016-4319 (Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. ...)
	NOT-FOR-US: Atlassian JIRA Server
CVE-2016-4318 (Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProje ...)
	NOT-FOR-US: Atlassian JIRA Server
CVE-2016-4317 (Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-4316 (Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4 ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4315 (Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 a ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4314 (Directory traversal vulnerability in the LogViewer Admin Service in WS ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4313 (Directory traversal vulnerability in unzip/extract feature in eXtplore ...)
	{DLA-596-1}
	- extplorer <removed>
CVE-2016-4312 (XML external entity (XXE) vulnerability in the XACML flow feature in W ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2016-4311 (Cross-site request forgery (CSRF) vulnerability in the XACML flow feat ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2016-4310
	RESERVED
CVE-2016-4309 (Session fixation vulnerability in Symphony CMS 2.6.7, when session.use ...)
	NOT-FOR-US: Symphony CMS
CVE-2016-4308
	RESERVED
CVE-2016-4307 (A denial of service vulnerability exists in the IOCTL handling functio ...)
	NOT-FOR-US: Kaspersky Internet Security KL1 driver
CVE-2016-4306 (Multiple information leaks exist in various IOCTL handlers of the Kasp ...)
	NOT-FOR-US: Kaspersky Internet Security KLDISK driver
CVE-2016-4305 (A denial of service vulnerability exists in the syscall filtering func ...)
	NOT-FOR-US: Kaspersky Internet Security KLIF driver
CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering func ...)
	NOT-FOR-US: Kaspersky Internet Security KLIF driver
CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles U ...)
	{DLA-2080-1}
	- iperf3 3.1.3-1 (bug #827116)
	NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
	NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/
CVE-2016-4302 (Heap-based buffer overflow in the parse_codes function in archive_read ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0154/
	NOTE: https://github.com/libarchive/libarchive/issues/719
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/05caadc7eedbef471ac9610809ba683f0c698700 (v3.2.1)
CVE-2016-4301 (Stack-based buffer overflow in the parse_device function in archive_re ...)
	- libarchive 3.2.1-1
	[jessie] - libarchive <not-affected> (Introduced in 3.2.0)
	[wheezy] - libarchive <not-affected> (Introduced in 3.2.0)
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0153/
	NOTE: https://github.com/libarchive/libarchive/pull/715
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/ecdac4d50db0cf5a0c630ba077729aaa6c5a2dd2
CVE-2016-4300 (Integer overflow in the read_SubStreamsInfo function in archive_read_s ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0152/
	NOTE: https://github.com/libarchive/libarchive/issues/718
	NOTE: Requirement: https://github.com/libarchive/libarchive/commit/3d469df8eaace8297a27ce62befa295c0fdc5a3a
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573 (v3.2.1)
	NOTE: Notice introduction of UMAX_ENTRY with 3d469df8eaace8297a27ce62befa295c0fdc5a3a
	NOTE: Libarchive 3.1.2 and lower has a much smaller "UMAX_ENTRY", which is hardcoded
	NOTE: in various places before 3d469df8eaace8297a27ce62befa295c0fdc5a3a and has value
	NOTE: 1000000, making exploitation more difficult but not impossible.
CVE-2016-4299
	RESERVED
CVE-2016-4298 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4297
	RESERVED
CVE-2016-4296 (When opening a Hangul Hcell Document (.cell) and processing a record t ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4295 (When opening a Hangul Hcell Document (.cell) and processing a particul ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a property ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4293 (Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTable ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4290 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4289 (A stack based buffer overflow vulnerability exists in the method recei ...)
	NOT-FOR-US: GMER
CVE-2016-4288 (A local privilege escalation vulnerability exists in BlueStacks App Pl ...)
	NOT-FOR-US: BlueStacks
CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4285 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4284 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4283 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4282 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4281 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4280 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4279 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4278 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4277 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4276 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4275 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4274 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4273 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4272 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4271 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4270 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4269 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4268 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4267 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4266 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4265 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Upda ...)
	NOT-FOR-US: Adobe
CVE-2016-4263 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 al ...)
	NOT-FOR-US: Adobe
CVE-2016-4262 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4261 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4260 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4259 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4258 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4257 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4256 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4253 (The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1,  ...)
	NOT-FOR-US: Adobe
CVE-2016-4252 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4251 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4250 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4249 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4248 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4247 (Race condition in Adobe Flash Player before 18.0.0.366 and 19.x throug ...)
	NOT-FOR-US: Adobe
CVE-2016-4246 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4245 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4244 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4243 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4242 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4241 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4240 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4239 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4238 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4237 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4236 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4235 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4234 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4233 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4232 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4231 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4230 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4229 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4228 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4227 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4226 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4225 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4224 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4223 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4222 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4221 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4220 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4219 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4218 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4217 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attac ...)
	NOT-FOR-US: Adobe
CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4213 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4212 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4211 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4210 (Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat a ...)
	NOT-FOR-US: Adobe
CVE-2016-4209 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, ...)
	NOT-FOR-US: Adobe
CVE-2016-4208 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4207 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4206 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4205 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4204 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4203 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4202 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4201 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4200 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4199 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4198 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4197 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4196 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4195 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4194 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4193 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4192 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4191 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4190 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4189 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4188 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4187 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4186 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4185 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4184 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4183 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4182 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4181 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4180 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4179 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4178 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4177 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4176 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4175 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4174 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4173 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4172 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4171 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4170 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5 ...)
	NOT-FOR-US: Adobe
CVE-2016-4169 (Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain s ...)
	NOT-FOR-US: Adobe
CVE-2016-4168 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5 ...)
	NOT-FOR-US: Adobe
CVE-2016-4167 (Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attack ...)
	NOT-FOR-US: Adobe
CVE-2016-4166 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4165 (The extension manager in Adobe Brackets before 1.7 allows attackers to ...)
	NOT-FOR-US: Adobe
CVE-2016-4164 (Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7  ...)
	NOT-FOR-US: Adobe
CVE-2016-4163 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4162 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4161 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4160 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4159 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-4158 (Unquoted Windows search path vulnerability in Adobe Creative Cloud Des ...)
	NOT-FOR-US: Adobe
CVE-2016-4157 (Untrusted search path vulnerability in the installer in Adobe Creative ...)
	NOT-FOR-US: Adobe
CVE-2016-4156 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4155 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4154 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4153 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4152 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4151 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4150 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4149 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4148 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4147 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4146 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4145 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4144 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4143 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4142 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4141 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4140 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4139 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4138 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4137 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4136 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4135 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4134 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4133 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4132 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4131 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4130 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4129 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4128 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4127 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4126 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4125 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4124 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4123 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4122 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4121 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4120 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4118 (Untrusted search path vulnerability in the installer in Adobe Connect  ...)
	NOT-FOR-US: Adobe
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4115 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4114 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4113 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4112 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4111 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4110 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4109 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4108 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4107 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4106 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4105 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4104 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4103 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4102 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4101 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4100 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4099 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4098 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4097 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4096 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4095 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4094 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4092 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4091 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4090 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4089 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4340 (The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 th ...)
	- gitlab 8.8.2+dfsg-1 (bug #823290)
	NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and S570 ...)
	NOT-FOR-US: Huawei
CVE-2016-4086 (Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4 ...)
	NOT-FOR-US: Huawei HiSuite Device Manager
CVE-2016-4075 (Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the  ...)
	NOT-FOR-US: Opera
CVE-2016-4067
	RESERVED
CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb b ...)
	NOT-FOR-US: Fortinet
CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on ...)
	NOT-FOR-US: Foxit
CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling functionality i ...)
	NOT-FOR-US: Foxit
CVE-2016-4063 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3 ...)
	NOT-FOR-US: Foxit
CVE-2016-4062 (Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report  ...)
	NOT-FOR-US: Foxit
CVE-2016-4061 (Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attac ...)
	NOT-FOR-US: Foxit
CVE-2016-4060 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3 ...)
	NOT-FOR-US: Foxit
CVE-2016-4059 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3 ...)
	NOT-FOR-US: Foxit
CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to cause a ...)
	- jq 1.5+dfsg-1.1 (low; bug #822456)
	[jessie] - jq 1.4-2.1+deb8u1
	NOTE: https://github.com/stedolan/jq/issues/1136
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ...)
	{DLA-613-1}
	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4957
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
	NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
	NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
CVE-2016-4068 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
	{DLA-537-1}
	- roundcube 1.2.1+dfsg.1-1
	NOTE: https://github.com/roundcube/roundcubemail/issues/5398
	NOTE: https://github.com/roundcube/roundcubemail/commit/a1fdb205f824dee7fd42dda739f207abc85ce158
CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
	{DLA-537-1}
	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4949
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
	NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
	NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
	NOTE: https://lists.debian.org/debian-lts/2016/06/msg00159.html
CVE-2016-4085 (Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in t ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.0~rc2+g74e5b56-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-28.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
	NOTE: Doesn't affect 2.x series
CVE-2016-4084 (Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-W ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4083 (epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2. ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wiresha ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html
CVE-2016-4006 (epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html
CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12. ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html
CVE-2016-4080 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12. ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html
CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12. ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html
CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code not present)
	[wheezy] - wireshark <not-affected> (vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-21.html
	NOTE: Upstream lists 1.12.x affected, I have contacted them for clarification
CVE-2016-4077 (epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on  ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-20.html
CVE-2016-4076 (epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2 ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy Center befor ...)
	NOT-FOR-US: Huawei
CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote authentica ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2016-6479
	REJECTED
CVE-2016-4055 (The duration function in the moment package before 2.11.2 for Node.js  ...)
	- node-moment 2.13.0+ds-1 (unimportant)
	NOTE: https://github.com/moment/moment/pull/2939
	NOTE: https://nodesecurity.io/advisories/55
	NOTE: nodejs not covered by security support
CVE-2016-4050
	REJECTED
CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does no ...)
	{DSA-3654-1 DLA-601-1}
	- quagga 1.0.20160315-2 (bug #822787)
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
CVE-2016-4048 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4047 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4046 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4045 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-8862 (mustache package before 2.2.1 for Node.js allows remote attackers to c ...)
	- mustache.js <unfixed> (unimportant)
	NOTE: node-handlebars only in experimental for now, fixed in 4.0.0
	NOTE: libv8 is not covered by security support
CVE-2015-8861 (The handlebars package before 4.0.0 for Node.js allows remote attacker ...)
	- mustache.js <unfixed> (unimportant)
	NOTE: node-handlebars only in experimental for now, fixed in 4.0.0
	NOTE: libv8 is not covered by security support
CVE-2015-8860 (The tar package before 2.0.0 for Node.js allows remote attackers to wr ...)
	- node-tar 2.2.1-1 (unimportant)
	NOTE: libv8 is not covered by security support
CVE-2015-8859 (The send package before 0.11.1 for Node.js allows attackers to obtain  ...)
	- node-send 0.16.2-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/56
CVE-2015-8858 (The uglify-js package before 2.6.0 for Node.js allows attackers to cau ...)
	- uglifyjs 2.7.4-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/48
CVE-2015-8854 (The marked package before 0.3.4 for Node.js allows attackers to cause  ...)
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/marked_redos
	NOTE: https://github.com/chjj/marked/issues/497
	NOTE: libv8 is not covered by security support
CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote attackers ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7454 (The validator module before 1.1.0 for Node.js allows remote attackers  ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7453 (The validator module before 1.1.0 for Node.js allows remote attackers  ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7452 (The validator module before 1.1.0 for Node.js allows remote attackers  ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7451 (The validator module before 1.1.0 for Node.js allows remote attackers  ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when  ...)
	{DLA-499-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=64938
	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817
	NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
	NOTE: Fixed in 5.6.6, 5.5.22
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...)
	- php7.0 7.0.0-1
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=70014
	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
	NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2016-4056 (Cross-site scripting (XSS) vulnerability in the Backend component in T ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4 ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4 ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid 4.1-1
	[wheezy] - squid <not-affected> (cachemgr.cgi not installed. squid-cgi binary package built from squid3)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 3.5)
	NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408
CVE-2016-4044
	RESERVED
CVE-2016-4043 (Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authen ...)
	NOT-FOR-US: Plone
CVE-2016-4042 (Plone 3.3 through 5.1a1 allows remote attackers to obtain information  ...)
	NOT-FOR-US: Plone
CVE-2016-4041 (Plone 4.0 through 5.1a1 does not have security declarations for Dexter ...)
	NOT-FOR-US: Plone
CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before 3. ...)
	NOT-FOR-US: dotCMS
CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in  ...)
	- perl 5.22.1-1 (bug #821848)
	[jessie] - perl 5.20.2-3+deb8u5
	[wheezy] - perl <no-dsa> (Minor issue)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5
CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq allows r ...)
	- jq 1.5+dfsg-1.1 (low; bug #802231)
	[jessie] - jq 1.4-2.1+deb8u1
	NOTE: https://github.com/stedolan/jq/issues/995
	NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1
CVE-2016-4039
	RESERVED
CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Ent ...)
	{DSA-3654-1 DLA-601-1}
	- quagga 1.0.20160315-2 (bug #835223)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770619
	NOTE: World readable files in /etc/quagga as well in Debian
CVE-2016-3955 (The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in t ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
CVE-2016-4038 (Array index error in the msm_sensor_config function in kernel/SM-G9008 ...)
	NOT-FOR-US: Samsung Android driver
CVE-2016-4035
	RESERVED
CVE-2016-4034
	RESERVED
CVE-2016-4033
	RESERVED
CVE-2016-4032 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
	NOT-FOR-US: Samsung
CVE-2016-4031 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
	NOT-FOR-US: Samsung
CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows lo ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #822344)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)
CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
	NOT-FOR-US: Samsung
CVE-2016-4029 (WordPress before 4.5 does not consider octal and hexadecimal IP addres ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37115
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
	NOTE: Release notes: https://codex.wordpress.org/Version_4.5
CVE-2016-4028 (An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4027 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4026 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4025 (Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x. ...)
	NOT-FOR-US: Avast
CVE-2016-4023
	RESERVED
CVE-2016-4022
	RESERVED
CVE-2016-4021 (The read_binary function in buffer.c in pgpdump before 0.30 allows con ...)
	{DLA-768-1}
	- pgpdump 0.31-0.1 (bug #773747)
	[jessie] - pgpdump 0.28-1+deb8u1
	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
	NOTE: https://github.com/kazu-yamamoto/pgpdump/pull/16
CVE-2016-4019 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not proper ...)
	NOT-FOR-US: SAP
CVE-2016-4017 (The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote a ...)
	NOT-FOR-US: SAP
CVE-2016-4016 (Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integrat ...)
	NOT-FOR-US: SAP
CVE-2016-4015 (The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows rem ...)
	NOT-FOR-US: SAP
CVE-2016-4014 (XML external entity (XXE) vulnerability in the UDDI component in SAP N ...)
	NOT-FOR-US: SAP
CVE-2016-XXXX [ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1]
	- zendframework 1.12.18+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u6
	[wheezy] - zendframework 1.11.13-1.1+deb7u6
	NOTE: http://framework.zend.com/security/advisory/ZF2016-01
CVE-2016-4013
	RESERVED
CVE-2016-4012
	RESERVED
CVE-2016-4011
	RESERVED
CVE-2016-4010 (Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP  ...)
	NOT-FOR-US: Magento
	NOTE: https://magento.com/security/patches/magento-206-security-update
	NOTE: http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file p ...)
	NOT-FOR-US: obs-service-extract_file
CVE-2015-8850
	RESERVED
CVE-2015-8849
	RESERVED
CVE-2015-8848
	RESERVED
CVE-2015-8847
	RESERVED
CVE-2015-8846
	RESERVED
CVE-2015-8843 (The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Read ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows rem ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #821732)
	NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5
CVE-2016-4005 (The Huawei Hilink App application before 3.19.2 for Android does not v ...)
	NOT-FOR-US: Huawei
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server Administra ...)
	NOT-FOR-US: Dell
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/docs/s2-028.html
CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not  ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-2 (bug #821062)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
CVE-2015-8851 (node-uuid before 1.4.4 uses insufficiently random data to create a GUI ...)
	- node-uuid 1.4.7-1 (unimportant)
	NOTE: https://github.com/broofa/node-uuid/issues/108
	NOTE: https://github.com/broofa/node-uuid/issues/118
	NOTE: https://github.com/broofa/node-uuid/issues/122
	NOTE: https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
	NOTE: nodejs not covered by security support
CVE-2015-8844 (The signal implementation in the Linux kernel before 4.3.5 on powerpc  ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
	NOTE: Upstream commit: https://git.kernel.org/linus/d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 (v4.4-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/2b0a576d15e0e14751f00f9c87e46bad27f217e7 (v3.9-rc1)
CVE-2015-8845 (The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
	NOTE: Upstream commit: https://git.kernel.org/linus/7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 (v4.4-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/fb09692e71f13af7298eb603a1975850b1c7a8d8 (v3.9-rc1)
CVE-2016-4000 (Jython before 2.7.1rc1 allows attackers to execute arbitrary code via  ...)
	{DSA-3893-1 DLA-989-1}
	- jython 2.5.3-17 (bug #864859)
	NOTE: http://bugs.jython.org/issue2454
	NOTE: https://hg.python.org/jython/rev/d06e29d100c0
CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3998 (NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to ...)
	NOT-FOR-US: NetApp AltaVault
CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obta ...)
	NOT-FOR-US: NetApp Clustered Data ONTAP
CVE-2016-XXXX [auth bypass]
	- brltty <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/12/4
	NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19
	NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7
CVE-2015-8868 (Heap-based buffer overflow in the ExponentialFunction::ExponentialFunc ...)
	{DSA-3563-1 DLA-446-1}
	- poppler 0.38.0-3 (bug #822578)
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1
CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly che ...)
	NOT-FOR-US: Samsung
CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the tiffcrop t ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2543
	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8 function in ti ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.7-1 (bug #836570)
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2544
CVE-2016-3989 (The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTI ...)
	NOT-FOR-US: Meinberg
CVE-2016-3988 (Multiple stack-based buffer overflows in the NTP time-server interface ...)
	NOT-FOR-US: Meinberg
CVE-2016-3987 (The HTTP server in Trend Micro Password Manager allows remote web serv ...)
	NOT-FOR-US: Trend Micro
CVE-2016-3986 (Avast allows remote attackers to cause a denial of service (memory cor ...)
	NOT-FOR-US: Avast
CVE-2016-3985 (The Terminal Services Remote Desktop Protocol (RDP) client session res ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-3984 (The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response  ...)
	NOT-FOR-US: McAfee
CVE-2016-3983 (McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remo ...)
	NOT-FOR-US: McAfee
CVE-2016-3980 (The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 ...)
	NOT-FOR-US: SAP
CVE-2016-3979 (Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 t ...)
	NOT-FOR-US: SAP
CVE-2016-3978 (The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x b ...)
	NOT-FOR-US: FortiOS
CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
	NOT-FOR-US: ESET NOD32
CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #821061)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in hw/net/stell ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #821038)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
	{DSA-3568-1 DLA-495-1}
	- libtasn1-6 4.8-1
	- libtasn1-3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3
	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of servi ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #639414)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/5
CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and  ...)
	- libcrypto++ 5.6.3-6
	[jessie] - libcrypto++ 5.6.1-6+deb8u2
	[wheezy] - libcrypto++ 5.6.1-6+deb7u2
	NOTE: https://github.com/weidai11/cryptopp/issues/146
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
	NOTE: Initial upload in 5.6.3-5 was incomplete
CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #785369)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in  ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71798
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/ea6ff01f6c31f1615a935ef96622d623a6277d37
CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ext/snmp ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71704
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x  ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71860
	NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ext/mbstring ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71906
	NOTE: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-3976 (Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through ...)
	NOT-FOR-US: SAP
CVE-2016-3975 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1  ...)
	NOT-FOR-US: SAP
CVE-2016-3974 (XML external entity (XXE) vulnerability in the Configuration Wizard in ...)
	NOT-FOR-US: SAP
CVE-2016-3973 (The chat feature in the Real-Time Collaboration (RTC) services 7.3 and ...)
	NOT-FOR-US: SAP
CVE-2016-3972 (Directory traversal vulnerability in the dotTailLogServlet in dotCMS b ...)
	NOT-FOR-US: dotCMS
CVE-2016-3971 (Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCM ...)
	NOT-FOR-US: dotCMS
CVE-2016-3970
	RESERVED
CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
	NOT-FOR-US: SAP
CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to cau ...)
	{DSA-3555-1}
	- imlib2 1.4.7-1 (bug #820206)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions fo ...)
	- systemd 215-1
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
	NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214)
CVE-2015-8842 (tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions fo ...)
	- systemd 215-1 (bug #825059)
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
	NOTE: Fixed by (for current persistent journal): https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f (v229)
	NOTE: Starting with 215 Debian no longer ships tmpfiles.d/systemd.conf, so the fixup upstream added as
	NOTE: afae249efa4774c6676738ac5de6aeb4daf4889f for persistent journals is not needed for the packaged
	NOTE: version. Anyone using a custom config needs to ensure proper permissions.
CVE-2016-7921
	REJECTED
CVE-2016-3982 (Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiP ...)
	{DSA-3546-1}
	- optipng 0.7.6-1
	NOTE: https://sourceforge.net/p/optipng/bugs/57/
CVE-2016-3981 (Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c ...)
	{DSA-3546-1}
	- optipng 0.7.6-1
	NOTE: https://sourceforge.net/p/optipng/bugs/56/
CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1. ...)
	- giflib 5.1.4-3 (bug #820526)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	[wheezy] - giflib <no-dsa> (minor issue)
	NOTE: https://sourceforge.net/p/giflib/bugs/87/
	NOTE: https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
	NOTE: The issue was originally fixed in 5.1.4-0.3 but then the NMU upload
	NOTE: 5.1.4-0.4 just dropped the patch claiming the patch was already present
	NOTE: which is untrue and reopening the issue.
CVE-2016-3969 (Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2016-3968 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam ...)
	NOT-FOR-US: Sophos
CVE-2016-3967
	RESERVED
CVE-2016-3966
	RESERVED
CVE-2016-3965
	RESERVED
CVE-2016-3964
	RESERVED
CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Siemens
CVE-2016-3992 (cronic before 3 allows local users to write to arbitrary files via a s ...)
	- cronic 3-1 (bug #820331)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on Meinbe ...)
	NOT-FOR-US: Meinberg
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress hugetl ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: http://xenbits.xen.org/xsa/advisory-174.html
	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=103f6112f253017d7062cd74d17f4a514ed4485c
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local  ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before 2.14.2 use ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js  ...)
	- npm 5.8.0+ds-2 (bug #850322)
	[jessie] - npm <end-of-life> (Nodejs in jessie not covered by security support, minor issue)
	NOTE: https://github.com/npm/npm/issues/8380
	NOTE: https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 (2.15.1)
	NOTE: https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 (3.8.3)
CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the session_coo ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow remote  ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows remote ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ke ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
	NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
	NOTE: https://www.spinics.net/lists/netdev/msg367669.html
CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow rem ...)
	NOT-FOR-US: Huawei AR3200 routers
CVE-2016-3949 (Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware befo ...)
	NOT-FOR-US: Siemens
CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x  ...)
	- golang 2:1.6.1-1 (bug #820369)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://golang.org/cl/21533
CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x befor ...)
	- golang <not-affected> (Only affects Go on Windows)
	NOTE: https://golang.org/cl/21428
CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP S ...)
	NOT-FOR-US: SAP
CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545
CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as used in ...)
	{DSA-3560-1 DLA-499-1 DLA-460-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	- file 1:5.24-1 (bug #827377)
	[jessie] - file 1:5.22+15-2+deb8u2
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: http://bugs.gw.com/view.php?id=522
	NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
	NOTE: https://bugs.php.net/bug.php?id=71527
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
	NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b
CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c  ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #819818)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/5
CVE-2012-XXXX [Option -localhost seems to fail to restrict ipv6 access]
	[experimental] - x11vnc 0.9.16-1
	- x11vnc 0.9.16-2 (low; bug #672435)
	[buster] - x11vnc <ignored> (Minor issue; workaround exits)
	[stretch] - x11vnc <ignored> (Minor issue; workaround exits)
	[jessie] - x11vnc <ignored> (Minor issue; workaround exits)
	[wheezy] - x11vnc <ignored> (Minor issue; workaround exits)
CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...)
	{DSA-3625-1}
	- squid3 3.5.16-1 (bug #819784)
	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	- squid 4.1-1
	[wheezy] - squid <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.c ...)
	- squid3 3.5.16-1 (bug #819783)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	- squid 4.1-1
	[wheezy] - squid <no-dsa> (Minor issue)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
CVE-2016-3944 (UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle ...)
	NOT-FOR-US: Lenovo
CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda S ...)
	NOT-FOR-US: Panda
CVE-2016-3942
	RESERVED
CVE-2016-3940 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-3939 (drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in An ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3938 (drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3937 (The MediaTek video driver in Android before 2016-10-05 allows attacker ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3936 (The MediaTek video driver in Android before 2016-10-05 allows attacker ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3935 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualc ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3934 (drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3933 (mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C device ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3932 (mediaserver in Android before 2016-10-05 allows attackers to gain priv ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3931 (drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in And ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3930 (The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 dev ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3929 (Unspecified vulnerability in a Qualcomm component in Android before 20 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3928 (The MediaTek video driver in Android before 2016-10-05 allows attacker ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3927 (Unspecified vulnerability in a Qualcomm component in Android before 20 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3926 (Unspecified vulnerability in a Qualcomm component in Android before 20 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3925 (server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and ...)
	NOT-FOR-US: Android
CVE-2016-3924 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3923 (The Accessibility services in Android 7.0 before 2016-10-01 mishandle  ...)
	NOT-FOR-US: Android
CVE-2016-3922 (libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01  ...)
	NOT-FOR-US: Android Telephony
CVE-2016-3921 (libsysutils/src/FrameworkListener.cpp in Framework Listener in Android ...)
	- android-platform-system-core <not-affected> (libsysutils not included, bug #858177)
CVE-2016-3920 (id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5 ...)
	NOT-FOR-US: libstagefright
CVE-2016-3919
	REJECTED
CVE-2016-3918 (email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x bef ...)
	NOT-FOR-US: Android
CVE-2016-3917 (The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7 ...)
	NOT-FOR-US: Android
CVE-2016-3916 (camera/src/camera_metadata.c in the Camera service in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-3915 (camera/src/camera_metadata.c in the Camera service in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-3914 (Race condition in providers/telephony/MmsProvider.java in Telephony in ...)
	NOT-FOR-US: Android Telephony
CVE-2016-3913 (media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in A ...)
	NOT-FOR-US: Android
CVE-2016-3912 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5. ...)
	NOT-FOR-US: Android
CVE-2016-3911 (core/java/android/os/Process.java in Zygote in Android 4.x before 4.4. ...)
	NOT-FOR-US: Android
CVE-2016-3910 (services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Andr ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3909 (The SoftMPEG4 component in libstagefright in mediaserver in Android 4. ...)
	NOT-FOR-US: libstagefright
CVE-2016-3908 (The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 bef ...)
	NOT-FOR-US: Android
CVE-2016-3907 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-3906 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-3905 (CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android b ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3904 (An elevation of privilege vulnerability in the Qualcomm bus driver in  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3903 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qua ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3902 (drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3901 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualc ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0 ...)
	NOT-FOR-US: Android
CVE-2016-3899 (OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4. ...)
	NOT-FOR-US: libstagefright
CVE-2016-3898 (Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3897 (The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java i ...)
	NOT-FOR-US: Android
CVE-2016-3896 (AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3895 (Integer overflow in the Region::unflatten function in libs/ui/Region.c ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3894 (The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 dev ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3893 (The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwde ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3892 (The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X,  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3891
	RESERVED
CVE-2016-3890 (The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp  ...)
	- android-platform-system-core 1:6.0.1+r43-1
	[jessie] - android-platform-system-core <no-dsa> (Minor issue)
CVE-2016-3889 (Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physica ...)
	NOT-FOR-US: Android
CVE-2016-3888 (internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0 ...)
	NOT-FOR-US: Android
CVE-2016-3887 (providers/settings/SettingsProvider.java in Android 7.0 before 2016-09 ...)
	NOT-FOR-US: Android
CVE-2016-3886 (systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tu ...)
	NOT-FOR-US: Android
CVE-2016-3885 (debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5. ...)
	- android-platform-system-core <not-affected> (debugged not provided, see bug #858177)
CVE-2016-3884 (server/notification/NotificationManagerService.java in the Notificatio ...)
	NOT-FOR-US: Android
CVE-2016-3883 (internal/telephony/SMSDispatcher.java in Telephony in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in ...)
	NOT-FOR-US: Android
CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx  ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minor issue)
	[wheezy] - libvpx <not-affected> (Vulnerable source not present)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da
CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagef ...)
	NOT-FOR-US: libstagefright
CVE-2016-3879 (arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3878 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 m ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3877 (Unspecified vulnerability in Android before 2016-09-01 has unknown imp ...)
	NOT-FOR-US: Android
CVE-2016-3876 (providers/settings/SettingsProvider.java in Android 6.x before 2016-09 ...)
	NOT-FOR-US: Android
CVE-2016-3875 (server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 d ...)
	NOT-FOR-US: Android
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android b ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allo ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in med ...)
	NOT-FOR-US: libstagefright
CVE-2016-3871 (Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefrig ...)
	NOT-FOR-US: libstagefright
CVE-2016-3870 (omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in And ...)
	NOT-FOR-US: libstagefright
CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nex ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-3868 (The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3867 (The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3866 (The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3865 (The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-3864 (The Qualcomm radio interface layer in Android before 2016-09-05 on Nex ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly implement ...)
	NOT-FOR-US: libstagefright
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
	- android-platform-system-core 1:7.0.0+r1-4  (unimportant; bug #858177)
	NOTE: Not running as a privileged process in SDK
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3858 (Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcom ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allo ...)
	{DLA-609-1}
	- linux 4.7.2-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/7de249964f5578e67b99699c5f0b405738d820a2 (v4.8-rc2)
	NOTE: CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
CVE-2016-3856 (netd in Android before 2016-08-05 mishandles tethering and stdio strea ...)
	NOT-FOR-US: Android
CVE-2016-3855 (drivers/thermal/supply_lm_core.c in the Qualcomm components in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3854 (drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in A ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3853 (Google Play services in Android before 2016-08-05 on Nexus devices all ...)
	NOT-FOR-US: Android
CVE-2016-3852 (The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3851 (The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X de ...)
	NOT-FOR-US: LG bootloader for Android
CVE-2016-3850 (Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in An ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-3849 (The ION driver in Android before 2016-08-05 on Pixel C devices allows  ...)
	NOT-FOR-US: ION driver for Android
CVE-2016-3848 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3847 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3846 (The Serial Peripheral Interface driver in Android before 2016-08-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3845 (The video driver in the kernel in Android before 2016-08-05 on Nexus 5 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3844 (mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C device ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3843 (Android before 2016-08-05 does not properly restrict code execution in ...)
	NOT-FOR-US: Android
CVE-2016-3842 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, a ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3841 (The IPv6 stack in the Linux kernel before 4.3.3 mishandles options dat ...)
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: Fixed by: https://git.kernel.org/linus/45f6fad84cc305103b28d73482b344d7f5b76f39 (v4.4-rc4)
CVE-2016-3840 (Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3839 (Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3838 (Android 6.x before 2016-08-01 allows attackers to cause a denial of se ...)
	NOT-FOR-US: Android
CVE-2016-3837 (service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android ...)
	NOT-FOR-US: Android
CVE-2016-3836 (The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before ...)
	NOT-FOR-US: Android
CVE-2016-3835 (The secure-session feature in the mm-video-v4l2 venc component in medi ...)
	NOT-FOR-US: Android
CVE-2016-3834 (The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-3833 (The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-3832 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5. ...)
	NOT-FOR-US: Android
CVE-2016-3831 (The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0. ...)
	NOT-FOR-US: Android
CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: libstagefright
CVE-2016-3829 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 doe ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3828 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 m ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3827 (codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Androi ...)
	NOT-FOR-US: libstagefright
CVE-2016-3826 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3825 (mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Andro ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4. ...)
	NOT-FOR-US: libstagefright
CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in medi ...)
	NOT-FOR-US: Android
CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4 ...)
	{DSA-3825-1 DLA-864-1}
	- jhead 1:3.00-4 (bug #858213)
CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3820 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mis ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3819 (Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstag ...)
	NOT-FOR-US: libstagefright
CVE-2016-3818 (libc in Android 4.x before 4.4.4 allows remote attackers to cause a de ...)
	NOT-FOR-US: Android libc
CVE-2016-3817
	REJECTED
CVE-2016-3816 (The MediaTek display driver in Android before 2016-07-05 on Android On ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3815 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3814 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3813 (The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3812 (The MediaTek video codec driver in Android before 2016-07-05 on Androi ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3811 (The kernel video driver in Android before 2016-07-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3810 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3809 (The networking component in Android before 2016-07-05 on Android One,  ...)
	NOT-FOR-US: Android
CVE-2016-3808 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3807 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3806 (The MediaTek display driver in Android before 2016-07-05 on Android On ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3805 (The MediaTek power management driver in Android before 2016-07-05 on A ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on A ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on N ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on N ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One de ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3800 (The MediaTek video driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3799 (The MediaTek video driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3798 (The MediaTek hardware sensor driver in Android before 2016-07-05 on An ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3797 (The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X dev ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3796 (The MediaTek power driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3795 (The MediaTek power driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3794
	REJECTED
CVE-2016-3793 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3792 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Androi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3791
	REJECTED
CVE-2016-3790
	REJECTED
CVE-2016-3789
	REJECTED
CVE-2016-3788
	REJECTED
CVE-2016-3787
	REJECTED
CVE-2016-3786
	REJECTED
CVE-2016-3785
	REJECTED
CVE-2016-3784
	REJECTED
CVE-2016-3783
	REJECTED
CVE-2016-3782
	REJECTED
CVE-2016-3781
	REJECTED
CVE-2016-3780
	REJECTED
CVE-2016-3779
	REJECTED
CVE-2016-3778
	REJECTED
CVE-2016-3777
	REJECTED
CVE-2016-3776
	REJECTED
CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on N ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3773 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3772 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3771 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3770 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3769 (The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA drivers for Android
CVE-2016-3768 (The Qualcomm performance component in Android before 2016-07-05 on Nex ...)
	NOT-FOR-US: Qualcomm drivers for Android
CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x bef ...)
	NOT-FOR-US: libstagefright
CVE-2016-3765 (decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016- ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3763 (net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in An ...)
	NOT-FOR-US: Android
CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1. ...)
	NOT-FOR-US: Android SELinux policy
CVE-2016-3761 (NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2 ...)
	NOT-FOR-US: Android
CVE-2016-3760 (Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x b ...)
	NOT-FOR-US: Android
CVE-2016-3759 (The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1,  ...)
	NOT-FOR-US: Android
CVE-2016-3758 (Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoade ...)
	- android-platform-dalvik 6.0.1+r55-1
CVE-2016-3757 (The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: toolbox
CVE-2016-3756 (Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x bef ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3755 (decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 201 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3754 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3753 (mediaserver in Android 4.x before 4.4.4 allows remote attackers to obt ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3752 (internal/app/ChooserActivity.java in the ChooserTarget service in Andr ...)
	NOT-FOR-US: Android
CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android  ...)
	NOT-FOR-US: Specific CVE assignment for libpng "fork" used on Android
CVE-2016-3750 (libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x be ...)
	NOT-FOR-US: Android
CVE-2016-3749 (server/LockSettingsService.java in LockSettingsService in Android 6.x  ...)
	NOT-FOR-US: Android
CVE-2016-3748 (The sockets subsystem in Android 6.x before 2016-07-01 allows attacker ...)
	NOT-FOR-US: Android SELinux policy
CVE-2016-3747 (Use-after-free vulnerability in the mm-video-v4l2 venc component in me ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3746 (Use-after-free vulnerability in the mm-video-v4l2 vdec component in me ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3745 (Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4,  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3744 (Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in B ...)
	NOT-FOR-US: Android
CVE-2016-3743 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 d ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3742 (decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3740 (Heap-based buffer overflow in the CreateFXPDFConvertor function in Con ...)
	NOT-FOR-US: Foxit
CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) pola ...)
	- curl 7.50.1-1 (unimportant)
	NOTE: only relevant when built with mbedTLS/PolarSSL
	NOTE: Source-wise fixed in 7.49.0
CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict access to  ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allo ...)
	NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
	RESERVED
CVE-2016-3735
	RESERVED
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
CVE-2016-3733 (The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
CVE-2016-3732 (The capability check to access other badges in Moodle 3.0 through 3.0. ...)
	- moodle <not-affected> (Does only affect 2.8 and newer)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589
CVE-2016-3731 (Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 al ...)
	- moodle <not-affected> (Does only affect 2.8 and newer)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696
CVE-2016-3730
	RESERVED
CVE-2016-3729 (The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5,  ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
CVE-2016-3728 (Eval injection vulnerability in tftp_api.rb in the TFTP module in the  ...)
	- foreman <itp> (bug #663101)
CVE-2016-3727 (The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS be ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3726 (Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS b ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3725 (Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated  ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3724 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3723 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3722 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3721 (Jenkins before 2.3 and LTS before 1.651.2 might allow remote authentic ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3720 (XML external entity (XXE) vulnerability in XmlMapper in the Data forma ...)
	- jackson-dataformat-xml 2.7.4-1 (bug #823703)
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0 (2.7.4)
CVE-2016-3719
	REJECTED
CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
	{DSA-3580-1 DLA-1401-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1  ...)
	{DSA-3580-1 DLA-1401-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 al ...)
	{DSA-3580-1 DLA-1401-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0. ...)
	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7 ...)
	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
	NOTE: Original upstream applied patches are incomplete and still to be finished
	NOTE: https://imagetragick.com/
	NOTE: notice how the workaround differs between the three refs above
	NOTE: PLT format removed with: https://github.com/ImageMagick/ImageMagick/commit/e87116ab2bd070c47943d4118a18c8f3a47461e2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/
CVE-2016-3713 (The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel ...)
	- linux 4.5.4-1
	[jessie] - linux <not-affected> (Introduced in v4.2-rc1)
	[wheezy] - linux <not-affected> (Introduced in v4.2-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/910a6aae4e2e45855efc4a268e43eed2d8445575 (v4.2-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332139
CVE-2016-3712 (Integer overflow in the VGA module in QEMU allows local guest OS users ...)
	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
	- qemu 1:2.6+dfsg-1 (bug #823830)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (default configuration not vulnerable)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow ...)
	NOT-FOR-US: OpenShift
CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked a ...)
	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
	- qemu 1:2.6+dfsg-1 (bug #823830)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (default configuration not vulnerable)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3709
	RESERVED
CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
	NOT-FOR-US: OpenShiftEnterprise / Red Hat
CVE-2016-3707 (The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org pro ...)
	- linux 3.15~rc5-1~exp1 (unimportant)
	NOTE: This is not really fixed in 3.15, but depends on the rt feature set patches applied
	NOTE: more details in kernel-sec repository.
	NOTE: https://lwn.net/Articles/448790/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1327484
CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...)
	{DLA-494-1}
	- glibc 2.22-8
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #823414)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
CVE-2016-3704 (Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate pas ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the  ...)
	NOT-FOR-US: OpenShift
CVE-2016-3702 (Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allow ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-3701
	RESERVED
CVE-2016-3700
	RESERVED
CVE-2016-3699 (The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat  ...)
	- linux <not-affected> (Fixed before we first included the securelevel patchset)
	NOTE: https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76
	NOTE: securelevel patchset added in 4.5.1-1
CVE-2016-3698 (libndp before 1.6, as used in NetworkManager, does not properly valida ...)
	{DSA-3581-1}
	- libndp 1.6-1 (bug #824545)
	NOTE: https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
	NOTE: https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
CVE-2016-3697 (libcontainer/user/user.go in runC before 0.1.0, as used in Docker befo ...)
	- docker.io <not-affected> (Vulnerable code not present)
	NOTE: Affected file not present, but docker.io probably needs to be rebuild with fixed runc
	- runc 0.1.0+dfsg-1
	NOTE: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 (runc, v0.1.0)
	NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker)
CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users t ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3695 (The einj_error_inject function in drivers/acpi/apei/einj.c in the Linu ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2016-3694 (Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftw ...)
	NOT-FOR-US: eCommerce Shopsoftware
CVE-2016-3693 (The Safemode gem before 1.2.4 for Ruby, when initialized with a delega ...)
	- foreman <itp> (bug #663101)
CVE-2016-3692
	RESERVED
CVE-2016-3691 (Routes in Kallithea before 0.3.2 allows remote attackers to bypass the ...)
	- kallithea <itp> (bug #689573)
CVE-2016-3690 (The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attack ...)
	NOT-FOR-US: PooledInvokerServlet
CVE-2016-3941 (Buffer overflow in the AStreamPeekStream function in input/stream.c in ...)
	- vlc 2.2.0-1
	[wheezy] - vlc <end-of-life> (Unsupported in -lts)
	NOTE: https://bugs.launchpad.net/bugs/1533633
	NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
CVE-2016-3688 (SQL injection vulnerability in dotCMS before 3.5 allows remote adminis ...)
	NOT-FOR-US: dotCMS
CVE-2016-3687 (Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, a ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 H ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2016-3685 (SAP Download Manager 2.1.142 and earlier generates an encryption key f ...)
	NOT-FOR-US: SAP Download Manager
CVE-2016-3684 (SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption k ...)
	NOT-FOR-US: SAP Download Manager
CVE-2016-3683
	RESERVED
CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in ...)
	- linux 4.5.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/linus/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff (v4.6-rc1)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971628
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320060
CVE-2016-3682
	REJECTED
CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT ...)
	NOT-FOR-US: Huawei
CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT ...)
	NOT-FOR-US: Huawei
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, a ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-3678 (Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with sof ...)
	NOT-FOR-US: Huawei
CVE-2016-3677 (The Huawei Wear App application before 15.0.0.307 for Android does not ...)
	NOT-FOR-US: Huawei
CVE-2016-3676 (Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B ...)
	NOT-FOR-US: Huawei
CVE-2016-3675 (SQL injection vulnerability in Huawei Policy Center with software befo ...)
	NOT-FOR-US: Huawei
CVE-2016-3673
	REJECTED
CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
	NOTE: Upstream fix: https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to o ...)
	- pcre3 2:8.38-1 (bug #819050)
	[jessie] - pcre3 2:8.35-3.3+deb8u4
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1475 (8.36)
	NOTE: Introduced in: http://vcs.pcre.org/pcre?view=revision&revision=1434 (8.35)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/26/1
CVE-2016-3674 (Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDri ...)
	{DSA-3575-1 DLA-504-1}
	- libxstream-java 1.4.9-1 (bug #819455)
	NOTE: http://x-stream.github.io/changes.html#1.4.9
CVE-2016-3671
	RESERVED
CVE-2016-3670 (Cross-site scripting (XSS) vulnerability in users.jsp in the Profile S ...)
	NOT-FOR-US: Liferay
CVE-2016-3669
	RESERVED
CVE-2016-3668
	RESERVED
CVE-2016-3667
	RESERVED
CVE-2016-3666
	RESERVED
CVE-2016-3665
	RESERVED
CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not verify th ...)
	NOT-FOR-US: Trend Micro
CVE-2016-3663
	RESERVED
CVE-2016-3662
	RESERVED
CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the  ...)
	{DLA-2241-1}
	- linux 4.5.1-1
	[wheezy] - linux <ignored> (Too much work to backport)
	NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/17048e8a083fec7ad841d88ef0812707fbc7e39f (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70 (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa (v4.5-rc1)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972174
CVE-2015-8838 (ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ...)
	- php5 5.6.11+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: Fixed in 5.6.11, 5.5.27, 5.4.43
	NOTE: https://bugs.php.net/bug.php?id=69669
CVE-2015-8834 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in W ...)
	{DSA-3639-1 DLA-633-1}
	- wordpress 4.2.2+dfsg-1
	NOTE: https://wordpress.org/news/2015/05/wordpress-4-2-2/
	NOTE: Follow-up patch from 4.2.1 -> 4.2.2 for wp-includes/wp-db.php seems not applied
	NOTE: This looks like a required patch: https://github.com/WordPress/WordPress/commit/a3a76fe665dfb62508a66542390a93445f1f7a59
	NOTE: Changes in wp-includes/wp-db.php: https://github.com/WordPress/WordPress/commit/db8f915ee6c236ee2f39e76781bf42367e3f1490
	NOTE: https://core.trac.wordpress.org/changeset/32387/
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32391
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32395
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32423
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32435
CVE-2016-3661
	RESERVED
CVE-2016-3660
	RESERVED
CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows  ...)
	{DLA-560-1}
	- cacti 0.8.8h+ds1-1 (bug #820521)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://bugs.cacti.net/view.php?id=2673
	NOTE: Requires authenticated user
CVE-2016-3658 (The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in  ...)
	{DSA-3844-1 DLA-969-1}
	- tiff 4.0.6-3 (low)
	- tiff3 <removed> (low)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2546
	NOTE: Duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2500
CVE-2016-3657 (Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN- ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3656 (The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3655 (The management web interface in Palo Alto Networks PAN-OS before 5.0.1 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3654 (The device management command line interface (CLI) in Palo Alto Networ ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3653 (Multiple cross-site request forgery (CSRF) vulnerabilities in manageme ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3652 (Multiple cross-site scripting (XSS) vulnerabilities in management scri ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3651 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3650 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3649 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3648 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3647 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3646 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-3645 (Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engi ...)
	NOT-FOR-US: Symantec
CVE-2016-3644 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-3643 (SolarWinds Virtualization Manager 6.3.1 and earlier allow local users  ...)
	NOT-FOR-US: SolarWinds Virtualization Manager
CVE-2016-3642 (The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier ...)
	NOT-FOR-US: SolarWinds Virtualization Manager
CVE-2016-3641
	RESERVED
CVE-2016-3640 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
	NOT-FOR-US: SAP HANA
CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain s ...)
	NOT-FOR-US: SAP HANA
CVE-2016-3638 (SAP SLD Registration Program (aka SLDREG) allows local users to cause  ...)
	NOT-FOR-US: SAP SLD
CVE-2016-3637
	RESERVED
CVE-2016-3636
	RESERVED
CVE-2016-3635 (SAP Netweaver 7.4 allows remote authenticated users to bypass an inten ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibT ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2547
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3633 (The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #842046)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2548
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3632 (The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earl ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2549
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3631 (The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in Li ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #820366)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3630 (The binary delta decoder in Mercurial before 3.7.3 allows remote attac ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf (1/2)
	NOTE: https://selenic.com/repo/hg-stable/rev/b9714d958e89 (2/2)
CVE-2016-3629
	REJECTED
CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise Message S ...)
	NOT-FOR-US: TIBCO
CVE-2016-3626
	RESERVED
CVE-2016-3625 (tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows rem ...)
	- tiff 4.0.3-1
	[wheezy] - tiff <not-affected> (Can't reproduce)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2566
	NOTE: Not reproducible with jessie and above, marking the version in jessie as fixed
	NOTE: CVE probably should/needs to be rejected, since upstream is as well unable to
	NOTE: reproduce the issue. Might have been a problem on reporter from id=2566
CVE-2016-3624 (The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earli ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.6-3
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2568
	NOTE: Upstream marked this duplicate of bug 2569
CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attacker ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.6-3 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
	NOTE: No security impact, just triggers a crash in a CLI tool
CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4 ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1 (low; bug #820365)
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/4
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4. ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820364)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2565
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/3
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4. ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820363)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2570
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/2
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in  ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820362)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2567
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/1
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3618
	RESERVED
CVE-2016-3617
	RESERVED
CVE-2016-3616 (The cjpeg utility in libjpeg allows remote attackers to cause a denial ...)
	{DLA-1638-1}
	- libjpeg-turbo 1:1.4.2-1
	NOTE: libjpeg-turbo: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
	- libjpeg6b <unfixed> (unimportant)
	NOTE: unimportant, since cjpeg not installed in binary package in any suite having src:libjpeg6b
	- libjpeg8 <unfixed>
	[wheezy] - libjpeg8 <no-dsa> (Minor issue)
	NOTE: cjpeg in src:libjpeg8 vulnerable, but not installed in binary package since 8d1-2
	- libjpeg9 1:9b-2 (bug #819969)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earli ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
CVE-2016-3615 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3614 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3613 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle
CVE-2016-3612 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.0.22-dfsg-1
	[jessie] - virtualbox <not-affected> (Only affects 5.x)
	[wheezy] - virtualbox <not-affected> (Only affects 5.x)
CVE-2016-3611 (Unspecified vulnerability in the Oracle Retail Order Broker component  ...)
	NOT-FOR-US: Oracle
CVE-2016-3610 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded  ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3609 (Unspecified vulnerability in the OJVM component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3608 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-3607 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3605
	REJECTED
CVE-2016-3604
	REJECTED
CVE-2016-3603
	REJECTED
CVE-2016-3602
	REJECTED
CVE-2016-3601
	REJECTED
CVE-2016-3600
	REJECTED
CVE-2016-3599
	REJECTED
CVE-2016-3598 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded  ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3597 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.1.4-dfsg-1
	[jessie] - virtualbox <not-affected> (Only affects 5.x)
	[wheezy] - virtualbox <not-affected> (Only affects 5.x)
CVE-2016-3596 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3595 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3594 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3593 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3592 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3591 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3590 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3589 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle
CVE-2016-3588 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3587 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded  ...)
	- openjdk-8 8u102-b14-1
CVE-2016-3586 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3585 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-3584 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-3583 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3582 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3581 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3580 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3579 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3578 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3577 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3576 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3575 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3574 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3573 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3572 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3571 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3570 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
	NOT-FOR-US: Oracle
CVE-2016-3569 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3568 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3567 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3566 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3565 (Unspecified vulnerability in the Oracle Retail Order Broker component  ...)
	NOT-FOR-US: Oracle
CVE-2016-3564 (Unspecified vulnerability in the Oracle TopLink component in Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2016-3563 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3562 (Unspecified vulnerability in the RDBMS Security and SQL*Plus component ...)
	NOT-FOR-US: Oracle
CVE-2016-3561 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3560 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3559 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3558 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3557 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3556 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3555 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3554 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3553 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3552 (Unspecified vulnerability in Oracle Java SE 8u92 allows local users to ...)
	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2016-3551 (Unspecified vulnerability in the Oracle Web Services component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3550 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3549 (Unspecified vulnerability in the Oracle E-Business Suite Secure Enterp ...)
	NOT-FOR-US: Oracle
CVE-2016-3548 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3547 (Unspecified vulnerability in the Oracle One-to-One Fulfillment compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3546 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-3545 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-3544 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-3543 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-3542 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-3541 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-3540 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3539 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3538 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3537 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3536 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3535 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-3534 (Unspecified vulnerability in the Oracle Installed Base component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3533 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-3532 (Unspecified vulnerability in the Oracle Advanced Inbound Telephony com ...)
	NOT-FOR-US: Oracle
CVE-2016-3531 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3530 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3529 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3528 (Unspecified vulnerability in the Oracle Internet Expenses component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3527 (Unspecified vulnerability in the Oracle Demand Planning component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3525 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2016-3524 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle
CVE-2016-3523 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...)
	NOT-FOR-US: Oracle
CVE-2016-3522 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...)
	NOT-FOR-US: Oracle
CVE-2016-3521 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3520 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-3519 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3518 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3517 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3516 (Unspecified vulnerability in the Oracle Enterprise Communications Brok ...)
	NOT-FOR-US: Oracle
CVE-2016-3515 (Unspecified vulnerability in the Oracle Enterprise Communications Brok ...)
	NOT-FOR-US: Oracle
CVE-2016-3514 (Unspecified vulnerability in the Oracle Enterprise Communications Brok ...)
	NOT-FOR-US: Oracle
CVE-2016-3513 (Unspecified vulnerability in the Oracle Communications Operations Moni ...)
	NOT-FOR-US: Oracle
CVE-2016-3512 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-3511 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows loca ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3509 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3508 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Ja ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3507 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3506 (Unspecified vulnerability in the JDBC component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3505 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3504 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3503 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 all ...)
	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-7 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-6 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2016-3502 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3501 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3500 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Ja ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3499 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3498 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remo ...)
	- openjfx 8u102-b14-1 (bug #832419)
CVE-2016-3497 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-3496 (Unspecified vulnerability in the Enterprise Manager for Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2016-3495 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-3494 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3493 (Unspecified vulnerability in the Hyperion Financial Reporting componen ...)
	NOT-FOR-US: Oracle
CVE-2016-3492 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-3491 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-3490 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3489 (Unspecified vulnerability in the Data Pump Import component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3488 (Unspecified vulnerability in the DB Sharding component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3487 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3486 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3485 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Ja ...)
	- openjdk-8 <not-affected> (Windows-specific)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-6 <not-affected> (Windows-specific)
CVE-2016-3484 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3483 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-3482 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-3481 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-3480 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-3479 (Unspecified vulnerability in the Portable Clusterware component in Ora ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3478 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-3477 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3476 (Unspecified vulnerability in the Oracle Knowledge component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3475 (Unspecified vulnerability in the Oracle Knowledge component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3474 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3473 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3472 (Unspecified vulnerability in the Siebel Engineering - Installer and De ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3471 (Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.2 ...)
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	- mysql-5.6 5.6.28-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.46-0+deb8u1
	[wheezy] - mysql-5.5 5.5.46-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3470 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3469 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3468 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-3467 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-3464 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle
CVE-2016-3463 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle
CVE-2016-3462 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-3461 (Unspecified vulnerability in the MySQL Enterprise Monitor component in ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-3460 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3459 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3458 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; an ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformanc ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3456 (Unspecified vulnerability in the Oracle Complex Maintenance, Repair, a ...)
	NOT-FOR-US: Oracle
CVE-2016-3455 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-3454 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2016-3453 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-3452 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.30-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.49-0+deb8u1
	[wheezy] - mysql-5.5 5.5.49-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3451 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-3450 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3449 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allo ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3448 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3447 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3446 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-3445 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3444 (Unspecified vulnerability in the Oracle Retail Integration Bus compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3443 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allo ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2016-3442 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3441 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-3440 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3439 (Unspecified vulnerability in the Oracle CRM Wireless component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3438 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3437 (Unspecified vulnerability in the Oracle CRM Wireless component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3436 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-3435 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3434 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-3433 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-3432 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3431 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3430
	RESERVED
CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of Service ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Jav ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded  ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Jav ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3424 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3422 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allo ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2016-3421 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3420 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3419 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-3418 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-3417 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3416 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3415 (Zimbra Collaboration before 8.7.0 allows remote attackers to conduct d ...)
	NOT-FOR-US: Zimbra
CVE-2016-3414 (Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 ...)
	NOT-FOR-US: Zimbra
CVE-2016-3413 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3412 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3411 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration befor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3410 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3409 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration befor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3408 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration befor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3407 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3406 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra C ...)
	NOT-FOR-US: Zimbra
CVE-2016-3405 (Multiple unspecified vulnerabilities in Zimbra Collaboration before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2016-3404 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3403 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Admi ...)
	NOT-FOR-US: Zimbra
CVE-2016-3402 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3400 (NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2016-3399
	RESERVED
CVE-2016-3398
	RESERVED
CVE-2014-9768 (** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote ...)
	NOT-FOR-US: Tivoli
CVE-2016-3397
	REJECTED
CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3395
	REJECTED
CVE-2016-3394
	REJECTED
CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does not pr ...)
	NOT-FOR-US: Microsoft
CVE-2016-3391 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context ...)
	NOT-FOR-US: Microsoft
CVE-2016-3390 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3389 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3388 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2016-3387 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2016-3386 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3385 (The scripting engine in Microsoft Internet Explorer 9 through 11 allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3384 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3383 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft
CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through 11 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3380
	REJECTED
CVE-2016-3379 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 201 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft
CVE-2016-3373 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3372 (The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3371 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3370 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft
CVE-2016-3369 (Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3368 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3367 (StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not p ...)
	NOT-FOR-US: Microsoft
CVE-2016-3366 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3365 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3364 (Microsoft Visio 2016 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Microsoft
CVE-2016-3363 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3362 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3361 (Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3360 (Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3359 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3358 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3357 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3356 (The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3355 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3354 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3353 (Microsoft Internet Explorer 9 through 11 mishandles .url files from th ...)
	NOT-FOR-US: Microsoft
CVE-2016-3352 (Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3351 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3350 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3349 (The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3348 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3347
	REJECTED
CVE-2016-3346 (Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce pe ...)
	NOT-FOR-US: Microsoft
CVE-2016-3345 (The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-3344 (The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 a ...)
	NOT-FOR-US: Microsoft
CVE-2016-3343 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3342 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windows 8. ...)
	NOT-FOR-US: Microsoft
CVE-2016-3340 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3339
	REJECTED
CVE-2016-3338 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3337
	REJECTED
CVE-2016-3336
	REJECTED
CVE-2016-3335 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3334 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3333 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3332 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3328
	REJECTED
CVE-2016-3327 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3326 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3325 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3324 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3323
	REJECTED
CVE-2016-3322 (Microsoft Internet Explorer 11 and Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-3321 (Microsoft Internet Explorer 10 and 11 load different files for attempt ...)
	NOT-FOR-US: Microsoft
CVE-2016-3320 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3319 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3318 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow r ...)
	NOT-FOR-US: Microsoft
CVE-2016-3317 (Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3316 (Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow rem ...)
	NOT-FOR-US: Microsoft
CVE-2016-3315 (Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3314
	REJECTED
CVE-2016-3313 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3312 (ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attack ...)
	NOT-FOR-US: Microsoft
CVE-2016-3311 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3310 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3309 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3308 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3307
	REJECTED
CVE-2016-3306 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3305 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3304 (The Windows font library in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3303 (The Windows font library in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3302 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2016-3301 (The Windows font library in Microsoft Windows Vista SP2; Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3300 (The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2016-3299 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3298 (Microsoft Internet Explorer 9 through 11 and the Internet Messaging AP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3297 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3296 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3295 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3294 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3293 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3292 (Microsoft Internet Explorer 10 and 11 mishandles integrity settings an ...)
	NOT-FOR-US: Microsoft
CVE-2016-3291 (Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-orig ...)
	NOT-FOR-US: Microsoft
CVE-2016-3290 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3289 (Microsoft Internet Explorer 11 and Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-3288 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3287 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3286 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3285
	REJECTED
CVE-2016-3284 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3283 (Microsoft Word Viewer allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Microsoft
CVE-2016-3282 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3281 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3280 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3279 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3278 (Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows rem ...)
	NOT-FOR-US: Microsoft
CVE-2016-3277 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3276 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3275
	REJECTED
CVE-2016-3274 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3273 (The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microso ...)
	NOT-FOR-US: Microsoft
CVE-2016-3272 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers to obtai ...)
	NOT-FOR-US: Microsoft
CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista SP2; W ...)
	NOT-FOR-US: Microsoft
CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3268
	REJECTED
CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3263 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3262 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript e ...)
	NOT-FOR-US: Microsoft
CVE-2016-3259 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript e ...)
	NOT-FOR-US: Microsoft
CVE-2016-3258 (Race condition in the kernel in Microsoft Windows 8.1, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3257
	REJECTED
CVE-2016-3256 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the Se ...)
	NOT-FOR-US: Microsoft
CVE-2016-3255 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 al ...)
	NOT-FOR-US: Microsoft
CVE-2016-3254 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3253
	REJECTED
CVE-2016-3252 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3251 (The GDI component in the kernel-mode drivers in Microsoft Windows Vist ...)
	NOT-FOR-US: Microsoft
CVE-2016-3250 (The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3249 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3248 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript e ...)
	NOT-FOR-US: Microsoft
CVE-2016-3247 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3246 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3245 (Microsoft Internet Explorer 9 through 11 allows remote attackers to tr ...)
	NOT-FOR-US: Microsoft
CVE-2016-3244 (Microsoft Edge allows remote attackers to bypass the ASLR protection m ...)
	NOT-FOR-US: Microsoft
CVE-2016-3243 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft
CVE-2016-3242 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3241 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3240 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3239 (The Print Spooler service in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2016-3238 (The Print Spooler service in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2016-3237 (Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3236 (The Web Proxy Auto Discovery (WPAD) protocol implementation in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2016-3235 (Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3234 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-3233 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pac ...)
	NOT-FOR-US: Microsoft
CVE-2016-3232 (The Virtual PCI (VPCI) virtual service provider in Microsoft Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2016-3231 (The Standard Collector service in Windows Diagnostics Hub mishandles l ...)
	NOT-FOR-US: Microsoft
CVE-2016-3230 (The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3229
	REJECTED
CVE-2016-3228 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 G ...)
	NOT-FOR-US: Microsoft
CVE-2016-3227 (Use-after-free vulnerability in the DNS Server component in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3226 (Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3225 (The SMB server component in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3224
	REJECTED
CVE-2016-3223 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3222 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3221 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3220 (atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows V ...)
	NOT-FOR-US: Microsoft
CVE-2016-3219 (The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows lo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3218 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3217
	REJECTED
CVE-2016-3216 (GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3215 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 151 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3214 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3213 (The Web Proxy Auto Discovery (WPAD) protocol implementation in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2016-3212 (The XSS Filter in Microsoft Internet Explorer 9 through 11 does not pr ...)
	NOT-FOR-US: Microsoft
CVE-2016-3211 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in Interne ...)
	NOT-FOR-US: Microsoft
CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3208
	REJECTED
CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3206 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3205 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3204 (The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engin ...)
	NOT-FOR-US: Microsoft
CVE-2016-3203 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2016-3202 (The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript eng ...)
	NOT-FOR-US: Microsoft
CVE-2016-3201 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2016-3200
	REJECTED
CVE-2016-3199 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3198 (Microsoft Edge allows remote attackers to bypass the Content Security  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3196 (Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x ...)
	NOT-FOR-US: Fortinet
CVE-2016-3195 (Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet For ...)
	NOT-FOR-US: Fortinet
CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added page in  ...)
	NOT-FOR-US: Fortinet
CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance web-applicat ...)
	NOT-FOR-US: Fortinet
CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext R ...)
	NOT-FOR-US: Cloudera
CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
	- cairo 1.14.2-2
	[jessie] - cairo 1.14.0-2.1+deb8u1
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows rem ...)
	{DLA-1833-1}
	- bzip2 1.0.6-8.1 (low; bug #827744)
	[wheezy] - bzip2 <no-dsa> (Minor issue)
CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module 7.x-2 ...)
	NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote ...)
	NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in LibTIFF ...)
	{DLA-693-1 DLA-610-1}
	- tiff 4.0.6-3 (bug #819972)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319666
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319503
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2536
	NOTE: Proposed patch from Red Hat: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
	NOTE: gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3185 (The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...)
	- php7.0 7.0.4-1
	NOTE: https://bugs.php.net/bug.php?id=71610
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
	NOTE: http://php.net/ChangeLog-7.php#7.0.4
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69
	NOTE: https://bugs.php.net/bug.php?id=70081
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
CVE-2016-3184
	RESERVED
CVE-2016-3180 (Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during th ...)
	- torbrowser-launcher 0.2.4-1
	[jessie] - torbrowser-launcher 0.1.9-1+deb8u3
	NOTE: https://github.com/micahflee/torbrowser-launcher/issues/229
CVE-2016-3177 (Multiple use-after-free and double-free vulnerabilities in gifcolor.c  ...)
	- giflib 5.1.4-0.1 (unimportant)
	[jessie] - giflib <not-affected> (Vulnerable code introduced in 5.1.2)
	NOTE: https://sourceforge.net/p/giflib/bugs/83/
	NOTE: Issue only in gifcolor utility, not installed into giflib-tools
	NOTE: Issue introduced upstream in 5.1.2 and fixed in 5.1.3.
CVE-2016-3176 (Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external  ...)
	- salt 2015.8.8+ds-1 (bug #819184)
	[jessie] - salt <no-dsa> (Minor issue; external_auth not by default usable)
	NOTE: external_auth seems not usable by default under Jessie due to the
	NOTE: permissions on /var/run/salt/master.
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
	NOTE: https://github.com/saltstack/salt/pull/31826/commits/d73f70ebb289142e4f692359fe741a54f5d2ad65
	NOTE: Fixed in 2015.5.10/2015.8.8 upstream
CVE-2016-3175
	RESERVED
CVE-2016-3174 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-3173 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-3161 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and N ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-3160
	RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not proper ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
	NOTE: CVE-2016-3159 is for the code change which is applicable for later
	NOTE: versions only, but which must always be combined with the code change
	NOTE: for CVE-2016-3158.  Ie for the first hunk in xsa172.patch, which
	NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly  ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
	NOTE: CVE-2016-3158 is for the code change which is required for all
	NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient
	NOTE: on later versions).  Ie for the second hunk in xsa172.patch (the only
	NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: http://xenbits.xen.org/xsa/advisory-171.html
	NOTE: https://git.kernel.org/linus/b7a584598aea7ca73140cb87b40319944dd3393f
CVE-2016-3155 (Siemens APOGEE Insight uses weak permissions for the application folde ...)
	NOT-FOR-US: Siemens APOGEE Insight
CVE-2016-XXXX [use-after-free in unserialisation]
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69
CVE-2016-6288 (The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5. ...)
	{DLA-533-1}
	- hhvm 3.12.1+dfsg-1
	- php5 5.6.15+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70480
	NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31
CVE-2014-9767 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...)
	- hhvm 3.12.1+dfsg-1
	- php5 5.6.13+dfsg-1
	[jessie] - php5 5.6.13+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=70350
	NOTE: https://bugs.php.net/bug.php?id=67996
	NOTE: https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686
CVE-2016-3152 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow rem ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3151 (Directory traversal vulnerability in the wallpaper parsing functionali ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3150 (Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base  ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3149 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3148
	RESERVED
CVE-2016-3147 (Buffer overflow in the collector.exe listener of the Landesk Managemen ...)
	NOT-FOR-US: Landesk Management Suite
CVE-2016-3146
	RESERVED
CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before CB.02 ...)
	NOT-FOR-US: Lexmark printers
CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module 7.x ...)
	NOT-FOR-US: Drupal Block Class module
CVE-2016-3143
	RESERVED
CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandles de ...)
	{DSA-3607-1}
	- linux 4.5.1-1
	[wheezy] - linux <not-affected> (Not a security issue since containers are not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
CVE-2016-3133
	RESERVED
CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ...)
	- php7.0 7.0.6-1
	NOTE: https://bugs.php.net/bug.php?id=71735
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...)
	NOT-FOR-US: Cloudera
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good Enterpri ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3128 (A spoofing vulnerability in the Core of BlackBerry Enterprise Server ( ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3127 (An information disclosure vulnerability in the logging implementation  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3123
	RESERVED
CVE-2016-3122
	RESERVED
CVE-2016-3121
	RESERVED
CVE-2016-3120 (The validate_as_request function in kdc_util.c in the Key Distribution ...)
	{DLA-1265-1}
	- krb5 1.14.3+dfsg-1 (bug #832572)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
CVE-2016-3119 (The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_prin ...)
	{DLA-1265-1}
	- krb5 1.14.2+dfsg-1 (bug #819468)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
CVE-2016-3118 (CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Ga ...)
	NOT-FOR-US: CA API Gateway
CVE-2016-3117
	RESERVED
CVE-2016-3114 (Kallithea before 0.3.2 allows remote authenticated users to edit or de ...)
	- kallithea <itp> (bug #689573)
CVE-2016-3113 (Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-3112 (client/consumer/cli.py in Pulp before 2.8.3 writes consumer private ke ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3111 (pulp.spec in the installation process for Pulp 2.8.3 generates the RSA ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote at ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-3109 (The backend/Login/load/ script in Shopware before 5.1.5 allows remote  ...)
	NOT-FOR-US: Shopware
CVE-2016-3108 (The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows loca ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3107 (The Node certificate in Pulp before 2.8.3 contains the private key, an ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3106 (Pulp before 2.8.3 creates a temporary directory during CA key generati ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3105 (The convert extension in Mercurial before 3.8 might allow context-depe ...)
	{DSA-3570-1 DLA-459-1}
	- mercurial 3.8.1-1
	NOTE: https://selenic.com/hg/rev/a56296f55a5e
CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remot ...)
	- mongodb 1:3.2.11-1
	[jessie] - mongodb <no-dsa> (Minor issue)
	[wheezy] - mongodb <no-dsa> (Minor issue)
	NOTE: https://jira.mongodb.org/browse/SERVER-24378
	NOTE: Marking as fixed with the first 3.x based version in unstable
	NOTE: This issue though affect only 2.4 (and possibly older), or 2.6
	NOTE: installations, but only in circumstances where they first had a
	NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
	NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
	RESERVED
CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...)
	- jenkins <removed>
CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin b ...)
	- jenkins <removed>
CVE-2016-3100 (kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for  ...)
	- kinit 5.23.0-1 (bug #827476)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=358593
	NOTE: https://bugs.kde.org/show_bug.cgi?id=363140
	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
CVE-2016-3099 (mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux ...)
	- libapache2-mod-nss 1.0.14-1 (bug #822461)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2016-3098
	RESERVED
CVE-2016-3097 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat  ...)
	NOT-FOR-US: spacewalk-java
CVE-2016-3096 (The create_script function in the lxc_container module in Ansible befo ...)
	- ansible 2.0.1.0-2 (bug #819676)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1322925
	NOTE: https://sources.debian.org/src/ansible/2.0.1.0-1/lib/ansible/modules/extras/cloud/lxc/lxc_container.py/?hl=523#L523
CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local u ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method re ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-034.html
CVE-2016-3092 (The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...)
	{DSA-3614-1 DSA-3611-1 DSA-3609-1 DLA-529-1 DLA-528-1}
	- libcommons-fileupload-java 1.3.2-1
	- tomcat7 7.0.70-1
	- tomcat8 8.0.36-1
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	NOTE: Fixed by https://svn.apache.org/r1743480
	NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3
	NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
CVE-2016-3091 (Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers  ...)
	NOT-FOR-US: Cloud Foundry Diego
CVE-2016-3090 (The TextParseUtil.translateVariables method in Apache Struts 2.x befor ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life>
	NOTE: https://struts.apache.org/docs/s2-027.html
CVE-2016-3089 (Cross-site scripting (XSS) vulnerability in the SWF panel in Apache Op ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-3088 (The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 al ...)
	- activemq 5.14.0+dfsg-1
	[jessie] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
	[wheezy] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
CVE-2016-3087 (Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-033.html
CVE-2016-3086 (The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x bef ...)
	- hadoop <itp> (bug #793644)
CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x be ...)
	NOT-FOR-US: Apache CloudStack
CVE-2016-3084 (The UAA reset password flow in Cloud Foundry release v236 and earlier  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-3083 (Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP ...)
	NOT-FOR-US: Apache Hive
CVE-2016-3082 (XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.2 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-031.html
CVE-2016-3081 (Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-032.html
CVE-2016-3080 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat  ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in S ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2016-3078 (Multiple integer overflows in php_zip.c in the zip extension in PHP be ...)
	- php7.0 7.0.6-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/28/1
	NOTE: Fixed in 7.0.6
	NOTE: https://bugs.php.net/bug.php?id=71923
CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt Engine allow ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in Pillow  ...)
	- pillow <unfixed> (unimportant)
	- python-imaging <removed> (unimportant)
	NOTE: https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.1.2)
	NOTE: Marked as unimportant since source vulnerable but in Debian we do
	NOTE: not built against openjpeg by default
CVE-2016-3075 (Stack-based buffer overflow in the nss_dns implementation of the getne ...)
	{DLA-494-1}
	- glibc 2.22-6
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
CVE-2016-3074 (Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or li ...)
	{DSA-3602-1 DSA-3556-1}
	- libgd2 2.1.1-4.1 (bug #822242)
	- php5 5.6.21+dfsg-1 (unimportant)
	- php7.0 7.0.6-1 (unimportant)
	- hhvm 3.12.11+dfsg-1 (unimportant)
	NOTE: HHVM implements additional sanity checks, not directly epxloitable
	NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
	NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
CVE-2016-3073
	REJECTED
CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function i ...)
	NOT-FOR-US: Katello
CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of servi ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://lists.libreswan.org/pipermail/swan-announce/2016/000019.html
CVE-2016-3070 (The trace_writeback_dirty_page implementation in include/trace/events/ ...)
	{DSA-3607-1}
	- linux 4.4.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1306851
	NOTE: https://git.kernel.org/linus/42cb14b110a5698ccf26ce59c4441722605a3743 (v4.4-rc1)
CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/197eed39e3d5 (1/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/cdda7b96afff (2/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/b732e7f2aba4 (3/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/80cac1de6aea (4/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/ae279d4a19e9 (5/5)
CVE-2016-3068 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating permissions when ...)
	NOT-FOR-US: Cygwin
CVE-2016-3066 (The spice-gtk widget allows remote authenticated users to obtain infor ...)
	- spice-gtk <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320263
	NOTE: Hardly a security issue per se, but a design limitation/risky feature
	NOTE: It's up to applications using spice-gtk to use it as appropriate
CVE-2016-3065 (The (1) brin_page_type and (2) brin_metapage_info functions in the pag ...)
	- postgresql-9.5 9.5.2-1
	- postgresql-9.4 <not-affected> (Only affects 9.5.x)
	- postgresql-9.1 <not-affected> (Only affects 9.5.x)
	- postgresql-8.4 <not-affected> (Only affects 9.5.x)
	NOTE: http://www.postgresql.org/about/news/1656/
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f
CVE-2016-XXXX [fscanf format string security bug in flashrom layout code]
	- flashrom 0.9.9+r1954-1 (unimportant)
	[wheezy] - flashrom <no-dsa> (Minor issue)
	NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
	NOTE: Neutralised by hardening
CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1  ...)
	- openjpeg2 2.1.1-1 (low; bug #818399)
	[jessie] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
	NOTE: https://github.com/uclouvain/openjpeg/issues/726
CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
	NOTE: https://github.com/uclouvain/openjpeg/issues/725
CVE-2016-3181
	REJECTED
CVE-2016-3140 (The digi_port_init function in drivers/usb/serial/digi_acceleport.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/61
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
	NOTE: https://marc.info/?l=linux-usb&m=145796765030590&w=2
CVE-2016-3139 (The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Li ...)
	- linux 4.0.2-1 (low)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <no-dsa> (Minor issue)
	NOTE: http://seclists.org/bugtraq/2016/Mar/60
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux ker ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/54
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
	NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allow ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/55
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
CVE-2016-3136 (The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/57
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
CVE-2016-3125 (The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2  ...)
	- proftpd-dfsg 1.3.5b-1 (bug #818492)
	[jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
	NOTE: Fixed in 1.3.6rc2, 1.3.5b.
CVE-2016-3064 (NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 al ...)
	NOT-FOR-US: NetApp
CVE-2016-3063 (Multiple functions in NetApp OnCommand System Manager before 8.3.2 do  ...)
	NOT-FOR-US: NetApp
CVE-2016-3062 (The mov_read_dref function in libavformat/mov.c in Libav before 11.7 a ...)
	{DSA-3603-1 DLA-515-1}
	- libav <removed>
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=5fdcbc4a7cd81114a9f47bcb3040ca510bd6360d (11.7)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=929
	- ffmpeg 7:2.4.1-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 (n0.11)
CVE-2016-3061
	RESERVED
CVE-2016-3060 (Payments Director in IBM Financial Transaction Manager (FTM) for ACH S ...)
	NOT-FOR-US: IBM
CVE-2016-3059 (IBM Tivoli Storage Manager for Databases: Data Protection for Microsof ...)
	NOT-FOR-US: IBM
CVE-2016-3058
	RESERVED
CVE-2016-3057 (Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrato ...)
	NOT-FOR-US: IBM
CVE-2016-3056 (Cross-site scripting (XSS) vulnerability in Business Space in IBM Busi ...)
	NOT-FOR-US: IBM
CVE-2016-3055 (IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authen ...)
	NOT-FOR-US: IBM
CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0. ...)
	NOT-FOR-US: IBM
CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a local ...)
	NOT-FOR-US: IBM
CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send passwor ...)
	NOT-FOR-US: IBM
CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3050
	RESERVED
CVE-2016-3049 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML inj ...)
	NOT-FOR-US: IBM
CVE-2016-3048 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-3047 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3046 (IBM Security Access Manager for Web is vulnerable to SQL injection. A  ...)
	NOT-FOR-US: IBM
CVE-2016-3045 (IBM Security Access Manager for Web stores sensitive information in UR ...)
	NOT-FOR-US: IBM
CVE-2016-3044 (The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 an ...)
	- linux 4.4.6-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969
	NOTE: http://www.securityfocus.com/bid/92123/info
CVE-2016-3043 (IBM Security Access Manager for Web could allow a remote attacker to o ...)
	NOT-FOR-US: IBM
CVE-2016-3042 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...)
	NOT-FOR-US: IBM
CVE-2016-3041
	RESERVED
CVE-2016-3040 (IBM WebSphere Application Server (WAS) Liberty, as used in IBM Securit ...)
	NOT-FOR-US: IBM
CVE-2016-3039 (IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated u ...)
	NOT-FOR-US: IBM
CVE-2016-3038 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2016-3037 (IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's ...)
	NOT-FOR-US: IBM
CVE-2016-3036 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, cau ...)
	NOT-FOR-US: IBM
CVE-2016-3035 (IBM AppScan Source could reveal some sensitive information through the ...)
	NOT-FOR-US: IBM
CVE-2016-3034 (IBM AppScan Source uses a one-way hash without salt to encrypt highly  ...)
	NOT-FOR-US: IBM
CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-3032 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-3031 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-3030
	RESERVED
CVE-2016-3029 (IBM Security Access Manager for Web is vulnerable to cross-site reques ...)
	NOT-FOR-US: IBM
CVE-2016-3028 (IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0. ...)
	NOT-FOR-US: IBM
CVE-2016-3027 (IBM Security Access Manager for Web is vulnerable to a denial of servi ...)
	NOT-FOR-US: IBM
CVE-2016-3026
	RESERVED
CVE-2016-3025 (IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Secu ...)
	NOT-FOR-US: IBM
CVE-2016-3024 (IBM Security Access Manager for Web allows web pages to be stored loca ...)
	NOT-FOR-US: IBM
CVE-2016-3023 (IBM Security Access Manager for Web could allow an unauthenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-3022 (IBM Security Access Manager for Web could allow an authenticated user  ...)
	NOT-FOR-US: IBM
CVE-2016-3021 (IBM Security Access Manager for Web could allow an authenticated attac ...)
	NOT-FOR-US: IBM
CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allo ...)
	NOT-FOR-US: IBM
CVE-2016-3019 (IBM Security Access Manager for Web 9.0.0 uses weaker than expected cr ...)
	NOT-FOR-US: IBM
CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote attacker to o ...)
	NOT-FOR-US: IBM
CVE-2016-3016 (IBM Security Access Manager for Web processes patches, image backups a ...)
	NOT-FOR-US: IBM
CVE-2016-3015 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-3014 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-3013 (IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ ...)
	NOT-FOR-US: IBM
CVE-2016-3012 (IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8  ...)
	NOT-FOR-US: IBM
CVE-2016-3011
	RESERVED
CVE-2016-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3009 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3008 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3007 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x ...)
	NOT-FOR-US: IBM
CVE-2016-3006 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3005 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3004 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3003 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3002 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 a ...)
	NOT-FOR-US: IBM
CVE-2016-3001 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3000 (The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR ...)
	NOT-FOR-US: IBM
CVE-2016-2999 (IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR ...)
	NOT-FOR-US: IBM
CVE-2016-2998 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2997 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2996 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Vi ...)
	NOT-FOR-US: IBM
CVE-2016-2995 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2994 (Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x ...)
	NOT-FOR-US: IBM
CVE-2016-2993
	RESERVED
CVE-2016-2992 (IBM Infosphere BigInsights is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2991 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Prote ...)
	NOT-FOR-US: IBM
CVE-2016-2990
	RESERVED
CVE-2016-2989 (Open redirect vulnerability in the Connections Portlets component 5.x  ...)
	NOT-FOR-US: IBM
CVE-2016-2988 (IBM Tivoli Storage Manger for Virtual Environments: Data Protection fo ...)
	NOT-FOR-US: IBM
CVE-2016-2987 (An undisclosed vulnerability in CLM applications may result in some ad ...)
	NOT-FOR-US: IBM
CVE-2016-2986 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2985 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
	NOT-FOR-US: IBM
CVE-2016-2984 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
	NOT-FOR-US: IBM
CVE-2016-2983 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remo ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-2982
	RESERVED
CVE-2016-2981 (An undisclosed vulnerability in the CLM applications in IBM Jazz Team  ...)
	NOT-FOR-US: IBM
CVE-2016-2980 (The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injecti ...)
	NOT-FOR-US: IBM
CVE-2016-2979 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2016-2978 (IBM Sametime 8.5.2 and 9.0 could store potentially sensitive informati ...)
	NOT-FOR-US: IBM
CVE-2016-2977 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user ...)
	NOT-FOR-US: IBM
CVE-2016-2976 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invite ...)
	NOT-FOR-US: IBM
CVE-2016-2975 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2974 (IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Ri ...)
	NOT-FOR-US: IBM
CVE-2016-2973 (IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2016-2972 (IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of t ...)
	NOT-FOR-US: IBM
CVE-2016-2971 (IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive infor ...)
	NOT-FOR-US: IBM
CVE-2016-2970 (IBM Sametime 8.5 and 9.0 meetings server may provide detailed informat ...)
	NOT-FOR-US: IBM
CVE-2016-2969 (IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contai ...)
	NOT-FOR-US: IBM
CVE-2016-2968 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remot ...)
	NOT-FOR-US: IBM
CVE-2016-2967 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2966 (IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumer ...)
	NOT-FOR-US: IBM
CVE-2016-2965 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2016-2964 (IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error  ...)
	NOT-FOR-US: IBM
CVE-2016-2963 (Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote C ...)
	NOT-FOR-US: IBM
CVE-2016-2962
	RESERVED
CVE-2016-2961 (The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10  ...)
	NOT-FOR-US: IBM
CVE-2016-2960 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x be ...)
	NOT-FOR-US: IBM
CVE-2016-2959 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room m ...)
	NOT-FOR-US: IBM
CVE-2016-2958 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 a ...)
	NOT-FOR-US: IBM
CVE-2016-2957 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 a ...)
	NOT-FOR-US: IBM
CVE-2016-2956 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2955 (Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-2954 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2953 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 d ...)
	NOT-FOR-US: IBM
CVE-2016-2952 (IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protec ...)
	NOT-FOR-US: IBM
CVE-2016-2951 (IBM BigFix Remote Control before 9.1.3 does not properly set the defau ...)
	NOT-FOR-US: IBM
CVE-2016-2950 (SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3  ...)
	NOT-FOR-US: IBM
CVE-2016-2949 (IBM BigFix Remote Control before 9.1.3 allows local users to obtain se ...)
	NOT-FOR-US: IBM
CVE-2016-2948 (IBM BigFix Remote Control before 9.1.3 allows local users to discover  ...)
	NOT-FOR-US: IBM
CVE-2016-2947 (IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix1 ...)
	NOT-FOR-US: IBM
CVE-2016-2946 (Stack-based buffer overflow in the ax Shared Libraries in the Agent in ...)
	NOT-FOR-US: IBM
CVE-2016-2945 (The API Discovery implementation in IBM WebSphere Application Server ( ...)
	NOT-FOR-US: IBM
CVE-2016-2944 (IBM BigFix Remote Control before 9.1.3 does not properly restrict fail ...)
	NOT-FOR-US: IBM
CVE-2016-2943 (IBM BigFix Remote Control before 9.1.3 allows local users to obtain se ...)
	NOT-FOR-US: IBM
CVE-2016-2942 (IBM UrbanCode Deploy could allow an authenticated attacker with specia ...)
	NOT-FOR-US: IBM
CVE-2016-2941 (IBM UrbanCode Deploy creates temporary files during step execution tha ...)
	NOT-FOR-US: IBM
CVE-2016-2940 (Multiple unspecified vulnerabilities in IBM BigFix Remote Control befo ...)
	NOT-FOR-US: IBM
CVE-2016-2939 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-2938 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-2937 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to obta ...)
	NOT-FOR-US: IBM
CVE-2016-2936 (IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unsp ...)
	NOT-FOR-US: IBM
CVE-2016-2935 (The broker application in IBM BigFix Remote Control before 9.1.3 allow ...)
	NOT-FOR-US: IBM
CVE-2016-2934 (Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control  ...)
	NOT-FOR-US: IBM
CVE-2016-2933 (Directory traversal vulnerability in IBM BigFix Remote Control before  ...)
	NOT-FOR-US: IBM
CVE-2016-2932 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to cond ...)
	NOT-FOR-US: IBM
CVE-2016-2931 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to obta ...)
	NOT-FOR-US: IBM
CVE-2016-2930 (IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perfo ...)
	NOT-FOR-US: IBM
CVE-2016-2929 (IBM BigFix Remote Control before 9.1.3 does not properly restrict pass ...)
	NOT-FOR-US: IBM
CVE-2016-2928 (IBM BigFix Remote Control before 9.1.3 allows remote authenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-2927 (IBM BigFix Remote Control before 9.1.3 does not properly restrict the  ...)
	NOT-FOR-US: IBM
CVE-2016-2926 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2925 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2924 (IBM Infosphere BigInsights is vulnerable to cross-site scripting, caus ...)
	NOT-FOR-US: IBM
CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty bef ...)
	NOT-FOR-US: IBM
CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (C ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2016-2921
	RESERVED
CVE-2016-2920
	RESERVED
CVE-2016-2919
	RESERVED
CVE-2016-2918
	RESERVED
CVE-2016-2917 (The notifications component in IBM TRIRIGA Applications 10.4 and 10.5  ...)
	NOT-FOR-US: IBM
CVE-2016-2916
	RESERVED
CVE-2016-2915
	RESERVED
CVE-2016-2914 (Unrestricted file upload vulnerability in the Document Builder in IBM  ...)
	NOT-FOR-US: IBM
CVE-2016-2913
	RESERVED
CVE-2016-2912 (Cross-site scripting (XSS) vulnerability in the Document Builder in IB ...)
	NOT-FOR-US: IBM
CVE-2016-2911
	RESERVED
CVE-2016-2910
	RESERVED
CVE-2016-2909
	RESERVED
CVE-2016-2908 (IBM Single Sign On for Bluemix could allow a remote attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-2907
	RESERVED
CVE-2016-2906
	RESERVED
CVE-2016-2905
	RESERVED
CVE-2016-2904
	RESERVED
CVE-2016-2903
	RESERVED
CVE-2016-2902
	RESERVED
CVE-2016-2901 (Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creato ...)
	NOT-FOR-US: IBM
CVE-2016-2900
	RESERVED
CVE-2016-2899
	RESERVED
CVE-2016-2898
	RESERVED
CVE-2016-2897
	RESERVED
CVE-2016-2896
	RESERVED
CVE-2016-2895
	RESERVED
CVE-2016-2894 (IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 ...)
	NOT-FOR-US: IBM
CVE-2016-2893
	RESERVED
CVE-2016-2892
	RESERVED
CVE-2016-2891
	RESERVED
CVE-2016-2890
	RESERVED
CVE-2016-2889 (Cross-site request forgery (CSRF) vulnerability in the Report Builder  ...)
	NOT-FOR-US: IBM
CVE-2016-2888 (Cross-site scripting (XSS) vulnerability in the Report Builder and Dat ...)
	NOT-FOR-US: IBM
CVE-2016-2887 (IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .N ...)
	NOT-FOR-US: IBM
CVE-2016-2886
	RESERVED
CVE-2016-2885
	RESERVED
CVE-2016-2884 (Cross-site request forgery (CSRF) vulnerability in IBM Forms Experienc ...)
	NOT-FOR-US: IBM
CVE-2016-2883 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Pl ...)
	NOT-FOR-US: IBM
CVE-2016-2882 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM
CVE-2016-2881 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRada ...)
	NOT-FOR-US: IBM
CVE-2016-2880 (IBM QRadar 7.2 stores the encryption key used to encrypt the service a ...)
	NOT-FOR-US: IBM
CVE-2016-2879 (IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwo ...)
	NOT-FOR-US: IBM
CVE-2016-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRad ...)
	NOT-FOR-US: IBM
CVE-2016-2877 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak ...)
	NOT-FOR-US: IBM
CVE-2016-2876 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes  ...)
	NOT-FOR-US: IBM
CVE-2016-2875 (IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote au ...)
	NOT-FOR-US: IBM
CVE-2016-2874 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandle ...)
	NOT-FOR-US: IBM
CVE-2016-2873 (SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 ...)
	NOT-FOR-US: IBM
CVE-2016-2872 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x be ...)
	NOT-FOR-US: IBM
CVE-2016-2871 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses clea ...)
	NOT-FOR-US: IBM
CVE-2016-2870 (Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances  ...)
	NOT-FOR-US: IBM
CVE-2016-2869 (Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM Q ...)
	NOT-FOR-US: IBM
CVE-2016-2868 (IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticate ...)
	NOT-FOR-US: IBM
CVE-2016-2867 (IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 d ...)
	NOT-FOR-US: IBM
CVE-2016-2866 (An unspecified vulnerability in IBM Jazz Team Server may disclose some ...)
	NOT-FOR-US: IBM
CVE-2016-2865 (The GIT Integration component in IBM Rational Team Concert (RTC) 5.x b ...)
	NOT-FOR-US: IBM
CVE-2016-2864 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2863 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Comme ...)
	NOT-FOR-US: IBM
CVE-2016-2862 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2861 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1 ...)
	NOT-FOR-US: IBM
CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 a ...)
	{DSA-3569-1 DLA-493-1}
	- openafs 1.6.17-1
	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0
	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132822 (currently not public)
CVE-2016-3154 (The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ...)
	{DSA-3518-1}
	- spip 3.0.22-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22903
CVE-2016-3153 (SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ...)
	{DSA-3518-1}
	- spip 3.0.22-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22911
CVE-2016-XXXX [Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter]
	- cgit 0.12.0.git2.7.0-1
	[jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
	NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier al ...)
	{DLA-560-1}
	- cacti 0.8.8g+ds1-2 (bug #818647)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://bugs.cacti.net/view.php?id=2667
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/13
	NOTE: Requires authenticated user
CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows rem ...)
	- dropbear 2016.72-1
	[jessie] - dropbear 2014.65-1+deb8u1
	[wheezy] - dropbear <no-dsa> (Minor issue)
	NOTE: https://matt.ucc.asn.au/dropbear/CHANGES
	NOTE: Fixed in 2016.72 upstream
CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSS ...)
	{DLA-1500-1}
	- openssh 1:7.2p2-1
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://www.openssh.com/txt/x11fwd.adv
	NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
	NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not val ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	[wheezy] - linux <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
	NOTE: https://patchwork.ozlabs.org/patch/595575/
	NOTE: http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/4
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in net/netfilter/ ...)
	- linux 4.4.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
	NOTE: https://patchwork.ozlabs.org/patch/595576/
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
CVE-2015-8835 (The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...)
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69
	NOTE: https://bugs.php.net/bug.php?id=70081
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
	NOTE: CVE assignment is for "The first problem" section of Bug 70081
CVE-2015-8833 (Use-after-free vulnerability in the create_smp_dialog function in gtk- ...)
	{DSA-3528-1}
	- pidgin-otr 4.0.2-1
	[wheezy] - pidgin-otr <not-affected> (Vulnerable code not present)
	NOTE: https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
	NOTE: https://bugs.otr.im/issues/88
	NOTE: https://bugs.otr.im/issues/128
	NOTE: Fixed by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
	NOTE: Introduced by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/c276bfa786bef8a4572a37d5633cf40f480d3ae0
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/09/8
CVE-2016-2859
	REJECTED
CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote at ...)
	- simplesamlphp 1.14.1-1 (unimportant; bug #817162)
	NOTE: https://simplesamlphp.org/security/201603-01
	NOTE: Fixed upstream in 1.14.1
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
	NOTE: Not treated as a security issue, many components in Debian reveal the release in use
CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier use ...)
	NOT-FOR-US: Huawei
CVE-2016-2852
	RESERVED
CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms ...)
	{DSA-3512-1}
	- libotr 4.1.1-1 (bug #817799)
	NOTE: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000062.html
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
CVE-2016-2850 (Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signat ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.29
CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-t ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.13-1 (bug #822698)
	NOTE: http://botan.randombit.net/security.html
	NOTE: Introduced in 1.7.15, fixed in 1.10.13 and 1.11.29
	NOTE: FIX https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1
CVE-2016-2848 (ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remo ...)
	{DLA-672-1}
	- bind9 1:9.9.3.dfsg.P2-1 (bug #839051)
	NOTE: https://kb.isc.org/article/AA-01433
	NOTE: Fixed by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4
CVE-2016-2846 (Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers  ...)
	NOT-FOR-US: Siemens SIMATIC S7-1200 CPU devices
CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as used in  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2844 (WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2843 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, a ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-3178 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
	{DLA-454-1}
	- minissdpd 1.2.20130907-3.2 (bug #816759)
	[jessie] - minissdpd 1.2.20130907-3+deb8u1
	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
	NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
CVE-2016-3179 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
	{DLA-454-1}
	- minissdpd 1.2.20130907-3.2 (bug #816759)
	[jessie] - minissdpd 1.2.20130907-3+deb8u1
	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
	NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 befo ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: split from CVE-2016-0799
CVE-2016-3142 (The phar_parse_zipfile function in zip.c in the PHAR extension in PHP  ...)
	{DLA-818-1}
	- php5 5.6.19+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	NOTE: https://bugs.php.net/bug.php?id=71498
	NOTE: Fixed in 5.5.33, 5.6.19
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/2
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in PHP be ...)
	{DLA-818-1}
	- php5 5.6.19+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	NOTE: https://bugs.php.net/bug.php?id=71587
	NOTE: Fixed in 5.5.33, 5.6.19
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/1
CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) back-e ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #817183)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
CVE-2015-8832 (Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.cor ...)
	- dotclear <removed> (bug #815979)
	NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80
	NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
	NOTE: Fixed upstream in 2.8.2
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2015-8831 (Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotc ...)
	- dotclear <removed> (bug #815979)
	NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf
	NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
	NOTE: Fixed upstream in 2.8.2
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2016-8000
	REJECTED
CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before  ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows l ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-1 (bug #817182)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
CVE-2016-2854 (The aufs module for the Linux kernel 3.x and 4.x does not properly mai ...)
	- linux 3.18-1~exp1
	[jessie] - linux <ignored> (Not exploitable in default configuration)
	[wheezy] - linux <not-affected> (Vulnerable code is not present)
	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
	NOTE: This depends on a user namespace creator being able to mount aufs.
	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
	NOTE: wheezy: User namespaces are non-functional.
CVE-2016-2853 (The aufs module for the Linux kernel 3.x and 4.x does not properly res ...)
	- linux 3.18-1~exp1
	[jessie] - linux <ignored> (Not exploitable in default configuration)
	[wheezy] - linux <not-affected> (Vulnerable code is not present)
	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
	NOTE: This depends on a user namespace creator being able to mount aufs.
	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
	NOTE: wheezy: User namespaces are non-functional.
CVE-2016-2839 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux  ...)
	- firefox <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
	- firefox-esr <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
	NOTE: Related patches https://hg.mozilla.org/mozilla-central/log?rev=Bug+1275339
CVE-2016-2838 (Heap-based buffer overflow in the nsBidi::BracketData::AddOpening func ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
CVE-2016-2837 (Heap-based buffer overflow in the ClearKey Content Decryption Module ( ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
CVE-2016-2836 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3686-1 DSA-3640-1 DLA-640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	- icedove 1:45.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
CVE-2016-2835 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- icedove <not-affected> (Doesn't apply to Thunderbird ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
CVE-2016-2834 (Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ...)
	{DSA-3688-1 DLA-527-1}
	- nss 2:3.23-1
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
CVE-2016-2833 (Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) dire ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2832 (Mozilla Firefox before 47.0 allows remote attackers to discover the li ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2831 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not en ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2830 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve  ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1342897
CVE-2016-2829 (Mozilla Firefox before 47.0 allows remote attackers to spoof permissio ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2828 (Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefo ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2827 (The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox be ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-2826 (The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ...)
	- firefox-esr <not-affected> (Only affects Windows)
	- firefox <not-affected> (Only affects Windows)
CVE-2016-2825 (Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2824 (The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox befor ...)
	- firefox-esr <not-affected> (Only affects Windows)
	- firefox <not-affected> (Only affects Windows)
CVE-2016-2823
	RESERVED
CVE-2016-2822 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow rem ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2821 (Use-after-free vulnerability in the mozilla::dom::Element class in Moz ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in  ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
CVE-2016-2819 (Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox  ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3647-1 DSA-3600-1 DLA-572-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
	- icedove 1:45.2.0-1
CVE-2016-2817 (The WebExtension sandbox feature in browser/components/extensions/ext- ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-46/
CVE-2016-2816 (Mozilla Firefox before 46.0 allows remote attackers to bypass the Cont ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
CVE-2016-2815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2814 (Heap-based buffer overflow in the stagefright::SampleTable::parseSampl ...)
	{DSA-3559-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
CVE-2016-2813 (Mozilla Firefox before 46.0 on Android does not properly restrict Java ...)
	- iceweasel <not-affected> (Only Firefox on Android)
	- firefox-esr <not-affected> (Only Firefox on Android)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/
CVE-2016-2812 (Race condition in the get implementation in the ServiceWorkerManager c ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
CVE-2016-2811 (Use-after-free vulnerability in the ServiceWorkerInfo class in the Ser ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
CVE-2016-2810 (Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to  ...)
	- iceweasel <not-affected> (Only Firefox on Android)
	- firefox-esr <not-affected> (Only Firefox on Android)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-41/
CVE-2016-2809 (The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ...)
	- iceweasel <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox on Windows)
	- firefox <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
CVE-2016-2808 (The watch implementation in the JavaScript engine in Mozilla Firefox b ...)
	{DSA-3559-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
CVE-2016-2807 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3576-1 DSA-3559-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2806 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3601-1 DLA-519-1}
	- iceweasel <not-affected> (Only Firefox 45.x)
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2805 (Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ...)
	{DSA-3576-1 DSA-3559-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
	- firefox <not-affected> (Only affects Firefox ESR 38.x)
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2804 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2803 (Cross-site scripting (XSS) vulnerability in the dependency graphs in B ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphit ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp i ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 befor ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 be ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code f ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 before 1. ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphi ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox  ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6,  ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2790 (The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3 ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2789 (Cross-site scripting (XSS) vulnerability in the Web User Interface in  ...)
	NOT-FOR-US: Citrix
CVE-2015-8829
	REJECTED
CVE-2015-8828
	REJECTED
CVE-2015-8827
	REJECTED
CVE-2015-8826
	REJECTED
CVE-2015-8825
	REJECTED
CVE-2015-8824
	REJECTED
CVE-2015-8823 (Use-after-free vulnerability in the TextField object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8822 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8821 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8820 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8819
	RESERVED
CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support (hw/ne ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #817181)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ...)
	- mcollective 2.12.0+dfsg-1 (bug #850968)
	[jessie] - mcollective <no-dsa> (Minor issue)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/cve-2016-2788
	NOTE: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d
CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise 2015.3.x befor ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3  ...)
	- puppet <not-affected> (pxp-agent not packaged in Debian)
	NOTE: https://puppet.com/security/cve/cve-2016-2786
CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before  ...)
	- puppet <not-affected> (Vulnerable code only in 4.x)
	NOTE: https://puppet.com/security/cve/cve-2016-2785
	NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Ca ...)
	NOT-FOR-US: CMS Made Simple
CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c in QEMU  ...)
	- qemu 1:2.4+dfsg-1a
	[jessie] - qemu <not-affected> (Problematic memory clamping code got added later with upstream commit 965eb2f)
	[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
	NOTE: same patchset than CVE-2015-8817
	NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html
CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate' to ma ...)
	- qemu 1:2.4+dfsg-1a
	[jessie] - qemu <ignored> (Minor issue; too dangerous backport)
	[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
	NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html
CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating System  ...)
	NOT-FOR-US: Avaya
CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R00 ...)
	NOT-FOR-US: Huawei UTPS
CVE-2016-2778
	RESERVED
CVE-2016-2777
	REJECTED
CVE-2016-2776 (buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4- ...)
	{DSA-3680-1 DLA-645-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #839010)
	NOTE: https://kb.isc.org/article/AA-01419
CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x befo ...)
	{DSA-3680-1 DLA-645-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #831796)
	NOTE: https://kb.isc.org/article/AA-01393/74/CVE-2016-2775
CVE-2016-2774 (ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 doe ...)
	{DLA-2003-1}
	- isc-dhcp 4.3.4-1 (bug #817158)
	[wheezy] - isc-dhcp <no-dsa> (Minor issue)
	NOTE: https://kb.isc.org/article/AA-01354
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=0b209ea5cc333255e055113fa2ad636dda681a21
CVE-2016-2773
	REJECTED
CVE-2016-2772
	REJECTED
CVE-2016-2771
	REJECTED
CVE-2016-2770
	REJECTED
CVE-2016-2769
	REJECTED
CVE-2016-2768
	REJECTED
CVE-2016-2767
	REJECTED
CVE-2016-2766
	REJECTED
CVE-2016-2765
	REJECTED
CVE-2016-2764
	REJECTED
CVE-2016-2763
	REJECTED
CVE-2016-2762
	REJECTED
CVE-2016-2761
	REJECTED
CVE-2016-2760
	REJECTED
CVE-2016-2759
	REJECTED
CVE-2016-2758
	REJECTED
CVE-2016-2757
	REJECTED
CVE-2016-2756
	REJECTED
CVE-2016-2755
	REJECTED
CVE-2016-2754
	REJECTED
CVE-2016-2753
	REJECTED
CVE-2016-2752
	REJECTED
CVE-2016-2751
	REJECTED
CVE-2016-2750
	REJECTED
CVE-2016-2749
	REJECTED
CVE-2016-2748
	REJECTED
CVE-2016-2747
	REJECTED
CVE-2016-2746
	REJECTED
CVE-2016-2745
	REJECTED
CVE-2016-2744
	REJECTED
CVE-2016-2743
	REJECTED
CVE-2016-2742
	REJECTED
CVE-2016-2741
	REJECTED
CVE-2016-2740
	REJECTED
CVE-2016-2739
	REJECTED
CVE-2016-2738
	REJECTED
CVE-2016-2737
	REJECTED
CVE-2016-2736
	REJECTED
CVE-2016-2735
	REJECTED
CVE-2016-2734
	REJECTED
CVE-2016-2733
	REJECTED
CVE-2016-2732
	REJECTED
CVE-2016-2731
	REJECTED
CVE-2016-2730
	REJECTED
CVE-2016-2729
	REJECTED
CVE-2016-2728
	REJECTED
CVE-2016-2727
	REJECTED
CVE-2016-2726
	REJECTED
CVE-2016-2725
	REJECTED
CVE-2016-2724
	REJECTED
CVE-2016-2723
	REJECTED
CVE-2016-2722
	REJECTED
CVE-2016-2721
	REJECTED
CVE-2016-2720
	REJECTED
CVE-2016-2719
	REJECTED
CVE-2016-2718
	REJECTED
CVE-2016-2717
	REJECTED
CVE-2016-2716
	REJECTED
CVE-2016-2715
	REJECTED
CVE-2016-2714
	REJECTED
CVE-2016-2713
	REJECTED
CVE-2016-2712
	REJECTED
CVE-2016-2711
	REJECTED
CVE-2016-2710
	REJECTED
CVE-2016-2709
	REJECTED
CVE-2016-2708
	REJECTED
CVE-2016-2707
	REJECTED
CVE-2016-2706
	REJECTED
CVE-2016-2705
	REJECTED
CVE-2016-2704
	REJECTED
CVE-2016-2703
	REJECTED
CVE-2016-2702
	REJECTED
CVE-2016-2701
	REJECTED
CVE-2016-2700
	REJECTED
CVE-2016-2699
	REJECTED
CVE-2016-2698
	REJECTED
CVE-2016-2697
	REJECTED
CVE-2016-2696
	REJECTED
CVE-2016-2695
	REJECTED
CVE-2016-2694
	REJECTED
CVE-2016-2693
	REJECTED
CVE-2016-2692
	REJECTED
CVE-2016-2691
	REJECTED
CVE-2016-2690
	REJECTED
CVE-2016-2689
	REJECTED
CVE-2016-2688
	REJECTED
CVE-2016-2687
	REJECTED
CVE-2016-2686
	REJECTED
CVE-2016-2685
	REJECTED
CVE-2016-2684
	REJECTED
CVE-2016-2683
	REJECTED
CVE-2016-2682
	REJECTED
CVE-2016-2681
	REJECTED
CVE-2016-2680
	REJECTED
CVE-2016-2679
	REJECTED
CVE-2016-2678
	REJECTED
CVE-2016-2677
	REJECTED
CVE-2016-2676
	REJECTED
CVE-2016-2675
	REJECTED
CVE-2016-2674
	REJECTED
CVE-2016-2673
	REJECTED
CVE-2016-2672
	REJECTED
CVE-2016-2671
	REJECTED
CVE-2016-2670
	REJECTED
CVE-2016-2669
	REJECTED
CVE-2016-2668
	REJECTED
CVE-2016-2667
	REJECTED
CVE-2016-2666
	REJECTED
CVE-2016-2665
	REJECTED
CVE-2016-2664
	REJECTED
CVE-2016-2663
	REJECTED
CVE-2016-2662
	REJECTED
CVE-2016-2661
	REJECTED
CVE-2016-2660
	REJECTED
CVE-2016-2659
	REJECTED
CVE-2016-2658
	REJECTED
CVE-2016-2657
	REJECTED
CVE-2016-2656
	REJECTED
CVE-2016-2655
	REJECTED
CVE-2016-2654
	REJECTED
CVE-2016-2653
	REJECTED
CVE-2016-2652
	REJECTED
CVE-2016-2651
	REJECTED
CVE-2016-2650
	REJECTED
CVE-2016-2649
	REJECTED
CVE-2016-2648
	REJECTED
CVE-2016-2647
	REJECTED
CVE-2016-2646
	REJECTED
CVE-2016-2645
	REJECTED
CVE-2016-2644
	REJECTED
CVE-2016-2643
	REJECTED
CVE-2016-2642
	REJECTED
CVE-2016-2641
	REJECTED
CVE-2016-2640
	REJECTED
CVE-2016-2639
	REJECTED
CVE-2016-2638
	REJECTED
CVE-2016-2637
	REJECTED
CVE-2016-2636
	REJECTED
CVE-2016-2635
	REJECTED
CVE-2016-2634
	REJECTED
CVE-2016-2633
	REJECTED
CVE-2016-2632
	REJECTED
CVE-2016-2631
	REJECTED
CVE-2016-2630
	REJECTED
CVE-2016-2629
	REJECTED
CVE-2016-2628
	REJECTED
CVE-2016-2627
	REJECTED
CVE-2016-2626
	REJECTED
CVE-2016-2625
	REJECTED
CVE-2016-2624
	REJECTED
CVE-2016-2623
	REJECTED
CVE-2016-2622
	REJECTED
CVE-2016-2621
	REJECTED
CVE-2016-2620
	REJECTED
CVE-2016-2619
	REJECTED
CVE-2016-2618
	REJECTED
CVE-2016-2617
	REJECTED
CVE-2016-2616
	REJECTED
CVE-2016-2615
	REJECTED
CVE-2016-2614
	REJECTED
CVE-2016-2613
	REJECTED
CVE-2016-2612
	REJECTED
CVE-2016-2611
	REJECTED
CVE-2016-2610
	REJECTED
CVE-2016-2609
	REJECTED
CVE-2016-2608
	REJECTED
CVE-2016-2607
	REJECTED
CVE-2016-2606
	REJECTED
CVE-2016-2605
	REJECTED
CVE-2016-2604
	REJECTED
CVE-2016-2603
	REJECTED
CVE-2016-2602
	REJECTED
CVE-2016-2601
	REJECTED
CVE-2016-2600
	REJECTED
CVE-2016-2599
	REJECTED
CVE-2016-2598
	REJECTED
CVE-2016-2597
	REJECTED
CVE-2016-2596
	REJECTED
CVE-2016-2595
	REJECTED
CVE-2016-2594
	REJECTED
CVE-2016-2593
	REJECTED
CVE-2016-2592
	REJECTED
CVE-2016-2591
	REJECTED
CVE-2016-2590
	REJECTED
CVE-2016-2589
	REJECTED
CVE-2016-2588
	REJECTED
CVE-2016-2587
	REJECTED
CVE-2016-2586
	REJECTED
CVE-2016-2585
	REJECTED
CVE-2016-2584
	REJECTED
CVE-2016-2583
	REJECTED
CVE-2016-2582
	REJECTED
CVE-2016-2581
	REJECTED
CVE-2016-2580
	REJECTED
CVE-2016-2579
	REJECTED
CVE-2016-2578
	REJECTED
CVE-2016-2577
	REJECTED
CVE-2016-2576
	REJECTED
CVE-2016-2575
	REJECTED
CVE-2016-2574
	REJECTED
CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in certain stacked installations,  ...)
	{DSA-3553-1}
	- varnish 4.0.0-1 (bug #783510)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
	NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
	NOTE: 4.x not affected
CVE-2016-XXXX [unsafe use of /tmp]
	- wine 4.0~rc1-1 (unimportant; bug #816034)
	- wine-development 3.12-2 (unimportant; bug #903622)
	NOTE: Negligible security impact
CVE-2016-XXXX [remote memory disclosure]
	- node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant)
	NOTE: fixed in 1.0.1
	NOTE: https://nodesecurity.io/advisories/67
	NOTE: nodejs not covered by security support
CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Linux ke ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows local users ...)
	- coreutils <unfixed> (low; bug #816320)
	[buster] - coreutils <ignored> (Minor issue)
	[stretch] - coreutils <ignored> (Minor issue)
	[jessie] - coreutils <ignored> (Minor issue)
	[wheezy] - coreutils <ignored> (Minor issue)
	NOTE: Restricting ioctl on the kernel side seems the better approach, but rejected by Linux upstream
	NOTE: Fixing this issue via setsid() would introduce regressions:
	NOTE: https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
CVE-2016-2779 (runuser in util-linux allows local users to escape to the parent sessi ...)
	- util-linux 2.31.1-0.1 (bug #815922)
	[stretch] - util-linux <no-dsa> (Minor issue)
	[jessie] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
	[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
	NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/27/1
	NOTE: https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
	NOTE: 2.31 introduces a new --pty option to separate privileged and unprivileged
	NOTE: shells (not enabled by default and the cli switch is necessary).
CVE-2016-XXXX [Partial SMAP bypass on 64-bit Linux kernels]
	- linux 4.4.4-1
	[jessie] - linux 3.16.7-ckt25-2+deb8u1
	[wheezy] - linux <not-affected> (Introduced in 3.10)
	- linux-2.6 <not-affected> (Introduced in 3.10)
	NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/3d44d51bd339766f0178f0cf2e8d048b4a4872aa (v4.5-rc6)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/26/6
CVE-2016-7575
	REJECTED
CVE-2016-2573
	RESERVED
CVE-2016-2567 (secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXU ...)
	NOT-FOR-US: Samsung
CVE-2016-2566 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devic ...)
	NOT-FOR-US: Samsung
CVE-2016-2565 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devic ...)
	NOT-FOR-US: Samsung
CVE-2016-2564 (Invision Power Services (IPS) Community Suite before 4.1.9 makes sessi ...)
	NOT-FOR-US: Invision Power Services
CVE-2016-2563 (Stack-based buffer overflow in the SCP command-line utility in PuTTY b ...)
	- putty 0.67-1 (bug #816921)
	[jessie] - putty <no-dsa> (Minor issue)
	[wheezy] - putty <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
	NOTE: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5 ...)
	- phpmyadmin 4:4.5.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected>
	[wheezy] - phpmyadmin <not-affected>
	NOTE: vulnerabilty is only in the test suite
CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.5.5.1-1
	[wheezy] - phpmyadmin <not-affected>
CVE-2016-2560 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.5.1-1 (low)
	NOTE: 7ddce5e39a4e12cd351732955394bc7055c280eb: file not present, vulnerability not found in wheezy
	NOTE: 0667ea8ac7519d7e642eade2686dc393d5faeae3: vulnerability present in 3.4.3.1, but code mysteriously not found in wheezy
	NOTE: fe3be9f4b9edd54dc39919e7dfeaaf4a67c1cf83: vulnerability introduced in 052fd61f (3.5.1)
	NOTE: b8f1e0f325f8f32bd82af64111d8c2e9055a363c and 73c8245a3d1893a710447957e28dcfb18d9b47ad present in wheezy and later, patch in lists.debian.org/87lh4fpyap.fsf@angela.anarcat.ath.cx
CVE-2016-2559 (Cross-site scripting (XSS) vulnerability in the format function in lib ...)
	- phpmyadmin 4:4.5.5.1-1 (low)
	[jessie] - phpmyadmin <not-affected>
	[wheezy] - phpmyadmin <not-affected>
CVE-2016-2572 (http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...)
	- squid3 <not-affected> (Only affects 4.x)
	- squid <not-affected> (Only affects 4.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with  ...)
	{DSA-3522-1 DLA-445-1}
	- squid3 3.5.15-1 (bug #816011)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
	- squid3 3.5.15-1 (bug #816011)
	[wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=3870
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
	NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append  ...)
	- squid3 3.5.15-1 (bug #816011)
	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13998.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13999.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
	- policykit-1 <unfixed> (low; bug #816062; bug #812512)
	[buster] - policykit-1 <ignored> (Minor issue)
	[stretch] - policykit-1 <ignored> (Minor issue)
	[jessie] - policykit-1 <ignored> (Minor issue)
	[wheezy] - policykit-1 <ignored> (Minor issue)
	NOTE: Restricting ioctl on the kernel side seems the better approach
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746
CVE-2016-2558 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2557 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2556 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2555 (SQL injection vulnerability in include/lib/mysql_connect.inc.php in AT ...)
	NOT-FOR-US: ATutor
CVE-2016-2553
	REJECTED
CVE-2016-2552
	RESERVED
CVE-2016-2551
	RESERVED
CVE-2016-3191 (The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39  ...)
	{DLA-441-1}
	- pcre3 2:8.38-2 (bug #815921)
	[jessie] - pcre3 2:8.35-3.3+deb8u3
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	- pcre2 10.21-1 (bug #815920)
	NOTE: pcre3: http://vcs.pcre.org/pcre?view=revision&revision=1631
	NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision&revision=489
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1791
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503
CVE-2016-3162 (The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows  ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3163 (The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might al ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3165 (The Form API in Drupal 6.x before 6.38 ignores access restrictions on  ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3166 (CRLF injection vulnerability in the drupal_set_header function in Drup ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3167 (Open redirect vulnerability in the drupal_goto function in Drupal 6.x  ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3168 (The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might  ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3169 (The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows r ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3170 (The "have you forgotten your password" links in the User module in Dru ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...)
	- audacity 2.1.2-1 (unimportant)
	[jessie] - audacity <not-affected> (Vulnerable code not present)
	[wheezy] - audacity <not-affected> (vulnerable code not present)
	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
	NOTE: https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f
	NOTE: Crash in desktop application, no security impact
CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...)
	{DLA-1277-1}
	- audacity 2.1.2-1 (unimportant)
	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
	NOTE: https://github.com/audacity/audacity/commit/407c1dc4b209111e4dbb3eec88f333aa8f69094c
	NOTE: https://github.com/audacity/audacity/commit/b5f2046286b266b10f87b764faa1586aee9c23ea
	NOTE: Crash in desktop application, no security impact
CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in install_modules.php ...)
	NOT-FOR-US: ATutor
CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass file-descript ...)
	{DSA-3503-1}
	- linux 4.4.4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/415e3d3e90ce9e18727e8843ae343eda5a58fad6 (v4.5-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1)
	NOTE: Technically wheezy-security and squeeze-lts are not affected by this CVE since the fix for
	NOTE: addressing CVE-2013-4312 was not applied.
CVE-2016-2549 (sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
CVE-2016-2548 (sound/core/timer.c in the Linux kernel before 4.4.1 retains certain li ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2547 (sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking  ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2546 (sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect  ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
CVE-2016-2545 (The snd_timer_interrupt function in sound/core/timer.c in the Linux ke ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
CVE-2016-2544 (Race condition in the queue_delete function in sound/core/seq/seq_queu ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
CVE-2016-2543 (The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientm ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1)
CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through 2 ...)
	NOT-FOR-US: Flexera InstallShield
CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an incorrec ...)
	NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Vi ...)
	NOT-FOR-US: SAP
CVE-2016-2535
	RESERVED
CVE-2016-2534
	RESERVED
CVE-2016-4421 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1 ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4420 (The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attacker ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-17.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4419 (epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-16.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4418 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1 ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-15.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4417 (Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-14.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4416 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wir ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-13.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4415 (wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x befo ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-12.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2532 (The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c  ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-11.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2531 (Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector  ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2530 (The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c i ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2529 (The iseries_check_file_type function in wiretap/iseries.c in the iSeri ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-09.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2528 (The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in t ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-08.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2527 (wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-07.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2526 (epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2 ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-06.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2525 (epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2. ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-05.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2524 (epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark  ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.0.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-04.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2523 (The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-03.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2522 (The dissect_ber_constrained_bitstring function in epan/dissectors/pack ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.0.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-02.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2521 (Untrusted search path vulnerability in the WiresharkApplication class  ...)
	- wireshark <not-affected> (Windows-specific)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-01.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2520
	RESERVED
CVE-2016-2519 (ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attac ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2518 (The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x befor ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2517 (NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to  ...)
	- ntp 1:4.2.8p7+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
	NOTE: not a security issue, anyone with the privileges for remote configuration can
	NOTE: cause trouble anyway
CVE-2016-2516 (NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, all ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2514
	RESERVED
CVE-2016-2513 (The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...)
	{DSA-3544-1}
	- python-django 1.9.4-1 (bug #816434)
	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2512 (The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x  ...)
	{DSA-3544-1}
	- python-django 1.9.4-1 (bug #816434)
	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2538 (Multiple integer overflows in the USB Net device emulator (hw/usb/dev- ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #815680)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=6c9f886ceae5b998dc2b9af2bf77666941689bce (v0.10.0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/3
CVE-2016-2515 (Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause ...)
	NOT-FOR-US: NodeJS Hawk
CVE-2016-2511 (Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier a ...)
	{DSA-3490-1 DLA-428-1}
	- websvn <removed>
CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform switch ...)
	NOT-FOR-US: Belden Hirschmann Classic Platform switches
CVE-2016-2508 (media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2507 (Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in lib ...)
	NOT-FOR-US: libstagefright
CVE-2016-2506 (DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x  ...)
	NOT-FOR-US: libstagefright
CVE-2016-2504 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2503 (The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2502 (drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android be ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2501 (The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, an ...)
	NOT-FOR-US: Android
CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2497 (services/core/java/com/android/server/pm/PackageManagerService.java in ...)
	NOT-FOR-US: Android
CVE-2016-2496 (The Framework UI permission-dialog implementation in Android 6.x befor ...)
	NOT-FOR-US: Android
CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nex ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-2492 (The MediaTek power-management driver in Android before 2016-06-01 on A ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-2491 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2490 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2489 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x bef ...)
	NOT-FOR-US: libstagefright
CVE-2016-2485 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2481 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2480 (The mm-video-v4l2 vidc component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2479 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2478 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in And ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2477 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in And ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2476 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2475 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nex ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-2474 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X dev ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2473 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2472 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2471 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2470 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2469 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6,  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2468 (The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2467 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2466 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2465 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x be ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <not-affected> (libwebm not yet present)
	[wheezy] - libvpx <not-affected> (libwebm not yet present)
	NOTE: probably fixed earlier, but this was the version checked
CVE-2016-2463 (Multiple integer overflows in the h264dec component in libstagefright  ...)
	NOT-FOR-US: libstagefright
CVE-2016-2462 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 misha ...)
	NOT-FOR-US: Android
CVE-2016-2461 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 misha ...)
	NOT-FOR-US: Android
CVE-2016-2460 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android
CVE-2016-2459 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android
CVE-2016-2458 (The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2,  ...)
	NOT-FOR-US: Android
CVE-2016-2457 (server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0 ...)
	NOT-FOR-US: Android
CVE-2016-2456 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One  ...)
	NOT-FOR-US: Android
CVE-2016-2455
	REJECTED
CVE-2016-2454 (The Qualcomm hardware video codec in Android before 2016-05-01 on Nexu ...)
	NOT-FOR-US: Android
CVE-2016-2453 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One  ...)
	NOT-FOR-US: Android
CVE-2016-2452 (codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2451 (codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: Android
CVE-2016-2450 (codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in  ...)
	NOT-FOR-US: Android
CVE-2016-2449 (services/camera/libcameraservice/device3/Camera3Device.cpp in mediaser ...)
	NOT-FOR-US: Android
CVE-2016-2448 (media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in med ...)
	NOT-FOR-US: Android
CVE-2016-2447
	REJECTED
CVE-2016-2446 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2445 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2444 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2443 (The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Ne ...)
	NOT-FOR-US: Android
CVE-2016-2442 (The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, ...)
	NOT-FOR-US: Android
CVE-2016-2441 (The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, ...)
	NOT-FOR-US: Android
CVE-2016-2440 (libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4,  ...)
	NOT-FOR-US: Android
CVE-2016-2439 (Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-2438
	REJECTED
CVE-2016-2437 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2436 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2435 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2434 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2433 (The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphon ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-2432 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
	NOT-FOR-US: Android
CVE-2016-2431 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
	NOT-FOR-US: Android
CVE-2016-2430 (libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android
CVE-2016-2429 (libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android
CVE-2016-2428 (libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4. ...)
	NOT-FOR-US: Android
CVE-2016-2427 (** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2426 (server/content/ContentService.java in the Framework component in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2425 (mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4 ...)
	NOT-FOR-US: Android
CVE-2016-2424 (server/content/SyncStorageEngine.java in SyncStorageEngine in Android  ...)
	NOT-FOR-US: Android
CVE-2016-2423 (server/telecom/CallsManager.java in Telephony in Android 4.x before 4. ...)
	NOT-FOR-US: Android
CVE-2016-2422 (Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5. ...)
	NOT-FOR-US: Android
CVE-2016-2421 (Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 a ...)
	NOT-FOR-US: Android
CVE-2016-2420 (rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the / ...)
	NOT-FOR-US: Android
CVE-2016-2419 (media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-0 ...)
	NOT-FOR-US: Android
CVE-2016-2418 (media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-0 ...)
	NOT-FOR-US: Android
CVE-2016-2417 (media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5. ...)
	NOT-FOR-US: Android
CVE-2016-2416 (libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android
CVE-2016-2415 (exchange/eas/EasAutoDiscover.java in the Autodiscover implementation i ...)
	NOT-FOR-US: Android
CVE-2016-2414 (The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-2413 (media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2,  ...)
	NOT-FOR-US: Android
CVE-2016-2412 (include/core/SkPostConfig.h in Skia, as used in System_server in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2411 (A Qualcomm Power Management kernel driver in Android 6.x before 2016-0 ...)
	NOT-FOR-US: Android
CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows ...)
	NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...)
	NOT-FOR-US: Android
CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...)
	NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
	REJECTED
CVE-2016-2406 (The permission control module in Huawei Document Security Management ( ...)
	NOT-FOR-US: Huawei
CVE-2016-2405 (Huawei Policy Center with software before V100R003C10SPC020 allows rem ...)
	NOT-FOR-US: Huawei
CVE-2016-2404 (Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SP ...)
	NOT-FOR-US: Huawei
CVE-2016-2403 (Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to b ...)
	{DSA-4262-1}
	- symfony 2.8.6+dfsg-1
	[jessie] - symfony <not-affected> (Vulnerable code not present)
	NOTE: http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
	NOTE: Original commit incomplete and did not test for 'null' password resulting in
	NOTE: CVE-2018-11407. Complete fix as per
	NOTE: https://github.com/symfony/symfony/pull/26589
	NOTE: https://github.com/symfony/symfony/commit/2f5bd18d82f4a8911d549d14c72bf935602834a9
CVE-2013-7450 (Pulp before 2.3.0 uses the same the same certificate authority key and ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote  ...)
	{DSA-3485-1 DLA-424-1}
	- didiwiki 0.5-12 (bug #815111)
	NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
CVE-2016-2510 (BeanShell (bsh) before 2.0b6, when included on the classpath by an app ...)
	{DSA-3504-1 DLA-443-1}
	- bsh 2.0b4-16
	NOTE: https://github.com/beanshell/beanshell/releases/tag/2.0b6
	NOTE: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
	NOTE: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
CVE-2016-2402 (OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle atta ...)
	NOT-FOR-US: OkHttp
CVE-2016-2401
	RESERVED
CVE-2016-2400
	RESERVED
CVE-2016-2399 (Integer overflow in the quicktime_read_pascal function in libquicktime ...)
	{DSA-3800-1 DLA-844-1}
	- libquicktime 2:1.2.4-10 (bug #855099)
	NOTE: PoC: http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain base-s ...)
	NOT-FOR-US: XFINITY
CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA  ...)
	NOT-FOR-US: Dell
CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analy ...)
	NOT-FOR-US: Dell
CVE-2016-2395
	RESERVED
CVE-2016-2394
	RESERVED
CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before ...)
	NOT-FOR-US: Lenovo
CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the S ...)
	NOT-FOR-US: SAP
CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows remot ...)
	NOT-FOR-US: SAP
CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy  ...)
	NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE E ...)
	NOT-FOR-US: SAP
CVE-2015-8857 (The uglify-js package before 2.4.24 for Node.js does not properly acco ...)
	- uglifyjs <unfixed> (unimportant)
	NOTE: fixed in 2.4.24
	NOTE: https://zyan.scripts.mit.edu/blog/backdooring-js/
	NOTE: https://github.com/mishoo/UglifyJS2/issues/751
	NOTE: https://nodesecurity.io/advisories/39
	NOTE: nodejs not covered by security support
CVE-2015-XXXX [root path disclosure]
	- node-send 0.16.2-1 (unimportant)
	NOTE: fixed in 0.11.1
	NOTE: https://github.com/pillarjs/send/pull/70
	NOTE: https://github.com/expressjs/serve-static/blob/master/HISTORY.md#181--2015-01-20
	NOTE: https://nodesecurity.io/advisories/56
	NOTE: nodejs not covered by security support
CVE-2015-XXXX [handlebars: quoteless attributes in templates can lead to content injection]
	- libjs-handlebars <unfixed> (unimportant)
	- ruby-handlebars-assets <unfixed> (unimportant)
	NOTE: fixed in 4.0.0
	NOTE: https://blog.srcclr.com/handlebars_vulnerability_research_findings/
	NOTE: https://github.com/wycats/handlebars.js/pull/1083
	NOTE: https://nodesecurity.io/advisories/61
	NOTE: Security hardening, not a vulnerability
CVE-2015-XXXX [quoteless attributes in templates can lead to content injection]
	- mustache.js <unfixed> (unimportant)
	NOTE: fixed in 2.2.1
	NOTE: https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
	NOTE: https://nodesecurity.io/advisories/62
	NOTE: Security hardening, not a vulnerability
CVE-2015-9244 (Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not ...)
	- node-mysql 2.0.0~alpha8-1 (unimportant)
	NOTE: https://github.com/felixge/node-mysql/issues/342
	NOTE: https://nodesecurity.io/advisories/66
	NOTE: nodejs not covered by security support
CVE-2015-8830 (Integer overflow in the aio_setup_single_vector function in fs/aio.c i ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.7-ckt20-1+deb8u4
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/4c185ce06dca14f5cea192f5a2c981ef50663f2b (v4.1-rc1)
CVE-2015-8816 (The hub_activate function in drivers/usb/core/hub.c in the Linux kerne ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6)
CVE-2015-8815 (Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before  ...)
	NOT-FOR-US: Umbraco
CVE-2015-8814 (Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery se ...)
	NOT-FOR-US: Umbraco
CVE-2016-2392 (The is_rndis function in the USB Net device emulator (hw/usb/dev-netwo ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #815008)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support (hw/usb/ ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #815009)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...)
	- squid 4.1-1 (unimportant)
	- squid3 3.5.14-1 (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2016-2382
	RESERVED
CVE-2016-2381 (Perl might allow context-dependent attackers to bypass the taint prote ...)
	{DSA-3501-1}
	- perl 5.22.1-8
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
CVE-2016-2380 (An information leak exists in the handling of the MXIT protocol in Pid ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/
	NOTE: http://www.pidgin.im/news/security/?id=96
	NOTE: https://bitbucket.org/pidgin/main/commits/8172584fd640
CVE-2016-2379 (The Mxit protocol uses weak encryption when encrypting user passwords, ...)
	NOTE: Mentioned at http://www.pidgin.im/news/security/?id=96 without further details
CVE-2016-2378 (A buffer overflow vulnerability exists in the handling of the MXIT pro ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0120/
	NOTE: http://www.pidgin.im/news/security/?id=94
	NOTE: https://bitbucket.org/pidgin/main/commits/06278419c703
CVE-2016-2377 (A buffer overflow vulnerability exists in the handling of the MXIT pro ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0119/
	NOTE: http://www.pidgin.im/news/security/?id=93
	NOTE: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
CVE-2016-2376 (A buffer overflow vulnerability exists in the handling of the MXIT pro ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0118/
	NOTE: http://www.pidgin.im/news/security/?id=92
	NOTE: https://bitbucket.org/pidgin/main/commits/19f89eda8587
CVE-2016-2375 (An exploitable out-of-bounds read exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0143/
	NOTE: http://www.pidgin.im/news/security/?id=108
	NOTE: https://bitbucket.org/pidgin/main/commits/b786e9814536
CVE-2016-2374 (An exploitable memory corruption vulnerability exists in the handling  ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0142/
	NOTE: http://www.pidgin.im/news/security/?id=107
	NOTE: https://bitbucket.org/pidgin/main/commits/f6c08d962618
CVE-2016-2373 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0141/
	NOTE: http://www.pidgin.im/news/security/?id=106
	NOTE: https://bitbucket.org/pidgin/main/commits/e6159ad42c4c
CVE-2016-2372 (An information leak exists in the handling of the MXIT protocol in Pid ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0140/
	NOTE: http://www.pidgin.im/news/security/?id=105
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2371 (An out-of-bounds write vulnerability exists in the handling of the MXI ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0139/
	NOTE: http://www.pidgin.im/news/security/?id=104
	NOTE: https://bitbucket.org/pidgin/main/commits/f0287378203fbf496a9890bf273d96adefb93b74
CVE-2016-2370 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0138/
	NOTE: http://www.pidgin.im/news/security/?id=103
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2369 (A NULL pointer dereference vulnerability exists in the handling of the ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0137/
	NOTE: http://www.pidgin.im/news/security/?id=102
CVE-2016-2368 (Multiple memory corruption vulnerabilities exist in the handling of th ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0136/
	NOTE: http://www.pidgin.im/news/security/?id=101
	NOTE: https://bitbucket.org/pidgin/main/commits/60f95045db42
	NOTE: https://bitbucket.org/pidgin/main/commits/f6efc254e947
CVE-2016-2367 (An information leak exists in the handling of the MXIT protocol in Pid ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0135/
	NOTE: http://www.pidgin.im/news/security/?id=100
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2366 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0134/
	NOTE: http://www.pidgin.im/news/security/?id=99
	NOTE: https://bitbucket.org/pidgin/main/commits/abdc3025f6b8
CVE-2016-2365 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0133/
	NOTE: http://www.pidgin.im/news/security/?id=98
	NOTE: https://bitbucket.org/pidgin/main/commits/1c4acc6977a8686ad980e5b820327c9c47dbeaca
CVE-2016-2364 (The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously tr ...)
	NOT-FOR-US: Fonality
CVE-2016-2363 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
	NOT-FOR-US: Fonality
CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
	NOT-FOR-US: Fonality
CVE-2016-2361
	RESERVED
CVE-2016-2360 (Milesight IP security cameras through 2016-11-14 have a default root p ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2359 (Milesight IP security cameras through 2016-11-14 allow remote attacker ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2358 (Milesight IP security cameras through 2016-11-14 have a default set of ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2357 (Milesight IP security cameras through 2016-11-14 have a hardcoded SSL  ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2356 (Milesight IP security cameras through 2016-11-14 have a buffer overflo ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 all ...)
	NOT-FOR-US: dotCMS
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver befor ...)
	NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows  ...)
	NOT-FOR-US: Accellion
CVE-2016-2352 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows  ...)
	NOT-FOR-US: Accellion
CVE-2016-2351 (SQL injection vulnerability in home/seos/courier/security_key2.api on  ...)
	NOT-FOR-US: Accellion
CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the Accellion F ...)
	NOT-FOR-US: Accellion
CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 ...)
	NOT-FOR-US: BMC
CVE-2016-2348
	RESERVED
CVE-2016-2347 (Integer underflow in the decode_level3_header function in lib/lha_file ...)
	{DSA-3540-1}
	- lhasa 0.3.1-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unver ...)
	NOT-FOR-US: Allround Automations
CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in Solar ...)
	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in Au ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2016-2343 (Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the  ...)
	NOT-FOR-US: Patterson Dental Eaglesoft 17
CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI p ...)
	{DSA-3532-1}
	- quagga 1.0.20160315-1 (bug #819179)
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442
	NOTE: https://www.kb.cert.org/vuls/id/270232
CVE-2016-2341
	RESERVED
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remot ...)
	NOT-FOR-US: Granite
CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::Funct ...)
	{DLA-1421-1}
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed> (bug #851161)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0034/
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
	{DLA-2158-1}
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed>
	NOTE: https://talosintelligence.com/reports/TALOS-2016-0032
	NOTE: https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...)
	{DLA-1480-1}
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed> (bug #851161)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
	NOTE: https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, ole_inv ...)
	- ruby2.3 <not-affected> (Windows-specific)
	- ruby2.1 <not-affected> (Windows-specific)
	NOTE: Vulnerable win32ole ruby extension not included in binary packages, specific to Windows
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0029/
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9 ...)
	{DSA-3599-1 DLA-510-1}
	- p7zip 15.14.1+dfsg-2 (bug #824160)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
CVE-2016-2334 (Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZli ...)
	- p7zip 15.14.1+dfsg-2 (bug #824160)
	[jessie] - p7zip <not-affected> (Introduced in 9.32)
	[wheezy] - p7zip <not-affected> (Introduced in 9.32)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0093/
	NOTE: https://twitter.com/_Icewall/status/739731922998448129
CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with  ...)
	NOT-FOR-US: SysLINK
CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2 ...)
	NOT-FOR-US: SysLINK
CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular  ...)
	NOT-FOR-US: SysLINK
CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in encode_msg.c  ...)
	{DSA-3535-1}
	- kamailio 4.3.4-2 (bug #815178)
	NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
	NOTE: https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
CVE-2016-2384 (Double free vulnerability in the snd_usbmidi_create function in sound/ ...)
	{DSA-3503-1 DLA-439-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
	NOTE: https://xairy.github.io/blog/2016/cve-2016-2384
CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linux ker ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (v4.5-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/1
CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71039
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71323
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305523
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [Integer overflow in iptcembed()]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71459
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854
CVE-2016-4348 (The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows co ...)
	{DSA-3584-1 DLA-477-1}
	- librsvg 2.40.12-1
	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
CVE-2016-4347
	REJECTED
CVE-2016-4346 (Integer overflow in the str_pad function in ext/standard/string.c in P ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
	NOTE: Reproducer: second test script 2.php in upstream bugreport
CVE-2016-4345 (Integer overflow in the php_filter_encode_url function in ext/filter/s ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
CVE-2016-4344 (Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in P ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
CVE-2016-4343 (The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...)
	{DLA-499-1}
	- php7.0 7.0.3-1
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.18+dfsg-0+deb8u1
	NOTE: https://bugs.php.net/bug.php?id=71331
	NOTE: Fixed in 7.0.3, 5.6.18
CVE-2016-4342 (ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and  ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	[squeeze] - php5 5.3.3.1-7+squeeze29
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71354
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305536
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71391
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5. ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71488
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305543
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=07c7df68bd68bbe706371fccc77c814ebb335d9e
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71335
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305559
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=285cd3417fb61597345b829f5f573707bbdcd484
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [Crash on bad SOAP request]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=70979
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
	NOTE: Fixed in 5.6.18, 7.0.3
CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a  ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Libav not affected according to upstream)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate Ro ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Vulnerable code not present in any Libav version)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes i ...)
	- ffmpeg 2.8.5-1
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
CVE-2016-2326 (Integer overflow in the asf_write_packet function in libavformat/asfen ...)
	{DSA-3506-1}
	- ffmpeg 2.8.5-1
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
CVE-2016-2325
	RESERVED
CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to execut ...)
	{DSA-3521-1}
	- git 1:2.8.0~rc3-1 (bug #818318)
	NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971328#c4
	- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2323
	RESERVED
CVE-2016-2322
	RESERVED
CVE-2016-2321
	RESERVED
CVE-2016-2320
	RESERVED
CVE-2016-2319
	RESERVED
CVE-2016-2315 (revision.c in git before 2.7.4 uses an incorrect integer data type, wh ...)
	{DSA-3521-1}
	- git 1:2.7.0-1 (bug #818318)
	NOTE: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305 (v2.7.0-rc0)
	- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200 ...)
	NOT-FOR-US: Huawei
CVE-2016-2318 (GraphicsMagick 1.3.23 allows remote attackers to cause a denial of ser ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.24-1 (bug #814732)
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31
CVE-2016-2317 (Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attack ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.24-1 (bug #814732)
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
	NOT-FOR-US: AlertWerks
CVE-2016-2310 (General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 swit ...)
	NOT-FOR-US: GE Multilink devices
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows re ...)
	NOT-FOR-US: iRZ RUH2
CVE-2016-2308 (American Auto-Matrix Aspect-Nexus Building Automation Front-End Soluti ...)
	NOT-FOR-US: American Auto-Matrix
CVE-2016-2307 (American Auto-Matrix Aspect-Nexus Building Automation Front-End Soluti ...)
	NOT-FOR-US: American Auto-Matrix
CVE-2016-2306 (The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows re ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2305 (Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5. ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2304 (Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly f ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2303 (CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2302 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obta ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2301 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522  ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypa ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522  ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows r ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows r ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, Mi ...)
	NOT-FOR-US: Moxa
CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvi ...)
	NOT-FOR-US: Acuvim
CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvi ...)
	NOT-FOR-US: Acuvim
CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.00 ...)
	NOT-FOR-US: Pro-face
CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PF ...)
	NOT-FOR-US: Pro-face
CVE-2016-2290 (Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000 ...)
	NOT-FOR-US: Pro-face
CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allo ...)
	NOT-FOR-US: ICONICS WebHMI
	NOT-FOR-US: ICONICS
CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain privileges by  ...)
	NOT-FOR-US: Cogent DataHub
CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR w ...)
	NOT-FOR-US: XZERES
CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, Mi ...)
	NOT-FOR-US: Moxa
CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4 ...)
	NOT-FOR-US: Moxa
CVE-2016-2284
	REJECTED
CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utili ...)
	NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utili ...)
	NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allow ...)
	NOT-FOR-US: ABB Panel Builder
CVE-2016-2280 (Buffer overflow in RDISERVER in Honeywell Uniformance Process History  ...)
	NOT-FOR-US: Honeywell
CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...)
	NOT-FOR-US: CompactLogix
CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server  ...)
	NOT-FOR-US: Schneider Electric
CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) b ...)
	NOT-FOR-US: Rockwell
CVE-2016-2276
	REJECTED
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with f ...)
	NOT-FOR-US: SmartWorx
CVE-2016-2274 (An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base ...)
	NOT-FOR-US: Adcon
CVE-2016-2273
	REJECTED
CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attacke ...)
	NOT-FOR-US: Eaton Lighting
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a den ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-154.html
CVE-2016-2269
	RESERVED
CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL certific ...)
	NOT-FOR-US: Dell
CVE-2016-2267
	REJECTED
CVE-2016-2266
	REJECTED
CVE-2016-2265
	REJECTED
CVE-2016-2264
	REJECTED
CVE-2016-2263
	REJECTED
CVE-2016-2262
	REJECTED
CVE-2016-2261
	REJECTED
CVE-2016-2260
	REJECTED
CVE-2016-2259
	REJECTED
CVE-2016-2258
	REJECTED
CVE-2016-2257
	REJECTED
CVE-2016-2256
	REJECTED
CVE-2016-2255
	REJECTED
CVE-2016-2254
	REJECTED
CVE-2016-2253
	REJECTED
CVE-2016-2252
	REJECTED
CVE-2016-2251
	REJECTED
CVE-2016-2250
	REJECTED
CVE-2016-2249
	REJECTED
CVE-2016-2248
	REJECTED
CVE-2016-2247
	REJECTED
CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control pane ...)
	NOT-FOR-US: HP ThinPro
CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to bypass ...)
	NOT-FOR-US: HP Support Assistant
CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers with f ...)
	NOT-FOR-US: HP LaserJet Printers
CVE-2016-2243 (Sure Start on HP Commercial PCs 2015 allows local users to cause a den ...)
	NOT-FOR-US: HP Commercial PCs with Sure Start
CVE-2015-8813 (The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/das ...)
	NOT-FOR-US: Umbraco
CVE-2015-8812 (drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 d ...)
	{DSA-3503-1 DLA-439-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
	NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated user ...)
	{DLA-560-1}
	- cacti 0.8.8g+ds1-1 (bug #814353)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
	NOTE: http://bugs.cacti.net/view.php?id=2656
	NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
	NOTE: Only exploitable in non default setup
CVE-2016-2312 (Turning all screens off in Plasma-workspace and kscreenlocker while th ...)
	- plasma-workspace 4:5.4.3-2 (bug #814355)
	NOTE: Affects plasma-workspace < 5.5.0, kscreenlocker < 5.5.5
	NOTE: kscreenlocker is only in experimental
	NOTE: https://www.kde.org/info/security/advisory-20160209-1.txt
	NOTE: https://bugs.kde.org/show_bug.cgi?id=358125
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=964548
CVE-2016-XXXX [Stack corruption from crafted pattern]
	- pcre3 2:8.39-1 (bug #827564)
	[jessie] - pcre3 <no-dsa> (Minor issue)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	- pcre2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1780
	NOTE: Possibly introduced after http://vcs.pcre.org/pcre?view=revision&revision=1266
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1638 (8.39)
CVE-2016-2242 (Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execu ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-2241
	RESERVED
CVE-2016-2240
	RESERVED
CVE-2016-2239
	RESERVED
CVE-2016-2238
	RESERVED
CVE-2016-2237
	RESERVED
CVE-2016-2236
	RESERVED
CVE-2016-2235
	RESERVED
CVE-2016-2234
	RESERVED
CVE-2016-2233 (Stack-based buffer overflow in the inbound_cap_ls function in common/i ...)
	- hexchat 2.12.0-1 (low)
	[jessie] - hexchat <no-dsa> (Minor issue, requires connection to a malicious server)
	NOTE: https://www.exploit-db.com/exploits/39657/
	NOTE: https://github.com/hexchat/hexchat/issues/1934
	NOTE: https://github.com/hexchat/hexchat/commit/4e061a43b3453a9856d34250c3913175c45afe9d
CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei Smar ...)
	NOT-FOR-US: Huawei
CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ac ...)
	NOT-FOR-US: OpenELEC/ResPlex
CVE-2016-2229
	RESERVED
CVE-2016-2227
	RESERVED
CVE-2016-2226 (Integer overflow in the string_appends function in cplus-dem.c in libi ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829
CVE-2015-8811
	RESERVED
CVE-2015-8810
	RESERVED
CVE-2015-8809
	RESERVED
CVE-2014-9766 (Integer overflow in the create_bits function in pixman-bits-image.c in ...)
	{DSA-3525-1 DLA-429-1}
	- pixman 0.32.6-1
	NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=972647
CVE-2014-9765 (Buffer overflow in the main_get_appheader function in xdelta3-main.h i ...)
	{DSA-3484-1 DLA-417-1}
	- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
	NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
CVE-2017-6100 (tcpdf before 6.2.0 uploads files from the server generating PDF-files  ...)
	- tcpdf 6.2.12+dfsg2-1 (bug #814030)
	[jessie] - tcpdf 6.0.093+dfsg-1+deb8u1
	NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/
CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allo ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.21-2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53
CVE-2016-2223
	RESERVED
CVE-2016-2220
	RESERVED
CVE-2016-2219 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-2218
	RESERVED
CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...)
	{DLA-561-1}
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...)
	{DLA-561-1}
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6  ...)
	- nodejs 4.3.0~dfsg-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2016-2215
	RESERVED
CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal auth ...)
	NOT-FOR-US: Huawei
CVE-2016-2212 (The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class ...)
	NOT-FOR-US: Magento
CVE-2016-2211 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-2210 (Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in S ...)
	NOT-FOR-US: Symantec
CVE-2016-2209 (Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Sy ...)
	NOT-FOR-US: Symantec
CVE-2016-2208 (The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 befor ...)
	NOT-FOR-US: Symantec
CVE-2016-2207 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-2206 (The management console in Symantec Workspace Streaming (SWS) 7.5.x bef ...)
	NOT-FOR-US: Symantec
CVE-2016-2205 (Directory traversal vulnerability in the file-download configuration f ...)
	NOT-FOR-US: Symantec
CVE-2016-2204 (The management console on Symantec Messaging Gateway (SMG) Appliance d ...)
	NOT-FOR-US: Symantec
CVE-2016-2203 (The management console on Symantec Messaging Gateway (SMG) Appliance d ...)
	NOT-FOR-US: Symantec
CVE-2016-2202 (The Inventory Solution component in the Management Agent in the client ...)
	NOT-FOR-US: Symantec
CVE-2016-2201 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attacker ...)
	NOTE: Siemens SIMATIC
CVE-2016-2200 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attacker ...)
	NOTE: Siemens SIMATIC
CVE-2015-8802
	REJECTED
CVE-2015-8801 (Race condition in the client in Symantec Endpoint Protection (SEP) 12. ...)
	NOT-FOR-US: Symantec
CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...)
	NOT-FOR-US: Symantec
CVE-2015-8799 (Directory traversal vulnerability in the Management Server in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2015-8798 (Directory traversal vulnerability in the Management Server in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in libImagi ...)
	- pillow 3.1.1-1
	[jessie] - pillow <not-affected>
	- python-imaging <removed>
	[wheezy] - python-imaging <not-affected>
	[squeeze] - python-imaging <not-affected>
	NOTE: https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
	NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable.
	NOTE: https://github.com/python-pillow/Pillow/pull/1714
	NOTE: https://github.com/python-pillow/Pillow/issues/1737
CVE-2016-2232 (Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...)
	{DSA-3700-1}
	- asterisk 1:13.7.2~dfsg-1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-003.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25603
	NOTE: issue was introduced in 2006 with commit 0f5e4e47, so squeeze and previous also vulnerable
	NOTE: patch for 11 / jessie: https://code.asterisk.org/code/changelog/asterisk?cs=da2573a3779425654543d6ac4c4dd6871ce16720
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2016-2316 (chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and ...)
	{DSA-3700-1}
	- asterisk 1:13.7.2~dfsg-1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-002.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25397
	NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable
	NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2015-8807 (Cross-site scripting (XSS) vulnerability in the _renderVarInput_number ...)
	{DSA-3496-1}
	- php-horde-core 2.22.4+debian0-1 (bug #813590)
	NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-2228 (Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_me ...)
	{DSA-3497-1}
	- php-horde 5.2.9+debian0-1 (bug #813573)
	NOTE: https://bugs.horde.org/ticket/14213
	NOTE: http://lists.horde.org/archives/announce/2016/001140.html
	NOTE: https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
	NOTE: https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-7028
	REJECTED
CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Orga ...)
	NOT-FOR-US: Enterprise Manager in McAfee Vulnerability Manager
CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpe ...)
	- ffmpeg 7:2.8.6-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan 1. ...)
	- botan1.10 <not-affected> (Introduced in 1.11.10)
	NOTE: Introduced in 1.11.10, fixed in 1.11.27
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2195 (Integer overflow in the PointGFp constructor in Botan before 1.10.11 a ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.12-1
	NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2194 (The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27  ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.12-1
	NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2193 (PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-se ...)
	- postgresql-9.5 9.5.2-1
	- postgresql-9.4 <not-affected> (Only affects 9.5.x)
	- postgresql-9.1 <not-affected> (Only affects 9.5.x)
	- postgresql-8.4 <not-affected> (Only affects 9.5.x)
	NOTE: http://www.postgresql.org/about/news/1656/
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
CVE-2016-2192 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to a ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue)
CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0. ...)
	{DSA-3546-1}
	- optipng 0.7.6-1 (bug #820068)
	NOTE: https://sourceforge.net/p/optipng/bugs/59/
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/04/2
CVE-2016-2190 (Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2189
	REJECTED
CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Li ...)
	{DLA-922-1}
	- linux 4.9.16-1
	[jessie] - linux 3.16.43-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317018
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283390
	NOTE: http://seclists.org/bugtraq/2016/Mar/87
	NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0
	NOTE: From kernel-sec triaging: the above commits only handles the case where there
	NOTE: are zero endpoints, but not the case where there are some endpoints but none of the expected type.
	NOTE: Fixed by: https://git.kernel.org/linus/b7321e81fc369abe353cf094d4f0dc2fe11ab95f (v4.11-rc2)
CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ke ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c in the  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317015
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283384
	NOTE: http://seclists.org/bugtraq/2016/Mar/85
	NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
CVE-2016-2185 (The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317014
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in the sn ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317012
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283355
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
CVE-2016-2183 (The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec pro ...)
	NOTE: Generic protocol issue
	NOTE: The CVE is assigned for the protocol flaw in the DES/3DES cipher, used as a part of the SSL/TLS protocol.
	NOTE: What was done in OpenSSL: https://www.openssl.org/blog/blog/2016/08/24/sweet32/
	NOTE: Python issue: https://bugs.python.org/issue27850
CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=099e2968ed3c7d256cda048995626664082b1b30
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before 1 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Publi ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly rest ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL throug ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1 (low)
	NOTE: Fixed in master branch in https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-bu ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1 (low)
	NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
	NOTE: https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL be ...)
	- openssl <not-affected> (Only applies to EBCDIC systems)
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2175 (Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly ini ...)
	{DSA-3606-1 DLA-505-1}
	- libpdfbox-java 1:1.8.12-1
	NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564
	NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565
CVE-2016-2174 (SQL injection vulnerability in the policy admin tool in Apache Ranger  ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-2173 (org.springframework.core.serializer.DefaultDeserializer in Spring AMQP ...)
	NOT-FOR-US: Spring AMQP
CVE-2016-2172
	REJECTED
CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does not prop ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-2169 (Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 a ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-2168 (The req_check_access function in the mod_authz_svn module in the httpd ...)
	{DSA-3561-1 DLA-448-1}
	- subversion 1.9.4-1
	NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
CVE-2016-2167 (The canonicalize_username function in svnserve/cyrus_auth.c in Apache  ...)
	{DSA-3561-1 DLA-448-1}
	- subversion 1.9.4-1
	NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2166 (The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3 ...)
	- qpid-proton <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/PROTON-1157
	NOTE: http://qpid.apache.org/releases/qpid-proton-0.12.1/
	NOTE: Affects Qpid Proton python API starting at 0.9 up to and including 0.12.0
CVE-2016-2165 (The Loggregator Traffic Controller endpoints in cf-release v231 and lo ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-2164 (The (1) FileService.importFileByInternalUserId and (2) FileService.imp ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-2163 (Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-2162 (Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale o ...)
	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.24.1)
	NOTE: http://struts.apache.org/docs/s2-030.html
CVE-2016-2161 (In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod ...)
	{DSA-3796-1}
	- apache2 2.4.25-1
	[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: Fixed by: https://svn.apache.org/r1772919
	NOTE: Affects: 2.4.1 to 2.4.23
	NOTE: Fixed in 2.4.25
CVE-2016-2160 (Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote aut ...)
	NOT-FOR-US: OpenShift
CVE-2016-2159 (The save_submission function in mod/assign/externallib.php in Moodle t ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2158 (lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.1 ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2157 (Cross-site request forgery (CSRF) vulnerability in mod/assign/adminman ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2156 (calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13 ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2155 (The grade-reporting feature in Singleview (aka Single View) in Moodle  ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2016-2154 (admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8 ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2016-2153 (Cross-site scripting (XSS) vulnerability in the advanced-search featur ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2152 (Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.ph ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2151 (user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x be ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitrary h ...)
	{DSA-3596-1 DLA-531-1}
	- spice 0.12.6-4.1 (bug #826584)
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to  ...)
	NOT-FOR-US: OpenShift
CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-1 (bug #818497)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0  ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-1 (bug #818499)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...)
	- libapache2-mod-auth-mellon 0.12.0-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2145 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...)
	- libapache2-mod-auth-mellon 0.12.0-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2144
	REJECTED
CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 platfor ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.4.6-1
	[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
	NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
	NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on th ...)
	NOT-FOR-US: OpenShift
CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...)
	- libjgroups-java <unfixed> (low; bug #867493)
	[buster] - libjgroups-java <ignored> (Minor issue, only used as build dep)
	[stretch] - libjgroups-java <ignored> (Minor issue, only used as build dep)
	[jessie] - libjgroups-java <no-dsa> (Minor issue)
	[wheezy] - libjgroups-java <no-dsa> (Minor issue, only used as build dependency)
CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo)  ...)
	- nova 2:13.0.0-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
CVE-2016-2139
	RESERVED
CVE-2016-2138
	RESERVED
CVE-2016-2137
	REJECTED
CVE-2016-2136
	REJECTED
CVE-2016-2135
	REJECTED
CVE-2016-2134
	REJECTED
CVE-2016-2133
	REJECTED
CVE-2016-2132
	REJECTED
CVE-2016-2131
	REJECTED
CVE-2016-2130
	REJECTED
CVE-2016-2129
	REJECTED
CVE-2016-2128
	REJECTED
CVE-2016-2127
	REJECTED
CVE-2016-2126 (Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation d ...)
	{DSA-3740-1}
	- samba 2:4.5.2+dfsg-2
	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always re ...)
	{DSA-3740-1 DLA-776-1}
	- samba 2:4.5.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
CVE-2016-2124
	RESERVED
CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...)
	{DSA-3740-1}
	- samba 2:4.5.2+dfsg-2
	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2122
	RESERVED
CVE-2016-2121 (A permissions flaw was found in redis, which sets weak permissions on  ...)
	- redis 3:3.2.5-2 (bug #842987)
	[jessie] - redis <no-dsa> (Minor issue)
	[wheezy] - redis <no-dsa> (minor issue, details see #842987)
	NOTE: Might be Red Hat-specific, needs investigation
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374700
CVE-2016-2120 (An issue has been found in PowerDNS Authoritative Server versions up t ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
CVE-2016-2119 (libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3 ...)
	{DSA-3740-1}
	- samba 2:4.4.5+dfsg-1 (bug #830195)
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html
	NOTE: Affects Samba 4.0.0 to 4.4.4
CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2118.html
	NOTE: http://badlock.org/
CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in ...)
	{DSA-3607-1}
	- linux 4.5.2-1
	[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
	NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/7
CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900. ...)
	{DSA-3508-1}
	- jasper <removed> (bug #816626)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-2115 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2115.html
CVE-2016-2114 (The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x bef ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2114.html
CVE-2016-2113 (Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 do ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2113.html
CVE-2016-2112 (The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4. ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2112.html
CVE-2016-2111 (The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2111.html
CVE-2016-2110 (The NTLMSSP authentication implementation in Samba 3.x and 4.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2109 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1  ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2108 (The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0 ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2c-1
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2107 (The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1. ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2106 (Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_e ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2105 (Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satelli ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satelli ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2016-2102 (HAProxy statistics in openstack-tripleo-image-elements are non-authent ...)
	- tripleo-image-elements <not-affected> (Configuration not found in Debian's version)
CVE-2016-2101
	RESERVED
CVE-2016-2100 (Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authen ...)
	- foreman <itp> (bug #663101)
CVE-2016-2099 (Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apach ...)
	{DSA-3579-1 DLA-467-1}
	- xerces-c 3.1.3+debian-2 (bug #823863)
	NOTE: https://issues.apache.org/jira/browse/XERCESC-2066
CVE-2016-2098 (Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...)
	{DSA-3509-1 DLA-604-1}
	- rails 2:4.2.5.2-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
CVE-2016-2097 (Directory traversal vulnerability in Action View in Ruby on Rails befo ...)
	{DSA-3509-1 DLA-604-1}
	- rails 2:4.2.5.2-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x
	NOTE: Not affected: 4.2+
	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2
CVE-2016-2096
	RESERVED
CVE-2016-2095
	RESERVED
CVE-2016-2094 (The HTTPS NIO Connector allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: JBoss EAP
CVE-2016-2093
	RESERVED
CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #813613)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
	NOTE: Same fix as CVE-2016-1839 seems to resolve the issue
CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not p ...)
	- nettle 3.2-1 (bug #813679)
	[jessie] - nettle 2.7.1-5+deb8u1
	[wheezy] - nettle <not-affected> (Vulnerable code not present)
	[squeeze] - nettle <not-affected> (Vulnerable code not present)
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
CVE-2015-8804 (x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle  ...)
	- nettle 3.2-1 (bug #813679)
	[jessie] - nettle 2.7.1-5+deb8u1
	[wheezy] - nettle <not-affected> (Vulnerable code not present)
	[squeeze] - nettle <not-affected> (Vulnerable code not present)
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
CVE-2015-8803 (The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not p ...)
	- nettle 3.2-1 (bug #813679)
	[jessie] - nettle 2.7.1-5+deb8u1
	[wheezy] - nettle <not-affected> (Vulnerable code not present)
	[squeeze] - nettle <not-affected> (Vulnerable code not present)
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
CVE-2015-8797 (Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plug ...)
	- lucene-solr <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-7949
CVE-2015-8796 (Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/sche ...)
	- lucene-solr <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-7920
CVE-2015-8795 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in ...)
	- lucene-solr <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-7346
CVE-2015-8794 (Absolute path traversal vulnerability in program/steps/addressbook/pho ...)
	- roundcube 1.1.2+dfsg.1-1
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://www.scip.ch/en/?vuldb.80732
	NOTE: http://web.archive.org/web/20160329044745/http://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released
	NOTE: http://trac.roundcube.net/ticket/1490379
CVE-2015-8793 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
	- roundcube 1.1.2+dfsg.1-1
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://web.archive.org/web/20160329044745/http://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released
	NOTE: http://www.scip.ch/en/?vuldb.80731
	NOTE: http://trac.roundcube.net/ticket/1490417 - mentions 1.0 not vulnerable, verified code not present in squeeze
	NOTE: http://web.archive.org/web/20150627125240/http://trac.roundcube.net:80/changeset/b782815dac/github
CVE-2015-8791 (The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 a ...)
	{DSA-3538-1 DLA-438-1}
	- libebml 1.3.3-1
	NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
CVE-2015-8790 (The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 ...)
	{DSA-3538-1 DLA-438-1}
	- libebml 1.3.3-1
	NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
CVE-2016-2533 (Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ...)
	{DSA-3499-1 DLA-422-1}
	- pillow 3.1.1-1
	- python-imaging <removed>
	[wheezy] - python-imaging 1.1.7-4+deb7u2
	NOTE: https://github.com/python-pillow/Pillow/pull/1706
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/5
	NOTE: https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
CVE-2016-2221 (Open redirect vulnerability in the wp_validate_redirect function in wp ...)
	{DSA-3472-1 DLA-418-1}
	- wordpress 4.4.2+dfsg-1 (bug #813697)
	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36444
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2222 (The wp_http_validate_url function in wp-includes/http.php in WordPress ...)
	{DSA-3472-1 DLA-418-1}
	- wordpress 4.4.2+dfsg-1 (bug #813697)
	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36435
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does  ...)
	- socat 1.7.3.1-1 (bug #813536)
	[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	[wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	[squeeze] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
	NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
	NOTE: bit long.
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/01/4
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()]
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u4
	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3
	NOTE: https://bugs.php.net/bug.php?id=70728
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability]
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u4
	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1785d2b805f64eaaacf98c14c9e13107bf085ab1
	NOTE: https://bugs.php.net/bug.php?id=70741
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-XXXX [Use-after-free in WDDX Packet Deserialization]
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u4
	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=366f9505a4aae98ef2f4ca39a838f628a324b746
	NOTE: https://bugs.php.net/bug.php?id=70661
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and  ...)
	{DLA-628-1}
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[squeeze] - php5 <not-affected> (vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=70755
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=2721a0148649e07ed74468f097a28899741eb58f
	NOTE: http://seclists.org/bugtraq/2016/Jan/117
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/4
CVE-2016-3197
	REJECTED
CVE-2016-2092
	RESERVED
CVE-2016-2198 (QEMU (aka Quick Emulator) built with the USB EHCI emulation support is ...)
	{DLA-1497-1}
	- qemu 1:2.6+dfsg-1 (bug #813193)
	[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
	[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
	- qemu-kvm <not-affected> (Introduced after v1.2.0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is  ...)
	- qemu 1:2.6+dfsg-1 (bug #813194)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef (v2.3.0-rc2)
CVE-2016-2088 (resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ...)
	- bind9 <not-affected> (Introduced in Bind 9.10)
	NOTE: https://kb.isc.org/article/AA-01351
CVE-2016-2087 (Directory traversal vulnerability in the client in HexChat 2.11.0 allo ...)
	{DLA-1050-1}
	- xchat 2.8.8-10
	[jessie] - xchat <no-dsa> (Minor issue)
	- hexchat 2.12.4-4 (bug #852275)
	[stretch] - hexchat <no-dsa> (Minor issue)
	[jessie] - hexchat <no-dsa> (Minor issue)
	NOTE: https://www.exploit-db.com/exploits/39656/
	NOTE: https://github.com/hexchat/hexchat/issues/1933
	NOTE: https://github.com/hexchat/hexchat/commit/15600f405f2d5bda6ccf0dd73957395716e0d4d3
	NOTE: Would be included in upstream source since the upload 2.12.3-0.1 to unstable but the
	NOTE: Debian packaging reverts the 15600f405f2d5bda6ccf0dd73957395716e0d4d3 commit
	NOTE: The Debian packagging drops the revert in 2.12.4-4 to not diverge from upstream.
CVE-2016-2086 (Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ...)
	- nodejs 4.3.0~dfsg-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 al ...)
	{DSA-3526-1 DLA-420-1}
	- libmatroska 1.4.4-1
	NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
CVE-2015-8789 (Use-after-free vulnerability in the EbmlMaster::Read function in libEB ...)
	{DSA-3538-1}
	- libebml 1.3.3-1
	[squeeze] - libebml <not-affected> (Vulnerable code not present)
	NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
CVE-2015-8788
	RESERVED
CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 2 ...)
	{DLA-669-1}
	- dwarfutils 20160507-1 (bug #813148)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd before 0.8. ...)
	{DLA-2052-1}
	- libbsd 0.8.2-1
	[wheezy] - libbsd <not-affected> (Vulnerable code not present)
	[squeeze] - libbsd <not-affected> (Vulnerable code not present)
	NOTE: Not used anywhere in Debian according to codesearch.debian.net
	NOTE: https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93881
	NOTE: Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2)
	NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
CVE-2016-2089 (The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows rem ...)
	{DSA-3508-1}
	- jasper <removed> (bug #812978)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/commit/c87ad330a8b8d6e5eb0065675601fdfae08ebaab
CVE-2016-2085 (The evm_verify_hmac function in security/integrity/evm/evm_main.c in t ...)
	- linux 4.4.2-1 (unimportant)
	[jessie] - linux 3.16.7-ckt25-1
	- linux-2.6 <removed> (unimportant)
	NOTE: EVM is not enabled
	NOTE: https://git.kernel.org/linus/613317bd212c585c20796c10afe5daaa95d4b0a1 (v4.5-rc4)
CVE-2016-2084 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-2083
	REJECTED
CVE-2016-2082 (Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log ...)
	NOT-FOR-US: VMware
CVE-2016-2081 (Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insigh ...)
	NOT-FOR-US: VMware
CVE-2016-2080
	REJECTED
CVE-2016-2079 (VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5. ...)
	NOT-FOR-US: VMware
CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware v ...)
	NOT-FOR-US: VMware
CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1 ...)
	NOT-FOR-US: VMware
CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
	NOT-FOR-US: VMware
CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business A ...)
	NOT-FOR-US: VMware vRealize Business Advanced and Enterprise
CVE-2016-2074 (Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x an ...)
	{DSA-3533-1}
	- openvswitch 2.3.0+git20140819-4
	[wheezy] - openvswitch <not-affected> (Affects only 2.2.x and later)
	NOTE: http://openvswitch.org/pipermail/announce/2016-March/000082.html
CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler Application Deliv ...)
	NOT-FOR-US: Citrix
CVE-2016-2071 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...)
	NOT-FOR-US: Citrix
CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c i ...)
	- linux 4.3.5-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
	- linux-2.6 <not-affected> (Vulnerable code introduced in v3.19-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300731
	NOTE: https://lkml.org/lkml/2015/12/2/618
	NOTE: Introduced by: https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56 (v3.19-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/27/6
CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote authentic ...)
	- rabbitmq-server 3.6.5-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <not-affected> (lengths_age or lengths_incr parameters are not present)
	NOTE: https://github.com/rabbitmq/rabbitmq-management/issues/97
CVE-2016-XXXX [out of bound read and write issues]
	- giflib 5.1.4-0.1 (bug #820594)
	[jessie] - giflib <no-dsa> (Minor issue)
	[wheezy] - giflib <no-dsa> (Minor issue)
	[squeeze] - giflib <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/giflib/bugs/82/
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
	NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows at ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
	NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
CVE-2016-2070 (The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux k ...)
	- linux 4.3.5-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.4)
	NOTE: Introduced by: https://git.kernel.org/linus/3759824da87b30ce7a35b4873b62b0ba38905ef5 (v4.3-rc1)
CVE-2016-2068 (The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2067 (drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the Linux k ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2065 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2064 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2063 (Stack-based buffer overflow in the supply_lm_input_write function in d ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2062 (The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_ ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2061 (Integer signedness error in the MSM V4L2 video driver for the Linux ke ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2060 (server/TetherController.cpp in the tethering controller in netd, as di ...)
	NOT-FOR-US: Android
CVE-2016-2059 (The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_ro ...)
	NOT-FOR-US: Android drivers
CVE-2016-2058 (Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4. ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2057 (lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use we ...)
	{DSA-3495-1}
	- xymon 4.3.25-1
	[wheezy] - xymon <not-affected> (vulnerable code not present)
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2056 (xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote aut ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2055 (xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3. ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2054 (Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...)
	- harfbuzz 1.2.6-1
	[jessie] - harfbuzz <not-affected> (Vulnerable code not present)
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://code.google.com/p/chromium/issues/detail?id=544270
	NOTE: https://github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5
CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, a ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-2048 (Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, all ...)
	- python-django 1.9.2-1 (bug #813448)
	[jessie] - python-django <not-affected> (Only affects 1.9)
	[wheezy] - python-django <not-affected> (Only affects 1.9)
	[squeeze] - python-django <not-affected> (Only affects 1.9)
	NOTE: https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the UserPortal page in SOP ...)
	NOT-FOR-US: SOPHOS
CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdm ...)
	{DLA-481-1}
	- phpmyadmin 4:4.5.4-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-9/
CVE-2016-2044 (libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5. ...)
	- phpmyadmin 4:4.5.4-1
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-8/
	NOTE: vulnerability introduced in 4.5.0.1 / 718ef31
CVE-2016-2043 (Cross-site scripting (XSS) vulnerability in the goToFinish1NF function ...)
	- phpmyadmin 4:4.5.4-1
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-7/
	NOTE: vulnerability introduced in 4.3.3 / 1e971f3
CVE-2016-2042 (phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote  ...)
	- phpmyadmin 4:4.5.4-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: introduced as part of the CVE-2016-2039 fix
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-6/
	NOTE: path disclosure not relevant on Debian
CVE-2016-2041 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x b ...)
	{DSA-3627-1 DLA-481-1 DLA-406-1}
	- phpmyadmin 4:4.5.4-1
	NOTE: squeeze patch backport trivial to wheezy
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456c1cecf46428c
CVE-2016-2040 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.4-1
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-3/
CVE-2016-2039 (libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x  ...)
	{DSA-3627-1 DLA-481-1 DLA-406-1}
	- phpmyadmin 4:4.5.4-1
	NOTE: squeeze patch was actually incorrect and probably not functional: libraries/phpseclib/Crypt/Random.php needs some engine (e.g. AES) to work
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd is not sufficient: one needs 29b297f to import more bits from phpseclib or simply import all of phpseclib.
	NOTE: such a fix needs to avoid introducing a new vulnerability as well, upstream introduced CVE-2016-2042 as part of this
CVE-2016-2038 (phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x be ...)
	{DLA-481-1}
	- phpmyadmin 4:4.5.4-1 (unimportant)
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
	NOTE: path disclosure not relevant on Debian
CVE-2016-2036 (The getURL function in drivers/secfilter/urlparser.c in secfilter in t ...)
	NOT-FOR-US: Samsung
CVE-2015-8780 (Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a  ...)
	NOT-FOR-US: Samsung
CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 a ...)
	{DSA-3503-1 DLA-412-1}
	- linux 4.3.5-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
	NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kerne ...)
	- linux 4.3.1-1
	[jessie] - linux 3.16.7-ckt25-2
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300237
	NOTE: Introduced in https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24 (v3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f (v4.3-rc1)
CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote attacke ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
	NOTE: Can be reproduced with tiff compiled with AddressSanitizer
	NOTE: and the same reproducer file http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
	NOTE: Commit: https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/4
CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka php-op ...)
	- php-openid <unfixed> (unimportant)
	NOTE: sample code only, actual vulnerable code not shipped in package
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
	NOTE: https://github.com/openid/php-openid/issues/128
CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB  ...)
	{DSA-3557-1 DSA-3453-1 DLA-447-1}
	- mariadb-10.0 10.0.23-1
	NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
	NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	[squeeze] - mysql-5.5 <no-dsa> (will be fixed along with an upcoming Oracle CPU)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-2035
	REJECTED
CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through  ...)
	NOT-FOR-US: ClearPass Policy Manager
CVE-2016-2033
	REJECTED
CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform 8.x pr ...)
	NOT-FOR-US: Aruba AirWave Management Platform
CVE-2016-2031 (Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4. ...)
	NOT-FOR-US: Aruba Instate
CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2028 (HPE Matrix Operating Environment before 7.5.1 allows remote authentica ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2027 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2026 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
	NOT-FOR-US: HPE
CVE-2016-2024 (HPE Insight Control before 7.5.1 allow remote attackers to obtain sens ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
	NOT-FOR-US: HPE
CVE-2016-2022 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2021 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2020 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2019 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2018 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2017 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 th ...)
	NOT-FOR-US: HPE
CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to obta ...)
	NOT-FOR-US: HPE
CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2012 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2011 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
	NOT-FOR-US: HPE
CVE-2016-2010 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
	NOT-FOR-US: HPE
CVE-2016-2009 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2008 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2007 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2006 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2005 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2004 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2003 (HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x be ...)
	NOT-FOR-US: HPE P9000 Command View Advanced Edition Software
CVE-2016-2002 (The validateAdminConfig handler in the Analytics Management Console in ...)
	NOT-FOR-US: HPE Vertica
CVE-2016-2001 (HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 all ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem C ...)
	NOT-FOR-US: HPE Asset Manager
CVE-2016-1999 (The server in HP Release Control 9.13, 9.20, and 9.21 allows remote at ...)
	NOT-FOR-US: HP Release Control
CVE-2016-1998 (HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 a ...)
	NOT-FOR-US: HPE Service Manager
CVE-2016-1997 (HPE Operations Orchestration 10.x before 10.51 and Operations Orchestr ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2016-1996 (HPE System Management Homepage before 7.5.4 allows local users to obta ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1995 (HPE System Management Homepage before 7.5.4 allows remote attackers to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1994 (HPE System Management Homepage before 7.5.4 allows remote authenticate ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1993 (HPE System Management Homepage before 7.5.4 allows remote authenticate ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1992 (HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, a ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1991 (HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, a ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1990 (HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, a ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1989 (HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 a ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-1988 (HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 a ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-1987 (HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configu ...)
	NOT-FOR-US: HP-UX IPFilter
CVE-2016-1986 (HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers t ...)
	NOT-FOR-US: HP CDA
CVE-2016-1985 (HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers  ...)
	NOT-FOR-US: HPE Operations Manager
CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices b ...)
	NOT-FOR-US: Harman AMX devices
CVE-2016-1980
	RESERVED
CVE-2016-1979 (Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...)
	{DSA-3688-1 DSA-3576-1 DLA-480-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	- icedove 38.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
	- nss 2:3.21-1
CVE-2016-1978 (Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange f ...)
	{DSA-3688-1 DLA-480-1}
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: Marked as fixed in 44.0-1 which would be the version fixing
	NOTE: the issue while using the bundled nss version. iceweasel for
	NOTE: unstable though used the system library.
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/
	- nss 2:3.21-1
CVE-2016-1977 (The Machine::Code::decoder::analysis::set_ref function in Graphite 2 b ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-1976 (Use-after-free vulnerability in the DesktopDisplayDevice class in the  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1975 (Multiple race conditions in dom/media/systemservices/CamerasChild.cpp  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox befor ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC impleme ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows mig ...)
	- iceweasel <not-affected> (Windows-specific)
	- libvpx <not-affected> (Windows-specific)
CVE-2016-1971 (The I420VideoFrame::CreateFrame function in the WebRTC implementation  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1970 (Integer underflow in the srtp_unprotect function in the WebRTC impleme ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Fi ...)
	{DSA-3515-1 DSA-3477-1}
	- graphite2 1.3.6-1
	- iceweasel <removed>
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
	- brotli 0.3.0+dfsg-3 (bug #817233)
	NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the availabilit ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
CVE-2016-1965 (Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in Mozil ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
CVE-2016-1962 (Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
CVE-2016-1961 (Use-after-free vulnerability in the nsHTMLDocument::SetBody function i ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string  ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
CVE-2016-1959 (The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows r ...)
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- iceweasel <removed>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
CVE-2016-1958 (browser/base/content/browser.js in Mozilla Firefox before 45.0 and Fir ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firef ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1951 (Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable  ...)
	{DSA-3687-1 DLA-513-1}
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- nspr 2:4.12-1
	[jessie] - nspr <no-dsa> (Minor issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1174015
	NOTE: https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw
	NOTE: Upstream commit: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (NSS)  ...)
	{DSA-3688-1 DSA-3520-1 DSA-3510-1 DLA-480-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/
	- nss 2:3.23-1
	NOTE: NSS fixed in 3.21.1
CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is u ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
CVE-2016-1947 (Mozilla Firefox 43.x mishandles attempts to connect to the Application ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
CVE-2016-1946 (The MoofParser::Metadata function in binding/MoofParser.cpp in libstag ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1945 (The nsZipArchive function in Mozilla Firefox before 44.0 might allow r ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1944 (The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozill ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1943 (Mozilla Firefox before 44.0 on Android allows remote attackers to spoo ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1942 (Mozilla Firefox before 44.0 allows user-assisted remote attackers to s ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1941 (The file-download dialog in Mozilla Firefox before 44.0 on OS X enable ...)
	- iceweasel <not-affected> (Affects only Firefox on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
CVE-2016-1940 (Mozilla Firefox before 44.0 on Android allows remote attackers to spoo ...)
	- iceweasel <not-affected> (Affects Firefox for Android only)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
CVE-2016-1939 (Mozilla Firefox before 44.0 stores cookies with names containing verti ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
CVE-2016-1938 (The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Secur ...)
	{DSA-3688-1 DLA-480-1 DLA-427-1}
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: Marked as fixed in 44.0-1 which would be the version fixing
	NOTE: the issue while using the bundled nss version. iceweasel for
	NOTE: unstable though used the system library.
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
	- nss 2:3.21-1
	NOTE: https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
	NOTE: https://hg.mozilla.org/projects/nss/rev/608645309ab9
	NOTE: https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)
CVE-2016-1937 (The protocol-handler dialog in Mozilla Firefox before 44.0 allows remo ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
CVE-2016-1936
	RESERVED
CVE-2016-1935 (Buffer overflow in the BufferSubData function in Mozilla Firefox befor ...)
	{DSA-3491-1 DSA-3457-1}
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
CVE-2016-1934
	RESERVED
CVE-2016-1933 (Integer overflow in the image-deinterlacing functionality in Mozilla F ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
CVE-2016-1932
	RESERVED
CVE-2016-1931 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3491-1 DSA-3457-1}
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1929 (The XS engine in SAP HANA allows remote attackers to spoof log entries ...)
	NOT-FOR-US: SAP
CVE-2016-1928 (Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remo ...)
	NOT-FOR-US: SAP
CVE-2016-1927 (The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x be ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.4-1
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
CVE-2016-1983 (The client_host function in parsers.c in Privoxy before 3.0.24 allows  ...)
	{DSA-3460-1 DLA-398-1}
	- privoxy 3.0.24-1
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2016-1982 (The remove_chunked_transfer_coding function in filters.c in Privoxy be ...)
	{DSA-3460-1 DLA-398-1}
	- privoxy 3.0.24-1
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2015-XXXX [buffer overflows in init_cups]
	- cups-filters 1.6.0-1 (unimportant)
	- foomatic-filters <unfixed> (unimportant)
	[jessie] - foomatic-filters <no-dsa> (Minor issue)
	[wheezy] - foomatic-filters <no-dsa> (Minor issue)
	[squeeze] - foomatic-filters 4.0.5-6+squeeze2+deb6u13
	NOTE: workaround entry for DLA-399-1 until/if CVE assigned
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1336
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7431
	NOTE: Doesn't cross any security boundary
CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in Green ...)
	NOT-FOR-US: Greenbone Security Assistant
CVE-2016-1921
	RESERVED
CVE-2016-1918 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1917 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1915 (Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Ente ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1914 (Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.Im ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the Redhen modu ...)
	NOT-FOR-US: Redhen module for Drupal
CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...)
	- dolibarr 3.5.8+dfsg1-1 (bug #812496)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/4341
CVE-2016-1911 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7 ...)
	NOT-FOR-US: SAP
CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers ...)
	NOT-FOR-US: SAP
CVE-2016-1909 (Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwit ...)
	NOT-FOR-US: FortiOS
CVE-2015-8775
	RESERVED
CVE-2015-8774
	RESERVED
CVE-2015-8773 (Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lo ...)
	NOT-FOR-US: McAfee
CVE-2015-8772 (McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protecti ...)
	NOT-FOR-US: McAfee
CVE-2016-1981 (QEMU (aka Quick Emulator) built with the e1000 NIC emulation support i ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-5 (bug #812307)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/10
CVE-2016-2037 (The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remo ...)
	{DSA-3483-1 DLA-415-1}
	- cpio 2.11+dfsg-5 (bug #812401)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
	NOTE: To reproduce and uncover the issue with unstable version compile with ASAN
	NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
	NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b
CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows remote  ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
	NOTE: Reasoning for "unimportant" severity: The affected source code is present
	NOTE: in dwarfdump/, but in the binary package is installed dwarfdump2/ .
	NOTE: dwarfdump2 (the C++ implentation) has been abandoned again by upstream in
	NOTE: fawour of the C version.
CVE-2016-XXXX [Multiple minor security issues]
	- imagemagick 8:6.8.9.9-7 (bug #811308)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to have u ...)
	- lha <removed> (unimportant)
	NOTE: Non-free not supported
CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attacke ...)
	{DSA-3665-1}
	- openjpeg2 2.1.1-1 (bug #818399)
	NOTE: https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e
CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function i ...)
	- openjpeg2 2.1.1-1 (bug #818399)
	[jessie] - openjpeg2 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2016-1920 (Samsung KNOX 1.0.0 uses the shared certificate on Android, which allow ...)
	NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1919 (Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which  ...)
	NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1902 (The nextBytes function in the SecureRandom class in Symfony before 2.3 ...)
	{DSA-3588-1}
	- symfony 2.7.9+dfsg-1
	NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
	NOTE: https://github.com/symfony/symfony/pull/17359
CVE-2016-1906 (Openshift allows remote attackers to gain privileges by updating a bui ...)
	- kubernetes <not-affected> (Openshift Specific)
	NOTE: https://github.com/openshift/origin/issues/6556
	NOTE: https://github.com/openshift/origin/pull/6576
CVE-2016-1905 (The API server in Kubernetes does not properly check admission control ...)
	- kubernetes <not-affected> (Fixed before the initial release in Debian, 1.2.0)
	NOTE: https://github.com/kubernetes/kubernetes/issues/19479
	NOTE: https://github.com/kubernetes/kubernetes/pull/19481
CVE-2016-1904 (Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7. ...)
	- php5 <not-affected> (Vulnerable code not present)
	- php5.6 <not-affected> (Vulnerable code not present)
	NOTE: Already using safe_emalloc() in php_escape_shell_cmd()
	- php7.0 7.0.2-1
	NOTE: https://bugs.php.net/bug.php?id=71270
	NOTE: https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b
CVE-2016-1903 (The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolatio ...)
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.14+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present, check in gdImageRotate() already available)
	- php5.6 5.6.17+dfsg-1
	- php7.0 7.0.2-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=70976
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe
CVE-2016-1901 (Integer overflow in the authenticate_post function in CGit before 0.12 ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 (v0.12)
CVE-2016-1900 (CRLF injection vulnerability in the cgit_print_http_headers function i ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 (v0.12)
CVE-2016-1899 (CRLF injection vulnerability in the ui-blob handler in CGit before 0.1 ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with  ...)
	NOT-FOR-US: Firmware in Lexmark printers
CVE-2016-1895 (NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote  ...)
	NOT-FOR-US: NetApp
CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote attack ...)
	NOT-FOR-US: NetApp
CVE-2016-1893
	RESERVED
CVE-2016-1892
	RESERVED
CVE-2016-1891
	RESERVED
CVE-2016-1890
	RESERVED
CVE-2016-1889 (Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3,  ...)
	NOT-FOR-US: bhyve hypervisor for FreeBSD
CVE-2016-1888 (The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows  ...)
	NOT-FOR-US: telnetd in FreeBSD
CVE-2016-1887 (Integer signedness error in the sockargs function in sys/kern/uipc_sys ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #824605)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1886 (Integer signedness error in the genkbd_commonioctl function in sys/dev ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #824604)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1885 (Integer signedness error in the amd64_set_ldt function in sys/amd64/am ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #818426)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1884
	RESERVED
CVE-2016-1883 (The issetugid system call in the Linux compatibility layer in FreeBSD  ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant)
	- kfreebsd-9 <removed> (unimportant)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1882 (FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remo ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811280)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1881 (The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause  ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811279)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1880 (The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and  ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811278)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1879 (The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3  ...)
	- kfreebsd-10 <unfixed> (unimportant; bug #811277)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1878
	RESERVED
CVE-2016-1877
	RESERVED
CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC) before ...)
	NOT-FOR-US: Lenovo
CVE-2016-1875
	RESERVED
CVE-2016-1874
	RESERVED
CVE-2016-1873
	RESERVED
CVE-2016-1872
	RESERVED
CVE-2016-1871
	RESERVED
CVE-2016-1870
	RESERVED
CVE-2016-1869
	RESERVED
CVE-2016-1868
	RESERVED
CVE-2016-1866 (Salt 2015.8.x before 2015.8.4 does not properly handle clear messages  ...)
	- salt 2015.8.5+ds-1
	[jessie] - salt <not-affected> (affects only the 2015.8.x releases of Salt)
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html
CVE-2016-1865 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1864 (The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1863 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1862 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1861 (The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 all ...)
	NOT-FOR-US: Apple
CVE-2016-1860 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1859 (The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari bef ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1858 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1857 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	- webkitgtk 2.12.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-1856 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	- webkitgtk 2.12.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-1855 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1854 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1853 (Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sen ...)
	NOT-FOR-US: Apple
CVE-2016-1852 (Siri in Apple iOS before 9.3.2 does not block data detectors within re ...)
	NOT-FOR-US: Apple
CVE-2016-1851 (The Screen Lock feature in Apple OS X before 10.11.5 mishandles passwo ...)
	NOT-FOR-US: Apple
CVE-2016-1850 (SceneKit in Apple OS X before 10.11.5 allows remote attackers to execu ...)
	NOT-FOR-US: Apple
CVE-2016-1849 (The "Clear History and Website Data" feature in Apple Safari before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-1848 (QuickTime in Apple OS X before 10.11.5 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1847 (OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS b ...)
	NOT-FOR-US: Apple
CVE-2016-1846 (The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drive ...)
	NOT-FOR-US: Apple
CVE-2016-1845
	REJECTED
CVE-2016-1844 (The Messages component in Apple OS X before 10.11.5 mishandles roster  ...)
	NOT-FOR-US: Apple
CVE-2016-1843 (The Messages component in Apple OS X before 10.11.5 mishandles filenam ...)
	NOT-FOR-US: Apple
CVE-2016-1842 (MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS bef ...)
	NOT-FOR-US: Apple
CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS  ...)
	- libxslt 1.1.29-1
	[jessie] - libxslt 1.1.28-2+deb8u1
	[wheezy] - libxslt 1.1.26-14.1+deb7u1
	NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291
	NOTE: upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in l ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
CVE-2016-1839 (The xmlDictAddString function in libxml2 before 2.9.4, as used in Appl ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637
CVE-2016-1838 (The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4 ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
CVE-2016-1837 (Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiter ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
CVE-2016-1836 (Use-after-free vulnerability in the xmlDictComputeFastKey function in  ...)
	{DSA-3593-1}
	- libxml2 2.9.3+dfsg1-1.1
	[wheezy] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)
	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
	NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
CVE-2016-1835 (Use-after-free vulnerability in the xmlSAX2AttributeNs function in lib ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
CVE-2016-1834 (Heap-based buffer overflow in the xmlStrncat function in libxml2 befor ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
CVE-2016-1833 (The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758606
CVE-2016-1832 (libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1 ...)
	NOT-FOR-US: Apple
CVE-2016-1831 (The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows at ...)
	NOT-FOR-US: Apple
CVE-2016-1830 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1829 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1828 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1827 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1826 (Integer overflow in the dtrace implementation in the kernel in Apple O ...)
	NOT-FOR-US: Apple
CVE-2016-1825 (IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2016-1824 (IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-1823 (The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3 ...)
	NOT-FOR-US: Apple
CVE-2016-1822 (IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1821 (IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1820 (Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows a ...)
	NOT-FOR-US: Apple
CVE-2016-1819 (Use-after-free vulnerability in the IOAccelContext2::clientMemoryForTy ...)
	NOT-FOR-US: Apple
CVE-2016-1818 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tv ...)
	NOT-FOR-US: Apple
CVE-2016-1817 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tv ...)
	NOT-FOR-US: Apple
CVE-2016-1816 (IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to e ...)
	NOT-FOR-US: Apple
CVE-2016-1815 (IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to e ...)
	NOT-FOR-US: Apple
CVE-2016-1814 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, an ...)
	NOT-FOR-US: Apple
CVE-2016-1813 (The IOAccelSharedUserClient2::page_off_resource method in Apple iOS be ...)
	NOT-FOR-US: Apple
CVE-2016-1812 (Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5  ...)
	NOT-FOR-US: Apple
CVE-2016-1811 (ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-1810 (The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows att ...)
	NOT-FOR-US: Apple
CVE-2016-1809 (Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption ke ...)
	NOT-FOR-US: Apple
CVE-2016-1808 (The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2016-1807 (Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, ...)
	NOT-FOR-US: Apple
CVE-2016-1806 (Crash Reporter in Apple OS X before 10.11.5 allows attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2016-1805 (CoreStorage in Apple OS X before 10.11.5 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2016-1804 (The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-1803 (CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-1802 (CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5 ...)
	NOT-FOR-US: Apple
CVE-2016-1801 (The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1800 (Captive Network Assistant in Apple OS X before 10.11.5 mishandles a cu ...)
	NOT-FOR-US: Apple
CVE-2016-1799 (Audio in Apple OS X before 10.11.5 allows attackers to execute arbitra ...)
	NOT-FOR-US: Apple
CVE-2016-1798 (Audio in Apple OS X before 10.11.5 allows attackers to cause a denial  ...)
	NOT-FOR-US: Apple
CVE-2016-1797 (Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-1796 (Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-1795 (AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attac ...)
	NOT-FOR-US: Apple
CVE-2016-1794 (The AppleGraphicsControlClient::checkArguments method in AppleGraphics ...)
	NOT-FOR-US: Apple
CVE-2016-1793 (AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows a ...)
	NOT-FOR-US: Apple
CVE-2016-1792 (The AMD subsystem in Apple OS X before 10.11.5 allows attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2016-1791 (The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obt ...)
	NOT-FOR-US: Apple
CVE-2016-1790 (Buffer overflow in the Accessibility component in Apple iOS before 9.3 ...)
	NOT-FOR-US: Apple
CVE-2016-1789 (Apple iBooks Author before 2.4.1 allows remote attackers to read arbit ...)
	NOT-FOR-US: Apple
CVE-2016-1788 (Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS bef ...)
	NOT-FOR-US: Apple
CVE-2016-1787 (Wiki Server in Apple OS X Server before 5.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1786 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1785 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1784 (The History implementation in WebKit in Apple iOS before 9.3, Safari b ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1783 (WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1782 (WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1781 (WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attach ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1780 (WebKit in Apple iOS before 9.3 does not prevent hidden web views from  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1779 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote att ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1778 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote att ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1777 (Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1776 (Web Server in Apple OS X Server before 5.1 does not properly restrict  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1775 (TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS befo ...)
	NOT-FOR-US: Apple
CVE-2016-1774 (The Time Machine server in Server App in Apple OS X Server before 5.1  ...)
	NOT-FOR-US: Apple
CVE-2016-1773 (The code-signing subsystem in Apple OS X before 10.11.4 does not prope ...)
	NOT-FOR-US: Apple
CVE-2016-1772 (The Top Sites feature in Apple Safari before 9.1 mishandles cookie sto ...)
	NOT-FOR-US: Apple
CVE-2016-1771 (The Downloads feature in Apple Safari before 9.1 mishandles file expan ...)
	NOT-FOR-US: Apple
CVE-2016-1770 (The Reminders component in Apple OS X before 10.11.4 allows attackers  ...)
	NOT-FOR-US: Apple
CVE-2016-1769 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1768 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1767 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1766 (The Profiles component in Apple iOS before 9.3 does not properly valid ...)
	NOT-FOR-US: Apple
CVE-2016-1765 (otool in Apple Xcode before 7.3 allows local users to gain privileges  ...)
	NOT-FOR-US: Apple
CVE-2016-1764 (The Content Security Policy (CSP) implementation in Messages in Apple  ...)
	NOT-FOR-US: Apple
CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill act ...)
	NOT-FOR-US: Apple
CVE-2016-1762 (The xmlNextChar function in libxml2 before 2.9.4 allows remote attacke ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
CVE-2016-1761 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS befo ...)
	NOT-FOR-US: No public details available, probably Apple specific libxml2 changes
	NOTE: Marking as NFU since a regular libxml2 security issue would have trickled down
	NOTE: via libxml upstream
CVE-2016-1760 (The XPC Services API in LaunchServices in Apple iOS before 9.3 allows  ...)
	NOT-FOR-US: Apple
CVE-2016-1759 (The kernel in Apple OS X before 10.11.4 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2016-1758 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows atta ...)
	NOT-FOR-US: Apple
CVE-2016-1757 (Race condition in the kernel in Apple iOS before 9.3 and OS X before 1 ...)
	NOT-FOR-US: Apple
CVE-2016-1756 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows atta ...)
	NOT-FOR-US: Apple
CVE-2016-1755 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1754 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1753 (Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X ...)
	NOT-FOR-US: Apple
CVE-2016-1752 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1751 (The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-1750 (Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS ...)
	NOT-FOR-US: Apple
CVE-2016-1749 (IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2016-1748 (IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before  ...)
	NOT-FOR-US: Apple
CVE-2016-1747 (IOGraphics in Apple OS X before 10.11.4 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2016-1746 (IOGraphics in Apple OS X before 10.11.4 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2016-1745 (IOFireWireFamily in Apple OS X before 10.11.4 allows local users to ca ...)
	NOT-FOR-US: Apple
CVE-2016-1744 (The Intel driver in the Graphics Drivers subsystem in Apple OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-1743 (The Intel driver in the Graphics Drivers subsystem in Apple OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-1742 (Untrusted search path vulnerability in the installer in Apple iTunes b ...)
	NOT-FOR-US: Apple
CVE-2016-1741 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X befo ...)
	NOT-FOR-US: Apple / NVIDIA
CVE-2016-1740 (FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1739
	REJECTED
CVE-2016-1738 (dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-si ...)
	NOT-FOR-US: Apple
CVE-2016-1737 (Carbon in Apple OS X before 10.11.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1736 (Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-1735 (Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-1734 (AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 all ...)
	NOT-FOR-US: Apple
CVE-2016-1733 (AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-1732 (AppleRAID in Apple OS X before 10.11.4 allows local users to obtain se ...)
	NOT-FOR-US: Apple
CVE-2016-1731 (Apple Software Update before 2.2 on Windows does not use HTTPS, which  ...)
	NOT-FOR-US: Apple
CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or  ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-1728 (The Cascading Style Sheets (CSS) implementation in Apple iOS before 9. ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1727 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tv ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1726 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, all ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1725 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, all ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1724 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tv ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1723 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, all ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1722 (syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1721 (The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS be ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1720 (IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before  ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1719 (The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, an ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1718 (The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS  ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2016-1908 (The client in OpenSSH before 7.2 mishandles failed cookie generation f ...)
	{DLA-1500-1}
	- openssh 1:7.2p1-1
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
	NOTE: which needs to be applied after: https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
	NOTE: Background information on X11 SECURITY extension and SSH: https://thejh.net/written-stuff/openssh-6.8-xsecurity
	NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
	NOTE: Red Hat Bugzilla entry: https://bugzilla.redhat.com/show_bug.cgi?id=1298741
	NOTE: vulnerability is partly due to /etc/X11/Xsession.d/35x11-common_xhost-local introduced in x11-common in 1:7.6+9 (wheezy and up)
	NOTE: https://lists.debian.org/debian-lts/2016/01/msg00029.html
	NOTE: Upstream announce: http://www.openssh.com/txt/release-7.2
CVE-2016-1907 (The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...)
	- openssh 1:7.1p2-1
	[jessie] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
	[wheezy] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
	[squeeze] - openssh <not-affected> (Issue introduced in OpenSSH 6.8)
	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
	NOTE: Introduced by: https://anongit.mindrot.org/openssh.git/commit/packet.c?id=091c302829210c41e7f57c3f094c7b9c054306f0 (V_6_8_P1)
CVE-2016-1898 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
	{DSA-3506-1}
	- ffmpeg 7:2.8.5-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://habrahabr.ru/company/mailru/blog/274855
	NOTE: Fixed in 2.8.5 upstream
CVE-2016-1897 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
	{DSA-3506-1}
	- ffmpeg 7:2.8.5-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://habrahabr.ru/company/mailru/blog/274855
	NOTE: Fixed in 2.8.5 upstream
CVE-2016-1867 (The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...)
	{DSA-3785-1}
	- jasper <removed> (bug #811023)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 b ...)
	NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
CVE-2016-1713 (Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyD ...)
	NOT-FOR-US: vTiger
CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x be ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C Libra ...)
	{DSA-3481-1 DSA-3480-1 DLA-411-1}
	- glibc 2.21-7 (bug #812455)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17905#c0
CVE-2015-8778 (Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...)
	{DSA-3481-1 DSA-3480-1 DLA-411-1}
	- glibc 2.21-8 (bug #812441)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18240
CVE-2015-8776 (The strftime function in the GNU C Library (aka glibc or libc6) before ...)
	{DSA-3481-1 DSA-3480-1 DLA-411-1}
	- glibc 2.21-7 (bug #812445)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18985
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
CVE-2015-8771 (The generate_smb_nt_hash function in include/functions.inc in GOsa all ...)
	{DLA-562-1 DLA-408-1}
	- gosa 2.7.4+reloaded2-6
	[jessie] - gosa 2.7.4+reloaded2-1+deb8u2
	NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in program/ ...)
	{DSA-3541-1 DLA-392-1}
	- roundcube 1.1.4+dfsg.1-1
	NOTE: http://web.archive.org/web/20160329044421/http://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released
	NOTE: https://github.com/roundcube/roundcubemail/commit/10e5192a2b1bc90ec137f5e69d0aa072c1210d6d
CVE-2015-8769 (SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attacke ...)
	NOT-FOR-US: Joomla!
CVE-2016-1711 (WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google  ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1710 (The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeC ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1709 (Heap-based buffer overflow in the ByteArray::Get method in data/byte_a ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1708 (The Chrome Web Store inline-installation implementation in the Extensi ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1707 (ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52. ...)
	{DSA-3637-1}
	- chromium-browser <not-affected> (Only affects chromium-browser on iOS)
CVE-2016-1706 (The PPAPI implementation in Google Chrome before 52.0.2743.82 does not ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1705 (Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1704 (Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1703 (Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704 ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1702 (The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1701 (The Autofill implementation in Google Chrome before 51.0.2704.79 misha ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1700 (extensions/renderer/runtime_custom_bindings.cc in Google Chrome before ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1699 (WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (a ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1698 (The createCustomType function in extensions/renderer/resources/binding ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1697 (The FrameLoader::startLoad function in WebKit/Source/core/loader/Frame ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1696 (The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1695 (Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704 ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1694 (browser/browsing_data/browsing_data_remover.cc in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1693 (browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 5 ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1692 (WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Goo ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1691 (Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincid ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1690 (The Autofill implementation in Google Chrome before 51.0.2704.63 misha ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1689 (Heap-based buffer overflow in content/renderer/media/canvas_capture_ha ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1688 (The regexp (aka regular expression) implementation in Google V8 before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1687 (The renderer implementation in Google Chrome before 51.0.2704.63 does  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1686 (The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1685 (core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1684 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51 ...)
	{DSA-3605-1 DSA-3590-1 DLA-514-1}
	- libxslt 1.1.29-1
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d (v1.1.29-rc1)
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171
CVE-2016-1683 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51 ...)
	{DSA-3605-1 DSA-3590-1 DLA-514-1}
	- libxslt 1.1.29-1
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 (v1.1.29-rc1)
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156
CVE-2016-1682 (The ServiceWorkerContainer::registerServiceWorkerImpl function in WebK ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1681 (Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: http://blog.talosintel.com/2016/06/pdfium.html
CVE-2016-1680 (Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1679 (The ToV8Value function in content/child/v8_value_converter_impl.cc in  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1678 (objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome bef ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1677 (uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1676 (extensions/renderer/resources/binding.js in the extension bindings in  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1675 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote att ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1674 (The extensions subsystem in Google Chrome before 51.0.2704.63 allows r ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1673 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote att ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1672 (The ModuleSystem::RequireForJsInner function in extensions/renderer/mo ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest functio ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as us ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	- nodejs 4.4.6~dfsg-1 (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1668 (The forEachForBinding function in WebKit/Source/bindings/core/v8/Itera ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1667 (The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeSc ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1666 (Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661 ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1665 (The JSGenericLowering class in compiler/js-generic-lowering.cc in Goog ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1664 (The HistoryController::UpdateForCommit function in content/renderer/hi ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1663 (The SerializedScriptValue::transferArrayBuffers function in WebKit/Sou ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1662 (extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.9 ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1661 (Blink, as used in Google Chrome before 50.0.2661.94, does not ensure t ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1660 (Blink, as used in Google Chrome before 50.0.2661.94, mishandles assert ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1659 (Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661 ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1658 (The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrec ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1657 (The WebContentsImpl::FocusLocationBarByDefault function in content/bro ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1656 (The download implementation in Google Chrome before 50.0.2661.75 on An ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2016-1655 (Google Chrome before 50.0.2661.75 does not properly consider that fram ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1654 (The media subsystem in Google Chrome before 50.0.2661.75 does not init ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1653 (The LoadBuffer implementation in Google V8, as used in Google Chrome b ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1652 (Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireF ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1651 (fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1650 (The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/ ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1649 (The Program::getUniformInternal function in Program.cpp in libANGLE, a ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1648 (Use-after-free vulnerability in the GetLoadTimes function in renderer/ ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1647 (Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy func ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1646 (The Array.prototype.concat implementation in builtins.cc in Google V8, ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1645 (Multiple integer signedness errors in the opj_j2k_update_image_data fu ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1644 (WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1643 (The ImageInputType::ensurePrimaryContent function in WebKit/Source/cor ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1642 (Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623 ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1641 (Use-after-free vulnerability in content/browser/web_contents/web_conte ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1640 (The Web Store inline-installer implementation in the Extensions UI in  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1639 (Use-after-free vulnerability in browser/extensions/api/webrtc_audio_pr ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1638 (extensions/renderer/resources/platform_app.js in the Extensions subsys ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1637 (The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in S ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1636 (The PendingScript::notifyFinished function in WebKit/Source/core/dom/P ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1635 (extensions/renderer/render_frame_observer_natives.cc in Google Chrome  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1634 (Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1633 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1632 (The Extensions subsystem in Google Chrome before 49.0.2623.75 does not ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1631 (The PPB_Flash_MessageLoop_Impl::InternalRun function in content/render ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1630 (The ContainerNode::parserRemoveChild function in WebKit/Source/core/do ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1629 (Google Chrome before 48.0.2564.116 allows remote attackers to bypass t ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564. ...)
	{DSA-4013-1 DSA-3486-1}
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
	- openjpeg2 2.1.2-1.2
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
	NOTE: https://github.com/uclouvain/openjpeg/issues/850
	NOTE: https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586
CVE-2016-1627 (The Developer Tools (aka DevTools) subsystem in Google Chrome before 4 ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1626 (The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in  ...)
	{DSA-4013-1 DSA-3486-1}
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
	- openjpeg2 2.1.2-1.2
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
	NOTE: https://github.com/uclouvain/openjpeg/issues/850
	NOTE: https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586
CVE-2016-1625 (The Chrome Instant feature in Google Chrome before 48.0.2564.109 does  ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1624 (Integer underflow in the ProcessCommandsInternal function in dec/decod ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- brotli 0.3.0+dfsg-3 (bug #817233)
	NOTE: https://codereview.chromium.org/1662313002
	NOTE: https://codereview.chromium.org/1662313002/diff/1/third_party/brotli/dec/decode.c
	NOTE: Same fix/change as for CVE-2016-1968
CVE-2016-1623 (The DOM implementation in Google Chrome before 48.0.2564.109 does not  ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1622 (The Extensions subsystem in Google Chrome before 48.0.2564.109 does no ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1621 (libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LM ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present, libwebm not yet included)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present, libwebm not yet included)
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d%5E!/#F1
	NOTE: probably fixed earlier than this version, but this was the version checked
CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564 ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1619 (Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_t ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1618 (Blink, as used in Google Chrome before 48.0.2564.82, does not ensure t ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1617 (The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/ ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1616 (The CustomButton::AcceleratorPressed function in ui/views/controls/but ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1615 (The Omnibox implementation in Google Chrome before 48.0.2564.82 allows ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1614 (The UnacceleratedImageBufferSurface class in WebKit/Source/platform/gr ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1613 (Multiple use-after-free vulnerabilities in the formfiller implementati ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1612 (The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1611 (Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses wor ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1610 (Directory traversal vulnerability in the email-template feature in Nov ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1609 (Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr bef ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1608 (vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 befo ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1607 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1606 (Multiple stack-based buffer overflows in COM objects in Micro Focus Ru ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-1605 (Directory traversal vulnerability in the ReportViewServlet servlet in  ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2016-1604
	RESERVED
CVE-2016-1603 (An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1  ...)
	NOT-FOR-US: NetIQ
CVE-2016-1602 (A code injection in the supportconfig data collection tool in supportu ...)
	NOT-FOR-US: SLES support tool
CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, do ...)
	NOT-FOR-US: yast2-users / SuSE YAST
CVE-2016-1600 (The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service Passwor ...)
	NOT-FOR-US: NetIQ Self Service Password Reset
CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attacke ...)
	NOT-FOR-US: NetIQ IDM
CVE-2016-1597 (A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 coul ...)
	NOT-FOR-US: NetIQ
CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Nov ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Mic ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1594 (Micro Focus Novell Service Desk before 7.2 allows remote authenticated ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1593 (Directory traversal vulnerability in the import users feature in Micro ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1592 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote  ...)
	NOT-FOR-US: NetIQ Designer
CVE-2016-1591
	REJECTED
CVE-2016-1590
	REJECTED
CVE-2016-1589
	REJECTED
CVE-2016-1588
	REJECTED
CVE-2016-1587 (The Snapweb interface before version 0.21.2 was exposing controls to i ...)
	NOT-FOR-US: Snapweb
CVE-2016-1586 (A malicious webview could install long-lived unload handlers that re-u ...)
	NOT-FOR-US: Oxide
CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
	- apparmor <unfixed> (low; bug #929990)
	[buster] - apparmor <ignored> (Minor overall security impact)
	[stretch] - apparmor <ignored> (Minor overall security impact)
	[jessie] - apparmor <ignored> (Minor overall security impact)
	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=995594
	NOTE: Introduced around AppArmor 2.8 upstream.
	NOTE: Mount rules support is enabled in Debian, but the impact of the issue is
	NOTE: limited to 1. lxc (not a regression, as Debian never confined LXC with AppArmor
	NOTE: by default before buster, in particular not with mount rules), 2. libvirtd
	NOTE: but the profile is not meant to be a strong security boundary.
	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017/comments/6
CVE-2016-1584 (In all versions of Unity8 a running but not active application on a la ...)
	- unity <itp> (bug #609278)
CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an u ...)
	- lxd <itp> (bug #768073)
CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs. ...)
	- lxd <itp> (bug #768073)
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher packag ...)
	NOT-FOR-US: ubuntu-core-launcher
CVE-2016-1579 (UDM provides support for running commands after a download is complete ...)
	NOT-FOR-US: Ubuntu Download Manager
CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...)
	NOT-FOR-US: Oxide
CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...)
	{DSA-3508-1}
	- jasper <removed> (bug #816625)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does no ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1535150
	NOTE: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
CVE-2016-1575 (The overlayfs implementation in the Linux kernel through 4.5.2 does no ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1534961
	NOTE: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
CVE-2016-1574
	REJECTED
CVE-2016-1573 (Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Da ...)
	- unity <itp> (bug #609278)
CVE-2016-1572 (mount.ecryptfs_private.c in eCryptfs-utils does not validate mount des ...)
	{DSA-3450-1 DLA-397-1}
	- ecryptfs-utils 106-2
	NOTE: https://bugs.launchpad.net/ecryptfs/+bug/1530566
	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x th ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-168.html
CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, a ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associati ...)
	{DLA-742-1 DLA-414-1}
	- chrony 2.2.1-1 (low; bug #812923)
	[jessie] - chrony 1.30-2+deb8u2
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0071/
	NOTE: http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released
	NOTE: Fix for 2.x http://git.tuxfamily.org/chrony/chrony.git/commit/?id=a78bf9725a7b481ebff0e0c321294ba767f2c1d8
	NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in Guacam ...)
	- guacamole-client <unfixed> (bug #859136)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
	- guacamole <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/glyptodon/guacamole-client/commit/7da13129c432d1c0a577342a9bf23ca2bde9c367
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module 7.x ...)
	NOT-FOR-US: Field Group module for Drupal
CVE-2015-8768 (click/install.py in click does not require files in package filesystem ...)
	NOT-FOR-US: Click package manager
	NOTE: http://www.ubuntu.com/usn/usn-2771-1/
CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in content/content ...)
	NOT-FOR-US: Symphony CMS
CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1. ...)
	NOT-FOR-US: McAfee
CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly  ...)
	NOT-FOR-US: Values module for Drupal
CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote att ...)
	NOT-FOR-US: TYPO3
CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in T ...)
	NOT-FOR-US: TYPO3
CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified fro ...)
	NOT-FOR-US: TYPO3
CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in T ...)
	NOT-FOR-US: TYPO3
CVE-2015-8756 (Cross-site scripting (XSS) vulnerability in the search result view in  ...)
	NOT-FOR-US: TYPO3
CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified bac ...)
	NOT-FOR-US: TYPO3
CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote att ...)
	NOT-FOR-US: Mollom module for Drupal
CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization  ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-8752
	REJECTED
CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg. ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-4
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
	NOTE: fw_cfg support for guest-side data writes removed in 2.4 (1:2.4+dfsg-1a)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
	NOTE: fw_cfg_read removed in: http://git.qemu.org/?p=qemu.git;a=commit;h=6c8d56a2e95712a6206a2671d2b04b2e59cabc0b
CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not prope ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.1-1
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/635682a14427d241bab7bbdeebb48a7d7b91638e (v4.3-rc4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/4
CVE-2016-1569 (FireBird 2.5.5 allows remote authenticated users to cause a denial of  ...)
	- firebird2.5 2.5.5.26952.ds4-3 (bug #810599)
	[jessie] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	[wheezy] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	[squeeze] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #810527)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
	NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certi ...)
	NOT-FOR-US: NetApp
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for An ...)
	NOT-FOR-US: DTE Energy Insight
CVE-2016-1561 (ExaGrid appliances with firmware before 4.8 P26 have a default SSH pub ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2016-1560 (ExaGrid appliances with firmware before 4.8 P26 have a default passwor ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2016-1559 (D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver ...)
	NOT-FOR-US: D-Link
CVE-2016-1558 (Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and ...)
	NOT-FOR-US: D-Link
CVE-2016-1557 (Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless ...)
	NOT-FOR-US: Netgear
CVE-2016-1556 (Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320 ...)
	NOT-FOR-US: Netgear
CVE-2016-1555 ((1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) b ...)
	NOT-FOR-US: Netgear
CVE-2016-1554
	RESERVED
CVE-2016-1553
	RESERVED
CVE-2016-1552
	RESERVED
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f
	NOTE: https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed
	NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
CVE-2016-1551 (ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f9 ...)
	- ntp <not-affected> (Does not affect Linux or FreeBSD)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1550 (An exploitable vulnerability exists in the message authentication func ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1549 (A malicious authenticated peer can create arbitrarily-many ephemeral a ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: additional significant protection went into ntp-4.2.8p11.
CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server with an o ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1547 (An off-path attacker can cause a preemptible client association to be  ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1546 (The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, d ...)
	- apache2 2.4.20-1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: Upstream commit: http://svn.apache.org/viewvc?view=revision&revision=1733727
	NOTE: Upsteam backport for 2.4.x: http://svn.apache.org/viewvc?view=revision&revision=1734413
CVE-2016-1545
	RESERVED
CVE-2016-1544 (nghttp2 before 1.7.1 allows remote attackers to cause a denial of serv ...)
	- nghttp2 1.7.1-1
	[jessie] - nghttp2 <no-dsa> (Minor issue)
	NOTE: Fix spread across multiple commits: https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1
	NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this issue, cf.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3
CVE-2016-1543 (The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA ...)
	NOT-FOR-US: BMC
CVE-2016-1542 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8. ...)
	NOT-FOR-US: BMC
CVE-2016-1541 (Heap-based buffer overflow in the zip_read_mac_metadata function in ar ...)
	{DSA-3574-1}
	[experimental] - libarchive 3.2.0-1
	- libarchive 3.1.2-11.1 (bug #823893)
	[wheezy] - libarchive <not-affected> (Vulnerable code not present)
	NOTE: keeping the experimental tracking version as well since maintainer said not to merge NMU changelog
	NOTE: http://www.kb.cert.org/vuls/id/862384
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0155/
	NOTE: https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 (v3.2.0)
	NOTE: Feature added in https://github.com/libarchive/libarchive/commit/1399a59680fa2dfca68764468ed0bcaa0331fde7
CVE-2016-1540
	RESERVED
CVE-2016-1539
	RESERVED
CVE-2016-1538
	RESERVED
CVE-2016-1537
	RESERVED
CVE-2016-1536
	RESERVED
CVE-2016-1535
	RESERVED
CVE-2016-1534
	RESERVED
CVE-2016-1533
	RESERVED
CVE-2016-1532
	RESERVED
CVE-2016-1531 (Exim before 4.86.2, when installed setuid root, allows local users to  ...)
	{DSA-3517-1}
	- exim4 4.86.2-1
	NOTE: https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
CVE-2016-1530
	RESERVED
CVE-2016-1529
	RESERVED
CVE-2016-1528
	RESERVED
CVE-2016-1527
	RESERVED
CVE-2016-1526 (The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graph ...)
	{DSA-3491-1 DSA-3479-1 DSA-3477-1}
	- graphite2 1.3.5-1
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
	NOTE: Talos Blog mentions this CVE, but it is not listed in
	NOTE: http://talosintel.com/vulnerability-reports/
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1525 (Directory traversal vulnerability in data/config/image.do in NETGEAR M ...)
	NOT-FOR-US: NETGEAR Management System NMS300
CVE-2016-1524 (Multiple unrestricted file upload vulnerabilities in NETGEAR Managemen ...)
	NOT-FOR-US: NETGEAR Management System NMS300
CVE-2016-1523 (The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Gra ...)
	{DSA-3491-1 DSA-3479-1 DSA-3477-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0059/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1522 (Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefo ...)
	{DSA-3479-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0057/
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0060/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1521 (The directrun function in directmachine.cpp in Libgraphite in Graphite ...)
	{DSA-3479-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0058/
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1520 (The Grandstream Wave app 1.0.1.26 and earlier for Android does not use ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app 1.0.1.26  ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 a ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service (seg ...)
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872043)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <no-dsa> (Minor issue)
	[wheezy] - opencv <no-dsa> (Minor issue)
	NOTE: https://arxiv.org/pdf/1701.04739.pdf
	NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute  ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872043)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://arxiv.org/pdf/1701.04739.pdf
	NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1515
	REJECTED
CVE-2016-1514
	REJECTED
CVE-2016-1513 (The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote  ...)
	{DLA-591-1}
	- libreoffice 1:4.3.3-1
	NOTE: http://www.openoffice.org/security/cves/CVE-2016-1513.html
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0051/
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=fd64d444b730f6cb7216dac8f6e3f9
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=adbdac2dd6799789a45cd3b6ca48919889a8b64d (origin/libreoffice-4-3-3)
	NOTE: Fixed at least in 4.3.3 based version, maybe alredy earlier.
CVE-2016-1512
	RESERVED
CVE-2016-1511
	RESERVED
CVE-2016-1510
	RESERVED
CVE-2016-1509
	RESERVED
CVE-2016-1508
	RESERVED
CVE-2016-1507
	RESERVED
CVE-2016-1506
	RESERVED
CVE-2016-1502 (NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to part ...)
	NOT-FOR-US: NetApp
CVE-2016-1497 (The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software GRA-TL00 be ...)
	NOT-FOR-US: Huawei
CVE-2016-1495 (Integer overflow in the graphics drivers in Huawei Mate S smartphones  ...)
	NOT-FOR-US: Huawei
CVE-2016-1564 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/cla ...)
	{DSA-3444-1}
	- wordpress 4.4.1+dfsg-1 (bug #810325)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36185
	NOTE: https://wpvulndb.com/vulnerabilities/8358
	NOTE: https://twitter.com/brutelogic/status/685105483397619713
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/08/3
CVE-2015-XXXX [use after free / double free]
	- lighttpd 1.4.39-1
	[jessie] - lighttpd <not-affected> (Regression introduced in 1.4.36)
	[wheezy] - lighttpd <not-affected> (Regression introduced in 1.4.36)
	[squeeze] - lighttpd <not-affected> (Regression introduced in 1.4.36)
	NOTE: http://redmine.lighttpd.net/issues/2700
	NOTE: Introduced in 1.4.36: http://web.archive.org/web/20150906061055/http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2976
CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x befor ...)
	- dhcpcd5 6.10.1-1 (bug #810621)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
	- dhcpcd <not-affected> (Vulnerable code not present)
	NOTE: https://dev.marples.name/rDHC1475a702df74b120db847991bc011e3441a045b8
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of serv ...)
	- dhcpcd5 6.10.1-1 (bug #810620)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
	- dhcpcd <not-affected> (Vulnerable code not present)
	[squeeze] - dhcpcd <not-affected> (Vulnerable code not present)
	NOTE: https://dev.marples.name/rDHC33c03b26c01201152774ef92e7b773281b8d8443
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-XXXX [Missing normalization]
	- ruby-rack-attack 4.3.1-1
	NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/1
CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authe ...)
	- owncloud 7.0.12~dfsg-2
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-004
CVE-2016-1500 (ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5 ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-1
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-003
CVE-2016-1499 (ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8. ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-2
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-002
CVE-2016-1498 (Cross-site scripting (XSS) vulnerability in the OCS discovery provider ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-1
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
CVE-2016-1493 (Intel Driver Update Utility before 2.4 retrieves driver updates in cle ...)
	NOT-FOR-US: Intel Driver Update Utility
CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when  ...)
	NOT-FOR-US: Lenovo
CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when conf ...)
	NOT-FOR-US: Lenovo
CVE-2016-1490 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows rem ...)
	NOT-FOR-US: Lenovo
CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww f ...)
	NOT-FOR-US: Lenovo
CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the inte ...)
	NOT-FOR-US: Siemens
CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons  ...)
	NOT-FOR-US: Lexmark
CVE-2016-1486 (A vulnerability in the email attachment scanning functionality of the  ...)
	NOT-FOR-US: Siemens OZW OZW672
CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...)
	NOT-FOR-US: Cisco
CVE-2016-1484 (Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass inte ...)
	NOT-FOR-US: Cisco
CVE-2016-1483 (Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a den ...)
	NOT-FOR-US: Cisco
CVE-2016-1482 (Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arb ...)
	NOT-FOR-US: Cisco
CVE-2016-1481 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-1480 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...)
	NOT-FOR-US: Cisco
CVE-2016-1479 (Cisco IP Phone 8800 devices with software 11.0(1) allow remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2016-1478 (Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not prop ...)
	NOT-FOR-US: Cisco
CVE-2016-1477 (Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated  ...)
	NOT-FOR-US: Cisco
CVE-2016-1476 (Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 device ...)
	NOT-FOR-US: Cisco
CVE-2016-1475
	RESERVED
CVE-2016-1474 (Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IF ...)
	NOT-FOR-US: Cisco
CVE-2016-1473 (Cisco Small Business 220 devices with firmware before 1.0.1.1 have a h ...)
	NOT-FOR-US: Cisco
CVE-2016-1472 (The web-based management interface on Cisco Small Business 220 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1471 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1470 (Cross-site request forgery (CSRF) vulnerability in the web-based manag ...)
	NOT-FOR-US: Cisco
CVE-2016-1469 (The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows  ...)
	NOT-FOR-US: Cisco
CVE-2016-1468 (The administrative web interface in Cisco TelePresence Video Communica ...)
	NOT-FOR-US: Cisco
CVE-2016-1467 (Cisco Videoscape Session Resource Manager (VSRM) allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2016-1466 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU ...)
	NOT-FOR-US: Cisco
CVE-2016-1465 (Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2( ...)
	NOT-FOR-US: Cisco
CVE-2016-1464 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled,  ...)
	NOT-FOR-US: Cisco
CVE-2016-1463 (Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 al ...)
	NOT-FOR-US: Cisco
CVE-2016-1462 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1461 (Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0- ...)
	NOT-FOR-US: Cisco
CVE-2016-1460 (Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220 ...)
	NOT-FOR-US: Cisco
CVE-2016-1459 (Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allo ...)
	NOT-FOR-US: Cisco
CVE-2016-1458 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x bef ...)
	NOT-FOR-US: Cisco
CVE-2016-1457 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x bef ...)
	NOT-FOR-US: Cisco
CVE-2016-1456 (The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execut ...)
	NOT-FOR-US: Cisco
CVE-2016-1455 (Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an ...)
	NOT-FOR-US: Cisco
CVE-2016-1454 (Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000 ...)
	NOT-FOR-US: Cisco
CVE-2016-1453 (Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feat ...)
	NOT-FOR-US: Cisco
CVE-2016-1452 (Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote  ...)
	NOT-FOR-US: Cisco
CVE-2016-1451 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1450 (Cisco WebEx Meetings Server 2.6 allows remote authenticated users to c ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1449 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Serve ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1448 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meeting ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1447 (Cross-site scripting (XSS) vulnerability in the administrator interfac ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1446 (SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows  ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1445 (Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 a ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1444 (The Mobile and Remote Access (MRA) component in Cisco TelePresence Vid ...)
	NOT-FOR-US: Cisco
CVE-2016-1443 (The virtual network stack on Cisco AMP Threat Grid Appliance devices b ...)
	NOT-FOR-US: Cisco
CVE-2016-1442 (The administrative web interface in Cisco Prime Infrastructure (PI) be ...)
	NOT-FOR-US: Cisco
CVE-2016-1441 (Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Conf ...)
	NOT-FOR-US: Cisco
CVE-2016-1440 (The proxy process on Cisco Web Security Appliance (WSA) devices throug ...)
	NOT-FOR-US: Cisco
CVE-2016-1439 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2016-1438 (Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allo ...)
	NOT-FOR-US: Cisco
CVE-2016-1437 (SQL injection vulnerability in the SQL database in Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2016-1436 (The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) im ...)
	NOT-FOR-US: Cisco
CVE-2016-1435 (Cisco 8800 phones with software 11.0(1) do not properly enforce mounte ...)
	NOT-FOR-US: Cisco
CVE-2016-1434 (The license-certificate upload functionality on Cisco 8800 phones with ...)
	NOT-FOR-US: Cisco
CVE-2016-1433 (Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1432 (Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devic ...)
	NOT-FOR-US: Cisco
CVE-2016-1431 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2016-1430 (Cisco RV180 and RV180W devices allow remote authenticated users to exe ...)
	NOT-FOR-US: Cisco
CVE-2016-1429 (Directory traversal vulnerability in the web interface on Cisco RV180  ...)
	NOT-FOR-US: Cisco
CVE-2016-1428 (Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allo ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1427 (The System Configuration Protocol (SCP) core messaging interface in Ci ...)
	NOT-FOR-US: Cisco Prime Network Registrar
CVE-2016-1426 (Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1425 (Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S  ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1424 (Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1423 (A vulnerability in the display of email messages in the Messages in Qu ...)
	NOT-FOR-US: Cisco ESA
CVE-2016-1422
	RESERVED
CVE-2016-1421 (A vulnerability in the web application for Cisco IP Phones could allow ...)
	NOT-FOR-US: Cisco
CVE-2016-1420 (The installation component on Cisco Application Policy Infrastructure  ...)
	NOT-FOR-US: Cisco
CVE-2016-1419 (Cisco Access Point devices with software 8.2(102.43) allow remote atta ...)
	NOT-FOR-US: Cisco
CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...)
	NOT-FOR-US: Cisco
CVE-2016-1417 (Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mis ...)
	NOT-FOR-US: Cisco Prime
CVE-2016-1415 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled,  ...)
	NOT-FOR-US: Cisco
CVE-2016-1414
	RESERVED
CVE-2016-1413 (The web interface in Cisco Firepower Management Center 5.4.0 through 6 ...)
	NOT-FOR-US: Cisco
CVE-2016-1412
	RESERVED
CVE-2016-1411 (A vulnerability in the update functionality of Cisco AsyncOS Software  ...)
	NOT-FOR-US: Cisco
CVE-2016-1410 (Cisco WebEx Meeting Center Original Release Base allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco
CVE-2016-1408 (Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Ne ...)
	NOT-FOR-US: Cisco
CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services  ...)
	NOT-FOR-US: Cisco
CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware  ...)
	- clamav 0.99+dfsg-1
CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invict ...)
	NOT-FOR-US: Cisco
CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local user ...)
	NOT-FOR-US: Cisco
CVE-2016-1402 (The Active Directory (AD) integration component in Cisco Identity Serv ...)
	NOT-FOR-US: Cisco
CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2016-1400 (Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7. ...)
	NOT-FOR-US: Cisco
CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15 ...)
	NOT-FOR-US: Cisco
CVE-2016-1398 (Buffer overflow in the web-based management interface on Cisco RV110W  ...)
	NOT-FOR-US: Cisco
CVE-2016-1397 (Buffer overflow in the web-based management interface on Cisco RV110W  ...)
	NOT-FOR-US: Cisco
CVE-2016-1396 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1395 (The web-based management interface on Cisco RV110W devices with firmwa ...)
	NOT-FOR-US: Cisco
CVE-2016-1394 (Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded ac ...)
	NOT-FOR-US: Cisco Firepower System Software
CVE-2016-1393 (SQL injection vulnerability in Cisco Cloud Network Automation Provisio ...)
	NOT-FOR-US: Cisco
CVE-2016-1392 (Open redirect vulnerability in Cisco Prime Collaboration Assurance Sof ...)
	NOT-FOR-US: Cisco
CVE-2016-1391 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-fi ...)
	NOT-FOR-US: Cisco
CVE-2016-1390 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-fi ...)
	NOT-FOR-US: Cisco
CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6  ...)
	NOT-FOR-US: Cisco
CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-fi ...)
	NOT-FOR-US: Cisco
CVE-2016-1387 (The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3 ...)
	NOT-FOR-US: Cisco
CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller Enterpri ...)
	NOT-FOR-US: Cisco
CVE-2016-1385 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software thr ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 throu ...)
	NOT-FOR-US: Cisco
CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WS ...)
	NOT-FOR-US: Cisco
CVE-2016-1382 (Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security App ...)
	NOT-FOR-US: Cisco
CVE-2016-1381 (Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web S ...)
	NOT-FOR-US: Cisco
CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) dev ...)
	NOT-FOR-US: Cisco
CVE-2016-1379 (Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mis ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attacker ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1377 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection thr ...)
	NOT-FOR-US: Cisco
CVE-2016-1376 (Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows ...)
	NOT-FOR-US: Cisco
CVE-2016-1375 (Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability  ...)
	NOT-FOR-US: Cisco
CVE-2016-1374 (The web framework in Cisco Unified Computing System (UCS) Performance  ...)
	NOT-FOR-US: Cisco
CVE-2016-1373 (The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8. ...)
	NOT-FOR-US: Cisco
CVE-2016-1372 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to c ...)
	{DLA-546-1}
	- clamav 0.99.2+dfsg-1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1371 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to c ...)
	{DLA-546-1}
	- clamav 0.99.2+dfsg-1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculate ...)
	NOT-FOR-US: Cisco
CVE-2016-1369 (The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Servic ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1368 (Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x throug ...)
	NOT-FOR-US: Cisco
CVE-2016-1367 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ( ...)
	NOT-FOR-US: Cisco
CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Networ ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2016-1365 (The Grapevine update process in Cisco Application Policy Infrastructur ...)
	NOT-FOR-US: Cisco
CVE-2016-1364 (Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD)  ...)
	NOT-FOR-US: Cisco
CVE-2016-1363 (Buffer overflow in the redirection functionality in Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2016-1362 (Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless L ...)
	NOT-FOR-US: Cisco
CVE-2016-1361 (Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 device ...)
	NOT-FOR-US: Cisco
CVE-2016-1360 (Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same  ...)
	NOT-FOR-US: Cisco
CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated users to ex ...)
	NOT-FOR-US: Cisco
CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authen ...)
	NOT-FOR-US: Cisco
CVE-2016-1357 (The password-management administration component in Cisco Policy Suite ...)
	NOT-FOR-US: Cisco
CVE-2016-1356 (Cisco FireSIGHT System Software 6.1.0 does not use a constant-time alg ...)
	NOT-FOR-US: Cisco
CVE-2016-1355 (Cross-site scripting (XSS) vulnerability in the Device Management UI i ...)
	NOT-FOR-US: Cisco
CVE-2016-1354 (Cross-site scripting (XSS) vulnerability in Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite for Inte ...)
	NOT-FOR-US: Cisco Videoscape Distribution Suite
CVE-2016-1352 (Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earl ...)
	NOT-FOR-US: Cisco
CVE-2016-1351 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2016-1350 (Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unif ...)
	NOT-FOR-US: Cisco
CVE-2016-1349 (The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1348 (Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote a ...)
	NOT-FOR-US: Cisco
CVE-2016-1347 (The Wide Area Application Services (WAAS) Express implementation in Ci ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1346 (The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobil ...)
	NOT-FOR-US: Cisco
CVE-2016-1345 (Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FireP ...)
	NOT-FOR-US: Cisco Firepower
CVE-2016-1344 (The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1343 (The XML parser in Cisco Information Server (CIS) 6.2 allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2016-1342 (The device login page in Cisco FirePOWER Management Center 5.3 through ...)
	NOT-FOR-US: Cisco
CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fa ...)
	NOT-FOR-US: Cisco
CVE-2016-1340 (Heap-based buffer overflow in Cisco Unified Computing System (UCS) Pla ...)
	NOT-FOR-US: Cisco
CVE-2016-1339 (Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0( ...)
	NOT-FOR-US: Cisco
CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2  ...)
	NOT-FOR-US: Cisco
CVE-2016-1337 (Cisco EPC3928 devices allow remote attackers to obtain sensitive confi ...)
	NOT-FOR-US: Cisco
CVE-2016-1336 (goform/Docsis_system on Cisco EPC3928 devices allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x b ...)
	NOT-FOR-US: Cisco StarOS
CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmware 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1332
	REJECTED
CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
	NOT-FOR-US: Cisco Emergency Responder
CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote a ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1329 (Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and  ...)
	NOT-FOR-US: Cisco Nexus
CVE-2016-1328 (goform/WClientMACList on Cisco EPC3928 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1327 (Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1326 (The administration interface on Cisco DPQ3925 devices with firmware r1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1325 (The administration interface on Cisco DPC3939B and DPC3941 devices all ...)
	NOT-FOR-US: Cisco
CVE-2016-1324 (The REST interface in Cisco Spark 2015-06 allows remote attackers to c ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1323 (The REST interface in Cisco Spark 2015-06 allows remote authenticated  ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1322 (The REST interface in Cisco Spark 2015-07-04 allows remote attackers t ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1321 (Cisco Universal Small Cell devices with firmware R2.12 through R3.5 co ...)
	NOT-FOR-US: Cisco
CVE-2016-1320 (The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users t ...)
	NOT-FOR-US: Cisco
CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28) ...)
	NOT-FOR-US: Cisco
CVE-2016-1318 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy I ...)
	NOT-FOR-US: Cisco
CVE-2016-1317 (Cisco Unified Communications Manager 11.5(0.98000.480) allows remote a ...)
	NOT-FOR-US: Cisco
CVE-2016-1316 (Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, ...)
	NOT-FOR-US: Cisco
CVE-2016-1315 (The proxy engine in Cisco Advanced Malware Protection (AMP), when used ...)
	NOT-FOR-US: Cisco
CVE-2016-1314 (Cross-site scripting (XSS) vulnerability in Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2016-1313 (Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta S ...)
	NOT-FOR-US: Cisco
CVE-2016-1312 (The HTTPS inspection engine in the Content Security and Control Securi ...)
	NOT-FOR-US: Cisco
CVE-2016-1311 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2016-1310 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11. ...)
	NOT-FOR-US: Cisco
CVE-2016-1309 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Mee ...)
	NOT-FOR-US: Cisco
CVE-2016-1308 (SQL injection vulnerability in Cisco Unified Communications Manager 10 ...)
	NOT-FOR-US: Cisco
CVE-2016-1307 (The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and U ...)
	NOT-FOR-US: Cisco
CVE-2016-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Direc ...)
	NOT-FOR-US: Cisco
CVE-2016-1305 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy I ...)
	NOT-FOR-US: Cisco
CVE-2016-1304 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10. ...)
	NOT-FOR-US: Cisco
CVE-2016-1303 (The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1302 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
	NOT-FOR-US: Cisco
CVE-2016-1301 (The RBAC implementation in Cisco ASA-CX Content-Aware Security softwar ...)
	NOT-FOR-US: Cisco
CVE-2016-1300 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC ...)
	NOT-FOR-US: Cisco
CVE-2016-1299 (The web-management GUI implementation on Cisco Small Business SG300 de ...)
	NOT-FOR-US: Cisco
CVE-2016-1298 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2016-1297 (The Device Manager GUI in Cisco Application Control Engine (ACE) 4710  ...)
	NOT-FOR-US: Cisco
CVE-2016-1296 (The proxy engine on Cisco Web Security Appliance (WSA) devices with so ...)
	NOT-FOR-US: Cisco
CVE-2016-1295 (Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2016-1294 (Cross-site scripting (XSS) vulnerability in the Management Center in C ...)
	NOT-FOR-US: Cisco
CVE-2016-1293 (Multiple cross-site scripting (XSS) vulnerabilities in the Management  ...)
	NOT-FOR-US: Cisco
CVE-2016-1292
	RESERVED
CVE-2016-1291 (Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Prog ...)
	NOT-FOR-US: Cisco
CVE-2016-1290 (The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-1289 (The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Prog ...)
	NOT-FOR-US: Cisco Prime
CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x befo ...)
	NOT-FOR-US: Cisco Web Security Appliance
CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA So ...)
	NOT-FOR-US: Cisco ASA
CVE-2016-1286 (named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allo ...)
	{DSA-3511-1}
	- bind9 1:9.10.3.dfsg.P4-6
	NOTE: https://kb.isc.org/article/AA-01353
CVE-2016-1285 (named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does ...)
	{DSA-3511-1}
	- bind9 1:9.10.3.dfsg.P4-6
	NOTE: https://kb.isc.org/article/AA-01352
CVE-2016-1284 (rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9. ...)
	- bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/article/AA-01348
CVE-2016-1505 (The filesystem storage backend in Radicale before 1.1 on Windows allow ...)
	- radicale <not-affected> (Only an issue on MS Windows)
CVE-2015-8764 (Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 ...)
	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
	NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8763 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...)
	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
	NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8762 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...)
	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
	NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8751 (Integer overflow in the jas_matrix_create function in JasPer allows co ...)
	- jasper 1.900.1-5.1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294039
	NOTE: In 1.900.1-5.1 this issue was fixed as part of the patch for CVE-2008-3520
	NOTE: like other distribution did.
CVE-2015-8750 (libdwarf 20151114 and earlier allows remote attackers to cause a denia ...)
	{DLA-669-1 DLA-388-1}
	- dwarfutils 20160507-1 (bug #813182)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264
	NOTE: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697
CVE-2015-8749 (The volume_utils._parse_volume_info function in OpenStack Compute (Nov ...)
	- nova 2:13.0.0~rc3-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1516765
	NOTE: Affects: >= 2014.2 <= 2015.1.2, ==12.0.0
CVE-2015-8748 (Radicale before 1.1 allows remote authenticated users to bypass owner_ ...)
	{DSA-3462-1 DLA-403-1}
	- radicale 1.1.1-1 (bug #809920)
CVE-2015-8747 (The multifilesystem storage backend in Radicale before 1.1 allows remo ...)
	{DSA-3462-1 DLA-403-1}
	- radicale 1.1.1-1 (bug #809920)
CVE-2015-8746 (fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 d ...)
	- linux 4.3.1-1
	[jessie] - linux 3.16.7-ckt20-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1295802
	NOTE: Fixed by: https://git.kernel.org/linus/18e3b739fdc826481c6a1335ce0c5b19b3d415da (v4.3-rc1)
	NOTE: Fixed as well in v3.16.7-ckt18 (commit: 6a64d8c4c07c176abee384803f28fa1507963369)
	NOTE: Introduced by: https://git.kernel.org/linus/ec011fe847347b40c60fdb5085f65227762e2e08 (v3.13-rc1)
CVE-2016-1494 (The verify function in the RSA package for Python (Python-RSA) before  ...)
	- python-rsa 3.2.3-1.1 (bug #809980)
	[jessie] - python-rsa 3.1.4-1+deb8u1
	NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
	NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
CVE-2015-8604 (SQL injection vulnerability in the host_new_graphs function in graphs_ ...)
	{DSA-3494-1 DLA-386-1}
	- cacti 0.8.8f+ds1-4
	NOTE: http://bugs.cacti.net/view.php?id=2652
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8
CVE-2016-1282
	RESERVED
CVE-2016-1281 (Untrusted search path vulnerability in the installer for TrueCrypt 7.2 ...)
	NOT-FOR-US: Truecrypt
CVE-2015-8742 (The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c  ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-60.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d48b0eff28c995947ac3f8d842ddd9b50dd5798d
CVE-2015-8741 (The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI di ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2290eba5cb25f927f9142680193ac1158d35506e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11876
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-59.html
CVE-2015-8740 (The dissect_tds7_colmetadata_token function in epan/dissectors/packet- ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e78093f69f1e95df919bbe644baa06c7e4e720c0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11846
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-58.html
CVE-2015-8739 (The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the  ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96bf82ced0b58c7a4c2a6c300efeebe4f05c0ff4
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11831
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-57.html
CVE-2015-8738 (The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packe ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=858c3f0079f987833fb22eba2c361d1a88ba4103
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11823
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-56.html
CVE-2015-8737 (The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wi ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e3fc691368af60bbbaec9e038ee6a6d3b7707955
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11821
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-55.html
CVE-2015-8736 (The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file par ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=baa3eab78b422616a92ee38551c1b1510dca4ccb
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11820
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-54.html
CVE-2015-8735 (The get_value function in epan/dissectors/packet-btatt.c in the Blueto ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-53.html
CVE-2015-8734 (The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP di ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2c889abe0219fc162659e106c5b95deb6268f3
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11726
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-52.html
CVE-2015-8733 (The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sn ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=53a3e53fce30523d11ab3df319fba7b75d63076f
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-51.html
CVE-2015-8732 (The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/p ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9352616ec9742f2ed3d2802d0c8c100d51ca410b
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-50.html
CVE-2015-8731 (The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c i ...)
	{DSA-3516-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-49.html
	NOTE: fix released in 2.0.1 is incomplete, but the rest is tracked under CVE-2016-2530
CVE-2015-8730 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12. ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d2644aef369af0667220b5bd69996915b29d753d
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-48.html
CVE-2015-8729 (The ascend_seek function in wiretap/ascendtext.c in the Ascend file pa ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-47.html
CVE-2015-8728 (The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in t ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-46.html
CVE-2015-8727 (The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in t ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56baca60271379cb97f6a4a6bf72eb526e8b52d0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11793
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-45.html
CVE-2015-8726 (wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1 ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-44.html
CVE-2015-8725 (The dissect_diameter_base_framed_ipv6_prefix function in epan/dissecto ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=aaa28a9d39158ca1033bbd3372cf423abbf4f202
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-43.html
CVE-2015-8724 (The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c i ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83f2818118ae255db949bb3a4b3a26ebd1c5f7c5
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html
	NOTE: Not suitable for code injection
CVE-2015-8723 (The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802 ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b283181c63cb28bc6f58d80315eccca6650da0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html
CVE-2015-8722 (epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12. ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2259bf8a827088081bef101f98e4983de8aa8099
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b32d505a59475d51d9b2bed5f0869d2d154e8b6
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-41.html
CVE-2015-8721 (Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c i ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-40.html
CVE-2015-8720 (The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=921bb07115fbffc081ec56a5022b4a9d58db6d39
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-39.html
CVE-2015-8719 (The dissect_dns_answer function in epan/dissectors/packet-dns.c in the ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30651ab18b42e666f57ea239e58f3ff3a5e9c4ad
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-38.html
CVE-2015-8718 (Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM d ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81dfe6d450ada42d12f20ac26a6d8ae2302df37e
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-37.html
CVE-2015-8717 (The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP di ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ddd92b6f8f587325b9e14598658626f3a007c5c
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-36.html
CVE-2015-8716 (The init_t38_info_conv function in epan/dissectors/packet-t38.c in the ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb6ccb1b0c4ad02b828652c3fe6e8d51c30a315e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-35.html
CVE-2015-8715 (epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40caff2d1fb08262c84aaaa8ac584baa8866dd7c
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-34.html
CVE-2015-8714 (The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in t ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d34267d0503a67235bf259fd2f2f2d2bb8b18cf5
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-33.html
CVE-2015-8713 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67b6d4f7e6f2117b40957fd51518aa2a3e659002
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html
CVE-2015-8712 (The dissect_hsdsch_channel_info function in epan/dissectors/packet-umt ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ae329a47b7f0ac94089c23e79c6b8bc18ba80ea
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html
CVE-2015-8711 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12. ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-31.html
CVE-2015-8707 (Password reset tokens in Magento CE before 1.9.2.2, and Magento EE bef ...)
	NOT-FOR-US: Magento
CVE-2015-8744 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC  ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48 (v2.5.0-rc0)
	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8745 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC  ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c (v2.5.0-rc0)
	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8743 (QEMU (aka Quick Emulator) built with the NE2000 device emulation suppo ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #810519)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1264929
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
	NOTE: Introduced by (at least after): http://git.qemu.org/?p=qemu.git;a=commit;h=69b910399a3c40620a5213adaeb14a37366d97ac
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/1
CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...)
	{DSA-3537-1 DLA-401-1}
	- imlib2 1.4.7-1
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49
CVE-2014-9763 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...)
	{DSA-3537-1 DLA-401-1}
	- imlib2 1.4.7-1
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2
CVE-2014-9762 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...)
	{DSA-3537-1 DLA-401-1}
	- imlib2 1.4.7-1
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56
CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka glibc  ...)
	{DLA-411-1}
	- glibc 2.23-1 (bug #813187)
	[jessie] - glibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
	NOTE: Fixed for 2.23 upstream
CVE-2014-9760 (Cross-site scripting (XSS) vulnerability in the displayLogin function  ...)
	- gosa 2.7.4+reloaded1-5
	[wheezy] - gosa 2.7.4-4.3~deb7u2
	[squeeze] - gosa 2.6.11-3+squeeze4
	NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5
	NOTE: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732
CVE-2014-9759 (Incomplete blacklist vulnerability in the config_is_private function i ...)
	- mantis <not-affected> (Affects >= 1.3.0-beta.1)
	NOTE: http://github.com/mantisbt/mantisbt/commit/7927c275
	NOTE: https://sourceforge.net/p/mantisbt/mailman/message/32948048/
	NOTE: https://mantisbt.org/bugs/view.php?id=20277
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/02/1
CVE-2016-1283 (The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles t ...)
	- pcre3 2:8.38-3.1 (bug #809706)
	[jessie] - pcre3 2:8.35-3.3+deb8u3
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Introduced after http://vcs.pcre.org/pcre?view=revision&revision=1361
	- pcre2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1767
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1636
CVE-2016-1280 (PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D3 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1279 (J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 bef ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1278 (Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to " ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1277 (Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1276 (Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1275 (Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 befo ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1274 (Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches all ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1273 (Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1272
	RESERVED
CVE-2016-1271 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3  ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1270 (The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before  ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1269 (Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1268 (The administrative web services interface in Juniper ScreenOS before 6 ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2016-1267 (Race condition in the RPC functionality in Juniper Junos OS before 12. ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1266
	RESERVED
CVE-2016-1265 (A remote unauthenticated network based attacker with access to Junos S ...)
	NOT-FOR-US: Juniper
CVE-2016-1264 (Race condition in the Op command in Juniper Junos OS before 12.1X44-D5 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1263 (Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1262 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X ...)
	NOT-FOR-US: Juniper
CVE-2016-1261 (J-Web does not validate certain input that may lead to cross-site requ ...)
	NOT-FOR-US: Juniper
CVE-2016-1260 (Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 1 ...)
	NOT-FOR-US: Juniper
CVE-2016-1259
	RESERVED
CVE-2016-1258 (Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44- ...)
	NOT-FOR-US: Juniper
CVE-2016-1257 (The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 b ...)
	NOT-FOR-US: Juniper
CVE-2016-1256 (Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X ...)
	NOT-FOR-US: Juniper
CVE-2015-8706
	RESERVED
CVE-2015-8705 (buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logg ...)
	- bind9 <not-affected> (Only affects 9.10.0->9.10.3-P2)
	NOTE: https://kb.isc.org/article/AA-01336
CVE-2015-8704 (apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.1 ...)
	{DSA-3449-1 DLA-396-1}
	- bind9 1:9.10.3.dfsg.P4-6 (bug #812077)
	NOTE: https://kb.isc.org/article/AA-01335
CVE-2015-8703 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10  ...)
	NOT-FOR-US: ZTE router
CVE-2015-8702 (The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allow ...)
	{DSA-3527-1 DLA-384-1}
	- inspircd 2.0.20-1
	NOTE: https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559
	NOTE: http://www.inspircd.org/2015/04/16/v2019-released.html
CVE-2015-8701 (QEMU (aka Quick Emulator) built with the Rocker switch emulation suppo ...)
	- qemu 1:2.5+dfsg-3 (bug #809313)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
	- qemu-kvm <not-affected> (Vulnerable code introduced after qemu 2.3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
CVE-2015-8700
	RESERVED
CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release Auto ...)
	NOT-FOR-US: CA Release Automation
CVE-2016-1255 (The pg_ctlcluster script in postgresql-common package in Debian wheezy ...)
	{DLA-774-1}
	- postgresql-common 178
	[jessie] - postgresql-common 165+deb8u2
	NOTE: Fix: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee
	NOTE: Testsuite update: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438
CVE-2016-1254 (Tor before 0.2.8.12 might allow remote attackers to cause a denial of  ...)
	{DSA-3741-1 DLA-754-1}
	- tor 0.2.9.8-2 (bug #848847)
	NOTE: https://blog.torproject.org/blog/tor-02812-released
	NOTE: https://trac.torproject.org/projects/tor/ticket/21018
CVE-2016-1253 (The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie  ...)
	{DLA-745-1}
	- most 5.0.0a-3 (bug #848132)
	[jessie] - most 5.0.0a-2.3+deb8u1
CVE-2016-1252 (The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable  ...)
	{DSA-3733-1}
	- apt 1.4~beta2
	[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
CVE-2016-1251 (There is a vulnerability of type use-after-free affecting DBD::mysql ( ...)
	- libdbd-mysql-perl 4.041-1
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
	NOTE: Only an issue with mysql_server_prepare=1
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 (4.041)
CVE-2016-1250
	REJECTED
CVE-2016-1249 (The DBD::mysql module before 4.039 for Perl, when using server-side pr ...)
	- libdbd-mysql-perl 4.039-1 (bug #844475)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe (4.039)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
CVE-2016-1248 (vim before patch 8.0.0056 does not properly validate values for the 'f ...)
	{DSA-3722-1 DLA-718-1}
	- vim 2:8.0.0095-1
	- neovim 0.1.6-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
	NOTE: Fixed by (neovim): https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
CVE-2016-1247 (The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx pa ...)
	{DSA-3701-1}
	- nginx 1.10.2-1 (bug #842295)
	[wheezy] - nginx <not-affected> (Introduced by the fix for CVE-2013-0337, not applied)
	NOTE: Issue introduced with the Debian specific fix for CVE-2013-0337 / #701112
	NOTE: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
CVE-2016-1246 (Buffer overflow in the DBD::mysql module before 4.037 for Perl allows  ...)
	{DSA-3684-1 DLA-656-1}
	- libdbd-mysql-perl 4.037-1 (low)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 (4.037)
CVE-2016-1245 (It was discovered that the zebra daemon in Quagga before 1.0.20161017  ...)
	{DSA-3695-1 DLA-662-1}
	- quagga 1.0.20160315-3 (bug #841162)
	NOTE: Fixed by: https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
	NOTE: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html
CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute a ...)
	{DSA-3676-1 DLA-631-1}
	- unadf 0.7.11a-4 (bug #838248)
CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
	{DSA-3676-1 DLA-631-1}
	- unadf 0.7.11a-4 (bug #838248)
CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)
	{DSA-3656-1 DLA-607-1}
	- tryton-server 4.0.4-1
CVE-2016-1241 (Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3. ...)
	{DSA-3656-1}
	- tryton-server 4.0.4-1
	[wheezy] - tryton-server <not-affected> (password_hash field introduced in 3.2 series)
CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 a ...)
	{DSA-3670-1 DSA-3669-1 DLA-623-1 DLA-622-1}
	- tomcat8 8.0.36-3
	- tomcat7 7.0.70-3
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
	RESERVED
	- duck 0.10
	[jessie] - duck 0.7+deb8u1
	NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3)  ...)
	{DSA-3628-1 DLA-1578-1 DLA-584-1 DLA-565-1}
	- perl 5.22.2-3
	- libsys-syslog-perl <removed>
	[jessie] - libsys-syslog-perl 0.33-1+deb8u1
	NOTE: http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/160507
	NOTE: Although more modules and scripts are affected by similar issue and mentioned
	NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived)
	NOTE: and thus not adding more source packages here.
CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypass in ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 (v3.14-rc1)
	NOTE: Prerequisite: https://git.kernel.org/linus/485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f
	NOTE: Fixed by: https://git.kernel.org/linus/999653786df6954a31044528ac3f7a5dadca08f4
CVE-2016-1236 (Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.ph ...)
	{DSA-3572-1 DLA-462-1}
	- websvn <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/22
CVE-2016-1235 (The oarsh script in OAR before 2.5.7 allows remote authenticated users ...)
	{DSA-3543-1}
	- oar 2.5.7-1 (bug #819952)
	NOTE: https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
CVE-2016-1234 (Stack-based buffer overflow in the glob implementation in GNU C Librar ...)
	{DLA-494-1}
	- glibc 2.22-8
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19779
CVE-2016-1233 (An unspecified udev rule in the Debian fuse package in jessie before 2 ...)
	{DSA-3451-1}
	- fuse 2.9.5-1
	[wheezy] - fuse <not-affected> (Problematic permissions via udev rule not set)
	[squeeze] - fuse <not-affected> (Problematic permissions via udev rule not set)
CVE-2016-1232 (The mod_dialback module in Prosody before 0.9.9 does not properly gene ...)
	{DSA-3439-1 DLA-391-1}
	- prosody 0.9.9-1
	NOTE: https://prosody.im/security/advisory_20160108-2/
CVE-2016-1231 (Directory traversal vulnerability in the HTTP file-serving module (mod ...)
	{DSA-3439-1}
	- prosody 0.9.9-1
	[squeeze] - prosody <not-affected> (Vulnerable code not present)
	NOTE: https://prosody.im/security/advisory_20160108-1/
CVE-2016-1230 (Cross-site scripting (XSS) vulnerability in NTT PC Communications WebA ...)
	NOT-FOR-US: NTT
CVE-2016-1229 (Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 throu ...)
	NOT-FOR-US: HumHub
CVE-2016-1228 (Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Den ...)
	NOT-FOR-US: NTT
CVE-2016-1227 (NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV ...)
	NOT-FOR-US: NTT
CVE-2016-1226 (Cross-site scripting (XSS) vulnerability in Trend Micro Internet Secur ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1225 (Trend Micro Internet Security 8 and 10 allows remote attackers to read ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1224 (CRLF injection vulnerability in Trend Micro Worry-Free Business Securi ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1223 (Directory traversal vulnerability in Trend Micro Office Scan 11.0, Wor ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-fo ...)
	NOT-FOR-US: Kobe Beauty
CVE-2016-1221 (Jetstar App for iOS before 3.0.0 does not verify X.509 certificates fr ...)
	NOT-FOR-US: Jetstar App
CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...)
	NOT-FOR-US: Cybozu
CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login aut ...)
	NOT-FOR-US: Cybozu
CVE-2016-1218 (SQL injection vulnerability in Cybozu Garoon before 4.2.2. ...)
	NOT-FOR-US: Cybozu
CVE-2016-1217 (Cross-site scripting (XSS) vulnerability in the "Check available times ...)
	NOT-FOR-US: Cybozu
CVE-2016-1216 (Cross-site scripting (XSS) vulnerability in the "New appointment" func ...)
	NOT-FOR-US: Cybozu
CVE-2016-1215 (Cross-site scripting (XSS) vulnerability in the "User details" functio ...)
	NOT-FOR-US: Cybozu
CVE-2016-1214 (Cross-site scripting (XSS) vulnerability in the "Response request" fun ...)
	NOT-FOR-US: Cybozu
CVE-2016-1213 (The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote a ...)
	NOT-FOR-US: Cybozu
CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI Professio ...)
	NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.3 ...)
	NOT-FOR-US: Epoch Web Mailing List
CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not veri ...)
	NOT-FOR-US: 105 BANK app
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote att ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote atta ...)
	NOT-FOR-US: Apple FileMaker
CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R d ...)
	NOT-FOR-US: I-O DATA
CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-G ...)
	NOT-FOR-US: I-O DATA
CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_fr ...)
	NOT-FOR-US: EC-CUBE plugin
CVE-2016-1204
	RESERVED
CVE-2016-1203
	RESERVED
CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 all ...)
	NOT-FOR-US: Atom Electron
CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0. ...)
	NOT-FOR-US: LOCKON
CVE-2016-1200 (The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows rem ...)
	NOT-FOR-US: LOCKON
CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0 throug ...)
	NOT-FOR-US: LOCKON
CVE-2016-1198 (Photopt for Android before 2.0.1 does not verify SSL certificates. ...)
	NOT-FOR-US: Photopt for Android
CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4 ...)
	NOT-FOR-US: Cybozu
CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated use ...)
	NOT-FOR-US: Cybozu
CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1  ...)
	NOT-FOR-US: Cybozu
CVE-2016-1194 (Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Cybozu
CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Cybozu
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in Cyb ...)
	NOT-FOR-US: Cybozu
CVE-2016-1191 (Directory traversal vulnerability in the Files function in Cybozu Garo ...)
	NOT-FOR-US: Cybozu
CVE-2016-1190 (Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to byp ...)
	NOT-FOR-US: Cybozu
CVE-2016-1189 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated use ...)
	NOT-FOR-US: Cybozu
CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated use ...)
	NOT-FOR-US: Cybozu
CVE-2016-1187 (Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 thro ...)
	NOT-FOR-US: Cybozu
CVE-2016-1186 (Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL ser ...)
	NOT-FOR-US: Kintone mobile for Android
CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android all ...)
	NOT-FOR-US: Cybozu
CVE-2016-1184 (Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for ...)
	NOT-FOR-US: Tokyo Star bank App for Android
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0 ...)
	NOT-FOR-US: NTT
CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not prop ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
	NOTE: https://jvn.jp/en/jp/JVN65044642/
	NOTE: Two conditions must be met to exploit this vulnerability
	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
	NOTE: condition two can be fixed by the following patch:
	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1181 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles mu ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
	NOTE: https://jvn.jp/en/jp/JVN03188560/
	NOTE: Two conditions must be met to exploit this vulnerability
	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
	NOTE: condition two can be fixed by the following patch:
	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-butt ...)
	NOT-FOR-US: Cyber-Will Social-button Premium plugin
CVE-2016-1179 (Cross-site scripting (XSS) vulnerability in the standard template of t ...)
	NOT-FOR-US: appleple a-blog cms
CVE-2016-1178 (The session management of the comment functionality in appleple a-blog ...)
	NOT-FOR-US: appleple a-blog cms
CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and WisePo ...)
	NOT-FOR-US: Falcon WisePoint
CVE-2016-1176 (Buffer overflow in the ActiveX control in Sharp EVA Animeter allows re ...)
	NOT-FOR-US: Sharp EVA Animeter
CVE-2016-1175 (Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player  ...)
	NOT-FOR-US: AQUOS Photo Player
CVE-2016-1174 (Cross-site request forgery (CSRF) vulnerability in the Menubook plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1173 (Cross-site scripting (XSS) vulnerability in the Menubook plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1172 (Cross-site request forgery (CSRF) vulnerability in the Recruit plugin  ...)
	NOT-FOR-US: baserCMS
CVE-2016-1171 (Cross-site scripting (XSS) vulnerability in the Recruit plugin before  ...)
	NOT-FOR-US: baserCMS
CVE-2016-1170 (Cross-site request forgery (CSRF) vulnerability in the Casebook plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1169 (Cross-site scripting (XSS) vulnerability in the Casebook plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP d ...)
	NOT-FOR-US: NEC
CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP d ...)
	NOT-FOR-US: NEC
CVE-2016-1166
	REJECTED
CVE-2016-1165
	REJECTED
CVE-2016-1164
	REJECTED
CVE-2016-1163
	REJECTED
CVE-2016-1162
	REJECTED
CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine Passwo ...)
	NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plug ...)
	NOT-FOR-US: WP Favorite Posts plugin for WordPress
CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build ...)
	NOT-FOR-US: ZOHO
CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH  ...)
	NOT-FOR-US: Corega
CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Lo ...)
	NOT-FOR-US: Log-Chat
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X al ...)
	NOT-FOR-US: LINE
CVE-2016-1155 (HTTP header injection vulnerability in the URLConnection class in Andr ...)
	NOT-FOR-US: Android
CVE-2016-1154 (SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in C ...)
	NOT-FOR-US: Cuore EC-CUBE
CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenti ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1151 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu O ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1150 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL ...)
	NOT-FOR-US: Akerun
CVE-2016-1147
	REJECTED
CVE-2016-1146
	REJECTED
CVE-2016-1145 (Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER  ...)
	NOT-FOR-US: NEC EXPRESSCLUSTER
CVE-2016-1144 (Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM b ...)
	NOT-FOR-US: High Income
CVE-2016-1143 (Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before  ...)
	NOT-FOR-US: Vine MV
CVE-2016-1142 (Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remot ...)
	NOT-FOR-US: Seeds acmailer
CVE-2016-1141 (KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users  ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1140 (KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1139 (Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1138 (CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 a ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1137 (Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 al ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1136 (Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE device ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1135 (Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices  ...)
	NOT-FOR-US: BUFFALO
CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 d ...)
	NOT-FOR-US: BUFFALO
CVE-2016-1133 (CRLF injection vulnerability in the on_req function in lib/handler/red ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/682
	NOTE: https://github.com/h2o/h2o/issues/684
	NOTE: https://github.com/h2o/h2o/pull/684
CVE-2016-1132 (Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify S ...)
	NOT-FOR-US: Shoplat App
CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Librar ...)
	NOT-FOR-US: Takumi Yamada
CVE-2015-8698 (CA Release Automation (formerly LISA Release Automation) 5.0.2 before  ...)
	NOT-FOR-US: CA Release Automation
CVE-2015-8696
	RESERVED
CVE-2015-8695
	RESERVED
CVE-2015-8694
	RESERVED
CVE-2015-8693
	RESERVED
CVE-2015-8692
	RESERVED
CVE-2015-8691
	RESERVED
CVE-2015-8690
	RESERVED
CVE-2015-8689
	RESERVED
CVE-2015-8688 (Gajim before 0.16.5 allows remote attackers to modify the roster and i ...)
	{DSA-3492-1 DLA-413-1}
	- gajim 0.16.5-0.1 (bug #809900)
	NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html
	NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
CVE-2015-8687 (Multiple cross-site scripting (XSS) vulnerabilities in the Management  ...)
	NOT-FOR-US: Alcatel
CVE-2015-8686
	RESERVED
CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...)
	- dolibarr 3.5.8+dfsg1-1 (bug #812449)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/4291
	NOTE: https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
CVE-2015-8684 (Exponent CMS before 2.3.7 does not properly restrict the types of file ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-8682 (The Video0 driver in Huawei P8 smartphones with software GRA-UL00 befo ...)
	NOT-FOR-US: Huawei
CVE-2015-8681 (The ovisp driver in Huawei P8 smartphones with software GRA-TL00 befor ...)
	NOT-FOR-US: Huawei
CVE-2015-8680 (The Graphics driver in Huawei P8 smartphones with software GRA-TL00 be ...)
	NOT-FOR-US: Huawei
CVE-2015-8679 (The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GR ...)
	NOT-FOR-US: Huawei
CVE-2015-8678 (The ION driver in Huawei P8 smartphones with software GRA-TL00 before  ...)
	NOT-FOR-US: ION driver in Huawei P8 smartphones
CVE-2015-8677 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus se ...)
	NOT-FOR-US: Huawei
CVE-2015-8676 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and ...)
	NOT-FOR-US: Huawei
CVE-2015-8675 (Huawei S5300 Campus Series switches with software before V200R005SPH00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8674
	REJECTED
CVE-2015-8673 (Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoi ...)
	NOT-FOR-US: Huawei
CVE-2015-8672 (The presentation transmission permission management mechanism in Huawe ...)
	NOT-FOR-US: Huawei
CVE-2015-8671 (Huawei LogCenter V100R001C10 could allow an authenticated attacker to  ...)
	NOT-FOR-US: Huawei
CVE-2015-8670 (Huawei LogCenter V100R001C10 could allow an authenticated attacker to  ...)
	NOT-FOR-US: Huawei
CVE-2015-8667 (Cross-site scripting (XSS) vulnerability in Reset Your Password module ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-8664 (Integer overflow in the WebCursor::Deserialize function in content/com ...)
	- chromium-browser 47.0.2526.111-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8. ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
	NOTE: For libav in jessie the patch needs to applied in libavcodec/decode.c in line 1884.
CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg befor ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in FFmp ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.3-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8656 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8655 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8654 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8653 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8652 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8651 (Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8650 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8649 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8648 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8647 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8646 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8645 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8644 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8643 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8642 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8641 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8640 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8639 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8638 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8637
	REJECTED
CVE-2015-8636 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8635 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8634 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8633
	RESERVED
CVE-2015-8632
	RESERVED
CVE-2015-8631 (Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MI ...)
	{DSA-3466-1 DLA-423-1}
	- krb5 1.13.2+dfsg-5 (bug #813126)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
CVE-2015-8630 (The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functi ...)
	- krb5 1.13.2+dfsg-5 (bug #813127)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u2
	[wheezy] - krb5 <not-affected> (Vulnerability introduced in 1.12)
	[squeeze] - krb5 <not-affected> (Vulnerability introduced in 1.12)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
	NOTE: Introduced by: https://github.com/krb5/krb5/commit/0780e46fc13dbafa177525164997cd204cc50b51 (krb5-1.12-alpha1)
CVE-2015-8629 (The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in  ...)
	{DSA-3466-1 DLA-423-1}
	- krb5 1.13.2+dfsg-5 (bug #813296)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
CVE-2015-8620 (Heap-based buffer overflow in the Avast virtualization driver (aswSnx. ...)
	NOT-FOR-US: Avast
CVE-2015-8669 (libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12 ...)
	- phpmyadmin 4:4.5.3.1-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2015-6/
	NOTE: non-issue for Debian-packaged version
CVE-2015-8668 (Heap-based buffer overflow in the PackBitsPreEncode function in tif_pa ...)
	{DLA-693-1}
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff 4.0.6-3 (bug #842046)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563
	NOTE: Red Hat say it's only OOB read: https://bugzilla.redhat.com/show_bug.cgi?id=1294425#c1
	NOTE: Red Hat's patch is partially incorrect according to upstream
	NOTE: Issue was also marked as wontfix, because bmp2tiff utility has been removed
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563#c4
	NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=677
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 al ...)
	{DSA-3467-1 DLA-610-1 DLA-402-1}
	- tiff 4.0.6-1 (bug #809021)
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8665 (tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a den ...)
	{DSA-3467-1 DLA-610-1 DLA-402-1}
	- tiff 4.0.6-1 (bug #808968)
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the Q35-chipset-ba ...)
	{DLA-1497-1}
	- qemu 1:2.5+dfsg-1
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (v2.5.0-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1
	NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=23910d3f669d46073b403876e30a7314599633af
CVE-2016-1130 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1129 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1128 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1127 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1126 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1125 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1124 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1123 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1122 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1121 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1120 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1118 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1117 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1116 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1115 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 bef ...)
	NOT-FOR-US: Adobe
CVE-2016-1114 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 bef ...)
	NOT-FOR-US: Adobe
CVE-2016-1113 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-1112 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1111 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1110 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1109 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1108 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1107 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1106 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1105 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1104 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1103 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1102 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1101 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1100 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1099 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1098 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1097 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1096 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1095 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1094 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1086 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1085 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1084 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1083 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1082 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1081 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1080 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1079 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1078 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1077 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1076 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1075 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1074 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1073 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1072 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1071 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1070 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1069 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1068 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1067 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1066 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1065 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1064 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1063 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1062 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1061 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1060 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1059 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1058 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1057 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1056 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1055 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1054 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1053 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1052 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1051 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1050 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1049 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1048 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1047 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1046 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1045 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1044 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1043 (Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat a ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1042 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1041 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1040 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1039 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1038 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1037 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1036 (Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasure ...)
	NOT-FOR-US: Adobe
CVE-2016-1035 (Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which all ...)
	NOT-FOR-US: Adobe
CVE-2016-1034 (The Sync Process in the JavaScript API for Creative Cloud Libraries in ...)
	NOT-FOR-US: Adobe
CVE-2016-1033 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1032 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1031 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1030 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1029 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1028 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1027 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1026 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1025 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1024 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1023 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1022 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1021 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1020 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1019 (Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1018 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1017 (Use-after-free vulnerability in the LoadVars.decode function in Adobe  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1016 (Use-after-free vulnerability in the Transform object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1015 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1014 (Untrusted search path vulnerability in Adobe Flash Player before 18.0. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1013 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1012 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1011 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1010 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1009 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1008 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-1007 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1006 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1004
	REJECTED
CVE-2016-1003
	REJECTED
CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe Flash  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0983 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0982 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0981 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0980 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0979 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0978 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0977 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0976 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0975 (Use-after-free vulnerability in the instanceof function in Adobe Flash ...)
	NOT-FOR-US: Adobe
CVE-2016-0974 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0973 (Use-after-free vulnerability in the URLRequest object implementation i ...)
	NOT-FOR-US: Adobe
CVE-2016-0972 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0971 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and ...)
	NOT-FOR-US: Adobe
CVE-2016-0970 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0969 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0968 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0967 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0966 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0965 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0959 (Use after free vulnerability in Adobe Flash Player Desktop Runtime bef ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote at ...)
	NOT-FOR-US: Adobe
CVE-2016-0957 (Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and  ...)
	NOT-FOR-US: Adobe
CVE-2016-0956 (The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Ex ...)
	NOT-FOR-US: Apache Sling
CVE-2016-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ( ...)
	NOT-FOR-US: Adobe
CVE-2016-0954 (Adobe Digital Editions before 4.5.1 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-0953 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-0952 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-0951 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-0950 (Adobe Connect before 9.5.2 allows remote attackers to spoof the user i ...)
	NOT-FOR-US: Adobe
CVE-2016-0949 (Adobe Connect before 9.5.2 allows remote attackers to have an unspecif ...)
	NOT-FOR-US: Adobe
CVE-2016-0948 (Cross-site request forgery (CSRF) vulnerability in Adobe Connect befor ...)
	NOT-FOR-US: Adobe
CVE-2016-0947 (Untrusted search path vulnerability in Adobe Download Manager, as used ...)
	NOT-FOR-US: Adobe
CVE-2016-0946 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0945 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0944 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0943 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0942 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0941 (Use-after-free vulnerability in the Search object implementation in Ad ...)
	NOT-FOR-US: Adobe
CVE-2016-0940 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-0939 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0938 (The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acroba ...)
	NOT-FOR-US: Adobe
CVE-2016-0937 (Use-after-free vulnerability in the OCG object implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2016-0936 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0935 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14,  ...)
	NOT-FOR-US: Adobe
CVE-2016-0934 (Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat be ...)
	NOT-FOR-US: Adobe
CVE-2016-0933 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0932 (Use-after-free vulnerability in the Doc object implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2016-0931 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel t ...)
	- linux 4.3.3-3
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4)
	NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/23/5
CVE-2015-8659 (The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ...)
	- nghttp2 1.6.0-1
	[jessie] - nghttp2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
	NOTE: Fixed by: https://github.com/tatsuhiro-t/nghttp2/commit/f8c30d022982d089fb90543c0cd5628b161d065d
	NOTE: Introduced at least after: https://github.com/tatsuhiro-t/nghttp2/commit/b2fb888363c08e98aae0638db62cdf7d164ea1d1
CVE-2015-8628 (The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContribution ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T109724
CVE-2015-8627 (MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4,  ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T97897
CVE-2015-8626 (The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x  ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T115522
CVE-2015-8625 (MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4,  ...)
	- mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://phabricator.wikimedia.org/T118032
CVE-2015-8624 (The User::matchEditToken function in includes/User.php in MediaWiki be ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T119309
CVE-2015-8623 (The User::matchEditToken function in includes/User.php in MediaWiki be ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php
CVE-2015-8622 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12,  ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T117899
CVE-2015-8621 (t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_co ...)
	- t-coffee 11.00.8cbe486-2 (low; bug #751579)
	[jessie] - t-coffee <no-dsa> (Minor issue)
	[wheezy] - t-coffee <no-dsa> (Minor issue)
	[squeeze] - t-coffee <not-affected> (version in Squeeze uses system() and umask is handled correctly by sh (as opposed to later versions that use mkdir()))
CVE-2015-8617 (Format string vulnerability in the zend_throw_or_error function in Zen ...)
	- php7.0 7.0.1-1
	NOTE: https://bugs.php.net/bug.php?id=71105
	NOTE: https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e (php-7.0.2RC1)
CVE-2015-8616 (Use-after-free vulnerability in the Collator::sortWithSortKeys functio ...)
	- php7.0 7.0.1-1
	NOTE: https://bugs.php.net/bug.php?id=71020
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
CVE-2015-8697 (stalin 0.11-5 allows local users to write to arbitrary files. ...)
	- stalin <unfixed> (unimportant; bug #808730)
	[squeeze] - stalin <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-8708 (Stack-based buffer overflow in the conv_euctojis function in codeconv. ...)
	- claws-mail 3.13.1-1.1 (bug #811048)
	[jessie] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied)
	[wheezy] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied)
	[squeeze] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied; instead all fixed included in DLA-383-1)
	- macopix <not-affected> (Incomplete fix not applied)
CVE-2015-8614 (Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) co ...)
	{DSA-3452-1 DLA-383-1}
	- claws-mail 3.13.1-1
	- macopix 1.7.4-6
	[jessie] - macopix <no-dsa> (Minor issue)
	[wheezy] - macopix <no-dsa> (Minor issue)
	NOTE: http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82 (3.13.1)
	NOTE: http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=e3ffcb455e0376053451ce968e6c71ef37708222 (not yet in tagged release)
	NOTE: Upstream patch is broken - first comparison uses wrong operator and others appear
	NOTE: to assume wrong maximum character length.
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3584
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
CVE-2015-8611 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and P ...)
	NOT-FOR-US: BIG-IP
CVE-2015-8613 (Stack-based buffer overflow in the megasas_ctrl_get_info function in Q ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-3 (bug #809232)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
	NOTE: LSI Megaraid SAS HBA emulation introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x before ...)
	- golang 2:1.5.3-1 (bug #809168)
	[jessie] - golang <not-affected> (Introduced in 1.5 release)
	[wheezy] - golang <not-affected> (Introduced in 1.5 release)
	NOTE: https://go-review.googlesource.com/#/c/17672/
	NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 doe ...)
	{DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[jessie] - xen <not-affected> (Only affects 4.6)
	[wheezy] - xen <not-affected> (Only affects 4.6)
	[squeeze] - xen <not-affected> (Only affects 4.6)
	NOTE: http://xenbits.xen.org/xsa/advisory-169.html
CVE-2015-8619 (The Human Monitor Interface support in QEMU allows remote attackers to ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-5 (bug #809237)
	[wheezy] - qemu <not-affected> (Issue introduced afer 1.2)
	[squeeze] - qemu <not-affected> (Issue introduced afer 1.2)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Introduced after 1.2)
	NOTE: According maintainer in https://bugs.debian.org/809237#17 introduced after 1.2
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
CVE-2016-1922 (QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit W ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-4 (bug #811201)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
	NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
	NOTE: kvmapic introduced after 1.0.50 (http://git.qemu.org/?p=qemu.git;a=commit;h=e5ad936b0fd7dfd7fd7908be6f9f1ca88f63b96b)
CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0929 (The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0928 (Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF)  ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0927 (Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0926 (Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cl ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0925 (Cross-site scripting (XSS) vulnerability in the Case Management applic ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication
CVE-2016-0924
	REJECTED
CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0 ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of password-aut ...)
	NOT-FOR-US: EMC ViPR SRM
CVE-2016-0921 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0920 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0919 (EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection ver ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x  ...)
	NOT-FOR-US: EMC RSA Identity Governance and Lifecycle
CVE-2016-0917 (The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3 ...)
	NOT-FOR-US: EMC VNX
CVE-2016-0916 (EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0. ...)
	NOT-FOR-US: EMC NetWorker
CVE-2016-0915 (The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime S ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2016-0914 (EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, D ...)
	NOT-FOR-US: EMC Documentum WebTop and WebTop Clients
CVE-2016-0913 (The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotf ...)
	NOT-FOR-US: EMC
CVE-2016-0912 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authen ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0911 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_roo ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0910 (EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 b ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0909 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions  ...)
	NOT-FOR-US: EMC
CVE-2016-0908 (EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows  ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0 ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-0906 (The web-restore interface in Avamar Data Store (ADS) and Avamar Virtua ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0905 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0904 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0903 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0902 (CRLF injection vulnerability in EMC RSA Authentication Manager before  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0901 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Man ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0900 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Man ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated us ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS ...)
	NOT-FOR-US: MySQL for PCF tiles
CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x be ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers ...)
	NOT-FOR-US: EMC
CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authentic ...)
	NOT-FOR-US: EMC
CVE-2016-0893 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authentic ...)
	NOT-FOR-US: EMC
CVE-2016-0892 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Preventi ...)
	NOT-FOR-US: EMC
CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in administ ...)
	NOT-FOR-US: EMC ViPR SRM
CVE-2016-0890 (EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtua ...)
	NOT-FOR-US: EMC
CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appl ...)
	NOT-FOR-US: EMC
CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for configuration obj ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5,  ...)
	NOT-FOR-US: EMC
CVE-2016-0886 (EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0885
	REJECTED
CVE-2016-0884
	REJECTED
CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows  ...)
	NOT-FOR-US: EMC Documentum
CVE-2015-8610
	RESERVED
CVE-2015-8609
	RESERVED
CVE-2015-8608 (The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow rem ...)
	- perl <not-affected> (Only affects Perl on Windows)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126755
CVE-2015-8607 (The canonpath function in the File::Spec module in PathTools before 3. ...)
	{DSA-3441-1}
	- perl 5.22.1-4 (bug #810719)
	[wheezy] - perl <not-affected> (Introduced in 5.20.0)
	[squeeze] - perl <not-affected> (Introduced in 5.20.0)
	- libfile-spec-perl <removed>
	[wheezy] - libfile-spec-perl <not-affected> (Introduced in 3.47)
	[squeeze] - libfile-spec-perl <not-affected> (Introduced in 3.47)
	NOTE: http://perl5.git.perl.org/perl.git/commit/130509aa42a87eef258fab0182ee2c7ad16baa8b
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126862
CVE-2015-8606 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CM ...)
	NOT-FOR-US: SilverStripe
CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 a ...)
	{DSA-3442-1 DLA-385-2 DLA-385-1}
	- isc-dhcp 4.3.3-7 (bug #810875)
	NOTE: https://kb.isc.org/article/AA-01334
CVE-2015-8603 (Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 a ...)
	- serendipity <removed>
CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does  ...)
	NOT-FOR-US: Token Insert Entity module for Drupal
CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not proper ...)
	NOT-FOR-US: Chat Room module for Drupal
CVE-2015-8600 (The SysAdminWebTool servlets in SAP Mobile Platform allow remote attac ...)
	NOT-FOR-US: SAP
CVE-2015-8599
	RESERVED
CVE-2015-8598
	RESERVED
CVE-2015-8597 (Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 an ...)
	NOT-FOR-US: Blue Coat
CVE-2015-8596 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8595 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8594 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8593 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8592 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8612 (The EnableNetwork method in the Network class in plugins/mechanism/Net ...)
	{DSA-3427-1}
	- blueman 2.0.3-1
	[squeeze] - blueman <not-affected> (vulnerable code not present)
	NOTE: https://twitter.com/thegrugq/status/677809527882813440
	NOTE: https://github.com/blueman-project/blueman/commit/a3845bbed5fdddf14daec436b7e74f62719a71c1
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/18/6
CVE-2015-8709 (** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 misha ...)
	- linux 4.3.3-3
	[jessie] - linux 3.16.7-ckt20-1+deb8u2
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/17/12
	NOTE: https://lkml.org/lkml/2015/12/12/259
CVE-2016-0880
	REJECTED
CVE-2016-0879 (Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies ...)
	NOT-FOR-US: Moxa
CVE-2016-0878 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attacke ...)
	NOT-FOR-US: Moxa
CVE-2016-0877 (Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allow ...)
	NOT-FOR-US: Moxa
CVE-2016-0876 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attacke ...)
	NOT-FOR-US: Moxa
CVE-2016-0875 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attacke ...)
	NOT-FOR-US: Moxa
CVE-2016-0874
	RESERVED
CVE-2016-0873
	RESERVED
CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB We ...)
	NOT-FOR-US: Kabona AB WebDatorCentral
CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attacke ...)
	NOT-FOR-US: Eaton Lighting EG2 Web Control
CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote a ...)
	NOT-FOR-US: Trane Tracer
CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows r ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation Allen-Bradley Micro ...)
	NOT-FOR-US: MicroLogix
CVE-2016-0867 (CAREL PlantVisorEnhanced allows remote attackers to bypass intended ac ...)
	NOT-FOR-US: CAREL
CVE-2016-0866 (Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightH ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0865 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0864 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0863 (Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0862 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter device ...)
	NOT-FOR-US: General Electric devices
CVE-2016-0861 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter device ...)
	NOT-FOR-US: General Electric devices
CVE-2016-0860 (Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess befor ...)
	NOT-FOR-US: BwpAlarm
CVE-2016-0859 (Integer overflow in the Kernel service in Advantech WebAccess before 8 ...)
	NOT-FOR-US: Advantech
CVE-2016-0858 (Race condition in Advantech WebAccess before 8.1 allows remote attacke ...)
	NOT-FOR-US: Advantech
CVE-2016-0857 (Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 ...)
	NOT-FOR-US: Advantech
CVE-2016-0856 (Multiple stack-based buffer overflows in Advantech WebAccess before 8. ...)
	NOT-FOR-US: Advantech
CVE-2016-0855 (Directory traversal vulnerability in Advantech WebAccess before 8.1 al ...)
	NOT-FOR-US: Advantech
CVE-2016-0854 (Unrestricted file upload vulnerability in the uploadImageCommon functi ...)
	NOT-FOR-US: Advantech
CVE-2016-0853 (Advantech WebAccess before 8.1 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Advantech
CVE-2016-0852 (Advantech WebAccess before 8.1 allows remote attackers to bypass an in ...)
	NOT-FOR-US: Advantech
CVE-2016-0851 (Advantech WebAccess before 8.1 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Advantech
CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedu ...)
	NOT-FOR-US: Android
CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x  ...)
	NOT-FOR-US: Android
CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1. ...)
	NOT-FOR-US: Android
CVE-2016-0846 (libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-0845
	REJECTED
CVE-2016-0844 (The Qualcomm RF driver in Android 6.x before 2016-04-01 does not prope ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0843 (The Qualcomm ARM processor performance-event manager in Android 4.x be ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0842 (The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 m ...)
	NOT-FOR-US: libstagefright
CVE-2016-0841 (media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0840 (Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0839 (post_proc/volume_listener.c in mediaserver in Android 6.x before 2016- ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0838 (Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0837 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x bef ...)
	NOT-FOR-US: libstagefright
CVE-2016-0836 (Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0835 (decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0834 (An unspecified media codec in mediaserver in Android 6.x before 2016-0 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0833 (Android allows users to cause a denial of service. ...)
	NOT-FOR-US: Android
CVE-2016-0832 (Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01  ...)
	NOT-FOR-US: Android
CVE-2016-0831 (The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoCon ...)
	NOT-FOR-US: Android
CVE-2016-0830 (btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows rem ...)
	NOT-FOR-US: Android
CVE-2016-0829 (The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicB ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0828 (The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicB ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0827 (Multiple integer overflows in libeffects in mediaserver in Android 4.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0826 (libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x befor ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0825 (The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 al ...)
	NOT-FOR-US: Android
CVE-2016-0824 (libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows att ...)
	NOT-FOR-US: libstagefright
CVE-2016-0823 (The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel be ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
	NOTE: Upstream patch: https://git.kernel.org/linus/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce (v4.0-rc5)
	NOTE: https://googleprojectzero.blogspot.cz/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-0 ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.3.1-1
	NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 al ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-0819 (The Qualcomm performance component in Android 4.x before 4.4.4, 5.x be ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0818 (The caching functionality in the TrustManagerImpl class in TrustManage ...)
	NOT-FOR-US: Android
CVE-2016-0817
	RESERVED
CVE-2016-0816 (mediaserver in Android 6.x before 2016-03-01 allows remote attackers t ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0815 (The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libs ...)
	NOT-FOR-US: libstagefright
CVE-2016-0814
	RESERVED
CVE-2016-0813 (packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsCom ...)
	NOT-FOR-US: Android
CVE-2016-0812 (The interceptKeyBeforeDispatching function in policy/src/com/android/i ...)
	NOT-FOR-US: Android
CVE-2016-0811 (Integer overflow in the BnCrypto::onTransact function in media/libmedi ...)
	NOT-FOR-US: Android
CVE-2016-0810 (media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0809 (Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wi ...)
	NOT-FOR-US: Android
CVE-2016-0808 (Integer overflow in the getCoverageFormat12 function in CmapCoverage.c ...)
	NOT-FOR-US: Android
CVE-2016-0807 (The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...)
	- android-platform-system-core 1:7.0.0+r1-1 (unimportant)
	NOTE: debuggerd not included, see bug #858177
CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android drivers
CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android 4 ...)
	NOT-FOR-US: Android drivers
CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in medi ...)
	NOT-FOR-US: Android
CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before  ...)
	NOT-FOR-US: libstagefright
CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android drivers
CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5 ...)
	{DLA-1573-1}
	- firmware-nonfree 20180518-1 (bug #869639)
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before  ...)
	- openssl 1.0.0c-2
	- nss 3.13
	NOTE: openssl 1.0.0c-2 dropped SSLv2 support
	NOTE: NSS disabled SSLv2 by default in 3.13
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: https://www.drownattack.com/
	NOTE: GNUTLS never implemented SSLv2
	NOTE: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
CVE-2016-0799 (The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1. ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
	NOTE: https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
CVE-2016-0798 (Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0 ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 be ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
CVE-2016-0796
	RESERVED
CVE-2016-0795 (LibreOffice before 5.0.5 allows remote attackers to cause a denial of  ...)
	{DSA-3482-1}
	- libreoffice 1:5.0.5~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
CVE-2016-0794 (The lwp filter in LibreOffice before 5.0.4 allows remote attackers to  ...)
	{DSA-3482-1}
	- libreoffice 1:5.0.5~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793 (Incomplete blacklist vulnerability in the servlet filter restriction m ...)
	NOT-FOR-US: WildFly / Red Hat JBoss EAP
CVE-2016-0792 (Multiple unspecified API endpoints in Jenkins before 1.650 and LTS bef ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0791 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0790 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0789 (CRLF injection vulnerability in the CLI command documentation in Jenki ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0788 (The remoting module in Jenkins before 1.650 and LTS before 1.642.2 all ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0787 (The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 im ...)
	{DSA-3487-1 DLA-426-1}
	- libssh2 1.5.0-2.1 (bug #815662)
	NOTE: Upstream fix: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
	NOTE: Upstream patch only fixes DH SHA-256 key exchange type, not DH SHA-1
CVE-2016-0786
	RESERVED
CVE-2016-0785 (Apache Struts 2.x before 2.3.28 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Only 2.0.0 to 2.3.28.1)
	NOTE: http://struts.apache.org/docs/s2-029.html
CVE-2016-0784 (Directory traversal vulnerability in the Import/Export System Backups  ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-0783 (The sendHashByUser function in Apache OpenMeetings before 3.1.1 genera ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-0782 (The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5 ...)
	- activemq 5.13.2+dfsg-1 (unimportant)
	NOTE: Admin console not enabled in the Debian package, see #702670
	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
CVE-2016-0781 (The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-serv ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0780 (It was discovered that cf-release v231 and lower, Pivotal Cloud Foundr ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0779 (The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x be ...)
	NOT-FOR-US: Apache TomEE
CVE-2016-0778 (The (1) roaming_read and (2) roaming_write functions in roaming_common ...)
	{DSA-3446-1 DLA-387-1}
	- openssh 1:7.1p2-1
	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0777 (The resend_bytes function in roaming_common.c in the client in OpenSSH ...)
	{DSA-3446-1 DLA-387-1}
	- openssh 1:7.1p2-1 (bug #810984)
	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0776
	REJECTED
CVE-2016-0775 (Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ...)
	{DSA-3499-1 DLA-422-1}
	- pillow 3.1.1-1 (bug #813909)
	- python-imaging <removed>
	[wheezy] - python-imaging 1.1.7-4+deb7u2
	NOTE: https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec (3.1.1)
CVE-2016-0774 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a ...)
	{DLA-439-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html
	NOTE: The upstream fix for 3.16 was correct, but wheezy had a incomplete backport
CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...)
	{DSA-3476-1 DSA-3475-1 DLA-432-1}
	- postgresql-9.5 9.5.1-1
	- postgresql-9.4 <unfixed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x before  ...)
	{DLA-1663-1 DLA-871-1 DLA-522-1}
	- python3.5 3.5.2~rc1-1
	- python3.4 <removed>
	- python3.2 <removed>
	- python2.7 2.7.12~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
	NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
CVE-2016-0771 (The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9 ...)
	{DSA-3514-1}
	- samba 2:4.3.6+dfsg-1
	[wheezy] - samba <not-affected> (Vulnerable code not present)
	[squeeze] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html
CVE-2016-0770 (Cross-site scripting (XSS) vulnerability in includes/admin/pages/manag ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in the eSho ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0768 (PostgreSQL PL/Java after 9.0 does not honor access controls on large o ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue on undocumented API that got later removed)
CVE-2016-0767 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue)
CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...)
	{DSA-3476-1 DSA-3475-1}
	- postgresql-9.5 9.5.1
	- postgresql-9.4 <unfixed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.ph ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0764 (Race condition in Network Manager before 1.0.12 as packaged in Red Hat ...)
	- network-manager 1.1.91-1 (bug #820354)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	NOTE: Upstream fix: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f (1.2-beta2)
	NOTE: Fixed in 1.0.12 for the 1.0.x branch: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.12
CVE-2016-0763 (The setGlobalContext method in org/apache/naming/factory/ResourceLinkF ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0762 (The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0. ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842662)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/pzuk6hauzljnm4r7?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1758501 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1758502 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758506 (6.0.x)
CVE-2016-0761 (Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runt ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry before  ...)
	NOT-FOR-US: Apache Hive
CVE-2016-0759
	REJECTED
CVE-2016-0758 (Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6  ...)
	- linux 4.5.4-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.10-rc1)
	NOTE: https://lkml.org/lkml/2016/5/12/270
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300257
	NOTE: Fixed by: https://git.kernel.org/linus/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
	NOTE: Introduced by: https://git.kernel.org/linus/42d5ec27f873c654a68f7f865dcd7737513e9508 (v3.10-rc1)
CVE-2016-0757 (OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x bef ...)
	- glance 2:12.0.0-1
	[jessie] - glance <no-dsa> (Minor issue)
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: <=2015.1.2, >=11.0.0 <= 11.0.1
	NOTE: https://bugs.launchpad.net/bugs/1525915
CVE-2016-0756 (The generate_dialback function in the mod_dialback module in Prosody b ...)
	{DSA-3463-1 DLA-407-1}
	- prosody 0.9.10-1
	NOTE: http://blog.prosody.im/prosody-0-9-10-released/
	NOTE: https://prosody.im/security/advisory_20160127/
	NOTE: Upstream fix https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
CVE-2016-0755 (The ConnectionExists function in lib/url.c in libcurl before 7.47.0 do ...)
	{DSA-3455-1}
	- curl 7.47.0-1
	[wheezy] - curl <no-dsa> (Too intrusive to backport)
	NOTE: http://curl.haxx.se/docs/adv_20160127A.html
CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to arbitrary f ...)
	- curl <not-affected> (Windows only)
	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
CVE-2016-0753 (Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2. ...)
	{DSA-3464-1 DLA-642-1 DLA-641-1 DLA-498-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-activerecord-3.2 <removed>
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activesupport-3.2 <removed>
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life>
	- ruby-activemodel-3.2 <removed>
CVE-2016-0752 (Directory traversal vulnerability in Action View in Ruby on Rails befo ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0751 (actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0750 (The hotrod java client in infinispan before 9.1.0.Final automatically  ...)
	NOT-FOR-US: Infinispan
CVE-2016-0749 (The smartcard interaction in SPICE allows remote attackers to cause a  ...)
	{DSA-3596-1}
	- spice 0.12.6-4.1 (bug #826585)
	[wheezy] - spice <not-affected> (Vulnerable code not present. Configured with --disable-smartcard)
CVE-2016-0748
	RESERVED
CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ...)
	{DSA-3473-1}
	- nginx 1.9.10-1 (bug #812806)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f (release-1.9.10)
	NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 (release-1.9.10)
CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1 ...)
	{DSA-3473-1}
	- nginx 1.9.10-1 (bug #812806)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 (release-1.9.10)
	NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f (release-1.9.10)
CVE-2016-0745
	RESERVED
CVE-2016-0744
	RESERVED
CVE-2016-0743
	RESERVED
CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...)
	{DSA-3473-1 DLA-404-1}
	- nginx 1.9.10-1 (bug #812806)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 (release-1.9.10)
CVE-2016-0741 (slapd/connection.c in 389 Directory Server (formerly Fedora Directory  ...)
	- 389-ds-base 1.3.4.8-1
	[jessie] - 389-ds-base <not-affected> (Only affects 1.3.4 and up)
	NOTE: https://fedorahosted.org/389/ticket/48412
CVE-2016-0740 (Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ...)
	{DSA-3499-1}
	- pillow 3.1.1-1 (bug #813905)
	- python-imaging <not-affected> (Vulnerable code introduce in 2.0.0)
	NOTE: Issue when linked against libtiff >= 4.0.0
	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)
CVE-2016-0739 (libssh before 0.7.3 improperly truncates ephemeral secrets generated f ...)
	{DSA-3488-1 DLA-425-1}
	- libssh 0.6.3-4.3 (bug #815663)
	NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
	- swift 2.5.0-3 (bug #812984)
	[jessie] - swift <not-affected> (Vulnerable code not present)
	[wheezy] - swift <not-affected> (Vulnerable code not present)
	NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly close  ...)
	- swift 2.4.0-1
	[jessie] - swift <not-affected> (Vulnerable code not present)
	[wheezy] - swift <not-affected> (Vulnerable code not present)
	NOTE: Swift: >=2.2.1 <= 2.3.0
CVE-2016-0736 (In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...)
	{DSA-3796-1}
	- apache2 2.4.25-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: Fixed by: https://svn.apache.org/r1772812
	NOTE: Affects: 2.4.1 to 2.4.23
	NOTE: Fixed in 2.4.25
CVE-2016-0735 (Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to  ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-0734 (The web-based administration console in Apache ActiveMQ 5.x before 5.1 ...)
	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
CVE-2016-0733 (The Admin UI in Apache Ranger before 0.5.1 does not properly handle au ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-0732 (The identity zones feature in Pivotal Cloud Foundry 208 through 229; U ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0731 (The File Browser View in Apache Ambari before 2.2.1 allows remote auth ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-0730
	REJECTED
CVE-2016-0729 (Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLU ...)
	{DSA-3493-1 DLA-433-1}
	- xerces-c 3.1.3+debian-1 (bug #815907)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1727978
CVE-2016-0728 (The join_session_keyring function in security/keys/process_keys.c in t ...)
	{DSA-3448-1}
	- linux 4.3.3-6
	[wheezy] - linux <not-affected> (Introduced in v3.8-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.8-rc1)
	NOTE: Upstream commit: https://git.kernel.org/linus/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
	NOTE: Introduced in https://git.kernel.org/linus/3a50597de8635cd05133bd12c95681c82fe7b878 (v3.8-rc1)
	NOTE: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
CVE-2016-0727 (The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3. ...)
	- ntp 1:4.2.8p9+dfsg-2 (low; bug #839998)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050
	NOTE: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
	NOTE: Originally addressed in 1:4.2.8p8+dfsg-1.1, then refixed in 1:4.2.8p9+dfsg-2
CVE-2016-0726 (The Fedora Nagios package uses "nagiosadmin" as the default password f ...)
	- nagios3 <not-affected> (Specific to Fedora installation)
CVE-2016-0725 (Cross-site scripting (XSS) vulnerability in the search_pagination func ...)
	- moodle <not-affected> (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 2.8 to 2.8.9)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552
CVE-2016-0724 (The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get ...)
	- moodle 2.7.12+dfsg-1 (bug #811344)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072
CVE-2016-0723 (Race condition in the tty_ioctl function in drivers/tty/tty_io.c in th ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.3-6
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html
	NOTE: https://git.kernel.org/linus/5c17c861a357e9458001f021a7afa7aab9937439 (v4.5-rc2)
CVE-2016-0722
	REJECTED
CVE-2016-0721 (Session fixation vulnerability in pcsd in pcs before 0.9.157. ...)
	- pcs 0.9.149-1
	NOTE: https://github.com/feist/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 (0.9.149)
CVE-2016-0720 (Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs  ...)
	- pcs 0.9.149-1
	NOTE: https://github.com/feist/pcs/commit/3360ecd318f7631bf5826d99a20bf4b29d86dc9c (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149)
CVE-2016-0719
	REJECTED
CVE-2016-0718 (Expat allows context-dependent attackers to cause a denial of service  ...)
	{DSA-3582-1 DLA-483-1}
	- expat 2.1.1-2
	- firefox 48.0-1 (unimportant)
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
	NOTE: Firefox links dynamically against expat
CVE-2016-0717
	REJECTED
CVE-2016-0716
	REJECTED
CVE-2016-0715 (Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5 ...)
	NOT-FOR-US: Pivotal Cloud Foundry Elastic Runtime
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before 6.0 ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0713 (Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0712 (Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3 ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0711 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0710 (Multiple SQL injection vulnerabilities in the User Manager service in  ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0709 (Directory traversal vulnerability in the Import/Export function in the ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0708 (Applications deployed to Cloud Foundry, versions v166 through v227, ma ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0707 (The agent in Apache Ambari before 2.1.2 uses weak permissions for the  ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0705 (Double free vulnerability in the dsa_priv_decode function in crypto/ds ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0704 (An oracle protection mechanism in the get_client_master_key function i ...)
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0703 (The get_client_master_key function in s2_srvr.c in the SSLv2 implement ...)
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0702 (The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in O ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: https://cachebleed.info
CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 ...)
	- openssl 1.0.2f-2
	[jessie] - openssl <not-affected> (Only affects 1.0.2)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2)
	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
CVE-2015-8591
	REJECTED
CVE-2015-8590
	REJECTED
CVE-2015-8589
	REJECTED
CVE-2015-8588
	REJECTED
CVE-2015-8587
	REJECTED
CVE-2015-8586
	REJECTED
CVE-2015-8585
	REJECTED
CVE-2015-8584
	REJECTED
CVE-2015-8583
	REJECTED
CVE-2015-8582
	REJECTED
CVE-2015-8581
	REJECTED
CVE-2015-8580 (Multiple use-after-free vulnerabilities in the (1) Print method and (2 ...)
	NOT-FOR-US: Foxit
CVE-2015-8579 (Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, W ...)
	NOT-FOR-US: Kaspersky
CVE-2015-8578 (AVG Internet Security 2015 allocates memory with Read, Write, Execute  ...)
	NOT-FOR-US: AVG
CVE-2015-8577 (The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enter ...)
	NOT-FOR-US: McAfee
CVE-2015-8576
	REJECTED
CVE-2015-8574
	REJECTED
CVE-2015-8573
	REJECTED
CVE-2015-XXXX [XSA-166: ioreq handling possibly susceptible to multiple read issue]
	- xen 4.8.0~rc3-1
	[jessie] - xen 4.4.1-9+deb8u4
	[wheezy] - xen 4.1.6.lts1-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-166.html
CVE-2015-8572 (Multiple buffer overflows in Autodesk Design Review (ADR) before 2013  ...)
	NOT-FOR-US: Autodesk
CVE-2015-8571 (Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2  ...)
	NOT-FOR-US: Autodesk
CVE-2015-8570 (The password reset functionality in Lepide Active Directory Self Servi ...)
	NOT-FOR-US: Lepide
CVE-2015-8575 (The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel  ...)
	{DSA-3434-1 DLA-378-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4 (v4.4-rc6)
CVE-2015-8566 (The Session package 1.x before 1.3.1 for Joomla! Framework allows remo ...)
	NOT-FOR-US: Session package for Joomla
CVE-2015-8565 (Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3 ...)
	NOT-FOR-US: Joomla!
CVE-2015-8564 (Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows ...)
	NOT-FOR-US: Joomla!
CVE-2015-8563 (Cross-site request forgery (CSRF) vulnerability in the com_templates c ...)
	NOT-FOR-US: Joomla!
CVE-2015-8562 (Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to con ...)
	NOT-FOR-US: Joomla!
CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric Pr ...)
	NOT-FOR-US: F1BookView
CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU  ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-165.html
CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using th ...)
	{DLA-479-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-164.html
CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from uniniti ...)
	{DSA-4497-1}
	- linux 4.19.37-1
	[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
	[wheezy] - linux <ignored> (Intrusive; breaks qemu as used in Wheezy; cf. kernel-sec for more details)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	NOTE: CVE for the incomplete patches from XSA-120 and supplied in
	NOTE: XSA-120 v5+ addendum patch.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1289128#c2
	NOTE: http://xenbits.xen.org/xsa/advisory-120.html
	NOTE: Patch is discussed in http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441
	NOTE: and http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088
	NOTE: https://git.kernel.org/linus/7681f31ec9cdacab4fd10570be924f2cef6669ba
CVE-2015-8552 (The PCI backend driver in Xen, when running on an x86 system and using ...)
	{DSA-3434-1}
	[experimental] - linux 4.4~rc6-1~exp1
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-157.html
	NOTE: https://git.kernel.org/linus/56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d
	NOTE: https://git.kernel.org/linus/5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9
	NOTE: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
	NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
	NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
CVE-2015-8551 (The PCI backend driver in Xen, when running on an x86 system and using ...)
	{DSA-3434-1}
	[experimental] - linux 4.4~rc6-1~exp1
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-157.html
	NOTE: https://git.kernel.org/linus/56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d
	NOTE: https://git.kernel.org/linus/5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9
	NOTE: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
	NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
	NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
CVE-2015-8550 (Xen, when used on a system providing PV backends, allows local guest O ...)
	{DSA-3519-1 DSA-3471-1 DSA-3434-1 DLA-479-1}
	[experimental] - linux 4.4~rc6-1~exp1
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	- qemu 1:2.5+dfsg-2 (bug #809229)
	[wheezy] - qemu <not-affected> (vulnerable code not present)
	[squeeze] - qemu <not-affected> (vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
	[squeeze] - qemu-kvm <not-affected> (vulnerable code not present)
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-155.html
	NOTE: https://git.kernel.org/linus/454d5d882c7e412b840e3c99010fe81a9862f6fb
	NOTE: https://git.kernel.org/linus/0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357
	NOTE: https://git.kernel.org/linus/68a33bfd8403e4e22847165d149823a2e0e67c9c
	NOTE: https://git.kernel.org/linus/1f13d75ccb806260079e0679d55d9253e370ec8a
	NOTE: https://git.kernel.org/linus/18779149101c0dd43ded43669ae2a92d21b6f9cb
	NOTE: https://git.kernel.org/linus/be69746ec12f35b484707da505c6c76ff06f97dc
	NOTE: https://git.kernel.org/linus/8135cf8b092723dbfcc611fe6fdcb3a36c9951c5
CVE-2015-8549 (XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows r ...)
	- pyamf <removed>
CVE-2015-8569 (The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pp ...)
	{DSA-3434-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/7
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)
	NOTE: pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)
	NOTE: https://lkml.org/lkml/2015/12/14/252
CVE-2015-8568 (Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC  ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-3 (bug #808145)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause  ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-3 (bug #808145)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem private RS ...)
	- chef <unfixed> (low; bug #809670)
	[buster] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	[stretch] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	[jessie] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	[wheezy] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	NOTE: https://github.com/chef/chef/issues/3871
	NOTE: https://github.com/chef/chef/pull/8885
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
	NOTE: Workaround: use validatorless bootstrapping
CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows loca ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #808144)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in Py ...)
	{DSA-3445-1 DLA-369-1}
	- pygments 2.0.1+dfsg-2 (bug #802828)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321
	NOTE: https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/6
CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8546 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2015-8545
	RESERVED
CVE-2015-8544 (NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1 ...)
	NOT-FOR-US: NetApp
CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The " ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-8556 (Local privilege escalation vulnerability in the Gentoo QEMU package be ...)
	- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kern ...)
	{DSA-3503-1 DLA-412-1}
	- linux 4.3.5-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
	NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1290642
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
CVE-2015-XXXX [remotely triggerable crash]
	- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
	[jessie] - ruby-eventmachine 1.0.3-6+deb8u1
	[wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
	NOTE: Workaround entry for DLA-549-1 until CVE assigned
	NOTE: https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-f ...)
	{DSA-3429-1 DSA-3419-1 DLA-371-1}
	- cups-filters 1.4.0-1 (bug #807930)
	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
	- foomatic-filters 4.0.17-7 (bug #807993)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...)
	{DLA-489-1}
	- ruby-mail 2.6.1+dfsg1-1
	NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
	NOTE: Fixed in 2.6.0
	NOTE: "Note that, this patch might not be complete ..." https://bugzilla.redhat.com/show_bug.cgi?id=1293598
CVE-2015-8547 (The CoreUserInputHandler::doMode function in core/coreuserinputhandler ...)
	- quassel 1:0.12.2-3 (bug #807801)
	[jessie] - quassel 1:0.10.0-2.3+deb8u2
	[wheezy] - quassel <not-affected> (Vulnerable code not present)
	[squeeze] - quassel <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
	NOTE: Support for oping a whole channel with /op * was only added in
	NOTE: https://github.com/quassel/quassel/commit/7ecbc1bf921880f7b03af779de7d9611853a0d46 (0.10-beta1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/12/1
CVE-2015-8541
	RESERVED
CVE-2016-0700 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0699 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0698 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0697 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Jav ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0694 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0693 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows rem ...)
	NOT-FOR-US: Solaris
CVE-2016-0692 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0691 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-0690 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-0689 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and  ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and  ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0685 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0684 (Unspecified vulnerability in the Oracle Retail MICROS ARS POS componen ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-0683 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0682 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0681 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2016-0680 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: Oracle
CVE-2016-0679 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0678 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.0.18-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-0677 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-0676 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2016-0675 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0674 (Unspecified vulnerability in the Siebel Core - Common Components compo ...)
	NOT-FOR-US: Siebel
CVE-2016-0673 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Siebel
CVE-2016-0672 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0671 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-0670
	REJECTED
CVE-2016-0669 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-0668 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.1 ...)
	{DSA-3595-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0667 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0666 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0665 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0664
	REJECTED
CVE-2016-0663 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0662 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0661 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0660
	REJECTED
CVE-2016-0659 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0658 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0657 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0656 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0655 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.1 ...)
	{DSA-3595-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0654 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0653 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0652 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0651 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.47-0+deb8u1
	[wheezy] - mysql-5.5 5.5.47-0+deb7u1
	- mariadb-10.0 10.0.23-1
	[jessie] - mariadb-10.0 10.0.23-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0650 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0649 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0648 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0647 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0645
	REJECTED
CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0643 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0642 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.23-1
	[jessie] - mariadb-10.0 10.0.23-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0641 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0640 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0639 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0638 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0637
	REJECTED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allow ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u77-b03-1
	[experimental] - openjdk-7 7u95-2.6.4-3
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
	NOTE: http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
	NOTE: https://blogs.oracle.com/security/entry/security_alert_cve_2016_0636
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c44179bce874
CVE-2016-0635 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-0634 (The expansion of '\h' in the prompt string in bash 4.3 allows remote a ...)
	- bash 4.4-1 (unimportant)
	[jessie] - bash 4.3-11+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
	NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
	NOTE: Fixed bin Bash upstream bash-4.4
	NOTE: This doesn't cross any reasonable security boundaries, an attacker with the
	NOTE: ability to modify the hostname in an arbitrary manner is in the position to
	NOTE: exploit various other system components anyway
	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047
CVE-2016-0633
	REJECTED
CVE-2016-0632
	REJECTED
CVE-2016-0631
	REJECTED
CVE-2016-0630
	REJECTED
CVE-2016-0629
	REJECTED
CVE-2016-0628
	REJECTED
CVE-2016-0627
	REJECTED
CVE-2016-0626
	REJECTED
CVE-2016-0625
	REJECTED
CVE-2016-0624
	REJECTED
CVE-2016-0623 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2016-0622
	REJECTED
CVE-2016-0621
	REJECTED
CVE-2016-0620
	REJECTED
CVE-2016-0619
	REJECTED
CVE-2016-0618 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2016-0617 (Unspecified vulnerability in the kernel-uek component in Oracle Linux  ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/1bfad99ab42569807d0ca1698449cae5e8c0334a (v4.3-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/9aacdd354d197ad64685941b36d28ea20ab88757 (v4.5-rc1)
CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and Maria ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0615
	REJECTED
CVE-2016-0614 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0613
	REJECTED
CVE-2016-0612
	REJECTED
CVE-2016-0611 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0610 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and Maria ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0609 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0608 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0607 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0606 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0605 (Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows re ...)
	- mysql-5.6 5.6.27-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0604
	REJECTED
CVE-2016-0603 (Unspecified vulnerability in the Java SE component in Oracle Java SE 6 ...)
	- openjdk-8 <not-affected> (Java on Windows)
	- openjdk-7 <not-affected> (Java on Windows)
	- openjdk-6 <not-affected> (Java on Windows)
CVE-2016-0602 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox <not-affected> (VirtualBox Windows Installer component)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0601 (Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenti ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0600 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0599 (Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenti ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0598 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0597 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0596 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.2 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0595 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows re ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0594 (Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows re ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0593
	REJECTED
CVE-2016-0592 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3454-1}
	- virtualbox 5.0.14-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0591 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing  ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-0590 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Order Manag ...)
	NOT-FOR-US: Oracle
CVE-2016-0589 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0588 (Unspecified vulnerability in the Oracle General Ledger component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-0587 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-0586 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0585 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0584 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0583 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0582 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0581 (Unspecified vulnerability in the Oracle Approvals Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-0580 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-0579 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0578 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0577 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0576 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0575 (Unspecified vulnerability in the Oracle Learning Management component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0574 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0573 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0572 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0571 (Unspecified vulnerability in the Oracle Balanced Scorecard component i ...)
	NOT-FOR-US: Oracle
CVE-2016-0570 (Unspecified vulnerability in the Oracle HCM Configuration Workbench co ...)
	NOT-FOR-US: Oracle
CVE-2016-0569 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0568 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0567 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0566 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0565 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0564 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0563 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0562 (Unspecified vulnerability in the Oracle Common Applications component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0561 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0560 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0559 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0558 (Unspecified vulnerability in the Oracle Service Contracts component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0557 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-0556 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-0555 (Unspecified vulnerability in the Oracle CADView-3D component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0554 (Unspecified vulnerability in the Oracle Interaction Center Intelligenc ...)
	NOT-FOR-US: Oracle
CVE-2016-0553 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0552 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0551 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0550 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0549 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0548 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0547 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0546 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0545 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0544 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0543 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0542 (Unspecified vulnerability in the Oracle Field Service component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2016-0541 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0540 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0539 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-0538 (Unspecified vulnerability in the Oracle Financial Consolidation Hub co ...)
	NOT-FOR-US: Oracle
CVE-2016-0537 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0536 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0535 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...)
	NOT-FOR-US: Oracle
CVE-2016-0534 (Unspecified vulnerability in the Oracle Project Contracts component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0533 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0532 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0531 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2016-0530 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0529 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0528 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0527 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0526 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0525 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0524 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0523 (Unspecified vulnerability in the Oracle Interaction Blending component ...)
	NOT-FOR-US: Oracle
CVE-2016-0522 (Unspecified vulnerability in the Oracle Retail Open Commerce Platform  ...)
	NOT-FOR-US: Oracle
CVE-2016-0521 (Unspecified vulnerability in the Oracle iProcurement component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0520 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0519 (Unspecified vulnerability in the Oracle iReceivables component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0518 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0517 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0516 (Unspecified vulnerability in the Oracle Quality component in Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2016-0515 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0514 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0513 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0512 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0511 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0510 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0509 (Unspecified vulnerability in the Oracle Internet Expenses component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0508 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0507 (Unspecified vulnerability in the Oracle iReceivables component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0506 (Unspecified vulnerability in the Oracle Retail Order Management System ...)
	NOT-FOR-US: Oracle
CVE-2016-0505 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0504 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0503 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0502 (Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.1 ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 5.5.33+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before the initial release in Debian, 10.0.4)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0501 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0500 (Unspecified vulnerability in the Oracle Retail Order Broker Cloud Serv ...)
	NOT-FOR-US: Oracle
CVE-2016-0499 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2016-0498 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-0497 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-0496 (Unspecified vulnerability in the MICROS CWDirect component in Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2016-0495 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3454-1}
	- virtualbox 5.0.14-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	{DSA-3725-1 DSA-3465-1 DSA-3458-1 DLA-545-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
	NOTE: Upstream commit for OpenJDK: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
	- icu 57.1-4
	NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
	NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
	NOTE: the CVE-2015-4844 fix. To avoid confusion with the DSA text in DSA-3725-1
	NOTE: threat this CVE separately as affected src:icu despite beeing for the
	NOTE: incomplete fix for CVE-2015-4844
CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0491 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0490 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0489 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0488 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0487 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0486 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0485 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0484 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0483 (Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Jav ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299441#c2
CVE-2016-0482 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0481 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0480 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0479 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-0478 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0477 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0476 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0475 (Unspecified vulnerability in the Java SE, Java SE Embedded, and JRocki ...)
	- openjdk-8 8u72-b15-1
CVE-2016-0474 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0473 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0472 (Unspecified vulnerability in the XDB - XML Database component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-0471 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0470 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0469 (Unspecified vulnerability in the Oracle Retail MICROS C2 component in  ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-0468 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-0467 (Unspecified vulnerability in the Security component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and JRocki ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299385#c4
CVE-2016-0465 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-0464 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0463 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0462 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0461 (Unspecified vulnerability in the XDB - XML Database component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-0460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0459 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2016-0458 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0457 (Unspecified vulnerability in the Application Mgmt Pack for E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2016-0456 (Unspecified vulnerability in the Application Mgmt Pack for E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2016-0455 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0454 (Unspecified vulnerability in the Oracle Mobile Application Servlet com ...)
	NOT-FOR-US: Oracle
CVE-2016-0453 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-0452 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0451 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0450 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0449 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0448 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299385#c4
CVE-2016-0447 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0446 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0445 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0444 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0443 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0442 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0441 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-0440 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle
CVE-2016-0439 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2016-0438 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0437 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0436 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0435 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0434 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0433 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2016-0432 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0431 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0430 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2016-0429 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0428 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0427 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0426 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0425 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0424 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0423 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0422 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0421 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0420 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0419 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0418 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0417 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-0416 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle
CVE-2016-0415 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0413 (Unspecified vulnerability in the Oracle Identity Federation component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0412 (Unspecified vulnerability in the PeopleSoft Enterprise SCM eProcuremen ...)
	NOT-FOR-US: Oracle
CVE-2016-0411 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0410
	REJECTED
CVE-2016-0409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payr ...)
	NOT-FOR-US: Oracle
CVE-2016-0408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0407 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle
	NOT-FOR-US: PeopleSoft
CVE-2016-0406 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0405 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-0404 (Unspecified vulnerability in the Oracle Identity Federation component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0403 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle
CVE-2016-0402 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298957#c2
CVE-2016-0401 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-8536 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-8535 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-8534 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-8540 (Integer underflow in the png_check_keyword function in pngwutil.c in l ...)
	{DSA-3443-1 DLA-375-1}
	- libpng <removed> (bug #807694)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/10/6
	NOTE: https://sourceforge.net/p/libpng/bugs/244/
	NOTE: http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
	NOTE: Fixed in 1.0.66, 1.2.56, 1.4.19, and 1.5.26
CVE-2015-8543 (The networking implementation in the Linux kernel through 4.3.3, as us ...)
	{DLA-378-1}
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt20-1+deb8u1
	[wheezy] - linux 3.2.73-2+deb7u2
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/3
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 (v4.4-rc6)
CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local users t ...)
	- linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd (v4.4-rc3)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (v4.4-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284450
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/1
CVE-2016-0400 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 befo ...)
	NOT-FOR-US: IBM
CVE-2016-0399 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2016-0398 (IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers t ...)
	NOT-FOR-US: IBM
CVE-2016-0397 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9 ...)
	NOT-FOR-US: IBM
CVE-2016-0396 (IBM Tivoli Endpoint Manager could allow a user under special circumsta ...)
	NOT-FOR-US: IBM
CVE-2016-0395
	RESERVED
CVE-2016-0394 (IBM Integration Bus and WebSphere Message broker sets incorrect permis ...)
	NOT-FOR-US: IBM
CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7. ...)
	NOT-FOR-US: IBM
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 t ...)
	NOT-FOR-US: IBM
CVE-2016-0391 (The IBM Watson Developer Cloud services on Bluemix platforms do not pr ...)
	NOT-FOR-US: IBM
CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One  ...)
	NOT-FOR-US: IBM
CVE-2016-0389 (Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through ...)
	NOT-FOR-US: IBM
CVE-2016-0388
	RESERVED
CVE-2016-0387 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Pl ...)
	NOT-FOR-US: IBM
CVE-2016-0386 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Applica ...)
	NOT-FOR-US: IBM
CVE-2016-0385 (Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7 ...)
	NOT-FOR-US: IBM
CVE-2016-0384
	RESERVED
CVE-2016-0383
	RESERVED
CVE-2016-0382 (The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes s ...)
	NOT-FOR-US: IBM
CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGr ...)
	NOT-FOR-US: IBM
CVE-2016-0380 (IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and  ...)
	NOT-FOR-US: IBM
CVE-2016-0379 (IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles  ...)
	NOT-FOR-US: IBM
CVE-2016-0378 (IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when t ...)
	NOT-FOR-US: IBM
CVE-2016-0377 (The Administrative Console in IBM WebSphere Application Server (WAS) 7 ...)
	NOT-FOR-US: IBM
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Techn ...)
	NOT-FOR-US: IBM
CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1. ...)
	NOT-FOR-US: IBM
CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2 ...)
	NOT-FOR-US: IBM
CVE-2016-0373 (IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated  ...)
	NOT-FOR-US: IBM
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8,  ...)
	NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in plain te ...)
	NOT-FOR-US: IBM
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience Build ...)
	NOT-FOR-US: IBM
CVE-2016-0369 (XML external entity (XXE) vulnerability in IBM Forms Experience Builde ...)
	NOT-FOR-US: IBM Forms Experience Builder
CVE-2016-0368
	RESERVED
CVE-2016-0367 (IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-I ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0366 (IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-I ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0363 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technolog ...)
	NOT-FOR-US: IBM JDK
CVE-2016-0362 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM
CVE-2016-0361 (IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2016-0360 (IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides cla ...)
	NOT-FOR-US: IBM
CVE-2016-0359 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM
CVE-2016-0358 (IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated u ...)
	NOT-FOR-US: IBM
CVE-2016-0357 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0356 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2016-0355 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2016-0354 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Vi ...)
	NOT-FOR-US: IBM
CVE-2016-0352
	RESERVED
CVE-2016-0351 (IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-I ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder and Dat ...)
	NOT-FOR-US: IBM
CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8. ...)
	NOT-FOR-US: IBM
CVE-2016-0348 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Applica ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0347
	RESERVED
CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...)
	NOT-FOR-US: IBM
CVE-2016-0345 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0344 (Cross-site scripting (XSS) vulnerability in the My Reports component i ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0343 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0342 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B A ...)
	NOT-FOR-US: IBM
CVE-2016-0340 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0339 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0337
	RESERVED
CVE-2016-0336 (Cross-site scripting (XSS) vulnerability in IBM Security Identity Mana ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0335 (Cross-site request forgery (CSRF) vulnerability in IBM Security Identi ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0334
	RESERVED
CVE-2016-0333
	RESERVED
CVE-2016-0332 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM
CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0329 (Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 1 ...)
	NOT-FOR-US: IBM
CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0327 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycl ...)
	NOT-FOR-US: IBM
CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8,  ...)
	NOT-FOR-US: IBM
CVE-2016-0324 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-2 ...)
	NOT-FOR-US: IBM
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 throug ...)
	NOT-FOR-US: IBM
CVE-2016-0321 (IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x bef ...)
	NOT-FOR-US: IBM
CVE-2016-0320 (IBM UrbanCode Deploy could allow an authenticated user to modify Ucd o ...)
	NOT-FOR-US: IBM
CVE-2016-0319 (The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting S ...)
	NOT-FOR-US: IBM
CVE-2016-0318 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0317 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0316 (Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQ ...)
	NOT-FOR-US: IBM
CVE-2016-0315 (The Report Builder and Data Collection Component (DCC) in IBM Jazz Rep ...)
	NOT-FOR-US: IBM
CVE-2016-0314 (The Report Builder and Data Collection Component (DCC) in IBM Jazz Rep ...)
	NOT-FOR-US: IBM
CVE-2016-0313 (Cross-site scripting (XSS) vulnerability in the Report Builder and Dat ...)
	NOT-FOR-US: IBM
CVE-2016-0312 (IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers  ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0311 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Servic ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2016-0310 (IBM Connections 5.5 and earlier is vulnerable to possible host header  ...)
	NOT-FOR-US: IBM
CVE-2016-0309
	RESERVED
CVE-2016-0308 (IBM Connections 5.5 and earlier is vulnerable to possible link manipul ...)
	NOT-FOR-US: IBM
CVE-2016-0307 (IBM Connections 5.5 and earlier allows remote attackers to obtain sens ...)
	NOT-FOR-US: IBM
CVE-2016-0306 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-0305 (IBM Connections is vulnerable to cross-site scripting, caused by impro ...)
	NOT-FOR-US: IBM
CVE-2016-0304 (The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x bef ...)
	NOT-FOR-US: IBM
CVE-2016-0303 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Port ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2016-0302
	RESERVED
CVE-2016-0301 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0300 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0299 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM
CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium Database Ac ...)
	NOT-FOR-US: IBM
CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could all ...)
	NOT-FOR-US: IBM
CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores po ...)
	NOT-FOR-US: IBM
CVE-2016-0295 (Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Plat ...)
	NOT-FOR-US: IBM
CVE-2016-0294
	RESERVED
CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (forme ...)
	NOT-FOR-US: IBM
CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9 ...)
	NOT-FOR-US: IBM
CVE-2016-0291 (IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow  ...)
	NOT-FOR-US: IBM
CVE-2016-0290
	RESERVED
CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset Management  ...)
	NOT-FOR-US: IBM
CVE-2016-0288 (IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and ...)
	NOT-FOR-US: IBM
CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover registry pa ...)
	NOT-FOR-US: IBM
CVE-2016-0286 (IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004  ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle Management 3.0. ...)
	NOT-FOR-US: IBM
CVE-2016-0283 (Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC)  ...)
	NOT-FOR-US: IBM
CVE-2016-0282 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP ...)
	NOT-FOR-US: IBM
CVE-2016-0281 (The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x,  ...)
	NOT-FOR-US: IBM
CVE-2016-0280 (Cross-site scripting (XSS) vulnerability in IBM Information Server Fra ...)
	NOT-FOR-US: IBM
CVE-2016-0279 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0276 (IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Pla ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0275 (IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Pla ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0274 (IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Pla ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0272 (Cross-site request forgery (CSRF) vulnerability in IBM Financial Trans ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6 ...)
	NOT-FOR-US: IBM
CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Int ...)
	NOT-FOR-US: IBM
CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x be ...)
	NOT-FOR-US: IBM
CVE-2016-0268 (XML external entity (XXE) vulnerability in IBM Financial Transaction M ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the la ...)
	NOT-FOR-US: IBM
CVE-2016-0265 (IBM Campaign is vulnerable to cross-site scripting, caused by improper ...)
	NOT-FOR-US: IBM
CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Tec ...)
	NOT-FOR-US: IBM JDK
CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and Gener ...)
	NOT-FOR-US: IBM
CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2016-0261 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM
CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to b ...)
	NOT-FOR-US: IBM
CVE-2016-0258
	RESERVED
CVE-2016-0257
	RESERVED
CVE-2016-0256
	RESERVED
CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a deni ...)
	NOT-FOR-US: IBM
CVE-2016-0253 (Cross-site scripting (XSS) vulnerability in IBM Financial Transaction  ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Cent ...)
	NOT-FOR-US: IBM
CVE-2016-0251
	RESERVED
CVE-2016-0250 (XML external entity (XXE) vulnerability in IBM InfoSphere Information  ...)
	NOT-FOR-US: IBM
CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database Activity ...)
	NOT-FOR-US: IBM
CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man- ...)
	NOT-FOR-US: IBM
CVE-2016-0247 (IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, an ...)
	NOT-FOR-US: IBM
CVE-2016-0246 (Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2  ...)
	NOT-FOR-US: IBM
CVE-2016-0245 (The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8 ...)
	NOT-FOR-US: IBM
CVE-2016-0244 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0243 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0242 (IBM Security Guardium 10.x through 10.1 before p100 allows remote auth ...)
	NOT-FOR-US: IBM
CVE-2016-0241 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0240 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5 before ...)
	NOT-FOR-US: IBM
CVE-2016-0238 (IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitiv ...)
	NOT-FOR-US: IBM
CVE-2016-0237 (IBM Security Guardium Database Activity Monitor 10 allows local users  ...)
	NOT-FOR-US: IBM
CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local users  ...)
	NOT-FOR-US: IBM
CVE-2016-0234 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user  ...)
	NOT-FOR-US: IBM
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, an ...)
	NOT-FOR-US: IBM
CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check Servic ...)
	NOT-FOR-US: IBM
CVE-2016-0231 (IBM Financial Transaction Manager (FTM) for ACH Services, Check Servic ...)
	NOT-FOR-US: IBM
CVE-2016-0230 (IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 ...)
	NOT-FOR-US: IBM
CVE-2016-0229 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6 ...)
	NOT-FOR-US: IBM
CVE-2016-0228 (IBM Marketing Platform 10.0 could allow a remote attacker to conduct p ...)
	NOT-FOR-US: IBM
CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list control  ...)
	NOT-FOR-US: IBM
CVE-2016-0226 (The client implementation in IBM Informix Dynamic Server 11.70.xCn on  ...)
	NOT-FOR-US: IBM
CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 al ...)
	NOT-FOR-US: IBM
CVE-2016-0224 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, an ...)
	NOT-FOR-US: IBM
CVE-2016-0223 (Cross-site scripting (XSS) vulnerability in the Webform Framework API  ...)
	NOT-FOR-US: IBM Forms Server
CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote a ...)
	NOT-FOR-US: IBM
CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in ...)
	NOT-FOR-US: IBM
CVE-2016-0220
	RESERVED
CVE-2016-0219 (XML external entity (XXE) vulnerability in IBM Rational Team Concert 3 ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2016-0218 (IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerab ...)
	NOT-FOR-US: IBM
CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerab ...)
	NOT-FOR-US: IBM
CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0215 (IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, S ...)
	NOT-FOR-US: IBM DB2
CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to upload ar ...)
	NOT-FOR-US: IBM
CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0211 (IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7  ...)
	NOT-FOR-US: IBM
CVE-2016-0210 (IBM Sterling B2B Integrator Standard Edition could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 a ...)
	NOT-FOR-US: IBM Algorithmics One-Algo Risk Application
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to c ...)
	NOT-FOR-US: IBM
CVE-2016-0205 (A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3 ...)
	NOT-FOR-US: IBM
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4 ...)
	NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud Orchestrator task ...)
	NOT-FOR-US: IBM
CVE-2016-0202 (A vulnerability has been identified in tasks, backend object generated ...)
	NOT-FOR-US: IBM
CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3. ...)
	NOT-FOR-US: IBM
CVE-2015-8538 (dwarf_leb.c in libdwarf allows attackers to cause a denial of service  ...)
	{DLA-669-1}
	- dwarfutils 20160507-1 (bug #807817)
	[jessie] - dwarfutils 20120410-2+deb8u1
	[squeeze] - dwarfutils <not-affected> (No segfault with provided test case)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2
	NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/
CVE-2015-8533
	REJECTED
CVE-2015-8532
	REJECTED
CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access Manage ...)
	NOT-FOR-US: IBM
CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an ActiveX c ...)
	NOT-FOR-US: IBM
CVE-2015-8529
	RESERVED
CVE-2015-8528
	REJECTED
CVE-2015-8527
	REJECTED
CVE-2015-8526
	REJECTED
CVE-2015-8525
	REJECTED
CVE-2015-8524 (Cross-site scripting (XSS) vulnerability in Process Portal in IBM Busi ...)
	NOT-FOR-US: IBM
CVE-2015-8523 (The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before ...)
	NOT-FOR-US: IBM
CVE-2015-8522 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5 ...)
	NOT-FOR-US: IBM
CVE-2015-8521 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5 ...)
	NOT-FOR-US: IBM
CVE-2015-8520 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5 ...)
	NOT-FOR-US: IBM
CVE-2015-8519 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5 ...)
	NOT-FOR-US: IBM
CVE-2015-8518
	RESERVED
CVE-2015-8517
	REJECTED
CVE-2015-8516
	REJECTED
CVE-2015-8515
	REJECTED
CVE-2015-8514
	REJECTED
CVE-2015-8513
	REJECTED
CVE-2015-8512 (The lockscreen feature in Mozilla Firefox OS before 2.5 does not prope ...)
	NOT-FOR-US: Firefox OS
CVE-2015-8511 (Race condition in the lockscreen feature in Mozilla Firefox OS before  ...)
	NOT-FOR-US: Firefox OS
CVE-2015-8510 (Cross-site scripting (XSS) vulnerability in the internationalization f ...)
	NOT-FOR-US: Firefox OS
CVE-2015-8509 (Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4 ...)
	- bugzilla4 <itp> (bug #669643)
CVE-2015-8508 (Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in ...)
	- bugzilla4 <itp> (bug #669643)
CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote attackers t ...)
	NOT-FOR-US: Android
CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 a ...)
	NOT-FOR-US: Android
CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to  ...)
	NOT-FOR-US: Android
CVE-2015-8503
	RESERVED
CVE-2015-8502
	REJECTED
CVE-2015-8501
	REJECTED
CVE-2015-8500
	REJECTED
CVE-2015-8499
	REJECTED
CVE-2015-8498
	REJECTED
CVE-2015-8497
	REJECTED
CVE-2015-8496
	REJECTED
CVE-2015-8495
	REJECTED
CVE-2015-8494
	REJECTED
CVE-2015-8493
	REJECTED
CVE-2015-8492
	REJECTED
CVE-2015-8491
	REJECTED
CVE-2015-8490
	REJECTED
CVE-2015-8489 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenti ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8488 (Cybozu Office 10.3.0 allows remote attackers to read image files via a ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8487 (Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover C ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8486 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8485 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8484 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8483 (Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 all ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of  ...)
	NOT-FOR-US: Blue Coat Unified Agent
CVE-2015-8481 (Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA S ...)
	NOT-FOR-US: Atlassian
CVE-2015-8504 (Qemu, when built with VNC display driver support, allows remote attack ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #808130)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Fixed by http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 (v2.5.0-rc3)
	NOTE: Issue possibly introduced after http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cec5487990bf3f1f22b3fcb871978255e92ae0d (v0.10.0)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/4
CVE-2016-0200 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0199 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0198 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0197 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mod ...)
	NOT-FOR-US: Microsoft
CVE-2016-0196 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0195 (The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0194 (Microsoft Internet Explorer 10 and 11 allows remote attackers to bypas ...)
	NOT-FOR-US: Microsoft
CVE-2016-0193 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0192 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0191 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0190 (Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft
CVE-2016-0189 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-0188 (The User Mode Code Integrity (UMCI) implementation in Device Guard in  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0187 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in ...)
	NOT-FOR-US: Microsoft
CVE-2016-0186 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0185 (Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-0184 (Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0183 (The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0182 (Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0181 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the Vi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0180 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0179 (Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-0178 (The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0177
	REJECTED
CVE-2016-0176 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mod ...)
	NOT-FOR-US: Microsoft
CVE-2016-0175 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0174 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0173 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0172
	REJECTED
CVE-2016-0171 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0170 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0169 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0168 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0167 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0166 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0165 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0164 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0163
	REJECTED
CVE-2016-0162 (Microsoft Internet Explorer 9 through 11 allows remote attackers to de ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0161 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0160 (Microsoft Internet Explorer 11 mishandles DLL loading, which allows lo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0159 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0158 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0157 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0156 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0155 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0154 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0153 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0152 (Internet Information Services (IIS) in Microsoft Windows Vista SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0151 (The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0150 (HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0149 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0148 (Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, whi ...)
	NOT-FOR-US: Microsoft .NET
CVE-2016-0147 (Microsoft XML Core Services 3.0 allows remote attackers to execute arb ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2016-0146
	REJECTED
CVE-2016-0145 (The font library in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0144
	REJECTED
CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services o ...)
	NOT-FOR-US: Microsoft
CVE-2016-0139 (Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow re ...)
	NOT-FOR-US: Microsoft Excel
CVE-2016-0138 (Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulativ ...)
	NOT-FOR-US: Microsoft
CVE-2016-0137 (The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0136 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft Excel
CVE-2016-0135 (The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0134 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0133 (The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2016-0132 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0131
	REJECTED
CVE-2016-0130 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0129 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0128 (The SAM and LSAD protocol implementations in Microsoft Windows Vista S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0127 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft Word
CVE-2016-0126 (Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0125 (Microsoft Edge mishandles the Referer policy, which allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2016-0124 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0123 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0121 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0120 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0119
	REJECTED
CVE-2016-0118 (The PDF library in Microsoft Windows 10 Gold and 1511 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2016-0117 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0116 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0115
	REJECTED
CVE-2016-0114 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0113 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0112 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0111 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0110 (Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow rem ...)
	NOT-FOR-US: Microsoft
CVE-2016-0109 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0108 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0107 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0106 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0105 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0104 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0103 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0102 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0101 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2016-0100 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library load ...)
	NOT-FOR-US: Microsoft
CVE-2016-0099 (The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2016-0098 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2016-0097
	REJECTED
CVE-2016-0096 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0095 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0094 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0093 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0092 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0091 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0090 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0089 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0088 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0087 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and W ...)
	NOT-FOR-US: Microsoft
CVE-2016-0086
	REJECTED
CVE-2016-0085
	REJECTED
CVE-2016-0084 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0083
	REJECTED
CVE-2016-0082
	REJECTED
CVE-2016-0081
	REJECTED
CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch op ...)
	NOT-FOR-US: Microsoft
CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local u ...)
	NOT-FOR-US: Microsoft
CVE-2016-0078
	REJECTED
CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse H ...)
	NOT-FOR-US: Microsoft
CVE-2016-0076
	REJECTED
CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0074
	REJECTED
CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2016-0070 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0069 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2016-0067 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0066
	REJECTED
CVE-2016-0065
	REJECTED
CVE-2016-0064 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0063 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0062 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0061 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0060 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0059 (The Hyperlink Object Library in Microsoft Internet Explorer 9 through  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0058 (Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2016-0057 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2016-0056 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0055 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2016-0054 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0053 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0052 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0051 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0050 (Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0049 (Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0048 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0047 (WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0046 (Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0045
	REJECTED
CVE-2016-0044 (Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and W ...)
	NOT-FOR-US: Microsoft
CVE-2016-0043
	REJECTED
CVE-2016-0042 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0041 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0040 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0039 (Cross-site scripting (XSS) vulnerability in SharePoint Server in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2016-0038 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-0037 (The forms-based authentication implementation in Active Directory Fede ...)
	NOT-FOR-US: Microsoft
CVE-2016-0036 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0035 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0034 (Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets ...)
	NOT-FOR-US: Microsoft
CVE-2016-0033 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 do ...)
	NOT-FOR-US: Microsoft
CVE-2016-0032 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0031 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0030 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0029 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0028 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumula ...)
	NOT-FOR-US: Microsoft
CVE-2016-0027
	REJECTED
CVE-2016-0026 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-0025 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0024 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0023
	REJECTED
CVE-2016-0022 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0021 (Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2016-0020 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and W ...)
	NOT-FOR-US: Microsoft
CVE-2016-0019 (The Remote Desktop Protocol (RDP) service implementation in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0018 (Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0017
	REJECTED
CVE-2016-0016 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0015 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0014 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0013
	REJECTED
CVE-2016-0012 (Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0011 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-0010 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0009 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0008 (The graphics device interface in Microsoft Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0007 (The sandbox implementation in Microsoft Windows Vista SP2, Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2016-0006 (The sandbox implementation in Microsoft Windows Vista SP2, Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2016-0005 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2016-0004
	REJECTED
CVE-2016-0003 (Microsoft Edge allows remote attackers to execute arbitrary code via u ...)
	NOT-FOR-US: Microsoft
CVE-2016-0002 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsoft
CVE-2016-0001
	REJECTED
CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in media/base/video ...)
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8479 (Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthori ...)
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8478 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
	- chromium-browser 47.0.2526-73-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-8475
	RESERVED
CVE-2015-8471
	RESERVED
	NOT-FOR-US: ATutor
CVE-2015-8470 (The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not s ...)
	NOT-FOR-US: Puppet Enterprise
CVE-2015-8469
	RESERVED
CVE-2015-8468
	RESERVED
CVE-2015-8467 (The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_m ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	NOTE: https://www.samba.org/samba/security/CVE-2015-8467.html
CVE-2015-8466 (Swift3 before 1.9 allows remote attackers to conduct replay attacks vi ...)
	{DSA-3583-1}
	- swift-plugin-s3 1.9-1 (bug #822688)
CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platfor ...)
	NOT-FOR-US: Magento
CVE-2015-XXXX [uses non-random tempdir /tmp/tmprepo.0/.git/]
	- git-repair 1.20151215-1 (unimportant; bug #807341)
	NOTE: Non-exploitable on release archs due to kernel hardening
CVE-2015-8537 (app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before ...)
	{DSA-3529-1}
	- redmine 3.2.0-1 (bug #807826)
	[squeeze] - redmine <not-affected> (Vulnerable code not present in 1.0.1)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/21419 (private)
	NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
	NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/8
CVE-2016-1000033 (Shotwell version 0.22.0 (and possibly other versions) is vulnerable to ...)
	- shotwell 0.22.0-3 (low; bug #807110)
	[jessie] - shotwell <no-dsa> (Minor issue)
	[wheezy] - shotwell <no-dsa> (Minor issue)
	[squeeze] - shotwell <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=754488
CVE-2015-8476 (Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 all ...)
	{DSA-3416-1 DLA-363-1}
	- libphp-phpmailer 5.2.14+dfsg-1 (bug #807265)
	NOTE: https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 (v5.2.14)
CVE-2015-8474 (Open redirect vulnerability in the valid_back_url function in app/cont ...)
	{DSA-3529-1}
	- redmine 3.2.0-1 (bug #807272)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: http://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/19577 (private)
	NOTE: commit: https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472
	NOTE: upstream fixed in 2.6.7, 3.0.5 and 3.1.1
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/1
	NOTE: depends on the CVE-2014-1985 fix first
CVE-2015-8473 (The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x  ...)
	{DSA-3529-1}
	- redmine 3.2.0-1 (bug #807345)
	[squeeze] - redmine <not-affected> (code dates from the API changes introduced in 735a83c, part of 1.1)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
	NOTE: https://www.redmine.org/issues/21136
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/7
	NOTE: https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
CVE-2015-8465
	RESERVED
CVE-2015-8464
	RESERVED
CVE-2015-8463
	RESERVED
CVE-2015-8462
	RESERVED
CVE-2015-8461 (Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P ...)
	- bind9 <not-affected> (Only affects 9.9.8 -> 9.9.8-P1, 9.9.8-S1 -> 9.9.8-S2, 9.10.3 -> 9.10.3-P1)
	NOTE: https://kb.isc.org/article/AA-01319
CVE-2015-8460 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8459 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8458 (Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-8457 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8456 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8455 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8454 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8453 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8452 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8451 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8450 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8449 (Use-after-free vulnerability in the MovieClip object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8448 (Use-after-free vulnerability in the DisplacementMapFilter object imple ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8447 (Use-after-free vulnerability in the Color object implementation in Ado ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8446 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8445 (Integer overflow in the Shader filter implementation in Adobe Flash Pl ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8444 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8443 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8442 (Use-after-free vulnerability in the MovieClip object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8441 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8440 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8439 (The SharedObject object implementation in Adobe Flash Player before 18 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8438 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8437 (Use-after-free vulnerability in the Selection object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8436 (Use-after-free vulnerability in the PrintJob object implementation in  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8435 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8434 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8433 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8432 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8431 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8430 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8429 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8428 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8427 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8426 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8425 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8424 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8423 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8422 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8421 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8420 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8419 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8418 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8417 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8416 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8415 (Buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8414 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8413 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8412 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8411 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8410 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8409 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8408 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8407 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8406 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8405 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8404 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8403 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8402 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8401 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8399 (Atlassian Confluence before 5.8.17 allows remote authenticated users t ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2015-8398 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence befor ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gd ...)
	- gdcm 2.6.2-1
	[jessie] - gdcm 2.4.4-3+deb8u1
	[wheezy] - gdcm <not-affected> (Vulnerable code not present)
	[squeeze] - gdcm <not-affected> (Vulnerable code not present)
	NOTE: http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
CVE-2015-8396 (Integer overflow in the ImageRegionReader::ReadIntoBuffer function in  ...)
	- gdcm 2.6.2-1
	[jessie] - gdcm 2.4.4-3+deb8u1
	[wheezy] - gdcm <no-dsa> (Minor issue)
	[squeeze] - gdcm <not-affected> (Vulnerable code not present)
	NOTE: http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/0f6f82052484774d072784f32105cecc79c45c19/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/92cd6d7fe0d01c61cf68ac4ef65ef388ee252415/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
CVE-2012-6704 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...)
	{DLA-772-1}
	- linux 3.8.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/82981930125abfd39d7c8378a9cfdf5e1be2002b (v3.5-rc1)
CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in sound/co ...)
	- linux 3.8.11-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
CVE-2012-6702 (Expat, when used in a parser that has not called XML_SetHashSalt or pa ...)
	{DSA-3597-1 DLA-508-1}
	- expat 2.1.1-3
CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows l ...)
	- linux <not-affected> (Fixed in v3.2.19; which was before src:linux rename)
	- linux-2.6 3.2.19-1
	NOTE: https://git.kernel.org/linus/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 (v3.5-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=07343eab681bf8c22a2b31d978569a5f65253171 (v3.2.19)
CVE-2012-6700 (The decode_search function in dhcp.c in dhcpcd 3.x does not properly f ...)
	{DSA-3534-1 DLA-362-1}
	- dhcpcd <removed>
	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2012-6699 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP  ...)
	{DSA-3534-1}
	- dhcpcd <removed>
	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2012-6698 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP  ...)
	{DSA-3534-1 DLA-362-1}
	- dhcpcd <removed>
	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypas ...)
	- cakephp 2.8.0-1 (bug #832316)
	[jessie] - cakephp <no-dsa> (Minor issue)
	[wheezy] - cakephp <not-affected> (vulnerable code not present)
	NOTE: http://karmainsecurity.com/KIS-2016-01
	NOTE: https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox)  ...)
	- shellinabox 2.19
	[jessie] - shellinabox <no-dsa> (Minor issue)
	[wheezy] - shellinabox <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/02/6
CVE-2015-8377 (SQL injection vulnerability in the host_new_graphs_save function in gr ...)
	{DSA-3494-1 DLA-374-1}
	- cacti 0.8.8f+ds1-4
	NOTE: http://bugs.cacti.net/view.php?id=2655
	NOTE: http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt
CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
	- proftpd-dfsg 1.3.5b-1
	[jessie] - proftpd-dfsg 1.3.5e-0+deb8u1
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
	[squeeze] - proftpd-dfsg <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
	NOTE: https://github.com/proftpd/proftpd/pull/171
CVE-2015-8376 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...)
	NOT-FOR-US: Microsoft
CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, w ...)
	- isc-kea <not-affected> (Fixed before the initial version uploaded to Debian)
CVE-2015-8372
	RESERVED
CVE-2015-8371 [Composer Cache Injection vulnerability]
	RESERVED
	- composer 1.0.0~alpha11-3
	NOTE: http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
CVE-2015-8370 (Multiple integer underflows in Grub2 1.98 through 2.02 allow physicall ...)
	{DSA-3421-1 DLA-368-1}
	- grub2 2.02~beta2-33 (bug #807614)
	NOTE: https://twitter.com/lostinsecurity/status/674925944524640257
	NOTE: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
CVE-2015-8369 (SQL injection vulnerability in include/top_graph_header.php in Cacti 0 ...)
	{DSA-3423-1 DLA-374-1}
	- cacti 0.8.8f+ds1-3 (bug #807599)
	NOTE: http://bugs.cacti.net/view.php?id=2646
CVE-2015-8378 (In KeePassX before 0.4.4, a cleartext copy of password data is created ...)
	- keepassx 0.4.3+dfsg-1 (bug #791858)
	[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
	[wheezy] - keepassx <no-dsa> (Minor issue)
	[squeeze] - keepassx <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
CVE-2015-8375 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. ...)
	NOT-FOR-US: PHP-Fusion
CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows remote authenticated users to chan ...)
	- ntopng 2.2+dfsg1-1 (bug #816190)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: fixed upstream in 2.2
	NOTE: https://www.exploit-db.com/exploits/38836/
	NOTE: https://github.com/ntop/ntopng/commit/2e0620be3410f5e22c9aa47e261bc5a12be692c6
CVE-2015-8367 (The phase_one_correct function in Libraw before 0.17.1 allows attacker ...)
	- libraw 0.17.1-1 (bug #806809)
	[jessie] - libraw 0.16.0-9+deb8u2
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	[squeeze] - libraw <not-affected> (Vulnerable code not present)
	- dcraw <not-affected> (Vulnerable code not present)
	- kodi <not-affected> (Vulnerable code not present)
	- darktable 2.0.0-1
	[jessie] - darktable <not-affected> (Vulnerable code not present)
	[wheezy] - darktable <not-affected> (Vulnerable code not present)
	[squeeze] - darktable <not-affected> (Vulnerable code not present)
	- ufraw <not-affected> (Vulnerable code not present)
	- rawtherapee <not-affected> (Vulnerable code not present)
	- exactimage <not-affected> (Vulnerable code not present)
	- xbmc <not-affected>
	[jessie] - xbmc <not-affected> (Transitional dummy package)
	[wheezy] - xbmc <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
	NOTE: Introduced by: https://github.com/LibRaw/LibRaw/commit/7b1430c76a19c93f3cc755bb2ff9bda0ba9b4082 (0.15.0)
CVE-2015-8366 (Array index error in smal_decode_segment function in LibRaw before 0.1 ...)
	- libraw 0.17.1-1 (bug #806809)
	[jessie] - libraw 0.16.0-9+deb8u2
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	[squeeze] - libraw <not-affected> (Vulnerable code not present)
	- dcraw 9.28-1 (bug #864168)
	[stretch] - dcraw <no-dsa> (Minor issue)
	[jessie] - dcraw <no-dsa> (Minor issue)
	[wheezy] - dcraw <not-affected> (Vulnerable code not present)
	[squeeze] - dcraw <not-affected> (Vulnerable code not present)
	- kodi <not-affected> (Vulnerable code not present)
	- darktable 2.0.0-1
	[jessie] - darktable <not-affected> (Vulnerable code not present)
	[wheezy] - darktable <not-affected> (Vulnerable code not present)
	[squeeze] - darktable <not-affected> (Vulnerable code not present)
	- ufraw 0.20-4 (bug #818882)
	[jessie] - ufraw <no-dsa> (Minor issue)
	[wheezy] - ufraw <not-affected> (Vulnerable code not present)
	[squeeze] - ufraw <not-affected> (Vulnerable code not present)
	- rawtherapee 4.2.1241-2
	[jessie] - rawtherapee 4.2-1+deb8u2
	[wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
	[squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
	- exactimage 0.9.1-13
	[jessie] - exactimage 0.8.9-7+deb8u2
	[wheezy] - exactimage <not-affected> (Vulnerable code not present)
	[squeeze] - exactimage <not-affected> (Vulnerable code not present)
	NOTE: exactimage: smal_decode_segment inside dcraw.h not dcraw.c
	- xbmc <not-affected>
	[jessie] - xbmc <not-affected> (Transitional dummy package)
	[wheezy] - xbmc <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg befor ...)
	{DSA-4012-1 DLA-1142-1}
	- ffmpeg 7:2.8.3-1 (bug #806519)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
	NOTE: fix for the libav 11.9 branch: https://git.libav.org/?p=libav.git;a=commit;h=v11.9-5-g88762a0
	NOTE: fix for the libav 0.8 branch: https://git.libav.org/?p=libav.git;a=commit;h=9fba59f471725e5235d5378e795ebf8b59472817
CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi. ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.3-1 (bug #806519)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.3-1 (bug #806519)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices b ...)
	NOT-FOR-US: Harman AMX
CVE-2015-8361 (Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.1 ...)
	NOT-FOR-US: Atlassian
CVE-2015-8360 (An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x be ...)
	NOT-FOR-US: Atlassian
CVE-2015-8359
	RESERVED
CVE-2015-8358 (Directory traversal vulnerability in the bitrix.mpbuilder module befor ...)
	NOT-FOR-US: Bitrix
CVE-2015-8357 (Directory traversal vulnerability in the bitrix.xscan module before 1. ...)
	NOT-FOR-US: Bitrix
CVE-2015-8356 (Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 a ...)
	NOT-FOR-US: Bitrix
CVE-2015-8355 (Multiple SQL injection vulnerabilities in the orion.extfeedbackform mo ...)
	NOT-FOR-US: Bitrix
CVE-2015-8354 (Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPr ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2015-8353 (Cross-site scripting (XSS) vulnerability in the Role Scoper plugin bef ...)
	NOT-FOR-US: WordPress plugin role-scoper
CVE-2015-8352 (Directory traversal vulnerability in Zen Cart 1.5.4 allows remote atta ...)
	NOT-FOR-US: Zen Cart
CVE-2015-8351 (PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin ...)
	NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2015-8350 (Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Ac ...)
	NOT-FOR-US: WordPress plugin cta
CVE-2015-8349 (Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre- ...)
	NOT-FOR-US: SourceBeans
CVE-2015-8348
	RESERVED
CVE-2015-8347
	RESERVED
CVE-2015-8344
	RESERVED
CVE-2015-8343
	RESERVED
CVE-2015-8342
	REJECTED
CVE-2015-8341 (The libxl toolstack library in Xen 4.1.x through 4.6.x does not proper ...)
	{DSA-3519-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-160.html
CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through 4 ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through 4 ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page order i ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[wheezy] - xen <not-affected> (Only affects Xen on arm)
	[squeeze] - xen <not-affected> (Only affects Xen on arm)
	NOTE: http://xenbits.xen.org/xsa/advisory-158.html
CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compresse ...)
	- linux 4.2.6-2
	[jessie] - linux 3.16.7-ckt20-1+deb8u1
	[wheezy] - linux 3.2.78-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 (v4.4-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/27/2
	NOTE: CVE assignment for the vulnerability with the impact of "User B now
	NOTE: gets to see the 1000 bytes that user A truncated from its file before
	NOTE: it made its file world readable"
CVE-2015-8337 (The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA- ...)
	NOT-FOR-US: Huawei
CVE-2015-8336 (Huawei FusionCompute with software before V100R005C10SPC700 allows rem ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2015-8335 (Huawei VCN500 with software before V100R002C00SPC201 logs passwords in ...)
	NOT-FOR-US: Huawei
CVE-2015-8334 (SQL injection vulnerability in the Operation and Maintenance Unit (OMU ...)
	NOT-FOR-US: Huawei
CVE-2015-8333 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with softwar ...)
	NOT-FOR-US: Huawei
CVE-2015-8332 (Huawei Video Content Management (VCM) before V100R001C10SPC001 does no ...)
	NOT-FOR-US: Huawei
CVE-2015-8331 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with softwar ...)
	NOT-FOR-US: Huawei
CVE-2015-8330 (The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers  ...)
	NOT-FOR-US: SAP
CVE-2015-8329 (SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII ...)
	NOT-FOR-US: SAP
CVE-2015-8328 (Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU ...)
	- nvidia-graphics-drivers <not-affected> (Windows only)
CVE-2015-8327 (Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-f ...)
	{DSA-3429-1 DSA-3411-1 DLA-365-1}
	- cups-filters 1.2.0-1
	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
	- foomatic-filters 4.0.17-7 (bug #806886)
CVE-2015-8325 (The do_setup_env function in session.c in sshd in OpenSSH through 7.2p ...)
	{DSA-3550-1}
	- openssh 1:7.2p2-3
	NOTE: Upstream fix: https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
	- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest users  ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #806373)
	[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[wheezy] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[jessie] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...)
	{DSA-3529-1 DLA-351-1}
	- redmine 3.2.0-1 (bug #806376)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/21150 (private)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/1
	NOTE: Commit: https://github.com/redmine/redmine/commit/945a091c94a9ed651f61e225fa8646479478e9d4
	NOTE: Commit: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
	NOTE: For squeeze, the bug is in app/views/timelog/edit.rhtml
	NOTE: upstream fixed in 2.6.8, 3.0.6 and 3.1.2
CVE-2015-XXXX [Insecure permissions for backup directory]
	- dbconfig-common 1.8.58 (bug #805638)
	[jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
	[wheezy] - dbconfig-common 1.8.47+nmu1+deb7u1
	[squeeze] - dbconfig-common 1.8.46+squeeze.1
	NOTE: Workaround entry for DLA-390-1 (since no CVE for this issue)
CVE-2015-8323
	RESERVED
CVE-2015-8322 (NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authe ...)
	NOT-FOR-US: NetApp
CVE-2015-8326 (The IPTables-Parse module before 1.6 for Perl allows local users to wr ...)
	- libiptables-parse-perl 1.6-1
	[jessie] - libiptables-parse-perl 1.1-1+deb8u1
	[wheezy] - libiptables-parse-perl 1.1-1+deb7u1
	[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38 and p ...)
	- pcre3 2:8.38-1 (bug #796762; bug #795539)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1672
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/24/1
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1667
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/05/3
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
CVE-2015-8380 (The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...)
	- pcre3 2:8.38-1 (bug #806467)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: For wheezy: same code looks present around patched lines, though the
	NOTE: reproducer does not lead to a crash, and just gives
	NOTE: "Matched, but too many substrings"
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 8.38 upstream
	- pcre2 <not-affected>
	NOTE: Commit: http://vcs.pcre.org/pcre?view=revision&revision=1565
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1637
	NOTE: https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
CVE-2015-8321
	RESERVED
CVE-2015-8319 (Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones ...)
	NOT-FOR-US: Huawei
CVE-2015-8318 (Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones ...)
	NOT-FOR-US: Huawei
CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to cause a de ...)
	- node-ms <not-affected> (Fixed before initial upload to Debian)
CVE-2015-8314
	RESERVED
CVE-2015-8313 (GnuTLS incorrectly validates the first byte of padding in CBC modes ...)
	{DSA-3408-1 DLA-364-1}
	- gnutls28 <not-affected> (Vulnerable code not present)
	- gnutls26 <removed>
	NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
CVE-2015-8312 (Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow  ...)
	{DSA-3569-1 DLA-493-1}
	- openafs 1.6.17-1
	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca
	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132256
CVE-2015-8311
	RESERVED
CVE-2015-8310 (Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 ...)
	NOT-FOR-US: Cherry Music
CVE-2015-8309 (Directory traversal vulnerability in Cherry Music before 0.36.0 allows ...)
	NOT-FOR-US: Cherry Music
CVE-2015-8307 (The Graphics driver in Huawei P8 smartphones with software GRA-TL00 be ...)
	NOT-FOR-US: Huawei
CVE-2015-8306 (Buffer overflow in the HIFI driver in Huawei P8 phones with software G ...)
	NOT-FOR-US: Huawei
CVE-2015-8305 (Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allo ...)
	NOT-FOR-US: Huawei
CVE-2015-8304 (Integer overflow in Huawei P7 phones with software before P7-L07 V100R ...)
	NOT-FOR-US: Huawei
CVE-2015-8303 (Huawei Document Security Management (DSM) with software before V100R00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8302
	RESERVED
CVE-2015-8301
	RESERVED
CVE-2015-8324 (The ext4 implementation in the Linux kernel before 2.6.34 does not pro ...)
	{DLA-360-1}
	- linux 2.6.37-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/23/2
	NOTE: https://bugs.openvz.org/browse/OVZ-6541
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1267261
	NOTE: Commit fixing the issue: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 (v2.6.34-rc1)
CVE-2015-8320 (Apache Cordova-Android before 3.7.0 improperly generates random values ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-8316 (Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16. ...)
	- lightdm 1.16.6-1
	[jessie] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
	[wheezy] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/21/2
	NOTE: https://bugs.launchpad.net/lightdm/+bug/15168
	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.14/revision/2166 (1.14.x)
	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.16/revision/2207 (1.16.x)
CVE-2015-8300 (Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: F ...)
	NOT-FOR-US: Polycom BToE Connector
CVE-2015-8299 (Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1. ...)
	NOT-FOR-US: Falcon
CVE-2015-8298 (Multiple SQL injection vulnerabilities in the login page in RXTEC RXAd ...)
	NOT-FOR-US: RXTEC
CVE-2015-8297
	REJECTED
CVE-2015-8296
	REJECTED
CVE-2015-8295
	REJECTED
CVE-2015-8294
	REJECTED
CVE-2015-8293
	REJECTED
CVE-2015-8292
	REJECTED
CVE-2015-8291
	REJECTED
CVE-2015-8290
	REJECTED
CVE-2015-8289 (The password-recovery feature on NETGEAR D3600 devices with firmware 1 ...)
	NOT-FOR-US: Netgear routers
CVE-2015-8288 (NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with fi ...)
	NOT-FOR-US: Netgear routers
CVE-2015-8287 (Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM ...)
	NOT-FOR-US: Swann
CVE-2015-8286 (Zhuhai RaySharp firmware has a hardcoded root password, which makes it ...)
	NOT-FOR-US: Zhuhai RaySharp
CVE-2015-8285 (The webssx.sys driver in QuickHeal 16.00 allows remote attackers to ca ...)
	NOT-FOR-US: QuickHeal
CVE-2015-8284 (SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to p ...)
	NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8283 (Directory traversal vulnerability in configure_manage.php in SeaWell N ...)
	NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8282 (SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admi ...)
	NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8281 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to  ...)
	NOT-FOR-US: Samsung
CVE-2015-8280 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attack ...)
	NOT-FOR-US: Samsung
CVE-2015-8279 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attack ...)
	NOT-FOR-US: Samsung
CVE-2015-8278
	RESERVED
CVE-2015-8277 (Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexer ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2015-8276 (LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow atta ...)
	NOT-FOR-US: LVRTC eParakstitajs
CVE-2015-8275 (LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow atta ...)
	NOT-FOR-US: LVRTC eParakstitajs
CVE-2015-8274
	RESERVED
CVE-2015-8273
	RESERVED
CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service (N ...)
	{DSA-3850-1 DLA-917-1}
	- rtmpdump 2.4+20151223.gitfa8646d.1-1
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
	NOTE: to missing upstream source import the fixes are really only present in
	NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTM ...)
	{DSA-3850-1 DLA-917-1}
	- rtmpdump 2.4+20151223.gitfa8646d.1-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/530f9bb2a02a78c1198fb2bf0293a12d225e4691
	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
	NOTE: to missing upstream source import the fixes are really only present in
	NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTM ...)
	{DSA-3850-1 DLA-917-1}
	- rtmpdump 2.4+20151223.gitfa8646d.1-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e
	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
	NOTE: to missing upstream source import the fixes are really only present in
	NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
	NOT-FOR-US: Fisher-Price
CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 o ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-8267 (The PasswordReset.Controllers.ResetController.ChangePasswordIndex meth ...)
	NOT-FOR-US: Dovestones
CVE-2015-8266
	RESERVED
CVE-2015-8265 (Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V20 ...)
	NOT-FOR-US: Huawei
CVE-2015-8264 (Untrusted search path vulnerability in F-Secure Online Scanner allows  ...)
	NOT-FOR-US: F-Secure Online Scanner
CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source p ...)
	NOT-FOR-US: NETGEAR
CVE-2015-8262 (Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an  ...)
	NOT-FOR-US: BUFFALO
CVE-2015-8261 (The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold ...)
	NOT-FOR-US: Ipswitch
CVE-2015-8260
	RESERVED
CVE-2015-8259
	RESERVED
CVE-2015-8258 (AXIS Communications products with firmware through 5.80.x allow remote ...)
	NOT-FOR-US: AXIS Communications
CVE-2015-8257 (The devtools.sh script in AXIS network cameras allows remote authentic ...)
	NOT-FOR-US: Axis network cameras
CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ca ...)
	NOT-FOR-US: Axis network cameras
CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by admin/pwdg ...)
	NOT-FOR-US: AXIS Communications
CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied devi ...)
	NOT-FOR-US: Frontel
CVE-2015-8253 (The Frontel protocol before 3 on RSI Video Technologies Videofied devi ...)
	NOT-FOR-US: Frontel
CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies Videofied devi ...)
	NOT-FOR-US: Frontel
CVE-2015-8251 (OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E ...)
	NOT-FOR-US: OpenStage
CVE-2015-8250
	RESERVED
CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 before b ...)
	NOT-FOR-US: ManageEngine Desktop Central
CVE-2015-8248
	REJECTED
CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo I ...)
	NOT-FOR-US: Synnefo
CVE-2015-8246
	RESERVED
CVE-2015-8245
	RESERVED
CVE-2015-8244
	RESERVED
CVE-2015-XXXX [ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word]
	- zendframework 1.12.17+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u5
	[wheezy] - zendframework 1.11.13-1.1+deb7u5
	[squeeze] - zendframework <no-dsa> (Minor issue)
	NOTE: security hardening
	NOTE: http://framework.zend.com/security/advisory/ZF2015-09
	NOTE: https://github.com/zendframework/zf1/commit/4a41392f89bf510a8ab801eacb117fe7ea25b575
CVE-2009-5149 (Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_10061 ...)
	NOT-FOR-US: Arris hardware
CVE-2015-XXXX [Missing bounds checking and verification of data type causes segfault]
	- libmaxminddb 1.1.5-1 (bug #805657)
	NOTE: https://github.com/maxmind/libmaxminddb/commit/51255f113fe3c7b63ffe957636a7656a3ff9d1ff
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283919
CVE-2015-8308 (LXDM before 0.5.2 did not start X server with -auth, which allows loca ...)
	- lxdm 0.5.3-1 (bug #805659)
	NOTE: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268900
	NOTE: http://advisories.mageia.org/MGASA-2015-0411.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/20/2
CVE-2015-8243
	RESERVED
CVE-2015-8240 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, A ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8238
	RESERVED
CVE-2015-8237
	RESERVED
CVE-2015-8236 (Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M,  ...)
	NOT-FOR-US: Arista EOS
CVE-2015-8235 (Directory traversal vulnerability in Spiffy before 5.4. ...)
	- chicken 4.10.0-1
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x bef ...)
	NOT-FOR-US: Drupal theme
CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not prope ...)
	NOT-FOR-US: Drupal theme
CVE-2015-8231 (Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8230 (Memory leak in Huawei eSpace 8950 IP phones with software before V200R ...)
	NOT-FOR-US: Huawei
CVE-2015-8229 (Huawei eSpace U2980 unified gateway with software before V100R001C10 a ...)
	NOT-FOR-US: Huawai
CVE-2015-8228 (Directory traversal vulnerability in the SFTP server in Huawei AR 120, ...)
	NOT-FOR-US: Huawai
CVE-2015-8227 (The built-in web server in Huawei VP9660 multi-point control unit with ...)
	NOT-FOR-US: Huawai
CVE-2015-8226 (The Joint Photographic Experts Group Processing Unit (JPU) driver in H ...)
	NOT-FOR-US: Huawei
CVE-2015-8225 (The Joint Photographic Experts Group Processing Unit (JPU) driver in H ...)
	NOT-FOR-US: Huawei
CVE-2015-8224 (Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-T ...)
	NOT-FOR-US: Huawei
CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P ...)
	NOT-FOR-US: Huawei
CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...)
	- lxd <itp> (bug #768073)
CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259 allows remo ...)
	NOT-FOR-US: Google Picasa
CVE-2015-8220 (Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWi ...)
	NOT-FOR-US: SolarWinds remote control
CVE-2015-8242 (The xmlSAX2TextNode function in SAX2.c in the push interface in the HT ...)
	- libxml2 2.9.3+dfsg1-1 (bug #805146)
	[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
	[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2 (v2.9.3)
CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check the  ...)
	{DSA-3430-1 DLA-355-1}
	- libxml2 2.9.3+dfsg1-1 (bug #806384)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
	NOTE: Introduced/Uncovered by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 all ...)
	- sudo 1.8.17p1-1 (bug #805563)
	[jessie] - sudo <no-dsa> (Minor issue)
	[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
	[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
CVE-2015-8234 (The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...)
	- glance <unfixed> (unimportant)
CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2. ...)
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167
CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg be ...)
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable feature not present)
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
	NOTE: Vulnerability affects G3{1, 2}D code extensions feature, which is not present
	NOTE: in libav 0.8 and 9. branches: https://lists.debian.org/debian-lts/2017/12/msg00011.html
	NOTE: 11.x features G3 support, but the vulnerable code was introduced later
CVE-2015-8217 (The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg befor ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <undetermined>
	[jessie] - libav <not-affected> (Contains a similar code block like the one referenced by the ffmpeg commit)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=93f30f825c08477fe8f76be00539e96014cc83c8
CVE-2015-8216 (The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg  ...)
	{DLA-1611-1}
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a
	NOTE: patch does not apply cleanly in jessie's libav, possibly needs some brainwork
CVE-2015-8215 (net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 d ...)
	{DSA-3364-1 DLA-310-1}
	- linux 4.0.2-1
	- linux-2.6 <removed>
	NOTE: Patch for the kernel to harden against invalid MTUs: http://article.gmane.org/gmane.linux.network/351269
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
CVE-2015-8214 (Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean ...)
	NOT-FOR-US: Siemens
CVE-2015-8213 (The get_format function in utils/formats.py in Django before 1.7.x bef ...)
	{DSA-3404-1 DLA-349-1}
	- python-django 1.8.7-1
	NOTE: https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 (master)
	NOTE: https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172 (1.7.x)
	NOTE: https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
CVE-2015-8212 (CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 throug ...)
	{DLA-490-1}
	- bozohttpd <removed>
	NOTE: FIX http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.79&r2=1.80&only_with_tag=MAIN
	NOTE: http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
	NOTE: http://www.eterna.com.au/bozohttpd/CHANGES
	NOTE: http://www.eterna.com.au/bozohttpd/bozohttpd-20160415.tar.bz2
CVE-2015-8211
	REJECTED
CVE-2015-8210
	REJECTED
CVE-2015-8209
	REJECTED
CVE-2015-8208
	REJECTED
CVE-2015-8207
	REJECTED
CVE-2015-8206
	REJECTED
CVE-2015-8205
	REJECTED
CVE-2015-8204
	REJECTED
CVE-2015-8203
	REJECTED
CVE-2015-8202
	REJECTED
CVE-2015-8201
	REJECTED
CVE-2015-8200
	REJECTED
CVE-2015-8199
	REJECTED
CVE-2015-8198
	REJECTED
CVE-2015-8197
	REJECTED
CVE-2015-8196
	REJECTED
CVE-2015-8195
	REJECTED
CVE-2015-8194
	REJECTED
CVE-2015-8193
	REJECTED
CVE-2015-8192
	REJECTED
CVE-2015-8191
	REJECTED
CVE-2015-8190
	REJECTED
CVE-2015-8189
	REJECTED
CVE-2015-8188
	REJECTED
CVE-2015-8187
	REJECTED
CVE-2015-8186
	REJECTED
CVE-2015-8185
	REJECTED
CVE-2015-8184
	REJECTED
CVE-2015-8183
	REJECTED
CVE-2015-8182
	REJECTED
CVE-2015-8181
	REJECTED
CVE-2015-8180
	REJECTED
CVE-2015-8179
	REJECTED
CVE-2015-8178
	REJECTED
CVE-2015-8177
	REJECTED
CVE-2015-8175
	RESERVED
CVE-2015-8174
	RESERVED
CVE-2015-8173
	RESERVED
CVE-2015-8172
	RESERVED
CVE-2015-8171
	RESERVED
CVE-2015-8170
	RESERVED
CVE-2015-8169
	RESERVED
CVE-2015-8168
	RESERVED
CVE-2015-8167
	RESERVED
CVE-2015-8166
	RESERVED
CVE-2015-8165
	RESERVED
CVE-2015-8164
	RESERVED
CVE-2015-8163
	RESERVED
CVE-2015-8162
	RESERVED
CVE-2015-8161
	RESERVED
CVE-2015-8160
	RESERVED
CVE-2015-8159
	RESERVED
CVE-2015-8158 (The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4. ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
CVE-2015-8157 (SQL injection vulnerability in the Management Server in Symantec Embed ...)
	NOT-FOR-US: Symantec
CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec E ...)
	NOT-FOR-US: Symantec
CVE-2015-8155
	REJECTED
CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) co ...)
	NOT-FOR-US: Symantec
CVE-2015-8153 (SQL injection vulnerability in Symantec Endpoint Protection Manager (S ...)
	NOT-FOR-US: Symantec
CVE-2015-8152 (Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint P ...)
	NOT-FOR-US: Symantec
CVE-2015-8151 (Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows  ...)
	NOT-FOR-US: Symantec
CVE-2015-8150 (Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows  ...)
	NOT-FOR-US: Symantec
CVE-2015-8149 (The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 ...)
	NOT-FOR-US: Symantec
CVE-2015-8148 (The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 ...)
	NOT-FOR-US: Symantec
CVE-2015-8145
	RESERVED
CVE-2015-8144
	RESERVED
CVE-2015-8143
	RESERVED
CVE-2015-8142
	RESERVED
CVE-2015-8141
	RESERVED
CVE-2015-8140 (The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to con ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and mitigation exists)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2947
	NOTE: Mitigated in 4.2.8p6
CVE-2015-8139 (ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ti ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and mitigation exists)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2946
	NOTE: Mitigated in 4.2.8p6
CVE-2015-8138 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to  ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/
	NOTE: https://github.com/ntp-project/ntp/commit/880191b72409a1965712999d248d70e6f7163af8
	NOTE: The upstream fix for this issue is reported to be incomplete:
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2945#c7
	NOTE: http://lists.ntp.org/pipermail/hackers/2016-January/007406.html
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2015-8137
	RESERVED
CVE-2015-8136
	RESERVED
CVE-2015-8135
	REJECTED
CVE-2015-8134
	REJECTED
CVE-2015-8133
	REJECTED
CVE-2015-8132
	REJECTED
CVE-2015-8131 (Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kiban ...)
	- kibana <itp> (bug #700337)
CVE-2015-8130
	RESERVED
CVE-2015-8129
	RESERVED
CVE-2015-8128
	RESERVED
CVE-2015-8127
	RESERVED
CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gd ...)
	{DLA-419-1}
	- gtk+2.0 2.24.30-1.1 (bug #799275)
	[jessie] - gtk+2.0 2.24.25-3+deb8u1
	[wheezy] - gtk+2.0 <no-dsa> (Minor issue; can be fixed via wheezy-pu)
	- gtk+3.0 3.10.7-1 (bug #818090)
	[wheezy] - gtk+3.0 3.4.2-7+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=703220
	NOTE: Fixed by: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel ...)
	{DSA-3426-1 DLA-360-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845
	NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
CVE-2015-8317 (The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allow ...)
	{DSA-3430-1 DLA-355-1}
	- libxml2 2.9.2+zdfsg1-4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751603
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c
CVE-2015-XXXX [Kernel: Unprivileged user can freeze journald]
	- linux <unfixed> (unimportant)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/systemd/systemd/issues/1822
	NOTE: Issue in Linux related to unprivileged CLONE_NEWUSER affecting systemd, but we disable unprivileged use by default
CVE-2015-8125 (Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7 ...)
	{DSA-3402-1}
	- symfony 2.7.7+dfsg-1
	NOTE: http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
	NOTE: https://github.com/symfony/symfony/pull/16630
CVE-2015-8124 (Session fixation vulnerability in the "Remember Me" login feature in S ...)
	{DSA-3402-1}
	- symfony 2.7.7+dfsg-1
	NOTE: http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
	NOTE: https://github.com/symfony/symfony/pull/16631
CVE-2015-8123
	REJECTED
CVE-2015-8122
	REJECTED
CVE-2015-8121
	REJECTED
CVE-2015-8120
	REJECTED
CVE-2015-8119
	REJECTED
CVE-2015-8118
	REJECTED
CVE-2015-8117
	REJECTED
CVE-2015-8116
	REJECTED
CVE-2015-8115
	REJECTED
CVE-2015-8114
	REJECTED
CVE-2015-8113 (Untrusted search path vulnerability in the client in Symantec Endpoint ...)
	NOT-FOR-US: Symantec
CVE-2015-8112
	RESERVED
CVE-2015-8111
	RESERVED
CVE-2015-8110 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...)
	NOT-FOR-US: Lenovo
CVE-2015-8109 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...)
	NOT-FOR-US: Lenovo
CVE-2015-8108 (The management interface in LenovoEMC EZ Media &amp; Backup (hm3), ix2 ...)
	NOT-FOR-US: LenovoEMC
CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote attackers t ...)
	- a2ps 1:4.14-1.2
	[wheezy] - a2ps <no-dsa> (Minor issue)
	[squeeze] - a2ps <no-dsa> (Minor issue)
CVE-2015-8106 (Format string vulnerability in the CmdKeywords function in funct1.c in ...)
	- latex2rtf 2.3.10-1 (unimportant; bug #805398)
	[wheezy] - latex2rtf <not-affected> (Vulnerable code introduced later)
	[squeeze] - latex2rtf <not-affected> (Vulnerable code introduced later)
	NOTE: keywords command support introduced in http://sourceforge.net/p/latex2rtf/code/1152
	NOTE: http://sourceforge.net/p/latex2rtf/code/1152/tree//trunk/funct1.c?diff=50900fed34309d3c639c868f:1151
	NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
	NOTE: Rendered non-exploitable by toolchain hardening
CVE-2015-8472 (Buffer overflow in the png_set_PLTE function in libpng before 1.0.65,  ...)
	{DSA-3443-1 DLA-410-1 DLA-375-1}
	- libpng <removed> (bug #807112)
	- libpng1.6 1.6.20-1 (bug #807112)
	NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
	NOTE: https://github.com/glennrp/libpng/commit/7e1ca9ceba4e64259863efdd98bab9b55bdc0b9c
	NOTE: https://github.com/glennrp/libpng/commit/4488a96126bbefda51d07835411d8e847a88b2b7
	NOTE: https://github.com/glennrp/libpng/commit/ad224c6907e8a274f2679eae4c2e3085fdc7e8c8
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
	{DSA-3507-1 DSA-3399-1 DLA-410-1 DLA-343-1}
	- libpng 1.2.54-1 (bug #805113)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
	NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
	NOTE: The original patch was incomplete, cf.
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/6
	NOTE: and fixed in new upstream versions 1.6.20, 1.5.25,
	NOTE: 1.4.18, 1.2.55, and 1.0.65
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8105 (Cross-site scripting (XSS) vulnerability in program/js/app.js in Round ...)
	- roundcube 1.1.3+dfsg.1-1
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4900
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/dd7db217979d6960f53b6544cf053d8c0db8c416
CVE-2015-XXXX [directory traversal in servefile]
	- servefile 0.4.4-1
	[jessie] - servefile <no-dsa> (Minor issue)
	[wheezy] - servefile <no-dsa> (Minor issue)
	NOTE: https://github.com/sebageek/servefile/commit/cd7eee21be3602ab6118a23eec8e2628d1a6488c
CVE-2015-8102
	RESERVED
CVE-2015-8101
	RESERVED
CVE-2015-8099 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8098 (F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6 ...)
	NOT-FOR-US: BIG-IP
CVE-2015-8097
	RESERVED
CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allo ...)
	NOT-FOR-US: Google Picasa
CVE-2015-8095 (The recycle bin feature in the Monster Menus module 7.x-1.21 before 7. ...)
	NOT-FOR-US: Monster Menus module for Drupal
CVE-2015-8094 (Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remot ...)
	NOT-FOR-US: Cloudera HUE
CVE-2015-8093
	RESERVED
CVE-2015-8092
	RESERVED
CVE-2015-8091
	REJECTED
CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows r ...)
	NOT-FOR-US: TIBCO
CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x thr ...)
	{DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-156.html
	NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
	- virtualbox 5.0.10-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for  ...)
	- net-snmp <not-affected> (Specific to packaging in OpenBSD)
CVE-2015-8089 (The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C ...)
	NOT-FOR-US: Huawei
CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones  ...)
	NOT-FOR-US: Huawei
CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V80 ...)
	NOT-FOR-US: Huawei
CVE-2015-8086 (Huawei AR routers with software before V200R007C00SPC100; Quidway S930 ...)
	NOT-FOR-US: Huawei
CVE-2015-8085 (Huawei AR routers with software before V200R007C00SPC100; Quidway S930 ...)
	NOT-FOR-US: Huawei
CVE-2015-8084 (Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateway ...)
	NOT-FOR-US: Huawei
CVE-2015-8083 (An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U19 ...)
	NOT-FOR-US: Huawei
CVE-2015-8082 (The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x ...)
	NOT-FOR-US: Login Disable module for Drupal
CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allo ...)
	NOT-FOR-US: Field as Block module for Drupal
CVE-2015-8103 (The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625 ...)
	- jenkins <removed> (bug #804522)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-7501 (Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data G ...)
	- libcommons-collections3-java 3.2.2-1 (unimportant)
	[jessie] - libcommons-collections3-java 3.2.1-7+deb8u1
	[wheezy] - libcommons-collections3-java 3.2.1-5+deb7u1
	[squeeze] - libcommons-collections3-java 3.2.1-4+deb6u1
	NOTE: workaround entry to associate the squeeze-lts, wheezy- and jessie-security fixes with the
	NOTE: corresponding entry with unstable and the hardening change.
	- libcommons-collections4-java <unfixed> (unimportant)
	NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
	NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
	NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
	NOTE: Patches for 3.2.x:
	NOTE: https://github.com/apache/commons-collections/commit/1642b00d67b96de87cad44223efb9ab5b4fb7be5
	NOTE: https://github.com/apache/commons-collections/commit/5ec476b0b756852db865b2e442180f091f8209ee
	NOTE: https://github.com/apache/commons-collections/commit/bce4d022f27a723fa0e0b7484dcbf0afa2dd210a
	NOTE: https://github.com/apache/commons-collections/commit/d9a00134f16d685bea11b2b12de824845e6473e3
	NOTE: Patches for 4.x:
	NOTE: https://github.com/apache/commons-collections/commit/e585cd0433ae4cfbc56e58572b9869bd0c86b611
	NOTE: https://github.com/apache/commons-collections/commit/da1a5fe00d79e1840b7e52317933e9eb56e88246
	NOTE: https://github.com/apache/commons-collections/commit/3eee44cf63b1ebb0da6925e98b3dcc6ef1e4d610
	NOTE: https://github.com/apache/commons-collections/commit/78d47d4d098ab814a7a00a0b1c81646b27f050cf
	NOTE: https://github.com/apache/commons-collections/commit/b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b
CVE-2015-8079 (qt5-qtwebkit before 5.4 records private browsing URLs to its favicon d ...)
	- qtwebkit <removed> (unimportant)
	NOTE: qtwebkit not covered by security support
CVE-2015-8080 (Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x ...)
	{DSA-3412-1}
	- redis 2:3.0.5-4 (bug #804419)
	[wheezy] - redis <not-affected> (Vulnerable code not present)
	[squeeze] - redis <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/antirez/redis/issues/2855
CVE-2015-8078 (Integer overflow in the index_urlfetch function in imap/index.c in Cyr ...)
	- cyrus-imapd-2.4 2.4.18-4 (bug #804182)
	[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2
CVE-2015-8077 (Integer overflow in the index_urlfetch function in imap/index.c in Cyr ...)
	- cyrus-imapd-2.4 2.4.18-4 (bug #804182)
	[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08
CVE-2015-8074 (mediaserver in Android before 5.1.1 LMY48X allows remote attackers to  ...)
	NOT-FOR-US: Android
CVE-2015-8073 (mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote a ...)
	NOT-FOR-US: Android
CVE-2015-8072 (mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 bef ...)
	NOT-FOR-US: Android
CVE-2015-8071 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8070 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8069 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8068 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8067 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8066 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8065 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8064 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8063 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8062 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8061 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8060 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8059 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8058 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8057 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8056 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8055 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8054
	REJECTED
CVE-2015-8053 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2015-8052 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2015-8051 (The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecifie ...)
	NOT-FOR-US: Adobe Pemiere Clip
CVE-2015-8050 (Use-after-free vulnerability in the MovieClip object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8049 (Use-after-free vulnerability in the TextField object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8048 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8047 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8046 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8045 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8044 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8043 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8042 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung Smart ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2015-8039 (Samsung SmartViewer allows remote attackers to execute arbitrary code  ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical U ...)
	NOT-FOR-US: Fortinet
CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical U ...)
	NOT-FOR-US: Fortinet
CVE-2015-8036 (Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x b ...)
	{DSA-3468-1}
	- mbedtls <not-affected> (Fixed before the initial release to Debian)
	[experimental] - polarssl 1.3.14-0.1
	- polarssl <unfixed>
	[wheezy] - polarssl <not-affected> (Vulnerable code introduced later)
	[squeeze] - polarssl <not-affected> (Vulnerable code introduced later)
	NOTE: support for session tickets added in 1.3.0.
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissions o ...)
	- salt 2015.8.3+ds-1 (bug #807356)
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: For jessie: /var/cache/salt/minion is created with restricted permissions on
	NOTE: first start of salt-minion in verify_env mitigating the issue, cf.
	NOTE: https://sources.debian.org/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
	NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
	NOTE: https://github.com/saltstack/salt/issues/28455
CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...)
	NOT-FOR-US: Viprinet
CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...)
	NOT-FOR-US: Viprinet
CVE-2015-8075
	REJECTED
CVE-2015-8033
	RESERVED
CVE-2015-8032
	RESERVED
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...)
	{DSA-3430-1}
	- libxml2 2.9.3+dfsg1-1 (bug #803942)
	[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
	NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (v2.9.3)
	NOTE: You can use "xmllint --version" to verify if libxml2 is compiled with "Lzma" support.
	NOTE: sid's 2.9.2+zdfsg1-4 claims to have "Lzma" support but it's broken in fact...
	NOTE: so it barfs on the problematic file (parser error : Start tag expected,
	NOTE: '<' not found) even though it does not have the fix yet. The next upstream
	NOTE: release will fix this issue and will restore XZ support.
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/02/2
CVE-2015-7984 (Multiple cross-site request forgery (CSRF) vulnerabilities in Horde be ...)
	{DSA-3391-1}
	- php-horde 5.2.8+debian0-1 (bug #803641)
	NOTE: https://www.htbridge.com/advisory/HTB23272
	NOTE: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
	NOTE: http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html
CVE-2015-8031
	RESERVED
CVE-2015-8030 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execu ...)
	NOT-FOR-US: SAP
CVE-2015-8029 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execu ...)
	NOT-FOR-US: SAP
CVE-2015-8028 (Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) all ...)
	NOT-FOR-US: SAP
CVE-2015-8027 (Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 d ...)
	- nodejs 4.2.3~dfsg-1 (bug #806385)
	[jessie] - nodejs <not-affected> (0.10 series not affected)
	NOTE: https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
CVE-2015-8024 (McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/ ...)
	NOT-FOR-US: McAfee
CVE-2015-8023 (The server implementation of the EAP-MSCHAPv2 protocol in the eap-msch ...)
	{DSA-3398-1 DLA-345-1}
	- strongswan 5.3.3-3
	NOTE: https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
CVE-2015-8022 (The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8021 (Incomplete blacklist vulnerability in the Configuration utility in F5  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8020 (Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default  ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2015-8018
	RESERVED
CVE-2015-8017
	RESERVED
CVE-2015-8016
	RESERVED
CVE-2015-8015
	RESERVED
CVE-2015-8014
	RESERVED
CVE-2015-8009 (The MWOAuthDataStore::lookup_token function in Extension:OAuth for Med ...)
	NOT-FOR-US: Mediawiki extension OAuth
CVE-2015-8008 (The OAuth extension for MediaWiki improperly negotiates a new client t ...)
	NOT-FOR-US: Mediawiki extension OAuth
CVE-2015-8007 (The Echo extension for MediWiki does not properly implement the hideus ...)
	NOT-FOR-US: Mediawiki extension Echo
CVE-2015-8006 (Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in  ...)
	NOT-FOR-US: Mediawiki extension PageTriage
CVE-2015-XXXX [iptables-persistent minor local info leak]
	- iptables-persistent 1.0.4 (low; bug #764645)
	[jessie] - iptables-persistent 1.0.3+deb8u1
	[wheezy] - iptables-persistent 0.5.7+deb7u1
	[squeeze] - iptables-persistent <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
CVE-2015-XXXX
	- cinnamon-settings-daemon 2.8.3-1 (low)
	[jessie] - cinnamon-settings-daemon 2.2.4.repack-7+deb8u1
	NOTE: https://github.com/linuxmint/cinnamon-settings-daemon/commit/ac5e0be8c1817616dbdb056b6881cfc4660f57a8
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly perfor ...)
	{DSA-3438-1 DLA-338-1}
	- xscreensaver 5.34-1 (bug #802914)
	NOTE: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1274452
CVE-2015-8005 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25 ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T108616
CVE-2015-8004 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25 ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T95589
CVE-2015-8003 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25 ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T91850
CVE-2015-8002 (The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T91205
CVE-2015-8001 (The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T91203
CVE-2015-8000 (db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3 ...)
	{DSA-3420-1 DLA-370-1}
	- bind9 1:9.9.5.dfsg-12.1 (bug #808081)
	NOTE: https://kb.isc.org/article/AA-01317
CVE-2015-7999 (Multiple SQL injection vulnerabilities in the Administration Web UI se ...)
	NOT-FOR-US: Citrix
CVE-2015-7998 (The administration UI in Citrix NetScaler Application Delivery Control ...)
	NOT-FOR-US: Citrix
CVE-2015-7997 (Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API i ...)
	NOT-FOR-US: Citrix
CVE-2015-7996 (The Nitro API in Citrix NetScaler Application Delivery Controller (ADC ...)
	NOT-FOR-US: Citrix
CVE-2015-7994 (The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allo ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7993 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7992 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticat ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7991 (The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_ ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7988 (The handle_regservice_request function in mDNSResponder before 625.41. ...)
	NOT-FOR-US: mDNSResponder
CVE-2015-7987 (Multiple buffer overflows in mDNSResponder before 625.41.2 allow remot ...)
	NOT-FOR-US: mDNSResponder
CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote a ...)
	NOT-FOR-US: SAP
CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) f ...)
	- steam <not-affected> (specific to the steam installor on windows)
CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c i ...)
	- linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/11
	NOTE: Only for all stable kernels before v3.19 which have backported commit
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=89c22d8c3b278212eef6a8cc66b570bc840a6f5a
	NOTE: but are lacking the ioviter conversion.
CVE-2015-7983
	RESERVED
CVE-2015-7982
	RESERVED
CVE-2015-7980 (Cross-site scripting (XSS) vulnerability in the Compass Rose module 6. ...)
	NOT-FOR-US: Drupal addon Compass Rose
CVE-2015-7990 (Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the ...)
	{DSA-3396-1 DLA-360-1}
	- linux 4.2.6-1
	- linux-2.6 <removed>
	NOTE: https://lkml.org/lkml/2015/10/16/530
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
CVE-2015-7979 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to  ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
	NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461
CVE-2015-7978 (NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers t ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940
	NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
CVE-2015-7977 (ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attac ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939
	NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
CVE-2015-7976 (The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4 ...)
	- ntp 1:4.2.8p7+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue, mitigation exists)
	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
	NOTE: https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
	NOTE: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
CVE-2015-7975 (The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 doe ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <not-affected> (Introduced in 4.2.8)
	[wheezy] - ntp <not-affected> (Introduced in 4.2.8)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer asso ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1 (low)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
CVE-2015-7973 (NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadca ...)
	- ntp 1:4.2.8p7+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2 ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-153.html
CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console me ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-152.html
CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3 ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-150.html
CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest admin ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-149.html
	NOTE: http://xenbits.xen.org/xsa/advisory-151.html
CVE-2015-7968 (nwbc_ext2int in SAP NetWeaver Application Server before Security Note  ...)
	NOT-FOR-US: SAP
CVE-2015-7967 (SafeNet Authentication Service for Citrix Web Interface Agent uses a w ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7966 (SafeNet Authentication Service Windows Logon Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7965 (SafeNet Authentication Service Windows Logon Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7964 (SafeNet Authentication Service for NPS Agent uses a weak ACL for unspe ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7963 (SafeNet Authentication Service for AD FS Agent uses a weak ACL for uns ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7962 (SafeNet Authentication Service for Outlook Web App Agent uses a weak A ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7961 (SafeNet Authentication Service Remote Web Workplace Agent uses a weak  ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7960
	REJECTED
CVE-2015-7959
	REJECTED
CVE-2015-7958
	REJECTED
CVE-2015-7957
	REJECTED
CVE-2015-7956
	REJECTED
CVE-2015-7955
	REJECTED
CVE-2015-7954
	REJECTED
CVE-2015-7953
	REJECTED
CVE-2015-7952
	REJECTED
CVE-2015-7951
	REJECTED
CVE-2015-7950
	REJECTED
CVE-2015-7949
	REJECTED
CVE-2015-7948
	REJECTED
CVE-2015-7947
	REJECTED
CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...)
	NOT-FOR-US: Unity8 (predates Lomiri)
CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...)
	{DSA-3431-1}
	- ganeti 2.15.2-1 (bug #809538)
	[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
	NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=09fb8fc73c5fe33756cc63036d121b3d6dfa3f64
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6e94ad76446904961744f9b0826414a5e4120693
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6d44be24c50944fc35de7a490bc836938a82e1df
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126
CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...)
	{DSA-3431-1}
	- ganeti 2.15.2-1 (bug #809537)
	[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
	NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c
CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox befor ...)
	{DLA-1445-1 DLA-337-1}
	- busybox 1:1.27.2-1 (bug #803097)
	[stretch] - busybox <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/25/3
	NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
	NOTE: https://git.busybox.net/busybox/commit/archival/libarchive/decompress_gunzip.c?id=6bd3fff51aa74e2ee2d87887b12182a3b09792ef
CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does n ...)
	{DSA-3605-1 DLA-514-1}
	- libxslt 1.1.28-2.1 (bug #802971)
	[squeeze] - libxslt <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1257962
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/10
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 (v1.1.29-rc1)
CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka gli ...)
	- glibc 2.21-1 (bug #803927)
	[jessie] - glibc 2.19-18+deb8u2
	[wheezy] - eglibc 2.13-38+deb7u9
	- eglibc <removed>
	[squeeze] - eglibc 2.11.3-4+deb6u8
	NOTE: workaround entry for DLA-350-1 until/if CVE assigned
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16009
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed
	NOTE: http://openwall.com/lists/oss-security/2015/09/08/2
CVE-2015-8026 (Heap-based buffer overflow in the verify_vbr_checksum function in exfa ...)
	- exfat-utils 1.2.1-1
	[jessie] - exfat-utils 1.1.0-2+deb8u1
	[wheezy] - exfat-utils 0.9.7-2+deb7u1
	- fuse-exfat 1.2.1-1
	[jessie] - fuse-exfat 1.1.0-2+deb8u1
	[wheezy] - fuse-exfat 0.9.7-2+deb7u1
	NOTE: https://github.com/relan/exfat/issues/5
	NOTE: https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum
	NOTE: https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786
CVE-2015-XXXX [Endlees loop issue]
	- exfat-utils 1.2.1-1
	[jessie] - exfat-utils 1.1.0-2+deb8u1
	[wheezy] - exfat-utils 0.9.7-2+deb7u1
	- fuse-exfat 1.2.1-1
	[jessie] - fuse-exfat 1.1.0-2+deb8u1
	[wheezy] - fuse-exfat 0.9.7-2+deb7u1
	NOTE: https://github.com/relan/exfat/issues/6
	NOTE: https://crashes.fuzzing-project.org/exfatfsck-endless-loop
	NOTE: https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b
	NOTE: will possibly not get a CVE, cf. http://www.openwall.com/lists/oss-security/2015/10/29/13
CVE-2015-8010 (Cross-site scripting (XSS) vulnerability in the Classic-UI with the CS ...)
	- icinga 1.13.3-3 (bug #803432)
	[jessie] - icinga <no-dsa> (Minor issue)
	[wheezy] - icinga <no-dsa> (Minor issue)
	[squeeze] - icinga <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://dev.icinga.org/issues/593 in 1.3.
	NOTE: Upstream issue: https://dev.icinga.org/issues/10453
	NOTE: Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
CVE-2015-7981 (The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1. ...)
	{DSA-3399-1 DLA-343-1}
	- libpng 1.2.54-1 (bug #803078)
	NOTE: http://sourceforge.net/p/libpng/bugs/241/
	NOTE: http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
CVE-2015-7939 (Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8 ...)
	NOT-FOR-US: Unitronics
CVE-2015-7938 (Advantech EKI-132x devices with firmware before 2015-12-31 allow remot ...)
	NOT-FOR-US: Advantech
CVE-2015-7937 (Stack-based buffer overflow in the GoAhead Web Server on Schneider Ele ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-7936 (Cross-site request forgery (CSRF) vulnerability in Motorola Solutions  ...)
	NOT-FOR-US: Motorola Solutions MOSCAD IP Gateway
CVE-2015-7935 (Motorola Solutions MOSCAD IP Gateway allows remote attackers to read a ...)
	NOT-FOR-US: Motorola Solutions MOSCAD IP Gateway
CVE-2015-7934 (The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station ...)
	NOT-FOR-US: Adcon
CVE-2015-7933
	RESERVED
CVE-2015-7932 (Adcon Telemetry A840 Telemetry Gateway Base Station allows remote atta ...)
	NOT-FOR-US: Adcon
CVE-2015-7931 (The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station ...)
	NOT-FOR-US: Adcon
CVE-2015-7930 (Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded cred ...)
	NOT-FOR-US: Adcon
CVE-2015-7929 (eWON devices with firmware through 10.1s0 support unspecified GET requ ...)
	NOT-FOR-US: eWON devices
CVE-2015-7928 (eWON devices with firmware before 10.1s0 do not have an off autocomple ...)
	NOT-FOR-US: eWON devices
CVE-2015-7927 (Cross-site scripting (XSS) vulnerability on eWON devices with firmware ...)
	NOT-FOR-US: eWON devices
CVE-2015-7926 (eWON devices with firmware before 10.1s0 omit RBAC for I/O server info ...)
	NOT-FOR-US: eWON devices
CVE-2015-7925 (Cross-site request forgery (CSRF) vulnerability on eWON devices with f ...)
	NOT-FOR-US: eWON devices
CVE-2015-7924 (eWON devices with firmware before 10.1s0 do not trigger the discarding ...)
	NOT-FOR-US: eWON devices
CVE-2015-7923 (Westermo WeOS before 4.19.0 uses the same SSL private key across diffe ...)
	NOT-FOR-US: Westermo
CVE-2015-7922
	REJECTED
CVE-2015-7921 (The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV b ...)
	NOT-FOR-US: Pro-face GP-Pro EX EX-ED
CVE-2015-7920
	REJECTED
CVE-2015-7919 (SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the co ...)
	NOT-FOR-US: SearchBlox
CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in F1 Book ...)
	NOT-FOR-US: F1BookView
CVE-2015-7917 (Untrusted search path vulnerability in Open Automation OPC Systems.NET ...)
	NOT-FOR-US: Open Automation OPC Systems.NET
CVE-2015-7916 (Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWe ...)
	NOT-FOR-US: Sauter
CVE-2015-7915 (Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext creden ...)
	NOT-FOR-US: Sauter
CVE-2015-7914 (Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attacker ...)
	NOT-FOR-US: Sauter
CVE-2015-7913 (ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGa ...)
	NOT-FOR-US: AggreGate
CVE-2015-7912 (The Ice Faces servlet in ag_server_service.exe in the AggreGate Server ...)
	NOT-FOR-US: AggreGate
CVE-2015-7911 (Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx ...)
	NOT-FOR-US: Saia Burgess devices
CVE-2015-7910 (Exemys Telemetry Web Server relies on an HTTP Location header to indic ...)
	NOT-FOR-US: Exemys
CVE-2015-7909 (Stack-based buffer overflow in Hospira Communication Engine (CE) befor ...)
	NOT-FOR-US: Hospira
CVE-2015-7908 (Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detect ...)
	NOT-FOR-US: Honeywell Midas gas detectors and Midas Black gas detectors
CVE-2015-7907 (Directory traversal vulnerability in the web server on Honeywell Midas ...)
	NOT-FOR-US: Honeywell Midas gas detectors and Midas Black gas detectors
CVE-2015-7906 (LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices al ...)
	NOT-FOR-US: LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices
CVE-2015-7905 (Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to ...)
	NOT-FOR-US: Unitronics
CVE-2015-7904 (Unrestricted file upload vulnerability in Infinite Automation Mango Au ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7903 (SQL injection vulnerability in Infinite Automation Mango Automation 2. ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7902 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 buil ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7901 (Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 bui ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7900 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 buil ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7898 (Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a ...)
	NOT-FOR-US: Samsung
CVE-2015-7897 (The media scanning functionality in the face recognition library in an ...)
	NOT-FOR-US: Samsung
CVE-2015-7896 (LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows re ...)
	NOT-FOR-US: Samsung
CVE-2015-7895 (Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a ...)
	NOT-FOR-US: Samsung
CVE-2015-7894 (The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V devi ...)
	NOT-FOR-US: Samsung
CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content,  ...)
	NOT-FOR-US: Samsung
CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in ...)
	NOT-FOR-US: Samsung
CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D  ...)
	NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
CVE-2015-7890 (Multiple buffer overflows in the esa_write function in /dev/seirenin t ...)
	NOT-FOR-US: Samsung
CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge  ...)
	NOT-FOR-US: Samsung
CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
	NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge LRX22G.G925VVRU1AOE2
CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to list ...)
	NOT-FOR-US: NetApp SnapCenter Server
CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enab ...)
	NOT-FOR-US: NetApp
CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not properl ...)
	NOT-FOR-US: Joomla!
CVE-2015-7883
	RESERVED
CVE-2015-7882 (Improper handling of LDAP authentication in MongoDB Server versions 3. ...)
	- mongodb <not-affected> (Only affects Enterprise version)
CVE-2015-7881 (The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote a ...)
	NOT-FOR-US: Colorbox module for Drupal
CVE-2015-7880 (The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allow ...)
	NOT-FOR-US: Entity Registration module for Drupal
CVE-2015-7879 (Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x  ...)
	NOT-FOR-US: Stickynote module for Drupal
CVE-2015-7878 (Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6 ...)
	NOT-FOR-US: Taxonomy Find module for Drupal
CVE-2015-7877 (Multiple SQL injection vulnerabilities in the User Dashboard module 7. ...)
	NOT-FOR-US: User Dashboard module for Drupal
CVE-2015-7876 (The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver  ...)
	NOT-FOR-US: Driver for SQL Server and SQL Azure module for Drupal
CVE-2015-7875 (ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal do ...)
	NOT-FOR-US: Ctools module for Drupal
CVE-2015-7874 (Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and ear ...)
	NOT-FOR-US: KiTTY Portable
CVE-2015-7873 (The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 ...)
	{DSA-3382-1}
	- phpmyadmin 4:4.5.1-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-7943 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
	{DLA-548-1}
	- drupal7 7.41-1
	[jessie] - drupal7 7.32-1+deb8u9
	NOTE: https://www.drupal.org/SA-CORE-2015-004
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/21/6
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=9f72251c9291b5613acb9ca4ea7a51b4739e3f93
CVE-2015-7885 (The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in th ...)
	- linux 4.4.2-1 (unimportant)
	NOTE: dgnc driver not built
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
CVE-2015-7884 (The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd. ...)
	- linux 4.2.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c (v4.4-rc1)
CVE-2015-7871 (Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x befo ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/aa44b5835d69d8ee031736bb8ee2730a514edb7d
CVE-2015-7870
	RESERVED
CVE-2015-7869 (Multiple integer overflows in the kernel mode driver for the NVIDIA GP ...)
	- nvidia-graphics-drivers 352.63-1 (bug #805917)
	[jessie] - nvidia-graphics-drivers 340.96-1
	[wheezy] - nvidia-graphics-drivers 304.131-1
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.96-1 (bug #805919)
	- nvidia-graphics-drivers-legacy-304xx 304.131-2 (bug #805918)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
CVE-2015-7868
	RESERVED
CVE-2015-7867
	RESERVED
CVE-2015-7866 (Unquoted Windows search path vulnerability in the Smart Maximize Helpe ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2015-7865 (nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GP ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2015-7864
	RESERVED
CVE-2015-7863 (The default configuration of Persistent Accelerite Radia Client Automa ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7862 (Persistent Accelerite Radia Client Automation (formerly HP Client Auto ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7861 (Persistent Accelerite Radia Client Automation (formerly HP Client Auto ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite Radi ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not  ...)
	NOT-FOR-US: Joomla!
CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote  ...)
	NOT-FOR-US: Joomla!
CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in administra ...)
	NOT-FOR-US: Joomla!
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
	NOT-FOR-US: OpenNMS
CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/ba716a464ecb20618560075f2e4e1051e5b6f24f
CVE-2015-7854 (Buffer overflow in the password management functionality in NTP 4.2.x  ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/1bb401576f412532d8cdcca5509b85ad29605913
CVE-2015-7853 (The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8 ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261
CVE-2015-7852 (ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/07a5b8141e354a998a52994c3c9cd547927e56ce
CVE-2015-7851 (Directory traversal vulnerability in the save_config function in ntpd  ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <no-dsa> (Vulnerability only affects VMS)
	[wheezy] - ntp <no-dsa> (Vulnerability only affects VMS)
	[squeeze] - ntp <no-dsa> (Vulnerability only affects VMS)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/184516e143ce4448ddb5b9876dd372008cc779f6
CVE-2015-7850 (ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/bb928ef08eec020ef6008f3a140702ccc0536b8e
CVE-2015-7849 (Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and  ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/9c22e66c8f2be6aa0c846f0d9804db20f93c105d
CVE-2015-7848 (An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-b ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p131)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p131)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p131)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/c04c3d3d940dfe1a53132925c4f51aef017d2e0f
CVE-2015-7847 (Huawei MBB (Mobile Broadband) product E3272s with software versions ea ...)
	NOT-FOR-US: Huawei
CVE-2015-7846 (Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, ...)
	NOT-FOR-US: Huawei
CVE-2015-7845 (The exception handling mechanism in the CLI Module in Huawei eSpace U1 ...)
	NOT-FOR-US: Huawei
CVE-2015-7844 (Huawei FusionAccess with software V100R005C10,V100R005C20 could allow  ...)
	NOT-FOR-US: Huawei
CVE-2015-7843 (The management interface on Huawei FusionServer rack servers RH2288 V3 ...)
	NOT-FOR-US: Huawei
CVE-2015-7842 (Huawei FusionServer rack servers RH2288 V3 with software before V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2015-7841 (The login page of the server on Huawei FusionServer rack servers RH228 ...)
	NOT-FOR-US: Huawei
CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the Linux ker ...)
	{DSA-3396-1}
	- linux 4.2.5-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272371
	NOTE: Prerequisite for Fedora patches: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94c4554ba07adbdde396748ee7ae01e86cf2d8d7
	NOTE: Patches from Fedora: http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?id=d76d5fe34b5c151ad83761160998b1075729b541
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
CVE-2015-8013 (s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of pas ...)
	- node-openpgp <itp> (bug #787774)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event  ...)
	NOT-FOR-US: SolarWinds
CVE-2015-7839 (SolarWinds Log and Event Manager (LEM) allows remote attackers to exec ...)
	NOT-FOR-US: SolarWinds
CVE-2015-7838 (ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows  ...)
	NOT-FOR-US: SolarWinds
CVE-2015-7837 (The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, an ...)
	- linux 4.5.1-1 (unimportant)
	NOTE: secureboot not yet supported in the Debian package in 4.3
	NOTE: https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798
	NOTE: Fix is included in 4.5.1-1 with the patches/features/all/securelevel/kexec-uefi-copy-secure_boot-flag-in-boot-params-acro.patch
CVE-2015-7836 (Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain s ...)
	NOT-FOR-US: Siemens
CVE-2015-7835 (The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x do ...)
	{DSA-3390-1}
	- xen 4.6.0-1
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-148.html
CVE-2015-7834 (Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...)
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 t ...)
	{DSA-3426-1 DSA-3396-1 DLA-360-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	NOTE: http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=588afcc1c0e45358159090d95bf7b246fb67565
	NOTE: http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=fa52bd506f274b7619955917abfde355e3d19ff
	NOTE: initial fix missed a second needed commit.
CVE-2015-7832
	RESERVED
CVE-2015-7831 (In Cloudera Hue, there is privilege escalation by a read-only user whe ...)
	NOT-FOR-US: Cloudera
CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require authentication ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remo ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.13-1 (bug #817932)
	NOTE: Fixed in 1.11.22 and 1.10.13. Affected all previous versions.
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7826 (botan 1.11.x before 1.11.22 improperly handles wildcard matching again ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.22
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7825 (botan before 1.11.22 improperly validates certificate paths, which all ...)
	- botan1.10 <not-affected> (Introduced in 1.11.6)
	NOTE: Introduced in 1.11.6, fixed in 1.11.22
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7824 (botan 1.11.x before 1.11.22 makes it easier for remote attackers to de ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.22
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7823 (Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS ...)
	NOT-FOR-US: Kentico CMS
CVE-2015-7822 (Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 ...)
	NOT-FOR-US: Kentico CMS
CVE-2015-7821
	RESERVED
CVE-2015-7820 (Race condition in the administration-panel web service in IBM System N ...)
	NOT-FOR-US: IBM
CVE-2015-7819 (The DB service in IBM System Networking Switch Center (SNSC) before 7. ...)
	NOT-FOR-US: IBM
CVE-2015-7818 (The administration-panel web service in IBM System Networking Switch C ...)
	NOT-FOR-US: IBM
CVE-2015-7817 (Race condition in the administration-panel web service in IBM System N ...)
	NOT-FOR-US: IBM
CVE-2015-7816 (The DisplayTopKeywords function in plugins/Referrers/Controller.php in ...)
	- matomo <itp> (bug #448532)
CVE-2015-7815 (Directory traversal vulnerability in core/ViewDataTable/Factory.php in ...)
	- matomo <itp> (bug #448532)
CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c  ...)
	{DSA-3414-1}
	- xen 4.6.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-147.html
	[wheezy] - xen <not-affected> (arm not yet supported)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
CVE-2015-7813 (Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk consol ...)
	{DSA-3414-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (arm not yet supported)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-146.html
CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c in Xen ...)
	{DSA-3414-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (arm not yet supported)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-145.html
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
	- linux <unfixed>
	[buster] - linux <ignored> (Minor issue, requires invasive changes)
	[stretch] - linux <ignored> (Minor issue, requires invasive changes)
	[jessie] - linux <ignored> (Minor issue, requires invasive changes)
	[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
	[jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
	- linux-2.6 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...)
	- lldpd 0.7.19-1
	[jessie] - lldpd 0.7.11-2+deb8u1
	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
CVE-2015-8012 (lldpd before 0.8.0 allows remote attackers to cause a denial of servic ...)
	- lldpd 0.7.19-1
	[jessie] - lldpd 0.7.11-2+deb8u1
	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
	- cakephp 2.6.7-1 (bug #832283)
	[jessie] - cakephp <no-dsa> (Minor issue)
	[wheezy] - cakephp 1.3.15-1+deb7u1
	[squeeze] - cakephp 1.3.2-1.1+deb6u11
	NOTE: Workaround entry for DLA-333-1 and DLA-566-1 until/if CVE assigned
	NOTE: http://seclists.org/fulldisclosure/2015/Oct/70
	NOTE: https://github.com/cakephp/cakephp/releases/tag/2.6.6
CVE-2015-7830 (The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pca ...)
	{DSA-3505-1}
	- wireshark 1.12.8+g5b6e543-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-30.html
CVE-2015-7811
	RESERVED
CVE-2015-7810 (libbluray MountManager class has a time-of-check time-of-use (TOCTOU)  ...)
	- libbluray 1:0.9.1-1 (low)
	[jessie] - libbluray <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - libbluray <no-dsa> (Minor issue)
	NOTE: CVE was assigned specific to the Fedora packages, cf.
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/12/7
	NOTE: Salvatored asked if Debian needs a separate CVE:
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/6
	NOTE: No reply, so we'll just use the same ID
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959434
CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 t ...)
	NOT-FOR-US: vBulletin
CVE-2015-7807
	RESERVED
CVE-2015-7806 (Eval injection vulnerability in the fm_saveHelperGatherItems function  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote attacker ...)
	{DLA-928-1 DLA-356-1}
	- libsndfile 1.0.25-10 (bug #804445)
	[jessie] - libsndfile 1.0.25-9.1+deb8u1
	NOTE: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
	NOTE: https://www.exploit-db.com/exploits/38447/
CVE-2015-7802 (gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote a ...)
	- optipng 0.7.6-1 (unimportant; bug #801700)
	NOTE: Not a security flaw as the under-read does not depend on input
CVE-2015-7801 (Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers  ...)
	{DLA-332-1}
	- optipng 0.7.5-1
	[wheezy] - optipng 0.6.4-1+deb7u1
CVE-2015-7800
	RESERVED
CVE-2015-7799 (The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel  ...)
	{DSA-3426-1 DLA-360-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/android/issues/detail?id=187973
	NOTE: DoS, requires access to /dev/ppp which is root-only by default
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0baa57d8dc32db78369d8b5176ef56c5e2e18ab3
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ab42d78e37a294ac7bc56901d563c642e03c4ae
CVE-2015-7798 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7797 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7796 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7795 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7794 (Corega CG-WLNCM4G devices provide an open DNS resolver, which allows r ...)
	NOT-FOR-US: Corega
CVE-2015-7793 (Corega CG-WLBARAGM devices provide an open proxy service, which allows ...)
	NOT-FOR-US: Corega
CVE-2015-7792 (Corega CG-WLBARGS devices allow remote attackers to perform administra ...)
	NOT-FOR-US: Corega
CVE-2015-7791 (Multiple SQL injection vulnerabilities in admin.php in the Collne Welc ...)
	NOT-FOR-US: Collne Welcart plugin for WordPress
CVE-2015-7790 (Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devic ...)
	NOT-FOR-US: ASUS
CVE-2015-7789 (ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remot ...)
	NOT-FOR-US: ASUS
CVE-2015-7788 (ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remot ...)
	NOT-FOR-US: ASUS
CVE-2015-7787 (ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remot ...)
	NOT-FOR-US: ASUS
CVE-2015-7786 (Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcin ...)
	NOT-FOR-US: NTT DATA
CVE-2015-7785 (GANMA! App for iOS does not verify SSL certificates. ...)
	NOT-FOR-US: GANMA! App for iOS
CVE-2015-7784 (SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl21 ...)
	NOT-FOR-US: BOKUBLOCK
CVE-2015-7783 (Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4 ...)
	NOT-FOR-US: p++BBS
CVE-2015-7782 (Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-spee ...)
	NOT-FOR-US: Let's PHP!
CVE-2015-7781 (ManageEngine Firewall Analyzer before 8.0 does not restrict access per ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2015-7780 (Directory traversal vulnerability in ManageEngine Firewall Analyzer be ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2015-7779
	REJECTED
CVE-2015-7778 (Gurunavi App for iOS before 6.0.0 does not verify SSL certificates whi ...)
	NOT-FOR-US: Gurunavi App for iOS
CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest  ...)
	NOT-FOR-US: JosephErnest Void
CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict load ...)
	NOT-FOR-US: Cybozu
CVE-2015-7775 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows ...)
	NOT-FOR-US: Cybozu
CVE-2015-7774 (PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows ...)
	NOT-FOR-US: PC-EGG
CVE-2015-7773 (Unrestricted file upload vulnerability in the Panel component in Basti ...)
	NOT-FOR-US: Bastian Allgeier Kirby
CVE-2015-7772 (Cross-site scripting (XSS) vulnerability in the runtime engine in the  ...)
	NOT-FOR-US: Newphoria
CVE-2015-7771 (Cross-site scripting (XSS) vulnerability in the runtime engine in the  ...)
	NOT-FOR-US: Newphoria
CVE-2015-7770 (Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0 ...)
	NOT-FOR-US: Dell
CVE-2015-7769 (baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to exec ...)
	NOT-FOR-US: baserCMS
CVE-2015-7768 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attack ...)
	NOT-FOR-US: Konica Minolta
CVE-2015-7767 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attack ...)
	NOT-FOR-US: Konica Minolta
CVE-2015-7766 (PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and ea ...)
	NOT-FOR-US: ZOHO
CVE-2015-7765 (ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardco ...)
	NOT-FOR-US: ZOHO
CVE-2015-7809 (The displayBlock function Template.php in Sensio Labs Twig before 1.20 ...)
	{DSA-3343-1}
	- twig 1.20.0-1
	NOTE: http://symfony.com/blog/security-release-twig-1-20-0
CVE-2015-7804 (Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c  ...)
	{DSA-3380-1 DLA-341-1}
	- php5 5.6.14+dfsg-1 (medium)
	NOTE: https://bugs.php.net/bug.php?id=70433
CVE-2015-7803 (The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5. ...)
	{DSA-3380-1 DLA-341-1}
	- php5 5.6.14+dfsg-1 (low)
	NOTE: https://bugs.php.net/bug.php?id=69720
CVE-2015-7764 (Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting  ...)
	- lemur <itp> (bug #809533)
CVE-2015-7763 (rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7 ...)
	{DSA-3387-1 DLA-342-1}
	- openafs 1.6.15-1
	NOTE: https://www.openafs.org/security
CVE-2015-7762 (rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not prop ...)
	{DSA-3387-1 DLA-342-1}
	- openafs 1.6.15-1
	NOTE: https://www.openafs.org/security
CVE-2015-7761 (Mail in Apple OS X before 10.11 does not properly recognize user prefe ...)
	NOT-FOR-US: Apple
CVE-2015-7760 (libxpc in launchd in Apple OS X before 10.11 does not restrict the cre ...)
	NOT-FOR-US: Apple
CVE-2015-7759 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12 ...)
	NOT-FOR-US: BIG-IP
CVE-2015-7757
	REJECTED
CVE-2015-7756 (The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2 ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2015-7755 (Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2015-7754 (Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabl ...)
	NOT-FOR-US: Juniper
CVE-2015-7753
	RESERVED
CVE-2015-7752 (The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before  ...)
	NOT-FOR-US: Juniper
CVE-2015-7751 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X ...)
	NOT-FOR-US: Juniper
CVE-2015-7750 (The L2TP packet processing functionality in Juniper Netscreen and Scre ...)
	NOT-FOR-US: Juniper
CVE-2015-7749 (The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before  ...)
	NOT-FOR-US: Juniper
CVE-2015-7748 (Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13 ...)
	NOT-FOR-US: Juniper
CVE-2015-7746 (NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remot ...)
	NOT-FOR-US: NetApp
CVE-2015-7745
	RESERVED
CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...)
	- wolfssl 3.9.10+dfsg-1
	- mysql-5.6 5.6.27-1
	- mysql-5.5 5.5.46-0+deb8u1
	[jessie] - mysql-5.5 5.5.46-0+deb8u1
	[wheezy] - mysql-5.5 5.5.46-0+deb7u1
	[squeeze] - mysql-5.5 5.5.46-0+deb6u1
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2015-7743 (XML external entity vulnerability in PRTG Network Monitor before 16.2. ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2015-7742
	RESERVED
CVE-2015-7741
	RESERVED
CVE-2015-7739
	RESERVED
CVE-2015-7738
	RESERVED
CVE-2015-7737
	RESERVED
CVE-2015-7736
	RESERVED
CVE-2015-7735
	RESERVED
CVE-2015-7734
	RESERVED
CVE-2015-7733
	RESERVED
CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive lo ...)
	NOT-FOR-US: Avira Mobile Security app
CVE-2015-7731
	RESERVED
CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and Bus ...)
	NOT-FOR-US: SAP BusinessObjects
CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development Workbench ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7728 (Cross-site scripting (XSS) vulnerability in user creation in the Web-b ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7727 (Multiple SQL injection vulnerabilities in the Web-based Development Wo ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7726 (Cross-site scripting (XSS) vulnerability in role deletion in the Web-b ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7725 (Multiple SQL injection vulnerabilities in the Web-based Development Wo ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7724 (AMD fglrx-driver before 15.9 allows local users to gain privileges via ...)
	- fglrx-driver 1:15.9-1 (bug #803517)
	[jessie] - fglrx-driver <no-dsa> (Non-free not supported)
	[wheezy] - fglrx-driver <no-dsa> (non-free not supported)
	[squeeze] - fglrx-driver <no-dsa> (non-free not supported)
	NOTE: http://seclists.org/fulldisclosure/2015/Oct/103
CVE-2015-7723 (AMD fglrx-driver before 15.7 allows local users to gain privileges via ...)
	- fglrx-driver 1:15.7-1 (bug #803517)
	[jessie] - fglrx-driver <no-dsa> (Non-free not supported)
	[wheezy] - fglrx-driver <no-dsa> (non-free not supported)
	[squeeze] - fglrx-driver <no-dsa> (non-free not supported)
	NOTE: http://seclists.org/fulldisclosure/2015/Oct/104
CVE-2015-7722
	RESERVED
CVE-2015-7721
	RESERVED
CVE-2015-7720
	RESERVED
CVE-2015-7719
	RESERVED
CVE-2015-7718 (mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10- ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-7717 (mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10- ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-7716 (libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attack ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-7715 (Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (c ...)
	NOT-FOR-US: Realtyna RPL for Joomla!
CVE-2015-7714 (Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) c ...)
	NOT-FOR-US: Realtyna RPL for Joomla!
CVE-2015-7712 (Multiple eval injection vulnerabilities in mods/_standard/gradebook/ed ...)
	NOT-FOR-US: ATutor
CVE-2015-7711 (Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2. ...)
	NOT-FOR-US: ATutor
CVE-2015-7710
	RESERVED
CVE-2015-7709 (The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkei ...)
	NOT-FOR-US: Western Digital
CVE-2015-7708 (Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier ...)
	NOT-FOR-US: 4images
CVE-2015-7707 (Ignite Realtime Openfire 3.10.2 allows remote authenticated users to g ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2015-7706 (Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Spa ...)
	NOT-FOR-US: Secure Data Space
CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...)
	{DLA-928-1 DLA-356-1}
	- libsndfile 1.0.25-10 (bug #804447)
	[jessie] - libsndfile 1.0.25-9.1+deb8u1
	NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
CVE-2014-9753 (confirm.php in ATutor 2.2 and earlier allows remote attackers to bypas ...)
	NOT-FOR-US: ATutor
CVE-2014-9752 (Unrestricted file upload vulnerability in mods/_core/properties/lib/co ...)
	NOT-FOR-US: ATutor
CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a symli ...)
	- gummi 0.6.5-6 (bug #756432)
	[jessie] - gummi 0.6.5-3+deb8u1
	[wheezy] - gummi 0.6.3-1.2+deb7u2
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users to c ...)
	- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
	- linux-2.6 2.6.25-1
	NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrar ...)
	- libui-dialog-perl 1.21-0.1 (bug #496448)
	[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
	[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
	[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
CVE-2015-7740 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P ...)
	NOT-FOR-US: ARM Mali GPU driver
CVE-2015-7545 (The (1) git-remote-ext and (2) unspecified other remote helper program ...)
	{DSA-3435-1}
	- git 1:2.6.1-1
	[squeeze] - git <not-affected> (git 1.7.2 did not have git-remote-ext yet)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/1
CVE-2015-7747 (Buffer overflow in the afReadFrames function in audiofile (aka libaudi ...)
	- audiofile 0.3.6-3 (bug #801102)
	[jessie] - audiofile 0.3.6-2+deb8u1
	[wheezy] - audiofile <no-dsa> (Minor issue)
	[squeeze] - audiofile <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/2
CVE-2015-7705 (The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4 ...)
	- ntp 1:4.2.8p4+dfsg-3
	[jessie] - ntp <no-dsa> (Default config not affected)
	[wheezy] - ntp <no-dsa> (Default config not affected)
	[squeeze] - ntp <no-dsa> (Default config not affected)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/21d57dc336dbe9a975baca5ce5ae4da5b71ff123
	NOTE: https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
	NOTE: Original fix was reported broken, then fixed in http://bugs.ntp.org/show_bug.cgi?id=2952 (4.2.8p7)
	NOTE: Original upsteam bug: http://support.ntp.org/bin/view/Main/NtpBug2901
CVE-2015-7704 (The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-3
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: Original ntp fix applied in 1:4.2.8p4+dfsg-1for CVE-2015-7704 is apparently broken
	NOTE: http://lists.ntp.org/pipermail/pool/2015-October/007631.html
CVE-2015-7703 (The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8 ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/5dea6ff160c7e8f7cb038619ccccd28c3a8df637
	NOTE: https://github.com/ntp-project/ntp/commit/cdae0f1369ade98dc7ae912a0f1953b6e533cb88
CVE-2015-7702 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/c4cd4aaf418f57f7225708a93bf48afb2bc9c1da
CVE-2015-7701 (Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4 ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/d7cd5e186034340402f1393e0813c7d2b14ea6ca
	NOTE: https://github.com/ntp-project/ntp/commit/79604d925e4477247eee202155215e7865293809
CVE-2015-7700 (Double-free vulnerability in the sPLT chunk structure and png.c in png ...)
	- pngcrush 1.8.13-0.1 (bug #874109)
	[stretch] - pngcrush <no-dsa> (Minor issue)
	[jessie] - pngcrush <no-dsa> (Minor issue)
	[wheezy] - pngcrush <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/pmt/code/ci/e8ae5a842e86324f0bee91f4d98245fddb8ea5dd (1.7.87)
CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of servic ...)
	{DSA-3386-1 DLA-330-1}
	- unzip 6.0-19 (bug #802160)
CVE-2015-7696 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of servic ...)
	{DSA-3386-1 DLA-330-1}
	- unzip 6.0-19 (bug #802162)
CVE-2015-7695 (The PDO adapters in Zend Framework before 1.12.16 do not filer null by ...)
	{DSA-3369-1 DLA-326-1}
	- zendframework 1.12.16+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-08
	NOTE: https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
CVE-2015-7694
	RESERVED
CVE-2015-7693
	RESERVED
CVE-2015-7692 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: Fixed upstream together with CVE-2015-7702
CVE-2015-7691 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: Fixed upstream together with CVE-2015-7702
CVE-2015-7690
	RESERVED
CVE-2015-7689
	RESERVED
CVE-2015-7688
	RESERVED
CVE-2015-7685 (GLPI before 0.85.3 allows remote authenticated users to create super-a ...)
	- glpi <removed> (unimportant)
	NOTE: https://forge.glpi-project.org/issues/5218
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2015-7684 (Unrestricted file upload in GLPI before 0.85.3 allows remote authentic ...)
	- glpi <removed> (unimportant)
	NOTE: https://forge.glpi-project.org/issues/5217
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2015-7683 (Absolute path traversal vulnerability in Font.php in the Font plugin b ...)
	NOT-FOR-US: Font plugin for WordPress
CVE-2015-7682 (Multiple SQL injection vulnerabilities in pie-register/pie-register.ph ...)
	NOT-FOR-US: Pie Register plugin for WordPress
CVE-2015-7681
	REJECTED
CVE-2015-7680 (Ipswitch MOVEit DMZ before 8.2 provides different error messages for a ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7679 (Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile bef ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7678 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7677 (The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides dif ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when con ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in C ...)
	- centreon-web <itp> (bug #913903)
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...)
	{DSA-3154-1 DLA-149-1}
	- ntp 1:4.2.6.p5+dfsg-4
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)
CVE-2014-9750 (ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentic ...)
	{DSA-3154-2 DSA-3154-1 DLA-149-1}
	- ntp 1:4.2.6.p5+dfsg-5
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
CVE-2014-9749 (Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest auth ...)
	- squid <not-affected> (related code not present in 2.7.X)
	- squid3 3.4.8-6 (bug #776464)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4066
	NOTE: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 (Squid 3.4)
	NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5)
CVE-2014-9748 (The uv_rwlock_t fallback implementation for Windows XP and Server 2003 ...)
	- libuv 1.7.4-1 (unimportant)
	- nodejs 4.0.0~dfsg-1 (unimportant)
	NOTE: Only affects Windows
CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 20 ...)
	- nova 1:12.0.0-2
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
CVE-2015-XXXX [Remotely triggerable buffer overflow in OpenSMTPD]
	- opensmtpd 5.7.3p1-1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/04/2
	NOTE: Fixed with 5.7.3 upstream release
CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote a ...)
	- opensmtpd 5.7.3p1-1 (bug #800787)
CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the Email-Addres ...)
	- libemail-address-perl 1.912-1 (bug #868170; unimportant)
	[stretch] - libemail-address-perl 1.908-1+deb9u1
	[jessie] - libemail-address-perl <no-dsa> (Minor issue)
	[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
	[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
	NOTE: Possibility of DoS vs. usability issue for Email::Address
	NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
CVE-2015-7671
	RESERVED
CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php in the S ...)
	NOT-FOR-US: Support Ticket System plugin for WordPress
CVE-2015-7669 (Multiple directory traversal vulnerabilities in (1) includes/MapImport ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-7668 (Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.p ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-7667 (Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/a ...)
	NOT-FOR-US: ResAds plugin for WordPress
CVE-2015-7666 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_upda ...)
	NOT-FOR-US: Payment Form for PayPal Pro plugin for WordPress
CVE-2015-7664
	RESERVED
CVE-2015-7663 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7662 (Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7661 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7660 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7659 (Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7658 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7657 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7656 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7655 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7654 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7653 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7652 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7651 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7650 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe Reader
CVE-2015-7649 (Adobe Shockwave Player before 12.2.1.171 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2015-7648 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7647 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7646
	REJECTED
CVE-2015-7645 (Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7644 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7643 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7642 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7641 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7640 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7639 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7638 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7637 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7636 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7635 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7634 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7633 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7632 (Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7631 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7630 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7629 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7628 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7627 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7626 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7625 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7624 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-7623 (The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x bef ...)
	NOT-FOR-US: Adobe
CVE-2015-7622 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-7621 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-7620 (The ANSendForBrowserReview method in Adobe Reader and Acrobat 10.x bef ...)
	NOT-FOR-US: Adobe
CVE-2015-7619 (The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.1 ...)
	NOT-FOR-US: Adobe
CVE-2015-7618 (The CBAutoConfigCommentRepository method in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-7617 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-7616 (The ANVerifyComments method in Adobe Reader and Acrobat 10.x before 10 ...)
	NOT-FOR-US: Adobe
CVE-2015-7615 (Use-after-free vulnerability in a SaveAs feature in Adobe Reader and A ...)
	NOT-FOR-US: Adobe
CVE-2015-7614 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Orga ...)
	NOT-FOR-US: McAfee
CVE-2015-7665 (Tails before 1.7 includes the wget program but does not prevent automa ...)
	NOT-FOR-US: wget as used in Tails
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kernel th ...)
	{DSA-3372-1 DLA-325-1}
	- linux 4.2.3-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf (v4.3-rc4)
CVE-2015-7610 (Cross-site request forgery (CSRF) vulnerability in the login form in Z ...)
	NOT-FOR-US: Zimbra
CVE-2015-7609 (Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the er ...)
	NOT-FOR-US: Synacor Zimbra Mail Client
CVE-2015-7608
	RESERVED
CVE-2015-7607
	RESERVED
CVE-2015-7606
	RESERVED
CVE-2015-7605
	RESERVED
CVE-2015-7673 (io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its alloca ...)
	{DSA-3378-1 DLA-434-1}
	- gdk-pixbuf 2.32.0-1
	- gtk+2.0 2.21.5-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-8875 (Multiple integer overflows in the (1) pixops_composite_nearest, (2) pi ...)
	{DSA-3589-1 DLA-450-1}
	- gdk-pixbuf 2.34.0-1
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/12/3
CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in pixops/pixops ...)
	{DSA-3378-1 DLA-450-1 DLA-434-1}
	- gdk-pixbuf 2.32.1-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
	NOTE: Fix for CVE-2015-7674: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa (2.32.1)
	NOTE: Additional hardening against further overflows (but not part of the CVE assignment): https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
	NOTE: The CVE is only assigned for the overflow in the pixops_scale_nearest function.
	- gtk+2.0 2.21.5-1
	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-XXXX [trivial hash complexity DoS attack]
	- php5 <removed> (bug #800564)
	[jessie] - php5 <ignored> (Too intrusive to backport)
	[wheezy] - php5 <no-dsa> (Too intrusive to backport)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.php.net/bug.php?id=70644
	NOTE: https://github.com/bk2204/php-hash-dos
CVE-2015-7698 (icewind1991 SMB before 1.0.3 allows remote authenticated users to exec ...)
	- php-smb 1.0.3a-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-017
CVE-2015-7699 (The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8 ...)
	{DSA-3373-1}
	- owncloud 7.0.9~dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-018
	NOTE: https://github.com/owncloud/core/commit/b05e178bbf884b120d1106e6a28f35aa50d6d06f
CVE-2015-7611 (Apache James Server 2.3.2, when configured with file-based user reposi ...)
	NOT-FOR-US: Apache James
CVE-2015-7604 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk
CVE-2015-7603 (Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 al ...)
	NOT-FOR-US: Konica Minolta FTP Utility
CVE-2015-7602 (Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows rem ...)
	NOT-FOR-US: BisonWare BisonFTP
CVE-2015-7601 (Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows r ...)
	NOT-FOR-US: PCMan's FTP Server
CVE-2015-7600 (Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpn ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2015-7599 (Integer overflow in the _authenticate function in svc_auth.c in Wind R ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2015-7598 (SafeNet Authentication Service TokenValidator Proxy Agent uses a weak  ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7597 (SafeNet Authentication Service IIS Agent uses a weak ACL for unspecifi ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7596 (SafeNet Authentication Service End User Software Tools for Windows use ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7595
	REJECTED
CVE-2015-7594
	REJECTED
CVE-2015-7593
	REJECTED
CVE-2015-7592
	REJECTED
CVE-2015-7591
	REJECTED
CVE-2015-7590
	REJECTED
CVE-2015-7589
	REJECTED
CVE-2015-7588
	REJECTED
CVE-2015-7587
	REJECTED
CVE-2015-7586
	REJECTED
CVE-2015-7585
	REJECTED
CVE-2015-7584
	REJECTED
CVE-2015-7583
	REJECTED
CVE-2015-7582
	REJECTED
CVE-2015-7581 (actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in  ...)
	{DSA-3464-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	[wheezy] - ruby-actionpack-3.2 <not-affected> (Vulnerable code not present)
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2015-7580 (Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.r ...)
	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7579 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer g ...)
	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7578 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer g ...)
	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7577 (activerecord/lib/active_record/nested_attributes.rb in Active Record i ...)
	{DSA-3464-1 DLA-496-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-activerecord-3.2 <removed>
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
CVE-2015-7576 (The http_basic_authenticate_with method in actionpack/lib/action_contr ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- ruby-activesupport-3.2 <removed>
	[wheezy] - ruby-activesupport-3.2 <not-affected> (Vulnerable code not present)
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life>
	NOTE: https://github.com/rails/rails/commit/a6fa3960c3a149e83eb2ff057be4472a82958e3d
CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozi ...)
	{DSA-3688-1 DSA-3491-1 DSA-3465-1 DSA-3458-1 DSA-3457-1 DSA-3437-1 DSA-3436-1 DLA-410-1}
	- iceweasel 43.0.2-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	- nss 2:3.21-1
	[squeeze] - nss <not-affected> (only affects nss post 2012-07-26)
	[wheezy] - nss <not-affected> (TLS 1.2 not supported in 3.14, only 3.15.1 and above)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
	NOTE: Patch in SuSE Bugzilla: https://bugzilla.suse.com/attachment.cgi?id=660286
	NOTE: NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
	NOTE: NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85
	- openssl 1.0.1f-1
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: OpenSSL fix: https://git.openssl.org/?p=openssl.git;a=commit;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a
	- openjdk-8 7u95-2.6.4-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef
	- gnutls28 3.3.15-1
	[jessie] - gnutls28 3.3.8-6+deb8u3
	- gnutls26 <removed>
	[squeeze] - gnutls26 <not-affected> (TLS1.2 not supported)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2015-2
	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
	NOTE: https://gitlab.com/gnutls/gnutls/commit/7d9d5c61f8445dc9e9ca47bb575c77cef17da17a
	NOTE: https://gitlab.com/gnutls/gnutls/commit/0e3fc7881d37246fc2d51dc404cad95b205c0e1e
	NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
	NOTE: http://www.mitls.org/pages/attacks/SLOTH
CVE-2015-7574
	REJECTED
CVE-2015-7573
	REJECTED
CVE-2015-7572
	REJECTED
CVE-2015-7571 (Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remo ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7570 (Multiple server-side request forgery (SSRF) vulnerabilities in Yeager  ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7569 (SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager C ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7568 (SQL injection vulnerability in the password recovery feature in Yeager ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7567 (SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attacker ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the Linux  ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.3-6
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283371 (not (yet) public)
	NOTE: Proposed upstream patch: http://marc.info/?l=linux-usb&m=145260786729359&w=2
CVE-2015-7565 (Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.1 ...)
	NOT-FOR-US: ember.js
CVE-2015-7564 (Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier  ...)
	- teampass <itp> (bug #730180)
CVE-2015-7563 (Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and ...)
	- teampass <itp> (bug #730180)
CVE-2015-7562 (Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...)
	- teampass <itp> (bug #730180)
CVE-2015-7561 (Kubernetes in OpenShift3 allows remote authenticated users to use the  ...)
	NOT-FOR-US: OpenShift
CVE-2015-7560 (The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4. ...)
	{DSA-3514-1}
	- samba 2:4.3.6+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-7560.html
CVE-2015-7559 (It was found that the Apache ActiveMQ client before 5.15.5 exposed a r ...)
	{DLA-913-1}
	- activemq 5.14.3-3 (bug #860866)
	[jessie] - activemq 5.6.0+dfsg1-4+deb8u3
	NOTE: Upstream commit: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
	NOTE: https://issues.apache.org/jira/browse/AMQ-6470
CVE-2015-7558 (librsvg before 2.40.12 allows context-dependent attackers to cause a d ...)
	{DSA-3584-1 DLA-477-1}
	- librsvg 2.40.12-1
	[squeeze] - librsvg <no-dsa> (Too intrusive to backport)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243
	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 (2.40.12)
CVE-2015-7557 (The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg be ...)
	{DLA-395-1}
	- librsvg 2.40.9-2
	[jessie] - librsvg 2.40.5-1+deb8u1
	[wheezy] - librsvg 2.36.1-2+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=738050 (not public accessible)
	NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df (2.40.7)
CVE-2015-7556 (DeleGate 9.9.13 allows local users to gain privileges as demonstrated  ...)
	NOT-FOR-US: DeleGate
CVE-2015-7555 (Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allow ...)
	{DLA-389-1}
	- giflib 5.1.2-0.1 (bug #808704)
	[jessie] - giflib 4.1.6-11+deb8u1
	[wheezy] - giflib 4.1.6-10+deb7u1
	NOTE: Upstream fix http://sourceforge.net/p/giflib/code/ci/179510be300bf11115e37528d79619b53c884a63
CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attac ...)
	{DLA-693-1 DLA-692-1}
	- tiff 4.0.7-7 (bug #809066; bug #842043; bug #850316)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
	NOTE: SUSE seem to have a fix (disputed): https://bugzilla.suse.com/show_bug.cgi?id=960341
	NOTE: Reproducer file here: https://bugzilla.suse.com/attachment.cgi?id=665389
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2564
	NOTE: partially fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2564#c2
	NOTE: --
	NOTE: The problem is present in tiff3 3.9.6-11+deb7u1 on wheezy (the problematic code
	NOTE: gets executed under gdb), however for some reason this does not lead to a segfault.
CVE-2015-7553 (Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt  ...)
	- linux <not-affected> (RHEL-specific backport bug)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934
	NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06
CVE-2015-7552 (Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixb ...)
	{DSA-3589-1 DLA-501-1}
	- gdk-pixbuf 2.32.0-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=958963
	NOTE: This was fixed by one of the commits between 2.31.6 and 2.32.0.
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4 (2.31.7)
CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby befor ...)
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	[squeeze] - ruby1.9.1 <not-affected> (DL already fixed with CVE-2009-5147, Fiddle does not have vulnerable code)
	- ruby2.0 <removed>
	- ruby2.1 <removed> (bug #796344)
	[jessie] - ruby2.1 2.1.5-2+deb8u3
	- ruby2.2 2.2.4-1 (bug #796551)
	NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
CVE-2015-7550 (The keyctl_read_key function in security/keys/keyctl.c in the Linux ke ...)
	{DSA-3434-1 DLA-378-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/b4a1b4f5047e4f54e194681125c74c0aa64d637d (v4.4-rc8)
CVE-2015-7549 (The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) a ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-1 (bug #808131)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=43b11a91dd861a946b231b89b7542856ade23d1b (v2.5.0-rc0)
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0 (v1.2.0-rc0)
CVE-2015-7548 (OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0 ...)
	- nova 2:13.0.0~rc3-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Affects: Nova: <=2015.1.2, ==12.0.0
	NOTE: https://bugs.launchpad.net/bugs/1524274
CVE-2015-7547 (Multiple stack-based buffer overflows in the (1) send_dg and (2) send_ ...)
	{DSA-3481-1 DSA-3480-1 DLA-416-1}
	- glibc 2.21-8
	- eglibc <removed>
	NOTE: https://googleonlinesecurity.blogspot.cz/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
	NOTE: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
CVE-2015-7546 (The identity service in OpenStack Identity (Keystone) before 2015.1.3  ...)
	- keystone 2:9.0.0~rc2-1
	[jessie] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
	[wheezy] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
	- python-keystonemiddleware 3.0.0-1
	[jessie] - python-keystonemiddleware <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0062
	NOTE: Keystone: <= 2015.1.2, >= 8.0.0 <= 8.0.1
	NOTE: Keystonemiddleware: >= 1.5.0 <= 1.5.3, >= 1.6.0 <= 2.3.2
CVE-2015-7544 (redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manage ...)
	NOT-FOR-US: redhat-support-plugin-rhev
CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create tem ...)
	{DLA-367-1 DLA-366-1}
	- kde4libs <not-affected> (Fixed before the first release in Debian)
	- kdelibs <removed>
	- arts <removed>
	NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
CVE-2015-7542 (A vulnerability exists in libgwenhywfar through 4.12.0 due to the usag ...)
	{DLA-469-1}
	- libgwenhywfar 4.12.0beta-3 (bug #748955; medium)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503
	NOTE: Debian packaging fix: http://source.lenk.info/git/pkg-libgwenhywfar.git/commitdiff/86dacaae3a233f6ca3b420e0bfdb12eb5ef40b91
CVE-2015-7541 (The initialize method in the Histogram class in lib/colorscore/histogr ...)
	NOT-FOR-US: colorscore gem for Ruby
CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
	NOTE: https://www.samba.org/samba/security/CVE-2015-7540.html
CVE-2015-7539 (The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 doe ...)
	- jenkins <removed>
CVE-2015-7538 (Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to  ...)
	- jenkins <removed>
CVE-2015-7537 (Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.64 ...)
	- jenkins <removed>
CVE-2015-7536 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and L ...)
	- jenkins <removed>
CVE-2015-7535
	REJECTED
CVE-2015-7534
	REJECTED
CVE-2015-7533
	REJECTED
CVE-2015-7532
	REJECTED
CVE-2015-7531
	REJECTED
CVE-2015-7530
	REJECTED
CVE-2015-7529 (sosreport in SoS 3.x allows local users to obtain sensitive informatio ...)
	- sosreport 3.2+git276-g7da50d6-3 (unimportant)
	NOTE: Neutralised by kernel hardening
CVE-2015-7528 (Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitr ...)
	- kubernetes <not-affected> (Fixed before initial release to archive)
	NOTE: https://github.com/kubernetes/kubernetes/pull/17886
CVE-2015-7527 (lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin cool-video-gallery
CVE-2015-7526
	REJECTED
CVE-2015-7525
	REJECTED
CVE-2015-7524
	REJECTED
CVE-2015-7523
	REJECTED
CVE-2015-7522
	REJECTED
CVE-2015-7521 (The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, ...)
	NOT-FOR-US: Apache Hive
CVE-2015-7520 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGr ...)
	NOT-FOR-US: Apache Wicket
CVE-2015-7519 (agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0. ...)
	{DLA-1399-1 DLA-394-1}
	- passenger 5.0.22-1 (bug #807354)
	- ruby-passenger <removed> (bug #864651)
	[wheezy] - ruby-passenger <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281
	NOTE: https://github.com/phusion/passenger/commit/c04590871ca0878d4d3ac1220c5a554b049056b4 (4.x)
	NOTE: https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e (5.x)
CVE-2015-7518 (Multiple cross-site scripting (XSS) vulnerabilities in information pop ...)
	- foreman <itp> (bug #663101)
CVE-2015-7517 (Multiple SQL injection vulnerabilities in the Double Opt-In for Downlo ...)
	NOT-FOR-US: Double Opt-In for Download plugin for WordPress
CVE-2015-7516 (ONOS before 1.5.0 when using the ifwd app allows remote attackers to c ...)
	NOT-FOR-US: Onos
CVE-2015-7515 (The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linu ...)
	{DSA-3607-1}
	- linux 4.4.2-1
	[wheezy] - linux 3.2.81-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326
	NOTE: https://os-s.net/advisories/OSS-2016-05_aiptek.pdf
	NOTE: Upstream commit: https://git.kernel.org/linus/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 (v4.4-rc6)
CVE-2015-7514 (OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after u ...)
	- ironic 1:4.2.2-1 (bug #807269)
CVE-2015-7513 (arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the P ...)
	{DSA-3434-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/linus/0185604c2d82c560dab2f2933a18f797e74ab5a8 (v4.4-rc7)
CVE-2015-7512 (Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEM ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #806741)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
CVE-2015-7511 (Libgcrypt before 1.6.5 does not properly perform elliptic-point curve  ...)
	{DSA-3478-1 DSA-3474-1}
	- libgcrypt20 1.6.5-2
	- libgcrypt11 <removed>
	[squeeze] - libgcrypt11 <not-affected> (Vulnerable code not present)
	NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57 (LIBGCRYPT-1-5-BRANCH)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4 (libgcrypt-1.6.5)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd (libgcrypt-1.6.5)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a (master)
CVE-2015-7510 (Stack-based buffer overflow in the getpwnam and getgrnam functions of  ...)
	- systemd 229-1
	[jessie] - systemd <not-affected> (Vulnerable code introduced later, v223)
	[wheezy] - systemd <not-affected> (Vulnerable code introduced later, v223)
	NOTE: https://github.com/systemd/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 (v229)
	NOTE: https://github.com/systemd/systemd/issues/2002
CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proxi ...)
	- linux 3.8-1~experimental.1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1259222
	NOTE: https://git.kernel.org/linus/c9b92530a723ac5ef8e352885a1862b18f31b2f5
	NOTE: https://git.kernel.org/linus/0e9a9a1ad619e7e987815d20262d36a2f95717ca
CVE-2015-7508 (Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp. ...)
	- libnsbmp <removed>
	[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=041df43bbe273b0829132b0b17d89a69da2927d4
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7507 (libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cau ...)
	- libnsbmp <removed>
	[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=49427b52ba41a1813e3822301612e2e170107efd
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7506 (The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows conte ...)
	- libnsgif <removed>
	[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=088fa0819f1aeaf212a95caf7393a38c1640b5f0
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7505 (Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c ...)
	- libnsgif <removed>
	[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=a268d2c15252ac58c19f1b19771822c66bcf73b2
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7504 (Heap-based buffer overflow in the pcnet_receive function in hw/net/pcn ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #806742)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
	NOTE: Xen not affected in wheezy, CVE covered by XSA-162: https://marc.info/?l=oss-security&m=144888089404618&w=2
CVE-2015-7503 (Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2. ...)
	NOT-FOR-US: php-zend-crypt
	NOTE: http://framework.zend.com/security/advisory/ZF2015-10
CVE-2015-7502 (Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4 ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2015-7500 (The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows c ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756525 (upstream bug not yet open)
CVE-2015-7499 (Heap-based buffer overflow in the xmlGROW function in parser.c in libx ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc (v2.9.3)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756479 (upstream bug not yet open)
CVE-2015-7498 (Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756527 (upstream bug not yet open)
CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function in d ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate  ...)
	- gdm3 3.18.2-1
	[jessie] - gdm3  <not-affected> (Vulnerable code not present, unreproducible)
	[wheezy] - gdm3  <not-affected> (Vulnerable code not present, unreproducible)
	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
	NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
	NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2
CVE-2015-7495
	RESERVED
CVE-2015-7494 (A vulnerability has been identified in IBM Cloud Orchestrator services ...)
	NOT-FOR-US: IBM
CVE-2015-7493 (IBM InfoSphere Information Server could allow a local user under speci ...)
	NOT-FOR-US: IBM
CVE-2015-7492 (Cross-site scripting (XSS) vulnerability in Reference Data Management  ...)
	NOT-FOR-US: IBM
CVE-2015-7491 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
	NOT-FOR-US: IBM
CVE-2015-7490 (IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9. ...)
	NOT-FOR-US: IBM
CVE-2015-7489 (IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses  ...)
	NOT-FOR-US: IBM
CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in ...)
	NOT-FOR-US: IBM
CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
	NOT-FOR-US: IBM
CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering L ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering L ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 In ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7483
	RESERVED
CVE-2015-7482
	RESERVED
CVE-2015-7481
	RESERVED
CVE-2015-7480
	RESERVED
CVE-2015-7479
	RESERVED
CVE-2015-7478
	RESERVED
CVE-2015-7477
	RESERVED
CVE-2015-7476
	RESERVED
CVE-2015-7475
	RESERVED
CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rat ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to b ...)
	NOT-FOR-US: IBM
CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2015-7471 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2015-7470 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Ra ...)
	NOT-FOR-US: IBM
CVE-2015-7469 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Ra ...)
	NOT-FOR-US: IBM
CVE-2015-7468 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Ra ...)
	NOT-FOR-US: IBM
CVE-2015-7467 (Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz ...)
	NOT-FOR-US: IBM
CVE-2015-7466 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 b ...)
	NOT-FOR-US: IBM
CVE-2015-7465 (Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Eng ...)
	NOT-FOR-US: IBM
CVE-2015-7464 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Ra ...)
	NOT-FOR-US: IBM
CVE-2015-7463 (IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 t ...)
	NOT-FOR-US: IBM
CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to disc ...)
	NOT-FOR-US: IBM
CVE-2015-7461 (XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and ...)
	NOT-FOR-US: IBM
CVE-2015-7460 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 an ...)
	NOT-FOR-US: IBM
CVE-2015-7459 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 an ...)
	NOT-FOR-US: IBM
CVE-2015-7458 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 an ...)
	NOT-FOR-US: IBM
CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
	NOT-FOR-US: IBM
CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote au ...)
	NOT-FOR-US: IBM
CVE-2015-7455 (IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF ...)
	NOT-FOR-US: IBM
CVE-2015-7454 (Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 ...)
	NOT-FOR-US: IBM
CVE-2015-7453 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2015-7452 (IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6. ...)
	NOT-FOR-US: IBM
CVE-2015-7451 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business soluti ...)
	NOT-FOR-US: IBM
CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
	NOT-FOR-US: IBM
CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2015-7446 (Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9 ...)
	NOT-FOR-US: IBM
CVE-2015-7445 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B A ...)
	NOT-FOR-US: IBM
CVE-2015-7444 (The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and  ...)
	NOT-FOR-US: IBM
CVE-2015-7443
	RESERVED
CVE-2015-7442 (consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x be ...)
	NOT-FOR-US: IBM
CVE-2015-7441 (Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Bus ...)
	NOT-FOR-US: IBM
CVE-2015-7440 (IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7439 (Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect  ...)
	NOT-FOR-US: IBM
CVE-2015-7438 (IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive ...)
	NOT-FOR-US: IBM
CVE-2015-7437 (Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7436 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22,  ...)
	NOT-FOR-US: IBM
CVE-2015-7435 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22,  ...)
	NOT-FOR-US: IBM
CVE-2015-7434 (IBM Capacity Management Analytics 2.1.0.0 allows local users to discov ...)
	NOT-FOR-US: IBM
CVE-2015-7433 (IBM Capacity Management Analytics 2.1.0.0 allows local users to discov ...)
	NOT-FOR-US: IBM
CVE-2015-7432 (IBM Capacity Management Analytics 2.1.0.0 allows local users to decryp ...)
	NOT-FOR-US: IBM
CVE-2015-7431 (Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterl ...)
	NOT-FOR-US: IBM
CVE-2015-7430 (The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for I ...)
	NOT-FOR-US: IBM
CVE-2015-7429 (The Data Protection extension in the VMware GUI in IBM Tivoli Storage  ...)
	NOT-FOR-US: IBM
CVE-2015-7428 (Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7427 (IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6. ...)
	NOT-FOR-US: IBM
CVE-2015-7426 (The Data Protection extension in the VMware GUI in IBM Tivoli Storage  ...)
	NOT-FOR-US: IBM
CVE-2015-7425 (The Data Protection component in the VMware vSphere GUI in IBM Tivoli  ...)
	NOT-FOR-US: IBM
CVE-2015-7424 (IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9. ...)
	NOT-FOR-US: IBM
CVE-2015-7423 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere  ...)
	NOT-FOR-US: IBM
CVE-2015-7422 (Buffer overflow in IBM i Access 7.1 on Windows allows local users to c ...)
	NOT-FOR-US: IBM i Access
CVE-2015-7421 (Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8 ...)
	NOT-FOR-US: IBM
CVE-2015-7420 (Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8 ...)
	NOT-FOR-US: IBM
CVE-2015-7419 (IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows  ...)
	NOT-FOR-US: IBM
CVE-2015-7418 (IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance ...)
	NOT-FOR-US: IBM
CVE-2015-7417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-7416 (AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote atta ...)
	NOT-FOR-US: IBM
CVE-2015-7415 (Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode D ...)
	NOT-FOR-US: IBM
CVE-2015-7414 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM I ...)
	NOT-FOR-US: IBM
CVE-2015-7413 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7412 (The GatewayScript modules on IBM DataPower Gateways with software 7.2. ...)
	NOT-FOR-US: IBM
CVE-2015-7411 (The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6. ...)
	NOT-FOR-US: IBM
CVE-2015-7410 (The Health Check tool in IBM Sterling B2B Integrator 5.2 does not prop ...)
	NOT-FOR-US: IBM
CVE-2015-7409 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...)
	NOT-FOR-US: IBM
CVE-2015-7408 (The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 an ...)
	NOT-FOR-US: IBM
CVE-2015-7407 (Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IB ...)
	NOT-FOR-US: IBM
CVE-2015-7406
	RESERVED
CVE-2015-7405
	RESERVED
CVE-2015-7404 (IBM Tivoli Storage Manager for Databases: Data Protection for Microsof ...)
	NOT-FOR-US: IBM
CVE-2015-7403 (IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File Sy ...)
	NOT-FOR-US: IBM
CVE-2015-7402 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM
CVE-2015-7401 (IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-7400 (The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-7399 (IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and ...)
	NOT-FOR-US: IBM
CVE-2015-7398 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Mana ...)
	NOT-FOR-US: IBM
CVE-2015-7397 (Multiple open redirect vulnerabilities in the Aurora starter store in  ...)
	NOT-FOR-US: IBM
CVE-2015-7396 (The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 an ...)
	NOT-FOR-US: IBM
CVE-2015-7395 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-7394 (The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Cont ...)
	NOT-FOR-US: BIG-IQ
CVE-2015-7393 (dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 t ...)
	NOT-FOR-US: BIG-IP
CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in libs/esl/sr ...)
	- freeswitch <itp> (bug #389591)
CVE-2015-7391 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2015-7390 (SQL injection vulnerability in TestLink before 1.9.14 allows remote at ...)
	NOT-FOR-US: TestLink
CVE-2015-7389
	RESERVED
CVE-2015-7388
	RESERVED
CVE-2015-7387 (ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allow ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in includes/metabo ...)
	NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress
CVE-2015-7385 (Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard befo ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-7384 (Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a den ...)
	- nodejs 4.1.1~dfsg-3 (bug #800580)
	[jessie] - nodejs <not-affected> (Vulnerability not present)
	NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
CVE-2015-8076 (The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3. ...)
	- cyrus-imapd-2.4 2.4.17+nocaldav-2
	[jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
	[wheezy] - cyrus-imapd-2.4 <no-dsa> (Minor issue; can be fixed alone in a future DLA)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
CVE-2015-7383 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference D ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Database ( ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in W ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7380
	RESERVED
CVE-2015-7379
	RESERVED
CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "P ...)
	NOT-FOR-US: Panda Security
CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register. ...)
	NOT-FOR-US: Pie Register plugin for WordPress
CVE-2015-7376
	RESERVED
CVE-2015-7375 (Schneider Electric InduSoft Web Studio before 8.0 allows remote attack ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-7374 (The Remote Agent component in Schneider Electric InduSoft Web Studio b ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-7373 (Cross-site scripting (XSS) vulnerability in the "magic-macros" feature ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7372 (Directory traversal vulnerability in delivery-dev/al.php in Revive Ads ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7371 (Revive Adserver before 3.2.2 does not restrict access to run-mpe.php,  ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7370 (Multiple cross-site scripting (XSS) vulnerabilities in open-flash-char ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7369 (The default Flash cross-domain policy (crossdomain.xml) in Revive Adse ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7368 (Revive Adserver before 3.2.2 does not send the appropriate Cache-Contr ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7367 (Revive Adserver before 3.2.2 allows remote attackers to perform unspec ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7366 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive A ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7365 (Cross-site scripting (XSS) vulnerability in the plugin upgrade form in ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7364 (The HTML_Quickform library, as used in Revive Adserver before 3.2.2, a ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7363 (Cross-site scripting (XSS) vulnerability in the advanced settings page ...)
	NOT-FOR-US: Fortinet
CVE-2015-7362 (Fortinet FortiClient Linux SSLVPN before build 2313, when installed on ...)
	NOT-FOR-US: Fortinet
CVE-2015-7361 (FortiOS 5.2.3, when configured to use High Availability (HA) and the d ...)
	NOT-FOR-US: FortiOS
CVE-2015-7360 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...)
	NOT-FOR-US: Fortinet
CVE-2015-XXXX [DoS]
	- libemail-address-perl 1.908-1
	[jessie] - libemail-address-perl <ignored> (Minor issue vs. usability impact of module)
	[wheezy] - libemail-address-perl <ignored> (Minor issue vs. usability impact of module)
	[squeeze] - libemail-address-perl 1.889-2+deb6u2
	NOTE: workaround entry for DLA-320-1 until/if CVE assigned
	NOTE: For the denial of service issue as of 1.908 as mitigation default value
	NOTE: for nestable comments set to deep level 1.
	NOTE: https://github.com/rjbs/Email-Address/commit/3056b7da4fffbce9ad92f9799fffc587ab40303d
	NOTE: No CVE will be assigned for behaviour change between 1.907 and 1.908
	NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity")
	NOTE: issue still present in 1.908
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
CVE-2015-7359 (The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in ...)
	NOT-FOR-US: TrueCrypt
CVE-2015-7358 (The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7. ...)
	NOT-FOR-US: TrueCrypt
CVE-2015-7357 (Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) ...)
	NOT-FOR-US: uDesign
CVE-2015-7356
	RESERVED
CVE-2015-7355
	RESERVED
CVE-2015-7354
	RESERVED
CVE-2015-7353
	RESERVED
CVE-2015-7352
	RESERVED
CVE-2015-7351
	RESERVED
CVE-2015-7350
	RESERVED
CVE-2015-7349 (Cross-site scripting (XSS) vulnerability in the sample feedback.inc fi ...)
	NOT-FOR-US: Citrix
CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibl ...)
	NOT-FOR-US: zTree
CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Cont ...)
	NOT-FOR-US: ZCMS
CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
	NOT-FOR-US: ZCMS
CVE-2015-7345
	RESERVED
CVE-2015-7344 (HikaShop Joomla Component before 2.6.0 has XSS via an injected payload ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7343 (JNews Joomla Component before 8.5.0 has XSS via the mailingsearch para ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7342 (JNews Joomla Component before 8.5.0 allows SQL injection via upload th ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7341 (JNews Joomla Component before 8.5.0 allows arbitrary File Upload via S ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7340 (JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid i ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7339 (JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7338 (SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via e ...)
	NOT-FOR-US: Joomla addon
CVE-2015-7336 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-7335 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-7334 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-7333 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-7332
	RESERVED
CVE-2015-7331 (The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows re ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: https://puppet.com/security/cve/cve-2015-7331
CVE-2015-7330 (Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to by ...)
	NOT-FOR-US: Puppet Enterprise (Puppet Communications Protocol broker)
CVE-2015-7329
	RESERVED
CVE-2015-7328 (Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015. ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the availabilit ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
CVE-2015-7326 (XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0. ...)
	NOT-FOR-US: Milton Webdav
CVE-2015-7325
	RESERVED
CVE-2015-7324 (Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment ...)
	NOT-FOR-US: StackIdeas Komento component for Joomla!
CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (form ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (form ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2015-7321
	RESERVED
CVE-2015-7320 (Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointme ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2015-7319 (SQL injection vulnerability in cpabc_appointments_admin_int_calendar_l ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2015-7318 (Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers in ...)
	NOT-FOR-US: Plone
CVE-2015-7317 (Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, a ...)
	NOT-FOR-US: Plone
CVE-2015-7316 (Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, ...)
	NOT-FOR-US: Plone
CVE-2015-7315 (Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6,  ...)
	NOT-FOR-US: Plone
CVE-2015-7310 (McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/ ...)
	NOT-FOR-US: McAfee
CVE-2015-7309 (The theme editor in Bolt before 2.2.5 does not check the file extensio ...)
	NOT-FOR-US: Bolt CMS
CVE-2015-7314 (The Precious module in gollum before 4.0.1 allows remote attackers to  ...)
	NOT-FOR-US: Gollum wiki
CVE-2015-7308
	RESERVED
CVE-2015-7307 (Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x ...)
	NOT-FOR-US: CMS Updater module for Drupal
CVE-2015-7306 (The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not prop ...)
	NOT-FOR-US: CMS Updater module for Drupal
CVE-2015-7305 (The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly r ...)
	NOT-FOR-US: Scald module for Drupal
CVE-2015-7304 (Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x  ...)
	NOT-FOR-US: amoCRM module for Drupal
CVE-2015-7303 (Use-after-free vulnerability in the Update Manager service in Avira Ma ...)
	NOT-FOR-US: Avira
CVE-2015-7302
	RESERVED
CVE-2015-7301
	RESERVED
CVE-2015-7300
	RESERVED
CVE-2015-7299 (SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 bla ...)
	NOT-FOR-US: K2
CVE-2015-7298 (ownCloud Desktop Client before 2.0.1, when compiled with a Qt release  ...)
	- owncloud-client 2.0.0+dfsg-1
	[jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016
CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote  ...)
	NOT-FOR-US: Joomla!
CVE-2015-XXXX [Privilege escalation via core-gui]
	- core-network <removed> (bug #799756)
	NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
CVE-2015-7313 (LibTIFF allows remote attackers to cause a denial of service (memory c ...)
	- tiff 4.0.7-1 (bug #800124)
	[jessie] - tiff <ignored> (Minor issue)
	[wheezy] - tiff <not-affected> (Can't reproduce)
	[squeeze] - tiff <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
	NOTE: Test file here: https://marc.info/?l=oss-security&m=144284777006804&q=p6
	NOTE: Reproduce with "ltrace -e realloc tiffdither /tmp/oom.tif /dev/null"
	NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
CVE-2015-7311 (libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly ...)
	{DSA-3414-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <not-affected> (Only affects 4.1 and later)
	NOTE: http://xenbits.xen.org/xsa/advisory-142.html
CVE-2015-7296 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 an ...)
	NOT-FOR-US: Securifi Almond devices
CVE-2015-7294 (ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP inj ...)
	NOT-FOR-US: NodeJS ldapauth
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/4
	NOTE: https://github.com/vesse/node-ldapauth-fork/issues/21
	NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
	NOTE: https://nodesecurity.io/advisories/19
CVE-2015-7293 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Man ...)
	NOT-FOR-US: Zope Management Interface
CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in drivers/sta ...)
	NOT-FOR-US: Amazon Fire OS
CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the  ...)
	NOT-FOR-US: Arris
CVE-2015-7290 (Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web man ...)
	NOT-FOR-US: Arris
CVE-2015-7289 (Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_10061 ...)
	NOT-FOR-US: Arris
CVE-2015-7288 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allo ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7287 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use  ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7286 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7285 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do n ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7284 (Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devi ...)
	NOT-FOR-US: ZyXEL
CVE-2015-7283 (The web administration interface on ZyXEL NBG-418N devices with firmwa ...)
	NOT-FOR-US: ZyXEL
CVE-2015-7282 (ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source p ...)
	NOT-FOR-US: ReadyNet
CVE-2015-7281 (Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD ...)
	NOT-FOR-US: ReadyNet
CVE-2015-7280 (The web administration interface on ReadyNet WRT300N-DD devices with f ...)
	NOT-FOR-US: ReadyNet
CVE-2015-7279 (Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper a ...)
	NOT-FOR-US: Amped Wireless
CVE-2015-7278 (Cross-site request forgery (CSRF) vulnerability on Amped Wireless R100 ...)
	NOT-FOR-US: Amped Wireless
CVE-2015-7277 (The web administration interface on Amped Wireless R10000 devices with ...)
	NOT-FOR-US: Amped Wireless
CVE-2015-7276 (Technicolor C2000T and C2100T uses hard-coded cryptographic keys. ...)
	NOT-FOR-US: Technicolor
CVE-2015-7275 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7274 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows  ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7273 (Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7272 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7271 (Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7270 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7269 (Seagate ST500LT015 hard disk drives, when operating in eDrive mode on  ...)
	NOT-FOR-US: Seagate ST500LT015 hard disk drives
CVE-2015-7268 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 an ...)
	NOT-FOR-US: Samsung
CVE-2015-7267 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 an ...)
	NOT-FOR-US: Samsung
CVE-2015-7266 (The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implemen ...)
	NOT-FOR-US: Interactive Advertising Bureau (IAB) OpenRTB
CVE-2015-7265 (Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request sta ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2015-7264 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a ce ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2015-7263 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote  ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2015-7262 (QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Stat ...)
	NOT-FOR-US: QNAP
CVE-2015-7261 (The FTP service in QNAP iArtist Lite before 1.4.54, as distributed wit ...)
	NOT-FOR-US: QNAP
CVE-2015-7260 (Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain ...)
	NOT-FOR-US: Liebert MultiLink Automated Shutdown
CVE-2015-7259 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_ ...)
	NOT-FOR-US: ZTE modems
CVE-2015-7258 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_ ...)
	NOT-FOR-US: ZTE modems
CVE-2015-7257 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_ ...)
	NOT-FOR-US: ZTE modems
CVE-2015-7256 (ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI ac ...)
	NOT-FOR-US: ZyXEL
CVE-2015-7255 (ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B ...)
	NOT-FOR-US: ZTE
CVE-2015-7254 (Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s ...)
	NOT-FOR-US: Huawei
CVE-2015-7253 (The Web Console in Commvault Edge Server 10 R2 allows remote attackers ...)
	NOT-FOR-US: Commvault Edge Server
CVE-2015-7252 (Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXH ...)
	NOT-FOR-US: ZTE router
CVE-2015-7251 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a har ...)
	NOT-FOR-US: ZTE router
CVE-2015-7250 (Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H ...)
	NOT-FOR-US: ZTE router
CVE-2015-7249 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remo ...)
	NOT-FOR-US: ZTE router
CVE-2015-7248 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remo ...)
	NOT-FOR-US: ZTE router
CVE-2015-7247 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 ...)
	NOT-FOR-US: D-Link
CVE-2015-7246 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 ...)
	NOT-FOR-US: D-Link
CVE-2015-7245 (Directory traversal vulnerability in D-Link DVG-N5402SP with firmware  ...)
	NOT-FOR-US: D-Link
CVE-2015-7244 (The default configuration of the server in MobaXterm before 8.3 has a  ...)
	NOT-FOR-US: MobaXterm
CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
	NOT-FOR-US: Boxoft
CVE-2015-7242 (Cross-site scripting (XSS) vulnerability in the Push-Service-Mails fea ...)
	NOT-FOR-US: AVM
CVE-2015-7241 (XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. ...)
	NOT-FOR-US: SAP Netweaver
CVE-2015-7240
	RESERVED
CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function  ...)
	NOT-FOR-US: J2EE
CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE) before 1.2. ...)
	NOT-FOR-US: TIE
CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing functional ...)
	NOT-FOR-US: McAfee
CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php in the  ...)
	NOT-FOR-US: CP Reservation Calendar plugin for WordPress
CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontolog ...)
	NOT-FOR-US: OSF module for Drupal
CVE-2015-7233 (Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x- ...)
	NOT-FOR-US: OSF module for Drupal
CVE-2015-7232 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: OSF module for Drupal
CVE-2015-7231 (The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drup ...)
	NOT-FOR-US: The Commerce Commonwealth module for Drupal
CVE-2015-7230 (The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows re ...)
	NOT-FOR-US: Workbench Email module for Drupal
CVE-2015-7229 (The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and ...)
	NOT-FOR-US: Twitter module for Drupal
CVE-2015-7228 (The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
	NOT-FOR-US: RESTful module for Drupal
CVE-2015-7227 (The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal do ...)
	NOT-FOR-US: Fieldable Panels Panes module for Drupal
CVE-2015-7226 (The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal chec ...)
	NOT-FOR-US: Administration Views module for Drupal
CVE-2015-7224 (puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass  ...)
	- puppet-module-puppetlabs-mysql 3.6.1-1
	[jessie] - puppet-module-puppetlabs-mysql <not-affected> (Vulnerable code not present)
CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support  ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.4+dfsg-4 (bug #799452)
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html
CVE-2015-7223 (The WebExtension APIs in Mozilla Firefox before 43.0 allow remote atta ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/
CVE-2015-7222 (Integer underflow in the Metadata::setData function in MetaData.cpp in ...)
	{DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/
	NOTE: Probably specific to Android
CVE-2015-7221 (Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/ns ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
CVE-2015-7220 (Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp i ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
CVE-2015-7219 (The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
CVE-2015-7218 (The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
CVE-2015-7217 (The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux G ...)
	- iceweasel <not-affected> (Iceweasel in Debian uses the system copy of gdk-pixbuf)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
CVE-2015-7216 (The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux G ...)
	- iceweasel <not-affected> (Iceweasel in Debian uses the system copy of gdk-pixbuf)
	NOTE: Disabled in src:gdk-pixbuf in 2.31.7-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
CVE-2015-7215 (The importScripts function in the Web Workers API implementation in Mo ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/
CVE-2015-7214 (Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow rem ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
CVE-2015-7213 (Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4 ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
CVE-2015-7212 (Integer overflow in the mozilla::layers::BufferTextureClient::Allocate ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
CVE-2015-7211 (Mozilla Firefox before 43.0 mishandles the # (number sign) character i ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/
CVE-2015-7210 (Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefo ...)
	{DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/
CVE-2015-7209
	REJECTED
CVE-2015-7208 (Mozilla Firefox before 43.0 stores cookies containing vertical tab cha ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/
CVE-2015-7207 (Mozilla Firefox before 43.0 does not properly restrict the availabilit ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/
CVE-2015-7206
	REJECTED
CVE-2015-7205 (Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in  ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
CVE-2015-7204 (Mozilla Firefox before 43.0 does not properly store the properties of  ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/
CVE-2015-7203 (Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData functio ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
CVE-2015-7202 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
CVE-2015-7201 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
CVE-2015-7200 (The CryptoKey interface implementation in Mozilla Firefox before 42.0  ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7199 (The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interp ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7198 (Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7197 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperl ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/
CVE-2015-7196 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a J ...)
	{DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/
CVE-2015-7195 (The URL parsing implementation in Mozilla Firefox before 42.0 improper ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
CVE-2015-7194 (Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox  ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/
CVE-2015-7193 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperl ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
CVE-2015-7192 (The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X ...)
	- iceweasel <not-affected> (Only affects Firefox on MacOS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-126/
CVE-2015-7191 (Mozilla Firefox before 42.0 on Android improperly restricts URL string ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-125/
CVE-2015-7190 (The Search feature in Mozilla Firefox before 42.0 on Android through 4 ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/
CVE-2015-7189 (Race condition in the JPEGEncoder function in Mozilla Firefox before 4 ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
CVE-2015-7188 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow rem ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/
CVE-2015-7187 (The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/
CVE-2015-7186 (Mozilla Firefox before 42.0 on Android allows user-assisted remote att ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-120/
CVE-2015-7185 (Mozilla Firefox before 42.0 on Android does not ensure that the addres ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-119/
CVE-2015-7184 (The fetch API implementation in Mozilla Firefox before 41.0.2 does not ...)
	- iceweasel <not-affected> (Affects only Firefox later than 38)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape P ...)
	{DSA-3406-1 DSA-3393-1 DLA-344-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- nspr 2:4.10.10-1
	- icedove 31.7.0-1~deb8u1
	[squeeze] - icedove <end-of-life>
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
	- virtualbox 5.0.10-dfsg-1
	[jessie] - virtualbox 4.3.36-dfsg-1+deb8u1
	[wheezy] - virtualbox <no-dsa> (Minor issue, will be fixed when included in next CPU)
	NOTE: VirtualBox fixed: 4.0.36, 4.1.44, 4.2.36, 4.3.34,  5.0.10
	NOTE: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c
	NOTE: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
	NOTE: Icedove, virtualbox(-ose)? have embedded copies of nspr.
	NOTE: Fixes impact macros PL_ARENA_ALLOCATE and PL_ARENA_GROW, other packages need to be recompiled:
	NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
CVE-2015-7182 (Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Sec ...)
	{DSA-3688-1 DSA-3410-1 DSA-3393-1 DLA-480-1 DLA-354-1}
	- nss 2:3.20.1-1
	NOTE: http://hg.mozilla.org/projects/nss/rev/4dc247276e58
	NOTE: http://hg.mozilla.org/projects/nss/rev/534aca7a5bca
	NOTE: http://hg.mozilla.org/projects/nss/rev/b4feb2cb0ed6
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
	NOTE: Patch for wheezy/jessie: https://lists.debian.org/debian-lts/2015/11/msg00098.html
CVE-2015-7181 (The sec_asn1d_parse_leaf function in Mozilla Network Security Services ...)
	{DSA-3688-1 DSA-3410-1 DSA-3393-1 DLA-480-1 DLA-354-1}
	- nss 2:3.20.1-1
	NOTE: http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
	NOTE: http://hg.mozilla.org/projects/nss/rev/25cb033147fd
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
	NOTE: Patch for wheezy/jessie: https://lists.debian.org/debian-lts/2015/11/msg00098.html
CVE-2015-7180 (The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before  ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7179 (The VertexBufferInterface::reserveVertexSpace function in libGLES in A ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
CVE-2015-7178 (The ProgramBinary::linkAttributes function in libGLES in ANGLE, as use ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
CVE-2015-7177 (The InitTextures function in Mozilla Firefox before 41.0 and Firefox E ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7176 (The AnimationThread function in Mozilla Firefox before 41.0 and Firefo ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7175 (The XULContentSinkImpl::AddText function in Mozilla Firefox before 41. ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7174 (The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41. ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7173
	REJECTED
CVE-2015-7172
	REJECTED
CVE-2015-7171
	REJECTED
CVE-2015-7170
	REJECTED
CVE-2015-7169
	REJECTED
CVE-2015-7168
	REJECTED
CVE-2015-7167
	REJECTED
CVE-2015-7166
	REJECTED
CVE-2015-7165
	REJECTED
CVE-2015-7164
	REJECTED
CVE-2015-7163
	REJECTED
CVE-2015-7162
	REJECTED
CVE-2015-7161
	REJECTED
CVE-2015-7160
	REJECTED
CVE-2015-7159
	REJECTED
CVE-2015-7158
	REJECTED
CVE-2015-7157
	REJECTED
CVE-2015-7156
	REJECTED
CVE-2015-7155
	REJECTED
CVE-2015-7154
	REJECTED
CVE-2015-7153
	REJECTED
CVE-2015-7152
	REJECTED
CVE-2015-7151
	REJECTED
CVE-2015-7150
	REJECTED
CVE-2015-7149
	REJECTED
CVE-2015-7148
	REJECTED
CVE-2015-7147
	REJECTED
CVE-2015-7146
	REJECTED
CVE-2015-7145
	REJECTED
CVE-2015-7144
	REJECTED
CVE-2015-7143
	REJECTED
CVE-2015-7142
	REJECTED
CVE-2015-7141
	REJECTED
CVE-2015-7140
	REJECTED
CVE-2015-7139
	REJECTED
CVE-2015-7138
	REJECTED
CVE-2015-7137
	REJECTED
CVE-2015-7136
	REJECTED
CVE-2015-7135
	REJECTED
CVE-2015-7134
	REJECTED
CVE-2015-7133
	REJECTED
CVE-2015-7132
	REJECTED
CVE-2015-7131
	REJECTED
CVE-2015-7130
	REJECTED
CVE-2015-7129
	REJECTED
CVE-2015-7128
	REJECTED
CVE-2015-7127
	REJECTED
CVE-2015-7126
	REJECTED
CVE-2015-7125
	REJECTED
CVE-2015-7124
	REJECTED
CVE-2015-7123
	REJECTED
CVE-2015-7122
	REJECTED
CVE-2015-7121
	REJECTED
CVE-2015-7120
	REJECTED
CVE-2015-7119
	REJECTED
CVE-2015-7118
	RESERVED
CVE-2015-7117 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7116 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2015-7115 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2015-7114
	REJECTED
CVE-2015-7113 (The LaunchServices component in Apple iOS before 9.2 and watchOS befor ...)
	NOT-FOR-US: Apple
CVE-2015-7112 (The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS ...)
	NOT-FOR-US: Apple
CVE-2015-7111 (The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS ...)
	NOT-FOR-US: Apple
CVE-2015-7110 (The Disk Images component in Apple OS X before 10.11.2 and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7109 (IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 a ...)
	NOT-FOR-US: Apple
CVE-2015-7108 (The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local  ...)
	NOT-FOR-US: Apple
CVE-2015-7107 (QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remot ...)
	NOT-FOR-US: Apple
CVE-2015-7106 (The Intel Graphics Driver component in Apple OS X before 10.11.2 allow ...)
	NOT-FOR-US: Apple
CVE-2015-7105 (CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7104 (WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-7103 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7102 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7101 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7100 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7099 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7098 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	- webkit2gtk 2.10.5-1 (unimportant)
CVE-2015-7097 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7096 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	- webkit2gtk 2.10.5-1 (unimportant)
CVE-2015-7095 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7094 (CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 ...)
	NOT-FOR-US: Apple
CVE-2015-7093 (Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL  ...)
	NOT-FOR-US: Apple
CVE-2015-7092 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7091 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7090 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7089 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7088 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7087 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7086 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7085 (Apple QuickTime before 7.7.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7084 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7083 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7082 (Multiple unspecified vulnerabilities in Git before 2.5.4, as used in A ...)
	NOT-FOR-US: Apple-specific git extension for Xcode
CVE-2015-7081 (iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote a ...)
	NOT-FOR-US: Apple
CVE-2015-7080 (Siri in Apple iOS before 9.2 allows physically proximate attackers to  ...)
	NOT-FOR-US: Apple
CVE-2015-7079 (dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment va ...)
	NOT-FOR-US: Apple
CVE-2015-7078 (Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11. ...)
	NOT-FOR-US: Apple
CVE-2015-7077 (The Intel Graphics Driver component in Apple OS X before 10.11.2 allow ...)
	NOT-FOR-US: Apple
CVE-2015-7076 (The Intel Graphics Driver component in Apple OS X before 10.11.2 allow ...)
	NOT-FOR-US: Apple
CVE-2015-7075 (CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS  ...)
	NOT-FOR-US: Apple
CVE-2015-7074 (CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and t ...)
	NOT-FOR-US: Apple
CVE-2015-7073 (Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchO ...)
	NOT-FOR-US: Apple
CVE-2015-7072 (dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1  ...)
	NOT-FOR-US: Apple
CVE-2015-7071 (The File Bookmark component in Apple OS X before 10.11.2 allows attack ...)
	NOT-FOR-US: Apple
CVE-2015-7070 (Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows a ...)
	NOT-FOR-US: Apple
CVE-2015-7069 (Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows a ...)
	NOT-FOR-US: Apple
CVE-2015-7068 (IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7067 (IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2015-7066 (OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1,  ...)
	NOT-FOR-US: Apple
CVE-2015-7065 (OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7064 (OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1,  ...)
	NOT-FOR-US: Apple
CVE-2015-7063 (The kernel loader in EFI in Apple OS X before 10.11.2 allows local use ...)
	NOT-FOR-US: Apple
CVE-2015-7062 (Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to byp ...)
	NOT-FOR-US: Apple
CVE-2015-7061 (The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and w ...)
	NOT-FOR-US: Apple
CVE-2015-7060 (The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and w ...)
	NOT-FOR-US: Apple
CVE-2015-7059 (The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and w ...)
	NOT-FOR-US: Apple
CVE-2015-7058 (Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 imprope ...)
	NOT-FOR-US: Apple
CVE-2015-7057 (otools in Apple Xcode before 7.2 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-7056 (IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, ...)
	NOT-FOR-US: Apple
CVE-2015-7055 (AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 d ...)
	NOT-FOR-US: Apple
CVE-2015-7054 (zlib in the Compression component in Apple iOS before 9.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-7053 (ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, ...)
	NOT-FOR-US: Apple
CVE-2015-7052 (kext tools in Apple OS X before 10.11.2 mishandles kernel-extension lo ...)
	NOT-FOR-US: Apple
CVE-2015-7051 (MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 misha ...)
	NOT-FOR-US: Apple
CVE-2015-7050 (WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses conte ...)
	NOT-FOR-US: Apple
CVE-2015-7049 (otools in Apple Xcode before 7.2 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-7048 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7047 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7046 (The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11. ...)
	NOT-FOR-US: Apple
CVE-2015-7045 (Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 impro ...)
	NOT-FOR-US: Apple
CVE-2015-7044 (The System Integrity Protection feature in Apple OS X before 10.11.2 m ...)
	NOT-FOR-US: Apple
CVE-2015-7043 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7042 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7041 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7040 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7039 (Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2,  ...)
	NOT-FOR-US: Apple
CVE-2015-7038 (Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2,  ...)
	NOT-FOR-US: Apple
CVE-2015-7037 (Directory traversal vulnerability in Mobile Backup in Photos in Apple  ...)
	NOT-FOR-US: Apple
CVE-2015-7036 (The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 ...)
	NOT-FOR-US: Apple
CVE-2015-7035 (Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and othe ...)
	NOT-FOR-US: Apple
CVE-2015-7034 (The Apple iWork application before 2.6 for iOS and Apple Pages before  ...)
	NOT-FOR-US: Apple
CVE-2015-7033 (The Apple iWork application before 2.6 for iOS, Apple Keynote before 6 ...)
	NOT-FOR-US: Apple
CVE-2015-7032 (The Apple iWork application before 2.6 for iOS, Apple Keynote before 6 ...)
	NOT-FOR-US: Apple
CVE-2015-7031 (The Web Service component in Apple OS X Server before 5.0.15 omits an  ...)
	NOT-FOR-US: Apple
CVE-2015-7030 (The Swift implementation in Apple Xcode before 7.1 mishandles type con ...)
	NOT-FOR-US: Apple
CVE-2015-7029 (Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7. ...)
	NOT-FOR-US: Apple
CVE-2015-7028
	REJECTED
CVE-2015-7027
	REJECTED
CVE-2015-7026
	REJECTED
CVE-2015-7025
	REJECTED
CVE-2015-7024 (Untrusted search path vulnerability in Apple OS X before 10.11.1 allow ...)
	NOT-FOR-US: Apple
CVE-2015-7023 (CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not pro ...)
	NOT-FOR-US: Apple
CVE-2015-7022 (The Telephony subsystem in Apple iOS before 9.1 allows attackers to ob ...)
	NOT-FOR-US: Apple
CVE-2015-7021 (The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows loc ...)
	NOT-FOR-US: Apple
CVE-2015-7020 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X befo ...)
	NOT-FOR-US: Apple
CVE-2015-7019 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X befo ...)
	NOT-FOR-US: Apple
CVE-2015-7018 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-7017 (CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes befo ...)
	NOT-FOR-US: Apple
CVE-2015-7016 (The MCX Application Restrictions component in Apple OS X before 10.11. ...)
	NOT-FOR-US: Apple
CVE-2015-7015 (Heap-based buffer overflow in the DNS client library in configd in App ...)
	NOT-FOR-US: Apple
CVE-2015-7014 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTun ...)
	NOT-FOR-US: Apple
CVE-2015-7013 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-7012 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTun ...)
	NOT-FOR-US: Apple
CVE-2015-7011 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-7010 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-7009 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-7008 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-7007 (Script Editor in Apple OS X before 10.11.1 allows remote attackers to  ...)
	NOT-FOR-US: Apple
CVE-2015-7006 (Directory traversal vulnerability in the BOM (aka Bill of Materials) c ...)
	NOT-FOR-US: Apple
CVE-2015-7005 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ex ...)
	NOT-FOR-US: Apple
CVE-2015-7004 (The kernel in Apple iOS before 9.1 allows attackers to cause a denial  ...)
	NOT-FOR-US: Apple
CVE-2015-7003 (coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize a ...)
	NOT-FOR-US: Apple
CVE-2015-7002 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTun ...)
	NOT-FOR-US: Apple
CVE-2015-7001 (AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-7000 (Notification Center in Apple iOS before 9.1 mishandles changes to "Sho ...)
	NOT-FOR-US: Apple
CVE-2015-6999 (The OCSP client in Apple iOS before 9.1 does not check for certificate ...)
	NOT-FOR-US: Apple
CVE-2015-6998
	REJECTED
CVE-2015-6997 (The X.509 certificate-trust implementation in Apple iOS before 9.1 doe ...)
	NOT-FOR-US: Apple
CVE-2015-6996 (IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and  ...)
	NOT-FOR-US: Apple
CVE-2015-6995 (The Disk Images component in Apple iOS before 9.1 and OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-6994 (The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles  ...)
	NOT-FOR-US: Apple
CVE-2015-6993 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-6992 (CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes befo ...)
	NOT-FOR-US: Apple
CVE-2015-6991 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-6990 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-6989 (Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, a ...)
	NOT-FOR-US: Apple
CVE-2015-6988 (The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not in ...)
	NOT-FOR-US: Apple
CVE-2015-6987 (The File Bookmark component in Apple OS X before 10.11.1 allows local  ...)
	NOT-FOR-US: Apple
CVE-2015-6986 (com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple ...)
	NOT-FOR-US: Apple
CVE-2015-6985 (Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote a ...)
	NOT-FOR-US: Apple
CVE-2015-6984 (libarchive in Apple OS X before 10.11.1 allows attackers to write to a ...)
	NOT-FOR-US: Apple
CVE-2015-6983 (Double free vulnerability in Apple iOS before 9.1 and OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-6982 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ex ...)
	NOT-FOR-US: Apple
CVE-2015-6981 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ex ...)
	NOT-FOR-US: Apple
CVE-2015-6980 (Directory Utility in Apple OS X before 10.11.1 mishandles authenticati ...)
	NOT-FOR-US: Apple
CVE-2015-6979 (GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Apple
CVE-2015-6978 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-6977 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-6976 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-6975 (CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes befo ...)
	NOT-FOR-US: Apple
CVE-2015-6974 (IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS  ...)
	NOT-FOR-US: Apple
CVE-2015-6973 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite R ...)
	NOT-FOR-US: Openfire
CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
	NOT-FOR-US: Openfire
CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...)
	NOT-FOR-US: Lenovo
CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night ...)
	NOT-FOR-US: Bosch
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
	- serendipity <removed>
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the serendipity_isAct ...)
	- serendipity <removed>
CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin in Nibbl ...)
	NOT-FOR-US: Nibbleblog
CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nibblebl ...)
	NOT-FOR-US: Nibbleblog
CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Cont ...)
	NOT-FOR-US: Contact Form Generator plugin for WordPress
CVE-2015-6964
	RESERVED
CVE-2015-6963
	REJECTED
CVE-2015-6962 (SQL injection vulnerability in the web application in Farol allows rem ...)
	NOT-FOR-US: Farol
CVE-2015-7236 (Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in r ...)
	{DSA-3366-1 DLA-311-1}
	- rpcbind 0.2.1-6.1 (bug #799307)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204
	NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows  ...)
	- web2py 2.12.3-1
	[jessie] - web2py <ignored> (Minor issue)
	[wheezy] - web2py <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0 (R-2.12.1)
	NOTE: https://github.com/web2py/web2py/issues/731
CVE-2015-6960 (edx-platform before 2015-09-17 allows XSS via a team name. ...)
	NOT-FOR-US: Open edX
CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...)
	NOT-FOR-US: Vindula
CVE-2015-6958
	RESERVED
CVE-2015-6957
	RESERVED
CVE-2015-6956
	RESERVED
CVE-2015-6955
	RESERVED
CVE-2015-6954
	RESERVED
CVE-2015-6953
	RESERVED
CVE-2015-6952
	RESERVED
CVE-2015-6951
	RESERVED
CVE-2015-6950
	RESERVED
CVE-2015-6949 (Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote ...)
	NOT-FOR-US: ASUS TM-AC1900 router
CVE-2015-6948 (Heap-based buffer overflow in the Microsoft Word document conversion f ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2015-6947
	REJECTED
CVE-2015-6946 (Multiple stack-based buffer overflows in the Reprise License Manager s ...)
	NOT-FOR-US: Borland AccuRev
CVE-2015-6945 (Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador We ...)
	NOT-FOR-US: JSP/MySQL Administrador Web 1
CVE-2015-6944 (Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administr ...)
	NOT-FOR-US: JSP/MySQL Administrador Web 1
CVE-2015-6943 (SQL injection vulnerability in the serendipity_checkCommentToken funct ...)
	- serendipity <removed>
CVE-2015-6942 (Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remo ...)
	NOT-FOR-US: Coremail
CVE-2015-6941 (win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before  ...)
	- salt 2015.8.1+ds-1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
	NOTE: https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710
CVE-2015-6940 (The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x ...)
	NOT-FOR-US: Pentaho
CVE-2015-7989 (Cross-site scripting (XSS) vulnerability in the user list table in Wor ...)
	{DSA-3383-1 DSA-3375-1 DLA-321-1}
	- wordpress 4.3.1+dfsg-1 (bug #799140)
	NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/26/7
CVE-2015-7337 (The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x ...)
	- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a point i ...)
	{DSA-3417-1 DLA-361-1}
	- bouncycastle 1.51-1 (bug #802671)
	NOTE: https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
	NOTE: Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
	NOTE: Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
	NOTE: Peter Dettman <peter.dettman@bouncycastle.org> offered to assist if backporting fails and to review the result.
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in Joomla ...)
	NOT-FOR-US: Joomla!
CVE-2015-6936
	RESERVED
CVE-2015-6935
	REJECTED
CVE-2015-6934 (Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCen ...)
	NOT-FOR-US: VMware
CVE-2015-6933 (The VMware Tools HGFS (aka Shared Folders) implementation in VMware Wo ...)
	NOT-FOR-US: VMware
CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify  ...)
	NOT-FOR-US: VMware
CVE-2015-6931 (Cross-site scripting (XSS) vulnerability in the vSphere Web Client in  ...)
	NOT-FOR-US: VMware
CVE-2015-8871 (Use-after-free vulnerability in the opj_j2k_write_mco function in j2k. ...)
	{DSA-3665-1}
	- openjpeg2 2.1.1-1 (bug #800149)
	- openjpeg <not-affected> (Vulnerable code not present; opj_j2k_write_mco function)
	NOTE: https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
	NOTE: https://github.com/uclouvain/openjpeg/issues/563
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1263359
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/15/4
CVE-2015-6930
	RESERVED
CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks  ...)
	NOT-FOR-US: Nokia
CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x befo ...)
	NOT-FOR-US: CubeCart
CVE-2015-6926 (The OpenID Single Sign-On authentication functionality in OXID eShop b ...)
	NOT-FOR-US: OXID eShop
CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to caus ...)
	- wolfssl 3.9.10+dfsg-1 (bug #801120)
CVE-2015-6924
	RESERVED
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol 2.3 ...)
	NOT-FOR-US: VBox Communications Satellite Express Protocol
CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x bef ...)
	NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab m ...)
	NOT-FOR-US: Zendesk Feedback Tab for Drupal
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the sourc ...)
	NOT-FOR-US: sourceAFRICA plugin for WordPress
CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (co ...)
	NOT-FOR-US: googleSearch (CSE) component for Joomla!
CVE-2015-6918 (salt before 2015.5.5 leaks git usernames and passwords to the log. ...)
	- salt 2015.8.1+ds-1 (bug #803182)
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
	NOTE: Fix https://github.com/saltstack/salt/pull/26486 builds on
	NOTE: https://github.com/saltstack/salt/pull/26483
CVE-2015-6917
	RESERVED
CVE-2015-6916
	RESERVED
CVE-2015-6915 (SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009  ...)
	NOT-FOR-US: Montala Limited ResourceSpace
CVE-2015-6914 (Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows  ...)
	NOT-FOR-US: SiteFactory CMS
CVE-2015-6913 (Cross-site scripting (XSS) vulnerability in the "Create download task  ...)
	NOT-FOR-US: Synology Download Station
CVE-2015-6912 (Synology Video Station before 1.5-0763 allows remote attackers to exec ...)
	NOT-FOR-US: Synology Video Station
CVE-2015-6911 (SQL injection vulnerability in Synology Video Station before 1.5-0763  ...)
	NOT-FOR-US: Synology Video Station
CVE-2015-6910 (SQL injection vulnerability in Synology Video Station before 1.5-0757  ...)
	NOT-FOR-US: Synology Video Station
CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the "Create download task  ...)
	NOT-FOR-US: Synology Download Station
CVE-2015-6907
	REJECTED
CVE-2015-6906
	REJECTED
CVE-2015-6905
	REJECTED
CVE-2015-6904
	REJECTED
CVE-2015-6903
	REJECTED
CVE-2015-6902
	REJECTED
CVE-2015-6901
	REJECTED
CVE-2015-6900
	REJECTED
CVE-2015-6899
	REJECTED
CVE-2015-6898
	REJECTED
CVE-2015-6897
	REJECTED
CVE-2015-6896
	REJECTED
CVE-2015-6895
	REJECTED
CVE-2015-6894
	REJECTED
CVE-2015-6893
	REJECTED
CVE-2015-6892
	REJECTED
CVE-2015-6891
	REJECTED
CVE-2015-6890
	REJECTED
CVE-2015-6889
	REJECTED
CVE-2015-6888
	REJECTED
CVE-2015-6887
	REJECTED
CVE-2015-6886
	REJECTED
CVE-2015-6885
	REJECTED
CVE-2015-6884
	REJECTED
CVE-2015-6883
	REJECTED
CVE-2015-6882
	REJECTED
CVE-2015-6881
	REJECTED
CVE-2015-6880
	REJECTED
CVE-2015-6879
	REJECTED
CVE-2015-6878
	REJECTED
CVE-2015-6877
	REJECTED
CVE-2015-6876
	REJECTED
CVE-2015-6875
	REJECTED
CVE-2015-6874
	REJECTED
CVE-2015-6873
	REJECTED
CVE-2015-6872
	REJECTED
CVE-2015-6871
	REJECTED
CVE-2015-6870
	REJECTED
CVE-2015-6869
	REJECTED
CVE-2015-6868
	REJECTED
CVE-2015-6867 (The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not requir ...)
	NOT-FOR-US: HP Vertica
CVE-2015-6866
	REJECTED
CVE-2015-6865
	REJECTED
CVE-2015-6864 (HPE ArcSight Logger before 6.1P1 allows remote authenticated users to  ...)
	NOT-FOR-US: HPE ArcSight Logger
CVE-2015-6863 (HPE ArcSight Logger before 6.1P1 allows remote attackers to execute ar ...)
	NOT-FOR-US: HPE ArcSight Logger
CVE-2015-6862 (HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: HPE UCMDB Browser
CVE-2015-6861 (HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated  ...)
	NOT-FOR-US: HPE Helion Eucalyptus
CVE-2015-6860 (HPE Network Switches with software 15.16.x and 15.17.x allow local use ...)
	NOT-FOR-US: HPE Network Switches
CVE-2015-6859 (HPE Network Switches with software 15.16.x and 15.17.x allow local use ...)
	NOT-FOR-US: HPE Network Switches
CVE-2015-6858 (HP Insight Control server provisioning before 7.5.0 RabbitMQ allows re ...)
	NOT-FOR-US: HP Insight Control
CVE-2015-6857 (Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunn ...)
	NOT-FOR-US: HP Performance Center
CVE-2015-6856 (Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local  ...)
	NOT-FOR-US: Dell
CVE-2015-6854 (The non-Domino web agents in CA Single Sign-On (aka SSO, formerly Site ...)
	NOT-FOR-US: CA Single Sign-On
CVE-2015-6853 (The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinde ...)
	NOT-FOR-US: CA Single Sign-On
CVE-2015-6852 (Directory traversal vulnerability in the API in EMC Secure Remote Serv ...)
	NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-6851 (EMC RSA SecurID Web Agent before 8.0 allows physically proximate attac ...)
	NOT-FOR-US: RSA SecurID
CVE-2015-6850 (EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a  ...)
	NOT-FOR-US: EMC VPLEX
CVE-2015-6849 (EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2 ...)
	NOT-FOR-US: EMC
CVE-2015-6848 (EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2 ...)
	NOT-FOR-US: EMC
CVE-2015-6847 (The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3  ...)
	NOT-FOR-US: EMC VPLEX
CVE-2015-6846 (EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption ke ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6845 (EMC SourceOne Email Supervisor before 7.2 does not properly employ ran ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6844 (Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne  ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6843 (Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properl ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6842
	RESERVED
CVE-2015-6841
	RESERVED
CVE-2015-6840
	RESERVED
CVE-2015-6937 (The __rds_conn_create function in net/rds/connection.c in the Linux ke ...)
	{DSA-3364-1 DLA-310-1}
	- linux 4.2.1-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f (v4.3-rc1)
CVE-2015-6908 (The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 ...)
	{DSA-3356-1 DLA-309-1}
	- openldap 2.4.42+dfsg-2 (bug #798622)
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240;selectid=8240
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/2
CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3 ...)
	- linux 4.2.1-1 (bug #796036)
	[jessie] - linux 3.16.7-ckt11-1+deb8u4
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/3
	NOTE: http://sourceforge.net/p/aufs/mailman/message/34449209/
	NOTE: For Linux kernel with aufs aufs3-mmap.patch or aufs4-mmap.patch mmap patch
CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ...)
	{DSA-3370-1 DLA-319-1}
	- freetype 2.6-1 (bug #798620)
	NOTE: https://launchpad.net/bugs/1492124
	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
	NOTE: https://savannah.nongnu.org/bugs/?41590
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse ...)
	{DSA-3370-1 DLA-319-1}
	- freetype 2.6-1 (bug #798619)
	NOTE: https://launchpad.net/bugs/1449225
	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
	NOTE: https://savannah.nongnu.org/bugs/?41309
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType befor ...)
	{DSA-3370-1 DLA-319-1}
	- freetype 2.6-1 (bug #798619)
	NOTE: https://launchpad.net/bugs/1449225
	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
	NOTE: https://savannah.nongnu.org/bugs/?41309
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...)
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-2
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
	NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
	NOTE: exec_cmd introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
	NOTE: cmd_table introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
CVE-2015-6927 (vzctl before 4.9.4 determines the virtual environment (VE) layout base ...)
	{DSA-3357-1}
	- vzctl 4.9.4-1
	[wheezy] - vzctl <not-affected> (Vulnerability not present)
	[squeeze] - vzctl <not-affected> (Vulnerability not present)
	NOTE: https://tracker.debian.org/news/711965
	NOTE: https://src.openvz.org/projects/OVZL/repos/vzctl/commits/9e98ea630ac0e88b44e3e23c878a5166aeb74e1c
	NOTE: https://plus.google.com/+OpenVZorg/posts/gidyrouNi7D
	NOTE: https://wiki.openvz.org/Download/vzctl/4.9.4
CVE-2015-6839 (The parse function in MSA vot.Ar 3.1 does not check whether a candidat ...)
	NOT-FOR-US: MSA vot.Ar
CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in wp-lim ...)
	NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin for WordPress
CVE-2015-6828 (The tweet_info function in class/__functions.php in the SecureMoz Secu ...)
	NOT-FOR-US: SecureMoz plugin
CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1. ...)
	NOT-FOR-US: Auto-Exchanger
CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in F ...)
	{DLA-1611-1}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFm ...)
	{DLA-1611-1}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before 2 ...)
	{DLA-1611-2}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2. ...)
	{DLA-1611-2}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7 ...)
	{DLA-1611-2 DLA-1611-1}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg be ...)
	{DLA-1611-1}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7. ...)
	{DLA-1611-1}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in l ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present in any Libav version)
CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...)
	{DLA-1611-1}
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
	NOTE: For libav in jessie, the patch needs to go into the decode_frame() function in libavcodec/pngdec.c
CVE-2015-6814
	RESERVED
CVE-2015-6813
	RESERVED
CVE-2015-6812 (Invision Power Services IPS Community Suite (aka Invision Power Board, ...)
	NOT-FOR-US: Invision Power Services IPS Community Suite
CVE-2015-6811 (SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewal ...)
	NOT-FOR-US: Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS
CVE-2015-6810 (Cross-site scripting (XSS) vulnerability in Invision Power Services IP ...)
	NOT-FOR-US: Invision Power Services IPS Community Suite
CVE-2015-6809 (Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3 ...)
	NOT-FOR-US: BEdita
CVE-2015-6808 (Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1 ...)
	NOT-FOR-US: Spotlight module for Drupal
CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact module 6. ...)
	NOT-FOR-US: Mass Contact module for Drupal
CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message pl ...)
	NOT-FOR-US: MDC Private Message plugin for WordPress
CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4. ...)
	{DSA-3382-1}
	- phpmyadmin 4:4.4.14.1-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-XXXX [hardening for RSA-CRT leak]
	- libgcrypt11 <removed>
	[wheezy] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
	[squeeze] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
	- libgcrypt20 1.6.4-3
	[jessie] - libgcrypt20 <no-dsa> (Minor issue; additional hardening)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
	NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	- hhvm 3.12.1+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69782
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
	NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a
CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69782
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6836 (The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45,  ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70388
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ...)
	{DSA-3358-1}
	- php5 5.6.13+dfsg-1
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.php.net/bug.php?id=70219
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70172
	NOTE: https://bugs.php.net/bug.php?id=70365
	NOTE: https://bugs.php.net/bug.php?id=70366
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-7225 (Tinfoil Devise-two-factor before 2.0.0 does not strictly follow sectio ...)
	- ruby-devise-two-factor 2.0.0-1 (bug #798466)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/06/2
CVE-2015-8777 (The process_envvars function in elf/rtld.c in the GNU C Library (aka g ...)
	{DSA-3480-1 DLA-316-1}
	- glibc 2.21-1 (bug #798316; bug #801691)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed>
	[squeeze] - eglibc 2.11.3-4+deb6u7
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/05/8
	NOTE: Upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=18928
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
CVE-2015-6815 (The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1  ...)
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-2 (bug #798101)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ...)
	- ganglia-web <unfixed> (unimportant; bug #798213)
	- ganglia 3.6.0-1 (unimportant)
	[squeeze] - ganglia <not-affected> (affected code not present)
	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
	NOTE: https://github.com/ganglia/ganglia-web/issues/267
CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows r ...)
	- pgbouncer 1.6.1-1
	[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
	[wheezy] - pgbouncer <not-affected> (Introduced in 1.6)
	[squeeze] - pgbouncer <not-affected> (Introduced in 1.6)
	NOTE: http://web.archive.org/web/20150905195759/http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
	NOTE: https://github.com/pgbouncer/pgbouncer/issues/69
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/3
CVE-2015-XXXX [val_dane_check: usage DANE-TA(2) may bypass cert validation entirely]
	[experimental] - dnsval 2.1-1
	- dnsval 2.0-2 (bug #797470)
	[jessie] - dnsval <no-dsa> (Should possibly be removed in a stable-proposed-update from Jessie)
	NOTE: Removal in jessie would need as well update to irssi and kamailio
	NOTE: dnsval/2.0-2 only disables/let val_dane_check fail on usage 2 because not implemented correctly
CVE-2015-XXXX [Memory corruption]
	- libvncserver 0.9.8-1
	[squeeze] - libvncserver 0.9.7-2+deb6u2
	NOTE: workaround entry for DLA-380-1 until/if CVE assigned
	NOTE: https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/03/8
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=706087#c1 notes that the fix breaks ABI
CVE-2015-6938 (Cross-site scripting (XSS) vulnerability in the file browser in notebo ...)
	- ipython 2.4.1-1 (low; bug #798886)
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <no-dsa> (Minor issue)
	[squeeze] - ipython <not-affected> (Vulnerable code not present)
	NOTE: Affected versions: 0.12 <= x <= 4.0
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/02/3
CVE-2015-6804
	RESERVED
CVE-2015-6803
	RESERVED
CVE-2015-6802
	RESERVED
CVE-2015-6801
	RESERVED
CVE-2015-6800
	RESERVED
CVE-2015-6799
	RESERVED
CVE-2015-6798
	RESERVED
CVE-2015-6797
	RESERVED
CVE-2015-6796
	RESERVED
CVE-2015-6795
	RESERVED
CVE-2015-6794
	RESERVED
CVE-2015-6793
	RESERVED
CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does not prop ...)
	{DSA-3456-1}
	- chromium-browser 47.0.2526.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.de/2015/12/stable-channel-update_15.html
CVE-2015-6791 (Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526 ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6790 (The WebPageSerializerImpl::openTagToString function in WebKit/Source/w ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6789 (Race condition in the MutationObserver implementation in Blink, as use ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6788 (The ObjectBackedNativeHandler class in extensions/renderer/object_back ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6787 (Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526 ...)
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6786 (The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CS ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6785 (The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CS ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6784 (The page serializer in Google Chrome before 47.0.2526.73 mishandles Ma ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6783 (The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in ...)
	- chromium-browser <not-affected> (android only)
CVE-2015-6782 (The Document::open function in WebKit/Source/core/dom/Document.cpp in  ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6781 (Integer overflow in the FontData::Bound function in data/font_data.cc  ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6780 (Use-after-free vulnerability in the Infobars implementation in Google  ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6779 (PDFium, as used in Google Chrome before 47.0.2526.73, does not properl ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6778 (The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in P ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6777 (Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedI ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6776 (The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFiu ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6775 (fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome befo ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6774 (Use-after-free vulnerability in the GetLoadTimes function in renderer/ ...)
	{DSA-3415-1}
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6773 (The convolution implementation in Skia, as used in Google Chrome befor ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6772 (The DOM implementation in Blink, as used in Google Chrome before 47.0. ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6771 (js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73 ...)
	{DSA-3415-1}
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6770 (The DOM implementation in Google Chrome before 47.0.2526.73 allows rem ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6769 (The provisional-load commit implementation in WebKit/Source/bindings/c ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6768 (The DOM implementation in Google Chrome before 47.0.2526.73 allows rem ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6767 (Use-after-free vulnerability in content/browser/appcache/appcache_disp ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6766 (Use-after-free vulnerability in the AppCache implementation in Google  ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6765 (Use-after-free vulnerability in content/browser/appcache/appcache_upda ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6764 (The BasicJsonStringifier::SerializeJSArray function in json-stringifie ...)
	{DSA-3415-1}
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
	- nodejs 4.2.3~dfsg-1 (bug #806385)
	[jessie] - nodejs <not-affected> (0.10 series not affected)
	NOTE: https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6763 (Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490 ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6762 (The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValu ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2 ...)
	{DSA-3376-1 DLA-1611-1}
	- ffmpeg 7:2.8.1-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=447860
	NOTE: https://code.google.com/p/chromium/issues/detail?id=532967
	NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy
	NOTE: It looks like this relates to multithreaded decoding of VPx codecs, which is not implemented in the squeeze version. But I'm not sure as the second bug report is still private.
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
CVE-2015-6760 (The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGL ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6759 (The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityO ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6758 (The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6757 (Use-after-free vulnerability in content/browser/service_worker/embedde ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6756 (Use-after-free vulnerability in the CPDFSDK_PageView implementation in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6755 (The ContainerNode::parserInsertBefore function in core/dom/ContainerNo ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6754 (Cross-site scripting (XSS) vulnerability in the administration interfa ...)
	NOT-FOR-US: Drupal Path Breadcrumbs module
CVE-2015-6753 (Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit  ...)
	NOT-FOR-US: Drupal Quick Edit module
CVE-2015-6752 (Cross-site scripting (XSS) vulnerability in the Search API Autocomplet ...)
	NOT-FOR-US: Drupal Search API Autocomplete module
CVE-2015-6751 (Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracke ...)
	NOT-FOR-US: Drupal Time Tracker module
CVE-2015-6750 (Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remo ...)
	NOT-FOR-US: Ricoh DL FTP Server
CVE-2015-6747 (Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent ac ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6746 (Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys i ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6745 (Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enfo ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6744 (Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client  ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6743 (Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password fo ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6742 (Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded pass ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6723 (The ANTrustPropagateAll method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6806 (The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does n ...)
	{DSA-3352-1 DLA-305-1}
	- screen 4.3.1-2 (bug #797624)
	NOTE: https://savannah.gnu.org/bugs/?45713
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis- ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-7 (bug #797461)
	[jessie] - vorbis-tools 1.4.0-6+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
	NOTE: https://trac.xiph.org/ticket/2212
CVE-2015-6741
	RESERVED
CVE-2015-6740
	RESERVED
CVE-2015-6739
	RESERVED
CVE-2015-6738
	RESERVED
CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. ...)
	{DLA-2075-1}
	- jsoup 1.8.3-1 (bug #797275)
	[wheezy] - jsoup <no-dsa> (Minor issue)
	NOTE: https://github.com/jhy/jsoup/pull/582
	NOTE: https://hibernate.atlassian.net/browse/HV-1012
	NOTE: https://issues.jboss.org/browse/WFLY-5223
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/28/3
CVE-2015-6726
	RESERVED
CVE-2015-6725 (The ANSendForSharedReview method in Adobe Reader and Acrobat 10.x befo ...)
	NOT-FOR-US: Adobe
CVE-2015-6724 (The ANSendForApproval method in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-5723 (Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before ...)
	{DSA-3369-1}
	- php-doctrine-annotations 1.2.7-1 (low)
	[jessie] - php-doctrine-annotations 1.2.1-1+deb8u1
	- php-doctrine-cache 1.4.2-1 (low)
	[jessie] - php-doctrine-cache 1.3.1-1+deb8u1
	[experimental] - php-doctrine-common 2.5.1-1
	- php-doctrine-common 2.4.3-1 (low)
	[jessie] - php-doctrine-common 2.4.2-2+deb8u1
	[experimental] - doctrine 2.5.1+dfsg-1
	- doctrine 2.4.8-1 (low)
	[jessie] - doctrine 2.4.6-1+deb8u1
	[wheezy] - doctrine <no-dsa> (Minor issue)
	[squeeze] - doctrine <no-dsa> (Minor issue)
	[experimental] - aws-sdk-for-php 3.2.1-1
	- aws-sdk-for-php <not-affected> (Vulnerable code not present)
	- php-doctrine-bundle 1.5.2-1 (low)
	- zendframework 1.12.16+dfsg-1 (low)
	[squeeze] - zendframework <not-affected> (No unsafe permissions found in cache functions)
	NOTE: Review of zendframework 1.10.6 in Squeeze found no usage of default unsafe permission except in library/Zend/Search/Lucene/Storage/Directory/Filesystem.php but which is unlikely to cause a security issue.
	NOTE: http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
	NOTE: https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-07
CVE-2015-6722 (The CBSharedReviewStatusDialog method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6721 (The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat 10 ...)
	NOT-FOR-US: Adobe
CVE-2015-6720 (The ANRunSharedReviewEmailStep method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6719 (The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x  ...)
	NOT-FOR-US: Adobe
CVE-2015-6718 (The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6717 (The DynamicAnnotStore method in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6716 (The ANSendForFormDistribution method in Adobe Reader and Acrobat 10.x  ...)
	NOT-FOR-US: Adobe
CVE-2015-6715 (The Function apply implementation in Adobe Reader and Acrobat 10.x bef ...)
	NOT-FOR-US: Adobe
CVE-2015-6714 (The Function bind implementation in Adobe Reader and Acrobat 10.x befo ...)
	NOT-FOR-US: Adobe
CVE-2015-6713 (The Function call implementation in Adobe Reader and Acrobat 10.x befo ...)
	NOT-FOR-US: Adobe
CVE-2015-6712 (The ANSendApprovalToAuthorEnabled method in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6711 (The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10 ...)
	NOT-FOR-US: Adobe
CVE-2015-6710 (The CBBBRInit method in Adobe Reader and Acrobat 10.x before 10.1.16 a ...)
	NOT-FOR-US: Adobe
CVE-2015-6709 (The CBBBRInvite method in Adobe Reader and Acrobat 10.x before 10.1.16 ...)
	NOT-FOR-US: Adobe
CVE-2015-6708 (The ANStartApproval method in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe
CVE-2015-6707 (The ANSendForReview method in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe
CVE-2015-6706 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6705 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6704 (The animations property implementation in Adobe Reader and Acrobat 10. ...)
	NOT-FOR-US: Adobe
CVE-2015-6703 (The loadFlashMovie function in Adobe Reader and Acrobat 10.x before 10 ...)
	NOT-FOR-US: Adobe
CVE-2015-6702 (The createSquareMesh function in Adobe Reader and Acrobat 10.x before  ...)
	NOT-FOR-US: Adobe
CVE-2015-6701 (The ambientIlluminationColor property implementation in Adobe Reader a ...)
	NOT-FOR-US: Adobe
CVE-2015-6700 (The setBackground function in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe
CVE-2015-6699 (The addForegroundSprite function in Adobe Reader and Acrobat 10.x befo ...)
	NOT-FOR-US: Adobe
CVE-2015-6698 (Heap-based buffer overflow in the AcroForm implementation in Adobe Rea ...)
	NOT-FOR-US: Adobe
CVE-2015-6697 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6696 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe
CVE-2015-6695 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6694 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6693 (The signatureSetSeedValue method in Adobe Reader and Acrobat 10.x befo ...)
	NOT-FOR-US: Adobe
CVE-2015-6692 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11 ...)
	NOT-FOR-US: Adobe
CVE-2015-6691 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6690 (Use-after-free vulnerability in the popUpMenuEx method in Adobe Reader ...)
	NOT-FOR-US: Adobe
CVE-2015-6689 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6688 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6687 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6686 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6685 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-6684 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6683 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-6682 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6681 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2015-6680 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2015-6679 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6678 (Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6677 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6676 (Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6675 (Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP f ...)
	NOT-FOR-US: Siemens RUGGEDCOM ROS
CVE-2015-6672 (Cross-site scripting (XSS) vulnerability in the Administrative Web Int ...)
	NOT-FOR-US: Citrix
CVE-2015-6671 (Open edX edx-platform before 2015-08-25 requires use of the database f ...)
	NOT-FOR-US: Open edX
CVE-2015-6670 (ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1 ...)
	{DSA-3373-1}
	- owncloud 7.0.8~dfsg-1
	[experimental] - owncloud-calendar 0.7.3-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-015
	NOTE: https://github.com/owncloud/calendar/commit/4e0306adb13b19919e90857eaf7681303cd45414
CVE-2015-6669
	RESERVED
CVE-2015-6668 (The Job Manager plugin before 0.7.25 allows remote attackers to read a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-6667
	RESERVED
CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import func ...)
	NOT-FOR-US: SAP Mobile Platform
CVE-2015-6663 (Cross-site scripting (XSS) vulnerability in the Client form in the Dev ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-6662 (XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 al ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-6657
	RESERVED
CVE-2015-6656
	RESERVED
CVE-2014-9744 (Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause  ...)
	- polarssl 1.3.9-1
	[wheezy] - polarssl <not-affected> (Affects only 1.3.x series)
	[squeeze] - polarssl <not-affected> (Affects only 1.3.x series)
CVE-2015-6666
	REJECTED
CVE-2015-6655 (Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 all ...)
	NOT-FOR-US: Pligg CMS
CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x,  ...)
	{DSA-3414-1}
	- xen 4.8.0~rc3-1 (bug #823620; bug #800128)
	[wheezy] - xen <not-affected> (Xen on arm not yet supported)
	[squeeze] - xen <not-affected> (Xen on arm not yet supported)
	NOTE: http://xenbits.xen.org/xsa/advisory-141.html
CVE-2015-6653
	REJECTED
CVE-2015-6652
	REJECTED
CVE-2015-6651
	REJECTED
CVE-2015-6650
	REJECTED
CVE-2015-6649
	REJECTED
CVE-2015-6648
	RESERVED
CVE-2015-6647 (The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LM ...)
	NOT-FOR-US: Android
CVE-2015-6646 (The System V IPC implementation in the kernel in Android before 6.0 20 ...)
	NOT-FOR-US: Android
	NOTE: https://source.android.com/security/bulletin/2016-01-01.html
	NOTE: This doesn't represent a specific kernel vulnerability. Android does not need and did not apply resource limits to System V IPC.
CVE-2015-6645 (SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 a ...)
	NOT-FOR-US: Android
CVE-2015-6644 (Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
	{DSA-3829-1 DLA-893-1}
	- bouncycastle 1.54-1
	NOTE: https://source.android.com/security/bulletin/2016-01-01.html#information_disclosure_vulnerability_in_bouncy_castle
	NOTE: https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f
	NOTE: Fixed differently upstream https://github.com/bcgit/bc-java/issues/177#issuecomment-290671336
CVE-2015-6643 (Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01 ...)
	NOT-FOR-US: Android
CVE-2015-6642 (The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 al ...)
	NOT-FOR-US: Qualcomm driver for Android
	NOTE: https://www.codeaurora.org/projects/security-advisories/information-disclosure-vulnerability-kernel-ipc-router-module-cve-2015-6642
CVE-2015-6641 (Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to  ...)
	NOT-FOR-US: Android
CVE-2015-6640 (The prctl_set_vma_anon_name function in kernel/sys.c in Android before ...)
	NOT-FOR-US: Android kernel extension
	NOTE: https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15
CVE-2015-6639 (The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LM ...)
	NOT-FOR-US: Android
CVE-2015-6638 (The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F ...)
	NOT-FOR-US: Imagination driver for Android
CVE-2015-6637 (The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 bef ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2015-6636 (mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01- ...)
	NOT-FOR-US: Android Mediaserver
CVE-2015-6635
	RESERVED
CVE-2015-6634 (The display drivers in Android before 5.1.1 LMY48Z allow remote attack ...)
	NOT-FOR-US: Android
CVE-2015-6633 (The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015 ...)
	NOT-FOR-US: Android
CVE-2015-6632 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-0 ...)
	NOT-FOR-US: libstagefright
CVE-2015-6631 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-0 ...)
	NOT-FOR-US: libstagefright
CVE-2015-6630 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01  ...)
	NOT-FOR-US: Android
CVE-2015-6629 (Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain se ...)
	NOT-FOR-US: Android
CVE-2015-6628 (Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12- ...)
	NOT-FOR-US: Android
CVE-2015-6627 (The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015 ...)
	NOT-FOR-US: Android
CVE-2015-6626 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-0 ...)
	NOT-FOR-US: libstagefright
CVE-2015-6625 (System Server in Android 6.0 before 2015-12-01 allows attackers to obt ...)
	NOT-FOR-US: Android
CVE-2015-6624 (System Server in Android 6.0 before 2015-12-01 allows attackers to obt ...)
	NOT-FOR-US: Android
CVE-2015-6623 (Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privil ...)
	NOT-FOR-US: Android
CVE-2015-6622 (The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 b ...)
	NOT-FOR-US: Android
CVE-2015-6621 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01  ...)
	NOT-FOR-US: Android
CVE-2015-6620 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-0 ...)
	NOT-FOR-US: libstagefright
CVE-2015-6619 (The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 al ...)
	- linux <not-affected> (Appears to be caused by a flawed backport of O_TMPFILE feature)
	NOTE: https://android.googlesource.com/device%2Fhtc%2Fflounder-kernel/+/25d3e5d71865a7c0324423fad87aaabb70e82ee4
CVE-2015-6618 (Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assis ...)
	NOT-FOR-US: Android
CVE-2015-6617 (Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
	- skia <itp> (bug #818180)
CVE-2015-6616 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 a ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6615
	RESERVED
CVE-2015-6614 (Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain  ...)
	NOT-FOR-US: Android
CVE-2015-6613 (Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 all ...)
	NOT-FOR-US: Android
CVE-2015-6612 (libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allo ...)
	NOT-FOR-US: Android
CVE-2015-6611 (mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 a ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6610 (libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-0 ...)
	NOT-FOR-US: libstagefright
CVE-2015-6609 (libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allo ...)
	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
CVE-2015-6608 (mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11- ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6607 (SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows at ...)
	NOT-FOR-US: Android
	NOTE: The change simply rebased sqlite to 3.8.9, which seems to have happened
	NOTE: for CVE-2015-3414, CVE-2015-3415 and CVE-2015-3416, but no new sqlite issue
CVE-2015-6606 (The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin i ...)
	NOT-FOR-US: Android
CVE-2015-6605 (mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6604 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6603 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6602 (libutils in Android through 5.1.1 LMY48M allows remote attackers to ex ...)
	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
CVE-2015-6601 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6600 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6599 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6598 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6597
	RESERVED
CVE-2015-6596 (mediaserver in Android before 5.1.1 LMY48T allows attackers to gain pr ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6595
	RESERVED
CVE-2015-6594
	RESERVED
CVE-2015-6592 (Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require auth ...)
	NOT-FOR-US: Huawei
CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia/load ...)
	NOT-FOR-US: Free Reprintables ArticleFR
CVE-2015-6590
	RESERVED
CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...)
	NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Rev ...)
	NOT-FOR-US: MODX Revolution
CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with s ...)
	NOT-FOR-US: Huawei
CVE-2015-6585 (hwpapp.dll in Hangul Word Processor allows remote attackers to execute ...)
	NOT-FOR-US: Hangul Word Processor
CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10 ...)
	- datatables.js 1.10.9+dfsg-1
	NOTE: http://www.securityfocus.com/archive/1/archive/1/536437/100/0/threaded
	NOTE: https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/
	NOTE: https://github.com/DataTables/DataTables/issues/602
	NOTE: https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d
	NOTE: https://nodesecurity.io/advisories/5
CVE-2015-6583 (Google Chrome before 45.0.2454.85 does not display a location bar for  ...)
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6582 (The decompose function in platform/transforms/TransformationMatrix.cpp ...)
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6581 (Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_t ...)
	{DSA-3665-1}
	- openjpeg <not-affected> (Vulnerable code not present, function opj_j2k_copy_default_tcp_and_create_tcd)
	- openjpeg2 2.1.1-1 (bug #800453)
	NOTE: Openjpeg2 fix: https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, a ...)
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6579
	RESERVED
CVE-2015-6578
	RESERVED
CVE-2015-6577
	RESERVED
CVE-2015-6576 (Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2015-6575 (SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6574 (The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP produ ...)
	NOT-FOR-US: SISCO MMS-EASE
CVE-2015-6573
	RESERVED
CVE-2015-6572
	RESERVED
CVE-2015-6571
	RESERVED
CVE-2015-6570
	RESERVED
CVE-2015-6569 (Race condition in the LoadBalancer module in the Atlassian Floodlight  ...)
	NOT-FOR-US: Atlassian
CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code E ...)
	NOT-FOR-US: Wolf CMS
CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code E ...)
	NOT-FOR-US: Wolf CMS
CVE-2015-6566 (zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 ...)
	- zarafa <itp> (bug #658433)
CVE-2015-6562
	RESERVED
CVE-2015-6561
	RESERVED
CVE-2015-6560
	RESERVED
CVE-2015-6559
	RESERVED
CVE-2015-6558
	RESERVED
CVE-2015-6557 (IBM Tivoli Storage Manager for Databases: Data Protection for Microsof ...)
	NOT-FOR-US: IBM
CVE-2015-6556 (EACommunicatorSrv.exe in the Framework Service in the client in Symant ...)
	NOT-FOR-US: Symantec
CVE-2015-6555 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 a ...)
	NOT-FOR-US: Symantec
CVE-2015-6554 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 a ...)
	NOT-FOR-US: Symantec
CVE-2015-6553
	REJECTED
CVE-2015-6552 (The management-services protocol implementation in Veritas NetBackup 7 ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2015-6551 (Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and  ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2015-6550 (bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4 ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2015-6549 (Cross-site scripting (XSS) vulnerability in an application console in  ...)
	NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the manageme ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with s ...)
	NOT-FOR-US: Semantec Web Gateway
CVE-2015-6546 (The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb be ...)
	NOT-FOR-US: Cerb
CVE-2015-6544 (Cross-site scripting (XSS) vulnerability in application/dashboard.clas ...)
	NOT-FOR-US: Combodo
CVE-2015-6543
	RESERVED
CVE-2015-6542
	REJECTED
CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail ...)
	NOT-FOR-US: Zimbra
CVE-2015-6540 (Cross-site scripting (XSS) vulnerability in Intellect Design Arena Int ...)
	NOT-FOR-US: Intellect Design Arena Intellect Core banking
CVE-2015-6539
	RESERVED
CVE-2015-6538 (The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles  ...)
	NOT-FOR-US: Epiphany Cardio Server
CVE-2015-6537 (SQL injection vulnerability in the login page in Epiphany Cardio Serve ...)
	NOT-FOR-US: Epiphany Cardio Server
CVE-2015-6536
	RESERVED
CVE-2015-6535 (Cross-site scripting (XSS) vulnerability in includes/options-profiles. ...)
	NOT-FOR-US: YouTube Embed plugin for WordPress
CVE-2015-6534
	RESERVED
CVE-2015-6533
	RESERVED
CVE-2015-6532
	RESERVED
CVE-2015-6531 (Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 migh ...)
	NOT-FOR-US: Palo Alto Networks Panorama VM Appliance
CVE-2015-6530 (Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 b ...)
	NOT-FOR-US: OpenText Secure MFT 2013
CVE-2015-6529 (Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 ...)
	- phpipam <itp> (bug #731713)
CVE-2015-6528 (Multiple cross-site scripting (XSS) vulnerabilities in install_classic ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-6525 (Multiple integer overflows in the evbuffer API in Libevent 2.0.x befor ...)
	{DSA-3119-1}
	- libevent 2.0.21-stable-2
	[squeeze] - libevent <not-affected> (Only for issues in 2.0.x and 2.1.x)
	NOTE: Split from CVE-2014-6272
CVE-2015-6524 (The LDAPLoginModule implementation in the Java Authentication and Auth ...)
	- activemq 5.6.0+dfsg1-4 (low)
	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
CVE-2015-6523 (Cross-site request forgery (CSRF) vulnerability in the Portfolio plugi ...)
	NOT-FOR-US: Portfolio plugin for WordPress
CVE-2015-6522 (SQL injection vulnerability in the WP Symposium plugin before 15.8 for ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to  ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not pr ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. ...)
	{DLA-2035-1}
	- libpgf 6.14.12-3.2 (bug #798032)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
	NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
	NOTE: https://sourceforge.net/p/libpgf/code/147/
	NOTE: https://sourceforge.net/p/libpgf/code/148/
CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c in PH ...)
	- php5 <not-affected> (Specific to PHP 7)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
	NOTE: https://bugs.php.net/bug.php?id=70140
CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS vers ...)
	NOT-FOR-US: ATutor
CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote attackers t ...)
	NOT-FOR-US: Arab Portal 3
CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1. ...)
	- phpliteadmin <not-affected> (Fixed before initial upload)
CVE-2015-6517 (Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 al ...)
	- phpliteadmin <not-affected> (Fixed before initial upload)
CVE-2015-6516 (SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier al ...)
	NOT-FOR-US: cygnux.org sysPass
CVE-2015-6515 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk
CVE-2015-6514 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk En ...)
	NOT-FOR-US: Splunk Enterprise
CVE-2015-6513 (Multiple SQL injection vulnerabilities in the J2Store (com_j2store) ex ...)
	NOT-FOR-US: Joomla extension com_j2store
CVE-2015-6512 (SQL injection vulnerability in the get_messages function in server/plu ...)
	NOT-FOR-US: FreiChat
CVE-2015-6511 (Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allow ...)
	NOT-FOR-US: pfSense
CVE-2015-6510 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before  ...)
	NOT-FOR-US: pfSense
CVE-2015-6509 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before  ...)
	NOT-FOR-US: pfSense
CVE-2015-6508 (Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allow ...)
	NOT-FOR-US: pfSense
CVE-2015-6507 (The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows ...)
	NOT-FOR-US: SAP
CVE-2015-6833 (Directory traversal vulnerability in the PharData class in PHP before  ...)
	{DSA-3344-1 DLA-341-1}
	- php5 5.6.12+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70019
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
	NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6831 (Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...)
	{DSA-3344-1 DLA-341-1}
	- php5 5.6.12+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70169
	NOTE: https://bugs.php.net/bug.php?id=70168
	NOTE: https://bugs.php.net/bug.php?id=70166
	NOTE: https://bugs.php.net/bug.php?id=70155
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
	NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6832 (Use-after-free vulnerability in the SPL unserialize implementation in  ...)
	{DSA-3344-1 DLA-341-1}
	- php5 5.6.12+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70068
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
	NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6505
	RESERVED
CVE-2015-6504
	RESERVED
CVE-2015-6503
	RESERVED
CVE-2015-6502 (Cross-site scripting (XSS) vulnerability in the console in Puppet Ente ...)
	NOT-FOR-US: Puppet Enterprise
CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise before ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 8.0.6 and  ...)
	{DSA-3373-1}
	- owncloud 7.0.10~dfsg-2 (bug #800126)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-014
	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt
	NOTE: https://github.com/owncloud/core/commit/9f8c0a3a8d14f1c127b2034faa14d8d309f962e9
CVE-2015-6499
	RESERVED
CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 a ...)
	NOT-FOR-US: Alcatel-Lucent Home Device Manager
CVE-2015-6497 (The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2 ...)
	NOT-FOR-US: Magento
CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...)
	NOT-FOR-US: Cloudera
CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango  ...)
	NOT-FOR-US: Infinite Automation Mango Automation
CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...)
	NOT-FOR-US: Infinite Automation Mango Automation
CVE-2015-6492 (Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 dev ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6491 (Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 dev ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6490 (Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices b ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6489
	RESERVED
CVE-2015-6488 (Cross-site scripting (XSS) vulnerability in the web server on Allen-Br ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6487
	REJECTED
CVE-2015-6486 (SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices b ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6485 (Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-5 ...)
	NOT-FOR-US: Schneider
CVE-2015-6484 (3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attacker ...)
	NOT-FOR-US: 3S-Smart CODESYS
CVE-2015-6483
	RESERVED
CVE-2015-6482 (Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 al ...)
	NOT-FOR-US: 3S-Smart CODESYS
CVE-2015-6481 (The login function in the RequestController class in Moxa OnCell Centr ...)
	NOT-FOR-US: Moxa
CVE-2015-6480 (The MessageBrokerServlet servlet in Moxa OnCell Central Manager before ...)
	NOT-FOR-US: Moxa
CVE-2015-6479 (ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, ...)
	NOT-FOR-US: Sierra Wireless ALEOS
CVE-2015-6478 (Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict ...)
	NOT-FOR-US: Unitronics VisiLogic OPLC IDE
CVE-2015-6477 (Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm P ...)
	NOT-FOR-US: Nordex Control
CVE-2015-6476 (Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devi ...)
	NOT-FOR-US: Advantech EKI-122x-BE devices
CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar Serve ...)
	NOT-FOR-US: ServeMaster
CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers ...)
	NOT-FOR-US: ServeMaster
CVE-2015-6473 (WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain p ...)
	NOT-FOR-US: WAGO IO
CVE-2015-6472 (WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 75 ...)
	NOT-FOR-US: WAGO IO
CVE-2015-6471 (Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 co ...)
	NOT-FOR-US: Eaton Cooper Power Systems ProView
CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote authent ...)
	NOT-FOR-US: Resource Data Manager
CVE-2015-6469 (The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ all ...)
	NOT-FOR-US: ServerMaster
CVE-2015-6468 (Cross-site request forgery (CSRF) vulnerability in Resource Data Manag ...)
	NOT-FOR-US: Resource Data Manager
CVE-2015-6467 (Advantech WebAccess before 8.1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Advantech
CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...)
	NOT-FOR-US: Moxa switches
CVE-2015-6465 (The GoAhead web server on Moxa EDS-405A and EDS-408A switches with fir ...)
	NOT-FOR-US: Moxa switches
CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A switche ...)
	NOT-FOR-US: Moxa switches
CVE-2015-6463 (CodeWrights HART Comm DTM components, as used with Endress+Hauser Fiel ...)
	NOT-FOR-US: CodeWrights HART Comm DTM components
CVE-2015-6462 (Reflected Cross-Site Scripting (nonpersistent) allows an attacker to c ...)
	NOT-FOR-US: Schneider
CVE-2015-6461 (Remote file inclusion allows an attacker to craft a specific URL refer ...)
	NOT-FOR-US: Schneider
CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Serve ...)
	NOT-FOR-US: CODESYS Gateway Server
CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in FileD ...)
	NOT-FOR-US: FileDownloadServlet
CVE-2015-6458 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow conditi ...)
	NOT-FOR-US: Moxa
CVE-2015-6457 (Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow conditi ...)
	NOT-FOR-US: Moxa
CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1. ...)
	NOT-FOR-US: PulseNET
CVE-2015-6455
	REJECTED
CVE-2015-6454 (Everest PeakHMI before 8.7.0.2, when the video server is used, allows  ...)
	NOT-FOR-US: PeakHMI
CVE-2015-6453
	REJECTED
CVE-2015-6452
	REJECTED
CVE-2015-6451
	REJECTED
CVE-2015-6450
	REJECTED
CVE-2015-6449
	REJECTED
CVE-2015-6448
	REJECTED
CVE-2015-6447
	REJECTED
CVE-2015-6446
	REJECTED
CVE-2015-6445
	REJECTED
CVE-2015-6444
	REJECTED
CVE-2015-6443
	REJECTED
CVE-2015-6442
	REJECTED
CVE-2015-6441
	REJECTED
CVE-2015-6440
	REJECTED
CVE-2015-6439
	REJECTED
CVE-2015-6438
	REJECTED
CVE-2015-6437
	REJECTED
CVE-2015-6436
	REJECTED
CVE-2015-6435 (An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 900 ...)
	NOT-FOR-US: Cisco
CVE-2015-6434 (Cisco Prime Infrastructure does not properly restrict use of IFRAME el ...)
	NOT-FOR-US: Cisco
CVE-2015-6433 (SQL injection vulnerability in Cisco Unified Communications Manager 11 ...)
	NOT-FOR-US: Cisco
CVE-2015-6432 (Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, a ...)
	NOT-FOR-US: Cisco
CVE-2015-6431 (Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Cisco
CVE-2015-6430
	RESERVED
CVE-2015-6429 (The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 ...)
	NOT-FOR-US: Cisco
CVE-2015-6428 (Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obta ...)
	NOT-FOR-US: Cisco
CVE-2015-6427 (Cisco FireSIGHT Management Center allows remote attackers to bypass th ...)
	NOT-FOR-US: Cisco
CVE-2015-6426 (Cisco Prime Network Services Controller 3.0 allows local users to bypa ...)
	NOT-FOR-US: Cisco
CVE-2015-6425 (The WebApplications Identity Management subsystem in Cisco Unified Com ...)
	NOT-FOR-US: Cisco
CVE-2015-6424 (The boot manager in Cisco Application Policy Infrastructure Controller ...)
	NOT-FOR-US: Cisco
CVE-2015-6423 (The DCERPC Inspection implementation in Cisco Adaptive Security Applia ...)
	NOT-FOR-US: Cisco
CVE-2015-6422 (The self-service application in Cisco Unified Communications Domain Ma ...)
	NOT-FOR-US: Cisco
CVE-2015-6421 (cifs-ao in the CIFS optimization functionality on Cisco Wide Area Appl ...)
	NOT-FOR-US: Cisco
CVE-2015-6420 (Serialized-object interfaces in certain Cisco Collaboration and Social ...)
	NOT-FOR-US: Cisco
CVE-2015-6419 (Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0,  ...)
	NOT-FOR-US: Cisco
CVE-2015-6418 (The random-number generator on Cisco Small Business RV routers 4.x and ...)
	NOT-FOR-US: Cisco
CVE-2015-6417 (Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and ...)
	NOT-FOR-US: Cisco
CVE-2015-6416 (Cross-site scripting (XSS) vulnerability in Cisco Unified Email Intera ...)
	NOT-FOR-US: Cisco
CVE-2015-6415 (Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6 ...)
	NOT-FOR-US: Cisco
CVE-2015-6414 (Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same ...)
	NOT-FOR-US: Cisco
CVE-2015-6413 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 al ...)
	NOT-FOR-US: Cisco
CVE-2015-6412 (Cisco Modular Encoding Platform D9036 Software before 02.04.70 has har ...)
	NOT-FOR-US: Cisco
CVE-2015-6411 (Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides v ...)
	NOT-FOR-US: Cisco
CVE-2015-6410 (The Mobile and Remote Access (MRA) services implementation in Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2015-6409 (Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-m ...)
	NOT-FOR-US: Cisco
CVE-2015-6408 (Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connect ...)
	NOT-FOR-US: Cisco
CVE-2015-6407 (Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to u ...)
	NOT-FOR-US: Cisco
CVE-2015-6406 (Directory traversal vulnerability in the Tools menu in Cisco Emergency ...)
	NOT-FOR-US: Cisco
CVE-2015-6405 (Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Res ...)
	NOT-FOR-US: Cisco
CVE-2015-6404 (Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use  ...)
	NOT-FOR-US: Cisco
CVE-2015-6403 (The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x ...)
	NOT-FOR-US: Cisco
CVE-2015-6402 (Cross-site scripting (XSS) vulnerability in the management interface o ...)
	NOT-FOR-US: Cisco
CVE-2015-6401 (Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2015-6400 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
	NOT-FOR-US: Cisco
CVE-2015-6399 (The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Cont ...)
	NOT-FOR-US: Cisco
CVE-2015-6398 (Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switche ...)
	NOT-FOR-US: Cisco
CVE-2015-6397 (Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC config ...)
	NOT-FOR-US: Cisco
CVE-2015-6396 (The CLI command parser on Cisco RV110W, RV130W, and RV215W devices all ...)
	NOT-FOR-US: Cisco
CVE-2015-6395 (Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not pr ...)
	NOT-FOR-US: Cisco
CVE-2015-6394 (The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows loc ...)
	NOT-FOR-US: Cisco
CVE-2015-6393 (Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, ...)
	NOT-FOR-US: Cisco
CVE-2015-6392 (Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, ...)
	NOT-FOR-US: Cisco
CVE-2015-6391 (Cisco Unified SIP 3905 phones allow remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2015-6390 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2015-6389 (Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-6388 (Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows  ...)
	NOT-FOR-US: Cisco
CVE-2015-6387 (Cross-site scripting (XSS) vulnerability in Cisco Unified Computing Sy ...)
	NOT-FOR-US: Cisco
CVE-2015-6386 (The passthrough FTP feature on Cisco Web Security Appliance (WSA) devi ...)
	NOT-FOR-US: Cisco
CVE-2015-6385 (The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5 ...)
	NOT-FOR-US: Cisco
CVE-2015-6384 (The Cisco WebEx Meetings application before 8.5.1 for Android improper ...)
	NOT-FOR-US: Cisco
CVE-2015-6383 (Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software pa ...)
	NOT-FOR-US: Cisco
CVE-2015-6382 (Cisco ASR 5000 devices with software 16.0(900) allow remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2015-6381
	RESERVED
CVE-2015-6380 (An unspecified script in the web interface in Cisco Firepower Extensib ...)
	NOT-FOR-US: Cisco
CVE-2015-6379 (The XML parser in the management interface in Cisco Adaptive Security  ...)
	NOT-FOR-US: Cisco
CVE-2015-6378 (Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devic ...)
	NOT-FOR-US: Cisco
CVE-2015-6377 (Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote at ...)
	NOT-FOR-US: Cisco
CVE-2015-6376 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-6375 (The debug-logging (aka debug cns) feature in Cisco Networking Services ...)
	NOT-FOR-US: Cisco
CVE-2015-6374 (The web interface in Cisco Firepower Extensible Operating System 1.1(1 ...)
	NOT-FOR-US: Cisco
CVE-2015-6373 (Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Ext ...)
	NOT-FOR-US: Cisco
CVE-2015-6372 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2015-6371 (Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 90 ...)
	NOT-FOR-US: Cisco
CVE-2015-6370 (The Management I/O (MIO) component in Cisco Firepower Extensible Opera ...)
	NOT-FOR-US: Cisco
CVE-2015-6369 (The USB driver in Cisco Firepower Extensible Operating System 1.1(1.16 ...)
	NOT-FOR-US: Cisco
CVE-2015-6368 (Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 90 ...)
	NOT-FOR-US: Cisco
CVE-2015-6367 (Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attac ...)
	NOT-FOR-US: Cisco
CVE-2015-6366 (Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supers ...)
	NOT-FOR-US: Cisco
CVE-2015-6365 (Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs superse ...)
	NOT-FOR-US: Cisco
CVE-2015-6364 (Cisco Content Delivery System Manager Software 3.2 on Videoscape Distr ...)
	NOT-FOR-US: Cisco
CVE-2015-6363 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...)
	NOT-FOR-US: Cisco
CVE-2015-6362 (The web GUI in Cisco Connected Grid Network Management System (CG-NMS) ...)
	NOT-FOR-US: Cisco
CVE-2015-6361 (The administrative web interface on Cisco DPC3939 (XB3) devices with f ...)
	NOT-FOR-US: Cisco
CVE-2015-6360 (The encryption-processing feature in Cisco libSRTP before 1.5.3 allows ...)
	{DSA-3539-1 DLA-393-1}
	[experimental] - srtp 1.5.3~dfsg-1
	- srtp 1.4.5~20130609~dfsg-1.2 (bug #807698)
	NOTE: Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
CVE-2015-6359 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6358 (Multiple Cisco embedded devices use hardcoded X.509 certificates and S ...)
	NOT-FOR-US: Cisco
CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2  ...)
	NOT-FOR-US: Cisco FireSIGHT
CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco S ...)
	NOT-FOR-US: Cisco
CVE-2015-6355 (The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on  ...)
	NOT-FOR-US: Cisco
CVE-2015-6354 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight ...)
	NOT-FOR-US: Cisco
CVE-2015-6353 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight ...)
	NOT-FOR-US: Cisco
CVE-2015-6352 (Cisco Unified Communications Domain Manager before 10.6(1) provides di ...)
	NOT-FOR-US: Cisco
CVE-2015-6351 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices wit ...)
	NOT-FOR-US: Cisco
CVE-2015-6350 (SQL injection vulnerability in the web framework in Cisco Prime Servic ...)
	NOT-FOR-US: Cisco
CVE-2015-6349 (Cross-site scripting (XSS) vulnerability in the web interface in the S ...)
	NOT-FOR-US: Cisco
CVE-2015-6348 (The report-generation web interface in the Solution Engine in Cisco Se ...)
	NOT-FOR-US: Cisco
CVE-2015-6347 (The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0. ...)
	NOT-FOR-US: Cisco
CVE-2015-6346 (Cross-site scripting (XSS) vulnerability in Cisco Secure Access Contro ...)
	NOT-FOR-US: Cisco
CVE-2015-6345 (SQL injection vulnerability in the Solution Engine in Cisco Secure Acc ...)
	NOT-FOR-US: Cisco
CVE-2015-6344 (The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Contex ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-6343 (The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border E ...)
	NOT-FOR-US: Cisco
CVE-2015-6342
	REJECTED
CVE-2015-6341 (The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices  ...)
	NOT-FOR-US: Cisco
CVE-2015-6340 (The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on ...)
	NOT-FOR-US: Cisco
CVE-2015-6339
	REJECTED
CVE-2015-6338
	REJECTED
CVE-2015-6337 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy I ...)
	NOT-FOR-US: Cisco
CVE-2015-6336 (Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8. ...)
	NOT-FOR-US: Cisco
CVE-2015-6335 (The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7 ...)
	NOT-FOR-US: Cisco
CVE-2015-6334 (Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0 ...)
	NOT-FOR-US: Cisco
CVE-2015-6333 (Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows  ...)
	NOT-FOR-US: Cisco
CVE-2015-6332 (Cisco Prime Infrastructure 2.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2015-6331 (SQL injection vulnerability in the web framework in Cisco Prime Collab ...)
	NOT-FOR-US: Cisco
CVE-2015-6330 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2015-6329 (SQL injection vulnerability in Cisco Prime Collaboration Provisioning  ...)
	NOT-FOR-US: Cisco
CVE-2015-6328 (The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) ...)
	NOT-FOR-US: Cisco
CVE-2015-6327 (The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) so ...)
	NOT-FOR-US: Cisco
CVE-2015-6326 (Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8. ...)
	NOT-FOR-US: Cisco
CVE-2015-6325 (Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8. ...)
	NOT-FOR-US: Cisco
CVE-2015-6324 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ( ...)
	NOT-FOR-US: Cisco
CVE-2015-6323 (The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0  ...)
	NOT-FOR-US: Cisco
CVE-2015-6322 (The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 th ...)
	NOT-FOR-US: Cisco
CVE-2015-6321 (Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1 ...)
	NOT-FOR-US: Cisco
CVE-2015-6320 (The IP ingress packet handler on Cisco Aironet 1800 devices with softw ...)
	NOT-FOR-US: Cisco
CVE-2015-6319 (SQL injection vulnerability in the web-based management interface on C ...)
	NOT-FOR-US: Cisco
CVE-2015-6318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1  ...)
	NOT-FOR-US: Cisco
CVE-2015-6317 (Cisco Identity Services Engine (ISE) before 2.0 allows remote authenti ...)
	NOT-FOR-US: Cisco
CVE-2015-6316 (The default configuration of sshd_config in Cisco Mobility Services En ...)
	NOT-FOR-US: Cisco
CVE-2015-6315 (Cisco Aironet 1850 access points with software 8.1(112.4) allow local  ...)
	NOT-FOR-US: Cisco
CVE-2015-6314 (Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 b ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2015-6313 (Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobilit ...)
	NOT-FOR-US: Cisco
CVE-2015-6312 (Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE)  ...)
	NOT-FOR-US: Cisco
CVE-2015-6311 (Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0),  ...)
	NOT-FOR-US: Cisco
CVE-2015-6310 (The REST interface in Cisco Unified Communications Manager IM and Pres ...)
	NOT-FOR-US: Cisco
CVE-2015-6309 (Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows re ...)
	NOT-FOR-US: Cisco
CVE-2015-6308 (Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated  ...)
	NOT-FOR-US: Cisco
CVE-2015-6307 (Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with softw ...)
	NOT-FOR-US: Cisco
CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does  ...)
	NOT-FOR-US: Cisco
CVE-2015-6305 (Untrusted search path vulnerability in the CMainThread::launchDownload ...)
	NOT-FOR-US: Cisco
CVE-2015-6304 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-6303 (The Cisco Spark application 2015-07-04 for mobile operating systems do ...)
	NOT-FOR-US: Cisco
CVE-2015-6302 (The RADIUS functionality on Cisco Wireless LAN Controller (WLC) device ...)
	NOT-FOR-US: Cisco
CVE-2015-6301 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2015-6300 (Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) all ...)
	NOT-FOR-US: Cisco
CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity Connec ...)
	NOT-FOR-US: Cisco
CVE-2015-6298 (The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x a ...)
	NOT-FOR-US: Cisco
CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has  ...)
	NOT-FOR-US: Cisco
CVE-2015-6295 (Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices al ...)
	NOT-FOR-US: Cisco
CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow re ...)
	NOT-FOR-US: Cisco
CVE-2015-6293 (Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051,  ...)
	NOT-FOR-US: Cisco
CVE-2015-6292 (The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151 ...)
	NOT-FOR-US: Cisco
CVE-2015-6291 (Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9. ...)
	NOT-FOR-US: Cisco
CVE-2015-6290 (Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to ...)
	NOT-FOR-US: Cisco
CVE-2015-6289 (Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 8 ...)
	NOT-FOR-US: Cisco
CVE-2015-6288 (Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not p ...)
	NOT-FOR-US: Cisco
CVE-2015-6287 (Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2015-6286 (Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexCon ...)
	NOT-FOR-US: Cisco
CVE-2015-6285 (Format string vulnerability in Cisco Email Security Appliance (ESA) 7. ...)
	NOT-FOR-US: Cisco Email Security Appliance
CVE-2015-6284 (Buffer overflow in the Conference Control Protocol API implementation  ...)
	NOT-FOR-US: Cisco TelePresence Server
CVE-2015-6283
	REJECTED
CVE-2015-6282 (Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS befor ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6281
	RESERVED
CVE-2015-6280 (The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IO ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6279 (The IPv6 snooping functionality in the first-hop security subsystem in ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6278 (The IPv6 snooping functionality in the first-hop security subsystem in ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6277 (The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMwar ...)
	NOT-FOR-US: Cisco
CVE-2015-6276 (Cisco TelePresence IX5000 8.0.3 stores a private key associated with a ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-6275
	RESERVED
CVE-2015-6274 (The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3 ...)
	NOT-FOR-US: Cisco ASR
CVE-2015-6273 (Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automati ...)
	NOT-FOR-US: Cisco
CVE-2015-6272 (Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when N ...)
	NOT-FOR-US: Cisco
CVE-2015-6271 (Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when N ...)
	NOT-FOR-US: Cisco
CVE-2015-6270 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2015-6269 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2015-6268 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2015-6267 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2015-6266 (The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.89 ...)
	NOT-FOR-US: Cisco
CVE-2015-6265 (The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earl ...)
	NOT-FOR-US: Cisco
CVE-2015-6264
	REJECTED
CVE-2015-6263 (The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shar ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6262 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrast ...)
	NOT-FOR-US: Cisco
CVE-2015-6261 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2  ...)
	NOT-FOR-US: Cisco
CVE-2015-6260 (Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not ...)
	NOT-FOR-US: Cisco
CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2015-6258 (The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2015-6257
	RESERVED
CVE-2015-6256 (Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attack ...)
	NOT-FOR-US: Cisco Aggregation Services Router
CVE-2015-6255 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Ma ...)
	NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2015-6254 (The (1) Service Provider (SP) and (2) Identity Provider (IdP) in Picke ...)
	NOT-FOR-US: PicketLink
CVE-2015-6253 (edx-platform before 2015-08-17 allows XSS in the Studio listing of cou ...)
	NOT-FOR-US: Open edX
CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError functi ...)
	- vlc 2.2.0~rc2-1
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c i ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/18/4
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 (v4.1-rc1)
CVE-2015-6252 (The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux ker ...)
	{DSA-3364-1}
	- linux 4.1.5-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2015/8/10/375
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 (v4.2-rc5)
CVE-2015-6239
	RESERVED
CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google Anal ...)
	NOT-FOR-US: Google Analyticator plugin for WordPress
CVE-2015-6237 (The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 ...)
	NOT-FOR-US: Tripwire IP360 VnE Manager
CVE-2015-6236
	REJECTED
CVE-2015-6235
	REJECTED
CVE-2015-6234
	REJECTED
CVE-2015-6233
	REJECTED
CVE-2015-6232
	REJECTED
CVE-2015-6231
	REJECTED
CVE-2015-6230
	REJECTED
CVE-2015-6229
	REJECTED
CVE-2015-6228
	REJECTED
CVE-2015-6227
	REJECTED
CVE-2015-6226
	REJECTED
CVE-2015-6225
	REJECTED
CVE-2015-6224
	REJECTED
CVE-2015-6223
	REJECTED
CVE-2015-6222
	REJECTED
CVE-2015-6221
	REJECTED
CVE-2015-6220
	REJECTED
CVE-2015-6219
	REJECTED
CVE-2015-6218
	REJECTED
CVE-2015-6217
	REJECTED
CVE-2015-6216
	REJECTED
CVE-2015-6215
	REJECTED
CVE-2015-6214
	REJECTED
CVE-2015-6213
	REJECTED
CVE-2015-6212
	REJECTED
CVE-2015-6211
	REJECTED
CVE-2015-6210
	REJECTED
CVE-2015-6209
	REJECTED
CVE-2015-6208
	REJECTED
CVE-2015-6207
	REJECTED
CVE-2015-6206
	REJECTED
CVE-2015-6205
	REJECTED
CVE-2015-6204
	REJECTED
CVE-2015-6203
	REJECTED
CVE-2015-6202
	REJECTED
CVE-2015-6201
	REJECTED
CVE-2015-6200
	REJECTED
CVE-2015-6199
	REJECTED
CVE-2015-6198
	REJECTED
CVE-2015-6197
	REJECTED
CVE-2015-6196
	REJECTED
CVE-2015-6195
	REJECTED
CVE-2015-6194
	REJECTED
CVE-2015-6193
	REJECTED
CVE-2015-6192
	REJECTED
CVE-2015-6191
	REJECTED
CVE-2015-6190
	REJECTED
CVE-2015-6189
	REJECTED
CVE-2015-6188
	REJECTED
CVE-2015-6187
	REJECTED
CVE-2015-6186
	REJECTED
CVE-2015-6185
	REJECTED
CVE-2015-6184 (The CAttrArray object implementation in Microsoft Internet Explorer 7  ...)
	NOT-FOR-US: Microsoft
CVE-2015-6183
	REJECTED
CVE-2015-6182
	REJECTED
CVE-2015-6181
	REJECTED
CVE-2015-6180
	REJECTED
CVE-2015-6179
	REJECTED
CVE-2015-6178
	REJECTED
CVE-2015-6177 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Vie ...)
	NOT-FOR-US: Microsoft
CVE-2015-6176 (Microsoft Edge mishandles HTML attributes in HTTP responses, which all ...)
	NOT-FOR-US: Microsoft
CVE-2015-6175 (The kernel in Microsoft Windows 10 Gold allows local users to gain pri ...)
	NOT-FOR-US: Microsoft
CVE-2015-6174 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2015-6173 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2015-6172 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6171 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2015-6170 (Microsoft Edge allows remote attackers to gain privileges via a crafte ...)
	NOT-FOR-US: Microsoft
CVE-2015-6169 (Microsoft Edge misparses HTTP responses, which allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2015-6168 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2015-6167
	REJECTED
CVE-2015-6166 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6165 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6164 (Microsoft Internet Explorer 9 through 11 improperly implements a cross ...)
	NOT-FOR-US: Microsoft
CVE-2015-6163
	REJECTED
CVE-2015-6162 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6161 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-6160 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6159 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2015-6158 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2015-6157 (Microsoft Internet Explorer 11 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6156 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6155 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2015-6154 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-6153 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2015-6152 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6151 (Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-6150 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6149 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6148 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-6147 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6146 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6145 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6144 (Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle  ...)
	NOT-FOR-US: Microsoft
CVE-2015-6143 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6142 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2015-6141 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2015-6140 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2015-6139 (Microsoft Internet Explorer 11 and Microsoft Edge mishandle content ty ...)
	NOT-FOR-US: Microsoft
CVE-2015-6138 (Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6137
	REJECTED
CVE-2015-6136 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsof
CVE-2015-6135 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsof
CVE-2015-6134 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsof
CVE-2015-6133 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Win ...)
	NOT-FOR-US: Microsof
CVE-2015-6132 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsof
CVE-2015-6131 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Wi ...)
	NOT-FOR-US: Microsof
CVE-2015-6130 (Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows  ...)
	NOT-FOR-US: Microsof
CVE-2015-6129
	REJECTED
CVE-2015-6128 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6127 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Wi ...)
	NOT-FOR-US: Windows Media Center
CVE-2015-6126 (Race condition in the Pragmatic General Multicast (PGM) protocol imple ...)
	NOT-FOR-US: Microsoft
CVE-2015-6125 (Use-after-free vulnerability in the DNS server in Microsoft Windows Se ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6124 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6123 (Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 20 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office C ...)
	NOT-FOR-US: Microsoft
CVE-2015-6121
	REJECTED
CVE-2015-6120
	REJECTED
CVE-2015-6119
	REJECTED
CVE-2015-6118 (Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers t ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-6117 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP ...)
	NOT-FOR-US: Microsoft
CVE-2015-6116
	REJECTED
CVE-2015-6115 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attacke ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-6114 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2015-6113 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6112 (SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6111 (IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6110
	REJECTED
CVE-2015-6109 (The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6108 (The Windows font library in Microsoft Windows Vista SP2; Windows Serve ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6107 (The Windows font library in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6106 (The Windows font library in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6105
	REJECTED
CVE-2015-6104 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6103 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6102 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6101 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6100 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6099 (Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2015-6098 (Buffer overflow in the Network Driver Interface Standard (NDIS) implem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6097 (Heap-based buffer overflow in Windows Journal in Microsoft Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6096 (The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, ...)
	NOT-FOR-US: Microsoft .NET
CVE-2015-6095 (Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6094 (Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 201 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6093 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6092 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6091 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6090
	REJECTED
CVE-2015-6089 (The Microsoft (1) VBScript and (2) JScript engines, as used in Interne ...)
	NOT-FOR-US: Microsoft
CVE-2015-6088 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-6087 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6086 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ob ...)
	NOT-FOR-US: Microsoft
CVE-2015-6085 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft
CVE-2015-6084 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft
CVE-2015-6083 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6082 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6081 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6080 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6079 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6078 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-6077 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6076 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6075 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6074 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6073 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2015-6072 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6071 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6070 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6069 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6068 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2015-6067
	REJECTED
CVE-2015-6066 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6065 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2015-6064 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2015-6063
	REJECTED
CVE-2015-6062
	REJECTED
CVE-2015-6061 (Cross-site scripting (XSS) vulnerability in Microsoft Skype for Busine ...)
	NOT-FOR-US: Microsoft
CVE-2015-6060
	REJECTED
CVE-2015-6059 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsoft
CVE-2015-6058 (Microsoft Edge mishandles HTML attributes in HTTP responses, which all ...)
	NOT-FOR-US: Microsoft Edge
CVE-2015-6057 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Microsoft Edge
CVE-2015-6056 (The (1) JScript and (2) VBScript engines in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6055 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsoft
CVE-2015-6054
	REJECTED
CVE-2015-6053 (Microsoft Internet Explorer 11 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6052 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsoft
CVE-2015-6051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6050 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6049 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6048 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6047 (The broker EditWith feature in Microsoft Internet Explorer 8 through 1 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ob ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6045 (Use-after-free vulnerability in the CElement object implementation in  ...)
	NOT-FOR-US: Microsoft
CVE-2015-6044 (Microsoft Internet Explorer 8 allows remote attackers to gain privileg ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6043
	REJECTED
CVE-2015-6042 (Use-after-free vulnerability in the CWindow object implementation in M ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6041
	REJECTED
CVE-2015-6040 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 20 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6039 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft
CVE-2015-6038 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2015-6037 (Cross-site scripting (XSS) vulnerability in Microsoft Excel Services o ...)
	NOT-FOR-US: Microsoft
CVE-2015-6036 (QNAP Signage Station before 2.0.1 allows remote attackers to bypass au ...)
	NOT-FOR-US: QNAP Signage Station
CVE-2015-6035 (Opsview before 2015-11-06 has XSS via SNMP. ...)
	NOT-FOR-US: Opsview
CVE-2015-6034 (EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Contr ...)
	NOT-FOR-US: Epson
CVE-2015-6033 (Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital sig ...)
	NOT-FOR-US: Qolsys IQ Panel
CVE-2015-6032 (Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic key ...)
	NOT-FOR-US: Qolsys IQ Panel
CVE-2015-6031 (Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the ...)
	{DSA-3379-1}
	- miniupnpc 1.9.20140610-2.1 (bug #802650)
	NOTE: http://talosintel.com/reports/TALOS-2015-0035/
	NOTE: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
CVE-2015-6030 (HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, ...)
	NOT-FOR-US: HP Arcsight Logger
CVE-2015-6029 (HP ArcSight Logger before 6.0 P2 does not limit attempts to authentica ...)
	NOT-FOR-US: HP Arcsight Logger
CVE-2015-6028 (Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via th ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2015-6027 (Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2015-6026
	RESERVED
CVE-2015-6025
	RESERVED
CVE-2015-6024 (ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmwar ...)
	NOT-FOR-US: Qolsys NetCommWireless
CVE-2015-6023 (ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmwar ...)
	NOT-FOR-US: Qolsys NetCommWireless
CVE-2015-6022 (Unrestricted file upload vulnerability in QNAP Signage Station before  ...)
	NOT-FOR-US: QNAP Signage Station
CVE-2015-6021 (Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. ...)
	NOT-FOR-US: Spiceworks Desktop
CVE-2015-6020 (ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote auth ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6019 (The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00 ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6018 (The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with  ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6017 (Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1  ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6016 (ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B2 ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6015 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-6014 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-6013 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-6012 (Multiple open redirect vulnerabilities in Web Reference Database (aka  ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6011 (Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge b ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6010 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference D ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6009 (Multiple SQL injection vulnerabilities in Web Reference Database (aka  ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6008 (install.php in Web Reference Database (aka refbase) through 0.9.6 allo ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6007 (Cross-site request forgery (CSRF) vulnerability in Web Reference Datab ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6006 (The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153 ...)
	NOT-FOR-US: Medicomp
CVE-2015-6005 (Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsU ...)
	NOT-FOR-US: IPSwitch
CVE-2015-6004 (Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before ...)
	NOT-FOR-US: IPSwitch
CVE-2015-6003 (Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910  ...)
	NOT-FOR-US: QNAP QTS
CVE-2015-6002
	RESERVED
CVE-2015-6001
	RESERVED
CVE-2015-6000 (Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyD ...)
	NOT-FOR-US: Vtiger CRM
CVE-2015-5999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Li ...)
	NOT-FOR-US: D-Link DIR-816L Wireless Router
CVE-2015-5998 (Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASS ...)
	NOT-FOR-US: Impero Education Pro
CVE-2015-5997 (Impero Education Pro before 5105 uses a hardcoded CBC key and initiali ...)
	NOT-FOR-US: Impero Education Pro
CVE-2015-5996 (Cross-site request forgery (CSRF) vulnerability on Mediabridge Mediali ...)
	NOT-FOR-US: Mediabridge Medialink devices
CVE-2015-5995 (Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and T ...)
	NOT-FOR-US: Mediabridge Medialink devices
CVE-2015-5994 (The web management interface on Mediabridge Medialink MWN-WAPR300N dev ...)
	NOT-FOR-US: Mediabridge Medialink devices
CVE-2015-5993 (Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone ...)
	NOT-FOR-US: SpeedSurf
CVE-2015-5992 (Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Phil ...)
	NOT-FOR-US: SpeedSurf
CVE-2015-5991 (Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi  ...)
	NOT-FOR-US: SpeedSurf
CVE-2015-5990 (Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 de ...)
	NOT-FOR-US: Belkin devices
CVE-2015-5989 (Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side Jav ...)
	NOT-FOR-US: Belkin devices
CVE-2015-5988 (The web management interface on Belkin F9K1102 2 devices with firmware ...)
	NOT-FOR-US: Belkin devices
CVE-2015-5987 (Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorit ...)
	NOT-FOR-US: Belkin devices
CVE-2015-6241 (The proto_tree_add_bytes_item function in epan/proto.c in the protocol ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-21.html
CVE-2015-6242 (The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_b ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-22.html
CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark 1.12. ...)
	{DSA-3367-1 DLA-497-1}
	- wireshark 1.12.7+g7fc8978-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-23.html
CVE-2015-6244 (The dissect_zbee_secure function in epan/dissectors/packet-zbee-securi ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-24.html
CVE-2015-6245 (epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wi ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-25.html
CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c  ...)
	{DSA-3367-1 DLA-497-1}
	- wireshark 1.12.7+g7fc8978-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-26.html
CVE-2015-6247 (The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-op ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-27.html
CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in epan/pro ...)
	{DSA-3367-1 DLA-497-1}
	- wireshark 1.12.7+g7fc8978-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-28.html
CVE-2015-6249 (The dissect_wccp2r1_address_table_info function in epan/dissectors/pac ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-29.html
CVE-2015-6250 (simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be ...)
	NOT-FOR-US: simple-php-captcha
CVE-2015-5986 (openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x  ...)
	- bind9 <not-affected> (Vulnerable code present only since 9.9.7)
	NOTE: https://kb.isc.org/article/AA-01291
CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that t ...)
	{DSA-3341-1 DLA-295-1}
	- conntrack 1:1.4.2-3 (bug #796103)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/14/4
	NOTE: http://bugzilla.netfilter.org/show_bug.cgi?id=910
	NOTE: https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd
CVE-2015-5985
	REJECTED
CVE-2015-5984
	REJECTED
CVE-2015-5983
	REJECTED
CVE-2015-5982
	REJECTED
CVE-2015-5981
	REJECTED
CVE-2015-5980
	REJECTED
CVE-2015-5979
	REJECTED
CVE-2015-5978
	REJECTED
CVE-2015-5977
	REJECTED
CVE-2015-5976
	REJECTED
CVE-2015-5975
	REJECTED
CVE-2015-5974
	REJECTED
CVE-2015-5973
	REJECTED
CVE-2015-5972
	REJECTED
CVE-2015-5971
	REJECTED
CVE-2015-5970 (The ChangePassword RPC method in Novell ZENworks Configuration Managem ...)
	NOT-FOR-US: Novell
CVE-2015-5969 (The mysql-systemd-helper script in the mysql-community-server package  ...)
	NOT-FOR-US: SuSE-specific mysql packaging bug
CVE-2015-5968 (Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot ...)
	NOT-FOR-US: Novell
CVE-2015-5967
	REJECTED
CVE-2015-5966
	REJECTED
CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the  ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-6506 (Cross-site scripting (XSS) vulnerability in the cryptography interface ...)
	{DSA-3335-1}
	- request-tracker4 4.2.11-2
	[jessie] - request-tracker4 4.2.8-3+deb8u1
	[wheezy] - request-tracker4 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/13/8
CVE-2015-6565 (sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY de ...)
	- openssh <not-affected> (Vulnerable code introduce in V_6_8_P1)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
	NOTE: Issue introduced with https://anongit.mindrot.org/openssh.git/commit/?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 (V_6_8_P1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/12/1
CVE-2015-6563 (The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD pla ...)
	{DLA-1500-1}
	- openssh 1:6.9p1-1 (bug #795711)
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6564 (Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...)
	{DLA-1500-1}
	- openssh 1:6.9p1-1 (bug #795711)
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6737 (Cross-site scripting (XSS) vulnerability in the Widgets extension for  ...)
	NOT-FOR-US: Widgets extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T88964
CVE-2015-6736 (The Quiz extension for MediaWiki allows remote attackers to cause a de ...)
	NOT-FOR-US: Quiz extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T97083
CVE-2015-6735 (The reset functionality in the TimedMediaHandler extension for MediaWi ...)
	NOT-FOR-US: TimedMediaHandler extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T100211
CVE-2015-6734 (Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the  ...)
	- mediawiki-extensions <not-affected> (contrib directory not present)
	NOTE: https://phabricator.wikimedia.org/T108198
CVE-2015-6733 (GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki be ...)
	- mediawiki-extensions <not-affected> (contrib directory not present)
	NOTE: https://phabricator.wikimedia.org/T108198
CVE-2015-6732 (Multiple cross-site scripting (XSS) vulnerabilities in the SemanticFor ...)
	NOT-FOR-US: SemanticForms extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T103391
	NOTE: https://phabricator.wikimedia.org/T103765
	NOTE: https://phabricator.wikimedia.org/T103765
CVE-2015-6731 (Multiple cross-site scripting (XSS) vulnerabilities in the SemanticFor ...)
	NOT-FOR-US: SemanticForms extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T103391
	NOTE: https://phabricator.wikimedia.org/T103765
	NOTE: https://phabricator.wikimedia.org/T103765
CVE-2015-6730 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki bef ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T97391
CVE-2015-6729 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki bef ...)
	- mediawiki <not-affected> (Introduced in 1.21)
	NOTE: https://phabricator.wikimedia.org/T97391
CVE-2015-6728 (The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1. ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T94116
CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows remot ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T106893
	NOTE: https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e
CVE-2015-6727 (The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.2 ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T106893
	NOTE: https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
CVE-2015-5964 (The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache ...)
	{DSA-3338-1 DLA-301-1}
	- python-django 1.7.10-1 (bug #796104)
	NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
CVE-2015-5963 (contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1 ...)
	{DSA-3338-1 DLA-301-1}
	- python-django 1.7.10-1 (bug #796104)
	NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
CVE-2015-5962 (Integer signedness error in the SharedBufferManagerParent::RecvAllocat ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-5961 (The COPPA error page in the Accounts setup dialog in Mozilla Firefox O ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attackers to ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-6520 (IPPUSBXD before 1.22 listens on all interfaces, which allows remote at ...)
	- ippusbxd 1.22-1 (bug #795162)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/1
	NOTE: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
	NOTE: https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82
CVE-2015-XXXX [publicfile-installer: insecure use of /tmp]
	- publicfile-installer 0.11-1 (bug #795062)
CVE-2015-XXXX [net/http: broken trailers don't close a server connection]
	- golang 2:1.4.3-1
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/issues/12027
	NOTE: https://github.com/golang/go/commit/26049f6f9171d1190f3bbe05ec304845cfe6399f
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/06/2
CVE-2015-6251 (Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4 ...)
	{DSA-3334-1}
	- gnutls28 3.3.17-1 (bug #795068)
	- gnutls26 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/10/1
	NOTE: https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
	NOTE: _gnutls_x509_dn_to_string() introduced in 3.1.10 via:
	NOTE: https://gitlab.com/gnutls/gnutls/commit/6be35136333b5d6289f23209cf896e741462909a
CVE-2015-5958 (phpFileManager 0.9.8 allows remote attackers to execute arbitrary comm ...)
	NOT-FOR-US: phpFileManager
CVE-2015-5956 (The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7 ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (not supported in squeeze-lts)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
CVE-2015-5955 (ownCloud iOS app before 3.4.4 does not properly switch state between m ...)
	NOT-FOR-US: ownCloud iOS app
CVE-2015-5954 (The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7 ...)
	{DSA-3373-1}
	- owncloud 7.0.7~dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-011
CVE-2015-5953 (Cross-site scripting (XSS) vulnerability in the activity application i ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010
CVE-2015-5952 (Directory traversal vulnerability in Thomson Reuters for FATCA before  ...)
	NOT-FOR-US: Thomson Reuters FATCA
CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson Reuters  ...)
	NOT-FOR-US: Thomson Reuters FATCA
CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on ...)
	- nvidia-graphics-drivers 340.93-1 (bug #800566)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx 304.128-5
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.128-1
CVE-2015-5949 (VideoLAN VLC media player 2.2.1 allows remote attackers to cause a den ...)
	{DSA-3342-1}
	- vlc 2.2.1-3 (bug #796255)
	[wheezy] - vlc <not-affected> (Vulnerability introduced by later changes)
	[squeeze] - vlc <not-affected> (Vulnerability introduced by later changes)
	NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd
	NOTE: http://www.ocert.org/advisories/ocert-2015-009.html
CVE-2015-5948 (Race condition in SuiteCRM before 7.2.3 allows remote attackers to exe ...)
	NOT-FOR-US: SuiteCRM
CVE-2015-5947 (SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: SuiteCRM
CVE-2015-5946 (Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote aut ...)
	NOT-FOR-US: SugarCRM
CVE-2015-5945 (The Sandbox subsystem in Apple OS X before 10.11.1 allows local users  ...)
	NOT-FOR-US: Apple
CVE-2015-5944 (CoreText in Apple OS X before 10.11.1 allows remote attackers to execu ...)
	NOT-FOR-US: Apple
CVE-2015-5943 (SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic  ...)
	NOT-FOR-US: Apple
CVE-2015-5942 (FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS b ...)
	NOT-FOR-US: Apple
CVE-2015-5941
	REJECTED
CVE-2015-5940 (The Accelerate Framework component in Apple iOS before 9.1 and OS X be ...)
	NOT-FOR-US: Apple
CVE-2015-5939 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS befo ...)
	NOT-FOR-US: Apple
CVE-2015-5938 (ImageIO in Apple OS X before 10.11.1 allows remote attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2015-5937 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS befo ...)
	NOT-FOR-US: Apple
CVE-2015-5936 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS befo ...)
	NOT-FOR-US: Apple
CVE-2015-5935 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS befo ...)
	NOT-FOR-US: Apple
CVE-2015-5934 (Audio in Apple OS X before 10.11.1 allows remote attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2015-5933 (Audio in Apple OS X before 10.11.1 allows remote attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2015-5932 (The kernel in Apple OS X before 10.11.1 allows local users to gain pri ...)
	NOT-FOR-US: Apple
CVE-2015-5931 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-5930 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTun ...)
	NOT-FOR-US: Apple
CVE-2015-5929 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTun ...)
	NOT-FOR-US: Apple
CVE-2015-5928 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTun ...)
	NOT-FOR-US: Apple
CVE-2015-5927 (FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS b ...)
	NOT-FOR-US: Apple
CVE-2015-5926 (The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11. ...)
	NOT-FOR-US: Apple
CVE-2015-5925 (The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11. ...)
	NOT-FOR-US: Apple
CVE-2015-5924 (The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-5923 (Apple iOS before 9.0.2 does not properly restrict the options availabl ...)
	NOT-FOR-US: Apple
CVE-2015-5922 (Unspecified vulnerability in International Components for Unicode (ICU ...)
	NOT-FOR-US: Apple
CVE-2015-5921 (WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachme ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5920 (The Software Update component in Apple iTunes before 12.3 does not pro ...)
	NOT-FOR-US: Apple
CVE-2015-5919 (GasGauge in Apple watchOS before 2 allows local users to gain privileg ...)
	NOT-FOR-US: Apple watchOS
CVE-2015-5918 (GasGauge in Apple watchOS before 2 allows local users to gain privileg ...)
	NOT-FOR-US: Apple watchOS
CVE-2015-5917 (The glob implementation in tnftpd (formerly lukemftpd), as used in App ...)
	NOT-FOR-US: Apple
CVE-2015-5916 (The Apple Pay component in Apple iOS before 9 allows remote terminals  ...)
	NOT-FOR-US: Apple
CVE-2015-5915 (Apple OS X before 10.11 does not ensure that the keychain's lock state ...)
	NOT-FOR-US: Apple
CVE-2015-5914 (The EFI component in Apple OS X before 10.11 allows physically proxima ...)
	NOT-FOR-US: Apple
CVE-2015-5913 (Heimdal, as used in Apple OS X before 10.11, allows remote attackers t ...)
	NOT-FOR-US: Apple
CVE-2015-5912 (The CFNetwork FTPProtocol component in Apple iOS before 9 allows remot ...)
	NOT-FOR-US: Apple
CVE-2015-5911 (Multiple unspecified vulnerabilities in Twisted in Wiki Server in Appl ...)
	NOT-FOR-US: Apple
CVE-2015-5910 (IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server ...)
	NOT-FOR-US: Apple
CVE-2015-5909 (IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict  ...)
	NOT-FOR-US: Apple
CVE-2015-5908
	REJECTED
CVE-2015-5907 (WebKit in Apple iOS before 9 allows man-in-the-middle attackers to con ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5906 (The HTML form implementation in WebKit in Apple iOS before 9 does not  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5905 (Safari in Apple iOS before 9 allows remote attackers to spoof the rela ...)
	NOT-FOR-US: Apple
CVE-2015-5904 (Safari in Apple iOS before 9 allows remote attackers to spoof the rela ...)
	NOT-FOR-US: Apple
CVE-2015-5903 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-5902 (The debugging feature in the kernel in Apple OS X before 10.11 mismana ...)
	NOT-FOR-US: Apple
CVE-2015-5901 (The Secure Empty Trash feature in Finder in Apple OS X before 10.11 im ...)
	NOT-FOR-US: Apple
CVE-2015-5900 (The protected range register in the EFI component in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5899 (libpthread in the kernel in Apple iOS before 9 allows local users to g ...)
	NOT-FOR-US: Apple
CVE-2015-5898 (CFNetwork in Apple iOS before 9 relies on the hardware UID for its cac ...)
	NOT-FOR-US: Apple
CVE-2015-5897 (The Address Book framework in Apple OS X before 10.11 allows local use ...)
	NOT-FOR-US: Apple
CVE-2015-5896 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-5895 (Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as use ...)
	NOT-FOR-US: Apple
CVE-2015-5894 (The X.509 certificate-trust implementation in Apple OS X before 10.11  ...)
	NOT-FOR-US: Apple
CVE-2015-5893 (SMBClient in SMB in Apple OS X before 10.11 allows local users to obta ...)
	NOT-FOR-US: Apple
CVE-2015-5892 (Siri in Apple iOS before 9 allows physically proximate attackers to by ...)
	NOT-FOR-US: Apple
CVE-2015-5891 (The SMB implementation in the kernel in Apple OS X before 10.11 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5890 (IOGraphics in Apple OS X before 10.11 allows local users to gain privi ...)
	NOT-FOR-US: Apple
CVE-2015-5889 (rsh in the remote_cmds component in Apple OS X before 10.11 allows loc ...)
	NOT-FOR-US: Apple
CVE-2015-5888 (The Install Framework Legacy component in Apple OS X before 10.11 allo ...)
	NOT-FOR-US: Apple
CVE-2015-5887 (The TLS Handshake Protocol implementation in Secure Transport in Apple ...)
	NOT-FOR-US: Apple
CVE-2015-5886
	REJECTED
CVE-2015-5885 (The CFNetwork Cookies component in Apple iOS before 9 allows remote at ...)
	NOT-FOR-US: Apple
CVE-2015-5884 (The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles en ...)
	NOT-FOR-US: Apple
CVE-2015-5883 (The bidirectional text-display and text-selection implementations in T ...)
	NOT-FOR-US: Apple
CVE-2015-5882 (The processor_set_tasks API implementation in Apple iOS before 9 allow ...)
	NOT-FOR-US: Apple
CVE-2015-5881
	REJECTED
CVE-2015-5880 (CoreAnimation in Apple iOS before 9 allows attackers to bypass intende ...)
	NOT-FOR-US: Apple
CVE-2015-5879 (XNU in the kernel in Apple iOS before 9 does not properly validate the ...)
	NOT-FOR-US: Apple
CVE-2015-5878 (Notes in Apple OS X before 10.11 misparses links, which allows local u ...)
	NOT-FOR-US: Apple
CVE-2015-5877 (The Intel Graphics Driver component in Apple OS X before 10.11 allows  ...)
	NOT-FOR-US: Apple
CVE-2015-5876 (dyld in Dev Tools in Apple iOS before 9 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2015-5875 (Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5874 (CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote at ...)
	NOT-FOR-US: Apple
CVE-2015-5873 (IOGraphics in Apple OS X before 10.11 allows local users to gain privi ...)
	NOT-FOR-US: Apple
CVE-2015-5872 (IOGraphics in Apple OS X before 10.11 allows local users to gain privi ...)
	NOT-FOR-US: Apple
CVE-2015-5871 (IOGraphics in Apple OS X before 10.11 allows local users to gain privi ...)
	NOT-FOR-US: Apple
CVE-2015-5870 (The debugging interfaces in the kernel in Apple OS X before 10.11 allo ...)
	NOT-FOR-US: Apple
CVE-2015-5869 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Apple
CVE-2015-5868 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-5867 (IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrar ...)
	NOT-FOR-US: Apple
CVE-2015-5866 (IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2015-5865 (IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensi ...)
	NOT-FOR-US: Apple
CVE-2015-5864 (IOAudioFamily in Apple OS X before 10.11 allows local users to obtain  ...)
	NOT-FOR-US: Apple
CVE-2015-5863 (IOStorageFamily in Apple iOS before 9 does not properly initialize an  ...)
	NOT-FOR-US: Apple
CVE-2015-5862 (The Audio component in Apple iOS before 9 allows remote attackers to c ...)
	NOT-FOR-US: Apple
CVE-2015-5861 (SpringBoard in Apple iOS before 9 allows physically proximate attacker ...)
	NOT-FOR-US: Apple
CVE-2015-5860 (The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles  ...)
	NOT-FOR-US: Apple
CVE-2015-5859 (The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X be ...)
	NOT-FOR-US: Apple
CVE-2015-5858 (The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remo ...)
	NOT-FOR-US: Apple
CVE-2015-5857 (Mail in Apple iOS before 9 allows remote attackers to use an address-b ...)
	NOT-FOR-US: Apple
CVE-2015-5856 (The Application Store component in Apple iOS before 9 allows remote at ...)
	NOT-FOR-US: Apple
CVE-2015-5855 (Apple iOS before 9 allows attackers to discover the e-mail address of  ...)
	NOT-FOR-US: Apple
CVE-2015-5854 (The backup implementation in Time Machine in Apple OS X before 10.11 a ...)
	NOT-FOR-US: Apple
CVE-2015-5853 (AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers  ...)
	NOT-FOR-US: Apple
CVE-2015-5852
	REJECTED
CVE-2015-5851 (The convenience initializer in the Multipeer Connectivity component in ...)
	NOT-FOR-US: Apple
CVE-2015-5850 (AppleKeyStore in Apple iOS before 9 allows physically proximate attack ...)
	NOT-FOR-US: Apple
CVE-2015-5849 (The filtering implementation in AppleEvents in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5848 (IOAcceleratorFamily in Apple iOS before 9 allows local users to gain p ...)
	NOT-FOR-US: Apple
CVE-2015-5847 (The Disk Images component in Apple iOS before 9 allows local users to  ...)
	NOT-FOR-US: Apple
CVE-2015-5846 (IOKit in the kernel in Apple iOS before 9 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2015-5845 (IOKit in the kernel in Apple iOS before 9 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2015-5844 (IOKit in the kernel in Apple iOS before 9 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2015-5843 (IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain p ...)
	NOT-FOR-US: Apple
CVE-2015-5842 (XNU in the kernel in Apple iOS before 9 does not properly initialize a ...)
	NOT-FOR-US: Apple
CVE-2015-5841 (The CFNetwork Proxies component in Apple iOS before 9 does not properl ...)
	NOT-FOR-US: Apple
CVE-2015-5840 (The checkint division routines in removefile in Apple iOS before 9 all ...)
	NOT-FOR-US: Apple
CVE-2015-5839 (dyld in Apple iOS before 9 allows attackers to bypass a code-signing p ...)
	NOT-FOR-US: Apple
CVE-2015-5838 (SpringBoard in Apple iOS before 9 does not properly restrict access to ...)
	NOT-FOR-US: Apple
CVE-2015-5837 (PluginKit in Apple iOS before 9 allows attackers to bypass an intended ...)
	NOT-FOR-US: Apple
CVE-2015-5836 (Apple Online Store Kit in Apple OS X before 10.11 improperly validates ...)
	NOT-FOR-US: Apple
CVE-2015-5835 (Apple iOS before 9 allows attackers to obtain sensitive information ab ...)
	NOT-FOR-US: Apple
CVE-2015-5834 (IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain s ...)
	NOT-FOR-US: Apple
CVE-2015-5833 (The Login Window component in Apple OS X before 10.11 does not ensure  ...)
	NOT-FOR-US: Apple
CVE-2015-5832 (The iTunes Store component in Apple iOS before 9 does not properly del ...)
	NOT-FOR-US: Apple
CVE-2015-5831 (NetworkExtension in the kernel in Apple iOS before 9 does not properly ...)
	NOT-FOR-US: Apple
CVE-2015-5830 (The Intel Graphics Driver component in Apple OS X before 10.11 allows  ...)
	NOT-FOR-US: Apple
CVE-2015-5829 (Data Detectors Engine in Apple iOS before 9 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-5828 (The API in the WebKit Plug-ins component in Apple Safari before 9 does ...)
	NOT-FOR-US: Apple Safari
CVE-2015-5827 (WebKit in Apple iOS before 9 allows remote attackers to bypass the Sam ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5826 (WebKit in Apple iOS before 9 does not properly select the cases in whi ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5825 (WebKit in Apple iOS before 9 does not properly restrict the availabili ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5824 (The NSURL implementation in the CFNetwork SSL component in Apple iOS b ...)
	NOT-FOR-US: Apple
CVE-2015-5823 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5822 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5821 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5820 (WebKit in Apple iOS before 9 allows remote attackers to trigger a dial ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5819 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5818 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5817 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5816 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5815 (WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5814 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5813 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5812 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5811 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5810 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5809 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5808 (WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5807 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5806 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5805 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5804 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5803 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5802 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5801 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5800 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5799 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5798 (WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5797 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5796 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5795 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5794 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5793 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5792 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5791 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5790 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5789 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5788 (The WebKit Canvas implementation in Apple iOS before 9 allows remote a ...)
	NOT-FOR-US: Apple
CVE-2015-5787 (The kernel in Apple iOS before 8.4.1 does not properly restrict debugg ...)
	NOT-FOR-US: Apple
CVE-2015-5786 (Apple QuickTime before 7.7.8 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple
CVE-2015-5785 (Apple QuickTime before 7.7.8 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple
CVE-2015-5784 (runner in Install.framework in the Install Framework Legacy component  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5783 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ar ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5782 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not pro ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5781 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not pro ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5780 (The Safari Extensions implementation in Apple Safari before 9 does not ...)
	NOT-FOR-US: Apple
CVE-2015-5779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5778 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5777 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5776 (Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remot ...)
	NOT-FOR-US: Apple
CVE-2015-5775 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows re ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5774 (Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X befo ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5773 (QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows rem ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5772 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 al ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5771 (Quartz Composer Framework in Apple OS X before 10.10.5 allows remote a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5770 (MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqu ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5769 (The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5768 (AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5767 (The user interface in Safari in Apple iOS before 9 allows remote attac ...)
	NOT-FOR-US: Apple
CVE-2015-5766 (Directory traversal vulnerability in Air Traffic in Apple iOS before 8 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5765 (The user interface in Safari in Apple iOS before 9 allows remote attac ...)
	NOT-FOR-US: Apple
CVE-2015-5764 (The user interface in Safari in Apple iOS before 9 allows remote attac ...)
	NOT-FOR-US: Apple
CVE-2015-5763 (ntfs in Apple OS X before 10.10.5 allows local users to gain privilege ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5762
	RESERVED
CVE-2015-5761 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remo ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5760
	REJECTED
CVE-2015-5759 (WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clic ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5758 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remot ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5757 (libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows at ...)
	NOT-FOR-US: Apple
CVE-2015-5756 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows re ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5755 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remo ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5754 (Race condition in runner in Install.framework in the Install Framework ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5753 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5752 (Backup in Apple iOS before 8.4.1 allows attackers to bypass intended r ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5751 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5750 (Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5749 (The Sandbox_profiles component in Apple iOS before 8.4.1 allows attack ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5748 (The kernel in Apple OS X before 10.10.5 does not properly mount HFS vo ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5747 (The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5746 (AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5744
	RESERVED
CVE-2015-5743
	RESERVED
CVE-2015-5742 (VeeamVixProxy in Veeam Backup &amp; Replication (B&amp;R) before 8.0 u ...)
	NOT-FOR-US: Veeam
CVE-2015-5738 (The RSA-CRT implementation in the Cavium Software Development Kit (SDK ...)
	- openssl <not-affected> (OpenSSL upstream is not affected)
CVE-2015-5959 (Froxlor before 0.9.33.2 with the default configuration/setup might all ...)
	- froxlor <itp> (bug #581792)
CVE-2015-5957 (Buffer overflow in the DumpSysVar function in var.c in Remind before 3 ...)
	{DLA-289-1}
	- remind 03.01.15-1 (unimportant)
	NOTE: Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE
CVE-2015-5745 (Buffer overflow in the send_control_msg function in hw/char/virtio-ser ...)
	{DSA-3349-1 DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #795087)
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3)
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0)
	NOTE: Patch for wheezy needs change since uses iov_from_buf:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dcf6f5e15ecee4f593eeacbe0591c1addc004d92
	NOTE: iov_* function changed in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2278a69e7020d86a8c73a28474e7709d3e7d5081 (v1.2.0-rc0)
CVE-2015-5737 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) md ...)
	NOT-FOR-US: Fortinet
CVE-2015-5736 (The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows ...)
	NOT-FOR-US: Fortinet
CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4 ...)
	NOT-FOR-US: Fortinet
CVE-2015-5729 (The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14 ...)
	NOT-FOR-US: Samsung
CVE-2015-5728
	RESERVED
CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11. ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.10-1
	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
	NOTE: http://botan.randombit.net/security.html
CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11. ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.10-1
	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
	NOTE: http://botan.randombit.net/security.html
CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record  ...)
	- codeigniter <itp> (bug #471583)
CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x bef ...)
	{DLA-449-1}
	- botan1.10 1.10.8-1
	NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
	NOTE: http://botan.randombit.net/security.html
CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...)
	- golang 2:1.4.2-4 (bug #795106)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
	NOTE: https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
CVE-2015-5740 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...)
	- golang 2:1.4.2-4 (bug #795106)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
	NOTE: https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
CVE-2015-5739 (The net/http library in net/textproto/reader.go in Go before 1.4.3 doe ...)
	- golang 2:1.4.2-4 (bug #795106)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
CVE-2015-5724
	RESERVED
CVE-2015-5722 (buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9. ...)
	{DSA-3350-1 DLA-308-1}
	- bind9 1:9.9.5.dfsg-12
	NOTE: https://kb.isc.org/article/AA-01287
CVE-2015-5721 (Malware Information Sharing Platform (MISP) before 2.3.90 allows remot ...)
	NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5720 (Multiple cross-site scripting (XSS) vulnerabilities in the template-cr ...)
	NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5719 (app/Controller/TemplatesController.php in Malware Information Sharing  ...)
	NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5718 (Stack-based buffer overflow in the handle_debug_network function in th ...)
	NOT-FOR-US: Websense Content Gateway
CVE-2015-5734 (Cross-site scripting (XSS) vulnerability in the legacy theme preview i ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33549
CVE-2015-5733 (Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessi ...)
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	[jessie] - wordpress 4.1+dfsg-1+deb8u1
	[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
	[squeeze] - wordpress 3.6.1+dfsg-1~deb6u6
	NOTE: For jessie and wheezy the fix was already contained
	NOTE: in a previous update. The the same was included in
	NOTE: the fix with cs32176_dashboard_esc_titles
	NOTE: but the issue apparently later reintroduced
	NOTE: https://core.trac.wordpress.org/changeset/33540
	NOTE: https://core.trac.wordpress.org/changeset/33541
CVE-2015-5732 (Cross-site scripting (XSS) vulnerability in the form function in the W ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33529
CVE-2015-5731 (Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php i ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33542
	NOTE: https://core.trac.wordpress.org/changeset/33543
CVE-2015-5730 (The sanitize_widget_instance function in wp-includes/class-wp-customiz ...)
	{DSA-3332-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	[squeeze] - wordpress <not-affected> (Vulnerable code introduced later)
	[wheezy] - wordpress <not-affected> (Vulnerable code introduced later)
	NOTE: https://core.trac.wordpress.org/changeset/33535
	NOTE: https://core.trac.wordpress.org/changeset/33536
CVE-2015-5717 (The Siemens COMPAS Mobile application before 1.6 for Android does not  ...)
	NOT-FOR-US: Siemens
CVE-2015-5716
	RESERVED
CVE-2015-5715 (The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in  ...)
	{DSA-3383-1 DSA-3375-1 DLA-321-1}
	- wordpress 4.3.1+dfsg-1 (bug #799140)
	NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
	NOTE: https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab
CVE-2015-5714 (Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 all ...)
	{DSA-3383-1 DSA-3375-1 DLA-321-1}
	- wordpress 4.3.1+dfsg-1 (bug #799140)
	NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
	NOTE: https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8
CVE-2015-5713 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfir ...)
	NOT-FOR-US: TIBCO
CVE-2015-5712 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfir ...)
	NOT-FOR-US: TIBCO
CVE-2015-5711 (TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File ...)
	NOT-FOR-US: TIBCO
CVE-2015-5710
	RESERVED
CVE-2015-5709
	RESERVED
CVE-2015-5708
	RESERVED
CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in Op ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-8395 (PCRE before 8.38 mishandles certain references, which allows remote at ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
	NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
	NOTE: Same fix as used for CVE-2015-8381
CVE-2015-8394 (PCRE before 8.38 mishandles the (?(&lt;digits&gt;) and (?(R&lt;digits& ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1589
CVE-2015-8393 (pcregrep in PCRE before 8.38 mishandles the -q option for binary files ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1586
CVE-2015-8392 (PCRE before 8.38 mishandles certain instances of the (?| substring, wh ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
	NOTE: related issue to CVE-2015-8384 and CVE-2015-8395
CVE-2015-8391 (The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishan ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1579
	NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=640
CVE-2015-8390 (PCRE before 8.38 mishandles the [: and \\ substrings in character clas ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1578
CVE-2015-8389 (PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related pa ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 8.38
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1577
	NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1440
	NOTE: Only after r1577 looks like there is another new issue (stack-buffer-underflow, READ of size 4 when running PoC)
CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?&lt;=(?1))|(?=(.))))/ pattern  ...)
	- pcre3 2:8.35-7
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1571
	NOTE: Fixed in 8.38
	NOTE: Different issue than CVE-2015-5073 but same fixing commit
CVE-2015-8387 (PCRE before 8.38 mishandles (?123) subroutine calls and related subrou ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1563
CVE-2015-8386 (PCRE before 8.38 mishandles the interaction of lookbehind assertions a ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1560
	NOTE: Reproducer fails starting from at least http://vcs.pcre.org/pcre?view=revision&revision=1379
	NOTE: but the patched code is as well already present in wheezy at least.
CVE-2015-8385 (PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and rel ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1559
CVE-2015-8384 (PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and re ...)
	- pcre3 2:8.35-7.2
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
	NOTE: related issue to CVE-2015-8392 and CVE-2015-8395
	NOTE: Fixed in 8.38
	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1558
	NOTE: Same fixing commit as CVE-2015-3210 but different issues
CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups, which ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (vulnerable coded introduce in 8.34)
	[squeeze] - pcre3 <not-affected> (vulnerable code introduced in 8.34)
	NOTE: Fixed in 8.38
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/29/1
	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1557
	NOTE: Introduced by/first bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1365
CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles the / ...)
	- pcre3 2:8.35-7.2 (bug #794589)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1537
	NOTE: Fixed upstream in upstream release pcre-8.37
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/04/2
CVE-2015-XXXX [more to CVE-2015-2059]
	- libidn 1.32-1
	[jessie] - libidn 1.29-1+deb8u1
	[wheezy] - libidn 1.25-2+deb7u1
	[squeeze] - libidn 1.15-2+deb6u2
	NOTE: Introduced by fix for CVE-2015-2059
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html
	NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=58c721ac2dc96bccd737f3f544f3a22a50477bbf
	NOTE: Testcase: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=c261018477f971d274dee305d27f8bff4afd4238
	NOTE: squeeze-tagged entry as temporary workaround until CVE assigned for issue solved in DLA-291-1
CVE-2015-XXXX [Sidekiq::Web lacks CSRF protection]
	- ruby-sidekiq 3.4.2~dfsg-3
	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
	NOTE: https://github.com/mperham/sidekiq/pull/2422
	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/cf3c43b2410c4573e05ac119494e41115f4140ad
	NOTE: Fix released in sidekiq 3.4.2
	NOTE: Follow-up fix: https://github.com/mperham/sidekiq/commit/75a3524c919857aac16e0541b0cb107f48d00694
	NOTE: Follow-up commit not included in 3.4.2~dfsg-1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via job arguments display class in Sidekiq::Web]
	- ruby-sidekiq 3.4.2~dfsg-3
	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
	NOTE: https://github.com/mperham/sidekiq/pull/2309
	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/54766f336620ca0ce3b0b87a7a56382496e64b61
	NOTE: Fix released in sidekiq 3.4.0
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via queue name in Sidekiq::Web]
	- ruby-sidekiq 3.4.2~dfsg-3
	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
	NOTE: https://github.com/mperham/sidekiq/issues/2330
	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
	NOTE: Fix released in sidekiq 3.4.0
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-5707 (Integer overflow in the sg_start_req function in drivers/scsi/sg.c in  ...)
	{DSA-3329-1 DLA-310-1}
	- linux 4.1.3-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/6
	NOTE: Probably introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10db10d144c0248f285242f79daf6b9de6b00a62 (v2.6.28-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 (v4.1-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee (v4.1-rc1)
CVE-2015-5706 (Use-after-free vulnerability in the path_openat function in fs/namei.c ...)
	- linux 4.0.4-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u3
	[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/5
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60545d0d4610b02e55f65d141c95b18ccf855b6e (v3.11-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0 (v4.1-rc3)
CVE-2014-9939 (ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow wh ...)
	{DLA-552-1 DLA-324-1}
	- binutils 2.25.90.20151125-1
	[jessie] - binutils <ignored> (Minor issue)
	- gdb 7.10-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/31/6
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18750
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
CVE-2015-5702
	RESERVED
CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2015-5705 (Argument injection vulnerability in devscripts before 2.15.7 allows re ...)
	- devscripts 2.15.8 (bug #794365)
	[jessie] - devscripts <not-affected> (Vulnerable code not present)
	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
	[squeeze] - devscripts <not-affected> (Vulnerable code not present)
	NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
CVE-2015-5704 (scripts/licensecheck.pl in devscripts before 2.15.7 allows local users ...)
	- devscripts 2.15.7 (bug #794260)
	[jessie] - devscripts <not-affected> (Vulnerable code not present)
	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
	[squeeze] - devscripts <not-affected> (Vulnerable code not present)
	NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/1
CVE-2015-5699 (The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux ...)
	NOT-FOR-US: Cumulus Linux
	NOTE: https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2015-July/000002.html
CVE-2015-5698 (Cross-site request forgery (CSRF) vulnerability in the web server on S ...)
	NOT-FOR-US: Siemens
CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a  ...)
	NOT-FOR-US: Dell Netvault Backup
CVE-2015-5693 (The management console on Symantec Web Gateway (SWG) appliances with s ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5692 (admin_messages.php in the management console on Symantec Web Gateway ( ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5691 (Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in  ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5690 (The management console on Symantec Web Gateway (SWG) appliances with s ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5689 (ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Sui ...)
	NOT-FOR-US: Symantec
CVE-2009-5148
	RESERVED
CVE-2015-5695 (Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo doe ...)
	[experimental] - designate 1:1.0.0~b2-1
	- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
	[jessie] - designate 2014.1-18+deb8u1
CVE-2015-5694 (Designate does not enforce the DNS protocol limit concerning record se ...)
	[experimental] - designate 1:1.0.0~b2-1
	- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
	[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy before  ...)
	NOT-FOR-US: Geddy
	NOTE: https://github.com/geddy/geddy/issues/697
	NOTE: https://github.com/geddy/geddy/pull/699
	NOTE: https://nodesecurity.io/advisories/10
CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote at ...)
	NOT-FOR-US: Anchor CMS
CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be susceptibl ...)
	NOT-FOR-US: Puppet Enterprise Console
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstra ...)
	{DLA-312-1}
	- libtorrent-rasterbar 1.0.6-1 (bug #797046)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <no-dsa> (Minor issue)
	NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
	NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
CVE-2015-5684 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
	NOT-FOR-US: Lenovo
CVE-2015-5683
	RESERVED
CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows re ...)
	NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the Powerplay  ...)
	NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5680
	RESERVED
CVE-2015-5679
	RESERVED
CVE-2015-5678
	RESERVED
CVE-2015-5677 (bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable pe ...)
	NOT-FOR-US: bsnmpd
CVE-2015-5676
	RESERVED
CVE-2015-5675 (The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allow ...)
	- kfreebsd-10 10.1~svn274115-10 (unimportant; bug #796996)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed> (bug #796997)
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
CVE-2015-5674 (The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 befo ...)
	NOT-FOR-US: routed daemon in FreeBSD
CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp)  ...)
	NOT-FOR-US: ISUCON5 qualifier portal
CVE-2015-5672 (TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Nig ...)
	NOT-FOR-US: TYPE-MOON
CVE-2015-5671 (Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5670 (Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisy ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5669 (Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticate ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5668 (SQL injection vulnerability in Techno Project Japan Enisys Gw before 1 ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5667 (Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module b ...)
	{DLA-339-1}
	- libhtml-scrubber-perl 0.15-1 (bug #803943)
	[jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
	[wheezy] - libhtml-scrubber-perl 0.09-1+deb7u1
	NOTE: Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
CVE-2015-5666 (ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and e ...)
	NOT-FOR-US: ANA App
CVE-2015-5665 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11 ...)
	NOT-FOR-US: LOCKON
CVE-2015-5664 (Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS b ...)
	NOT-FOR-US: QNAP
CVE-2015-5663 (The file-execution functionality in WinRAR before 5.30 beta 5 allows l ...)
	NOT-FOR-US: WinRAR
CVE-2015-5662 (Directory traversal vulnerability in Avast before 150918-0 allows remo ...)
	NOT-FOR-US: Avast
CVE-2015-5661 (The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mis ...)
	NOT-FOR-US: SAND STUDIO AirDroid
CVE-2015-5660 (Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2. ...)
	{DLA-485-1}
	- extplorer <removed>
	NOTE: http://extplorer.net/news/18
	NOTE: http://extplorer.net/projects/extplorer/repository/diff?utf8=%E2%9C%93&rev=242&rev_to=241
CVE-2015-5659 (SQL injection vulnerability in Network Applied Communication Laborator ...)
	NOT-FOR-US: Network Applied Communication Laboratory Pref Shimane CMS
CVE-2015-5658
	REJECTED
CVE-2015-5657
	REJECTED
CVE-2015-5656
	REJECTED
CVE-2015-5655 (The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509  ...)
	NOT-FOR-US: Adways Party Track SDK
CVE-2015-5654 (Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 al ...)
	- dojo <not-affected> (Fixed before the first version in Debian)
CVE-2015-5653 (Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows re ...)
	NOT-FOR-US: Canary Labs Trend Web Server
CVE-2015-5652 (Untrusted search path vulnerability in python.exe in Python through 3. ...)
	NOT-FOR-US: Python on Windows
CVE-2015-5651 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allo ...)
	- dotclear <removed> (bug #815979)
	NOTE: http://dotclear.org/blog/post/2015/09/23/Dotclear-2.8.1
CVE-2015-5650 (Directory traversal vulnerability in AjaXplorer 2.0 allows remote atta ...)
	NOT-FOR-US: AjaXplorer
CVE-2015-5649 (Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authe ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2015-5648 (SQL injection vulnerability in list.php in phpRechnung before 1.6.5 al ...)
	NOT-FOR-US: phpRechnung
CVE-2015-5647 (The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x th ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2015-5646 (Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote au ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2015-5645 (ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtai ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5644 (The installer in ICZ MATCHA SNS before 1.3.7 does not properly configu ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5643 (The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly con ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5642 (Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2. ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5641 (SQL injection vulnerability in baserCMS before 3.0.8 allows remote aut ...)
	NOT-FOR-US: baserCMS
CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to modify arbi ...)
	NOT-FOR-US: baserCMS
CVE-2015-5639 (niconico App for iOS before 6.38 does not verify SSL certificates whic ...)
	NOT-FOR-US: niconico App for iOS
CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/921
CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows attacke ...)
	NOT-FOR-US: Newphoria
CVE-2015-5636 (The Newphoria Reversi application before 1.0.3 for Android and before  ...)
	NOT-FOR-US: Newphoria
CVE-2015-5635 (The Newphoria Koritore application before 1.1 for Android and before 1 ...)
	NOT-FOR-US: Newphoria
CVE-2015-5634 (The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and b ...)
	NOT-FOR-US: Newphoria
CVE-2015-5633 (The Newphoria Auction Camera application for iOS and before 1.2 for An ...)
	NOT-FOR-US: Newphoria
CVE-2015-5632 (The runtime engine in the Newphoria applican framework before 1.12.3 f ...)
	NOT-FOR-US: Newphoria
CVE-2015-5631 (Cross-site request forgery (CSRF) vulnerability in the Remote UI on Ca ...)
	NOT-FOR-US: Canon
CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform ...)
	NOT-FOR-US: NTT
CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6. ...)
	NOT-FOR-US: NTT
CVE-2015-5628 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
	NOT-FOR-US: Yokogawa
CVE-2015-5627 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
	NOT-FOR-US: Yokogawa
CVE-2015-5626 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
	NOT-FOR-US: Yokogawa
CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 al ...)
	NOT-FOR-US: OpenDocMan
CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELP ...)
	NOT-FOR-US: FreeBit
CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kernel be ...)
	{DSA-3329-1 DLA-310-1}
	- linux 4.1.3-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 (v4.2-rc6)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/2
CVE-2015-5620
	RESERVED
CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack out ...)
	- logstash <itp> (bug #664841)
CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow remo ...)
	NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices
CVE-2015-5617 (SQL injection vulnerability in pub/m_pending_news/delete_pending_news. ...)
	NOT-FOR-US: Enorth Webpublisher CMS
CVE-2015-5616
	RESERVED
CVE-2015-5615
	REJECTED
CVE-2015-5614
	REJECTED
CVE-2015-5613 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and  ...)
	NOT-FOR-US: October CMS
CVE-2015-5612 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and  ...)
	NOT-FOR-US: October CMS
CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts capabil ...)
	{DSA-3328-1}
	- wordpress 4.2.3+dfsg-1
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/33357
CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 all ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.3+dfsg-1
	NOTE: https://core.trac.wordpress.org/changeset/33359
CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in certa ...)
	NOT-FOR-US: Uconnect
CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central bef ...)
	NOT-FOR-US: SolarWinds
CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin 1.1 f ...)
	NOT-FOR-US: Image Export plugin for WordPress
CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. ...)
	NOT-FOR-US: Joomla!
CVE-2015-5606 (Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remot ...)
	NOT-FOR-US: Vordel XML Gateway
CVE-2015-5605 (The regular-expression implementation in Google V8, as used in Google  ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-5604
	RESERVED
CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows re ...)
	NOT-FOR-US: HipChat plugin
CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privileges v ...)
	{DSA-3440-1 DLA-382-1}
	- sudo 1.8.15-1.1 (bug #804149)
	NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
	NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781
CVE-2015-5601 (edx-platform before 2015-07-20 allows code execution by privileged use ...)
	NOT-FOR-US: Open edX
CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...)
	{DLA-1500-1 DLA-288-1}
	- openssh 1:6.9p1-1 (bug #793616)
	[wheezy] - openssh <no-dsa> (Minor issue; not in default configurations)
	NOTE: http://seclists.org/fulldisclosure/2015/Jul/92
	NOTE: Affects configurations that have KbdInteractiveAuthentication set
	NOTE: to yes. Default for KbdInteractiveAuthentication is to use whatever
	NOTE: value ChallengeResponseAuthentication is set to, which is 'no' in
	NOTE: default configurations in Debian.
CVE-2015-5599 (Multiple SQL injection vulnerabilities in upload.php in the Powerplay  ...)
	NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5598
	RESERVED
CVE-2015-5597
	RESERVED
CVE-2015-5596
	RESERVED
CVE-2015-5595 (Cross-site request forgery (CSRF) vulnerability in admin.php in Zenpho ...)
	NOT-FOR-US: Zenphoto
CVE-2015-5594 (The sanitize_string function in ZenPhoto before 1.4.9 utilized the htm ...)
	NOT-FOR-US: Zenphoto
CVE-2015-5593 (The sanitize_string function in Zenphoto before 1.4.9 does not properl ...)
	NOT-FOR-US: Zenphoto
CVE-2015-5592 (Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allow ...)
	NOT-FOR-US: Zenphoto
CVE-2015-5591 (SQL injection vulnerability in Zenphoto before 1.4.9 allow remote admi ...)
	NOT-FOR-US: Zenphoto
CVE-2015-5588 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5587 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5586 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-5585
	REJECTED
CVE-2015-5584 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5583 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,  ...)
	NOT-FOR-US: Adobe
CVE-2015-5582 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5581 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5580 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5579 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5578 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5577 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5576 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5575 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5574 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5573 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5572 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5571 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5570 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5569 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5568 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5567 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5566 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5565 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5564 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5563 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5562 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5561 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5560 (Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5559 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5558 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5557 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5556 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5555 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5554 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5553 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5552 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5551 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5550 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5549 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5548 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5547 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5546 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5545 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5544 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5543
	REJECTED
CVE-2015-5542
	REJECTED
CVE-2015-5541 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5540 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5539 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5538 (Multiple unspecified vulnerabilities in Citrix NetScaler Application D ...)
	NOT-FOR-US: Citrix
CVE-2015-5537 (The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2 ...)
	NOT-FOR-US: Siemens
CVE-2015-XXXX [integer overflow]
	- freexl 1.0.2-1
	[jessie] - freexl 1.0.0g-1+deb8u2
	[wheezy] - freexl 1.0.0b-1+deb7u2
	NOTE: For the issue fixed in DSA-3310-1 not yet CVEified
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/06/7
CVE-2015-XXXX [SQL Injection in host_templates.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2584
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in graph_templates.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2583
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in data_templates.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2582
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in cdef.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2580
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection Vulnerability in data sources]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2579
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection Vulnerability in graph items and graph template items]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2574
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69923
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
	NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69958
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
	NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5536 (Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.1 ...)
	NOT-FOR-US: Belkin router
CVE-2015-5535 (Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5. ...)
	NOT-FOR-US: qTranslate plugin for wordpress
CVE-2015-5534 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall b ...)
	NOT-FOR-US: Oxwall
CVE-2015-5533 (SQL injection vulnerability in counter-options.php in the Count Per Da ...)
	NOT-FOR-US: WordPress plugin count-per-day
CVE-2015-5532 (Multiple cross-site scripting (XSS) vulnerabilities in the Paid Member ...)
	NOT-FOR-US: WordPress plugin paid-memberships-pro
CVE-2015-5530 (Multiple cross-site request forgery (CSRF) vulnerabilities in Free Rep ...)
	NOT-FOR-US: Free Reprintables
CVE-2015-5529 (Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintabl ...)
	NOT-FOR-US: Free Reprintables
CVE-2015-5528 (Cross-site scripting (XSS) vulnerability in the save_order function in ...)
	NOT-FOR-US: save_order function in class-floating-social-bar.php in the Floating Social Bar plugin for WordPress
CVE-2015-5527
	RESERVED
CVE-2015-5526
	RESERVED
CVE-2015-5525
	RESERVED
CVE-2015-5524 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2015-5531 (Directory traversal vulnerability in Elasticsearch before 1.6.1 allows ...)
	- elasticsearch 1.6.1+dfsg-1 (bug #792617)
	[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389)
	NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
CVE-2015-5521 (Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows  ...)
	NOT-FOR-US: BlackCat CMS
CVE-2015-5520 (Cross-site scripting (XSS) vulnerability in the Users module in Orchar ...)
	NOT-FOR-US: Orchard CMS
CVE-2015-5519 (Cross-site scripting (XSS) vulnerability in the applyConvolution demo  ...)
	NOT-FOR-US: WideImage
CVE-2015-5518
	RESERVED
CVE-2015-5517
	RESERVED
CVE-2015-8176
	REJECTED
CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and L ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before 1.9.2  ...)
	{DLA-1923-1}
	- ansible 1.9.2+dfsg-1 (low)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x- ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5514 (Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5513 (Cross-site scripting (XSS) vulnerability in the Shibboleth authenticat ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5512 (The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1 ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5511 (The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal  ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5510 (Open redirect vulnerability in the Content Construction Kit (CCK) 6.x- ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5509 (The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, whe ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5508 (Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provide ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5507 (Cross-site scripting (XSS) vulnerability in the Inline Entity Form mod ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5506 (The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal doe ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5505 (The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1. ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5504 (SQL injection vulnerability in the Novalnet Payment Module Ubercart mo ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5503 (Open redirect vulnerability in the Chamilo integration module 7.x-1.x  ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5502 (The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not prop ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5501 (The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x befor ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5500 (Cross-site scripting (XSS) vulnerability in the Navigate module for Dr ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5499 (The Navigate module for Drupal does not properly check permissions, wh ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5498 (The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not ch ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5497 (Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2 ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5496 (The pass2pdf module for Drupal does not restrict access to generated P ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5495 (Cross-site scripting (XSS) vulnerability in the Mobile sliding menu mo ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5494 (Cross-site scripting (XSS) vulnerability in the Webform Matrix Compone ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5493 (The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5492 (Cross-site scripting (XSS) vulnerability in the Video Consultation mod ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5491 (The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal all ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5490 (The _views_fetch_data method in includes/cache.inc in the Views module ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5489 (Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x- ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5488 (Cross-site scripting (XSS) vulnerability in the MailChimp Signup submo ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5487 (Cross-site scripting (XSS) vulnerability in the Camtasia Relay module  ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5486
	RESERVED
CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page (imp ...)
	NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress
CVE-2015-5484 (Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1 ...)
	NOT-FOR-US: Plotly plugin for WordPress
CVE-2015-5483 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Priv ...)
	NOT-FOR-US: Private Only plugin for WordPress
CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...)
	NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD ...)
	NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5480
	RESERVED
CVE-2015-5479 (The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav be ...)
	{DLA-644-1}
	- ffmpeg <not-affected> (Vulnerable code not present)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed> (low)
	[jessie] - libav 6:11.6-1~deb8u1
	[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
	NOTE: Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=0a49a62f998747cfa564d98d36a459fe70d3299b
	NOTE: Fixed in libav 11.5
CVE-2015-5478
	RESERVED
CVE-2015-5477 (named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allo ...)
	{DSA-3319-1 DLA-285-1}
	- bind9 1:9.9.5.dfsg-11 (bug #793903)
	NOTE: https://kb.isc.org/article/AA-01272/0
CVE-2015-5476
	RESERVED
CVE-2015-5475 (Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker ...)
	{DSA-3335-1}
	- request-tracker4 4.2.11-2
	NOTE: https://github.com/bestpractical/rt/commit/67d517ba3421ba462e349c73207a627d137ef8ac (4.2.x)
	NOTE: https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9 (4.0.x)
CVE-2015-5474 (BitTorrent and uTorrent allow remote attackers to inject command line  ...)
	NOT-FOR-US: uTorrent
CVE-2015-5473 (Multiple directory traversal vulnerabilities in Samsung SyncThru 6 bef ...)
	NOT-FOR-US: Samsung
CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the IBS M ...)
	NOT-FOR-US: IBS Mappro plugin for WordPress
CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in  ...)
	NOT-FOR-US: Swim Team plugin for WordPress
CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube Downloader pl ...)
	NOT-FOR-US: MDC YouTube Downloader plugin for WordPress
CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styling pl ...)
	NOT-FOR-US: Commerce Shop Styling plugin for WordPress
CVE-2015-5467
	RESERVED
CVE-2015-5466 (Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA  ...)
	NOT-FOR-US: Silicon Integrated Systems XGI WindowsXP Display Manager
CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver M ...)
	NOT-FOR-US: Silicon Integrated Systems
CVE-2015-5464 (The Gemalto SafeNet Luna HSM allows remote authenticated users to bypa ...)
	NOT-FOR-US: Gemalto
CVE-2015-5463 (AxiomSL's Axiom java applet module (used for editing uploaded Excel fi ...)
	NOT-FOR-US: AxiomSL's Axiom
CVE-2015-5462 (AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows rem ...)
	NOT-FOR-US: AxiomSL's Axiom
CVE-2015-5607 (Cross-site request forgery in the REST API in IPython 2 and 3. ...)
	- ipython 2.4.1-1 (bug #793123)
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <no-dsa> (Minor issue)
	[squeeze] - ipython <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 (2.x)
	NOTE: https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x)
	NOTE: Affected versions: 0.12 <= version <= 3.2.0
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/12/4
CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic encry ...)
	- kdepim 4:4.14.5-1 (bug #791800)
	[jessie] - kdepim <no-dsa> (Minor issue)
	[wheezy] - kdepim <no-dsa> (Minor issue)
	[squeeze] - kdepim <not-affected> (Bogus condition not present)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=340312
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/15/5
CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows r ...)
	- sqlite3 3.8.3-1
	[wheezy] - sqlite3 <not-affected> (Vulnerable code introduced in 3.8.2)
	[squeeze] - sqlite3 <not-affected> (Vulnerable code introduced in 3.8.2)
	NOTE: Fixed by: https://www.sqlite.org/src/info/ac5852d6403c9c96
	NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01
	NOTE: https://www.sqlite.org/src/info/520070ec7fbaac
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5
CVE-2015-5461 (Open redirect vulnerability in the Redirect function in stageshow_redi ...)
	NOT-FOR-US: Redirect function in stageshow_redirect.php in the StageShow plugin for WordPress
CVE-2015-5460 (Cross-site scripting (XSS) vulnerability in app/views/events/_menu.htm ...)
	NOT-FOR-US: Snorby
CVE-2015-5459 (SQL injection vulnerability in the AdvanceSearch.class in AdventNetPas ...)
	NOT-FOR-US: Password Manager Pro
CVE-2015-5458 (Session fixation vulnerability in fileupload.php in PivotX before 2.3. ...)
	NOT-FOR-US: PivotX
CVE-2015-5457 (PivotX before 2.3.11 does not validate the new file extension when ren ...)
	NOT-FOR-US: PivotX
CVE-2015-5456 (Cross-site scripting (XSS) vulnerability in the form method in modules ...)
	NOT-FOR-US: PivotX
CVE-2015-5455 (Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier a ...)
	NOT-FOR-US: X-cart
CVE-2015-5454 (Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote  ...)
	NOT-FOR-US: Nucleus CMS
CVE-2015-5453 (Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authentic ...)
	NOT-FOR-US: Watchguard XCS
CVE-2015-5452 (SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before buil ...)
	NOT-FOR-US: Watchguard XCS
CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
	NOT-FOR-US: ArcGIS
CVE-2015-5451 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orche ...)
	NOT-FOR-US: HP Operations Orchestration Central
CVE-2015-5450
	REJECTED
CVE-2015-5449
	REJECTED
CVE-2015-5448 (HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 befo ...)
	NOT-FOR-US: HP Asset Manager
CVE-2015-5447 (Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system ...)
	NOT-FOR-US: HP StoreOnce Backup
CVE-2015-5446 (HP StoreOnce Backup system software before 3.13.1 allows remote attack ...)
	NOT-FOR-US: HP StoreOnce Backup
CVE-2015-5445 (Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup ...)
	NOT-FOR-US: HP StoreOnce Backup
CVE-2015-5444 (Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profil ...)
	NOT-FOR-US: SPS DAL
CVE-2015-5443 (HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (G ...)
	NOT-FOR-US: HP
CVE-2015-5442 (Unspecified vulnerability in HP Software Update before 5.005.002.002 a ...)
	NOT-FOR-US: HP Software Update
CVE-2015-5441 (Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Man ...)
	NOT-FOR-US: HP Arcsight
CVE-2015-5440 (HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10. ...)
	NOT-FOR-US: HP UCMDB
CVE-2015-5439
	REJECTED
CVE-2015-5438
	REJECTED
CVE-2015-5437
	REJECTED
CVE-2015-5436
	REJECTED
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...)
	NOT-FOR-US: HP
CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, H ...)
	NOT-FOR-US: HP H3C
CVE-2015-5433 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2015-5432 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2015-5431 (HP Matrix Operating Environment before 7.5.0 allows remote authenticat ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5430 (HP Matrix Operating Environment before 7.5.0 allows remote attackers t ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5429 (HP Matrix Operating Environment before 7.5.0 allows remote attackers t ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5428 (HP Matrix Operating Environment before 7.5.0 allows remote attackers t ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5427 (HP Matrix Operating Environment before 7.5.0 allows remote attackers t ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5426 (Unspecified vulnerability in HP LoadRunner Controller before 12.50 all ...)
	NOT-FOR-US: HP LoadRunner
CVE-2015-5425
	REJECTED
CVE-2015-5424 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5423 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5422 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5421 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5420 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5419 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5418 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5417 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5416 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x b ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5415
	REJECTED
CVE-2015-5414
	REJECTED
CVE-2015-5413 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows remot ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5412 (Cross-site request forgery (CSRF) vulnerability in HP Version Control  ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5411 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows remot ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5410 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows remot ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5409 (Buffer overflow in HP Version Control Repository Manager (VCRM) before ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5408 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView ...)
	NOT-FOR-US: HP CentralView Fraud Risk Management
CVE-2015-5407 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView ...)
	NOT-FOR-US: HP CentralView Fraud Risk Management
CVE-2015-5406 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView ...)
	NOT-FOR-US: HP CentralView Fraud Risk Management
CVE-2015-5405 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Op ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5404 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Op ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5403 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Op ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5402 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Op ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5401 (Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 ...)
	NOT-FOR-US: Teradata
CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows ...)
	NOT-FOR-US: PHPVibe
CVE-2015-5398
	RESERVED
CVE-2015-5397 (Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 throu ...)
	NOT-FOR-US: Joomla!
CVE-2015-5396
	RESERVED
CVE-2015-5394
	RESERVED
CVE-2015-5393
	RESERVED
CVE-2015-5392
	RESERVED
CVE-2015-5391
	RESERVED
CVE-2015-5390
	RESERVED
CVE-2015-5389
	RESERVED
CVE-2015-5388
	RESERVED
CVE-2015-5387
	RESERVED
CVE-2015-5386 (Siemens SICAM MIC devices with firmware before 2404 allow remote attac ...)
	NOT-FOR-US: Siemens
CVE-2015-5385
	RESERVED
CVE-2015-5384 (AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnera ...)
	NOT-FOR-US: AxiomSL's Axiom
CVE-2015-5379 (Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax We ...)
	NOT-FOR-US: Axigen
CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attac ...)
	- logstash <itp> (bug #664841)
CVE-2015-5377 (** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to e ...)
	- elasticsearch 1.6.1+dfsg-1 (bug #792617)
	[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389)
	NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
CVE-2015-5376 (SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2 ...)
	NOT-FOR-US: GSI WiNPAT Portal
CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for pr ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-5374 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2015-5373
	RESERVED
CVE-2015-5372 (The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18. ...)
	NOT-FOR-US: AdNovum nevisAuth
CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allows re ...)
	NOT-FOR-US: SolarWinds
CVE-2015-5370 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5370.html
CVE-2015-5369 (Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS65 ...)
	NOT-FOR-US: Pulse Connect Secure / Juniper PCS
CVE-2015-5368 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00. ...)
	NOT-FOR-US: HP
CVE-2015-5367 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00. ...)
	NOT-FOR-US: HP
CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x- ...)
	NOT-FOR-US: Rules Link module for Drupal
CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module 7.x- ...)
	NOT-FOR-US: Node Field module for Drupal
CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tournament  ...)
	NOT-FOR-US: Tournament module for Drupal
CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module 7 ...)
	NOT-FOR-US: Language Switcher Dropdown module for Drupal
CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...)
	NOT-FOR-US: GE Healthcare Centricity Clinical Archive Audit Trail Repository
CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4. ...)
	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...)
	NOT-FOR-US: GE Healthcare Centricity PACS
CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-1 (bug #802702)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7. ...)
	NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other  ...)
	NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password o ...)
	NOT-FOR-US: GE Healthcare Centricity Analytics Server
CVE-2015-8041 (Multiple integer overflows in the NDEF record parser in hostapd before ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #795740)
	- wpasupplicant <removed>
	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
	- hostapd <removed>
	[squeeze] - hostapd <not-affected> (v0.7.0-v2.4 with CONFIG_WPS_NFC=y)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/08/3
	NOTE: http://w1.fi/security/2015-5/
CVE-2015-5395 (Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. ...)
	- sogo 3.2.4-0.2 (bug #796197)
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10
	NOTE: http://www.sogo.nu/bugs/view.php?id=3246
	NOTE: https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711 (SOGo-3.1.0)
CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before 3.6. ...)
	{DSA-3307-1 DSA-3306-1}
	- pdns 3.4.5-1
	[wheezy] - pdns <not-affected> (3.2 and up affected)
	[squeeze] - pdns <not-affected> (3.2 and up affected)
	- pdns-recursor 3.7.3-1
	[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
	[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
	NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...)
	- roundcube <not-affected> (protection is done in apache config in binary package)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
	NOTE: http://trac.roundcube.net/ticket/1490378
CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6  ...)
	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
	NOTE: http://trac.roundcube.net/ticket/1490379
CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
	NOTE: http://trac.roundcube.net/ticket/1490417
CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer respon ...)
	{DSA-3327-1 DLA-286-1}
	- squid 4.1-1
	[wheezy] - squid <no-dsa> (Fix is hard to backport and default configuration is not affected)
	[squeeze] - squid <no-dsa> (Fix is hard to backport and default configuration is not affected)
	- squid3 3.5.6-1 (bug #793128)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch (3.5)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch (3.4)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/8
	NOTE: In squeeze's squid3 the code is structured differently but the bug still appears to be present.
	NOTE: For squid 2.x all versions are affected, cf. comment by upstream in
	NOTE: https://bugs.debian.org/793128#12
CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in  ...)
	- nodejs <not-affected> (Only affects 0.12.x)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/05/1
CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows rem ...)
	NOT-FOR-US: Zurmo CRM
CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services g ...)
	NOT-FOR-US: Juniper
CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
	NOT-FOR-US: Juniper
CVE-2015-5361 (Background For regular, unencrypted FTP traffic, the FTP ALG can inspe ...)
	NOT-FOR-US: Juniper
CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
	NOT-FOR-US: Juniper
CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D3 ...)
	NOT-FOR-US: Juniper
CVE-2015-5358 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D3 ...)
	NOT-FOR-US: Juniper
CVE-2015-5357 (The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos  ...)
	NOT-FOR-US: Juniper
CVE-2015-5356 (Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in G ...)
	NOT-FOR-US: GetSimple CMS
CVE-2015-5355 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...)
	NOT-FOR-US: GetSimple CMS
CVE-2015-5354 (Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote a ...)
	NOT-FOR-US: Novius OS
CVE-2015-5353 (Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows re ...)
	NOT-FOR-US: Novius OS
CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 7.0.68, 8.0.32, 9.0.0.M3
	NOTE: Upstream advisory does not make reference to 6.x but looking at the
	NOTE: upstream patches reveals that this issue is fixed since 6.0.45
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720661
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720663
CVE-2015-5350 (In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio befor ...)
	NOT-FOR-US: Apache LDAP Studio and Apache Directory Studio
CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x be ...)
	NOT-FOR-US: Apache Camel
CVE-2015-5347 (Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScrip ...)
	NOT-FOR-US: Apache Wicket
CVE-2015-5346 (Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.30-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	[squeeze] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
	NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1713187
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7. ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.30-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.67, 8.0.30, 9.0.0.M3
CVE-2015-5344 (The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x b ...)
	NOT-FOR-US: Apache Camel
CVE-2015-5343 (Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x,  ...)
	{DSA-3424-1}
	- subversion 1.9.3-1
	[wheezy] - subversion <not-affected> (Vulnerable code not present)
	[squeeze] - subversion <not-affected> (Vulnerable code not present)
	NOTE: https://subversion.apache.org/security/CVE-2015-5343-advisory.txt
CVE-2015-5342 (The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5341 (mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before  ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5340 (Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2. ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5339 (The core_enrol_get_enrolled_users web service in enrol/externallib.php ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5338 (Multiple cross-site request forgery (CSRF) vulnerabilities in the less ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5337 (Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2. ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5336 (Multiple cross-site scripting (XSS) vulnerabilities in the survey modu ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5335 (Cross-site request forgery (CSRF) vulnerability in admin/registration/ ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5334 (Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1  ...)
	- libressl <itp> (bug #754513)
CVE-2015-5333 (Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allow ...)
	- libressl <itp> (bug #754513)
CVE-2015-5332 (Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2015-5331 (Moodle 2.9.x before 2.9.3 does not properly check the contact list bef ...)
	- moodle <not-affected> (Only affects 2.9 and later)
CVE-2015-5330 (ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4 ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	- ldb 2:1.1.24-1
	[jessie] - ldb 2:1.1.17-2+deb8u1
	[wheezy] - ldb <no-dsa> (Minor issue, only relevant in conjunction with Samba 4, which isn't in wheezy)
	[squeeze] - ldb <no-dsa> (Minor issue)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=1aef718f3cc175d90d40202a333042a38ba382b1 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=7bcac237656083e67bbac9b50be9b319bb2d7eb8 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=5f3c7541c2f10ac2174538288f6569af587d69f0 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=a561ae6294fa926bf3a15b9aaf3d18d25d5e971f (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=f07626d0297ed6bd21623409e1ea1ae1138d23a8 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=83f1d39cd9ab9b8b548602f9ee806a994fca9d0c (v4-1-stable)
	NOTE: https://www.samba.org/samba/security/CVE-2015-5330.html
	NOTE: Samba update needs as well fixed ldb
CVE-2015-5329 (The TripleO Heat templates (tripleo-heat-templates), as used in Red Ha ...)
	- tripleo-heat-templates 5.2.0-1 (bug #851396)
CVE-2015-5328
	RESERVED
CVE-2015-5327 (Out-of-bounds memory read in the x509_decode_time function in x509_cer ...)
	- linux <not-affected> (Only affected 4.3-rc1 onwards)
	- linux-2.6 <not-affected> (Only affected 4.3-rc1 onwards)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206 (v4.4-rc1)
CVE-2015-5326 (Cross-site scripting (XSS) vulnerability in the slave overview page in ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5325 (Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass  ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5324 (Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to  ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5323 (Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict a ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5322 (Directory traversal vulnerability in Jenkins before 1.638 and LTS befo ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5321 (The sidepanel widgets in the CLI command overview and help pages in Je ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5320 (Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5319 (XML external entity (XXE) vulnerability in the create-job CLI command  ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5318 (Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5317 (The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2  ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5316 (The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804710)
	[wheezy] - wpa <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
	- wpasupplicant <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-8/
	NOTE: https://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt
	NOTE: https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
CVE-2015-5315 (The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2 ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804708)
	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-7/
	NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
CVE-2015-5314 (The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804708)
	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-7/
	NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
CVE-2015-5313 (Directory traversal vulnerability in the virStorageBackendFileSystemVo ...)
	- libvirt 1.3.0-1 (bug #808273)
	[jessie] - libvirt 1.2.9-9+deb8u2
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
	NOTE: Broken by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c930410bebae0a45889b992a7932c663b06cbbcd (v1.1.0-rc1)
	NOTE: http://security.libvirt.org/2015/0004.html
CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before  ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756733 (upstream bug not yet open)
CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows rem ...)
	- pdns 3.4.7-1
	[jessie] - pdns <not-affected> (Only 3.4.4 and later affected)
	[wheezy] - pdns <not-affected> (Only 3.4.4 and later affected)
	[squeeze] - pdns <not-affected> (Only 3.4.4 and later affected)
	- pdns-recursor <not-affected> (recursor not affected)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
CVE-2015-5310 (The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not prop ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804707)
	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
	NOTE: http://w1.fi/security/2015-6/
	NOTE: https://w1.fi/security/2015-6/0001-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
	NOTE: https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
CVE-2015-5309 (Integer overflow in the terminal emulator in PuTTY before 0.66 allows  ...)
	{DSA-3409-1 DLA-347-1}
	- putty 0.66-1
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=6056396f77cafc7e40da4d09f1d6212408dcb065
CVE-2015-5308 (Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp ...)
	NOT-FOR-US: wp-championship plugin for WordPress
CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x thr ...)
	{DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1}
	- linux 4.2.6-1
	- linux-2.6 <removed>
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-156.html
	- virtualbox 5.0.10-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2015-5306 (OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), ...)
	- ironic-inspector 3.2.0-1
	NOTE: https://bugs.launchpad.net/ironic-inspector/+bug/1506419
CVE-2015-5305 (Directory traversal vulnerability in Kubernetes, as used in Red Hat Op ...)
	- kubernetes <not-affected> (Fixed before the initial release in Debian, 1.2.0)
	NOTE: https://github.com/kubernetes/kubernetes/pull/15975
CVE-2015-5304 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does  ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2015-5303 (The TripleO Heat templates (tripleo-heat-templates), when deployed via ...)
	- tripleo-heat-templates 5.2.0-1 (bug #851396)
CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
	NOT-FOR-US: abrt/libreport
CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsi ...)
	- ipsilon <itp> (bug #826838)
CVE-2015-5300 (The panic_gate check in NTP before 4.2.8p5 is only re-enabled after th ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-2
	NOTE: https://www.cs.bu.edu/~goldbe/NTPattack.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1271076
CVE-2015-5299 (The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_c ...)
	{DSA-3433-1 DLA-379-1}
	- samba 2:4.1.22+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5299.html
CVE-2015-5298 [Google Login Plugin for Jenkins authentication bypass]
	RESERVED
	NOT-FOR-US: Plugin not packaged in Debian
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-10-12
CVE-2015-5297 (An integer overflow issue has been reported in the general_composite_r ...)
	{DLA-1587-1}
	- pixman 0.33.4-1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=92027
	NOTE: Patch: https://cgit.freedesktop.org/pixman/patch/?id=204fcd24d9b7e3988b7496e723014f327828751a
CVE-2015-5296 (Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before  ...)
	{DSA-3433-1 DLA-379-1}
	- samba 2:4.1.22+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5296.html
CVE-2015-5295 (The template-validate command in OpenStack Orchestration API (Heat) be ...)
	- heat 1:6.0.0~rc3-1
	[jessie] - heat <no-dsa> (Minor issue)
	NOTE: Affects: <=2015.1.2, ==5.0.0
CVE-2015-5294
	REJECTED
CVE-2015-5293 (Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid  ...)
	NOT-FOR-US: RHEV
CVE-2015-5292 (Memory leak in the Privilege Attribute Certificate (PAC) responder plu ...)
	- sssd 1.13.1-1
	[jessie] - sssd <no-dsa> (Minor issue; responder not built)
	NOTE: binary package has the sssd_pac_plugin.so but the responder
	NOTE: part is not build.
	[wheezy] - sssd <not-affected> (vulnerable code not present)
	[squeeze] - sssd <not-affected> (vulnerable code not present)
	NOTE: https://fedorahosted.org/sssd/ticket/2803
	NOTE: https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed  ...)
	{DSA-3468-1 DLA-331-1}
	- mbedtls <not-affected> (Fixed before the initial release to Debian)
	[experimental] - polarssl 1.3.14-0.1
	- polarssl <unfixed> (bug #801413)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-5290 (A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the M ...)
	- charybdis 3.4.2-5
	[jessie] - charybdis 3.4.2-5~deb8u1
	[wheezy] - charybdis <no-dsa> (Minor issue)
	- ircd-ratbox <removed> (bug #805065)
	[jessie] - ircd-ratbox <no-dsa> (Minor issue)
	[wheezy] - ircd-ratbox <no-dsa> (Minor issue)
	[squeeze] - ircd-ratbox <no-dsa> (Slow leak; workaround is available)
	NOTE: http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c/
CVE-2015-5289 (Multiple stack-based buffer overflows in json parsing in PostgreSQL be ...)
	{DSA-3374-1}
	- postgresql-9.4 9.4.5-1
	- postgresql-9.1 <not-affected> (no json datatype)
	- postgresql-8.4 <not-affected> (no json datatype)
CVE-2015-5288 (The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9. ...)
	{DSA-3475-1 DSA-3374-1 DLA-329-1}
	- postgresql-9.4 9.4.5-1
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
	[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
CVE-2015-5287 (The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-5286 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x b ...)
	- glance 1:11.0.0-1 (bug #800741)
	[jessie] - glance <not-affected> (Vulnerable code not present)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: jessie: According to confirmation via upstream the fix for CVE-2014-9623
	NOTE: was complete here so CVE-2015-5286 not affecting jessie.
	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
CVE-2015-5285 (CRLF injection vulnerability in Kallithea before 0.3 allows remote att ...)
	- kallithea <itp> (bug #689573)
CVE-2015-5284 (ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate  ...)
	- freeipa <not-affected> (Introduced in 4.2)
	NOTE: https://fedorahosted.org/freeipa/ticket/5347
	NOTE: Upstream commit: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=55a66ccba3e2181a50e7733b7476991975b7455f
CVE-2015-5283 (The sctp_init function in net/sctp/protocol.c in the Linux kernel befo ...)
	- linux 4.2.1-2
	[jessie] - linux 3.16.7-ckt11-1+deb8u5
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 (v4.3-rc3)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4db67e808640e3934d82ce61ee8e2e89fd877ba8 (v3.7-rc1)
CVE-2015-5282 (Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. ...)
	- foreman <itp> (bug #663101)
CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL)  ...)
	- grub2 <not-affected> (SecureBoot not yet supported)
CVE-2015-5280
	REJECTED
CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in hw/net/ne ...)
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-3 (bug #799074)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
CVE-2015-5278 (The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1  ...)
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-3 (bug #799073)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
	NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1)
CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...)
	- glibc 2.21-1 (bug #799966)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
CVE-2015-5276 (The std::random_device class in libstdc++ in the GNU Compiler Collecti ...)
	- gcc-5 5.3.0-1
	- gcc-4.9 4.9.3-5
	[jessie] - gcc-4.9 <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
	NOTE: Upstream commit: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227687
CVE-2015-5275
	REJECTED
CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remot ...)
	NOT-FOR-US: OpenShift
CVE-2015-5273 (The abrt-action-install-debuginfo-to-abrt-cache help program in Automa ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-5272 (The Forum module in Moodle 2.7.x before 2.7.10 allows remote authentic ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
CVE-2015-5271 (The TripleO Heat templates (tripleo-heat-templates) do not properly or ...)
	- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://github.com/openstack/tripleo-heat-templates/commit/1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476
	NOTE: Introduced by: https://github.com/openstack/tripleo-heat-templates/commit/65d64b6a52366f36955e5e48a29f4ef0ca2ff973 (0.8.2) [Puppet: Swift Overcloud Proxy/Storage support]
	NOTE: https://bugs.launchpad.net/tripleo/+bug/1494896
CVE-2015-5270
	REJECTED
CVE-2015-5269 (Cross-site scripting (XSS) vulnerability in group/overview.php in Mood ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709
CVE-2015-5268 (The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2. ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173
CVE-2015-5267 (lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860
CVE-2015-5266 (The enrol_meta_sync function in enrol/meta/locallib.php in Moodle thro ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
CVE-2015-5265 (The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8. ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
CVE-2015-5264 (The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
CVE-2015-5263 (pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's T ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2015-5262 (http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents ...)
	{DLA-322-1}
	- httpcomponents-client 4.3.6-1 (low)
	[jessie] - httpcomponents-client <no-dsa> (Minor issue)
	[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
	[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
	- commons-httpclient 3.1-12 (bug #798650)
	[jessie] - commons-httpclient 3.1-11+deb8u1
	[wheezy] - commons-httpclient 3.1-10.2+deb7u2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261538
	NOTE: https://issues.apache.org/jira/browse/HTTPCLIENT-1478 says it's really fixed in 4.3.6 and that 4.2.x did not have this bug.
	NOTE: Proposed patch for commons-httpclient: https://bugzilla.redhat.com/show_bug.cgi?id=1259892
	NOTE: Checked that both 4.0.1 (in Squeeze) and 4.1.1 (in Wheezy) have the call to set the timout before the SSL connection is opened.
	NOTE: Jessie's 4.3.5-2 is however missing the upstream patch: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.3.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?r1=1560975&r2=1626784
CVE-2015-5261 (Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS user ...)
	{DSA-3371-1}
	- spice 0.12.5-1.3 (bug #801091)
CVE-2015-5260 (Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS user ...)
	{DSA-3371-1}
	- spice 0.12.5-1.3 (bug #801089)
CVE-2015-5259 (Integer overflow in the read_string function in libsvn_ra_svn/marshal. ...)
	- subversion 1.9.3-1
	[jessie] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
	[wheezy] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
	[squeeze] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
	NOTE: https://subversion.apache.org/security/CVE-2015-5259-advisory.txt
CVE-2015-5258 (Cross-site request forgery (CSRF) vulnerability in springframework-soc ...)
	NOT-FOR-US: springframework-social
CVE-2015-5257 (drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows ...)
	{DSA-3372-1 DLA-325-1}
	- linux 4.2.1-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 (v4.3-rc3)
CVE-2015-5256 (Apache Cordova-Android before 4.1.0, when an application relies on a r ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-5255 (Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before ...)
	NOT-FOR-US: Adobe
CVE-2015-5254 (Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that c ...)
	{DSA-3524-1}
	- activemq 5.13.2+dfsg-1 (bug #809733)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=6f03921b31d9fefeddb0f4fa63150ed1f94a14b1 (5.11.x)
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=73a0caf758f9e4916783a205c7e422b4db27905c (5.11.x)
	NOTE: Patch applied to Fedora (5.6.0 based version): http://pkgs.fedoraproject.org/cgit/activemq.git/diff/activemq-5.6.0-CVE-2015-5254.patch?id=e3ef8a1b62d10273a814090be9168aa3019ace72
	NOTE: https://issues.apache.org/jira/browse/AMQ-6013
CVE-2015-5253 (The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0. ...)
	NOT-FOR-US: Apache CXF
CVE-2015-5252 (vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7,  ...)
	{DSA-3433-1 DLA-379-1}
	- samba 2:4.1.22+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5252.html
CVE-2015-5251 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x b ...)
	- glance 1:11.0.0-1 (bug #799931)
	[jessie] - glance 2014.1.3-12+deb8u1
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
CVE-2015-5250 (The API server in OpenShift Origin 1.0.5 allows remote attackers to ca ...)
	NOT-FOR-US: OpenShift
CVE-2015-5249
	REJECTED
CVE-2015-5248 (Reflected file download vulnerability in Red Hat Feedhenry Enterprise  ...)
	NOT-FOR-US: Red Hat Mobile
CVE-2015-5247 (The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...)
	- libvirt 1.2.20-1 (bug #799132)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: http://security.libvirt.org/2015/0003.html
	NOTE: Broken by https://libvirt.org/git/?p=libvirt.git;a=commit;h=155ca616eb231181f6978efc9e3a1eb0eb60af8a (v1.2.14-rc1)
	NOTE: and by https://libvirt.org/git/?p=libvirt.git;a=commit;h=7c2d65dde2595c07d56aad1e043f7b1836592d89 (v1.2.16-rc1)
CVE-2015-5246 (The LDAP Authentication functionality in Foreman might allow remote at ...)
	- foreman <itp> (bug #663101)
CVE-2015-5245 (CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw o ...)
	[experimental] - ceph 0.94.3-1
	- ceph 0.80.10-1 (bug #798567)
	[jessie] - ceph 0.80.7-2+deb8u1
	NOTE: http://tracker.ceph.com/issues/12537
	NOTE: https://github.com/ceph/ceph/pull/5430
CVE-2015-5244 (The NSSCipherSuite option with ciphersuites enabled in mod_nss before  ...)
	- libapache2-mod-nss 1.0.12-1 (bug #799464)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.0.11)
	NOTE: Fixed by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 (1.0.12)
CVE-2015-5243 (phpWhois allows remote attackers to execute arbitrary code via a craft ...)
	NOT-FOR-US: phpWhois
CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict u ...)
	NOT-FOR-US: swiftonfile
CVE-2015-5241 (After logging into the portal, the logout jsp page redirects the brows ...)
	NOT-FOR-US: Apache jUDDI
CVE-2015-5240 (Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before  ...)
	- neutron 1:7.0.0-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: versions through 2014.2.3 and 2015.1 versions through 2015.1.1
CVE-2015-5239 (Integer overflow in the VNC display driver in QEMU before 2.1.0 allows ...)
	{DLA-574-1 DLA-573-1}
	- qemu 2.1+dfsg-1
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
CVE-2015-5238
	RESERVED
CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based b ...)
	- protobuf <unfixed> (unimportant)
	NOTE: https://github.com/google/protobuf/issues/760
	NOTE: Upstream doesn't consider this a real issue in practice.
CVE-2015-5236
	RESERVED
CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly dete ...)
	- icedtea-web 1.6.1-1 (bug #798467)
	[jessie] - icedtea-web 1.5.3-1
	[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5234 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sani ...)
	- icedtea-web 1.6.1-1 (bug #798467)
	[jessie] - icedtea-web 1.5.3-1
	[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5233 (Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view ...)
	- foreman <itp> (bug #663101)
CVE-2015-5232 (Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0 ...)
	NOT-FOR-US: OPA Fabric Manager and OPA tools and Fast Fabric
CVE-2015-5231 (The service daemon in CRIU does not properly restrict access to non-du ...)
	- criu 1.8-2 (bug #797110)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1256728
CVE-2015-5230 (The DNS packet parsing/generation code in PowerDNS (aka pdns) Authorit ...)
	{DSA-3347-1}
	- pdns 3.4.6-1
	[wheezy] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
	[squeeze] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
	NOTE: https://downloads.powerdns.com/patches/2015-02/
CVE-2015-5229 (The calloc function in the glibc package in Red Hat Enterprise Linux ( ...)
	- glibc <not-affected> (RHEL-specific backport)
	- eglibc <not-affected> (RHEL-specific backport)
CVE-2015-5228 (The service daemon in CRIU creates log and dump files insecurely, whic ...)
	- criu 1.8-2 (bug #797111)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1255782
CVE-2015-5227 (The Landing Pages plugin before 1.9.2 for WordPress allows remote atta ...)
	NOT-FOR-US: Landing Pages plugin for WordPress
CVE-2015-5226
	REJECTED
CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in the VNC  ...)
	{DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #796465)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.1.0)
	NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b (v2.1.0-rc0)
CVE-2015-5224 (The mkostemp function in login-utils in util-linux when used incorrect ...)
	[experimental] - util-linux 2.27~rc2-2
	- util-linux 2.27-1 (unimportant)
	NOTE: chfn/chsh not built in util-linux in Debian (--disable-chfn-chsh)
	NOTE: https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9 (v2.27-rc2)
CVE-2015-5223 (OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obta ...)
	- swift 2.4.0-1 (bug #797032)
	[jessie] - swift 2.2.0-1+deb8u1
	[wheezy] - swift <no-dsa> (Minor issue)
CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissio ...)
	NOT-FOR-US: OpenShift
CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function in libja ...)
	{DLA-1583-1}
	- jasper <removed> (bug #796253)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3
CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) befor ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-5219 (The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not proper ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
CVE-2015-5218 (Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before  ...)
	- util-linux 2.27-1 (unimportant; bug #798067)
	NOTE: https://www.spinics.net/lists/util-linux-ng/msg11873.html
CVE-2015-5217 (providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsi ...)
	- ipsilon <itp> (bug #826838)
CVE-2015-5216 (The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does  ...)
	- ipsilon <itp> (bug #826838)
CVE-2015-5215 (** DISPUTED ** The default configuration of the Jinja templating engin ...)
	- ipsilon <itp> (bug #826838)
CVE-2015-5214 (LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice be ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc2-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/
CVE-2015-5213 (Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice bef ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/
CVE-2015-5212 (Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice be ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/
CVE-2015-5211 (Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4 ...)
	{DLA-1853-1}
	- libspring-java 4.1.9-1
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://jira.spring.io/browse/SPR-13548
	NOTE: https://github.com/spring-projects/spring-framework/commit/2bd1da
	NOTE: https://github.com/spring-projects/spring-framework/commit/a95c3d
	NOTE: https://github.com/spring-projects/spring-framework/commit/03f547
	NOTE: https://pivotal.io/security/cve-2015-5211
CVE-2015-5210 (Open redirect vulnerability in Apache Ambari before 2.1.2 allows remot ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-5209 (Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulat ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <not-affected> (Only affects versions >= 2.x)
	NOTE: https://struts.apache.org/docs/s2-026.html
CVE-2015-5208 (Apache Cordova iOS before 4.0.0 allows remote attackers to execute arb ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-5207 (Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL  ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-5206 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
	- trafficserver 6.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
CVE-2015-5205
	REJECTED
CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer Plugi ...)
	NOT-FOR-US: Apache Cordova Android File Transfer Plugin
CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function in Ja ...)
	{DLA-1583-1}
	- jasper <removed> (bug #796107)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: Analysis/More information/Fixing commits: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c11
CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged  ...)
	NOT-FOR-US: Satellite6
CVE-2015-5201 (VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka  ...)
	NOT-FOR-US: Red Hat vdms
CVE-2015-5200 (The trace functionality in libvdpau before 1.1.1, when used in a setui ...)
	{DSA-3355-1 DLA-306-1}
	- libvdpau 1.1.1-1 (bug #797895)
	NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
	NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
CVE-2015-5199 (Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 a ...)
	{DSA-3355-1 DLA-306-1}
	- libvdpau 1.1.1-1 (bug #797895)
	NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
	NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
CVE-2015-5198 (libvdpau before 1.1.1, when used in a setuid or setgid application, al ...)
	{DSA-3355-1 DLA-306-1}
	- libvdpau 1.1.1-1 (bug #797895)
	NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
	NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
CVE-2015-5197
	REJECTED
CVE-2015-5196
	REJECTED
CVE-2015-5195 (ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
CVE-2015-5194 (The log_config_command function in ntp_parser.y in ntpd in NTP before  ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27
	NOTE: Fixed in 4.2.7p42
CVE-2015-5193
	REJECTED
CVE-2015-5192
	REJECTED
CVE-2015-5191 (VMware Tools prior to 10.0.9 contains multiple file system races in li ...)
	- open-vm-tools 2:10.1.5-5055683-5 (low; bug #869633)
	[stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1
	[jessie] - open-vm-tools <not-affected> (Vulnerable code not present)
	[wheezy] - open-vm-tools <not-affected> (Vulnerable code not present)
	NOTE: 9.10.x: https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821
	NOTE: 10.0.x: https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f
	NOTE: 10.1.x: https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac
CVE-2015-5190 (The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated ...)
	- pcs <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/feist/pcs/commit/634f6d93e4091946441f366e29859ed64a2c977a (0.9.144)
CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global variab ...)
	- pcs <not-affected> (Fixed before the initial release in Debian)
	NOTE: Patch in Fedora: http://pkgs.fedoraproject.org/cgit/rpms/pcs.git/plain/fixed-session-and-cookies-processing.patch?h=f22&id=c4b5ad398cb011cdf31374d37943b6593411ae65
	NOTE: Patch in CentOS 7 corresponding to RHSA-2015:1700: https://git.centos.org/blob/rpms!pcs/bafb6400d552c4d9e9cb46ddbe523e8f47e0de63/SOURCES!bz1253289-fixed-session-and-cookies-processing.patch
CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web Console (we ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-5187 (Candlepin allows remote attackers to obtain sensitive information by o ...)
	NOT-FOR-US: candlepin / subscription-manager
CVE-2015-5186 (Audit before 2.4.4 in Linux does not sanitize escape characters in fil ...)
	- audit 1:2.4.4-1 (unimportant; bug #795457)
	NOTE: Hardening, not a vulnerability. This is treated as a vulnerability in terminal emulators
	NOTE: https://fedorahosted.org/audit/changeset/1122
CVE-2015-5185 (The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and  ...)
	- sblim-sfcb <itp> (bug #754493)
CVE-2015-5184 (The Hawtio console in A-MQ allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5183 (The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes  ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5182 (Cross-site request forgery (CSRF) vulnerability in the jolokia API in  ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5181 (The JBoss console in A-MQ allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5180 (res_query in libresolv in glibc before 2.25 allows remote attackers to ...)
	- glibc 2.24-9 (low; bug #796106)
	[jessie] - glibc <no-dsa> (Minor issue, too intrusive to backport)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	[squeeze] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18784
	NOTE: Originally proposed for jessie 8.8, but breaks the NSS ABI so was retracted
CVE-2015-5179 (FreeIPA might display user data improperly via vectors involving non-p ...)
	- freeipa <unfixed> (unimportant; bug #795399)
	NOTE: https://fedorahosted.org/freeipa/ticket/5153
	NOTE: Negligible security impact
CVE-2015-5178 (The Management Console in Red Hat Enterprise Application Platform befo ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-5177 (Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_ ...)
	{DSA-3353-1 DLA-304-1}
	- openslp-dfsg 1.2.1-11 (bug #795429)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177
CVE-2015-5176 (The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBos ...)
	NOT-FOR-US: PortletBridge component in JBoss Portal
CVE-2015-5175 (Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before  ...)
	NOT-FOR-US: Apache CXF Fediz
CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat8 8.0.28-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.65, 8.0.27
CVE-2015-5173 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Piv ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5172 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Piv ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5171 (The password change functionality in Cloud Foundry Runtime cf-release  ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5170 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Piv ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5169 (Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.2 ...)
	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
CVE-2015-5168 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
	- trafficserver 6.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
CVE-2015-5167 (The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote auth ...)
	NOT-FOR-US: Apache Ranger
CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not ...)
	- qemu 1:2.4+dfsg-1a (bug #794611)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: pci_piix3_xen_ide_unplug introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=679f4f8b178e7c66fbc2f39c905374ee8663d5d8 (v1.0-rc0)
	NOTE: BlockDriverState converted to BlockBackend in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4be746345f13e99e468c60acbd3a355e8183e3ce (v2.2.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)
	NOTE: http://xenbits.xen.org/xsa/advisory-139.html
CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
	{DSA-3349-1 DSA-3348-1 DLA-479-1}
	- qemu 1:2.4+dfsg-1a (bug #794610)
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (Too intrusive to backport)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-140.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=39b8e7dcaf04cbdb926b478f825b160d852752b5
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d6812d60e7932de3cd0f602c0ee63dd3d09f1847
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e1c120a9c54872f8a538ff9129d928de4e865cbd
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=03247d43c577dfea8181cd40177ad5ba77c8db76
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c6296ea88df040054ccd781f3945fe103f8c7c17
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4240be45632db7831129f124bcf53c1223825b0f
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8357946b15f0a31f73dd691b7da95f29318ed310
CVE-2015-5164 (The Qpid server on Red Hat Satellite 6 does not properly restrict mess ...)
	NOT-FOR-US: Qpid server on Satellite6
CVE-2015-5163 (The import task action in OpenStack Image Service (Glance) 2015.1.x be ...)
	- glance 2015.1.0-4 (bug #795453)
	[jessie] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
	[wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Gl ...)
	- cinder 2:8.0.0-1
	[jessie] - cinder <no-dsa> (Minor issue)
	- glance 2:12.0.0-1 (low)
	[jessie] - glance <no-dsa> (Minor issue)
	[wheezy] - glance <end-of-life> (not supported in Wheezy)
	- nova 2:13.0.0-1 (low)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Patches: http://www.openwall.com/lists/oss-security/2016/10/06/8
CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...)
	{DSA-3340-1 DLA-302-1}
	- zendframework 1.12.14+dfsg-1
	- php-zend-xml 1.0.1-1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-06
	NOTE: Root issue already fixed in PHP 5.6.6, so this one is not relevant starting with Jessie
CVE-2015-5160 (libvirt before 2.2 includes Ceph credentials on the qemu command line  ...)
	- libvirt 2.2.0-1 (low; bug #796111)
	[jessie] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
	[wheezy] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
	NOTE: libvirt side fixed with: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d53d465083edeb64cc7b78249c030734c0d91c6b
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a1344f70a128921e7fe7213da7c1afbc962fba9c
	NOTE: and needs at least Qemu 2.6, which is satisfied in Stretch and later.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1182074 (not yet opened)
	NOTE: https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
	NOTE: Needs changes in QEMU for passing passwords. Affects at least iSCSI and rbd/ceph.
CVE-2015-5159 (python-kdcproxy before 0.3.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: kdcproxy
CVE-2015-5158 (Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built  ...)
	- qemu 1:2.4+dfsg-1a (bug #793388)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=1894df02811f6b79ea3ffbf1084599d96f316173 (v2.2.0-rc0)
CVE-2015-5157 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_ ...)
	{DSA-3313-1}
	- linux 4.0.8-2
	[wheezy] - linux <not-affected> (Introduced in 3.3)
	- linux-2.6 <not-affected> (Introduced in 3.3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
	NOTE: Same fix as for CVE-2015-3290.
CVE-2015-5156 (The virtnet_probe function in drivers/net/virtio_net.c in the Linux ke ...)
	{DSA-3364-1 DLA-310-1}
	- linux 4.1.5-1
	- linux-2.6 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
CVE-2015-5155
	REJECTED
CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xe ...)
	{DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #793811)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
	[squeeze] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
	- qemu-kvm <not-affected> (Vulnerable code not present, introduced in 1.3)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code not present, introduced in 4.2)
	[squeeze] - xen <not-affected> (Vulnerable code not present, introduced in 4.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-138.html
	NOTE: qemu patches:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=d2ff85854512574e7209f295e87b0835d5b032c6
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=cb72cba83021fa42719e73a5249c12096a4d1cfc
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=03441c3a4a42beb25460dd11592539030337d0f8
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ce560dcf20c14194db5ef3b9fc1ea592d4e68109 (v1.3.0-rc0)
CVE-2015-5153 (Pulp does not remove permissions for named objects upon deletion, whic ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2015-5152 (Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests ...)
	- foreman <itp> (bug #663101)
CVE-2015-5151 (Cross-site scripting (XSS) vulnerability in the Slider Revolution (rev ...)
	NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
CVE-2015-5150 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngi ...)
	NOT-FOR-US: Zoho ManageEngine SupportCenter Plus
CVE-2015-5149 (Directory traversal vulnerability in Zoho ManageEngine SupportCenter P ...)
	NOT-FOR-US: Zoho ManageEngine SupportCenter Plus
CVE-2015-5148 (SQL injection vulnerability in LivelyCart 1.2.0 allows remote attacker ...)
	NOT-FOR-US: LivelyCart
CVE-2015-5145 (validators.URLValidator in Django 1.8.x before 1.8.3 allows remote att ...)
	- python-django <not-affected> (Vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
CVE-2015-5144 (Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8 ...)
	{DSA-3305-1 DLA-272-1}
	- python-django 1.7.9-1
	NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5144 has split out patches
CVE-2015-5143 (The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7 ...)
	{DSA-3305-1 DLA-272-1}
	- python-django 1.7.9-1
	NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
CVE-2015-5142
	RESERVED
CVE-2015-5141
	RESERVED
CVE-2015-5140
	RESERVED
CVE-2015-5139
	RESERVED
CVE-2015-5138
	RESERVED
CVE-2015-5137
	RESERVED
CVE-2015-5136
	RESERVED
CVE-2015-5135
	RESERVED
CVE-2015-5134 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5133 (Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5132 (Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5131 (Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5130 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5129 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5128
	REJECTED
CVE-2015-5127 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5126
	REJECTED
CVE-2015-5125 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5124 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5123 (Use-after-free vulnerability in the BitmapData class in the ActionScri ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5122 (Use-after-free vulnerability in the DisplayObject class in the ActionS ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5121 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute a ...)
	NOT-FOR-US: Shockwave
CVE-2015-5120 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute a ...)
	NOT-FOR-US: Shockwave
CVE-2015-5119 (Use-after-free vulnerability in the ByteArray class in the ActionScrip ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5118 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5117 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5116 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5115 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5114 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5113 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5112
	REJECTED
CVE-2015-5111 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5110 (Stack-based buffer overflow in Adobe Reader and Acrobat 10.x before 10 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5109 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5108 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5107 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5106 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5105 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5104 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5103 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5102 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5101 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5100 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5099 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5098 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5097 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5096 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5095 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5094 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5093 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5092 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5091 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5090 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5089 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5088 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5087 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5086 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5085 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5084 (The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite application ...)
	NOT-FOR-US: Siemens
CVE-2015-5083
	RESERVED
CVE-2015-5082 (Endian Firewall before 3.0 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Endian Firewall
CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery Cont ...)
	NOT-FOR-US: Citrix
CVE-2015-5079 (Directory traversal vulnerability in widgets/logs.php in BlackCat CMS  ...)
	NOT-FOR-US: BlackCat CMS
CVE-2015-5078 (SQL injection vulnerability in the insert function in application/cont ...)
	- limesurvey <itp> (bug #472802)
CVE-2015-5077
	RESERVED
CVE-2015-5076 (Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM  ...)
	NOT-FOR-US: X2Engine
CVE-2015-5075 (Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM befo ...)
	NOT-FOR-US: X2Engine
CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter class in p ...)
	NOT-FOR-US: X2Engine
CVE-2015-5072 (The BIRT Engine servlet in the AR System Mid Tier component before 9.0 ...)
	NOT-FOR-US: AR System Mid Tier
CVE-2015-5071 (AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1  ...)
	NOT-FOR-US: AR System Mid Tier
CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for  ...)
	NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro
CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...)
	NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
CVE-2015-5146 (ntpd in ntp before 4.2.8p3 with remote configuration enabled allows re ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH before 6. ...)
	{DLA-1500-1 DLA-288-1}
	- openssh 1:6.9p1-1 (bug #790798)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
CVE-2015-5147 (Stack-based buffer overflow in the header_anchor function in the HTML  ...)
	- ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1)
	NOTE: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3
CVE-2015-5081 (Cross-site request forgery (CSRF) vulnerability in django CMS before 3 ...)
	- python-django-cms <itp> (bug #516183)
CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in pcre_co ...)
	- pcre3 2:8.35-7 (bug #790000)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1571 (8.38)
	NOTE: Introduced in http://vcs.pcre.org/pcre?view=revision&revision=454 (8.00)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/26/1
CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allow ...)
	NOT-FOR-US: SAP
CVE-2015-5067 (The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetW ...)
	NOT-FOR-US: SAP
CVE-2015-5066 (Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix  ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-5065 (Absolute path traversal vulnerability in proxy.php in the google curre ...)
	NOT-FOR-US: Paypal Currency Converter Basic For WooCommerce plugin for WordPress
CVE-2015-5064 (Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Admi ...)
	NOT-FOR-US: MySql Lite Administrator
CVE-2015-5063 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CM ...)
	- silverstripe <itp> (bug #528461)
CVE-2015-5062 (Open redirect vulnerability in SilverStripe CMS &amp; Framework 3.1.13 ...)
	- silverstripe <itp> (bug #528461)
CVE-2015-5061 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExp ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2015-5060 (Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. ...)
	NOT-FOR-US: anchor-cms
CVE-2015-5058 (Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-5056
	RESERVED
CVE-2015-5055
	RESERVED
CVE-2015-5054 (Open redirect vulnerability in Ellucian (formerly SunGard) Banner Stud ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-5053 (The host memory mapping path feature in the NVIDIA GPU graphics driver ...)
	- nvidia-graphics-drivers 352.41-1
	[jessie] - nvidia-graphics-drivers <not-affected> (Only affects R352 and R346 Linux branches)
	[wheezy] - nvidia-graphics-drivers <not-affected> (Only affects R352 and R346 Linux branches)
CVE-2015-5052 (SQL injection vulnerability in Sefrengo before 1.6.5 beta2. ...)
	NOT-FOR-US: Sefrengo
CVE-2015-5051 (IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6. ...)
	NOT-FOR-US: IBM
CVE-2015-5050 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contra ...)
	NOT-FOR-US: IBM
CVE-2015-5049 (SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7 ...)
	NOT-FOR-US: IBM
CVE-2015-5048
	RESERVED
CVE-2015-5047
	RESERVED
CVE-2015-5046
	RESERVED
CVE-2015-5045 (The Administration and Reporting tool in IBM Rational License Key Serv ...)
	NOT-FOR-US: IBM
CVE-2015-5044 (The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 P ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2015-5042 (IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0 ...)
	NOT-FOR-US: IBM
CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R ...)
	NOT-FOR-US: IBM JDK
CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF1 ...)
	NOT-FOR-US: IBM Domino
CVE-2015-5039 (The Remote Client and change management integrations in IBM Rational C ...)
	NOT-FOR-US: IBM
CVE-2015-5038 (IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5 ...)
	NOT-FOR-US: IBM
CVE-2015-5037 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x ...)
	NOT-FOR-US: IBM
CVE-2015-5036 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before ...)
	NOT-FOR-US: IBM
CVE-2015-5035 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before ...)
	NOT-FOR-US: IBM
CVE-2015-5034
	RESERVED
CVE-2015-5033
	RESERVED
CVE-2015-5032
	RESERVED
CVE-2015-5031
	RESERVED
CVE-2015-5030
	RESERVED
CVE-2015-5029
	RESERVED
CVE-2015-5028
	RESERVED
CVE-2015-5027
	RESERVED
CVE-2015-5026
	RESERVED
CVE-2015-5025
	RESERVED
CVE-2015-5024 (IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 1 ...)
	NOT-FOR-US: IBM
CVE-2015-5023 (SQL injection vulnerability in IBM Curam Social Program Management 6.1 ...)
	NOT-FOR-US: IBM
CVE-2015-5022 (IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B A ...)
	NOT-FOR-US: IBM
CVE-2015-5021 (IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenti ...)
	NOT-FOR-US: IBM
CVE-2015-5020 (The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0. ...)
	NOT-FOR-US: IBM
CVE-2015-5019 (IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrat ...)
	NOT-FOR-US: IBM
CVE-2015-5018 (IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8 ...)
	NOT-FOR-US: IBM
CVE-2015-5017 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-5016 (IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2015-5015 (IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack  ...)
	NOT-FOR-US: IBM
CVE-2015-5014 (IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 ...)
	NOT-FOR-US: IBM
CVE-2015-5013 (The IBM Security Access Manager appliance includes configuration files ...)
	NOT-FOR-US: IBM
CVE-2015-5012 (The SSH implementation on IBM Security Access Manager for Web applianc ...)
	NOT-FOR-US: IBM
CVE-2015-5011 (IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 be ...)
	NOT-FOR-US: IBM
CVE-2015-5010 (IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before  ...)
	NOT-FOR-US: IBM
CVE-2015-5009 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-5008 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-5007 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Comme ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-5006 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 bef ...)
	NOT-FOR-US: IBM JDK
CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote aut ...)
	NOT-FOR-US: IBM
CVE-2015-5004 (The Edge Component Caching Proxy in IBM WebSphere Application Server ( ...)
	NOT-FOR-US: IBM
CVE-2015-5003 (The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 thr ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2015-5002 (Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 th ...)
	NOT-FOR-US: IBM
CVE-2015-5001 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-5000
	RESERVED
CVE-2015-4999
	RESERVED
CVE-2015-4998 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-4997 (IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypa ...)
	NOT-FOR-US: IBM
CVE-2015-4996 (IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2015-4995
	RESERVED
CVE-2015-4994 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF1 ...)
	NOT-FOR-US: IBM
CVE-2015-4993 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4992 (IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authent ...)
	NOT-FOR-US: IBM
CVE-2015-4991 (IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 thro ...)
	NOT-FOR-US: IBM
CVE-2015-4990 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 b ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4989 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 b ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4988 (Directory traversal vulnerability in the replay server in IBM Tealeaf  ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4987 (The search and replay servers in IBM Tealeaf Customer Experience 8.0 t ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4986
	RESERVED
CVE-2015-4985
	RESERVED
CVE-2015-4984
	RESERVED
CVE-2015-4983
	RESERVED
CVE-2015-4982
	RESERVED
CVE-2015-4981 (IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1. ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-4980 (Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4979
	RESERVED
CVE-2015-4978
	RESERVED
CVE-2015-4977
	RESERVED
CVE-2015-4976
	RESERVED
CVE-2015-4975
	RESERVED
CVE-2015-4974 (IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1. ...)
	NOT-FOR-US: IBM
CVE-2015-4973 (Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integ ...)
	NOT-FOR-US: IBM
CVE-2015-4972
	RESERVED
CVE-2015-4971 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Sup ...)
	NOT-FOR-US: IBM
CVE-2015-4970
	RESERVED
CVE-2015-4969
	RESERVED
CVE-2015-4968
	REJECTED
CVE-2015-4967 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
	NOT-FOR-US: IBM
CVE-2015-4966 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
	NOT-FOR-US: IBM
CVE-2015-4965 (maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2015-4964 (IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6 ...)
	NOT-FOR-US: IBM
CVE-2015-4963 (IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before ...)
	NOT-FOR-US: IBM
CVE-2015-4962 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Life ...)
	NOT-FOR-US: IBM
CVE-2015-4961 (IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x befo ...)
	NOT-FOR-US: IBM
CVE-2015-4960 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10. ...)
	NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2015-4959 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Ident ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2015-4958 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10. ...)
	NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2015-4957 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-4956 (The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 a ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM
CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF ...)
	NOT-FOR-US: IBM
CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF ...)
	NOT-FOR-US: IBM
CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1  ...)
	NOT-FOR-US: IBM
CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (fo ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Da ...)
	NOT-FOR-US: IBM
CVE-2015-4949 (IBM Tivoli Storage Manager for Databases: Data Protection for Microsof ...)
	NOT-FOR-US: IBM
CVE-2015-4948 (netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre chan ...)
	NOT-FOR-US: IBM
CVE-2015-4947 (Stack-based buffer overflow in the Administration Server in IBM HTTP S ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4946 (Rational LifeCycle Project Administration in Jazz Team Server in IBM R ...)
	NOT-FOR-US: IBM
CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...)
	NOT-FOR-US: IBM
CVE-2015-4944 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2015-4943 (IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cau ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4942 (IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cau ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4941 (IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS han ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4940 (Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x be ...)
	NOT-FOR-US: IBM
CVE-2015-4939 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Life ...)
	NOT-FOR-US: IBM
CVE-2015-4938 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4937
	RESERVED
CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8 ...)
	NOT-FOR-US: IBM
CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-4930 (IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Pa ...)
	NOT-FOR-US: IBM QRadar SIEM
CVE-2015-4929 (IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Soft ...)
	NOT-FOR-US: IBM
CVE-2015-4928 (Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x be ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-4927 (The Reporting and Monitoring component in Tivoli Monitoring in IBM Tiv ...)
	NOT-FOR-US: IBM
CVE-2015-4926 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2015-4925 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4924 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-4923 (Unspecified vulnerability in the XML Developer's Kit for C component i ...)
	NOT-FOR-US: Oracle
CVE-2015-4922 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2015-4921 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2015-4920 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2015-4919 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2015-4918
	REJECTED
CVE-2015-4917 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-4916 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 all ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4915 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)  ...)
	NOT-FOR-US: Oracle
CVE-2015-4914 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-4913 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4912 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2015-4911 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Jav ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4910 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4909 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4908 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 all ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4907 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4906 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 all ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4905 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4904 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4903 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4902 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allo ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4901 (Unspecified vulnerability in Oracle Java SE 8u60 allows remote attacke ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4900 (Unspecified vulnerability in the XDB - XML Database component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-4899 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-4898 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2015-4897
	REJECTED
CVE-2015-4896 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3384-1}
	- virtualbox 5.0.8-dfsg-1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
CVE-2015-4895 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier al ...)
	{DSA-3385-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4894 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2015-4893 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Jav ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4892 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-4891 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4890 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4889
	REJECTED
CVE-2015-4888 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2015-4887 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle
CVE-2015-4886 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2015-4885 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2015-4884 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2015-4883 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4882 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4881 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4880 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4879 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, a ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4878 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-4877 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-4876 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-4875 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2015-4874 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2015-4873 (Unspecified vulnerability in the Database Scheduler component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-4872 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Jav ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4871 (Unspecified vulnerability in Oracle Java SE 7u85 allows remote attacke ...)
	{DSA-3401-1}
	- openjdk-7 7u91-2.6.3-1
CVE-2015-4870 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, a ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4869 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4868 (Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded  ...)
	- openjdk-8 8u66-b17-1
CVE-2015-4867 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4866 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.19-1
	[jessie] - mariadb-10.0 10.0.20-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
	NOTE: MariaDB: fixed in 10.0.18
CVE-2015-4865 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2015-4864 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier an ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.44-0+deb8u1
	[wheezy] - mysql-5.5 5.5.44-0+deb7u1
	[squeeze] - mysql-5.5 5.5.46-0+deb6u1
CVE-2015-4863 (Unspecified vulnerability in the Portable Clusterware component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2015-4862 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4861 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, a ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4860 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4859 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2015-4858 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, a ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4857 (Unspecified vulnerability in the RDBMS component in Oracle Database Se ...)
	NOT-FOR-US: Oracle
CVE-2015-4856 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.0.0-dfsg-1
	[jessie] - virtualbox 4.3.30-dfsg-1+deb8u1
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
CVE-2015-4855
	REJECTED
CVE-2015-4854 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2015-4853
	REJECTED
CVE-2015-4852 (The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2. ...)
	NOT-FOR-US: Oracle
CVE-2015-4851 (Unspecified vulnerability in the Oracle iSupplier Portal component in  ...)
	NOT-FOR-US: Oracle
CVE-2015-4850 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle
CVE-2015-4849 (Unspecified vulnerability in the Oracle Payments component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2015-4848 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-4847 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-4846 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2015-4845 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2015-4844 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3725-1 DSA-3465-1 DSA-3381-1 DLA-545-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
	- icu 57.1-1.1
	NOTE: http://bugs.icu-project.org/trac/ticket/12020
	NOTE: For ICU note that the original fix causes additional problems:
	NOTE: https://ssl.icu-project.org/trac/ticket/12020#comment:4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273318
	NOTE: see also CVE-2016-0494, introduced in through the fix for this CVE.
	NOTE: Upstream commit for OpenJDK: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e
CVE-2015-4843 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4842 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4841 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2015-4840 (Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE ...)
	{DSA-3381-1}
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4839 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle
CVE-2015-4838 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4837 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4836 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, a ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4835 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4834 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4833 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4832 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle
CVE-2015-4831 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4830 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4829
	REJECTED
CVE-2015-4828 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: Oracle
CVE-2015-4827 (Unspecified vulnerability in the Oracle Retail Open Commerce Platform  ...)
	NOT-FOR-US: Oracle
CVE-2015-4826 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4825 (Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses co ...)
	NOT-FOR-US: Oracle
CVE-2015-4824 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-4823 (Unspecified vulnerability in the Hyperion Installation Technology comp ...)
	NOT-FOR-US: Oracle
CVE-2015-4822 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4821 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)  ...)
	NOT-FOR-US: Oracle
CVE-2015-4820 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4819 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, a ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-4817 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4816 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier al ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4815 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4814
	REJECTED
CVE-2015-4813 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3384-1}
	- virtualbox 5.0.8-dfsg-1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
CVE-2015-4812 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4811 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4810 (Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4809 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4808 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4807 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	- mysql-5.6 <not-affected> (Only on Windows plattform)
	- mysql-5.5 <not-affected> (Only on Windows plattform)
	- mariadb-10.0 <not-affected> (Only on Windows plattform)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4806 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4805 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4804 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acqu ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2015-4803 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Jav ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4802 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4801 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4800 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4799 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4798 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2015-4797 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2015-4796 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4795 (Unspecified vulnerability in the Oracle Utilities Work and Asset Manag ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2015-4794 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4793 (Unspecified vulnerability in the Oracle Communications Convergence com ...)
	NOT-FOR-US: Oracle Communications Applications
CVE-2015-4792 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier an ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4791 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier al ...)
	- mysql-5.6 <not-affected> (Only on Windows plattform)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4790 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4789 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4788 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4787 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4786 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4785 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4784 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4783 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4782 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4781 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4780 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4779 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4778 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4777 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4776 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4775 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4774 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4773 (Unspecified vulnerability in the Hyperion Common Security component in ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2015-4772 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4771 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4770 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4769 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4768 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracal Supply Chain
CVE-2015-4767 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4766 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier al ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4765 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle Applications Manager
CVE-2015-4764 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4763 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-4762 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2015-4761 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allow ...)
	{DSA-3339-1 DSA-3323-1 DSA-3316-1 DLA-303-1 DLA-283-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	- icu 52.1-10
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4759 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4758 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4757 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier an ...)
	{DSA-3311-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 5.5.43-0+deb8u1
	NOTE: mysql-5.5 5.5.43 was not uploaded to unstable, bug migrated to unstable due to upload to jessie-security
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	[wheezy] - mysql-5.5 5.5.43-0+deb7u1
	- mariadb-10.0 10.0.19-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4756 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4755 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4754 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4753 (Unspecified vulnerability in the RDBMS Support Tools component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4752 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier an ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4751 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4750 (Unspecified vulnerability in the Oracle VM Server for SPARC component  ...)
	NOT-FOR-US: Oracle VM Server
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRoc ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRoc ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-4747 (Unspecified vulnerability in the Oracle Event Processing component in  ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4746 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-4745 (Unspecified vulnerability in the Oracle Endeca Information Discovery S ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4744 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-4743 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4742 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4741 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4740 (Unspecified vulnerability in the RDBMS Partitioning component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4739 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4738 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate G ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2015-4737 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, a ...)
	{DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 <not-affected>
	NOTE: Possibly related to https://github.com/mysql/mysql-server/commit/c655515d
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
	NOTE: https://lists.launchpad.net/maria-developers/msg08985.html
	NOTE: https://mariadb.atlassian.net/browse/MDEV-8269
	NOTE: Marked as not-affected for MariaDB since Oracle has given no evidence of
	NOTE: affecting MariaDB to their developers.
CVE-2015-4736 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remot ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4735 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...)
	NOT-FOR-US: Oracle Database
CVE-2015-4734 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and  ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and  ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and  ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4730 (Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows re ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4729 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remot ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4728 (Unspecified vulnerability in the Oracle Sourcing component in Oracle E ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4727 (Unspecified vulnerability in Oracle Virtualization Sun Ray Software be ...)
	NOT-FOR-US: Oracle Virtulization
CVE-2015-4726 (PHP remote file inclusion vulnerability in ajax/myajaxphp.php in Audio ...)
	NOT-FOR-US: AudioShare
CVE-2015-4725 (Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2 ...)
	NOT-FOR-US: AudioShare
CVE-2015-4724 (SQL injection vulnerability in Concrete5 5.7.3.1. ...)
	NOT-FOR-US: Concrete5
CVE-2015-4723
	RESERVED
CVE-2015-4722
	RESERVED
CVE-2015-4721 (Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3 ...)
	NOT-FOR-US: Concrete5
CVE-2015-4720
	REJECTED
CVE-2015-4719
	RESERVED
CVE-2015-4718 (The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-008
	NOTE: https://github.com/owncloud/core/commit/200e9d949783efbd57f39acedebc03924c1dfff4
CVE-2015-4717 (The filename sanitization component in ownCloud Server before 6.0.8, 7 ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-007
	NOTE: https://github.com/owncloud/core/commit/5fa749cd9656ca6eab30bac0ef4e7625b8a8be2e
CVE-2015-4716 (Directory traversal vulnerability in the routing component in ownCloud ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1 (unimportant)
	NOTE: Specific to installations on Windows
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-006
CVE-2015-4715 (The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownClo ...)
	- php-dropbox 1.0.0-4 (unimportant)
	[jessie] - php-dropbox 1.0.0-3+deb8u1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-005
	NOTE: Only relevant if server runs PHP below 5.6.0
CVE-2015-4714 (Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allow ...)
	NOT-FOR-US: DreamBox DM500-S
CVE-2015-4713 (SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote ed ...)
	NOT-FOR-US: ApPHP Hotel Site
CVE-2015-4712
	RESERVED
CVE-2015-4711
	RESERVED
CVE-2015-4710
	RESERVED
CVE-2015-4709
	REJECTED
CVE-2015-4708
	RESERVED
CVE-2015-4705
	RESERVED
CVE-2015-4702
	RESERVED
CVE-2015-4701
	RESERVED
CVE-2015-4699 (Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud ...)
	NOT-FOR-US: Cloud4Wi
CVE-2015-4698
	RESERVED
CVE-2015-4697 (Cross-site request forgery (CSRF) vulnerability in Google Analyticator ...)
	NOT-FOR-US: WordPress plugin google-analyticator
CVE-2015-4694 (Directory traversal vulnerability in download.php in the Zip Attachmen ...)
	NOT-FOR-US: Zip Attachments plugin for WordPress
CVE-2015-4693
	RESERVED
CVE-2015-4691
	RESERVED
CVE-2015-4690
	RESERVED
CVE-2015-4689 (Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows  ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-4688 (Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow r ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-4687 (Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-4686
	RESERVED
CVE-2015-4685 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows loc ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4684 (Multiple directory traversal vulnerabilities in Polycom RealPresence R ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4683 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows att ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4682 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows rem ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4681 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows loc ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4679 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Airties RT-210
CVE-2015-4678 (SQL injection vulnerability in Persian Car CMS 1.0 allows remote attac ...)
	NOT-FOR-US: Persian Car CMS
CVE-2015-4677 (Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka F ...)
	NOT-FOR-US: FiverrScript
CVE-2015-4676 (SQL injection vulnerability in ticket.php in TickFa 1.x allows remote  ...)
	NOT-FOR-US: TickFa
CVE-2015-4675 (Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote at ...)
	NOT-FOR-US: Tiny SRP
CVE-2015-5070 (The (1) filesystem::get_wml_location function in filesystem.cpp and (2 ...)
	{DLA-297-1}
	[experimental] - wesnoth-1.13 1:1.13.1-1
	- wesnoth-1.12 1:1.12.4-1
	- wesnoth-1.10 <removed>
	[jessie] - wesnoth-1.10 1:1.10.7-2+deb8u1
	[wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
	- wesnoth-1.8 <removed>
	NOTE: https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59
CVE-2015-5069 (The (1) filesystem::get_wml_location function in filesystem.cpp and (2 ...)
	{DLA-297-1}
	[experimental] - wesnoth-1.13 1:1.13.1-1
	- wesnoth-1.12 1:1.12.4-1
	- wesnoth-1.10 <removed>
	[jessie] - wesnoth-1.10 1:1.10.7-2+deb8u1
	[wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
	- wesnoth-1.8 <removed>
	NOTE: https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
CVE-2015-5059 (The "Project Documentation" feature in MantisBT 1.2.19 and earlier, wh ...)
	- mantis <removed>
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/f39cf525 (1.2.x)
	NOTE: https://mantisbt.org/bugs/view.php?id=19873
CVE-2015-5057 (Cross-site scripting (XSS) vulnerability exists in the Wordpress admin ...)
	NOT-FOR-US: WordPress plugin broken-link-checker
CVE-2015-4707 (Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows  ...)
	- ipython 2.4.1-1 (bug #789824)
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
	[squeeze] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
	NOTE: https://github.com/ipython/ipython/commit/1fcc9943c000ab553ebc029db99ecbd0536960d6
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/22/4
CVE-2015-4706 (Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 all ...)
	- ipython <not-affected> (Only affects 3.x)
CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments plug ...)
	NOT-FOR-US: WordPress plugin download-zip-attachments
CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php in the ...)
	NOT-FOR-US: WordPress plugin wp-instance-rename
CVE-2015-4700 (The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the ...)
	{DSA-3329-1}
	- linux 4.0.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in v3.0-rc1)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be (v4.1-rc6)
	NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a14842f5a3c0e88a1e59fac5c3025db39721f74 (v3.0-rc1)
CVE-2015-4696 (Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers ...)
	{DSA-3302-1 DLA-257-1}
	- libwmf 0.2.8.4-10.4 (bug #784192)
CVE-2015-4695 (meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of  ...)
	{DSA-3302-1 DLA-257-1}
	- libwmf 0.2.8.4-10.4 (bug #784205)
CVE-2015-4680 (FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly ...)
	{DLA-977-1}
	- freeradius 2.2.8+dfsg-0.1 (bug #789623)
	[jessie] - freeradius <no-dsa> (Minor issue)
	[squeeze] - freeradius <no-dsa> (Minor issue)
	NOTE: Recommended configuration is to use self-signed CAs for EAP-TLS methods.
	NOTE: See raddb/certs/README
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3 (v2.x.x branch)
	NOTE: http://www.ocert.org/advisories/ocert-2015-008.html
CVE-2015-4674 (The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows re ...)
	NOT-FOR-US: TimeDoctor Pro
CVE-2015-4673 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7. ...)
	NOT-FOR-US: ClipBucket
CVE-2015-4672
	RESERVED
CVE-2015-4671 (Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 al ...)
	NOT-FOR-US: OpenCart
CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in Dev ...)
	NOT-FOR-US: AjaxControlToolkit
CVE-2015-4669 (The MySQL "root" user in Xsuite 2.x does not have a password set, whic ...)
	NOT-FOR-US: Xsuite
CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remot ...)
	NOT-FOR-US: Xsuite
CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.x. ...)
	NOT-FOR-US: Xsuite
CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in Xceedi ...)
	NOT-FOR-US: Xceedium Xsuite
CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium X ...)
	NOT-FOR-US: Xceedium Xsuite
CVE-2015-4664 (An improper input validation vulnerability in CA Privileged Access Man ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2015-4663
	RESERVED
	- hhvm 3.11.0+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/e282a459188a472e177b45ad2d2989289294df74
CVE-2015-4662
	RESERVED
CVE-2015-4661 (Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows  ...)
	NOT-FOR-US: Symphony CMS
CVE-2015-4660 (Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.79 ...)
	NOT-FOR-US: Enhanced SQL Portal
CVE-2015-4659 (Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and  ...)
	NOT-FOR-US: ClickHeat
CVE-2015-4658 (Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm C ...)
	NOT-FOR-US: Milw0rm Clone Script
CVE-2015-4657 (Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earl ...)
	NOT-FOR-US: Mailbird
CVE-2015-4656 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo  ...)
	NOT-FOR-US: Synology Photo Station
CVE-2015-4655 (Cross-site scripting (XSS) vulnerability in Synology DiskStation Manag ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2015-4654 (SQL injection vulnerability in the EQ Event Calendar component for Joo ...)
	NOT-FOR-US: EQ Event Calendar component for Joomla!
CVE-2015-4653
	RESERVED
CVE-2015-4650 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before  ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-4649 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before  ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX c ...)
	NOT-FOR-US: Pansonic Security API
CVE-2015-4647 (Multiple stack-based buffer overflows in Ipropsapi in Panasonic Securi ...)
	NOT-FOR-US: Pansonic Security API
CVE-2015-4641 (Directory traversal vulnerability in the SwiftKey language-pack update ...)
	NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2015-4640 (The SwiftKey language-pack update implementation on Samsung Galaxy S4, ...)
	NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in th ...)
	NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-4652 (epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wires ...)
	{DSA-3294-1}
	- wireshark 1.12.6+gee1fce6-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-20.html
CVE-2015-4651 (The dissect_wccp2r1_address_table_info function in epan/dissectors/pac ...)
	{DSA-3294-1}
	- wireshark 1.12.6+gee1fce6-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-19.html
CVE-2015-4646 ((1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash ...)
	- squashfs-tools 1:4.3-2 (bug #793468)
	[jessie] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
	NOTE: https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1
	NOTE: https://github.com/plougher/squashfs-tools/commit/ba215d73e153a6f237088b4ecb88c702bb4d4183
	NOTE: Further more complete fixes went into 1:4.3+git190815-1
CVE-2015-4645 (Integer overflow in the read_fragment_table_4 function in unsquash-4.c ...)
	- squashfs-tools 1:4.3-2 (bug #793467)
	[jessie] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
	NOTE: https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1
	NOTE: https://github.com/plougher/squashfs-tools/commit/ba215d73e153a6f237088b4ecb88c702bb4d4183
	NOTE: Further more complete fixes went into 1:4.3+git190815-1
CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...)
	- php5 <not-affected> (Windows specific)
	NOTE: https://bugs.php.net/bug.php?id=69646
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
	NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
	NOTE: https://bugs.php.net/bug.php?id=69667
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl  ...)
	NOT-FOR-US: Koha
CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM,  ...)
	NOT-FOR-US: FastL4
CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0  ...)
	NOT-FOR-US: BIG-IQ
CVE-2015-4636
	RESERVED
CVE-2015-4635
	RESERVED
CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allow ...)
	{DSA-3312-1 DLA-278-1}
	- cacti 0.8.8e+ds1-1
	NOTE: http://bugs.cacti.net/view.php?id=2577
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-4633 (Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16,  ...)
	- koha <itp> (bug #389876)
CVE-2015-4632 (Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.1 ...)
	- koha <itp> (bug #389876)
CVE-2015-4631 (Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x bef ...)
	- koha <itp> (bug #389876)
CVE-2015-4630 (Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.1 ...)
	- koha <itp> (bug #389876)
CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to ...)
	NOT-FOR-US: Huawei
CVE-2015-4628 (SQL injection vulnerability in application/controllers/admin/questiong ...)
	- limesurvey <itp> (bug #472802)
CVE-2015-4627 (SQL injection vulnerability in Pragyan CMS 3.0. ...)
	NOT-FOR-US: Pragyan CMS
CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, wh ...)
	NOT-FOR-US: B.A.S C2Box
CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. ...)
	NOT-FOR-US: Hak5 WiFi Pineapple
CVE-2015-4623
	RESERVED
CVE-2015-4622
	RESERVED
CVE-2015-4621
	RESERVED
CVE-2015-4620 (name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9. ...)
	{DSA-3304-1 DLA-270-1}
	- bind9 1:9.9.5.dfsg-10 (bug #791715)
	NOTE: https://kb.isc.org/article/AA-01267
CVE-2015-4619 (Cross-site request forgery (CSRF) vulnerability in Spina before commit ...)
	NOT-FOR-US: Spina CMS
CVE-2015-4618
	RESERVED
CVE-2015-4617 (Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpl ...)
	NOT-FOR-US: WordPress plugin easy2map-photos
CVE-2015-4616 (Directory traversal vulnerability in includes/MapPinImageSave.php in t ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-4615 (Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Inj ...)
	NOT-FOR-US: WordPress plugin easy2map-photos
CVE-2015-4614 (Multiple SQL injection vulnerabilities in includes/Function.php in the ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-4613 (SQL injection vulnerability in the backend module in the Developer Log ...)
	NOT-FOR-US: TYPO3 extension devlog
CVE-2015-4612 (SQL injection vulnerability in the "FAQ - Frequently Asked Questions"  ...)
	NOT-FOR-US: TYPO3 extension js_faq
CVE-2015-4611 (SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) ext ...)
	NOT-FOR-US: TYPO3 extension ncgov_smoelenboek
CVE-2015-4610 (SQL injection vulnerability in the Store Locator (locator) extension b ...)
	NOT-FOR-US: TYPO3 extension locator
CVE-2015-4609 (SQL injection vulnerability in the wt_directory extension before 1.4.2 ...)
	NOT-FOR-US: TYPO3 extension wt_directory
CVE-2015-4608 (Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beus ...)
	NOT-FOR-US: TYPO3 extension beko_beuserlog
CVE-2015-4607 (Unrestricted file upload vulnerability in the Frontend User Upload (fe ...)
	NOT-FOR-US: TYPO3 extension feupload
CVE-2015-4606 (Unrestricted file upload vulnerability in the Job Fair (jobfair) exten ...)
	NOT-FOR-US: TYPO3 extension jobfair
CVE-2015-4597
	RESERVED
CVE-2015-4596 (Lenovo Mouse Suite before 6.73 allows local users to run arbitrary cod ...)
	NOT-FOR-US: Lenovo
CVE-2015-4595
	RESERVED
CVE-2015-4594 (eClinicalWorks Population Health (CCMR) suffers from a session fixatio ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4593 (eClinicalWorks Population Health (CCMR) suffers from a cross-site requ ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4592 (eClinicalWorks Population Health (CCMR) suffers from an SQL injection  ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4591 (eClinicalWorks Population Health (CCMR) suffers from a cross site scri ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4590 (The extractFrom function in Internals/QuotedString.cpp in Arduino JSON ...)
	NOT-FOR-US: Arduino JSON
CVE-2015-4589
	RESERVED
CVE-2015-4587 (Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPip ...)
	NOT-FOR-US: Alcatel-Lucent CellPipe 7130 router
CVE-2015-4586 (Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent Cell ...)
	NOT-FOR-US: Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL
CVE-2015-4585
	RESERVED
CVE-2015-4584
	RESERVED
CVE-2015-4583
	RESERVED
CVE-2015-4582
	RESERVED
CVE-2015-4581
	RESERVED
CVE-2015-4580
	RESERVED
CVE-2015-4579
	RESERVED
CVE-2015-4578
	RESERVED
CVE-2015-4577
	RESERVED
CVE-2015-4576
	RESERVED
CVE-2015-4575
	RESERVED
CVE-2015-4574
	RESERVED
CVE-2015-4573
	RESERVED
CVE-2015-4572
	RESERVED
CVE-2015-4571
	RESERVED
CVE-2015-4570
	RESERVED
CVE-2015-4569
	RESERVED
CVE-2015-4568
	RESERVED
CVE-2015-4567
	RESERVED
CVE-2015-4566
	RESERVED
CVE-2015-4565
	RESERVED
CVE-2015-4564
	RESERVED
CVE-2015-4563
	RESERVED
CVE-2015-4562
	RESERVED
CVE-2015-4561
	RESERVED
CVE-2015-4560
	RESERVED
CVE-2015-4559 (Cross-site scripting (XSS) vulnerability in the product deployment fea ...)
	NOT-FOR-US: Intel McAfee ePolicy Orchestrator
CVE-2015-4558
	RESERVED
CVE-2015-4557 (Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_butto ...)
	NOT-FOR-US: WordPress plugin nextend-twitter-connect
CVE-2015-4555 (Buffer overflow in the HTTP administrative interface in TIBCO Rendezvo ...)
	NOT-FOR-US: TIBCO
CVE-2015-4554 (Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spot ...)
	NOT-FOR-US: TIBCO
CVE-2015-4553 (A file upload issue exists in DeDeCMS before 5.7-sp1, which allows mal ...)
	NOT-FOR-US: DeDeCMS
CVE-2015-4552 (Cross-site scripting (XSS) vulnerability in the quick edit function in ...)
	NOT-FOR-US: MyBB
CVE-2015-4551 (LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the s ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/
CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco
CVE-2015-4549
	RESERVED
CVE-2015-4548 (EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obta ...)
	NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2015-4547 (EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB  ...)
	NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2015-4546 (Directory traversal vulnerability in EMC RSA OneStep 6.9 before build  ...)
	NOT-FOR-US: EMC RSA OneStep
CVE-2015-4545 (EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 b ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 do ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4543 (EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored password ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4542 (EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users  ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4541 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer  ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4540 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identit ...)
	NOT-FOR-US: EMC RSA
CVE-2015-4539 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identit ...)
	NOT-FOR-US: EMC RSA
CVE-2015-4538 (The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0  ...)
	NOT-FOR-US: EMC Atmos
CVE-2015-4537 (Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase wh ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-4536 (EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4535 (Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4534 (Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4533 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7. ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4532 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7. ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4531 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7. ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4530 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebT ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4529 (Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Do ...)
	NOT-FOR-US: EMC Documentum WebTop
CVE-2015-4528 (Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage ...)
	NOT-FOR-US: EMC Documentum CenterStage
CVE-2015-4527 (Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1. ...)
	NOT-FOR-US: EMC Avamar
CVE-2015-4526 (EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to  ...)
	NOT-FOR-US: EMC RecoverPoint
CVE-2015-4525 (The log-gather implementation in the web administration interface in E ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2015-4524 (Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 ...)
	NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-4523 (Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware An ...)
	NOT-FOR-US: Blue Coat
CVE-2015-4522 (The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 4 ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-4521 (The ConvertDialogOptions function in Mozilla Firefox before 41.0 and F ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-4520 (Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow rem ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
CVE-2015-4519 (Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow use ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
CVE-2015-4518 (The Reader View implementation in Mozilla Firefox before 42.0 has an i ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/
CVE-2015-4517 (NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x b ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-4516 (Mozilla Firefox before 41.0 allows remote attackers to bypass certain  ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
CVE-2015-4515 (Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authenti ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/
CVE-2015-4514 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
CVE-2015-4513 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
CVE-2015-4512 (gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux  ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/
CVE-2015-4511 (Heap-based buffer overflow in the nestegg_track_codec_data function in ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/
CVE-2015-4510 (Race condition in the WorkerPrivate::NotifyFeatures function in Mozill ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/
CVE-2015-4509 (Use-after-free vulnerability in the HTMLVideoElement interface in Mozi ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
CVE-2015-4508 (Mozilla Firefox before 41.0, when reader mode is enabled, allows remot ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/
CVE-2015-4507 (The SavedStacks class in the JavaScript implementation in Mozilla Fire ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/
CVE-2015-4506 (Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- libvpx 1.4.0-4 (unimportant)
	[squeeze] - libvpx <not-affected> (no vp9 support in this version)
	[wheezy] - libvpx <not-affected> (no vp9 support in this version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/
	NOTE: this is a duplicate of CVE-2015-1258, libvpx in google chrome
CVE-2015-4505 (updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/
CVE-2015-4504 (The lut_inverse_interp16 function in the QCMS library in Mozilla Firef ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
CVE-2015-4503 (The TCP Socket API implementation in Mozilla Firefox before 41.0 misha ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
CVE-2015-4502 (js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certa ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/
CVE-2015-4501 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
CVE-2015-4500 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
CVE-2015-4499 (Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x b ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-4498 (The add-on installation feature in Mozilla Firefox before 40.0.3 and F ...)
	{DSA-3345-1}
	- iceweasel 38.2.1esr-1
	[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-95
CVE-2015-4497 (Use-after-free vulnerability in the CanvasRenderingContext2D implement ...)
	{DSA-3345-1}
	- iceweasel 38.2.1esr-1
	[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
CVE-2015-4496 (Multiple integer overflows in libstagefright in Mozilla Firefox before ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel 38.2.0esr-1~deb8u1
	[wheezy] - iceweasel 38.2.0esr-1~deb7u1
	[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-93/
CVE-2015-4495 (The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x befo ...)
	- iceweasel 38.1.1esr-1
	[jessie] - iceweasel <not-affected> (Only affects 38.x ESR and 39)
	[wheezy] - iceweasel <not-affected> (Only affects 38.x ESR and 39)
	[squeeze] - iceweasel <not-affected> (Only affects 38.x ESR and 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
	- pdf.js 1.1.366+dfsg-1
	[jessie] - pdf.js 1.0.907+dfsg-1+deb8u1
	NOTE: for jessie: xul-ext-pdf.js binary package build was removed
	NOTE: https://github.com/mozilla/pdf.js/commit/0b5330781c367fcbc997947adbf2bdcdf71f61bc
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
CVE-2015-4494 (Mozilla Firefox OS before 2.2 does not require the wifi-manage privile ...)
	NOT-FOR-US: Firefox OS
CVE-2015-4493 (Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4492 (Use-after-free vulnerability in the XMLHttpRequest::Open implementatio ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-92/
CVE-2015-4491 (Integer overflow in the make_filter_table function in pixops/pixops.c  ...)
	{DSA-3337-2 DSA-3337-1 DLA-434-1}
	- gdk-pixbuf 2.31.7-1
	- gtk+2.0 2.21.5-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=752297
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=8dba67cb4f38d62a47757741ad41e3f245b4a32a
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/17/17
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in M ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-91
CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38 ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in Mozil ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before 40 ...)
	- libvpx 1.4.0-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	[squeeze] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1177948 is restricted
CVE-2015-4485 (Heap-based buffer overflow in the resize_context_buffers function in l ...)
	- libvpx 1.4.0-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	[squeeze] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1178148 is restricted
CVE-2015-4484 (The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript  ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-87/
CVE-2015-4483 (Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypa ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-86/
CVE-2015-4482 (mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox E ...)
	- iceweasel <not-affected> (Updater not used in Debian)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-85/
CVE-2015-4481 (Race condition in the Mozilla Maintenance Service in Mozilla Firefox b ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-84/
CVE-2015-4480 (Integer overflow in the stagefright::SampleTable::isValid function in  ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4479 (Multiple integer overflows in libstagefright in Mozilla Firefox before ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4478 (Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not im ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-82/
CVE-2015-4477 (Use-after-free vulnerability in the MediaStream playback feature in Mo ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/
CVE-2015-4476 (Mozilla Firefox before 41.0 on Android allows user-assisted remote att ...)
	- iceweasel <not-affected> (Affects only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
CVE-2015-4475 (The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Fir ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-80/
CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	- icedove <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
CVE-2015-4466
	RESERVED
CVE-2015-4465 (Cross-site scripting (XSS) vulnerability in the zM Ajax Login &amp; Re ...)
	NOT-FOR-US: WordPress plugin zM Ajax Login & Register
CVE-2015-4464 (Kguard Digital Video Recorder 104, 108, v2 does not have any authoriza ...)
	NOT-FOR-US: Kguard Digital Video Recorder
CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows remote ...)
	NOT-FOR-US: eFront CMS
CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...)
	NOT-FOR-US: eFront CMS
CVE-2015-4461 (Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earli ...)
	NOT-FOR-US: eFront CMS
CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in SecuritySetting/Use ...)
	NOT-FOR-US: C2Box
CVE-2015-4459
	RESERVED
CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...)
	NOT-FOR-US: Cisco
CVE-2014-9733 (nw.js before 0.11.5 can simulate user input events in a normal frame,  ...)
	NOT-FOR-US: nw.js
CVE-2015-4603 (The exception::getTraceAsString function in Zend/zend_exceptions.c in  ...)
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69152 [2015-03-03 04:30 UTC]
CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1
	NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ser ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
	NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.2 ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
	NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69152
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does n ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69719
	NOTE: Fixed in 5.6.10 and 5.4.42 upstream
CVE-2015-4588 (Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8 ...)
	{DSA-3302-1 DLA-253-1}
	- libwmf 0.2.8.4-10.4 (bug #787644)
CVE-2015-4556 (The string-translate* procedure in the data-structures unit in CHICKEN ...)
	- chicken 4.10.0-1 (bug #788833)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/15/1
CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti befo ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	[squeeze] - cacti 0.8.7g-1+squeeze6
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7718
	NOTE: http://jvn.jp/en/jp/JVN78187936/
	NOTE: Fixed upstream in 0.8.8d
CVE-2015-4457 (Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Ma ...)
	NOT-FOR-US: Cloudera
CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::igno ...)
	{DSA-3363-1}
	- owncloud-client 1.8.4+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009
CVE-2015-4455 (Unrestricted file upload vulnerability in includes/upload.php in the A ...)
	NOT-FOR-US: WordPress plugin aviary-image-editor-add-on-for-gravity-forms
CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7720
	NOTE: http://bugs.cacti.net/view.php?id=2572
	NOTE: Fixed upstream in 0.8.8d
CVE-2015-4453 (interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch  ...)
	NOT-FOR-US: OpenEMR
CVE-2015-4452 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4451 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4450 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4449 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4448 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4447 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4446 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4445 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4444 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4443 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4442
	REJECTED
CVE-2015-4441 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4440
	REJECTED
CVE-2015-4439
	REJECTED
CVE-2015-4438 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4437
	REJECTED
CVE-2015-4436
	REJECTED
CVE-2015-4435 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4434
	REJECTED
CVE-2015-4433 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4432 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4431 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4430 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4429 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4428 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4427 (Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/w ...)
	NOT-FOR-US: Ektron CMS
CVE-2015-4426 (SQL injection vulnerability in pimcore before build 3473 allows remote ...)
	NOT-FOR-US: pimcore
CVE-2015-4425 (Directory traversal vulnerability in pimcore before build 3473 allows  ...)
	NOT-FOR-US: pimcore
CVE-2015-4424
	RESERVED
CVE-2015-4423
	RESERVED
CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100 ...)
	NOT-FOR-US: TEEOS module in Huawei Mate 7
CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V ...)
	NOT-FOR-US: tzdriver module in Huawei Mate 7
CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 a ...)
	NOT-FOR-US: Opsview
CVE-2015-4419
	RESERVED
CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an off aut ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-4417
	RESERVED
CVE-2015-4416
	RESERVED
CVE-2015-4415 (Multiple directory traversal vulnerabilities in func.php in Magnifica  ...)
	NOT-FOR-US: Magnifica Webscripts Anima Gallery
CVE-2015-4414 (Directory traversal vulnerability in download_audio.php in the SE HTML ...)
	NOT-FOR-US: WordPress plugin se-html5-album-audio-player
CVE-2015-4413 (Cross-site scripting (XSS) vulnerability in the new_fb_sign_button fun ...)
	NOT-FOR-US: WordPress plugin nextend-facebook-connect
CVE-2015-4409 (Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devi ...)
	NOT-FOR-US: Hikvision
CVE-2015-4408 (Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devi ...)
	NOT-FOR-US: Hikvision
CVE-2015-4407 (Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devi ...)
	NOT-FOR-US: Hikvision
CVE-2015-4406
	RESERVED
CVE-2015-4405
	RESERVED
CVE-2015-4404
	RESERVED
CVE-2015-4403
	RESERVED
CVE-2015-4402
	RESERVED
CVE-2015-4401
	RESERVED
CVE-2015-4400 (Ring (formerly DoorBot) video doorbells allow remote attackers to obta ...)
	NOT-FOR-US: Ring video doorbells
CVE-2015-4399
	RESERVED
CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools) module be ...)
	NOT-FOR-US: Drupal module Chaos tool suite
CVE-2015-4397 (Cross-site request forgery (CSRF) vulnerability in the Node Template m ...)
	NOT-FOR-US: Drupal module Node Template
CVE-2015-4396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyw ...)
	NOT-FOR-US: Drupal module Keyword Research
CVE-2015-4395 (The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal  ...)
	NOT-FOR-US: Drupal module HybridAuth Social Login
CVE-2015-4394 (The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote a ...)
	NOT-FOR-US: Drupal module Services
CVE-2015-4393 (The resource/endpoint for uploading files in the Services module 7.x-3 ...)
	NOT-FOR-US: Drupal module Services
CVE-2015-4392 (Cross-site scripting (XSS) vulnerability in the Display Suite module 7 ...)
	NOT-FOR-US: Drupal module Display Suite
CVE-2015-4391 (Cross-site request forgery (CSRF) vulnerability in the CiviCRM private ...)
	NOT-FOR-US: Drupal module CiviCRM
CVE-2015-4390 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
	NOT-FOR-US: Drupal module User Import
CVE-2015-4389 (The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not  ...)
	NOT-FOR-US: Drupal module Open Graph Importer
CVE-2015-4388 (Cross-site scripting (XSS) vulnerability in the Current Search Links m ...)
	NOT-FOR-US: Drupal module Current Search Links
CVE-2015-4387 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Password Policy
CVE-2015-4386 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified adm ...)
	NOT-FOR-US: Drupal module EntityBulkDelete
CVE-2015-4385 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Imagefield Info
CVE-2015-4384 (Cross-site scripting (XSS) vulnerability in the Ubercart Webform Check ...)
	NOT-FOR-US: Drupal module Ubercart Webform Checkout Pane
CVE-2015-4383 (Cross-site request forgery (CSRF) vulnerability in the Decisions modul ...)
	NOT-FOR-US: Drupal module Decisions
CVE-2015-4382 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Invo ...)
	NOT-FOR-US: Drupal module Invoice
CVE-2015-4381 (Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x ...)
	NOT-FOR-US: Drupal module Invoice
CVE-2015-4380 (Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x ...)
	NOT-FOR-US: Drupal module Linear Case
CVE-2015-4379 (Cross-site request forgery (CSRF) vulnerability in the Webform Multipl ...)
	NOT-FOR-US: Drupal module Webform Multiple File Upload
CVE-2015-4378 (Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x  ...)
	NOT-FOR-US: Drupal module Crumbs
CVE-2015-4377 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Petition
CVE-2015-4376 (Cross-site scripting (XSS) vulnerability in the Profile2 Privacy modul ...)
	NOT-FOR-US: Drupal module Profile2 Privacy
CVE-2015-4375 (The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal ...)
	NOT-FOR-US: Drupal module Chaos tool suite
CVE-2015-4374 (Cross-site scripting (XSS) vulnerability in the Webform module before  ...)
	NOT-FOR-US: Webform module for Drupal
CVE-2015-4373 (Cross-site scripting (XSS) vulnerability in the OG tabs module before  ...)
	NOT-FOR-US: Drupal module OG tabs
CVE-2015-4372 (Cross-site scripting (XSS) vulnerability in the Image Title module bef ...)
	NOT-FOR-US: Drupal module Image Title
CVE-2015-4371 (Open redirect vulnerability in the Perfecto module before 7.x-1.2 for  ...)
	NOT-FOR-US: Drupal module Perfecto
CVE-2015-4370 (Cross-site scripting (XSS) vulnerability in the Site Documentation mod ...)
	NOT-FOR-US: Drupal module Site Documentation
CVE-2015-4369 (Cross-site scripting (XSS) vulnerability in the Trick Question module  ...)
	NOT-FOR-US: Drupal module Trick Question
CVE-2015-4368 (The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows rem ...)
	NOT-FOR-US: Drupal module Commerce Ogone
CVE-2015-4367 (Cross-site scripting (XSS) vulnerability in the Simple Subscription mo ...)
	NOT-FOR-US: Drupal module Simple Subscription
CVE-2015-4366 (Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 f ...)
	NOT-FOR-US: Drupal module Mover
CVE-2015-4365 (Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion mod ...)
	NOT-FOR-US: Drupal module Taxonomy Accordion
CVE-2015-4364 (Multiple cross-site request forgery (CSRF) vulnerabilities in includes ...)
	NOT-FOR-US: Drupal module Campaign Monitor
CVE-2015-4363 (Open redirect vulnerability in the finder_form_goto function in the Fi ...)
	NOT-FOR-US: Drupal module Finder
CVE-2015-4362 (Cross-site request forgery (CSRF) vulnerability in tracking_code.admin ...)
	NOT-FOR-US: Drupal module Tracking Code
CVE-2015-4361 (Cross-site request forgery (CSRF) vulnerability in the Registration co ...)
	NOT-FOR-US: Drupal Module Registration codes
CVE-2015-4360 (Cross-site request forgery (CSRF) vulnerability in the Registration co ...)
	NOT-FOR-US: Drupal Module Registration codes
CVE-2015-4359 (Multiple cross-site scripting (XSS) vulnerabilities in the Registratio ...)
	NOT-FOR-US: Drupal Module Registration codes
CVE-2015-4358 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Ubercart Display Coupons
CVE-2015-4357 (Cross-site scripting (XSS) vulnerability in the Webform module before  ...)
	NOT-FOR-US: Drupal module Webform
CVE-2015-4356 (Cross-site scripting (XSS) vulnerability in the view-based webform res ...)
	NOT-FOR-US: Drupal module Webform
CVE-2015-4355 (Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggreg ...)
	NOT-FOR-US: Drupal module Watchdog Aggregator
CVE-2015-4354 (Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integ ...)
	NOT-FOR-US: Drupal module Ubercart Webform Integration
CVE-2015-4353 (Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap  ...)
	NOT-FOR-US: Drupal module Custom Sitemap
CVE-2015-4352 (Cross-site request forgery (CSRF) vulnerability in the Spider Video Pl ...)
	NOT-FOR-US: Drupal module Spider Video Player
CVE-2015-4351 (The Spider Video Player module for Drupal allows remote authenticated  ...)
	NOT-FOR-US: Drupal module Spider Video Player
CVE-2015-4350 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Spid ...)
	NOT-FOR-US: Drupal Module Spider Catalog
CVE-2015-4349 (Cross-site request forgery (CSRF) vulnerability in the Spider Contacts ...)
	NOT-FOR-US: Drupal Module Spider Catalog
CVE-2015-4348 (SQL injection vulnerability in the Spider Contacts module for Drupal a ...)
	NOT-FOR-US: Drupal module Spider Contacts
CVE-2015-4347 (Cross-site scripting (XSS) vulnerability in the inLinks Integration mo ...)
	NOT-FOR-US: Drupal module inLinks Integration
CVE-2015-4346 (Cross-site scripting (XSS) vulnerability in the SMS Framework module 6 ...)
	NOT-FOR-US: Drupal module SMS Framework
CVE-2015-4345 (The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x ...)
	NOT-FOR-US: Drupal module RESTful Web Services
CVE-2015-4344 (The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for D ...)
	NOT-FOR-US: Drupal module Services Basic Authentication
CVE-2015-4343
	RESERVED
CVE-2015-4342 (SQL injection vulnerability in Cacti before 0.8.8d allows remote attac ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	NOTE: Original report: http://seclists.org/fulldisclosure/2015/Jun/19
	NOTE: Upstream bug: http://bugs.cacti.net/view.php?id=2571 (not yet accessible)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7719
	NOTE: Fixed upstream in 0.8.8d
CVE-2015-4341
	RESERVED
CVE-2015-4340
	RESERVED
CVE-2015-4339
	RESERVED
CVE-2015-4334 (The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5 ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2015-4333
	RESERVED
CVE-2015-4332
	RESERVED
CVE-2015-4331 (Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authen ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2015-4330 (A local file script in Cisco TelePresence Video Communication Server ( ...)
	NOT-FOR-US: Cisco
CVE-2015-4329 (The administrator web interface in Cisco TelePresence Video Communicat ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4328 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2  ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4327 (The CLI in Cisco TelePresence Video Communication Server (VCS) Express ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4326
	RESERVED
CVE-2015-4325 (The process-management implementation in Cisco TelePresence Video Comm ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4324 (Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphe ...)
	NOT-FOR-US: Cisco
CVE-2015-4323 (Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphe ...)
	NOT-FOR-US: Cisco
CVE-2015-4322 (Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, ...)
	NOT-FOR-US: Cisco
CVE-2015-4321 (The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Ada ...)
	NOT-FOR-US: Cisco
CVE-2015-4320 (The Configuration Log File component in Cisco TelePresence Video Commu ...)
	NOT-FOR-US: Cisco
CVE-2015-4319 (The password-change feature in the administrative web interface in Cis ...)
	NOT-FOR-US: Cisco
CVE-2015-4318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2  ...)
	NOT-FOR-US: Cisco
CVE-2015-4317 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2  ...)
	NOT-FOR-US: Cisco
CVE-2015-4316 (The Mobile and Remote Access (MRA) endpoint-validation feature in Cisc ...)
	NOT-FOR-US: Cisco
CVE-2015-4315 (The Call Policy Configuration page in Cisco TelePresence Video Communi ...)
	NOT-FOR-US: Cisco
CVE-2015-4314 (The System Snapshot feature in Cisco TelePresence Video Communication  ...)
	NOT-FOR-US: Cisco
CVE-2015-4313
	RESERVED
CVE-2015-4312
	RESERVED
CVE-2015-4311
	RESERVED
CVE-2015-4310 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 1 ...)
	NOT-FOR-US: Cisco
CVE-2015-4309
	RESERVED
CVE-2015-4308 (The webGUI configuration-export feature in Cisco Edge Bluebird Operati ...)
	NOT-FOR-US: Cisco
CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning before 11. ...)
	NOT-FOR-US: Cisco Prime Collaboration Provisioning
CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1 ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1 ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before 10.5.1 ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4303 (Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2015-4302 (The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows  ...)
	NOT-FOR-US: Cisco
CVE-2015-4301 (Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated ...)
	NOT-FOR-US: Cisco
CVE-2015-4300
	REJECTED
CVE-2015-4299 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly per ...)
	NOT-FOR-US: Cisco
CVE-2015-4298 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) im ...)
	NOT-FOR-US: Cisco
CVE-2015-4297 (Open redirect vulnerability in Cisco WebEx Node for Media Convergence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4296 (Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0( ...)
	NOT-FOR-US: Cisco
CVE-2015-4295 (The Prime Collaboration Deployment component in Cisco Unified Communic ...)
	NOT-FOR-US: Cisco
CVE-2015-4294 (Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Serv ...)
	NOT-FOR-US: Cisco
CVE-2015-4293 (The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier ...)
	NOT-FOR-US: Cisco
CVE-2015-4292 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2015-4291 (Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devic ...)
	NOT-FOR-US: Cisco
CVE-2015-4290 (The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(20 ...)
	NOT-FOR-US: Cisco
CVE-2015-4289 (Directory traversal vulnerability in Cisco AnyConnect Secure Mobility  ...)
	NOT-FOR-US: Cisco
CVE-2015-4288 (The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5. ...)
	NOT-FOR-US: Cisco
CVE-2015-4287 (Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 900 ...)
	NOT-FOR-US: Cisco
CVE-2015-4286 (The web framework in Cisco UCS Central Software 1.3(0.99) allows remot ...)
	NOT-FOR-US: Cisco
CVE-2015-4285 (The Local Packet Transport Services (LPTS) implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2015-4284 (The Concurrent Data Management Replication process in Cisco IOS XR 5.3 ...)
	NOT-FOR-US: Cisco
CVE-2015-4283 (Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2015-4282 (Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permi ...)
	NOT-FOR-US: Cisco
CVE-2015-4281 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meeting ...)
	NOT-FOR-US: Cisco
CVE-2015-4280 (Cisco Prime Collaboration Assurance 10.0 allows remote attackers to ca ...)
	NOT-FOR-US: Cisco
CVE-2015-4279 (The Manager component in Cisco Unified Computing System (UCS) 2.2(3b)  ...)
	NOT-FOR-US: Cisco
CVE-2015-4278 (Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 a ...)
	NOT-FOR-US: Cisco
CVE-2015-4277 (The global-configuration implementation on Cisco ASR 9000 devices with ...)
	NOT-FOR-US: Cisco
CVE-2015-4276 (Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users t ...)
	NOT-FOR-US: Cisco
CVE-2015-4275 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000  ...)
	NOT-FOR-US: Cisco
CVE-2015-4274 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco
CVE-2015-4273 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000  ...)
	NOT-FOR-US: Cisco
CVE-2015-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page ...)
	NOT-FOR-US: Cisco
CVE-2015-4271 (Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remo ...)
	NOT-FOR-US: Cisco
CVE-2015-4270 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2015-4269 (The Tomcat throttling feature in Cisco Unified Communications Manager  ...)
	NOT-FOR-US: Cisco
CVE-2015-4268 (Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin ...)
	NOT-FOR-US: Cisco
CVE-2015-4267 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco
CVE-2015-4266 (The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1. ...)
	NOT-FOR-US: Cisco
CVE-2015-4265 (Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x bef ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2015-4264
	RESERVED
CVE-2015-4263 (The Control and Provisioning functionality in Cisco Mobility Services  ...)
	NOT-FOR-US: Cisco
CVE-2015-4262 (The password-change feature in Cisco Unified MeetingPlace Web Conferen ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-4261
	REJECTED
CVE-2015-4260 (Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2015-4259 (The Integrated Management Controller on Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2015-4258 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4257 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4256 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4255 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4254 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4253 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4252 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2015-4251
	REJECTED
CVE-2015-4250
	REJECTED
CVE-2015-4249
	REJECTED
CVE-2015-4248
	REJECTED
CVE-2015-4247
	REJECTED
CVE-2015-4246
	REJECTED
CVE-2015-4245
	REJECTED
CVE-2015-4244 (The boot implementation on Cisco ASR 5000 and 5500 devices with softwa ...)
	NOT-FOR-US: Cisco
CVE-2015-4243 (The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1 ...)
	NOT-FOR-US: Cisco
CVE-2015-4242 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT Sys ...)
	NOT-FOR-US: Cisco
CVE-2015-4241 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote  ...)
	NOT-FOR-US: Cisco
CVE-2015-4240 (Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2015-4239 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-4238 (The SNMP implementation in Cisco Adaptive Security Appliance (ASA) Sof ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-4237 (The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4236 (Cisco AsyncOS on Email Security Appliance (ESA) devices with software  ...)
	NOT-FOR-US: Cisco
CVE-2015-4235 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
	NOT-FOR-US: Cisco Application Policy Infrastructure Controller
CVE-2015-4234 (Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS conf ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4233 (SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) all ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-4232 (Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users t ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4231 (The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices al ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4230 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4229 (The web framework in Cisco Unified Communications Domain Manager 8.1(4 ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-4228 (Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad serve ...)
	NOT-FOR-US: Cisco Digital Content Manager
CVE-2015-4227 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4226 (The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) d ...)
	NOT-FOR-US: Cisco
CVE-2015-4225 (Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a)  ...)
	NOT-FOR-US: Cisco
CVE-2015-4224 (Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) a ...)
	NOT-FOR-US: Cisco
CVE-2015-4223 (Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Cisco
CVE-2015-4222 (SQL injection vulnerability in Cisco Unified Communications Manager IM ...)
	NOT-FOR-US: Cisco
CVE-2015-4221 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) do ...)
	NOT-FOR-US: Cisco
CVE-2015-4220 (Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Ser ...)
	NOT-FOR-US: Cisco
CVE-2015-4219 (Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5 ...)
	NOT-FOR-US: Cisco
CVE-2015-4218 (The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 th ...)
	NOT-FOR-US: Cisco Jabber
CVE-2015-4217 (The remote-support feature on Cisco Web Security Virtual Appliance (WS ...)
	NOT-FOR-US: Cisco
CVE-2015-4216 (The remote-support feature on Cisco Web Security Virtual Appliance (WS ...)
	NOT-FOR-US: Cisco
CVE-2015-4215 (Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) a ...)
	NOT-FOR-US: Cisco
CVE-2015-4214 (Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authent ...)
	NOT-FOR-US: Cisco
CVE-2015-4213 (Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated  ...)
	NOT-FOR-US: Cisco
CVE-2015-4212 (Cisco WebEx Meeting Center allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cisco
CVE-2015-4211 (Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not pr ...)
	NOT-FOR-US: Cisco
CVE-2015-4210 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center ...)
	NOT-FOR-US: Cisco
CVE-2015-4209 (Cisco WebEx Meeting Center does not properly determine authorization f ...)
	NOT-FOR-US: Cisco
CVE-2015-4208 (Cisco WebEx Meeting Center does not properly restrict the content of U ...)
	NOT-FOR-US: Cisco
CVE-2015-4207 (Cisco WebEx Meeting Center places a meeting's access number in a URL,  ...)
	NOT-FOR-US: Cisco
CVE-2015-4206 (Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2015-4205 (Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to caus ...)
	NOT-FOR-US: Cisco
CVE-2015-4204 (Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE)  ...)
	NOT-FOR-US: Cisco
CVE-2015-4203 (Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine  ...)
	NOT-FOR-US: Cisco
CVE-2015-4202 (Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems ( ...)
	NOT-FOR-US: Cisco
CVE-2015-4201 (The Gateway General Packet Radio Service Support Node (GGSN) component ...)
	NOT-FOR-US: Cisco
CVE-2015-4200 (Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in th ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-4199 (Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in ...)
	NOT-FOR-US: Cisco
CVE-2015-4198 (Cross-site scripting (XSS) vulnerability in the web framework on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-4197 (Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to ca ...)
	NOT-FOR-US: Cisco
CVE-2015-4196 (Platform Software before 4.4.5 in Cisco Unified Communications Domain  ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-4195 (Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a  ...)
	NOT-FOR-US: Cisco
CVE-2015-4194 (The web-based administrative interface in Cisco WebEx Meeting Center p ...)
	NOT-FOR-US: Cisco
CVE-2015-4193
	RESERVED
CVE-2015-4192
	RESERVED
CVE-2015-4191 (Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Cisco
CVE-2015-4190 (Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Clou ...)
	NOT-FOR-US: Cisco
CVE-2015-4189 (Cross-site request forgery (CSRF) vulnerability in Cisco Data Center A ...)
	NOT-FOR-US: Cisco
CVE-2015-4188 (SQL injection vulnerability in the Manager interface in Cisco Prime Co ...)
	NOT-FOR-US: Cisco
CVE-2015-4187
	RESERVED
CVE-2015-4186 (The diagnostics subsystem in the administrative web interface on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-4185 (The TCL interpreter in Cisco IOS 15.2 does not properly maintain the v ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-4184 (The anti-spam scanner on Cisco Email Security Appliance (ESA) devices  ...)
	NOT-FOR-US: Cisco Email Security Appliance
CVE-2015-4183 (Cisco UCS Central Software 1.2(1a) allows local users to gain privileg ...)
	NOT-FOR-US: Cisco
CVE-2015-4182 (The administrative web interface in Cisco Identity Services Engine (IS ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2015-4181 (Directory traversal vulnerability in get_file.php in phpMyBackupPro 2. ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-4180 (Directory traversal vulnerability in get_file.php in phpMyBackupPro 2. ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-4175
	RESERVED
CVE-2015-4174 (Cross-site scripting (XSS) vulnerability in the integrated web server  ...)
	NOT-FOR-US: Siemens Climatix BACnet/IP communication module
CVE-2015-4173 (Unquoted Windows search path vulnerability in the autorun value in Del ...)
	NOT-FOR-US: Dell SonicWall NetExtender
CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic-rip i ...)
	- foomatic-filters 4.0.5-6
	- cups-filters <not-affected> (Vulnerable code not present)
	NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed.
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=515
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1218297
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic/foomatic-filters/revision/239 (HEAD)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/revision/225 (4.0.x branch)
CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote Manag ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-4692 (The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux  ...)
	- linux 4.0.8-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u3
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/10/6
	NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in Po ...)
	[experimental] - policykit-1 0.113-1
	- policykit-1 0.105-12 (low; bug #796134)
	[jessie] - policykit-1 0.105-15~deb8u1
	[wheezy] - policykit-1 <no-dsa> (Minor issue)
	[squeeze] - policykit-1 <no-dsa> (Minor issue)
	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90837
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90832
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/08/3
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON (bson-ruby ...)
	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
	NOTE: Originating from  https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
CVE-2015-4411 (The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0 ...)
	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
	NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
CVE-2015-4410 (The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit  ...)
	- ruby-bson 1.10.0-2 (bug #787951)
	[jessie] - ruby-bson 1.10.0-1+deb8u1
	NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
	NOTE: https://sources.debian.org/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for Wo ...)
	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 f ...)
	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows  ...)
	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4335 (Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to ex ...)
	{DSA-3279-1}
	- redis 2:3.0.2-1
	[wheezy] - redis <not-affected> (Lua support introduced in version 2.6.0)
	[squeeze] - redis <not-affected> (Lua support introduced in version 2.6.0)
	NOTE: http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
	NOTE: Patch: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/05/3
CVE-2015-XXXX [Null pointer access in inflatehd tool]
	- nghttp2 <unfixed> (unimportant)
	NOTE: Upstream report: https://github.com/tatsuhiro-t/nghttp2/issues/235
	NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/03/20
	NOTE: inflatehd not installed into the Debian binary packages
CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote ...)
	{DSA-3309-1 DLA-273-1}
	- tidy 20091223cvs-1.5 (bug #792571)
	NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c in ti ...)
	{DSA-3309-1 DLA-273-1}
	- tidy 20091223cvs-1.5 (bug #792571)
	NOTE: https://github.com/htacg/tidy-html5/issues/217
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-6593
	REJECTED
CVE-2015-4179 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Code ...)
	NOT-FOR-US: WordPress plugin codestyling-localization
CVE-2015-4176 (fs/namespace.c in the Linux kernel before 4.0.2 does not properly supp ...)
	- linux <not-affected> (Introducing commit was applied to 4.0.2 but e0c9c0afd2fc958ffa34b697972721d81df8a56f as well backported into 4.0.2)
	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f (v4.1-rc1)
CVE-2015-4172
	RESERVED
CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client be ...)
	{DSA-3282-1 DLA-244-1}
	- strongswan 5.3.1-1
	NOTE: https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-(cve-2015-4171).html
CVE-2015-4169
	RESERVED
CVE-2015-4168
	RESERVED
CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys synchrono ...)
	NOT-FOR-US: Cloudera
CVE-2015-4165 (The snapshot API in Elasticsearch before 1.6.0 when another applicatio ...)
	- elasticsearch 1.6.0+dfsg-1 (bug #788471)
	[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389)
	NOTE: https://github.com/elastic/elasticsearch/issues/11068
	NOTE: https://github.com/elastic/elasticsearch/pull/11284
	NOTE: https://github.com/imotov/elasticsearch/commit/f5cfb2a1869d1a52930cbd3138278a6e2c1b22e6
CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way ...)
	{DSA-3286-1}
	- xen 4.6.0-1 (bug #795721)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-136.html
CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the gran ...)
	{DSA-3286-1}
	- xen 4.6.0-1 (bug #795721)
	[wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
	[squeeze] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
	NOTE: http://xenbits.xen.org/xsa/advisory-134.html
CVE-2015-4162 (XML external entity (XXE) vulnerability in the management interface in ...)
	NOT-FOR-US: PAN-OS
CVE-2015-4161 (SAP Afaria does not properly restrict access to unspecified functional ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-4160 (SQL injection vulnerability in SAP ASE Database Platform allows remote ...)
	NOT-FOR-US: SAP ASE Database Platform
CVE-2015-4159 (SQL injection vulnerability in SAP HANA Web-based Development Workbenc ...)
	NOT-FOR-US: SAP HANA
CVE-2015-4158 (SAP ABAP &amp; Java Server allows remote attackers to cause a denial o ...)
	NOT-FOR-US: SAP ABAP & Java Server
CVE-2015-4157 (SAP Content Server allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: SAP Content Server
CVE-2015-4156 (GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fi ...)
	- parallel 20161222-1 (unimportant; bug #787954)
	NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
	NOTE: https://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-4155 (GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) - ...)
	- parallel 20161222-1 (unimportant; bug #787954)
	NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-4154
	RESERVED
CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login &amp; Register  ...)
	NOT-FOR-US: WordPress plugin zm-ajax-login-register
CVE-2015-4152 (Directory traversal vulnerability in the file output plugin in Elastic ...)
	- logstash <itp> (bug #664841)
CVE-2015-4151
	RESERVED
CVE-2015-4150
	RESERVED
CVE-2015-4149
	RESERVED
CVE-2015-4138 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV180 ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-4137 (SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 ...)
	NOT-FOR-US: Milw0rm Clone Script
CVE-2015-4136
	RESERVED
CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: AVM Fritz!Box
CVE-2014-9731 (The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
CVE-2015-5366 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kerne ...)
	{DSA-3313-1 DLA-310-1}
	- linux 4.0.7-1
	[wheezy] - linux 3.2.68-1+deb7u3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
	NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kerne ...)
	{DSA-3313-1 DLA-310-1}
	- linux 4.0.7-1
	[wheezy] - linux 3.2.68-1+deb7u3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
	NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-XXXX [uudecode: stack out of bounds read access]
	- sharutils <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8
CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel be ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9729 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...)
	{DSA-3313-1 DSA-3290-1 DLA-246-1}
	- linux 4.0.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/6
CVE-2015-4140 (Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugi ...)
	NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4139 (Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP S ...)
	NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4135 (Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 al ...)
	NOT-FOR-US: PHPWind
CVE-2015-4134 (Open redirect vulnerability in goto.php in phpwind 8.7 allows remote a ...)
	NOT-FOR-US: PHPWind
CVE-2015-4133 (Unrestricted file upload vulnerability in admin/scripts/FileUploader/p ...)
	NOT-FOR-US: ReFlex Gallery plugin for WordPress
CVE-2015-4132 (Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks  ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-4131
	RESERVED
CVE-2015-4130 [command-injection]
	RESERVED
	NOT-FOR-US: NodeJS ungit
	NOTE: https://github.com/FredrikNoren/ungit/issues/486
	NOTE: https://nodesecurity.io/advisories/40
CVE-2015-4129 (SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote  ...)
	NOT-FOR-US: Subrion CMS
CVE-2015-4128
	RESERVED
CVE-2015-4127 (Cross-site scripting (XSS) vulnerability in the church_admin plugin be ...)
	NOT-FOR-US: church_admin plugin for WordPress
CVE-2015-4178 (The fs_pin implementation in the Linux kernel before 4.0.5 does not en ...)
	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
	NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
	NOTE: 4.0.2-1
	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 (v4.1-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel befo ...)
	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
	NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
	NOTE: 4.0.2-1
	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae (v4.1-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4126
	RESERVED
CVE-2015-4125
	RESERVED
CVE-2015-4124
	RESERVED
CVE-2015-4123
	RESERVED
CVE-2015-4122
	RESERVED
CVE-2015-4121
	RESERVED
CVE-2015-4120
	RESERVED
CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfi ...)
	NOT-FOR-US: ISPConfig
CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig ...)
	NOT-FOR-US: ISPConfig
CVE-2015-4117 (Vesta Control Panel before 0.9.8-14 allows remote authenticated users  ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ex ...)
	- php5 5.6.11+dfsg-1 (unimportant)
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	NOTE: https://bugs.php.net/bug.php?id=69737
	NOTE: Fixed in 5.6.11, 5.5.27
	NOTE: Not treated as security issue, only triggerable with malformed PHP code
CVE-2015-4115
	RESERVED
CVE-2015-4114
	RESERVED
CVE-2015-4113
	RESERVED
CVE-2015-4112 (The Management Console in BlackBerry Enterprise Server (BES) 12 before ...)
	NOT-FOR-US: BlackBerry
CVE-2015-4111 (mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackB ...)
	NOT-FOR-US: BlackBerry
CVE-2015-4110
	RESERVED
CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the Us ...)
	NOT-FOR-US: WordPress plugin users-ultra
CVE-2015-4108 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP ...)
	NOT-FOR-US: Wing FTP Server
CVE-2015-4107
	REJECTED
CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space f ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-131.html
CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through err ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-130.html
CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI m ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-129.html
CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-128.html
CVE-2015-4102
	RESERVED
CVE-2015-4101
	RESERVED
CVE-2015-4100 (Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated use ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: https://puppet.com/security/cve/CVE-2015-4100
CVE-2015-4099
	RESERVED
CVE-2015-4098
	RESERVED
CVE-2015-4097
	RESERVED
CVE-2015-4096
	RESERVED
CVE-2015-4095
	RESERVED
CVE-2015-4094 (The Thycotic Password Manager Secret Server application through 2.3 fo ...)
	NOT-FOR-US: Thycotic Password Manager Secret Server application for iOS
CVE-2015-4093 (Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x b ...)
	- kibana <itp> (bug #700337)
CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 al ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 a ...)
	NOT-FOR-US: SAP NetWeaver AS Java
CVE-2015-4090
	RESERVED
CVE-2015-4089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the opti ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-4088
	RESERVED
CVE-2015-4087
	RESERVED
CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in  ...)
	NOT-FOR-US: feed-proxy.php
CVE-2015-4086
	RESERVED
CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1. ...)
	NOT-FOR-US: Free Counter plugin for WordPress
CVE-2015-4083
	RESERVED
CVE-2015-4081
	RESERVED
CVE-2015-4080 (The Kankun Smart Socket device and mobile application uses a hardcoded ...)
	NOT-FOR-US: Kankun Smart Socket device and mobile application
CVE-2015-4079
	RESERVED
CVE-2015-4078 (Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include s ...)
	NOT-FOR-US: Cloudera
CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4 ...)
	NOT-FOR-US: Fortinet
CVE-2015-4076
	RESERVED
CVE-2015-4075 (The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attacke ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4074 (Directory traversal vulnerability in the Helpdesk Pro plugin before 1. ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4073 (Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin befo ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4072 (Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pr ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attacke ...)
	NOT-FOR-US: Helpdesk Pro Plugin for Joomla!
CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in wowproxy.ph ...)
	NOT-FOR-US: Wow Moodboard Lite
CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 al ...)
	NOT-FOR-US: EdgeServiceImpl web service in Arcserve UDP
CVE-2015-4068 (Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4  ...)
	NOT-FOR-US: Arcserve UDP
CVE-2015-4067 (Integer overflow in the libnv6 module in Dell NetVault Backup before 1 ...)
	NOT-FOR-US: Dell NetVault Backup
CVE-2015-4066 (Multiple SQL injection vulnerabilities in admin/handlers.php in the Gi ...)
	NOT-FOR-US: GigPress plugin for WordPress
CVE-2015-4061
	RESERVED
CVE-2015-4060 (Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) s ...)
	NOT-FOR-US: Wavelink ConnectPro
CVE-2015-4059 (Heap-based buffer overflow in the License Server (LicenseServer.exe) i ...)
	NOT-FOR-US: Wavelink Terminal Emulation
CVE-2015-4058
	REJECTED
CVE-2015-4057 (The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations  ...)
	NOT-FOR-US: VCE Vision Intelligent Operations
CVE-2015-4056 (The System Library in VCE Vision Intelligent Operations before 2.6.5 d ...)
	NOT-FOR-US: VCE Vision Intelligent Operations
CVE-2015-4055
	RESERVED
CVE-2015-XXXX [hwclock(8) SUID privilege escalation]
	[experimental] - util-linux 2.27~rc1-1
	- util-linux 2.27-1 (unimportant; bug #786804)
	NOTE: hwclock is not installed suid in Debian
	NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10
CVE-2015-4082 (attic before 0.15 does not confirm unencrypted backups with the user,  ...)
	- attic 0.16-1 (bug #787435)
	[jessie] - attic <no-dsa> (Minor issue)
	NOTE: https://github.com/jborg/attic/issues/271
	NOTE: https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/25/3
CVE-2015-4170 (Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem. ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
	- linux-2.6 <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae (v3.13-rc5)
	NOTE: Affected code was introduced by the rewrite in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4898e640caf03fdbaf2122d5a33949bf3e4a5b34 (v3.11-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/26/1
CVE-2015-4065 (Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound- ...)
	NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4064 (SQL injection vulnerability in modules/module.ab-testing.php in the La ...)
	NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4063 (Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in ...)
	NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4062 (SQL injection vulnerability in includes/nsp_search.php in the NewStatP ...)
	NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4052
	RESERVED
CVE-2015-4051 (Beckhoff IPC Diagnostics before 1.8 does not properly restrict access  ...)
	NOT-FOR-US: Beckhoff IPC Diagnostics
CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...)
	{DSA-3276-1}
	- symfony 2.7.0~beta2+dfsg-2
	NOTE: https://github.com/fabpot/symfony/commit/d320d27699abcea12479cf608908fa91bcc133d4
	NOTE: http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
CVE-2014-9726
	RESERVED
CVE-2014-9725
	RESERVED
CVE-2014-9724
	RESERVED
CVE-2014-9723
	RESERVED
CVE-2014-9722
	RESERVED
CVE-2015-XXXX [XSS in group administration]
	- php-horde 5.2.5+debian0-1 (bug #785364)
	[jessie] - php-horde 5.2.1+debian0-2+deb8u1
	NOTE: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
CVE-2015-4053 (The admin command in ceph-deploy before 1.5.25 uses world-readable per ...)
	- ceph-deploy <not-affected> (Fixed with initial upload to Debian)
	NOTE: http://tracker.ceph.com/issues/11694
CVE-2015-4049 (Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FI ...)
	NOT-FOR-US: Unisys Libra
CVE-2015-4048
	RESERVED
CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: osCMax
CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial of se ...)
	- pgbouncer 1.5.5-1
	[jessie] - pgbouncer 1.5.4-6+deb8u1
	[wheezy] - pgbouncer 1.5.2-4+deb7u1
	[squeeze] - pgbouncer <no-dsa> (Minor issue)
	NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
	NOTE: https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 (stable-1.5)
	NOTE: https://github.com/pgbouncer/pgbouncer/issues/42
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/21/2
CVE-2015-8147
	REJECTED
CVE-2015-8146
	REJECTED
CVE-2015-4046 (The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSSIM be ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2015-4044
	RESERVED
CVE-2015-4043 (SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows re ...)
	NOT-FOR-US: ConnX ESP
CVE-2015-4040 (Directory traversal vulnerability in the configuration utility in F5 B ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-4039 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Membersh ...)
	NOT-FOR-US: WordPress plugin WP Membership
CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote authenticat ...)
	NOT-FOR-US: WordPress plugin WP Membership
CVE-2015-4037 (The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier create ...)
	{DSA-3285-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8b8f1c7e9ddb2e88a144638f6527bf70e32343e3
CVE-2015-4034 (The createFromParcel method in the com.absolute.android.persistence.Me ...)
	NOT-FOR-US: Samsung Galaxy S5
CVE-2015-4033 (Samsung SBeam allows remote attackers to read arbitrary images by leve ...)
	NOT-FOR-US: Samsung SBeam
CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining NetCharts  ...)
	NOT-FOR-US: Visual Mining NetCharts Server
CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the development i ...)
	NOT-FOR-US: Visual Mining NetChart
CVE-2015-4030
	RESERVED
CVE-2015-4029 (Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense befo ...)
	NOT-FOR-US: pfSense
CVE-2015-4028
	RESERVED
CVE-2015-4027 (The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner ( ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2013-7440 (The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...)
	- python3.4 3.4~b1-4
	- python3.3 3.3.3-1
	- python3.2 <removed>
	[wheezy] - python3.2 <no-dsa> (Minor issue, too intrusive to backport)
	- python3.1 <removed>
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python2.7 2.7.9-1
	[wheezy] - python2.7 <no-dsa> (Minor issue, too intrusive to backport)
	- python2.6 <removed>
	[wheezy] - python2.6 <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue17997#msg194950
	NOTE: https://hg.python.org/cpython/rev/10d0edadbcdd
	NOTE: The CVE is only about refusing multiple wildcards. Backporting that part only is not so difficult.
CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause  ...)
	{DSA-3272-1 DLA-234-1}
	- ipsec-tools 1:0.8.2+20140711-3 (bug #785778)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
CVE-2015-4023
	RESERVED
CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...)
	- rubygems <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
	- libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
	- ruby1.8 <not-affected> (Vulnerable code not present)
	- ruby1.9.1 <not-affected> (Bundles 1.8.23, vulnerable code introduced in later 1.9.1 versions; incomplete fix not applied)
	- ruby2.1 <not-affected> (Incomplete fix not applied)
	- ruby2.2 <not-affected> (Incomplete fix not applied)
	- jruby <not-affected> (Incomplete fix not applied)
	NOTE: Original patch https://github.com/rubygems/rubygems/commit/6bbee35
	NOTE: introduced another vulnerability, assigned CVE-2015-4020. This CVE
	NOTE: only applies if only 6bbee35 was applied without 5c7bfb5
	NOTE: https://github.com/rubygems/rubygems/commit/5c7bfb5
CVE-2015-4019
	RESERVED
CVE-2015-4018 (SQL injection vulnerability in feedwordpresssyndicationpage.class.php  ...)
	NOT-FOR-US: FeedWordPress plugin for WordPress
CVE-2015-4016 (The client detection protocol in Valve Steam allows remote attackers t ...)
	NOT-FOR-US: Related to non-free steam package.
	NOTE: The affected code is believed to be downloaded from Valve on startup.
	NOTE: http://store.steampowered.com/news/16801/
	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-15-233/
CVE-2015-4015
	RESERVED
CVE-2015-4014
	RESERVED
CVE-2015-4013
	RESERVED
CVE-2015-4012
	RESERVED
CVE-2015-4011
	RESERVED
CVE-2015-4042 (Integer overflow in the keycompare_mb function in sort.c in sort in GN ...)
	- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
	NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
	NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
CVE-2015-4041 (The keycompare_mb function in sort.c in sort in GNU Coreutils through  ...)
	- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749
	NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
	NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
CVE-2015-4035 (scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not  ...)
	- xz-utils <not-affected> (Affects 4.999.9beta)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted Conta ...)
	NOT-FOR-US: Encrypted Contact Form plugin for WordPress
CVE-2015-4009
	RESERVED
CVE-2015-4008
	RESERVED
CVE-2015-4007
	RESERVED
CVE-2015-4006
	RESERVED
CVE-2015-4005
	RESERVED
CVE-2015-4004 (The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untru ...)
	- linux 4.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://lkml.org/lkml/2015/5/13/739
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
	NOTE: Driver was removed in Linux 4.3
CVE-2015-4003 (The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1 ...)
	- linux 4.1.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://lkml.org/lkml/2015/5/13/741
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b (v4.1-rc7)
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4002 (drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux k ...)
	- linux 4.1.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://lkml.org/lkml/2015/5/13/740
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e (v4.1-rc7)
	NOTE: https://lkml.org/lkml/2015/5/13/742
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 (v4.1-rc7)
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4001 (Integer signedness error in the oz_hcd_get_desc_cnf function in driver ...)
	- linux 4.1.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c (v4.1-rc7)
	NOTE: https://lkml.org/lkml/2015/5/13/744
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ena ...)
	{DSA-3688-1 DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-507-1 DLA-303-1 DLA-247-1}
	- openssl 1.0.2b-1
	- nss 2:3.19.1-1
	[squeeze] - nss <no-dsa> (no point in switching min key size so close to EOL)
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	- icedove 38.1.0-1
	NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
	NOTE: disclosed in section 3.2 of the
	NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper.
	NOTE: Some links on the status of various implementations/protocols:
	NOTE: IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
	NOTE: OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
	NOTE: OpenSSL 1.0.2b-1 limits it to 768 bit, future versions will increase the limit
	NOTE: GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
	NOTE: NSS/iceweasel/icedove: https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
	NOTE: NSS patch increasing limit to 1023 bits: https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24
CVE-2015-3999 (Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames t ...)
	NOT-FOR-US: Piriform CCleaner
CVE-2015-3998 (Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in ...)
	NOT-FOR-US: phpwhois component of adsense-click-fraud-monitoring wordpress plugin
CVE-2015-3997
	RESERVED
CVE-2015-3996 (The default AFSecurityPolicy.validatesDomainName configuration for AFS ...)
	- owncloud <not-affected> (iOS-specific)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-012
CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticat ...)
	NOT-FOR-US: SAP HANA DB
CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...)
	NOT-FOR-US: SAP HANA DB
CVE-2015-3993 (Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows r ...)
	NOT-FOR-US: Actian Matrix
CVE-2015-3992
	RESERVED
CVE-2015-3991 (strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial o ...)
	- strongswan 5.3.0-2
	[jessie] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
	[wheezy] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
	[squeeze] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
	NOTE: http://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html
CVE-2015-3990 (The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analy ...)
	NOT-FOR-US: Dell
CVE-2015-3989 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 befor ...)
	NOT-FOR-US: concrete5
CVE-2014-9720 (Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...)
	{DLA-475-1 DLA-279-1}
	- python-tornado 3.2.2-1
	NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=930362
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222816
CVE-2014-9719
	RESERVED
CVE-2015-4026 (The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.2 ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68598
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4025 (PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncat ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69418
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_headers f ...)
	{DSA-3280-1}
	- php5 5.6.9+dfsg-1
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.php.net/bug.php?id=69364
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
	- hhvm 3.11.0+dfsg-1
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/6188457bd90ed2f3516e778dca8e91536d91802e
CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69545
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69453
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/17/2 and http://www.openwall.com/lists/oss-security/2015/05/18/2
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) Clien ...)
	NOT-FOR-US: McAfee
CVE-2015-3986 (Cross-site request forgery (CSRF) vulnerability in the TheCartPress eC ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3985
	RESERVED
CVE-2015-3984
	RESERVED
CVE-2015-3983 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the  ...)
	- pcs <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b (0.9.140)
CVE-2015-3982 (The session.flush function in the cached_db backend in Django 1.8.x be ...)
	- python-django <not-affected> (Only affects 1.8 and development branch)
	NOTE: https://www.djangoproject.com/weblog/2015/may/20/security-release/
CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework (CRM-BF-BR ...)
	NOT-FOR-US: SAP CRM
CVE-2015-3979 (Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) ...)
	NOT-FOR-US: SAP CRM
CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local users to ob ...)
	NOT-FOR-US: SAP Sybase Unwired Platform Online Data Proxy
CVE-2015-3977 (Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-3976 (Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/31 ...)
	NOT-FOR-US: GE
CVE-2015-3975
	REJECTED
CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x b ...)
	NOT-FOR-US: EasyIO EasyIO-30P-SF controllers
CVE-2015-3973 (Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate se ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3972 (The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices s ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3971 (The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3970 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3969 (Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3968 (The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3967 (Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 50 ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3966 (The IPsec SA establishment process on Innominate mGuard devices with f ...)
	NOT-FOR-US: Innominate mGuard
CVE-2015-3965 (Hospira Symbiq Infusion System 3.13 and earlier allows remote authenti ...)
	NOT-FOR-US: Hospira Symbiq Infusion System
CVE-2015-3964 (SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier  ...)
	NOT-FOR-US: SMA Solar Sunny WebBox
CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6 ...)
	NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
CVE-2015-3962 (Schneider Electric StruxureWare Building Expert MPM before 2.15 does n ...)
	NOT-FOR-US: Schneider Electric StruxureWare
CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom Magn ...)
	NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Ma ...)
	NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Ma ...)
	NOT-FOR-US: Belden GarrrettCom switches
CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly oth ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys an ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-3956 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infus ...)
	NOT-FOR-US: Hospira
CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5. ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-3954 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infus ...)
	NOT-FOR-US: Hospira
CVE-2015-3953 (Hard-coded accounts may be used to access Hospira Plum A+ Infusion Sys ...)
	NOT-FOR-US: Hospira
CVE-2015-3952 (Wireless keys are stored in plain text on Hospira Plum A+ Infusion Sys ...)
	NOT-FOR-US: Hospira
CVE-2015-3951 (RLE Nova-Wind Turbine HMI devices store cleartext credentials, which a ...)
	NOT-FOR-US: RLE Nova-Wind Turbines
CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on  ...)
	NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-3949 (Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows ...)
	NOT-FOR-US: Sinapsi eSolar Light
CVE-2015-3948 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess before ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3947 (SQL injection vulnerability in Advantech WebAccess before 8.1 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3946 (Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3945
	REJECTED
CVE-2015-3944
	REJECTED
CVE-2015-3943 (Advantech WebAccess before 8.1 allows remote attackers to read sensiti ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server  ...)
	NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3941
	REJECTED
CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric Wonderware S ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for I ...)
	NOT-FOR-US: IDS RTU 850C devices
CVE-2015-3938 (The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices be ...)
	NOT-FOR-US: Mitsubishi Electric MELSEC devices
CVE-2015-3937
	RESERVED
CVE-2015-3936
	RESERVED
CVE-2015-3935 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...)
	- dolibarr 3.5.7+dfsg1-1 (bug #787762)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/2857
	NOTE: https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
CVE-2015-3934 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow rem ...)
	NOT-FOR-US: Fiyo CMS
CVE-2015-3933 (Multiple SQL injection vulnerabilities in inc/lib/User.class.php in Me ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-3932 (Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML ...)
	NOT-FOR-US: Netlock Mokka
CVE-2015-3931 (Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform X ...)
	NOT-FOR-US: Microsec e-Szigno
CVE-2015-3930
	RESERVED
CVE-2015-3929
	RESERVED
CVE-2015-3928
	RESERVED
CVE-2015-3927
	RESERVED
CVE-2015-3926
	RESERVED
CVE-2015-3925
	RESERVED
CVE-2015-3924
	RESERVED
CVE-2015-3923 (Coppermine Photo Gallery before 1.5.36 allows remote attackers to enum ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3922 (Open redirect vulnerability in mode.php in Coppermine Photo Gallery be ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3921 (Cross-site scripting (XSS) vulnerability in contact.php in Coppermine  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3920
	RESERVED
CVE-2015-3919
	REJECTED
CVE-2015-3918
	RESERVED
CVE-2015-3917
	RESERVED
CVE-2015-3916
	RESERVED
CVE-2015-3915
	RESERVED
CVE-2015-3914
	RESERVED
CVE-2015-3913 (The IP stack in multiple Huawei Campus series switch models allows rem ...)
	NOT-FOR-US: Huawei
CVE-2015-3912 (Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEB ...)
	NOT-FOR-US: Huawei
CVE-2015-3911 (Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows re ...)
	NOT-FOR-US: Huawei
CVE-2015-3910 (Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-3909
	RESERVED
CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname matches  ...)
	{DLA-1923-1}
	- ansible 1.9.2+dfsg-1 (low)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
	NOTE: Fixed in commit https://github.com/ansible/ansible/commit/be7c59c7bbe2c7cfaad0151c42693ebd0ea4243f
CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE  ...)
	NOT-FOR-US: CodeIgniter Rest Server
CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the Android Logca ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-18.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11188
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b3b1f7c3aa2233a147294bad833b748d38fba84d
CVE-2015-3904 (Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php i ...)
	NOT-FOR-US: Roomcloud plugin for WordPress
CVE-2015-3901
	RESERVED
CVE-2015-3900 (RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4 ...)
	- rubygems <not-affected> (Affects versions between 2.0 and 2.4.6)
	- libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6)
	- ruby1.8 <not-affected> (Vulnerable code not present)
	- ruby1.9.1 <not-affected> (Bundles 1.8.23, vulnerable code introduced in later 1.9.1 versions)
	- ruby2.1 2.1.5-4 (bug #790119)
	[jessie] - ruby2.1 2.1.5-2+deb8u2
	- ruby2.2 2.2.2-3 (bug #790111)
	- jruby 1.7.20.1-2
	[jessie] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
	[wheezy] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
	[squeeze] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
	NOTE: https://github.com/rubygems/rubygems/commit/6bbee35
	NOTE: https://github.com/rubygems/rubygems/commit/5c7bfb5
	NOTE: http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
CVE-2015-3899
	RESERVED
CVE-2015-3898 (Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5 ...)
	NOT-FOR-US: Bonita BPM Portal
CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 al ...)
	NOT-FOR-US: Bonita BPM Portal
CVE-2015-3896
	RESERVED
CVE-2015-3895
	RESERVED
CVE-2015-3894
	RESERVED
CVE-2015-3893
	RESERVED
CVE-2015-3892
	RESERVED
CVE-2015-3891
	RESERVED
CVE-2015-3890 (Use-after-free vulnerability in Open Litespeed before 1.3.10. ...)
	NOT-FOR-US: Open Litespeed
CVE-2015-3889
	RESERVED
CVE-2015-3888 (Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof pho ...)
	NOT-FOR-US: Jolla Sailfish OS
CVE-2015-3887 (Untrusted search path vulnerability in ProxyChains-NG before 4.9 allow ...)
	NOT-FOR-US: proxychains-ng
	NOTE: proxychains does not contain the vulnerable code
CVE-2015-3884 (Unrestricted file upload vulnerability in the (1) myAccount, (2) proje ...)
	NOT-FOR-US: qdPM
CVE-2015-3883 (Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow  ...)
	NOT-FOR-US: qdPM
CVE-2015-3882 (qdPM 8.3 allows remote attackers to obtain sensitive information via i ...)
	NOT-FOR-US: qdPM
CVE-2015-3881 (Information disclosure issue in qdPM 8.3 allows remote attackers to ob ...)
	NOT-FOR-US: qdPM
CVE-2015-3879 (Media Player Framework in Android before 5.1.1 LMY48T allows attackers ...)
	NOT-FOR-US: Media Player Framework in Android
CVE-2015-3878 (Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 201 ...)
	NOT-FOR-US: Media Projection in Android
CVE-2015-3877 (Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers  ...)
	NOT-FOR-US: Skia, as used in Android
CVE-2015-3876 (libstagefright in Android through 5.1.1 LMY48M allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3875 (libutils in Android before 5.1.1 LMY48T allows remote attackers to exe ...)
	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
CVE-2015-3874 (The Sonivox components in Android before 5.1.1 LMY48T allow remote att ...)
	NOT-FOR-US: The Sonivox components in Android
CVE-2015-3873 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3872 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3871 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3870 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3869 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3868 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3867 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3866
	RESERVED
CVE-2015-3865 (The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers  ...)
	NOT-FOR-US: The Runtime subsystem in Android
CVE-2015-3864 (Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4E ...)
	NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3863 (Multiple integer overflows in the Blob class in keystore/keystore.cpp  ...)
	NOT-FOR-US: Keystore in Android
CVE-2015-3862 (mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-3861 (Multiple integer overflows in the addVorbisCodecInfo function in matro ...)
	NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3860 (packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen  ...)
	NOT-FOR-US: Lockscreen in Android
CVE-2015-3859
	RESERVED
CVE-2015-3858 (The checkDestination function in internal/telephony/SMSDispatcher.java ...)
	NOT-FOR-US: Android
CVE-2015-3857
	RESERVED
CVE-2015-3856
	RESERVED
CVE-2015-3855
	RESERVED
CVE-2015-3854 (packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarn ...)
	NOT-FOR-US: Android
CVE-2015-3853
	RESERVED
CVE-2015-3852
	RESERVED
CVE-2015-3851
	RESERVED
CVE-2015-3850
	RESERVED
CVE-2015-3849 (The Region_createFromParcel function in core/jni/android/graphics/Regi ...)
	NOT-FOR-US: Region in Android
CVE-2015-3848
	RESERVED
CVE-2015-3847 (Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove st ...)
	NOT-FOR-US: Bluetooth in Android
CVE-2015-3846
	RESERVED
CVE-2015-3845 (The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in ...)
	NOT-FOR-US: Binder in Android
CVE-2015-3844 (The getProcessRecordLocked method in services/core/java/com/android/se ...)
	NOT-FOR-US: ActivityManager in Android
CVE-2015-3843 (The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows  ...)
	NOT-FOR-US: SIM Toolkit (STK) framework in Android
CVE-2015-3842 (Multiple heap-based buffer overflows in libeffects in the Audio Policy ...)
	NOT-FOR-US: Android
CVE-2015-3841
	RESERVED
CVE-2015-3840 (The MessageStatusReceiver service in the AndroidManifest.XML in Androi ...)
	NOT-FOR-US: MessageStatusReceiver in Android
CVE-2015-3839 (The updateMessageStatus function in Android 5.1.1 and earlier allows l ...)
	NOT-FOR-US: Android
CVE-2015-3838
	RESERVED
CVE-2015-3837 (The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certifica ...)
	NOT-FOR-US: Android
CVE-2015-3836 (The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivo ...)
	NOT-FOR-US: Sonivox DLS-to-EAS converter in Android
CVE-2015-3835 (Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OM ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3834 (Multiple integer overflows in the BnHDCP::onTransact function in media ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3833 (The getRunningAppProcesses function in services/core/java/com/android/ ...)
	NOT-FOR-US: Android
CVE-2015-3832 (Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in A ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3831 (Buffer overflow in the readAt function in BpMediaHTTPConnection in med ...)
	NOT-FOR-US: mediaserver service in Android
CVE-2015-3830 (The stock Android browser address bar in all Android operating systems ...)
	NOT-FOR-US: Android
CVE-2015-3829 (Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Ex ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3828 (The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp i ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3827 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libst ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3826 (The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp i ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3825
	REJECTED
CVE-2015-3824 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libst ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3823 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers  ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3822
	RESERVED
CVE-2015-3821
	RESERVED
CVE-2015-3820
	RESERVED
CVE-2015-3819
	RESERVED
CVE-2015-3818
	RESERVED
CVE-2015-3817
	RESERVED
CVE-2015-3816
	RESERVED
CVE-2015-3903 (libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x ...)
	{DSA-3382-1}
	- phpmyadmin 4:4.4.6.1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-3902 (Multiple cross-site request forgery (CSRF) vulnerabilities in the setu ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.4.6.1-1 (unimportant)
CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in drivers/vhost/ ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/4
CVE-2015-3988 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashb ...)
	- horizon 2015.1.0-2 (bug #786741)
	[jessie] - horizon <not-affected> (Vulnerable code not present)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certificates, ...)
	- libinfinity 0.6.6-1 (bug #783601)
	[jessie] - libinfinity 0.6.6-1~deb8u1
	[wheezy] - libinfinity <not-affected> (vulnerable code not present)
	[squeeze] - libinfinity <not-affected> (vulnerable code not present)
	NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
	NOTE: https://github.com/gobby/gobby/issues/61
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/1
CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat  ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-18.html
CVE-2015-3814 (The (1) dissect_tfs_request and (2) dissect_tfs_response functions in  ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-17.html
CVE-2015-3813 (The fragment_add_work function in epan/reassemble.c in the packet-reas ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-16.html
CVE-2015-3812 (Multiple memory leaks in the x11_init_protocol function in epan/dissec ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-15.html
CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x  ...)
	{DSA-3277-1 DLA-241-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark 1.8.2-5wheezy16
	NOTE: add fixed version for wheezy directly in CVE list since CVE-2015-3811 the only fixed in DSA-3277-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-14.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2
CVE-2015-3810 (epan/dissectors/packet-websocket.c in the WebSocket dissector in Wires ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-13.html
CVE-2015-3809 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
CVE-2015-3808 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
CVE-2015-3807 (libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remot ...)
	NOT-FOR-US: Apple
CVE-2015-3806 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to by ...)
	NOT-FOR-US: Apple
CVE-2015-3805 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to by ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3804 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows re ...)
	NOT-FOR-US: Apple
CVE-2015-3803 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to by ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3802 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to by ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3801 (The document.cookie API implementation in the CFNetwork Cookies subsys ...)
	NOT-FOR-US: Apple
CVE-2015-3800 (The DiskImages component in Apple iOS before 8.4.1 and OS X before 10. ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3799 (The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3798 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-3797 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-3796 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-3795 (libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attack ...)
	NOT-FOR-US: Apple
CVE-2015-3794 (The Speech UI in Apple OS X before 10.10.5, when speech alerts are ena ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3793 (CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3792 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: QuickTime
CVE-2015-3791 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: QuickTime
CVE-2015-3790 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: QuickTime
CVE-2015-3789 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: QuickTime
CVE-2015-3788 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: QuickTime
CVE-2015-3787 (The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote att ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3786 (The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3785 (The Telephony component in Apple OS X before 10.11, when the Continuit ...)
	NOT-FOR-US: Apple
CVE-2015-3784 (Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3783 (SceneKit in Apple OS X before 10.10.5 allows remote attackers to execu ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3782 (CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows atta ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3781 (Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X b ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3780 (The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: QuickTime
CVE-2015-3778 (bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote  ...)
	NOT-FOR-US: Apple
CVE-2015-3777 (Multiple buffer overflows in blued in the Bluetooth subsystem in Apple ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3776 (IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attacke ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3775 (Apple OS X before 10.10.5 does not properly implement authentication,  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3774 (The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, wh ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3773 (The SMB client in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3772 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ga ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3771 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ga ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3770 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ar ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3769 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ga ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3768 (Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X befo ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3767 (udf in Apple OS X before 10.10.5 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-3766 (The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3765 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ex ...)
	NOT-FOR-US: Apple
CVE-2015-3764 (Notification Center in Apple OS X before 10.10.5 does not properly rem ...)
	NOT-FOR-US: QuickTime
CVE-2015-3763 (Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript ...)
	NOT-FOR-US: Safari
CVE-2015-3762 (The Text Formats component in Apple OS X before 10.10.5, as used in Te ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3761 (The kernel in Apple OS X before 10.10.5 does not properly validate pat ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3760 (dyld in Apple OS X before 10.10.5 does not properly validate pathnames ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3759 (Location Framework in Apple iOS before 8.4.1 allows local users to byp ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3758 (UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3757 (Apple OS X before 10.10.5 does not properly restrict access to the Dat ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3756 (The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 ce ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3755 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before  ...)
	NOT-FOR-US: Safari
CVE-2015-3754 (The private-browsing implementation in WebKit in Apple Safari before 6 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3753 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3752 (The Content Security Policy implementation in WebKit in Apple Safari b ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3751 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3750 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3749 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3748 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3747 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3746 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3745 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3744 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3743 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3742 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3741 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3740 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3739 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3738 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3737 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3736 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3735 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3734 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3733 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3732 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3731 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3730 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3729 (Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as  ...)
	NOT-FOR-US: Apple
CVE-2015-3728 (The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3727 (WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before  ...)
	NOT-FOR-US: Apple Safari
CVE-2015-3726 (The Telephony subsystem in Apple iOS before 8.4 allows physically prox ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3725 (MobileInstallation in Apple iOS before 8.4 does not ensure the uniquen ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3724 (CoreGraphics in Apple iOS before 8.4 allows remote attackers to execut ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3723 (CoreGraphics in Apple iOS before 8.4 allows remote attackers to execut ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3722 (Application Store in Apple iOS before 8.4 does not ensure the uniquene ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3721 (The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not pr ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3720 (The kernel in Apple OS X before 10.10.4 does not properly manage memor ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3719 (TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 1 ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3718 (systemstatsd in the System Stats subsystem in Apple OS X before 10.10. ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3717 (Multiple buffer overflows in the printf functionality in SQLite, as us ...)
	NOT-FOR-US: sqlite as shipped in iOS
	NOTE: Fix for sqlite in iOS, upstream doesn't know whether it affects the standard
	NOTE: code base, but Apple would probably have submitted a patch if that were the case
	NOTE: sqlite-dev thread: https://groups.google.com/forum/#!topic/sqlite-dev/U7OjAbZO6LA
CVE-2015-3716 (Spotlight in Apple OS X before 10.10.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3715 (The code-signing implementation in Apple OS X before 10.10.4 does not  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3714 (Apple OS X before 10.10.4 does not properly consider custom resource r ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3713 (QuickTime in Apple OS X before 10.10.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3712 (The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attacke ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3711 (The NTFS implementation in Apple OS X before 10.10.4 allows attackers  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3710 (Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote att ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3709 (Race condition in kext tools in Apple OS X before 10.10.4 allows local ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3708 (kextd in kext tools in Apple OS X before 10.10.4 allows attackers to w ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3707 (The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3706 (IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to e ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3705 (IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to e ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3704 (runner in Install.framework in the Install Framework Legacy subsystem  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3703 (ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote  ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3702 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3701 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3700 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3699 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3698 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3697 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3696 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3695 (Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3694 (FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remo ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3693 (Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and othe ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3692 (Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and othe ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3691 (The Monitor Control Command Set kernel extension in the Display Driver ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3690 (The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10 ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3689 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3688 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3687 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3686 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3685 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3684 (The HTTPAuthentication implementation in CFNetwork in Apple iOS before ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3683 (The Bluetooth HCI interface implementation in Apple OS X before 10.10. ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3682 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3681 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3680 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3679 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote a ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3678 (AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local u ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3677 (The LZVN compression feature in AppleFSCompression in Apple OS X befor ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3676 (AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3675 (The default configuration of the Apache HTTP Server on Apple OS X befo ...)
	- apache2 <not-affected> (default configuration on Apple OS X)
CVE-2015-3674 (afpserver in Apple OS X before 10.10.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3673 (Admin Framework in Apple OS X before 10.10.4 does not properly restric ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3672 (Admin Framework in Apple OS X before 10.10.4 does not properly handle  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3671 (Admin Framework in Apple OS X before 10.10.4 does not properly verify  ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3670
	REJECTED
CVE-2015-3669 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote atta ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3668 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3667 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3666 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3665 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote atta ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3664 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote atta ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3663 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3662 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3661 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3660 (Cross-site scripting (XSS) vulnerability in the PDF functionality in W ...)
	NOT-FOR-US: Apple WebKit
CVE-2015-3659 (The SQLite authorizer in the Storage functionality in WebKit in Apple  ...)
	NOT-FOR-US: Apple WebKit
CVE-2015-3658 (The Page Loading functionality in WebKit in Apple Safari before 6.2.7, ...)
	NOT-FOR-US: Apple WebKit
CVE-2015-3657 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before  ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3656 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before  ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3655 (Cross-site request forgery (CSRF) vulnerability in Aruba Networks Clea ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3654 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before  ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3653 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before  ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3652
	RESERVED
CVE-2015-3651
	RESERVED
CVE-2015-3650 (vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 an ...)
	NOT-FOR-US: VMware
CVE-2015-3649 (The open-uri-cached rubygem allows local users to execute arbitrary Ru ...)
	NOT-FOR-US: open-uri-cached rubygem
CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala Limite ...)
	NOT-FOR-US: ResourceSpace
CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front ...)
	NOT-FOR-US: WP Photo Album Plus (aka WPPA) plugin for WordPress
CVE-2015-3645
	RESERVED
CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not re ...)
	{DSA-3299-1}
	- stunnel4 3:5.18-1 (bug #785352)
	[wheezy] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
	[squeeze] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
	NOTE: https://www.stunnel.org/CVE-2015-3644.html
CVE-2015-3885 (Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...)
	{DSA-3692-1 DLA-243-1 DLA-228-1}
	- dcraw 9.26-1 (bug #785019)
	[jessie] - dcraw <no-dsa> (Minor issue)
	[wheezy] - dcraw <no-dsa> (Minor issue)
	[squeeze] - dcraw <no-dsa> (Minor issue)
	- ufraw 0.20-3 (bug #786783)
	[jessie] - ufraw 0.20-2+deb8u1
	[wheezy] - ufraw <no-dsa> (Minor issue)
	[squeeze] - ufraw <no-dsa> (Minor issue)
	- libraw 0.16.2-1 (bug #786788)
	[jessie] - libraw 0.16.0-9+deb8u1
	[wheezy] - libraw 0.14.6-2+deb7u1
	[squeeze] - libraw <no-dsa> (Minor issue)
	- rawtherapee 4.2-2
	[jessie] - rawtherapee 4.2-1+deb8u1
	[wheezy] - rawtherapee 4.0.9-4+deb7u1
	[squeeze] - rawtherapee <no-dsa> (Minor issue)
	- rawstudio <removed>
	[wheezy] - rawstudio <no-dsa> (Minor issue)
	[squeeze] - rawstudio <no-dsa> (Minor issue)
	- xbmc 2:13.2+dfsg1-5 (bug #786688)
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	- kodi 16.0+dfsg1-1 (bug #792299)
	- exactimage 0.9.1-5 (bug #786785)
	[jessie] - exactimage 0.8.9-7+deb8u1
	[wheezy] - exactimage 0.8.5-5+deb7u4
	[squeeze] - exactimage <no-dsa> (Minor issue)
	- freeimage 3.15.4-6 (bug #786790)
	[wheezy] - freeimage <no-dsa> (Minor issue)
	[squeeze] - freeimage <no-dsa> (Minor issue)
	- darktable 1.6.7-1 (bug #786792)
	[jessie] - darktable 1.4.2-1+deb8u1
	[wheezy] - darktable <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2015-006.html
	NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
CVE-2015-3880 (Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3. ...)
	- phpbb3 3.0.14-1
	[jessie] - phpbb3 3.0.12-5+deb8u1
	[wheezy] - phpbb3 3.0.10-4+deb7u3
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
	NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.14
	NOTE: Patch: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/2
CVE-2015-XXXX [pdf2djvu: insecure use of /tmp when executing c44]
	- pdf2djvu 0.7.21-1 (bug #784889)
	[jessie] - pdf2djvu 0.7.17-4+deb8u1
	[wheezy] - pdf2djvu 0.7.12-2+deb7u1
	[squeeze] - pdf2djvu <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/jwilk/pdf2djvu/issue/103
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-XXXX [didjvu: insecure use of /tmp when executing c44]
	- didjvu 0.4-1 (bug #784888)
	[jessie] - didjvu 0.2.8-1+deb8u1
	[wheezy] - didjvu 0.2.3-2+deb7u1
	NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 thro ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
	NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 thro ...)
	{DSA-3397-1 DLA-260-1}
	- wpa 2.3-2.2 (bug #787373)
	- wpasupplicant <removed>
	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with specific configurations)
	- hostapd <removed>
	NOTE: http://w1.fi/security/2015-3/
	NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplican ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787372)
	- wpasupplicant <removed> (unimportant)
	[squeeze] - wpasupplicant <not-affected> (Affects v0.7.0-v2.4 with CONFIG_WPS_ER=y in the build configuration)
	- hostapd <removed>
	[squeeze] - hostapd <not-affected> (Affects 0.7.0-v2.4 with CONFIG_WPS_UPNP=y in the build configuration and upnp_iface parameter on runtime)
	NOTE: http://w1.fi/security/2015-2/
	NOTE: http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/4
CVE-2015-XXXX [incorrect parsing of from header when assigning pgp keys]
	- semi 1.14.7~0.20120428-17 (bug #784712)
	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
	[wheezy] - semi <no-dsa> (Minor issue)
	[squeeze] - semi <no-dsa> (Minor issue)
	NOTE: http://thread.gmane.org/gmane.mail.wanderlust.general.japanese/9819
	NOTE: Fixed in https://github.com/wanderlust/semi/commit/9976269556c5bcc021e4edf1b0e1accd39929528
CVE-2015-XXXX [incorrect substring matching when assigning pgp keys]
	- semi 1.14.7~0.20120428-17 (bug #784712)
	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
	[wheezy] - semi <no-dsa> (Minor issue)
	[squeeze] - semi <no-dsa> (Minor issue)
	NOTE: https://github.com/wanderlust/semi/issues/9
	NOTE: https://github.com/wanderlust/semi/commit/5c8466321d281d72850c298b9ebcd466b4b0160c
	NOTE: https://github.com/wanderlust/semi/commit/da44c8e0ea6baf5dac2b8debf86f720a541f31a5
	- mew 1:6.6-3
	[jessie] - mew 1:6.6-2+deb8u1
	[wheezy] - mew <no-dsa> (Minor issue)
	[squeeze] - mew <no-dsa> (Minor issue)
	- mew-beta 7.0.50~6.6+0.20150508-1
	[jessie] - mew-beta 7.0.50~6.6+0.20140902-1+deb8u1
	[wheezy] - mew-beta <no-dsa> (Minor issue)
	[squeeze] - mew-beta <no-dsa> (Minor issue)
CVE-2015-3429 (Cross-site scripting (XSS) vulnerability in example.html in Genericons ...)
	{DSA-3328-1}
	- wordpress 4.2.2+dfsg-1 (bug #784603)
	[wheezy] - wordpress <not-affected> (twentyfifteen theme not present)
	[squeeze] - wordpress <not-affected> (twentyfifteen theme not present)
	NOTE: https://wordpress.org/news/2015/05/wordpress-4-2-2/
	NOTE: https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/
	NOTE: The default theme twentyfifteen is not present in wheezy. Upstream has
	NOTE: commited https://core.trac.wordpress.org/changeset/32385 though which
	NOTE: will enericons example.html files if present. As the file was included
	NOTE: in other popular themes and plugins maybe it should as well be included
	NOTE: in an update for wordpress for wheezy?
CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to  ...)
	{DSA-3255-1}
	- zeromq3 4.0.5+dfsg-3 (bug #784366)
	NOTE: https://github.com/zeromq/libzmq/issues/1273
	NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.5 ...)
	NOT-FOR-US: usb-creator
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler Applicat ...)
	NOT-FOR-US: Citrix
CVE-2015-3641 (bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a den ...)
	- bitcoin 0.10.2-1
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the "." charac ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input string ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3638 (phpMyBackupPro before 2.5 does not validate integer input, which allow ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3637 (SQL injection vulnerability in phpMyBackupPro when run in multi-user m ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3635
	RESERVED
CVE-2015-3634 (The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function  ...)
	NOT-FOR-US: Slideshow plugin for Wordpress
CVE-2015-3633 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow rem ...)
	NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow rem ...)
	NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3631 (Docker Engine before 1.6.1 allows local users to set arbitrary Linux S ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3630 (Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local users to es ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Cont ...)
	NOT-FOR-US: F5
CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor  ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in t ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.7 ...)
	- nvidia-graphics-drivers <not-affected> (FreeBSD drivers in separate blobs/source)
CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMe ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2015-3623 (XML external entity (XXE) vulnerability in QlikTech Qlikview before 11 ...)
	NOT-FOR-US: QlikTech
CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central Componen ...)
	NOT-FOR-US: SAP ECC
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset repor ...)
	NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2015-3619 (Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in t ...)
	NOT-FOR-US: Joomla addon
CVE-2015-3618 (Cross-site scripting (XSS) vulnerability in Nagios Business Process In ...)
	NOT-FOR-US: Nagios Business Process Intelligence
CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow loc ...)
	NOT-FOR-US: Fortinet
CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0. ...)
	NOT-FOR-US: Fortinet
CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0. ...)
	NOT-FOR-US: Fortinet
CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows r ...)
	NOT-FOR-US: Fortinet
CVE-2015-3613 (A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 ...)
	NOT-FOR-US: Fortinet
CVE-2015-3612 (A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2. ...)
	NOT-FOR-US: Fortinet
CVE-2015-3611 (A Command Injection vulnerability exists in FortiManager 5.2.1 and ear ...)
	NOT-FOR-US: Fortinet
CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 2.0.1 f ...)
	NOT-FOR-US: Siemens HomeControl for Room Automation application for Android
CVE-2015-3609
	RESERVED
CVE-2015-3608
	RESERVED
CVE-2015-3607
	RESERVED
CVE-2015-3606
	RESERVED
CVE-2015-3605
	RESERVED
CVE-2015-3604
	RESERVED
CVE-2015-3603
	RESERVED
CVE-2015-3602
	RESERVED
CVE-2015-3601
	RESERVED
CVE-2015-3600
	RESERVED
CVE-2015-3599
	RESERVED
CVE-2015-3598
	RESERVED
CVE-2015-3597
	RESERVED
CVE-2015-3596
	RESERVED
CVE-2015-3595
	RESERVED
CVE-2015-3594
	RESERVED
CVE-2015-3593
	RESERVED
CVE-2015-3592
	RESERVED
CVE-2015-3591
	REJECTED
CVE-2015-3590
	RESERVED
CVE-2015-3589
	RESERVED
CVE-2015-3588
	RESERVED
CVE-2015-3587
	RESERVED
CVE-2015-3586
	RESERVED
CVE-2015-3585
	RESERVED
CVE-2015-3584
	RESERVED
CVE-2015-3583
	RESERVED
CVE-2015-3582
	RESERVED
CVE-2015-3581
	RESERVED
CVE-2015-3580
	RESERVED
CVE-2015-3579
	RESERVED
CVE-2015-3578
	RESERVED
CVE-2015-3577
	RESERVED
CVE-2015-3576
	RESERVED
CVE-2015-3575
	RESERVED
CVE-2015-3574
	RESERVED
CVE-2015-3573
	RESERVED
CVE-2015-3572
	REJECTED
CVE-2015-3571
	REJECTED
CVE-2015-3570
	RESERVED
CVE-2015-3569
	REJECTED
CVE-2015-3568
	RESERVED
CVE-2015-3567
	RESERVED
CVE-2015-3566
	RESERVED
CVE-2015-3565
	RESERVED
CVE-2015-3564
	RESERVED
CVE-2015-3563
	RESERVED
CVE-2015-3562
	RESERVED
CVE-2015-3561
	RESERVED
CVE-2015-3560
	RESERVED
CVE-2015-3559
	RESERVED
CVE-2015-3558
	RESERVED
CVE-2015-3557
	RESERVED
CVE-2015-3556
	RESERVED
CVE-2015-3555
	RESERVED
CVE-2015-3554
	RESERVED
CVE-2015-3553
	RESERVED
CVE-2015-3552
	RESERVED
CVE-2015-3551
	RESERVED
CVE-2015-3550
	RESERVED
CVE-2015-3549
	RESERVED
CVE-2015-3548
	RESERVED
CVE-2015-3547
	RESERVED
CVE-2015-3546
	RESERVED
CVE-2015-3545
	RESERVED
CVE-2015-3544
	RESERVED
CVE-2015-3543
	RESERVED
CVE-2015-3542
	RESERVED
CVE-2015-3541
	RESERVED
CVE-2015-3540
	RESERVED
CVE-2015-3539
	RESERVED
CVE-2015-3538
	RESERVED
CVE-2015-3537
	RESERVED
CVE-2015-3536
	RESERVED
CVE-2015-3535
	RESERVED
CVE-2015-3534
	RESERVED
CVE-2015-3533
	RESERVED
CVE-2015-3532
	RESERVED
CVE-2015-3531
	RESERVED
CVE-2015-3530
	RESERVED
CVE-2015-3529
	RESERVED
CVE-2015-3528
	RESERVED
CVE-2015-3527
	RESERVED
CVE-2015-3526
	RESERVED
CVE-2015-3525
	RESERVED
CVE-2015-3524
	RESERVED
CVE-2015-3523
	RESERVED
CVE-2015-3522
	RESERVED
CVE-2015-3521
	RESERVED
CVE-2015-3520
	RESERVED
CVE-2015-3519
	RESERVED
CVE-2015-3518
	RESERVED
CVE-2015-3517
	RESERVED
CVE-2015-3516
	RESERVED
CVE-2015-3515
	RESERVED
CVE-2015-3514
	RESERVED
CVE-2015-3513
	RESERVED
CVE-2015-3512
	RESERVED
CVE-2015-3511
	RESERVED
CVE-2015-3510
	RESERVED
CVE-2015-3509
	RESERVED
CVE-2015-3508
	RESERVED
CVE-2015-3507
	RESERVED
CVE-2015-3506
	RESERVED
CVE-2015-3505
	RESERVED
CVE-2015-3504
	RESERVED
CVE-2015-3503
	RESERVED
CVE-2015-3502
	RESERVED
CVE-2015-3501
	RESERVED
CVE-2015-3500
	RESERVED
CVE-2015-3499
	RESERVED
CVE-2015-3498
	RESERVED
CVE-2015-3497
	RESERVED
CVE-2015-3496
	RESERVED
CVE-2015-3495
	RESERVED
CVE-2015-3494
	RESERVED
CVE-2015-3493
	RESERVED
CVE-2015-3492
	RESERVED
CVE-2015-3491
	RESERVED
CVE-2015-3490
	RESERVED
CVE-2015-3489
	RESERVED
CVE-2015-3488
	RESERVED
CVE-2015-3487
	RESERVED
CVE-2015-3486
	RESERVED
CVE-2015-3485
	RESERVED
CVE-2015-3484
	RESERVED
CVE-2015-3483
	RESERVED
CVE-2015-3482
	RESERVED
CVE-2015-3481
	RESERVED
CVE-2015-3480
	RESERVED
CVE-2015-3479
	RESERVED
CVE-2015-3478
	RESERVED
CVE-2015-3477
	RESERVED
CVE-2015-3476
	RESERVED
CVE-2015-3475
	RESERVED
CVE-2015-3474
	RESERVED
CVE-2015-3473
	RESERVED
CVE-2015-3472
	RESERVED
CVE-2015-3471
	RESERVED
CVE-2015-3470
	RESERVED
CVE-2015-3469
	RESERVED
CVE-2015-3468
	RESERVED
CVE-2015-3467
	RESERVED
CVE-2015-3466
	RESERVED
CVE-2015-3465
	RESERVED
CVE-2015-3464
	RESERVED
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2015-3463
	RESERVED
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2015-3462
	RESERVED
CVE-2015-3461
	RESERVED
CVE-2015-3460
	RESERVED
CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1utils  ...)
	{DLA-256-1}
	- t1utils 1.38-4 (bug #779274)
	[wheezy] - t1utils <no-dsa> (Minor issue)
	NOTE: https://github.com/kohler/t1utils/issues/4
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
CVE-2015-XXXX [crashes on crafted upack packed file]
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a18af359decd270f5088e80e2ee2866c62e0843e
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/ed56f56c1f1529bda877ddd116ae7bc064667c73
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/3
CVE-2015-XXXX [crash during algorithmic detection on crafted PE file]
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/4
CVE-2015-XXXX [BUG/MAJOR: http: don't read past buffer's end in http_replace_value]
	- haproxy 1.5.12-1
	[jessie] - haproxy <no-dsa> (Minor issue)
	[squeeze] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=8e05ac2044c6523c867ceaaae1f10486370eec89
	NOTE: Introduced by: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=c9c2daf283011e9b9ab0af57629af47862e14e0e
CVE-2015-XXXX [BUG/MAJOR: http: prevent risk of reading past end with balance url_param]
	- haproxy 1.5.12-1
	[jessie] - haproxy <no-dsa> (Minor issue)
	[squeeze] - haproxy <not-affected> (Similar check was already present)
	NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=522aab39753e8ed13786bc57b03ef7ae4ffe6c87
	NOTE: For squeeze, the above commit message implies that the fix does not need to be backported to version 1.4 and indeed, the code already contains a (different) check that limits the value of "len".
CVE-2015-4017 (Salt before 2014.7.6 does not verify certificates when connecting via  ...)
	- salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/02/1
CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014 ...)
	- keystone 2015.1.0-1
	[jessie] - keystone <no-dsa> (Minor issue)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
CVE-2015-3636 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel before ...)
	{DSA-3290-1}
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 (v4.1-rc2)
	NOTE: https://lkml.org/lkml/2011/5/13/382
CVE-2015-3459 (The communication module on the Hospira LifeCare PCA Infusion System b ...)
	NOT-FOR-US: Hospira Lifecare PCA
CVE-2015-3458 (The fetchView function in the Mage_Core_Block_Template_Zend class in M ...)
	NOT-FOR-US: Magento
CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.1 ...)
	NOT-FOR-US: Magento
CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ear ...)
	{DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-268-1 DLA-249-1 DLA-248-1}
	- qemu 1:2.3+dfsg-3
	NOTE: qemu 1:2.3+dfsg-3 is  pending in the NEW queue
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u7
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u7
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	- xen-qemu-dm-4.0 <removed>
	NOTE: http://xenbits.xen.org/xsa/advisory-133.html
	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
	- virtualbox 4.3.28-dfsg-1 (bug #785424)
	- virtualbox-ose <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
	NOTE: http://venom.crowdstrike.com/
CVE-2015-3454 (TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket ...)
	NOT-FOR-US: TelescopeJS
CVE-2015-3453
	RESERVED
CVE-2015-3452
	RESERVED
CVE-2015-3450 (Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a ...)
	NOT-FOR-US: libaxl
CVE-2015-3449 (The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Eve ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...)
	- ruby-rest-client 1.8.0-1
	[jessie] - ruby-rest-client <no-dsa> (Minor issue, logging not enabled by default)
	[wheezy] - ruby-rest-client <no-dsa> (Minor issue, logging not enabled by default)
	- librestclient-ruby <removed>
	[squeeze] - librestclient-ruby <no-dsa> (Minor issue, logging not enabled by default)
CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView. ...)
	NOT-FOR-US: Dell SonicWALL SonicOS
CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
	{DSA-3256-1}
	- libtasn1-6 4.4-3
	- libtasn1-3 <not-affected> (Introduced with 3.6)
	NOTE: https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
	NOTE: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435823a02f842c41d49cd41cc81f25b5d677
	NOTE: Introduced by http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204 (libtasn1_3_6)
	NOTE: DECR_LEN introduced in http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee (libtasn1_3_6)
CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...)
	- squid 4.1-1 (unimportant)
	- squid3 3.5.6-1 (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2015-3446 (The Framework Daemon in AlienVault Unified Security Management before  ...)
	NOT-FOR-US: AlienVault Unified Security Management
CVE-2015-3445
	RESERVED
CVE-2015-3444
	RESERVED
CVE-2015-3443 (Cross-site scripting (XSS) vulnerability in the basic dashboard in Thy ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2015-3442 (Soreco Xpert.Line 3.0 allows local users to spoof users and consequent ...)
	NOT-FOR-US: Soreco
CVE-2015-3441 (The Parental Control panel in Genexis devices with DRGOS before 1.14.1 ...)
	NOT-FOR-US: Genexis devices
CVE-2015-3437
	RESERVED
CVE-2015-3436 (provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) be ...)
	- zarafa <itp> (bug #658433)
CVE-2015-3435 (Samsung Security Manager (SSM) before 1.31 allows remote attackers to  ...)
	NOT-FOR-US: Samsung Security Manager
CVE-2015-3434
	RESERVED
CVE-2015-3433
	RESERVED
CVE-2015-3432 (Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2015-3431 (Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to ex ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2015-3430
	RESERVED
CVE-2015-3428
	RESERVED
CVE-2015-3426
	RESERVED
CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Resource  ...)
	NOT-FOR-US: Accentis Content Resource Management System
CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...)
	NOT-FOR-US: Accentis Content Resource Management System
CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...)
	NOT-FOR-US: NetCracker Resource Management System
CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...)
	NOT-FOR-US: SearchBlox
CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...)
	NOT-FOR-US: Wordpress Eshop
CVE-2015-3419 (vBulletin 5.x through 5.1.6 allows remote authenticated users to bypas ...)
	NOT-FOR-US: vBulletin
CVE-2015-3413
	RESERVED
	- hhvm 3.11.0+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/02a7a8f086c9181002fca0f0d9cef42963fdf46a
CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257
	NOTE: https://bugs.php.net/bug.php?id=69353
CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69353
CVE-2015-3410
	RESERVED
CVE-2015-3427 (Quassel before 0.12.2 does not properly re-initialize the database ses ...)
	{DSA-3258-1}
	- quassel 1:0.10.0-2.4 (bug #783926)
	[wheezy] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
	[squeeze] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
	NOTE: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
	NOTE: http://quassel-irc.org/node/120
CVE-2015-3420 (The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3  ...)
	- dovecot 1:2.2.13-12 (bug #783649)
	[jessie] - dovecot 1:2.2.13-12~deb8u1
	[wheezy] - dovecot <not-affected> (Problematic patch introducing the issue not applied)
	[squeeze] - dovecot <not-affected> (Vulnerable code not present & not reproducible)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/3
	NOTE: Patch: http://web.archive.org/web/20150907231530/http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
	NOTE: Segfault reproducible if using openssl/1.0.2a-1 from sid.
	NOTE: http://dovecot.org/pipermail/dovecot/2015-April/100579.html
	NOTE: It is openssl crashing but because dovecot ignores an erlier
	NOTE: returned error from dovecot, related to openssl bug:
	NOTE: https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
	NOTE: Possibly introduced due to http://web.archive.org/web/20150121182933/http://hg.dovecot.org:80/dovecot-2.2/rev/09d3c9c6f0ad
CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in W ...)
	{DSA-3250-1 DLA-236-1}
	- wordpress 4.2.1+dfsg-1 (bug #783554)
	NOTE: http://klikki.fi/adv/wordpress2.html
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-2-1/
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/27/4
	NOTE: https://core.trac.wordpress.org/changeset/32299
CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
	- wordpress 4.2+dfsg-1 (bug #783347)
	[jessie] - wordpress 4.1+dfsg-1+deb8u1
	[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
	[squeeze] - wordpress 3.6.1+dfsg-1~deb6u6
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
	NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
CVE-2015-XXXX [files with invalid or unsafe names could be uploaded]
	- wordpress 4.2+dfsg-1 (bug #783347)
	[jessie] - wordpress 4.1+dfsg-1+deb8u1
	[wheezy] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
	[squeeze] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
	NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/10/11
CVE-2015-3439 (Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiec ...)
	{DSA-3250-1 DLA-236-1}
	- wordpress 4.2+dfsg-1 (bug #783347)
	NOTE: http://codex.wordpress.org/Version_4.1.2
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-3438 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
	{DSA-3250-1 DLA-236-1}
	- wordpress 4.2+dfsg-1 (bug #783347)
	NOTE: http://codex.wordpress.org/Version_4.1.2
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not properly set ...)
	{DSA-3243-1 DLA-214-1}
	- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
	NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
	NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
CVE-2015-3418 (The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserv ...)
	{DLA-120-2}
	- xorg-server 2:1.16.4-1 (bug #774308)
	[wheezy] - xorg-server 2:1.12.4-6+deb7u6
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928520 (not public yet)
CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in li ...)
	{DSA-3288-1}
	- ffmpeg 7:2.6.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
CVE-2015-3404 (The Certify module before 6.x-2.3 for Drupal does not properly perform ...)
	NOT-FOR-US: Certify module for Drupal
CVE-2015-3403
	RESERVED
CVE-2015-3402
	RESERVED
CVE-2015-3401
	RESERVED
CVE-2015-3399
	RESERVED
CVE-2015-3398
	RESERVED
CVE-2015-3397 (Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 ...)
	- yii <itp> (bug #597899)
CVE-2015-3396
	RESERVED
CVE-2015-3395 (The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and  ...)
	{DSA-3288-1}
	- ffmpeg 7:2.6.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected>
	- chromium-browser <not-affected>
	NOTE: Patch in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/f7e1367f58263593e6cee3c282f7277d7ee9d553
	NOTE: Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948
CVE-2015-3394
	RESERVED
CVE-2015-3393 (Open redirect vulnerability in the Commerce WeDeal module before 7.x-1 ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3392 (Cross-site scripting (XSS) vulnerability in the Ajax Timeline module b ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3391 (The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote at ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3390 (Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3389 (Cross-site scripting (XSS) vulnerability in the Download counts report ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3388 (Cross-site request forgery (CSRF) vulnerability in the Commerce Balanc ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3387 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy To ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3386 (Cross-site scripting (XSS) vulnerability in the Node Access Product mo ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3385 (Cross-site scripting (XSS) vulnerability in the Taxonomy Path module b ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3384 (Cross-site scripting (XSS) vulnerability in the Bank Account Listing P ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3383 (Open redirect vulnerability in the Node basket module for Drupal allow ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3382 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3381 (Cross-site scripting (XSS) vulnerability in the Node basket module for ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Feat ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3379 (The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x  ...)
	NOT-FOR-US: Drupal Views module
CVE-2015-3378 (Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3 ...)
	NOT-FOR-US: Drupal Views module
CVE-2015-3377
	RESERVED
CVE-2015-3376 (Cross-site scripting (XSS) vulnerability in the Quizzler module before ...)
	NOT-FOR-US: Quizzler module for Drupal
CVE-2015-3375 (Cross-site request forgery (CSRF) vulnerability in the Shibboleth Auth ...)
	NOT-FOR-US: Shibboleth Authentication module for Drupal
CVE-2015-3374 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Corn ...)
	NOT-FOR-US: Corner module fro Drupal
CVE-2015-3373 (The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and  ...)
	NOT-FOR-US: Amazon AWS module for Drupal
CVE-2015-3372 (Cross-site scripting (XSS) vulnerability in the Node Invite module bef ...)
	NOT-FOR-US: Node Invite module for Drupal
CVE-2015-3371 (Open redirect vulnerability in the Node Invite module before 6.x-2.5 f ...)
	NOT-FOR-US: Node Invite module for Drupal
CVE-2015-3370 (Cross-site request forgery (CSRF) vulnerability in the Node Invite mod ...)
	NOT-FOR-US: Node Invite module for Drupal
CVE-2015-3369 (Cross-site scripting (XSS) vulnerability in the Taxonews module before ...)
	NOT-FOR-US: Taxonews module for Drupal
CVE-2015-3368 (Cross-site scripting (XSS) vulnerability in the administration user in ...)
	NOT-FOR-US: Classified Ads module for Drupal
CVE-2015-3367 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Patt ...)
	NOT-FOR-US: Ptterns module for Drupal
CVE-2015-3366 (Cross-site request forgery (CSRF) vulnerability in the Alfresco module ...)
	NOT-FOR-US: Alfresco module for Drupal
CVE-2015-3365 (Cross-site scripting (XSS) vulnerability in the nodeauthor module for  ...)
	NOT-FOR-US: nodeauthor module for Drupal
CVE-2015-3364 (Cross-site scripting (XSS) vulnerability in the Content Analysis modul ...)
	NOT-FOR-US: Content Analysis module for Drupal
CVE-2015-3363 (Cross-site request forgery (CSRF) vulnerability in the Contact Form Fi ...)
	NOT-FOR-US: Contact Forms Fields module for Drupal
CVE-2015-3362 (Cross-site scripting (XSS) vulnerability in the Video module before 7. ...)
	NOT-FOR-US: Video module for Drupal
CVE-2015-3361 (Cross-site scripting (XSS) vulnerability in the Linkit module before 7 ...)
	NOT-FOR-US: Linkit module for Drupal
CVE-2015-3360 (Cross-site scripting (XSS) vulnerability in the Term Merge module befo ...)
	NOT-FOR-US: Term Merge module for Drupal
CVE-2015-3359 (Multiple cross-site scripting (XSS) vulnerabilities in the Room Reserv ...)
	NOT-FOR-US: Room Reservations module for Drupal
CVE-2015-3358 (Multiple open redirect vulnerabilities in the Tadaa! module before 7.x ...)
	NOT-FOR-US: Tadaa! module for Drupal
CVE-2015-3357 (Cross-site scripting (XSS) vulnerability in the Wishlist module before ...)
	NOT-FOR-US: Wishlist module for Drupal
CVE-2015-3356 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Tada ...)
	NOT-FOR-US: Tadaa! module for Drupal
CVE-2015-3355 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Batc ...)
	NOT-FOR-US: Batch Jobs module for Drupal
CVE-2015-3354 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...)
	NOT-FOR-US: Drupal module Wishlist
CVE-2015-3353 (Cross-site scripting (XSS) vulnerability in the Field Display Label mo ...)
	NOT-FOR-US: Field Display Label module for Drupal
CVE-2015-3352 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Jamm ...)
	NOT-FOR-US: Drupal module Jammer
CVE-2015-3351 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Log  ...)
	NOT-FOR-US: Log Watcher module for Drupal
CVE-2015-3350 (Cross-site request forgery (CSRF) vulnerability in the Todo Filter mod ...)
	NOT-FOR-US: Drupal module Todo Filter
CVE-2015-3349 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Htac ...)
	NOT-FOR-US: Htaccess module for Drupal
CVE-2015-3348 (Cross-site scripting (XSS) vulnerability in the Cloudwords for Multili ...)
	NOT-FOR-US: Cloudwords for Multilingual Drupal module for Drupal
CVE-2015-3347 (Cross-site request forgery (CSRF) vulnerability in the Cloudwords for  ...)
	NOT-FOR-US: Cloudwords for Multilingual Drupal module for Drupal
CVE-2015-3346 (SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for  ...)
	NOT-FOR-US: WikiWiki module for Drupal
CVE-2015-3345 (SQL injection vulnerability in the PHPlist Integration Module before 6 ...)
	NOT-FOR-US: Drupal module PHPlist
CVE-2015-3344 (Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x  ...)
	NOT-FOR-US: Drupal module Course
CVE-2015-3343 (Cross-site request forgery (CSRF) vulnerability in the OPAC module bef ...)
	NOT-FOR-US: OPAC module for Drupal
CVE-2015-3342 (Open redirect vulnerability in the Ubercart Currency Conversion module ...)
	NOT-FOR-US: Ubercart Currency Conversion module for Drupal
CVE-2015-3341
	RESERVED
CVE-2015-3400 (sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the z ...)
	- zfs-linux <not-affected> (Specific to packages on archive.zfsonlinux.org repositories)
	NOTE: Issue with ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories
	NOTE: https://github.com/zfsonlinux/zfs/issues/3319
CVE-2015-3338
	RESERVED
CVE-2015-3337 (Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1. ...)
	{DSA-3241-1}
	- elasticsearch 1.0.3+dfsg-7
	NOTE: https://www.elastic.co/blog/elasticsearch-1-5-2-and-1-4-5-released
CVE-2015-3336 (Google Chrome before 42.0.2311.90 does not always ask the user before  ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-3335 (The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl ...)
	- chromium-browser <not-affected> (native client support not built)
CVE-2015-3334 (browser/ui/website_settings/website_settings.cc in Google Chrome befor ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-3333 (Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which allo ...)
	{DSA-3414-1}
	- xen 4.6.0-1 (unimportant; bug #784011)
	[wheezy] - xen 4.1.4-3+deb7u8
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-132.html
CVE-2015-4605 (The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1 (bug #783099)
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	- file <not-affected> (Not reproducible with file, see #783108)
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
	NOTE: https://bugs.php.net/bug.php?id=68819
CVE-2015-4604 (The mget function in softmagic.c in file 5.x, as used in the Fileinfo  ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1 (bug #783099)
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	- file <not-affected> (Not reproducible with file, see #783108)
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
	NOTE: https://bugs.php.net/bug.php?id=68819
CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the Linu ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-3
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does n ...)
	{DSA-3430-1 DLA-334-1}
	- libxml2 2.9.3+dfsg1-1 (bug #802827)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
CVE-2015-7941 (libxml2 2.9.2 does not properly stop parsing invalid input, which allo ...)
	{DSA-3430-1 DLA-266-1}
	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #783010)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/19/5
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/22/5
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (v2.9.3)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 (v2.9.3)
CVE-2015-8710 (The htmlParseComment function in HTMLparser.c in libxml2 allows attack ...)
	{DSA-3430-1 DLA-266-1}
	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #782985)
	NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/19/4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746048
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c
CVE-2015-3328
	RESERVED
CVE-2015-3327
	RESERVED
CVE-2015-3326 (Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2015-3325 (SQL injection vulnerability in forum.php in the WP Symposium plugin be ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2015-3324 (The ThinkServer System Manager (TSM) Baseboard Management Controller b ...)
	NOT-FOR-US: ThinkServer
CVE-2015-3323 (The ThinkServer System Manager (TSM) Baseboard Management Controller b ...)
	NOT-FOR-US: ThinkServer
CVE-2015-3322 (Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers befor ...)
	NOT-FOR-US: ThinkServer
CVE-2015-3321 (Services and files in Lenovo Fingerprint Manager before 8.01.42 have i ...)
	NOT-FOR-US: Lenovo
CVE-2015-3320 (Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 inclu ...)
	NOT-FOR-US: Lenovo USB Enhanced Performance Keyboard software
CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH u ...)
	- linux 4.0.2-1 (low)
	[jessie] - linux <ignored> (Too intrusive to backport)
	[wheezy] - linux <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
	- linux-2.6 <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
	NOTE: https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
	NOTE: Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/4
	NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP  ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.7+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69218
	NOTE: https://bugs.php.net/bug.php?id=68486
	NOTE: Fixed by: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3
	NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7
CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
	NOT-FOR-US: Hotspot Express hotEx Billing Manager
CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
	NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
	NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
	NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3314 (SQL injection vulnerability in WordPress Tune Library plugin before 1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-3313 (SQL injection vulnerability in WordPress Community Events plugin befor ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-3312
	RESERVED
CVE-2015-3311
	RESERVED
CVE-2015-3307 (The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4. ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69443
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function i ...)
	{DSA-3280-1 DLA-212-1}
	- php5 5.6.9+dfsg-1
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
	NOTE: https://bugs.php.net/bug.php?id=69441
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22
	NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3309 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad  ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2015-3308 (Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3. ...)
	[experimental] - gnutls28 3.3.14-1
	- gnutls28 3.3.8-7 (bug #782776)
	[jessie] - gnutls28 3.3.8-6+deb8u1
	- gnutls26 <not-affected> (Introduced in 3.3.0)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
	NOTE: https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
CVE-2015-3305
	RESERVED
CVE-2015-3304
	RESERVED
CVE-2015-3303
	RESERVED
CVE-2015-3302 (The TheCartPress eCommerce Shopping Cart (aka The Professional WordPre ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart
CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce Shoppi ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPres ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3299 (Cross-site scripting (XSS) vulnerability in the Floating Social Bar pl ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-3298
	RESERVED
CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0 ...)
	NOT-FOR-US: NodeBB
CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
	- ruby-rails-assets-markdown-it 4.2.1-1
CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly h ...)
	{DSA-3251-1 DLA-225-1}
	- dnsmasq 2.72-3.1 (bug #783459)
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain c ...)
	NOT-FOR-US: FortiMail
CVE-2015-3292 (The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 a ...)
	NOT-FOR-US: NetApp OnCommand Workflow Automation
CVE-2015-3291 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_ ...)
	{DSA-3313-1}
	- linux 4.0.8-2
	[wheezy] - linux <not-affected> (Present since 3.3)
	- linux-2.6 <not-affected> (Present since 3.3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a27507ca2d796cfa8d907de31ad730359c8a6d06 (prerequisite)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
	NOTE: Introduced around 3.3-rc1: (https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f3c8b8c4b2a34776c3470142a7c8baafcda6eb0)
CVE-2015-3290 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_ ...)
	{DSA-3313-1}
	- linux 4.0.8-2
	[wheezy] - linux <not-affected> (Introduced in 3.13)
	- linux-2.6 <not-affected> (Introduced in 3.13)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9d05041679904b12c12421cbcf9cb5f4860a8d7b (prerequisite)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e181bb58143cb4a2e8f01c281b0816cd0e4798e (prerequisite)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
CVE-2015-3289 (OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated us ...)
	- glance 2015.1.0-4 (bug #793896)
	[jessie] - glance <not-affected> (Vulnerable code introduced later)
	[wheezy] - glance <not-affected> (Vulnerable code introduced later)
CVE-2015-3288 (mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous page ...)
	- linux 4.2-1
	[jessie] - linux 3.16.7-ckt17-1
	[wheezy] - linux 3.2.71-1
	NOTE: https://git.kernel.org/linus/6b7339f4c31ad69c8e9c0b2859276e22cf72176d (v4.2-rc2)
CVE-2015-3287
	REJECTED
CVE-2015-3286 (Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6. ...)
	- openafs <not-affected> (The Solaris kernel extension in versions through 1.6.12)
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt
CVE-2015-3285 (The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wr ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt
CVE-2015-3284 (pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kern ...)
	{DSA-3320-1}
	- openafs 1.6.13-1
	[squeeze] - openafs <not-affected> (Only 1.6.0 trough 1.6.12)
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt
CVE-2015-3283 (OpenAFS before 1.6.13 allows remote attackers to spoof bos commands vi ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt
CVE-2015-3282 (vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remot ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt
CVE-2015-3281 (The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1. ...)
	{DSA-3301-1}
	- haproxy 1.5.14-1
	[squeeze] - haproxy <not-affected> (Affects 1.5.x and 1.6-dev only)
	NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 (1.5.x)
CVE-2015-3280 (OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 20 ...)
	- nova 1:12.0.0-2 (low; bug #798883)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <not-affected> (Affected code introduced later)
	NOTE: 2014.2 versions through 2014.2.3, and 2015.1 versions through 2015.1.1
CVE-2015-3279 (Integer overflow in filter/texttopdf.c in texttopdf in cups-filters be ...)
	{DSA-3303-1 DLA-314-1}
	- cups-filters 1.0.71-1
	- cups 1.5.0-16
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
CVE-2015-3278 (The cipherstring parsing code in nss_compat_ossl while in multi-keywor ...)
	NOT-FOR-US: nss_compat_ossl (OpenSSL to NSS Porting Library)
CVE-2015-3277 (The mod_nss module before 1.0.11 in Fedora allows remote attackers to  ...)
	- libapache2-mod-nss <removed> (bug #795657)
	[stretch] - libapache2-mod-nss <no-dsa> (Minor issue)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced by https://pagure.io/mod_nss/c/2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2015-3276 (The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDA ...)
	- openldap <unfixed> (unimportant)
	NOTE: Debian builds with GNUTLS, not NSS
CVE-2015-3275 (Multiple cross-site scripting (XSS) vulnerabilities in the SCORM modul ...)
	- moodle 2.7.9+dfsg-1 (bug #792242)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
CVE-2015-3274 (Cross-site scripting (XSS) vulnerability in the user_get_user_details  ...)
	- moodle 2.7.9+dfsg-1 (bug #792242)
	[squeeze] - moodle <not-affected> (Only similar function looks like the fixed version)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
CVE-2015-3273 (mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the  ...)
	- moodle <not-affected> (Affects only 2.9)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220
CVE-2015-3272 (Open redirect vulnerability in the clean_param function in lib/moodlel ...)
	- moodle 2.7.9+dfsg-1 (bug #792242)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
CVE-2015-3271 (Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow re ...)
	- tika <not-affected> (The server isn't shipped in the Debian package)
	NOTE: https://marc.info/?l=oss-security&m=143948566828051&w=2
CVE-2015-3270 (Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authent ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-3269 (Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveC ...)
	NOT-FOR-US: Adobe
CVE-2015-3268 (Cross-site scripting (XSS) vulnerability in the DisplayEntityField.get ...)
	NOT-FOR-US: Apache OFBiz
CVE-2015-3267 (Cross-site scripting (XSS) vulnerability in the 404 error page in Red  ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2015-3266
	RESERVED
CVE-2015-3265
	RESERVED
CVE-2015-3264
	RESERVED
CVE-2015-3263
	RESERVED
CVE-2015-3262
	RESERVED
CVE-2015-3261
	RESERVED
CVE-2015-3260
	RESERVED
CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen 4.1. ...)
	{DSA-3414-1}
	- xen 4.6.0-1 (low; bug #795721)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <not-affected> (xl not shipped in Squeeze)
	NOTE: http://xenbits.xen.org/xsa/advisory-137.html
CVE-2015-3258 (Heap-based buffer overflow in the WriteProlog function in filter/textt ...)
	{DSA-3303-1 DLA-314-1}
	- cups-filters 1.0.70-1
	- cups 1.5.0-16
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1235385
CVE-2015-3257 (Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not ...)
	NOT-FOR-US: zend-diactoros
	NOTE: https://framework.zend.com/security/advisory/ZF2015-05
CVE-2015-3256 (PolicyKit (aka polkit) before 0.113 allows local users to cause a deni ...)
	- policykit-1 <not-affected> (The Policykit versions which rely on Javascript/Spidermonkey haven't been uploaded to unstable)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=69501
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=910262#c75
CVE-2015-3255 (The polkit_backend_action_pool_init function in polkitbackend/polkitba ...)
	[experimental] - policykit-1 0.113-1
	- policykit-1 0.105-12 (bug #796134)
	[jessie] - policykit-1 0.105-15~deb8u1
	[wheezy] - policykit-1 <no-dsa> (Minor issue)
	[squeeze] - policykit-1 <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f
CVE-2015-3254 (The client libraries in Apache Thrift before 0.9.3 might allow remote  ...)
	- thrift-compiler <not-affected> (Vulnerable code not present)
	NOTE: Affects src:thrift, which is only in experimental. The issue is fixed upstream in 0.9.3
	NOTE: so any future upload of thrift to unstable can mark this item as <not-affected> (fixed
	NOTE: before the initial upload to Debian unstable)
CVE-2015-3253 (The MethodClosure class in runtime/MethodClosure.java in Apache Groovy ...)
	{DLA-274-1}
	- groovy 2.4.6-1 (bug #793397)
	[jessie] - groovy 1.8.6-4+deb8u1
	[wheezy] - groovy 1.8.6-1+deb7u1
	- groovy2 2.2.2+dfsg-5 (bug #793398)
	[jessie] - groovy2 2.2.2+dfsg-3+deb8u1
CVE-2015-3252 (Apache CloudStack before 4.5.2 does not properly preserve VNC password ...)
	NOT-FOR-US: Apache CloudStack
CVE-2015-3251 (Apache CloudStack before 4.5.2 might allow remote authenticated admini ...)
	NOT-FOR-US: Apache CloudStack
CVE-2015-3250 (Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct ...)
	- apache-directory-api 1.0.0~M20-3 (bug #791957)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5
CVE-2015-3249 (The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before  ...)
	- trafficserver 5.3.1-1
	[wheezy] - trafficserver <not-affected> (HTTP2 support does not exist)
	NOTE: http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g@mail.gmail.com%3E
CVE-2015-3248 (openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permis ...)
	- openhpi <not-affected> (Only affects RPM packaging, in Debian directory is not world-writable, bug #789543)
CVE-2015-3247 (Race condition in the worker_update_monitors_config function in SPICE  ...)
	{DSA-3354-1}
	- spice 0.12.5-1.2 (bug #797976)
	[wheezy] - spice <not-affected> (monitors_config support introduced in 0.11.3)
	NOTE: Referenced Bug with Details from Red Hat is currently private
	NOTE: Patch: https://git.centos.org/blob/rpms!spice.git/11e32f6dd156a3c4847da29d989837437e973ccc/SOURCES!0038-Avoid-race-conditions-reading-monitor-configs-from-g.patch
CVE-2015-3246 (libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhe ...)
	{DLA-468-1}
	- libuser 1:0.62~dfsg-0.1 (bug #793465)
	[jessie] - libuser <no-dsa> (Minor issue)
CVE-2015-3245 (Incomplete blacklist vulnerability in the chfn function in libuser bef ...)
	{DLA-468-1}
	- libuser 1:0.62~dfsg-0.1 (bug #793465)
	[jessie] - libuser <no-dsa> (Minor issue)
	NOTE: initially attributed to usermode package, root-cause fixed in libuser instead
CVE-2015-3244 (The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, ...)
	NOT-FOR-US: PortletBridge component of Red Hat JBoss Portal
CVE-2015-3243 (rsyslog uses weak permissions for generating log files, which allows l ...)
	- rsyslog <unfixed> (unimportant)
	NOTE: The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
	NOTE: provided by the Debian package sets $FileCreateMode 0640
CVE-2015-3242
	REJECTED
CVE-2015-3241 (OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlie ...)
	- nova 1:12.0.0-2 (bug #796109)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1387543
	NOTE: Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3, and version 2015.1.0
	NOTE: https://git.openstack.org/cgit/openstack/nova/commit/?id=7ab75d5b0b75fc3426323bef19bf436a258b9707
CVE-2015-3240 (The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6. ...)
	- openswan <removed>
	[squeeze] - openswan <end-of-life> (Not supported in Squeeze LTS)
	[wheezy] - openswan <end-of-life> (Not supported in Wheezy LTS)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2015-3240/
CVE-2015-3239 (Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_ ...)
	{DLA-271-1}
	- libunwind 1.1-4 (low; bug #790830)
	[jessie] - libunwind <no-dsa> (Minor issue)
	[wheezy] - libunwind <no-dsa> (Minor issue)
	- android-platform-external-libunwind 7.0.0+r1-4 (bug #849346)
	NOTE: http://savannah.nongnu.org/bugs/?45276 (private bug)
	NOTE: http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
CVE-2015-3238 (The _unix_run_helper_binary function in the pam_unix module in Linux-P ...)
	- pam 1.1.8-3.2 (bug #789986)
	[jessie] - pam 1.1.8-3.1+deb8u1
	[wheezy] - pam <no-dsa> (Minor issue e.g. in combination with enabled SELinux)
	[squeeze] - pam <no-dsa> (Minor issue e.g. in combination with enabled SELinux)
	NOTE: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79
	NOTE: https://www.redhat.com/archives/pam-list/2015-June/msg00001.html
CVE-2015-3237 (The smb_request_state function in cURL and libcurl 7.40.0 through 7.42 ...)
	- curl 7.43.0-1
	[jessie] - curl <not-affected> (Vulnerable code not present)
	[wheezy] - curl <not-affected> (Vulnerable code not present)
	[squeeze] - curl <not-affected> (Vulnerable code not present)
	NOTE: http://curl.haxx.se/docs/adv_20150617B.html
CVE-2015-3236 (cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authenticat ...)
	- curl 7.43.0-1
	[jessie] - curl <not-affected> (Vulnerable code not present)
	[wheezy] - curl <not-affected> (Vulnerable code not present)
	[squeeze] - curl <not-affected> (Vulnerable code not present)
	NOTE: http://curl.haxx.se/docs/adv_20150617A.html
CVE-2015-3235 (Foreman before 1.9.0 allows remote authenticated users with the edit_u ...)
	- foreman <itp> (bug #663101)
CVE-2015-3234 (The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3233 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3232 (Open redirect vulnerability in the Field UI module in Drupal 7.x befor ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3231 (The Render cache system in Drupal 7.x before 7.38, when used to cache  ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3230 (389 Directory Server (formerly Fedora Directory Server) before 1.3.3.1 ...)
	- 389-ds-base 1.3.3.12-1 (bug #789202)
	[jessie] - 389-ds-base <not-affected> (Vulnerable code not present, fix for 47838 not applied in Jessie)
	NOTE: https://fedorahosted.org/389/ticket/48194
	NOTE: Regression if https://fedorahosted.org/389/ticket/47838 applied
CVE-2015-3229 (fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to c ...)
	NOT-FOR-US: Fedora Atomic
CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc. ...)
	{DSA-3326-1 DLA-280-1}
	- ghostscript 9.15~dfsg-1 (bug #793489)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
	NOTE: File to reproduce segfault with ps2pdf: http://bugs.ghostscript.com/attachment.cgi?id=11776
CVE-2015-3227 (The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby  ...)
	{DSA-3464-1 DLA-603-1}
	- rails 2:4.2.4-2 (bug #790487)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-activesupport-3.2 <removed>
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
CVE-2015-3226 (Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...)
	{DSA-3464-1}
	- rails 2:4.2.4-2 (bug #790486)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-activesupport-3.2 <removed>
	[wheezy] - ruby-activesupport-3.2 <not-affected> (Vulnerable code not present)
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
CVE-2015-3225 (lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used ...)
	{DSA-3322-1 DLA-254-1}
	- ruby-rack 1.5.2-4 (bug #789311)
	- ruby-rack1.4 <removed>
	- librack-ruby <removed>
	NOTE: http://seclists.org/oss-sec/2015/q2/729 has patches for 1.5 and 1.6
CVE-2015-3224 (request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x ...)
	NOT-FOR-US: Web Console Ruby Gem
CVE-2015-3223 (The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	- ldb 2:1.1.24-1
	[jessie] - ldb 2:1.1.17-2+deb8u1
	[wheezy] - ldb <no-dsa> (Minor issue, only relevant in conjunction with Samba 4, which isn't in wheezy)
	[squeeze] - ldb <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2015-3223.html
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=fb456954f332c07a645226d59b3b00ec252f8b26 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=bb1b783ee9d7259cfc6a1fe882f22189747f8684 (v4-1-stable)
	NOTE: Samba update needs as well fixed ldb
CVE-2015-3222 (syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows ...)
	- ossec-hids <itp> (bug #361954)
CVE-2015-3221 (OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1  ...)
	- neutron 2015.1.0+2015.06.24.git61.bdf194a0e1-1 (bug #789713)
	[jessie] - neutron <not-affected> (ipset code introduced in Juno)
	NOTE: https://bugs.launchpad.net/neutron/+bug/1461054/comments/18
	NOTE: 2014.2 versions through 2014.2.3 and 2015.1.0 version
CVE-2015-3220 (The tlslite library before 0.4.9 for Python allows remote attackers to ...)
	- tlslite <removed>
CVE-2015-3219 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack se ...)
	{DSA-3617-1}
	- horizon 2015.1.0+2015.06.09.git15.e63af6c598-1 (bug #788306)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: 2014.2 versions through 2014.2.3 and version 2015.1.0
CVE-2015-3218 (The authentication_agent_new function in polkitbackend/polkitbackendin ...)
	[experimental] - policykit-1 0.113-1
	- policykit-1 0.105-11 (bug #787932)
	[jessie] - policykit-1 0.105-15~deb8u1
	[wheezy] - policykit-1 <no-dsa> (Minor issue)
	[squeeze] - policykit-1 <not-affected> (Vulnerable code introduced later)
	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
	NOTE: Patch: http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
	NOTE: Introduced by: http://cgit.freedesktop.org/polkit/commit/?id=6eeb077bc90c9c7783360a526b2f04645b1b0848
CVE-2015-3217 (PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty  ...)
	- pcre3 2:8.38-1 (bug #787641)
	[jessie] - pcre3 <no-dsa> (Minor issue)
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1638
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1566
	NOTE: More information: https://bugzilla.redhat.com/show_bug.cgi?id=1228283#c2
CVE-2015-3216 (Race condition in a certain Red Hat patch to the PRNG lock implementat ...)
	- openssl <not-affected> (Affects Red Hat specific patch)
	NOTE: More information in https://bugzilla.redhat.com/show_bug.cgi?id=1225994
CVE-2015-3215 (The NetKVM Windows Virtio driver allows remote attackers to cause a de ...)
	NOT-FOR-US: virtio Windows drivers
CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and Q ...)
	{DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #795461)
	[wheezy] - qemu <not-affected> (Introduced in 1.3.0)
	[squeeze] - qemu <not-affected> (Introduced in 1.3.0)
	- qemu-kvm <not-affected> (Introduced in 1.3.0)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3.0, embedded version is 0.10.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0505bcdec8228d8de39ab1a02644e71999e7c052 (v1.3.0-rc0)
	- linux <not-affected> (Fixed before linux-2.6 -> linux rename, v2.6.33-rc8)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 (v2.6.33-rc8)
CVE-2015-3213 (The gesture handling code in Clutter before 1.16.2 allows physically p ...)
	- clutter-1.0 1.18.0-1
	[wheezy] - clutter-1.0 <not-affected> (Vulnerable code introduced later)
	[squeeze] - clutter-1.0 <not-affected> (Vulnerable code was introduced past 1.12.0)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749847
	NOTE: Introduced by: https://git.gnome.org/browse/clutter/commit/?id=abcf1d589f29ba7914d5648bb9814ad26c13cd83 (1.13.2)
	NOTE: Fixed by: https://git.gnome.org/browse/clutter/commit/?id=97724939c8de004d7fa230f3ff64862d957f93a9 (1.17.2)
CVE-2015-3212 (Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 a ...)
	{DSA-3329-1}
	- linux 4.0.8-1
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: https://marc.info/?l=linux-netdev&m=143277436124732&w=2
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f7d653b67aed2d92540fbb0a8adaf32fcf352ae (v3.1-rc1)
CVE-2015-3211 (php-fpm allows local users to write to or create arbitrary files via a ...)
	- php5 <not-affected> (Red Hat specific problem in the rpm package)
CVE-2015-3210 (Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 a ...)
	- pcre3 2:8.35-7.2 (bug #787433)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1558
	NOTE: Affected code refactored in: http://vcs.pcre.org/pcre?view=revision&revision=1359 (8.34)
	NOTE: Issue then introduced by: http://vcs.pcre.org/pcre?view=revision&revision=1361
CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows remo ...)
	{DSA-3286-1 DSA-3285-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-6 (bug #788460)
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-135.html
CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...)
	NOT-FOR-US: HornetQ
CVE-2015-3207
	RESERVED
CVE-2015-3206 (The checkPassword function in python-kerberos does not authenticate th ...)
	{DLA-265-2 DLA-265-1}
	- pykerberos 1.1.5-1 (bug #796195)
	[jessie] - pykerberos 1.1.5-0.1+deb8u1
	[wheezy] - pykerberos 1.1+svn4895-1+deb7u1
	NOTE: CVE originally assigned for python-kerberos, pykerberos is a fork of the
	NOTE: former.
	NOTE: KDC verification support in pykerberos added in https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c
	NOTE: Using the above code as is might break existing installations since a keytab is required to call krb5_verify_init_creds
CVE-2015-3205 (libmimedir allows remote attackers to execute arbitrary code via a VCF ...)
	- libmimedir <removed> (bug #789197)
	[jessie] - libmimedir <no-dsa> (Minor issue)
	[wheezy] - libmimedir <no-dsa> (Minor issue)
	[squeeze] - libmimedir <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222251
CVE-2015-3204 (libreswan 3.9 through 3.12 allows remote attackers to cause a denial o ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt
	NOTE: https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204-libreswan.patch
CVE-2015-3203 (Unrestricted file upload vulnerability in h5ai before 0.25.0 allows re ...)
	NOT-FOR-US: h5ai
CVE-2015-3202 (fusermount in FUSE before 2.9.3-15 does not properly clear the environ ...)
	{DSA-3268-2 DSA-3268-1 DSA-3266-1 DLA-238-1 DLA-226-2 DLA-226-1}
	- fuse 2.9.3-16 (bug #786439)
	NOTE: Upstream fix: http://web.archive.org/web/20150529051222/http://sourceforge.net:80/p/fuse/fuse/ci/fe2d96
	- ntfs-3g 1:2014.2.15AR.3-3 (bug #786475)
	NOTE: ntfs-3g source wise affected but wheezy version uses --with-fuse=external
	NOTE: ntfs-3g is built with internal copy since 1:2013.1.13AR.3-2
CVE-2015-3201 (Thermostat before 2.0.0 uses world-readable permissions for the web.xm ...)
	NOT-FOR-US: thermostat
CVE-2015-3200 (mod_auth in lighttpd before 1.4.36 allows remote attackers to inject a ...)
	- lighttpd 1.4.37-1 (low; bug #787132)
	[jessie] - lighttpd <no-dsa> (Minor issue)
	[wheezy] - lighttpd <no-dsa> (Minor issue)
	[squeeze] - lighttpd <no-dsa> (Minor issue)
	NOTE: http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
	NOTE: http://redmine.lighttpd.net/issues/2646
CVE-2015-3199
	REJECTED
CVE-2015-3198 (The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10 ...)
	NOT-FOR-US: Undertow module of WildFly / JBOSS
CVE-2015-3197 (ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f d ...)
	{DLA-421-1}
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: No MITM: https://bugzilla.redhat.com/show_bug.cgi?id=1301846#c3
CVE-2015-3196 (ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and ...)
	{DSA-3413-1}
	- openssl 1.0.2d-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.0 to 1.0.2)
CVE-2015-3195 (The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in Open ...)
	{DSA-3413-1 DLA-358-1}
	- openssl 1.0.2e-1
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-3194 (crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before ...)
	{DSA-3413-1}
	- openssl 1.0.2e-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.2)
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-3193 (The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.p ...)
	- openssl 1.0.2e-1
	[jessie] - openssl <not-affected> (Only affects 1.0.2)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2)
	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-3192 (Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...)
	{DLA-1853-1}
	- libspring-java 4.1.9-1 (low; bug #796137)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2015-3192
	NOTE: https://jira.spring.io/browse/SPR-13136
CVE-2015-3191 (With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA St ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-3190 (With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA St ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-3189 (With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA St ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-3188 (The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote ...)
	NOT-FOR-US: Apache Storm
CVE-2015-3187 (The svn_repos_trace_node_locations function in Apache Subversion befor ...)
	{DSA-3331-1 DLA-293-1}
	- subversion 1.9.0-1
	NOTE: https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
CVE-2015-3186 (Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-3185 (The ap_some_auth_required function in server/request.c in the Apache H ...)
	{DSA-3325-1}
	- apache2 2.4.16-1
	[wheezy] - apache2 <not-affected> (Bug introduced during 2.4 development)
	[squeeze] - apache2 <not-affected> (Bug introduced during 2.4 development)
	NOTE: https://www.apache.org/dist/httpd/Announcement2.4.txt
	NOTE: http://web.archive.org/web/20150918024815/http://www.apache.org:80/dist/httpd/CHANGES_2.4.16
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1684525
	NOTE: Behavior changed in 2.4.x refactoring, API no longer usable in 2.4.x
CVE-2015-3184 (mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x befor ...)
	{DSA-3331-1}
	- subversion 1.9.0-1
	[wheezy] - subversion <not-affected> (1.6 does not build with apache 2.4)
	[squeeze] - subversion <not-affected> (1.6 does not build with apache 2.4)
	NOTE: https://subversion.apache.org/security/CVE-2015-3184-advisory.txt
	NOTE: subversion needs to be built with a fixed apache version
CVE-2015-3183 (The chunked transfer coding implementation in the Apache HTTP Server b ...)
	{DSA-3325-1 DLA-284-1}
	- apache2 2.4.16-1
	NOTE: https://www.apache.org/dist/httpd/Announcement2.4.txt
	NOTE: http://web.archive.org/web/20150918024815/http://www.apache.org:80/dist/httpd/CHANGES_2.4.16
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1684515
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1687338 (2.2.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1687339 (2.2.x)
CVE-2015-3182 (epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in W ...)
	- wireshark 1.12.0~rc1-1
	[jessie] - wireshark <not-affected> (Only affected 1.10.x)
	[wheezy] - wireshark <not-affected> (Only affected 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affected 1.10.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1219409
CVE-2015-3181 (files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2. ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3180 (lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2. ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3179 (login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x  ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3178 (Cross-site scripting (XSS) vulnerability in the external_format_text f ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3177 (Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe ...)
	- moodle <not-affected> (Only affects versions 2.8 to 2.8.5)
CVE-2015-3176 (The account-confirmation feature in login/confirm.php in Moodle throug ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3175 (Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x  ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3174 (mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2 ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3173
	RESERVED
CVE-2015-3172
	RESERVED
CVE-2015-3171 (sosreport 3.2 uses weak permissions for generated sosreport archives,  ...)
	- sosreport 3.2-2 (bug #769521)
	NOTE: https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
	NOTE: https://github.com/sosreport/sos/issues/425
CVE-2015-3170 (selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows  ...)
	NOT-FOR-US: Red Hat specific issue with selinux-policy rpm package
CVE-2015-3169 (Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch ...)
	- askbot <itp> (bug #687966)
CVE-2015-3168
	REJECTED
CVE-2015-3167 (contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2 ...)
	{DSA-3270-1 DSA-3269-1 DLA-227-1}
	- postgresql-9.4 9.4.2-1
	- postgresql-9.1 <removed>
	NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3166 (The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before  ...)
	{DSA-3270-1 DSA-3269-1 DLA-227-1}
	- postgresql-9.4 9.4.2-1
	- postgresql-9.1 <removed>
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3165 (Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9. ...)
	{DSA-3270-1 DSA-3269-1 DLA-227-1}
	- postgresql-9.4 9.4.2-1
	- postgresql-9.1 <removed>
	NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3164 (The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 s ...)
	- xorg-server 2:1.17.2-1 (bug #788410)
	[jessie] - xorg-server 2:1.16.4-1+deb8u2
	[wheezy] - xorg-server <not-affected> (XWayland not present)
	[squeeze] - xorg-server <not-affected> (XWayland not present)
	NOTE: http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html
	NOTE: Patch 1/3: http://cgit.freedesktop.org/xorg/xserver/commit/?id=c4534a38b68aa07fb82318040dc8154fb48a9588
	NOTE: Patch 2/3: http://cgit.freedesktop.org/xorg/xserver/commit/?id=4b4b9086d02b80549981d205fb1f495edc373538
	NOTE: Patch 3/3: http://cgit.freedesktop.org/xorg/xserver/commit/?id=76636ac12f2d1dbdf7be08222f80e7505d53c451
CVE-2015-3163 (The admin pages for power types and key types in Beaker before 20.1 do ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3162 (Cross-site scripting (XSS) vulnerability in the edit comment dialog in ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3161 (The search bar code in bkr/server/widgets.py in Beaker before 20.1 doe ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3160 (XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beake ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3159 (The abrt-action-install-debuginfo-to-abrt-cache help program in Automa ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3158 (The invokeNextValve function in identity/federation/bindings/tomcat/id ...)
	NOT-FOR-US: PicketLink
CVE-2015-3157
	REJECTED
CVE-2015-3156 (The _write_config function in trove/guestagent/datastore/experimental/ ...)
	- openstack-trove <unfixed> (unimportant; bug #787654)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1216073#c1
	NOTE: partially fixed already in 2015.1~rc2-1, cf. #787654
	NOTE: will be completed during kilo release
CVE-2015-3155 (Foreman before 1.8.1 does not set the secure flag for the _session_id  ...)
	- foreman <itp> (bug #663101)
CVE-2015-3154 (CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framewor ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.12+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-04
CVE-2015-3153 (The default configuration for cURL and libcurl before 7.42.1 sends cus ...)
	{DSA-3240-1}
	- curl 7.42.1-1
	[wheezy] - curl <no-dsa> (Too intrusive to backport)
	[squeeze] - curl <no-dsa> (Too intrusive to backport)
	NOTE: http://curl.haxx.se/docs/adv_20150429.html
CVE-2015-3152 (Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclien ...)
	{DSA-3311-1}
	- mariadb-10.0 10.0.20-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: CVE was assigned explicitly only for MariaDB and Percona, but not Oracle MySQL
	NOTE: since Oracle is a CNA itself.
	NOTE: http://www.ocert.org/advisories/ocert-2015-003.html
	NOTE: http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
	NOTE: https://mariadb.atlassian.net/browse/MDEV-7937
CVE-2015-3151 (Directory traversal vulnerability in abrt-dbus in Automatic Bug Report ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3150 (abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3149 (The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Li ...)
	- openjdk-8 <not-affected> (defective patch not applied)
CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenti ...)
	{DSA-3232-1 DLA-211-1}
	- curl 7.42.0-1
	NOTE: http://curl.haxx.se/docs/adv_20150422B.html
CVE-2015-3147 (daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), w ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3146 (The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in ...)
	- libssh 0.6.3-4.2 (bug #784404)
	[jessie] - libssh 0.6.3-4+deb8u1
	[wheezy] - libssh 0.5.4-1+deb7u3
	[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
	NOTE: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
CVE-2015-3145 (The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7 ...)
	- curl 7.42.0-1
	[jessie] - curl 7.38.0-4+deb8u1
	[wheezy] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
	[squeeze] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
	NOTE: http://curl.haxx.se/docs/adv_20150422C.html
CVE-2015-3144 (The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 do ...)
	- curl 7.42.0-1
	[jessie] - curl 7.38.0-4+deb8u1
	[wheezy] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
	[squeeze] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
	NOTE: http://curl.haxx.se/docs/adv_20150422D.html
CVE-2015-3143 (cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM c ...)
	{DSA-3232-1 DLA-211-1}
	- curl 7.42.0-1
	NOTE: http://curl.haxx.se/docs/adv_20150422A.html
CVE-2015-3142 (The kernel-invoked coredump processor in Automatic Bug Reporting Tool  ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3141 (Multiple cross-site request forgery (CSRF) vulnerabilities in Synametr ...)
	NOT-FOR-US: Synametrics Technologies Xeams
CVE-2015-3140 (Multiple cross-site request forgery (CSRF) vulnerabilities in Synametr ...)
	NOT-FOR-US: Synametrics
CVE-2015-3139
	RESERVED
CVE-2015-3138 (print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a  ...)
	- tcpdump <not-affected> (Introduced in 4.7)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/446
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70
	NOTE: Introduced by: https://github.com/the-tcpdump-group/tcpdump/commit/3a3ec26085461998074b827b112d38e8f3246a86
CVE-2015-3137 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3136 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3135 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3134 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3133 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3132 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3131 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3130 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3129 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3128 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3127 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3126 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3125 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3124 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3123 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3122 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3121 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3120 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3119 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3118 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3117 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3116 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3115 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3114 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3113 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and ...)
	NOT-FOR-US: Adobe Flash Player
	NOTE: https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
CVE-2015-3112 (Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC befo ...)
	NOT-FOR-US: Adobe
CVE-2015-3111 (Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015 ...)
	NOT-FOR-US: Adobe
CVE-2015-3110 (Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and  ...)
	NOT-FOR-US: Adobe
CVE-2015-3109 (Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to exec ...)
	NOT-FOR-US: Adobe
CVE-2015-3108 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3107 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3106 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3105 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3104 (Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3103 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3102 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3101 (The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3100 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3099 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3098 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3097 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3096 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3095 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-3094
	REJECTED
CVE-2015-3093 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3092 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3091 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3090 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3089 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3088 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3087 (Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3086 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3085 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3084 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3083 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3082 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3081 (Race condition in Adobe Flash Player before 13.0.0.289 and 14.x throug ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3080 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3079 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3078 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3077 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3076 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3075 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-3074 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3073 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3072 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3071 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3070 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3069 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3068 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3067 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3066 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3065 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3064 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3063 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3062 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3061 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3060 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3059 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-3058 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3057 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3056 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3055 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-3054 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-3053 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe
CVE-2015-3052 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3051 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3050 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3049 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3048 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3047 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3046 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 o ...)
	NOT-FOR-US: Adobe
CVE-2015-3045
	REJECTED
CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3043 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3042 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3041 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3040 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3039 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3038 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3037
	RESERVED
CVE-2015-3036 (Stack-based buffer overflow in the run_init_sbus function in the KCode ...)
	NOT-FOR-US: KCodes NetUSB module for the Linux kernel
CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firm ...)
	NOT-FOR-US: TP-LINK Router
CVE-2015-3034
	RESERVED
CVE-2015-3033
	RESERVED
CVE-2015-3032
	RESERVED
CVE-2015-3031
	RESERVED
CVE-2015-3027 (Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect r ...)
	NOT-FOR-US: Clang in LLVM as used in Apple Xcode
CVE-2015-3025
	RESERVED
CVE-2015-3024
	RESERVED
CVE-2015-3023
	RESERVED
CVE-2015-3022
	RESERVED
CVE-2015-3021
	RESERVED
CVE-2015-3020
	RESERVED
CVE-2015-3019
	RESERVED
CVE-2015-3018
	RESERVED
CVE-2015-3017
	RESERVED
CVE-2015-3016
	RESERVED
CVE-2015-3015
	RESERVED
CVE-2015-3014
	RESERVED
CVE-2015-3009
	RESERVED
CVE-2014-9716 (Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows ...)
	- owncloud <not-affected> (embedded partial copy doesn't contain the related code)
	- owncloud-documents <not-affected> (embedded partial copy doesn't contain the related code)
	- webodf <itp> (bug #727529)
CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...)
	{DSA-3252-2 DSA-3252-1}
	- sqlite3 3.8.9-1 (bug #783968)
	[squeeze] - sqlite3 <not-affected> (Can't reproduce the issue)
	NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
	NOTE: http://seclists.org/bugtraq/2015/Apr/97
	NOTE: https://lists.debian.org/debian-lts/2015/06/msg00031.html
CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...)
	{DSA-3252-1}
	- sqlite3 3.8.9-1 (bug #783968)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	[squeeze] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://www.sqlite.org/src/info/02e3c88fbf6abdcf
	NOTE: http://seclists.org/bugtraq/2015/Apr/97
CVE-2015-3414 (SQLite before 3.8.9 does not properly implement the dequoting of colla ...)
	{DSA-3252-1}
	- sqlite3 3.8.9-1 (bug #783968)
	[wheezy] - sqlite3 <not-affected> (Can't reproduce the issue)
	[squeeze] - sqlite3 <not-affected> (Can't reproduce the issue)
	NOTE: https://www.sqlite.org/src/info/eddc05e7bb31fae7
	NOTE: http://seclists.org/bugtraq/2015/Apr/97
CVE-2015-3306 (The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read a ...)
	{DSA-3263-1}
	- proftpd-dfsg 1.3.5-2 (bug #782781)
	[squeeze] - proftpd-dfsg <not-affected> (mod_copy not available in version 1.3.3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/15/2
	NOTE: https://github.com/proftpd/proftpd/pull/109
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4169
	NOTE: https://cxsecurity.com/issue/WLB-2015040075
CVE-2015-3331 (The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_g ...)
	{DSA-3237-1}
	- linux 3.16.7-ckt9-3 (bug #782561)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in v2.6.38-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/16
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a (v4.0-rc5)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e (v2.6.38-rc1)
CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux k ...)
	- linux 3.16.7-ckt9-3 (bug #782515)
	[jessie] - linux 3.16.7-ckt9-3~deb8u1
	[wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
	- linux-2.6 <not-affected> (TCP Fast Open introduced in v3.6-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/14
	NOTE: http://thread.gmane.org/gmane.linux.network/359588
CVE-2016-4353 (ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
CVE-2016-4355 (Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 al ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4354 (ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data t ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4356 (The append_utf8_value function in the DN decoder (dn.c) in Libksba bef ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c in P ...)
	{DSA-3228-1 DLA-205-1}
	- ppp 2.4.6-3.1 (bug #782450)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
	NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlie ...)
	{DSA-4154-1 DLA-1317-1}
	- net-snmp 5.7.3+dfsg-1.1 (bug #788964)
	[squeeze] - net-snmp <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1
	NOTE: Upstream patch: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: https://sourceforge.net/p/net-snmp/bugs/2615/ (currently not public)
CVE-2015-4085 (Directory traversal vulnerability in node/hooks/express/tests.js in Et ...)
	- etherpad-lite <itp> (bug #576998)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad  ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.cl ...)
	- ceph-deploy <not-affected> (Fixed with initial upload to Debian)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
CVE-2015-3405 (ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ...)
	{DSA-3223-1 DLA-192-1}
	- ntp 1:4.2.6.p5+dfsg-7
	NOTE: https://bugs.ntp.org/show_bug.cgi?id=2797
	NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/5
CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x be ...)
	{DSA-3700-1 DLA-455-1}
	- asterisk 1:13.7.2~dfsg-1 (bug #782411)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2015-003.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24847
	NOTE: Patch: https://issues.asterisk.org/jira/secure/attachment/52082/asterisk-null-in-cn.patch
CVE-2015-3007 (The Juniper SRX Series services gateways with Junos OS 12.1X46 before  ...)
	NOT-FOR-US: Juniper
CVE-2015-3006 (On the QFX3500 and QFX3600 platforms, the number of bytes collected fr ...)
	NOT-FOR-US: Juniper
CVE-2015-3005 (Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper ...)
	NOT-FOR-US: Juniper
CVE-2015-3004 (J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35 ...)
	NOT-FOR-US: Juniper
CVE-2015-3003 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30,  ...)
	NOT-FOR-US: Juniper
CVE-2015-3002 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30,  ...)
	NOT-FOR-US: Juniper
CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 fo ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-3000 (SysAid Help Desk before 15.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2999 (Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2998 (SysAid Help Desk before 15.2 uses a hardcoded encryption key, which ma ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2997 (SysAid Help Desk before 15.2 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2996 (Multiple directory traversal vulnerabilities in SysAid Help Desk befor ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2995 (The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not prop ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2994 (Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid He ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2993 (SysAid Help Desk before 15.2 does not properly restrict access to cert ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2992 (Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerabi ...)
	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
CVE-2015-2991 (Buffer overflow in NScripter before 3.00 allows remote attackers to ex ...)
	NOT-FOR-US: NScripter
CVE-2015-2990 (Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO ...)
	NOT-FOR-US: desknet NEO
CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP T ...)
	NOT-FOR-US: LEMON-S
CVE-2015-2988 (Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certi ...)
	NOT-FOR-US: Rakuten card App for iOS
CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, w ...)
	NOT-FOR-US: Type74 ED
CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS ...)
	NOT-FOR-US: hitSuji
CVE-2015-2985 (Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1. ...)
	NOT-FOR-US: guide-park.com BBS
CVE-2015-2984 (I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBR ...)
	NOT-FOR-US: I-O DATA
CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Ko ...)
	NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2982 (Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js ...)
	NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2981 (The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.50 ...)
	NOT-FOR-US: Yodobashi App for Android
CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows remot ...)
	NOT-FOR-US: Yodobashi application for Android
CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webservice-DIC yoyaku_v41
CVE-2015-2978 (Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Webservice-DIC yoyaku_v41
CVE-2015-2977 (Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary  ...)
	NOT-FOR-US: Webservice-DIC yoyaku_v41
CVE-2015-2976 (Multiple cross-site scripting (XSS) vulnerabilities in Research Artisa ...)
	NOT-FOR-US: Research Artisan Lite
CVE-2015-2975 (Research Artisan Lite before 1.18 does not ensure that a user has auth ...)
	NOT-FOR-US: Research Artisan Lite
CVE-2015-2974 (LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to uplo ...)
	NOT-FOR-US: LEMON-S PHP Gazou BBS
CVE-2015-2973 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plu ...)
	NOT-FOR-US: Welcart plugin for WordPress
CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3. ...)
	NOT-FOR-US: Syshonic Thetis
CVE-2015-2971 (Directory traversal vulnerability in Seeds acmailer before 3.8.18 and  ...)
	NOT-FOR-US: Seeds acmailer
CVE-2015-2970 (index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote a ...)
	NOT-FOR-US: Oekaki BBS
CVE-2015-2969 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP S ...)
	NOT-FOR-US: Oekaki BBS
CVE-2015-2968
	RESERVED
CVE-2015-2966 (Directory traversal vulnerability in the Droidware UK Explorer+ File M ...)
	NOT-FOR-US: Droidware UK Explorer+ File Manager application for Android
CVE-2015-2965 (Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 an ...)
	NOT-FOR-US: osCommerce Japanese
CVE-2015-2964 (NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass sign ...)
	NOT-FOR-US: NAMSHI | JOSE
CVE-2015-2963 (The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider t ...)
	NOT-FOR-US: thoughtbot paperclip gem for ruby
CVE-2015-2962 (CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to ...)
	NOT-FOR-US: CGI RESCUE BloBee
CVE-2015-2961 (Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyz ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2960 (Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer buil ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2959 (Zoho NetFlow Analyzer build 10250 and earlier does not check for admin ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2958 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earl ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2957 (Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.9 ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2956 (SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2955 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earl ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2954 (Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Li ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2953 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earl ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2952 (The user-information management functionality in Igreks MilkyStep Ligh ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2951 (JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signat ...)
	NOT-FOR-US: PHP JWT aibrary
CVE-2015-2950 (Directory traversal vulnerability in the Brandon Bowles Open Explorer  ...)
	NOT-FOR-US: Brandon Bowles Open Explorer application for Android
CVE-2015-2949 (Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earli ...)
	NOT-FOR-US: ZenPhoto20
CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in Zen ...)
	NOT-FOR-US: Zenphoto
CVE-2015-2947 (KanColleViewer versions 3.8.1 and earlier operates as an open proxy wh ...)
	NOT-FOR-US: KanColleViewer
CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF common  ...)
	NOT-FOR-US: Open CAD Format Council SXF common library
CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does  ...)
	NOT-FOR-US: Hajime Fujimoto mt-phpincgi
CVE-2015-2944 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling AP ...)
	NOT-FOR-US: Apache Sling
CVE-2015-2943 (Honda Moto LINC 1.6.1 does not verify SSL certificates. ...)
	NOT-FOR-US: Honda Moto LINC
CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for URL au ...)
	{DSA-3239-1}
	- icecast2 2.4.2-1 (bug #782120)
	[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
	[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
	NOTE: https://trac.xiph.org/ticket/2191
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/8
CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem ...)
	{DSA-3237-1}
	- linux 3.14.5-1 (bug #741667)
	- linux-2.6 <not-affected> (Introduced in 3.6)
	NOTE: http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279 (v3.15-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b423f6a40a0327f9d40bc8b97ce9be266f74368 (v3.6-rc5)
	NOTE: Introduced in 3.2.x in https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?id=cc1b75d796ad050c83c95733c4220aaa04fa1304 (v3.2.33)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/1
CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen mac ...)
	{DSA-3224-1 DLA-199-1}
	- libx11 2:1.6.0-1
	NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/4
	NOTE: The following packages will be recompiled after the release of
	NOTE: the DSA for wheezy and the DLA for squeeze:
	NOTE: libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1)
	NOTE: libxi (TBD / 1.3-8+build1)
	NOTE: libxfixes (TBD / 4.0.5-1+squeeze1+build1)
	NOTE: libxrandr (TBD / 1.3.0-3+squeeze1+build1)
	NOTE: libsdl1.2 (TBD / 1.2.14-6.1+build1)
	NOTE: libxv (TBD / 1.0.5-1+squeeze1+build1)
	NOTE: libxp (TBD / 1.0.0.xsf1-2+squeeze1+build1)
	NOTE: libxext (TBD / 1.1.2-1+squeeze1+build1)
	NOTE: xserver-xorg-video-vmware (TBD / 11.0.1-2+build1)
	NOTE: cairo (TBD / 1.8.10-6+build1)
	NOTE: open-vm-tools (TBD / 8.4.2-261024-1+build1)
	NOTE: wine-gecko-1.4 (wheezy)
	NOTE: list completed by analyzing http://codesearch.debian.net/results/SetReqLen and http://codesearch.debian.net/results/MakeBigReq
CVE-2015-3030 (The web interface in McAfee Advanced Threat Defense (MATD) before 3.4. ...)
	NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-3029 (The web interface in McAfee Advanced Threat Defense (MATD) before 3.4. ...)
	NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-3028 (McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote au ...)
	NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-2930
	RESERVED
CVE-2015-2926 (Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc. ...)
	NOT-FOR-US: phpTrafficA
CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveA ...)
	- hhvm 3.11.0+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
CVE-2015-3406 (The PGP signature parsing in Module::Signature before 0.74 allows remo ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3407 (Module::Signature before 0.74 allows remote attackers to bypass signat ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: libtest-signature-perl needed to be updated
CVE-2015-3408 (Module::Signature before 0.74 allows remote attackers to execute arbit ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3409 (Untrusted search path vulnerability in Module::Signature before 0.75 a ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-2921
	RESERVED
CVE-2015-2920
	RESERVED
CVE-2015-2919
	RESERVED
CVE-2015-2918 (The Studio component in OrientDB Server Community Edition before 2.0.1 ...)
	NOT-FOR-US: OrientDB
CVE-2015-2917 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 an ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2916 (Cross-site request forgery (CSRF) vulnerability on Securifi Almond dev ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2915 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 an ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2914 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 an ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2913 (server/network/protocol/http/OHttpSessionManager.java in the Studio co ...)
	NOT-FOR-US: OrientDB
CVE-2015-2912 (The JSONP endpoint in the Studio component in OrientDB Server Communit ...)
	NOT-FOR-US: OrientDB
CVE-2015-2911
	RESERVED
CVE-2015-2910
	RESERVED
CVE-2015-2909 (Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 dev ...)
	NOT-FOR-US: Dedicated Micros DVR products
CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
	NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
	NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2906 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...)
	NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2905 (Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN m ...)
	NOT-FOR-US: Actiontec
CVE-2015-2904 (Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardco ...)
	NOT-FOR-US: Actiontec
CVE-2015-2903 (The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 ha ...)
	NOT-FOR-US: HP ArcSight
CVE-2015-2902 (HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certifica ...)
	NOT-FOR-US: HP ArcSight
CVE-2015-2901 (Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.2 ...)
	NOT-FOR-US: Medicomp
CVE-2015-2900 (The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine ...)
	NOT-FOR-US: Medicomp
CVE-2015-2899 (Heap-based buffer overflow in the QualifierList retrieve_qualifier_lis ...)
	NOT-FOR-US: Medicomp
CVE-2015-2898 (Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before ...)
	NOT-FOR-US: Medicomp
CVE-2015-2897 (Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices h ...)
	NOT-FOR-US: Sierra Wireless ALEOS
CVE-2015-2896 (The up.time client in Idera Uptime Infrastructure Monitor through 7.6  ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-2895 (Buffer overflow in the up.time client in Idera Uptime Infrastructure M ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-2894 (Format string vulnerability in the up.time client in Idera Uptime Infr ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-2893
	RESERVED
CVE-2015-2892
	RESERVED
CVE-2015-2891
	RESERVED
CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile W ...)
	NOT-FOR-US: BIOS implementations on Dell hardware with model-dependent firmware
CVE-2015-2889 (Summer Baby Zoom Wifi Monitor &amp; Internet Viewing System allows rem ...)
	NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
CVE-2015-2888 (Summer Baby Zoom Wifi Monitor &amp; Internet Viewing System allows rem ...)
	NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
CVE-2015-2887 (iBaby M3S has a password of admin for the backdoor admin account. ...)
	NOT-FOR-US: iBaby M3S
CVE-2015-2886 (iBaby M6 allows remote attackers to obtain sensitive information, rela ...)
	NOT-FOR-US: iBaby M6
CVE-2015-2885 (Lens Peek-a-View has a password of 2601hx for the backdoor admin accou ...)
	NOT-FOR-US: Lens Peek-a-View
CVE-2015-2884 (Philips In.Sight B120/37 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Philips In.Sight B120/37
CVE-2015-2883 (Philips In.Sight B120/37 has XSS, related to the Weaved cloud web serv ...)
	NOT-FOR-US: Philips In.Sight B120/37
CVE-2015-2882 (Philips In.Sight B120/37 has a password of b120root for the backdoor r ...)
	NOT-FOR-US: Philips In.Sight B120/37
CVE-2015-2881 (Gynoii has a password of guest for the backdoor guest account and a pa ...)
	NOT-FOR-US: Gynoii
CVE-2015-2880 (TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the bac ...)
	NOT-FOR-US: TRENDnet WiFi Baby Cam TV-IP743SIC
CVE-2015-2879
	RESERVED
CVE-2015-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis Ha ...)
	NOT-FOR-US: Hexis HawkEye
CVE-2015-2877 (** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.3 ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
	NOTE: http://www.antoniobarresi.com/security/cloud/2015/07/30/cain/
	NOTE: Architectual limitation, workaround exists
CVE-2015-2876 (Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Se ...)
	NOT-FOR-US: Seagate GoFlex
CVE-2015-2875 (Absolute path traversal vulnerability on Seagate GoFlex Satellite, Sea ...)
	NOT-FOR-US: Seagate GoFlex
CVE-2015-2874 (Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wir ...)
	NOT-FOR-US: Seagate GoFlex
CVE-2015-2873 (Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat ap ...)
	NOT-FOR-US: Trend Micro
CVE-2015-2872 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Dee ...)
	NOT-FOR-US: Trend Micro
CVE-2015-2871 (Chiyu BF-660C fingerprint access-control devices allow remote attacker ...)
	NOT-FOR-US: Chiyu BF-660C fingerprint access-control devices
CVE-2015-2870 (Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and ...)
	NOT-FOR-US: Chiyu fingerprint access-control devices
CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander allows rem ...)
	NOT-FOR-US: Ghisler Total Commander
CVE-2015-2868 (An exploitable remote code execution vulnerability exists in the Trane ...)
	NOT-FOR-US: Trane
CVE-2015-2867 (A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 s ...)
	NOT-FOR-US: Trane
CVE-2015-2866 (SQL injection vulnerability on the Grandstream GXV3611_HD camera with  ...)
	NOT-FOR-US: Grandstream camera
CVE-2015-2865
	REJECTED
CVE-2015-2864 (Retrospect and Retrospect Client before 10.0.2.119 on Windows, before  ...)
	NOT-FOR-US: Retrospect Client
CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator (VS ...)
	NOT-FOR-US: Kaseya VSA
CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...)
	NOT-FOR-US: Kaseya VSA
CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2015-2860 (Directory traversal vulnerability in Avigilon Control Center (ACC) 4 b ...)
	NOT-FOR-US: Avigilon Control Center
CVE-2015-2859 (Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x thro ...)
	NOT-FOR-US: Intel McAfee ePolicy Orchestrator
CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows remote attac ...)
	NOT-FOR-US: Datalex airline booking software
CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows remote at ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2015-2856 (Directory traversal vulnerability in the template function in function ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV180 ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2854 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV180 ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2853 (Session fixation vulnerability in the WebUI component in Blue Coat SSL ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2852 (Cross-site request forgery (CSRF) vulnerability in the WebUI component ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station 1.1-2291 thr ...)
	NOT-FOR-US: Synology Cloud Station
CVE-2015-2850 (Cross-site scripting (XSS) vulnerability in index-login.ant in the ANT ...)
	NOT-FOR-US: ANTlabs
CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate firmwar ...)
	NOT-FOR-US: ANTlabs
CVE-2015-2848 (Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo To ...)
	NOT-FOR-US: Honeywell Tuxedo Touch
CVE-2015-2847 (Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authen ...)
	NOT-FOR-US: Honeywell Tuxedo Touch
CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands  ...)
	- btsync <itp> (bug #706639)
CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3 ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3 ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in the aud ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in help/rt/large_search.html  ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an inc ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2929 (The Hidden Service (HS) client implementation in Tor before 0.2.4.27,  ...)
	{DSA-3216-1 DLA-187-1}
	- tor 0.2.5.12-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/15601
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2928 (The Hidden Service (HS) server implementation in Tor before 0.2.4.27,  ...)
	{DSA-3216-1 DLA-187-1}
	- tor 0.2.5.12-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/15600
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2837
	RESERVED
CVE-2015-2836
	RESERVED
CVE-2015-2835
	RESERVED
CVE-2015-2834
	RESERVED
CVE-2015-2833
	RESERVED
CVE-2015-2832
	RESERVED
CVE-2015-2927 (node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause ...)
	- node <removed> (bug #777013)
	[jessie] - node <no-dsa> (Minor issue)
	[squeeze] - node <no-dsa> (Minor issue)
	[wheezy] - node <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/03/10
CVE-2015-XXXX [caja automounts USB flash drives and CD/DVD drives while session is locked]
	- caja 1.8.2-4 (bug #781608)
	[jessie] - caja 1.8.2-3+deb8u1
	NOTE: https://github.com/mate-desktop/caja/issues/398
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
CVE-2015-3013 (ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5  ...)
	{DSA-3244-1}
	[experimental] - owncloud 7.0.5+dfsg-1
	- owncloud 7.0.4+dfsg-3
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-004
CVE-2015-3012 (Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0 ...)
	{DSA-3244-1}
	[experimental] - owncloud 7.0.5+dfsg-1
	- owncloud 7.0.4+dfsg-3
	- owncloud-documents <not-affected> (Fixed before initial release to Debian)
	- webodf <itp> (bug #727529)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-002
CVE-2015-3011 (Multiple cross-site scripting (XSS) vulnerabilities in the contacts ap ...)
	{DSA-3244-1}
	[experimental] - owncloud 7.0.5+dfsg-1
	- owncloud 7.0.4+dfsg-3
	- ownclound-contacts <itp> (bug #779055)
	NOTE: owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-001
CVE-2015-8855 (The semver package before 4.3.2 for Node.js allows attackers to cause  ...)
	- node-semver 5.3.0-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/semver_redos
	NOTE: https://github.com/npm/npm/releases/tag/v2.7.5
	NOTE: libv8 is not covered by security support
CVE-2015-2925 (The prepend_path function in fs/dcache.c in the Linux kernel before 4. ...)
	{DLA-325-1}
	- linux 4.2.1-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u4
	[wheezy] - linux 3.2.68-1+deb7u5
	- linux-2.6 <removed>
	NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29173
	NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29177
CVE-2015-2924 (The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Disco ...)
	- network-manager 1.0.2-1 (bug #783295)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	[squeeze] - network-manager <no-dsa> (Minor issue)
CVE-2015-2923 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	{DSA-3175-2}
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-4 (bug #782107)
	[jessie] - kfreebsd-10 <no-dsa> (kfreebsd not a release arch)
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html
CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbo ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
CVE-2015-2829 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2015-2828 (CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate  ...)
	NOT-FOR-US: CA Spectrum
CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3. ...)
	NOT-FOR-US: CA Spectrum
CVE-2015-2826 (WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote at ...)
	NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2825 (Unrestricted file upload vulnerability in sam-ajax-admin.php in the Si ...)
	NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2824 (Multiple SQL injection vulnerabilities in the Simple Ads Manager plugi ...)
	NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2823 (Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Port ...)
	NOT-FOR-US: Siemens
CVE-2015-2822 (Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Up ...)
	NOT-FOR-US: Siemens
CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote edi ...)
	NOT-FOR-US: TYPO3 Neos
CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote a ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-2819 (SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a d ...)
	NOT-FOR-US: SAP Sybase SQL Anywhere
CVE-2015-2818 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allow ...)
	NOT-FOR-US: SAP Mobile Platform
CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote attacke ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2015-2816 (The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict acc ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatche ...)
	NOT-FOR-US: NetWeaver Dispatcher in SAP KERNEL
CVE-2015-2814 (SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task T ...)
	NOT-FOR-US: SAP EMR Unwired and Clinical Task Tracker
CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows  ...)
	NOT-FOR-US: SAP Mobile Platform
CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in S ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetW ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not  ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
	- pyjwt 1.3.0-1 (bug #781640)
	[jessie] - pyjwt 0.2.1-1+deb8u1
	NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/4
	NOTE: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
	NOTE: ruby-jwt not directly affected, see https://github.com/jwt/ruby-jwt/issues/76
CVE-2015-2810 (Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Off ...)
	NOT-FOR-US: Hancom Office Hwp
CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DS ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does  ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	NOTE: This CVE is specific to the design of the RC4 protocol and not to its
	NOTE: implementations.
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2807 (Cross-site scripting (XSS) vulnerability in js/window.php in the Navis ...)
	NOT-FOR-US: Navis DocumentCloud plugin for WordPress
CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execute ar ...)
	{DSA-3221-1 DLA-194-1}
	- das-watchdog 0.9.0-3.1 (bug #781806)
	NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
CVE-2015-2805 (Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa ...)
	NOT-FOR-US: Alcatel-Lucent OmniSwitch
CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250,  ...)
	NOT-FOR-US: Alcatel-Lucent OmniSwitch
CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager (s ...)
	NOT-FOR-US: TYPO3 extension sb_akronymmanager
CVE-2015-2802 (An Information Disclosure vulnerability exists in HP SiteScope 11.2 an ...)
	NOT-FOR-US: HP SiteScope
CVE-2015-2801
	RESERVED
CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, S5300, ...)
	NOT-FOR-US: Huawei
CVE-2015-2799
	RESERVED
CVE-2015-2798 (SQL injection vulnerability in Joomla! Component Contact Form Maker 1. ...)
	NOT-FOR-US: Joomla! extension
CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5 ...)
	NOT-FOR-US: AirTies Air DSL modems
CVE-2015-2796 (Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier Pr ...)
	NOT-FOR-US: Project-Pier ProjectPier-Core
CVE-2015-2795
	RESERVED
CVE-2015-2794 (The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote ...)
	NOT-FOR-US: DotNetNuke
CVE-2015-2792 (The WPML plugin before 3.1.9 for WordPress does not properly handle mu ...)
	NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2791 (The "menu sync" function in the WPML plugin before 3.1.9 for WordPress ...)
	NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2790 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remot ...)
	NOT-FOR-US: Foxit Reader, Enterprise Reader, and PhantomPDF
CVE-2015-2789 (Unquoted Windows search path vulnerability in the Foxit Cloud Safe Upd ...)
	NOT-FOR-US: Foxit Reader
CVE-2015-XXXX [xdeb: disables apt's signature checks]
	- xdeb 0.6.7 (bug #781595)
	[wheezy] - xdeb <no-dsa> (Minor issue)
CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.php i ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x b ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in MediaWik ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24,  ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension fo ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser exten ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2941 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24,  ...)
	- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
	NOTE: HHVM not packaged in Debian
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
	- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
	NOTE: HHVM not packaged in Debian
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...)
	NOT-FOR-US: MyBB
CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...)
	NOT-FOR-US: papercrop Ruby gem
CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ...)
	{DSA-3280-1 DLA-212-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69324
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
	NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi i ...)
	NOT-FOR-US: Hotspot Express hotEx Billing Manager
CVE-2015-2780 (Unrestricted file upload vulnerability in Berta CMS allows remote atta ...)
	NOT-FOR-US: Berta CMS
CVE-2015-2777
	RESERVED
CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, when n ...)
	{DSA-3214-1 DLA-186-1}
	- mailman 1:2.1.18-2 (bug #781626)
	NOTE: https://bugs.launchpad.net/mailman/+bug/1437145
	NOTE: https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
CVE-2015-2773 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows attacke ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2772 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows attacke ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2771 (The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances be ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL and V-Series appliances
CVE-2015-2770 (Cross-site request forgery (CSRF) vulnerability in the command line pa ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2769 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pers ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2768 (Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL b ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2767 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2766 (The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8. ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2765 (The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 al ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2764 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
	NOT-FOR-US: Websense TRITON AP-DATA
CVE-2015-2763 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2762 (Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumera ...)
	NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2761 (Cross-site scripting (XSS) vulnerability in the Exceptions and Scannin ...)
	NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2760 (Cross-site scripting (XSS) vulnerability in the ePO extension in McAfe ...)
	NOT-FOR-US: McAfee
CVE-2015-2759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO  ...)
	NOT-FOR-US: McAfee
CVE-2015-2758 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) befor ...)
	NOT-FOR-US: McAfee
CVE-2015-2757 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) befor ...)
	NOT-FOR-US: McAfee
CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 b ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...)
	NOT-FOR-US: pbm2l2030
	NOTE: http://www.openprinting.org/driver/pbm2l2030/ (typo in the official CVE description)
CVE-2015-XXXX [crashes found with afl]
	- hp2xx 3.4.4-10 (low)
	[wheezy] - hp2xx 3.4.4-8+deb7u1
	[squeeze] - hp2xx <no-dsa> (Minor issue)
CVE-2015-2793 (Cross-site scripting (XSS) vulnerability in templates/openid-selector. ...)
	- ikiwiki 3.20141016.2 (bug #781483)
	[wheezy] - ikiwiki 3.20120629.2
	[squeeze] - ikiwiki <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/5
CVE-2015-2806 (Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4. ...)
	{DSA-3220-1 DLA-195-1}
	[experimental] - libtasn1-6 4.4-1
	- libtasn1-6 4.2-3
	- libtasn1-3 <removed>
	NOTE: https://gitlab.com/gnutls/libtasn1/commit/4d4f992826a4962790ecd0cce6fbba4a415ce149
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/4
	NOTE: Only in the asn1 definition parser, not in the asn1 parser itself
	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server) 2.9. ...)
	{DSA-3271-1}
	- nbd 1:3.4-1 (bug #781547)
	[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/19/6
CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ex ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.7+dfsg-1
	NOTE: https://bugs.php.net/68976
CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote atta ...)
	{DSA-3213-1 DLA-188-1}
	- arj 3.10.22-13 (bug #774015)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict a ...)
	{DSA-3259-1 DLA-479-1}
	- xen 4.2.0~rc2-1 (bug #781620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	- qemu 1:2.3+dfsg-3
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://xenbits.xen.org/xsa/advisory-126.html
CVE-2015-2755 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AB G ...)
	NOT-FOR-US: AB Google Map Travel (AB-MAP) plugin for WordPress
CVE-2015-2752 (The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, wh ...)
	{DLA-479-1}
	- xen 4.4.1-9 (bug #781620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-125.html
CVE-2015-2751 (Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allo ...)
	- xen 4.4.1-9 (bug #781620)
	[wheezy] - xen <not-affected> (Affected functionality introduced in 4.2)
	[squeeze] - xen <not-affected> (Affected functionality introduced in 4.2)
	NOTE: http://xenbits.xen.org/xsa/advisory-127.html
CVE-2015-2748 (Websense TRITON AP-WEB before 8.0.0 does not properly restrict access  ...)
	NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2747 (Multiple cross-site scripting (XSS) vulnerabilities in the data loss p ...)
	NOT-FOR-US: Websense Triton
CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the Appliance Man ...)
	NOT-FOR-US: Websense TRITON
CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote Manag ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-2774 (Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes w ...)
	- erlang 1:17.3-dfsg-4 (low; bug #781839)
	[squeeze] - erlang <no-dsa> (Minor issue)
	[wheezy] - erlang <no-dsa> (Minor issue)
	NOTE: http://www.erlang.org/news/85
	NOTE: CVE about "ssl: ... added padding check for TLS-1.0 due to the Poodle vulnerability."
	NOTE: https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c
CVE-2015-2745 (Multiple cross-site scripting (XSS) vulnerabilities in the Search app  ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-2744 (Cross-site scripting (XSS) vulnerability in the Search app in Gaia in  ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-2743 (PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 ...)
	{DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
CVE-2015-2742 (Mozilla Firefox before 39.0 on OS X includes native key press informat ...)
	- iceweasel <not-affected> (OS X specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/
CVE-2015-2741 (Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunder ...)
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	[jessie] - icedove <not-affected> (Only affects Thunderbird 38 and later)
	[wheezy] - icedove <not-affected> (Only affects Thunderbird 38 and later)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/
CVE-2015-2740 (Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2739 (The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0 ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2738 (The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YC ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2737 (The rx::d3d11::SetBufferData function in the Direct3D 11 implementatio ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2736 (The nsZipArchive::BuildFileList function in Mozilla Firefox before 39. ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2735 (nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x befo ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2734 (The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D  ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2733 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
CVE-2015-2732
	RESERVED
CVE-2015-2731 (Use-after-free vulnerability in the CSPService::ShouldLoad function in ...)
	{DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[jessie] - icedove <not-affected> (Does not affect 31.x ESR Thunderbird)
	[wheezy] - icedove <not-affected> (Does not affect 31.x ESR Thunderbird)
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
CVE-2015-2730 (Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozi ...)
	{DSA-3336-1 DLA-315-1}
	- nss 2:3.19.1-1
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
	NOTE: https://hg.mozilla.org/projects/nss/rev/fc6870938172
	NOTE: https://hg.mozilla.org/projects/nss/rev/2c05e861ce07
CVE-2015-2729 (The AudioParamTimeline::AudioNodeInputValue function in the Web Audio  ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/
CVE-2015-2728 (The IndexedDatabaseManager class in the IndexedDB implementation in Mo ...)
	{DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
CVE-2015-2727 (Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote a ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/
CVE-2015-2726 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 39)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 39)
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	[jessie] - icedove <not-affected> (Only affects Icedove 39)
	[wheezy] - icedove <not-affected> (Only affects Icedove 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
CVE-2015-2725 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	[jessie] - icedove <not-affected> (Only affects Icedove 38 and later)
	[wheezy] - icedove <not-affected> (Only affects Icedove 38 and later)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
CVE-2015-2724 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
CVE-2015-2723
	REJECTED
CVE-2015-2722 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
CVE-2015-2721 (Mozilla Network Security Services (NSS) before 3.19, as used in Mozill ...)
	{DSA-3336-1 DSA-3324-1 DSA-3300-1 DLA-315-1}
	- nss 2:3.19.1-1
	NOTE: NSS patch: https://hg.mozilla.org/projects/nss/rev/6b4770c76bc8
	NOTE: NSS testcase: https://hg.mozilla.org/projects/nss/rev/1865635f5df5
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/
CVE-2015-2720 (The update implementation in Mozilla Firefox before 38.0 on Windows do ...)
	- iceweasel <not-affected> (Only affects Windows)
CVE-2015-2719
	RESERVED
CVE-2015-2718 (The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2717 (Integer overflow in libstagefright in Mozilla Firefox before 38.0 allo ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2716 (Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Fire ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/
CVE-2015-2715 (Race condition in the nsThreadManager::RegisterCurrentThread function  ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2714 (Mozilla Firefox before 38.0 on Android does not properly restrict writ ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2015-2713 (Use-after-free vulnerability in the SetBreaks function in Mozilla Fire ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/
CVE-2015-2712 (The asm.js implementation in Mozilla Firefox before 38.0 does not prop ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2711 (Mozilla Firefox before 38.0 does not recognize a referrer policy deliv ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2710 (Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefo ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/
CVE-2015-2709 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
CVE-2015-2708 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
CVE-2015-2707
	RESERVED
CVE-2015-2706 (Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent functio ...)
	[experimental] - iceweasel 37.0.2-1
	- iceweasel <not-affected> (Only affects 37.x series)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/
CVE-2015-2705
	RESERVED
CVE-2015-2703 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
	NOT-FOR-US: Websense
CVE-2015-2702 (Cross-site scripting (XSS) vulnerability in the Message Log in the Ema ...)
	NOT-FOR-US: Websense
CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allow ...)
	NOT-FOR-US: CS-Cart
CVE-2014-9713 (The default slapd configuration in the Debian openldap package 2.4.23- ...)
	{DSA-3209-1 DLA-203-1}
	- openldap 2.4.40-2 (bug #761406)
CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the Investigati ...)
	NOT-FOR-US: Websense
CVE-2015-2700
	RESERVED
CVE-2015-2699
	RESERVED
CVE-2015-2698 (The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c ...)
	- krb5 1.13.2+dfsg-4
	[jessie] - krb5 <not-affected> (Only affected when applying original patch for CVE-2015-2696 only)
	[wheezy] - krb5 <not-affected> (Only affected when applying original patch for CVE-2015-2696 only)
	[squeeze] - krb5 <not-affected> (Vulnerable code not present)
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273
	NOTE: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
CVE-2015-2697 (The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Ker ...)
	{DSA-3395-2 DSA-3395-1 DLA-340-1}
	- krb5 1.13.2+dfsg-3 (bug #803088)
	NOTE: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
CVE-2015-2696 (lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 reli ...)
	{DSA-3395-1}
	- krb5 1.13.2+dfsg-3 (bug #803084)
	[squeeze] - krb5 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
CVE-2015-2695 (lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1. ...)
	{DSA-3395-1 DLA-340-1}
	- krb5 1.13.2+dfsg-3 (bug #803083)
	NOTE: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
CVE-2015-2694 (The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x  ...)
	- krb5 1.12.1+dfsg-20 (bug #783557)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	[wheezy] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
	[squeeze] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604
	NOTE: wheezy marked as no-dsa since OTP plugin not present. But the issue
	NOTE: might affect any out-of-tree plugins with similar bug as the OTP
	NOTE: has. Thus basicaly only krb5/1.12 is affected.
CVE-2015-2693
	RESERVED
CVE-2015-2692 (AdBlock before 2.21 allows remote attackers to block arbitrary resourc ...)
	NOT-FOR-US: AdBlock
CVE-2015-2691
	RESERVED
CVE-2015-2690 (Multiple cross-site scripting (XSS) vulnerabilities in views/add-licen ...)
	NOT-FOR-US: Digium Addons module for FreePBX
CVE-2015-2704 (realmd allows remote attackers to inject arbitrary configurations in t ...)
	- realmd 0.16.0-1 (bug #781179)
	[jessie] - realmd <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote attackers ...)
	{DSA-3208-1}
	[experimental] - freexl 1.0.1-1~exp1
	- freexl 1.0.0g-1+deb8u1 (bug #781228)
	NOTE: Reproducer: https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0
CVE-2015-2754 (FreeXL before 1.0.0i allows remote attackers to cause a denial of serv ...)
	{DSA-3208-1}
	[experimental] - freexl 1.0.1-1~exp1
	- freexl 1.0.0g-1+deb8u1 (bug #781228)
	NOTE: Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0
CVE-2015-2753 (FreeXL before 1.0.0i allows remote attackers to cause a denial of serv ...)
	{DSA-3208-1}
	[experimental] - freexl 1.0.1-1~exp1
	- freexl 1.0.0g-1+deb8u1 (bug #781228)
	NOTE: Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0
CVE-2015-2685
	RESERVED
CVE-2015-2683 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7  ...)
	NOT-FOR-US: Citrix Command Center
CVE-2015-2682 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7  ...)
	NOT-FOR-US: Citrix Command Center
CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 ...)
	NOT-FOR-US: Asus
CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2679 (Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0 ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2678 (Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix Geni ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before ...)
	- ocportal <itp> (bug #625865)
CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 rou ...)
	NOT-FOR-US: Asus
CVE-2015-2689 (Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly hand ...)
	{DSA-3203-1 DLA-178-1}
	- tor 0.2.5.11-1
	NOTE: https://bugs.torproject.org/14129
CVE-2015-2688 (buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not ...)
	{DSA-3203-1 DLA-178-1}
	- tor 0.2.5.11-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/15083
CVE-2015-2687 (OpenStack Compute (nova) Icehouse, Juno and Havana when live migration ...)
	- nova 2014.1-1
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: This is no longer a security issue starting with icehouse, so marking 2014.1 as fixed
	NOTE: https://bugs.launchpad.net/nova/+bug/1419577
CVE-2015-2673 (The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in  ...)
	NOT-FOR-US: WP EasyCart plugin for Wordpress
CVE-2015-2671
	RESERVED
CVE-2015-2670
	REJECTED
CVE-2015-2669
	RESERVED
CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of serv ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
CVE-2015-2667 (Untrusted search path vulnerability in GNS3 1.2.3 allows local users t ...)
	- gns3 <not-affected> (Windows specific)
CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	NOTE: http://www.fortiguard.com/advisory/FG-VD-15-017/
	NOTE: http://bugs.cacti.net/view.php?id=2542 (bug is not yet accessible)
	NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8d/graphs.php?r1=7716&r2=7717&view=patch
CVE-2015-2664 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-2663 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2662 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Solaris DHCP (dhcpagent)
CVE-2015-2661 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2660 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2659 (Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded  ...)
	- openjdk-6 <not-affected> (Only affects Java 8)
	- openjdk-7 <not-affected> (Only affects Java 8)
	- openjdk-8 8u66-b01-1
CVE-2015-2658 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2657 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2656 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2655 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2654 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2653 (Unspecified vulnerability in the Oracle Commerce Guided Search / Oracl ...)
	NOT-FOR-US: Oracle Commerce
CVE-2015-2652 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2651 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Solaris Virtualized NIC Driver
CVE-2015-2650 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2649 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Seibel CRM
CVE-2015-2648 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier an ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2647 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...)
	NOT-FOR-US: Oracle Database
CVE-2015-2646 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...)
	NOT-FOR-US: Oracle Database
CVE-2015-2645 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2644 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2643 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier an ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2642 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2641 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2640 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2639 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2638 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-2637 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-2636 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2635 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2634 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2633 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allow ...)
	{DSA-3725-1 DSA-3339-1 DSA-3316-1 DLA-545-1 DLA-381-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
	- icu 55.1-7
	NOTE: http://bugs.icu-project.org/trac/ticket/11865 (not yet public)
CVE-2015-2631 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Solaris (rmformat)
CVE-2015-2630 (Unspecified vulnerability in the Technology stack component in Oracle  ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2629 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and  ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2627 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allow ...)
	- openjdk-6 <not-affected> (Specific to Java client installer)
	- openjdk-7 <not-affected> (Specific to Java client installer)
	- openjdk-8 <not-affected> (Specific to Java client installer)
CVE-2015-2626 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRoc ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2624 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2623 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and  ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2620 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier an ...)
	{DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	[jessie] - mariadb-10.0 10.0.20-0+deb8u1
	NOTE: Possibly related to https://github.com/mysql/mysql-server/commit/fdae90dd
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2619 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2. ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2015-2618 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2617 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2616 (Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows loc ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2615 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Solaris (NVM Express Driver)
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE ...)
	{DSA-3339-1 DSA-3316-1}
	- openjdk-6 <not-affected> (Does not apply to OpenJDK 6.x, only 7.x and 8.x)
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-2612 (Unspecified vulnerability in the Siebel Core - Server OM Svcs componen ...)
	NOT-FOR-US: Oracle Seibel CMS
CVE-2015-2611 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier al ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2610 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2609 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Solaris (performance counters)
CVE-2015-2608 (Unspecified vulnerability in (1) the Oracle Communications Diameter Si ...)
	NOT-FOR-US: Oracle Communications Applications
CVE-2015-2607 (Unspecified vulnerability in the Oracle Commerce Guided Search / Oracl ...)
	NOT-FOR-US: Oracle Commerce
CVE-2015-2606 (Unspecified vulnerability in the Oracle Endeca Information Discovery S ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2605 (Unspecified vulnerability in the Oracle Endeca Information Discovery S ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2604 (Unspecified vulnerability in the Oracle Endeca Information Discovery S ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2603 (Unspecified vulnerability in the Oracle Endeca Information Discovery S ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2602 (Unspecified vulnerability in the Oracle Endeca Information Discovery S ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRoc ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-2600 (Unspecified vulnerability in the Siebel Core - Server OM Svcs componen ...)
	NOT-FOR-US: Oracle Siebel CMS
CVE-2015-2599 (Unspecified vulnerability in the RDBMS Scheduler component in Oracle D ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2598 (Unspecified vulnerability in the mobile app in Oracle Business Intelli ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2597 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 <not-affected> (Specific to MacOS X)
	- openjdk-8 <not-affected> (Specific to MacOS X)
CVE-2015-2596 (Unspecified vulnerability in Oracle Java SE 7u80 allows remote attacke ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2015-2595 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2594 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3359-1 DLA-313-1}
	- virtualbox 4.3.30-dfsg-1 (bug #792446)
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Bridged networking over wifi is unlikely to be used in production and vulnerability is not a remote one)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
	NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi."
CVE-2015-2593 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2592 (Unspecified vulnerability in the Hyperion Enterprise Performance Manag ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enterprise Portal - Intera ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and  ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2589 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2015-2588 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2587 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CMS
CVE-2015-2586 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2585 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2584 (Unspecified vulnerability in the Hyperion Enterprise Performance Manag ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2015-2583 (Unspecified vulnerability in the Data Store component in Oracle Berkel ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier an ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2581 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2015-2580 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2579 (Unspecified vulnerability in the Oracle Health Sciences Argus Safety c ...)
	NOT-FOR-US: Oracle
CVE-2015-2578 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote att ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2577 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2576 (Unspecified vulnerability in the MySQL Utilities component in Oracle M ...)
	NOT-FOR-US: MySQL Utilities component of MySQL on Windows
CVE-2015-2575 (Unspecified vulnerability in the MySQL Connectors component in Oracle  ...)
	{DSA-3621-1 DLA-526-1}
	- mysql-connector-java 5.1.37-1
CVE-2015-2574 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2573 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2572 (Unspecified vulnerability in the Oracle Hyperion Smart View for Office ...)
	NOT-FOR-US: Oracle
CVE-2015-2571 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2570 (Unspecified vulnerability in the Oracle Demand Planning component in O ...)
	NOT-FOR-US: Oracle
CVE-2015-2569
	REJECTED
CVE-2015-2568 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2567 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2566 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2565 (Unspecified vulnerability in the Oracle Installed Base component in Or ...)
	NOT-FOR-US: Oracle
CVE-2015-2564 (SQL injection vulnerability in client-edit.php in ProjectSend (formerl ...)
	NOT-FOR-US: ProjectSend
CVE-2015-2563 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9. ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2015-2562 (Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD  ...)
	NOT-FOR-US: Joomla component com_ecommercewd
CVE-2015-2561
	RESERVED
CVE-2015-2560 (Manage Engine Desktop Central 9 before build 90135 allows remote attac ...)
	NOT-FOR-US: Manage Engine Desktop Central
CVE-2015-2558 (Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 S ...)
	NOT-FOR-US: Microsoft
CVE-2015-2557 (Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-2556 (The InfoPath Forms Services component in Microsoft SharePoint Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-2555 (Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 S ...)
	NOT-FOR-US: Microsoft
CVE-2015-2554 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2553 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2552 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2551
	REJECTED
CVE-2015-2550 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2549 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2548 (Use-after-free vulnerability in the Tablet Input Band in Windows Shell ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2547
	REJECTED
CVE-2015-2546 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2545 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows  ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2544 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft OWA
CVE-2015-2543 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft OWA
CVE-2015-2542 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2541 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2540
	REJECTED
CVE-2015-2539
	REJECTED
CVE-2015-2538
	REJECTED
CVE-2015-2537
	REJECTED
CVE-2015-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...)
	NOT-FOR-US: Microsoft Lync
CVE-2015-2535 (Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2534 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2533
	REJECTED
CVE-2015-2532 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...)
	NOT-FOR-US: Microsoft Lync
CVE-2015-2531 (Cross-site scripting (XSS) vulnerability in the jQuery engine in Micro ...)
	NOT-FOR-US: Microsoft Lync
CVE-2015-2530 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2529 (The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2528 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2527 (The process-initialization implementation in win32k.sys in the kernel- ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2526 (Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote atta ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2525 (Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2524 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2523 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2522 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Found ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2015-2521 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2520 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2519 (Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2518 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2517 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2516 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2515 (Use-after-free vulnerability in Windows Shell in Microsoft Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2514 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2513 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2512 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2511 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2510 (Buffer overflow in the Adobe Type Manager Library in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2509 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2508 (The Adobe Type Manager Library in Microsoft Windows 10 allows local us ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2507 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2506 (atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2505 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative  ...)
	NOT-FOR-US: Microsoft Exchange
CVE-2015-2504 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, an ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2503 (Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote  ...)
	NOT-FOR-US: Microsoft
CVE-2015-2502 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2501 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2500 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2499 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2498 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2497
	REJECTED
CVE-2015-2496
	REJECTED
CVE-2015-2495
	REJECTED
CVE-2015-2494 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2493 (The (1) VBScript and (2) JScript engines in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2492 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2491 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2490 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2489 (Microsoft Internet Explorer 11 allows remote attackers to gain privile ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2488
	REJECTED
CVE-2015-2487 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2486 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2485 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2484 (Microsoft Internet Explorer 10 and 11 uses an incorrect flag during ce ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2483 (Microsoft Internet Explorer 10 and 11 allows remote attackers to obtai ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2482 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2481 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2480 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2479 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2478 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2477 (Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, a ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2476 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2475 (Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2474 (Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authentic ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2473 (Untrusted search path vulnerability in the client in Remote Desktop Pr ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2472 (Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) th ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2471 (Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which  ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2015-2470 (Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2469 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office fo ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2468 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2467 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2466 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows  ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2465 (The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2464 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2463 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2462 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2461 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2460 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2459 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2458 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2457
	REJECTED
CVE-2015-2456 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2455 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2454 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2453 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vist ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2452 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2451 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2450 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2449 (Microsoft Internet Explorer 7 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2448 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2447 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2446 (Microsoft Internet Explorer 11 and Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2445 (Microsoft Internet Explorer 10 allows remote attackers to bypass the A ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2444 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2443 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2442 (Microsoft Internet Explorer 8 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2441 (Microsoft Internet Explorer 7 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2440 (Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers  ...)
	NOT-FOR-US: Mirosoft XML Core Services
CVE-2015-2439
	REJECTED
CVE-2015-2438
	REJECTED
CVE-2015-2437
	REJECTED
CVE-2015-2436
	REJECTED
CVE-2015-2435 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2434 (Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes  ...)
	NOT-FOR-US: Mirosoft XML Core Services
CVE-2015-2433 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2432 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2431 (Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lyn ...)
	NOT-FOR-US: Mirosoft Office
CVE-2015-2430 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2429 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2428 (Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2427 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2015-2426 (Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Librar ...)
	NOT-FOR-US: Microsoft Adobe Type Manager Library
CVE-2015-2425 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2424 (Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Wor ...)
	NOT-FOR-US: Microsoft
CVE-2015-2423 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2422 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2421 (Microsoft Internet Explorer 6 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2420 (Cross-site scripting (XSS) vulnerability in Microsoft System Center 20 ...)
	NOT-FOR-US: Microsoft System Center
CVE-2015-2419 (JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attac ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2418 (Race condition in Microsoft Malicious Software Removal Tool (MSRT) bef ...)
	NOT-FOR-US: Microsoft MSRT
CVE-2015-2417 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2416 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2415 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2414 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ob ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2413 (Microsoft Internet Explorer 6 through 11 allows remote attackers to de ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2412 (Microsoft Internet Explorer 10 and 11 allows remote attackers to read  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2411 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2410 (Microsoft Internet Explorer 6 through 11 allows remote attackers to de ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2409
	REJECTED
CVE-2015-2408 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2407
	REJECTED
CVE-2015-2406 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2405
	REJECTED
CVE-2015-2404 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2403 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2402 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2401 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2400
	REJECTED
CVE-2015-2399
	REJECTED
CVE-2015-2398 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2397 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2396
	REJECTED
CVE-2015-2395
	REJECTED
CVE-2015-2394
	REJECTED
CVE-2015-2393
	REJECTED
CVE-2015-2392
	REJECTED
CVE-2015-2391 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2390 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2389 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2388 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2387 (ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2386
	REJECTED
CVE-2015-2385 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2384 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2383 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2382 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2381 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2380 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2379 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2378 (Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2377 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2376 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2375 (Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Vie ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2374 (The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2373 (The Remote Desktop Protocol (RDP) server service in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2372 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Inter ...)
	NOT-FOR-US: Microsoft VBScript
CVE-2015-2371 (The Windows Installer service in Microsoft Windows Server 2003 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2370 (The authentication implementation in the RPC subsystem in Microsoft Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2369 (Untrusted search path vulnerability in Windows Media Device Manager in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2368 (Untrusted search path vulnerability in Microsoft Windows 7 SP1, Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2367 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2366 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2365 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2364 (The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2363 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2362 (Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2361 (Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not p ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2360 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-2359 (Cross-site scripting (XSS) vulnerability in the web applications in Mi ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2015-2358
	RESERVED
CVE-2015-2357
	RESERVED
CVE-2015-2356
	RESERVED
CVE-2015-2355
	RESERVED
CVE-2015-2354
	RESERVED
CVE-2015-2353
	RESERVED
CVE-2015-2352 (The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not  ...)
	NOT-FOR-US: MyBB
CVE-2015-2351 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2015-2350 (Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5 ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2015-2349 (Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in S ...)
	NOT-FOR-US: SuperWebMailer
CVE-2014-9708 (Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attac ...)
	NOT-FOR-US: Appweb Web Server
CVE-2014-9707 (EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path se ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ensu ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <no-dsa> (btrfs in 3.2 is just a tech preview and not usable for production)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in  ...)
	{DSA-3259-1}
	- qemu 1:2.3+dfsg-1 (unimportant; bug #781250)
	[wheezy] - qemu <postponed> (Can be fixed along in later update)
	- qemu-kvm <removed> (unimportant)
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/4
	NOTE: Per maintainer not a security issue:
	NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily
	NOTE: mitigated using some kind of resource limits in security-sensitive environments,
	NOTE: and looping can trivially be done inside the virtual machine just fine, achieving
	NOTE: the same effect
CVE-2015-2686 (net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate  ...)
	- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
	- linux-2.6 <not-affected> (Introduced in 3.19, never uploaded to unstable)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
CVE-2015-XXXX [Insufficient escaping in user manager allows XSS attack]
	- dokuwiki 0.0.20140929.d-1 (bug #780817)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
CVE-2015-6674 (Buffer underflow vulnerability in the Debian inspircd package before 2 ...)
	{DSA-3226-1 DLA-276-1}
	- inspircd 2.0.16-1 (bug #780880)
	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned inte ...)
	{DSA-3226-1 DLA-276-1}
	- inspircd 2.0.16-1 (bug #780880)
	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ser ...)
	{DSA-3226-1 DLA-276-1}
	- inspircd 2.0.16-1 (bug #780880)
	NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2015-2788 (Multiple stack-based buffer overflows in the ib_fill_isqlda function i ...)
	{DSA-3219-1}
	- libdbd-firebird-perl 1.18-2 (bug #780925)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
CVE-2015-4148 (The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ...)
	{DLA-307-1}
	- php5 5.6.7+dfsg-1
	[wheezy] - php5 5.4.39-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69085
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-4147 (The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...)
	{DLA-307-1}
	- php5 5.6.7+dfsg-1
	[wheezy] - php5 5.4.39-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69085
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
	- quassel 1:0.10.0-2.3 (bug #781024)
	[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
	[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when splittin ...)
	- quassel 1:0.10.0-2.3 (bug #781024)
	[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
	[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before 0.9.9 ...)
	{DSA-3206-1}
	- dulwich 0.10.1-1 (bug #780989)
	[jessie] - dulwich 0.9.7-3
	[squeeze] - dulwich <not-affected> (Repo.checkout (later renamed to build_index_from_tree) introduced past 0.6.1)
	NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/21/1
CVE-2015-2348 (The move_uploaded_file implementation in ext/standard/basic_functions. ...)
	{DSA-3198-1 DLA-444-1}
	- php5 5.6.7+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69207
CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before  ...)
	NOT-FOR-US: Huawei SEQ Analyst
CVE-2015-2346 (XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V ...)
	NOT-FOR-US: Huawei
CVE-2015-2345
	REJECTED
CVE-2015-2344 (Cross-site scripting (XSS) vulnerability in VMware vRealize Automation ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2015-2343
	REJECTED
CVE-2015-2342 (The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 befor ...)
	NOT-FOR-US: VMware
CVE-2015-2341 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, ...)
	NOT-FOR-US: VMware
CVE-2015-2340 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11. ...)
	NOT-FOR-US: VMware
CVE-2015-2339 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11 ...)
	NOT-FOR-US: VMware
CVE-2015-2338 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11 ...)
	NOT-FOR-US: VMware
CVE-2015-2337 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11. ...)
	NOT-FOR-US: VMware
CVE-2015-2336 (TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11 ...)
	NOT-FOR-US: VMware
CVE-2015-2335 (A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remot ...)
	NOT-FOR-US: MyBB
CVE-2015-2334 (Cross-site request forgery (CSRF) vulnerability in the Admin Control P ...)
	NOT-FOR-US: MyBB
CVE-2015-2333 (Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2015-2332 (Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB
CVE-2015-2559 (Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated ...)
	{DSA-3200-1}
	- drupal7 7.32-1+deb8u2 (bug #780772)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-001
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=8e54eca05a65c6231b02510e1917af0c9191e549
CVE-2015-2750 (Open redirect vulnerability in URL-related API functions in Drupal 6.x ...)
	{DSA-3200-1}
	- drupal7 7.32-1+deb8u2 (bug #780772)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-001
	NOTE: http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93
	NOTE: http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8
CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7 ...)
	{DSA-3200-1}
	- drupal7 7.32-1+deb8u2 (bug #780772)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-001
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
	NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related  ...)
	- mongodb <removed> (unimportant)
	NOTE: CVE for bundled version of pcre3 in mongodb
	NOTE: https://jira.mongodb.org/browse/SERVER-17252
	NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3
	- pcre3 2:8.35-7.2 (low)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4
CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g&lt;-1&gt;))*/ pattern  ...)
	- mongodb <removed> (unimportant)
	NOTE: CVE for bundled version of pcre3 in mongodb
	NOTE: https://jira.mongodb.org/browse/SERVER-17252
	NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3
	- pcre3 2:8.35-7.2 (low)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/5
CVE-2015-2326 (The pcre_compile2 function in PCRE before 8.37 allows context-dependen ...)
	- pcre3 2:8.35-7.2 (bug #783285)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1592
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1529
	NOTE: Reproduced invalid read in pcre3/2:8.35-3.3
	NOTE: Issue introduced as a side effect of refactoring happened between 8.33 and 8.36
CVE-2015-2325 (The compile_branch function in PCRE before 8.37 allows context-depende ...)
	- pcre3 2:8.35-7.2 (unimportant; bug #781795)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1591
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1528
	NOTE: Reproducer leads to "Failed: internal error: previously-checked referenced subpattern not found at offset 17"
	NOTE: Upstream claims that it should though be the same bug:
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1591#c1
	NOTE: Comment from upstream: Probably every version since the support for forward referencing
	NOTE: was introduced is affected.
CVE-2015-2324 (Cross-site scripting (XSS) vulnerability in the filemanager in the Pho ...)
	NOT-FOR-US: filemanager in the Photo Gallery plugin for WordPress
CVE-2015-2323 (FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, ...)
	NOT-FOR-US: FortiOS
CVE-2015-2322
	RESERVED
CVE-2015-2321 (Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7 ...)
	NOT-FOR-US: WordPress plugin job-mnager
CVE-2015-2317 (The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1. ...)
	{DSA-3204-1 DLA-272-1}
	- python-django 1.7.7-1 (bug #780873)
	[squeeze] - python-django <no-dsa> (Minor issue, can wait next security upload)
	NOTE: https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b (1.4.x)
	NOTE: https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1 (1.7.x)
CVE-2015-2316 (The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7. ...)
	- python-django 1.7.7-1 (bug #780874)
	[wheezy] - python-django <not-affected> (vulnerable code not present)
	[squeeze] - python-django <not-affected> (vulnerable code not present)
	NOTE: https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97 (1.7.x)
CVE-2015-2315 (Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1 ...)
	NOT-FOR-US: WordPress plugin wpml
CVE-2015-2314 (SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPr ...)
	NOT-FOR-US: WordPress plugin wpml
CVE-2012-6690
	RESERVED
CVE-2015-XXXX [nasal scripts can ready any file]
	- flightgear-data 3.0.0-3 (bug #780716)
CVE-2015-XXXX [permissive file access allowed from nasal]
	- flightgear 3.0.0-5 (bug #780712)
	[squeeze] - flightgear 1.9.1-1.1+deb6u11
	NOTE: workaround entry for DLA 318-1 until/if CVE assigned
CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode functi ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <not-affected> (Introduced in 3.9)
	- linux-2.6 <not-affected> (Introduced in 3.9)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 (v4.0-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote authentica ...)
	{DSA-3207-1 DLA-259-1}
	- shibboleth-sp2 2.5.3+dfsg-2
	NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
CVE-2015-2672 (The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the ...)
	- linux <not-affected>
	- linux-2.6 <not-affected>
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v3.17-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 (v4.0-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/6
CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.7+dfsg-1 (bug #780713)
	- libzip 0.11.2-1.2 (bug #780756)
	[wheezy] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
	[squeeze] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
	NOTE: https://bugs.php.net/bug.php?id=69253
	NOTE: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/1
	NOTE: libzip patch: http://hg.nih.at/libzip/rev/9f11d54f692e
CVE-2015-2330 (Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows  ...)
	- webkitgtk 2.4.9-1 (unimportant)
	[jessie] - webkitgtk 2.4.9-1~deb8u1
	NOTE: Not covered by security support
CVE-2015-2309 [Unsafe methods in the Request class]
	RESERVED
	- symfony 2.3.21+dfsg-4
CVE-2015-2308 (Eval injection vulnerability in the HttpCache class in HttpKernel in S ...)
	- symfony 2.3.21+dfsg-4
CVE-2015-2307
	RESERVED
CVE-2015-2306
	RESERVED
CVE-2015-2320 (The TLS stack in Mono before 3.12.1 allows remote attackers to have un ...)
	{DSA-3202-1 DLA-176-1}
	- mono 3.2.8+dfsg-10 (bug #780751)
	NOTE: https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
CVE-2015-2319 (The TLS stack in Mono before 3.12.1 makes it easier for remote attacke ...)
	{DSA-3202-1 DLA-176-1}
	- mono 3.2.8+dfsg-10 (bug #780751)
	NOTE: https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10
	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/728af6f96d1b8c976659
CVE-2015-2318 (The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers ...)
	{DSA-3202-1 DLA-176-1}
	- mono 3.2.8+dfsg-10 (bug #780751)
	NOTE: https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4
	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/f8c6e67f551d8a608154
CVE-2015-2303
	REJECTED
CVE-2015-2302
	REJECTED
CVE-2015-2300
	RESERVED
CVE-2015-2299
	RESERVED
CVE-2015-2295 (Cross-site request forgery (CSRF) vulnerability in system_firmware_res ...)
	NOT-FOR-US: pfSense
CVE-2015-2294 (Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in p ...)
	NOT-FOR-US: pfSense
CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/cl ...)
	NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2292 (Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list ...)
	NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2291 ((1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the ...)
	NOT-FOR-US: Intel Ethernet diagnostics driver for Windows
CVE-2015-2290
	RESERVED
CVE-2015-2288
	RESERVED
CVE-2014-9704
	RESERVED
CVE-2014-9703
	RESERVED
CVE-2014-9702 (system/classes/DbPDO.php in Cmfive through 2015-03-15, when database c ...)
	NOT-FOR-US: Cmfive
CVE-2014-9700
	RESERVED
CVE-2014-9699 (The MakerBot Replicator 5G printer runs an Apache HTTP Server with dir ...)
	NOT-FOR-US: MakerBot Replicator 5G printer
CVE-2014-9698
	RESERVED
CVE-2015-2313 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an ...)
	- capnproto 0.4.1-3 (bug #780568)
CVE-2015-2312 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows r ...)
	- capnproto 0.4.1-3 (bug #780567)
CVE-2015-2311 (Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x be ...)
	- capnproto 0.4.1-3 (bug #780566)
CVE-2015-2310 (Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 ...)
	- capnproto 0.4.1-3 (bug #780565)
CVE-2015-8856 (Cross-site scripting (XSS) vulnerability in the serve-index package be ...)
	- node-serve-index 1.9.1-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/serve-static-xss
	NOTE: https://github.com/expressjs/serve-index/issues/28
CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x befor ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6 (low)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
	NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6. ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6 (low)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
	NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x a ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
	NOTE: http://web.archive.org/web/20150501030131/http://trac.imagemagick.org/changeset/17845
	NOTE: http://web.archive.org/web/20150429001241/http://trac.imagemagick.org/changeset/17846
CVE-2015-XXXX [Incomplete fix for CVE-2014-7940]
	- icu 52.1-8 (bug #780503)
	[wheezy] - icu <not-affected> (Incomplete patch was never applied)
	[squeeze] - icu <not-affected> (Incomplete patch was never applied)
CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used  ...)
	{DSA-3215-1 DLA-189-1}
	- libgd2 2.1.0-5
	- php5 5.6.5+dfsg-1 (unimportant)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=68601
	NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
	NOTE: Also related: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/469990b43c294692493f15f8400560fe5d966a02
CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 6 ...)
	{DLA-300-1 DLA-299-1}
	- ruby1.8 <removed>
	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	- ruby2.0 <removed>
	- ruby2.1 <removed> (bug #796344)
	[jessie] - ruby2.1 2.1.5-2+deb8u3
	- ruby2.2 <not-affected> (Does not contain DL, cf note and corresponding CVE-2015-7551)
	NOTE: https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
	NOTE: Although the is upstream commit mentioned, the corresponding change does not
	NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
	NOTE: https://sources.debian.org/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does not
	NOTE: contain the change.
	NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
	NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
	NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer.
CVE-2009-5146
	REJECTED
CVE-2015-2298 (node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allo ...)
	- etherpad-lite <itp> (bug #576998)
	NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 throug ...)
	- requests 2.4.3-6 (bug #780506)
	[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
	NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entri ...)
	- serendipity <removed>
CVE-2015-2287
	REJECTED
CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before 2015 ...)
	NOT-FOR-US: Open edX
CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
	- upstart <not-affected> (Vulnerable cron.daily script not present)
CVE-2014-9701 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fixed by https://github.com/mantisbt/mantisbt/commit/d95f070d (1.2.x)
	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/15022
	NOTE: https://www.mantisbt.org/bugs/view.php?id=19493
CVE-2014-9697 (Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attack ...)
	NOT-FOR-US: Huawei
CVE-2014-9696 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chass ...)
	NOT-FOR-US: Huawei
CVE-2014-9695 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chass ...)
	NOT-FOR-US: Huawei
CVE-2014-9694 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...)
	NOT-FOR-US: Huawei
CVE-2014-9693 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...)
	NOT-FOR-US: Huawei
CVE-2014-9692 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...)
	NOT-FOR-US: Huawei
CVE-2014-9691 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...)
	NOT-FOR-US: Huawei
CVE-2014-9690 (Huawei home gateways WS318 with software V100R001C01B022 and earlier v ...)
	NOT-FOR-US: Huawei
CVE-2011-5321 (The tty_open function in drivers/tty/tty_io.c in the Linux kernel befo ...)
	{DLA-246-1}
	- linux 3.2.20-1
	- linux-2.6 3.2.1-1
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
	NOTE: 3.2.20-1 is the first version after the src:linux-2.6 -> src:linux rename.
CVE-2015-2284 (userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6 ...)
	NOT-FOR-US: SolarWinds Firewall Security Manager
CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier a ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2674 (Restkit allows man-in-the-middle attackers to spoof TLS servers by lev ...)
	- python-restkit <removed> (bug #781813)
	[stretch] - python-restkit <ignored> (Minor issue)
	[jessie] - python-restkit <ignored> (Minor issue)
	[wheezy] - python-restkit <ignored> (Minor issue)
	[squeeze] - python-restkit <no-dsa> (Minor issue)
	NOTE: https://github.com/benoitc/restkit/issues/140
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/12/9
CVE-2015-2283
	RESERVED
CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation (C ...)
	NOT-FOR-US: SAP
CVE-2015-2281 (Stack-based buffer overflow in collectoragent.exe in Fortinet Single S ...)
	NOT-FOR-US: Fortinet Single Sign On
CVE-2015-2280 (snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network  ...)
	NOT-FOR-US: AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera
CVE-2015-2279 (cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with fi ...)
	NOT-FOR-US: AirLive
CVE-2015-2278 (The LZH decompression implementation (CsObjectInt::BuildHufTree functi ...)
	NOT-FOR-US: SAP
CVE-2015-2277
	RESERVED
CVE-2015-2276
	RESERVED
CVE-2015-2275 (Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery  ...)
	NOT-FOR-US: WoltLab Community Gallery
CVE-2015-2274
	RESERVED
CVE-2015-2273 (Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
CVE-2015-2272 (login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x bef ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691
CVE-2015-2271 (tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
CVE-2015-2270 (lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x b ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
CVE-2015-2269 (Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript- ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144
CVE-2015-2268 (filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6. ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466
CVE-2015-2267 (mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before  ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
CVE-2015-2266 (message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x b ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204
CVE-2015-2264 (Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics ...)
	NOT-FOR-US: Telerik Analytics Monitor Library
CVE-2015-2263 (Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x be ...)
	NOT-FOR-US: Cloudera
CVE-2015-2262
	RESERVED
CVE-2015-2261
	RESERVED
CVE-2015-2260
	RESERVED
CVE-2015-2259
	RESERVED
CVE-2015-2258
	RESERVED
CVE-2015-2257
	RESERVED
CVE-2015-2256
	RESERVED
CVE-2015-2255 (Huawei AR1220 routers with software before V200R005SPH006 allow remote ...)
	NOT-FOR-US: Huawei
CVE-2015-2254 (Huawei OceanStor UDS devices with software before V100R002C01SPC102 mi ...)
	NOT-FOR-US: Huawei OceanStor UDS devices
CVE-2015-2253 (The XML interface in Huawei OceanStor UDS devices with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-2252 (Huawei OceanStor UDS devices with software before V100R002C01SPC102 mi ...)
	NOT-FOR-US: Huawei
CVE-2015-2251 (The DeviceManager in Huawei OceanStor UDS devices with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 befor ...)
	NOT-FOR-US: concrete5
CVE-2015-2249 (Zimbra Collaboration before 8.6.0 patch5 has XSS. ...)
	NOT-FOR-US: Zimbra Collaboration
CVE-2015-2248 (Cross-site request forgery (CSRF) vulnerability in the user portal in  ...)
	NOT-FOR-US: Dell SonicWALL
CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows physica ...)
	NOT-FOR-US: Boosted Boards skateboards
CVE-2015-2246 (The MeWidget module on Huawei P7 smartphones with software P7-L10 V100 ...)
	NOT-FOR-US: Huawei
CVE-2015-2245 (Huawei Ascend P7 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Huawei
CVE-2015-2244 (Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.0 ...)
	NOT-FOR-US: Webshop hun
CVE-2015-2243 (Directory traversal vulnerability in Webshop hun 1.062S allows remote  ...)
	NOT-FOR-US: Webshop hun
CVE-2015-2242 (Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow rem ...)
	NOT-FOR-US: Webshop hun
CVE-2015-XXXX [several security vulnerabilities and network packets can terminate the connection]
	- armagetronad 0.2.8.3.2-4 (bug #780178)
	[wheezy] - armagetronad <no-dsa> (Minor issue)
	[squeeze] - armagetronad <no-dsa> (Minor issue)
CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function in ph ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68901
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function ...)
	{DSA-3195-1 DLA-212-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68552
	NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters  ...)
	- cups-filters 1.0.61-5 (bug #780267)
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/09/5
CVE-2015-2241 (Cross-site scripting (XSS) vulnerability in the contents function in a ...)
	- python-django 1.7.6-1
	[wheezy] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
	[squeeze] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
	NOTE: https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
CVE-2015-2240
	RESERVED
CVE-2015-2239 (Google Chrome before 41.0.2272.76, when Instant Extended mode is used, ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-2238 (Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as  ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-2237 (Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice)  ...)
	NOT-FOR-US: Betster
CVE-2015-2236
	RESERVED
CVE-2015-2235
	REJECTED
CVE-2015-2234 (Race condition in Lenovo System Update (formerly ThinkVantage System U ...)
	NOT-FOR-US: Lenovo System Update
CVE-2015-2233 (Lenovo System Update (formerly ThinkVantage System Update) before 5.06 ...)
	NOT-FOR-US: Lenovo System Update
CVE-2015-2232
	RESERVED
CVE-2015-2231
	RESERVED
CVE-2015-2230 (Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Server
CVE-2015-2229
	RESERVED
CVE-2015-2228
	RESERVED
CVE-2015-2227
	RESERVED
CVE-2015-2226
	RESERVED
CVE-2015-2225
	RESERVED
CVE-2015-2224
	RESERVED
CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based c ...)
	NOT-FOR-US: Palo Alto Networks Traps
CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial of serv ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of serv ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0844d0cfe118b4041ed8e2ee49ff18bfbca8eaa5
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f
CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2015-2219 (Lenovo System Update (formerly ThinkVantage System Update) before 5.06 ...)
	NOT-FOR-US: Lenovo System Update
CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_sav ...)
	NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Bo ...)
	NOT-FOR-US: myUPB
CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
	NOT-FOR-US: Photocrati theme for WordPress
CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server help ...)
	NOT-FOR-US: Drupal module Services single sign-on server helper
CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the installa ...)
	NOT-FOR-US: NetCat CMS
CVE-2015-2213 (SQL injection vulnerability in the wp_untrash_post_comments function i ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33555
	NOTE: https://core.trac.wordpress.org/changeset/33556
CVE-2015-2212
	REJECTED
CVE-2015-2211
	RESERVED
CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in Go ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for  ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google  ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-XXXX [tcllib XSS]
	- tcllib 1.16-dfsg-2 (low; bug #780100)
	[wheezy] - tcllib 1.14-dfsg-3+deb7u1
	[squeeze] - tcllib <no-dsa> (Minor issue)
CVE-2015-2210 (The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows ...)
	NOT-FOR-US: Epicor CRS Retail Store
CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation path vi ...)
	NOT-FOR-US: DLGuard
CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...)
	NOT-FOR-US: phpMoAdmin
CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...)
	NOT-FOR-US: NetCracker Resource Management System
CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.4.4-1 (unimportant)
	NOTE: Hardening, not a concrete issue itself
	NOTE: https://www.phpmyadmin.net/security/PMASA-2015-1/
CVE-2015-2205
	RESERVED
CVE-2015-2202
	RESERVED
CVE-2015-2201
	RESERVED
CVE-2015-2200
	RESERVED
CVE-2015-2199 (Multiple SQL injection vulnerabilities in the WonderPlugin Audio Playe ...)
	NOT-FOR-US: WonderPlugin Audio Player plugin for WordPress
CVE-2015-2198 (Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php  ...)
	NOT-FOR-US: Beehive Forum
CVE-2015-2197 (Cross-site scripting (XSS) vulnerability in the Entity API module befo ...)
	NOT-FOR-US: Entity module for Drupal
CVE-2015-2196 (SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPre ...)
	NOT-FOR-US: Spider Event Calender
CVE-2015-2195 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cl ...)
	NOT-FOR-US: WP Media Cleaner plugin for WordPress
CVE-2015-2194 (Unrestricted file upload vulnerability in the fusion_options function  ...)
	NOT-FOR-US: fusion_options function in functions.php in the Fusion theme for WordPress
CVE-2015-2193
	RESERVED
CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly truncate ...)
	- librest 0.7.92-3 (bug #780101)
	[wheezy] - librest <not-affected> (rest_proxy_call_get_url not yet used)
	[squeeze] - librest <not-affected> (rest_proxy_call_get_url not yet used)
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
	NOTE: Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/04/6
CVE-2015-2204 (Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 all ...)
	NOT-FOR-US: Evergreen library
CVE-2015-2203 (Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users wi ...)
	NOT-FOR-US: Evergreen library
CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2. ...)
	NOT-FOR-US: Evergreen library
CVE-2015-2192 (Integer overflow in the dissect_osd2_cdb_continuation function in epan ...)
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024
CVE-2015-2191 (Integer overflow in the dissect_tnef function in epan/dissectors/packe ...)
	{DSA-3210-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
CVE-2015-2190 (epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handl ...)
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983
CVE-2015-2189 (Off-by-one error in the pcapng_read function in wiretap/pcapng.c in th ...)
	{DSA-3210-1}
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
CVE-2015-2188 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x  ...)
	{DSA-3210-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-07.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b204ff4846fe84b7789893c6b1d9afbdecac5b5d
CVE-2015-2187 (The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc ...)
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952
CVE-2015-2186 (The Ansible edxapp role in the Configuration Repo in edX allows remote ...)
	NOT-FOR-US: edX
CVE-2015-2185
	RESERVED
CVE-2015-2184 (ZeusCart 4 allows remote attackers to obtain configuration information ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2183 (Multiple SQL injection vulnerabilities in the administrative backend i ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allo ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2181 (Multiple buffer overflows in the DBMail driver in the Password plugin  ...)
	- roundcube 1.1.1+dfsg.1-2
	[wheezy] - roundcube <not-affected> (variable and chgdbmailusers.c does not exist)
	NOTE: http://trac.roundcube.net/ticket/1490261
	NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
	NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1.0 all ...)
	- roundcube 1.1.1+dfsg.1-2
	[wheezy] - roundcube <not-affected> (dbmail driver does not exist)
	NOTE: http://trac.roundcube.net/ticket/1490261
	NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
	NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
CVE-2015-2179
	RESERVED
CVE-2015-2178
	REJECTED
CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a d ...)
	NOT-FOR-US: Siemens
CVE-2015-2176
	RESERVED
CVE-2015-2175
	RESERVED
CVE-2015-2174
	RESERVED
CVE-2015-2173
	RESERVED
CVE-2009-5145 (Cross-site scripting (XSS) vulnerability in ZMI pages that use the man ...)
	- zope2.12 2.12.10-1
CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attack ...)
	NOT-FOR-US: Slim PHP Framework
CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers to cau ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
CVE-2015-2169 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExp ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2015-2168
	REJECTED
CVE-2015-2167 (Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobil ...)
	NOT-FOR-US: Ericsson
CVE-2015-2166 (Directory traversal vulnerability in the Instance Monitor in Ericsson  ...)
	NOT-FOR-US: Ericsson
CVE-2015-2165 (Multiple cross-site scripting (XSS) vulnerabilities in the Report View ...)
	NOT-FOR-US: Ericsson
CVE-2015-2164
	RESERVED
CVE-2015-2163
	RESERVED
CVE-2015-2162
	RESERVED
CVE-2015-2161
	RESERVED
CVE-2015-2160
	RESERVED
CVE-2015-2159
	RESERVED
CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0 ...)
	- netty3.1 <removed>
	[wheezy] - netty3.1 <no-dsa> (Minor issue)
	- netty 1:4.0.31-1 (bug #796114)
	[jessie] - netty <ignored> (Minor issue, invasive patch)
	[wheezy] - netty <no-dsa> (Minor issue)
	- netty-3.9 3.9.9.Final-1 (bug #793770)
	[jessie] - netty-3.9 <ignored> (Minor issue, invasive patch)
	- playframework <itp> (bug #646523)
	[squeeze] - netty <no-dsa> (Minor issue)
	NOTE: http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
	NOTE: https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
	NOTE: http://web.archive.org/web/20150925094949/http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156
	NOTE: https://github.com/netty/netty/commit/97d871a7553a01384b43df855dccdda5205ae77a
CVE-2015-2155 (The force printer in tcpdump before 4.7.2 allows remote attackers to c ...)
	{DSA-3193-1 DLA-174-1}
	- tcpdump 4.6.2-4
	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2154 (The osi_print_cksum function in print-isoclns.c in the ethernet printe ...)
	{DSA-3193-1 DLA-174-1}
	- tcpdump 4.6.2-4
	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2153 (The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer ...)
	{DSA-3193-1}
	- tcpdump 4.6.2-4
	[squeeze] - tcpdump <not-affected> (Vulnerable code not present)
	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2152 (Xen 4.5.x and earlier enables certain default backends when emulating  ...)
	- xen 4.4.1-9 (low; bug #780975)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-119.html
CVE-2015-2151 (The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore s ...)
	{DSA-3181-1}
	- xen 4.4.1-8 (bug #780227)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-123.html
CVE-2015-2150 (Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not pro ...)
	{DSA-3237-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <not-affected> (xen-pciback introduced in 3.1)
	NOTE: http://xenbits.xen.org/xsa/advisory-120.html
CVE-2015-2149 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: MyBB
CVE-2015-2148 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ph ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2147 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker b ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2146 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker b ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ph ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2144 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ph ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetra ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2142 (Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetra ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2141 (The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcr ...)
	{DSA-3296-1 DLA-262-1}
	- libcrypto++ 5.6.1-7
	NOTE: https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff
	NOTE: https://eprint.iacr.org/2015/368
CVE-2015-2140 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Op ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-2139 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Op ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-2138
	REJECTED
CVE-2015-2137 (Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, ...)
	NOT-FOR-US: HP Operations Manager i
CVE-2015-2136 (HP ArcSight Logger before 6.0 P2 allows remote authenticated users to  ...)
	NOT-FOR-US: HP ArcSight
CVE-2015-2135 (Unspecified vulnerability in HP Intelligent Provisioning 1.00 through  ...)
	NOT-FOR-US: HP Intelligent Provisioning
CVE-2015-2134 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2015-2133
	REJECTED
CVE-2015-2132 (Unspecified vulnerability in the execve system-call implementation in  ...)
	NOT-FOR-US: HP HP-UX
CVE-2015-2131
	REJECTED
CVE-2015-2130
	REJECTED
CVE-2015-2129
	REJECTED
CVE-2015-2128
	REJECTED
CVE-2015-2127
	REJECTED
CVE-2015-2126 (Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows ...)
	NOT-FOR-US: HP-UX (pppoec)
CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10. ...)
	NOT-FOR-US: HP WebInspect
CVE-2015-2124 (Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 ...)
	NOT-FOR-US: HP
CVE-2015-2123 (Unspecified vulnerability in HP NonStop Safeguard Security Software H0 ...)
	NOT-FOR-US: HP NonStop Safeguard Security Software
CVE-2015-2122 (The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows ...)
	NOT-FOR-US: HP
CVE-2015-2121 (HP Network Virtualization for LoadRunner and Performance Center 8.61 a ...)
	NOT-FOR-US: HP
CVE-2015-2120 (Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x be ...)
	NOT-FOR-US: HP SiteScope
CVE-2015-2119
	REJECTED
CVE-2015-2118 (Unspecified vulnerability in the Secure Pull Print and Security Pull P ...)
	NOT-FOR-US: HP Access Control Software
CVE-2015-2117 (HP TippingPoint Security Management System (SMS) and TippingPoint Virt ...)
	NOT-FOR-US: HP TippingPoint
CVE-2015-2116 (Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 ...)
	NOT-FOR-US: HP
CVE-2015-2115 (Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3  ...)
	NOT-FOR-US: HP Capture and Route
CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote attacker ...)
	NOT-FOR-US: HP Support Solution Framework
CVE-2015-2113 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
	NOT-FOR-US: HP Thin Clients
CVE-2015-2112 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
	NOT-FOR-US: HP Thin Clients
CVE-2015-2111 (Unspecified vulnerability in HP Intelligent Provisioning 1.40 through  ...)
	NOT-FOR-US: HP Intelligent Provisioning
CVE-2015-2110 (Buffer overflow in HP LoadRunner 11.52 allows remote attackers to exec ...)
	NOT-FOR-US: HP LoadRunner
CVE-2015-2109 (Unspecified vulnerability in HP Operations Orchestration 10.x allows r ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2015-2108 (Unspecified vulnerability in Powershell Operations in HP Operations Or ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2015-2107 (HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows ...)
	NOT-FOR-US: HP Operations Manager
CVE-2015-2106 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...)
	NOT-FOR-US: HP Integrated Lights-Out
CVE-2015-2105
	RESERVED
CVE-2015-2104
	REJECTED
CVE-2015-2103 (Cross-site scripting (XSS) vulnerability in the admin-login panel (adm ...)
	NOT-FOR-US: Cosmoshop
CVE-2015-2102 (SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2. ...)
	NOT-FOR-US: ClipBucket
CVE-2015-2101 (Cross-site scripting (XSS) vulnerability in the Navigate bar in the Na ...)
	NOT-FOR-US: Navigate module for Drupal
CVE-2013-7434
	RESERVED
CVE-2015-XXXX [heap buffer overflow]
	- bibtool 2.57+ds-3 (bug #779573)
	[squeeze] - bibtool <no-dsa> (Minor issue)
	[wheezy] - bibtool <no-dsa> (Minor issue)
	NOTE: Upstream patch: https://github.com/ge-ne/bibtool/commit/c6ed92c556f28ca2c738972c647486f9e11424bf
CVE-2015-XXXX [dcerpc: exit()'s on malloc failure]
	- suricata 2.0.7-1
	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/inliniac/suricata/commit/89017d0b03bf715a3f4e11b612c6c7a23549304a
CVE-2015-XXXX [http uri parsing issue]
	- libhtp 1:0.5.25-1 (bug #783007)
	[squeeze] - libhtp <no-dsa> (Minor issue)
	NOTE: if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005)
	[wheezy] - libhtp <no-dsa> (Unusable in wheezy, planned for removal)
	- suricata 2.0.7-1
	[wheezy] - suricata <not-affected> (Uses system-wide libhtp)
	[squeeze] - suricata <not-affected> (Uses system-wide libhtp)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1391
	NOTE: https://github.com/OISF/libhtp/commit/1a6c9465fb641f81460392f622d1878d5e87fc00
	NOTE: Fixed in Libhtp 0.5.17 upstream
CVE-2015-XXXX [MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value]
	- putty 0.63-10
	[wheezy] - putty 0.62-9+deb7u2
	[squeeze] - putty 0.60+2010-02-20-1+squeeze3
	NOTE: temporary workaround until CVE assigned to explitly tag for wheezy+squeeze
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
	NOTE: http://advisories.mageia.org/MGASA-2015-0098.html
CVE-2015-2172 (DokuWiki before 2014-05-05d and before 2014-09-29c does not properly c ...)
	- dokuwiki 0.0.20140929.d-1 (bug #779547)
	[jessie] - dokuwiki 0.0.20140505.a+dfsg-4
	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
	[wheezy] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: present since release_candidate_2013-10-28
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
	NOTE: https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
CVE-2015-2158 (Off-by-one error in the pngcrush_measure_idat function in pngcrush.c i ...)
	- pngcrush <not-affected> (Vulnerable code not present)
	NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
	NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...)
	{DSA-3190-1 DLA-173-1}
	- putty 0.63-10 (bug #779488)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
CVE-2015-2100
	RESERVED
CVE-2015-2099
	RESERVED
CVE-2015-2098
	RESERVED
CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) ...)
	NOT-FOR-US: WESP SDK
CVE-2015-2096 (Use-after-free vulnerability in the Connect function in the WESPMonito ...)
	NOT-FOR-US: WebGate eDVR Manager
CVE-2015-2095 (Heap-based buffer overflow in the SetConnectInfo function in the WESPP ...)
	NOT-FOR-US: WebGate eDVR Manager
CVE-2015-2094 (Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 con ...)
	NOT-FOR-US: WebGate WinRDS
CVE-2015-2093 (Stack-based buffer overflow in the Connect function in the WebGate Web ...)
	NOT-FOR-US: WebGate WEbEyeAudio ActiveX control
CVE-2015-2092 (The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feat ...)
	NOT-FOR-US: Agilent Technologies Feature Extraction
CVE-2015-2090 (SQL injection vulnerability in the ajax_survey function in settings.ph ...)
	NOT-FOR-US: ajax_survey function in settings.php in the WordPress Survey and Poll plugin for WordPress
CVE-2015-2089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Cros ...)
	NOT-FOR-US: CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin for WordPress
CVE-2015-2088 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Term Queue model for Drupal
CVE-2015-2087 (Unrestricted file upload vulnerability in the Avatar Uploader module b ...)
	NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2015-2086 (Cross-site scripting (XSS) vulnerability in the live preview in the Pa ...)
	NOT-FOR-US: Panopoly Magic module for Drupal
CVE-2014-9687 (eCryptfs 104 and earlier uses a default salt to encrypt the mount pass ...)
	- ecryptfs-utils 103-4 (bug #780385)
	[wheezy] - ecryptfs-utils <no-dsa> (Minor issue)
	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
	NOTE: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839
CVE-2014-9686 (The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attack ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7433 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin befo ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7432 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers t ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7431 (Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7430 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin befo ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7429 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers t ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7428 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers t ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2015-2085
	RESERVED
CVE-2015-2084 (Cross-site request forgery (CSRF) vulnerability in the Easy Social Ico ...)
	NOT-FOR-US: Easy Social Icons plugin for WordPress
CVE-2015-2083 (Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows rem ...)
	NOT-FOR-US: Ilch CMS
CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 Prosof ...)
	NOT-FOR-US: UNIT4 Prosoft HRMS
CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via unauthent ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums  ...)
	NOT-FOR-US: Vanilla Forums
CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6)  ...)
	- glibc 2.28-1 (unimportant; bug #779392)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672 (2.28)
	NOTE: DoS via crafted regexps are not considered security issues by glibc upstream
CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6) before  ...)
	{DLA-316-1}
	- glibc 2.21-1 (bug #779587)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u9
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/5
CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local users to  ...)
	{DLA-165-1}
	- glibc 2.15
	- eglibc 2.13-25 (bug #553206)
	NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should
	NOTE: be handled correctly then by the tracker.
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=13138
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/2
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
	NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue
CVE-2015-2079
	RESERVED
CVE-2015-2078 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft  ...)
	NOT-FOR-US: Lavasoft Ad-Aware Web Companion
CVE-2015-2077 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft  ...)
	NOT-FOR-US: Lavasoft Ad-Aware Web Companion
CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remote att ...)
	NOT-FOR-US: SAP
CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit e ...)
	NOT-FOR-US: SAP
CVE-2015-2074
	RESERVED
CVE-2015-2073
	RESERVED
CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1. ...)
	NOT-FOR-US: SAP
CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouc ...)
	NOT-FOR-US: eTouch SamePage Enterprise Edition
CVE-2015-2070 (SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4. ...)
	NOT-FOR-US: eTouch SamePage Enterprise Edition
CVE-2015-2069 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
	NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2015-2068 (Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka  ...)
	NOT-FOR-US: Magento Server
CVE-2015-2067 (Directory traversal vulnerability in web/ajax_pluginconf.php in the MA ...)
	NOT-FOR-US: Magento Server
CVE-2015-2066 (SQL injection vulnerability in DLGuard 4.5 allows remote attackers to  ...)
	NOT-FOR-US: DLGuard
CVE-2015-2065 (SQL injection vulnerability in videogalleryrss.php in the Apptha WordP ...)
	NOT-FOR-US: Apptha WordPress Video Gallery (contus-video-gallery) plugin for WordPress
CVE-2015-2064 (Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, ...)
	NOT-FOR-US: DLGuard
CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v20150224 al ...)
	- jetty <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
	- jetty8 <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
	NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
	NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
	NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...)
	NOT-FOR-US: Huge-IT Slider (slider- image) plugin for WordPress
CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...)
	NOT-FOR-US: PTC Creo View
CVE-2015-2057
	RESERVED
CVE-2015-2056
	RESERVED
CVE-2015-2055 (Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to c ...)
	NOT-FOR-US: Zhone GPON 2520
CVE-2015-2054 (CRLF injection vulnerability in export.cfg in the web-based administra ...)
	NOT-FOR-US: Sierra Wireless AirCard
CVE-2015-2053 (The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, wh ...)
	NOT-FOR-US: McAfee
CVE-2015-2052 (Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev.  ...)
	NOT-FOR-US: DIR-645 Wired/Wireless Router Rev. Ax
CVE-2015-2051 (The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 ...)
	NOT-FOR-US: D-Link DIR-645 Wired/Wireless Router Rev. Ax
CVE-2015-2050 (D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers t ...)
	NOT-FOR-US: D-Link DAP-1320 Rev Ax
CVE-2015-2049 (Unrestricted file upload vulnerability in D-Link DCS-931L with firmwar ...)
	NOT-FOR-US: D-Link DCS-931L
CVE-2015-2048 (Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L wit ...)
	NOT-FOR-US: D-Link DCS-931L
CVE-2015-2045 (The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does n ...)
	{DSA-3181-1}
	- xen 4.4.1-8
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-122.html
CVE-2015-2044 (The emulation routines for unspecified X86 devices in Xen 3.2.x throug ...)
	{DSA-3181-1}
	- xen 4.4.1-8
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-121.html
CVE-2015-2043 (Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyCo ...)
	NOT-FOR-US: Visualware
CVE-2015-2040 (Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka C ...)
	NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-2039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Acob ...)
	NOT-FOR-US: Acobot Live Chat & Contact Form plugin for WordPress
CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c  ...)
	{DLA-316-1}
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u9
	- glibc 2.21-1 (bug #779587)
	[jessie] - glibc 2.19-18+deb8u2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
	NOTE: Fixed upstream in 2.22
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allow ...)
	- redmine 3.0~20140825-5 (low)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_2_6
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/19117
	NOTE: https://github.com/redmine/redmine/commit/a1f40686ba43d121cbc8c095d2f8cc4095e70352#diff-847ef9328e260b1b93fd165d072b072d
CVE-2005-XXXX [more related to CVE-2005-4890]
	- shadow <unfixed> (unimportant; bug #628843)
	NOTE: only affects the su executable, so if you use sudo you're not affected
CVE-2015-2047 (The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4 ...)
	{DSA-3164-1}
	- typo3-src 4.5.40+dfsg1-1 (bug #778870)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
CVE-2015-2038
	RESERVED
CVE-2015-2037
	RESERVED
CVE-2015-2036
	RESERVED
CVE-2015-2033 (Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-234 ...)
	NOT-FOR-US: Anyterm Daemon
CVE-2015-2032
	RESERVED
CVE-2015-2031 (Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scal ...)
	NOT-FOR-US: IBM
CVE-2015-2030 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1. ...)
	NOT-FOR-US: IBM
CVE-2015-2029 (Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 be ...)
	NOT-FOR-US: IBM
CVE-2015-2028 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 befo ...)
	NOT-FOR-US: IBM
CVE-2015-2027 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1. ...)
	NOT-FOR-US: IBM
CVE-2015-2026 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtre ...)
	NOT-FOR-US: IBM
CVE-2015-2025 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1. ...)
	NOT-FOR-US: IBM
CVE-2015-2024
	RESERVED
CVE-2015-2023 (Buffer overflow in IBM i Access 7.1 on Windows allows local users to g ...)
	NOT-FOR-US: IBM i Access 7.1 on Windows
CVE-2015-2022
	RESERVED
CVE-2015-2021
	RESERVED
CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers to execu ...)
	NOT-FOR-US: MyScript SDK
CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iF ...)
	NOT-FOR-US: IBM
CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Bro ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-2017 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-2016 (Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 I ...)
	NOT-FOR-US: IBM
CVE-2015-2015 (Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Dire ...)
	NOT-FOR-US: IBM Domino
CVE-2015-2014 (Open redirect vulnerability in the web server in IBM Domino 8.5 before ...)
	NOT-FOR-US: IBM Domino
CVE-2015-2013 (IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to caus ...)
	NOT-FOR-US: IBM
CVE-2015-2012 (The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 1 ...)
	NOT-FOR-US: IBM
CVE-2015-2010
	REJECTED
CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi serv ...)
	NOT-FOR-US: IBM
CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x befor ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x be ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2006
	RESERVED
CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x befor ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might a ...)
	NOT-FOR-US: GraceNote GNSDK SDK
CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allo ...)
	NOT-FOR-US: PJSIP PJSUA2 SDK
CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow at ...)
	NOT-FOR-US: ESRI ArcGis Runtime SDK
CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers to exe ...)
	NOT-FOR-US: MetaIO SDK
CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to execut ...)
	NOT-FOR-US: Jumio SDK
CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 plac ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1998
	RESERVED
CVE-2015-1997 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1996 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1995 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QR ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1994 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1993 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1992 (IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, ...)
	NOT-FOR-US: IBM Systems Director
CVE-2015-1991
	REJECTED
CVE-2015-1990
	REJECTED
CVE-2015-1989 (SQL injection vulnerability in IBM Security QRadar Incident Forensics  ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1988 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger  ...)
	NOT-FOR-US: IBM
CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: IBM
CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 al ...)
	NOT-FOR-US: IBM
CVE-2015-1985 (The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows loc ...)
	NOT-FOR-US: IBM MQ M2000 appliances
CVE-2015-1984 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
	NOT-FOR-US: IBM
CVE-2015-1983 (Cross-site scripting (XSS) vulnerability in the Projects page in IBM U ...)
	NOT-FOR-US: IBM
CVE-2015-1982 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
	NOT-FOR-US: IBM
CVE-2015-1981 (Cross-site scripting (XSS) vulnerability in the web server in IBM Domi ...)
	NOT-FOR-US: IBM
CVE-2015-1980 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
	NOT-FOR-US: IBM
CVE-2015-1979 (Multiple cross-site scripting (XSS) vulnerabilities in the Error dialo ...)
	NOT-FOR-US: IBM
CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Direct ...)
	NOT-FOR-US: IBM
CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool in IB ...)
	NOT-FOR-US: IBM
CVE-2015-1976 (IBM Security Directory Server could allow an authenticated user to exe ...)
	NOT-FOR-US: IBM
CVE-2015-1975 (The web administration tool in IBM Tivoli Security Directory Server 6. ...)
	NOT-FOR-US: IBM
CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory Server 6. ...)
	NOT-FOR-US: IBM
CVE-2015-1973
	RESERVED
CVE-2015-1972 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iF ...)
	NOT-FOR-US: IBM
CVE-2015-1971 (Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IB ...)
	NOT-FOR-US: IBM
CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...)
	NOT-FOR-US: IBM
CVE-2015-1969 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reportin ...)
	NOT-FOR-US: IBM
CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the  ...)
	NOT-FOR-US: IBM
CVE-2015-1966 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Fede ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2015-1965 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1964 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1963 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1962 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1961 (The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1 ...)
	NOT-FOR-US: IBM
CVE-2015-1960
	RESERVED
CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iF ...)
	NOT-FOR-US: IBM
CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: IBM
CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows  ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: IBM
CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: IBM
CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1952 (Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edi ...)
	NOT-FOR-US: IBM
CVE-2015-1951 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-1950 (IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require  ...)
	NOT-FOR-US: IBM
CVE-2015-1949 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 al ...)
	NOT-FOR-US: IBM
CVE-2015-1948 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1947 (Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2015-1946 (IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphe ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1945 (Unspecified vulnerability in the Reference Data Management component i ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2015-1944 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1943 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1 ...)
	NOT-FOR-US: IBM
CVE-2015-1942 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 al ...)
	NOT-FOR-US: IBM
CVE-2015-1941 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 al ...)
	NOT-FOR-US: IBM
CVE-2015-1940
	RESERVED
CVE-2015-1939
	RESERVED
CVE-2015-1938 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 al ...)
	NOT-FOR-US: IBM
CVE-2015-1937 (IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2. ...)
	NOT-FOR-US: IBM PowerVC
CVE-2015-1936 (The administrative console in IBM WebSphere Application Server (WAS) 8 ...)
	NOT-FOR-US: IBM WAS
CVE-2015-1935 (The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 th ...)
	NOT-FOR-US: IBM DB2
CVE-2015-1934 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-1933 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1931 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 bef ...)
	NOT-FOR-US: IBM JDK
CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1929 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1928 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Life ...)
	NOT-FOR-US: IBM
CVE-2015-1927 (The default configuration of IBM WebSphere Application Server (WAS) 7. ...)
	NOT-FOR-US: IBM WAS
CVE-2015-1926 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle WebCenter Portal
CVE-2015-1925 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1924 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
	NOT-FOR-US: IBM
CVE-2015-1923 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6 ...)
	NOT-FOR-US: IBM
CVE-2015-1922 (The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 thro ...)
	NOT-FOR-US: IBM DB2
CVE-2015-1921 (Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0 ...)
	NOT-FOR-US: IBM
CVE-2015-1920 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 befor ...)
	NOT-FOR-US: IBM
CVE-2015-1919 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incide ...)
	NOT-FOR-US: IBM
CVE-2015-1918
	RESERVED
CVE-2015-1917 (Cross-site scripting (XSS) vulnerability in the Active Content Filteri ...)
	NOT-FOR-US: IBM
CVE-2015-1916 (Unspecified vulnerability in IBM Java 8 before SR1 allows remote attac ...)
	NOT-FOR-US: IBM JDK
CVE-2015-1915 (The Endpoint Manager for Remote Control component in IBM Tivoli Endpoi ...)
	NOT-FOR-US: IBM
CVE-2015-1914 (IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before  ...)
	NOT-FOR-US: IBM JDK
CVE-2015-1913 (Rational Test Control Panel in IBM Rational Test Workbench and Rationa ...)
	NOT-FOR-US: IBM
CVE-2015-1912
	RESERVED
CVE-2015-1911 (Cross-site scripting (XSS) vulnerability in Sterling Order Management  ...)
	NOT-FOR-US: Sterling Order Management
CVE-2015-1910 (Cross-site scripting (XSS) vulnerability in the Reference Data Managem ...)
	NOT-FOR-US: IBM
CVE-2015-1909 (The XML parser in the Reference Data Management component in the serve ...)
	NOT-FOR-US: IBM
CVE-2015-1908 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1907 (The Administration and Reporting Tool in IBM Rational License Key Serv ...)
	NOT-FOR-US: IBM Rational License Key Server
CVE-2015-1906 (Cross-site scripting (XSS) vulnerability in the REST API in IBM Busine ...)
	NOT-FOR-US: IBM BPM
CVE-2015-1905 (The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1 ...)
	NOT-FOR-US: IBM BPM
CVE-2015-1904 (IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 throug ...)
	NOT-FOR-US: IBM
CVE-2015-1903 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
	NOT-FOR-US: IBM
CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
	NOT-FOR-US: IBM
CVE-2015-1901 (The installer in IBM InfoSphere Information Server 8.5 through 11.3 be ...)
	NOT-FOR-US: IBM
CVE-2015-1900 (IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 ...)
	NOT-FOR-US: IBM
CVE-2015-1899 (IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause ...)
	NOT-FOR-US: IBM
CVE-2015-1898 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1897 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1896 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1895 (IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on clie ...)
	NOT-FOR-US: IBM
CVE-2015-1894 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Opti ...)
	NOT-FOR-US: IBM
CVE-2015-1893 (The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows r ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1892 (The Multicast DNS (mDNS) responder in IBM Security Access Manager for  ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2015-1891
	RESERVED
CVE-2015-1890 (/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-1889 (The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0. ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2015-1888 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0. ...)
	NOT-FOR-US: IBM
CVE-2015-1887 (IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1  ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1886 (The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1885 (WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 b ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1884 (Directory traversal vulnerability in IBM Business Process Manager (BPM ...)
	NOT-FOR-US: IBM
CVE-2015-1883 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 t ...)
	NOT-FOR-US: IBM DB2
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in the sslvpn login page in F ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder pl ...)
	NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect dat ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 (v3.19)
	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93 (v2.6.30-rc1)
CVE-2015-2041 (net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incor ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8 (v2.6.14-rc3)
CVE-2015-2035 (SQL injection vulnerability in the administrative backend in Piwigo be ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2015-2034 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2015-1878 (Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, a ...)
	NOT-FOR-US: nShield Connect hardware models
CVE-2015-1876 (Directory traversal vulnerability in ES File Explorer 3.2.4.1. ...)
	NOT-FOR-US: ES File Explorer
CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php i ...)
	NOT-FOR-US: Elastix
CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
	NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-1873
	RESERVED
CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg be ...)
	{DLA-1740-1 DLA-644-1}
	- ffmpeg 7:2.5.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
CVE-2015-1871
	RESERVED
CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-re ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1869 (The default event handling scripts in Automatic Bug Reporting Tool (AB ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1868 (The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6. ...)
	- pdns 3.4.4-1
	[jessie] - pdns 3.4.1-4+deb8u1
	[wheezy] - pdns <not-affected> (3.2 and up affected)
	[squeeze] - pdns <not-affected> (3.2 and up affected)
	- pdns-recursor 3.7.2-1
	[jessie] - pdns-recursor 3.6.2-2+deb8u1
	[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
	[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
CVE-2015-1867 (Pacemaker before 1.1.13 does not properly evaluate added nodes, which  ...)
	- pacemaker <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/ClusterLabs/pacemaker/commit/f242c1ef (Pacemaker-1.1.12-rc1)
	NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/84ac07c (Pacemaker-1.1.13-rc2)
CVE-2015-1866 (Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.1 ...)
	NOT-FOR-US: ember.js
CVE-2015-1865 (fts.c in coreutils 8.4 allows local users to delete arbitrary files. ...)
	- coreutils 8.13-1 (low)
	[squeeze] - coreutils <no-dsa> (Minor issue)
	NOTE: relevant code changed between 8.5 and 8.13, see https://bugzilla.redhat.com/show_bug.cgi?id=1211300 for details
	NOTE: Issue reproduced in with 8.5 and confirmed to not work with 8.13-3.5
CVE-2015-1864 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	- kallithea <itp> (bug #689573)
CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows re ...)
	{DSA-3233-1}
	- wpa 2.3-2 (bug #783148)
	- wpasupplicant <not-affected> (Vulnerable code present since v1.0)
	NOTE: http://w1.fi/security/2015-1/
	NOTE: Vulnerable are v1.0-v2.4 with CONFIG_P2P build option enabled
	NOTE: CONFIG_P2P enabled since 1.1-1 in debian/config/wpasupplicant/linux
	NOTE: Binary packages built for wheezy are not affected since WiFi P2P is disabled
CVE-2015-1862 (The crash reporting feature in Abrt allows local users to gain privile ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1861
	REJECTED
CVE-2015-1860 (Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase m ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1859 (Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp  ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1858 (Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase m ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1857 (The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote atta ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version is c ...)
	- swift 2.2.0-2 (bug #783163)
	[jessie] - swift 2.2.0-1+deb8u1
	[wheezy] - swift <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1430645
CVE-2015-1855 (verify_certificate_identity in the OpenSSL extension in Ruby before 2. ...)
	{DSA-3247-1 DSA-3246-1 DSA-3245-1 DLA-235-1 DLA-224-1}
	- ruby1.8 <removed>
	- ruby1.9.1 <removed>
	- ruby2.0 <removed>
	- ruby2.1 2.1.5-3
	- ruby2.2 2.2.2-1
	NOTE: https://bugs.ruby-lang.org/issues/9644
	NOTE: https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596
CVE-2015-1854 (389 Directory Server before 1.3.3.10 allows attackers to bypass intend ...)
	{DLA-1428-1}
	- 389-ds-base 1.3.3.10-1 (bug #783923)
	NOTE: Patch applied to CentOS package: https://git.centos.org/raw/rpms!389-ds-base.git!/309aa9ee631432d72c845f70df2ce6475055423b/SOURCES!0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
CVE-2015-1853 (chrony before 1.31.1 does not properly protect state variables in auth ...)
	{DSA-3222-1 DLA-193-1}
	- chrony 1.30-2 (bug #782160)
	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=d856bd34c4862398411d29200520e3a3b1d4569e
CVE-2015-1852 (The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 a ...)
	- python-keystonemiddleware 1.5.0-2
	[jessie] - python-keystonemiddleware 1.0.0-3+deb8u1
	- python-keystoneclient 1:1.3.0-2 (bug #783164)
	NOTE: originally fixed in 1:0.10.1-3 but then 1:1.3.0-1 was uploaded without the fix
	[jessie] - python-keystoneclient 1:0.10.1-2+deb8u1
	[wheezy] - python-keystoneclient <not-affected> (s3_token middleware not present)
	NOTE: https://launchpad.net/bugs/1411063
CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4  ...)
	{DSA-3292-1}
	- cinder 2015.1.0+2015.06.16.git26.9634b76ba5-1 (bug #788996)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231817
	NOTE: https://bugs.launchpad.net/cinder/+bug/1415087
CVE-2015-1850
	REJECTED
CVE-2015-1849 (AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platfo ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-1848 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secu ...)
	- pcs <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b (0.9.140)
CVE-2015-1847 (Directory traversal vulnerability in the web request/response interfac ...)
	NOT-FOR-US: Appserver.io
CVE-2015-1846 (unzoo allows remote attackers to cause a denial of service (infinite l ...)
	- unzoo <removed>
CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might allow remo ...)
	- unzoo <removed>
CVE-2015-1844 (Foreman before 1.7.5 allows remote authenticated users to bypass organ ...)
	- foreman <itp> (bug #663101)
CVE-2015-1843 (The Red Hat docker package before 1.5.0-28, when using the --add-regis ...)
	- docker.io <not-affected> (RHEL specific problem)
CVE-2015-1842 (The puppet manifests in the Red Hat openstack-puppet-modules package b ...)
	NOT-FOR-US: openstack-puppet-modules
CVE-2015-1841 (The Web Admin interface in Red Hat Enterprise Virtualization Manager ( ...)
	NOT-FOR-US: RHEV
CVE-2015-1840 (jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and ra ...)
	- ruby-jquery-rails 4.0.4-1 (bug #790395)
	[jessie] - ruby-jquery-rails <no-dsa> (Minor issue)
	[wheezy] - ruby-jquery-rails <no-dsa> (Minor issue)
	NOTE: https://hackerone.com/reports/49935
	NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
	NOTE: https://nodesecurity.io/advisories/15
CVE-2015-1839 (modules/chef.py in SaltStack before 2014.7.4 does not properly handle  ...)
	- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
	NOTE: https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
	NOTE: https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
CVE-2015-1838 (modules/serverdensity_device.py in SaltStack before 2014.7.4 does not  ...)
	- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
	NOTE: https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
CVE-2015-1837
	RESERVED
CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before ...)
	NOT-FOR-US: Apache HBase
CVE-2015-1835 (Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an appl ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-1834 (A path traversal vulnerability was identified in the Cloud Foundry com ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit before 2. ...)
	{DSA-3298-1}
	- jackrabbit 2.10.1-1 (bug #787316)
	NOTE: https://issues.apache.org/jira/browse/JCR-3883
CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apac ...)
	- derby 10.13.1.1-1
	[jessie] - derby <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/DERBY-6807
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1691461
	NOTE: Fixed in 10.12.1.1
CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts 2.3.20 a ...)
	- libstruts1.2-java <not-affected> (Affects only 2.3.20)
	NOTE: https://struts.apache.org/docs/s2-024.html
CVE-2015-1830 (Directory traversal vulnerability in the fileserver upload/download fu ...)
	- activemq <not-affected> (Only affects activemq on Windows)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
CVE-2015-1829 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-1828 (The Ruby http gem before 0.7.3 does not verify hostnames in SSL connec ...)
	- ruby-http 1.0.2-2
	[jessie] - ruby-http <no-dsa> (Minor issue)
	NOTE: http.rb failed to call the `#post_connection_check` method on SSL connections.
	NOTE: This method implements hostname verification, and without it `http.rb` was
	NOTE: vulnerable to MitM attacks. The problem was corrected by calling
	NOTE: `#post_connection_check`.
	NOTE: Fixed by: https://github.com/httprb/http/commit/24626bfcdeda1084502575c3fbb6091c9e2815e0
CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA befor ...)
	- freeipa <not-affected> (Only affects 4.1, see bug #781224)
	NOTE: https://fedorahosted.org/freeipa/ticket/4908
CVE-2015-1826
	RESERVED
CVE-2015-1825
	RESERVED
CVE-2015-1824
	RESERVED
CVE-2015-1823
	RESERVED
CVE-2015-1822 (chrony before 1.31.1 does not initialize the last "next" pointer when  ...)
	{DSA-3222-1 DLA-193-1}
	- chrony 1.30-2 (bug #782160)
	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=79eacdb7e694c7e6681b68006425df3faca51aec
CVE-2015-1821 (Heap-based buffer overflow in chrony before 1.31.1 allows remote authe ...)
	{DSA-3222-1 DLA-193-1}
	- chrony 1.30-2 (bug #782160)
	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=cf19042ecb656b8afec0cc4906e7dd3ea9266ac8
CVE-2015-1820 (REST client for Ruby (aka rest-client) before 1.8.0 allows remote atta ...)
	- ruby-rest-client 1.6.7-6 (bug #781238)
	[wheezy] - ruby-rest-client <no-dsa> (The correction introduces a dependency on a package not available in wheezy)
	- librestclient-ruby <removed>
	[wheezy] - librestclient-ruby <not-affected> (Vulnerability introduced in 1.6.1, wheezy has 1.6.0)
	[squeeze] - librestclient-ruby <not-affected> (Vulnerability introduced in 1.6.1, squeeze has 1.6.0)
	NOTE: https://github.com/rest-client/rest-client/issues/369
	NOTE: Patch: https://github.com/rest-client/rest-client/pull/365.patch (will need new dependency to ruby-http-cookie)
CVE-2015-1819 (The xmlreader in libxml allows remote attackers to cause a denial of s ...)
	{DSA-3430-1 DLA-266-1}
	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (low; bug #782782)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
	NOTE: Concerns by Florian Weimer: https://bugzilla.gnome.org/show_bug.cgi?id=748278
CVE-2015-1818 (XML external entity (XXE) vulnerability in the dashbuilder import faci ...)
	NOT-FOR-US: JBoss dashbuilder
CVE-2015-1817 (Stack-based buffer overflow in the inet_pton function in network/inet_ ...)
	- musl 1.1.5-2 (bug #781497)
CVE-2015-1816 (Forman before 1.7.4 does not verify SSL certificates for LDAP connecti ...)
	- foreman <itp> (bug #663101)
CVE-2015-1815 (The get_rpm_nvr_by_file_path_temporary function in util.py in setroubl ...)
	NOT-FOR-US: setroubleshoot
CVE-2015-1814 (The API token-issuing service in Jenkins before 1.606 and LTS before 1 ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1813 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and L ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1812 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and L ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1811 (XML external entity (XXE) vulnerability in CloudBees Jenkins before 1. ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1810 (The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS b ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1809 (XML external entity (XXE) vulnerability in CloudBees Jenkins before 1. ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1808 (Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticate ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1807 (Directory traversal vulnerability in Jenkins before 1.600 and LTS befo ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1806 (The combination filter Groovy script in Jenkins before 1.600 and LTS b ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in t ...)
	{DSA-3290-1 DLA-246-1}
	- linux 3.16.2-2
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 (v3.16-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 (v3.15-rc1)
CVE-2015-1804 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont b ...)
	{DSA-3194-1 DLA-183-1}
	- libxfont 1:1.5.1-1
	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
CVE-2015-1803 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont b ...)
	{DSA-3194-1 DLA-183-1}
	- libxfont 1:1.5.1-1
	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
CVE-2015-1802 (The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont b ...)
	{DSA-3194-1 DLA-183-1}
	- libxfont 1:1.5.1-1
	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
CVE-2015-1801 (The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 k ...)
	NOT-FOR-US: Samsung
CVE-2015-1800 (The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 k ...)
	NOT-FOR-US: Samsung
CVE-2015-1799 (The symmetric-key feature in the receive function in ntp_proto.c in nt ...)
	{DSA-3223-1 DLA-192-1}
	- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2781
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#Authentication_doesn_t_protect_s
CVE-2015-1798 (The symmetric-key feature in the receive function in ntp_proto.c in nt ...)
	{DSA-3223-1 DLA-192-1}
	- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2779
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#ntpd_accepts_unauthenticated_pac
CVE-2015-1797
	REJECTED
CVE-2015-1796 (The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 an ...)
	- libopensaml2-java <removed> (bug #780383)
	[jessie] - libopensaml2-java <no-dsa> (Minor issue)
	NOTE: Only change between 2.6.4 and 2.6.5 seems http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/saml2/metadata/provider/AbstractReloadingMetadataProvider.java?r1=1656&r2=1680
	NOTE: http://shibboleth.net/community/advisories/secadv_20150225.txt
CVE-2015-1795 (Red Hat Gluster Storage RPM Package 3.2 allows local users to gain pri ...)
	- glusterfs <not-affected> (Vulnerable code specific to glusterfs.spec and not present in source in Debian)
CVE-2015-1794 (The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 b ...)
	- openssl 1.0.2e-1
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-1793 (The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0 ...)
	- openssl 1.0.2d-1
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: http://openssl.org/news/secadv/20150709.txt
CVE-2015-1792 (The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before  ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1791 (Race condition in the ssl3_get_new_session_ticket function in ssl/s3_c ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
CVE-2015-1790 (The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL bef ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1789 (The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1788 (The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before  ...)
	{DSA-3287-1}
	- openssl 1.0.2b-1
	[squeeze] - openssl <not-affected> (Vulnerable code got introduced post 1.0.0)
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0. ...)
	- openssl <not-affected> (Vulnerable version never in unstable)
	NOTE: did affect 1.0.2 (only in experimental) and 1.0.2a was uploaded to unstable
CVE-2015-1786 (Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf ...)
	- zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
	NOTE: http://framework.zend.com/security/advisory/ZF2015-03
CVE-2015-1785
	RESERVED
CVE-2015-1784
	RESERVED
CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso before c ...)
	- lasso 2.4.1-1
	[wheezy] - lasso <not-affected> (Vulnerable code introduced later)
	[squeeze] - lasso <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd (v2.4.1)
	NOTE: Introduced by: https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=154812b401e3845977b3a4892dbc5e5a0b9d03cf (v2.4.0)
CVE-2015-1782 (The kex_agree_methods function in libssh2 before 1.5.0 allows remote s ...)
	{DSA-3182-1 DLA-171-1}
	- libssh2 1.4.3-4.1 (bug #780249)
	NOTE: http://www.libssh2.org/adv_20150311.html
CVE-2015-1781 (Buffer overflow in the gethostbyname_r and other unspecified NSS funct ...)
	{DSA-3480-1 DLA-230-1}
	[experimental] - glibc 2.21-0experimental1
	- glibc 2.19-20 (bug #796105)
	[jessie] - glibc 2.19-18+deb8u1
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18287
	NOTE: Upstream commit: https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386
CVE-2015-1780 (oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a st ...)
	NOT-FOR-US: oVirt Engine backend
CVE-2015-1779 (The VNC websocket frame decoder in QEMU allows remote attackers to cau ...)
	{DSA-3259-1}
	- qemu 1:2.3+dfsg-1 (bug #781250)
	[wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
	[squeeze] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
	- qemu-kvm <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
	NOTE: Original patches have problem: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93
CVE-2015-1778 (The custom authentication realm used by karaf-tomcat's "opendaylight"  ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1777 (rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Re ...)
	- rhn-client-tools <unfixed> (unimportant; bug #779817)
	NOTE: No security impact, this tool performs a registration at Red Hat Network,
	NOTE: which would fail, but no practical security impact
CVE-2015-1776 (Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduc ...)
	- hadoop <itp> (bug #793644)
CVE-2015-1775 (Server-side request forgery (SSRF) vulnerability in the proxy endpoint ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-1774 (The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and  ...)
	{DSA-3236-1}
	- libreoffice 1:4.4.2-1
CVE-2015-1773 (Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html ...)
	- flex-sdk <itp> (bug #602499)
CVE-2015-1772 (The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and ...)
	NOT-FOR-US: Apache Hive
CVE-2015-1771 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to e ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1769 (Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1768 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1767 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1766 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1764 (The web applications in Microsoft Exchange Server 2013 SP1 and Cumulat ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2015-1763 (Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 a ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2015-1762 (Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 a ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2015-1761 (Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 a ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2015-1760 (Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013  ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1759 (Microsoft Office Compatibility Pack SP3 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1758 (Untrusted search path vulnerability in the LoadLibrary function in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1757 (Cross-site scripting (XSS) vulnerability in adfs/ls in Active Director ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1756 (Use-after-free vulnerability in Microsoft Common Controls in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1755 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1754 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1753 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1752 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1751 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1750 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1749
	REJECTED
CVE-2015-1748 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1747 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1746
	REJECTED
CVE-2015-1745 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1744 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1743 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1742 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1741 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1740 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1739 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1738 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1737 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1736 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1735 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1734
	REJECTED
CVE-2015-1733 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1732 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1731 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1730 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1729 (Microsoft Internet Explorer 9 through 11 allows remote attackers to re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1728 (Microsoft Windows Media Player 10 through 12 allows remote attackers t ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1727 (Buffer overflow in the kernel-mode drivers in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1726 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1725 (Buffer overflow in the kernel-mode drivers in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1724 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1723 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1722 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1721 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1720 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1719 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1718 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1717 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1716 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1715 (Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-1714 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1713 (Microsoft Internet Explorer 11 allows remote attackers to gain privile ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1712 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1711 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1710 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1708 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1707
	REJECTED
CVE-2015-1706 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1705 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1704 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1703 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1702 (The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1701 (Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1700 (Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2015-1699 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1698 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1697 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1696 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1695 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1694 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1693
	REJECTED
CVE-2015-1692 (Microsoft Internet Explorer 7 through 11 allows user-assisted remote a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1691 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1690
	REJECTED
CVE-2015-1689 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1687 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1686 (The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through ...)
	NOT-FOR-US: Microsoft
CVE-2015-1685 (Microsoft Internet Explorer 11 allows remote attackers to bypass the A ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1684 (VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used ...)
	NOT-FOR-US: Microsoft
CVE-2015-1683 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2015-1682 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1681 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1680 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1679 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1678 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1677 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1676 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1675 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1674 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1673 (The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2015-1672 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1671 (The Windows DirectWrite library, as used in Microsoft .NET Framework 3 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1670 (The Windows DirectWrite library, as used in Microsoft .NET Framework 3 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1669
	REJECTED
CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1667 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1666 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1665 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1664
	REJECTED
CVE-2015-1663
	REJECTED
CVE-2015-1662 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1661 (Microsoft Internet Explorer 6 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1660 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1659 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1658 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1656
	REJECTED
CVE-2015-1655
	REJECTED
CVE-2015-1654
	REJECTED
CVE-2015-1653 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Found ...)
	NOT-FOR-US: Microsoft
CVE-2015-1652 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1651 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer,  ...)
	NOT-FOR-US: Microsoft
CVE-2015-1650 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 S ...)
	NOT-FOR-US: Microsoft
CVE-2015-1649 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 S ...)
	NOT-FOR-US: Microsoft
CVE-2015-1648 (ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1647 (Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1646 (Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-1645 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1644 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1643 (Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 20 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1642 (Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attack ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1641 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1640 (Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1639 (Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1638 (Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2015-1637 (Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2015-1636 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Found ...)
	NOT-FOR-US: Microsoft
CVE-2015-1635 (HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1634 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1633 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Found ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2015-1632 (Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook We ...)
	NOT-FOR-US: Microsoft
CVE-2015-1631 (Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2015-1630 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in M ...)
	NOT-FOR-US: Microsoft
CVE-2015-1629 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in M ...)
	NOT-FOR-US: Microsoft
CVE-2015-1628 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in M ...)
	NOT-FOR-US: Microsoft
CVE-2015-1627 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1626 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1625 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1624 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1623 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1622 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1621 (Cross-site scripting (XSS) vulnerability in the Webform prepopulate bl ...)
	NOT-FOR-US: Webform module for Drupal
CVE-2015-1620
	RESERVED
CVE-2015-1619 (Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2015-1618 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) befor ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2015-1617 (Cross-site scripting (XSS) vulnerability in the ePO extension in McAfe ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2015-1616 (SQL injection vulnerability in the ePO extension in McAfee Data Loss P ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2015-1615
	RESERVED
CVE-2015-1613 (RhodeCode before 2.2.7 allows remote authenticated users to obtain API ...)
	NOT-FOR-US: RhodeCode
CVE-2015-1612 (OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attac ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1611 (OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attac ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1610 (hosttracker in OpenDaylight l2switch allows remote attackers to change ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers t ...)
	- mongodb 1:2.4.10-5 (bug #780129)
	[wheezy] - mongodb <not-affected> (BSONElement::validate() checks length, problematic code introduced later)
	[squeeze] - mongodb <not-affected> (BSONElement::validate() checks length (db/jsobj.cpp +589))
	NOTE: https://jira.mongodb.org/browse/SERVER-17264
	NOTE: Fast bson validate introduced with https://github.com/mongodb/mongo/commit/6889d1658136c753998b4a408dc8d1a3ec28e3b9 (r2.3.2)
CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
	NOT-FOR-US: Topline Opportunity Form
CVE-2015-1605 (Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manag ...)
	NOT-FOR-US: Dell ScriptLogic Asset Manager
CVE-2015-1602 (Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 impro ...)
	NOT-FOR-US: Siemens
CVE-2015-1601 (Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allow ...)
	NOT-FOR-US: Siemens
CVE-2015-1599 (The Siemens SPCanywhere application for iOS allows physically proximat ...)
	NOT-FOR-US: Siemens SPCanywhere application for iOS
CVE-2015-1598 (The Siemens SPCanywhere application for Android does not properly stor ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1597 (The Siemens SPCanywhere application for Android does not use encryptio ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1596 (The Siemens SPCanywhere application for Android and iOS does not prope ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1595 (The Siemens SPCanywhere application for Android and iOS does not use e ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1594 (Untrusted search path vulnerability in Siemens SIMATIC ProSave before  ...)
	NOT-FOR-US: Siemens
CVE-2013-7427
	RESERVED
CVE-2012-6688
	RESERVED
CVE-2015-XXXX [incorrect memory management in Gtk2::Gdk::Display::list_devices]
	- libgtk2-perl 2:1.2492-4
	[wheezy] - libgtk2-perl 2:1.244-1+deb7u1
	[squeeze] - libgtk2-perl 2:1.222-1+deb6u1
	NOTE: wheezy/squeeze tagged entry as workaround/reminder for when CVE is assigned
	NOTE: CVE needs to be added to data/D[SL]A/list
	NOTE: https://mail.gnome.org/archives/gtk-perl-list/2015-January/msg00039.html
	NOTE: https://bugs.mageia.org/show_bug.cgi?id=15173
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/14
CVE-2015-XXXX [Linux ASLR mmap weakness: Reducing entropy by half]
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt17-1
	[wheezy] - linux 3.2.71-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
	NOTE: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
	NOTE: arm64 affected from v3.7 to v3.18 (fixed in 3.16.7-ckt12)
	NOTE: powerpc affected from v2.6.30 to 3.2 (pending for 3.2.70)
	NOTE: Fix for arm64: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d6c763afab
	NOTE: Fix for ppc: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?fa8cbaaf5a68
CVE-2015-2060 (cabextract before 1.6 does not properly check for leading slashes when ...)
	- cabextract 1.6-1 (bug #778753)
	[jessie] - cabextract <no-dsa> (Minor issue)
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
	NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
	NOTE: CVE assigned for issue were path traversal occurs because the unpatched
	NOTE: code does neither of the following: 1) checking for slashes after decoding
	NOTE: 2) checking for ordinary slashes before decoding and prohibiting overlong
	NOTE: encodings
CVE-2015-2297 (nanohttp in libcsoap allows remote attackers to cause a denial of serv ...)
	- libcsoap <removed> (bug #778599)
	[squeeze] - libcsoap <no-dsa> (Minor issue)
	[wheezy] - libcsoap <no-dsa> (Minor issue)
	NOTE: CVE assigned only for the null pointer dereference, not all issues in
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/2
CVE-2014-9684 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through  ...)
	- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: https://review.openstack.org/#/c/122427/
CVE-2014-9683 (Off-by-one error in the ecryptfs_decode_from_filename function in fs/e ...)
	{DSA-3170-1 DLA-246-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an https ...)
	- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
	[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
	NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/1
CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earl ...)
	{DSA-3177-1 DLA-170-1}
	- mod-gnutls 0.6-1.3 (bug #578663)
	NOTE: https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2
CVE-2009-5144 (mod-gnutls does not validate client certificates when "GnuTLSClientVer ...)
	- mod-gnutls 0.5.6-1 (bug #578663)
	NOTE: http://issues.outoforder.cc/view.php?id=93
CVE-2014-9682 (The dns-sync module before 0.1.1 for node.js allows context-dependent  ...)
	NOT-FOR-US: node-dns-sync
CVE-2014-XXXX [more to CVE-2014-6585]
	[experimental] - icu 55.1-1
	- icu 52.1-10 (low; bug #778511)
	[jessie] - icu 52.1-8+deb8u2
	[wheezy] - icu 4.8.1.1-12+deb7u3
	[squeeze] - icu <not-affected> (All relevant changes already applied)
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37086
	NOTE: icu_4.4.1-8+squeeze3 already has the full patch except for the changes in source/layout/ContextualSubstSubtables.cpp which are commented out anyway... and the remaining if test is probably only meaningful when the backtrackClassArray call is uncommented.
CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Imag ...)
	NOT-FOR-US: WordPress plugin image-metadata-cruncher
CVE-2015-1607 (kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2 ...)
	[experimental] - gnupg2 2.1.2-1
	- gnupg2 2.0.26-5 (bug #778577)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	[squeeze] - gnupg2 <no-dsa> (Minor issue)
	- gnupg 1.4.18-7 (bug #778652)
	[wheezy] - gnupg <no-dsa> (Too intrusive to backport; minor issue)
	[squeeze] - gnupg <no-dsa> (Too intrusive to backport; minor issue)
	NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
CVE-2015-1606 (The keyring DB in GnuPG before 2.1.2 does not properly handle invalid  ...)
	{DSA-3184-1 DLA-175-1}
	[experimental] - gnupg2 2.1.2-1
	- gnupg2 2.0.26-5 (bug #778577)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	[squeeze] - gnupg2 <no-dsa> (Minor issue)
	- gnupg 1.4.18-7 (bug #778652)
	[squeeze] - gnupg <no-dsa> (Minor issue)
	NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
CVE-2015-1604 (Unrestricted file upload vulnerability in asys/site/files.php in Admin ...)
	NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1603 (Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CM ...)
	NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1600 (Information disclosure vulnerability in Netatmo Indoor Module firmware ...)
	NOT-FOR-US: Netatmo Weather Station
CVE-2015-1588 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Se ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-1587 (Unrestricted file upload vulnerability in file_to_index.php in Maarch  ...)
	NOT-FOR-US: Maarch LetterBox
CVE-2015-1586
	RESERVED
CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-si ...)
	NOT-FOR-US: Fat Free CRM
CVE-2015-1584
	RESERVED
CVE-2015-1583 (Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2 ...)
	NOT-FOR-US: ATutor
CVE-2015-1582 (Multiple cross-site scripting (XSS) vulnerabilities in the Spider Face ...)
	NOT-FOR-US: Spider Facebook plugin for WordPress
CVE-2015-1581 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobi ...)
	NOT-FOR-US: Mobile Domain plugin for WordPress
CVE-2015-1580 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Redi ...)
	NOT-FOR-US: Redirection Page plugin for WordPress
CVE-2015-1579 (Directory traversal vulnerability in the Elegant Themes Divi theme for ...)
	NOT-FOR-US: Elegant Themes Divi theme for WordPress
CVE-2015-1578 (Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow rem ...)
	NOT-FOR-US: u5CMS
CVE-2015-1577 (Directory traversal vulnerability in u5admin/deletefile.php in u5CMS b ...)
	NOT-FOR-US: u5CMS
CVE-2015-1576 (Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow rem ...)
	NOT-FOR-US: u5CMS
CVE-2015-1575 (Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3. ...)
	NOT-FOR-US: u5CMS
CVE-2015-1574 (The Google Email application 4.2.2.0200 for Android allows remote atta ...)
	NOT-FOR-US: Google Email application for Android
CVE-2013-7425
	RESERVED
CVE-2014-9678 (FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers  ...)
	NOT-FOR-US: FlexPaper
CVE-2014-9677 (Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Fle ...)
	NOT-FOR-US: FlexPaper
CVE-2015-1593 (The stack randomization feature in the Linux kernel before 3.19.1 on 6 ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt7-1
	- linux-2.6 <removed>
	NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
	NOTE: https://lkml.org/lkml/2015/2/14/61
CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and  ...)
	{DSA-3183-1}
	- movabletype-opensource <removed>
	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in e2 ...)
	{DSA-3166-1 DLA-162-1}
	- e2fsprogs 1.42.12-1.1 (bug #778948)
	NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
CVE-2015-1571 (** DISPUTED ** The CAPWAP DTLS protocol implementation in Fortinet For ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1570 (The Endpoint Control protocol implementation in Fortinet FortiClient 5 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, w ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer BS ...)
	{DSA-3195-1 DLA-444-1 DLA-233-1}
	- php5 5.6.6+dfsg-1 (low; bug #778389)
	- olsrd <not-affected> (only when building on Android, see bug #778390)
	- llvm-toolchain-3.4 <removed> (low; bug #778391)
	[jessie] - llvm-toolchain-3.4 <no-dsa> (Minor issue)
	- llvm-toolchain-3.5 1:3.5.2-2 (low; bug #778392)
	[jessie] - llvm-toolchain-3.5 <no-dsa> (Minor issue)
	- llvm-toolchain-3.6 1:3.6-1 (bug #778393)
	- llvm-toolchain-3.7 1:3.7~+rc3-1
	- llvm-toolchain-snapshot 1:3.8~svn245286-1 (bug #778394)
	- haskell-regex-posix <not-affected> (only when building on Windows, see bug #778395)
	- cups <not-affected> (Local regex copy only used when building on Windows, see #778396)
	- librcsb-core-wrapper 1.005-3 (bug #778397)
	- openrpt <removed> (unimportant; bug #778398)
	- z88dk <not-affected> (Local regex copy only used when building on Windows, see bug #778399)
	- newlib 2.0.0-1 (bug #778408)
	[squeeze] - newlib <no-dsa> (Minor issue)
	[wheezy] - newlib <no-dsa> (Minor issue)
	- yap 6.2.2-3 (low; bug #778410)
	[jessie] - yap <no-dsa> (Minor issue)
	[squeeze] - yap <no-dsa> (Minor issue)
	[wheezy] - yap <no-dsa> (Minor issue)
	- vnc4 4.1.1+X4.3.0+t-1 (unimportant; bug #778403)
	NOTE: affected code not built in vnc4, starting with 4.1.1+X4.3.0+t-1 it's a transitional package
	- sma <not-affected> (Local regex copy only used when building on Windows, see #778411)
	- clamav 0.98.7+dfsg-1 (unimportant; bug #778406)
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
	NOTE: Only exploitable through virusdb updates, which need to be trusted anywaya
	- knews <not-affected> (Uses system regex code, see #778401)
	- radare2 0.10.5+dfsg-1 (low; bug #778402)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	- efl <not-affected> (Only used when building on Windows, see #778414)
	- ptlib <unfixed> (unimportant; bug #778404)
	NOTE: ptlib uses the regex code from glibc, local fallback code not used
	- alpine <not-affected> (alpine uses the regex code from glibc, local fallback code not used, bug #778413)
	- vigor 0.016-24 (unimportant; bug #778409)
	[wheezy] - vigor 0.016-19+deb7u1
	- nvi 1.81.6-13 (unimportant; bug #778412)
	NOTE: No security impact in nvi/vigor and openrpt
	NOTE: http://www.kb.cert.org/vuls/id/695940
	NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/16/8
CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
	- nut 2.7.2-2 (low; bug #777706)
	[wheezy] - nut <no-dsa> (Minor issue)
	[squeeze] - nut <no-dsa> (Minor issue)
CVE-2015-1881 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through  ...)
	- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: https://review.openstack.org/#/c/156553
CVE-2015-1877 [command injection vulnerability]
	RESERVED
	{DSA-3165-1 DLA-217-1}
	- xdg-utils 1.1.0~rc1+git20111210-7.4 (bug #777722)
CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scr ...)
	NOT-FOR-US: Drupal module GD Infinite Scroll
CVE-2015-1567 (Cross-site scripting (XSS) vulnerability in the admin page in the GD I ...)
	NOT-FOR-US: Drupal module GD Infinite Scroll
CVE-2015-1566 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7. ...)
	NOT-FOR-US: DotNetNuke
CVE-2015-1565 (Cross-site scripting (XSS) vulnerability in the online help in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2015-1564 (Cross-site scripting (XSS) vulnerability in style-underground/search i ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7. ...)
	NOT-FOR-US: Saurus CMS
CVE-2015-1561 (The escape_command function in include/Administration/corePerformance/ ...)
	- centreon-web <itp> (bug #913903)
CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in include/com ...)
	- centreon-web <itp> (bug #913903)
CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in administ ...)
	NOT-FOR-US: Epignosis eFront
CVE-2015-1557
	RESERVED
CVE-2015-1556
	RESERVED
CVE-2015-1555 (Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3. ...)
	- zendframework <not-affected> (Vulnerable code not present)
	NOTE: http://framework.zend.com/security/advisory/ZF2015-01
CVE-2015-1553
	RESERVED
CVE-2015-1552
	RESERVED
CVE-2015-1551 (Directory traversal vulnerability in Aruba Networks ClearPass Policy M ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1550 (Directory traversal vulnerability in Aruba Networks ClearPass Policy M ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1549
	RESERVED
CVE-2015-1548 (mini_httpd 1.21 and earlier allows remote attackers to obtain sensitiv ...)
	- mini-httpd 1.21-1 (bug #778925)
	[squeeze] - mini-httpd <no-dsa> (Minor issue)
	[wheezy] - mini-httpd <no-dsa> (Minor issue)
CVE-2015-1544
	RESERVED
CVE-2015-1543
	RESERVED
CVE-2015-1542
	RESERVED
CVE-2015-1541 (The AppWidgetServiceImpl implementation in com/android/server/appwidge ...)
	NOT-FOR-US: Android
CVE-2015-1540
	RESERVED
CVE-2015-1539 (Multiple integer underflows in the ESDS::parseESDescriptor function in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams function i ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-1537 (Integer overflow in IHDCP.cpp in the media_server component in Android ...)
	NOT-FOR-US: Android
CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in core/jni/a ...)
	NOT-FOR-US: Android
CVE-2015-1535
	RESERVED
CVE-2015-1534
	RESERVED
CVE-2015-1533
	RESERVED
CVE-2015-1532
	RESERVED
CVE-2015-1531
	RESERVED
CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows at ...)
	NOT-FOR-US: Android
CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
	NOT-FOR-US: Android
CVE-2015-1528 (Integer overflow in the native_handle_create function in libcutils/nat ...)
	NOT-FOR-US: Android
CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows local us ...)
	NOT-FOR-US: Android
CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
	NOT-FOR-US: Android
CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attacker ...)
	NOT-FOR-US: Android
CVE-2015-1524
	RESERVED
CVE-2015-1523
	RESERVED
CVE-2015-1522 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject cer ...)
	- bro 2.3.2+dfsg-1
CVE-2015-1521 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly h ...)
	- bro 2.3.2+dfsg-1
CVE-2015-1520
	RESERVED
CVE-2015-1519
	RESERVED
CVE-2015-1518 (SQL injection vulnerability in the search_post function in includes/se ...)
	NOT-FOR-US: Redaxscript
CVE-2015-1517 (SQL injection vulnerability in Piwigo before 2.7.4, when all filters a ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2015-1516 (Cross-site scripting (XSS) vulnerability in Polycom RealPresence Cloud ...)
	NOT-FOR-US: Polycom
CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24  ...)
	NOT-FOR-US: SoftSphere
CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
	NOT-FOR-US: FancyFon FAMOC
CVE-2015-1513 (SQL injection vulnerability in SIPhone Enterprise PBX allows remote at ...)
	NOT-FOR-US: SIPhone Enterprise PBX
CVE-2015-1512 (Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC  ...)
	NOT-FOR-US: FancyFon FAMOC
CVE-2015-1511
	RESERVED
CVE-2015-1510
	RESERVED
CVE-2015-1509
	RESERVED
CVE-2015-1508
	RESERVED
CVE-2015-1507
	RESERVED
CVE-2015-1506
	RESERVED
CVE-2015-1505
	RESERVED
CVE-2015-1504
	RESERVED
CVE-2015-1503 (Multiple directory traversal vulnerabilities in IceWarp Mail Server be ...)
	NOT-FOR-US: Icewarp mail server
CVE-2015-1502
	RESERVED
CVE-2015-1501 (The factory.loadExtensionFactory function in TSUnicodeGraphEditorContr ...)
	NOT-FOR-US: SolarWinds
CVE-2015-1500 (Multiple stack-based buffer overflows in the TSUnicodeGraphEditorContr ...)
	NOT-FOR-US: SolarWinds
CVE-2015-1499 (The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allo ...)
	NOT-FOR-US: Samsung Security Manager
CVE-2015-1498 (Persistent Systems Radia Client Automation does not properly restrict  ...)
	NOT-FOR-US: Persistent Systems Radia Client Automation
CVE-2015-1497 (radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9,  ...)
	NOT-FOR-US: Persistent Systems Radia Client Automation
CVE-2015-1496 (Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2 ...)
	NOT-FOR-US: Motorola Scanner SDK
CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK allow re ...)
	NOT-FOR-US: Motorola Scanner SDK
CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not  ...)
	NOT-FOR-US: FancyBox plugin for WordPress
CVE-2015-1492 (Untrusted search path vulnerability in the client in Symantec Endpoint ...)
	NOT-FOR-US: Symantec
CVE-2015-1491 (SQL injection vulnerability in the management console in Symantec Endp ...)
	NOT-FOR-US: Symantec
CVE-2015-1490 (Directory traversal vulnerability in the management console in Symante ...)
	NOT-FOR-US: Symantec
CVE-2015-1489 (The management console in Symantec Endpoint Protection Manager (SEPM)  ...)
	NOT-FOR-US: Symantec
CVE-2015-1488 (An unspecified action handler in the management console in Symantec En ...)
	NOT-FOR-US: Symantec
CVE-2015-1487 (The management console in Symantec Endpoint Protection Manager (SEPM)  ...)
	NOT-FOR-US: Symantec
CVE-2015-1486 (The management console in Symantec Endpoint Protection Manager (SEPM)  ...)
	NOT-FOR-US: Symantec
CVE-2015-1485 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec Wo ...)
	NOT-FOR-US: Symantec Workspace Streaming
CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX a ...)
	NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
	{DLA-464-1}
	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
	- libav 6:11.2-1
	NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
	NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/04/10
CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by onl ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=151
CVE-2014-9674 (The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType befor ...)
	{DSA-3461-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=153
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in bas ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=154
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in FreeTy ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=155
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c i ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=157
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3
CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function i ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=158
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 a ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=163
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4  ...)
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (Vulnerable code not present)
	[squeeze] - freetype <not-affected> (Vulnerable code not present)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length cal ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=166
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before  ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=167
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439
CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4  ...)
	{DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (Vulnerable code not present)
	[squeeze] - freetype <not-affected> (Vulnerable code not present)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=168
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727
CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ce ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=183
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd
CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5 ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=184
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1
CVE-2014-9662 (cff/cf2ft.c in FreeType before 2.5.4 does not validate the return valu ...)
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (Vulnerable code not present)
	[squeeze] - freetype <not-affected> (Vulnerable code not present)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=185
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that scan ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=187
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5. ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2. ...)
	- freetype 2.5.2-3 (bug #777656; bug #773084)
	[wheezy] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
	[squeeze] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
	NOTE: https://savannah.nongnu.org/bugs/?43661
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=190
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
	NOTE: CVE due to incomplete fix for CVE-2014-2240
CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5 ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=194
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c
CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType befor ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=195
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType b ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in filter/raste ...)
	{DSA-3172-1 DLA-159-1}
	[experimental] - cups 2.0.2-1
	- cups 1.7.5-11 (bug #778387)
	NOTE: Marked with [experimental] tag as the fix is only in experimental so far
	NOTE: Switch this to regular fixed version once the fix is in unstable
	NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/10/15
CVE-2015-1573 (The nft_flush_table function in net/netfilter/nf_tables_api.c in the L ...)
	- linux <not-affected> (Vulnerable code introduced in v3.18-rc1, never in the archive outside of experimental)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=a2f18db0c68fec96631c10cad9384c196e9008ac (v3.19-rc5)
	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9ac12ef099707f405d7478009564302d7ed8393 (v3.18-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=91441
CVE-2015-2046 (Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later  ...)
	- mantis <removed>
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=19301
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/10
	NOTE: CVE for specific portion of the original May 2014 adm_config_report.php discovery
	NOTE: that remains present in version 1.2.18 and 1.2.19
CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
	- macchanger 1.7.0-5.3 (bug #774898)
	[wheezy] - macchanger <no-dsa> (Minor issue)
	[squeeze] - macchanger <no-dsa> (Minor issue)
CVE-2015-9101 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3. ...)
	- lame 3.99.5+repack1-6 (bug #777161)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	[squeeze] - lame <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-9100 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3. ...)
	- lame 3.99.5+repack1-6 (bug #777160)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	[squeeze] - lame <no-dsa> (minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-9099 (The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 ...)
	- lame 3.99.5+repack1-6 (bug #775959)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	[squeeze] - lame <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-XXXX [denial of service under memory stress]
	- libhtp 1:0.5.25-1 (bug #777522)
	[squeeze] - libhtp <no-dsa> (Minor issue)
	[wheezy] - libhtp <no-dsa> (Minor issue)
	NOTE: https://github.com/inliniac/libhtp/commit/c7c03843cd6b1cbf44eb435d160ba53aec948828
CVE-2014-9681
	REJECTED
CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...)
	{DSA-3167-1 DLA-160-1}
	- sudo 1.8.12-1 (bug #772707)
	[jessie] - sudo 1.8.10p3-1+deb8u2
	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
	NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
	NOTE: http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0 (typos)
	NOTE: http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description)
	NOTE: http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/12
CVE-2015-2058 (c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates dat ...)
	- jabberd2 2.3.3-1 (bug #779154)
	NOTE: https://github.com/jabberd2/jabberd2/issues/85
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
CVE-2015-2059 (The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in  ...)
	{DSA-3578-1 DLA-476-1 DLA-277-1}
	- libidn 1.31-1 (medium)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
	NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
	NOTE: This could be attributed to a misuse of a (poorly documented) API
	NOTE: but since upstream provided a patch it makes more sense to fix
	NOTE: only libidn instead of every application using it
CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in Open ...)
	{DSA-3209-1 DLA-203-1}
	- openldap 2.4.40-4 (bug #776988)
	[wheezy] - openldap <no-dsa> (Minor issue)
	[squeeze] - openldap <no-dsa> (Minor issue)
	NOTE: http://www.openldap.org/its/?findid=8027
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c
CVE-2015-1546 (Double free vulnerability in the get_vrFilter function in servers/slap ...)
	- openldap 2.4.40-4 (bug #776991)
	[wheezy] - openldap <not-affected> (Regression introduced in 2.4.40)
	[squeeze] - openldap <not-affected> (Regression introduced in 2.4.40)
	NOTE: http://www.openldap.org/its/?findid=8046
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a
CVE-2014-XXXX [RPATH set to untrusted directory]
	[experimental] - noise <unfixed> (bug #759868)
CVE-2013-XXXX [TOCTOU race when expanding JAR files]
	- libbluray 0.7.0-1 (unimportant)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433
	NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp
	NOTE: Affected code removed in 0.7.0-1
CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers to c ...)
	{DLA-675-1}
	- potrace 1.12-1 (bug #778646)
	[squeeze] - potrace <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/12
CVE-2015-2785 (The GIF encoder in Byzanz allows remote attackers to cause a denial of ...)
	- byzanz <unfixed> (unimportant; bug #778261)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/11
	NOTE: Only applies to debug recordings, negligable security impact
CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux  ...)
	{DLA-246-1}
	- linux 3.6.4-1
	[wheezy] - linux 3.2.30-1
	- linux-2.6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause  ...)
	{DLA-431-1 DLA-430-1}
	- libfcgi 2.4.0-8.3 (bug #681591)
	[wheezy] - libfcgi 2.4.0-8.1+deb7u1
	- libfcgi-perl 0.78-2 (bug #815840)
	[jessie] - libfcgi-perl 0.77-1+deb8u1
	[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
CVE-2015-8837 (Stack-based buffer overflow in the isofs_real_readdir function in isof ...)
	{DSA-3551-1 DLA-323-1}
	- fuseiso 20070708-3.2 (bug #779047)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863091
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862211
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
CVE-2015-8836 (Integer overflow in the isofs_real_read_zf function in isofs.c in Fuse ...)
	{DSA-3551-1 DLA-323-1}
	- fuseiso 20070708-3.2 (bug #779047)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863102
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=861358
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
CVE-2010-XXXX [crash when parsing overly long links]
	- lynx-cur 2.8.8dev.4-1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
CVE-2015-1547 (The NeXTDecode function in tif_next.c in LibTIFF allows remote attacke ...)
	{DSA-3273-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.1 (bug #777390)
	- tiff3 <removed>
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
	NOTE: fix in https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1547
	NOTE: is applied in 4.0.3-13 (but please recheck this)
	NOTE: Raphael Hertzog> I could not find a way to reliably use the above reproducer. No segfault. And valgrind on "xloadimage" spits lots of warnings about use of uninitialized values with a good file and with the reproducer.
	NOTE: Still this CVE has been added to DLA-221-1 because the patch used for CVE-2014-9655 seems to include the fix for this CVE.
CVE-2015-1482 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to ...)
	NOT-FOR-US: Ansible Tower
CVE-2015-1481 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization ...)
	NOT-FOR-US: Ansible Tower
CVE-2015-1480 (ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows  ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2015-1479 (SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO M ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2015-1478 (Cross-site scripting (XSS) vulnerability in the CMSJunkie J-Classified ...)
	NOT-FOR-US: Joomla! plugin CMSJunkie J-ClassifiedsManager
CVE-2015-1477 (SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager comp ...)
	NOT-FOR-US: Joomla! plugin CMSJunkie J-ClassifiedsManager
CVE-2015-1476 (Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allo ...)
	NOT-FOR-US: xlinkerz ecommerceMajor
CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my little forum ...)
	NOT-FOR-US: My Little Forum
CVE-2015-1474 (Multiple integer overflows in the GraphicBuffer::unflatten function in ...)
	NOT-FOR-US: Android
CVE-2015-1471 (SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0  ...)
	NOT-FOR-US: Pragyan CMS
CVE-2015-1470
	RESERVED
CVE-2015-1469 (time.htm in the web interface on SerVision HVG Video Gateway devices w ...)
	NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-1468
	RESERVED
CVE-2015-1467 (Multiple SQL injection vulnerabilities in Translations in Fork CMS bef ...)
	NOT-FOR-US: Fork CMS
CVE-2015-1466
	RESERVED
CVE-2015-1464 (RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows  ...)
	{DSA-3176-1 DLA-158-1}
	- request-tracker4 4.2.8-3
	- request-tracker3.8 <removed>
CVE-2015-1463 (ClamAV before 0.98.6 allows remote attackers to cause a denial of serv ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/96ff19a19eba64bdf47f2f12ecdbc5ee331c09e2
CVE-2015-1462 (ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
CVE-2015-1461 (ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
CVE-2015-1460 (Huawei Quidway switches with firmware before V200R005C00SPC300 allows  ...)
	NOT-FOR-US: Huawei Quidway switches
CVE-2015-1459 (Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticato ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1458 (Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intende ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1457 (Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1456 (Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and pa ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1455 (Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the  ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1454 (Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Uni ...)
	NOT-FOR-US: Blue Coat ProxyClient and Unified Agent
CVE-2015-1453 (The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hard ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2015-1452 (The Control and Provisioning of Wireless Access Points (CAPWAP) daemon ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1451 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiO ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1450 (SQL injection vulnerability in Restaurant Biller allows remote attacke ...)
	NOT-FOR-US: Restaurant Biller
CVE-2015-1449 (Buffer overflow in the integrated web server on Siemens Ruggedcom WIN5 ...)
	NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1448 (The integrated management service on Siemens Ruggedcom WIN51xx devices ...)
	NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1447
	RESERVED
CVE-2015-1446
	RESERVED
CVE-2015-1445 (HTTP header injection in the httpd package in fli4l before 3.10.1 and  ...)
	NOT-FOR-US: fli4l
CVE-2015-1444 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	NOT-FOR-US: fli4l
CVE-2015-1443 (The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 all ...)
	NOT-FOR-US: fli4l
CVE-2015-1442 (SQL injection vulnerability in views/zero_transact_user.php in the adm ...)
	NOT-FOR-US: ZeroCMS
CVE-2015-1440
	RESERVED
CVE-2015-1439
	RESERVED
CVE-2015-1438 (Heap-based buffer overflow in Panda Security Kernel Memory Access Driv ...)
	NOT-FOR-US: Panda
CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 ...)
	NOT-FOR-US: Asus RT-N10+ D1 router
CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin b ...)
	NOT-FOR-US: Easing Slider plugin for WordPress
CVE-2015-1435 (Cross-site scripting (XSS) vulnerability in my little forum before 2.3 ...)
	NOT-FOR-US: Little forum
CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 ...)
	NOT-FOR-US: Little forum
CVE-2015-1429 (Directory traversal vulnerability in Cybele Software Thinfinity Remote ...)
	NOT-FOR-US: Cybele Software Thinfinity Remote Desktop Workstation
CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow  ...)
	NOT-FOR-US: Sefrengo
CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x be ...)
	- elasticsearch <not-affected> (Affects 1.3.0-1.3.7 and 1.4.0-1.4.2, vulnerable code not present)
	NOTE: http://seclists.org/bugtraq/2015/Feb/92
	NOTE: Problem in the Groovy scripting engine.
CVE-2015-1426 (Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains s ...)
	- facter 2.4.4-1 (bug #778265)
	[jessie] - facter <no-dsa> (Minor issue)
	[squeeze] - facter <not-affected> (Uses version 2008-02-01 of the EC2 API which does not expose security credentials)
	[wheezy] - facter <no-dsa> (Minor issue)
	NOTE: http://puppetlabs.com/security/cve/cve-2015-1426
	NOTE: https://tickets.puppetlabs.com/browse/FACT-800
	NOTE: The assessment for Squeeze being unaffected is based on the fact that the code accesses http://169.254.169.254/2008-02-01/meta-data/ and that http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html mentions the iam/security-credentials/role key as being introduced in version 2012-01-12.
CVE-2015-1493 (Directory traversal vulnerability in the min_get_slash_argument functi ...)
	- moodle 2.7.5+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
CVE-2015-XXXX [Invalid read in ensure_filepath]
	- libmspack 0.5-1
	- cabextract 1.4-5
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2015-XXXX [Invalid read in create_output_name]
	- libmspack 0.5-1
	- cabextract 1.4-5
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeX ...)
	{DSA-3273-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.1 (bug #777390)
	- tiff3 <removed>
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
CVE-2014-9654 (The Regular Expressions package in International Components for Unicod ...)
	{DSA-3187-1 DLA-219-1}
	- icu 52.1-7.1 (bug #776719)
	NOTE: https://ssl.icu-project.org/trac/changeset/36801
	NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component in PH ...)
	{DSA-3196-1 DLA-204-1}
	- file 1:5.22+15-1 (bug #777585)
	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
	NOTE: http://bugs.gw.com/view.php?id=409
	NOTE: http://mx.gw.com/pipermail/file/2014/001649.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/04/13
CVE-2015-1465 (The IPv4 implementation in the Linux kernel before 3.18.8 does not pro ...)
	- linux 3.16.7-ckt7-1
	[wheezy] - linux <not-affected> (Introduced in 3.16)
	- linux-2.6 <not-affected> (Introduced in 3.16)
	NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/02/2
CVE-2015-1473 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...)
	{DSA-3169-1 DLA-165-1}
	- glibc 2.19-15 (bug #777197)
	- eglibc <removed>
	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
	NOTE: the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
CVE-2015-1472 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...)
	{DSA-3169-1 DLA-165-1}
	- glibc 2.19-15 (bug #777197)
	- eglibc <removed>
	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
	NOTE: the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
CVE-2015-XXXX [Infinite loop in patch]
	- patch 2.7.4-1 (low; bug #776271)
	[squeeze] - patch <no-dsa> (Minor issue)
	[wheezy] - patch <no-dsa> (Minor issue)
	NOTE: Different from CVE-2014-9637
CVE-2015-1441 (SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5 ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
	NOTE: http://piwigo.org/releases/2.7.3
CVE-2015-1433 (program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...)
	{DLA-613-1}
	- roundcube 0.9.5+dfsg1-4.2 (low; bug #776700)
	[wheezy] - roundcube <no-dsa> (Minor issue)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2015-1432 (The message_options function in includes/ucp/ucp_pm_options.php in php ...)
	- phpbb3 3.0.12-4 (low; bug #776699)
	[wheezy] - phpbb3 3.0.10-4+deb7u2
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
	NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
CVE-2015-1431 (Cross-site scripting (XSS) vulnerability in includes/startup.php in ph ...)
	- phpbb3 3.0.12-4 (low; bug #776699)
	[wheezy] - phpbb3 3.0.10-4+deb7u2
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
	NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
	- xymon 4.3.17-5 (low; bug #776007)
	[squeeze] - xymon <not-affected> (Vulnerable code not present)
	[wheezy] - xymon <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...)
	NOT-FOR-US: JAKWEB Gecko CMS
CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...)
	NOT-FOR-US: Gecko CMS
CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow  ...)
	NOT-FOR-US: Gecko CMS
CVE-2015-1422 (Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 a ...)
	NOT-FOR-US: Gecko CMS
CVE-2015-XXXX [symlink directory traversal]
	- unrar-nonfree 1:5.2.7-0.1 (bug #774171)
	[wheezy] - unrar-nonfree 1:4.1.4-1+deb7u1
	[squeeze] - unrar-nonfree <no-dsa> (Non-free not supported)
CVE-2014-9983 (Directory Traversal exists in RAR 4.x and 5.x because an unpack operat ...)
	- rar 2:5.3.b2-1 (bug #774172)
	[jessie] - rar <no-dsa> (Non-free not supported)
	[wheezy] - rar <no-dsa> (Non-free not supported)
	[squeeze] - rar <no-dsa> (Not fixed upstream and license does not allow modification)
	NOTE: Version 5.21 upstream changes behaviour: by default rar skips symbolic links
	NOTE: symbolic links with absolute paths in link target when extracting.
CVE-2015-1589 (Directory traversal vulnerability in arCHMage 0.2.4 allows remote atta ...)
	- archmage 1:0.2.4-4 (bug #776164)
	[squeeze] - archmage <no-dsa> (Minor issue)
	[wheezy] - archmage <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/9
CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote at ...)
	- vsftpd 3.0.2-18 (unimportant; bug #776922)
	[jessie] - vsftpd 3.0.2-17+deb8u1
	NOTE: http://seclists.org/oss-sec/2015/q1/389
	NOTE: Not a real security feature according the manpage and upstream
CVE-2015-1418 (The do_ed_script function in pch.c in GNU patch through 2.7.6, and pat ...)
	NOT-FOR-US: patch as used in FreeBSD specifically
CVE-2018-1000156 (GNU Patch version 2.7.6 contains an input validation vulnerability whe ...)
	{DLA-1348-1}
	- patch 2.7.6-2 (bug #894993)
	[stretch] - patch 2.7.5-1+deb9u1
	[jessie] - patch 2.7.5-1+deb8u1
	NOTE: Upstream bug: https://savannah.gnu.org/bugs/?53566
	NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
	NOTE: https://twitter.com/kurtseifried/status/982028968877436928
	NOTE: This CVE is specifically for GNU patch and relates to CVE-2015-1418
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
	NOTE: Respective patch in FreeBSD: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc
	NOTE: Respective patch in OpenBSD: https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig
	NOTE: (Functional) regression/issue introduced with only the initial commit:
	NOTE: https://savannah.gnu.org/bugs/?53820
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1092500
	NOTE: Followup fixes needed to address https://bugs.debian.org/933140
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727
CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2 ...)
	- kfreebsd-10 10.2-1 (unimportant)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2015-1416 (Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ...)
	- patch 2.5-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/02/6
	NOTE: CVE assignment applies as well to GNU patch before 2.3 and 2.2.5
CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configur ...)
	NOT-FOR-US: FreeBSD installer
CVE-2015-1414 (Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 b ...)
	{DSA-3175-2 DSA-3175-1}
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-4 (bug #779195)
	- kfreebsd-9 <removed> (bug #779201)
	- kfreebsd-8 <removed> (bug #779202)
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
CVE-2015-1413
	RESERVED
CVE-2015-1412
	RESERVED
CVE-2015-1411
	RESERVED
CVE-2015-1410
	RESERVED
CVE-2015-1409
	RESERVED
CVE-2015-1408
	RESERVED
CVE-2015-1407
	RESERVED
CVE-2015-1406
	RESERVED
CVE-2015-1400 (SQL injection vulnerability in search.php in NPDS Revolution 13 allows ...)
	NOT-FOR-US: NPDS Revolution
CVE-2015-1399 (PHP remote file inclusion vulnerability in the fetchView function in t ...)
	NOT-FOR-US: Magento
CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community Edit ...)
	NOT-FOR-US: Magento
CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the Mage_Adm ...)
	NOT-FOR-US: Magento
CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Photo Galle ...)
	NOT-FOR-US: WordPress plugin photo-gallery
CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11  ...)
	NOT-FOR-US: WordPress plugin photo-gallery
CVE-2015-1392 (Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Pol ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1391
	RESERVED
CVE-2015-1390
	RESERVED
CVE-2015-1389 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass P ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6 ...)
	NOT-FOR-US: ArubaOS
CVE-2015-1387
	REJECTED
CVE-2015-1385 (Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Pod ...)
	NOT-FOR-US: WordPress plugin powerpress
CVE-2015-1384 (Cross-site scripting (XSS) vulnerability in the Banner Effect Header p ...)
	NOT-FOR-US: Banner Effect Header plugin for WordPress
CVE-2015-1383 (Cross-site scripting (XSS) vulnerability in the geo search widget in t ...)
	NOT-FOR-US: WordPress plugin geo-mashup
CVE-2015-1376 (pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPre ...)
	NOT-FOR-US: WordPress plugin Pixabay Images
CVE-2015-1375 (pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPre ...)
	NOT-FOR-US: WordPress plugin Pixabay Images
CVE-2015-1374 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1373 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in fe ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1372 (SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote att ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1371 (Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1368 (Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower ( ...)
	NOT-FOR-US: Ansible Tower
CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote ...)
	NOT-FOR-US: CatBot
CVE-2015-1366 (Cross-site scripting (XSS) vulnerability in pixabay-images.php in the  ...)
	NOT-FOR-US: Wordpress plugin Pixabay Images
CVE-2015-1365 (Directory traversal vulnerability in pixabay-images.php in the Pixabay ...)
	NOT-FOR-US: Wordpress plugin Pixabay Images
CVE-2015-1364 (SQL injection vulnerability in the getProfile function in system/profi ...)
	NOT-FOR-US: Free Reprintables ArticleFR
CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleF ...)
	NOT-FOR-US: ArticleFR
CVE-2015-1362 (Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7 ...)
	NOT-FOR-US: Exif Pilot
CVE-2015-1361 (platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrom ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1360 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote atta ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1359 (Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium,  ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1358 (The remote-management module in the (1) Multi Panels, (2) Comfort Pane ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2015-1357 (Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35,  ...)
	NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1356 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's  ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2015-1355 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2014-9648 (components/navigation_interception/intercept_navigation_resource_throt ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google Chrome befor ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-9646 (Unquoted Windows search path vulnerability in the GoogleChromeDistribu ...)
	- chromium-browser <not-affected> (Windows specific problem for chromium-browser)
CVE-2015-1563 (The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows l ...)
	- xen 4.4.1-7 (low; bug #776319)
	[wheezy] - xen <not-affected> (Only affects 4.4 and later on arm)
	[squeeze] - xen <not-affected> (Only affects 4.4 and later on arm)
CVE-2015-1558 (Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when u ...)
	- asterisk 1:13.1.0~dfsg-1.1 (bug #780601)
	[jessie] - asterisk <not-affected> (Only affects 12.x and 13.x)
	[wheezy] - asterisk <not-affected> (Only affects 12.x and 13.x)
	[squeeze] - asterisk <not-affected> (Only affects 12.x and 13.x)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24666
	NOTE: http://downloads.digium.com/pub/security/AST-2015-001.html
CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before 2.10. ...)
	- xchat 2.8.8-10 (bug #776609)
	[jessie] - xchat <no-dsa> (Minor issue)
	[wheezy] - xchat <no-dsa> (Minor issue)
	[squeeze] - xchat <no-dsa> (Minor issue)
	- xchat-gnome <removed> (bug #829730)
	[wheezy] - xchat-gnome <no-dsa> (Minor issue)
	[squeeze] - xchat-gnome <no-dsa> (Minor issue)
	- hexchat 2.10.2-1 (bug #818009)
	[jessie] - hexchat 2.10.1-1+deb8u1
	NOTE: https://github.com/hexchat/hexchat/issues/524
	NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d (v2.12.0)
	NOTE: https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 (v2.10.2)
CVE-2013-7426 (Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamaili ...)
	- kamailio 4.0.2-1 (bug #712083)
CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with libi ...)
	{DSA-3169-1 DLA-165-1}
	- glibc 2.15-1
	- eglibc 2.15-1
	NOTE: http://seclists.org/oss-sec/2015/q1/306
	NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
CVE-2015-1421 (Use-after-free vulnerability in the sctp_assoc_update function in net/ ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt4-3
	- linux-2.6 <removed>
	NOTE: Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
CVE-2015-1420 (Race condition in the handle_to_path function in fs/fhandle.c in the L ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt7-1
	- linux-2.6 <not-affected> (Introduced in 2.6.39)
	NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=161f873b89136eb1e69477c847d5a5033239d9ba (v4.1-rc7)
CVE-2015-1405 (SQL injection vulnerability in the Content Rating Extbase extension 2. ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1404 (Cross-site scripting (XSS) vulnerability in the Content Rating Extbase ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1403 (SQL injection vulnerability in the Content Rating extension 1.0.3 and  ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1402 (Cross-site scripting (XSS) vulnerability in the Content Rating extensi ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1401 (Improper Authentication vulnerability in the "LDAP / SSO Authenticatio ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ...)
	- kgb-bot <undetermined> (low; bug #776424)
	NOTE: 20190201: random crash still not reproducible
CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js  ...)
	NOT-FOR-US: sequelize
CVE-2015-1354
	RESERVED
CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x befor ...)
	{DSA-3162-1 DLA-163-1}
	- bind9 1:9.9.5.dfsg-9 (low; bug #778733)
CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...)
	NOT-FOR-US: Aruba Instant
CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2015-1344 (The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not pr ...)
	- lxcfs <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854
CVE-2015-1343 (All versions of unity-scope-gdrive logs search terms to syslog. ...)
	NOT-FOR-US: unity-scope-gdrive
CVE-2015-1342 (LXCFS before 0.12 does not properly enforce directory escapes, which m ...)
	- lxcfs <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
CVE-2015-1341 (Any Python module in sys.path can be imported if the command line of t ...)
	NOT-FOR-US: Apport
CVE-2015-1340 (LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ...)
	- lxd <itp> (bug #768073)
CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in  ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in v4.2-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.2-rc1)
	NOTE: Introduced in: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56 (v4.2-rc1)
	NOTE: Fixed in: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c (v4.4-rc5)
CVE-2015-1338 (kernel_crashdump in Apport before 2.19 allows local users to cause a d ...)
	NOT-FOR-US: Apport
CVE-2015-1337 (Simple Streams (simplestreams) does not properly verify the GPG signat ...)
	NOT-FOR-US: simplestreams
CVE-2015-1336 (The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in  ...)
	- man-db 2.7.6-1 (bug #840357)
	[jessie] - man-db <no-dsa> (Minor issue)
	[wheezy] - man-db <no-dsa> (Minor issue)
	[squeeze] - man-db <no-dsa> (Not exploitable in practice)
	NOTE: http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
	NOTE: https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
CVE-2015-1335 (lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local cont ...)
	{DSA-3400-1 DLA-442-1}
	- lxc 1:1.0.8-1 (bug #800471)
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1476662
	NOTE: https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
	NOTE: https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html
CVE-2015-1334 (attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a contai ...)
	{DSA-3317-1}
	- lxc 1:1.0.7-4 (bug #793298)
	[wheezy] - lxc <not-affected> (Affects 0.9.0 and higher)
	[squeeze] - lxc <not-affected> (Affects 0.9.0 and higher)
CVE-2015-1333 (Memory leak in the __key_link_end function in security/keys/keyring.c  ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u3
	[wheezy] - linux <not-affected> (Introduced in 3.13)
	- linux-2.6 <not-affected> (Introduced in 3.13)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=034faeb9ef390d58239e1dce748143f6b35a0d9b (v3.13-rc1)
CVE-2015-1332 (The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 a ...)
	NOT-FOR-US: oxide-qt
	NOTE: The JavaScriptDialogManager exists as well for chromium-browser, but this
	NOTE: CVE seem specific assigned for an issue in oxide::JavaScriptDialogManager
CVE-2015-1331 (lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitr ...)
	{DSA-3317-1}
	- lxc 1:1.0.7-4 (bug #793298)
	[wheezy] - lxc <not-affected> (Affects 1.0.0 and higher)
	[squeeze] - lxc <not-affected> (Affects 1.0.0 and higher)
CVE-2015-1330 (unattended-upgrades before 0.86.1 does not properly authenticate packa ...)
	{DSA-3297-1 DLA-267-1}
	- unattended-upgrades 0.86.1
CVE-2015-1329 (Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in o ...)
	NOT-FOR-US: Oxide-QT
CVE-2015-1328 (The overlayfs implementation in the linux (aka Linux kernel) package b ...)
	- linux <not-affected> (Ubuntu-specific flaw, overlayfs mounts restricted to privileged users in Debian)
	- linux-2.6 <not-affected> (Ubuntu-specific flaw, overlayfs mounts restricted to privileged users in Debian)
	NOTE: http://seclists.org/oss-sec/2015/q2/717
	NOTE: https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html
	NOTE: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/vivid/commit/?id=78ec4549
CVE-2015-1327 (Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only ...)
	NOT-FOR-US: Content Hub
CVE-2015-1326 (python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call  ...)
	- python-dbusmock 0.15.1-1 (bug #786858)
	[jessie] - python-dbusmock 0.11.4-1+deb8u1
	NOTE: https://bugs.launchpad.net/python-dbusmock/+bug/1453815
CVE-2015-1325 (Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubunt ...)
	NOT-FOR-US: Apport
CVE-2015-1324 (Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2. ...)
	NOT-FOR-US: Apport
CVE-2015-1323 (The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 a ...)
	{DLA-261-1}
	- aptdaemon 1.1.1+bzr982-1 (bug #789162)
	[jessie] - aptdaemon 1.1.1-4+deb8u1
	[wheezy] - aptdaemon 0.45-2+deb7u1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587
CVE-2015-1322 (Directory traversal vulnerability in the Ubuntu network-manager packag ...)
	- network-manager <not-affected> (Ubuntu specific patch)
	NOTE: http://www.ubuntu.com/usn/usn-2581-1
	NOTE: https://bazaar.launchpad.net/~phablet-team/network-manager/ofono-format-cleanup/view/head:/debian/patches/add_ofono_settings_support.patch
CVE-2015-1321 (Use-after-free vulnerability in the file picker implementation in Oxid ...)
	NOT-FOR-US: Oxide
CVE-2015-1320 (The SeaMicro provisioning of Ubuntu MAAS logs credentials, including u ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2015-1319 (The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 1 ...)
	- unity <itp> (bug #609278)
CVE-2015-1318 (The crash reporting feature in Apport 2.13 through 2.17.x before 2.17. ...)
	NOT-FOR-US: Apport
CVE-2015-1317 (Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1. ...)
	NOT-FOR-US: Oxide
CVE-2015-1316 (Juju Core's Joyent provider before version 1.25.5 uploads the user's p ...)
	- juju <removed>
CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in In ...)
	- unzip <not-affected> (*-unzip60-alt-iconv-utf8 patch not applied in Debian)
CVE-2015-1314 (The USAA Mobile Banking application before 7.10.1 for Android displays ...)
	NOT-FOR-US: USAA Mobile Banking application for Android
CVE-2015-1313
	RESERVED
CVE-2015-1312 (The Dealer Portal in SAP ERP does not properly restrict access, which  ...)
	NOT-FOR-US: SAP
CVE-2015-1311 (The Extended Application Services (XS) in SAP HANA allows remote attac ...)
	NOT-FOR-US: SAP
CVE-2015-1310 (SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase  ...)
	NOT-FOR-US: SAP
CVE-2015-1309 (XML external entity vulnerability in the Extended Computer Aided Test  ...)
	NOT-FOR-US: SAP
CVE-2015-1305 (McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows loca ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2014-9643 (K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and T ...)
	NOT-FOR-US: K7 components for Windows
CVE-2014-9642 (bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protect ...)
	NOT-FOR-US: BullGuard components
CVE-2014-9641 (The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, ...)
	NOT-FOR-US: Trend Micro
CVE-2014-9633 (The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote at ...)
	NOT-FOR-US: COMODO Backup
CVE-2014-9632 (The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 ...)
	NOT-FOR-US: AVG
CVE-2015-1386 (Directory traversal vulnerability in unshield 1.0-1. ...)
	- unshield 1.4-1 (low; bug #776193)
	[jessie] - unshield <no-dsa> (Minor issue)
	[wheezy] - unshield <no-dsa> (Minor issue)
	[squeeze] - unshield <no-dsa> (Minor issue)
	NOTE: https://github.com/twogood/unshield/issues/42
CVE-2015-1382 (parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a  ...)
	{DSA-3145-1 DLA-142-1}
	- privoxy 3.0.21-7 (bug #776490)
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
CVE-2015-1381 (Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.2 ...)
	{DSA-3145-1 DLA-142-1}
	- privoxy 3.0.21-7 (bug #776490)
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
CVE-2015-1380 (jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a deni ...)
	- privoxy 3.0.21-7 (bug #776490)
	[wheezy] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
	[squeeze] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
CVE-2015-1379 (The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b ...)
	- socat 1.7.2.4-2 (bug #776234)
	[wheezy] - socat <no-dsa> (Minor issue)
	[squeeze] - socat <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/6
	NOTE: Upstream advisory: http://www.dest-unreach.org/socat/contrib/socat-secadv6.txt
CVE-2015-1378 (cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68 ...)
	- grml-debootstrap 0.68.1 (low; bug #776502)
	[wheezy] - grml-debootstrap <no-dsa> (Minor issue)
	NOTE: https://github.com/grml/grml-debootstrap/issues/59
CVE-2015-1377 (The Read Mail module in Webmin 1.720 allows local users to read arbitr ...)
	- webmin <removed>
CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which support  ...)
	- patch 2.7.3-1 (bug #775873)
	[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
	[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
	NOTE: Upstream report: https://savannah.gnu.org/bugs/?44059
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/2
CVE-2015-1370 (Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Nod ...)
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
	NOTE: https://github.com/chjj/marked/issues/492
	NOTE: libv8 is not covered by security support
CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc  ...)
	{DLA-165-1}
	- glibc 2.19-1 (bug #722075)
	[wheezy] - eglibc 2.13-38+deb7u5
	- eglibc <removed>
	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
	NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
	NOTE: https://lkml.org/lkml/2013/3/4/70
	NOTE: https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7 (v3.19-rc1)
CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1)
CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...)
	{DLA-1445-1}
	- busybox 1:1.22.0-15 (low; bug #776186)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652
	NOTE: http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Apple O ...)
	- perl 5.20.0-1 (bug #776046)
	[wheezy] - perl <no-dsa> (Minor issue)
	[squeeze] - perl <no-dsa> (Minor issue)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=119505
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/23/9
CVE-2015-1304 (object-observe.js in Google V8, as used in Google Chrome before 45.0.2 ...)
	{DSA-3376-1}
	- chromium-browser 45.0.2454.101-1
	[jessie] - chromium-browser <no-dsa> (minor issue)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-1303 (bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome bef ...)
	{DSA-3376-1}
	- chromium-browser 45.0.2454.101-1
	[jessie] - chromium-browser <no-dsa> (minor issue)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1302 (The PDF viewer in Google Chrome before 46.0.2490.86 does not properly  ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.de/2015/11/stable-channel-update.html
CVE-2015-1301 (Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454 ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1300 (The FrameFetchContext::updateTimingInfoForIFrameNavigation function in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1299 (Use-after-free vulnerability in the shared-timer implementation in Bli ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1298 (The RuntimeEventRouter::OnExtensionUninstalled function in extensions/ ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1297 (The WebRequest API implementation in extensions/browser/api/web_reques ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1296 (The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.c ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1295 (Multiple use-after-free vulnerabilities in the PrintWebViewHelper clas ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1294 (Use-after-free vulnerability in the SkMatrix::invertNonIdentity functi ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1293 (The DOM implementation in Blink, as used in Google Chrome before 45.0. ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1292 (The NavigatorServiceWorker::serviceWorker function in modules/servicew ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1291 (The ContainerNode::parserRemoveChild function in core/dom/ContainerNod ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1290 (The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...)
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-1289 (Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403 ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1288 (The Spellcheck API implementation in Google Chrome before 44.0.2403.89 ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1287 (Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks- ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1286 (Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1285 (The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.c ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1284 (The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in  ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1283 (Multiple integer overflows in the XML_GetBuffer function in Expat thro ...)
	{DSA-3318-1 DSA-3315-1 DLA-281-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- expat 2.1.0-7 (bug #793484)
	NOTE: Patch: https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
CVE-2015-1282 (Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Docu ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1281 (core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before  ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1280 (SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403 ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1279 (Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2 ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1278 (content/browser/web_contents/web_contents_impl.cc in Google Chrome bef ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1277 (Use-after-free vulnerability in the accessibility implementation in Go ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1276 (Use-after-free vulnerability in content/browser/indexed_db/indexed_db_ ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1275 (Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browse ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2015-1274 (Google Chrome before 44.0.2403.89 does not ensure that the auto-open l ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1273 (Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used  ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1272 (Use-after-free vulnerability in the GPU process implementation in Goog ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1271 (PDFium, as used in Google Chrome before 44.0.2403.89, does not properl ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1270 (The ucnv_io_getConverterName function in common/ucnv_io.cpp in Interna ...)
	{DSA-3360-1 DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 55.1-5 (bug #798647)
	[wheezy] - icu <not-affected> (code in ucnv_io_getConverterName not present, introduced in 49.x)
	[squeeze] - icu <not-affected> (code in ucnv_io_getConverterName not present, introduced in 49.x)
	NOTE: http://bugs.icu-project.org/trac/ticket/11696
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37486/
CVE-2015-1269 (The DecodeHSTSPreloadRaw function in net/http/transport_security_state ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1268 (bindings/scripts/v8_types.py in Blink, as used in Google Chrome before ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1267 (Blink, as used in Google Chrome before 43.0.2357.130, does not properl ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1266 (content/browser/webui/content_web_ui_controller_factory.cc in Google C ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1265 (Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357 ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1264 (Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0. ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1263 (The Spellcheck API implementation in Google Chrome before 43.0.2357.65 ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1262 (platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google  ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1261 (android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1260 (Multiple use-after-free vulnerabilities in content/renderer/media/user ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1259 (PDFium, as used in Google Chrome before 43.0.2357.65, does not properl ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1258 (Google Chrome before 43.0.2357.65 relies on libvpx code that was not b ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libvpx 1.4.0-4 (unimportant)
	[wheezy] - libvpx <not-affected> (vp9 code introduced in 1.3.0)
	[squeeze] - libvpx <not-affected> (vp9 code not present in 0.9.1)
	NOTE: That's not a vulnerability in libvpx per se
	NOTE: 1.4.0-4 adds the workaround to configure with --size-limit=16384x16384
	NOTE: https://github.com/webmproject/libvpx/commit/943e43273b0a7369d07714e7fd2e19fecfb11c7c
CVE-2015-1257 (platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation  ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1256 (Use-after-free vulnerability in the SVG implementation in Blink, as us ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1255 (Use-after-free vulnerability in content/renderer/media/webaudio_captur ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1254 (core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2 ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1253 (core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1252 (common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1251 (Use-after-free vulnerability in the SpeechRecognitionClient implementa ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1250 (Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311 ...)
	{DSA-3242-1}
	- chromium-browser 42.0.2311.135-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html
CVE-2015-1249 (Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311 ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1248 (The FileSystem API in Google Chrome before 40.0.2214.91 allows remote  ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1247 (The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1246 (Blink, as used in Google Chrome before 42.0.2311.90, allows remote att ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1245 (Use-after-free vulnerability in the OpenPDFInReaderView::Update functi ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1244 (The URLRequest::GetHSTSRedirect function in url_request/url_request.cc ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1243 (Use-after-free vulnerability in the MutationObserver::disconnect funct ...)
	{DSA-3242-1}
	- chromium-browser 42.0.2311.135-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html
CVE-2015-1242 (The ReduceTransitionElementsKind function in hydrogen-check-eliminatio ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1241 (Google Chrome before 42.0.2311.90 does not properly consider the inter ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1240 (gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in  ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1239 (Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG  ...)
	{DLA-1433-1}
	- openjpeg2 2.1.1-1
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=430891
	NOTE: https://github.com/uclouvain/openjpeg/issues/477
	NOTE: The issue must have been fixed in one of the commits before or with
	NOTE: https://github.com/uclouvain/openjpeg/commit/2d24b6000d5611615e3e6d799e20d5fdbe4e2a1e
	NOTE: which corresponds to the r2997 commit as mentioned in the merge which
	NOTE: fixed the issue on Google/PDFium's side.
CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows remote atta ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1237 (Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1236 (The MediaElementAudioSourceNode::process function in modules/webaudio/ ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1235 (The ContainerNode::parserRemoveChild function in core/dom/ContainerNod ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1234 (Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in G ...)
	- chromium-browser 41.0.2272.118-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1233 (Google Chrome before 41.0.2272.118 does not properly handle the intera ...)
	- chromium-browser 41.0.2272.118-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1232 (Array index error in the MidiManagerUsb::DispatchSendMidiData function ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1231 (Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272 ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1230 (The getHiddenProperty function in bindings/core/v8/V8EventListenerList ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-1229 (net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 d ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1228 (The RenderCounter::updateCounter function in core/rendering/RenderCoun ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1227 (The DragImage::create function in platform/DragImage.cpp in Blink, as  ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1226 (The DebuggerFunction::InitAgentHost function in browser/extensions/api ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1225 (PDFium, as used in Google Chrome before 41.0.2272.76, allows remote at ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1224 (The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_dec ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1223 (Multiple use-after-free vulnerabilities in core/html/HTMLInputElement. ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1222 (Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCach ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1221 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1220 (Use-after-free vulnerability in the GIFImageReader::parseData function ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1219 (Integer overflow in the SkMallocPixelRef::NewAllocate function in core ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1218 (Multiple use-after-free vulnerabilities in the DOM implementation in B ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1217 (The V8LazyEventListener::prepareListenerObject function in bindings/co ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1216 (Use-after-free vulnerability in the V8Window::namedPropertyGetterCusto ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1215 (The filters implementation in Skia, as used in Google Chrome before 41 ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1214 (Integer overflow in the SkAutoSTArray implementation in include/core/S ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1213 (The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filte ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1212 (Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214 ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1211 (The OriginCanAccessServiceWorkers function in content/browser/service_ ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1210 (The V8ThrowException::createDOMException function in bindings/core/v8/ ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1209 (Use-after-free vulnerability in the VisibleSelection::nonBoundaryShado ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1208 (Integer underflow in the mov_read_default function in libavformat/mov. ...)
	- ffmpeg 7:2.5.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chr ...)
	{DLA-1654-1}
	- ffmpeg 7:2.6.1-1
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows remote a ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters functiona ...)
	NOT-FOR-US: Save Filters functionality in the WP Slimstat plugin for WordPress
CVE-2015-1190
	RESERVED
CVE-2015-1189
	RESERVED
CVE-2015-1188 (The certificate verification functions in the HNDS service in Swisscom ...)
	NOT-FOR-US: Swisscom Centro Grande DSL router
CVE-2015-1187 (The ping tool in multiple D-Link and TRENDnet devices allow remote att ...)
	NOT-FOR-US: D-Link
CVE-2015-1186
	RESERVED
CVE-2015-1185
	RESERVED
CVE-2015-1184
	RESERVED
CVE-2015-1183
	RESERVED
CVE-2015-1181
	RESERVED
CVE-2015-1180 (Cross-site scripting (XSS) vulnerability in the Web Reports in EventSe ...)
	NOT-FOR-US: EventSentry
CVE-2015-1179 (Multiple cross-site scripting (XSS) vulnerabilities in data_point_deta ...)
	NOT-FOR-US: Mango Automation
CVE-2015-1178 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-C ...)
	NOT-FOR-US: X-Cart
CVE-2015-1177 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in  ...)
	NOT-FOR-US: osTicket
CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA ...)
	NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not pro ...)
	NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the ...)
	NOT-FOR-US: WordPress theme holding_pattern
CVE-2015-1171 (Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6 ...)
	NOT-FOR-US: SIM Card Editor
CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
	NOT-FOR-US: Apereo Central Authentication Service
CVE-2015-1168
	RESERVED
CVE-2015-1167
	RESERVED
CVE-2015-1166
	RESERVED
CVE-2015-1165 (RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x bef ...)
	{DSA-3176-1 DLA-158-1}
	- request-tracker4 4.2.8-3
	- request-tracker3.8 <removed>
CVE-2015-1163
	RESERVED
CVE-2015-1162
	RESERVED
CVE-2015-1161
	RESERVED
CVE-2014-9631
	RESERVED
CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
	[jessie] - vorbis-tools 1.4.0-6+deb8u1
	- opus-tools 0.1.10-1 (unimportant; bug #780160)
	NOTE: https://trac.xiph.org/ticket/2137
	NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
	NOTE: No security impact
	NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
CVE-2014-9639 (Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attacke ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-7 (low; bug #776086)
	[jessie] - vorbis-tools 1.4.0-6+deb8u1
	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
	- opus-tools 0.1.10-1 (bug #780160)
	[jessie] - opus-tools <no-dsa> (Minor issue)
	[wheezy] - opus-tools <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/ticket/2136
	NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
	NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-6 (bug #771363)
	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/ticket/2009
	NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in R ...)
	- rabbitmq-server 3.4.1-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
	NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...)
	- rabbitmq-server 3.4.1-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
	NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
	NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2015-1396 (A Directory Traversal vulnerability exists in the GNU patch before 2.7 ...)
	- patch 2.7.3-1 (bug #775901)
	[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
	[squeeze] - patch <not-affected>  (Not affected by CVE-2015-1196 and no incomplete fix applied)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
CVE-2015-1353
	REJECTED
CVE-2015-4471 (Off-by-one error in the lzxd_decompress function in lzxd.c in libmspac ...)
	- libmspack 0.5-1 (bug #775499)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2014-9732 (The cabd_extract function in cabd.c in libmspack before 0.5 does not p ...)
	- libmspack 0.5-1 (bug #774665)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4470 (Off-by-one error in the inflate function in mszipd.c in libmspack befo ...)
	- libmspack 0.5-1 (bug #775498)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4472 (Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack befor ...)
	- libmspack 0.5-1 (bug #775687)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-1591 (The kamailio build in kamailio before 4.2.0-2 process allows local use ...)
	- kamailio 4.2.0-2 (bug #775681)
	NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-1590 (The kamcmd administrative utility and default configuration in kamaili ...)
	- kamailio 4.2.0-2 (bug #775681)
	NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-XXXX [insecure configuration permissions]
	- phabricator 0~git20150129-1 (bug #775479)
CVE-2014-9637 (GNU patch 2.7.2 and earlier allows remote attackers to cause a denial  ...)
	- patch 2.7.1-7
	[wheezy] - patch <not-affected> (Vulnerability introduced later)
	[squeeze] - patch <not-affected> (Vulnerability introduced later)
	NOTE: https://savannah.gnu.org/bugs/?44051
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944
CVE-2015-XXXX [race condition between fur and fex_cleanup may create internal instead of external user]
	- fex 20150120-1 (low; bug #773751)
	[squeeze] - fex <no-dsa> (Minor issue as it does not affect default setups)
CVE-2015-XXXX [information leak in event device handling]
	- linux 3.16.7-ckt7-1
	[wheezy] - linux <not-affected> (Introduced in 3.11)
	- linux-2.6 <not-affected> (Introduced in 3.11)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35 (v3.18-rc1)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=483180281f0ac60d1138710eb21f4b9961901294 (v3.11-rc1)
	NOTE: CVE Request: http://article.gmane.org/gmane.comp.security.oss.general/15457
CVE-2015-1346 (Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, a ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2015-1345 (The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows  ...)
	- grep 2.20-4.1 (low; bug #776039)
	[squeeze] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
	[wheezy] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
	NOTE: http://bugs.gnu.org/19563
	NOTE: Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2
CVE-2014-XXXX [formail: memory corruption]
	- procmail 3.22-24 (bug #769937)
	[wheezy] - procmail <no-dsa> (Minor issue)
	[squeeze] - procmail <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/9
CVE-2015-1182 (The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1 ...)
	{DSA-3136-1 DLA-144-1}
	- polarssl 1.3.9-2.1 (bug #775776)
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
CVE-2015-1175 (Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in t ...)
	NOT-FOR-US: PrestaShop
CVE-2015-1160
	RESERVED
CVE-2015-1159 (Cross-site scripting (XSS) vulnerability in the cgi_puts function in c ...)
	{DSA-3283-1 DLA-239-1}
	- cups 1.7.5-12
CVE-2015-1158 (The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3  ...)
	{DSA-3283-1 DLA-239-1}
	- cups 1.7.5-12
CVE-2015-1157 (CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause ...)
	NOT-FOR-US: Apple iOS
CVE-2015-1156 (The page-loading implementation in WebKit, as used in Apple Safari bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1155 (The history implementation in WebKit, as used in Apple Safari before 6 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1154 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1153 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1152 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1151 (Wiki Server in Apple OS X Server before 4.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-1150 (The Firewall component in Apple OS X Server before 4.1 uses an incorre ...)
	NOT-FOR-US: Apple
CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode before 6.3 a ...)
	NOT-FOR-US: Apple Xcode
CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password of a u ...)
	NOT-FOR-US: Apple
CVE-2015-1147 (Open Directory Client in Apple OS X before 10.10.3 sends unencrypted p ...)
	NOT-FOR-US: Apple
CVE-2015-1146 (The Code Signing implementation in Apple OS X before 10.10.3 does not  ...)
	NOT-FOR-US: Apple
CVE-2015-1145 (The Code Signing implementation in Apple OS X before 10.10.3 does not  ...)
	NOT-FOR-US: Apple
CVE-2015-1144 (Buffer overflow in the UniformTypeIdentifiers component in Apple OS X  ...)
	NOT-FOR-US: Apple
CVE-2015-1143 (LaunchServices in Apple OS X before 10.10.3 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-1142 (LaunchServices in Apple OS X before 10.10.3 allows local users to caus ...)
	NOT-FOR-US: Apple
CVE-2015-1141 (The mach_vm_read functionality in the kernel in Apple OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2015-1140 (Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows loc ...)
	NOT-FOR-US: Apple
CVE-2015-1139 (ImageIO in Apple OS X before 10.10.3 allows remote attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2015-1138 (Hypervisor in Apple OS X before 10.10.3 allows local users to cause a  ...)
	NOT-FOR-US: Apple
CVE-2015-1137 (The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local u ...)
	NOT-FOR-US: Apple
CVE-2015-1136 (Use-after-free vulnerability in CoreAnimation in Apple OS X before 10. ...)
	NOT-FOR-US: Apple
CVE-2015-1135 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1134 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1133 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1132 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1131 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1130 (The XPC implementation in Admin Framework in Apple OS X before 10.10.3 ...)
	NOT-FOR-US: Apple
CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does ...)
	NOT-FOR-US: Apple Safari
CVE-2015-1128 (The private-browsing implementation in Apple Safari before 6.2.5, 7.x  ...)
	NOT-FOR-US: Apple Safari
CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari before 6 ...)
	NOT-FOR-US: Apple Safari
CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1125 (The touch-events implementation in WebKit in Apple iOS before 8.3 allo ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Appl ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1123 (WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1122 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Appl ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1121 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Appl ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1120 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Appl ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1119 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Appl ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1118 (libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and App ...)
	NOT-FOR-US: Apple
CVE-2015-1117 (The (1) setreuid and (2) setregid system-call implementations in the k ...)
	NOT-FOR-US: iOS
CVE-2015-1116 (The UIKit View component in Apple iOS before 8.3 displays unblurred ap ...)
	NOT-FOR-US: iOS
CVE-2015-1115 (The Telephony component in Apple iOS before 8.3 allows attackers to by ...)
	NOT-FOR-US: iOS
CVE-2015-1114 (The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV be ...)
	NOT-FOR-US: iOS
CVE-2015-1113 (The Sandbox Profiles component in Apple iOS before 8.3 allows attacker ...)
	NOT-FOR-US: iOS
CVE-2015-1112 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as  ...)
	NOT-FOR-US: iOS
CVE-2015-1111 (Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs da ...)
	NOT-FOR-US: iOS
CVE-2015-1110 (The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 ...)
	NOT-FOR-US: iOS
CVE-2015-1109 (NetworkExtension in Apple iOS before 8.3 stores credentials in VPN con ...)
	NOT-FOR-US: iOS
CVE-2015-1108 (The Lock Screen component in Apple iOS before 8.3 does not properly en ...)
	NOT-FOR-US: iOS
CVE-2015-1107 (The Lock Screen component in Apple iOS before 8.3 does not properly im ...)
	NOT-FOR-US: iOS
CVE-2015-1106 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8 ...)
	NOT-FOR-US: iOS
CVE-2015-1105 (The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS ...)
	NOT-FOR-US: iOS
CVE-2015-1104 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and App ...)
	NOT-FOR-US: iOS
CVE-2015-1103 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and App ...)
	NOT-FOR-US: iOS
CVE-2015-1102 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and App ...)
	NOT-FOR-US: iOS
CVE-2015-1101 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and App ...)
	NOT-FOR-US: iOS
CVE-2015-1100 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and App ...)
	NOT-FOR-US: iOS
CVE-2015-1099 (Race condition in the setreuid system-call implementation in the kerne ...)
	NOT-FOR-US: iOS
CVE-2015-1098 (iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows rem ...)
	NOT-FOR-US: iOS
CVE-2015-1097 (IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 al ...)
	NOT-FOR-US: iOS
CVE-2015-1096 (IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Ap ...)
	NOT-FOR-US: iOS
CVE-2015-1095 (IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Ap ...)
	NOT-FOR-US: iOS
CVE-2015-1094 (IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 al ...)
	NOT-FOR-US: iOS
CVE-2015-1093 (FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allow ...)
	NOT-FOR-US: iOS
CVE-2015-1092 (NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before  ...)
	NOT-FOR-US: iOS
CVE-2015-1091 (The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X ...)
	NOT-FOR-US: iOS
CVE-2015-1090 (CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transpor ...)
	NOT-FOR-US: iOS
CVE-2015-1089 (CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does n ...)
	NOT-FOR-US: iOS
CVE-2015-1088 (CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not p ...)
	NOT-FOR-US: iOS
CVE-2015-1087 (Directory traversal vulnerability in Backup in Apple iOS before 8.3 al ...)
	NOT-FOR-US: iOS
CVE-2015-1086 (The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV befor ...)
	NOT-FOR-US: iOS
CVE-2015-1085 (AppleKeyStore in Apple iOS before 8.3 does not properly restrict a cer ...)
	NOT-FOR-US: iOS
CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, 7. ...)
	NOT-FOR-US: Safari
CVE-2015-1083 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1082 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1081 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1080 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1079 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1078 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1077 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1076 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1075 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1074 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1073 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1072 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1071 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1070 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1069 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2,  ...)
	NOT-FOR-US: Apple
CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2  ...)
	NOT-FOR-US: Apple
CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 a ...)
	NOT-FOR-US: Apple
CVE-2015-1064 (Springboard in Apple iOS before 8.2 allows physically proximate attack ...)
	NOT-FOR-US: Apple
CVE-2015-1063 (CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause ...)
	NOT-FOR-US: Apple
CVE-2015-1062 (MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 d ...)
	NOT-FOR-US: Apple
CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and App ...)
	NOT-FOR-US: Apple
CVE-2015-1060 (Open redirect vulnerability in lib/Cake/Controller/Controller.php in A ...)
	NOT-FOR-US: AdaptCMS
CVE-2015-1059 (Unrestricted file upload vulnerability in admin/files/add in AdaptCMS  ...)
	NOT-FOR-US: AdaptCMS
CVE-2015-1058 (Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3  ...)
	NOT-FOR-US: AdaptCMS
CVE-2015-1057 (Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2 ...)
	NOT-FOR-US: e107
CVE-2015-1056 (Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printe ...)
	NOT-FOR-US: Brother printer
CVE-2015-1055 (SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for Word ...)
	NOT-FOR-US: WordPress plugin Photo Gallery
CVE-2015-1054 (Cross-site scripting (XSS) vulnerability in the Games feature in Crea8 ...)
	NOT-FOR-US: Crea8Social
CVE-2015-1053 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
	NOT-FOR-US: Croogo
CVE-2015-1052 (Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2015-1050 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Secu ...)
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2015-1049 (The web server on Siemens SCALANCE X-200IRT switches with firmware bef ...)
	NOT-FOR-US: Siemens SCALANCE
CVE-2015-1205 (Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214 ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: See CVE-2014-9654 for the bug in src:icu
CVE-2015-1203
	REJECTED
CVE-2015-1202
	REJECTED
CVE-2015-1201 (Privoxy before 3.0.22 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Bogus entry for Privoxy picked from Secunia
CVE-2014-9630 (The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c  ...)
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
CVE-2014-9629 (Integer overflow in the Encode function in modules/codec/schroedinger. ...)
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
CVE-2014-9628 (The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...)
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9627 (The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...)
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9626 (Integer underflow in the MP4_ReadBox_String function in modules/demux/ ...)
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9625 (The GetUpdateFile function in misc/update.c in the Updater in VideoLAN ...)
	- vlc <not-affected> (Update mechanism not enabled in the Debian package)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
CVE-2014-9623 (OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allo ...)
	- glance 2014.1.3-12 (bug #776580)
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1
CVE-2014-9619 (Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/aja ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x befo ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9617 (Open redirect vulnerability in remotereporter/load_logfiles.php in Net ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 a ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9615 (Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows re ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9614 (The Web Panel in Netsweeper before 4.0.5 has a default password of bra ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9613 (Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10  ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9612 (SQL injection vulnerability in remotereporter/load_logfiles.php in Net ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 a ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9609 (Directory traversal vulnerability in webadmin/reporter/view_server_log ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9608 (Cross-site scripting (XSS) vulnerability in webadmin/policy/group_tabl ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9607 (Cross-site scripting (XSS) vulnerability in remotereporter/load_logfil ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9606 (Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper befo ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9605 (WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x  ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ze ...)
	{DSA-3189-1}
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav 6:11.3-1 (bug #775593)
	NOTE: Applies to 0.8, but in different file (utvideo.c)
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5. ...)
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits a ...)
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of servi ...)
	- pillow 2.6.1-2 (bug #776303)
	- python-imaging <removed>
	[wheezy] - python-imaging <no-dsa> (Minor issue)
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
	NOTE: http://web.archive.org/web/20150921104441/http://pillow.readthedocs.org:80/releasenotes/2.7.0.html#png-text-chunk-size-limits
CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 al ...)
	NOT-FOR-US: Macroplant iExplorer
CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in b2evolu ...)
	- b2evolution <removed>
CVE-2014-9598 (The picture_Release function in misc/picture.c in VideoLAN VLC media p ...)
	NOTE: https://trac.videolan.org/vlc/ticket/13390
	NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
	NOTE: This was originally reported for VLC; but upstream states that it is in libavcodec
	NOTE: This seems to be Windows-specific issue, the reported error couldn't be reproduced
	NOTE: with any ffmpeg release and libav/0.8.
CVE-2014-9597 (The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VL ...)
	NOTE: https://trac.videolan.org/vlc/ticket/13389
	NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
	NOTE: This was originally reported for VLC; but upstream states that it is in libavcodec
	NOTE: This seems to be Windows-specific issue, the reported error couldn't be reproduced
	NOTE: with any ffmpeg release and libav/0.8.
CVE-2014-9596 (Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 bui ...)
	NOT-FOR-US: Panasonic Arbitrator Back-End Server
CVE-2014-9595 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32- ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-9594 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32- ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-9593 (Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote at ...)
	NOT-FOR-US: Apache CloudStack
CVE-2015-1308 (kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote a ...)
	- kde-workspace 4:5.1.95-1
	[jessie] - kde-workspace <no-dsa> (Minor issue)
	[wheezy] - kde-workspace <no-dsa> (Minor issue)
CVE-2015-1307 (plasma-workspace before 5.1.95 allows remote attackers to obtain passw ...)
	NOT-FOR-US: KDE Plasma 5 desktop, not yet packaged
CVE-2015-1306 (The newsletter posting area in the web interface in Sympa 6.0.x before ...)
	{DSA-3134-1 DLA-148-1}
	- sympa 6.1.23~dfsg-2
	NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
CVE-2014-9624 (CAPTCHA bypass vulnerability in MantisBT before 1.2.19. ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17984
CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Context mo ...)
	NOT-FOR-US: Drupal extension drupal7-context
CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 a ...)
	{DSA-3180-1 DLA-166-1}
	- libarchive 3.1.2-11 (bug #778266)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/7
	NOTE: Patch: https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
CVE-2015-1200 (Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for t ...)
	- pxz 4.999.99~beta3+git659fc9b-3 (bug #775306)
CVE-2015-1199 (Directory traversal vulnerability in ppmd 10.1-5. ...)
	- ppmd <removed> (low; bug #775218)
	[jessie] - ppmd <no-dsa> (Minor issue)
	[wheezy] - ppmd <no-dsa> (Minor issue)
	[squeeze] - ppmd <no-dsa> (Minor issue)
CVE-2015-1195 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) b ...)
	- glance 2014.1.3-11 (bug #775926)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
CVE-2012-XXXX [Insufficient validation of USB device descriptors]
	- oss4 4.2-build2010-2 (bug #775662)
	[wheezy] - oss4 <no-dsa> (Minor issue)
	[squeeze] - oss4 <no-dsa> (Minor issue)
CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an incomplete set o ...)
	{DLA-772-1}
	- linux 4.8.11-1 (bug #770492)
	[jessie] - linux 3.16.39-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/030b533c4fd4d2ec3402363323de4bb2983c9cee
CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS]
	- typo3-src 4.5.40+dfsg1-1 (bug #766502)
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
	- lhasa 0.2.0-1
	[wheezy] - lhasa <no-dsa> (Minor issue)
CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service (out-of ...)
	{DSA-3152-1 DLA-150-1}
	- unzip 6.0-15 (bug #776589)
	NOTE: http://seclists.org/oss-sec/2014/q4/489
	NOTE: http://seclists.org/oss-sec/2014/q4/507
	NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
CVE-2014-9635 (Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie he ...)
	- jenkins 1.565.3-3 (bug #769682)
CVE-2014-9634 (Jenkins before 1.586 does not set the secure flag on session cookies w ...)
	- jenkins 1.565.3-3 (bug #769682)
CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 fo ...)
	- node-serve-static 1.6.4-2 (unimportant; bug #775843)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/serve-static-open-redirect
	NOTE: https://github.com/expressjs/serve-static/issues/26
CVE-2015-1048 (Open redirect vulnerability in the integrated web server on Siemens SI ...)
	NOT-FOR-US: Siemens
CVE-2015-1047 (vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 b ...)
	NOT-FOR-US: VMware vCenter
CVE-2015-1046
	REJECTED
CVE-2015-1045
	REJECTED
CVE-2015-1044 (vmware-authd (aka the Authorization process) in VMware Workstation 10. ...)
	NOT-FOR-US: VMware
CVE-2015-1043 (The Host Guest File System (HGFS) in VMware Workstation 10.x before 10 ...)
	NOT-FOR-US: VMware
CVE-2015-1041 (Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php ...)
	NOT-FOR-US: e107
CVE-2015-1040 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: BEdita
CVE-2015-1039 (Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Com ...)
	NOT-FOR-US: zfcUser
CVE-2015-1037
	RESERVED
CVE-2015-1036
	RESERVED
CVE-2015-1035
	RESERVED
CVE-2015-1034
	RESERVED
CVE-2015-1033
	RESERVED
CVE-2015-1032 (Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when u ...)
	- kiwix <removed>
	NOTE: actually RFP again, but was removed from the archive on 2014-09-25
	NOTE: See https://bugs.debian.org/763321
CVE-2015-1029 (The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x b ...)
	- puppet-module-puppetlabs-stdlib 4.9.0-1 (bug #775535)
	[jessie] - puppet-module-puppetlabs-stdlib <not-affected> (The jessie version of facter is recent enough)
	NOTE: http://puppetlabs.com/security/cve/cve-2015-1029
	NOTE: http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html
CVE-2015-1028 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730 ...)
	NOT-FOR-US: D-Link router
CVE-2015-1027 (The version checking subroutine in percona-toolkit before 2.2.13 and x ...)
	- percona-toolkit 2.2.13-1 (unimportant)
	[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
	- percona-xtrabackup <removed> (unimportant)
	NOTE: Automatic version check is disabled and inherently insecure (CVE-2014-2029)
	NOTE: Patch applied to OpenSUSE 13.1: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
CVE-2015-1026 (Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngi ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2015-1025
	RESERVED
CVE-2015-1024
	RESERVED
CVE-2015-1023
	RESERVED
CVE-2015-1022
	RESERVED
CVE-2015-1021
	RESERVED
CVE-2015-1020
	RESERVED
CVE-2015-1019
	RESERVED
CVE-2015-1018
	RESERVED
CVE-2015-1017
	RESERVED
CVE-2015-1016
	RESERVED
CVE-2015-1015 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, an ...)
	NOT-FOR-US: Omron CX-One
CVE-2015-1014 (A successful exploit of these vulnerabilities requires the local user  ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure tha ...)
	NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
CVE-2015-1012 (Wireless keys are stored in plain text on version 5 of the Hospira Lif ...)
	NOT-FOR-US: Hospira
CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credenti ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does n ...)
	NOT-FOR-US: Rockwell Automation RSView32
CVE-2015-1009 (Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wond ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 al ...)
	NOT-FOR-US: Emerson AMS Device Manager
CVE-2015-1007 (A specially crafted configuration file could be used to cause a stack- ...)
	NOT-FOR-US: Opto 22 PAC
CVE-2015-1006 (A vulnerable file in Opto 22 PAC Project Professional versions prior t ...)
	NOT-FOR-US: Opto
CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE u ...)
	NOT-FOR-US: IniNet
CVE-2015-1004
	REJECTED
CVE-2015-1003 (Directory traversal vulnerability in IniNet embeddedWebServer (aka eWe ...)
	NOT-FOR-US: IniNet
CVE-2015-1002 (IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL e ...)
	NOT-FOR-US: IniNet
CVE-2015-1001 (Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka ...)
	NOT-FOR-US: IniNet
CVE-2015-1000 (Stack-based buffer overflow in the OpenForIPCamTest method in the RTSP ...)
	NOT-FOR-US: SStreamVideo ActiveX control
CVE-2015-0999 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and  ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0998 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and  ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0997 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and  ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0996 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and  ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0995 (Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which ma ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0994 (Inductive Automation Ignition 7.7.2 allows remote authenticated users  ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0993 (Inductive Automation Ignition 7.7.2 does not terminate a session upon  ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0992 (Inductive Automation Ignition 7.7.2 stores cleartext OPC Server creden ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0991 (Inductive Automation Ignition 7.7.2 allows remote attackers to obtain  ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0990 (Untrusted search path vulnerability in Ecava IntegraXor SCADA Server b ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2015-0989 (PACTware 4.1 SP3 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: PACTware
CVE-2015-0988 (Omron CX-One CX-Programmer before 9.6 uses a reversible format for pas ...)
	NOT-FOR-US: Omron CX-One
CVE-2015-0987 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, an ...)
	NOT-FOR-US: Omron CX-One
CVE-2015-0986 (Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus b ...)
	NOT-FOR-US: Moxa VPort ActiveX SDK Plus
CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on  ...)
	NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-0984 (Directory traversal vulnerability in the FTP server on Honeywell Excel ...)
	NOT-FOR-US: Honeywell Excel Web
CVE-2015-0983
	REJECTED
CVE-2015-0982 (Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-N ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-0981 (The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.37 ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0980 (Format string vulnerability in BACnOPCServer.exe in the SOAP web inter ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0979 (Heap-based buffer overflow in the SOAP web interface in SCADA Engine B ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0978 (Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics ...)
	NOT-FOR-US: Elipse E3
CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote attac ...)
	NOT-FOR-US: IntraVue
CVE-2015-0976 (Cross-site scripting (XSS) vulnerability in Inductive Automation Ignit ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0975
	RESERVED
CVE-2015-0974 (Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 al ...)
	NOT-FOR-US: ZTE Datacard MF19
CVE-2015-0972 (Pearson ProctorCache before 2015.1.17 uses the same hardcoded password ...)
	NOT-FOR-US: Pearson ProctorCache
CVE-2015-0971 (The DER parser in Suricata before 2.0.8 allows remote attackers to cau ...)
	{DSA-3254-1}
	- suricata 2.0.8-1
	[wheezy] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
	[squeeze] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
	NOTE: http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/
	NOTE: Patch: https://github.com/inliniac/suricata/commit/fa73a0bb8f312fd0a95cc70f6b3ee4e4997bdba7
CVE-2015-0970 (Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8 ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0969 (SearchBlox before 8.2 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0968 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0967 (Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox befo ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0966
	RESERVED
CVE-2015-0965
	RESERVED
CVE-2015-0964
	RESERVED
CVE-2015-0963
	RESERVED
CVE-2015-0962 (Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection ...)
	NOT-FOR-US: Barracuda Web Filter
CVE-2015-0961 (Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, ...)
	NOT-FOR-US: Barracuda Web Filter
CVE-2015-0960
	RESERVED
CVE-2015-0959
	RESERVED
CVE-2015-0958
	RESERVED
CVE-2015-0957
	RESERVED
CVE-2015-0956
	RESERVED
CVE-2015-0955
	REJECTED
CVE-2015-0954
	RESERVED
CVE-2015-0953
	RESERVED
CVE-2015-0952
	RESERVED
CVE-2015-0951 (X-Cart before 5.1.11 allows remote authenticated users to read or dele ...)
	NOT-FOR-US: X-Cart
CVE-2015-0950 (Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6  ...)
	NOT-FOR-US: X-Cart
CVE-2015-0949 (The System Management Mode (SMM) implementation in Dell Latitude E6430 ...)
	NOT-FOR-US: System Management Mode (SMM) implementation in various BIOS implementations
CVE-2015-0948
	RESERVED
CVE-2015-0947
	RESERVED
CVE-2015-0946
	RESERVED
CVE-2015-0945
	RESERVED
CVE-2015-0944
	RESERVED
CVE-2015-0943 (Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt commu ...)
	NOT-FOR-US: Basware Banking
CVE-2015-0942
	REJECTED
CVE-2015-0941 (The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as use ...)
	NOT-FOR-US: Nullsoft Scriptable Install System plugin Inetc
CVE-2015-0940
	RESERVED
CVE-2015-0939
	RESERVED
CVE-2015-0938 (search.php on the Blue Coat Malware Analysis appliance with software b ...)
	NOT-FOR-US: Blue Coat
CVE-2015-0937 (Cross-site scripting (XSS) vulnerability in search.php on the Blue Coa ...)
	NOT-FOR-US: Blue Coat
CVE-2015-0936 (Ceragon FibeAir IP-10 have a default SSH public key in the authorized_ ...)
	NOT-FOR-US: Ceragon FibeAir IP-10
CVE-2015-0935 (Bomgar Remote Support before 15.1.1 allows remote attackers to execute ...)
	NOT-FOR-US: Bomgar Remote Support
CVE-2015-0934 (Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLa ...)
	NOT-FOR-US: ShareLaTeX
CVE-2015-0933 (Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, ...)
	NOT-FOR-US: ShareLaTeX
CVE-2015-0932 (The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnG ...)
	NOT-FOR-US: ANTlabs InnGate
CVE-2015-0931 (Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9 ...)
	NOT-FOR-US: Ektron CMS
CVE-2015-0930 (The web interface on SerVision HVG Video Gateway devices with firmware ...)
	NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-0929 (time.htm in the web interface on SerVision HVG Video Gateway devices w ...)
	NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-0928 (libhtp 0.5.15 allows remote attackers to cause a denial of service (NU ...)
	- suricata 2.0.7-1
	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1385
	NOTE: Commit: https://github.com/inliniac/suricata/commit/56196ace51395fcb2d8fc30d586e9ad782306d31
CVE-2015-0927
	RESERVED
CVE-2015-0926 (Labtech before 100.237 on Linux uses world-writable permissions for ro ...)
	NOT-FOR-US: Labtech
CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote  ...)
	NOT-FOR-US: iPass Open Mobile
CVE-2015-0924 (Ceragon FibeAir IP-10 bridges have a default password for the root acc ...)
	NOT-FOR-US: Ceragon FiberAir IP-10 bridges
CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron C ...)
	NOT-FOR-US: Ektron CMS
CVE-2014-999999
	REJECTED
CVE-2014-99999
	REJECTED
CVE-2014-9999
	REJECTED
CVE-2014-9592
	REJECTED
CVE-2014-9591
	REJECTED
CVE-2014-9590
	REJECTED
CVE-2014-9589
	REJECTED
CVE-2014-9588
	REJECTED
CVE-2014-9586
	RESERVED
	- binpac 0.43-1
CVE-2014-72038
	REJECTED
CVE-2014-62771
	REJECTED
CVE-2014-59156
	REJECTED
CVE-2014-54321
	REJECTED
CVE-2014-456132
	REJECTED
CVE-2014-32537
	REJECTED
CVE-2014-123456
	REJECTED
CVE-2014-10042
	RESERVED
CVE-2014-10041
	RESERVED
CVE-2014-10040
	RESERVED
CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and ...)
	NOT-FOR-US: DomPHP
CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier allows re ...)
	NOT-FOR-US: DomPHP
CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before  ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the admin area  ...)
	NOT-FOR-US: couponPHP
CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in couponPHP  ...)
	NOT-FOR-US: couponPHP
CVE-2014-10033 (SQL injection vulnerability in the update_zone function in catalog/adm ...)
	NOT-FOR-US: osCommerce Online Merchant
CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 ...)
	NOT-FOR-US: Taboada MacroNews
CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0. ...)
	NOT-FOR-US: Qualcomm Eudora WorldMail
CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB before 1.4.1 ...)
	NOT-FOR-US: FluxBB
CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and ...)
	NOT-FOR-US: FluxBB
CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router wit ...)
	NOT-FOR-US: D-Link DAP-1360 router
CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
	NOT-FOR-US: D-Link DAP-1360
CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows re ...)
	NOT-FOR-US: D-Link DAP-1360
CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
	NOT-FOR-US: D-Link DAP-1360
CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter, as used i ...)
	NOT-FOR-US: Divx Web Player, Divx Player and Divx plugins
CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allo ...)
	NOT-FOR-US: TopicsViewer
CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in the WP  ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document 1.31 all ...)
	NOT-FOR-US: Simple e-document
CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in webconfi ...)
	NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.htm ...)
	NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugi ...)
	NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-C ...)
	NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers Event B ...)
	NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbe ...)
	NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10013 (SQL injection vulnerability in the Another WordPress Classifieds Plugi ...)
	NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another WordPress Clas ...)
	NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Con ...)
	NOT-FOR-US: TRENDnet SecurView camera TV-IP422WN
CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment Scheduler  ...)
	NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 a ...)
	NOT-FOR-US: Stark CRM
CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CR ...)
	NOT-FOR-US: Stark CRM
CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4. ...)
	NOT-FOR-US: Maian Weblog
CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Up ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-100040
	RESERVED
CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in Maian Uplo ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local  ...)
	NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earli ...)
	NOT-FOR-US: Storytlr
CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earli ...)
	NOT-FOR-US: Storytlr
CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows rem ...)
	- flatpress <itp> (bug #466297)
CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin interface  ...)
	NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend interface in  ...)
	NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk before 1.2. ...)
	NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the Airties Ai ...)
	NOT-FOR-US: Airties Air 6372 modem
CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in module/search/function.php ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader  ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-100029 (Multiple directory traversal vulnerabilities in class/session.php in G ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allo ...)
	NOT-FOR-US: WEBCrafted
CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin bef ...)
	NOT-FOR-US: WP SlimStat plugin for WordPress
CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the April's  ...)
	NOT-FOR-US: April's Super Functions Pack plugin for WordPress
CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in index.php/user_data ...)
	NOT-FOR-US: Savsoft Quiz
CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 all ...)
	NOT-FOR-US: Seo Panel
CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question.php in ...)
	NOT-FOR-US: mTouch Quiz
CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before  ...)
	NOT-FOR-US: mTouch Quiz
CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/ ...)
	NOT-FOR-US: OrangeHRM
CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.0 ...)
	NOT-FOR-US: iTechClassifieds
CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remo ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm before 1.1. ...)
	NOT-FOR-US: LTree converter in Pomm
CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin bef ...)
	NOT-FOR-US: Unconfirmed plugin for WordPress
CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlin ...)
	NOT-FOR-US: PhpOnlineChat
CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-s ...)
	NOT-FOR-US: Photocrati theme for WordPress
CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in SolidWorks Wor ...)
	NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks ...)
	NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in clientResponse  ...)
	NOT-FOR-US: clientResponse
CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote att ...)
	NOT-FOR-US: Sendy
CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote ...)
	NOT-FOR-US: Sendy
CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows r ...)
	NOT-FOR-US: ClanSphere
CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbe ...)
	NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) p ...)
	NOT-FOR-US: JS MultiHotel
CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in includes/delete_img.php in ...)
	NOT-FOR-US: JS MultiHotel
CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin be ...)
	NOT-FOR-US: HK Exif Tags plugin for WordPress
CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/goog ...)
	NOT-FOR-US: webtrees
CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
	NOT-FOR-US: D-Link DIR-600 router
CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Up ...)
	NOT-FOR-US: Sitecore CMS
CVE-2014-100003 (SQL injection vulnerability in includes/ym-download_functions.include. ...)
	NOT-FOR-US: Code Futures YourMembers plugin for WordPress
CVE-2014-100002 (Directory traversal vulnerability in ManageEngine SupportCenter Plus 7 ...)
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO Plugin Live ...)
	NOT-FOR-US: SEO Plugin LiveOptim
CVE-2014-100000
	REJECTED
CVE-2014-10000
	REJECTED
CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ex ...)
	NOT-FOR-US: Hancom Office 2010 SE
CVE-2015-XXXX [smime_keys: insecure use of /tmp]
	- mutt 1.5.24-1 (unimportant; bug #775199)
	NOTE: http://dev.mutt.org/hg/mutt/rev/babc30377614
	NOTE: Rendered non-exploitable by Linux hardening since wheezy
CVE-2015-XXXX [djvudigital: insecure use of /tmp]
	- djvulibre 3.5.27.1-3 (unimportant; bug #775193)
	[squeeze] - djvulibre <no-dsa> (Minor issue)
	NOTE: Originally was addressed in 3.5.27.1-1 but it was reintroduced
	NOTE: with the 3.5.27.1-2 upload, cf. https://bugs.debian.org/775193#17
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-5701 (mktexlsr revision 36855, and before revision 36626 as packaged in texl ...)
	- texlive-bin <not-affected> (Vulnerable code not reintroduced, patch mktexlsr-use-mktemp still applied)
	NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=36626&r2=36855
CVE-2015-5700 (mktexlsr revision 22855 through revision 36625 as packaged in texlive  ...)
	- texlive-bin 2014.20140926.35254-5 (bug #775139)
	[wheezy] - texlive-bin <no-dsa> (Minor issue)
	[squeeze] - texlive-bin <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/23/22
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/5
	NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files vi ...)
	- patch 2.7.1-7 (bug #775227)
	[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
	[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
CVE-2014-9651 (Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, ...)
	- chicken 4.10.0-1 (bug #775346)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/12/3
	NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt
CVE-2015-1194 (pax 1:20140703 allows remote attackers to write to arbitrary files via ...)
	- pax 1:20160306-1 (low; bug #774716)
	[jessie] - pax <no-dsa> (Minor issue)
	[squeeze] - pax <no-dsa> (Minor issue)
	[wheezy] - pax <no-dsa> (Minor issue)
CVE-2015-1193 (Multiple directory traversal vulnerabilities in pax 1:20140703 allow r ...)
	- pax 1:20160306-1 (low; bug #774716)
	[jessie] - pax <no-dsa> (Minor issue)
	[squeeze] - pax <no-dsa> (Minor issue)
	[wheezy] - pax <no-dsa> (Minor issue)
CVE-2015-1192 (Absolute path traversal vulnerability in kgb 1.0b4 allows remote attac ...)
	- kgb 1.0b4+ds-14 (bug #774989)
	[jessie] - kgb <no-dsa> (meant to be used as a local archiver)
	[wheezy] - kgb <no-dsa> (meant to be used as a local archiver)
	[squeeze] - kgb <no-dsa> (meant to be used as a local archiver)
CVE-2015-1191 (Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remot ...)
	- pigz 2.3.1-2 (bug #774978)
	[squeeze] - pigz <no-dsa> (Minor issue)
	[wheezy] - pigz <no-dsa> (Minor issue)
	NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
CVE-2015-0973 (Buffer overflow in the png_read_IDAT_data function in pngrutil.c in li ...)
	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
	- libpng1.6 1.6.16-1 (bug #773823)
	- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	- texlive-bin 2014.20140926.35254-6 (bug #775673)
	[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
	[wheezy] - texlive-bin <not-affected> (uses system libpng)
	NOTE: http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
	NOTE: http://mid.gmane.org/Pine.LNX.4.64.1501101510150.31425@beijing.mitre.org
CVE-2015-0922 (McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 us ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2015-0921 (XML external entity (XXE) vulnerability in the Server Task Log in McAf ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2014-1155
	REJECTED
CVE-2014-1137
	REJECTED
CVE-2014-1004
	REJECTED
CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in includes/refreshDate.php i ...)
	NOT-FOR-US: Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin for WordPress
CVE-2015-2063 (Integer overflow in unace 1.2b allows remote attackers to cause a deni ...)
	{DSA-3178-1 DLA-164-1}
	- unace 1.2b-12 (bug #775003)
	NOTE: http://git.hadrons.org/?p=debian/pkgs/unace.git;a=commitdiff;h=319446f
CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner Effect H ...)
	NOT-FOR-US: Banner Effect Header plugin for WordPress
CVE-2015-0919 (Multiple SQL injection vulnerabilities in the administrative backend i ...)
	NOT-FOR-US: Sefrengo
CVE-2015-0918 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
	NOT-FOR-US: Sefrengo
CVE-2015-0917 (Cross-site scripting (XSS) vulnerability in the backend in Kajona befo ...)
	NOT-FOR-US: Kajona
CVE-2015-0916 (SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows ...)
	- cacti 0.8.6f-1
CVE-2015-0915 (Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 an ...)
	NOT-FOR-US: RAKUS MailDealer
CVE-2015-0914 (EasyCTF before 1.4 does not validate the session ID, which allows remo ...)
	NOT-FOR-US: EasyCTF
CVE-2015-0913 (Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows  ...)
	NOT-FOR-US: EasyCTF
CVE-2015-0912 (EasyCTF before 1.4 allows remote authenticated users to write executab ...)
	NOT-FOR-US: EasyCTF
CVE-2015-0911 (Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11  ...)
	NOT-FOR-US: TAGAWA Takao TransmitMail
CVE-2015-0910 (Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail  ...)
	NOT-FOR-US: TAGAWA Takao TransmitMail
CVE-2015-0909
	RESERVED
CVE-2015-0908
	RESERVED
CVE-2015-0907 (Buffer overflow in Lhaplus before 1.70 allows remote attackers to exec ...)
	NOT-FOR-US: Lhaplus
CVE-2015-0906 (Directory traversal vulnerability in Lhaplus before 1.70 allows remote ...)
	NOT-FOR-US: Lhaplus
CVE-2015-0905 (Cross-site request forgery (CSRF) vulnerability in bBlog allows remote ...)
	NOT-FOR-US: bBlog
CVE-2015-0904 (The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does no ...)
	NOT-FOR-US: Restaurant Karaoke SHIDAX app
CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows  ...)
	NOT-FOR-US: Saitoh Kikaku Maruo Editor
CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress do ...)
	NOT-FOR-US: WordPress plugin all-in-one-seo-pack
CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1 ...)
	NOT-FOR-US: WordPress duwasai flashy theme
CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi F ...)
	NOT-FOR-US: Nishishi Factory
CVE-2015-0899 (The MultiPageValidator implementation in Apache Struts 1 1.1 through 1 ...)
	{DSA-3536-1 DLA-292-1}
	- libstruts1.2-java <removed>
	NOTE: Patch in SuSE Bugzilla: https://bugzilla.suse.com/attachment.cgi?id=629559
	NOTE: Patch appplies cleanly to the Wheezy and Squeeze versions
CVE-2015-0898 (futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows al ...)
	NOT-FOR-US: futomi CGI Cafe MP Form Mail CGI eCommerce
CVE-2015-0897
	RESERVED
CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer befor ...)
	{DLA-453-1 DLA-296-1}
	- extplorer <removed> (bug #783231)
	NOTE: Upstream fixes: http://extplorer.net/projects/extplorer/repository/revisions/240
CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP S ...)
	NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security &amp; Firewa ...)
	NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0893 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Rela ...)
	NOT-FOR-US: Maroyaka
CVE-2015-0892 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Imag ...)
	NOT-FOR-US: Maroyaka
CVE-2015-0891 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simp ...)
	NOT-FOR-US: Maroyaka
CVE-2015-0890 (The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for  ...)
	NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2015-0889 (KENT-WEB Joyful Note before 5.3 allows remote attackers to delete file ...)
	NOT-FOR-US: KENT-WEB Joyful Note
CVE-2015-0888 (KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbit ...)
	NOT-FOR-US: KENT-WEB Clip Board
CVE-2015-0887 (npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji rou ...)
	NOT-FOR-US: SEIL routers
CVE-2015-0886 (Integer overflow in the crypt_raw method in the key-stretching impleme ...)
	- libjbcrypt-java 0.4-1 (bug #780102)
	[jessie] - libjbcrypt-java <no-dsa> (Minor issue)
	[wheezy] - libjbcrypt-java <no-dsa> (Minor issue)
	[squeeze] - libjbcrypt-java <no-dsa> (Minor issue)
CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of  ...)
	{DSA-3192-1 DLA-191-1}
	- checkpw 1.02-1.1 (bug #780139)
CVE-2015-0884 (Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack  ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2015-0883 (SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth mod ...)
	NOT-FOR-US: Mailform Pro
CVE-2015-0882 (Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka ...)
	NOT-FOR-US: Zen Cart
CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.1 allows remote attac ...)
	- squid 4.1-1 (low)
	[squeeze] - squid <no-dsa> (Minor issue)
	[wheezy] - squid <no-dsa> (Minor issue)
	- squid3 3.1.1-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/01/2
	NOTE: Patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/b9619.patch
	NOTE: https://jvn.jp/en/jp/JVN64455813/index.html
CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attacker ...)
	NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0879 (CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial ...)
	NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allo ...)
	NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0877 (Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Mo ...)
	NOT-FOR-US: C-BOARD Moyuku
CVE-2015-0876 (Multiple cross-site scripting (XSS) vulnerabilities in the print_langu ...)
	NOT-FOR-US: Saurus CMS
CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Andr ...)
	NOT-FOR-US: Ogaki Kyoritsu Bank Smartphone Passbook application for Android
CVE-2015-0874 (Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL  ...)
	NOT-FOR-US: Smartphone Passbook
CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTre ...)
	NOT-FOR-US: PerlTreeBBS
CVE-2015-0872
	REJECTED
CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI sh ...)
	NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK
CVE-2015-0870 (Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory ...)
	NOT-FOR-US: Nishishi Factory
CVE-2015-0869 (I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a deni ...)
	NOT-FOR-US: I-O DATA DEVICE NP-BBRM routers
CVE-2015-0868 (Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shir ...)
	NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS
CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3 ...)
	NOT-FOR-US: SYNCK GRAPHICA Download Log CGI
CVE-2015-0866 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngi ...)
	NOT-FOR-US: ZOHO ManageEngine SupportCenter Plus
CVE-2015-0865
	RESERVED
CVE-2015-0864 (Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x befor ...)
	NOT-FOR-US: Samsung
CVE-2015-0863 (GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app ...)
	NOT-FOR-US: Samsung GALAXY Apps
CVE-2015-0862 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	- rabbitmq-server 3.4.3-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
CVE-2015-0861 (model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4 ...)
	{DSA-3425-1}
	- tryton-server 3.8.1-1
	[wheezy] - tryton-server <not-affected> (Version < 3.2)
	[squeeze] - tryton-server <not-affected> (Version < 3.2)
	NOTE: Mathias Behrle told us that affected versions are >= 3.2 and < 3.8.1
CVE-2015-0860 (Off-by-one error in the extracthalf function in dpkg-deb/extract.c in  ...)
	{DSA-3407-1}
	- dpkg 1.18.4
	[squeeze] - dpkg <not-affected> (Vulnerable code not present)
CVE-2015-0859 (The Debian build procedure for the smokeping package in wheezy before  ...)
	{DSA-3405-1}
	- smokeping 2.6.11-2
	[squeeze] - smokeping <not-affected> (Vulnerable code not present)
CVE-2015-0858 (Cool Projects TarDiff allows local users to write to arbitrary files v ...)
	{DSA-3562-1 DLA-564-1}
	- tardiff 0.1-3
	NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
CVE-2015-0857 (Cool Projects TarDiff allows remote attackers to execute arbitrary com ...)
	{DSA-3562-1 DLA-564-1}
	- tardiff 0.1-5
	NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
	NOTE: Assignment is done for injection through file names and tar file name itself
	NOTE: First part was addressed in 0.1-3 but does not contain the fix for the tar
	NOTE: file name itself.
	NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965
CVE-2015-0856 (daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the ...)
	- sddm 0.12.0-5 (bug #803336; low)
	NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593
CVE-2015-0855 (The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.9 ...)
	- pitivi 0.95-1
	[jessie] - pitivi <no-dsa> (Minor issue)
	[squeeze] - pitivi <not-affected> (Vulnerable code not present (no os.system()))
	[wheezy] - pitivi <not-affected> (Vulnerable code not present (no os.system()))
	NOTE: https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2 (RELEASE-0_95_0)
CVE-2015-0854 (App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted  ...)
	{DLA-769-1}
	- shutter 0.93.1-1 (low; bug #798862)
	[jessie] - shutter 0.92-0.1+deb8u1
	[squeeze] - shutter <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/shutter/+bug/1495163
CVE-2015-0853 (svn-workbench 1.6.2 and earlier on a system with xeyes installed allow ...)
	- svn-workbench 1.7.0-1 (low; bug #798863)
	[jessie] - svn-workbench <no-dsa> (Minor issue)
	[wheezy] - svn-workbench <no-dsa> (Minor issue)
	[squeeze] - svn-workbench <no-dsa> (Minor issue)
CVE-2015-0852 (Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and e ...)
	{DSA-3392-1 DLA-327-1}
	- freeimage 3.15.4-5 (bug #797165)
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN
CVE-2015-0851 (XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Servic ...)
	{DSA-3321-1 DLA-290-1}
	- xmltooling 1.5.6-1 (bug #793855)
	NOTE: http://shibboleth.net/community/advisories/secadv_20150721.txt
	NOTE: Patch: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900
	NOTE: Initial advisory was listing the wrong CVE, updated later
	NOTE: opensaml2 will need binNMUs/sourcefull upload (cf. #794851)
	NOTE: [squeeze] partially affected (util/XMLHelper.cpp XMLHelper::getAttrInt method not present) (1.3.3.x)
CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attackers t ...)
	{DSA-3275-1}
	- fusionforge 6.0~rc4-1
	[squeeze] - fusionforge <not-affected> (Affects 5.3 and later)
	NOTE: https://scm.fusionforge.org/anonscm/gitweb?p=fusionforge/fusionforge.git;a=commitdiff;h=afcfe76f5195af4566ff3a8280714383fcdb5a67
	NOTE: https://fusionforge.org/forum/forum.php?forum_id=41
CVE-2015-0849 [predictable temporary file vulnerability]
	RESERVED
	- pycode-browser 1:1.0-1 (unimportant; bug #790365)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-0848 (Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers t ...)
	{DSA-3302-1 DLA-253-1}
	- libwmf 0.2.8.4-10.4 (bug #787644)
CVE-2015-0847 (nbd-server.c in Network Block Device (nbd-server) before 3.11 does not ...)
	{DSA-3271-1 DLA-223-1}
	- nbd 1:3.10-1 (bug #784657)
	NOTE: http://sourceforge.net/p/nbd/mailman/message/34091218/
CVE-2015-0846 (django-markupfield before 1.3.2 uses the default docutils RESTRUCTURED ...)
	{DSA-3230-1 DLA-206-1}
	- django-markupfield 1.3.2-1
	NOTE: https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
CVE-2015-0845 (Format string vulnerability in Movable Type Pro, Open Source, and Adva ...)
	{DSA-3227-1}
	- movabletype-opensource <removed>
	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
CVE-2015-0844 (The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x  ...)
	{DSA-3218-1 DLA-202-1}
	- wesnoth-1.12 1:1.12.2-1
	- wesnoth-1.10 1:1.10.7-2
	- wesnoth-1.8 <removed>
CVE-2015-0843 [Buffer overflows due to misuse of sprintf]
	RESERVED
	- yubiserver 0.6-1 (bug #796495)
	[jessie] - yubiserver <no-dsa> (Mitigated by toolchain hardening)
	[wheezy] - yubiserver <no-dsa> (Can be fixed via a point release)
CVE-2015-0842 [SQL injection issues (potential auth bypass)]
	RESERVED
	- yubiserver 0.6-1 (bug #796495)
	[jessie] - yubiserver <no-dsa> (Minor issue)
	[wheezy] - yubiserver <no-dsa> (Minor issue)
CVE-2015-0841 (Off-by-one error in the readBuf function in listener.cpp in libcapsine ...)
	- libcapsinetwork <removed> (bug #781044; unimportant)
	[experimental] - monopd 0.9.8-1
	- monopd <unfixed> (bug #781043; unimportant)
	NOTE: Not exploitable with dlmalloc
CVE-2015-0840 (The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x befor ...)
	{DSA-3217-1 DLA-220-1}
	- dpkg 1.17.25
	NOTE: Ubuntu fix for 1.15.x (version in squeeze): http://launchpadlibrarian.net/202647129/dpkg_1.15.5.6ubuntu4.9_1.15.5.6ubuntu4.10.diff.gz
CVE-2015-0839 (The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes i ...)
	{DLA-775-1}
	- hplip 3.15.11+repack0-1 (bug #787353; bug #796015)
	[jessie] - hplip 3.14.6-1+deb8u1
	[squeeze] - hplip <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2015/q2/581
	NOTE: https://bugs.launchpad.net/bugs/1432516
CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta function in ...)
	{DSA-3206-1 DLA-231-1}
	- dulwich 0.10.1-1 (bug #780958)
	[jessie] - dulwich 0.9.7-3
CVE-2015-0837 (The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.1 ...)
	{DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
	- libgcrypt11 <removed>
	- libgcrypt20 1.6.3-2
	- gnupg 1.4.18-7
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6cbc75e71295f23431c4ab95edc7573f2fc28476
CVE-2015-0836 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
CVE-2015-0835 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
CVE-2015-0834 (The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns:  ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
CVE-2015-0833 (Multiple untrusted search path vulnerabilities in updater.exe in Mozil ...)
	- iceweasel <not-affected> (Specific to Firefox on Windows)
	- icedove <not-affected> (Specific to Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
CVE-2015-0832 (Mozilla Firefox before 36.0 does not properly recognize the equivalenc ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
CVE-2015-0831 (Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObject ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
CVE-2015-0830 (The WebGL implementation in Mozilla Firefox before 36.0 does not prope ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
CVE-2015-0829 (Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allow ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
CVE-2015-0828 (Double free vulnerability in the nsXMLHttpRequest::GetResponse functio ...)
	- iceweasel <not-affected> (Doesn't affect the memory allocator used in the Debian builds)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
CVE-2015-0827 (Heap-based buffer overflow in the mozilla::gfx::CopyRect function in M ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
CVE-2015-0826 (The nsTransformedTextRun::SetCapitalization function in Mozilla Firefo ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
CVE-2015-0825 (Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuff ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
CVE-2015-0824 (The mozilla::layers::BufferTextureClient::AllocateForSurface function  ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
CVE-2015-0823 (Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
CVE-2015-0822 (The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefo ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
CVE-2015-0821 (Mozilla Firefox before 36.0 allows user-assisted remote attackers to r ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
CVE-2015-0820 (Mozilla Firefox before 36.0 does not properly restrict transitions of  ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
CVE-2015-0819 (The UITour::onPageEvent function in Mozilla Firefox before 36.0 does n ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
CVE-2015-0818 (Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and Sea ...)
	{DSA-3201-1}
	- iceweasel 31.5.3esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
CVE-2015-0817 (The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ES ...)
	{DSA-3201-1}
	- iceweasel 31.5.3esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
CVE-2015-0816 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunder ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
CVE-2015-0815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
CVE-2015-0814 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (only affects Firefox 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
CVE-2015-0813 (Use-after-free vulnerability in the AppendElements function in Mozilla ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/
CVE-2015-0812 (Mozilla Firefox before 37.0 does not require an HTTPS session for ligh ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/
CVE-2015-0811 (The QCMS implementation in Mozilla Firefox before 37.0 allows remote a ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/
CVE-2015-0810 (Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is ...)
	- iceweasel <not-affected> (Only affects 37.x; only affects OS X systems)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-35/
CVE-2015-0809
	RESERVED
CVE-2015-0808 (The webrtc::VPMContentAnalysis::Release function in the WebRTC impleme ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/
CVE-2015-0807 (The navigator.sendBeacon implementation in Mozilla Firefox before 37.0 ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/
CVE-2015-0806 (The Off Main Thread Compositing (OMTC) implementation in Mozilla Firef ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
CVE-2015-0805 (The Off Main Thread Compositing (OMTC) implementation in Mozilla Firef ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
CVE-2015-0804 (The HTMLSourceElement::BindToTree function in Mozilla Firefox before 3 ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
CVE-2015-0803 (The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
CVE-2015-0802 (Mozilla Firefox before 37.0 relies on docshell type information instea ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/
CVE-2015-0801 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunder ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/
CVE-2015-0800 (The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fe ...)
	- iceweasel <not-affected> (Only affects 37.x; only on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
CVE-2015-0799 (The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 ...)
	- iceweasel <not-affected> (Only affects Firefox 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-44/
CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, a ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefo ...)
	{DSA-3264-1 DSA-3260-1 DSA-3225-1 DLA-2164-1}
	- gst-plugins-bad0.10 <removed> (bug #784220)
	[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
CVE-2015-0796 (In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before ...)
	- open-build-service <not-affected> (Fixed before initial upload)
CVE-2015-0795 (Multiple stack-based buffer overflows in the SafeShellExecute method i ...)
	NOT-FOR-US: NetIQ
CVE-2015-0794 (modules.d/90crypt/module-setup.sh in the dracut package before 037-17. ...)
	- dracut <not-affected> (Vulnerable code not present)
	NOTE: http://lists.opensuse.org/opensuse-updates/2015-11/msg00098.html
	NOTE: http://lists.opensuse.org/opensuse-bugs/2015-06/msg02585.html
	NOTE: http://lists.opensuse.org/opensuse-bugs/2015-06/msg02580.html
	NOTE: This seem to be a SuSE specific issue. src:dracut does not contain unsafe
	NOTE: handling of a /tmp/dracut_block_uuid.map file in any checked version.
CVE-2015-0793
	REJECTED
CVE-2015-0792
	REJECTED
CVE-2015-0791
	REJECTED
CVE-2015-0790
	REJECTED
CVE-2015-0789
	REJECTED
CVE-2015-0788
	REJECTED
CVE-2015-0787 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote  ...)
	NOT-FOR-US: NetIQ Designer for Identity Manager
CVE-2015-0786 (Stack-based buffer overflow in the logging functionality in the Preboo ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0785 (com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZE ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0784 (Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0783 (The FileViewer class in Novell ZENworks Configuration Management (ZCM) ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0782 (SQL injection vulnerability in the ScheduleQuery method of the schedul ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0781 (Directory traversal vulnerability in the doPost method of the Rtrlet c ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0780 (SQL injection vulnerability in the GetReRequestData method of the GetS ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0779 (Directory traversal vulnerability in UploadServlet in Novell ZENworks  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary comman ...)
	- osc 0.149.0-2 (low; bug #780410)
	[wheezy] - osc 0.134.1-2+deb7u1
	[squeeze] - osc <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=901643
CVE-2015-0777 (drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3 ...)
	- linux <not-affected> (Addon Xen usbback patch not present)
	- linux-2.6 <not-affected> (Addon Xen usbback patch not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=917830
CVE-2015-0776 (telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devic ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0775 (The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Ne ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-0774 (Cross-site scripting (XSS) vulnerability in Cisco Application and Cont ...)
	NOT-FOR-US: Cisco Application and Content Networking System
CVE-2015-0773 (Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authen ...)
	NOT-FOR-US: Cisco FireSIGHT System Software
CVE-2015-0772 (Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows rem ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-0771 (The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 1 ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0770 (CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2015-0769 (Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allo ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0768 (The Device Work Center (DWC) component in Cisco Prime Network Control  ...)
	NOT-FOR-US: Cisco Prime Network Control System
CVE-2015-0767 (Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local u ...)
	NOT-FOR-US: Cisco
CVE-2015-0766 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Cisco
CVE-2015-0765 (Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2015-0764 (Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read ar ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-0763 (Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-0762 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-0761 (Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x befor ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2015-0760 (The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and  ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0759 (Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digit ...)
	NOT-FOR-US: Cisco
CVE-2015-0758 (The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) al ...)
	NOT-FOR-US: Cisco
CVE-2015-0757 (The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) a ...)
	NOT-FOR-US: Cisco
CVE-2015-0756 (Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) all ...)
	NOT-FOR-US: Cisco
CVE-2015-0755 (The Posture module for Cisco Identity Services Engine (ISE), as distri ...)
	NOT-FOR-US: Cisco
CVE-2015-0754 (Cisco Finesse 10.5(1) allows remote authenticated users to obtain sens ...)
	NOT-FOR-US: Cisco
CVE-2015-0753 (SQL injection vulnerability in Cisco Unified Email Interaction Manager ...)
	NOT-FOR-US: Cisco
CVE-2015-0752 (Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video C ...)
	NOT-FOR-US: Cisco
CVE-2015-0751 (Cisco IP Phone 7861, when firmware from Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2015-0750 (The administrative web interface in Cisco Hosted Collaboration Solutio ...)
	NOT-FOR-US: Cisco
CVE-2015-0749 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
	NOT-FOR-US: Cisco
CVE-2015-0748
	RESERVED
CVE-2015-0747 (Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release al ...)
	NOT-FOR-US: Cisco
CVE-2015-0746 (The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows r ...)
	NOT-FOR-US: Cisco Access Control Server
CVE-2015-0745 (Cisco Headend System Release allows remote attackers to read temporary ...)
	NOT-FOR-US: Cisco
CVE-2015-0744 (Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Rele ...)
	NOT-FOR-US: Cisco
CVE-2015-0743 (Cisco Headend System Release allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2015-0742 (The Protocol Independent Multicast (PIM) application in Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2015-0741 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Pr ...)
	NOT-FOR-US: Cisco
CVE-2015-0740 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intel ...)
	NOT-FOR-US: Cisco
CVE-2015-0739 (The Lights-Out Management (LOM) implementation in Cisco FireSIGHT Syst ...)
	NOT-FOR-US: Cisco
CVE-2015-0738 (Cross-site scripting (XSS) vulnerability in the Web Tracking Report pa ...)
	NOT-FOR-US: Cisco
CVE-2015-0737 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco FireSIGHT System Software
CVE-2015-0736 (Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10 ...)
	NOT-FOR-US: Cisco
CVE-2015-0735 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified Custo ...)
	NOT-FOR-US: Cisco
CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email ...)
	NOT-FOR-US: Cisco
CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in Digital Bro ...)
	NOT-FOR-US: Cisco
CVE-2015-0732 (Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web S ...)
	NOT-FOR-US: Cisco
CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2015-0730 (The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) a ...)
	NOT-FOR-US: Cisco
CVE-2015-0729 (Cross-site scripting (XSS) vulnerability in Cisco Secure Access Contro ...)
	NOT-FOR-US: Cisco
CVE-2015-0728 (Cross-site scripting (XSS) vulnerability in Cisco Access Control Serve ...)
	NOT-FOR-US: Cisco
CVE-2015-0727 (Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco S ...)
	NOT-FOR-US: Cisco
CVE-2015-0726 (The web administration interface on Cisco Wireless LAN Controller (WLC ...)
	NOT-FOR-US: Cisco
CVE-2015-0725 (Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when  ...)
	NOT-FOR-US: Cisco
CVE-2015-0724 (Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 i ...)
	NOT-FOR-US: Cisco
CVE-2015-0723 (The wireless web-authentication subsystem on Cisco Wireless LAN Contro ...)
	NOT-FOR-US: Cisco
CVE-2015-0722 (The network drivers in Cisco TelePresence T, Cisco TelePresence TE, an ...)
	NOT-FOR-US: Cisco
CVE-2015-0721 (Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 20 ...)
	NOT-FOR-US: Cisco
CVE-2015-0720
	RESERVED
CVE-2015-0719
	RESERVED
CVE-2015-0718 (Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-0717 (Cisco Unified Communications Manager 10.0(1.10000.12) allows local use ...)
	NOT-FOR-US: Cisco
CVE-2015-0716 (Cross-site request forgery (CSRF) vulnerability in the CUCReports page ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2015-0715 (SQL injection vulnerability in the administrative web interface in Cis ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2015-0714 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse S ...)
	NOT-FOR-US: Cisco Finesse
CVE-2015-0713 (The web framework in Cisco TelePresence Advanced Media Gateway Series  ...)
	NOT-FOR-US: Cisco
CVE-2015-0712 (The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and ...)
	NOT-FOR-US: Cisco StarOS
CVE-2015-0711 (The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisc ...)
	NOT-FOR-US: Cisco StarOS
CVE-2015-0710 (The Overlay Transport Virtualization (OTV) implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2015-0709 (Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0708 (Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow re ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0707 (Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Sof ...)
	NOT-FOR-US: Cisco
CVE-2015-0706 (Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2015-0705 (Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoi ...)
	NOT-FOR-US: Cisco
CVE-2015-0704 (Multiple cross-site request forgery (CSRF) vulnerabilities in API feat ...)
	NOT-FOR-US: Cisco
CVE-2015-0703 (Cross-site scripting (XSS) vulnerability in the administrative web int ...)
	NOT-FOR-US: Cisco
CVE-2015-0702 (Unrestricted file upload vulnerability in the Custom Prompts upload im ...)
	NOT-FOR-US: Cisco
CVE-2015-0701 (Cisco UCS Central Software before 1.3(1a) allows remote attackers to e ...)
	NOT-FOR-US: Cisco UCS
CVE-2015-0700 (Cross-site request forgery (CSRF) vulnerability in the Dashboard page  ...)
	NOT-FOR-US: Cisco
CVE-2015-0699 (SQL injection vulnerability in the Interactive Voice Response (IVR) co ...)
	NOT-FOR-US: Cisco
CVE-2015-0698 (Multiple cross-site scripting (XSS) vulnerabilities in filter search f ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0697 (Open redirect vulnerability in the login page in Cisco TC Software bef ...)
	NOT-FOR-US: Cisco
CVE-2015-0696 (Cross-site scripting (XSS) vulnerability in the login page in Cisco TC ...)
	NOT-FOR-US: Cisco
CVE-2015-0695 (Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0694 (Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that  ...)
	NOT-FOR-US: Cisco
CVE-2015-0693 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0692 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0691 (A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Sec ...)
	NOT-FOR-US: Cisco Secure Desktop Cache Cleaner
CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on Ci ...)
	NOT-FOR-US: Cisco
CVE-2015-0689 (Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to byp ...)
	NOT-FOR-US: Cisco
CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services P ...)
	NOT-FOR-US: Cisco
CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devic ...)
	NOT-FOR-US: Cisco
CVE-2015-0686 (The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devic ...)
	NOT-FOR-US: Cisco
CVE-2015-0685 (Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handl ...)
	NOT-FOR-US: Cisco
CVE-2015-0684 (SQL injection vulnerability in the Image Management component in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0683 (Cisco Unified Communications Domain Manager 8.1(4) allows remote authe ...)
	NOT-FOR-US: Cisco
CVE-2015-0682 (Cisco Unified Communications Domain Manager 8.1(4) allows remote authe ...)
	NOT-FOR-US: Cisco
CVE-2015-0681 (The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0680 (Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restr ...)
	NOT-FOR-US: Cisco
CVE-2015-0679 (The web-authentication functionality on Cisco Wireless LAN Controller  ...)
	NOT-FOR-US: Cisco
CVE-2015-0678 (The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1. ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0677 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0676 (The DNS implementation in Cisco Adaptive Security Appliance (ASA) Soft ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0675 (The failover ipsec implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0674 (Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0673 (Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenti ...)
	NOT-FOR-US: Cisco
CVE-2015-0672 (The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows rem ...)
	NOT-FOR-US: Cisco
CVE-2015-0671 (The DNS implementation in Cisco Videoscape Distribution Suite for Inte ...)
	NOT-FOR-US: Cisco
CVE-2015-0670 (The default configuration of Cisco Small Business IP phones SPA 300 7. ...)
	NOT-FOR-US: Cisco
CVE-2015-0669 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2015-0668 (Cross-site scripting (XSS) vulnerability in the administration portal  ...)
	NOT-FOR-US: Cisco
CVE-2015-0667 (The Management Interface on Cisco Content Services Switch (CSS) 11500  ...)
	NOT-FOR-US: Cisco
CVE-2015-0666 (Directory traversal vulnerability in the fmserver servlet in Cisco Pri ...)
	NOT-FOR-US: Cisco
CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00 ...)
	NOT-FOR-US: Cisco
CVE-2015-0664 (The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) ...)
	NOT-FOR-US: Cisco
CVE-2015-0663 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does n ...)
	NOT-FOR-US: Cisco
CVE-2015-0662 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2015-0661 (The SNMPv2 implementation in Cisco IOS XR allows remote authenticated  ...)
	NOT-FOR-US: Cisco
CVE-2015-0660 (Cisco Virtual TelePresence Server Software does not properly restrict  ...)
	NOT-FOR-US: Cisco
CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2015-0658 (The DHCP implementation in the PowerOn Auto Provisioning (POAP) featur ...)
	NOT-FOR-US: Cisco
CVE-2015-0657 (Cisco IOS XR allows remote attackers to cause a denial of service (RSV ...)
	NOT-FOR-US: Cisco
CVE-2015-0656 (Cross-site scripting (XSS) vulnerability in the login page in Cisco Ne ...)
	NOT-FOR-US: Cisco NAM
CVE-2015-0655 (Cross-site scripting (XSS) vulnerability in Unified Web Interaction Ma ...)
	NOT-FOR-US: Cisco Unified Web
CVE-2015-0654 (Race condition in the TLS implementation in MainApp in the management  ...)
	NOT-FOR-US: Cisco
CVE-2015-0653 (The management interface in Cisco TelePresence Video Communication Ser ...)
	NOT-FOR-US: Cisco
CVE-2015-0652 (The Session Description Protocol (SDP) implementation in Cisco TelePre ...)
	NOT-FOR-US: Cisco
CVE-2015-0651 (Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisc ...)
	NOT-FOR-US: Cisco
CVE-2015-0650 (The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12 ...)
	NOT-FOR-US: Cisco
CVE-2015-0649 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2015-0648 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remot ...)
	NOT-FOR-US: Cisco
CVE-2015-0647 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2015-0646 (Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15. ...)
	NOT-FOR-US: Cisco
CVE-2015-0645 (The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before  ...)
	NOT-FOR-US: Cisco
CVE-2015-0644 (AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3. ...)
	NOT-FOR-US: Cisco
CVE-2015-0643 (Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5. ...)
	NOT-FOR-US: Cisco
CVE-2015-0642 (Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5. ...)
	NOT-FOR-US: Cisco
CVE-2015-0641 (Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 befo ...)
	NOT-FOR-US: Cisco
CVE-2015-0640 (The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x befor ...)
	NOT-FOR-US: Cisco
CVE-2015-0639 (The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before ...)
	NOT-FOR-US: Cisco
CVE-2015-0638 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is co ...)
	NOT-FOR-US: Cisco
CVE-2015-0637 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2015-0636 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2015-0635 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2015-0634 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: Cisco
CVE-2015-0633 (The Integrated Management Controller (IMC) in Cisco Unified Computing  ...)
	NOT-FOR-US: Cisco
CVE-2015-0632 (Race condition in the Neighbor Discovery (ND) protocol implementation  ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0631 (Race condition in the SSL implementation on Cisco Intrusion Prevention ...)
	NOT-FOR-US: Cisco IPS
CVE-2015-0630
	RESERVED
CVE-2015-0629
	RESERVED
CVE-2015-0628 (The proxy engine on Cisco Web Security Appliance (WSA) devices allows  ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0627
	RESERVED
CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...)
	NOT-FOR-US: Cisco HCS
CVE-2015-0625
	RESERVED
CVE-2015-0624 (The web framework in Cisco AsyncOS on Email Security Appliance (ESA),  ...)
	NOT-FOR-US: Cisco
CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator report p ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wir ...)
	NOT-FOR-US: Cisco WLC
CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow remote at ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) a ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-0619 (Memory leak in the embedded web server in the WebVPN subsystem in Cisc ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-0618 (Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000  ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0617 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices all ...)
	NOT-FOR-US: Cisco
CVE-2015-0616 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2015-0615 (The call-handling implementation in Cisco Unity Connection 8.5 before  ...)
	NOT-FOR-US: Cisco
CVE-2015-0614 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2015-0613 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2015-0612 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2015-0611 (The administrative web-management portal in Cisco IX 8 (.0.1) and earl ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-0610 (Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T a ...)
	NOT-FOR-US: Cisco
CVE-2015-0609 (Race condition in the Common Classification Engine (CCE) in the Measur ...)
	NOT-FOR-US: Cisco
CVE-2015-0608 (Race condition in the Measurement, Aggregation, and Correlation Engine ...)
	NOT-FOR-US: Cisco
CVE-2015-0607 (The Authentication Proxy feature in Cisco IOS does not properly handle ...)
	NOT-FOR-US: Cisco
CVE-2015-0606 (The IOS Shell in Cisco IOS allows local users to cause a denial of ser ...)
	NOT-FOR-US: Cisco
CVE-2015-0605 (The uuencode inspection engine in Cisco AsyncOS on Cisco Email Securit ...)
	NOT-FOR-US: Cisco
CVE-2015-0604 (The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1 ...)
	NOT-FOR-US: Cisco
CVE-2015-0603 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use wea ...)
	NOT-FOR-US: Cisco
CVE-2015-0602 (The mobility extension on Cisco Unified IP 9900 phones with firmware 9 ...)
	NOT-FOR-US: Cisco
CVE-2015-0601 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow l ...)
	NOT-FOR-US: Cisco
CVE-2015-0600 (The mobility extension on Cisco Unified IP 9900 phones with firmware 9 ...)
	NOT-FOR-US: Cisco
CVE-2015-0599 (The web interface in Cisco Integrated Management Controller in Cisco U ...)
	NOT-FOR-US: Cisco
CVE-2015-0598 (The RADIUS implementation in Cisco IOS and IOS XE allows remote attack ...)
	NOT-FOR-US: Cisco
CVE-2015-0597 (The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) ...)
	NOT-FOR-US: Cisco
CVE-2015-0596 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meeting ...)
	NOT-FOR-US: Cisco
CVE-2015-0595 (The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allo ...)
	NOT-FOR-US: Cisco
CVE-2015-0594 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages  ...)
	NOT-FOR-US: Cisco
CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ear ...)
	NOT-FOR-US: Cisco
CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earl ...)
	NOT-FOR-US: Cisco
CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote at ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-0590 (Cisco WebEx Meeting Center allows remote attackers to activate disable ...)
	NOT-FOR-US: Cisco WebEx
CVE-2015-0589 (The administrative web interface in Cisco WebEx Meetings Server 1.0 th ...)
	NOT-FOR-US: Cisco
CVE-2015-0588 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified Commu ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-0587
	RESERVED
CVE-2015-0586 (The Network-Based Application Recognition (NBAR) protocol implementati ...)
	NOT-FOR-US: Cisco
CVE-2015-0585
	RESERVED
CVE-2015-0584 (The image-upgrade implementation on Cisco Desktop Collaboration Experi ...)
	NOT-FOR-US: Cisco
CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of U ...)
	NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 device ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-0581 (The XML parser in Cisco Prime Service Catalog before 10.1 allows remot ...)
	NOT-FOR-US: Cisco
CVE-2015-0580 (Multiple SQL injection vulnerabilities in the ACS View reporting inter ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2015-0579 (Cisco TelePresence Video Communication Server (VCS) and Cisco Expressw ...)
	NOT-FOR-US: Cisco TelePrecence Video Communication Server
CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-0577 (Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Sp ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2015-0576 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0575 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0574 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0573 (drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the L ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0572 (Multiple race conditions in drivers/char/adsprpc.c and drivers/char/ad ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0571 (The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0570 (Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0569 (Heap-based buffer overflow in the private wireless extensions IOCTL im ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0568 (Use-after-free vulnerability in the msm_set_crop function in drivers/m ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0567
	RESERVED
CVE-2015-0566
	RESERVED
CVE-2015-0565 (NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks ...)
	- nacl <unfixed> (unimportant)
	NOTE: https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=284
	NOTE: Limited impact, and for chromium itself the CLFLUSH instruction has been
	NOTE: disalowed.
CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel thro ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb
	NOTE: http://marc.info/?l=linux-kernel&m=141911002822659&w=2
CVE-2014-9583 (common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2 ...)
	NOT-FOR-US: infosvr in ASUS WRT firmware
CVE-2014-9582 (Cross-site scripting (XSS) vulnerability in components/filemanager/dia ...)
	NOT-FOR-US: Codiad
CVE-2014-9581 (Directory traversal vulnerability in components/filemanager/download.p ...)
	NOT-FOR-US: Codiad
CVE-2014-9580 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...)
	NOT-FOR-US: ProjectSend
CVE-2014-9579 (VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credent ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9578 (VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9577 (VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9576 (VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of  ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attacke ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB before 1.5. ...)
	NOT-FOR-US: FluxBB
CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT before ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/69c2d28d (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17940
CVE-2014-9572 (MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/5571bcf9 (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17939
CVE-2014-9571 (Cross-site scripting (XSS) vulnerability in admin/install.php in Manti ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17938
CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAd ...)
	NOT-FOR-US: WordPress plugin MyWebsiteAdvisor Simple Security
CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver B ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2014-9568 (puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie  ...)
	NOT-FOR-US: Puppet module rabbitmq
CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in Projec ...)
	NOT-FOR-US: ProjectSend
CVE-2014-9566 (Multiple SQL injection vulnerabilities in the Manage Accounts page in  ...)
	NOT-FOR-US: SolarWinds
CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6 ...)
	NOT-FOR-US: IBM
CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet a ...)
	NOT-FOR-US: IBM
CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) interfa ...)
	NOT-FOR-US: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone
CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 O ...)
	NOT-FOR-US: M2 OptimalSite
CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php i ...)
	NOT-FOR-US: SoftBB
CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1. ...)
	NOT-FOR-US: SoftBB
CVE-2014-9559 (Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, an ...)
	NOT-FOR-US: SnipSnap
CVE-2014-9558 (Multiple SQL injection vulnerabilities in SmartCMS v.2. ...)
	NOT-FOR-US: SmartCMS
CVE-2014-9557 (Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. ...)
	NOT-FOR-US: SmartCMS
CVE-2014-9555
	RESERVED
CVE-2014-9554
	RESERVED
CVE-2014-9553
	RESERVED
CVE-2014-9552
	RESERVED
CVE-2014-9551
	RESERVED
CVE-2014-9550
	RESERVED
CVE-2014-9549
	RESERVED
CVE-2014-9548
	RESERVED
CVE-2014-9547
	RESERVED
CVE-2014-9546
	RESERVED
CVE-2014-9545
	RESERVED
CVE-2014-9544
	RESERVED
CVE-2014-9543
	RESERVED
CVE-2014-9542
	RESERVED
CVE-2014-9541
	RESERVED
CVE-2014-9540
	RESERVED
CVE-2014-9539
	RESERVED
CVE-2014-9538
	RESERVED
CVE-2014-9537
	RESERVED
CVE-2014-9536
	RESERVED
CVE-2014-9535
	RESERVED
CVE-2014-9534
	RESERVED
CVE-2014-9533
	RESERVED
CVE-2014-9532
	RESERVED
CVE-2014-9531
	RESERVED
CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw methods  ...)
	NOT-FOR-US: nw.js
CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in protected/m ...)
	NOT-FOR-US: HumHub
CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cau ...)
	- libapache-poi-java 3.10.1-2 (low; bug #775171)
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
CVE-2015-1198 (Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. ...)
	- ha <removed> (low; bug #774954)
	[squeeze] - ha <no-dsa> (Minor issue)
	[wheezy] - ha <no-dsa> (Minor issue)
CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql)  ...)
	{DSA-3195-1}
	- php5 5.6.6+dfsg-2 (bug #777036)
	[squeeze] - php5 <not-affected> (vulnerable code (build_tablename()) introduced later)
	NOTE: https://bugs.php.net/bug.php?id=68741
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in ze ...)
	- php5 5.6.6+dfsg-2 (bug #777033)
	[squeeze] - php5 <not-affected> (opcache introduced in 5.5)
	[wheezy] - php5 <not-affected> (opcache introduced in 5.5)
	NOTE: https://bugs.php.net/bug.php?id=68677
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
CVE-2015-XXXX [insecure keyring handling]
	- weboob 1.0-3 (low; bug #774838)
	[wheezy] - weboob <no-dsa> (Minor issue)
CVE-2015-1042 (The string_sanitize_url function in core/string_api.php in MantisBT 1. ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <not-affected> (Incomplete fix not applied)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17997
	NOTE: http://github.com/mantisbt/mantisbt/commit/d95f070d
CVE-2015-1031 (Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow ...)
	{DSA-3133-1 DLA-142-1}
	- privoxy 3.0.21-5 (bug #775167)
	NOTE: http://www.privoxy.org/announce.txt
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/list.c?view=patch&r1=1.31&r2=1.32&pathrev=v_3_0_22
CVE-2015-1030 (Memory leak in the rfc2553_connect_to function in jbsocket.c in Privox ...)
	- privoxy 3.0.21-5 (bug #775167)
	[squeeze] - privoxy <not-affected> (Introduced in 3.0.21)
	[wheezy] - privoxy <not-affected> (Introduced in 3.0.21)
	NOTE: http://www.privoxy.org/announce.txt
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/cgisimple.c?view=patch&r1=1.130&r2=1.131&pathrev=v_3_0_22
CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows local ...)
	- cpio 2.11+dfsg-4.1 (low; bug #774669)
	[wheezy] - cpio <no-dsa> (Minor issue)
	[squeeze] - cpio <no-dsa> (Minor issue)
	NOTE: Patch used in SUSE: https://bugzilla.suse.com/attachment.cgi?id=599460&action=diff
	NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca
	NOTE: Regression in upstream's handling of patch https://bugs.debian.org/946267
CVE-2015-4469 (The chmd_read_headers function in chmd.c in libmspack before 0.5 does  ...)
	- libmspack 0.4-3 (bug #774726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4468 (Multiple integer overflows in the search_chunk function in chmd.c in l ...)
	- libmspack 0.4-3 (bug #774726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4467 (The chmd_init_decomp function in chmd.c in libmspack before 0.5 does n ...)
	- libmspack 0.4-3 (bug #774725)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-9275 (ARC 5.21q allows directory traversal via a full pathname in an archive ...)
	- arc 5.21q-6 (low; bug #774527)
	[stretch] - arc 5.21q-4+deb9u1
	[jessie] - arc <ignored> (Minor issue)
	[wheezy] - arc <no-dsa> (Minor issue)
	[squeeze] - arc <no-dsa> (Minor issue)
CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any prompt]
	- lftp 4.6.1-2 (low; bug #774769)
	[jessie] - lftp 4.6.0-1+deb8u1
	[squeeze] - lftp <no-dsa> (Minor issue)
	[wheezy] - lftp <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/12/10
CVE-2014-9587 (Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcub ...)
	{DLA-613-1}
	- roundcube 1.1.1+dfsg.1-2 (bug #775576)
	[squeeze] - roundcube <no-dsa> (Minor issue)
	[wheezy] - roundcube <no-dsa> (Minor issue)
	NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in epan/dissectors ...)
	{DSA-3141-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10. ...)
	{DLA-198-1}
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.10)
	[wheezy] - wireshark <not-affected> (Only affected 1.10)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
CVE-2015-0562 (Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec- ...)
	{DSA-3141-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
CVE-2015-0561 (asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10. ...)
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.8.9)
	[wheezy] - wireshark <not-affected> (Only affected 1.8.9)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-02.html
CVE-2015-0560 (The dissect_wccp2r1_address_table_info function in epan/dissectors/pac ...)
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.10)
	[wheezy] - wireshark <not-affected> (Only affected 1.10)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0559 (Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp ...)
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.10)
	[wheezy] - wireshark <not-affected> (Only affected 1.10)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0558 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with  ...)
	NOT-FOR-US: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router
CVE-2015-0555 (Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in  ...)
	NOT-FOR-US: Samsung
CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with  ...)
	NOT-FOR-US: ADB router
CVE-2015-0553 (Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in  ...)
	NOT-FOR-US: WebsiteBaker
CVE-2014-9526 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2 ...)
	NOT-FOR-US: concrete5
CVE-2014-9525 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Time ...)
	NOT-FOR-US: Timed Popup (wp-timed-popup) plugin for WordPress
CVE-2014-9524 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Face ...)
	NOT-FOR-US: Facebook Like Box (cardoza-facebook-like-box) plugin for WordPress
CVE-2014-9523 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Our  ...)
	NOT-FOR-US: Our Team Showcase (our-team-enhanced) plugin for WordPress
CVE-2014-9522 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light ...)
	NOT-FOR-US: CMS Papoo Light
CVE-2014-9521 (Unrestricted file upload vulnerability in uploadScript.php in Infinite ...)
	NOT-FOR-US: InfiniteWP Admin Panel
CVE-2014-9520 (SQL injection vulnerability in execute.php in InfiniteWP Admin Panel b ...)
	NOT-FOR-US: InfiniteWP Admin Panel
CVE-2014-9519 (SQL injection vulnerability in login.php in InfiniteWP Admin Panel bef ...)
	NOT-FOR-US: InfiniteWP Admin Panel
CVE-2014-9518 (Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router ...)
	NOT-FOR-US: login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01
CVE-2014-9517 (Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103  ...)
	NOT-FOR-US: D-link IP camera DCS-2103
CVE-2014-9516 (Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1 ...)
	NOT-FOR-US: Social Microblogging PRO
CVE-2014-9515 (Dozer improperly uses a reflection-based approach to type conversion,  ...)
	NOT-FOR-US: Dozer
CVE-2014-9514 (Cross-site scripting (XSS) vulnerability in BMC Footprints Service Cor ...)
	NOT-FOR-US: BMC
CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a  ...)
	- rsync 3.1.1-3 (low; bug #778333)
	[wheezy] - rsync <not-affected> (Affected sanitising functionality not yet present)
	[squeeze] - rsync <not-affected> (Affected sanitising functionality not yet present)
	NOTE: http://xteam.baidu.com/?p=169
CVE-2014-9511
	RESERVED
CVE-2014-9510 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	NOT-FOR-US: TP-Link TL-WR840N router
CVE-2014-9509 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x t ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Solution is to remove he configuration options config.prefixLocalAnchors
	NOTE: (and optionally also config.baseUrl) in favor of config.absRefPrefix
CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x t ...)
	- typo3-src 4.5.40+dfsg1-1 (bug #775105)
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://review.typo3.org/#/c/35222/
	NOTE: https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96
CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School Administration  ...)
	NOT-FOR-US: School Administration module for Drupal
CVE-2014-9504 (The OG Subgroups module, when used with the Open Atrium module 7.x-2.x ...)
	NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9503 (The Discussions sub module in the Open Atrium module 7.x-2.x before 7. ...)
	NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9502 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...)
	NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart Block modul ...)
	NOT-FOR-US: Poll Chart Block module for Drupal
CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x be ...)
	NOT-FOR-US: Moip module for Drupal
CVE-2014-9499 (Cross-site scripting (XSS) vulnerability in the Godwin's Law module be ...)
	NOT-FOR-US: Godwin's Law for Drupal
CVE-2014-9498 (Cross-site scripting (XSS) vulnerability in the Webform Invitation mod ...)
	NOT-FOR-US: Webform Invitation module for Drupal
CVE-2014-9492
	REJECTED
CVE-2014-9491 (The devzvol_readdir function in illumos does not check the return valu ...)
	NOT-FOR-US: illumos
CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem befor ...)
	NOT-FOR-US: raven ruby gem
CVE-2014-9488 (The is_utf8_well_formed function in GNU less before 475 allows remote  ...)
	- less 481-1 (unimportant; bug #780247)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/14
	NOTE: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
CVE-2014-9484
	RESERVED
CVE-2014-9473 (Unrestricted file upload vulnerability in lib_nonajax.php in the Cform ...)
	NOT-FOR-US: formsII plugin for WordPress
CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before ...)
	{DSA-3176-1 DLA-158-1}
	- request-tracker4 4.2.8-3
	- request-tracker3.8 <removed> (unimportant)
CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...)
	NOT-FOR-US: Fork CMS
CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...)
	NOT-FOR-US: vBulletin
CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...)
	NOT-FOR-US: InstantASP InstantForum.NET
CVE-2014-9467
	RESERVED
CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS 0.95 bef ...)
	NOT-FOR-US: Microweber CMS
CVE-2014-9463 (functions_vbseo_hook.php in the VBSEO module for vBulletin allows remo ...)
	NOT-FOR-US: vBulletin
CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...)
	{DSA-3257-1 DLA-237-1}
	- mercurial 3.4-1 (bug #783237)
	NOTE: http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
	NOTE: http://selenic.com/hg/rev/e3f30068d2eb
CVE-2014-9461 (Directory traversal vulnerability in models/Cart66.php in the Cart66 L ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2014-9460 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-V ...)
	NOT-FOR-US: WP-ViperGB plugin for WordPress
CVE-2014-9459 (Cross-site request forgery (CSRF) vulnerability in the AdminObserver f ...)
	NOT-FOR-US: e107
CVE-2014-9458 (Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA  ...)
	NOT-FOR-US: Hex-Rays IDA Pro
CVE-2014-9457 (SQL injection vulnerability in classes/mono_display.class.php in PMB 4 ...)
	NOT-FOR-US: PMB
CVE-2014-9456 (Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have uns ...)
	NOT-FOR-US: NotePad++
CVE-2014-9455 (SQL injection vulnerability in showads.php in CTS Projects &amp; Softw ...)
	NOT-FOR-US: CTS Projects & Software ClassAd
CVE-2014-9454 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...)
	NOT-FOR-US: Simple Sticky Footer plugin for WordPress
CVE-2014-9453 (Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor- ...)
	NOT-FOR-US: Simple visitor stat plugin for WordPress
CVE-2014-9452 (Directory traversal vulnerability in VDG Security SENSE (formerly DIVA ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9451 (Multiple stack-based buffer overflows in the DIVA web service API (/we ...)
	NOT-FOR-US: VDG Security SENS
CVE-2014-9448 (Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 all ...)
	NOT-FOR-US: Mini-stream RM-MP3 Converter
CVE-2014-9445 (SQL injection vulnerability in incl/create.inc.php in Installatron GQ  ...)
	NOT-FOR-US: GQ File Manager
CVE-2014-9444 (Cross-site scripting (XSS) vulnerability in the Frontend Uploader plug ...)
	NOT-FOR-US: Frontend Uploader plugin for WordPress
CVE-2014-9443 (Cross-site scripting (XSS) vulnerability in the Relevanssi plugin befo ...)
	NOT-FOR-US: Relevanssi plugin for WordPress
CVE-2014-9442 (SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lit ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2014-9441 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ligh ...)
	NOT-FOR-US: Lightbox Photo Gallery plugin for WordPress
CVE-2014-9440 (SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows ...)
	NOT-FOR-US: phpMyRecipes
CVE-2014-9439 (Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Serv ...)
	NOT-FOR-US: Easy File Sharing Web Server
CVE-2014-9438 (Cross-site request forgery (CSRF) vulnerability in the Moderator Contr ...)
	NOT-FOR-US: vBulletin
CVE-2014-9437 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Slid ...)
	NOT-FOR-US: Sliding Social Icons plugin for WordPress
CVE-2014-9436 (Absolute path traversal vulnerability in SysAid On-Premise before 14.4 ...)
	NOT-FOR-US: SysAid
CVE-2014-9435 (Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow re ...)
	NOT-FOR-US: Absolut Engine
CVE-2014-9434 (Cross-site scripting (XSS) vulnerability in admin/managerrelated.php i ...)
	NOT-FOR-US: Absolut Engine
CVE-2014-9431 (Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwa ...)
	NOT-FOR-US: Smoothwall
CVE-2014-9430 (Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnc ...)
	NOT-FOR-US: Smoothwall
CVE-2014-9429 (Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Expr ...)
	NOT-FOR-US: Smoothwall
CVE-2013-7418 (cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 all ...)
	NOT-FOR-US: IPCop
CVE-2013-7417 (Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCo ...)
	NOT-FOR-US: IPCop
CVE-2011-5318 (Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.C ...)
	NOT-FOR-US: diafan.CMS
CVE-2011-5317 (Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS  ...)
	NOT-FOR-US: WonderCMS
CVE-2011-5316 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in  ...)
	NOT-FOR-US: Cambio
CVE-2011-5315 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in  ...)
	NOT-FOR-US: whCMS
CVE-2011-5314 (templates/default/index.php in Redaxscript 0.3.2 allows remote attacke ...)
	NOT-FOR-US: Redaxscript
CVE-2011-5313 (Multiple SQL injection vulnerabilities in includes/password.php in Red ...)
	NOT-FOR-US: Redaxscript
CVE-2011-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allo ...)
	NOT-FOR-US: Gollos
CVE-2011-5311 (Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipa ...)
	NOT-FOR-US: Wikipad
CVE-2011-5310 (Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows ...)
	NOT-FOR-US: Wikipad
CVE-2011-5309 (Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 ...)
	NOT-FOR-US: Wikipad
CVE-2011-5308 (Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnv ...)
	NOT-FOR-US: cdnvote plugin for WordPress
CVE-2011-5307 (Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmas ...)
	NOT-FOR-US: PhotoSmash plugin for WordPress
CVE-2011-5306 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup ...)
	NOT-FOR-US: CosmoShop ePRO
CVE-2011-5305 (Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO  ...)
	NOT-FOR-US: CosmoShop ePRO
CVE-2011-5304 (Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Po ...)
	NOT-FOR-US: Sodahead Polls plugin for WordPress
CVE-2011-5303 (Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allow ...)
	NOT-FOR-US: Spitfire CMS
CVE-2011-5302 (Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php  ...)
	NOT-FOR-US: PHPDug
CVE-2011-5301 (Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 al ...)
	NOT-FOR-US: PHPDug
CVE-2011-5300 (Cross-site request forgery (CSRF) vulnerability in admin/setup/config/ ...)
	NOT-FOR-US: poMMo Aardvark
CVE-2011-5299 (Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark  ...)
	NOT-FOR-US: poMMo Aardvark
CVE-2011-5298 (Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle S ...)
	NOT-FOR-US: Argyle Social
CVE-2011-5297 (Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 al ...)
	NOT-FOR-US: TTChat
CVE-2011-5296 (Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat  ...)
	NOT-FOR-US: Happy Chat
CVE-2011-5295 (Buffer overflow in the Download method in a certain ActiveX control in ...)
	NOT-FOR-US: Gogago YouTube Video Converter
CVE-2011-5294 (The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in ...)
	NOT-FOR-US: Kofax e-Transactions Sender Sendbox
CVE-2011-5293 (The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX contro ...)
	NOT-FOR-US: ThreeDify Designer
CVE-2011-5292 (The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FT ...)
	NOT-FOR-US: Easewe FTP OCX
CVE-2011-5291 (The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in C ...)
	NOT-FOR-US: Ashampoo 3D CAD Professional
CVE-2011-5290 (The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control i ...)
	NOT-FOR-US: IDrive Online Backup
CVE-2011-5289 (The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX  ...)
	NOT-FOR-US: aTube Catcher
CVE-2011-5288 (Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX ...)
	NOT-FOR-US: ThreeDify Designer
CVE-2011-5287 (Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4 ...)
	NOT-FOR-US: HESK
CVE-2011-5286 (SQL injection vulnerability in social-slider-2/ajax.php in the Social  ...)
	NOT-FOR-US: Social Slider plugin for WordPress
CVE-2011-5285 (Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 a ...)
	NOT-FOR-US: BugFree
CVE-2011-5284 (Cross-site request forgery (CSRF) vulnerability in the web management  ...)
	NOT-FOR-US: Smoothwall
CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Smoothwall
CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...)
	- linux <unfixed> (unimportant; bug #827340)
	- linux-2.6 <removed> (unimportant)
	NOTE: Unclear, old report for Linux
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120571
CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Po ...)
	NOT-FOR-US: MemHT Portal
CVE-2010-5319 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat ...)
	NOT-FOR-US: Kandidat CMS
CVE-2010-5318 (The password-reset feature in as/index.php in SweetRice CMS before 0.6 ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5317 (Multiple SQL injection vulnerabilities in index.php in SweetRice CMS b ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5316 (Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice  ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5315 (Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita b ...)
	NOT-FOR-US: BEdita
CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in controllers/home_controlle ...)
	NOT-FOR-US: BEdita
CVE-2014-9507 (MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, whe ...)
	- mediawiki <not-affected> (There is no content handler in REL1_19)
	NOTE: Upstream bug https://phabricator.wikimedia.org/T72901
CVE-2014-9506 (MantisBT before 1.2.18 does not properly check permissions when sendin ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=9885
CVE-2014-9584 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
	{DSA-3128-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary files via a ...)
	{DSA-3289-1 DLA-245-1}
	- p7zip 9.20.1~dfsg.1-4.2 (bug #774660)
	NOTE: Upstream bug: http://sourceforge.net/p/p7zip/bugs/147/
CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a  ...)
	- trafficserver 5.2.0-1 (bug #778895)
	[wheezy] - trafficserver <not-affected> (Only affects 5.x)
	NOTE: https://issues.apache.org/jira/browse/TS-3223 (fixed in 5.1.2)
	NOTE: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
	NOTE: notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963
CVE-2014-XXXX [crashes on crafted ELF]
	- ht 2.1.0-1 (low; bug #773308)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	[squeeze] - ht <no-dsa> (Minor issue)
CVE-2014-XXXX [insecure LUA default load path]
	- libquvi 0.4.1-3 (low; bug #774555)
	[wheezy] - libquvi <no-dsa> (Minor issue)
	[squeeze] - libquvi <no-dsa> (Minor issue)
CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and ...)
	NOT-FOR-US: Gollum wiki
CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.1 ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9481 (The Scribunto extension for MediaWiki allows remote attackers to obtai ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension f ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9479 (Cross-site scripting (XSS) vulnerability in the preview in the Templat ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9478 (Cross-site scripting (XSS) vulnerability in the preview in the ExpandT ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9477 (Multiple cross-site scripting (XSS) vulnerabilities in the Listings ex ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9450 (Multiple SQL injection vulnerabilities in chart_bar.php in the fronten ...)
	- zabbix 1:2.2.7+dfsg-2 (bug #774750)
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://support.zabbix.com/browse/ZBX-8582
	NOTE: https://github.com/svn2github/zabbix/commit/984bd3bec2d6ca5a80104a5574d19b7f4d04f24b
CVE-2014-9449 (Buffer overflow in the RiffVideo::infoTagsHandler function in riffvide ...)
	- exiv2 0.24-4.1 (bug #773846)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	[squeeze] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: http://dev.exiv2.org/issues/960
	NOTE: http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263
CVE-2014-9447 (Directory traversal vulnerability in the read_long_names function in l ...)
	- elfutils 0.159-4.1 (bug #775536)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	[squeeze] - elfutils <no-dsa> (Minor issue)
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
CVE-2015-0552 (Directory traversal vulnerability in the gcab_folder_extract function  ...)
	- gcab 0.4-2 (bug #774580)
CVE-2015-XXXX [Zoo directory traversal]
	- zoo <removed> (low; bug #774453)
	[stretch] - zoo <no-dsa> (Minor issue)
	[jessie] - zoo <no-dsa> (Minor issue)
	[wheezy] - zoo <no-dsa> (Minor issue)
	[squeeze] - zoo <no-dsa> (Minor issue)
	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142024361327375&w=2
CVE-2015-XXXX [buffer over-read]
	- arc <unfixed> (low; bug #774439)
	[buster] - arc <ignored> (Minor issue)
	[stretch] - arc <ignored> (Minor issue)
	[jessie] - arc <ignored> (Minor issue)
	[wheezy] - arc <no-dsa> (Minor issue)
	[squeeze] - arc <no-dsa> (Minor issue)
CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading slas ...)
	{DSA-3213-1 DLA-188-1}
	- arj 3.10.22-13 (low; bug #774435)
CVE-2015-0556 (Open-source ARJ archiver 3.10.22 allows remote attackers to conduct di ...)
	{DSA-3213-1 DLA-188-1}
	- arj 3.10.22-13 (low; bug #774434)
CVE-2014-9529 (Race condition in the key_gc_unused_keys function in security/keys/gc. ...)
	{DSA-3128-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://marc.info/?l=linux-kernel&m=141986398232547&w=2
	NOTE: http://marc.info/?l=linux-kernel&m=142047362307894&w=2
CVE-2014-9513 (Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows rem ...)
	- xbindkeys-config <unfixed> (unimportant; bug #772473)
	[jessie] - xbindkeys-config <no-dsa> (Minor issue)
	[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
	[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since jessie
CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng b ...)
	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
	- texlive-bin 2014.20140926.35254-4 (bug #773824)
	[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
	[wheezy] - texlive-bin <not-affected> (uses system libpng)
	- libpng1.6 1.6.16-1 (bug #773823)
	- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Z ...)
	- zarafa <itp> (bug #658433)
CVE-2014-9446 (Multiple cross-site scripting (XSS) vulnerabilities in the Staff clien ...)
	- koha <itp> (bug #702134)
CVE-2014-9433 (Multiple cross-site scripting (XSS) vulnerabilities in cms/front_conte ...)
	NOT-FOR-US: Contenido CMS
CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/ ...)
	- serendipity <removed>
CVE-2014-XXXX [denial of service with specific packets]
	- libhtp 1:0.5.25-1 (bug #774897)
	[wheezy] - libhtp <no-dsa> (Minor issue)
	[squeeze] - libhtp <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1272
	NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
	NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035
CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile functi ...)
	- minizip 1.1-5 (low; bug #774321)
CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c i ...)
	NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific)
CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c  ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadm ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-9421 (The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in  ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eS ...)
	NOT-FOR-US: Huawei
CVE-2014-9417 (The Meeting component in Huawei eSpace Desktop before V100R001C03 allo ...)
	NOT-FOR-US: Huawei
CVE-2014-9416 (Multiple untrusted search path vulnerabilities in Huawei eSpace Deskto ...)
	NOT-FOR-US: Huawei
CVE-2014-9415 (Huawei eSpace Desktop before V100R001C03 allows local users to cause a ...)
	NOT-FOR-US: Huawei
CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not proper ...)
	NOT-FOR-US: WordPress plugin W3 Total Cache
CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP B ...)
	NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...)
	- dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530)
	NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x  ...)
	{DSA-3117-1}
	- php5 5.6.5+dfsg-1
	[squeeze] - php5 <not-affected> (Introduced in 5.4.1)
	NOTE: https://bugs.php.net/bug.php?id=68618
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
CVE-2014-XXXX [CRAM-MD5 authentication bypass]
	- dbmail <not-affected> (Only affects versions supporting cram-md5, so 3.0.0 and later)
	NOTE: http://blog.gmane.org/gmane.mail.imap.dbmail/day=20141219
CVE-2014-9483 (Emacs 24.4 allows remote attackers to bypass security restrictions. ...)
	- emacs24 24.5+1-1 (unimportant; bug #774090)
	- emacs23 <not-affected> (Only affects Emacs 24)
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939
	NOTE: Plain bug, security implications rather far-fetched
CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4 allo ...)
	- libmspack 0.4-2 (bug #773041)
	- cabextract 1.4-5 (bug #772891)
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2012-6686
	REJECTED
CVE-2012-6685 (Nokogiri before 1.5.4 is vulnerable to XXE attacks ...)
	{DLA-229-1}
	- ruby-nokogiri 1.5.4-1 (low)
	- libnokogiri-ruby <removed>
	NOTE: https://github.com/sparklemotion/nokogiri/issues/693
	NOTE: Full fix requires fixing CVE-2014-0191 in libxml2 too.
CVE-2014-9428 (The batadv_frag_merge_packets function in net/batman-adv/fragmentation ...)
	- linux 3.16.7-ckt4-1 (bug #774155)
	[wheezy] - linux <not-affected> (Introduced in 3.13)
	- linux-2.6 <not-affected> (Introduced in 3.13)
	NOTE: http://thread.gmane.org/gmane.linux.network/343494
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b
CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attacke ...)
	{DLA-928-1 DLA-356-1}
	- libsndfile 1.0.25-9.1 (low; bug #774162)
	[squeeze] - libsndfile <no-dsa> (Minor issue)
CVE-2014-XXXX [a2p: buffer overflow]
	- perl 5.22.0~rc2-1 (unimportant; bug #769606)
CVE-2014-9486
	REJECTED
CVE-2014-9497 (Buffer overflow in mpg123 before 1.18.0. ...)
	{DLA-655-1}
	- mpg123 1.18.0-1
	[squeeze] - mpg123 <not-affected> (Introduced in 1.14.1)
	NOTE: http://sourceforge.net/p/mpg123/bugs/201/
CVE-2015-0551 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum  ...)
	NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-0550 (Directory traversal vulnerability in EMC Documentum Thumbnail Server 6 ...)
	NOT-FOR-US: EMC Documentum Thumbnail Server
CVE-2015-0549 (Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4 ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0548 (The D2DownloadService.getDownloadUrls service method in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0547 (The D2CenterstageService.getComments service method in EMC Documentum  ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows rem ...)
	NOT-FOR-US: EMC Unified Infrastructure Manager/Provisioning
CVE-2015-0545 (EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging W ...)
	NOT-FOR-US: EMC Unisphere
CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 d ...)
	NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 d ...)
	NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-0542 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA  ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat  ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC Document Sc ...)
	NOT-FOR-US: EMC Document Sciences xPression
CVE-2015-0539
	REJECTED
CVE-2015-0538 (ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allo ...)
	NOT-FOR-US: EMC AutoStart
CVE-2015-0537 (Integer underflow in the base64-decoding implementation in EMC RSA BSA ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0536 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x b ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0535 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x b ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0534 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x b ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0533 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x b ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0532 (EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6. ...)
	NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2015-0531 (EMC SourceOne Email Management before 7.2 does not have a lockout mech ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2015-0530 (Buffer overflow in an unspecified function in nsr_render_log in EMC Ne ...)
	NOT-FOR-US: EMC NetWorker
CVE-2015-0529 (EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default pass ...)
	NOT-FOR-US: EMC PowerPath Virtual Appliance
CVE-2015-0528 (The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7. ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 store ...)
	NOT-FOR-US: EMC
CVE-2015-0526 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validat ...)
	NOT-FOR-US: EMC RSA Validation Manager
CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual ...)
	NOT-FOR-US: EMC
CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC ...)
	NOT-FOR-US: EMC
CVE-2015-0523 (EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registr ...)
	NOT-FOR-US: RSA
CVE-2015-0522 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manage ...)
	NOT-FOR-US: RSA
CVE-2015-0521 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manage ...)
	NOT-FOR-US: RSA
CVE-2015-0520
	REJECTED
CVE-2015-0519 (The InputAccel Database (IADB) installation process in EMC Captiva Cap ...)
	NOT-FOR-US: EMC Captiva Capture
CVE-2015-0518 (The Properties service in the D2FS web-service component in EMC Docume ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0517 (The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0516 (Directory traversal vulnerability in EMC M&amp;R (aka Watch4Net) befor ...)
	NOT-FOR-US: EMC
CVE-2015-0515 (Unrestricted file upload vulnerability in EMC M&amp;R (aka Watch4Net)  ...)
	NOT-FOR-US: EMC
CVE-2015-0514 (EMC M&amp;R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 mig ...)
	NOT-FOR-US: EMC
CVE-2015-0513 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: EMC
CVE-2015-0512 (Open redirect vulnerability in EMC Unisphere Central before 4.0 allows ...)
	NOT-FOR-US: EMC
CVE-2015-0511 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0510 (Unspecified vulnerability in the Oracle Commerce Platform component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0509 (Unspecified vulnerability in the Oracle Hyperion BI+ component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-0508 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0507 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0506 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0505 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0504 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2015-0503 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0502 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-0501 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0500 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0499 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0498 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0497 (Unspecified vulnerability in the PeopleSoft Enterprise Portal Interact ...)
	NOT-FOR-US: Oracle
CVE-2015-0496 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-0495 (Unspecified vulnerability in the Oracle Commerce Guided Search / Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-0494 (Unspecified vulnerability in the Oracle Retail Central Office componen ...)
	NOT-FOR-US: Oracle
CVE-2015-0493 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-0492 (Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX  ...)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-8 <not-affected> (JavaFX not part of OpenJDK)
CVE-2015-0491 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0490 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2015-0489 (Unspecified vulnerability in the Application Management Pack for Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-0488 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/04cda5b7a3c1
CVE-2015-0487 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-0486 (Unspecified vulnerability in Oracle Java SE 8u40 allows remote attacke ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0485 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic S ...)
	NOT-FOR-US: Oracle
CVE-2015-0484 (Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX ...)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-8 <not-affected> (JavaFX not part of OpenJDK)
CVE-2015-0483 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2015-0482 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2015-0481
	REJECTED
CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-8 8u45-b14-1
	- openjdk-7 7u79-2.5.5-1 (bug #774953)
	- openjdk-6 6b35-1.13.7-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
CVE-2015-0479 (Unspecified vulnerability in the XDK and XDB - XML Database component  ...)
	NOT-FOR-US: Oracle
CVE-2015-0478 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0477 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0476 (Unspecified vulnerability in the SQL Trace Analyzer component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-0475 (Unspecified vulnerability in the JD Edwards EnterpriseOne Technology c ...)
	NOT-FOR-US: Oracle
CVE-2015-0474 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2015-0473 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-0471 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows loc ...)
	NOT-FOR-US: Oracle
CVE-2015-0470 (Unspecified vulnerability in Oracle Java SE 8u40 allows remote attacke ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0469 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0468 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-0467 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acqu ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-0466 (Unspecified vulnerability in the Oracle Retail Back Office component i ...)
	NOT-FOR-US: Oracle
CVE-2015-0465 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0464 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0463 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0462 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0461 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2015-0460 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0459 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0458 (Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 al ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0457 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2015-0456 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle
CVE-2015-0455 (Unspecified vulnerability in the XDB - XML Database component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-0454
	REJECTED
CVE-2015-0453 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-0452 (Unspecified vulnerability in the Oracle VM Server for SPARC component  ...)
	NOT-FOR-US: Oracle
CVE-2015-0451 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2015-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle
CVE-2015-0449 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2015-0448 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2015-0447 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle
CVE-2015-0446 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0445 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0444 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0443 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0442
	REJECTED
CVE-2015-0441 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0440 (Unspecified vulnerability in the Oracle Knowledge component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-0439 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0438 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0437 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote attacke ...)
	- openjdk-8 8u40~b22-1
CVE-2015-0436 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle iLearning
CVE-2015-0435 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0434 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2015-0433 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, a ...)
	{DSA-3311-1 DSA-3229-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0432 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier al ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0431 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0430 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0429 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0428 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0427 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2015-0426 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0425 (Unspecified vulnerability in the Oracle Enterprise Asset Management co ...)
	NOT-FOR-US: Oracle
CVE-2015-0424 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)  ...)
	NOT-FOR-US: Oracle Sun Systems Products Suite ILOM
CVE-2015-0423 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0422 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2015-0421 (Unspecified vulnerability in Oracle Java SE 8u25 allows local users to ...)
	- openjdk-8 8u40~b22-1
CVE-2015-0420 (Unspecified vulnerability in the Oracle Forms component in Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2015-0419 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3143-1 DLA-268-1}
	- virtualbox 4.3.2-dfsg-1 (low; bug #775888)
	- virtualbox-ose <removed> (low)
	NOTE: This only affects releases < 4.3, so marking the first 4.3 upload as the fixed version
	NOTE: Upstream patches in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888#30
CVE-2015-0417 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-0416 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-0415 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2015-0414 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2015-0413 (Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0412 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0411 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, a ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit co ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0409 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier al ...)
	- mysql-5.5 <not-affected> (Only MySQL 5.6)
	- mariadb-10.0 <not-affected> (Vulnerable code not present, see https://bugs.debian.org/775882#39)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
	NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0408 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0407 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0406 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0405 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0404 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2015-0403 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0402 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script  ...)
	NOT-FOR-US: Oracle
CVE-2015-0401 (Unspecified vulnerability in the Oracle Directory Server Enterprise Ed ...)
	NOT-FOR-US: Oracle
CVE-2015-0400 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...)
	- openjdk-6 <not-affected> (This only affects Java on Windows)
	- openjdk-7 <not-affected> (This only affects Java on Windows)
	- openjdk-8 <not-affected> (This only affects Java on Windows)
CVE-2015-0399 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2015-0398 (Unspecified vulnerability in the Siebel Life Sciences component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2015-0397 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-0393 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2015-0392 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script  ...)
	NOT-FOR-US: Oracle
CVE-2015-0391 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...)
	- mysql-5.5 5.5.39-1
	[wheezy] - mysql-5.5 5.5.40-0+wheezy1
	- mariadb-10.0 10.0.14-2
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0390 (Unspecified vulnerability in the MICROS Retail component in Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2015-0389 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2015-0388 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-0387 (Unspecified vulnerability in the Siebel Core - Server OM Services comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0386 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2015-0385 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier al ...)
	- mysql-5.5 <not-affected> (Only MySQL 5.6)
	- mariadb-10.0 <not-affected> (Vulnerable code not present, see https://bugs.debian.org/775882#39)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
	NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1 (bug #761683)
	- openjdk-8 8u40~b22-1
CVE-2015-0382 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier an ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0381 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier an ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0380 (Unspecified vulnerability in the Oracle Telecommunications Billing Int ...)
	NOT-FOR-US: Oracle
CVE-2015-0379 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2015-0378 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0377 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3143-1 DLA-268-1}
	- virtualbox 4.3.2-dfsg-1 (bug #775888)
	- virtualbox-ose <removed>
	NOTE: According to http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html the 4.3
	NOTE: series is not affected, so marking the first 4.3 upload as fixed
	NOTE: Upstream patches in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888#30
CVE-2015-0376 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0375 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0374 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier an ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0373 (Unspecified vulnerability in the OJVM component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2015-0372 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle
CVE-2015-0371 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2015-0370 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2015-0369 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2015-0368 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2015-0367 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2015-0366 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0365 (Unspecified vulnerability in the Siebel Core - Server Infrastructure c ...)
	NOT-FOR-US: Oracle
CVE-2015-0364 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0363 (Unspecified vulnerability in the Siebel Core EAI component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2015-0362 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2015-0361 (Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows rem ...)
	- xen 4.4.1-7 (bug #776319)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy functio ...)
	- php5 <removed> (unimportant; bug #774154)
	NOTE: php5 binary packages not built with --with-maintainer-zts
CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext fu ...)
	- libressl <itp> (bug #754513)
CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Ma ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-9411 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9410 (The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9409
	RESERVED
CVE-2014-9408 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
	NOT-FOR-US: Ekahau Real-Time Location Tracking System
CVE-2014-9407 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive A ...)
	NOT-FOR-US: Revive Adserver
CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT  ...)
	NOT-FOR-US: ARRIS Touchstone TG862G/CT Telephony Gateway
CVE-2014-9405 (A Cross-Site Scripting (XSS) vulnerability exists in the description f ...)
	NOT-FOR-US: Freebox OS
CVE-2014-9404
	REJECTED
CVE-2014-9401 (Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts  ...)
	NOT-FOR-US: WP Limit Posts Automatically plugin for WordPress
CVE-2014-9400 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp U ...)
	NOT-FOR-US: Wp Unique Article Header Image plugin for WordPress
CVE-2014-9399 (Cross-site request forgery (CSRF) vulnerability in the TweetScribe plu ...)
	NOT-FOR-US: TweetScribe plugin for WordPress
CVE-2014-9398 (Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlo ...)
	NOT-FOR-US: Twitter LiveBlog plugin for WordPress
CVE-2014-9397 (Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin ...)
	NOT-FOR-US: twimp-wp plugin for WordPress
CVE-2014-9396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...)
	NOT-FOR-US: SimpleFlickr plugin for WordPress
CVE-2014-9395 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...)
	NOT-FOR-US: Simplelife plugin for WordPress
CVE-2014-9394 (Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGR ...)
	NOT-FOR-US: PWGRandom plugin for WordPress
CVE-2014-9393 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Post ...)
	NOT-FOR-US: Post to Twitter plugin for WordPress
CVE-2014-9392 (Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (p ...)
	NOT-FOR-US: PictoBrowser plugin for WordPress
CVE-2014-9391 (Multiple cross-site request forgery (CSRF) vulnerabilities in the gSli ...)
	NOT-FOR-US: gSlideShow plugin for WordPress
CVE-2014-9389 (Directory traversal vulnerability in Sonatype Nexus OSS and Pro before ...)
	NOT-FOR-US: Sonatype Nexus OSS and Pro
CVE-2014-9388 (bug_report.php in MantisBT before 1.2.18 allows remote attackers to as ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17878
CVE-2014-9387 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_ ...)
	NOT-FOR-US: SAP BussinessObjects Edge
CVE-2014-9386 (Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the sessi ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9385 (Cross-site request forgery (CSRF) vulnerability in Zenoss Core through ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9384
	RESERVED
CVE-2014-9383
	RESERVED
CVE-2014-9382 (Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user accou ...)
	NOT-FOR-US: Freebox OS
CVE-2014-9375 (Directory traversal vulnerability in the LibraryFileUploadServlet serv ...)
	NOT-FOR-US: Lexmark
CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet serv ...)
	NOT-FOR-US: ManageEngine NetFlow Analyzer
CVE-2014-9372 (Directory traversal vulnerability in the UploadAccountActivities servl ...)
	NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2014-9371 (The NativeAppServlet in ManageEngine Desktop Central MSP before 90075  ...)
	NOT-FOR-US: ManageEngine Desktop Central MSP
CVE-2014-9370
	RESERVED
CVE-2014-9369 (Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 all ...)
	NOT-FOR-US: Siemens
CVE-2014-9368 (Cross-site request forgery (CSRF) vulnerability in the twitterDash plu ...)
	NOT-FOR-US: WordPress plugin twitterDash
CVE-2014-9367 (Incomplete blacklist vulnerability in the urlEncode function in lib/TW ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367
CVE-2014-9366
	RESERVED
CVE-2014-9493 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) b ...)
	- glance 2014.1.3-6 (bug #773836)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
	NOTE: fixed in experimental with 2014.2.1-2
CVE-2014-XXXX
	- json-glib <unfixed> (unimportant; bug #772585)
	[squeeze] - json-glib <not-affected> (Tool not yet present)
	[wheezy] - json-glib <not-affected> (Tool not yet present)
	NOTE: Negligible security impact
CVE-2014-9475 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki bef ...)
	{DSA-3110-1}
	- mediawiki 1:1.19.20+dfsg-2.2 (bug #773654)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://phabricator.wikimedia.org/T76686 (still not public)
CVE-2014-9476 (MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before ...)
	- mediawiki <not-affected> (CORS support was added in 1.20)
	NOTE: https://phabricator.wikimedia.org/T77028
CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux  ...)
	{DSA-3128-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too risky to backport)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e (v3.19-rc1)
CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel thro ...)
	{DLA-155-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.65-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1)
CVE-2014-9390 (Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x befo ...)
	{DLA-237-1}
	- git 1:2.1.4-1
	[wheezy] - git <no-dsa> (Minor issue)
	[squeeze] - git <no-dsa> (Minor issue)
	- libgit2 0.21.3-1 (bug #774048)
	[jessie] - libgit2 0.21.1-3
	- jgit 3.7.0-1 (bug #774050)
	[jessie] - jgit <no-dsa> (Minor issue)
	[wheezy] - jgit <no-dsa> (Minor issue)
	- mercurial 3.1.2-2 (bug #773640)
	[wheezy] - mercurial 2.2.2-4
	[squeeze] - mercurial <no-dsa> (Minor issue)
	- dulwich 0.10.1-1
	[jessie] - dulwich <no-dsa> (Minor issue)
	[wheezy] - dulwich <no-dsa> (Minor issue)
	[squeeze] - dulwich <no-dsa> (Minor issue)
CVE-2014-9376 (Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9377 (Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9378 (Ettercap 0.8.1 does not validate certain return values, which allows r ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9379 (The radius_get_attribute function in dissectors/ec_radius.c in Etterca ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9380 (The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 al ...)
	{DLA-126-1}
	- ettercap 1:0.8.1-3 (bug #773416)
	NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
CVE-2014-9381 (Integer signedness error in the dissector_cvs function in dissectors/e ...)
	{DLA-126-1}
	- ettercap 1:0.8.1-3 (bug #773416)
	NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC bef ...)
	- znc 1.2-4 (bug #744712)
	[wheezy] - znc <no-dsa> (Minor issue)
	[squeeze] - znc <no-dsa> (Minor issue)
	NOTE: https://github.com/znc/znc/issues/528
	NOTE: https://github.com/znc/znc/commit/8756be513ab6663dcd64087006b257ff34e8e487
CVE-2014-9620 (The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ...)
	{DSA-3121-1}
	- file 1:5.21+15-1
	[squeeze] - file <not-affected> (Introduced in 5.08)
	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
	NOTE: Report: http://mx.gw.com/pipermail/file/2014/001653.html
	NOTE: Fix: https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
	NOTE: Introduced by: https://github.com/file/file/commit/956a45ab1c54b11304b367056f41905e72a02380#diff-bc5c24ef9f39a5f4963ca28ecbc645b3L423
CVE-2014-9621 (The ELF parser in file 5.16 through 5.21 allows remote attackers to ca ...)
	- file 1:5.21+15-1
	[wheezy] - file <not-affected> (Introduced in 5.16)
	[squeeze] - file <not-affected> (Introduced in 5.16)
	- php5 5.6.5+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Report: http://mx.gw.com/pipermail/file/2014/001654.html
	NOTE: Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
	NOTE: Introduced by: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 (5.16)
	NOTE: readelf.c has been removed in PHP in 5.6.5, see http://php.net/ChangeLog-5.php#5.6.5
CVE-2014-9494 (RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_u ...)
	- rabbitmq-server 3.4.1-1 (bug #773134)
	[jessie] - rabbitmq-server 3.3.5-1.1
	[wheezy] - rabbitmq-server <not-affected> (does not have this access control mechanism)
	[squeeze] - rabbitmq-server <not-affected> (does not have this access control mechanism)
	NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a
	NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
	NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
CVE-2014-9652 (The mconvert function in softmagic.c in file before 5.21, as used in t ...)
	{DSA-3126-1 DSA-3121-1 DLA-145-1}
	- file 1:5.21+15-1
	[squeeze] - file <not-affected> (The code was not vulnerable, confirmed with Valgrind on the test data submitted to upstream)
	[wheezy] - file 5.11-2+deb7u7
	- php5 5.6.5+dfsg-1
	[wheezy] - php5 5.4.36-0+deb7u3
	NOTE: http://bugs.gw.com/view.php?id=398
	NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
	NOTE: https://bugs.php.net/bug.php?id=68735
CVE-2014-9402 (The nss_dns implementation of getnetbyname in GNU C Library (aka glibc ...)
	{DSA-3169-1 DLA-122-1}
	- glibc 2.19-14 (bug #775572)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in  ...)
	NOT-FOR-US: LoginToboggan Drupal Module
CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...)
	NOT-FOR-US: Meta tags quick Drupal Module
CVE-2014-9362 (Cross-site scripting (XSS) vulnerability in the path-based meta tag ed ...)
	NOT-FOR-US: Meta tags quick Drupal module
CVE-2014-9361 (The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not pr ...)
	NOT-FOR-US: LoginToboggan Drupal Module
CVE-2014-9360 (XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12 ...)
	NOT-FOR-US: Scalix Web Access
CVE-2014-9359
	RESERVED
CVE-2014-9358 (Docker before 1.3.3 does not properly validate image IDs, which allows ...)
	- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9357 (Docker 1.3.2 allows remote attackers to execute arbitrary code with ro ...)
	- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9356 (Path traversal vulnerability in Docker before 1.3.3 allows remote atta ...)
	- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9355 (Puppet Enterprise before 3.7.1 allows remote authenticated users to ob ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2014-9354 (NetApp OnCommand Balance before 4.2P3 allows local users to obtain sen ...)
	NOT-FOR-US: NetApp OnCommand Balance
CVE-2014-9353 (NetApp OnCommand Balance before 4.2P2 contains a "default privileged a ...)
	NOT-FOR-US: NetApp OnCommand Balance
CVE-2014-9352 (Cross-site scripting (XSS) vulnerability in the mail administration lo ...)
	NOT-FOR-US: Scalix Web Access
CVE-2014-9350 (TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 13 ...)
	NOT-FOR-US: TP-Link Router
CVE-2014-9349 (Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.li ...)
	NOT-FOR-US: RobotStats
CVE-2014-9348 (SQL injection vulnerability in the formulaireRobot function in admin/r ...)
	NOT-FOR-US: RobotStats
CVE-2014-9347 (SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allo ...)
	NOT-FOR-US: phpMyRecipes
CVE-2014-9346 (Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchica ...)
	NOT-FOR-US: Hierarchical Select Drupal Module
CVE-2014-9345 (SQL injection vulnerability in Guruperl.net Advertise With Pleasure! P ...)
	NOT-FOR-US: AWP PRO
CVE-2014-9344 (Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before  ...)
	NOT-FOR-US: Snowfox CMS
CVE-2014-9343 (Open redirect vulnerability in modules/system/controller/selectlanguag ...)
	NOT-FOR-US: Snowfox CMS
CVE-2014-9342 (Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-9341 (Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ...)
	NOT-FOR-US: WordPress plugin yURL ReTwitt
CVE-2014-9340 (Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCo ...)
	NOT-FOR-US: WordPress plugin wpCommentTwit
CVE-2014-9339 (Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNb ...)
	NOT-FOR-US: WordPress plugin SPNbabble
CVE-2014-9338 (Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tw ...)
	NOT-FOR-US: WordPress plugin O2Tweet
CVE-2014-9337 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Miki ...)
	NOT-FOR-US: WordPress plugin Mikiurl Wordpress Eklentisi
CVE-2014-9336 (Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwi ...)
	NOT-FOR-US: WordPress plugin iTwitter
CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Dand ...)
	NOT-FOR-US: WordPress plugin DandyID Services
CVE-2014-9334 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird ...)
	NOT-FOR-US: Bird Feeder plugin for WordPress
CVE-2014-9333
	RESERVED
CVE-2014-9332
	RESERVED
CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine D ...)
	NOT-FOR-US: ZOHO ManageEngine Desktop Central
CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows  ...)
	{DSA-3273-1 DLA-221-1}
	- tiff 4.0.3-12 (bug #773987)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494
CVE-2014-9329
	RESERVED
CVE-2014-9328 (ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d
CVE-2014-9327
	RESERVED
CVE-2014-9326 (The automatic signature update functionality in the (1) Phone Home fea ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 all ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
CVE-2014-9324 (The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x befo ...)
	{DSA-3124-1}
	- otrs2 3.3.9-3
	[squeeze] - otrs2 <not-affected> (Problematic module got introduced later)
	NOTE: https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/
	NOTE: Fix for 3.1.x: https://github.com/OTRS/otrs/commit/3058438a372db0d1a11c365d48a5fc7b1db24e90
CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not  ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux 3.2.63-2+deb7u2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6  2.6.32-48squeeze9
CVE-2014-9321
	RESERVED
CVE-2014-9320
	RESERVED
	NOT-FOR-US: SAP Business Objects
CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg  ...)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
	- libav <not-affected> (Vulnerable code not present, format not supported)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
	{DLA-1611-1}
	- libav <removed>
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg befor ...)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
CVE-2014-9315
	RESERVED
CVE-2014-9314
	RESERVED
CVE-2014-9313
	RESERVED
CVE-2014-9312 (Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. ...)
	NOT-FOR-US: Photo Gallery
CVE-2014-9311 (Cross-site scripting (XSS) vulnerability in admin.php in the Shareahol ...)
	NOT-FOR-US: Shareaholic plugin for WordPress
CVE-2014-9310 (Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dr ...)
	NOT-FOR-US: WordPress Backup to Dropbox plugin for WordPress
CVE-2014-9309
	RESERVED
CVE-2014-9308 (Unrestricted file upload vulnerability in inc/amfphp/administration/ba ...)
	NOT-FOR-US: WordPress plugin WP EasyCart
CVE-2014-9307
	RESERVED
CVE-2014-9306
	RESERVED
CVE-2014-9305 (SQL injection vulnerability in the shortcodeProductsTable function in  ...)
	NOT-FOR-US: shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin for WordPress
CVE-2014-9304 (Plex Media Server before 0.9.9.3 allows remote attackers to bypass the ...)
	NOT-FOR-US: Plex Media Server
CVE-2014-9303 (EntryPass N5200 Active Network Control Panel allows remote attackers t ...)
	NOT-FOR-US: EntryPass
CVE-2014-9302 (Server-side request forgery (SSRF) vulnerability in the cmisbrowser se ...)
	NOT-FOR-US: Alfresco Community Edition
CVE-2014-9301 (Server-side request forgery (SSRF) vulnerability in the proxy servlet  ...)
	NOT-FOR-US: Alfreso Community Edition
CVE-2014-9300 (Cross-site request forgery (CSRF) vulnerability in the cmisbrowser ser ...)
	NOT-FOR-US: Alfreso Community Edition
CVE-2014-9299
	REJECTED
CVE-2014-9374 (Double free vulnerability in the WebSocket Server (res_http_websocket  ...)
	- asterisk 1:13.1.0~dfsg-1 (bug #773230)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[wheezy] - asterisk <not-affected> (Web socket code not yet present)
	[squeeze] - asterisk <not-affected> (Web socket code not yet present)
	NOTE: http://downloads.digium.com/pub/security/AST-2014-019.html
CVE-2014-9323 (The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x befo ...)
	{DSA-3109-1 DLA-130-1 DLA-123-1}
	- firebird2.5 2.5.3.26778.ds4-5 (bug #772880)
	- firebird2.1 <removed>
	NOTE: http://sourceforge.net/p/firebird/code/60331
	NOTE: http://tracker.firebirdsql.org/browse/CORE-4630
CVE-2014-9298
	REJECTED
CVE-2014-9297
	REJECTED
CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 contin ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2670 (not yet open)
CVE-2014-9295 (Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allo ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2667 (not yet open)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2668 (not yet open)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2669 (not yet open)
CVE-2014-9294 (util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RN ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2666 (not yet open)
CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an auth  ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2665 (not yet open)
CVE-2014-9292 (Server-side request forgery (SSRF) vulnerability in proxy.php in the j ...)
	NOT-FOR-US: jRSS WordPress Plugin
CVE-2014-9291
	REJECTED
CVE-2014-9290
	REJECTED
CVE-2014-9289
	REJECTED
CVE-2014-9288
	REJECTED
CVE-2014-9287
	REJECTED
CVE-2014-9286
	REJECTED
CVE-2014-9285
	REJECTED
CVE-2014-9284 (The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, ...)
	NOT-FOR-US: Buffalo routers
CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remot ...)
	NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer applicati ...)
	NOT-FOR-US: Speed Root Explorer
CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR)  ...)
	NOT-FOR-US: Autodesk Design Review
CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows r ...)
	NOT-FOR-US: PTC IsoView
CVE-2014-9266 (The STWConfig ActiveX control in Samsung SmartViewer does not properly ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl  ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2014-9264 (Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywh ...)
	NOT-FOR-US: SAP SQL Anywhere
CVE-2014-9263 (Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMedi ...)
	NOT-FOR-US: 3S Pocketnet Tech VMS
CVE-2014-9262 (The Duplicator plugin in Wordpress before 0.5.10 allows remote authent ...)
	NOT-FOR-US: Duplicator plugin in Wordpress
CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement f ...)
	NOT-FOR-US: Codoforum
CVE-2014-9260 (The basic_settings function in the download manager plugin for WordPre ...)
	NOT-FOR-US: download manager plugin for WordPress
CVE-2014-9259
	RESERVED
CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI befor ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-9257
	RESERVED
CVE-2014-9256
	RESERVED
CVE-2014-9255
	RESERVED
CVE-2014-9254 (bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regu ...)
	NOT-FOR-US: MiniBB
CVE-2014-9253 (The default file type whitelist configuration in conf/mime.conf in the ...)
	- dokuwiki 0.0.20140929.d-1 (bug #773429)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
	NOTE: Advisory: http://security.szurek.pl/dokuwiki-20140929a-xss.html
CVE-2014-9252 (Zenoss Core through 5 Beta 3 stores cleartext passwords in the session ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9251 (Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords,  ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9250 (Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a S ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9249 (The default configuration of Zenoss Core before 5 allows remote attack ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9248 (Zenoss Core through 5 Beta 3 does not require complex passwords, which ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9247 (Zenoss Core through 5 Beta 3 allows remote authenticated users to obta ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9246
	REJECTED
CVE-2014-9245 (Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensiti ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9244
	REJECTED
CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2. ...)
	NOT-FOR-US: WebsiteBaker
CVE-2014-9242 (SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker  ...)
	NOT-FOR-US: WebsiteBaker
CVE-2014-9241 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...)
	NOT-FOR-US: MyBB
CVE-2014-9240 (SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard ...)
	NOT-FOR-US: MyBB
CVE-2014-9239 (SQL injection vulnerability in the IPS Connect service (interface/ipsc ...)
	NOT-FOR-US: Invision Power Board
CVE-2014-9238 (D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers  ...)
	NOT-FOR-US: D-link DCS-2103
CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote ...)
	NOT-FOR-US: Proticaret E-Commerce
CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zop ...)
	- zoph <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
	NOTE: https://github.com/jeroenrnl/zoph/issues/59
	NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Pho ...)
	- zoph <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
	NOTE: https://github.com/jeroenrnl/zoph/issues/59
	NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link  ...)
	NOT-FOR-US: D-link DCS-2103
CVE-2014-9233
	REJECTED
CVE-2014-9232
	REJECTED
CVE-2014-9231
	REJECTED
CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration console ...)
	NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts in the ...)
	NOT-FOR-US: Symantec
CVE-2014-9228 (sysplant.sys in the Manager component in Symantec Endpoint Protection  ...)
	NOT-FOR-US: Symantec
CVE-2014-9227 (Multiple untrusted search path vulnerabilities in the Manager componen ...)
	NOT-FOR-US: Symantec
CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) 5. ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical Syst ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-9224 (Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-9223 (Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei H ...)
	NOT-FOR-US: RomPager
	NOTE: http://mis.fortunecook.ie/
CVE-2014-9222 (AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway  ...)
	NOT-FOR-US: RomPager
	NOTE: http://mis.fortunecook.ie/
CVE-2014-9221 (strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to ...)
	{DSA-3118-1}
	- strongswan 5.2.1-5
	[squeeze] - strongswan <not-affected> (MODP_CUSTOM Diffie-Hellman group not implemented in 4.4.1)
CVE-2014-9217 (Graylog2 before 0.92 allows remote attackers to bypass LDAP authentica ...)
	- graylog2 <itp> (bug #652273)
CVE-2014-9216
	RESERVED
CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in includes/fun ...)
	NOT-FOR-US: PBBoard
CVE-2014-9214
	RESERVED
CVE-2014-9213
	RESERVED
CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent ...)
	NOT-FOR-US: Altitude uAgent
CVE-2014-9211 (ClickDesk version 4.3 and below has persistent cross site scripting ...)
	NOT-FOR-US: ClickDesk
CVE-2014-9210
	REJECTED
CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application i ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2014-9208 (Multiple stack-based buffer overflows in unspecified DLL files in Adva ...)
	NOT-FOR-US: Advantech
CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2. ...)
	NOT-FOR-US: CIMON CmnView
CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ear ...)
	NOT-FOR-US: Schneider Electric Invensys
CVE-2014-9205 (Stack-based buffer overflow in the PmBase64Decode function in an unspe ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2014-9204 (Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLi ...)
	NOT-FOR-US: OPCTest.exe in Rockwell Automation RSLinx Classic
CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in th ...)
	NOT-FOR-US: HART Device Type Manager (DTM) library
CVE-2014-9202 (Multiple stack-based buffer overflows in an unspecified DLL file in Ad ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with firmwa ...)
	NOT-FOR-US: Beckwith Electric digital voltage regulators
CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM develo ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote  ...)
	NOT-FOR-US: Clorius Controls Java web client
CVE-2014-9198 (The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gatew ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware b ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9196 (Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 ...)
	NOT-FOR-US: Eaton Cooper Power Systems
CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication,  ...)
	NOT-FOR-US: Phoenix Contact ProConOs and MultiProg
CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a  ...)
	NOT-FOR-US: Arbiter 1094B GPS Substation Clock
CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allo ...)
	NOT-FOR-US: Innominate mGuard
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 t ...)
	NOT-FOR-US: Trihedral Engineering VTScada
CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson HART ...)
	NOT-FOR-US: Emerson HART DTM
CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch A ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9189 (Multiple stack-based buffer overflow vulnerabilities were found in Hon ...)
	NOT-FOR-US: Honeywell Experion PKS
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in Honeywell ...)
	NOT-FOR-US: Honeywell Experion PKS
CVE-2014-9186 (A file inclusion vulnerability exists in the confd.exe module in Honey ...)
	NOT-FOR-US: Honeywell
CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 a ...)
	NOT-FOR-US: Morfy CMS
CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via  ...)
	NOT-FOR-US: ZTE ZXDSL Modem
CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin account ...)
	NOT-FOR-US: ZTE ZDSL Modem
CVE-2014-9182 (models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attac ...)
	NOT-FOR-US: Anchor CMS
CVE-2014-9181 (Multiple directory traversal vulnerabilities in Plex Media Server befo ...)
	NOT-FOR-US: Plex Media Server
CVE-2014-9180 (Open redirect vulnerability in go.php in Eleanor CMS allows remote att ...)
	NOT-FOR-US: Eleanor CMS
CVE-2014-9179 (Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket Sys ...)
	NOT-FOR-US: SupportEzzy Ticket System plugin for WordPress
CVE-2014-9178 (Multiple SQL injection vulnerabilities in classes/ajax.php in the Smar ...)
	NOT-FOR-US: Smarty Pants Plugin for WordPress
CVE-2014-9177 (The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPres ...)
	NOT-FOR-US: Playlist Free WordPress Plugin
CVE-2014-9176 (Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Sque ...)
	NOT-FOR-US: InstaSqueeze Sexy Squeeze Pages plugin for WordPress
CVE-2014-9175 (SQL injection vulnerability in wpdatatables.php in the wpDataTables pl ...)
	NOT-FOR-US: wpDataTables WordPress Plugin
CVE-2014-9174 (Cross-site scripting (XSS) vulnerability in the Google Analytics by Yo ...)
	NOT-FOR-US: Google Analytics by Yoast (google-analytics-for-wordpress) plugin for WordPress
CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc Embedder plu ...)
	NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2014-9474 (Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2- ...)
	- mpfr4 3.1.2-2 (low; bug #772008)
	[squeeze] - mpfr4 <no-dsa> (Minor issue)
	[wheezy] - mpfr4 <no-dsa> (Minor issue)
	NOTE: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
CVE-2015-0360 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0359 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0358 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0357 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0356 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0355 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0354 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0353 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0352 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0351 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0350 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0349 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0348 (Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x throu ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0347 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0346 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2015-0344 (Cross-site scripting (XSS) vulnerability in the web app in Adobe Conne ...)
	NOT-FOR-US: Adobe
CVE-2015-0343 (Cross-site scripting (XSS) vulnerability in admin/home/homepage/search ...)
	NOT-FOR-US: Adobe
CVE-2015-0342 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0341 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0340 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0339 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0338 (Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0337 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0336 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0335 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0334 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0333 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0332 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0331 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0330 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0329 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0328 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0327 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0326 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0325 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0324 (Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x throu ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0323 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0322 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0321 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0320 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0319 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0318 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0317 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0316 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0315 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0314 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0313 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0312 (Double free vulnerability in Adobe Flash Player before 13.0.0.264 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0311 (Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0310 (Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0309 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0308 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0307 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0306 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0305 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0304 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0303 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service (out-of-bou ...)
	{DSA-3158-1 DLA-133-1}
	- unrtf 0.21.5-2 (bug #772811)
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00001.html
	NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/1df886f2e65f7c512a6217588ae8d94d4bcbc63d
	NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/3c7ff3f888de0f0d957fe67b6bd4bec9c0d475f3
CVE-2014-9274 (UnRTF allows remote attackers to cause a denial of service (crash) and ...)
	{DSA-3158-1 DLA-133-1}
	- unrtf 0.21.5-2 (bug #772811)
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00000.html
	NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/b0cef89a170a66bc48f8dd288ce562ea8ca91f7a
CVE-2014-9278 (The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 a ...)
	- openssh <not-affected> (patch not applied to Debian)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169843
	NOTE: Patch https://bugzilla.mindrot.org/show_bug.cgi?id=1867 from not applied in Debian
CVE-2014-9277 (The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki bef ...)
	{DSA-3100-1}
	- mediawiki 1:1.19.20+dfsg-2.1 (bug #772764)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
	NOTE: backported patches for 1.19:
	NOTE: https://gerrit.wikimedia.org/r/#/c/175725/
	NOTE: https://gerrit.wikimedia.org/r/#/c/175960/
CVE-2014-9276 (Cross-site request forgery (CSRF) vulnerability in the Special:Expande ...)
	- mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111
	NOTE: No special expand templates before 1.23.x but available as extension.
CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x be ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...)
	- phpmyadmin 4:4.2.12-2 (bug #774194)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-18/
CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x be ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.2.12-2 (low; bug #774194)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-17/
CVE-2014-9172
	REJECTED
CVE-2014-9171
	REJECTED
CVE-2014-9170
	REJECTED
CVE-2014-9169
	REJECTED
CVE-2014-9168
	REJECTED
CVE-2014-9167
	REJECTED
CVE-2014-9166 (Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows att ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-9165 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-9164 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9163 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9162 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x  ...)
	NOT-FOR-US: Adobe
CVE-2014-9160 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x  ...)
	NOT-FOR-US: Adobe
CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-9155 (Directory traversal vulnerability in the Avatar Uploader module 6.x-1. ...)
	NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2014-9154 (The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly  ...)
	NOT-FOR-US: Notify module for Drupal
CVE-2014-9153 (Cross-site scripting (XSS) vulnerability in the Services module 7.x-3. ...)
	NOT-FOR-US: Services module for Drupal
CVE-2014-9152 (The _user_resource_create function in the Services module 7.x-3.x befo ...)
	NOT-FOR-US: Services module for Drupal
CVE-2014-9151 (The Services module 7.x-3.x before 7.x-3.10 for Drupal does not proper ...)
	NOT-FOR-US: Services module for Drupal
CVE-2014-9150 (Race condition in the MoveFileEx call hook feature in Adobe Reader and ...)
	NOT-FOR-US: Adobe
CVE-2014-9149
	RESERVED
CVE-2014-9148 (Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access res ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9147 (Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1. ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remot ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attac ...)
	NOT-FOR-US: Technicolor routers
CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with firmware ...)
	NOT-FOR-US: Technicolor routers
CVE-2014-9142 (Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130  ...)
	NOT-FOR-US: Technicolor routers
CVE-2014-9141 (The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier us ...)
	NOT-FOR-US: Thomson Reuters Fixed Assets
CVE-2014-9139
	RESERVED
CVE-2014-9138
	RESERVED
CVE-2014-9137 (Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V ...)
	NOT-FOR-US: Huawei
CVE-2014-9136 (Huawei FusionManager with software V100R002C03 and V100R003C00 could a ...)
	NOT-FOR-US: Huawei
CVE-2014-9135 (The PackageInstaller module in Huawei P7-L10 smartphones before V100R0 ...)
	NOT-FOR-US: PackageInstaller module in Huawei P7-L10
CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube Wireless R ...)
	NOT-FOR-US: Huawei Wireless Router
CVE-2014-9133
	RESERVED
CVE-2014-9132
	RESERVED
CVE-2014-9131
	RESERVED
CVE-2014-9128
	RESERVED
CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...)
	NOT-FOR-US: Open-School Community Edition
CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...)
	NOT-FOR-US: Open-School Community Edition
CVE-2014-9125
	RESERVED
CVE-2014-9124
	RESERVED
CVE-2014-9123
	RESERVED
CVE-2014-9122
	RESERVED
CVE-2014-9121
	RESERVED
CVE-2014-9120 (Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 a ...)
	NOT-FOR-US: Subrion CMS
CVE-2014-9119 (Directory traversal vulnerability in download.php in the DB Backup plu ...)
	NOT-FOR-US: WordPress plugin db-backup
CVE-2014-9118 (The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 ...)
	NOT-FOR-US: ZHONE Router
CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in include/fu ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 an ...)
	NOT-FOR-US: PFX Engagement
CVE-2014-9111
	RESERVED
CVE-2014-9110
	RESERVED
CVE-2014-9109
	RESERVED
CVE-2014-9108
	RESERVED
CVE-2014-9107
	RESERVED
CVE-2014-9106
	RESERVED
CVE-2014-9105
	RESERVED
CVE-2014-9104 (Multiple cross-site request forgery (CSRF) vulnerabilities in the XML- ...)
	NOT-FOR-US: Desktop Client in OpenVPN Access Server
CVE-2014-9103 (Multiple cross-site scripting (XSS) vulnerabilities in the Kunena comp ...)
	NOT-FOR-US: Kunena component for Joomla!
CVE-2014-9102 (Multiple SQL injection vulnerabilities in the Kunena component before  ...)
	NOT-FOR-US: Kunena component for Joomla!
CVE-2014-9101 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1 ...)
	NOT-FOR-US: Oxwall and SkaDate Lite
CVE-2014-9100 (Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plug ...)
	NOT-FOR-US: WhyDoWork AdSense plugin for WordPress
CVE-2014-9099 (Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSen ...)
	NOT-FOR-US: WhyDoWork AdSense plugin for WordPress
CVE-2014-9098 (Multiple cross-site scripting (XSS) vulnerabilities in the Apptha Word ...)
	NOT-FOR-US: Apptha WordPress Plugin
CVE-2014-9097 (Multiple SQL injection vulnerabilities in the Apptha WordPress Video G ...)
	NOT-FOR-US: Apptha WordPress Plugin
CVE-2014-9096 (Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0 ...)
	NOT-FOR-US: Pligg
CVE-2014-9095 (Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4 ...)
	NOT-FOR-US: Raritan Power IQ
CVE-2014-9094 (Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer ...)
	NOT-FOR-US: Digital Zoom Studio (DZS) Video Gallery plugin for WordPress
CVE-2014-9088
	RESERVED
CVE-2014-9086
	RESERVED
CVE-2014-9085
	RESERVED
CVE-2014-9084
	RESERVED
CVE-2014-9083
	RESERVED
CVE-2014-9082
	RESERVED
CVE-2014-9081
	RESERVED
CVE-2014-9080
	RESERVED
CVE-2014-9079
	RESERVED
CVE-2014-9078
	RESERVED
CVE-2014-9077
	RESERVED
CVE-2014-9076
	RESERVED
CVE-2014-9075
	RESERVED
CVE-2014-9074
	RESERVED
CVE-2014-9073
	RESERVED
CVE-2014-9072
	RESERVED
CVE-2014-9071
	RESERVED
CVE-2014-9070
	RESERVED
CVE-2014-9069
	RESERVED
CVE-2014-9068
	RESERVED
CVE-2014-9067
	RESERVED
CVE-2014-9066 (Xen 4.4.x and earlier, when using a large number of VCPUs, does not pr ...)
	- xen <unfixed> (unimportant)
	NOTE: Architectual/design limitation, not treated as a security issue
CVE-2014-9065 (common/spinlock.c in Xen 4.4.x and earlier does not properly handle re ...)
	- xen 4.4.1-6
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9064
	RESERVED
CVE-2014-9063
	RESERVED
CVE-2014-9062
	RESERVED
CVE-2014-9061
	RESERVED
CVE-2014-9060 (The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x bef ...)
	- moodle 2.7.5+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927
	NOTE: https://moodle.org/mod/forum/discuss.php?d=275165
CVE-2014-9058
	RESERVED
CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type b ...)
	{DSA-3183-1}
	- movabletype-opensource <removed> (bug #774192)
	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://movabletype.org/news/2014/12/6.0.6.html
	NOTE: https://movabletype.org/documentation/appendices/release-notes/6.0.6.html
CVE-2014-9056
	RESERVED
CVE-2014-9055
	RESERVED
CVE-2014-9054
	RESERVED
CVE-2014-9053
	RESERVED
CVE-2014-9052
	RESERVED
CVE-2014-9051
	RESERVED
CVE-2014-9049 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x  ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-025
CVE-2014-9048 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x  ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-024
CVE-2014-9047 (Multiple unspecified vulnerabilities in the preview system in ownCloud ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-026
CVE-2014-9046 (The OC_Util::getUrlContent function in ownCloud Server before 5.0.18,  ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-023
CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 5.0.18 and  ...)
	- owncloud 7~20140504+dfsg-1
	NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-022
CVE-2014-9044 (Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the ab ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-021
CVE-2014-9043 (The user_ldap (aka LDAP user and group backend) application in ownClou ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-020
CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import functionality i ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-028
CVE-2014-9041 (The import functionality in the bookmarks application in ownCloud serv ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019
CVE-2014-9040
	RESERVED
CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jp ...)
	{DSA-3089-1 DLA-101-1}
	- jasper 1.900.1-debian1-2.2 (bug #772036)
CVE-2014-9027 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDS ...)
	NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9026 (The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properl ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2014-9025 (The default checkout completion rule in the commerce_order module in t ...)
	NOT-FOR-US: Drupal Commerce module for Drupal
CVE-2014-9024 (The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows re ...)
	NOT-FOR-US: Protected Pages module for Drupal
CVE-2014-9023 (The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly  ...)
	NOT-FOR-US: Twilio module for Drupal
CVE-2014-9022 (The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x  ...)
	NOT-FOR-US: Webform Component Roles module for Drupal
CVE-2014-9021 (Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 a ...)
	NOT-FOR-US: ZTE ZXDSL 831
CVE-2014-9020 (Cross-site scripting (XSS) vulnerability in the Quick Stats page (psil ...)
	NOT-FOR-US: ZTE ZXDSL 831 and 831CII
CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDS ...)
	NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9017 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (buil ...)
	NOT-FOR-US: OpenKM
CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
	{DSA-3168-1 DLA-167-1}
	- ruby-redcloth 4.2.9-4 (bug #774748)
	- redcloth <removed>
	NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en
CVE-2012-6683
	RESERVED
CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in downloads/actions/editdown ...)
	NOT-FOR-US: DragonByte Technologies vBDownloads module for vBulletin
CVE-2012-6681
	RESERVED
CVE-2012-6680
	RESERVED
CVE-2012-6679
	RESERVED
CVE-2012-6678
	RESERVED
CVE-2012-6677
	RESERVED
CVE-2012-6676
	RESERVED
CVE-2012-6675
	RESERVED
CVE-2012-6674
	RESERVED
CVE-2012-6673
	RESERVED
CVE-2012-6672
	RESERVED
CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in actions/main.ph ...)
	NOT-FOR-US: DragonByte Technologies Forumon RPG module for vBulletin
CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte  ...)
	NOT-FOR-US: DragonByte Technologies vbActivity module for vBulletin
CVE-2012-6669
	RESERVED
CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout Repor ...)
	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte  ...)
	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...)
	NOT-FOR-US: vBSeo
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...)
	- linux 2.6.38-1
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
CVE-2014-9156 (The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not prope ...)
	NOT-FOR-US: Drupal module FileField
CVE-2014-9129 (Cross-site request forgery (CSRF) vulnerability in the CreativeMinds C ...)
	NOT-FOR-US: WordPress plugin cm-download-manager
CVE-2014-8123 (Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37  ...)
	- antiword 0.37-5 (bug #771768)
	NOTE: http://www.openwall.com/lists/oss-security/2014/12/01/4
	NOTE: This actually was fixed long time ago in https://bugs.debian.org/407015
CVE-2014-8104 (OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...)
	{DSA-3084-1 DLA-98-1}
	- openvpn 2.3.4-5
	NOTE: https://github.com/OpenVPN/openvpn/commit/c5590a6821e37f3b29735f55eb0c2b9c0924138c
	NOTE: http://web.archive.org/web/20150514123219/https://forums.openvpn.net/topic17625.html
CVE-2014-9272 (The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x befo ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/05378e00
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17297
CVE-2014-9281 (Cross-site scripting (XSS) vulnerability in admin/copy_field.php in Ma ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17876
CVE-2014-9271 (Cross-site scripting (XSS) vulnerability in file_download.php in Manti ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17874
	NOTE: http://github.com/mantisbt/mantisbt/commit/9fb8cf36f
CVE-2014-9270 (Cross-site scripting (XSS) vulnerability in the projax_array_serialize ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17583
CVE-2014-9269 (Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17890
CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php  ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17875
CVE-2014-9279 (The print_test_result function in admin/upgrade_unattended.php in Mant ...)
	- mantis <removed> (unimportant)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/0826cef8
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17877
	NOTE: unimportant, source affected but unrelevant for Debian, upgrade_unattended.php removed also in binary package
CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6 ...)
	{DSA-3086-1 DLA-102-1}
	- tcpdump 4.6.2-3
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda
	NOTE: http://seclists.org/tcpdump/2014/q4/72
CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...)
	{DSA-3115-1 DSA-3103-1 DSA-3102-1 DLA-127-1 DLA-110-1 DLA-109-1}
	- libyaml 0.1.6-3 (bug #771366)
	- libyaml-libyaml-perl 0.41-6 (bug #771365)
	- pyyaml 3.11-2 (bug #772815)
	NOTE: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
	NOTE: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
	NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE
	NOTE: for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/
CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key  ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17811
CVE-2014-9116 (The write_one_header function in mutt 1.5.23 does not properly handle  ...)
	{DSA-3083-1 DLA-100-1}
	- mutt 1.5.23-2 (bug #771125)
	NOTE: Detailed analysis in https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4
	NOTE: Upstream bugreport: http://dev.mutt.org/trac/ticket/3716
CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute arbi ...)
	- util-linux 2.25.2-4 (bug #771274)
	[squeeze] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2014/11/26/13
	NOTE: https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc
CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...)
	{DSA-3111-1 DLA-111-1}
	- cpio 2.11+dfsg-4 (bug #772793)
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
	NOTE: https://savannah.gnu.org/bugs/?43709
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 (fix buffer overflow)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a (fix range checking of length of link name)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b (fixup of former commit)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d11 (fix null deref)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=f6a8a2cb (fix test suite in former commit)
CVE-2014-9089 (Multiple SQL injection vulnerabilities in view_all_bug_page.php in Man ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17841
	NOTE: http://github.com/mantisbt/mantisbt/commit/b0021673
CVE-2014-9273 (lib/handle.c in Hivex before 1.3.11 allows local users to execute arbi ...)
	- hivex 1.3.11-1 (low)
	[jessie] - hivex 1.3.10-2+deb8u1
	[wheezy] - hivex <no-dsa> (Minor issue)
	[squeeze] - hivex <no-dsa> (Minor issue)
	NOTE: https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb
	NOTE: https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705
CVE-2014-9087 (Integer underflow in the ksba_oid_to_str function in Libksba before 1. ...)
	{DSA-3078-1 DLA-141-1}
	- libksba 1.3.2-1 (bug #770972)
	- gnupg2 <not-affected> (Fixed before entering unstable; affected only 2.1 and betas)
	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
	NOTE: Upstream commit: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7
CVE-2014-9157 (Format string vulnerability in the yyerror function in lib/cgraph/scan ...)
	{DSA-3098-1 DLA-105-1}
	- graphviz 2.38.0-7 (bug #772648)
	NOTE: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
CVE-2014-9471 (The parse_datetime function in GNU coreutils allows remote attackers t ...)
	- coreutils 8.23-1 (low)
	[wheezy] - coreutils <no-dsa> (Minor issue)
	[squeeze] - coreutils <no-dsa> (Minor issue)
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
CVE-2014-9365 (The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4)  ...)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Too intrusive to backport)
	- python2.6 <removed>
	[wheezy] - python2.6 <no-dsa> (Too intrusive to backport)
	[squeeze] - python2.6 <no-dsa> (Too intrusive to backport)
	- python2.7 2.7.9-1
	[wheezy] - python2.7 <no-dsa> (Too intrusive to backport)
	- python3.1 <removed>
	[squeeze] - python3.1 <no-dsa> (Too intrusive to backport)
	- python3.2 <removed>
	[wheezy] - python3.2 <no-dsa> (Too intrusive to backport)
	- python3.3 <removed>
	- python3.4 3.4.2-2
	[jessie] - python3.4 <ignored> (Backporting to stable would break existing applications)
	NOTE: http://bugs.python.org/issue22417
CVE-2014-9351 (engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote ...)
	- teeworlds 0.6.2+dfsg-2 (bug #770514)
	[wheezy] - teeworlds <no-dsa> (Minor issue)
	[squeeze] - teeworlds <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85
	NOTE: https://www.teeworlds.com/?page=news&id=11200
CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denial of  ...)
	{DSA-3163-1}
	- libreoffice 1:4.3.3-2 (bug #771163)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449
	NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401
	NOTE: fixed in experimental with 1:4.4.0~beta1-1
CVE-2014-9092 (libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial o ...)
	- libjpeg-turbo 1:1.3.1-11 (bug #768369)
CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux k ...)
	{DSA-3093-1 DLA-103-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6)
CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x befo ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
	NOTE: https://moodle.org/mod/forum/discuss.php?d=275146
CVE-2014-9050 (Heap-based buffer overflow in the cli_scanpe function in libclamav/pe. ...)
	{DLA-95-1}
	- clamav 0.98.5+dfsg-1 (bug #770985)
	[wheezy] - clamav 0.98.5+dfsg-0+deb7u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11155
	NOTE: Upstream commit: https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
CVE-2014-9039 (wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x befo ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30431
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9038 (wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3. ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
	NOTE: Upstream patch: https://core.trac.wordpress.org/changeset/30444
CVE-2014-9037 (WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4. ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9036 (Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3. ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9035 (Cross-site scripting (XSS) vulnerability in Press This in WordPress be ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9034 (wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3 ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
	NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30467
CVE-2014-9033 (Cross-site request forgery (CSRF) vulnerability in wp-login.php in Wor ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
	NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30418
CVE-2014-9032 (Cross-site scripting (XSS) vulnerability in the media-playlists featur ...)
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	[wheezy] - wordpress <not-affected> (Affects 3.9, 3.9.1, 3.9.2, 4.0 only)
	[squeeze] - wordpress <not-affected> (Affects 3.9, 3.9.1, 3.9.2, 4.0 only)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9031 (Cross-site scripting (XSS) vulnerability in the wptexturize function i ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9028 (Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 ...)
	{DSA-3082-1 DLA-99-1}
	- flac 1.3.0-3 (bug #770918)
	NOTE: Upstream patches:
	NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
	NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
CVE-2014-9014 (Directory traversal vulnerability in the ajaxinit function in wpmarket ...)
	NOT-FOR-US: WP Marketplace plugin for WordPress
CVE-2014-9013 (The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketp ...)
	NOT-FOR-US: WP Marketplace plugin for WordPress
CVE-2014-9012
	RESERVED
CVE-2014-9011
	RESERVED
CVE-2014-9010
	RESERVED
CVE-2014-9009
	RESERVED
CVE-2014-9008
	RESERVED
CVE-2014-9007
	RESERVED
CVE-2014-9006 (Monstra 3.0.1 and earlier uses a cookie to track how many login attemp ...)
	NOT-FOR-US: Monstra
CVE-2014-9005 (Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 al ...)
	NOT-FOR-US: vldPersonals
CVE-2014-9004 (Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1  ...)
	NOT-FOR-US: vldPersonals
CVE-2014-9003 (Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintSer ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2014-9002 (Lantronix xPrintServer does not properly restrict access to ips/, whic ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2014-9001 (reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authe ...)
	NOT-FOR-US: Incredible PBX
CVE-2014-9000 (Mule Enterprise Management Console (MMC) does not properly restrict ac ...)
	NOT-FOR-US: Mule Enterprise Management Console
CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php in XOOP ...)
	NOT-FOR-US: XOOPS
CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authent ...)
	NOT-FOR-US: X7 Chat
CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in D ...)
	NOT-FOR-US: DigitalVidhya Digi Online Examination System
CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog befo ...)
	NOT-FOR-US: Nibbleblog
CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote atta ...)
	NOT-FOR-US: Maarch LetterBox
CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/Fil ...)
	NOT-FOR-US: MODX Revolution
CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...)
	{DSA-3140-1}
	- xen 4.4.1-4 (low; bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-9015 (Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to  ...)
	{DSA-3075-1}
	- drupal7 7.32-1+deb8u1 (bug #770469)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2014-006
CVE-2014-9016 (The password hashing API in Drupal 7.x before 7.34 and the Secure Pass ...)
	{DSA-3075-1}
	- drupal7 7.32-1+deb8u1 (bug #770469)
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2014-006
CVE-2014-9018 (Icecast before 2.4.1 transmits the output of the on-connect script, wh ...)
	- icecast2 2.4.0-1.1 (bug #770222)
	[wheezy] - icecast2 <no-dsa> (Minor issue)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/ticket/2089
CVE-2015-0300
	RESERVED
CVE-2015-0299 (Multiple cross-site scripting (XSS) vulnerabilities in Open Source Poi ...)
	NOT-FOR-US: Open Source Point of Sale
CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web interface  ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly restrict acce ...)
	NOT-FOR-US: RHQ
CVE-2015-0296 (The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged ...)
	- texlive-base <not-affected> (Specific to Red Hat packaging/postinst)
CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calculate  ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3 (bug #779550)
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	[experimental] - qtbase-opensource-src 5.4.1+dfsg-2
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #779580)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
CVE-2015-0294 (GnuTLS before 3.3.13 does not validate that the signature algorithms m ...)
	{DSA-3191-1 DLA-180-1}
	- gnutls26 <removed>
	[experimental] - gnutls28 3.3.13-1
	- gnutls28 3.3.8-6 (bug #779428)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff (gnutls_3_3_13)
CVE-2015-0293 (The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0 ...)
	{DLA-177-1}
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
CVE-2015-0292 (Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encod ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1h-1
CVE-2015-0291 (The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a  ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0290 (The multi-block feature in the ssl3_write_bytes function in s3_pkt.c i ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0289 (The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0. ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
CVE-2015-0288 (The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL bef ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
CVE-2015-0287 (The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL bef ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
CVE-2015-0286 (The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0 ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
CVE-2015-0285 (The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1. ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e1b568dd2462f7cacf98f3d117936c34e2849a6b
CVE-2015-0284 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewal ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2015-0283 (The slapi-nis plug-in before 0.54.2 does not properly reallocate memor ...)
	- slapi-nis 0.54.2-1 (bug #781346)
CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature alg ...)
	{DSA-3191-1 DLA-180-1}
	- gnutls26 <removed>
	- gnutls28 <not-affected> (Fixed in 3.1.0)
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-1
CVE-2015-0281
	RESERVED
CVE-2015-0280
	RESERVED
CVE-2015-0279 (JBoss RichFaces before 4.5.4 allows remote attackers to inject express ...)
	NOT-FOR-US: RichFaces
CVE-2015-0278 (libuv before 0.10.34 does not properly drop group privileges, which al ...)
	- libuv 0.10.28-6 (bug #779173)
	NOTE: https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c
	NOTE: https://github.com/libuv/libuv/pull/215
CVE-2015-0277 (The Service Provider (SP) in PicketLink before 2.7.0 does not ensure t ...)
	NOT-FOR-US: PicketLink
CVE-2015-0276 (Cross-site request forgery (CSRF) vulnerability in Kallithea before 0. ...)
	- kallithea <itp> (bug #689573)
CVE-2015-0275 (The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel  ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <not-affected> (Introduced in v3.15)
	- linux-2.6 <not-affected> (Introduced in v3.15)
	NOTE: Proposed upstream patch: http://www.spinics.net/lists/linux-ext4/msg47193.html
CVE-2015-0274 (The XFS implementation in the Linux kernel before 3.15 improperly uses ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 (v3.15-rc5)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e461fcb194172b3f709e0b478d2ac1bdac7ab9a3 (v3.11-rc1)
CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP  ...)
	{DSA-3195-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68942
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of serv ...)
	- network-manager 1.0.4-1
	[jessie] - network-manager <no-dsa> (Will be fixed on the kernel side)
	[wheezy] - network-manager <not-affected> (code introduced in 0.9.10)
	[squeeze] - network-manager <not-affected> (code introduced in 0.9.10)
	NOTE: Commit for NetworkManager: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 (1.2-beta1)
	NOTE: Issue introduced in 0.9.10 with http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=7d5779300450bc2602ba4f7f472ebfa58bea3571
CVE-2015-0271 (The log-viewing function in the Red Hat redhat-access-plugin before 6. ...)
	- horizon <not-affected> (RedHat-specific plugin)
CVE-2015-0270 (Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL  ...)
	- zendframework <not-affected> (the vulnerability was introduced in the 2 series)
	- php-zend-db <not-affected> (Fixed before initial upload to the archive)
	NOTE: http://framework.zend.com/security/advisory/ZF2015-02
CVE-2015-0269 (Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x b ...)
	NOT-FOR-US: Contao
CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when r ...)
	- xen <not-affected> (Only affects 4.5)
	NOTE: http://xenbits.xen.org/xsa/advisory-117.html
CVE-2015-0267 (The Red Hat module-setup.sh script for kexec-tools, as distributed in  ...)
	- kexec-tools <not-affected> (Vulnerable script not present in the Debian package)
CVE-2015-0266 (The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote auth ...)
	NOT-FOR-US: Apache Ranger
CVE-2015-0265 (Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in A ...)
	NOT-FOR-US: Apache Ranger
CVE-2015-0264 (Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPat ...)
	NOT-FOR-US: Apache Camel
CVE-2015-0263 (XML external entity (XXE) vulnerability in the XML converter setup in  ...)
	NOT-FOR-US: Apache Camel
CVE-2015-0262
	REJECTED
CVE-2015-0261 (Integer signedness error in the mobility_opt_print function in the IPv ...)
	{DSA-3193-1 DLA-174-1}
	- tcpdump 4.6.2-4
	NOTE: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch
CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated u ...)
	- kallithea <itp> (bug #753975)
CVE-2015-0259 (OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, an ...)
	- nova 2014.1.3-11 (bug #780250)
	[wheezy] - nova <not-affected> (Vulnerable code not present)
CVE-2015-0258 (Multiple incomplete blacklist vulnerabilities in the avatar upload fun ...)
	{DLA-2125-1}
	- collabtive <removed>
	NOTE: https://github.com/philippK-de/Collabtive/commit/9ce6301583669d0a8ecb4d23fb56e34b68511335
CVE-2015-0257 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses wea ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2015-0256
	RESERVED
CVE-2015-0255 (X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x be ...)
	{DSA-3160-1 DLA-218-1}
	- xorg-server 2:1.16.4-1
CVE-2015-0254 (Apache Standard Taglibs before 1.2.3 allows remote attackers to execut ...)
	- jakarta-taglibs-standard 1.1.2-3 (bug #779621)
	[wheezy] - jakarta-taglibs-standard <no-dsa> (Minor issue)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57560
CVE-2015-0253 (The read_request_line function in server/protocol.c in the Apache HTTP ...)
	- apache2 <not-affected> (Vulnerable version 2.4.11 never in Debian)
CVE-2015-0252 (internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote a ...)
	{DSA-3199-1 DLA-181-1}
	- xerces-c 3.1.1-5.1 (bug #780827)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
CVE-2015-0251 (The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 th ...)
	{DSA-3231-1 DLA-207-1}
	- subversion 1.8.10-6
	NOTE: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2)  ...)
	{DSA-3205-1 DLA-182-1}
	- batik 1.7+dfsg-5 (bug #780897)
	NOTE: https://issues.apache.org/jira/browse/BATIK-1018
	NOTE: https://issues.apache.org/jira/browse/BATIK-1113
	NOTE: Commit disabling external xml entities: https://svn.apache.org/viewvc/xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java?r1=662304&r2=1664335&diff_format=h
	NOTE: PoC: https://www.ernw.de/download/xxe_batik.tar.xz
CVE-2015-0249 (The weblog page template in Apache Roller 5.1 through 5.1.1 allows rem ...)
	NOT-FOR-US: Apache Roller
CVE-2015-0248 (The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 throu ...)
	{DSA-3231-1 DLA-207-1}
	- subversion 1.8.10-6
	NOTE: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library in e2f ...)
	{DSA-3166-1 DLA-153-1}
	- e2fsprogs 1.42.12-1
	NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
CVE-2015-0246
	REJECTED
CVE-2015-0245 (D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9. ...)
	{DSA-3161-1}
	- dbus 1.8.16-1 (bug #777545)
	[squeeze] - dbus <not-affected> (affects 1.4 and above)
CVE-2015-0244 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...)
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0243 (Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0 ...)
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0242 (Stack-based buffer overflow in the *printf function implementations in ...)
	- postgresql-9.4 <not-affected> (Only affects PostgreSQL on Windows)
	- postgresql-9.1 <not-affected> (Only affects PostgreSQL on Windows)
CVE-2015-0241 (The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, ...)
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0240 (The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x be ...)
	{DSA-3171-1 DLA-156-1}
	- samba 2:4.1.17+dfsg-1 (bug #779033)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: Server components removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2015-0240
CVE-2015-0239 (The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c60435261deaefeb53ce3222d04d7d5bea81296
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3747379accba8e95d70cec0eae0582c8c182050
	NOTE: http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245
CVE-2015-0238 (selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to  ...)
	NOT-FOR-US: selinux-policy as shipped with Red Hat OpenShift 2
CVE-2015-0237 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores  ...)
	NOT-FOR-US: Red Hat vdms
CVE-2015-0236 (libvirt before 1.2.12 allow remote authenticated users to obtain the V ...)
	- libvirt 1.2.9-8 (bug #776065)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in v1.1.0-rc1)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v1.1.0-rc1)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=03c3c0c874c84dfa51ef17556062b095c6e1c0a3
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b347c0c2a321ec5c20aae214927949832a288c5a
	NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e341435e5090677c67a0d3d4ca0393102054841f (v1.1.0-rc1)
	NOTE: http://security.libvirt.org/2015/0001.html
CVE-2015-0235 (Heap-based buffer overflow in the __nss_hostname_digits_dots function  ...)
	{DSA-3142-1 DLA-139-1}
	- eglibc <removed> (high; bug #776391)
	- glibc 2.18-1 (high)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=15014
CVE-2015-0234 (Multiple temporary file creation vulnerabilities in pki-core 10.2.0. ...)
	- dogtag-pki <unfixed> (unimportant)
	NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
CVE-2015-0233 (Multiple insecure Temporary File vulnerabilities in 389 Administration ...)
	- 389-admin 1.1.38-1 (unimportant)
	NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
CVE-2015-0232 (The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4 ...)
	{DSA-3195-1 DLA-212-1}
	- php5 5.6.5+dfsg-1
	NOTE: https://bugs.php.net/patch-display.php?bug=68799&patch=bug68799fix&revision=1420966468
	NOTE: https://bugs.php.net/bug.php?id=68799
CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ex ...)
	{DSA-3195-1}
	- php5 5.6.5+dfsg-1
	[squeeze] - php5 <not-affected> (Broken patch for CVE-2014-8142 never applied)
	NOTE: https://bugs.php.net/bug.php?id=68710
	NOTE: Upstream fix: https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd
	NOTE: in unstable actually incomplete fix was not yet applied, so n/a but wheezy is
CVE-2015-0230
	REJECTED
CVE-2015-0229
	REJECTED
CVE-2015-0228 (The lua_websocket_read function in lua_request.c in the mod_lua module ...)
	- apache2 2.4.10-10 (low)
	[wheezy] - apache2 <not-affected> (no mod_lua in 2.2)
	[squeeze] - apache2 <not-affected> (no mod_lua in 2.2)
	NOTE: https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
CVE-2015-0227 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attacker ...)
	- wss4j 1.6.15-2 (bug #777741)
	[wheezy] - wss4j <not-affected> (Vulnerable code not present)
	[squeeze] - wss4j <not-affected> (Vulnerable code not present)
CVE-2015-0226 (Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks inf ...)
	- wss4j 1.6.15-2 (bug #777741)
	[wheezy] - wss4j <not-affected> (Vulnerable code not present)
	[squeeze] - wss4j <not-affected> (Vulnerable code not present)
CVE-2015-0225 (The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2. ...)
	- cassandra <itp> (bug #585905)
CVE-2015-0224 (qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause ...)
	- qpid-cpp <not-affected> (Incomplete fix for CVE-2015-0203 not applied)
	NOTE: CVE is for incomplete fix for CVE-2015-0203, which is not fixed in Debian
	NOTE: https://issues.apache.org/jira/browse/QPID-6310
CVE-2015-0223 (Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remot ...)
	- qpid-cpp <removed> (bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/QPID-6325
CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x befor ...)
	- python-django 1.7.1-1.1 (bug #775375)
	[wheezy] - python-django <not-affected> (1.4.x not affected)
	[squeeze] - python-django <not-affected> (1.2.x not affected)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0221 (The django.views.static.serve view in Django before 1.4.18, 1.6.x befo ...)
	{DSA-3151-1 DLA-143-1}
	- python-django 1.7.1-1.1 (bug #775375)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0220 (The django.util.http.is_safe_url function in Django before 1.4.18, 1.6 ...)
	{DSA-3151-1 DLA-143-1}
	- python-django 1.7.1-1.1 (bug #775375)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0219 (Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allo ...)
	{DSA-3151-1 DLA-143-1}
	- python-django 1.7.1-1.1 (bug #775375)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0218 (Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/log ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278618#p1196684
CVE-2015-0217 (filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2. ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278617#p1196683
CVE-2015-0216 (access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not  ...)
	- moodle <not-affected> (Only affects 2.8.x)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278616#p1196682
CVE-2015-0215 (calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7,  ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278615#p1196681
CVE-2015-0214 (message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2 ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278614#p1196680
CVE-2015-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) edit ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278613#p1196679
CVE-2015-0212 (Cross-site scripting (XSS) vulnerability in course/pending.php in Mood ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278612#p1196678
CVE-2015-0211 (mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x be ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278611#p1196676
CVE-2015-0210 (wpa_supplicant 2.0-16 does not properly check certificate subject name ...)
	NOTE: likely to be REJECTed
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0210
CVE-2015-0209 (Use-after-free vulnerability in the d2i_ECPrivateKey function in crypt ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
CVE-2015-0208 (The ASN.1 signature-verification implementation in the rsa_item_verify ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0207 (The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a d ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0206 (Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL ...)
	{DSA-3125-1}
	- openssl 1.0.1k-1
	[squeeze] - openssl <not-affected> (Affects 1.0.1 and 1.0.0)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=04685bc949e90a877656cf5020b6d4f90a9636a6
CVE-2015-0205 (The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before ...)
	{DSA-3125-1}
	- openssl 1.0.1k-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.0)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=98a0f9660d374f58f79ee0efcc8c1672a805e8e8
CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9. ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=37580f43b5a39f5f4e920d17273fab9713d3a744
CVE-2015-0203 (The qpidd broker in Apache Qpid 0.30 and earlier allows remote authent ...)
	- qpid-cpp <removed> (bug #775359)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2015-0202 (The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remot ...)
	- subversion 1.8.10-6
	[wheezy] - subversion <not-affected> (Vulnerability introduced with 1.8.0)
	[squeeze] - subversion <not-affected> (Vulnerability introduced with 1.8.0)
	NOTE: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt
CVE-2015-0201 (The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5  ...)
	- libspring-java <not-affected> (Only affects Spring Framework 4.1.0 to 4.1.4)
CVE-2015-0200 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-0199 (The mmfslinux kernel module in IBM General Parallel File System (GPFS) ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-0198 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 befor ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-0197 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 befor ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-0196 (CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-0195 (Cross-site scripting (XSS) vulnerability in IBM Content Template Catal ...)
	NOT-FOR-US: IBM
CVE-2015-0194 (XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator ...)
	NOT-FOR-US: IBM
CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0192 (Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP ...)
	NOT-FOR-US: IBM JDK
CVE-2015-0191
	REJECTED
CVE-2015-0190
	RESERVED
CVE-2015-0189 (The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5  ...)
	NOT-FOR-US: IBM
CVE-2015-0188
	RESERVED
CVE-2015-0187
	RESERVED
CVE-2015-0186
	RESERVED
CVE-2015-0185
	RESERVED
CVE-2015-0184
	RESERVED
CVE-2015-0183
	RESERVED
CVE-2015-0182
	RESERVED
CVE-2015-0181
	RESERVED
CVE-2015-0180 (The Connector Migration Tool in IBM InfoSphere Information Server 8.1  ...)
	NOT-FOR-US: IBM
CVE-2015-0179 (Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 ...)
	NOT-FOR-US: IBM Domino
CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1 ...)
	NOT-FOR-US: IBM Bluemix Liberty
CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-0176 (Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener  ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2015-0175 (IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-0173 (The HTTP connection-management functionality in Internet Pass-Thru (IP ...)
	NOT-FOR-US: IBM
CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote a ...)
	NOT-FOR-US: IBM Security SiteProtector System
CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector System ...)
	NOT-FOR-US: IBM
CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-0169 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-0168 (Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector ...)
	NOT-FOR-US: IBM
CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in ...)
	NOT-FOR-US: textAngular
CVE-2015-0166
	REJECTED
CVE-2015-0165
	REJECTED
CVE-2015-0164
	REJECTED
CVE-2015-0163
	REJECTED
CVE-2015-0162 (IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local use ...)
	NOT-FOR-US: IBM
CVE-2015-0161 (SQL injection vulnerability in IBM Security SiteProtector System 3.0 b ...)
	NOT-FOR-US: IBM
CVE-2015-0160 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-0159
	REJECTED
CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in  ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0157 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 t ...)
	NOT-FOR-US: IBM DB2
CVE-2015-0156 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM
CVE-2015-0155
	REJECTED
CVE-2015-0154
	REJECTED
CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote atta ...)
	NOT-FOR-US: D-Link
CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote atta ...)
	NOT-FOR-US: D-Link
CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devi ...)
	NOT-FOR-US: D-Link
CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with firmware b ...)
	NOT-FOR-US: D-Link
CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...)
	NOT-FOR-US: IBM API Management
CVE-2015-0148
	RESERVED
CVE-2015-0147
	RESERVED
CVE-2015-0146 (IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF00 ...)
	NOT-FOR-US: IBM Content Collector
CVE-2015-0145 (Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC P ...)
	NOT-FOR-US: IBM
CVE-2015-0144 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...)
	NOT-FOR-US: IBM
CVE-2015-0143 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7 ...)
	NOT-FOR-US: IBM
CVE-2015-0142 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7 ...)
	NOT-FOR-US: IBM
CVE-2015-0141 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7 ...)
	NOT-FOR-US: IBM
CVE-2015-0140 (An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 ...)
	NOT-FOR-US: IBM
CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-0138 (GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-IT ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2015-0137 (IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 v ...)
	NOT-FOR-US: IBM PowerVC
CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x b ...)
	NOT-FOR-US: IBM PowerVC
CVE-2015-0135 (IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allow ...)
	NOT-FOR-US: IBM Domino
CVE-2015-0134 (Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before ...)
	NOT-FOR-US: IBM
CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote atta ...)
	NOT-FOR-US: IBM
CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7  ...)
	NOT-FOR-US: IBM
CVE-2015-0131 (Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 befor ...)
	NOT-FOR-US: IBM
CVE-2015-0130 (Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz F ...)
	NOT-FOR-US: IBM
CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0127 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6 ...)
	NOT-FOR-US: IBM
CVE-2015-0126 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6 ...)
	NOT-FOR-US: IBM
CVE-2015-0125 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Ge ...)
	NOT-FOR-US: IBM Rational DOORS Next Generation
CVE-2015-0124 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0123 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2015-0122 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2015-0121 (IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through ...)
	NOT-FOR-US: IBM
CVE-2015-0120 (Buffer overflow in the FastBackMount process in IBM Tivoli Storage Man ...)
	NOT-FOR-US: IBM
CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1 ...)
	NOT-FOR-US: IBM Tivoli Storage Manager FastBack
CVE-2015-0118 (IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 80 ...)
	NOT-FOR-US: IBM
CVE-2015-0117 (The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x befor ...)
	NOT-FOR-US: IBM Domino
CVE-2015-0116 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6 ...)
	NOT-FOR-US: IBM
CVE-2015-0115 (Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1. ...)
	NOT-FOR-US: IBM
CVE-2015-0114 (Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows  ...)
	NOT-FOR-US: IBM
CVE-2015-0113 (The Jazz help system in IBM Rational Collaborative Lifecycle Managemen ...)
	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2015-0112 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Life ...)
	NOT-FOR-US: IBM Rational
CVE-2015-0111
	RESERVED
CVE-2015-0110 (IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and Web ...)
	NOT-FOR-US: IBM
CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2015-0107 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...)
	NOT-FOR-US: IBM
CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM  ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...)
	NOT-FOR-US: IBM
CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process Por ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0102 (IBM Workflow for Bluemix does not set the secure flag for the session  ...)
	NOT-FOR-US: IBM
CVE-2015-0101 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM
CVE-2015-0100 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0099 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0098 (Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0097 (Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 20 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0096 (Untrusted search path vulnerability in Microsoft Windows Server 2003 S ...)
	NOT-FOR-US: Microsoft
CVE-2015-0095 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0094 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0093 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0092 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0091 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0090 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0089 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0088 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0087 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0086 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2015-0085 (Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0084 (The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0083
	REJECTED
CVE-2015-0082
	REJECTED
CVE-2015-0081 (Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2015-0080 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0079 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0078 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0077 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0076 (The photo-decoder implementation in Microsoft Windows Vista SP2, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2015-0075 (The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2015-0074 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0073 (The Windows Registry Virtualization feature in the kernel in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2015-0072 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0071 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0070 (Microsoft Internet Explorer 6 through 11 allows remote attackers to re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0069 (Microsoft Internet Explorer 10 and 11 allows remote attackers to bypas ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0068 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0067 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0066 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0065 (Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: Microsoft Word
CVE-2015-0064 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automati ...)
	NOT-FOR-US: Microsoft
CVE-2015-0063 (Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel ...)
	NOT-FOR-US: Microsoft
CVE-2015-0062 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Window ...)
	NOT-FOR-US: Microsoft
CVE-2015-0061 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0060 (The font mapper in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0059 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0058 (Double free vulnerability in win32k.sys in the kernel-mode drivers in  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0057 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0056 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0054 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0053 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0052 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0051 (Microsoft Internet Explorer 8 allows remote attackers to bypass the AS ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0050 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0049 (Microsoft Internet Explorer 8 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0048 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0047
	REJECTED
CVE-2015-0046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0045 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0044 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0043 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0042 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0041 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0040 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0039 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0038 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0037 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0036 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0035 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0034
	REJECTED
CVE-2015-0033
	REJECTED
CVE-2015-0032 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Inter ...)
	NOT-FOR-US: Microsoft
CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0030 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0029 (Microsoft Internet Explorer 6 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0028 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0027 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0026 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0025 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0024
	REJECTED
CVE-2015-0023 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0022 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0021 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0020 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0019 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0018 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0017 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0016 (Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) co ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Ser ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0014 (Buffer overflow in the Telnet service in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0013
	REJECTED
CVE-2015-0012 (Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update R ...)
	NOT-FOR-US: Microsoft
CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Micro ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0010 (The CryptProtectMemory function in cng.sys (aka the Cryptography Next  ...)
	NOT-FOR-US: Microsoft
CVE-2015-0009 (The Group Policy Security Configuration policy implementation in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2015-0008 (The UNC implementation in Microsoft Windows Server 2003 SP2, Windows V ...)
	NOT-FOR-US: Microsoft
CVE-2015-0007
	REJECTED
CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0005 (The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0003 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application C ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-8994 (The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows ...)
	NOT-FOR-US: check_diskio nagios/icinga plugin
CVE-2014-8989 (The Linux kernel through 3.17.4 does not properly restrict dropping of ...)
	- linux 3.16.7-ckt4-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: http://thread.gmane.org/gmane.linux.man/7385/
CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in the  ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
	NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x)
CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2014-8984
	REJECTED
CVE-2014-8983
	REJECTED
CVE-2014-8982
	REJECTED
CVE-2014-8981
	REJECTED
CVE-2014-8980
	REJECTED
CVE-2014-8979
	REJECTED
CVE-2014-8978
	REJECTED
CVE-2014-8977
	REJECTED
CVE-2014-8976
	REJECTED
CVE-2014-8975
	REJECTED
CVE-2014-8974
	REJECTED
CVE-2014-8973
	REJECTED
CVE-2014-8972
	REJECTED
CVE-2014-8971
	REJECTED
CVE-2014-8970
	REJECTED
CVE-2014-8969
	REJECTED
CVE-2014-8968
	REJECTED
CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows rem ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Internet Explorer
CVE-2014-8965
	RESERVED
CVE-2014-8964 (Heap-based buffer overflow in PCRE 8.36 and earlier allows remote atta ...)
	- pcre3 2:8.35-3.3 (bug #770478)
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1546
	NOTE: http://www.exim.org/viewvc/pcre2?revision=154&view=revision
CVE-2014-8963
	RESERVED
CVE-2014-8962 (Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3. ...)
	{DSA-3082-1 DLA-99-1}
	- flac 1.3.0-3 (bug #770918)
	NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5b3033a2b355068c11fe637e14ac742d273f076e
	NOTE: http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html
CVE-2014-8961 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
	- phpmyadmin 4:4.2.12-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-16/
CVE-2014-8960 (Cross-site scripting (XSS) vulnerability in libraries/error_report.lib ...)
	- phpmyadmin 4:4.2.12-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-15/
CVE-2014-8959 (Directory traversal vulnerability in libraries/gis/GIS_Factory.class.p ...)
	- phpmyadmin 4:4.2.12-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-14/
CVE-2014-8958 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.2.12-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-13/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need
	NOTE: to be backported to 3.4
CVE-2014-8957 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allow ...)
	NOT-FOR-US: OpenKM
CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (ak ...)
	NOT-FOR-US: K7 Computing
CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...)
	NOT-FOR-US: WordPress plugin clean-and-simple-contact-form-by-meg-nicholas
CVE-2014-8954 (Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5  ...)
	NOT-FOR-US: phpSound
CVE-2014-8953 (Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scri ...)
	NOT-FOR-US: Php Scriptlerim Who's Who
CVE-2014-8952 (Multiple unspecified vulnerabilities in Check Point Security Gateway R ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2014-8951 (Unspecified vulnerability in Check Point Security Gateway R75, R76, R7 ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2014-8950 (Unspecified vulnerability in Check Point Security Gateway R77 and R77. ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2014-8949 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows rem ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-8948 (Cross-site request forgery (CSRF) vulnerability in the iMember360 plug ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-8947
	RESERVED
CVE-2014-8946
	RESERVED
CVE-2014-8945 (admin.php?page=projects in Lexiglot through 2014-11-20 allows command  ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8944 (Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, o ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8943 (Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=project ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8942 (Lexiglot through 2014-11-20 allows CSRF. ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8941 (Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8940 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8939 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8938 (Lexiglot through 2014-11-20 allows local users to obtain sensitive inf ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8937 (Lexiglot through 2014-11-20 allows denial of service because api/updat ...)
	NOT-FOR-US: Lexiglot
CVE-2014-8936
	REJECTED
CVE-2014-8935
	REJECTED
CVE-2014-8934
	REJECTED
CVE-2014-8933
	REJECTED
CVE-2014-8932
	REJECTED
CVE-2014-8931
	REJECTED
CVE-2014-8930
	RESERVED
CVE-2014-8929
	REJECTED
CVE-2014-8928
	REJECTED
CVE-2014-8927 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Met ...)
	NOT-FOR-US: IBM
CVE-2014-8926 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Met ...)
	NOT-FOR-US: IBM
CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in I ...)
	NOT-FOR-US: IBM
CVE-2014-8924 (The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before ...)
	NOT-FOR-US: IBM
CVE-2014-8923 (The (1) IBM Tivoli Identity Manager Active Directory adapter before 5. ...)
	NOT-FOR-US: IBM
CVE-2014-8922
	RESERVED
CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411 ...)
	NOT-FOR-US: IBM Notes Traveler Companion
CVE-2014-8920 (Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1  ...)
	NOT-FOR-US: IBM
CVE-2014-8919
	RESERVED
CVE-2014-8918 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not  ...)
	NOT-FOR-US: IBM
CVE-2014-8917 (Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/ ...)
	NOT-FOR-US: IBM
CVE-2014-8916 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...)
	NOT-FOR-US: IBM
CVE-2014-8915
	RESERVED
CVE-2014-8914 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM  ...)
	NOT-FOR-US: IBM
CVE-2014-8913 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM  ...)
	NOT-FOR-US: IBM
CVE-2014-8912 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8911 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0. ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2014-8910 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 t ...)
	NOT-FOR-US: IBM DB2
CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8908
	RESERVED
CVE-2014-8907
	RESERVED
CVE-2014-8906
	RESERVED
CVE-2014-8905
	RESERVED
CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows  ...)
	NOT-FOR-US: IBM AIX, VIOS
CVE-2014-8903 (IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before  ...)
	NOT-FOR-US: IBM
CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM We ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 thro ...)
	NOT-FOR-US: IBM
CVE-2014-8900 (Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Relea ...)
	NOT-FOR-US: IBM
CVE-2014-8899 (Cross-site scripting (XSS) vulnerability in the Collaboration Server i ...)
	NOT-FOR-US: IBM
CVE-2014-8898 (Cross-site scripting (XSS) vulnerability in the Collaboration Server i ...)
	NOT-FOR-US: IBM
CVE-2014-8897 (Cross-site scripting (XSS) vulnerability in the Collaboration Server i ...)
	NOT-FOR-US: IBM
CVE-2014-8896 (The Collaboration Server in IBM InfoSphere Master Data Management Serv ...)
	NOT-FOR-US: IBM
CVE-2014-8895 (IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3. ...)
	NOT-FOR-US: IBM
CVE-2014-8894 (Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1. ...)
	NOT-FOR-US: IBM
CVE-2014-8893 (Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.js ...)
	NOT-FOR-US: IBM
CVE-2014-8892 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK ...)
	NOT-FOR-US: IBM Java
CVE-2014-8891 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK ...)
	NOT-FOR-US: IBM Java
CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4  ...)
	NOT-FOR-US: IBM
CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to o ...)
	NOT-FOR-US: Dropbox SDK for Android
CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with fir ...)
	NOT-FOR-US: D-Link
CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8. ...)
	NOT-FOR-US: IBM Marketing Operations
CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates bef ...)
	NOT-FOR-US: AVM FRITZ!OS
CVE-2014-8885
	RESERVED
CVE-2014-8883
	RESERVED
CVE-2014-8882
	RESERVED
CVE-2014-8881
	RESERVED
CVE-2014-8880
	RESERVED
CVE-2014-8879
	RESERVED
CVE-2014-8877 (The alterSearchQuery function in lib/controllers/CmdownloadController. ...)
	NOT-FOR-US: CreativeMinds CM Downloads Manager plugin for WordPress
CVE-2014-8876
	RESERVED
CVE-2014-8875 (The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver bef ...)
	NOT-FOR-US: Revive Adserver
CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predic ...)
	NOT-FOR-US: TYPO3 Extension ke_questionnaire
CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 in ...)
	{DSA-3316-1 DSA-3235-1}
	- openjdk-8 8u45-b14-1 (high)
	- openjdk-7 7u79-2.5.5-1 (high)
	- openjdk-6 <removed> (high)
	[squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze)
	[wheezy] - openjdk-6 <not-affected> (MIME type setting is harmless on wheezy)
	[squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze)
	[wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy)
	NOTE: Starting with mime-support 3.53, MimeType entries in desktop
	NOTE: files end up in /etc/mailcap, which introduces the user-initiated
	NOTE: code execution.
CVE-2014-8872 (Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 ...)
	NOT-FOR-US: AVM FRITZ!Box
CVE-2014-8871 (Directory traversal vulnerability in hybris Commerce software suite 5. ...)
	NOT-FOR-US: hybris Commerce
CVE-2014-8870 (Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the  ...)
	NOT-FOR-US: Woltlab Burning Board plugin Tapatalk
CVE-2014-8869 (Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartba ...)
	NOT-FOR-US: Woltlab Burning Board plugin Tapatalk
CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly restric ...)
	NOT-FOR-US: EntryPass N5200
CVE-2014-8867 (The acceleration support for the "REP MOVS" instruction in Xen 4.4.x,  ...)
	{DSA-3140-1}
	- xen 4.4.1-5 (bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8866 (The compatibility mode hypercall argument translation in Xen 3.3.x thr ...)
	{DSA-3140-1}
	- xen 4.4.1-5 (bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8865
	REJECTED
CVE-2014-8864
	REJECTED
CVE-2014-8863
	REJECTED
CVE-2014-8862
	REJECTED
CVE-2014-8861
	REJECTED
CVE-2014-8860
	REJECTED
CVE-2014-8859
	REJECTED
CVE-2014-8858
	REJECTED
CVE-2014-8857
	REJECTED
CVE-2014-8856
	REJECTED
CVE-2014-8855
	REJECTED
CVE-2014-8854
	REJECTED
CVE-2014-8853
	REJECTED
CVE-2014-8852
	REJECTED
CVE-2014-8851
	REJECTED
CVE-2014-8850
	REJECTED
CVE-2014-8849
	REJECTED
CVE-2014-8848
	REJECTED
CVE-2014-8847
	REJECTED
CVE-2014-8846
	REJECTED
CVE-2014-8845
	REJECTED
CVE-2014-8844
	REJECTED
CVE-2014-8843
	REJECTED
CVE-2014-8842
	RESERVED
CVE-2014-8841
	RESERVED
CVE-2014-8840 (The iTunes Store component in Apple iOS before 8.1.3 allows remote att ...)
	NOT-FOR-US: Apple
CVE-2014-8839 (Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load ...)
	NOT-FOR-US: Apple
CVE-2014-8838 (The Security component in Apple OS X before 10.10.2 does not properly  ...)
	NOT-FOR-US: Apple
CVE-2014-8837 (Multiple unspecified vulnerabilities in the Bluetooth driver in Apple  ...)
	NOT-FOR-US: Apple
CVE-2014-8836 (The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to  ...)
	NOT-FOR-US: Apple
CVE-2014-8835 (The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 ...)
	NOT-FOR-US: Apple
CVE-2014-8834 (UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF doc ...)
	NOT-FOR-US: Apple
CVE-2014-8833 (SpotlightIndex in Apple OS X before 10.10.2 does not properly perform  ...)
	NOT-FOR-US: Apple
CVE-2014-8832 (The indexing functionality in Spotlight in Apple OS X before 10.10.2 w ...)
	NOT-FOR-US: Apple
CVE-2014-8831 (security_taskgate in Apple OS X before 10.10.2 allows attackers to rea ...)
	NOT-FOR-US: Apple
CVE-2014-8830 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 al ...)
	NOT-FOR-US: Apple
CVE-2014-8829 (SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbi ...)
	NOT-FOR-US: Apple
CVE-2014-8828 (Sandbox in Apple OS X before 10.10 allows attackers to write to the sa ...)
	NOT-FOR-US: Apple
CVE-2014-8827 (LoginWindow in Apple OS X before 10.10.2 does not transition to the lo ...)
	NOT-FOR-US: Apple
CVE-2014-8826 (LaunchServices in Apple OS X before 10.10.2 does not properly handle f ...)
	NOT-FOR-US: Apple
CVE-2014-8825 (The kernel in Apple OS X before 10.10.2 does not properly perform iden ...)
	NOT-FOR-US: Apple
CVE-2014-8824 (The kernel in Apple OS X before 10.10.2 does not properly validate IOD ...)
	NOT-FOR-US: Apple
CVE-2014-8823 (The IOUSBControllerUserClient::ReadRegister function in the IOUSB cont ...)
	NOT-FOR-US: Apple
CVE-2014-8822 (IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2014-8821 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local us ...)
	NOT-FOR-US: Apple
CVE-2014-8820 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local us ...)
	NOT-FOR-US: Apple
CVE-2014-8819 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local us ...)
	NOT-FOR-US: Apple
CVE-2014-8818
	REJECTED
CVE-2014-8817 (coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 d ...)
	NOT-FOR-US: Apple
CVE-2014-8816 (CoreGraphics in Apple OS X before 10.10 allows remote attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2014-8815
	RESERVED
CVE-2014-8814
	RESERVED
CVE-2014-8813
	RESERVED
CVE-2014-8812
	RESERVED
CVE-2014-8811
	RESERVED
CVE-2014-8810 (SQL injection vulnerability in ajax/mail_functions.php in the WP Sympo ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-8809 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposiu ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-8808
	RESERVED
CVE-2014-8807
	RESERVED
CVE-2014-8806
	RESERVED
CVE-2014-8805
	RESERVED
CVE-2014-8804
	RESERVED
CVE-2014-8803
	RESERVED
CVE-2014-8802 (The Pie Register plugin before 2.0.14 for WordPress does not properly  ...)
	NOT-FOR-US: WordPress plugin Pie Register
CVE-2014-8801 (Directory traversal vulnerability in services/getfile.php in the Paid  ...)
	NOT-FOR-US: Paid Memberships Pro plugin for WordPress
CVE-2014-8800 (Cross-site scripting (XSS) vulnerability in nextend-facebook-settings. ...)
	NOT-FOR-US: Nextend Facebook Connect plugin for WordPress
CVE-2014-8799 (Directory traversal vulnerability in the dp_img_resize function in php ...)
	NOT-FOR-US: dp_img_resize function in php/dp-functions.php in the DukaPress plugin for WordPress
CVE-2014-8798
	RESERVED
CVE-2014-8797
	RESERVED
CVE-2014-8796
	RESERVED
CVE-2014-8795
	RESERVED
CVE-2014-8794
	RESERVED
CVE-2014-8793 (Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/Pub ...)
	NOT-FOR-US: Revive Adserver
CVE-2014-8792
	RESERVED
CVE-2014-8791 (project/register.php in Tuleap before 7.7, when sys_create_project_in_ ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-8790 (XML external entity (XXE) vulnerability in admin/api.php in GetSimple  ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-8789 (GleamTech FileVista before 6.1 allows remote authenticated users to cr ...)
	NOT-FOR-US: GleamTech FileVista
CVE-2014-8788 (GleamTech FileVista before 6.1 allows remote authenticated users to ob ...)
	NOT-FOR-US: GleamTech FileVista
CVE-2014-8787
	RESERVED
CVE-2014-8786
	RESERVED
CVE-2014-8785
	RESERVED
CVE-2014-8784
	RESERVED
CVE-2014-8783
	RESERVED
CVE-2014-8782
	RESERVED
CVE-2014-8781
	RESERVED
CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote a ...)
	NOT-FOR-US: Jease
CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different c ...)
	NOT-FOR-US: Pexip Infinity
CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authent ...)
	NOT-FOR-US: Checkmarx
CVE-2014-8777
	RESERVED
CVE-2014-8776
	RESERVED
CVE-2014-8775 (MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag i ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-8774 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODX  ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-8773 (MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass th ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-8772 (Cross-site scripting (XSS) vulnerability in the search_controller in X ...)
	NOT-FOR-US: X3 CMS
CVE-2014-8771 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: X3 CMS
CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in the M ...)
	NOT-FOR-US: Magento
CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4  ...)
	NOT-FOR-US: phpMoneyBooks
CVE-2012-6664
	RESERVED
CVE-2012-6663 (General Electric D20ME devices are not properly configured and reveal  ...)
	NOT-FOR-US: General Electric D20ME devices
CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17742
CVE-2014-9622 (Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ...)
	{DSA-3131-1 DLA-217-1}
	- xdg-utils 1.1.0~rc1+git20111210-7.3 (bug #773085)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670
CVE-2014-8991 (pip 1.3 through 1.5.6 allows local users to cause a denial of service  ...)
	- python-pip 1.5.6-4 (bug #725847)
	[wheezy] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
	[squeeze] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
	NOTE: https://github.com/pypa/pip/pull/2122
CVE-2014-8987 (Cross-site scripting (XSS) vulnerability in the "set configuration" bo ...)
	- mantis <not-affected> (Vulnerable code introduced later)
	NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17
	NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17870
CVE-2014-8884 (Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_ ...)
	{DSA-3093-1 DLA-118-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1)
CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensi ...)
	{DSA-3086-1 DLA-102-1}
	- tcpdump 4.6.2-2 (bug #770424)
	NOTE: http://www.securityfocus.com/archive/1/534009/30/0/threaded
CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in tcpdump 4. ...)
	- tcpdump 4.6.2-2 (bug #770415)
	[wheezy] - tcpdump <not-affected> (Vulnerable code added in 4.5.0)
	[squeeze] - tcpdump <not-affected> (Vulnerable code added in 4.5.0)
	NOTE: http://www.securityfocus.com/archive/1/534010/30/0/threaded
CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 through  ...)
	{DSA-3086-1 DLA-102-1}
	- tcpdump 4.6.2-2 (bug #770434)
	NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded
CVE-2014-8742 (Directory traversal vulnerability in the ReportDownloadServlet servlet ...)
	NOT-FOR-US: Lexmark
CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet servle ...)
	NOT-FOR-US: Lexmark
CVE-2014-8740
	RESERVED
CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...)
	NOT-FOR-US: Joomla/Wordpress plugin
CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...)
	NOT-FOR-US: Drupal module Open Atrium Core
CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...)
	NOT-FOR-US: Drupal module Bad Behavior
CVE-2014-8734 (The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal ...)
	NOT-FOR-US: Drupal module Organic Groups Menu
CVE-2014-8733 (Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password ...)
	NOT-FOR-US: Cloudera Manager
CVE-2014-8730 (The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 throu ...)
	NOT-FOR-US: SSL/TLS implementation error in F5 products (and historic NSS releases)
CVE-2014-8729
	RESERVED
CVE-2014-8728 (SQL injection vulnerability in the login page (login/login) in Subex R ...)
	NOT-FOR-US: Subex
CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-8726
	RESERVED
CVE-2014-8725
	RESERVED
CVE-2014-8724 (Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin  ...)
	NOT-FOR-US: W3 Total Cache plugin for WordPress
CVE-2014-8723 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-8722 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-8721
	RESERVED
CVE-2014-8720
	RESERVED
CVE-2014-8719
	RESERVED
CVE-2014-8718
	RESERVED
CVE-2014-8717
	RESERVED
CVE-2014-8715
	RESERVED
CVE-2014-8708 (Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via  ...)
	NOT-FOR-US: Pluck CMS
CVE-2014-8707 (Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 ...)
	NOT-FOR-US: Pluck CMS
CVE-2014-8706 (Pluck CMS 4.7.2 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Pluck CMS
CVE-2014-8705 (PHP remote file inclusion vulnerability in editInplace.php in Wonder C ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8704 (Directory traversal vulnerability in index.php in Wonder CMS 2014 allo ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8703 (Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows rem ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8702 (Wonder CMS 2014 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8701 (Wonder CMS 2014 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8700
	RESERVED
CVE-2014-8699
	RESERVED
CVE-2014-8698
	RESERVED
CVE-2014-8697
	RESERVED
CVE-2014-8696
	RESERVED
CVE-2014-8695
	RESERVED
CVE-2014-8694
	RESERVED
CVE-2014-8693
	RESERVED
CVE-2014-8692
	RESERVED
CVE-2014-8691
	RESERVED
CVE-2014-8690 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS be ...)
	NOT-FOR-US: Exponent CMS
CVE-2014-8689
	RESERVED
CVE-2014-8688 (An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 fo ...)
	NOT-FOR-US: Telegram Messenger
CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow rem ...)
	NOT-FOR-US: Seagate Business NAS devices
CVE-2014-8686 (CodeIgniter before 2.2.0 makes it easier for attackers to decode sessi ...)
	- codeigniter <itp> (bug #471583)
CVE-2014-8685
	RESERVED
CVE-2014-8684 (CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through  ...)
	- codeigniter <itp> (bug #471583)
CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (a ...)
	NOT-FOR-US: Go Git Service
CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0. ...)
	NOT-FOR-US: Go Git Service
CVE-2014-8681 (SQL injection vulnerability in the GetIssues function in models/issue. ...)
	NOT-FOR-US: Go Git Service
CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remot ...)
	- bind9 <not-affected> (Only affects 9.10 to 9.11)
	NOTE: https://kb.isc.org/article/AA-01217/0
CVE-2014-8679
	RESERVED
CVE-2014-8678 (The ConfigSaveServlet servlet in ManageEngine OpUtils before build 710 ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2014-8677 (The installation process for SOPlanning 1.32 and earlier allows remote ...)
	NOT-FOR-US: SOPlanning
CVE-2014-8676 (Directory traversal vulnerability in the file_get_contents function in ...)
	NOT-FOR-US: SOPlanning
CVE-2014-8675 (Soplanning 1.32 and earlier generates static links for sharing ICAL ca ...)
	NOT-FOR-US: SOPlanning
CVE-2014-8674 (Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple On ...)
	NOT-FOR-US: Simple Online Planning
CVE-2014-8673 (Multiple SQL vulnerabilities exist in planning.php, user_list.php, pro ...)
	NOT-FOR-US: Simple Online Planning
CVE-2014-8672 (Cross-site scripting (XSS) vulnerability in the RewardingYourself appl ...)
	NOT-FOR-US: RewardingYourself application for Android and BlackBerry
CVE-2014-8671 (Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Sh ...)
	NOT-FOR-US: GWT Mobile PhoneGap Showcase application for Android
CVE-2014-8670 (Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote ...)
	NOT-FOR-US: vBulletin
CVE-2014-8669 (The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM  ...)
	NOT-FOR-US: SAP
CVE-2014-8668 (SQL injection vulnerability in SAP Contract Accounting allows remote a ...)
	NOT-FOR-US: SAP
CVE-2014-8667 (Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Develop ...)
	NOT-FOR-US: SAP
CVE-2014-8666 (The User &amp; Server configuration, InfoView refresh, user rights (BI ...)
	NOT-FOR-US: SAP
CVE-2014-8665 (The SAP Business Intelligence Development Workbench allows remote atta ...)
	NOT-FOR-US: SAP
CVE-2014-8664 (SQL injection vulnerability in Product Safety (EHS-SAF) component in S ...)
	NOT-FOR-US: SAP
CVE-2014-8663 (SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeave ...)
	NOT-FOR-US: SAP
CVE-2014-8662 (Unspecified vulnerability in SAP Payroll Process allows remote attacke ...)
	NOT-FOR-US: SAP
CVE-2014-8661 (The SAP CRM Internet Sales module allows remote attackers to execute a ...)
	NOT-FOR-US: SAP
CVE-2014-8660 (SAP Document Management Services allows local users to execute arbitra ...)
	NOT-FOR-US: SAP
CVE-2014-8659 (Directory traversal vulnerability in SAP Environment, Health, and Safe ...)
	NOT-FOR-US: SAP
CVE-2014-8658 (Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme ...)
	NOT-FOR-US: Atlassian Confluence theme
CVE-2014-8657 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gatew ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8656 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gatew ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8655 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gatew ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8654 (Multiple cross-site request forgery (CSRF) vulnerabilities in Compal B ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8653 (Cross-site scripting (XSS) vulnerability in Compal Broadband Networks  ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8652 (Elipse E3 3.x and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Elipse E3
CVE-2014-8649
	REJECTED
CVE-2014-8648
	REJECTED
CVE-2014-8647
	REJECTED
CVE-2014-8646
	REJECTED
CVE-2014-8645
	REJECTED
CVE-2014-8644
	RESERVED
CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to bypa ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-07.html
CVE-2014-8642 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider  ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-08.html
CVE-2014-8641 (Use-after-free vulnerability in the WebRTC implementation in Mozilla F ...)
	{DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-06.html
CVE-2014-8640 (The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in  ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-05.html
CVE-2014-8639 (Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird ...)
	{DSA-3132-1 DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-04.html
CVE-2014-8638 (The navigator.sendBeacon implementation in Mozilla Firefox before 35.0 ...)
	{DSA-3132-1 DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-03.html
CVE-2014-8637 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly  ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-02.html
CVE-2014-8636 (The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaM ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-09.html
CVE-2014-8635 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
CVE-2014-8634 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3132-1 DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-01.html
CVE-2014-8633
	RESERVED
CVE-2014-8632 (The structured-clone implementation in Mozilla Firefox before 34.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
CVE-2014-8631 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
CVE-2014-8630 (Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
CVE-2014-8629 (Cross-site scripting (XSS) vulnerability in the Page visualization age ...)
	NOT-FOR-US: Pandora FMS
CVE-2014-8624
	RESERVED
CVE-2014-8623
	RESERVED
CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in th ...)
	NOT-FOR-US: Compfight plugin for WordPress
CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 through 3. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8620
	RESERVED
CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn configuratio ...)
	NOT-FOR-US: Fortinet FortiWeb
CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in the theme login page in Fo ...)
	NOT-FOR-US: Fortinet FortiADC
CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine  ...)
	NOT-FOR-US: FortiMail
CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiO ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2014-8615
	REJECTED
CVE-2014-8614
	REJECTED
CVE-2014-8613 (The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before ...)
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-2 (bug #776416)
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 9.0-10+deb70.8
	NOTE: kfreebsd-9/9.0-10+deb70.8 disabled SCTP protocol
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc
CVE-2014-8612 (Multiple array index errors in the Stream Control Transmission Protoco ...)
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-2 (bug #776415)
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 9.0-10+deb70.8
	NOTE: kfreebsd-9/9.0-10+deb70.8 disabled SCTP protocol
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-15:02.kmem.asc
CVE-2014-8611 (The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and ...)
	NOT-FOR-US: Apple
CVE-2014-8610 (AndroidManifest.xml in Android before 5.0.0 does not require the SEND_ ...)
	NOT-FOR-US: Android
CVE-2014-8609 (The addAccount method in src/com/android/settings/accounts/AddAccountS ...)
	NOT-FOR-US: Android
CVE-2014-8608 (The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) be ...)
	NOT-FOR-US: K7 Computing
CVE-2014-8607 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides  ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8606 (Directory traversal vulnerability in the XCloner plugin 3.1.1 for Word ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8605 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores da ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8604 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns t ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8603 (cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5 ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8602 (iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegatio ...)
	{DSA-3097-1 DLA-107-1}
	- unbound 1.4.22-3 (bug #772622)
	NOTE: http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html
CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining, whi ...)
	{DSA-3096-1 DLA-104-1}
	- pdns-recursor 3.6.2-1
	NOTE: http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
	NOTE: Backported patches available at https://downloads.powerdns.com/patches/2014-02/
CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.1 ...)
	- kde-runtime 4:4.14.2-2 (bug #769632)
	[wheezy] - kde-runtime <no-dsa> (Minor issue)
	[squeeze] - kdebase-runtime <no-dsa> (Minor issue)
	- webkitkde 1.3.4-2 (unimportant)
	NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689
	NOTE: kde-runtime: http://quickgit.kde.org/?p=kde-runtime.git&a=commit&h=d68703900edc8416fbcd2550cd336cbbb76decb9
	NOTE: Upstream advisory: https://www.kde.org/info/security/advisory-20141113-1.txt
	NOTE: webkit not covered by security support
CVE-2014-8599
	RESERVED
CVE-2014-8597
	RESERVED
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...)
	NOT-FOR-US: PHP-Fusion
CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
	{DSA-3140-1}
	- xen 4.4.1-4 (bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x d ...)
	{DSA-3140-1}
	- xen 4.4.1-4 (low; bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblin ...)
	NOT-FOR-US: Allomani Weblinks
CVE-2014-8587 (SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-8586 (SQL injection vulnerability in the CP Multi View Event Calendar plugin ...)
	NOT-FOR-US: WordPress plugin CP Multi View Event Calendar
CVE-2014-8585 (Directory traversal vulnerability in the WordPress Download Manager pl ...)
	NOT-FOR-US: WordPress plugin WordPress Download Manager
	NOTE: To be REJECTED
CVE-2014-8584 (Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Vide ...)
	NOT-FOR-US: WordPress plugin Web Dorado Spider Video Player (aka WordPress Video Player)
CVE-2013-7416 (canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote fee ...)
	- canto <removed> (bug #731582)
	[wheezy] - canto <not-affected> (Vulnerable code not present)
	[squeeze] - canto <not-affected> (Vulnerable code not present)
CVE-2013-7415
	RESERVED
CVE-2013-7414
	RESERVED
CVE-2013-7413
	RESERVED
CVE-2013-7412
	RESERVED
CVE-2013-7411
	RESERVED
CVE-2013-7410
	RESERVED
CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
	{DSA-3249-1 DLA-258-1}
	- jqueryui 1.10.1+dfsg-1
	- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
	NOTE: http://bugs.jqueryui.com/ticket/6016
	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
CVE-2010-5311
	RESERVED
CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU bi ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141124-1
	- binutils-mingw-w64 5.2
	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and  ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141124-1
	- binutils-mingw-w64 5.2
	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 an ...)
	NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8731 (PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8716 (The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to c ...)
	{DLA-960-1 DLA-90-1}
	- imagemagick 8:6.8.9.9-3 (bug #768494)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
CVE-2014-8714 (The dissect_write_structured_field function in epan/dissectors/packet- ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-23.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8713 (Stack-based buffer overflow in the build_expert_data function in epan/ ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8712 (The build_expert_data function in epan/dissectors/packet-ncp2222.inc i ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8711 (Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQ ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-21.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8710 (The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the  ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html
	NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8709 (The ieee80211_fragment function in net/mac80211/tx.c in the Linux kern ...)
	{DLA-118-1}
	- linux 3.14.2-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f (v3.14-rc3)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2de8e0d999b8790861cd3749bec2236ccc1c8110 (v2.6.30-rc1)
CVE-2014-8650 (python-requests-Kerberos through 0.5 does not handle mutual authentica ...)
	- python-requests-kerberos 0.5-2 (bug #768408)
	NOTE: https://github.com/requests/requests-kerberos/pull/36
	NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
CVE-2014-8628 (Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows re ...)
	{DSA-3116-1 DLA-129-1}
	- polarssl 1.3.9-1
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
	NOTE: Patch for 1.2.x: https://github.com/polarssl/polarssl/commit/6b440389136afbcb0d831f880176c830bd3e0c7c
	NOTE: Version 1.2.11 also brings other security-relevant fixes. Maybe update to new upstream version?
CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorithm to  ...)
	- polarssl 1.3.9-1
	[wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
	[squeeze] - polarssl <not-affected> (Problem introduced in 1.3.8)
CVE-2014-8626 (Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ...)
	- php5 5.2.9.dfsg.1-1
	NOTE: https://bugs.php.net/bug.php?id=45226
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db
CVE-2014-8625 (Multiple format string vulnerabilities in the parse_error_msg function ...)
	- dpkg 1.17.22 (unimportant; bug #768485)
	[wheezy] - dpkg 1.16.16
	[squeeze] - dpkg <not-affected> (Regression introduced in 1.16.2)
	NOTE: Rendered non-exploitable by toolchain hardening
	NOTE: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
	NOTE: Regression introduced with https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=0b8652b226a7601dfd71471797d15168a7337242 (1.16.2)
CVE-2014-8598 (The XML Import/Export plugin in MantisBT 1.2.x does not restrict acces ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/80a15487
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17780
CVE-2014-8592 (Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-8591 (Unspecified vulnerability in SAP Internet Communication Manager (ICM), ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-8590 (XML external entity (XXE) vulnerability in the Web Service Navigator i ...)
	NOT-FOR-US: SAP NetWeaver Application Server
CVE-2014-8589 (Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allo ...)
	NOT-FOR-US: SAP Network Interface Router
CVE-2014-8588 (SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.37937 ...)
	NOT-FOR-US: SAP HANA
CVE-2014-8581
	RESERVED
CVE-2014-8580 (Citrix NetScaler Application Delivery Controller and NetScaler Gateway ...)
	NOT-FOR-US: Citrix Netscaler
CVE-2014-8579 (TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardco ...)
	NOT-FOR-US: TRENDnet TEW-823DRU devices
CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in OpenSt ...)
	- horizon 2014.1.1-3
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: this was split from CVE-2014-3475 by MITRE
CVE-2014-8577 (Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2 ...)
	NOT-FOR-US: Croogo
CVE-2014-8576
	REJECTED
CVE-2014-8575
	REJECTED
CVE-2014-8574
	REJECTED
CVE-2014-8573
	REJECTED
CVE-2014-8572 (Huawei AC6605 with software V200R001C00; AC6605 with software V200R002 ...)
	NOT-FOR-US: Huawei
CVE-2014-8571 (Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001 ...)
	NOT-FOR-US: Huawei
CVE-2014-8570 (Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703 ...)
	NOT-FOR-US: Huawei
CVE-2014-8569
	RESERVED
CVE-2014-8568
	RESERVED
CVE-2014-8565
	REJECTED
CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3. ...)
	- gnutls28 3.3.8-4 (bug #769154)
	- gnutls26 <not-affected> (Vulnerable code not present; no support for ECC)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b (3.3.x branch)
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2014-5
	NOTE: in experimental fixed in 3.3.10-1
CVE-2014-8563 (Synacor Zimbra Collaboration before 8.0.9 allows plaintext command inj ...)
	NOT-FOR-US: Synacor Zimbra Collaboration
CVE-2014-8560
	RESERVED
CVE-2014-8558 (JExperts Channel Platform 5.0.33_CCB allows remote authenticated users ...)
	NOT-FOR-US: JExperts Tecnologia Channel Software
CVE-2014-8557 (Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channe ...)
	NOT-FOR-US: JExperts Tecnologia Channel Software
CVE-2014-8556
	RESERVED
CVE-2014-8555 (Directory traversal vulnerability in report/reportViewAction.jsp in Pr ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2014-8553 (The mci_account_get_array_by_id function in api/soap/mc_account_api.ph ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17243 (currently private)
	NOTE: https://github.com/mantisbt/mantisbt/commit/f779e3d4394a0638d822849863c4098421d911c5
CVE-2014-8552 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before  ...)
	NOT-FOR-US: Siemens
CVE-2014-8551 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before  ...)
	NOT-FOR-US: Siemens
CVE-2014-8550
	RESERVED
CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the numb ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:11.2-1 (bug #773626)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686
CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows rem ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute i ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903
CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allow ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-blac ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bi ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.3-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all line ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID dur ...)
	{DLA-1654-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=88626e5af8d006e67189bf10b96b982502a7e8ad
CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension  ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550
CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 an ...)
	NOT-FOR-US: Simple Email
CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attacke ...)
	NOT-FOR-US: ALLPlayer
CVE-2014-8651 (The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...)
	- kde-workspace 4:4.11.13-2 (unimportant)
	NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6
	NOTE: On Debian changing the clock requires authentication, so it's not exploitable
	NOTE: in the standard setup
CVE-2014-8583 (mod_wsgi before 4.2.4 for Apache, when creating a daemon process group ...)
	- mod-wsgi 4.2.7-1
	[wheezy] - mod-wsgi <no-dsa> (Minor issue)
	[squeeze] - mod-wsgi <no-dsa> (Minor issue)
	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd
CVE-2014-8582 (FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point  ...)
	NOT-FOR-US: FortiNet FortiADC-E
CVE-2014-8567 (The mod_auth_mellon module before 0.8.1 allows remote attackers to cau ...)
	- libapache2-mod-auth-mellon 0.9.0
CVE-2014-8566 (The mod_auth_mellon module before 0.8.1 allows remote attackers to obt ...)
	- libapache2-mod-auth-mellon 0.9.1
CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments function ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17812
	NOTE: http://github.com/mantisbt/mantisbt/commit/99ffb0af (1.2.x branch)
	NOTE: http://github.com/mantisbt/mantisbt/commit/5faf97ab (master)
CVE-2014-8540 (The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2014-8538 (The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for A ...)
	NOT-FOR-US: Hijab Modern (aka com.Aisyaidea.HijabModern) application for Android
CVE-2014-8537 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local u ...)
	NOT-FOR-US: McAfee
CVE-2014-8536 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local u ...)
	NOT-FOR-US: McAfee
CVE-2014-8535 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local u ...)
	NOT-FOR-US: McAfee
CVE-2014-8534 (Unspecified vulnerability in the login form in McAfee Network Data Los ...)
	NOT-FOR-US: McAfee
CVE-2014-8533 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote at ...)
	NOT-FOR-US: McAfee
CVE-2014-8532 (Unspecified vulnerability in McAfee Network Data Loss Prevention befor ...)
	NOT-FOR-US: McAfee
CVE-2014-8531 (The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) befor ...)
	NOT-FOR-US: McAfee
CVE-2014-8530 (Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP ...)
	NOT-FOR-US: McAfee
CVE-2014-8529 (McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH k ...)
	NOT-FOR-US: McAfee
CVE-2014-8528 (McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs ...)
	NOT-FOR-US: McAfee
CVE-2014-8527 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local use ...)
	NOT-FOR-US: McAfee
CVE-2014-8526 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local use ...)
	NOT-FOR-US: McAfee
CVE-2014-8525 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include ...)
	NOT-FOR-US: McAfee
CVE-2014-8524 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable ...)
	NOT-FOR-US: McAfee
CVE-2014-8523 (Cross-site request forgery (CSRF) vulnerability in McAfee Network Data ...)
	NOT-FOR-US: McAfee
CVE-2014-8522 (The MySQL database in McAfee Network Data Loss Prevention (NDLP) befor ...)
	NOT-FOR-US: McAfee
CVE-2014-8521 (Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss P ...)
	NOT-FOR-US: McAfee
CVE-2014-8520 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote at ...)
	NOT-FOR-US: McAfee
CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP ...)
	NOT-FOR-US: McAfee
CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite access o ...)
	NOT-FOR-US: McAfee
CVE-2014-8516 (Unrestricted file upload vulnerability in Visual Mining NetCharts Serv ...)
	NOT-FOR-US: Visual Mining NetCharts Server
CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute arb ...)
	NOT-FOR-US: uTorrent
CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8513 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8512 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electr ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8511 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electr ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (I ...)
	NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap)  ...)
	NOT-FOR-US: BitTorrent bootstrap-dht (aka Bootstrap)
CVE-2014-8508 (Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon ...)
	NOT-FOR-US: Denon devices
CVE-2014-8507 (Multiple SQL injection vulnerabilities in the queryLastApp method in p ...)
	NOT-FOR-US: Android
CVE-2014-8506 (Multiple SQL injection vulnerabilities in Etiko CMS allow remote attac ...)
	NOT-FOR-US: Etiko CMS
CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
	NOT-FOR-US: Etiko CMS
CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
	NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in bfd/peXXi ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutil ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	- gdb <unfixed> (unimportant)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through  ...)
	{DSA-3094-1 DLA-112-1}
	- bind9 1:9.9.5.dfsg-7 (bug #772610)
	NOTE: https://kb.isc.org/article/AA-01216/0
CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password Manage ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2014-8498 (SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2014-8497
	RESERVED
CVE-2014-8496 (Digicom DG-5514T ADSL router with firmware 3.2 generates predictable s ...)
	NOT-FOR-US: Digicom Router
CVE-2014-8495 (Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 app ...)
	NOT-FOR-US: Citrix XenMobile MDX Toolkit
CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) ...)
	NOT-FOR-US: ESTsoft ALUpdate
CVE-2014-8493 (ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to ...)
	NOT-FOR-US: ZTE ZXHN H108L
CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fal ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...)
	NOT-FOR-US: Grand Flagallery plugin for WordPress
CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...)
	NOT-FOR-US: TennisConnect COMPONENTS
CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...)
	{DSA-3130-1}
	- lsyncd 2.1.5-2 (low; bug #767227)
	[squeeze] - lsyncd <no-dsa> (Minor issue)
	NOTE: https://github.com/axkibe/lsyncd/issues/220
	NOTE: Upstream commit: https://github.com/creshal/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52
	NOTE: also required: https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b
	NOTE: the initial commit would be an incomplete fix and needs additional changes
CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2  ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <not-affected> (Introduced in 2.6.38)
	NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
	NOTE: Upstream fix: https://git.kernel.org/linus/ca5358ef75fc69fee5322a38a340f5739d997c10 (v3.19-rc1)
	NOTE: Upstream fix: https://git.kernel.org/linus/946e51f2bf37f1656916eb75bd0742ba33983c28 (v3.19-rc1)
CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in Net ...)
	- tnftp 20130505-2 (low; bug #767171)
	[wheezy] - tnftp <no-dsa> (Minor issue)
	[squeeze] - tnftp <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2014/10/28/4
CVE-2014-9915 (Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers ...)
	- imagemagick 8:6.8.9.9-1 (bug #767240)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2014-8355 (PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers  ...)
	{DLA-960-1 DLA-242-1}
	- imagemagick 8:6.8.9.9-1 (bug #767240)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: https://int21.de/cve/CVE-2014-8355-pcx-oob-heap-overflow.html
	- graphicsmagick 1.3.20-3+deb8u1 (bug #778238)
	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/ (graphicsmagick)
CVE-2014-8562 (DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to ca ...)
	{DLA-960-1 DLA-242-1}
	- imagemagick 8:6.8.9.9-1 (bug #767240)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2014-8354 (The HorizontalFilter function in resize.c in ImageMagick before 6.8.9- ...)
	{DLA-960-1 DLA-242-1}
	- imagemagick 8:6.8.9.9-1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
CVE-2014-8561 (imagemagick 6.8.9.6 has remote DOS via infinite loop ...)
	- imagemagick 8:6.8.9.9-1 (bug #764872)
	[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
	[squeeze] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
CVE-2014-8489 (Open redirect vulnerability in startSSO.ping in the SP Endpoints in Pi ...)
	NOT-FOR-US: PingFederate SP Endpoints
CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: yourls
CVE-2014-8487 (Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earl ...)
	NOT-FOR-US: Kony Management
CVE-2014-8486
	REJECTED
CVE-2014-8482
	RESERVED
CVE-2014-8479 (The FTP server on Siemens SCALANCE X-300 switches with firmware before ...)
	NOT-FOR-US: FTP server on Siemens SCALANCE X-300 switches
CVE-2014-8478 (The web server on Siemens SCALANCE X-300 switches with firmware before ...)
	NOT-FOR-US: web server on Siemens SCALANCE X-300 switches
CVE-2014-8477
	RESERVED
CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initial ...)
	{DSA-3070-1}
	[experimental] - kfreebsd-11 11.0~svn284956-1 (bug #768109)
	- kfreebsd-10 10.1~svn274115-1 (bug #768108)
	- kfreebsd-9 <removed> (bug #768104)
	- kfreebsd-8 <removed> (bug #768106)
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
CVE-2014-8475 (FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos suppo ...)
	- openssh <not-affected> (freebsd-specific build system issue)
CVE-2014-8474 (CA Cloud Service Management (CSM) before Summer 2014 allows remote att ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8473 (Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Ma ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8472 (CA Cloud Service Management (CSM) before Summer 2014 does not properly ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8471 (CA Cloud Service Management (CSM) before Summer 2014 allows remote att ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8470
	RESERVED
CVE-2014-8469 (Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in ...)
	NOT-FOR-US: PHPFox
CVE-2013-7408 (F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cook ...)
	NOT-FOR-US: F5 BIG-IP Analytics
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
	- riece 8.0.0-1.3 (unimportant; bug #601325)
	[squeeze] - riece <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-7401
	REJECTED
CVE-2014-8483 (The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allo ...)
	{DSA-3068-1 DSA-3063-1 DLA-168-1}
	- quassel 0.10.0-2.1 (bug #766962)
	[squeeze] - quassel <not-affected> (Problematic code does not exist in 0.6.3-2+squeeze2)
	NOTE: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
	NOTE: http://bugs.quassel-irc.org/issues/1314
	- konversation 1.5-2 (bug #768191)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=210792
CVE-2014-8481 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...)
	- linux <not-affected> (Present in 3.17 with incomplete fix)
	- linux-2.6 <not-affected> (Present in 3.17 with incomplete fix)
	NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32
CVE-2014-8480 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...)
	- linux <not-affected> (Introduced in 3.17)
	- linux-2.6 <not-affected> (Introduced in 3.17)
	NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
	NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 a ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.51.20140903-1
	- binutils-mingw-w64 5.2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
	NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
	NOTE: http://openwall.com/lists/oss-security/2014/10/23/5
CVE-2014-8468
	RESERVED
CVE-2014-8467
	RESERVED
CVE-2014-8466
	RESERVED
CVE-2014-8465
	RESERVED
CVE-2014-8464
	RESERVED
CVE-2014-8463
	RESERVED
CVE-2014-8462
	RESERVED
CVE-2014-8461 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8460 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8459 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8458 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8457 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8456 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8455 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8454 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8453 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8452 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8451 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before  ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8450 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-8449 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8448 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before  ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8447 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8446 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8445 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8444
	REJECTED
CVE-2014-8443 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8442 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8441 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8440 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8439 (Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8438 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8437 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8436
	RESERVED
CVE-2014-8435
	RESERVED
CVE-2014-8434
	RESERVED
CVE-2014-8433
	RESERVED
CVE-2014-8432
	RESERVED
CVE-2014-8431
	RESERVED
CVE-2014-8430
	RESERVED
CVE-2014-8429 (Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats x ...)
	NOT-FOR-US: xEpan CMS
CVE-2014-8428 (Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.01 ...)
	NOT-FOR-US: Barracuda
CVE-2014-8427
	RESERVED
CVE-2014-8426 (Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. ...)
	NOT-FOR-US: Barracuda
CVE-2014-8425 (The management portal in ARRIS VAP2500 before FW08.41 allows remote at ...)
	NOT-FOR-US: Management portal in ARRIS VAP2500
CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords, whi ...)
	NOT-FOR-US: ARRIS VAP2500
CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 be ...)
	NOT-FOR-US: ARRIS VAP2500
CVE-2014-8422 (The web-based management (WBM) interface in Unify (former Siemens) Ope ...)
	NOT-FOR-US: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone
CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 de ...)
	NOT-FOR-US: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone
CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management Syst ...)
	NOT-FOR-US: Dell SonicWALL
CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...)
	NOT-FOR-US: Wibu-Systems CodeMeter Runtime
CVE-2014-8418 (The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32,  ...)
	{DLA-455-1}
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24534
	NOTE: http://downloads.digium.com/pub/security/AST-2014-018.html
CVE-2014-8417 (ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13 ...)
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[wheezy] - asterisk <not-affected> (Only affects 11.x, 12.x and 13.x)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490
	NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html
CVE-2014-8416 (Use-after-free vulnerability in the PJSIP channel driver in Asterisk O ...)
	- asterisk 1:13.1.0~dfsg-1
	[jessie] - asterisk <not-affected> (PJSIP channel not available yet)
	[wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
	[squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
	NOTE: http://downloads.digium.com/pub/security/AST-2014-016.html
CVE-2014-8415 (Race condition in the chan_pjsip channel driver in Asterisk Open Sourc ...)
	- asterisk 1:13.1.0~dfsg-1
	[jessie] - asterisk <not-affected> (PJSIP channel not available yet)
	[wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
	[squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
	NOTE: http://downloads.digium.com/pub/security/AST-2014-015.html
CVE-2014-8414 (ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...)
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[wheezy] - asterisk <not-affected> (Only affects 11.x)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440
	NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html
CVE-2014-8413 (The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 an ...)
	- asterisk 1:13.1.0~dfsg-1
	[jessie] - asterisk <not-affected> (PJSIP channel not available yet)
	[wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
	[squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531
	NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html
CVE-2014-8412 (The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Inte ...)
	{DLA-455-1}
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24469
	NOTE: http://downloads.digium.com/pub/security/AST-2014-012.html
CVE-2014-8411
	RESERVED
CVE-2014-8410
	RESERVED
CVE-2014-8409
	RESERVED
CVE-2014-8408
	RESERVED
CVE-2014-8407
	RESERVED
CVE-2014-8406
	RESERVED
CVE-2014-8405
	RESERVED
CVE-2014-8404
	RESERVED
CVE-2014-8403
	RESERVED
CVE-2014-8402
	RESERVED
CVE-2014-8401
	RESERVED
CVE-2014-8400
	RESERVED
CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick allo ...)
	NOT-FOR-US: Corel FastFlick
CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or Fas ...)
	NOT-FOR-US: Corel
CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local u ...)
	NOT-FOR-US: Corel PDF Fusion
CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local ...)
	NOT-FOR-US: Corel Painter
CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow ...)
	NOT-FOR-US: Corel CAD
CVE-2014-8393 (DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Cor ...)
	NOT-FOR-US: Corel
CVE-2014-8392
	RESERVED
CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle sess ...)
	NOT-FOR-US: Sendio
CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18  ...)
	NOT-FOR-US: AirLive
CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point all ...)
	NOT-FOR-US: Advantech EKI-6340
CVE-2014-8386 (Multiple stack-based buffer overflows in Advantech AdamView 4.3 and ea ...)
	NOT-FOR-US: Advantech AdamView
CVE-2014-8385 (Buffer overflow on Advantech EKI-1200 gateways with firmware before 1. ...)
	NOT-FOR-US: Advantech EKI-1200 gateways
CVE-2014-8384 (The InFocus IN3128HD projector with firmware 0.26 does not restrict ac ...)
	NOT-FOR-US: InFocus IN3128HD projector
CVE-2014-8383 (The InFocus IN3128HD projector with firmware 0.26 allows remote attack ...)
	NOT-FOR-US: InFocus IN3128HD projector
CVE-2014-8382
	RESERVED
CVE-2014-8381 (Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Porta ...)
	NOT-FOR-US: Megapolis.Portal Manager
CVE-2014-8380 (Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote ...)
	NOT-FOR-US: Splunk
CVE-2014-8379 (Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA  ...)
	NOT-FOR-US: Drupal module Marketo MA
CVE-2014-8378 (Cross-site scripting (XSS) vulnerability in the TableField module 7.x- ...)
	NOT-FOR-US: Drupal module TableField
CVE-2014-8377 (Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2 ...)
	NOT-FOR-US: Webasyst Shop-Script
CVE-2014-8376 (Cross-site scripting (XSS) vulnerability in the context administration ...)
	NOT-FOR-US: Drupal module Site Banner
CVE-2014-8375 (SQL injection vulnerability in GBgallery.php in the GB Gallery Slidesh ...)
	NOT-FOR-US: WordPress plugin GB Gallery Slideshow
CVE-2014-8374
	REJECTED
CVE-2014-8373 (The VMware Remote Console (VMRC) function in VMware vCloud Automation  ...)
	NOT-FOR-US: VMware vCloud Automation Center
CVE-2014-8372 (AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote ...)
	NOT-FOR-US: VMware AirWatch
CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...)
	NOT-FOR-US: VMware vSphere
CVE-2014-8370 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, ...)
	NOT-FOR-US: VMware
CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kern ...)
	{DSA-3093-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not applied)
	NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
	NOTE: Fixed by: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
CVE-2014-8368 (The web interface in Aruba Networks AirWave before 7.7.14 and 8.x befo ...)
	NOT-FOR-US: Aruba Networks AirWave
CVE-2014-8367 (SQL injection vulnerability in Aruba Networks ClearPass Policy Manager ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-8366 (SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote a ...)
	NOT-FOR-US: openSIS
CVE-2014-8365 (Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact  ...)
	NOT-FOR-US: Xornic Contact Us Form
CVE-2014-8364 (Cross-site scripting (XSS) vulnerability in ss_handler.php in the Word ...)
	NOT-FOR-US: WordPress plugin wpSS
CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress Spreads ...)
	NOT-FOR-US: WordPress plugin wpSS
CVE-2014-8362 (Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable  ...)
	NOT-FOR-US: Vivint Sky Control Panel
CVE-2014-8361 (The miniigd SOAP service in Realtek SDK allows remote attackers to exe ...)
	NOT-FOR-US: Realtek SDK
CVE-2014-8360 (Directory traversal vulnerability in inc/autoload.function.php in GLPI ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: original bug: https://forge.indepnet.net/issues/5101
	NOTE: followup: https://forge.indepnet.net/issues/5113
	NOTE: appears to be a generic autoloading abuse; possibly with
	NOTE: some use of simplepie being the attack vector
CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for Windo ...)
	NOT-FOR-US: Huawei Mobile Partner for Windows
CVE-2014-8358 (Huawei EC156, EC176, and EC177 USB Modem products with software before ...)
	NOT-FOR-US: Huawei
CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID GPO ...)
	NOT-FOR-US: ZHONE Router
CVE-2014-8356 (The web administrative portal in Zhone zNID 2426A before S3.0.501 allo ...)
	NOT-FOR-US: ZHONE Router
CVE-2014-8353
	RESERVED
CVE-2014-8352 (Cross-site scripting (XSS) vulnerability in json.php in French Nationa ...)
	NOT-FOR-US: CookieViz
CVE-2014-8351 (SQL injection vulnerability in info.php in French National Commission  ...)
	NOT-FOR-US: CookieViz
CVE-2014-8349 (Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise  ...)
	NOT-FOR-US: Liferay Portal
CVE-2014-8348
	RESERVED
CVE-2014-8347 (An Authentication Bypass vulnerability exists in the MatchPasswordData ...)
	NOT-FOR-US: Filemaker
CVE-2014-8346 (The Remote Controls feature on Samsung mobile devices does not validat ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2014-8345
	RESERVED
CVE-2014-8344
	RESERVED
CVE-2014-8343
	RESERVED
CVE-2014-8342
	RESERVED
CVE-2014-8341
	RESERVED
CVE-2014-8340 (SQL injection vulnerability in Php/Functions/log_function.php in phpTr ...)
	NOT-FOR-US: phpTrafficA
CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...)
	NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
CVE-2014-8338 (Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/ ...)
	NOT-FOR-US: VideoWhisper Webcam plugins for Drupal
CVE-2014-8337 (Unrestricted file upload vulnerability in includes/classes/uploadify-v ...)
	NOT-FOR-US: HelpDEZk
CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugi ...)
	NOT-FOR-US: WP-DBManager plugin for WordPress
CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager ( ...)
	NOT-FOR-US: WP-DBManager (aka Database Manager) plugin for WordPress
CVE-2014-8334 (The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPr ...)
	NOT-FOR-US: WordPress plugin wp-dbmanager
CVE-2014-8332
	RESERVED
CVE-2014-8331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei H ...)
	NOT-FOR-US: Huawei HiLink
CVE-2014-8330 (Cross-site scripting (XSS) vulnerability in EspoCRM allows remote auth ...)
	NOT-FOR-US: EspoCRM
CVE-2014-8329 (Schrack Technik microControl with firmware before 1.7.0 (937) stores s ...)
	NOT-FOR-US: Schrack Technik microControl
CVE-2014-8324 (network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to  ...)
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/16
CVE-2014-8323 (buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...)
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/15
CVE-2014-8322 (Stack-based buffer overflow in the tcp_test function in aireplay-ng.c  ...)
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/14
CVE-2014-8321 (Stack-based buffer overflow in the gps_tracker function in airodump-ng ...)
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/13
CVE-2014-8320 (Cross-site scripting (XSS) vulnerability in the Custom Search module 6 ...)
	NOT-FOR-US: Drupal module Custom Search
CVE-2014-8319 (Cross-site scripting (XSS) vulnerability in the easy_social_admin_summ ...)
	NOT-FOR-US: Drupal module Easy Social
CVE-2014-8318 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...)
	NOT-FOR-US: Drupal module Webform
CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validation mod ...)
	NOT-FOR-US: Drupal module Webform Validation
CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS module for ...)
	NOT-FOR-US: Drupal module MRBS
CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows remot ...)
	NOT-FOR-US: Drupal module MRBS
CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...)
	{DLA-452-1}
	- smarty3 3.1.21-1 (bug #765920)
	- smarty <not-affected> (Only affects 3.x series)
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch
CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon debugg ...)
	- systemd-shim 8-4
	NOTE: Fixed by: https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893
	NOTE: with version 8-4 systemd-shim does not ship anymore a dbus policy, see https://bugs.debian.org/765101
CVE-2014-8333 (The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows r ...)
	- nova 2014.1.3-7
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	NOTE: versions affected up to to 2014.1.3
	NOTE: https://launchpad.net/bugs/1359138
	NOTE: https://review.openstack.org/125492
CVE-2014-8328 (The default configuration in the Dynamic Content Elements (dce) extens ...)
	NOT-FOR-US: TYPO3 extension dce
CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions fo ...)
	NOT-FOR-US: TYPO3 extension fal_sftp
CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	- phpmyadmin 4:4.2.10.1-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-12/
CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1  ...)
	NOT-FOR-US: TYPO3 extension cal
CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP Bus ...)
	NOT-FOR-US: SAP BusinessObjects Explorer
CVE-2014-8315 (polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 repl ...)
	NOT-FOR-US: SAP BusinessObjects Explorer
CVE-2014-8314 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Develo ...)
	NOT-FOR-US: SAP HANA
CVE-2014-8313 (Eval injection in ide/core/base/server/net.xsjs in the Developer Workb ...)
	NOT-FOR-US: SAP HANA
CVE-2014-8312 (Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote au ...)
	NOT-FOR-US: SAP Netweaver AS ABAP
CVE-2014-8311 (SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: SAP BusinessObjects Edge
CVE-2014-8310 (The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remot ...)
	NOT-FOR-US: SAP BusinessObjects BI Edge
CVE-2014-8309 (SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 gener ...)
	NOT-FOR-US: SAP
CVE-2014-8308 (Cross-site scripting (XSS) vulnerability in the Send to Inbox function ...)
	NOT-FOR-US: SAP BusinessObjects BI EDGE
CVE-2014-8307 (Multiple cross-site scripting (XSS) vulnerabilities in skins/default/o ...)
	NOT-FOR-US: C97net Cart Engine
CVE-2014-8306 (SQL injection vulnerability in the sql_query function in cart.php in C ...)
	NOT-FOR-US: C97net Cart Engine
CVE-2014-8305 (Open redirect vulnerability in the redir function in includes/function ...)
	NOT-FOR-US: C97net Cart Engine
CVE-2014-8304 (Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and ea ...)
	NOT-FOR-US: In-Portal
CVE-2014-8303 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk Web
CVE-2014-8302 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk Web
CVE-2014-8301 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk Web
CVE-2014-8300
	RESERVED
CVE-2014-8299
	RESERVED
CVE-2014-8298 (The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R ...)
	- nvidia-graphics-drivers 340.65-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx 304.125-1
	- nvidia-graphics-drivers-legacy-173xx <removed> (bug #772973)
	[wheezy] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-96xx <removed> (bug #772972)
	[wheezy] - nvidia-graphics-drivers-legacy-96xx <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers-legacy-96xx <no-dsa> (Non-free not supported)
CVE-2014-8297
	RESERVED
CVE-2014-8296 (Cross-site scripting (XSS) vulnerability in the Modal Frame API module ...)
	NOT-FOR-US: Drupal module Modal Frame API
CVE-2014-XXXX [freecad downloads and executes code]
	- freecad 0.14.3702+dfsg-3 (bug #764814)
	[squeeze] - freecad <not-affected> (Problematic code not present)
	NOTE: http://freecadweb.org/tracker/view.php?id=1785
CVE-2014-8295 (SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows ...)
	NOT-FOR-US: Bacula-Web
	NOTE: Bacula-Web is not part of bacula itself and not ITP #656891
CVE-2014-8294 (Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4 ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2014-8293 (Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0 ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP ...)
	{DSA-3059-1 DLA-79-1}
	- dokuwiki 0.0.20140929.a-1 (bug #766545)
	[jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545)
	NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP auth ...)
	{DSA-3059-1 DLA-79-1}
	- dokuwiki 0.0.20140929.a-1 (bug #766545)
	[jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545)
	NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remo ...)
	{DSA-3059-1}
	- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access ...)
	{DSA-3059-1}
	- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required setting  ...)
	{DLA-881-1}
	- ejabberd 14.07-3 (low; bug #767535)
	[squeeze] - ejabberd <no-dsa> (Minor issue)
	NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html
	NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b
CVE-2014-8759
	RESERVED
CVE-2014-8758 (Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to byp ...)
	NOT-FOR-US: LG On-Screen Phone
CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder befo ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2014-8755 (Panasonic Network Camera View 3 and 4 allows remote attackers to execu ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2014-8754 (Open redirect vulnerability in track-click.php in the Ad-Manager plugi ...)
	NOT-FOR-US: WordPress plugin ad-manager-for-wp
CVE-2014-8753 (Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e ...)
	NOT-FOR-US: Cit-e-Net
CVE-2014-8752 (Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE ...)
	NOT-FOR-US: JCE-Tech PHP Video Script
CVE-2014-8751 (Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress  ...)
	NOT-FOR-US: goYWP WebPress
CVE-2014-8749 (Server-side request forgery (SSRF) vulnerability in admin/htaccess/bps ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2014-8748 (Cross-site scripting (XSS) vulnerability in the Google Doubleclick for ...)
	NOT-FOR-US: Drupal module Google Doubleclick for Publishers
CVE-2014-8747 (Cross-site scripting (XSS) vulnerability in the Drupal Commons module  ...)
	NOT-FOR-US: Drupal module Drupal Commons
CVE-2014-8746 (Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 ...)
	NOT-FOR-US: Drupal theme Skeleton
CVE-2014-8745 (Cross-site scripting (XSS) vulnerability in the Custom Search module 6 ...)
	NOT-FOR-US: Drupal module Custom Search
CVE-2014-8744 (Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x ...)
	NOT-FOR-US: Drupal module Nivo Slider
CVE-2014-8743 (Multiple cross-site scripting (XSS) vulnerabilities in the Maestro mod ...)
	NOT-FOR-US: Drupal module Maestro
CVE-2014-8292
	REJECTED
CVE-2014-8291
	REJECTED
CVE-2014-8290
	REJECTED
CVE-2014-8289
	REJECTED
CVE-2014-8288
	REJECTED
CVE-2014-8287
	REJECTED
CVE-2014-8286
	REJECTED
CVE-2014-8285
	REJECTED
CVE-2014-8284
	REJECTED
CVE-2014-8283
	REJECTED
CVE-2014-8282
	REJECTED
CVE-2014-8281
	REJECTED
CVE-2014-8280
	REJECTED
CVE-2014-8279
	REJECTED
CVE-2014-8278
	REJECTED
CVE-2014-8277
	REJECTED
CVE-2014-8276
	REJECTED
CVE-2014-8275 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k d ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=86edf13b1c97526c0cf63c37342aaa01f5442688
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5951cc004b96cd681ffdf39d3fc9238a1ff597ae
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8565530e27718760220df469f0a071c85b9e731
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=178c562a4621162dbe19a7c34fa2ad558684f40e
CVE-2014-8274
	RESERVED
CVE-2014-8273
	RESERVED
CVE-2014-8272 (The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6  ...)
	NOT-FOR-US: Dell iDRAC6
CVE-2014-8271 (Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 1 ...)
	NOT-FOR-US: uefi
CVE-2014-8270 (BMC Track-It! 11.3 allows remote attackers to gain privileges and exec ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-8269 (Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) H ...)
	NOT-FOR-US: Honeywell OPOS Suite
CVE-2014-8268 (QPR Portal before 2012.2.1 allows remote attackers to modify or delete ...)
	NOT-FOR-US: QPR Portal
CVE-2014-8267 (Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and ea ...)
	NOT-FOR-US: QPR Portal
CVE-2014-8266 (Multiple cross-site scripting (XSS) vulnerabilities in the note-creati ...)
	NOT-FOR-US: QPR Portal
CVE-2014-8265
	RESERVED
CVE-2014-8264
	RESERVED
CVE-2014-8263
	RESERVED
CVE-2014-8262
	RESERVED
CVE-2014-8261
	RESERVED
CVE-2014-8260
	RESERVED
CVE-2014-8259
	RESERVED
CVE-2014-8258
	RESERVED
CVE-2014-8257
	RESERVED
CVE-2014-8256
	RESERVED
CVE-2014-8255
	RESERVED
CVE-2014-8254
	RESERVED
CVE-2014-8253
	RESERVED
CVE-2014-8252
	RESERVED
CVE-2014-8251
	RESERVED
CVE-2014-8250
	RESERVED
CVE-2014-8249
	RESERVED
CVE-2014-8248 (SQL injection vulnerability in CA Release Automation (formerly iTKO LI ...)
	NOT-FOR-US: CA Release Automation
CVE-2014-8247 (Cross-site scripting (XSS) vulnerability in CA Release Automation (for ...)
	NOT-FOR-US: CA Release Automation
CVE-2014-8246 (Cross-site request forgery (CSRF) vulnerability in CA Release Automati ...)
	NOT-FOR-US: CA Release Automation
CVE-2014-8245
	RESERVED
CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.4 ...)
	NOT-FOR-US: Linksys SMART WiFi
CVE-2014-8243 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.4 ...)
	NOT-FOR-US: Linksys SMART WiFi
CVE-2014-8239
	REJECTED
CVE-2014-8238
	REJECTED
CVE-2014-8237
	REJECTED
CVE-2014-8236
	REJECTED
CVE-2014-8235
	REJECTED
CVE-2014-8234
	REJECTED
CVE-2014-8233
	REJECTED
CVE-2014-8232
	REJECTED
CVE-2014-8231
	REJECTED
CVE-2014-8230
	REJECTED
CVE-2014-8229
	REJECTED
CVE-2014-8228
	REJECTED
CVE-2014-8227
	REJECTED
CVE-2014-8226
	REJECTED
CVE-2014-8225
	REJECTED
CVE-2014-8224
	REJECTED
CVE-2014-8223
	REJECTED
CVE-2014-8222
	REJECTED
CVE-2014-8221
	REJECTED
CVE-2014-8220
	REJECTED
CVE-2014-8219
	REJECTED
CVE-2014-8218
	REJECTED
CVE-2014-8217
	REJECTED
CVE-2014-8216
	REJECTED
CVE-2014-8215
	REJECTED
CVE-2014-8214
	REJECTED
CVE-2014-8213
	REJECTED
CVE-2014-8212
	REJECTED
CVE-2014-8211
	REJECTED
CVE-2014-8210
	REJECTED
CVE-2014-8209
	REJECTED
CVE-2014-8208
	REJECTED
CVE-2014-8207
	REJECTED
CVE-2014-8206
	REJECTED
CVE-2014-8205
	REJECTED
CVE-2014-8204
	REJECTED
CVE-2014-8203
	REJECTED
CVE-2014-8202
	REJECTED
CVE-2014-8201
	REJECTED
CVE-2014-8200
	REJECTED
CVE-2014-8199
	REJECTED
CVE-2014-8198
	REJECTED
CVE-2014-8197
	REJECTED
CVE-2014-8196
	REJECTED
CVE-2014-8195
	REJECTED
CVE-2014-8194
	REJECTED
CVE-2014-8193
	REJECTED
CVE-2014-8192
	REJECTED
CVE-2014-8191
	REJECTED
CVE-2014-8190
	REJECTED
CVE-2014-8189
	REJECTED
CVE-2014-8188
	REJECTED
CVE-2014-8187
	REJECTED
CVE-2014-8186
	REJECTED
CVE-2014-8185
	REJECTED
CVE-2014-8184 (A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A  ...)
	- liblouis 2.6.2-1 (bug #880621)
	[jessie] - liblouis 2.5.3-3+deb8u1
	[wheezy] - liblouis <not-affected> (Vulnerable code introduced in 2.5.0)
	NOTE: https://github.com/liblouis/liblouis/issues/425
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701
	NOTE: Introduced by: https://github.com/liblouis/liblouis/commit/26ca8619a29951d6b4acf8b7a732a8b35e4e7bd3 (liblouis_2_5_0)
	NOTE: Fixed in merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524
	NOTE: CVE is for several buffer overflows in the findTable function, cf.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7
CVE-2014-8183 (It was found that foreman, versions 1.x.x before 1.15.6, in Satellite  ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8182 (An off-by-one error leading to a crash was discovered in openldap 2.4  ...)
	- openldap <not-affected> (Vulnerable code introduced in RHEL specific patch)
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027
	NOTE: Reference for upstream fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
	NOTE: and: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims this flaw was never in a OpenLDAP release
CVE-2014-8181 (The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garb ...)
	- linux <not-affected> (Specific to RHEL 7)
CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass authentica ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8179 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does  ...)
	- docker.io 1.8.3~ds1-1
CVE-2014-8178 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do no ...)
	- docker.io 1.8.3~ds1-1
CVE-2014-8177 (The Red Hat gluster-swift package, as used in Red Hat Gluster Storage  ...)
	NOT-FOR-US: gluster-swift
CVE-2014-8176 (The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9. ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.1h-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to b ...)
	NOT-FOR-US: JBoss Fuse
CVE-2014-8174 (eDeploy makes it easier for remote attackers to execute arbitrary code ...)
	- edeploy <itp> (bug #717664)
CVE-2014-8173 (The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generi ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (Introduced in 3.10 with 1998cc048901)
	- linux-2.6 <not-affected> (Introduced in 3.10 with 1998cc048901)
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee53664bda169f519ce3c6a22d378f0b946c8178 (v3.13-rc5)
CVE-2014-8172 (The filesystem implementation in the Linux kernel before 3.13 performs ...)
	- linux 3.13.4-1
	[wheezy] - linux <no-dsa> (Too intrusive to backport)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee5cc2702929fd41cce28058dc6d6717f723f87 (v3.13-rc1)
CVE-2014-8171 (The memory resource controller (aka memcg) in the Linux kernel allows  ...)
	- linux 3.12.6-1
	[wheezy] - linux <no-dsa> (Too difficult and risky to backport)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too difficult and risky to backport)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3812c8c8f3953921ef18544110dafc3505c1ac62 (v3.12-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4942642080ea82d99ab5b653abb9a12b7ba31f4a (v3.12-rc6)
CVE-2014-8170 (ovirt_safe_delete_config in ovirtfunctions.py and other unspecified lo ...)
	- ovirt-node <itp> (bug #502024)
CVE-2014-8169 (automount 5.0.8, when a program map uses certain interpreted languages ...)
	- autofs 5.0.8-2 (bug #779591)
	[wheezy] - autofs <not-affected> (Vulnerable code introduced in 5.0.8)
	- autofs5 <not-affected> (Vulnerable code introduced in 5.0.8)
CVE-2014-8168 (Red Hat Satellite 6 allows local users to access mongod and delete pul ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8167 (vdsm and vdsclient does not validate certficate hostname from another  ...)
	NOT-FOR-US: Red Hat vdms and vdsclient
CVE-2014-8166 (The browsing feature in the server in CUPS does not filter ANSI escape ...)
	- cups <unfixed> (unimportant)
	NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761
	NOTE: Terminal emulators need to perform proper escaping
CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the p ...)
	- powerpc-utils <not-affected> (Vulnerable code not present)
	NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
CVE-2014-8164
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2014-8163 (Directory traversal vulnerability in the XMLRPC interface in Red Hat S ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8162 (XML external entity (XXE) in the RPC interface in Spacewalk and Red Ha ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8161 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...)
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2014-8160 (net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before  ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1)
	NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html
CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before  ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1  ...)
	{DSA-3138-1 DLA-138-1}
	- jasper 1.900.1-debian1-2.4 (bug #775970)
	NOTE: http://www.ocert.org/advisories/ocert-2015-001.html
CVE-2014-8157 (Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 ...)
	{DSA-3138-1 DLA-138-1}
	- jasper 1.900.1-debian1-2.4 (bug #775970)
	NOTE: http://www.ocert.org/advisories/ocert-2015-001.html
CVE-2014-8156 (The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso- ...)
	- fso-deviced 0.12.0-5
	[wheezy] - fso-deviced <no-dsa> (Minor issue)
	- fso-datad 0.12.0-3
	[wheezy] - fso-datad <no-dsa> (Minor issue)
	- fso-frameworkd 0.9.5.9+git20110512-5
	[wheezy] - fso-frameworkd <no-dsa> (Minor issue)
	[squeeze] - fso-frameworkd <no-dsa> (Minor issue)
	- fso-gsmd 0.12.0-4
	[wheezy] - fso-gsmd <no-dsa> (Minor issue)
	- fso-usaged 0.12.0-3
	[wheezy] - fso-usaged <no-dsa> (Minor issue)
	[squeeze] - fso-usaged <no-dsa> (Minor issue)
	- phonefsod 0.1+git20121018-2
	[wheezy] - phonefsod <no-dsa> (Minor issue)
	[squeeze] - phonefsod <no-dsa> (Minor issue)
CVE-2014-8155 (GnuTLS before 2.9.10 does not verify the activation and expiration dat ...)
	{DLA-180-1}
	- gnutls26 2.9.10-1
	- gnutls28 <not-affected> (Initial version 3.0.0-1 already contained the check based on 2.9.10)
	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c
CVE-2014-8154 (The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect b ...)
	- vala-0.26 0.26.1-1.1 (bug #775913)
	- vala-0.16 <not-affected> (MapInfo not yet present)
	- vala-0.14 <not-affected> (MapInfo not yet present)
	- vala <not-affected> (MapInfo not yet present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663
	NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7
	NOTE: Binaries with buggy bindings package that use Gst.MapInfo() function
	NOTE: are affected as well and need to be rebuilt, shotwell, rygel, ...
CVE-2014-8153 (The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using ...)
	- neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1)
CVE-2014-8152 (Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remot ...)
	- libxml-security-java <not-affected> (streaming XML Signature support introduced in 2.0.0)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1634334
	NOTE: http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
CVE-2014-8151 (The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in l ...)
	- curl <not-affected> (Only relevant when building with darwinssl/Mac OS X)
	NOTE: http://curl.haxx.se/docs/adv_20150108A.html
CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...)
	{DSA-3122-1 DLA-134-1}
	- curl 7.38.0-4
	NOTE: http://curl.haxx.se/docs/adv_20150108B.html
CVE-2014-8149 (OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated ...)
	NOT-FOR-US: OpenDaylight
CVE-2014-8148 (The default D-Bus access control rule in Midgard2 10.05.7.1 allows loc ...)
	- midgard2-core <removed> (bug #774630)
CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bi ...)
	{DSA-3323-1}
	- icu 52.1-9 (bug #784773)
	[wheezy] - icu <not-affected> (Vulnerable code not present)
	[squeeze] - icu <not-affected> (Vulnerable code not present)
	- chromium-browser 42.0.2311.135-1
	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37080
CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bi ...)
	{DSA-3323-1}
	- icu 52.1-9 (bug #784773)
	[wheezy] - icu <not-affected> (Vulnerable code not present)
	[squeeze] - icu <not-affected> (Vulnerable code not present)
	- chromium-browser 42.0.2311.135-1
	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37162
CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 an ...)
	{DSA-3112-1 DLA-1687-1 DLA-128-1}
	- sox 14.4.2-2 (bug #773720)
	[stretch] - sox 14.4.1-5+deb9u1
	NOTE: The two needed patches were added in 14.4.1-5 but not to the series file
	NOTE: so the patches got not applied during build.
CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1 ...)
	NOT-FOR-US: doorkeeper OAuth provider
CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc ...)
	- samba 2:4.1.17+dfsg-1 (bug #776993)
	[wheezy] - samba <not-affected> (Only affects 4.0 and later)
	[squeeze] - samba <not-affected> (Only affects 4.0 and later)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2014-8143
CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ex ...)
	{DSA-3117-1}
	- php5 5.6.5+dfsg-1 (unimportant)
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
	NOTE: Only affects an inherently insecure use case
CVE-2014-8141 (Heap-based buffer overflow in the getZip64Data function in Info-ZIP Un ...)
	{DSA-3113-1 DLA-124-1}
	- unzip 6.0-13 (bug #773722)
CVE-2014-8140 (Heap-based buffer overflow in the test_compr_eb function in Info-ZIP U ...)
	{DSA-3113-1 DLA-124-1}
	- unzip 6.0-13 (bug #773722)
CVE-2014-8139 (Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip ...)
	{DSA-3113-1 DLA-150-1 DLA-124-1}
	- unzip 6.0-16 (bug #773722)
CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer 1.900. ...)
	{DSA-3106-1 DLA-121-1}
	- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8137 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...)
	{DSA-3106-1 DLA-121-1}
	- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 func ...)
	- libvirt 1.2.9-7 (bug #773856)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2bdcd29c713dfedd813c89f56ae98f6f3898313d (v1.2.11-rc2)
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=abf75aea247e (v1.1.0-rc1)
CVE-2014-8135 (The storageVolUpload function in storage/storage_driver.c in libvirt b ...)
	- libvirt 1.2.9-7 (bug #773855)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984 (v1.2.11-rc1)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 (v1.2.8-rc1)
CVE-2014-8134 (The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux  ...)
	{DLA-155-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.65-1
	- linux-2.6 <removed>
	NOTE: http://www.spinics.net/lists/kvm/msg111458.html
CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation ...)
	{DSA-3128-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=41bdc78544b8a93a9c6814b8bbbfef966272abbe
CVE-2014-8132 (Double free vulnerability in the ssh_packet_kexinit function in kex.c  ...)
	- libssh 0.6.3-4 (bug #773577)
	[wheezy] - libssh 0.5.4-1+deb7u3
	[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
	NOTE: http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
	NOTE: Upstream patch: http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f
CVE-2014-8131 (The qemu implementation of virConnectGetAllDomainStats in libvirt befo ...)
	- libvirt 1.2.9-7 (bug #773858)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=d1bde8ed (v1.2.9-rc1)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee (v1.2.9-rc1)
	NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html
	NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html
CVE-2014-8130 (The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ...)
	- tiff <unfixed> (unimportant; bug #776185)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483
	NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...)
	{DSA-3273-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.1 (bug #776185)
	- tiff3 <removed>
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf)
	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
CVE-2014-8128 (LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X befor ...)
	{DSA-3273-1 DLA-693-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.3 (bug #776185)
	- tiff3 <removed>
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2491 (tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2492 (tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2493 (thumbnail and tiffcmp)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
CVE-2014-8127 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...)
	{DSA-3273-1}
	- tiff 4.0.6-3 (unimportant; bug #776185)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2484 (thumbnail)
	NOTE: Fix https://github.com/vadz/libtiff/commit/3996fa0f84f4a8b7e65fe4b8f0681711022034ea
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2485 (tiff2bw)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2486 (tiff2rgba)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2496 (tiff2ps and tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2497 (tiffmedian)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2500 (tiffset) [not fixed yet in CVS HEAD]
	NOTE: 4.0.3-12.1 fixes all issues except 2500
	NOTE: 2500 is fixed by upstream as per 2016-10-25
	NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
CVE-2014-8126 (The scheduler in HTCondor before 8.2.6 allows remote authenticated use ...)
	{DSA-3149-1}
	- condor 8.2.3~dfsg.1-6 (bug #775276)
	NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=4764
	NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=41878
	NOTE: https://github.com/htcondor/htcondor/commit/e891cea9970496aac74caf72604475a2b7e6a0ca.patch
	NOTE: https://github.com/htcondor/htcondor/commit/aebc6b0492acdc8b21b39ba22e33661752c2c37d.patch
CVE-2014-8125 (XML external entity (XXE) vulnerability in Drools and jBPM before 6.2. ...)
	NOT-FOR-US: jBPM
CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014 ...)
	- horizon 2014.1.3-6 (bug #772710)
	[wheezy] - horizon <no-dsa> (Minor issue)
	- python-django-openstack-auth 1.1.6-5 (bug #772712)
	NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
CVE-2014-8122 (Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3  ...)
	NOT-FOR-US: JBoss Weld
CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...)
	{DSA-3480-1 DLA-316-1}
	- glibc 2.21-1 (low; bug #779587)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	[squeeze] - eglibc <no-dsa> (Minor issue)
	NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=03d2730b44cc2236318fd978afa2651753666c55
CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified configura ...)
	NOT-FOR-US: Thermostat Hotspot instrumentation
CVE-2014-8119 (The find_ifcfg_path function in netcf before 0.2.7 might allow attacke ...)
	- netcf <not-affected> (suse and redhat driver are not built on Debian)
	NOTE: Issue is in the way the netcf's find_ifcfg_path() function processed
	NOTE: certain XPath expressions according to Red Hat bugzilla.
	NOTE: The fix consists in augeas getting a new API aug_escape_name which
	NOTE: netcf needs to use.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1172176#c3
	NOTE: https://www.redhat.com/archives/augeas-devel/2014-December/msg00000.html
	NOTE: The affected code is only in drv_redhat.c and drv_suse.c and the Debian
	NOTE: build not affected.
CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ...)
	{DSA-3129-1 DLA-140-1}
	- rpm 4.11.3-1.1 (bug #773101)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1168715
CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, whi ...)
	{DSA-3121-1 DSA-2868-1 DLA-145-1 DLA-131-1}
	- file 1:5.21+15-1 (low; bug #773148)
	- php5 5.6.4+dfsg-2
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
	NOTE: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...)
	{DSA-3121-1 DLA-131-1}
	- file 1:5.21+15-1 (low; bug #773148)
	- php5 5.6.4+dfsg-2
	[wheezy] - php5 <not-affected> (Affected code not used in filemagic)
	[squeeze] - php5 <not-affected> (Affected code not used in filemagic)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
	NOTE: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b
	NOTE: https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allows rem ...)
	NOT-FOR-US: KIE Workbench
CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which a ...)
	NOT-FOR-US: UberFire Framework
CVE-2014-8113
	RESERVED
CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x bef ...)
	- 389-ds-base 1.3.3.5-4 (bug #779909)
CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rule ...)
	{DSA-3278-1 DLA-240-1}
	- libapache-mod-jk 1:1.2.40+svn150520-1 (bug #783233)
	NOTE: Fix: http://svn.apache.org/r1647017
CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based a ...)
	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2. ...)
	- apache2 2.4.10-9
	[wheezy] - apache2 <not-affected> (mod_lua only in 2.4)
	[squeeze] - apache2 <not-affected> (mod_lua only in 2.4)
CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x  ...)
	- subversion 1.8.10-5 (bug #773315)
	[wheezy] - subversion <not-affected> (Introduced in 1.7.0)
	[squeeze] - subversion <not-affected> (Introduced in 1.7.0)
	NOTE: http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
CVE-2014-8107
	REJECTED
CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirr ...)
	{DSA-3088-1 DSA-3087-1}
	- qemu 2.1+dfsg-9 (bug #772025)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2014-12/msg00508.html
CVE-2014-8105 (389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does n ...)
	- 389-ds-base 1.3.3.5-4 (bug #779909)
CVE-2014-8103 (X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x befor ...)
	- xorg-server 2:1.16.2.901-1
	[wheezy] - xorg-server <not-affected> (Introduced in 1.15.0)
	[squeeze] - xorg-server <not-affected> (Introduced in 1.15.0)
CVE-2014-8102 (The SProcXFixesSelectSelectionInput function in the XFixes extension i ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8101 (The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 o ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8100 (The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11  ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8099 (The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11  ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8098 (The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8097 (The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and  ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8096 (The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8095 (The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8094 (Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extens ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8093 (Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org  ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8092 (Multiple integer overflows in X.Org X Window System (aka X11 or X) X11 ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8091 (X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xser ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x befo ...)
	{DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1}
	- ruby1.8 <not-affected> (Incomplete fix never relesed for 1.9)
	- ruby1.9.1 <not-affected> (Incomplete fix never relesed for 1.9)
	- ruby2.0 <not-affected> (Incomplete fix never relesed for 1.9)
	- ruby2.1 2.1.5-1 (bug #770932)
	NOTE: For the incomplete fix for CVE-2014-8080
	NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel met ...)
	NOT-FOR-US: OsClass
CVE-2014-8084 (Directory traversal vulnerability in oc-includes/osclass/controller/aj ...)
	NOT-FOR-US: OsClass
CVE-2014-8083 (SQL injection vulnerability in the Search::setJsonAlert method in OSCl ...)
	NOT-FOR-US: OsClass
CVE-2014-8082 (lib/functions/database.class.php in TestLink before 1.9.13 allows remo ...)
	NOT-FOR-US: TestLink
CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote ...)
	NOT-FOR-US: TestLink
CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p ...)
	{DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1}
	- ruby1.8 <removed>
	- ruby1.9.1 <removed>
	- ruby2.0 <removed>
	- ruby2.1 2.1.4-1
	NOTE: https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/?pathrev=48161
CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x bef ...)
	NOT-FOR-US: Drupal theme MAYO
CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: Drupal module Print
CVE-2014-8077 (Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1. ...)
	NOT-FOR-US: Drupal theme NewsFlash
CVE-2014-8076 (Cross-site scripting (XSS) vulnerability in the Professional theme 7.x ...)
	NOT-FOR-US: Drupal theme Professional
CVE-2014-8075 (Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x ...)
	NOT-FOR-US: Drupal theme Tribune
CVE-2014-8766 (Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow  ...)
	NOT-FOR-US: Allomani Weblinks
CVE-2014-8765 (Multiple cross-site scripting (XSS) vulnerabilities in the Project Iss ...)
	NOT-FOR-US: Drupal module Project Issue File Review
CVE-2014-8750 (Race condition in the VMware driver in OpenStack Compute (Nova) before ...)
	- nova <not-affected> (ESX driver not enabled in libvirt)
	NOTE: https://launchpad.net/bugs/1357372
CVE-2014-XXXX [rsync collision attack]
	- rsync 3.1.2-1 (low; bug #786423)
	[jessie] - rsync <no-dsa> (Minor issue, too instrusive to backport)
	[wheezy] - rsync <no-dsa> (Minor issue, too instrusive to backport)
	[squeeze] - rsync <no-dsa> (Minor issue, too instrusive to backport)
	NOTE: CVE-2014-8242 was only specific assigned for librsync but rsync has equivalent issue
	NOTE: https://github.com/therealmik/rsync-collision
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
	NOTE: https://lists.samba.org/archive/rsync/2015-May/030123.html
CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, w ...)
	[experimental] - librsync 1.0.0-1~exp1
	- librsync 2.0.2-1 (low; bug #776246)
	[buster] - librsync <ignored> (Minor issue, too instrusive to backport)
	[stretch] - librsync <ignored> (Minor issue, too instrusive to backport)
	[jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport)
	[wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport)
	[squeeze] - librsync <no-dsa> (Minor issue, too instrusive to backport)
CVE-2014-8241 (XRegion in TigerVNC allows remote VNC servers to cause a denial of ser ...)
	- tigervnc 1.7.0-2 (bug #849478)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312
	NOTE: Patch applied in Red Hat https://bugzilla.redhat.com/attachment.cgi?id=946490
CVE-2014-8240 (Integer overflow in TigerVNC allows remote VNC servers to cause a deni ...)
	- tigervnc 1.7.0-1 (bug #849479)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
	NOTE: Patch https://bugzilla.redhat.com/attachment.cgi?id=947578 is not applied
CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c  ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089 (SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.9+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2014-06
CVE-2014-8088 (The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap compon ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.9+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2014-05
CVE-2014-8074 (Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 ...)
	NOT-FOR-US: Foxit PDF SDK
CVE-2014-8073 (Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standal ...)
	NOT-FOR-US: OpenMRS
CVE-2014-8072 (The administration module in OpenMRS 2.1 Standalone Edition allows rem ...)
	NOT-FOR-US: OpenMRS
CVE-2014-8071 (Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Sta ...)
	NOT-FOR-US: OpenMRS
CVE-2014-8070 (Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remot ...)
	NOT-FOR-US: YOOtheme Pagekit CMS
CVE-2014-8069 (Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pageki ...)
	NOT-FOR-US: YOOtheme Pagekit CMS
CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...)
	NOT-FOR-US: Adobe Digital Editions
CVE-2014-8067
	REJECTED
CVE-2014-8066
	REJECTED
CVE-2014-8065
	REJECTED
CVE-2014-8064
	REJECTED
CVE-2014-8063
	REJECTED
CVE-2014-8062
	REJECTED
CVE-2014-8061
	REJECTED
CVE-2014-8060
	REJECTED
CVE-2014-8059
	REJECTED
CVE-2014-8058
	REJECTED
CVE-2014-8057
	REJECTED
CVE-2014-8056
	REJECTED
CVE-2014-8055
	REJECTED
CVE-2014-8054
	REJECTED
CVE-2014-8053
	REJECTED
CVE-2014-8052
	REJECTED
CVE-2014-8051
	REJECTED
CVE-2014-8050
	REJECTED
CVE-2014-8049
	REJECTED
CVE-2014-8048
	REJECTED
CVE-2014-8047
	REJECTED
CVE-2014-8046
	REJECTED
CVE-2014-8045
	REJECTED
CVE-2014-8044
	REJECTED
CVE-2014-8043
	REJECTED
CVE-2014-8042
	REJECTED
CVE-2014-8041
	REJECTED
CVE-2014-8040
	REJECTED
CVE-2014-8039
	REJECTED
CVE-2014-8038
	REJECTED
CVE-2014-8037
	RESERVED
CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not proper ...)
	NOT-FOR-US: Cisco
CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different re ...)
	NOT-FOR-US: Cisco
CVE-2014-8034 (Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge fo ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows remot ...)
	NOT-FOR-US: Cisco
CVE-2014-8032 (The OutlookAction LI in Cisco WebEx Meetings Server allows remote auth ...)
	NOT-FOR-US: Cisco
CVE-2014-8031 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meeting ...)
	NOT-FOR-US: Cisco
CVE-2014-8030 (Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco Web ...)
	NOT-FOR-US: Cisco
CVE-2014-8029 (Open redirect vulnerability in the web interface in Cisco Secure Acces ...)
	NOT-FOR-US: Cisco
CVE-2014-8028 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...)
	NOT-FOR-US: Cisco
CVE-2014-8027 (The RBAC component in Cisco Secure Access Control System (ACS) allows  ...)
	NOT-FOR-US: Cisco
CVE-2014-8026 (Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2014-8025 (The API in the Guest Server in Cisco Jabber, when HTML5 is used, allow ...)
	NOT-FOR-US: Cisco
CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS featu ...)
	NOT-FOR-US: Cisco
CVE-2014-8023 (Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier,  ...)
	NOT-FOR-US: Cisco
CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity  ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-8021 (Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mo ...)
	NOT-FOR-US: Cisco
CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows re ...)
	NOT-FOR-US: Cisco
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
	NOT-FOR-US: Cisco
CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice  ...)
	NOT-FOR-US: Cisco
CVE-2014-8017 (The periodic-backup feature in Cisco Identity Services Engine (ISE) al ...)
	NOT-FOR-US: Cisco
CVE-2014-8016 (The Cisco IronPort Email Security Appliance (ESA) allows remote attack ...)
	NOT-FOR-US: Cisco
CVE-2014-8015 (The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remo ...)
	NOT-FOR-US: Cisco
CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of service (RSV ...)
	NOT-FOR-US: Cisco
CVE-2014-8013 (The TACACS+ command-authorization implementation in Cisco NX-OS allows ...)
	NOT-FOR-US: Cisco
CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login pa ...)
	NOT-FOR-US: Cisco
CVE-2014-8011
	RESERVED
CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 all ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System 2.1(3f) and ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8008 (Absolute path traversal vulnerability in the Real-Time Monitoring Tool ...)
	NOT-FOR-US: Cisco
CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to read d ...)
	NOT-FOR-US: Cisco
CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Defini ...)
	NOT-FOR-US: Cisco
CVE-2014-8005 (Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier  ...)
	NOT-FOR-US: Cisco
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service (LIS ...)
	NOT-FOR-US: Cisco
CVE-2014-8003 (Cisco Integrated Management Controller in Cisco Unified Computing Syst ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8002 (Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2 ...)
	NOT-FOR-US: Cisco
CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allo ...)
	NOT-FOR-US: Cisco
CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) pr ...)
	NOT-FOR-US: Cisco
CVE-2014-7999 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa authenticator" deb ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco
CVE-2014-7995 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7994 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7993 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet buffer ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications Man ...)
	NOT-FOR-US: Cisco
CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 de ...)
	NOT-FOR-US: Cisco
CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows local  ...)
	NOT-FOR-US: Cisco
CVE-2014-7988 (The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and ...)
	NOT-FOR-US: Cisco
CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allow ...)
	NOT-FOR-US: EspoCRM
CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to r ...)
	NOT-FOR-US: EspoCRM
CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows remot ...)
	NOT-FOR-US: EspoCRM
CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote att ...)
	NOT-FOR-US: Joomla!
CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...)
	NOT-FOR-US: Joomla component com_contact
CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2 ...)
	NOT-FOR-US: Joomla!
CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2. ...)
	NOT-FOR-US: Joomla!
CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...)
	NOT-FOR-US: Drupal theme Zen
CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1 ...)
	NOT-FOR-US: Drupal theme SimpleCorp
CVE-2014-7978 (Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x- ...)
	NOT-FOR-US: Drupal theme BlueMasters
CVE-2014-7977
	RESERVED
CVE-2014-7976
	RESERVED
CVE-2014-7974
	RESERVED
CVE-2014-7973
	RESERVED
CVE-2014-7972
	RESERVED
CVE-2014-7971
	RESERVED
CVE-2014-7969
	REJECTED
CVE-2014-7966
	RESERVED
CVE-2014-7965
	RESERVED
CVE-2014-7964
	RESERVED
CVE-2014-7963
	RESERVED
CVE-2014-7962
	RESERVED
CVE-2014-7961
	RESERVED
CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in the Bul ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.p ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods ...)
	NOT-FOR-US: WordPress plugin Pods
CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 ...)
	NOT-FOR-US: WordPress plugin Pods
CVE-2014-7955
	RESERVED
CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method in fr ...)
	NOT-FOR-US: MtpServer class in Android
CVE-2014-7953 (Race condition in the bindBackupAgent method in the ActivityManagerSer ...)
	NOT-FOR-US: Android
CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attackers  ...)
	NOT-FOR-US: Android
	NOTE: the vulnerability is in the Android OS itself (and its backup manager)
	NOTE: adb is just an intermediary in the backup process
CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...)
	NOT-FOR-US: Android
CVE-2014-7950
	RESERVED
CVE-2014-7949
	RESERVED
CVE-2014-7948 (The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in conte ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7947 (OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0. ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: If backported to jessie, https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c needs to be included
	- openjpeg <not-affected> (Vulnerable code not present)
CVE-2014-7946 (The RenderTable::simplifiedNormalFlowLayout function in core/rendering ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7945 (OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0. ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7944 (The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in P ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7943 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote atta ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7942 (The Fonts implementation in Google Chrome before 40.0.2214.91 does not ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7941 (The SelectionOwner::ProcessTarget function in ui/base/x/selection_owne ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International Componen ...)
	{DSA-3187-1 DLA-219-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 52.1-7.1 (bug #776265)
CVE-2014-7939 (Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7938 (The Fonts implementation in Google Chrome before 40.0.2214.91 allows r ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before  ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.4.2-1
	[squeeze] - ffmpeg <end-of-life>
	- libav <not-affected> (bug #785326; can't reproduce the issue)
	[jessie] - libav <not-affected> (Can't reproduce the issue)
	[wheezy] - libav <not-affected> (Can't reproduce the issue)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in  ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7935 (Use-after-free vulnerability in browser/speech/tts_message_filter.cc i ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7934 (Use-after-free vulnerability in the DOM implementation in Blink, as us ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function in lib ...)
	{DSA-3189-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <end-of-life>
	- libav 6:11.3-1
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in core/d ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7931 (factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7930 (Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp  ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7929 (Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDoc ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7928 (hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, d ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7927 (The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-l ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7926 (The Regular Expressions package in International Components for Unicod ...)
	{DSA-3187-1 DLA-219-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 52.1-7.1 (bug #776265)
CVE-2014-7925 (Use-after-free vulnerability in the WebAudio implementation in Blink,  ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7924 (Use-after-free vulnerability in the IndexedDB implementation in Google ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7923 (The Regular Expressions package in International Components for Unicod ...)
	{DSA-3187-1 DLA-219-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 52.1-7.1 (bug #776265)
CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK bef ...)
	NOT-FOR-US: Google Play
CVE-2014-7921 (mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers t ...)
	NOT-FOR-US: Android MediaServer
CVE-2014-7920 (mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to  ...)
	NOT-FOR-US: Android MediaServer
CVE-2014-7919 (b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger ...)
	NOT-FOR-US: Android
CVE-2014-7918
	RESERVED
CVE-2014-7917 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
	NOT-FOR-US: libstagefright in Android
CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
	NOT-FOR-US: libstagefright in Android
CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
	NOT-FOR-US: libstagefright in Android
CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...)
	NOT-FOR-US: Android
CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
	{DLA-506-1}
	- dhcpcd5 7.0.8-0.1 (unimportant; bug #846938)
	NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=93f3066bb0bc0974eab1943543205312a6b512ad
	NOTE: Not exploitable according to upstream, possibly limited to Bionic
CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in d ...)
	{DLA-506-1}
	- dhcpcd5 6.9.1-1
	[jessie] - dhcpcd5 <no-dsa> (Minor issue)
	NOTE: https://dev.marples.name/rDHCc204b018d1cfe740fb3179532070ae10fe34aaf3
CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the java.io.Objec ...)
	NOT-FOR-US: Android
CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171 ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=433500 (private)
CVE-2014-7909 (effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before  ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=391001 (private)
CVE-2014-7908 (Multiple integer overflows in the CheckMov function in media/base/cont ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=425980 (private)
CVE-2014-7907 (Multiple use-after-free vulnerabilities in modules/screen_orientation/ ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=424453 (private)
CVE-2014-7906 (Use-after-free vulnerability in the Pepper plugins in Google Chrome be ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=423030 (private)
CVE-2014-7905 (Google Chrome before 39.0.2171.65 on Android does not prevent navigati ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=421817 (private)
CVE-2014-7904 (Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=418161 (private)
CVE-2014-7903 (Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google  ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7902 (Use-after-free vulnerability in PDFium, as used in Google Chrome befor ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7901 (Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7900 (Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile func ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7899 (Google Chrome before 38.0.2125.101 allows remote attackers to spoof th ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
	NOTE: https://chromium.googlesource.com/chromium/src/+/5cfbddc9cc972f5133f26664dbf5810bb569cd04
CVE-2014-7898 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7897 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7896 (Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Com ...)
	NOT-FOR-US: HP
CVE-2014-7895 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7894 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7893 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7892 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7891 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7890 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7889 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7888 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7887
	REJECTED
CVE-2014-7886
	RESERVED
	NOT-FOR-US: HP Network Automation
CVE-2014-7885 (Multiple unspecified vulnerabilities in HP ArcSight Enterprise Securit ...)
	NOT-FOR-US: HP ArcSight
CVE-2014-7884 (Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P ...)
	NOT-FOR-US: HP ArcSight
CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTT ...)
	NOT-FOR-US: HP
CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remot ...)
	NOT-FOR-US: HP SiteScope
CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight C ...)
	NOT-FOR-US: HP Insight Control
CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP O ...)
	NOT-FOR-US: HP OpenVMS TCP/IP
CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration inc ...)
	NOT-FOR-US: HP-UX
CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
	NOT-FOR-US: HP Helion Cloud Development Platform
CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows loc ...)
	NOT-FOR-US: HP-UX
CVE-2014-7876 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...)
	NOT-FOR-US: HP Integrated Lights-Out
CVE-2014-7875 (Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Prin ...)
	NOT-FOR-US: HP Color LaserJet Printers
CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...)
	NOT-FOR-US: HP-UX running System Management Homepage
CVE-2014-7873
	RESERVED
CVE-2014-7872 (Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC s ...)
	NOT-FOR-US: Comodo GeekBuddy
CVE-2014-7871 (SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2 ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-7870 (Cross-site scripting (XSS) vulnerability in the Custom Search module 6 ...)
	NOT-FOR-US: Drupal module Custom Search
CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration UI in th ...)
	NOT-FOR-US: Drupal module Context Form Alteration
CVE-2014-7868 (Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager  ...)
	NOT-FOR-US: ZOHO
CVE-2014-7867 (SQL injection vulnerability in the com.manageengine.opmanager.servlet. ...)
	NOT-FOR-US: ZOHO
CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpMa ...)
	NOT-FOR-US: ZOHO
CVE-2014-7865
	REJECTED
CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...)
	NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...)
	NOT-FOR-US: ManageEngine
CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...)
	NOT-FOR-US: Apple OS X
CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...)
	NOT-FOR-US: mIRC
CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: mIRC
CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3 ...)
	- linux 3.16.7-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/109312
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 (v3.18-rc1)
CVE-2014-7970 (The pivot_root implementation in fs/namespace.c in the Linux kernel th ...)
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	- linux 3.16.7-1
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d
CVE-2014-7968 (VDSM allows remote attackers to cause a denial of service (connection  ...)
	- vdsm <itp> (bug #668538)
CVE-2014-7967 (Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, a ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2014-7960 (OpenStack Object Storage (Swift) before 2.2.0 allows remote authentica ...)
	- swift 2.2.0-1
	[wheezy] - swift <no-dsa> (Minor issue)
	NOTE: affected version: all up to 2.1.0
CVE-2014-7860 (The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b ...)
	NOT-FOR-US: D-Link
CVE-2014-7859 (Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-32 ...)
	NOT-FOR-US: D-Link
CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 allows ...)
	NOT-FOR-US: D-Link
CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build ...)
	NOT-FOR-US: D-Link
CVE-2014-7856
	RESERVED
CVE-2014-7855
	RESERVED
CVE-2014-7854
	RESERVED
CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBo ...)
	NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used i ...)
	NOT-FOR-US: RichFaces
CVE-2014-7851 (oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session afte ...)
	NOT-FOR-US: ovirt-engine-webadmin
CVE-2014-7850 (Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x  ...)
	- freeipa 4.3.1-1 (unimportant)
	NOTE: https://fedorahosted.org/freeipa/ticket/4742
	NOTE: Upstream commit: https://pagure.io/freeipa/c/af9fd4dfe2c18e52127480c959c35ad37b566095
CVE-2014-7849 (The Role Based Access Control (RBAC) implementation in JBoss Enterpris ...)
	NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x befor ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47287
CVE-2014-7847 (iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321
CVE-2014-7846 (tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965
CVE-2014-7845 (The generate_password function in Moodle through 2.4.11, 2.5.x before  ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050
CVE-2014-7844 (BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitra ...)
	{DSA-3105-1 DSA-3104-1 DLA-114-1 DLA-113-1}
	- bsd-mailx 8.1.2-0.20141216cvs-1
	- heirloom-mailx 12.5-3.1 (bug #773417)
CVE-2014-7843 (The __clear_user function in arch/arm64/lib/clear_user.S in the Linux  ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (arm64 support introduced in 3.7)
	- linux-2.6 <not-affected> (arm64 support introduced in 3.7)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1163744
	NOTE: Upstream patch proposal: https://lkml.org/lkml/2014/11/12/584
CVE-2014-7842 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux 3.2.65-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1)
CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCT ...)
	{DSA-3093-1 DLA-118-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <removed>
	NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5)
CVE-2014-7840 (The host_from_stream_offset function in arch_init.c in QEMU, when load ...)
	- qemu 2.1+dfsg-8 (low; bug #769451)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	NOTE: http://thread.gmane.org/gmane.comp.emulators.qemu/306117
CVE-2014-7839 (DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1 ...)
	- resteasy 3.0.6-2 (bug #770544)
	NOTE: https://issues.jboss.org/browse/RESTEASY-1130
CVE-2014-7838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Foru ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
CVE-2014-7837 (mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949
CVE-2014-7836 (Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI  ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
CVE-2014-7835 (webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2. ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868
CVE-2014-7834 (mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x befor ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303
CVE-2014-7833 (mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x  ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697
CVE-2014-7832 (mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x b ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921
CVE-2014-7831 (lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not  ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47766
CVE-2014-7830 (Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
CVE-2014-7829 (Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...)
	- rails 2:4.1.8-1 (bug #770934)
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <not-affected> (Only affects >= 3)
	- rails-3.2 <removed>
	- ruby-actionpack-3.2 <removed>
	[wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
	- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled ...)
	- freeipa 4.0.5-1 (bug #768294)
	NOTE: https://fedorahosted.org/freeipa/ticket/4690
CVE-2014-7827 (The org.jboss.security.plugins.mapping.JBossMappingManager implementat ...)
	NOT-FOR-US: JBoss Security
CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does  ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
	NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1)
CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does  ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (Affected feature not enabled)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Affected feature not enabled)
	NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
CVE-2014-7824 (D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9. ...)
	{DSA-3099-1}
	- dbus 1.8.10-1
	[squeeze] - dbus <not-affected> (dbus 1.2.x does not support FD passing)
	NOTE: Since this CVE is only a complement for the fix to CVE-2014-3636, versions not affected by CVE-2014-3636 do not need the patch provided for this CVE.
CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote rea ...)
	- libvirt 1.2.9-4 (bug #769149)
	[wheezy] - libvirt <not-affected> (Introduced in v1.0.0)
	[squeeze] - libvirt <not-affected> (Introduced in v1.0.0)
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=28f8dfdcccd4c0f69063ef741545b37d8a7f7935 (v1.0.0)
	NOTE: Fixed by http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
CVE-2014-7822 (The implementation of certain splice_write file operations in the Linu ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958 (v3.16-rc1)
CVE-2014-7821 (OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows  ...)
	- neutron 2014.1.3-6 (bug #770431)
	NOTE: Versions up to 2014.1.3 and 2014.2
	NOTE: https://launchpad.net/bugs/1378450
CVE-2014-7820
	RESERVED
CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...)
	- ruby-sprockets 2.12.3-1
	[wheezy] - ruby-sprockets <no-dsa> (Minor issue)
CVE-2014-7818 (Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...)
	- rails 2:4.1.8-1 (bug #770934)
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <not-affected> (Only affects >= 3)
	- rails-3.2 <removed>
	- ruby-actionpack-3.2 <removed>
	[wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
	- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7817 (The wordexp function in GNU C Library (aka glibc) 2.21 does not enforc ...)
	{DSA-3142-1 DLA-97-1}
	- glibc 2.19-14 (bug #775572)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
	NOTE: https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
	NOTE: Git commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c
CVE-2014-7816 (Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.1 ...)
	- undertow <not-affected> (only when running on Windows)
CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote attack ...)
	{DSA-3067-1 DSA-3066-1}
	- qemu 2.1+dfsg-7
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engin ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-7813 (Red Hat CloudForms 3 Management Engine (CFME) allows remote authentica ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Netw ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and R ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x befor ...)
	{DSA-3530-1 DSA-3447-1 DSA-3428-1 DLA-232-1}
	- tomcat6 6.0.41-3 (bug #787010)
	NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
	- tomcat7 7.0.61-1
	- tomcat8 8.0.21-2
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645366 (6.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1659538 (6.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019 (7.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x)
CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable &lt;s ...)
	- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.3)
CVE-2014-7808 (Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M ...)
	NOT-FOR-US: Apache Wicket
CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows rem ...)
	NOT-FOR-US: Apache CloudStack
CVE-2014-7806
	REJECTED
CVE-2014-7805
	REJECTED
CVE-2014-7804 (The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application  ...)
	NOT-FOR-US: Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application for Android
CVE-2014-7803 (The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) applic ...)
	NOT-FOR-US: Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application for Android
CVE-2014-7802 (The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropea ...)
	NOT-FOR-US: Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application for Android
CVE-2014-7801
	REJECTED
CVE-2014-7800 (The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dl ...)
	NOT-FOR-US: Daily Green (aka it.opentt.blog.dailygreen) application for Android
CVE-2014-7799 (The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for  ...)
	NOT-FOR-US: Squishy birds (aka com.tatmob.squishybirds) application for Android
CVE-2014-7798 (The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) appli ...)
	NOT-FOR-US: Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application for Android
CVE-2014-7797 (The Thai food (aka com.foods.thaifood) application 1.0 for Android doe ...)
	NOT-FOR-US: Thai food (aka com.foods.thaifood) application for Android
CVE-2014-7796 (The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2. ...)
	NOT-FOR-US: House365 Radio (aka com.nobexinc.wls_27853803.rc) application for Android
CVE-2014-7795 (The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181  ...)
	NOT-FOR-US: Harpers Bazaar Art (aka com.itp.harpersart) application for Android
CVE-2014-7794 (The Knights of the Void (aka me.narr8.android.serial.knights_of_the_vo ...)
	NOT-FOR-US: Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application for Android
CVE-2014-7793 (The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 ...)
	NOT-FOR-US: CB - Calciatori Brutti (aka com.calciatori.brutti) application for Android
CVE-2014-7792
	REJECTED
CVE-2014-7791 (The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 fo ...)
	NOT-FOR-US: Backyard Wrestling (aka com.wBackyardWrestling) application for Android
CVE-2014-7790
	REJECTED
CVE-2014-7789 (The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for A ...)
	NOT-FOR-US: Zillion Muslims (aka com.zillionmuslims.src) application for Android
CVE-2014-7788 (The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 fo ...)
	NOT-FOR-US: Best Free Giveaways (aka com.wIphone5GiveAways) application for Android
CVE-2014-7787 (The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Andro ...)
	NOT-FOR-US: iShuttle (aka com.synapse.ishuttle_user) application for Android
CVE-2014-7786 (The English Football Magazine (aka com.magzter.englishfootball) applic ...)
	NOT-FOR-US: English Football Magazine (aka com.magzter.englishfootball) application for Android
CVE-2014-7785 (The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroi ...)
	NOT-FOR-US: AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application for Android
CVE-2014-7784 (The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 fo ...)
	NOT-FOR-US: Schon! Magazine (aka com.magzter.schonmagazine) application for Android
CVE-2014-7783 (The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android ...)
	NOT-FOR-US: Bill G. Bennett (aka com.billgbennett) application for Android
CVE-2014-7782 (The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMac ...)
	NOT-FOR-US: Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application for Android
CVE-2014-7781 (The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanaha ...)
	NOT-FOR-US: Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application for Android
CVE-2014-7780 (The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d ...)
	NOT-FOR-US: Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application for Android
CVE-2014-7779 (The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) a ...)
	NOT-FOR-US: Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application for Android
CVE-2014-7778 (The Epc World (aka com.magzter.epcworld) application 3.1 for Android d ...)
	NOT-FOR-US: Epc World (aka com.magzter.epcworld) application for Android
CVE-2014-7777 (The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) applicatio ...)
	NOT-FOR-US: Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application for Android
CVE-2014-7776 (The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android  ...)
	NOT-FOR-US: Kavita KS (aka com.snaplion.kavitaks) application for Android
CVE-2014-7775 (The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 f ...)
	NOT-FOR-US: Champak - Hindi (aka com.magzter.champakhindi) application for Android
CVE-2014-7774 (The Herbs &amp; Flowers Dictionary (aka com.wHerbsNFlowersDictionary)  ...)
	NOT-FOR-US: Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application for Android
CVE-2014-7773 (The Cleveland Football STREAM (aka com.appstronautme.clevelandfootball ...)
	NOT-FOR-US: Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application for Android
CVE-2014-7772 (The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for A ...)
	NOT-FOR-US: MB Tickets (aka com.xcr.android.mbtickets) application for Android
CVE-2014-7771 (The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for A ...)
	NOT-FOR-US: World Tamil Bayan (aka com.wWorldTamilBayan) application for Android
CVE-2014-7770 (The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) ...)
	NOT-FOR-US: Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application for Android
CVE-2014-7769 (The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0)  ...)
	NOT-FOR-US: Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application for Android
CVE-2014-7768 (The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 fo ...)
	NOT-FOR-US: Analects of Confucius (aka com.azbc88881.lunyu) application for Android
CVE-2014-7767 (The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X. ...)
	NOT-FOR-US: A+ (aka cn.xrzcm) application for Android
CVE-2014-7766 (The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheC ...)
	NOT-FOR-US: 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application for Android
CVE-2014-7765 (The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) applic ...)
	NOT-FOR-US: Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application for Android
CVE-2014-7764 (The Semper Invicta Fitness (aka com.semper.invicta.fitness) applicatio ...)
	NOT-FOR-US: Semper Invicta Fitness (aka com.semper.invicta.fitness) application for Android
CVE-2014-7763 (The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1. ...)
	NOT-FOR-US: Listen up! mirucho (aka jp.ameba.kiiteyo.android) application for Android
CVE-2014-7762 (The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android ...)
	NOT-FOR-US: Bite it! (aka com.ASA1Touch.Bite_it) application for Android
CVE-2014-7761 (The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for An ...)
	NOT-FOR-US: Ink Cards (aka com.sincerely.android.ink) application for Android
CVE-2014-7760 (The Health assistance service (aka net.nttcloud.ft.karada) application ...)
	NOT-FOR-US: Health assistance service (aka net.nttcloud.ft.karada) application for Android
CVE-2014-7759 (The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3 ...)
	NOT-FOR-US: Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application for Android
CVE-2014-7758 (The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) appli ...)
	NOT-FOR-US: AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application for Android
CVE-2014-7757 (The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjaga ...)
	NOT-FOR-US: Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application for Android
CVE-2014-7756 (The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) applicat ...)
	NOT-FOR-US: Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application for Android
CVE-2014-7755 (The eTopUpOnline (aka com.moremagic.etopup.client.android) application ...)
	NOT-FOR-US: eTopUpOnline (aka com.moremagic.etopup.client.android) application for Android
CVE-2014-7754 (The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 ...)
	NOT-FOR-US: Condor S.E. (aka com.app_condorsoutheast.layout) application for Android
CVE-2014-7753 (The Circa News (aka cir.ca) application 2.1.3 for Android does not ver ...)
	NOT-FOR-US: Circa News (aka cir.ca) application for Android
CVE-2014-7752 (The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application  ...)
	NOT-FOR-US: NASIOC (aka net.endoftime.android.forumrunner.nasioc) application for Android
CVE-2014-7751 (The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for A ...)
	NOT-FOR-US: Recetas de Tragos (aka com.wRecetasdeTragos) application for Android
CVE-2014-7750 (The Taster Magazine (aka com.magazinecloner.taster) application @7F080 ...)
	NOT-FOR-US: Taster Magazine (aka com.magazinecloner.taster) application for Android
CVE-2014-7749 (The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118  ...)
	NOT-FOR-US: CamDictionary (aka com.intsig.camdict) application for Android
CVE-2014-7748 (The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application  ...)
	NOT-FOR-US: Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application for Android
CVE-2014-7747
	REJECTED
CVE-2014-7746 (The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings)  ...)
	NOT-FOR-US: Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application for Android
CVE-2014-7745 (The Flight Manager (aka com.flightmanager.view) application 4.0 for An ...)
	NOT-FOR-US: Flight Manager (aka com.flightmanager.view) application for Android
CVE-2014-7744 (The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for ...)
	NOT-FOR-US: Musulmanin.com (aka com.wSalyafiyailimurdjiya) application for Android
CVE-2014-7743 (The Humor Ironias y Realidades (aka com.wHumork) application 0.63.1337 ...)
	NOT-FOR-US: Humor Ironias y Realidades (aka com.wHumork) application for Android
CVE-2014-7742 (The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0 ...)
	NOT-FOR-US: Noticias del Vaticano (aka com.wNoticiasdelVaticano) application for Android
CVE-2014-7741 (The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for  ...)
	NOT-FOR-US: Healing Bookstore (aka com.wHealingBookstore) application for Android
CVE-2014-7740 (The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7 ...)
	NOT-FOR-US: Pony Magazine (aka com.triactivemedia.ponymagazine) application for Android
CVE-2014-7739 (The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for  ...)
	NOT-FOR-US: Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application for Android
CVE-2014-7738
	REJECTED
CVE-2014-7737 (The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for And ...)
	NOT-FOR-US: FMAC : Federation Culinaire (aka com.fmac) application for Android
CVE-2014-7736
	REJECTED
CVE-2014-7735 (The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) applicatio ...)
	NOT-FOR-US: Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application for Android
CVE-2014-7734 (The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) ...)
	NOT-FOR-US: Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application for Android
CVE-2014-7733 (The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for A ...)
	NOT-FOR-US: Karaf Magazin (aka com.magzter.karafmagazin) application for Android
CVE-2014-7732
	REJECTED
CVE-2014-7731 (The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for An ...)
	NOT-FOR-US: Radio de la Cato (aka com.radio.de.la.cato) application for Android
CVE-2014-7730
	REJECTED
CVE-2014-7729
	REJECTED
CVE-2014-7728 (The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) appl ...)
	NOT-FOR-US: Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application for Android
CVE-2014-7727 (The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Androi ...)
	NOT-FOR-US: Dj Brad H (aka com.dreamstep.wDjBradH) application for Android
CVE-2014-7726 (The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 fo ...)
	NOT-FOR-US: Golosinas Simpson1 (aka com.wGolosinasSimpson1) application for Android
CVE-2014-7725 (The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) applicatio ...)
	NOT-FOR-US: Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application for Android
CVE-2014-7724 (The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Androi ...)
	NOT-FOR-US: Chemssou Blink (aka com.chemssou.blink) application for Android
CVE-2014-7723 (The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application ...)
	NOT-FOR-US: Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application for Android
CVE-2014-7722 (The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 f ...)
	NOT-FOR-US: Indian Jeweller (aka com.magzter.indianjeweller) application for Android
CVE-2014-7721 (The President Clicker (aka com.flexymind.pclicker) application 1.0.4 f ...)
	NOT-FOR-US: President Clicker (aka com.flexymind.pclicker) application for Android
CVE-2014-7720 (The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomes ...)
	NOT-FOR-US: Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application for Android
CVE-2014-7719 (The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 f ...)
	NOT-FOR-US: BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application for Android
CVE-2014-7718 (The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for ...)
	NOT-FOR-US: Travel+Leisure (aka com.magzter.travelleisure) application for Android
CVE-2014-7717 (The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertyma ...)
	NOT-FOR-US: Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application for Android
CVE-2014-7716 (The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) ap ...)
	NOT-FOR-US: Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application for Android
CVE-2014-7715 (The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 fo ...)
	NOT-FOR-US: GIGA HOBBY (aka com.innopage.store.gigahobby) application for Android
CVE-2014-7714 (The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not  ...)
	NOT-FOR-US: ibon (aka tw.net.pic.mobi) application for Android
CVE-2014-7713 (The Skin&amp;Ink Magazine (aka com.triactivemedia.skinandink) applicat ...)
	NOT-FOR-US: Skin&Ink Magazine (aka com.triactivemedia.skinandink) application for Android
CVE-2014-7712 (The Tiket.com Hotel &amp; Flight (aka com.tiket.gits) application 1.1. ...)
	NOT-FOR-US: Tiket.com Hotel & Flight (aka com.tiket.gits) application for Android
CVE-2014-7711
	REJECTED
CVE-2014-7710 (The India Today Telugu (aka com.magzter.indiatoday.telugu) application ...)
	NOT-FOR-US: India Today Telugu (aka com.magzter.indiatoday.telugu) application for Android
CVE-2014-7709
	REJECTED
CVE-2014-7708 (The Raven - The Culture Lover (aka com.booksbyraven) application 1.60  ...)
	NOT-FOR-US: Raven - The Culture Lover (aka com.booksbyraven) application for Android
CVE-2014-7707 (The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandli ...)
	NOT-FOR-US: Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application for Android
CVE-2014-7706
	REJECTED
CVE-2014-7705 (The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingLis ...)
	NOT-FOR-US: Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application for Android
CVE-2014-7704
	REJECTED
CVE-2014-7703 (The Terrorizer Magazine (aka com.triactivemedia.terrorizer) applicatio ...)
	NOT-FOR-US: Terrorizer Magazine (aka com.triactivemedia.terrorizer) application for Android
CVE-2014-7702 (The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for An ...)
	NOT-FOR-US: ahtty (aka com.crevation.babylon.ahtty) application for Android
CVE-2014-7701 (The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1. ...)
	NOT-FOR-US: DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application for Android
CVE-2014-7700 (The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application  ...)
	NOT-FOR-US: Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application for Android
CVE-2014-7699
	REJECTED
CVE-2014-7698 (The Xinhua International (aka org.xinhua.xnews_international) applicat ...)
	NOT-FOR-US: Xinhua International (aka org.xinhua.xnews_international) application for Android
CVE-2014-7697 (The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0 ...)
	NOT-FOR-US: Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application for Android
CVE-2014-7696 (The Halftime Magazine (aka com.magzter.halftimemagazine) application 3 ...)
	NOT-FOR-US: Halftime Magazine (aka com.magzter.halftimemagazine) application for Android
CVE-2014-7695 (The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android  ...)
	NOT-FOR-US: easaa Baoneng (aka com.easaa.baoneng) application for Android
CVE-2014-7694 (The Corvette Museum (aka com.app_corvettemuseum.layout) application 1. ...)
	NOT-FOR-US: Corvette Museum (aka com.app_corvettemuseum.layout) application for Android
CVE-2014-7693 (The JusApp! (aka com.tapatalk.jusappcombrforum) application 3.7.5 for  ...)
	NOT-FOR-US: JusApp! (aka com.tapatalk.jusappcombrforum) application for Android
CVE-2014-7692 (The Lent Experience (aka com.wLentExperience) application 0.1 for Andr ...)
	NOT-FOR-US: Lent Experience (aka com.wLentExperience) application for Android
CVE-2014-7691 (The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1  ...)
	NOT-FOR-US: Life Story of Sheikh Mujib (aka com.wbongobondho) application for Android
CVE-2014-7690 (The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040  ...)
	NOT-FOR-US: myfone Shopping (aka com.twm.pt.eccart) application for Android
CVE-2014-7689 (The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 for  ...)
	NOT-FOR-US: GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application for Android
CVE-2014-7688 (The Home Improvement (aka com.whomeimprovementapp) application 0.1 for ...)
	NOT-FOR-US: Home Improvement (aka com.whomeimprovementapp) application for Android
CVE-2014-7687
	REJECTED
CVE-2014-7686 (The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) ap ...)
	NOT-FOR-US: So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application for Android
CVE-2014-7685 (The Razer Comms - Gaming Messenger (aka com.razerzone.comms) applicati ...)
	NOT-FOR-US: Razer Comms - Gaming Messenger (aka com.razerzone.comms) application for Android
CVE-2014-7684
	REJECTED
CVE-2014-7683 (The Free Canadian Author Previews (aka com.booksellerscanada.authorpre ...)
	NOT-FOR-US: Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application for Android
CVE-2014-7682 (The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android do ...)
	NOT-FOR-US: GR8! TV (aka com.magzter.greighttv) application for Android
CVE-2014-7681 (The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforu ...)
	NOT-FOR-US: VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application for Android
CVE-2014-7680
	REJECTED
CVE-2014-7679
	REJECTED
CVE-2014-7678
	REJECTED
CVE-2014-7677 (The Scudetto (aka com.scudetto) application 2.7 for Android does not v ...)
	NOT-FOR-US: Scudetto (aka com.scudetto) application for Android
CVE-2014-7676 (The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) applicatio ...)
	NOT-FOR-US: Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application for Android
CVE-2014-7675
	REJECTED
CVE-2014-7674 (The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 ...)
	NOT-FOR-US: TicketOne.it (aka it.ticketone.mobile.app.Android) application for Android
CVE-2014-7673
	REJECTED
CVE-2014-7672
	REJECTED
CVE-2014-7671 (The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does  ...)
	NOT-FOR-US: Tekno Apsis (aka com.teknoapsis) application for Android
CVE-2014-7670 (The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) appli ...)
	NOT-FOR-US: Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application for Android
CVE-2014-7669
	REJECTED
CVE-2014-7668 (The Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application 1.4 for ...)
	NOT-FOR-US: Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application for Android
CVE-2014-7667 (The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) app ...)
	NOT-FOR-US: Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) application for Android
CVE-2014-7666 (The American Waterfowler (aka com.magazinecloner.americanwaterfowler)  ...)
	NOT-FOR-US: American Waterfowler (aka com.magazinecloner.americanwaterfowler) application for Android
CVE-2014-7665
	REJECTED
CVE-2014-7664 (The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) ap ...)
	NOT-FOR-US: Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application for Android
CVE-2014-7663 (The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 ...)
	NOT-FOR-US: Right to the Nitty Gritty (aka com.wGoNittyGritty) application for Android
CVE-2014-7662
	REJECTED
CVE-2014-7661 (The Masquito Blogger (aka com.wmasquito) application 0.1 for Android d ...)
	NOT-FOR-US: Masquito Blogger (aka com.wmasquito) application for Android
CVE-2014-7660 (The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 fo ...)
	NOT-FOR-US: Gent Magazine (aka com.magzter.thegentmagazine) application for Android
CVE-2014-7659 (The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) ap ...)
	NOT-FOR-US: ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application for Android
CVE-2014-7658
	REJECTED
CVE-2014-7657
	REJECTED
CVE-2014-7656 (The Indian Management (aka com.magzter.indianmanagement) application 3 ...)
	NOT-FOR-US: Indian Management (aka com.magzter.indianmanagement) application for Android
CVE-2014-7655 (The Dresden Transport Museum (aka de.appack.project.vmd) application 2 ...)
	NOT-FOR-US: Dresden Transport Museum (aka de.appack.project.vmd) application for Android
CVE-2014-7654
	REJECTED
CVE-2014-7653
	REJECTED
CVE-2014-7652 (The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5 ...)
	NOT-FOR-US: Magicam Photo Magic Editor (aka mobi.magicam.editor) application for Android
CVE-2014-7651
	REJECTED
CVE-2014-7650 (The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 ...)
	NOT-FOR-US: JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application for Android
CVE-2014-7649 (The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7 ...)
	NOT-FOR-US: Classic Car Buyer (aka com.magazinecloner.carbuyer) application for Android
CVE-2014-7648 (The SMARTalk (aka jp.co.fusioncom.smartalk.android) application 1.1 fo ...)
	NOT-FOR-US: SMARTalk (aka jp.co.fusioncom.smartalk.android) application for Android
CVE-2014-7647 (The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for An ...)
	NOT-FOR-US: BOOKING DISCOUNT (aka com.wmygoodhotelscom) application for Android
CVE-2014-7646 (The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for ...)
	NOT-FOR-US: EMT-Paramedic Lite (aka com.wEMTparamedicLite) application for Android
CVE-2014-7645
	REJECTED
CVE-2014-7644 (The Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174 ...)
	NOT-FOR-US: Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application for Android
CVE-2014-7643 (The C.R. Group (aka com.c.r.group) application 1.0 for Android does no ...)
	NOT-FOR-US: C.R. Group (aka com.c.r.group) application for Android
CVE-2014-7642 (The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503 ...)
	NOT-FOR-US: Pegasus Airlines (aka com.wPegasusAirlines) application for Android
CVE-2014-7641
	REJECTED
CVE-2014-7640 (The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does n ...)
	NOT-FOR-US: Hotel Room (aka com.wHotelRoom) application for Android
CVE-2014-7639
	REJECTED
CVE-2014-7638 (The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application ...)
	NOT-FOR-US: Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application for Android
CVE-2014-7637
	REJECTED
CVE-2014-7636 (The United Hawk Nation (aka com.united12thman) application 2.1 for And ...)
	NOT-FOR-US: United Hawk Nation (aka com.united12thman) application for Android
CVE-2014-7635
	REJECTED
CVE-2014-7634 (The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does n ...)
	NOT-FOR-US: Adopt O Pet (aka com.wFindAPet) application for Android
CVE-2014-7633 (The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Andro ...)
	NOT-FOR-US: Dino Zoo (aka com.tappocket.dinozoostar) application for Android
CVE-2014-7632 (The news revolution - bahrain (aka com.news.revolution.BH) application ...)
	NOT-FOR-US: news revolution - bahrain (aka com.news.revolution.BH) application for Android
CVE-2014-7631 (The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Andro ...)
	NOT-FOR-US: Villa Antonia (aka com.appbuilder.u7p5019) application for Android
CVE-2014-7630 (The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Andr ...)
	NOT-FOR-US: Fling Gold (aka com.mbgames.fling.gold) application for Android
CVE-2014-7629 (The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25  ...)
	NOT-FOR-US: Yulman Stadium (aka com.dub.app.tulanestadium) application for Android
CVE-2014-7628 (The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android d ...)
	NOT-FOR-US: Acorn Comms (aka com.acorncomms.app) application for Android
CVE-2014-7627
	REJECTED
CVE-2014-7626 (The Atme (aka com.bedigital.atme) application 1.0.10 for Android does  ...)
	NOT-FOR-US: Atme (aka com.bedigital.atme) application for Android
CVE-2014-7625
	REJECTED
CVE-2014-7624 (The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) applicat ...)
	NOT-FOR-US: Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application for Android
CVE-2014-7623
	REJECTED
CVE-2014-7622 (The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locato ...)
	NOT-FOR-US: Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application for Android
CVE-2014-7621 (The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 ...)
	NOT-FOR-US: EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application for Android
CVE-2014-7620 (The Authors On Tour - Live! (aka com.appmakr.app122286) application 4  ...)
	NOT-FOR-US: Authors On Tour - Live! (aka com.appmakr.app122286) application for Android
CVE-2014-7619
	REJECTED
CVE-2014-7618 (The Interior Design (aka com.interior.design.mcreda) application 1.0 f ...)
	NOT-FOR-US: Interior Design (aka com.interior.design.mcreda) application for Android
CVE-2014-7617 (The www.roads365.com (aka ydx.android) application 1.0.1 for Android d ...)
	NOT-FOR-US: www.roads365.com (aka ydx.android) application for Android
CVE-2014-7616 (The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9 ...)
	NOT-FOR-US: Physics Forums (aka com.tapatalk.physicsforumscom) application for Android
CVE-2014-7615
	REJECTED
CVE-2014-7614 (The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0 ...)
	NOT-FOR-US: Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application for Android
CVE-2014-7613 (The WASPS Official Programmes (aka com.triactivemedia.wasps) applicati ...)
	NOT-FOR-US: WASPS Official Programmes (aka com.triactivemedia.wasps) application for Android
CVE-2014-7612 (The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74  ...)
	NOT-FOR-US: e-Kiosk (aka com.ekioskreader.android.pdfviewer) application for Android
CVE-2014-7611 (The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) applicat ...)
	NOT-FOR-US: Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application for Android
CVE-2014-7610 (The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) a ...)
	NOT-FOR-US: Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application for Android
CVE-2014-7609 (The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android  ...)
	NOT-FOR-US: iStunt 2 (aka com.miniclip.istunt2) application for Android
CVE-2014-7608 (The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for ...)
	NOT-FOR-US: Carrier Enterprise HVAC Assist (aka com.es.CE) application for Android
CVE-2014-7607 (The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android do ...)
	NOT-FOR-US: Swamiji.tv (aka org.yidl.SwamijiTV) application for Android
CVE-2014-7606 (The Concursive (aka com.concursive.app) application 2.1 for Android do ...)
	NOT-FOR-US: Concursive (aka com.concursive.app) application for Android
CVE-2014-7605 (The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.a ...)
	NOT-FOR-US: Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application for Android
CVE-2014-7604 (The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) appl ...)
	NOT-FOR-US: Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application for Android
CVE-2014-7603 (The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.1 ...)
	NOT-FOR-US: Gravey Design (aka com.dreamstep.wGraveyDesign) application for Android
CVE-2014-7602 (The FRONT (aka com.magazinecloner.front) application @7F08017A for And ...)
	NOT-FOR-US: FRONT (aka com.magazinecloner.front) application for Android
CVE-2014-7601
	REJECTED
CVE-2014-7600
	REJECTED
CVE-2014-7599
	REJECTED
CVE-2014-7598 (The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for A ...)
	NOT-FOR-US: Poker Puzzle (aka com.sharpiq.pokerpuzzle) application for Android
CVE-2014-7597 (The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) applicatio ...)
	NOT-FOR-US: Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application for Android
CVE-2014-7596 (The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for And ...)
	NOT-FOR-US: Paramore (aka uk.co.pixelkicks.paramore) application for Android
CVE-2014-7595 (The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android doe ...)
	NOT-FOR-US: devada.co.uk (aka com.wdevadacouk) application for Android
CVE-2014-7594
	REJECTED
CVE-2014-7593 (The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 ...)
	NOT-FOR-US: Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application for Android
CVE-2014-7592 (The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) app ...)
	NOT-FOR-US: FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application for Android
CVE-2014-7591 (The Demon (aka com.ireadercity.c24) application 3.0.2 for Android does ...)
	NOT-FOR-US: Demon (aka com.ireadercity.c24) application for Android
CVE-2014-7590 (The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for A ...)
	NOT-FOR-US: WebPromoExperts (aka ua.com.webpromoexperts) application for Android
CVE-2014-7589 (The Industrial and Commercial Bank of China (ICBC) Banking (aka com.ic ...)
	NOT-FOR-US: Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application for Android
CVE-2014-7588
	REJECTED
CVE-2014-7587 (The Blocked in Free (aka com.blueup.blocked) application 1.0 for Andro ...)
	NOT-FOR-US: Blocked in Free (aka com.blueup.blocked) application for Android
CVE-2014-7586
	REJECTED
CVE-2014-7585 (The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7 ...)
	NOT-FOR-US: Biplane Forum (aka com.gcspublishing.biplaneforum) application for Android
CVE-2014-7584 (The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for Androi ...)
	NOT-FOR-US: ACN2GO (aka com.dataparadigm.acnmobile) application for Android
CVE-2014-7583
	REJECTED
CVE-2014-7582 (The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 f ...)
	NOT-FOR-US: Water Lateral Sizer (aka com.wWaterLateralSizer) application for Android
CVE-2014-7581 (The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) ap ...)
	NOT-FOR-US: Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application for Android
CVE-2014-7580 (The Thailand Investor News (aka nudecreative.thaistock.set) applicatio ...)
	NOT-FOR-US: Thailand Investor News (aka nudecreative.thaistock.set) application for Android
CVE-2014-7579
	REJECTED
CVE-2014-7578 (The Bieber News Now (aka com.jbnews) application 12.0.5 for Android do ...)
	NOT-FOR-US: Bieber News Now (aka com.jbnews) application for Android
CVE-2014-7577 (The B&amp;H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1  ...)
	NOT-FOR-US: B&H Photo Video Pro Audio (aka com.bhphoto) application for Android
CVE-2014-7576 (The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii. ...)
	NOT-FOR-US: Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application for Android
CVE-2014-7575 (The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) appl ...)
	NOT-FOR-US: eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application for Android
CVE-2014-7574
	REJECTED
CVE-2014-7573 (The droid Survey Offline Forms (aka com.contact.droidSURVEY) applicati ...)
	NOT-FOR-US: droid Survey Offline Forms (aka com.contact.droidSURVEY) application for Android
CVE-2014-7572 (The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbook ...)
	NOT-FOR-US: Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application for Android
CVE-2014-7571 (The Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) app ...)
	NOT-FOR-US: Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) application for Android
CVE-2014-7570 (The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.them ...)
	NOT-FOR-US: Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application for Android
CVE-2014-7569 (The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) ...)
	NOT-FOR-US: Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application for Android
CVE-2014-7568 (The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) applic ...)
	NOT-FOR-US: Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application for Android
CVE-2014-7567 (The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does ...)
	NOT-FOR-US: iMig 2012 (aka com.webges.imig) application for Android
CVE-2014-7566 (The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for  ...)
	NOT-FOR-US: Stift Neuburg (aka de.appack.project.neuburg) application for Android
CVE-2014-7565 (The Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application ...)
	NOT-FOR-US: Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application for Android
CVE-2014-7564 (The Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a ...)
	NOT-FOR-US: Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application for Android
CVE-2014-7563 (The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c ...)
	NOT-FOR-US: Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application for Android
CVE-2014-7562 (The Health Advocate SmartHelp (aka com.healthadvocate.ui) application  ...)
	NOT-FOR-US: Health Advocate SmartHelp (aka com.healthadvocate.ui) application for Android
CVE-2014-7561
	REJECTED
CVE-2014-7560 (The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) applica ...)
	NOT-FOR-US: Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application for Android
CVE-2014-7559 (The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for And ...)
	NOT-FOR-US: InstaTalks (aka com.natrobit.instatalks) application for Android
CVE-2014-7558 (The Everest Poker (aka com.wEverestPoker) application 0.1 for Android  ...)
	NOT-FOR-US: Everest Poker (aka com.wEverestPoker) application for Android
CVE-2014-7557 (The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4 ...)
	NOT-FOR-US: zroadster.com (aka com.tapatalk.zroadstercomforum) application for Android
CVE-2014-7556
	REJECTED
CVE-2014-7555 (The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4. ...)
	NOT-FOR-US: Apparound BLEND (aka com.apparound.mobile.catalogo) application for Android
CVE-2014-7554 (The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1. ...)
	NOT-FOR-US: Bouqs - Flowers Simplified (aka com.bouqs.activity) application for Android
CVE-2014-7553 (The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.9895 ...)
	NOT-FOR-US: GET NYCE Lightworks (aka com.wGETNYCE) application for Android
CVE-2014-7552 (The Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application  ...)
	NOT-FOR-US: Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application for Android
CVE-2014-7551 (The Noticias Bebes Beybies (aka com.beybies) application 1.0 for Andro ...)
	NOT-FOR-US: Noticias Bebes Beybies (aka com.beybies) application for Android
CVE-2014-7550 (The basketball news &amp; videos (aka com.basketbal.news.caesar) appli ...)
	NOT-FOR-US: basketball news & videos (aka com.basketbal.news.caesar) application for Android
CVE-2014-7549
	REJECTED
CVE-2014-7548
	REJECTED
CVE-2014-7547 (The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimi ...)
	NOT-FOR-US: Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application for Android
CVE-2014-7546 (The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application ...)
	NOT-FOR-US: Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application for Android
CVE-2014-7545
	REJECTED
CVE-2014-7544 (The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret ...)
	NOT-FOR-US: Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application for Android
CVE-2014-7543 (The Blood (aka com.sheridan.ash) application 2.1 for Android does not  ...)
	NOT-FOR-US: Blood (aka com.sheridan.ash) application for Android
CVE-2014-7542 (The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android ...)
	NOT-FOR-US: l'Informatiu (aka com.linformatiu.spm) application for Android
CVE-2014-7541
	REJECTED
CVE-2014-7540
	REJECTED
CVE-2014-7539 (The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application ...)
	NOT-FOR-US: Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application for Android
CVE-2014-7538 (The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) appli ...)
	NOT-FOR-US: Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application for Android
CVE-2014-7537
	REJECTED
CVE-2014-7536 (The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom)  ...)
	NOT-FOR-US: Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application for Android
CVE-2014-7535 (The Classic Racer (aka com.triactivemedia.classicracer) application @7 ...)
	NOT-FOR-US: Classic Racer (aka com.triactivemedia.classicracer) application for Android
CVE-2014-7534 (The Funny &amp; Interesting Things (aka com.wFunnyandInterestingThings ...)
	NOT-FOR-US: Funny & Interesting Things (aka com.wFunnyandInterestingThings) application for Android
CVE-2014-7533 (The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) appli ...)
	NOT-FOR-US: NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application for Android
CVE-2014-7532 (The GES Agri Connect (aka com.wAgriConnect) application 0.1 for Androi ...)
	NOT-FOR-US: GES Agri Connect (aka com.wAgriConnect) application for Android
CVE-2014-7531
	REJECTED
CVE-2014-7530 (The PRIX IMPORT (aka com.myapphone.android.myapppriximport) applicatio ...)
	NOT-FOR-US: PRIX IMPORT (aka com.myapphone.android.myapppriximport) application for Android
CVE-2014-7529 (The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) applicati ...)
	NOT-FOR-US: Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application for Android
CVE-2014-7528 (The Horsepower (aka com.apptive.android.apps.horsepower) application 2 ...)
	NOT-FOR-US: Horsepower (aka com.apptive.android.apps.horsepower) application for Android
CVE-2014-7527 (The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57. ...)
	NOT-FOR-US: Savage Nation Mobile Web (aka com.wSavageNation) application for Android
CVE-2014-7526 (The Immunize Canada (aka ca.ohri.immunizeapp) application 1.0.1 for An ...)
	NOT-FOR-US: Immunize Canada (aka ca.ohri.immunizeapp) application for Android
CVE-2014-7525 (The Domain Name Search &amp; Web Host (aka com.wDomainNameSearchandReg ...)
	NOT-FOR-US: Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application for Android
CVE-2014-7524 (The Bed and Breakfast (aka com.wbedandbreakfastapp) application 0.1 fo ...)
	NOT-FOR-US: Bed and Breakfast (aka com.wbedandbreakfastapp) application for Android
CVE-2014-7523 (The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1 ...)
	NOT-FOR-US: Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application for Android
CVE-2014-7522 (The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 fo ...)
	NOT-FOR-US: Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application for Android
CVE-2014-7521 (The Anderson Musaamil (aka com.app_andersonmusaamil.layout) applicatio ...)
	NOT-FOR-US: Anderson Musaamil (aka com.app_andersonmusaamil.layout) application for Android
CVE-2014-7520 (The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does ...)
	NOT-FOR-US: Nova 92.1 FM (aka com.wNova921FM) application for Android
CVE-2014-7519 (The Cycling Manager Game Cff (aka com.CyclingManagerGame) application  ...)
	NOT-FOR-US: Cycling Manager Game Cff (aka com.CyclingManagerGame) application for Android
CVE-2014-7518 (The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) appl ...)
	NOT-FOR-US: Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application for Android
CVE-2014-7517 (The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for A ...)
	NOT-FOR-US: Myanmar Movies HD (aka com.wmyanmarmoviesHD) application for Android
CVE-2014-7516 (The Central East LHIN News (aka com.wCentralEastLHINNews) application  ...)
	NOT-FOR-US: Central East LHIN News (aka com.wCentralEastLHINNews) application for Android
CVE-2014-7515 (The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) app ...)
	NOT-FOR-US: Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application for Android
CVE-2014-7514
	REJECTED
CVE-2014-7513 (The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for  ...)
	NOT-FOR-US: Top Hangover Cures (aka com.TopHangoverCures) application for Android
CVE-2014-7512
	REJECTED
CVE-2014-7511
	REJECTED
CVE-2014-7510 (The Graffit It (aka com.presenttechnologies.graffitit) application 1.1 ...)
	NOT-FOR-US: Graffit It (aka com.presenttechnologies.graffitit) application for Android
CVE-2014-7509 (The A Very Short History of Japan (aka com.ireadercity.c51) applicatio ...)
	NOT-FOR-US: A Very Short History of Japan (aka com.ireadercity.c51) application for Android
CVE-2014-7508 (The Help For Doc (aka com.childrens.physician.relations) application 1 ...)
	NOT-FOR-US: Help For Doc (aka com.childrens.physician.relations) application for Android
CVE-2014-7507 (The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Andr ...)
	NOT-FOR-US: Hector Leal (aka ad.hector.leal.com) application for Android
CVE-2014-7506 (The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) applicat ...)
	NOT-FOR-US: Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application for Android
CVE-2014-7505 (The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android  ...)
	NOT-FOR-US: AppTalk (aka com.chatatami.apptalk) application for Android
CVE-2014-7504
	REJECTED
CVE-2014-7503
	REJECTED
CVE-2014-7502 (The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) applicatio ...)
	NOT-FOR-US: Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application for Android
CVE-2014-7501 (The Translation Widget (aka com.wTranslationGadget) application 0.1 fo ...)
	NOT-FOR-US: Translation Widget (aka com.wTranslationGadget) application for Android
CVE-2014-7500
	REJECTED
CVE-2014-7499 (The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does ...)
	NOT-FOR-US: Sword (aka com.ireadercity.c25) application for Android
CVE-2014-7498 (The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for ...)
	NOT-FOR-US: Space Cinema (aka it.thespacecinema.android) application for Android
CVE-2014-7497 (The Portfolium (aka com.wPortfolium) application 0.1 for Android does  ...)
	NOT-FOR-US: Portfolium (aka com.wPortfolium) application for Android
CVE-2014-7496
	REJECTED
CVE-2014-7495 (The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for  ...)
	NOT-FOR-US: LogosQuest - Beginnings (aka com.wLogosQuest) application for Android
CVE-2014-7494 (The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) applicat ...)
	NOT-FOR-US: Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application for Android
CVE-2014-7493 (The 100 Books (aka com.ireadercity.c20) application 3.0.2 for Android  ...)
	NOT-FOR-US: 100 Books (aka com.ireadercity.c20) application for Android
CVE-2014-7492 (The Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB ...)
	NOT-FOR-US: Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB8) application for Android
CVE-2014-7491 (The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Andr ...)
	NOT-FOR-US: Short Stories (aka com.ireadercity.c48) application for Android
CVE-2014-7490 (The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 f ...)
	NOT-FOR-US: Menaka - Marathi (aka com.magzter.menakamarathi) application for Android
CVE-2014-7489
	REJECTED
CVE-2014-7488 (The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Andro ...)
	NOT-FOR-US: Vineyard All In (aka com.wVineyardAllIn) application for Android
CVE-2014-7487 (The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticden ...)
	NOT-FOR-US: ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application for Android
CVE-2014-7486 (The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0  ...)
	NOT-FOR-US: Mitsubishi Road Assist (aka com.agero.mitsubishi) application for Android
CVE-2014-7485 (The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) applic ...)
	NOT-FOR-US: Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application for Android
CVE-2014-7484 (The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) ap ...)
	NOT-FOR-US: Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application for Android
CVE-2014-7483 (The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) applica ...)
	NOT-FOR-US: Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application for Android
CVE-2014-7482
	REJECTED
CVE-2014-7481 (The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android  ...)
	NOT-FOR-US: ETG Hosting (aka com.etg.web.hosting) application for Android
CVE-2014-7480
	REJECTED
CVE-2014-7479
	REJECTED
CVE-2014-7478 (The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Andro ...)
	NOT-FOR-US: nashaplaneta.su (aka com.wNashaPlaneta) application for Android
CVE-2014-7477
	REJECTED
CVE-2014-7476 (The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) applica ...)
	NOT-FOR-US: Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application for Android
CVE-2014-7475 (The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android d ...)
	NOT-FOR-US: Ionic View (aka com.ionic.viewapp) application for Android
CVE-2014-7474
	REJECTED
CVE-2014-7473
	REJECTED
CVE-2014-7472 (The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application ...)
	NOT-FOR-US: CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application for Android
CVE-2014-7471 (The international-arbitration-attorney.com (aka com.w0f1d79a1010d819ac ...)
	NOT-FOR-US: international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application for Android
CVE-2014-7470 (The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesa ...)
	NOT-FOR-US: I Know the Movie (aka com.guilardi.jesaislefilm2) application for Android
CVE-2014-7469 (The Best Beginning (aka com.bbbeta) application 2.0 for Android does n ...)
	NOT-FOR-US: Best Beginning (aka com.bbbeta) application for Android
CVE-2014-7468 (The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2  ...)
	NOT-FOR-US: AG Klettern Odenwald (aka de.appack.project.agko) application for Android
CVE-2014-7467 (The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for And ...)
	NOT-FOR-US: HoneyBee Mag (aka com.magzter.honeybeemag) application for Android
CVE-2014-7466 (The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Andr ...)
	NOT-FOR-US: Live TV Browser (aka com.wHDSmartBrowser) application for Android
CVE-2014-7465 (The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017 ...)
	NOT-FOR-US: PC Advisor (aka com.triactivemedia.pcadvisor) application for Android
CVE-2014-7464 (The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android  ...)
	NOT-FOR-US: Magic Stamp (aka vn.avagame.apotatem) application for Android
CVE-2014-7463 (The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for A ...)
	NOT-FOR-US: IM5 Fans Planet (aka uk.co.pixelkicks.im5) application for Android
CVE-2014-7462 (The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) applica ...)
	NOT-FOR-US: Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application for Android
CVE-2014-7461 (The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application 0.6 ...)
	NOT-FOR-US: A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application for Android
CVE-2014-7460 (The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) a ...)
	NOT-FOR-US: Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application for Android
CVE-2014-7459 (The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) appl ...)
	NOT-FOR-US: Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application for Android
CVE-2014-7458 (The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) appli ...)
	NOT-FOR-US: BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application for Android
CVE-2014-7457 (The Electronics For You (aka com.magzter.electronicsforyou) applicatio ...)
	NOT-FOR-US: Electronics For You (aka com.magzter.electronicsforyou) application for Android
CVE-2014-7456 (The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 fo ...)
	NOT-FOR-US: Digit Magazine (aka com.magzter.digitmagazine) application for Android
CVE-2014-7455 (The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5  ...)
	NOT-FOR-US: Zoella Unofficial (aka com.automon.ay.zoella) application for Android
CVE-2014-7454 (The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) appl ...)
	NOT-FOR-US: Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application for Android
CVE-2014-7453
	REJECTED
CVE-2014-7452 (The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0  ...)
	NOT-FOR-US: Shaklee Product Catalog (aka com.wProductCatalog) application for Android
CVE-2014-7451
	REJECTED
CVE-2014-7450 (The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for A ...)
	NOT-FOR-US: allnurses (aka com.tapatalk.allnursescom) application for Android
CVE-2014-7449 (The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034  ...)
	NOT-FOR-US: My NGEMC Account (aka com.ngemc.smartapps) application for Android
CVE-2014-7448 (The DealSide Institutional (aka com.magzter.dealsideinstitutional) app ...)
	NOT-FOR-US: DealSide Institutional (aka com.magzter.dealsideinstitutional) application for Android
CVE-2014-7447 (The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0 ...)
	NOT-FOR-US: Dattch - The Lesbian App (aka com.dattch.dattch.app) application for Android
CVE-2014-7446 (The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 ...)
	NOT-FOR-US: Bilingual Magic Ball (aka com.wBilingualMagicBall) application for Android
CVE-2014-7445 (The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Andr ...)
	NOT-FOR-US: LEGEND OF TRANCE (aka com.legendoftrance) application for Android
CVE-2014-7444 (The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Androi ...)
	NOT-FOR-US: Baidu Navigation (aka com.baidu.navi) application for Android
CVE-2014-7443 (The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagema ...)
	NOT-FOR-US: Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application for Android
CVE-2014-7442
	REJECTED
CVE-2014-7441 (The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does ...)
	NOT-FOR-US: Pakan Ken Tube (aka com.PakanKen) application for Android
CVE-2014-7440
	REJECTED
CVE-2014-7439 (The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2 ...)
	NOT-FOR-US: bene+ odmeny a slevy (aka cz.gemoney.bene.android) application for Android
CVE-2014-7438
	REJECTED
	NOT-FOR-US: pbm2l2030 printer driver
CVE-2014-7437 (The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) applicat ...)
	NOT-FOR-US: Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application for Android
CVE-2014-7436 (The SOS recette (aka com.sos.recette) application 1.0 for Android does ...)
	NOT-FOR-US: SOS recette (aka com.sos.recette) application for Android
CVE-2014-7435 (The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) appli ...)
	NOT-FOR-US: AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application for Android
CVE-2014-7434 (The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does no ...)
	NOT-FOR-US: RTSinfo (aka ch.rts.rtsinfo) application for Android
CVE-2014-7433 (The Student ID (aka com.computas.studentbevis) application 1.2 for And ...)
	NOT-FOR-US: Student ID (aka com.computas.studentbevis) application for Android
CVE-2014-7432 (The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0  ...)
	NOT-FOR-US: CalculatorApp (aka com.intuit.alm.testandroidapp) application for Android
CVE-2014-7431 (The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for An ...)
	NOT-FOR-US: Breeze Jersey (aka com.sc.breezeje.banking) application for Android
CVE-2014-7430 (The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for Androi ...)
	NOT-FOR-US: Flood-It (aka com.appspot.eoltek.flood) application for Android
CVE-2014-7429
	REJECTED
CVE-2014-7428 (The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) appli ...)
	NOT-FOR-US: 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application for Android
CVE-2014-7427 (The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) appli ...)
	NOT-FOR-US: Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application for Android
CVE-2014-7426
	REJECTED
CVE-2014-7425 (The Doodle Devil Free (aka com.joybits.doodledevil_free) application 2 ...)
	NOT-FOR-US: Doodle Devil Free (aka com.joybits.doodledevil_free) application for Android
CVE-2014-7424 (The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) applica ...)
	NOT-FOR-US: Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application for Android
CVE-2014-7423 (The Youth Incorporated (aka com.magzter.youthincorporated) application ...)
	NOT-FOR-US: Youth Incorporated (aka com.magzter.youthincorporated) application for Android
CVE-2014-7422 (The HEA Mobile (aka com.homerelectric.smartapps) application 1.153.003 ...)
	NOT-FOR-US: HEA Mobile (aka com.homerelectric.smartapps) application for Android
CVE-2014-7421 (The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) appl ...)
	NOT-FOR-US: Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application for Android
CVE-2014-7420 (The Just Bureaucracy (aka com.magzter.justbureaucracy) application 3.0 ...)
	NOT-FOR-US: Just Bureaucracy (aka com.magzter.justbureaucracy) application for Android
CVE-2014-7419 (The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 ...)
	NOT-FOR-US: PokeCreator Lite (aka com.pokecreator.builderlite) application for Android
CVE-2014-7418 (The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application  ...)
	NOT-FOR-US: BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application for Android
CVE-2014-7417 (The Real Academia de Bellas Artes (aka com.adianteventures.adianteapps ...)
	NOT-FOR-US: Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application for Android
CVE-2014-7416 (The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) appli ...)
	NOT-FOR-US: Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application for Android
CVE-2014-7415 (The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for  ...)
	NOT-FOR-US: Asylum! (aka com.nobexinc.wls_96362255.rc) application for Android
CVE-2014-7414 (The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for  ...)
	NOT-FOR-US: CLEO Malaysia (aka com.magzter.cleomalaysia) application for Android
CVE-2014-7413 (The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) applica ...)
	NOT-FOR-US: Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application for Android
CVE-2014-7412
	REJECTED
CVE-2014-7411
	REJECTED
CVE-2014-7410 (The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for Androi ...)
	NOT-FOR-US: Aptallik Testi (aka com.wAptallikTesti) application for Android
CVE-2014-7409 (The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android do ...)
	NOT-FOR-US: Liburan Hemat (aka com.liburan.bro) application for Android
CVE-2014-7408 (The Gary Johnson for President '12 (aka com.GaryJohnson2012) applicati ...)
	NOT-FOR-US: Gary Johnson for President '12 (aka com.GaryJohnson2012) application for Android
CVE-2014-7407 (The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2. ...)
	NOT-FOR-US: Game Day Tix (aka com.xcr.android.mygamedaytickets) application for Android
CVE-2014-7406 (The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.d ...)
	NOT-FOR-US: Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application for Android
CVE-2014-7405 (The Belaire Family Orthodontics (aka com.app_bf.layout) application 1. ...)
	NOT-FOR-US: Belaire Family Orthodontics (aka com.app_bf.layout) application for Android
CVE-2014-7404
	REJECTED
CVE-2014-7403 (The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for ...)
	NOT-FOR-US: NZHondas.com (aka com.tapatalk.nzhondascom) application for Android
CVE-2014-7400
	REJECTED
CVE-2014-7399 (The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 fo ...)
	NOT-FOR-US: Suzanne Glathar (aka com.app_sglathar.layout) application for Android
CVE-2014-7398 (The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 ...)
	NOT-FOR-US: Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application for Android
CVE-2014-7397 (The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application  ...)
	NOT-FOR-US: ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application for Android
CVE-2014-7396 (The PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application 0. ...)
	NOT-FOR-US: PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application for Android
CVE-2014-7395 (The USF BCM (aka com.appmakr.app193115) application 252847 for Android ...)
	NOT-FOR-US: USF BCM (aka com.appmakr.app193115) application for Android
CVE-2014-7394 (The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for And ...)
	NOT-FOR-US: www.alaaliwat.com (aka com.alaliwat.marsa) application for Android
CVE-2014-7393 (The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for A ...)
	NOT-FOR-US: 100 Beauty Tips (aka com.ww100BeautyTipsApp) application for Android
CVE-2014-7392 (The Russian Federation Traffic Rules (aka com.russia.pdd) application  ...)
	NOT-FOR-US: Russian Federation Traffic Rules (aka com.russia.pdd) application for Android
CVE-2014-7391 (The Synx addictive puzzle game (aka us.synx.mobile.play) application 1 ...)
	NOT-FOR-US: Synx addictive puzzle game (aka us.synx.mobile.play) application for Android
CVE-2014-7390 (The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) app ...)
	NOT-FOR-US: Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application for Android
CVE-2014-7389 (The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2. ...)
	NOT-FOR-US: Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application for Android
CVE-2014-7388 (The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) applica ...)
	NOT-FOR-US: Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application for Android
CVE-2014-7387 (The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 f ...)
	NOT-FOR-US: ACC Advocacy Action (aka com.acc.app.android.ui) application for Android
CVE-2014-7386
	REJECTED
CVE-2014-7385 (The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) app ...)
	NOT-FOR-US: Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application for Android
CVE-2014-7384 (The Joe's Lawn Service (aka com.appexpress.joeslawnservice) applicatio ...)
	NOT-FOR-US: Joe's Lawn Service (aka com.appexpress.joeslawnservice) application for Android
CVE-2014-7383
	REJECTED
CVE-2014-7382 (The Alternative Connection (aka com.wAlternativeConnection) applicatio ...)
	NOT-FOR-US: Alternative Connection (aka com.wAlternativeConnection) application for Android
CVE-2014-7381
	REJECTED
CVE-2014-7380 (The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Andr ...)
	NOT-FOR-US: Cedar Kiosk (aka com.apps2you.cedarkiosk) application for Android
CVE-2014-7379 (The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) ...)
	NOT-FOR-US: Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) application for Android
CVE-2014-7378 (The Jobranco (aka com.jobranco) application 1.1 for Android does not v ...)
	NOT-FOR-US: Jobranco (aka com.jobranco) application for Android
CVE-2014-7377
	REJECTED
CVE-2014-7376 (The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids)  ...)
	NOT-FOR-US: Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application for Android
CVE-2014-7375 (The Childcare (aka com.app_macchildcare.layout) application 1.399 for  ...)
	NOT-FOR-US: Childcare (aka com.app_macchildcare.layout) application for Android
CVE-2014-7374 (The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application ...)
	NOT-FOR-US: SPIN - Motion Comic (aka me.narr8.android.serial.spin) application for Android
CVE-2014-7373 (The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 ...)
	NOT-FOR-US: Inspire Weddings (aka com.magzter.inspireweddings) application for Android
CVE-2014-7372 (The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for An ...)
	NOT-FOR-US: Mr.Sausage (aka com.app_mrsausage.layout) application for Android
CVE-2014-7371 (The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) appli ...)
	NOT-FOR-US: Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application for Android
CVE-2014-7370 (The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android do ...)
	NOT-FOR-US: Job MoBleeps (aka com.wJobMoBleeps) application for Android
CVE-2014-7369 (The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for ...)
	NOT-FOR-US: Il Brillo Parlante (aka com.wIlBrilloParlante) application for Android
CVE-2014-7368 (The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPr ...)
	NOT-FOR-US: Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application for Android
CVE-2014-7367 (The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for Android  ...)
	NOT-FOR-US: TuS 1947 Radis (aka com.tus1947radis) application for Android
CVE-2014-7366 (The Identity (aka com.magzter.identity) application 3.01 for Android d ...)
	NOT-FOR-US: Identity (aka com.magzter.identity) application for Android
CVE-2014-7365
	REJECTED
CVE-2014-7364 (The Promotional Items (aka com.wPromotionalItems) application 0.1 for  ...)
	NOT-FOR-US: Promotional Items (aka com.wPromotionalItems) application for Android
CVE-2014-7363
	REJECTED
CVE-2014-7362 (The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application  ...)
	NOT-FOR-US: Naranjas Con Tocados (aka com.NaranjasConTocados.com) application for Android
CVE-2014-7361 (The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for An ...)
	NOT-FOR-US: Harry's Pub (aka com.emunching.harryspub) application for Android
CVE-2014-7360 (The How To Boil Eggs (aka com.appmakr.app842173) application 251333 fo ...)
	NOT-FOR-US: How To Boil Eggs (aka com.appmakr.app842173) application for Android
CVE-2014-7359 (The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android doe ...)
	NOT-FOR-US: MAPA DA MINA (aka com.wMAPADAMINA) application for Android
CVE-2014-7358 (The Vermont Powder (aka com.concursive.vermontpowder) application 4.1  ...)
	NOT-FOR-US: Vermont Powder (aka com.concursive.vermontpowder) application for Android
CVE-2014-7357 (The Grandparenting is Great (aka com.app_gig.layout) application 1.400 ...)
	NOT-FOR-US: Grandparenting is Great (aka com.app_gig.layout) application for Android
CVE-2014-7356
	REJECTED
CVE-2014-7355
	REJECTED
CVE-2014-7354 (The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for A ...)
	NOT-FOR-US: Penumbra eMag (aka com.magzter.penumbraemag) application for Android
CVE-2014-7353 (The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does ...)
	NOT-FOR-US: JAZAN 24 (aka com.jazan24.Mcreda) application for Android
CVE-2014-7352 (The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) applic ...)
	NOT-FOR-US: India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application for Android
CVE-2014-7351 (The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) applic ...)
	NOT-FOR-US: GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application for Android
CVE-2014-7350
	REJECTED
CVE-2014-7349
	REJECTED
CVE-2014-7348 (The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android doe ...)
	NOT-FOR-US: HOT CARS (aka com.magzter.hotcars) application for Android
CVE-2014-7347
	REJECTED
CVE-2014-7346 (The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does ...)
	NOT-FOR-US: Bespoke (aka com.magzter.bespoke) application for Android
CVE-2014-7345 (The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 fo ...)
	NOT-FOR-US: DIYChatroom (aka com.tapatalk.diychatroomcom) application for Android
CVE-2014-7344 (The Classic Arms &amp; Militaria (aka com.magazinecloner.classicarmsan ...)
	NOT-FOR-US: Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application for Android
CVE-2014-7343
	REJECTED
CVE-2014-7342 (The Echo News (aka com.solo.report) 1.10 application (beta) for Androi ...)
	NOT-FOR-US: Echo News (aka com.solo.report) 1.10 application for Android
CVE-2014-7341 (The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android do ...)
	NOT-FOR-US: SAsync (aka com.sasync.sasyncmap) application for Android
CVE-2014-7340 (The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F0801 ...)
	NOT-FOR-US: Old Bike Mart (aka com.magazinecloner.oldbike) application for Android
CVE-2014-7339 (The Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAun ...)
	NOT-FOR-US: Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAunAmigo) application for Android
CVE-2014-7338 (The faailkhair (aka com.faailkhair.app) application 1.0 for Android do ...)
	NOT-FOR-US: faailkhair (aka com.faailkhair.app) application for Android
CVE-2014-7337 (The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android ...)
	NOT-FOR-US: Acorn Estate Agents (aka com.acorn.ea) application for Android
CVE-2014-7336 (The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1 ...)
	NOT-FOR-US: Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application for Android
CVE-2014-7335 (The Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application 2. ...)
	NOT-FOR-US: Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application for Android
CVE-2014-7334 (The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for A ...)
	NOT-FOR-US: Where Dallas (aka com.magzter.wheredallas) application for Android
CVE-2014-7333 (The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Andr ...)
	NOT-FOR-US: Aloha Guide (aka com.aloha.guide.japnese) application for Android
CVE-2014-7332
	REJECTED
CVE-2014-7331 (The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application 0 ...)
	NOT-FOR-US: TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application for Android
CVE-2014-7330 (The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for  ...)
	NOT-FOR-US: XtendCU Mobile (aka com.metova.cuae.xtend) application for Android
CVE-2014-7329 (The Motoring Classics (aka com.aptusi.android.motoring) application 1. ...)
	NOT-FOR-US: Motoring Classics (aka com.aptusi.android.motoring) application for Android
CVE-2014-7328 (The brain abundance info (aka com.wbrainabundance) application 0.1 for ...)
	NOT-FOR-US: brain abundance info (aka com.wbrainabundance) application for Android
CVE-2014-7327 (The Macau Business (aka com.magzter.macaubusiness) application 3.0 for ...)
	NOT-FOR-US: Macau Business (aka com.magzter.macaubusiness) application for Android
CVE-2014-7326 (The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Andr ...)
	NOT-FOR-US: ETA Mobile (aka com.en2grate.etamobile) application for Android
CVE-2014-7325 (The Business Intelligence (aka com.magzter.businessintelligence) appli ...)
	NOT-FOR-US: Business Intelligence (aka com.magzter.businessintelligence) application for Android
CVE-2014-7324
	REJECTED
CVE-2014-7323 (The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 ...)
	NOT-FOR-US: Dignity Dialogue (aka com.magzter.dignitydialogue) application for Android
CVE-2014-7322
	REJECTED
CVE-2014-7321 (The Firenze map (aka com.wFirenzemap) application 0.1 for Android does ...)
	NOT-FOR-US: Firenze map (aka com.wFirenzemap) application for Android
CVE-2014-7320 (The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not ...)
	NOT-FOR-US: SHIRAKABA (aka com.SHIRAKABA) application for Android
CVE-2014-7319
	REJECTED
CVE-2014-7318
	REJECTED
CVE-2014-7317 (The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) a ...)
	NOT-FOR-US: Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application for Android
CVE-2014-7316 (The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for  ...)
	NOT-FOR-US: Safe Arrival (aka com.synrevoice.safearrival) application for Android
CVE-2014-7315 (The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for ...)
	NOT-FOR-US: Where Atlanta (aka com.magzter.whereatlanta) application for Android
CVE-2014-7314 (The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 f ...)
	NOT-FOR-US: Intelligent SME (aka com.magzter.intelligentsme) application for Android
CVE-2014-7313 (The One You Fitness (aka com.app_oneyou.layout) application 1.399 for  ...)
	NOT-FOR-US: One You Fitness (aka com.app_oneyou.layout) application for Android
CVE-2014-7312
	REJECTED
CVE-2014-7311
	REJECTED
CVE-2014-7310 (The Ali Visual (aka com.ali.visual) application 1.0 for Android does n ...)
	NOT-FOR-US: Ali Visual (aka com.ali.visual) application for Android
CVE-2014-7309 (The Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2S ...)
	NOT-FOR-US: Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application for Android
CVE-2014-7308
	REJECTED
CVE-2014-7307 (The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) appli ...)
	NOT-FOR-US: ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application for Android
CVE-2014-7306
	RESERVED
CVE-2014-7305
	RESERVED
CVE-2014-7304
	RESERVED
CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
	NOT-FOR-US: SGI Tempo
CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
	NOT-FOR-US: SGI Tempo
CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...)
	NOT-FOR-US: SGI Tempo
CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS 6.3. ...)
	NOT-FOR-US: Aruba ArubaOS
CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify  ...)
	NOT-FOR-US: Centrify
CVE-2014-7297 (Unspecified vulnerability in the folder framework in the Enfold theme  ...)
	NOT-FOR-US: folder framework in the Enfold theme for WordPress
CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...)
	NOT-FOR-US: Spago
CVE-2014-7294 (Open redirect vulnerability in the logon page in NYU OpenSSO Integrati ...)
	NOT-FOR-US: Ex Libris Patron Directory Services
CVE-2014-7293 (Cross-site scripting (XSS) vulnerability in the logon page in NYU Open ...)
	NOT-FOR-US: NYU OpenSSO Integration for Ex Libris Patron Directory Services
CVE-2014-7292 (Open redirect vulnerability in the Click-Through feature in Newtellige ...)
	NOT-FOR-US: Newtelligence dasBlog
CVE-2014-7291 (Multiple cross-site scripting (XSS) vulnerabilities in api_events.php  ...)
	NOT-FOR-US: Springshare LibCal
CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems A ...)
	NOT-FOR-US: Atlas Systems Aeon
CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec Criti ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-7288 (Symantec PGP Universal Server and Encryption Management Server before  ...)
	NOT-FOR-US: Symantec Encryption Management Server
CVE-2014-7287 (The key-management component in Symantec PGP Universal Server and Encr ...)
	NOT-FOR-US: Symantec
CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ear ...)
	NOT-FOR-US: Symantec Deployment Solution
CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance bef ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-7282
	RESERVED
CVE-2014-7281 (Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Tech ...)
	NOT-FOR-US: Tenda A32 Router
CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Bu ...)
	NOT-FOR-US: Nessus Web UI
CVE-2014-7279 (The Konke Smart Plug K does not require authentication for TELNET sess ...)
	NOT-FOR-US: Konke Smart Plug K
CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the Linu ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.13)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7 (v3.15-rc7)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a48e42920ff38bc90bbf75143fff4555723d4540
	NOTE: http://secondlookforensics.com/ngro-linux-kernel-bug/
CVE-2014-7283 (The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs i ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.10 upstream)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.10 upstream)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d (v3.15-rc1)
	NOTE: http://marc.info/?l=linux-xfs&m=139590613002926&w=2
	NOTE: Reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e
CVE-2014-7295 (The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWi ...)
	{DSA-3046-1}
	- mediawiki 1:1.19.20+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=70672
CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1. ...)
	NOT-FOR-US: ZyXEL
CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXE ...)
	NOT-FOR-US: ZyXEL
CVE-2014-7276
	RESERVED
CVE-2014-7275 (The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does  ...)
	{DSA-3091-1 DLA-106-1}
	- getmail4 4.46.0-1 (bug #766670)
CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verify tha ...)
	{DSA-3091-1 DLA-106-1}
	- getmail4 4.46.0-1 (bug #766670)
CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does  ...)
	{DSA-3091-1 DLA-106-1}
	- getmail4 4.44.0-1 (bug #766670)
CVE-2014-7272 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...)
	[experimental] - sddm 0.11.0-1
	- sddm 0.11.0-2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
CVE-2014-7271 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...)
	[experimental] - sddm 0.11.0-1
	- sddm 0.11.0-2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
CVE-2014-7270 (Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U ...)
	NOT-FOR-US: ASUS routers
CVE-2014-7269 (ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier ...)
	NOT-FOR-US: ASUS routers
CVE-2014-7268 (Cross-site scripting (XSS) vulnerability in the data-export feature in ...)
	NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7267 (Cross-site scripting (XSS) vulnerability in the output-page generator  ...)
	NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7266 (Algorithmic complexity vulnerability in Cybozu Remote Service Manager  ...)
	NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-7265 (Cross-site scripting (XSS) vulnerability in LinPHA allows remote attac ...)
	NOT-FOR-US: LinPHA
CVE-2014-7264 (Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/de ...)
	- chyrp <itp> (bug #664739)
CVE-2014-7263 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7262 (Cross-site scripting (XSS) vulnerability in the Omake BBS component in ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7261 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7260 (The Server Side Includes (SSI) implementation in the File Upload BBS c ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Andr ...)
	NOT-FOR-US: SQUARE ENIX
CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 a ...)
	NOT-FOR-US: KENT-WEB CLip Board
CVE-2014-7257 (SQL injection vulnerability in DBD::PgPP 0.05 and earlier ...)
	NOT-FOR-US: DBD::PgPP
CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Int ...)
	NOT-FOR-US: SEIL Routers
CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 throug ...)
	NOT-FOR-US: SEIL Routers
CVE-2014-7254 (Unspecified vulnerability in ARROWS Me F-11D allows physically proxima ...)
	NOT-FOR-US: Arrows Me
CVE-2014-7253 (FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phon ...)
	NOT-FOR-US: ARROWS
CVE-2014-7252 (Multiple unspecified vulnerabilities in the Syslink driver for Texas I ...)
	NOT-FOR-US: ARROWS
CVE-2014-7251 (XML external entity (XXE) vulnerability in the WebHMI server in Yokoga ...)
	NOT-FOR-US: Yokogawa
CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...)
	- kfreebsd-8 <undetermined>
	[wheezy] - kfreebsd-8 <end-of-life> (Not supported in wheezy LTS)
	- kfreebsd-9 <undetermined>
	[wheezy] - kfreebsd-9 <end-of-life> (Not supported in wheezy LTS)
	- kfreebsd-10 <undetermined> (bug #778367)
	[jessie] - kfreebsd-10 <end-of-life> (Not supported in Jessie LTS)
CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, A ...)
	NOT-FOR-US: Allied Telesis
CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...)
	NOT-FOR-US: IPA iLogScanner
CVE-2014-7247 (Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; I ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2,  ...)
	NOT-FOR-US: OpenAM (SSO Server)
	NOTE: This is not the openam answering machine.
CVE-2014-7245
	REJECTED
CVE-2014-7244
	REJECTED
CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not res ...)
	NOT-FOR-US: LG Routers
CVE-2014-7242 (The SumaHo application 3.0.0 and earlier for Android and the SumaHo "d ...)
	NOT-FOR-US: SumaHo (applications for Android)
CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote atta ...)
	NOT-FOR-US: TSUTAYA application for Android
CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-7239
	RESERVED
CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4  ...)
	NOT-FOR-US: WordPress plugin Contact Form Integrated With Google Maps
CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
CVE-2014-7236 (Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6 ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Rec ...)
	NOT-FOR-US: FreePBX
CVE-2014-7234
	REJECTED
CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...)
	NOT-FOR-US: GE Healthcare Precision THUNIS-800+
CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2geti ...)
	NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2
CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x b ...)
	NOT-FOR-US: Joomla!
CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...)
	NOT-FOR-US: Joomla!
CVE-2014-7227
	REJECTED
CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ea ...)
	NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-7225
	RESERVED
CVE-2014-7224 (A Code Execution vulnerability exists in Android prior to 4.4.0 relate ...)
	NOT-FOR-US: Android addJavascriptInterface
CVE-2014-7223
	RESERVED
CVE-2014-7222 (Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote a ...)
	- teamspeak-client <removed>
	[wheezy] - teamspeak-client <end-of-life> (non-free is not supported)
CVE-2014-7221 (TeamSpeak Client 3.0.14 and earlier allows remote authenticated users  ...)
	- teamspeak-client <removed>
	[wheezy] - teamspeak-client <end-of-life> (non-free is not supported)
CVE-2014-7220
	RESERVED
CVE-2014-7219
	RESERVED
CVE-2014-7218
	RESERVED
CVE-2014-7217 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	- phpmyadmin 4:4.2.9.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-11/
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 a ...)
	NOT-FOR-US: Yahoo
CVE-2014-7215
	REJECTED
CVE-2014-7214
	REJECTED
CVE-2014-7213
	REJECTED
CVE-2014-7212
	REJECTED
CVE-2014-7211
	REJECTED
CVE-2014-7210 [pdns in Debian creates too privileged MySQL user]
	RESERVED
	{DLA-492-1}
	- pdns 3.3.1-1
	[squeeze] - pdns <not-affected> (Vulnerabile code not present)
	NOTE: Debian packaging specific.
CVE-2014-7209 (run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 al ...)
	{DSA-3114-1 DLA-125-1}
	- mime-support 3.58
CVE-2014-7208 (GParted before 0.15.0 allows local users to execute arbitrary commands ...)
	- gparted 0.16.1-1
	[wheezy] - gparted <no-dsa> (Minor issue)
	[squeeze] - gparted <no-dsa> (Minor issue)
CVE-2014-7207 (A certain Debian patch to the IPv6 implementation in the Linux kernel  ...)
	{DSA-3060-1}
	- linux <not-affected> (Issue specific to 3.2.x)
	NOTE: In 3.2.x introduced with https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?h=linux-3.2.y&id=64b5c251d5b2cee4a0f697bfb90d79263f6dd517
	NOTE: which is a backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73f156a6e8c1074ac6327e0abd1169e95eb66463 (v3.16-rc1)
	NOTE: The missing commit for the 3.2.x branch was applied already earlier (before v3.16) mainline:
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=916e4cf46d0204806c062c8c6c4d1f633852c5b6 (v3.14-rc6)
	NOTE: http://bugs.debian.org/766195
	- linux-2.6 <not-affected> (Issue specific to 3.2.x)
CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to writ ...)
	{DSA-3048-1}
	- apt 1.0.9.2 (bug #763780)
	[squeeze] - apt <not-affected> (apt changelog command and vulnerable code not present)
	NOTE: mitigated by Linux kernel features in wheezy and up
CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...)
	NOT-FOR-US: GE Healthcare Centricity DMS
CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the insit ...)
	NOT-FOR-US: GE Healthcare Discovery NM 750b
CVE-2012-6662 (Cross-site scripting (XSS) vulnerability in the default content option ...)
	- jqueryui 1.10.1+dfsg-1
	[wheezy] - jqueryui <not-affected> (ui.tooltip not yet present)
	[squeeze] - jqueryui <not-affected> (code not present)
	NOTE: http://bugs.jqueryui.com/ticket/8861
	NOTE: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta ...)
	- zope2.12 2.12.26-1
	- zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19)
	NOTE: CVE SPLIT from CVE-2012-5508
CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the servic ...)
	NOT-FOR-US: GE Healthcare Precision MPi
CVE-2011-5374
	RESERVED
CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has  ...)
	NOT-FOR-US: GE Healthcare Revolution XQ/i
CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for  ...)
	NOT-FOR-US: GE Healthcare CADStream Server
CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the HIP ...)
	NOT-FOR-US: GE Healthcare Optima MR360
CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a  ...)
	NOT-FOR-US: GE Healthcare Optima MR360
CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default pass ...)
	NOT-FOR-US: GE Healthcare Optima
CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ac ...)
	NOT-FOR-US: GE Healthcare Discovery 530C
CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...)
	NOT-FOR-US: GE Healthcare Centricity DMS
CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
	NOT-FOR-US: GE Healthcare Infinia II
CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet  ...)
	NOT-FOR-US: GE Healthcare Centricity Image Vault
CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...)
	NOT-FOR-US: GE Healthcare Discovery VH
CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1594 (GE Healthcare eNTEGRA P&amp;R has a password of (1) entegra for the en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shif ...)
	- openssl 0.9.6-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb
CVE-2000-1253
	RESERVED
CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used ...)
	- gnome-shell 3.14.1-1 (low)
	[wheezy] - gnome-shell <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456
	NOTE: PrtSc is an unauthenticated request that's available to untrusted
	NOTE: parties. A series of requests can consume a large amount of memory.
	NOTE: The combination of this PrtSc behavior and the existence of the
	NOTE: oom-killer allows authentication bypass for command execution.
	NOTE: Therefore, the product must limit the aggregate memory consumption of
	NOTE: all active requests, and the lack of this limit is a vulnerability.
CVE-2014-7231 (The strutils.mask_password function in the OpenStack Oslo utility libr ...)
	- python-oslo.utils 0.2.0-1
	NOTE: https://launchpad.net/bugs/1345233
	NOTE: https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486
CVE-2014-7230 (The processutils.execute function in OpenStack oslo-incubator, Cinder, ...)
	- cinder 2014.1.3-4 (low; bug #765704)
	- nova 2014.1.3-5 (low; bug #765714)
	[wheezy] - nova <no-dsa> (Minor issue)
	- openstack-trove 2014.1.3-1 (low)
	NOTE: https://launchpad.net/bugs/1343604
CVE-2014-7205 (Eval injection vulnerability in the internals.batch function in lib/ba ...)
	NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
	NOT-FOR-US: node.js package bassmaster
CVE-2014-7201 (Multiple SQL injection vulnerabilities in the search function in pi1/c ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2014-7200 (Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2014-7198 (OMERO before 5.0.6 has multiple CSRF vulnerabilities because the frame ...)
	NOT-FOR-US: OMERO
CVE-2014-7197
	RESERVED
CVE-2014-7196
	REJECTED
CVE-2014-7195 (Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6 ...)
	NOT-FOR-US: Spotfire Web Player
CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File ...)
	NOT-FOR-US: TIBCO
CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly restrict t ...)
	NOT-FOR-US: Crumb
CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package b ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773623)
	NOTE: libv8 not covered by security support
CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact functi ...)
	- node-qs 2.2.4-1
	NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
	NOTE: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
CVE-2014-7188 (The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 t ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7184
	RESERVED
CVE-2014-7183 (Multiple cross-site scripting (XSS) vulnerabilities in the search.php  ...)
	NOT-FOR-US: LifeCart
CVE-2014-7182 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Google M ...)
	NOT-FOR-US: WP Google Maps plugin for WordPress
CVE-2014-7181 (Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons ...)
	NOT-FOR-US: Max Foundry MaxButtons plugin for WordPress
CVE-2014-7180 (Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 use ...)
	NOT-FOR-US: ElectricCommander
CVE-2014-7179
	RESERVED
CVE-2014-7178 (Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-7177 (XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier al ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-7176 (SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows r ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-7175 (FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbit ...)
	NOT-FOR-US: FarLinX X25 Gateway
CVE-2014-7174 (FarLinX X25 Gateway through 2014-09-25 allows directory traversal via  ...)
	NOT-FOR-US: FarLinX X25 Gateway
CVE-2014-7173 (FarLinX X25 Gateway through 2014-09-25 allows command injection via sh ...)
	NOT-FOR-US: FarLinX X25 Gateway
CVE-2014-7172
	RESERVED
CVE-2014-7171
	RESERVED
CVE-2014-7170 (Race condition in Puppet Server 0.2.0 allows local users to obtain sen ...)
	NOT-FOR-US: Puppet Server (replacement for puppetmaster)
CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a de ...)
	{DSA-3042-1 DLA-69-1}
	- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
	NOTE: http://sourceforge.net/p/ctags/code/791/
CVE-2014-7203 (libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces ...)
	- zeromq <not-affected> (Vulnerable code not present, only zmq 4.x onwards)
	- zeromq3 4.0.5+dfsg-1
	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1191
CVE-2014-7202 (stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allow ...)
	- zeromq <not-affected> (Vulnerable code not present, only zmq 4.x onwards)
	- zeromq3 4.0.5+dfsg-1
	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190
CVE-2014-7190 (Multiple cross-site request forgery (CSRF) vulnerabilities in Openfile ...)
	NOT-FOR-US: Openfiler
CVE-2014-7189 (crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enab ...)
	- golang 2:1.3.2-1
	[wheezy] - golang <not-affected> (Vulnerable code not present, only Go 1.1 onwards)
	NOTE: https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
	NOTE: https://code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3
CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU Bas ...)
	{DSA-3035-1 DLA-63-1}
	- bash 4.3-9.2
CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 bash ...)
	{DSA-3035-1 DLA-63-1}
	- bash 4.3-9.2
CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ...)
	- python2.5 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.8-1 (low; bug #763848)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue21831
	NOTE: Upstream fix http://hg.python.org/cpython/rev/8d963c7db507
CVE-2014-7168
	RESERVED
CVE-2014-7167
	RESERVED
CVE-2014-7166
	RESERVED
CVE-2014-7165
	RESERVED
CVE-2014-7164
	RESERVED
CVE-2014-7163
	RESERVED
CVE-2014-7162
	RESERVED
CVE-2014-7161
	RESERVED
CVE-2014-7160
	RESERVED
CVE-2014-7159
	RESERVED
CVE-2014-7158 (Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimiza ...)
	NOT-FOR-US: Exinda WAN Optimization Suite
CVE-2014-7157 (Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Su ...)
	NOT-FOR-US: Exinda WAN Optimization Suite
CVE-2014-7153 (SQL injection vulnerability in the editgallery function in admin/galle ...)
	NOT-FOR-US: WordPress plugin Huge-IT Image Gallery
CVE-2014-XXXX [cyassl: RSA Padding check vulnerability]
	- cyassl <removed>
	- wolfssl 3.4.8+dfsg-1
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html
	NOTE: http://www.intelsecurity.com/advanced-threat-research/#
	NOTE: similar to CVE-2014-1568 in nss
CVE-2014-7199 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19,  ...)
	{DSA-3036-1}
	- mediawiki 1:1.19.19+dfsg-1 (bug #762754)
	[squeeze] - mediawiki <end-of-life>
CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after certa ...)
	{DSA-3035-1 DLA-63-1}
	- bash 4.3-9.2 (bug #762760)
CVE-2014-7156 (The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen  ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7155 (The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen  ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7154 (Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x do ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms p ...)
	NOT-FOR-US: WordPress plugin Easy MailChimp Forms
CVE-2014-7151 (Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms L ...)
	NOT-FOR-US: NEX-Forms Lite plugin for WordPress
CVE-2014-7150
	RESERVED
CVE-2014-7149
	RESERVED
CVE-2014-7148
	RESERVED
CVE-2014-7147
	RESERVED
CVE-2014-7146 (The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remot ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17725
	NOTE: https://github.com/mantisbt/mantisbt/commit/bed19db9 (1.2.x branch)
	NOTE: https://github.com/mantisbt/mantisbt/commit/84017535 (master)
CVE-2014-7140 (Unspecified vulnerability in the management interface in Citrix NetSca ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2014-7139 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact For ...)
	NOT-FOR-US: WordPress plugin Contact Form DB
CVE-2014-7138 (Cross-site scripting (XSS) vulnerability in the Google Calendar Events ...)
	NOT-FOR-US: WordPress plugin Google Calendar Events
CVE-2014-7137 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6. ...)
	- dolibarr 3.5.5+dfsg1-1 (bug #770313)
CVE-2014-7136 (Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka ...)
	NOT-FOR-US: K7 Computing
CVE-2014-7135 (The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Andro ...)
	NOT-FOR-US: Ayuntamiento de Coana (aka com.wInfoCoa) application for Android
CVE-2014-7134 (The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 f ...)
	NOT-FOR-US: PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application for Android
CVE-2014-7133
	REJECTED
CVE-2014-7132 (The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 1 ...)
	NOT-FOR-US: Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application for Android
CVE-2014-7131 (The Digital Content NewFronts 2014 (aka com.coreapps.android.followme. ...)
	NOT-FOR-US: Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application for Android
CVE-2014-7130
	REJECTED
CVE-2014-7129 (The Argus Leader Print Edition (aka com.argusleader.android.prod) appl ...)
	NOT-FOR-US: Argus Leader Print Edition (aka com.argusleader.android.prod) application for Android
CVE-2014-7128 (The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application ...)
	NOT-FOR-US: Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application for Android
CVE-2014-7127 (The Football Espana magazine (aka com.triactivemedia.footballespana) a ...)
	NOT-FOR-US: Football Espana magazine (aka com.triactivemedia.footballespana) application for Android
CVE-2014-7126
	REJECTED
CVE-2014-7125 (The Motor (aka com.magzter.motorhwpublishing) application 3.0 for Andr ...)
	NOT-FOR-US: Motor (aka com.magzter.motorhwpublishing) application for Android
CVE-2014-7124 (The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android ...)
	NOT-FOR-US: IP Alarm (aka com.cosesy.gadget.alarm) application for Android
CVE-2014-7123 (The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for And ...)
	NOT-FOR-US: Brevir Harian V2 (aka com.brevir.harian.v) application for Android
CVE-2014-7122 (The Lansing State Journal Print (aka com.lansingjournal.android.prod)  ...)
	NOT-FOR-US: Lansing State Journal Print (aka com.lansingjournal.android.prod) application for Android
CVE-2014-7121 (The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does n ...)
	NOT-FOR-US: Dhanam (aka com.magzter.dhanam) application for Android
CVE-2014-7120 (The Model Laboratory (aka com.magazinecloner.modellaboratory) applicat ...)
	NOT-FOR-US: Model Laboratory (aka com.magazinecloner.modellaboratory) application for Android
CVE-2014-7119 (The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android doe ...)
	NOT-FOR-US: GNAM 2013 (aka com.beepeers.gndam) application for Android
CVE-2014-7118 (The Itography Item Hunt (aka com.itography.application) application 3. ...)
	NOT-FOR-US: Itography Item Hunt (aka com.itography.application) application for Android
CVE-2014-7117 (The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0 ...)
	NOT-FOR-US: Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application for Android
CVE-2014-7116 (The NRA Journal (aka com.magazinecloner.nationalrifleassociationjourna ...)
	NOT-FOR-US: NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application for Android
CVE-2014-7115 (The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) ap ...)
	NOT-FOR-US: Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application for Android
CVE-2014-7114
	REJECTED
CVE-2014-7113 (The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 f ...)
	NOT-FOR-US: NASA Universe Wallpapers Xeus (aka com.xeusNASA) application for Android
CVE-2014-7112
	REJECTED
CVE-2014-7111 (The Android Excellence (aka an.exc.ap) application 1.4.1 for Android d ...)
	NOT-FOR-US: Android Excellence (aka an.exc.ap) application for Android
CVE-2014-7110
	REJECTED
CVE-2014-7109 (The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android doe ...)
	NOT-FOR-US: Nesvarnik (aka cz.dtest.nesvarnik) application for Android
CVE-2014-7108 (The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) a ...)
	NOT-FOR-US: Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application for Android
CVE-2014-7107 (The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for ...)
	NOT-FOR-US: The Human Factor (aka com.magzter.thehumanfactor) application for Android
CVE-2014-7106 (The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does ...)
	NOT-FOR-US: Orakel-Ball (aka com.wOrakelball) application for Android
CVE-2014-7105
	REJECTED
CVE-2014-7104 (The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Andr ...)
	NOT-FOR-US: gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application for Android
CVE-2014-7103 (The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) ...)
	NOT-FOR-US: Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application for Android
CVE-2014-7102 (The Car Insurance Quote Comparison (aka com.seopa.quotezone) applicati ...)
	NOT-FOR-US: Car Insurance Quote Comparison (aka com.seopa.quotezone) application for Android
CVE-2014-7101 (The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3 ...)
	NOT-FOR-US: Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application for Android
CVE-2014-7100 (The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not ...)
	NOT-FOR-US: www.sm3ny.com (aka sm3ny.com) application for Android
CVE-2014-7099 (The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application ...)
	NOT-FOR-US: Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application for Android
CVE-2014-7098 (The Fylet Secure Large File Sender (aka com.application.fyletFileSende ...)
	NOT-FOR-US: Fylet Secure Large File Sender (aka com.application.fyletFileSender) application for Android
CVE-2014-7097
	REJECTED
CVE-2014-7096
	REJECTED
CVE-2014-7095
	REJECTED
CVE-2014-7094
	REJECTED
CVE-2014-7093 (The Superbike Magazine (aka com.triactivemedia.superbike) application  ...)
	NOT-FOR-US: Superbike Magazine (aka com.triactivemedia.superbike) application for Android
CVE-2014-7092 (The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does  ...)
	NOT-FOR-US: Ubooly (aka com.ubooly.ubooly) application for Android
CVE-2014-7091 (The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for  ...)
	NOT-FOR-US: Sacramento Kings (aka com.tibco.gse.sports) application for Android
CVE-2014-7090 (The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android d ...)
	NOT-FOR-US: MyVCCCD (aka com.dub.app.ventura) application for Android
CVE-2014-7089 (The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0 ...)
	NOT-FOR-US: COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application for Android
CVE-2014-7088 (The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does ...)
	NOT-FOR-US: JDM Lifestyle (aka com.hondatech) application for Android
CVE-2014-7087 (The Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropea ...)
	NOT-FOR-US: Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application for Android
CVE-2014-7086 (The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for  ...)
	NOT-FOR-US: Killer Screen lock (aka com.cc.theme.shashou) application for Android
CVE-2014-7085 (The i Newspaper (aka com.independent.thei) application @7F080184 for A ...)
	NOT-FOR-US: i Newspaper (aka com.independent.thei) application for Android
CVE-2014-7084 (The Hesheng 80 (aka com.ireadercity.c29) application 3.0.2 for Android ...)
	NOT-FOR-US: Hesheng 80 (aka com.ireadercity.c29) application for Android
CVE-2014-7083 (The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does n ...)
	NOT-FOR-US: Jiu Jik (aka com.scmp.jiujik) application for Android
CVE-2014-7082 (The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 fo ...)
	NOT-FOR-US: No Disturb (aka com.blogspot.imapp.imnodisturb) application for Android
CVE-2014-7081
	REJECTED
CVE-2014-7080 (The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for  ...)
	NOT-FOR-US: Sigong ebook (aka com.sigongsa.sigonggenre) application for Android
CVE-2014-7079 (The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application  ...)
	NOT-FOR-US: Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application for Android
CVE-2014-7078 (The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for And ...)
	NOT-FOR-US: Payoneer Sign Up (aka com.wPayoneerSignUp) application for Android
CVE-2014-7077 (The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application  ...)
	NOT-FOR-US: Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application for Android
CVE-2014-7076 (The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for ...)
	NOT-FOR-US: Sanctuary Asia (aka com.magzter.sanctuaryasia) application for Android
CVE-2014-7075 (The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for A ...)
	NOT-FOR-US: HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application for Android
CVE-2014-7074
	REJECTED
CVE-2014-7073 (The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) applicati ...)
	NOT-FOR-US: Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application for Android
CVE-2014-7072 (The Venezia map (aka com.wVeneziamap) application 0.1 for Android does ...)
	NOT-FOR-US: Venezia map (aka com.wVeneziamap) application for Android
CVE-2014-7071 (The Autocar India (aka com.magzter.autocarindia) application 3.03 for  ...)
	NOT-FOR-US: Autocar India (aka com.magzter.autocarindia) application for Android
CVE-2014-7070 (The Air War Hero (aka com.dev.airwar) application 3.0 for Android does ...)
	NOT-FOR-US: Air War Hero (aka com.dev.airwar) application for Android
CVE-2014-7069 (The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android ...)
	NOT-FOR-US: Aventino Brand (aka com.AventinoBrand) application for Android
CVE-2014-7068 (The Neumann Student Activities (aka com.appmakr.app153856) application ...)
	NOT-FOR-US: Neumann Student Activities (aka com.appmakr.app153856) application for Android
CVE-2014-7067 (The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for And ...)
	NOT-FOR-US: BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application for Android
CVE-2014-7066 (The LegalEra (aka com.magzter.legalera) application 3.0 for Android do ...)
	NOT-FOR-US: LegalEra (aka com.magzter.legalera) application for Android
CVE-2014-7065 (The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) a ...)
	NOT-FOR-US: Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application for Android
CVE-2014-7064 (The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough)  ...)
	NOT-FOR-US: ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application for Android
CVE-2014-7063 (The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Androi ...)
	NOT-FOR-US: Bikers Romagna (aka com.bikers.romagna) application for Android
CVE-2014-7062 (The Association Min Ajlik (aka com.association.min.ajlik) application  ...)
	NOT-FOR-US: Association Min Ajlik (aka com.association.min.ajlik) application for Android
CVE-2014-7061 (The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0 ...)
	NOT-FOR-US: MODSIM World 2014 (aka com.concursive.modsimworld) application for Android
CVE-2014-7060 (The Your Tango (aka com.your.tango) application 1.0 for Android does n ...)
	NOT-FOR-US: Your Tango (aka com.your.tango) application for Android
CVE-2014-7059 (The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for A ...)
	NOT-FOR-US: TheDevildogGamer (aka com.wTheDevildogGamer) applicationfor Android
CVE-2014-7058 (The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) applicatio ...)
	NOT-FOR-US: Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application for Android
CVE-2014-7057 (The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) a ...)
	NOT-FOR-US: Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application for Android
CVE-2014-7056 (The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for A ...)
	NOT-FOR-US: Yeast Infection (aka com.wyeastinfectionapp) application for Android
CVE-2014-7055 (The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) applica ...)
	NOT-FOR-US: NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application for Android
CVE-2014-7054 (The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) app ...)
	NOT-FOR-US: musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application for Android
CVE-2014-7053 (The City Star ME (aka com.citystarme) application 1.0 for Android does ...)
	NOT-FOR-US: City Star ME (aka com.citystarme) application for Android
CVE-2014-7052 (The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2 ...)
	NOT-FOR-US: sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application for Android
CVE-2014-7051
	REJECTED
CVE-2014-7050 (The givenu give (aka com.givenu.give) application 1.5.3 for Android do ...)
	NOT-FOR-US: givenu give (aka com.givenu.give) application for Android
CVE-2014-7049 (The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application ...)
	NOT-FOR-US: SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application for Android
CVE-2014-7048 (The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android doe ...)
	NOT-FOR-US: Bear ID Lock (aka com.wBearIDLock) application for Android
CVE-2014-7047 (The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2 ...)
	NOT-FOR-US: Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application for Android
CVE-2014-7046 (The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 fo ...)
	NOT-FOR-US: George Wassouf (aka com.devkhr32.georgewassouf) application for Android
CVE-2014-7045 (The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) applica ...)
	NOT-FOR-US: Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application for Android
CVE-2014-7044 (The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for And ...)
	NOT-FOR-US: Street Walker (aka kt.road.StreetWalker) application for Android
CVE-2014-7043 (The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does ...)
	NOT-FOR-US: Cadpage (aka net.anei.cadpage) application for Android
CVE-2014-7042 (** DISPUTED ** The My nTelos (aka com.telespree.ntelospostpay) applica ...)
	NOT-FOR-US: My nTelos (aka com.telespree.ntelospostpay) application for Android
CVE-2014-7041 (The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for  ...)
	NOT-FOR-US: SimGene (aka com.japanbioinformatics.simgene) application for Android
CVE-2014-7040 (The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) appl ...)
	NOT-FOR-US: UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application for Android
CVE-2014-7039 (The Wild Women United (aka com.wildwomenunited) application 1.0 for An ...)
	NOT-FOR-US: Wild Women United (aka com.wildwomenunited) application for Android
CVE-2014-7038 (The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android do ...)
	NOT-FOR-US: Al Jazeera (aka com.Al.Jazeera.net) application for Android
CVE-2014-7037 (The Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) app ...)
	NOT-FOR-US: Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application for Android
CVE-2014-7036 (The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application ...)
	NOT-FOR-US: Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application for Android
CVE-2014-7035 (The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application ...)
	NOT-FOR-US: Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application for Android
CVE-2014-7034 (The Senator Inn &amp; Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0 ...)
	NOT-FOR-US: Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application for Android
CVE-2014-7033 (The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 ...)
	NOT-FOR-US: Cure Viewer (aka com.livedoor.android.cureviewer) application for Android
CVE-2014-7032 (The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android ...)
	NOT-FOR-US: MYHABIT (aka com.amazon.myhabit) application for Android
CVE-2014-7031 (The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5  ...)
	NOT-FOR-US: RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application for Android
CVE-2014-7030 (The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE ...)
	NOT-FOR-US: Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application for Android
CVE-2014-7029 (The Bultmonster Registret (aka com.bultmonster.registret) application  ...)
	NOT-FOR-US: Bultmonster Registret (aka com.bultmonster.registret) application for Android
CVE-2014-7028 (The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) app ...)
	NOT-FOR-US: Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application for Android
CVE-2014-7027 (The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D55 ...)
	NOT-FOR-US: Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application for Android
CVE-2014-7026 (The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application  ...)
	NOT-FOR-US: LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application for Android
CVE-2014-7025 (The Who-is-it? Lite name caller time limited free (aka de.profiler.and ...)
	NOT-FOR-US: Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application for Android
CVE-2014-7024 (The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 f ...)
	NOT-FOR-US: Hardest Game Collection (aka com.lotfun.abuse) application for Android
CVE-2014-7023 (The Find Color (aka com.chudong.color) application 1.1.1 for Android d ...)
	NOT-FOR-US: Find Color (aka com.chudong.color) application for Android
CVE-2014-7022 (The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) a ...)
	NOT-FOR-US: Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application for Android
CVE-2014-7021 (The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) applica ...)
	NOT-FOR-US: Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application for Android
CVE-2014-7020 (The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) applic ...)
	NOT-FOR-US: Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application for Android
CVE-2014-7019 (The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does  ...)
	NOT-FOR-US: Clarks Inn (aka com.ClarksInn) application for Android
CVE-2014-7018 (The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.062 ...)
	NOT-FOR-US: LOVE DANCE (aka com.efunfun.ddianle.lovedance) application for Android
CVE-2014-7017 (The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) applicat ...)
	NOT-FOR-US: Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application for Android
CVE-2014-7016 (The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android  ...)
	NOT-FOR-US: Mahasna Batik (aka com.batik.mahasna) application for Android
CVE-2014-7015 (The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD fo ...)
	NOT-FOR-US: JJ Texas Hold'em Poker (aka cn.jj.poker) application for Android
CVE-2014-7014
	REJECTED
CVE-2014-7013 (The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) appli ...)
	NOT-FOR-US: Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application for Android
CVE-2014-7012 (The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1  ...)
	NOT-FOR-US: Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application for Android
CVE-2014-7011 (The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android  ...)
	NOT-FOR-US: NWTC Mobile (aka com.dub.app.nwtc) application for Android
CVE-2014-7010 (The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android  ...)
	NOT-FOR-US: UTSA Mobile (aka com.dub.app.utsa) application for Android
CVE-2014-7009 (The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for ...)
	NOT-FOR-US: HKBN My Account (aka com.hkbn.myaccount) application for Android
CVE-2014-7008 (The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) applicat ...)
	NOT-FOR-US: Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application for Android
CVE-2014-7007 (The Master Mix (aka com.nobexinc.wls_24832536.rc) application 3.3.5 fo ...)
	NOT-FOR-US: Master Mix (aka com.nobexinc.wls_24832536.rc) application for Android
CVE-2014-7006 (The HydFM (aka com.apheliontechnologies.hydfm) application 1.1.9 for A ...)
	NOT-FOR-US: HydFM (aka com.apheliontechnologies.hydfm) application for Android
CVE-2014-7005 (The Foconet (aka suporte.com.foconet) application 1.0 for Android does ...)
	NOT-FOR-US: Foconet (aka suporte.com.foconet) application for Android
CVE-2014-7004 (The PETA (aka com.peta.android) application 1.1 for Android does not v ...)
	NOT-FOR-US: PETA (aka com.peta.android) application for Android
CVE-2014-7003 (The Goodwin (aka com.goodwin.Goodwin) application 1.15 for Android doe ...)
	NOT-FOR-US: Goodwin (aka com.goodwin.Goodwin) application for Android
CVE-2014-7002 (The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) appli ...)
	NOT-FOR-US: Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application for Android
CVE-2014-7001 (The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android  ...)
	NOT-FOR-US: Jian Ren (aka cn.sh.scustom.janren) application for Android
CVE-2014-7000 (The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8  ...)
	NOT-FOR-US: Paul Alexander Campaign (aka hr.apps.n51261427) application for Android
CVE-2014-6999 (The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_andr ...)
	NOT-FOR-US: Questoes OAB (aka com.pedefeijao.questoesoab) application for Android
CVE-2014-6998 (The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) ...)
	NOT-FOR-US: PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application for Android
CVE-2014-6997 (The Dino Village (aka com.tappocket.dinovillage) application 1.6 for A ...)
	NOT-FOR-US: Dino Village (aka com.tappocket.dinovillage) application for Android
CVE-2014-6996 (The Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application 1.0 ...)
	NOT-FOR-US: Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application for Android
CVE-2014-6995 (The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Andr ...)
	NOT-FOR-US: adidas eyewear (aka com.adidasep.eyewear) application for Android
CVE-2014-6994 (The Atecea (aka com.atecea) application 1.2 for Android does not verif ...)
	NOT-FOR-US: Atecea (aka com.atecea) application for Android
CVE-2014-6993 (The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for And ...)
	NOT-FOR-US: Codeeta Coupons (aka com.codeeta.promos) application for Android
CVE-2014-6992 (The Timeless Black (aka com.apptive.android.apps.timeless) application ...)
	NOT-FOR-US: Timeless Black (aka com.apptive.android.apps.timeless) application for Android
CVE-2014-6991 (The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for An ...)
	NOT-FOR-US: LiveAuctions.tv (aka air.LiveAndroidMaxx) application for Android
CVE-2014-6990 (The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit ...)
	NOT-FOR-US: Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application for Android
CVE-2014-6989 (The Germanwings (aka com.germanwings.android) application 2.1.13 for A ...)
	NOT-FOR-US: Germanwings (aka com.germanwings.android) application for Android
CVE-2014-6988 (The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7 ...)
	NOT-FOR-US: Quotes in Images (aka pt.lumberapps.imagensfrases) application for Android
CVE-2014-6987 (The Mass Gaming TV (aka net.massgamers) application 1.0 for Android do ...)
	NOT-FOR-US: Mass Gaming TV (aka net.massgamers) application for Android
CVE-2014-6986 (The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) appl ...)
	NOT-FOR-US: Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application for Android
CVE-2014-6985 (The Georgia Packing (aka com.tapatalk.georgiapackingorg) application 3 ...)
	NOT-FOR-US: Georgia Packing (aka com.tapatalk.georgiapackingorg) application for Android
CVE-2014-6984 (The Shots (aka com.shots.android) application 1.0.8 for Android does n ...)
	NOT-FOR-US: Shots (aka com.shots.android) application for Android
CVE-2014-6983 (The NBE (aka com.nbe.app) application 1.1 for Android does not verify  ...)
	NOT-FOR-US: NBE (aka com.nbe.app) application for Android
CVE-2014-6982 (The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) applic ...)
	NOT-FOR-US: Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application for Android
CVE-2014-6981 (The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for And ...)
	NOT-FOR-US: Taiwan Business Bank (aka com.mitake.TBB) application for Android
CVE-2014-6980 (The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for  ...)
	NOT-FOR-US: LINE PLAY (aka jp.naver.lineplay.android) application for Android
CVE-2014-6979 (The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android ...)
	NOT-FOR-US: MiWay Insurance Ltd (aka com.MiWay.MD) application for Android
CVE-2014-6978 (The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuiztee ...)
	NOT-FOR-US: Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application for Android
CVE-2014-6977 (The eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.direc ...)
	NOT-FOR-US: eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application for Android
CVE-2014-6976 (The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does  ...)
	NOT-FOR-US: Aeroexpress (aka ru.lynx.aero) application for Android
CVE-2014-6975 (The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not ...)
	NOT-FOR-US: Twin Lin (aka com.twinlin.twmo) application for Android
CVE-2014-6974 (The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android ...)
	NOT-FOR-US: MifaShow Hairstyles (aka com.mifashow) application for Android
CVE-2014-6973 (The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for And ...)
	NOT-FOR-US: Care4Kids (aka com.codetherapy.care4kids) application for Android
CVE-2014-6972 (The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 ...)
	NOT-FOR-US: Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application for Android
CVE-2014-6971 (The Easy Video Downloader (aka com.simon.padillar.EasyVideo) applicati ...)
	NOT-FOR-US: Easy Video Downloader (aka com.simon.padillar.EasyVideo) application for Android
CVE-2014-6970 (The North American Ismaili Games (aka hr.apps.n166983741) application  ...)
	NOT-FOR-US: North American Ismaili Games (aka hr.apps.n166983741) application for Android
CVE-2014-6969 (The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android ...)
	NOT-FOR-US: Deltin Suites (aka com.DeltinSuites) application for Android
CVE-2014-6968 (The Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) applicati ...)
	NOT-FOR-US: Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) application for Android
CVE-2014-6967 (The Albion College (aka com.vivomobile.albioncollege) application 2.1. ...)
	NOT-FOR-US: Albion College (aka com.vivomobile.albioncollege) application for Android
CVE-2014-6966 (The West Bend School District (aka net.parentlink.westbend) applicatio ...)
	NOT-FOR-US: West Bend School District (aka net.parentlink.westbend) application for Android
CVE-2014-6965 (The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not v ...)
	NOT-FOR-US: FAZ.NET (aka net.faz.FAZ) application for Android
CVE-2014-6964 (The Hanyang University Admissions (aka kr.ac.hanyang.planner) applicat ...)
	NOT-FOR-US: Hanyang University Admissions (aka kr.ac.hanyang.planner) application for Android
CVE-2014-6963 (The feiron (aka es.sw.feironmobile.app) application 1.1 for Android do ...)
	NOT-FOR-US: feiron (aka es.sw.feironmobile.app) application for Android
CVE-2014-6962 (The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 f ...)
	NOT-FOR-US: Elk Grove PublicStuff (aka com.wassabi.elkgrove) application for Android
CVE-2014-6961 (The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 fo ...)
	NOT-FOR-US: SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application for Android
CVE-2014-6960 (The Multitrac (aka com.multitrac) application 1.04 for Android does no ...)
	NOT-FOR-US: Multitrac (aka com.multitrac) application for Android
CVE-2014-6959 (The QinCard (aka com.haowan.qincard) application 2.0 for Android does  ...)
	NOT-FOR-US: QinCard (aka com.haowan.qincard) application for Android
CVE-2014-6958 (The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb1 ...)
	NOT-FOR-US: ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application for Android
CVE-2014-6957 (The scottcolibmn (aka com.bredir.boopsie.scottlib) application 4.5.110 ...)
	NOT-FOR-US: scottcolibmn (aka com.bredir.boopsie.scottlib) application for Android
CVE-2014-6956 (The Hydrogen Water (aka com.appzone628) application 1.0 for Android do ...)
	NOT-FOR-US: Hydrogen Water (aka com.appzone628) application for Android
CVE-2014-6955 (The Le Grand Bleu (aka com.appzone468) application 1.0 for Android doe ...)
	NOT-FOR-US: Le Grand Bleu (aka com.appzone468) application for Android
CVE-2014-6954 (The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free)  ...)
	NOT-FOR-US: Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application for Android
CVE-2014-6953 (The AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewithar ...)
	NOT-FOR-US: AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewitharchie) application for Android
CVE-2014-6952 (The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android do ...)
	NOT-FOR-US: Manga Facts (aka app.mangafacts.ar) application for Android
CVE-2014-6951 (The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for And ...)
	NOT-FOR-US: OneFile Ignite (aka uk.co.onefile.ignite) application for Android
CVE-2014-6950 (The Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) app ...)
	NOT-FOR-US: Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) application for Android
CVE-2014-6949 (The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) applic ...)
	NOT-FOR-US: Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application for Android
CVE-2014-6948 (The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif)  ...)
	NOT-FOR-US: TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application for Android
CVE-2014-6947 (The Archie Comics (aka com.iversecomics.archie.android) application 1. ...)
	NOT-FOR-US: Archie Comics (aka com.iversecomics.archie.android) application for Android
CVE-2014-6946 (The Re:kyu (aka com.appzone619) application 1.0 for Android does not v ...)
	NOT-FOR-US: Re:kyu (aka com.appzone619) application for Android
CVE-2014-6945 (The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for A ...)
	NOT-FOR-US: Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application for Android
CVE-2014-6944 (The mitfahrgelegenheit.at (aka com.carpooling.android.at) application  ...)
	NOT-FOR-US: mitfahrgelegenheit.at (aka com.carpooling.android.at) application for Android
CVE-2014-6943 (The Konigsleiten (aka com.knigsleiten) application 1.0 for Android doe ...)
	NOT-FOR-US: Konigsleiten (aka com.knigsleiten) application for Android
CVE-2014-6942 (The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) applic ...)
	NOT-FOR-US: Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application for Android
CVE-2014-6941 (The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for An ...)
	NOT-FOR-US: NOS Alive (aka pt.optimus.optimusalive2011) application for Android
CVE-2014-6940 (The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D ...)
	NOT-FOR-US: Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application for Android
CVE-2014-6939 (The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFr ...)
	NOT-FOR-US: Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application for Android
CVE-2014-6938 (The Apostilas musicais (aka com.apostilas) application 1.0 for Android ...)
	NOT-FOR-US: Apostilas musicais (aka com.apostilas) application for Android
CVE-2014-6937 (The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) applic ...)
	NOT-FOR-US: China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application for Android
CVE-2014-6936 (The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for An ...)
	NOT-FOR-US: IDS 2013 (aka de.mobileeventguide.ids2013) application for Android
CVE-2014-6935 (The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) app ...)
	NOT-FOR-US: ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application for Android
CVE-2014-6934 (The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) ap ...)
	NOT-FOR-US: Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application for Android
CVE-2014-6933 (The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application ...)
	NOT-FOR-US: Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application for Android
CVE-2014-6932 (The All Navalny (aka com.all.navalny) application 1.10 for Android doe ...)
	NOT-FOR-US: All Navalny (aka com.all.navalny) application for Android
CVE-2014-6931 (The Treves Dance Center (aka com.myapphone.android.myapptrvesdancecent ...)
	NOT-FOR-US: Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application for Android
CVE-2014-6930 (The Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application ...)
	NOT-FOR-US: Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application for Android
CVE-2014-6929 (The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) applicati ...)
	NOT-FOR-US: AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application for Android
CVE-2014-6928 (The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) appli ...)
	NOT-FOR-US: Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application for Android
CVE-2014-6927 (The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for And ...)
	NOT-FOR-US: Myanmar Housing : mmHome (aka com.mmhome3) application for Android
CVE-2014-6926 (The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1. ...)
	NOT-FOR-US: Allt om Brollop (aka com.paperton.wl.alltombrollop) application for Android
CVE-2014-6925 (The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 f ...)
	NOT-FOR-US: Steyr Forum (aka com.tapatalk.steyrclubcomvb) application for Android
CVE-2014-6924 (The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android ...)
	NOT-FOR-US: Metro News (aka com.netpia.ha.metro) application for Android
CVE-2014-6923 (The Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) ...)
	NOT-FOR-US: Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) application for Android
CVE-2014-6922 (The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4  ...)
	NOT-FOR-US: KFAI Community Radio (aka com.skyblue.pra.kfai) application for Android
CVE-2014-6921 (The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for ...)
	NOT-FOR-US: Buckhorn Grill (aka com.orderingapps.buckhorn) application for Android
CVE-2014-6920 (The Canal 44 (aka com.canal.canal44) application 1.0 for Android does  ...)
	NOT-FOR-US: Canal 44 (aka com.canal.canal44) application for Android
CVE-2014-6919 (The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) applica ...)
	NOT-FOR-US: Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application for Android
CVE-2014-6918 (The Bikers Underground (aka hr.ap.n66871172) application 4.5.10 for An ...)
	NOT-FOR-US: Bikers Underground (aka hr.ap.n66871172) application for Android
CVE-2014-6917 (The www.knote.kr Smart (aka kr.or.knote.android) application 1.0.3 for ...)
	NOT-FOR-US: www.knote.kr Smart (aka kr.or.knote.android) application for Android
CVE-2014-6916 (The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does  ...)
	NOT-FOR-US: mama.cn (aka cn.ziipin.mama.ui) application for Android
CVE-2014-6915
	REJECTED
CVE-2014-6914 (The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 ...)
	NOT-FOR-US: Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application for Android
CVE-2014-6913 (The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 ...)
	NOT-FOR-US: Dive The World (aka com.paperton.wl.divetheworld) application for Android
CVE-2014-6912 (The IRA's 59th Annual Conference (aka com.coreapps.android.followme.ir ...)
	NOT-FOR-US: IRA's 59th Annual Conference (aka com.coreapps.android.followme.ira_14) application for Android
CVE-2014-6911 (The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for And ...)
	NOT-FOR-US: diziturky HD 2015 (aka com.adv.diziturky) application for Android
CVE-2014-6910 (The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) applica ...)
	NOT-FOR-US: MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application for Android
CVE-2014-6909 (The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) applica ...)
	NOT-FOR-US: Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application for Android
CVE-2014-6908 (The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 fo ...)
	NOT-FOR-US: Forum IC (aka com.tapatalk.forumimmigrercom) application for Android
CVE-2014-6907 (The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 f ...)
	NOT-FOR-US: Rakuten Install (aka co.jp.rakuten.installapp) application for Android
CVE-2014-6906 (The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) applicatio ...)
	NOT-FOR-US: Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application for Android
CVE-2014-6905 (The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) applicat ...)
	NOT-FOR-US: H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application for Android
CVE-2014-6904 (The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 ...)
	NOT-FOR-US: Safe Browser - The Web Filter (aka com.cloudacl) application for Android
CVE-2014-6903 (The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application  ...)
	NOT-FOR-US: Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application for Android
CVE-2014-6902 (The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android  ...)
	NOT-FOR-US: Anjuke (aka com.anjuke.android.app) application for Android
CVE-2014-6901 (The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application  ...)
	NOT-FOR-US: RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application for Android
CVE-2014-6900 (The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014)  ...)
	NOT-FOR-US: EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application for Android
CVE-2014-6899 (The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for ...)
	NOT-FOR-US: Jazeera Airways (aka com.winit.jazeeraairways) application for Android
CVE-2014-6898 (The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4 ...)
	NOT-FOR-US: Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application for Android
CVE-2014-6897 (The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android do ...)
	NOT-FOR-US: Skyrim Map (aka com.neko.skyrimmap) application for Android
CVE-2014-6896 (The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not ...)
	NOT-FOR-US: Yik Yak (aka com.yik.yak) application for Android
CVE-2014-6895 (The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Androi ...)
	NOT-FOR-US: Throne Rush (aka com.progrestar.bft) application for Android
CVE-2014-6894 (The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Andr ...)
	NOT-FOR-US: Lucktastic (aka com.lucktastic.scratch) application for Android
CVE-2014-6893 (The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) applicatio ...)
	NOT-FOR-US: Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application for Android
CVE-2014-6892 (The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1  ...)
	NOT-FOR-US: kalahari.com Shopping (aka com.kalahari.shop) application for Android
CVE-2014-6891 (The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) applic ...)
	NOT-FOR-US: Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application for Android
CVE-2014-6890 (The CouponCabin - Coupons &amp; Deals (aka com.couponcabin) applicatio ...)
	NOT-FOR-US: CouponCabin - Coupons & Deals (aka com.couponcabin) application for Android
CVE-2014-6889 (The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for An ...)
	NOT-FOR-US: GunBroker.com (aka com.gunbroker.android) application for Android
CVE-2014-6888 (The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3 ...)
	NOT-FOR-US: PennyTalk Mobile (aka net.idt.pennytalk.android) application for Android
CVE-2014-6887 (The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for  ...)
	NOT-FOR-US: EXPRESS (aka com.gpshopper.express.android) application for Android
CVE-2014-6886 (The WePhone - phone calls vs skype (aka com.wephoneapp) application 1. ...)
	NOT-FOR-US: WePhone - phone calls vs skype (aka com.wephoneapp) application for Android
CVE-2014-6885 (The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysp ...)
	NOT-FOR-US: Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application for Android
CVE-2014-6884 (The Ford Credit Account Manager (aka com.fordcredit.accountmanager) ap ...)
	NOT-FOR-US: Ford Credit Account Manager (aka com.fordcredit.accountmanager) application for Android
CVE-2014-6883 (The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application  ...)
	NOT-FOR-US: CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application for Android
CVE-2014-6882 (The Western Federal Credit Union (aka com.kerrata.pulse.western) appli ...)
	NOT-FOR-US: Western Federal Credit Union (aka com.kerrata.pulse.western) application for Android
CVE-2014-6881 (The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) appli ...)
	NOT-FOR-US: PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application for Android
CVE-2014-6880 (The TradeHero (aka com.tradehero.th) application 2.2.5 for Android doe ...)
	NOT-FOR-US: TradeHero (aka com.tradehero.th) application for Android
CVE-2014-6879 (The Equifax Mobile (aka com.equifax) application 1.5 for Android does  ...)
	NOT-FOR-US: Equifax Mobile (aka com.equifax) application for Android
CVE-2014-6878 (The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 ...)
	NOT-FOR-US: RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application for Android
CVE-2014-6877 (The Santander Personal Banking (aka com.sovereign.santander) applicati ...)
	NOT-FOR-US: Santander Personal Banking (aka com.sovereign.santander) application for Android
CVE-2014-6876 (The American Express Serve (aka com.serve.mobile) application @7F0901E ...)
	NOT-FOR-US: American Express Serve (aka com.serve.mobile) application for Android
CVE-2014-6875 (The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for ...)
	NOT-FOR-US: Woodforest Mobile Banking (aka com.woodforest) application for Android
CVE-2014-6874 (The ModSim Connected (aka com.concursive.modsim) application 2.0 for A ...)
	NOT-FOR-US: ModSim Connected (aka com.concursive.modsim) application for Android
CVE-2014-6873 (The AMGC (aka com.amec.uae) application 6.0 for Android does not verif ...)
	NOT-FOR-US: AMGC (aka com.amec.uae) application for Android
CVE-2014-6872 (The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does ...)
	NOT-FOR-US: TTNET Muzik (aka com.ttnet.muzik) application for Android
CVE-2014-6871 (The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 ...)
	NOT-FOR-US: Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application for Android
CVE-2014-6870 (The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for  ...)
	NOT-FOR-US: BGEnergy (aka com.bluegrass.smartapps) application for Android
CVE-2014-6869 (The barcode scanner (aka tw.com.books.android.plus) application 2.3.0  ...)
	NOT-FOR-US: barcode scanner (aka tw.com.books.android.plus) application for Android
CVE-2014-6868 (The DS audio (aka com.synology.DSaudio) application 3.4 for Android do ...)
	NOT-FOR-US: DS audio (aka com.synology.DSaudio) application for Android
CVE-2014-6867 (The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5 ...)
	NOT-FOR-US: Sortir en Alsace (aka com.axessweb.sortirenalsace) application for Android
CVE-2014-6866 (The HomeAdvisor Mobile (aka com.servicemagic.consumer) application 3.0 ...)
	NOT-FOR-US: HomeAdvisor Mobile (aka com.servicemagic.consumer) application for Android
CVE-2014-6865 (The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33e ...)
	NOT-FOR-US: Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application for Android
CVE-2014-6864 (The Forest River Forums (aka com.socialknowledge.forestriverforums) ap ...)
	NOT-FOR-US: Forest River Forums (aka com.socialknowledge.forestriverforums) application for Android
CVE-2014-6863 (The Mootorratturid &amp; biker.ee (aka ee.digitalfruit.mootorratturid) ...)
	NOT-FOR-US: Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) application for Android
CVE-2014-6862 (The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Androi ...)
	NOT-FOR-US: ArtAcces (aka cat.gencat.mobi.artacces) application for Android
CVE-2014-6861 (The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb)  ...)
	NOT-FOR-US: Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application for Android
CVE-2014-6860 (The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1 ...)
	NOT-FOR-US: Trial Tracker (aka com.etcweb.android.trial_tracker) application for Android
CVE-2014-6859 (The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 fo ...)
	NOT-FOR-US: Daum Maps - Subway (aka net.daum.android.map) application for Android
CVE-2014-6858 (The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0  ...)
	NOT-FOR-US: Mostafa Shemeas (aka com.mostafa.shemeas.website) application for Android
CVE-2014-6857 (The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 fo ...)
	NOT-FOR-US: Car Wallpapers HD (aka com.arab4x4.gallery.app) application for Android
CVE-2014-6856 (The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android d ...)
	NOT-FOR-US: AHRAH (aka com.vet2pet.aid219426) application for Android
CVE-2014-6855 (The Long (aka com.imop.longjiang.android) application 1.0.4 for Androi ...)
	NOT-FOR-US: Long (aka com.imop.longjiang.android) application for Android
CVE-2014-6854 (The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for Andr ...)
	NOT-FOR-US: EyeXam (aka com.globaleyeventures.eyexam) application for Android
CVE-2014-6853 (The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) appli ...)
	NOT-FOR-US: Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application for Android
CVE-2014-6852 (The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0 ...)
	NOT-FOR-US: LedLine.gr Official (aka com.automon.ledline.gr) application for Android
CVE-2014-6851 (The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for  ...)
	NOT-FOR-US: New Beginnings CFC (aka com.goodbarber.nbcfc) application for Android
CVE-2014-6850 (The SED Account (aka com.starkville.smartapps) application 1.153.0034  ...)
	NOT-FOR-US: SED Account (aka com.starkville.smartapps) application for Android
CVE-2014-6849
	REJECTED
CVE-2014-6848 (The DS file (aka com.synology.DSfile) application 4.1.1 for Android do ...)
	NOT-FOR-US: DS file (aka com.synology.DSfile) application for Android
CVE-2014-6847 (The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1. ...)
	NOT-FOR-US: Horoscopes and Dreams (aka com.horoscopesanddreams) application for Android
CVE-2014-6846 (The Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.andro ...)
	NOT-FOR-US: Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application for Android
CVE-2014-6845 (The MediaFire (aka com.mediafire.android) application 1.1.1 for Androi ...)
	NOT-FOR-US: MediaFire (aka com.mediafire.android) application for Android
CVE-2014-6844 (The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for Andr ...)
	NOT-FOR-US: ABC Song (aka com.tabtale.abcsingalong) application for Android
CVE-2014-6843 (The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for An ...)
	NOT-FOR-US: Sweatshop (aka com.orderingapps.sweatshop) application for Android
CVE-2014-6842 (The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) ap ...)
	NOT-FOR-US: Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application for Android
CVE-2014-6841 (The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for And ...)
	NOT-FOR-US: RTI INDIA (aka com.vbulletin.build_890) application for Android
CVE-2014-6840 (The My Wedding Planner (aka app.wedding) application 1.5 for Android d ...)
	NOT-FOR-US: My Wedding Planner (aka app.wedding) application for Android
CVE-2014-6839 (The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for An ...)
	NOT-FOR-US: Alma Corinthiana (aka com.alma.corinthiana) application for Android
CVE-2014-6838 (The Groupama toujours la (aka com.groupama.toujoursla) application 1.3 ...)
	NOT-FOR-US: Groupama toujours la (aka com.groupama.toujoursla) application for Android
CVE-2014-6837 (The Hillside (aka com.hillside.hermanus) application 1.1 for Android d ...)
	NOT-FOR-US: Hillside (aka com.hillside.hermanus) application for Android
CVE-2014-6836 (The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android d ...)
	NOT-FOR-US: DS photo+ (aka com.synology.dsphoto) application for Android
CVE-2014-6835 (The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for And ...)
	NOT-FOR-US: Herbal Guide (aka com.pocket.herbal.guide) application for Android
CVE-2014-6834 (The Instaroid - Instagram Viewer (aka net.muik.instaroid) application  ...)
	NOT-FOR-US: Instaroid - Instagram Viewer (aka net.muik.instaroid) application for Android
CVE-2014-6833 (The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3  ...)
	NOT-FOR-US: AuctionTrac Dealer (aka com.adesa.dealer.phone) application for Android
CVE-2014-6832 (The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16  ...)
	NOT-FOR-US: Bersa Forum (aka com.gcspublishing.bersaforum) application for Android
CVE-2014-6831 (The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for An ...)
	NOT-FOR-US: Hippo Studio (aka com.appgreen.hippostudio) application for Android
CVE-2014-6830 (The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) app ...)
	NOT-FOR-US: Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application for Android
CVE-2014-6829 (The Hook (aka com.hook.android) application 0.9.3 for Android does not ...)
	NOT-FOR-US: Hook (aka com.hook.android) application for Android
CVE-2014-6828 (The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android ...)
	NOT-FOR-US: Gulf Credit Union (aka Fi_Mobile.Gulf) application for Android
CVE-2014-6827 (The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for A ...)
	NOT-FOR-US: DK ONLINE Beta (aka com.sgmobile.dkonline) application for Android
CVE-2014-6826 (The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for And ...)
	NOT-FOR-US: Tic-Tac To The MAX FREE (aka com.tothemax) application for Android
CVE-2014-6825 (The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) applicati ...)
	NOT-FOR-US: Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application for Android
CVE-2014-6824 (The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android d ...)
	NOT-FOR-US: kamkomesan (aka com.anek.kamkomesan) application for Android
CVE-2014-6823 (The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12 ...)
	NOT-FOR-US: kuailecaidengmi (aka com.licai.kuailecaidengmi) application for Android
CVE-2014-6822 (The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for A ...)
	NOT-FOR-US: Nerdico (aka com.nerdico.danielepais) application for Android
CVE-2014-6821 (The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for  ...)
	NOT-FOR-US: voetbal (aka nl.jborsje.android.voetbal.az) application for Android
CVE-2014-6820 (The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for And ...)
	NOT-FOR-US: Amebra Ameba (aka jp.honeytrap15.amebra) application for Android
CVE-2014-6819 (The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4  ...)
	NOT-FOR-US: Lapp Group Catalogue (aka com.prinovis.LappKabel) application for Android
CVE-2014-6818 (The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm20 ...)
	NOT-FOR-US: OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application for Android
CVE-2014-6817 (The Cove (aka org.covechurch.app) application 1.0.2 for Android does n ...)
	NOT-FOR-US: Cove (aka org.covechurch.app) application for Android
CVE-2014-6816 (The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for Androi ...)
	NOT-FOR-US: WISDOM (aka lvtu99.com.nescmxiaoniuniu) application for Android
CVE-2014-6815 (The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android ...)
	NOT-FOR-US: Vouch! (aka com.voucherry.voucherry) application for Android
CVE-2014-6814 (The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) appli ...)
	NOT-FOR-US: Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) application for Android
CVE-2014-6813 (The klassens (aka com.mcreda.klassens.apps) application 1.0 for Androi ...)
	NOT-FOR-US: klassens (aka com.mcreda.klassens.apps) application for Android
CVE-2014-6812 (The Aloha Guide (aka com.aloha.guide.english) application 1.5 for Andr ...)
	NOT-FOR-US: Aloha Guide (aka com.aloha.guide.english) application for Android
CVE-2014-6811
	REJECTED
CVE-2014-6810 (The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rim ...)
	NOT-FOR-US: RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application for Android
CVE-2014-6809
	REJECTED
CVE-2014-6808 (The Active 24 (aka com.zentity.app.active24) application 1.0.1 for And ...)
	NOT-FOR-US: Active 24 (aka com.zentity.app.active24) application for Android
CVE-2014-6807 (The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.a ...)
	NOT-FOR-US: OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application for Android
CVE-2014-6806 (The Thanodi - Setswana Translator (aka com.thanodi.thanodi) applicatio ...)
	NOT-FOR-US: Thanodi - Setswana Translator (aka com.thanodi.thanodi) application for Android
CVE-2014-6805 (The weibo (aka magic.weibo) application 1.2 for Android does not verif ...)
	NOT-FOR-US: weibo (aka magic.weibo) application for Android
CVE-2014-6804 (The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes)  ...)
	NOT-FOR-US: Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application for Android
CVE-2014-6803 (The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0. ...)
	NOT-FOR-US: Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application for Android
CVE-2014-6802 (The First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynl ...)
	NOT-FOR-US: First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynlr) application for Android
CVE-2014-6801 (The frank matano (aka com.frank.matano) application 1.0 for Android do ...)
	NOT-FOR-US: frank matano (aka com.frank.matano) application for Android
CVE-2014-6800 (The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500  ...)
	NOT-FOR-US: Bloom Township 206 (aka net.parentlink.bloom) application for Android
CVE-2014-6799 (The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 fo ...)
	NOT-FOR-US: Investigation Tool (aka gov.ca.post.lp.itool) application for Android
CVE-2014-6798 (The McMaster Marauders (aka com.weever.marauders) application 1.0.1 fo ...)
	NOT-FOR-US: McMaster Marauders (aka com.weever.marauders) application for Android
CVE-2014-6797 (The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1. ...)
	NOT-FOR-US: Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application for Android
CVE-2014-6796 (The LocalSense (aka com.LocalSense) application 1.2.1 for Android does ...)
	NOT-FOR-US: LocalSense (aka com.LocalSense) application for Android
CVE-2014-6795 (The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) applic ...)
	NOT-FOR-US: Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application for Android
CVE-2014-6794 (The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for Andro ...)
	NOT-FOR-US: AAPLD (aka com.bredir.boopsie.aapld) application for Android
CVE-2014-6793 (The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for And ...)
	NOT-FOR-US: Arch Friend (aka com.xyproto.archfriend) application for Android
CVE-2014-6792 (The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for ...)
	NOT-FOR-US: Suriname Radio (aka com.wordbox.surinameRadio) application for Android
CVE-2014-6791 (The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd ...)
	NOT-FOR-US: Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application for Android
CVE-2014-6790 (The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Andr ...)
	NOT-FOR-US: INVEX (aka com.mobilatolye.keyinternet) application for Android
CVE-2014-6789 (The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application  ...)
	NOT-FOR-US: Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application for Android
CVE-2014-6788 (The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for ...)
	NOT-FOR-US: Oman News (aka com.oman.news.rmtzlnbuooordciw) application for Android
CVE-2014-6787 (The Counter Intuition (aka com.counter.intuition) application 1.2 for  ...)
	NOT-FOR-US: Counter Intuition (aka com.counter.intuition) application for Android
CVE-2014-6786 (The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) applica ...)
	NOT-FOR-US: Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) application for Android
CVE-2014-6785 (The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72)  ...)
	NOT-FOR-US: Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application for Android
CVE-2014-6784 (The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) applica ...)
	NOT-FOR-US: Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application for Android
CVE-2014-6783 (The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) applicatio ...)
	NOT-FOR-US: Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application for Android
CVE-2014-6782 (The Abraham Tours (aka com.mytoursapp.android.app432) application 1.1. ...)
	NOT-FOR-US: Abraham Tours (aka com.mytoursapp.android.app432) application for Android
CVE-2014-6781 (The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for ...)
	NOT-FOR-US: Aloha Stadium - Hawaii (aka com.stadium.aloha) application for Android
CVE-2014-6780 (The MeiTalk (aka com.playjia.meitalk) application @7F060012 for Androi ...)
	NOT-FOR-US: MeiTalk (aka com.playjia.meitalk) application for Android
CVE-2014-6779 (The Cart App (aka com.virtecha.mobilewallet) application 1.5 for Andro ...)
	NOT-FOR-US: Cart App (aka com.virtecha.mobilewallet) application for Android
CVE-2014-6778 (The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for ...)
	NOT-FOR-US: Goat Forum (aka com.gcspublishing.goatspot) application for Android
CVE-2014-6777 (The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does ...)
	NOT-FOR-US: blueeleph (aka eg.film.blueeleph) application for Android
CVE-2014-6776 (The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) appli ...)
	NOT-FOR-US: United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application for Android
CVE-2014-6775 (The Light for Pets (aka com.helenwoodward.light4pets) application 1.0  ...)
	NOT-FOR-US: Light for Pets (aka com.helenwoodward.light4pets) application for Android
CVE-2014-6774 (The USEK (aka com.university.usek) application 1.0.8 for Android does  ...)
	NOT-FOR-US: USEK (aka com.university.usek) application for Android
CVE-2014-6773 (The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 fo ...)
	NOT-FOR-US: CIH Quiz game (aka com.bowenehs.cihquizgameapp) application for Android
CVE-2014-6772 (The United Educational CU (aka com.metova.cuae.uecu) application 1.0.2 ...)
	NOT-FOR-US: United Educational CU (aka com.metova.cuae.uecu) application for Android
CVE-2014-6771 (The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for An ...)
	NOT-FOR-US: United Heritage Mobile (aka Fi_Mobile.UHCU) application for Android
CVE-2014-6770 (The Aerospace Jobs (aka com.app_aerospacejobs.layout) application 1.39 ...)
	NOT-FOR-US: Aerospace Jobs (aka com.app_aerospacejobs.layout) application for Android
CVE-2014-6769 (The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 ...)
	NOT-FOR-US: Meteo Belgique (aka com.mobilesoft.belgiumweather) application for Android
CVE-2014-6768 (The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1. ...)
	NOT-FOR-US: Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application for Android
CVE-2014-6767 (The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for A ...)
	NOT-FOR-US: Juggle! FREE (aka com.jakyl.juggleforfree) application for Android
CVE-2014-6766 (The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for  ...)
	NOT-FOR-US: Afro-Beat (aka com.zero.themelock.tambourine) application for Android
CVE-2014-6765 (The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7 ...)
	NOT-FOR-US: No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application for Android
CVE-2014-6764 (The Assyrian (aka com.b2.assyrian.activity) application 2.2 for Androi ...)
	NOT-FOR-US: Assyrian (aka com.b2.assyrian.activity) application for Android
CVE-2014-6763 (The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom ...)
	NOT-FOR-US: Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application for Android
CVE-2014-6762 (The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android ...)
	NOT-FOR-US: bongomovie (aka com.mbwasi.bongomovie) application for Android
CVE-2014-6761 (The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) a ...)
	NOT-FOR-US: Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application for Android
CVE-2014-6760 (The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2 ...)
	NOT-FOR-US: Harem Thief Dating (aka com.haremthief.haremthief) application for Android
CVE-2014-6759 (The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) applic ...)
	NOT-FOR-US: Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application for Android
CVE-2014-6758 (The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) applicat ...)
	NOT-FOR-US: Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application for Android
CVE-2014-6757 (The Koran - AlqoranVideos (aka com.alqoran.videos.example) application ...)
	NOT-FOR-US: Koran - AlqoranVideos (aka com.alqoran.videos.example) application for Android
CVE-2014-6756 (The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for Androi ...)
	NOT-FOR-US: Reddit Aww (aka org.biais.redditawww) application for Android
CVE-2014-6755 (The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) applic ...)
	NOT-FOR-US: SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application for Android
CVE-2014-6754 (The Vector Outage Manager (aka nz.co.vector.outagemanager) application ...)
	NOT-FOR-US: Vector Outage Manager (aka nz.co.vector.outagemanager) application for Android
CVE-2014-6753 (The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 f ...)
	NOT-FOR-US: sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application for Android
CVE-2014-6752 (The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) ap ...)
	NOT-FOR-US: Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application for Android
CVE-2014-6751 (The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for  ...)
	NOT-FOR-US: Grasshopper Beta (aka com.grasshopper.dialer) application for Android
CVE-2014-6750 (The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 fo ...)
	NOT-FOR-US: $0.99 Kindle Books (aka com.kindle.books.for99) application for Android
CVE-2014-6749 (The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) a ...)
	NOT-FOR-US: American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application for Android
CVE-2014-6748 (The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for And ...)
	NOT-FOR-US: GEMAIRE's HVAC Assist (aka com.es.Gemaire) application for Android
CVE-2014-6747 (The SeeOn (aka com.seeon) application 4.0.7 for Android does not verif ...)
	NOT-FOR-US: SeeOn (aka com.seeon) application for Android
CVE-2014-6746 (The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) ap ...)
	NOT-FOR-US: Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application for Android
CVE-2014-6745 (The Family Location (aka com.sosocome.family) application 3.4 2014-5-2 ...)
	NOT-FOR-US: Family Location (aka com.sosocome.family) application for Android
CVE-2014-6744 (The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android doe ...)
	NOT-FOR-US: Al-Ahsa News (aka com.alahsa.news) application for Android
CVE-2014-6743 (The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7 ...)
	NOT-FOR-US: Hearsay: A Social Party Game (aka air.com.lip.per) application for Android
CVE-2014-6742 (The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for ...)
	NOT-FOR-US: All around Cyprus (aka com.cyprus.newspapers) application for Android
CVE-2014-6741 (The John MacArthur (aka com.john.macarthur) application 1.0.26 for And ...)
	NOT-FOR-US: John MacArthur (aka com.john.macarthur) application for Android
CVE-2014-6740 (The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for ...)
	NOT-FOR-US: XD Forum (aka com.tapatalk.xdforumcomforum) application for Android
CVE-2014-6739 (The Well-Being Connect Mobile (aka com.healthways.wellbeinggo) applica ...)
	NOT-FOR-US: Well-Being Connect Mobile (aka com.healthways.wellbeinggo) application for Android
CVE-2014-6738 (The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for  ...)
	NOT-FOR-US: Maccabi Tel Aviv (aka com.monkeytech.maccabi) application for Android
CVE-2014-6737 (The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) ...)
	NOT-FOR-US: Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application for Android
CVE-2014-6736 (The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android ...)
	NOT-FOR-US: EPL Hat Trick (aka com.hat.trick.goal) application for Android
CVE-2014-6735 (The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd2 ...)
	NOT-FOR-US: imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application for Android
CVE-2014-6734 (The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7 ...)
	NOT-FOR-US: Wine Making (aka com.gcspublishing.winemakingtalk) application for Android
CVE-2014-6733 (The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for ...)
	NOT-FOR-US: My T-Mobile (aka at.tmobile.android.myt) application for Android
CVE-2014-6732 (The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for ...)
	NOT-FOR-US: Westpac Mobile Banking (aka org.westpac.bank) application for Android
CVE-2014-6731 (The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for ...)
	NOT-FOR-US: Alfa-Bank (aka ru.alfabank.mobile.android) application for Android
CVE-2014-6730 (The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 ...)
	NOT-FOR-US: Melodigram (aka com.minusdegree.melodigramandroid) application for Android
CVE-2014-6729 (The Grilling with Rich (aka com.grilling.with.rich) application 1.0 fo ...)
	NOT-FOR-US: Grilling with Rich (aka com.grilling.with.rich) application for Android
CVE-2014-6728 (The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android doe ...)
	NOT-FOR-US: ThinkPal (aka com.mythinkpalapp) application for Android
CVE-2014-6727 (The Mikeius (Official App) (aka com.automon.mikeius) application 1.4.2 ...)
	NOT-FOR-US: Mikeius (Official App) (aka com.automon.mikeius) application for Android
CVE-2014-6726 (The 30A (aka com.app30a) application 5.26.2 for Android does not verif ...)
	NOT-FOR-US: 30A (aka com.app30a) application for Android
CVE-2014-6725 (The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android doe ...)
	NOT-FOR-US: SchoolXM (aka apprentice.schoolxm) application for Android
CVE-2014-6724 (The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7. ...)
	NOT-FOR-US: Soap Making (aka com.tapatalk.soapmakingforumcom) application for Android
CVE-2014-6723 (The Comics Plus (aka com.iversecomics.comicsplus.android) application  ...)
	NOT-FOR-US: Comics Plus (aka com.iversecomics.comicsplus.android) application for Android
CVE-2014-6722 (The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) appli ...)
	NOT-FOR-US: Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) application for Android
CVE-2014-6721 (The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for An ...)
	NOT-FOR-US: Pharmaguideline (aka com.pharmaguideline) application for Android
CVE-2014-6720 (The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) appli ...)
	NOT-FOR-US: Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application for Android
CVE-2014-6719 (The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) applicat ...)
	NOT-FOR-US: Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application for Android
CVE-2014-6718 (The My Mobile Day (aka com.mymobileday) application 1.3 for Android do ...)
	NOT-FOR-US: My Mobile Day (aka com.mymobileday) application for Android
CVE-2014-6717 (The iTriage Health (aka com.healthagen.iTriage) application 5.29 for A ...)
	NOT-FOR-US: iTriage Health (aka com.healthagen.iTriage) application for Android
CVE-2014-6716 (The fastin (aka moda.azyae.fastin.net) application 1.0 for Android doe ...)
	NOT-FOR-US: fastin (aka moda.azyae.fastin.net) application for Android
CVE-2014-6715 (The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03  ...)
	NOT-FOR-US: SlotMachine (aka com.popoinnovation.SlotMachine) application for Android
CVE-2014-6714 (The WebMD (aka com.webmd.android) application 3.5 for Android does not ...)
	NOT-FOR-US: WebMD (aka com.webmd.android) application for Android
CVE-2014-6713 (The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application ...)
	NOT-FOR-US: MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application for Android
CVE-2014-6712 (The Airlines International (aka org.iata.IAMagazine) application 1.0 f ...)
	NOT-FOR-US: Airlines International (aka org.iata.IAMagazine) application for Android
CVE-2014-6711 (The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application ...)
	NOT-FOR-US: ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application for Android
CVE-2014-6710 (The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) appl ...)
	NOT-FOR-US: Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application for Android
CVE-2014-6709 (The TechRadar News (aka com.techradar.news) application 1.0 for Androi ...)
	NOT-FOR-US: TechRadar News (aka com.techradar.news) application for Android
CVE-2014-6708 (The Sporting Club Uphoria (aka com.sportinginnovations.skc) applicatio ...)
	NOT-FOR-US: Sporting Club Uphoria (aka com.sportinginnovations.skc) application for Android
CVE-2014-6707 (The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1 ...)
	NOT-FOR-US: 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application for Android
CVE-2014-6706 (The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android ...)
	NOT-FOR-US: Embry-Riddle (aka com.dub.app.erau) application for Android
CVE-2014-6705 (The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for An ...)
	NOT-FOR-US: Maher Zain (aka com.vanagas.app.maher_zain) application for Android
CVE-2014-6704 (The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for ...)
	NOT-FOR-US: Utah Jazz (aka com.sportinginnovations.jazz) application for Android
CVE-2014-6703 (The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for Andro ...)
	NOT-FOR-US: phonearabs4 (aka com.phonearabs4.myapps) application for Android
CVE-2014-6702 (The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c ...)
	NOT-FOR-US: StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application for Android
CVE-2014-6701 (The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for  ...)
	NOT-FOR-US: Vendormate Mobile (aka com.vendormate.mobile) application for Android
CVE-2014-6700 (The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) applicat ...)
	NOT-FOR-US: NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application for Android
CVE-2014-6699 (The Weather Channel (aka com.weather.Weather) application 5.2.0 for An ...)
	NOT-FOR-US: Weather Channel (aka com.weather.Weather) application for Android
CVE-2014-6698 (The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 f ...)
	NOT-FOR-US: Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application for Android
CVE-2014-6697 (The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 fo ...)
	NOT-FOR-US: Morocco Weather (aka com.mobilesoft.meteomaroc) application for Android
CVE-2014-6696 (The Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlp ...)
	NOT-FOR-US: Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlparty) application for Android
CVE-2014-6695 (The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics ...)
	NOT-FOR-US: Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application for Android
CVE-2014-6694 (The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3. ...)
	NOT-FOR-US: 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application for Android
CVE-2014-6693 (The Juiker (aka org.itri) application 3.2.0829.1 for Android does not  ...)
	NOT-FOR-US: Juiker (aka org.itri) application for Android
CVE-2014-6692 (The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 fo ...)
	NOT-FOR-US: Kingsoft Clip (Office Tool) (aka cn.wps.clip) application for Android
CVE-2014-6691 (The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for An ...)
	NOT-FOR-US: UC Browser HD (aka com.uc.browser.hd) application for Android
CVE-2014-6690 (The InstaMessage - Instagram Chat (aka com.futurebits.instamessage.fre ...)
	NOT-FOR-US: InstaMessage - Instagram Chat (aka com.futurebits.instamessage.free) application for Android
CVE-2014-6689 (The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does ...)
	NOT-FOR-US: JW Cards (aka com.jingwei.card) application for Android
CVE-2014-6688 (The Voices.com (aka com.voices.voices) application 1.5 for Android doe ...)
	NOT-FOR-US: Voices.com (aka com.voices.voices) application for Android
CVE-2014-6687 (The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1  ...)
	NOT-FOR-US: wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application for Android
CVE-2014-6686 (The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 ...)
	NOT-FOR-US: Zoho Books - Accounting App (aka com.zoho.books) application for Android
CVE-2014-6685 (The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 ...)
	NOT-FOR-US: Tsushima Travel Guide (aka com.netjapan.ntsushima) application for Android
CVE-2014-6684 (The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android ...)
	NOT-FOR-US: MOL bringaPONT (aka hu.mol.bringapont) application for Android
CVE-2014-6683 (The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0. ...)
	NOT-FOR-US: Open Electrical Webser (aka com.wOpenElectricalWeb) application for Android
CVE-2014-6682 (The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789 ...)
	NOT-FOR-US: w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application for Android
CVE-2014-6681 (The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) appli ...)
	NOT-FOR-US: Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application for Android
CVE-2014-6680 (The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for ...)
	NOT-FOR-US: superheroquiz (aka com.davidhey.superheroquiz) application for Android
CVE-2014-6679 (The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) applicat ...)
	NOT-FOR-US: wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application for Android
CVE-2014-6678 (The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for A ...)
	NOT-FOR-US: Algeria Radio (aka com.wordbox.algeriaRadio) application for Android
CVE-2014-6677 (The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application ...)
	NOT-FOR-US: Ticket Round Up (aka com.xcr.android.ticketroundupapp) application for Android
CVE-2014-6676 (The Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdo ...)
	NOT-FOR-US: Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdomen41E29322) application for Android
CVE-2014-6675 (The Ruta Exacta (aka com.rutaexacta.m) application 1.0 for Android doe ...)
	NOT-FOR-US: Ruta Exacta (aka com.rutaexacta.m) application for Android
CVE-2014-6674 (The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for  ...)
	NOT-FOR-US: Amazighmusic (aka nl.appsandroo.Amazighmusic) application for Android
CVE-2014-6673 (The ChallengerTX (aka com.zhtiantian.ChallengerTX) application 3.9.12. ...)
	NOT-FOR-US: ChallengerTX (aka com.zhtiantian.ChallengerTX) application for Android
CVE-2014-6672 (The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 fo ...)
	NOT-FOR-US: Friendcaster (aka uk.co.senab.blueNotifyFree) application for Android
CVE-2014-6671 (The World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) ...)
	NOT-FOR-US: World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) application for Android
CVE-2014-6670 (The SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcom ...)
	NOT-FOR-US: SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcomforum) application for Android
CVE-2014-6669 (The Inside Crochet (aka com.magazinecloner.insidecrochet) application  ...)
	NOT-FOR-US: Inside Crochet (aka com.magazinecloner.insidecrochet) application for Android
CVE-2014-6668 (The African Radios Live (aka com.nana.africanradioslive) application 1 ...)
	NOT-FOR-US: African Radios Live (aka com.nana.africanradioslive) application for Android
CVE-2014-6667 (The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 f ...)
	NOT-FOR-US: racemotocross (aka com.bossappsmk.racemotocross) application for Android
CVE-2014-6666 (The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Andro ...)
	NOT-FOR-US: Baglamukhi (aka com.wshribaglamukhiblog) application for Android
CVE-2014-6665 (The Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application ...)
	NOT-FOR-US: Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application for Android
CVE-2014-6664 (The Latin Angels Music HD (aka com.applizards.lafreetj) application 2. ...)
	NOT-FOR-US: Latin Angels Music HD (aka com.applizards.lafreetj) application for Android
CVE-2014-6663 (The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) applica ...)
	NOT-FOR-US: Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) application for Android
CVE-2014-6662 (The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3 ...)
	NOT-FOR-US: Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application for Android
CVE-2014-6661 (The netease movie (aka com.netease.movie) application 4.7.2 for Androi ...)
	NOT-FOR-US: netease movie (aka com.netease.movie) application for Android
CVE-2014-6660 (The Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application  ...)
	NOT-FOR-US: Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application for Android
CVE-2014-6659 (The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 ...)
	NOT-FOR-US: Defence.pk (aka com.tapatalk.defencepkforums) application for Android
CVE-2014-6658 (The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for ...)
	NOT-FOR-US: Apploi Job Search- Find Jobs (aka com.apploi) application for Android
CVE-2014-6657 (The Leadership Newspapers (aka com.LeadershipNewspapers) application 1 ...)
	NOT-FOR-US: Leadership Newspapers (aka com.LeadershipNewspapers) application for Android
CVE-2014-6656 (The drareym (aka com.drareym) application 0.1 for Android does not ver ...)
	NOT-FOR-US: drareym (aka com.drareym) application for Android
CVE-2014-6655 (The Tortoise Forum (aka org.tortoiseforum.android.forumrunner) applica ...)
	NOT-FOR-US: Tortoise Forum (aka org.tortoiseforum.android.forumrunner) application for Android
CVE-2014-6654 (The wTrootrooTvIzle (aka com.wTrootrooTvIzle) application 0.1 for Andr ...)
	NOT-FOR-US: wTrootrooTvIzle (aka com.wTrootrooTvIzle) application for Android
CVE-2014-6653 (The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for And ...)
	NOT-FOR-US: Afghan Radio (aka com.wordbox.afghanRadio) application for Android
CVE-2014-6652 (The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for  ...)
	NOT-FOR-US: Wizaz Forum (aka com.tapatalk.wizazplforum) application for Android
CVE-2014-6651 (The Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukfo ...)
	NOT-FOR-US: Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukforums) application for Android
CVE-2014-6650 (The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) applicatio ...)
	NOT-FOR-US: NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application for Android
CVE-2014-6649 (The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) applicat ...)
	NOT-FOR-US: MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application for Android
CVE-2014-6648 (The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 f ...)
	NOT-FOR-US: iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application for Android
CVE-2014-6647 (The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for ...)
	NOT-FOR-US: ElForro.com (aka com.tapatalk.elforrocom) application for Android
CVE-2014-6646 (The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 fo ...)
	NOT-FOR-US: bellyhoodcom (aka com.tapatalk.bellyhoodcom) application for Android
CVE-2014-6645 (The Batch library for Android does not verify X.509 certificates from  ...)
	NOT-FOR-US: Batch library for Android
CVE-2014-6644
	REJECTED
CVE-2014-6643 (The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for  ...)
	NOT-FOR-US: FIAT Forum (aka com.tapatalk.fiatforumcom) application for Android
CVE-2014-6642 (The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum ...)
	NOT-FOR-US: Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application for Android
CVE-2014-6641 (The Homesteading Today (aka com.tapatalk.homesteadingtodaycom) applica ...)
	NOT-FOR-US: Homesteading Today (aka com.tapatalk.homesteadingtodaycom) application for Android
CVE-2014-6640 (The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does  ...)
	NOT-FOR-US: DNB Trade (aka lt.dnb.mobiletrade) application for Android
CVE-2014-6639 (The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android. ...)
	NOT-FOR-US: TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application for Android
CVE-2014-6638 (The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not ...)
	NOT-FOR-US: wTMDesktop (aka com.wTMDesktop) application for Android
CVE-2014-6637 (The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Androi ...)
	NOT-FOR-US: Facebook Facts (aka com.wFacebookFacts) application for Android
CVE-2014-6636 (The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Buil ...)
	NOT-FOR-US: LG Telepresence (aka com.rsupport.rtc.lge) application for Android
CVE-2014-6635 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows  ...)
	NOT-FOR-US: Exponent CMS
CVE-2014-6634
	RESERVED
CVE-2014-6633 (The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x befor ...)
	{DSA-3043-1 DLA-70-1}
	- tryton-server 3.2.3-1
	NOTE: https://bugs.tryton.org/issue4155
CVE-2014-6632 (Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4  ...)
	NOT-FOR-US: Joomla!
CVE-2014-6631 (Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x ...)
	NOT-FOR-US: Joomla!
CVE-2014-6630
	RESERVED
CVE-2014-6629
	RESERVED
CVE-2014-6628 (Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows rem ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6627 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows re ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6626 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not  ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6625 (The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x  ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6624 (The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x  ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight module  ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6622 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows re ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6621 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not  ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass b ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in register-exec.p ...)
	NOT-FOR-US: PizzaInn_Project Restaurant Script
CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop allows re ...)
	NOT-FOR-US: Your Online Shop
CVE-2014-6617 (Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 conta ...)
	NOT-FOR-US: Softing FG-100
CVE-2014-6616 (Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Si ...)
	NOT-FOR-US: Softing FG-100
CVE-2014-6615
	RESERVED
CVE-2014-6614
	RESERVED
CVE-2014-6613
	RESERVED
CVE-2014-6612
	RESERVED
CVE-2014-6611 (The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0,  ...)
	NOT-FOR-US: BlackBerry
CVE-2014-6609 (The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 ...)
	- asterisk <not-affected> (only affects 12.x series)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html
CVE-2014-6608
	RESERVED
CVE-2014-6606
	RESERVED
CVE-2014-6605
	RESERVED
CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in ...)
	NOT-FOR-US: Subscribe2 plugin for WordPress
CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricat ...)
	[squeeze] - suricata <not-affected> (Vulnerable code not yet present)
	[wheezy] - suricata <not-affected> (Vulnerable code not yet present)
	- suricata 2.0.4-1 (bug #762828)
CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4  ...)
	NOT-FOR-US: Microsoft Asha OS
CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in Pho ...)
	NOT-FOR-US: Phorum
CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x befo ...)
	- python-keystonemiddleware 1.0.0-3 (bug #762748)
	- python-keystoneclient 1:0.10.1-2 (bug #762749)
	[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
CVE-2014-7143 (Python Twisted 14.0 trustRoot is not respected in HTTP client ...)
	- twisted 14.0.2-1 (bug #761983)
	[wheezy] - twisted <not-affected> (Only affects 14.0 series)
	[squeeze] - twisted <not-affected> (Only affects 14.0 series)
CVE-2014-6610 (Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Ce ...)
	{DLA-455-1}
	- asterisk 1:11.12.1~dfsg-1 (medium; bug #762164)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff applies on 1:1.8.13.1~dfsg1-3+deb7u3
	NOTE: Squeeze version doesn't have res/res_fax_spandsp.c with the problem.
CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...)
	NOT-FOR-US: M/Monit
CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2014-6600 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6599 (Unspecified vulnerability in the Siebel Core - Common Components compo ...)
	NOT-FOR-US: Oracle
CVE-2014-6598 (Unspecified vulnerability in the Oracle Communications Diameter Signal ...)
	NOT-FOR-US: Oracle
CVE-2014-6597 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2014-6596 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2014-6595 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle iLearning
CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE 5 ...)
	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
	- icu 52.1-7 (bug #775884)
CVE-2014-6590 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6589 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6588 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle
CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...)
	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
	- icu 52.1-7.1 (bug #776264)
CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)  ...)
	NOT-FOR-US: Oracle Sun Systems Products Suite ILOM
CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2014-6582 (Unspecified vulnerability in the Oracle HCM Configuration Workbench co ...)
	NOT-FOR-US: Oracle
CVE-2014-6581 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2014-6580 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle
CVE-2014-6579 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2014-6578 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6577 (Unspecified vulnerability in the XML Developer's Kit for C component i ...)
	NOT-FOR-US: Oracle
CVE-2014-6576 (Unspecified vulnerability in the Oracle Adaptive Access Manager compon ...)
	NOT-FOR-US: Oracle
CVE-2014-6575 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6574 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...)
	NOT-FOR-US: Oracle
CVE-2014-6573 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...)
	NOT-FOR-US: Oracle
CVE-2014-6572 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2014-6571 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2014-6570 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6569 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, a ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2014-6567 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2014-6566 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2014-6565 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
CVE-2014-6563 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6562 (Unspecified vulnerability in Oracle Java SE 8u20 allows remote attacke ...)
	- openjdk-8 8u40~b09-1
CVE-2014-6561 (Unspecified vulnerability in the Oracle Payments component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2014-6560 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6559 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6557 (Unspecified vulnerability in the Application Performance Management co ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2014-6556 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6554 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6553 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6552 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6551 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6550 (Unspecified vulnerability in the Oracle Applications Object Library co ...)
	NOT-FOR-US: Oracle
CVE-2014-6549 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote attacke ...)
	- openjdk-8 8u40~b22-1
CVE-2014-6548 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6545 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6544 (Unspecified vulnerability in the JDBC component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6543 (Unspecified vulnerability in the Agile PLM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox-guest-additions <removed>
	- virtualbox-guest-additions-iso 4.3.14-1
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6538 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6537 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6536 (Unspecified vulnerability in the Agile PLM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6535 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6534 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6533 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6532 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6531 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6530 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6528 (Unspecified vulnerability in the Siebel Core - System Management compo ...)
	NOT-FOR-US: Oracle
CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remot ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6526 (Unspecified vulnerability in the Oracle Directory Server Enterprise Ed ...)
	NOT-FOR-US: Oracle
CVE-2014-6525 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...)
	NOT-FOR-US: Oracle
CVE-2014-6524 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6521 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier al ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mysql-5.1 <not-affected> (Only affects 5.5 series)
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6519 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6518 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local use ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6516 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2014-6515 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6514 (Unspecified vulnerability in the PL/SQL component in Oracle Database S ...)
	NOT-FOR-US: Oracle
CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and  ...)
	- openjdk-6 <not-affected> (Windows-specific)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-8 <not-affected> (Windows-specific)
CVE-2014-6512 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
	NOTE: Upstream OpenJDK commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0798607dd425
CVE-2014-6511 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6510 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6509 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...)
	NOT-FOR-US: Oracle Sun Solaris 10 and 11
CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6506 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6505 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6504 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, an ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6503 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6502 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6501 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6500 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6499 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6498 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6497 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6496 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6495 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6494 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6493 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6492 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6491 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6490 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6489 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier al ...)
	- mysql-5.5 <not-affected> (Only MySQL 5.6)
	- mysql-5.1 <not-affected> (Only MySQL 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
CVE-2014-6488 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control EM Base Plattform
CVE-2014-6487 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6486 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6485 (Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 all ...)
	- openjdk-8 8u40~b09-1
CVE-2014-6484 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6483 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6481 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote at ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6480 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology compon ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed>
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6477 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2014-6476 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6475 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6474 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
CVE-2014-6473 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris 10 and 11
CVE-2014-6472 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6471 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6470 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6469 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6468 (Unspecified vulnerability in Oracle Java SE 8u20 allows local users to ...)
	- openjdk-8 8u40~b09-1
CVE-2014-6467 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6466 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6465 (Unspecified vulnerability in the Oracle Communications Session Border  ...)
	NOT-FOR-US: Oracle Communications Applications
CVE-2014-6464 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6463 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6462 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6461 (Unspecified vulnerability in the Agile PLM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6459 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-6458 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6457 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6456 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remot ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6455 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6454 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6453 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6451 (J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D ...)
	NOT-FOR-US: Juniper
CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X4 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2014-6448 (Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before ...)
	NOT-FOR-US: Juniper
CVE-2014-6447 (Multiple vulnerabilities exist in Juniper Junos J-Web error handling t ...)
	NOT-FOR-US: Juniper
CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPre ...)
	NOT-FOR-US: WordPress plugin Infusionsoft Gravity Forms
CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmi ...)
	NOT-FOR-US: WordPress plugin Contact Form 7 Integrations
CVE-2014-6444 (Multiple cross-site scripting (XSS) vulnerabilities in the Titan Frame ...)
	NOT-FOR-US: Titan Framework plugin for WordPress
CVE-2014-6443
	RESERVED
CVE-2014-6442
	RESERVED
CVE-2014-6441
	RESERVED
CVE-2014-6440 (VideoLAN VLC media player before 2.1.5 allows remote attackers to exec ...)
	- vlc 2.1.5-1 (low)
	[wheezy] - vlc <not-affected> (Introduced in 2.1)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in  ...)
	- elasticsearch 1.0.3+dfsg-4 (bug #763958; low)
CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before 1.9.2-p330 all ...)
	{DLA-275-1}
	- ruby1.9.1 1.9.3.0-1
	- ruby1.8 <not-affected> (Vulnerable code not present)
	NOTE: https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/
	NOTE: https://github.com/ruby/www.ruby-lang.org/issues/817
	NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb
	NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943
	NOTE: CVE assignment is specific to ruby 1.9.x series?
CVE-2014-6437 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remo ...)
	NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6436 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly ...)
	NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6435 (cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and D ...)
	NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: GoPro
CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary f ...)
	NOT-FOR-US: GoPro
CVE-2014-6420 (Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0  ...)
	NOT-FOR-US: Livefyre LiveComments
CVE-2014-6419
	RESERVED
CVE-2014-6415
	RESERVED
CVE-2014-6413 (A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11 ...)
	NOT-FOR-US: WatchGuard
CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict p ...)
	- wordpress <not-affected> (Affects only Wordpress on Windows systems)
CVE-2014-6411
	RESERVED
CVE-2014-6409 (Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and e ...)
	NOT-FOR-US: M/Monit
CVE-2014-6408 (Docker 1.3.0 through 1.3.1 allows remote attackers to modify the defau ...)
	- docker.io 1.3.2~dfsg1-1
CVE-2014-6407 (Docker before 1.3.2 allows remote attackers to write to arbitrary file ...)
	- docker.io 1.3.2~dfsg1-1
CVE-2014-6406
	RESERVED
CVE-2014-6405
	RESERVED
CVE-2014-6404
	RESERVED
CVE-2014-6403
	RESERVED
CVE-2014-6402
	RESERVED
CVE-2014-6401
	RESERVED
CVE-2014-6400
	RESERVED
CVE-2014-6399
	RESERVED
CVE-2014-6398
	RESERVED
CVE-2014-6397
	RESERVED
CVE-2014-6396 (The dissector_postgresql function in dissectors/ec_postgresql.c in Ett ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-6395 (Heap-based buffer overflow in the dissector_postgresql function in dis ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison fo ...)
	- node-send 0.9.4-1
	NOTE: https://nodesecurity.io/advisories/send-directory-traversal
CVE-2014-6393 (The Express web framework before 3.11 and 4.x before 4.5 for Node.js d ...)
	- node-express 4.16.4-1 (unimportant)
	NOTE: libv8 is not covered by security support
CVE-2014-6392 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the Faceboo ...)
	NOT-FOR-US: Facebook app and Facebook Messenger app for iOS
CVE-2014-6391
	RESERVED
CVE-2014-6390
	RESERVED
CVE-2014-6389 (backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers t ...)
	NOT-FOR-US: PhpCompta
CVE-2014-6388
	REJECTED
CVE-2013-7403
	RESERVED
	NOT-FOR-US: WordPress plugin wp-video-commando
CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3. ...)
	NOT-FOR-US: SpiceWorks
CVE-2014-7145 (The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before ...)
	- linux 3.16.3-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
	NOTE: upstream fix: https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce (v3.17-rc2)
CVE-2014-6432 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniff ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6431 (Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6430 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniff ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6429 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniff ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6428 (The dissect_spdu function in epan/dissectors/packet-ses.c in the SES d ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-18.html
CVE-2014-6427 (Off-by-one error in the is_rtsp_request_or_reply function in epan/diss ...)
	{DSA-3049-1}
	- wireshark 1.12.1+g01b65bf-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-17.html
CVE-2014-6426 (The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HI ...)
	- wireshark 1.12.1+g01b65bf-1
	[wheezy] - wireshark <not-affected> (Only applies to 1.12.x)
	[squeeze] - wireshark <not-affected> (Only applies to 1.12.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-16.html
CVE-2014-6425 (The (1) get_quoted_string and (2) get_unquoted_string functions in epa ...)
	- wireshark 1.12.1+g01b65bf-1
	[wheezy] - wireshark <not-affected> (Only applies to 1.12.x)
	[squeeze] - wireshark <not-affected> (Only applies to 1.12.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-15.html
CVE-2014-6424 (The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow ...)
	{DSA-3049-1}
	- wireshark 1.12.1+g01b65bf-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-14.html
CVE-2014-6423 (The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in th ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-13.html
CVE-2014-6422 (The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.0+git+4fab41a1-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984 (v1.11.3)
CVE-2014-6421 (Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x  ...)
	- wireshark 1.12.0~rc1-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=81c4eee84b6ee19fd27929856fa1465b1af148c6 (v1.10.10)
CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,  ...)
	- linux 3.16.3-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
	NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,  ...)
	- linux 3.16.3-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
	NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux ker ...)
	- linux 3.16.3-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
	NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6414 (OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows re ...)
	- neutron 2014.1.3-1
	NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to 2014.1.2
CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel th ...)
	{DLA-118-1}
	- linux 3.16.5-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65 (v3.17-rc5)
CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...)
	{DLA-103-1}
	- linux 3.6.4-1
	[wheezy] - linux 3.2.32-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582 (v3.6)
CVE-2014-6386 (Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45  ...)
	NOT-FOR-US: Juniper
CVE-2014-6385 (Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 ...)
	NOT-FOR-US: Juniper
CVE-2014-6384 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25,  ...)
	NOT-FOR-US: Juniper
CVE-2014-6383 (The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, wh ...)
	NOT-FOR-US: Juniper
CVE-2014-6382 (The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before  ...)
	NOT-FOR-US: Juniper
CVE-2014-6381 (Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9. ...)
	NOT-FOR-US: Juniper
CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12. ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6379 (Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6378 (Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6377 (Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before  ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6376 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6375 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6374 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6373 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6372
	REJECTED
CVE-2014-6371
	REJECTED
CVE-2014-6370
	REJECTED
CVE-2014-6369 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6368 (Microsoft Internet Explorer 11 allows remote attackers to bypass the A ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6367
	REJECTED
CVE-2014-6366 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6365 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6364 (Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2 ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6363 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Inter ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6362 (Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, a ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Exc ...)
	NOT-FOR-US: Microsoft Excel
CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2014-6359
	REJECTED
CVE-2014-6358
	REJECTED
CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Offic ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-6355 (The Graphics Component in Microsoft Windows Server 2003 SP2, Windows V ...)
	NOT-FOR-US: Microsft Windows
CVE-2014-6354 (Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Interne ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain  ...)
	NOT-FOR-US: Microsoft
CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain  ...)
	NOT-FOR-US: Microsoft
CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6345 (Microsoft Internet Explorer 9 and 10 allows remote attackers to read c ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6344 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6343 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6342 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6341 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers to re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6338
	REJECTED
CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6336 (Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumula ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft
CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft
CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vist ...)
	NOT-FOR-US: Microsoft
CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3 ...)
	NOT-FOR-US: Microsoft
CVE-2014-6330 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6329 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6328 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6327 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6326 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6325 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6324 (The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ob ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2014-6320
	REJECTED
CVE-2014-6319 (Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2014-6316 (core/string_api.php in MantisBT before 1.2.18 does not properly catego ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/e66ecc9f
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17648
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17362
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17698
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17811
CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado  ...)
	NOT-FOR-US: WordPress plugin Photo Gallery
CVE-2014-6314
	RESERVED
CVE-2014-6313 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
	NOT-FOR-US: WordPress plugin WooCommerce
CVE-2014-6312 (Cross-site request forgery (CSRF) vulnerability in the Login Widget Wi ...)
	NOT-FOR-US: Login Widget With Shortcode (login-sidebar-widget) plugin for WordPress
CVE-2014-6309 (The HTTP and WebSocket engine components in the server in Kaazing Gate ...)
	NOT-FOR-US: Kaazing Gateway
CVE-2014-6308 (Directory traversal vulnerability in OSClass before 3.4.2 allows remot ...)
	NOT-FOR-US: OsClass
CVE-2014-6307
	RESERVED
CVE-2014-6306
	RESERVED
CVE-2014-6305
	RESERVED
CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 all ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence Kinetics befor ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence Kinetics befor ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the tables-mana ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history implemen ...)
	- phpmyadmin 4:4.2.8.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-10/
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-6299 (Cross-site request forgery (CSRF) vulnerability in the mm_forum extens ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6298 (Unrestricted file upload vulnerability in the mm_forum extension befor ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6297 (Cross-site scripting (XSS) vulnerability in the mm_forum extension bef ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6296 (Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) exte ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6295 (SQL injection vulnerability in the WEC Map (wec_map) extension before  ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6294 (Cross-site scripting (XSS) vulnerability in the External links click s ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6293 (SQL injection vulnerability in the Statistics (ke_stats) extension bef ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6292 (The femanager extension before 1.0.9 for TYPO3 allows remote frontend  ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6291 (Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (al ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6290 (The News (tt_news) extension before 3.5.2 for TYPO3 allows remote atta ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6289 (The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) exten ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6288 (The powermail extension 2.x before 2.0.11 for TYPO3 allows remote atta ...)
	NOT-FOR-US: TYPO3 extension
CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File Ser ...)
	NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-6286
	RESERVED
CVE-2014-6285
	RESERVED
CVE-2014-6284 (SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before ...)
	NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6283 (SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 b ...)
	NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6282
	RESERVED
CVE-2014-6281
	RESERVED
CVE-2014-6280 (Multiple cross-site scripting (XSS) vulnerabilities in OSClass before  ...)
	NOT-FOR-US: OsClass
CVE-2014-6279
	RESERVED
CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function defin ...)
	- bash 4.3-9.2 (high)
	[wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
	[squeeze] - bash 4.1-3+deb6u2 (high)
	NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents
	NOTE: exploitation of this issue by making bash only use environment variables
	NOTE: with specific names (BASH_FUNC_*()) to define functions from its
	NOTE: environment.
CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function defin ...)
	- bash 4.3-9.2
	[wheezy] - bash 4.2+dfsg-0.1+deb7u3
	[squeeze] - bash 4.1-3+deb6u2
	NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents
	NOTE: exploitation of this issue by making bash only use environment variables
	NOTE: with specific names (BASH_FUNC_*()) to define functions from its
	NOTE: environment.
CVE-2014-6276 (schema.py in Roundup before 1.5.1 does not properly limit attributes i ...)
	{DSA-3502-1}
	- roundup <removed> (bug #816780)
	NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
CVE-2014-6275 (FusionForge before 5.3.2 use scripts that run under the shared Apache  ...)
	- fusionforge 5.3.2-1
	[squeeze] - fusionforge <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not encrypted]
	RESERVED
	- git-annex 5.20140919
	[wheezy] - git-annex <not-affected> (Vulnerable code introduced in 3.20121126)
	NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and ...)
	{DSA-3031-1 DLA-58-1}
	- apt 1.0.3
CVE-2014-6272 (Multiple integer overflows in the evbuffer API in Libevent 1.4.x befor ...)
	{DSA-3119-1 DLA-137-1}
	- libevent 2.0.21-stable-2 (bug #774645)
CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function definit ...)
	{DSA-3032-1 DLA-59-1}
	- bash 4.3-9.1
CVE-2014-6267
	RESERVED
CVE-2014-6266
	RESERVED
CVE-2014-6265
	RESERVED
CVE-2014-6264
	RESERVED
CVE-2014-6263
	RESERVED
CVE-2014-6262 (Multiple format string vulnerabilities in the python module in RRDtool ...)
	{DLA-2131-1}
	- rrdtool 1.5.4-1
	NOTE: https://github.com/oetiker/rrdtool-1.x/pull/532
	NOTE: https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec (v1.5.0-rc1)
	NOTE: https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 (v1.4.9)
CVE-2014-6261 (Zenoss Core through 5 Beta 3 does not properly implement the Check For ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6260 (Zenoss Core through 5 Beta 3 does not require a password for modifying ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6259 (Zenoss Core through 5 Beta 3 does not properly detect recursion during ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6258 (An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote  ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6257 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass intende ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6256 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass intende ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6255 (Open redirect vulnerability in the login form in Zenoss Core before 4. ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6254 (Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core thr ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss C ...)
	- zenoss <itp> (bug #361253)
CVE-2013-7400 (The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows  ...)
	NOT-FOR-US: TYPO3 extension direct_mail
CVE-2014-6387 (gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to  ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17640
	NOTE: http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch)
	NOTE: http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch)
CVE-2014-XXXX [install-sh: insecure use of /tmp]
	- automake1.11 1:1.11.6-4 (unimportant; bug #827346)
	- automake-1.14 <removed> (unimportant; bug #827347)
	[jessie] - automake-1.14 1:1.14.1-4+deb8u1
	- automake-1.15 1:1.15-3 (unimportant; bug #760455)
	NOTE: http://seclists.org/oss-sec/2014/q3/588
	NOTE: Neutralised by kernel hardening
CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.5029 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-6311 (generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file ...)
	- ace 6.2.7+dfsg-2 (unimportant; bug #760709)
	NOTE: Not installed into the binary packages
CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attacker ...)
	- chicken <not-affected> (Affects only CHICKEN Scheme on the Android platform)
CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...)
	- squid 4.1-1 (unimportant)
	NOTE: SNMP was not built in squid 2.x
	- squid3 3.4.8-1 (low; bug #761002)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=895773
	NOTE: Upstream commits: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13574
	NOTE: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13582
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
CVE-2014-7142 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...)
	- squid 4.1-1
	[squeeze] - squid <no-dsa> (Minor issue)
	[wheezy] - squid <no-dsa> (Minor issue)
	- squid3 3.4.8-1 (bug #760999)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=891268
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
CVE-2014-7141 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...)
	- squid 4.1-1
	[squeeze] - squid <no-dsa> (Minor issue)
	[wheezy] - squid <no-dsa> (Minor issue)
	- squid3 3.4.8-1 (bug #760999)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=891268
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
CVE-2014-6268 (The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest u ...)
	- xen 4.4.1-3
	[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
	[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote att ...)
	NOT-FOR-US: CPUMiner, related to cgminer according to #773624
CVE-2014-6250
	RESERVED
CVE-2014-6249
	RESERVED
CVE-2014-6248
	RESERVED
CVE-2014-6247
	RESERVED
CVE-2014-6246
	RESERVED
CVE-2014-6245
	RESERVED
CVE-2014-6244
	RESERVED
CVE-2014-6243 (Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer p ...)
	NOT-FOR-US: WordPress plugin EWWW Image Optimizer
CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security & ...)
	NOT-FOR-US: WordPress plugin All In One WP Security
CVE-2014-6230 (WP-Ban plugin before 1.6.4 for WordPress, when running in certain conf ...)
	NOT-FOR-US: WordPress plugin WP-Ban
CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook Hip ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-6228 (Integer overflow in the string_chunk_split function in hphp/runtime/ba ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...)
	NOT-FOR-US: Rockwell
CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 al ...)
	{DSA-3019-1 DLA-46-1}
	- procmail 3.22-22 (bug #760443)
	NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...)
	NOT-FOR-US: TYPO3 extension wt_directory
CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar ...)
	NOT-FOR-US: TYPO3 extension weeaar_googlesitemap
CVE-2014-6239 (SQL injection vulnerability in the Address visualization with Google M ...)
	NOT-FOR-US: TYPO3 extension st_address_map
CVE-2014-6238 (Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB ...)
	NOT-FOR-US: TYPO3 extension Akronymmanager
CVE-2014-6237 (Cross-site scripting (XSS) vulnerability in the News Pack extension 0. ...)
	NOT-FOR-US: TYPO3 extension News Pack
CVE-2014-6236 (Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude)  ...)
	NOT-FOR-US: TYPO3 extension lumophpinclude
CVE-2014-6235 (Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for  ...)
	NOT-FOR-US: TYPO3 extension DomPDF
CVE-2014-6234 (Cross-site scripting (XSS) vulnerability in the Open Graph protocol (j ...)
	NOT-FOR-US: TYPO3 extension jh_opengraphprotocol
CVE-2014-6233 (SQL injection vulnerability in the Flat Manager (flatmgr) extension be ...)
	NOT-FOR-US: TYPO3 extension flatmgr
CVE-2014-6232 (Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.1 ...)
	NOT-FOR-US: TYPO3 extension eu_ldap
CVE-2014-6231 (Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extens ...)
	NOT-FOR-US: TYPO3 extension cwt_feedit
	NOTE: This is different from the feedit extension in typo3-src.
CVE-2014-6227
	RESERVED
CVE-2014-6226
	RESERVED
CVE-2014-6225
	RESERVED
CVE-2014-6224
	RESERVED
CVE-2014-6223
	RESERVED
CVE-2014-6222 (Directory traversal vulnerability in IBM Marketing Operations 7.x and  ...)
	NOT-FOR-US: IBM Marketing Operations
CVE-2014-6221 (The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational Cle ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2014-6220
	RESERVED
CVE-2014-6219
	RESERVED
CVE-2014-6218
	RESERVED
CVE-2014-6217
	RESERVED
CVE-2014-6216
	RESERVED
CVE-2014-6215 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2014-6214 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Porta ...)
	NOT-FOR-US: IBM
CVE-2014-6213
	RESERVED
CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6  ...)
	NOT-FOR-US: IBM
CVE-2014-6211 (The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.1 ...)
	NOT-FOR-US: IBM
CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5  ...)
	NOT-FOR-US: IBM
CVE-2014-6209 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 thro ...)
	NOT-FOR-US: IBM
CVE-2014-6208
	RESERVED
CVE-2014-6207
	RESERVED
CVE-2014-6206
	RESERVED
CVE-2014-6205
	RESERVED
CVE-2014-6204
	RESERVED
CVE-2014-6203
	RESERVED
CVE-2014-6202
	RESERVED
CVE-2014-6201
	RESERVED
CVE-2014-6200
	RESERVED
CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x a ...)
	NOT-FOR-US: IBM
CVE-2014-6198 (Cross-site request forgery (CSRF) vulnerability in IBM Security Networ ...)
	NOT-FOR-US: IBM
CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and ...)
	NOT-FOR-US: IBM
CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory ...)
	NOT-FOR-US: IBM WEF
CVE-2014-6195 (The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6194 (Directory traversal vulnerability in an unspecified web form in IBM Ma ...)
	NOT-FOR-US: IBM Maximo
CVE-2014-6193 (IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, ...)
	NOT-FOR-US: IBM
CVE-2014-6192 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM
CVE-2014-6191 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM
CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remo ...)
	NOT-FOR-US: IBM
CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security Network Prote ...)
	NOT-FOR-US: IBM
CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere S ...)
	NOT-FOR-US: IBM
CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebS ...)
	NOT-FOR-US: IBM
CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3. ...)
	NOT-FOR-US: IBM
CVE-2014-6185 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6. ...)
	NOT-FOR-US: IBM
	NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715
CVE-2014-6184 (Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Stor ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before  ...)
	NOT-FOR-US: IBM Security Network Protection
CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...)
	NOT-FOR-US: IBM
CVE-2014-6181 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0. ...)
	NOT-FOR-US: IBM
CVE-2014-6180 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...)
	NOT-FOR-US: IBM
CVE-2014-6179 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...)
	NOT-FOR-US: IBM
CVE-2014-6178 (Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphe ...)
	NOT-FOR-US: IBM
CVE-2014-6177 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0. ...)
	NOT-FOR-US: IBM
CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0 ...)
	NOT-FOR-US: IBM
CVE-2014-6175 (Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7 ...)
	NOT-FOR-US: IBM Marketing Operations
CVE-2014-6174 (IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0 ...)
	NOT-FOR-US: IBM
CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in I ...)
	NOT-FOR-US: IBM
CVE-2014-6172 (IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to o ...)
	NOT-FOR-US: IBM
CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8  ...)
	NOT-FOR-US: IBM
CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience Build ...)
	NOT-FOR-US: IBM Forms Experience Builder
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security Identi ...)
	NOT-FOR-US: IBM
CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature  ...)
	NOT-FOR-US: IBM
CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-6165
	RESERVED
CVE-2014-6164 (IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x befor ...)
	NOT-FOR-US: IBM
CVE-2014-6163 (Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPowe ...)
	NOT-FOR-US: IBM
CVE-2014-6162
	RESERVED
CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact  ...)
	NOT-FOR-US: IBM
CVE-2014-6160 (IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0. ...)
	NOT-FOR-US: IBM
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 t ...)
	NOT-FOR-US: IBM
CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload featur ...)
	NOT-FOR-US: IBM
CVE-2014-6157
	RESERVED
CVE-2014-6156
	RESERVED
CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...)
	NOT-FOR-US: IBM
CVE-2014-6154 (Directory traversal vulnerability in IBM Optim Performance Manager for ...)
	NOT-FOR-US: IBM Optim
CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 ...)
	NOT-FOR-US: IBM
CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Inte ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2 ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6150 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dep ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6149 (Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Applica ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 th ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6147 (IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3. ...)
	NOT-FOR-US: IBM FSM
CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Dire ...)
	NOT-FOR-US: IBM
CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...)
	NOT-FOR-US: IBM
CVE-2014-6144 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...)
	NOT-FOR-US: IBM
CVE-2014-6143 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allo ...)
	NOT-FOR-US: IBM
CVE-2014-6142
	RESERVED
CVE-2014-6141 (IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6. ...)
	NOT-FOR-US: IBM
CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0. ...)
	NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
CVE-2014-6139 (The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1,  ...)
	NOT-FOR-US: IBM BPM
CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allo ...)
	NOT-FOR-US: IBM
CVE-2014-6137 (Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page  ...)
	NOT-FOR-US: IBM Endpoint Manager
CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports  ...)
	NOT-FOR-US: IBM
CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8. ...)
	NOT-FOR-US: IBM
CVE-2014-6134 (IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, ...)
	NOT-FOR-US: IBM
CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain sen ...)
	NOT-FOR-US: IBM API Management
CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...)
	NOT-FOR-US: IBM
CVE-2014-6131 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a  ...)
	NOT-FOR-US: IBM Notes Traveler application for Android
CVE-2014-6129 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2014-6128
	RESERVED
CVE-2014-6127
	RESERVED
CVE-2014-6126 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-6125 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Porta ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-6124
	RESERVED
CVE-2014-6123 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0. ...)
	NOT-FOR-US: IBM
CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8. ...)
	NOT-FOR-US: IBM
CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enter ...)
	NOT-FOR-US: IBM
CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0. ...)
	NOT-FOR-US: IBM Rational AppScan Source
CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8. ...)
	NOT-FOR-US: IBM
CVE-2014-6118
	RESERVED
CVE-2014-6117
	RESERVED
CVE-2014-6116 (The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L14091 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-6115 (IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authent ...)
	NOT-FOR-US: IBM Rational Insight
CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Server i ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports component  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6112 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...)
	NOT-FOR-US: IBM
CVE-2014-6111 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...)
	NOT-FOR-US: IBM
CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properl ...)
	NOT-FOR-US: IBM
CVE-2014-6109 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...)
	NOT-FOR-US: IBM
CVE-2014-6108 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...)
	NOT-FOR-US: IBM
CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote at ...)
	NOT-FOR-US: IBM
CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security Identi ...)
	NOT-FOR-US: IBM
CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote at ...)
	NOT-FOR-US: IBM
CVE-2014-6104
	RESERVED
CVE-2014-6103
	RESERVED
CVE-2014-6102 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-6101 (Cross-site scripting (XSS) vulnerability in the redirect-login feature ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x throu ...)
	NOT-FOR-US: IBM Sterling
CVE-2014-6098 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote at ...)
	NOT-FOR-US: IBM
CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Window ...)
	NOT-FOR-US: IBM
CVE-2014-6096 (Cross-site scripting (XSS) vulnerability in IBM Security Identity Mana ...)
	NOT-FOR-US: IBM
CVE-2014-6095 (Directory traversal vulnerability in IBM Security Identity Manager 6.x ...)
	NOT-FOR-US: IBM
CVE-2014-6094
	RESERVED
CVE-2014-6093 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-6092 (IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2  ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6091 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6090 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6089 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6088 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6087 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6086 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6085
	RESERVED
CVE-2014-6084 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6083 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6082 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6081
	RESERVED
CVE-2014-6080 (SQL injection vulnerability in IBM Security Access Manager for Mobile  ...)
	NOT-FOR-US: IBM
CVE-2014-6079 (Cross-site scripting (XSS) vulnerability in the Local Management Inter ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-6078 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6077 (Cross-site request forgery (CSRF) vulnerability in IBM Security Access ...)
	NOT-FOR-US: IBM
CVE-2014-6076 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...)
	NOT-FOR-US: IBM
CVE-2014-6075 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch  ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-6074 (IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated us ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2014-6073
	RESERVED
CVE-2014-6072
	RESERVED
CVE-2014-6071 (jQuery 1.4.2 allows remote attackers to conduct cross-site scripting ( ...)
	- jquery 1.6.1-1
	[squeeze] - jquery <no-dsa> (Only exploitable when following anti-patterns)
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=1136683#c2
CVE-2014-6069
	RESERVED
CVE-2014-6068
	RESERVED
CVE-2014-6067
	RESERVED
CVE-2014-6066
	RESERVED
CVE-2014-6065
	RESERVED
CVE-2014-6064 (The Accounts tab in the administrative user interface in McAfee Web Ga ...)
	NOT-FOR-US: McAfee Web Gateway
CVE-2014-6063
	RESERVED
CVE-2014-6062
	RESERVED
CVE-2014-6061
	RESERVED
CVE-2014-6059 (WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary ...)
	NOT-FOR-US: WordPress Advanced Access Manager Plugin
CVE-2014-6058
	RESERVED
CVE-2014-6057
	RESERVED
CVE-2014-6056
	RESERVED
CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in  ...)
	{DSA-3081-1 DLA-1979-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	- italc 1:3.0.1+dfsg1-1
	NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
	NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
	NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
	NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
	{DSA-3081-1 DLA-1979-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	- italc 1:3.0.1+dfsg1-1
	NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
	NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
	NOTE: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548 (required for sparc)
	NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
	NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
	{DSA-3081-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	- italc 1:3.0.1+dfsg1-1
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- vino 3.22.0-6 (bug #945784)
	[buster] - vino <no-dsa> (Minor issue)
	[stretch] - vino <no-dsa> (Minor issue)
	NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...)
	{DSA-3081-1 DLA-1979-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	- italc 1:3.0.1+dfsg1-1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in L ...)
	{DSA-3081-1 DLA-1979-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	- italc 1:3.0.1+dfsg1-1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
CVE-2014-6050 (phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA p ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-6049 (phpMyFAQ before 2.8.13 allows remote authenticated users with admin pr ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-6048 (phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attac ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-6047 (phpMyFAQ before 2.8.13 allows remote authenticated users with certain  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-6046 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-6045 (SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote au ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-6044
	RESERVED
CVE-2014-6043 (ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020  ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-6042
	RESERVED
CVE-2014-6041 (The Android WebView in Android before 4.4 allows remote attackers to b ...)
	NOT-FOR-US: Android Browser application
CVE-2014-6039 (ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a  ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-6038 (Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002  ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO M ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-6036 (Directory traversal vulnerability in the multipartRequest servlet in Z ...)
	NOT-FOR-US: ZOHO
CVE-2014-6035 (Directory traversal vulnerability in the FileCollector servlet in ZOHO ...)
	NOT-FOR-US: ZOHO
CVE-2014-6034 (Directory traversal vulnerability in the com.me.opmanager.extranet.rem ...)
	NOT-FOR-US: ZOHO
CVE-2014-6033
	REJECTED
CVE-2014-6032 (Multiple XML External Entity (XXE) vulnerabilities in the Configuratio ...)
	NOT-FOR-US: F5 Networks Big-IP
CVE-2014-6031 (Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10 ...)
	NOT-FOR-US: F5 BIG-IP systems
CVE-2014-6030 (Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET b ...)
	NOT-FOR-US: ClassApps SelectSurvey.NET
CVE-2014-6026
	RESERVED
CVE-2014-6025 (The Chartboost library before 2.0.2 for Android does not verify X.509  ...)
	NOT-FOR-US: Chartboost library for Android
CVE-2014-6024 (The Flurry library before 3.4.0 for Android does not verify X.509 cert ...)
	NOT-FOR-US: Flurry library for Android
CVE-2014-6023 (The s-peek credit rating report (aka com.rhomobile.speek) application  ...)
	NOT-FOR-US: s-peek credit rating report (aka com.rhomobile.speek) application for Android
CVE-2014-6022 (The Versent Books (aka com.versentbooks) application 1.1.99 for Androi ...)
	NOT-FOR-US: Versent Books (aka com.versentbooks) application for Android
CVE-2014-6021 (The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) app ...)
	NOT-FOR-US: Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application for Android
CVE-2014-6020 (The Fuel Rewards Network (aka com.excentus.frn) application 1 for Andr ...)
	NOT-FOR-US: Fuel Rewards Network (aka com.excentus.frn) application for Android
CVE-2014-6019 (The psychology (aka com.alek.psychology) application 1.0.2 for Android ...)
	NOT-FOR-US: psychology (aka com.alek.psychology) application for Android
CVE-2014-6018 (The global beauty research (aka com.appems.topgirl) application 1.6 fo ...)
	NOT-FOR-US: global beauty research (aka com.appems.topgirl) application for Android
CVE-2014-6017 (The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android  ...)
	NOT-FOR-US: Doodle Drop (aka net.lazyer.DoodleDrop) application for Android
CVE-2014-6016 (The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android  ...)
	NOT-FOR-US: Celluloid (aka com.eurisko.celluloid) application for Android
CVE-2014-6015 (The TuCarro (aka com.tucarro) application 2.0.5 for Android does not v ...)
	NOT-FOR-US: TuCarro (aka com.tucarro) application for Android
CVE-2014-6014 (The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) applicatio ...)
	NOT-FOR-US: Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application for Android
CVE-2014-6013 (The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for Andr ...)
	NOT-FOR-US: nuSquare (aka tw.com.nuphoto.nusquare) application for Android
CVE-2014-6012 (The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does ...)
	NOT-FOR-US: Gravity Bounce (aka net.toddm.gb) application for Android
CVE-2014-6011 (The cutprice (aka kr.co.wedoit.cutprice) application 1.0.4 for Android ...)
	NOT-FOR-US: cutprice (aka kr.co.wedoit.cutprice) application for Android
CVE-2014-6010 (The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) applicatio ...)
	NOT-FOR-US: Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application for Android
CVE-2014-6009 (The Zombie Detector (aka com.jimmybolstad.zombiedetector) application  ...)
	NOT-FOR-US: Zombie Detector (aka com.jimmybolstad.zombiedetector) application for Android
CVE-2014-6008 (The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for Andr ...)
	NOT-FOR-US: Blitz Bingo (aka com.appMobi.sbbingo.app) application for Android
CVE-2014-6007 (The LikeHero Get Instagram Likes (aka com.fraoula.likehero) applicatio ...)
	NOT-FOR-US: LikeHero Get Instagram Likes (aka com.fraoula.likehero) application for Android
CVE-2014-6006 (The Gratta &amp; Vinci? (aka com.dreamstep.wGrattaevinci) application  ...)
	NOT-FOR-US: Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application for Android
CVE-2014-6005 (The Survey.com Mobile (aka com.survey.android) application 3.2.16 for  ...)
	NOT-FOR-US: Survey.com Mobile (aka com.survey.android) application for Android
CVE-2014-6004 (The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3  ...)
	NOT-FOR-US: Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application for Android
CVE-2014-6003 (The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application ...)
	NOT-FOR-US: Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application for Android
CVE-2014-6002 (The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android ...)
	NOT-FOR-US: DTE Energy (aka com.dteenergy.mydte) application for Android
CVE-2014-6001 (The gewara (aka com.gewara) application 5.2.3 for Android does not ver ...)
	NOT-FOR-US: gewara (aka com.gewara) application for Android
CVE-2014-6000 (The FreshDirect (aka com.freshdirect.android) application 2.7.1 for An ...)
	NOT-FOR-US: FreshDirect (aka com.freshdirect.android) application for Android
CVE-2014-5999 (The autonavi (aka com.telenav.doudouyou.android.autonavi) application  ...)
	NOT-FOR-US: autonavi (aka com.telenav.doudouyou.android.autonavi) application for Android
CVE-2014-5998 (The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android d ...)
	NOT-FOR-US: SkyDrive Assistant (aka com.dhh.sky) application for Android
CVE-2014-5997 (The Auto Trader (aka za.co.autotrader.android.app) application 2 for A ...)
	NOT-FOR-US: Auto Trader (aka za.co.autotrader.android.app) application for Android
CVE-2014-5996 (The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3. ...)
	NOT-FOR-US: DEKRA Used Car Report (aka com.dekra.maengelreport) application for Android
CVE-2014-5995 (The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android ...)
	NOT-FOR-US: eWUS mobile (aka pl.dreryk.ewustest) application for Android
CVE-2014-5994 (The ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application  ...)
	NOT-FOR-US: ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application for Android
CVE-2014-5993 (The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for An ...)
	NOT-FOR-US: MLB Preplay (aka com.preplay.android.mlb) application for Android
CVE-2014-5992 (The successsecrets (aka com.alek.successsecrets) application 1.2.3 for ...)
	NOT-FOR-US: successsecrets (aka com.alek.successsecrets) application for Android
CVE-2014-5991 (The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions)  ...)
	NOT-FOR-US: Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application for Android
CVE-2014-5990 (The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Androi ...)
	NOT-FOR-US: cookbible (aka net.bookjam.cookbible) application for Android
CVE-2014-5989 (The baby days (aka jp.co.cyberagent.babydays) application 1.5.8 for An ...)
	NOT-FOR-US: baby days (aka jp.co.cyberagent.babydays) application for Android
CVE-2014-5988 (The Azkend Gold (aka com.the10tons.azkend.gold) application 1.2.6 for  ...)
	NOT-FOR-US: Azkend Gold (aka com.the10tons.azkend.gold) application for Android
CVE-2014-5987 (The My3 - by 3HK (aka com.my3) application @7F0A0001 for Android does  ...)
	NOT-FOR-US: My3 - by 3HK (aka com.my3) application for Android
CVE-2014-5986 (The Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters)  ...)
	NOT-FOR-US: Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) application for Android
CVE-2014-5985 (The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application ...)
	NOT-FOR-US: Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application for Android
CVE-2014-5984 (The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 f ...)
	NOT-FOR-US: Little Dragons (aka com.playcomo.dragongame) application for Android
CVE-2014-5983 (The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) applic ...)
	NOT-FOR-US: Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application for Android
CVE-2014-5982 (The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pr ...)
	NOT-FOR-US: RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application for Android
CVE-2014-5981 (The MoWeather (aka com.moji.moweather) application 1.40.05 for Android ...)
	NOT-FOR-US: MoWeather (aka com.moji.moweather) application for Android
CVE-2014-5980 (The Genertel (aka com.genertel) application 2.6.0 for Android does not ...)
	NOT-FOR-US: Genertel (aka com.genertel) application for Android
CVE-2014-5979 (The TV Bengali Open Directory (aka com.TVBengali) application 1.4 for  ...)
	NOT-FOR-US: TV Bengali Open Directory (aka com.TVBengali) application for Android
CVE-2014-5978 (The memetan (aka memetan.android.com.activity) application 1.1.0 for A ...)
	NOT-FOR-US: memetan (aka memetan.android.com.activity) application for Android
CVE-2014-5977 (The Mobile Face (aka com.wFacemobile) application 0.74.13432.91159 for ...)
	NOT-FOR-US: Mobile Face (aka com.wFacemobile) application for Android
CVE-2014-5976 (The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android ...)
	NOT-FOR-US: alibaba (aka com.alibaba.wireless) application for Android
CVE-2014-5975 (The eponyms (aka com.anddeveloper.eponyms) application 3.2 for Android ...)
	NOT-FOR-US: eponyms (aka com.anddeveloper.eponyms) application for Android
CVE-2014-5974 (The PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application 2.2  ...)
	NOT-FOR-US: PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application for Android
CVE-2014-5973 (The Aquarium Advice (aka com.socialknowledge.aquariumadvice) applicati ...)
	NOT-FOR-US: Aquarium Advice (aka com.socialknowledge.aquariumadvice) application for Android
CVE-2014-5972 (The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 ...)
	NOT-FOR-US: Loving - Couple Essential (aka com.xiaoenai.app) application for Android
CVE-2014-5971 (The Fiksu library for Android does not verify X.509 certificates from  ...)
	NOT-FOR-US: Fiksu library for Android
CVE-2014-5970 (The BabyBus (aka com.sinyee.babybus.concert.ru) application 3.91 for A ...)
	NOT-FOR-US: BabyBus (aka com.sinyee.babybus.concert.ru) application for Android
CVE-2014-5969 (The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 ...)
	NOT-FOR-US: healthylifestyle (aka com.alek.healthylifestyle) application for Android
CVE-2014-5968 (The iGolf - Golf GPS (aka com.igolf) application 20 for Android does n ...)
	NOT-FOR-US: iGolf - Golf GPS (aka com.igolf) application for Android
CVE-2014-5967 (The Designs Nail Arts (aka com.decoracionesnailart.flickr) application ...)
	NOT-FOR-US: Designs Nail Arts (aka com.decoracionesnailart.flickr) application for Android
CVE-2014-5966 (The Dreamland Super Theme GO Gold (aka com.gau.go.launcherex.viptheme. ...)
	NOT-FOR-US: Designs Nail Arts (aka com.decoracionesnailart.flickr) application for Android
CVE-2014-5965 (The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 ...)
	NOT-FOR-US: GrooveMusic (aka com.mobincube.android.sc_2HKFF) application for Android
CVE-2014-5964 (The MegaBank (aka com.megabank.mobilebank) application 2.0 for Android ...)
	NOT-FOR-US: MegaBank (aka com.megabank.mobilebank) application for Android
CVE-2014-5963 (The Halieutics (aka com.corn.Halieutics) application 21.40.5 for Andro ...)
	NOT-FOR-US: Halieutics (aka com.corn.Halieutics) application for Android
CVE-2014-5962 (The Guess The Actor (aka com.gamelikeinc.actors) application 1.1 for A ...)
	NOT-FOR-US: Guess The Actor (aka com.gamelikeinc.actors) application for Android
CVE-2014-5961 (The russiananime (aka com.rareartifact.russiananime68A5CCFE) applicati ...)
	NOT-FOR-US: russiananime (aka com.rareartifact.russiananime68A5CCFE) application for Android
CVE-2014-5960 (The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android doe ...)
	NOT-FOR-US: BundesArztsuche (aka de.kbv.bas) application for Android
CVE-2014-5959 (The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android do ...)
	NOT-FOR-US: tx Smart (aka com.wooriwm.txsmart) application for Android
CVE-2014-5958 (The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) applicat ...)
	NOT-FOR-US: ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application for Android
CVE-2014-5957 (The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Andr ...)
	NOT-FOR-US: Alien War Survivors (aka com.ly.a13.gp) application for Android
CVE-2014-5956 (The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 f ...)
	NOT-FOR-US: VPlayer Video Player (aka me.abitno.vplayer.t) application for Android
CVE-2014-5955 (The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Andro ...)
	NOT-FOR-US: Atomic Fusion (aka com.bytesized.fusion) application for Android
CVE-2014-5954 (The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 ...)
	NOT-FOR-US: State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application for Android
CVE-2014-5953 (The KASKUS (aka com.kaskus.android) application 2.13.0 for Android doe ...)
	NOT-FOR-US: KASKUS (aka com.kaskus.android) application for Android
CVE-2014-5952 (The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android ...)
	NOT-FOR-US: E-Dziennik (aka com.librus.dziennik) application for Android
CVE-2014-5951 (The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Androi ...)
	NOT-FOR-US: SinoPac (aka com.sionpac.app.SinoPac) application for Android
CVE-2014-5950 (The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for An ...)
	NOT-FOR-US: NOW (aka com.smtown.smtownnow.androidapp) application for Android
CVE-2014-5949 (The TICKET APP - Concerts &amp; Sports (aka com.xcr.android.ticketapp) ...)
	NOT-FOR-US: TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application for Android
CVE-2014-5948 (The Obama for America (aka com.barackobama.ofa) application 1.02 for A ...)
	NOT-FOR-US: Obama for America (aka com.barackobama.ofa) application for Android
CVE-2014-5947 (The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for  ...)
	NOT-FOR-US: psicofxp (aka com.tapatalk.psicofxpcom) application for Android
CVE-2014-5946 (The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) applicati ...)
	NOT-FOR-US: forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application for Android
CVE-2014-5945 (The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 f ...)
	NOT-FOR-US: Edline Mobile (aka com.wEdlineFree) application for Android
CVE-2014-5944 (The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does  ...)
	NOT-FOR-US: Soccer Blitz (aka soccer.blitz) application for Android
CVE-2014-5943 (The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta ...)
	NOT-FOR-US: LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application for Android
CVE-2014-5942 (The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) applica ...)
	NOT-FOR-US: Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application for Android
CVE-2014-5941 (The Armpit Spa &amp; Girl Games (aka com.freegames.spamakeover) applic ...)
	NOT-FOR-US: Armpit Spa & Girl Games (aka com.freegames.spamakeover) application for Android
CVE-2014-5940 (The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for A ...)
	NOT-FOR-US: PocketPC.ch (aka com.tapatalk.pocketpcch) application for Android
CVE-2014-5939 (The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.1 ...)
	NOT-FOR-US: travelzadcomvb (aka com.tapatalk.travelzadcomvb) application for Android
CVE-2014-5938 (The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2 ...)
	NOT-FOR-US: AllDealsAsia All Deals ADA app (aka com.ada.deals) application for Android
CVE-2014-5937 (The Social Networking (aka com.wSocialNetworkingSites) application 0.3 ...)
	NOT-FOR-US: Social Networking (aka com.wSocialNetworkingSites) application for Android
CVE-2014-5936 (The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4 ...)
	NOT-FOR-US: INCOgnito Private Browser (aka com.SL.InCoBrowser) application for Android
CVE-2014-5935 (The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) applicati ...)
	NOT-FOR-US: Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application for Android
CVE-2014-5934 (The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android d ...)
	NOT-FOR-US: Flurv Chat (aka com.flurv.android) application for Android
CVE-2014-5933 (The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Andro ...)
	NOT-FOR-US: Coke Studio 7 (aka com.cokeshare.pakistan) application for Android
CVE-2014-5932 (The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) applic ...)
	NOT-FOR-US: Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application for Android
CVE-2014-5931 (The Stop &amp; Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) appl ...)
	NOT-FOR-US: Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application for Android
CVE-2014-5930 (The Store and Share (aka sg.com.singnet.mystorage.android) application ...)
	NOT-FOR-US: Store and Share (aka sg.com.singnet.mystorage.android) application for Android
CVE-2014-5929 (The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Androi ...)
	NOT-FOR-US: emartmall (aka kr.co.emart.emartmall) application for Android
CVE-2014-5928 (The Steganos Online Shield VPN (aka com.steganos.onlineshield) applica ...)
	NOT-FOR-US: Steganos Online Shield VPN (aka com.steganos.onlineshield) application for Android
CVE-2014-5927 (The FastCustomer -- Fast Customer (aka www.fastcustomer.com) applicati ...)
	NOT-FOR-US: FastCustomer -- Fast Customer (aka www.fastcustomer.com) application for Android
CVE-2014-5926 (The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application ...)
	NOT-FOR-US: DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application for Android
CVE-2014-5925 (The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBes ...)
	NOT-FOR-US: 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application for Android
CVE-2014-5924 (The Monster Makeup (aka com.bearhugmedia.android_monster) application  ...)
	NOT-FOR-US: Monster Makeup (aka com.bearhugmedia.android_monster) application for Android
CVE-2014-5923 (The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 fo ...)
	NOT-FOR-US: Facebook Status Via (aka com.StatusViaAdvanced) application for Android
CVE-2014-5922 (The ga6748 (aka com.g.ga6748) application 1 for Android does not verif ...)
	NOT-FOR-US: ga6748 (aka com.g.ga6748) application for Android
CVE-2014-5921 (The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0. ...)
	NOT-FOR-US: Need for Speed Network (aka com.ea.nfsautolog.bv) application for Android
CVE-2014-5920 (The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Androi ...)
	NOT-FOR-US: VK Amberfog (aka com.amberfog.vkfree) application for Android
CVE-2014-5919 (The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4 ...)
	NOT-FOR-US: SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application for Android
CVE-2014-5918 (The Secret Circle - talk freely (aka com.easyxapp.secret) application  ...)
	NOT-FOR-US: Secret Circle - talk freely (aka com.easyxapp.secret) application for Android
CVE-2014-5917 (The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does ...)
	NOT-FOR-US: Slideshow 365 (aka com.Slideshow) application for Android
CVE-2014-5916 (The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Andr ...)
	NOT-FOR-US: Minha Oi (aka br.com.mobicare.minhaoi) application for Android
CVE-2014-5915 (The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) applica ...)
	NOT-FOR-US: Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application for Android
CVE-2014-5914 (The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) applicat ...)
	NOT-FOR-US: Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application for Android
CVE-2014-5913 (The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android ...)
	NOT-FOR-US: Allies in War (aka com.gamelion.aiw) application for Android
CVE-2014-5912 (The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Andro ...)
	NOT-FOR-US: InNote (aka com.intsig.notes) application for Android
CVE-2014-5911 (The Free App Icons &amp; Icon Packs (aka com.jellytap.cooliconfinder)  ...)
	NOT-FOR-US: Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application for Android
CVE-2014-5910 (The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application ...)
	NOT-FOR-US: Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application for Android
CVE-2014-5909 (The watcha (aka com.frograms.watcha) application 2.0.2 for Android doe ...)
	NOT-FOR-US: watcha (aka com.frograms.watcha) application for Android
CVE-2014-5908 (The Kmart (aka com.kmart.android) application @7F0C00EF for Android do ...)
	NOT-FOR-US: Kmart (aka com.kmart.android) application for Android
CVE-2014-5907 (The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Andro ...)
	NOT-FOR-US: Pet Salon (aka com.libiitech.petsalon) application for Android
CVE-2014-5906 (The Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android)  ...)
	NOT-FOR-US: Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) application for Android
CVE-2014-5905 (The Grocery List - Tomatoes (aka com.meucarrinho) application 5.1.4 fo ...)
	NOT-FOR-US: Grocery List - Tomatoes (aka com.meucarrinho) application for Android
CVE-2014-5904 (The MiniInTheBox Online Shopping (aka com.miniinthebox.android) applic ...)
	NOT-FOR-US: MiniInTheBox Online Shopping (aka com.miniinthebox.android) application for Android
CVE-2014-5903 (The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Andro ...)
	NOT-FOR-US: Mobile@Work (aka com.mobileiron) application for Android
CVE-2014-5902 (The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) applicat ...)
	NOT-FOR-US: UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application for Android
CVE-2014-5901 (The Beauty Bible - App for Girls (aka com.my.beauty.bible) application ...)
	NOT-FOR-US: Beauty Bible - App for Girls (aka com.my.beauty.bible) application for Android
CVE-2014-5900 (The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 ...)
	NOT-FOR-US: myHomework Student Planner (aka com.myhomeowork) application for Android
CVE-2014-5899 (The Nespresso (aka com.nespresso.activities) application 2.4.1 for And ...)
	NOT-FOR-US: Nespresso (aka com.nespresso.activities) application for Android
CVE-2014-5898 (The Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck ...)
	NOT-FOR-US: Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck.driver.simulator3d) application for Android
CVE-2014-5897 (The Parallel Mafia MMORPG (aka com.perblue.pm.client) application @7F0 ...)
	NOT-FOR-US: Parallel Mafia MMORPG (aka com.perblue.pm.client) application for Android
CVE-2014-5896 (The GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) appl ...)
	NOT-FOR-US: GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) application for Android
CVE-2014-5895 (The ShopYourWay (aka com.sears.shopyourway) application 1.9 for Androi ...)
	NOT-FOR-US: ShopYourWay (aka com.sears.shopyourway) application for Android
CVE-2014-5894 (The AireTalk: Text, Call, &amp; More! (aka com.pingshow.amper) applica ...)
	NOT-FOR-US: AireTalk: Text, Call, & More! (aka com.pingshow.amper) application for Android
CVE-2014-5893 (The froyo (aka com.shinsegae.mobile.froyo) application 5.1.3 for Andro ...)
	NOT-FOR-US: froyo (aka com.shinsegae.mobile.froyo) application for Android
CVE-2014-5892 (The greenbill (aka com.show.greenbill_G) application 2.0.3 for Android ...)
	NOT-FOR-US: greenbill (aka com.show.greenbill_G) application for Android
CVE-2014-5891 (The SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application 1.1 ...)
	NOT-FOR-US: SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application for Android
CVE-2014-5890 (The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Androi ...)
	NOT-FOR-US: KBO sports2i 2014 (aka com.sports2i) application for Android
CVE-2014-5889 (The Android Forums (aka com.tapatalk.androidforumscom) application 2.4 ...)
	NOT-FOR-US: Android Forums (aka com.tapatalk.androidforumscom) application for Android
CVE-2014-5888 (The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) appli ...)
	NOT-FOR-US: SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application for Android
CVE-2014-5887 (The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for ...)
	NOT-FOR-US: Yell Local Search (aka com.yell.launcher2) application for Android
CVE-2014-5886 (The iVysilani ceske televize (aka cz.motion.ivysilani) application 1.6 ...)
	NOT-FOR-US: iVysilani ceske televize (aka cz.motion.ivysilani) application for Android
CVE-2014-5885 (The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android ...)
	NOT-FOR-US: Disaster Alert (aka disasterAlert.PDC) application for Android
CVE-2014-5884 (The 1&amp;1 Online Storage (aka de.einsundeins.smartdrive) application ...)
	NOT-FOR-US: 1&1 Online Storage (aka de.einsundeins.smartdrive) application for Android
CVE-2014-5883 (The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does ...)
	NOT-FOR-US: 7-ELEVEN (aka ecowork.seven) application for Android
CVE-2014-5882 (The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does n ...)
	NOT-FOR-US: Homoo Ijiri (aka jp.co.applica) application for Android
CVE-2014-5881 (The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1  ...)
	NOT-FOR-US: Yahoo! ybox application for android
CVE-2014-5879 (The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does  ...)
	NOT-FOR-US: tvguide application for Android
CVE-2014-5878 (The ium (aka net.ium.mobile.android) application 3.3.4 for Android doe ...)
	NOT-FOR-US: ium application for Android
CVE-2014-5877 (The TV Guide (aka net.micene.minigroup.palimpsests.lite) application 5 ...)
	NOT-FOR-US: TV Guide application for Android
CVE-2014-5876 (The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does ...)
	NOT-FOR-US: WD My Cloud application for Android
CVE-2014-5875 (The Sylphone (aka com.sylpheo.prospectosyl) application 5.3.8 for Andr ...)
	NOT-FOR-US: Sylphone application for Android
CVE-2014-5874 (The SplashID (aka com.splashidandroid) application 7.2.2 for Android d ...)
	NOT-FOR-US: SplashID application for Android
CVE-2014-5873 (The Sears (aka com.sears.android) application 6.2.8 for Android does n ...)
	NOT-FOR-US: Sears application for Android
CVE-2014-5872 (The SafeNetMobile Pass (aka securecomputing.devices.android.controller ...)
	NOT-FOR-US: SafeNetMobile Pass application for Android
CVE-2014-5871 (The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Andro ...)
	NOT-FOR-US: Piwik Mobile 2 application for Android
CVE-2014-5870 (The Kmart (aka com.kmart.android) application 6.2.8 for Android does n ...)
	NOT-FOR-US: Kmart application for Android
CVE-2014-5869 (The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for And ...)
	NOT-FOR-US: CNNMoney Portfolio application for Android
CVE-2014-5868 (The Cisco Technical Support (aka com.cisco.swtg_android) application 3 ...)
	NOT-FOR-US: Cisco Technical Support application for Android
CVE-2014-5867 (The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0. ...)
	NOT-FOR-US: Capital One Spark Pay application for Android
CVE-2014-5866 (The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify  ...)
	NOT-FOR-US: CA DMV application for Android
CVE-2014-5865 (The Ask.com (aka com.ask.android) application 2.2.5 for Android does n ...)
	NOT-FOR-US: Ask.com application for Android
CVE-2014-5864 (The Swish payments (aka se.bankgirot.swish) application 2 for Android  ...)
	NOT-FOR-US: Swish payments application for Android
CVE-2014-5863 (The mpang.gp (aka air.com.cjenm.mpang.gp) application 4.0.0 for Androi ...)
	NOT-FOR-US: mpang.gp application for Android
CVE-2014-5862 (The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Androi ...)
	NOT-FOR-US: ecalendar2 application for Android
CVE-2014-5861 (The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for ...)
	NOT-FOR-US: BoyAhoy application for Android
CVE-2014-5860 (The Slide Show Creator (aka com.amem) application 4.4.3 for Android do ...)
	NOT-FOR-US: Slide Show Creator application for Android
CVE-2014-5859 (The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring ...)
	NOT-FOR-US: Star Girl application for Android
CVE-2014-5858 (The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for  ...)
	NOT-FOR-US: Candy Blast application for Android
CVE-2014-5857 (The White &amp; Yellow Pages (aka com.avantar.wny) application 5.1.1 f ...)
	NOT-FOR-US: White & Yellow Pages application for Android
CVE-2014-5856 (The Selfie Camera -Facial Beauty- (aka com.cfinc.cunpic) application 1 ...)
	NOT-FOR-US: Selfie Camera application for Android
CVE-2014-5855 (The CJmall (aka com.cjoshppingphone) application 4.1.8 for Android doe ...)
	NOT-FOR-US: CJmall application for Android
CVE-2014-5854 (The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1 ...)
	NOT-FOR-US: Windows Live Hotmail PUSH mail application for Android
CVE-2014-5853 (The Knights N Squires (aka com.com2us.imhero.normal.freefull.google.gl ...)
	NOT-FOR-US: Knights N Squires application for Android
CVE-2014-5852 (The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.andro ...)
	NOT-FOR-US: Kakao application for Android
CVE-2014-5851 (The Dark Summoner (aka com.darksummoner) application 1.03.39 for Andro ...)
	NOT-FOR-US: Dark Summoner application for Android
CVE-2014-5850 (The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for Andr ...)
	NOT-FOR-US: Kaave Fali application for Android
CVE-2014-5849 (The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1 ...)
	NOT-FOR-US: Maleficent Free Fall application for Android
CVE-2014-5848 (The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 f ...)
	NOT-FOR-US: Dubstep Hero application for Android
CVE-2014-5847 (The Big Win Slots - Slot Machines (aka com.gosub60.BigWinSlots) applic ...)
	NOT-FOR-US: Big Win Slot application for Android
CVE-2014-5846 (The Fairy Princess Makeover Salon (aka com.mobgams.dressup.fairy.princ ...)
	NOT-FOR-US: Fairy Princess Makeover Salon application for Android
CVE-2014-5845 (The Strike Fighters Israel (aka com.thirdwire.strikefighters.mideast.a ...)
	NOT-FOR-US: Strike Fighers Israel application for Android
CVE-2014-5844 (The Alsunna (aka com.wAlsunna) application 0.1 for Android does not ve ...)
	NOT-FOR-US: Alsunna application for Android
CVE-2014-5843 (The ADP AGENCY Immobiliare (aka com.wAdpagencyAndroid) application 0.1 ...)
	NOT-FOR-US: ADP AGENCY Immobiliare application for Android
CVE-2014-5842 (The 2G Live Tv (aka com.ww2GLiveTv) application 0.9 for Android does n ...)
	NOT-FOR-US: 2G Live TV application for Android
CVE-2014-5841 (The Girls Calendar Period&amp;Weight (aka jp.co.cybird.apps.lifestyle. ...)
	NOT-FOR-US: Girls Calendar Period&Weight application for Android
CVE-2014-5840 (The forfone: Free Calls &amp; Messages (aka com.forfone.sip) forfone a ...)
	NOT-FOR-US: forfone application for Android
CVE-2014-5839 (The Acces Compte (aka com.fullsix.android.labanquepostale.accountacces ...)
	NOT-FOR-US: Acces Compte application for Android
CVE-2014-5838 (The Girls Games - Shoes Maker (aka com.g6677.android.shoemaker) applic ...)
	NOT-FOR-US: Girls Games application for Android
CVE-2014-5837 (The My Railway (aka com.gameinsight.myrailway) application 1.1.33 for  ...)
	NOT-FOR-US: My Railway application for Android
CVE-2014-5836 (The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for And ...)
	NOT-FOR-US: GittiGidiyor application for Android
CVE-2014-5835 (The Club Personal (aka com.globant.clubpersonal) application 2.6 for A ...)
	NOT-FOR-US: Club Personal application for Android
CVE-2014-5834 (The Solitaire Deluxe (aka com.gosub60.solfree2) application 2.8.5 for  ...)
	NOT-FOR-US: Solitaire Deluxe application for Android
CVE-2014-5833 (The FriendCaster Chat (aka com.handmark.friendcaster.chat) application ...)
	NOT-FOR-US: Friendaster Chat application for Android
CVE-2014-5832 (The hananbank (aka com.hanabank.ebk.channel.android.hananbank) applica ...)
	NOT-FOR-US: hananbank application for Android
CVE-2014-5831 (The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) appl ...)
	NOT-FOR-US: Hotel Story application for Android
CVE-2014-5830 (The Farm Frenzy Gold (aka com.herocraft.game.farmfrenzy.gold) applicat ...)
	NOT-FOR-US: Farm Frenzy Gold application for Android
CVE-2014-5829 (The Hobby Lobby Stores (aka com.hobbylobbystores.android) application  ...)
	NOT-FOR-US: Hobby Lobby Stores application for Android
CVE-2014-5828 (The 3Kundenzone (aka com.hutchison3g.at.android.selfcare) application  ...)
	NOT-FOR-US: 3Kundenzone application for Android
CVE-2014-5827 (The Ibotta - Better than Coupons. (aka com.ibotta.android) application ...)
	NOT-FOR-US: Ibotta application for Android
CVE-2014-5826 (The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar ...)
	NOT-FOR-US: Rix GO Locker Theme application for Android
CVE-2014-5825 (The Guess The Movie (aka com.june.guessthemovie) application 2.982 for ...)
	NOT-FOR-US: Guess The Movie application for Android
CVE-2014-5824 (The longjiang (aka com.longjiang.kr) application 2.0.6 for Android doe ...)
	NOT-FOR-US: longjiang application for Android
CVE-2014-5823 (The The Cleaner - Speed up &amp; Clean (aka com.liquidum.thecleaner) a ...)
	NOT-FOR-US: The Cleaner application for Android
CVE-2014-5822 (The VK Kate Mobile (aka com.perm.kate) application 9.6.1 for Android d ...)
	NOT-FOR-US: VK Kate Mobile application for Android
CVE-2014-5821 (The Guitar Tuner Free - GuitarTuna (aka com.ovelin.guitartuna) applica ...)
	NOT-FOR-US: Guitar Tuner Free application for Android
CVE-2014-5820 (The OkCupid Dating (com.okcupid.okcupid) application 3.4.6 for Android ...)
	NOT-FOR-US: OkCupid Dating application for Android
CVE-2014-5819 (The PHONE for Google Voice &amp; GTalk (aka com.moplus.gvphone) applic ...)
	NOT-FOR-US: PHONE for Google Voice & GTalk application for Android
CVE-2014-5818 (The Tiny Tower (aka com.mobage.ww.a560.tinytower_android) application  ...)
	NOT-FOR-US: Tiny Tower application for Android
CVE-2014-5817 (The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for A ...)
	NOT-FOR-US: Mini Pets application for Android
CVE-2014-5816 (The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does ...)
	NOT-FOR-US: MeiPai application for Android
CVE-2014-5815 (The Solitaire Arena (aka com.mavenhut.solitaire) application 1.0.15 fo ...)
	NOT-FOR-US: Solitaire Arena application for Android
CVE-2014-5814
	REJECTED
CVE-2014-5813 (The lostword (aka zozo.android.lostword) application 5.9 for Android d ...)
	NOT-FOR-US: lostword application for Android
CVE-2014-5812 (The VDM Officiel (aka vdm.activities) application 5 for Android does n ...)
	NOT-FOR-US: VDM Officiel application for Android
CVE-2014-5811 (The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060 ...)
	NOT-FOR-US: ZOOM cloud Meetings application for Android
CVE-2014-5810 (The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1 ...)
	NOT-FOR-US: SGK Hizmet Dokumu 4a application for Android
CVE-2014-5809 (The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for A ...)
	NOT-FOR-US: Smart Browser (aka smartbrowser.geniuscloud) application for Android
CVE-2014-5808 (The Whisper (aka sh.whisper) application 4.0.6 for Android does not ve ...)
	NOT-FOR-US: Whisper application for Android
CVE-2014-5807 (The Safari Browser (aka safari.safaribrowser.internetexplorer) applica ...)
	NOT-FOR-US: Safari Browser application for Android
CVE-2014-5806 (The World of Tanks Assistant (aka ru.worldoftanks.mobile) application  ...)
	NOT-FOR-US: World of Tanks Assistant application for Android
CVE-2014-5805 (The Dating for everyone - Mamba! (aka ru.mamba.client) application 3.5 ...)
	NOT-FOR-US: Dating for everyone - Mamba! application for Android
CVE-2014-5804 (The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does n ...)
	NOT-FOR-US: Mail.Ru Dating application for Android
CVE-2014-5803 (The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 fo ...)
	NOT-FOR-US: Towers N' Trolls application for Android
CVE-2014-5802 (The PlayScape (aka playscape.mominis.gameconsole.com) application 9.3. ...)
	NOT-FOR-US: PlayScape application for Android
CVE-2014-5801 (The DataGard VPN + AV (aka ocshield.com) application @7F050013 for And ...)
	NOT-FOR-US: DataGard VPN + AV application for Android
CVE-2014-5800 (The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for ...)
	NOT-FOR-US: smart.nhibzbanking application for Android
CVE-2014-5799 (The smart.card (aka nh.smart.card) application 3.2 for Android does no ...)
	NOT-FOR-US: smart.card application for Android
CVE-2014-5798 (The smart.calculator (aka nh.smart.calculator) application 2 for Andro ...)
	NOT-FOR-US: smart.calculator application for Android
CVE-2014-5797 (The smart (aka nh.smart) application 3.0.5 for Android does not verify ...)
	NOT-FOR-US: smart application for Android
CVE-2014-5796 (The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android do ...)
	NOT-FOR-US: Chest workout application for Android
CVE-2014-5794 (The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for An ...)
	NOT-FOR-US: 8 Minutes Abs Workout application for Android
CVE-2014-5793 (The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for ...)
	NOT-FOR-US: Bilgi Yarisi application for Android
CVE-2014-5792 (The Reign of Dragons: Build-Battle (aka net.gree.android.pf.greeapp575 ...)
	NOT-FOR-US: Reign of Dragons application for Android
CVE-2014-5791 (The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for And ...)
	NOT-FOR-US: Daum cloud application for Android
CVE-2014-5790 (The Pets Fun House (aka mominis.Generic_Android.Pets_Fun_House) applic ...)
	NOT-FOR-US: Pets Fun House application for Android
CVE-2014-5789 (The Ninja Chicken Ooga Booga (aka mominis.Generic_Android.Ninja_Chicke ...)
	NOT-FOR-US: Nija Chicken Ooga Booga application for Android
CVE-2014-5788 (The Ninja Chicken Adventure Island (aka mominis.Generic_Android.Ninja_ ...)
	NOT-FOR-US: Ninja Chicken Adventure Island application for Android
CVE-2014-5787 (The Ninja Chicken (aka mominis.Generic_Android.Ninja_Chicken) applicat ...)
	NOT-FOR-US: Ninja Chicken application for Android
CVE-2014-5786 (The Jewels &amp; Diamonds (aka mominis.Generic_Android.Jewels_and_Diam ...)
	NOT-FOR-US: Jewels & Diamonds application for Android
CVE-2014-5785 (The Bouncy Bill World-Cup (aka mominis.Generic_Android.Bouncy_Bill_Wor ...)
	NOT-FOR-US: Bouncy Bill World-Cup application for Android
CVE-2014-5784 (The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seaso ...)
	NOT-FOR-US: Bouncy Bill Seasons application for Android
CVE-2014-5783 (The Bouncy Bill Monster Smasher ed (aka mominis.Generic_Android.Bouncy ...)
	NOT-FOR-US: Bouncy Bill Monster Smasher ed application for Android
CVE-2014-5782 (The Bouncy Bill Halloween (aka mominis.Generic_Android.Bouncy_Bill_Hal ...)
	NOT-FOR-US: Bouncy Bill Halloween application for Android
CVE-2014-5781 (The Bouncy Bill Easter Tales (aka mominis.Generic_Android.Bouncy_Bill_ ...)
	NOT-FOR-US: Bouncy Bill Easter Tales application for Android
CVE-2014-5780 (The Bouncy Bill (aka mominis.Generic_Android.Bouncy_Bill) application  ...)
	NOT-FOR-US: Bouncy Bill application for Android
CVE-2014-5779 (The Jack'd - Gay Chat &amp; Dating (aka mobi.jackd.android) applicatio ...)
	NOT-FOR-US: Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application for Android
CVE-2014-5778 (The Pou (aka me.pou.app) application 1.4.53 for Android does not verif ...)
	NOT-FOR-US: Pou (aka me.pou.app) application for Android
CVE-2014-5777 (The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) applica ...)
	NOT-FOR-US: icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application for Android
CVE-2014-5776 (The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) applicat ...)
	NOT-FOR-US: PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application for Android
CVE-2014-5775 (The Super Fast Browser (aka iron.web.jalepano.browser) application 2.0 ...)
	NOT-FOR-US: Super Fast Browser (aka iron.web.jalepano.browser) application for Android
CVE-2014-5774 (The Web Browser &amp; Explorer (aka internetexplorer.browser.webexplor ...)
	NOT-FOR-US: Web Browser & Explorer (aka internetexplorer.browser.webexplorer) application for Android
CVE-2014-5773 (The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2. ...)
	NOT-FOR-US: RegisteredAssistant (aka Icr.RegisteredAssistant) application for Android
CVE-2014-5772 (The Government Bookstore (aka hksarg.isd.sop.govbookstore) application ...)
	NOT-FOR-US: Government Bookstore (aka hksarg.isd.sop.govbookstore) application for Android
CVE-2014-5771 (The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1  ...)
	NOT-FOR-US: Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application for Android
CVE-2014-5770 (The Web Browser for Android (aka explore.web.browser) application 1.2  ...)
	NOT-FOR-US: Web Browser for Android (aka explore.web.browser) application for Android
CVE-2014-5769 (The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for An ...)
	NOT-FOR-US: Mobiscope Local (aka ehs.mobiscope.kernel) application for Android
CVE-2014-5768 (The Food Planner (aka dk.boggie.madplan.android) application 4.8.4.3-g ...)
	NOT-FOR-US: Food Planner (aka dk.boggie.madplan.android) application for Android
CVE-2014-5767 (The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for Androi ...)
	NOT-FOR-US: IM+ (aka de.shapeservices.impluslite) application for Android
CVE-2014-5766 (The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for And ...)
	NOT-FOR-US: Uber B2B (aka de.mobileeventguide.uberb2b) application for Android
CVE-2014-5765 (The Paint for Friends (aka de.lotumlabs.buddypainting) application 1.5 ...)
	NOT-FOR-US: Paint for Friends (aka de.lotumlabs.buddypainting) application for Android
CVE-2014-5764 (The Antivirus Free (aka com.zrgiu.antivirus) application 7.2.16.02 for ...)
	NOT-FOR-US: Antivirus Free (aka com.zrgiu.antivirus) application for Android
CVE-2014-5763 (The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application  ...)
	NOT-FOR-US: Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application for Android
CVE-2014-5762 (The Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google ...)
	NOT-FOR-US: Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application for Android
CVE-2014-5761 (The Zipcar (aka com.zc.android) application 3.4.2 for Android does not ...)
	NOT-FOR-US: Zipcar (aka com.zc.android) application for Android
CVE-2014-5760 (The Pizza Hut (aka com.yum.pizzahut) application 2.0.5 for Android doe ...)
	NOT-FOR-US: Pizza Hut (aka com.yum.pizzahut) application for Android
CVE-2014-5759 (The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) applic ...)
	NOT-FOR-US: Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application for Android
CVE-2014-5758 (The Yellow Pages Local Search (aka com.yellowbook.android2) applicatio ...)
	NOT-FOR-US: Yellow Pages Local Search (aka com.yellowbook.android2) application for Android
CVE-2014-5757 (The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for A ...)
	NOT-FOR-US: Buy Tickets (aka com.xcr.android.buytickets) application for Android
CVE-2014-5756 (The Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) applicati ...)
	NOT-FOR-US: Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) application for Android
CVE-2014-5755 (The verizon (aka com.wverizonwirelessbill) application 0.1 for Android ...)
	NOT-FOR-US: verizon (aka com.wverizonwirelessbill) application for Android
CVE-2014-5754 (The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) ap ...)
	NOT-FOR-US: Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application for Android
CVE-2014-5753 (The Twitter No Background (aka com.wTwitternobackground) application 0 ...)
	NOT-FOR-US: Twitter No Background (aka com.wTwitternobackground) application for Android
CVE-2014-5752 (The wTradersActivity (aka com.wTradersActivity) application 0.1 for An ...)
	NOT-FOR-US: wTradersActivity (aka com.wTradersActivity) application for Android
CVE-2014-5751 (The Tor Browser the Short Guide (aka com.wTorShortUserManual) applicat ...)
	NOT-FOR-US: Tor Browser the Short Guide (aka com.wTorShortUserManual) application for Android
CVE-2014-5750 (The Pro Bet Tips (aka com.wProBetTips) application 0.2 for Android doe ...)
	NOT-FOR-US: Pro Bet Tips (aka com.wProBetTips) application for Android
CVE-2014-5749 (The Jelly Splash (aka com.wooga.jelly_splash) application 1.11.3 for A ...)
	NOT-FOR-US: Jelly Splash (aka com.wooga.jelly_splash) application for Android
CVE-2014-5748 (The wK12olslogin (aka com.wK12olslogin) application 0.1 for Android do ...)
	NOT-FOR-US: wK12olslogin (aka com.wK12olslogin) application for Android
CVE-2014-5747 (The XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) ap ...)
	NOT-FOR-US: XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) application for Android
CVE-2014-5746 (The Government Best Jobs (aka com.wGovernmentBestJobs) application 0.1 ...)
	NOT-FOR-US: Government Best Jobs (aka com.wGovernmentBestJobs) application for Android
CVE-2014-5745 (The FREE Pageplus Activation (aka com.wFREEPageplusActivations) applic ...)
	NOT-FOR-US: FREE Pageplus Activation (aka com.wFREEPageplusActivations) application for Android
CVE-2014-5744 (The RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) applica ...)
	NOT-FOR-US: RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) application for Android
CVE-2014-5743 (The RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) applic ...)
	NOT-FOR-US: RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) application for Android
CVE-2014-5742 (The Eversnap Private Photo Album (aka com.weddingsnap.android) applica ...)
	NOT-FOR-US: Eversnap Private Photo Album (aka com.weddingsnap.android) application for Android
CVE-2014-5741 (The Security - Complete (aka com.webroot.security.complete) applicatio ...)
	NOT-FOR-US: Security - Complete (aka com.webroot.security.complete) application for Android
CVE-2014-5740 (The Security - Free (aka com.webroot.security) application 3.6.0.6610  ...)
	NOT-FOR-US: Security - Free (aka com.webroot.security) application for Android
CVE-2014-5739 (The Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) applic ...)
	NOT-FOR-US: Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) application for Android
CVE-2014-5738 (The Garfield's Defense (aka com.webprancer.google.garfieldDefense) app ...)
	NOT-FOR-US: Garfield's Defense (aka com.webprancer.google.garfieldDefense) application for Android
CVE-2014-5737 (The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not veri ...)
	NOT-FOR-US: CDsoft (aka com.wCDSOFT) application for Android
CVE-2014-5736 (The Buy Coins (aka com.wBuyCoins) application 0.62.13364.24150 for And ...)
	NOT-FOR-US: Buy Coins (aka com.wBuyCoins) application for Android
CVE-2014-5735 (The Buy A Gift (aka com.wBuyAGift) application 13529.90084 for Android ...)
	NOT-FOR-US: Buy A Gift (aka com.wBuyAGift) application for Android
CVE-2014-5734 (The Buy Books (aka com.wBooksForSale) application 0.1 for Android does ...)
	NOT-FOR-US: Buy Books (aka com.wBooksForSale) application for Android
CVE-2014-5733 (The Shop Love (aka com.waterwish.shoplove) application 1.05 for Androi ...)
	NOT-FOR-US: Shop Love (aka com.waterwish.shoplove) application for Android
CVE-2014-5732 (The Wamba - meet women and men (aka com.wamba.client) application 3 fo ...)
	NOT-FOR-US: Wamba - meet women and men (aka com.wamba.client) application for Android
CVE-2014-5731 (The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for  ...)
	NOT-FOR-US: Word Search (aka com.virtuesoft.wordsearch) application for Android
CVE-2014-5730 (The russkoe TB HD (aka com.videotelecom.russkoeHD) application 3.6 for ...)
	NOT-FOR-US: russkoe TB HD (aka com.videotelecom.russkoeHD) application for Android
CVE-2014-5729 (The Viddy (aka com.viddy.Viddy) application 1.3.9 for Android does not ...)
	NOT-FOR-US: Viddy (aka com.viddy.Viddy) application for Android
CVE-2014-5728 (The Vevo - Watch HD Music Videos (aka com.vevo) application 2.0.27 for ...)
	NOT-FOR-US: Vevo - Watch HD Music Videos (aka com.vevo) application for Android
CVE-2014-5727 (The uTorrent Remote (aka com.utorrent.web) application 1.0.20110929 fo ...)
	NOT-FOR-US: uTorrent Remote (aka com.utorrent.web) application for Android
CVE-2014-5726 (The Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) appl ...)
	NOT-FOR-US: Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) application for Android
CVE-2014-5725 (The Truecaller - Caller ID &amp; Block (aka com.truecaller) applicatio ...)
	NOT-FOR-US: Truecaller - Caller ID & Block (aka com.truecaller) application for Android
CVE-2014-5724 (The Gambling Insider Magazine (aka com.triactivemedia.gambling) applic ...)
	NOT-FOR-US: Gambling Insider Magazine (aka com.triactivemedia.gambling) application for Android
CVE-2014-5723 (The Trapster (aka com.trapster.android) application 4.3.2 for Android  ...)
	NOT-FOR-US: Trapster (aka com.trapster.android) application for Android
CVE-2014-5722 (The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application ...)
	NOT-FOR-US: SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application for Android
CVE-2014-5721 (The Touchnote Postcards (aka com.touchnote.android) application 4.2.7  ...)
	NOT-FOR-US: Touchnote Postcards (aka com.touchnote.android) application for Android
CVE-2014-5720 (The Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreew ...)
	NOT-FOR-US: Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreeworld) application for Android
CVE-2014-5719 (The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) applicati ...)
	NOT-FOR-US: BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application for Android
CVE-2014-5718
	REJECTED
CVE-2014-5717 (The Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) ...)
	NOT-FOR-US: Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) application for Android
CVE-2014-5716 (The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) ...)
	NOT-FOR-US: GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application for Android
CVE-2014-5715 (The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 ...)
	NOT-FOR-US: Street Racing (aka com.tgb.streetracing.lite5pp) application for Android
CVE-2014-5714 (The Text Me! Free Texting &amp; Call (aka com.textmeinc.textme) applic ...)
	NOT-FOR-US: Text Me! Free Texting & Call (aka com.textmeinc.textme) application for Android
CVE-2014-5713 (The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for ...)
	NOT-FOR-US: Telly - Watch the good stuff (aka com.telly) application for Android
CVE-2014-5712 (The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) app ...)
	NOT-FOR-US: Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application for Android
CVE-2014-5711 (The Microsoft Tech Companion (aka com.technet) application 1.0.6 for A ...)
	NOT-FOR-US: Microsoft Tech Companion (aka com.technet) application for Android
CVE-2014-5710 (The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastl ...)
	NOT-FOR-US: Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android
CVE-2014-5709 (The Donut Maker (aka com.sunstorm.android.donut) application 1.27 for  ...)
	NOT-FOR-US: Donut Maker (aka com.sunstorm.android.donut) application for Android
CVE-2014-5708 (The Best Racing/moto Games Ranking (aka com.subapp.android.racing) app ...)
	NOT-FOR-US: Best Racing/moto Games Ranking (aka com.subapp.android.racing) application for Android
CVE-2014-5707 (The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1. ...)
	NOT-FOR-US: Bunny Run (aka com.stargirlgames.google.bunnyrun) application for Android
CVE-2014-5706 (The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1. ...)
	NOT-FOR-US: SomNote - Journal/Memo (aka com.somcloud.somnote) application for Android
CVE-2014-5705 (The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for ...)
	NOT-FOR-US: Sonic CD Lite (aka com.soa.sega.soniccdlite) application for Android
CVE-2014-5704 (The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for  ...)
	NOT-FOR-US: DISH Anywhere (aka com.sm.SlingGuide.Dish) application for Android
CVE-2014-5703 (The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) a ...)
	NOT-FOR-US: Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application for Android
CVE-2014-5702 (The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 f ...)
	NOT-FOR-US: Penguin Run (aka com.skyboard.google.penguinRun) application for Android
CVE-2014-5701 (The Skout: Chats. Friends. Fun. (aka com.skout.android) application 4. ...)
	NOT-FOR-US: Skout: Chats. Friends. Fun. (aka com.skout.android) application for Android
CVE-2014-5700 (The Brain lab - brain age games IQ (aka com.sixdead.brainlab) applicat ...)
	NOT-FOR-US: Brain lab - brain age games IQ (aka com.sixdead.brainlab) application for Android
CVE-2014-5699 (The Parallel Kingdom MMO (aka com.silvermoon.client) application @7F07 ...)
	NOT-FOR-US: Parallel Kingdom MMO (aka com.silvermoon.client) application for Android
CVE-2014-5698 (The Furdiburb (aka com.sheado.lite.pet) application 1.1.2 for Android  ...)
	NOT-FOR-US: Furdiburb (aka com.sheado.lite.pet) application for Android
CVE-2014-5697 (The Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application 2 ...)
	NOT-FOR-US: Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application for Android
CVE-2014-5696 (The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application 2 ...)
	NOT-FOR-US: Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application for Android
CVE-2014-5695 (The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application 1. ...)
	NOT-FOR-US: Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application for Android
CVE-2014-5694 (The Scoutmob local deals &amp; events (aka com.scoutmob.ile) applicati ...)
	NOT-FOR-US: Scoutmob local deals & events (aka com.scoutmob.ile) application for Android
CVE-2014-5693 (The Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) applic ...)
	NOT-FOR-US: Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) application for Android
CVE-2014-5692 (The Safeway (aka com.safeway.client.android.safeway) application 4.1.0 ...)
	NOT-FOR-US: Safeway (aka com.safeway.client.android.safeway) application for Android
CVE-2014-5691 (The Best Phone Security (aka com.rvappstudios.phonesecurity) applicati ...)
	NOT-FOR-US: Best Phone Security (aka com.rvappstudios.phonesecurity) application for Android
CVE-2014-5690 (The Runtastic Timer (aka com.runtastic.android.timer) application 1.0. ...)
	NOT-FOR-US: Runtastic Timer (aka com.runtastic.android.timer) application for Android
CVE-2014-5689 (The Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) appl ...)
	NOT-FOR-US: Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) application for Android
CVE-2014-5688 (The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) app ...)
	NOT-FOR-US: Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application for Android
CVE-2014-5687 (The Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.li ...)
	NOT-FOR-US: Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.lite) application for Android
CVE-2014-5686 (The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 ...)
	NOT-FOR-US: Runtastic Me (aka com.runtastic.android.me.lite) application for Android
CVE-2014-5685 (The Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) ap ...)
	NOT-FOR-US: Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) application for Android
CVE-2014-5684 (The Runtastic Running &amp; Fitness (aka com.runtastic.android) applic ...)
	NOT-FOR-US: Runtastic Running & Fitness (aka com.runtastic.android) application for Android
CVE-2014-5683 (The Piano Teacher (aka com.rubycell.pianisthd) application 20140730 fo ...)
	NOT-FOR-US: Piano Teacher (aka com.rubycell.pianisthd) application for Android
CVE-2014-5682 (The Retale - Weekly Ads &amp; Deals (aka com.retale.android) applicati ...)
	NOT-FOR-US: Retale - Weekly Ads & Deals (aka com.retale.android) application for Android
CVE-2014-5681 (The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3 ...)
	NOT-FOR-US: XDA-Developers (aka com.quoord.tapatalkxda.activity) application for Android
CVE-2014-5680 (The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 f ...)
	NOT-FOR-US: Tapatalk (aka com.quoord.tapatalkpro.activity) application for Android
CVE-2014-5679 (The PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application  ...)
	NOT-FOR-US: PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application for Android
CVE-2014-5678 (The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for An ...)
	NOT-FOR-US: IQ Test (aka com.pophub.androidiqtest.free) application for Android
CVE-2014-5677 (The Point Inside Shopping &amp; Travel (aka com.pointinside.android.ap ...)
	NOT-FOR-US: Point Inside Shopping & Travel (aka com.pointinside.android.app) application for Android
CVE-2014-5676 (The Township (aka com.playrix.township) application 1.5.1 for Android  ...)
	NOT-FOR-US: Township (aka com.playrix.township) application for Android
CVE-2014-5675 (The Phonegram - Instagram Download (aka com.pinssible.padgram) applica ...)
	NOT-FOR-US: Phonegram - Instagram Download (aka com.pinssible.padgram) application for Android
CVE-2014-5674 (The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5  ...)
	NOT-FOR-US: PicsArt - Photo Studio (aka com.picsart.studio) application for Android
CVE-2014-5673 (The Easy Finder &amp; Anti-Theft (aka com.nqmobile.easyfinder) applica ...)
	NOT-FOR-US: Easy Finder & Anti-Theft (aka com.nqmobile.easyfinder) application for Android
CVE-2014-5672 (The NQ Mobile Security &amp; Antivirus (aka com.nqmobile.antivirus20)  ...)
	NOT-FOR-US: NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) application for Android
CVE-2014-5671 (The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for A ...)
	NOT-FOR-US: Super Stickman Golf (aka com.noodlecake.ssg) application for Android
CVE-2014-5670 (The SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) applic ...)
	NOT-FOR-US: SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) application for Android
CVE-2014-5669 (The 9GAG - Funny pics and videos (aka com.ninegag.android.app) applica ...)
	NOT-FOR-US: 9GAG - Funny pics and videos (aka com.ninegag.android.app) application for Android
CVE-2014-5668 (The BAND -Group sharing &amp; planning (aka com.nhn.android.band) appl ...)
	NOT-FOR-US: BAND -Group sharing & planning (aka com.nhn.android.band) application for Android
CVE-2014-5667 (The Vault-Hide SMS, Pics &amp; Videos (aka com.netqin.ps) application  ...)
	NOT-FOR-US: Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application for Android
CVE-2014-5666 (The AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo)  ...)
	NOT-FOR-US: AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) application for Android
CVE-2014-5665 (The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Andro ...)
	NOT-FOR-US: Mzone Login (aka com.mr384.MzoneLogin) application for Android
CVE-2014-5664 (The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 f ...)
	NOT-FOR-US: Spider Solitaire (aka com.mobilityware.spider) application for Android
CVE-2014-5663 (The FreeCell Solitaire (aka com.mobilityware.freecell) application 2.1 ...)
	NOT-FOR-US: FreeCell Solitaire (aka com.mobilityware.freecell) application for Android
CVE-2014-5662 (The Rail Rush (aka com.miniclip.railrush) application 1.9.0 for Androi ...)
	NOT-FOR-US: Rail Rush (aka com.miniclip.railrush) application for Android
CVE-2014-5661 (The Anger of Stick 3 (aka com.miniclip.angerofstick3) application 1.0. ...)
	NOT-FOR-US: Anger of Stick 3 (aka com.miniclip.angerofstick3) application for Android
CVE-2014-5660 (The TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application 1. ...)
	NOT-FOR-US: TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application for Android
CVE-2014-5659 (The ASTRO File Manager with Cloud (aka com.metago.astro) application A ...)
	NOT-FOR-US: ASTRO File Manager with Cloud (aka com.metago.astro) application for Android
CVE-2014-5658 (The MercadoLibre (aka com.mercadolibre) application 3.8.7 for Android  ...)
	NOT-FOR-US: MercadoLibre (aka com.mercadolibre) application for Android
CVE-2014-5657 (The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for A ...)
	NOT-FOR-US: CA Lottery Results (aka com.matcho0.calotto) application for Android
CVE-2014-5656 (The TRA Auctions for Buyers (aka com.manheim.tra) application 2.6 for  ...)
	NOT-FOR-US: TRA Auctions for Buyers (aka com.manheim.tra) application for Android
CVE-2014-5655 (The CM Browser - Fast &amp; Secure (aka com.ksmobile.cb) application 5 ...)
	NOT-FOR-US: CM Browser - Fast & Secure (aka com.ksmobile.cb) application for Android
CVE-2014-5654 (The Kaspersky Internet Security (aka com.kms.free) application 11.4.4. ...)
	NOT-FOR-US: Kaspersky Internet Security (aka com.kms.free) application for Android
CVE-2014-5653 (The Unblock Me FREE (aka com.kiragames.unblockmefree) application 1.4. ...)
	NOT-FOR-US: Unblock Me FREE (aka com.kiragames.unblockmefree) application for Android
CVE-2014-5652 (The Kicksend Photo Prints (aka com.kicksend.android.print) application ...)
	NOT-FOR-US: Kicksend Photo Prints (aka com.kicksend.android.print) application for Android
CVE-2014-5651 (The Kicksend: Share &amp; Print Photos (aka com.kicksend.android) appl ...)
	NOT-FOR-US: Kicksend: Share & Print Photos (aka com.kicksend.android) application for Android
CVE-2014-5650 (The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 ...)
	NOT-FOR-US: Traffic Jam Free (aka com.jiuzhangtech.rushhour) application for Android
CVE-2014-5649 (The iLove - Free Dating &amp; Chat App (aka com.jestadigital.android.i ...)
	NOT-FOR-US: iLove - Free Dating & Chat App (aka com.jestadigital.android.ilove) application for Android
CVE-2014-5648 (The Chat, Flirt &amp; Dating Heart JAUMO (aka com.jaumo) application 2 ...)
	NOT-FOR-US: Chat, Flirt & Dating Heart JAUMO (aka com.jaumo) application for Android
CVE-2014-5647 (The ISL Light Remote Desktop (aka com.islonline.isllight.mobile.androi ...)
	NOT-FOR-US: ISL Light Remote Desktop (aka com.islonline.isllight.mobile.android) application for Android
CVE-2014-5646 (The AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) applicat ...)
	NOT-FOR-US: AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) application for Android
CVE-2014-5645 (The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) applicat ...)
	NOT-FOR-US: CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application for Android
CVE-2014-5644 (The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight. ...)
	NOT-FOR-US: Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application for Android
CVE-2014-5643 (The Instachat -Instagram Messenger (aka com.instachat.android) applica ...)
	NOT-FOR-US: Instachat -Instagram Messenger (aka com.instachat.android) application for Android
CVE-2014-5642 (The IMPI Mobile Security (aka com.impi) application 2.1.0 for Android  ...)
	NOT-FOR-US: IMPI Mobile Security (aka com.impi) application for Android
CVE-2014-5641 (The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for An ...)
	NOT-FOR-US: Cloud Manager (aka com.ileaf.cloud_manager) application for Android
CVE-2014-5640 (The CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) applicat ...)
	NOT-FOR-US: CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) application for Android
CVE-2014-5639 (The ADT Taxis (aka com.icabbi.adttaxisApp) application 6 for Android d ...)
	NOT-FOR-US: ADT Taxis (aka com.icabbi.adttaxisApp) application for Android
CVE-2014-5638 (The Huntington Mobile (aka com.huntington.m) application 2.1.222 for A ...)
	NOT-FOR-US: Huntington Mobile (aka com.huntington.m) application for Android
CVE-2014-5637 (The Eu Sei (aka com.guilardi.eusei) application eusei_android_5.5 for  ...)
	NOT-FOR-US: Eu Sei (aka com.guilardi.eusei) application for Android
CVE-2014-5636 (The Cloud Browser (aka com.granitamalta.cloudbrowser) application 2.2. ...)
	NOT-FOR-US: Cloud Browser (aka com.granitamalta.cloudbrowser) application for Android
CVE-2014-5635 (The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) applicati ...)
	NOT-FOR-US: Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application for Android
CVE-2014-5634 (The Madipass Martinique (aka com.goodbarber.madipassmartinique) applic ...)
	NOT-FOR-US: Madipass Martinique (aka com.goodbarber.madipassmartinique) application for Android
CVE-2014-5633 (The Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) applicatio ...)
	NOT-FOR-US: Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) application for Android
CVE-2014-5632 (The Mega Jump (aka com.getsetgames.megajump) application @7F080002 for ...)
	NOT-FOR-US: Mega Jump (aka com.getsetgames.megajump) application for Android
CVE-2014-5631 (The Video Poker Casino (aka com.geaxgame.videopoker) application 1.0.5 ...)
	NOT-FOR-US: Video Poker Casino (aka com.geaxgame.videopoker) application for Android
CVE-2014-5630 (The Home Repair (aka com.gcspublishing.houserepairtalk) application 3. ...)
	NOT-FOR-US: Home Repair (aka com.gcspublishing.houserepairtalk) application for Android
CVE-2014-5629 (The Stupid Zombies (aka com.gameresort.stupidzombies) application 1.12 ...)
	NOT-FOR-US: Stupid Zombies (aka com.gameresort.stupidzombies) application for Android
CVE-2014-5628 (The Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZ ...)
	NOT-FOR-US: Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZRHM) application for Android
CVE-2014-5627 (The Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) applicat ...)
	NOT-FOR-US: Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) application for Android
CVE-2014-5626 (The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) ...)
	NOT-FOR-US: Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application for Android
CVE-2014-5625 (The Perfect Kick (aka com.gamegou.PerfectKick.google) application 1.3. ...)
	NOT-FOR-US: Perfect Kick (aka com.gamegou.PerfectKick.google) application for Android
CVE-2014-5624 (The Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershoo ...)
	NOT-FOR-US: Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershooter.free) application for Android
CVE-2014-5623 (The penguinchefshop (aka com.freegames.penguinchefshop) application 1. ...)
	NOT-FOR-US: penguinchefshop (aka com.freegames.penguinchefshop) application for Android
CVE-2014-5622 (The Follow Mania for Instagram (aka com.followmania) application 1.2.1 ...)
	NOT-FOR-US: Follow Mania for Instagram (aka com.followmania) application for Android
CVE-2014-5621 (The Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application 1 ...)
	NOT-FOR-US: Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application for Android
CVE-2014-5620 (The Office Jerk Free (aka com.fluik.OfficeJerkFree) application 1.7.13 ...)
	NOT-FOR-US: Office Jerk Free (aka com.fluik.OfficeJerkFree) application for Android
CVE-2014-5619
	REJECTED
CVE-2014-5618 (The Cartoon Camera (aka com.fingersoft.cartooncamera) application 1.2. ...)
	NOT-FOR-US: Cartoon Camera (aka com.fingersoft.cartooncamera) application for Android
CVE-2014-5617 (The Exsoul Web Browser (aka com.exsoul) application 3.3.3 for Android  ...)
	NOT-FOR-US: Exsoul Web Browser (aka com.exsoul) application for Android
CVE-2014-5616 (The Web Browser &amp; Explorer (aka com.explore.web.browser) applicati ...)
	NOT-FOR-US: Web Browser & Explorer (aka com.explore.web.browser) application for Android
CVE-2014-5615 (The Snap Secure (aka com.exclaim.snapsecure.app) application 9.5 for A ...)
	NOT-FOR-US: Snap Secure (aka com.exclaim.snapsecure.app) application for Android
CVE-2014-5614 (The Love Collage - Photo Editor (aka com.etoolkit.lovecollage) applica ...)
	NOT-FOR-US: Love Collage - Photo Editor (aka com.etoolkit.lovecollage) application for Android
CVE-2014-5613 (The Able Remote (aka com.entertailion.android.remote) application 2.3. ...)
	NOT-FOR-US: Able Remote (aka com.entertailion.android.remote) application for Android
CVE-2014-5612 (The Gmarket (aka com.ebay.kr.gmarket) application 5.1.3 for Android do ...)
	NOT-FOR-US: Gmarket (aka com.ebay.kr.gmarket) application for Android
CVE-2014-5611 (The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) applic ...)
	NOT-FOR-US: eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application for Android
CVE-2014-5610 (The ce4arab market (aka com.dreamstep.wce4arabmarket) application 0.12 ...)
	NOT-FOR-US: ce4arab market (aka com.dreamstep.wce4arabmarket) application for Android
CVE-2014-5609 (The Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) appl ...)
	NOT-FOR-US: Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) application for Android
CVE-2014-5608 (The Line Runner (Free) (aka com.djinnworks.linerunnerfree) application ...)
	NOT-FOR-US: Line Runner (Free) (aka com.djinnworks.linerunnerfree) application for Android
CVE-2014-5607 (The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1  ...)
	NOT-FOR-US: Where's My Water? Free (aka com.disney.WMWLite) application for Android
CVE-2014-5606 (The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1  ...)
	NOT-FOR-US: Where's My Perry? Free (aka com.disney.WMPLite) application for Android
CVE-2014-5605 (The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android  ...)
	NOT-FOR-US: QQ Copy (aka com.digimobistudio.qqcopy) application for Android
CVE-2014-5604 (The Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemi ...)
	NOT-FOR-US: Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application for Android
CVE-2014-5603 (The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 ...)
	NOT-FOR-US: DeskRoll Remote Desktop (aka com.deskroll.client1) application for Android
CVE-2014-5602 (The Magzter -Magazine &amp; Book Store (aka com.dci.magzter) applicati ...)
	NOT-FOR-US: Magzter -Magazine & Book Store (aka com.dci.magzter) application for Android
CVE-2014-5601 (The 1800CONTACTS App (aka com.contacts1800.ecomapp) application 2.7.0  ...)
	NOT-FOR-US: 1800CONTACTS App (aka com.contacts1800.ecomapp) application for Android
CVE-2014-5600 (The familyconnect (aka com.comcast.plaxo.familyconnect.app) applicatio ...)
	NOT-FOR-US: familyconnect (aka com.comcast.plaxo.familyconnect.app) application for Android
CVE-2014-5599 (The Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.a ...)
	NOT-FOR-US: Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.android.common) application for Android
CVE-2014-5598 (The Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.glob ...)
	NOT-FOR-US: Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.global.android.common) application for Android
CVE-2014-5597 (The 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freef ...)
	NOT-FOR-US: 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freefull.google.global.android.common) application for Android
CVE-2014-5596 (The Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.go ...)
	NOT-FOR-US: Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.google.global.android.common) application for Android
CVE-2014-5595 (The actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.ka ...)
	NOT-FOR-US: actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.kakao.freefull.google.global.android.common) application for Android
CVE-2014-5594 (The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 fo ...)
	NOT-FOR-US: CIBC Mobile Banking (aka com.cibc.android.mobi) application for Android
CVE-2014-5593 (The Christian Dating Cafe (aka com.christiancafe.mobile.android) appli ...)
	NOT-FOR-US: Christian Dating Cafe (aka com.christiancafe.mobile.android) application for Android
CVE-2014-5592 (The Free Dating Heart COL (aka com.choiceoflove.dating) application 2. ...)
	NOT-FOR-US: Free Dating Heart COL (aka com.choiceoflove.dating) application for Android
CVE-2014-5591 (The Frankly Chat (aka com.chatfrankly.android) application 3.0.1 for A ...)
	NOT-FOR-US: Frankly Chat (aka com.chatfrankly.android) application for Android
CVE-2014-5590 (The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for And ...)
	NOT-FOR-US: Snake Evolution (aka com.btwgames.snake) application for Android
CVE-2014-5589 (The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 applicatio ...)
	NOT-FOR-US: Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application for Android
CVE-2014-5588 (The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for A ...)
	NOT-FOR-US: Free eBooks (aka com.bmfapps.freekindlebooks) application for Android
CVE-2014-5587 (The brokenscreencrank (aka com.biggame.brokenscreencrank) application  ...)
	NOT-FOR-US: brokenscreencrank (aka com.biggame.brokenscreencrank) application for Android
CVE-2014-5586 (The BIATNET (aka com.biatnet.mobile) application 1.1 for Android does  ...)
	NOT-FOR-US: BIATNET (aka com.biatnet.mobile) application for Android
CVE-2014-5585 (The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2 ...)
	NOT-FOR-US: Like4Like: Get Instagram Likes (aka com.bepop.bepop) application for Android
CVE-2014-5584 (The Background Check BeenVerified (aka com.beenverified.android) appli ...)
	NOT-FOR-US: Background Check BeenVerified (aka com.beenverified.android) application for Android
CVE-2014-5583 (The Most Popular Ringtones (aka com.bbs.mostpopularringtones) applicat ...)
	NOT-FOR-US: Most Popular Ringtones (aka com.bbs.mostpopularringtones) application for Android
CVE-2014-5582 (The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for ...)
	NOT-FOR-US: Ingress Intel Helper (aka com.bb.ingressintel) application for Android
CVE-2014-5581 (The mirror photo shape (aka com.baiwang.styleinstamirror) application  ...)
	NOT-FOR-US: mirror photo shape (aka com.baiwang.styleinstamirror) application for Android
CVE-2014-5580 (The BackgroundCheckProTool (aka com.BackgroundCheckProTool) applicatio ...)
	NOT-FOR-US: BackgroundCheckProTool (aka com.BackgroundCheckProTool) application for Android
CVE-2014-5579 (The Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) applica ...)
	NOT-FOR-US: Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) application for Android
CVE-2014-5578 (The Trading 212 FOREX (aka com.avuscapital.trading212) application bef ...)
	NOT-FOR-US: Trading 212 FOREX (aka com.avuscapital.trading212) application for Android
CVE-2014-5577 (The AVON Buy &amp; Sell (aka com.AVONBeautyntheRep) application 0.3 fo ...)
	NOT-FOR-US: AVON Buy & Sell (aka com.AVONBeautyntheRep) application for Android
CVE-2014-5576 (The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3  ...)
	NOT-FOR-US: Avira Secure Backup (aka com.avira.avirabackup) application for Android
CVE-2014-5575
	REJECTED
CVE-2014-5574 (The Ask.fm - Social Q&amp;A Network (aka com.askfm) application 1.2.4  ...)
	NOT-FOR-US: Ask.fm - Social Q&A Network (aka com.askfm) application for Android
CVE-2014-5573 (The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1. ...)
	NOT-FOR-US: Appstros - FREE Gift Cards! (aka com.appstros.main) application for Android
CVE-2014-5572 (The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 f ...)
	NOT-FOR-US: Jazzpodium De Tor (aka com.appmakr.app273713) application for Android
CVE-2014-5571 (The Appeak Poker (aka com.appeak.poker) application 2.4.5 for Android  ...)
	NOT-FOR-US: Appeak Poker (aka com.appeak.poker) application for Android
CVE-2014-5570 (The DailyFinance - Stocks &amp; News (aka com.aol.mobile.dailyFinance) ...)
	NOT-FOR-US: DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application for Android
CVE-2014-5569 (The Star Girl (aka com.animoca.google.starGirl) application 3.4.1 for  ...)
	NOT-FOR-US: Star Girl (aka com.animoca.google.starGirl) application for Android
CVE-2014-5568 (The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) applicat ...)
	NOT-FOR-US: Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application for Android
CVE-2014-5567 (The hasb_e_haal (aka com.anawaz.hasb_e_haal) application 1.0.9 for And ...)
	NOT-FOR-US: hasb_e_haal (aka com.anawaz.hasb_e_haal) application for Android
CVE-2014-5566 (The Selfshot - Front Flash Camera (aka com.americos.selfshot) applicat ...)
	NOT-FOR-US: Selfshot - Front Flash Camera (aka com.americos.selfshot) application for Android
CVE-2014-5565 (The GadgetTrak Mobile Security (aka com.activetrak.android.app) applic ...)
	NOT-FOR-US: GadgetTrak Mobile Security (aka com.activetrak.android.app) application for Android
CVE-2014-5564 (The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 ...)
	NOT-FOR-US: Angry Gran Toss (aka com.aceviral.angrygrantoss) application for Android
CVE-2014-5563 (The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 f ...)
	NOT-FOR-US: Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application for Android
CVE-2014-5562 (The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) a ...)
	NOT-FOR-US: Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application for Android
CVE-2014-5561 (The Word Search Free (aka air.wordSearchFree) application 4.9 for Andr ...)
	NOT-FOR-US: Word Search Free (aka air.wordSearchFree) application for Android
CVE-2014-5560 (The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04  ...)
	NOT-FOR-US: Popscene (Music Industry Sim) (aka air.Popscene) application for Android
CVE-2014-5559 (The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) a ...)
	NOT-FOR-US: Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application for Android
CVE-2014-5558 (The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for An ...)
	NOT-FOR-US: Hard Time (Prison Sim) (aka air.HardTime) application for Android
CVE-2014-5557 (The America's Economy for Phone (aka air.gov.census.mobile.phone.ameri ...)
	NOT-FOR-US: America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application for Android
CVE-2014-5556 (The Fly Fishing &amp; Fly Tying (aka air.com.yudu.ReaderAIR3209899) ap ...)
	NOT-FOR-US: Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application for Android
CVE-2014-5555 (The Counting &amp; Addition Kids Games (aka air.com.tribalnova.ilearnw ...)
	NOT-FOR-US: Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application for Android
CVE-2014-5554 (The Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.i ...)
	NOT-FOR-US: Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application for Android
CVE-2014-5553 (The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.i ...)
	NOT-FOR-US: Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application for Android
CVE-2014-5552 (The Numbers &amp; Addition! Math games (aka air.com.tribalnova.ilearnw ...)
	NOT-FOR-US: Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application for Android
CVE-2014-5551 (The Alphabet &amp; Spelling Kids Games (aka air.com.tribalnova.ilearnw ...)
	NOT-FOR-US: Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application for Android
CVE-2014-5550 (The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) app ...)
	NOT-FOR-US: Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application for Android
CVE-2014-5549 (The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) applicatio ...)
	NOT-FOR-US: Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application for Android
CVE-2014-5548 (The Christmas Words (aka air.com.sevenBulls.summerWords) application 1 ...)
	NOT-FOR-US: Christmas Words (aka air.com.sevenBulls.summerWords) application for Android
CVE-2014-5547 (The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) applic ...)
	NOT-FOR-US: Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application for Android
CVE-2014-5546 (The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application ...)
	NOT-FOR-US: Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application for Android
CVE-2014-5545 (The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android d ...)
	NOT-FOR-US: Sprint jump (aka air.com.ilaz.appilas) application for Android
CVE-2014-5544 (The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for ...)
	NOT-FOR-US: SongPop (aka air.com.freshplanet.games.WaM) application for Android
CVE-2014-5543 (The Hidden Object - Alice Free (aka air.com.differencegames.hovisionso ...)
	NOT-FOR-US: Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application for Android
CVE-2014-5542 (The Hidden Object Mystery (aka air.com.differencegames.hodetectivemyst ...)
	NOT-FOR-US: Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application for Android
CVE-2014-5541 (The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladd ...)
	NOT-FOR-US: Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application for Android
CVE-2014-5540 (The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Andr ...)
	NOT-FOR-US: Flick a Trade (aka air.com.cygnecode.fat) application for Android
CVE-2014-5539 (The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) appli ...)
	NOT-FOR-US: Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application for Android
CVE-2014-5538 (The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115)  ...)
	NOT-FOR-US: Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application for Android
CVE-2014-5537 (The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2)  ...)
	NOT-FOR-US: Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application for Android
CVE-2014-5536 (The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) appli ...)
	NOT-FOR-US: Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application for Android
CVE-2014-5535 (The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application ...)
	NOT-FOR-US: Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application for Android
CVE-2014-5534 (The Princess Shopping (aka air.android.PrincessShopping) application 2 ...)
	NOT-FOR-US: Princess Shopping (aka air.android.PrincessShopping) application for Android
CVE-2014-5533
	REJECTED
CVE-2014-5532 (The Honolulu (aka adidas.jp.android.running.honolulu) application 2 fo ...)
	NOT-FOR-US: Honolulu (aka adidas.jp.android.running.honolulu) application for Android
CVE-2014-5531 (The Abode (aka abode.webview) application 1.7 for Android does not ver ...)
	NOT-FOR-US: Abode (aka abode.webview) application for Android
CVE-2014-5530
	REJECTED
CVE-2014-5529 (The Gameloft library for Android does not verify X.509 certificates fr ...)
	NOT-FOR-US: Gameloft library for Android
CVE-2014-5528 (The Appsflyer library for Android does not verify X.509 certificates f ...)
	NOT-FOR-US: Appsflyer library for Android
CVE-2014-5527 (The Tapjoy library for Android does not verify X.509 certificates from ...)
	NOT-FOR-US: Tapjoy library for Android
CVE-2014-5526 (The Inmobi library for Android does not verify X.509 certificates from ...)
	NOT-FOR-US: Inmobi library for Android
CVE-2014-5525 (The MoMinis library for Android does not verify X.509 certificates fro ...)
	NOT-FOR-US: MoMinis library for Android
CVE-2014-5524 (The Adcolony library for Android does not verify X.509 certificates fr ...)
	NOT-FOR-US: Adcolony library for Android
CVE-2014-5523
	REJECTED
CVE-2014-5522
	REJECTED
CVE-2014-5521 (plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows  ...)
	NOT-FOR-US: XRMS CRM
CVE-2014-5520 (SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remot ...)
	NOT-FOR-US: XRMS CRM
CVE-2014-5518
	RESERVED
CVE-2014-5517
	RESERVED
CVE-2014-5516 (Cross-site request forgery (CSRF) vulnerability in the Storefront Appl ...)
	NOT-FOR-US: KonaKart
CVE-2014-5515
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5514
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5513
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5512
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5511
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5510
	RESERVED
CVE-2014-5508 (Multiple integer overflows in the HelpServ module (mod-helpserv.c) in  ...)
	NOT-FOR-US: srvx (irc services)
CVE-2014-5507 (iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Co ...)
	NOT-FOR-US: iBackup
CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote attacke ...)
	NOT-FOR-US: SAP Crystal Reports
CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows remote attac ...)
	NOT-FOR-US: SAP Crystal Reports
CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses "static" credentials, ...)
	NOT-FOR-US: SolarWinds
CVE-2014-5503 (SQL injection vulnerability in the Guest Login Portal in the Sophos Cy ...)
	NOT-FOR-US: Sophos Cyberoam CyberoamOS
CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows ...)
	NOT-FOR-US: Sophos Cyberoam CyberoamOS
CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos Cybe ...)
	NOT-FOR-US: Sophos Cyberoam CyberoamOS
CVE-2014-5500 (Synacor Zimbra Collaboration before 8.0.8 has XSS. ...)
	NOT-FOR-US: Synacor Zimbra Collaboration
CVE-2014-5499
	RESERVED
CVE-2014-5498
	RESERVED
CVE-2014-5497
	RESERVED
CVE-2014-5496
	RESERVED
CVE-2014-5495
	RESERVED
CVE-2014-5494
	RESERVED
CVE-2014-5493
	RESERVED
CVE-2014-5492
	RESERVED
CVE-2014-5491
	RESERVED
CVE-2014-5490
	RESERVED
CVE-2014-5489
	RESERVED
CVE-2014-5488
	RESERVED
CVE-2014-5487
	RESERVED
CVE-2014-5486
	RESERVED
CVE-2014-5485
	RESERVED
CVE-2014-5484
	RESERVED
CVE-2014-5483
	RESERVED
CVE-2014-5482
	RESERVED
CVE-2014-5481
	RESERVED
CVE-2014-5480
	RESERVED
CVE-2014-5479
	RESERVED
CVE-2014-5478
	RESERVED
CVE-2014-5477
	RESERVED
CVE-2014-5476
	RESERVED
CVE-2014-5475
	RESERVED
CVE-2014-5474
	RESERVED
CVE-2014-5473
	RESERVED
CVE-2014-5470
	RESERVED
CVE-2014-5469
	RESERVED
CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...)
	NOT-FOR-US: Railo
CVE-2014-5467
	RESERVED
CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk We ...)
	NOT-FOR-US: Splunk
CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the Downloa ...)
	NOT-FOR-US: WordPress plugin Download Shortcode
CVE-2014-5463
	RESERVED
CVE-2014-5462 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and  ...)
	NOT-FOR-US: OpenEMR
CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow Gall ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2013-7399
	RESERVED
CVE-2010-5304 (A NULL pointer dereference flaw was found in the way LibVNCServer befo ...)
	NOT-FOR-US: RealVNC
CVE-2014-6269 (Multiple integer overflows in the http_request_forward_body function i ...)
	- haproxy 1.5.4-1
	[squeeze] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: http://article.gmane.org/gmane.comp.web.haproxy/17726
	NOTE: http://article.gmane.org/gmane.comp.web.haproxy/18097
	NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c
CVE-2014-5256 (Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider th ...)
	- nodejs 0.10.38~dfsg-1 (unimportant; bug #760385)
CVE-2014-7402 (The SK encar (aka com.encardirect.app) application @7F050000 for Andro ...)
	NOT-FOR-US: SK encar (aka com.encardirect.app) application for Android
CVE-2013-7402 (Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allo ...)
	{DSA-3101-1}
	- c-icap 1:0.3.1-1
	NOTE: http://sourceforge.net/p/c-icap/code/1018/
	NOTE: http://sourceforge.net/p/c-icap/code/1021
CVE-2013-7401 (The parse_request function in request.c in c-icap 0.2.x allows remote  ...)
	{DSA-3101-1}
	- c-icap 1:0.3.1-1
	NOTE: http://sourceforge.net/p/c-icap/bugs/59/
	NOTE: http://sourceforge.net/p/c-icap/code/1018/
CVE-2014-6070 (Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnal ...)
	- loganalyzer 3.6.6+dfsg-1 (bug #760372)
CVE-2014-6029 (TorrentFlux 2.4 allows remote authenticated users to delete or modify  ...)
	- torrentflux <removed> (bug #759573)
	[wheezy] - torrentflux <no-dsa> (Minor issue)
	[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6028 (TorrentFlux 2.4 allows remote authenticated users to obtain other user ...)
	- torrentflux <removed> (bug #759573)
	[wheezy] - torrentflux <no-dsa> (Minor issue)
	[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6027 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 ...)
	- torrentflux <removed> (bug #759574)
	[wheezy] - torrentflux <no-dsa> (Minor issue)
	[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6040 (GNU C Library (aka glibc) before 2.20 allows context-dependent attacke ...)
	{DSA-3142-1 DLA-97-1}
	- glibc 2.19-12
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17325
	NOTE: https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
CVE-2014-5519 (The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execut ...)
	- phpwiki <removed>
CVE-2014-5509 (clipedit in the Clipboard module for Perl allows local users to delete ...)
	- libclipboard-perl <not-affected> (Fixed with initial upload to Debian)
CVE-2014-5458 (SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remo ...)
	NOT-FOR-US: php-sqrl
CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-R ...)
	NOT-FOR-US: QNAP
CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module be ...)
	NOT-FOR-US: Drupal Social Stats module
CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service pr ...)
	NOT-FOR-US: PrivateTunnel as bundled in OpenVPN
CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in S ...)
	NOT-FOR-US: SAS Visual Analytics
CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Ful ...)
	NOT-FOR-US: Ubisoft Uplay PC
CVE-2014-5452 (CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibili ...)
	NOT-FOR-US: HL7 C-CDA
CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in manager/templates/default/ ...)
	NOT-FOR-US: MODX Revolution
CVE-2014-5446 (Directory traversal vulnerability in the DisplayChartPDF servlet in ZO ...)
	NOT-FOR-US: ZOHO
CVE-2014-5445 (Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine  ...)
	NOT-FOR-US: ZOHO
CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning when a TLS ...)
	- geary 0.6.3-1
	NOTE: Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=713247
	NOTE: Upstream fix: https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e
CVE-2014-5442
	RESERVED
CVE-2014-5441 (Multiple cross-site scripting (XSS) vulnerabilities in app/views/layou ...)
	NOT-FOR-US: Fat Free CRM
CVE-2014-5440 (SQL injection vulnerability in Login.aspx in MPEX Business Solutions M ...)
	NOT-FOR-US: MX-SmartTimer
CVE-2014-5439 (Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit ...)
	{DLA-713-1}
	- sniffit 0.3.7.beta-20 (bug #845122)
	[jessie] - sniffit 0.3.7.beta-17+deb8u1
	NOTE: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT ...)
	NOT-FOR-US: Arris Touchstone
CVE-2014-5437 (Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS To ...)
	NOT-FOR-US: Arris Touchstone
CVE-2014-5436 (A directory traversal vulnerability exists in the confd.exe module in  ...)
	NOT-FOR-US: Honeywell
CVE-2014-5435 (An arbitrary memory write vulnerability exists in the dual_onsrv.exe m ...)
	NOT-FOR-US: Honeywell
CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
	NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5433 (An unauthenticated remote attacker may be able to execute commands to  ...)
	NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5432 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
	NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5431 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
	NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.6 ...)
	NOT-FOR-US: ABB RobotStudio
CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and  ...)
	NOT-FOR-US: Elipse SCADA
CVE-2014-5428 (Unrestricted file upload vulnerability in unspecified web services in  ...)
	NOT-FOR-US: Johnson Controls Metasys
CVE-2014-5427 (Johnson Controls Metasys 4.1 through 6.5, as used in Application and D ...)
	NOT-FOR-US: Johnson Controls Metasys
CVE-2014-5426 (MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attack ...)
	NOT-FOR-US: MatrikonOPC
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
	NOT-FOR-US: IOServer
CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before 7.00.0 ...)
	NOT-FOR-US: Rockwell Automation Connected Components Workbench
CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0. ...)
	NOT-FOR-US: CareFusion
CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0. ...)
	NOT-FOR-US: CareFusion
CVE-2014-5421 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and  ...)
	NOT-FOR-US: CareFusion
CVE-2014-5420 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0. ...)
	NOT-FOR-US: CareFusion
CVE-2014-5419 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware  ...)
	NOT-FOR-US: GE Multilink
CVE-2014-5418 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware  ...)
	NOT-FOR-US: GE Multilink
CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmwa ...)
	NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices
CVE-2014-5416
	REJECTED
CVE-2014-5415 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device Sp ...)
	NOT-FOR-US: Beckhoff Embedded PC image
CVE-2014-5414 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device Sp ...)
	NOT-FOR-US: Beckhoff Embedded PC image
CVE-2014-5413 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 throug ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5412 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 throug ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5411 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider Elect ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5410 (The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400  ...)
	NOT-FOR-US: MicroLogix controller
CVE-2014-5409 (The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE D ...)
	NOT-FOR-US: GE Digital Energy Hydran
CVE-2014-5408 (Cross-site scripting (XSS) vulnerability in the login script in the Wi ...)
	NOT-FOR-US: Nordex Control 2
CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2. ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5406 (The Hospira LifeCare PCA Infusion System before 7.0 does not validate  ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to contr ...)
	NOT-FOR-US: Hospira MedNet
CVE-2014-5404
	REJECTED
CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protec ...)
	NOT-FOR-US: Hospira MedNet
CVE-2014-5402
	REJECTED
CVE-2014-5401 (Hospira MedNet software version 5.8 and prior uses vulnerable versions ...)
	NOT-FOR-US: Hospira
CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places clearte ...)
	NOT-FOR-US: Hospira MedNet
CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware Informati ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1  ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5397 (Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderw ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...)
	NOT-FOR-US: Schrack Technik microControl
CVE-2014-5395 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei H ...)
	NOT-FOR-US: Huawei Routers
CVE-2014-5394 (Multiple Huawei Campus switches allow remote attackers to enumerate us ...)
	NOT-FOR-US: Huawei
CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations Cente ...)
	NOT-FOR-US: JobScheduler
CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before 1.6.424 ...)
	NOT-FOR-US: JobScheduler
CVE-2014-5391 (Cross-site scripting (XSS) vulnerability in the JobScheduler Operation ...)
	NOT-FOR-US: JobScheduler
CVE-2014-5390
	RESERVED
CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the Conte ...)
	NOT-FOR-US: WordPress plugin Content Audit
CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine be ...)
	NOT-FOR-US: EllisLab ExpressionEngine Core
CVE-2014-5386 (The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cp ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5  ...)
	NOT-FOR-US: Shopizer
CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6  ...)
	NOT-FOR-US: iconv system library of FreeBSD and NetBSD
CVE-2014-5383 (SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function  ...)
	NOT-FOR-US: TimThumb
CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb b ...)
	NOT-FOR-US: TimThumb
CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1 ...)
	NOT-FOR-US: TimThumb
CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
	{DLA-103-1}
	- linux 3.16.2-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
	NOTE: commit contained first in v3.17-rc2
CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal ...)
	{DLA-103-1}
	- linux 3.16.2-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
	NOTE: commit contained first in v3.17-rc2
CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic classific ...)
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ...)
	- php5 <removed> (unimportant; bug #682157; bug #759282)
	NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
	NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
	NOTE: Neutralised by kernel hardening
CVE-2014-5450 (Zarafa Collaboration Platform 4.1 uses world-readable permissions for  ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for th ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5448 (Zarafa 5.00 uses world-readable permissions for the files in the log d ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644 ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5443 (Seafile Server before 3.1.2 and Server Professional Edition before 3.1 ...)
	- seafile <not-affected> (Fixed before initial upload to the archive)
CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug inte ...)
	- qemu 2.1+dfsg-5
	[squeeze] - qemu <not-affected> (Introduced in 1.7)
	[wheezy] - qemu <not-affected> (Introduced in 1.7)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Introduced in 1.7)
	[wheezy] - qemu-kvm <not-affected> (Introduced in 1.7)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
	NOTE: Introduced in  http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Schrack Technik microControl
CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...)
	NOT-FOR-US: Grand MA 300
CVE-2014-5380 (Grand MA 300 allows retrieval of the access PIN from sniffed data. ...)
	NOT-FOR-US: Grand MA 300
CVE-2014-5379
	RESERVED
CVE-2014-5378
	RESERVED
CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 bui ...)
	NOT-FOR-US: ManageEngine DeviceExpert
CVE-2014-5376 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-ge ...)
	NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5375 (The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0  ...)
	NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5374
	RESERVED
CVE-2014-5373
	RESERVED
CVE-2014-5372
	RESERVED
CVE-2014-5371
	RESERVED
CVE-2014-5370 (Directory traversal vulnerability in the CFChart servlet (com.naryx.ta ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption  ...)
	- enigmail 2:1.7.2-1
	[wheezy] - enigmail <not-affected> (Introduced in 1.7)
	[squeeze] - enigmail <not-affected> (Introduced in 1.7)
	NOTE: http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#b315
	NOTE: and http://sourceforge.net/p/enigmail/bugs/294/
	NOTE: fixed in 1.7.1 and 1.8.0 upstream (not yet released)
CVE-2014-5367
	REJECTED
CVE-2014-5366
	RESERVED
CVE-2014-5365
	RESERVED
CVE-2014-5364
	RESERVED
CVE-2014-5363
	RESERVED
CVE-2014-5362 (The admin interface in Landesk Management Suite 9.6 and earlier allows ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk  ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in LAN ...)
	NOT-FOR-US: LANDESK Management Suite
CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service (S ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2014-5358
	RESERVED
CVE-2014-5357
	RESERVED
CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a kr ...)
	{DLA-1265-1}
	- krb5 1.12.1+dfsg-18 (bug #778647)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
CVE-2014-5354 (plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka  ...)
	- krb5 1.12.1+dfsg-16 (bug #773228)
	[wheezy] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
	[squeeze] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap ...)
	{DLA-1265-1}
	- krb5 1.12.1+dfsg-16 (bug #773226)
	[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to trigger crash)
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
CVE-2014-5352 (The krb5_gss_process_context_token function in lib/gssapi/krb5/process ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-5351 (The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal. ...)
	{DLA-1265-1}
	- krb5 1.12.1+dfsg-10 (bug #762479)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
CVE-2014-5350 (Multiple directory traversal vulnerabilities in Bitdefender GravityZon ...)
	NOT-FOR-US: Bitdefender GravityZone
CVE-2014-5349 (Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allo ...)
	NOT-FOR-US: Baidu Spark Browser
CVE-2014-5348 (Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in  ...)
	NOT-FOR-US: Riverbed Stingray Traffic Manager Virtual Appliance
CVE-2014-5347 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Disq ...)
	NOT-FOR-US: Disqus Comment System plugin for WordPress
CVE-2014-5346 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Disq ...)
	NOT-FOR-US: Disqus Comment System plugin for WordPress
CVE-2014-5345 (Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus  ...)
	NOT-FOR-US: Disqus Comment System plugin for WordPress
CVE-2014-5344 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (m ...)
	NOT-FOR-US: Mobiloud (mobiloud-mobile-app-plugin) plugin for WordPress
CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote  ...)
	NOT-FOR-US: Feng Office
CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows re ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-5341 (The SFTP external storage driver (files_external) in ownCloud Server b ...)
	- owncloud 7~20140504+dfsg-1
	NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019
CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...)
	- check-mk 1.2.6p4-1 (bug #758883)
	[wheezy] - check-mk <not-affected> (does not use pickle, vulnerable code not present)
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=192d41525502dc8de10ac99f57bd988450c17566
	NOTE: introduces incompatible changes to older versions, see https://bugzilla.redhat.com/show_bug.cgi?id=1132337#c2
CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authent ...)
	- check-mk 1.2.6p4-1 (bug #758883)
	[wheezy] - check-mk <not-affected>  (Vulnerable code not present)
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18
CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite c ...)
	- check-mk 1.2.6p4-1 (bug #758883)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=076468b10e660abdeaaaa6c459a4aa3ce8e07
CVE-2014-5337 (The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not p ...)
	NOT-FOR-US: WordPress plugin Mobile Pack
CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in innovaph ...)
	NOT-FOR-US: innovaphone PBX
CVE-2014-5334 (FreeNAS before 9.3-M3 has a blank admin password, which allows remote  ...)
	NOT-FOR-US: FreeNAS
CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local ...)
	- linux <not-affected> (drivers/video/tegra not present)
	NOTE: http://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html
CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote attack ...)
	NOT-FOR-US: Aflax
CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows remote att ...)
	NOT-FOR-US: BirdBlog
CVE-2014-5329
	RESERVED
CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 router  ...)
	NOT-FOR-US: Huawei router
CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332 router  ...)
	NOT-FOR-US: Huawei router
CVE-2014-5326 (Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR)  ...)
	- dwr <itp> (bug #601517)
CVE-2014-5325 (The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) X ...)
	- dwr <itp> (bug #601517)
CVE-2014-5324 (Unrestricted file upload vulnerability in the N-Media file uploader pl ...)
	NOT-FOR-US: N-Media file uploader plugin for WordPress
CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) applicatio ...)
	NOT-FOR-US: Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application for Android
CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish fu ...)
	NOT-FOR-US: FileMaker Pro
CVE-2014-5321 (FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.5 ...)
	NOT-FOR-US: FileMaker Pro
CVE-2014-5320 (The Bump application for Android does not properly handle implicit int ...)
	NOT-FOR-US: Bump application for Android
CVE-2014-5319 (Directory traversal vulnerability in the S-Link SLFileManager applicat ...)
	NOT-FOR-US: S-Link SLFileManager application for Android
CVE-2014-5318 (The jigbrowser+ application 1.8.1 and earlier for iOS allows remote at ...)
	NOT-FOR-US: jigbrowser+ application for iOS
CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11  ...)
	NOT-FOR-US: php365.com components
CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allo ...)
	- dotclear 2.6.4+dfsg-1
CVE-2014-5315 (Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acr ...)
	NOT-FOR-US: Adobe
CVE-2014-5314 (Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 an ...)
	NOT-FOR-US: Cybozu Office
CVE-2014-5313 (Cross-site scripting (XSS) vulnerability in the management page in Six ...)
	- movabletype-opensource <removed>
	[wheezy] - movabletype-opensource <end-of-life> (Not supported in Wheezy)
CVE-2014-5461 (Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5. ...)
	{DSA-3016-1 DSA-3015-1 DLA-47-1}
	- lua5.1 5.1.5-7
	- lua5.2 5.2.3-1
	NOTE: http://www.lua.org/bugs.html#5.2.2-1
	NOTE: fixed in 5.2.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1132304#c7
CVE-2014-5368 (Directory traversal vulnerability in the file_get_contents function in ...)
	NOT-FOR-US: WordPress plugin wp-source-control
CVE-2014-5333 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
	NOTE: assignment not from Adobe, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-5333
CVE-2014-5356 (OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4 ...)
	- glance 2014.1.3-1
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: Versions: up to 2013.2.3 and 2014.1 to 2014.1.2
CVE-2014-5336 (Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT)  ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2014-5312
	RESERVED
CVE-2014-5311
	RESERVED
CVE-2014-5310
	RESERVED
CVE-2014-5309
	RESERVED
CVE-2014-5308 (Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote ...)
	NOT-FOR-US: TestLink
CVE-2014-5307 (Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Pan ...)
	NOT-FOR-US: Panda Security
CVE-2014-5306
	RESERVED
CVE-2014-5305
	RESERVED
CVE-2014-5304
	RESERVED
CVE-2014-5303
	RESERVED
CVE-2014-5302 (Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5  ...)
	NOT-FOR-US: ManageEngine components
CVE-2014-5301 (Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v ...)
	NOT-FOR-US: ManageEngine components
CVE-2014-5300 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote  ...)
	NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5299
	RESERVED
CVE-2014-5298 (FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on c ...)
	NOT-FOR-US: X2Engine
CVE-2014-5297 (The actionSendErrorReport method in protected/controllers/SiteControll ...)
	NOT-FOR-US: X2Engine
CVE-2014-5296
	RESERVED
CVE-2014-5295
	RESERVED
CVE-2014-5294
	RESERVED
CVE-2014-5293
	RESERVED
CVE-2014-5292
	RESERVED
CVE-2014-5291
	RESERVED
CVE-2014-5290
	RESERVED
CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...)
	NOT-FOR-US: Senkas Kolibri
CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via uns ...)
	NOT-FOR-US: Kemp Load Master
CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...)
	NOT-FOR-US: Kemp Load Master
CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...)
	NOT-FOR-US: TIBCO
CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO Spotfi ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with pred ...)
	- ossec-hids <itp> (bug #361954)
CVE-2014-5283
	RESERVED
CVE-2014-5282 (Docker before 1.3 does not properly validate image IDs, which allows r ...)
	- docker.io 1.3.0~dfsg1-1
CVE-2014-5281
	RESERVED
CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct cross-site req ...)
	NOT-FOR-US: boot2docker
CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier improperly en ...)
	NOT-FOR-US: boot2docker
CVE-2014-5278 (A vulnerability exists in Docker before 1.2 via container names, which ...)
	- docker.io 1.2.0~dfsg1-1
CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when  ...)
	- docker.io 1.3.1~dfsg1-1
	NOTE: https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
CVE-2014-5276 (Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms  ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2014-5275 (Multiple SQL injection vulnerabilities in includes/functions.php in Pr ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2014-5264
	RESERVED
CVE-2014-5259 (Cross-site scripting (XSS) vulnerability in cattranslate.php in the Ca ...)
	NOT-FOR-US: BlackCat CMS
CVE-2014-5258 (Directory traversal vulnerability in showTempFile.php in webEdition CM ...)
	NOT-FOR-US: webEdition CMS
CVE-2014-5257 (Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms befor ...)
	NOT-FOR-US: Forma Lms
CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows  ...)
	NOT-FOR-US: MyBB
CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_C ...)
	NOT-FOR-US: Shenzhen Tenda Technology Tenda A5s router
CVE-2014-5245
	RESERVED
CVE-2014-5244
	RESERVED
CVE-2014-5239 (The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Andr ...)
	NOT-FOR-US: Microsoft
CVE-2014-5238 (XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite  ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the documentconver ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-5236 (Multiple absolute path traversal vulnerabilities in documentconverter  ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
	NOT-FOR-US: Open-Xchange
CVE-2012-6654 (Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier al ...)
	NOT-FOR-US: ZPanel
CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page i ...)
	- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-9/
	NOTE: Version 3.x uses the browser-provided confirmation window and not custom HTML.
CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-8/
	NOTE: Most of the affected Javascript files do not exist on version 3.3 and 3.4.
	NOTE: Those that do do not contain the problematic code.
CVE-2014-5268 (The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote att ...)
	NOT-FOR-US: Drupal addon
CVE-2014-5250 (Unspecified vulnerability in the AJAX autocompletion callback in the B ...)
	NOT-FOR-US: Drupal addon
CVE-2014-5249 (SQL injection vulnerability in the "Biblio self autocomplete" submodul ...)
	NOT-FOR-US: Drupal addon
CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows con ...)
	{DSA-3142-1 DLA-97-1}
	- glibc 2.17-1
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
CVE-2012-6655 (An issue exists AccountService 0.6.37 in the user_change_password_auth ...)
	- accountsservice <unfixed> (low; bug #757912)
	[buster] - accountsservice <ignored> (Minor issue)
	[stretch] - accountsservice <ignored> (Minor issue)
	[jessie] - accountsservice <ignored> (Minor issue)
	[wheezy] - accountsservice <ignored> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000
CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x be ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
	NOTE: <lu_zero> Does not apply to Libav at all.
CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in libavcodec/ ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:11-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
	NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1
	NOTE: https://git.libav.org/?p=libav.git;a=commitdiff;h=45ce880a9b3e50cfa088f111dffaf8685bd7bc6b
CVE-2014-5262 (SQL injection vulnerability in the graph settings script (graph_settin ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-8
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
CVE-2014-5261 (The graph settings script (graph_settings.php) in Cacti 0.8.8b and ear ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-8
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
CVE-2014-4274 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...)
	{DSA-3054-1 DLA-75-1}
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.39-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: Fix MySQL: https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638
	NOTE: Fix MariaDB: https://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/4261?sort=date#storage/myisam/ha_myisam.cc
CVE-2014-5270 (Libgcrypt before 1.5.4, as used in GnuPG and other products, does not  ...)
	{DSA-3073-1 DSA-3024-1 DLA-93-1 DLA-54-1}
	- gnupg 1.4.16-1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496
	- libgcrypt11 1.5.4-1
	- libgcrypt20 1.6.0-2
	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
CVE-2014-5267 (modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31  ...)
	{DSA-2999-1}
	- drupal7 7.31-1
CVE-2014-5266 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...)
	{DSA-3001-1 DSA-2999-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9
	- drupal7 7.31-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2014-004
CVE-2014-5265 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...)
	{DSA-3001-1 DSA-2999-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9
	- drupal7 7.31-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2014-004
CVE-2014-5253 (OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno befo ...)
	- keystone 2014.1.2.1-1
	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
	NOTE: https://launchpad.net/bugs/1349597
	NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=317f9d34b4da20c21edd5b851889298b67c843e1
CVE-2014-5252 (The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 ...)
	- keystone 2014.1.2.1-1
	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
	NOTE: https://launchpad.net/bugs/1348820
	NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
CVE-2014-5251 (The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x befor ...)
	- keystone 2014.1.2.1-1
	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
	NOTE: https://launchpad.net/bugs/1347961
	NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6cbf835542d62e6e5db4b4aef7141b1731cad9dc
CVE-2014-5263 (vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not termina ...)
	- qemu 2.1+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: patch http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56
CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash charact ...)
	{DLA-61-1}
	- libplack-perl 1.0031-1
	[wheezy] - libplack-perl 0.9989-1+deb7u1
	NOTE: https://github.com/plack/Plack/issues/405
CVE-2014-5255 (xcfa before 5.0.1 creates temporary files insecurely which could allow ...)
	- xcfa 5.0.1-1 (unimportant; bug #756600)
	NOTE: Neutralised by kernel temp hardening
CVE-2014-5254 (xcfa before 5.0.1 creates temporary files insecurely which could allow ...)
	- xcfa 5.0.1-1 (unimportant; bug #756600)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-XXXX [Enforce use of HTTPS for MathJax in IPython]
	- ipython 0.12-1
	[wheezy] - ipython <no-dsa> (Minor issue)
	[squeeze] - ipython <not-affected> (Affects versions <= 2.1 and >= 0.12)
	NOTE: https://github.com/ipython/ipython/issues/6246
	NOTE: patch: https://github.com/ipython/ipython/commit/f58dabb277d0cdfb603d46cd01fcf29819ae7613
	NOTE: in Debian patch to use mathjax from system was added right away in version 0.12
CVE-2014-5260 (The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow ...)
	- libxml-dt-perl 0.66-1 (bug #756566)
	[wheezy] - libxml-dt-perl <no-dsa> (Minor issue)
	[squeeze] - libxml-dt-perl <not-affected> (Vulnerable code introduced later)
CVE-2014-6060 (The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allow ...)
	- dhcpcd5 6.0.5-2 (low; bug #770043)
	[wheezy] - dhcpcd5 5.5.6-1+deb7u1
	- dhcpcd <not-affected> (Affects dhcpcd 4.0.0 to 6.4.2)
	NOTE: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
CVE-2014-5243 (MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.2 ...)
	{DSA-3011-1}
	- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65778
CVE-2014-5242 (Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagin ...)
	- mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=66608
	NOTE: Introduced in 1.22wmf14, https://bugzilla.wikimedia.org/show_bug.cgi?id=66608#c18
CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki befo ...)
	{DSA-3011-1}
	- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=68187
CVE-2014-5233 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows  ...)
	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
CVE-2014-5232 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows  ...)
	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
CVE-2014-5231 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows  ...)
	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
CVE-2014-5230
	REJECTED
CVE-2014-5229
	REJECTED
CVE-2014-5228
	REJECTED
CVE-2014-5227
	REJECTED
CVE-2014-5226
	REJECTED
CVE-2014-5225
	REJECTED
CVE-2014-5224
	REJECTED
CVE-2014-5223
	REJECTED
CVE-2014-5222
	REJECTED
CVE-2014-5221
	REJECTED
CVE-2014-5220 (The mdcheck script of the mdadm package for openSUSE 13.2 prior to ver ...)
	- mdadm 3.3.4-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=910500
	NOTE: https://github.com/mapcollab/mdadm/commit/979b1feb093b1c2e0f8b58716329f2da092741d4
	NOTE: misc/mdcheck not installed into binary packages
CVE-2014-5219
	RESERVED
CVE-2014-5218
	RESERVED
CVE-2014-5217 (Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc  ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5216 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Ma ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5215 (NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenti ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5214 (nps/servlet/webacc in iManager in the Administration Console server in ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5213 (nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonito ...)
	NOT-FOR-US: Novell eDirectory
CVE-2014-5212 (Cross-site scripting (XSS) vulnerability in nds/search/data in iMonito ...)
	NOT-FOR-US: Novell eDirectory
CVE-2014-5211 (Stack-based buffer overflow in the Attachmate Reflection FTP Client be ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-5209 (An Information Disclosure vulnerability exists in NTP 4.2.7p25 private ...)
	- ntp 1:4.2.8p3+dfsg-1
	[jessie] - ntp <ignored> (can be worked around by disabling mode in configuration)
	NOTE: Starting with 4.2.8, mode 7 is marked as deprecated and disabled by default,
	NOTE: treat this as the fixed version here.
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=4eae26a46gF81Tr6RRrYnf6jWhVo0g
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=4eb4b512O-jx-s-epS2A75g9mitvfQ
CVE-2014-5208 (BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 30 ...)
	NOT-FOR-US: Batch Management Packages in Yokogawa and Exaopc
CVE-2014-5202 (Cross-site scripting (XSS) vulnerability in compfight-search.php in th ...)
	NOT-FOR-US: WordPress plugin compfight
CVE-2014-5201 (SQL injection vulnerability in the Gallery Objects plugin 0.4 for Word ...)
	NOT-FOR-US: WordPress plugin gallery-objects
CVE-2014-5200 (SQL injection vulnerability in game_play.php in the FB Gorilla plugin  ...)
	NOT-FOR-US: WordPress plugin fbgorilla
CVE-2014-5199 (Cross-site request forgery (CSRF) vulnerability in the WordPress File  ...)
	NOT-FOR-US: WordPress plugin wp-file-upload
CVE-2014-5198 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk
CVE-2014-5197 (Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd ...)
	NOT-FOR-US: Splunk
CVE-2014-5196 (Cross-site request forgery (CSRF) vulnerability in improved-user-searc ...)
	NOT-FOR-US: WordPress plugin improved-user-search-in-backend
CVE-2014-5195 (Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not ...)
	- unity <itp> (bug #609278)
CVE-2014-5194 (Static code injection vulnerability in admin/admin.php in Sphider 1.3. ...)
	NOT-FOR-US: Sphider
CVE-2014-5193 (Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider ...)
	NOT-FOR-US: Sphider
CVE-2014-5192 (SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows ...)
	NOT-FOR-US: Sphider
CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin before  ...)
	- ckeditor 4.4.4+dfsg1-1 (bug #760736)
	[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
	[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
CVE-2014-5190 (Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/i ...)
	NOT-FOR-US: WordPress plugin SI CAPTCHA Anti-Spam
CVE-2014-5189 (SQL injection vulnerability in lib/optin/optin_page.php in the Lead Oc ...)
	NOT-FOR-US: WordPress plugin Lead-Octopus-Power
CVE-2014-5188 (Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyr ...)
	NOT-FOR-US: Lyris ListManager
CVE-2014-5187 (Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1. ...)
	NOT-FOR-US: WordPress plugin tom-m8te
CVE-2014-5186 (SQL injection vulnerability in the All Video Gallery (all-video-galler ...)
	NOT-FOR-US: WordPress plugin all-video-gallery
CVE-2014-5185 (SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress  ...)
	NOT-FOR-US: WordPress plugin quartz
CVE-2014-5184 (SQL injection vulnerability in the stripshow-storylines page in the st ...)
	NOT-FOR-US: WordPress plugin stripshow
CVE-2014-5183 (SQL injection vulnerability in includes/mode-edit.php in the Simple Re ...)
	NOT-FOR-US: WordPress plugin simple-retail-menus
CVE-2014-5182 (Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for Wor ...)
	NOT-FOR-US: WordPress plugin yawpp
CVE-2014-5181 (Directory traversal vulnerability in lastfm-proxy.php in the Last.fm R ...)
	NOT-FOR-US: WordPress plugin lastfm-rotation
CVE-2014-5180 (SQL injection vulnerability in the videos page in the HDW Player Plugi ...)
	NOT-FOR-US: WordPress plugin hdw-player-video-player-video-gallery
CVE-2014-5178 (Multiple cross-site scripting (XSS) vulnerabilities in Easy File Shari ...)
	NOT-FOR-US: Easy File Sharing
CVE-2014-5176 (SAP FI Manager Self-Service has a hard-coded user name, which makes it ...)
	NOT-FOR-US: SAP
CVE-2014-5175 (The License Measurement servlet in SAP Solution Manager 7.1 allows rem ...)
	NOT-FOR-US: SAP
CVE-2014-5174 (The SAP Netweaver Business Warehouse component does not properly restr ...)
	NOT-FOR-US: SAP
CVE-2014-5173 (SAP HANA Extend Application Services (XS) allows remote attackers to b ...)
	NOT-FOR-US: SAP
CVE-2014-5172 (Multiple cross-site scripting (XSS) vulnerabilities in the XS Administ ...)
	NOT-FOR-US: SAP
CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt transmissio ...)
	NOT-FOR-US: SAP
CVE-2013-7398 (main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Htt ...)
	- async-http-client <not-affected> (Vulnerable code not present, bug #773364)
	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/197
	NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/3c9152e2c75f7e8b654beec40383748a14c6b51b
CVE-2013-7397 (Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X. ...)
	- async-http-client 1.6.5-3
	[wheezy] - async-http-client <no-dsa> (Minor issue)
	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/352
CVE-2013-7396
	RESERVED
CVE-2013-7395 (ZOLL Defibrillator / Monitor X Series has a default (1) supervisor pas ...)
	NOT-FOR-US: ZOLL Defibrillator / Monitor X Series
CVE-2013-7394 (The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remo ...)
	NOT-FOR-US: Splunk
CVE-2012-6653 (Unspecified vulnerability in the All Video Gallery (all-video-gallery) ...)
	NOT-FOR-US: WordPress plugin all-video-gallery
CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...)
	NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
CVE-2014-5207 (fs/namespace.c in the Linux kernel through 3.16.1 does not properly re ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705 (v3.17-rc1)
	NOTE: and: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e (v3.17-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c55cfc4166d9a0f38de779bd4d75a90afbe7734 (v3.8)
	NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
CVE-2014-5206 (The do_remount function in fs/namespace.c in the Linux kernel through  ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130
	NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
CVE-2014-5247 (The _UpgradeBeforeConfigurationChange function in lib/client/gnt_clust ...)
	- ganeti 2.11.5-1
	[wheezy] - ganeti <not-affected> (Vulnerable code not present)
	[squeeze] - ganeti <not-affected> (Vulnerable code not present)
	NOTE: http://www.ocert.org/advisories/ocert-2014-006.html
CVE-2014-5240 (Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php  ...)
	{DSA-3001-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29398
CVE-2014-5205 (wp-includes/pluggable.php in WordPress before 3.9.2 does not use delim ...)
	{DSA-3001-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29408
CVE-2014-5204 (wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CS ...)
	{DSA-3001-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29384
CVE-2014-5203 (wp-includes/class-wp-customize-widgets.php in the widget implementatio ...)
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/29389
CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1 ...)
	- subversion 1.8.10-1 (low)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion <no-dsa> (Minor issue)
	NOTE: http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E
CVE-2014-5179 (The freelinking module for Drupal, as used in the Freelinking for Case ...)
	NOT-FOR-US: drupal6-freelinking module
CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access con ...)
	- libvirt 1.2.4-1 (low)
	[wheezy] - libvirt <not-affected> (Not exploitable in that version)
	[squeeze] - libvirt <not-affected> (Not exploitable in that version)
	NOTE: http://security.libvirt.org/2014/0003.html
CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might allow remot ...)
	NOT-FOR-US: Storage API module for Drupal
CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module before 7.x ...)
	NOT-FOR-US: Drupal module Date
CVE-2014-5168
	RESERVED
CVE-2014-5167
	RESERVED
CVE-2014-5166
	RESERVED
CVE-2014-5165 (The dissect_ber_constrained_bitstring function in epan/dissectors/pack ...)
	{DSA-3002-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-11.html
CVE-2014-5164 (The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC  ...)
	{DSA-3002-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-10.html
CVE-2014-5163 (The APN decode functionality in (1) epan/dissectors/packet-gtp.c and ( ...)
	{DSA-3002-1 DLA-38-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark 1.2.11-6+squeeze15
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-09.html
CVE-2014-5162 (The read_new_line function in wiretap/catapult_dct2000.c in the Catapu ...)
	{DSA-3002-1 DLA-38-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark 1.2.11-6+squeeze15
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5161 (The dissect_log function in plugins/irda/packet-irda.c in the IrDA dis ...)
	{DSA-3002-1 DLA-38-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark 1.2.11-6+squeeze15
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
	NOT-FOR-US: HP Data Protector
CVE-2014-5159 (SQL injection vulnerability in the ossim-framework service in AlienVau ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-5158 (The (1) av-centerd SOAP service and (2) backup command in the ossim-fr ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-5157
	REJECTED
CVE-2014-5156
	RESERVED
CVE-2014-5155
	RESERVED
CVE-2014-5154
	RESERVED
CVE-2014-5153
	RESERVED
CVE-2014-5152
	RESERVED
CVE-2014-5151
	RESERVED
CVE-2014-5150
	RESERVED
CVE-2014-5149 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when ...)
	- xen 4.4.1-4 (low; bug #770230)
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-5148 (Xen 4.4.x, when running on an ARM system and "handling an unknown syst ...)
	- xen 4.4.1-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-5147 (Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not pro ...)
	- xen 4.4.1-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-5146 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x befor ...)
	- xen 4.4.1-4 (low; bug #770230)
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-5145
	RESERVED
CVE-2014-5144 (Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 all ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-5143
	RESERVED
CVE-2014-5142
	RESERVED
CVE-2014-5141
	RESERVED
CVE-2014-5140 (The bindReplace function in the query factory in includes/classes/data ...)
	NOT-FOR-US: Loaded Commerce
CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 befo ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-5138 (Innovative Interfaces Sierra Library Services Platform 1.2_3 does not  ...)
	NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5137 (Innovative Interfaces Sierra Library Services Platform 1.2_3 provides  ...)
	NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5136 (Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sier ...)
	NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5135
	RESERVED
CVE-2014-5134
	RESERVED
CVE-2014-5133
	RESERVED
CVE-2014-5132 (Avolve Software ProjectDox 8.1 allows remote attackers to enumerate us ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5131 (Avolve Software ProjectDox 8.1 makes it easier for remote authenticate ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5130 (Avolve Software ProjectDox 8.1 allows remote authenticated users to ob ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5128 (Innovative Interfaces Encore Discovery Solution 4.3 places a session t ...)
	NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore Discovery  ...)
	NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5126
	RESERVED
CVE-2014-5125
	RESERVED
CVE-2014-5124
	RESERVED
CVE-2014-5123
	RESERVED
CVE-2014-5122 (Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows re ...)
	NOT-FOR-US: ArcGIS
CVE-2014-5121 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
	NOT-FOR-US: ArcGIS
CVE-2014-5120 (gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x befo ...)
	- php5 5.4.0-1
	[squeeze] - php5 <not-affected> (Introduced in 5.4)
	- libgd2 <not-affected> (Specific to integration of gd in PHP)
	NOTE: https://bugs.php.net/bug.php?id=67730
	NOTE: https://bugs.php.net/patch-display.php?bug_id=67730&patch=gd-null-injection&revision=latest
	NOTE: For the PHP5 5.4 branch this issue is fixed in version 5.4.32
	NOTE: fixed in Debian with the gdIOCtx.patch patch
CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote atta ...)
	NOT-FOR-US: DirPHP
CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attac ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2014-5113 (Multiple cross-site scripting (XSS) vulnerabilities in test.php in Vis ...)
	NOT-FOR-US: Visualwave MyConnection Server
CVE-2014-5112 (maint/modules/home/index.php in Fonality trixbox allows remote attacke ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5111 (Multiple directory traversal vulnerabilities in Fonality trixbox allow ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5110 (Cross-site scripting (XSS) vulnerability in user/help/html/index.php i ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5109 (SQL injection vulnerability in maint/modules/endpointcfg/endpoint_gene ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5108 (Cross-site scripting (XSS) vulnerability in single_pages\download_file ...)
	NOT-FOR-US: concrete5
CVE-2014-5107 (concrete5 before 5.6.3 allows remote attackers to obtain the installat ...)
	NOT-FOR-US: concrete5
CVE-2014-5106 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (a ...)
	NOT-FOR-US: Invision Power IP.Board
CVE-2014-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1 ...)
	NOT-FOR-US: ol-commerce
CVE-2014-5104 (Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remo ...)
	NOT-FOR-US: ol-commerce
CVE-2014-5103 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-5102 (SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 a ...)
	NOT-FOR-US: vBulletin
CVE-2014-5101 (Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 all ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2014-5100 (Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka be ...)
	NOT-FOR-US: Omeka
CVE-2014-5099
	RESERVED
CVE-2014-5098 (Cross-site scripting (XSS) vulnerability in the Search module before 1 ...)
	NOT-FOR-US: Jamroom Search module
CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR  ...)
	NOT-FOR-US: ArticleFR
CVE-2014-5096
	RESERVED
CVE-2014-5095
	RESERVED
CVE-2014-5094 (Status2k allows remote attackers to obtain configuration information v ...)
	NOT-FOR-US: Status2k
CVE-2014-5093 (Status2k does not remove the install directory allowing credential res ...)
	NOT-FOR-US: Status2k
CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...)
	NOT-FOR-US: Status2k
CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring Software via t ...)
	NOT-FOR-US: Status2K Server Monitoring Software
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...)
	NOT-FOR-US: Status2k
CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k allo ...)
	NOT-FOR-US: Status2k
CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote att ...)
	NOT-FOR-US: Status2k
CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to  ...)
	NOT-FOR-US: Sphider Search Engine
CVE-2014-5086 (A Command Execution vulnerability exists in Sphider Pro, and Sphider P ...)
	NOT-FOR-US: Sphider
CVE-2014-5085 (A Command Execution vulnerability exists in Sphider Plus 3.2 due to in ...)
	NOT-FOR-US: Sphider
CVE-2014-5084 (A Command Execution vulnerability exists in Sphider Pro 3.2 due to ins ...)
	NOT-FOR-US: Sphider
CVE-2014-5083 (A Command Execution vulnerability exists in Sphider before 1.3.6 due t ...)
	NOT-FOR-US: Sphider
CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1 ...)
	NOT-FOR-US: Sphider
CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus pri ...)
	NOT-FOR-US: sphider
CVE-2014-5080
	RESERVED
CVE-2014-5079
	RESERVED
CVE-2014-5078
	RESERVED
CVE-2014-5076 (The La Banque Postale application before 3.2.6 for Android does not pr ...)
	NOT-FOR-US: La Banque Postale application
CVE-2014-5075 (The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x w ...)
	- libsmack-java <itp> (bug #640873)
CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow rem ...)
	NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices
CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allo ...)
	NOT-FOR-US: VMTurbo Operations Manager
CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security Audit L ...)
	NOT-FOR-US: WP Security Audit Log plugin for WordPress
CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in Symmetric ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain pr ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15  ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5068 (Directory traversal vulnerability in the web application in Symmetrico ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5067
	RESERVED
CVE-2014-5066
	RESERVED
CVE-2014-5065
	RESERVED
CVE-2014-5064
	RESERVED
CVE-2014-5063
	RESERVED
CVE-2014-5062
	RESERVED
CVE-2014-5061
	RESERVED
CVE-2014-5060
	RESERVED
CVE-2014-5059
	RESERVED
CVE-2014-5058
	RESERVED
CVE-2014-5057
	RESERVED
CVE-2014-5056
	RESERVED
CVE-2014-5055
	RESERVED
CVE-2014-5054
	RESERVED
CVE-2014-5053
	RESERVED
CVE-2014-5052
	RESERVED
CVE-2014-5051
	RESERVED
CVE-2014-5050
	RESERVED
CVE-2014-5049
	RESERVED
CVE-2014-5048
	RESERVED
CVE-2014-5047
	RESERVED
CVE-2014-5046
	RESERVED
CVE-2014-5118 (Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vul ...)
	NOT-FOR-US: tboot
CVE-2014-5117 (Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...)
	{DSA-2993-1 DLA-17-1}
	- tor 0.2.4.23-1
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2014-5116 (The cairo_image_surface_get_data function in Cairo 1.10.2, as used in  ...)
	NOTE: This is non-security bug in Wireshark, not in Cairo
CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ke ...)
	{DLA-103-1}
	- linux 3.14.15-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
CVE-2014-5043
	REJECTED
CVE-2014-5042
	RESERVED
CVE-2014-5041
	RESERVED
CVE-2014-5040 (HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2. ...)
	- eucalyptus <removed>
CVE-2014-5039 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...)
	NOT-FOR-US: Eucalyptus Management Console (relates to src:eucalyptus)
CVE-2014-5038 (Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or  ...)
	- eucalyptus <removed>
CVE-2014-5037 (Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, log ...)
	- eucalyptus <removed>
CVE-2014-5036 (The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0. ...)
	- eucalyptus <removed>
CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers  ...)
	NOT-FOR-US: Opendaylight
CVE-2014-5034 (Cross-site request forgery (CSRF) vulnerability in the Brute Force Log ...)
	NOT-FOR-US: Brute Force Login Protection module for WordPress
CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers  ...)
	- gitlist <itp> (bug #750368)
CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in commo ...)
	- limesurvey <itp> (bug #472802)
CVE-2014-5017 (SQL injection vulnerability in CPDB in application/controllers/admin/p ...)
	- limesurvey <itp> (bug #472802)
CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05 ...)
	- limesurvey <itp> (bug #472802)
CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows  ...)
	NOT-FOR-US: WordPress Flash Uploader plugin for WordPress
CVE-2014-5013 (DOMPDF before 0.6.2 allows remote code execution, a related issue to C ...)
	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5012 (DOMPDF before 0.6.2 allows denial of service. ...)
	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5011 (DOMPDF before 0.6.2 allows Information Disclosure. ...)
	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5010
	RESERVED
CVE-2014-5007 (Directory traversal vulnerability in the agentLogUploader servlet in Z ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2014-5006 (Directory traversal vulnerability in ZOHO ManageEngine Desktop Central ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2014-5005 (Directory traversal vulnerability in ZOHO ManageEngine Desktop Central ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2013-7393 (The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local  ...)
	- subversion 1.8.5-1 (unimportant)
	NOTE: Optional admin-side utilities in Subversion 1.8.x
	NOTE: split form CVE-2013-4262
CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via shel ...)
	- gitlist <itp> (bug #750368)
CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using th ...)
	NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-7390 (Unrestricted file upload vulnerability in AgentLogUploadServlet in Man ...)
	NOT-FOR-US: ManageEngine DesktopCentral
CVE-2011-5281
	RESERVED
CVE-2014-5045 (The mountpoint_last function in fs/namei.c in the Linux kernel before  ...)
	- linux 3.14.15-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	- linux-2.6 <not-affected> (Introduced in 3.12)
	NOTE: https://lkml.org/lkml/2014/7/21/98
CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote attackers ...)
	- gcc-4.9 4.9.1-4 (bug #756325)
	- gcc-4.8 4.8.3-7 (bug #756325)
	- gcc-4.7 <removed> (bug #756325)
	[wheezy] - gcc-4.7 <no-dsa> (Minor issue, too intrusive to backport)
	- gcc-4.6 <unfixed> (bug #756325)
	[wheezy] - gcc-4.6 <no-dsa> (Minor issue, too intrusive to backport)
	- gcc-4.4 <unfixed> (bug #756325)
	[wheezy] - gcc-4.4 <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - gcc-4.4 <no-dsa> (Minor issue, too intrusive to backport)
	- gcc-4.3 <removed>
	[squeeze] - gcc-4.3 <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-B ...)
	{DSA-3004-1 DLA-76-1}
	- kde4libs 4:4.13.3-2 (bug #755814)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=864716
	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost informati ...)
	- glpi <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2014/07/22/6
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have wo ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-2
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://cups.org/str.php?L4455
CVE-2014-5030 (CUPS before 2.0 allows local users to read arbitrary files via a symli ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-2
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://cups.org/str.php?L4455
CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp group to  ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-2
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://cups.org/str.php?L4455
CVE-2014-5028 (The Original File and Patched File resources in Review Board 1.7.x bef ...)
	- reviewboard <itp> (bug #653113)
CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before  ...)
	- reviewboard <itp> (bug #653113)
CVE-2014-5026 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-7
	NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5025 (Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti  ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-7
	NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5024 (Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell  ...)
	NOT-FOR-US: DELL SonicWALL GMS
CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD ...)
	{DLA-490-1}
	- bozohttpd <removed> (bug #755197)
	[squeeze] - bozohttpd <no-dsa> (Minor issue)
	NOTE: Fixed by: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52&r2=1.53&only_with_tag=MAIN
CVE-2014-5009 (Snoopy allows remote attackers to execute arbitrary commands.  NOTE: t ...)
	- libphp-snoopy <not-affected> (Incorrect fix not applied)
	NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
	NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
CVE-2014-5008 (Snoopy allows remote attackers to execute arbitrary commands. ...)
	{DSA-3248-1 DLA-357-1}
	- libphp-snoopy 2.0.0-1 (bug #778634)
	NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
	NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required).
CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database ...)
	NOT-FOR-US: Ruby Gem brbackup
CVE-2014-5003 (chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in th ...)
	NOT-FOR-US: Ruby Gem ciborg
CVE-2014-5002 (The lynx gem before 1.0.0 for Ruby places the configured password on c ...)
	NOT-FOR-US: Ruby Gem lynx
CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database u ...)
	NOT-FOR-US: Ruby Gem kcapifony
CVE-2014-5000 (The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby ...)
	NOT-FOR-US: Ruby Gem lawn-login
CVE-2014-4999 (vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem  ...)
	NOT-FOR-US: Ruby Gem kajam
CVE-2014-4998 (test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the m ...)
	NOT-FOR-US: Ruby Gem lean-ruport
CVE-2014-4997 (lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places crede ...)
	NOT-FOR-US: Ruby Gem point-cli
CVE-2014-4996 (lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allo ...)
	NOT-FOR-US: Ruby Gem VladTheEnterprising
CVE-2014-4995 (Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem ...)
	NOT-FOR-US: Ruby Gem VladTheEnterprising
CVE-2014-4994 (lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users ...)
	NOT-FOR-US: Ruby Gem gyazo
CVE-2014-4993 ((1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2 ...)
	NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum
CVE-2014-4992 (lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places cr ...)
	NOT-FOR-US: Ruby Gem cap-strap
CVE-2014-4991 ((1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgre ...)
	NOT-FOR-US: Ruby Gem codders-dataset
CVE-2014-4990
	RESERVED
CVE-2014-4989
	RESERVED
CVE-2014-4988
	RESERVED
CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x b ...)
	- phpmyadmin 4:4.2.6-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-7/
CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...)
	- phpmyadmin 4:4.2.6-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2014-6/
CVE-2014-4985
	RESERVED
CVE-2014-4984 (D&#233;j&#224; Vu Crescendo Sales CRM has remote SQL Injection ...)
	NOT-FOR-US: Deja Vu Crescendo Sales CRM
CVE-2014-4983
	RESERVED
CVE-2014-4982 (LPAR2RRD &#8804; 4.53 and &#8804; 3.5 has arbitrary command injection  ...)
	NOT-FOR-US: LPAR2RRD
CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...)
	NOT-FOR-US: LPAR2RRD
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...)
	NOT-FOR-US: Tenable Web UI for Nessus
CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-4977 (Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 1 ...)
	NOT-FOR-US: SonicWall
CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...)
	NOT-FOR-US: SonicWall
CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal  ...)
	{DSA-2983-1}
	- drupal6 <not-affected> (Only affects Drupal 7 core)
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...)
	{DSA-2983-1}
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly check perm ...)
	{DSA-2983-1}
	- drupal6 <not-affected> (Only affects Drupal 7 core)
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 al ...)
	{DSA-2983-1}
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and e ...)
	{DSA-3157-1 DLA-200-1}
	- ruby1.8 <not-affected> (Vulnerable code not present in 1.8)
	- ruby1.9.1 <removed> (low)
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	- ruby2.0 <removed> (low)
	- ruby2.1 2.1.3-1 (low)
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
CVE-2014-4974 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driv ...)
	NOT-FOR-US: ESET
CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Fi ...)
	NOT-FOR-US: ESET Personal Firewall
CVE-2014-4972 (Unrestricted file upload vulnerability in the Gravity Upload Ajax plug ...)
	NOT-FOR-US: Gravity Upload Ajax plugin for WordPress
CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ha ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2014-4970
	RESERVED
CVE-2014-4969
	RESERVED
CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...)
	NOT-FOR-US: Boat Browser application for Android
CVE-2014-4967 (Multiple argument injection vulnerabilities in Ansible before 1.6.7 al ...)
	- ansible 1.6.8+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
CVE-2014-4966 (Ansible before 1.6.7 does not prevent inventory data with "{{" and "lo ...)
	- ansible 1.6.8+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5  ...)
	NOT-FOR-US: Shopizer
CVE-2014-4964 (Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer ...)
	NOT-FOR-US: Shopizer
CVE-2014-4963 (Shopizer 1.1.5 and earlier allows remote attackers to modify the accou ...)
	NOT-FOR-US: Shopizer
CVE-2014-4962 (Shopizer 1.1.5 and earlier allows remote attackers to reduce the total ...)
	NOT-FOR-US: Shopizer
CVE-2014-4961
	RESERVED
CVE-2014-4960 (Multiple SQL injection vulnerabilities in models\gallery.php in Youtub ...)
	NOT-FOR-US: Joomla! component
CVE-2014-4959 (**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the ...)
	NOT-FOR-US: Disputed Android issue
CVE-2014-4958 (Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJA ...)
	NOT-FOR-US: Telerik UI for ASP.NET AJAX RadEditor Control
CVE-2014-4957
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4956
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList  ...)
	- phpmyadmin 4:4.2.6-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLi ...)
	- phpmyadmin 4:4.2.6-1
	[squeeze] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
	[wheezy] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
CVE-2014-4953
	REJECTED
CVE-2014-4952
	REJECTED
CVE-2014-4951
	REJECTED
CVE-2014-4950
	REJECTED
CVE-2014-4949
	REJECTED
CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and e ...)
	NOT-FOR-US: Citrix XenServer
CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix XenServe ...)
	NOT-FOR-US: Citrix XenServer
CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet  ...)
	- php-horde-imp 6.2.0-1
	- horde3 <removed>
	[squeeze] - horde3 <not-affected>
	NOTE: Upstream patches:
	NOTE: https://github.com/horde/horde/commit/578ff073724d9c179663098d8ff0076e8b361cfb
	NOTE: https://github.com/horde/horde/commit/2f1f4b10dec90fb67797ea80be0e029ead90f168
	NOTE: The bugs are in javascript files that do not exist in the version in Squeeze.
CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet  ...)
	- php-horde-imp 6.2.0-1
	- horde3 <removed>
	[squeeze] - horde3 <not-affected>
	NOTE: Upstream patch: https://github.com/horde/horde/commit/71633e649afc0704b72098a6e2530377dd67eb0c
	NOTE: The bug is in PHP template file that does not exist in the version in Squeeze.
CVE-2014-4944 (Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel throug ...)
	{DSA-2992-1 DLA-103-1}
	- linux 3.14.13-1
	- linux-2.6 <removed>
	NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
CVE-2014-4942 (The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows re ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4941 (Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plug ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4940 (Multiple directory traversal vulnerabilities in Tera Charts (tera-char ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4939 (SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plu ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4938 (SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugi ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4937 (Directory traversal vulnerability in includes/bookx_export.php BookX p ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4936 (The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer ...)
	NOT-FOR-US: Malwarebytes
CVE-2014-4935
	RESERVED
CVE-2014-4934
	RESERVED
CVE-2014-4933
	RESERVED
CVE-2014-4932 (Cross-site scripting (XSS) vulnerability in the Wordfence Security plu ...)
	NOT-FOR-US: Wordfence Security plugin for WordPress
CVE-2014-4931
	RESERVED
CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...)
	- owncloud 6.0.4~beta1+dfsg-1
	NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or IP.Boa ...)
	NOT-FOR-US: Invision Power Board
CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DS ...)
	NOT-FOR-US: ACME micro_httpd
CVE-2014-4926
	RESERVED
CVE-2014-4925 (Cross-site scripting (XSS) vulnerability in Good for Enterprise for An ...)
	NOT-FOR-US: Good for Enterprise for Android
CVE-2014-4924
	RESERVED
CVE-2014-4923
	RESERVED
CVE-2014-4922
	RESERVED
CVE-2014-4921
	RESERVED
CVE-2014-4920
	RESERVED
CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7,  ...)
	NOT-FOR-US: OXID eShop
CVE-2014-4918
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4917
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4916
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4915
	RESERVED
CVE-2014-4912 (An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to ...)
	NOT-FOR-US: Frog CMS
CVE-2014-4906 (The Brisbane &amp; Queensland Alert (aka com.queensland.alert) applica ...)
	NOT-FOR-US: Brisbane & Queensland Alert (aka com.queensland.alert) application for Android
CVE-2014-4905 (The Clean Internet Browser (aka com.cleantab.browsesecure) application ...)
	NOT-FOR-US: Clean Internet Browser (aka com.cleantab.browsesecure) application for Android
CVE-2014-4904 (The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for  ...)
	NOT-FOR-US: Crossmo Calendar (aka com.crossmo.calendar) application for Android
CVE-2014-4903 (The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 ...)
	NOT-FOR-US: Kakao Bingo Garden (aka com.mocoga.bingogarden) application for Android
CVE-2014-4902
	RESERVED
CVE-2014-4901 (The Bond Trading (aka com.appmakr.app613309) application 197705 for An ...)
	NOT-FOR-US: Bond Trading (aka com.appmakr.app613309) application for Android
CVE-2014-4900 (The migme (aka com.projectgoth) application 4.03.002 for Android does  ...)
	NOT-FOR-US: migme (aka com.projectgoth) application for Android
CVE-2014-4899 (The Indian Cement Review (aka com.magzter.indiancementreview) applicat ...)
	NOT-FOR-US: Indian Cement Review (aka com.magzter.indiancementreview) application for Android
CVE-2014-4898 (The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 fo ...)
	NOT-FOR-US: Harivijay (aka com.upasanhar.marathi.harivijay) application for Android
CVE-2014-4897 (The Touriosity Travelmag (aka com.magzter.touriositytravelmag) applica ...)
	NOT-FOR-US: Touriosity Travelmag (aka com.magzter.touriositytravelmag) application for Android
CVE-2014-4896 (The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) app ...)
	NOT-FOR-US: Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application for Android
CVE-2014-4895 (The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for  ...)
	NOT-FOR-US: Herpin Time Radio (aka com.herpin.time.radio) application for Android
CVE-2014-4894 (The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Andro ...)
	NOT-FOR-US: MyMetro (aka com.myrippleapps.mymetro) application for Android
CVE-2014-4893
	RESERVED
CVE-2014-4892 (The uControl Smart Home Automation (aka de.ucontrol) application 1.2 f ...)
	NOT-FOR-US: uControl Smart Home Automation (aka de.ucontrol) application for Android
CVE-2014-4891 (The CT iHub (aka com.concursive.ctihub) application 1 for Android does ...)
	NOT-FOR-US: CT iHub (aka com.concursive.ctihub) application for Android
CVE-2014-4890 (The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Andro ...)
	NOT-FOR-US: Nano Digest (aka com.magzter.nanodigest) application for Android
CVE-2014-4889 (The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 f ...)
	NOT-FOR-US: Diabetic Diet Guide (aka com.wDiabeticDietGuide) application for Android
CVE-2014-4888 (The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) ...)
	NOT-FOR-US: BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application for Android
CVE-2014-4887 (The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3 ...)
	NOT-FOR-US: Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application for Android
CVE-2014-4886
	RESERVED
CVE-2014-4885 (The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionwo ...)
	NOT-FOR-US: CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application for Android
CVE-2014-4884 (The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android do ...)
	NOT-FOR-US: Conrad Hotel (aka com.wConradHotel) application for Android
CVE-2014-4883 (resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in  ...)
	- xen <not-affected> (LWIP DNS code not present in Xen Debian packages)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169008
CVE-2014-4882 (Aptexx Resident Anywhere does not require authentication, which allows ...)
	NOT-FOR-US: Aptexx Resident Anywhere
CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates  ...)
	NOT-FOR-US: PartyTrack library for Android
CVE-2014-4880 (Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, ...)
	NOT-FOR-US: Hikvision DVR
CVE-2014-4879
	RESERVED
CVE-2014-4878
	RESERVED
CVE-2014-4877 (Absolute path traversal vulnerability in GNU Wget before 1.16, when re ...)
	{DSA-3062-1 DLA-82-1}
	- wget 1.16-1 (bug #766981)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
CVE-2014-4876 (Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical n ...)
	NOT-FOR-US: Toshiba
CVE-2014-4875 (CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6. ...)
	NOT-FOR-US: CreateBossCredentials.jar in Toshiba CHEC
CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read arb ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-4873 (SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-4872 (BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9 ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-4871 (Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetComm ...)
	NOT-FOR-US: NetCommWireless NB604N routers
CVE-2014-4870 (/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade V ...)
	NOT-FOR-US: Brocade Vyatta
CVE-2014-4869 (The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows att ...)
	NOT-FOR-US: Brocade Vyatta
CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6 ...)
	NOT-FOR-US: Brocade Vyatta
CVE-2014-4867 (Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/ini ...)
	NOT-FOR-US: Cryoserver
CVE-2014-4866
	RESERVED
CVE-2014-4865 (Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin ...)
	NOT-FOR-US: CacheGuard-OS
CVE-2014-4864 (The NETGEAR ProSafe Plus Configuration Utility creates configuration b ...)
	NOT-FOR-US: NETGEAR ProSafe Plus Configuration Utility
CVE-2014-4863 (The Arris Touchstone DG950A cable modem with software 7.10.131 has an  ...)
	NOT-FOR-US: Arris Touchstone DG950A cable modem
CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729.024  ...)
	NOT-FOR-US: Netmaster CBW700N cable modem
CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before 8.6.00001 ...)
	NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server
CVE-2014-4860 (Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...)
	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4859 (Integer overflow in the Drive Execution Environment (DXE) phase in the ...)
	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCe ...)
	NOT-FOR-US: Sabre AirCenter Crew
CVE-2014-4857 (Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1 ...)
	NOT-FOR-US: Gurock TestRail
CVE-2014-4856 (Cross-site scripting (XSS) vulnerability in the Polldaddy Polls &amp;  ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4855 (Cross-site scripting (XSS) vulnerability in the Polylang plugin before ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4854 (Cross-site scripting (XSS) vulnerability in the WP Construction Mode p ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4853 (Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-4852 (SQL injection vulnerability in admin/uploads.php in The Digital Craft  ...)
	NOT-FOR-US: AtomCMS
CVE-2014-4851 (Open redirect vulnerability in msg.php in FoeCMS allows remote attacke ...)
	NOT-FOR-US: FoeCMS
CVE-2014-4850 (SQL injection vulnerability in index.php in FoeCMS allows remote attac ...)
	NOT-FOR-US: FoeCMS
CVE-2014-4849 (Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeC ...)
	NOT-FOR-US: FoeCMS
CVE-2014-4848 (Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blog ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4847 (Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1 ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4846 (Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4845 (Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4844 (The import/export functionality in IBM Business Process Manager (BPM)  ...)
	NOT-FOR-US: IBM
CVE-2014-4843 (Curam Universal Access in IBM Curam Social Program Management (SPM) 6. ...)
	NOT-FOR-US: IBM
CVE-2014-4842
	RESERVED
CVE-2014-4841
	RESERVED
CVE-2014-4840 (IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 bef ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4839 (Cross-site request forgery (CSRF) vulnerability in birtviewer.query in ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4838 (Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRI ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4836 (Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IB ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4835 (IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSP ...)
	NOT-FOR-US: IBM
CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 do ...)
	NOT-FOR-US: IBM
CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4832 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch  ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4831 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch  ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4830 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not incl ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4829 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM Security QRadar
CVE-2014-4828 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4827 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM Q ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4826 (IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly ha ...)
	NOT-FOR-US: IBM Security QRadar
CVE-2014-4825 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not prop ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4824 (SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2 ...)
	NOT-FOR-US: IBM Security QRadar
CVE-2014-4823 (The administration console in IBM Security Access Manager for Web 7.x  ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-4822 (IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Web ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2014-4821 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4820 (Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufa ...)
	NOT-FOR-US: IBM
CVE-2014-4819 (The web user interface in IBM WebSphere Message Broker 8.0 before 8.0. ...)
	NOT-FOR-US: IBM
CVE-2014-4818 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, ...)
	NOT-FOR-US: IBM
CVE-2014-4817 (The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3. ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2014-4816 (Cross-site request forgery (CSRF) vulnerability in the Administrative  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4815 (Session fixation vulnerability in IBM Rational Lifecycle Integration A ...)
	NOT-FOR-US: IBM
CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4813 (Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0 ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...)
	NOT-FOR-US: IBM Security AppScan Source
CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Control ...)
	NOT-FOR-US: IBM
CVE-2014-4810 (IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10 ...)
	NOT-FOR-US: IBM
CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x befor ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-4808 (Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0. ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4807 (Sterling Order Management in IBM Sterling Selling and Fulfillment Suit ...)
	NOT-FOR-US: IBM Sterling Selling
CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x before ...)
	NOT-FOR-US: IBM
CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files durin ...)
	NOT-FOR-US: IBM DB2
CVE-2014-4804 (Curam Universal Access in IBM Curam Social Program Management 5.2 befo ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-4803 (CRLF injection vulnerability in the Universal Access implementation in ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM B ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...)
	NOT-FOR-US: IBM
CVE-2014-4800
	RESERVED
CVE-2014-4799
	RESERVED
CVE-2014-4798
	RESERVED
CVE-2014-4797
	RESERVED
CVE-2014-4796
	RESERVED
CVE-2014-4795
	RESERVED
CVE-2014-4794
	RESERVED
CVE-2014-4793 (IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-4792 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2014-4791
	RESERVED
CVE-2014-4790 (IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before  ...)
	NOT-FOR-US: IBM Emptoris Sourcing Portfolio
CVE-2014-4789 (Session fixation vulnerability in IBM Initiate Master Data Service 9.5 ...)
	NOT-FOR-US: IBM
CVE-2014-4788 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7 ...)
	NOT-FOR-US: IBM
CVE-2014-4787 (Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data S ...)
	NOT-FOR-US: IBM
CVE-2014-4786 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7 ...)
	NOT-FOR-US: IBM
CVE-2014-4785 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...)
	NOT-FOR-US: IBM
CVE-2014-4784 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7 ...)
	NOT-FOR-US: IBM
CVE-2014-4783 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...)
	NOT-FOR-US: IBM
CVE-2014-4782 (IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to  ...)
	NOT-FOR-US: IBM
CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3. ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2014-4780
	RESERVED
CVE-2014-4779
	RESERVED
CVE-2014-4778 (IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Soft ...)
	NOT-FOR-US: IBM
CVE-2014-4777
	RESERVED
CVE-2014-4776 (IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomp ...)
	NOT-FOR-US: IBM
CVE-2014-4775 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x bef ...)
	NOT-FOR-US: IBM
CVE-2014-4774 (Cross-site request forgery (CSRF) vulnerability in the login page in I ...)
	NOT-FOR-US: IBM
CVE-2014-4773
	RESERVED
CVE-2014-4772
	RESERVED
CVE-2014-4771 (IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 al ...)
	NOT-FOR-US: IBM
CVE-2014-4768 (IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X ...)
	NOT-FOR-US: IBM
CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4766 (IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote atta ...)
	NOT-FOR-US: IBM Sametime Classic Meeting Server
CVE-2014-4765 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-4764 (IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4763 (Cross-site scripting (XSS) vulnerability in Content Navigator in Conte ...)
	NOT-FOR-US: IBM
CVE-2014-4762 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM
CVE-2014-4761 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-4759 (An unspecified Ajax service in the Content Management toolkit in IBM B ...)
	NOT-FOR-US: IBM
CVE-2014-4758 (IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere L ...)
	NOT-FOR-US: IBM
CVE-2014-4757 (The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0- ...)
	NOT-FOR-US: IBM Content Collector
CVE-2014-4756 (The Administration and Reporting Tool in IBM Rational License Key Serv ...)
	NOT-FOR-US: IBM
CVE-2014-4755
	RESERVED
CVE-2014-4754
	RESERVED
CVE-2014-4753
	RESERVED
CVE-2014-4752 (IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, a ...)
	NOT-FOR-US: IBM
CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access Manage ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP s ...)
	NOT-FOR-US: IBM
CVE-2014-4749 (IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_host ...)
	NOT-FOR-US: IBM
CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows  ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-4746 (IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-4745
	RESERVED
CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket before ...)
	NOT-FOR-US: osTicket
CVE-2014-4743 (Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax ...)
	NOT-FOR-US: Kajona module
CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in system/class_link.php in t ...)
	NOT-FOR-US: Kajona module
CVE-2014-4741 (SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1 ...)
	NOT-FOR-US: Artifectx xClassified
CVE-2014-4740
	REJECTED
CVE-2014-4739
	RESERVED
CVE-2014-4738 (Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard Fort ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5 ...)
	- textpattern <removed>
	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
	NOTE: https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6
	NOTE: is likely the commit fixing the issue. But it does more than the
	NOTE: strict minimum.
CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote atta ...)
	NOT-FOR-US: E2
CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier a ...)
	NOT-FOR-US: MyWebSQL
CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107  ...)
	NOT-FOR-US: e107
CVE-2014-4733
	RESERVED
CVE-2014-4732
	RESERVED
CVE-2014-4731
	RESERVED
CVE-2014-4730
	RESERVED
CVE-2014-4729
	RESERVED
CVE-2014-4728 (The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router ( ...)
	NOT-FOR-US: TP-Link
CVE-2014-4727 (Cross-site scripting (XSS) vulnerability in the DHCP clients page in t ...)
	NOT-FOR-US: TP-Link
CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters (wysija-newslett ...)
	NOT-FOR-US: wysija-newsletters
CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for  ...)
	NOT-FOR-US: wysija-newsletters
CVE-2014-4978 (The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio  ...)
	- rawstudio <removed> (low; bug #754899)
	[wheezy] - rawstudio <no-dsa> (Minor issue)
	[squeeze] - rawstudio <not-affected> (Vulnerable code not present)
CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in gconv_trans. ...)
	{DSA-3012-1 DLA-43-1}
	- glibc 2.19-10 (medium)
	- eglibc <removed> (medium)
	NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
	NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bit ...)
	{DSA-2988-1}
	- transmission 2.84-0.1 (bug #755985)
	[squeeze] - transmission <not-affected> (Vulnerable code not present)
	NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84
	NOTE: PoC: http://web.archive.org/web/20140815000641/http://inertiawar.com:80/submission.go
CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645  ...)
	NOT-FOR-US: D-Link router
CVE-2014-4723 (Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1. ...)
	NOT-FOR-US: WordPress plugin Easy Banners
CVE-2014-4724 (Cross-site scripting (XSS) vulnerability in the Custom Banners plugin  ...)
	NOT-FOR-US: WordPress plugin Custom Banners
CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 1.12.7 doe ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.7-0.1 (bug #754201)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-04
	NOTE: https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
CVE-2014-4913 (ZF2014-03 has a potential cross site scripting vector in multiple view ...)
	- zendframework <not-affected> (Vulnerable code not present, only affects ZF2)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-03
CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1 ...)
	{DSA-2981-1 DLA-36-1}
	- polarssl 1.3.7-2.1 (bug #754655)
	[squeeze] - polarssl 1.2.9-1~deb6u2
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
	NOTE: commit for 1.3.x branch: https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c
	NOTE: commit for 1.2.x branch: https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a
CVE-2014-4910 (Directory traversal vulnerability in tools/backlight_helper.c in X.Org ...)
	- xserver-xorg-video-intel <not-affected> (Vulnerable code not present)
	NOTE: http://lists.x.org/archives/xorg-commit/2014-July/036840.html
	NOTE: only experimental, and xf86-video-intel-backlight-helper not installed setuid in Debian
CVE-2014-4720 (Email::Address module before 1.904 for Perl uses an inefficient regula ...)
	{DSA-2969-1}
	- libemail-address-perl 1.905-1
	[squeeze] - libemail-address-perl 1.889-2+deb6u1
CVE-2014-4719 (Cross-site scripting (XSS) vulnerability in the login panel (svn/login ...)
	NOT-FOR-US: User-Friendly SVN
CVE-2014-4718 (Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CM ...)
	NOT-FOR-US: Lunar CMS
CVE-2014-4717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...)
	NOT-FOR-US: WordPress plugin simple-share-buttons-adder
CVE-2014-4716 (Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR a ...)
	NOT-FOR-US: Thomson TWG87OUIR
CVE-2014-4714
	REJECTED
CVE-2014-4713
	RESERVED
CVE-2014-4712
	RESERVED
CVE-2014-4711
	RESERVED
CVE-2014-4710 (Cross-site scripting (XSS) vulnerability in zero_user_account.php in Z ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-4709
	RESERVED
CVE-2014-4708
	RESERVED
CVE-2014-4707 (Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100 ...)
	NOT-FOR-US: Huawei
CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 wi ...)
	NOT-FOR-US: Huawei
CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software platform in  ...)
	NOT-FOR-US: eSap
CVE-2014-4704
	RESERVED
CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2012-6652 (Directory traversal vulnerability in pageflipbook.php script from inde ...)
	NOT-FOR-US: WordPress plugin wppageflip
CVE-2012-6651 (Multiple directory traversal vulnerabilities in the Vitamin plugin bef ...)
	NOT-FOR-US: WordPress plugin vitamin
CVE-2012-6650
	RESERVED
CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable]
	- quassel 0.10.0-2 (low)
	[wheezy] - quassel 0.8.0-1+deb7u2
	[squeeze] - quassel <no-dsa> (Minor issue)
CVE-2014-4908 (Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios thro ...)
	- pnp4nagios 0.6.24+dfsg1-1 (low)
	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
	NOTE: https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516078
	NOTE: https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516140
CVE-2014-4907 (Cross-site scripting (XSS) vulnerability in share/pnp/application/view ...)
	- pnp4nagios 0.6.24+dfsg1-1 (low)
	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
	NOTE: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
CVE-2014-4715 (Yann Collet LZ4 before r119, when used on certain 32-bit platforms tha ...)
	- lz4 0.0~r119-1
	NOTE: https://code.google.com/p/lz4/issues/detail?id=134
	NOTE: https://code.google.com/p/lz4/source/detail?r=119
CVE-2014-4700 (Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups ...)
	NOT-FOR-US: Citrix XenDesktop
CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not properly r ...)
	{DSA-2972-1 DLA-0015-1}
	- linux 3.14.10-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
CVE-2014-4698 (Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...)
	- php5 5.6.0~rc3+dfsg-1 (unimportant)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd
	NOTE: https://bugs.php.net/bug.php?id=67539
	NOTE: exploitable by malicious scripts only
CVE-2014-4697
	RESERVED
CVE-2014-4696 (Multiple open redirect vulnerabilities in the Suricata package before  ...)
	NOT-FOR-US: pfSense
CVE-2014-4695 (Multiple open redirect vulnerabilities in the Snort package before 3.0 ...)
	NOT-FOR-US: pfSense
CVE-2014-4694 (Multiple cross-site scripting (XSS) vulnerabilities in suricata_select ...)
	NOT-FOR-US: pfSense
CVE-2014-4693 (Multiple cross-site scripting (XSS) vulnerabilities in the Snort packa ...)
	NOT-FOR-US: pfSense
CVE-2014-4692 (pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly ...)
	NOT-FOR-US: pfSense
CVE-2014-4691 (Session fixation vulnerability in pfSense before 2.1.4 allows remote a ...)
	NOT-FOR-US: pfSense
CVE-2014-4690 (Multiple directory traversal vulnerabilities in pfSense before 2.1.4 a ...)
	NOT-FOR-US: pfSense
CVE-2014-4689 (Absolute path traversal vulnerability in pkg_edit.php in pfSense befor ...)
	NOT-FOR-US: pfSense
CVE-2014-4688 (pfSense before 2.1.4 allows remote authenticated users to execute arbi ...)
	NOT-FOR-US: pfSense
CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before  ...)
	NOT-FOR-US: pfSense
CVE-2014-4686 (The Project administration application in Siemens SIMATIC WinCC before ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4685 (Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products,  ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4684 (The database server in Siemens SIMATIC WinCC before 7.3, as used in PC ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4683 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used i ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4682 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used i ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4681
	RESERVED
CVE-2014-4680
	RESERVED
CVE-2014-4679
	RESERVED
CVE-2014-4677 (The installPackage function in the installerHelper subcomponent in Lib ...)
	NOT-FOR-US: Libmacgpg
CVE-2014-4676
	RESERVED
CVE-2014-4675
	RESERVED
CVE-2014-4674
	RESERVED
CVE-2014-4673
	RESERVED
CVE-2014-4672 (The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attac ...)
	- yii-framework-php <itp> (bug #683810)
CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-4670 (Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ...)
	{DSA-3008-1}
	- php5 5.6.0~rc3+dfsg-1 (unimportant)
	NOTE: exploitable by malicious scripts only
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb
	NOTE: https://bugs.php.net/bug.php?id=67538
CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read arbi ...)
	NOT-FOR-US: HP Enterprise Maps
CVE-2014-4666
	RESERVED
CVE-2014-4665
	RESERVED
CVE-2014-4664 (Cross-site scripting (XSS) vulnerability in the Wordfence Security plu ...)
	NOT-FOR-US: Wordfence Security plugin for WordPress
CVE-2014-4663 (TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is ena ...)
	NOT-FOR-US: WordPress timthumb
CVE-2014-4662
	RESERVED
CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before  ...)
	NOT-FOR-US: HP Records Manager
CVE-2014-4651 (It was found that the jclouds scriptbuilder Statements class wrote a t ...)
	NOT-FOR-US: JClouds
CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the  ...)
	NOT-FOR-US: Embarcadero ER/Studio Data Architect
CVE-2014-4646 (Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK D ...)
	NOT-FOR-US: Foxit PDF SDK
CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DS ...)
	NOT-FOR-US: D-Link hardware
CVE-2014-4644 (SQL injection vulnerability in superlinks.php in the superlinks plugin ...)
	NOT-FOR-US: Cacti plugin superlinks
CVE-2014-4643 (Multiple heap-based buffer overflows in the client in Core FTP LE 2.2  ...)
	NOT-FOR-US: Core FTP client
CVE-2012-6649 (WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute ...)
	NOT-FOR-US: WordPress WP GPX Maps Plugin
CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...)
	{DSA-2974-1 DLA-0018-1}
	- php5 5.6.0~rc1+dfsg-2 (low)
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: https://bugs.php.net/bug.php?id=67498
	NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in Cher ...)
	- cherokee <removed> (low)
	[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the Linu ...)
	{DSA-2992-1 DLA-0015-1}
	- linux 3.14.9-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee (v3.16-rc1)
CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control ...)
	{DLA-0015-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA cont ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA cont ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux k ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_elem_us ...)
	{DLA-0015-1}
	- linux 3.14.9-1 (low)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 2.6.32-48squeeze8
CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...)
	- ansible 1.6.6+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
	NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...)
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
CVE-2014-4659 (Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...)
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
CVE-2014-4658 (The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...)
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
CVE-2014-4657 (The safe_eval function in Ansible before 1.5.4 does not properly restr ...)
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c
CVE-2014-4650 (The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...)
	- python2.6 <removed> (low)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.8-1 (low)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 <removed> (low)
	- python3.4 3.4.1-8 (low)
	NOTE: http://bugs.python.org/issue21766
CVE-2014-4649 (SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6. ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4648 (Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact an ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4642
	REJECTED
CVE-2014-4641
	REJECTED
CVE-2014-4640
	REJECTED
CVE-2014-4639 (EMC Documentum Web Development Kit (WDK) before 6.8 does not properly  ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4638 (EMC Documentum Web Development Kit (WDK) before 6.8 allows remote atta ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4637 (Open redirect vulnerability in EMC Documentum Web Development Kit (WDK ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4636 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web  ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4635 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum  ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager  ...)
	NOT-FOR-US: EMC Replication Manager and EMC AppSync
CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platfor ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-4632 (VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 be ...)
	NOT-FOR-US: EMC Avamar
CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when  ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSA ...)
	NOT-FOR-US: RSA BSAFE
CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4628 (Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x a ...)
	NOT-FOR-US: EMC Isilon InsightIQ
CVE-2014-4627 (SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before ...)
	NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2014-4626 (EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4625
	RESERVED
CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7 ...)
	NOT-FOR-US: EMC Avamar
CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S)  ...)
	NOT-FOR-US: EMC Avamar
CVE-2014-4622 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4621 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4620 (The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 throug ...)
	NOT-FOR-US: EMC NetWorker
CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P1 ...)
	NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P0 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4612 (Cross-site scripting (XSS) vulnerability in the keywords manager (keyw ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in Yann  ...)
	- linux 3.14.9-1 (unimportant)
	[wheezy] - linux <not-affected> (LZ4 support introduced in 3.11)
	- linux-2.6 <not-affected> (LZ4 support introduced in 3.11)
	NOTE: possible fix in https://lkml.org/lkml/2014/7/4/288
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=883949#c12
	- lz4 0.0~r119-1
	NOTE: Not exploitable for lz* compressed kernel images: http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
	NOTE: for lz4: https://code.google.com/p/lz4/issues/detail?id=52 and https://code.google.com/p/lz4/source/detail?r=118
CVE-2014-4610 (Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg  ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
CVE-2014-4609 (Integer overflow in the get_len function in libavutil/lzo.c in Libav b ...)
	{DSA-2977-1}
	- libav 6:10.2-1
	NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe ...)
	- linux 3.14.9-1 (unimportant)
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed> (unimportant)
	[squeeze] - linux-2.6 2.6.32-48squeeze9
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
	NOTE: Not exploitable with the block sizes used in kernel images
CVE-2014-4607 (Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ...)
	{DSA-2995-1 DLA-35-1}
	- lzo <removed>
	- lzo2 2.08-1 (bug #752861)
	- busybox 1:1.22.0-10 (bug #768945)
	[jessie] - busybox 1:1.22.0-9+deb8u1
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php  ...)
	NOT-FOR-US: WordPress plugin ZeenShare
CVE-2014-4605 (Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStat ...)
	NOT-FOR-US: WordPress plugin ZdStatistics
CVE-2014-4604 (Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in ...)
	NOT-FOR-US: WordPress plugin Your Text Manager
CVE-2014-4603 (Multiple cross-site scripting (XSS) vulnerabilities in yupdates_applic ...)
	NOT-FOR-US: WordPress plugin Yahoo Updates
CVE-2014-4602 (Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-adm ...)
	NOT-FOR-US: WordPress plugin XEN Carousel
CVE-2014-4601 (Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu- ...)
	NOT-FOR-US: WordPress plugin Wu-Rating
CVE-2014-4600 (Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.ph ...)
	NOT-FOR-US: WordPress plugin WP Ultimate Email Marketer
CVE-2014-4599 (Multiple cross-site scripting (XSS) vulnerabilities in forms/search.ph ...)
	NOT-FOR-US: WordPress plugin WP-Business Directory
CVE-2014-4598 (Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php  ...)
	NOT-FOR-US: WordPress plugin wp-tmkm-amazon
CVE-2014-4597 (Cross-site scripting (XSS) vulnerability in test.php in the WP Social  ...)
	NOT-FOR-US: WordPress plugin WP Social Invitations
CVE-2014-4596 (Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapa ...)
	NOT-FOR-US: WordPress plugin SnapApp
CVE-2014-4595 (Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful  ...)
	NOT-FOR-US: WordPress plugin WP RESTful
CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
	NOT-FOR-US: WordPress plugin Responsive Preview
CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php i ...)
	NOT-FOR-US: WordPress plugin WP Plugin Manager
CVE-2014-4592 (Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_d ...)
	NOT-FOR-US: WP-Planet plugin for WordPress
CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the W ...)
	NOT-FOR-US: WordPress plugin WP-Picasa-Image
CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP Microblo ...)
	NOT-FOR-US: WordPress plugin WP Microblogs
CVE-2014-4589 (Cross-site scripting (XSS) vulnerability in uploader.php in the WP Sil ...)
	NOT-FOR-US: WordPress plugin wp-media-player
CVE-2014-4588 (Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the  ...)
	NOT-FOR-US: WordPress plugin wphotfiles
CVE-2014-4587 (Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap ...)
	NOT-FOR-US: WordPress plugin WP GuestMap
CVE-2014-4586 (Multiple cross-site scripting (XSS) vulnerabilities in the wp-football ...)
	NOT-FOR-US: WordPress plugin wp-football
CVE-2014-4585 (Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin po ...)
	NOT-FOR-US: WordPress plugin WP-FaceThumb
CVE-2014-4584 (Cross-site scripting (XSS) vulnerability in admin/editFacility.php in  ...)
	NOT-FOR-US: WordPress plugin wp-easybooking
CVE-2014-4583 (Multiple cross-site scripting (XSS) vulnerabilities in forms/messages. ...)
	NOT-FOR-US: WordPress plugin WP-Contact
CVE-2014-4582 (Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.p ...)
	NOT-FOR-US: WordPress plugin WP Consultant
CVE-2014-4581 (Cross-site scripting (XSS) vulnerability in facture.php in the WPCB pl ...)
	NOT-FOR-US: WordPress plugin WPCB
CVE-2014-4580 (Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP ...)
	NOT-FOR-US: WordPress plugin WP BlipBot
CVE-2014-4579 (Cross-site scripting (XSS) vulnerability in js/test.php in the Appoint ...)
	NOT-FOR-US: WordPress plugin Appointments Scheduler
CVE-2014-4578 (Cross-site scripting (XSS) vulnerability in asset-studio/icons-launche ...)
	NOT-FOR-US: WordPress plugin WP App Maker
CVE-2014-4577 (Absolute path traversal vulnerability in reviews.php in the WP AmASIN  ...)
	NOT-FOR-US: WordPress plugin WP AmASIN - The Amazon Affiliate Shop
CVE-2014-4576 (Cross-site scripting (XSS) vulnerability in services/diagnostics.php i ...)
	NOT-FOR-US: WordPress plugin WordPress Social Login
CVE-2014-4575 (Cross-site scripting (XSS) vulnerability in js/window.php in the Wikip ...)
	NOT-FOR-US: WordPress plugin Wikipop
CVE-2014-4574 (Cross-site scripting (XSS) vulnerability in resize.php in the WebEngag ...)
	NOT-FOR-US: WordPress plugin WebEngage
CVE-2014-4573 (Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php ...)
	NOT-FOR-US: WordPress plugin Walk Score
CVE-2014-4572 (Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount f ...)
	NOT-FOR-US: WordPress plugin Votecount for Balatarin
CVE-2014-4571 (Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in ...)
	NOT-FOR-US: WordPress plugin VN-Calendar
CVE-2014-4570 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhispe ...)
	NOT-FOR-US: WordPress plugin VideoWhisper Video Presentation
CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the Vid ...)
	NOT-FOR-US: WordPress plugin VideoWhisper Live Streaming Integration
CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logou ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4567 (Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_l ...)
	NOT-FOR-US: Video Comments Webcam Recorder plugin for WordPress
CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in t ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4564 (Cross-site scripting (XSS) vulnerability in check.php in the Validated ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4563 (Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak &a ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4562
	RESERVED
CVE-2014-4561 (The ultimate-weather plugin 1.0 for WordPress has XSS ...)
	NOT-FOR-US: ultimate-weather plugin for WordPress
CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in th ...)
	NOT-FOR-US: WordPress plugin ToolPage
CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4558 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
	NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop
CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
	NOT-FOR-US: WordPress plugin Switch Checkout for eShop
CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the ...)
	NOT-FOR-US: WordPress plugin Style It
CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in templates/download.php in  ...)
	NOT-FOR-US: WordPress plugin SS Downloads
CVE-2014-4553 (Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-galler ...)
	NOT-FOR-US: spreadshirt-rss-3d-cube-flash- gallery plugin for WordPress
CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in library/includes/payment/p ...)
	NOT-FOR-US: WordPress plugin Spotlight
CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in th ...)
	NOT-FOR-US: WordPress plugin Social Connect
CVE-2014-4550 (Cross-site scripting (XSS) vulnerability in preview-shortcode-external ...)
	NOT-FOR-US: Shortcode Ninja plugin for WordPress
CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplet ...)
	NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the R ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in templates/defau ...)
	NOT-FOR-US: WordPress plugin Rezgo Online Booking
CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...)
	NOT-FOR-US: WordPress plugin Rezgo
CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php i ...)
	NOT-FOR-US: WordPress plugin Pro Quoter
CVE-2014-4544 (Cross-site scripting (XSS) vulnerability in the Podcast Channels plugi ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.p ...)
	NOT-FOR-US: WordPress plugin Pay Per Media Player
CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl  ...)
	NOT-FOR-US: WordPress plugin Ooorl
CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in shortcode-generator/previe ...)
	NOT-FOR-US: WordPress plugin OMFG Mobile Pro
CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_log ...)
	NOT-FOR-US: WordPress plugin Oleggo LiveStream
CVE-2014-4539 (Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and  ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...)
	NOT-FOR-US: WordPress plugin Malware Finder
CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyw ...)
	NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_t ...)
	NOT-FOR-US: Infusionsoft Gravity Forms plugin for WordPress
CVE-2014-4535 (Cross-site scripting (XSS) vulnerability in the Import Legacy Media pl ...)
	NOT-FOR-US: Import Legacy Media plugin for WordPress
CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/aut ...)
	NOT-FOR-US: WordPress plugin HTML5 Video Player with Playlist
CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php in the  ...)
	NOT-FOR-US: WordPress plugin GEO Redirector
CVE-2014-4532 (Cross-site scripting (XSS) vulnerability in templates/printAdminUsersL ...)
	NOT-FOR-US: WordPress plugin GarageSale
CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in the Game  ...)
	NOT-FOR-US: WordPress plugin Game tabs
CVE-2014-4530 (flog plugin 0.1 for WordPress has XSS ...)
	NOT-FOR-US: flog plugin for WordPress
CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Fla ...)
	NOT-FOR-US: WordPress plugin Flash Photo Gallery
CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-set ...)
	NOT-FOR-US: WordPress plugin fbpromotions
CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-p ...)
	NOT-FOR-US: WordPress plugin envialosimple-email-marketing-y-newsletters-gratis
CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...)
	NOT-FOR-US: WordPress plugin efence
CVE-2014-4525 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in classes/custom-image/media ...)
	NOT-FOR-US: WordPress plugin WP Easy Post Types
CVE-2014-4523 (Cross-site scripting (XSS) vulnerability in the Easy Career Openings p ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...)
	NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition
CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...)
	NOT-FOR-US: WordPress plugin dsIDXpress IDX
CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA Wa ...)
	NOT-FOR-US: WordPress plugin DMCA WaterMarker
CVE-2014-4519 (Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.6 ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the Conta ...)
	NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com
CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the ...)
	NOT-FOR-US: WordPress plugin CBI Referral Manager
CVE-2014-4516 (Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php  ...)
	NOT-FOR-US: WordPress plugin BIC Media Widget
CVE-2014-4515 (Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in  ...)
	NOT-FOR-US: WordPress plugin AnyFont
CVE-2014-4514 (Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.te ...)
	NOT-FOR-US: WordPress plugin Alipay plugin
CVE-2014-4513 (Multiple cross-site scripting (XSS) vulnerabilities in server/offline. ...)
	NOT-FOR-US: WordPress plugin ActiveHelper LiveHelp Live Chat
CVE-2014-4512
	RESERVED
CVE-2014-4511 (Gitlist before 0.5.0 allows remote attackers to execute arbitrary comm ...)
	- gitlist <itp> (bug #750368)
CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Pla ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4 ...)
	- foreman <itp> (bug #663101)
CVE-2014-4506 (Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x ...)
	NOT-FOR-US: Drupal module Custom Meta
CVE-2014-4505 (Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module ...)
	NOT-FOR-US: Drupal module Easy Breadcrumb
CVE-2014-4617 (The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.1 ...)
	{DSA-2968-1 DSA-2967-1 DLA-51-1 DLA-0012-1}
	- gnupg 1.4.16-1.2 (bug #752497)
	[squeeze] - gnupg 1.4.10-4+squeeze5
	- gnupg2 2.0.24-1 (bug #752498)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
CVE-2014-4616 (Array index error in the scanstring function in the _json module in Py ...)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (minor issue)
	- python2.6 <removed>
	[squeeze] - python2.6 <no-dsa> (minor issue)
	[wheezy] - python2.6 <no-dsa> (minor issue)
	- python2.7 2.7.7-1 (bug #752395)
	[wheezy] - python2.7 <no-dsa> (minor issue)
	- python3.2 <removed>
	[wheezy] - python3.2 <no-dsa> (minor issue)
	- python3.3 <removed>
	- python3.4 3.4.0+20140417-1
	NOTE: http://bugs.python.org/issue21529
CVE-2014-4615 (The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemet ...)
	- neutron 2014.1.2-1
	NOTE: upstream patch: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0324965a0c2987e5cad6276f011682dec184205f (neutron)
	- ceilometer 2014.1.2-1
	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=2b6454f9f4e0585949ab68a91ed405755438d76e (ceilometer)
	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=264f3b0d9640edeac743f339786e0a3b22c0f6c2 (ceilometer)
	- python-pycadf 0.5.1-1
	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/pycadf/commit/?id=966d4410a1a69e0a3af678442a1a965dae80d720 (pycadf)
CVE-2014-4614 (Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo b ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Minor issue)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4613 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Minor issue)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4510 (Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0. ...)
	- apt-cacher-ng 0.7.26-2
	[wheezy] - apt-cacher-ng <no-dsa> (Minor issue)
	[squeeze] - apt-cacher-ng <no-dsa> (Minor issue)
CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bi ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	NOTE: http://article.gmane.org/gmane.linux.kernel/1726110
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=554086d85e71f30abe46fc014fea31929a7c6a8a
CVE-2014-4504
	RESERVED
CVE-2014-4503 (The parse_notify function in util.c in sgminer before 4.2.2 and cgmine ...)
	- cgminer 4.2.3-1
CVE-2014-4502 (Multiple heap-based buffer overflows in the parse_notify function in s ...)
	- cgminer 4.4.2-1
CVE-2014-4501 (Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer ...)
	- cgminer 4.4.2-1
CVE-2014-4500
	RESERVED
CVE-2014-4499 (The App Store process in CommerceKit Framework in Apple OS X before 10 ...)
	NOT-FOR-US: Apple
CVE-2014-4498 (The CPU Software in Apple OS X before 10.10.2 allows physically proxim ...)
	NOT-FOR-US: Apple
CVE-2014-4497 (Integer signedness error in IOBluetoothFamily in the Bluetooth impleme ...)
	NOT-FOR-US: Apple
CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before 8.1. ...)
	NOT-FOR-US: Apple
CVE-2014-4495 (The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and A ...)
	NOT-FOR-US: Apple
CVE-2014-4494 (Springboard in Apple iOS before 8.1.3 does not properly validate signa ...)
	NOT-FOR-US: Apple
CVE-2014-4493 (The app-installation functionality in MobileInstallation in Apple iOS  ...)
	NOT-FOR-US: Apple
CVE-2014-4492 (libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and A ...)
	NOT-FOR-US: Apple
CVE-2014-4491 (The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-4490
	REJECTED
CVE-2014-4489 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and  ...)
	NOT-FOR-US: Apple
CVE-2014-4488 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and  ...)
	NOT-FOR-US: Apple
CVE-2014-4487 (Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X b ...)
	NOT-FOR-US: Apple
CVE-2014-4486 (IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10 ...)
	NOT-FOR-US: Apple
CVE-2014-4485 (Buffer overflow in the XML parser in Foundation in Apple iOS before 8. ...)
	NOT-FOR-US: Apple
CVE-2014-4484 (FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and A ...)
	NOT-FOR-US: Apple
CVE-2014-4483 (Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X be ...)
	NOT-FOR-US: Apple
CVE-2014-4482
	REJECTED
CVE-2014-4481 (Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in Apple  ...)
	NOT-FOR-US: Apple
CVE-2014-4479 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3,  ...)
	NOT-FOR-US: Apple
CVE-2014-4478
	REJECTED
CVE-2014-4477 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3,  ...)
	NOT-FOR-US: Apple
CVE-2014-4476 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3,  ...)
	NOT-FOR-US: Apple
CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4473 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4472 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4471 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4470 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4469 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4467 (WebKit, as used in Apple iOS before 8.1.3, does not properly determine ...)
	NOT-FOR-US: Apple
CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4464
	REJECTED
CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...)
	NOT-FOR-US: Apple
CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, a ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does no ...)
	NOT-FOR-US: Apple
CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not p ...)
	NOT-FOR-US: Apple
CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X before 1 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4458 (The "System Profiler About This Mac" component in Apple OS X before 10 ...)
	NOT-FOR-US: Apple
CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not prop ...)
	NOT-FOR-US: Apple
CVE-2014-4456
	REJECTED
CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not prop ...)
	NOT-FOR-US: Apple
CVE-2014-4454
	REJECTED
CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data d ...)
	NOT-FOR-US: Apple
CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, a ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the failed-passcode l ...)
	NOT-FOR-US: Apple
CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8 ...)
	NOT-FOR-US: Apple iOS
CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certi ...)
	NOT-FOR-US: Apple iOS
CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for it ...)
	NOT-FOR-US: Apple iOS
CVE-2014-4447 (Profile Manager in Apple OS X Server before 4.0 allows local users to  ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4446 (Mail Service in Apple OS X Server before 4.0 does not enforce SACL cha ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4445
	REJECTED
CVE-2014-4444 (SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerber ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4443 (Apple OS X before 10.10 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4442 (The kernel in Apple OS X before 10.10 allows local users to cause a de ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4441 (NetFS Client Framework in Apple OS X before 10.10 does not ensure that ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4440 (The MCX Desktop Config Profiles implementation in Apple OS X before 10 ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4439 (Mail in Apple OS X before 10.10 does not properly recognize the remova ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4438 (Race condition in LoginWindow in Apple OS X before 10.10 allows physic ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4437 (LaunchServices in Apple OS X before 10.10 allows attackers to bypass i ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4436 (IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denia ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4435 (The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not p ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4434 (The kernel in Apple OS X before 10.10 allows physically proximate atta ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4433 (Heap-based buffer overflow in the kernel in Apple OS X before 10.10 al ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4432 (fdesetup in Apple OS X before 10.10 does not properly display the encr ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4431 (Dock in Apple OS X before 10.10 does not properly manage the screen-lo ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4430 (CoreStorage in Apple OS X before 10.10 retains a volume's encryption k ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4429
	REJECTED
CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for H ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4427 (App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sa ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4426 (AFP File Server in Apple OS X before 10.10 allows remote attackers to  ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4425 (CFPreferences in Apple OS X before 10.10 does not properly enforce the ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4424 (SQL injection vulnerability in Wiki Server in CoreCollaboration in App ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4423 (The Accounts subsystem in Apple iOS before 8 allows attackers to bypas ...)
	NOT-FOR-US: Accounts subsystem in Apple iOS
CVE-2014-4422 (The kernel in Apple iOS before 8 and Apple TV before 7 uses a predicta ...)
	NOT-FOR-US: Apple
CVE-2014-4421 (The network-statistics interface in the kernel in Apple iOS before 8 a ...)
	NOT-FOR-US: Apple
CVE-2014-4420 (The network-statistics interface in the kernel in Apple iOS before 8 a ...)
	NOT-FOR-US: Apple
CVE-2014-4419 (The network-statistics interface in the kernel in Apple iOS before 8 a ...)
	NOT-FOR-US: Apple
CVE-2014-4418 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly va ...)
	NOT-FOR-US: Apple
CVE-2014-4417 (Safari in Apple OS X before 10.10 allows remote attackers to cause a d ...)
	NOT-FOR-US: Apple Safari
CVE-2014-4416 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apples Mac OS X
CVE-2014-4415 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4414 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4413 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4412 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4411 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4410 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4409 (WebKit in Apple iOS before 8 makes it easier for remote attackers to t ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4408 (The rt_setgate function in the kernel in Apple iOS before 8 and Apple  ...)
	NOT-FOR-US: Apple
CVE-2014-4407 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly in ...)
	NOT-FOR-US: Apple
CVE-2014-4406 (Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollab ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4405 (IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attacke ...)
	NOT-FOR-US: Apple
CVE-2014-4404 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Ap ...)
	NOT-FOR-US: Apple
CVE-2014-4403 (The kernel in Apple OS X before 10.9.5 allows local users to obtain se ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4402 (An unspecified IOAcceleratorFamily function in Apple OS X before 10.9. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4401 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4400 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4399 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4398 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4397 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4396 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4395 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4394 (An unspecified integrated graphics driver routine in the Intel Graphic ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4393 (Buffer overflow in the shader compiler in the Intel Graphics Driver su ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4392
	REJECTED
CVE-2014-4391 (The Code Signing feature in Apple OS X before 10.10 does not properly  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4390 (Bluetooth in Apple OS X before 10.9.5 does not properly validate API c ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4389 (Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7  ...)
	NOT-FOR-US: Apple
CVE-2014-4388 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly va ...)
	NOT-FOR-US: Apple
CVE-2014-4387
	REJECTED
CVE-2014-4386 (Race condition in the App Installation feature in Apple iOS before 8 a ...)
	NOT-FOR-US: Apple
CVE-2014-4385
	REJECTED
CVE-2014-4384 (Directory traversal vulnerability in the App Installation feature in A ...)
	NOT-FOR-US: Apple
CVE-2014-4383 (The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allow ...)
	NOT-FOR-US: Apple
CVE-2014-4382
	REJECTED
CVE-2014-4381 (Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bou ...)
	NOT-FOR-US: Apple
CVE-2014-4380 (The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV be ...)
	NOT-FOR-US: Apple
CVE-2014-4379 (An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV ...)
	NOT-FOR-US: Apple
CVE-2014-4378 (CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote ...)
	NOT-FOR-US: Apple
CVE-2014-4377 (Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV be ...)
	NOT-FOR-US: Apple
CVE-2014-4376 (IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attack ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4375 (Double free vulnerability in Apple iOS before 8 and Apple TV before 7  ...)
	NOT-FOR-US: Apple
CVE-2014-4374 (NSXMLParser in Foundation in Apple iOS before 8 allows attackers to re ...)
	NOT-FOR-US: Apple
CVE-2014-4373 (The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Ap ...)
	NOT-FOR-US: Apple
CVE-2014-4372 (syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV bef ...)
	NOT-FOR-US: Apple
CVE-2014-4371 (The network-statistics interface in the kernel in Apple iOS before 8 a ...)
	NOT-FOR-US: Apple
CVE-2014-4370
	REJECTED
CVE-2014-4369 (The IOAcceleratorFamily API implementation in Apple iOS before 8 and A ...)
	NOT-FOR-US: Apple
CVE-2014-4368 (The Accessibility subsystem in Apple iOS before 8 allows attackers to  ...)
	NOT-FOR-US: Apple
CVE-2014-4367 (Apple iOS before 8 enables Voice Dial during all upgrade actions, whic ...)
	NOT-FOR-US: Apple
CVE-2014-4366 (Mail in Apple iOS before 8 does not prevent sending a LOGIN command to ...)
	NOT-FOR-US: Apple
CVE-2014-4365
	REJECTED
CVE-2014-4364 (The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does  ...)
	NOT-FOR-US: Apple
CVE-2014-4363 (Safari in Apple iOS before 8 does not properly restrict the autofillin ...)
	NOT-FOR-US: Safari in Apple iOS
CVE-2014-4362 (The Sandbox Profiles implementation in Apple iOS before 8 does not pro ...)
	NOT-FOR-US: Apple
CVE-2014-4361 (The Home &amp; Lock Screen subsystem in Apple iOS before 8 does not pr ...)
	NOT-FOR-US: Apple
CVE-2014-4360
	REJECTED
CVE-2014-4359
	REJECTED
CVE-2014-4358
	REJECTED
CVE-2014-4357 (Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows  ...)
	NOT-FOR-US: Apple
CVE-2014-4356 (Apple iOS before 8 does not follow the intended configuration setting  ...)
	NOT-FOR-US: Apple
CVE-2014-4355
	REJECTED
CVE-2014-4354 (Apple iOS before 8 enables Bluetooth during all upgrade actions, which ...)
	NOT-FOR-US: Apple
CVE-2014-4353 (Race condition in iMessage in Apple iOS before 8 allows attackers to o ...)
	NOT-FOR-US: Apple
CVE-2014-4352 (Address Book in Apple iOS before 8 relies on the hardware UID for its  ...)
	NOT-FOR-US: Apple
CVE-2014-4351 (Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-4350 (Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 all ...)
	NOT-FOR-US: QT Media Foundation in Apple OS X
CVE-2014-4349 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1. ...)
	- phpmyadmin 4:4.2.5-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4348 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2. ...)
	- phpmyadmin 4:4.2.5-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4347 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2014-4346 (Cross-site scripting (XSS) vulnerability in administration user interf ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2014-4345 (Off-by-one error in the krb5_encode_krbsecretkey function in plugins/k ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-7 (bug #757416)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/81c332e29f10887c6b9deb065f81ba259f4c7e03
	NOTE: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt
CVE-2014-4344 (The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/ ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-5 (bug #755521)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
CVE-2014-4343 (Double free vulnerability in the init_ctx_reselect function in the SPN ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-5 (bug #755520)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows re ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-4 (bug #753625)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cau ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-4 (bug #753624)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4340
	RESERVED
CVE-2014-4339
	RESERVED
CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive  ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.14038 ...)
	NOT-FOR-US: Ubisoft Rayman Legends
CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in administration/prof ...)
	NOT-FOR-US: Dolphin (php thing)
CVE-2014-4332
	RESERVED
CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in Octavo ...)
	NOT-FOR-US: OctavoCMS
CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 ...)
	- perl 5.20.1-1 (bug #762256)
	[wheezy] - perl 5.14.2-21+deb7u2
	[squeeze] - perl <no-dsa> (Minor issue)
	NOTE: upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304
CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in nt ...)
	- ntopng 1.2.0+dfsg1-1 (bug #760990)
	NOTE: https://svn.ntop.org/bugzilla/show_bug.cgi?id=379
CVE-2014-4328
	RESERVED
CVE-2014-4327
	RESERVED
CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote ...)
	- logstash <itp> (bug #664841)
CVE-2014-4325 (The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) b ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-4324
	RESERVED
CVE-2014-4323 (The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP d ...)
	- linux <not-affected> (Vulnerable code drivers/video/msm not present)
CVE-2014-4322 (drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, ...)
	- linux <not-affected> (Vulnerable code drivers/misc/qseecom.c not present)
CVE-2014-4321
	RESERVED
CVE-2014-4320
	RESERVED
CVE-2014-4319
	RESERVED
CVE-2014-4318
	RESERVED
CVE-2014-4317
	RESERVED
CVE-2014-4316
	RESERVED
CVE-2014-4315
	REJECTED
CVE-2014-4314
	REJECTED
CVE-2014-4313 (SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allow ...)
	NOT-FOR-US: Epicor
CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterpri ...)
	NOT-FOR-US: Epicor
CVE-2014-4311 (Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers t ...)
	NOT-FOR-US: Epicor
CVE-2014-4310 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99  ...)
	NOT-FOR-US: Openfiler
CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording  ...)
	NOT-FOR-US: NICE Recording eXpress
CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan before 4.0 ...)
	NOT-FOR-US: WebTitan
CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan before 4.0 ...)
	NOT-FOR-US: WebTitan
CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka  ...)
	NOT-FOR-US: NICE Recording eXpress
CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1. ...)
	NOT-FOR-US: SQL Buddy
CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme ...)
	NOT-FOR-US: Drupal Touch theme
CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D ...)
	NOT-FOR-US: HAM3D Shop Engine
CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the respond_err ...)
	NOT-FOR-US: Ajenti
CVE-2014-4300 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4299 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4298 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4297 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4296 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4295 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4294 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4293 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4292 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4291 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4290 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4289 (Unspecified vulnerability in the JDBC component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4288 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4287 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-4286
	REJECTED
CVE-2014-4285 (Unspecified vulnerability in the Oracle Applications Technology compon ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4284 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4283 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4282 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4281 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4279 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4276 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4275 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4273
	REJECTED
CVE-2014-4272
	REJECTED
CVE-2014-4271 (Unspecified vulnerability in the Hyperion Essbase component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2014-4270 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...)
	NOT-FOR-US: Oracle
CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...)
	NOT-FOR-US: Oracle
CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	NOTE: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/de40a32a44f5
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c58a25d48388
CVE-2014-4265 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4264 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (Vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d
CVE-2014-4263 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4262 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4261 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox <not-affected> (Only applies if VBox is running on Windows)
	- virtualbox-ose <not-affected> (Only applies if VBox is running on Windows)
CVE-2014-4260 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4259 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2014-4258 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4257 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle WebCenter Portal
CVE-2014-4256 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4255 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4254 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-4250 (Unspecified vulnerability in the Siebel Core - Server OM Frwks compone ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-4249 (Unspecified vulnerability in the BI Publisher component in Oracle Fusi ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-4248 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2014-4247 (Unspecified vulnerability in Oracle Java SE 8u5 allows remote attacker ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-4246 (Unspecified vulnerability in the Hyperion Analytic Provider Services c ...)
	NOT-FOR-US: Oracle
CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4243 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.37-1
	[wheezy] - mysql-5.5 5.5.37-0+wheezy1
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.36-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: Unspecified, but according to Oracle only for 5.5.35 and earlier
CVE-2014-4242 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4241 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4240 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4239 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 all ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-4238 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4237 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2014-4236 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2014-4235 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2014-4234 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2014-4233 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4232 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...)
	NOT-FOR-US: Oracle
CVE-2014-4231 (Unspecified vulnerability in the Siebel Travel &amp; Transportation co ...)
	NOT-FOR-US: Oracle
CVE-2014-4230 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2014-4229 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2014-4228 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <not-affected> (Only affects 4.1 and later)
CVE-2014-4227 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4226 (Unspecified vulnerability in the PeopleSoft Enterprise FIN Install com ...)
	NOT-FOR-US: Oracle
CVE-2014-4225 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 all ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote attacke ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (Vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a
CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (Vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a
CVE-2014-4220 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4219 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4218 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-4214 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4213 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2014-4212 (Unspecified vulnerability in the Oracle Fusion Middleware component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4211 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle
CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4208 (Unspecified vulnerability in the Java SE component in Oracle Java SE 7 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4207 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4206 (Unspecified vulnerability in the Hyperion Enterprise Performance Manag ...)
	NOT-FOR-US: Oracle
CVE-2014-4205 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2014-4204 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle
CVE-2014-4203 (Unspecified vulnerability in the Hyperion Enterprise Performance Manag ...)
	NOT-FOR-US: Oracle
CVE-2014-4202 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-4201 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-4200 (vm-support 0.88 in VMware Tools, as distributed with VMware Workstatio ...)
	- open-vm-tools 2:9.4.6-1770165-1 (low; bug #770809)
	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware Workstatio ...)
	- open-vm-tools 2:9.4.6-1770165-7 (low; bug #770809)
	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
CVE-2014-4198 (A Two-Factor Authentication Bypass Vulnerability exists in BS-Client P ...)
	NOT-FOR-US: BS-Client Private Client
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS  ...)
	NOT-FOR-US: Bank Soft Systems
CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...)
	NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in Z ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1. ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable]
	- softhsm 1.3.7-2 (low; bug #752092)
	[squeeze] - softhsm <no-dsa> (Minor issue)
	[wheezy] - softhsm <no-dsa> (Minor issue)
	NOTE: Upstream fix: https://github.com/bellgrim/SoftHSMv2/commit/492447cd4a2be449e99fb9ad2519ea3277aaad28
CVE-2014-XXXX [docker VMM breakout]
	- docker.io 1.0.0~dfsg1-1
CVE-2014-4193 (The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for J ...)
	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4192 (The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share ...)
	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4191 (The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C an ...)
	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4190 (Multiple heap-based buffer overflows in Huawei Campus Series Switches  ...)
	NOT-FOR-US: Huawei Campus Series Switches
CVE-2014-4189 (Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager bef ...)
	NOT-FOR-US: Hitachi Tuning Manager
CVE-2014-4188 (Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Mana ...)
	NOT-FOR-US: Hitachi Tuning Manager
CVE-2014-4187 (Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket a ...)
	NOT-FOR-US: ClipBucket
CVE-2014-4186
	RESERVED
CVE-2014-4185
	RESERVED
CVE-2014-4184
	RESERVED
CVE-2014-4183
	RESERVED
CVE-2014-4182
	RESERVED
CVE-2014-4181
	RESERVED
CVE-2014-4180
	RESERVED
CVE-2014-4179
	RESERVED
CVE-2014-4178
	RESERVED
CVE-2014-4177
	RESERVED
CVE-2014-4176
	RESERVED
CVE-2014-4175
	RESERVED
CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x befor ...)
	- wireshark 1.10.4-1
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2014-4173
	RESERVED
CVE-2014-4172 (A URL parameter injection vulnerability was found in the back-channel  ...)
	{DSA-3017-1}
	- php-cas 1.3.3-1 (bug #759718)
	NOTE: https://github.com/Jasig/phpCAS/pull/125
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766
CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly implem ...)
	- linux 3.14.15-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: https://lkml.org/lkml/2014/7/2/518
CVE-2014-4170 (A Privilege Escalation Vulnerability exists in Free Reprintables Artic ...)
	NOT-FOR-US: Free Reprintables ArticleFR
CVE-2014-4169
	RESERVED
CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in SHOUTc ...)
	NOT-FOR-US: SHOUTcast DNAS
CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote attacke ...)
	- ntop <removed> (bug #751946)
	[jessie] - ntop <no-dsa> (Minor issue)
	[wheezy] - ntop <no-dsa> (Minor issue)
CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230  ...)
	NOT-FOR-US: AlogoSec FireFlow
CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Feat ...)
	NOT-FOR-US: WordPress plugin Featured Comments
CVE-2014-4162 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxe ...)
	NOT-FOR-US: Zyxel P-660HW-T1 wireless
CVE-2014-4161 (Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Su ...)
	NOT-FOR-US: SAP Supplier Relationship Management
CVE-2014-4160 (Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas  ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2014-4159 (Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier  Re ...)
	NOT-FOR-US: SAP Supplier Relationship Management
CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to  ...)
	NOT-FOR-US: Kolibri
CVE-2014-4156 (Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerabi ...)
	NOT-FOR-US: Proxmox VE
CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300  ...)
	NOT-FOR-US: ZTE router
CVE-2014-4154 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
	NOT-FOR-US: ZTE router
CVE-2014-4153 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-4152 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1,  ...)
	NOT-FOR-US: Microsoft
CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4147
	REJECTED
CVE-2014-4146
	REJECTED
CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4144
	REJECTED
CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4142
	REJECTED
CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2014-4140 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2014-4139
	REJECTED
CVE-2014-4138 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2014-4137 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-4136
	REJECTED
CVE-2014-4135
	REJECTED
CVE-2014-4134 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft
CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-4132 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4131
	REJECTED
CVE-2014-4130 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4129 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4128 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4127 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4126 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4125
	REJECTED
CVE-2014-4124 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4123 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protec ...)
	NOT-FOR-US: Microsoft
CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4120
	REJECTED
CVE-2014-4119
	REJECTED
CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Wor ...)
	NOT-FOR-US: Microsoft
CVE-2014-4116 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Found ...)
	NOT-FOR-US: Microsoft
CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Mic ...)
	NOT-FOR-US: Microsoft
CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4109 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4108 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4107 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4106 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4105 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4104 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4103 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4102 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4101 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4100 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4099 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4098 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4097 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4096 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4095 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4094 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4093 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4092 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4091 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4090 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4089 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4088 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4087 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4086 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4085 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4084 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4083 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4082 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4081 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4080 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4079 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4078 (The IP Security feature in Microsoft Internet Information Services (II ...)
	NOT-FOR-US: Microsoft
CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain privilege ...)
	NOT-FOR-US: Microsoft
CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Micr ...)
	NOT-FOR-US: Microsoft
CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2014-4073 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4072 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers to ca ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-4070 (Cross-site scripting (XSS) vulnerability in the Web Components Server  ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-4069
	REJECTED
CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013 and  ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2014-4063 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4062 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 doe ...)
	NOT-FOR-US: Microsoft
CVE-2014-4061 (Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not prop ...)
	NOT-FOR-US: Microsoft
CVE-2014-4060 (Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Medi ...)
	NOT-FOR-US: Microsoft
CVE-2014-4059 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4058 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4057 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4056 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4054
	REJECTED
CVE-2014-4053
	REJECTED
CVE-2014-4052 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4051 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4050 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4042
	RESERVED
CVE-2014-4041
	RESERVED
CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot ...)
	- powerpc-utils 1.3.1-2 (unimportant)
	NOTE: SuSE decided to put/display a warning about the possibility to of
	NOTE: containing cleartext passwords in the produced archive containing fstab
	NOTE: and yaboot.conf
	NOTE: 1.3.1-2 upload removed /usr/sbin/snap from the installed binary package
CVE-2014-4039 (ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does no ...)
	- ppc64-diag 2.7.1-5
	NOTE: SuSE Patch: https://bugzilla.suse.com/attachment.cgi?id=599147
CVE-2014-4038 (ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a ...)
	- ppc64-diag 2.7.1-5
	NOTE: Issue partially fixed in 2.7.1-1, but not all parts fixed
	NOTE: SuSE Patch: https://bugzilla.suse.com/attachment.cgi?id=599147
CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerp ...)
	- fckeditor <removed> (low; bug #752873)
	[wheezy] - fckeditor <no-dsa> (Minor issue)
	[squeeze] - fckeditor <no-dsa> (Minor issue)
	- docvert <removed>
	[wheezy] - docvert <no-dsa> (Minor issue)
	[squeeze] - docvert <no-dsa> (Minor issue)
	- moin <not-affected> (unused emebdded copy)
	- knowledgeroot <not-affected> (unused embedded copy)
CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php i ...)
	NOT-FOR-US: ImpressCMS
CVE-2014-4035 (Cross-site scripting (XSS) vulnerability in booking_details.php in Bes ...)
	NOT-FOR-US: Advance Hotel Booking System
CVE-2014-4034 (SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 al ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-4033 (Cross-site scripting (XSS) vulnerability in libraries/includes/persona ...)
	NOT-FOR-US: Epignosis eFront
CVE-2014-4032 (Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comm ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-4031 (The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x throu ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-4030 (Cross-site request forgery (CSRF) vulnerability in the JW Player plugi ...)
	NOT-FOR-US: WordPress plugin JW Player
CVE-2014-4029
	RESERVED
CVE-2014-4028
	RESERVED
CVE-2014-4026
	RESERVED
CVE-2014-4025
	RESERVED
CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...)
	- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
	NOT-FOR-US: ZTE
CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...)
	NOT-FOR-US: ZTE router
CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to  ...)
	NOT-FOR-US: Kolibri
CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows re ...)
	NOT-FOR-US: www.jzip.com
	NOTE: This is the jzip Z-code interpreter in Debian.
CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote atta ...)
	{DSA-2964-1}
	- iodine 0.6.0~rc1-19 (bug #751834)
	[squeeze] - iodine 0.6.0~rc1-2+deb6u1
	NOTE: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850
CVE-2014-4167 (The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014. ...)
	- neutron 2014.1.1-1 (bug #752021)
	NOTE: https://launchpad.net/bugs/1309195
CVE-2014-4157 (arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8  ...)
	{DLA-103-1}
	- linux 3.14.7-1 (bug #751417)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <not-affected> (squeeze-lts only covers x86)
CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ext/standard ...)
	{DSA-2961-1 DLA-0010-1}
	- php5 5.6.0~beta4+dfsg-3 (bug #751364)
	[squeeze] - php5 5.3.3-7+squeeze20
	NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
CVE-2014-4048 (The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows  ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-008.html
CVE-2014-4047 (Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 1 ...)
	- asterisk 1:11.10.2~dfsg-1 (low)
	[wheezy] - asterisk 1:1.8.13.1~dfsg1-3+deb7u4
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-007.html
CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Ce ...)
	{DLA-455-1}
	- asterisk 1:11.10.2~dfsg-1 (low)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-006.html
CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in Asteris ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-005.html
CVE-2014-4044 (OpenAFS 1.6.8 does not properly clear the fields in the host structure ...)
	- openafs 1.6.9-1
	[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
	[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 doe ...)
	{DSA-3169-1 DLA-165-1}
	- eglibc <removed>
	- glibc 2.19-2 (low; bug #751774)
CVE-2014-4021 (Xen 3.2.x through 4.4.x does not properly clean memory pages recovered ...)
	{DSA-3006-1}
	- xen 4.4.1-1 (bug #751894)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-4020 (The dissect_frame function in epan/dissectors/packet-frame.c in the fr ...)
	- wireshark 1.10.8-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-07.html
CVE-2014-4017 (Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugi ...)
	NOT-FOR-US: WordPress plugin conversionninja
CVE-2014-4016
	RESERVED
CVE-2014-4015
	RESERVED
CVE-2014-4013 (SQL injection vulnerability in the Policy Manager in Aruba Networks Cl ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-4012 (SAP Open Hub Service has hardcoded credentials, which makes it easier  ...)
	NOT-FOR-US: SAP
CVE-2014-4011 (SAP Capacity Leveling has hardcoded credentials, which makes it easier ...)
	NOT-FOR-US: SAP
CVE-2014-4010 (SAP Transaction Data Pool has hardcoded credentials, which makes it ea ...)
	NOT-FOR-US: SAP
CVE-2014-4009 (SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which make ...)
	NOT-FOR-US: SAP
CVE-2014-4008 (SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which ma ...)
	NOT-FOR-US: SAP
CVE-2014-4007 (The SAP Upgrade tools for ABAP has hardcoded credentials, which makes  ...)
	NOT-FOR-US: SAP
CVE-2014-4006 (The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil &amp; Gas ...)
	NOT-FOR-US: SAP
CVE-2014-4005 (SAP Brazil add-on has hardcoded credentials, which makes it easier for ...)
	NOT-FOR-US: SAP
CVE-2014-4004 (The (1) Structures and (2) Project-Oriented Procurement components in  ...)
	NOT-FOR-US: SAP
CVE-2014-4003 (The System Landscape Directory (SLD) in SAP NetWeaver allows remote at ...)
	NOT-FOR-US: SAP
CVE-2014-4002 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-6 (bug #752573)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573)
CVE-2014-4001
	RESERVED
CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct PHP ob ...)
	- cacti 0.8.8e+ds1-1 (low)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	NOTE: http://www.cacti.net/release_notes_1_0_0.php
	NOTE: http://bugs.cacti.net/view.php?id=2452 (not accessible: marked as security issue)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
	NOTE: This CVE was fixed by introduction of the function sanitize_unserialize_selected_items
	NOTE: in version 0.8.8e and calling it instead of unserialize(stripslashes()).
	NOTE: Affected files require authenticated users.
CVE-2014-3999 (The Horde_Ldap library before 2.0.6 for Horde allows remote attackers  ...)
	- php-horde-ldap 2.0.6-1
CVE-2014-3998
	RESERVED
CVE-2014-3997 (SQL injection vulnerability in the MetadataServlet servlet in ManageEn ...)
	NOT-FOR-US: Password Manager Pro
CVE-2014-3996 (SQL injection vulnerability in the LinkViewFetchServlet servlet in Man ...)
	NOT-FOR-US: Password Manager Pro
CVE-2014-3993
	RESERVED
CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow ...)
	- dolibarr 3.5.4+dfsg2-1 (bug #755531)
CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...)
	- dolibarr 3.5.5+dfsg1-1
CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in OpenCart 1. ...)
	NOT-FOR-US: OpenCart
CVE-2014-3989
	RESERVED
CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFi ...)
	NOT-FOR-US: SunHater KCFinder
CVE-2014-3987
	RESERVED
CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remo ...)
	- libav 6:0.8.12-1
	NOTE: Fairly pointless CVE assignment...
CVE-2014-4150 (The scheme48-send-definition function in cmuscheme48.el in Scheme 48 a ...)
	{DLA-0006-1}
	- scheme48 1.9-4 (bug #748766)
	[wheezy] - scheme48 1.8+dfsg-1+deb7u1
	[squeeze] - scheme48 1.8+dfsg-1+deb6u1
CVE-2014-4027 (The rd_build_device_space function in drivers/target/target_core_rd.c  ...)
	- linux 3.14.2-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.38)
	NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
CVE-2014-4014 (The capabilities implementation in the Linux kernel before 3.14.8 does ...)
	- linux 3.14.7-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: fixing commit https://git.kernel.org/linus/23adbe12ef7d3d4195e80800ab36b37bee28cd03
CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to o ...)
	- lynis 1.5.5-1 (bug #751083)
	[squeeze] - lynis <no-dsa> (Minor issue)
	[wheezy] - lynis <no-dsa> (Minor issue)
CVE-2014-3995 (Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gra ...)
	NOT-FOR-US: Djblets
CVE-2014-3994 (Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_ ...)
	NOT-FOR-US: Djblets
CVE-2014-3983
	RESERVED
CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local use ...)
	- lynis <not-affected> (Specific to AIX)
CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlie ...)
	- php5 5.6.0~rc1+dfsg-1 (unimportant)
	NOTE: Only exploitable during package build
CVE-2014-3979 (Bytemark Symbiosis allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Bytemark Symbiosis
CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote auth ...)
	NOT-FOR-US: TomatoCart
CVE-2014-3977 (libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to ...)
	NOT-FOR-US: IBM AIX
CVE-2014-3976 (Buffer overflow in A10 Networks Advanced Core Operating System (ACOS)  ...)
	NOT-FOR-US: A10 Networks Advanced Core Operating System
CVE-2014-3975 (Absolute path traversal vulnerability in filemanager.php in AuraCMS 3. ...)
	NOT-FOR-US: AuraCMS
CVE-2014-3974 (Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS ...)
	NOT-FOR-US: AuraCMS
CVE-2014-3973 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before  ...)
	- frontaccounting 2.3.21-1 (bug #751867)
	[squeeze] - frontaccounting <no-dsa> (Minor issue)
	[wheezy] - frontaccounting <no-dsa> (Minor issue)
CVE-2014-3972 (Directory traversal vulnerability in Apexis APM-J601-WS cameras with f ...)
	NOT-FOR-US: Apexis cameras
CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in db/commands/authent ...)
	- mongodb <not-affected> (X.509 certifictate authentication introduced in 2.6.x)
	NOTE: https://jira.mongodb.org/browse/SERVER-13753
	NOTE: https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b
CVE-2014-3965
	RESERVED
CVE-2014-3964
	RESERVED
CVE-2014-3963 (ownCloud Server before 6.0.1 does not properly check permissions, whic ...)
	- owncloud 6.0.1+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-009/
CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote ...)
	NOT-FOR-US: Videos Tube
CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...)
	NOT-FOR-US: WordPress plugin Participants Database
CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before  ...)
	NOT-FOR-US: OpenNMS
CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...)
	- libfep <itp> (bug #658575)
CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the Configurat ...)
	NOT-FOR-US: F5
CVE-2014-3958
	RESERVED
CVE-2014-3957
	RESERVED
CVE-2014-3955 (routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to caus ...)
	NOT-FOR-US: FreeBSD routed
CVE-2014-3954 (Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2  ...)
	NOT-FOR-US: FreeBSD rtsold
CVE-2014-3953 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 befor ...)
	{DSA-3070-1}
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 <removed> (bug #754237)
	- kfreebsd-10 10.1~svn272463-1
CVE-2014-3952 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 befor ...)
	{DSA-3070-1}
	- kfreebsd-8 <removed>
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	- kfreebsd-9 <removed> (bug #754236)
	- kfreebsd-10 10.1~svn272463-1
CVE-2014-3951 (The HZ module in the iconv implementation in FreeBSD 10.0 before p6 an ...)
	NOT-FOR-US: iconv system library of FreeBSD and NetBSD
CVE-2014-3950
	RESERVED
CVE-2014-3949 (Cross-site scripting (XSS) vulnerability in the layout wizard in the G ...)
	NOT-FOR-US: TYPO3 extension gridelements
CVE-2014-3948 (Cross-site scripting (XSS) vulnerability in the HTML export wizard in  ...)
	NOT-FOR-US: TYPO3 extension powermail
CVE-2014-3947 (Unrestricted file upload vulnerability in the powermail extension befo ...)
	NOT-FOR-US: TYPO3 extension powermail
CVE-2014-3939 (Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 all ...)
	NOT-FOR-US: Autodesk SketchBook Pro
CVE-2014-3938 (Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote ...)
	NOT-FOR-US: Autodesk Sketchbook Pro
CVE-2014-3937 (SQL injection vulnerability in the Contextual Related Posts plugin bef ...)
	NOT-FOR-US: WordPress plugin contextual-related-posts
CVE-2014-3936 (Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi  ...)
	NOT-FOR-US: D-Link
CVE-2014-3935 (SQL injection vulnerability in glossaire-aff.php in the Glossaire modu ...)
	NOT-FOR-US: XOOPS module Glossaire
CVE-2014-3934 (SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2014-3933 (Cross-site scripting (XSS) vulnerability in the address components fie ...)
	NOT-FOR-US: Drupal module AddressField Tokens
CVE-2014-3932 (SQL injection vulnerability in the device registration component in ws ...)
	NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allow ...)
	NOT-FOR-US: Multi-Router Looking Glass
CVE-2014-3930 (lg.pl in Cistron-LG 1.01 stores sensitive information under the web ro ...)
	NOT-FOR-US: Cistron-LG
CVE-2014-3929 (The default configuration for Cougar-LG stores sensitive information u ...)
	NOT-FOR-US: Cougar-LG
CVE-2014-3928 (Cougar-LG stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: Cougar-LG
CVE-2014-3927 (mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execu ...)
	NOT-FOR-US: mrlg4php
CVE-2014-3926 (Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 al ...)
	NOT-FOR-US: Cougar LG
CVE-2014-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1 ...)
	- webmin <removed>
CVE-2014-3923 (Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoo ...)
	NOT-FOR-US: WordPress plugin Digital Zoom Studio Video Gallery
CVE-2014-3922 (Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Mess ...)
	NOT-FOR-US: Trend Micro InterScan
CVE-2014-3921 (Cross-site scripting (XSS) vulnerability in popup.php in the Simple Po ...)
	NOT-FOR-US: WordPress plugin Simple Popup Images
CVE-2013-7387 (Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlie ...)
	NOT-FOR-US: DataLife Engine
CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote att ...)
	- boinc 7.0.2+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
CVE-2014-3969 (Xen 4.4.x, when running on an ARM system, does not properly check writ ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3970 (The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv m ...)
	- pulseaudio 5.0-3 (low)
	[squeeze] - pulseaudio <no-dsa> (Minor issue)
	[wheezy] - pulseaudio <no-dsa> (Minor issue)
	NOTE: http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
CVE-2014-3968 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows lo ...)
	- xen 4.4.1-1 (bug #757724)
	[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
	[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
CVE-2014-3967 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not  ...)
	- xen 4.4.1-1 (bug #757724)
	[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
	[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
CVE-2014-3966 (Cross-site scripting (XSS) vulnerability in Special:PasswordReset in M ...)
	{DSA-2957-1}
	- mediawiki 1:1.19.16+dfsg-1 (low; bug #750527)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has  ...)
	- sendmail 8.14.4-6 (low; bug #750562)
	[wheezy] - sendmail 8.14.4-4+deb7u1
	[squeeze] - sendmail <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the presenc ...)
	- linux 3.14.7-1 (low)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <not-affected> (Only exploitable in 3.12 and later)
CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux ( ...)
	- sosreport <not-affected> (RedHat-specific issue)
CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0 ...)
	- kanboard <itp> (bug #790814)
CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp ...)
	NOT-FOR-US: Netgear
CVE-2014-3918
	RESERVED
CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...)
	- ruby2.1 <removed> (unimportant)
	- ruby2.0 <removed> (unimportant)
	- ruby1.9.1 <removed> (unimportant)
	- ruby1.8 <removed> (unimportant)
	NOTE: Only exploitable on Windows
CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...)
	NOT-FOR-US: Rocket Servergraph
CVE-2014-3914 (Directory traversal vulnerability in the Admin Center for Tivoli Stora ...)
	NOT-FOR-US: Rocket ServerGraph
CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow  ...)
	NOT-FOR-US: Ericom AccessNow Server
CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList method in t ...)
	NOT-FOR-US: Samsung iPOLiS Device Manager
CVE-2014-3911 (Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to e ...)
	NOT-FOR-US: Samsung iPOLiS Device Manager
CVE-2014-3910 (Emurasoft EmFTP allows local users to gain privileges via a Trojan hor ...)
	NOT-FOR-US: Emurasoft EmFTP
CVE-2014-3909 (Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlie ...)
	NOT-FOR-US: Falcon WisePoint
CVE-2014-3908 (The Amazon.com Kindle application before 4.5.0 for Android does not ve ...)
	NOT-FOR-US: Amazon.com Kindle application
CVE-2014-3907 (Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsle ...)
	NOT-FOR-US: MailPoet Newsletters (wysija-newsletters) plugin for WordPress
CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and A ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4  ...)
	NOT-FOR-US: tenfourzero Shutter
CVE-2014-3904 (SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0. ...)
	NOT-FOR-US: tenfourzero Shutter
CVE-2014-3903 (Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x befor ...)
	NOT-FOR-US: Cakifo theme for WordPress
CVE-2014-3902 (The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android  ...)
	NOT-FOR-US: CyberAgent Ameba application
CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote attacker ...)
	NOT-FOR-US: Raritan Japan Dominion KX2-101 switches
CVE-2014-3900 (Cross-site scripting (XSS) vulnerability in admin/picture_modify.php i ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Gretech GOM Player
CVE-2014-3898 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operati ...)
	NOT-FOR-US: Fujitsu ServerView Operations Manager
CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMai ...)
	NOT-FOR-US: Homepage Decorator PerlMailer
CVE-2014-3896 (Multiple cross-site request forgery (CSRF) vulnerabilities in CGI prog ...)
	NOT-FOR-US: Seeds acmailer
CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/ ...)
	NOT-FOR-US: I-O DATA camera firmware
CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional M ...)
	NOT-FOR-US: PHP Kobo Multifunctional MailForm
CVE-2014-3893
	REJECTED
CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014  ...)
	NOT-FOR-US: Nexa Meridian
CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows rem ...)
	NOT-FOR-US: RimArts Becky! Internet Mail
CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote attack ...)
	NOT-FOR-US: silex device
CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote attack ...)
	NOT-FOR-US: silex device
CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1 ...)
	NOT-FOR-US: Yokogawa
CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when  ...)
	- webmin <removed>
CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
	- webmin <removed>
CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allow ...)
	NOT-FOR-US: Usermin
CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary oper ...)
	NOT-FOR-US: Usermin
CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...)
	NOT-FOR-US: WordPress plugin login-rebuilder
CVE-2014-3881 (Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukin ...)
	NOT-FOR-US: Intercom Web Kyukincho
CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4  ...)
	{DSA-2952-1}
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (Will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 <removed>
	- kfreebsd-10 10.0-6
CVE-2014-3879 (OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error ...)
	NOT-FOR-US: OpenPAM
CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client  ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...)
	{DLA-68-1}
	- fex 20140530-1
	[wheezy] - fex <no-dsa> (non-free not supported)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast Fil ...)
	{DLA-68-1}
	- fex 20140530-1
	[wheezy] - fex <no-dsa> (non-free not supported)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3875 (The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex ...)
	{DLA-68-1}
	- fex 20140530-1
	[wheezy] - fex <no-dsa> (non-free not supported)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3874
	RESERVED
CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p1 ...)
	- kfreebsd-8 <removed>
	- kfreebsd-9 <removed> (bug #750493)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login pag ...)
	NOT-FOR-US: D-Link firmware
CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic Sol ...)
	NOT-FOR-US: GeodesicSolutions
CVE-2014-3869
	RESERVED
CVE-2014-3868 (Multiple SQL injection vulnerabilities in ZeusCart 4.x. ...)
	NOT-FOR-US: ZeusCart
CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component  ...)
	NOT-FOR-US: Joomla! component JChatSocial
CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discov ...)
	NOT-FOR-US: HL7 C-CDA
CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 a ...)
	NOT-FOR-US: HL7 C-CDA
CVE-2014-3860 (Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijac ...)
	NOT-FOR-US: Xilisoft Video Converter Ultimate
CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...)
	- bind9 <not-affected> (Only affects 9.10.0, 9.10.0-P1)
	NOTE: https://kb.isc.org/article/AA-01166
CVE-2014-3858
	RESERVED
CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control Statistics in  ...)
	NOT-FOR-US: Kerio Control
CVE-2014-3856 (The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does  ...)
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1437
CVE-2014-3855 (Directory traversal vulnerability in download.py in Pyplate 0.08 allow ...)
	NOT-FOR-US: Pyplate
CVE-2014-3854 (Cross-site request forgery (CSRF) vulnerability in admin/addScript.py  ...)
	NOT-FOR-US: Pyplate
CVE-2014-3853 (Pyplate 0.08 does not set the secure flag for the id cookie in an http ...)
	NOT-FOR-US: Pyplate
CVE-2014-3852 (Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header ...)
	NOT-FOR-US: Pyplate
CVE-2014-3851 (usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-reada ...)
	NOT-FOR-US: Pyplate
CVE-2014-3850 (Cross-site request forgery (CSRF) vulnerability in the Member Approval ...)
	NOT-FOR-US: WordPress plugin Member Approval 131109
CVE-2014-3849 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not p ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3848 (The iMember360 plugin before 3.9.001 for WordPress does not properly r ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3847
	RESERVED
CVE-2014-3845 (Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color P ...)
	NOT-FOR-US: WordPress plugin TinyMCE Color Picker
CVE-2014-3844 (The TinyMCE Color Picker plugin before 1.2 for WordPress does not prop ...)
	NOT-FOR-US: WordPress plugin TinyMCE Color Picker
CVE-2014-3843 (Cross-site request forgery (CSRF) vulnerability in the Search Everythi ...)
	NOT-FOR-US: WordPress plugin Search Everything
CVE-2014-3842 (Multiple cross-site scripting (XSS) vulnerabilities in the iMember360  ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3841 (Cross-site scripting (XSS) vulnerability in the Contact Bank plugin be ...)
	NOT-FOR-US: WordPress plugin Contact Bank
CVE-2012-6648 (gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as ...)
	NOT-FOR-US: gdm-guest-session (Ubuntu-specific)
CVE-2010-5299 (Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attacke ...)
	NOT-FOR-US: MicroP
CVE-2014-3946 (The query caching functionality in the Extbase Framework component in  ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3945 (The Authentication component in TYPO3 before 6.2, when salting for pas ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3944 (The Authentication component in TYPO3 6.2.0 before 6.2.3 does not prop ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3943 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified bac ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3942 (The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0  ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3941 (TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6 ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDIT ...)
	{DLA-0015-1}
	- linux 3.14.7-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: http://article.gmane.org/gmane.linux.kernel/1713179
CVE-2014-3865 (Multiple directory traversal vulnerabilities in dpkg-source in dpkg-de ...)
	{DSA-2953-1}
	- dpkg 1.17.10 (bug #749183)
CVE-2014-3864 (Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 all ...)
	{DSA-2953-1}
	- dpkg 1.17.10 (bug #746498)
CVE-2014-3870 (Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3  ...)
	NOT-FOR-US: WordPress plugin bib2html
CVE-2014-3866 (Multiple cross-site request forgery (CSRF) vulnerabilities in user_set ...)
	NOT-FOR-US: userCake
CVE-2014-3846 (Cross-site scripting (XSS) vulnerability in Flying Cart allows remote  ...)
	NOT-FOR-US: Flying Cart
CVE-2014-3839 [owncloud: Deserialization of Untrusted Data in core]
	RESERVED
	- owncloud 6.0.3+dfsg-1
CVE-2014-3838 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-016/
CVE-2014-3837 (The document application in ownCloud Server before 6.0.3 uses sequenti ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-015/
CVE-2014-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-014/
CVE-2014-3835 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check pe ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-012/
CVE-2014-3834 (ownCloud Server before 6.0.3 does not properly check permissions, whic ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-011/
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-013/
CVE-2014-3833 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery ...)
	- owncloud 6.0.3+dfsg-2
CVE-2014-3832 (Cross-site scripting (XSS) vulnerability in the Documents component in ...)
	- owncloud 6.0.3+dfsg-2
CVE-2014-3831
	REJECTED
CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1 ...)
	NOT-FOR-US: TomatoCart
CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Ser ...)
	- centreon-web <itp> (bug #913903)
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon  ...)
	- centreon-web <itp> (bug #913903)
CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka M ...)
	NOT-FOR-US: MyBB
CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows  ...)
	NOT-FOR-US: MyBB
CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the Juni ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3823 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with I ...)
	NOT-FOR-US: The Juniper Junos Pulse Secure Access Service
CVE-2014-3822 (Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3821 (Cross-site scripting (XSS) vulnerability in SRX Web Authentication (we ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3820 (Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3818 (Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12. ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3817 (Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3816 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3815 (Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3814 (The Juniper Networks NetScreen Firewall devices with ScreenOS before 6 ...)
	NOT-FOR-US: Juniper Networks NetScreen Firewall
CVE-2014-3813 (Unspecified vulnerability in the Juniper Networks NetScreen Firewall p ...)
	NOT-FOR-US: Juniper Networks NetScreen Firewall
CVE-2014-3812 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with I ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3811 (Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows an ...)
	NOT-FOR-US: Junos Pulse Client
CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx D ...)
	NOT-FOR-US: Dolphin (php thingy)
CVE-2014-3809 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Alcatel Lucent
CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive  ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-3807 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive  ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-3806 (Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo  ...)
	NOT-FOR-US: VMTurbo Operations Manager
CVE-2014-3805 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-3804 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-3803 (The SpeechInput feature in Blink, as used in Google Chrome before 35.0 ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3802 (msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distribute ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2014-3799
	REJECTED
CVE-2014-3798 (The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows ...)
	NOT-FOR-US: Citrix XenServer
CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appl ...)
	NOT-FOR-US: VMware vSphere
CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) ...)
	NOT-FOR-US: VMware NSX and vCNS
CVE-2014-3795
	REJECTED
CVE-2014-3794
	REJECTED
CVE-2014-3793 (VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6 ...)
	NOT-FOR-US: VMware
CVE-2014-3792 (Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Route ...)
	NOT-FOR-US: Beetel Router
CVE-2014-3791 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8  ...)
	NOT-FOR-US: Easy File Sharing
CVE-2014-3790 (Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows r ...)
	NOT-FOR-US: VMware vCenter Server Appliance
CVE-2014-3789 (GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7 ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-3788 (Heap-based buffer overflow in the Web Server in Cogent Real-Time Syste ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-3787 (SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitra ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-7386 (Format string vulnerability in the PROJECT::write_account_file functio ...)
	- boinc 7.1.10+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
	[wheezy] - boinc <no-dsa> (Minor issue)
CVE-2013-7385 (LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator pa ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a d ...)
	- unrealircd <itp> (bug #515130)
CVE-2014-3840 (Multiple cross-site scripting (XSS) vulnerabilities in apps/common/tem ...)
	- mayan <itp> (bug #718580)
CVE-2014-3801 (OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, ...)
	- heat 2014.1-4 (bug #748824)
	NOTE: https://launchpad.net/bugs/1311223
CVE-2014-3786 (Multiple cross-site scripting (XSS) vulnerabilities in the contact mod ...)
	NOT-FOR-US: Pixie CMS
CVE-2014-3785
	RESERVED
CVE-2014-3784
	RESERVED
CVE-2014-3783 (SQL injection vulnerability in admin/categories.php in Dotclear before ...)
	- dotclear 2.6.3+dfsg-1
CVE-2014-3782 (Multiple incomplete blacklist vulnerabilities in the filemanager::isFi ...)
	- dotclear 2.6.3+dfsg-1
CVE-2014-3781 (The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclea ...)
	- dotclear 2.6.3+dfsg-1
CVE-2014-3780 (Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 an ...)
	NOT-FOR-US: Citrix
CVE-2014-3779 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfSe ...)
	NOT-FOR-US: ZOHO
CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in goform/R ...)
	NOT-FOR-US: ARRIS modem
CVE-2014-3777 (Directory traversal vulnerability in Reportico PHP Report Designer bef ...)
	NOT-FOR-US: Reportico PHP Report Designer
CVE-2014-3770
	RESERVED
CVE-2014-3769
	RESERVED
CVE-2014-3768
	RESERVED
CVE-2014-3767
	RESERVED
CVE-2014-3766
	RESERVED
CVE-2014-3765
	RESERVED
CVE-2014-3764 (Cross-site scripting (XSS) vulnerability in the web-based device manag ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2014-3763
	RESERVED
CVE-2014-3762
	RESERVED
CVE-2014-3761 (Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmw ...)
	NOT-FOR-US: D-Link DAP 1150
CVE-2014-3760 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
	NOT-FOR-US: D-Link DAP 1150
CVE-2014-3759 (Multiple SQL injection vulnerabilities in the BibTex Publications (si_ ...)
	NOT-FOR-US: TYPO3 extension si_bibtex
CVE-2014-3758 (Cross-site scripting (XSS) vulnerability in the BibTex Publications (s ...)
	NOT-FOR-US: TYPO3 extension si_bibtex
CVE-2014-3757 (SQL injection vulnerability in sorter.php in the phpManufaktur kitForm ...)
	NOT-FOR-US: phpManufaktur extension
CVE-2014-3754
	RESERVED
CVE-2014-3753 (AgileBits 1Password through 1.0.9.340 allows security feature bypass ...)
	NOT-FOR-US: AgileBits 1Password
CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and ea ...)
	NOT-FOR-US: G Data TotalProtection
CVE-2014-3751
	RESERVED
CVE-2014-3750 (The Bilyoner application before 2.3.1 for Android and before 4.6.2 for ...)
	NOT-FOR-US: Bilyoner for Android
CVE-2014-3748
	RESERVED
CVE-2014-3747
	RESERVED
CVE-2014-3746
	RESERVED
CVE-2014-3745
	RESERVED
CVE-2014-3744 (Directory traversal vulnerability in the st module before 0.2.5 for No ...)
	NOT-FOR-US: Node st module
CVE-2014-3743 (Multiple cross-site scripting (XSS) vulnerabilities in the Marked modu ...)
	- node-marked 0.3.1+dfsg-1
CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js all ...)
	NOT-FOR-US: hapi framework for Node.js
CVE-2014-3741 (The printDirect function in lib/printer.js in the node-printer module  ...)
	NOT-FOR-US: node-printer
CVE-2014-3740 (Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.0019 ...)
	NOT-FOR-US: SpiceWorks
CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in templates/defaultheader.ph ...)
	NOT-FOR-US: Storesprite
CVE-2014-3736
	RESERVED
CVE-2014-3735 (ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers ...)
	NOT-FOR-US: Intel Ideo Video
CVE-2014-3734
	RESERVED
CVE-2014-3733
	RESERVED
CVE-2014-3732
	RESERVED
CVE-2014-3731
	RESERVED
CVE-2014-3729
	RESERVED
CVE-2014-3728
	RESERVED
CVE-2014-3727
	RESERVED
CVE-2014-3726
	RESERVED
CVE-2014-3725
	RESERVED
CVE-2014-3724
	RESERVED
CVE-2014-3723
	RESERVED
CVE-2014-3722
	RESERVED
CVE-2014-3721
	RESERVED
CVE-2014-3720
	RESERVED
CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...)
	NOT-FOR-US: Ex Libris ALEPH 500 (Integrated library management system)
CVE-2014-3713
	RESERVED
CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...)
	NOT-FOR-US: Katello
CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...)
	{DSA-3070-1}
	- kfreebsd-9 <removed> (bug #766275)
	- kfreebsd-10 10.1~svn273874-1 (bug #766278)
	[experimental] - kfreebsd-11 11.0~svn284956-1 (bug #766279)
CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the  ...)
	{DSA-3074-1 DSA-3072-1 DLA-94-1 DLA-86-1}
	- file 1:5.20-2 (bug #768806)
	NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
	- php5 5.6.3+dfsg-1 (bug #768807)
	NOTE: https://bugs.php.net/bug.php?id=68283
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)
CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback method in  ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1  ...)
	- nova 2014.1.3-6 (low)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: affected versions up to 2014.1.3, and 2014.2
CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, whe ...)
	{DSA-3069-1 DLA-84-1}
	- curl 7.38.0-3
	NOTE: http://curl.haxx.se/docs/adv_20141105.html
	NOTE: Upstream commit: https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945
CVE-2014-3706 (ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attac ...)
	NOT-FOR-US: ovirt-engine
CVE-2014-3705
	RESERVED
CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal ...)
	{DSA-3051-1}
	- drupal7 7.32-1 (bug #765507)
	- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2014-3703 (OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic p ...)
	NOT-FOR-US: Red Hat Openstack 4 Neutron
CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows remote at ...)
	- edeploy <itp> (bug #717664)
CVE-2014-3701 (eDeploy has tmp file race condition flaws ...)
	- edeploy <itp> (bug #717664)
CVE-2014-3700 (eDeploy through at least 2014-10-14 has remote code execution due to e ...)
	- edeploy <itp> (bug #717664)
CVE-2014-3699 (eDeploy has RCE via cPickle deserialization of untrusted data ...)
	- edeploy <itp> (bug #717664)
CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol plu ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3697 (Absolute path traversal vulnerability in the untar_block function in w ...)
	- pidgin <not-affected> (Windows specific)
CVE-2014-3696 (nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidg ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3695 (markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.1 ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3694 (The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/ ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Remote i ...)
	- libreoffice 1:4.3.3~rc2~git20141011-1
	[wheezy] - libreoffice <not-affected> (Introduced in 4.0.0)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/
CVE-2014-3692 (The customization template in Red Hat CloudForms 3.1 Management Engine ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-3691 (Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5. ...)
	NOT-FOR-US: Foreman Smart Proxy
CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.1 ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a (v3.18-rc1)
CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ...)
	{DSA-3067-1 DSA-3066-1}
	- qemu 2.1+dfsg-6 (bug #765496)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	[squeeze] - qemu <end-of-life>
	NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks.
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc
CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows remot ...)
	{DSA-3060-1 DLA-118-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26b87c7881006311828bb0ab271a551a62dcceb4 (v3.18-rc1)
CVE-2014-3687 (The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in t ...)
	{DSA-3060-1 DLA-118-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b69040d8e39f20d5215a03502a8e8b4c6ab78395 (v3.18-rc1)
CVE-2014-3686 (wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certai ...)
	{DSA-3052-1 DLA-147-1}
	- wpasupplicant <removed>
	- hostapd <removed>
	[squeeze] - hostapd <not-affected> (Vulnerable code not present in 0.6.10)
	- wpa 2.3-1 (bug #765352; high)
CVE-2014-3685
	REJECTED
CVE-2014-3684 (The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Reso ...)
	{DSA-3058-1 DLA-78-1}
	- torque 2.4.16+dfsg-1.5 (bug #763922)
	NOTE: https://github.com/adaptivecomputing/torque/commit/967cdc80150690459a47a35a658abeee0ca6e5cb
	NOTE: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9
	NOTE: 2.4 is end-of-life upstream thus no patches available for that branch.
CVE-2014-3683 (Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysk ...)
	{DSA-3047-1 DLA-72-1}
	- rsyslog 8.4.2-1
	NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
CVE-2014-3682 (XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl f ...)
	NOT-FOR-US: jBPM Designer
CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and L ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3680 (Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticate ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3679 (The Monitoring plugin before 1.53.0 for Jenkins allows remote attacker ...)
	NOT-FOR-US: Jenkins monitoring plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
CVE-2014-3678 (Cross-site scripting (XSS) vulnerability in the Monitoring plugin befo ...)
	NOT-FOR-US: Jenkins monitoring plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
CVE-2014-3677 (Unspecified vulnerability in Shim might allow attackers to execute arb ...)
	NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3676 (Heap-based buffer overflow in Shim allows remote attackers to execute  ...)
	NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3675 (Shim allows remote attackers to cause a denial of service (out-of-boun ...)
	NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3674 (Red Hat OpenShift Enterprise before 2.2 does not properly restrict acc ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2014-3673 (The SCTP implementation in the Linux kernel through 3.17.2 allows remo ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze9
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1)
CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local g ...)
	{DLA-571-1}
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-180.html
	NOTE: Related hardening for libvirt: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf
	NOTE: This is hardly a vulnerability in qemu per se, but rather a problem of integrating qemu
CVE-2014-3671
	REJECTED
CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in PH ...)
	{DSA-3064-1 DLA-94-1}
	- php5 5.6.2+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68113
CVE-2014-3669 (Integer overflow in the object_custom function in ext/standard/var_uns ...)
	{DSA-3064-1 DLA-94-1}
	- php5 5.6.2+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68044
CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime impl ...)
	{DSA-3064-1 DLA-94-1}
	- php5 5.6.2+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68027
CVE-2014-3667 (Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent  ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3666 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3665 (Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure tru ...)
	- jenkins <removed> (bug #767541)
	[jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is documented as such)
	NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented,
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
CVE-2014-3664 (Directory traversal vulnerability in Jenkins before 1.583 and LTS befo ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3663 (Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticate ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3662 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3661 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ...)
	{DSA-2978-2 DSA-3057-1 DLA-151-1 DLA-80-1}
	[jessie] - libxml2 2.9.1+dfsg1-5
	- libxml2 2.9.2+dfsg1-1 (bug #765722)
	NOTE: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
	NOTE: Beware the upstream patch relies on other commits not
	NOTE: available in the squeeze/wheezy version (at least cff2546f that
	NOTE: changes how the ent->checked variable is used and likely a3f1e3e5 too)
CVE-2014-3659
	REJECTED
CVE-2014-3658
	RESERVED
CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt be ...)
	- libvirt 1.2.9-1
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=fc22b2e74890873848b43fffae43025d22053669 (v1.2.9)
	NOTE: Introduced by: libvirt.org/git/?p=libvirt.git;a=commit;h=2c6808044408fba9ff9547ad88bb8a0f44ee21a0 (v0.10.0-rc0)
CVE-2014-3656 (JBoss KeyCloak: XSS in login-status-iframe.html ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3655 (JBoss KeyCloak is vulnerable to soft token deletion via CSRF ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3654 (Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java  ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview funct ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/7483
	NOTE: https://github.com/sodabrew/foreman/issues/1
CVE-2014-3652 (JBoss KeyCloak: Open redirect vulnerability via failure to validate th ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a d ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3650
	RESERVED
	NOT-FOR-US: JBoss AeroGear
CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
	NOT-FOR-US: JBoss AeroGear
CVE-2014-3648
	RESERVED
CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel throug ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=234f3ce485d54017f15cf5e0699cff4100121601
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=d1442d85cc30ea75f7d399474ca738e0bc96f715
CVE-2014-3646 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3. ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a642fc305053cc1c6e47e4f4df327895747ab485
CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.1 ...)
	{DSA-3060-1}
	- linux 3.12.6-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e (v3.12-rc1)
CVE-2014-3644
	RESERVED
CVE-2014-3643 (jersey: XXE via parameter entities not disabled by the jersey SAX pars ...)
	NOT-FOR-US: Jersey SAX parser
CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in Red Hat  ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder befo ...)
	- cinder 2014.1.3-1
	NOTE: Affects version up to 2014.1.2
CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.1+dfsg-5 (bug #762532)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	[squeeze] - qemu <end-of-life>
	NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
	{DSA-3026-1 DLA-87-1}
	- dbus 1.8.8-1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919
CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in D-Bus b ...)
	{DSA-3026-1 DLA-87-1}
	- dbus 1.8.8-1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053
CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does no ...)
	{DSA-3026-1}
	- dbus 1.8.8-1
	[squeeze] - dbus <not-affected> (Version in squeeze does not support FD passing with SCM_RIGHTS)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80559
CVE-2014-3636 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows  ...)
	{DSA-3026-1}
	- dbus 1.8.8-1
	[squeeze] - dbus <not-affected> (Version in squeeze does not support FD passing with SCM_RIGHTS)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=82820
CVE-2014-3635 (Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x  ...)
	{DSA-3026-1}
	- dbus 1.8.8-1
	[squeeze] - dbus <not-affected> (Version in Squeeze does not support FD passing with SCM_RIGHTS)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=83622
CVE-2014-3634 (rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier ...)
	{DSA-3040-1 DLA-72-1}
	- rsyslog 8.4.1-1
	- inetutils 2:1.9.2.39.3a460-1
	[wheezy] - inetutils <no-dsa> (Minor issue)
	[squeeze] - inetutils <no-dsa> (Minor issue)
CVE-2014-3633 (The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...)
	{DSA-3038-1}
	- libvirt 1.2.8-2 (bug #762203)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v0.9.8)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)
	NOTE: Upstream advisory: http://security.libvirt.org/2014/0004.html
CVE-2014-3632 (The default configuration in a sudoers file in the Red Hat openstack-n ...)
	- neutron <not-affected> (Red Hat-specific)
	NOTE: Regression of fix for CVE-2013-6433, Red Hat specific in RedHat Enterprise Open Stack Platform 5.0
CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in ...)
	- linux 3.16.3-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 (v3.13)
	NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
CVE-2014-3630 (XML external entity (XXE) vulnerability in the Java XML processing fun ...)
	NOT-FOR-US: Play framework
CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in  ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
CVE-2014-3628 (Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stat ...)
	- lucene-solr <not-affected> (Only affects later 4.x releases)
	NOTE: https://issues.apache.org/jira/browse/SOLR-6738
CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 an ...)
	NOT-FOR-US: Apache Hadoop
CVE-2014-3626 (The Grails Resource Plugin often has to exchange URIs for resources wi ...)
	NOT-FOR-US: Grails Resource Plugin
CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...)
	{DLA-1853-1}
	- libspring-java 3.2.13-1 (bug #769698)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
	NOTE: https://jira.spring.io/browse/SPR-12354
	NOTE: http://www.pivotal.io/security/cve-2014-3625
CVE-2014-3624 (Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to by ...)
	- trafficserver 5.0.0-1
	[wheezy] - trafficserver <not-affected> (Only affects 4.0.2 to 4.1.2)
	NOTE: https://issues.apache.org/jira/browse/TS-2677
CVE-2014-3623 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF ...)
	NOT-FOR-US: Apache CXF
CVE-2014-3622 (Use-after-free vulnerability in the add_post_var function in the Posth ...)
	- php5 5.6.1+dfsg-1 (unimportant)
	NOTE: Not exploitable
	NOTE: https://bugs.php.net/bug.php?id=68088
CVE-2014-3621 (The catalog url replacement in OpenStack Identity (Keystone) before 20 ...)
	- keystone 2014.1.3-1
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: up to 2013.2.3 and 2014.1 versions up to 2014.1.2.1
CVE-2014-3620 (cURL and libcurl before 7.38.0 allow remote attackers to bypass the Sa ...)
	- curl 7.38.0-1
	[wheezy] - curl <not-affected> (affects versions 7.31.0 and later)
	[squeeze] - curl <not-affected> (affects versions 7.31.0 and later)
	NOTE: http://curl.haxx.se/docs/adv_20140910B.html
	NOTE: Introduced by https://github.com/bagder/curl/commit/85b9dc8023
CVE-2014-3619 (The __socket_proto_state_machine function in GlusterFS 3.5 allows remo ...)
	[experimental] - glusterfs 3.6.2-1
	- glusterfs 3.5.2-2 (bug #781018)
	[wheezy] - glusterfs <not-affected> (Vulnerability introduced after 3.2 release)
	[squeeze] - glusterfs <not-affected> (Vulnerability introduced after 3.2 release)
	NOTE: http://review.gluster.org/#/c/8848/ (3.5)
	NOTE: http://review.gluster.org/#/c/8662/4 (master)
	NOTE: GlusterFS after version 3.2 got changes in the RPC handling which seem to
	NOTE: introduce the vulnerability. With 3.2.x issue is not reproducible.
CVE-2014-3617 (The forum_print_latest_discussions function in mod/forum/lib.php in Mo ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619
CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cach ...)
	{DSA-3029-1 DLA-55-1}
	- nginx 1.6.2-1 (bug #761940)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
	NOTE: Upstream patch: http://trac.nginx.org/nginx/changeset/1ee1db30c9b96e9e43e85ab0bfba42140af24966/nginx (stable-1.6 branch)
	NOTE: See follow up on: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
CVE-2014-3615 (The VGA emulator in QEMU allows local guest users to read host memory  ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.1+dfsg-5
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
CVE-2014-3614 (Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6 ...)
	- pdns-recursor 3.6.1-1
	[wheezy] - pdns-recursor <not-affected> (Only affects 3.6.0)
	[squeeze] - pdns-recursor <not-affected> (Only affects 3.6.0)
CVE-2014-3613 (cURL and libcurl before 7.38.0 does not properly handle IP addresses i ...)
	{DSA-3022-1 DLA-64-1}
	- curl 7.38.0-1
	NOTE: http://curl.haxx.se/docs/adv_20140910A.html
CVE-2014-3612 (The LDAPLoginModule implementation in the Java Authentication and Auth ...)
	- activemq 5.6.0+dfsg1-4 (low; bug #777196)
	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
CVE-2014-3611 (Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=2febc839133280d5a5e8e1179c94ea674489dae2
CVE-2014-3610 (The WRMSR processing functionality in the KVM subsystem in the Linux k ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=8b3c3104c3f4f706e99365c3e0d2aa61b95f969f
	NOTE: Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue.
CVE-2014-3609 (HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allo ...)
	{DSA-3139-1 DSA-3014-1 DLA-216-1 DLA-45-1}
	- squid 2.7.STABLE9-5 (bug #776194)
	- squid3 3.3.8-1.2 (bug #759509)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows r ...)
	- nova 2014.1.3-1
	[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
	NOTE: Incomplete fix for CVE-2014-2573
CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not proper ...)
	- libvt-ldap-java 3.3.8-1 (bug #763608)
CVE-2014-3606
	REJECTED
CVE-2014-3605
	REJECTED
CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not proper ...)
	- not-yet-commons-ssl 0.3.15-1 (bug #759526)
	NOTE: http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html
CVE-2014-3603 (The (1) HttpResource and (2) FileBackedHttpResource implementations in ...)
	- libopensaml2-java 2.6.2-1 (bug #759470)
	NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
	NOTE: http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
CVE-2014-3602 (Red Hat OpenShift Enterprise before 2.2 allows local users to obtain I ...)
	NOT-FOR-US: OpenShift
CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kern ...)
	- linux 3.16.2-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before  ...)
	- activemq 5.6.0+dfsg1-4 (low; bug #777196)
	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
CVE-2014-3599 (HornetQ REST is vulnerable to XML External Entity due to insecure conf ...)
	NOT-FOR-US: HornetQ
CVE-2014-3598 (The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...)
	- pillow 2.5.3-1
	- python-imaging <not-affected> (Vulnerable code not present)
CVE-2014-3597 (Multiple buffer overflows in the php_parserr function in ext/standard/ ...)
	{DSA-3008-1 DLA-67-1}
	- php5 5.6.0+dfsg-1
	NOTE: patch: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e
	NOTE: https://bugs.php.net/bug.php?id=67717
	NOTE: incomplete fix for CVE-2014-4049
CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ve ...)
	{DLA-169-1}
	- axis 1.4-21 (low; bug #762444)
	[wheezy] - axis 1.4-16.2+deb7u1
	[squeeze] - axis <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
CVE-2014-3595 (Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7 ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-3594 (Cross-site scripting (XSS) vulnerability in the Host Aggregates interf ...)
	- horizon 2014.1.2-3 (bug #758930)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: up to 2013.2.3, and 2014.1 versions up to 2014.1.2
CVE-2014-3593 (Eval injection vulnerability in luci 0.26.0 allows remote authenticate ...)
	NOT-FOR-US: Luci
CVE-2014-3592 (OpenShift Origin: Improperly validated team names could allow stored X ...)
	NOT-FOR-US: OpenShift Origin
CVE-2014-3591 (Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciph ...)
	{DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
	- libgcrypt11 <removed>
	- libgcrypt20 1.6.3-2
	- gnupg 1.4.18-7
	NOTE: http://www.cs.tau.ac.il/~tromer/radioexp/
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b
CVE-2014-3590 (Versions of Foreman as shipped with Red Hat Satellite 6 does not check ...)
	- foreman <itp> (bug #663101)
CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ...)
	{DSA-3009-1 DLA-41-1}
	- pillow 2.5.3-1 (bug #758772)
	- python-imaging <removed>
	[squeeze] - python-imaging 1.1.7-2+deb6u1
	NOTE: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
CVE-2014-3588
	RESERVED
CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c in fi ...)
	{DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1}
	- php5 5.6.0+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=67716
	NOTE: https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
	- file 1:5.19-2
CVE-2014-3586 (The default configuration for the Command Line Interface in Red Hat En ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2014-3585 (redhat-upgrade-tool: Does not check GPG signatures when upgrading vers ...)
	NOT-FOR-US: redhat-upgrade-tool
CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7. ...)
	NOT-FOR-US: Apache CXF
CVE-2014-3583 (The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi  ...)
	- apache2 2.4.10-8 (low)
	[wheezy] - apache2 <not-affected> (no mod_proxy_fcgi in 2.2)
	[squeeze] - apache2 <not-affected> (no mod_proxy_fcgi in 2.2)
	NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
	NOTE: Only exploitable by a malicious fcgi script.
CVE-2014-3582 (In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary ...)
	NOT-FOR-US: Apache Ambari
CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in  ...)
	{DLA-71-1}
	- apache2 2.4.10-3
	[wheezy] - apache2 <not-affected> (Only affects 2.4)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6
CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x be ...)
	{DSA-3107-1 DLA-119-1}
	- subversion 1.8.10-5 (bug #773263)
	NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x  ...)
	NOT-FOR-US: Apache ActiveMQ Apollo
CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...)
	{DLA-1853-1}
	- libspring-java 3.2.13-1 (low; bug #760733)
	[wheezy] - libspring-java <no-dsa> (minor issue)
	NOTE: https://github.com/spring-projects/spring-framework/issues/16414
	NOTE: https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d
CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents Htt ...)
	{DLA-222-1}
	- httpcomponents-client 4.3.5-1
	[wheezy] - httpcomponents-client 4.1.1-2+deb7u1
	[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
	- commons-httpclient 3.1-11 (bug #758086)
	[wheezy] - commons-httpclient 3.1-10.2+deb7u1
	NOTE: See https://bugs.debian.org/758086#59 for full details.
CVE-2014-3576 (The processControlCommand function in broker/TransportConnection.java  ...)
	{DSA-3330-1}
	- activemq 5.6.0+dfsg1-4+deb8u1 (bug #792857)
CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenO ...)
	NOT-FOR-US: OpenOffice on Windows
CVE-2014-3574 (Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote at ...)
	- libapache-poi-java 3.10.1-1
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
CVE-2014-3573 (The oVirt Engine backend module, as used in Red Hat Enterprise Virtual ...)
	NOT-FOR-US: oVirt Engine
CVE-2014-3572 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9. ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ef28c6d6767a6a30df5add36171894c96628fe98
CVE-2014-3571 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k a ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8d7aab986b499f34d9e1bc58fbfd77f05c38116e
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b
CVE-2014-3570 (The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0. ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a7a44ba55cb4f884c6bc9ceac90072dea38e66d
CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc,  ...)
	{DSA-3125-1 DLA-81-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d
CVE-2014-3568 (OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j d ...)
	{DSA-3053-1 DLA-81-1}
	- openssl 1.0.1j-1
CVE-2014-3567 (Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL  ...)
	{DSA-3053-1 DLA-81-1}
	- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...)
	{DSA-3489-1 DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-400-1 DLA-282-1 DLA-157-1}
	- arora <unfixed> (unimportant)
	- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
	NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
	- chromium-browser 39.0.2171.71-1 (bug #765928)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- conkeror <unfixed> (unimportant)
	- cyassl <removed> (bug #769905)
	- wolfssl 3.4.8+dfsg-1
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	- dwb <unfixed> (unimportant)
	- openssl 1.0.1j-1
	[wheezy] - openssl <no-dsa> (Will be addressed through a point update, #774299)
	[squeeze] - openssl <no-dsa> (Change considered too risky)
	- galeon <unfixed> (unimportant)
	- gnutls26 <removed>
	[squeeze] - gnutls26 <no-dsa> (Minor issue)
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163
	- gnutls28 3.3.8-5 (bug #769904)
	- kazehakase <unfixed> (unimportant)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	- epiphany-browser <unfixed> (unimportant)
	- haskell-tls 1.2.9-2 (bug #768164)
	[wheezy] - haskell-tls <no-dsa> (Minor issue)
	- icedove 31.3.0-1
	[squeeze] - icedove <end-of-life>
	- iceweasel 31.2.0esr-2
	[squeeze] - iceweasel <end-of-life>
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	- midori <unfixed> (unimportant)
	- netsurf <unfixed> (unimportant)
	- nss 2:3.17.1-1
	[squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
	[wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b04-1
	- polarssl 1.3.9-2
	[squeeze] - polarssl <no-dsa> (Minor issue)
	[wheezy] - polarssl <no-dsa> (Minor issue)
	- pound 2.6-6 (bug #765539)
	[squeeze] - pound <no-dsa> (Minor issue)
	- surf <unfixed> (unimportant)
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	- uzbl <unfixed> (unimportant)
	- erlang 1:17.3-dfsg-3 (bug #771359)
	[squeeze] - erlang <no-dsa> (Minor issue)
	[wheezy] - erlang <no-dsa> (Minor issue)
	- lighttpd 1.4.35-4 (bug #765702)
	NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
	NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
	NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
	NOTE: Fix is to disable SSLv3 in library or application configurations
	NOTE: Browsers based on webkit (with the exception of Chromium) or khtml are not covered by security support
CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is us ...)
	- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
	[squeeze] - net-snmp <no-dsa> (Minor issue)
CVE-2014-3564 (Multiple heap-based buffer overflows in the status_handler function in ...)
	{DSA-3005-1 DLA-39-1}
	- gpgme1.0 1.5.1-1 (bug #756651)
	[squeeze] - gpgme1.0 1.2.0-1.2+deb6u1
	NOTE: patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
CVE-2014-3563 (Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 20 ...)
	- salt 2014.1.10+ds-1
	NOTE: http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
CVE-2014-3562 (Red Hat Directory Server 8 and 389 Directory Server, when debugging is ...)
	- 389-ds-base 1.3.2.21-1 (bug #757437)
CVE-2014-3561 (The rhevm-log-collector package in Red Hat Enterprise Virtualization 3 ...)
	NOT-FOR-US: rhevm-log-collector
CVE-2014-3560 (NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4 ...)
	- samba 2:4.1.11+dfsg-1 (bug #756759)
	[squeeze] - samba <not-affected> (Only affects 4.x)
	[wheezy] - samba <not-affected> (Only affects 4.x)
CVE-2014-3559 (The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 doe ...)
	NOT-FOR-US: ovirt-engine-backend
CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hi ...)
	- libhibernate-validator-java 4.2.1-2 (low; bug #762690)
	[jessie] - libhibernate-validator-java <no-dsa> (Only used as a build dependency for libhibernate3-java)
	[wheezy] - libhibernate-validator-java <no-dsa> (Only used as a build dependency for libhibernate3-java)
	[squeeze] - libhibernate-validator-java <no-dsa> (Only used as a build dependency for libhibernate3-java)
	NOTE: RedHat upgraded to new upstream versions in their security
	NOTE: updates. No patches are available for the 4.0.x branch we
	NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2.
	NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912
CVE-2014-3557
	REJECTED
CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...)
	- nginx 1.6.1-1 (bug #757196)
	[wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
	[squeeze] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
	NOTE: fixed in nginx 1.7.4, 1.6.1
CVE-2014-3555 (OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno be ...)
	- neutron 2014.1.1-3 (bug #755134)
CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp all ...)
	- libndp 1.4-1 (bug #756389)
CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
CVE-2014-3552 (The Shibboleth authentication plugin in auth/shibboleth/index.php in M ...)
	- moodle 2.6.1-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
CVE-2014-3551 (Multiple cross-site scripting (XSS) vulnerabilities in the advanced-gr ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
CVE-2014-3550 (Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task ...)
	- moodle <not-affected> (Only affects 2.7.x)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227
CVE-2014-3549 (Cross-site scripting (XSS) vulnerability in the get_description functi ...)
	- moodle <not-affected> (Only affects 2.7.x)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201
CVE-2014-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through  ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
CVE-2014-3547 (Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
CVE-2014-3546 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x  ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
CVE-2014-3545 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x  ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
CVE-2014-3544 (Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
CVE-2014-3543 (mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11,  ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417
CVE-2014-3542 (mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5 ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4. ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
CVE-2014-3540
	REJECTED
CVE-2014-3539 (base/oi/doa.py in the Rope library in CPython (aka Python) allows remo ...)
	- rope 0.10.3-1 (bug #777525)
	[jessie] - rope <no-dsa> (Minor issue)
	[squeeze] - rope <no-dsa> (Minor issue)
	[wheezy] - rope <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1116485
	NOTE: https://github.com/python-rope/rope/issues/105
	NOTE: 0.10.3-1 only adds a mitigation for the issue, so not completely fixed.
	NOTE: Still mark it as fixed in this version because patch limits socket
	NOTE: connections to localhost only
CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read du ...)
	{DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1}
	- file 1:5.19-1
	NOTE: fix relies on the new feature that introduced regex/<length> syntax, might be too intrusive for backporting.
	- php5 5.6.0~rc4+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=67705
CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the lp gr ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-1
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://www.cups.org/str.php?L4450
CVE-2014-3536 (CFME (CloudForms Management Engine) 5: RHN account information is logg ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectl ...)
	- linux <not-affected> (RHEL-specific, incomplete backport)
	- linux-2.6 <not-affected> (RHEL-specific, incomplete backport)
	NOTE: Fix: https://git.kernel.org/linus/256df2f3879efdb2e9808bdb1b54b16fbb11fa38
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=896015#c8
CVE-2014-3534 (arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s39 ...)
	{DSA-2992-1}
	- linux 3.14.13-2 (bug #728705)
	- linux-2.6 <not-affected> (Vulnerable code was introduced later)
CVE-2014-3533 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to  ...)
	{DSA-2971-1}
	- dbus 1.8.6-1
	[squeeze] - dbus <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80469
CVE-2014-3532 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux ...)
	{DSA-2971-1}
	- dbus 1.8.6-1
	[squeeze] - dbus <not-affected> (Fix for other kernel version)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80163
CVE-2014-3531 (Multiple cross-site scripting (XSS) vulnerabilities in Foreman before  ...)
	- foreman <itp> (bug #663101)
CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory  ...)
	NOT-FOR-US: PicketLink
CVE-2014-3529 (The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers  ...)
	- libapache-poi-java 3.10.1-1
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56164
CVE-2014-3527 (When using the CAS Proxy ticket authentication from Spring Security 3. ...)
	- libspring-security-java <itp> (bug #582181)
CVE-2014-3526 (Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M ...)
	NOT-FOR-US: Apache Wicket
CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5,  ...)
	- trafficserver 5.0.1-1 (low)
	[wheezy] - trafficserver <no-dsa> (Minor issue)
CVE-2014-3524 (Apache OpenOffice before 4.1.1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: OpenOffice for Windows
CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c i ...)
	- apache2 <not-affected> (Affects only Windows systems)
CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7. ...)
	- subversion 1.8.10-1
	[wheezy] - subversion <unfixed> (unimportant)
	[squeeze] - subversion <unfixed> (unimportant)
	NOTE: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
CVE-2014-3521 (The component in (1) /luci/homebase and (2) /luci/cluster menu in Red  ...)
	NOT-FOR-US: luci as included in conga
CVE-2014-3520 (OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, ...)
	- keystone 2014.1.1-3 (bug #753511)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2014-3519 (The open_by_handle_at function in vzkernel before 042stab090.5 in the  ...)
	- linux-2.6 <not-affected> (Vulnerable code not yet present)
	- linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour)
CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterpris ...)
	NOT-FOR-US: JBoss Application Server
CVE-2014-3517 (api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2 ...)
	- nova 2014.1.1-8 (bug #755042)
	[wheezy] - nova <not-affected> (Only exploitable when used with neutron, which is not in stable)
CVE-2014-3516
	RESERVED
CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...)
	{DSA-2974-1 DLA-0018-1}
	- php5 5.6.0~rc2+dfsg-1
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: https://bugs.php.net/bug.php?id=67492
CVE-2014-3514 (activerecord/lib/active_record/relation/query_methods.rb in Active Rec ...)
	- rails 2:4.1.5-1
	[wheezy] - rails <not-affected> (Only affects 4.0.0 and all Later Versions)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	- rails-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
	- ruby-activerecord-2.3 <not-affected> (Only affects 4.0.0 and all Later Versions)
	- ruby-activerecord-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
CVE-2014-3513 (Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 b ...)
	{DSA-3053-1}
	- openssl 1.0.1j-1
	[squeeze] - openssl <not-affected> (DLTS SRTP introduced in 1.0.1)
CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implement ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-3511 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 bef ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (Doesn't support TLS higher than 1.0)
CVE-2014-3510 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9 ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3509 (Race condition in the ssl_parse_serverhello_tlsext function in t1_lib. ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-3508 (The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8  ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3507 (Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 b ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3506 (d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb,  ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3505 (Double free vulnerability in d1_both.c in the DTLS implementation in O ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ ...)
	- serf 1.3.7-1 (bug #757965)
	[wheezy] - serf <no-dsa> (Minor issue)
	[squeeze] - serf <no-dsa> (Minor issue)
CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate  ...)
	NOT-FOR-US: Apache Syncope
CVE-2014-3502 (Apache Cordova Android before 3.5.1 allows remote attackers to open an ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-3501 (Apache Cordova Android before 3.5.1 allows remote attackers to bypass  ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-3500 (Apache Cordova Android before 3.5.1 allows remote attackers to change  ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-3499 (Docker 1.0.0 uses world-readable and world-writable permissions on the ...)
	- docker.io <not-affected> (RHEL specific, socket based activation not shipped)
CVE-2014-3498 (The user module in ansible before 1.6.6 allows remote authenticated us ...)
	- ansible 1.7.0+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5 (v1.7.0)
CVE-2014-3497 (Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 thr ...)
	- swift 1.13.1-1 (bug #752087)
	[wheezy] - swift <not-affected> (Only affects 1.11.0 to 1.13.1)
CVE-2014-3496 (cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 throu ...)
	NOT-FOR-US: OpenShift Origin
CVE-2014-3495 (duplicity 0.6.24 has improper verification of SSL certificates ...)
	- duplicity 0.6.21-1 (low; bug #751902)
	[wheezy] - duplicity <no-dsa> (Minor issue)
	NOTE: Since python-boto 2.6.0, cf. #751902, boto's default is now to enable
	NOTE: certificate verification. This is as such only a issue if using boto's
	NOTE: version outside of the packaged one in Debian. Mark 0.6.21-1 as fixing
	NOTE: version since this is the first upload to unstable after python-boto
	NOTE: 2.8.0-1 was uploaded.
CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.9 ...)
	- kde4libs 4:4.13.3-1 (bug #752052)
	[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
	[squeeze] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
CVE-2014-3493 (The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x be ...)
	{DSA-2966-1}
	- samba 2:4.1.9+dfsg-1
	[squeeze] - samba <not-affected> (Only affects 3.6 and later)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2014-3493
CVE-2014-3492 (Multiple cross-site scripting (XSS) vulnerabilities in the host YAML v ...)
	- foreman <itp> (bug #663101)
CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1 ...)
	- foreman <itp> (bug #663101)
	NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881
CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red H ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ( ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause  ...)
	{DLA-2110-1}
	- netty <not-affected> (Introduced in 3.9.0)
	- netty-3.9 3.9.9.Final-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects
	NOTE: 3.9.0 and 3.9.1.
	NOTE: https://github.com/netty/netty/issues/2562
	NOTE: https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994
CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in th ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
	NOTE: https://bugs.php.net/bug.php?id=67413
CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_c ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterpri ...)
	NOT-FOR-US: ovirt-engine-api / RHEV
CVE-2014-3484 (Multiple stack-based buffer overflows in the __dn_expand function in n ...)
	- musl 1.1.4-1 (bug #750815)
CVE-2014-3483 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...)
	{DSA-2982-1}
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activerecord-3.2 <removed>
	- rails 2:4.1.4-1
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	- rails-3.2 3.2.19-1
	- rails-4.0 <removed>
CVE-2014-3482 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...)
	{DSA-2982-1}
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activerecord-3.2 <removed>
	- rails 2:4.1.4-1
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	- rails-3.2 3.2.19-1
	- rails-4.0 <removed>
CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBo ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in  ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: http://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as  ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
	NOTE: https://bugs.php.net/bug.php?id=67411
CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file before ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://bugs.php.net/bug.php?id=67410
CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...)
	{DSA-2971-1 DLA-87-1}
	- dbus 1.8.4-1 (low)
	[squeeze] - dbus <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=78979
CVE-2014-3476 (OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...)
	- keystone 2014.1.1-2 (bug #751454)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2014-3475 (Cross-site scripting (XSS) vulnerability in the Users panel (admin/use ...)
	- horizon 2014.1.1-3 (bug #754255)
	[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3474 (Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/ ...)
	- horizon 2014.1.1-3 (bug #754255)
	[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3473 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack se ...)
	- horizon 2014.1.1-3 (bug #754255)
	[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss Applicat ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2014-3471 (Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emula ...)
	- qemu 2.1+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
	NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3
CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL bef ...)
	{DSA-2950-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-3469 (The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU  ...)
	{DSA-3056-1 DLA-77-1}
	- libtasn1-3 <removed>
	- libtasn1-6 3.6-1
CVE-2014-3468 (The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not prop ...)
	{DSA-3056-1 DLA-77-1}
	- libtasn1-3 <removed>
	- libtasn1-6 3.6-1
CVE-2014-3467 (Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn ...)
	{DSA-3056-1 DLA-77-1}
	- libtasn1-3 <removed>
	- libtasn1-6 3.6-1
CVE-2014-3466 (Buffer overflow in the read_server_hello function in lib/gnutls_handsh ...)
	{DSA-2944-1 DLA-0001-1}
	- gnutls26 2.12.23-16
	- gnutls28 3.2.15-1
	[squeeze] - gnutls26 2.8.6-1+squeeze4
	NOTE: http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3. ...)
	- gnutls26 <not-affected> (Affected code was introduced in 3.0)
	- gnutls28 3.2.10-1
CVE-2014-3464 (The EJB invocation handler implementation in Red Hat JBossWS, as used  ...)
	NOT-FOR-US: JBoss WS
CVE-2014-3463
	REJECTED
CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...)
	NOT-FOR-US: VICIDIAL
CVE-2013-7381 (libnotify before 1.0.4 for Node.js allows remote attackers to execute  ...)
	NOT-FOR-US: libnotify for Node.js
CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...)
	NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin
CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...)
	NOT-FOR-US: tomato module for Node.js
CVE-2013-7378 (scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node ...)
	NOT-FOR-US: Hubot Scripts module for Node.js
CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is e ...)
	NOT-FOR-US: codem-transcode Node module
CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...)
	NOT-FOR-US: OpenX
CVE-2014-3800 (XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.x ...)
	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
	- xbmc 2:13.2+dfsg1-5 (low; bug #747428)
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	NOTE: http://trac.xbmc.org/ticket/15198
CVE-2014-3774 (Multiple cross-site scripting (XSS) vulnerabilities in items.php in Te ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
CVE-2014-3773 (Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
CVE-2014-3772 (TeamPass before 2.1.20 allows remote attackers to bypass access restri ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
CVE-2014-3771 (TeamPass before 2.1.20 allows remote attackers to bypass access restri ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
CVE-2014-4703 (lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain s ...)
	- nagios-plugins <not-affected> (incomplete fix for CVE-2014-4701 not applied)
	NOTE: check_dhcp is not installed with root suid permissions in Debian
	NOTE: http://seclists.org/fulldisclosure/2014/Jun/141
	NOTE: Introduced due to incomplete fix for CVE-2014-4701 in 2.0.2.
	- monitoring-plugins <not-affected> (Vulnerable code not present, fix for CVE-2014-4701 adressed differently directly by dropping privileges)
CVE-2014-4702 (The check_icmp plugin in Nagios Plugins before 2.0.2 allows local user ...)
	- nagios-plugins <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/May/74
	NOTE: Fixed in nagios-plugins 2.0.2
	NOTE: check_imcp is not installed with root suid permissions in Debian
	- monitoring-plugins <not-affected> (Fixed with initial upload to Debian)
	NOTE: https://github.com/monitoring-plugins/monitoring-plugins/commit/48025ff39c3a78b7805bf803ac96730cef53e15c
CVE-2014-4701 (The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local user ...)
	- nagios-plugins <removed> (unimportant)
	NOTE: check_dhcp is not installed with root suid permissions in Debian
	NOTE: http://seclists.org/fulldisclosure/2014/May/74
	NOTE: fixed in nagios-plugins 2.0.2 (but needs to be made complete to not open
	NOTE: CVE-2014-4703) and thus include the fix from 2.0.3 upstream.
	- monitoring-plugins <not-affected> (Fixed with initial upload to Debian)
	NOTE: https://github.com/monitoring-plugins/monitoring-plugins/commit/48025ff39c3a78b7805bf803ac96730cef53e15c
CVE-2014-3776 (Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit i ...)
	- chicken 4.9.0-1 (bug #748904)
	[squeeze] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
	NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin  ...)
	{DSA-2935-1}
	- libgadu 1:1.12.0~rc3-1
	[squeeze] - libgadu <not-affected> (Vulnerable code not present)
CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote a ...)
	NOT-FOR-US: Construtiva CIS Manager CMS
CVE-2014-3719 (Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex L ...)
	NOT-FOR-US: ALEPH500 Integrated library management system
CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM g ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users  ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory  ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly val ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3739 (Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_ ...)
	- zenoss <itp> (bug #361253)
CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote ...)
	- zenoss <itp> (bug #361253)
CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to for ...)
	- mumble 1.2.6-1 (bug #748189)
	[squeeze] - mumble <no-dsa> (Minor issue)
	[wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2
	NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt
CVE-2014-3755 (The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6 ...)
	- mumble 1.2.6-1 (bug #748189)
	[squeeze] - mumble <no-dsa> (Minor issue)
	[wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2
	NOTE: http://mumble.info/security/Mumble-SA-2014-005.txt
CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrar ...)
	- qemu 2.1+dfsg-1 (bug #739589)
	- qemu-kvm <removed>
	[wheezy] - qemu <no-dsa> (Too intrusive to backport, minor risk)
	[wheezy] - qemu-kvm <no-dsa> (Too intrusive to backport, minor risk)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the NQMc ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2014-3459 (Heap-based buffer overflow in SolarWinds Network Configuration Manager ...)
	NOT-FOR-US: SolarWinds Network Configuration Manager
CVE-2014-3458
	RESERVED
CVE-2014-3457
	RESERVED
CVE-2014-3456 (Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition  ...)
	NOT-FOR-US: GitLab Enterprise Edition
CVE-2014-3455 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
	NOT-FOR-US: MediaWiki extension SemanticForms
CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in Special:CreateCateg ...)
	NOT-FOR-US: MediaWiki extension SemanticForms
CVE-2014-3452 (Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allo ...)
	NOT-FOR-US: K-lite Codec
CVE-2014-3451 (OpenFire XMPP Server before 3.10 accepts self-signed certificates, whi ...)
	NOT-FOR-US: Openfire
CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global Protecti ...)
	NOT-FOR-US: Panda
CVE-2014-3449 (BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerabil ...)
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3448 (BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerabili ...)
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerab ...)
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in  ...)
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require  ...)
	NOT-FOR-US: HandsomeWeb SOS Webpages
CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...)
	{DSA-2934-1}
	- python-django 1.6.5-1
	NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
CVE-2014-XXXX [data leak during restore]
	- obnam 1.8-1 (low; bug #745112)
	[wheezy] - obnam <no-dsa> (Minor issue)
CVE-2014-3462 (The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remo ...)
	- encfs 1.8.1-1 (low; bug #736066)
	[jessie] - encfs <no-dsa> (Minor issue)
	[squeeze] - encfs <no-dsa> (Minor issue)
	[wheezy] - encfs <no-dsa> (Minor issue)
	NOTE: Shortcoming documented in 1.7.4-4
	NOTE: https://defuse.ca/audits/encfs.htm
	NOTE: Upstream issue: https://github.com/vgough/encfs/issues/14
CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
	NOT-FOR-US: Drupal module
CVE-2014-3444 (The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2014-3443 (JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: JetAudio
CVE-2014-3442 (Winamp 5.666 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Winamp
CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remo ...)
	- vlc <not-affected> (VLC in Debian uses the system version of libpng which handles the malformed file correctly as invalid)
	NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
CVE-2014-3440 (The Agent Control Interface in the management server in Symantec Criti ...)
	NOT-FOR-US: Symantec
CVE-2014-3439 (ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 bef ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3438 (Multiple cross-site scripting (XSS) vulnerabilities in console interfa ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3437 (The management console in Symantec Endpoint Protection Manager (SEPM)  ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...)
	NOT-FOR-US: Symantec
CVE-2014-3435
	REJECTED
CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
	NOT-FOR-US: Symantec
CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in  ...)
	NOT-FOR-US: Symantec
CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in  ...)
	NOT-FOR-US: Symantec
CVE-2014-3431 (Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x  ...)
	NOT-FOR-US: Symantec PGP Desktop
CVE-2014-3429 (IPython Notebook 0.12 through 1.x before 1.2 does not validate the ori ...)
	- ipython 1.2.0~rc1-1 (low)
	[wheezy] - ipython 0.13.1-2+deb7u1
	[squeeze] - ipython <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ipython/ipython/pull/4845
CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with f ...)
	NOT-FOR-US: Yealink VoIP Phones
CVE-2014-3427 (CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.7 ...)
	NOT-FOR-US: Yealink VoIP Phones
CVE-2014-3420
	RESERVED
CVE-2014-3419 (Infoblox NetMRI before 6.8.5 has a default password of admin for the " ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2014-3418 (config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remo ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2014-3417 (uPortal before 4.0.13.1 does not properly check the CONFIG permission, ...)
	NOT-FOR-US: uPortal
CVE-2014-3416 (uPortal before 4.0.13.1 does not properly check the MANAGE permissions ...)
	NOT-FOR-US: uPortal
CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remote au ...)
	NOT-FOR-US: Sharetronix
CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before  ...)
	NOT-FOR-US: Sharetronix
CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has a ...)
	NOT-FOR-US: Juniper
CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...)
	NOT-FOR-US: Juniper NSM
CVE-2014-3410 (The syslog-management subsystem in Cisco Adaptive Security Appliance ( ...)
	NOT-FOR-US: Cisco
CVE-2014-3409 (The Ethernet Connectivity Fault Management (CFM) handling feature in C ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Prime Optical
CVE-2014-3407 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2014-3406 (Race condition in the IP logging feature in Cisco Intrusion Prevention ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3405 (Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3404 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS X ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3403 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS X ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3402 (The authentication-manager process in the web framework in Cisco Intru ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3401
	RESERVED
CVE-2014-3400 (Cisco WebEx Meetings Server allows remote authenticated users to obtai ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3399 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-3398 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-3397 (The network stack in Cisco TelePresence MCU Software before 4.3(2.30)  ...)
	NOT-FOR-US: TelePresence MCU
CVE-2014-3396 (Cisco IOS XR on ASR 9000 devices does not properly use compression for ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigg ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 bef ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA Sof ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.5 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before 8 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in  ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13),  ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Softw ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1  ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.1 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3381 (The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisc ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2014-3380 (Cisco Unified Communications Domain Manager Platform Software 4.4(.3)  ...)
	NOT-FOR-US: Cisco Unified Communications
CVE-2014-3379 (Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 device ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3378 (tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3377 (snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated user ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3376 (Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3375 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3374 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin i ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3373 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3372 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3371
	REJECTED
CVE-2014-3370 (Cisco TelePresence Video Communication Server (VCS) and Expressway Sof ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3369 (The SIP IX implementation in Cisco TelePresence Video Communication Se ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3368 (Cisco TelePresence Video Communication Server (VCS) and Expressway Sof ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3367 (Cross-site scripting (XSS) vulnerability in the vCloud Director compon ...)
	NOT-FOR-US: Cisco
CVE-2014-3366 (SQL injection vulnerability in the administrative web interface in Cis ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3365 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Sec ...)
	NOT-FOR-US: Cisco Prime Security Manager
CVE-2014-3364 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...)
	NOT-FOR-US: Cisco
CVE-2014-3363 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-3362 (Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3 ...)
	NOT-FOR-US: Cisco
CVE-2014-3361 (The ALG module in Cisco IOS 15.0 through 15.4 does not properly implem ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3360 (Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3359 (Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3358 (Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3357 (Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3356 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3. ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3355 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3. ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3354 (Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x  ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing Sys ...)
	NOT-FOR-US: Cisco
CVE-2014-3352 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3 ...)
	NOT-FOR-US: Cisco
CVE-2014-3351 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does n ...)
	NOT-FOR-US: Cisco
CVE-2014-3350 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does n ...)
	NOT-FOR-US: Cisco
CVE-2014-3349 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does n ...)
	NOT-FOR-US: Cisco
CVE-2014-3348 (The SSH module in the Integrated Management Controller (IMC) before 2. ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-3347 (Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rat ...)
	NOT-FOR-US: Cisco
CVE-2014-3346 (The web framework in Cisco Transport Gateway for Smart Call Home (aka  ...)
	NOT-FOR-US: Cisco
CVE-2014-3345 (The web framework in Cisco Transport Gateway for Smart Call Home (aka  ...)
	NOT-FOR-US: Cisco
CVE-2014-3344 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...)
	NOT-FOR-US: Cisco
CVE-2014-3343 (Cisco IOS XR 5.1 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Cisco
CVE-2014-3342 (The CLI in Cisco IOS XR allows remote authenticated users to obtain se ...)
	NOT-FOR-US: Cisco
CVE-2014-3341 (The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 a ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-3340 (Directory traversal vulnerability in an unspecified PHP script in the  ...)
	NOT-FOR-US: Cisco
CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web inter ...)
	NOT-FOR-US: Cisco
CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) 10. ...)
	NOT-FOR-US: Cisco
CVE-2014-3337 (The SIP implementation in Cisco Unified Communications Manager (CM) 8. ...)
	NOT-FOR-US: Cisco
CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity Connec ...)
	NOT-FOR-US: Cisco
CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
	NOT-FOR-US: Cisco
CVE-2014-3334
	REJECTED
CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote a ...)
	NOT-FOR-US: Cisco
CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an i ...)
	NOT-FOR-US: Cisco
CVE-2014-3331 (The Session Manager component in Packet Data Network Gateway (aka PGW) ...)
	NOT-FOR-US: Cisco
CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly proce ...)
	NOT-FOR-US: Cisco
CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component i ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server a ...)
	NOT-FOR-US: Cisco Unified Presence Server
CVE-2014-3327 (The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 an ...)
	NOT-FOR-US: Cisco
CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security Man ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2014-3324 (Multiple cross-site scripting (XSS) vulnerabilities in the login page  ...)
	NOT-FOR-US: Cisco TelePrecence Server
CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center Ente ...)
	NOT-FOR-US: Cisco
CVE-2014-3322 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group  ...)
	NOT-FOR-US: Cisco
CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in t ...)
	NOT-FOR-US: Cisco
CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool (RT ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the Di ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3317 (Directory traversal vulnerability in the Multiple Analyzer in the Dial ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3316 (The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3315 (Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3314 (Cisco AnyConnect on Android and OS X does not properly verify the host ...)
	NOT-FOR-US: Cisco AnyConnect
CVE-2014-3313 (Cross-site scripting (XSS) vulnerability in the web user interface on  ...)
	NOT-FOR-US: Cisco Small Business phones
CVE-2014-3312 (The debug console interface on Cisco Small Business SPA300 and SPA500  ...)
	NOT-FOR-US: Cisco Small Business phones
CVE-2014-3311 (Heap-based buffer overflow in the file-sharing feature in WebEx Meetin ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3310 (The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meet ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3309 (The NTP implementation in Cisco IOS and IOS XE does not properly suppo ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static  ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on Cis ...)
	NOT-FOR-US: Cisco Small Cell
CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, E ...)
	NOT-FOR-US: Cisco
CVE-2014-3305 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3304 (The OutlookAction Class in Cisco WebEx Meetings Server allows remote a ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly res ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3302 (user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does n ...)
	NOT-FOR-US: Cisco
CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5 ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified Communication ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial of servi ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3298 (Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cl ...)
	NOT-FOR-US: Cisco
CVE-2014-3297 (Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not  ...)
	NOT-FOR-US: Cisco
CVE-2014-3296 (The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server  ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3295 (The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remo ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-3294 (Cisco WebEx Meeting Server does not properly restrict the content of U ...)
	NOT-FOR-US: Cisco WebEx Meeting Server
CVE-2014-3293 (Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to us ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3292 (The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified C ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3291 (Cisco Wireless LAN Controller (WLC) devices allow remote attackers to  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-3290 (The mDNS implementation in Cisco IOS XE 3.12S does not properly intera ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2014-3289 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Cisco
CVE-2014-3288
	RESERVED
CVE-2014-3287 (SQL injection vulnerability in BulkViewFileContentsAction.java in the  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3286 (The web framework in Cisco WebEx Meeting Server does not properly rest ...)
	NOT-FOR-US: Cisco WebEx Meeting Server
CVE-2014-3285 (Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2014-3284 (Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, al ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3283 (Open redirect vulnerability in Self-Care Client Portal applications in ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3282 (The Administration GUI in the web framework in VOSS in Cisco Unified C ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3281 (The web framework in VOSS in Cisco Unified Communications Domain Manag ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3280 (The web framework in VOSS in Cisco Unified Communications Domain Manag ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3279 (The Administration GUI in the web framework in VOSS in Cisco Unified C ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3278 (The web framework in VOSS in Cisco Unified Communications Domain Manag ...)
	NOT-FOR-US: Cisco Unified Communications
CVE-2014-3277 (The Administration GUI in the web framework in VOSS in Cisco Unified C ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3276 (Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does  ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-3275 (SQL injection vulnerability in the web framework in Cisco Identity Ser ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-3274 (Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to H ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3273 (The LLDP implementation in Cisco IOS allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3272 (The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier al ...)
	NOT-FOR-US: Cisco
CVE-2014-3271 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to c ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2014-3270 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to c ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2014-3269 (The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2014-3268 (Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices all ...)
	NOT-FOR-US: Cisco Unified Border Element
CVE-2014-3267 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3266 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3265 (Cross-site scripting (XSS) vulnerability in the Auto Update Server (AU ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3264 (Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier a ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-3263 (The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to c ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3262 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS  ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3261 (Buffer overflow in the Smart Call Home implementation in Cisco NX-OS o ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-3260 (Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the ...)
	NOT-FOR-US: Pacom
CVE-2014-3259
	RESERVED
CVE-2014-3258
	RESERVED
CVE-2014-3257
	RESERVED
CVE-2014-3256
	RESERVED
CVE-2014-3255
	RESERVED
CVE-2014-3254
	RESERVED
CVE-2014-3253
	RESERVED
CVE-2014-3252
	RESERVED
CVE-2014-3251 (The MCollective aes_security plugin, as used in Puppet Enterprise befo ...)
	- mcollective 2.6.0+dfsg-1 (low; bug #758701)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: Mcollective are not configured to use the plugin and are not vulnerable by default.
	NOTE: http://puppetlabs.com/security/cve/cve-2014-3251
CVE-2014-3250 (The default vhost configuration file in Puppet before 3.6.2 does not i ...)
	- puppet 3.7.0-1 (low)
	[squeeze] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
	[wheezy] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
	NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250
CVE-2014-3249 (Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
CVE-2014-3248 (Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2. ...)
	- puppet 3.7.0-1 (low)
	[wheezy] - puppet <no-dsa> (Minor issue)
	[squeeze] - puppet <no-dsa> (Minor issue)
	- hiera 1.3.4-1 (low)
	- ruby-hiera <removed> (low)
	[wheezy] - ruby-hiera <no-dsa> (Minor issue)
	- facter 2.0.1-1 (low)
	[wheezy] - facter <no-dsa> (Minor issue)
	[squeeze] - facter <no-dsa> (Minor issue)
	- mcollective 2.5.2+dfsg-1 (low)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: http://puppetlabs.com/security/cve/cve-2014-3248
	NOTE: problem in combination with ruby <= 1.9.1
CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remo ...)
	- collabtive 2.0+dfsg-1 (bug #748828)
	[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote authentica ...)
	- collabtive 1.2+dfsg-2 (bug #748828)
	[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3245
	RESERVED
CVE-2014-3244 (XML external entity (XXE) vulnerability in the RSSDashlet dashlet in S ...)
	NOT-FOR-US: SugarCRM
CVE-2014-3241
	RESERVED
CVE-2014-3240
	RESERVED
CVE-2014-3239
	RESERVED
CVE-2014-3238
	RESERVED
CVE-2014-3237
	RESERVED
CVE-2014-3236
	RESERVED
CVE-2014-3235
	RESERVED
CVE-2014-3234
	RESERVED
CVE-2014-3233
	RESERVED
CVE-2014-3232
	RESERVED
CVE-2014-3231
	RESERVED
CVE-2014-3229
	RESERVED
CVE-2014-3228
	RESERVED
CVE-2014-3227 (dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect th ...)
	{DSA-2915-2}
	- dpkg 1.17.9
CVE-2014-3226
	RESERVED
CVE-2014-3224 (Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC50 ...)
	NOT-FOR-US: Huawei
CVE-2014-3223 (Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300 ...)
	NOT-FOR-US: Huawei
CVE-2014-3222 (In Huawei eSpace Meeting with software V100R001C03SPC201 and the earli ...)
	NOT-FOR-US: Huawei
CVE-2014-3221 (Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earli ...)
	NOT-FOR-US: Huawei
CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authent ...)
	NOT-FOR-US: F5 BIG-IQ
CVE-2013-7383 (x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0 ...)
	- x2goserver <not-affected> (Fixed with first upload to Debian)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7 (4.0.1.10)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256 (4.0.0.8)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8 (4.0.0.8)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104 (4.0.0.8)
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
	NOT-FOR-US: PHP-Fusion
CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filte ...)
	{DSA-2949-1 DLA-0015-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
	NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
	NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension imple ...)
	{DSA-2949-1 DLA-0015-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
	NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
	NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3430 (Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x befo ...)
	{DSA-2954-1 DLA-0004-1}
	- dovecot 1:2.2.13~rc1-1 (low; bug #747549)
	[squeeze] - dovecot 1:1.2.15-7+deb6u1
	NOTE: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of  ...)
	NOT-FOR-US: NCSA Mosaic
CVE-2014-3425 (NCSA Mosaic 2.0 and earlier allows local users to cause a denial of se ...)
	NOT-FOR-US: NCSA Mosaic
CVE-2014-3424 (lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users  ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	- xemacs21-packages <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local user ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	- xemacs21-packages <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html
CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local  ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	- xemacs21-packages <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html
CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
CVE-2014-9091 (Icecast before 2.4.0 does not change the supplementary group privilege ...)
	- icecast2 2.4.0-1 (low)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	[wheezy] - icecast2 <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/changeset/19137/
CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity expansi ...)
	- python-soappy 0.12.22-1 (low; bug #747280)
	[squeeze] - python-soappy <no-dsa> (Minor issue)
	[wheezy] - python-soappy <no-dsa> (Minor issue)
	NOTE: http://www.pnigos.com/?p=260
CVE-2014-3242 (SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SO ...)
	- python-soappy 0.12.22-1 (low; bug #747280)
	[squeeze] - python-soappy <no-dsa> (Minor issue)
	[wheezy] - python-soappy <no-dsa> (Minor issue)
	NOTE: http://www.pnigos.com/?p=260
CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler  ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2014-3219 (fish before 2.1.1 allows local users to write to arbitrary files via a ...)
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
CVE-2014-3218
	RESERVED
CVE-2014-3217
	RESERVED
CVE-2014-3216 (GOM Media Player 2.2.57.5189 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissi ...)
	- policycoreutils <not-affected> (seunshare not enabled/built in Debian)
CVE-2014-3214 (The prefetch implementation in named in ISC BIND 9.10.0, when a recurs ...)
	- bind9 <not-affected> (prefetch option introduced in BIND 9.10.0b1)
	NOTE: https://kb.isc.org/article/AA-01161
CVE-2014-3213
	RESERVED
CVE-2014-3212
	RESERVED
CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack ...)
	NOT-FOR-US: Publify
CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking  ...)
	NOT-FOR-US: WordPress plugin Booking System
CVE-2014-3208 (A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (ps ...)
	NOT-FOR-US: askpop3d
CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Seagate
CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a h ...)
	NOT-FOR-US: Seagate
CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle  ...)
	NOT-FOR-US: Unity
CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restric ...)
	NOT-FOR-US: Unity
CVE-2014-3202 (Unity before 7.2.1 does not properly handle entry activation, which al ...)
	NOT-FOR-US: Unity
CVE-2014-3201 (core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125 ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the  ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the PDFi ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in core/loader/Nav ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...)
	- chromium-browser <not-affected> (Only affects Windows)
CVE-2014-3195 (Google V8, as used in Google Chrome before 38.0.2125.101, does not pro ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in Goog ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3193 (The SessionService::GetLastSession function in browser/sessions/sessio ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3192 (Use-after-free vulnerability in the ProcessingInstruction::setXSLStyle ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in c ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium  ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101  ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS  ...)
	- chromium-browser <not-affected> (only affects versions supporting Apple's facetime)
CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in devices/hid/hid-p ...)
	- linux 3.16.5-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101
	NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3)
CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function i ...)
	{DLA-118-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98
	NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3)
CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel be ...)
	{DLA-246-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91
	NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2)
CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request function in d ...)
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90
	NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2)
CVE-2014-3182 (Array index error in the logi_dj_raw_event function in drivers/hid/hid ...)
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable driver introduced later)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89
	NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2)
CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event func ...)
	- linux 3.16.5-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100
	NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3)
CVE-2014-3180 (** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as  ...)
	- linux 4.0.2-1 (unimportant)
	NOTE: https://git.kernel.org/linus/849151dd5481bc8acb1d287a299b5d6a4ca9f1c3 (3.17-rc4)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=408827
	NOTE: https://lkml.org/lkml/2014/9/7/29
	NOTE: The respective code path is unreachable.
CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062 ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3178 (Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3177 (Google Chrome before 37.0.2062.94 does not properly handle the interac ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3176 (Google Chrome before 37.0.2062.94 does not properly handle the interac ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3175 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062 ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3174 (modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementati ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.94 does not ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3172 (The Debugger extension API in browser/extensions/api/debugger/debugger ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3171 (Use-after-free vulnerability in the V8 bindings in Blink, as used in G ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94  ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3169 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM  ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3168 (Use-after-free vulnerability in the SVG implementation in Blink, as us ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985 ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before 36 ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3165 (Use-after-free vulnerability in modules/websockets/WorkerThreadableWeb ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3164 (cmds/servicemanager/service_manager.c in Android before commit 7d42a3c ...)
	NOT-FOR-US: Android
CVE-2014-3163
	RESERVED
CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985 ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3161 (The WebMediaPlayerAndroid::load function in content/renderer/media/and ...)
	NOT-FOR-US: Android
CVE-2014-3160 (The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in components/ ...)
	NOT-FOR-US: Android
CVE-2014-3158 (Integer overflow in the getword function in options.c in pppd in Paul' ...)
	{DSA-3079-1 DLA-74-1}
	- ppp 2.4.6-3 (medium; bug #762789)
	NOTE: https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb
	NOTE: http://marc.info/?l=linux-ppp&m=140764978420764
	NOTE: No known exploit yet but potential local privilege escalation to root for users in "dip" group
CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer f ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3156 (Buffer overflow in the clipboard implementation in Google Chrome befor ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3155 (net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chro ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3154 (Use-after-free vulnerability in the ChildThread::Shutdown function in  ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel throu ...)
	{DSA-2949-1 DLA-0007-1}
	- linux 3.14.5-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze7
	NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/92357
CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-3151
	RESERVED
CVE-2014-3150 (Livebox 1.1 allows remote authenticated users to upload arbitrary conf ...)
	NOT-FOR-US: Livebox
CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (a ...)
	NOT-FOR-US: Invision Power IP.Board
CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid  ...)
	NOT-FOR-US: OkCupid
CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature  ...)
	NOT-FOR-US: Splunk
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in lx ...)
	{DSA-2941-1 DLA-0009-1}
	- lxml 3.3.5-1 (bug #746812)
	[squeeze] - lxml 2.2.8-2+deb6u1
	NOTE: http://lxml.de/3.3/changes-3.3.5.html
	NOTE: http://seclists.org/fulldisclosure/2014/Apr/210
	NOTE: https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc
CVE-2014-3143
	RESERVED
CVE-2014-3142
	RESERVED
CVE-2014-3141
	RESERVED
CVE-2014-3140
	REJECTED
CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 all ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hot ...)
	NOT-FOR-US: Xerox DocuShare
CVE-2014-3136 (Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev ...)
	NOT-FOR-US: D-Link
CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 ...)
	NOT-FOR-US: vBulletin
CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView application i ...)
	NOT-FOR-US: SAP BusinessObjects
CVE-2014-3133 (SAP Netweaver Java Application Server does not properly restrict acces ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-3132 (SAP Background Processing does not properly restrict access, which all ...)
	NOT-FOR-US: SAP Background Processing
CVE-2014-3131 (SAP Profile Maintenance does not properly restrict access, which allow ...)
	NOT-FOR-US: SAP Solution Manager
CVE-2014-3130 (The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basi ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP N ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set the p ...)
	- ldns 1.6.17-4 (low; bug #746758)
	[squeeze] - ldns <no-dsa> (Minor issue)
	[wheezy] - ldns 1.6.13-1+deb7u1
CVE-2014-3230 (The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl ...)
	- liblwp-protocol-https-perl 6.04-3 (bug #746579)
	[wheezy] - liblwp-protocol-https-perl <not-affected> (Introduced by bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04)
	NOTE: Introduced by https://github.com/dagolden/lwp-protocol-https/commit/bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8
	NOTE: CVE assignment for https://github.com/libwww-perl/lwp-protocol-https/pull/14#issuecomment-42328818
CVE-2014-3207 (Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserve ...)
	- sks 1.1.5-1 (low; bug #746626)
	[squeeze] - sks <no-dsa> (Minor issue)
	[wheezy] - sks 1.1.3-2+deb7u1
	NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
CVE-2014-3137 (Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before  ...)
	{DSA-2948-1}
	- python-bottle 0.12.6-1 (bug #746322)
	[squeeze] - python-bottle <not-affected> (bug affects versions 0.10.11-1 and 0.12.5-1)
CVE-2014-3128
	RESERVED
CVE-2014-3127 (dpkg 1.15.9 on Debian squeeze introduces support for the "C-style enco ...)
	{DSA-2915-2}
	- dpkg 1.17.9
CVE-2014-3126
	RESERVED
CVE-2014-3125 (Xen 4.4.x, when running on an ARM system, does not properly context sw ...)
	- xen <not-affected> (Only 32- and 64-bit ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3124 (The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local g ...)
	{DSA-3006-1}
	- xen 4.4.1-1 (bug #757724)
	[squeeze] - xen <not-affected> (Xen versions from 4.1 onwards are vulnerable)
CVE-2014-3123 (Cross-site scripting (XSS) vulnerability in admin/manage-images.php in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape sequences ...)
	{DSA-2925-1}
	- rxvt-unicode 9.20-1 (bug #746593)
CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dynamic  ...)
	- elasticsearch 1.0.3+dfsg-3 (bug #759736)
	NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca
	NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853
CVE-2014-3119 (Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier  ...)
	NOT-FOR-US: web2Project
CVE-2014-3118
	RESERVED
CVE-2014-3117
	RESERVED
CVE-2014-3116
	RESERVED
CVE-2014-3115 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Fortinet Fortiweb
CVE-2014-3114 (The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and  ...)
	NOT-FOR-US: WordPress plugin ezpz-one-click-backup
CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8  ...)
	NOT-FOR-US: RealPlayer
CVE-2014-3112
	RESERVED
CVE-2014-3110 (Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCO ...)
	NOT-FOR-US: Honeywell FALCON XLWeb controllor
CVE-2014-3109
	RESERVED
CVE-2014-3108
	RESERVED
CVE-2014-3107
	RESERVED
CVE-2014-3106 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, an ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3105 (The OSLC integration feature in the Web component in IBM Rational Clea ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3104 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, an ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3103 (The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3102 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3101 (The login form in the Web component in IBM Rational ClearQuest 7.1 bef ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in /system/bin/ ...)
	NOT-FOR-US: Android service KeyStore
CVE-2014-3099 (Unspecified vulnerability in the Security component in IBM Systems Dir ...)
	NOT-FOR-US: IBM Systems Director
CVE-2014-3098
	RESERVED
CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ( ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-3096 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM Curam
CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 thro ...)
	NOT-FOR-US: IBM DB2
CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through F ...)
	NOT-FOR-US: IBM DB2
CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passw ...)
	NOT-FOR-US: IBM
CVE-2014-3092 (IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Mana ...)
	NOT-FOR-US: IBM
CVE-2014-3091 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1 ...)
	NOT-FOR-US: IBM Rational Directory Server
CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client t ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3087 (callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 ...)
	NOT-FOR-US: IBM
CVE-2014-3086 (Unspecified vulnerability in the IBM Java Virtual Machine, as used in  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3085 (systest.php on IBM GCM16 and GCM32 Global Console Manager switches wit ...)
	NOT-FOR-US: IBM
CVE-2014-3084 (IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and ...)
	NOT-FOR-US: IBM
CVE-2014-3083 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3082
	RESERVED
CVE-2014-3081 (prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches wi ...)
	NOT-FOR-US: IBM
CVE-2014-3080 (Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and G ...)
	NOT-FOR-US: IBM
CVE-2014-3079 (The Administration and Reporting Tool in IBM Rational License Key Serv ...)
	NOT-FOR-US: IBM
CVE-2014-3078
	RESERVED
CVE-2014-3077 (IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x ...)
	NOT-FOR-US: IBM
CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote att ...)
	NOT-FOR-US: IBM
CVE-2014-3075 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM
CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local  ...)
	NOT-FOR-US: IBM AIX
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mo ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2014-3072 (Unspecified vulnerability in the Automation Server in IBM Security App ...)
	NOT-FOR-US: IBM Security AppScan
CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console i ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-3070 (The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access compon ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3068 (IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 be ...)
	NOT-FOR-US: IBM JDK
CVE-2014-3067
	RESERVED
CVE-2014-3066 (IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attack ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2014-3065 (Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 b ...)
	NOT-FOR-US: IBM JDK
CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management - Collabora ...)
	NOT-FOR-US: IBM
CVE-2014-3063 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x bef ...)
	NOT-FOR-US: IBM
CVE-2014-3062 (Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2  ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend  ...)
	NOT-FOR-US: IBM
CVE-2014-3060 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 applianc ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3059 (Unspecified vulnerability in the Administrative Console on the IBM Web ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3058 (Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere D ...)
	NOT-FOR-US: IBM
CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3056 (The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3055 (SQL injection vulnerability in the Unified Task List (UTL) Portlet for ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3054 (Multiple open redirect vulnerabilities in the Unified Task List (UTL)  ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3053 (The Local Management Interface (LMI) in IBM Security Access Manager (I ...)
	NOT-FOR-US: IBM ISAM
CVE-2014-3052 (The reverse-proxy feature in IBM Security Access Manager (ISAM) for We ...)
	NOT-FOR-US: IBM ISAM
CVE-2014-3051 (The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Appli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-3050 (IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before  ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2014-3049
	RESERVED
CVE-2014-3048 (Unspecified vulnerability on the IBM System Storage Virtualization Eng ...)
	NOT-FOR-US: IBM System Storage Virtualization Engine
CVE-2014-3047
	RESERVED
CVE-2014-3046
	RESERVED
CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before  ...)
	NOT-FOR-US: IBM
CVE-2014-3044
	RESERVED
CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remot ...)
	NOT-FOR-US: IBM
CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does n ...)
	NOT-FOR-US: IBM CICS Transaction Serve
CVE-2014-3041 (SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x  ...)
	NOT-FOR-US: IBM
CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contra ...)
	NOT-FOR-US: IBM
CVE-2014-3039
	RESERVED
CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop g ...)
	NOT-FOR-US: IBM SPSS Modeler
CVE-2014-3037 (Cross-site request forgery (CSRF) vulnerability in IBM Configuration M ...)
	NOT-FOR-US: IBM
CVE-2014-3036 (Unspecified vulnerability in IBM API Management 3.0.0.0, when basic au ...)
	NOT-FOR-US: IBM API Management
CVE-2014-3035 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysi ...)
	NOT-FOR-US: IBM
CVE-2014-3034 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Mana ...)
	NOT-FOR-US: IBM
CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Port ...)
	NOT-FOR-US: IBM Emptoris Sourcing Portfolio
CVE-2014-3032 (Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Servic ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2014-3030
	RESERVED
CVE-2014-3029
	RESERVED
CVE-2014-3028
	RESERVED
CVE-2014-3027
	RESERVED
CVE-2014-3026 (CRLF injection vulnerability in IBM Maximo Asset Management 7.5 throug ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-3024 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Ma ...)
	NOT-FOR-US: IBM
CVE-2014-3023
	RESERVED
CVE-2014-3022 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3021 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 bef ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2014-3019 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...)
	NOT-FOR-US: IBM
CVE-2014-3018 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...)
	NOT-FOR-US: IBM
CVE-2014-3017
	RESERVED
CVE-2014-3016
	RESERVED
CVE-2014-3015 (Cross-site request forgery (CSRF) vulnerability in the Web player in I ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3014 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM  ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3013 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Socia ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program Ma ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3011 (IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers  ...)
	NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3009 (The GDS component in IBM InfoSphere Master Data Management - Collabora ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-3008 (Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ...)
	- pillow 2.4.0-1 (bug #737059)
	- python-imaging <removed>
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	[wheezy] - python-imaging <no-dsa> (Minor issue)
	NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing
CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when up ...)
	NOT-FOR-US: Sitepark Information Enterprise Server
CVE-2014-3005 (XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21r ...)
	- zabbix 1:2.2.5+dfsg-1 (bug #751910)
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://seclists.org/fulldisclosure/2014/Jun/87
	NOTE: Upstream issue tracking https://support.zabbix.com/browse/ZBX-8151
CVE-2014-3004 (The default configuration for the Xerces SAX Parser in Castor before 1 ...)
	NOT-FOR-US: Castor
CVE-2014-3003
	REJECTED
CVE-2014-3002
	RESERVED
CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not  ...)
	- kfreebsd-10 <not-affected>
	NOTE: it is called SA-14:07.devfs in the freebsd world
	NOTE: the devfs rules file is loaded by /etc/init.d/freebsd-utils on boot, so debian never was vulnerable
CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3 before p ...)
	{DSA-2952-1}
	- kfreebsd-10 10.0-5 (bug #746949)
	- kfreebsd-9 <removed> (bug #746951)
	- kfreebsd-8 <removed> (bug #746952)
	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2999
	RESERVED
CVE-2014-2998
	RESERVED
CVE-2014-2997
	RESERVED
CVE-2014-2996 (XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem  ...)
	NOT-FOR-US: XCloner Standalone
CVE-2014-2995 (Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in  ...)
	NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2994 (Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2014-2993 (The Birebin.com application for Android does not verify X.509 certific ...)
	NOT-FOR-US: Birebin.com application for Android
CVE-2014-2992 (The Misli.com application for Android does not verify X.509 certificat ...)
	NOT-FOR-US: Misli.com application for Android
CVE-2014-2991
	RESERVED
CVE-2014-2990
	RESERVED
CVE-2014-2989 (Cross-site request forgery (CSRF) vulnerability in Open Assessment Tec ...)
	NOT-FOR-US: Open Assessment Technologies TAO
CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Commu ...)
	NOT-FOR-US: EGroupware EPL
CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupwa ...)
	NOT-FOR-US: EGroupware EPL
CVE-2013-7373 (Android before 4.4 does not properly arrange for seeding of the OpenSS ...)
	NOT-FOR-US: Android
CVE-2013-7372 (The engineNextBytes function in classlib/modules/security/src/main/jav ...)
	NOT-FOR-US: Android
CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft In ...)
	NOT-FOR-US: Microsoft IIS
CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel bef ...)
	{DSA-2926-1 DLA-0015-1}
	- linux 3.14.4-1 (bug #747326)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Introduced by https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233
	NOTE: Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1)
CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remo ...)
	- miniupnpc 1.6-4 (low; bug #748913)
	[wheezy] - miniupnpc <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
	NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
	NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to  ...)
	- cups-filters 1.0.53-1
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
CVE-2014-4337 (The process_browse_data function in utils/cups-browsed.c in cups-brows ...)
	- cups-filters 1.0.53-1
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
CVE-2014-4336 (The generate_local_queue function in utils/cups-browsed.c in cups-brow ...)
	- cups-filters 1.0.53-1
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: incomplete fix was applied
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
CVE-2014-3111 (Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 throug ...)
	NOT-FOR-US: fog cloning solution
CVE-2014-2985
	RESERVED
CVE-2014-2984
	REJECTED
CVE-2014-2982
	RESERVED
CVE-2014-2981
	RESERVED
CVE-2014-2979
	RESERVED
CVE-2014-2978 (The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispa ...)
	- directfb <not-affected> (Vulnerable code was introduced in 1.4.4)
CVE-2014-2977 (Multiple integer signedness errors in the Dispatch_Write function in p ...)
	- directfb <not-affected> (Vulnerable code was introduced in 1.4.13)
CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allo ...)
	NOT-FOR-US: Sixnet SixView
CVE-2014-2975 (Cross-site scripting (XSS) vulnerability in php/user_account.php in Si ...)
	NOT-FOR-US: Silver Peak VX
CVE-2014-2974 (Cross-site request forgery (CSRF) vulnerability in php/user_account.ph ...)
	NOT-FOR-US: Silver Peak VX
CVE-2014-2973
	REJECTED
CVE-2014-2972 (expand.c in Exim before 4.83 expands mathematical comparisons twice, w ...)
	- exim4 4.82.1-2 (low)
	[squeeze] - exim4 <no-dsa> (Minor issue)
	[wheezy] - exim4 4.80-7+deb7u1
CVE-2014-2971 (Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroP ...)
	NOT-FOR-US: MicroPact iComplaints
CVE-2014-2970
	REJECTED
CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a har ...)
	NOT-FOR-US: NETGEAR GS108PE Prosafe Plus switches
CVE-2014-2968 (Cross-site scripting (XSS) vulnerability in the web interface on the H ...)
	NOT-FOR-US: Huawei E355 CH1E355SM firmware
CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers ...)
	NOT-FOR-US: Autodesk VRED Professional
CVE-2014-2966 (The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly pe ...)
	NOT-FOR-US: Resin Pro
CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php in Spa ...)
	NOT-FOR-US: SpamTitan
CVE-2014-2964 (Cobham Aviator 700D and 700E satellite terminals have hardcoded passwo ...)
	NOT-FOR-US: Cobham Aviator 700D and 700E satellite terminals
CVE-2014-2963 (Multiple cross-site scripting (XSS) vulnerabilities in group/control_p ...)
	NOT-FOR-US: Liferay Portal
CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...)
	NOT-FOR-US: Belkin router
CVE-2014-2961
	RESERVED
CVE-2014-2960 (Vision Critical before 2014-05-30 allows attackers to read arbitrary f ...)
	NOT-FOR-US: Vision Critical
CVE-2014-2959 (logViewer.htm on the Dell ML6000 tape backup system with firmware befo ...)
	NOT-FOR-US: Quantum Scalar
CVE-2014-2958
	RESERVED
CVE-2014-2957 (The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPE ...)
	- exim4 4.82.1-1 (unimportant)
	[squeeze] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
	[wheezy] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
	NOTE: https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
	NOTE: EXPERIMENTAL_DMARC not enabled
CVE-2014-2956 (ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelpe ...)
	NOT-FOR-US: AVG Secure Search toolbar and AVG Safeguard
CVE-2014-2955 (Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers ...)
	NOT-FOR-US: Raritan PX
CVE-2014-2954
	RESERVED
CVE-2014-2953
	RESERVED
CVE-2014-2952 [Arbitrary File Deletion as Root in Webmin]
	RESERVED
	- webmin <removed>
	NOTE: https://sites.utexas.edu/iso/2014/09/09/arbitrary-file-deletion-as-root-in-webmin/
CVE-2014-2951 (Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded pas ...)
	NOT-FOR-US: Datum Systems SnIP
CVE-2014-2950 (Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require au ...)
	NOT-FOR-US: Datum Systems SnIP
CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager  ...)
	NOT-FOR-US: F5 ARX Data Manager
CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Su ...)
	NOT-FOR-US: Bizagi BPM
CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM S ...)
	NOT-FOR-US: Bizagi BPM
CVE-2014-2946 (Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in ...)
	NOT-FOR-US: Huawei device
CVE-2014-2945
	REJECTED
CVE-2014-2944
	REJECTED
CVE-2014-2943
	REJECTED
CVE-2014-2942 (Cobham Aviator 700D and 700E satellite terminals use an improper algor ...)
	NOT-FOR-US: Cobham Aviator
CVE-2014-2941 (** DISPUTED ** Cobham Sailor 6000 satellite terminals have hardcoded T ...)
	NOT-FOR-US: Cobham Sailor 6000 satellite terminals
CVE-2014-2940 (Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF ...)
	NOT-FOR-US: Cobham Sailor 900 and 6000 satellite terminals
CVE-2014-2939 (Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterp ...)
	NOT-FOR-US: Alfresco
CVE-2014-2938 (Hanvon FaceID before 1.007.110 does not require authentication, which  ...)
	NOT-FOR-US: Hanvon FaceID
CVE-2014-2937
	REJECTED
CVE-2014-2936 (The directory manager in Caldera 9.20 allows remote attackers to condu ...)
	NOT-FOR-US: Caldera
CVE-2014-2935 (costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows  ...)
	NOT-FOR-US: Caldera
CVE-2014-2934 (Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote at ...)
	NOT-FOR-US: Caldera
CVE-2014-2933 (Directory traversal vulnerability in dirmng/index.php in Caldera 9.20  ...)
	NOT-FOR-US: Caldera
CVE-2014-2932
	RESERVED
CVE-2014-2931
	RESERVED
CVE-2014-2930
	RESERVED
CVE-2014-2929
	RESERVED
CVE-2014-2928 (The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-2927 (The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5. ...)
	NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content. ...)
	NOT-FOR-US: ASUS RT series
CVE-2014-2924
	RESERVED
CVE-2014-2923
	RESERVED
CVE-2014-2922 (The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Ne ...)
	NOT-FOR-US: pimcore
CVE-2014-2921 (The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Ne ...)
	NOT-FOR-US: pimcore
CVE-2014-2920
	RESERVED
CVE-2014-2919
	RESERVED
CVE-2014-2918
	RESERVED
CVE-2014-2917
	RESERVED
CVE-2014-2916 (Cross-site request forgery (CSRF) vulnerability in the subscription pa ...)
	NOT-FOR-US: subscription page editor
CVE-2014-2914 (fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to t ...)
	- fish 2.1.1-1 (bug #746259)
	[wheezy] - fish <not-affected> (Web interface not yet present)
	[squeeze] - fish <not-affected> (Web interface not yet present)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1438
CVE-2014-2912
	RESERVED
CVE-2014-2911
	RESERVED
CVE-2014-2910
	RESERVED
CVE-2014-2909 (CRLF injection vulnerability in the integrated web server on Siemens S ...)
	NOT-FOR-US: Siemens
CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web server  ...)
	NOT-FOR-US: Siemens
CVE-2014-2906 (The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does no ...)
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1437
CVE-2014-2905 (fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the  ...)
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1436
CVE-2014-2895
	RESERVED
CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of s ...)
	{DSA-2922-1}
	- strongswan 5.1.2-1
CVE-2014-2887
	RESERVED
CVE-2014-2886 (GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) chara ...)
	- gksu <removed>
	[stretch] - gksu <ignored> (Minor issue)
	[jessie] - gksu <ignored> (Minor issue)
	[wheezy] - gksu <no-dsa> (Minor issue)
	[squeeze] - gksu <no-dsa> (Minor issue)
	NOTE: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
	NOTE: In Debian libgksu installs two alternatives gconf-defaults.libgksu-sudo
	NOTE: and gconf-defaults.libgksu-su, where the gconf-defaults.libgksu-su is
	NOTE: enabled (in auto mode).
CVE-2014-2883
	RESERVED
CVE-2014-2882 (Unspecified vulnerability in the management GUI in Citrix NetScaler Ap ...)
	NOT-FOR-US: Citrix Netscaler
CVE-2014-2881 (Unspecified vulnerability in the Diffie-Hellman key agreement implemen ...)
	NOT-FOR-US: Citrix Netscaler
CVE-2014-2880 (Open redirect vulnerability in the Oracle Identity Manager component i ...)
	NOT-FOR-US: Oracle Identity Manager
CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL  ...)
	NOT-FOR-US: SonicWALL
CVE-2014-2878
	RESERVED
CVE-2014-2877
	RESERVED
CVE-2014-2876
	RESERVED
CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...)
	- lua-cgi <unfixed> (unimportant; bug #953037)
	NOTE: https://github.com/keplerproject/cgilua/issues/17
	NOTE: The code itself is broken and thus cannot be exploited per se if not fixed,
	NOTE: see details in https://bugs.debian.org/954300
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom Activ ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux kern ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
	NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef
	NOTE: Introduced in https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122
CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security befor ...)
	NOT-FOR-US: F-Secure
CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
	- virtualenvwrapper 4.3-1 (low; bug #745580)
	[wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
	[squeeze] - virtualenvwrapper <no-dsa> (Minor issue)
CVE-2014-2907 (The srtp_add_address function in epan/dissectors/packet-rtp.c in the R ...)
	- wireshark 1.10.7-1 (bug #745595)
	[wheezy] - wireshark <not-affected> (Affects 1.10.x only)
	[squeeze] - wireshark <not-affected> (Affects 1.10.x only)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-06.html
CVE-2014-2986 (The vgic_distr_mmio_write function in the virtual guest interrupt cont ...)
	- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2980 (Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run  ...)
	- gnustep-base 1.24.6-1 (bug #745470)
	[wheezy] - gnustep-base 1.22.1-4+deb7u1
	[squeeze] - gnustep-base <no-dsa> (Minor issue)
	NOTE: https://savannah.gnu.org/bugs/?41751
CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict acc ...)
	- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2913 (** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios  ...)
	- nagios-nrpe 2.15-1 (unimportant; bug #745272)
	NOTE: This in insecure by design anyway
CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate t ...)
	{DSA-2914-1 DSA-2913-1}
	- drupal7 7.27-1
	- drupal6 <removed>
	NOTE: https://drupal.org/SA-CORE-2014-002
CVE-2014-2904 (wolfssl before 3.2.0 has a server certificate that is not properly aut ...)
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2903 (CyaSSL does not check the key usage extension in leaf certificates, wh ...)
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2902 (wolfssl before 3.2.0 does not properly authorize CA certificate for si ...)
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2901 (wolfssl before 3.2.0 does not properly issue certificates for a server ...)
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certifica ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial  ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2898 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecifie ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2897 (The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2896 (The DoAlert function in the (1) TLS and (2) DTLS implementations in wo ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in  ...)
	- phpmyid <itp> (bug #492325)
CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
	NOT-FOR-US: Ruby Gem sfpagent
CVE-2014-2885 (Multiple integer overflows in TrueCrypt 7.1a allow local users to (1)  ...)
	- truecrypt <itp> (bug #364034)
CVE-2014-2884 (The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt  ...)
	- truecrypt <itp> (bug #364034)
CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2873 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not requir ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2872 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2871 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HT ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2870 (The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2869 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2868 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2867 (Unrestricted file upload vulnerability in PaperThin CommonSpot before  ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2866 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on clien ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2865 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2864 (Multiple directory traversal vulnerabilities in PaperThin CommonSpot b ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2863 (Multiple absolute path traversal vulnerabilities in PaperThin CommonSp ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2862 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check  ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2861 (Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0. ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2860 (Multiple cross-site scripting (XSS) vulnerabilities in PaperThin Commo ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2859 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2858 (Directory traversal vulnerability in the Resources plugin 1.0.0 before ...)
	- grails <itp> (bug #473213)
CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 f ...)
	- grails <itp> (bug #473213)
CVE-2013-7374 (The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13 ...)
	NOT-FOR-US: indicator-datetime
CVE-2013-7371 (node-connects before 2.8.2 has cross site scripting in Sencha Labs Con ...)
	- node-connect <not-affected> (Only applies when incomplete fix applied)
	NOTE: CVE for incomplete fix for CVE-2013-7370, fixed in 2.8.2
CVE-2013-7370 (node-connect before 2.8.1 has XSS in the Sencha Labs Connect middlewar ...)
	- node-connect 3.0.0-1 (bug #744374)
CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 all ...)
	NOT-FOR-US: Gnew
CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c in lib ...)
	{DSA-2916-1}
	- libmms 0.6.2-4 (bug #745301)
	- xine-lib <not-affected> (mmsh is libmms-specific)
	NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
CVE-2014-2893 (The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and  ...)
	- llvm-toolchain-snapshot 1:3.5~svn211669-1 (bug #744817)
	- llvm-toolchain-3.3 <unfixed>
	- llvm-toolchain-3.4 1:3.4.2-1
CVE-2014-2854 (Cross-site scripting (XSS) vulnerability in the SemanticTitle extensio ...)
	NOT-FOR-US: MediaWiki extension SemanticTitle
CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in includes/actions/InfoActio ...)
	- mediawiki <not-affected> (Vulnerable code not present)
CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckRespons ...)
	{DSA-2899-1}
	- openafs 1.6.7-1
CVE-2014-2850 (The network interface configuration page (netinterface) in Sophos Web  ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2014-2849 (The Change Password dialog box (change_password) in Sophos Web Applian ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2014-2848 (A race condition in the wmi_malware_scan.nbin plugin before 2014022622 ...)
	NOT-FOR-US: Nessus
CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows r ...)
	NOT-FOR-US: CIS Manager CMS
CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php i ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.509 cer ...)
	NOT-FOR-US: Cyberduck on Windows
CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure  ...)
	NOT-FOR-US: F-Secure Messaging Secure Gateway
CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...)
	NOT-FOR-US: MapSuite MapAPI
CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2014-2841
	RESERVED
CVE-2014-2840
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22 for Wor ...)
	NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the GD S ...)
	NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2837
	RESERVED
CVE-2014-2836
	RESERVED
CVE-2014-2835
	RESERVED
CVE-2014-2834
	RESERVED
CVE-2014-2833
	RESERVED
CVE-2014-2832
	RESERVED
CVE-2014-2831
	RESERVED
CVE-2014-2829 (Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly res ...)
	NOT-FOR-US: MongooseIM
CVE-2014-2827 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2826 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2825 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2824 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2823 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2822 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2821 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2820 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2819 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2818 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2817 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ga ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2816 (Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundatio ...)
	NOT-FOR-US: Microsoft
CVE-2014-2815 (Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Microsoft
CVE-2014-2814 (Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and  ...)
	NOT-FOR-US: Microsoft Server
CVE-2014-2813 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2812
	REJECTED
CVE-2014-2811 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2810 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2809 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2808 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2807 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2806 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2805
	REJECTED
CVE-2014-2804 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2803 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2802 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2801 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2800 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2798 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2797 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2796 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2795 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2794 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2793
	REJECTED
CVE-2014-2792 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2791 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2790 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2789 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2788 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2787 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2785 (Microsoft Internet Explorer 7 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2784 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2783 (Microsoft Internet Explorer 7 through 11 does not prevent use of wildc ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2781 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-2780 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-2779 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2777 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2776 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2775 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2774 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2773 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2772 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2771 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2770 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2769 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2768 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2767 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2764 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2763 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2762
	REJECTED
CVE-2014-2761 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2760 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2759 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2758 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2757 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2756 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2755 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2754 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2753 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2752 (SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded ...)
	NOT-FOR-US: SAP
CVE-2014-2751 (SAP Print and Output Management has hardcoded credentials, which makes ...)
	NOT-FOR-US: SAP
CVE-2014-2750
	REJECTED
CVE-2014-2749 (The HANA ICM process in SAP HANA allows remote attackers to obtain the ...)
	NOT-FOR-US: SAP
CVE-2014-2748 (The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for ...)
	NOT-FOR-US: SAP
CVE-2014-2747
	RESERVED
CVE-2014-2740
	RESERVED
CVE-2014-2738
	RESERVED
CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the  ...)
	NOT-FOR-US: KnowledgeTree
CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.1 ...)
	NOT-FOR-US: MODX Revolution
CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that t ...)
	NOT-FOR-US: WinSCP
CVE-2014-2734 (** DISPUTED ** The openssl extension in Ruby 2.x does not properly mai ...)
	NOTE: considered invalid and should be rejected, see https://gist.github.com/emboss/91696b56cd227c8a0c13
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Siemens SINEMA
CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated web ser ...)
	NOT-FOR-US: Siemens SINEMA
CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web server in S ...)
	NOT-FOR-US: Siemens SINEMA
CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the Federat ...)
	NOT-FOR-US: SAP
CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain unspecified cond ...)
	NOT-FOR-US: SAP
CVE-2013-7365 (Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allo ...)
	NOT-FOR-US: SAP
CVE-2013-7364 (An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver d ...)
	NOT-FOR-US: SAP
CVE-2013-7363 (Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Soluti ...)
	NOT-FOR-US: SAP
CVE-2013-7362 (An unspecified RFC function in SAP CCMS Agent allows remote attackers  ...)
	NOT-FOR-US: SAP
CVE-2013-7361 (Directory traversal vulnerability in SAP CMS and CM Services allows at ...)
	NOT-FOR-US: SAP
CVE-2013-7360 (Unspecified vulnerability in SAP adminadapter allows remote attackers  ...)
	NOT-FOR-US: SAP
CVE-2013-7359 (Unspecified vulnerability in SAP Mobile Infrastructure allows remote a ...)
	NOT-FOR-US: SAP
CVE-2013-7358 (Unspecified vulnerability in SAP Guided Procedures Archive Monitor all ...)
	NOT-FOR-US: SAP
CVE-2013-7357 (Unspecified vulnerability in the configuration service in SAP J2EE Eng ...)
	NOT-FOR-US: SAP
CVE-2013-7356 (Unspecified vulnerability in the SAP CCMS / Database Monitors for Orac ...)
	NOT-FOR-US: SAP
CVE-2013-7355 (SQL injection vulnerability in SAP BI Universal Data Integration allow ...)
	NOT-FOR-US: SAP
CVE-2012-6645 (Cross-site scripting (XSS) vulnerability in the autocomplete functiona ...)
	NOT-FOR-US: Drupal module Finder
CVE-2012-6644 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6  ...)
	NOT-FOR-US: Drupal module ClipBucket
CVE-2012-6643 (Multiple SQL injection vulnerabilities in the update_counter function  ...)
	NOT-FOR-US: Drupal module ClipBucket
CVE-2012-6642 (Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remo ...)
	NOT-FOR-US: Drupal module ClipBucket
CVE-2011-5278 (SQL injection vulnerability in signature.php in Advanced Forum Signatu ...)
	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the Advance ...)
	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2014-2889 (Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_j ...)
	- linux 3.2.1-1
	- linux-2.6 3.2.1-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: introduced by https://git.kernel.org/linus/0a14842f5a3c0e88a1e59fac5c3025db39721f74
	NOTE: Upstrem fix in https://git.kernel.org/linus/a03ffcf873fe0f2565386ca8ef832144c42e67fa
CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in h ...)
	{DSA-2933-1 DSA-2932-1}
	- qemu 2.0.0+dfsg-1 (bug #745157)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
	NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
	- rsync 3.1.0-3 (bug #744791)
	[wheezy] - rsync <not-affected> (Introduced in 3.1.0)
	[squeeze] - rsync <not-affected> (Introduced in 3.1.0)
	NOTE: Introduced with https://git.samba.org/?p=rsync.git;a=commitdiff;h=5ebe9a46d7f3c846a6d665cb8c6ab8b79508a6df
	NOTE: Fix: https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a
CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c in Comm ...)
	- cups 1.7.2-1
	[squeeze] - cups 1.4.4-7+squeeze5
	[wheezy] - cups 1.5.3-5+deb7u2
	NOTE: http://www.cups.org/str.php?L4356
CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities]
	- node-marked 0.3.1+dfsg-1
	NOTE: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in  ...)
	{DSA-2926-1}
	- linux 3.14.4-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: https://lkml.org/lkml/2014/4/10/736
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils  ...)
	- cifs-utils <unfixed> (unimportant)
	[squeeze] - cifs-utils <not-affected> (Vulnerable code not present)
	[wheezy] - cifs-utils <not-affected> (pam_cifscreds introduced in 6.3)
	NOTE: cifscreds PAM not built in unstable
CVE-2014-2828 (The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and ...)
	- keystone 2014.1-1
	[wheezy] - keystone <not-affected> (Only affects 2013.1 to 2013.2.3)
	NOTE: https://launchpad.net/bugs/1300274
CVE-2014-2746 (net/IOService.java in Tigase before 5.2.1 does not properly restrict t ...)
	NOT-FOR-US: Tigase XMPP Server
CVE-2014-2745 (Prosody before 0.9.4 does not properly restrict the processing of comp ...)
	{DSA-2895-1}
	- prosody 0.9.4-1
	[squeeze] - prosody <no-dsa> (Minor issue)
	NOTE: http://hg.prosody.im/0.9/rev/a97591d2e1ad
	NOTE: http://hg.prosody.im/0.9/rev/1107d66d2ab2
CVE-2014-2744 (plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightw ...)
	{DSA-2895-1}
	- prosody 0.9.4-1
	- lua-expat 1.3.0-1
	[wheezy] - lua-expat 1.2.0-5+deb7u1
	[squeeze] - lua-expat <no-dsa> (Minor issue)
	[squeeze] - prosody <no-dsa> (Minor issue)
	NOTE: http://hg.prosody.im/0.9/rev/b3b1c9da38fb
CVE-2014-2743 (plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does n ...)
	NOT-FOR-US: Openfire
CVE-2014-2742 (Isode M-Link before 16.0v7 does not properly restrict the processing o ...)
	NOT-FOR-US: Openfire
CVE-2014-2741 (nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 ...)
	NOT-FOR-US: Openfire
CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 201 ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-2739 (The cma_req_handler function in drivers/infiniband/core/cma.c in the L ...)
	- linux <not-affected> (Introduced and fixed in 3.14)
	- linux-2.6 <not-affected> ((Introduced and fixed in 3.14)
CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS ...)
	NOT-FOR-US: Ektron Web Content Management System
CVE-2014-2728
	RESERVED
CVE-2014-2727 (The STARTTLS implementation in MailMarshal before 7.2 allows plaintext ...)
	NOT-FOR-US: MailMarshal
CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the Socoli ...)
	NOT-FOR-US: PrestaShop
CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail Progra ...)
	- php-horde-imp 5.0.22
	- horde3 <removed> (low)
	[squeeze] - horde3 <no-dsa> (Minor issue)
CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function i ...)
	- redmine 2.5.1-1 (bug #743828)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
	NOTE: https://jvn.jp/en/jp/JVN93004610/
CVE-2014-2726
	RESERVED
CVE-2014-2725
	RESERVED
CVE-2014-2724
	RESERVED
CVE-2014-2723 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote  ...)
	NOT-FOR-US: Fortinet
CVE-2014-2722 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote  ...)
	NOT-FOR-US: Fortinet
CVE-2014-2721 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote  ...)
	NOT-FOR-US: Fortinet
CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Cen ...)
	NOT-FOR-US: IZArc Archiver
CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with firmwar ...)
	NOT-FOR-US: ASUS RT series routers
CVE-2014-2718 (ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66 ...)
	NOT-FOR-US: ASUS routers
CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier an ...)
	NOT-FOR-US: Honeywell FALCON XLWeb controller
CVE-2014-2716 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
	NOT-FOR-US: Ekahau Real-Time Location Tracking System
CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templat ...)
	NOT-FOR-US: Drupal plugin
CVE-2014-2714 (The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2713 (Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7,  ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2712 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos bef ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos bef ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerl ...)
	NOT-FOR-US: Oliver (formerly Webshar)
CVE-2014-2705
	RESERVED
CVE-2014-2704
	RESERVED
CVE-2014-2703
	RESERVED
CVE-2014-2702
	RESERVED
CVE-2014-2701
	RESERVED
CVE-2014-2700
	RESERVED
CVE-2014-2699
	RESERVED
CVE-2014-2698
	RESERVED
CVE-2014-2697
	RESERVED
CVE-2014-2696
	RESERVED
CVE-2014-2695
	RESERVED
CVE-2014-2694
	RESERVED
CVE-2014-2693
	RESERVED
CVE-2014-2692
	RESERVED
CVE-2014-2691
	RESERVED
CVE-2014-2690 (Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows l ...)
	NOT-FOR-US: Citrix VDI-in-a-Box
CVE-2014-2689 (Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier  ...)
	NOT-FOR-US: Offiria
CVE-2014-2688
	RESERVED
CVE-2014-2687
	RESERVED
CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote at ...)
	- libpng <not-affected> (Only affects 1.5 and later)
	NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/
	NOTE: http://sourceforge.net/p/libpng/bugs/199/
	- libpng1.6 1.6.10-1
CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in libpng/pngs ...)
	- libpng <not-affected> (Only affects 1.5 and later)
	NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/
	NOTE: http://sourceforge.net/p/libpng/bugs/199/
	- libpng1.6 1.6.10-1
CVE-2013-7352 (Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in  ...)
	NOT-FOR-US: b2evolution
CVE-2013-7350 (Multiple unspecified vulnerabilities in Check Point Security Gateway 8 ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2013-7349 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote att ...)
	NOT-FOR-US: Gnew
CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 all ...)
	NOT-FOR-US: War FTP Daemon
CVE-2014-5880
	REJECTED
CVE-2014-2709 (lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attacke ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #743565)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #743565)
	NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
	NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
CVE-2014-2708 (Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8 ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #743565)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #743565)
	NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
	NOTE: CVE for all changes to graph_xport.php to ensure that data is numeric
CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP pr ...)
	- cups-filters 1.0.51-1 (bug #743470)
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: Introduced in at least 1.0.41
CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before 3. ...)
	- linux 3.13.7-1 (low)
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
CVE-2014-2686 (Ansible prior to 1.5.4 mishandles the evaluation of some strings. ...)
	- ansible 1.5.4+dfsg-1
CVE-2014-2680 (The update process in Xmind 3.4.1 and earlier allow remote attackers t ...)
	- xmind <itp> (bug #520954; bug #641605)
CVE-2014-2679
	RESERVED
CVE-2014-2677
	RESERVED
CVE-2014-2676
	RESERVED
CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php i ...)
	NOT-FOR-US: WP HTML Sitemap plugin for WordPress
CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination (twitter Styl ...)
	NOT-FOR-US: Ajax Pagination (twitter Style) plugin for WordPress
CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote atta ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO Mana ...)
	NOT-FOR-US: ZOHO ManageEngine OpStor
CVE-2014-2666
	RESERVED
CVE-2014-2664 (Unrestricted file upload vulnerability in the ProfileController::actio ...)
	NOT-FOR-US: X2Engine X2CR
CVE-2014-2663
	RESERVED
CVE-2014-2662
	RESERVED
CVE-2014-2661
	RESERVED
CVE-2014-2660
	RESERVED
CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in Pap ...)
	NOT-FOR-US: Papercut MF/NG
	NOTE: This is not the papercut NNTP server.
CVE-2014-2658 (Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 269 ...)
	NOT-FOR-US: PaperCut MF
CVE-2014-2657 (Unspecified vulnerability in the print release functionality in PaperC ...)
	NOT-FOR-US: PaperCut MF
CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earl ...)
	NOT-FOR-US: MobFox mAdserve
CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
	NOT-FOR-US: Symphony CMS
CVE-2013-7351 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Sh ...)
	- shaarli 0.0.41~beta~dfsg2-4 (bug #743252)
	NOTE: https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
CVE-2014-2685 (The GenericConsumer class in the Consumer component in ZendOpenId befo ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2684 (The GenericConsumer class in the Consumer component in ZendOpenId befo ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2683 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 an ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2682 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 an ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2681 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 an ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel th ...)
	{DLA-0015-1}
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: https://lkml.org/lkml/2014/3/29/188
CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) imp ...)
	- linux 3.13.7-1
	[wheezy] - linux <not-affected> (Introduced in 3.4)
	- linux-2.6 <not-affected> (Introduced in 3.4)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=621b5060e823301d0cba4cb52a7ee3491922d291
	NOTE: only affects powerpc architecture
CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in drivers/net/wirele ...)
	- linux 3.13.7-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8
CVE-2014-2669 (Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL ...)
	{DSA-2865-1}
	- postgresql-9.1 9.1.12-1
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (9.x branch only)
	[squeeze] - postgresql-8.4 <not-affected> (9.x branch only)
	- postgresql-9.3 9.3.3-1
CVE-2014-2668 (Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a de ...)
	- couchdb <removed> (low; bug #788962)
	[wheezy] - couchdb <no-dsa> (Minor issue)
	[squeeze] - couchdb <no-dsa> (Minor issue)
	NOTE: High resource usage in CPU and memory while query is active. No crash for deamon in 1.4.0-3+b1 and 1.2.0-5 versions.
	NOTE: http://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commitdiff_plain;h=0fb5aa9e67bd291ca2638dba961f4ddd3f6ccb3e;hp=198bea3479dfecac13ab1a3e95f902b8eba02f7d
CVE-2014-2667 (Race condition in the _get_masked_mode function in Lib/os.py in Python ...)
	- python3.1 <removed>
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 <removed>
	- python3.4 3.4.1-1
	- python2.5 <not-affected> (Only affects Python 3.x)
	- python2.6 <not-affected> (Only affects Python 3.x)
	- python2.7 <not-affected> (Only affects Python 3.x)
CVE-2014-2665 (includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.1 ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.14+dfsg-1 (bug #742857)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html
CVE-2014-2656
	REJECTED
CVE-2014-2655 (SQL injection vulnerability in the gen_show_status function in functio ...)
	{DSA-2889-1}
	- postfixadmin 2.3.5-3
	NOTE: http://sourceforge.net/p/postfixadmin/code/1650
CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in OpenSSH  ...)
	{DSA-2894-1}
	- openssh 1:6.6p1-1 (low; bug #742513)
CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) befo ...)
	NOT-FOR-US: OpenScape Deployment Service
CVE-2014-2651 (Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an a ...)
	NOT-FOR-US: Unify OpenStage/OpenScape Desk Phone IP SIP
CVE-2014-2650 (Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an ...)
	NOT-FOR-US: Unify OpenStage / OpenScape Desk Phone IP
CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UN ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2647 (Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP  ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2646 (Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allow ...)
	NOT-FOR-US: HP Network Automation
CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2643 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2642 (HP System Management Homepage (SMH) before 7.4 allows remote attackers ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2014-2641 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2014-2640 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module Manager be ...)
	NOT-FOR-US: HP MPIO Device
CVE-2014-2638 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2637 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2636 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2635 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) 7.2 ...)
	NOT-FOR-US: HP Service Manager
CVE-2014-2633 (Cross-site request forgery (CSRF) vulnerability in the server in HP Se ...)
	NOT-FOR-US: HP Service Manager
CVE-2014-2632 (Unspecified vulnerability in the WebTier component in HP Service Manag ...)
	NOT-FOR-US: HP Service Manager
CVE-2014-2631 (Unspecified vulnerability in HP Application Lifecycle Management (aka  ...)
	NOT-FOR-US: HP Application Lifecycle Management / Quality Center
CVE-2014-2630 (Unspecified vulnerability in HP Operations Agent 11.00, when Glance is ...)
	NOT-FOR-US: HP Operations Agent
CVE-2014-2629 (HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, an ...)
	NOT-FOR-US: HP NonStop Safeguard Security Software
CVE-2014-2628 (Unspecified vulnerability in HP Enterprise Maps 1 allows remote authen ...)
	NOT-FOR-US: HP Enterprise Maps
CVE-2014-2627 (Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32 ...)
	NOT-FOR-US: HP NonStop NetBatch
CVE-2014-2626 (Directory traversal vulnerability in the toServerObject function in HP ...)
	NOT-FOR-US: HP Network Virtualization
CVE-2014-2625 (Directory traversal vulnerability in the storedNtxFile function in HP  ...)
	NOT-FOR-US: HP Network Virtualization
CVE-2014-2624 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9. ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x allows remo ...)
	NOT-FOR-US: HP Data Protector
CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2621 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2620 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2619 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2618 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows  ...)
	NOT-FOR-US: HP Universal CMDB
CVE-2014-2616 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows  ...)
	NOT-FOR-US: HP Universal CMDB
CVE-2014-2615 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows  ...)
	NOT-FOR-US: HP Universal CMDB
CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2 ...)
	NOT-FOR-US: HP SiteScope
CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
	NOT-FOR-US: HP Release Control
CVE-2014-2612 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
	NOT-FOR-US: HP Release Control
CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP  ...)
	NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2610 (Directory traversal vulnerability in the Content Acceleration Pack (CA ...)
	NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9. ...)
	NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2608 (Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1  ...)
	NOT-FOR-US: HP Smart Update Manager
CVE-2014-2607 (Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13  ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2606 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVir ...)
	NOT-FOR-US: HP StoreVirtual
CVE-2014-2605 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVir ...)
	NOT-FOR-US: HP StoreVirtual
CVE-2014-2604 (Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP  ...)
	NOT-FOR-US: HP IceWall
CVE-2014-2603 (Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8 ...)
	NOT-FOR-US: HP
CVE-2014-2602 (Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote aut ...)
	NOT-FOR-US: HP OneView
CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier  ...)
	NOT-FOR-US: HP
CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through S ...)
	NOT-FOR-US: HP
CVE-2014-2598 (Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post ...)
	NOT-FOR-US: Quick Page/Post Redirect plugin for WordPress
CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a ...)
	NOT-FOR-US: PCNetSoftware RAC Server
CVE-2014-2596
	RESERVED
CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...)
	NOT-FOR-US: Barracuda Web Application Firewall (WAF)
CVE-2014-2594
	RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-2592 (Unrestricted file upload vulnerability in Aruba Web Management portal  ...)
	NOT-FOR-US: Aruba Web Management portal
CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allow ...)
	NOT-FOR-US: AIX
CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...)
	NOT-FOR-US: Siemens RuggedCom ROS
CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend serv ...)
	NOT-FOR-US: SonicWall
CVE-2014-2588 (Directory traversal vulnerability in servlet/downloadReport in McAfee  ...)
	NOT-FOR-US: McAfee
CVE-2014-2587 (SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee  ...)
	NOT-FOR-US: McAfee
CVE-2014-2586 (Cross-site scripting (XSS) vulnerability in the login audit form in Mc ...)
	NOT-FOR-US: McAfee
CVE-2014-2584
	RESERVED
CVE-2014-2583 (Multiple directory traversal vulnerabilities in pam_timestamp.c in the ...)
	- pam 1.1.8-3.1 (low; bug #757555)
	[wheezy] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
	NOTE: Fix: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
CVE-2014-2582
	RESERVED
CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner  ...)
	NOT-FOR-US: WordPress plugin xcloner
CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk befor ...)
	NOT-FOR-US: Splunk Web
CVE-2014-2577 (Multiple cross-site scripting (XSS) vulnerabilities in the Transform C ...)
	NOT-FOR-US: Transform Foundation server
CVE-2014-2575 (Directory traversal vulnerability in the File Manager component in Dev ...)
	NOT-FOR-US: ASP.NET WebForms and MVC
CVE-2014-2574
	RESERVED
CVE-2014-2570 (Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...)
	- php-font-lib <unfixed> (unimportant)
	NOTE: make_subset.php installed to examples
	NOTE: http://seclists.org/bugtraq/2014/Mar/128
CVE-2014-2569
	RESERVED
CVE-2014-2566
	RESERVED
CVE-2014-2565 (The commandline interface in Blue Coat Content Analysis System (CAS) 1 ...)
	NOT-FOR-US: Blue Coat Content Analysis System
CVE-2014-2564
	RESERVED
CVE-2014-2563
	RESERVED
CVE-2014-2562
	RESERVED
CVE-2014-2561
	RESERVED
CVE-2014-2560 (The PhonerLite phone before 2.15 provides hashed credentials in a resp ...)
	NOT-FOR-US: PhonerLite phone
CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in twitget. ...)
	NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...)
	NOT-FOR-US: WordPress plugin file-gallery
CVE-2014-2557
	RESERVED
CVE-2014-2556
	RESERVED
CVE-2014-2555
	RESERVED
CVE-2014-2554 (OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6  ...)
	{DLA-1119-1}
	- otrs2 3.3.6-1
	[squeeze] - otrs2 <no-dsa> (Minor issue)
	NOTE: https://www.otrs.com/security-advisory-2014-05-clickjacking-issue/
CVE-2014-2553 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-1119-1}
	- otrs2 3.3.6-1
	[squeeze] - otrs2 <no-dsa> (Minor issue)
CVE-2014-2552 (Brookins Consulting (BC) Collected Information Export extension for eZ ...)
	NOT-FOR-US: Brookins Consulting (BC) Collected Information Export extension
CVE-2014-2551
	RESERVED
CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable Comment ...)
	NOT-FOR-US: Disable Comments plugin for WordPress
CVE-2014-2549
	RESERVED
CVE-2014-2548
	RESERVED
CVE-2014-2547
	RESERVED
CVE-2014-2546
	RESERVED
CVE-2014-2545 (TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File ...)
	NOT-FOR-US: TIBCO
CVE-2014-2544 (Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desk ...)
	NOT-FOR-US: Spotfire
CVE-2014-2543 (Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Dae ...)
	NOT-FOR-US: TIBCO
CVE-2014-2542 (Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd ...)
	NOT-FOR-US: TIBCO
CVE-2014-2541 (The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezv ...)
	NOT-FOR-US: TIBCO
CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server befor ...)
	NOT-FOR-US: Orbit Open Ad Server
CVE-2014-2539
	RESERVED
CVE-2014-2537 (Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109  ...)
	NOT-FOR-US: Sophos UTM
CVE-2014-2536 (Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0 ...)
	NOT-FOR-US: McAfee Cloud Identity Manager
CVE-2014-2535 (Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x be ...)
	NOT-FOR-US: McAfee Web Gateway
CVE-2014-2534 (/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows  ...)
	NOT-FOR-US: BlackBerry
CVE-2014-2533 (/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows  ...)
	NOT-FOR-US: BlackBerry
CVE-2014-2531 (SQL injection vulnerability in xhr.php in InterWorx Web Control Panel  ...)
	NOT-FOR-US: InterWorx Control Panel
CVE-2014-2530
	RESERVED
CVE-2014-2529
	RESERVED
CVE-2014-2526 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive  ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-2525 (Heap-based buffer overflow in the yaml_parser_scan_uri_escapes functio ...)
	{DSA-2885-1 DSA-2884-1}
	- libyaml 0.1.4-3.2 (bug #742732)
	- libyaml-libyaml-perl 0.41-5
	NOTE: http://www.ocert.org/advisories/ocert-2014-003.html
CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P0 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P0 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 befo ...)
	NOT-FOR-US: EMC RecoverPoint Appliance
CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Docu ...)
	NOT-FOR-US: EMC Documentum
CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5. ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-2516 (Open redirect vulnerability in EMC RSA Authentication Manager 8.x befo ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4 ...)
	NOT-FOR-US: EMC Documentum
CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2513 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum  ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum  ...)
	NOT-FOR-US: EMC Documentum
CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 be ...)
	NOT-FOR-US: EMC Documentum Foundation Services
CVE-2014-2509 (Session fixation vulnerability in the Report Advisor (RA) component in ...)
	NOT-FOR-US: EMC NCM
CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2507 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2505 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10,  ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager (DA ...)
	NOT-FOR-US: EMC Documentum Digital Asset Manager
CVE-2014-2502 (Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Ada ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication
CVE-2014-2501
	RESERVED
CVE-2014-2500
	RESERVED
CVE-2014-2499
	RESERVED
CVE-2014-2498
	RESERVED
CVE-2013-7348 (Double free vulnerability in the ioctx_alloc function in fs/aio.c in t ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (Introduced and fixed in 3.13 series)
	- linux-2.6 <not-affected> (Introduced and fixed in 3.13 series)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f
CVE-2013-7347 (Luci in Red Hat Conga does not properly enforce the user session timeo ...)
	NOT-FOR-US: Red Hat Conga
CVE-2013-7344 (Unspecified vulnerability in core/settings.php in ownCloud before 4.0. ...)
	- owncloud 5.0.3+dfsg-1
CVE-2013-7343 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flas ...)
	NOT-FOR-US: Flowplayer
	NOTE: Present in the source in some Moodle packages, see #736800
CVE-2013-7342 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flas ...)
	NOT-FOR-US: Flowplayer
	NOTE: Present in the source in some Moodle packages, see #736800
CVE-2013-7340 (VideoLAN VLC Media Player before 2.0.7 allows remote attackers to caus ...)
	- vlc 2.2.0~rc2-1 (unimportant)
	NOTE: No security impact
	NOTE: Might be fixed earlier than 2.2.0~rc2, but only that version was checked
CVE-2013-7337
	RESERVED
CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller fun ...)
	- dtc 0.34.1-1
CVE-2011-5275 (The install script in Domain Technologie Control (DTC) before 0.34.1 g ...)
	- dtc 0.34.1-1
CVE-2011-5274 (The drawAdminTools_PackageInstaller function in shared/inc/forms/packa ...)
	- dtc 0.34.1-1
CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in Domai ...)
	- dtc 0.34.1-1
CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
	- dtc 0.34.1-1
CVE-2009-5140 (The SIP implementation on the Linksys SPA2102 phone adapter provides h ...)
	NOT-FOR-US: Linksys
CVE-2009-5139 (The SIP implementation on the Gizmo5 software phone provides hashed cr ...)
	NOT-FOR-US: Gizmo5
CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bi ...)
	{DSA-3006-1}
	- xen 4.4.1-1 (bug #757724)
	[squeeze] - xen <not-affected> (Only affects 4.1 and later)
CVE-2014-2585 (ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external ap ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2580 (The netback driver in Xen, when using certain Linux versions that do n ...)
	- linux 3.13.10-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	- linux-2.6 <not-affected> (Introduced in 3.12)
	NOTE: upstream patch: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=e9d8b2c2968499c1f96563e6522c56958d5a1d0d (first included in v3.15-rc1).
CVE-2014-2532 (sshd in OpenSSH before 6.6 does not properly support wildcards on Acce ...)
	{DSA-2894-1}
	- openssh 1:6.6p1-1
	NOTE: Default sshd_config in Debian has AcceptEnv LANG LC_*
	NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
CVE-2014-2581 (Smb4K before 1.1.1 allows remote attackers to obtain credentials via v ...)
	- smb4k 1.1.2-1 (low; bug #742816)
	[wheezy] - smb4k <no-dsa> (Minor issue)
	[squeeze] - smb4k <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/
CVE-2014-2576 (plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_ ...)
	- claws-mail 3.10.1-1 (bug #742695)
	[wheezy] - claws-mail <not-affected> (rssyl plugin in separate source package)
	[squeeze] - claws-mail <not-affected> (rssyl plugin in separate source package)
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
	- claws-mail-extra-plugins <removed>
	[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
CVE-2014-2573 (The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2  ...)
	- nova 2014.1-9 (bug #750144)
	[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
	NOTE: https://bugs.launchpad.net/nova/+bug/1269418
CVE-2014-2568 (Use-after-free vulnerability in the nfqnl_zcopy function in net/netfil ...)
	- linux 3.13.7-1
	- linux-2.6 <not-affected> (Introduced in 3.10 commit ae08ce002108)
	[wheezy] - linux <not-affected> (Introduced in 3.10 commit ae08ce002108)
	NOTE: Upstream path: https://lkml.org/lkml/2014/3/20/421
CVE-2014-2567 (The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenC ...)
	NOT-FOR-US: Trojita
CVE-2014-2538 (Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rac ...)
	- ruby-rack-ssl 1.3.2-4 (low; bug #742186)
	[wheezy] - ruby-rack-ssl <no-dsa> (Minor issue)
	NOTE: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
CVE-2014-2528 (kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when de ...)
	- k4dirstat 2.7.5-1 (bug #741659)
	[wheezy] - k4dirstat <no-dsa> (Minor issue)
	- kdirstat <removed>
	[squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-2527 (kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when de ...)
	- k4dirstat <not-affected> (Uses single quotes for affected code)
	- kdirstat <removed> (low)
	[squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-2571 (Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-7341 (Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flas ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2014-2572 (mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not prope ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2014-2524 (The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 a ...)
	- readline6 6.3-7 (low; bug #741953)
	[wheezy] - readline6 <no-dsa> (Minor issue)
	[squeeze] - readline6 <no-dsa> (Minor issue)
CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3. ...)
	{DSA-2906-1}
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when running on Windows and us ...)
	- curl <not-affected> (Only present in code only running on Windows)
CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP  ...)
	{DSA-3215-1 DLA-189-1}
	- php5 5.6.0~rc4+dfsg-1
	[wheezy] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
	[squeeze] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
	- libgd2 2.1.0-4 (low; bug #744719)
	NOTE: http://web.archive.org/web/20150221193227/http://net-ninja-mr.me/2014/03/14/php-gd-v5-4-17-2-color-visual-null-pointer-dereference/
CVE-2014-2496 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle
CVE-2014-2495 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing  ...)
	NOT-FOR-US: Oracle
CVE-2014-2494 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-2493 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-2492 (Unspecified vulnerability in the Oracle Agile Product Collaboration co ...)
	NOT-FOR-US: Oracle
CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle Java SE 7 ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	NOTE: http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec
CVE-2014-2489 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DLA-313-1}
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
CVE-2014-2488 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DLA-313-1}
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
CVE-2014-2487 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox <not-affected> (Only applies if VBox is running on Windows)
	- virtualbox-ose <not-affected> (Only applies if VBox is running on Windows)
CVE-2014-2486 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DLA-313-1}
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
CVE-2014-2485 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-2484 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-2483 (Unspecified vulnerability in the Java SE component in Oracle Java SE J ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
CVE-2014-2482 (Unspecified vulnerability in the Oracle Concurrent Processing componen ...)
	NOT-FOR-US: Oracle
CVE-2014-2481 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-2480 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-2479 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2014-2478 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-2477 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <not-affected> (Only affects 4.0 and later)
CVE-2014-2476 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2475 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2474 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2473 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2472 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2471 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle iLearning
CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2469 (Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows at ...)
	- lighttpd <not-affected> (Only affects lighttpd on Oracle Solaris)
CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-2467 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2466 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2465 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2464 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2463 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...)
	NOT-FOR-US: Oracle Secure Global Desktop (SGD)
CVE-2014-2462
	REJECTED
CVE-2014-2461 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2460 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2459 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2458 (Unspecified vulnerability in the Oracle Agile Product Lifecycle compon ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2457 (Unspecified vulnerability in the Oracle Agile Product Lifecycle compon ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2456 (Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise  ...)
	NOT-FOR-US: Oracle
CVE-2014-2455 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-2454 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-2453 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-2452 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2451 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2450 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2449 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acq ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2448 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2447 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2446 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2445 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2444 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2443 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2442 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2441 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox-guest-additions <not-affected> (Only affects 4.1 and later)
	- virtualbox-guest-additions-iso 4.3.10-1
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2014-2440 (Unspecified vulnerability in the MySQL Client component in Oracle MySQ ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
	NOTE: this is the same issue as CVE-2014-0001, see http://www.openwall.com/lists/oss-security/2014/09/11/23
CVE-2014-2439 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...)
	NOT-FOR-US: Oracle Secure Global Desktop (SGD)
CVE-2014-2438 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier an ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2437 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2436 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier an ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2435 (Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2434 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2433 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2432 (Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2431 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier an ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2430 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier an ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2429 (Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2428 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2427 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2426 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2425 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2424 (Unspecified vulnerability in the Oracle Event Processing component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2423 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2422 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2 ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-2421 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2420 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2419 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier an ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2418 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2417 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2416 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2415 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2414 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2413 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-2412 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2411 (Unspecified vulnerability in the Oracle Identity Analytics component i ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2410 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers  ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-2409 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2408 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-2407 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2406 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-2405 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...)
	{DSA-2912-1}
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2402 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2014-2400 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2398 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2397 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2396
	RESERVED
CVE-2014-2395
	RESERVED
CVE-2014-2394
	RESERVED
CVE-2014-2393 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4. ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2392 (The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7 ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2391 (The password recovery service in Open-Xchange AppSuite before 7.2.2-re ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2390 (Cross-site request forgery (CSRF) vulnerability in the User Management ...)
	NOT-FOR-US: McAfee Network Security Manager
CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in qconnD ...)
	NOT-FOR-US: BlackBerry Z 10
CVE-2014-2388 (The Storage and Access service in BlackBerry OS 10.x before 10.2.1.192 ...)
	NOT-FOR-US: BlackBerry OS
CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web UI in S ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...)
	NOT-FOR-US: VMware on Windows
CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled,  ...)
	- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
	NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterpris ...)
	NOT-FOR-US: Faronics
CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1  ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1  ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-2379 (Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and Tr ...)
	NOT-FOR-US: Sensys Networks
CVE-2014-2378 (Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and Tr ...)
	NOT-FOR-US: Sensys Networks
CVE-2014-2377 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1 ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2376 (SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4. ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2375 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1 ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2374 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim I ...)
	NOT-FOR-US: Accuenergy
CVE-2014-2373 (The web server on the AXN-NET Ethernet module accessory 3.04 for the A ...)
	NOT-FOR-US: Accuenergy
CVE-2014-2372
	RESERVED
CVE-2014-2371
	RESERVED
CVE-2014-2370 (Cross-site scripting (XSS) vulnerability in the web application on Omr ...)
	NOT-FOR-US: Omron
CVE-2014-2369 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
	NOT-FOR-US: Omron
CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech W ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in broadweb/include/gCh ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenti ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2 allows rem ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before 7. ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2363 (Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which ...)
	NOT-FOR-US: Morpho Itemiser
CVE-2014-2362 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rel ...)
	NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, wh ...)
	NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules all ...)
	NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2359 (OleumTech Wireless Sensor Network devices allow remote attackers to ob ...)
	NOT-FOR-US: OleumTech Wireless Sensor Network devices
CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: Fox-IT Fox DataDiode
CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in SUB ...)
	NOT-FOR-US: SUBNET SubSTATION Server 2
CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require a ...)
	NOT-FOR-US: Innominate mGuard
CVE-2014-2355 (The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIM ...)
	NOT-FOR-US: Systems Integrated GE Proficy HMI/SCADA-CIMPLICITY
CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password hashin ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-2353 (Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3. ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-2352 (Directory traversal vulnerability in Cogent DataHub before 7.3.5 allow ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-2351 (SQL injection vulnerability in the LiveData service in CSWorks before  ...)
	NOT-FOR-US: CSWorks
CVE-2014-2350 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentia ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2014-2349 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to mo ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2014-2348
	RESERVED
CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessio ...)
	NOT-FOR-US: Amtelco miSecureMessages
CVE-2014-2346 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.1 ...)
	NOT-FOR-US: COPA-DATA
CVE-2014-2345 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.1 ...)
	NOT-FOR-US: COPA-DATA
CVE-2014-2344
	REJECTED
CVE-2014-2343 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physica ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2014-2342 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote  ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2014-2341 (Session fixation vulnerability in CubeCart before 5.2.9 allows remote  ...)
	NOT-FOR-US: CubeCart
CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin  ...)
	NOT-FOR-US: WordPress plugin xcloner-backup-and-restore
CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNU ...)
	NOT-FOR-US: GNU Board
CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypa ...)
	{DSA-2903-1}
	- strongswan 5.1.2-4
CVE-2014-2337
	RESERVED
CVE-2014-2336 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2014-2335 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2014-2334 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2014-2333 (Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...)
	NOT-FOR-US: WordPress plugin Lazyest Gallery
CVE-2014-2332 (Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authen ...)
	- check-mk 1.2.2p3-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2331 (Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated use ...)
	- check-mk 1.2.6p4-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2330 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mult ...)
	- check-mk 1.2.6p4-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2329 (Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before ...)
	- check-mk 1.2.2p3-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remot ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #742768)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768)
	NOTE: http://bugs.cacti.net/view.php?id=2433
CVE-2014-2327 (Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8 ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-6 (bug #742768)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768)
	NOTE: http://bugs.cacti.net/view.php?id=2432
CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g,  ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #742768)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768)
	NOTE: http://bugs.cacti.net/view.php?id=2431
CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote attac ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7 ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search Everyth ...)
	NOT-FOR-US: WP plugin search-everything
CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You C ...)
	NOT-FOR-US: WP plugin thankyoubutton
CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in Atl ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2013-7339 (The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel be ...)
	{DSA-2906-1}
	- linux 3.13-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in lib ...)
	- libvirt 1.1.4-1
	[wheezy] - libvirt <not-affected> (Vulnerable code not present)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: http://www.redhat.com/archives/libvir-list/2013-September/msg01208.html
CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x b ...)
	NOT-FOR-US: DotNetNuke
CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
	NOT-FOR-US: ImageCMS
CVE-2014-2387 (Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities ...)
	- pen 0.22.1-1 (low; bug #741370)
	[squeeze] - pen <no-dsa> (Minor issue)
	[wheezy] - pen <no-dsa> (Minor issue)
CVE-2014-2386 (Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, all ...)
	{DSA-2956-1}
	- icinga 1.11.0-1
	[squeeze] - icinga <not-affected> (Vulnerable code not present)
CVE-2014-2325 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Ga ...)
	NOT-FOR-US: Proxmox Mail Gateway
CVE-2014-2324 (Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ...)
	{DSA-2877-1}
	- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2323 (SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1. ...)
	{DSA-2877-1}
	- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allow ...)
	NOT-FOR-US: Ruby Gem Arabic Prawn
CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote atta ...)
	NOT-FOR-US: ZTE F460 and F660 cable modems
CVE-2014-2320
	RESERVED
CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 u ...)
	NOTE: Non issue
	NOTE: http://seclists.org/oss-sec/2014/q1/550
CVE-2014-2312 (The main function in android_main.cpp in thermald allows local users t ...)
	- thermald <not-affected> (android_main.cpp not used for Debian build)
CVE-2014-2311 (SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-2308
	RESERVED
CVE-2014-2307
	RESERVED
CVE-2014-2306
	RESERVED
CVE-2014-2305
	RESERVED
CVE-2014-2304 (A vulnerability in version 0.90 of the Open Floodlight SDN controller  ...)
	NOT-FOR-US: Open Floodlight
CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ( ...)
	NOT-FOR-US: webEdition CMS
CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x befor ...)
	NOT-FOR-US: webEdition CMS
CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OrbiTeam BSCW
CVE-2014-2300
	RESERVED
CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPE ...)
	{DSA-2871-1}
	- wireshark 1.10.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-04.html
CVE-2014-2298
	RESERVED
CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhispe ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-2296 (XML external entity (XXE) vulnerability in java/org/jasig/cas/util/Sam ...)
	NOT-FOR-US: Jasig CAS
CVE-2014-2295
	RESERVED
CVE-2014-2294 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers to condu ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-2293 (Zikula Application Framework before 1.3.7 build 11 allows remote attac ...)
	NOT-FOR-US: Zikula
CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in Junip ...)
	NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (S ...)
	NOT-FOR-US: Junos
CVE-2014-2290
	RESERVED
CVE-2014-2289 (res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Op ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-004.html
CVE-2014-2288 (The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, w ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-003.html
CVE-2014-2287 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11. ...)
	{DLA-781-1}
	- asterisk 1:11.8.1~dfsg-1 (bug #741313)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-002.html
CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x befo ...)
	{DLA-455-1}
	- asterisk 1:11.8.1~dfsg-1 (bug #741313)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-001.html
CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x bef ...)
	{DSA-2871-1}
	- wireshark 1.10.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-03.html
CVE-2014-2282 (The dissect_protocol_data_parameter function in epan/dissectors/packet ...)
	- wireshark 1.10.6-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-02.html
CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c i ...)
	{DSA-2871-1}
	- wireshark 1.10.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html
CVE-2013-7333 (A vulnerability in version 0.90 of the Open Floodlight SDN controller  ...)
	NOT-FOR-US: Open Floodlight
CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel thr ...)
	- linux 3.13.6-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Introduced in v3.0)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0
	NOTE: Fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers t ...)
	- net-snmp 5.7.2~dfsg-3 (bug #684388)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8
	[squeeze] - net-snmp <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/net-snmp/patches/1113/
CVE-2012-6639 (An privilege elevation vulnerability exists in Cloud-init before 0.7.0 ...)
	- cloud-init 0.7.1-1
	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299
CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in Seed ...)
	NOT-FOR-US: SeedDMS
CVE-2014-2279 (Multiple directory traversal vulnerabilities in SeedDMS (formerly Leto ...)
	NOT-FOR-US: SeedDMS
CVE-2014-2278 (Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDM ...)
	NOT-FOR-US: SeedDMS
CVE-2014-2277 (The make_temporary_filename function in perltidy 20120701-1 and earlie ...)
	- perltidy 20130922-1 (bug #740670)
	[wheezy] - perltidy <no-dsa> (Minor issue)
	[squeeze] - perltidy <no-dsa> (Minor issue)
CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Converged N ...)
	NOT-FOR-US: EMC
CVE-2014-2275
	RESERVED
CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the Subscribe To Co ...)
	NOT-FOR-US: Subscribe To Comments Reloaded plugin for WordPress
CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 al ...)
	NOT-FOR-US: Huawei Router
CVE-2014-2272
	RESERVED
CVE-2014-2271 (cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office ...)
	NOT-FOR-US: Kingsoft Office
CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 ...)
	NOT-FOR-US: vTiger CRM
CVE-2014-2268 (views/Index.php in the Install module in vTiger 6.0 before Security Pa ...)
	NOT-FOR-US: vTiger CRM
CVE-2014-2267
	RESERVED
CVE-2014-2266
	RESERVED
CVE-2014-2265 (Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to by ...)
	NOT-FOR-US: Rock Lobster Contact Form
CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 upda ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)  ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
	- libav 6:10.4-1
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9 ...)
	NOT-FOR-US: Base SAS
CVE-2014-2261
	RESERVED
CVE-2014-2260 (Cross-site scripting (XSS) vulnerability in plugins/main/content/js/aj ...)
	NOT-FOR-US: Ajenti
CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...)
	NOT-FOR-US: Siemens
CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2257 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...)
	NOT-FOR-US: Siemens
CVE-2014-2256 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2255 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...)
	NOT-FOR-US: Siemens
CVE-2014-2254 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2253 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...)
	NOT-FOR-US: Siemens
CVE-2014-2252 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2251 (The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices ...)
	NOT-FOR-US: Siemens
CVE-2014-2250 (The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices ...)
	NOT-FOR-US: Siemens
CVE-2014-2249 (Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7- ...)
	NOT-FOR-US: Siemens
CVE-2014-2248 (Open redirect vulnerability in the integrated web server on Siemens SI ...)
	NOT-FOR-US: Siemens
CVE-2014-2247 (The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices w ...)
	NOT-FOR-US: Siemens
CVE-2014-2246 (Cross-site scripting (XSS) vulnerability in the integrated web server  ...)
	NOT-FOR-US: Siemens
CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer f ...)
	- freetype 2.5.2-1.1 (bug #741299)
	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
	NOTE: https://savannah.nongnu.org/bugs/?41697#comment2 if I understood it right
CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in cff/c ...)
	- freetype 2.5.2-1.1 (bug #741299)
	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
	NOTE: https://savannah.nongnu.org/bugs/?41697#comment0
CVE-2014-2239
	RESERVED
CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier use ...)
	- openssl <not-affected> (Apple-specific patch)
CVE-2014-2233 (Server-side request forgery (SSRF) vulnerability in the MapAPI in Info ...)
	NOT-FOR-US: Infoware MapSuite
CVE-2014-2232 (Absolute path traversal vulnerability in the MapAPI in Infoware MapSui ...)
	NOT-FOR-US: Infoware MapSuite
CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...)
	NOT-FOR-US: synetics i-doit pro
CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php in O ...)
	NOT-FOR-US: OpenX
CVE-2014-2229
	RESERVED
CVE-2014-2228 (The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote a ...)
	NOT-FOR-US: HP Fortify SCA
CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Ne ...)
	NOT-FOR-US: Ubiquiti Networks
CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...)
	NOT-FOR-US: Ubiquiti Networks
CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti ...)
	NOT-FOR-US: Ubiquiti Networks
CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not as ...)
	NOT-FOR-US: Plogger
CVE-2014-2223 (Unrestricted file upload vulnerability in plog-admin/plog-upload.php i ...)
	NOT-FOR-US: Plogger
CVE-2014-2222
	RESERVED
CVE-2014-2221
	RESERVED
CVE-2014-2220
	RESERVED
CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimp ...)
	NOT-FOR-US: CMSimple
CVE-2014-2218
	RESERVED
CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload control in ...)
	NOT-FOR-US: Telerik UI for ASP.NET AJAX
CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 an ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2014-2215
	REJECTED
CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9. ...)
	NOT-FOR-US: Erwin Web Portal
CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supp ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-2208 (CRLF injection vulnerability in the LightProcess protocol implementati ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-2207
	RESERVED
CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) b ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2014-2204
	RESERVED
CVE-2014-2203
	RESERVED
CVE-2014-2202
	RESERVED
CVE-2014-2201 (The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-2200 (Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authen ...)
	NOT-FOR-US: Cisco
CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebE ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2198 (Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platf ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2197 (The Administration GUI in the web framework in Cisco Unified Communica ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2196 (Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when  ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2014-2195 (Cisco AsyncOS on Email Security Appliance (ESA) and Content Security M ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2014-2194 (system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interacti ...)
	NOT-FOR-US: Cisco Unified Web and E-mail Interaction Manager
CVE-2014-2193 (Cisco Unified Web and E-Mail Interaction Manager places session identi ...)
	NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2014-2192 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-ma ...)
	NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2014-2191 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-2190 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco
CVE-2014-2189
	REJECTED
CVE-2014-2188
	REJECTED
CVE-2014-2187
	RESERVED
CVE-2014-2186 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-2185 (The Call Detail Records (CDR) Management component in Cisco Unified Co ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-2184 (The IP Manager Assistant (IPMA) component in Cisco Unified Communicati ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-2183 (The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 rout ...)
	NOT-FOR-US: Cisco
CVE-2014-2182 (Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay i ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2181 (Cisco Adaptive Security Appliance (ASA) Software allows remote authent ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center Expr ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-2179 (The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV12 ...)
	NOT-FOR-US: Cisco RV
CVE-2014-2178 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: Cisco RV
CVE-2014-2177 (The network-diagnostics administration interface in the Cisco RV route ...)
	NOT-FOR-US: Cisco RV
CVE-2014-2176 (Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-b ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2014-2174 (Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1  ...)
	NOT-FOR-US: Cisco
CVE-2014-2173 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2014-2172 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE S ...)
	NOT-FOR-US: Cisco
CVE-2014-2171 (Heap-based buffer overflow in Cisco TelePresence TC Software 4.x throu ...)
	NOT-FOR-US: Cisco
CVE-2014-2170 (Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2014-2169 (Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Sof ...)
	NOT-FOR-US: Cisco
CVE-2014-2168 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE S ...)
	NOT-FOR-US: Cisco
CVE-2014-2167 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...)
	NOT-FOR-US: Cisco
CVE-2014-2166 (The SIP implementation in Cisco TelePresence TC Software 4.x and TE So ...)
	NOT-FOR-US: Cisco
CVE-2014-2165 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...)
	NOT-FOR-US: Cisco
CVE-2014-2164 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...)
	NOT-FOR-US: Cisco
CVE-2014-2163 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...)
	NOT-FOR-US: Cisco
CVE-2014-2162 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...)
	NOT-FOR-US: Cisco
CVE-2014-2161 (The H.225 subsystem in Cisco TelePresence System MXP Series Software b ...)
	NOT-FOR-US: Cisco
CVE-2014-2160 (The H.225 subsystem in Cisco TelePresence System MXP Series Software b ...)
	NOT-FOR-US: Cisco
CVE-2014-2159 (The H.225 subsystem in Cisco TelePresence System MXP Series Software b ...)
	NOT-FOR-US: Cisco
CVE-2014-2158 (Cisco TelePresence System MXP Series Software before F9.3.1 allows rem ...)
	NOT-FOR-US: Cisco
CVE-2014-2157 (Cisco TelePresence System MXP Series Software before F9.3.1 allows rem ...)
	NOT-FOR-US: Cisco
CVE-2014-2156 (Cisco TelePresence System MXP Series Software before F9.3.1 allows rem ...)
	NOT-FOR-US: Cisco
CVE-2014-2155 (The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows rem ...)
	NOT-FOR-US: Cisco
CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2153 (Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2152 (Cross-site request forgery (CSRF) vulnerability in the INSERT page in  ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2150
	REJECTED
CVE-2014-2149
	REJECTED
CVE-2014-2148
	RESERVED
CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does n ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2146 (The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15 ...)
	NOT-FOR-US: Cisco
CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity  ...)
	NOT-FOR-US: Cisco
CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
	NOT-FOR-US: Cisco
CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE al ...)
	NOT-FOR-US: Cisco
CVE-2014-2142 (Cisco ONS 15454 controller cards with software 10.0 and earlier allow  ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2141 (The session-termination functionality on Cisco ONS 15454 controller ca ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2140 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow r ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2139 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow r ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2138 (CRLF injection vulnerability in the web framework in Cisco Security Ma ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-2137 (CRLF injection vulnerability in the web framework in Cisco Web Securit ...)
	NOT-FOR-US: Cisco Web Security Appliance
CVE-2014-2136 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2135 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2134 (Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) playe ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2133 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2132 (Cisco WebEx Recording Format (WRF) player and Advanced Recording Forma ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2131 (The packet driver in Cisco IOS allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2130 (Cisco Secure Access Control Server (ACS) provides an unintentional adm ...)
	NOT-FOR-US: Cisco
CVE-2014-2129 (The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) S ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2128 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2127 (Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2126 (Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2125 (Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Uni ...)
	NOT-FOR-US: Cisco Unity Connection Server
CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T  ...)
	NOT-FOR-US: Cisco
CVE-2014-2123
	RESERVED
CVE-2014-2122 (Memory leak in the GUI in the Impact server in Cisco Hosted Collaborat ...)
	NOT-FOR-US: Cisco
CVE-2014-2121 (The Java-based software in Cisco Hosted Collaboration Solution (HCS) a ...)
	NOT-FOR-US: Cisco
CVE-2014-2120 (Cross-site scripting (XSS) vulnerability in the WebVPN login page in C ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS So ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in dashboard-relat ...)
	NOT-FOR-US: Cisco PRSM
CVE-2014-2117 (Multiple open redirect vulnerabilities in Cisco Emergency Responder (E ...)
	NOT-FOR-US: Cisco
CVE-2014-2116 (Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2014-2115 (Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserS ...)
	NOT-FOR-US: Cisco
CVE-2014-2114 (Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emerg ...)
	NOT-FOR-US: Cisco
CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7  ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2111 (The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 1 ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2110
	RESERVED
CVE-2014-2109 (The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 1 ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2108 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2107 (Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA  ...)
	NOT-FOR-US: Cisco
CVE-2014-2106 (Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S all ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2105
	RESERVED
CVE-2014-2104 (Multiple cross-site scripting (XSS) vulnerabilities in the Business Vo ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2103 (Cisco Intrusion Prevention System (IPS) Software allows remote attacke ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-2102 (Cisco Unified Contact Center Express (Unified CCX) does not properly r ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-2101
	RESERVED
CVE-2014-2100
	RESERVED
CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: [Anton] appears to not be present in any version of libav
CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect d ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:10.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=849b9d34 (master)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6be5a3c0 (release/10)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=36d8914f (release/9)
CVE-2014-2097 (The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: [Anton] appears to not be present in any version of libav
CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManag ...)
	- cmsms <itp> (bug #608888)
CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admi ...)
	NOT-FOR-US: ATutor
CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in IL ...)
	NOT-FOR-US: ILIAS
CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via  ...)
	NOT-FOR-US: ILIAS
CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 all ...)
	NOT-FOR-US: ILIAS
CVE-2014-2087 (Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload  ...)
	NOT-FOR-US: Free Download Manager
CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earl ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earl ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs i ...)
	- net-snmp 5.7.2.1~dfsg-3 (unimportant)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072778
	NOTE: Upstream fix: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/
	NOTE: unimportant since it only segfaults with older Perl version
	NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ddfa59c
CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2. ...)
	- net-snmp 5.7.2.1~dfsg-3 (bug #742817)
	[wheezy] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
	[squeeze] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
	NOTE: http://sourceforge.net/p/net-snmp/mailman/message/32026655/
	NOTE: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
CVE-2014-XXXX [buffer overflow]
	- mp3gain <removed> (low; bug #740268)
	[squeeze] - mp3gain <no-dsa> (Minor issue)
	[wheezy] - mp3gain <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/mp3gain/bugs/36/
CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent  ...)
	{DSA-2943-1 DSA-2873-1 DLA-145-1}
	- file 1:5.17-1
	NOTE: http://bugs.gw.com/view.php?id=313
	NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
	- php5 5.5.10+dfsg-1 (bug #740960)
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f
CVE-2013-7345 (The BEGIN regular expression in the awk script detector in magic/Magdi ...)
	{DSA-3064-1 DSA-2873-1}
	- file 1:5.17-0.1 (bug #703993)
	NOTE: http://bugs.gw.com/view.php?id=164
	NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
	- php5 5.6.0+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding
	NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"
	NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not
	NOTE: report the problematic string.
	NOTE: Good fix is to regenerate the file with "php5
	NOTE: create_data_file.php /usr/share/file/magic.mgc > data_info.c" once
	NOTE: you have a fixed libmagic1 installed.
	NOTE: fixed by php5 5.4.27 so DSA 3064-1 also fixed it in Wheezy
CVE-2014-5795
	REJECTED
CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple (CMS ...)
	- cmsms <itp> (bug #608888)
CVE-2014-2244 (Cross-site scripting (XSS) vulnerability in the formatHTML function in ...)
	- mediawiki <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61362
	NOTE: https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z
CVE-2014-2243 (includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x befor ...)
	- mediawiki 1:1.19.12+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61346
	NOTE: https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z
CVE-2014-2242 (includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and ...)
	- mediawiki 1:1.19.12+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=60771
	NOTE: https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z
CVE-2014-2238 (SQL injection vulnerability in the manage configuration page (adm_conf ...)
	- mantis <removed>
	[wheezy] - mantis <not-affected> (Introduced in 1.2.13)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
CVE-2014-2237 (The memcache token backend in OpenStack Identity (Keystone) 2013.1 thr ...)
	- keystone 2013.2.3-1
	[wheezy] - keystone <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1260080
CVE-2014-2236 (Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0 ...)
	- askbot <itp> (bug #687966)
CVE-2014-2235 (Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allow ...)
	- askbot <itp> (bug #687966)
CVE-2014-2214 (Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh  ...)
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2213 (Open redirect vulnerability in the password reset functionality in POS ...)
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2212 (The remember me feature in portal/scr_authentif.php in POSH (aka Posh  ...)
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in POSH (ak ...)
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2206 (Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8. ...)
	NOT-FOR-US: GetGo Download Manager
CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 all ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2095 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, wh ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2094 (Untrusted search path vulnerability in Catfish through 0.4.0.3, when a ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3 allows  ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2086
	RESERVED
CVE-2014-2085
	REJECTED
CVE-2014-2084 (Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, ...)
	NOT-FOR-US: Skybox View Appliances
CVE-2014-2083
	RESERVED
CVE-2014-2082
	RESERVED
CVE-2014-2081 (Multiple SQL injection vulnerabilities in the login in web_reports/cgi ...)
	NOT-FOR-US: Innovative vtls-Virtua
CVE-2014-2080 (Cross-site scripting (XSS) vulnerability in manager/templates/default/ ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-2079 (X File Explorer (aka xfe) might allow local users to bypass intended a ...)
	- xfe 1.37-2 (bug #739536)
	[wheezy] - xfe <no-dsa> (Minor issue)
	[squeeze] - xfe <no-dsa> (Minor issue)
CVE-2014-2078 (The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allo ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2076
	RESERVED
CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK  ...)
	NOT-FOR-US: TIBCO Enterprise Administrator
CVE-2014-2074
	RESERVED
CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allow ...)
	NOT-FOR-US: Dassault Systemes Catia
CVE-2014-2072 (Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadeq ...)
	NOT-FOR-US: Dassault Systemes Catia
CVE-2014-2071 (Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.6164 ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-2070
	RESERVED
CVE-2014-2069 (Absolute path traversal vulnerability in Eshtery CMS allows remote att ...)
	NOT-FOR-US: Eshtery CMS
CVE-2014-2068 (The doIndex function in hudson/util/RemotingDiagnostics.java in CloudB ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
CVE-2014-2067 (Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.ja ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
CVE-2014-2066 (Session fixation vulnerability in Jenkins before 1.551 and LTS before  ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
CVE-2014-2065 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and L ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
CVE-2014-2064 (The loadUserByUsername function in hudson/security/HudsonPrivateSecuri ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec
CVE-2014-2063 (Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
CVE-2014-2062 (Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the AP ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
CVE-2014-2061 (The input control in PasswordParameterDefinition in Jenkins before 1.5 ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
CVE-2014-2060 (The Winstone servlet container in Jenkins before 1.551 and LTS before  ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0
CVE-2014-2059 (Directory traversal vulnerability in the CLI job creation (hudson/cli/ ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
CVE-2014-2058 (BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows rem ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e
CVE-2014-2057 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 6.0.2+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-007/
CVE-2014-2056 (PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0 ...)
	- owncloud 6.0.2+dfsg-1
	- phpdocx 3.0+dfsg-2
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
CVE-2014-2055 (SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6 ...)
	- owncloud 6.0.2+dfsg-1
	- php-sabredav 1.7.11+dfsg-1
	NOTE: https://github.com/fruux/sabre-dav/releases/tag/1.7.11
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
CVE-2014-2054 (PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6. ...)
	- owncloud 6.0.2+dfsg-1
	- dolibarr 3.5.3+dfsg1-1
	- moodle 2.7.5+dfsg-3 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: dolibarr removed phpexcel in 3.5.3+dfsg1-1 / #729538
	NOTE: moodle also contain a copy of PHPExcel
	NOTE: owncloud does not mention details
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
	NOTE: https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt
CVE-2014-2053 (getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6. ...)
	{DSA-3001-1 DLA-56-1}
	- owncloud 6.0.2+dfsg-1
	- php-getid3 1.9.7-2
	[wheezy] - php-getid3 1.9.3-1+deb7u1
	[squeeze] - php-getid3 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29390
CVE-2014-2052 (Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x bef ...)
	- owncloud 6.0.2+dfsg-1
	NOTE: owncloud advisory does not mention details for ZendFramework
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
	NOTE: The reference wrt zendframework is for CVE-2012-6532
CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and  ...)
	- owncloud 6.0.0+dfsg-1
CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...)
	- owncloud <removed>
CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is c ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 r ...)
	NOT-FOR-US: Broadcom Ltd PIPA C211
CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the old and new ...)
	NOT-FOR-US: Viprinet
CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud befo ...)
	- owncloud <not-affected> (Windows-specific)
CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
	NOT-FOR-US: Procentia IntelliPen
CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project functiona ...)
	NOT-FOR-US: Livetecs Timelive
CVE-2014-2041
	RESERVED
CVE-2014-2040 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) callbac ...)
	NOT-FOR-US: WordPress plugin MediaFileRenamer
CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux kerne ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (Introduced in 3.11)
	- linux-2.6 <not-affected> (Introduced in 3.11)
	NOTE: Introduced by https://git.kernel.org/linus/c7559663e42f4294ffe31fe159da6b6a66b35d61
	NOTE: Fixed by https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24
CVE-2014-2036
	RESERVED
CVE-2014-2035 (Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web C ...)
	NOT-FOR-US: InterWorx Web Control Panel
CVE-2014-2034 (Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through  ...)
	NOT-FOR-US: Sonatype Nexus OSS
CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2014-2028
	RESERVED
CVE-2014-2026 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: Intrexx
CVE-2014-2025 (Unrestricted file upload vulnerability in an unspecified third party t ...)
	NOT-FOR-US: Intrexx
CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in classes/controller/error.p ...)
	NOT-FOR-US: Open Classifieds
CVE-2014-2023 (Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 an ...)
	NOT-FOR-US: vBulletin
CVE-2014-2022 (SQL injection vulnerability in includes/api/4/breadcrumbs_create.php i ...)
	NOT-FOR-US: vBulletin
CVE-2014-2021 (Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBul ...)
	NOT-FOR-US: vBulletin
CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2014-2019 (The iCloud subsystem in Apple iOS before 7.1 allows physically proxima ...)
	NOT-FOR-US: Apple iOS
CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x t ...)
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition before ...)
	NOT-FOR-US: OXID eShop
CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Prof ...)
	NOT-FOR-US: OXID eShop
CVE-2014-2012
	RESERVED
CVE-2014-2011
	RESERVED
CVE-2014-2010
	RESERVED
CVE-2014-2009 (The mPAY24 payment module before 1.6 for PrestaShop allows remote atta ...)
	NOT-FOR-US: mPAY24 payment module for PrestaShop
CVE-2014-2008 (SQL injection vulnerability in confirm.php in the mPAY24 payment modul ...)
	NOT-FOR-US: mPAY24 payment module for PrestaShop
CVE-2014-2007
	RESERVED
CVE-2014-2006 (Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x ...)
	NOT-FOR-US: Intercom Web Kyukincho
CVE-2014-2005 (Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5. ...)
	NOT-FOR-US: Sophos Enterprise Console
CVE-2014-2004 (The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 thro ...)
	NOT-FOR-US: SEIL routers
CVE-2014-2003 (JustSystems JUST Online Update, as used in Ichitaro through 2014 and o ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2014-2002 (Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and  ...)
	NOT-FOR-US: C-BOARD Moyuku
CVE-2014-2001 (The East Japan Railway Company JR East Japan application before 1.2.0  ...)
	NOT-FOR-US: Android application for East Japan Railway Company
CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...)
	NOT-FOR-US: NTT application for Android
CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP 1.1 throu ...)
	NOT-FOR-US: FuelPHP
CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroin ...)
	NOT-FOR-US: SOY CMS
CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier a ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypa ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search functionali ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet in Cyb ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages functionality ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through  ...)
	NOT-FOR-US: NTT DATA INTRAMART
CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the  ...)
	NOT-FOR-US: TOSHIBA TEC e-Studio
CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and earl ...)
	NOT-FOR-US: KOKUYO CamiApp application
CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu Remo ...)
	NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-1983 (Unspecified vulnerability in Cybozu Remote Service Manager through 2.3 ...)
	NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-1982 (The administrative interface in Allied Telesis AT-RG634A ADSL Broadban ...)
	NOT-FOR-US: Allied Telesis AT-RG634A ADSL Broadband router
CVE-2014-1981
	REJECTED
CVE-2014-1980 (Cross-site scripting (XSS) vulnerability in include/functions_metadata ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-1979 (The NTT DOCOMO sp mode mail application 5900 through 6300 for Android  ...)
	NOT-FOR-US: NTT DOCOMO mail app
CVE-2014-1978 (The application link interface in the NTT DOCOMO sp mode mail applicat ...)
	NOT-FOR-US: NTT DOCOMO mail app
CVE-2014-1977 (The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4 ...)
	NOT-FOR-US: NTT DOCOMO mail app
CVE-2014-1976 (The Demaecan application 2.1.0 and earlier for Android does not verify ...)
	NOT-FOR-US: Demaecan Android app
CVE-2014-1975 (Directory traversal vulnerability in the R-Company Unzipper applicatio ...)
	NOT-FOR-US: Unzipper Android app
CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer applicat ...)
	NOT-FOR-US: LYSESOFT
CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer applica ...)
	NOT-FOR-US: NextApp File Explorer application for Android
CVE-2014-1972 (Apache Tapestry before 5.3.6 relies on client-side object storage with ...)
	NOT-FOR-US: Apache Tapestry
CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows  ...)
	NOT-FOR-US: Silex
CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...)
	NOT-FOR-US: ES File Explorer File Manager for Android
CVE-2014-1969 (Directory traversal vulnerability in the apps4u@android SD Card Manage ...)
	NOT-FOR-US: apps4u@android SD Card Manager application
CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 an ...)
	NOT-FOR-US: XooNIps module for XOOPS
CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...)
	NOT-FOR-US: Denny's application for Android
CVE-2014-1966 (The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 ...)
	NOT-FOR-US: Siemens RuggedCom ROS
CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integ ...)
	NOT-FOR-US: SAP Exchange Infrastructure
CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration Repository ...)
	NOT-FOR-US: SAP Exchange Infrastructure
CVE-2014-1963 (Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allo ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-1962 (Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: SAP CRM
CVE-2014-1961 (Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver all ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-1960 (The Solution Manager in SAP NetWeaver does not properly restrict acces ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-1957 (FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to  ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1956 (CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allow ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1955 (Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1954
	RESERVED
CVE-2014-1953
	RESERVED
CVE-2014-1952
	RESERVED
CVE-2014-1951
	RESERVED
CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed action ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7 ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier a ...)
	NOT-FOR-US: Ilch CMS
CVE-2014-1942 (Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx ...)
	NOT-FOR-US: Pearson eSIS Enterprise Student Information System
CVE-2014-1941
	RESERVED
CVE-2014-1940
	RESERVED
CVE-2014-1931 (The user login page in Visibility Software Cyber Recruiter before 8.1. ...)
	NOT-FOR-US: Visibility Software Cyber Recruiter
CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use the app ...)
	NOT-FOR-US: Visibility Software Cyber Recruiter
CVE-2013-7330 (Jenkins before 1.502 allows remote authenticated users to configure an ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ext/ ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows re ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-7324 (Webkit-GTK 2.x (any version with HTML5 audio/video support based on GS ...)
	NOT-FOR-US: Historic webkit issue
CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...)
	- linux 3.2.29-1
	- linux-2.6  <removed>
	[squeeze] - linux-2.6 2.6.32-47
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s39 ...)
	{DSA-2906-1}
	- linux 3.13.5-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
CVE-2014-2037 (Openswan 2.6.40 allows remote attackers to cause a denial of service ( ...)
	- openswan <not-affected> (Incomplete fix was never applied)
CVE-2014-2032 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS befo ...)
	- maradns <not-affected> (Deadwood resolver not enabled)
	NOTE: https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS befo ...)
	- maradns <not-affected> (Deadwood resolver not enabled)
	NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
CVE-2014-2030 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...)
	{DSA-2898-1}
	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
	[squeeze] - imagemagick <not-affected> (CVE only for versions with r1448 applied)
	NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
CVE-2014-2029 (The automatic version check functionality in the tools in Percona Tool ...)
	- percona-toolkit 2.2.7-1~dfsg1 (bug #740846)
	[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
	- percona-xtrabackup 2.2.3-1 (bug #751377)
CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct  ...)
	- egroupware <removed>
CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap mod ...)
	{DLA-977-1}
	- freeradius 2.2.5+dfsg-0.1 (low; bug #742820)
	[squeeze] - freeradius <no-dsa> (Minor issue)
	NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch
CVE-2014-2014 (imapsync before 1.584, when running with the --tls option, attempts a  ...)
	- imapsync <removed>
CVE-2014-1959 (lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 trea ...)
	{DSA-2866-1}
	- gnutls26 2.12.23-12
	[squeeze] - gnutls26 <not-affected> (does not allow X.509 v1 certificates by default)
	- gnutls28 3.2.11-1
	NOTE: https://gitlab.com/gnutls/gnutls/commit/b1abfe3d18
	NOTE: introduced by https://gitlab.com/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6
CVE-2014-1958 (Buffer overflow in the DecodePSDPixels function in coders/psd.c in Ima ...)
	{DSA-2898-1}
	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
	[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not present)
	NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage?
	NOTE: http://secunia.com/advisories/56844/
CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Xen 4.1 onwards affected)
CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screen ...)
	- gtk+3.0 3.11.8-1
	[wheezy] - gtk+3.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
	- gtk+2.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
	- cinnamon 2.2.14-1 (bug #738828)
	NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7
	NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4
	NOTE: The CVE was originally assigned specifically for cinnamon-screensaver, but the underlying fix lies in gtk+3.0
	NOTE: and later MITRE assigned the CVE to GTK+ 3.10.9 and later, see official MITRE CVE description.
CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 through  ...)
	- glance 2013.2.2-1 (bug #738924)
	[wheezy] - glance <not-affected> (Only affects Havana)
	NOTE: https://launchpad.net/bugs/1275062
CVE-2014-1947 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...)
	{DSA-2898-1}
	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
	NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736
	- graphicsmagick 1.3.20-1 (unimportant)
	NOTE: for graphicsmagick: https://bugzilla.redhat.com/show_bug.cgi?id=1064098#c13
	NOTE: Rendered non-exploitable by fortified source for graphicsmagick
CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause ...)
	{DSA-2868-1 DSA-2861-1}
	- file 1:5.17-0.1 (bug #738832)
	NOTE: http://mx.gw.com/pipermail/file/2014/001337.html
	NOTE: https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
	NOTE: https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
	- php5 5.5.10+dfsg-1 (bug #739012)
CVE-2014-1929 (python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to hav ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1926
	RESERVED
CVE-2014-1920
	RESERVED
CVE-2014-1919
	RESERVED
CVE-2014-1918
	RESERVED
CVE-2014-1917
	RESERVED
CVE-2014-1916 (The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_ ...)
	NOT-FOR-US: MumbleKit / Mumble for iOS
CVE-2014-1915 (Multiple cross-site request forgery (CSRF) vulnerabilities in Command  ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1914 (Multiple cross-site scripting (XSS) vulnerabilities in Command School  ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1913
	RESERVED
CVE-2014-1911 (The Foscam FI8910W camera with firmware before 11.37.2.55 allows remot ...)
	NOT-FOR-US: Foscam camera
CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4  ...)
	NOT-FOR-US: Citrix ShareFile Mobile
CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) videowhisper_streaming.p ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live  ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhispe ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the V ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/Form ...)
	{DSA-2890-1}
	- libspring-java 3.0.6.RELEASE-13 (bug #741604)
	NOTE: http://www.gopivotal.com/security/cve-2014-1904
CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.1 ...)
	NOT-FOR-US: FreePBX
CVE-2014-1902 (Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera mo ...)
	NOT-FOR-US: Y-Cam cameras
CVE-2014-1901 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB00 ...)
	NOT-FOR-US: Y-Cam cameras
CVE-2014-1900 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB00 ...)
	NOT-FOR-US: Y-Cam cameras
CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ( ...)
	NOT-FOR-US: Citrix NetScaler Gateway
CVE-2014-1898
	RESERVED
CVE-2014-1897
	RESERVED
CVE-2014-1890
	RESERVED
CVE-2014-1889 (The Group creation process in the Buddypress plugin before 1.9.2 for W ...)
	NOT-FOR-US: Buddypress plugin for WordPress
CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin befo ...)
	NOT-FOR-US: BuddyPress plugin for WordPress
CVE-2014-1880
	RESERVED
CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin b ...)
	{DSA-2975-1}
	- phpmyadmin 4:4.1.7-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c i ...)
	{DSA-2956-1 DLA-1615-1 DLA-461-1 DLA-60-1}
	- icinga 1.10.3-1
	- nagios3 <removed> (bug #823721)
	NOTE: Fixed by https://github.com/Icinga/icinga-core/commit/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
CVE-2014-1873
	RESERVED
CVE-2014-1872
	RESERVED
CVE-2014-1871
	RESERVED
CVE-2014-1870 (Opera before 19 on Mac OS X allows user-assisted remote attackers to s ...)
	NOT-FOR-US: Opera
CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.s ...)
	- db4o <unfixed> (unimportant)
	- jenkins 1.565.3-1 (bug #763899)
	NOTE: in -doc package
CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when  ...)
	- libcgi-application-perl 4.50-2 (bug #739505)
	[wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
	[squeeze] - libcgi-application-perl <no-dsa> (Minor issue)
	NOTE: suggested fix https://github.com/markstos/CGI--Application/pull/15
CVE-2013-7325 (An issue exists in uscan in devscripts before 2.13.19, which could let ...)
	{DSA-2836-1}
	- devscripts 2.13.9
	[squeeze] - devscripts <no-dsa> (Minor issue)
CVE-2013-7321 (Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Poi ...)
	NOT-FOR-US: D-Link hardware
CVE-2013-7320 (Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Acc ...)
	NOT-FOR-US: D-Link hardware
CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download Manager plugi ...)
	NOT-FOR-US: WordPress plugin Download Manager
CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier  ...)
	NOT-FOR-US: Apache Cordova
CVE-2012-6636 (The Android API before 17 does not properly restrict the WebView.addJa ...)
	NOT-FOR-US: Android
CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly  ...)
	- oath-toolkit 2.4.1-1 (low; bug #738515)
	[wheezy] - oath-toolkit <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
CVE-2014-1939 (java/android/webkit/BrowserFrame.java in Android before 4.4 uses the a ...)
	NOT-FOR-US: Android Jelly Bean
CVE-2014-1938 (python-rply before 0.7.4 insecurely creates temporary files. ...)
	- python-rply 0.7.4-1 (unimportant; bug #737627)
	NOTE: this CVE is for the insecure use of /tmp as followup for CVE-2014-1604
	NOTE: https://github.com/alex/rply/issues/42
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-1937 (Gamera before 3.4.1 insecurely creates temporary files. ...)
	- gamera 3.4.1-1 (low; bug #737324)
	[squeeze] - gamera <no-dsa> (Minor issue)
	[wheezy] - gamera 3.3.3-2+deb7u1
CVE-2014-1936 (rc before 1.7.1-5 insecurely creates temporary files. ...)
	- rc 1.7.1-5 (unimportant; bug #737125)
	NOTE: Only in the test suite, not part of the standard package
CVE-2014-1935 (9base 1:6-6 and 1:6-7 insecurely creates temporary files which results ...)
	- 9base <unfixed> (unimportant; bug #737206)
	[squeeze] - 9base <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-1934 (tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Pyth ...)
	- eyed3 0.6.18-3 (unimportant; bug #737062)
	[squeeze] - eyed3 <no-dsa> (Minor issue)
	NOTE: Upstream patch: https://bitbucket.org/nicfit/eyed3/commits/372bbacb7a70
	NOTE: https://bitbucket.org/nicfit/eyed3/issue/65/tagpy-in-eyed3-allows-local-users-to
	NOTE: Neutralised by protected_symlinks kernel temp hardening
CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...)
	- pillow 2.4.0-1 (low; bug #737059)
	- python-imaging <removed>
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	[wheezy] - python-imaging <no-dsa> (Minor issue)
CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ...)
	- pillow 2.4.0-1 (low; bug #737059)
	- python-imaging <removed>
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	[wheezy] - python-imaging <no-dsa> (Minor issue)
CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly escap ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1925 (SQL injection vulnerability in the MARC framework import/export functi ...)
	- koha <itp> (bug #702134)
CVE-2014-1924 (The MARC framework import/export function (admin/import_export_framewo ...)
	- koha <itp> (bug #702134)
CVE-2014-1923 (Multiple directory traversal vulnerabilities in the (1) staff interfac ...)
	- koha <itp> (bug #702134)
CVE-2014-1922 (Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha be ...)
	- koha <itp> (bug #702134)
CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the sa ...)
	{DSA-2860-1}
	- parcimonie 0.8.1-1 (bug #738134)
CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android De ...)
	- android-tools 4.2.2+git20130529-5.1 (bug #770513)
	- android-platform-system-core 1:6.0.0+r26-1~stage1
	[jessie] - android-platform-system-core <no-dsa> (Minor issue)
	NOTE: http://www.droidsec.org/advisories/2014/02/04/two-security-issues-found-in-the-android-sdk-tools.html
CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4 ...)
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-1895 (Off-by-one error in the flask_security_avc_cachestats function in xsm/ ...)
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-1894 (Multiple integer overflows in unspecified suboperations in the flask h ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1893 (Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETB ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1892 (Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause  ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1891 (Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1887 (The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2 ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1886 (The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9. ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1885 (The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or  ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1884 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier  ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1883 (Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoadi ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1882 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier  ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1881 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier  ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1868 (Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when us ...)
	- restlet <itp> (bug #596472)
CVE-2014-1867 (suPHP before 0.7.2 source-highlighting feature allows security bypass  ...)
	- suphp <removed> (bug #736969)
	[squeeze] - suphp <no-dsa> (Minor issue)
	[wheezy] - suphp <no-dsa> (Minor issue)
CVE-2014-1866
	RESERVED
CVE-2014-1865
	RESERVED
CVE-2014-1864
	RESERVED
CVE-2014-1863
	RESERVED
CVE-2014-1862
	RESERVED
CVE-2014-1861 (The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 doe ...)
	NOT-FOR-US: Jetro COCKPIT Secure Browsing
CVE-2014-1859 ((1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3)  ...)
	- python-numpy 1:1.8.1~rc1-1 (low; bug #737778)
	[squeeze] - python-numpy <no-dsa> (Minor issue)
	[wheezy] - python-numpy <no-dsa> (Minor issue)
	NOTE: issue fixed by https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
CVE-2014-1858 (__init__.py in f2py in NumPy before 1.8.1 allows local users to write  ...)
	- python-numpy 1:1.8.1~rc1-1 (low; bug #737778)
	[squeeze] - python-numpy <no-dsa> (Minor issue)
	[wheezy] - python-numpy <no-dsa> (Minor issue)
CVE-2014-1857
	RESERVED
CVE-2014-1856
	RESERVED
CVE-2014-1855 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel befor ...)
	NOT-FOR-US: Seo Panel
CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the AdRotat ...)
	NOT-FOR-US: AdRotate plugin for WordPress
CVE-2014-1853
	RESERVED
CVE-2014-1852
	RESERVED
CVE-2014-1851
	RESERVED
CVE-2014-1850
	REJECTED
CVE-2014-1849 (Foscam IP camera 11.37.2.49 and other versions, when using the Foscam  ...)
	NOT-FOR-US: Foscam
CVE-2014-1848
	RESERVED
CVE-2014-1847
	RESERVED
CVE-2014-1844
	RESERVED
CVE-2014-1843 (Directory traversal vulnerability in the web interface in Titan FTP Se ...)
	NOT-FOR-US: Titan FTP Server
CVE-2014-1842 (Directory traversal vulnerability in the web interface in Titan FTP Se ...)
	NOT-FOR-US: Titan FTP Server
CVE-2014-1841 (Directory traversal vulnerability in the web interface in Titan FTP Se ...)
	NOT-FOR-US: Titan FTP Server
CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2014-1830 (Requests (aka python-requests) before 2.3.0 allows remote servers to o ...)
	{DSA-3146-1}
	- requests 2.3.0-1 (bug #733108)
	NOTE: https://github.com/kennethreitz/requests/issues/1885
CVE-2014-1829 (Requests (aka python-requests) before 2.3.0 allows remote servers to o ...)
	{DSA-3146-1}
	- requests 2.3.0-1 (bug #733108)
	NOTE: https://github.com/kennethreitz/requests/issues/1885
CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in Modules/socket ...)
	{DSA-2880-1 DLA-25-1}
	- python2.5 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.6-6 (low)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.5-1 (low)
	- python3.4 3.4.0-1 (low)
	NOTE: http://bugs.python.org/issue20246
	NOTE: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 al ...)
	NOT-FOR-US: Dokeos
CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in Op ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1 (low; bug #737562)
	- openjdk-6 6b31-1.13.3-1 (low)
CVE-2014-1875 (The Capture::Tiny module before 0.24 for Perl allows local users to wr ...)
	- libcapture-tiny-perl 0.24-1 (bug #737835)
	[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
	[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
CVE-2014-1874 (The security_context_to_sid_core function in security/selinux/ss/servi ...)
	{DSA-2906-1}
	- linux 3.13.4-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98, first included in v3.14-rc2
CVE-2014-1860 (Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities ...)
	NOT-FOR-US: Contao CMS
CVE-2014-1832 (Phusion Passenger 4.0.37 allows local users to write to certain files  ...)
	- ruby-passenger 4.0.37-2
	[wheezy] - ruby-passenger <not-affected> (incomplete patch never applied)
	- passenger <not-affected> (incomplete patch never applied)
CVE-2014-1831 (Phusion Passenger before 4.0.37 allows local users to write to certain ...)
	- ruby-passenger 4.0.37-1 (low; bug #736958)
	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958)
	- passenger 4.0.37-1
	[squeeze] - passenger <no-dsa> (minor issue)
CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlie ...)
	{DSA-2892-1}
	- a2ps 1:4.14-1.2 (low; bug #737385)
CVE-2014-1845 (An unspecified setuid root helper in Enlightenment before 0.17.6 allow ...)
	- e17 0.17.3-3 (bug #737705)
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
CVE-2014-1846 (Enlightenment before 0.17.6 might allow local users to gain privileges ...)
	- e17 0.17.3-3 (bug #737705)
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
CVE-2014-1839 (The Execute class in shellutils in logilab-commons before 0.61.0 uses  ...)
	- logilab-common 0.61.0-1 (low; bug #737051)
	[squeeze] - logilab-common <no-dsa> (Minor issue)
	[wheezy] - logilab-common <no-dsa> (Minor issue)
CVE-2014-1838 (The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py ...)
	- logilab-common 0.61.0-1 (low; bug #737051)
	[squeeze] - logilab-common <no-dsa> (Minor issue)
	[wheezy] - logilab-common <no-dsa> (Minor issue)
CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (co ...)
	NOT-FOR-US: Joomla com_komento
CVE-2014-1836 (Absolute path traversal vulnerability in htdocs/libraries/image-editor ...)
	NOT-FOR-US: ImpressCMS
CVE-2014-1835 (The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 ...)
	NOT-FOR-US: Echor Ruby Gem
CVE-2014-1834 (The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 ...)
	NOT-FOR-US: Echor Ruby Gem
CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 allo ...)
	- devscripts 2.14.8 (low; bug #737160)
	[squeeze] - devscripts <no-dsa> (Minor issue)
	[wheezy] - devscripts <no-dsa> (Minor issue)
CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial of s ...)
	- python2.5 <not-affected> (Only affects 3.x)
	- python2.6 <not-affected> (Only affects 3.x)
	- python2.7 <not-affected> (Only affects 3.x)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.4-1 (low)
	- python3.4 3.4~b3-1 (low)
	NOTE: http://bugs.python.org/issue20078
CVE-2014-XXXX [no input validation for search function]
	- fookebox 0.7.2-1 (low; bug #736821)
	[wheezy] - fookebox <no-dsa> (Minor issue)
CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in xps/xps ...)
	{DSA-2951-1}
	- mupdf 1.3-2 (bug #738857)
	NOTE: http://www.hdwsec.fr/blog/mupdf.html
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c]
	- libclamunrar 0.97.7+dfsg-1 (bug #770647)
	[wheezy] - libclamunrar <no-dsa> (Non-free not supported, also minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
CVE-2013-XXXX [staden-io-lib buffer overflow]
	- staden-io-lib 1.13.3-2 (low; bug #729276)
	[squeeze] - staden-io-lib <no-dsa> (Minor issue)
	[wheezy] - staden-io-lib <no-dsa> (Minor issue)
CVE-2013-XXXX [cakephp: local file inclusion]
	- cakephp <not-affected> (AssetDispatcher not present in 1.3)
	NOTE: http://web.archive.org/web/20140531064939/http://bakery.cakephp.org:80/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
	NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment
CVE-2013-XXXX [automysqlbackup code injection]
	- automysqlbackup 2.6+debian.3-1 (bug #706099)
	[squeeze] - automysqlbackup <no-dsa> (Minor issue)
CVE-2013-XXXX [autopostgresqlbackup code injection]
	- autopostgresqlbackup 1.0-2 (bug #706095)
CVE-2013-XXXX [buffer overflow in commandline parsing]
	- swath 0.4.3-3 (low; bug #698189)
	[squeeze] - swath 0.4.0-4+squeeze1
CVE-2014-1828 (The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad d ...)
	NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1827 (The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transf ...)
	NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1826 (Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 f ...)
	NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1825
	REJECTED
CVE-2014-1824 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1823 (Cross-site scripting (XSS) vulnerability in the Web Components Server  ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-1822
	REJECTED
CVE-2014-1821
	REJECTED
CVE-2014-1820 (Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) ...)
	NOT-FOR-US: Microsoft
CVE-2014-1819 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-1818 (GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1817 (usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1816 (Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly  ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2014-1815 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1814 (The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vi ...)
	NOT-FOR-US: Microsoft
CVE-2014-1813 (Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticate ...)
	NOT-FOR-US: Microsoft
CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, Window ...)
	NOT-FOR-US: Microsoft
CVE-2014-1811 (The TCP implementation in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1810
	REJECTED
CVE-2014-1809 (The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, a ...)
	NOT-FOR-US: Microsoft
CVE-2014-1808 (Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2014-1807 (The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-1806 (The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1,  ...)
	NOT-FOR-US: Microsoft
CVE-2014-1805 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1804 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1803 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1802 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1801
	REJECTED
CVE-2014-1800 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1798
	REJECTED
CVE-2014-1797 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1796 (Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1795 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1794 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1793
	REJECTED
CVE-2014-1792 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1791 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1790 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1789 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1788 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1787
	REJECTED
CVE-2014-1786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1785 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1784 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1783 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1782 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1781 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1780 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1779 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1778 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1777 (Microsoft Internet Explorer 10 and 11 allows remote attackers to read  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1776 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1775 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1774 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1773 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1772 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1771 (SChannel in Microsoft Internet Explorer 6 through 11 does not ensure t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1769 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1768
	REJECTED
CVE-2014-1767 (Double free vulnerability in the Ancillary Function Driver (AFD) in af ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1764 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 9 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 6 through 11  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-1760 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1759 (pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2014-1758 (Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote a ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-1757 (Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-1756 (Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 ...)
	NOT-FOR-US: Microsoft
CVE-2014-1755 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1754 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft
CVE-2014-1753 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1752 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1751 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916 ...)
	{DSA-2939-1}
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 35.0.1916.114-1
CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in Bl ...)
	{DSA-2939-1}
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 35.0.1916.114-1
CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeC ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1746 (The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_ ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as us ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream functio ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument  ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance f ...)
	{DSA-2930-1}
	- chromium-browser 34.0.1847.137-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the Ch ...)
	{DSA-2930-1}
	- chromium-browser 34.0.1847.137-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1740 (Multiple use-after-free vulnerabilities in net/websockets/websocket_jo ...)
	{DSA-2930-1}
	- chromium-browser 34.0.1847.137-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1739 (The media_device_enum_entities function in drivers/media/media-device. ...)
	- linux 3.14.7-1 (unimportant)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerability introduced in 2.6.38)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8
	NOTE: Not exploitable with any sane setup
CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux ke ...)
	{DSA-2928-1 DSA-2926-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2145e15e0557a01b9195d1c7199a1b92cb9be81f
CVE-2014-1737 (The raw_cmd_copyin function in drivers/block/floppy.c in the Linux ker ...)
	{DSA-2928-1 DSA-2926-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
CVE-2014-1736 (Integer overflow in api.cc in Google V8, as used in Google Chrome befo ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, a ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847 ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in G ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1732 (Use-after-free vulnerability in browser/ui/views/speech_recognition_bu ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows an ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, a ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847 ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1727 (Use-after-free vulnerability in content/renderer/renderer_webcolorchoo ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1726 (The drag implementation in Google Chrome before 34.0.1847.116 allows u ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1725 (The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as  ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1724 (Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatch ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- speech-dispatcher 0.8-7 (low; bug #745808)
	[squeeze] - speech-dispatcher <no-dsa> (Minor issue)
	[wheezy] - speech-dispatcher <no-dsa> (Minor issue)
	NOTE: no specific information available (possibly already be fixed in 0.8), the fix in chromium was to disable speechd by default
CVE-2014-1723 (The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Googl ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1722 (Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnony ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1721 (Google V8, as used in Google Chrome before 34.0.1847.116, does not pro ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1720 (Use-after-free vulnerability in the HTMLBodyElement::insertedInto func ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1719 (Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWo ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1718 (Integer overflow in the SoftwareFrameManager::SwapToNewFrame function  ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1717 (Google V8, as used in Google Chrome before 34.0.1847.116, does not pro ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype f ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before 33.0.1750.15 ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1714 (The ScopedClipboardWriter::WritePickledData function in ui/base/clipbo ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in bindin ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1712
	RESERVED
CVE-2014-1711 (The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152  ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1710 (The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buf ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1709
	RESERVED
CVE-2014-1708 (The boot implementation in Google Chrome OS before 33.0.1750.152 does  ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1707 (Directory traversal vulnerability in CrosDisks in Google Chrome OS bef ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1706 (crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inj ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1705 (Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and L ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	- libv8 <removed>
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, a ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1703 (Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDro ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1702 (Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThr ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1701 (The GenerateFunction function in bindings/scripts/code_generator_v8.pm ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1700 (Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in  ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1699 (Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attack ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2014-1698 (Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3 ...)
	NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1697 (The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 ...)
	NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash alg ...)
	NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1695 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-1119-1}
	- otrs2 3.3.5-1
	[squeeze] - otrs2 <no-dsa> (Minor issue)
	NOTE: https://www.otrs.com/security-advisory-2014-03-xss-issue/
CVE-2013-7323 (python-gnupg before 0.3.5 allows context-dependent attackers to execut ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in Algo ...)
	NOT-FOR-US: AlgoSec Firewall Analyzer
CVE-2014-1750 (Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps  ...)
	NOT-FOR-US: WordPress plugin nokia-mapsplaces
CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) Cust ...)
	{DSA-2867-1}
	- otrs2 3.3.4-1 (low)
	NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
CVE-2014-1693 (Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OT ...)
	- erlang 1:16.b.3.1-dfsg-3 (low; bug #738132)
	[squeeze] - erlang <no-dsa> (Minor issue)
	[wheezy] - erlang 1:15.b.1-dfsg-4+deb7u1
CVE-2014-1692 (The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Mak ...)
	- openssh <not-affected> (J-PAKE not activated)
CVE-2014-1691 (The framework/Util/lib/Horde/Variables.php script in the Util library  ...)
	{DSA-2853-1}
	- horde3 <removed> (medium; bug #737149)
	- php-horde-util 2.3.0-1
	NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
	NOTE: https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93 is also required
CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel be ...)
	- linux 3.12.8-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
	NOTE: https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
CVE-2014-1689
	RESERVED
CVE-2014-1688
	RESERVED
CVE-2014-1687
	RESERVED
CVE-2014-1686 (MediaWiki 1.18.0 allows remote attackers to obtain the installation pa ...)
	- mediawiki <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/Mar/102
	NOTE: path disclosure not an issue
CVE-2014-1685 (The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2 ...)
	- zabbix 1:2.2.2+dfsg-1
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-1684 (The ASF_ReadObject_file_properties function in modules/demux/asf/libas ...)
	- vlc 2.1.4-1 (unimportant; bug #743033)
	NOTE: Crash in enduser application, no security impact
CVE-2014-1683 (The bashMail function in cms/data/skins/techjunkie/fragments/contacts/ ...)
	NOT-FOR-US: SkyBlueCanvas CMS
CVE-2014-1682 (The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x  ...)
	- zabbix 1:2.2.2+dfsg-1 (bug #737818)
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://support.zabbix.com/browse/ZBX-7703
CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700 ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1680 (Untrusted search path vulnerability in Bandisoft Bandizip before 3.10  ...)
	NOT-FOR-US: Bandisoft Bandizip
CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-1678
	RESERVED
CVE-2014-1677 (Technicolor TC7200 with firmware STD6.01.12 could allow remote attacke ...)
	NOT-FOR-US: Technicolor TC7200
	NOTE: https://www.exploit-db.com/exploits/31894/
CVE-2014-1676
	RESERVED
CVE-2014-1675
	RESERVED
CVE-2014-1674
	RESERVED
CVE-2014-1673 (Check Point Session Authentication Agent allows remote attackers to ob ...)
	NOT-FOR-US: Check Point Session Authentication Agent
CVE-2014-1672 (Check Point R75.47 Security Gateway and Management Server does not pro ...)
	NOT-FOR-US: Check Point R75.47 Security Gateway and Management Server
CVE-2014-1671 (Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 an ...)
	NOT-FOR-US: Dell KACE K1000
CVE-2014-1670 (The Microsoft Bing application before 4.2.1 for Android allows remote  ...)
	NOT-FOR-US: Microsoft Bing application
CVE-2014-1669
	RESERVED
CVE-2014-1668
	RESERVED
CVE-2014-1667
	RESERVED
CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allo ...)
	- owncloud <removed>
CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server (f ...)
	NOT-FOR-US: Citrix XenMobile Device Manager server
CVE-2014-1662
	REJECTED
CVE-2014-1661
	REJECTED
CVE-2014-1660
	REJECTED
CVE-2014-1659
	REJECTED
CVE-2014-1658
	REJECTED
CVE-2014-1657
	REJECTED
CVE-2014-1656
	REJECTED
CVE-2014-1655
	REJECTED
CVE-2014-1654
	REJECTED
CVE-2014-1653
	REJECTED
CVE-2014-1652 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-1651 (SQL injection vulnerability in clientreport.php in the management cons ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-1650 (SQL injection vulnerability in user.php in the management console in S ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-1649 (The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allo ...)
	NOT-FOR-US: Symantec Workspace Streaming
CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in brightmail/setting/complia ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2014-1647 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Prof ...)
	NOT-FOR-US: Symantec
CVE-2014-1646 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Prof ...)
	NOT-FOR-US: Symantec
CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2014-1643 (The Web Email Protection component in Symantec Encryption Management S ...)
	NOT-FOR-US: Symantec PGP Universal Web Messenger
CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before  ...)
	NOT-FOR-US: CS-Cart
CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versi ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4 ...)
	{DSA-2842-1}
	- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
CVE-2013-7314 (The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 route ...)
	NOT-FOR-US: NEC routers
CVE-2013-7313 (The OSPF implementation in Juniper Junos through 13.x, JunosE, and Scr ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-7312 (The OSPF implementation on Enterasys switches and routers does not con ...)
	NOT-FOR-US: Enterasys switches and routers
CVE-2013-7311 (The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO  ...)
	NOT-FOR-US: Check Point Gaia OS
CVE-2013-7310 (The OSPF implementation on Yamaha routers does not consider the possib ...)
	NOT-FOR-US: Yamaha routers
CVE-2013-7309 (The OSPF implementation in Extreme Networks EXOS does not consider the ...)
	NOT-FOR-US: Extreme Networks EXOS
CVE-2013-7308 (The OSPF implementation on the D-Link DES-3810-28 switch with firmware ...)
	NOT-FOR-US: D-Link DES-3810-28 switch
CVE-2013-7307 (The OSPF implementation on the Brocade Vyatta vRouter with software be ...)
	NOT-FOR-US: Brocade Vyatta vRouter
CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the possi ...)
	NOT-FOR-US: Brocade routers
CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-1664 (The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP  ...)
	NOT-FOR-US: GoToMeeting in Android
CVE-2014-1641
	RESERVED
CVE-2014-1637 (Command School Student Management System 1.06.01 does not properly res ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student Manag ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with f ...)
	NOT-FOR-US: Belkin router
CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension before 2 ...)
	NOT-FOR-US: Magento extension
CVE-2014-1633
	RESERVED
CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...)
	NOT-FOR-US: Eventum
CVE-2014-1631 (Eventum before 2.3.5 allows remote attackers to reinstall the applicat ...)
	NOT-FOR-US: Eventum
CVE-2014-1630
	RESERVED
CVE-2014-1629
	RESERVED
CVE-2014-1628
	RESERVED
CVE-2014-1627
	RESERVED
CVE-2014-1625
	RESERVED
CVE-2014-1623
	RESERVED
CVE-2014-1622
	RESERVED
CVE-2014-1621
	RESERVED
CVE-2014-1620 (Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and  ...)
	NOT-FOR-US: Cubic CMS
CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...)
	NOT-FOR-US: UAEPD Shopping Cart Script
CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...)
	NOT-FOR-US: Microsys
CVE-2014-1616
	RESERVED
CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...)
	NOT-FOR-US: Carbon Black
CVE-2014-1614
	RESERVED
CVE-2014-1613 (Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP ...)
	- dotclear 2.6.2+dfsg-1
CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web Manag ...)
	NOT-FOR-US: Mediatrix
CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x befor ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.11+dfsg-1
	[squeeze] - mediawiki <end-of-life>
CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...)
	{DSA-3030-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in api/soap/m ...)
	{DSA-3030-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCa ...)
	NOT-FOR-US: Drupal EventCalendar
CVE-2014-1606
	RESERVED
CVE-2014-1605
	RESERVED
CVE-2014-1603 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3 ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-1602
	RESERVED
CVE-2014-1601
	RESERVED
CVE-2014-1600
	RESERVED
CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box rou ...)
	NOT-FOR-US: SFR Box router
CVE-2014-1598 (centurystar 7.12 ActiveX Control has a Stack Buffer Overflow ...)
	NOT-FOR-US: centurystar
CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics i- ...)
	NOT-FOR-US: i-doit
CVE-2014-1596
	REJECTED
CVE-2014-1595 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunder ...)
	- iceweasel <not-affected> (Specific to MacOS X)
	- icedove <not-affected> (Specific to MacOS X)
CVE-2014-1594 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1593 (Stack-based buffer overflow in the mozilla::FileBlockCache::Read funct ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1592 (Use-after-free vulnerability in the nsHtml5TreeOperation function in x ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1591 (Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
	- icedove <not-affected> (Only affects Firefox 33)
CVE-2014-1590 (The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34. ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1589 (Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide styleshe ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
	- icedove <not-affected> (Only affects Firefox 33)
CVE-2014-1588 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
	- icedove <not-affected> (Only affects Firefox 33)
CVE-2014-1587 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1586 (content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefo ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1585 (The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozi ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1584 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before  ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1583 (The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x befo ...)
	{DSA-3050-1}
	- iceweasel 31.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
CVE-2014-1582 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before  ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1581 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Fir ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory for GI ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1579
	REJECTED
CVE-2014-1578 (The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- libvpx 1.3.0-3 (bug #765435)
	[wheezy] - libvpx <not-affected> (vp9 codec not yet present)
	[squeeze] - libvpx <not-affected> (vp9 codec not yet present)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
	NOTE: https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba
CVE-2014-1577 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the  ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1576 (Heap-based buffer overflow in the nsTransformedTextRun function in Moz ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1575 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1574 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1573 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.1 ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE-2014-1572 (The confirm_create_account function in the account-creation feature in ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE-2014-1571 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.1 ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE-2014-1570
	RESERVED
CVE-2014-1569 (The definite_length_decoder function in lib/util/quickder.c in Mozilla ...)
	{DSA-3186-1 DLA-154-1}
	- nss 2:3.17.2-1.1 (bug #773625)
CVE-2014-1568 (Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...)
	{DSA-3037-1 DSA-3034-1 DSA-3033-1 DLA-62-1}
	- nss 2:3.17.1-1
	- iceweasel <not-affected> (uses system nss)
	- icedove <not-affected> (uses system nss)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
	NOTE: http://www.intelsecurity.com/advanced-threat-research/#
CVE-2014-1567 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Fir ...)
	{DSA-3028-1 DSA-3018-1}
	- iceweasel 31.1.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1566 (Mozilla Firefox before 31.1 on Android does not properly restrict copy ...)
	- iceweasel <not-affected> (Specific to Android)
CVE-2014-1565 (The mozilla::dom::AudioEventTimeline function in the Web Audio API imp ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1564 (Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunder ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1563 (Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff  ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1562 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...)
	{DSA-3028-1 DSA-3018-1}
	- iceweasel 31.1.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1561 (Mozilla Firefox before 31.0 does not properly restrict use of drag-and ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
CVE-2014-1560 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote a ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
CVE-2014-1559 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote a ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
CVE-2014-1558 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote a ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
CVE-2014-1557 (The ConvolveHorizontally function in Skia, as used in Mozilla Firefox  ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-64.html
CVE-2014-1556 (Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunder ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
CVE-2014-1555 (Use-after-free vulnerability in the nsDocLoader::OnProgress function i ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-61.html
CVE-2014-1554 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1553 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1552 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properl ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
CVE-2014-1551 (Use-after-free vulnerability in the FontTableRec destructor in Mozilla ...)
	- iceweasel <not-affected> (Affects only Windows platform)
	- icedove <not-affected> (Affects only Windows platform)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
CVE-2014-1550 (Use-after-free vulnerability in the MediaInputPort class in Mozilla Fi ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
CVE-2014-1549 (The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer fun ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
CVE-2014-1548 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
CVE-2014-1547 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-56.html
CVE-2014-1546 (The response function in the JSONP endpoint in WebService/Server/JSONR ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: bugzilla part for Adobe Flash's CVE-2014-4671.
CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote a ...)
	{DSA-2962-1 DSA-2960-1 DSA-2955-1 DLA-32-1}
	- nspr 2:4.10.6-1
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - nspr 4.8.6-1+squeeze2
	NOTE: Only the Wheezy builds use the bundled nspr
CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate function i ...)
	{DSA-3071-1 DSA-2996-1 DSA-2986-1 DLA-89-1}
	- nss 2:3.16.3-1
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: patch: https://hg.mozilla.org/projects/nss/rev/204f22c527f8
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-63.html
CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads func ...)
	- iceweasel <not-affected> (Only affects Windows 8)
	- icedove <not-affected> (Only affects Windows 8)
CVE-2014-1542 (Buffer overflow in the Speex resampler in the Web Audio subsystem in M ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1541 (Use-after-free vulnerability in the RefreshDriverTimer::TickDriver fun ...)
	{DSA-2960-1 DSA-2955-1}
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1540 (Use-after-free vulnerability in the nsEventListenerManager::CompileEve ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1539 (Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do no ...)
	- iceweasel <not-affected> (Only affects Mac OS X)
	- icedove <not-affected> (Only affects Mac OS X)
CVE-2014-1538 (Use-after-free vulnerability in the nsTextEditRules::CreateMozBR funct ...)
	{DSA-2960-1 DSA-2955-1}
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1537 (Use-after-free vulnerability in the mozilla::dom::workers::WorkerPriva ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1536 (The PropertyProvider::FindJustificationRange function in Mozilla Firef ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1535
	RESERVED
CVE-2014-1534 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1533 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2960-1 DSA-2955-1}
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1532 (Use-after-free vulnerability in the nsHostResolver::ConditionallyRefre ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1531 (Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeig ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ES ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 2 ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1528 (The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2014-1527 (Mozilla Firefox before 29.0 on Android allows remote attackers to spoo ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	- icedove <not-affected> (Only affects Firefox on Android)
CVE-2014-1526 (The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaM ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1525 (The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox  ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1522 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the  ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1521
	REJECTED
CVE-2014-1520 (maintenservice_installer.exe in the Maintenance Service Installer in M ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2014-1519 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x befor ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2014-1516 (The saltProfileName function in base/GeckoProfileDirectories.java in M ...)
	- iceweasel <not-affected> (Android-specific)
CVE-2014-1515 (Mozilla Firefox before 28.0.1 on Android processes a file: URL by copy ...)
	- iceweasel <not-affected> (Android-specific)
CVE-2014-1514 (vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24. ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1513 (TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x  ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1512 (Use-after-free vulnerability in the TypeObject class in the JavaScript ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1511 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1510 (The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1509 (Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1508 (The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 2 ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1507 (Directory traversal vulnerability in the DeviceStorage API in Mozilla  ...)
	NOT-FOR-US: Firefox OS
CVE-2014-1506 (Directory traversal vulnerability in Android Crash Reporter in Mozilla ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
CVE-2014-1505 (The SVG filter implementation in Mozilla Firefox before 28.0, Firefox  ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1504 (The session-restore feature in Mozilla Firefox before 28.0 and SeaMonk ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1503
	RESERVED
CVE-2014-1502 (The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1501 (Mozilla Firefox before 28.0 on Android allows remote attackers to bypa ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
CVE-2014-1500 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote att ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1499 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote att ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1498 (The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 a ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1497 (The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox b ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1496 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...)
	- iceweasel <not-affected> (Online update not used in Debian)
	- icedove <not-affected> (Online update not used in Debian)
CVE-2014-1495
	RESERVED
CVE-2014-1494 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1493 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1492 (The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...)
	{DSA-2994-1 DLA-23-1}
	- nss 2:3.16-1
	[squeeze] - nss 3.12.8-1+squeeze8
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozi ...)
	{DSA-2994-1 DSA-2858-1 DLA-23-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	- nss 2:3.15.4-1
	[squeeze] - nss 3.12.8-1+squeeze8
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1490 (Race condition in libssl in Mozilla Network Security Services (NSS) be ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	- nss 2:3.15.4-1
	[squeeze] - nss <no-dsa> (Too complex to backport)
	[wheezy] - nss <no-dsa> (complex to backport)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: session tickets must be enabled by the client (mainly browsers)
CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to about ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1488 (The Web workers implementation in Mozilla Firefox before 27.0 and SeaM ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1487 (The Web workers implementation in Mozilla Firefox before 27.0, Firefox ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1486 (Use-after-free vulnerability in the imgRequestProxy function in Mozill ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1485 (The Content Security Policy (CSP) implementation in Mozilla Firefox be ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1484 (Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system- ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
	- icedove <not-affected> (Only affects Firefox for Android)
CVE-2014-1483 (Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote att ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1482 (RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x befor ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1481 (Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1480 (The file-download implementation in Mozilla Firefox before 27.0 and Se ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1479 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1478 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1477 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1474 (Algorithmic complexity vulnerability in Email::Address::List before 0. ...)
	- libemail-address-list-perl 0.03-1
	NOTE: http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html
CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...)
	NOT-FOR-US: e107
CVE-2013-7304 (Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does  ...)
	NOT-FOR-US: Check Point Endpoint Security MI Server
CVE-2013-7297
	RESERVED
CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a ce ...)
	- tor 0.2.4.20-1 (low)
	[wheezy] - tor <no-dsa> (Minor issue)
	[squeeze] - tor <not-affected> (OpenSSL in oldstable not affected)
CVE-2012-6635 (wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3. ...)
	- wordpress 3.4+dfsg-1
CVE-2012-6634 (wp-admin/media-upload.php in WordPress before 3.3.3 allows remote atta ...)
	- wordpress 3.4+dfsg-1
CVE-2012-6633 (Cross-site scripting (XSS) vulnerability in wp-includes/default-filter ...)
	- wordpress 3.4+dfsg-1
CVE-2012-6621 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3 ...)
	NOT-FOR-US: GetSimple CMS
CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks a ...)
	- php-horde-kronolith 4.0.2-1
	- kronolith2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
	NOTE: fixed upstream in 3.0.17
CVE-2011-5271 (Pacemaker before 1.1.6 configure script creates temporary files insecu ...)
	- pacemaker 1.1.6-1 (unimportant; bug #633964)
	NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834
	NOTE: Only exploitable at build time
CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
	- wordpress 3.2.1+dfsg-1
CVE-2010-5298 (Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL  ...)
	{DSA-2908-1}
	- openssl 1.0.1g-3 (unimportant)
	[squeeze] - openssl <not-affected> (Introduced in 1.0.0)
	NOTE: Only exploitable with OPENSSL_NO_BUF_FREELIST enabled
CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, permane ...)
	- wordpress 3.0.1-1
CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisi ...)
	- wordpress 3.0.2-1
CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in Wo ...)
	- wordpress 3.0.2-1
CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the request_fil ...)
	- wordpress 3.0.2-1
CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly wh ...)
	- wordpress 3.0.2-1
CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough an ...)
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
CVE-2014-1640 (axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe tem ...)
	- axiom 20120501-17 (low; bug #736358)
	[squeeze] - axiom <no-dsa> (Minor issue)
	[wheezy] - axiom <no-dsa> (Minor issue)
CVE-2014-1639 (syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mk ...)
	- syncevolution 1.3.99.7-1 (unimportant; bug #736357)
	NOTE: Only exploitable during build time
CVE-2014-1638 ((1) debian/postrm and (2) debian/localepurge.config in localepurge bef ...)
	- localepurge 0.7.3.2 (bug #736359)
	[squeeze] - localepurge 0.6.2+nmu1+squeeze1
	[wheezy] - localepurge 0.6.3+deb7u1
CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module befo ...)
	- libmarc-xml-perl 1.0.2-1 (bug #736275)
	[wheezy] - libmarc-xml-perl <no-dsa> (Too intrusive to backport)
	[squeeze] - libmarc-xml-perl <no-dsa> (Too intrusive to backport)
	NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
	NOTE: older versions do not have the ability to set a user custom parser, trying to fix CVE-2014-1626 not clear yet
	NOTE: upstream developer contacted and is looking into it; backport fix might be to intrusive due to change in used Module
CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function in py ...)
	- pyxdg 0.25-4 (low; bug #736247)
	[squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
	[wheezy] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
CVE-2014-1611 (Cross-site scripting (XSS) vulnerability in the Anonymous Posting modu ...)
	NOT-FOR-US: Drupal contrib
CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka pyth ...)
	- python-rply 0.7.1-1
	NOTE: https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand
CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ente ...)
	NOT-FOR-US: McAfee Vulnerability Manager
CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise  ...)
	NOT-FOR-US: McAfee Vulnerability Manager
CVE-2014-1471 (SQL injection vulnerability in the StateGetStatesByType function in Ke ...)
	{DSA-2867-1}
	- otrs2 3.3.4-1 (low)
	NOTE: https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
CVE-2014-1470
	REJECTED
CVE-2014-1469 (BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Servi ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2014-1468
	RESERVED
CVE-2014-1467 (BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Servi ...)
	NOT-FOR-US: IBM Domino
CVE-2014-1466 (SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remot ...)
	NOT-FOR-US: CSP MySQL User Manager
CVE-2014-1465
	RESERVED
CVE-2014-1464
	RESERVED
CVE-2014-1463
	RESERVED
CVE-2014-1462
	RESERVED
CVE-2014-1461
	RESERVED
CVE-2014-1460
	RESERVED
CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2  ...)
	NOT-FOR-US: doorGets CMS
CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration int ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates random nonc ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in Pea ...)
	NOT-FOR-US: Pearson eSIS Enterprise Student Information System
CVE-2014-1454 (Pearson eSIS (Enterprise Student Information System) message board has ...)
	NOT-FOR-US: Pearson eSIS (Enterprise Student Information System) message board
CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquir ...)
	{DSA-2952-1}
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 <removed> (bug #743984)
	- kfreebsd-10 10.0-4
	NOTE: kfreebsd-8 might be affected but NFS implementation isn't the one used there by default
CVE-2014-1452 (Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in F ...)
	NOT-FOR-US: bsnmpd
CVE-2014-1451
	RESERVED
CVE-2014-1450
	RESERVED
CVE-2014-1449 (The Maxthon Cloud Browser application before 4.1.6.2000 for Android al ...)
	NOT-FOR-US: Maxthon Cloud Browser application for Android
CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote authenticated users ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before build  ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1441 (Core FTP Server 1.2 before build 515 allows remote attackers to cause  ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1440
	RESERVED
CVE-2014-1439 (The libxml_disable_entity_loader function in runtime/ext/ext_simplexml ...)
	NOT-FOR-US: HipHop Virtual Machine for PHP
CVE-2014-1437
	REJECTED
CVE-2014-1436
	REJECTED
CVE-2014-1435
	REJECTED
CVE-2014-1434
	REJECTED
CVE-2014-1433
	REJECTED
CVE-2014-1432
	REJECTED
CVE-2014-1431
	REJECTED
CVE-2014-1430
	REJECTED
CVE-2014-1429
	REJECTED
CVE-2014-1428 (A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an a ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2014-1427 (A vulnerability in the REST API of Ubuntu MAAS allows an attacker to c ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2014-1426 (A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allo ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2014-1425 (cmanager 0.32 does not properly enforce nesting when modifying cgroup  ...)
	- cgmanager 0.33-3
	[jessie] - cgmanager 0.33-2+deb8u1
CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1  ...)
	- apparmor <not-affected> (Vulnerable code only in Ubuntu-specific backport of patch)
	NOTE: Caused by a patch that was added to the Ubuntu packaging before
	NOTE: it was taken upstream. The one that was merged upstream (and part
	NOTE: of AppArmor 2.9.0) is not affected. The closest version to the
	NOTE: affected one that we ever had in Debian (2.8.96~2652) did not
	NOTE: include the faulty patch.
CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...)
	NOT-FOR-US: signond from Ubuntu Touch
CVE-2014-1422
	RESERVED
CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...)
	- mountall <not-affected> (partman-efi in jessie uses secure umask, mount in older releases not affected)
	NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
	NOTE: and http://www.ubuntu.com/usn/usn-2411-1
CVE-2014-1420
	RESERVED
CVE-2014-1419 (Race condition in the power policy functions in policy-funcs in acpi-s ...)
	{DSA-2984-1 DLA-30-1}
	- acpi-support 0.142-2
CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7  ...)
	{DSA-2934-1}
	- python-django 1.6.5-1
	NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
CVE-2014-1417
	RESERVED
CVE-2014-1416
	RESERVED
CVE-2014-1415
	RESERVED
CVE-2014-1414
	RESERVED
CVE-2014-1413
	RESERVED
CVE-2014-1412
	RESERVED
CVE-2014-1411
	RESERVED
CVE-2014-1410
	RESERVED
CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes- ...)
	- spip 3.0.13-1 (bug #736170)
	[wheezy] - spip 2.1.17-1+deb7u3
	[squeeze] - spip <end-of-life> (Not supported in Squeeze LTS)
CVE-2013-7302 (Session fixation vulnerability in the Ubercart module 6.x-2.x before 6 ...)
	NOT-FOR-US: Drupal contrib
CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play que ...)
	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7300 (Absolute path traversal vulnerability in cantata before 1.2.2 allows l ...)
	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...)
	- tntnet 2.2.1-1 (low; bug #735881)
	[wheezy] - tntnet <no-dsa> (Minor issue)
	[squeeze] - tntnet <no-dsa> (Minor issue)
CVE-2013-7298 (query_params.cpp in cxxtools before 2.2.1 allows remote attackers to c ...)
	- cxxtools 2.2.1-1 (low; bug #735880)
	[wheezy] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
	[squeeze] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
CVE-2013-7296 (The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler befo ...)
	- poppler <not-affected> (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee
	NOTE: https://bugs.kde.org/show_bug.cgi?id=328511
CVE-2013-7294 (The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswa ...)
	NOT-FOR-US: libreswan, strongSwan not affected (pluto never supported ikev2)
CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on a ...)
	NOT-FOR-US: ASUS router
CVE-2014-1476 (The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an e ...)
	{DSA-2847-1}
	- drupal6 <not-affected> (Only occurs on Drupal 7 sites which upgraded from Drupal 6 or earlier)
	- drupal7 7.26-1
CVE-2014-1475 (The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...)
	{DSA-2851-1 DSA-2847-1}
	- drupal6 <removed>
	- drupal7 7.26-1
CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kern ...)
	{DSA-2906-1}
	- linux 3.12.8-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.54-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed
CVE-2014-1445 (The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kerne ...)
	{DSA-2906-1}
	- linux 3.12.6-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1
CVE-2014-1444 (The fst_get_iface function in drivers/net/wan/farsync.c in the Linux k ...)
	{DSA-2906-1}
	- linux 3.12.6-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=96b340406724d87e4621284ebac5e059d67b2194
CVE-2014-1438 (The restore_fpu_checking function in arch/x86/include/asm/fpu-internal ...)
	{DLA-0007-1}
	- linux 3.12.8-1 (bug #733551)
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
	[squeeze] - linux-2.6 2.6.32-48squeeze7
	NOTE: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0
CVE-2014-1448
	REJECTED
CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in lib ...)
	{DSA-2846-1}
	- libvirt 1.2.1-1 (bug #735676)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
CVE-2014-1409 (MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5. ...)
	NOT-FOR-US: MobileIron VSP
CVE-2014-1404
	RESERVED
CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM befor ...)
	NOT-FOR-US: easyXDM
CVE-2014-1397
	RESERVED
CVE-2014-1396
	RESERVED
CVE-2014-1395
	RESERVED
CVE-2014-1394
	RESERVED
CVE-2014-1393
	RESERVED
CVE-2014-1392
	RESERVED
CVE-2014-1391 (QT Media Foundation in Apple OS X before 10.9.5 allows remote attacker ...)
	NOT-FOR-US: Apple Quicktime
CVE-2014-1390 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1389 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1388 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1387 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1386 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1385 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1384 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1383 (Apple TV before 6.1.2 allows remote authenticated users to bypass an i ...)
	NOT-FOR-US: Apple TV
CVE-2014-1382 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1381 (Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOT ...)
	NOT-FOR-US: Apple OS X Thunderbolt
CVE-2014-1380 (The Security - Keychain component in Apple OS X before 10.9.4 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1379 (Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain  ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1378 (IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to byp ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1377 (Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 a ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1376 (Intel Compute in Apple OS X before 10.9.4 does not properly restrict a ...)
	NOT-FOR-US: Apple OS X Intel Compute
CVE-2014-1375 (Intel Graphics Driver in Apple OS X before 10.9.4 allows local users t ...)
	NOT-FOR-US: Apple OS X Intel Graphics Driver
CVE-2014-1374
	REJECTED
CVE-2014-1373 (Intel Graphics Driver in Apple OS X before 10.9.4 does not properly re ...)
	NOT-FOR-US: Apple OS X Intel Graphics Driver
CVE-2014-1372 (Graphics Driver in Apple OS X before 10.9.4 does not properly restrict ...)
	NOT-FOR-US: Apple OS X Graphics Driver
CVE-2014-1371 (Array index error in Dock in Apple OS X before 10.9.4 allows attackers ...)
	NOT-FOR-US: Apple OS X Dock
CVE-2014-1370 (The byte-swapping implementation in copyfile in Apple OS X before 10.9 ...)
	NOT-FOR-US: Apple
CVE-2014-1369 (WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-a ...)
	NOT-FOR-US: WebKit
CVE-2014-1368 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1367 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1366 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1365 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1364 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1363 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1362 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: WebKit
CVE-2014-1361 (Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4,  ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1360 (Lockdown in Apple iOS before 7.1.2 does not properly verify data from  ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1359 (Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X bef ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1358 (Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X befo ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1357 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1356 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1355 (The IOKit implementation in the kernel in Apple iOS before 7.1.2 and A ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1354 (CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allo ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1353 (Lock Screen in Apple iOS before 7.1.2 does not properly manage the tel ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1352 (Lock Screen in Apple iOS before 7.1.2 does not properly enforce the li ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1351 (Siri in Apple iOS before 7.1.2 allows physically proximate attackers t ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1350 (Settings in Apple iOS before 7.1.2 allows physically proximate attacke ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1349 (Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allow ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1348 (Mail in Apple iOS before 7.1.2 advertises the availability of data pro ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for ...)
	NOT-FOR-US: Apple iTunes
CVE-2014-1346 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, doe ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1345 (WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1344 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1343 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1342 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1341 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1340 (WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1339 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1338 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1337 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1336 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1335 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1334 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1333 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1332
	REJECTED
CVE-2014-1331 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1330 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1329 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1328
	REJECTED
CVE-2014-1327 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1326 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1325 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1324 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1323 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into a ...)
	NOT-FOR-US: Apple
CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically ...)
	NOT-FOR-US: Apple
CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple  ...)
	NOT-FOR-US: Apple
CVE-2014-1319 (Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows  ...)
	NOT-FOR-US: Apple
CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not proper ...)
	NOT-FOR-US: Apple
CVE-2014-1317 (iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credential ...)
	NOT-FOR-US: Apple
CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9. ...)
	NOT-FOR-US: Apple
CVE-2014-1314 (WindowServer in Apple OS X through 10.9.2 does not prevent session cre ...)
	NOT-FOR-US: Apple
CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1306
	REJECTED
CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attacke ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1301 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1297 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, doe ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Ap ...)
	NOT-FOR-US: Apple
CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9 ...)
	NOT-FOR-US: Apple
CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1288
	REJECTED
CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physic ...)
	NOT-FOR-US: Apple
CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attacker ...)
	NOT-FOR-US: SpringBoard Lock Screen in Apple iOS
CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate attack ...)
	NOT-FOR-US: Springboard in Apple iOS
CVE-2014-1284
	REJECTED
CVE-2014-1283
	REJECTED
CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...)
	NOT-FOR-US: Apple
CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the as ...)
	NOT-FOR-US: Photos Backend in Apple iOS
CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows re ...)
	NOT-FOR-US: Apple
CVE-2014-1279 (Apple TV before 6.1 does not properly restrict logging, which allows l ...)
	NOT-FOR-US: Apple TV
CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1  ...)
	NOT-FOR-US: Apple
CVE-2014-1277
	REJECTED
CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct us ...)
	NOT-FOR-US: IOKit HID Event in Apple iOS
CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before ...)
	NOT-FOR-US: Apple
CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers ...)
	NOT-FOR-US: FaceTime in Apple iOS
CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers  ...)
	NOT-FOR-US: Apple
CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple ...)
	NOT-FOR-US: Apple
CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not p ...)
	NOT-FOR-US: Apple
CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple ...)
	NOT-FOR-US: Apple
CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/s ...)
	NOT-FOR-US: Apple
CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X b ...)
	NOT-FOR-US: Apple
CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after ...)
	NOT-FOR-US: Apple
CVE-2014-1263 (curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport ...)
	- curl <not-affected> (Only applies to Curl on Mac OS or iOS)
	NOTE: http://curl.haxx.se/docs/adv_20140326C.html
CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers ...)
	NOT-FOR-US: Apple
CVE-2014-1261 (Integer signedness error in CoreText in Apple OS X before 10.9.2 allow ...)
	NOT-FOR-US: Apple
CVE-2014-1260 (QuickLook in Apple OS X through 10.8.5 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2014-1259 (Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows at ...)
	NOT-FOR-US: Apple
CVE-2014-1258 (Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9. ...)
	NOT-FOR-US: Apple
CVE-2014-1257 (CFNetwork in Apple OS X through 10.8.5 does not remove session cookies ...)
	NOT-FOR-US: Apple
CVE-2014-1256 (Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9 ...)
	NOT-FOR-US: Apple
CVE-2014-1255 (Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properl ...)
	NOT-FOR-US: Apple
CVE-2014-1254 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote at ...)
	NOT-FOR-US: Apple
CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cau ...)
	NOT-FOR-US: Apple Boot Camp
CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...)
	NOT-FOR-US: Apple Pages
CVE-2014-1251 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1250 (Apple QuickTime before 7.7.5 does not properly perform a byte-swapping ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1249 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1248 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1247 (Apple QuickTime before 7.7.5 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1246 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1245 (Integer signedness error in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1244 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1243 (Apple QuickTime before 7.7.5 does not initialize an unspecified pointe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window,  ...)
	NOT-FOR-US: Apple iTunes
CVE-2014-1241
	RESERVED
CVE-2014-1240
	RESERVED
CVE-2014-1239
	RESERVED
CVE-2014-1238 (Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialo ...)
	NOT-FOR-US: Q-Pulse
CVE-2014-1237 (Cross-site scripting (XSS) vulnerability in synetics i-doit pro before ...)
	NOT-FOR-US: i-doit
CVE-2014-1232 (Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plu ...)
	NOT-FOR-US: Foliopress
CVE-2014-1231
	RESERVED
CVE-2014-1230
	RESERVED
CVE-2014-1229
	RESERVED
CVE-2014-1228
	RESERVED
CVE-2014-1227
	RESERVED
CVE-2014-1226 (The pipe_init_terminal function in main.c in s3dvt allows local users  ...)
	- s3d 0.2.2-13 (unimportant)
	NOTE: http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html
	NOTE: Additional patch hunk applied in 0.2.2-11 (experimental) only
	NOTE: Not running with elevated privileges in Debian packaging
CVE-2014-1225
	RESERVED
CVE-2014-1224 (Incomplete blacklist vulnerability in the user registration feature in ...)
	NOT-FOR-US: rexx Recruitment
CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx  ...)
	NOT-FOR-US: Telligent Evolution
CVE-2014-1222 (Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM ...)
	NOT-FOR-US: vTiger CRM
CVE-2014-1221
	RESERVED
	NOT-FOR-US: Dameware
CVE-2014-1220
	RESERVED
	NOT-FOR-US: IT2 Workstation
CVE-2014-1219 (CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID ...)
	NOT-FOR-US: 2E Web Option
CVE-2014-1218
	RESERVED
CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to sy ...)
	NOT-FOR-US: Livetecs Timelive
CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers  ...)
	NOT-FOR-US: Fitnesse Wiki
CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 allo ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1214 (views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component ...)
	NOT-FOR-US: Projoom NovaSFH Plugin
CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9. ...)
	NOT-FOR-US: Sophos Anti Virus
CVE-2014-1212
	RESERVED
CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud Direc ...)
	NOT-FOR-US: VMWare
CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does ...)
	NOT-FOR-US: VMware vSphere Client
CVE-2014-1209 (VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Up ...)
	NOT-FOR-US: VMware vSphere Client
CVE-2014-1208 (VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, V ...)
	NOT-FOR-US: VMWare
CVE-2014-1207 (VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers ...)
	NOT-FOR-US: VMWare
CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open Web Ana ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-1205
	RESERVED
CVE-2014-1204 (SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8 ...)
	NOT-FOR-US: Tableau Server
CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remot ...)
	NOT-FOR-US: SoapUI
CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH3 ...)
	NOT-FOR-US: Lorex
CVE-2014-0999 (Sendio before 7.2.4 includes the session identifier in URLs in emails, ...)
	NOT-FOR-US: Sendio
CVE-2014-0998 (Integer signedness error in the vt console driver (formerly Newcons) i ...)
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-3 (bug #779194)
	- kfreebsd-9 <not-affected> (don't have newcons)
	- kfreebsd-8 <not-affected> (don't have newcons)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
CVE-2014-0997 (WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2 ...)
	NOT-FOR-US: WiFiMonitor in Android
CVE-2014-0996
	RESERVED
CVE-2014-0995 (The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier ...)
	NOT-FOR-US: SAP Netweaver
CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics ...)
	NOT-FOR-US: Delphi
CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in  ...)
	NOT-FOR-US: Embarcadero
CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0990 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0989 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0988 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0987 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0986 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0985 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, ...)
	NOT-FOR-US: SAP Router
CVE-2014-0983 (Multiple array index errors in programs that are automatically generat ...)
	{DSA-2904-1}
	- virtualbox 4.3.10-dfsg-1 (bug #741602)
	- virtualbox-ose <removed> (bug #741602)
	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0982
	REJECTED
CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4 ...)
	{DSA-2904-1}
	- virtualbox 4.3.10-dfsg-1 (bug #741602)
	- virtualbox-ose <removed> (bug #741602)
	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0980 (Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attac ...)
	NOT-FOR-US: Publish-It
CVE-2014-0976
	RESERVED
CVE-2014-0975
	RESERVED
CVE-2014-0974 (The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Ke ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-0973 (The image_verify function in platform/msm_shared/image_verify.c in the ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-0972 (The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm ...)
	- linux <not-affected> (affects drivers/gpu/msm, not merged in mainline)
CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authen ...)
	NOT-FOR-US: VASCO IAS
CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote a ...)
	{DLA-701-1}
	- memcached 1.4.20-1 (low; bug #735314)
	[squeeze] - memcached <no-dsa> (Minor issue)
	NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other versi ...)
	- memcached 1.4.13-0.2
	[squeeze] - memcached 1.4.5-1+deb6u1
	NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
	NOTE: actual patch should be adjusted in case there is a further memcached upload accoring to upstream commit
CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7287 (MobileIron VSP &lt; 5.9.1 and Sentry &lt; 5.0 has an insecure encrypti ...)
	NOT-FOR-US: MobileIron
CVE-2013-7286 (MobileIron VSP &lt; 5.9.1 and Sentry &lt; 5.0 has a weak password obfu ...)
	NOT-FOR-US: MobileIron
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
	- libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems)
CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...)
	NOT-FOR-US: Nisuta NS-WIR150NE router
CVE-2013-7280 (Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier a ...)
	NOT-FOR-US: HansoTools Hanso Player
CVE-2013-7279 (Cross-site scripting (XSS) vulnerability in views/video-management/pre ...)
	NOT-FOR-US: WordPress plugin S3 Video
CVE-2013-7278 (SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote  ...)
	NOT-FOR-US: Naxtech CMS Afroditi
CVE-2013-7277 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Know ...)
	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7276 (Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Re ...)
	NOT-FOR-US: WordPress plugin Recommend to a friend
CVE-2013-7275 (Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBu ...)
	NOT-FOR-US: MyBB
CVE-2013-7274 (Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082  ...)
	NOT-FOR-US: Wallpaper Script
CVE-2013-7272
	RESERVED
CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance inst ...)
	NOT-FOR-US: Amberdms Billing System
CVE-2014-1408 (The Conceptronic C54APM access point with runtime code 1.26 has a defa ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1407 (Multiple cross-site scripting (XSS) vulnerabilities on the Conceptroni ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1406 (CRLF injection vulnerability in goform/formWlSiteSurvey on the Concept ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1405 (Multiple open redirect vulnerabilities on the Conceptronic C54APM acce ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1402 (The default configuration for bccache.FileSystemBytecodeCache in Jinja ...)
	- jinja2 2.7.2-1 (low; bug #734747)
	[squeeze] - jinja2 <no-dsa> (Minor issue)
	[wheezy] - jinja2 <no-dsa> (Minor issue)
	NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
CVE-2014-1401 (Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allo ...)
	NOT-FOR-US: AuraCMS
CVE-2014-1400 (The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3  ...)
	NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1399 (The entity wrapper access API in the Entity API module 7.x-1.x before  ...)
	NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1398 (The entity wrapper access API in the Entity API module 7.x-1.x before  ...)
	NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in lib/cgraph/scan. ...)
	{DSA-2843-1}
	- graphviz 2.26.3-16.1 (bug #734745)
	NOTE: fix: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
CVE-2014-1235 (Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34 ...)
	- graphviz 2.26.3-16.1 (bug #734745)
	[wheezy] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
	[squeeze] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
	NOTE: CVE is for buffer overflow introduced by applying only 7aaddf52cd98589fb0c3ab72a393f8411838438a
	NOTE: fix: https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
CVE-2014-1234 (The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obta ...)
	NOT-FOR-US: Paratrooper Newrelic Ruby Gem
CVE-2014-1233 (The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtai ...)
	NOT-FOR-US: Paratrooper Pingdom Ruby Gem
CVE-2014-1203 (The get_login_ip_config_file function in Eyou Mail System before 3.6 a ...)
	NOT-FOR-US: Eyou Mail System
CVE-2014-0979 (The start_authentication function in lightdm-gtk-greeter.c in LightDM  ...)
	- lightdm-gtk-greeter 1.6.1-5 (bug #734472)
	NOTE: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=857303
	[wheezy] - lightdm-gtk-greeter <not-affected> (in Wheezy, lightdm restarts when the greeter crashes, so there's no DoS)
CVE-2014-0978 (Stack-based buffer overflow in the yyerror function in lib/cgraph/scan ...)
	{DSA-2843-1}
	- graphviz 2.26.3-16 (bug #734745)
	NOTE: https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
	NOTE: additional commit required (new CVE-2014-1235): https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
	NOTE: see: https://bugzilla.redhat.com/show_bug.cgi?id=1049165#c6
CVE-2014-0977 (Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Mo ...)
	{DSA-2841-1}
	- movabletype-opensource 5.2.9+dfsg-1 (bug #734304)
CVE-2014-0971
	RESERVED
CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management - Collabora ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0969 (Cross-site request forgery (CSRF) vulnerability in the GDS component i ...)
	NOT-FOR-US: IBM
CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM I ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM I ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0966 (SQL injection vulnerability in the GDS component in IBM InfoSphere Mas ...)
	NOT-FOR-US: IBM
CVE-2014-0965 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0964 (IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0963 (The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IB ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2014-0962
	RESERVED
CVE-2014-0961 (Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity ...)
	NOT-FOR-US: IBM Tivoli Identity Manager
CVE-2014-0960 (IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1 ...)
	NOT-FOR-US: IBM PureApplication System
CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1. ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0957 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
	NOT-FOR-US: IBM
CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSp ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 b ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0953 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM Web ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebS ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0950 (Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM S ...)
	NOT-FOR-US: IBM
CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design Ma ...)
	NOT-FOR-US: IBM Rational Software Architect Design
CVE-2014-0947 (Unspecified vulnerability in the server in IBM Rational Software Archi ...)
	NOT-FOR-US: IBM Rational Software Architect Design
CVE-2014-0946 (The RES Console in Rule Execution Server in IBM Operational Decision M ...)
	NOT-FOR-US: IBM
CVE-2014-0945 (Cross-site scripting (XSS) vulnerability in the RES Console in Rule Ex ...)
	NOT-FOR-US: IBM
CVE-2014-0944 (Cross-site request forgery (CSRF) vulnerability in the RES Console in  ...)
	NOT-FOR-US: IBM
CVE-2014-0943 (IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0. ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventVi ...)
	NOT-FOR-US: IBM Netcool
CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventVi ...)
	NOT-FOR-US: IBM Netcool
CVE-2014-0940 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Serv ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-0939
	RESERVED
CVE-2014-0938
	RESERVED
CVE-2014-0937
	RESERVED
CVE-2014-0936 (IBM Security AppScan Source 8.0 through 9.0, when the publish-assessme ...)
	NOT-FOR-US: IBM Security AppScan
CVE-2014-0935 (Unspecified vulnerability in IBM Smart Analytics System 7700 before FP ...)
	NOT-FOR-US: IBM Smart Analytics System
CVE-2014-0934
	RESERVED
CVE-2014-0933 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Info ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...)
	NOT-FOR-US: IBM
CVE-2014-0931 (Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN ...)
	NOT-FOR-US: IBM
CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, a ...)
	NOT-FOR-US: IBM AIX
CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles compon ...)
	NOT-FOR-US: IBM Connections
CVE-2014-0928
	RESERVED
CVE-2014-0927 (The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 a ...)
	NOT-FOR-US: IBM
CVE-2014-0926
	RESERVED
CVE-2014-0925 (Open redirect vulnerability in IBM Sterling Control Center 5.4.0 befor ...)
	NOT-FOR-US: IBM Sterling Control Center
CVE-2014-0924 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify th ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0923 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote atta ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0922 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote atta ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0921 (The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allo ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs  ...)
	NOT-FOR-US: IBM SPSS Analytic Server
CVE-2014-0919 (IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords  ...)
	NOT-FOR-US: IBM DB2
CVE-2014-0918 (Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in ...)
	NOT-FOR-US: IBM Eclipse Help System
CVE-2014-0917 (Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (I ...)
	NOT-FOR-US: IBM Eclipse Help System
CVE-2014-0916
	RESERVED
CVE-2014-0915 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5. ...)
	NOT-FOR-US: IBM iNotes
CVE-2014-0912 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0. ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0909 (The Administration and Reporting Tool in IBM Rational License Key Serv ...)
	NOT-FOR-US: IBM
CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager (BPM ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2014-0907 (Multiple untrusted search path vulnerabilities in unspecified (1) setu ...)
	NOT-FOR-US: IBM DB2
CVE-2014-0906 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-0905 (IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure f ...)
	NOT-FOR-US: IBM
CVE-2014-0904 (The update process in IBM Security AppScan Standard 7.9 through 8.8 do ...)
	NOT-FOR-US: IBM Security AppScan Standard
CVE-2014-0903
	RESERVED
CVE-2014-0902
	RESERVED
CVE-2014-0901 (Cross-site scripting (XSS) vulnerability in the Social Rendering imple ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0900 (The Device Administrator code in Android before 4.4.1_r1 might allow a ...)
	NOT-FOR-US: Android
CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workloa ...)
	NOT-FOR-US: IBM AIX
CVE-2014-0898
	RESERVED
CVE-2014-0897 (The Configuration Patterns component in IBM Flex System Manager (FSM)  ...)
	NOT-FOR-US: IBM
CVE-2014-0896 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePowe ...)
	NOT-FOR-US: IBM SPSS
CVE-2014-0894 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before  ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0893 (Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Ma ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 F ...)
	NOT-FOR-US: IBM
CVE-2014-0891 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5 ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-0889 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite ...)
	NOT-FOR-US: IBM Atlas Suite
CVE-2014-0888 (IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Workli ...)
	NOT-FOR-US: IBM
CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0886 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lo ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware Managem ...)
	NOT-FOR-US: IBM
CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale,  ...)
	NOT-FOR-US: IBM
CVE-2014-0881 (The TPM on Integrated Management Module II (IMM2) on IBM Flex System x ...)
	NOT-FOR-US: IBM
CVE-2014-0880 (IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; an ...)
	NOT-FOR-US: IBM SAN Volume Controller
CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX control  ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2014-0878 (The IBMSecureRandom component in the IBMJCE and IBMSecureRandom crypto ...)
	NOT-FOR-US: IBM JDK
CVE-2014-0877 (IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remo ...)
	NOT-FOR-US: IBM Cognos
CVE-2014-0876 (Buffer overflow in the Java GUI Configuration Wizard and Preferences E ...)
	NOT-FOR-US: IBM
CVE-2014-0875 (Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 throug ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x  ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0872 (The installation process in IBM Security Key Lifecycle Manager 2.5 sto ...)
	NOT-FOR-US: IBM
CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before  ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Al ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0869 (The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5 ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0868 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before  ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0867 (rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0866 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before  ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0865 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before  ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in Executer ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0863 (The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1,  ...)
	NOT-FOR-US: IBM
CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational Collabor ...)
	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2014-0860 (The firmware before 3.66E in IBM BladeCenter Advanced Management Modul ...)
	NOT-FOR-US: IBM
CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS) 7.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authe ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2014-0857 (The Administrative Console in IBM WebSphere Application Server (WAS) 8 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0856
	RESERVED
CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0854 (The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2014-0853 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Forward ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0852 (IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5 ...)
	NOT-FOR-US: IBM
CVE-2014-0851
	RESERVED
CVE-2014-0850 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0849 (IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0848 (The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server co ...)
	NOT-FOR-US: IBM Netezza Performance Portal
CVE-2014-0847
	RESERVED
CVE-2014-0846 (Cross-site scripting (XSS) vulnerability in IBM Rational Requirements  ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0845 (Open redirect vulnerability in IBM Rational Requirements Composer 3.x  ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0844 (Unspecified vulnerability in IBM Rational Requirements Composer 3.x be ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0843 (Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6 ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point 6.4.x a ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0841 (IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a w ...)
	NOT-FOR-US: IBM
CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Fo ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x befo ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0838 (The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0837 (The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0836 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0835 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0834 (IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 t ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2014-0833 (The OAC component in IBM Financial Transaction Manager (FTM) 2.0 befor ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0832 (Multiple cross-site scripting (XSS) vulnerabilities in configuration-d ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0831 (Cross-site request forgery (CSRF) vulnerability in the OAC component i ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation i ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0829 (Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.1 ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manag ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0827 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workl ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0826
	RESERVED
CVE-2014-0825 (Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maxi ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2014-0824 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2014-0823 (IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x bef ...)
	NOT-FOR-US: IBM Domino
CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon 2 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-0820 (Directory traversal vulnerability in the download feature in Cybozu Ga ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-0819 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 al ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2014-0818 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 al ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2014-0817 (Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not prope ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-0816 (Unspecified vulnerability in Norman Security Suite 10.1 and earlier al ...)
	NOT-FOR-US: Norman Security Suite
CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows at ...)
	NOT-FOR-US: Opera
CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allo ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-0813 (Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8 ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 a ...)
	NOT-FOR-US: KENT-WEB Joyful Note
CVE-2014-0811 (Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP ...)
	NOT-FOR-US: Blackboard Vista
CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3 ...)
	NOT-FOR-US: JustSystems Sanshiro 2007
CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka Si ...)
	NOT-FOR-US: Gapless Player SimZip
CVE-2014-0808 (The lfCheckError function in data/class/pages/shopping/LC_Page_Shoppin ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2014-0806 (The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile ...)
	NOT-FOR-US: Sleipnir Mobile application
CVE-2014-0805 (Directory traversal vulnerability in the NeoFiler application 5.4.3 an ...)
	NOT-FOR-US: NeoFiler
CVE-2014-0804 (Directory traversal vulnerability in the CGENE Security File Manager P ...)
	NOT-FOR-US: CGENE Security File Manager
CVE-2014-0803 (Directory traversal vulnerability in the tetra filer application 2.3.1 ...)
	NOT-FOR-US: tetra filer application
CVE-2014-0802 (Directory traversal vulnerability in the aokitaka ZIP with Pass applic ...)
	NOT-FOR-US: aokitaka ZIP with Pass
CVE-2014-0801
	RESERVED
CVE-2014-0800
	RESERVED
CVE-2014-0799
	RESERVED
CVE-2014-0798
	RESERVED
CVE-2014-0797
	RESERVED
CVE-2014-0796
	RESERVED
CVE-2014-0795
	RESERVED
CVE-2014-0794 (SQL injection vulnerability in the JV Comment (com_jvcomment) componen ...)
	NOT-FOR-US: JV Comment Joomla Extension
CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas  ...)
	NOT-FOR-US: Komento Joomla Extension
CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to cre ...)
	NOT-FOR-US: Sonatype Nexus
CVE-2014-0790
	RESERVED
CVE-2013-7288 (Cross-site scripting (XSS) vulnerability in the mycode_parse_video fun ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2013-7285 (Xstream API versions up to 1.4.6 and version 1.4.10, if the security f ...)
	- libxstream-java 1.4.7-1 (bug #734821)
	[wheezy] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
	[squeeze] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
	NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
	NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
	NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Stora ...)
	- libplrpc-perl <removed> (high; bug #734789)
	[squeeze] - libplrpc-perl <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream appears dead.
CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list  ...)
	- gdm3 3.8.3-1 (low; bug #683338)
	[wheezy] - gdm3 <no-dsa> (Minor issue)
	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel befor ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux ker ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7269 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel  ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel befor ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel  ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the  ...)
	{DLA-103-1}
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7262 (SQL injection vulnerability in the msPostGISLayerSetTimeFilter functio ...)
	- mapserver 6.4.1-1 (low; bug #734565)
	[wheezy] - mapserver 6.0.1-3.2+deb7u2
	[squeeze] - mapserver 5.6.5-2+squeeze3
	NOTE: https://github.com/mapserver/mapserver/issues/4834
CVE-2013-7261
	RESERVED
CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer befor ...)
	NOT-FOR-US: RealPlayer
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...)
	- freerdp <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
	NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object Acti ...)
	NOT-FOR-US: OPC Automation 2.0 Server
CVE-2014-0788
	REJECTED
CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 al ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2014-0786 (Ecava IntegraXor before 4.1.4393 allows remote attackers to read clear ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2014-0785
	REJECTED
CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...)
	NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000  ...)
	NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0782 (Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Func ...)
	NOT-FOR-US: Yokogawa CENTUM
CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
	NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0780 (Directory traversal vulnerability in NTWebServer in InduSoft Web Studi ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 componen ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-0778 (The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows  ...)
	NOT-FOR-US: Progea Movicon
CVE-2014-0777 (The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earli ...)
	NOT-FOR-US: IOServer OPC Server
CVE-2014-0776
	RESERVED
CVE-2014-0775
	REJECTED
CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider Elec ...)
	NOT-FOR-US: Schneider Electric OPC Factory Server
CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX contro ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0772 (The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 Activ ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX cont ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X- ...)
	NOT-FOR-US: Festo controller
CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0766 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0765 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0764 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech W ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0762 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows p ...)
	NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0761 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows r ...)
	NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X- ...)
	NOT-FOR-US: Festo controller
CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric Float ...)
	NOT-FOR-US: Schneider Electric Floating License Manager
CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8. ...)
	NOT-FOR-US: ICONICS
CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44  ...)
	NOT-FOR-US: Smart Software Solutions (3S) CoDeSys Runtime Toolkit
CVE-2014-0756
	REJECTED
CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not p ...)
	NOT-FOR-US: Rockwell Automation RSLogix
CVE-2014-0754 (Directory traversal vulnerability in SchneiderWEB on Schneider Electri ...)
	NOT-FOR-US: SchneiderWEB
CVE-2014-0753 (Stack-based buffer overflow in the SCADA server in Ecava IntegraXor be ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote att ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the WebView ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb  ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2014-0749 (Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open- ...)
	{DSA-2936-1}
	- torque 2.4.16+dfsg-1.4 (bug #748827)
CVE-2014-0748 (apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP0 ...)
	NOT-FOR-US: Aprun/apinit on Cray supercomputers
CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI implementation in  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0746 (The disaster recovery system (DRS) in Cisco Unified Contact Center Exp ...)
	NOT-FOR-US: Cisco Unified Contact Center
CVE-2014-0745 (Cross-site request forgery (CSRF) vulnerability in the Unified Service ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-0744
	REJECTED
CVE-2014-0743 (The Certificate Authority Proxy Function (CAPF) component in Cisco Uni ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0742 (The Certificate Authority Proxy Function (CAPF) CLI implementation in  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0741 (The certificate-import feature in the Certificate Authority Proxy Func ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0740 (Cross-site request forgery (CSRF) vulnerability in the Call Detail Rec ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0739 (Race condition in the Phone Proxy component in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-0738 (The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) S ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-0737 (The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote atta ...)
	NOT-FOR-US: The Cisco Unified IP Phone
CVE-2014-0736 (Cross-site request forgery (CSRF) vulnerability in the Call Detail Rec ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0735 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ( ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0734 (SQL injection vulnerability in the Certificate Authority Proxy Functio ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0733 (The Enterprise License Manager (ELM) component in Cisco Unified Commun ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0732 (The Real Time Monitoring Tool (RTMT) web application in Cisco Unified  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0731 (The administration interface in Cisco Unified Communications Manager ( ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-0730 (Cisco Unified Computing System (UCS) Central Software 1.1 and earlier  ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility Application (EM ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0728 (SQL injection vulnerability in the Java database interface in Cisco Un ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0727 (SQL injection vulnerability in the CallManager Interactive Voice Respo ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0726 (SQL injection vulnerability in the IP Manager Assistant (IPMA) interfa ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0725 (Cisco Unified Communications Manager (UCM) does not require authentica ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0724 (The bulk administration interface in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0723 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ( ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0722 (The log4jinit web application in Cisco Unified Communications Manager  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0721 (The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows re ...)
	NOT-FOR-US: Cisco Unified SIP Phone 3905
CVE-2014-0720 (Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows  ...)
	NOT-FOR-US: Cisco IPS
CVE-2014-0719 (The control-plane access-list implementation in Cisco IPS Software bef ...)
	NOT-FOR-US: Cisco IPS
CVE-2014-0718 (The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1 ...)
	NOT-FOR-US: Cisco IPS
CVE-2014-0717
	RESERVED
CVE-2014-0716
	RESERVED
CVE-2014-0715
	RESERVED
CVE-2014-0714
	RESERVED
CVE-2014-0713
	RESERVED
CVE-2014-0712
	RESERVED
CVE-2014-0711
	RESERVED
CVE-2014-0710 (Race condition in the cut-through proxy feature in Cisco Firewall Serv ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded p ...)
	NOT-FOR-US: Cisco UCS Director
CVE-2014-0708 (WebEx Meeting Center in Cisco WebEx Business Suite does not properly c ...)
	NOT-FOR-US: Cisco WebEx Business Suite
CVE-2014-0707 (Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7 ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0706 (Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0705 (The multicast listener discovery (MLD) service on Cisco Wireless LAN C ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0704 (The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0703 (Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distr ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0702
	RESERVED
CVE-2014-0701 (Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0700
	RESERVED
CVE-2014-0699
	RESERVED
CVE-2014-0698
	RESERVED
CVE-2014-0697
	RESERVED
CVE-2014-0696
	RESERVED
CVE-2014-0695
	RESERVED
CVE-2014-0694 (Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and ...)
	NOT-FOR-US: Cisco
CVE-2014-0693
	RESERVED
CVE-2014-0692
	RESERVED
CVE-2014-0691 (Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insuffici ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-0690
	RESERVED
CVE-2014-0689
	RESERVED
CVE-2014-0688
	RESERVED
CVE-2014-0687
	RESERVED
CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0685 (Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware all ...)
	NOT-FOR-US: Cisco
CVE-2014-0684 (Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause  ...)
	NOT-FOR-US: Cisco
CVE-2014-0683 (The web management interface on the Cisco RV110W firewall with firmwar ...)
	NOT-FOR-US: Cisco
CVE-2014-0682 (Cisco WebEx Meetings Server allows remote authenticated users to bypas ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-0681 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...)
	NOT-FOR-US: Cisco Identity Service Engine
CVE-2014-0680 (Cross-site scripting (XSS) vulnerability in the HTTP control interface ...)
	NOT-FOR-US: Cisco Identity Service Engine
CVE-2014-0679 (Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1 ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-0678 (The portal interface in Cisco Secure Access Control System (ACS) does  ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS all ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command rest ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication Ser ...)
	NOT-FOR-US: Cisco
CVE-2014-0674 (Cisco Video Surveillance Operations Manager (VSOM) does not require au ...)
	NOT-FOR-US: Cisco Video Surveillance Operations Manager
CVE-2014-0673 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Cisco Video Surveillance
CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly en ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote attacker ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2014-0670 (Cross-site scripting (XSS) vulnerability in the Search and Play interf ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2014-0669 (The Wireless Session Protocol (WSP) feature in the Gateway GPRS Suppor ...)
	NOT-FOR-US: Cisco ASR 5000
CVE-2014-0668 (Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0667 (The RMI interface in Cisco Secure Access Control System (ACS) does not ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0666 (Directory traversal vulnerability in the Send Screen Capture implement ...)
	NOT-FOR-US: Cisco Jabber
CVE-2014-0665 (The RBAC implementation in Cisco Identity Services Engine (ISE) Softwa ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-0664 (The server in Cisco Unity Connection allows remote authenticated users ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2014-0663 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0662 (The SIP module in Cisco TelePresence Video Communication Server (VCS)  ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-0661 (The System Status Collection Daemon (SSCD) in Cisco TelePresence Syste ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-0660 (Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows  ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-0659 (The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS440 ...)
	NOT-FOR-US: Cisco Small Business Devices
CVE-2014-0658 (Cisco 9900 Unified IP phones allow remote attackers to cause a denial  ...)
	NOT-FOR-US: Cisco 9900 Unified IP phones
CVE-2014-0657 (The administration portal in Cisco Unified Communications Manager (Uni ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0656 (Cisco Context Directory Agent (CDA) allows remote authenticated users  ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0655 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-0654 (Cisco Context Directory Agent (CDA) allows remote attackers to modify  ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0653 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-0652 (Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0651 (The administrative interface in Cisco Context Directory Agent (CDA) do ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0650 (The web interface in Cisco Secure Access Control System (ACS) 5.x befo ...)
	NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0649 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x befo ...)
	NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0648 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x befo ...)
	NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0647 (The Starbucks 2.6.1 application for iOS stores sensitive information i ...)
	NOT-FOR-US: Starbucks iOS application
CVE-2014-0646 (The runtime WS component in the server in EMC RSA Access Manager 6.1.3 ...)
	NOT-FOR-US: EMC
CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Manageme ...)
	NOT-FOR-US: EMC
CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attacke ...)
	NOT-FOR-US: EMC
CVE-2014-0643 (EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 1 ...)
	NOT-FOR-US: EMC RSA NetWitness and RSA Security Analytics
CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13,  ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-0641 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC  ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-0640 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authentic ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer  ...)
	NOT-FOR-US: RSA Archer
CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive Authenticatio ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office case-manag ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x b ...)
	NOT-FOR-US: EMC RSA BSAFE Micro Edition Suite
CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x b ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTT ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0633 (The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not prop ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5. ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0631
	REJECTED
CVE-2014-0630 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
	NOT-FOR-US: EMC
CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
	NOT-FOR-US: EMC
CVE-2014-0628 (The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0 ...)
	NOT-FOR-US: EMC
CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1 ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1. ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0624 (EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properl ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0623 (Cross-site scripting (XSS) vulnerability in the Self-Service Console i ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 throug ...)
	NOT-FOR-US: EMC Documentum Foundation Services
CVE-2014-0621 (Multiple cross-site request forgery (CSRF) vulnerabilities in Technico ...)
	NOT-FOR-US: Technicolor TC7200 STD6.01.12
CVE-2014-0620 (Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (fo ...)
	NOT-FOR-US: Technicolor TC7200 STD6.01.12
CVE-2014-0619 (Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1 ...)
	NOT-FOR-US: Hamster Free ZIP Archiver
CVE-2014-0618 (Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R be ...)
	NOT-FOR-US: SRX Services Gateways
CVE-2014-0617 (Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before  ...)
	NOT-FOR-US: SRX Services Gateways
CVE-2014-0616 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 1 ...)
	NOT-FOR-US: Juniper JunOS
CVE-2014-0615 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 1 ...)
	NOT-FOR-US: JunOS CLI
CVE-2014-0614 (Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is e ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 b ...)
	NOT-FOR-US: JunOS
CVE-2014-0612 (Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kern ...)
	- linux-2.6 <not-affected> (Introduced in 3.10)
	- linux 3.12.6-1 (low)
	[wheezy] - linux <not-affected> (Introduced in 3.10)
CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel b ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.54-1
	- linux 3.12.6-1 (low)
CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.54-1
	- linux 3.12.6-1 (low)
CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before en ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.12.6-1 (low)
	[wheezy] - linux 3.2.54-1 (low)
CVE-2013-7251 (Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectF ...)
	NOT-FOR-US: ProjectForge
CVE-2013-7250 (Cross-site scripting (XSS) vulnerability in the JsonBuilder implementa ...)
	NOT-FOR-US: ProjectForge
CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550
CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550
CVE-2013-7246 (Buffer overflow in the IconCreate method in an ActiveX control in the  ...)
	NOT-FOR-US: DaumGame ActiveX plugin
CVE-2013-7245 (The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows  ...)
	NOT-FOR-US: SAP Sybase ASE
CVE-2013-7244
	RESERVED
CVE-2013-7243 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3 ...)
	NOT-FOR-US: GetSimple CMS
CVE-2013-7238
	RESERVED
CVE-2013-7237
	RESERVED
CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3  ...)
	NOT-FOR-US: ProjectForge
CVE-2009-5138 (GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag  ...)
	- gnutls26 2.7.12-1
	- gnutls28 <not-affected> (Only affects versions before 2.7.6)
	NOTE: Only affects version prior of 2.7.6, fix: https://gitlab.com/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd
	NOTE: and the issue has different root than CVE-2014-1959
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1069301
CVE-2009-5137 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows r ...)
	NOT-FOR-US: CastRipper
CVE-2014-0611 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in No ...)
	NOT-FOR-US: Novell GroupWise
CVE-2014-0610 (The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and  ...)
	NOT-FOR-US: Novell GroupWise
CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0608
	RESERVED
CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream Proces ...)
	NOT-FOR-US: Attachmate Verastream Process Designer
CVE-2014-0606
	REJECTED
CVE-2014-0605 (Directory traversal vulnerability in the rftpcom.dll ActiveX control i ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-0604 (Directory traversal vulnerability in the rftpcom.dll ActiveX control i ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-0603 (The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client be ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in the NQMc ...)
	NOT-FOR-US: NetIQ Security Manager
CVE-2014-0601
	RESERVED
CVE-2014-0600 (FileUploadServlet in the Administration service in Novell GroupWise 20 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2014-0599 (Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Ente ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0598 (Directory traversal vulnerability in iPrint in Novell Open Enterprise  ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0597
	RESERVED
CVE-2014-0596
	RESERVED
CVE-2014-0595 (/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open ...)
	NOT-FOR-US: Novel OES
CVE-2014-0594 (In the Open Build Service (OBS) before version 2.4.6 the CSRF protecti ...)
	- open-build-service <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=870606
CVE-2014-0593 (The set_version script as shipped with obs-service-set_version is a so ...)
	NOT-FOR-US: script for OBS
CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
	NOT-FOR-US: Crowbar
CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND 9. ...)
	{DSA-3023-1 DLA-48-1}
	- bind9 1:9.9.5.dfsg-2 (bug #735190)
	NOTE: https://kb.isc.org/article/AA-01078
	NOTE: https://kb.isc.org/article/AA-01085
CVE-2013-7259 (Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1. ...)
	- neo4j-community <itp> (bug #685615)
	NOTE: http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
CVE-2013-7258 (Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1. ...)
	- web2ldap <removed> (low; bug #734107)
CVE-2013-7257 (Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote ...)
	NOT-FOR-US: Codiad
CVE-2013-7256 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...)
	NOT-FOR-US: Ops View
CVE-2013-7255 (Open redirect vulnerability in Opsview before 4.4.2 allows remote atta ...)
	NOT-FOR-US: Ops View
CVE-2013-7254 (Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allow ...)
	NOT-FOR-US: Ops View
CVE-2013-7253
	RESERVED
CVE-2013-7252 (kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ...)
	- kde-runtime 4:4.12.2-1
	[wheezy] - kde-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
	- kdebase-runtime <removed>
	[squeeze] - kdebase-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
	NOTE: http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
	NOTE: Upstream advisory: https://www.kde.org/info/security/advisory-20150109-1.txt
CVE-2013-7233 (Cross-site request forgery (CSRF) vulnerability in the retrospam compo ...)
	- wordpress <unfixed> (unimportant)
	NOTE: issue only allows comments from posts to be moved to "needs moderation" list
CVE-2013-7232 (SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 all ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2013-7231 (Cross-site scripting (XSS) vulnerability in the Mobile Content Server  ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2013-7230
	RESERVED
CVE-2013-7229
	RESERVED
CVE-2013-7228
	RESERVED
CVE-2013-7227
	RESERVED
CVE-2013-7226 (Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5 ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	NOTE: https://bugs.php.net/bug.php?id=66356
	NOTE: http://www.php.net/manual/en/function.imagecrop.php
CVE-2013-7219 (SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com ...)
	NOT-FOR-US: Joomla component com_sexypolling
CVE-2013-7218
	RESERVED
CVE-2013-7217 (Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and ear ...)
	NOT-FOR-US: Zimbra
CVE-2013-7216 (Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allo ...)
	NOT-FOR-US: Classifieds Creator
CVE-2013-7215
	RESERVED
CVE-2013-7214
	RESERVED
CVE-2013-7213
	RESERVED
CVE-2013-7212
	RESERVED
CVE-2013-7211
	RESERVED
CVE-2013-7210
	RESERVED
CVE-2013-7209 (Cross-site request forgery (CSRF) vulnerability in admBase/login.page  ...)
	NOT-FOR-US: jForum
CVE-2013-7208
	RESERVED
CVE-2013-7207
	RESERVED
CVE-2013-7206
	RESERVED
CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Co ...)
	NOT-FOR-US: Conceptronic CIPCAMPTIWL Camera
CVE-2013-7202 (The WebHybridClient class in PayPal 5.3 and earlier for Android allows ...)
	NOT-FOR-US: Paypal for Android
CVE-2013-7201 (WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL ...)
	NOT-FOR-US: Paypal for Android
CVE-2013-7200
	RESERVED
CVE-2013-7199
	RESERVED
CVE-2013-7198
	RESERVED
CVE-2013-7197
	RESERVED
CVE-2012-6619 (The default configuration for MongoDB before 2.3.2 does not validate o ...)
	- mongodb 1:2.4.1-1
	[wheezy] - mongodb <no-dsa> (Workaround exists, intrusive change)
	[squeeze] - mongodb <no-dsa> (Workaround exists, intrusive change)
	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/11822
	NOTE: https://jira.mongodb.org/browse/SERVER-7769
CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmpeg be ...)
	{DSA-2947-1}
	- libav 6:9.11-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before 1. ...)
	- libav 6:9.11-1
	[wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
	- ffmpeg <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314
CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpe ...)
	- libav <not-affected> (Vulnerable code not present in libav)
	- ffmpeg <not-affected> (Vulnerable code not present in older ffmpeg)
CVE-2012-6615 (The ff_ass_split_override_codes function in libavcodec/ass_split.c in  ...)
	- libav <not-affected> (Vulnerable code not present in libav)
	- ffmpeg <not-affected> (Vulnerable code not present in older ffmpeg)
CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets, whic ...)
	- bip 0.8.9-1
	[squeeze] - bip <no-dsa> (Minor issue)
	[wheezy] - bip <no-dsa> (Minor issue)
	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2014-0590 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0589 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0588 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0587 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0586 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0585 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0584 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0583 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0582 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0581 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0580 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0579
	REJECTED
CVE-2014-0578 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0577 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0576 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0575
	REJECTED
CVE-2014-0574 (Double free vulnerability in Adobe Flash Player before 13.0.0.252 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0573 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0572 (Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 b ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-0571 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 befor ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-0570 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-0569 (Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0568 (The NtSetInformationFile system call hook feature in Adobe Reader and  ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0567 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0566 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0565 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0564 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0563 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0562 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0561 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0560 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0559 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0558 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0557 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0556 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0555 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0554 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0553 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0552 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0551 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0550 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0549 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0548 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0547 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0546 (Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 o ...)
	NOT-FOR-US: Adobe
CVE-2014-0545 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0544 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0543 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0542 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0541 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0540 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0539 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0538 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0537 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0535 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0534 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0533 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0532 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0531 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0530
	REJECTED
CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0527 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0526 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0525 (The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x befor ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0524 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0523 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0522 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0521 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0520 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0519 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0518 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0517 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0516 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x t ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not p ...)
	NOT-FOR-US: Adobe Reader Mobile application
CVE-2014-0513 (Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and ...)
	NOT-FOR-US: Adobe Illustrator CS6
CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protecti ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attac ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0510 (Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remo ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0509 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0508 (Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0507 (Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x t ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x befor ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x befor ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 an ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0501 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0500 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x befor ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269  ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0495 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0494 (Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Digital Editions
CVE-2014-0493 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0490 (The apt-get download command in APT before 1.0.9 does not properly val ...)
	{DSA-3025-1}
	- apt 0.9.12
	NOTE: fixed with commit http://anonscm.debian.org/cgit/apt/apt.git/commit/?id=d57f6084aaa3972073114973d149ea2291b36682
	[squeeze] - apt <not-affected> (apt download command and vulnerable code not present)
CVE-2014-0489 (APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, doe ...)
	{DSA-3025-1 DLA-53-1}
	- apt 1.0.9
CVE-2014-0488 (APT before 1.0.9 does not "invalidate repository data" when moving fro ...)
	{DSA-3025-1 DLA-53-1}
	- apt 1.0.9
CVE-2014-0487 (APT before 1.0.9 does not verify downloaded files if they have been mo ...)
	{DSA-3025-1 DLA-53-1}
	- apt 1.0.9
CVE-2014-0486 (Knot DNS before 1.5.2 allows remote attackers to cause a denial of ser ...)
	- knot 1.5.2-1
CVE-2014-0485 (S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which  ...)
	{DSA-3013-1}
	- s3ql 2.10.1+dfsg-4 (high)
CVE-2014-0484 (The Debian acpi-support package before 0.140-5+deb7u3 allows local use ...)
	{DSA-3020-1 DLA-49-1}
	- acpi-support 0.142-4
CVE-2014-0483 (The administrative interface (contrib.admin) in Django before 1.4.14,  ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0482 (The contrib.auth.middleware.RemoteUserMiddleware middleware in Django  ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0481 (The default configuration for the file upload handling system in Djang ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0480 (The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x  ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remot ...)
	{DSA-2997-1 DLA-31-1}
	- reportbug 6.5.0+nmu1
	[squeeze] - reportbug 4.12.6+deb6u1
CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which all ...)
	{DSA-2958-1 DLA-0005-1}
	- apt 1.0.4 (bug #749795)
	[squeeze] - apt 0.8.10.3+squeeze2
CVE-2014-0477 (The parse function in Email::Address module before 1.905 for Perl uses ...)
	{DSA-2969-1 DLA-0011-1}
	- libemail-address-perl 1.905-1
	[squeeze] - libemail-address-perl 1.889-2+deb6u1
CVE-2014-0476 (The slapper function in chkrootkit before 0.50 does not properly quote ...)
	{DSA-2945-1 DLA-0002-1}
	- chkrootkit 0.49-5
	[squeeze] - chkrootkit 0.49-4+deb6u1
CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka gli ...)
	{DSA-2976-1 DLA-43-1}
	- glibc 2.19-6
	- eglibc <removed>
CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressFie ...)
	{DSA-2934-1}
	- python-django 1.6.3-1
CVE-2014-0473 (The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6 ...)
	{DSA-2934-1}
	- python-django 1.6.3-1
CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...)
	{DSA-2934-1}
	- python-django 1.6.3-1
CVE-2014-0471 (Directory traversal vulnerability in the unpacking functionality in dp ...)
	{DSA-2915-1}
	- dpkg 1.17.8
CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the setuid  ...)
	{DSA-2917-1}
	- super 3.30.0-7
CVE-2014-0469 (Stack-based buffer overflow in a certain Debian patch for xbuffy befor ...)
	{DSA-2921-1}
	- xbuffy 3.3.bl.3.dfsg-9
CVE-2014-0468
	RESERVED
	- fusionforge 5.3+20140506-1
	[squeeze] - fusionforge <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html
CVE-2014-0467 (Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attacker ...)
	{DSA-2874-1}
	- mutt 1.5.22-2 (bug #708731)
CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when exe ...)
	{DSA-2892-1}
	- a2ps 1:4.14-1.3 (bug #742902)
CVE-2013-7196 (static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authen ...)
	NOT-FOR-US: PHPFox
CVE-2013-7195 (PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass int ...)
	NOT-FOR-US: PHPFox
CVE-2013-7194 (Multiple cross-site scripting (XSS) vulnerabilities in www/administrat ...)
	NOT-FOR-US: eFront
CVE-2013-7193 (Multiple SQL injection vulnerabilities in C2C Forward Auction Creator  ...)
	NOT-FOR-US: C2C Forward Auction Creator
CVE-2013-7192 (Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder  ...)
	NOT-FOR-US: Dynamic Biz Website Builder
CVE-2013-7190 (Multiple directory traversal vulnerabilities in iScripts AutoHoster, p ...)
	NOT-FOR-US: iScripts AutoHoster
CVE-2013-7186 (Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remo ...)
	NOT-FOR-US: Steinberg MyMp3PRO
CVE-2013-7185 (PotPlayer 1.5.40688: .avi File Memory Corruption ...)
	NOT-FOR-US: PotPlayer
CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attacke ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote att ...)
	NOT-FOR-US: Seowon Intech SWC-9100
CVE-2013-7182 (Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdl ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fort ...)
	NOT-FOR-US: FortiWeb
CVE-2013-7180 (Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLO ...)
	NOT-FOR-US: Cobham
CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC- ...)
	NOT-FOR-US: Seowon Intech SWC-9100 routers
CVE-2013-7178
	RESERVED
CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban b ...)
	{DSA-2979-1 DLA-0021-1}
	- fail2ban 0.8.11-1
	[squeeze] - fail2ban 0.8.4-3+squeeze3
	NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before  ...)
	{DSA-2979-1 DLA-0021-1}
	- fail2ban 0.8.11-1
	[squeeze] - fail2ban 0.8.4-3+squeeze3
CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam Mana ...)
	NOT-FOR-US: Avanset Visual CertExam Manager
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...)
	NOT-FOR-US: QNAP QTS
CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...)
	NOT-FOR-US: Belkin
CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...)
	- libiodbc2 <not-affected> (RPATH issue slackware specific)
CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...)
	- llvm-2.9 <not-affected> (RPATH issue slackware specific)
	- llvm-3.0 <not-affected> (RPATH issue slackware specific)
	- llvm-3.1 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-3.2 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-3.3 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-3.4 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-snapshot <not-affected> (RPATH issue slackware specific)
CVE-2013-7170
	RESERVED
CVE-2013-7169
	REJECTED
CVE-2013-7168
	REJECTED
CVE-2013-7167
	REJECTED
CVE-2013-7166
	REJECTED
CVE-2013-7165
	REJECTED
CVE-2013-7164
	REJECTED
CVE-2013-7163
	RESERVED
CVE-2013-7162
	RESERVED
CVE-2013-7161
	RESERVED
CVE-2013-7160
	RESERVED
CVE-2013-7159
	RESERVED
CVE-2013-7158
	RESERVED
CVE-2013-7157
	RESERVED
CVE-2013-7156
	RESERVED
CVE-2013-7155
	RESERVED
CVE-2013-7154
	RESERVED
CVE-2013-7153
	RESERVED
CVE-2013-7152
	RESERVED
CVE-2013-7151
	RESERVED
CVE-2013-7150
	RESERVED
CVE-2014-0465 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0464 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers  ...)
	- openjdk-7 <not-affected> (Only affects Java 8)
	- openjdk-6 <not-affected> (Only affects Java 8)
CVE-2014-0463 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers  ...)
	- openjdk-7 <not-affected> (Only affects Java 8)
	- openjdk-6 <not-affected> (Only affects Java 8)
CVE-2014-0462 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...)
	{DSA-2912-1}
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0460 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	{DSA-2923-1 DSA-2912-1}
	- lcms <unfixed>
	[squeeze] - lcms <no-dsa> (Minor issue)
	[wheezy] - lcms <no-dsa> (Minor issue)
	- lcms2 2.6-1 (low; bug #745471)
	[wheezy] - lcms2 <no-dsa> (Minor issue)
CVE-2014-0458 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0457 (Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0456 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0455 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-0454 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-0453 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0452 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0451 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0449 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0448 (Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote a ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0447 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...)
	NOT-FOR-US: Solaris
CVE-2014-0446 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0444 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Pro ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0443 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0442 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2014-0441 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0440 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0439 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0438 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0437 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mysql-5.5 5.5.35+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0436 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hype ...)
	NOT-FOR-US: Oracle
CVE-2014-0435 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0434 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0433 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0432 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0430 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0429 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0427 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0426 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0425 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Pr ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0424 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0423 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0421 (Unspecified vulnerability in Oracle Solaris 10, when running on the SP ...)
	NOT-FOR-US: Solaris
CVE-2014-0420 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1}
	- mariadb-5.5 5.5.35-1
	- mysql-5.5 5.5.35+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0419 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...)
	NOT-FOR-US: Oracle Secure Global Desktop
CVE-2014-0418 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0417 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2014-0416 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0415 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0414 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0413 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mysql-5.5 5.5.35+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0411 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0410 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0409
	REJECTED
CVE-2014-0408 (Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 <not-affected> (Specific to MacOS X)
CVE-2014-0407 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2014-0406 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2014-0405 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox-guest-additions <removed> (bug #735410)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
	- virtualbox-guest-additions-iso 4.3.10-1 (bug #735410)
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
CVE-2014-0404 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2014-0403 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0402 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0401 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0400 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0399 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0398 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-0397 (Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-0396 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0395 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0393 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0392 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0391 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0390 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-0389 (Unspecified vulnerability in Oracle iLearning 6.0 allows remote attack ...)
	NOT-FOR-US: Oracle iLearning
CVE-2014-0388 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Reso ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0387 (Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, whe ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0386 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0385 (Unspecified vulnerability in Oracle Java SE 7u45, when installing on O ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 <not-affected> (Specific to MacOS X)
CVE-2014-0384 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0383 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0382 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 all ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-0381 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0380 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0379 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0378 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-0377 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-0376 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0375 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0374 (Unspecified vulnerability in the Oracle Portal component in Oracle Fus ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0373 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, an ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0372 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0371 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0370 (Unspecified vulnerability in the Siebel Life Sciences component in Ora ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-0369 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-0368 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, an ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0367 (Unspecified vulnerability in the Hyperion Essbase Administration Servi ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-0366 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-7249 (Fat Free CRM before 0.12.1 does not restrict XML serialization, which  ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7242 (SQL injection vulnerability in zp-core/zp-extensions/wordpress_import. ...)
	NOT-FOR-US: Zenphoto
CVE-2013-7241 (Cross-site scripting (XSS) vulnerability in the export function in zp- ...)
	NOT-FOR-US: Zenphoto
CVE-2013-7240 (Directory traversal vulnerability in download-file.php in the Advanced ...)
	NOT-FOR-US: Dewplayer
CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass authenticati ...)
	{DSA-2832-1}
	- memcached 1.4.13-0.3 (bug #733643)
	[squeeze] - memcached <not-affected> (vulnerable code present, but SASL authentication support not enabled)
	NOTE: https://code.google.com/p/memcached/wiki/ReleaseNotes1417
	NOTE: https://code.google.com/p/memcached/issues/detail?id=316
	NOTE: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32
CVE-2013-7236 (Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote a ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-7235 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-7234 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-7225 (Multiple SQL injection vulnerabilities in app/controllers/home_control ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7224 (Fat Free CRM before 0.12.1 does not restrict JSON serialization, which ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7223 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7222 (config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has  ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7221 (The automatic screen lock functionality in GNOME Shell (aka gnome-shel ...)
	- gnome-shell 3.10.1-1
	[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=708313
	NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088
CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allo ...)
	- gnome-shell 3.8.4-1
	[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740
	NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94
CVE-2013-7205 (Off-by-one error in the process_cgivars function in contrib/daemonchk. ...)
	{DLA-1615-1}
	- nagios3 <removed> (low; bug #771466)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: additional changed files for nagios3, cf. CVE-2013-7108
	NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
	NOTE: See also https://github.com/Icinga/icinga-core/issues/1399
CVE-2013-7203 (gitolite before commit fa06a34 might allow local users to read arbitra ...)
	- gitolite3 3.5.3.1-1
	NOTE: http://marc.info/?l=oss-security&m=138783069700756&w=2
CVE-2013-7191 (Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot al ...)
	NOT-FOR-US: Tenmiles Helpdesk Pilot
CVE-2013-7189 (Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibl ...)
	NOT-FOR-US: iScripts AutoHoster
CVE-2013-7188 (Cross-site scripting (XSS) vulnerability in KBKP Software HostBill bef ...)
	NOT-FOR-US: HostBill
CVE-2013-7187 (SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7  ...)
	NOT-FOR-US: WordPress plugin FormCraft
CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-R ...)
	NOT-FOR-US: Revive Adserver
CVE-2013-7148
	REJECTED
CVE-2013-7147
	REJECTED
CVE-2013-7146
	REJECTED
CVE-2013-7145
	REJECTED
CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X doe ...)
	NOT-FOR-US: LINE
CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7140 (XML External Entity (XXE) vulnerability in the CalDAV interface in Ope ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content M ...)
	NOT-FOR-US: Horizon CMS
CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in Horiz ...)
	NOT-FOR-US: Horizon CMS
CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 al ...)
	NOT-FOR-US: Burden
CVE-2013-7136 (The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have  ...)
	NOT-FOR-US: Cisco
CVE-2013-7135 (The Proc::Daemon module 0.14 for Perl uses world-writable permissions  ...)
	- libproc-daemon-perl 0.14-2 (low; bug #732283)
	[wheezy] - libproc-daemon-perl <no-dsa> (Minor issue)
	[squeeze] - libproc-daemon-perl <not-affected> (does not have pid_file option)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=91450
CVE-2013-7134 (Juvia uses the same secret key for all installations, which allows rem ...)
	NOT-FOR-US: Juvia
CVE-2013-7133
	RESERVED
CVE-2013-7132
	RESERVED
CVE-2013-7131
	RESERVED
CVE-2013-7130 (The i_create_images_and_backing (aka create_images_and_backing) method ...)
	- nova 2013.2.2 (low; bug #736465)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/nova/+bug/1251590
CVE-2013-7129 (Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1. ...)
	NOT-FOR-US: WordPress theme
CVE-2013-7128 (Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valv ...)
	NOT-FOR-US: SteamOS
CVE-2013-7127 (Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext cred ...)
	NOT-FOR-US: Apple Safari
CVE-2013-7126
	REJECTED
CVE-2013-7125
	REJECTED
CVE-2013-7124
	REJECTED
CVE-2013-7123
	REJECTED
CVE-2013-7122
	REJECTED
CVE-2013-7121
	REJECTED
CVE-2013-7120
	REJECTED
CVE-2013-7119
	REJECTED
CVE-2013-7118
	REJECTED
CVE-2013-7117
	REJECTED
CVE-2013-7116
	REJECTED
CVE-2013-7115
	REJECTED
CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...)
	- glance 2012.1~e4-1
	NOTE: https://github.com/openstack/glance/commit/804396204e23ebb
CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-7103 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-7102 (Multiple unrestricted file upload vulnerabilities in (1) media-upload. ...)
	NOT-FOR-US: WordPress theme OptimizePress
CVE-2013-7101
	RESERVED
CVE-2013-7100 (Buffer overflow in the unpacksms16 function in apps/app_sms.c in Aster ...)
	{DSA-2835-1}
	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-006.html
	- asterisk 1:11.7.0~dfsg-1 (bug #732355)
CVE-2013-7099
	RESERVED
CVE-2013-7098 (OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflo ...)
	- openconnect 5.02-1
CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac bef ...)
	NOT-FOR-US: eduTrac
CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...)
	NOT-FOR-US: Sap EMR
CVE-2013-7095 (The XML parser (crm_flex_data) in SAP Customer Relationship Management ...)
	NOT-FOR-US: Sap CRM
CVE-2013-7094 (SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-7093 (SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attack ...)
	NOT-FOR-US: SAP Network Interface Router
CVE-2013-7092 (Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/ ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-7091 (Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,Aj ...)
	NOT-FOR-US: Zimbra
CVE-2013-7090
	RESERVED
CVE-2013-7084
	RESERVED
CVE-2013-7114 (Multiple buffer overflows in the create_ntlmssp_v2_key function in epa ...)
	{DSA-2825-1}
	- wireshark 1.10.4-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-68.html
CVE-2013-7113 (epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.1 ...)
	{DSA-2825-1}
	- wireshark 1.10.4-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-67.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488
CVE-2013-7112 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...)
	{DLA-497-1}
	- wireshark 1.10.4-1 (unimportant)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
	NOTE: Not suitable for code injection
CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the Bas ...)
	NOT-FOR-US: Bio Basespace SDK Ruby Gem
CVE-2013-7110 (Transifex command-line client before 0.10 does not validate X.509 cert ...)
	- transifex-client 0.10-1
	[wheezy] - transifex-client <not-affected> (Incomplete patch was never released)
	NOTE: fix for CVE-2013-2073 was incorrect/incomplete
	NOTE: https://github.com/transifex/transifex-client/issues/42
	NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, a ...)
	{DSA-2956-1 DLA-1615-1 DLA-60-1}
	- icinga 1.10.2-1 (low)
	- nagios3 <removed> (low; bug #771466)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.org/issues/5251
	NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
	NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1 ...)
	{DSA-2956-1}
	- icinga 1.10.2-1 (low)
	[squeeze] - icinga <no-dsa> (Minor issue)
	- nagios3 <removed> (low)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.org/issues/5346
CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 befo ...)
	{DSA-2956-1}
	- icinga 1.10.2-1
	[squeeze] - icinga <not-affected> (Vulnerable code not present)
	NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7083
	RESERVED
CVE-2013-7068 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allow ...)
	NOT-FOR-US: Drupal module
CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not prop ...)
	NOT-FOR-US: Drupal module
CVE-2013-7066 (The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allo ...)
	NOT-FOR-US: Drupal module
CVE-2013-7065 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allow ...)
	NOT-FOR-US: Drupal module
CVE-2013-7064 (Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance m ...)
	NOT-FOR-US: Drupal module
CVE-2013-7063 (The Invitation module 7.x-2.x for Drupal does not properly check permi ...)
	NOT-FOR-US: Drupal module
CVE-2013-7059
	RESERVED
CVE-2013-7058
	RESERVED
CVE-2013-7057 (Cross-site request forgery (CSRF) vulnerability in Axway SecureTranspo ...)
	NOT-FOR-US: Axway SecureTransport
CVE-2013-7056
	RESERVED
CVE-2013-7055 (D-Link DIR-100 4.03B07 has PPTP and poe information disclosure ...)
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7054 (D-Link DIR-100 4.03B07: cli.cgi XSS ...)
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7053 (D-Link DIR-100 4.03B07: cli.cgi CSRF ...)
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7052 (D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi ...)
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7051 (D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to chec ...)
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7047
	RESERVED
CVE-2013-7046
	RESERVED
CVE-2013-7045
	RESERVED
CVE-2013-7044
	RESERVED
CVE-2013-7043 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Sc ...)
	NOT-FOR-US: Cisco
CVE-2013-7042 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readab ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2013-7037
	RESERVED
CVE-2013-7036
	RESERVED
CVE-2013-7035
	RESERVED
CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in LiveZi ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext i ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based o ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7031
	RESERVED
CVE-2013-7030 (** DISPUTED ** The TFTP service in Cisco Unified Communications Manage ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-7029
	RESERVED
CVE-2013-7028
	RESERVED
CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in net/wireless/radiotap ...)
	- linux 3.11.7-1 (unimportant)
	[wheezy] - linux 3.2.53-1
	- linux-2.6 <removed> (unimportant)
	NOTE: Non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=1040010#c1
CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12. ...)
	- linux 3.12.5-1
	[wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
	- linux-2.6 <not-affected> (Introduced in 8b8d52ac382b)
CVE-2013-7089 (ClamAV before 0.97.7: dbg_printhex possible information leak ...)
	- clamav 0.97.7+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
CVE-2013-7088 (ClamAV before 0.97.7 has buffer overflow in the libclamav component ...)
	- clamav 0.97.7+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
CVE-2013-7087 (ClamAV before 0.97.7 has WWPack corrupt heap memory ...)
	- clamav 0.97.7+dfsg-1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38
	NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c
CVE-2013-7086 (The message function in lib/webbynode/notify.rb in the Webbynode gem 1 ...)
	NOT-FOR-US: Ruby Gem Webbynode
CVE-2013-7085 (Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows re ...)
	- devscripts 2.13.9 (bug #732006)
	[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
	[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
CVE-2013-7082 (Cross-site scripting (XSS) vulnerability in the errorAction method in  ...)
	NOT-FOR-US: TYPO3 Flow
	NOTE: https://review.typo3.org/#/c/26176/
	NOTE: CVE assigned for TYPO3 Flow, correspond to CVE-2013-7078
CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31 ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26182/
CVE-2013-7080 (The creating record functionality in Extension table administration li ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26178/
CVE-2013-7079 (Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 thr ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26179/
CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in  ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26176/
CVE-2013-7077 (Cross-site scripting (XSS) vulnerability in the Backend User Administr ...)
	- typo3-src <not-affected> (Affects versions 6.0.0 to 6.0.11, 6.1.0 to 6.1.6)
CVE-2013-7076 (Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26181/
CVE-2013-7075 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4 ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26175/
CVE-2013-7074 (Multiple cross-site scripting (XSS) vulnerabilities in Content Editing ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26184/
	NOTE: https://review.typo3.org/#/c/26183/
	NOTE: https://review.typo3.org/#/c/26177/
CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4 ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26180/
CVE-2013-7072
	REJECTED
CVE-2013-7071 (Cross-site scripting (XSS) vulnerability in the handle_request functio ...)
	NOT-FOR-US: Monitorix
CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix before 3 ...)
	NOT-FOR-US: Monitorix
CVE-2013-7062 (Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used i ...)
	- zope2.12 <removed> (low)
	[wheezy] - zope2.12 <no-dsa> (Minor issue)
	- zope2.13 <not-affected> (Vulnerable code not present)
CVE-2013-7061 (Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows rem ...)
	NOT-FOR-US: Plone
CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows rem ...)
	NOT-FOR-US: Plone
CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...)
	NOTE: vulnerable code not found in Debian
	NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
	NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlie ...)
	- nova 2013.2.2 (bug #732022)
	[wheezy] - nova <not-affected> (Support for live snapshots added later)
	NOTE: https://bugs.launchpad.net/nova/+bug/1227027
CVE-2013-7050 (The get_main_source_dir function in scripts/uscan.pl in devscripts bef ...)
	- devscripts 2.13.8 (bug #731849)
	[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
	[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
	NOTE: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5
CVE-2013-7069 (ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary  ...)
	- ack-grep 2.12-1 (bug #731848)
	[wheezy] - ack-grep <not-affected> (don't support per-project .ackrc files)
	[squeeze] - ack-grep <not-affected> (don't support per-project .ackrc files)
	NOTE: https://github.com/petdance/ack2/issues/399
CVE-2013-7025 (Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlert ...)
	NOT-FOR-US: Dell SonicWALL Global Management System
CVE-2013-7007
	RESERVED
CVE-2013-7006
	RESERVED
CVE-2013-7005 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware be ...)
	NOT-FOR-US: D-Link DSR-150
CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware be ...)
	NOT-FOR-US: D-Link DSR-150
CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...)
	NOT-FOR-US: LiveZilla
CVE-2012-6614 (D-Link DSR-250N devices before 1.08B31 allow remote authenticated user ...)
	NOT-FOR-US: D-Link
CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root ...)
	NOT-FOR-US: D-Link
CVE-2014-0365
	RESERVED
CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API before ...)
	NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964)
CVE-2014-0363 (The ServerTrustManager component in the Ignite Realtime Smack XMPP API ...)
	NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964)
CVE-2014-0362 (Cross-site scripting (XSS) vulnerability on Google Search Appliance (G ...)
	NOT-FOR-US: Google Search Appliance
CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global Co ...)
	NOT-FOR-US: IBM
CVE-2014-0360
	REJECTED
CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to exec ...)
	NOT-FOR-US: Xangati
CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11  ...)
	NOT-FOR-US: Xangati
CVE-2014-0357 (Amtelco miSecureMessages allows remote attackers to read the messages  ...)
	NOT-FOR-US: Amtelco miSecureMessages
CVE-2014-0356 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ. ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0355 (Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUS ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0354 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ. ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0353 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ. ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0352
	REJECTED
CVE-2014-0351 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 an ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2014-0350 (The Poco::Net::X509Certificate::verify method in the NetSSL library in ...)
	{DLA-1239-1}
	- poco 1.3.6p1-5 (low; bug #746637)
	[squeeze] - poco <no-dsa> (Minor issue)
CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote attacke ...)
	NOT-FOR-US: J2k-Codec
CVE-2014-0348 (The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workst ...)
	NOT-FOR-US: Artiva
CVE-2014-0347 (The Settings module in Websense Triton Unified Security Center 7.7.3 b ...)
	NOT-FOR-US: Websense Triton Unified Security Center
CVE-2014-0346
	REJECTED
CVE-2014-0345
	RESERVED
CVE-2014-0344 (Properties.do in ZOHO ManageEngine OpStor before build 8500 does not p ...)
	NOT-FOR-US: ZOHO ManageEngine OpStor
CVE-2014-0343 (The web interface on Virtual Access GW6110A routers with software 9.00 ...)
	NOT-FOR-US: GW6110A routers
CVE-2014-0342 (Multiple unrestricted file upload vulnerabilities in fileupload.php in ...)
	NOT-FOR-US: PivotX
CVE-2014-0341 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2 ...)
	NOT-FOR-US: PivotX
CVE-2014-0340
	RESERVED
CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before  ...)
	- webmin <removed>
CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall po ...)
	NOT-FOR-US: WatchGuard Fireware XTM
CVE-2014-0337 (Cross-site scripting (XSS) vulnerability in the web interface on Huawe ...)
	NOT-FOR-US: Huawei Echo Life HG8247
CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in S ...)
	NOT-FOR-US: Serena Dimensions CM
CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client  ...)
	NOT-FOR-US: Serena Dimensions CM
CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive deco ...)
	- libpng <not-affected> (Only affects libpng 1.6.0 through 1.6.9)
	- libpng1.6 1.6.10-1
CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...)
	NOT-FOR-US: Dell SonicWALL GMS
CVE-2014-0331 (Cross-site scripting (XSS) vulnerability in the web administration int ...)
	NOT-FOR-US: Fortinet NGFW
CVE-2014-0330 (Cross-site scripting (XSS) vulnerability in adminui/user_list.php on t ...)
	NOT-FOR-US: Dell KACE K1000 management appliance
CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded  ...)
	NOT-FOR-US: TELNET service on the ZTE ZXV10 W300 router
CVE-2014-0328 (The thraneLINK protocol implementation on Cobham devices does not veri ...)
	NOT-FOR-US: Cobham
CVE-2014-0327 (The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and  ...)
	NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on Iridium satellite terminals
CVE-2014-0326 (The Pilot Below Deck Equipment (BDE) and OpenPort implementations on I ...)
	NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on Iridium satellite terminals
CVE-2013-7041 (The pam_userdb module for Pam uses a case-insensitive method to compar ...)
	- pam 1.1.8-3.1 (low; bug #731368)
	[squeeze] - pam <no-dsa> (Minor issue)
	[wheezy] - pam <no-dsa> (Minor issue)
CVE-2013-7040 (Python 2.7 before 3.4 only uses the last eight bits of the prefix to r ...)
	- python2.5 <removed> (unimportant)
	- python2.6 <removed> (unimportant)
	- python2.7 <unfixed> (unimportant)
	- python3.1 <removed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python3.3 <removed> (unimportant)
	- python3.4 3.4.0-1 (unimportant)
	NOTE: upstream tagged this as wontfix for versions older than 3.4
CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check function in l ...)
	- libmicrohttpd 0.9.32-1 (low; bug #731933)
	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
	[squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
CVE-2013-7038 (The MHD_http_unescape function in libmicrohttpd before 0.9.32 might al ...)
	- libmicrohttpd 0.9.32-1 (low; bug #731933)
	[squeeze] - libmicrohttpd <no-dsa> (Minor issue)
	[wheezy] - libmicrohttpd <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039384
CVE-2013-7024 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpe ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
	NOTE: https://trac.ffmpeg.org/ticket/2921
	NOTE: Only present in libav trunk
CVE-2013-7023 (The ff_combine_frame function in libavcodec/parser.c in FFmpeg before  ...)
	- ffmpeg <not-affected> (max_alloc not present in old ffmpeg/libav)
	- libav <not-affected> (max_alloc not present in old ffmpeg/libav)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
	NOTE: https://trac.ffmpeg.org/ticket/2982
CVE-2013-7022 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
	NOTE: https://trac.ffmpeg.org/ticket/2971
	NOTE: Only present in libav trunk
CVE-2013-7021 (The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
	NOTE: https://trac.ffmpeg.org/ticket/2905
CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1  ...)
	{DSA-3027-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.4-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
	NOTE: https://trac.ffmpeg.org/ticket/2898
	NOTE: Only present in libav trunk
CVE-2013-7018 (libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
	NOTE: https://trac.ffmpeg.org/ticket/2895
	NOTE: Only present in libav trunk
CVE-2013-7017 (libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
	NOTE: Only present in libav trunk
CVE-2013-7016 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
	NOTE: https://trac.ffmpeg.org/ticket/2848
	NOTE: Only present in libav trunk
CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg be ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.11-1
	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
	NOTE: https://trac.ffmpeg.org/ticket/2844
CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in libavcodec/ ...)
	{DSA-2855-1}
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:9.11-1
	NOTE: https://trac.ffmpeg.org/ticket/2919
	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
	NOTE: https://trac.ffmpeg.org/ticket/2922
	NOTE: Only present in libav trunk
CVE-2013-7012 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1  ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
	NOTE: https://trac.ffmpeg.org/ticket/3080
	NOTE: Only present in libav trunk
CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1  ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Reproducer fails on libav 0.8.9 and 9.11)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
	NOTE: https://trac.ffmpeg.org/ticket/2906
CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg b ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.11-1
	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before  ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Not reproducible with 0.8.9)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
	NOTE: https://trac.ffmpeg.org/ticket/2850
CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Crash not reproducable, libav code is different)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
	NOTE: https://trac.ffmpeg.org/ticket/2927
CVE-2013-7002 (Cross-site scripting (XSS) vulnerability in mobile/php/translation/ind ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7001 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS &amp; MMS Gat ...)
	NOT-FOR-US: NowSMS
CVE-2013-7000 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS &amp; MMS Gat ...)
	NOT-FOR-US: NowSMS
CVE-2013-6999 (** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the k ...)
	NOT-FOR-US: Microsoft Windows Server 2008 SP2
CVE-2013-6998
	REJECTED
CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (O ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6996
	RESERVED
CVE-2013-6995
	REJECTED
CVE-2013-6994 (OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext ...)
	NOT-FOR-US: OpenText Exceed OnDemand
CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 ...)
	NOT-FOR-US: WordPress plugin Ad-minister
CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in askapache-firefox-a ...)
	NOT-FOR-US: WordPress plugin AskApache Firefox Adsense
CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plug ...)
	NOT-FOR-US: WordPress plugin WP-Cron Dashboard
CVE-2013-6990 (FortiGuard FortiAuthenticator before 3.0 allows remote administrators  ...)
	NOT-FOR-US: FortiGuard FortiAuthenticator
CVE-2013-6989
	RESERVED
CVE-2013-6988
	RESERVED
CVE-2013-6987 (Multiple directory traversal vulnerabilities in the FileBrowser compon ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...)
	NOT-FOR-US: ZippyYum
CVE-2013-6984
	RESERVED
CVE-2013-6983 (SQL injection vulnerability in the web interface in Cisco Unified Pres ...)
	NOT-FOR-US: Cisco Unified Presence Server
CVE-2013-6982 (The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not pro ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-6981 (Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a d ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-6980
	RESERVED
CVE-2013-6979 (The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 0 ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-6978 (The disaster recovery system (DRS) component in Cisco Unified Communic ...)
	NOT-FOR-US: Cisco
CVE-2013-6977
	RESERVED
CVE-2013-6976 (Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup  ...)
	NOT-FOR-US: Cisco
CVE-2013-6975 (Directory traversal vulnerability in the command-line interface in Cis ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-6974 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-6973 (Cisco WebEx Training Center allows remote attackers to discover regist ...)
	NOT-FOR-US: Cisco
CVE-2013-6972 (Cisco WebEx Training Center allows remote attackers to discover sessio ...)
	NOT-FOR-US: Cisco
CVE-2013-6971 (Open redirect vulnerability in Cisco WebEx Training Center allows remo ...)
	NOT-FOR-US: Cisco
CVE-2013-6970 (Cisco WebEx Meeting Center allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cisco
CVE-2013-6969 (The training-registration page in Cisco WebEx Training Center allows r ...)
	NOT-FOR-US: Cisco
CVE-2013-6968 (Cisco WebEx Training Center provides different error messages for regi ...)
	NOT-FOR-US: Cisco
CVE-2013-6967 (Open redirect vulnerability in the mobile-browser subsystem in Cisco W ...)
	NOT-FOR-US: Cisco
CVE-2013-6966 (Open redirect vulnerability in Cisco WebEx Training Center allows remo ...)
	NOT-FOR-US: Cisco
CVE-2013-6965 (The registration component in Cisco WebEx Training Center provides the ...)
	NOT-FOR-US: Cisco
CVE-2013-6964 (Cisco WebEx Meeting Center allows remote authenticated users to bypass ...)
	NOT-FOR-US: Cisco
CVE-2013-6963 (Cross-site scripting (XSS) vulnerability in the registration component ...)
	NOT-FOR-US: Cisco
CVE-2013-6962 (Cross-site scripting (XSS) vulnerability in the mobile-browser subsyst ...)
	NOT-FOR-US: Cisco
CVE-2013-6961 (Cross-site scripting (XSS) vulnerability in the Collaboration Partner  ...)
	NOT-FOR-US: Cisco
CVE-2013-6960 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Mee ...)
	NOT-FOR-US: Cisco
CVE-2013-6959 (Open redirect vulnerability in Cisco WebEx Sales Center allows remote  ...)
	NOT-FOR-US: Cisco
CVE-2013-6958 (Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the ...)
	NOT-FOR-US: Juniper NetScreen Firewall
CVE-2013-6957 (Cross-site scripting (XSS) vulnerability in the web administrative com ...)
	NOT-FOR-US: Juniper
CVE-2013-6956 (Cross-site scripting (XSS) vulnerability in the Secure Access Service  ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-6955 (webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 bef ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2013-6954 (The png_do_expand_palette function in libpng before 1.6.8 allows remot ...)
	{DSA-2923-1}
	- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561
	NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read use ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2013-6952 (The Belkin WeMo Home Automation firmware before 3949 has a hardcoded G ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6951 (The Belkin WeMo Home Automation firmware before 3949 does not maintain ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6950 (The Belkin WeMo Home Automation firmware before 3949 does not use SSL  ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6949 (The Belkin WeMo Home Automation firmware before 3949 does not properly ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6948 (The peerAddresses API in the Belkin WeMo Home Automation firmware befo ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6947
	RESERVED
CVE-2013-6946
	RESERVED
CVE-2013-6945 (The M2M Broker in OSEHRA VistA, as distributed before September 30, 20 ...)
	- vista <itp> (bug #541242)
CVE-2013-6944 (Cross-site scripting (XSS) vulnerability in the user interface in the  ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6943 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9. ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6942 (Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Ap ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6941 (Unspecified vulnerability in Citrix NetScaler Application Delivery Con ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6940 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9. ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6939 (Unspecified vulnerability in Citrix NetScaler Application Delivery Con ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6938 (Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9. ...)
	NOT-FOR-US: Citrix NetScaler SDX
CVE-2013-6937 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
	NOT-FOR-US: VideoCharge
CVE-2013-6936 (Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
	NOT-FOR-US: VideoCharge
CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
	- liblivemedia <not-affected> (incomplete patch never applied)
	- vlc <not-affected> (never built against liblivemedia with incomplete patch)
	- mplayer <not-affected> (never built against liblivemedia with incomplete patch)
	- mplayer2 <not-affected> (b-d's on liblivemedia but doesn't actually build the support for it)
CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
	{DSA-3156-1}
	- liblivemedia 2014.01.13-1
	[squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
	- vlc 2.1.4-1
	[wheezy] - vlc 2.0.3-5+deb7u2
	[squeeze] - vlc <not-affected> (not built against vuln. liblivemedia)
	- mplayer 2:1.1.1+svn37434-1 (low)
	[squeeze] - mplayer <no-dsa> (Minor issue)
	- mplayer2 <not-affected> (b-d's on liblivemedia but doesn't actually build the support for it)
	NOTE: vlc fixed by binNMU 2.1.2-2+b1, but since binNMUs are not visible to the security tracker, the subsequent sid upload is tracked
	NOTE: for wheezy the version present at release of DSA 3156 is used (2.0.3-5+deb7u2), although strictly speaking it's 2.0.3-5+deb7u2+b1
CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character d ...)
	NOT-FOR-US: IrfanView
CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6930 (SQL injection vulnerability in the page-navigation implementation in C ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allow ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6928
	RESERVED
CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...)
	NOT-FOR-US: Internet TRiLOGI Server
CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
	NOT-FOR-US: Siemens
CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
	NOT-FOR-US: Siemens
CVE-2013-6924 (Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow re ...)
	NOT-FOR-US: Seagate BlackArmor NAS devices
CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackAr ...)
	NOT-FOR-US: Seagate BlackArmor NAS 220 devices
CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Seag ...)
	NOT-FOR-US: Seagate BlackArmor NAS 220
CVE-2013-6921
	RESERVED
CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
CVE-2014-0325 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...)
	NOT-FOR-US: Microsoft Internet Explorer 10
CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0320
	REJECTED
CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...)
	NOT-FOR-US: Microsoft
CVE-2014-0318 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in  ...)
	NOT-FOR-US: Microsoft
CVE-2014-0316 (Memory leak in the Local RPC (LRPC) server implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2014-0315 (Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0310 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0307 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0296 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not im ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0294 (Microsoft Forefront Protection 2010 for Exchange Server does not prope ...)
	NOT-FOR-US: Microsoft Forefront Protection
CVE-2014-0293 (Microsoft Internet Explorer 9 through 11 allows remote attackers to re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0292
	REJECTED
CVE-2014-0291
	REJECTED
CVE-2014-0290 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0289 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0288 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0287 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0286 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0285 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0284 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0283 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0282 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0281 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0280 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0279 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0278 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0277 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0276 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0275 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0274 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0273 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0272 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0271 (The VBScript engine in Microsoft Internet Explorer 6 through 11, and V ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0270 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0269 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0268 (Microsoft Internet Explorer 8 through 11 does not properly restrict fi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0267 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0266 (The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Win ...)
	NOT-FOR-US: Microsoft
CVE-2014-0265
	REJECTED
CVE-2014-0264
	REJECTED
CVE-2014-0263 (The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-0261 (Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remo ...)
	NOT-FOR-US: Microsoft Dynamics
CVE-2014-0260 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-0259 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-0258 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, a ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-0257 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0256 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allo ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2014-0255 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and  ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, a ...)
	NOT-FOR-US: Microsoft
CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0252
	REJECTED
CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007  ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2014-0250 (Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allo ...)
	- freerdp 1.1.0~git20140809.1.b07a5c1+dfsg-1 (unimportant; bug #749585)
	NOTE: A malicious RDP server has many more ways to mess with an RDP client
CVE-2014-0249 (The System Security Services Daemon (SSSD) 1.11.6 does not properly id ...)
	- sssd 1.11.7-1 (low; bug #749569)
	[jessie] - sssd <no-dsa> (Minor issue)
	[squeeze] - sssd <no-dsa> (Minor issue)
	[wheezy] - sssd <no-dsa> (Minor issue)
CVE-2014-0248 (org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework ...)
	NOT-FOR-US: JBoss Seam
CVE-2014-0247 (LibreOffice 4.2.4 executes unspecified VBA macros automatically, which ...)
	- libreoffice 1:4.2.5-1
	[wheezy] - libreoffice <not-affected> (vulnerable code not present)
CVE-2014-0246 (SOSreport stores the md5 hash of the GRUB bootloader password in an ar ...)
	- sosreport <unfixed> (unimportant; bug #749568)
	NOTE: Non-issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1101393#c5
CVE-2014-0245 (It was found that the implementation of the GTNSubjectCreatingIntercep ...)
	NOT-FOR-US: GateIn
CVE-2014-0244 (The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x  ...)
	{DSA-2966-1}
	- samba 2:4.1.9+dfsg-1
	[squeeze] - samba <not-affected> (Only affects 3.6 and later)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2014-0244
CVE-2014-0243 (Check_MK through 1.2.5i2p1 allows local users to read arbitrary files  ...)
	- check-mk <not-affected> (Vulnerable code not present)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-21.txt
CVE-2014-0242 (mod_wsgi module before 3.4 for Apache, when used in embedded mode, mig ...)
	{DSA-2937-1}
	- mod-wsgi 3.4-3
	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/b0a149c1f5e569932325972e2e20176a42e43517
CVE-2014-0241 (rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml ...)
	NOT-FOR-US: hammer_cli_foreman ruby gem
CVE-2014-0240 (The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled ...)
	{DSA-2937-1}
	- mod-wsgi 3.5-1 (bug #748910)
	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4
	NOTE: only when running with linux >= 2.6.0 and < 3.1.0
CVE-2014-0239 (The internal DNS server in Samba 4.x before 4.0.18 does not check the  ...)
	- samba 2:4.1.8+dfsg-1 (bug #749845)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	[squeeze] - samba <not-affected> (AD feature not present)
	[wheezy] - samba <not-affected> (AD feature not present)
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
CVE-2014-0238 (The cdf_read_property_info function in cdf.c in the Fileinfo component ...)
	{DSA-3021-1 DSA-2943-1 DLA-145-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
	- php5 5.6.0~beta4+dfsg-1 (low)
	NOTE: https://bugs.php.net/bug.php?id=67327
CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ...)
	{DSA-3021-1 DSA-2943-1 DLA-145-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
	- php5 5.6.0~beta4+dfsg-1 (low)
	NOTE: https://bugs.php.net/bug.php?id=67328
CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before 5.6. ...)
	- file 1:5.19-1
	[wheezy] - file <not-affected> (Introduced in 5.18)
	[squeeze] - file <not-affected> (Introduced in 5.18)
	- php5 5.6.0~beta4+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=67329
CVE-2014-0235
	REJECTED
CVE-2014-0234 (The default configuration of broker.conf in Red Hat OpenShift Enterpri ...)
	NOT-FOR-US: OpenShift
CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow re ...)
	NOT-FOR-US: OpenShift
CVE-2014-0232 (Multiple cross-site scripting (XSS) vulnerabilities in framework/commo ...)
	NOT-FOR-US: Apache OFBiz
CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not h ...)
	{DSA-2989-1 DLA-66-1}
	- apache2 2.4.10-1
CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0 ...)
	{DSA-3530-1 DLA-232-1}
	- tomcat6 6.0.41-3 (bug #785316)
	- tomcat7 7.0.55-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	- tomcat8 8.0.9-1
	NOTE: tomcat6 in jessie only builds the servlet API classes
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x)
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1659537 (6.x)
CVE-2014-0229 (Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in C ...)
	NOT-FOR-US: Hadoop as packaged by Cloudera
CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization m ...)
	NOT-FOR-US: Apache Hive
CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apach ...)
	{DSA-3530-1 DLA-232-1}
	- tomcat6 6.0.41-3 (bug #785312)
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
	NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
	- tomcat7 7.0.55-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x)
	- tomcat8 8.0.9-1
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x)
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601332 (8.x)
CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server befo ...)
	{DSA-2989-1 DLA-66-1}
	- apache2 2.4.10-1
CVE-2014-0225 (When processing user provided XML documents, the Spring Framework 4.0. ...)
	- libspring-java 3.0.6.RELEASE-14 (low; bug #753470)
	[squeeze] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h d ...)
	{DSA-2950-1 DLA-0008-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-6 (bug #742730)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-6 (bug #742730)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL before ...)
	{DSA-2950-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authe ...)
	NOT-FOR-US: Cloudera Manager
CVE-2014-0219 (Apache Karaf before 4.0.10 enables a shutdown port on the loopback int ...)
	- apache-karaf <itp> (bug #881297)
CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader reposit ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
CVE-2014-0217 (enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the mo ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126
CVE-2014-0216 (The My Home implementation in the block_html_pluginfile function in bl ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
CVE-2014-0215 (The blind-marking implementation in Moodle through 2.3.11, 2.4.x befor ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750
CVE-2014-0214 (login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x b ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119
CVE-2014-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assi ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
CVE-2014-0212 (qpid-cpp: ACL policies only loaded if the acl-file option specified en ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
	NOTE: Upstream issue: https://issues.apache.org/jira/browse/QPID-4938
	NOTE: Commit which does no longer build acl support only as plugin: https://svn.apache.org/viewvc?view=revision&revision=r1494697
CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyph ...)
	{DSA-2927-1}
	- libxfont 1:1.4.7-2 (unimportant)
	NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1
CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x be ...)
	{DSA-2927-1}
	- libxfont 1:1.4.7-2 (unimportant)
	NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1
CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlia ...)
	{DSA-2927-1}
	- libxfont 1:1.4.7-2
CVE-2014-0208 (Cross-site scripting (XSS) vulnerability in the search auto-completion ...)
	- foreman <itp> (bug #663101)
CVE-2014-0207 (The cdf_read_short_sector function in cdf.c in file before 5.19, as us ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
	- php5 5.6.0~beta4+dfsg-1
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: https://bugs.php.net/bug.php?id=67326
CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in  ...)
	- linux 3.14.10-1
	[wheezy] - linux <not-affected> (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797)
	- linux-2.6 <not-affected> (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797)
	NOTE: Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797 (v3.10)
	NOTE: Upstream patches: https://lkml.org/lkml/2014/6/24/619 https://lkml.org/lkml/2014/6/24/623
CVE-2014-0205 (The futex_wait function in kernel/futex.c in the Linux kernel before 2 ...)
	- linux 2.6.37
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 2.6.32-28
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704 (v2.6.37)
	NOTE: https://lkml.org/lkml/2010/9/16/99
	NOTE: Introduced in f801073f87aa2 (around 2.6.31) according to SuSE Bugzilla
CVE-2014-0204 (OpenStack Identity (Keystone) before 2014.1.1 does not properly handle ...)
	- keystone 2014.1-5 (bug #749026)
	[wheezy] - keystone <not-affected>
CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before ...)
	{DLA-0015-1}
	- linux 2.6.33-1
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=86acdca1b63e6890540fa19495cfc708beff3d8b (v2.6.33)
CVE-2014-0202 (The setup script in ovirt-engine-dwh, as used in the Red Hat Enterpris ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0201 (ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0200 (The Red Hat Enterprise Virtualization Manager reports (rhevm-reports)  ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0199 (The setup script in ovirt-engine-reports, as used in the Red Hat Enter ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0198 (The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,  ...)
	{DSA-2931-1}
	- openssl 1.0.1g-4 (bug #747432)
	[squeeze] - openssl <not-affected> (vulnerable code not present)
	NOTE: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
CVE-2014-0197 (CFME: CSRF protection vulnerability via permissive check of the referr ...)
	NOT-FOR-US: CloudForms Management Engine
CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel th ...)
	{DSA-2928-1 DSA-2926-1}
	- linux 3.14.4-1 (bug #747166)
	- linux-2.6 <removed>
	NOTE: PoC: http://pastebin.com/yTSFUBgZ
CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before  ...)
	{DSA-2950-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0194
	REJECTED
CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...)
	{DLA-2110-1}
	- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
	- netty-3.9 3.9.9.Final-1
	NOTE: https://github.com/netty/netty/commit/48edb7802b42b0e2eb5a55d8eca390e0c9066783
CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to provis ...)
	- foreman <itp> (bug #663101)
CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before  ...)
	{DSA-2978-2 DLA-151-1}
	- libxml2 2.9.1+dfsg1-4 (bug #747309)
	NOTE: The upstream patch we used in DSA-2978-1 and DLA-16-1 is only half of the fix. The other half is likely https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f which is only in libxml 2.9 and newer. This was found out with the test case given in https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-8935085.
	NOTE: First patches: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825
CVE-2014-0190 (The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to c ...)
	- qt4-x11 4:4.8.6+dfsg-1 (low)
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://qt.gitorious.org/qt/qtbase/commit/eb1325047f2697d24e93ebaf924900affc876bc1
	NOTE: Possible squeeze backport in http://lists.debian.org/54ca4d0c.4696420a.0f32.4d29@mx.google.com
CVE-2014-0189 (virt-who uses world-readable permissions for /etc/sysconfig/virt-who,  ...)
	NOT-FOR-US: RedHat virt-who
CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2 ...)
	NOT-FOR-US: OpenShift
CVE-2014-0187 (The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013. ...)
	- neutron 2014.1.2-1
	NOTE: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff;h=68a24e5f908412b83ca7c3f2d2d2014678e79570
	NOTE: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff;h=42a8539d497322716df0150c2123befd246d69d8
CVE-2014-0186 (A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Li ...)
	- tomcat7 <not-affected> (RHEL-specific regression)
CVE-2014-0185 (sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP be ...)
	{DSA-2943-1}
	- php5 5.5.12+dfsg-1
	[squeeze] - php5 <not-affected> (FPM SAPI only enabled in 5.3.5-1)
	NOTE: https://bugs.php.net/bug.php?id=67060
CVE-2014-0184 (Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs th ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0183 (Versions of Katello as shipped with Red Hat Subscription Asset Manager ...)
	NOT-FOR-US: Katello
CVE-2014-0182 (Heap-based buffer overflow in the virtio_load function in hw/virtio/vi ...)
	- qemu 2.1+dfsg-1 (bug #739589)
	- qemu-kvm <removed>
	[wheezy] - qemu <no-dsa> (Too intrusive to backport, minor risk)
	[wheezy] - qemu-kvm <no-dsa> (Too intrusive to backport, minor risk)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fix: http://git.qemu.org/?p=qemu.git;a=commit;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc
	NOTE: Regression fix needed: http://git.qemu.org/?p=qemu.git;a=commit;h=2f5732e9648fcddc8759a8fd25c0b41a38352be6
CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...)
	- linux 3.14.9-1 (bug #746738)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport to 2.6.32)
	[wheezy] - linux <no-dsa> (Too intrusive to backport to 3.2)
CVE-2014-0180 (The wait_for_task function in app/controllers/application_controller.r ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0179 (libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...)
	{DSA-3038-1}
	- libvirt 1.2.4-1 (unimportant)
	NOTE: no ACL mechanism in squeeze and wheezy and all access is root-equivalent
	NOTE: LSN-2014-0003: https://www.redhat.com/archives/libvir-list/2014-May/msg00209.html
CVE-2014-0178 (Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1. ...)
	{DSA-2966-1}
	- samba 2:4.1.8+dfsg-1 (low)
	[squeeze] - samba <not-affected> (Vulnerable code not present)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: server packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
CVE-2014-0177 (The am function in lib/hub/commands.rb in hub before 1.12.1 allows loc ...)
	NOT-FOR-US: Github client
CVE-2014-0176 (Cross-site scripting (XSS) vulnerability in application/panel_control  ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0175 (mcollective has a default password set at install ...)
	- mcollective <unfixed> (unimportant)
	NOTE: Password rotation is documented in README.Debian
CVE-2014-0174 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG  ...)
	NOT-FOR-US: Cumin
CVE-2014-0173 (The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x  ...)
	NOT-FOR-US: WordPress plugin Jetpack
CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf.c in ...)
	- elfutils 0.158-1 (low; bug #744017)
	[squeeze] - elfutils <not-affected> (Affected code introduced in 0.153)
	[wheezy] - elfutils <not-affected> (Affected code introduced in 0.153)
CVE-2014-0171 (XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in  ...)
	NOT-FOR-US: Odata4j
CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualizatio ...)
	NOT-FOR-US: Teiid
CVE-2014-0169 (In JBoss EAP 6 a security domain is configured to use a cache that is  ...)
	NOT-FOR-US: JBoss EAP
CVE-2014-0168 (Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2. ...)
	NOT-FOR-US: Jolokia
CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack Compute (N ...)
	- nova 2013.2.3-1 (bug #744051)
	[wheezy] - nova <not-affected> (Only affects 2013.1 to 2013.2.3)
CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in W ...)
	{DSA-2901-1}
	- wordpress 3.8.2+dfsg-1 (bug #744018)
CVE-2014-0165 (WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authentica ...)
	{DSA-2901-1}
	- wordpress 3.8.2+dfsg-1 (bug #744018)
CVE-2014-0164 (openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise  ...)
	- mcollective 1.2.1+dfsg-2
CVE-2014-0163 (Openshift has shell command injection flaws due to unsanitized data be ...)
	NOT-FOR-US: OpenShift
CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service  ...)
	- glance 2014.1-1
	[wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3)
CVE-2014-0161 (ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify tha ...)
	NOT-FOR-US: ovirt-engine-sdk-python
CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1 ...)
	{DSA-2896-1}
	- openssl 1.0.1g-1 (bug #743883)
	[squeeze] - openssl <not-affected> (vulnerable code introduced in upstream commit 4817504)
	NOTE: fix: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
	NOTE: http://www.openssl.org/news/secadv/20140407.txt
	NOTE: system reboot is recommended after the upgrade
CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call (RPC) in  ...)
	{DSA-2899-1}
	- openafs 1.6.7-1
CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration  ...)
	- horizon 2013.2.3-1 (bug #744019)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
CVE-2014-0156
	RESERVED
CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel t ...)
	- linux 3.14.4-1 (low)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60
CVE-2014-0154 (oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set- ...)
	NOT-FOR-US: oVirt web admin interface
CVE-2014-0153 (The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 lo ...)
	NOT-FOR-US: oVirt REST API
CVE-2014-0152 (Session fixation vulnerability in the web admin interface in oVirt 3.4 ...)
	NOT-FOR-US: oVirt web admin interface
CVE-2014-0151 (Cross-site request forgery (CSRF) vulnerability in oVirt Engine before ...)
	NOT-FOR-US: ovirt
CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virti ...)
	{DSA-2910-1 DSA-2909-1}
	- qemu 1.7.0+dfsg-8 (bug #744221)
	- qemu-kvm <removed>
CVE-2014-0149 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss W ...)
	NOT-FOR-US: JBoss Seam
CVE-2014-0148 (Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to  ...)
	- qemu 2.0.0+dfsg-1 (bug #742730)
	[squeeze] - qemu <not-affected> (vhdx support introduced in 1.5)
	[wheezy] - qemu <not-affected> (vhdx support introduced in 1.5)
	- qemu-kvm <not-affected> (vhdx support introduced in 1.5)
CVE-2014-0147 (Qemu before 1.6.2 block diver for the various disk image formats used  ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0146 (The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 an ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9
CVE-2014-0145 (Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, a ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0144 (QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0143 (Multiple integer overflows in the block drivers in QEMU, possibly befo ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0142 (QEMU, possibly before 2.0.0, allows local users to cause a denial of s ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0141 (Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-0140 (Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remo ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-0139 (cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qso ...)
	{DSA-2902-1}
	- curl 7.36.0-1 (bug #742728)
	NOTE: http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
CVE-2014-0138 (The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re- ...)
	{DSA-2902-1}
	- curl 7.36.0-1 (bug #742728)
	NOTE: http://curl.haxx.se/libcurl-bad-reuse.patch
CVE-2014-0137 (SQL injection vulnerability in the saved_report_delete action in the R ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0136 (The (1) get and (2) log methods in the AgentController in Red Hat Clou ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0135 (Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses wo ...)
	NOT-FOR-US: Kafo
	NOTE: Might be packaged after foreman (ITP bug #663101)
CVE-2014-0134 (The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 201 ...)
	- nova 2013.2.2-4 (bug #742712)
	[wheezy] - nova <not-affected> (Introduced in Grizzly)
	NOTE: https://launchpad.net/bugs/1221190
CVE-2014-0133 (Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15  ...)
	- nginx 1.4.7-1 (unimportant; bug #742059)
	[wheezy] - nginx <not-affected> (Vulnerable code not present)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: ngx_http_spdy_module introduced in 1.3.15
	NOTE: Debian compiles with --with-http_spdy_module, but also with --with-debug
CVE-2014-0132 (The SASL authentication functionality in 389 Directory Server before 1 ...)
	- 389-ds-base 1.3.2.9-1.1 (bug #741600)
CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in net/core/s ...)
	- linux 3.13.6-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Introduced in 3.1)
	NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2
CVE-2014-0130 (Directory traversal vulnerability in actionpack/lib/abstract_controlle ...)
	{DSA-2929-1}
	- ruby-actionpack-2.3 <not-affected> (Vulnerable code not present)
	- ruby-actionpack-3.2 <removed> (bug #747382)
	- rails-3.2 3.2.18-1 (bug #747382)
	- rails-4.0 <removed> (bug #747380)
CVE-2014-0129 (badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6. ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
CVE-2014-0128 (Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled ...)
	- squid <not-affected> (All Squid-3.0 and older versions not vulnerable)
	- squid3 3.4.8-1 (unimportant; bug #741312)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
	NOTE: only affects package rebuilds with --enable-ssl by users
CVE-2014-0127 (The time-validation implementation in (1) mod/feedback/complete.php an ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
CVE-2014-0126 (Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
CVE-2014-0125 (repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4 ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409
CVE-2014-0124 (The identity-reporting implementations in mod/forum/renderer.php and m ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
CVE-2014-0123 (The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
	NOTE: squeeze version unaffected due to lack of fine-grained access control?
CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2 ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
CVE-2014-0121 (The admin terminal in Hawt.io does not require authentication, which a ...)
	NOT-FOR-US: hawtio-karaf-terminal
CVE-2014-0120 (Cross-site request forgery (CSRF) vulnerability in the admin terminal  ...)
	NOT-FOR-US: hawtio-karaf-terminal
CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ...)
	{DSA-3530-1}
	- tomcat8 8.0.8-1
	- tomcat7 7.0.54-1
	- tomcat6 6.0.41-1
	[wheezy] - tomcat7 7.0.28-4+deb7u4
CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate mod ...)
	{DSA-2989-1 DLA-66-1}
	- apache2 2.4.10-1
CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, wh ...)
	- apache2 2.4.10-1
	[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
	[wheezy] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
CVE-2014-0116 (CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard  ...)
	- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
CVE-2014-0115 (Directory traversal vulnerability in the log viewer in Apache Storm 0. ...)
	NOT-FOR-US: Apache Storm
CVE-2014-0114 (Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8. ...)
	{DSA-2940-1 DLA-57-1}
	- libstruts1.2-java 1.2.9-9 (bug #745897)
	NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
	- commons-beanutils 1.9.2-1 (low)
	[wheezy] - commons-beanutils <no-dsa> (Too intrusive to backport; might break existing apps)
	[squeeze] - commons-beanutils <no-dsa> (Too intrusive to backport; might break existing apps)
	NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cook ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
	NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.20 does not properly ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
	NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote ...)
	NOT-FOR-US: Apache Syncope
CVE-2014-0110 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attacke ...)
	NOT-FOR-US: Apache CXF
CVE-2014-0109 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attacke ...)
	NOT-FOR-US: Apache CXF
CVE-2014-0108
	REJECTED
CVE-2014-0107 (The TransformerFactory in Apache Xalan-Java before 2.7.2 does not prop ...)
	{DSA-2886-1}
	- libxalan2-java 2.7.1-9 (bug #742577)
	NOTE: https://issues.apache.org/jira/browse/XALANJ-2435
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1581058
CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...)
	{DLA-160-1}
	- sudo 1.8.5p2-1 (low)
	[squeeze] - sudo <no-dsa> (environment sanitising is enabled by default and turning it off in insecure anyway)
	NOTE: http://www.sudo.ws/sudo/alerts/env_add.html
CVE-2014-0105 (The auth_token middleware in the OpenStack Python client library for K ...)
	- python-keystoneclient 1:0.6.0-4 (low; bug #742898)
	[wheezy] - python-keystoneclient <not-affected> (Vulnerable code yet in src:keystone)
	- keystone 2013.1.1-2
	[wheezy] - keystone <no-dsa> (Minor issue)
	NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient
CVE-2014-0104 (In fence-agents before 4.0.17 does not verify remote SSL certificates  ...)
	- fence-agents 4.0.17-1 (low; bug #764801)
	[jessie] - fence-agents <no-dsa> (Minor issue)
	[wheezy] - fence-agents <no-dsa> (Minor issue)
CVE-2014-0103 (WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credent ...)
	- zarafa <itp> (bug #658433)
CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyring.c  ...)
	- linux 3.13.6-1
	[wheezy] - linux <not-affected> (Introduced in v3.13)
	- linux-2.6 <not-affected> (Introduced in v3.13)
	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
	NOTE: patch: http://www.kernelhub.org/?msg=425013&p=2
CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linu ...)
	{DSA-2906-1}
	- linux 3.13.6-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e
	NOTE: http://patchwork.ozlabs.org/patch/325898/
CVE-2014-0100 (Race condition in the inet_frag_intern function in net/ipv4/inet_fragm ...)
	- linux 3.13.6-1
	[wheezy] - linux <not-affected> (Introduced in v3.9)
	- linux-2.6 <not-affected> (Introduced in v3.9)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ef0eb0db4bf92c6d2510fe5c4dc51852746f206
	NOTE: http://patchwork.ozlabs.org/patch/325844/
CVE-2014-0099 (Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ...)
	{DSA-3530-1}
	- tomcat8 8.0.5-1
	- tomcat7 7.0.53-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	- tomcat6 6.0.41-1
	NOTE: http://svn.apache.org/r1578814
CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config modu ...)
	- apache2 2.4.9-1
	[squeeze] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: Looks like it was introduced in 2.2.23 which would mean that squeeze+wheezy are not affected. sf: waiting for confirmation.
CVE-2014-0097 (The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 ...)
	- libspring-java <not-affected> (ActiveDirectoryLdapAuthenticator not yet present, introduced in 3.1)
CVE-2014-0096 (java/org/apache/catalina/servlets/DefaultServlet.java in the default s ...)
	{DSA-3530-1}
	- tomcat8 8.0.5-1
	- tomcat7 7.0.53-1
	- tomcat6 6.0.41-1
	[wheezy] - tomcat7 7.0.28-4+deb7u4
CVE-2014-0095 (java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat  ...)
	- tomcat8 8.0.5-1
CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remo ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
CVE-2014-0093 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when usin ...)
	NOT-FOR-US: JBoss EAP
CVE-2014-0092 (lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...)
	{DSA-2869-1}
	- gnutls26 2.12.23-13
	- gnutls28 3.2.11-2
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2014-2
CVE-2014-0091 (Foreman has improper input validation which could lead to partial Deni ...)
	- foreman <itp> (bug #663101)
CVE-2014-0090 (Session fixation vulnerability in Foreman before 1.4.2 allows remote a ...)
	- foreman <itp> (bug #663101)
CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in app/views/common/500.html. ...)
	- foreman <itp> (bug #663101)
CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx 1. ...)
	- nginx <not-affected> (Only affects 1.5.10)
CVE-2014-0087 (The check_privileges method in vmdb/app/controllers/application_contro ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFa ...)
	NOT-FOR-US: RichFaces
	NOTE: https://github.com/richfaces/richfaces/commit/4115c103f74e7cb0af6d392e22866e52db2bc4e7
	NOTE: https://issues.jboss.org/browse/RF-13250
CVE-2014-0085 (JBoss Fuse did not enable encrypted passwords by default in its usage  ...)
	NOT-FOR-US: Fuse Fabric
CVE-2014-0084 (Ruby gem openshift-origin-node before 2014-02-14 does not contain a cr ...)
	NOT-FOR-US: rubygem-openshift-origin-node
CVE-2014-0083 (The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSH ...)
	- ruby-net-ldap <not-affected> (SSHA support not present)
	NOTE: SSHA support only from version v0.5.0, see #742706
CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on  ...)
	{DSA-2929-1}
	- rails-4.0 <not-affected> (only 3.2.x and earlier)
	- rails-3.2 3.2.17-1
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- rails 2.3.14.1
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ...)
	{DSA-2929-1}
	- rails-4.0 <removed>
	- rails-3.2 3.2.17-1
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- rails 2.3.14.1
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0080 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...)
	- rails-4.0 <removed>
	- ruby-activerecord-3.2 <not-affected> (affects only rails 4.0.x)
	- ruby-activerecord-2.3 <not-affected> (affects only rails 4.0.x)
	- rails <not-affected> (affects only rails 4.0.x)
CVE-2014-0079 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in  ...)
	NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0078 (The CatalogController in Red Hat CloudForms Management Engine (CFME) b ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0077 (drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...)
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
	NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does no ...)
	{DSA-2908-1 DLA-0003-1}
	- openssl 1.0.1g-1 (low; bug #742923)
	[squeeze] - openssl 0.9.8o-4squeeze15
	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c
CVE-2014-0075 (Integer overflow in the parseChunkHeader function in java/org/apache/c ...)
	{DSA-3530-1}
	- tomcat8 8.0.5-1
	- tomcat7 7.0.53-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	- tomcat6 6.0.41-1
CVE-2014-0074 (Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ...)
	- shiro 1.2.3-1
CVE-2014-0073 (The CDVInAppBrowser class in the Apache Cordova In-App-Browser standal ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-0072 (ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone p ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-0071 (PackStack in Red Hat OpenStack 4.0 does not enforce the default securi ...)
	- neutron 2014.1-1
CVE-2014-0070
	REJECTED
CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel th ...)
	- linux 3.13.6-1 (bug #741958)
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Only affects 2.6.38 and later)
	NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401
	NOTE: upstream fix 5d81de8e8667da7135d3a32a964087c0faf5483f included in v3.14-rc4
CVE-2014-0068
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2014-0067 (The "make check" command for the test suites in PostgreSQL 9.3.3 and e ...)
	{DSA-2865-1 DSA-2864-1 DLA-0019-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0066 (The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16 ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0065 (Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9. ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0064 (Multiple integer overflows in the path_in and other unspecified functi ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0063 (Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0 ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0062 (Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0061 (The validator functions for the procedural languages (PLs) in PostgreS ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.12-1 (low)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 8.4.20-0wheezy1
	- postgresql-9.3 9.3.3-1
	- postgresql-plsh 1.20140221-1
	[wheezy] - postgresql-plsh <no-dsa> (Minor issue)
	[squeeze] - postgresql-plsh <no-dsa> (Minor issue)
CVE-2014-0060 (PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9. ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0059 (JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Applicatio ...)
	NOT-FOR-US: JBossSX
CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise Applicati ...)
	NOT-FOR-US: JBoss EAP
CVE-2014-0057 (The x_button method in the ServiceController (vmdb/app/controllers/ser ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0056 (The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not chec ...)
	- neutron 2013.2.2-4 (bug #742800)
CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsy ...)
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
	NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
CVE-2014-0054 (The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Frame ...)
	{DSA-2890-1}
	- libspring-java 3.0.6.RELEASE-13 (bug #741604)
CVE-2014-0053 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 f ...)
	- grails <itp> (bug #473213)
CVE-2014-0052
	REJECTED
CVE-2014-0051
	REJECTED
CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as use ...)
	{DSA-2897-1 DSA-2856-1}
	- libcommons-fileupload-java 1.3.1-1
	- tomcat7 7.0.52-1
	- tomcat6 <not-affected> (access to Manager application limited to authenticated administrators)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1565169
	NOTE: CVE might be splitted
CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm ...)
	- linux 3.13.6-1
	[wheezy] - linux <not-affected> (Introduced in 3.5)
	- linux-2.6 <not-affected> (Introduced in 3.5)
	NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b
CVE-2014-0048 (An issue was found in Docker before 1.6.0. Some programs and scripts i ...)
	- docker.io 1.6.0+dfsg1-1
	NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact via ve ...)
	- docker.io 1.6.0+dfsg1-1
	NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in Embe ...)
	NOT-FOR-US: ember.js
CVE-2014-0045 (The needSamples method in AudioOutputSpeech.cpp in the client in Mumbl ...)
	{DSA-2854-1}
	- mumble 1.2.4-0.2 (bug #737739)
	[squeeze] - mumble <not-affected> (Opus support not present)
CVE-2014-0044 (The opus_packet_get_samples_per_frame function in client in Mumble 1.2 ...)
	{DSA-2854-1}
	- mumble 1.2.4-0.2 (bug #737739)
	[squeeze] - mumble <not-affected> (Opus support not present)
CVE-2014-0043 (In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls ...)
	NOT-FOR-US: Apache Wicket
CVE-2014-0042 (OpenStack Heat Templates (heat-templates), as used in Red Hat Enterpri ...)
	NOT-FOR-US: openstack-heat-templates
CVE-2014-0041 (OpenStack Heat Templates (heat-templates), as used in Red Hat Enterpri ...)
	NOT-FOR-US: openstack-heat-templates
CVE-2014-0040 (OpenStack Heat Templates (heat-templates), as used in Red Hat Enterpri ...)
	NOT-FOR-US: openstack-heat-templates
CVE-2014-0039 (Untrusted search path vulnerability in fwsnort before 1.6.4, when not  ...)
	- fwsnort 1.6.4-1 (low; bug #737495)
	[wheezy] - fwsnort <no-dsa> (Minor issue)
	[squeeze] - fwsnort <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel b ...)
	- linux 3.13.4-1 (unimportant)
	[wheezy] - linux <not-affected> (Introduced in 3.4+)
	- linux-2.6 <not-affected> (Introduced in 3.4+)
	NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
	NOTE: Debian does not enable CONFIG_X86_X32, see #708070
CVE-2014-0037 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in  ...)
	NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with S ...)
	NOT-FOR-US: rbovirt
CVE-2014-0035 (The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7. ...)
	NOT-FOR-US: Apache CFX
CVE-2014-0034 (The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x b ...)
	NOT-FOR-US: Apache CFX
CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0. ...)
	{DSA-3530-1 DLA-91-1}
	- tomcat6 6.0.39
CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apac ...)
	{DLA-207-1}
	- subversion 1.8.8-1 (low; bug #737815)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u5
CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache Clou ...)
	NOT-FOR-US: Apache CloudStack
CVE-2014-0030 (The XML-RPC protocol support in Apache Roller before 5.0.3 allows atta ...)
	NOT-FOR-US: Apache Roller
CVE-2014-0029 (Multiple cross-site scripting (XSS) vulnerabilities in the SAM web app ...)
	NOT-FOR-US: Katello
CVE-2014-0028 (libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypa ...)
	- libvirt 1.2.1-1
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
	NOTE: https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html
CVE-2014-0027 (The play_wave_from_socket function in audio/auserver.c in Flite 1.4 al ...)
	- flite 1.4-release-8 (low; bug #734746)
	[wheezy] - flite <no-dsa> (Minor issue)
	[squeeze] - flite <no-dsa> (Minor issue)
CVE-2014-0026 (katello-headpin is vulnerable to CSRF in REST API ...)
	NOT-FOR-US: Katello
CVE-2014-0025
	REJECTED
CVE-2014-0024
	RESERVED
CVE-2014-0023 (OpenShift: Install script has temporary file creation vulnerability wh ...)
	NOT-FOR-US: OpenShift
CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and e ...)
	NOT-FOR-US: yum cron
CVE-2014-0021 (Chrony before 1.29.1 has traffic amplification in cmdmon protocol ...)
	- chrony 1.29.1-1 (low; bug #737644)
	[squeeze] - chrony <no-dsa> (Minor issue)
	[wheezy] - chrony <no-dsa> (Minor issue)
CVE-2014-0020 (The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not  ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0 ...)
	- socat 1.7.2.3-1 (low; bug #736993)
	[squeeze] - socat <no-dsa> (Minor issue)
	[wheezy] - socat <no-dsa> (Minor issue)
CVE-2014-0018 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss  ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2014-0017 (The RAND_bytes function in libssh before 0.6.3, when forking is enable ...)
	{DSA-2879-1}
	- libssh 0.5.4-3
	NOTE: http://git.libssh.org/projects/libssh.git/commit/?id=e99246246b4061f7e71463f8806b9dcad65affa0
CVE-2014-0016 (stunnel before 5.00, when using fork threading, does not properly upda ...)
	- stunnel4 <not-affected> (Debian package compiled with --with-threads=pthread)
CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one authenticat ...)
	{DSA-2849-1}
	- curl 7.35.0-1
CVE-2014-0014 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1 ...)
	NOT-FOR-US: Ember.js
CVE-2014-0013 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1 ...)
	NOT-FOR-US: Ember.js
CVE-2014-0012 (FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create tempo ...)
	- jinja2 2.7.2-2 (bug #734956)
	[squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
	[wheezy] - jinja2 <not-affected> (introduced by fix in 2.7.2)
	NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
CVE-2014-0011 (Multiple heap-based buffer overflows in the ZRLE_DECODE function in co ...)
	- tigervnc <not-affected> (Fixed before initial release in Debian)
	- vnc4 4.1.1+X4.3.0+t-1 (unimportant)
	NOTE: may affect related *VNC implementations if built with NDEBUG
	NOTE: e.g. vnc4 seems to have similar code in common/rfb/zrleDecode.h
	NOTE: starting with 4.1.1+X4.3.0+t-1 it's a transitional package
CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/pro ...)
	- moodle 2.5.4-1
	[squeeze] - moodle <not-affected> (Code correctly checks session key)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
CVE-2014-0009 (course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4. ...)
	- moodle 2.5.4-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
CVE-2014-0008 (lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x b ...)
	- moodle 2.5.4-1 (low)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
CVE-2014-0007 (The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows  ...)
	- foreman <itp> (bug #663101)
CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 throu ...)
	- swift 1.11.0-2 (low; bug #735582)
	[wheezy] - swift <no-dsa> (Minor issue)
CVE-2014-0005 (PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application ...)
	NOT-FOR-US: PicketBox/JBossSX
CVE-2014-0004 (Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1. ...)
	{DSA-2872-1}
	- udisks2 2.1.3-1
	- udisks 1.0.5-1
CVE-2014-0003 (The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before ...)
	NOT-FOR-US: Apache Camel
CVE-2014-0002 (The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.1 ...)
	NOT-FOR-US: Apache Camel
CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before  ...)
	{DSA-2919-1 DLA-75-1}
	- mysql-5.1 <removed> (low)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
	- mysql-5.5 5.5.37-1 (low; bug #737596)
	- mariadb-5.5 5.5.35-1 (low; bug #737597)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1054592
	NOTE: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth W ...)
	NOT-FOR-US: Enorth Webpublisher CMS
CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not re ...)
	NOT-FOR-US: Siemens
CVE-2013-6919 (The default configuration of phpThumb before 1.7.12 has a false value  ...)
	NOT-FOR-US: phpThumb
CVE-2013-6917
	RESERVED
CVE-2013-6916 (Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6915 (Cross-site scripting (XSS) vulnerability in the system-administration  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6914 (Cross-site scripting (XSS) vulnerability in a calendar component in Cy ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6913 (Cross-site scripting (XSS) vulnerability in a search component in Cybo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6912 (Cross-site scripting (XSS) vulnerability in a calendar component in Cy ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6911 (Cross-site scripting (XSS) vulnerability in the bulletin-board compone ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6910 (Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6909 (Cross-site scripting (XSS) vulnerability in a report component in Cybo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6908 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6907 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6906 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6905 (Cross-site scripting (XSS) vulnerability in a phone component in Cyboz ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6904 (Cross-site scripting (XSS) vulnerability in a note component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6903 (Cross-site scripting (XSS) vulnerability in a schedule component in Cy ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6902 (Cross-site scripting (XSS) vulnerability in the Space function in Cybo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6901 (Cross-site scripting (XSS) vulnerability in the Space function in Cybo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6900 (Cross-site scripting (XSS) vulnerability in the system-administration  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6918 (The web interface on the Satechi travel router 1.5, when Wi-Fi is used ...)
	NOT-FOR-US: Satechi travel router
CVE-2013-6899
	RESERVED
CVE-2013-6898
	RESERVED
CVE-2013-6897
	RESERVED
CVE-2013-6896
	RESERVED
CVE-2013-6895
	RESERVED
CVE-2013-6894
	RESERVED
CVE-2013-6893
	RESERVED
CVE-2013-6892 (WebSVN 2.3.3 allows remote authenticated users to read arbitrary files ...)
	{DSA-3137-1 DLA-136-1}
	- websvn 2.3.3-1.2 (bug #775682)
CVE-2013-6891 (lppasswd in CUPS before 1.7.1, when running with setuid privileges, al ...)
	- cups 1.7.1-1
	[wheezy] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
	[squeeze] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
	NOTE: https://www.cups.org/str.php?L4319
CVE-2013-6890 (denyhosts 2.6 uses an incorrect regular expression when analyzing auth ...)
	{DSA-2826-1}
	- denyhosts 2.6-10.1
CVE-2013-6889 (GNU Rush 1.7 does not properly drop privileges, which allows local use ...)
	- rush 1.7+dfsg-4 (bug #733505)
	[wheezy] - rush 1.7+dfsg-1+deb7u1
CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute a ...)
	{DSA-2836-1}
	- devscripts 2.13.9
	[squeeze] - devscripts <no-dsa> (Minor issue)
CVE-2013-6887 (OpenJPEG 1.5.1 allows remote attackers to cause a denial of service vi ...)
	- openjpeg 1.5.2-1 (bug #731237)
	[wheezy] - openjpeg <not-affected> (Only affects 1.5)
	[squeeze] - openjpeg <not-affected> (Only affects 1.5)
CVE-2013-6886 (RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to g ...)
	- vnc4 <not-affected> (Only affects 5.0.6, binaries in Debian version are not setuid root)
CVE-2013-6884 (The write-blocker in CRU Ditto Forensic FieldStation with firmware bef ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6883 (Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic  ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6882 (Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Foren ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6881 (CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6880 (Open redirect in proxy.php in FlashCanvas before 1.6 allows remote att ...)
	NOT-FOR-US: FlashCanvas
CVE-2013-6879 (The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows ...)
	NOT-FOR-US: MijoSearch
CVE-2013-6878 (Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch co ...)
	NOT-FOR-US: MijoSearch
CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 ...)
	NOT-FOR-US: RealPlayer
CVE-2013-6876 (The (1) pty_init_terminal and (2) pipe_init_terminal functions in main ...)
	- s3d 0.2.2-9 (unimportant)
	NOTE: http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
	NOTE: Not running with elevated privileges in Debian packaging
CVE-2013-6875 (SQL injection vulnerability in functions/prepend_adm.php in Nagios Cor ...)
	NOT-FOR-US: Nagios XI
CVE-2013-6874 (Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows  ...)
	NOT-FOR-US: Vortex Light Alloy
CVE-2013-6873 (SQL injection vulnerability in Testa Online Test Management System (OT ...)
	NOT-FOR-US: Testa Online Test Management System
CVE-2013-6872 (SQL injection vulnerability in managetimetracker.php in Collabtive bef ...)
	- collabtive 1.2-1 (low)
	[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2013-6871
	RESERVED
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk befor ...)
	NOT-FOR-US: Splunk Web
CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface G3/HDX 800 ...)
	NOT-FOR-US: Polycom
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...)
	NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...)
	NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in  ...)
	NOT-FOR-US: Elastix
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly  ...)
	{DSA-3128-1 DLA-155-1}
	- linux 3.14.2-1
	- linux-2.6 <removed>
	NOTE: https://lkml.org/lkml/2014/1/14/198
	NOTE: Linux commit: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=3b56496865f9f7d9bcb2f93b44c63f274f08e3b6 (v3.14-rc1)
	NOTE: Might also be fixed in amd64-microcode, but details are not published (https://packages.qa.debian.org/a/amd64-microcode/news/20141218T224849Z.html)
	NOTE: and since this is fixed on the kernel-side, only track the kernel packages
CVE-2013-6857
	RESERVED
CVE-2013-6856
	RESERVED
CVE-2013-6855
	RESERVED
CVE-2013-6854
	RESERVED
CVE-2013-6853 (Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolb ...)
	NOT-FOR-US: Y! Toolbar plugin
CVE-2013-6852 (Cross-site request forgery (CSRF) vulnerability in html/json.html on H ...)
	NOT-FOR-US: Hewlett-Packard network equipment
CVE-2013-6851
	RESERVED
CVE-2013-6850
	RESERVED
CVE-2013-6849
	RESERVED
CVE-2013-6848
	RESERVED
CVE-2013-6847
	RESERVED
CVE-2013-6846
	RESERVED
CVE-2013-6845
	RESERVED
CVE-2013-6844
	RESERVED
CVE-2013-6843
	RESERVED
CVE-2013-6842
	RESERVED
CVE-2013-6841
	RESERVED
CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 befo ...)
	NOT-FOR-US: Siemens COMOS
CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earli ...)
	NOT-FOR-US: InstantCMS
CVE-2013-6838 (An unspecified Enghouse Interactive Professional Services "addon produ ...)
	NOT-FOR-US: IVR Pro/Contact Center (VIP2000)
CVE-2013-6837 (Cross-site scripting (XSS) vulnerability in the setTimeout function in ...)
	- web2py <removed> (unimportant)
	NOTE: python-web2py contains /usr/share/web2py/applications/examples/static/js/jquery.prettyPhoto.js
	NOTE: Only an example code
CVE-2013-6836 (Heap-based buffer overflow in the ms_escher_get_data function in plugi ...)
	- gnumeric 1.12.9-1 (low)
	[wheezy] - gnumeric <no-dsa> (Minor issue)
	[squeeze] - gnumeric <no-dsa> (Minor issue)
	NOTE: https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=712772
CVE-2013-6835 (TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used,  ...)
	NOT-FOR-US: iOS
CVE-2013-6834 (The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in F ...)
	- kfreebsd-9 <not-affected> (Only affects 10.x)
	- kfreebsd-8 <not-affected> (Only affects 10.x)
	- kfreebsd-10 10.0~svn258623-1 (bug #730519)
CVE-2013-6833 (The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in  ...)
	- kfreebsd-9 <not-affected> (Only affects 10.x)
	- kfreebsd-8 <not-affected> (Only affects 10.x)
	- kfreebsd-10 10.0~svn258623-1 (bug #730519)
CVE-2013-6832 (The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver ...)
	- kfreebsd-9 <not-affected> (Only affects 10.x)
	- kfreebsd-8 <not-affected> (Only affects 10.x)
	- kfreebsd-10 10.0~svn258623-1 (bug #730518)
CVE-2013-6831 (PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms h ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6830 (admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5 ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6829 (admin/confnetworking.html in PineApp Mail-SeCure allows remote attacke ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6828 (admin/management.html in PineApp Mail-SeCure allows remote attackers t ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6827 (Absolute path traversal vulnerability in admin/viewmsg.php in PineApp  ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6826 (cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiA ...)
	NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2013-6825 ((1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/ ...)
	- dcmtk 3.6.1~20150629-1 (unimportant)
	NOTE: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
	NOTE: Not running with elevated privileges in Debian packaging
	NOTE: http://git.dcmtk.org/web?p=dcmtk.git;a=commitdiff;h=beaf5a5c24101daeeafa48c375120b16197c9e95;hp=5349794c4c458c76609b7aeb53d0ca28cf9fe9f0
CVE-2013-6824 (Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 ...)
	- zabbix 1:2.2.0+dfsg-6 (low)
	[squeeze] - zabbix <no-dsa> (Minor issue)
	[wheezy] - zabbix <no-dsa> (Minor issue)
	NOTE: https://support.zabbix.com/browse/ZBX-7479
CVE-2013-6823 (GRMGApp in SAP NetWeaver allows remote attackers to bypass intended ac ...)
	NOT-FOR-US: SAP
CVE-2013-6822 (GRMGApp in SAP NetWeaver allows remote attackers to have unspecified i ...)
	NOT-FOR-US: SAP
CVE-2013-6821 (Directory traversal vulnerability in the Exportability Check Service i ...)
	NOT-FOR-US: SAP
CVE-2013-6820 (Unrestricted file upload vulnerability in the SAP NetWeaver Developmen ...)
	NOT-FOR-US: SAP
CVE-2013-6819 (Cross-site scripting (XSS) vulnerability in Performance Provider in SA ...)
	NOT-FOR-US: SAP
CVE-2013-6818 (SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote a ...)
	NOT-FOR-US: SAP
CVE-2013-6817 (Heap-based buffer overflow in SAP Network Interface Router (SAProuter) ...)
	NOT-FOR-US: SAP
CVE-2013-6816 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDum ...)
	NOT-FOR-US: SAP
CVE-2013-6815 (The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS A ...)
	NOT-FOR-US: SAP
CVE-2013-6814 (The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote ...)
	NOT-FOR-US: SAP
CVE-2013-6813
	RESERVED
CVE-2013-6812 (The ONEDC app before 1.7 for iOS does not properly verify X.509 certif ...)
	NOT-FOR-US: ONEDC app
CVE-2013-6811 (Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Li ...)
	NOT-FOR-US: D-Link
CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC Co ...)
	NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before 4.50 allow ...)
	NOT-FOR-US: Tftpd32
CVE-2013-6808 (Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in Zend ...)
	NOT-FOR-US: ZendTo
CVE-2012-6607 (The transform_save function in transform.c in Augeas before 1.0.0 allo ...)
	- augeas 1.0.0-1 (low)
	[squeeze] - augeas <no-dsa> (Minor issue)
	[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2013-6869 (SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC funct ...)
	NOT-FOR-US: Sap NetWeaver
CVE-2013-6868 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4 ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6867 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6866 (SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15. ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6865 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4 ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6864 (Directory traversal vulnerability in SAP Sybase Adaptive Server Enterp ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6863 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4 ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6862 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6861 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6860 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6859 (SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15. ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6858 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashb ...)
	- horizon 2013.2-2 (bug #730752)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/openstack/horizon/commit/6179f70290783e55b10bbd4b3b7ee74db3f8ef70
CVE-2013-6807 (The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciph ...)
	NOT-FOR-US: OpenText Exceed OnDemand
CVE-2013-6806 (OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to ...)
	NOT-FOR-US: OpenText Exceed onDemand
CVE-2013-6805 (OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, w ...)
	NOT-FOR-US: OpenText Exceed OnDemand
CVE-2013-6804 (Cross-site scripting (XSS) vulnerability in the Search module before 1 ...)
	NOT-FOR-US: Jamroom Search module
CVE-2013-6803
	RESERVED
CVE-2013-6802 (Google Chrome before 31.0.1650.57 allows remote attackers to bypass in ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6801 (Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2013-6800 (An unspecified third-party database module for the Key Distribution Ce ...)
	NOTE: Pointless split from CVE-2013-1418
CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of service (m ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 o ...)
	NOT-FOR-US: BlackBerry Link
CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in bluewrench-video-wi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2013-6796 (The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: DeepOfix
CVE-2013-6795 (The Updater in Rackspace Openstack Windows Guest Agent for XenServer b ...)
	NOT-FOR-US: Rackspace Windows Agent and Updater
CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in Ola ...)
	NOT-FOR-US: Olat
CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...)
	NOT-FOR-US: Olat
CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...)
	NOT-FOR-US: Android
CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...)
	NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit
CVE-2013-6790
	RESERVED
CVE-2013-6789 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports credential ...)
	- silverstripe <itp> (bug #528461)
CVE-2013-6788 (The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses s ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2013-6787 (SQL injection vulnerability in the check_user_password function in mai ...)
	NOT-FOR-US: Chamilo LMS
CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4. ...)
	NOT-FOR-US: Allegro RomPager
CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in Supermicro IP ...)
	NOT-FOR-US: Supermicro IPMI
CVE-2013-6784
	RESERVED
CVE-2013-6783
	RESERVED
CVE-2013-6782
	RESERVED
CVE-2013-6781
	RESERVED
CVE-2013-6780 (Cross-site scripting (XSS) vulnerability in uploader.swf in the Upload ...)
	- yui <removed> (low; bug #730104)
	[squeeze] - yui <no-dsa> (Not backportable, doesn't build from source in oldstable/stable)
	[wheezy] - yui <no-dsa> (Not backportable, doesn't build from source in oldstable/stable)
	- yui3 <not-affected>
	- moodle 2.5.3-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-6779
	RESERVED
CVE-2013-6778
	RESERVED
CVE-2013-6777
	RESERVED
CVE-2013-6776
	RESERVED
CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows attackers ...)
	NOT-FOR-US: Chainfire SuperSU package
CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package  ...)
	NOT-FOR-US: Chainfire SuperSU package
CVE-2013-6773 (Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal For ...)
	NOT-FOR-US: Splunk
CVE-2013-6772 (Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking ...)
	NOT-FOR-US: Splunk
CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk befo ...)
	NOT-FOR-US: Splunk
CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...)
	NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6769 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...)
	NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6768 (Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Ko ...)
	NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro  ...)
	NOT-FOR-US: QuickHeal AntiVirus
CVE-2013-6764
	REJECTED
CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux kerne ...)
	NOTE: Red Hat consider this as a non-issue:
	NOTE: http://seclists.org/oss-sec/2013/q4/282
CVE-2013-6762
	REJECTED
CVE-2013-6761
	REJECTED
CVE-2013-6760
	REJECTED
CVE-2013-6759
	REJECTED
CVE-2013-6758
	REJECTED
CVE-2013-6757
	REJECTED
CVE-2013-6756
	REJECTED
CVE-2013-6755
	REJECTED
CVE-2013-6754
	REJECTED
CVE-2013-6753
	REJECTED
CVE-2013-6752
	REJECTED
CVE-2013-6751
	REJECTED
CVE-2013-6750
	RESERVED
CVE-2013-6749 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2013-6748 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2013-6747 (IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM ...)
	NOT-FOR-US: IBM GSKit
CVE-2013-6746 (Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Docume ...)
	NOT-FOR-US: IBM FileNet Business Process Manager
CVE-2013-6745 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
	NOT-FOR-US: IBM
CVE-2013-6744 (The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 1 ...)
	NOT-FOR-US: IBM DB2
CVE-2013-6743 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM  ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6742 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6741 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2013-6740
	RESERVED
CVE-2013-6739 (IBM SPSS Modeler before 16 on UNIX allows remote authenticated users t ...)
	NOT-FOR-US: IBM
CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics L ...)
	NOT-FOR-US: IBM
CVE-2013-6737 (IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3 ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-6736
	RESERVED
CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6734 (IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not proper ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-6733 (Cross-site scripting (XSS) vulnerability in the Web Application in the ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6732 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-6731 (IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authen ...)
	NOT-FOR-US: IBM Netezza
CVE-2013-6730 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6729 (Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 befo ...)
	NOT-FOR-US: IBM QuickFile
CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1. ...)
	NOT-FOR-US: IBM WebSphere Dashboard Framework
CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 befor ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6726 (Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv  ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS  ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle refe ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6722 (Unrestricted file upload vulnerability in the Registration/Edit My Pro ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Regi ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2013-6720 (Directory traversal vulnerability in download.php in the Passive Captu ...)
	NOT-FOR-US: IBM Tealeaf
CVE-2013-6719 (delivery.php in the Passive Capture Application (PCA) web console in I ...)
	NOT-FOR-US: IBM Tealeaf CX
CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3 ...)
	NOT-FOR-US: IBM firmware
CVE-2013-6717 (The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8  ...)
	NOT-FOR-US: IBM
CVE-2013-6716
	REJECTED
CVE-2013-6715
	RESERVED
CVE-2013-6714 (The FlashCopy Manager for VMware component in IBM Tivoli Storage Flash ...)
	NOT-FOR-US: IBM Tivoli Storage FlashCopy Manager
CVE-2013-6713 (The Data Protection for VMware component in IBM Tivoli Storage Manager ...)
	NOT-FOR-US: IBM Tivoli Storage Manager for Virtual Environments
CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...)
	{DSA-2816-1}
	- php5 5.5.6+dfsg-2 (bug #731112)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
CVE-2013-6711 (Cross-site scripting (XSS) vulnerability in the product-creation admin ...)
	NOT-FOR-US: Cisco
CVE-2013-6710 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Trainin ...)
	NOT-FOR-US: Cisco
CVE-2013-6709 (The registration component in Cisco WebEx Training Center provides the ...)
	NOT-FOR-US: Cisco
CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of unspec ...)
	NOT-FOR-US: Cisco
CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows  ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-6705 (The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows r ...)
	NOT-FOR-US: Cisco
CVE-2013-6704 (Cisco IOS XE does not properly manage memory for TFTP UDP flows, which ...)
	NOT-FOR-US: Cisco
CVE-2013-6703 (The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-6702 (The management implementation on Cisco ONS 15454 controller cards with ...)
	NOT-FOR-US: Cisco
CVE-2013-6701 (The tNetTaskLimit process on the Transport Node Controller (TNC) on Ci ...)
	NOT-FOR-US: Cisco
CVE-2013-6700 (The SNMP module in Cisco IOS XR allows remote attackers to cause a den ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-6699 (The Control and Provisioning of Wireless Access Points (CAPWAP) protoc ...)
	NOT-FOR-US: Cisco
CVE-2013-6698 (The web interface on Cisco Wireless LAN Controller (WLC) devices does  ...)
	NOT-FOR-US: Cisco
CVE-2013-6697
	RESERVED
CVE-2013-6696 (Cisco Adaptive Security Appliance (ASA) Software does not properly han ...)
	NOT-FOR-US: Cisco
CVE-2013-6695 (The RBAC implementation in Cisco Secure Access Control System (ACS) do ...)
	NOT-FOR-US: Cisco
CVE-2013-6694 (The IPSec implementation in Cisco IOS allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2013-6693 (The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 rout ...)
	NOT-FOR-US: Cisco
CVE-2013-6692 (Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool du ...)
	NOT-FOR-US: Cisco
CVE-2013-6691 (The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (A ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-6690 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Cisco
CVE-2013-6689 (Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier a ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6688 (Directory traversal vulnerability in the license-upload interface in t ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6687 (The web portal in the Enterprise License Manager component in Cisco We ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows r ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-6685 (The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak ...)
	NOT-FOR-US: Cisco Unified IP phones
CVE-2013-6684 (The web framework on Cisco Wireless LAN Controller (WLC) devices does  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle neighb ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...)
	NOT-FOR-US: Tube Map Live Underground for Android
CVE-2013-6680
	REJECTED
CVE-2013-6679
	REJECTED
CVE-2013-6678
	REJECTED
CVE-2013-6677
	REJECTED
CVE-2013-6676
	REJECTED
CVE-2013-6675
	REJECTED
CVE-2013-6674 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x t ...)
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-14.html
CVE-2013-6673 (Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...)
	- iceweasel 24.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-6672 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow u ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
	- iceape <not-affected> (Only affects Firefox 25)
CVE-2013-6671 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26 ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-6670
	RESERVED
CVE-2013-6669
	RESERVED
CVE-2013-6668 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, a ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750 ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6666 (The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pe ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6665 (Heap-based buffer overflow in the ResourceProvider::InitializeSoftware ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6664 (Use-after-free vulnerability in the FormAssociatedElement::formRemoved ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6663 (Use-after-free vulnerability in the SVGImage::setContainerSize functio ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6662 (Google Chrome caches TLS sessions before certificate validation occurs ...)
	NOTE: Chrome issue fixed end of 2013, not really worth figuring out in which version
CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750 ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6660 (The drag-and-drop implementation in Google Chrome before 33.0.1750.117 ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6659 (The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socke ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6658 (Multiple use-after-free vulnerabilities in the layout implementation i ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6657 (core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used i ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6656 (The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in th ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6655 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6654 (The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVG ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6653 (Use-after-free vulnerability in the web contents implementation in Goo ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6652 (Directory traversal vulnerability in sandbox/win/src/named_pipe_dispat ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2013-6651
	RESERVED
CVE-2013-6650 (The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Goo ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in  ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-6648 (SkRegion::setPath in Skia allows remote attackers to cause a denial of ...)
	- skia <itp> (bug #818180)
CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google  ...)
	- chromium-browser <not-affected> (According to upstream bug only affected interim version, not a stable release)
CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in Goog ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6645 (Use-after-free vulnerability in the OnWindowRemovingFromRootWindow fun ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6644 (Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700 ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6643 (The OneClickSigninBubbleView::WindowClosing function in browser/ui/vie ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6642 (Google Chrome through 32.0.1700.23 on Android allows remote attackers  ...)
	- chromium-browser <not-affected> (only affects google chrome on android)
CVE-2013-6641 (Use-after-free vulnerability in the FormAssociatedElement::formRemoved ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc ...)
	{DSA-2811-1}
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 3.14.5.8-5
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc ...)
	{DSA-2811-1}
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 3.14.5.8-5
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6638 (Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...)
	{DSA-2811-1}
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2013-6637 (Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650 ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6636 (The FrameLoader::notifyIfInitialDocumentAccessed function in core/load ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6635 (Use-after-free vulnerability in the editing implementation in Blink, a ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6634 (The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6633
	RESERVED
CVE-2013-6620
	RESERVED
CVE-2013-6619
	RESERVED
CVE-2013-6618 (jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 befo ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6617 (The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...)
	- salt 0.17.1+dfsg-1
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...)
	NOT-FOR-US: SpellChecker module in Xinha
CVE-2013-6766 (OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows rem ...)
	NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago)
CVE-2013-6765 (OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote at ...)
	NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago)
CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote at ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6631 (Use-after-free vulnerability in the Channel::SendRTCPPacket function i ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6630 (The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as  ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
	- libjpeg-turbo 1.3.0-3 (low; bug #729873)
	- libjpeg6b 6b1-4 (low; bug #729867)
	[squeeze] - libjpeg6b <no-dsa> (Minor issue)
	[wheezy] - libjpeg6b 6b1-3+deb7u1
	- libjpeg8 8d-2 (low; bug #729867)
	[squeeze] - libjpeg8 <no-dsa> (Minor issue)
	[wheezy] - libjpeg8 8d-1+deb7u1
	- iceweasel 24.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-t ...)
	{DSA-2923-1 DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
	- libjpeg-turbo 1.3.0-3 (low; bug #729873)
	- libjpeg6b 6b1-4 (low; bug #729867)
	[wheezy] - libjpeg6b 6b1-3+deb7u1
	[squeeze] - libjpeg6b <no-dsa> (Minor issue)
	- libjpeg8 8d-2 (low; bug #729867)
	[squeeze] - libjpeg8 <no-dsa> (Minor issue)
	[wheezy] - libjpeg8 8d-1+deb7u1
	- iceweasel 24.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
CVE-2013-6628 (net/socket/ssl_client_socket_nss.cc in the TLS implementation in Googl ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6627 (net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 do ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6626 (The WebContentsImpl::AttachInterstitialPage function in content/browse ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6625 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, a ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6624 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allo ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6623 (The SVG implementation in Blink, as used in Google Chrome before 31.0. ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6622 (Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocu ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6621 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allo ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6616
	REJECTED
CVE-2013-6615
	REJECTED
CVE-2013-6614
	REJECTED
CVE-2013-6613
	REJECTED
CVE-2013-6612
	REJECTED
CVE-2013-6611
	REJECTED
CVE-2013-6610
	REJECTED
CVE-2013-6609
	REJECTED
CVE-2013-6608
	REJECTED
CVE-2013-6607
	REJECTED
CVE-2013-6606
	REJECTED
CVE-2013-6605
	REJECTED
CVE-2013-6604
	REJECTED
CVE-2013-6603
	REJECTED
CVE-2013-6602
	REJECTED
CVE-2013-6601
	REJECTED
CVE-2013-6600
	REJECTED
CVE-2013-6599
	REJECTED
CVE-2013-6598
	REJECTED
CVE-2013-6597
	REJECTED
CVE-2013-6596
	REJECTED
CVE-2013-6595
	REJECTED
CVE-2013-6594
	REJECTED
CVE-2013-6593
	REJECTED
CVE-2013-6592
	REJECTED
CVE-2013-6591
	REJECTED
CVE-2013-6590
	REJECTED
CVE-2013-6589
	REJECTED
CVE-2013-6588
	REJECTED
CVE-2013-6587
	REJECTED
CVE-2013-6586
	REJECTED
CVE-2013-6585
	REJECTED
CVE-2013-6584
	REJECTED
CVE-2013-6583
	REJECTED
CVE-2013-6582
	REJECTED
CVE-2013-6581
	REJECTED
CVE-2013-6580
	REJECTED
CVE-2013-6579
	REJECTED
CVE-2013-6578
	REJECTED
CVE-2013-6577
	REJECTED
CVE-2013-6576
	REJECTED
CVE-2013-6575
	REJECTED
CVE-2013-6574
	REJECTED
CVE-2013-6573
	REJECTED
CVE-2013-6572
	REJECTED
CVE-2013-6571
	REJECTED
CVE-2013-6570
	REJECTED
CVE-2013-6569
	REJECTED
CVE-2013-6568
	REJECTED
CVE-2013-6567
	REJECTED
CVE-2013-6566
	REJECTED
CVE-2013-6565
	REJECTED
CVE-2013-6564
	REJECTED
CVE-2013-6563
	REJECTED
CVE-2013-6562
	REJECTED
CVE-2013-6561
	REJECTED
CVE-2013-6560
	REJECTED
CVE-2013-6559
	REJECTED
CVE-2013-6558
	REJECTED
CVE-2013-6557
	REJECTED
CVE-2013-6556
	REJECTED
CVE-2013-6555
	REJECTED
CVE-2013-6554
	REJECTED
CVE-2013-6553
	REJECTED
CVE-2013-6552
	REJECTED
CVE-2013-6551
	REJECTED
CVE-2013-6550
	REJECTED
CVE-2013-6549
	REJECTED
CVE-2013-6548
	REJECTED
CVE-2013-6547
	REJECTED
CVE-2013-6546
	REJECTED
CVE-2013-6545
	REJECTED
CVE-2013-6544
	REJECTED
CVE-2013-6543
	REJECTED
CVE-2013-6542
	REJECTED
CVE-2013-6541
	REJECTED
CVE-2013-6540
	REJECTED
CVE-2013-6539
	REJECTED
CVE-2013-6538
	REJECTED
CVE-2013-6537
	REJECTED
CVE-2013-6536
	REJECTED
CVE-2013-6535
	REJECTED
CVE-2013-6534
	REJECTED
CVE-2013-6533
	REJECTED
CVE-2013-6532
	REJECTED
CVE-2013-6531
	REJECTED
CVE-2013-6530
	REJECTED
CVE-2013-6529
	REJECTED
CVE-2013-6528
	REJECTED
CVE-2013-6527
	REJECTED
CVE-2013-6526
	REJECTED
CVE-2013-6525
	REJECTED
CVE-2013-6524
	REJECTED
CVE-2013-6523
	REJECTED
CVE-2013-6522
	REJECTED
CVE-2013-6521
	REJECTED
CVE-2013-6520
	REJECTED
CVE-2013-6519
	REJECTED
CVE-2013-6518
	REJECTED
CVE-2013-6517
	REJECTED
CVE-2013-6516
	REJECTED
CVE-2013-6515
	REJECTED
CVE-2013-6514
	REJECTED
CVE-2013-6513
	REJECTED
CVE-2013-6512
	REJECTED
CVE-2013-6511
	REJECTED
CVE-2013-6510
	REJECTED
CVE-2013-6509
	REJECTED
CVE-2013-6508
	REJECTED
CVE-2013-6507
	REJECTED
CVE-2013-6506
	RESERVED
CVE-2013-6505
	RESERVED
CVE-2013-6504
	RESERVED
CVE-2013-6503
	RESERVED
CVE-2013-6502
	RESERVED
CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and  ...)
	- php5 <removed> (unimportant)
	NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
CVE-2013-6500
	REJECTED
CVE-2013-6499
	REJECTED
CVE-2013-6498
	RESERVED
CVE-2013-6497 (clamscan in ClamAV before 0.98.5, when using -a option, allows remote  ...)
	{DLA-95-1}
	- clamav 0.98.5+dfsg-1
	[wheezy] - clamav 0.98.5+dfsg-0+deb7u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11088
CVE-2013-6496 (Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Red Hat Conga
CVE-2013-6495 (JBossWeb Bayeux has reflected XSS ...)
	NOT-FOR-US: JBossWeb Bayeux
CVE-2013-6494 (fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a ...)
	NOT-FOR-US: fedup (Fedora specific)
CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc  ...)
	- icedtea-web 1.4.2-1 (low)
	[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly rest ...)
	NOT-FOR-US: Pirhana
CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo bef ...)
	- nova 2013.2.3-1
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-6490 (The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remot ...)
	{DSA-2859-2 DSA-2859-1}
	- pidgin 2.10.8-1
CVE-2013-6489 (Integer signedness error in the MXit functionality in Pidgin before 2. ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6488
	REJECTED
CVE-2013-6487 (Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...)
	{DSA-2859-1 DSA-2852-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
	- libgadu 1:1.11.3-1
CVE-2013-6486 (gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted rem ...)
	- pidgin <not-affected> (Windows-specific)
CVE-2013-6485 (Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows  ...)
	{DSA-2859-2 DSA-2859-1}
	- pidgin 2.10.8-1
CVE-2013-6484 (The STUN protocol implementation in libpurple in Pidgin before 2.10.8  ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6483 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2013-6482 (Pidgin before 2.10.8 allows remote MSN servers to cause a denial of se ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6481 (libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows rem ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter f ...)
	- libcloud <not-affected> (affects 0.12.3 to 0.13.3)
	NOTE: version prior to 0.12.3 don't include a DigitalOcean driver
CVE-2013-6479 (util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2013-6478 (gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with un ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before 2.10. ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pd ...)
	{DSA-2876-1 DSA-2875-1}
	- cups-filters 1.0.47-1 (bug #741318)
	- cups 1.5.0-16 (bug #741333)
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPS ...)
	{DSA-2876-1 DSA-2875-1}
	- cups-filters 1.0.47-1 (bug #741318)
	- cups 1.5.0-16 (bug #741333)
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-fi ...)
	{DSA-2876-1 DSA-2875-1}
	- cups-filters 1.0.47-1 (bug #741318)
	- cups 1.5.0-16 (bug #741333)
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in cups-fi ...)
	- cups-filters 1.0.47-1 (bug #741318)
	[wheezy] - cups-filters <not-affected> (does not contain urftopdf filter)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
CVE-2013-6472 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58699
CVE-2013-6471
	RESERVED
CVE-2013-6470 (The default configuration in the standalone controller quickstack mani ...)
	NOT-FOR-US: openstack foreman-installer
CVE-2013-6469 (JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remo ...)
	NOT-FOR-US: JBoss SOA RTgov
CVE-2013-6468 (JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM S ...)
	NOT-FOR-US: JBoss Drolls
CVE-2013-6467 (Libreswan 3.7 and earlier allows remote attackers to cause a denial of ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial  ...)
	{DSA-2893-1}
	- openswan <removed> (bug #737406)
	NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbe ...)
	NOT-FOR-US: JBPM KIE Workbench
CVE-2013-6464
	RESERVED
CVE-2013-6463
	REJECTED
CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in bitma ...)
	{DSA-2838-1}
	- libxfont 1:1.4.7-1
CVE-2013-6461 (Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by fai ...)
	- ruby-nokogiri <not-affected> (jruby implementation not shiped)
	- libnokogiri-ruby <not-affected> (1.4 and earlier not affected)
	NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
CVE-2013-6460 (Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsin ...)
	- ruby-nokogiri <not-affected> (jruby implementation not shiped)
	- libnokogiri-ruby <not-affected> (1.4 and earlier not affected)
	NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
CVE-2013-6459 (Cross-site scripting (XSS) vulnerability in the will_paginate gem befo ...)
	- ruby-will-paginate 3.0.5-1 (low; bug #733209)
	[wheezy] - ruby-will-paginate <no-dsa> (Minor issue)
	- libwill-paginate-ruby <removed>
	[squeeze] - libwill-paginate-ruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mislav/will_paginate/releases/tag/v3.0.5
CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) virDomain ...)
	{DSA-2846-1}
	- libvirt 1.2.1-1 (bug #734556)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
	NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver (libxl/l ...)
	- libvirt 1.2.1-1
	[wheezy] - libvirt <not-affected> (Vulnerable code not present)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=261c4f5fb93c5e23b8002f2760d4a7937cdb7f63
CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allow ...)
	- libvirt 1.2.3-1 (bug #732394)
	[wheezy] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
CVE-2013-6455 (The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1. ...)
	NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-6454 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10,  ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58472
CVE-2013-6453 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58553
CVE-2013-6452 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10,  ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=57550
CVE-2013-6451 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1. ...)
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58088
	NOTE: Introduced by the fix for CVE-2013-4568
CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l  ...)
	{DSA-2833-1}
	- openssl 1.0.1e-5 (low)
	[squeeze] - openssl <not-affected> (Versions earlier than 1.0.0 are not affected)
CVE-2013-6449 (The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0. ...)
	{DSA-2833-1}
	- openssl 1.0.1e-5 (bug #732754)
	[squeeze] - openssl <not-affected> (TLS 1.2 support introduced in 1.0.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045363
	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ca98926
	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2b
CVE-2013-6448 (The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2  ...)
	NOT-FOR-US: JBoss Seam
CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) Executio ...)
	NOT-FOR-US: JBoss Seam
CVE-2013-6446 (The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before  ...)
	NOT-FOR-US: Cloudera
CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG  ...)
	NOT-FOR-US: Cumin
CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname matche ...)
	- pywbem 0.8.0~dev650-1 (bug #732594)
	[squeeze] - pywbem <no-dsa> (Minor issue)
	[wheezy] - pywbem <no-dsa> (Minor issue)
	NOTE: Fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
CVE-2013-6443 (CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attacker ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before ...)
	- samba 2:4.1.6+dfsg-1 (low)
	[squeeze] - samba <not-affected> (Only affects 4.x and later)
	[wheezy] - samba <not-affected> (Only affects 4.x and later)
	- samba4 <removed>
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
	NOTE: http://www.samba.org/samba/security/CVE-2013-6442
CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta ...)
	{DLA-442-1}
	- lxc 1.0.0-1 (unimportant)
	NOTE: getting root on host, if not using unprivileged containers or
	NOTE: restricting the containers with apparmor or selinux.
	NOTE: CVE is kept as no official documentation explicitly document this fact
	NOTE: https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2 (lxc-1.0.0.beta2)
CVE-2013-6440 (The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, ...)
	- opensaml2 <not-affected> (Debian provides the C-based Shibboleth implementation)
	NOTE: http://shibboleth.net/community/advisories/secadv_20131213.txt
	NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
CVE-2013-6439 (Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a ...)
	NOT-FOR-US: Candlepin
CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...)
	{DLA-66-1}
	- apache2 2.4.9-1
	[wheezy] - apache2 2.2.22-13+deb7u2
CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ice ...)
	- nova 2013.2.2
	[wheezy] - nova <not-affected> (Vulnerable code not present)
CVE-2013-6436 (The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...)
	- libvirt 1.2.0-1
	[squeeze] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
	[wheezy] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
CVE-2013-6435 (Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ...)
	{DSA-3129-1 DLA-140-1}
	- rpm 4.11.3-1.1 (bug #773101)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039811
CVE-2013-6434 (The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M ...)
	NOT-FOR-US: RHEV Manager
CVE-2013-6433 (The default configuration in the Red Hat openstack-neutron package bef ...)
	- quantum <removed>
	[wheezy] - quantum <no-dsa> (Minor issue)
	- neutron 2014.1-1
	NOTE: Likely fixed even earlier than 2014.1-1, but that was the oldest version checked
CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel befor ...)
	- linux 3.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.11)
	NOTE: Introduced by https://git.kernel.org/linus/6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67
	NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0
CVE-2013-6431 (The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.11.5-1 (low)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
CVE-2013-6430 (The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtil ...)
	{DSA-2857-1}
	- libspring-java 3.0.6.RELEASE-11 (bug #735420)
CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring Framework befor ...)
	{DSA-2857-1}
	- libspring-java 3.0.6.RELEASE-11 (bug #735420)
CVE-2013-6428 (The ReST API in OpenStack Orchestration API (Heat) before Havana 2013. ...)
	- heat 2013.2.1-1 (bug #732033)
	NOTE: https://launchpad.net/bugs/1256983
CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing  ...)
	{DSA-2829-1}
	- hplip 3.13.11-2 (bug #731480)
	[squeeze] - hplip <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=853405
CVE-2013-6426 (The cloudformation-compatible API in OpenStack Orchestration API (Heat ...)
	- heat 2013.2.1-1 (bug #732033)
	NOTE: https://launchpad.net/bugs/1256049
CVE-2013-6425 (Integer underflow in the pixman_trapezoid_valid macro in pixman.h in P ...)
	{DSA-2823-1}
	- pixman 0.30.2-2
CVE-2013-6424 (Integer underflow in the xTrapezoidValid macro in render/picture.h in  ...)
	{DSA-2822-1}
	- xorg-server 2:1.14.2.901-1 (low; bug #742922)
	NOTE: Band-aid fix in Wheezy not applicable to upstream code, fixed post-Wheezy
	NOTE: in pixman: http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c
	NOTE: Mark the first post-wheezy xorg-server as a pseudo fixed version
CVE-2013-6423
	RESERVED
CVE-2013-6422 (The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling di ...)
	{DSA-2824-1}
	- curl 7.34.0-1
	[squeeze] - curl <not-affected> (issue introduced with 59cf93cc, 7.21.4)
CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.2 ...)
	NOT-FOR-US: Ruby Gem sprout
CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...)
	{DSA-2816-1}
	- php5 5.5.6+dfsg-2 (bug #731895)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...)
	- neutron 2013.2.1-1
	- nova 2013.2.1-1
	[wheezy] - nova <not-affected> (Only exploitable in combination in neutron, not in Wheezy)
	NOTE: https://launchpad.net/bugs/1235450
CVE-2013-6418 (PyWBEM 0.7 and earlier uses a separate connection to validate X.509 ce ...)
	- pywbem 0.8.0~dev650-1 (low; bug #732594)
	[squeeze] - pywbem <no-dsa> (Minor issue)
	[wheezy] - pywbem <no-dsa> (Minor issue)
	NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: CVE for incomplete fix for CVE-2013-0155
CVE-2013-6416 (Cross-site scripting (XSS) vulnerability in the simple_format helper i ...)
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- ruby-actionpack-3.2 <not-affected> (vulnerable code not present)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency hel ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <removed> (bug #731289)
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6413 (Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allo ...)
	- unrealircd <itp> (bug #515130)
	NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221
CVE-2013-6412 (The transform_save function in transform.c in Augeas 1.0.0 through 1.1 ...)
	{DLA-28-1}
	- augeas 1.2.0-0.1 (bug #731111)
	[wheezy] - augeas <not-affected> (Affected patch not present/applied)
	[squeeze] - augeas <not-affected> (Affected patch not present/applied)
	NOTE: only if applied original patch for CVE-2012-0786
CVE-2013-6411 (The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3. ...)
	- openttd 1.3.3-1 (low)
	[squeeze] - openttd 1.0.4-7
	[wheezy] - openttd 1.2.1-3
	NOTE: http://bugs.openttd.org/task/5820
CVE-2013-6410 (nbd-server in Network Block Device (nbd) before 3.5 does not properly  ...)
	{DSA-2806-1}
	- nbd 1:3.5-1
	NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9
CVE-2013-6409 (Debian adequate before 0.8.1, when run by root with the --user option, ...)
	- adequate 0.8.1 (bug #730691)
	NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee
CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does no ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
	NOTE: https://issues.apache.org/jira/browse/SOLR-4881
CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remo ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
	NOTE: https://issues.apache.org/jira/browse/SOLR-3895
CVE-2013-6406
	REJECTED
CVE-2013-6405
	REJECTED
CVE-2013-6404 (Quassel core (server daemon) in Quassel IRC before 0.9.2 does not prop ...)
	- quassel 0.9.2-1 (low)
	[wheezy] - quassel 0.8.0-1+deb7u1
	[squeeze] - quassel <no-dsa> (Minor issue)
	NOTE: https://github.com/quassel/quassel/commit/a1a24da
CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to by ...)
	- owncloud 5.0.13+dfsg-1
CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11  ...)
	{DSA-2829-1}
	- hplip 3.13.11-2.1 (bug #725876)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=852368
CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restrict the ability to tr ...)
	- jansson 2.6-1 (bug #738647)
	[wheezy] - jansson <no-dsa> (Minor issue)
CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been a ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (4.2.x and later are vulnerable)
	[squeeze] - xen <not-affected> (4.2.x and later are vulnerable)
CVE-2013-6399 (Array index error in the virtio_load function in hw/virtio/virtio.c in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...)
	NOT-FOR-US: Apache CloudStack
CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
	NOTE: https://issues.apache.org/jira/browse/SOLR-4882
CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...)
	- python-swiftclient 1:2.0.2-1 (bug #730626)
	NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web  ...)
	- ganglia-web <unfixed> (unimportant; bug #730507)
	[squeeze] - ganglia <not-affected> (Vulnerable code not present)
	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
	- ganglia 3.6.0-1
	[wheezy] - ganglia <no-dsa> (Minor issue)
	NOTE: ganglia-web and ganglia are now two separate source packages
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: https://github.com/ganglia/ganglia-web/issues/218
CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the initial ...)
	- percona-xtrabackup 2.1.6-2 (bug #730544)
CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0 ...)
	{DSA-2870-1 DSA-2850-1}
	- libyaml 0.1.4-3 (bug #737076)
	- libyaml-libyaml-perl 0.41-4
CVE-2013-6392 (The genlock_dev_ioctl function in genlock.c in the Genlock driver for  ...)
	- linux-2.6 <not-affected> (Android-specific)
	- linux <not-affected> (Android-specific)
	NOTE: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3
CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013. ...)
	- keystone 2013.2.1-1 (bug #731981)
	[wheezy] - keystone <not-affected> (vulnerable code not present)
	NOTE: https://launchpad.net/bugs/1242597
CVE-2013-6390
	RESERVED
CVE-2013-6389 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
	{DSA-2804-1}
	- drupal7 7.24-1
CVE-2013-6388 (Cross-site scripting (XSS) vulnerability in the Color module in Drupal ...)
	{DSA-2804-1}
	- drupal7 7.24-1
CVE-2013-6387 (Cross-site scripting (XSS) vulnerability in the Image module in Drupal ...)
	{DSA-2804-1}
	- drupal7 7.24-1
CVE-2013-6386 (Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand functi ...)
	{DSA-2828-1 DSA-2804-1}
	- drupal6 <removed>
	- drupal7 7.24-1
	NOTE: https://drupal.org/SA-CORE-2013-003
CVE-2013-6385 (The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used  ...)
	{DSA-2828-1 DSA-2804-1}
	- drupal6 <removed>
	- drupal7 7.24-1
	NOTE: https://drupal.org/SA-CORE-2013-003
CVE-2013-6384 ((1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 ...)
	- ceilometer 2013.2-4 (bug #730227)
CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the L ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.53-1
	- linux 3.11.8-1
	NOTE: https://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux kern ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.10-1 (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-6381 (Buffer overflow in the qeth_snmp_command function in drivers/s390/net/ ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.10-1 (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62
CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in th ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.10-1
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/linus/b4789b8e6be3151a955ade74872822f30e8cd914
CVE-2013-6379
	REJECTED
CVE-2013-6378 (The lbs_debugfs_write function in drivers/net/wireless/libertas/debugf ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.10-1 (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/linus/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88
CVE-2013-6377
	REJECTED
CVE-2013-6376 (The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM s ...)
	- linux 3.12.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
CVE-2013-6375 (Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does n ...)
	- xen 4.4.0-1 (bug #730254)
	[squeeze] - xen <not-affected> (Only affects >= 4.2)
	[wheezy] - xen <not-affected> (Only affects >= 4.2)
CVE-2013-6374 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
	- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6373 (The Exclusion plugin before 0.9 for Jenkins does not properly prevent  ...)
	- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6372 (The Subversion plugin before 1.54 for Jenkins stores credentials using ...)
	- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent  ...)
	- json-c 0.11-4 (bug #744008)
	[wheezy] - json-c <no-dsa> (Minor issue)
	[squeeze] - json-c <no-dsa> (Minor issue)
	NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
CVE-2013-6370 (Buffer overflow in the printbuf APIs in json-c before 0.12 allows remo ...)
	- json-c 0.11-4 (bug #744008)
	[wheezy] - json-c <no-dsa> (Minor issue)
	[squeeze] - json-c <no-dsa> (Minor issue)
	NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
CVE-2013-6369 (Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig ...)
	{DSA-2900-1}
	- jbigkit 2.0-2.1 (bug #743960)
CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local user ...)
	- linux 3.12.5-1
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsyst ...)
	{DSA-2906-1}
	- linux 3.12.5-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
CVE-2013-6363
	RESERVED
CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...)
	NOT-FOR-US: Xerox
CVE-2013-6361
	RESERVED
CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...)
	NOT-FOR-US: TRENDnet
CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to  ...)
	{DSA-2815-1 DLA-20-1}
	- munin 2.0.18-1
	[squeeze] - munin 1.4.5-3+deb6u1
	NOTE: http://munin-monitoring.org/ticket/1397
CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to execute arbi ...)
	NOT-FOR-US: PrestaShop
CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the  ...)
	NOT-FOR-US: Disputed non-issue in Tomcat
CVE-2013-6356
	REJECTED
CVE-2013-6355
	REJECTED
CVE-2013-6354
	RESERVED
CVE-2013-6353
	RESERVED
CVE-2013-6352
	RESERVED
CVE-2013-6351
	RESERVED
CVE-2013-6350
	RESERVED
CVE-2013-6349 (McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allow ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-6348 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.3)
	NOTE: https://issues.apache.org/jira/browse/WW-4213
CVE-2013-6347 (Session fixation vulnerability in Novell ZENworks Configuration Manage ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6346 (Cross-site request forgery (CSRF) vulnerability in the ZCC page in Nov ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6345 (Unspecified vulnerability in the ZCC page in Novell ZENworks Configura ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6344 (The ZCC page in Novell ZENworks Configuration Management (ZCM) before  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6343 (Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT ...)
	NOT-FOR-US: ASUS Router
CVE-2013-6342 (Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin b ...)
	NOT-FOR-US: Tweet Blender plugin for WP
CVE-2013-6341 (SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remot ...)
	NOT-FOR-US: Dokeos
CVE-2004-XXXX [base-passwd: sets valid shells for system services]
	- base-passwd 3.5.30 (unimportant; bug #274229)
	NOTE: Hardening, not a direct vulnerability
CVE-2013-6366 (The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote aut ...)
	NOT-FOR-US: VMware Hyperic HQ
CVE-2013-6365 (Horde Groupware Web mail 5.1.2 has CSRF with requests to change permis ...)
	- php-horde 5.1.5+debian0-1 (bug #730110)
	- php-horde-kronolith 4.1.4-1 (bug #730980)
	- kronolith2 <not-affected> (Vulnerable code not present)
	- horde3 <removed>
	[squeeze] - horde3 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/horde/horde/commit/b79114d08ee8c8e43e74a179741749529f6d885c
CVE-2013-6364 (Horde Groupware Webmail Edition has CSRF and XSS when saving search as ...)
	- php-horde <not-affected> (Vulnerable code in turba)
	- php-horde-turba 4.1.3-1 (bug #730979)
	- turba2 <removed>
	[squeeze] - turba2 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/horde/horde/commit/74f9add4ad86c29b608270e33b17426163b3c8cf
CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x b ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263
CVE-2013-6339 (The dissect_openwire_type function in epan/dissectors/packet-openwire. ...)
	{DLA-497-1}
	- wireshark 1.10.3-1 (unimportant)
	[squeeze] - wireshark <not-affected> (OpenWire dissector introduced in 1.8.0)
	NOTE: Not suitable for code injection
CVE-2013-6338 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228
CVE-2013-6337 (Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x bef ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 not accessible
CVE-2013-6336 (The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	[squeeze] - wireshark <not-affected> (code introduced in 1.6.0)
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
CVE-2013-6335 (The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Spac ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2013-6333 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6332 (Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 throu ...)
	NOT-FOR-US: IBM Algo One UDS
CVE-2013-6331 (SQL injection vulnerability in IBM Algo One, as used in MetaData Manag ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileS ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager OnDema ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2013-6328 (Cross-site scripting (XSS) vulnerability in the Web Content Manager (W ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6327 (Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Ste ...)
	NOT-FOR-US: IBM
CVE-2013-6326
	RESERVED
CVE-2013-6325 (IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-6324
	RESERVED
CVE-2013-6323 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management  ...)
	NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...)
	NOT-FOR-US: IBM Atlas eDiscovery Process Management
CVE-2013-6320 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6319 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 throug ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6318 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6317
	RESERVED
CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8. ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6315 (IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and E ...)
	NOT-FOR-US: IBM InfoSphere Enterprise Records
CVE-2013-6314 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise  ...)
	NOT-FOR-US: IBM InfoSphere Enterprise Records
CVE-2013-6313
	RESERVED
CVE-2013-6312 (Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5 ...)
	NOT-FOR-US: IBM
CVE-2013-6311 (SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 a ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6310 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6309 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated user ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6308 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated user ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6307 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-6306 (Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01A ...)
	NOT-FOR-US: IBM Power 7
CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
	NOT-FOR-US: IBM Platform Symphony
CVE-2013-6304 (Multiple directory traversal vulnerabilities in Algo Risk Application  ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in MetaData ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in MetaData Manag ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6301 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6300 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6299 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6298
	RESERVED
CVE-2013-6297
	RESERVED
CVE-2013-6296
	RESERVED
CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...)
	NOT-FOR-US: PrestaShop
CVE-2013-6294
	RESERVED
CVE-2013-6293
	RESERVED
CVE-2013-6292
	RESERVED
CVE-2013-6291
	RESERVED
CVE-2013-6290
	RESERVED
CVE-2013-6287
	RESERVED
CVE-2013-6286
	RESERVED
CVE-2013-6284 (Unspecified vulnerability in the Statutory Reporting for Insurance (FS ...)
	NOT-FOR-US: Financial Services module for SAP ERP Central Component
CVE-2013-6283 (VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...)
	- vlc 2.1.0-2 (unimportant)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: User-assisted DoS for X session (freezes window manager) in 2.0.3-5
CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kernel be ...)
	- linux 3.6.4-1~experimental.1
	- linux-2.6 <not-affected> (Introduced in 2.6.38)
	[wheezy] - linux 3.2.53-1
	NOTE: https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04
CVE-2013-6281 (Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2013-6280 (Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2013-6279
	RESERVED
CVE-2013-6278
	RESERVED
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
	NOT-FOR-US: QNAP
CVE-2013-6276
	RESERVED
CVE-2013-6274
	RESERVED
CVE-2013-6273
	RESERVED
CVE-2013-6272 (The NotificationBroadcastReceiver class in the com.android.phone proce ...)
	NOT-FOR-US: Android
CVE-2013-6271 (Android 4.0 through 4.3 allows attackers to bypass intended access res ...)
	NOT-FOR-US: Android
CVE-2013-6270
	RESERVED
CVE-2013-6269
	RESERVED
CVE-2013-6268
	RESERVED
CVE-2013-6267 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...)
	NOT-FOR-US: Claroline
CVE-2013-6266
	REJECTED
CVE-2013-6265
	REJECTED
CVE-2013-6264
	REJECTED
CVE-2013-6263
	REJECTED
CVE-2013-6262
	REJECTED
CVE-2013-6261
	REJECTED
CVE-2013-6260
	REJECTED
CVE-2013-6259
	REJECTED
CVE-2013-6258
	REJECTED
CVE-2013-6257
	REJECTED
CVE-2013-6256
	REJECTED
CVE-2013-6255
	REJECTED
CVE-2013-6254
	REJECTED
CVE-2013-6253
	REJECTED
CVE-2013-6252
	REJECTED
CVE-2013-6251
	REJECTED
CVE-2013-6250
	REJECTED
CVE-2013-6249
	REJECTED
CVE-2013-6248
	REJECTED
CVE-2013-6247
	REJECTED
CVE-2013-6246 (The Dell Quest One Password Manager, possibly 5.0, allows remote attac ...)
	NOT-FOR-US: Dell Quest One Password Manager
CVE-2013-6245 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6244 (The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-6289 (Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3  ...)
	NOT-FOR-US: TYPO3 extension Apache Solr
CVE-2013-6288 (Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extensio ...)
	NOT-FOR-US: TYPO3 extension Apache Solr
CVE-2013-6285 (The search component in the Treasurer application in Tyler Technologie ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6275 (Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earl ...)
	- php-horde-ingo 3.1.3-1 (bug #727669)
	- ingo1 <not-affected> (Affected code not present)
CVE-2013-6242 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6240
	RESERVED
CVE-2013-6239 (Cross-site scripting (XSS) vulnerability in the photo gallery model in ...)
	NOT-FOR-US: Exis Contexis
CVE-2013-6238
	RESERVED
CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...)
	NOT-FOR-US: ISL Light
CVE-2013-6236 (IZON IP 2.0.2: hard-coded password vulnerability ...)
	NOT-FOR-US: Stem Innovations IZON
CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...)
	- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
	NOTE: http://seclists.org/bugtraq/2014/Jan/92
CVE-2013-6234 (Unrestricted file upload vulnerability in the Worksheet designer in Sp ...)
	NOT-FOR-US: SpagoBI
CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows  ...)
	NOT-FOR-US: SpagoBI
CVE-2013-6232 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows  ...)
	NOT-FOR-US: SpagoBI
CVE-2013-6231 (SpagoBI before 4.1 has Privilege Escalation via an error in the Adapte ...)
	NOT-FOR-US: SpagoBI
CVE-2013-6230 (The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in  ...)
	- bind9 <not-affected> (Affects only Windows systems)
	NOTE: https://kb.isc.org/article/AA-01062
CVE-2013-6229 (Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail  ...)
	- atmailopen <removed>
CVE-2013-6228
	RESERVED
CVE-2013-6227 (Unrestricted file upload vulnerability in plugins/editor.zoho/agent/sa ...)
	NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer)
CVE-2013-6226 (Directory traversal vulnerability in plugins/editor.zoho/agent/save_zo ...)
	NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
CVE-2013-6225 (LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability ...)
	NOT-FOR-US: LiveZilla
CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...)
	NOT-FOR-US: Livezilla
CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and  ...)
	NOT-FOR-US: Livezilla
CVE-2013-6222 (Cross-site scripting (XSS) vulnerability in the Mobility Web Client an ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP Servic ...)
	NOT-FOR-US: HP Service Virtualization
CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP
CVE-2013-6219 (Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A. ...)
	NOT-FOR-US: HP-UX
CVE-2013-6218 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9. ...)
	NOT-FOR-US: HP
CVE-2013-6217
	REJECTED
CVE-2013-6216 (Unspecified vulnerability in HP Array Configuration Utility, Array Dia ...)
	NOT-FOR-US: HP
CVE-2013-6215 (Unspecified vulnerability in the Integration Service in HP Universal C ...)
	NOT-FOR-US: HP Universal Configuration Management Database Integration Service
CVE-2013-6214 (Unspecified vulnerability in the Integration Service in HP Universal C ...)
	NOT-FOR-US: HP
CVE-2013-6213 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...)
	NOT-FOR-US: HP
CVE-2013-6212 (Unspecified vulnerability in HP Database and Middleware Automation 10. ...)
	NOT-FOR-US: HP
CVE-2013-6211 (Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (V ...)
	NOT-FOR-US: HP StoreOnce
CVE-2013-6210 (Unspecified vulnerability in HP Unified Functional Testing before 12.0 ...)
	NOT-FOR-US: HP Unified Functional Testing
CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-U ...)
	NOT-FOR-US: NFS subsystem in HP HP-UX
CVE-2013-6208 (Unspecified vulnerability in HP Smart Update Manager 5.3.5 before buil ...)
	NOT-FOR-US: HP Smart Update Manager
CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...)
	NOT-FOR-US: HP SiteScope
CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insigh ...)
	NOT-FOR-US: HP
CVE-2013-6205 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insigh ...)
	NOT-FOR-US: HP
CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP D ...)
	NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP D ...)
	NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP Servi ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, 3.5. ...)
	NOT-FOR-US: HP Security Management System
CVE-2013-6200 (Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows ...)
	NOT-FOR-US: HP-UX
CVE-2013-6199
	REJECTED
CVE-2013-6198 (Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier ...)
	NOT-FOR-US: HP Service Manager WebTier and Windows Client
CVE-2013-6197 (Unspecified vulnerability in HP Service Manager WebTier and Windows Cl ...)
	NOT-FOR-US: HP Service Manager WebTier and Windows Client
CVE-2013-6196 (Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 al ...)
	NOT-FOR-US: HP Autonomy Ultraseek
CVE-2013-6195 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: HP Data Protector
CVE-2013-6194 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: HP Data Protector
CVE-2013-6193 (Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pr ...)
	NOT-FOR-US: HP Printers
CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orche ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestratio ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2013-6190
	REJECTED
CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP Applicatio ...)
	NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-6187
	REJECTED
CVE-2013-6186
	REJECTED
CVE-2013-6185
	REJECTED
CVE-2013-6184
	REJECTED
CVE-2013-6183
	REJECTED
CVE-2013-6182 (Unquoted Windows search path vulnerability in EMC Replication Manager  ...)
	NOT-FOR-US: EMC Replication Manager
CVE-2013-6181 (EMC Watch4Net before 6.3 stores cleartext polled-device passwords in t ...)
	NOT-FOR-US: EMC Watch4net
CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness N ...)
	NOT-FOR-US: RSA Security Analytics
CVE-2013-6179
	REJECTED
CVE-2013-6178 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer  ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2013-6177 (Directory traversal vulnerability in EMC Document Sciences xPression 4 ...)
	NOT-FOR-US: EMC
CVE-2013-6176 (Multiple SQL injection vulnerabilities in EMC Document Sciences xPress ...)
	NOT-FOR-US: EMC
CVE-2013-6175 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sc ...)
	NOT-FOR-US: EMC
CVE-2013-6174 (Multiple open redirect vulnerabilities in xAdmin in EMC Document Scien ...)
	NOT-FOR-US: EMC
CVE-2013-6173 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Docu ...)
	NOT-FOR-US: EMC
CVE-2013-6172 (steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x  ...)
	{DSA-2787-1}
	- roundcube 0.9.4-1.1 (bug #727668)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://web.archive.org/web/20160304042345/http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
	NOTE: http://trac.roundcube.net/ticket/1489382
CVE-2013-6171 (checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...)
	- dovecot 1:2.2.9-1 (low; bug #729063)
	[wheezy] - dovecot <no-dsa> (Minor issue)
	[squeeze] - dovecot <no-dsa> (Minor issue)
CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11. ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6169 (The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) we ...)
	{DSA-2775-1}
	- ejabberd 2.1.11-1 (bug #722105)
CVE-2013-6168 (Cross-site scripting (XSS) vulnerability in Zikula Application Framewo ...)
	NOT-FOR-US: Zikula
CVE-2013-6165
	RESERVED
CVE-2013-6164 (SQL injection vulnerability in view/objectDetail.php in Project'Or RIA ...)
	NOT-FOR-US: Project'Or RIA
CVE-2013-6163 (Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (form ...)
	NOT-FOR-US: Project'Or RIA
CVE-2013-6162 (Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail ...)
	NOT-FOR-US: Code-Crafters Ability Mail Server
CVE-2013-6161
	REJECTED
CVE-2013-6160
	REJECTED
CVE-2013-6159
	REJECTED
CVE-2013-6158
	REJECTED
CVE-2013-6157
	REJECTED
CVE-2013-6156
	REJECTED
CVE-2013-6155
	REJECTED
CVE-2013-6154
	REJECTED
CVE-2013-6153
	REJECTED
CVE-2013-6152
	REJECTED
CVE-2013-6151
	REJECTED
CVE-2013-6150
	REJECTED
CVE-2013-6149
	REJECTED
CVE-2013-6148
	REJECTED
CVE-2013-6147
	REJECTED
CVE-2013-6146
	REJECTED
CVE-2013-6145
	REJECTED
CVE-2013-6144
	REJECTED
CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-0 ...)
	NOT-FOR-US: Schneider Electric Telvent SAGE 3030 RTU
CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 201 ...)
	NOT-FOR-US: Schneider Electric ClearSCADA
CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...)
	NOT-FOR-US: op5
CVE-2013-6140
	RESERVED
CVE-2013-6139
	RESERVED
CVE-2013-6138
	RESERVED
CVE-2013-6137
	RESERVED
CVE-2013-6136
	RESERVED
CVE-2013-6135
	RESERVED
CVE-2013-6134
	RESERVED
CVE-2013-6133
	RESERVED
CVE-2013-6132
	RESERVED
CVE-2013-6131
	RESERVED
CVE-2013-6130
	RESERVED
CVE-2013-6128 (The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30. ...)
	NOT-FOR-US: WellinTech KingView
CVE-2013-6127 (The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65. ...)
	NOT-FOR-US: WellinTech KingView
CVE-2013-6126
	REJECTED
CVE-2013-6125
	REJECTED
CVE-2013-6124 (The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Foru ...)
	NOT-FOR-US: Qualcomm (Android)
CVE-2013-6123 (Multiple array index errors in drivers/media/video/msm/server/msm_cam_ ...)
	NOT-FOR-US: Android Linux kernel
CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ker ...)
	NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-6121
	RESERVED
CVE-2013-6120
	RESERVED
CVE-2013-6119
	RESERVED
CVE-2013-6118
	RESERVED
CVE-2013-6117 (Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to byp ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-6116
	RESERVED
CVE-2013-6115
	RESERVED
CVE-2013-6114 (Integer overflow in the OZDocument::parseElement function in Apple Mot ...)
	NOT-FOR-US: Apple Motion
CVE-2013-6113
	RESERVED
CVE-2013-6112
	RESERVED
CVE-2013-6111 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0 ...)
	NOT-FOR-US: mod_pagespeed
CVE-2013-6110
	RESERVED
CVE-2013-6109
	RESERVED
CVE-2013-6108
	RESERVED
CVE-2013-6107
	RESERVED
CVE-2013-6106
	RESERVED
CVE-2013-6105
	RESERVED
CVE-2013-6104
	REJECTED
CVE-2013-6103
	REJECTED
CVE-2013-6102
	REJECTED
CVE-2013-6101
	REJECTED
CVE-2013-6100
	REJECTED
CVE-2013-6099
	REJECTED
CVE-2013-6098
	REJECTED
CVE-2013-6097
	REJECTED
CVE-2013-6096
	REJECTED
CVE-2013-6095
	REJECTED
CVE-2013-6094
	REJECTED
CVE-2013-6093
	REJECTED
CVE-2013-6092
	REJECTED
CVE-2013-6091
	REJECTED
CVE-2013-6090
	REJECTED
CVE-2013-6089
	REJECTED
CVE-2013-6088
	REJECTED
CVE-2013-6087
	REJECTED
CVE-2013-6086
	REJECTED
CVE-2013-6085
	REJECTED
CVE-2013-6084
	REJECTED
CVE-2013-6083
	REJECTED
CVE-2013-6082
	REJECTED
CVE-2013-6081
	REJECTED
CVE-2013-6080
	REJECTED
CVE-2013-6079 (Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allow ...)
	NOT-FOR-US: MostGear Soft Easy LAN Folder Share
CVE-2013-6078 (The default configuration of EMC RSA BSAFE Toolkits and RSA Data Prote ...)
	NOT-FOR-US: EMC RSA
CVE-2013-6077 (Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not pro ...)
	NOT-FOR-US: Citrix XenDesktop
CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a deni ...)
	- strongswan 5.1.0-3
	[squeeze] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
	[wheezy] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
CVE-2013-6075 (The compare_dn function in utils/identification.c in strongSwan 4.3.3  ...)
	{DSA-2789-1}
	- strongswan 5.1.0-3
CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6073
	RESERVED
CVE-2013-6072
	RESERVED
CVE-2013-6071
	RESERVED
CVE-2013-6070
	RESERVED
CVE-2013-6069
	RESERVED
CVE-2013-6068
	RESERVED
CVE-2013-6067
	RESERVED
CVE-2013-6066
	RESERVED
CVE-2013-6065
	RESERVED
CVE-2013-6064
	RESERVED
CVE-2009-5136 (The policy definition evaluator in Condor before 7.4.2 does not proper ...)
	- condor <not-affected> (Fixed before initial upload)
CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ...)
	- openssl <unfixed> (unimportant)
	NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2
CVE-2013-6243 (SQL injection vulnerability in the Landing Pages plugin 1.2.3, before  ...)
	NOT-FOR-US: WordPress Landing Pages Plugin
CVE-2013-6167 (Mozilla Firefox through 27 sends HTTP Cookie headers without first val ...)
	- iceweasel <removed> (unimportant)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
CVE-2013-6166 (Google Chrome before 29 sends HTTP Cookie headers without first valida ...)
	- chromium-browser 31.0.1650.57-1 (low)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=238041
CVE-2013-6129 (The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote at ...)
	NOT-FOR-US: VBulletin
CVE-2013-6063
	RESERVED
CVE-2013-6062
	RESERVED
CVE-2013-6061
	RESERVED
CVE-2013-6060
	RESERVED
CVE-2013-6059
	RESERVED
CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows re ...)
	NOT-FOR-US: appRain CMS
CVE-2013-6057
	RESERVED
CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerabilit ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2013-6055
	REJECTED
CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and  ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-6053 (OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information ...)
	- openjpeg 1.5.2-1 (bug #731237)
	[wheezy] - openjpeg <not-affected> (Only affects 1.5)
	[squeeze] - openjpeg <not-affected> (Only affects 1.5)
CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive i ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-6051 (The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not ...)
	{DSA-2803-1}
	- quagga 0.99.22.4-1 (bug #730513)
	[squeeze] - quagga <not-affected> (Only affects 0.99.21)
CVE-2013-6050 (Integer overflow in Links before 2.8 allows remote attackers to cause  ...)
	{DSA-2807-1}
	- links2 2.8-1
CVE-2013-6049 (apt-listbugs before 0.1.10 creates temporary files insecurely, which a ...)
	- apt-listbugs 0.1.10 (low)
	[squeeze] - apt-listbugs <no-dsa> (Minor issue)
	[wheezy] - apt-listbugs 0.1.8+deb7u1
CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin ...)
	{DSA-2815-1 DLA-20-1}
	- munin 2.0.18-1
	[squeeze] - munin 1.4.5-3+deb6u1
CVE-2013-6047 (Multiple cross-site scripting (XSS) vulnerabilities in the site creati ...)
	- ikiwiki-hosting 0.20131025
	[wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS)
CVE-2013-6046
	RESERVED
CVE-2016-9675 (openjpeg: A heap-based buffer overflow flaw was found in the patch for ...)
	- openjpeg 1.5.2-1
	[wheezy] - openjpeg 1.3+dfsg-4.8
	[squeeze] - openjpeg 1.3+dfsg-4+squeeze3
	NOTE: Introduced as well a regression, cf. https://bugs.debian.org/734238
CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6 ...)
	{DSA-2740-1}
	- python-django 1.5.2-1
CVE-2013-6043 (The login function in Softaculous Webuzo before 2.1.4 provides differe ...)
	NOT-FOR-US: Softaculous Webuzo
CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in t ...)
	NOT-FOR-US: Softaculous Webuzo
CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote attackers t ...)
	NOT-FOR-US: Softaculous Webuzo
CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...)
	NOT-FOR-US: MW6 Technologies
CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP ...)
	NOT-FOR-US: NagiosQL
CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allow ...)
	NOT-FOR-US: Trimble SketchUp Viewer
CVE-2013-6037 (Cross-site scripting (XSS) vulnerability in index.php in Aker Secure M ...)
	NOT-FOR-US: Aker Secure Mail Gateway
CVE-2013-6036
	RESERVED
CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800 ...)
	NOT-FOR-US: Inmarsat broadband satellite terminals
CVE-2013-6034 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800 ...)
	NOT-FOR-US: Inmarsat broadband satellite terminals
CVE-2013-6033 (Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 th ...)
	NOT-FOR-US: Lexmark
CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x befo ...)
	NOT-FOR-US: Lexmark
CVE-2013-6031 (The Huawei E355 adapter with firmware 21.157.37.01.910 does not requir ...)
	NOT-FOR-US: Huawei E355 adapter
CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
	NOT-FOR-US: Emerson Network Power
CVE-2013-6029 (Stack-based buffer overflow in the AT&amp;T Connect Participant Applic ...)
	NOT-FOR-US: AT&T Connect Participant Application
CVE-2013-6028 (Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail W ...)
	NOT-FOR-US: Atmail Webmail Server
CVE-2013-6027 (Stack-based buffer overflow in the RuntimeDiagnosticPing function in / ...)
	NOT-FOR-US: D-Link
CVE-2013-6026 (The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-60 ...)
	NOT-FOR-US: D-Link
CVE-2013-6025 (The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE)  ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6024 (The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, an ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firm ...)
	NOT-FOR-US: TVT TD-2308SS-B DVR
CVE-2013-6022 (A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Gro ...)
	- tikiwiki <removed>
CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8  ...)
	NOT-FOR-US: WatchGuard WSM and Fireware
CVE-2013-6020 (passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends di ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6019 (Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb  ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6018 (Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler  ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6017 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server befo ...)
	NOT-FOR-US: Atmail Webmail Server
CVE-2013-6016 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, E ...)
	NOT-FOR-US: F5
CVE-2013-6015 (Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6014 (Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before  ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6013 (Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 befor ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6012 (Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10. ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachment plu ...)
	NOT-FOR-US: Wordpress Comment-Attachment plugin
CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, wh ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6008
	REJECTED
CVE-2013-6007
	REJECTED
CVE-2013-6006 (Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Ke ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6005 (Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0  ...)
	NOT-FOR-US: Cybozu Dezie
CVE-2013-6004 (Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows re ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6003 (CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, whe ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6002 (The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6001 (SQL injection vulnerability in the Space function in Cybozu Garoon bef ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6000 (Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 all ...)
	NOT-FOR-US: Tattyan HP TOWN
CVE-2013-5999 (Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify ...)
	NOT-FOR-US: Kingsoft KDrive Personal
CVE-2013-5998 (Unspecified vulnerability in the Web manager implementation on D-Link  ...)
	NOT-FOR-US: D-Link
CVE-2013-5997 (Unspecified vulnerability in the SSH implementation on D-Link Japan DE ...)
	NOT-FOR-US: D-Link
CVE-2013-5996 (Multiple cross-site scripting (XSS) vulnerabilities in shopping/paymen ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5995 (data/class/helper/SC_Helper_Address.php in the front-features implemen ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5994 (data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-C ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5993 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11 ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5992 (Cross-site scripting (XSS) vulnerability in the displaySystemError fun ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5991 (The displaySystemError function in html/handle_error.php in LOCKON EC- ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; I ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2013-5989
	REJECTED
CVE-2013-5988 (A Cross-site Scripting (XSS) vulnerability exists in the All in One SE ...)
	NOT-FOR-US: All in One SEO Pack plugin for WordPress
CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325,  ...)
	- nvidia-graphics-drivers 304.117-1 (bug #735271)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3377
CVE-2013-5986 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325,  ...)
	- nvidia-graphics-drivers 304.117-1 (bug #735271)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3377
CVE-2013-5985
	RESERVED
CVE-2013-5984 (Directory traversal vulnerability in userfiles/modules/admin/backup/de ...)
	NOT-FOR-US: Microweber
CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4. ...)
	NOT-FOR-US: GuppY
CVE-2013-5982
	RESERVED
CVE-2013-5981
	RESERVED
CVE-2013-5980
	RESERVED
CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x before  ...)
	NOT-FOR-US: Xibo
CVE-2013-5978 (Multiple cross-site scripting (XSS) vulnerabilities in products.php in ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php i ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout p ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 throu ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5974
	REJECTED
CVE-2013-5973 (VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to r ...)
	NOT-FOR-US: VMware ESXi and ESX
CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 ...)
	NOT-FOR-US: VMware
CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in VMw ...)
	NOT-FOR-US: VMware vSphere
CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allo ...)
	NOT-FOR-US: VMware ESXi and ESX
CVE-2013-5969
	RESERVED
CVE-2013-5968 (Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through ...)
	NOT-FOR-US: CA SiteMinder
CVE-2013-5967 (Multiple SQL injection vulnerabilities in AlienVault Open Source Secur ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2013-5966 (Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 ...)
	NOT-FOR-US: ZK Framework
CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal doe ...)
	NOT-FOR-US: Drupal addon
CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
	NOT-FOR-US: Drupal addon
CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple Dropbox  ...)
	NOT-FOR-US: WordPress plugin Simple Dropbox Upload
CVE-2013-5962 (Unrestricted file upload vulnerability in frames/upload-images.php in  ...)
	NOT-FOR-US: Complete Gallery Manager plugin for Wordpress
CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO  ...)
	NOT-FOR-US: WordPress plugin Lazy SEO
CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption imple ...)
	NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2. ...)
	NOT-FOR-US: Symfony
	TODO: Check if php-symfony-polyfill/1.17.0-1 needs to be tracked
CVE-2013-5957 (Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location. ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php  ...)
	NOT-FOR-US: Joomla plugin
CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the PBBookin ...)
	NOT-FOR-US: Joomla plugin
CVE-2013-5954 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...)
	NOT-FOR-US: OpenX
CVE-2013-5953 (Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_edi ...)
	NOT-FOR-US: Joomla component multi calendar
CVE-2013-5952 (Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (c ...)
	NOT-FOR-US: Joomla component Freichat
CVE-2013-5951 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3 ...)
	{DSA-2882-1}
	- extplorer <removed> (bug #741908)
	NOTE: http://seclists.org/fulldisclosure/2014/Mar/273
CVE-2013-5950
	RESERVED
CVE-2013-5949
	RESERVED
CVE-2013-5948 (The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC ...)
	NOT-FOR-US: ASUS router
CVE-2013-5947
	RESERVED
CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with fir ...)
	NOT-FOR-US: D-Link
CVE-2013-5945 (Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware ...)
	NOT-FOR-US: D-Link
CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches with firm ...)
	NOT-FOR-US: web server on Siemens switches
CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2  ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...)
	- graphite-web 0.9.12+debian-1
CVE-2013-5942 (Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely,  ...)
	- graphite-web 0.9.12+debian-1
CVE-2013-5941
	RESERVED
CVE-2013-5940
	RESERVED
CVE-2013-5939 (Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook m ...)
	NOT-FOR-US: PHPCMS
CVE-2013-5938 (Cross-site scripting (XSS) vulnerability in the Click2Sell Suite modul ...)
	NOT-FOR-US: Click2Sell Suite Drupal contributed module
CVE-2013-5937 (Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suit ...)
	NOT-FOR-US: Click2Sell Suite Drupal contributed module
CVE-2013-5936 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2- ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5935 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2- ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5934 (Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2- ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5933 (Stack-based buffer overflow in the sub_E110 function in init in a cert ...)
	NOT-FOR-US: Motorola
CVE-2013-5932 (Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Securi ...)
	NOT-FOR-US: Sophos UTM
CVE-2013-5931 (SQL injection vulnerability in property_listings_detail.php in Real Es ...)
	NOT-FOR-US: Real Estate PHP Script
CVE-2013-5930 (Cross-site scripting (XSS) vulnerability in search_residential.php in  ...)
	NOT-FOR-US: Real Estate PHP Script
CVE-2013-5929
	RESERVED
CVE-2013-5928
	RESERVED
CVE-2013-5927
	RESERVED
CVE-2013-5926
	RESERVED
CVE-2013-5925
	RESERVED
CVE-2013-5924
	RESERVED
CVE-2013-5923
	RESERVED
CVE-2013-5922
	RESERVED
CVE-2013-5921
	RESERVED
CVE-2013-5920
	RESERVED
CVE-2013-5919 (Suricata before 1.4.6 allows remote attackers to cause a denial of ser ...)
	- suricata 2.0-1 (bug #751658)
	[wheezy] - suricata <no-dsa> (Minor issue)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/commit/cd80dcbfd4616582daa39fa56960208ee8e23262
CVE-2013-5918 (Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in t ...)
	NOT-FOR-US: Platinum SEO plugin for WordPress
CVE-2013-5917 (SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI  ...)
	NOT-FOR-US: NOSpam PTIa plugin for Wordpress
CVE-2013-5916 (Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco  ...)
	NOT-FOR-US: WordPress plugin wp-e-commerce
CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly  ...)
	{DSA-2782-1}
	- polarssl 1.3.1-1 (bug #725359)
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarS ...)
	{DSA-2782-1}
	- polarssl 1.2.0-1 (bug #725359)
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04
CVE-2013-5913 (Cross-site scripting (XSS) vulnerability in the getRecommSearch functi ...)
	NOT-FOR-US: OXID eShop
CVE-2013-5912 (VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server  ...)
	NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server
CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable Sec ...)
	NOT-FOR-US: Tenable SecurityCenter
CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Emb ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5908 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2013-5907 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5906 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 all ...)
	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-5905 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 all ...)
	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-5904 (Unspecified vulnerability in Oracle Java SE 7u45 allows remote attacke ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5903
	REJECTED
CVE-2013-5902 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5901 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5900 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5899 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5898 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5897 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5896 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5895 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 all ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5894 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5893 (Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded  ...)
	- openjdk-6 <not-affected> (Only affects OpenJDK 7)
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5892 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2848-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2013-5890 (Unspecified vulnerability in the Oracle Payroll component in Oracle E- ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-5889 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5888 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when runnin ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5887 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5886 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to af ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5882 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5881 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5880 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5879 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5878 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Emb ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5877 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5876 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5875 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5874 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-5873 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5872 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5871 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Pro ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2013-5870 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 all ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5869 (Unspecified vulnerability in the Oracle WebCenter Portal component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5868 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Pro ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2013-5867 (Unspecified vulnerability in the Siebel Core - Server Infrastructure c ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5866 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2013-5865 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2013-5864 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...)
	NOT-FOR-US: Solaris
CVE-2013-5863 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote attacke ...)
	NOT-FOR-US: Solaris
CVE-2013-5862 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...)
	NOT-FOR-US: Solaris
CVE-2013-5861 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote attacke ...)
	NOT-FOR-US: Solaris
CVE-2013-5860 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5859 (Unspecified vulnerability in the Instantis EnterpriseTrack component i ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2013-5858 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5857 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-5856 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-5855 (Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not per ...)
	- mojarra 2.2.8-1 (low; bug #740586)
	[squeeze] - mojarra <no-dsa> (Minor issue)
	[wheezy] - mojarra <no-dsa> (Minor issue)
	NOTE: https://java.net/jira/browse/JAVASERVERFACES-3150
	NOTE: https://java.net/projects/mojarra/sources/svn/revision/12793
CVE-2013-5854 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaF ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5853 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5852 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5851 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java  ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5850 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5849 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5848 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5847 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eCompensat ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5846 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and Java ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5845 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle iLearning
CVE-2013-5844 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaF ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5843 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5842 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5841 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5840 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5839 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2013-5838 (Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5837 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...)
	NOT-FOR-US: Solaris
CVE-2013-5836 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5835 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5834 (Unspecified vulnerability in Oracle Solaris 8 allows local users to af ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5833 (Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5832 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5831 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5830 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5829 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5828 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5827 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5826 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5825 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5824 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5823 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d
CVE-2013-5822 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle iLearning
CVE-2013-5821 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5820 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5819 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5818 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5817 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics component i ...)
	NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5813 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5812 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5811 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-5810 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaF ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5809 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5808 (Unspecified vulnerability in the Oracle iPlanet Web Proxy Server compo ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5807 (Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32  ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5806 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java  ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 7u45-2.4.3-1
	NOTE: openjdk-7 package mentioned this CVE, specifc to Mac OS X?
CVE-2013-5805 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java  ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 7u45-2.4.3-1
	NOTE: openjdk-7 package mentioned this CVE, specific to MacOS X?
CVE-2013-5804 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1 (unimportant)
	- openjdk-7 7u45-2.4.3-1 (unimportant)
	NOTE: Javadoc comments can contain arbitrary HTML
CVE-2013-5803 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/0b84d3b434c2
CVE-2013-5802 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5801 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5800 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java  ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5799 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5798 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5797 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5796 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5795 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5794 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5793 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5792 (Unspecified vulnerability in the Techstack component in Oracle E-Busin ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-5791 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5790 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5789 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5788 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5787 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5786 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier al ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5785 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5784 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5783 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/2790e9ace697
CVE-2013-5782 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5781 (Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running ...)
	NOT-FOR-US: Oracle PARC Enterprise
CVE-2013-5780 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE  ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5779 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5778 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5777 (Unspecified vulnerability in the Java SE and JavaFX components in Orac ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5776 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5775 (Unspecified vulnerability in the Java SE and JavaFX components in Orac ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5774 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5773 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5772 (Unspecified vulnerability in the Java SE component in Oracle Java SE J ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5771 (Unspecified vulnerability in the XML Parser component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5770 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5769 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5768 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5767 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5766 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5764 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in Oracl ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script  ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-5760 (QNAP Photo Station before firmware 4.0.3 build0912 allows remote attac ...)
	NOT-FOR-US: QNAP firmware
CVE-2013-5759
	REJECTED
CVE-2013-5758 (cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote aut ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5757 (Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G a ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5756 (Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allow ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5755 (config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password ...)
	NOT-FOR-US: Yealink IP Phone
CVE-2013-5754 (The authorization implementation on Dahua DVR appliances accepts a has ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-5753
	RESERVED
CVE-2013-5752
	RESERVED
CVE-2013-5751 (Directory traversal vulnerability in SAP NetWeaver 7.x allows remote a ...)
	NOT-FOR-US: SAP NetWeaver 7.x
CVE-2013-5750 (The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3 ...)
	NOT-FOR-US: FriendsOfSymfony FOSUserBundle
CVE-2013-5749 (Cross-site scripting (XSS) vulnerability in management/prioritize_plan ...)
	NOT-FOR-US: SimpleRisk
CVE-2013-5748 (Cross-site request forgery (CSRF) vulnerability in management/prioriti ...)
	NOT-FOR-US: SimpleRisk
CVE-2013-5747
	RESERVED
CVE-2013-5746
	RESERVED
CVE-2013-5744 (Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and e ...)
	NOT-FOR-US: Feng Office
CVE-2013-5743 (Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc ...)
	- zabbix 1:2.0.8+dfsg-2
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2013-5742
	RESERVED
CVE-2013-5741 (Triangle Research International (aka Tri) Nano-10 PLC devices with fir ...)
	NOT-FOR-US: Triangle Research International Nano-10 PLC
CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...)
	- vino 3.10.1-1 (low; bug #724545)
	[wheezy] - vino <no-dsa> (Minor issue)
	[squeeze] - vino <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2013/Sep/105
CVE-2013-5740 (Unspecified vulnerability in the Intel Trusted Execution Technology (T ...)
	NOT-FOR-US: Intel Trusted Execution Technology
CVE-2013-5739 (The default configuration of WordPress before 3.6.1 does not prevent u ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1
CVE-2013-5738 (The get_allowed_mime_types function in wp-includes/functions.php in Wo ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1
CVE-2013-5737
	RESERVED
CVE-2013-5736
	RESERVED
CVE-2013-5735
	RESERVED
CVE-2013-5734
	RESERVED
CVE-2013-5733
	RESERVED
CVE-2013-5732
	RESERVED
CVE-2013-5731
	RESERVED
CVE-2013-5730 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
	NOT-FOR-US: D-Link
CVE-2013-5729
	RESERVED
CVE-2013-5728
	RESERVED
CVE-2013-5727
	RESERVED
CVE-2013-5726 (Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not requir ...)
	NOT-FOR-US: Tweetbot for iOS and Mac
CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require conf ...)
	NOT-FOR-US: Byword for iOS
CVE-2013-5724 (Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permis ...)
	{DSA-2752-1}
	- phpbb3 3.0.11-4 (bug #711172)
CVE-2013-5723 (SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attack ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-5716 (Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remot ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2013-5715 (Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has uns ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2013-5714 (Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php ...)
	NOT-FOR-US: WordPress plugin videowhisper-live-streaming-integration
CVE-2013-5713
	RESERVED
CVE-2013-5712
	RESERVED
CVE-2013-5711 (Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthro ...)
	NOT-FOR-US: Design-approval-system Plugin for WordPress
CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x bef ...)
	{DSA-2756-1}
	- wireshark 1.10.2-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-59.html
CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ di ...)
	{DLA-497-1}
	- wireshark 1.10.2-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-58.html
CVE-2013-5720 (Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 ...)
	{DSA-2756-1}
	- wireshark 1.10.2-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-57.html
CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark ...)
	{DLA-497-1}
	- wireshark 1.10.2-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-56.html
CVE-2013-5718 (The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in ...)
	{DSA-2756-1}
	- wireshark 1.10.2-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-55.html
CVE-2013-5717 (The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does ...)
	- wireshark 1.10.2-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-54.html
CVE-2013-5710 (The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel  ...)
	{DSA-2769-1}
	- kfreebsd-9 9.2~svn255465-1 (bug #722337)
	- kfreebsd-8 <removed>
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5709 (The authentication implementation in the web server on Siemens SCALANC ...)
	NOT-FOR-US: Siemens SCALANCE X-200
CVE-2013-5708 (Coursemill Learning Management System (LMS) 6.8 constructs secret toke ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5707 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Lear ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5706 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Lear ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5705 (apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attack ...)
	{DSA-2991-1 DLA-34-1}
	- modsecurity-apache 2.7.7-1
	- libapache-mod-security <removed>
	[squeeze] - libapache-mod-security 2.5.12-1+squeeze4
	NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
	NOTE: http://martin.swende.se/blog/HTTPChunked.html
CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote  ...)
	{DLA-71-1}
	- apache2 2.4.10-2 (medium)
	[wheezy] - apache2 2.2.22-13+deb7u4
	NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
	NOT-FOR-US: DrayTek Vigor 2700 router
CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in Wa ...)
	NOT-FOR-US: Watchguard Server Center
CVE-2013-5701 (Multiple untrusted search path vulnerabilities in (1) Watchguard Log C ...)
	NOT-FOR-US: Watchguard Server Center
CVE-2013-5700 (The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x befor ...)
	- bitcoin 0.8.4-1
	NOTE: https://bitcointalk.org/index.php?topic=287351.0
CVE-2013-5699
	RESERVED
CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and  ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting  ...)
	- libapache-mod-acct <removed>
CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make i ...)
	- glpi 0.84.2-1 (unimportant; bug #723837)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-5695 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before  ...)
	NOT-FOR-US: Ops View
CVE-2013-5694 (SQL injection vulnerability in status/service/acknowledge in Opsview b ...)
	NOT-FOR-US: Ops View
CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5  ...)
	NOT-FOR-US: X2CRM
CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows  ...)
	NOT-FOR-US: X2CRM
CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeB ...)
	{DSA-2769-1}
	- kfreebsd-9 9.2~svn255465-1 (bug #722338)
	- kfreebsd-8 <removed>
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...)
	NOT-FOR-US: RiskNet Acquirer
CVE-2013-5686
	RESERVED
CVE-2013-5685
	RESERVED
CVE-2013-5684
	RESERVED
CVE-2013-5683
	RESERVED
CVE-2013-5682
	RESERVED
CVE-2013-5681
	RESERVED
CVE-2013-5680 (Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, w ...)
	- hylafax <not-affected> (Not built with LDAP support)
	NOTE: http://www.securityfocus.com/archive/1/528943/30/0/threaded
CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption imple ...)
	NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5678
	RESERVED
CVE-2013-5677
	RESERVED
CVE-2013-5676 (The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authent ...)
	NOT-FOR-US: SonarQube Jenkins plugin
CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not properly han ...)
	- moodle 2.5.2-1
	[squeeze] - moodle <not-affected> (Only affects 2.5.x)
CVE-2013-5669 (The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext crede ...)
	NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5668 (The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5 ...)
	NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5667 (The Thecus NAS server N8800 with firmware 5.03.01 allows remote attack ...)
	NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...)
	- kfreebsd-9 9.2~svn255465-1 (bug #722336)
	[wheezy] - kfreebsd-9 <not-affected> (Only affects 9.2.x)
CVE-2013-5665
	RESERVED
CVE-2013-5664 (Cross-site scripting (XSS) vulnerability in the web-based device-manag ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5663 (The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5662
	RESERVED
CVE-2013-5661 (Cache Poisoning issue exists in DNS Response Rate Limiting. ...)
	NOTE: DNS protocol flaw
	NOTE: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html
	NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/
CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote attack ...)
	NOT-FOR-US: Power Software WinArchiver
CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...)
	NOT-FOR-US: Wiz
CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...)
	NOT-FOR-US: AultWare pwStore
CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request ...)
	NOT-FOR-US: AultWare pwStore
CVE-2013-5656 (FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability ...)
	NOT-FOR-US: FuzeZip
CVE-2012-6632 (Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill  ...)
	NOT-FOR-US: Vessio NetBill
CVE-2012-6631 (Cross-site request forgery (CSRF) vulnerability in accounts/admin/inde ...)
	NOT-FOR-US: Vessio NetBill
CVE-2012-6630 (Multiple cross-site scripting (XSS) vulnerabilities in the Media Libra ...)
	NOT-FOR-US: WordPress plugin Media Library Categories
CVE-2012-6629 (Multiple cross-site request forgery (CSRF) vulnerabilities in the News ...)
	NOT-FOR-US: WordPress plugin Newsletter Manager
CVE-2012-6628 (Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter  ...)
	NOT-FOR-US: WordPress plugin Newsletter Manager
CVE-2012-6627 (Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the ...)
	NOT-FOR-US: WordPress plugin Newsletter Manager
CVE-2012-6626 (SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows re ...)
	NOT-FOR-US: b2ePMS
CVE-2012-6625 (SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress ...)
	NOT-FOR-US: WordPress plugin WP Forum Server
CVE-2012-6624 (Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plu ...)
	NOT-FOR-US: WordPress plugin SoundCloud Is Gold
CVE-2012-6623 (Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php ...)
	NOT-FOR-US: WordPress plugin ForumPress WP Forum Server
CVE-2012-6622 (Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-adm ...)
	NOT-FOR-US: WordPress plugin ForumPress WP Forum Server
CVE-2012-6606 (Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does no ...)
	NOT-FOR-US: alo Alto Networks GlobalProtect
CVE-2012-6605 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6604 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6603 (The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0. ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6602 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6601 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6600 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6599 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6598 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6597 (Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows  ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6596 (Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 st ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6595 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6594 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6593 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows  ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6592 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows  ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6591 (The device-management command-line interface in Palo Alto Networks PAN ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6590 (The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before  ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5689 [Arbitrary File Upload]
	REJECTED
CVE-2013-5688 (Multiple directory traversal vulnerabilities in index.php in AjaXplore ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2013-5675
	RESERVED
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-4298 (The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8- ...)
	{DSA-2750-1}
	- imagemagick 8:6.7.7.10-6 (bug #721273)
	[squeeze] - imagemagick <not-affected> (Code not vulnerable)
CVE-2013-5673 (SQL injection vulnerability in testimonial.php in the IndiaNIC Testimo ...)
	NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress
CVE-2013-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Indi ...)
	NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress
CVE-2013-5671 (lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for R ...)
	NOT-FOR-US: fog-dragonfly Ruby Gem
CVE-2013-5670 (Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php  ...)
	- serendipity <not-affected> (Spellcheck plugin not included in 1.5.x)
CVE-2013-5653 (The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (low; bug #839118)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
CVE-2013-5652
	RESERVED
CVE-2013-5650 (Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7 ...)
	NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2013-5649 (Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos P ...)
	NOT-FOR-US: Juniper
CVE-2013-5655 (Directory traversal vulnerability in the FTP server in YingZhi Python  ...)
	NOT-FOR-US: YingZhi Python for iOS
CVE-2013-5654 (Vulnerability in YingZhi Python Programming Language v1.9 allows arbit ...)
	NOT-FOR-US: YingZhi Python for iOS
CVE-2013-5651 (The virBitmapParse function in util/virbitmap.c in libvirt before 1.1. ...)
	- libvirt 1.1.2~rc1-1
	[jessie] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
	[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
	[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
	NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
CVE-2013-5646 (Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git  ...)
	- roundcube <not-affected> (Unclear, 0.9.2 reported not affected, all other issues covered by CVE-2013-5645)
CVE-2013-5645 (Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webma ...)
	- roundcube 0.9.4-1 (bug #721592)
	[wheezy] - roundcube <no-dsa> (Minor issue)
	[squeeze] - roundcube <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20160311164159/http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github
	NOTE: http://web.archive.org/web/20160311132902/http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
	NOTE: http://trac.roundcube.net/ticket/1489251
CVE-2013-5644
	RESERVED
CVE-2013-5643
	REJECTED
CVE-2013-5640 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote att ...)
	NOT-FOR-US: Gnew
CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 an ...)
	NOT-FOR-US: Gnew
CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile funct ...)
	- libdigidoc <not-affected> (Fixed before initial upload to the archive)
CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote a ...)
	NOT-FOR-US: Sounder Ruby Gem
CVE-2013-5642 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1 ...)
	{DSA-2749-1}
	- asterisk 1:11.5.1~dfsg-1 (bug #721220)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-005.html
CVE-2013-5641 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1 ...)
	{DSA-2749-1}
	- asterisk 1:11.5.1~dfsg-1 (bug #721220)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-004.html
CVE-2013-5638 (Transcend WiFiSD 1.8 has persistent XSS ...)
	NOT-FOR-US: Transcend WiFiSD
CVE-2013-5637 (PQI AirCard has persistent XSS ...)
	NOT-FOR-US: PQI AirCard
CVE-2013-5636 (Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Se ...)
	NOT-FOR-US: Check Point Endpoint Security
CVE-2013-5635 (Media Encryption EPM Explorer in Check Point Endpoint Security through ...)
	NOT-FOR-US: Check Point Endpoint Security
CVE-2013-5633
	REJECTED
CVE-2013-5632
	REJECTED
CVE-2013-5631
	REJECTED
CVE-2013-5630
	REJECTED
CVE-2013-5629
	REJECTED
CVE-2013-5628
	REJECTED
CVE-2013-5627
	REJECTED
CVE-2013-5626
	REJECTED
CVE-2013-5625
	REJECTED
CVE-2013-5624
	REJECTED
CVE-2013-5623
	REJECTED
CVE-2013-5622
	REJECTED
CVE-2013-5621
	REJECTED
CVE-2013-5620
	REJECTED
CVE-2013-5619 (Multiple integer overflows in the binary-search implementation in Spid ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
	- iceape <not-affected> (Only affects Firefox 25)
CVE-2013-5618 (Use-after-free vulnerability in the nsNodeUtils::LastRelease function  ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5617
	RESERVED
CVE-2013-5616 (Use-after-free vulnerability in the nsEventListenerManager::HandleEven ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5615 (The JavaScript implementation in Mozilla Firefox before 26.0, Firefox  ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5614 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly  ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
CVE-2013-5613 (Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove  ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5612 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26. ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
CVE-2013-5611 (Mozilla Firefox before 26.0 does not properly remove the Application I ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
CVE-2013-5610 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
	- iceape <not-affected> (Only affects Firefox 25)
	- icedove <not-affected> (Only affects Firefox 25)
CVE-2013-5609 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5608
	RESERVED
CVE-2013-5607 (Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape  ...)
	{DSA-2820-1}
	- nspr 2:4.10.2-1
CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Netw ...)
	{DSA-2994-1 DLA-23-1}
	- nss 2:3.15.3-1 (bug #735105)
	[squeeze] - nss 3.12.8-1+squeeze8
CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 be ...)
	{DSA-2800-1}
	- nss 2:3.15.3-1
CVE-2013-5604 (The txXPathNodeUtils::getBaseURI function in the XSLT processor in Moz ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.10-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
	- iceape <removed>
CVE-2013-5603 (Use-after-free vulnerability in the nsContentUtils::ContentIsHostInclu ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5602 (The Worker::SetEventListener function in the Web workers implementatio ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5601 (Use-after-free vulnerability in the nsEventListenerManager::SetEventHa ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.10-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5600 (Use-after-free vulnerability in the nsIOService::NewChannelFromURIWith ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5599 (Use-after-free vulnerability in the nsIPresShell::GetPresContext funct ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5598 (PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox >=24)
	- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5597 (Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad fu ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5596 (The cycle collection (CC) implementation in Mozilla Firefox before 25. ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5595 (The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5594 (Mozilla Firefox before 25 allows modification of anonymous content of  ...)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=914618
CVE-2013-5593 (The SELECT element implementation in Mozilla Firefox before 25.0, Fire ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5592 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox >=24)
	- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5591 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox >=24)
	- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5590 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5634 (arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (KVM for arm introduced in 3.9)
	- linux-2.6 <not-affected> (KVM for arm introduced in 3.9)
CVE-2013-5586 (Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki bef ...)
	NOT-FOR-US: WikkaWiki
CVE-2013-5585
	RESERVED
CVE-2013-5584
	RESERVED
CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in libraries/idna_convert/exa ...)
	NOT-FOR-US: Joomla!
CVE-2013-5582 (Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory loc ...)
	NOT-FOR-US: Ammyy Admin
CVE-2013-5581
	REJECTED
CVE-2013-5579
	RESERVED
CVE-2013-5578 (Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO Active ...)
	NOT-FOR-US: StarUML
CVE-2013-5577
	RESERVED
CVE-2013-5574
	RESERVED
CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatt ...)
	- jenkins 1.565.2-1 (bug #732708)
	NOTE: http://seclists.org/fulldisclosure/2013/Dec/159
CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bi ...)
	- zabbix 1:2.2.2+dfsg-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2013/Sep/151
	NOTE: Non-issue
CVE-2013-5571 (HMailServer 5.3.x and prior: Memory Corruption which could cause DOS ...)
	NOT-FOR-US: HMailServer
CVE-2013-5570 (Cross-site scripting (XSS) vulnerability in the Javascript and CSS Opt ...)
	NOT-FOR-US: TYPO3 extension (js_css_optimizer)
CVE-2013-5569 (SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO ...)
	NOT-FOR-US: TYPO3 extension
CVE-2012-6589 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Busines ...)
	NOT-FOR-US: MYRE Business Directory
CVE-2012-6588 (SQL injection vulnerability in links.php in MYRE Business Directory al ...)
	NOT-FOR-US: MYRE Business Directory
CVE-2012-6587 (Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_me ...)
	NOT-FOR-US: MYRE Vacation Rental
CVE-2012-6586 (Multiple SQL injection vulnerabilities in MYRE Vacation Rental Softwar ...)
	NOT-FOR-US: MYRE Vacation Rental
CVE-2012-6585 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty  ...)
	NOT-FOR-US: MYRE Realty Manager
CVE-2012-6584 (Multiple SQL injection vulnerabilities in MYRE Realty Manager allow re ...)
	NOT-FOR-US: MYRE Realty Manager
CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1 ...)
	NOT-FOR-US: Imagemenu Drupal contributed module
CVE-2010-5291 (Amberdms Billing System (ABS) before 1.4.1 does not properly implement ...)
	NOT-FOR-US: Amberdms Billing System
CVE-2010-5289 (Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Po ...)
	NOT-FOR-US: IncrediMail
CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earl ...)
	{DSA-2747-1}
	- cacti 0.8.8b+dfsg-3
CVE-2013-5588 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b an ...)
	{DSA-2747-1}
	- cacti 0.8.8b+dfsg-3
CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x b ...)
	{DSA-2671-1}
	- request-tracker3.8 <not-affected> (only covers the issues in 4.x)
	- request-tracker4 4.0.12-2 (bug #709836)
	NOTE: This is covered by the patches applied for CVE-2013-3371 in DSA-2760 and DSA-2761.
	NOTE: NVD explicitly mentions CVE-2013-5587 only for the RT 4.x series.
	NOTE: patch for 3.8.17: https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17
	NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
	NOTE: still not clear why the split was done, but confirmed by upstream that this issue
	NOTE: is covered by the fixes applied for CVE-2013-3371
CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in c ...)
	- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
	NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the media mana ...)
	NOT-FOR-US: Joomla!
CVE-2013-5575
	REJECTED
CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance (A ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5567 (Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier,  ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-5566 (Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attacker ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-5565 (The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers t ...)
	NOT-FOR-US: Cisco
CVE-2013-5564 (The Java process in the Impact server in Cisco Prime Central for Hoste ...)
	NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution
CVE-2013-5563 (Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp i ...)
	NOT-FOR-US: Cisco CS-MARS
CVE-2013-5562 (The ITM web server in Cisco Prime Central for Hosted Collaboration Sol ...)
	NOT-FOR-US: Cisco
CVE-2013-5561 (The Safe Search enforcement feature in Cisco Adaptive Security Applian ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5560 (The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Sof ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5559 (Buffer overflow in the Active Template Library (ATL) framework in the  ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 befor ...)
	NOT-FOR-US: Cisco
CVE-2013-5557 (The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in C ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5556 (The license-installation module on the Cisco Nexus 1000V switch 4.2(1) ...)
	NOT-FOR-US: Cisco
CVE-2013-5555 (Cisco Unified Communications Manager (aka CUCM or Unified CM) allows r ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in t ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5552 (Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) d ...)
	NOT-FOR-US: Cisco
CVE-2013-5551 (Cisco Adaptive Security Appliance (ASA) Software, when certain same-se ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5550 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-5549 (Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented  ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-5548 (The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is use ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5547 (Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5546 (The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 b ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5545 (The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5544 (The VPN authentication functionality in Cisco Adaptive Security Applia ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5543 (Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devic ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5542 (Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2),  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5541 (Cross-site scripting (XSS) vulnerability in the file-upload interface  ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5540 (The file-upload feature in Cisco Identity Services Engine (ISE) allows ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5539 (The upload-dialog implementation in Cisco Identity Services Engine (IS ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5538 (The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak p ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5537 (The web framework on Cisco Web Security Appliance (WSA), Email Securit ...)
	NOT-FOR-US: Cisco
CVE-2013-5536 (Cisco Secure Access Control System (ACS) does not properly implement a ...)
	NOT-FOR-US: Cisco
CVE-2013-5535 (The analytics page on Cisco Video Surveillance 4000 IP cameras has har ...)
	NOT-FOR-US: Cisco Video Surveillance 4000 IP cameras
CVE-2013-5534 (Directory traversal vulnerability in the attachment service in the Voi ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2013-5533 (The image-upgrade functionality on Cisco 9900 Unified IP phones allows ...)
	NOT-FOR-US: Cisco
CVE-2013-5532 (Buffer overflow in the web-application interface on Cisco 9900 IP phon ...)
	NOT-FOR-US: Cisco
CVE-2013-5531 (Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote at ...)
	NOT-FOR-US: Cisco
CVE-2013-5530 (The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1. ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5529 (The deployment module in the server in Cisco WebEx Meeting Center does ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-5528 (Directory traversal vulnerability in the Tomcat administrative web int ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-5527 (The OSPF functionality in Cisco IOS and IOS XE allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2013-5526 (Cisco 9900 fourth-generation IP phones do not properly perform SDP neg ...)
	NOT-FOR-US: Cisco
CVE-2013-5525 (SQL injection vulnerability in the web framework in Cisco Identity Ser ...)
	NOT-FOR-US: Cisco
CVE-2013-5524 (Cross-site scripting (XSS) vulnerability in the troubleshooting page i ...)
	NOT-FOR-US: Cisco
CVE-2013-5523 (The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and ear ...)
	NOT-FOR-US: Cisco
CVE-2013-5522 (Cisco IOS on Catalyst 3750X switches has default Service Module creden ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5521 (Cisco Identity Services Engine does not properly restrict the creation ...)
	NOT-FOR-US: Cisco
CVE-2013-5520
	RESERVED
CVE-2013-5519 (Cross-site scripting (XSS) vulnerability in the management interface o ...)
	NOT-FOR-US: Cisco
CVE-2013-5518
	RESERVED
CVE-2013-5517 (SQL injection vulnerability in the web framework in Cisco Unified Comm ...)
	NOT-FOR-US: Cisco
CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence Multipoint Swi ...)
	NOT-FOR-US: Cisco
CVE-2013-5515 (The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (A ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5514
	RESERVED
CVE-2013-5513 (Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5512 (Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cis ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5511 (The Adaptive Security Device Management (ASDM) remote-management featu ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5510 (The remote-access VPN implementation in Cisco Adaptive Security Applia ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5509 (The SSL implementation in Cisco Adaptive Security Appliance (ASA) Soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5508 (The SQL*Net inspection engine in Cisco Adaptive Security Appliance (AS ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5507 (The IPsec implementation in Cisco Adaptive Security Appliance (ASA) So ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5506 (The authorization functionality in Cisco Firewall Services Module (FWS ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2013-5505 (Cross-site scripting (XSS) vulnerability in an administration page in  ...)
	NOT-FOR-US: Cisco
CVE-2013-5504 (Cross-site scripting (XSS) vulnerability in the Mobile Device Manageme ...)
	NOT-FOR-US: Cisco
CVE-2013-5503 (The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon ...)
	NOT-FOR-US: Cisco
CVE-2013-5502 (The web interface in Cisco MediaSense does not properly protect the cl ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2013-5501 (Cross-site scripting (XSS) vulnerability in the oraservice page in Cis ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2013-5500 (Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin se ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2013-5499 (The remember feature in the DHCP server in Cisco IOS allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2013-5498 (The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-5497 (The authentication manager process in the web framework in Cisco Intru ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote  ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-5495 (Cross-site scripting (XSS) vulnerability in the web framework in the A ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-5494 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-5493 (The diagnostic module in the firmware on Cisco Virtualization Experien ...)
	NOT-FOR-US: Cisco
CVE-2013-5492 (administration.jsp in Cisco SocialMiner allows remote attackers to obt ...)
	NOT-FOR-US: Cisco
CVE-2013-5491
	RESERVED
CVE-2013-5490 (Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows re ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5489 (The gadget implementation in Cisco SocialMiner does not properly restr ...)
	NOT-FOR-US: Cisco
CVE-2013-5488 (Cisco Common Services, as used in Cisco Prime LAN Management Solution  ...)
	NOT-FOR-US: Cisco
CVE-2013-5487 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) befo ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5486 (Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN  ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5485
	RESERVED
CVE-2013-5484
	RESERVED
CVE-2013-5483 (Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco S ...)
	NOT-FOR-US: Cisco
CVE-2013-5482 (Cisco Prime LAN Management Solution (LMS) does not properly restrict u ...)
	NOT-FOR-US: Cisco
CVE-2013-5481 (The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5480 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15. ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5479 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15. ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5478 (Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF int ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5477 (The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 throug ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5476 (The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5475 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 thro ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5474 (Race condition in the IPv6 virtual fragmentation reassembly (VFR) impl ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5473 (Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5472 (The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5471 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...)
	NOT-FOR-US: Cisco Global Site Selector
CVE-2013-5470 (Cisco Secure Access Control System (ACS) does not properly handle requ ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-5469 (The TCP implementation in Cisco IOS does not properly implement the tr ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 throug ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-5467 (Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the  ...)
	NOT-FOR-US: IBM DB2 and DB2 Connect
CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5464 (IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 befo ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5463 (The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 a ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Con ...)
	NOT-FOR-US: IBM
CVE-2013-5461 (IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Rem ...)
	NOT-FOR-US: IBM
CVE-2013-5460 (IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) Des ...)
	NOT-FOR-US: IBM
CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remo ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 befo ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5456 (The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0  ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5455 (IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authen ...)
	NOT-FOR-US: IBM SmartCloud Provisioning
CVE-2013-5454 (IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27,  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5453 (IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote auth ...)
	NOT-FOR-US: IBM
CVE-2013-5452 (IBM FileNet Business Process Framework 4.1.0 allows remote authenticat ...)
	NOT-FOR-US: IBM FileNet Business Process Framework
CVE-2013-5451
	RESERVED
CVE-2013-5450 (IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authent ...)
	NOT-FOR-US: IBM
CVE-2013-5449 (Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Ecli ...)
	NOT-FOR-US: IBM
CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin con ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5447 (Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and ...)
	NOT-FOR-US: IBM Forms Viewer
CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
CVE-2013-5445 (IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before I ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-5444 (The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-5443 (Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express  ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-5442 (Cross-site scripting (XSS) vulnerability in the Local Management Inter ...)
	NOT-FOR-US: IBM
CVE-2013-5441
	RESERVED
CVE-2013-5440 (IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows l ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-5439
	RESERVED
CVE-2013-5438 (Cross-site scripting (XSS) vulnerability in the web server in IBM Flex ...)
	NOT-FOR-US: IBM Flex System Manager
CVE-2013-5437
	RESERVED
CVE-2013-5436
	RESERVED
CVE-2013-5435
	RESERVED
CVE-2013-5434
	RESERVED
CVE-2013-5433 (The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSpher ...)
	NOT-FOR-US: IBM
CVE-2013-5432
	RESERVED
CVE-2013-5431 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ( ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-5430 (The Jazz Team Server component in IBM Security AppScan Enterprise 8.x  ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Identity M ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentic ...)
	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
CVE-2013-5427 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Mast ...)
	NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2013-5426 (Session fixation vulnerability in IBM InfoSphere Master Data Managemen ...)
	NOT-FOR-US: IBM
CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass  ...)
	NOT-FOR-US: IBM Flex System Manager
CVE-2013-5423 (IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows re ...)
	NOT-FOR-US: IBM Flex System Manager
CVE-2013-5422 (The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0. ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2013-5421 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
	NOT-FOR-US: IBM
CVE-2013-5420 (The IMS server before Ifix 6 in IBM Security Access Manager for Enterp ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.pri ...)
	NOT-FOR-US: IBM AIX
CVE-2013-5418 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5416 (Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12,  ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5415 (Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x be ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server (WAS)  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5413 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not i ...)
	NOT-FOR-US: IBM
CVE-2013-5412
	RESERVED
CVE-2013-5411 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow re ...)
	NOT-FOR-US: IBM
CVE-2013-5410
	RESERVED
CVE-2013-5409 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator  ...)
	NOT-FOR-US: IBM
CVE-2013-5408
	RESERVED
CVE-2013-5407 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not p ...)
	NOT-FOR-US: IBM
CVE-2013-5406 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2 ...)
	NOT-FOR-US: IBM
CVE-2013-5405 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2 ...)
	NOT-FOR-US: IBM
CVE-2013-5404 (Cross-site scripting (XSS) vulnerability in the search implementation  ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 applianc ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5402 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2013-5401 (The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIP ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2013-5400 (An unspecified servlet in IBM Platform Symphony Developer Edition (DE) ...)
	NOT-FOR-US: IBM Platform Symphony Developer Edition
CVE-2013-5399
	RESERVED
CVE-2013-5398 (Unspecified vulnerability in the Webservice Axis Gateway in IBM Ration ...)
	NOT-FOR-US: IBM
CVE-2013-5397 (Unspecified vulnerability in the Webservice Axis Gateway in IBM Ration ...)
	NOT-FOR-US: IBM
CVE-2013-5396
	RESERVED
CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5394 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8. ...)
	NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5393 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8. ...)
	NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5392
	RESERVED
CVE-2013-5391 (IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix  ...)
	NOT-FOR-US: IBM
CVE-2013-5390 (Cross-site scripting (XSS) vulnerability in the monitoring console in  ...)
	NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5389 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
	NOT-FOR-US: IBM Domino
CVE-2013-5388 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
	NOT-FOR-US: IBM Domino
CVE-2013-5387 (Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows re ...)
	NOT-FOR-US: IBM
CVE-2013-5386
	RESERVED
CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries serve ...)
	NOT-FOR-US: IBM
CVE-2013-5384
	RESERVED
CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5382 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5381 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5379 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x b ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-5378 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x b ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-5377
	RESERVED
CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-5375 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 befo ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5374
	RESERVED
CVE-2013-5373 (The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through  ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5372 (The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12,  ...)
	NOT-FOR-US: IBM
CVE-2013-5371 (The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Wind ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment Ser ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1 ...)
	NOT-FOR-US: IBM SPSS Analytical Decision Management
CVE-2013-5368
	RESERVED
CVE-2013-5367
	RESERVED
CVE-2013-5366
	RESERVED
CVE-2013-5365 (Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, ...)
	NOT-FOR-US: Autodesk SketchBook
CVE-2013-5364 (Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and ...)
	NOT-FOR-US: Secunia CSI Agent
CVE-2013-5363
	RESERVED
CVE-2013-5362
	RESERVED
CVE-2013-5361
	RESERVED
CVE-2013-5360
	RESERVED
CVE-2013-5359 (Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9 ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5358 (Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote a ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5357 (Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 13 ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5356 (Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict acc ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetro ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remo ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5353 (Unrestricted file upload vulnerability in system/controllers/ajax/atta ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5352 (Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to exe ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5351 (Heap-based buffer overflow in IrfanView before 4.37 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2013-5350 (The "Remember me" feature in the opSecurityUser::getRememberLoginCooki ...)
	NOT-FOR-US: OpenPNE
CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 1 ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5348
	REJECTED
CVE-2013-5347
	REJECTED
CVE-2013-5346
	REJECTED
CVE-2013-5345
	REJECTED
CVE-2013-5344
	REJECTED
CVE-2013-5343
	REJECTED
CVE-2013-5342
	REJECTED
CVE-2013-5341
	REJECTED
CVE-2013-5340
	REJECTED
CVE-2013-5339
	REJECTED
CVE-2013-5338
	REJECTED
CVE-2013-5337
	REJECTED
CVE-2013-5336
	REJECTED
CVE-2013-5335
	REJECTED
CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-5332 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5331 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5329 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5328 (Adobe ColdFusion 10 before Update 12 allows remote attackers to read a ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary c ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2013-5326 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 befor ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote a ...)
	NOT-FOR-US: Adobe
CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5323 (Cross-site scripting (XSS) vulnerability in the Static Info Tables (st ...)
	NOT-FOR-US: TYPO3 extension (Static Info Tables)
CVE-2013-5322 (SQL injection vulnerability in the CoolURI extension before 1.0.30 for ...)
	NOT-FOR-US: TYPO3 extension (CoolURI)
CVE-2013-5321 (Multiple SQL injection vulnerabilities in AlienVault Open Source Secur ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2013-5320 (Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mo ...)
	NOT-FOR-US: mojoPortal
CVE-2013-5319 (Cross-site scripting (XSS) vulnerability in secure/admin/user/views/de ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2013-5318 (SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers  ...)
	NOT-FOR-US: Ginkgo CMS
CVE-2013-5317 (Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remot ...)
	NOT-FOR-US: RiteCMS
CVE-2013-5316 (Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allow ...)
	NOT-FOR-US: RiteCMS
CVE-2012-6582 (Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x ...)
	NOT-FOR-US: Spambot Drupal contributed module
CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in core/admin/modules/ ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech p ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2013-5311 (Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 a ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2013-5315 (Cross-site scripting (XSS) vulnerability in the Resource Manager in th ...)
	NOT-FOR-US: Drupal module
CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in serendipity_admin_image_se ...)
	- serendipity <removed>
	[squeeze] - serendipity <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension be ...)
	NOT-FOR-US: TYPO3 extension
CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in install/forum_data/src/cus ...)
	NOT-FOR-US: FUDforum
CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management (re ...)
	NOT-FOR-US: TYPO3 extension
CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_sea ...)
	NOT-FOR-US: Faceted Search TYPO3 extension
CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP (browse ...)
	NOT-FOR-US: TYPO3 Extension
CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator (locator ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extension b ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator) extension bef ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) extensio ...)
	NOT-FOR-US: Faceted Search TYPO3 extension
CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter 5 ...)
	NOT-FOR-US: Trustport Webfilter
CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2013-5299
	RESERVED
CVE-2013-5298
	RESERVED
CVE-2013-5297
	RESERVED
CVE-2013-5296
	RESERVED
CVE-2013-5295
	RESERVED
CVE-2013-5294
	RESERVED
CVE-2013-5293
	RESERVED
CVE-2013-5292
	RESERVED
CVE-2013-5291
	RESERVED
CVE-2013-5290
	RESERVED
CVE-2013-5289
	RESERVED
CVE-2013-5288
	RESERVED
CVE-2013-5287
	RESERVED
CVE-2013-5286
	RESERVED
CVE-2013-5285
	RESERVED
CVE-2013-5284
	RESERVED
CVE-2013-5283
	RESERVED
CVE-2013-5282
	RESERVED
CVE-2013-5281
	RESERVED
CVE-2013-5280
	RESERVED
CVE-2013-5279
	RESERVED
CVE-2013-5278
	RESERVED
CVE-2013-5277
	RESERVED
CVE-2013-5276
	RESERVED
CVE-2013-5275
	RESERVED
CVE-2013-5274
	RESERVED
CVE-2013-5273
	RESERVED
CVE-2013-5272
	RESERVED
CVE-2013-5271
	RESERVED
CVE-2013-5270
	RESERVED
CVE-2013-5269
	RESERVED
CVE-2013-5268
	RESERVED
CVE-2013-5267
	RESERVED
CVE-2013-5266
	RESERVED
CVE-2013-5265
	RESERVED
CVE-2013-5264
	RESERVED
CVE-2013-5263
	RESERVED
CVE-2013-5262
	RESERVED
CVE-2013-5261
	RESERVED
CVE-2013-5260
	RESERVED
CVE-2013-5259
	RESERVED
CVE-2013-5258
	RESERVED
CVE-2013-5257
	RESERVED
CVE-2013-5256
	RESERVED
CVE-2013-5255
	RESERVED
CVE-2013-5254
	RESERVED
CVE-2013-5253
	RESERVED
CVE-2013-5252
	RESERVED
CVE-2013-5251
	RESERVED
CVE-2013-5250
	RESERVED
CVE-2013-5249
	RESERVED
CVE-2013-5248
	RESERVED
CVE-2013-5247
	RESERVED
CVE-2013-5246
	RESERVED
CVE-2013-5245
	RESERVED
CVE-2013-5244
	RESERVED
CVE-2013-5243
	RESERVED
CVE-2013-5242
	RESERVED
CVE-2013-5241
	RESERVED
CVE-2013-5240
	RESERVED
CVE-2013-5239
	RESERVED
CVE-2013-5238
	RESERVED
CVE-2013-5237
	RESERVED
CVE-2013-5236
	RESERVED
CVE-2013-5235
	RESERVED
CVE-2013-5234
	RESERVED
CVE-2013-5233
	RESERVED
CVE-2013-5232
	RESERVED
CVE-2013-5231
	RESERVED
CVE-2013-5230
	RESERVED
CVE-2013-5229 (The Remote Desktop full-screen feature in Apple OS X before 10.9 and A ...)
	NOT-FOR-US: Apple
CVE-2013-5228 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5227 (Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers ...)
	NOT-FOR-US: Safari
CVE-2013-5226
	RESERVED
CVE-2013-5225 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5224
	RESERVED
CVE-2013-5223 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760 ...)
	NOT-FOR-US: D-Link DSL-2760U Gateway
CVE-2013-5222 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2013-5221 (The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2  ...)
	NOT-FOR-US: Esri ArcGIS
CVE-2013-5220 (goform/login on the HOT HOTBOX router with software 2.1.11 allows remo ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5219 (Directory traversal vulnerability on the HOT HOTBOX router with softwa ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5218 (Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5216 (Directory traversal vulnerability in logreader/uploadreader.jsp in Cap ...)
	NOT-FOR-US: Performance Guard
CVE-2013-5215 (Cross-site scripting (XSS) vulnerability in the web interface "WiFi sc ...)
	NOT-FOR-US: FOSCAM Wireless IP Camera
CVE-2013-5214
	RESERVED
CVE-2013-5213
	RESERVED
CVE-2013-5212 (Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote atta ...)
	NOT-FOR-US: easyXDM
CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ...)
	- ntp 1:4.2.8p3+dfsg-1 (low; bug #733940)
	[jessie] - ntp <no-dsa> (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport)
	[wheezy] - ntp <no-dsa> (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport)
	[squeeze] - ntp <no-dsa> (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=1532
	NOTE: mitigated if noquery used. Only a problem for (public) ntp servers allowing
	NOTE: querying ntpd status, so allowing monlist
CVE-2013-5210 (Cross-site scripting (XSS) vulnerability in the GUI login page in ADTR ...)
	NOT-FOR-US: Adtran Netvanta
CVE-2013-5209 (The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in th ...)
	{DSA-2743-1}
	- kfreebsd-8 <removed> (bug #720476)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 9.2~svn254368-2 (bug #720475)
	- kfreebsd-10 10.0~svn254663-1 (bug #720478)
CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the d ...)
	NOT-FOR-US: HR Systems Strategies
CVE-2013-5207
	RESERVED
CVE-2013-5206
	RESERVED
CVE-2013-5205
	RESERVED
CVE-2013-5204
	RESERVED
CVE-2013-5203
	RESERVED
CVE-2013-5202
	RESERVED
CVE-2013-5201
	RESERVED
CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API  ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5199 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5198 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5197 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5196 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5195 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5194
	RESERVED
CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly en ...)
	NOT-FOR-US: Apple
CVE-2013-5192 (The USB hub controller in Apple Mac OS X before 10.9 allows local user ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5191 (The syslog implementation in Apple Mac OS X before 10.9 allows local u ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5190 (Smart Card Services in Apple Mac OS X before 10.9 does not properly im ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5189 (Apple Mac OS X before 10.9 does not preserve a certain administrative  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5188 (The Screen Lock implementation in Apple Mac OS X before 10.9, when hib ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5187 (The Screen Lock implementation in Apple Mac OS X before 10.9 does not  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5186 (Power Management in Apple Mac OS X before 10.9 does not properly handl ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5185 (The ldapsearch command-line program in OpenLDAP in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5184 (The kernel in Apple Mac OS X before 10.9 does not properly check for e ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5183 (Mail in Apple Mac OS X before 10.9, when Kerberos authentication is en ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5182 (Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5181 (The auto-configuration feature in Mail in Apple Mac OS X before 10.9 s ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5180 (The srandomdev function in Libc in Apple Mac OS X before 10.9, when th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5179 (App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5178 (LaunchServices in Apple Mac OS X before 10.9 does not properly restric ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5177 (The kernel in Apple Mac OS X before 10.9 allows local users to cause a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5176 (The kernel in Apple Mac OS X before 10.9 does not properly handle inte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5175 (The kernel in Apple Mac OS X before 10.9 allows local users to obtain  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5174 (Integer signedness error in the kernel in Apple Mac OS X before 10.9 a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5173 (The random-number generator in the kernel in Apple Mac OS X before 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5172 (The kernel in Apple Mac OS X before 10.9 does not properly determine t ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5171 (CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypas ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5170 (Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5169 (CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5168 (Console in Apple Mac OS X before 10.9 allows user-assisted remote atta ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5167 (CFNetwork in Apple Mac OS X before 10.9 does not properly support Safa ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5166 (The Bluetooth USB host controller in Apple Mac OS X before 10.9 premat ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5165 (socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5164 (Multiple race conditions in the Phone app in Apple iOS before 7.0.3 al ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update ...)
	NOT-FOR-US: Apple OS X
CVE-2013-5162 (Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physi ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5161 (Passcode Lock in Apple iOS before 7.0.2 does not properly manage the l ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5160 (Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physi ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the Sam ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5158 (The Social subsystem in Apple iOS before 7 does not properly restrict  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5157 (The Twitter subsystem in Apple iOS before 7 does not require API confo ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5156 (The Telephony subsystem in Apple iOS before 7 does not require API con ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5155 (The Sandbox subsystem in Apple iOS before 7 allows attackers to cause  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5154 (The Sandbox subsystem in Apple iOS before 7 determines the sandboxing  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5153 (Springboard in Apple iOS before 7 does not properly manage the lock st ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5152 (Mobile Safari in Apple iOS before 7 allows remote attackers to spoof t ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5151 (Mobile Safari in Apple iOS before 7 does not prevent HTML interpretati ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5150 (The history-clearing feature in Safari in Apple iOS before 7 does not  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5149 (The Push Notifications subsystem in Apple iOS before 7 provides the pu ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5148 (Apple Keynote before 6.0 does not properly handle the interaction betw ...)
	NOT-FOR-US: Apple Keynote
CVE-2013-5147 (Passcode Lock in Apple iOS before 7 does not properly manage the lock  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5146
	RESERVED
CVE-2013-5145 (kextd in Kext Management in Apple iOS before 7 does not properly verif ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5144 (Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physi ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5143 (The RADIUS service in Server App in Apple OS X Server before 3.0 selec ...)
	NOT-FOR-US: Apple OS X Server
CVE-2013-5142 (The kernel in Apple iOS before 7 does not initialize unspecified kerne ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5141 (The kernel in Apple iOS before 7 uses an incorrect data size for a cer ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5140 (The kernel in Apple iOS before 7 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5139 (The IOSerialFamily driver in Apple iOS before 7 allows attackers to ex ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5138 (IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cau ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5137 (IOKit in Apple iOS before 7 allows attackers to send user-interface ev ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5136 (Apple Remote Desktop before 3.7 does not properly use server authentic ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2013-5135 (Format string vulnerability in Screen Sharing Server in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5134
	REJECTED
CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, wh ...)
	NOT-FOR-US: Apple
CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly han ...)
	NOT-FOR-US: Apple AirPort
CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5130 (WebKit in Apple Safari before 6.1 disables the Private Browsing featur ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5129 (Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5128 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5127 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5126 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5125 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5124
	RESERVED
CVE-2013-5123 (The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...)
	- python-pip 1.4.1-1 (unimportant)
	[squeeze] - python-pip <not-affected> (Support for mirroring introduced in 0.8.1)
	NOTE: This is additional hardening / security feature, not a vulnerabily (despite
	NOTE: the discussion on oss-sec)
CVE-2013-5122 (Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause a ...)
	NOT-FOR-US: Linksys
CVE-2013-5121 (SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows rem ...)
	NOT-FOR-US: PHPFox
CVE-2013-5120 (SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows rem ...)
	NOT-FOR-US: PHPFox
CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the- ...)
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ap ...)
	NOT-FOR-US: Good for Enterprise app for iOS
CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...)
	NOT-FOR-US: DotNetNuke
CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...)
	NOT-FOR-US: Evernote
CVE-2013-5115
	RESERVED
CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...)
	NOT-FOR-US: LastPass
CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...)
	NOT-FOR-US: LastPass
CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...)
	NOT-FOR-US: Evernote
CVE-2013-5111
	RESERVED
CVE-2013-5110
	RESERVED
CVE-2013-5109
	RESERVED
CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn function ...)
	- rockmongo <itp> (bug #702961)
CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...)
	- rockmongo <itp> (bug #702961)
CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using python-m ...)
	NOT-FOR-US: python vim mode, different from src:python-mode, which is for emacs
CVE-2013-5105
	RESERVED
CVE-2013-5104
	RESERVED
CVE-2013-5103
	RESERVED
CVE-2013-5102
	RESERVED
CVE-2013-5101
	RESERVED
CVE-2013-5100 (Cross-site scripting (XSS) vulnerability in the Static Methods since 2 ...)
	NOT-FOR-US: TYPO3 extension Static Methods
CVE-2013-5099 (Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS  ...)
	NOT-FOR-US: Anchor CMS
CVE-2013-5098 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the Dow ...)
	NOT-FOR-US: WordPress plugin download-monitor
CVE-2013-5097 (Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance a ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2013-5096 (Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance a ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2013-5095 (Cross-site scripting (XSS) vulnerability in the web-based interface in ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2013-5094 (Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulner ...)
	NOT-FOR-US: McAfee Vulnerability Manager
CVE-2013-5093 (The renderLocalView function in render/views.py in graphite-web in Gra ...)
	- graphite-web 0.9.12+debian-1 (bug #720454)
	NOTE: http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
CVE-2013-5092 (Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoS ...)
	NOT-FOR-US: AlgoSec Firewall Analyzer
CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0  ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-5090
	REJECTED
CVE-2013-5089
	REJECTED
CVE-2013-5088
	REJECTED
CVE-2013-5087
	REJECTED
CVE-2013-5086
	REJECTED
CVE-2013-5085
	REJECTED
CVE-2013-5084
	REJECTED
CVE-2013-5083
	REJECTED
CVE-2013-5082
	REJECTED
CVE-2013-5081
	REJECTED
CVE-2013-5080
	REJECTED
CVE-2013-5079
	REJECTED
CVE-2013-5078
	REJECTED
CVE-2013-5077
	REJECTED
CVE-2013-5076
	REJECTED
CVE-2013-5075
	REJECTED
CVE-2013-5074
	REJECTED
CVE-2013-5073
	REJECTED
CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in Micr ...)
	NOT-FOR-US: Microsoft Exchange Server OWA
CVE-2013-5071
	REJECTED
CVE-2013-5070
	REJECTED
CVE-2013-5069
	REJECTED
CVE-2013-5068
	REJECTED
CVE-2013-5067
	REJECTED
CVE-2013-5066
	REJECTED
CVE-2013-5065 (NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-5064
	REJECTED
CVE-2013-5063
	REJECTED
CVE-2013-5062
	REJECTED
CVE-2013-5061
	REJECTED
CVE-2013-5060
	REJECTED
CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web  ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP ...)
	NOT-FOR-US: Microsoft Windows Kernel
CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not im ...)
	NOT-FOR-US: Microsoft Windows Kernel
CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library i ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-5055
	REJECTED
CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover  ...)
	NOT-FOR-US: Microsoft Office
CVE-2013-5053
	REJECTED
CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5050
	REJECTED
CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5044
	REJECTED
CVE-2013-5043
	REJECTED
CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR  ...)
	NOT-FOR-US: Microsoft ASP.NET SignalR
CVE-2013-5041
	REJECTED
CVE-2013-5040
	RESERVED
CVE-2013-5039 (Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSec ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5038 (The HOT HOTBOX router with software 2.1.11 allows remote attackers to  ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5037 (The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12 ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5036 (The Square Squash allows remote attackers to execute arbitrary code vi ...)
	NOT-FOR-US: Square Squash
CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xc ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5034 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...)
	NOT-FOR-US: Atmail
CVE-2013-5033 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...)
	NOT-FOR-US: Atmail
CVE-2013-5032 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...)
	NOT-FOR-US: Atmail
CVE-2013-5031 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...)
	NOT-FOR-US: Atmail
CVE-2013-5030 (Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow  ...)
	NOT-FOR-US: Ruckus Wireless Zoneflex
CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to byp ...)
	- phpmyadmin 4:4.0.5-1
	[squeeze] - phpmyadmin <no-dsa> (Backport not feasible and X-Frame-Options protection enough on any modern browser)
	[wheezy] - phpmyadmin <no-dsa> (Backport not feasible and X-Frame-Options protection enough on any modern browser)
CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok In ...)
	NOT-FOR-US: Kwok Information Server
CVE-2013-5027 (Collabtive 1.0 has incorrect access control ...)
	- collabtive <removed>
	[jessie] - collabtive <not-affected> (fixed in version 1.1)
CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.o ...)
	NOT-FOR-US: National Instruments Lookout
CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in National ...)
	NOT-FOR-US: National Instruments
CVE-2013-5024 (An ActiveX control in NationalInstruments.Help2.dll in National Instru ...)
	NOT-FOR-US: National Instruments
CVE-2013-5023 (The ActiveX controls in the HelpAsst component in NI Help Links in Nat ...)
	NOT-FOR-US: National Instruments
CVE-2013-5022 (Absolute path traversal vulnerability in the 3D Graph ActiveX control  ...)
	NOT-FOR-US: National Instruments
CVE-2013-5021 (Multiple absolute path traversal vulnerabilities in National Instrumen ...)
	NOT-FOR-US: National Instruments
CVE-2013-5020 (Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in ...)
	NOT-FOR-US: miniBB
CVE-2013-5019 (Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote att ...)
	NOT-FOR-US: Ultra Mini HTTPD
CVE-2013-5018 (The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not prope ...)
	- strongswan <not-affected> (Only affects 5.0.4 from experimental)
	NOTE: The PEM aspect is under control of the administrator, so not a security issue
	NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4
CVE-2013-5017 (SNMPConfig.php in the management console in Symantec Web Gateway (SWG) ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2013-5016 (Symantec Critical System Protection (SCSP) before 5.2.9, when installe ...)
	NOT-FOR-US: Symantec
CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec Endp ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM)  ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5013 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec WEB Gateway
CVE-2013-5012 (Multiple SQL injection vulnerabilities in the management console on th ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2013-5011 (Unquoted Windows search path vulnerability in the client in Symantec E ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5010 (The Application/Device Control (ADC) component in the client in Symant ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5009 (The Management Console in Symantec Endpoint Protection (SEP) 11.x befo ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5008 (The agent and task-agent components in Symantec Management Platform 7. ...)
	NOT-FOR-US: Symantec
CVE-2013-5007
	RESERVED
CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750 with fir ...)
	NOT-FOR-US: Western Digital Router
CVE-2013-5005 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/met ...)
	NOT-FOR-US: Tripwire Enterprise
CVE-2013-5004
	RESERVED
CVE-2013-4994
	RESERVED
CVE-2013-4993
	RESERVED
CVE-2013-4992
	RESERVED
CVE-2013-4991
	RESERVED
CVE-2013-4990
	RESERVED
CVE-2013-4989
	RESERVED
CVE-2013-4988 (Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote att ...)
	NOT-FOR-US: IcoFX
CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated users to g ...)
	NOT-FOR-US: PinApp
CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 i ...)
	NOT-FOR-US: PDFCool
CVE-2013-4985 (Multiple Vivotek IP Cameras remote authentication bypass that could al ...)
	NOT-FOR-US: Vivotek IP Cameras
CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...)
	NOT-FOR-US: Sophos Web Protection Appliance
CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appl ...)
	NOT-FOR-US: Sophos Web Protection Appliance
CVE-2013-4982 (AVTECH AVN801 DVR has a security bypass via the administration login c ...)
	NOT-FOR-US: AVTECH DVR
CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with f ...)
	NOT-FOR-US: AVTECH DVR
CVE-2013-4980 (Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with f ...)
	NOT-FOR-US: AVTECH DVR
CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlie ...)
	NOT-FOR-US: EPS Viewer
CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in  ...)
	NOT-FOR-US: Aloaha PDF Suite
CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E I ...)
	NOT-FOR-US: Hikvision IP camera
CVE-2013-4976 (Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded cre ...)
	NOT-FOR-US: Hikvision DS-2CD7153-E IP Camera
CVE-2013-4975 (Hikvision DS-2CD7153-E IP Camera has Privilege Escalation ...)
	NOT-FOR-US: Hikvision DS-2CD7153-E IP Camera
CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 throug ...)
	NOT-FOR-US: RealPlayer
CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.5 ...)
	NOT-FOR-US: RealPlayer
CVE-2013-4972
	RESERVED
CVE-2013-4971 (Puppet Enterprise before 3.2.0 does not properly restrict access to no ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4970
	RESERVED
CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) be ...)
	{DSA-2831-1}
	- puppet 3.4.1-1
	NOTE: http://puppetlabs.com/security/cve/cve-2013-4969
CVE-2013-4968 (Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct  ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to obtain the d ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4966 (The master external node classification script in Puppet Enterprise be ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4965 (Puppet Enterprise before 3.1.0 does not properly restrict the number o ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4964 (Puppet Enterprise before 3.0.1 does not set the secure flag for the se ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4963 (Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet E ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4962 (The reset password page in Puppet Enterprise before 3.0.1 does not for ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4961 (Puppet Enterprise before 3.0.1 includes version information for the Ap ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4960
	RESERVED
CVE-2013-4959 (Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensit ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4958 (Puppet Enterprise before 3.0.1 does not use a session timeout, which m ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4957 (The dashboard report in Puppet Enterprise before 3.0.1 allows attacker ...)
	NOT-FOR-US: puppet-dashboard
CVE-2013-4956 (Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3. ...)
	{DSA-2761-1}
	- puppet 3.2.4-1
	[squeeze] - puppet <not-affected> (puppet module not yet present)
CVE-2013-4955 (Open redirect vulnerability in the login page in Puppet Enterprise bef ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4954 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
	NOT-FOR-US: Genetech Solutions Pie-Register
CVE-2013-4953 (SQL injection vulnerability in play.php in Top Games Script 1.2 allows ...)
	NOT-FOR-US: Top Games Script
CVE-2013-4952 (SQL injection vulnerability in functions/global.php in Elemata CMS RC  ...)
	NOT-FOR-US: Elemata CMS
CVE-2013-4951 (Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 a ...)
	NOT-FOR-US: Mintboard
CVE-2013-4950 (Cross-site scripting (XSS) vulnerability in view.php in Machform 2 all ...)
	NOT-FOR-US: Machform
CVE-2013-4949 (Unrestricted file upload vulnerability in view.php in Machform 2 allow ...)
	NOT-FOR-US: Machform
CVE-2013-4948 (SQL injection vulnerability in view.php in Machform 2 allows remote at ...)
	NOT-FOR-US: Machform
CVE-2013-4947 (Unspecified vulnerability in the update and build database page in Saw ...)
	NOT-FOR-US: Sawmill
CVE-2013-4946 (Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Des ...)
	NOT-FOR-US: BMC Service Desk Express
CVE-2013-4945 (Multiple SQL injection vulnerabilities in BMC Service Desk Express (SD ...)
	NOT-FOR-US: BMC Service Desk Express
CVE-2013-4944 (Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Fr ...)
	NOT-FOR-US: BuddyPress
CVE-2013-4943 (The client application in Siemens COMOS before 9.1 Update 458, 9.2 bef ...)
	NOT-FOR-US: Siemens COMOS
CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the U ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4941 (Cross-site scripting (XSS) vulnerability in uploader.swf in the Upload ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not installed in package)
CVE-2013-4940 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility c ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4939 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility c ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4938 (The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10 ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4995 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3. ...)
	{DSA-2975-1 DLA-0014-1}
	- phpmyadmin 4:4.0.4.2-1 (low)
	[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4996 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...)
	{DSA-2975-1 DLA-0014-1}
	- phpmyadmin 4:4.0.4.2-1
	[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4997 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...)
	- phpmyadmin 4:4.0.4.2-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-4998 (phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote ...)
	- phpmyadmin 4:4.0.4.2-1 (unimportant)
	NOTE: Full path disclosure irrelevant in Debian packages
CVE-2013-4999 (phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sens ...)
	- phpmyadmin 4:4.0.4.2-1 (unimportant)
	NOTE: Full path disclosure irrelevant in Debian packages
CVE-2013-5000 (phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sens ...)
	- phpmyadmin 4:4.0.4.2-1 (unimportant)
	NOTE: Full path disclosure irrelevant in Debian packages
CVE-2013-5001 (Cross-site scripting (XSS) vulnerability in libraries/plugins/transfor ...)
	- phpmyadmin 4:4.0.4.2-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-5002 (Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Re ...)
	{DSA-2975-1}
	- phpmyadmin 4:4.0.4.2-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-5003 (Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5. ...)
	{DSA-2975-1 DLA-0014-1}
	- phpmyadmin 4:4.0.4.2-1
	[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4937 (Multiple unspecified vulnerabilities in the AiCloud feature on the ASU ...)
	NOT-FOR-US: Asus firmware
CVE-2013-4936 (The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PRO ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4935 (The dissect_per_length_determinant function in epan/dissectors/packet- ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4934 (The netmon_open function in wiretap/netmon.c in the Netmon file parser ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4933 (The netmon_open function in wiretap/netmon.c in the Netmon file parser ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4932 (Multiple array index errors in epan/dissectors/packet-gsm_a_common.c i ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4931 (epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1  ...)
	{DLA-497-1}
	- wireshark 1.10.1-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-4930 (The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c  ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
	[squeeze] - wireshark <not-affected> (Affected dissector not yet present)
CVE-2013-4929 (The parseFields function in epan/dissectors/packet-dis-pdus.c in the D ...)
	{DLA-497-1}
	- wireshark 1.10.1-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-4928 (Integer signedness error in the dissect_headers function in epan/disse ...)
	- wireshark 1.10.1-1 (unimportant)
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
	NOTE: Not suitable for code injection
CVE-2013-4927 (Integer signedness error in the get_type_length function in epan/disse ...)
	{DLA-497-1}
	- wireshark 1.10.1-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-4926 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator diss ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4925 (Integer signedness error in epan/dissectors/packet-dcom-sysact.c in th ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4924 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator diss ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4923 (Memory leak in the dissect_dcom_ActivationProperties function in epan/ ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4922 (Double free vulnerability in the dissect_dcom_ActivationProperties fun ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4921 (Off-by-one error in the dissect_radiotap function in epan/dissectors/p ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4920 (The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly i ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4919
	RESERVED
CVE-2013-4918
	RESERVED
CVE-2013-4917
	RESERVED
CVE-2013-4916
	RESERVED
CVE-2013-4915
	RESERVED
CVE-2013-4914
	RESERVED
CVE-2013-4913
	RESERVED
CVE-2013-4912 (Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 be ...)
	NOT-FOR-US: Siemens
CVE-2013-4911 (Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA  ...)
	NOT-FOR-US: Siemens
CVE-2013-4910
	RESERVED
CVE-2013-4909
	RESERVED
CVE-2013-4908
	RESERVED
CVE-2013-4907
	RESERVED
CVE-2013-4906
	RESERVED
CVE-2013-4905
	RESERVED
CVE-2013-4904
	RESERVED
CVE-2013-4903
	RESERVED
CVE-2013-4902
	RESERVED
CVE-2013-4901
	RESERVED
CVE-2013-4900 (Directory traversal vulnerability in DeWeS web server 0.4.2 and possib ...)
	NOT-FOR-US: DeWeS web server (Twilight CMS)
CVE-2013-4899 (Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and poss ...)
	NOT-FOR-US: Twilight CMS
CVE-2013-4898 (Unrestricted file upload vulnerability in the user profile page featur ...)
	NOT-FOR-US: Timeline Plugin for SocialEngine
CVE-2013-4897
	REJECTED
CVE-2013-4896
	RESERVED
CVE-2013-4895
	RESERVED
CVE-2013-4894
	RESERVED
CVE-2013-4893
	RESERVED
CVE-2013-4892
	RESERVED
CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow remote  ...)
	- codeigniter <itp> (bug #471583)
CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...)
	NOT-FOR-US: Digital Signage Xibo
CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital Signa ...)
	NOT-FOR-US: Digital Signage Xibo
CVE-2013-4887 (SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 ...)
	NOT-FOR-US: Digital Signage Xibo
CVE-2013-4886
	RESERVED
CVE-2013-4885 (The http-domino-enum-passwords.nse script in NMap before 6.40, when do ...)
	- nmap 6.40-0.1 (low; bug #719289)
	[squeeze] - nmap <not-affected> (Vulnerable code not present)
	[wheezy] - nmap 6.00-0.3+deb7u1
CVE-2013-4884 (Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allow ...)
	NOT-FOR-US: McAfee SuperScan
CVE-2013-5217
	REJECTED
CVE-2013-4890 (The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote a ...)
	NOT-FOR-US: Samsung TV
CVE-2013-4883 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy  ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-4882 (Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator  ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-4881 (Cross-site request forgery (CSRF) vulnerability in core/admin/modules/ ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-4880 (Cross-site scripting (XSS) vulnerability in core/admin/modules/develop ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-4879 (SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-4878 (The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on  ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2013-4877 (The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not  ...)
	NOT-FOR-US: Verizon Wireless Network Extender
CVE-2013-4876 (The Verizon Wireless Network Extender SCS-2U01 has a hardcoded passwor ...)
	NOT-FOR-US: Verizon Wireless Network Extender
CVE-2013-4875 (The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 ...)
	NOT-FOR-US: Verizon Wireless Network Extender SCS-2U01
CVE-2013-4874 (The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC ...)
	NOT-FOR-US: Verizon Wireless Network Extender
CVE-2013-4873 (The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials ...)
	NOT-FOR-US: iOS app
CVE-2013-4872 (Google Glass before XE6 does not properly restrict the processing of Q ...)
	NOT-FOR-US: Google Glass
CVE-2013-4871 (Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO En ...)
	NOT-FOR-US: TYPO3 extension tq_seo
CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) extension ...)
	NOT-FOR-US: TYPO3 extension news_search
CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and  ...)
	NOT-FOR-US: Cisco
CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...)
	NOT-FOR-US: Karotz API
CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...)
	NOT-FOR-US: Electronic Arts Karotz Smart Rabbit
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...)
	NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android
CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in ...)
	NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to  ...)
	NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with firmwar ...)
	NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict  ...)
	NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasa ...)
	NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...)
	NOT-FOR-US: Radio Thermostat
CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
	NOT-FOR-US: INSTEON Hub
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...)
	NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...)
	NOT-FOR-US: D-Link
CVE-2013-4856 (D-Link DIR-865L has Information Disclosure. ...)
	NOT-FOR-US: D-Link
CVE-2013-4855 (D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in t ...)
	NOT-FOR-US: D-Link
CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...)
	{DSA-2728-1}
	- bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
	NOTE: https://kb.isc.org/article/AA-01015/0
CVE-2013-4853
	RESERVED
CVE-2013-4852 (Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and o ...)
	{DSA-2736-1}
	- putty 0.63-1 (bug #718779)
	- filezilla 3.7.3-1 (low; bug #718800)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.securityfocus.com/archive/1/527763/30/0
	NOTE: http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
CVE-2013-4851 (The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS ser ...)
	{DSA-2743-1}
	- kfreebsd-9 9.1-4 (bug #717958)
	- kfreebsd-8 8.3-7 (bug #717959)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
	[squeeze] - kfreebsd-8 <not-affected> (FreeBSD NFS server implementation was not supported in squeeze)
CVE-2013-4850
	RESERVED
CVE-2013-4849
	RESERVED
CVE-2013-4848 (TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. ...)
	NOT-FOR-US: TP-Link
CVE-2013-4847
	RESERVED
CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka ...)
	NOT-FOR-US: HP Officejet Pro
CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31 ...)
	NOT-FOR-US: HP Service Manager and ServiceCenter
CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with fi ...)
	NOT-FOR-US: HP iLO
CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 ...)
	NOT-FOR-US: HP iLO
CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in ...)
	NOT-FOR-US: HP StoreVirtual
CVE-2013-4840 (Unspecified vulnerability in HP and H3C VPN Firewall Module products S ...)
	NOT-FOR-US: HP and H3C VPN Firewall Module
CVE-2013-4839 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4838 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4837 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4836 (Unspecified vulnerability in the GossipService SOAP Request implementa ...)
	NOT-FOR-US: HP Application LifeCycle Management
CVE-2013-4835 (The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x befor ...)
	NOT-FOR-US: HP SiteScope
CVE-2013-4834 (Unspecified vulnerability in the client component in HP Application Li ...)
	NOT-FOR-US: HP Application LifeCycle Management
CVE-2013-4833 (Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 th ...)
	NOT-FOR-US: HP
CVE-2013-4832 (HP Service Manager 9.30 through 9.32 allows remote authenticated users ...)
	NOT-FOR-US: HP
CVE-2013-4831 (HP Service Manager 9.30 through 9.32 does not properly manage privileg ...)
	NOT-FOR-US: HP
CVE-2013-4830 (HP Service Manager 9.30 through 9.32 allows remote attackers to execut ...)
	NOT-FOR-US: HP
CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet E ...)
	NOT-FOR-US: HP
CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet E ...)
	NOT-FOR-US: HP
CVE-2013-4827 (SQL injection vulnerability in HP Intelligent Management Center (iMC)  ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4826 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4825 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4824 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4823 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4822 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-4820 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall  ...)
	NOT-FOR-US: HP
CVE-2013-4819 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 1 ...)
	NOT-FOR-US: HP
CVE-2013-4818 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall  ...)
	NOT-FOR-US: HP
CVE-2013-4817 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 1 ...)
	NOT-FOR-US: HP
CVE-2013-4816
	REJECTED
CVE-2013-4815 (Cross-site scripting (XSS) vulnerability in the web interface in HP Ar ...)
	NOT-FOR-US: HP
CVE-2013-4814 (Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View A ...)
	NOT-FOR-US: HP
CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3 ...)
	NOT-FOR-US: HP
CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ProCur ...)
	NOT-FOR-US: HP
CVE-2013-4811 (UpdateDomainControllerServlet in the SNAC registration server in HP Pr ...)
	NOT-FOR-US: HP
CVE-2013-4810 (HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Dr ...)
	NOT-FOR-US: HP
CVE-2013-4809 (Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCu ...)
	NOT-FOR-US: HP
CVE-2013-4808 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and  ...)
	NOT-FOR-US: HP
CVE-2013-4807 (Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M121 ...)
	NOT-FOR-US: HP
CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8### ...)
	NOT-FOR-US: HP routers
CVE-2013-4805 (Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) fir ...)
	NOT-FOR-US: HP Integrated Lights-Out firmware
CVE-2013-4804 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch  ...)
	NOT-FOR-US: HP Business Process Monitor
CVE-2013-4803
	REJECTED
CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle M ...)
	NOT-FOR-US: HP
CVE-2013-4801 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4800 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4799 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4796 (ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to r ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list in Rev ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4794
	RESERVED
CVE-2013-4793 (The update function in umbraco.webservices/templates/templateService.c ...)
	NOT-FOR-US: Umbraco
CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...)
	NOT-FOR-US: PrestaShop
CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...)
	NOT-FOR-US: PrestaShop
CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...)
	NOT-FOR-US: Cotonti
CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6 ...)
	{DLA-165-1}
	- glibc 2.17-94 (low; bug #717178)
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check crypt ...)
	NOT-FOR-US: Android
CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange P ...)
	NOTE: Design flaw in the IPMI 2.0 specification. Any correctly implemented device is vulnerable.
	NOTE: Contacted relevant maintainers: Since few to no devices do mutual authentication, tools shipped by Debian are generally not affected. At best, the tools can print a warning for vulnerable devices.
CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote at ...)
	NOT-FOR-US: HP IPMI device
CVE-2013-4781 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance a ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4780 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance a ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4779 (Cross-site scripting (XSS) vulnerability in core/handleTw.php on the S ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4778 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance a ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4777 (A certain configuration of Android 2.3.7 on the Motorola Defy XT phone ...)
	NOT-FOR-US: Motorola
CVE-2013-4776 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earli ...)
	NOT-FOR-US: NETGEAR
CVE-2013-4775 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earli ...)
	NOT-FOR-US: NETGEAR
CVE-2013-4785 (The web interface on the Dell iDRAC6 with firmware before 1.95 allows  ...)
	NOT-FOR-US: Dell
CVE-2013-4783 (The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3 ...)
	NOT-FOR-US: Dell
CVE-2013-4782 (The Supermicro BMC implementation allows remote attackers to bypass au ...)
	NOT-FOR-US: Supermicro
CVE-2013-4774
	RESERVED
CVE-2013-4773
	RESERVED
CVE-2013-4772 (D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless  ...)
	NOT-FOR-US: D-Link
CVE-2013-4771
	RESERVED
CVE-2013-4770 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...)
	NOT-FOR-US: Eucalyptus Management Console
CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x ...)
	- eucalyptus <removed>
CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote att ...)
	- eucalyptus <removed>
CVE-2013-4767 (Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impac ...)
	- eucalyptus <removed>
CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote attack ...)
	- eucalyptus <removed>
CVE-2013-4765
	RESERVED
CVE-2013-4764 (Samsung Galaxy S3/S4 exposes an unprotected component allowing an unpr ...)
	NOT-FOR-US: Samsung
CVE-2013-4763 (Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitra ...)
	NOT-FOR-US: Samsung
CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a sess ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x befo ...)
	{DSA-2761-1}
	- puppet 3.2.4-1 (low)
	[squeeze] - puppet <no-dsa> (non-standard config and attacker requires local access to master)
CVE-2013-4760
	RESERVED
CVE-2013-4759 (Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Fo ...)
	NOT-FOR-US: Magnolia CMS
CVE-2013-4757
	RESERVED
CVE-2013-4756
	RESERVED
CVE-2013-4758 (Double free vulnerability in the writeDataError function in the Elasti ...)
	- rsyslog <not-affected> (omelasticsearch plugin not enabled; see #715009)
	[squeeze] - rsyslog <not-affected> (omelasticsearch plugin not yet present)
	[wheezy] - rsyslog <not-affected> (omelasticsearch plugin not yet present)
	NOTE: http://bugzilla.adiscon.com/show_bug.cgi?id=461
	NOTE: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4
CVE-2013-4755
	RESERVED
CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Kn ...)
	NOT-FOR-US: Owl Intranet Knowledgebase
CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11. ...)
	NOT-FOR-US: Claroline
CVE-2013-4752 (Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5,  ...)
	NOT-FOR-US: Symfony HttpFoundation component
CVE-2013-4751 (php-symfony2-Validator has loss of information during serialization ...)
	NOT-FOR-US: Symfony Validator component
CVE-2013-4750
	RESERVED
CVE-2013-4749 (Cross-site scripting (XSS) vulnerability in the UserTask Center, Messa ...)
	NOT-FOR-US: sys_messages TYPO3 extension
CVE-2013-4748 (SQL injection vulnerability in the News system (news) extension before ...)
	NOT-FOR-US: News system TYPO3 extension
CVE-2013-4747 (Cross-site scripting (XSS) vulnerability in the Accessible browse resu ...)
	NOT-FOR-US: Accessible browse results TYPO3 extension
CVE-2013-4746 (Cross-site scripting (XSS) vulnerability in the My quiz and poll (myqu ...)
	NOT-FOR-US: My quiz and poll TYPO3 extension
CVE-2013-4745 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...)
	NOT-FOR-US: My quiz and poll TYPO3 extension
CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit extension befo ...)
	NOT-FOR-US: PHPUnit TYPO3 extension
CVE-2013-4743 (Static HTTP Server 1.0 has a Local Overflow ...)
	NOT-FOR-US: Static HTTP Server
CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers ...)
	NOT-FOR-US: SurgeFTP
CVE-2013-4741
	RESERVED
CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ker ...)
	NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-4739 (The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm In ...)
	- linux <not-affected> (Android-specific camera drivers)
CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...)
	- linux <not-affected> (Android-specific camera drivers)
CVE-2013-4737 (The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x,  ...)
	- linux <not-affected> (Affected code not in mainline kernel)
	- linux-2.6 <not-affected> (Affected code not in mainline kernel)
	NOTE: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=4256415b296348ff16cd17a5b8f8dce4dea37328
CVE-2013-4736 (Multiple integer overflows in the JPEG engine drivers in the MSM camer ...)
	NOTE: https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736
	NOT-FOR-US: camera JPEG engines on Android Linux kernels
CVE-2013-4735 (The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monro ...)
	NOT-FOR-US: Digital Alert Systems and Monroe Electronics
CVE-2013-4734 (dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2. ...)
	NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4733 (The web server on the Digital Alert Systems DASDEC EAS device before 2 ...)
	NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4732 (** DISPUTED ** The administrative web server on the Digital Alert Syst ...)
	NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4731 (ajax.cgi in the web interface on the Choice Wireless Green Packet WIXF ...)
	NOT-FOR-US: Choice Wireless Green Packet modem
CVE-2013-4730 (Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to ...)
	NOT-FOR-US: PCMan FTP Server
CVE-2013-4729 (import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict ...)
	- phpmyadmin 4:4.0.4.1-1
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2013-4728 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4727 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4726 (Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4725 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4724 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4723 (Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4722 (Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/def ...)
	NOT-FOR-US: Acora CMS
CVE-2010-5288 (Buffer overflow in the lsConnectionCached function in editcp in EDItra ...)
	NOT-FOR-US: EDItran Communications Platform
CVE-2013-4721 (SQL injection vulnerability in the RSS feed from records extension 1.0 ...)
	NOT-FOR-US: records extension for TYPO3
CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension befo ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news extension befo ...)
	NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
CVE-2013-4718 [XSS]
	RESERVED
	NOT-FOR-US: OTRS ITSM
CVE-2013-4717 [SQL injection]
	RESERVED
	{DSA-2733-1}
	- otrs2 3.2.9-1
	NOTE: http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/
CVE-2012-6581 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6580 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6579 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6578 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6577 (SQL injection vulnerability in the Formhandler extension before 1.4.1  ...)
	NOT-FOR-US: Formhandler TYPO3 extension
CVE-2012-6576 (Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x- ...)
	NOT-FOR-US: Drupal module PRH Search
CVE-2012-6575 (Cross-site scripting (XSS) vulnerability in the Exposed Filter Data mo ...)
	NOT-FOR-US: Drupal module Exposed Filter Data
CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify module  ...)
	NOT-FOR-US: Drupal module Fonecta verify
CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and  ...)
	NOT-FOR-US: Tattyan HP TOWN
CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...)
	NOT-FOR-US: Tiki Wiki
CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6  ...)
	NOT-FOR-US: Tiki Wiki
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
	NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...)
	NOT-FOR-US: I-O DATA DEVICE HDL-A and HDL2-A devices
CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Li ...)
	NOT-FOR-US: Accela Bizsearch
CVE-2013-4710 (Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, ...)
	NOT-FOR-US: Android
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
	NOT-FOR-US: PPP Access Concentrator
CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc.  ...)
	NOT-FOR-US: Internet Initiative Japan Inc
CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with firmware  ...)
	NOT-FOR-US: D-Link
CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with firmware be ...)
	NOT-FOR-US: D-Link
CVE-2013-4705 (Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows  ...)
	NOT-FOR-US: Opera
CVE-2013-4704 (Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 ...)
	NOT-FOR-US: ChamaNet ChamaCargo
CVE-2013-4703 (Cross-site scripting (XSS) vulnerability in the top-page customization ...)
	NOT-FOR-US: Cybozu Office
CVE-2013-4702 (Multiple directory traversal vulnerabilities in the doApiAction functi ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-4701 (Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remo ...)
	- php-openid 2.2.2-1.2 (low; bug #721221)
	[wheezy] - php-openid <no-dsa> (Minor issue)
	[squeeze] - php-openid <no-dsa> (Minor issue)
CVE-2013-4700 (The Yahoo! Japan Shopping application 1.4 and earlier for Android does ...)
	NOT-FOR-US: Yahoo shopping app
CVE-2013-4699 (The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and An ...)
	NOT-FOR-US: Yahoo shopping app
CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to o ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Managem ...)
	NOT-FOR-US: Hitachi
CVE-2013-4695 (Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Exe ...)
	NOT-FOR-US: Winamp
CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Bu ...)
	NOT-FOR-US: Winamp
CVE-2013-4693 (WordPress Xorbin Digital Flash Clock 1.0 has XSS ...)
	NOT-FOR-US: WordPress Xorbin Digital Flash Clock
CVE-2013-4692 (Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS ...)
	NOT-FOR-US: Xorbin Analog Flash Clock
CVE-2013-4691 (Sencha Labs Connect has XSS with connect.methodOverride() ...)
	NOT-FOR-US: Sencha Labs Connect
CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before  ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R befor ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4688 (flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MS ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4687 (flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4686 (The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4685 (Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 be ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4684 (flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 b ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4683 (SQL injection vulnerability in the meta_feedit extension 0.1.10 and ea ...)
	NOT-FOR-US: meta_feedit extension for TYPO3
CVE-2013-4682 (SQL injection vulnerability in the Multishop extension before 2.0.39 f ...)
	NOT-FOR-US: Multishop extension for TYPO3
CVE-2013-4681 (SQL injection vulnerability in the sofortueberweisung2commerce extensi ...)
	NOT-FOR-US: sofortueberweisung2commerce extension TYPO3
CVE-2013-4680 (Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and e ...)
	NOT-FOR-US: meta_feedit extension for TYPO3
CVE-2013-4679 (Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a ...)
	NOT-FOR-US: Symantec Workspace Virtualization
CVE-2013-4678 (The NDMP protocol implementation in Symantec Backup Exec 2010 R3 befor ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4677 (Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 us ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4676 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4675
	RESERVED
CVE-2013-4674 (Cross-site scripting (XSS) vulnerability in the Web Email Protection c ...)
	NOT-FOR-US: Symantec
CVE-2013-4673 (The management console on the Symantec Web Gateway (SWG) appliance bef ...)
	NOT-FOR-US: Symantec
CVE-2013-4672 (The management console on the Symantec Web Gateway (SWG) appliance bef ...)
	NOT-FOR-US: Symantec
CVE-2013-4671 (Cross-site request forgery (CSRF) vulnerability in the management cons ...)
	NOT-FOR-US: Symantec
CVE-2013-4670 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec
CVE-2013-4668 (Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3 ...)
	- file-roller 3.8.3-1
	[squeeze] - file-roller <not-affected> (Doesn't use libarchive)
	[wheezy] - file-roller <not-affected> (Doesn't use libarchive)
	NOTE: http://www.ocert.org/advisories/ocert-2013-001.html
CVE-2013-4667
	RESERVED
CVE-2013-4666
	RESERVED
CVE-2013-4665 (SPBAS Business Automation Software 2012 has CSRF. ...)
	NOT-FOR-US: SPBAS Business Automation Software
CVE-2013-4664 (SPBAS Business Automation Software 2012 has XSS. ...)
	NOT-FOR-US: SPBAS Business Automation Software
CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine a ...)
	NOT-FOR-US: Redmine plugin redmine_git_hosting
CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through  ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly  ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without prope ...)
	NOT-FOR-US: js-yaml
CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ar ...)
	NOT-FOR-US: Broadcom ACSD
CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be ...)
	NOT-FOR-US: Linksys
CVE-2013-4657 (Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due t ...)
	NOT-FOR-US: NETGEAR
CVE-2013-4656 (Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to mi ...)
	NOT-FOR-US: ASUS
CVE-2013-4655 (Symlink Traversal vulnerability in Belkin N900 due to misconfiguration ...)
	NOT-FOR-US: Belkin
CVE-2013-4654 (Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. ...)
	NOT-FOR-US: TP-LINK
CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the signin func ...)
	NOT-FOR-US: Alcatel-Lucent Omnitouch
CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on  ...)
	NOT-FOR-US: Siemens
CVE-2013-4651 (Siemens Scalance W7xx devices with firmware before 4.5.4 use the same  ...)
	NOT-FOR-US: Siemens
CVE-2013-4650 (MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authen ...)
	- mongodb 1:2.4.5-1 (bug #715007)
	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
	[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
CVE-2013-4649 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
	NOT-FOR-US: DotNetNuke
CVE-2013-4648
	RESERVED
CVE-2013-4647
	RESERVED
CVE-2013-4646
	RESERVED
CVE-2013-4645
	RESERVED
CVE-2013-4644
	RESERVED
CVE-2013-4643
	RESERVED
CVE-2013-4642
	RESERVED
CVE-2013-4641
	RESERVED
CVE-2013-4640
	RESERVED
CVE-2013-4639
	RESERVED
CVE-2013-4638
	RESERVED
CVE-2013-4637
	RESERVED
CVE-2013-4669 (FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, ...)
	NOT-FOR-US: FortiClient
CVE-2013-4636 (The mget function in libmagic/softmagic.c in the Fileinfo component in ...)
	- php5 5.5.0+dfsg-1
	[squeeze] - php5 <not-affected> (Introduced with 10367fa7c6a4a2cf9bee02d8905e284185428f09)
	[wheezy] - php5 <not-affected> (Introduced with 10367fa7c6a4a2cf9bee02d8905e284185428f09)
	- file <not-affected> (bug in code modified for PHP)
	NOTE: Tested with the squeeze and wheezy versions
CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the Calend ...)
	- php5 5.5.0+dfsg-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2012-6572 (Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess ...)
	NOT-FOR-US: Inf08 theme for Drupal
CVE-2013-4634 (SQL injection vulnerability in the jQuery autocomplete for indexed_sea ...)
	NOT-FOR-US: rzautocomplete extension for TYPO3
CVE-2013-4633 (Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300  ...)
	NOT-FOR-US: Huawei Seco Versatile Security Manager
CVE-2013-4632 (The Huawei Access Router (AR) before V200R002SPC003 allows remote atta ...)
	NOT-FOR-US: The Huawei Access Router
CVE-2013-4631 (Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabl ...)
	NOT-FOR-US: Huawei AR 150, 200, 1200, 2200, and 3200 routers,
CVE-2013-4630 (Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 320 ...)
	NOT-FOR-US: Huawei routers
CVE-2013-4629 (The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conf ...)
	NOT-FOR-US: Huawei viewpoint
CVE-2013-4628 (The firewall module on the Huawei Quidway Service Process Unit (SPU) b ...)
	NOT-FOR-US: Huawei Quidway Service Process Unit
CVE-2013-4627 (Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remo ...)
	- bitcoin 0.8.3-1
CVE-2012-6571 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...)
	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
CVE-2012-6570 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...)
	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
CVE-2012-6569 (Stack-based buffer overflow in the HTTP module in the (1) Branch Intel ...)
	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
CVE-2012-6568 (Buffer overflow in the back-end component in Huawei UTPS 1.0 allows lo ...)
	NOT-FOR-US: Huawei UTPS
CVE-2013-4626 (Cross-site scripting (XSS) vulnerability in the BackWPup plugin before ...)
	NOT-FOR-US: WordPress plugin BackWPup
CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in files/installer.cleanup.ph ...)
	NOT-FOR-US: WordPress plugin Duplicator
CVE-2013-4624 (Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1 ...)
	NOT-FOR-US: Jahia xCM
CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 an ...)
	{DSA-2782-1}
	- polarssl 1.2.8-1 (low; bug #719954)
CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a defaul ...)
	NOT-FOR-US: HTC Droid Incredible
CVE-2013-4621 (Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities ...)
	NOT-FOR-US: Magnolia CMS
CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in interface/main/onotes/offi ...)
	NOT-FOR-US: OpenEMR
CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote a ...)
	NOT-FOR-US: OpenEMR
CVE-2013-4618
	RESERVED
CVE-2013-4617 (Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Coo ...)
	NOT-FOR-US: Jahia xCM
CVE-2013-4616 (The WifiPasswordController generateDefaultPassword method in Preferenc ...)
	NOT-FOR-US: Apple iOS
CVE-2013-4615 (The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, a ...)
	NOT-FOR-US: EMC Smarts Network Configuration Manager
CVE-2013-4614 (English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300,  ...)
	NOT-FOR-US: EMC Smarts Network Configuration Manager
CVE-2013-4613 (The default configuration of the administrative interface on the Canon ...)
	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5 ...)
	NOT-FOR-US: REDCap
CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remo ...)
	NOT-FOR-US: REDCap
CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in data-entry for ...)
	NOT-FOR-US: REDCap
CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain und ...)
	NOT-FOR-US: REDCap
CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows ...)
	NOT-FOR-US: REDCap
CVE-2013-4607
	RESERVED
CVE-2013-4606
	RESERVED
CVE-2013-4605
	RESERVED
CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to execute arbi ...)
	NOT-FOR-US: REDCap
CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allow ...)
	NOT-FOR-US: REDCap
CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allow ...)
	NOT-FOR-US: REDCap
CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allow ...)
	NOT-FOR-US: REDCap
CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly r ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2013-4603
	RESERVED
CVE-2013-4602 (A Denial of Service (infinite loop) vulnerability exists in Avira Anti ...)
	NOT-FOR-US: Avira
CVE-2013-4601
	RESERVED
CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2013-4599 (The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 fo ...)
	NOT-FOR-US: Drupal module misery
CVE-2013-4598 (The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for ...)
	NOT-FOR-US: Drupal module GCC
CVE-2013-4597 (The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not prop ...)
	NOT-FOR-US: Drupal module Revisioning
CVE-2013-4596 (The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not ...)
	NOT-FOR-US: Drupal module Node Access Keys
CVE-2013-4595 (The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not pro ...)
	NOT-FOR-US: Drupal module Secure Pages
CVE-2013-4594 (The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does  ...)
	NOT-FOR-US: Drupal module Payment for Webform
CVE-2013-4593 (RubyGem omniauth-facebook has an access token security vulnerability ...)
	- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_ma ...)
	- linux 3.8-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
	[wheezy] - linux 3.2.53-1
CVE-2013-4591 (Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4 ...)
	- linux 3.8-1
	[wheezy] - linux <not-affected> (Introduced in 3.6)
	- linux-2.6 <not-affected> (Introduced in 3.6)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...)
	{DSA-3530-1 DLA-91-1}
	- tomcat6 6.0.39 (low)
	[squeeze] - tomcat6 <no-dsa> (Minor issue)
	- tomcat7 7.0.50 (low)
	[wheezy] - tomcat7 <no-dsa> (Minor issue)
	- tomcat8 8.0.0
CVE-2013-4589 (The ExportAlphaQuantumType function in export.c in GraphicsMagick befo ...)
	- graphicsmagick 1.3.18-1 (low; bug #729661)
	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
CVE-2013-4588 (Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl. ...)
	{DSA-2906-1}
	- linux <not-affected> (fixed in 2.6.33)
	- linux-2.6 2.6.37-1
	NOTE: 2.6.37-1 first version including 2.6.33 in unstable for linux-2.6
	NOTE: https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
	NOTE: http://seclists.org/fulldisclosure/2013/Nov/77
CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm ...)
	{DSA-2906-1}
	- linux 3.12.5-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
CVE-2013-4586
	RESERVED
CVE-2013-4585
	RESERVED
CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outbound con ...)
	- perdition 2.1-1 (low; bug #729028)
	[wheezy] - perdition <no-dsa> (Minor issue)
	[squeeze] - perdition <no-dsa> (Minor issue)
CVE-2013-4583 (The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4 ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4582 (The (1) create_branch, (2) create_tag, (3) import_project, and (4) for ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Ed ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4580 (GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Ed ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9 ...)
	- linux-2.6 <not-affected> (ath9k not yet present)
	- linux 3.12.8-1 (bug #729573)
	[wheezy] - linux 3.2.54-1
	NOTE: http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
CVE-2013-4578 (jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote atta ...)
	- openjdk-7 7u51-2.4.4-1
	- openjdk-6 6b30-1.13.1-1
CVE-2013-4577 (A certain Debian patch for GNU GRUB uses world-readable permissions fo ...)
	- grub2 2.00-20 (unimportant; bug #632598)
	NOTE: Additional hardening for rare setups, not a vulnerability
CVE-2013-4576 (GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introduc ...)
	{DSA-2821-1}
	- gnupg 1.4.15-3
CVE-2013-4575 (Heap-based buffer overflow in the utility program in the Linux agent i ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4574 (Cross-site scripting (XSS) vulnerability in the TimeMediaHandler exten ...)
	NOT-FOR-US: TimedMediaHandler mediawiki extension
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=56699
CVE-2013-4573 (Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess  ...)
	NOT-FOR-US: mediawiki extension ZeroRatedMobileAccess
CVE-2013-4572 (The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
CVE-2013-4571 (Buffer overflow in php-luasandbox in the Scribuntu extension for Media ...)
	NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49705
CVE-2013-4570 (The zend_inline_hash_func function in php-luasandbox in the Scribuntu  ...)
	NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=54527
CVE-2013-4569 (The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before  ...)
	NOT-FOR-US: mediawiki extension CleanChanges
CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...)
	- libapache2-mod-nss 1.0.8-4 (low; bug #731627)
	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
CVE-2013-4565 (Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5. ...)
	- xlhtml <removed> (low; bug #729279)
	[wheezy] - xlhtml <no-dsa> (Minor issue)
	[squeeze] - xlhtml <no-dsa> (Minor issue)
CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service (cr ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
	NOTE: https://github.com/libreswan/libreswan/commit/9b31deafbdbf0c2206358dfbf2d4e343e365f23f
CVE-2013-4563 (The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux  ...)
	- linux-2.6 <not-affected> (Introduced in v3.10-rc5)
	- linux 3.11.10-1
	[wheezy] - linux <not-affected> (Introduced in v3.10-rc5)
	NOTE: Introduced: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e2bd517c108816220f262d7954b697af03b5f9c
	NOTE: fixed in: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e033e0
CVE-2013-4562 (The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store t ...)
	- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
	NOTE: https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7
CVE-2013-4561
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2013-4560 (Use-after-free vulnerability in lighttpd before 1.4.33 allows remote a ...)
	{DSA-2795-1}
	- lighttpd 1.4.33-1+nmu1 (bug #729453)
CVE-2013-4559 (lighttpd before 1.4.33 does not check the return value of the (1) setu ...)
	{DSA-2795-1}
	- lighttpd 1.4.33-1+nmu1 (bug #729453)
CVE-2013-4558 (The get_parent_resource function in repos.c in mod_dav_svn Apache HTTP ...)
	- subversion 1.7.14-1
	[squeeze] - subversion <not-affected> (Only affects 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4)
	[wheezy] - subversion <not-affected> (Only affects 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4)
	NOTE: http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
CVE-2013-4557 (The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8  ...)
	{DSA-2794-1}
	- spip 2.1.24-1 (bug #729172)
CVE-2013-4556 (Cross-site scripting (XSS) vulnerability in the author page (prive/for ...)
	{DSA-2794-1}
	- spip 2.1.24-1 (bug #729172)
CVE-2013-4555 (Cross-site request forgery (CSRF) vulnerability in ecrire/action/logou ...)
	{DSA-2794-1}
	- spip 2.1.24-1 (bug #729172)
CVE-2013-4554 (Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), an ...)
	- xen <not-affected> (Doesn't affect Linux)
CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possib ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...)
	NOT-FOR-US: drupalauth module for simpleSAMLphp
CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not  ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Only affects 4.2.x and later)
	[squeeze] - xen <not-affected> (Only affects 4.2.x and later)
CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake error ...)
	- bip 0.8.9-1 (low)
	[wheezy] - bip <no-dsa> (Minor issue)
	[squeeze] - bip <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
	NOTE: https://projects.duckcorp.org/issues/261
	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers t ...)
	- qtbase-opensource-src 5.1.1+dfsg-6
	- qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low; bug #750141)
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://codereview.qt-project.org/#change,70708
CVE-2013-4548 (The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...)
	- openssh 1:6.4p1-1 (bug #729029)
	[wheezy] - openssh <not-affected> (AES-GCM support introduced in 6.2)
	[squeeze] - openssh <not-affected> (AES-GCM support introduced in 6.2)
CVE-2013-4547 (nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attack ...)
	{DSA-2802-1}
	- nginx 1.4.4-1 (bug #730012)
	[squeeze] - nginx <not-affected> (Only applies to 0.8.41 - 1.5.6)
CVE-2013-4546 (The repository import feature in gitlab-shell before 1.7.4, as used in ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disab ...)
	{DSA-2798-1}
	- curl 7.33.0-1
CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local gu ...)
	- qemu 2.0.0+dfsg-1
	[wheezy] - qemu <not-affected> (Introduced in 1.4)
	[squeeze] - qemu <not-affected> (Introduced in 1.4)
	- qemu-kvm <not-affected> (Introduced in 1.4)
	NOTE: see BTS bug #744213
CVE-2013-4543
	REJECTED
CVE-2013-4542 (The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU be ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	NOTE: virtio-scsi support introduced in v1.1: http://wiki.qemu.org/ChangeLog/1.1
CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4540 (Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 migh ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4539 (Multiple buffer overflows in the tsc210x_load function in hw/input/tsc ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4538 (Multiple buffer overflows in the ssd0323_load function in hw/display/s ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 al ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4536
	RESERVED
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4535 (The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4534 (Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remot ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in  ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4532 (Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could  ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4531 (Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows re ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4530 (Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote a ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed>
CVE-2013-4529 (Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remot ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4528
	REJECTED
CVE-2013-4527 (Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow re ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4526 (Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote at ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4525 (Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/ ...)
	- moodle 2.5.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4524 (Directory traversal vulnerability in repository/filesystem/lib.php in  ...)
	- moodle 2.5.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4523 (Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle  ...)
	- moodle 2.5.3-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x b ...)
	- moodle 2.5.3-1 (low)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4521 (RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 ...)
	NOT-FOR-US: Nuxeo
CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attackers to  ...)
	- libxslt <not-affected> (The versions in wheezy and squeeze contain the full patch)
CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1. ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4518 (RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI enti ...)
	NOT-FOR-US: Red Hat Update Infrastructure
CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying Tra ...)
	- libxml-security-java 1.5.6-1 (bug #733938)
	[squeeze] - libxml-security-java <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - libxml-security-java <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc
CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the ...)
	- linux 3.12-1 (unimportant)
	[wheezy] - linux <not-affected> (Affected code not present yet)
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Li ...)
	- linux 3.12-1 (unimportant)
	NOTE: bcm driver not built
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in t ...)
	- linux 3.12-1 (unimportant)
	NOTE: wlags49_h2 driver not built
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpa ...)
	- linux 3.12-1 (unimportant)
	[wheezy] - linux <not-affected> (Affected code not present yet)
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2c65cd2e14ada6de44cb527e7f1990bede24e15
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4512 (Buffer overflow in the exitcode_proc_write function in arch/um/kernel/ ...)
	{DSA-2906-1}
	- linux 3.11.8-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=201f99f170df14ba52ea4c52847779042b7a623b
CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the  ...)
	{DSA-2906-1}
	- linux 3.11.8-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d
CVE-2013-4510 (Directory traversal vulnerability in the client in Tryton 3.0.0, as di ...)
	{DSA-2791-1}
	- tryton-client 2.8.4-1
	NOTE: https://bugs.tryton.org/issue3446
CVE-2013-4509 (The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlie ...)
	- mozc 1.12.1599.102-1 (low; bug #729065)
	[wheezy] - mozc <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	- ibus-anthy 1.5.4-1 (low; bug #729065)
	[wheezy] - ibus-anthy <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	[squeeze] - ibus-anthy <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
	- ibus-pinyin 1.5.0-1 (low; bug #729065)
	[wheezy] - ibus-pinyin <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	[squeeze] - ibus-pinyin <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
	- ibus-chewing 1.4.3-4 (low; bug #730781)
	[wheezy] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	[squeeze] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
	NOTE: http://www.openwall.com/lists/oss-security/2013/11/04/2
	NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines,
	NOTE: can be assigned to affected engines once more info is available
	NOTE: Introduced in 1.5, so stable/oldstable not affected
CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphe ...)
	{DSA-2795-1}
	- lighttpd 1.4.33-1+nmu1 (bug #729453)
	NOTE: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
	NOTE: http://redmine.lighttpd.net/issues/2525
CVE-2013-4507 (Cross-site scripting (XSS) vulnerability in CollectiveAccess Providenc ...)
	NOT-FOR-US: CollectiveAccess
CVE-2013-4506
	RESERVED
CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion 1.4 ...)
	- subversion 1.7.14-1 (bug #730541; unimportant)
	NOTE: Not built in the binary packages
CVE-2013-4504 (The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attacke ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4503 (Cross-site scripting (XSS) vulnerability in the Feed Element Mapper mo ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4502 (The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4501 (The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4500 (The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authen ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x be ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4498 (The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 fo ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Ha ...)
	- nova 2013.2-1
	[wheezy] - nova <not-affected> (OpenStack Essex is not affected)
	NOTE: https://bugs.launchpad.net/nova/+bug/1073306
	NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
	NOTE: https://bugs.launchpad.net/nova/+bug/1202266
	NOTE: https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 d ...)
	- samba 2:4.1.6+dfsg-1 (low)
	[wheezy] - samba 2:3.6.6-6+deb7u3
	[squeeze] - samba <no-dsa> (Minor issue)
	- samba4 <removed>
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
	NOTE: http://www.samba.org/samba/security/CVE-2013-4496
CVE-2013-4495 (The send_the_mail function in server/svr_mail.c in Terascale Open-Sour ...)
	{DSA-2796-1}
	- torque 2.4.16+dfsg-1.3 (bug #729333)
CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock a ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4493
	RESERVED
CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n  ...)
	{DSA-2830-1}
	- ruby-i18n 0.6.9-1
	- libi18n-ruby <removed>
	[squeeze] - libi18n-ruby <not-affected> (vulnerable code not present)
CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (Vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4490 (The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...)
	- gitlab <not-affected> (Fixed before initial release to Debian)
CVE-2013-4489 (The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...)
	- gitlab <not-affected> (Fixed before initial release to Debian)
CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL serv ...)
	- libgadu <unfixed> (unimportant)
	NOTE: Intentional design decision
CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in ...)
	- gnutls28 <not-affected> (libdane is not built; original patch for CVE-2013-4466 not applied)
	- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
	NOTE: off-by one issue in original fix for CVE-2013-4466
CVE-2013-4486 (Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging ...)
	NOT-FOR-US: Zanata
CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8. ...)
	- 389-ds-base 1.3.2.9-1 (bug #730115)
CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of serv ...)
	{DSA-2814-1}
	- varnish 3.0.5-1 (medium; bug #728989)
	NOTE: https://www.varnish-cache.org/trac/ticket/1367
CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3 ...)
	- linux 3.11.8-1 (low)
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8
CVE-2013-4482 (Untrusted search path vulnerability in python-paste-script (aka paster ...)
	NOT-FOR-US: LuCi
CVE-2013-4481 (Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with  ...)
	NOT-FOR-US: LuCi
CVE-2013-4480 (Red Hat Satellite 5.6 and earlier does not disable the web interface t ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-4479 (lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.1 ...)
	{DSA-2805-1}
	- sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 (bug #728232)
	NOTE: https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42
CVE-2013-4478 (Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers ...)
	{DSA-2805-1}
	- sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 (bug #728232)
	NOTE: http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
	NOTE: https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana,  ...)
	- keystone 2013.2-2 (bug #728233)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1242855
CVE-2013-4476 (Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is ...)
	- samba 2:4.0.11+dfsg-1 (low)
	[wheezy] - samba <not-affected> (Doesn't provide AD functionality)
	[squeeze] - samba <not-affected> (Doesn't provide AD functionality)
	- samba4 <removed> (low)
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
CVE-2013-4475 (Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1. ...)
	{DSA-2812-1}
	- samba 2:4.0.11+dfsg-1 (low)
	- samba4 <removed> (low)
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
CVE-2013-4474 (Format string vulnerability in the extractPages function in utils/pdfs ...)
	{DLA-1074-1}
	- poppler 0.18.4-9 (low; bug #729064)
	[squeeze] - poppler <not-affected> (pdfseparate not yet present)
CVE-2013-4473 (Stack-based buffer overflow in the extractPages function in utils/pdfs ...)
	{DLA-1074-1}
	- poppler 0.18.4-9 (low; bug #729064)
	[squeeze] - poppler <not-affected> (pdfseparate not yet present)
CVE-2013-4472 (The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...)
	- poppler <unfixed> (unimportant)
	- xpdf <unfixed> (unimportant)
	NOTE: specific to non-*NIX systems
CVE-2013-4471 (The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 doe ...)
	- horizon 2013.2-1
	[wheezy] - horizon <not-affected> (v3 API introduced in Grizzly)
	NOTE: https://bugs.launchpad.net/horizon/+bug/1237989
CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is  ...)
	{DLA-0015-1}
	- linux 3.11.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	[wheezy] - linux 3.2.53-1
CVE-2013-4469 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_ima ...)
	- nova 2013.2-3 (low; bug #728605)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: CVE for incomplete fix of CVE-2013-2096
CVE-2013-4468 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...)
	NOT-FOR-US: VICIDIAL
CVE-2013-4467 (Multiple SQL injection vulnerabilities in the agent interface (agc/) i ...)
	NOT-FOR-US: VICIDIAL
CVE-2013-4466 (Buffer overflow in the dane_query_tlsa function in the DANE library (l ...)
	- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
	- gnutls28 <not-affected> (libdane is not built)
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
	NOTE: Upstream commit for 3.2.x: https://gitlab.com/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3
CVE-2013-4465 (Unrestricted file upload vulnerability in the avatar upload functional ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-4464
	RESERVED
CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...)
	- nova 2013.2-3 (low; bug #728605)
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-4462 (WordPress Portable phpMyAdmin Plugin has an authentication bypass vuln ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-4461 (SQL injection vulnerability in the web interface for cumin in Red Hat  ...)
	NOT-FOR-US: Cumin
CVE-2013-4460 (Cross-site scripting (XSS) vulnerability in account_sponsor_page.php i ...)
	{DSA-3120-1}
	- mantis <removed> (low; bug #727180)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=16513
CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the  ...)
	- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.18-1 (low; bug #727181)
	[wheezy] - eglibc 2.13-38+deb7u1
	NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072
CVE-2013-4457 (The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent  ...)
	NOT-FOR-US: Cocaine rubygem
CVE-2013-4456
	RESERVED
CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for /e ...)
	NOT-FOR-US: Katello
CVE-2013-4454 (WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypas ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php in LDA ...)
	- ldap-account-manager 4.4-1 (medium; bug #726976)
	[wheezy] - ldap-account-manager <no-dsa> (Minor issue)
	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2013-4452 (Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions ...)
	NOT-FOR-US: JBoss Operation Network
CVE-2013-4451 (gitolite commit fa06a34 through 3.5.3 might allow attackers to have un ...)
	- gitolite <not-affected> (vulnerable code introduced for v3.5.3)
	- gitolite3 <not-affected> (vulnerable code introduced for v3.5.3)
CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8. ...)
	- nodejs 0.10.21~dfsg1-1 (medium)
	NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
	NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not prope ...)
	{DSA-3209-1 DLA-203-1}
	- openldap 2.4.39-1.1 (low; bug #729367)
	[wheezy] - openldap <no-dsa> (Minor issue)
	[squeeze] - openldap <no-dsa> (Minor issue)
	NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
CVE-2013-4448
	REJECTED
CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the Simplenews  ...)
	NOT-FOR-US: Simplenews Drupal contributed module
CVE-2013-4446 (The _json_decode function in plugins/context_reaction_block.inc in the ...)
	NOT-FOR-US: Context Drupal contributed module
CVE-2013-4445 (The json rendering functionality in the Context module 6.x-2.x before  ...)
	NOT-FOR-US: Context Drupal contributed module
CVE-2013-4444 (Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0 ...)
	- tomcat7 7.0.40-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1470435
CVE-2013-4443
	REJECTED
CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated  ...)
	- pwgen 2.07-1 (unimportant; bug #767008)
	NOTE: /dev/random is universally available, if an attacker can create an environment
	NOTE: where it's not available that opens a far bigger can of worms
CVE-2013-4441 (The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ...)
	- pwgen <unfixed> (unimportant; bug #726578)
	NOTE: pwgen is documented to generate memorable passwords, so this is by design
CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty pass ...)
	- pwgen 2.07-1 (unimportant; bug #725507)
	NOTE: Documented shortcoming
CVE-2013-4439 (Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authen ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4438 (Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute  ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4437 (Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 h ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4436 (The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0  ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4435 (Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4434 (Dropbear SSH Server before 2013.59 generates error messages for a fail ...)
	- dropbear 2012.55-1.4 (low; bug #726118)
	[squeeze] - dropbear <no-dsa> (Minor issue)
	[wheezy] - dropbear <no-dsa> (Minor issue)
CVE-2013-4433 (Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows ...)
	- xhprof 0.9.4-1 (bug #726284)
CVE-2013-4432 (Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does  ...)
	- mahara <removed> (low; bug #727539)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
	NOTE: https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952
CVE-2013-4431 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does  ...)
	- mahara <removed> (low; bug #727552)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5832
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5542
	NOTE: https://bugs.launchpad.net/mahara/+bug/1233500
CVE-2013-4430 (Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6. ...)
	- mahara <removed> (unimportant; bug #727548)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5830
	NOTE: https://bugs.launchpad.net/mahara/+bug/1175446
	NOTE: Only exploitable during installation
CVE-2013-4429 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does  ...)
	- mahara <removed> (low; bug #727545)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543
	NOTE: https://bugs.launchpad.net/mahara/+bug/1211758
	[squeeze] - mahara <no-dsa> (Minor issue)
CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly ...)
	- glance 2013.2-1 (bug #726478)
	[wheezy] - glance <not-affected> (does not have the download_image)
CVE-2013-4427 (pyxtrlock before 0.2 does not properly check the return values of the  ...)
	NOT-FOR-US: pyxtrlock
CVE-2013-4426 (pyxtrlock before 0.1 uses an incorrect variable name, which allows phy ...)
	NOT-FOR-US: pyxtrlock
CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starti ...)
	NOT-FOR-US: Osirix
CVE-2013-4424 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...)
	NOT-FOR-US: GateIn
CVE-2013-4423 (CloudForms stores user passwords in recoverable format ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
	- quassel 0.9.1-1
	[wheezy] - quassel <no-dsa> (Issue only relevant if the Qt 4.8.5 fix would be backported)
	[squeeze] - quassel <not-affected> (qt4-x11 is too old)
	NOTE: Issue when used with Qt >= 4.8.5 and PostgreSQL >= 8.2
	NOTE: http://quassel-irc.org/node/120
	NOTE: http://bugs.quassel-irc.org/issues/1244
	NOTE: https://github.com/quassel/quassel/commit/aa1008be162cb27da938cce93ba533f54d228869
	NOTE: Caused by a change in Qt's postgres driver:
	NOTE: https://bugreports.qt-project.org/browse/QTBUG-30076
	NOTE: https://qt.gitorious.org/qt/qtbase/commit/e3c5351d06ce8a12f035cd0627356bc64d8c334a
CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server before  ...)
	- dropbear 2012.55-1.4 (low; bug #726019)
	[squeeze] - dropbear <no-dsa> (Minor issue)
	[wheezy] - dropbear <no-dsa> (Minor issue)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) tar_extract_gl ...)
	{DSA-2863-1}
	- libtar 1.2.20-2 (bug #731860)
CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when ...)
	- libguestfs 1:1.22.7-1
	[wheezy] - libguestfs 1:1.18.1-1+deb7u3
CVE-2013-4418
	REJECTED
CVE-2013-4417
	REJECTED
CVE-2013-4416 (The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, a ...)
	- xen <not-affected> (ocaml version of the xenstore daemon not used in Debian)
CVE-2013-4415 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and R ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for cumi ...)
	NOT-FOR-US: Cumin
CVE-2013-4413 (Directory traversal vulnerability in controller/concerns/render_redire ...)
	NOT-FOR-US: Wicked Ruby Gem
CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from glibc ...)
	- slim 1.3.6-0.1 (bug #725902)
	[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
	[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
	NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
CVE-2013-4411 (Review Board: URL processing gives unauthorized users access to review ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4410 (ReviewBoard: has an access-control problem in REST API ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4409 (An eval() vulnerability exists in Python Software Foundation Djblets 0 ...)
	- djblets <removed> (low; bug #726039)
	- python-django-djblets <removed> (low)
	[squeeze] - python-django-djblets <no-dsa> (Minor issue)
	NOTE: Fix: https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269
CVE-2013-4408 (Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done functi ...)
	{DSA-2812-1}
	- samba 2:4.0.13+dfsg-1
	- samba4 <removed>
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
CVE-2013-4407 (HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module  ...)
	{DSA-2801-1}
	- libhttp-body-perl 1.17-2 (bug #721634)
	[squeeze] - libhttp-body-perl <not-affected> (Vulnerable code introduced in 1.08)
CVE-2013-4406 (The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2,  ...)
	NOT-FOR-US: Quick Tabs Drupal contributed module
CVE-2013-4405 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Cumin
CVE-2013-4404 (cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce use ...)
	NOT-FOR-US: Cumin
CVE-2013-4403
	REJECTED
CVE-2013-4402 (The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x be ...)
	{DSA-2774-1 DSA-2773-1}
	- gnupg2 2.0.22-1 (bug #725433)
	- gnupg 1.4.15-1 (bug #725439)
CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through  ...)
	- libvirt 1.1.4-1 (bug #727101)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
CVE-2013-4400 (virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to  ...)
	- libvirt 1.1.4-1 (bug #727101)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1015228#c3
CVE-2013-4399 (The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...)
	- libvirt 1.1.4-1
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.0)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.0)
CVE-2013-4398
	REJECTED
CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c in l ...)
	{DSA-2817-1}
	- libtar 1.2.20-1 (bug #725938)
CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfon ...)
	{DSA-2784-1}
	- xorg-server 2:1.14.3-4
CVE-2013-4395 (Simple Machines Forum (SMF) through 2.0.5 has XSS ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...)
	{DSA-2777-1}
	- systemd 204-5 (bug #725357)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324
	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680
CVE-2013-4393 (journald in systemd, when the origin of native messages is set to file ...)
	- systemd 204-5 (bug #725357)
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104
	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd
CVE-2013-4392 (systemd, when updating file permissions, allows local users to change  ...)
	- systemd <unfixed> (unimportant; bug #725357)
	[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060
	NOTE: only relevant to systems running systemd along with selinux
CVE-2013-4391 (Integer overflow in the valid_user_field function in journal/journald- ...)
	{DSA-2777-1}
	- systemd 204-5 (bug #725357)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051
	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e
CVE-2013-4390 (Open redirect vulnerability in the AbstractAuthenticationFormServlet i ...)
	NOT-FOR-US: Apache Sling
CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in t ...)
	{DSA-2888-1 DSA-2887-1}
	- rails-4.0 <not-affected> (Only affects 3.x)
	- ruby-actionmailer-3.2 3.2.16-1 (bug #726576)
	- ruby-actionmailer-2.3 <not-affected> (Only affects 3.x)
	- rails <not-affected> (Only affects 3.x)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4388 (Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio. ...)
	{DSA-2973-1}
	- vlc 2.1.0-1 (bug #726528)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not prop ...)
	{DLA-0015-1}
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	- linux 3.11.5-1
	[wheezy] - linux 3.2.53-1
CVE-2013-4386 (Multiple SQL injection vulnerabilities in app/models/concerns/host_com ...)
	- foreman <itp> (bug #663101)
CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in the "extras" unit i ...)
	- chicken 4.8.0.5-1 (bug #724740; low)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search module  ...)
	NOT-FOR-US: Drupal module
CVE-2013-4383 (Cross-site scripting (XSS) vulnerability in the jQuery Countdown modul ...)
	NOT-FOR-US: Drupal module
CVE-2013-4382
	REJECTED
CVE-2013-4381
	REJECTED
CVE-2013-4380 (Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x- ...)
	NOT-FOR-US: Drupal module
CVE-2013-4379 (The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal al ...)
	NOT-FOR-US: Drupal module
CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsRep ...)
	NOT-FOR-US: Javamelody
CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in Qemu  ...)
	- qemu 1.7.0+dfsg-4
	[wheezy] - qemu <not-affected> (Introduced in 1.4)
	[squeeze] - qemu <not-affected> (Introduced in 1.4)
	- qemu-kvm <not-affected> (Introduced in 1.4)
	NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server  ...)
	- x2goserver <not-affected> (Fixed with first upload to Debian)
	NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=42264c88d7885474ebe3763b2991681ddfcfa69a
CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4. ...)
	- xen 4.2
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	- qemu 1.7.0+dfsg-1
	[jessie] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
	[wheezy] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
	[squeeze] - qemu <not-affected> (vulnerable from version 1.1 onwards)
	- qemu-kvm <not-affected> (This only affects Qemu in combination with Xen)
	- xen-qemu-dm-4.0 <not-affected> (Affected code not yet present)
	NOTE: This is only exploitable in combination with Xen.
	NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
	NOTE: Xen in Wheezy includes qemu
	NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
CVE-2013-4374 (An insecurity temporary file vulnerability exists in RHQ Mongo DB Drif ...)
	NOT-FOR-US: RHQ MondoDB Drift Server
CVE-2013-4373 (The storeFiles method in JPADriftServerBean in Red Hat JBoss Operation ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...)
	NOT-FOR-US: JBoss Fuse
CVE-2013-4371 (Use-after-free vulnerability in the libxl_list_cpupool function in the ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
	[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4370 (The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x an ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
	[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4369 (The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
	[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4367 (ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain ...)
	NOT-FOR-US: ovirt
CVE-2013-4366 (http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x bef ...)
	- httpcomponents-client 4.3.2-1
	[wheezy] - httpcomponents-client <not-affected> (vulnerable code not present)
	NOTE: http://svn.apache.org/r1528614
CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read function in ...)
	{DSA-2778-1}
	- libapache2-mod-fcgid 1:2.3.9-1 (bug #725942)
CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...)
	NOT-FOR-US: OpenShift
CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...)
	- rubygems <removed> (unimportant; bug #722361)
	- libgems-ruby <removed> (unimportant; bug #722361)
	NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
	NOTE: it a potential elevated CPU consumption doesn't add any extra harm
	NOTE: CVE for incomplete fix for CVE-2013-4287
CVE-2013-4362 (WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users t ...)
	{DSA-2765-1}
	- davfs2 1.4.7-3 (bug #723034)
	NOTE: http://savannah.nongnu.org/bugs/?40034
CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4360
	REJECTED
CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...)
	{DSA-2767-1}
	- proftpd-dfsg 1.3.5~rc3-2.1 (bug #723179)
CVE-2013-4358 (libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to c ...)
	- libav 6:9.1-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
CVE-2013-4357 (The eglibc package before 2.14 incorrectly handled the getaddrinfo() f ...)
	{DLA-165-1}
	- eglibc 2.17-1 (unimportant; bug #742925)
	[wheezy] - eglibc 2.13-38+deb7u6
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
	NOTE: Fixed upstream in 2.14
CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Only affects 4.3+)
	[squeeze] - xen <not-affected> (Only affects 4.3+)
CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which a ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4354 (The API before 2.1 in OpenStack Image Registry and Delivery Service (G ...)
	- glance <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/glance/+bug/1226078
	NOTE: according to upstream bug there will probably not be a patch for this issue
CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1. ...)
	{DSA-2837-1}
	- openssl 1.0.1f-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e)
CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c in the  ...)
	- apache2 2.4.7-1 (low)
	[wheezy] - apache2 <not-affected> (Only affects 2.4.[56])
	[squeeze] - apache2 <not-affected> (Only affects 2.4.[56])
CVE-2013-4351 (GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bi ...)
	{DSA-2774-1 DSA-2773-1}
	- gnupg 1.4.15-1 (low; bug #722722)
	- gnupg2 2.0.22-1 (low; bug #722724)
CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel th ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.11.5-1
	[wheezy] - linux 3.2.53-1
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
CVE-2013-4349
	REJECTED
CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the Linu ...)
	- linux 3.11.6-2
	- linux-2.6 <not-affected> (Introduced in 3.2)
	[wheezy] - linux 3.2.53-2
CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier func ...)
	- python-oauth2 <removed> (low; bug #722657)
	[wheezy] - python-oauth2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
	NOTE: https://github.com/simplegeo/python-oauth2/issues/9
CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...)
	- python-oauth2 <removed> (low; bug #722656)
	[wheezy] - python-oauth2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
	NOTE: https://github.com/simplegeo/python-oauth2/issues/129
CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.5-1
	[wheezy] - linux 3.2.53-1
CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, wh ...)
	{DSA-2933-1 DSA-2932-1}
	- xen 4.2-1
	[wheezy] - xen <not-affected> (Vulnerable code not present in the bundled 0.10 qemu)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	- qemu 1.6.0+dfsg-2 (unimportant; bug #725944)
	- qemu-kvm <removed> (unimportant)
	- xen-qemu-dm-4.0 <removed>
	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Qemu only exploitable by privileged administrator with malicious configuration
	NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
	NOTE: Xen in Wheezy includes qemu
	NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel  ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-4342 (xinetd does not enforce the user and group configuration directives fo ...)
	- xinetd 1:2.3.15-2 (bug #324678)
	[wheezy] - xinetd 1:2.3.14-7.1+deb7u1
	[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through  ...)
	- moodle 2.5.2-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote aut ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1 (bug #722537)
	NOTE: http://core.trac.wordpress.org/changeset/25321
CVE-2013-4339 (WordPress before 3.6.1 does not properly validate URLs before use in a ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1 (bug #722537)
	NOTE: http://core.trac.wordpress.org/changeset/25323
	NOTE: http://core.trac.wordpress.org/changeset/25324
CVE-2013-4338 (wp-includes/functions.php in WordPress before 3.6.1 does not properly  ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1 (bug #722537)
	NOTE: http://core.trac.wordpress.org/changeset/25325
CVE-2013-4337
	REJECTED
CVE-2013-4336
	REJECTED
CVE-2013-4335 (opOpenSocialPlugin 0.8.2.1, &gt; 0.9.9.2, 0.9.13, 1.2.6: Multiple XML  ...)
	NOT-FOR-US: opOpenSocialPlugin
CVE-2013-4334 (opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities ...)
	NOT-FOR-US: opWebAPIPlugin
CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...)
	NOT-FOR-US: OpenPNE
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...)
	{DLA-165-1}
	- glibc 2.17-93 (bug #722536)
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1 ...)
	- lightdm 1.6.2-1 (bug #721744)
	[wheezy] - lightdm <not-affected> (Introduced in 1.4)
CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, ...)
	NOT-FOR-US: Apache Camel
CVE-2013-4329 (The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <not-affected> (libxl not packaged in squeeze)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-09/msg00001.html
CVE-2013-4328
	REJECTED
CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit au ...)
	{DSA-2777-1}
	- systemd 204-5 (bug #723713)
CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communicat ...)
	- rtkit 0.10-3 (bug #723714)
	[wheezy] - rtkit 0.10-2+wheezy1
CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging a ...)
	{DSA-2829-1}
	- hplip 3.13.9-1 (bug #723716)
CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit author ...)
	- spice-gtk 0.21-0nocelt1 (low)
	[wheezy] - spice-gtk <no-dsa> (Minor issue)
CVE-2013-4323
	RESERVED
CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...)
	{DSA-3530-1 DSA-2897-1 DLA-91-1}
	- tomcat6 6.0.39
	- tomcat7 7.0.50
	- tomcat8 8.0.0
CVE-2013-4321 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x ...)
	- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4320 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x ...)
	- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQU ...)
	{DSA-2770-1}
	- torque 2.4.16+dfsg-1.1 (bug #722306)
	NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
CVE-2013-4318 (File injection vulnerability in Ruby gem Features 0.3.0 allows remote  ...)
	NOT-FOR-US: Ruby gem Features
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API  ...)
	NOT-FOR-US: CloudStack
CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-019.html
CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x  ...)
	{DSA-2755-1}
	- python-django 1.5.3-1 (bug #722605)
CVE-2013-4314 (The X509Extension in pyOpenSSL before 0.13.1 does not properly handle  ...)
	{DSA-2763-1}
	- pyopenssl 0.13-2.1 (bug #722055)
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5 ...)
	- moodle 2.5.2-1
	[squeeze] - moodle <not-affected>
CVE-2016-2847 (fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of  ...)
	{DSA-3503-1}
	- linux 4.3.5-1
	NOTE: https://git.kernel.org/linus/759c01142a5d0f364a462346168a56de28a80f52 (v4.5-rc1)
CVE-2013-4312 (The Linux kernel before 4.4.1 allows local users to bypass file-descri ...)
	{DSA-3503-1 DSA-3448-1}
	- linux 4.3.3-6
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1)
	NOTE: First patch for mitigation in 4.3.3-6, 4.3.5-1 adds a second bit required, that is CVE-2016-2847
CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...)
	- libvirt 1.1.3~rc1-1 (unimportant)
	NOTE: polkit support not activated in Debian build prior to 1.2.9.
	NOTE: sourcewise support for 3-arg pkcheck syntax in libvirt is included
	NOTE: since 0.9.12.3-1 in wheezy-security (and 1.1.3~rc1-1 in unstable). But we need
	NOTE: to wait for the pu in #726558 for policykit-1/0.105-3+deb7u1 and have a rebuild
	NOTE: of libvirt then.
	NOTE: Needs a build dependency on libpolkit-gobject-1-dev
CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html
CVE-2013-4309
	RESERVED
CVE-2013-4308 (Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView. ...)
	NOT-FOR-US: Mediawiki LiquidThreads extension
CVE-2013-4307 (Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/E ...)
	NOT-FOR-US: Mediawiki Wikibase
CVE-2013-4306 (Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUs ...)
	NOT-FOR-US: Mediawiki CheckUser extension
CVE-2013-4305 (Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...)
	- mediawiki-extensions <removed> (unimportant)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
	NOTE: Just an example file
CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x b ...)
	NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-4303 (includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.1 ...)
	- mediawiki 1:1.19.8+dfsg-1 (unimportant)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746
	NOTE: IE6 lacks so many security features that this doesn't matter
CVE-2013-4302 ((1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiM ...)
	{DSA-2753-1}
	- mediawiki 1:1.19.8+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49090
CVE-2013-4301 (includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x  ...)
	- mediawiki 1:1.19.8+dfsg-1 (unimportant)
	[squeeze] - mediawiki <end-of-life>
	NOTE: Full path disclosure irrelevant in Debian
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46332
CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel bef ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users in 3.2)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linu ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.6-2
	[wheezy] - linux 3.2.53-1
	NOTE: upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca
CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1. ...)
	- libvirt 1.1.2-2
	[jessie] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
	[wheezy] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
	[squeeze] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2
	NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6
CVE-2013-4296 (The remoteDispatchDomainMemoryStats function in daemon/remote.c in lib ...)
	{DSA-2764-1}
	- libvirt 1.1.4-1
	[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=158ba8730e44b7dd07a21ab90499996c5dec080a
	NOTE: Fix: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=e7f400a110e2e3673b96518170bfea0855dd82c0
CVE-2013-4295 (The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote atta ...)
	NOT-FOR-US: Apache Shindig
CVE-2013-4294 (The (1) mamcache and (2) KVS token backends in OpenStack Identity (Key ...)
	- keystone 2013.1.3-2 (bug #722505)
	[wheezy] - keystone <not-affected> (only affects Folsom release and above)
CVE-2013-4293 (The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwo ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2013-4292 (libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of servic ...)
	- libvirt 1.1.2~rc2-1 (bug #721325)
	[jessie] - libvirt <not-affected> (Introduced with 1.1.0)
	[wheezy] - libvirt <not-affected> (Introduced with 1.1.0)
	[squeeze] - libvirt <not-affected> (Introduced with 1.1.0)
CVE-2013-4291 (The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1. ...)
	- libvirt 1.1.2-2
	[jessie] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
	[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
	[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=745aa55fbf3e076c4288d5ec3239f5a5d43508a6
CVE-2013-4290 (Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote att ...)
	- openjpeg <removed> (unimportant; bug #722540)
	NOTE: JP3D code not built in the binary package, see #722540
CVE-2013-4289 (Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1 ...)
	- openjpeg <removed> (unimportant; bug #722540)
	NOTE: JP3D code not built in the binary package, see #722540
CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to bypass  ...)
	- policykit-1 0.105-3+nmu1 (low; bug #723717)
	[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
	[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN  ...)
	- rubygems <removed> (unimportant; bug #722361)
	- libgems-ruby <removed> (unimportant; bug #722361)
	NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
	NOTE: it a potential elevated CPU consumption doesn't add any extra harm
CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-R ...)
	{DSA-3530-1 DSA-2897-1 DLA-91-1}
	- tomcat6 6.0.39
	- tomcat7 7.0.47
	- tomcat8 8.0.0
CVE-2013-4285 (A certain Gentoo patch for the PAM S/Key module does not properly clea ...)
	NOT-FOR-US: pam_skey
CVE-2013-4284 (Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers  ...)
	NOT-FOR-US: Cumin
CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attacker ...)
	- 389-ds-base 1.3.2.9-1 (bug #721222)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=999634
CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in serv ...)
	{DSA-2839-1}
	- spice 0.12.4-0nocelt2 (bug #728314)
	NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
CVE-2013-4281
	RESERVED
CVE-2013-4280 (Insecure temporary file vulnerability in RedHat vsdm 4.9.6. ...)
	- vdsm <itp> (bug #668538)
CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which  ...)
	- imapsync <removed>
CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizz ...)
	- nova 2013.1.3-1 (bug #720602)
	[wheezy] - nova <not-affected> (Affected code not present)
	NOTE: incomplete fix for CVE-2013-2256
CVE-2013-4277 (Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1 ...)
	- subversion 1.7.13-1 (low; bug #721542)
	[squeeze] - subversion <no-dsa> (Minor issue, PID file not created by default)
	[wheezy] - subversion <no-dsa> (Minor issue, PID file not created by default)
	NOTE: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcm ...)
	- lcms 1.19.dfsg1-1.3 (low; bug #718682)
	[squeeze] - lcms <no-dsa> (Minor issue)
	[wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
	- lcms2 <not-affected> (Vulnerable code not present)
CVE-2013-4275 (Cross-site scripting (XSS) vulnerability in the zen_breadcrumb functio ...)
	NOT-FOR-US: Drupal contributed module Zen
CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the password_policy_admin_ ...)
	NOT-FOR-US: Drupal addon
CVE-2013-4273 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not prope ...)
	NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x befo ...)
	NOT-FOR-US: Drupal addon
CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...)
	- restlet <itp> (bug #596472)
CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux kern ...)
	- linux-2.6 <not-affected> (Introduced in 3.8)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	NOTE: Introduced with http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cff109768b2d9c03095848f4cd4b0754117262aa
	NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2433c8f094a008895e66f25bd1773cdb01c91d01
CVE-2013-4269
	REJECTED
CVE-2013-4268
	REJECTED
CVE-2013-4267 (Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary  ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2013-4266
	REJECTED
CVE-2013-4265 (The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0 ...)
	- ffmpeg <not-affected> (Affected function codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected function not present in libav)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55
CVE-2013-4264 (The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before ...)
	- ffmpeg <not-affected> (g2meet codec not present in 0.5 ffmpeg)
	- libav <not-affected> (g2meet codec not present in libav)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote v ...)
	- ffmpeg <not-affected> (Affected video filters not present in ffmpeg 0.5)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
	NOTE: [Anton] the report and the fix appear completely bogus, likely working around bugs from completely different parts of the code; most probably not present in any libav release
CVE-2013-4262 (svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile ...)
	- subversion 1.8.5-1 (unimportant)
	NOTE: Optional admin-side utilities in Subversion 1.8.x
CVE-2013-4261 (OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apac ...)
	- nova 2013.2-1 (low)
	[wheezy] - nova <no-dsa> (Will be fixed in a point update)
	NOTE: https://bugs.launchpad.net/nova/+bug/1215091/comments/10 (relevant question for other components)
	NOTE: probably does not affect Essex/2012.1, see https://bugs.launchpad.net/nova/+bug/1215091/comments/6
CVE-2013-4260 (lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when p ...)
	- ansible <not-affected> (affected code introduced with ansible 1.2)
CVE-2013-4259 (runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using C ...)
	- ansible 1.3.4+dfsg-1 (bug #721766)
	NOTE: upstream commit: https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0
CVE-2013-4258 (Format string vulnerability in the osLogMsg function in server/os/aulo ...)
	{DSA-2771-1}
	- nas 1.9.3-6 (bug #720287)
CVE-2013-4257 [Heap Overflow]
	REJECTED
CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio  ...)
	{DSA-2771-1}
	- nas 1.9.3-6 (bug #720287)
CVE-2013-4255 (The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier do ...)
	- condor 8.0.5~dfsg.1-1 (bug #721693)
	[wheezy] - condor <no-dsa> (Minor issue)
CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the Lin ...)
	- linux 3.10.11-1
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <not-affected> (No perf support on arm)
CVE-2013-4253
	RESERVED
CVE-2013-4252
	RESERVED
CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temp ...)
	{DLA-26-1}
	- python-scipy 0.12.0-3 (bug #726093)
	[wheezy] - python-scipy <no-dsa> (Minor issue)
	[squeeze] - python-scipy 0.7.2+dfsg1-1+deb6u1
	NOTE: https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
CVE-2013-4250 (The (1) file upload component and (2) File Abstraction Layer (FAL) in  ...)
	- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4249 (Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget wi ...)
	- python-django 1.5.2-1
	[wheezy] - python-django <not-affected> (1.4.x not affected)
	[squeeze] - python-django <not-affected> (1.2.x not affected)
	NOTE: problem introduced with https://github.com/django/django/commit/ac2052ebc84c45709ab5f0f25e685bf656ce79bc
CVE-2013-4248 (The openssl_x509_parse function in openssl.c in the OpenSSL module in  ...)
	{DSA-2742-1}
	- php5 5.5.3+dfsg-1 (bug #719765)
	NOTE: fix in 5.5.2 incomplete, see http://php.net/ChangeLog-5.php
CVE-2013-4247 (Off-by-one error in the build_unc_path_to_root function in fs/cifs/con ...)
	- linux-2.6 <not-affected> (Introduced in 3.8)
	- linux 3.9.6-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
CVE-2013-4246 (libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might all ...)
	- subversion <not-affected> (only affects 1.8.0 and 1.8.1)
CVE-2013-4245 (Orca has arbitrary code execution due to insecure Python module load ...)
	- gnome-orca <unfixed> (unimportant)
	NOTE: Negligible security impact
CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ...)
	{DSA-2744-1}
	- tiff 4.0.3-3
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4243 (Heap-based buffer overflow in the readgifimage function in the gif2tif ...)
	{DSA-2965-1 DLA-0013-1}
	- tiff 4.0.3-9 (low; bug #742917)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	[squeeze] - tiff 3.9.4-5+squeeze11
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2451
CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...)
	{DSA-2731-1 DSA-2730-1}
	- gnupg 1.4.14-1 (bug #717880)
	- libgcrypt11 1.5.3-1
CVE-2013-4241 (Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimo ...)
	NOT-FOR-US: WordPress plugin HMS Testimonials
CVE-2013-4240 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS  ...)
	NOT-FOR-US: WordPress plugin HMS Testimonials
CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c in lib ...)
	- libvirt 1.1.2~rc1-1 (bug #719533)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
	NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
	NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6 throug ...)
	{DSA-2880-1 DLA-25-1}
	- python2.5 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.5-8 (low; bug #719566)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low; bug #719568)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.2-6 (low; bug #719567)
	NOTE: http://bugs.python.org/issue18709
	NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2. ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-94 (bug #719558)
	[wheezy] - eglibc 2.13-38+deb7u1
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged  ...)
	- vdsm <itp> (bug #668538)
CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...)
	- shadow <unfixed> (unimportant; bug #778950)
CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2)  ...)
	{DSA-2751-1}
	- libmodplug 1:0.8.8.4-4 (bug #719462)
CVE-2013-4233 (Integer overflow in the abc_set_parts function in load_abc.cpp in libm ...)
	{DSA-2751-1}
	- libmodplug 1:0.8.8.4-4 (bug #719462)
CVE-2013-4232 (Use-after-free vulnerability in the t2p_readwrite_pdf_image function i ...)
	{DSA-2744-1}
	- tiff 4.0.3-2 (bug #719303)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4231 (Multiple buffer overflows in libtiff before 4.0.3 allow remote attacke ...)
	{DSA-2744-1}
	- tiff 4.0.3-2 (bug #719303)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4230 (The mm_webform submodule in the Monster Menus module 6.x-6.x before 6. ...)
	NOT-FOR-US: Monster Menus Drupal contributed module
CVE-2013-4229 (Cross-site scripting (XSS) vulnerability in the Monster Menus module 7 ...)
	NOT-FOR-US: Monster Menus Drupal contributed module
CVE-2013-4228 (The OG access fields (visibility fields) implementation in Organic Gro ...)
	NOT-FOR-US: Organic Group Drupal contributed module
CVE-2013-4227 (Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_to ...)
	NOT-FOR-US: Persona Drupal contributed module
CVE-2013-4226 (The Authenticated User Page Caching (Authcache) module 7.x-1.x before  ...)
	NOT-FOR-US: Authenticated User Page Caching Drupal contributed module
CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...)
	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-4224
	REJECTED
CVE-2013-4223 (The Gentoo Nullmailer package before 1.11-r2 uses world-readable permi ...)
	- nullmailer 1:1.11-2 (low; bug #684619)
	[squeeze] - nullmailer <no-dsa> (Minor issue)
	NOTE: CVE originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
	NOTE: had the same problem until 1:1.11-2
CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, an ...)
	- keystone 2013.1.3-1 (bug #719290)
	[wheezy] - keystone <not-affected> (Vulnerable code not present in Openstack Essex)
	NOTE: http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html
CVE-2013-4221 (The default configuration of the ObjectRepresentation class in Restlet ...)
	- restlet <itp> (bug #596472)
	NOTE: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
	NOTE: https://github.com/o2platform/DefCon_RESTing
CVE-2013-4220 (The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel ...)
	- linux-2.6 <not-affected> (ARM64 not supported)
	- linux <not-affected> (ARM64 not yet supported)
CVE-2013-4219 (Multiple integer overflows in the Intel WiMAX Network Service through  ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4218 (The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agen ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4217 (The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4216 (The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraSt ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4215 (The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.1 ...)
	- nagios-plugins 1.4.16+git20130902-1 (unimportant)
	NOTE: vulnerable code present, but check_ipxping is neither built nor installed
	- monitoring-plugins <not-affected> (Fixed before initial upload to Debian)
	NOTE: contrib/check_ipxping removed from src:monitoring-pluging before the
	NOTE: initial upload to Debian after the source package rename.
CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE ...)
	- nagios3 3.5.1-1 (low; bug #719056)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - nagios3 <not-affected> (html/rss-newsfeed.php not present)
	NOTE: fixed by removing html/rss-newsfeed.php completely
	NOTE: http://anonscm.debian.org/gitweb/?p=pkg-nagios/pkg-nagios3.git;a=commit;h=c88bef82308c99601732bb9517a1af5bc6928282
CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not pro ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache Roll ...)
	NOT-FOR-US: Apache Roller
CVE-2013-4211 (A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to ...)
	NOT-FOR-US: OpenX
CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat  ...)
	NOT-FOR-US: JBoss Remoting
CVE-2013-4209 (Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2013-4208 (The rsa_verify function in PuTTY before 0.63 (1) does not clear sensit ...)
	{DSA-2736-1}
	- putty 0.63-1
	- filezilla 3.7.3-1 (low; bug #719070)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
CVE-2013-4207 (Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH serv ...)
	{DSA-2736-1}
	- putty 0.63-1
	- filezilla 3.7.3-1 (low; bug #719070)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
CVE-2013-4206 (Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...)
	{DSA-2736-1}
	- putty 0.63-1
	- filezilla 3.7.3-1 (low; bug #719070)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c  ...)
	- linux 3.10.7-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-4204 (Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files ...)
	- gwt <removed> (low)
	[squeeze] - gwt <no-dsa> (Minor issue)
	NOTE: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
CVE-2013-4203 (The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem be ...)
	NOT-FOR-US: Ruby Rgpg Gem
CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer (contr ...)
	- cinder 2013.1.2-4 (bug #719118)
CVE-2013-4201 (Katello allows remote authenticated users to call the "system remove_d ...)
	NOT-FOR-US: Katello
CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone ...)
	NOT-FOR-US: Plone
CVE-2013-4199 ((1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4. ...)
	NOT-FOR-US: Plone
CVE-2013-4198 (mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4. ...)
	NOT-FOR-US: Plone
CVE-2013-4197 (member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and  ...)
	NOT-FOR-US: Plone
CVE-2013-4196 (The object manager implementation (objectmanager.py) in Plone 2.1 thro ...)
	NOT-FOR-US: Plone
CVE-2013-4195 (Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) p ...)
	NOT-FOR-US: Plone
CVE-2013-4194 (The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x thr ...)
	NOT-FOR-US: Plone
CVE-2013-4193 (typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3. ...)
	NOT-FOR-US: Plone
CVE-2013-4192 (sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x thr ...)
	NOT-FOR-US: Plone
CVE-2013-4191 (zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x throug ...)
	NOT-FOR-US: Plone
CVE-2013-4190 (Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect ...)
	NOT-FOR-US: Plone
CVE-2013-4189 (Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py,  ...)
	NOT-FOR-US: Plone
CVE-2013-4188 (traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x  ...)
	NOT-FOR-US: Plone
CVE-2013-4187 (The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly  ...)
	NOT-FOR-US: Flippy Contributed Drupal module
CVE-2013-4186
	REJECTED
CVE-2013-4185 (Algorithmic complexity vulnerability in OpenStack Compute (Nova) befor ...)
	- nova 2013.1.2-3 (low; bug #718907)
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-4184 (Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink a ...)
	- libdata-uuid-perl <unfixed> (unimportant; bug #718949)
	NOTE: https://github.com/rjbs/Data-UUID/issues/5
	NOTE: Neutralised by kernel temp hardening
CVE-2013-4183 (The clear_volume function in LVMVolumeDriver driver in OpenStack Cinde ...)
	- cinder 2013.1.2-4 (bug #719010)
CVE-2013-4182 (app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 doe ...)
	- foreman <itp> (bug #663101)
CVE-2013-4181 (Cross-site scripting (XSS) vulnerability in the addAlert function in t ...)
	NOT-FOR-US: ovirt
CVE-2013-4180 (The (1) power and (2) ipmi_boot actions in the HostController in Forem ...)
	- foreman <itp> (bug #663101)
CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly 2013. ...)
	- nova 2013.1.3-1
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	NOTE: CVE for incomplete fix applied for CVE-2013-1664
CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...)
	NOT-FOR-US: GA Login Drupal contributed module
CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...)
	NOT-FOR-US: GA Login Drupal contributed module
CVE-2013-4176 (mysecureshell 1.31: Local Information Disclosure Vulnerability ...)
	NOT-FOR-US: MySecureShell
CVE-2013-4175 (MySecureShell 1.31 has a Local Denial of Service Vulnerability ...)
	NOT-FOR-US: MySecureShell
CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald modul ...)
	NOT-FOR-US: Scald Drupal contributed module
CVE-2013-4173 (Directory traversal vulnerability in the trend-data daemon (xymond_rrd ...)
	- xymon 4.3.17-2 (bug #717895)
	[wheezy] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
	[squeeze] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote administrato ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...)
	NOT-FOR-US: Apache Roller
CVE-2013-4170
	RESERVED
CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
	- gdm <removed> (unimportant)
	- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
	NOTE: In Debian /tmp/.X11-unix is created by  /etc/init.d/x11-common
CVE-2013-4168 (Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the sta ...)
	{DLA-348-1}
	- smokeping 2.6.8-2 (low)
	[squeeze] - smokeping <no-dsa> (Minor issue)
	NOTE: https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563
CVE-2013-4167 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) be ...)
	- cmsms <itp> (bug #608888)
CVE-2013-4166 (The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNO ...)
	- evolution <unfixed> (unimportant)
	NOTE: Regular UI bug, not a security issue.
CVE-2013-4165 (The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provid ...)
	- bitcoin 0.8.4-1 (bug #717828)
	NOTE: https://github.com/bitcoin/bitcoin/issues/2838
CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 bef ...)
	{DSA-2810-1 DSA-2809-1}
	- ruby1.8 1.8.7.358-9 (bug #730189)
	- ruby1.9.1 1.9.3.484-1 (bug #730178)
	- ruby2.0 2.0.0.353-1 (bug #730190)
	NOTE: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6  ...)
	{DSA-2745-1}
	- linux 3.10.5-1
	- linux-2.6 <not-affected> (Introduced in 3.5)
CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6  ...)
	{DSA-2906-1 DSA-2745-1}
	- linux 3.10.5-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-4161 (gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012- ...)
	- gksu-polkit <not-affected> (CVE for improperly applied fix for CVE-2012-5617 on Red Hat)
CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...)
	- lcms 1.19.dfsg1-1.3 (low; bug #728208)
	[squeeze] - lcms <no-dsa> (Minor issue)
	[wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
	- lcms2 2.2+git20110628-2.3 (bug #714529)
	[wheezy] - lcms2 2.2+git20110628-2.2+deb7u1
	NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=826097#c9
CVE-2013-4159 (ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary fi ...)
	- ctdb 2.5.1+debian0-1 (bug #749840)
	[wheezy] - ctdb <no-dsa> (Minor issue)
	[squeeze] - ctdb <no-dsa> (Minor issue)
CVE-2013-4158 (smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) ...)
	- smokeping <not-affected> (fix for CVE-2012-0790/DSA-2651-1 uses regexp from 2.6.9 upstream release)
	NOTE: CVE is for incomplete fix for CVE-2012-0790
	NOTE: Debian package applied already the more complete fix, see #659899
CVE-2013-4157 (Red Hat Storage 2.0 allows local users to overwrite arbitrary files vi ...)
	NOT-FOR-US: Red Hat Storage Server
CVE-2013-4156 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to caus ...)
	- libreoffice 1:4.1.0-1 (unimportant)
	[wheezy] - libreoffice <ignored> (Minor issue)
	- openoffice.org <removed> (unimportant)
	NOTE: Harmless crash
CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows aut ...)
	{DSA-2737-1}
	- swift 1.8.0-7 (bug #719008)
CVE-2013-4154 (The qemuAgentCommand function in libvirt before 1.1.1, when a guest ag ...)
	- libvirt 1.1.0-4 (low; bug #717355)
	[squeeze] - libvirt <not-affected> (only affects >= 1.1.0)
	[wheezy] - libvirt <not-affected> (only affects >= 1.1.0)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=d47eff88fe50e43a36671f6d8d0eeda52835d5e0 (v1.1.0)
	NOTE: http://openwall.com/lists/oss-security/2013/07/19/12
CVE-2013-4153 (Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qe ...)
	- libvirt 1.1.0-4 (bug #717354)
	[squeeze] - libvirt <not-affected> (Introduced in 1.0.6)
	[wheezy] - libvirt <not-affected> (Introduced in 1.0.6)
	NOTE: http://openwall.com/lists/oss-security/2013/07/19/11
CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1,  ...)
	{DSA-2842-1}
	- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
CVE-2013-4151 (The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 a ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 thro ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4149 (Buffer overflow in virtio_net_load function in net/virtio-net.c in QEM ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4148 (Integer signedness error in the virtio_net_load function in hw/net/vir ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon (Y ...)
	- yardradius <removed> (low; bug #714612)
	[squeeze] - yardradius <no-dsa> (Minor issue)
	[wheezy] - yardradius <no-dsa> (Minor issue)
CVE-2013-4146
	RESERVED
CVE-2013-4145
	REJECTED
CVE-2013-4144
	RESERVED
CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockm ...)
	- xlockmore <removed>
	NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
CVE-2013-4142
	REJECTED
CVE-2013-4141
	REJECTED
CVE-2013-4140 (Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash ...)
	NOT-FOR-US: TinyBox Drupal contributed module
CVE-2013-4139 (The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows r ...)
	NOT-FOR-US: Stage File Proxy Drupal contributed module
CVE-2013-4138 (Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x be ...)
	NOT-FOR-US: Hatch Drupal contributed module
CVE-2013-4137 (Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 a ...)
	- statusnet <itp> (bug #491723)
CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 f ...)
	- passenger 3.0.13debian-1.2
	- ruby-passenger 3.0.13debian-1.2 (low; bug #717176)
	[squeeze] - passenger <no-dsa> (minor, local, issue)
	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt ...)
	{DSA-2729-1}
	- openafs 1.6.5-1
CVE-2013-4134 (OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 use ...)
	{DSA-2729-1}
	- openafs 1.6.5-1
CVE-2013-4133 (kde-workspace before 4.10.5 has a memory leak in plasma desktop ...)
	- kde-workspace 4:4.10.5-3 (unimportant; bug #717180)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=314919
	NOTE: Plain bug, security implication rather far-fetched
CVE-2013-4132 (KDE-Workspace 4.10.5 and earlier does not properly handle the return v ...)
	- kde-workspace 4:4.10.5-3 (bug #717180)
	[wheezy] - kde-workspace <not-affected> (Only exploitable with glibc 2.17)
	- kdebase-workspace <not-affected> (Only exploitable with glibc 2.17)
	NOTE: https://git.reviewboard.kde.org/r/111261/
	NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
	NOTE: only relevant with eglibc >= 2.17.
CVE-2013-4131 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
	- subversion 1.7.13-1 (bug #717794)
	[squeeze] - subversion <not-affected> (Only affects >= 1.7)
	[wheezy] - subversion <not-affected> (Only affects >= 1.7)
CVE-2013-4130 (The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty ...)
	{DSA-2839-1}
	- spice 0.12.4-0nocelt1 (low; bug #717030)
	[wheezy] - spice <no-dsa> (Minor issue)
CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through 3.10.3 ...)
	- linux <not-affected> (Introduced in 3.11-rc1)
	- linux-2.6 <not-affected> (Introduced in 3.11-rc1)
CVE-2013-4128 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not pro ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in  ...)
	- linux 3.10.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-4126
	RESERVED
CVE-2013-4125 (The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack  ...)
	- linux 3.10.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in  ...)
	- samba 2:3.6.17-1 (low)
	[wheezy] - samba 2:3.6.6-6+deb7u1
	[squeeze] - samba 2:3.5.6~dfsg-3squeeze10
	- samba4 <unfixed> (low)
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
	NOTE: https://www.samba.org/samba/security/CVE-2013-4124
	NOTE: samba as per 2:4.0.9+dfsg-2 is the first upload of the unified samba 4.x package to unstable.
	NOTE: Issue also fixed in 4.0.8 upstream, thus the fix still contained in 4.x in unstable
CVE-2013-4123 (client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3 ...)
	- squid <not-affected> (Only affects 3.2 onwards)
	- squid3 3.3.8-1 (bug #716743)
	[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
	[squeeze] - squid3 <not-affected> (Only affects 3.2 onwards)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_3.txt
CVE-2013-4122 (Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a ...)
	{DSA-3368-1}
	- cyrus-sasl2 2.1.26.dfsg1-14 (bug #716835; bug #784112)
	[wheezy] - cyrus-sasl2 <not-affected> (Only exploitable with eglibc 2.17 and later)
	[squeeze] - cyrus-sasl2 <not-affected> (Only exploitable with eglibc 2.17 and later)
	NOTE: http://openwall.com/lists/oss-security/2013/07/12/3
	NOTE: http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
	NOTE: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3803
	NOTE: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3806
	NOTE: Was originally already fixed in 2.1.25.dfsg1-14 (cf. #716835)
CVE-2013-4121
	REJECTED
CVE-2013-4120 (Katello has a Denial of Service vulnerability in API OAuth authenticat ...)
	NOT-FOR-US: Katello
CVE-2013-4119 (FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause  ...)
	- freerdp <not-affected> (The server part is not build)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53
	NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt
CVE-2013-4118 (FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial o ...)
	- freerdp <not-affected> (The server part is not build)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7
	NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt
CVE-2013-4117 (Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php i ...)
	NOT-FOR-US: WordPress plugin category-grid-view-gallery
CVE-2013-4116 (lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local us ...)
	- npm 1.3.10~dfsg-1 (bug #715325)
	NOTE: Upstream fix https://github.com/isaacs/npm/commit/f4d31693
	NOTE: https://github.com/isaacs/npm/issues/3635
CVE-2013-4115 (Buffer overflow in the idnsALookup function in dns_internal.cc in Squi ...)
	- squid <not-affected> (Only affects 3.2 onwards)
	- squid3 3.3.8-1 (bug #716743)
	[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
	[squeeze] - squid3 <not-affected> (Only affects 3.2 onwards)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
CVE-2013-4114 (The automatic update request in Nagstamont before 0.9.10 uses a cleart ...)
	- nagstamon 0.9.9-2 (low; bug #716718)
	[wheezy] - nagstamon <no-dsa> (Minor issue)
	[squeeze] - nagstamon <no-dsa> (Minor issue)
	NOTE: update checks are disabled in Debian by default, see debian/patches/check-for-new-version.patch
CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing  ...)
	{DSA-2723-1}
	- php5 5.5.0+dfsg-15 (bug #717139)
CVE-2013-4112 (The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and ...)
	- libjgroups-java 2.12.2.Final-4 (bug #717031)
	[wheezy] - libjgroups-java <no-dsa> (Minor issue)
	[squeeze] - libjgroups-java <no-dsa> (Minor issue)
	NOTE: libjgroups-java/2.12.2.Final-4 disables diagnostic probing by default
CVE-2013-4111 (The Python client library for Glance (python-glanceclient) before 0.10 ...)
	- python-glanceclient 1:0.9.0-2 (bug #718282)
CVE-2013-4110 (Cryptocat has an Unspecified Chat Participant User List Disclosure ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4109 (An unspecified cross-site scripting (XSS) vulnerability exists in Cryp ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4108 (Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2. ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4107 (Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site  ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4106 (A Cross-site scripting (XSS) vulnerability exists in Conversation Over ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4104 (Cryptocat before 2.0.22 has weak encryption in the Socialist Millionna ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4103 (Cryptocat before 2.0.22 has Remote Script Injection due to improperly  ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4102 (Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generat ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4101 (Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4100 (Cryptocat before 2.0.22 has Remote Denial of Service via username ...)
	NOT-FOR-US: Cryptocat
CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...)
	NOT-FOR-US: JOGAMP
CVE-2013-4098 (ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote  ...)
	NOT-FOR-US: DS3 Authentication Server
CVE-2013-4097 (ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows r ...)
	NOT-FOR-US: DS3 Authentication Server
CVE-2013-4096 (ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allo ...)
	NOT-FOR-US: DS3 Authentication Server
CVE-2013-4095 (plain/actionsets.html in the SecureSphere Operations Manager (SOM) Man ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4094 (The Key Management feature in the SecureSphere Operations Manager (SOM ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4093 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...)
	- varnish 3.0.4-1
	NOTE: https://varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html
CVE-2013-4089
	RESERVED
CVE-2013-4088 (Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OT ...)
	{DSA-2712-1}
	- otrs2 3.2.8-1
	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
	NOTE: DSA-2733-1
	NOTE: http://web.archive.org/web/20130827134500/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-04/
CVE-2013-4087
	RESERVED
CVE-2013-4086
	RESERVED
CVE-2013-4085
	RESERVED
CVE-2013-4084
	RESERVED
CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the D ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark 1.2.11-6+squeeze11
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717
CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file par ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
CVE-2013-4081 (The http_payload_subdissector function in epan/dissectors/packet-http. ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (unimportant; bug #711918)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
	NOTE: Not suitable for code injection
CVE-2013-4080 (The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors ...)
	{DLA-497-1}
	- wireshark 1.10.0-1 (unimportant; bug #711918)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764
CVE-2013-4079 (The dissect_schedule_message function in epan/dissectors/packet-gsm_cb ...)
	{DLA-497-1}
	- wireshark 1.10.0-1 (unimportant; bug #711918)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730
CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x b ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8. ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697
CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissector ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727
CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wire ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726
CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/s ...)
	{DSA-2809-1 DSA-2738-1}
	- ruby1.8 1.8.7.358-7.1 (bug #714541)
	- ruby1.9.1 1.9.3.194-8.2 (bug #714543)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
	NOTE: https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 (1.9.3)
	NOTE: https://github.com/ruby/ruby/commit/961bf7496ded3acfe847cf56fa90bbdcfd6e614f (1.8.7)
	NOTE: Regression with patch: https://bugs.ruby-lang.org/issues/8575
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=41812&view=revision
CVE-2013-4072
	RESERVED
CVE-2013-4071
	RESERVED
CVE-2013-4070 (The Portal application in IBM SPSS Collaboration and Deployment Servic ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4069 (The Portal application in IBM SPSS Collaboration and Deployment Servic ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4068 (Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 b ...)
	NOT-FOR-US: IBM
CVE-2013-4067 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and  ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-4066 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and  ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-4065 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...)
	NOT-FOR-US: iNotes in IBM Domino
CVE-2013-4064 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...)
	NOT-FOR-US: iNotes in IBM Domino
CVE-2013-4063 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...)
	NOT-FOR-US: iNotes in IBM Domino
CVE-2013-4062 (IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 ce ...)
	NOT-FOR-US: IBM
CVE-2013-4061 (IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check  ...)
	NOT-FOR-US: IBM
CVE-2013-4060
	RESERVED
CVE-2013-4059 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere  ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-4058 (Multiple SQL injection vulnerabilities in IBM InfoSphere Information S ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-4057 (Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality Co ...)
	NOT-FOR-US: IBM
CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
	NOT-FOR-US: IBM Domino
CVE-2013-4054 (Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ ...)
	NOT-FOR-US: WebSphere
CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application Server (WA ...)
	NOT-FOR-US: WebSphere
CVE-2013-4052 (Cross-site scripting (XSS) vulnerability in the UDDI Administrative co ...)
	NOT-FOR-US: WebSphere
CVE-2013-4051 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
	NOT-FOR-US: IBM Domino
CVE-2013-4050 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Dom ...)
	NOT-FOR-US: IBM Domino
CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...)
	NOT-FOR-US: IBM SPSS
CVE-2013-4048 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decisi ...)
	NOT-FOR-US: IBM SPSS
CVE-2013-4047 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decisi ...)
	NOT-FOR-US: IBM SPSS
CVE-2013-4046 (Open redirect vulnerability in IBM SPSS Collaboration and Deployment S ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4045 (Cross-site scripting (XSS) vulnerability in the Portal application in  ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4044 (IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4043 (The server in IBM SPSS Collaboration and Deployment Services 4.x befor ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment Ser ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...)
	NOT-FOR-US: IBM JDK
CVE-2013-4040 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x be ...)
	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-4039 (IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allo ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-4038 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2013-4037 (The RAKP protocol support in the Intelligent Platform Management Inter ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2013-4036 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2013-4035 (IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, ...)
	NOT-FOR-US: IBM Sterling
CVE-2013-4034 (IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4,  ...)
	NOT-FOR-US: IBM
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
	NOT-FOR-US: IBM DB2
CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edi ...)
	NOT-FOR-US: IBM
CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2013-4030 (Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X ...)
	NOT-FOR-US: IBM System X and Flex System
CVE-2013-4029
	RESERVED
CVE-2013-4028
	RESERVED
CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4026
	RESERVED
CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager  ...)
	NOT-FOR-US: IBM
CVE-2013-4024 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager  ...)
	NOT-FOR-US: IBM
CVE-2013-4023
	RESERVED
CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager  ...)
	NOT-FOR-US: IBM
CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4016 (SQL injection vulnerability in IBM Maximo Asset Management 7.x before  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to bypass  ...)
	NOT-FOR-US: MS IE
CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4012 (IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Templat ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand subsystem in IB ...)
	NOT-FOR-US: IBM AIX
CVE-2013-4010
	RESERVED
CVE-2013-4009
	RESERVED
CVE-2013-4008
	RESERVED
CVE-2013-4007 (Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced ...)
	NOT-FOR-US: IBM
CVE-2013-4006 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5. ...)
	NOT-FOR-US: IBM
CVE-2013-4005 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA App ...)
	NOT-FOR-US: IBM TRIRIGA
CVE-2013-4002 (XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used i ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center before 10. ...)
	NOT-FOR-US: IBM Cognos Command Center
CVE-2013-4000 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cogn ...)
	NOT-FOR-US: IBM Cognos Command Center
CVE-2013-3999 (Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics ...)
	NOT-FOR-US: IBM Social Media Analytics
CVE-2013-3998 (CRLF injection vulnerability in the Web Application Enterprise Console ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-3997 (Open redirect vulnerability in the Web Application Enterprise Console  ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-3996 (IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FR ...)
	NOT-FOR-US: IBM
CVE-2013-3995 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights ...)
	NOT-FOR-US: IBM
CVE-2013-3994
	RESERVED
CVE-2013-3993 (IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated  ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2013-3992 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigI ...)
	NOT-FOR-US: IBM
CVE-2013-3991
	RESERVED
CVE-2013-3990 (Cross-site scripting (XSS) vulnerability in the MIME e-mail functional ...)
	NOT-FOR-US: IBM
CVE-2013-3989 (IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppSc ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-3988 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3987
	RESERVED
CVE-2013-3986 (IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause  ...)
	NOT-FOR-US: IBM
CVE-2013-3985 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-3984 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3983 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3982 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3981 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3980 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3979 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages  ...)
	NOT-FOR-US: IBM Cognos Command Center
CVE-2013-3978 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3977 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3976 (The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-3975 (Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x th ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3974
	RESERVED
CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7. ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2 ...)
	- mongodb 1:2.4.5-1 (bug #715007; bug #717173)
	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
	[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
	NOTE: http://www.mongodb.org/about/alerts/ SERVER-9878
CVE-2013-3968
	RESERVED
CVE-2013-3967
	RESERVED
CVE-2013-3966
	RESERVED
CVE-2013-3965
	RESERVED
CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082 ...)
	NOT-FOR-US: Samsung
CVE-2013-3963 (Cross-site request forgery (CSRF) vulnerability in goform/usermanage i ...)
	NOT-FOR-US: Grandstream
CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV35 ...)
	NOT-FOR-US: Grandstream
CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda bef ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2013-3960 (Easytime Studio Easy File Manager 1.1 has a HTTP request security bypa ...)
	NOT-FOR-US: Easytime Studio Easy File Manager
CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIM ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web Navigator i ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-3956 (The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windo ...)
	NOT-FOR-US: Novell Client on Windows
CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3954 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3953 (The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3952 (The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3951 (sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3950 (Stack-based buffer overflow in the openSharedCacheFile function in dyl ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3949 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination of the  ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 ...)
	NOT-FOR-US: AhnLab V3 Internet Security
CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 ...)
	NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a ...)
	NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.3 ...)
	NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
	NOT-FOR-US: DotNetNukeDot
CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vul ...)
	NOT-FOR-US: Potplayer
CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...)
	NOT-FOR-US: XnView
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2013-3939 (xnview.exe in XnView before 2.13 does not properly handle RLE strip le ...)
	NOT-FOR-US: XnView
CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attackers  ...)
	NOT-FOR-US: XnView
CVE-2013-3937 (Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows  ...)
	NOT-FOR-US: XnView
CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before  ...)
	NOT-FOR-US: Opsview
CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...)
	NOT-FOR-US: Opsview
CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as use ...)
	NOT-FOR-US: Kingsoft Office 2013
CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joom ...)
	NOT-FOR-US: Joomla component com_joomshopping
CVE-2013-3932 (SQL injection vulnerability in the Jomres (com_jomres) component befor ...)
	NOT-FOR-US: Jomres (com_jomres) component for Joomla!
CVE-2013-3931 (Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) co ...)
	NOT-FOR-US: Jomres (com_jomres) component for Joomla!
CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows r ...)
	NOT-FOR-US: Core FTP (client)
CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
	NOT-FOR-US: CMS Made Simple
CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...)
	NOT-FOR-US: Chasys Draw IES
CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 b ...)
	NOT-FOR-US: Siemens COMOS
CVE-2013-3926 (** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execut ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2013-3925 (Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4 ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2013-3924
	RESERVED
CVE-2013-3923 (Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0  ...)
	NOT-FOR-US: SavySoda WiFi HD Free
CVE-2013-3922 (Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HT ...)
	NOT-FOR-US: Gummy Bear Studios FTP Drive + HTTP Server
CVE-2013-3921 (Directory traversal vulnerability in Easytime Studio Easy File Manager ...)
	NOT-FOR-US: Easytime Studio Easy File Manager
CVE-2013-3920 (Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 all ...)
	NOT-FOR-US: Jahia xCM
CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll i ...)
	NOT-FOR-US: Microsoft
CVE-2013-3917 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3916 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3915 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3914 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3913
	REJECTED
CVE-2013-3912 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3911 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft
CVE-2013-3910 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft
CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers to rea ...)
	NOT-FOR-US: Microsoft
CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote a ...)
	NOT-FOR-US: Microsoft
CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 S ...)
	NOT-FOR-US: Microsoft
CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does n ...)
	NOT-FOR-US: Microsoft
CVE-2013-3904
	REJECTED
CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3901
	REJECTED
CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, doe ...)
	NOT-FOR-US: Microsoft
CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in mshtml.dl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate  ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2013-3895 (Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remot ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3894 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3893 (Use-after-free vulnerability in the SetMouseCapture implementation in  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3892 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-3891 (Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-3890 (Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3889 (Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3887 (The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode driv ...)
	NOT-FOR-US: Microsoft
CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3884
	REJECTED
CVE-2013-3883
	REJECTED
CVE-2013-3882 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3881 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3880 (The App Container feature in the kernel-mode drivers in Microsoft Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3877
	REJECTED
CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3873 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3872 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3871 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 a ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft
CVE-2013-3868 (Microsoft Active Directory Lightweight Directory Service (AD LDS) on W ...)
	NOT-FOR-US: Microsoft
CVE-2013-3867
	REJECTED
CVE-2013-3866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3863 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2013-3862 (Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2013-3861 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allo ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3860 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3859 (Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Off ...)
	NOT-FOR-US: Microsoft Pinyin IME
CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3857 (Microsoft Word Automation Services in SharePoint Server 2010 SP1 and S ...)
	NOT-FOR-US: Microsoft
CVE-2013-3856 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2013-3855 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, a ...)
	NOT-FOR-US: Microsoft
CVE-2013-3854 (Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3853 (Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3852 (Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3851 (Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Of ...)
	NOT-FOR-US: Microsoft
CVE-2013-3850 (Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compat ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-3849 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3848 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3847 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3846 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3845 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2013-3844
	REJECTED
CVE-2013-3842 (Unspecified vulnerability Oracle Solaris 10 allows local users to affe ...)
	NOT-FOR-US: Solaris
CVE-2013-3841 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3840 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3839 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1 DSA-2780-1}
	- mysql-5.5 5.5.33
	- mysql-5.1 <removed>
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-3838 (Unspecified vulnerability in Oracle SPARC Enterprise T &amp; M Series  ...)
	NOT-FOR-US: Oracle SPARC Enterprise
CVE-2013-3837 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3836 (Unspecified vulnerability in the Oracle Web Cache component in Oracle  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3835 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3834 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle Secure Global Desktop
CVE-2013-3833 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3832 (Unspecified vulnerability in the Siebel Server Remote component in Ora ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3831 (Unspecified vulnerability in the Oracle Portal component in Oracle Fus ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3830 (Unspecified vulnerability in the Hyperion Strategic Finance component  ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2013-3829 (Unspecified vulnerability in the Java SE, Java SE Embedded component i ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component in Orac ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2013-3826 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration co ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3824 (Unspecified vulnerability in the Oracle Agile Collaboration Framework  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3823 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3822 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3821 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3820 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3819 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3817
	REJECTED
CVE-2013-3816 (Unspecified vulnerability in the Oracle Policy Automation component in ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-3815
	REJECTED
CVE-2013-3814 (Unspecified vulnerability in the Oracle Retail Invoice Matching compon ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-3813 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3812 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3811 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3810 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3809 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3808 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.31
	- mysql-5.1 <removed>
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3807 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3806 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3805 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.31
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3804 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1 DSA-2780-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3803 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hype ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2013-3802 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1 DSA-2780-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3801 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.31
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3800 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3799 (Unspecified vulnerability in Oracle Solaris 10 and 11, when running on ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3798 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3797 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3796 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3795 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 <not-affected> (Only affects 5.5 and 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3794 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.31
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3793 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3792 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DLA-313-1}
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Minor issue)
	- virtualbox 4.2.16-dfsg-1 (bug #715327)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	NOTE: https://www.virtualbox.org/ticket/11863
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-3791 (Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10. ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-3790 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3789 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3788 (Unspecified vulnerability in the Oracle iSupplier Portal component in  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3787 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote at ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3786 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3785 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3784 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3783 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3782 (Unspecified vulnerability in the Secure Global Desktop component in Or ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2013-3781 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3780 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3779 (Unspecified vulnerability in the Secure Global Desktop component in Or ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2013-3778 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3777 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3776 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3775 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle iLearning
CVE-2013-3774 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3773 (Unspecified vulnerability in the SPARC Enterprise M Series Servers com ...)
	NOT-FOR-US: Oracle and Sun Systems Products Suite
CVE-2013-3772 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3771 (Unspecified vulnerability in the Oracle executable component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3770 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3769 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3768 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3767 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite Access Gate
CVE-2013-3766 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2013-3765 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3764 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3763 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3762 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-3761 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products Portal
CVE-2013-3760 (Unspecified vulnerability in the Oracle executable component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3759 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3758 (Unspecified vulnerability in the Enterprise Manager (EM) Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-3757 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows re ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3756 (Unspecified vulnerability in the Oracle Landed Cost Management compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3755 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3754 (Unspecified vulnerability in the Solaris Cluster component in Oracle a ...)
	NOT-FOR-US: Solaris
CVE-2013-3753 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3752 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3751 (Unspecified vulnerability in the XML Parser component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3750 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3749 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3748 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3747 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3746 (Unspecified vulnerability in the Solaris Cluster component in Oracle a ...)
	NOT-FOR-US: Solaris
CVE-2013-3745 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows lo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3744 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-3743 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
	- openjdk-7 <not-affected> (Only affects Java 5 and Java 6)
CVE-2013-3741
	RESERVED
CVE-2013-3740
	RESERVED
CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network Weathermap  ...)
	NOT-FOR-US: Network Weathermap
CVE-2013-3738 (A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequat ...)
	- zabbix 1:2.0.7+dfsg-1
	NOTE: http://support.zabbix.com/browse/ZBX-6652
CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process function  ...)
	- monkey <removed>
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-3919 (resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, a ...)
	- bind9 <not-affected> (vulnerable code not present)
	NOTE: https://kb.isc.org/article/AA-00967
CVE-2013-3742 (Cross-site scripting (XSS) vulnerability in view_create.php (aka the C ...)
	- phpmyadmin 4:4.0.1-3 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Requ ...)
	NOT-FOR-US: Request Tracker extension MobileUI
CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Exten ...)
	NOT-FOR-US: Request Tracker extension MobileUI
CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 bef ...)
	- php5 <removed> (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2013-3734 (** DISPUTED ** The Embedded Jopr component in JBoss Application Server ...)
	NOT-FOR-US: Embedded Jopr
CVE-2013-3733
	RESERVED
CVE-2013-3732
	RESERVED
CVE-2013-3731
	RESERVED
CVE-2013-3730
	RESERVED
CVE-2013-3729 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler ...)
	NOT-FOR-US: Kasseler CMS
CVE-2013-3728 (Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r123 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remo ...)
	NOT-FOR-US: Kasseler CMS
CVE-2013-3726
	REJECTED
CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...)
	NOT-FOR-US: Invision Power Board
CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-3723
	RESERVED
CVE-2013-3722 (A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in  ...)
	- opensips <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/OpenSIPS/opensips/commit/54e027adfa486cfcf993828512b2e273aeb163c2
CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows ...)
	NOT-FOR-US: PsychoStats
CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the F ...)
	NOT-FOR-US: Wordpress plugin Feedweb
CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe componen ...)
	NOT-FOR-US: Joomla!
CVE-2013-3718 (evince is missing a check on number of pages which can lead to a segme ...)
	- evince 3.10.0-1
	[wheezy] - evince <not-affected>
	[squeeze] - evince <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701302
CVE-2013-3717
	RESERVED
CVE-2013-3716
	RESERVED
CVE-2013-3715
	RESERVED
CVE-2013-3714
	RESERVED
CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for openSU ...)
	NOT-FOR-US: openSUSE live installer
CVE-2013-3712 (SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for Sy ...)
	NOT-FOR-US: SUSE Studio Onsite
CVE-2013-3711
	RESERVED
CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2013-3709 (WebYaST 1.3 uses weak permissions for config/initializers/secret_token ...)
	NOT-FOR-US: WebYast
CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2013-3707 (The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302 ...)
	NOT-FOR-US: Novell Open Enterprise Server 2
CVE-2013-3706 (Directory traversal vulnerability in the PreBoot service in Novell ZEN ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on  ...)
	NOT-FOR-US: Novell Client
CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 and ear ...)
	- libzypp <not-affected> (Fixed before initial upload)
CVE-2013-3703 (The controller of the Open Build Service API prior to version 2.4.4 is ...)
	NOT-FOR-US: Open Build Service
CVE-2013-3702
	REJECTED
CVE-2013-3701
	REJECTED
CVE-2013-3700
	RESERVED
CVE-2013-3699
	REJECTED
CVE-2013-3698
	REJECTED
CVE-2013-3697 (Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Clie ...)
	NOT-FOR-US: Novell Client on Windows
CVE-2013-3696
	RESERVED
CVE-2013-3695
	RESERVED
CVE-2013-3694 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 o ...)
	NOT-FOR-US: BlackBerry Link
CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise Servi ...)
	NOT-FOR-US: BlackBerry
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
	NOT-FOR-US: Blackberry OS
CVE-2013-3691 (AirLive POE-2600HD allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: AirLive POE-2600HD
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi i ...)
	NOT-FOR-US: Brickcom
CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, ...)
	NOT-FOR-US: Brickcom
CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, a ...)
	NOT-FOR-US: TP-Link
CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, ...)
	NOT-FOR-US: AirLive cameras
CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera  ...)
	NOT-FOR-US: AirLive
CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...)
	NOT-FOR-US: Sprite Software's backup softare for Android
CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...)
	NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2013-3683
	RESERVED
CVE-2013-3682
	RESERVED
CVE-2013-3681
	RESERVED
CVE-2013-3680
	RESERVED
CVE-2013-3679
	RESERVED
CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and Comp ...)
	NOT-FOR-US: SAP
CVE-2013-3677
	RESERVED
CVE-2013-3676
	RESERVED
CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg befor ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg  ...)
	{DSA-3003-1}
	- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
	- libav 6:10.4-1
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg befo ...)
	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg befo ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.4-1
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1  ...)
	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 2013032 ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10-1
	[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
	NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9
CVE-2013-3669
	RESERVED
CVE-2013-3668
	RESERVED
CVE-2013-3667 (The software update mechanism as used in Bare Bones Software Yojimbo b ...)
	NOT-FOR-US: Various proprietary software updaters
CVE-2013-3666 (The LG Hidden Menu component for Android on the LG Optimus G E973 allo ...)
	NOT-FOR-US: LG Hidden Menu
CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT ...)
	NOT-FOR-US: AutoCAD
CVE-2013-3664 (Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) al ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2013-3662 (Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allo ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-6563 (engine/lib/access.php in Elgg before 1.8.5 does not properly clear cac ...)
	- elgg <itp> (bug #526197)
CVE-2012-6562 (engine/lib/users.php in Elgg before 1.8.5 does not properly specify pe ...)
	- elgg <itp> (bug #526197)
CVE-2012-6561 (Cross-site scripting (XSS) vulnerability in engine/lib/views.php in El ...)
	- elgg <itp> (bug #526197)
CVE-2012-6560 (SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows re ...)
	NOT-FOR-US: FreeNAC
CVE-2012-6559 (Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 al ...)
	NOT-FOR-US: FreeNAC
CVE-2012-6558 (Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows r ...)
	NOT-FOR-US: HeavenTools PE Explorer
CVE-2012-6557 (Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plu ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-6556 (Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNa ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-6555 (Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1 ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-6554 (functions/html_to_text.php in the Chat module before 1.5.2 for activeC ...)
	NOT-FOR-US: activeCollab
CVE-2012-6553 (Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote a ...)
	NOT-FOR-US: Resource Hacker
CVE-2013-3659 (The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Andr ...)
	NOT-FOR-US: Android application NTT DOCOMO
CVE-2013-3658 (Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and  ...)
	NOT-FOR-US: VMware
CVE-2013-3657 (Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, a ...)
	NOT-FOR-US: VMware
CVE-2013-3656 (Cybozu Office 9.1.0 and earlier does not properly manage sessions, whi ...)
	NOT-FOR-US: Cybozu Office
CVE-2013-3655 (The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 a ...)
	NOT-FOR-US: Sharp AQUOS PhotoPlayer
CVE-2013-3654 (Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.1 ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3653 (Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSe ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3652 (Cross-site scripting (XSS) vulnerability in data/class/pages/products/ ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3651 (LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduc ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3650 (Directory traversal vulnerability in the lfCheckFileName function in d ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3649 (Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before  ...)
	NOT-FOR-US: KENT-WEB CLIP-MAIL
CVE-2013-3648 (Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before  ...)
	NOT-FOR-US: KENT-WEB POST-MAIL
CVE-2013-3647 (The WebView class in the Cybozu Live application before 2.0.1 for Andr ...)
	NOT-FOR-US: Cybozu Live for Android
CVE-2013-3646 (The Cybozu Live application before 2.0.1 for Android allows remote att ...)
	NOT-FOR-US: Cybozu Live for Android
CVE-2013-3645 (Cross-site scripting (XSS) vulnerability in the Orchard.Comments modul ...)
	NOT-FOR-US: Orchard
CVE-2013-3644 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; I ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2013-3643 (The Galapagos Browser application for Android does not properly implem ...)
	NOT-FOR-US: Galapagos Browser application for Android
CVE-2013-3642 (The Angel Browser application 1.47b and earlier for Android 1.6 throug ...)
	NOT-FOR-US: Angel Browser application
CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a for Andr ...)
	NOT-FOR-US: The Pizza Hut Japan Official Order for Android
CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish fu ...)
	NOT-FOR-US: FileMaker Pro
CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...)
	NOT-FOR-US: Xaraya
CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remo ...)
	NOT-FOR-US: Boonex Dolphin
CVE-2013-3637 (ProjectPier 0.8.8 does not use the Secure flag for cookies ...)
	NOT-FOR-US: ProjectPier
CVE-2013-3636 (ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because ...)
	NOT-FOR-US: ProjectPier
CVE-2013-3635 (ProjectPier 0.8.8 has stored XSS ...)
	NOT-FOR-US: ProjectPier
CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens switches
CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens
CVE-2013-3632 (The Cron service in rpc.php in OpenMediaVault allows remote authentica ...)
	NOT-FOR-US: OpenMediaVault
CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to  ...)
	NOT-FOR-US: NAS4Free
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to exe ...)
	NOTE: For Moodle: Not a securiy issue according to upstream, only applicable to administrators, see bug #775842
	NOTE: https://tracker.moodle.org/browse/MDL-41449
	NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
	NOT-FOR-US: ISPConfig
CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...)
	NOTE: Historic Zabbix issue
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...)
	NOT-FOR-US: McAfee
CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate  ...)
	NOT-FOR-US: Attachmate Verastream Host Integrator
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9  ...)
	NOT-FOR-US: Baramundi Management Suite
CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through 8. ...)
	NOT-FOR-US: Baramundi Management Suite
CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in the w ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management I ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3621
	REJECTED
CVE-2013-3620 (Hardcoded WSMan credentials in Intelligent Platform Management Interfa ...)
	NOT-FOR-US: Supermicro
CVE-2013-3619 (Intelligent Platform Management Interface (IPMI) with firmware for Sup ...)
	NOT-FOR-US: Supermicro
CVE-2013-3618
	RESERVED
CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authe ...)
	NOT-FOR-US: Openbravo ERP
CVE-2013-3616 (Cross-site scripting (XSS) vulnerability in the KnowledgeView Editoria ...)
	NOT-FOR-US: KnowledgeView Editorial and Management application
CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash l ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password lengt ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3613 (Dahua DVR appliances do not properly restrict UPnP requests, which mak ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root accoun ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3611
	REJECTED
CVE-2013-3610 (qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0 ...)
	NOT-FOR-US: ASUS router
CVE-2013-3609 (The web interface in the Intelligent Platform Management Interface (IP ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3608 (The web interface in the Intelligent Platform Management Interface (IP ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3607 (Multiple stack-based buffer overflows in the web interface in the Inte ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3606 (The login page in the GoAhead web server on Dell PowerConnect 3348 1.2 ...)
	NOT-FOR-US: GoAhead web server on Dell PowerConnect
CVE-2013-3605 (Cross-site request forgery (CSRF) vulnerability in Coursemill Learning ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3604 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Lear ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3603 (Cross-site scripting (XSS) vulnerability in Coursemill Learning Manage ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3602 (SQL injection vulnerability in admindocumentworker.jsp in Coursemill L ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3601 (Coursemill Learning Management System (LMS) 6.6 does not properly rest ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3600 (Coursemill Learning Management System (LMS) 6.6 allows remote authenti ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3599 (userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6 ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3598 (Directory traversal vulnerability in servlet/CreateTemplateServlet in  ...)
	NOT-FOR-US: SearchBlox
CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows  ...)
	NOT-FOR-US: SearchBlox
CVE-2013-3596 (AdvancePro Advanceware allows remote authenticated users to obtain sen ...)
	NOT-FOR-US: AdvancePro Advanceware
CVE-2013-3595 (The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 334 ...)
	NOT-FOR-US: Dell PowerConnect
CVE-2013-3594 (The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and ...)
	NOT-FOR-US: Dell PowerConnect
CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) clie ...)
	NOT-FOR-US: Baramundi Management Suite
CVE-2013-3592
	RESERVED
CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...)
	NOT-FOR-US: SearchBlox
CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...)
	NOT-FOR-US: Dell iDRAC6
CVE-2013-3588 (The web management interface on Zyxel P660 devices allows remote attac ...)
	NOT-FOR-US: Zyxel
CVE-2013-3587 (The HTTPS protocol, as used in unspecified web applications, can encry ...)
	NOTE: not something we can concretely fix somewhere
	NOTE: mitigations must be done in webapps
	NOTE: http://web.archive.org/web/20160304210825/http://breachattack.com/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=995168
	NOTE: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
	NOTE: https://www.mail-archive.com/dev@httpd.apache.org/msg57592.html
CVE-2013-3586 (Samsung Web Viewer for Samsung DVR devices allows remote attackers to  ...)
	NOT-FOR-US: Samsung DVR devices
CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials in clear ...)
	NOT-FOR-US: Samsung DVR devices
CVE-2013-3584 (Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allow ...)
	NOT-FOR-US: Corporater EPM Suite
CVE-2013-3583 (Cross-site request forgery (CSRF) vulnerability in saveProperties.html ...)
	NOT-FOR-US: Corporater EPM Suite
CVE-2013-3582 (Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z6 ...)
	NOT-FOR-US: Dell
CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green Packet WIXF ...)
	NOT-FOR-US: Choice Wireless Green Packet WIXFMR-111 4G WiMax modem
CVE-2013-3580 (The TrustGo Antivirus &amp; Mobile Security application before 1.3.6 f ...)
	NOT-FOR-US: TrustGo
CVE-2013-3579 (The Lookout Mobile Security application before 8.17-8a39d3f for Androi ...)
	NOT-FOR-US: Lookout Mobile Security application for Android
CVE-2013-3578 (SQL injection vulnerability in the Help Desk application in Wave EMBAS ...)
	NOT-FOR-US: ERAS
CVE-2013-3577 (SQL injection vulnerability in the Help Desk application in Wave EMBAS ...)
	NOT-FOR-US: ERAS
CVE-2013-3576 (ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote au ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-3575 (hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.47 ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3574 (Absolute path traversal vulnerability in hpdiags/frontend2/commands/sa ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3573 (HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct u ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3572 (Cross-site scripting (XSS) vulnerability in the administer interface i ...)
	NOT-FOR-US: Ubiquiti Networks UniFi
CVE-2013-3571 (socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used f ...)
	- socat 1.7.1.3-1.5 (low; bug #709931)
	[squeeze] - socat <no-dsa> (Minor issue)
	[wheezy] - socat <no-dsa> (Minor issue)
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv4.html
CVE-2013-3570
	RESERVED
CVE-2013-3569
	RESERVED
CVE-2013-3568 (Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT11 ...)
	NOT-FOR-US: Cisco
CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...)
	{DSA-2715-1}
	- puppet 3.2.2-1 (bug #712745)
CVE-2013-3566
	RESERVED
CVE-2013-3565 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interf ...)
	- vlc 2.0.7-1 (unimportant)
	NOTE: Negligible impact
CVE-2013-3564 (The web interface in VideoLAN VLC media player before 2.0.7 has no acc ...)
	- vlc 2.0.7-1
	NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18864
CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL Server befor ...)
	NOT-FOR-US: Lianja SQL Server
CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in epa ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html
CVE-2013-3561 (Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remot ...)
	- wireshark <not-affected> (This CVE ID is for the Wireshark trunk, the fix 1.8 is CVE-2013-3562)
CVE-2013-3560 (The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg- ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (unimportant; bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html
	NOTE: Not suitable for code injection
CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wiresha ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html
CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c i ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html
CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (unimportant; bug #709167)
	[squeeze] - wireshark 1.2.11-6+squeeze11
	NOTE: Not suitable for code injection
CVE-2013-3556 (The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 ...)
	- wireshark <not-affected> (Only affected the dev trunk)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html (r48943)
CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8 ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html
CVE-2013-3554
	RESERVED
CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier a ...)
	NOT-FOR-US: Nitro Pro
CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier a ...)
	NOT-FOR-US: Nitro Pro
CVE-2013-3551 (Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS ...)
	{DSA-2696-1}
	- otrs2 3.2.7-1
	[squeeze] - otrs2 <not-affected>
CVE-2013-3550
	REJECTED
CVE-2013-3549
	RESERVED
CVE-2013-3548
	RESERVED
CVE-2013-3547
	RESERVED
CVE-2013-3546
	RESERVED
CVE-2013-3545
	RESERVED
CVE-2013-3544
	REJECTED
CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) ...)
	NOT-FOR-US: AXIS Media Control
CVE-2013-3542 (Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV ...)
	NOT-FOR-US: Grandstream
CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive ...)
	NOT-FOR-US: AirLive
CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgr ...)
	NOT-FOR-US: AirLive
CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the command/user.cg ...)
	NOT-FOR-US: Sony
CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php  ...)
	NOT-FOR-US: Todoo Forum
CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo Foru ...)
	NOT-FOR-US: Todoo Forum
CVE-2013-3536 (SQL injection vulnerability in the gp_LoadUserFromHash function in fun ...)
	NOT-FOR-US: grouppay plugin
CVE-2013-3535 (Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0  ...)
	NOT-FOR-US: CMSLogik
CVE-2013-3534 (Cross-site scripting (XSS) vulnerability in the aiContactSafe componen ...)
	NOT-FOR-US: aiContactSafe
CVE-2013-3533 (Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10. ...)
	NOT-FOR-US: Virtual Access Monitor
CVE-2013-3532 (SQL injection vulnerability in settings.php in the Web Dorado Spider V ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3531 (SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remo ...)
	NOT-FOR-US: RadioCMS
CVE-2013-3530 (SQL injection vulnerability in playlist.php in the Spiffy XSPF Player  ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3529 (Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php  ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3528 (Unspecified vulnerability in the update check in Vanilla Forums before ...)
	NOT-FOR-US: Vanilla Forums
CVE-2013-3527 (Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18 ...)
	NOT-FOR-US: Vanilla Forums
CVE-2013-3526 (Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3525
	NOTE: http://web.archive.org/web/20151225141212/http://blog.bestpractical.com/2013/04/on-our-security-policies.html
CVE-2013-3524 (SQL injection vulnerability in popupnewsitem/ in the Pop Up News modul ...)
	NOT-FOR-US: phpVMS
CVE-2013-3523 (SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 ...)
	NOT-FOR-US: This HTML Is Simple
CVE-2013-3522 (SQL injection vulnerability in index.php/ajax/api/reputation/vote in v ...)
	NOT-FOR-US: vBulletin
CVE-2012-6552 (Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2 ...)
	NOT-FOR-US: phpVMS
CVE-2013-3521
	REJECTED
CVE-2013-3520 (VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not prop ...)
	NOT-FOR-US: VMware vCenter Chargeback Manager
CVE-2013-3519 (lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x ...)
	NOT-FOR-US: VMware
CVE-2013-3518
	RESERVED
CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR35 ...)
	NOT-FOR-US: NETGEAR
CVE-2013-3516 (NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely o ...)
	NOT-FOR-US: NETGEAR
CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2. ...)
	NOT-FOR-US: OpenX
CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 re ...)
	NOT-FOR-US: OpenX
CVE-2013-3513 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3512 (The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not pr ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3511 (Open redirect vulnerability in the NeDi component in GroundWork Monito ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3510 (Multiple SQL injection vulnerabilities in GroundWork Monitor Enterpris ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3509 (html/System-NeDi.php in the NeDi component in GroundWork Monitor Enter ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3508 (html/System-Files.php in the System File Overview feature in the NeDi  ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3507 (The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remot ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3506 (cgi-bin/performance/perfchart.cgi in the Performance component in Grou ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3505 (The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3504 (Directory traversal vulnerability in monarch.cgi in the MONARCH compon ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3503 (The Profile Importer feature in monarch.cgi in the MONARCH component i ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3502 (monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterp ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3501 (Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Moni ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3500 (The Foundation webapp admin interface in GroundWork Monitor Enterprise ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3499 (GroundWork Monitor Enterprise 6.7.0 performs authentication on the bas ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3498 (Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Sec ...)
	NOT-FOR-US: Juniper
CVE-2013-3497 (Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance a ...)
	NOT-FOR-US: Juniper
CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator  ...)
	NOT-FOR-US: Infotecs ViPNet Client
CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x a ...)
	- xen 4.4.1-3 (unimportant)
	NOTE: Hardware design flaw, no software solution
CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...)
	NOT-FOR-US: UMPlayer
CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
	NOT-FOR-US: XnView
CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
	NOT-FOR-US: XnView
CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Shar ...)
	NOT-FOR-US: WordPress plugin sharebar
CVE-2013-3490
	RESERVED
CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before  ...)
	NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC)
CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC ...)
	NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC)
CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...)
	NOT-FOR-US: IrfanView FlashPix Plugin
CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.105 ...)
	NOT-FOR-US: Soda PDF
CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2 ...)
	NOT-FOR-US: dotCMS
CVE-2013-3483 (Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER V ...)
	NOT-FOR-US: ERADAS ER Viewer
CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ermappe ...)
	NOT-FOR-US: ERADAS ER Viewer
CVE-2013-3481 (Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 al ...)
	NOT-FOR-US: Artweaver
CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers  ...)
	NOT-FOR-US: Sagelight
CVE-2013-3479 (Cross-site request forgery (CSRF) vulnerability in the ShareThis plugi ...)
	NOT-FOR-US: WordPress plugin ShareThis
CVE-2013-3478 (SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6 ...)
	NOT-FOR-US: Apptha WordPress Video Gallery
CVE-2013-3477 (Cross-site request forgery (CSRF) vulnerability in the Related Posts b ...)
	NOT-FOR-US: WordPress plugin related-posts-by-zemanta
CVE-2013-3476 (Cross-site request forgery (CSRF) vulnerability in the WordPress Relat ...)
	NOT-FOR-US: WordPress plugin wordpress-23-related-posts-plugin
CVE-2013-3475 (Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 ...)
	NOT-FOR-US: IBM
CVE-2013-3474 (The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2013-3473 (The web framework in Cisco Prime Central for Hosted Collaboration Solu ...)
	NOT-FOR-US: Cisco
CVE-2013-3472 (Cross-site request forgery (CSRF) vulnerability in the Enterprise Lice ...)
	NOT-FOR-US: Cisco
CVE-2013-3471 (The captive portal application in Cisco Identity Services Engine (ISE) ...)
	NOT-FOR-US: Cisco
CVE-2013-3470 (The RIP process in Cisco IOS XR allows remote attackers to cause a den ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-3469 (Cisco Mobility Services Engine does not properly set up the Oracle SSL ...)
	NOT-FOR-US: Cisco
CVE-2013-3468 (The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2013-3467 (Memory leak in the CLI component on Cisco Unified Computing System (UC ...)
	NOT-FOR-US: Cisco
CVE-2013-3466 (The EAP-FAST authentication module in Cisco Secure Access Control Serv ...)
	NOT-FOR-US: Cisco
CVE-2013-3465
	RESERVED
CVE-2013-3464 (Cisco IOS XR allows local users to cause a denial of service (Silicon  ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-3463 (The protocol-inspection feature on Cisco Adaptive Security Appliances  ...)
	NOT-FOR-US: Cisco
CVE-2013-3462 (Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7 ...)
	NOT-FOR-US: Cisco
CVE-2013-3461 (Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) be ...)
	NOT-FOR-US: Cisco
CVE-2013-3460 (Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x ...)
	NOT-FOR-US: Cisco
CVE-2013-3459 (Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b ...)
	NOT-FOR-US: Cisco
CVE-2013-3458 (Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-3457 (Absolute path traversal vulnerability in the web interface in Cisco Fi ...)
	NOT-FOR-US: Cisco Finesse
CVE-2013-3456
	RESERVED
CVE-2013-3455 (Cisco Finesse allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Cisco
CVE-2013-3454 (Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X ...)
	NOT-FOR-US: Cisco
CVE-2013-3453 (Memory leak in Cisco Unified Communications Manager IM and Presence Se ...)
	NOT-FOR-US: Cisco
CVE-2013-3452
	RESERVED
CVE-2013-3451 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Un ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-3450 (Cross-site request forgery (CSRF) vulnerability in the User WebDialer  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-3449
	RESERVED
CVE-2013-3448 (Cisco WebEx Meetings Server does not check whether a user account is a ...)
	NOT-FOR-US: Cisco
CVE-2013-3447
	RESERVED
CVE-2013-3446 (Open redirect vulnerability in the login page in Cisco Digital Media M ...)
	NOT-FOR-US: Cisco
CVE-2013-3445 (The firewall subsystem in Cisco Identity Services Engine has an incorr ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-3444 (The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0 ...)
	NOT-FOR-US: Cisco
CVE-2013-3443 (The web service framework in Cisco WAAS Software 4.x and 5.x before 5. ...)
	NOT-FOR-US: Cisco
CVE-2013-3442 (The web portal in Cisco Unified Communications Manager (Unified CM) al ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-3441 (Cisco Aironet 3600 access points allow remote attackers to cause a den ...)
	NOT-FOR-US: Cisco
CVE-2013-3440 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Cisco
CVE-2013-3439 (Cross-site scripting (XSS) vulnerability in Cisco Unified Operations M ...)
	NOT-FOR-US: Cisco
CVE-2013-3438 (The web framework in the server in Cisco Unified MeetingPlace Web Conf ...)
	NOT-FOR-US: Cisco
CVE-2013-3437 (SQL injection vulnerability in the management application in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2013-3436 (The default configuration of the Group Encrypted Transport VPN (GET VP ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-3435 (The Cisco Unified IP Conference Station 7937G allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2013-3434 (Untrusted search path vulnerability in Cisco Unified Communications Ma ...)
	NOT-FOR-US: Cisco
CVE-2013-3433 (Untrusted search path vulnerability in Cisco Unified Communications Ma ...)
	NOT-FOR-US: Cisco
CVE-2013-3432
	RESERVED
CVE-2013-3431 (Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require a ...)
	NOT-FOR-US: Cisco
CVE-2013-3430 (Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote atta ...)
	NOT-FOR-US: Cisco
CVE-2013-3429 (Multiple directory traversal vulnerabilities in Cisco Video Surveillan ...)
	NOT-FOR-US: Cisco
CVE-2013-3428 (The web interface in Cisco Secure Access Control System (ACS) does not ...)
	NOT-FOR-US: Cisco
CVE-2013-3427
	RESERVED
CVE-2013-3426 (The Serviceability servlet on Cisco 9900 IP phones does not properly r ...)
	NOT-FOR-US: Cisco
CVE-2013-3425 (The Meeting Center component in Cisco WebEx 11 generates different err ...)
	NOT-FOR-US: Cisco WebEx 11
CVE-2013-3424 (Cross-site request forgery (CSRF) vulnerability in Administration and  ...)
	NOT-FOR-US: Cisco
CVE-2013-3423 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3422 (Cross-site scripting (XSS) vulnerability in Administration pages in Ci ...)
	NOT-FOR-US: Cisco
CVE-2013-3421 (Cross-site scripting (XSS) vulnerability in the Help index page in Cis ...)
	NOT-FOR-US: Cisco
CVE-2013-3420 (Cross-site request forgery (CSRF) vulnerability in the web framework o ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-3419 (Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace ...)
	NOT-FOR-US: Cisco
CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly allocate ...)
	NOT-FOR-US: Cisco
CVE-2013-3417 (The administrative web interface in Cisco Video Surveillance Operation ...)
	NOT-FOR-US: Cisco
CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework in the u ...)
	NOT-FOR-US: Cisco
CVE-2013-3415 (Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) a ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-3414 (Cross-site scripting (XSS) vulnerability in the WebVPN portal login pa ...)
	NOT-FOR-US: Cisco
CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the adm ...)
	NOT-FOR-US: Cisco
CVE-2013-3412 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...)
	NOT-FOR-US: Cisco
CVE-2013-3411 (The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software ...)
	NOT-FOR-US: Cisco
CVE-2013-3410 (Cisco Intrusion Prevention System (IPS) Software on IPS NME devices be ...)
	NOT-FOR-US: Cisco
CVE-2013-3409 (The portal in Cisco Prime Central for Hosted Collaboration Solution (H ...)
	NOT-FOR-US: Cisco
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices se ...)
	NOT-FOR-US: Cisco
CVE-2013-3407 (The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 ...)
	NOT-FOR-US: Cisco
CVE-2013-3406 (The "Files Available for Download" implementation in the Cisco Intelli ...)
	NOT-FOR-US: Cisco
CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...)
	NOT-FOR-US: Cisco
CVE-2013-3404 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...)
	NOT-FOR-US: Cisco
CVE-2013-3403 (Multiple untrusted search path vulnerabilities in Cisco Unified Commun ...)
	NOT-FOR-US: Cisco
CVE-2013-3402 (An unspecified function in Cisco Unified Communications Manager (CUCM) ...)
	NOT-FOR-US: Cisco
CVE-2013-3401 (The SIP implementation in Cisco TelePresence TC Software allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-3400 (The license-installation module in Cisco NX-OS on Nexus 1000V devices  ...)
	NOT-FOR-US: Cisco
CVE-2013-3399 (Buffer overflow in an unspecified Android API on the Cisco Desktop Col ...)
	NOT-FOR-US: Cisco
CVE-2013-3398 (The web framework in Cisco Prime Central for Hosted Collaboration Solu ...)
	NOT-FOR-US: Cisco
CVE-2013-3397 (Cross-site request forgery (CSRF) vulnerability in the Unified Service ...)
	NOT-FOR-US: Cisco
CVE-2013-3396 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3395 (Cross-site request forgery (CSRF) vulnerability in the web framework o ...)
	NOT-FOR-US: Cisco IronPort Web Security Appliance
CVE-2013-3394 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3393 (The Precision Video Engine component in Cisco Jabber for Windows and C ...)
	NOT-FOR-US: Cisco
CVE-2013-3392 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco We ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2013-3391
	RESERVED
CVE-2013-3390 (Memory leak in Cisco Prime Central for Hosted Collaboration Solution ( ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3389 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance  ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3388 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance  ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3387 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance  ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3386 (The IronPort Spam Quarantine (ISQ) component in the web framework in I ...)
	NOT-FOR-US: Cisco
CVE-2013-3385 (The management GUI in the web framework in IronPort AsyncOS on Cisco W ...)
	NOT-FOR-US: Cisco
CVE-2013-3384 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance  ...)
	NOT-FOR-US: Cisco
CVE-2013-3383 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance  ...)
	NOT-FOR-US: Cisco
CVE-2013-3382 (The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Secu ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-3381 (Cisco Hosted Collaboration Mediation allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco Hosted Collaboration Mediation
CVE-2013-3380 (The administrative web interface in the Access Control Server in Cisco ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-3379 (The firewall subsystem in Cisco TelePresence TC Software before 4.2 do ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2013-3378 (Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2013-3377 (Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1 ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2013-3376 (Open redirect vulnerability in the help page in Cisco Video Surveillan ...)
	NOT-FOR-US: Cisco
CVE-2013-3375 (Cross-site scripting (XSS) vulnerability in the portal page in Cisco P ...)
	NOT-FOR-US: Cisco
CVE-2013-3374 (Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17  ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3373 (CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8. ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3372 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allow ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3371 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3370 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does  ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3369 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allow ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4. ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3367 (Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a ...)
	NOT-FOR-US: TRENDnet
CVE-2013-3366 (Undocumented TELNET service in TRENDnet TEW-812DRU when a web page nam ...)
	NOT-FOR-US: TRENDnet
CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to execut ...)
	NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3364
	RESERVED
CVE-2013-3363 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3362 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3361 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3360 (Adobe Shockwave Player before 12.0.4.144 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3359 (Adobe Shockwave Player before 12.0.4.144 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3358 (Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x be ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3357 (Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x be ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3356 (Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x bef ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3355 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Wind ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3354 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Wind ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3353 (Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x bef ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3352 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Wind ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3351 (Multiple stack-based buffer overflows in Adobe Reader and Acrobat befo ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3350 (Adobe ColdFusion 10 before Update 11 allows remote attackers to call C ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-3349 (Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-3348 (Adobe Shockwave Player before 12.0.3.133 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3347 (Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3346 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3345 (Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3344 (Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3343 (Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3342 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3341 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3340 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3339 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3338 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3337 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3336 (Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 1 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-3335 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3334 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3333 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3332 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3331 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3330 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3329 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3328 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3327 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3326 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...)
	NOT-FOR-US: IBM
CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
	NOT-FOR-US: NetApp
CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...)
	NOT-FOR-US: NetApp
CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP Netweav ...)
	NOT-FOR-US: SAP Netweaver
CVE-2013-3318
	REJECTED
CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...)
	NOT-FOR-US: Netgear
CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...)
	NOT-FOR-US: Netgear
CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...)
	NOT-FOR-US: TIBCO
CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...)
	NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3313 (The Loftek Nexus 543 IP Camera stores passwords in cleartext, which al ...)
	NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3312 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Loft ...)
	NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3311 (Directory traversal vulnerability in the Loftek Nexus 543 IP Camera al ...)
	NOT-FOR-US: Loftek Nexus 543 IP Camera
CVE-2013-3310
	RESERVED
CVE-2009-5135 (The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows  ...)
	NOT-FOR-US: Echo
CVE-2013-3309
	RESERVED
CVE-2013-3308
	RESERVED
CVE-2013-3307
	RESERVED
CVE-2013-3306
	RESERVED
CVE-2013-3305
	RESERVED
CVE-2013-3304 (Directory traversal vulnerability in Dell EqualLogic PS4000 with firmw ...)
	NOT-FOR-US: Dell EqualLogic PS4000
CVE-2013-3303
	RESERVED
CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 inter ...)
	NOT-FOR-US: Lift Framework
CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers  ...)
	NOT-FOR-US: RealPlayer
CVE-2013-3298
	RESERVED
CVE-2013-3297
	RESERVED
CVE-2013-3296
	RESERVED
CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 re ...)
	NOT-FOR-US: Exponent CMS
CVE-2013-3293
	RESERVED
CVE-2013-3292
	RESERVED
CVE-2013-3291
	RESERVED
CVE-2013-3290
	RESERVED
CVE-2013-3289
	REJECTED
CVE-2013-3288 (Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protectio ...)
	NOT-FOR-US: EMC
CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...)
	NOT-FOR-US: EMC Unisphere for VMAX
CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum  ...)
	NOT-FOR-US: EMC Documentum
CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8 ...)
	NOT-FOR-US: EMC NetWorker
CVE-2013-3284
	REJECTED
CVE-2013-3283
	REJECTED
CVE-2013-3282
	REJECTED
CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop befo ...)
	NOT-FOR-US: EMC Documentum
CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet I ...)
	NOT-FOR-US: RSA Authentication Agent for Web for Internet Information Services
CVE-2013-3279 (EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account ...)
	NOT-FOR-US: EMC
CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...)
	NOT-FOR-US: EMC
CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allow ...)
	NOT-FOR-US: EMC
CVE-2013-3276 (EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to ...)
	NOT-FOR-US: EMC
CVE-2013-3275 (EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store  ...)
	NOT-FOR-US: EMC
CVE-2013-3274 (EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store  ...)
	NOT-FOR-US: EMC
CVE-2013-3273 (EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, a ...)
	NOT-FOR-US: EMC
CVE-2013-3272 (EMC Replication Manager (RM) before 5.4.4 places encoded passwords in  ...)
	NOT-FOR-US: EMC
CVE-2013-3271 (EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the m ...)
	NOT-FOR-US: EMC
CVE-2013-3270 (EMC VNX Control Station before 7.1.70.2 and Celerra Control Station be ...)
	NOT-FOR-US: EMC
CVE-2013-3302 (Race condition in the smb_send_rqst function in fs/cifs/transport.c in ...)
	- linux-2.6 <not-affected> (Introduced in 3.7)
	- linux 3.8-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows loca ...)
	{DSA-2669-1}
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.8.11-1 (low)
	NOTE: https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
	NOTE: Not enabled in default kernels
CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office befor ...)
	NOT-FOR-US: Cybozu Office
CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after  ...)
	NOT-FOR-US: Novell iManager
CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in  ...)
	NOT-FOR-US: Joomla!
CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the  ...)
	{DSA-2672-1}
	- kfreebsd-9 9.0-11 (bug #706414)
	- kfreebsd-8 <removed> (bug #706418)
	[wheezy] - kfreebsd-8 <no-dsa> (new NFS server is not enabled)
	[squeeze] - kfreebsd-8 <no-dsa> (new NFS server is not enabled)
	NOTE: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc
CVE-2013-3265
	RESERVED
CVE-2013-3264 (The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for W ...)
	NOT-FOR-US: WP Ultimate Email Marketer
CVE-2013-3263 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate ...)
	NOT-FOR-US: WP Ultimate Email Marketer
CVE-2013-3262 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the Dow ...)
	NOT-FOR-US: WordPress plugin download-monitor
CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the  ...)
	NOT-FOR-US: WordPress plugin flash-album-gallery
CVE-2013-3260 (Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11  ...)
	NOT-FOR-US: INMATRIX Zoom Player
CVE-2013-3259 (Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
	NOT-FOR-US: INMATRIX Zoom Player
CVE-2013-3258 (Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin ...)
	NOT-FOR-US: WordPress plugin digg-digg
CVE-2013-3257 (Cross-site request forgery (CSRF) vulnerability in the Related Posts p ...)
	NOT-FOR-US: WordPress plugin related-posts
CVE-2013-3256 (Cross-site request forgery (CSRF) vulnerability in the Shareaholic Sex ...)
	NOT-FOR-US: WordPress plugin sexybookmarks
CVE-2013-3255
	RESERVED
CVE-2013-3254 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the  ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3253 (Cross-site request forgery (CSRF) vulnerability in admin/setting.php i ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3252 (Cross-site request forgery (CSRF) vulnerability in the options admin p ...)
	NOT-FOR-US: WordPress plugin WP-PostViews
CVE-2013-3251 (Cross-site request forgery (CSRF) vulnerability in the qTranslate plug ...)
	NOT-FOR-US: WordPress plugin qTranslate
CVE-2013-3250 (Cross-site request forgery (CSRF) vulnerability in the WP Maintenance  ...)
	NOT-FOR-US: WP Maintenance Mode plugin for Wordpress
CVE-2013-3249 (Stack-based buffer overflow in the "Add from text file" feature in the ...)
	NOT-FOR-US: DameWare Remote Support
CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows lo ...)
	NOT-FOR-US: Corel PDF Fusion
CVE-2013-3247 (Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows  ...)
	NOT-FOR-US: XnView
CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows ...)
	NOT-FOR-US: XnView
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...)
	- vlc 2.0.7-1 (unimportant)
	NOTE: Harmless crasher
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
	NOTE: http://secunia.com/blog/372/
	NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB  ...)
	NOT-FOR-US: SAP ERP Central Component
CVE-2013-3243 (Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allow ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 an ...)
	NOT-FOR-US: Joomla!
CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3  ...)
	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin  ...)
	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...)
	{DLA-0014-1}
	- phpmyadmin 4:3.4.11.1-2
	[squeeze] - phpmyadmin 4:3.3.7-8
	NOTE: Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime
CVE-2013-3238 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote a ...)
	- phpmyadmin <not-affected> (exploitable PHP on Windows only)
	NOTE: code patched in 4:3.4.11.1-2 nonetheless
CVE-2013-3237 (The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the L ...)
	- linux-2.6 <not-affected> ((net/vmw_vsock/af_vsock.c not present)
	- linux <not-affected> (net/vmw_vsock/af_vsock.c not present)
	- open-vm-tools 2:9.2.2-893683-8 (low; bug #706557)
	[wheezy] - open-vm-tools <no-dsa> (Minor information leak)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported, minor information leak)
CVE-2013-3236 (The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transp ...)
	- linux-2.6 <not-affected> (VM Sockets only introduced in 3.9-rc1)
	- linux <not-affected> (VM Sockets introduced in 3.9-rc1)
CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initiali ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel be ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux ker ...)
	- linux-2.6 <not-affected> (net/nfc/llcp/sock.c not present, introduced in 3.3)
	- linux <not-affected> (net/nfc/llcp/sock.c not present, introduced in 3.3)
CVE-2013-3232 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel  ...)
	- linux-2.6 <not-affected> (Introduced and fixed during 3.9 cycle)
	- linux <not-affected> (Introduced and fixed during 3.9 cycle)
CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel be ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kern ...)
	- linux-2.6 <not-affected> (net/l2tp/l2tp_ip6.c not present)
	- linux <not-affected> (net/l2tp/l2tp_ip6.c introduced in 3.5)
CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kern ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux ker ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linu ...)
	{DSA-2669-1}
	- linux-2.6 <not-affected> (net/caif/caif_socket.c introduced in v2.6.35)
	- linux 3.8.11-1 (low)
CVE-2013-3226 (The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kern ...)
	- linux-2.6 <not-affected> (Vulnerable code not yet present)
	- linux <not-affected> (Vulnerable code not yet present)
	NOTE: sco_sock_recvmsg only introduced with v3.8, bt_sock_recvmsg has its own CVE ID
CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Li ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel be ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel befor ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and  ...)
	- rails-3.2 <unfixed> (unimportant)
	- ruby-activerecord-3.2 <unfixed> (unimportant)
	- ruby-activerecord-2.3 <unfixed> (unimportant)
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- rails 2.3.14.1 (unimportant)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: This is a general design problem and only mitigated by documented best practices
CVE-2013-3220 (bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x  ...)
	- bitcoin 0.8.1-1
CVE-2013-3219 (bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain bl ...)
	- bitcoin 0.8.1-1
CVE-2013-3218
	RESERVED
CVE-2013-3217
	RESERVED
CVE-2013-3216
	RESERVED
CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...)
	NOT-FOR-US: vtiger CRM
CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...)
	NOT-FOR-US: vtiger CRM
CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...)
	NOT-FOR-US: vtiger CRM
CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ...)
	- activemq <not-affected> (Example code not shipped in .deb)
CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2013-3210 (Opera before 12.15 does not properly block top-level domains in Set-Co ...)
	NOT-FOR-US: Opera
CVE-2013-3209 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft
CVE-2013-3208 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3207 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3206 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft
CVE-2013-3205 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3204 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2013-3203 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3202 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2013-3201 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3200 (The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3199 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3198 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3197 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3196 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3195 (The DSA_InsertItem function in Comctl32.dll in the Windows common cont ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3194 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3193 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3192 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3191 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3190 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3189 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3188 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3187 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3186 (The Protected Mode feature in Microsoft Internet Explorer 7 through 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3185 (Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2013-3184 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3183 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3182 (The Windows NAT Driver (aka winnat) service in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3181 (usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3180 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3179 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly initializ ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2013-3177
	REJECTED
CVE-2013-3176
	REJECTED
CVE-2013-3175 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft
CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...)
	NOT-FOR-US: Microsoft
CVE-2013-3173 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3 ...)
	NOT-FOR-US: Microsoft
CVE-2013-3170
	REJECTED
CVE-2013-3169
	REJECTED
CVE-2013-3168
	REJECTED
CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3165
	REJECTED
CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3162 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3161 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3160 (Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, an ...)
	NOT-FOR-US: Microsoft Office
CVE-2013-3159 (Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer ...)
	NOT-FOR-US: Microsoft Excel
CVE-2013-3158 (Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Excel
CVE-2013-3157 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Off ...)
	NOT-FOR-US: Microsoft
CVE-2013-3156 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Off ...)
	NOT-FOR-US: Microsoft Access
CVE-2013-3155 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Off ...)
	NOT-FOR-US: Microsoft
CVE-2013-3154 (The signature-update functionality in Windows Defender on Microsoft Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3153 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3152 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3151 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3150 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3149 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3148 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3147 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3146 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3145 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3144 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3143 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3142 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3140 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3139 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3138 (Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2013-3137 (Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allow ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2013-3136 (The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2013-3135
	REJECTED
CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not prop ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3132 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3131 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverli ...)
	NOT-FOR-US: Microsoft
CVE-2013-3130
	REJECTED
CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight  ...)
	NOT-FOR-US: Microsoft
CVE-2013-3128 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows M ...)
	NOT-FOR-US: Microsoft
CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is enabled ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3125 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3124 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3123 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3122 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3121 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3120 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3119 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3118 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3117 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3116 (Microsoft Internet Explorer 7 through 9 allows remote attackers to exe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3115 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3114 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3113 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3112 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3111 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3110 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3109
	RESERVED
CVE-2013-3108
	RESERVED
CVE-2013-3107 (VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding ...)
	NOT-FOR-US: vCenter
CVE-2013-3106 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-3105
	RESERVED
CVE-2013-3104
	RESERVED
CVE-2013-3103
	RESERVED
CVE-2013-3102
	RESERVED
CVE-2013-3101
	RESERVED
CVE-2013-3100
	RESERVED
CVE-2013-3099
	RESERVED
CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...)
	NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...)
	NOT-FOR-US: Verizon
CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...)
	NOT-FOR-US: D-Link
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
	NOT-FOR-US: D-Link
CVE-2013-3094
	RESERVED
CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
	NOT-FOR-US: ASUS RT-N56U devices
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...)
	NOT-FOR-US: Belkin router
CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...)
	NOT-FOR-US: Belkin N300 router
CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...)
	NOT-FOR-US: Belkin N300 router
CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
	NOT-FOR-US: Belkin N300
CVE-2013-3088 (Belkin N900 router (F9K1104v1) contains an Authentication Bypass using ...)
	NOT-FOR-US: Belkin N900 router
CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 rou ...)
	NOT-FOR-US: Belkin N900 router
CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...)
	NOT-FOR-US: Belkin N900
CVE-2013-3085 (An authentication bypass exists in the web management interface in Bel ...)
	NOT-FOR-US: Belkin
CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5 ...)
	NOT-FOR-US: Belkin router
CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_sett ...)
	NOT-FOR-US: Belkin
CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_p ...)
	NOT-FOR-US: Jojo CMS
CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in plugin ...)
	NOT-FOR-US: Jojo CMS
CVE-2013-3080 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remo ...)
	NOT-FOR-US: vCenter
CVE-2013-3079 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remo ...)
	NOT-FOR-US: vCenter
CVE-2013-3078
	RESERVED
CVE-2013-3077 (Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER featur ...)
	{DSA-2743-1}
	- kfreebsd-8 <removed> (bug #720470)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 9.2~svn254368-2 (bug #720468)
	- kfreebsd-10 10.0~svn254663-1 (bug #720471)
CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...)
	{DSA-2669-1}
	- linux 3.8.11-1 (low)
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...)
	NOT-FOR-US: Mitsubishi MX Component 3
CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...)
	NOT-FOR-US: NetGear WNDR4700 Media Server devices
CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...)
	NOT-FOR-US: NETGEAR
CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...)
	NOT-FOR-US: NETGEAR
CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...)
	NOT-FOR-US: NETGEAR Centria WNDR4700 devices
CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...)
	NOT-FOR-US: NETGEAR
CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...)
	NOT-FOR-US: NETGEAR devices
CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...)
	NOT-FOR-US: Linksys
CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...)
	NOT-FOR-US: Linksys
CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict  ...)
	NOT-FOR-US: Linksys
CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...)
	NOT-FOR-US: Linksys
CVE-2013-3064 (Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA ...)
	NOT-FOR-US: Linksys
CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote authe ...)
	NOT-FOR-US: SAP BASIS Communication Services
CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbenc ...)
	NOT-FOR-US: SAP
CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Speci ...)
	NOT-FOR-US: SAP
CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require authe ...)
	- activemq <not-affected> (Web console not provided in Debian package, see #702670)
CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in Jooml ...)
	NOT-FOR-US: Joomla!
CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.1 ...)
	NOT-FOR-US: Joomla!
CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authe ...)
	NOT-FOR-US: Joomla!
CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authe ...)
	NOT-FOR-US: Joomla!
CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic interfa ...)
	NOT-FOR-US: Lexmark Markvision Enterprise
CVE-2013-3054
	RESERVED
CVE-2013-3053
	RESERVED
CVE-2013-3052
	RESERVED
CVE-2013-3051 (The TrustZone kernel, when used in conjunction with a certain Motorola ...)
	NOT-FOR-US: TrustZone kernel
CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows remote at ...)
	NOT-FOR-US: ZAPms
CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3046 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3045 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-3043 (Directory traversal vulnerability in the client in IBM Rational Softwa ...)
	NOT-FOR-US: IBM
CVE-2013-3042 (Directory traversal vulnerability in the server in IBM Rational Softwa ...)
	NOT-FOR-US: IBM
CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 bef ...)
	NOT-FOR-US: IBM
CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, an ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not properly perf ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3038 (Unspecified vulnerability in IBM Rational Requirements Composer before ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3037 (Unspecified vulnerability in IBM Rational Requirements Composer before ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3036 (Open redirect vulnerability in IBM Rational Requirements Composer befo ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3035 (The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1,  ...)
	NOT-FOR-US: IBM AIX
CVE-2013-3034 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3033 (SQL injection vulnerability in the server component in IBM Tivoli Remo ...)
	NOT-FOR-US: IBM Tivoli Remote Control
CVE-2013-3032 (Cross-site scripting (XSS) vulnerability in the MIME e-mail functional ...)
	NOT-FOR-US: IBM Domino
CVE-2013-3031 (A SQL stored procedure in the Universal Cache component in IBM solidDB ...)
	NOT-FOR-US: IBM
CVE-2013-3030 (The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before I ...)
	NOT-FOR-US: IBM
CVE-2013-3029 (Cross-site request forgery (CSRF) vulnerability in the Administrative  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-3028 (Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x be ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-3027 (Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino  ...)
	NOT-FOR-US: IBM Domino
CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2. ...)
	NOT-FOR-US: Lotus Quickr for Domino ActiveX
CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Fo ...)
	NOT-FOR-US: IBM
CVE-2013-3024 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX all ...)
	NOT-FOR-US: IBM
CVE-2013-3023 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and  ...)
	NOT-FOR-US: IBM
CVE-2013-3022
	REJECTED
CVE-2013-3021
	RESERVED
CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-3019
	RESERVED
CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Depend ...)
	NOT-FOR-US: IBM
CVE-2013-3017 (IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2 ...)
	NOT-FOR-US: IBM
CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to acce ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-3015
	RESERVED
CVE-2013-3014
	RESERVED
CVE-2013-3013
	RESERVED
CVE-2013-3012 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3011 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3010 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3009 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1 ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3008 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3007 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3006 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02,  ...)
	NOT-FOR-US: TFTP client in IBM AIX
CVE-2013-3004 (Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli  ...)
	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite  ...)
	NOT-FOR-US: IBM
CVE-2013-3002
	RESERVED
CVE-2013-3001 (Directory traversal vulnerability in IBM InfoSphere Data Replication D ...)
	NOT-FOR-US: IBM
CVE-2013-3000 (SQL injection vulnerability in IBM InfoSphere Data Replication Dashboa ...)
	NOT-FOR-US: IBM
CVE-2013-2999 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replic ...)
	NOT-FOR-US: IBM
CVE-2013-2998 (frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-2997 (IBM Security AppScan Enterprise before 8.7 does not invalidate the ses ...)
	NOT-FOR-US: IBM
CVE-2013-2996
	RESERVED
CVE-2013-2995
	RESERVED
CVE-2013-2994 (IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrect ...)
	NOT-FOR-US: IBM
CVE-2013-2993 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 do ...)
	NOT-FOR-US: IBM
CVE-2013-2992 (The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in ...)
	NOT-FOR-US: IBM
CVE-2013-2991
	REJECTED
CVE-2013-2990
	REJECTED
CVE-2013-2989 (The file-copying functionality in IBM Sterling Connect:Direct 3.8.00,  ...)
	NOT-FOR-US: IBM
CVE-2013-2988 (Absolute path traversal vulnerability in the server in IBM Cognos Busi ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-2987 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-2986
	REJECTED
CVE-2013-2985 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-2984 (Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 a ...)
	NOT-FOR-US: IBM
CVE-2013-2983 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling Fi ...)
	NOT-FOR-US: IBM
CVE-2013-2982 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-2981 (Directory traversal vulnerability in the Web Console in IBM Data Studi ...)
	NOT-FOR-US: IBM Data Studio
CVE-2013-2980 (Cross-site request forgery (CSRF) vulnerability in the Web Console in  ...)
	NOT-FOR-US: IBM Data Studio
CVE-2013-2979 (Directory traversal vulnerability in IBM Optim Performance Manager 4.1 ...)
	NOT-FOR-US: IBM
CVE-2013-2978 (Absolute path traversal vulnerability in the server in IBM Cognos Busi ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-2977 (Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and ...)
	NOT-FOR-US: IBM Notes
CVE-2013-2976 (The Administrative console in IBM WebSphere Application Server (WAS) 6 ...)
	NOT-FOR-US: IBM
CVE-2013-2975
	RESERVED
CVE-2013-2974 (The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager ...)
	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-2973
	REJECTED
CVE-2013-2972 (IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended ...)
	NOT-FOR-US: IBM
CVE-2013-2971
	REJECTED
CVE-2013-2970 (Unspecified vulnerability in IBM QRadar Security Information and Event ...)
	NOT-FOR-US: IBM
CVE-2013-2969 (Cross-site scripting (XSS) vulnerability in IBM Sterling Control Cente ...)
	NOT-FOR-US: IBM Sterling Control Center
CVE-2013-2968 (An unspecified buffer-read method in IBM Sterling Control Center (SCC) ...)
	NOT-FOR-US: IBM Sterling Control Center
CVE-2013-2967 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-2966
	RESERVED
CVE-2013-2965
	RESERVED
CVE-2013-2964 (Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through  ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-2963
	RESERVED
CVE-2013-2962 (Buffer overflow in the Launcher in IBM WebSphere Transformation Extend ...)
	NOT-FOR-US: IBM WebSphere Transformation Extender
CVE-2013-2961 (The internal web server in the Basic Services component in IBM Tivoli  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-2960 (Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivo ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-2959 (The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business  ...)
	NOT-FOR-US: IBM
CVE-2013-2958
	RESERVED
CVE-2013-2957 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data  ...)
	NOT-FOR-US: IBM
CVE-2013-2956 (SQL injection vulnerability in the Console in IBM InfoSphere Optim Dat ...)
	NOT-FOR-US: IBM
CVE-2013-2955 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data  ...)
	NOT-FOR-US: IBM
CVE-2013-2954 (The login page in the Console in IBM InfoSphere Optim Data Growth for  ...)
	NOT-FOR-US: IBM
CVE-2013-2953 (IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, ...)
	NOT-FOR-US: IBM
CVE-2013-2952
	RESERVED
CVE-2013-2951 (IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace fi ...)
	NOT-FOR-US: IBM
CVE-2013-2950 (CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-2949
	RESERVED
CVE-2013-2948
	RESERVED
CVE-2013-2947
	RESERVED
CVE-2013-2946
	RESERVED
CVE-2013-2945 (SQL injection vulnerability in blogs/admin.php in b2evolution before 4 ...)
	NOT-FOR-US: b2evolution
CVE-2013-2944 (strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDS ...)
	{DSA-2665-1}
	- strongswan 4.6.4-7
CVE-2013-2943
	RESERVED
CVE-2013-2942
	RESERVED
CVE-2013-2941
	RESERVED
CVE-2013-2940 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2939 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2938 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2937 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2936 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2935 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2934 (Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulativ ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2933 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka  ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2932
	RESERVED
CVE-2013-2931 (Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650 ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c  ...)
	- linux-2.6 <not-affected> (Introduced in v3.4)
	[wheezy] - linux <not-affected> (Introduced in v3.4)
	- linux 3.11.8-1
	NOTE: Introduced by ced39002f5ea
CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable  ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.10-1
	[wheezy] - linux 3.2.53-2
CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599 ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2927 (Use-after-free vulnerability in the HTMLFormElement::prepareForSubmiss ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2926 (Use-after-free vulnerability in the IndentOutdentCommand::tryIndenting ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2925 (Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink,  ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ( ...)
	{DSA-2786-1 DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
	- icu 4.8.1.1-13+nmu1 (bug #726477)
CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599 ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in B ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource func ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in Goo ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <unfixed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2918 (Use-after-free vulnerability in the RenderBlock::collapseAnonymousBloc ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in core/platfo ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote att ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ob ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google Chr ...)
	- chromium-browser <not-affected> (windows-specific issue)
CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost  ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet f ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2910 (Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceN ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to det ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before 30. ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as  ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in  ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2904 (Use-after-free vulnerability in the Document::finishedParsing function ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2903 (Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocu ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2902 (Use-after-free vulnerability in the XSLT ProcessingInstruction impleme ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt <not-affected> (according to https://chromiumcodereview.appspot.com/20856002 this is an issue on chromium's side of xslt handling)
CVE-2013-2901 (Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2900 (The FilePath::ReferencesParent function in files/file_path.cc in Googl ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) sub ...)
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <not-affected> (driver introduced in 2.6.35)
CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsy ...)
	- linux 3.10.11-1 (low)
	[wheezy] - linux <not-affected> (driver introduced in 3.7)
	- linux-2.6 <not-affected> (driver introduced in 3.7)
CVE-2013-2897 (Multiple array index errors in drivers/hid/hid-multitouch.c in the Hum ...)
	- linux 3.11.5-1 (low)
	- linux-2.6 <not-affected> (driver introduced in 2.6.38)
	[wheezy] - linux 3.2.53-1
CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem  ...)
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <not-affected> (Vulnerable feature probing code not present)
CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subs ...)
	- linux 3.11.5-1 (low)
	- linux-2.6 <not-affected> (driver introduced in 3.2)
	[wheezy] - linux 3.2.53-1
CVE-2013-2894 (drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) sub ...)
	- linux 3.11.5-1 (low)
	[wheezy] - linux <not-affected> (driver introduced in 3.6)
	- linux-2.6 <not-affected> (driver introduced in 3.6)
CVE-2013-2893 (The Human Interface Device (HID) subsystem in the Linux kernel through ...)
	{DSA-2906-1}
	- linux 3.11.5-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in  ...)
	{DSA-2766-1}
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <removed> (low)
CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subs ...)
	- linux 3.11.5-1 (low)
	[wheezy] - linux <not-affected> (steelseries driver introduced in 3.9)
	- linux-2.6 <not-affected> (steelseries driver introduced in 3.9)
CVE-2013-2890 (drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem i ...)
	- linux <not-affected> (buzz driver introduced in 3.11 cycle, only in experimental)
	- linux-2.6 <not-affected> (buzz driver introduced in 3.11 cycle)
CVE-2013-2889 (drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem i ...)
	{DSA-2906-1}
	- linux 3.11.5-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human Int ...)
	{DSA-2766-1}
	- linux 3.10.11-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.51-1
CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547 ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2886 (Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500 ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2885 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allo ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2884 (Use-after-free vulnerability in the DOM implementation in Google Chrom ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2883 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allo ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2882 (Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, whi ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2880 (Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500 ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2879 (Google Chrome before 28.0.1500.71 does not properly determine the circ ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2878 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a d ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2877 (parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0 ...)
	{DSA-2779-1 DSA-2724-1}
	- libxml2 2.9.1+dfsg1-1 (bug #715531)
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2876 (browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1 ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2875 (core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in B ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2874 (Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is us ...)
	- chromium-browser <not-affected> (Windows-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2873 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allo ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2872 (Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a suffic ...)
	- chromium-browser <not-affected> (MacOS specific)
CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allo ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2870 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allo ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2869 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a d ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2868 (common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71  ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2867 (Google Chrome before 28.0.1500.71 does not properly prevent pop-under  ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2866 (The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Go ...)
	- chromium-browser <not-affected> (Flash plugin not included in Chromium)
CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453 ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2864 (The PDF functionality in Google Chrome before 27.0.1453.110 allows rem ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL socket ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google Chrom ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 all ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass t ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in Goog ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 all ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 all ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows r ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2854 (Google Chrome before 27.0.1453.110 on Windows provides an incorrect ha ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2013-2853 (The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in dr ...)
	{DSA-2766-1 DSA-2745-1}
	- linux 3.9.8-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-2851 (Format string vulnerability in the register_disk function in block/gen ...)
	{DSA-2766-1 DSA-2745-1}
	- linux 3.9.8-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response fun ...)
	- linux 3.9.4-1
	- linux-2.6 <not-affected> (Introduced in 3.1)
	[wheezy] - linux 3.2.46-1
CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome b ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remot ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before 2 ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome befo ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 allo ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allo ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allo ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allo ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome befo ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of  ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google Chrom ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2836 (Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453 ...)
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2835 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin  ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2834 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin  ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2833 (Use-after-free vulnerability in the O3D plug-in in Google Chrome OS be ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2832 (The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2831
	RESERVED
CVE-2013-2830 (Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 all ...)
	NOT-FOR-US: SumatraPDF Reader
CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote at ...)
	NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server
CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for  ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2827 (An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, K ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2013-2826 (WellinTech KingSCADA before 3.1.2, KingAlarm&amp;Event before 3.1, and ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys Director Gatew ...)
	NOT-FOR-US: Elecsys Director Gateway
CVE-2013-2824 (Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo  ...)
	NOT-FOR-US: Schneider Electric StruxureWare SCADA Expert Vijeo Citect
CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intell ...)
	NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2822 (NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27. ...)
	NOT-FOR-US: NovaTech
CVE-2013-2821 (NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27. ...)
	NOT-FOR-US: NovaTech
CVE-2013-2820 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and  ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
CVE-2013-2819 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and  ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allow ...)
	NOT-FOR-US: e-terracontrol
CVE-2013-2817 (An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation  ...)
	NOT-FOR-US: Mitsubishi Electric Automation MC-WorX Suite
CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateway ...)
	NOT-FOR-US: Cooper Power Systems
CVE-2013-2815
	REJECTED
CVE-2013-2814 (Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote att ...)
	NOT-FOR-US: Cooper Power Systems
CVE-2013-2813 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateway ...)
	NOT-FOR-US: Cooper Power Systems
CVE-2013-2812
	RESERVED
CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intell ...)
	NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2810 (Emerson Process Management ROC800 RTU with software 3.50 and earlier,  ...)
	NOT-FOR-US: Emerson
CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for  ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information Managem ...)
	NOT-FOR-US: Xper
CVE-2013-2807 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...)
	NOT-FOR-US: Rockwell Automation
CVE-2013-2806 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...)
	NOT-FOR-US: Rockwell Automation
CVE-2013-2805 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...)
	NOT-FOR-US: Rockwell Automation
CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 ...)
	NOT-FOR-US: TOP Server OPC Server
CVE-2013-2803 (ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG a ...)
	NOT-FOR-US: ProSoft RadioLinx ControlScape
CVE-2013-2802 (The universal protocol implementation in Sixnet UDR before 2.0 and RTU ...)
	NOT-FOR-US: Sixnet
CVE-2013-2801 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remo ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2800 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remo ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2799
	REJECTED
CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL- ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2013-2797
	RESERVED
CVE-2013-2796 (Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and ...)
	NOT-FOR-US: Schneider Electric Vijeo Citect
CVE-2013-2795
	REJECTED
CVE-2013-2794 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DN ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2013-2793 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DN ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2013-2792 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL- ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2013-2791 (MatrikonOPC SCADA DNP3 OPC Server 1.2.0 allows remote attackers to cau ...)
	NOT-FOR-US: MatrikonOPC
CVE-2013-2790 (The master-station DNP3 driver before driver19.exe, and Beta2041.exe,  ...)
	NOT-FOR-US: IOServer
CVE-2013-2789 (The Kepware DNP Master Driver for the KEPServerEX Communications Platf ...)
	NOT-FOR-US: Kepware
CVE-2013-2788 (The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033  ...)
	NOT-FOR-US: SUBNET Solutions SubSTATION Server
CVE-2013-2787 (Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cau ...)
	NOT-FOR-US: Alstom e-terracontrol
CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studi ...)
	NOT-FOR-US: Alstom Grid MiCOM S1
CVE-2013-2785 (Multiple buffer overflows in CimWebServer.exe in the WebView component ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2013-2784 (Triangle Research International (aka Tri) Nano-10 PLC devices with fir ...)
	NOT-FOR-US: Triangle Research International
CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers t ...)
	NOT-FOR-US: IOServer DNP3 drivers
CVE-2013-2782 (Schneider Electric Trio J-Series License Free Ethernet Radio with firm ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S CODESYS G ...)
	NOT-FOR-US: 3S CODESYS Gateway
CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cau ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2013-2779 (Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on  ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-2778 (Cross-site request forgery (CSRF) vulnerability in addressbook/registe ...)
	NOT-FOR-US: PHP Address Book
CVE-2013-2777 (sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets op ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701839)
CVE-2013-2776 (sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701839)
CVE-2013-2775
	RESERVED
CVE-2013-2774
	RESERVED
CVE-2013-2773 (Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitr ...)
	NOT-FOR-US: Nitro PDF
CVE-2013-2772
	RESERVED
CVE-2013-2771
	RESERVED
CVE-2013-2770 (The installation functionality in the Novell Kanaka component before 2 ...)
	NOT-FOR-US: Novell Open Enterprise Server (OES) on Mac OS X
CVE-2013-2769
	RESERVED
CVE-2013-2768
	RESERVED
CVE-2013-2767 (Unspecified vulnerability in Citrix NetScaler Access Gateway Enterpris ...)
	NOT-FOR-US: Citrix NetScaler Access Gateway
CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...)
	NOT-FOR-US: Splunk
CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server allows  ...)
	- modsecurity-apache 2.6.6-9 (bug #710217)
	- libapache-mod-security <removed> (bug #710217)
	[wheezy] - modsecurity-apache 2.6.6-6+deb7u1
	[squeeze] - libapache-mod-security 2.5.12-1+squeeze2
	NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
CVE-2013-2764 (Secure Entry Server before 4.7.0 contains a URI Redirection vulnerabil ...)
	NOT-FOR-US: Secure Entry Server
CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote at ...)
	NOT-FOR-US: Schneider Electric M340 modules
CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default passwo ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-2761 (The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allo ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-2760 (Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers t ...)
	NOT-FOR-US: Groovy Media Player
CVE-2013-2759
	RESERVED
CVE-2013-2758 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerl ...)
	NOT-FOR-US: CloudStack
CVE-2013-2757 (Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 P ...)
	NOT-FOR-US: Citrix
CVE-2013-2756 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerl ...)
	NOT-FOR-US: CloudStack
CVE-2013-2755
	RESERVED
CVE-2013-2754 (Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS bef ...)
	NOT-FOR-US: Umisoft UMI.CMS
CVE-2013-2753
	RESERVED
CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_ha ...)
	NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the Fro ...)
	NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/handl ...)
	NOT-FOR-US: e107
CVE-2013-2749
	REJECTED
CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...)
	NOT-FOR-US: Belkin
CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...)
	NOT-FOR-US: Courion Access Risk Management Suite
CVE-2013-2746
	RESERVED
CVE-2013-2745 (An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 ...)
	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
CVE-2013-2744 (importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows  ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2743 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28 ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2742 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28 ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2741 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28 ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2740
	RESERVED
CVE-2013-2739 (MiniDLNA has heap-based buffer overflow ...)
	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
CVE-2013-2738 (minidlna has SQL Injection that may allow retrieval of arbitrary files ...)
	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
CVE-2013-2737 (A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x be ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2736 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2735 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2734 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2733 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x bef ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2732 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2731 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2730 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x bef ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2729 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x be ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2728 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-2727 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x be ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2726 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2725 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2724 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2723 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2722 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2721 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2720 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2719 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2718 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2717 (Multiple unspecified vulnerabilities in the System Management (aka Sys ...)
	NOT-FOR-US: EMC
CVE-2012-6573 (Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomple ...)
	NOT-FOR-US: DRUPAL-SA-CONTRIB-2012-136
CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...)
	- db4o <unfixed> (unimportant)
	NOTE: in doc package only
CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized  ...)
	NOT-FOR-US: Puppet Labs Puppet Enterprise
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...)
	NOT-FOR-US: Drupal module search_api
CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...)
	NOT-FOR-US: WordPress podPress Plugin
CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...)
	NOT-FOR-US: KrisonAV
CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...)
	NOT-FOR-US: KrisonAV
CVE-2013-2711
	RESERVED
CVE-2013-2710 (Cross-site request forgery (CSRF) vulnerability in the Contextual Rela ...)
	NOT-FOR-US: WordPress plugin Contextual Related Posts
CVE-2013-2709 (Cross-site request forgery (CSRF) vulnerability in the FourSquare Chec ...)
	NOT-FOR-US: WordPress plugin FourSquare Checkins
CVE-2013-2708 (Cross-site request forgery (CSRF) vulnerability in the Content Slide p ...)
	NOT-FOR-US: WordPress plugin Content Slide
CVE-2013-2707 (Cross-site request forgery (CSRF) vulnerability in the Login With Ajax ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-2706 (Cross-site request forgery (CSRF) vulnerability in the Stream Video Pl ...)
	NOT-FOR-US: WordPress plugin Stream Video Player
CVE-2013-2705 (Cross-site request forgery (CSRF) vulnerability in the WordPress Simpl ...)
	NOT-FOR-US: WordPress plugin Simple Paypal Shopping Cart
CVE-2013-2704 (Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu W ...)
	NOT-FOR-US: WordPress plugin Dropdown Menu Widget
CVE-2013-2703 (Cross-site request forgery (CSRF) vulnerability in the Facebook Member ...)
	NOT-FOR-US: Facebook Members plugin for WordPres
CVE-2013-2702 (Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Li ...)
	NOT-FOR-US: Easy AdSense Lite plugin for WordPress
CVE-2013-2701 (Cross-site request forgery (CSRF) vulnerability in the Social Sharing  ...)
	NOT-FOR-US: social sharing toolkit plugin for wp
CVE-2013-2700 (Cross-site request forgery (CSRF) vulnerability in the Add/Edit page ( ...)
	NOT-FOR-US: WordPress plugin WP125
CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the underConstructi ...)
	NOT-FOR-US: WordPress plugin underConstruction
CVE-2013-2698 (Cross-site request forgery (CSRF) vulnerability in the Calendar plugin ...)
	NOT-FOR-US: WordPress plugin calendar
CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the WP-DownloadMana ...)
	NOT-FOR-US: Wordpress plugin Downloadmanager
CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One Webm ...)
	NOT-FOR-US: WordPress plugin All in One Webmaster
CVE-2013-2695 (Cross-site scripting (XSS) vulnerability in invite.php in the WP Sympo ...)
	NOT-FOR-US: WordPress plugin wp-symposium
CVE-2013-2694 (Open redirect vulnerability in invite.php in the WP Symposium plugin 1 ...)
	NOT-FOR-US: WordPress plugin wp-symposium
CVE-2013-2693 (Cross-site request forgery (CSRF) vulnerability in the Options in the  ...)
	NOT-FOR-US: WordPress plugin WP-Print
CVE-2013-2692 (Cross-site request forgery (CSRF) vulnerability in the Admin web inter ...)
	NOT-FOR-US: OpenVPN Access Server
CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...)
	NOT-FOR-US: jetAudio
CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology SynC ...)
	NOT-FOR-US: Synchroweb Technology SynConnect 2.0
CVE-2013-2689
	RESERVED
CVE-2013-2688 (Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5 ...)
	NOT-FOR-US: QNX Software Development Platform
CVE-2013-2687 (Stack-based buffer overflow in the bpe_decompress function in (1) Blac ...)
	NOT-FOR-US: QNX
CVE-2013-2686 (main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1. ...)
	- asterisk 1:1.8.13.1~dfsg-2 (bug #704114)
	[squeeze] - asterisk <not-affected> (httpd code does not read HTTP POST variables)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20967
CVE-2013-2685 (Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk  ...)
	- asterisk <not-affected> (H264 code not yet present)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20901
CVE-2013-2684 (Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devic ...)
	NOT-FOR-US: Cisco
CVE-2013-2683 (Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disc ...)
	NOT-FOR-US: Cisco
CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vuln ...)
	NOT-FOR-US: Cisco
CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass V ...)
	NOT-FOR-US: Cisco
CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...)
	NOT-FOR-US: Cisco
CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...)
	NOT-FOR-US: Cisco
CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
	NOT-FOR-US: Cisco
CVE-2013-2677
	RESERVED
CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
	NOT-FOR-US: Brother
CVE-2013-2675 (Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable r ...)
	NOT-FOR-US: Brother devices
CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
	NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass  ...)
	NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
CVE-2013-2672 (Brother MFC-9970CDW devices with firmware 0D allow cleartext submissio ...)
	NOT-FOR-US: Brother MFC-9970CDW devices
CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...)
	NOT-FOR-US: Brother printer
CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW pr ...)
	NOT-FOR-US: Brother printer
CVE-2013-2669
	RESERVED
CVE-2013-2668
	RESERVED
CVE-2013-2667
	RESERVED
CVE-2013-2666
	RESERVED
CVE-2013-2665
	RESERVED
CVE-2013-2664
	RESERVED
CVE-2013-2663
	RESERVED
CVE-2013-2662
	RESERVED
CVE-2013-2661
	RESERVED
CVE-2013-2660
	RESERVED
CVE-2013-2659
	RESERVED
CVE-2013-2658
	RESERVED
CVE-2013-2657
	RESERVED
CVE-2013-2656
	RESERVED
CVE-2013-2655
	RESERVED
CVE-2013-2654
	RESERVED
CVE-2013-2653 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports login usin ...)
	- silverstripe <itp> (bug #528461)
CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab 3. ...)
	NOT-FOR-US: WebCollab
CVE-2013-2651 (Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 an ...)
	NOT-FOR-US: Boltwire
CVE-2013-2650
	RESERVED
CVE-2013-2649
	RESERVED
CVE-2013-2648
	RESERVED
CVE-2013-2647
	RESERVED
CVE-2013-2646 (TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of ...)
	NOT-FOR-US: TP-LINK
CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-L ...)
	NOT-FOR-US: TP-LINK Router
CVE-2013-2644
	REJECTED
CVE-2013-2643 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appl ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2013-2642 (Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to exe ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2013-2641 (Directory traversal vulnerability in patience.cgi in Sophos Web Applia ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress doe ...)
	NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS bef ...)
	NOT-FOR-US: CTERA Cloud Storage OS
CVE-2013-2638
	RESERVED
CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...)
	NOT-FOR-US: OTRS ITSM and OTRS FAQ
CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...)
	- linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux ker ...)
	- linux 3.2.41-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize c ...)
	{DSA-2668-1}
	- linux 3.2.41-2
	- linux-2.6 <removed>
CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET r ...)
	- piwik <itp> (bug #506933)
CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...)
	- libv8 <removed>
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	- libv8-3.14 <removed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...)
	NOT-FOR-US: TinyWebGallery
CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...)
	NOT-FOR-US: Leed
CVE-2013-2628 (Multiple cross-site request forgery (CSRF) vulnerabilities in action.p ...)
	NOT-FOR-US: Leed
CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), possib ...)
	NOT-FOR-US: Leed
CVE-2013-2626
	RESERVED
CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14,  ...)
	- otrs2 3.1.7+dfsg1-8
	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
	NOTE: DSA-2733-1
	NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...)
	NOT-FOR-US: Telean
CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2013-2621 (Open Redirection Vulnerability in the redir.php script in Telaen befor ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2013-2620
	RESERVED
CVE-2013-2619 (Directory traversal vulnerability in Aspen before 0.22 allows remote a ...)
	NOT-FOR-US: Aspen
CVE-2013-2618 (Cross-site scripting (XSS) vulnerability in editor.php in Network Weat ...)
	NOT-FOR-US: Network Weathermap
CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execut ...)
	NOT-FOR-US: Ruby Curl gem
CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote  ...)
	NOT-FOR-US: Ruby MiniMagick gem
CVE-2013-2615 (lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows re ...)
	NOT-FOR-US: Ruby fastreader gem
CVE-2013-2614
	RESERVED
CVE-2013-2613
	RESERVED
CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.20 ...)
	NOT-FOR-US: Huawei
CVE-2013-2611
	RESERVED
CVE-2013-2610
	RESERVED
CVE-2013-2609
	RESERVED
CVE-2013-2608
	RESERVED
CVE-2013-2607
	RESERVED
CVE-2013-2606
	RESERVED
CVE-2013-2605
	RESERVED
CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Insta ...)
	NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in Re ...)
	NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX co ...)
	NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allo ...)
	NOT-FOR-US: Citrix XenClient XT
CVE-2013-2600 (MiniUPnPd has information disclosure use of snprintf() ...)
	- miniupnpd 1.8.20130730-1 (bug #716936)
CVE-2013-2599 (A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonC ...)
	NOT-FOR-US: Qualcomm (Android)
CVE-2013-2598 (app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2013-2597 (Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c ...)
	NOT-FOR-US: Android Linux kernel (affects {sound/soc/,arch/arm/mach-}msm/qdsp6v2)
	NOTE: https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
CVE-2013-2596 (Integer overflow in the fb_mmap function in drivers/video/fbmem.c in t ...)
	- linux 3.9-1
	[wheezy] - linux 3.2.46-1
	NOTE: the issue comes from fbmem code from linux mainline, the exploit was just targetting motorola
	NOTE: phones that ship code that is based on the original linux code, but both are affected.
	NOTE: an exploit needs access to /dev/fb0 which is not world readable/writable on Debian
CVE-2013-2595 (The device-initialization functionality in the MSM camera driver for t ...)
	NOT-FOR-US: Qualcomm MSM Camera driver
CVE-2013-2594 (SQL injection vulnerability in reports/calldiary.php in Hornbill Suppo ...)
	NOT-FOR-US: Supportworks ITSM
CVE-2013-2593
	RESERVED
CVE-2013-2592
	RESERVED
CVE-2013-2591
	RESERVED
CVE-2013-2590
	RESERVED
CVE-2013-2589
	RESERVED
CVE-2013-2588
	RESERVED
CVE-2013-2587
	RESERVED
CVE-2013-2586 (XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which ...)
	NOT-FOR-US: XAMPPP
CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6. ...)
	- atmailopen <removed>
CVE-2013-2584
	RESERVED
CVE-2013-2583 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange A ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-2581 (cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, T ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2580 (Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Lin ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2579 (TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and p ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2578 (cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, T ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2577 (Buffer overflow in XnView before 2.04 allows remote attackers to execu ...)
	NOT-FOR-US: XnView
CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers to c ...)
	NOT-FOR-US: Artweaver
CVE-2013-2575
	RESERVED
CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...)
	NOT-FOR-US: Foscam
CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...)
	NOT-FOR-US: TP-Link
CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...)
	NOT-FOR-US: TP-Link
CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...)
	NOT-FOR-US: Xpient point of sale (POS)
CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
	NOT-FOR-US: Zavio
CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...)
	NOT-FOR-US: Zavio
CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
	NOT-FOR-US: Zavio
CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in  ...)
	NOT-FOR-US: Zavio
CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...)
	NOTE: Generic protocol flaw in RC4
CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux  ...)
	{DSA-2668-1}
	- linux 3.2.41-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel befor ...)
	{DSA-2668-1}
	- linux 3.2.41-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6547 (The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel  ...)
	- linux 3.2.29-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 2.6.32-47
CVE-2012-6546 (The ATM implementation in the Linux kernel before 3.6 does not initial ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6545 (The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 doe ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6544 (The Bluetooth protocol stack in the Linux kernel before 3.6 does not p ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6543 (The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kern ...)
	- linux <not-affected> (Affected code introduced in 3.5)
	- linux-2.6 <not-affected> (Affected code introduced in 3.5)
CVE-2012-6542 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel be ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6541 (The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the L ...)
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2012-6540 (The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6539 (The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6538 (The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux ke ...)
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
CVE-2012-6537 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initializ ...)
	{DSA-2668-1}
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6536 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify th ...)
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2012-XXXX [null pointer dereference]
	- chromium-browser 21.0.1180.57~r148591-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://seclists.org/fulldisclosure/2013/Mar/134
	NOTE: full disclosure post dosn't make it clear if a CVE was assigned for this or not, but it is fixed in the above version
CVE-2013-2565 (A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, edit ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2564 (Mambo CMS 4.6.5 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2563 (Mambo CMS 4.6.5 uses world-readable permissions on configuration.php,  ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2562 (Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2561 (OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary fi ...)
	- ibutils 1.5.7-2 (low; bug #704063)
	[squeeze] - ibutils <no-dsa> (Minor issue)
	[wheezy] - ibutils <no-dsa> (Minor issue)
CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam devic ...)
	NOT-FOR-US: Foscam
CVE-2013-2559 (SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote ...)
	NOT-FOR-US: Symphony CMS
CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote attacke ...)
	NOT-FOR-US: Windows 8
CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 allo ...)
	NOT-FOR-US: Internet Explorer
CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Windows 7
CVE-2013-2555 (Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x bef ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to b ...)
	NOT-FOR-US: Windows 7
CVE-2013-2553 (Unspecified vulnerability in the kernel in Microsoft Windows 7 allows  ...)
	NOT-FOR-US: Windows 7
CVE-2013-2552 (Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2013-2551 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Internet Explorer
CVE-2013-2550 (Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to  ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attack ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2548 (The crypto_report_one function in crypto/crypto_user.c in the report A ...)
	- linux 3.2.41-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2013-2547 (The crypto_report_one function in crypto/crypto_user.c in the report A ...)
	- linux 3.2.41-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2013-2546 (The report API in the crypto user configuration API in the Linux kerne ...)
	- linux 3.2.41-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2013-2545
	RESERVED
CVE-2013-2544
	RESERVED
CVE-2013-2543
	RESERVED
CVE-2013-2542
	RESERVED
CVE-2013-2541
	RESERVED
CVE-2013-2540
	RESERVED
CVE-2013-2539
	RESERVED
CVE-2013-2538
	RESERVED
CVE-2013-2537
	RESERVED
CVE-2013-2536
	RESERVED
CVE-2013-2535
	RESERVED
CVE-2013-2534
	RESERVED
CVE-2013-2533
	RESERVED
CVE-2013-2532
	RESERVED
CVE-2013-2531
	RESERVED
CVE-2013-2530
	RESERVED
CVE-2013-2529
	RESERVED
CVE-2013-2528
	RESERVED
CVE-2013-2527
	RESERVED
CVE-2013-2526
	RESERVED
CVE-2013-2525
	RESERVED
CVE-2013-2524
	RESERVED
CVE-2013-2523
	RESERVED
CVE-2013-2522
	RESERVED
CVE-2013-2521
	RESERVED
CVE-2013-2520
	RESERVED
CVE-2013-2519
	RESERVED
CVE-2013-2518
	REJECTED
CVE-2013-2517
	REJECTED
CVE-2013-2516 (Vulnerability in FileUtils v0.7, Ruby Gem Fileutils &lt;= v0.7 Command ...)
	- ruby-fileutils <itp> (bug #900515)
CVE-2013-2515
	RESERVED
CVE-2013-2514
	RESERVED
CVE-2013-2513
	RESERVED
CVE-2013-2512
	RESERVED
CVE-2013-2511
	RESERVED
CVE-2013-2510
	RESERVED
CVE-2013-2509
	RESERVED
CVE-2013-2508
	RESERVED
CVE-2013-2507 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...)
	NOT-FOR-US: Brother
CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1. ...)
	NOT-FOR-US: Spree
CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDr ...)
	{DSA-2844-1}
	- djvulibre 3.5.25.3-1
	NOTE: http://sourceforge.net/p/djvu/djvulibre-git/ci/d4f0f6d37fe6a1fb427cfa33a64ead1eff32d28e/
	NOTE: evince doesnt use an embedded version of this
CVE-2013-2505
	RESERVED
CVE-2013-2504 (Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in ...)
	NOT-FOR-US: Matrix42 Service Store
CVE-2013-2503 (Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and  ...)
	- privoxy 3.0.21-1 (low; bug #702896)
	[wheezy] - privoxy <no-dsa> (Minor issue)
	[squeeze] - privoxy <no-dsa> (Minor issue)
	NOTE: http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup
CVE-2013-2502
	RESERVED
CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews plug ...)
	NOT-FOR-US: Terillion Reviews plugin for Wordpress
CVE-2013-2500
	RESERVED
CVE-2013-2499 (SimpleHRM 2.3 and earlier could allow remote attackers to bypass the a ...)
	NOT-FOR-US: SimpleHRM
CVE-2013-2498 (SQL injection vulnerability in the login page in flexycms/modules/user ...)
	NOT-FOR-US: SimpleHRM
CVE-2013-2497
	RESERVED
CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FF ...)
	- libav 6:0.8.6-1 (bug #703200)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...)
	- libav 6:0.8.6-1 (bug #703200)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...)
	- isc-dhcp 4.2.4-6 (low; bug #704426)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u6
	[squeeze] - isc-dhcp <not-affected> (Only affects 4.2.x)
CVE-2013-2493 (The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in t ...)
	NOT-FOR-US: Google Chrome Frame plugin for Internet Explorer
CVE-2013-2492 (Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 185 ...)
	{DSA-2648-1 DSA-2647-1}
	- firebird2.1 <unfixed> (bug #702735)
	- firebird2.5 2.5.2~svn+54698.ds4-2 (bug #702736)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-4058
CVE-2013-2491
	RESERVED
CVE-2013-2490
	RESERVED
CVE-2013-2489
	RESERVED
CVE-2013-2488 (The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-22.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
	NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X
CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only 1.8.x series)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2486 (The dissect_diagnosticrequest function in epan/dissectors/packet-reloa ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only 1.8.x series)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-20.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2484 (The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-19.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2483 (The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the A ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-18.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8340
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-17.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2481 (Integer signedness error in the dissect_mount_dirpath_call function in ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-16.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2480 (The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8 ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-15.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2479 (The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mp ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-14.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8039
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2478 (The dissect_server_info function in epan/dissectors/packet-ms-mms.c in ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-13.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382
	NOTE: announce mentions: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2477 (The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly  ...)
	- wireshark 1.8.2-5
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-12.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383
	NOTE: Versions affected: 1.8.0 to 1.8.5
CVE-2013-2476 (The dissect_hartip function in epan/dissectors/packet-hartip.c in the  ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-11.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attack ...)
	- wireshark 1.8.2-5
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274
	NOTE: Versions affected: 1.8.0 to 1.8.5
CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...)
	NOT-FOR-US: AWS XMS
CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2472 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2471 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2470 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2469 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2468 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2467 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 5)
	- openjdk-7 <not-affected> (Only affects Java 5)
CVE-2013-2466 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2465 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2464 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2463 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2462 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2461 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2460 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2459 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2458 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2457 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 <not-affected> (Only applies to Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2456 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2455 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2454 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2453 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-7 7u25-2.3.10-1
	- openjdk-6 6b27-1.12.6-1
CVE-2013-2452 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2451 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2450 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2449 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2448 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2447 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2446 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2445 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2444 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2443 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-7 7u25-2.3.10-1
	- openjdk-6 6b27-1.12.6-1
CVE-2013-2442 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-2440 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2439 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-2438 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2437 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2436 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-2435 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2434 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2433 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2432 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2431 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-2430 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2429 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2428 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2427 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2426 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2013-2425 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only applies to Java 7)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-2424 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2423 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only applies to Java 7)
CVE-2013-2422 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2421 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2013-2420 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2419 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-2418 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2417 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2416 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2415 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2013-2414 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2413 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2412 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-7 7u25-2.3.10-1
	- openjdk-6 6b27-1.12.6-1
CVE-2013-2411 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle Primavera Products
CVE-2013-2410 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2409 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2407 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2406 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2405 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle Primavera Products
CVE-2013-2404 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2403 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2401 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2400 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2399 (Unspecified vulnerability in the Siebel Call Center component in Oracl ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2398 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2397 (Unspecified vulnerability in the Oracle Retail Central Office componen ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-2396 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-2395 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-2394 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2393 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-2392 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2391 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2390 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-2389 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
CVE-2013-2388 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-2387 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2386 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2384 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-2383 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-2382 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2381 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
CVE-2013-2380 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-2379 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2378 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 a ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2377 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2376 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.1 ...)
	{DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2375 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2374 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2373 (The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x befo ...)
	NOT-FOR-US: TIBCO Spotfire Web Player
CVE-2013-2372 (Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfi ...)
	NOT-FOR-US: TIBCO Spotfire Web Player
CVE-2013-2371 (The Web API in the Statistics Server in TIBCO Spotfire Statistics Serv ...)
	NOT-FOR-US: TIBCO Spotfire Statistics
CVE-2013-2370 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-2369 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-2368 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote  ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-2367 (Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21,  ...)
	NOT-FOR-US: HP SiteScope
CVE-2013-2366 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch  ...)
	NOT-FOR-US: HP Business Process Monitor
CVE-2013-2365 (HP Database and Middleware Automation (DMA) 10.x before 10.10, when SS ...)
	NOT-FOR-US: HP DMA
CVE-2013-2364 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP SMH
CVE-2013-2363 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...)
	NOT-FOR-US: HP SMH
CVE-2013-2362 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP SMH
CVE-2013-2361 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP SMH
CVE-2013-2360 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP SMH
CVE-2013-2359 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP SMH
CVE-2013-2358 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP SMH
CVE-2013-2357 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP SMH
CVE-2013-2356 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...)
	NOT-FOR-US: HP SMH
CVE-2013-2355 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...)
	NOT-FOR-US: HP SMH
CVE-2013-2354
	REJECTED
CVE-2013-2353 (Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before ...)
	NOT-FOR-US: HP
CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage d ...)
	NOT-FOR-US: HP
CVE-2013-2351 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9. ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2013-2350 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: Data Protector
CVE-2013-2349 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: Data Protector
CVE-2013-2348 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: Data Protector
CVE-2013-2347 (The Backup Client Service (OmniInet.exe) in HP Storage Data Protector  ...)
	NOT-FOR-US: Data Protector
CVE-2013-2346 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: Data Protector
CVE-2013-2345 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: Data Protector
CVE-2013-2344 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...)
	NOT-FOR-US: Data Protector
CVE-2013-2343 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...)
	NOT-FOR-US: HP
CVE-2013-2342 (The HP StoreOnce D2D backup system with software before 3.0.0 has a de ...)
	NOT-FOR-US: HP StoreOnce D2D backup system
CVE-2013-2341 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, J ...)
	NOT-FOR-US: HP
CVE-2013-2340 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, J ...)
	NOT-FOR-US: HP
CVE-2013-2339 (HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Cli ...)
	NOT-FOR-US: HP Smart Zero Client
CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) car ...)
	NOT-FOR-US: HP Integrated Lights-Out
CVE-2013-2337 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9 ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-2336 (HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8 ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-2335 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2334 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2333 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2332 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2331 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2330 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2329 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2328 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2327 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2326 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2325 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2324 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2323 (HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are  ...)
	NOT-FOR-US: HP
CVE-2013-2322 (HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are  ...)
	NOT-FOR-US: HP
CVE-2013-2321 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tie ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-2320
	RESERVED
CVE-2013-2319 (FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.5 ...)
	NOT-FOR-US: FileMaker Pro
CVE-2013-2318 (The Content Provider in the MovatwiTouch application before 1.793 and  ...)
	NOT-FOR-US: MovatwiTouch
CVE-2013-2317 (The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile  ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2013-2316 (The Yahoo! Browser application 1.4.4 and earlier for Android allows re ...)
	NOT-FOR-US: Yahoo! Browser application for Android
CVE-2013-2315 (data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 th ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2314 (Cross-site scripting (XSS) vulnerability in the adminAuthorization fun ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2313 (Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3 ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2312 (Cross-site scripting (XSS) vulnerability in the shopping-cart screen i ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2311 (Cross-site scripting (XSS) vulnerability in static/js/share.js (aka th ...)
	- web2py <not-affected> (Vulnerable code not present)
CVE-2013-2310 (SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP  ...)
	NOT-FOR-US: SoftBank Wi-Fi Spot Configuration Software
CVE-2013-2309 (Cross-site scripting (XSS) vulnerability in the management screen in O ...)
	NOT-FOR-US: OpenPNE
CVE-2013-2308 (The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Servic ...)
	NOT-FOR-US: SoftBank Online Service Gate
CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows remote  ...)
	NOT-FOR-US: Yahoo! Browser application for Android
CVE-2013-2306 (The jigbrowser+ application before 1.6.4 for Android does not properly ...)
	NOT-FOR-US: jigbrowser+ application for Android
CVE-2013-2305 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office befor ...)
	NOT-FOR-US: Cybozu
CVE-2013-2304 (The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile  ...)
	NOT-FOR-US: Sleipnir
CVE-2013-2303 (Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to  ...)
	NOT-FOR-US: Sleipnir
CVE-2013-2302 (TransWARE Active! mail 6, when an external public interface is used, a ...)
	NOT-FOR-US: TransWARE Active! mail
CVE-2013-2301 (The OMRON OpenWnn application before 1.3.6 for Android uses weak permi ...)
	NOT-FOR-US: OpenWnn application
CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier  ...)
	NOT-FOR-US: FlickWnn Android App
CVE-2013-2299 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess (forme ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2013-2298 (Multiple stack-based buffer overflows in the XML parser in BOINC 7.x a ...)
	- boinc 7.0.65+dfsg-1 (low)
	[wheezy] - boinc <no-dsa> (Minor issue, only exploitable by a rogue BOINC server)
	[squeeze] - boinc <no-dsa> (Minor issue, only exploitable by a rogue BOINC server)
	NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b
CVE-2013-2297 (Eucalyptus EuStore sets a blank root password in the default configura ...)
	- eucalyptus <removed>
CVE-2013-2296 (Walrus in Eucalyptus before 3.2.2 does not verify authorization for th ...)
	- eucalyptus <removed> (bug #707592)
	NOTE: commit: https://github.com/eucalyptus/eucalyptus/commit/da7bb8b7c15d453e62df38eff5c12d0998e6eab1
	NOTE: https://eucalyptus.atlassian.net/browse/EUCA-3074
CVE-2013-2295
	RESERVED
CVE-2013-2294 (Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before  ...)
	NOT-FOR-US: ViewGit
CVE-2013-2293 (The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before ...)
	- bitcoin 0.8.1-2 (bug #705265)
CVE-2013-2292 (bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to ca ...)
	- bitcoin 0.8.1-1
CVE-2013-2291
	RESERVED
CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of the Aruba ...)
	NOT-FOR-US: Aruba Networks ArubaOS
CVE-2013-2289 (Cross-site scripting (XSS) vulnerability in admin/templates/default.ph ...)
	NOT-FOR-US: Batavi
CVE-2013-2288
	RESERVED
CVE-2013-2287 (Multiple cross-site scripting (XSS) vulnerabilities in views/notify.ph ...)
	NOT-FOR-US: WordPress plugin Uploader
CVE-2013-2286
	RESERVED
CVE-2013-2285
	RESERVED
CVE-2013-2284
	RESERVED
CVE-2013-2283
	RESERVED
CVE-2013-2282
	RESERVED
CVE-2013-2281
	RESERVED
CVE-2013-2280
	RESERVED
CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standal ...)
	NOT-FOR-US: CA SiteMinder
CVE-2013-2278 (Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when runni ...)
	NOT-FOR-US: War FTP Daemon
CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcod ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1 (bug #703200)
CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg  ...)
	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in Puppe ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-2274 (Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 al ...)
	{DSA-2643-1}
	- puppet 2.7-1
	NOTE: Only affects puppet 2.6.x
CVE-2013-2273 (bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0  ...)
	- bitcoin 0.8.1-1
CVE-2013-2272 (The penny-flooding protection mechanism in the CTxMemPool::accept meth ...)
	- bitcoin 0.8.1-2 (bug #705266)
CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active admi ...)
	NOT-FOR-US: D-Link DSL-2740B Gateway
CVE-2013-2270 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
	NOT-FOR-US: Airvana
CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in Go ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <not-affected> (Vulnerable code not present)
	NOTE: MathML added in chromium 24.x, disabled again in 25.x
CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to  ...)
	NOT-FOR-US: Novell Sentinel Log Manager
CVE-2013-2267 (PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3 ...)
	NOT-FOR-US: FUDforum
CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...)
	{DSA-2656-1}
	- bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174)
CVE-2013-2265
	RESERVED
CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2,  ...)
	- asterisk 1:1.8.13.1~dfsg-2 (low; bug #704114)
	[squeeze] - asterisk <no-dsa> (Minor information leak)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013
CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 5. ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2013-2262 (Cryptocat strophe.js before 2.0.22 has information disclosure ...)
	NOT-FOR-US: Cryptocat
CVE-2013-2261 (Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Informat ...)
	NOT-FOR-US: Cryptocat
CVE-2013-2260 (Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Ent ...)
	NOT-FOR-US: Cryptocat
CVE-2013-2259 (Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conver ...)
	NOT-FOR-US: Cryptocat
CVE-2013-2258 (Cryptocat before 2.0.22 has Nickname User Impersonation ...)
	NOT-FOR-US: Cryptocat
CVE-2013-2257 (Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brut ...)
	NOT-FOR-US: Cryptocat
CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 do ...)
	- nova 2013.1.2-3 (bug #718905)
	[wheezy] - nova <not-affected> (Affected code not present)
CVE-2013-2255 (HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, ...)
	- keystone 2014.1-1
	[wheezy] - keystone <no-dsa> (Minor issue)
	- swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5)
	NOTE: Fixes for keystone: https://review.openstack.org/#/c/76476/
CVE-2013-2254 (The deepGetOrCreateNode function in impl/operations/AbstractCreateOper ...)
	NOT-FOR-US: Apache Sling
CVE-2013-2253
	RESERVED
CVE-2013-2252
	RESERVED
CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute  ...)
	- libstruts1.2-java <not-affected> (Only affect 2.x)
CVE-2013-2250 (Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05 ...)
	NOT-FOR-US: Apache OFBiz
CVE-2013-2249 (mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Ser ...)
	- apache2 2.4.6-1
	[wheezy] - apache2 <not-affected> (mod_session_dbd available apache 2.3 and later only)
	[squeeze] - apache2 <not-affected> (mod_session_dbd available apache 2.3 and later only)
CVE-2013-2248 (Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through  ...)
	- libstruts1.2-java <not-affected> (Only affect 2.x)
CVE-2013-2247 (The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and  ...)
	NOT-FOR-US: Fast Permissions Administration Drupal contributed module
CVE-2013-2246 (mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2. ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232503
CVE-2013-2245 (rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x befo ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232502
CVE-2013-2244 (Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionli ...)
	- moodle <not-affected> (Only affects 2.4.x and 2.5.x)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232501
CVE-2013-2243 (mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x befo ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232500
CVE-2013-2242 (mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before  ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232498
CVE-2013-2241 (modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows ...)
	- gallery3 <itp> (bug #511715)
CVE-2013-2240 (lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly rem ...)
	- gallery3 <itp> (bug #511715)
CVE-2013-2239 (vzkernel before 042stab080.2 in the OpenVZ modification for the Linux  ...)
	{DSA-2766-1}
	- linux-2.6 <removed> (low)
	- linux <not-affected> (openvz flavour no longer included after Squeeze)
CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function  ...)
	- freeswitch <itp> (bug #389591)
CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux  ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed> (low)
	- linux 3.9.4-1 (low)
	NOTE: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
CVE-2013-2236 (Stack-based buffer overflow in the new_msg_lsa_change_notify function  ...)
	{DSA-2803-1}
	- quagga 0.99.22.4-1 (bug #726724)
	NOTE: http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html
CVE-2013-2235
	RESERVED
CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions  ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed>
	- linux 3.10.1-1
CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to conduct m ...)
	- ansible 1.3.4+dfsg-1 (bug #714822)
	NOTE: https://github.com/ansible/ansible/issues/857
CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux ke ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed>
	- linux 3.10.1-1
CVE-2013-2231 (Unquoted Windows search path vulnerability in the QEMU Guest Agent ser ...)
	- qemu <not-affected> (Only affects win32 build)
CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows re ...)
	- libvirt 1.1.0-3 (bug #715559)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
CVE-2013-2229
	REJECTED
CVE-2013-2228 (SaltStack RSA Key Generation allows remote users to decrypt communicat ...)
	- salt 0.15.1-1
	NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3
CVE-2013-2227 (GLPI 0.83.7 has Local File Inclusion in common.tabs.php. ...)
	- glpi 0.83.91-1 (bug #714720; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow rem ...)
	- glpi 0.83.91-1 (bug #714720; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2225 (inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attacker ...)
	- glpi 0.83.91-1 (bug #714720; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2224 (A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterpr ...)
	- linux-2.6 <not-affected> (Caused by RHEL backport)
	- linux <not-affected> (Caused by RHEL backport)
CVE-2013-2223 (GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive i ...)
	- libzrtpcpp 2.3.4-1 (bug #714650)
	[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
	[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2222 (Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allo ...)
	- libzrtpcpp 2.3.4-1 (bug #714650)
	[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
	[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU Z ...)
	- libzrtpcpp 2.3.4-1 (bug #714650)
	[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
	[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius e ...)
	{DSA-2726-1}
	- php-radius 1.2.5-2.4 (bug #714362)
	NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...)
	- 389-ds-base 1.3.2.9-1 (bug #718325)
CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...)
	- libvirt 1.1.0-1 (bug #714699)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
	NOTE: Vulnerable code introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=7ac2c4fe624f30f2c8270116513fa2ddab07631f
CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local users  ...)
	- suds 0.4.1-8 (low; bug #714340)
	[squeeze] - suds 0.3.9-1+deb6u1
	[wheezy] - suds 0.4.1-5+deb7u1
CVE-2013-2216
	RESERVED
CVE-2013-2215
	REJECTED
CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does no ...)
	- nagios3 3.4.1-4 (low)
	[wheezy] - nagios3 3.4.1-3+deb7u1
	[squeeze] - nagios3 <no-dsa> (disputed, minor issue)
	NOTE: Disputed issue; claimed work as designed, may be rejected
CVE-2013-2213 (The KRandom::random function in KDE Paste Applet after 4.10.5 in kdepl ...)
	- kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied)
CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ca ...)
	- xen 4.3.0-1 (unimportant)
	NOTE: Hardware design flaw, no software solution
	NOTE: http://xenbits.xen.org/xsa/advisory-60.html
CVE-2013-2211 (The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2 ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <not-affected> (libxl not packaged in squeeze)
CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference functionalit ...)
	{DSA-2717-1}
	- xml-security-c 1.6.1-7 (bug #714241)
	NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
CVE-2013-2209 (Cross-site scripting (XSS) vulnerability in the auto-complete widget i ...)
	NOT-FOR-US: Reviewboard (this was once in experimental, but removed later on)
CVE-2013-2208 (tpp 1.3.1 allows remote attackers to execute arbitrary commands via a  ...)
	- tpp 1.3.1-3 (low; bug #706644)
	[squeeze] - tpp <no-dsa> (Minor issue)
	[wheezy] - tpp <no-dsa> (Minor issue)
CVE-2016-2856 (pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie;  ...)
	- eglibc <removed>
	[squeeze] - eglibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- glibc 2.21-1 (low)
	[jessie] - glibc 2.19-18+deb8u4
	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/07/2
CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not pr ...)
	- eglibc <removed>
	[squeeze] - eglibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- glibc 2.21-1 (low; bug #717544)
	[jessie] - glibc 2.19-18+deb8u4
	NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69
CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in th ...)
	{DSA-2766-1}
	- linux-2.6 <removed>
	- linux 3.9.4-1
	[wheezy] - linux 3.2.46-1
CVE-2013-2205 (The default configuration of SWFUpload in WordPress before 3.5.2 has a ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2204 (moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media  ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2203 (WordPress before 3.5.2, when the uploads directory forbids write acces ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2202 (WordPress before 3.5.2 allows remote attackers to read arbitrary files ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2201 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2200 (WordPress before 3.5.2 does not properly check the capabilities of rol ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2199 (The HTTP API in WordPress before 3.5.2 allows remote attackers to send ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2198 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7. ...)
	NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2197 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7. ...)
	NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2195 (The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest adm ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2194 (Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2193 (Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the K ...)
	NOT-FOR-US: Apache HBase
	NOTE: There was the package in unstable, but never in a release, see #630821
CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alph ...)
	NOT-FOR-US: Apache Hadoop
	NOTE: There was the package in unstable, but never in a release, see 630820
CVE-2013-2191 (python-bugzilla before 0.9.0 does not validate X.509 certificates, whi ...)
	NOT-FOR-US: python-bugzilla
CVE-2013-2190 (The translate_hierarchy_event function in x11/clutter-device-manager-x ...)
	- clutter-1.0 1.14.4-3 (low; bug #714264)
	[squeeze] - clutter-1.0 <no-dsa> (Minor issue)
	[wheezy] - clutter-1.0 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701974
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=954054
CVE-2013-2189 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to caus ...)
	- libreoffice 1:3.4.3-1 (unimportant)
	- openoffice.org 1:3.3.0-1 (unimportant)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
	NOTE: Plain crasher, not treated as security issue
CVE-2013-2188 (A certain Red Hat patch to the do_filp_open function in fs/namei.c in  ...)
	- linux-2.6 <not-affected> (RHEL-specific issue)
	- linux <not-affected> (RHEL-specific issue)
CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through ...)
	NOT-FOR-US: Apache Archiva
CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red Ha ...)
	{DSA-2827-1}
	- libcommons-fileupload-java 1.3-2.1 (bug #726601)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in Apac ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw fun ...)
	{DSA-3183-1}
	- movabletype-opensource 5.2.7+dfsg-1 (bug #712602)
	[squeeze] - movabletype-opensource <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2013/q2/568
	NOTE: http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html
CVE-2013-2183 (Monkey HTTP Daemon has local security bypass ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2182 (The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5 ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2181 (Cross-site scripting (XSS) vulnerability in the Directory Listing plug ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2180
	RESERVED
	NOT-FOR-US: uk-cookie Wordpress plugin
CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing ...)
	- xdm <not-affected> (Not affected when PAM is used)
	[squeeze] - xdm <not-affected> (same as above and glibc too old)
	[wheezy] - xdm <not-affected> (same as above and glibc too old)
	NOTE: http://www.openwall.com/lists/oss-security/2013/06/11/5
CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ap ...)
	{DSA-2708-1}
	- fail2ban 0.8.10-1
CVE-2013-2177 (Cross-site scripting (XSS) vulnerability in the Display Suite module 7 ...)
	NOT-FOR-US: third party drupal module (Display Suite)
CVE-2013-2176 (Unquoted Windows search path vulnerability in the Red Hat Enterprise V ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Apt service
CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...)
	{DSA-2711-1}
	- haproxy 1.4.24-1
CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in lib/e ...)
	{DSA-2713-1}
	- curl 7.31.0-1
CVE-2013-2173 (wp-includes/class-phpass.php in WordPress 3.5.1, when a password-prote ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2172 (jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache San ...)
	{DSA-3065-1 DLA-85-1}
	- libxml-security-java 1.5.5-2 (bug #720375)
	NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementati ...)
	{DSA-2714-1}
	- kfreebsd-9 9.0-12 (bug #712664)
	- kfreebsd-8 <not-affected> (Only affects 9.x)
CVE-2013-2170
	REJECTED
CVE-2013-2169
	REJECTED
CVE-2013-2168 (The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix ...)
	{DSA-2707-1}
	- dbus 1.6.12-1
	[squeeze] - dbus <not-affected> (Introduced in 1.4.16)
CVE-2013-2167 (python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache s ...)
	- python-keystoneclient 1:0.2.5-2 (bug #713819)
	[wheezy] - python-keystoneclient <not-affected> (Vulnerable code not present)
CVE-2013-2166 (python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache e ...)
	- python-keystoneclient 1:0.2.5-2 (bug #713819)
	[wheezy] - python-keystoneclient <not-affected> (Vulnerable code not present)
CVE-2013-2165 (ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementati ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed> (low)
	- linux 3.9.8-1 (low)
CVE-2013-2163 (Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to c ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2162 (Race condition in the post-installation script (mysql-server-5.5.posti ...)
	{DSA-2818-1 DLA-75-1}
	- mysql-5.5 5.5.35+dfsg-1 (low; bug #711600)
	- mysql-5.1 <removed> (low)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, can be included in a future DSA)
CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift Fol ...)
	{DSA-2737-1}
	- swift 1.8.0-6 (low; bug #712202)
	[wheezy] - swift 1.4.8-2+deb7u1
CVE-2013-2160 (The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x befo ...)
	NOT-FOR-US: Apache CXF
CVE-2013-2159 (Monkey HTTP Daemon: broken user name authentication ...)
	- monkey <removed>
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2158 (Cross-site request forgery (CSRF) vulnerability in the Services module ...)
	NOT-FOR-US: Services Drupal contributed modules
CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when u ...)
	- keystone 2013.1.2-1 (bug #712160)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2013-2156 (Heap-based buffer overflow in the Exclusive Canonicalization functiona ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2155 (Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7. ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2154 (Stack-based buffer overflow in the XML Signature Reference functionali ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp)  ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2152 (Unquoted Windows search path vulnerability in the SPICE service, as us ...)
	NOT-FOR-US: Spice service for Windows
CVE-2013-2151 (Unquoted Windows search path vulnerability in Red Hat Enterprise Virtu ...)
	NOT-FOR-US: RHEV Agent for Windows
CVE-2013-2150 (Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ...)
	- owncloud <not-affected> (affects only experimental version)
CVE-2013-2149 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.16debian-1 (bug #711517)
CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c ...)
	{DSA-2745-1}
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (fanotify introduced in 2.6.36)
	- linux 3.9.8-1 (low)
CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 cont ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.5-1 (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8. ...)
	- linux-2.6 <not-affected> (Introduced in 3.1)
	- linux 3.9.4-1
	[wheezy] - linux 3.2.46-1
CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module befo ...)
	- libmodule-signature-perl 0.73-1 (bug #711239)
	[wheezy] - libmodule-signature-perl 0.68-1+deb7u1
	[squeeze] - libmodule-signature-perl 0.63-1+squeeze1
CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not  ...)
	NOT-FOR-US: RHEV Manager
CVE-2013-2143 (The users controller in Katello 1.5.0-14 and earlier, and Red Hat Sate ...)
	NOT-FOR-US: Katello
CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME  ...)
	- libimobiledevice 1.1.5-0.1 (low; bug #710885)
	[squeeze] - libimobiledevice <not-affected> (Vulnerable code was introduced later)
	[wheezy] - libimobiledevice <not-affected> (Vulnerable code was introduced later)
CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before 3. ...)
	{DSA-2766-1 DSA-2669-1}
	- linux-2.6 <removed>
	- linux 3.9.4-1
CVE-2013-2140 (The dispatch_discard_io function in drivers/block/xen-blkback/blkback. ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.10.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2013-2139 (Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows  ...)
	{DSA-2840-1}
	- srtp 1.4.5~20130609~dfsg-1 (bug #711163)
CVE-2013-2138 (The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0 ...)
	- gallery <not-affected> (Old 1.5 version not affected)
CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View Log" screen in t ...)
	NOT-FOR-US: Apache OFBiz
CVE-2013-2136 (Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudSta ...)
	NOT-FOR-US: Apache CloudStack
CVE-2013-2135 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html
CVE-2013-2134 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html
CVE-2013-2133 (The EJB invocation handler implementation in Red Hat JBossWS, as used  ...)
	NOT-FOR-US: JBoss WS
CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2 ...)
	{DSA-2705-1}
	- pymongo 2.5.2-1 (bug #710597)
	[squeeze] - pymongo <not-affected> (bson module not present)
	NOTE: https://jira.mongodb.org/browse/PYTHON-532
	NOTE: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
CVE-2013-2131 (Format string vulnerability in the rrdtool module 1.4.7 for Python, as ...)
	- rrdtool 1.4.8-1 (unimportant; bug #708866)
	NOTE: Non-issue, calling application need to perform sanitising
CVE-2013-2130 (ZNC 1.0 allows remote authenticated users to cause a denial of service ...)
	- znc 1.0-5 (bug #720632)
	[squeeze] - znc <not-affected> (Vulnerable code not present)
	[wheezy] - znc <not-affected> (Vulnerable code not present)
CVE-2013-2129 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...)
	NOT-FOR-US: Webform Drupal contributed module
CVE-2013-2128 (The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel befor ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-24
	- linux 2.6.35-1~experimental.1
	NOTE: https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae
CVE-2013-2127 (Buffer overflow in the exposure correction code in LibRaw before 0.15. ...)
	- libraw <not-affected> (Only affects 0.15, 0.15 was only in experimental)
	- libkdcraw <not-affected> (embeds libraw 0.14)
	- darktable <not-affected> (embeds libraw 0.14)
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
	NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in ...)
	- libraw 0.15.3-1 (low; bug #710353)
	[wheezy] - libraw <no-dsa> (Not suitable for code injection, minor issue)
	[squeeze] - libraw <not-affected> (Vulnerable code not present)
	- libkdcraw 4:4.8.4-2 (low; bug #711317)
	[wheezy] - libkdcraw <no-dsa> (Not suitable for code injection, minor issue)
	- darktable 1.2.1-2 (unimportant; bug #711316)
	NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable
	- kdegraphics <removed>
	[squeeze] - kdegraphics <not-affected> (embedded version of kdcraw+libraw too old)
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
	NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which al ...)
	- opensmtpd 5.3.3p1-1
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/18/8
CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before  ...)
	- libguestfs 1:1.20.8-1 (bug #710290)
	[wheezy] - libguestfs <not-affected> (Vulnerable code not present)
	NOTE: Introduced with commit https://github.com/libguestfs/libguestfs/commit/5a3da366268825b26b470cde35658b67c1d11cd4
CVE-2013-2123 (The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3 ...)
	NOT-FOR-US: Node access user reference Drupal contributed module
CVE-2013-2122 (The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not prope ...)
	NOT-FOR-US: Edit Limit Drupal contributed module
CVE-2013-2121 (Eval injection vulnerability in the create method in the Bookmarks con ...)
	- foreman <itp> (bug #663101)
CVE-2013-2120 (The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste  ...)
	- kdeplasma-addons 4:5.3.2-2 (low; bug #710497)
	[jessie] - kdeplasma-addons <no-dsa> (Minor issue)
	[wheezy] - kdeplasma-addons <no-dsa> (Minor issue)
	[squeeze] - kdeplasma-addons <no-dsa> (Minor issue)
	NOTE: Original fix https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce not sufficient
CVE-2013-2119 (Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby al ...)
	- ruby-passenger 3.0.13debian-1.1 (low; bug #710351)
	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23  ...)
	{DSA-2694-1}
	- spip 2.1.22-1 (bug #709674)
CVE-2013-2117 (Directory traversal vulnerability in the cgit_parse_readme function in ...)
	- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in G ...)
	{DSA-2697-1}
	- gnutls26 2.12.23-5 (bug #709301)
	[squeeze] - gnutls26 <not-affected> (vulnerable code not backported)
CVE-2013-2115 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-2114 (Unrestricted file upload vulnerability in the chunk upload API in Medi ...)
	- mediawiki 1:1.19.7+dfsg-1
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2013-2113 (The create method in app/controllers/users_controller.rb in Foreman be ...)
	- foreman <itp> (bug #663101)
CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.1 ...)
	{DSA-2703-1}
	- subversion 1.7.9-1+nmu2 (bug #711033)
	NOTE: http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...)
	- dovecot <not-affected> (vulnerable code appeared in 2.2)
	[squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2)
	[wheezy] - dovecot  <not-affected> (vulnerable code appeared in 2.2)
CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ex ...)
	- php5 5.5.0~rc3+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
	NOTE: vulnerability introduced with commit http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629
CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...)
	NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...)
	NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update  ...)
	NOT-FOR-US: WordPress plugin mail-on-update
CVE-2013-2106 (webauth before 4.6.1 has authentication credential disclosure ...)
	- webauth <not-affected> (vulnerable code only in 4.4.1 up to 4.5.2)
CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local  ...)
	NOT-FOR-US: Show In Browser Ruby Gem
CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Fol ...)
	- keystone <not-affected> (Vulnerable code only in experimental versions of keystone)
	[wheezy] - keystone <not-affected> (PKI token support not yet present)
	- python-keystoneclient 1:0.2.5-1
	[wheezy] - python-keystoneclient <not-affected> (vulnerable code not present)
	NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/
	NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/
	NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient
CVE-2013-2103 (OpenShift cartridge allows remote URL retrieval ...)
	NOT-FOR-US: OpenShift
CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 enables ...)
	NOT-FOR-US: GateIn Portal
CVE-2013-2101 (Katello has multiple XSS issues in various entities ...)
	NOT-FOR-US: Katello
CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...)
	NOT-FOR-US: Gentoo Portage binary package installer
CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname functio ...)
	{DLA-1107-1}
	- python2.7 2.7.5-5 (low; bug #709066)
	[wheezy] - python2.7 <not-affected> (Backport was introduced in 2.7.3-11)
	- linkchecker 8.5-1 (low; bug #709067)
	[wheezy] - linkchecker <no-dsa> (Minor issue)
	[squeeze] - linkchecker <no-dsa> (Minor issue)
	- python3.2 <removed> (low; bug #708530)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.2-3 (low; bug #708530)
	- python2.6 <not-affected> (Introduced in Python 3.2)
	- python2.5 <not-affected> (Introduced in Python 3.2)
	- python3.1 <not-affected> (Introduced in Python 3.2)
	- bzr 2.6.0~bzr6574-1 (low; bug #709068)
	[squeeze] - bzr <no-dsa> (Minor issue)
	- python-urllib3 1.6-2 (low; bug #709070)
	[wheezy] - python-urllib3 <no-dsa> (Minor issue)
	- python-tornado 2.4.1-3 (low; bug #709069)
	[wheezy] - python-tornado <no-dsa> (Minor issue)
	[squeeze] - python-tornado <no-dsa> (Minor issue)
	- w3af <unfixed> (low; bug #709071)
	[jessie] - w3af <no-dsa> (Minor issue)
	[wheezy] - w3af <no-dsa> (Minor issue)
	[squeeze] - w3af <no-dsa> (Minor issue)
	- u1db 13.10-1 (low; bug #709486)
CVE-2013-2098
	REJECTED
CVE-2013-2097 (ZPanel through 10.1.0 has Remote Command Execution ...)
	NOT-FOR-US: zPanel
CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify t ...)
	- nova 2013.1.2-2 (low; bug #710157)
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-2095 (rubygem-openshift-origin-controller: API can be used to create applica ...)
	NOT-FOR-US: openshift-origin-controller Ruby Gem
CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Linux ke ...)
	{DSA-2669-1}
	- linux 3.8.11-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-2093 (Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewim ...)
	- dolibarr 3.3.4-1 (high)
CVE-2013-2092 (Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote att ...)
	- dolibarr 3.3.4-1
CVE-2013-2091 (SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote at ...)
	- dolibarr 3.3.4-1
CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche ...)
	NOT-FOR-US: Creme Fraiche Ruby Gem
CVE-2013-2089 (Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows rem ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23  ...)
	- subversion 1.7.5-1 (unimportant)
	NOTE: 1.7.5 upstream does not ship anymore the contrib/ directory
	NOTE: both affected tools not installed into the binary packages
CVE-2013-2087 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 befor ...)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2013-2086 (The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote  ...)
	- owncloud <not-affected> (Only owncloud 5.0.x)
CVE-2013-2085 (Directory traversal vulnerability in apps/files_trashbin/index.php in  ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2084
	RESERVED
CVE-2013-2083 (The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10 ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
CVE-2013-2082 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2. ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245
CVE-2013-2081 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2. ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
CVE-2013-2080 (The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
CVE-2013-2079 (mod/assign/locallib.php in the assignment module in Moodle 2.3.x befor ...)
	- moodle <not-affected> (Only affects 2.3 and later)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443
CVE-2013-2078 (Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users  ...)
	{DSA-3006-1}
	- xen 4.2.2-1
	[squeeze] - xen <not-affected> (No PVSAVE support in squeeze)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
CVE-2013-2077 (Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of ...)
	{DSA-3006-1}
	- xen 4.2.2-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only sa ...)
	{DSA-3006-1}
	- xen 4.2.2-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
CVE-2013-2075 (Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-r ...)
	- chicken <not-affected> (Incomplete fix was never applied)
CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows att ...)
	{DLA-952-1}
	- kde4libs 4:4.10.5-1 (low; bug #707776)
	[squeeze] - kde4libs <no-dsa> (Minor issue)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=319428
	NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=65d736dab592bced4410ccfa4699de89f78c96ca
	NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=898135a59d91184692ed1bcee8bb4c6d80d6f7b9
CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 certi ...)
	- transifex-client 0.9-1 (low)
	[wheezy] - transifex-client <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2013/q2/394
CVE-2013-2072 (Buffer overflow in the Python bindings for the xc_vcpu_setaffinity cal ...)
	{DSA-3041-1}
	- xen 4.2.2-1 (low)
	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7 ...)
	{DSA-2897-1}
	- tomcat7 7.0.40-1 (bug #707704)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and  ...)
	{DSA-2721-1}
	- nginx 1.4.1-1 (bug #708164)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18. ...)
	NOT-FOR-US: Red Hat livecd-tools
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/23/2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299
CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the f ...)
	{DSA-2897-1 DSA-2725-1}
	- tomcat7 7.0.33
	- tomcat6 6.0.37
CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to c ...)
	{DSA-2674-1}
	- libxv 2:1.0.7-1+deb7u1
CVE-2013-2065 ((1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 ...)
	{DLA-235-1}
	- ruby1.9.1 1.9.3.448-1 (low)
	[wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u1
	- ruby1.8 <not-affected> (Only affects 1.9 and 2.x)
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732
CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to t ...)
	{DSA-2686-1}
	- libxcb 1.8.1-2+deb7u1
CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers t ...)
	{DSA-2689-1}
	- libxtst 2:1.2.1-1+deb7u1
CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X se ...)
	{DSA-2685-1}
	- libxp 1:1.0.1-2+deb7u1
CVE-2013-2061 (The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...)
	- openvpn 2.3.1-1 (low; bug #707329)
	[squeeze] - openvpn 2.1.3-2+squeeze2
	[wheezy] - openvpn 2.2.1-8+deb7u1
	NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
CVE-2013-2060 (The download_from_url function in OpenShift Origin allows remote attac ...)
	NOT-FOR-US: OpenShift
CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly bef ...)
	- keystone 2013.1.1-2 (bug #707598)
	[wheezy] - keystone 2012.1.1-13+wheezy1
	NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html
CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Linux ke ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.8-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2
CVE-2013-2057 (YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Includ ...)
	NOT-FOR-US: YaBB
CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Sate ...)
	NOT-FOR-US: RHN Satellite
CVE-2013-2055 (Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x  ...)
	NOT-FOR-US: Apache Wicket
CVE-2013-2054 (Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3. ...)
	- strongswan 4.3.4-1
	NOTE: http://download.strongswan.org/patches/11_pluto_atodn_patch/CVE-2013-2054.txt
CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when  ...)
	{DSA-2893-1}
	- openswan <removed> (low; bug #709144)
CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when O ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txt
CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat En ...)
	- tomcat6 <not-affected> (RedHat-specific issue)
	- tomcat7 <not-affected> (RedHat-specific issue)
CVE-2013-2050 (SQL injection vulnerability in the miq_policy controller in Red Hat Cl ...)
	NOT-FOR-US: CloudForms Management Engine
CVE-2013-2049 (Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers  ...)
	NOT-FOR-US: CloudForms Management Engine
CVE-2013-2048 (ownCloud before 5.0.6 does not properly check permissions, which allow ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2047 (The login page (aka index.php) in ownCloud before 5.0.6 does not disab ...)
	- owncloud <not-affected> (Only 5.0.x)
CVE-2013-2046 (SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4. ...)
	- owncloud <not-affected> (Only affects 4.5.x)
CVE-2013-2045 (SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x bef ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2044 (Open redirect vulnerability in the Login Page (index.php) in ownCloud  ...)
	- owncloud <not-affected> (Only 5.0.x)
CVE-2013-2043 (apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before ...)
	- owncloud <not-affected> (Only 5.0.x and 4.5.x)
CVE-2013-2042 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.15debian-1
CVE-2013-2041 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x  ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2040 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.15debian-1
CVE-2013-2039 (Directory traversal vulnerability in lib/files/view.php in ownCloud be ...)
	- owncloud 4.0.15debian-1
CVE-2013-2038 (The NMEA0183 driver in gpsd before 3.9 allows remote attackers to caus ...)
	- gpsd 3.6-5 (bug #706665)
	[wheezy] - gpsd 3.6-4+deb7u1
	[squeeze] - gpsd <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
CVE-2013-2037 (httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, ...)
	- python-httplib2 0.8-2 (low; bug #706602)
	[squeeze] - python-httplib2 <no-dsa> (Minor issue)
	[wheezy] - python-httplib2 0.7.4-2+deb7u1
	NOTE: http://openwall.com/lists/oss-security/2013/05/01/5
CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x ...)
	NOT-FOR-US: Drupal module Filebrowser
CVE-2013-2035 (Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni ...)
	- hawtjni 1.10-1 (low; bug #708293)
	[wheezy] - hawtjni 1.0~+git0c502e20c4-3+deb7u1
CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins  ...)
	- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS  ...)
	- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2032 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extens ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.6-1 (low; bug #706601)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46590
CVE-2013-2031 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attacke ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.6-1 (bug #706601)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=47304
CVE-2013-2030 (keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, a ...)
	- nova <not-affected> (Option not present in nova/2012.1.1)
	NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
CVE-2013-2029 (nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...)
	- nagios3 <not-affected> (Affected file nagios.upgrade_to_v3.sh not in Debian)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8
CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx  ...)
	- nginx <not-affected> (Vulnerable code not present)
CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class ...)
	[experimental] - jython 2.7.0+repack-1
	- jython 2.7.1+repack-1 (low; bug #777079)
	[stretch] - jython <ignored> (Minor issue)
	[jessie] - jython <ignored> (Minor issue)
	[wheezy] - jython <no-dsa> (Minor issue)
	[squeeze] - jython <no-dsa> (Minor issue)
	NOTE: http://bugs.jython.org/issue2044
	NOTE: The original issue seem addressed in 2.7.0+repack-1, but still files
	NOTE: might be created/written to /usr/share/jython/cachedir/packages
	NOTE: which should not be in /usr beeing a cachedir.
CVE-2013-2026
	REJECTED
CVE-2013-2025 (Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x th ...)
	NOT-FOR-US: Ushahidi
CVE-2013-2024 (OS command injection vulnerability in the "qs" procedure from the "uti ...)
	- chicken 4.8.0.3-1 (bug #706525)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html
CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
	- jquery-jplayer 2.1.0-2
	NOTE: used for jPlayer 2.2.23 XSS
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...)
	- jquery-jplayer 2.1.0-2
	NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
	NOTE: used for jPlayer 2.2.20 XSS
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
	- clamav 0.97.8+dfsg-1
	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before  ...)
	- clamav 0.97.8+dfsg-1
	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
CVE-2013-2019 (Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote ...)
	- boinc 6.13.6+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
	NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156
CVE-2013-2018 (Multiple SQL injection vulnerabilities in BOINC allow remote attackers ...)
	- boinc 7.0.65+dfsg-1 (low)
	[squeeze] - boinc <not-affected> (Vulnerable code not present)
	[wheezy] - boinc <no-dsa> (Minor issue)
	NOTE: server-maker not shipped in squeeze
CVE-2013-2017 (The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6. ...)
	- linux 2.6.34-1
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ec82562ffc6f297d0de36d65776cff8e5704867
	NOTE: http://marc.info/?l=linux-netdev&m=127310770900442&w=3
CVE-2013-2016 (A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validat ...)
	- qemu 1.5.0+dfsg-1 (bug #710822)
	[jessie] - qemu <not-affected> (vulnerability introduced in 1.3.0)
	[wheezy] - qemu <not-affected> (vulnerability introduced in 1.3.0)
	[squeeze] - qemu <not-affected> (vulnerability introduced in 1.3.0)
	- qemu-kvm <not-affected> (vulnerability introduced in 1.3.0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html
	NOTE: http://marc.info/?l=oss-security&m=136722323931507&w=2
	NOTE: Only pratically affects virtio-rng according to oss-reference (and if mmap_min_addr = 0)
CVE-2013-2015 (The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel be ...)
	{DSA-2669-1 DSA-2668-1}
	- linux 3.8-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-2014 (OpenStack Identity (Keystone) before 2013.1 allows remote attackers to ...)
	- keystone 2013.1.1-2 (bug #708515)
	[wheezy] - keystone <no-dsa> (Minor issue)
CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...)
	- python-keystoneclient 1:0.2.5-1 (bug #709535)
	[wheezy] - python-keystoneclient 2012.1-3+deb7u1
	NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315
	NOTE: https://review.openstack.org/28702
CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via a Tro ...)
	- autojump <not-affected> (vulnerable code not present for unstable)
	NOTE: experimental affected as per 21.5.1-1, see #706252
	NOTE: experimental fixed as 21.5.1-2
CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...)
	NOT-FOR-US: WP Super Cache
	NOTE: this issue exists because of an incomplete fix for CVE-2013-2009
CVE-2013-2010 (WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Executio ...)
	NOT-FOR-US: W3 Total Cache
CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...)
	NOT-FOR-US: WP Super Cache
CVE-2013-2008 (WordPress Super Cache Plugin 1.3 has XSS. ...)
	NOT-FOR-US: WP Super Cache
CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when s ...)
	- qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental)
	- qemu-kvm <not-affected> (qemu guest agent introduced in 1.4)
CVE-2013-2006 (OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode loggin ...)
	- keystone 2013.1.1-2
	[wheezy] - keystone <no-dsa> (Minor issue)
	NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py
	NOTE: https://bugs.launchpad.net/keystone/+bug/1172195
CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the X ...)
	{DSA-2680-1}
	- libxt 1:1.1.3-1+deb7u1
CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in X.org lib ...)
	{DSA-2693-1}
	- libx11 2:1.5.0-1+deb7u1
CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows X serve ...)
	{DSA-2681-1}
	- libxcursor 1:1.1.13-1+deb7u1
CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to c ...)
	{DSA-2680-1}
	- libxt 1:1.1.3-1+deb7u1
CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers ...)
	{DSA-2692-1}
	- libxxf86vm 1:1.1.2-1+deb7u1
CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow ...)
	{DSA-2690-1}
	- libxxf86dga 2:1.1.3-2+deb7u1
CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to ...)
	{DSA-2675-1}
	- libxvmc 2:1.0.8-1
CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X ser ...)
	{DSA-2683-1}
	- libxi 2:1.6.1-1+deb7u1
CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ear ...)
	{DSA-2693-1}
	- libx11 2:1.5.0-1+deb7u1
CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger allocation o ...)
	{DSA-2687-1}
	- libfs 2:1.0.4-1+deb7u1
CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger allocation o ...)
	{DSA-2683-1}
	- libxi 2:1.6.1-1+deb7u1
CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro ...)
	{DSA-2679-1}
	- xserver-xorg-video-openchrome 1:0.2.906-2+deb7u1
CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier a ...)
	{DSA-2678-1}
	- mesa 8.0.5-6
CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X s ...)
	{DSA-2673-1}
	- libdmx 1:1.1.2-1+deb7u1
CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allo ...)
	{DSA-2690-1}
	- libxxf86dga 2:1.1.3-2+deb7u1
CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X  ...)
	{DSA-2675-1}
	- libxvmc 2:1.0.8-1
CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X se ...)
	{DSA-2674-1}
	- libxv 2:1.0.7-1+deb7u1
CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X  ...)
	{DSA-2688-1}
	- libxres 2:1.0.6-1+deb7u1
CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow ...)
	{DSA-2677-1}
	- libxrender 1:0.9.7-1+deb7u1
CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow  ...)
	{DSA-2684-1}
	- libxrandr 2:1.3.2-2+deb7u1
CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows X serve ...)
	{DSA-2691-1}
	- libxinerama 2:1.1.2-1+deb7u1
CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X se ...)
	{DSA-2683-1}
	- libxi 2:1.6.1-1+deb7u1
CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X servers t ...)
	{DSA-2676-1}
	- libxfixes 1:5.0-4+deb7u1
CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X  ...)
	{DSA-2682-1}
	- libxext 2:1.3.1-2+deb7u1
CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ea ...)
	{DSA-2693-1}
	- libx11 2:1.5.0-1+deb7u1
CVE-2013-1980 (Buffer overflow in the get_dsmp function in loaders/masi_load.c in lib ...)
	- xmp 3.4.0-3 (low; bug #706667)
	[wheezy] - xmp <no-dsa> (Minor issue)
	[squeeze] - xmp <no-dsa> (Minor issue)
CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kernel bef ...)
	{DSA-2669-1}
	- linux 3.8.11-1
	- linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c ...)
	{DSA-2813-1}
	- gimp 2.8.10-0.1 (bug #731305)
CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf,  ...)
	- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2
CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...)
	- tomcat6 <not-affected> (RedHat-specific issue)
	- tomcat7 <not-affected> (RedHat-specific issue)
CVE-2013-1975
	RESERVED
CVE-2013-1974
	RESERVED
CVE-2013-1973 (The autocomplete callback in Autocomplete Widgets for Text and Number  ...)
	NOT-FOR-US: Drupal contributed module
CVE-2013-1972 (Cross-site request forgery (CSRF) vulnerability in the elFinder file m ...)
	NOT-FOR-US: Drupal contributed module
CVE-2013-1971 (Cross-site scripting (XSS) vulnerability in the MP3 Player module for  ...)
	NOT-FOR-US: Drupal contributed module
CVE-2013-1970
	REJECTED
CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly  ...)
	- libxml2 <not-affected> (Affecting only 2.9.x, see bug #705722)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authent ...)
	{DSA-2703-1}
	- subversion 1.7.9-1+nmu2 (bug #711033)
	NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in M ...)
	- owncloud <not-affected> (Vulnerable code not present)
	NOTE: oC >= 4.5 only
CVE-2013-1966 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-1965 (Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 b ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-1964 (Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releas ...)
	{DSA-2666-1}
	- xen 4.1.4-3
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
CVE-2013-1963 (The contacts application in ownCloud before 4.5.10 and 5.x before 5.0. ...)
	- owncloud <not-affected> (Vulnerable code not present)
	NOTE: oC >= 4.5 only
CVE-2013-1962 (The remoteDispatchStoragePoolListAllVolumes function in the storage po ...)
	- libvirt <not-affected> (Vulnerable code not present)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in tiff ...)
	{DSA-2698-1 DLA-610-1}
	- tiff 4.0.2-6+nmu1 (bug #706674)
	- tiff3 3.9.7-1 (bug #712840)
CVE-2013-1960 (Heap-based buffer overflow in the t2p_process_jpeg_strip function in t ...)
	{DSA-2698-1}
	- tiff 4.0.2-6+nmu1 (bug #706675)
	- tiff3 <not-affected> (tiff command line tools not build in tiff3)
CVE-2013-1959 (kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have ...)
	- linux 3.8.11-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
CVE-2013-1958 (The scm_check_creds function in net/core/scm.c in the Linux kernel bef ...)
	- linux 3.8.13-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users)
CVE-2013-1957 (The clone_mnt function in fs/namespace.c in the Linux kernel before 3. ...)
	- linux 3.8.13-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users)
CVE-2013-1956 (The create_user_ns function in kernel/user_namespace.c in the Linux ke ...)
	- linux 3.8.11-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users)
CVE-2013-1955 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php a ...)
	NOT-FOR-US: Easy PHP Calendar
CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
	{DSA-2973-1}
	- vlc 2.0.6-1 (bug #705136)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.videolan.org/security/sa1302.html
CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in A ...)
	- autotrace 0.31.1-16+nmu1 (low; bug #742873)
	[wheezy] - autotrace <no-dsa> (Minor issue)
	[squeeze] - autotrace <no-dsa> (Minor issue)
	- gimp 2.6.10-1
	NOTE: Gimp was fixed earlier, but only Squeeze version was checked
	NOTE: In gimp code introduced with d9c6f88141aecf956c5d721168f795de0e3027b8
	NOTE: and fixed with 57f805a159874107c6c98065f9aa648c3634b8fd
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98
CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, ...)
	{DSA-2666-1}
	- xen 4.1.4-4
CVE-2013-1951 (A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5  ...)
	- mediawiki 1:1.19.5-1
	[squeeze] - mediawiki <end-of-life>
CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remot ...)
	- libtirpc <not-affected> (regression code not present)
	NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe
	NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9
CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress con ...)
	NOT-FOR-US: Wordpress Social Media Widget
CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...)
	NOT-FOR-US: Ruby gem md2pdf
CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers  ...)
	NOT-FOR-US: Ruby Gem kelredd-pruview
CVE-2013-1946 (The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7. ...)
	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-1945 (ruby193 uses an insecure LD_LIBRARY_PATH setting. ...)
	NOT-FOR-US: Red Hat specific packaging flaw of Ruby in Red Hat OpenShift Enterprise
CVE-2013-1944 (The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 d ...)
	{DSA-2660-1}
	- curl 7.29.0-2.1 (bug #705274)
	[wheezy] - curl 7.26.0-1+wheezy2
	NOTE: http://curl.haxx.se/docs/adv_20130412.html
CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check whethe ...)
	- linux <not-affected> (RHEL-specific backport regression)
	- linux-2.6 <not-affected> (RHEL-specific backport regression)
CVE-2013-1942 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...)
	- owncloud <not-affected> (Depends on libjs-jquery-jplayer)
	- jquery-jplayer 2.1.0-2
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/
	NOTE: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d
CVE-2013-1941 (The installation routine in ownCloud Server before 4.0.14, 4.5.x befor ...)
	- owncloud 5.0.4~rc1+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-015/
CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...)
	{DSA-2661-1}
	- xorg-server 2:1.12.4-6
CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7,  ...)
	- owncloud <not-affected> (Windows version only)
	- php-sabredav <not-affected> (running in Windows hosts)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/
CVE-2013-1938 (Zimbra 2013 has XSS in aspell.php ...)
	NOT-FOR-US: Zimbra
CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in  ...)
	- phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable)
	NOTE: http://seclists.org/fulldisclosure/2013/Apr/100
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
CVE-2013-1936
	REJECTED
CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package bef ...)
	- linux <not-affected> (RHEL-specific backport regression)
	- linux-2.6 <not-affected> (RHEL-specific backport regression)
CVE-2013-1934 (A cross-site scripting (XSS) vulnerability in the configuration report ...)
	{DSA-3120-1}
	- mantis <removed> (low; bug #717482)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...)
	NOT-FOR-US: Karteek Docsplit Ruby Gem
CVE-2013-1932 (A cross-site scripting (XSS) vulnerability in the configuration report ...)
	- mantis <not-affected> (affects Mantis 1.2.13 only)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1931 (A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows r ...)
	- mantis <not-affected> (affects Mantis 1.2.14 only)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1930 (MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the wor ...)
	- mantis <not-affected> (affects only Mantis 1.2.12 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...)
	{DSA-2669-1 DSA-2668-1}
	- linux 3.8.11-1
	- linux-2.6 <removed>
CVE-2013-1928 (The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linu ...)
	{DSA-2668-1}
	- linux 3.2.35-1
	- linux-2.6 <removed>
CVE-2013-1927 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remo ...)
	- icedtea-web 1.3.2-1
CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the sa ...)
	- icedtea-web 1.3.2-1
CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2013-1924 (Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerabi ...)
	NOT-FOR-US: Commerce Skrill Drupal module
CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...)
	- nfs-utils 1:1.2.8-1 (low; bug #707401)
	[squeeze] - nfs-utils <no-dsa> (Minor issue)
	[wheezy] - nfs-utils 1:1.2.6-4
CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ...)
	- xen <not-affected> (qemu-nbd-xen built, but not installed into the binary packages)
	- qemu 1.5.0+dfsg-1 (low; bug #705544)
	[squeeze] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- xen-qemu-dm-4.0 <not-affected> (qemu-nbd not installed by the binary package)
CVE-2013-1921 (PicketBox, as used in Red Hat JBoss Enterprise Application Platform be ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform (Debian's jboss only provides some classes)
CVE-2013-1920 (Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under m ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not build with XSM_ENABLE, thus resulted binary packages not affected
CVE-2013-1919 (Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which a ...)
	{DSA-2662-1}
	- xen 4.1.4-3
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and ea ...)
	{DSA-2666-1}
	- xen 4.1.4-4
CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not ...)
	{DSA-2662-1}
	- xen 4.1.4-3
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
CVE-2013-1916
	RESERVED
	NOT-FOR-US: WordPress plugin
CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ...)
	{DSA-2659-1}
	- modsecurity-apache 2.6.6-6 (bug #704625)
	- libapache-mod-security <removed>
	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
	NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2
CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-2 (low; bug #704623)
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X Win ...)
	{DSA-2813-1}
	- gimp 2.8.10-0.1 (bug #731305)
CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5- ...)
	{DSA-2711-1}
	- haproxy 1.4.23-1 (bug #704611)
	NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211
CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attack ...)
	NOT-FOR-US: ldoce ruby gem
CVE-2013-1910 (yum does not properly handle bad metadata, which allows an attacker to ...)
	- yum <unfixed> (unimportant)
	NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0
	NOTE: Only used for bootstraps of chroots, see README.Debian
CVE-2013-1909 (The Python client in Apache Qpid before 2.2 does not verify that the s ...)
	- qpid-python 0.22-1 (low; bug #714133)
	[wheezy] - qpid-python <no-dsa> (Minor issue)
CVE-2013-1908 (The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Com ...)
	NOT-FOR-US: Drupal module
CVE-2013-1907 (The Commons Group module before 7.x-3.1 for Drupal, as used in the Com ...)
	NOT-FOR-US: Drupal module
CVE-2013-1906 (Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x b ...)
	NOT-FOR-US: Drupal module Rules
CVE-2013-1905 (Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1 ...)
	NOT-FOR-US: Drupal theme Zero Point
CVE-2013-1904 (Absolute path traversal vulnerability in steps/mail/sendmail.inc in Ro ...)
	- roundcube 0.7.2-9
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
CVE-2013-1903 (PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x bef ...)
	- postgresql-9.1 <not-affected> (installer related)
	- postgresql-8.4 <not-affected> (installer related)
CVE-2013-1902 (PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.1 ...)
	- postgresql-9.1 <not-affected> (installer related)
	- postgresql-8.4 <not-affected> (installer related)
CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly ...)
	{DSA-2658-1}
	- postgresql-9.1 9.1.9-1
CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 ...)
	{DSA-2658-1 DSA-2657-1}
	- postgresql-9.1 9.1.9-1
	- postgresql-8.4 8.4.17-1
CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1 ...)
	{DSA-2658-1}
	- postgresql-9.1 9.1.9-1 (bug #704479)
CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remo ...)
	NOT-FOR-US: Ruby gem Thumbshooter
CVE-2013-1897 (The do_search function in ldap/servers/slapd/search.c in 389 Directory ...)
	- 389-ds-base 1.3.2.9-1 (bug #704421)
	NOTE: http://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286
	NOTE: https://fedorahosted.org/389/ticket/47308
CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly de ...)
	- apache2 2.4.6-1 (low; bug #717272)
	[wheezy] - apache2 2.2.22-13+deb7u1
	[squeeze] - apache2 2.2.16-6+squeeze12
	NOTE: http://www.gossamer-threads.com/lists/apache/announce/427633
CVE-2013-1895 (The py-bcrypt module before 0.3 for Python does not properly handle co ...)
	- python-bcrypt 0.4-1 (bug #704030)
	[squeeze] - python-bcrypt <not-affected> (thread support only introduced after 0.1 release)
	NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558
CVE-2013-1894
	REJECTED
CVE-2013-1893 (SQL injection vulnerability in addressbookprovider.php in ownCloud Ser ...)
	- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...)
	- mongodb 1:2.4.1-1 (bug #704042)
	[wheezy] - mongodb 1:2.0.6-1.1
	[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
CVE-2013-1891
	RESERVED
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
	- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...)
	- libapache2-mod-ruid2 0.9.8-1 (low; bug #704066)
	[wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
	NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
CVE-2013-1888 (pip before 1.3 allows local users to overwrite arbitrary files via a s ...)
	- python-pip <not-affected>
	[squeeze] - python-pip <not-affected>
	NOTE: https://github.com/pypa/pip/pull/780/files
	NOTE: Not-affected as vulnerable code only in 1.3, and 1.3.1-1 fixed the issue.
CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...)
	- drupal6 <not-affected> (only affects 7.x-3.x to 7.x-3.6)
	- drupal7 <not-affected> (views module not packaged)
CVE-2013-1886 (Format string vulnerability in the token processing system (pki-tps) i ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2013-1885 (Multiple cross-site scripting (XSS) vulnerabilities in the token proce ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
	- subversion 1.7.9-1 (bug #704940)
	[wheezy] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
	[squeeze] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
	NOTE: http://bugs.debian.org/704940#32
	NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote a ...)
	- mantis <not-affected> (only affects 1.2.12 to 1.2.14)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3
CVE-2013-1882
	RESERVED
CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary f ...)
	- librsvg 2.40.0-1 (bug #724741)
	[wheezy] - librsvg 2.36.1-2
	[squeeze] - librsvg 2.26.3-1+deb6u2
CVE-2013-1880 (Cross-site scripting (XSS) vulnerability in the Portfolio publisher se ...)
	- activemq <not-affected> (portfolio demo app not shipped in Debian package)
	NOTE: https://issues.apache.org/jira/browse/AMQ-4398
CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache Ac ...)
	- activemq <not-affected> (scheduler not shipped in Debian package)
	NOTE: https://issues.apache.org/jira/browse/AMQ-4397
CVE-2013-1878
	REJECTED
CVE-2013-1877
	REJECTED
CVE-2013-1876
	REJECTED
CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote attacke ...)
	NOT-FOR-US: ruby gem command_wrap
CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8.2 all ...)
	- chicken 4.8.0.3-1 (low; bug #702410)
	[squeeze] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
CVE-2013-1873 [linux kernel kernel stack memory disclosure]
	REJECTED
CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent atta ...)
	{DSA-2704-1}
	- mesa 8.0.5-7
	[squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2013-1871 (Cross-site scripting (XSS) vulnerability in account/EditAddress.do in  ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-1870
	REJECTED
CVE-2013-1869 (CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Re ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earli ...)
	{DSA-2973-1}
	- vlc 2.0.5-1
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.videolan.org/security/sa1301.html
	NOTE: The freetype issue is a harmless NULL deref and won't be fixed
CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...)
	NOT-FOR-US: Gemalto Tokend
CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...)
	NOT-FOR-US: OpenSC.tokend (different from src:opensc)
CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...)
	- keystone <not-affected> (only affects folsom)
	NOTE: fixed in experimental with keystone/2012.2.3-2
CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
	- ekiga 4.0.1-1 (low; bug #704133)
	[wheezy] - ekiga <no-dsa> (Minor issue)
	[squeeze] - ekiga <no-dsa> (Minor issue)
CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain  ...)
	- samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
	NOTE: http://www.samba.org/samba/history/samba-4.0.4.html
	NOTE: http://www.samba.org/samba/security/CVE-2013-1863
CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2. ...)
	- apache2 2.4.1-1 (unimportant)
	[wheezy] - apache2 2.2.22-13+deb7u1
	[squeeze] - apache2 2.2.16-6+squeeze12
	NOTE: Such injection issues are not treated as security issues
CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, ...)
	{DSA-2818-1 DSA-2780-1}
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.33+dfsg-1 (low; bug #706715)
	- mysql-5.1 <removed> (low; bug #706715)
	NOTE: https://mariadb.atlassian.net/browse/MDEV-4252
CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in drivers/ ...)
	{DSA-2668-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...)
	NOT-FOR-US: Drupal module Node Parameter Control
CVE-2013-1858 (The clone system-call implementation in the Linux kernel before 3.8.3  ...)
	- linux <not-affected> (Only exploitable starting with 3.7)
	- linux-2.6 <not-affected> (Only exploitable starting with 3.7)
	NOTE: http://stealth.openwall.net/xSports/clown-newuser.c
CVE-2013-1857 (The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ...)
	{DSA-2655-1}
	- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
	- ruby-actionpack-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1856 (The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini ...)
	- ruby-activesupport-2.3 <not-affected> (Only affects 3.x and later)
	- ruby-activesupport-3.2 3.2.6-6 (bug #703350)
	- rails <not-affected> (Only affects 3.x and later)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1855 (The sanitize_css method in lib/action_controller/vendor/html-scanner/h ...)
	{DSA-2655-1}
	- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
	- ruby-actionpack-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ...)
	{DSA-2655-1}
	- ruby-activerecord-3.2 3.2.6-5 (bug #703348)
	- ruby-activerecord-2.3 2.3.14-6
	- ruby-activesupport-2.3 2.3.14-7
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when clos ...)
	- almanah 0.9.1-1 (bug #702905)
	[squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager  ...)
	NOT-FOR-US: WordPress plugin LeagueManager
CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
	- owncloud 4.0.8debian-1.6 (bug #703094)
	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and (2 ...)
	- owncloud 4.0.8debian-1.6 (bug #703094)
	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://seclists.org/fulldisclosure/2013/Mar/56
CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect argume ...)
	- linux 3.2.41-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8
CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before  ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before  ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
CVE-2013-1844 (Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows r ...)
	- piwik <itp> (bug #506933)
CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3  ...)
	{DSA-2646-1}
	- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x be ...)
	{DSA-2646-1}
	- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
	- libnet-server-perl <unfixed> (low; bug #702914)
	[buster] - libnet-server-perl <ignored> (Minor issue)
	[stretch] - libnet-server-perl <ignored> (Minor issue)
	[jessie] - libnet-server-perl <ignored> (Minor issue)
	[wheezy] - libnet-server-perl <ignored> (Minor issue)
	[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909
CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Gr ...)
	- glance 2012.1.1-5 (bug #703063)
CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x befo ...)
	- squid3 <not-affected> (the errors were introduced in trunk rev.11496 in 3.2.0.9)
	NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not affecting 3.1?
	NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796
CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)  ...)
	- nova 2012.1.1-15 (bug #703064)
CVE-2013-1837
	RESERVED
CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1835 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1834 (notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2 ...)
	- moodle 2.5-1 (low; bug #703870)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2013-1833 (Multiple cross-site scripting (XSS) vulnerabilities in the File Picker ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1832 (repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2 ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1831 (lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x b ...)
	- moodle 2.5-1 (low; bug #703870)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2013-1830 (user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x befo ...)
	- moodle 2.5-1 (low; bug #703870)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2013-1829 (calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not ...)
	- moodle <not-affected> (Only in 2.4 to 2.4.1)
CVE-2013-1828 (The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the L ...)
	- linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-1827 (net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux k ...)
	{DSA-2668-1}
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
	NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2
CVE-2013-1825
	REJECTED
CVE-2013-1824 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ...)
	{DSA-2639-1}
	- php5 5.4.4-14
	NOTE: See CVE-2013-1643
	NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in  ...)
	NOT-FOR-US: Katello
CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x  ...)
	- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...)
	{DSA-2809-1 DSA-2738-1}
	- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
	- ruby1.8 1.8.7.358-7 (bug #702526)
	NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
CVE-2013-1820 (tuned before 2.x allows local users to kill running processes due to i ...)
	- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel bef ...)
	- linux 3.8-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <no-dsa> (Too risky to backport, minor impact)
	[wheezy] - linux <no-dsa> (Too risky to backport, minor impact)
CVE-2013-1818 (maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote  ...)
	- mediawiki <not-affected> (mwdoc-filter.php introduced in 1.20)
	NOTE: register_globals is not supported in Debian anyway, see PHP's README.Debian.security
CVE-2013-1817 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in  ...)
	- mediawiki 1:1.19.4-1 (bug #702305)
	[squeeze] - mediawiki <end-of-life>
CVE-2013-1816 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attacke ...)
	- mediawiki 1:1.19.4-1
	[squeeze] - mediawiki <end-of-life>
CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create th ...)
	NOT-FOR-US: OpenStack PackStack
CVE-2013-1814 (The users/get program in the User RPC API in Apache Rave 0.11 through  ...)
	NOT-FOR-US: Apache Rave
CVE-2013-1813 (util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for p ...)
	- busybox 1:1.20.0-8 (low; bug #701965)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID provide ...)
	- ruby-openid 2.1.8debian-6 (bug #702217)
	- libopenid-ruby <removed> (bug #702217)
	[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
CVE-2013-1811 (An access control issue in MantisBT before 1.2.13 allows users with "R ...)
	{DSA-3120-1}
	- mantis <removed> (low; bug #698481)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in core/summary_ap ...)
	- mantis <not-affected> (only affects MantisBT 1.2.12)
CVE-2013-1809 (Gambas before 3.4.0 allows remote attackers to move or manipulate dire ...)
	- gambas3 3.5.1-1 (low; bug #702184)
	- gambas2 <removed>
	[wheezy] - gambas3 <no-dsa> (Minor issue)
	[squeeze] - gambas2 <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/gambas/issues/detail?id=365
CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and Zero ...)
	- db4o <unfixed> (unimportant)
	- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-1807 (PHP-Fusion before 7.02.06 stores backup files with predictable filenam ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1806 (Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1805
	REJECTED
CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion befo ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1803 (Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict  ...)
	{DLA-172-1}
	- ruby-extlib 0.9.15-3 (bug #697895)
	- libextlib-ruby <removed> (bug #697895)
CVE-2013-1801 (The httparty gem 0.9.0 and earlier for Ruby does not properly restrict ...)
	NOT-FOR-US: httparty Ruby gem
CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly restrict ca ...)
	- ruby-crack 0.3.2-1
CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91 ...)
	- gnome-online-accounts <not-affected> (Incomplete patch wasn't applied in Debian)
CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ke ...)
	{DSA-2668-1}
	- linux 3.2.41-2
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...)
	- linux 3.2.41-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ker ...)
	{DSA-2669-1 DSA-2668-1}
	- linux 3.2.41-2
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote att ...)
	{DSA-2638-1}
	- openafs 1.6.1-3
CVE-2013-1794 (Buffer overflow in certain client utilities in OpenAFS before 1.6.2 al ...)
	{DSA-2638-1}
	- openafs 1.6.1-3
CVE-2013-1793 (openstack-utils openstack-db has insecure password creation ...)
	NOT-FOR-US: openstack-utils
CVE-2013-1792 (Race condition in the install_user_keyrings function in security/keys/ ...)
	{DSA-2668-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-1791
	RESERVED
CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent at ...)
	{DSA-2719-1}
	- poppler 0.18.4-6 (low; bug #702071)
CVE-2013-1789 (splash/Splash.cc in poppler before 0.22.1 allows context-dependent att ...)
	- poppler <not-affected> (vulnerable code introduced in a later version)
CVE-2013-1788 (poppler before 0.22.1 allows context-dependent attackers to cause a de ...)
	{DSA-2719-1}
	- poppler 0.18.4-6 (low; bug #702071)
CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1786 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1785 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1784 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1783 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in pag ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1782 (Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme  ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1781 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1780 (Cross-site scripting (XSS) vulnerability in the Best Responsive Theme  ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1779 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1778 (Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1777 (The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as ...)
	NOT-FOR-US: JMX componenent of Apache Geronimo is not packaged
CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_ticket ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701839)
CVE-2013-1775 (sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows loca ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701838)
	NOTE: severity depends a lot on the environment
CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux ker ...)
	{DSA-2668-1}
	- linux 3.2.38-1
	- linux-2.6 <removed>
CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ker ...)
	{DSA-2668-1}
	- linux 3.2.15-1
	- linux-2.6 <removed>
	NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2
CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x bef ...)
	- linux 3.2.39-1
	- linux-2.6 <not-affected> (Vulnerability exposed since 3.0)
CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia  ...)
	- ganglia 3.6.0-1 (low; bug #700158)
	[squeeze] - ganglia <no-dsa> (Minor issue)
	[wheezy] - ganglia <no-dsa> (Minor issue)
	- ganglia-web 3.5.8-3 (bug #700159)
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: Upstream non-verified fix https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6
CVE-2013-1769 (A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 a ...)
	- telepathy-gabble 0.16.5-1 (low; bug #702252)
	[squeeze] - telepathy-gabble <no-dsa> (Minor issue)
CVE-2013-1768 (The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and ...)
	- openjpa 2.2.2-1 (bug #716937)
	[squeeze] - openjpa <no-dsa> (Minor issue)
	[wheezy] - openjpa <no-dsa> (Minor issue)
CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in mm/sh ...)
	{DSA-2668-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device files ...)
	{DSA-2650-1}
	- libvirt 0.9.12-8 (bug #701649)
CVE-2013-1765 (Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in ...)
	NOT-FOR-US: WordPress plugin smart-flv
CVE-2013-1764 (The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local  ...)
	- packagekit <not-affected> (Zypp backend specific to SuSE)
CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in net/core/sock ...)
	- linux <not-affected> (Introduced in 3.3)
	NOTE: 3.6.9 and 3.7.8 in experimental are affected, 3.8 will be fixed.
CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM  ...)
	{DSA-2664-1}
	- stunnel4 3:4.53-1.1 (bug #702267)
CVE-2013-1761
	RESERVED
CVE-2013-1760 (The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnera ...)
	NOT-FOR-US: Bug Genie
CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo Slides ...)
	NOT-FOR-US: WordPress plugin responsive-logo-slideshow
CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plu ...)
	NOT-FOR-US: WordPress plugin marekkis-watermark
CVE-2013-1757
	RESERVED
CVE-2013-1756 (The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, w ...)
	NOT-FOR-US: Dragonfly Ruby gem
CVE-2013-1755
	RESERVED
CVE-2013-1754
	RESERVED
CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3.4 an ...)
	- python2.5 <removed> (low)
	- python2.6 <removed> (low)
	- python2.7 2.7.9-1 (low; bug #742929)
	- python3.1 <removed> (low)
	- python3.2 <removed> (low)
	- python3.3 <removed> (low; bug #742928)
	- python3.4 3.4.2-4 (low; bug #742927)
	[jessie] - python3.4 <postponed> (Minor issue)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue16043
	NOTE: https://github.com/python/cpython/commit/eca72d47f5a639a0ac66a98a2d63b30df2ce310f (3.4)
CVE-2013-1752
	REJECTED
CVE-2013-1751 (TWiki before 5.1.4 allows remote attackers to execute arbitrary shell  ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...)
	NOT-FOR-US: RealPlayer
CVE-2013-1749 (Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Bo ...)
	NOT-FOR-US: PHP Address Book
CVE-2013-1748 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-6533 (Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryp ...)
	NOT-FOR-US: Symantec PGP Desktop
CVE-2013-1747 (channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a den ...)
	- ngircd <not-affected> (Vulnerable version was only in experimental, introduced in 20.1-1~exp1 and fixed in 20.2-1~exp1)
CVE-2013-1746
	RESERVED
CVE-2013-1745
	RESERVED
CVE-2013-1744 (IRIS citations management tool through 1.3 allows remote attackers to  ...)
	NOT-FOR-US: IRIS citations management tool
CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in B ...)
	- bugzilla <not-affected> (Only affects 4.1 to 4.4)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924932
CVE-2013-1742 (Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.c ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 befor ...)
	{DSA-2994-1 DLA-23-1}
	- nss 2:3.15.3-1 (bug #735105)
	[squeeze] - nss 3.12.8-1+squeeze8
	NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Net ...)
	- nss 2:3.15.4-1
	[squeeze] - nss <no-dsa> (false start disabled by default, needs to be enabled by clients)
	[wheezy] - nss <no-dsa> (false start disabled by default, needs to be enabled by clients)
	NOTE: false start must be enabled by the client (mainly browsers)
CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure  ...)
	{DSA-2790-1}
	- nss 2:3.15.2-1 (bug #726473)
	[squeeze] - nss <not-affected> (Introduced in 3.14.3)
	NOTE: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1012656
CVE-2013-1738 (Use-after-free vulnerability in the JS_GetGlobalForScopeChain function ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1737 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
CVE-2013-1736 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24 ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1735 (Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1734 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=913904
CVE-2013-1733 (Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in  ...)
	- bugzilla <not-affected> (Only affects 4.4)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=911593
CVE-2013-1732 (Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1731 (Untrusted search path vulnerability in the GL tracing functionality in ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
	- iceape <not-affected> (Android-specific)
CVE-2013-1730 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1729 (The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA g ...)
	- iceweasel <not-affected> (MacOS-specific)
	- icedove <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2013-1728 (The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunde ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1727 (Mozilla Firefox before 24.0 on Android allows attackers to bypass the  ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
	- iceape <not-affected> (Android-specific)
CVE-2013-1726 (Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x befor ...)
	- iceweasel <not-affected> (Updater not used in Debian)
	- icedove <not-affected> (Updater not used in Debian)
	- iceape <not-affected> (Updater not used in Debian)
CVE-2013-1725 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1724 (Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsD ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1723 (The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird befor ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1722 (Use-after-free vulnerability in the nsAnimationManager::BuildAnimation ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1721 (Integer overflow in the drawLineLoop function in the libGLESv2 library ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1720 (The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tr ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1719 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1718 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1717 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbi ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1716
	RESERVED
CVE-2013-1715 (Multiple untrusted search path vulnerabilities in the (1) full install ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2013-1714 (The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1713 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbi ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1712 (Multiple untrusted search path vulnerabilities in updater.exe in Mozil ...)
	- iceweasel <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2013-1711 (The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaM ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1710 (The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0 ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1709 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbi ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1708 (Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote att ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1707 (Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox befo ...)
	- iceweasel <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2013-1706 (Stack-based buffer overflow in maintenanceservice.exe in the Mozilla M ...)
	- iceweasel <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2013-1705 (Heap-based buffer underflow in the cryptojs_interpret_key_gen_type fun ...)
	- iceweasel 23.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode function in ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1703
	RESERVED
CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1701 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1700 (The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Wind ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1699 (The Internationalized Domain Name (IDN) display algorithm in Mozilla F ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1698 (The getUserMedia permission implementation in Mozilla Firefox before 2 ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1697 (The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1696 (Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Opti ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1695 (Mozilla Firefox before 22.0 does not properly implement certain DocShe ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1694 (The PreserveWrapper implementation in Mozilla Firefox before 22.0, Fir ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1693 (The SVG filter implementation in Mozilla Firefox before 22.0, Firefox  ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1692 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbi ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1691
	RESERVED
CVE-2013-1690 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbi ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1689 (Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a  ...)
	[wheezy] - iceape <end-of-life>
CVE-2013-1688 (The Profiler implementation in Mozilla Firefox before 22.0 parses untr ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1687 (The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implemen ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1686 (Use-after-free vulnerability in the mozilla::ResetDir function in Mozi ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1685 (Use-after-free vulnerability in the nsIDocument::GetRootElement functi ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1684 (Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::Lo ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1683 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 21)
	- icedove <not-affected> (Only affects Firefox 21)
	- iceape <not-affected> (Only affects Firefox 21)
CVE-2013-1682 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1681 (Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocke ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function i ...)
	{DSA-2720-1 DSA-2699-1}
	[squeeze] - iceweasel <end-of-life>
	- iceweasel 17.0.6esr-1
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1679 (Use-after-free vulnerability in the mozilla::plugins::child::_geturlno ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 2 ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox befor ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox befo ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbi ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox E ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1673 (The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not ...)
	- iceweasel <not-affected> (Windows build only)
CVE-2013-1672 (The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefo ...)
	- iceweasel <not-affected> (Windows build only)
	- icedove <not-affected> (Windows build only)
	- iceape <not-affected> (Windows build only)
CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT elem ...)
	- iceweasel <not-affected> (Doesn't affect ESR 17 series, only later versions in experimental)
CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1669 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 20)
	- icedove <not-affected> (Only affects Firefox 20)
	- iceape <not-affected> (Only affects Firefox 20)
CVE-2013-1668 (The uploadFile function in upload/index.php in CosCMS before 1.822 all ...)
	NOT-FOR-US: CosCMS
CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-depen ...)
	{DSA-2641-1}
	- perl 5.14.2-19 (bug #702296)
	NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
CVE-2013-1666 (Foswiki before 1.1.8 contains a code injection vulnerability in the MA ...)
	- foswiki <itp> (bug #509864)
CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...)
	{DSA-2634-1}
	- keystone 2012.1.1-13 (bug #700948)
	- python-django 1.4.4-1
CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...)
	- keystone 2012.1.1-13 (bug #700948)
	- nova 2012.1.1-13 (bug #700949)
	- cinder 2012.2.3-1 (bug #700950)
CVE-2012-6532 ((1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zen ...)
	{DLA-251-1}
	- zendframework 1.11.13-1
CVE-2012-6531 ((1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x b ...)
	{DLA-251-1}
	- zendframework 1.11.13-1
CVE-2013-1663
	RESERVED
CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x a ...)
	NOT-FOR-US: VMware
CVE-2013-1661 (VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly im ...)
	NOT-FOR-US: VMware ESXi
CVE-2013-1660
	REJECTED
CVE-2013-1659 (VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5 ...)
	NOT-FOR-US: vCenter
CVE-2013-1658
	RESERVED
CVE-2013-1657
	RESERVED
CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the Fe ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SA ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allo ...)
	NOT-FOR-US: SonicWALL Aventail
CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M ...)
	NOT-FOR-US: Axis M10 Series Network Cameras
CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...)
	NOT-FOR-US: NetWeaver
CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php i ...)
	NOT-FOR-US: OrangehRM
CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...)
	NOT-FOR-US: OrangehRM
CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...)
	NOT-FOR-US: WordPress theme
CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allows remote authenticated adminis ...)
	NOT-FOR-US: Spree
CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1 ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterpri ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1651 (OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before re ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1650 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22 ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1649 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22 ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1648 (The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14,  ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1647 (Multiple CRLF injection vulnerabilities in Open-Xchange Server before  ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1646 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Se ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1645 (Directory traversal vulnerability in Open-Xchange Server before 6.20.7 ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1644
	RESERVED
CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows re ...)
	{DSA-2639-1}
	- php5 5.4.4-14 (bug #702221)
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
CVE-2013-1642 (Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer befo ...)
	NOT-FOR-US: QuiXplorer
CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...)
	NOT-FOR-US: QuiXplorer
CVE-2013-1640 (The (1) template and (2) inline_template functions in the master serve ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all requir ...)
	NOT-FOR-US: Opera
CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code v ...)
	NOT-FOR-US: Opera
CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code v ...)
	NOT-FOR-US: Opera
CVE-2013-1636 (Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Op ...)
	- biomaj-watcher 1.2.2-1 (low; bug #742859)
	[wheezy] - biomaj-watcher <no-dsa> (Minor issue)
CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not  ...)
	{DSA-2639-1}
	- php5 5.4.4-14 (unimportant; bug #702221)
	NOTE: open_basedir not supported
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...)
	NOT-FOR-US: Intel
CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...)
	- distribute <unfixed> (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2013-1632
	RESERVED
CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...)
	NOT-FOR-US: Verax NMS
CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...)
	NOT-FOR-US: pyshop
CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...)
	- python-pip 1.3.1-1 (low; bug #710163)
	[wheezy] - python-pip <no-dsa> (Minor issue)
	[squeeze] - python-pip <no-dsa> (Minor issue)
	- python-virtualenv 1.9.1-1 (medium; bug #710164)
	[wheezy] - python-virtualenv <no-dsa> (Minor issue)
	[squeeze] - python-virtualenv <no-dsa> (Minor issue)
CVE-2013-1628
	REJECTED
CVE-2013-1627 (Absolute path traversal vulnerability in NTWebServer.exe in Indusoft S ...)
	NOT-FOR-US: Indusoft Studio, Advantech Studio
CVE-2013-1626
	RESERVED
CVE-2013-1625
	RESERVED
CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 a ...)
	- bouncycastle 1.48+dfsg-2 (low; bug #699885)
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.30+dfsg-1.1 (bug #699886)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: cyassl: fixed upstream in 2.5.0
CVE-2013-1622
	REJECTED
CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might all ...)
	{DSA-2622-1}
	- polarssl 1.1.4-2 (bug #699887)
CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...)
	- nss 2:3.14.3-1 (low; bug #699888)
	[squeeze] - nss <no-dsa> (Minor issue)
CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28,  ...)
	- gnutls26 2.12.20-4
	[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
	- gnutls28 3.0.22-3
CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly conside ...)
	NOT-FOR-US: Opera
CVE-2013-1617 (Multiple SQL injection vulnerabilities in the management console on th ...)
	NOT-FOR-US: Symantec
CVE-2013-1616 (The management console on the Symantec Web Gateway (SWG) appliance bef ...)
	NOT-FOR-US: Symantec
CVE-2013-1615 (The management console (aka Java console) on the Symantec Security Inf ...)
	NOT-FOR-US: Symantec
CVE-2013-1614 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec
CVE-2013-1613 (SQL injection vulnerability in the management console (aka Java consol ...)
	NOT-FOR-US: Symantec
CVE-2013-1612 (Buffer overflow in secars.dll in the management console in Symantec En ...)
	NOT-FOR-US: Symantec
CVE-2013-1611 (Multiple cross-site scripting (XSS) vulnerabilities in administrative- ...)
	NOT-FOR-US: Symantec Brightmail Gateway
CVE-2013-1610 (Unquoted Windows search path vulnerability in RDDService in Symantec P ...)
	NOT-FOR-US: Symantec
CVE-2013-1609 (Multiple unquoted Windows search path vulnerabilities in the (1) File  ...)
	NOT-FOR-US: Symantec
CVE-2013-1608 (Directory traversal vulnerability in the Management Console on the Sym ...)
	NOT-FOR-US: Symantec
CVE-2013-1607 (Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability ...)
	NOT-FOR-US: Ruby PDFKit gem
CVE-2013-1606 (Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT ...)
	NOT-FOR-US: Ubiquiti UBNT AirCam
CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22  ...)
	NOT-FOR-US: MayGion IP Cameras
CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware  ...)
	NOT-FOR-US: MayGion IP Cameras
CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO  ...)
	NOT-FOR-US: D-LINK
CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...)
	NOT-FOR-US: D-LINK
CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...)
	NOT-FOR-US: D-LINK
CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...)
	NOT-FOR-US: D-Link
CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...)
	NOT-FOR-US: D-Link
CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras  ...)
	NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...)
	NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1596 (An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Cam ...)
	NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1595 (A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 030 ...)
	NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1594 (An Information Disclosure vulnerability exists via a GET request in Vi ...)
	NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1593 (A Denial of Service vulnerability exists in the WRITE_C function in th ...)
	NOT-FOR-US: SAP
CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...)
	NOT-FOR-US: SAP
CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before  ...)
	- pixman 0.26.0-4 (bug #700308)
	[squeeze] - pixman <not-affected> (Vulnerable code not present)
CVE-2013-1590 (Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6 ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
CVE-2013-1589 (Double free vulnerability in epan/proto.c in the dissection engine in  ...)
	- wireshark 1.8.6-1 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Not suitable for code injection
CVE-2013-1588 (Multiple buffer overflows in the dissect_pft_fec_detailed function in  ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213
	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47098
CVE-2013-1587 (The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c i ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679
	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44700
CVE-2013-1586 (The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1. ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46999
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47000
CVE-2013-1585 (epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5  ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46705
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46678
CVE-2013-1584 (The dissect_version_5_and_6_primary_header function in epan/dissectors ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579
CVE-2013-1583 (The dissect_version_4_primary_header function in epan/dissectors/packe ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46577
CVE-2013-1582 (The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45646
CVE-2013-1571 (Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-1570 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1569 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-1568 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1567 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1566 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1565 (Unspecified vulnerability in the Oracle GoldenGate Veridata component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1564 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1563 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-7 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2013-1562 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services
CVE-2013-1561 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1560 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services
CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1558 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1557 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1556 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1555 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5. ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1554 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1553 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1552 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.2 ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1551 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-1550 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-1549 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1548 (Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows re ...)
	{DSA-2780-1}
	- mysql-5.5 <not-affected> (Only affects MySQL 5.1)
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1547 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1546 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1545 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1544 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1543 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-1542 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Finacial Services
CVE-2013-1540 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1539 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services
CVE-2013-1538 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1537 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1536 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2013-1535 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1534 (Unspecified vulnerability in the Workload Manager component in Oracle  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1533 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle financial Services Software
CVE-2013-1532 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1531 (Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.2 ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1530 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-1529 (Unspecified vulnerability in the Oracle WebCenter Interaction componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1528 (Unspecified vulnerability in the Oracle HRMS component in Oracle E-Bus ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1527 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-1526 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows re ...)
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1525 (Unspecified vulnerability in the Oracle Retail Integration Bus compone ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-1524 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1523 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.1 ...)
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1522 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1521 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.2 ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1520 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture O ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-1519 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1518 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1517 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1516 (Unspecified vulnerability in the Oracle WebCenter Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1515 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2013-1514 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1513 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-1512 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows re ...)
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1511 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.1 ...)
	{DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1510 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-1509 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1508 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2013-1507 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-1506 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 a ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1505 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2013-1504 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1503 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1502 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 ...)
	{DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1501 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1500 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-1499 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2013-1498 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-1497 (Unspecified vulnerability in the Oracle COREid Access component in Ora ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1496 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-1495 (asr in Oracle Auto Service Request in Oracle Support Tools before 4.3. ...)
	NOT-FOR-US: Oracle Auto Service Request
CVE-2013-1494 (Unspecified vulnerability in Oracle Sun Solaris 10, when running on SP ...)
	NOT-FOR-US: Solaris
CVE-2013-1493 (The color management (CMM) functionality in the 2D component in Oracle ...)
	- openjdk-6 6b27-1.12.4-1
	- openjdk-7 7u3-2.1.7-1
CVE-2013-1492 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5 ...)
	{DSA-2780-1}
	- mysql-5.1 <removed> (bug #712059)
	- mysql-5.5 5.5.30+dfsg-1
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
CVE-2013-1491 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11- ...)
	- openjdk-6 <not-affected> (Not exploitable in OpenJDK6)
	- openjdk-7 <not-affected> (Icedtea 2.3 not affected)
CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1488 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-1487 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1486 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 6b27-1.12.3-1
CVE-2013-1485 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-1484 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-1483 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1482 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1481 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Icedtea uses a different sound implementation than Oracle Java)
	- openjdk-7 <not-affected> (Icedtea uses a different sound implementation than Oracle Java)
CVE-2013-1480 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1479 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1478 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1477 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1476 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1475 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1474 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1472 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1471 (Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.h ...)
	NOT-FOR-US: Fortinet FortiMail
CVE-2012-6530 (Stack-based buffer overflow in Sysax Multi Server before 5.52, when HT ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2012-6529 (Multiple SQL injection vulnerabilities in Marinet CMS allow remote att ...)
	NOT-FOR-US: Marinet CMS
CVE-2012-6528 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2 ...)
	NOT-FOR-US: ATutor
CVE-2012-6527 (Cross-site scripting (XSS) vulnerability in the My Calendar plugin bef ...)
	NOT-FOR-US: WordPress plugin My Calendar
CVE-2012-6526 (SQL injection vulnerability in show_code.php in Vastal I-Tech Freelanc ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2012-6525 (SQL injection vulnerability in members.php in PHPBridges allows remote ...)
	NOT-FOR-US: PHPBridges
CVE-2012-6524 (SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote ...)
	NOT-FOR-US: pGB
CVE-2012-6523 (Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allo ...)
	NOT-FOR-US: w-CMS 2.01
CVE-2012-6522 (Directory traversal vulnerability in the getContent function in codes/ ...)
	NOT-FOR-US: w-CMS 2.01
CVE-2011-5255 (Multiple cross-site scripting (XSS) vulnerabilities in admin/login in  ...)
	NOT-FOR-US: X3 CMS
CVE-2010-5290 (The authentication process in Adobe ColdFusion before 10 does not requ ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...)
	NOT-FOR-US: Cornerstone Technologies webConductor
CVE-2013-1581 (The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-et ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1580 (The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c  ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1579 (The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in  ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1578 (The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1577 (The dissect_sip_p_charging_func_addresses function in epan/dissectors/ ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1576 (The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1575 (The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-a ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1574 (The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1572 (The dissect_oampdu_event_notification function in epan/dissectors/pack ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the  ...)
	NOTE: There was a RFP long time ago, bug #203818
	NOTE: https://www.htbridge.com/advisory/HTB23143
	NOT-FOR-US: Geeklog
CVE-2013-1469 (Directory traversal vulnerability in install.php in Piwigo before 2.4. ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
	NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles Edit ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
	NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1467
	RESERVED
CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion before ...)
	NOT-FOR-US: glFusion
CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
	NOT-FOR-US: CubeCart
CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in assets/player.swf in the A ...)
	{DSA-2772-1}
	- typo3-src 4.5.29+dfsg1-1
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboar ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-1462 (Integer signedness error in the ExecuteSoapAction function in the SOAP ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-1461 (The ExecuteSoapAction function in the SOAPAction handler in the HTTP s ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-1460
	RESERVED
CVE-2013-1459
	RESERVED
CVE-2013-1458
	RESERVED
CVE-2013-1457
	RESERVED
CVE-2013-1456
	RESERVED
CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive infor ...)
	NOT-FOR-US: Joomla!
CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive infor ...)
	NOT-FOR-US: Joomla!
CVE-2013-1453 (plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2  ...)
	NOT-FOR-US: Joomla!
CVE-2013-1452
	RESERVED
CVE-2013-4696
	REJECTED
CVE-2013-1451 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings configura ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1450 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings configura ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1449
	RESERVED
CVE-2013-1448
	RESERVED
CVE-2014-0158 (Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJ ...)
	- openjpeg 1.3+dfsg-4.7
	NOTE: Not considering a duplicate of CVE-2013-1447 following
	NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
	NOTE: to MITRE though indicated that CVE-2014-0158 will not be REJECTED
	NOTE: since people might have tracked CVE-2014-0158 of the much higher
	NOTE: impact as due https://bugzilla.redhat.com/show_bug.cgi?id=1082925
	NOTE: and https://bugzilla.suse.com/show_bug.cgi?id=871412
CVE-2013-1447 (OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of  ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-1446
	RESERVED
CVE-2013-1445 (The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not pr ...)
	{DSA-2781-1}
	- python-crypto 2.6.1-1
CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2,  ...)
	- txt2man 1.5.5-4.1 (bug #724614)
	[wheezy] - txt2man <no-dsa> (Minor issue)
	[squeeze] - txt2man <no-dsa> (Minor issue)
CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x bef ...)
	{DSA-2758-1}
	- python-django 1.5.4-1 (bug #723043)
CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not pr ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default
CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initialize  ...)
	{DSA-2754-1}
	- exactimage 0.8.9-2
	NOTE: a different issue than CVE-2013-1438
CVE-2013-1440
	RESERVED
CVE-2013-1439 (The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before ...)
	- libraw 0.15.4-1 (bug #721338)
	[wheezy] - libraw <no-dsa> (Minor issue)
	[squeeze] - libraw <no-dsa> (Minor issue)
	- libkdcraw 4:4.10.5-2 (bug #721340)
	[wheezy] - libkdcraw <no-dsa> (Minor issue)
	- darktable 1.2.2-2 (bug #721339)
	[wheezy] - darktable 1.0.4-1+deb7u2
CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in lib ...)
	{DSA-2748-1}
	- libraw 0.15.4-1 (bug #721231)
	[wheezy] - libraw <no-dsa> (Minor issue)
	[squeeze] - libraw <no-dsa> (Minor issue)
	- libkdcraw 4:4.10.5-2 (bug #721239)
	[wheezy] - libkdcraw <no-dsa> (Minor issue)
	- darktable 1.2.2-2 (bug #721233)
	[wheezy] - darktable 1.0.4-1+deb7u2
	- dcraw 9.28-1 (unimportant; bug #721232)
	- ufraw 0.19.2-2 (bug #721234)
	[wheezy] - ufraw <no-dsa> (end-user app)
	[squeeze] - ufraw <no-dsa> (end-user app)
	- xbmc 2:13.2+dfsg1-5 (unimportant; bug #721235)
	- exactimage 0.8.9-1 (bug #721236)
	- rawstudio <removed> (unimportant; bug #721237)
	- rawtherapee <not-affected> (unimportant; bug #721238)
	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
CVE-2013-1437 (Eval injection vulnerability in the Module-Metadata module before 1.00 ...)
	- perl 5.18.1-2
	[wheezy] - perl <not-affected> (Bug was introduced later)
	[squeeze] - perl <not-affected> (Does not yet contain Module::Metadata)
	- libmodule-metadata-perl 1.000015-1
	[wheezy] - libmodule-metadata-perl 1.000009-1+deb7u1
	NOTE: this is by 'design', but previous to version Module::Metadata 1.000015
	NOTE: the statement was This module provides a standard way to gather metadata
	NOTE: about a .pm file *without* executing unsafe code.
CVE-2013-1436 (The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 all ...)
	- xmonad-contrib 0.11.2-1 (low)
	[squeeze] - xmonad-contrib <no-dsa> (Minor issue)
	[wheezy] - xmonad-contrib 0.10-4~deb7u1
CVE-2013-1435 ((1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote atta ...)
	{DSA-2739-1}
	- cacti 0.8.8b+dfsg-1
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7392
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7393
CVE-2013-1434 (Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) u ...)
	{DSA-2739-1}
	- cacti 0.8.8b+dfsg-1
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394
CVE-2013-1433
	REJECTED
CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not prope ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable
CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0 ...)
	{DSA-2702-1}
	- telepathy-gabble 0.16.6-1
CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully loggin ...)
	- xrdp 0.9.1~2016121126+git5171fa7-1
	[jessie] - xrdp <no-dsa> (Minor issue)
	[wheezy] - xrdp <no-dsa> (Minor issue)
	NOTE: https://github.com/neutrinolabs/xrdp/pull/497
	NOTE: When successfully logging in using RDP into a xrdp session, the file
	NOTE: ~/.vnc/sesman_${username}_passwd is created.  Its content is the
	NOTE: equivalent of the users clear text password, DES encrypted with a known
	NOTE: key.
CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...)
	- lintian 2.5.10.5 (bug #705553; unimportant)
CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in net_p ...)
	{DSA-2663-1}
	- tinc 1.0.19-3
CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighttpd before ...)
	{DSA-2649-1}
	- lighttpd 1.4.31-4
CVE-2013-1426 (Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6 ...)
	- mahara <removed> (low)
	[wheezy] - mahara <no-dsa> (Minor issue)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/mahara/+bug/1153423
CVE-2013-1425 (ldap-git-backup before 1.0.4 exposes password hashes due to incorrect  ...)
	- ldap-git-backup 1.0.4-1 (bug #699227)
CVE-2013-1424 [matplotlib buffer overrun]
	RESERVED
	- matplotlib 1.4.2-3.1 (low; bug #775691)
	[wheezy] - matplotlib <no-dsa> (Minor issue)
	[squeeze] - matplotlib <no-dsa> (Minor issue)
CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3)  ...)
	{DSA-2633-1}
	- fusionforge 5.2.1+20130227-1
CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...)
	- webcalendar <removed>
CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar  ...)
	- webcalendar <removed>
CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...)
	NOT-FOR-US: GetSimple CMS
CVE-2013-1419
	RESERVED
CVE-2013-1418 (The setup_server_realm function in main.c in the Key Distribution Cent ...)
	{DLA-1265-1}
	- krb5 1.11.3+dfsg-3+nmu1 (low; bug #728845)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
	NOTE: https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
CVE-2013-1417 (do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (a ...)
	- krb5 1.11.3+dfsg-3+nmu1 (low; bug #730085)
	[squeeze] - krb5 <not-affected> (Vulnerable code only present in 1.11.x)
	[wheezy] - krb5 <not-affected> (Vulnerable code only present in 1.11.x)
	NOTE: https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc
CVE-2013-1416 (The prep_reprocess_req function in do_tgs_req.c in the Key Distributio ...)
	- krb5 1.10.1+dfsg-5 (low; bug #704775)
	[squeeze] - krb5 <no-dsa> (Minor issue)
CVE-2013-1415 (The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_cr ...)
	- krb5 1.10.1+dfsg-4 (low)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: https://github.com/krb5/krb5/commit/c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
	NOTE: https://github.com/krb5/krb5/commit/b71f8c4aacea8849ceaf31a2fa95e143f3943097
CVE-2013-1414 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet ...)
	NOT-FOR-US: Fortinet FortiOS on FortiGate firewall devices
CVE-2012-6521 (Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versio ...)
	NOT-FOR-US: Elefant CMS
CVE-2012-6520 (Multiple SQL injection vulnerabilities in the advanced search in Wikid ...)
	NOT-FOR-US: Wikidforum
CVE-2012-6519 (SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 a ...)
	NOT-FOR-US: DIY-CMS
CVE-2012-6518 (Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS  ...)
	NOT-FOR-US: DiY-CMS
CVE-2012-6517 (Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 all ...)
	NOT-FOR-US: DiY-CMS
CVE-2012-6516 (SQL injection vulnerability in PHP Ticket System Beta 1 allows remote  ...)
	NOT-FOR-US: PHP Ticket System Beta
CVE-2012-6515 (eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers ...)
	NOT-FOR-US: eFront
CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) comp ...)
	NOT-FOR-US: nBill for Joomla!
CVE-2012-6513 (Cross-site scripting (XSS) vulnerability in index.php/Admin_Preference ...)
	NOT-FOR-US: gpEasy CMS
CVE-2012-6512 (The Organizer plugin 1.2.1 for WordPress allows remote attackers to ob ...)
	NOT-FOR-US: Organizer wordpress plugin not in Debian
CVE-2012-6511 (Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/ ...)
	NOT-FOR-US: Organizer wordpress plugin not in Debian
CVE-2012-6510 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Ca ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6509 (Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0  ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6508 (Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt M ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 ...)
	NOT-FOR-US: ChurchCMS
CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web ...)
	NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian
CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours. ...)
	NOT-FOR-US: PHP Volunteer Management not in Debian
CVE-2012-6504 (SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Vo ...)
	NOT-FOR-US: PHP Volunteer Management not in Debian
CVE-2012-6503 (Unspecified vulnerability in the NinjaXplorer component before 1.0.7 f ...)
	NOT-FOR-US: NinjaXplorer for Joomla!
CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to obtai ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1413 (Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit ...)
	NOT-FOR-US: synetics i-doit
CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: DataLife Engine
CVE-2013-1411
	RESERVED
CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...)
	NOT-FOR-US: Perforce
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...)
	NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...)
	NOT-FOR-US: WordPress plugin wysija-newsletters
CVE-2013-1407 (Multiple cross-site scripting (XSS) vulnerabilities in the Events Mana ...)
	NOT-FOR-US: WordPress plugin Events Master Pro
CVE-2013-1406 (The Virtual Machine Communication Interface (VMCI) implementation in v ...)
	NOT-FOR-US: VMware Workstation, Fusion, View, ESXi, ESX
CVE-2013-1405 (VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, V ...)
	NOT-FOR-US: VMware
CVE-2013-1404
	RESERVED
CVE-2013-1403
	RESERVED
CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...)
	NOT-FOR-US: DigiLIBE
CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...)
	NOT-FOR-US: WordPress Poll Plugin for WordPress
CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...)
	NOT-FOR-US: WordPress Poll Plugin for WordPress
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in uTorre ...)
	NOT-FOR-US: uTorrent
CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...)
	- haskell-tls-extra 0.4.6.1-1 (bug #698545)
CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-1398 (The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does  ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-1397 (Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote atta ...)
	- php-symfony2-yaml <not-affected> (Only affects versions 2.0, 2.1, 2.2)
CVE-2013-1396
	RESERVED
CVE-2013-1395
	RESERVED
CVE-2013-1394
	RESERVED
CVE-2013-1393 (Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6. ...)
	NOT-FOR-US: Drupal module CurvyCorners
CVE-2013-1392
	RESERVED
CVE-2013-1391 (Authentication bypass vulnerability in the the web interface in Hunt C ...)
	NOT-FOR-US: DVR systems
CVE-2013-1390
	RESERVED
CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9. ...)
	NOT-FOR-US: Adobe ColdFusion 9.0
CVE-2013-1388 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-1387 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-1386 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1385 (Adobe Shockwave Player before 12.0.2.122 does not prevent access to ad ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows att ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1382
	REJECTED
CVE-2013-1381
	REJECTED
CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ar ...)
	NOT-FOR-US: Adobe Digital Editions
CVE-2013-1376 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 an ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1373 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1371 (Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1369 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1368 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1367 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1366 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1365 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2012-6110 (bcron-exec in bcron before 0.10 does not close file descriptors associ ...)
	- bcron 0.09-13 (low; bug #686650)
	[squeeze] - bcron 0.09-11+squeeze1
CVE-2013-1364 (The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc ...)
	- zabbix 1:2.0.4+dfsg-2 (bug #698541)
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
	NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
CVE-2013-1363
	RESERVED
CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In  ...)
	- nagios-nrpe 2.13-3 (low; bug #701227)
	[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with  ...)
	NOT-FOR-US: Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software
CVE-2013-1360 (An Authentication Bypass vulnerability exists in DELL SonicWALL Global ...)
	NOT-FOR-US: DELL SonicWALL Global Management System (GMS)
CVE-2013-1359 (An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyz ...)
	NOT-FOR-US: DELL SonicWALL
CVE-2013-1358
	RESERVED
CVE-2013-1357
	RESERVED
CVE-2013-1356
	RESERVED
CVE-2013-1355
	REJECTED
CVE-2013-1354
	RESERVED
CVE-2013-1353 (Orange HRM 2.7.1 allows XSS via the vacancy name. ...)
	NOT-FOR-US: Orange HRM
CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...)
	NOT-FOR-US: Verax NMS
CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...)
	NOT-FOR-US: Verax NMS
CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...)
	NOT-FOR-US: Verax NMS
CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...)
	NOT-FOR-US: openSIS
CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...)
	- php-symfony2-yaml <not-affected> (Only affects version 2.0)
CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1346 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0  ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2013-1345 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2013-1344 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1343 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1342 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1341 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2013-1340 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2013-1339 (The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2013-1338 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1337 (Microsoft .NET Framework 4.5 does not properly create policy requireme ...)
	NOT-FOR-US: Microsoft .NET Framework 4.5
CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-1335 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-1334 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1333 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1332 (dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel- ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1331 (Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac a ...)
	NOT-FOR-US: Microsoft
CVE-2013-1330 (The default configuration of Microsoft SharePoint Portal Server 2003 S ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-1329 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1328 (Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote att ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1327 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1326
	REJECTED
CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 a ...)
	NOT-FOR-US: Microsoft
CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 20 ...)
	NOT-FOR-US: Microsoft
CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1321 (Microsoft Publisher 2003 SP3 does not properly check the data type of  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1320 (Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attacker ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1319 (Microsoft Publisher 2003 SP3 does not properly check the return value  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1318 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1317 (Integer overflow in Microsoft Publisher 2003 SP3 allows remote attacke ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1316 (Microsoft Publisher 2003 SP3 does not properly validate the size of an ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1315 (Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Offi ...)
	NOT-FOR-US: Microsoft
CVE-2013-1314
	REJECTED
CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2013-1312 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1311 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1310 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1309 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1308 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1307 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1306 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1305 (HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT a ...)
	NOT-FOR-US: Microsoft
CVE-2013-1304 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1303 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1302 (Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lyn ...)
	NOT-FOR-US: Microsoft
CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attacker ...)
	NOT-FOR-US: Microsoft Visio
CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ta ...)
	NOT-FOR-US: Microsoft Windows Modern Mail
CVE-2013-1298
	REJECTED
CVE-2013-1297 (Microsoft Internet Explorer 6 through 8 does not properly restrict dat ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote  ...)
	NOT-FOR-US: Microsoft Remote Desktop Connection Client
CVE-2013-1295 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1294 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1293 (The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Se ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1292 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1291 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1290 (Microsoft SharePoint Server 2013, in certain configurations involving  ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-1289 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1286 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1284 (Race condition in the kernel in Microsoft Windows 8, Windows Server 20 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1283 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1282 (The LDAP service in Microsoft Active Directory, Active Directory Appli ...)
	NOT-FOR-US: Microsoft
CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1279 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1278 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1277 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1276 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1275 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1274 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1273 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1272 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1271 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1270 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1269 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1268 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1267 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1266 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1265 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1264 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1263 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1262 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1261 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1260 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1259 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1258 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1257 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1256 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1255 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1254 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1253 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1252 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1251 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1250 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1249 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1248 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) befor ...)
	NOT-FOR-US: HP PKI ActiveX
CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in Pragyan CMS 3 ...)
	NOT-FOR-US: Pragyan CMS
CVE-2012-6499 (Open redirect vulnerability in age-verification.php in the Age Verific ...)
	NOT-FOR-US: Age Verification plugin for WordPress
CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before 0.7.1.6 for ...)
	NOT-FOR-US: Connections plugin for WordPress
CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to  ...)
	NOT-FOR-US: Dl Download Ticket Service
CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x b ...)
	NOT-FOR-US: Orchard
CVE-2012-0722
	REJECTED
CVE-2013-1247 (Cross-site scripting (XSS) vulnerability in the wireless configuration ...)
	NOT-FOR-US: Cisco
CVE-2013-1246 (Cisco TelePresence System Software does not properly handle inactive t ...)
	NOT-FOR-US: Cisco
CVE-2013-1245 (The user-management page in Cisco WebEx Social relies on client-side v ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2013-1244 (Cross-site scripting (XSS) vulnerability in the portal module in Cisco ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2013-1243 (The IP stack in Cisco Intrusion Prevention System (IPS) Software in AS ...)
	NOT-FOR-US: Cisco
CVE-2013-1242 (Memory leak in the web framework in the server in Cisco Unified Presen ...)
	NOT-FOR-US: Cisco
CVE-2013-1241 (The ISM module in Cisco IOS on ISR G2 routers does not properly handle ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1240 (The command-line interface in Cisco Unified Communications Manager (CU ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1239
	RESERVED
CVE-2013-1238
	RESERVED
CVE-2013-1237
	RESERVED
CVE-2013-1236 (Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote  ...)
	NOT-FOR-US: Cisco TelePresence Supervisor
CVE-2013-1235 (Cisco Wireless LAN Controller (WLC) devices do not properly address th ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1234 (The SNMP module in Cisco IOS XR allows remote authenticated users to c ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-1233
	REJECTED
CVE-2013-1232 (The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Se ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1231 (The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1230 (Cisco Unified Communications Domain Manager allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2013-1229 (TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Manag ...)
	NOT-FOR-US: Cisco
CVE-2013-1228 (Cisco Jabber on Windows does not verify X.509 certificates from SSL se ...)
	NOT-FOR-US: Cisco Jabber
CVE-2013-1227 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2013-1226 (The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7 ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1225 (Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11  ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1224 (Directory traversal vulnerability in the Resource Manager in Cisco Uni ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1223 (The log viewer in Cisco Unified Customer Voice Portal (CVP) Software b ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1222 (The Tomcat Web Management feature in Cisco Unified Customer Voice Port ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1221 (The Tomcat Web Management feature in Cisco Unified Customer Voice Port ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1220 (The CallServer component in Cisco Unified Customer Voice Portal (CVP)  ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1219 (SensorApp in Cisco Intrusion Prevention System (IPS) allows local user ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2013-1218 (Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP ...)
	NOT-FOR-US: Cisco
CVE-2013-1217 (The generic input/output control implementation in Cisco IOS does not  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1216 (Memory leak in the SNMP module in Cisco IOS XR allows remote authentic ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-1215 (The vpnclient program in the Easy VPN component on Cisco Adaptive Secu ...)
	NOT-FOR-US: Cisco
CVE-2013-1214 (The scripts editor in Cisco Unified Contact Center Express (aka Unifie ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2013-1213 (Cisco NX-OS on the Nexus 1000V does not assign the proper priority to  ...)
	NOT-FOR-US: Cisco
CVE-2013-1212 (The SSL functionality in Cisco NX-OS on the Nexus 1000V does not prope ...)
	NOT-FOR-US: Cisco
CVE-2013-1211 (Cisco NX-OS on the Nexus 1000V does not properly handle authentication ...)
	NOT-FOR-US: Cisco
CVE-2013-1210 (Array index error in the Virtual Ethernet Module (VEM) kernel driver f ...)
	NOT-FOR-US: Cisco
CVE-2013-1209 (The encryption functionality in the Virtual Supervisor Module (VSM) to ...)
	NOT-FOR-US: Cisco
CVE-2013-1208 (The encryption functionality in Cisco NX-OS on the Nexus 1000V does no ...)
	NOT-FOR-US: Cisco
CVE-2013-1207
	RESERVED
CVE-2013-1206
	RESERVED
CVE-2013-1205 (The Event Center module in Cisco WebEx Meetings Server does not perfor ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote attacker ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...)
	NOT-FOR-US: Cisco
CVE-2013-1201
	RESERVED
CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-1199 (Race condition in the CIFS implementation in the rewriter module in th ...)
	NOT-FOR-US: Cisco
CVE-2013-1198 (Cross-site scripting (XSS) vulnerability in a Flash component in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1197 (The XML parser in the server in Cisco Unified Presence (CUP) allows re ...)
	NOT-FOR-US: Cisco Unified Presence
CVE-2013-1196 (The command-line interface in Cisco Secure Access Control System (ACS) ...)
	NOT-FOR-US: Cisco
CVE-2013-1195 (The time-based ACL implementation on Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: isco Adaptive Security Appliances
CVE-2013-1194 (The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2013-1193 (The Secure Shell (SSH) implementation on Cisco Adaptive Security Appli ...)
	NOT-FOR-US: Cisco
CVE-2013-1192 (The JAR files on Cisco Device Manager for Cisco MDS 9000 devices befor ...)
	NOT-FOR-US: Cisco Device Manager
CVE-2013-1191 (Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authen ...)
	NOT-FOR-US: Cisco
CVE-2013-1190 (The C-Series Rack Server component 1.4 in Cisco Unified Computing Syst ...)
	NOT-FOR-US: Cisco
CVE-2013-1189 (Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4 ...)
	NOT-FOR-US: Cisco Universal Broadband 10000 series routers
CVE-2013-1188 (Cisco Unified Communications Manager (CUCM) does not properly limit th ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1187 (The Connection Manager in Cisco Jabber Extensible Communications Platf ...)
	NOT-FOR-US: Cisco
CVE-2013-1186 (Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before  ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1185 (The web interface in the Manager component in Cisco Unified Computing  ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1184 (The management API in the XML API management service in the Manager co ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1183 (Buffer overflow in the Intelligent Platform Management Interface (IPMI ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1182 (The login page in the Web Console in the Manager component in Cisco Un ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1181 (Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexu ...)
	NOT-FOR-US: Cisco
CVE-2013-1180 (Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 700 ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1179 (Multiple buffer overflows in the (1) SNMP and (2) License Manager impl ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1178 (Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implem ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1177 (SQL injection vulnerability in Cisco Network Admission Control (NAC) M ...)
	NOT-FOR-US: Cisco Network Admission Control Manager
CVE-2013-1176 (The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4. ...)
	NOT-FOR-US: Cisco
CVE-2013-1175
	REJECTED
CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration M ...)
	NOT-FOR-US: Cisco Tivoli Business Service Manager
CVE-2013-1173 (Heap-based buffer overflow in ciscod.exe in the Cisco Security Service ...)
	NOT-FOR-US: Cisco AnyConnect
CVE-2013-1172 (The Cisco Security Service in Cisco AnyConnect Secure Mobility Client  ...)
	NOT-FOR-US: Cisco AnyConnect
CVE-2013-1171 (Multiple cross-site scripting (XSS) vulnerabilities in the element-lis ...)
	NOT-FOR-US: Cisco Connected Grid Network Management System (CG-NMS)
CVE-2013-1170 (The Cisco Prime Network Control System (NCS) appliance with software b ...)
	NOT-FOR-US: Cisco Prime Network Control System
CVE-2013-1169 (Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 P ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing Server
CVE-2013-1168 (The web server in Cisco Unified MeetingPlace Application Server 7.x be ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Application Server
CVE-2013-1167 (Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Ag ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1166 (Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1165 (Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7 ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1164 (Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregatio ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1163 (Multiple SQL injection vulnerabilities in the device-management implem ...)
	NOT-FOR-US: Cisco
CVE-2013-1162 (The traffic engineering (TE) processing subsystem in Cisco IOS XR allo ...)
	NOT-FOR-US: Cisco
CVE-2013-1161 (The XML parser in the Cisco Jabber IM application for Android allows r ...)
	NOT-FOR-US: Cisco
CVE-2013-1160 (Cross-site scripting (XSS) vulnerability in the OpenView web menus in  ...)
	NOT-FOR-US: Cisco
CVE-2013-1159 (Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) w ...)
	NOT-FOR-US: Cisco
CVE-2013-1158 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring  ...)
	NOT-FOR-US: IBM
CVE-2013-1157 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring  ...)
	NOT-FOR-US: IBM
CVE-2013-1156 (Directory traversal vulnerability in Cisco Prime Central for Hosted Co ...)
	NOT-FOR-US: Cisco
CVE-2013-1155 (The auth-proxy functionality in Cisco Firewall Services Module (FWSM)  ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2013-1154 (The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, ...)
	NOT-FOR-US: Cisco Small Business switches
CVE-2013-1153 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2013-1152 (Cisco Adaptive Security Appliances (ASA) devices with software 9.0 bef ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1151 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x bef ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1150 (The authentication-proxy implementation on Cisco Adaptive Security App ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1149 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x bef ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1148 (The General Responder implementation in the IP Service Level Agreement ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1147 (The Protocol Translation (PT) functionality in Cisco IOS 12.3 through  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1146 (The Smart Install client functionality in Cisco IOS 12.2 and 15.0 thro ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1145 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based P ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1144 (Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remot ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1143 (The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1142 (Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1141 (The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1140 (The XML parser in Cisco Security Monitoring, Analysis, and Response Sy ...)
	NOT-FOR-US: Cisco Security MARS
CVE-2013-1139 (The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 thr ...)
	NOT-FOR-US: Cisco Cloud Portal
CVE-2013-1138 (The NAT process on Cisco Adaptive Security Appliances (ASA) devices al ...)
	NOT-FOR-US: Cisco
CVE-2013-1137 (Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 al ...)
	NOT-FOR-US: Cisco Unified Presence Server
CVE-2013-1136 (The crypto engine process in Cisco IOS on Aggregation Services Router  ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1135 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance  ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-1134 (The Location Bandwidth Manager (LBM) Intracluster-communication featur ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1133 (Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1132 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2013-1131 (Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E,  ...)
	NOT-FOR-US: Cisco Small Business Wireless Access Points
CVE-2013-1130 (Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissi ...)
	NOT-FOR-US: Cisco
CVE-2013-1129 (Memory leak in Cisco Unity Connection 9.x allows remote attackers to c ...)
	NOT-FOR-US: Cisco
CVE-2013-1128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the serv ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-1127
	RESERVED
CVE-2013-1126
	RESERVED
CVE-2013-1125 (The command-line interface in Cisco Identity Services Engine Software, ...)
	NOT-FOR-US: Cisco
CVE-2013-1124 (The Cisco Network Admission Control (NAC) agent on Mac OS X does not v ...)
	NOT-FOR-US: Cisco Network Admission Control
CVE-2013-1123 (Multiple cross-site scripting (XSS) vulnerabilities in the server in C ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-1122 (Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtua ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1121 (The regex engine in the BGP implementation in Cisco NX-OS, when a comp ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1120 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisc ...)
	NOT-FOR-US: Cisco Unity Express
CVE-2013-1119 (Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD be ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1118 (Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) play ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1117 (Buffer overflow in the exception handler in Cisco WebEx Recording Form ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1116 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player  ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1115 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player  ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1114 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Exp ...)
	NOT-FOR-US: Cisco Unity Express
CVE-2013-1113 (Cross-site scripting (XSS) vulnerability in Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2013-1112 (Cisco Carrier Routing System (CRS) allows remote attackers to cause a  ...)
	NOT-FOR-US: Cisco Carrier Routing System
CVE-2013-1111 (The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9 ...)
	NOT-FOR-US: Cisco ATA 187 Analog Telephone Adaptor
CVE-2013-1110 (Cisco WebEx Training Center allow remote authenticated users to bypass ...)
	NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1109 (Cross-site request forgery (CSRF) vulnerability in testingLibraryActio ...)
	NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1108 (Cisco WebEx Training Center allows remote authenticated users to remov ...)
	NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1107 (The search function in Cisco Webex Social (formerly Cisco Quad) allows ...)
	NOT-FOR-US: Cisco Webex Social
CVE-2013-1106
	RESERVED
CVE-2013-1105 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7 ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1104 (The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1103 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7 ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1102 (The Wireless Intrusion Prevention System (wIPS) component on Cisco Wir ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1101
	RESERVED
CVE-2013-1100 (The HTTP server in Cisco IOS on Catalyst switches does not properly ha ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1099
	REJECTED
CVE-2013-1098
	RESERVED
CVE-2013-1097 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1096 (Cross-site scripting (XSS) vulnerability in the Roles Based Provisioni ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2013-1095 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1094 (Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-cor ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1093 (Open redirect vulnerability in the fwdToURL function in the ZCC login  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1092 (Multiple unquoted Windows search path vulnerabilities in Novell ZENwor ...)
	NOT-FOR-US: Novell ZENworks Desktop Management
CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 allows ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2013-1090 (The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership fo ...)
	- php-horde <not-affected> (SuSE specific packaging flaw)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=811369
CVE-2013-1089
	RESERVED
CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...)
	NOT-FOR-US: Novell iManager
CVE-2013-1087 (Cross-site scripting (XSS) vulnerability in the client in Novell Group ...)
	NOT-FOR-US: Novell GroupWise
CVE-2013-1086 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...)
	NOT-FOR-US: Novell GroupWise
CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in Novell Gro ...)
	NOT-FOR-US: Novell Messenger
CVE-2013-1084 (Directory traversal vulnerability in the GetFle method in the umaninv  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1083 (Unspecified vulnerability in the login functionality in the Reporting  ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2013-1082 (Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobi ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1081 (Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1080 (The web server in Novell ZENworks Configuration Management (ZCM) 10.3  ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1079 (Directory traversal vulnerability in the ISCreateObject method in an A ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1078
	RESERVED
CVE-2013-1077
	REJECTED
CVE-2013-1076
	REJECTED
CVE-2013-1075
	REJECTED
CVE-2013-1074
	REJECTED
CVE-2013-1073
	REJECTED
CVE-2013-1072
	REJECTED
CVE-2013-1071
	REJECTED
CVE-2013-1070 (Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permi ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2. ...)
	- nova 2014.1.1-4 (bug #753579)
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	- cinder 2014.1.1-3 (bug #753585)
	[wheezy] - cinder <not-affected> (Vulnerable code not present)
	NOTE: Requires includedir to be defined in /etc/sudoers file
CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files cr ...)
	NOT-FOR-US: Apport
CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0. ...)
	NOT-FOR-US: language-selector
CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D- ...)
	NOT-FOR-US: jockey
CVE-2013-1064 (apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5. ...)
	- apt-xapian-index 0.47 (low; bug #724837)
	[wheezy] - apt-xapian-index <no-dsa> (Minor issue, only allows a possibly prohibited update of the Xapian package index)
	[squeeze] - apt-xapian-index <no-dsa> (Minor issue, only allows a possibly prohibited update of the Xapian package index)
CVE-2013-1063 (usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0 ...)
	NOT-FOR-US: usb-creator
CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and  ...)
	NOT-FOR-US: ubuntu-system-service
CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0 ...)
	- software-properties 0.92.18 (low)
	[wheezy] - software-properties <no-dsa> (Minor issue)
	[squeeze] - software-properties <not-affected> (Vulnerable code not present)
CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux ...)
	NOT-FOR-US: Ubuntu packaging specific
CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote at ...)
	{DSA-2745-1}
	- linux 3.10.1-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (CEPH was introduced in 2.6.34)
CVE-2013-1058 (maas-import-pxe-files in MAAS before 13.10 does not verify the integri ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS b ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local  ...)
	- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
CVE-2013-1055
	RESERVED
CVE-2013-1054
	RESERVED
CVE-2013-1053
	RESERVED
CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...)
	NOT-FOR-US: pam-xdg-support (Ubuntu-specific package)
CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handl ...)
	- apt 0.9.7.8
	[squeeze] - apt <not-affected> (InRelease support not used)
CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 set ...)
	- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allo ...)
	{DSA-2635-1}
	- cfingerd 1.4.3-3.1 (bug #700098)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
CVE-2013-1048 (The Debian apache2ctl script in the apache2 package squeeze before 2.2 ...)
	{DSA-2637-1}
	- apache2 2.2.22-13
CVE-2013-1047 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1046 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1045 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1044 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1043 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1042 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1041 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1040 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1039 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1038 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1037 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1036 (Safari in Apple iOS before 7 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1035 (The iTunes ActiveX control in Apple iTunes before 11.1 allows remote a ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in  ...)
	NOT-FOR-US: Apple Mac OS X Server
CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track se ...)
	NOT-FOR-US: Screen Lock in Apple Mac OS X
CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to e ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly per ...)
	NOT-FOR-US: Power Management in Apple Mac OS X
CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5  ...)
	NOT-FOR-US: Mobile Device Management in Apple Mac OS X
CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to contin ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1024 (CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly i ...)
	NOT-FOR-US: CoreMedia Playback
CVE-2013-1023 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1022 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1021 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1020 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1019 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1018 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1017 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1016 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1015 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1014 (Apple iTunes before 11.0.3 does not properly verify X.509 certificates ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1013 (XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1012 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1009 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1006 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1005 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1004 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1003 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1002 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1001 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1000 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0999 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0998 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0996 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0995 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0994 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0993 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0992 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0991 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0990 (SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, all ...)
	NOT-FOR-US: Apple
CVE-2013-0989 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0988 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0987 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0986 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0985 (Disk Management in Apple Mac OS X before 10.8.4 does not properly auth ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0984 (Directory Service in Apple Mac OS X through 10.6.8 allows remote attac ...)
	NOT-FOR-US: Mac OS Server
CVE-2013-0983 (Stack consumption vulnerability in CoreAnimation in Apple Mac OS X bef ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0982 (The Private Browsing feature in CFNetwork in Apple Mac OS X before 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel i ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not pr ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly cons ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not prop ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote atta ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0975 (Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0974 (StoreKit in Apple iOS before 6.1 does not properly handle the disablin ...)
	NOT-FOR-US: Apple StoreKit
CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent plug ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0972
	RESERVED
CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to by ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent applicat ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0968 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the l ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac ...)
	NOT-FOR-US: Apple mod_hfs_apple
CVE-2013-0965
	RESERVED
CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not pr ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0963 (Identity Services in Apple iOS before 6.1 does not properly handle val ...)
	NOT-FOR-US: Identity Services in Apple iOS
CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0957 (Data Protection in Apple iOS before 7 allows attackers to bypass inten ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0947 (EMC RSA Authentication Manager 8.0 before P1 allows local users to dis ...)
	NOT-FOR-US: EMC
CVE-2013-0946 (Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor  ...)
	NOT-FOR-US: EMC
CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server ho ...)
	NOT-FOR-US: EMC Avamar
CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 ...)
	NOT-FOR-US: EMC Avamar
CVE-2013-0943 (EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain se ...)
	NOT-FOR-US: EMC
CVE-2013-0942 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Age ...)
	NOT-FOR-US: EMC RSA Authentication Agent
CVE-2013-0941 (EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5  ...)
	NOT-FOR-US: EMC
CVE-2013-0940 (The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and  ...)
	NOT-FOR-US: EMC NetWorker
CVE-2013-0939 (EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, D ...)
	NOT-FOR-US: EMC
CVE-2013-0938 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop befo ...)
	NOT-FOR-US: EMC
CVE-2013-0937 (Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2 ...)
	NOT-FOR-US: EMC
CVE-2013-0936 (Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Sma ...)
	NOT-FOR-US: EMC
CVE-2013-0935 (EMC Smarts Network Configuration Manager (NCM) before 9.2 does not req ...)
	NOT-FOR-US: EMC
CVE-2013-0934 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...)
	NOT-FOR-US: EMC
CVE-2013-0933 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer  ...)
	NOT-FOR-US: EMC
CVE-2013-0932 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...)
	NOT-FOR-US: EMC
CVE-2013-0931 (EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not en ...)
	NOT-FOR-US: EMC RSA
CVE-2013-0930 (Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 be ...)
	NOT-FOR-US: EMC AlphaStor
CVE-2013-0929 (Format string vulnerability in the _vsnsprintf function in rrobotd.exe ...)
	NOT-FOR-US: EMC AlphaStor
CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device Manager i ...)
	NOT-FOR-US: EMC AlphaStor
CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c r ...)
	NOT-FOR-US: Chrome OS
CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active cont ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ha ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0924 (The extension functionality in Google Chrome before 26.0.1410.43 does  ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0923 (The USB Apps API in Google Chrome before 26.0.1410.43 allows remote at ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0922 (Google Chrome before 26.0.1410.43 does not properly restrict brute-for ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0921 (The Isolated Sites feature in Google Chrome before 26.0.1410.43 does n ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0920 (Use-after-free vulnerability in the extension bookmarks API in Google  ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0919 (Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on L ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0918 (Google Chrome before 26.0.1410.43 does not prevent navigation to devel ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0917 (The URL loader in Google Chrome before 26.0.1410.43 allows remote atta ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0916 (Use-after-free vulnerability in the Web Audio implementation in Google ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows attack ...)
	NOT-FOR-US: Overflow in Chrome-specific libs
CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ker ...)
	{DSA-2668-1}
	- linux 3.2.41-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the  ...)
	- linux 3.2.41-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code was introduced later)
CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers t ...)
	- chromium-browser 25.0.1364.160-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0911 (Directory traversal vulnerability in Google Chrome before 25.0.1364.15 ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0910 (Google Chrome before 25.0.1364.152 does not properly manage the intera ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0909 (The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote at ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0908 (Google Chrome before 25.0.1364.152 does not properly manage bindings o ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0907 (Race condition in Google Chrome before 25.0.1364.152 allows remote att ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0906 (The IndexedDB implementation in Google Chrome before 25.0.1364.152 all ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0905 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 all ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0904 (The Web Audio implementation in Google Chrome before 25.0.1364.152 all ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0903 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 all ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0902 (Use-after-free vulnerability in the frame-loader implementation in Goo ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0901
	RESERVED
CVE-2013-0900 (Race condition in the International Components for Unicode (ICU) funct ...)
	{DSA-2786-1}
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
	- icu 4.8.1.1-12 (low; bug #702346)
	[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)
CVE-2013-0899 (Integer overflow in the padding implementation in the opus_packet_pars ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
	- opus 0.9.14+20120615-1+nmu1 (bug #704870)
CVE-2013-0898 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on W ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0897 (Off-by-one error in the PDF functionality in Google Chrome before 25.0 ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0896 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0895 (Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the V ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1 (bug #703200)
CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and Lin ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0891 (Integer overflow in Google Chrome before 25.0.1364.97 on Windows and L ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0890 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0889 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0888 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linu ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0887 (The developer-tools process in Google Chrome before 25.0.1364.97 on Wi ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0886 (Google Chrome before 25.0.1364.99 on Mac OS X does not properly implem ...)
	- chromium-browser <not-affected> (Mac OS X only)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0885 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0884 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0883 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linu ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0882 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0881 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0880 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on W ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0878 (The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 ...)
	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected code not present in libav)
CVE-2013-0877 (The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 a ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0876 (Multiple integer overflows in the (1) old_codec37 and (2) old_codec47  ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0875 (The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFm ...)
	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected code not present in libav)
CVE-2013-0874 (The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c  ...)
	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected code not present in libav)
CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before 1.1. ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1 (bug #717009)
	NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
	NOTE: Fix needed for ffmpeg 0.5
CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before 1 ...)
	- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
	- libav <not-affected> (libswresample not present in libav, linavresamle not affected)
CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before  ...)
	{DSA-2632-1}
	- linux 3.2.39-1
	- linux-2.6 <removed>
CVE-2013-0870 (The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check ou ...)
	- ffmpeg <not-affected> (No threading support in vp3 from ffmpeg 0.5)
	- libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 all ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
	NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1 ...)
	{DSA-2793-1}
	- ffmpeg <not-affected> (Code in 0.5 is different/not affected)
	- libav 6:0.8.7-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg befor ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.8-1 (bug #717009)
	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
CVE-2013-0864 (The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before ...)
	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
CVE-2013-0863 (Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFm ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in libavc ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg bef ...)
	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
	- libav <not-affected> (Affected code not present in libav 0.8.x)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
	NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpe ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.1-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
	NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg befor ...)
	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg befor ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.9-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
	NOTE: Fixed in 0.8.9
CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1. ...)
	{DSA-2793-1}
	- ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg)
	- libav 6:9.9-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
	NOTE: Fixed in 0.8.9
CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1  ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.10-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
CVE-2013-0855 (Integer overflow in the alac_decode_close function in libavcodec/alac. ...)
	- ffmpeg <not-affected> (0.5 series not affected)
	- libav 6:9.9-1 (bug #717009)
	[wheezy] - libav <not-affected> (0.8 series not affected)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.8-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg be ...)
	{DSA-2793-1}
	- ffmpeg <not-affected> (Vulnerability introduced later)
	- libav 6:0.8.8-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...)
	{DSA-3003-1}
	- ffmpeg <not-affected> (PGS subtitle decoder not present)
	- libav 6:10.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 a ...)
	{DSA-3003-1}
	- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
	- libav 6:10.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8)
CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.7-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg bef ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.3-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1  ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.4-1
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1. ...)
	- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
	- libav <not-affected> (Code in libav is different, read_ttag)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcode ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.3-1 (bug #717009)
	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
	NOTE: Needed for ffmpeg 0.5
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to  ...)
	{DSA-2855-1}
	- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
	- libav 6:9.11-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
	NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec/adpc ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.10-1
	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
	NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e
	NOTE: Fixed in 0.8.9
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome befor ...)
	- chromium-browser <not-affected> (MacOS-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0842 (Google Chrome before 24.0.1312.56 does not properly handle %00 charact ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0841 (Array index error in the content-blocking functionality in Google Chro ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0840 (Google Chrome before 24.0.1312.56 does not validate URLs during the op ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0839 (Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0838 (Google Chrome before 24.0.1312.52 on Linux uses weak permissions for s ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0837 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0836 (Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.5 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <not-affected> (bug #702261; vulnerablility was fixed by reverting to old implementation as found in version 3.8.9.20)
CVE-2013-0835 (Unspecified vulnerability in the Geolocation implementation in Google  ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0834 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0833 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0832 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0831 (Directory traversal vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0830 (The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a  ...)
	- chromium-browser <not-affected> (Only affects Windows)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0829 (Google Chrome before 24.0.1312.52 does not properly maintain database  ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0828 (The PDF functionality in Google Chrome before 24.0.1312.52 does not pr ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-6498 (Unrestricted file upload vulnerability in index.php in Atomymaxsite 2. ...)
	NOT-FOR-US: Atomymaxsite
CVE-2013-0827
	RESERVED
CVE-2013-0826
	RESERVED
CVE-2013-0825
	RESERVED
CVE-2013-0824
	RESERVED
CVE-2013-0823
	RESERVED
CVE-2013-0822
	RESERVED
CVE-2013-0821
	RESERVED
CVE-2013-0820
	RESERVED
CVE-2013-0819
	RESERVED
CVE-2013-0818
	RESERVED
CVE-2013-0817
	RESERVED
CVE-2013-0816
	RESERVED
CVE-2013-0815
	RESERVED
CVE-2013-0814
	RESERVED
CVE-2013-0813
	RESERVED
CVE-2013-0812
	RESERVED
CVE-2013-0811 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0810 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft
CVE-2013-0809 (Unspecified vulnerability in the 2D component in the Java Runtime Envi ...)
	- openjdk-6 6b27-1.12.4-1
	- openjdk-7 7u3-2.1.7-1
CVE-2013-0808
	RESERVED
CVE-2013-0807 (Cross-site scripting (XSS) vulnerability in the NewSectionPrompt funct ...)
	NOT-FOR-US: gpEasy CMS
CVE-2013-0806
	RESERVED
CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search feat ...)
	NOT-FOR-US: IT Operations Portal
CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP ...)
	NOT-FOR-US: GroupWise
CVE-2013-0803 (A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload ...)
	NOT-FOR-US: PolarBear CMS
CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions b ...)
	{DSA-2597-1}
	- ruby-activerecord-3.2 3.2.6-3
	- ruby-activerecord-2.3 2.3.14-3
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on  ...)
	{DSA-2597-1}
	- ruby-activerecord-3.2 3.2.6-3
	- ruby-activerecord-2.3 2.3.14-3
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-0802
	RESERVED
CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in pixman-ss ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- wine-gecko-1.4 <unfixed> (unimportant)
	NOTE: The description is misleading: Firefox embeds a copy of Cairo, the interdiff
	NOTE: shows the respective change at mozilla-esr17/gfx/cairo/cairo/src/cairo-image-surface.c
	NOTE: Apparently the forked copy has changed, the code isn't present in vanilla Cairo
CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox  ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and world-r ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x b ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
	{DSA-2720-1 DSA-2699-1}
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent o ...)
	- iceweasel 17.0.5esr-1 (low)
	[squeeze] - iceweasel <end-of-life>
	- iceape <removed> (low)
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbi ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_ ...)
	- iceweasel 17.0.5esr-1 (low)
	[squeeze] - iceweasel <end-of-life>
	- iceape <removed> (low)
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security Servic ...)
	- nss 2:3.14.3-1 (unimportant)
	NOTE: client crash only
CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 19)
	- icedove <not-affected> (Only affects Firefox 19)
	- iceape <not-affected> (Only affects Firefox 19)
CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function  ...)
	{DSA-2699-1}
	[squeeze] - iceweasel <end-of-life>
	- iceweasel 17.0.5esr-1
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2013-0785 (Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla b ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2013-0784 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint functio ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0780 (Use-after-free vulnerability in the nsOverflowContinuationTracker::Fin ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox before ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0778 (The ClusterIterator::NextCluster function in Mozilla Firefox before 19 ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0777 (Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint fun ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbi ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0775 (Use-after-free vulnerability in the nsImageLoadingContent::OnStopConta ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbi ...)
	- iceape <not-affected> (Introduced in Firefox 15)
	- iceweasel <not-affected> (Introduced in Firefox 15)
	- icedove <not-affected> (Introduced in Firefox 15)
CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implemen ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0,  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0771 (Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundari ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 10.0.12-1
	[squeeze] - icedove <end-of-life>
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla Fi ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox b ...)
	[squeeze] - iceweasel <end-of-life>
	- iceweasel 10.0.12esr-1
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0765 (Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox befo ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox E ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function i ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0761 (Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrac ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar functio ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x  ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x  ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in Mozilla F ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation in the V ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in  ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation i ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 10.0.12-1
	[squeeze] - icedove <end-of-life>
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do no ...)
	- iceape <not-affected> (Android-specific)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox b ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before 18 ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in Mozil ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x  ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox E ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0744 (Use-after-free vulnerability in the TableBackgroundPainter::TableBackg ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 10.0.12-1
	[squeeze] - icedove <end-of-life>
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0743
	REJECTED
CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote att ...)
	NOT-FOR-US: Corel PDF Fusion
CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipien ...)
	NOT-FOR-US: Percipient Studios ImageGen
CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator (O ...)
	NOT-FOR-US: Dell OpenManage Server Administrator
CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of user-supplied inpu ...)
	NOT-FOR-US: Chamilo LMS
CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blo ...)
	NOT-FOR-US: Chamilo LMS
CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...)
	NOT-FOR-US: BoltWire
CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...)
	NOT-FOR-US: mingle forum plugin for wp
CVE-2013-0735 (Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle  ...)
	NOT-FOR-US: Mingle Forum Wordpress plugin
CVE-2013-0734 (Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Foru ...)
	NOT-FOR-US: Mingle Forum Wordpress plugin
CVE-2013-0733 (Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 1 ...)
	NOT-FOR-US: Corel PaintShop Pro
CVE-2013-0732 (Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress doe ...)
	NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x th ...)
	NOT-FOR-US: Newscoop
CVE-2013-0729 (Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5. ...)
	NOT-FOR-US: Tracker Software PDF-XChange
CVE-2013-0728 (Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APO ...)
	NOT-FOR-US: ERDAS ECWP Browser Plugin
CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 ...)
	NOT-FOR-US: Global Mapper
CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...)
	NOT-FOR-US: ERDAS ER Viewer
CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...)
	NOT-FOR-US: ERDAS ER Viewer
CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...)
	NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...)
	NOT-FOR-US: Kingsoft Spreadsheets
CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ec_scan ...)
	- ettercap 1:0.7.5.1-2 (low; bug #697987)
	[squeeze] - ettercap 1:0.7.3-2.1+squeeze1
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
	NOTE: http://www.exploit-db.com/exploits/23945/
	NOTE: https://secunia.com/advisories/51731/
	NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch
CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw (act ...)
	{DSA-2593-1}
	- moin 1.9.5-3
	[wheezy] - moin 1.9.4-8+deb7u1
CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability ...)
	NOT-FOR-US: Rapid7 Nexpose
CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...)
	NOT-FOR-US: Rapid7 Nexpose Security Console
CVE-2012-6492
	RESERVED
CVE-2012-6491
	RESERVED
CVE-2012-6490
	RESERVED
CVE-2012-6489
	RESERVED
CVE-2012-6488
	RESERVED
CVE-2012-6487
	RESERVED
CVE-2012-6486
	RESERVED
CVE-2012-6485
	RESERVED
CVE-2012-6484
	RESERVED
CVE-2012-6483
	RESERVED
CVE-2012-6482
	RESERVED
CVE-2012-6481
	RESERVED
CVE-2012-6480
	RESERVED
CVE-2012-6479
	RESERVED
CVE-2012-6478
	RESERVED
CVE-2012-6477
	RESERVED
CVE-2012-6476
	RESERVED
CVE-2012-6475
	RESERVED
CVE-2012-6474
	RESERVED
CVE-2012-6473
	RESERVED
CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allo ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions  ...)
	NOT-FOR-US: COBIME
CVE-2013-0719 (The ArtIME Japanese Input application 1.1.2 and earlier for Android us ...)
	NOT-FOR-US: ArtIME Japanese Input application
CVE-2013-0718 (The Simeji application 4.8.1 and earlier for Android uses weak permiss ...)
	NOT-FOR-US: Simeji
CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web- ...)
	NOT-FOR-US: NEC Aterm routers
CVE-2013-0716 (The web server in Wind River VxWorks 5.5 through 6.9 allows remote att ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0715 (The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remo ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0714 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0713 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0712 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0711 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0710 (Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows re ...)
	NOT-FOR-US: Kingsoft Writer
CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remo ...)
	NOT-FOR-US: Bayashi dopvSTAR
CVE-2013-0708 (Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows re ...)
	NOT-FOR-US: Bayashi dopvCOMET
CVE-2013-0707 (Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichit ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2013-0706 (NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and ...)
	NOT-FOR-US: NEC Universal RAID Utility
CVE-2013-0705 (Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) befo ...)
	NOT-FOR-US: LSI 3ware Disk Manager
CVE-2013-0704 (Directory traversal vulnerability in the GREE application before 1.3.3 ...)
	NOT-FOR-US: GREE Android app
CVE-2013-0703 (Cross-site scripting (XSS) vulnerability in imgboard.com imgboard befo ...)
	NOT-FOR-US: imgboard
CVE-2013-0702 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 throug ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-0701 (SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allow ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile direc ...)
	NOT-FOR-US: Opera
CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field  ...)
	NOT-FOR-US: Opera
CVE-2012-6470 (Opera before 12.12 does not properly allocate memory for GIF images, w ...)
	NOT-FOR-US: Opera
CVE-2012-6469 (Opera before 12.11 allows remote attackers to determine the existence  ...)
	NOT-FOR-US: Opera
CVE-2012-6468 (Heap-based buffer overflow in Opera before 12.11 allows remote attacke ...)
	NOT-FOR-US: Opera
CVE-2012-6467 (Opera before 12.10 follows Internet shortcuts that are referenced by a ...)
	NOT-FOR-US: Opera
CVE-2012-6466 (Opera before 12.10 does not properly handle incorrect size data in a W ...)
	NOT-FOR-US: Opera
CVE-2012-6465 (Opera before 12.10 allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Opera
CVE-2012-6464 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows  ...)
	NOT-FOR-US: Opera
CVE-2012-6463 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows  ...)
	NOT-FOR-US: Opera
CVE-2012-6462 (Opera before 12.10 does not properly implement the Cross-Origin Resour ...)
	NOT-FOR-US: Opera
CVE-2012-6461 (The X.509 certificate-validation functionality in the https implementa ...)
	NOT-FOR-US: Opera
CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote attackers to ca ...)
	NOT-FOR-US: Opera
CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after off ...)
	- connman 1.0-1.1 (bug #697580)
	[wheezy] - connman 1.0-1.1+wheezy1
	[squeeze] - connman <no-dsa> (Minor issue)
CVE-2012-6458 (Multiple cross-site scripting (XSS) vulnerabilities in the SilverStrip ...)
	- silverstripe <itp> (bug #528461)
CVE-2012-6457
	RESERVED
CVE-2012-6456
	RESERVED
CVE-2012-6455
	RESERVED
CVE-2012-6454
	RESERVED
CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway  ...)
	NOT-FOR-US: Axway Secure Messenger
CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass ...)
	NOT-FOR-US: Lorex LNC116 and LNC104 IP Cameras
CVE-2012-6450
	RESERVED
CVE-2012-6449 (The clientconf.html and detailbw.html pages in x3 in cPanel &amp; WHM  ...)
	NOT-FOR-US: cPanel
CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 all ...)
	NOT-FOR-US: cPanel
CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...)
	NOT-FOR-US: Splunk
CVE-2012-6446
	RESERVED
CVE-2012-6445
	RESERVED
CVE-2012-6444
	RESERVED
CVE-2012-6443
	RESERVED
CVE-2012-6453 (Cross-site scripting (XSS) vulnerability in the RSS Reader extension b ...)
	{DSA-2596-1}
	- mediawiki-extensions 2.11 (bug #696179)
CVE-2012-6442 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6441 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6440 (The web-server password-authentication functionality in Rockwell Autom ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6439 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6438 (Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6437 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6436 (Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6435 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6434 (Multiple cross-site request forgery (CSRF) vulnerabilities in e107_adm ...)
	NOT-FOR-US: e107
CVE-2012-6433 (Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost ...)
	NOT-FOR-US: e107
CVE-2013-0700 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cau ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2013-0699 (The Galil RIO-47100 Pocket PLC allows remote attackers to cause a deni ...)
	NOT-FOR-US: Galil RIO-47100
CVE-2013-0698
	REJECTED
CVE-2013-0697
	REJECTED
CVE-2013-0696
	REJECTED
CVE-2013-0695
	REJECTED
CVE-2013-0694 (The Emerson Process Management ROC800 RTU with software 3.50 and earli ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0693 (The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU wi ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0692 (The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU wi ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0691
	REJECTED
CVE-2013-0690
	REJECTED
CVE-2013-0689 (The TFTP server on the Emerson Process Management ROC800 RTU with soft ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0688 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware Inform ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0687 (The installer routine in Schneider Electric MiCOM S1 Studio uses world ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-0686 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal,  ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0685 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal,  ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0684 (SQL injection vulnerability in Invensys Wonderware Information Server  ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0683 (The DataSim and DataPid demonstration clients in Cogent Real-Time Syst ...)
	NOT-FOR-US: DataSim and DataPid demonstration clients
CVE-2013-0682 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befo ...)
	NOT-FOR-US: Cogent DataHub
CVE-2013-0681 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befo ...)
	NOT-FOR-US: Cogent DataHub
CVE-2013-0680 (Stack-based buffer overflow in the web server in Cogent Real-Time Syst ...)
	NOT-FOR-US: Cogent DataHub
CVE-2013-0679 (Directory traversal vulnerability in the web server in Siemens WinCC b ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0678 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and o ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0677 (The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 be ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0676 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and o ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0675 (Buffer overflow in CCEServer (aka the central communications component ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0674 (Buffer overflow in the RegReader ActiveX control in Siemens WinCC befo ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0673 (Directory traversal vulnerability in the web interface in the Health M ...)
	NOT-FOR-US: MatrikonOPC
CVE-2013-0672 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0671 (Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 all ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0670 (CRLF injection vulnerability in the HMI web application in Siemens Win ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0669 (The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0668 (Multiple cross-site scripting (XSS) vulnerabilities in the HMI web app ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0667 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0666 (The configuration utility in MatrikonOPC Security Gateway 1.0 allows r ...)
	NOT-FOR-US: MatrikonOPC
CVE-2013-0665 (Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before  ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories AcSELerator QuickSet
CVE-2013-0664 (The FactoryCast service on the Schneider Electric Quantum 140NOE77111  ...)
	NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0663 (Cross-site request forgery (CSRF) vulnerability on the Schneider Elect ...)
	NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0662 (Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider El ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-0661
	RESERVED
CVE-2013-0660
	RESERVED
CVE-2013-0659 (The debugging feature on the Siemens CP 1604 and CP 1616 interface car ...)
	NOT-FOR-US: Siemens Interface Card
CVE-2013-0658 (Heap-based buffer overflow in RFManagerService.exe in Schneider Electr ...)
	NOT-FOR-US: Schneider Electric Accutech Manager
CVE-2013-0657 (Stack-based buffer overflow in Schneider Electric Interactive Graphica ...)
	NOT-FOR-US: Schneider Electric IGSS
CVE-2013-0656 (Buffer overflow in a third-party ActiveX component in Siemens SIMATIC  ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2013-0655 (The client in Schneider Electric Software Update (SESU) Utility 1.0.x  ...)
	NOT-FOR-US: Schneider Electric SESU
CVE-2013-0654 (CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICIT ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2013-0653 (Directory traversal vulnerability in substitute.bcl in the WebView Cim ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2013-0652 (GE Intelligent Platforms Proficy Real-Time Information Portal does not ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2013-0651 (The Portal installation process in GE Intelligent Platforms Proficy Re ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the ...)
	NOT-FOR-US: Symfony
CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data consiste ...)
	NOT-FOR-US: Symfony
CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5. ...)
	NOT-FOR-US: Open Solution Quick.Cart and Quick.Cms
CVE-2012-6429 (Buffer overflow in the PrepareSync method in the SyncService.dll Activ ...)
	NOT-FOR-US: Samsung Kies
CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0648 (Unspecified vulnerability in the ExternalInterface ActionScript functi ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0646 (Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x bef ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0644 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0643 (The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0642 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0641 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x bef ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-0640 (Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11. ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-0639 (Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x bef ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0638 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0637 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0636 (Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.11 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-0635 (Adobe Shockwave Player before 12.0.0.112 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-0634 (Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on  ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0633 (Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0632 (administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sens ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not con ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0628
	REJECTED
CVE-2013-0627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0626 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0625 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configu ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0624 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0623 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0622 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0621 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0620 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0619 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0618 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0617 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0616 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0615 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0614 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0613 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0612 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0611 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0610 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0609 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0608 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0607 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0606 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0605 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0604 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0603 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0602 (Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0601 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establish ...)
	NOT-FOR-US: Carlo Gavazzi EOS-Box
CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with f ...)
	NOT-FOR-US: Carlo Gavazzi EOS-Box
CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the signature-verification cap ...)
	- lemonldap-ng 1.2.2-3 (bug #696329)
	[wheezy] - lemonldap-ng 1.1.2-5+deb7u1
	[squeeze] - lemonldap-ng <not-affected> (SAML code not present)
CVE-2013-0600 (Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance de ...)
	NOT-FOR-US: IBM WebSphere DataPower XC10 Appliance devices
CVE-2013-0599 (IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Serv ...)
	NOT-FOR-US: IBM
CVE-2013-0598 (Cross-site request forgery (CSRF) vulnerability in the Web Client in I ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0595 (Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2013-0594 (Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and  ...)
	NOT-FOR-US: IBM
CVE-2013-0593 (Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS  ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2013-0592 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fi ...)
	NOT-FOR-US: IBM
CVE-2013-0591 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2013-0590 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2013-0589 (IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote  ...)
	NOT-FOR-US: IBM
CVE-2013-0588
	RESERVED
CVE-2013-0587 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere P ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-0586 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-0585 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere  ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-0584 (The Data Replication Dashboard component in IBM InfoSphere Replication ...)
	NOT-FOR-US: IBM InfoSphere Replication Server
CVE-2013-0583
	RESERVED
CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Ident ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Pr ...)
	NOT-FOR-US: IBM
CVE-2013-0580 (Cross-site request forgery (CSRF) vulnerability in the Optim E-Busines ...)
	NOT-FOR-US: IBM
CVE-2013-0579 (The Optim E-Business Console in IBM Data Growth Solution for Oracle E- ...)
	NOT-FOR-US: IBM
CVE-2013-0578 (The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfi ...)
	NOT-FOR-US: IBM
CVE-2013-0577 (The Optim E-Business Console in IBM Data Growth Solution for Oracle E- ...)
	NOT-FOR-US: IBM
CVE-2013-0576 (Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Port ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-0575
	RESERVED
CVE-2013-0574
	RESERVED
CVE-2013-0573
	RESERVED
CVE-2013-0572 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for A ...)
	NOT-FOR-US: IBM Document Connect for Application Support Facility
CVE-2013-0571 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for A ...)
	NOT-FOR-US: IBM Document Connect for Application Support Facility
CVE-2013-0570 (The Fibre Channel over Ethernet (FCoE) feature in IBM System Networkin ...)
	NOT-FOR-US: IBM
CVE-2013-0569 (Cross-site scripting (XSS) vulnerability in the Communities component  ...)
	NOT-FOR-US: IBM Connections
CVE-2013-0568 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0567 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0566 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Acceler ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2013-0565 (Cross-site scripting (XSS) vulnerability in the RPC adapter for the We ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0564
	RESERVED
CVE-2013-0563
	RESERVED
CVE-2013-0562
	RESERVED
CVE-2013-0561
	RESERVED
CVE-2013-0560 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator  ...)
	NOT-FOR-US: IBM
CVE-2013-0559 (Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 all ...)
	NOT-FOR-US: IBM
CVE-2013-0558 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0557
	RESERVED
CVE-2013-0556
	RESERVED
CVE-2013-0555
	RESERVED
CVE-2013-0554
	RESERVED
CVE-2013-0553 (The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as us ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0552
	RESERVED
CVE-2013-0551 (The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 thro ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-0550
	REJECTED
CVE-2013-0549 (Cross-site scripting (XSS) vulnerability in the Web Content Manager -  ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-0548 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic Servi ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-0547
	RESERVED
CVE-2013-0546
	RESERVED
CVE-2013-0545
	RESERVED
CVE-2013-0544 (Directory traversal vulnerability in the Administrative Console in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0543 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0542 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0541 (Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0540 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0539 (An unspecified third-party component in IBM Sterling B2B Integrator 5. ...)
	NOT-FOR-US: IBM
CVE-2013-0538 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2013-0537 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0536 (ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0 ...)
	NOT-FOR-US: IBM Notes
CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic Mee ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0534 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0533 (Cross-site scripting (XSS) vulnerability in the Sametime Links server  ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0532 (Cross-site request forgery (CSRF) vulnerability in IBM Security AppSca ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0531 (The SSL implementation in IBM Security AppScan Enterprise before 8.7.0 ...)
	NOT-FOR-US: IBM
CVE-2013-0530
	RESERVED
CVE-2013-0529 (The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 ...)
	NOT-FOR-US: IBM Sterling Connect:Direct
CVE-2013-0528
	REJECTED
CVE-2013-0527 (The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 ...)
	NOT-FOR-US: IBM Sterling Connect:Direct
CVE-2013-0526 (ping.php in Global Console Manager 16 (GCM16) and Global Console Manag ...)
	NOT-FOR-US: IBM GCM16
CVE-2013-0525 (Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5. ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0524
	RESERVED
CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-0522 (The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2,  ...)
	NOT-FOR-US: IBM
CVE-2013-0521
	RESERVED
CVE-2013-0520 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...)
	NOT-FOR-US: IBM
CVE-2013-0519 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...)
	NOT-FOR-US: IBM
CVE-2013-0518 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...)
	NOT-FOR-US: IBM
CVE-2013-0517 (A Command Execution Vulnerability exists in IBM Sterling External Auth ...)
	NOT-FOR-US: IBM
CVE-2013-0516
	REJECTED
CVE-2013-0515
	RESERVED
CVE-2013-0514
	RESERVED
CVE-2013-0513 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rationa ...)
	NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester
CVE-2013-0512 (Stack-based buffer overflow in the Manual Explore browser plug-in for  ...)
	NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester
CVE-2013-0511 (Multiple SQL injection vulnerabilities in IBM Security AppScan Enterpr ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0510 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a secu ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0509 (Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool Sys ...)
	NOT-FOR-US: IBM
CVE-2013-0508 (Multiple buffer overflows in IBM Tivoli Netcool System Service Monitor ...)
	NOT-FOR-US: IBM
CVE-2013-0507 (IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fix ...)
	NOT-FOR-US: IBM
CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...)
	NOT-FOR-US: IBM Sterling Order Management
CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 b ...)
	NOT-FOR-US: IBM Sterling Order Management
CVE-2013-0504 (Buffer overflow in the broker service in Adobe Flash Player before 10. ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0503 (Cross-site scripting (XSS) vulnerability in the Bookmarks component in ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2013-0502 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-0501 (The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edra ...)
	NOT-FOR-US: IBM Cognos Disclosure Management
CVE-2013-0500 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not pro ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-0499 (Cross-site scripting (XSS) vulnerability in the echo functionality on  ...)
	NOT-FOR-US: IBM
CVE-2013-0498
	RESERVED
CVE-2013-0497
	RESERVED
CVE-2013-0496
	RESERVED
CVE-2013-0495
	RESERVED
CVE-2013-0494 (IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cau ...)
	NOT-FOR-US: IBM Sterling Integrator
CVE-2013-0493
	RESERVED
CVE-2013-0492 (Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin To ...)
	NOT-FOR-US: IBM Informix
CVE-2013-0491
	RESERVED
CVE-2013-0490 (Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 ...)
	NOT-FOR-US: IBM InfoSphere Guardium
CVE-2013-0489 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka t ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0488 (Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web  ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0487 (The Java Console in IBM Domino 8.5.x allows remote authenticated users ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0486 (Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attac ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0485 (Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before S ...)
	NOT-FOR-US: IBM Java SDK
CVE-2013-0484 (The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows r ...)
	NOT-FOR-US: IBM Cognos TM1
CVE-2013-0483 (The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2 ...)
	NOT-FOR-US: IBM IMS Enterprise Suite
CVE-2013-0482 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2013-0481 (The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling Fi ...)
	NOT-FOR-US: IBM
CVE-2013-0480
	RESERVED
CVE-2013-0479 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0478 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2013-0477 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere  ...)
	NOT-FOR-US: IBM
CVE-2013-0476 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0475 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0474 (The Manual Explore browser plug-in in IBM Security AppScan Enterprise  ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0473 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security Ap ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0472 (The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 befo ...)
	NOT-FOR-US: IBM
CVE-2013-0471 (The traditional scheduler in the client in IBM Tivoli Storage Manager  ...)
	NOT-FOR-US: IBM
CVE-2013-0470 (HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authentica ...)
	NOT-FOR-US: IBM
CVE-2013-0469
	RESERVED
CVE-2013-0468 (Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrato ...)
	NOT-FOR-US: IBM
CVE-2013-0467 (IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0466 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Brok ...)
	NOT-FOR-US: IBM
CVE-2013-0465 (Unspecified vulnerability in the IBM WebSphere Cast Iron physical and  ...)
	NOT-FOR-US: IBM
CVE-2013-0464 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Hel ...)
	NOT-FOR-US: IBM
CVE-2013-0463 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0462 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0461 (Cross-site scripting (XSS) vulnerability in the virtual member manager ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0460 (Cross-site request forgery (CSRF) vulnerability in the portlet subsyst ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0459 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0458 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0457 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2013-0456 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2013-0455 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2 ...)
	NOT-FOR-US: IBM
CVE-2013-0454 (The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IB ...)
	- samba 2:3.6.6-1
	[squeeze] - samba <not-affected> (only Samba 3.6.0 - 3.6.5 (inclusive) affected)
	NOTE: https://www.samba.org/samba/security/CVE-2013-0454
CVE-2013-0453 (Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli  ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software Use An ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-6425
	RESERVED
CVE-2012-6424
	RESERVED
CVE-2012-6423
	RESERVED
CVE-2012-6422 (The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly ...)
	NOT-FOR-US: Android kernel
CVE-2012-6421
	REJECTED
CVE-2012-6420
	REJECTED
CVE-2012-6419
	REJECTED
CVE-2012-6418
	REJECTED
CVE-2012-6417
	REJECTED
CVE-2012-6416
	REJECTED
CVE-2012-6415
	REJECTED
CVE-2012-6414
	REJECTED
CVE-2012-6413
	REJECTED
CVE-2012-6412
	REJECTED
CVE-2012-6411
	REJECTED
CVE-2012-6410
	REJECTED
CVE-2012-6409
	REJECTED
CVE-2012-6408
	REJECTED
CVE-2012-6407
	REJECTED
CVE-2012-6406
	REJECTED
CVE-2012-6405
	REJECTED
CVE-2012-6404
	REJECTED
CVE-2012-6403
	REJECTED
CVE-2012-6402
	REJECTED
CVE-2012-6401
	REJECTED
CVE-2012-6400
	RESERVED
CVE-2012-6399 (Cisco WebEx 4.1 on iOS does not verify that the server hostname matche ...)
	NOT-FOR-US: Cisco
CVE-2012-6398
	RESERVED
CVE-2012-6397 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (former ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2012-6396 (Cisco NX-OS on Nexus 7000 series switches does not properly handle cer ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-6395 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-6394
	RESERVED
CVE-2012-6393
	RESERVED
CVE-2012-6392 (Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux d ...)
	NOT-FOR-US: Cisco Prime LMS
CVE-2012-6391
	RESERVED
CVE-2012-6390
	RESERVED
CVE-2012-6389
	RESERVED
CVE-2012-6388
	RESERVED
CVE-2012-6387
	RESERVED
CVE-2012-6386
	RESERVED
CVE-2012-6385
	RESERVED
CVE-2012-6384
	RESERVED
CVE-2012-6383
	RESERVED
CVE-2012-6382
	RESERVED
CVE-2012-6381
	RESERVED
CVE-2012-6380
	RESERVED
CVE-2012-6379
	RESERVED
CVE-2012-6378
	RESERVED
CVE-2012-6377
	RESERVED
CVE-2012-6376
	RESERVED
CVE-2012-6375
	RESERVED
CVE-2012-6374
	RESERVED
CVE-2012-6373
	RESERVED
CVE-2012-6372
	RESERVED
CVE-2012-6371 (The WPA2 implementation on the Belkin N900 F9K1104v1 router establishe ...)
	NOT-FOR-US: Belkin router
CVE-2012-6370
	RESERVED
CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting Report ...)
	NOT-FOR-US: AgileBits 1Password
CVE-2012-6368
	REJECTED
CVE-2012-6367
	REJECTED
CVE-2012-6366
	REJECTED
CVE-2012-6365
	REJECTED
CVE-2012-6364
	REJECTED
CVE-2012-6363
	REJECTED
CVE-2012-6362
	REJECTED
CVE-2012-6361
	RESERVED
CVE-2012-6360 (Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations ...)
	NOT-FOR-US: IBM Intelligent Operations Center
CVE-2012-6359 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6. ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-6358
	RESERVED
CVE-2012-6357 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7. ...)
	NOT-FOR-US: IBM
CVE-2012-6356 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7. ...)
	NOT-FOR-US: IBM
CVE-2012-6355 (IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management E ...)
	NOT-FOR-US: IBM
CVE-2012-6354 (The management GUI on the IBM SAN Volume Controller and Storwize V7000 ...)
	NOT-FOR-US: IBM
CVE-2012-6353
	RESERVED
CVE-2012-6352 (The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on  ...)
	NOT-FOR-US: IBM Sterling Connect:Direct
CVE-2012-6351
	RESERVED
CVE-2012-6350 (Cross-site scripting (XSS) vulnerability in the Web component in IBM C ...)
	NOT-FOR-US: IBM Cognos TM1
CVE-2012-6349 (Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used i ...)
	NOT-FOR-US: IBM Notes
CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suit ...)
	NOT-FOR-US: Centrify
CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java number for ...)
	NOT-FOR-US: FortiGate
CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before ...)
	NOT-FOR-US: FortiWeb
CVE-2012-6345 (Novell ZENworks Configuration Management before 11.2.4 allows obtainin ...)
	NOT-FOR-US: CyberArk Vault
CVE-2012-6344 (Novell ZENworks Configuration Management before 11.2.4 allows XSS. ...)
	NOT-FOR-US: CyberArk Vault
CVE-2012-6343
	RESERVED
CVE-2012-6342 (Cross-site request forgery (CSRF) vulnerability in logout.action in At ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2012-6341 (An Information Disclosure vulnerability exists in the my config file i ...)
	NOT-FOR-US: Netgear
CVE-2012-6340 (An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due ...)
	NOT-FOR-US: Netgear
CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2012-6338
	RESERVED
CVE-2012-6337 (The Track My Mobile feature in the SamsungDive subsystem for Android o ...)
	NOT-FOR-US: SamsungDive on Samsung Galaxy
CVE-2012-6336 (The Missing Device feature in Lookout allows physically proximate atta ...)
	NOT-FOR-US: Lookout
CVE-2012-6335 (The Anti-theft service in AVG AntiVirus for Android allows physically  ...)
	NOT-FOR-US: AVG AntiVirus for Android
CVE-2012-6334 (The Track My Mobile feature in the SamsungDive subsystem for Android o ...)
	NOT-FOR-US: SamsungDive subsystem for Android
CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and  ...)
	NOT-FOR-US: vBulletin
CVE-2012-6333 (Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM ...)
	{DSA-2636-1}
	- xen 4.1.3-8
CVE-2012-6332
	RESERVED
CVE-2012-6331
	RESERVED
CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki 1.0. ...)
	- foswiki <itp> (bug #509864)
CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext implement ...)
	- perl 5.14.2-16 (bug #695224)
	[squeeze] - perl 5.10.1-17squeeze5
	- foswiki <itp> (bug #509864)
CVE-2012-6328
	REJECTED
CVE-2012-6327
	REJECTED
CVE-2012-6326 (VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and ...)
	NOT-FOR-US: vCenter
CVE-2012-6325 (VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not pr ...)
	NOT-FOR-US: VMware vCenter Server Appliance
CVE-2012-6324 (Directory traversal vulnerability in VMware vCenter Server Appliance ( ...)
	NOT-FOR-US: VMware vCenter Server Appliance
CVE-2013-0450 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0449 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0448 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-0447 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0446 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0445 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12.1-1
	- openjdk-7 7u17-2.3.8-1
	NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69
	NOTE: openjdk-7 fixed in experimental: 7u13-2.3.6-1
CVE-2013-0444 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 7u3-2.1.6-1
	NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39
CVE-2013-0443 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0442 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
	NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69
CVE-2013-0441 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0440 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0439 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0438 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0437 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0436 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0435 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0434 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0433 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0432 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0431 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 7u3-2.1.6-1
	NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/b09c28ff798f
CVE-2013-0430 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0429 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0428 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0427 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0426 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0425 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0424 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remot ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u3-2.1.4-1
	NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1
CVE-2013-0421
	REJECTED
CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle Virtua ...)
	- virtualbox 4.1.18-dfsg-2 (bug #698292)
	- virtualbox-ose <not-affected> (Vulnerable code not present)
CVE-2013-0419 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0418 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Outside In
CVE-2013-0417 (Unspecified vulnerability in the Sun Storage Common Array Manager (CAM ...)
	NOT-FOR-US: Sun Storage Common Array Manager
CVE-2013-0416 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-0415 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2013-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2013-0413 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-0412 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2013-0411 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows lo ...)
	NOT-FOR-US: Solaris
CVE-2013-0410 (Unspecified vulnerability in the Agile EDM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2013-0409 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-0408 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2013-0407 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-0406 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Solaris
CVE-2013-0405 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2013-0404 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2013-0403 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2013-0402 (Heap-based buffer overflow in the Java Runtime Environment (JRE) compo ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0401 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-0400 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2013-0399 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2013-0398 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows re ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-0397 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle Applications Framework
CVE-2013-0396 (Unspecified vulnerability in the Application Performance Management (A ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0395 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0394 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle P ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0393 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Outside In
CVE-2013-0392 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0391 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0390 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle Applications Framework
CVE-2013-0389 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0388 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle P ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0387 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0386 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0385 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0384 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0383 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0382 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0381 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0380 (Unspecified vulnerability in the Oracle Payroll component in Oracle E- ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0379 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-0378 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-0377 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0376 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0375 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 5.1.67
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0374 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-0373 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-0372 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-0371 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0370 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain product suite
CVE-2013-0369 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0368 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0367 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0366 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0365 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-0364 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0363 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0362 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0361 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0360 (Unspecified vulnerability in the Application Performance Management (A ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0359 (Unspecified vulnerability in the APM - Application Performance Managem ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0358 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0357 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0356 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0355 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0354 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0353 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0352 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0351 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0350 (tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary  ...)
	- pktstat 1.8.5-3 (bug #701211)
	[squeeze] - pktstat <not-affected> (Vulnerable code not present)
CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux  ...)
	{DSA-2668-1}
	- linux 3.2.39-1
	- linux-2.6 <removed>
CVE-2013-0348 (thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readab ...)
	- thttpd <removed> (low)
	[squeeze] - thttpd <no-dsa> (Minor issue)
	NOTE: http://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/
CVE-2013-0347 (The Gentoo init script for webfs uses world-readable permissions for / ...)
	- webfs 1.21+ds1-9 (low; bug #701638)
	[wheezy] - webfs <no-dsa> (Minor issue)
	[squeeze] - webfs <no-dsa> (Minor issue)
CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for t ...)
	- tomcat6 <not-affected> (Log files are owned by tomcat:tomcat)
CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the /var/log/varnish ...)
	- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
	RESERVED
CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux  ...)
	{DSA-2906-1}
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <removed> (low)
CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses sequential ...)
	- pyrad <unfixed> (low; bug #701151)
	[buster] - pyrad <ignored> (Minor issue)
	[stretch] - pyrad <ignored> (Minor issue)
	[jessie] - pyrad <no-dsa> (Minor issue)
	[wheezy] - pyrad <no-dsa> (Minor issue)
	[squeeze] - pyrad <no-dsa> (Minor issue)
	NOTE: this is initially related to #700669
CVE-2013-0341 [external entity expansion]
	REJECTED
CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion un ...)
	- expat <unfixed> (unimportant)
	NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
	NOTE: https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0340.html
CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities expan ...)
	{DSA-2652-1}
	- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause  ...)
	{DSA-2652-1}
	- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier, uses  ...)
	- nginx <unfixed> (low; bug #701112)
	[buster] - nginx <ignored> (Minor issue)
	[stretch] - nginx <ignored> (Minor issue)
	[jessie] - nginx <ignored> (Minor issue)
	[wheezy] - nginx <no-dsa> (Minor issue)
	[squeeze] - nginx <no-dsa> (Minor issue)
	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376
	NOTE: resolved upstream.
	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 fixes.
CVE-2013-0336 (The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...)
	- 389-ds-base 1.3.2.9-1 (bug #704077)
CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)  ...)
	- nova 2012.1.1-14 (bug #701773)
CVE-2013-0334 (Bundler before 1.7, when multiple top-level source lines are used, all ...)
	- bundler 1.7.2-1 (low; bug #762739)
	[wheezy] - bundler <no-dsa> (Minor issue)
CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...)
	{DSA-2613-1}
	- rails 2.3.14.1 (bug #699226)
	- ruby-activesupport-2.3 2.3.14-6 (bug #699249)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x befo ...)
	{DSA-2640-1}
	- zoneminder 1.25.0-1 (bug #700912)
CVE-2013-0331 (Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticate ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0330 (Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480 ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0329 (Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480 ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and L ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins master in J ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0326 (OpenStack nova base images permissions are world readable ...)
	- nova <unfixed> (unimportant)
	NOTE: Unfixed upstream, typical installation not multi-user anyway
CVE-2013-0325 (Multiple cross-site scripting (XSS) vulnerabilities in the Varnish mod ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0324 (Cross-site scripting (XSS) vulnerability in the Rendered links formatt ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0323 (Cross-site scripting (XSS) vulnerability in the Display Suite module 7 ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0322 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart modu ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0321 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart View ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0320 (Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manage ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0319 (Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module  ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0318 (The admin page in the Banckle Chat module for Drupal does not properly ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0317 (Cross-site scripting (XSS) vulnerability in the Manager Change for Org ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0316 (The Image module in Drupal 7.x before 7.20 allows remote attackers to  ...)
	- drupal7 7.14-2 (bug #701165)
	- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2013-0315 (The GateIn Portal export/import gadget in JBoss Enterprise Portal Plat ...)
	NOT-FOR-US: GateIn Portal
CVE-2013-0314 (The GateIn Portal export/import gadget in JBoss Enterprise Portal Plat ...)
	NOT-FOR-US: GateIn Portal
CVE-2013-0313 (The evm_update_evmxattr function in security/integrity/evm/evm_crypto. ...)
	- linux 3.2.39-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...)
	- 389-ds-base 1.3.0.3-1
CVE-2013-0311 (The translate_desc function in drivers/vhost/vhost.c in the Linux kern ...)
	- linux 3.2.41-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0310 (The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux k ...)
	- linux 3.2.29-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when  ...)
	- linux 3.2.32-1
	- linux-2.6 <not-affected> (THP not in Squeeze)
	NOTE: Probably gone since 3.2.32, but I checked 3.2.41-2
CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify that the s ...)
	- git <not-affected> (OpenSSL support is not enabled in Debian, see bug #701586)
	NOTE: http://marc.info/?l=git&m=136134619013145&w=2
	NOTE: Further reference about SSL support in imap-send #434599 needs to be adressed first
CVE-2013-0307 (Cross-site scripting (XSS) vulnerability in settings.php in ownCloud b ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0306 (The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...)
	{DSA-2634-1}
	- python-django 1.4.4-1 (bug #701186)
CVE-2013-0305 (The administrative interface for Django 1.3.x before 1.3.6, 1.4.x befo ...)
	{DSA-2634-1}
	- python-django 1.4.4-1 (bug #701186)
	NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/
CVE-2013-0304 (ownCloud Server before 4.5.7 does not properly check ownership of cale ...)
	- owncloud 5.0.3+dfsg-1
CVE-2013-0303 (Unspecified vulnerability in core/ajax/translations.php in ownCloud be ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-006/
CVE-2013-0302 (Unspecified vulnerability in ownCloud Server before 4.0.12 allows remo ...)
	- owncloud 5.0.3+dfsg-1
CVE-2013-0301 (Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/ ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
CVE-2013-0300 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
CVE-2013-0299 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
CVE-2013-0298 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x  ...)
	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0297 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from the  ...)
	- pigz 2.2.4-2 (low; bug #700608)
	[squeeze] - pigz 2.1.6-1+squeeze1
CVE-2013-0295
	REJECTED
CVE-2013-0294 (packet.py in pyrad before 2.1 uses weak random numbers to generate RAD ...)
	- pyrad 2.0-2 (low; bug #700669)
	[wheezy] - pyrad 1.2-1+deb7u2
	[squeeze] - pyrad 1.2-1+deb6u1
CVE-2013-0293 (oVirt Node: Lock screen accepts F2 to drop to shell causing privilege  ...)
	- ovirt-node <itp> (bug #502024)
CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib b ...)
	- dbus-glib 0.100.1-1 (bug #700638; high)
	[squeeze] - dbus-glib 0.88-2.1+squeeze1
CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...)
	NOT-FOR-US: NextGEN Gallery Plugin for WordPress
CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...)
	- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.4)
CVE-2013-0289 (Isync 0.4 before 1.0.6, does not verify that the server hostname match ...)
	- isync 1.0.4-2.2 (low; bug #701052)
	[squeeze] - isync <no-dsa> (Minor issue)
	NOTE: http://isync.git.sourceforge.net/git/gitweb.cgi?p=isync/isync;a=patch;h=914ede18664980925628a9ed2a73ad05f85aeedb
CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dep ...)
	{DSA-2628-1}
	- nss-pam-ldapd 0.8.10-3 (bug #690319)
CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...)
	- sssd <not-affected> (Introduced in 1.9.0)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
	NOT-FOR-US: Wordpress theme
CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before  ...)
	NOT-FOR-US: nori Ruby gem
CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...)
	NOT-FOR-US: newrelic_rpm Ruby gem
CVE-2013-0283 (Katello: Username in Notification page has cross site scripting ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, ...)
	- keystone 2012.1.1-13 (bug #700947)
CVE-2013-0281 (Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configura ...)
	- pacemaker 1.1.10-1 (low; bug #700923)
	[squeeze] - pacemaker <no-dsa> (Minor issue)
	[wheezy] - pacemaker <no-dsa> (Minor issue)
	NOTE: https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
CVE-2013-0280
	REJECTED
CVE-2013-0279
	REJECTED
CVE-2013-0278
	REJECTED
CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ...)
	{DSA-2620-1}
	- ruby-activerecord-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and  ...)
	{DSA-2620-1}
	- ruby-activemodel-3.2 3.2.6-3
	- ruby-activerecord-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2
CVE-2013-0275 (Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web bef ...)
	- ganglia 3.6.0-1 (low; bug #700158)
	[squeeze] - ganglia <no-dsa> (Minor issue)
	[wheezy] - ganglia <no-dsa> (Minor issue)
	- ganglia-web 3.5.8-3 (bug #700159)
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892823
CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminat ...)
	- pidgin 2.10.6-3
	NOTE: http://www.pidgin.im/news/security/?id=68
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin befo ...)
	- pidgin 2.10.6-3
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
	NOTE: http://pidgin.im/news/security/?id=67
CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in  ...)
	- pidgin 2.10.6-3
	NOTE: http://pidgin.im/news/security/?id=66
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might al ...)
	- pidgin 2.10.6-3
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
	NOTE: http://pidgin.im/news/security/?id=65
CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...)
	- keystone 2013.1.1-2
	[wheezy] - keystone <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
	NOTE: See notes on ubuntu security tracker, change too intrusive to be backported
CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7  ...)
	{DLA-263-1 DLA-215-1}
	- ruby-json 1.7.3-3 (bug #700436)
	- libjson-ruby <removed>
	- ruby1.9.1 1.9.3.194-7 (bug #700471)
	- ruby1.8 <not-affected> (json ext not present in 1.8)
CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel bef ...)
	- linux 3.2.39-1
	- linux-2.6 2.6.32-48squeeze1
CVE-2013-0267 (The Privileges portion of the web GUI and the XMLRPC API in Apache VCL ...)
	NOT-FOR-US: Apache VCL
CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in PackStac ...)
	NOT-FOR-US: Openstack Packstack
CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and xndb- ...)
	- xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low)
	NOTE: http://seclists.org/oss-sec/2013/q1/248
CVE-2013-0264 (An import error was introduced in Cumin in the code refactoring in r53 ...)
	NOT-FOR-US: Cumin
CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5,  ...)
	{DSA-2783-1}
	- ruby-rack 1.4.1-2.1 (bug #700226)
	- librack-ruby <removed> (bug #700226)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=802794
	NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11
CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before  ...)
	- ruby-rack 1.4.1-2.1 (bug #700173)
	- librack-ruby <not-affected> (Introduced in 1.4.0, see #700226)
	NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30
CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStac ...)
	NOT-FOR-US: Openstack Packstack
CVE-2013-0260 (Unspecified vulnerability in the Drush Debian Packaging module for Dru ...)
	NOT-FOR-US: Drupal module debuild
	NOTE: This is a different thing from the drush package.
CVE-2013-0259 (Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x b ...)
	NOT-FOR-US: Drupal module Boxes
CVE-2013-0258 (The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 fo ...)
	NOT-FOR-US: Drupal module ga_login
CVE-2013-0257 (The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properl ...)
	NOT-FOR-US: Drupal module email2image
CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1 ...)
	{DLA-235-1}
	- ruby1.9.1 1.9.3.194-6 (low; bug #699929)
	- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
	NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2
	NOTE: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
CVE-2013-0255 (PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12 ...)
	{DSA-2630-1}
	- postgresql-9.1 9.1.8-1
	- postgresql-8.4 8.4.16-1
CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before  ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.2+dfsg-11 (bug #699870)
	NOTE: possible follow-up problem if patch is applied: http://bugs.debian.org/700530
	NOTE: but bug in xorg server, needs checking
CVE-2013-0253 (The default configuration of Apache Maven 3.0.4, when using Maven Wago ...)
	- wagon2 2.2-3+nmu1 (bug #701991)
CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1. ...)
	- boost1.50 <removed> (bug #699650)
	- boost1.49 1.49.0-3.2 (bug #699649)
	- boost1.42 <not-affected> (Boost.Locale was not part of boost until 1.48.0, bug #699719)
CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1 ...)
	- latd 1.31 (low; bug #699625)
	[squeeze] - latd <no-dsa> (Minor issue)
CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 befor ...)
	- corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615)
	NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1
CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...)
	- curl 7.29.0-1 (bug #700002)
	[squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1)
	[wheezy] - curl 7.26.0-1+wheezy1
CVE-2013-0248 (The default configuration of javax.servlet.context.tempdir in Apache C ...)
	- libcommons-fileupload-java 1.3-1 (unimportant)
	NOTE: Only affects example code
CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ear ...)
	- keystone 2012.1.1-12 (bug #699835)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1098307
CVE-2013-0246 (The Image module in Drupal 7.x before 7.19, when a private file system ...)
	- drupal7 7.14-1.3 (bug #698334)
	NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0245 (The printer friendly version functionality in the Book module in Drupa ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #698333)
	- drupal7 7.14-1.3 (bug #698334)
	NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0244 (Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #698333)
	- drupal7 7.14-1.3 (bug #698334)
	NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular expressi ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-2 (low; bug #699399)
	[wheezy] - eglibc 2.13-38+deb7u1
	NOTE: http://seclists.org/oss-sec/2013/q1/202
CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to  ...)
	- xserver-xorg-video-qxl 0.0.17-1 (bug #699396)
	[squeeze] - xserver-xorg-video-qxl <no-dsa> (minor denial of service issue)
	NOTE: squeeze is affected since it could be a guest of an affected qemu-kvm version
CVE-2013-0240 (Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x befor ...)
	- gnome-online-accounts 3.4.2-2 (bug #699825)
CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, w ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before  ...)
	{DSA-2618-1}
	- ircd-hybrid 1:7.2.2.dfsg.2-10 (bug #699267; high)
	[squeeze] - ircd-hybrid 7.2.2.dfsg.2-6.2+squeeze1
	- oftc-hybrid <unfixed>
CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ...)
	- wordpress 3.5.1+dfsg-1 (bug #698929)
	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
	- wordpress 3.5.1+dfsg-1 (bug #698927)
	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...)
	- wordpress 3.5.1+dfsg-1 (bug #698916)
	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
	- elgg <itp> (bug #526197)
CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
	- ruby-devise 3.4.1-1
CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and  ...)
	{DSA-2640-1}
	- zoneminder 1.25.0-4 (bug #698910)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=904103
	NOTE: Upstream forum post: http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver (drivers/xen ...)
	{DSA-2632-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the S ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in M ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-0228 (The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel ...)
	{DLA-103-1}
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
	NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version.
CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts modul ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0225 (Cross-site scripting (XSS) vulnerability in the User Relationships mod ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFm ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
	- coreutils <not-affected> (Affected patch not added to Debian package)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
	- coreutils <not-affected> (Affected patch not added to Debian package)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
	- coreutils <not-affected> (Affected patch not added to Debian package)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomnt ...)
	- sssd 1.8.4-2 (low; bug #698871)
	[squeeze] - sssd <not-affected> (autofs and ssh responders not yet present)
CVE-2013-0219 (System Security Services Daemon (SSSD) before 1.9.4, when (1) creating ...)
	- sssd 1.8.4-2 (low; bug #698871)
	[squeeze] - sssd <no-dsa> (Minor issue)
CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and E ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-0217 (Memory leak in drivers/net/xen-netback/netback.c in the Xen netback fu ...)
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2013-0216 (The Xen netback functionality in the Linux kernel before 3.7.8 allows  ...)
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2013-0215 (oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly ...)
	- xen <not-affected> (ocaml version of the xenstore daemon not used in Debian)
CVE-2013-0214 (Cross-site request forgery (CSRF) vulnerability in the Samba Web Admin ...)
	{DSA-2617-1}
	- samba 2:3.6.6-5
CVE-2013-0213 (The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3 ...)
	{DSA-2617-1}
	- samba 2:3.6.6-5
CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) bef ...)
	- glance 2012.1.1-4
CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function in arc ...)
	- libarchive 3.0.4-3 (bug #703957)
	[squeeze] - libarchive <not-affected> (Vulnerable code not present)
CVE-2013-0210 (The smart proxy Puppet run API in Foreman before 1.2.0 allows remote a ...)
	- foreman <itp> (bug #663101)
CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x thro ...)
	{DSA-2611-1}
	- movabletype-opensource 5.1.2+dfsg-1 (bug #697666)
	NOTE: Versions 5.0 or higher not affected
CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Es ...)
	- nova 2012.1.1-12
CVE-2013-0207 (Cross-site request forgery (CSRF) vulnerability in the Mark Complete m ...)
	NOT-FOR-US: module for Drupal
CVE-2013-0206 (Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x  ...)
	NOT-FOR-US: module for Drupal
CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful Web Ser ...)
	NOT-FOR-US: module for Drupal
CVE-2013-0204 (settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote aut ...)
	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/
CVE-2013-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...)
	- owncloud 4.0.8debian-1.4 (bug #698737)
	[wheezy] - owncloud 4.0.4debian2-3.3
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
CVE-2013-0202 (Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, an ...)
	- owncloud 4.0.8debian-1.4 (bug #698737)
	[wheezy] - owncloud 4.0.4debian2-3.3
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
CVE-2013-0201 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...)
	- owncloud 4.0.8debian-1.4 (bug #698737)
	[wheezy] - owncloud 4.0.4debian2-3.3
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local user ...)
	{DSA-2829-1}
	- hplip 3.12.6-3.1 (low; bug #701185)
	[squeeze] - hplip <no-dsa> (Minor issue)
CVE-2013-0199 (The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict acce ...)
	NOT-FOR-US: FreeIPA
CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt configuration ...)
	- dnsmasq 2.66-1 (low)
	[wheezy] - dnsmasq <no-dsa> (Minor issue)
	[squeeze] - dnsmasq <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/18/2
CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selection_ ...)
	- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
CVE-2013-0196 (A CSRF issue was found in OpenShift Enterprise 1.2. The web console is ...)
	NOT-FOR-US: OpenShift
CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
	- piwik <itp> (bug #506933)
	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
	- piwik <itp> (bug #506933)
	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
	- piwik <itp> (bug #506933)
	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) &lt;= 2.0.3: Forum admin ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-0188
	REJECTED
CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23  ...)
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and oth ...)
	{DSA-2631-1}
	- squid 2.7.STABLE9-2
	NOTE: squid-cgi was removed in 2.7.STABLE9-2
	- squid3 3.1.20-2.1 (bug #696187)
	NOTE: possible regression, see #701123
CVE-2013-0191 (libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value ...)
	- pam-pgsql 0.7.3.1-4 (bug #698241)
	[squeeze] - pam-pgsql 0.7.1-4+squeeze2
	NOTE: patch: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
	NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/
CVE-2013-0187 (Foreman before 1.1 allows remote authenticated users to gain privilege ...)
	- foreman <itp> (bug #663101)
CVE-2013-0186 (Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM al ...)
	NOT-FOR-US: ManageIQ EVM (CloudForms)
CVE-2013-0185 (Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise ...)
	NOT-FOR-US: ManageIQ EVM (CloudForms)
CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x ...)
	{DSA-2783-1}
	- ruby-rack 1.4.1-2.1 (bug #698440)
	- librack-ruby <removed>
CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3  ...)
	{DSA-2783-1}
	- ruby-rack 1.4.1-2.1 (bug #698440)
	- librack-ruby <removed>
	NOTE: commit 24d512531bd88f2d6ce94b3a3d9798fde8fbb713 refactored the multipart module
	NOTE: and introduced the fast_forward_to_first_boundry function.
	NOTE: https://github.com/rack/rack/commit/24d512531bd88f2d6ce94b3a3d9798fde8fbb713
CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
	NOT-FOR-US: Drupal module Payment
CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API (s ...)
	NOT-FOR-US: Drupal module search_api
CVE-2013-0180 (Insecure temporary file vulnerability in Redis 2.6 related to /tmp/red ...)
	- redis 2:2.6.7-1
	NOTE: https://www.openwall.com/lists/oss-security/2013/01/14/3
	NOTE: Issue introduced to (incorrect) fix the CVE-2013-0178 temporary file issue,
	NOTE: where the fix introduced a new issue.
CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and  ...)
	- memcached 1.4.13-0.2 (low; bug #698231)
	[squeeze] - memcached 1.4.5-1+deb6u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=895054
	NOTE: https://code.google.com/p/memcached/issues/detail?id=306
	NOTE: https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
CVE-2013-0178 (Insecure temporary file vulnerability in Redis before 2.6 related to / ...)
	- redis 2:2.6.0-1 (low)
	[squeeze] - redis <no-dsa> (Minor issue)
	[wheezy] - redis <no-dsa> (Minor issue)
	NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6
CVE-2013-0177 (Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/M ...)
	NOT-FOR-US: OFBiz
CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...)
	- libssh 0.5.4-1 (low; bug #698963)
	[squeeze] - libssh <no-dsa> (Minor issue)
	NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
	NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8
CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possib ...)
	- ruby-multi-xml <not-affected> (Vulnerable version never in the archive)
	NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2
CVE-2013-0174 (The external node classifier (ENC) API in Foreman before 1.1 allows re ...)
	- foreman <itp> (bug #663101)
CVE-2013-0173 (Foreman before 1.1 uses a salt of "foreman" to hash root passwords, wh ...)
	- foreman <itp> (bug #663101)
CVE-2013-0172 (Samba 4.0.x before 4.0.1, in certain Active Directory domain-controlle ...)
	- samba4 4.0.0~beta2+dfsg1-3.1 (high; bug #699188)
	- samba <not-affected> (Only affects Active Directory functionality)
	NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html
CVE-2013-0171 (Foreman before 1.1 allows remote attackers to execute arbitrary code v ...)
	- foreman <itp> (bug #663101)
CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in rpc/ ...)
	- libvirt 0.9.12-6 (bug #699224)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as use ...)
	{DSA-2622-1 DSA-2621-1}
	- openssl 1.0.1e-1 (bug #699889)
	- bouncycastle 1.48+dfsg-2 (low; bug #699885)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	- polarssl 1.1.4-2 (bug #699887)
	- nss 2:3.14.3-1 (bug #699888)
	[squeeze] - nss <no-dsa> (Minor issue)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 6b27-1.12.3-1
	- gnutls26 2.12.20-4
	[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
	- gnutls28 3.0.22-3
	- cyassl 2.9.4+dfsg-1
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	NOTE: matrixssl fixed this upstream in 3.4.1
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHE ...)
	NOTE: RHEV management tool
CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged  ...)
	- vdsm <itp> (bug #668538)
CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do ...)
	{DSA-2621-1}
	- openssl 1.0.1e-1 (bug #699889)
CVE-2013-0165 (cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in  ...)
	NOT-FOR-US: OpenShift
CVE-2013-0164 (The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Re ...)
	NOT-FOR-US: OpenShift
CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connection  ...)
	NOT-FOR-US: OpenShift haproxy cartridge
CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser  ...)
	- ruby-parser 2.3.1-2 (bug #701637)
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...)
	NOT-FOR-US: Havalite CMS
CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive  ...)
	{DSA-2669-1}
	- linux 3.8.12-1 (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor information leak, rather a missing hardening feature than a security vulnerability.
CVE-2013-0159 (The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 ...)
	NOT-FOR-US: Fedora build script
CVE-2013-0158 (Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before  ...)
	- jenkins 1.480.2+dfsg-1~exp1 (bug #697617)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
CVE-2013-0157 ((a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably ot ...)
	- util-linux 2.20.1-5.5 (bug #697464; low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2. ...)
	{DSA-2604-1}
	- rails 2.3.14.1 (bug #697722; high)
	- ruby-activesupport-2.3 2.3.14-5 (bug #697789)
	- ruby-activesupport-3.2 3.2.6-5 (bug #697790)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: http://www.insinuator.net/2013/01/rails-yaml/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
	NOTE: experimental has 3.2.8-1 and should be affected too
CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...)
	{DSA-2609-1}
	- ruby-activerecord-3.2 3.2.6-4 (bug #697744)
	- ruby-activerecord-2.3 2.3.14-4
	- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debug ...)
	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, wh ...)
	{DSA-2636-1}
	- xen 4.1.4-2
CVE-2013-0152 (Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a ...)
	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x ...)
	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java applet ...)
	NOT-FOR-US: F5 BIG-IP APM, FirePass and other F5 products
CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 throug ...)
	- quagga <not-affected>
	NOTE: OSPF protocol vulnerability, quagga implementation not affected
CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm in Fai ...)
	NOT-FOR-US: FairCom c-treeACE
CVE-2013-0147
	RESERVED
CVE-2013-0146
	RESERVED
CVE-2013-0145 (Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote at ...)
	NOT-FOR-US: Serva32
CVE-2013-0144 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user ...)
	NOT-FOR-US: QNAP
CVE-2013-0143 (cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3,  ...)
	NOT-FOR-US: QNAP
CVE-2013-0142 (QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Sta ...)
	NOT-FOR-US: QNAP
CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee e ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-0139 (The Arecont Vision AV1355DN MegaDome camera allows remote attackers to ...)
	NOT-FOR-US: Arecont Vision
CVE-2013-0138 (BitZipper 2013 before Update 1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: BitZipper
CVE-2013-0137 (The default configuration of the Digital Alert Systems DASDEC EAS devi ...)
	NOT-FOR-US: Digital Alert Systems and Monroe Electronics
CVE-2013-0136 (Multiple directory traversal vulnerabilities in the EditDocument servl ...)
	NOT-FOR-US: Mutiny
CVE-2013-0135 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2013-0134 (Cross-site scripting (XSS) vulnerability in the web interface in AirDr ...)
	NOT-FOR-US: AirDroid
CVE-2013-0133 (Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapp ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2013-0132 (The suexec implementation in Parallels Plesk Panel 11.0.9 contains a c ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2013-0131 (Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 3 ...)
	- nvidia-graphics-drivers 304.88-1 (bug #704547)
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3290
CVE-2013-0130 (Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remo ...)
	NOT-FOR-US: Core FTP
CVE-2013-0129 (Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before ...)
	NOT-FOR-US: pd-admin
CVE-2013-0128 (The Contact Customer Support feature in the TigerText Free Private Tex ...)
	NOT-FOR-US: TigerText
CVE-2013-0127 (IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Inte ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2013-0126 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.cg ...)
	NOT-FOR-US: Verizon router
CVE-2013-0125 (Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebReso ...)
	NOT-FOR-US: C2 WebResource
CVE-2013-0124 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: ASKIA
CVE-2013-0123 (Multiple SQL injection vulnerabilities in the administration interface ...)
	NOT-FOR-US: ASKIA
CVE-2013-0122 (The avast! Mobile Security application before 2.0.4400 for Android all ...)
	NOT-FOR-US: avast! Mobile Security application
CVE-2013-0121
	RESERVED
CVE-2013-0120 (The web interface on Dell PowerConnect 6248P switches allows remote at ...)
	NOT-FOR-US: Dell Switches
CVE-2013-0119
	RESERVED
CVE-2013-0118 (CS-Cart before 3.0.6, when PayPal Standard Payments is configured, all ...)
	NOT-FOR-US: CS-Cart
CVE-2013-0117
	RESERVED
CVE-2013-0116
	RESERVED
CVE-2013-0115
	RESERVED
CVE-2013-0114
	RESERVED
CVE-2013-0113 (Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers t ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2013-0112
	RESERVED
CVE-2013-0111 (daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed wit ...)
	NOT-FOR-US: NVIDIA Update Service Daemon
CVE-2013-0110 (nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distr ...)
	NOT-FOR-US: NVIDIA Stereoscopic 3D Driver service
CVE-2013-0109 (The NVIDIA driver before 307.78, and Release 310 before 311.00, in the ...)
	NOT-FOR-US: NVIDIA Display Driver service on Windows
CVE-2013-0108 (An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buil ...)
	NOT-FOR-US: Honeywell
CVE-2013-0107 (Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 ...)
	NOT-FOR-US: Foxit Advanced PDF Editor
CVE-2013-0106
	RESERVED
CVE-2013-0105
	RESERVED
CVE-2013-0104
	RESERVED
CVE-2013-0103
	RESERVED
CVE-2013-0102
	RESERVED
CVE-2013-0101
	RESERVED
CVE-2012-6323
	RESERVED
CVE-2012-6322
	RESERVED
CVE-2012-6321
	RESERVED
CVE-2012-6320
	RESERVED
CVE-2012-6319
	RESERVED
CVE-2012-6318
	RESERVED
CVE-2012-6317
	RESERVED
CVE-2012-6316 (Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL- ...)
	NOT-FOR-US: TP-LINK
CVE-2012-6315
	REJECTED
CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, wh ...)
	NOT-FOR-US: Citrix XenDesktop
CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 f ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-6311
	RESERVED
CVE-2012-6310
	RESERVED
CVE-2012-6309 (A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors i ...)
	NOT-FOR-US: Arctic Torrent
CVE-2012-6308
	RESERVED
CVE-2012-6307 (A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue  ...)
	NOT-FOR-US: JPEGsnoop
CVE-2012-6306 (A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write ...)
	NOT-FOR-US: HCView (aka Hardcoreview)
CVE-2012-6305
	RESERVED
CVE-2012-6304
	RESERVED
CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generic/jkS ...)
	- snack 2.2.10-dfsg1-12.1 (low; bug #695614)
	[squeeze] - snack 2.2.10-dfsg1-9+squeeze1
	- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
	NOTE: http://secunia.com/advisories/49889/
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
	NOT-FOR-US: Soapbox
CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
	NOT-FOR-US: Android browser
CVE-2012-6300
	RESERVED
CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12 ...)
	NOT-FOR-US: CA IdentityMinder
CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12 ...)
	NOT-FOR-US: CA IdentityMinder
CVE-2012-6297 (Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 fro ...)
	NOT-FOR-US: DD-WRT
CVE-2012-6296
	RESERVED
CVE-2012-6295
	RESERVED
CVE-2012-6294
	RESERVED
CVE-2012-6293
	RESERVED
CVE-2012-6292
	RESERVED
CVE-2012-6291
	RESERVED
CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote authe ...)
	NOT-FOR-US: ImageCMS
CVE-2012-6289
	REJECTED
CVE-2012-6288
	REJECTED
CVE-2012-6287
	REJECTED
CVE-2012-6286
	REJECTED
CVE-2012-6285
	REJECTED
CVE-2012-6284
	REJECTED
CVE-2012-6283
	REJECTED
CVE-2012-6282
	REJECTED
CVE-2012-6281
	REJECTED
CVE-2012-6280
	REJECTED
CVE-2012-6279
	REJECTED
CVE-2012-6278
	REJECTED
CVE-2012-6277 (Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 1 ...)
	NOT-FOR-US: IBM
CVE-2012-6276 (Directory traversal vulnerability in the web-based management interfac ...)
	NOT-FOR-US: TP-LINK TL-WR841N
CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAn ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2012-6274 (BigAntSoft BigAnt IM Message Server does not require authentication fo ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2012-6273 (SQL injection vulnerability in BigAntSoft BigAnt IM Message Server all ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2012-6272 (Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage ...)
	NOT-FOR-US: Dell OpenManage Server Administrator
CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to t ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to t ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-6269
	REJECTED
CVE-2012-6268
	REJECTED
CVE-2012-6267
	REJECTED
CVE-2012-6266
	REJECTED
CVE-2012-6265
	REJECTED
CVE-2012-6264
	REJECTED
CVE-2012-6263
	REJECTED
CVE-2012-6262
	REJECTED
CVE-2012-6261
	REJECTED
CVE-2012-6260
	REJECTED
CVE-2012-6259
	REJECTED
CVE-2012-6258
	REJECTED
CVE-2012-6257
	REJECTED
CVE-2012-6256
	REJECTED
CVE-2012-6255
	REJECTED
CVE-2012-6254
	REJECTED
CVE-2012-6253
	REJECTED
CVE-2012-6252
	REJECTED
CVE-2012-6251
	REJECTED
CVE-2012-6250
	REJECTED
CVE-2012-6249
	REJECTED
CVE-2012-6248
	REJECTED
CVE-2012-6247
	REJECTED
CVE-2012-6246
	REJECTED
CVE-2012-6245
	REJECTED
CVE-2012-6244
	REJECTED
CVE-2012-6243
	REJECTED
CVE-2012-6242
	REJECTED
CVE-2012-6241
	REJECTED
CVE-2012-6240
	REJECTED
CVE-2012-6239
	REJECTED
CVE-2012-6238
	REJECTED
CVE-2012-6237
	REJECTED
CVE-2012-6236
	REJECTED
CVE-2012-6235
	REJECTED
CVE-2012-6234
	REJECTED
CVE-2012-6233
	REJECTED
CVE-2012-6232
	REJECTED
CVE-2012-6231
	REJECTED
CVE-2012-6230
	REJECTED
CVE-2012-6229
	REJECTED
CVE-2012-6228
	REJECTED
CVE-2012-6227
	REJECTED
CVE-2012-6226
	REJECTED
CVE-2012-6225
	REJECTED
CVE-2012-6224
	REJECTED
CVE-2012-6223
	REJECTED
CVE-2012-6222
	REJECTED
CVE-2012-6221
	REJECTED
CVE-2012-6220
	REJECTED
CVE-2012-6219
	REJECTED
CVE-2012-6218
	REJECTED
CVE-2012-6217
	REJECTED
CVE-2012-6216
	REJECTED
CVE-2012-6215
	REJECTED
CVE-2012-6214
	REJECTED
CVE-2012-6213
	REJECTED
CVE-2012-6212
	REJECTED
CVE-2012-6211
	REJECTED
CVE-2012-6210
	REJECTED
CVE-2012-6209
	REJECTED
CVE-2012-6208
	REJECTED
CVE-2012-6207
	REJECTED
CVE-2012-6206
	REJECTED
CVE-2012-6205
	REJECTED
CVE-2012-6204
	REJECTED
CVE-2012-6203
	REJECTED
CVE-2012-6202
	REJECTED
CVE-2012-6201
	REJECTED
CVE-2012-6200
	REJECTED
CVE-2012-6199
	REJECTED
CVE-2012-6198
	REJECTED
CVE-2012-6197
	REJECTED
CVE-2012-6196
	REJECTED
CVE-2012-6195
	REJECTED
CVE-2012-6194
	REJECTED
CVE-2012-6193
	REJECTED
CVE-2012-6192
	REJECTED
CVE-2012-6191
	REJECTED
CVE-2012-6190
	REJECTED
CVE-2012-6189
	REJECTED
CVE-2012-6188
	REJECTED
CVE-2012-6187
	REJECTED
CVE-2012-6186
	REJECTED
CVE-2012-6185
	REJECTED
CVE-2012-6184
	REJECTED
CVE-2012-6183
	REJECTED
CVE-2012-6182
	REJECTED
CVE-2012-6181
	REJECTED
CVE-2012-6180
	REJECTED
CVE-2012-6179
	REJECTED
CVE-2012-6178
	REJECTED
CVE-2012-6177
	REJECTED
CVE-2012-6176
	REJECTED
CVE-2012-6175
	REJECTED
CVE-2012-6174
	REJECTED
CVE-2012-6173
	REJECTED
CVE-2012-6172
	REJECTED
CVE-2012-6171
	REJECTED
CVE-2012-6170
	REJECTED
CVE-2012-6169
	REJECTED
CVE-2012-6168
	REJECTED
CVE-2012-6167
	REJECTED
CVE-2012-6166
	REJECTED
CVE-2012-6165
	REJECTED
CVE-2012-6164
	REJECTED
CVE-2012-6163
	REJECTED
CVE-2012-6162
	REJECTED
CVE-2012-6161
	REJECTED
CVE-2012-6160
	REJECTED
CVE-2012-6159
	REJECTED
CVE-2012-6158
	REJECTED
CVE-2012-6157
	RESERVED
CVE-2012-6156
	RESERVED
CVE-2012-6155
	RESERVED
CVE-2012-6154
	RESERVED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient befor ...)
	{DLA-222-1}
	- commons-httpclient 3.1-10.2 (bug #692442)
	NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549
CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does n ...)
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...)
	- net-snmp 5.7.2.1~dfsg-3 (low; bug #731625)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
	[squeeze] - net-snmp <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/net-snmp/bugs/2411/
	NOTE: Upstream patch: http://sourceforge.net/p/net-snmp/code/ci/793d596838ff7cb48a73b675d62897c56c9e62df/
CVE-2012-6150 (The winbind_name_list_to_sid_string_list function in nsswitch/pam_winb ...)
	- samba 2:4.0.13+dfsg-1 (low)
	[wheezy] - samba 2:3.6.6-6+deb7u3
	[squeeze] - samba <no-dsa> (Can be fixed along in a future DSA)
	- samba4 <not-affected> (Samba 4 winbind does not implement this feature)
	NOTE: introduced http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392
	NOTE: fixed by http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=10300
CVE-2012-6149 (Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/not ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2012-6148 (Cross-site scripting (XSS) vulnerability in the function menu API in T ...)
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	[squeeze] - typo3-src <not-affected> (Vulnerable code not present)
	NOTE: https://review.typo3.org/16300
CVE-2012-6147 (Cross-site scripting (XSS) vulnerability in the tree render API (TCA-T ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16305
CVE-2012-6146 (The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before  ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16304
CVE-2012-6145 (Cross-site scripting (XSS) vulnerability in the Backend History module ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16304
CVE-2012-6144 (SQL injection vulnerability in the Backend History module in TYPO3 4.5 ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16304
CVE-2012-6143 (Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use  ...)
	- libspoon-perl <removed> (bug #715371; low)
	[squeeze] - libspoon-perl <no-dsa> (Minor issue)
	[wheezy] - libspoon-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85217
CVE-2012-6142 (Session::Cookie in the HTML::EP module 0.2011 for Perl does not proper ...)
	NOT-FOR-US: HTML-EP CPAN module
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85216
CVE-2012-6141 (The App::Context module 0.01 through 0.968 for Perl does not properly  ...)
	NOT-FOR-US: App-Context CPAN module
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85215
CVE-2012-6140 (pam_google_authenticator.c in the PAM module in Google Authenticator b ...)
	- google-authenticator 20130529-1 (bug #666129)
CVE-2012-6139 (libxslt before 1.1.28 allows remote attackers to cause a denial of ser ...)
	{DSA-2654-1}
	- libxslt 1.1.26-14.1 (bug #703933)
	NOTE: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
	NOTE: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
CVE-2012-6138
	REJECTED
CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does  ...)
	NOT-FOR-US: Red Hat subscription-manager
CVE-2012-6136 (tuned 2.10.0 creates its PID file with insecure permissions which allo ...)
	- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2012-6135 (RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to dele ...)
	- ruby-passenger <not-affected> (Vulnerable code not present; bug #702219)
	NOTE: 4.0.0 betas only
CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...)
	- ruby-omniauth-oauth2 <not-affected> (Fixed in the first version uploaded to Debian)
CVE-2012-6133 (Multiple cross-site scripting (XSS) vulnerabilities in Roundup before  ...)
	{DLA-298-1}
	- roundup 1.4.20-1
	NOTE: http://issues.roundup-tracker.org/issue2550724
CVE-2012-6132 (Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allo ...)
	{DLA-298-1}
	- roundup 1.4.20-1
CVE-2012-6131 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...)
	{DLA-298-1}
	- roundup 1.4.20-1
	NOTE: http://issues.roundup-tracker.org/issue2550711
CVE-2012-6130 (Cross-site scripting (XSS) vulnerability in the history display in Rou ...)
	{DLA-298-1}
	- roundup 1.4.20-1
	NOTE: http://issues.roundup-tracker.org/issue2550684
CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in Transmiss ...)
	- transmission 2.52-3+nmu1 (bug #700234)
	[squeeze] - transmission <not-affected> (UTP code not present)
CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before  ...)
	{DSA-2623-1}
	- openconnect 3.20-3 (bug #700794)
	NOTE: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491
	NOTE: The fix seems to introduce a possible memory leak as regression, see BTS #700805
CVE-2012-6127
	REJECTED
CVE-2012-6126
	REJECTED
CVE-2012-6125 (Chicken before 4.8.0 is susceptible to algorithmic complexity attacks  ...)
	- chicken 4.8.0-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6124 (A casting error in Chicken before 4.8.0 on 64-bit platform caused the  ...)
	- chicken 4.8.0-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6123 (Chicken before 4.8.0 does not properly handle NUL bytes in certain str ...)
	- chicken 4.8.0-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6122 (Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allo ...)
	- chicken 4.8.0.3-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6121 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...)
	- roundcube <not-affected> (vulnerable code not in stable or testing)
	NOTE: http://trac.roundcube.net/ticket/1488850
	NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
CVE-2012-6120 (Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directo ...)
	{DLA-29-1}
	- puppet 2.6.4-2
	[squeeze] - puppet <no-dsa> (Minor issue)
	NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
	NOTE: After starting puppetmaster permissions on directory are restricted
CVE-2012-6119 (Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...)
	NOTE: Candlepin
CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated use ...)
	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-6117 (Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engin ...)
	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before 1.3.3.pu ...)
	NOTE: Candlepin
CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat Enterpris ...)
	NOTE: RHEV management tool
CVE-2012-6114 (The git-changelog utility in git-extras 1.7.0 allows local users to ov ...)
	- git-extras 1.7.0-1.2 (bug #698490)
CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...)
	- php5 5.4.0~beta2-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.9)
	NOTE: Introduced in http://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb
	NOTE: Fixed in 5.3.14 http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793
	NOTE: https://bugs.php.net/bug.php?id=61413
CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...)
	- tinymce <not-affected> (TinyMCE Google spellchecker plugin)
	- wordpress 3.5.1+dfsg-2
	- moodle 2.5-1 (bug #702387)
	[squeeze] - wordpress 3.5.2+dfsg-1~deb6u1 (bug #701667)
	[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
	[wheezy] - wordpress 3.5.2+dfsg-1~deb7u1 (bug #701667)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
	NOTE: http://www.tinymce.com/develop/changelog/?type=phpspell
	NOTE: patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
	NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036
CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_keyring ...)
	- gnome-keyring 3.8.2-1 (low; bug #697896)
	[squeeze] - gnome-keyring <no-dsa> (Minor issue)
	[wheezy] - gnome-keyring <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5
CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x  ...)
	- ruby-rack 1.4.1-2.1 (bug #698440)
	- librack-ruby <removed>
	[squeeze] - librack-ruby <not-affected> (vulnerable code not present)
	NOTE: https://github.com/rack/rack/commit/4fc44671b3cad569421f4f8b775c0590b86f575e
	NOTE: https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
CVE-2012-6108 (HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writabl ...)
	- hplip <not-affected> (permissions are 755 on wheezy, sid and experimental)
CVE-2012-6107 (Apache Axis2/C does not verify that the server hostname matches a doma ...)
	- axis2c <removed> (bug #697974)
	[squeeze] - axis2c <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619
CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions implement ...)
	- moodle <not-affected> (Only affects 2.4)
CVE-2012-6105 (blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3 ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6104 (blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and  ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6103 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/mes ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6102 (lib.php in the Submission comments plugin in the Assignment module in  ...)
	- moodle <not-affected> (Only affects 2.3 and above)
CVE-2012-6101 (Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2 ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6100 (report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2. ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6099 (The moodle1 backup converter in backup/converter/moodle1/lib.php in Mo ...)
	- moodle 2.5-1
	[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6098 (grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <no-dsa> (Minor issue)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain environm ...)
	[experimental] - cronie 1.5.4-final-1 (low; bug #697811)
	NOTE: Only present in experimental
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=786096
CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in h ...)
	{DSA-2653-1 DSA-2616-1}
	- icinga 1.7.1-5 (bug #697931)
	- nagios3 3.4.1-3 (bug #697930)
CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows lo ...)
	{DSA-2606-1}
	- proftpd-dfsg 1.3.4a-3 (bug #697524)
CVE-2012-6094 (cups (Common Unix Printing System) 'Listen localhost:631' option not h ...)
	- cups <not-affected> (systemd patch not applied in Debian, see bug #697584)
CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4. ...)
	- qt4-x11 <not-affected> (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582)
	NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
	NOTE: https://codereview.qt-project.org/#change,42461
	NOTE: Fixed in 4:4.8.2+dfsg-10
CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...)
	- activemq <not-affected> (Example code not shipped in .deb)
CVE-2012-6091 (Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information di ...)
	NOT-FOR-US: Magento
CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in os/pl- ...)
	- swi-prolog 5.10.4-5 (low; bug #697416)
	[squeeze] - swi-prolog 5.10.1-1+squeeze1
	NOTE: http://web.archive.org/web/20130309013536/http://web.archive.org/web/20130309013536/https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
	NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e
CVE-2012-6089 (Multiple stack-based buffer overflows in the canoniseFileName function ...)
	- swi-prolog 5.10.4-5 (low; bug #697416)
	[squeeze] - swi-prolog 5.10.1-1+squeeze1
	NOTE: http://web.archive.org/web/20130309013536/http://web.archive.org/web/20130309013536/https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
	NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c
CVE-2012-6088 (The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ...)
	- rpm 4.10.1-2.1 (bug #697375)
	[squeeze] - rpm <not-affected> (Introduced in rpm 4.10.0)
	[wheezy] - rpm 4.10.0-5+deb7u1
CVE-2012-6087 (repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11 ...)
	- moodle 2.2.7.dfsg-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1
	NOTE: https://github.com/tpyo/amazon-s3-php-class/pull/36
	NOTE: https://tracker.moodle.org/browse/MDL-40615
CVE-2012-6086 (libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x befo ...)
	- zabbix 1:2.0.7+dfsg-1 (bug #697443)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
	NOTE: https://support.zabbix.com/browse/ZBX-5924
CVE-2012-6085 (The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 a ...)
	{DSA-2601-1}
	- gnupg 1.4.12-7 (bug #697108)
	- gnupg2 2.0.19-2 (bug #697251)
CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis be ...)
	{DSA-2612-1}
	- charybdis 3.3.0-7.1 (bug #697092)
	- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...)
	- freeciv 2.3.4-1 (low; bug #696306)
	[squeeze] - freeciv <no-dsa> (Minor issue)
	[wheezy] - freeciv 2.3.2-1+deb7u1
CVE-2012-6082 (Cross-site scripting (XSS) vulnerability in the rsslink function in th ...)
	{DSA-2593-1}
	- moin 1.9.5-2
	[wheezy] - moin 1.9.4-8+deb7u1
	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/c98ec456e493
CVE-2012-6081 (Multiple unrestricted file upload vulnerabilities in the (1) twikidraw ...)
	{DSA-2593-1}
	[wheezy] - moin 1.9.4-8+deb7u1
	- moin 1.9.5-3 (bug #696948)
	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move function  ...)
	{DSA-2593-1}
	[wheezy] - moin 1.9.4-8+deb7u1
	- moin 1.9.5-4 (bug #696949)
	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...)
	NOT-FOR-US: W3 Total Cache
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...)
	NOT-FOR-US: W3 Total Cache
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...)
	NOT-FOR-US: W3 Total Cache
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...)
	- inkscape 0.48.3.1-1.3 (low; bug #654341)
	[squeeze] - inkscape <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/inkscape/+bug/911146
CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device driv ...)
	{DSA-2619-1 DSA-2608-1 DSA-2607-1}
	- qemu 1.1.2+dfsg-4 (bug #696051)
	- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
	- xen 4.1.3-8
	[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenk ...)
	- jenkins 1.447.2+dfsg-3 (bug #696816)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS befor ...)
	- jenkins 1.447.2+dfsg-3 (bug #696816)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...)
	- jenkins 1.447.2+dfsg-3 (bug #696816)
	- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. ...)
	- nusoap 0.7.3-5 (low; bug #696707)
	[squeeze] - nusoap <no-dsa> (Minor issue)
CVE-2012-6070 (Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may  ...)
	- falconpl 0.9.6.9-git20120606-2 (bug #696681)
CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...)
	NOT-FOR-US: Snare for Linux
CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...)
	NOT-FOR-US: SNARE
CVE-2011-5248
	RESERVED
CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...)
	NOT-FOR-US: Snare for Linux
CVE-2009-5133
	RESERVED
CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in CODESYS Ru ...)
	NOT-FOR-US: CODESYS Runtime System
CVE-2012-6068 (The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not ...)
	NOT-FOR-US: CODESYS Runtime System
CVE-2012-6067 (freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to byp ...)
	NOT-FOR-US: freeFTPd
CVE-2012-6066 (freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypa ...)
	NOT-FOR-US: freeFTPd
CVE-2012-6065 (The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Titl ...)
	NOT-FOR-US: Drupal plugin
CVE-2012-6064 (Directory traversal vulnerability in lib/filemanager/imagemanager/imag ...)
	NOT-FOR-US: CMS Made Simple
CVE-2012-6063 (Double free vulnerability in the sftp_mkdir function in sftp.c in libs ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
	[squeeze] - libssh 0.4.5-3+squeeze1
	NOTE: Fix included in CVE-2012-4559 patch
	NOTE: https://red.libssh.org/issues/84
	NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2
CVE-2012-6062 (The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the  ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6061 (The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6060 (Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/ ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6059 (The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the  ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6058 (Integer overflow in the dissect_icmpv6 function in epan/dissectors/pac ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6057 (The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6056 (Integer overflow in the dissect_sack_chunk function in epan/dissectors ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6055 (epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshar ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6054 (The dissect_sflow_245_address_type function in epan/dissectors/packet- ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6053 (epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x b ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6052 (Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensiti ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45511
CVE-2011-5246
	RESERVED
CVE-2013-0100
	REJECTED
CVE-2013-0099
	REJECTED
CVE-2013-0098
	REJECTED
CVE-2013-0097
	REJECTED
CVE-2013-0096 (Writer in Microsoft Windows Essentials 2011 and 2012 allows remote att ...)
	NOT-FOR-US: Microsoft
CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for  ...)
	NOT-FOR-US: Outlook in Microsoft Office for Mac
CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0086 (Microsoft OneNote 2010 SP1 does not properly determine buffer sizes du ...)
	NOT-FOR-US: Microsoft OneNote
CVE-2013-0085 (Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0084 (Directory traversal vulnerability in Microsoft SharePoint Server 2010  ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 ...)
	NOT-FOR-US: Microsoft
CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arb ...)
	NOT-FOR-US: Microsoft Visio Viewer
CVE-2013-0078 (The Microsoft Antimalware Client in Windows Defender on Windows 8 and  ...)
	NOT-FOR-US: Microsoft Antimalware Client
CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 d ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0072
	REJECTED
CVE-2013-0071
	REJECTED
CVE-2013-0070
	REJECTED
CVE-2013-0069
	REJECTED
CVE-2013-0068
	REJECTED
CVE-2013-0067
	REJECTED
CVE-2013-0066
	REJECTED
CVE-2013-0065
	REJECTED
CVE-2013-0064
	REJECTED
CVE-2013-0063
	REJECTED
CVE-2013-0062
	REJECTED
CVE-2013-0061
	REJECTED
CVE-2013-0060
	REJECTED
CVE-2013-0059
	REJECTED
CVE-2013-0058
	REJECTED
CVE-2013-0057
	REJECTED
CVE-2013-0056
	REJECTED
CVE-2013-0055
	REJECTED
CVE-2013-0054
	REJECTED
CVE-2013-0053
	REJECTED
CVE-2013-0052
	REJECTED
CVE-2013-0051
	REJECTED
CVE-2013-0050
	REJECTED
CVE-2013-0049
	REJECTED
CVE-2013-0048
	REJECTED
CVE-2013-0047
	REJECTED
CVE-2013-0046
	REJECTED
CVE-2013-0045
	REJECTED
CVE-2013-0044
	REJECTED
CVE-2013-0043
	REJECTED
CVE-2013-0042
	REJECTED
CVE-2013-0041
	REJECTED
CVE-2013-0040
	REJECTED
CVE-2013-0039
	REJECTED
CVE-2013-0038
	REJECTED
CVE-2013-0037
	REJECTED
CVE-2013-0036
	REJECTED
CVE-2013-0035
	REJECTED
	NOT-FOR-US: Apache CXF
CVE-2013-0034
	REJECTED
	NOT-FOR-US: Apache CXF
CVE-2013-0033
	REJECTED
CVE-2013-0032
	REJECTED
CVE-2013-0031
	REJECTED
CVE-2013-0030 (The Vector Markup Language (VML) implementation in Microsoft Internet  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0029 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0028 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0027 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0026 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0025 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0024 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0023 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0022 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0021 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0020 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0019 (Use-after-free vulnerability in Microsoft Internet Explorer 7 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0018 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0017
	REJECTED
CVE-2013-0016
	REJECTED
CVE-2013-0015 (Microsoft Internet Explorer 6 through 9 does not properly perform auto ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0014
	REJECTED
CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows Ser ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0012
	REJECTED
CVE-2013-0011 (The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0010 (Cross-site scripting (XSS) vulnerability in Microsoft System Center Op ...)
	NOT-FOR-US: Microsoft System Center Opera Manager
CVE-2013-0009 (Cross-site scripting (XSS) vulnerability in Microsoft System Center Op ...)
	NOT-FOR-US: Microsoft System Center Opera Manager
CVE-2013-0008 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0007 (Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not pro ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2013-0006 (Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not pro ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2013-0005 (The WCF Replace function in the Open Data (aka OData) protocol impleme ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0004 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5. ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0003 (Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) names ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0002 (Buffer overflow in the Windows Forms (aka WinForms) component in Micro ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0001 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-6051 (Google CityHash computes hash values without properly restricting the  ...)
	- cityhash <removed> (bug #694999)
CVE-2011-5373
	REJECTED
CVE-2011-5372
	REJECTED
CVE-2011-5371
	REJECTED
CVE-2011-5370
	REJECTED
CVE-2012-6050 (The winbox service in MikroTik RouterOS 5.15 and earlier allows remote ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2012-6049 (Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Open Solution Quick.Cart 5.0
CVE-2012-6048 (Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Guitar Pro 6.1.1
CVE-2012-6047 (Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and ...)
	NOT-FOR-US: X7 Chat 2.0.5.1
CVE-2012-6046 (Static code injection vulnerability in admin/banners.php in PHP Enter  ...)
	NOT-FOR-US: PHP Enter
CVE-2012-6045 (Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui ...)
	NOT-FOR-US: Ramui Forum
CVE-2012-6044 (M-Player 0.4 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: M-Player (different from mplayer in the archive)
CVE-2012-6043 (Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusio ...)
	NOT-FOR-US: phpFusion
CVE-2012-6042 (GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a d ...)
	NOT-FOR-US: GPSMapEdit
CVE-2012-6041 (Double free vulnerability in GreenBrowser before 6.0.1002, when the ke ...)
	NOT-FOR-US: GreenBrowser
CVE-2012-6040 (Cross-site scripting (XSS) vulnerability in users.php in File King Adv ...)
	NOT-FOR-US: File King Advanced File Management 1.4
CVE-2012-6039 (SQL injection vulnerability in view_comments.php in YABSoft Advanced I ...)
	NOT-FOR-US: YABSoft Advanced Image Hosting
CVE-2012-6038 (admin/core/admin_func.php in razorCMS before 1.2.1 does not properly r ...)
	NOT-FOR-US: razorCMS
CVE-2010-5286 (Directory traversal vulnerability in Jstore (com_jstore) component for ...)
	NOT-FOR-US: Joomla jstore
CVE-2010-5285 (Cross-site request forgery (CSRF) vulnerability in admin.php in Collab ...)
	NOTE: Old report against collabtive, Poc has vanished and likely fixed in current release, see #695348
CVE-2010-5284 (Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6. ...)
	- collabtive 0.7.6-1 (bug #695348)
	NOTE: Might be fixed earlier, but 0.7.6 was tested
CVE-2010-5283 (Cross-site request forgery (CSRF) vulnerability in OpenText ECM (forme ...)
	NOT-FOR-US: OpenText ECM
CVE-2010-5282 (Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (f ...)
	NOT-FOR-US: OpenText ECM
CVE-2010-5281 (Directory traversal vulnerability in ibrowser.php in the CMScout 2.09  ...)
	NOT-FOR-US: CMScout IBrowser TinyMCE Plugin
CVE-2010-5280 (Directory traversal vulnerability in the Community Builder Enhanced (C ...)
	NOT-FOR-US: CBE for Joomla
CVE-2012-6037 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x be ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
CVE-2012-6036 (The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tm ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6035 (The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6034 (The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv funct ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6033 (The do_tmem_control function in the Transcendent Memory (TMEM) in Xen  ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6032 (Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6031 (The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6030 (The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0,  ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6029 (Multiple cross-site scripting (XSS) vulnerabilities in the web-authent ...)
	NOT-FOR-US: Cisco NAC Appliance
CVE-2012-6028
	RESERVED
CVE-2012-6027
	RESERVED
CVE-2012-6026 (The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 ...)
	NOT-FOR-US: Cisco Aironet Access Point
CVE-2012-6025
	RESERVED
CVE-2012-6024
	RESERVED
CVE-2012-6023
	RESERVED
CVE-2012-6022
	RESERVED
CVE-2012-6021
	RESERVED
CVE-2012-6020
	RESERVED
CVE-2012-6019
	RESERVED
CVE-2012-6018
	RESERVED
CVE-2012-6017
	RESERVED
CVE-2012-6016
	RESERVED
CVE-2012-6015
	RESERVED
CVE-2012-6014
	RESERVED
CVE-2012-6013
	RESERVED
CVE-2012-6012
	RESERVED
CVE-2012-6011
	RESERVED
CVE-2012-6010
	RESERVED
CVE-2012-6009
	RESERVED
CVE-2012-6008
	RESERVED
CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in screens/base/web_auth_cust ...)
	NOT-FOR-US: Cisco
CVE-2012-6006
	RESERVED
CVE-2012-6005
	RESERVED
CVE-2012-6004
	RESERVED
CVE-2012-6003
	RESERVED
CVE-2012-6002
	RESERVED
CVE-2012-6001
	RESERVED
CVE-2012-6000
	RESERVED
CVE-2012-5999
	RESERVED
CVE-2012-5998
	RESERVED
CVE-2012-5997
	RESERVED
CVE-2012-5996
	RESERVED
CVE-2012-5995
	RESERVED
CVE-2012-5994
	RESERVED
CVE-2012-5993
	RESERVED
CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wi ...)
	NOT-FOR-US: Cisco
CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WL ...)
	NOT-FOR-US: Cisco
CVE-2012-5990 (Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor  ...)
	NOT-FOR-US: Cisco
CVE-2012-5989
	RESERVED
CVE-2012-5988
	RESERVED
CVE-2012-5987
	RESERVED
CVE-2012-5986
	RESERVED
CVE-2012-5985
	RESERVED
CVE-2012-5984
	RESERVED
CVE-2012-5983
	RESERVED
CVE-2012-5982
	RESERVED
CVE-2012-5981
	RESERVED
CVE-2012-5980
	RESERVED
CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View Connectio ...)
	NOT-FOR-US: VMware View
CVE-2012-5977 (Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 1 ...)
	{DSA-2605-1}
	- asterisk 1:1.8.13.1~dfsg-2 (bug #697230)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
CVE-2012-5976 (Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8 ...)
	{DSA-2605-1}
	- asterisk 1:1.8.13.1~dfsg-2 (bug #697230)
	NOTE: http://downloads.digium.com/pub/security/AST-2012-014.pdf
CVE-2012-5975 (The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 thr ...)
	NOT-FOR-US: Tectia SSH
CVE-2012-5974
	RESERVED
CVE-2012-5973 (CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote ...)
	NOT-FOR-US: CA XCOM Data Transport
CVE-2012-5972 (Directory traversal vulnerability in the web server in SpecView 2.5 bu ...)
	NOT-FOR-US: SpecView 2.5
CVE-2012-5971
	RESERVED
CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Huawei device
CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 device ...)
	NOT-FOR-US: Huawei device
CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...)
	NOT-FOR-US: Huawei device
CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2 ...)
	- centreon-web <itp> (bug #913903)
CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows remot ...)
	NOT-FOR-US: D-Link DSL2730U router
CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5957
	RESERVED
CVE-2012-5956 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine As ...)
	NOT-FOR-US: ManageEngine AssetExplorer 5.6
CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM  ...)
	NOT-FOR-US: WebSphere
CVE-2012-5954 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space Mana ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2012-5953 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6,  ...)
	NOT-FOR-US: IBM
CVE-2012-5952 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6,  ...)
	NOT-FOR-US: IBM
CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4,  ...)
	NOT-FOR-US: IBM Tivoli NetView
CVE-2012-5950 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIR ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2012-5949 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA App ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2012-5948 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA App ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2012-5947 (Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePowe ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-5946 (Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM S ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-5945 (Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS  ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-5944
	RESERVED
CVE-2012-5943 (Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8. ...)
	NOT-FOR-US: IBM iNotes
CVE-2012-5942 (Cross-site scripting (XSS) vulnerability in the Data Management Portal ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2012-5941 (Cross-site scripting (XSS) vulnerability in the WebAdmin application 6 ...)
	NOT-FOR-US: IBM
CVE-2012-5940 (The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezz ...)
	NOT-FOR-US: IBM
CVE-2012-5939 (Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Man ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2012-5938 (The installation process in IBM InfoSphere Information Server 8.1, 8.5 ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-5937 (Unspecified vulnerability in the CLA2 server in IBM Gentran Integratio ...)
	NOT-FOR-US: IBM Gentran Integration
CVE-2012-5936 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1  ...)
	NOT-FOR-US: IBM
CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEas ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-5935
	RESERVED
CVE-2012-5934
	RESERVED
CVE-2012-5933
	RESERVED
CVE-2012-5932 (Eval injection vulnerability in the ldapagnt_eval function in ldapagnt ...)
	NOT-FOR-US: NetIQ Privileged User Manager 2.3.x
CVE-2012-5931 (Directory traversal vulnerability in the set_log_config function in re ...)
	NOT-FOR-US: NetIQ Privileged User Manager 2.3.x
CVE-2012-5930 (The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Pri ...)
	NOT-FOR-US: NetIQ Privileged User Manager 2.3.x
CVE-2012-5929
	RESERVED
CVE-2012-5928
	RESERVED
CVE-2012-5927
	RESERVED
CVE-2012-5926
	RESERVED
CVE-2012-5925
	RESERVED
CVE-2012-5924
	RESERVED
CVE-2012-5923
	RESERVED
CVE-2012-5922
	RESERVED
CVE-2012-5921
	RESERVED
CVE-2012-5920 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2 ...)
	- gwt <removed> (bug #691900)
	[squeeze] - gwt <not-affected> (Vulnerable code not present)
CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4  ...)
	NOT-FOR-US: havalite
CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...)
	NOT-FOR-US: razorCMS
CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of service (a ...)
	NOT-FOR-US: SnackAmp
CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers to obta ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the sed_import  ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php in the W ...)
	NOT-FOR-US: Wordpress Integrator plugin
CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remo ...)
	NOT-FOR-US: PicoPublisher
CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolu ...)
	NOT-FOR-US: b2evolution
CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution ...)
	NOT-FOR-US: b2evolution
CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in MyBB (a ...)
	NOT-FOR-US: MyBB
CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in admin/modules/user/users.p ...)
	NOT-FOR-US: MyBB
CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alph ...)
	NOT-FOR-US: TomatoCart
CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6. ...)
	NOT-FOR-US: GreenBrowser
CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to c ...)
	NOT-FOR-US: KnFTPd
CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php ...)
	NOT-FOR-US: DFLabs PTK
CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under the we ...)
	NOT-FOR-US: DFLabs PTK
CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow ...)
	NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in admin/action/objects.php i ...)
	NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0. ...)
	NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX con ...)
	NOT-FOR-US: Quest in Trust
CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in Q ...)
	NOT-FOR-US: Quest in Trust
CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown  ...)
	NOT-FOR-US: iRODS
CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and ...)
	NOT-FOR-US: Havalite CMS
CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in Havalite  ...)
	NOT-FOR-US: Havalite CMS
CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: Havalite CMS
CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pa ...)
	NOT-FOR-US: Dalbum
CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before  ...)
	NOT-FOR-US: TYPO3 extension (sr_feuser_register)
CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...)
	NOT-FOR-US: TYPO3 extension (powermail)
CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_ba ...)
	NOT-FOR-US: TYPO3 extension (seo_basics)
CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access Auth ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken function ...)
	{DSA-2357-1}
	- evince 2.32.0-1
	[squeeze] - evince 2.30.3-2+squeeze1
	NOTE: This issue was already fixed in DSA-2357-1 by shipping the correct fix from the start
CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 a ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui3 <not-affected>
	- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
	[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
	- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui3 <not-affected>
	- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
	[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
	- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui3 <not-affected>
	- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
	[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
	- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5880
	RESERVED
CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician ( ...)
	NOT-FOR-US: McAfee Virtual Technician
CVE-2012-5878 (Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 a ...)
	NOT-FOR-US: Bulb Security Smartphone Pentest Framework
CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Nero MediaHome
CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHo ...)
	NOT-FOR-US: Nero MediaHome
CVE-2012-5875 (Firefly Media Server 1.0.0.1359 allows remote attackers to cause a den ...)
	NOT-FOR-US: Firefly Media Server
CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) update_whosonline_re ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2012-5873
	RESERVED
CVE-2012-5872
	RESERVED
CVE-2012-5871
	RESERVED
CVE-2012-5870
	RESERVED
CVE-2012-5869
	RESERVED
CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...)
	- wordpress <unfixed> (unimportant; bug #696868)
	NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868
CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability ...)
	NOT-FOR-US: HT Editor
CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4 ...)
	NOT-FOR-US: Achievo
CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...)
	NOT-FOR-US: Achievo
CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic Syst ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka  ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Pho ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 s ...)
	NOT-FOR-US: ID-One COSMO
CVE-2012-5859 (Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to  ...)
	NOT-FOR-US: Samsung Kies Air
CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address fo ...)
	NOT-FOR-US: Samsung Kies Air
CVE-2012-5857
	RESERVED
CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cook ...)
	NOT-FOR-US: Wordpress plugin (uk cookie)
CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and  ...)
	- vlc <not-affected> (Windows only issue)
	NOTE: Harmless crasher without security relevance
CVE-2012-5853 (SQL injection vulnerability in the "the_search_function" function in c ...)
	NOT-FOR-US: "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin for WordPress
CVE-2012-5852
	RESERVED
CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chr ...)
	- chromium-browser <unfixed> (unimportant)
	- webkit <unfixed> (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=92692
	NOTE: Incomplete mitigation feature, not a security vulnerability per se
CVE-2012-5850
	RESERVED
CVE-2012-5849 (Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738  ...)
	NOT-FOR-US: ClipBucket
CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remot ...)
	- weechat 0.3.9.1-1 (bug #693026)
	[wheezy] - weechat 0.3.8-1+deb7u1
	[squeeze] - weechat <not-affected> (Vulnerable code not present)
CVE-2012-5848
	REJECTED
CVE-2012-5847
	REJECTED
CVE-2012-5846
	REJECTED
CVE-2012-5845
	REJECTED
CVE-2012-5844
	REJECTED
CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5842 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-5841 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderb ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5840 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor f ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5839 (Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsCl ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in Mozilla Fi ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5837 (The Web Developer Toolbar in Mozilla Firefox before 17.0 executes scri ...)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5836 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey be ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0 ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5834
	REJECTED
CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla Firefo ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5832
	REJECTED
CVE-2012-5831
	REJECTED
CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox E ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in  ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-5828 (BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerabi ...)
	NOT-FOR-US: BlackBerry PlayBook
CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attack ...)
	NOT-FOR-US: Joomla!
CVE-2012-5826
	RESERVED
CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...)
	NOT-FOR-US: TwitterOAuth
CVE-2011-5242 (tmhOAuth before 0.61 does not verify that the server hostname matches  ...)
	NOT-FOR-US: tmhOAuth
CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname matche ...)
	NOT-FOR-US: PEAR module for Twitter
CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
	NOT-FOR-US: Magento
CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname match ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the  ...)
	NOT-FOR-US: google-checkout-php-sample-code
CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a  ...)
	NOT-FOR-US: PayPal WPS ToolKit
CVE-2011-5236 (Moneris eSelectPlus 2.03 PHP API does not verify that the server hostn ...)
	NOT-FOR-US: Moneris eSelectPlus 2.03 PHP API
CVE-2012-5825 (Tweepy does not verify that the server hostname matches a domain name  ...)
	- tweepy 3.1.0-2 (low; bug #692444)
	[jessie] - tweepy <no-dsa> (Minor issue)
	[wheezy] - tweepy <no-dsa> (Minor issue)
CVE-2012-5824 (Trillian 5.1.0.19 does not verify that the server hostname matches a d ...)
	NOT-FOR-US: Trillian
CVE-2012-5823 (Open Source Classifieds does not verify that the server hostname match ...)
	NOT-FOR-US: Open Source Classifieds
CVE-2012-5822 (The contribution feature in Zamboni does not verify that the server ho ...)
	NOT-FOR-US: Zamboni
CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a trus ...)
	- lynx-cur 2.8.8dev.15-1 (low; bug #692443)
	[squeeze] - lynx-cur <no-dsa> (Minor issue)
	[wheezy] - lynx-cur <no-dsa> (Minor issue)
CVE-2012-5820 (The developer-account sample code in Google AdMob does not verify that ...)
	NOT-FOR-US: Google AdMob
CVE-2012-5819 (FilesAnywhere does not verify that the server hostname matches a domai ...)
	NOT-FOR-US: FilesAnywhere
CVE-2012-5818 (ElephantDrive does not verify that the server hostname matches a domai ...)
	NOT-FOR-US: ElephantDrive
CVE-2012-5817 (Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools  ...)
	NOT-FOR-US: Codehaus XFire
CVE-2012-5816 (AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server ho ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2012-5815 (The Rackspace app 2.1.5 for iOS does not verify that the server hostna ...)
	NOT-FOR-US: Rackspace app for iOS
CVE-2012-5814 (Weberknecht, as used in GitHub Gaug.es and other products, does not ve ...)
	NOT-FOR-US: Weberknecht
CVE-2012-5813 (The Android_Pusher library for Android does not verify that the server ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5812 (The ACRA library for Android does not verify that the server hostname  ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5811 (The Breezy application for Android does not verify that the server hos ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5810 (The Chase mobile banking application for Android does not verify that  ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5809 (The Groupon Redemptions application for Android does not verify that t ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5808 (The LinkPoint module in Zen Cart does not verify that the server hostn ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5807 (The Authorize.Net eCheck module in Zen Cart does not verify that the s ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5806 (The PayPal Payments Pro module in Zen Cart does not verify that the se ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5805 (The PayPal IPN functionality in Zen Cart does not verify that the serv ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5804 (The CyberSource module in Ubercart does not verify that the server hos ...)
	NOT-FOR-US: Ubercart module
CVE-2012-5803 (The Authorize.Net module in Ubercart does not verify that the server h ...)
	NOT-FOR-US: Ubercart module
CVE-2012-5802 (The PayPal module in Ubercart does not verify that the server hostname ...)
	NOT-FOR-US: Ubercart module
CVE-2012-5801 (The PayPal module in PrestaShop does not verify that the server hostna ...)
	NOT-FOR-US: PrestaShop module
CVE-2012-5800 (The eBay module in PrestaShop does not verify that the server hostname ...)
	NOT-FOR-US: PrestaShop module
CVE-2012-5799 (The Canada Post (aka CanadaPost) module in PrestaShop does not verify  ...)
	NOT-FOR-US: PrestaShop module
CVE-2012-5798 (The PayPal Pro PayFlow EC module in osCommerce does not verify that th ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5797 (The PayPal Pro PayFlow module in osCommerce does not verify that the s ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5796 (The PayPal Pro module in osCommerce does not verify that the server ho ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5795 (The PayPal Express module in osCommerce does not verify that the serve ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5794 (The MoneyBookers module in osCommerce does not verify that the server  ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5793 (The Authorize.Net module in osCommerce does not verify that the server ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5792 (The Sage Pay Direct module in osCommerce does not verify that the serv ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5791 (PayPal Invoicing does not verify that the server hostname matches a do ...)
	NOT-FOR-US: PayPal Invoicing
CVE-2012-5790 (PayPal Payments Standard PHP Library 20120427 does not verify that the ...)
	NOT-FOR-US: PayPal Payments Standard PHP Library
CVE-2012-5789 (PayPal Payments Standard PHP Library before 20120427 does not verify t ...)
	NOT-FOR-US: PayPal Payments Standard PHP Library
CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname matche ...)
	NOT-FOR-US: The PayPal IPN utility
CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname match ...)
	NOT-FOR-US: The PayPal merchant SDK
CVE-2012-5786 (** DISPUTED ** The wsdl_first_https sample code in distribution/src/ma ...)
	NOT-FOR-US: Apache CXF
CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ho ...)
	NOT-FOR-US: Axis2/Java
	NOTE: Axis2/C is packaged as axis2c, but this is a different software.
CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Ma ...)
	{DLA-169-1}
	- axis 1.4-16.1 (low; bug #692650)
	[squeeze] - axis <no-dsa> (Minor issue)
CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Ser ...)
	{DLA-222-1}
	- commons-httpclient 3.1-10.1 (bug #692442)
	[wheezy] - commons-httpclient <no-dsa> (Minor issue)
	[squeeze] - commons-httpclient <no-dsa> (Minor issue)
CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify tha ...)
	NOT-FOR-US: Amazon Flexible Payments Service
CVE-2012-5781 (Amazon Elastic Load Balancing API Tools does not verify that the serve ...)
	NOT-FOR-US: Amazon Elastic Load Balancing API Tools
CVE-2012-5780 (The Amazon merchant SDK does not verify that the server hostname match ...)
	NOT-FOR-US: The Amazon merchant SDK
CVE-2012-5779
	RESERVED
CVE-2012-5778
	RESERVED
CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...)
	NOT-FOR-US: EmpireCMS
CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in  ...)
	NOT-FOR-US: Dokeos
CVE-2012-5775
	REJECTED
CVE-2012-5774
	REJECTED
CVE-2012-5773
	REJECTED
CVE-2012-5772
	REJECTED
CVE-2012-5771
	REJECTED
CVE-2012-5770 (The SSL configuration in IBM Tivoli Application Dependency Discovery M ...)
	NOT-FOR-US: IBM
CVE-2012-5769 (IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 all ...)
	NOT-FOR-US: IBM SPSS Modeler
CVE-2012-5768
	RESERVED
CVE-2012-5767 (Unspecified vulnerability in the web interface on the IBM TS3500 Tape  ...)
	NOT-FOR-US: IBM TS3500 Tape Library
CVE-2012-5766 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator  ...)
	NOT-FOR-US: IBM
CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-5764
	RESERVED
CVE-2012-5763 (Cross-site request forgery (CSRF) vulnerability in the WebAdmin applic ...)
	NOT-FOR-US: IBM
CVE-2012-5762 (Cross-site scripting (XSS) vulnerability in the WebAdmin application 6 ...)
	NOT-FOR-US: IBM
CVE-2012-5761 (Cross-site scripting (XSS) vulnerability in the WebAdmin application 6 ...)
	NOT-FOR-US: IBM
CVE-2012-5760 (SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8,  ...)
	NOT-FOR-US: IBM
CVE-2012-5759 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
	NOT-FOR-US: Websphere
CVE-2012-5758 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
	NOT-FOR-US: Websphere
CVE-2012-5757 (Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rati ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-5756 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
	NOT-FOR-US: Websphere
CVE-2012-5755
	RESERVED
CVE-2012-5754
	RESERVED
CVE-2012-5753
	RESERVED
CVE-2012-5752
	RESERVED
CVE-2012-5751
	RESERVED
CVE-2012-5750
	RESERVED
CVE-2012-5749
	RESERVED
CVE-2012-5748
	RESERVED
CVE-2012-5747
	RESERVED
CVE-2012-5746
	RESERVED
CVE-2012-5745
	RESERVED
CVE-2012-5744 (Multiple cross-site scripting (XSS) vulnerabilities in the guest porta ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2012-5743
	RESERVED
CVE-2012-5742
	RESERVED
CVE-2012-5741
	RESERVED
CVE-2012-5740
	RESERVED
CVE-2012-5739
	RESERVED
CVE-2012-5738
	RESERVED
CVE-2012-5737
	RESERVED
CVE-2012-5736
	RESERVED
CVE-2012-5735
	RESERVED
CVE-2012-5734
	RESERVED
CVE-2012-5733
	RESERVED
CVE-2012-5732
	RESERVED
CVE-2012-5731
	RESERVED
CVE-2012-5730
	RESERVED
CVE-2012-5729
	RESERVED
CVE-2012-5728
	RESERVED
CVE-2012-5727
	RESERVED
CVE-2012-5726
	RESERVED
CVE-2012-5725
	RESERVED
CVE-2012-5724
	RESERVED
CVE-2012-5723 (Cisco ASR 1000 devices with software before 3.8S, when BDI routing is  ...)
	NOT-FOR-US: Cisco devices
CVE-2012-5722
	RESERVED
CVE-2012-5721
	RESERVED
CVE-2012-5720
	RESERVED
CVE-2012-5719
	RESERVED
CVE-2012-5718
	RESERVED
CVE-2012-5717 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x thr ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-5716
	RESERVED
CVE-2012-5715
	RESERVED
CVE-2012-5714
	RESERVED
CVE-2012-5713
	RESERVED
CVE-2012-5712
	RESERVED
CVE-2012-5711
	RESERVED
CVE-2012-5710
	RESERVED
CVE-2012-5709
	RESERVED
CVE-2012-5708
	RESERVED
CVE-2012-5707
	RESERVED
CVE-2012-5706
	RESERVED
CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page (admin/s ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote a ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5703 (The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-5702 (Multiple cross-site scripting (XSS) vulnerabilities in dotProject befo ...)
	NOT-FOR-US: dotProject
CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allo ...)
	NOT-FOR-US: dotProject
CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...)
	NOT-FOR-US: Baby Gekko
CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...)
	NOT-FOR-US: BabyGekko
CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...)
	NOT-FOR-US: BabyGekko
CVE-2012-5979
	REJECTED
CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest  ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5696 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5695 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Sec ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pen ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5693 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows r ...)
	NOT-FOR-US: Bulb Security Smartphone Pentest Framework
CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision P ...)
	NOT-FOR-US: Invision Power Board
CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealP ...)
	NOT-FOR-US: RealPlayer
CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 throug ...)
	NOT-FOR-US: RealPlayer
CVE-2012-5689 (ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...)
	- bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #699145)
	[squeeze] - bind9 <not-affected> (Only affects Bind 9.8 and 9.9)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 i ...)
	- bind9 1:9.8.4.dfsg.P1-1 (bug #695192)
	[squeeze] - bind9 <not-affected> (Only affects 9.8 and 9.9)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature  ...)
	NOT-FOR-US: TP-LINK TL-WR841N router
CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...)
	NOT-FOR-US: ZPanel
CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...)
	NOT-FOR-US: ZPanel
CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier  ...)
	NOT-FOR-US: ZPanel
CVE-2012-5683 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 1 ...)
	NOT-FOR-US: ZPanel
CVE-2012-5682
	REJECTED
CVE-2012-5681
	REJECTED
CVE-2012-5680 (Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attack ...)
	NOT-FOR-US: Adobe Photoshop Camera Raw
CVE-2012-5679 (Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attac ...)
	NOT-FOR-US: Adobe Photoshop Camera Raw
CVE-2012-5678 (Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5677 (Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x bef ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5676 (Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5675 (Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypa ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-5674 (Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...)
	NOT-FOR-US: mnoGoSearch
CVE-2011-5234 (SQL injection vulnerability in user.php in Social Network Community 2  ...)
	NOT-FOR-US: Social Network Community
CVE-2011-5233 (Heap-based buffer overflow in IrfanView before 4.32 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2011-5232
	REJECTED
CVE-2011-5231
	REJECTED
CVE-2011-5230 (Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass  ...)
	NOT-FOR-US: Seotoaster
CVE-2011-5229 (SQL injection vulnerability in quickstart/profile/index.php in the For ...)
	NOT-FOR-US: appRain CMF
CVE-2011-5228 (Cross-site scripting (XSS) vulnerability in the Search module (quickst ...)
	NOT-FOR-US: appRain CMF
CVE-2011-5227 (Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in E ...)
	NOT-FOR-US: Enterasys Network Management Suite
CVE-2011-5226 (Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel. ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5225 (Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in  ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5224 (SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5223 (Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...)
	- cacti 0.8.7i-1 (low)
	[squeeze] - cacti 0.8.7g-1+squeeze4
CVE-2011-5222 (SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and ...)
	NOT-FOR-US: PHP Flirt-Projekt
CVE-2011-5221 (Cross-site scripting (XSS) vulnerability in the getLog function in svn ...)
	- websvn 2.3.1-1
CVE-2011-5220 (Cross-site scripting (XSS) vulnerability in templates/default/Admin/Lo ...)
	NOT-FOR-US: PHP-SCMS
CVE-2011-5219 (Directory traversal vulnerability in examples/show_code.php in mPDF 5. ...)
	NOT-FOR-US: mPDF
CVE-2011-5218 (SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows ...)
	NOT-FOR-US: DotA OpenStats
CVE-2011-5217 (Directory traversal vulnerability in the PXE Mtftp service in Hitachi  ...)
	NOT-FOR-US: Hitachi JP1/ServerConductor/DeploymentManager
CVE-2011-5216 (SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress p ...)
	NOT-FOR-US: WordPress plugin SCORM Cloud
CVE-2011-5215 (SQL injection vulnerability in index.php in Video Community Portal all ...)
	NOT-FOR-US: Video Community Portal
CVE-2011-5214 (Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.10 ...)
	NOT-FOR-US: BrowserCRM
CVE-2011-5213 (Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earl ...)
	NOT-FOR-US: BrowserCRM
CVE-2012-5672 (Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office  ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-5671 (Heap-based buffer overflow in the dkim_exim_query_dns_txt function in  ...)
	{DSA-2566-1}
	- exim4 4.80-5.1 (medium)
CVE-2012-5670 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ...)
	- freetype 2.4.9-1.1 (bug #696691)
	[squeeze] - freetype <not-affected> (Version in Squeeze doesn't parse alternative encoding format yet)
	NOTE: https://savannah.nongnu.org/bugs/?37907
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
CVE-2012-5669 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ...)
	- freetype 2.4.9-1.1 (unimportant; bug #696691)
	NOTE: https://savannah.nongnu.org/bugs/?37906
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d
CVE-2012-5668 (FreeType before 2.4.11 allows context-dependent attackers to cause a d ...)
	- freetype 2.4.9-1.1 (unimportant; bug #696691)
	NOTE: https://savannah.nongnu.org/bugs/?37905
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow context ...)
	- grep 2.11-1 (low; bug #701897)
	[squeeze] - grep 2.6.3-3+squeeze1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
	NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js  ...)
	- owncloud 4.0.8debian-1.3 (bug #696574)
	[wheezy] - owncloud 4.0.4debian2-3.2
CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly  ...)
	- owncloud 4.0.8debian-1.3 (bug #696574)
	[wheezy] - owncloud 4.0.4debian2-3.2
CVE-2012-5664
	REJECTED
CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...)
	NOT-FOR-US: Isearch
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...)
	- ibm-3270 3.3.14ga11-1 (bug #706547)
	[wheezy] - ibm-3270 <no-dsa> (Non-free not supported)
	[squeeze] - ibm-3270 <no-dsa> (Non-free not supported)
CVE-2012-5661
	REJECTED
CVE-2012-5660 (abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2 ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-5659 (Untrusted search path vulnerability in plugins/abrt-action-install-deb ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode ...)
	NOT-FOR-US: OpenShift
CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Z ...)
	{DSA-2602-1}
	- zendframework 1.11.13-1.1 (bug #696483)
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
	NOTE: http://framework.zend.com/security/advisory/ZF2012-05
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
	NOTE: http://secunia.com/advisories/51583
CVE-2012-5656 (The rasterization process in Inkscape before 0.48.4 allows local users ...)
	- inkscape 0.48.3.1-1.2 (bug #696485)
	[squeeze] - inkscape <no-dsa> (Minor issue)
CVE-2012-5655 (The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-b ...)
	NOT-FOR-US: Context module for Drupal
CVE-2012-5654 (The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when co ...)
	NOT-FOR-US: Nodewords: D6 Meta Tags module for Drupal
CVE-2012-5653 (The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18  ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #696343)
	- drupal7 7.14-1.2 (bug #696342)
	NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5652 (Drupal 6.x before 6.27 allows remote attackers to obtain sensitive inf ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #696343)
	NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5651 (Drupal 6.x before 6.27 and 7.x before 7.18 displays information for bl ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #696343)
	- drupal7 7.14-1.2 (bug #696342)
	NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache Cou ...)
	- couchdb 1.2.0-5 (bug #698439)
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5649 (Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2. ...)
	- couchdb 1.2.0-5 (bug #698439)
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow r ...)
	- foreman <itp> (bug #663101)
CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red  ...)
	NOT-FOR-US: OpenShift
CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...)
	NOT-FOR-US: OpenShift
CVE-2012-5645 (A denial of service flaw was found in the way the server component of  ...)
	- freeciv 2.3.4-1 (low; bug #696306)
	[squeeze] - freeciv <no-dsa> (Minor issue)
	[wheezy] - freeciv 2.3.2-1+deb7u1
CVE-2012-5644 (libuser has information disclosure when moving user's home directory ...)
	- libuser 1:0.60~dfsg-1 (low; bug #705690)
	[wheezy] - libuser <no-dsa> (Minor issue)
	[squeeze] - libuser <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=885724#c7
CVE-2012-5643 (Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2. ...)
	{DSA-2631-1}
	- squid 2.7.STABLE9-2
	NOTE: squid-cgi was removed in 2.7.STABLE9-2
	- squid3 3.1.20-2.1 (bug #696187)
	NOTE: possible regression, see #701123
CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handle the ...)
	- fail2ban 0.8.6-3wheezy1 (low; bug #696184)
	[squeeze] - fail2ban <not-affected> (Introduced in 0.8.6, see #696187)
CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in mochiw ...)
	- couchdb <not-affected> (Only affects CouchDB on Windows)
CVE-2012-5640 (thttpd has a local DoS vulnerability via specially-crafted .htpasswd f ...)
	- thttpd <removed> (low)
	[squeeze] - thttpd <no-dsa> (Minor issue)
CVE-2012-5639 (LibreOffice and OpenOffice automatically open embedded content ...)
	- libreoffice <unfixed> (unimportant)
	[wheezy] - libreoffice <ignored> (Minor issue)
	- openoffice.org 1:3.3.0-1 (unimportant)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295
	NOTE: Additional hardening/UI improvement, not a direct vulnerability
	NOTE: For 4.2: http://whatofhow.wordpress.com/2013/12/02/stealth-mode/
CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable per ...)
	- sanlock 2.2-2 (bug #696424)
CVE-2012-5637
	REJECTED
CVE-2012-5636 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...)
	- glusterfs 3.5.0-1 (unimportant; bug #704944)
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=b8d5fd2b88db7e18a10e57a0edf1a41eda4f5314 (v3.4.0qa8)
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=11bb1fc5849a557d1a26e59bd651fbd0d07a1b8d (v3.5.0qa1)
	NOTE: Neutralised by kernel hardening
CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough,  ...)
	{DSA-2636-1}
	- xen 4.1.3-8 (low)
CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6 ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5632
	RESERVED
CVE-2012-5631 (ipa 3.0 does not properly check server identity before sending credent ...)
	NOT-FOR-US: FreeIPA
CVE-2012-5630 (libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race co ...)
	- libuser 1:0.60~dfsg-1 (low; bug #705690)
	[wheezy] - libuser <no-dsa> (Minor issue)
	[squeeze] - libuser <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=884685#c31
CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) LdapExtLo ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5628 (gofer before 0.68 uses world-writable permissions for /var/lib/gofer/j ...)
	NOT-FOR-US: gofer component of PULP project
CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...)
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mysql-5.1 <unfixed> (unimportant)
	- mysql-5.5 <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3915
CVE-2012-5626 (EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Applicati ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when usin ...)
	- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirection  ...)
	- qt4-x11 4:4.8.2+dfsg-7 (bug #695156)
	[squeeze] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
CVE-2012-5623 (Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. ...)
	NOT-FOR-US: change_passwd plugin for Squirrelmail
CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management cons ...)
	NOT-FOR-US: OpenShift
CVE-2012-5621 (lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows  ...)
	- ekiga 3.2.7-6 (bug #702282; low)
	[squeeze] - ekiga <no-dsa> (Minor issue)
CVE-2012-5620
	REJECTED
CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file ...)
	- sleuthkit 4.1.2-1 (unimportant; bug #695097)
CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-password tok ...)
	NOT-FOR-US: Ushahidi
CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...)
	- gksu-polkit <removed> (bug #695807)
	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly  ...)
	NOT-FOR-US: CloudStack
CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...)
	{DSA-3054-1}
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mysql-5.1 <removed> (low; bug #695001)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
	- mysql-5.5 5.5.39-1 (low; bug #695001)
	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3909
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/9
CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5. ...)
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mysql-5.5 <not-affected> (The affected versions were only in experimental)
	- mysql-5.1 <removed> (low)
	[squeeze] - mysql-5.1 5.1.73-1
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3910
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/7
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/28/10
CVE-2012-5613
	- mysql-5.1 <unfixed> (unimportant; bug #695001)
	- mysql-5.5 <removed> (unimportant; bug #695001)
	NOTE: Disputed as incorrect configuration
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/6
CVE-2012-5612 (Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions t ...)
	- mysql-5.1 <not-affected> (MDL was introduced in 5.5)
	- mysql-5.5 5.5.29+dfsg-1 (bug #695001)
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3908
CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MySQL 5. ...)
	{DSA-2581-1}
	- mysql-5.1 <unfixed> (bug #695001)
	- mysql-5.5 5.5.29+dfsg-1 (bug #695001)
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/4
CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud b ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/setti ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable permissio ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when u ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-5602
	REJECTED
CVE-2012-5601
	REJECTED
CVE-2012-5600
	REJECTED
CVE-2012-5599
	REJECTED
CVE-2012-5598
	REJECTED
CVE-2012-5597
	REJECTED
CVE-2012-5596
	REJECTED
CVE-2012-5595
	REJECTED
CVE-2012-5594
	REJECTED
CVE-2012-5593
	REJECTED
CVE-2012-5592
	REJECTED
CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x- ...)
	NOT-FOR-US: Drupal Zero Point module
CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for Drupal allo ...)
	NOT-FOR-US: Drupal Webmail Plus module
CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 ...)
	NOT-FOR-US: Drupal MultiLink module
CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a ...)
	NOT-FOR-US: Drupal Email Field module
CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field module 6.x ...)
	NOT-FOR-US: Drupal Email Field module
CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3  ...)
	NOT-FOR-US: Drupal Services module
CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1. ...)
	NOT-FOR-US: Drupal Mixpanel module
CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does no ...)
	NOT-FOR-US: Drupal Table of Contents module
CVE-2012-5583 (phpCAS before 1.3.2 does not verify that the server hostname matches a ...)
	- php-cas 1.3.1-2
	- moodle 2.2.7.dfsg-1
	[squeeze] - moodle <no-dsa> (Minor issue)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1
	NOTE: https://github.com/Jasig/phpCAS/pull/58
CVE-2012-5582 (opendnssec misuses libcurl API ...)
	- opendnssec <not-affected> (eppclient not built in Debian package)
	NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html
CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allow ...)
	{DSA-2589-1}
	- tiff 4.0.2-1 (bug #694693)
	- tiff3 3.9.6-10
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...)
	- libproxy 0.3.1-4 (low)
	[squeeze] - libproxy <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=791086
	NOTE: https://code.google.com/p/libproxy/source/detail?r=475
CVE-2012-5579
	REJECTED
CVE-2012-5578 (Python keyring has insecure permissions on new databases allowing worl ...)
	- python-keyring 0.9.2-1.1 (bug #696736)
	[wheezy] - python-keyring 0.7.1-1+deb7u1
	[squeeze] - python-keyring <no-dsa> (Minor issue)
CVE-2012-5577 (Python keyring lib before 0.10 created keyring files with world-readab ...)
	- python-keyring 0.9.2-1.1 (bug #696736)
	[wheezy] - python-keyring 0.7.1-1+deb7u1
	[squeeze] - python-keyring <no-dsa> (Minor issue)
CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Window Du ...)
	- gimp 2.8.2-2 (bug #693977)
	[squeeze] - gimp 2.6.10-1+squeeze4
	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x befo ...)
	NOT-FOR-US: Apache CXF
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote a ...)
	NOT-FOR-US: Symfony
CVE-2012-5573 (The connection_edge_process_relay_cell function in or/relay.c in Tor b ...)
	{DLA-17-1}
	- tor 0.2.3.25-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.p ...)
	- libdancer-perl 1.3114+dfsg-1 (low; bug #694279)
	[wheezy] - libdancer-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/PerlDancer/Dancer/issues/859
CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...)
	- keystone 2012.1.1-11 (bug #694433)
CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...)
	NOT-FOR-US: Drupal addon
CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic webma ...)
	NOT-FOR-US: Drupal Webmail module
CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial  ...)
	- tomcat6 6.0.41-3 (unimportant)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	- tomcat7 <unfixed> (unimportant)
	NOTE: No fix planned, can be mitigated by config changes:
	NOTE: http://mail-archives.apache.org/mod_mbox/tomcat-users/200906.mbox/%3C4A3D0884.5080309@apache.org%3E
CVE-2012-5567 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
CVE-2012-5566 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
CVE-2012-5565 (Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Hord ...)
	- php-horde-imp <not-affected> (This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code)
CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ...)
	- android-tools <unfixed> (unimportant; bug #688280)
	NOTE: Since android-tools/5.1.1.r38-1 the android-tools-adb binary package
	NOTE: is not built anymore which used to contain /usr/bin/adb.
	NOTE: Package still affected source-wise
	- android-platform-system-core <unfixed> (unimportant; bug #823792)
	NOTE: Neutralised by kernel hardening
CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not prope ...)
	- keystone <not-affected> (Folsom branch not packaged yet)
CVE-2012-5562 (rhn-proxy: may transmit credentials over clear-text when accessing RHN ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2012-5561 (script/katello-generate-passphrase in Katello 1.1 uses world-readable  ...)
	NOT-FOR-US: Katello
CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows local u ...)
	- mate-settings-daemon <not-affected> (Fixed before initial release)
	NOTE: https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4
CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...)
	NOT-FOR-US: Drupal chaos tool addon
CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x  ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7. ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5555
	RESERVED
CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module 7 ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5552 (The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7 ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5551 (Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp m ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5550 (SQL injection vulnerability in the Time Spent module 6.x and 7.x for D ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5549 (Cross-site request forgery (CSRF) vulnerability in the Time Spent modu ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5548 (Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x  ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Sear ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5546
	REJECTED
CVE-2012-5545 (Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis m ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5544 (The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote au ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5543 (The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a fiel ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5542 (Cross-site request forgery (CSRF) vulnerability in the Commerce Extra  ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5541 (Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6. ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5540 (Multiple cross-site scripting (XSS) vulnerabilities in the Hostip modu ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5539 (The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does  ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5538 (Cross-site scripting (XSS) vulnerability in the FileField Sources modu ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5537 (The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allo ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5536 (A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat En ...)
	NOT-FOR-US: Red Hat-specific packaging flaw
CVE-2012-5535 (gnome-system-log polkit policy allows arbitrary files on the system to ...)
	- gnome-system-log <not-affected> (Fedora-specific issue)
CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through  ...)
	{DSA-2598-1}
	- weechat 0.3.9.2-1
	[wheezy] - weechat 0.3.8-1+deb7u1
CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd before  ...)
	- lighttpd 1.4.31-2
	[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distri ...)
	- linux-tools <not-affected> (userspace daemon not built until later)
	- linux-2.6 <not-affected> (userspace daemon not yet present)
CVE-2012-5531 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...)
	NOT-FOR-US: GateIn Portal
CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PC ...)
	- pcp 3.7.1 (bug #698735; low)
	NOTE: first package in unstable is 3.7.1 (package has no debian revision)
	[squeeze] - pcp 3.3.3-squeeze3
CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allow ...)
	{DSA-2648-1}
	- firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210)
	- firebird2.1 <not-affected> (Only affects 2.5.x)
CVE-2012-5528
	RESERVED
CVE-2012-5527 (Claws Mail vCalendar plugin: credentials exposed on interface ...)
	- claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391)
	NOTE: More of a plain bug than a security vulnerability
CVE-2012-5526 (CGI.pm module before 3.63 for Perl does not properly escape newlines i ...)
	{DSA-2587-1 DSA-2586-1}
	- perl 5.14.2-16 (bug #693420)
	- libcgi-pm-perl 3.61-2 (bug #693421)
	NOTE: http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
	NOTE: https://github.com/markstos/CGI.pm/pull/23
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=877015
CVE-2012-5525 (The get_page_from_gfn hypercall function in Xen 4.2 allows local PV gu ...)
	- xen <not-affected> (Only affects Xen 4.2 and xen-unstable)
CVE-2012-5524 (The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3  ...)
	- gajim 0.15.4-1 (low; bug #693282)
	[wheezy] - gajim 0.15.1-4.1
	[squeeze] - gajim <no-dsa> (Minor issue)
CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage  ...)
	- mantis 1.2.11-1.2 (bug #693283)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=14704
CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value during d ...)
	- mantis 1.2.11-1.2 (bug #693283)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=14496
CVE-2012-5521 (quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...)
	- quagga <unfixed> (unimportant; bug #693102)
	NOTE: Not reproducible so far
CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian ...)
	{DSA-2600-1}
	- cups 1.5.3-2.7 (bug #692791)
	NOTE: http://seclists.org/oss-sec/2012/q4/253
CVE-2012-5518 (vdsm: certificate generation upon node creation allowing vdsm to start ...)
	NOT-FOR-US: ovirt / vsdm
CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel b ...)
	- linux 3.2.41-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-5516 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when mo ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation Manager
CVE-2012-5515 (The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and  ...)
	{DSA-2582-1}
	- xen 4.1.3-5
CVE-2012-5514 (The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earl ...)
	{DSA-2582-1}
	- xen 4.1.3-6
CVE-2012-5513 (The XENMEM_exchange handler in Xen 4.2 and earlier does not properly c ...)
	{DSA-2582-1}
	- xen 4.1.3-5
CVE-2012-5512 (Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allow ...)
	- xen 4.1.3-5
	[squeeze] - xen <not-affected> (Only affects Xen 4.1)
CVE-2012-5511 (Stack-based buffer overflow in the dirty video RAM tracking functional ...)
	{DSA-2636-1}
	- xen 4.1.3-5
CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly r ...)
	{DSA-2582-1}
	- xen 4.1.3-5
CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used  ...)
	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-5508 (The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remo ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/24
CVE-2012-5507 (AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/23
CVE-2012-5506 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5505 (atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote atta ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/21
CVE-2012-5504 (Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plo ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5503 (ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attac ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5502 (Cross-site scripting (XSS) vulnerability in safe_html.py in Plone befo ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5501 (at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remo ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5500 (The batch id change script (renameObjectsByPaths.py) in Plone before 4 ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5499 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5498 (queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows rem ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5497 (membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows  ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5496 (kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5495 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5494 (Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5493 (gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote auth ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5492 (uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remo ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5491 (z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows  ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5490 (Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone befor ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5489 (The App.Undo.UndoSupport.get_request_var_or_attr function in Zope befo ...)
	- zope2.12 <unfixed> (bug #692899)
	[wheezy] - zope2.12 <no-dsa> (Minor issue)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/05
CVE-2012-5488 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5487 (The sandbox whitelisting function (allowmodule.py) in Plone before 4.2 ...)
	- zope2.12 <unfixed> (unimportant; bug #692899)
	NOTE: Non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899#20
CVE-2012-5486 (ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used  ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/02
CVE-2012-5485 (registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allow ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
	NOTE: https://plone.org/products/plone/security/advisories/20121106/01
CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtai ...)
	NOT-FOR-US: FreeIPA
CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Am ...)
	- keystone <not-affected> (Debian packaging enforces correct permissions)
CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (20 ...)
	- glance 2012.1.1-3 (bug #692641)
CVE-2012-5481 (Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass  ...)
	- moodle <not-affected> (Doesn't affect 1.9 or 2.2)
CVE-2012-5480 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5479 (The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform  ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5477 (The smart proxy in Foreman before 1.1 uses a umask set to 0, which all ...)
	- foreman <itp> (bug #663101)
CVE-2012-5476 (Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard pack ...)
	- horizon <not-affected> (File is installed with 0700 perms in Debian)
CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
	REJECTED
CVE-2012-5474 (The file /etc/openstack-dashboard/local_settings within Red Hat OpenSt ...)
	- horizon 2012.1.1-7
CVE-2012-5473 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5472 (lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 a ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5471 (The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attacke ...)
	- vlc 2.0.4-1 (bug #692130)
	[wheezy] - vlc 2.0.3-4
	[squeeze] - vlc <no-dsa> (Minor issue)
CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remot ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer component in ...)
	{DSA-2585-1}
	- bogofilter 1.2.2+dfsg1-2 (bug #695139)
CVE-2012-5467
	RESERVED
CVE-2012-5466
	RESERVED
CVE-2012-5465
	RESERVED
CVE-2012-5464
	RESERVED
CVE-2012-5463
	RESERVED
CVE-2012-5462
	RESERVED
CVE-2012-5461
	RESERVED
CVE-2012-5460 (Cross-site scripting (XSS) vulnerability in the help page in Juniper S ...)
	NOT-FOR-US: Juniper IVE OS
CVE-2012-5459 (Untrusted search path vulnerability in VMware Workstation 8.x before 8 ...)
	NOT-FOR-US: VMware
CVE-2012-5458 (VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 ...)
	NOT-FOR-US: VMware
CVE-2012-5457
	RESERVED
CVE-2012-5456 (The Zoner AntiVirus Free application for Android does not verify that  ...)
	NOT-FOR-US: Zoner AntiVirus Free
CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search compon ...)
	NOT-FOR-US: Joomla! component
CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not  ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5453 (SQL injection vulnerability in user/index_inline_editor_submit.php in  ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5452 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2 ...)
	NOT-FOR-US: Subrion CMS
CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 al ...)
	NOT-FOR-US: Subrion CMS
CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-5451 (Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi bef ...)
	NOT-FOR-US: TVMOBiLi
CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in lib/filemanager/ima ...)
	NOT-FOR-US: CMS Made Simple
CVE-2012-5449
	RESERVED
CVE-2012-5448
	RESERVED
CVE-2012-5447
	RESERVED
CVE-2012-5446
	RESERVED
CVE-2012-5445 (The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 s ...)
	NOT-FOR-US: Cisco Native Unix
CVE-2012-5444 (Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not pr ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-5443
	RESERVED
CVE-2012-5442
	RESERVED
CVE-2012-5441
	RESERVED
CVE-2012-5440
	RESERVED
CVE-2012-5439
	RESERVED
CVE-2012-5438
	RESERVED
CVE-2012-5437
	RESERVED
CVE-2012-5436
	RESERVED
CVE-2012-5435
	RESERVED
CVE-2012-5434
	RESERVED
CVE-2012-5433
	RESERVED
CVE-2012-5432
	RESERVED
CVE-2012-5431
	RESERVED
CVE-2012-5430
	RESERVED
CVE-2012-5429 (The VPN driver in Cisco VPN Client on Windows does not properly intera ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2012-5428
	RESERVED
CVE-2012-5427 (Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T a ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5426
	RESERVED
CVE-2012-5425
	RESERVED
CVE-2012-5424 (Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5 ...)
	NOT-FOR-US: Cisco
CVE-2012-5423
	RESERVED
CVE-2012-5422 (Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devic ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5421
	RESERVED
CVE-2012-5420
	RESERVED
CVE-2012-5419 (Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2012-5418
	RESERVED
CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not  ...)
	NOT-FOR-US: Cisco
CVE-2012-5416 (Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before  ...)
	NOT-FOR-US: Cisco
CVE-2012-5415 (Race condition on Cisco Adaptive Security Appliances (ASA) devices all ...)
	NOT-FOR-US: Cisco
CVE-2012-5414
	RESERVED
CVE-2012-5413
	RESERVED
CVE-2012-5412
	RESERVED
CVE-2012-5411
	RESERVED
CVE-2012-5410
	RESERVED
CVE-2012-5409 (AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and ea ...)
	NOT-FOR-US: Siemens SiPass
CVE-2012-5408
	RESERVED
CVE-2012-5407
	RESERVED
CVE-2012-5406
	RESERVED
CVE-2012-5405
	RESERVED
CVE-2012-5404
	RESERVED
CVE-2012-5403
	RESERVED
CVE-2012-5402
	RESERVED
CVE-2012-5401
	RESERVED
CVE-2012-5400
	RESERVED
CVE-2012-5399
	RESERVED
CVE-2012-5398
	RESERVED
CVE-2012-5397
	RESERVED
CVE-2012-5396
	RESERVED
CVE-2012-5395 (Session fixation vulnerability in the CentralAuth extension for MediaW ...)
	NOT-FOR-US: Mediawiki extension CentralAuth
CVE-2012-5394 (Cross-site request forgery (CSRF) vulnerability in the CentralAuth ext ...)
	NOT-FOR-US: mediawiki extension CentralAuth
CVE-2012-5393
	RESERVED
CVE-2012-5392
	RESERVED
CVE-2012-5391 (Session fixation vulnerability in Special:UserLogin in MediaWiki befor ...)
	- mediawiki 1:1.19.3-1 (bug #694998)
	[squeeze] - mediawiki 1:1.15.5-2squeeze5
CVE-2012-5390 (The standard universe shadow (condor_shadow.std) component in Condor 7 ...)
	- condor <not-affected> (standard universe is disabled in the Debian package, see bug #697936)
	NOTE: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html
CVE-2012-5389 (NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and e ...)
	NOT-FOR-US: PowerTCP WebServer for ActiveX
CVE-2012-5388 (Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the Wh ...)
	NOT-FOR-US: White Label CMS
CVE-2012-5387 (Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in ...)
	NOT-FOR-US: WordPress plugin White Label CMS
CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 all ...)
	NOT-FOR-US: phpPaleo
CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows rem ...)
	- webcalendar <removed>
CVE-2012-5384 (Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen W ...)
	- webcalendar <removed>
CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome  ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel bef ...)
	- linux 3.8-1 (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel bef ...)
	- linux 3.8-1 (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...)
	- openjdk-6 <removed> (low)
	[wheezy] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
	[squeeze] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
	- openjdk-7 <removed> (low)
	[jessie] - openjdk-7 <ignored> (Minor issue, no icedtea fix, too complex to backport)
	[wheezy] - openjdk-7 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
	- rubinius  <itp> (bug #591817)
CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes  ...)
	{DLA-263-1}
	- ruby1.8 <not-affected> (Only affects 1.9.x)
	- ruby1.9.1 1.9.3.194-4 (bug #693024)
CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to ...)
	{DLA-209-1}
	- jruby 1.5.6-5 (bug #694694)
CVE-2012-5369
	RESERVED
CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained th ...)
	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...)
	NOT-FOR-US: OrangeHRM
CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...)
	NOT-FOR-US: Mac OS X
CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year  ...)
	- kfreebsd-8 <removed> (low; bug #690986)
	- kfreebsd-9 <removed> (low)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
CVE-2012-5364 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-5363 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year  ...)
	- kfreebsd-8 <removed> (low; bug #690986)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-9 <removed> (low)
CVE-2012-5362 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
	NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5360 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
	NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5359 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
	NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5358 (The XSLTCompiledTransform function in Ektron Content Management System ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2012-5357 (Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCom ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2012-5356 (The apt-add-repository tool in Ubuntu Software Properties 0.75.x befor ...)
	NOT-FOR-US: apt-add-repository
CVE-2012-5355 (welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to ov ...)
	NOT-FOR-US: xdiagnose
CVE-2012-5354 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...)
	- iceape <not-affected> (Only affects 16.x release from experimental)
	- iceweasel <not-affected> (Only affects 16.x release from experimental)
	- icedove <not-affected> (Only affects 16.x release from experimental)
CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	- mysql-5.1 <not-affected> (Windows issue only)
	- mysql-5.5 <not-affected> (Windows issue only)
CVE-2012-5382 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	NOT-FOR-US: Zend Server
CVE-2012-5381 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	- php5 <not-affected> (Windows issue only)
CVE-2012-5380 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	- ruby1.8 <not-affected> (Windows issue only)
	- ruby1.9.1 <not-affected> (Windows issue only)
CVE-2012-5379 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	NOT-FOR-US: ActivePython
CVE-2012-5378 (Untrusted search path vulnerability in the installation functionality  ...)
	NOT-FOR-US: ActiveTcl
CVE-2012-5377 (Untrusted search path vulnerability in the installation functionality  ...)
	NOT-FOR-US: ActivePerl
CVE-2012-5353 (Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge me ...)
	NOT-FOR-US: Eduserv
CVE-2012-5352 (Java Open Single Sign-On Project Home (JOSSO) allows remote attackers  ...)
	NOT-FOR-US: josso
CVE-2012-5351 (Apache Axis2 allows remote attackers to forge messages and bypass auth ...)
	- axis2c <removed> (low; bug #690421)
	[squeeze] - axis2c <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.apache.org/jira/browse/AXIS2C-1607
CVE-2012-5350 (SQL injection vulnerability in the Pay With Tweet plugin before 1.2 fo ...)
	NOT-FOR-US: wp Pay With Tweet plugin
CVE-2012-5349 (Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the  ...)
	NOT-FOR-US: wp Pay With Tweet plugin
CVE-2012-5348 (SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote  ...)
	NOT-FOR-US: MangosWeb
CVE-2012-5347 (TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-5346 (Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live ...)
	NOT-FOR-US: WP live plugin
CVE-2012-5345 (Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (ak ...)
	NOT-FOR-US: batch file
CVE-2012-5344 (Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpT ...)
	NOT-FOR-US: batch file
CVE-2012-5343 (Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3 ...)
	NOT-FOR-US: Limny
CVE-2012-5342 (Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS a ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2012-5341 (Multiple cross-site scripting (XSS) vulnerabilities in statistik.php i ...)
	NOT-FOR-US: Otterware StatIt
CVE-2011-5210 (Directory traversal vulnerability in admin/preview.php in Limny 3.0.0  ...)
	NOT-FOR-US: Limny
CVE-2011-5209 (Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone S ...)
	NOT-FOR-US: GraphicsClone
CVE-2012-5340 (SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer ...)
	- mupdf 1.2-2
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f919270b6a732ff45c3ba2d0c105e2b39e9c9bc9 (1.1)
CVE-2012-5339 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...)
	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5338 (Open redirect vulnerability in JForum 2.1.9 allows remote attackers to ...)
	NOT-FOR-US: JForum
CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in  ...)
	NOT-FOR-US: jForum
CVE-2012-5336 (lib/base.php in ownCloud before 4.0.8 does not properly validate the u ...)
	- owncloud 4.0.8debian-1
CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote a ...)
	NOT-FOR-US: Tiny Server
CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing Press  ...)
	NOT-FOR-US: Pre Printing Press
CVE-2012-5333 (SQL injection vulnerability in page.php in Pre Printing Press allows r ...)
	NOT-FOR-US: Pre Printing Press
CVE-2012-5332 (at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial ...)
	NOT-FOR-US: at32 Reverse Proxy
CVE-2012-5331 (Directory traversal vulnerability in asaanCart 0.9 allows remote attac ...)
	NOT-FOR-US: asaanCart
CVE-2012-5330 (Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 a ...)
	NOT-FOR-US: asaanCart
CVE-2012-5329 (Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated  ...)
	NOT-FOR-US: TYPSoft FTP
CVE-2012-5328 (Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0. ...)
	NOT-FOR-US: WP Mingle Forum
CVE-2012-5327 (Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the ...)
	NOT-FOR-US: WP Mingle Forum
CVE-2012-5326 (Cross-site request forgery (CSRF) vulnerability in admin/function.php  ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2012-5325 (Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redi ...)
	NOT-FOR-US: WP Shortcode
CVE-2012-5324 (Multiple buffer overflows in the Pdf Printer Preferences ActiveX Contr ...)
	NOT-FOR-US: PDF-XChange
CVE-2012-5323 (Cross-site request forgery (CSRF) vulnerability in webconfig/admin_pas ...)
	NOT-FOR-US: Xavi ADSL router
CVE-2012-5322 (Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allo ...)
	NOT-FOR-US: Xavi ADSL router
CVE-2012-5321 (tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote att ...)
	- tikiwiki <removed>
CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi in Sag ...)
	NOT-FOR-US: Sagem
CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in setup/security.cgi  ...)
	NOT-FOR-US: D-link
CVE-2012-5318 (Unrestricted file upload vulnerability in uploadify/scripts/uploadify. ...)
	NOT-FOR-US: WP Kish
CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware Shop bef ...)
	NOT-FOR-US: Bigware Shop
CVE-2012-5316 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam  ...)
	NOT-FOR-US: Barracuda
CVE-2012-5315 (Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 ...)
	NOT-FOR-US: iReport
CVE-2012-5314 (Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier  ...)
	NOT-FOR-US: ViewGit
CVE-2012-5313 (SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows r ...)
	NOT-FOR-US: Snitz Forums
CVE-2012-5312 (SQL injection vulnerability in Tribiq CMS allows remote attackers to e ...)
	NOT-FOR-US: Tribiq CMS
CVE-2012-5311
	REJECTED
CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...)
	NOT-FOR-US: WP e-Commerce plugin
CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim F ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-5308 (Cross-site request forgery (CSRF) vulnerability in servlet/traveler in ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-5307 (Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lo ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-5306 (Stack-based buffer overflow in the SelectDirectory method in DcsCliCtr ...)
	NOT-FOR-US: D-Link
CVE-2012-5305 (Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Softwar ...)
	NOT-FOR-US: DirectAdmin
CVE-2012-5304 (Static code injection vulnerability in administration/install.php in Y ...)
	NOT-FOR-US: YVS
CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrar ...)
	- monkey <removed> (unimportant)
CVE-2012-5302 (The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not pro ...)
	NOT-FOR-US: TIBCO Formvine
CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin be ...)
	NOT-FOR-US: BackWPup
CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
	NOT-FOR-US: VWar
CVE-2010-5278 (Directory traversal vulnerability in manager/controllers/default/resou ...)
	NOT-FOR-US: MODx Revolution
CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...)
	NOT-FOR-US: Drupal Views Bulk Operations
CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Dru ...)
	NOT-FOR-US: Drupal Memcache
CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the Memc ...)
	NOT-FOR-US: Drupal Memcache
CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 suppor ...)
	NOT-FOR-US: Cerberus
CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tien ...)
	NOT-FOR-US: MyStore Xpress
CVE-2012-5299 (Mavili Guestbook, as released in November 2007, allows remote attacker ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5298 (Mavili Guestbook, as released in November 2007, stores guestbook.mdb u ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5297 (SQL injection vulnerability in edit.asp in Mavili Guestbook, as releas ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5296 (Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestboo ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5295 (Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Foru ...)
	NOT-FOR-US: FuseTalk
CVE-2012-5294 (SQL injection vulnerability in art_detalle.php in MyStore Xpress Tiend ...)
	NOT-FOR-US: MyStore Xpress
CVE-2012-5293 (Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3  ...)
	NOT-FOR-US: SAPID CMS
CVE-2012-5292 (Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remot ...)
	NOT-FOR-US: Atar2b
CVE-2012-5291 (SQL injection vulnerability in team.php in Posse Softball Director CMS ...)
	NOT-FOR-US: Posse Softball Director
CVE-2012-5290 (Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remo ...)
	NOT-FOR-US: EasyWebRealEstate
CVE-2012-5289 (Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote ...)
	NOT-FOR-US: Plogger
CVE-2012-5288 (SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows ...)
	NOT-FOR-US: phpMyDirectory
CVE-2011-5207 (Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php ...)
	NOT-FOR-US: WP TheCartPress
CVE-2011-5206 (Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech be ...)
	NOT-FOR-US: Rapidleech
CVE-2011-5205 (Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 ...)
	NOT-FOR-US: Rapidleech
CVE-2011-5204 (Akiva WebBoard 8.x stores passwords in plaintext, which allows local u ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2011-5203 (SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2012-XXXX [gunicorn fails to drop supplemental groups]
	- gunicorn 0.14.5-3 (low)
	[squeeze] - gunicorn <no-dsa> (Minor issue)
CVE-2012-5287 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5284
	REJECTED
CVE-2012-5283
	REJECTED
CVE-2012-5282
	REJECTED
CVE-2012-5281
	REJECTED
CVE-2012-5280 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5279 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5278 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5277 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5276 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5275 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5274 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5273 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5270 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5269 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5268 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5267 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5266 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5265 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5264 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5263 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5262 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5261 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5260 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5259 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5258 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5257 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5256 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5255 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5254 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5253 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5252 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5251 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5250 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5249 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5248 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5247
	RESERVED
CVE-2012-5246
	RESERVED
CVE-2012-5245
	RESERVED
CVE-2012-5244 (Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earli ...)
	NOT-FOR-US: Banana Dance
CVE-2012-5243 (functions/suggest.php in Banana Dance B.2.6 and earlier allows remote  ...)
	NOT-FOR-US: Banana Dance
CVE-2012-5242 (Directory traversal vulnerability in functions/suggest.php in Banana D ...)
	NOT-FOR-US: Banana Dance
CVE-2012-5241
	RESERVED
	NOT-FOR-US: PEAR module for Twitter
CVE-2012-5240 (Buffer overflow in the dissect_tlv function in epan/dissectors/packet- ...)
	- wireshark 1.8.2-2 (bug #689972)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5239
	REJECTED
CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x b ...)
	- wireshark 1.8.2-2 (bug #689972)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP ...)
	- wireshark 1.8.2-2 (bug #689972)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5236
	REJECTED
CVE-2012-5235
	RESERVED
CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before 7.1.6 allo ...)
	- ocportal <itp> (bug #625865)
CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote module befo ...)
	NOT-FOR-US: Drupal stickynote
CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form component  ...)
	NOT-FOR-US: Joomla component
CVE-2012-5231 (miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP c ...)
	NOT-FOR-US: miniCMS
CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) compon ...)
	NOT-FOR-US: Joomla jesusmit
CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...)
	NOT-FOR-US: WP Gallery2
CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...)
	- phplist <itp> (bug #612288)
CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2. ...)
	NOT-FOR-US: Peel Shopping
CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2 ...)
	NOT-FOR-US: Peel Shopping
CVE-2012-5225 (Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart  ...)
	NOT-FOR-US: xClick
CVE-2012-5224 (PHP remote file inclusion vulnerability in vb/includes/vba_cmps_includ ...)
	NOT-FOR-US: vbadvanced CMPS
CVE-2012-5223 (The proc_deutf function in includes/functions_vbseocp_abstract.php in  ...)
	NOT-FOR-US: vBSEO
CVE-2012-5222 (HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote att ...)
	NOT-FOR-US: HP Service Manager
CVE-2012-5221 (Directory traversal vulnerability in the PostScript Interpreter, as us ...)
	NOT-FOR-US: HP LaserJet
CVE-2012-5220 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2012-5219 (Cross-site scripting (XSS) vulnerability in HP Managed Printing Admini ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2012-5218 (HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not e ...)
	NOT-FOR-US: HP ElitePad 900
CVE-2012-5217 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-5216 (Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8  ...)
	NOT-FOR-US: HP ProCurve
CVE-2012-5215 (Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M12 ...)
	NOT-FOR-US: HP LaserJet Pro
CVE-2012-5214 (Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 al ...)
	NOT-FOR-US: HP ServiceCenter
CVE-2012-5213 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5212 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5211 (Unspecified vulnerability in HP Intelligent Management Center (iMC) Us ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5210 (Unspecified vulnerability in HP Intelligent Management Center (iMC) TA ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5209 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5208 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5207 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5206 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5205 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5204 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5203 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5202 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5201 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5200 (Cross-site scripting (XSS) vulnerability in HP Intelligent Management  ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5199 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and e ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2012-5198 (Unspecified vulnerability in HP ArcSight Connector Appliance before 6. ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a de ...)
	NOT-FOR-US: WinCDEmu
CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (unimportant)
	NOTE: Not exploitable according to upstream
CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x befo ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (unimportant)
	NOTE: Not exploitable according to upstream
CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util.c in ...)
	{DSA-2586-1}
	- perl 5.14.2-14 (bug #689314)
CVE-2012-5194
	RESERVED
CVE-2012-5193 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bitweave ...)
	NOT-FOR-US: Bitweaver
CVE-2012-5191
	RESERVED
CVE-2012-5190 (Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability ...)
	NOT-FOR-US: Prizm Content Connect
CVE-2012-5189
	REJECTED
CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1  ...)
	NOT-FOR-US: mora Downloader
CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...)
	NOT-FOR-US: Android
CVE-2012-5186 (Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and ...)
	NOT-FOR-US: FLUGELz netmania myu-s, PHP WeblogSystem
CVE-2012-5185 (Directory traversal vulnerability in the Olive Toast Documents Pro Fil ...)
	NOT-FOR-US: Olive Toast Documents Pro File Viewer
CVE-2012-5184 (Cross-site scripting (XSS) vulnerability in the Olive Toast Documents  ...)
	NOT-FOR-US: Olive Toast Documents Pro File Viewer
CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows attacker ...)
	NOT-FOR-US: Loctouch application for Android
CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not proper ...)
	NOT-FOR-US: Loctouch application for Android
CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 t ...)
	NOT-FOR-US: concrete5
CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini application be ...)
	NOT-FOR-US: Opera Mobile application for Android
CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini applicat ...)
	NOT-FOR-US: Boat Browser application for Android
CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin  ...)
	NOT-FOR-US: WordPress Welcart plugin
CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before  ...)
	NOT-FOR-US: WordPress Welcart plugin
CVE-2012-5176 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.0 ...)
	NOT-FOR-US: KENT-WEB ACCESS REPORT
CVE-2012-5175 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 ...)
	NOT-FOR-US: KENT-WEB ACCESS REPORT
CVE-2012-5174 (The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR  ...)
	NOT-FOR-US: KYOCERA
CVE-2012-5173 (Session fixation vulnerability in BIGACE before 2.7.8 allows remote at ...)
	NOT-FOR-US: BIGACE
CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows  ...)
	NOT-FOR-US: Asial Monaca Debugger
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
	NOT-FOR-US: Be Graph's BeZIP
CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote attac ...)
	NOT-FOR-US: Pebble blog
CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in file_manager/pr ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify arbitra ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5167 (Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9. ...)
	{DSA-2560-1}
	- bind9 1:9.8.1.dfsg.P1-4.3 (bug #690118)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-5165
	RESERVED
CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
	NOT-FOR-US: Fork CMS
CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in  ...)
	NOT-FOR-US: OSClass not in Debian
CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OS ...)
	NOT-FOR-US: OSClass not in Debian
CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1  ...)
	NOT-FOR-US: Citrix XenApp
CVE-2012-5160
	RESERVED
CVE-2012-5158 (Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessi ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2012-5157 (Google Chrome before 24.0.1312.52 does not properly handle image data  ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5156 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5155 (Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropri ...)
	- chromium-browser <not-affected> (Only affects MacOS X)
CVE-2012-5154 (Integer overflow in Google Chrome before 24.0.1312.52 on Windows allow ...)
	- chromium-browser <not-affected> (Only affects Windows)
CVE-2012-5153 (Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.5 ...)
	- libv8 <not-affected> (bug #702261; kMinFixedIndex and kMaxFixedIndex are hard-coded to the correct values in 3.8.9.20, a later commit introduced a caclulation that produced incorrect values)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 24.0.1312.68-1
CVE-2012-5151 (Integer overflow in Google Chrome before 24.0.1312.52 allows remote at ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1
CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before 24.0.1 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5148 (The hyphenation functionality in Google Chrome before 24.0.1312.52 doe ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5147 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5146 (Google Chrome before 24.0.1312.52 allows remote attackers to bypass th ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5145 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0. ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646
CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows remote at ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle history nav ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5141 (Google Chrome before 23.0.1271.97 does not properly restrict instantia ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5140 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5139 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file paths, ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5136 (Google Chrome before 23.0.1271.91 does not properly perform a cast of  ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5135 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5134 (Heap-based buffer underflow in the xmlParseAttValueComplex function in ...)
	{DSA-2580-1}
	- libxml2 2.8.0+dfsg1-7 (bug #694521)
CVE-2012-5133 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5132 (Google Chrome before 23.0.1271.91 allows remote attackers to cause a d ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5131 (Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitiga ...)
	- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote atta ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS  ...)
	- mesa 8.0.5-3 (bug #695248)
	[squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.6 ...)
	- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote at ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- libwebp 0.1.3-3+nmu1 (bug #704573)
	NOTE: fixed in experimental version 0.2.1-1
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=442152
	NOTE: Upstream announce: https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE
CVE-2012-5126 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5125 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5124 (Google Chrome before 23.0.1271.64 does not properly handle textures, w ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5123 (Skia, as used in Google Chrome before 23.0.1271.64, allows remote atta ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5122 (Google Chrome before 23.0.1271.64 does not properly perform a cast of  ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5121 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5120 (Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.6 ...)
	- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5119 (Race condition in Pepper, as used in Google Chrome before 23.0.1271.64 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5118 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly valida ...)
	- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5117 (Google Chrome before 23.0.1271.64 does not properly restrict the loadi ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5116 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5115 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitiga ...)
	- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5114
	RESERVED
CVE-2012-5113
	RESERVED
CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as u ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepp ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote atta ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote atta ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5107
	RESERVED
CVE-2012-5106 (Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote  ...)
	NOT-FOR-US: FreeFloat FTP Server
CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror durin ...)
	- phpmyadmin <not-affected>
CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1 ...)
	NOT-FOR-US: SQLiteManager
CVE-2012-5104 (Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in U ...)
	NOT-FOR-US: UBB.threads
CVE-2012-5103 (Multiple cross-site scripting (XSS) vulnerabilities in action/add-subm ...)
	NOT-FOR-US: Ggb guestbook
CVE-2012-5102 (Cross-site scripting (XSS) vulnerability in inc/extensions.php in Vert ...)
	NOT-FOR-US: VertigoServ
CVE-2012-5101 (SQL injection vulnerability in the JExtensions JE Poll component befor ...)
	NOT-FOR-US: Joomla! extension
CVE-2012-5100 (Directory traversal vulnerability in HServer 0.1.1 allows remote attac ...)
	NOT-FOR-US: HServer
CVE-2012-5099 (Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and ...)
	NOT-FOR-US: PHPB2B
CVE-2012-5098 (Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, a ...)
	NOT-FOR-US: PHP-X-Links
CVE-2012-5097 (Unspecified vulnerability in the Oracle Access Manager component in Or ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-5096 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-5095 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 10
CVE-2012-5094 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...)
	NOT-FOR-US: Oracle Agile PLM
CVE-2012-5093 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...)
	NOT-FOR-US: Oracle Agile PLM
CVE-2012-5092 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...)
	NOT-FOR-US: Oracle Agile PLM
CVE-2012-5091 (Unspecified vulnerability in the Oracle Agile Product Supplier Collabo ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2012-5090 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2012-5089 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5088 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5087 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5086 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
CVE-2012-5085 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5084 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5083 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-5082 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5081 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
	NOTE: https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
	NOTE: https://robotattack.org/
CVE-2012-5080 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5079 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5078 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5077 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5076 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5075 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5074 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5073 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5072 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5071 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5070 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5069 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5068 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5067 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-5066 (Unspecified vulnerability in the Oracle Central Designer component in  ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-5065 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-5064 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-5063 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-5062 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2012-5061 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-5060 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-5059 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-5058 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-5057 (CRLF injection vulnerability in ownCloud Server before 4.0.8 allows re ...)
	- owncloud 4.0.8debian-1
CVE-2012-5056 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
	- owncloud 4.0.8debian-1
CVE-2012-5055 (DaoAuthenticationProvider in VMware SpringSource Spring Security befor ...)
	NOT-FOR-US: VMware
CVE-2012-5054 (Integer overflow in the copyRawDataTo method in the Matrix3D class in  ...)
	NOT-FOR-US: Adobe Flash player
CVE-2012-5053 (Cross-site scripting (XSS) vulnerability in the Receiver Web User Inte ...)
	NOT-FOR-US: Trimble Infrastructure GNSS Series Receivers
CVE-2012-5052
	RESERVED
CVE-2012-5051 (Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows re ...)
	NOT-FOR-US: VMware
CVE-2012-5050 (Cross-site scripting (XSS) vulnerability in the server in VMware vCent ...)
	NOT-FOR-US: VMware
CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote  ...)
	NOT-FOR-US: Optimalog Optima PLC
CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote  ...)
	NOT-FOR-US: Optimalog Optima PLC
CVE-2012-5047
	RESERVED
CVE-2012-5046
	RESERVED
CVE-2012-5045
	RESERVED
CVE-2012-5044 (Cisco IOS before 15.3(1)T, when media flow-around is not used, allows  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5043
	RESERVED
CVE-2012-5042
	RESERVED
CVE-2012-5041
	RESERVED
CVE-2012-5040
	RESERVED
CVE-2012-5039 (The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote a ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5038
	RESERVED
CVE-2012-5037 (The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5036 (Cisco IOS before 12.2(50)SY1 allows remote authenticated users to caus ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5035
	RESERVED
CVE-2012-5034
	RESERVED
CVE-2012-5033
	RESERVED
CVE-2012-5032 (The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5031
	RESERVED
CVE-2012-5030 (Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5029
	RESERVED
CVE-2012-5028
	RESERVED
CVE-2012-5027
	RESERVED
CVE-2012-5026
	RESERVED
CVE-2012-5025
	RESERVED
CVE-2012-5024
	RESERVED
CVE-2012-5023
	RESERVED
CVE-2012-5022
	RESERVED
CVE-2012-5021
	RESERVED
CVE-2012-5020
	RESERVED
CVE-2012-5019
	RESERVED
CVE-2012-5018
	RESERVED
CVE-2012-5017 (Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5016
	RESERVED
CVE-2012-5015
	RESERVED
CVE-2012-5014 (Cisco IOS before 15.1(2)SY allows remote authenticated users to cause  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5013
	RESERVED
CVE-2012-5012
	RESERVED
CVE-2012-5011
	RESERVED
CVE-2012-5010 (ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (AS ...)
	NOT-FOR-US: Adaptive Security Appliance Adaptive Security Appliance (ASA)
CVE-2012-5009
	RESERVED
CVE-2012-5008
	RESERVED
CVE-2011-5201 (Multiple SQL injection vulnerabilities in sign.php in tinyguestbook al ...)
	NOT-FOR-US: tinyguestbook
CVE-2011-5200 (Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow ...)
	NOT-FOR-US: DeDeCMS
CVE-2011-5199 (Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook  ...)
	NOT-FOR-US: tinyguestbook
CVE-2011-5198 (SQL injection vulnerability in search.php in Neturf eCommerce Shopping ...)
	NOT-FOR-US: Neturf eCommerce Shopping Cart
CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...)
	NOT-FOR-US: Public Knowledge Project Open Harvester Systems
CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...)
	NOT-FOR-US: Public Knowledge Project Open Conference Systems
CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhoi ...)
	NOT-FOR-US: Wordpress Whois search plugin
CVE-2011-5193 (Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhoi ...)
	NOT-FOR-US: Wordpress Whois search plugin
CVE-2011-5192 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty L ...)
	NOT-FOR-US: Wordpress Pretty Link Lite plugin
CVE-2011-5191 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty L ...)
	NOT-FOR-US: Wordpress Pretty Link Lite plugin
CVE-2012-5007 (The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote at ...)
	NOT-FOR-US: Drupal addon Fill PDF
CVE-2012-5006 (Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug ...)
	NOT-FOR-US: Caminova DjVu Browser
CVE-2012-5005 (Cross-site request forgery (CSRF) vulnerability in admin/admin_options ...)
	NOT-FOR-US: VR GPub
CVE-2012-5004 (Multiple cross-site request forgery (CSRF) vulnerabilities in Parallel ...)
	NOT-FOR-US: Parallels H-Sphere
CVE-2012-5003 (nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not p ...)
	NOT-FOR-US: No Machine NX Web Companion
CVE-2012-5002 (Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in R ...)
	NOT-FOR-US: SR10 FTP server in Ricoh DC Software
CVE-2012-5001 (Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node M ...)
	NOT-FOR-US: Hitachi JP1/Cm2/Network Node Manager
CVE-2012-5000 (SQL injection vulnerability in jokes/index.php in the Witze addon 0.9  ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2012-4999 (Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote  ...)
	NOT-FOR-US: Mercury MR804 Router
CVE-2012-4998 (Cross-site scripting (XSS) vulnerability in index.php in starCMS allow ...)
	NOT-FOR-US: starCMS
CVE-2012-4997 (Directory traversal vulnerability in acp/index.php in AneCMS allows re ...)
	NOT-FOR-US: AneCMS
CVE-2012-4996 (Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlie ...)
	NOT-FOR-US: RivetTracker
CVE-2012-4995 (Cross-site scripting (XSS) vulnerability in admin/userrighthandling.ph ...)
	- limesurvey <itp> (bug #472802)
CVE-2012-4994 (SQL injection vulnerability in admin/admin.php in LimeSurvey before 1. ...)
	- limesurvey <itp> (bug #472802)
CVE-2012-4993 (torrent_functions.php in RivetTracker 1.03 and earlier does not proper ...)
	NOT-FOR-US: RivetTracker
CVE-2012-4992 (Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote ...)
	NOT-FOR-US: FlashFXP
CVE-2012-4991 (Multiple directory traversal vulnerabilities in Axway SecureTransport  ...)
	NOT-FOR-US: Axway SecureTransport
CVE-2012-4990 (SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2 ...)
	NOT-FOR-US: OpenX
CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in  ...)
	NOT-FOR-US: OpenX
CVE-2012-4988 (Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JP ...)
	NOT-FOR-US: XnView
CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allo ...)
	NOT-FOR-US: RealPlayer
CVE-2012-4986
	RESERVED
CVE-2012-4985 (The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICM ...)
	NOT-FOR-US: Forescout device
CVE-2012-4984
	RESERVED
CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Forescout C ...)
	NOT-FOR-US: Forescout device
CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterAC ...)
	NOT-FOR-US: Forescout device
CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vuln ...)
	NOT-FOR-US: Toshiba ConfigFree
CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...)
	NOT-FOR-US: Toshiba ConfigFree Utility
CVE-2012-4979
	RESERVED
CVE-2012-4978
	RESERVED
CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext cre ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to d ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticate ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the l ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4973
	RESERVED
CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox  ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow r ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4970 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Polycom HDX Video End Points
CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book Fac ...)
	NOT-FOR-US: Social Book Facebook Clone 2010
CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation mod ...)
	NOT-FOR-US: Drupal addon
CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing Syst ...)
	NOT-FOR-US: Drupal addon
CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop p ...)
	NOT-FOR-US: jbShop plugin for e107
CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in Onli ...)
	NOT-FOR-US: Online Subtitles Workshop
CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-5182
	NOT-FOR-US: Wordpress Lanoba Social plugin
CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...)
	NOT-FOR-US: Wordpress ClickDesk Live Support - Live Chat plugin
CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in th ...)
	NOT-FOR-US: Wordpress ZooEffect plugin
CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php i ...)
	NOT-FOR-US: Skysa App Bar
CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in admin/controlle ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2. ...)
	- silverstripe <itp> (bug #528461)
CVE-2012-4967
	REJECTED
CVE-2012-4966
	REJECTED
CVE-2012-4965
	REJECTED
CVE-2012-4964 (The Samsung printer firmware before 20121031 has a hardcoded read-writ ...)
	NOT-FOR-US: Samsung printer firmware
CVE-2012-4963
	RESERVED
CVE-2012-4962
	RESERVED
CVE-2012-4961
	RESERVED
CVE-2012-4960 (The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6,  ...)
	NOT-FOR-US: Huawei devices
CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File Repor ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File Repor ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File R ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0 ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Adm ...)
	NOT-FOR-US: Dell OpenManage SA
CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote au ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-4953 (The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Syma ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-4952 (Henry Schein Dentrix G5 before 15.1.294 has a single internal-database ...)
	NOT-FOR-US: Dentrix
CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in V ...)
	NOT-FOR-US: VeriFone VeriCentre Web Console
CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search page in ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenti ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses th ...)
	NOT-FOR-US: Fortinet Fortigate UTM applianced
CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store databa ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR f ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile FleetComman ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in Agile Fl ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetComm ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander and Fle ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files com ...)
	NOT-FOR-US: Axigen Free Mail Server
CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in th ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface in Patte ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern Insight ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote attackers to co ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled i ...)
	NOT-FOR-US: TomatoCart
CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...)
	NOT-FOR-US: Novell ZENworks
CVE-2012-4932 (Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices  ...)
	NOT-FOR-US: SimpleInvoices
CVE-2012-4931
	RESERVED
CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Ch ...)
	- iceweasel <not-affected> (Firefox ESV not support SDPY)
	- chromium-browser 21.0.1180.57~r148591-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://www.imperialviolet.org/2012/09/21/crime.html
CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...)
	{DSA-3253-1 DSA-2627-1 DSA-2626-1 DSA-2579-1 DLA-400-1 DLA-0008-1}
	- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
	- chromium-browser 22.0.1229.94~r161065-1
	NOTE: Chromium fix: https://chromiumcodereview.appspot.com/10825183/
	[squeeze] - chromium-browser <end-of-life>
	- qt4-x11 4:4.8.2+dfsg-3
	- apache2 2.2.22-12 (bug #689936)
	- lighttpd 1.4.30-1 (bug #700399)
	- nginx 1.2.1-2.2 (bug #700426)
	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
	- openssl 1.0.1e-5 (low; bug #728055)
	[wheezy] - openssl 1.0.1e-2+deb7u11
	[squeeze] - openssl 0.9.8o-4squeeze16
	NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html
	NOTE: openssl disables compression by default since dc5744cb78da6f2bcafeeefe22c604a51b52dfc5
	- pound 2.6-3 (bug #727197)
CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Ox ...)
	NOT-FOR-US: Oxwall 1.1.1
CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1 ...)
	- limesurvey <itp> (bug #472802)
CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
	NOT-FOR-US: Img Pals Photo Host 1.0
CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals Phot ...)
	NOT-FOR-US: Img Pals Photo Host 1.0
CVE-2012-4924 (Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX  ...)
	NOT-FOR-US: ASUS Net4Switch
CVE-2012-4923 (Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall ...)
	NOT-FOR-US: Endian Firewall 2.4
CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0 ...)
	{DSA-2548-1}
	- tor 0.2.3.22-rc-1
CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS  ...)
	NOT-FOR-US: WordPress plugin DVS Custom Notification
CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
	NOT-FOR-US: Wordpress plugin Zingiri Forum
CVE-2012-4919 (Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerabilit ...)
	NOT-FOR-US: Gallery Plugin1.4 for WordPress
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
	NOT-FOR-US: Call of Duty Elite for iOS
CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, which all ...)
	NOT-FOR-US: The TripAdvisor app 6.6 for iOS
CVE-2012-4916
	RESERVED
CVE-2012-4915 (Directory traversal vulnerability in the Google Doc Embedder plugin be ...)
	NOT-FOR-US: WordPress plugin Google Doc Embedder
CVE-2012-4914 (Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows  ...)
	NOT-FOR-US: CoolPDF
CVE-2012-4913
	RESERVED
CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module 6 ...)
	NOT-FOR-US: Drupal module
CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier a ...)
	NOT-FOR-US: OrderSys
CVE-2011-5178 (Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/u ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in B ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly B. ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Auth ...)
	NOT-FOR-US: Intel Trusted Execution Technology
CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assi ...)
	NOT-FOR-US: Bugbear Entertainment FlatOut 2005
CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and poss ...)
	NOT-FOR-US: StoryBoard Quick 6 Build, StoryBoard Artist and StoryBoard Studio
CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 1 ...)
	NOT-FOR-US: CyberLink Power2Go
CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 al ...)
	NOT-FOR-US: Castillo Bueno Systems CCMPlayer
CVE-2011-5169 (SQL injection vulnerability in sgms/reports/scheduledreports/configure ...)
	NOT-FOR-US: SonicWall ViewPoint
CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 a ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone  ...)
	NOT-FOR-US: Oracle Hyperion Strategic Finance
CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote atta ...)
	NOT-FOR-US: KnFTP
CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier ...)
	NOT-FOR-US: Free MP3 CD Ripper
CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 thro ...)
	NOT-FOR-US: VanDyke Software AbsoluteFTP
CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch m ...)
	NOT-FOR-US: Schneider Electric CitectSCADA
CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assi ...)
	NOT-FOR-US: GOM Player
CVE-2012-4911
	REJECTED
CVE-2012-4910
	REJECTED
CVE-2012-4909 (Google Chrome before 18.0.1025308 on Android allows remote attackers t ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4908 (Google Chrome before 18.0.1025308 on Android allows remote attackers t ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4907 (Google Chrome before 18.0.1025308 on Android does not properly restric ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4906 (Google Chrome before 18.0.1025308 on Android does not properly restric ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4905 (Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0. ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4904 (Cross-application scripting vulnerability in Google Chrome before 18.0 ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4903 (Google Chrome before 18.0.1025308 on Android does not properly restric ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Template ...)
	NOT-FOR-US: Template CMS (http://template-cms.ru)
CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ear ...)
	NOT-FOR-US: Template CMS (http://template-cms.ru)
CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via unt ...)
	NOT-FOR-US: Corel WordPerfect Office X6
CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing alg ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a  ...)
	NOT-FOR-US: Mesh OS
CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie D ...)
	NOT-FOR-US: VMware
CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote atta ...)
	NOT-FOR-US: SumatraPDF
CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote atta ...)
	NOT-FOR-US: SumatraPDF
CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-ass ...)
	NOT-FOR-US: Google SketchUp
CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in file/sho ...)
	- webmin <removed>
CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 201 ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngi ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2012-4890 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 201 ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4889 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Fi ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2012-4888
	RESERVED
CVE-2012-4887
	RESERVED
CVE-2012-4886 (Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 p ...)
	NOT-FOR-US: WPS Office
CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x befor ...)
	- mediawiki 1:1.19.0-1 (low)
	[squeeze] - mediawiki <end-of-life>
CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before  ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph funct ...)
	NOT-FOR-US: OpenEMR
CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 all ...)
	NOT-FOR-US: OpenEMR
CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...)
	NOT-FOR-US: Geeklog
CVE-2012-4883 (Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R20 ...)
	NOT-FOR-US: 3DVIA Composer V6R2012
CVE-2012-4882 (Multiple untrusted search path vulnerabilities in 3D XML Player 6.212. ...)
	NOT-FOR-US: 3D XML Player
CVE-2012-4881 (Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894- ...)
	NOT-FOR-US: moviEZ
CVE-2012-4880 (Multiple untrusted search path vulnerabilities in DVD Architect Pro 5. ...)
	NOT-FOR-US: DVD Architect Pro
CVE-2012-4879 (The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 7 ...)
	NOT-FOR-US: WAGO I/O System 758
CVE-2012-4878 (Absolute path traversal vulnerability in controlcenter.php in FlatnuX  ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4877 (Cross-site request forgery (CSRF) vulnerability in controlcenter.php i ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4876 (Stack-based buffer overflow in the UltraMJCam ActiveX Control in TREND ...)
	NOT-FOR-US: TRENDnet SecurView TV-IP121WN Wireless Internet Camera
CVE-2012-4875
	- ghostscript <not-affected> (Even if it's genuine, it's Windows-code)
CVE-2012-4874 (Unspecified vulnerability in the Another WordPress Classifieds Plugin  ...)
	NOT-FOR-US: Another WordPress Classifieds Plugin for Wordpress
CVE-2012-4873 (Cross-site scripting (XSS) vulnerability in the file_download function ...)
	NOT-FOR-US: GNU Board
CVE-2012-4872 (Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako F ...)
	NOT-FOR-US: Kayako Fusion
CVE-2012-4871 (Cross-site scripting (XSS) vulnerability in service/graph_html.php in  ...)
	NOT-FOR-US: LiteSpeed Web Server
CVE-2012-4870 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and ...)
	NOT-FOR-US: FreePBX
CVE-2012-4869 (The callme_startcall function in recordings/misc/callme_page.php in Fr ...)
	NOT-FOR-US: FreePBX
CVE-2012-4868 (SQL injection vulnerability in news.php in the Kunena component 1.7.2  ...)
	NOT-FOR-US: Kunena component for Joomla!
CVE-2012-4867 (Directory traversal vulnerability in modules/com_vtiger_workflow/sortf ...)
	NOT-FOR-US: vtiger CRM
CVE-2012-4866 (Untrusted search path vulnerability in Xtreme RAT 3.5 allows local use ...)
	NOT-FOR-US: Xtreme RAT
CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to e ...)
	NOT-FOR-US: Oreans Themida
CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Oreans WinLicense
CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability ...)
	NOT-FOR-US: IBM
CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 t ...)
	NOT-FOR-US: IBM Rational
CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM InfoSph ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2012-4860
	RESERVED
CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space Mana ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2012-4858 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 be ...)
	NOT-FOR-US: IBM Informix
CVE-2012-4856 (The Service Processor in the IBM Power 5 91##-### and 940#-### before  ...)
	NOT-FOR-US: IBM Power 5
CVE-2012-4855 (Unspecified vulnerability in the web services framework in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2012-4854
	RESERVED
CVE-2012-4853 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Appli ...)
	NOT-FOR-US: Websphere
CVE-2012-4852
	RESERVED
CVE-2012-4851 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: Websphere
CVE-2012-4850 (IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, w ...)
	NOT-FOR-US: Websphere
CVE-2012-4849
	RESERVED
CVE-2012-4848 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Found ...)
	NOT-FOR-US: IBM Lotus Foundations Start
CVE-2012-4847 (IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote auth ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4846 (IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly f ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2012-4845 (The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, d ...)
	NOT-FOR-US: AIX
CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM Lotu ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-4843
	RESERVED
CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino 8.5. ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-4841 (Unspecified vulnerability in Tivoli Endpoint Manager for Remote Contro ...)
	NOT-FOR-US: Tivoli
CVE-2012-4840 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4839 (The OSLC interface in the Web Client (aka CQ Web) in IBM Rational Clea ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-4838 (IBM Flex System Chassis Management Module (CMM) and Integrated Managem ...)
	NOT-FOR-US: IBM Flex
CVE-2012-4837 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4836 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4835 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4834 (Directory traversal vulnerability in LayerLoader.jsp in the theme comp ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not p ...)
	NOT-FOR-US: AIX
CVE-2012-4832 (Information Services Framework (ISF) in IBM InfoSphere Information Ser ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2012-4831
	RESERVED
CVE-2012-4830 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0. ...)
	NOT-FOR-US: WebSphere
CVE-2012-4829 (IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 c ...)
	NOT-FOR-US: IBM
CVE-2012-4828
	RESERVED
CVE-2012-4827
	RESERVED
CVE-2012-4826 (Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored  ...)
	NOT-FOR-US: IBM DB2
CVE-2012-4825 (Multiple cross-site scripting (XSS) vulnerabilities in servlet/travele ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-4824 (Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Tra ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-4823 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and e ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4822 (Multiple unspecified vulnerabilities in the JRE component in IBM Java  ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4821 (Multiple unspecified vulnerabilities in the JRE component in IBM Java  ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4820 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and e ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossa ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2012-4818
	RESERVED
CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
	NOT-FOR-US: IBM AIX, VIOS
CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows rem ...)
	NOT-FOR-US: IBM Rational Automation Framework
CVE-2012-4815
	RESERVED
CVE-2012-4814
	RESERVED
CVE-2012-4813
	REJECTED
CVE-2012-4812
	REJECTED
CVE-2012-4811
	REJECTED
CVE-2012-4810
	REJECTED
CVE-2012-4809
	REJECTED
CVE-2012-4808
	REJECTED
CVE-2012-4807
	REJECTED
CVE-2012-4806
	REJECTED
CVE-2012-4805
	REJECTED
CVE-2012-4804
	REJECTED
CVE-2012-4803
	REJECTED
CVE-2012-4802
	REJECTED
CVE-2012-4801
	REJECTED
CVE-2012-4800
	REJECTED
CVE-2012-4799
	REJECTED
CVE-2012-4798
	REJECTED
CVE-2012-4797
	REJECTED
CVE-2012-4796
	REJECTED
CVE-2012-4795
	REJECTED
CVE-2012-4794
	REJECTED
CVE-2012-4793
	REJECTED
CVE-2012-4792 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4791 (Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote  ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2012-4790
	REJECTED
CVE-2012-4789
	REJECTED
CVE-2012-4788
	REJECTED
CVE-2012-4787 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4786 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-4785
	REJECTED
CVE-2012-4784
	REJECTED
CVE-2012-4783
	REJECTED
CVE-2012-4782 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4781 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4780
	REJECTED
CVE-2012-4779
	REJECTED
CVE-2012-4778
	REJECTED
CVE-2012-4777 (The code-optimization feature in the reflection implementation in Micr ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Fr ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-4775 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-4774 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-4773 (Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion  ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-4772 (SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 a ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-4771 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS bef ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-4770
	RESERVED
CVE-2012-4769
	RESERVED
CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugi ...)
	NOT-FOR-US: Download Monitor plugin for WordPress
CVE-2012-4767 (An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the se ...)
	NOT-FOR-US: Safend Data Protector Agent
CVE-2012-4766
	RESERVED
CVE-2012-4765
	RESERVED
CVE-2012-4764
	RESERVED
CVE-2012-4763
	RESERVED
CVE-2012-4762
	RESERVED
CVE-2012-4761 (A Privilege Escalation vulnerability exists in the unquoted Service Bi ...)
	NOT-FOR-US: Safend
CVE-2012-4760 (A Privilege Escalation vulnerability exists in the SDBagent service in ...)
	NOT-FOR-US: Safend
CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and  ...)
	NOT-FOR-US: DATEV Grundpaket Basis
CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows  ...)
	NOT-FOR-US: PKZIP
CVE-2010-5273 (Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise  ...)
	NOT-FOR-US: Altova DiffDog 2011 Enterprise
CVE-2010-5272 (Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterpr ...)
	NOT-FOR-US: Altova DatabaseSpy 2011
CVE-2010-5271 (Untrusted search path vulnerability in Altova MapForce 2011 Enterprise ...)
	NOT-FOR-US: Altova MapForce 2011
CVE-2010-5270 (Multiple untrusted search path vulnerabilities in Adobe Device Central ...)
	NOT-FOR-US: Adobe Device Central
CVE-2010-5269 (Untrusted search path vulnerability in tbb.dll in Intel Threading Buil ...)
	NOT-FOR-US: Intel Threading Building Blocks
CVE-2010-5268 (Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 3088 ...)
	NOT-FOR-US: Amazon Kindle for PC
CVE-2010-5267 (Untrusted search path vulnerability in MunSoft Easy Office Recovery 1. ...)
	NOT-FOR-US: MunSoft Easy Office Recovery
CVE-2010-5266 (Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 al ...)
	NOT-FOR-US: VideoCharge Studio
CVE-2010-5265 (Untrusted search path vulnerability in SmartSniff 1.71 allows local us ...)
	NOT-FOR-US: SmartSniff
CVE-2010-5264 (Untrusted search path vulnerability in the CExtDWM::CExtDWM method in  ...)
	NOT-FOR-US: Prof-UIS
CVE-2010-5263 (Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Buil ...)
	NOT-FOR-US: Sothink SWF Decompiler
CVE-2010-5262 (Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in  ...)
	NOT-FOR-US: Gromada Multimedia Conversion Library
CVE-2010-5261 (Untrusted search path vulnerability in SnowFox Total Video Converter 2 ...)
	NOT-FOR-US: SnowFox Total Video Converter
CVE-2010-5260 (Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows ...)
	NOT-FOR-US: Agrin All DVD Ripper
CVE-2010-5259 (Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow  ...)
	NOT-FOR-US: IsoBuster
CVE-2010-5258 (Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 ...)
	NOT-FOR-US: Adobe Audition
CVE-2010-5257 (Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 a ...)
	NOT-FOR-US: ArchiCAD
CVE-2010-5256 (Untrusted search path vulnerability in CDisplay 1.8.1 allows local use ...)
	NOT-FOR-US: CDisplay
CVE-2010-5255 (Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows loca ...)
	NOT-FOR-US: UltraISO
CVE-2010-5254 (Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2 ...)
	NOT-FOR-US: GFI Backup
CVE-2010-5253 (Untrusted search path vulnerability in WinImage 8.50 allows local user ...)
	NOT-FOR-US: WinImage
CVE-2010-5252 (Untrusted search path vulnerability in HTTrack 3.43-9 allows local use ...)
	- httrack <not-affected> (Only affects Windows)
CVE-2010-5251 (Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-5250 (Untrusted search path vulnerability in the pthread_win32_process_attac ...)
	NOT-FOR-US: Pthreads-win32
CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...)
	NOT-FOR-US: Sophos Free Encryption
CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local u ...)
	NOT-FOR-US: UltraVNC
CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 all ...)
	NOT-FOR-US: QtWeb Browser
CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6. ...)
	NOT-FOR-US: Maxthon Browser
CVE-2010-5245 (Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54 ...)
	NOT-FOR-US: PDF-XChange Viewer
CVE-2010-5244 (Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite 201 ...)
	NOT-FOR-US: SiSoftware Sandra
CVE-2010-5243 (Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7 ...)
	NOT-FOR-US: Cyberlink Power2Go
CVE-2010-5242 (Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 ...)
	NOT-FOR-US: Sound Forge Pro
CVE-2010-5241 (Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 201 ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2010-5240 (Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT an ...)
	NOT-FOR-US: Corel PHOTO-PAINT and CorelDRAW
CVE-2010-5239 (Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 a ...)
	NOT-FOR-US: DAEMON Tools Lite and Pro Standard
CVE-2010-5238 (Untrusted search path vulnerability in CyberLink PowerDirector 8.00.30 ...)
	NOT-FOR-US: CyberLink PowerDirector
CVE-2010-5237 (Untrusted search path vulnerability in CyberLink PowerDirector 7 allow ...)
	NOT-FOR-US: CyberLink PowerDirector
CVE-2010-5236 (Untrusted search path vulnerability in Roxio Easy Media Creator Home 9 ...)
	NOT-FOR-US: Roxio Easy Media Creator Home
CVE-2010-5235 (Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows loc ...)
	NOT-FOR-US: IZArc Archiver
CVE-2010-5234 (Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0. ...)
	NOT-FOR-US: Camtasia Studio
CVE-2010-5233 (Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 all ...)
	NOT-FOR-US: Virtual DJ
CVE-2010-5232 (Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows l ...)
	NOT-FOR-US: DivX Plus Player
CVE-2010-5231 (Untrusted search path vulnerability in DivX Player 7.2.019 allows loca ...)
	NOT-FOR-US: DivX Player
CVE-2010-5230 (Multiple untrusted search path vulnerabilities in MicroStation 7.1 all ...)
	NOT-FOR-US: MicroStation
CVE-2010-5229 (Untrusted search path vulnerability in 010 Editor before 3.1.3 allows  ...)
	NOT-FOR-US: 010 Editor
CVE-2010-5228 (Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879  ...)
	NOT-FOR-US: RealPlayer SP
CVE-2010-5227 (Untrusted search path vulnerability in Opera before 10.62 allows local ...)
	NOT-FOR-US: Opera
CVE-2010-5226 (Multiple untrusted search path vulnerabilities in Autodesk Design Revi ...)
	NOT-FOR-US: Autodesk Design Review
CVE-2012-4759 (Untrusted search path vulnerability in facebook_plugin.fpi in the Face ...)
	NOT-FOR-US: Foxit Reader
CVE-2012-4758 (Multiple untrusted search path vulnerabilities in CyberLink PowerProdu ...)
	NOT-FOR-US: CyberLink PowerProducer
CVE-2012-4757 (Multiple untrusted search path vulnerabilities in CyberLink StreamAuth ...)
	NOT-FOR-US: CyberLink StreamAuthor
CVE-2012-4756 (Multiple untrusted search path vulnerabilities in CyberLink LabelPrint ...)
	NOT-FOR-US: CyberLink LabelPrint
CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before 2.6  ...)
	NOT-FOR-US: SciTools Unterstand
CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 10. ...)
	NOT-FOR-US: MindManager
CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before 14 ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2011-5156 (Untrusted search path vulnerability in Effective File Search 6.7 allow ...)
	NOT-FOR-US: Effective File Search
CVE-2011-5155 (Untrusted search path vulnerability in Help &amp; Manual 5.5.1 Build 1 ...)
	NOT-FOR-US: Help & Manual 5.5.1 Build
CVE-2011-5154 (Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and ( ...)
	NOT-FOR-US: SAP GUI
CVE-2011-5153 (Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows  ...)
	NOT-FOR-US: FotoSlate
CVE-2011-5152 (Multiple untrusted search path vulnerabilities in ACDSee Photo Editor  ...)
	NOT-FOR-US: ACDSee Photo Editor
CVE-2011-5151 (Untrusted search path vulnerability in ACDSee Picture Frame Manager 1. ...)
	NOT-FOR-US: ACDSee Picture Frame Manager
CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local  ...)
	NOT-FOR-US: Babylon 8.1.0
CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker 2.2. ...)
	NOT-FOR-US: Cool iPhone Ringtone Maker
CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project Mana ...)
	NOT-FOR-US: Phoenix Project Manager
CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local  ...)
	NOT-FOR-US: Ease Jukebox
CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows lo ...)
	NOT-FOR-US: STDU Explorer
CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 al ...)
	NOT-FOR-US: MEO Encryption Software
CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows loca ...)
	NOT-FOR-US: SmartFTP
CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows lo ...)
	NOT-FOR-US: Dupehunter
CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities 200 ...)
	NOT-FOR-US: TuneUp Utilities
CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 al ...)
	NOT-FOR-US: LINGO
CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 2009. ...)
	NOT-FOR-US: SWiSH Max3
CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 all ...)
	NOT-FOR-US: Fotobook Editor
CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer 8.2.1. ...)
	NOT-FOR-US: Adobe LiveCycle Designer
CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 9. ...)
	NOT-FOR-US: Adobe LiveCycle Designer ES2
CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local use ...)
	NOT-FOR-US: ALSee
CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...)
	NOT-FOR-US: Sorax Reader
CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6. ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) Presentation ...)
	NOT-FOR-US: Kingsoft Office
CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...)
	NOT-FOR-US: CelFrame Office
CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office E ...)
	NOT-FOR-US: ONE Office
CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office A ...)
	NOT-FOR-US: ONE Office
CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1 ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure Enterpris ...)
	NOT-FOR-US: NCP Secure Enterprise
CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allow ...)
	NOT-FOR-US: JetAudio
CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 al ...)
	NOT-FOR-US: MAGIX Samplitude Producer
CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before 1. ...)
	NOT-FOR-US: KeePass 1 (a Windows only program) is not in Debian, only KeePass 2 (multi-OS version of KeePass) and KeePassX (port/rewrite of KeePass)
CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 all ...)
	NOT-FOR-US: PhotoImpact
CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks 20 ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users  ...)
	NOT-FOR-US: Pixia 4.70j
CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before 2. ...)
	- keepass2 <not-affected> (only affects Windows)
CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local user ...)
	NOT-FOR-US: Roxio MyDVD 9
CVE-2012-4410
	REJECTED
CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
	NOTE: False assignment, will be rejected, see #688123
CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict acce ...)
	- owncloud 4.0.7debian-1
	[wheezy] - owncloud 4.0.4debian2-2
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	- otrs2 3.1.7+dfsg1-6
	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
	NOTE: DSA-2733-1
CVE-2012-4750 (A Code Execution vulnerability exists in the memcpy function when proc ...)
	NOT-FOR-US: Ezhometech EzServer
CVE-2012-4749
	RESERVED
CVE-2012-4748
	RESERVED
CVE-2011-3090 (Race condition in Google Chrome before 19.0.1084.46 allows remote atta ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-4746 (Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi i ...)
	NOT-FOR-US: ZTE ZXDSL
CVE-2012-4745 (Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity  ...)
	NOT-FOR-US: Acuity CMS
CVE-2012-4744 (Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche s ...)
	NOT-FOR-US: Zeroboard
CVE-2012-4743 (Multiple SQL injection vulnerabilities in ssearch.php in Siche search  ...)
	NOT-FOR-US: Zeroboard
CVE-2012-4742 (The web_node_register function in web.pm in PacketFence before 3.0.2 m ...)
	NOT-FOR-US: PacketFence
CVE-2012-4741 (The RADIUS extension in PacketFence before 3.3.0 uses a different user ...)
	NOT-FOR-US: PacketFence
CVE-2012-4740 (Cross-site scripting (XSS) vulnerability in the captive portal in Pack ...)
	NOT-FOR-US: PacketFence
CVE-2012-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL V ...)
	NOT-FOR-US: Barracuda SSL VPN
CVE-2012-4738
	RESERVED
CVE-2011-5150 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07  ...)
	NOT-FOR-US: SpamTitan 5.07
CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08  ...)
	NOT-FOR-US: SpamTitan 5.08
CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File Uploa ...)
	NOT-FOR-US: Simple File Upload
CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax  ...)
	NOT-FOR-US: tinymce plugin
CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management (OB ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote at ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in  ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY- ...)
	NOT-FOR-US: DIY CMS
CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards D ...)
	NOT-FOR-US: Pre Studio Business Cards Designer
CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum b0.91 ...)
	NOT-FOR-US: tForum
CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote a ...)
	NOT-FOR-US: tForum
CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE. ...)
	NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the  ...)
	NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterprise  ...)
	NOT-FOR-US: Sophos SafeGuard Enterprise
CVE-2012-4735
	REJECTED
CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4733 (Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the D ...)
	{DSA-2671-1}
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4731 (FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly  ...)
	{DSA-2568-1}
	- rtfm <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4730 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4729 (Wing FTP Server before 4.1.1 allows remote authenticated users to caus ...)
	NOT-FOR-US: Wing FTP Server
CVE-2012-4728 (The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QP ...)
	NOT-FOR-US: Corel Quattro Pro
CVE-2012-4727
	RESERVED
CVE-2012-4726
	REJECTED
CVE-2012-4725
	REJECTED
CVE-2012-4724
	REJECTED
CVE-2012-4723
	REJECTED
CVE-2012-4722
	REJECTED
CVE-2012-4721
	REJECTED
CVE-2012-4720
	REJECTED
CVE-2012-4719
	REJECTED
CVE-2012-4718
	REJECTED
CVE-2012-4717
	REJECTED
CVE-2012-4716 (N-Tron 702-W Industrial Wireless Access Point devices use the same (1) ...)
	NOT-FOR-US: N-Tron 702-W Industrial Wireless Access Point
CVE-2012-4715 (Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enter ...)
	NOT-FOR-US: Rockwell Automation RSLinx Enterprise
CVE-2012-4714 (Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryT ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2012-4713 (Integer signedness error in RNADiagnostics.dll in Rockwell Automation  ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2012-4712 (Moxa EDR-G903 series routers with firmware before 2.11 have a hardcode ...)
	NOT-FOR-US: Moxa EDR-G903
CVE-2012-4711 (Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingVie ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-4710 (Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attack ...)
	NOT-FOR-US: Invensys Wonderware Win-XML Exporter
CVE-2012-4709 (Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote atta ...)
	NOT-FOR-US: Invensys
CVE-2012-4708 (Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9. ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4707 (3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to e ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4706 (Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27  ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4705 (Directory traversal vulnerability in 3S CODESYS Gateway-Server before  ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4704 (Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows  ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4703 (The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2012-4702 (360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hard ...)
	NOT-FOR-US: 360 Systems Maxx, Image Server Maxx, and Image Server
CVE-2012-4701 (Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and  ...)
	NOT-FOR-US: Tridium Niagara
CVE-2012-4700 (Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in Int ...)
	NOT-FOR-US: IntegraXor SCADA Server
CVE-2012-4699
	REJECTED
CVE-2012-4698 (Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS  ...)
	NOT-FOR-US: Siemens RuggedCom Rugged Operating System
CVE-2012-4697 (TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have har ...)
	NOT-FOR-US: TURCK Programmable Gateway
CVE-2012-4696 (Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and ...)
	NOT-FOR-US: Beijer
CVE-2012-4695 (LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR ...)
	NOT-FOR-US: Rockwell Automation RSLinx Enterprise
CVE-2012-4694 (Moxa EDR-G903 series routers with firmware before 2.11 do not use a su ...)
	NOT-FOR-US: Moxa EDR-G903
CVE-2012-4693 (Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSui ...)
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2012-4692
	REJECTED
CVE-2012-4691 (Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x be ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2012-4690 (Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 14 ...)
	NOT-FOR-US: Rockwell
CVE-2012-4689 (Integer overflow in CimWebServer.exe in GE Intelligent Platforms Profi ...)
	NOT-FOR-US: Proficy
CVE-2012-4688 (The Central application in i-GEN opLYNX before 2.01.9 allows remote at ...)
	NOT-FOR-US: Central application in i-GEN opLYNX
CVE-2012-4687 (Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficien ...)
	NOT-FOR-US: Post Oak
CVE-2012-4686 (SQL injection vulnerability in announcement.php in vBulletin 4.1.10 al ...)
	NOT-FOR-US: vBulletin
CVE-2012-4685 (Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP ...)
	NOT-FOR-US: Arbor Networks Peakflow SP
CVE-2012-4684 (The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 suppor ...)
	- bitcoin 0.7.2-1
CVE-2012-4683 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers  ...)
	- bitcoin 0.7.2-1 (bug #688813)
CVE-2012-4682 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers  ...)
	- bitcoin 0.7.2-1 (bug #688813)
CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allo ...)
	NOT-FOR-US: EPractize Labs Subscription Manager
CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...)
	NOT-FOR-US: DoceboLMS
CVE-2011-5134 (Unrestricted file upload vulnerability in editor/extensions/browser/fi ...)
	NOT-FOR-US: JCE component for Joomla!
CVE-2011-5133 (Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and  ...)
	NOT-FOR-US: MyBB
CVE-2011-5132 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows r ...)
	NOT-FOR-US: MyBB
CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...)
	NOT-FOR-US: Family Connections CMS
CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...)
	- xchat <unfixed> (unimportant; bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize  ...)
	NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-XXXX
	- juju 0.5.1-2 (bug #685728)
CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) compone ...)
	- openjdk-7 7u3-2.1.2-1
	- openjdk-6 <not-affected>
CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...)
	NOT-FOR-US: IOServer
CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoo ...)
	- newscoop <itp> (bug #604113)
CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, whi ...)
	- munin 2.0~rc6-1 (low; bug #668667)
	[squeeze] - munin <not-affected> (Only affects 2.x branch)
CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain privilege ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
	NOT-FOR-US: PluXml
CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
	NOT-FOR-US: PluXml
CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in  ...)
	NOT-FOR-US: Neoinvoice
CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
	NOT-FOR-US: Apple iChat Server
CVE-2012-4671 (psyced before 20120821 does not verify that a request was made for an  ...)
	NOT-FOR-US: psyced
CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request was mad ...)
	NOT-FOR-US: Tigase
CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify ...)
	NOT-FOR-US: M-Link
CVE-2012-4666
	RESERVED
CVE-2012-4665
	RESERVED
CVE-2012-4664
	RESERVED
CVE-2012-4663 (The DCERPC inspection engine on Cisco Adaptive Security Appliances (AS ...)
	NOT-FOR-US: Cisco
CVE-2012-4662 (The DCERPC inspection engine on Cisco Adaptive Security Appliances (AS ...)
	NOT-FOR-US: Cisco
CVE-2012-4661 (Stack-based buffer overflow in the DCERPC inspection engine on Cisco A ...)
	NOT-FOR-US: Cisco
CVE-2012-4660 (The SIP inspection engine on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2012-4659 (The AAA functionality in the IPv4 SSL VPN implementations on Cisco Ada ...)
	NOT-FOR-US: Cisco
CVE-2012-4658 (The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4657
	RESERVED
CVE-2012-4656
	RESERVED
CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2012-4654
	RESERVED
CVE-2012-4653
	RESERVED
CVE-2012-4652
	RESERVED
CVE-2012-4651 (Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote att ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4650
	RESERVED
CVE-2012-4649
	RESERVED
CVE-2012-4648
	RESERVED
CVE-2012-4647
	RESERVED
CVE-2012-4646
	RESERVED
CVE-2012-4645
	RESERVED
CVE-2012-4644
	RESERVED
CVE-2012-4643 (The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 serie ...)
	NOT-FOR-US: Cisco
CVE-2012-4642
	RESERVED
CVE-2012-4641
	RESERVED
CVE-2012-4640
	RESERVED
CVE-2012-4639
	RESERVED
CVE-2012-4638 (Cisco IOS before 15.1(1)SY allows local users to cause a denial of ser ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4637
	RESERVED
CVE-2012-4636
	RESERVED
CVE-2012-4635
	RESERVED
CVE-2012-4634
	RESERVED
CVE-2012-4633
	RESERVED
CVE-2012-4632
	RESERVED
CVE-2012-4631
	RESERVED
CVE-2012-4630
	RESERVED
CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2012-4628
	RESERVED
CVE-2012-4627
	RESERVED
CVE-2012-4626
	RESERVED
CVE-2012-4625
	RESERVED
CVE-2012-4624
	RESERVED
CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, wh ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4619 (The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data Protection ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardc ...)
	NOT-FOR-US: EMC
CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration Manager  ...)
	NOT-FOR-US: EMC
CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 d ...)
	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Ma ...)
	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
CVE-2012-4611 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptiv ...)
	NOT-FOR-US: EMC
CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server root pass ...)
	NOT-FOR-US: VMware
CVE-2012-4609 (The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows ...)
	NOT-FOR-US: EMC RSA NetWitness Informer
CVE-2012-4608 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...)
	NOT-FOR-US: EMC RSA NetWitness Informer
CVE-2012-4607 (Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7 ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2 ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1  ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before  ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5123 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5122 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5121 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5120 (The Antivirus component in Comodo Internet Security before 5.4.189822. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before 5.8.211697 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before 5.8.213334 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management Consol ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG b ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 be ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sens ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running o ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-5186 (The Antivirus component in Comodo Internet Security before 4.1.150349. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5185 (The Antivirus component in Comodo Internet Security before 5.3.174622. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite 3 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on W ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows X ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro 201 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP all ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on W ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Wi ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite 1.5.1 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on Wind ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security 201 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Wind ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 200 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0. ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP a ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windo ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on Wi ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows X ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0. ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.5 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Wind ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on W ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2  ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before 6 ...)
	NOT-FOR-US: Websense
CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not rec ...)
	NOT-FOR-US: Websense
CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote  ...)
	NOT-FOR-US: Websense
CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to  ...)
	NOT-FOR-US: Websense
CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to  ...)
	NOT-FOR-US: Websense
CVE-2009-5127 (The Antivirus component in Comodo Internet Security before 3.8.64739.4 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5126 (The Antivirus component in Comodo Internet Security before 3.8.65951.4 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers  ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5124 (The Antivirus component in Comodo Internet Security before 3.11.108364 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5123 (The Antivirus component in Comodo Internet Security before 3.11.108364 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2012-4667 (Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x ...)
	- squidclamav <removed> (bug #685398)
CVE-2012-4606 (Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Cri ...)
	NOT-FOR-US: Citrix XenServer
CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, S ...)
	NOT-FOR-US: Sophos SafeGuard
CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11 ...)
	NOT-FOR-US: SetSeed CMS
CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and  ...)
	NOT-FOR-US: DLguard
CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the Authoritati ...)
	NOT-FOR-US: DLguard
CVE-2011-5113 (SQL injection vulnerability in frontend/models/techfoliodetail.php in  ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component before  ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang ...)
	NOT-FOR-US: Kajian Website CMS
CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earl ...)
	NOT-FOR-US: Blogs Manager
CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and ...)
	NOT-FOR-US: Freelancer calendar
CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0 ...)
	NOT-FOR-US: AdaptCMS
CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Be ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...)
	NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus
CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-l ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script all ...)
	NOT-FOR-US: Alurian Prismotube PHP Video Script
CVE-2012-4605 (The default configuration of the SMTP component in Websense Email Secu ...)
	NOT-FOR-US: Websense Email Security
CVE-2012-4604 (The TRITON management console in Websense Web Security before 7.6 Hotf ...)
	NOT-FOR-US: Websense Web Security
CVE-2012-4603 (Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix  ...)
	NOT-FOR-US: Citrix
CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_ ...)
	NOT-FOR-US: Nicola Asuni TCExam
CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 1 ...)
	NOT-FOR-US: Nicola Asuni TCExam
CVE-2012-4600 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DSA-2536-1}
	- otrs2 3.1.7+dfsg1-5
CVE-2011-5102 (The Investigative Reports web interface in the TRITON management conso ...)
	NOT-FOR-US: Websense
CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x be ...)
	NOT-FOR-US: Websense
CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set t ...)
	NOT-FOR-US: Websense
CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...)
	NOT-FOR-US: Websense
CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...)
	NOT-FOR-US: Websense
CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before 6 ...)
	NOT-FOR-US: Websense
CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security ...)
	NOT-FOR-US: Websense
CVE-2009-5122 (The Personal Email Manager component in Websense Email Security before ...)
	NOT-FOR-US: Websense
CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote attackers to ...)
	NOT-FOR-US: Websense
CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager in Webs ...)
	NOT-FOR-US: Websense
CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in Webs ...)
	NOT-FOR-US: Websense
CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...)
	{DSA-3248-1 DLA-357-1}
	- libphp-snoopy 2.0.0-1 (bug #778634)
	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
	NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3 does not  ...)
	NOT-FOR-US: Websense
CVE-2012-4599 (McAfee SmartFilter Administration, and SmartFilter Administration Bess ...)
	NOT-FOR-US: McAfee SmartFilter Administration
CVE-2012-4598 (An unspecified ActiveX control in McAfee Virtual Technician (MVT) befo ...)
	NOT-FOR-US: McAfee Virtual Technician
CVE-2012-4597 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web Secur ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4596 (Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0  ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2012-4595 (McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 throug ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4594 (McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote auth ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2012-4593 (McAfee Application Control and Change Control 5.1.x and 6.0.0 do not e ...)
	NOT-FOR-US: McAfee Application Control and Change Control
CVE-2012-4592 (The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 doe ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4591 (About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) b ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4590 (Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in t ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4589 (Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) b ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4588 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server b ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4587 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server b ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4586 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4585 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4584 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4583 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4582 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4581 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4580 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web Secur ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4579 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...)
	- phpmyadmin 4:3.4.11.1-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2012-4578 (The geli encryption provider 7 before r239184 on FreeBSD 10 uses a wea ...)
	- freebsd-utils <not-affected> (only affects dev version of 10)
	NOTE: not sure if the bug is in the userland tool or in the kernel device
CVE-2012-4577 (The Linux firmware image on (1) Korenix Jetport 5600 series serial-dev ...)
	NOT-FOR-US: Korenix Jetport 5600
CVE-2012-4576 (FreeBSD: Input Validation Flaw allows local users to gain elevated pri ...)
	- kfreebsd-8 8.3-6 (bug #694096)
	- kfreebsd-9 9.0-9 (bug #694097)
	- kfreebsd-10 10.0~svn252032-1 (bug #694098)
	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze4
CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler 1.5.2 f ...)
	- pgbouncer 1.5.2-4
	[squeeze] - pgbouncer <no-dsa> (Minor issue)
CVE-2012-4574 (Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions  ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (20 ...)
	- glance 2012.1.1-2 (bug #692641)
CVE-2012-4572 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and J ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-4571 (Python Keyring 0.9.1 does not securely initialize the cipher when encr ...)
	- python-keyring 0.9.2-1 (bug #675379)
	[wheezy] - python-keyring 0.7.1-1+deb7u1
	[squeeze] - python-keyring <no-dsa> (Minor issue)
CVE-2012-4570 (SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in L ...)
	- php-letodms-core 3.3.8-1
CVE-2012-4569 (Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr. ...)
	- letodms 3.3.9+dfsg-1
CVE-2012-4568 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS  ...)
	- letodms 3.3.9+dfsg-1
CVE-2012-4567 (Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (former ...)
	- letodms 3.3.9+dfsg-1
CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify  ...)
	{DSA-2573-1}
	- radsecproxy 1.6.2-1
CVE-2012-4565 (The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux ...)
	- linux 3.2.35-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize funct ...)
	{DSA-2575-1}
	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
	- tiff 4.0.2-5 (bug #692345)
CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2 ...)
	- gwt <removed> (bug #691900)
	[squeeze] - gwt <not-affected> (Vulnerable code not present)
CVE-2012-4562 (Multiple integer overflows in libssh before 0.5.3 allow remote attacke ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
CVE-2012-4561 (The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
CVE-2012-4560 (Multiple buffer overflows in libssh before 0.5.3 allow remote attacker ...)
	- libssh 0.5.3-1
	[squeeze] - libssh <not-affected> (Vulnerable code not present)
CVE-2012-4559 (Multiple double free vulnerabilities in the (1) agent_sign_data functi ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the balancer_ha ...)
	{DSA-2637-1}
	- apache2 2.2.22-13 (low)
CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2. ...)
	{DSA-2579-1}
	- apache2 2.2.22-1
CVE-2012-4556 (The token processing system (pki-tps) in Red Hat Certificate System (R ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-4555 (The token processing system (pki-tps) in Red Hat Certificate System (R ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote OpenID serve ...)
	- drupal7 7.14-1.1 (bug #690817)
	- drupal6 <not-affected> (according to upstream)
	NOTE: http://drupal.org/node/1815912
CVE-2012-4553 (Drupal 7.x before 7.16 allows remote attackers to obtain sensitive inf ...)
	- drupal7 7.14-1.1 (bug #690817)
	- drupal6 <not-affected> (according to upstream)
	NOTE: http://drupal.org/node/1815912
CVE-2012-4552 (Stack-based buffer overflow in the error function in ssg/ssgParser.cxx ...)
	- plib 1.8.5-6 (low; bug #694810)
	[squeeze] - plib <no-dsa> (Minor issue)
CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows r ...)
	NOT-FOR-US: libunity-webapps
CVE-2012-4550 (JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before  ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4549 (The processInvocation function in org.jboss.as.ejb3.security.Authoriza ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0 ...)
	- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unkn ...)
	- awstats <not-affected>
	NOTE: awredir.pl is not installed into the binary package
CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise Linux  ...)
	NOT-FOR-US: FreeIPA
CVE-2012-4545 (The http_negotiate_create_context function in protocol/http/http_negot ...)
	{DSA-2592-1}
	- elinks 0.12~pre5-9
CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the siz ...)
	{DSA-2636-1}
	- xen 4.1.3-4 (low; bug #688125)
CVE-2012-4543 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certifi ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-4542 (block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly c ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	NOTE: No upstream fix seems to be planned/treated as non-issue. Marking as unimportant
CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows re ...)
	- piwik <itp> (bug #506933)
CVE-2012-4540 (Off-by-one error in the invoke function in IcedTeaScriptablePluginObje ...)
	{DSA-2768-1}
	- icedtea-web 1.3.1-1 (bug #692608)
	NOTE: http://seclists.org/oss-sec/2012/q4/237
CVE-2012-4539 (Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hyper ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4538 (The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not  ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4537 (Xen 3.4 through 4.2, and possibly earlier versions, does not properly  ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4536 (The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in  ...)
	- xen 4.1.3-4
	[squeeze] - xen <not-affected> (Only affects 4.1.x)
CVE-2012-4535 (Xen 3.4 through 4.2, and possibly earlier versions, allows local guest ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4534 (org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x befor ...)
	- tomcat7 7.0.28-1 (bug #695251)
	- tomcat6 6.0.35-6 (bug #695250)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.4 (low; bug #691062)
CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...)
	NOT-FOR-US: Joomla!
CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel bef ...)
	- linux 3.2.35-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4529 (The org.apache.catalina.connector.Response.encodeURL method in Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server allow ...)
	- modsecurity-apache 2.6.6-5 (bug #691146)
	- libapache-mod-security <removed>
	[squeeze] - libapache-mod-security <no-dsa> (Minor issue)
CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-as ...)
	- mcrypt 2.6.8-1.3 (unimportant; bug #690924)
	NOTE: patch proposed by submitter at RH bugzilla is incorrect
	NOTE: Only occurs in cmdline parsing, no priv escalation. Only a security issue in constructed setups
CVE-2012-4526 (piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) ...)
	- piwigo <not-affected> (incomplete fix not applied to Debian package)
	[squeeze] - piwigo <not-affected> (vulnerable code not present)
CVE-2012-4525 (piwigo has XSS in password.php ...)
	- piwigo <removed>
	[squeeze] - piwigo <not-affected> (vulnerable code not present)
CVE-2012-4524 (xlockmore before 5.43 'dclock' security bypass vulnerability ...)
	- xlockmore <removed> (low)
CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when th ...)
	{DSA-2573-1}
	- radsecproxy 1.6.2-1
CVE-2012-4522 (The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlev ...)
	{DLA-235-1}
	- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
	- ruby1.9.1 1.9.3.194-3 (bug #690670)
CVE-2012-4521 [rejected dupe assignment]
	REJECTED
CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before 1 ...)
	{DSA-2634-1}
	- python-django 1.4.2-1 (bug #691145)
CVE-2012-4519 (Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. ...)
	NOT-FOR-US: Zenphoto
CVE-2012-4518 (ibacm 1.0.7 creates files with world-writable permissions, which allow ...)
	NOT-FOR-US: ibacm
CVE-2012-4517 (ibacm before 1.0.6 does not properly manage reference counts for multi ...)
	NOT-FOR-US: ibacm
CVE-2012-4516 (librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6 ...)
	- librdmacm 1.0.16-1 (bug #690672)
	[squeeze] - librdmacm <not-affected> (Introduced in 1.0.12)
	[wheezy] - librdmacm 1.0.15-1+deb7u1
CVE-2012-4515 (Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows  ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remot ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21 automatically  ...)
	- libsocialweb 0.25.20-3.1 (low; bug #690675)
	[wheezy] - libsocialweb 0.25.20-2.1
CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...)
	{DSA-2562-1}
	- cups-pk-helper 0.2.3-1
CVE-2012-4509
	RESERVED
CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16  ...)
	{DSA-2668-1}
	- linux 3.2.35-1
	- linux-2.6 <removed>
CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
	- claws-mail 3.8.1-2 (low; bug #690151)
	[squeeze] - claws-mail 3.7.6-4+squeeze1
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
	NOTE: www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1165
CVE-2012-4506 (Directory traversal vulnerability in gitolite 3.x before 3.1, when wil ...)
	- gitolite <not-affected> (Only affects 3.x releases)
	NOTE: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion
	NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c  ...)
	{DSA-2571-1}
	- libproxy 0.3.1-5.1 (bug #690376)
CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in ...)
	- libproxy <not-affected> (Vulnerable code not present)
	NOTE: 0.4-only issue, fixed in newest upstream 0.4.9
CVE-2012-4503 (cmdmon.c in Chrony before 1.29 allows remote attackers to obtain poten ...)
	{DSA-2760-1}
	- chrony 1.29-1 (bug #719203)
CVE-2012-4502 (Multiple integer overflows in pktlength.c in Chrony before 1.29 allow  ...)
	{DSA-2760-1}
	- chrony 1.29-1 (bug #719203)
CVE-2012-4501 (Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows ...)
	NOT-FOR-US: CloudStack
CVE-2012-4500 (The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remo ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4499 (The contact formatter page in the Email Field module 6.x-1.x before 6. ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4498 (The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properl ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4497 (Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in t ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4496 (Cross-site scripting (XSS) vulnerability in the Custom Publishing Opti ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4495 (The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not proper ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4494 (The Shibboleth authentication module 7.x-4.0 for Drupal does not prope ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4493 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4492 (Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URL ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4491 (The Monthly Archive by Node Type module 6.x for Drupal does not proper ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4490 (Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Us ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4489 (Open redirect vulnerability in the securelogin_secure_redirect functio ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4488 (The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 f ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4487 (The Subuser module before 6.x-1.8 for Drupal does not properly check " ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4486 (Cross-site request forgery (CSRF) vulnerability in the Subuser module  ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4485 (Multiple cross-site scripting (XSS) vulnerabilities in the galleryform ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4484 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4483 (The commons_discussion_views_default_views function in modules/feature ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal does n ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent attacker ...)
	- ruby1.8 1.8.7.358-5 (bug #689945)
	[squeeze] - ruby1.8 <not-affected> (problematic code not present)
CVE-2012-4480 (mom creates world-writable pid files in /var/run ...)
	NOT-FOR-US: mom
CVE-2012-4479 (SQL injection vulnerability in the Drag &amp; Drop Gallery module 6.x  ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4478 (Cross-site request forgery (CSRF) vulnerability in the Drag &amp; Drop ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4477 (Unspecified vulnerability in the Drag &amp; Drop Gallery module 6.x fo ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4476 (Cross-site scripting (XSS) vulnerability in the Drag &amp; Drop Galler ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4475 (The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7. ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4474 (Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox No ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4473 (The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal a ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4472 (Unrestricted file upload vulnerability in upload.php in the Drag &amp; ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4471 (The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does  ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4470 (The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not prop ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4469 (Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2. ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4468 (Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x- ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket. ...)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.3)
	- linux <not-affected> (Vulnerable code introduced in 3.3)
CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...)
	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
	[squeeze] - ruby1.9.1 <not-affected> (Minor issue, please recheck)
CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...)
	- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...)
	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
	[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_ ...)
	- mc 3:4.8.8-1 (low; bug #689571)
	[wheezy] - mc <no-dsa> (Minor issue)
	[squeeze] - mc <no-dsa> (Minor issue)
CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...)
	- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ho ...)
	{DSA-2668-1}
	- linux-2.6 <removed>
	- linux 3.2.35-1
CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer c ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote at ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 do ...)
	- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Es ...)
	- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable  ...)
	- opencryptoki 3.4.1+dfsg-1 (low; bug #689417)
	[jessie] - opencryptoki <no-dsa> (Minor issue)
	[squeeze] - opencryptoki <no-dsa> (Minor issue)
	[wheezy] - opencryptoki <no-dsa> (Minor issue)
CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...)
	- opencryptoki 3.4.1+dfsg-1 (low; bug #689417)
	[jessie] - opencryptoki <no-dsa> (Minor issue)
	[squeeze] - opencryptoki <no-dsa> (Minor issue)
	[wheezy] - opencryptoki <no-dsa> (Minor issue)
CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16  ...)
	- dracut 020-1.1 (low; bug #688956)
	[squeeze] - dracut <no-dsa> (Minor issue)
CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local  ...)
	- mysql-dfsg-5.0 <not-affected> (Debian never included that 5.0.88 release)
CVE-2012-4451 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework  ...)
	- zendframework <not-affected> (Vulnerable code introduced in 2.x, #688946)
CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...)
	- 389-ds-base 1.2.11.15-1 (bug #688942)
	NOTE: Upstream ticket https://fedorahosted.org/389/ticket/340
	NOTE: Upstream patch http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
CVE-2012-4449 (Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 ge ...)
	- hadoop <itp> (bug #793644)
CVE-2012-4448 (Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php  ...)
	- wordpress 3.5.1+dfsg-2 (low; bug #689031)
	[squeeze] - wordpress <no-dsa> (Minor issue)
	[wheezy] - wordpress <no-dsa> (Minor issue)
CVE-2012-4447 (Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 a ...)
	{DSA-2561-1}
	- tiff 4.0.2-4 (bug #688944)
	- tiff3 3.9.6-9 (bug #688944)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the f ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment func ...)
	{DSA-2557-1}
	- hostapd <removed>
	- wpa 1.0-3 (bug #689990)
CVE-2012-4444 (The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kern ...)
	- linux 2.6.36-1~experimental.1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of roo ...)
	- monkey <removed> (unimportant; bug #688008)
CVE-2012-4442 (Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the ro ...)
	- monkey <removed> (unimportant; bug #688007)
CVE-2012-4441 (Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before ...)
	- jenkins <not-affected> (Plugin not built in Debian source package)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4440 (Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before ...)
	- jenkins <not-affected> (Plugin not built in Debian source package)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4439 (Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before ...)
	- jenkins 1.447.2+dfsg-2 (bug #688298)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4438 (Jenkins main before 1.482 and LTS before 1.466.2 allows remote attacke ...)
	- jenkins 1.447.2+dfsg-2 (bug #688298)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class  ...)
	- smarty3 3.1.10-2 (bug #688153)
	- smarty <removed> (bug #702710)
	[squeeze] - smarty 2.6.26-0.2+squeeze1
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
	NOTE: http://secunia.com/advisories/50589/
	NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
	NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658
	NOTE: https://code.google.com/p/smarty-php/source/detail?r=4660
CVE-2012-4436 (Buffer overflow in the run_last_args function in client/fwknop.c in fw ...)
	- fwknop 2.0.3-1 (bug #688151)
	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
	NOTE: http://seclists.org/oss-sec/2012/q3/509
	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc
CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, which all ...)
	- fwknop 2.0.3-1 (bug #688151)
	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
	NOTE: http://seclists.org/oss-sec/2012/q3/509
	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799
CVE-2012-4434 (fwknop before 2.0.3 allow remote authenticated users to cause a denial ...)
	- fwknop 2.0.3-1 (bug #688151)
	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
	NOTE: http://seclists.org/oss-sec/2012/q3/509
	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22
CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in GEGL ( ...)
	- gegl 0.2.0-2+nmu1 (bug #692435)
	[squeeze] - gegl <not-affected> (PPM code not yet present)
	NOTE: http://seclists.org/oss-sec/2012/q4/215
CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x be ...)
	- optipng <not-affected> (Introduced in 0.7, bug #687998)
CVE-2012-4431 (org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...)
	- tomcat7 7.0.28-4 (bug #695251)
	- tomcat6 6.0.35-6 (bug #695250)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...)
	{DSA-2558-1}
	- bacula 5.2.6+dfsg-4 (bug #687923)
	[wheezy] - bacula 5.2.6+dfsg-2.1
	NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read cl ...)
	- vino 3.8.1-1 (bug #687596; low)
	[squeeze] - vino <no-dsa> (Minor issue)
	[wheezy] - vino <no-dsa> (Minor issue)
CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerability ...)
	{DLA-304-1}
	- openslp-dfsg 1.2.1-10 (bug #687597; low)
	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
	[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
	- gnome-shell <unfixed> (unimportant)
	NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
	NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...)
	- mcrypt 2.6.8-1.1
	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk  ...)
	- spice-gtk 0.12-5 (bug #689155)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-94 (low; bug #689423)
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2  ...)
	- libvirt 0.9.12-5 (bug #687598)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...)
	- wordpress 3.4.2+dfsg-1
CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...)
	- wordpress 3.4.2+dfsg-1
CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virtual M ...)
	NOT-FOR-US: Duplicate of CVE-2012-4416
CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...)
	{DSA-2548-1}
	- tor 0.2.3.22-rc-1
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
	NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
CVE-2012-4418 (Apache Axis2 allows remote attackers to forge messages and bypass auth ...)
	NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis
CVE-2012-4417 (GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local u ...)
	- glusterfs 3.2.7-5 (low; bug #693112)
	[wheezy] - glusterfs <no-dsa> (Minor issue)
	[squeeze] - glusterfs <no-dsa> (Minor issue)
CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...)
	- libguac 0.6.0-2 (medium)
	NOTE: maintainer contacted us, working on update
	NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac
CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in Orac ...)
	- mysql-5.1 5.1.72-1 (low; bug #687484)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
	- mysql-5.5 5.5.30+dfsg-1 (bug #687485)
CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...)
	- keystone 2012.1.1-6 (bug #687428)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-94 (low; bug #687530)
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ad ...)
	{DSA-2543-1}
	- xen 4.1.3-2
	- xen-qemu-dm-4.0 <removed>
	[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
CVE-2012-4409 (Stack-based buffer overflow in the check_file_head function in extra.c ...)
	- mcrypt 2.6.8-1.1
	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
	NOTE: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html
CVE-2012-4408 (course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4407 (lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and  ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function  ...)
	- swift 1.4.8-2 (bug #686812)
CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in Interna ...)
	{DSA-2595-1}
	- argyll 1.4.0-7 (bug #687275)
	[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
	- ghostscript 9.05~dfsg-6.1 (bug #687274)
CVE-2012-4404 (security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly h ...)
	{DSA-2538-1}
	- moin 1.9.4-8
	NOTE: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
CVE-2012-4403 (theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly con ...)
	- moodle <not-affected> (Only affects >= 2.3)
CVE-2012-4402 (webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, a ...)
	- moodle 2.2.3.dfsg-2.3 (bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4401 (Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authent ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-4400 (repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x  ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-4399 (The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 all ...)
	- cakephp <not-affected> (Does not affect 1.3)
	NOTE: http://seclists.org/bugtraq/2012/Jul/101
	NOTE: http://web.archive.org/web/20140822011643/http://bakery.cakephp.org:80/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
CVE-2012-4398 (The __request_module function in kernel/kmod.c in the Linux kernel bef ...)
	- linux 3.2.35-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.1debian-1
CVE-2012-4396 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.2debian-1
CVE-2012-4395 (Cross-site scripting (XSS) vulnerability in index.php in ownCloud befo ...)
	- owncloud 4.0.3debian-1
CVE-2012-4394 (Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js  ...)
	- owncloud 4.0.5debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4393 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4392 (index.php in ownCloud 4.0.7 does not properly validate the oc_token co ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4391 (Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4390 ((1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/rem ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4388 (The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4 ...)
	- php5 5.4.1~rc1-1
	[squeeze] - php5 <not-affected> (CVE-2011-1398 was never fixed in squeeze)
CVE-2012-4387 (Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a d ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
	NOTE: http://struts.apache.org/2.x/docs/s2-011.html
CVE-2012-4386 (The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does no ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
	NOTE: http://struts.apache.org/2.x/docs/s2-010.html
CVE-2012-4385 (letodms 3.3.6 has CSRF via change password ...)
	- letodms 3.3.7+dfsg-1 (bug #689664)
CVE-2012-4384 (letodms has multiple XSS issues: Reflected XSS in Login Page, Stored X ...)
	- letodms 3.3.7+dfsg-1 (bug #689664)
CVE-2012-4383 (contao prior to 2.11.4 has a sql injection vulnerability ...)
	NOT-FOR-US: Contao
CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly pr ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attack ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 an ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4376
	RESERVED
CVE-2012-4375
	RESERVED
CVE-2012-4374
	RESERVED
CVE-2012-4373
	RESERVED
CVE-2012-4372
	RESERVED
CVE-2012-4371
	RESERVED
CVE-2012-4370
	RESERVED
CVE-2012-4369
	RESERVED
CVE-2012-4368
	RESERVED
CVE-2012-4367
	RESERVED
CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v ...)
	NOT-FOR-US: Belkin wireless routers
CVE-2012-4365
	RESERVED
CVE-2012-4364
	RESERVED
CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 a ...)
	NOT-FOR-US: McAfee
CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13 does not ...)
	NOT-FOR-US: McAfee
CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable t ...)
	NOT-FOR-US: McAfee
CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan Enterprise bef ...)
	NOT-FOR-US: McAfee
CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss Prevention (D ...)
	NOT-FOR-US: McAfee
CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement clien ...)
	NOT-FOR-US: McAfee
CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 ...)
	NOT-FOR-US: McAfee
CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 al ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has  ...)
	NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN  ...)
	NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0 ...)
	NOT-FOR-US: mod_pagespeed
CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA b ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA b ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 an ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog  ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pr ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4352 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNe ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-4351 (Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encry ...)
	NOT-FOR-US: Symantec
CVE-2012-4350 (Multiple unquoted Windows search path vulnerabilities in the (1) Manag ...)
	NOT-FOR-US: Symantec Enterprise Security Manager
CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access  ...)
	NOT-FOR-US: Symantec Network Access Control
CVE-2012-4348 (The management console in Symantec Endpoint Protection (SEP) 11.0 befo ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-4347 (Multiple directory traversal vulnerabilities in the management console ...)
	NOT-FOR-US: Symantec
CVE-2012-4346
	RESERVED
CVE-2012-4345 (Multiple cross-site scripting (XSS) vulnerabilities in the Database St ...)
	- phpmyadmin 4:3.4.11.1-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2012-4344 (Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.0 ...)
	NOT-FOR-US: Ipswitch
CVE-2012-4343 (Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow a ...)
	- gallery3 <itp> (bug #511715)
CVE-2012-4342 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 befor ...)
	- gallery3 <itp> (bug #511715)
CVE-2012-4341 (Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeav ...)
	NOT-FOR-US: SAP NetWeaver ABAP
CVE-2012-4340 (Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 ...)
	NOT-FOR-US: Sybase
CVE-2012-4339
	RESERVED
CVE-2012-4338
	RESERVED
CVE-2012-4337 (Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote atta ...)
	NOT-FOR-US: Foxit Reader
CVE-2012-4336 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fl ...)
	NOT-FOR-US: Flogr 2.5.6
CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a de ...)
	NOT-FOR-US: Samsung NET-i
CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWCo ...)
	NOT-FOR-US: Samsung NET-i
CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method in the ...)
	NOT-FOR-US: Samsung NET-i
CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers t ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x bef ...)
	{DSA-2461-1}
	- spip 2.1.13-1
CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote attacke ...)
	NOT-FOR-US: Samsung D6000 TV
CVE-2012-4329 (The Samsung D6000 TV and possibly other products allow remote attacker ...)
	NOT-FOR-US: Samsung D6000 TV
CVE-2012-4328 (Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through ...)
	NOT-FOR-US: vBulletin
CVE-2012-4327 (Unspecified vulnerability in the Image News slider plugin before 3.3 f ...)
	NOT-FOR-US: Image News slider plugin for WordPress
CVE-2012-4326 (Cross-site request forgery (CSRF) vulnerability in commonsettings.php  ...)
	NOT-FOR-US: AlstraSoft Site Uptime Enterprise
CVE-2012-4325 (Cross-site request forgery (CSRF) vulnerability in upload/users.php in ...)
	NOT-FOR-US: Utopia News Pro
CVE-2012-4324 (Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation ...)
	NOT-FOR-US: PHPJabbers Vacation Rental Script
CVE-2012-4323
	RESERVED
CVE-2012-4322
	RESERVED
CVE-2012-4321
	RESERVED
CVE-2012-4320
	RESERVED
CVE-2012-4319
	RESERVED
CVE-2012-4318
	RESERVED
CVE-2012-4317
	RESERVED
CVE-2012-4316
	RESERVED
CVE-2012-4315
	RESERVED
CVE-2012-4314
	RESERVED
CVE-2012-4313
	RESERVED
CVE-2012-4312
	RESERVED
CVE-2012-4311
	RESERVED
CVE-2012-4310
	RESERVED
CVE-2012-4309
	RESERVED
CVE-2012-4308
	RESERVED
CVE-2012-4307
	RESERVED
CVE-2012-4306
	RESERVED
CVE-2012-4305 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-4304
	RESERVED
CVE-2012-4303 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-4302
	RESERVED
CVE-2012-4301 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-4300
	RESERVED
CVE-2012-4299
	RESERVED
CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/di ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.6.x and 1.8.x)
CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissect ...)
	{DSA-2590-1}
	- wireshark 1.8.2-1
CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in  ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ep ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in  ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in  ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.1 ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6. ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x b ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/ ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1 ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap- ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the D ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4284 (A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac  ...)
	NOT-FOR-US: Viscosity
CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter (m ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...)
	NOT-FOR-US: Login With Ajax plugin for Wordpress
CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows r ...)
	NOT-FOR-US: Trombinoscope 3.5
CVE-2012-4281 (Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow ...)
	NOT-FOR-US: Travelon Express 6.2.2
CVE-2012-4280 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/ag ...)
	NOT-FOR-US: Free Realty 3.1-0.6
CVE-2012-4279 (Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow re ...)
	NOT-FOR-US: Free Realty 3.1-0.6
CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1 ...)
	NOT-FOR-US: Free Realty
CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the smarty_function_html_o ...)
	- smarty3 3.1.10-1
	- smarty <removed> (low)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 t ...)
	NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Dire ...)
	NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4274 (Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 thr ...)
	NOT-FOR-US: Hitachi Cobol GUI Option
CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Cli ...)
	NOT-FOR-US: 2 Click Social Media Buttons plugin for Wordpress
CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Soc ...)
	NOT-FOR-US: 2 Click Social Media Buttons plugin for WordPress
CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wo ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remot ...)
	NOT-FOR-US: eFront
CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows remote  ...)
	NOT-FOR-US: eFront
CVE-2012-4268 (Cross-site scripting (XSS) vulnerability in bulletproof-security/admin ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2012-4267 (Cross-site scripting (XSS) vulnerability in user/register in Sockso 1. ...)
	NOT-FOR-US: Sockso
CVE-2012-4266 (Cross-site scripting (XSS) vulnerability in client_details.php in Prom ...)
	NOT-FOR-US: Proman Xpress
CVE-2012-4265 (SQL injection vulnerability in category_edit.php in Proman Xpress 5.0. ...)
	NOT-FOR-US: Proman Xpress
CVE-2012-4264 (Multiple cross-site scripting (XSS) vulnerabilities in the Better WP S ...)
	NOT-FOR-US: Better WP Security plugin for WordPress
CVE-2012-4263 (Cross-site scripting (XSS) vulnerability in inc/admin/content.php in t ...)
	NOT-FOR-US: Better WP Security plugin for Wordpress
CVE-2012-4262 (Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow  ...)
	NOT-FOR-US: myCare2x
CVE-2012-4261 (SQL injection vulnerability in modules/patient/mycare2x_pat_info.php i ...)
	NOT-FOR-US: myCare2x
CVE-2012-4260 (Multiple SQL injection vulnerabilities in myCare2x allow remote attack ...)
	NOT-FOR-US: myCare2x
CVE-2012-4259 (Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone ...)
	NOT-FOR-US: XPhone Virtual Directory
CVE-2012-4258 (Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2 ...)
	NOT-FOR-US: MYRE Real Estate Software
CVE-2012-4257 (Yaqas (Yet Another Question &amp; Answer System) 1.0 Alpha 1 allows re ...)
	NOT-FOR-US: Yaqas
CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attack ...)
	NOT-FOR-US: jNews for Joomla!
CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 all ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDum ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.2 ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization function  ...)
	NOT-FOR-US: Samsung NET-i viewer
CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on the Ki ...)
	NOT-FOR-US: Kindle Touch
CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...)
	NOT-FOR-US: Kindle Touch
CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
	- phplist <itp> (bug #612288)
CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
	- phplist <itp> (bug #612288)
CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authenticatio ...)
	- gimp <unfixed> (unimportant)
	NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
CVE-2012-4244 (ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9. ...)
	{DSA-2547-1}
	- bind9 1:9.8.4.dfsg-1 (bug #693015)
	[wheezy] - bind9 1:9.8.1.dfsg.P1-4.4
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-4243
	RESERVED
CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...)
	NOT-FOR-US: MF Gig Calendar
CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 a ...)
	NOT-FOR-US: Microcart
CVE-2012-4240 (SQL injection vulnerability in modules/calendar/json.php in Group-Offi ...)
	NOT-FOR-US: Group-Office
CVE-2012-4239
	RESERVED
CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer ...)
	NOT-FOR-US: TCExam
CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow ...)
	NOT-FOR-US: TCExam
CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page function  ...)
	NOT-FOR-US: Total Shop UK eCommerce
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5 ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4234 (Cross-site scripting (XSS) vulnerability in the group moderation scree ...)
	NOT-FOR-US: Phorum
CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffic ...)
	{DSA-2570-1}
	- libreoffice 1:3.5.4+dfsg-3 (low)
	- openoffice.org 1:3.3.0-1 (low)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
	NOTE: https://www.htbridge.com/advisory/HTB23106
CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...)
	NOT-FOR-US: jCore
CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore b ...)
	NOT-FOR-US: jCore
CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyM ...)
	- tinymce <unfixed> (low; bug #796117)
	[buster] - tinymce <no-dsa> (Minor issue)
	[stretch] - tinymce <no-dsa> (Minor issue)
	[jessie] - tinymce <no-dsa> (Minor issue)
	[squeeze] - tinymce <no-dsa> (Minor issue)
	[wheezy] - tinymce <no-dsa> (Minor issue)
CVE-2012-4229
	RESERVED
CVE-2012-4228
	RESERVED
CVE-2012-4227
	RESERVED
CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widg ...)
	NOT-FOR-US: WordPress plugin Quick Post Widget
CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows loc ...)
	- nvidia-graphics-drivers 304.37-1 (bug #684781)
	- nvidia-graphics-drivers-legacy-173xx 173.14.35-3
	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2
	[squeeze] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
	NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
CVE-2012-4224
	REJECTED
CVE-2012-4223
	REJECTED
CVE-2012-4222 (drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphi ...)
	- linux <not-affected> (Android-specific drivers)
	- linux-2.6 <not-affected> (Android-specific drivers)
CVE-2012-4221 (Integer overflow in diagchar_core.c in the Qualcomm Innovation Center  ...)
	- linux <not-affected> (Android-specific drivers)
	- linux-2.6 <not-affected> (Android-specific drivers)
CVE-2012-4220 (diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics ( ...)
	- linux <not-affected> (Android-specific drivers)
	- linux-2.6 <not-affected> (Android-specific drivers)
CVE-2012-4219 (show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remot ...)
	- phpmyadmin 4:4.0.1-1 (unimportant)
	NOTE: Path disclosure irrelevant in Debian
CVE-2012-4218 (Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::S ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4217 (Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdat ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4216 (Use-after-free vulnerability in the gfxFont::GetFontEntry function in  ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-4215 (Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEv ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4214 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor f ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode functio ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark function in ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4211
	REJECTED
CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10. ...)
	- iceweasel 10.0.11esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderb ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunder ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4207 (The HZ-GB-2312 character-set implementation in Mozilla Firefox before  ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-4206 (Untrusted search path vulnerability in the installer in Mozilla Firefo ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2012-4205 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey be ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4204 (The str_unescape function in the JavaScript engine in Mozilla Firefox  ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4203 (The New Tab page in Mozilla Firefox before 17.0 uses a privileged cont ...)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4202 (Heap-based buffer overflow in the image::RasterImage::DrawFrameTo func ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before 17.0, Firef ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-4200
	RESERVED
CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3. ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x a ...)
	- bugzilla <not-affected> (Only affects 3.7 onwards)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x befor ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4196 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunde ...)
	- iceweasel 10.0.10esr-1
	- icedove 10.0.10-1
	- iceape 2.7.10-1
	[squeeze] - iceape <not-affected> (vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (vulnerable code not present)
	[squeeze] - icedove <not-affected> (vulnerable code not present)
CVE-2012-4195 (The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Fi ...)
	- iceape <not-affected> (Only affects 16.x release from experimental)
	- iceweasel <not-affected> (Only affects 16.x release from experimental)
	- icedove <not-affected> (Only affects 16.x release from experimental)
CVE-2012-4194 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunde ...)
	- iceape 2.7.10-1
	- icedove 10.0.10-1
	- iceweasel 10.0.10esr-1
	[squeeze] - iceape <not-affected> (vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (vulnerable code not present)
	[squeeze] - icedove <not-affected> (vulnerable code not present)
CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunder ...)
	- iceweasel 10.0.9esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (vulnerable code not present)
	[squeeze] - icedove <not-affected> (vulnerable code not present)
CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remot ...)
	- iceweasel 10.0.9esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Regression not present in Squeeze)
	[squeeze] - iceweasel <not-affected> (Regression not present in Squeeze)
	[squeeze] - icedove <not-affected> (Regression not present in Squeeze)
CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets  ...)
	- iceweasel <not-affected> (Doesn't affect ESR series)
CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...)
	- iceweasel <not-affected> (Only affects Firefox Mobile)
CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x b ...)
	- bugzilla <not-affected> (Only affects 4.1 onwards)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla Fire ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData functi ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla Firefo ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures f ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert functi ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4181 (Use-after-free vulnerability in the nsSMILAnimationController::DoSampl ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4180 (Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhites ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4179 (Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyT ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4178 (SQL injection vulnerability in spywall/includes/deptUploads_data.php i ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...)
	NOT-FOR-US: Ubisoft Uplay PC
CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows a ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4174 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4173 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4172 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remot ...)
	NOT-FOR-US: Adobe Photoshop CS6
CVE-2012-4169
	REJECTED
CVE-2012-4168 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x bef ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4166
	REJECTED
CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4164 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4163 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Ma ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Ma ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef befo ...)
	- chef 0.10.10-1
CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef be ...)
	- chef 0.10.10-1
CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef before 0.9 ...)
	- chef 0.10.10-1
CVE-2012-4146 (Opera before 12.01 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2012-4145 (Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, a ...)
	NOT-FOR-US: Opera
CVE-2012-4144 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befo ...)
	NOT-FOR-US: Opera
CVE-2012-4143 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befo ...)
	NOT-FOR-US: Opera
CVE-2012-4142 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befo ...)
	NOT-FOR-US: Opera
CVE-2012-XXXX [redeclipse code execution through map files]
	- redeclipse 1.2-3 (bug #684143)
CVE-2012-XXXX [base name disclosure]
	- spip 2.1.17-1 (bug #683667)
	[squeeze] - spip 2.1.1-3squeeze5
CVE-2012-XXXX [insecure default configuration / authentication bypass]
	- munin 2.0.5-1 (bug #682869)
	[squeeze] - munin <no-dsa> (Minor issue)
CVE-2012-4141 (Directory traversal vulnerability in the CLI parser in Cisco NX-OS all ...)
	NOT-FOR-US: Cisco
CVE-2012-4140
	REJECTED
CVE-2012-4139
	REJECTED
CVE-2012-4138
	REJECTED
CVE-2012-4137
	REJECTED
CVE-2012-4136 (The high-availability service in the Fabric Interconnect component in  ...)
	NOT-FOR-US: Cisco
CVE-2012-4135 (Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and ...)
	NOT-FOR-US: Cisco
CVE-2012-4134
	REJECTED
CVE-2012-4133
	REJECTED
CVE-2012-4132
	REJECTED
CVE-2012-4131 (Directory traversal vulnerability in tar in Cisco NX-OS allows local u ...)
	NOT-FOR-US: Cisco
CVE-2012-4130
	REJECTED
CVE-2012-4129
	REJECTED
CVE-2012-4128
	REJECTED
CVE-2012-4127
	REJECTED
CVE-2012-4126
	REJECTED
CVE-2012-4125
	REJECTED
CVE-2012-4124
	REJECTED
CVE-2012-4123
	REJECTED
CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass intended ac ...)
	NOT-FOR-US: Cisco
CVE-2012-4121 (Cisco NX-OS allows local users to gain privileges, and read or modify  ...)
	NOT-FOR-US: Cisco
CVE-2012-4120
	REJECTED
CVE-2012-4119
	REJECTED
CVE-2012-4118
	REJECTED
CVE-2012-4117 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco
CVE-2012-4116 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco
CVE-2012-4115 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco
CVE-2012-4114 (The fabric-interconnect KVM module in Cisco Unified Computing System ( ...)
	NOT-FOR-US: Cisco
CVE-2012-4113 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco
CVE-2012-4112 (The Baseboard Management Controller (BMC) in Cisco Unified Computing S ...)
	NOT-FOR-US: Cisco
CVE-2012-4111 (The create certreq command in the fabric-interconnect component in Cis ...)
	NOT-FOR-US: Cisco
CVE-2012-4110 (run-script in the fabric-interconnect component in Cisco Unified Compu ...)
	NOT-FOR-US: Cisco
CVE-2012-4109 (The clear sshkey command in the fabric-interconnect component in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-4108 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4107 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4106 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4105 (The fabric-interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4104 (Absolute path traversal vulnerability in the image-download process in ...)
	NOT-FOR-US: Cisco
CVE-2012-4103 (ethanalyzer in the fabric-interconnect component in Cisco Unified Comp ...)
	NOT-FOR-US: Cisco
CVE-2012-4102 (The activate firmware command in the fabric-interconnect component in  ...)
	NOT-FOR-US: Cisco
CVE-2012-4101
	REJECTED
CVE-2012-4100
	REJECTED
CVE-2012-4099 (The BGP implementation in Cisco NX-OS does not properly filter AS path ...)
	NOT-FOR-US: Cisco
CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter AS path ...)
	NOT-FOR-US: Cisco
CVE-2012-4097 (The BGP implementation in Cisco NX-OS does not properly filter segment ...)
	NOT-FOR-US: Cisco
CVE-2012-4096 (The local file editor in the Baseboard Management Controller (BMC) in  ...)
	NOT-FOR-US: Cisco
CVE-2012-4095 (The local file editor in the fabric-interconnect component in Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric interconn ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4093 (The Manager component in Cisco Unified Computing System (UCS) allows l ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4092 (The management interface in the Central Software component in Cisco Un ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4091 (The RIP service engine in Cisco NX-OS allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2012-4090 (The management interface in Cisco NX-OS on Nexus 7000 devices allows r ...)
	NOT-FOR-US: Cisco
CVE-2012-4089 (MCTOOLS in the fabric interconnect in Cisco Unified Computing System ( ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4088 (The FTP server in Cisco Unified Computing System (UCS) has a hardcoded ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4087 (A cluster setup script for fabric interconnect devices in Cisco Unifie ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4086 (A setup script for fabric interconnect devices in Cisco Unified Comput ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4084 (Cross-site request forgery (CSRF) vulnerability in the web-management  ...)
	NOT-FOR-US: Cisco
CVE-2012-4083 (Multiple buffer overflows in the administrative web interface in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4082 (MCTools in the Cisco Management Controller in Cisco Unified Computing  ...)
	NOT-FOR-US: Cisco
CVE-2012-4081 (MCServer in the Cisco Management Controller in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2012-4080
	REJECTED
CVE-2012-4079 (The XML API service in the Fabric Interconnect component in Cisco Unif ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4078 (The Baseboard Management Controller (BMC) in Cisco Unified Computing S ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4077 (Cisco NX-OS allows local users to gain privileges and execute arbitrar ...)
	NOT-FOR-US: Cisco
CVE-2012-4076 (Cisco NX-OS allows local users to gain privileges and execute arbitrar ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-4075 (Cisco NX-OS allows local users to gain privileges and execute arbitrar ...)
	NOT-FOR-US: Cisco
CVE-2012-4074 (The Board Management Controller (BMC) in the Serial over LAN (SoL) sub ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4073 (The KVM subsystem in the client in Cisco Unified Computing System (UCS ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4072 (The KVM subsystem in Cisco Unified Computing System (UCS) relies on a  ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3. ...)
	NOT-FOR-US: Dir2Web
CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: Dir2Web
CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix Provisi ...)
	NOT-FOR-US: Citrix
CVE-2012-4067 (Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a d ...)
	- eucalyptus <removed> (bug #707592)
	NOTE: https://github.com/eucalyptus/eucalyptus/commit/e958e60
	NOTE: https://eucalyptus.atlassian.net/browse/EUCA-5277
CVE-2012-4066 (The internal message protocol for Walrus in Eucalyptus 3.2.0 and earli ...)
	- eucalyptus <removed> (bug #702388)
CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of exte ...)
	- eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding of exte ...)
	- eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1 does not ...)
	- eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4062
	RESERVED
CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remot ...)
	NOT-FOR-US: ASP-DEv XM Diary
CVE-2012-4060 (Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow  ...)
	NOT-FOR-US: ASP-DEv XM Diary
CVE-2012-4059 (Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php  ...)
	NOT-FOR-US: Socketmail not in Debian
CVE-2012-4058 (Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allow ...)
	NOT-FOR-US: Socketmail not in Debian
CVE-2012-4057 (Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote ...)
	NOT-FOR-US: Remote-Anything not in Debian
CVE-2012-4056 (SQL injection vulnerability in index2.php in Uiga Personal Portal allo ...)
	NOT-FOR-US: Uiga personal portal
CVE-2012-4055 (SQL injection vulnerability in index2.php in Uiga Fan Club allows remo ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2012-4054 (Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 ...)
	NOT-FOR-US: CPE17 Autorun Killer not in Debian
CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash player i ...)
	NOT-FOR-US: eZOE flash player not in Debian
CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2. ...)
	NOT-FOR-US: Jease
CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in editAcco ...)
	NOT-FOR-US: JAMF Casper suite
CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for F ...)
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...)
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools bef ...)
	- google-perftools 0.7-1
CVE-2012-4047
	RESERVED
CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers  ...)
	NOT-FOR-US: D-Link DCS-932L camera
CVE-2012-4045 (Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63  ...)
	NOT-FOR-US: Winamp
CVE-2012-4044
	RESERVED
CVE-2012-4043 (Cross-site scripting (XSS) vulnerability in global-protect/login.esp i ...)
	NOT-FOR-US: Palo Alto Networks software
CVE-2012-4042
	RESERVED
CVE-2012-4041
	RESERVED
CVE-2012-4040
	RESERVED
CVE-2012-4039
	RESERVED
CVE-2012-4038
	RESERVED
CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client  ...)
	- transmission 2.52-3 (bug #683380)
	[squeeze] - transmission <not-affected> (Version in Stable not affected)
CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 a ...)
	NOT-FOR-US: PBBoard
CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to chan ...)
	NOT-FOR-US: PBBoard
CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote a ...)
	NOT-FOR-US: PBBoard
CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1 ...)
	NOT-FOR-US: Google Chrome OS
CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x b ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9 ...)
	{DSA-2590-1}
	- wireshark 1.8.2-1 (bug #680056)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin be ...)
	NOT-FOR-US: Zingiri not in Debian
CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before 1 ...)
	NOT-FOR-US: WebsitePanel not in Debian
CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.php in  ...)
	NOT-FOR-US: Wangkongbao not in Debian
CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input  ...)
	NOT-FOR-US: Chamilo LMS
CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in  ...)
	NOT-FOR-US: Chamilo LMS
CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data,  ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before 3.11 al ...)
	NOT-FOR-US: The Johnson Controls Pegasys P2000
CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in unsquas ...)
	- squashfs-tools 1:4.2+20121212-1 (low; bug #683371)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
CVE-2012-4024 (Stack-based buffer overflow in the get_component function in unsquashf ...)
	- squashfs-tools 1:4.2+20121212-1 (low; bug #683371)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
CVE-2012-4023 (CRLF injection vulnerability in Pebble before 2.6.4 allows remote atta ...)
	NOT-FOR-US: Pebble blog
CVE-2012-4022 (Pebble before 2.6.4 allows remote attackers to trigger loss of blog-en ...)
	NOT-FOR-US: Pebble blog
CVE-2012-4021 (MosP kintai kanri before 4.1.0 does not properly perform authenticatio ...)
	NOT-FOR-US: MosP kintai kanri
CVE-2012-4020 (MosP kintai kanri before 4.1.0 does not enforce privilege requirements ...)
	NOT-FOR-US: MosP kintai kanri
CVE-2012-4019 (Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on G ...)
	NOT-FOR-US: Come on Girls Interface (CGI) Tokyo BBS
CVE-2012-4018 (Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWe ...)
	NOT-FOR-US: Final Beta Laboratory MyWebSearch
CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...)
	NOT-FOR-US: Android application
CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers  ...)
	NOT-FOR-US: Android application
CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management screen in m ...)
	NOT-FOR-US: My Little tool / My little admin SQL server 2000
CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShie ...)
	NOT-FOR-US: McAfee Email Anti-virus
CVE-2012-4013 (The WebView class in the Cybozu KUNAI Browser for Remote Service appli ...)
	NOT-FOR-US: Cybozu KUNAI Browser
CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for And ...)
	NOT-FOR-US: Cybozu KUNAI
CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote at ...)
	NOT-FOR-US: Cybozu KUNAI
CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar vi ...)
	NOT-FOR-US: Opera
CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...)
	NOT-FOR-US: Cybozu Live
CVE-2012-4008 (The Cybozu Live application 1.0.4 and earlier for Android allows remot ...)
	NOT-FOR-US: Cybozu Live
CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers  ...)
	NOT-FOR-US: mixi application for Android
CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application b ...)
	NOT-FOR-US: GREE application for Android
CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...)
	NOT-FOR-US: NHN Japan NAVER LINE
CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile applic ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GL ...)
	- glpi 0.83.31-1 (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...)
	- glpi 0.83.31-1 (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server d ...)
	NOT-FOR-US: mod_pagespeed
CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var f ...)
	{DSA-2522-1}
	- fckeditor 1:2.6.6-3 (bug #683418)
	NOTE: http://disse.cting.org/2012/06/22/fckeditor-reflected-xss-vulnerability/
CVE-2012-3999 (Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky  ...)
	NOT-FOR-US: Sticky Notes
CVE-2012-3998 (Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.2705 ...)
	NOT-FOR-US: Sticky Notes
CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes be ...)
	NOT-FOR-US: Sticky Notes
CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obta ...)
	- tikiwiki <removed>
CVE-2012-3995 (The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Fir ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation i ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox E ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to Re ...)
	- iceweasel <not-affected> (Android-specific)
CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4747 (Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1 ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785522
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785511
CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4 ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-3980 (The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x befor ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3979 (Mozilla Firefox before 15.0 on Android does not properly implement uns ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
CVE-2012-3978 (The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Fire ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3977
	REJECTED
CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMo ...)
	- iceweasel 10.0.7esr-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3975 (The DOMParser component in Mozilla Firefox before 15.0, Thunderbird be ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3974 (Untrusted search path vulnerability in the installer in Mozilla Firefo ...)
	- iceweasel <not-affected> (Only affects Firefox for Windows)
CVE-2012-3973 (The debugger in the developer-tools subsystem in Mozilla Firefox befor ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-3972 (The format-number functionality in the XSLT implementation in Mozilla  ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3971 (Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla F ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in  ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in M ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla Fi ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 1 ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3966 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbi ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to t ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function i ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind functi ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbi ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in Mozill ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3960 (Use-after-free vulnerability in the mozSpellChecker::SetCurrentDiction ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3959 (Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode f ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3958 (Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableEle ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3956 (Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Ru ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3955 (ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remo ...)
	{DSA-2551-1}
	- isc-dhcp 4.2.4-2
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and  ...)
	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
	- isc-dhcp 4.2.4-2 (bug #686174)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10. ...)
	- phplist <itp> (bug #612288)
CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...)
	- phplist <itp> (bug #612288)
CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutini ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 throug ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2012-3948
	RESERVED
CVE-2012-3947
	RESERVED
CVE-2012-3946 (Cisco IOS before 15.3(2)S allows remote attackers to bypass interface  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3945
	RESERVED
CVE-2012-3944
	RESERVED
CVE-2012-3943
	RESERVED
CVE-2012-3942
	RESERVED
CVE-2012-3941 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) p ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3940 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3939 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3938 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3937 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3936 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Commu ...)
	NOT-FOR-US: Cisco Unified Presence, Jabber Extensible Communications Platform
CVE-2012-3934
	RESERVED
CVE-2012-3933
	RESERVED
CVE-2012-3932
	RESERVED
CVE-2012-3931
	RESERVED
CVE-2012-3930
	RESERVED
CVE-2012-3929
	RESERVED
CVE-2012-3928
	RESERVED
CVE-2012-3927
	RESERVED
CVE-2012-3926
	RESERVED
CVE-2012-3925
	RESERVED
CVE-2012-3924 (The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is ena ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3923 (The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, whe ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3922
	RESERVED
CVE-2012-3921
	RESERVED
CVE-2012-3920
	RESERVED
CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco Cataly ...)
	NOT-FOR-US: Cisco Application Control Engine
CVE-2012-3918 (Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/ ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3917
	RESERVED
CVE-2012-3916
	RESERVED
CVE-2012-3915 (The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attack ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3914
	RESERVED
CVE-2012-3913 (The Cisco VC220 and VC240 cameras allow remote attackers to cause a de ...)
	NOT-FOR-US: Cisco
CVE-2012-3912
	RESERVED
CVE-2012-3911
	RESERVED
CVE-2012-3910
	RESERVED
CVE-2012-3909
	RESERVED
CVE-2012-3908 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE  ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2012-3907
	RESERVED
CVE-2012-3906
	RESERVED
CVE-2012-3905
	RESERVED
CVE-2012-3904
	RESERVED
CVE-2012-3903
	RESERVED
CVE-2012-3902
	RESERVED
CVE-2012-3901 (The updateTime function in sensorApp on Cisco IPS 4200 series sensors  ...)
	NOT-FOR-US: Cisco IPS 4200
CVE-2012-3900
	RESERVED
CVE-2012-3899 (sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not  ...)
	NOT-FOR-US: Cisco IPS 4200
CVE-2012-3898
	RESERVED
CVE-2012-3897
	RESERVED
CVE-2012-3896
	RESERVED
CVE-2012-3895 (Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3894
	RESERVED
CVE-2012-3893 (The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote au ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3892
	RESERVED
CVE-2012-3891
	RESERVED
CVE-2012-3890 (The in_mod plugin in Winamp before 5.63 allows remote attackers to cau ...)
	NOT-FOR-US: Winamp
CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers to cau ...)
	NOT-FOR-US: Winamp
CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote attacker ...)
	NOT-FOR-US: AirDroid
CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for data tra ...)
	NOT-FOR-US: AirDroid
CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogi ...)
	NOT-FOR-US: AirDroid
CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a four-character ...)
	NOT-FOR-US: AirDroid
CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct transmiss ...)
	NOT-FOR-US: AirDroid
CVE-2012-3883
	RESERVED
CVE-2012-3882
	RESERVED
CVE-2012-3881 (Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 all ...)
	NOT-FOR-US: RTG, RTG2
CVE-2012-3880
	RESERVED
CVE-2012-3879
	RESERVED
CVE-2012-3878
	REJECTED
CVE-2012-3877
	RESERVED
CVE-2012-3876
	RESERVED
CVE-2012-3875
	RESERVED
CVE-2012-3874
	RESERVED
CVE-2012-3873 (Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allo ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3872 (Multiple cross-site scripting (XSS) vulnerabilities in Open Constructo ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3871 (Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php i ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3870 (Multiple cross-site scripting (XSS) vulnerabilities in objects/createo ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in include/classes/class.rex_ ...)
	NOT-FOR-US: REDAXO
CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...)
	NOTE: https://kb.isc.org/article/AA-00730
	- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
	- isc-dhcp <not-affected> (embeds bind 9.8.x; this issue only affects 9.9.x)
CVE-2012-3867 (lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2. ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3866 (lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enter ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3865 (Directory traversal vulnerability in lib/puppet/reports/store.rb in Pu ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3864 (Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise be ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3862
	RESERVED
CVE-2012-3861
	RESERVED
CVE-2012-3860
	RESERVED
CVE-2012-3859 (Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unk ...)
	NOT-FOR-US: Netsweeper WebAdmin Portal
CVE-2012-3858
	RESERVED
CVE-2012-3857
	RESERVED
CVE-2012-3856
	RESERVED
CVE-2012-3855
	RESERVED
CVE-2012-3854
	RESERVED
CVE-2012-3853
	RESERVED
CVE-2012-3852
	RESERVED
CVE-2012-3851
	RESERVED
CVE-2012-3850
	RESERVED
CVE-2012-3849
	RESERVED
CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and  ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1
CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 a ...)
	NOT-FOR-US: Windows utility
CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin  ...)
	NOT-FOR-US: php-pastebin not in Debian
CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote atta ...)
	NOT-FOR-US: LAN Messenger not in Debian
CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows re ...)
	NOT-FOR-US: vBulletin not in Debian
CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration page in e ...)
	NOT-FOR-US: e107 not in Debian
CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in J ...)
	NOT-FOR-US: DirectAdmin not in Debian
CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local  ...)
	NOT-FOR-US: KMPlayer not in Debian (not the KDE interface to mplayer)
CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in index.php/users ...)
	NOT-FOR-US: MyClientBase not in Debian
CVE-2012-3839 (Multiple SQL injection vulnerabilities in application/core/MY_Model.ph ...)
	NOT-FOR-US: MyClientBase not in Debian
CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the installation  ...)
	NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in apps/users/regi ...)
	NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...)
	NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
	NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map)
CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in AlienVau ...)
	NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map)
CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index page in  ...)
	NOT-FOR-US: Quick.CMS not in Debian
CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decod ...)
	NOT-FOR-US: Decoda not in Debian
CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
	NOT-FOR-US: Decoda not in Debian
CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
	NOT-FOR-US: Decoda not in Debian
CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: Joomla!
CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remot ...)
	NOT-FOR-US: Joomla!
CVE-2012-3827
	RESERVED
CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application Ser ...)
	NOT-FOR-US: Avaya Aura Application Server
CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
	- wireshark 1.6.8-1 (unimportant)
	[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
	NOTE: not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
	NOTE: leftover of CVE-2012-2392
CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x  ...)
	- wireshark 1.6.8-1 (unimportant)
	[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
	NOTE: not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
	NOTE: leftover of CVE-2012-2392
CVE-2012-3824 (In Arial Campaign Enterprise before 11.0.551, multiple pages are acces ...)
	NOT-FOR-US: Arial Campaign Enterprise
CVE-2012-3823 (Arial Campaign Enterprise before 11.0.551 stores passwords in clear te ...)
	NOT-FOR-US: Arial Campaign Enterprise
CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized access to t ...)
	NOT-FOR-US: Arial Campaign Enterprise
CVE-2012-3821 (A Security Bypass vulnerability exists in the activate.asp page in Ari ...)
	NOT-FOR-US: Arial Software Campaign Enterprise
CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Soft ...)
	NOT-FOR-US: Arial Software Campaign Enterprise
CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier,  ...)
	NOT-FOR-US: dartwebserver.dll
CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the versi ...)
	- revelation 0.4.13-1.2 (bug #680059)
	[squeeze] - revelation <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818
	NOTE: http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html
	NOTE: http://als.regnet.cz/fpm2/feedback/2
CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before  ...)
	{DSA-2517-1}
	- bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
	NOTE: https://kb.isc.org/article/AA-00729
CVE-2012-XXXX [packagekit insecure temp file]
	- packagekit 0.7.6-1 (bug #678189)
CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: WinRadius
CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA befo ...)
	NOT-FOR-US: Sielco Sistemi Winlog
CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3813
	RESERVED
CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open Sou ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wall ...)
	NOT-FOR-US: Avaya IP Office Customer Call Reporter
CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry modification. ...)
	NOT-FOR-US: Samsung
CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modifica ...)
	NOT-FOR-US: Samsung
CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. ...)
	NOT-FOR-US: Samsung
CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. ...)
	NOT-FOR-US: Samsung
CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer derefere ...)
	NOT-FOR-US: Samsung
CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the getAllPasse ...)
	NOT-FOR-US: Kajona
CVE-2012-3804
	RESERVED
CVE-2012-3803
	RESERVED
CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for D ...)
	NOT-FOR-US: Drupal module
CVE-2012-3801
	REJECTED
CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic Group ...)
	NOT-FOR-US: Drupal module
CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Maes ...)
	NOT-FOR-US: Drupal module
CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creati ...)
	NOT-FOR-US: Drupal module
CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3795 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3794 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3793 (Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and  ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3792 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content Managemen ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAn ...)
	NOT-FOR-US: Adiscon LogAnalyzer
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when  ...)
	- openssl 0.9.8a-1 (bug #684527)
	NOTE: fips version not used in Debian
CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3,  ...)
	- bitcoin 0.5.0~rc1-1
CVE-2012-3788
	RESERVED
CVE-2012-3787
	RESERVED
CVE-2012-3786
	RESERVED
CVE-2012-3785
	RESERVED
CVE-2012-3784
	RESERVED
CVE-2012-3783
	RESERVED
CVE-2012-3782
	RESERVED
CVE-2012-3781
	RESERVED
CVE-2012-3780
	RESERVED
CVE-2012-3779
	RESERVED
CVE-2012-3778
	RESERVED
CVE-2012-3777
	RESERVED
CVE-2012-3776
	RESERVED
CVE-2012-3775
	RESERVED
CVE-2012-3774
	RESERVED
CVE-2012-3773
	RESERVED
CVE-2012-3772
	RESERVED
CVE-2012-3771
	RESERVED
CVE-2012-3770
	RESERVED
CVE-2012-3769
	RESERVED
CVE-2012-3768
	RESERVED
CVE-2012-3767
	RESERVED
CVE-2012-3766
	RESERVED
CVE-2012-3765
	RESERVED
CVE-2012-3764
	RESERVED
CVE-2012-3763
	RESERVED
CVE-2012-3762
	RESERVED
CVE-2012-3761
	RESERVED
CVE-2012-3760
	RESERVED
CVE-2012-3759
	RESERVED
CVE-2012-3758 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...)
	NOT-FOR-US: QuickTime
CVE-2012-3757 (Apple QuickTime before 7.7.3 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: QuickTime
CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...)
	NOT-FOR-US: QuickTime
CVE-2012-3755 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...)
	NOT-FOR-US: QuickTime
CVE-2012-3754 (Use-after-free vulnerability in the Clear method in the ActiveX contro ...)
	NOT-FOR-US: QuickTime
CVE-2012-3753 (Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows r ...)
	NOT-FOR-US: QuickTime
CVE-2012-3752 (Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote ...)
	NOT-FOR-US: QuickTime
CVE-2012-3751 (Use-after-free vulnerability in the plugin in Apple QuickTime before 7 ...)
	NOT-FOR-US: QuickTime
CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not pr ...)
	NOT-FOR-US: iOS
CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ke ...)
	NOT-FOR-US: iOS
CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3747 (WebKit, as used in Apple iOS before 6, allows remote attackers to exec ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the Dat ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3745 (Off-by-one error in Telephony in Apple iOS before 6 allows remote atta ...)
	NOT-FOR-US: Telephony in Apple iOS
CVE-2012-3744 (Telephony in Apple iOS before 6 uses an SMS message's return address a ...)
	NOT-FOR-US: Telephony in Apple iOS
CVE-2012-3743 (The System Logs implementation in Apple iOS before 6 does not restrict ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3742 (Safari in Apple iOS before 6 does not properly restrict use of an unsp ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3741 (The Restrictions (aka Parental Controls) implementation in Apple iOS b ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3740 (The Passcode Lock implementation in Apple iOS before 6 does not proper ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3739 (The Passcode Lock implementation in Apple iOS before 6 allows physical ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3738 (The Emergency Dialer screen in the Passcode Lock implementation in App ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3737 (The Passcode Lock implementation in Apple iOS before 6 does not proper ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3736 (The Passcode Lock implementation in Apple iOS before 6 allows physical ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3735 (The Passcode Lock implementation in Apple iOS before 6 does not proper ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3734 (Office Viewer in Apple iOS before 6 writes cleartext document data to  ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3733 (Messages in Apple iOS before 6, when multiple iMessage e-mail addresse ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3732 (Mail in Apple iOS before 6 uses an S/MIME message's From address as th ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3731 (Mail in Apple iOS before 6 does not properly implement the Data Protec ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3730 (Mail in Apple iOS before 6 does not properly handle reuse of Content-I ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3729 (The Berkeley Packet Filter (BPF) interpreter implementation in the ker ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3728 (The kernel in Apple iOS before 6 dereferences invalid pointers during  ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3727 (Buffer overflow in the IPsec component in Apple iOS before 6 allows re ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3726 (Double free vulnerability in ImageIO in Apple iOS before 6 allows remo ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3725 (The DNAv4 protocol implementation in the DHCP component in Apple iOS b ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3724 (CFNetwork in Apple iOS before 6 does not properly identify the host po ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts fi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and i ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly perf ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local use ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3717
	RESERVED
CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attacker ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3715 (Apple Safari before 6.0.1 makes http requests for https URIs in certai ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3714 (The Form Autofill feature in Apple Safari before 6.0.1 does not restri ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3713 (Apple Safari before 6.0.1 does not properly handle the Quarantine attr ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3712 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3711 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3710 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3709 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3708 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3707 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3706 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3705 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3704 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3703 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3702 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3701 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3700 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3699 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3698 (Apple Xcode before 4.4 does not properly compose a designated requirem ...)
	NOT-FOR-US: Apple Xcode
CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file: URLs, ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allo ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3694 (WebKit in Apple Safari before 6.0 does not properly handle drag-and-dr ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3693 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 6. ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3692 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3691 (WebKit in Apple Safari before 6.0 does not properly handle Cascading S ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3690 (WebKit in Apple Safari before 6.0 does not properly handle drag-and-dr ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3689 (WebKit in Apple Safari before 6.0 does not properly handle drag-and-dr ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3688 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3687 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3686 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3685 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3684 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3681 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3680 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3677 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3676 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3675 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3674 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3673 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3672 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3671 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3670 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3669 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3668 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3667 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3666 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3665 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3664 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3663 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3662
	RESERVED
CVE-2012-3661 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3660 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3659 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3658 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3657 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3654 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3652 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3651 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory locati ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3649 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3648 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3647 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3643 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3632 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3624 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3623 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3622 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3621 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3619
	RESERVED
CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3617 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3616 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3614 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3613 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3612 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3607 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3606 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3602 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3601 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3598 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin Newslet ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
	- apt 0.7.25 (unimportant)
	NOTE: net-update is disabled by default on Debian
CVE-2012-3586
	RESERVED
CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plu ...)
	NOT-FOR-US: IrfanView PlugIns
CVE-2012-3584
	RESERVED
CVE-2012-3583
	REJECTED
CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...)
	NOT-FOR-US: Symantec PGP Universal Server
CVE-2012-3581 (Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers t ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3580 (Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticat ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password fo ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the FCCha ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia M ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the wpStor ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the RBX Gall ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3574 (Unrestricted file upload vulnerability in includes/doajaxfileupload.ph ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3573
	REJECTED
CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and  ...)
	NOT-FOR-US: Open Source Competency Center (OSCC) MyMeeting
CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certa ...)
	NOTE: Disputed NSS issue
CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remo ...)
	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
	- isc-dhcp 4.2.4-2 (bug #686174)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is ...)
	- isc-dhcp 4.2.4-2 (bug #686174)
	[squeeze] - isc-dhcp <not-affected> (Vulnerable code not present)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3569 (Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used ...)
	NOT-FOR-US: VMware OVF Tool
CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Opera
CVE-2012-3567 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Opera
CVE-2012-3566 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...)
	NOT-FOR-US: Opera
CVE-2012-3565 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Opera
CVE-2012-3564 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Opera
CVE-2012-3563 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Opera
CVE-2012-3562 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...)
	NOT-FOR-US: Opera
CVE-2012-3561 (Opera before 11.64 does not properly allocate memory for URL strings,  ...)
	NOT-FOR-US: Opera
CVE-2012-3560 (Opera before 11.65 does not ensure that the address field corresponds  ...)
	NOT-FOR-US: Opera
CVE-2012-3559 (Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknow ...)
	NOT-FOR-US: Opera
CVE-2012-3558 (Opera before 11.65 does not ensure that the address field corresponds  ...)
	NOT-FOR-US: Opera
CVE-2012-3557 (Opera before 11.65 does not properly restrict the reading of JSON stri ...)
	NOT-FOR-US: Opera
CVE-2012-3556 (Opera before 11.65 does not properly restrict the opening of a pop-up  ...)
	NOT-FOR-US: Opera
CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are associa ...)
	NOT-FOR-US: Opera
CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) compone ...)
	NOT-FOR-US: Joomla addon
CVE-2012-3552 (Race condition in the IP implementation in the Linux kernel before 3.0 ...)
	{DSA-2668-1}
	- linux 3.0-1
	- linux-2.6 <removed>
CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in crowbar_framework/app/view ...)
	NOT-FOR-US: Crowbar
CVE-2012-3550
	REJECTED
CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to caus ...)
	- kfreebsd-8 8.3-5 (bug #686961)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	- kfreebsd-9 9.0-7 (bug #686962)
	- kfreebsd-10 10.0~svn242489-1 (bug #686963)
	NOTE: http://www.exploit-db.com/exploits/20226/
CVE-2012-3548 (The dissect_drda function in epan/dissectors/packet-drda.c in Wireshar ...)
	- wireshark 1.8.2-2 (unimportant; bug #686225)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: Doesn't allow code injection
	NOTE: debian changelog contains CVE-2012-5239, but this was rejected in favour of CVE-2012-3548
CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...)
	{DSA-2546-1}
	- freeradius 2.1.12+dfsg-1.1 (medium; bug #687175)
CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6 ...)
	- tomcat7 7.0.28-4 (bug #695251)
	- tomcat6 6.0.35-6 (bug #695250)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
CVE-2012-3545
	REJECTED
CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properl ...)
	{DSA-2897-1 DSA-2725-1}
	- tomcat6 6.0.37
	- tomcat7 7.0.30
CVE-2012-3543 (mono 2.10.x ASP.NET Web Form Hash collision DoS ...)
	- mono 2.10.8.1-7 (bug #686562)
	[squeeze] - mono <no-dsa> (Minor issue)
CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and  ...)
	- keystone 2012.1.1-5
CVE-2012-3541
	REJECTED
CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack Dashbo ...)
	- horizon 2012.1.1-4 (bug #686050)
CVE-2012-3539
	REJECTED
CVE-2012-3538 (Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-3537 (The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/cro ...)
	NOT-FOR-US: crowbar ohai plugin
	NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
CVE-2012-3536 (Two XSS vulnerabilities were fixed in message list and view in the Hup ...)
	NOT-FOR-US: Apache James
CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.6 (bug #685970)
CVE-2012-3534 (GNU Gatekeeper before 3.1 does not limit the number of connections to  ...)
	- gnugk 2:3.0.2-3 (low; bug #685969)
	[squeeze] - gnugk <no-dsa> (Minor issue)
CVE-2012-3533 (The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 doe ...)
	NOT-FOR-US: ovirt
CVE-2012-3532 (Cross-site request forgery (CSRF) vulnerability in the GateIn Portal c ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3531 (Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3  ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3530 (Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API  ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3529 (The configuration module in the backend in TYPO3 4.5.x before 4.5.19,  ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3528 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in  ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3527 (view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3526 (The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Ap ...)
	{DSA-2532-1}
	- libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a reques ...)
	- jabberd2 2.2.17-1 (bug #685666)
CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged pro ...)
	- dbus 1.6.8-1 (bug #689070)
	[squeeze] - dbus 1.2.24-4+squeeze2
	- glib2.0 2.33.12+really2.32.4-2
	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
	NOTE: fixed in 2.34.0-1 from experimental
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105
	NOTE: http://stealth.openwall.net/null/dzug.c
CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...)
	- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
	- inn2 2.5.3-1 (low; bug #685581)
	[squeeze] - inn2 <no-dsa> (Minor issue)
CVE-2012-3522 (Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeS ...)
	- geshi <not-affected> (Vulnerable code not present, see bug #685323)
	[squeeze] - geshi <no-dsa> (shipped as example/.gz)
CVE-2012-3521 (Multiple directory traversal vulnerabilities in the cssgen contrib mod ...)
	- geshi 1.0.8.4-2 (bug #685324)
	[squeeze] - geshi 1.0.8.4-1+squeeze1
CVE-2012-3520 (The Netlink implementation in the Linux kernel before 3.2.30 does not  ...)
	- linux 3.2.29-1
	- linux-2.6 <not-affected> (Introduced in 3.1)
CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time fo ...)
	{DSA-2548-1}
	- tor 0.2.3.20-rc-1 (low)
CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in  ...)
	{DSA-2548-1}
	- tor 0.2.3.20-rc-1 (low)
CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might all ...)
	{DLA-17-1}
	- tor 0.2.3.20-rc-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-3516 (The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall ...)
	- xen <not-affected> (Only affects >= 4.2)
CVE-2012-3515 (Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulat ...)
	{DSA-2545-1 DSA-2543-1 DSA-2542-1}
	- xen 4.1.3-2 (bug #686764)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
	- xen-qemu-dm-4.0 <removed>
	- qemu 1.1.2+dfsg-1
	- qemu-kvm 1.1.2+dfsg-1
CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without restr ...)
	- xml-light 2.2-15 (low; bug #685584)
	[squeeze] - xml-light <no-dsa> (Minor issue)
CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module un ...)
	- munin 2.0.6-1 (bug #684076)
	[squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
	NOTE: http://www.munin-monitoring.org/ticket/1238
CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the s ...)
	{DLA-20-1}
	- munin 2.0.6-1 (bug #684075)
	[squeeze] - munin 1.4.5-3+deb6u1
	NOTE: http://www.munin-monitoring.org/ticket/1234
CVE-2012-3511 (Multiple race conditions in the madvise_remove function in mm/madvise. ...)
	- linux 3.2.23-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
CVE-2012-3510 (Use-after-free vulnerability in the xacct_add_tsk function in kernel/t ...)
	- linux 2.6.20-1
	- linux-2.6 2.6.20-1
CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in obja ...)
	{DLA-324-1}
	- binutils 2.22-8 (low; bug #688951)
CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 an ...)
	- roundcube 0.7.2-4 (bug #685475)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://trac.roundcube.net/ticket/1488613
CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...)
	- roundcube 0.7.2-4 (bug #685475)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://trac.roundcube.net/ticket/1488613
CVE-2012-3507 (Cross-site scripting (XSS) vulnerability in program/steps/mail/func.in ...)
	- roundcube <not-affected> (only affects rc versions of 0.8)
	NOTE: http://trac.roundcube.net/ticket/1488519
CVE-2012-3506 (Unspecified vulnerability in the Apache Open For Business Project (aka ...)
	NOT-FOR-US: OFBiz
CVE-2012-3505 (Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial  ...)
	{DSA-2564-1}
	- tinyproxy 1.8.3-3 (bug #685281)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allo ...)
	NOT-FOR-US: genkey script from Red Hat, not present in Debian
CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly g ...)
	NOT-FOR-US: Katello
CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp mo ...)
	- apache2 <not-affected> (Only affects 2.4 from experimental)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c in Squ ...)
	- squidclamav <removed> (bug #685398)
CVE-2012-3500 (scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpm ...)
	{DSA-2549-1}
	- devscripts 2.12.2
CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...)
	{DSA-2637-1}
	- apache2 2.2.22-13 (low)
CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and e ...)
	- xen 4.1.3-2 (bug #686764)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2012-3497 ((1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) T ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-3496 (XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer ...)
	{DSA-2544-1}
	- xen 4.1.3-2 (bug #686764)
CVE-2012-3495 (The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x ...)
	- xen 4.1.3-2 (bug #686764)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2012-3494 (The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4 ...)
	{DSA-2544-1}
	- xen 4.1.3-2 (bug #686764)
CVE-2012-3493 (The command_give_request_ad function in condor_startd.V6/command.cpp C ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8. ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3490 (The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server compo ...)
	{DSA-2534-1}
	- postgresql-9.1 9.1.5-1
	- postgresql-8.4 8.4.12-2
CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8 ...)
	{DSA-2534-1}
	- postgresql-9.1 9.1.5-1
	- postgresql-8.4 8.4.12-2
CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local users ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain privilege ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the n ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific owners ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and  ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debu ...)
	- fetchmail 6.3.22-1 (low)
	[wheezy] - fetchmail <no-dsa> (Minor issue)
	[squeeze] - fetchmail <no-dsa> (Minor issue)
CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif ...)
	- gimp 2.8.2-1 (bug #685397)
	[squeeze] - gimp 2.6.10-1+squeeze4
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572
CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
	{DLA-165-1}
	- eglibc 2.13-36 (bug #684889)
	- glibc 2.13-36
CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically execut ...)
	{DSA-2603-1}
	- emacs23 23.4+1-4 (bug #684695)
	- emacs24 24.2+1-1 (bug #684694)
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricte ...)
	{DSA-2530-1}
	- rssh 2.3.3-5
CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows r ...)
	NOT-FOR-US: Neoinvoice
CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) application ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls  ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3474 (The comments API in application/libraries/api/MY_Comments_Api_Object.p ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3473 (The (1) reports API and (2) administration feature in the comments API ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3472 (The email API in application/libraries/api/MY_Email_Api_Object.php in  ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in (1) ap ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3470 (Multiple SQL injection vulnerabilities in application/libraries/api/MY ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...)
	- qpid-cpp 0.16-7 (bug #684456)
	[wheezy] - qpid-cpp 0.16-6+deb7u1
CVE-2012-3466 (GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set  ...)
	- gnome-keyring 3.4.1-5 (bug #683655)
	[squeeze] - gnome-keyring <not-affected> (Only affects gnome-keyring 3.4.x)
CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
	{DSA-2655-1}
	- rails 2.3.14.1 (low)
	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...)
	{DSA-2655-1}
	- rails 2.3.14.1 (low)
	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
	- rails <not-affected> (Only affects RoR 3.x)
	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...)
	- sssd 1.10.0-1
	NOTE: https://pagure.io/SSSD/sssd/issue/1470
	NOTE: https://pagure.io/SSSD/sssd/c/ffcf27b0b773b580289d596f796aaf86c45ba920 (master)
CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_d ...)
	{DSA-2526-1}
	- libotr 3.2.1-1 (medium; bug #684121)
CVE-2012-3460 (cumin: At installation postgresql database user created without passwo ...)
	NOT-FOR-US: Cumin
CVE-2012-3459 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...)
	NOT-FOR-US: Cumin
CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...)
	{DSA-2541-1}
	- beaker 1.6.3-1.1 (bug #684890)
CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for proc ...)
	- pnp4nagios <removed> (unimportant; bug #683879)
	NOTE: The permissions of this file are under the control of the admin
CVE-2012-3456 (Heap-based buffer overflow in the read function in filters/words/mswor ...)
	- calligra 1:2.4.3-2 (bug #684004)
	- wv2 0.4.2.dfsg.1-9.1 (low)
	[squeeze] - wv2 <no-dsa> (Minor issue)
CVE-2012-3455 (Heap-based buffer overflow in the read function in filters/words/mswor ...)
	- koffice <removed> (low)
	[squeeze] - koffice <no-dsa> (Minor issue)
CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/ext ...)
	- extplorer 2.1.0b6+dfsg.3-4 (low; bug #683649)
	[squeeze] - extplorer <no-dsa> (Minor issue)
CVE-2012-3453 (logol 1.5.0 uses world writable permissions for the /var/lib/logol/res ...)
	- logol 1.5.0-4 (bug #683647)
CVE-2012-3452 (gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when mult ...)
	- gnome-screensaver <not-affected> (vulnerable code not present)
CVE-2012-3451 (Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 al ...)
	NOT-FOR-US: Apache CXF
CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x  ...)
	{DSA-2527-1}
	- php5 5.4.4-1 (bug #683694)
	NOTE: http://seclists.org/bugtraq/2012/Jun/60
	NOTE: https://bugs.php.net/bug.php?id=61755
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7
CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/op ...)
	- openvswitch 1.4.2+git20120612-8 (bug #683665)
CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote at ...)
	{DSA-2610-1}
	- ganglia 3.3.8-1 (bug #683584)
CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2  ...)
	- nova 2012.1.1-6 (bug #684256)
CVE-2012-3446 (Apache Libcloud before 0.11.1 uses an incorrect regular expression dur ...)
	- libcloud 0.5.0-1.1 (bug #683927)
CVE-2012-3445 (The virTypedParameterArrayClear function in libvirt 0.9.13 does not pr ...)
	- libvirt 0.9.12-4 (bug #683483)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734
CVE-2012-3444 (The get_image_dimensions function in the image-handling functionality  ...)
	{DSA-2529-1}
	- python-django 1.4.1-1 (bug #683364)
	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before  ...)
	{DSA-2529-1}
	- python-django 1.4.1-1 (bug #683364)
	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...)
	{DSA-2529-1}
	- python-django 1.4.1-1 (bug #683364)
	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3441 (The database creation script (module/idoutils/db/scripts/create_mysqld ...)
	- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ...)
	- sudo <not-affected> (Red Hat-specific postinst script)
CVE-2012-3439
	REJECTED
CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8 ...)
	- graphicsmagick 1.3.16-1.1 (low; bug #683284)
	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 an ...)
	{DLA-242-1}
	- imagemagick 8:6.7.7.10-3 (low; bug #683285)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to cle ...)
	{DSA-2524-1}
	- openttd 1.2.1-2 (low; bug #683258)
CVE-2012-3435 (SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...)
	{DSA-2539-1}
	- zabbix 1:2.0.2+dfsg-1 (bug #683273)
	NOTE: http://seclists.org/oss-sec/2012/q3/127
CVE-2012-3434 (Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php ...)
	NOT-FOR-US: WordPress plugin Count Per Day
CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of ...)
	{DSA-2531-1}
	- xen 4.1.3-1 (bug #683279)
CVE-2012-3432 (The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations e ...)
	{DSA-2531-1}
	- xen 4.1.3-1 (bug #683279)
CVE-2012-3431 (The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss E ...)
	NOT-FOR-US: Teeid
CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel before  ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3
CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb ...)
	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application Se ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-3427 (EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platfor ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
	- keystone 2012.1.1-1
CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1 ...)
	{DLA-375-1}
	- libpng 1.2.49-1 (low; bug #668082)
CVE-2012-3424 (The decode_credentials method in actionpack/lib/action_controller/meta ...)
	- rails <not-affected> (Only affects RoR 3.x)
	- ruby-actionpack-3.2 3.2.6-3 (bug #683370)
CVE-2012-3423 (The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant ...)
	- icedtea-web 1.3-1
CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin before  ...)
	- icedtea-web 1.3-1
CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP)  ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attack ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota  ...)
	- quota 4.00~pre1-1
	NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version
CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based authe ...)
	- condor 7.8.2~dfsg.1-1 (bug #685366)
CVE-2012-3415
	REJECTED
CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
	- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
	- wordpress 3.5.1+dfsg-1 (bug #698934)
	NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
CVE-2012-3413 (The HTMLQuoteColorer::process function in messageviewer/htmlquotecolor ...)
	- kdepim <not-affected> (Only affects kdepim >= 4.6)
	NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
	NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
	NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before  ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
CVE-2012-3411 (Dnsmasq before 2.63test1, when used with certain libvirt configuration ...)
	- dnsmasq 2.63-1 (low; bug #683372)
	[wheezy] - dnsmasq <no-dsa> (Minor issue)
	[squeeze] - dnsmasq <no-dsa> (Minor issue)
	NOTE: Please see CVE-2013-0198
CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...)
	- bash 4.2-4 (low; bug #681278)
	[squeeze] - bash <no-dsa> (Minor issue)
CVE-2012-3409 (ecryptfs-utils: suid helper does not restrict mounting filesystems wit ...)
	- ecryptfs-utils 99-1 (bug #682220)
	[squeeze] - ecryptfs-utils <not-affected> (home src/dest mountpoints hardcoded in that version)
CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet En ...)
	- puppet 2.7.18-1 (low)
	[squeeze] - puppet <no-dsa> (Minor issue)
	NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
	NOTE: There's no code fix, but this should be addressed in stable with a NEWS file warning about this
	NOTE: Fixed in 2.7.18 by updated docs
CVE-2012-3407 (plow has local buffer overflow vulnerability ...)
	NOT-FOR-US: plow
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
	{DSA-3169-1 DLA-165-1}
	- eglibc <removed>
	- glibc 2.19-14 (low; bug #681888)
	NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
	{DLA-165-1}
	- glibc 2.13-35 (low; bug #681473)
	- eglibc 2.13-35 (low; bug #681473)
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
	- glibc 2.13-35 (low; bug #681473)
	- eglibc 2.13-35 (low; bug #681473)
	[squeeze] - eglibc 2.11.3-1
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
	- gimp 2.8.2-1 (bug #685397)
	[squeeze] - gimp 2.6.10-1+squeeze4
CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD p ...)
	- gimp 2.4.0~rc1-1
	NOTE: Only affects 2.2 series
CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibT ...)
	{DSA-2552-1}
	- tiff 4.0.2-2 (bug #682115)
	- tiff3 3.9.6-7 (bug #682195)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577
CVE-2012-3400 (Heap-based buffer overflow in the udf_load_logicalvol function in fs/u ...)
	- linux 3.2.23-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
CVE-2012-3399 (Config/diff.php in Basilic 1.5.14 allows remote attackers to execute a ...)
	NOT-FOR-US: Basilic
CVE-2012-3398 (Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2. ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2012-3397 (lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7,  ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.0)
CVE-2012-3396 (Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Mo ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.0)
CVE-2012-3395 (SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0 ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.0)
CVE-2012-3394 (auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x bef ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3393 (Cross-site scripting (XSS) vulnerability in repository/lib.php in Mood ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3392 (mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x be ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3391 (mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2 ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3390 (lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 do ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3389 (Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typesse ...)
	- moodle 2.2.3.dfsg-2.2 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-3388 (The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2 ...)
	- moodle 2.2.3.dfsg-2.2 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-3387 (Moodle 2.3.x before 2.3.1 uses only a client-side check for whether re ...)
	- moodle <not-affected> (Only affects 2.3)
CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x bef ...)
	- automake 1:1.4-p6-13.1
	- automake1.10 1:1.10.3-3
	[squeeze] - automake1.10 1:1.10.3-1+squeeze1
	- automake1.11 1:1.11.6-1 (bug #681097)
	[squeeze] - automake1.11 1:1.11.1-1+squeeze1
	- automake1.7 1.7.9-10
	[squeeze] - automake1.7 1.7.9-9.1+squeeze1
	- automake1.9 1.9.6+nogfdl-4
	[squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1
CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post conte ...)
	- wordpress 3.4.1+dfsg-1 (bug #680721)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in W ...)
	- wordpress 3.4.1+dfsg-1 (bug #680721)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
	- wordpress 3.4.1+dfsg-1 (bug #680721)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...)
	{DSA-2512-1}
	- mono 2.10.8.1-5 (bug #681095)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=769799
	NOTE: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRA ...)
	NOT-FOR-US: sblim-sfcb
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...)
	- nginx 1.2.1-2
	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
CVE-2012-3379 [as31: insecure file creation in /tmp]
	REJECTED
CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOME at- ...)
	- at-spi2-atk 2.5.3-1 (bug #678026)
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
	- vlc 2.0.2-1 (bug #680665)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
	NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens  ...)
	- hadoop <itp> (bug #535861)
	NOTE: http://seclists.org/bugtraq/2012/Jul/48
CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...)
	- linux 3.2.23-1
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple i ...)
	{DSA-2509-1}
	- pidgin 2.10.6-1 (bug #680661)
	[squeeze] - pidgin 2.7.3-1+squeeze3
	NOTE: http://www.pidgin.im/news/security/index.php?id=64
	NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
CVE-2012-3373 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM appliances us ...)
	NOT-FOR-US: Cyberoam DPI devices
	NOTE: https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372
	NOTE: http://seclists.org/bugtraq/2012/Jul/20
CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Ess ...)
	- nova 2012.1.1-5 (bug #681301)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13
	NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
	NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
	NOTE: https://bugs.launchpad.net/nova/+bug/1017795
CVE-2012-3370 (The SecurityAssociation.getCredential method in JBoss Enterprise Appli ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3369 (The CallerIdentityLoginModule in JBoss Enterprise Application Platform ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote attack ...)
	- dtach 0.8-2.1 (low; bug #625302)
	[squeeze] - dtach 0.8-2+squeeze1
	NOTE: http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
	NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
CVE-2012-3367 (Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate  ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...)
	{DSA-2503-1}
	- bcfg2 1.2.2-2 (bug #679272)
CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers  ...)
	- php5 <removed> (unimportant)
	NOTE: open_basedir not supported
CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication  ...)
	- linux 3.2.23-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-3363 (Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.1 ...)
	{DSA-2505-1}
	- zendframework 1.11.12-1 (bug #679215)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2012-3362 (Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 a ...)
	{DSA-2510-1}
	- extplorer 2.1.0b6+dfsg.3-3 (bug #678737)
CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2 ...)
	- nova 2012.1.1-2 (bug #680110)
CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack Com ...)
	- nova 2012.1.1-2 (bug #680110)
CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in a Bas ...)
	NOT-FOR-US: Red Hat Conga
CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.4 (bug #681075)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1
	NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1. ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #679069)
	NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760
CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #679069)
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab. ...)
	- rhythmbox 2.97-2.1 (low; bug #616673)
	[squeeze] - rhythmbox <no-dsa> (Minor issue)
	NOTE: Upstream bug report https://bugzilla.gnome.org/show_bug.cgi?id=678661
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ...)
	- dokuwiki 0.0.20130510a-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling J ...)
	NOT-FOR-US: Apache Sling
CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...)
	- asterisk <not-affected> (Only affects Asterisk 10)
CVE-2012-3352
	RESERVED
CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video  ...)
	NOT-FOR-US: LongTail Video JW Player
CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remo ...)
	NOT-FOR-US: WebMatic
	NOTE: http://seclists.org/bugtraq/2012/Jul/25
CVE-2012-3349
	RESERVED
CVE-2012-3348
	RESERVED
CVE-2012-3347 (AutoFORM PDM Archive before 7.0 implements user accounts in a way that ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-3346
	RESERVED
CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files  ...)
	- ioquake3 1.36+svn2224-4
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3
CVE-2012-3344
	RESERVED
CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before 3 ...)
	NOT-FOR-US: Microdasys
CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script opco ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-3341
	RESERVED
CVE-2012-3340
	RESERVED
CVE-2012-3339
	RESERVED
CVE-2012-3338
	RESERVED
CVE-2012-3337
	RESERVED
CVE-2012-3336
	RESERVED
CVE-2012-3335
	RESERVED
CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2012-3333 (CRLF injection vulnerability in IBM Maximo Asset Management 7.x before ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2012-3332
	RESERVED
CVE-2012-3331 (IBM Sametime allows remote attackers to obtain sensitive information f ...)
	NOT-FOR-US: IBM Sametime
CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 ...)
	NOT-FOR-US: IBM Advanced Settings Utility, Bootable Media Creator
CVE-2012-3328 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2012-3327 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2012-3326 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 an ...)
	NOT-FOR-US: IBM DB2
CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated users to b ...)
	NOT-FOR-US: IBM
CVE-2012-3320
	RESERVED
CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attac ...)
	NOT-FOR-US: IBM Rational Business Developer
CVE-2012-3318
	RESERVED
CVE-2012-3317 (IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5,  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-3316 (Cross-site scripting (XSS) vulnerability in the Tivoli Process Automat ...)
	NOT-FOR-US: IBM
CVE-2012-3315 (The Java servlets in the management console in IBM Tivoli Federated Id ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3314 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Iden ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ea ...)
	NOT-FOR-US: IBM InfoSphere Guardium
CVE-2012-3311 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3310 (IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 be ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the account-creatio ...)
	NOT-FOR-US: IBM InfoSphere Guardium
CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...)
	NOT-FOR-US: IBM Sametime
CVE-2012-3307
	RESERVED
CVE-2012-3306 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3305 (Directory traversal vulnerability in IBM WebSphere Application Server  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3304 (The Administrative Console in IBM WebSphere Application Server (WAS) 6 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3303
	RESERVED
CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domin ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotu ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-3300 (IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions an ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2012-3299
	RESERVED
CVE-2012-3298 (Unspecified vulnerability in the REST services framework in IBM WebSph ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2012-3297 (Cross-site scripting (XSS) vulnerability in the embedded HTTP server i ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...)
	NOT-FOR-US: IBM Power Hardware Management Console
CVE-2012-3295 (IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote a ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...)
	{DSA-2523-1}
	- globus-gridftp-server 6.5-1
CVE-2012-3291 (Heap-based buffer overflow in OpenConnect 3.18 allows remote servers t ...)
	{DSA-2495-1}
	- openconnect 3.18-1 (bug #677594)
CVE-2012-3290 (Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132 ...)
	NOT-FOR-US: Chrome books
CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, V ...)
	NOT-FOR-US: VMware
CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Playe ...)
	NOT-FOR-US: VMware
CVE-2012-3287 (Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and ...)
	NOT-FOR-US: md5crypt
CVE-2012-3286 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and e ...)
	NOT-FOR-US: HP ArcSight appliance
CVE-2012-3285 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3284 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3283 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3282 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command Vie ...)
	NOT-FOR-US: HP XP P9000 Command View
CVE-2012-3280 (Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J ...)
	NOT-FOR-US: HP NonStop Servers
CVE-2012-3279 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2012-3278 (Stack-based buffer overflow in magentservice.exe in HP Diagnostics Ser ...)
	NOT-FOR-US: HP Diagnostics Server
CVE-2012-3277 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8. ...)
	NOT-FOR-US: HP OpenVMS
CVE-2012-3276 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8. ...)
	NOT-FOR-US: HP OpenVMS
CVE-2012-3275 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2012-3274 (Stack-based buffer overflow in uam.exe in the User Access Manager (UAM ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-3273 (Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M4 ...)
	NOT-FOR-US: HP LaserJet
CVE-2012-3272 (Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM35 ...)
	NOT-FOR-US: HP LaserJet
CVE-2012-3271 (Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) ...)
	NOT-FOR-US: HP ILO
CVE-2012-3270 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5. ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-3269 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5. ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-3268 (Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, ...)
	NOT-FOR-US: HP network devices
CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 all ...)
	NOT-FOR-US: HP NNMi
CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX ...)
	NOT-FOR-US: HP IBRIX
CVE-2012-3265
	REJECTED
CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3263 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3262 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3261 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3260 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3259 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3258 (Unspecified vulnerability in HP Operations Orchestration 9.0 before 9. ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...)
	NOT-FOR-US: HP Business Availability Center
CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business Availab ...)
	NOT-FOR-US: HP Business Availability Center
CVE-2012-3255 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...)
	NOT-FOR-US: HP Business Availability Center
CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center bef ...)
	NOT-FOR-US: HP iNode Management Center
CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management Cent ...)
	NOT-FOR-US: HP Intelligent Management
CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allow ...)
	NOT-FOR-US: HP Serviceguard
CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tie ...)
	NOT-FOR-US: HP Service Manager
CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remo ...)
	NOT-FOR-US: HP Fortify Software Security Center
CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remo ...)
	NOT-FOR-US: HP Fortify Software Security Center
CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c ...)
	NOT-FOR-US: HP Integrity Server
CVE-2012-3246
	RESERVED
CVE-2012-3245
	RESERVED
CVE-2012-3244
	RESERVED
CVE-2012-3243 (Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Ma ...)
	NOT-FOR-US: SEOgento plugin for Magento
CVE-2012-3242
	RESERVED
CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not  ...)
	- eucalyptus <not-affected> (Fixed before initial release)
CVE-2012-3240 (The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows r ...)
	- eucalyptus <not-affected> (Fixed before initial release)
CVE-2012-3239
	RESERVED
CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore compone ...)
	NOT-FOR-US: Astaro appliance
CVE-2012-3237
	RESERVED
CVE-2012-3236 (fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a deni ...)
	- gimp 2.8.2-1 (unimportant)
	NOTE: Harmless crasher w/o security impact
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=676804
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=0474376d234bc3d0901fd5e86f89d778a6473dd8 (GIMP_2_8_2)
CVE-2012-3235
	RESERVED
CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-3233 (Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExce ...)
	NOT-FOR-US: Kayako Fusion 4.40.1148
CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, ...)
	NOT-FOR-US: web@all
CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web@all  ...)
	NOT-FOR-US: web@all
CVE-2012-3230 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3229 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3228 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3227 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3226 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3225 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3224 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3223 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3222 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3221 (Unspecified vulnerability in the Oracle VM Virtual Box component in Or ...)
	{DSA-2594-1}
	- virtualbox 4.1.18-dfsg-1.1 (bug #690777)
	- virtualbox-ose <removed>
	NOTE: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/
CVE-2012-3220 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3219 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2012-3218 (Unspecified vulnerability in the Human Resources component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2012-3217 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3216 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-3215 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when runnin ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3213 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-3212 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when runnin ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3211 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3210 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3209 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when runnin ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3208 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3207 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows l ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3206 (Unspecified vulnerability in the Integrated Lights Out Manager CLI in  ...)
	NOT-FOR-US: Oracle Sun Products Suite SysFW
CVE-2012-3205 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3204 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3203 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3202 (Multiple unspecified vulnerabilities in the Oracle JRockit component i ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3201 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3200 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3199 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3198 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3197 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3196 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3195 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3194 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3193 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3192 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3191 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3190 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3189 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3188 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3187 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3186 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3185 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3184 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3183 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3182 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3181 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3180 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3179 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3178 (Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allow ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3177 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3176 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3175 (Unspecified vulnerability in the Oracle Application Server Single Sign ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3174 (Unspecified vulnerability in Oracle Java 7 before Update 11 allows rem ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u3-2.1.4-1
CVE-2012-3173 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3172 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3171 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3170 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3169 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3168 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3167 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3166 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3165 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3164 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3163 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3162 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3161 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3160 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3159 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-3158 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3157 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish  ...)
	- glassfish <removed> (bug #692035)
	[stretch] - glassfish <ignored> (Only used a build dep, specific details withheld)
	[jessie] - glassfish <end-of-life>
	[wheezy] - glassfish <end-of-life>
	NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version.
CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3153 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3152 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3151 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3150 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3149 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3148 (Unspecified vulnerability in the Oracle Field Service component in Ora ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3147 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3146 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3145 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3144 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3143 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-3142 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3141 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3140 (Unspecified vulnerability in the Oracle Agile PLM For Process componen ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3139 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3138 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3137 (The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0 ...)
	NOT-FOR-US: Oracle Database
CVE-2012-3136 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.2-1
	- openjdk-6 <not-affected>
CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3133 (Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyper ...)
	NOT-FOR-US: Oracle
CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0 ...)
	NOT-FOR-US: Oracle Database
CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows r ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3129 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3128 (Unspecified vulnerability in Oracle SPARC T-Series Servers running Sys ...)
	NOT-FOR-US: ILO firmware
CVE-2012-3127 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3126 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Solaris Cluster
CVE-2012-3125 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows re ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3124 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3123 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3122 (Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local u ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3121 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attack ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
CVE-2012-3118 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools)
CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3116 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3115 (Unspecified vulnerability in the Oracle MapViewer component in Oracle  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3114 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3113 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
CVE-2012-3112 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3111 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla Firef ...)
	- iceweasel 10.0.5esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3104
	REJECTED
CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly impleme ...)
	NOTE: Dupe of CVE-2011-4458
CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 a ...)
	NOTE: Dupe of CVE-2011-4458
CVE-2012-3103
	RESERVED
CVE-2012-3102
	RESERVED
CVE-2012-3101
	RESERVED
CVE-2012-3100
	RESERVED
CVE-2012-3099
	RESERVED
CVE-2012-3098
	RESERVED
CVE-2012-3097
	RESERVED
CVE-2012-3096 (Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authentica ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-3095
	RESERVED
CVE-2012-3094 (The VPN downloader in the download_install component in Cisco AnyConne ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2012-3093
	RESERVED
CVE-2012-3092
	RESERVED
CVE-2012-3091
	RESERVED
CVE-2012-3090
	RESERVED
CVE-2012-3089
	RESERVED
CVE-2012-3088 (Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3. ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2012-3087
	RESERVED
CVE-2012-3086
	RESERVED
CVE-2012-3085
	RESERVED
CVE-2012-3084
	RESERVED
CVE-2012-3083
	RESERVED
CVE-2012-3082
	RESERVED
CVE-2012-3081
	RESERVED
CVE-2012-3080
	RESERVED
CVE-2012-3079 (Cisco IOS 12.2 allows remote attackers to cause a denial of service (C ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3078
	RESERVED
CVE-2012-3077
	RESERVED
CVE-2012-3076 (The administrative web interface on Cisco TelePresence Recording Serve ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3075 (The administrative web interface on Cisco TelePresence Immersive Endpo ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3074 (An unspecified API on Cisco TelePresence Immersive Endpoint Devices be ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3073 (The IP implementation on Cisco TelePresence Multipoint Switch before 1 ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3072
	RESERVED
CVE-2012-3071
	RESERVED
CVE-2012-3070
	RESERVED
CVE-2012-3069
	RESERVED
CVE-2012-3068
	RESERVED
CVE-2012-3067
	RESERVED
CVE-2012-3066
	RESERVED
CVE-2012-3065
	RESERVED
CVE-2012-3064
	RESERVED
CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5 ...)
	NOT-FOR-US: Cisco
CVE-2012-3062 (Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) sn ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3061
	RESERVED
CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers  ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-3059
	RESERVED
CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2012-3057 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) p ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3056 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3055 (Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF)  ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3054 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) p ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) pla ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3052 (Untrusted search path vulnerability in Cisco VPN Client 5.0 allows loc ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2012-3051 (Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote at ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-3050
	RESERVED
CVE-2012-3049
	RESERVED
CVE-2012-3048
	RESERVED
CVE-2012-3047 (Cross-site scripting (XSS) vulnerability in the web-wizard setup page  ...)
	NOT-FOR-US: Cisco
CVE-2012-3046
	RESERVED
CVE-2012-3045
	RESERVED
CVE-2012-3044
	RESERVED
CVE-2012-3043
	RESERVED
CVE-2012-3042
	REJECTED
CVE-2012-3041
	RESERVED
CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens  ...)
	NOT-FOR-US: Siemens
CVE-2012-3039 (Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmwa ...)
	NOT-FOR-US: Moxa OnCell Gateway
CVE-2012-3038
	RESERVED
CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the priv ...)
	NOT-FOR-US: Siemens SIMATIC PLC
CVE-2012-3036
	REJECTED
CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3033
	REJECTED
CVE-2012-3032 (SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 a ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3031 (Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3030 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3029
	REJECTED
CVE-2012-3028 (Cross-site request forgery (CSRF) vulnerability in WebNavigator in Sie ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3027
	REJECTED
CVE-2012-3026 (rifsrvd.exe in the Remote Interface Service in GE Intelligent Platform ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6  ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ( ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-3023
	RESERVED
CVE-2012-3022 (The SaveToFile method in a certain ActiveX control in TrendDisplay.dll ...)
	NOT-FOR-US: Canary Labs TrendLink
CVE-2012-3021 (rifsrvd.exe in the Remote Interface Service in GE Intelligent Platform ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-3020 (The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW77 ...)
	NOT-FOR-US: Siemens Synco OZW Web Server
CVE-2012-3019
	RESERVED
CVE-2012-3018 (The lockout-recovery feature in the Security Configurator component in ...)
	NOT-FOR-US: ICONICS GENESIS32
CVE-2012-3017 (Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote a ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2012-3016 (Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 all ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5. ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2012-3014 (The Management Software application in GarrettCom Magnum MNS-6K before ...)
	NOT-FOR-US: GarrettCom Magnum MNS-6K
CVE-2012-3013 (WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Indus ...)
	NOT-FOR-US: WAGO I/O System 758
CVE-2012-3012 (The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 ...)
	NOT-FOR-US: Arbiter Power Sentinel 1133A
CVE-2012-3011 (Directory traversal vulnerability in the web server in Fultek WinTr Sc ...)
	NOT-FOR-US: Fultek WinTr Scada web server
CVE-2012-3010 (rifsrvd.exe in the Remote Interface Service in GE Intelligent Platform ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, an ...)
	NOT-FOR-US: Siemens COMOS
CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3. ...)
	NOT-FOR-US: OSIsoft PI OPC DA Interface
CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wond ...)
	NOT-FOR-US: Invensys Wonderware SuiteLink
CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before BD-10103 ...)
	NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch 201 ...)
	NOT-FOR-US: Wonderwar
CVE-2012-3004 (Multiple untrusted search path vulnerabilities in RealFlex RealWin bef ...)
	NOT-FOR-US: RealFlex RealWin
CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in Sieme ...)
	NOT-FOR-US: WinCC
CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allows rem ...)
	NOT-FOR-US: Foscam, Wansview IP cameras
CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute arb ...)
	NOT-FOR-US: Mutiny Standard
CVE-2012-3000 (Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSe ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Cerberus FTP
CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro  ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2012-2997 (XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/s ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.i ...)
	NOT-FOR-US: Trend Micro
CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Int ...)
	NOT-FOR-US: Trend Micro
CVE-2012-2994 (The CoSoSys Endpoint Protector 4 appliance establishes an EPProot pass ...)
	NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2012-2993 (Microsoft Windows Phone 7 does not verify the domain name in the subje ...)
	NOT-FOR-US: Microsoft Windows Phone
CVE-2012-2992
	RESERVED
CVE-2012-2991 (The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in o ...)
	NOT-FOR-US: PayPal module in osCommerce Online Merchant
CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller ...)
	NOT-FOR-US: MarkAny ContentSAFER
CVE-2012-2989
	RESERVED
CVE-2012-2988
	RESERVED
CVE-2012-2987
	RESERVED
CVE-2012-2986 (lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Applian ...)
	NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in Cut ...)
	NOT-FOR-US: CuteSoft Cute Editor
CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overv ...)
	NOT-FOR-US: Websense
CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an aut ...)
	- webmin <removed>
CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated  ...)
	- webmin <removed>
CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute  ...)
	- webmin <removed>
CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on  ...)
	NOT-FOR-US: Samsung and HTC Android
CVE-2012-2979 (FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child ...)
	- nsd3 <not-affected> (Debian version not affected)
CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x bef ...)
	{DSA-2515-1}
	- nsd3 3.2.12-1
CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2975 (Cross-site scripting (XSS) vulnerability in the traffic overview page  ...)
	NOT-FOR-US: F5 ASM
CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers  ...)
	NOT-FOR-US: SMC SMC8024L2 switch
CVE-2012-2973
	RESERVED
CVE-2012-2972 (The (1) server and (2) agent components in CA ARCserve Backup r12.5, r ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2012-2971 (The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does n ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2012-2970 (The Synel SY-780/A Time &amp; Attendance terminal allows remote attack ...)
	NOT-FOR-US: Synel terminal
CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows remote a ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as distributed in ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not proper ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entr ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not proper ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext creden ...)
	NOT-FOR-US: BreakingPoint Storm appliance
CVE-2012-2963 (The administrative interface in the embedded web server on the Breakin ...)
	NOT-FOR-US: BreakingPoint Storm appliance
CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutini ...)
	NOT-FOR-US: Dell SonicWALL Scrutinizer
CVE-2012-2961 (SQL injection vulnerability in the management console in Symantec Web  ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2960 (Cross-site scripting (XSS) vulnerability in the import functionality i ...)
	NOT-FOR-US: HP ArcSight Connector, ArcSight Logger
CVE-2012-2959 (Cross-site request forgery (CSRF) vulnerability in password-manager/ch ...)
	NOT-FOR-US: BMC
CVE-2012-2958
	RESERVED
CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2956 (SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote auth ...)
	NOT-FOR-US: SpiceWorks
CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security
CVE-2012-2954
	RESERVED
CVE-2012-2953 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier a ...)
	NOT-FOR-US: Jaow
CVE-2012-2951
	REJECTED
CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local  ...)
	NOT-FOR-US: Gateway Geomatics MapServer
CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device use ...)
	NOT-FOR-US: Android
CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...)
	{DSA-2493-1}
	- asterisk 1:1.8.13.0~dfsg-1 (bug #675210)
CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-ce ...)
	{DSA-2493-1}
	- asterisk 1:1.8.13.0~dfsg-1 (bug #675204)
CVE-2012-2946
	RESERVED
CVE-2012-2945 (Hadoop 1.0.3 contains a symlink vulnerability. ...)
	- hadoop <itp> (bug #535861)
CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins a ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial  ...)
	- bitcoin 0.4.0-1
CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a  ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd  ...)
	{DSA-2484-1}
	- nut 2.6.4-1
	NOTE: https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542
CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in Cryptographp a ...)
	NOT-FOR-US: Cryptographp
CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture functionalit ...)
	{DSA-2711-1}
	- haproxy 1.4.23-1 (bug #674447)
	NOTE: According to upstream information this only was fixed in 1.4.21
	NOTE: only a issue if using non-default value for global.tune.bufsize configuration option
	NOTE: Reported as duplicate with CVE-2012-2391 http://seclists.org/oss-sec/2012/q2/417
CVE-2012-2941 (Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2 ...)
	NOT-FOR-US: Yandex.Server 2010 9.0 Enterprise
CVE-2012-2940 (MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a den ...)
	NOT-FOR-US: MediaChance Real-DRAW PRO
CVE-2012-2939 (Multiple unrestricted file upload vulnerabilities in Travelon Express  ...)
	NOT-FOR-US: Travelon Express
CVE-2012-2938 (Multiple cross-site scripting (XSS) vulnerabilities in Travelon Expres ...)
	NOT-FOR-US: Travelon Express
CVE-2012-2937 (Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow ...)
	NOT-FOR-US: Pligg
CVE-2012-2936 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS befor ...)
	NOT-FOR-US: Pligg
CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Sh ...)
	NOT-FOR-US: OSCommerce Online Merchant
CVE-2012-2934 (Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs,  ...)
	{DSA-2501-1}
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-2933
	RESERVED
CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery  ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote authen ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebG ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-2929
	RESERVED
CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6 ...)
	NOT-FOR-US: GR Board
CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not require auth ...)
	NOT-FOR-US: GR Board
CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for  ...)
	NOT-FOR-US: JIRA plugin
CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2012-2926 (Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0. ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 a ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php in Hype ...)
	NOT-FOR-US: Hypermethod eLearning Server 4G
CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod eLearning Serv ...)
	NOT-FOR-US: Hypermethod eLearning Server 4G
CVE-2012-2922 (The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...)
	- drupal7 7.22-1 (unimportant)
	NOTE: Path disclosure irrelevant for Debian
CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before 5.1 ...)
	- feedparser 5.1.2-1 (low; bug #674167)
	[squeeze] - feedparser <no-dsa> (Minor issue)
CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...)
	NOT-FOR-US: WordPress User Photo plugin
CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto 1. ...)
	NOT-FOR-US: Chevereto
CVE-2012-2918 (Cross-site scripting (XSS) vulnerability in Upload/engine.php in Cheve ...)
	NOT-FOR-US: Chevereto
CVE-2012-2917 (Cross-site scripting (XSS) vulnerability in the Share and Follow plugi ...)
	NOT-FOR-US: WordPress Share and Follow plugin
CVE-2012-2916 (Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in t ...)
	NOT-FOR-US: WordPress SABRE plugin
CVE-2012-2915 (Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2. ...)
	NOT-FOR-US: Lattice Semiconductor PAC-Designer
CVE-2012-2914 (Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimp ...)
	NOT-FOR-US: Unijimpe Captcha
CVE-2012-2913 (Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plu ...)
	NOT-FOR-US: WordPress Leaflet plugin
CVE-2012-2912 (Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManag ...)
	NOT-FOR-US: WordPress LeagueManager plugin
CVE-2012-2911 (Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftwa ...)
	NOT-FOR-US: SiliSoftware backupDB
CVE-2012-2910 (Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware ph ...)
	NOT-FOR-US: SiliSoftware phpThumb
CVE-2012-2909 (Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1. ...)
	NOT-FOR-US: Viscacha
CVE-2012-2908 (Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscach ...)
	NOT-FOR-US: Viscacha
CVE-2012-2907 (Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb fu ...)
	NOT-FOR-US: Drupal Aberdeen theme
CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recom ...)
	NOT-FOR-US: Artiphp CMS 5.5.0 Neo
CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable  ...)
	NOT-FOR-US: Artiphp CMS
CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to conduc ...)
	NOT-FOR-US: LongTail JW Player
CVE-2012-2903 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Boo ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-2902 (Unrestricted file upload vulnerability in editor/extensions/browser/fi ...)
	NOT-FOR-US: Joomla JCE
CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the Jo ...)
	NOT-FOR-US: Joomla JCE
CVE-2012-2900 (Skia, as used in Google Chrome before 22.0.1229.92, does not properly  ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2899 (Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls ...)
	- chromium-browser <not-affected> (iOS-specific)
CVE-2012-2898 (Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote ...)
	- chromium-browser <not-affected> (iOS-specific)
CVE-2012-2897 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome before 2 ...)
	- chromium-browser <not-affected> (MacOS X-specific)
CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79 allows remo ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle graphics-co ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before  ...)
	{DSA-2555-1}
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt 1.1.26-14 (bug #689422)
CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows  ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79 allows att ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2890 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0. ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2888 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allo ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2887 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allo ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2886 (Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0. ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2885 (Double free vulnerability in Google Chrome before 22.0.1229.79 allows  ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2884 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote atta ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote atta ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properl ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
	- libav 6:0.8.5-1 (bug #694483)
	- ffmpeg <not-affected> (vulnerable code not present)
	NOTE: https://chromiumcodereview.appspot.com/10829204
	NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, w ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote atta ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2879 (Google Chrome before 22.0.1229.79 allows remote attackers to cause a d ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2878 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allo ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2877 (The extension system in Google Chrome before 22.0.1229.79 does not pro ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2876 (Buffer overflow in the SSE2 optimization functionality in Google Chrom ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2875 (Multiple unspecified vulnerabilities in the PDF functionality in Googl ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2874 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote atta ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 22.0.1229.94~r161065-1
CVE-2012-2873
	RESERVED
CVE-2012-2872 (Cross-site scripting (XSS) vulnerability in an SSL interstitial page i ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.11 ...)
	{DSA-2555-1}
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt 1.1.26-14 (bug #689422)
CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180. ...)
	{DSA-2555-1}
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt 1.1.26-14 (bug #689422)
CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which a ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2868 (Race condition in Google Chrome before 21.0.1180.89 allows remote atta ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2867 (The SPDY implementation in Google Chrome before 21.0.1180.89 allows re ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2866 (Google Chrome before 21.0.1180.89 does not properly perform a cast of  ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2865 (Google Chrome before 21.0.1180.89 does not properly perform line break ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2864 (Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, C ...)
	- mesa 8.0.4-2 (bug #685667)
	[squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2012-2863 (The PDF functionality in Google Chrome before 21.0.1180.75 allows remo ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2862 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2861
	RESERVED
CVE-2012-2860 (The date-picker implementation in Google Chrome before 21.0.1180.57 on ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/122918
CVE-2012-2859 (Google Chrome before 21.0.1180.57 on Linux does not properly handle ta ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2858 (Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180. ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM i ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2856 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2855 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2854 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21 ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2853 (The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X an ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2852 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2851 (Multiple integer overflows in the PDF functionality in Google Chrome b ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2850 (Multiple unspecified vulnerabilities in the PDF functionality in Googl ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2849 (Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180. ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2848 (The drag-and-drop implementation in Google Chrome before 21.0.1180.57  ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2847 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21 ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly isolate r ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in jpeg-data.c in ...)
	- exif 0.6.20-2 (low; bug #681465)
	[squeeze] - exif <no-dsa> (Minor crasher)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does not pr ...)
	- chromium-browser <not-affected>
CVE-2012-2843 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allo ...)
	- chromium-browser 20.0.1132.57~r145807-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allo ...)
	- chromium-browser 20.0.1132.57~r145807-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in exif-entry.c ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2840 (Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-en ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2839
	RESERVED
CVE-2012-2838
	RESERVED
CVE-2012-2837 (The mnote_olympus_entry_get_value function in olympus/mnote-olympus-en ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2836 (The exif_data_load_data function in exif-data.c in the EXIF Tag Parsin ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2835
	RESERVED
CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows remote at ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in Google Chrom ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2832 (The image-codec implementation in the PDF functionality in Google Chro ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array values,  ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2828 (Multiple integer overflows in the PDF functionality in Google Chrome b ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2827 (Use-after-free vulnerability in the UI in Google Chrome before 20.0.11 ...)
	- chromium-browser <not-affected> (MacOS specific)
CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement texture  ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43 allows rem ...)
	- libxslt 1.1.26-13 (low; bug #679283)
	[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43 allows remo ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2821 (The autofill implementation in Google Chrome before 20.0.1132.43 does  ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement SVG filt ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in Google Chro ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly isolate ...)
	- chromium-browser <not-affected> (windows-only)
CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to obtain po ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2814 (Buffer overflow in the exif_entry_format_value function in exif-entry. ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2813 (The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Ta ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2812 (The exif_entry_get_value function in exif-entry.c in the EXIF Tag Pars ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2811
	RESERVED
CVE-2012-2810
	RESERVED
CVE-2012-2809
	RESERVED
CVE-2012-2808 (The PRNG implementation in the DNS resolver in Bionic in Android befor ...)
	- iceweasel <not-affected> (Only affects 37.x; only on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before ...)
	{DSA-2521-1}
	- libxml2 2.8.0+dfsg1-5 (bug #679280)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
CVE-2012-2806 (Heap-based buffer overflow in the get_sos function in jdmarker.c in li ...)
	- libjpeg-turbo <not-affected> (Fixed before initial release)
CVE-2012-2805 (Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to ca ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
	- ffmpeg 7:2.4.1-1
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in libavco ...)
	{DSA-2624-1}
	- ffmpeg 7:2.4.1-1
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in libavcod ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, a ...)
	{DSA-2624-1}
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg bef ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in libavcodec/df ...)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in libav ...)
	- ffmpeg 7:2.4.1-1
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
	NOTE: patch proposed: http://patches.libav.org/patch/32642/
CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in libavcod ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in libavcodec ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in  ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2792 (Unspecified vulnerability in the decode_init function in libavcodec/wm ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr functi ...)
	- libav 6:0.8.5-1 (bug #688847)
CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in libav ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in libavform ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	NOTE: contrary to the description, this issue is about the decode_subframe in libavcodec/wmaprodec.c
CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in libavform ...)
	{DSA-2624-1}
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in libavcodec/i ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in libavcodec/df ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in libavcodec/cav ...)
	{DSA-2624-1}
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
	NOTE: duplicate of CVE-2012-2777
CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11,  ...)
	{DSA-2624-1}
	- ffmpeg 7:2.4.1-1 (bug #688849)
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in libav ...)
	- libav <not-affected> (Doesn't affect libav)
CVE-2012-2781 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2780 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in libavcodec/i ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2778 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in libavcodec/cav ...)
	{DSA-2624-1}
	[squeeze] - ffmpeg 4:0.5.9-1 (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in libavcod ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in libav ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg be ...)
	- ffmpeg <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
	- libav <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
	NOTE: patch proposed: http://patches.libav.org/patch/32644/
CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in liba ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2771 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical Solu ...)
	- rt-authen-externalauth 0.10-2 (bug #683288)
CVE-2012-2769 (Multiple cross-site scripting (XSS) vulnerabilities in the topic admin ...)
	- request-tracker4 4.0.6-1
	NOTE: bundled in RT4
CVE-2012-2768 (Multiple cross-site scripting (XSS) vulnerabilities in the topic admin ...)
	{DSA-2535-1}
	- rtfm <removed> (bug #683290)
	- request-tracker4 4.0.6-1
	NOTE: bundled in RT4
CVE-2012-2767
	RESERVED
CVE-2012-2766
	RESERVED
CVE-2012-2765
	RESERVED
CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before 20.0.1132. ...)
	- chromium-browser <not-affected> (Windows specific)
CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tin ...)
	- gimp 2.8.0-1 (unimportant)
	NOTE: Only exploitable in rare/theoretical setups
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...)
	- serendipity <not-affected> (vulnerable code not present in 1.5.1, see bug #678139)
CVE-2012-2761
	RESERVED
CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permissions  ...)
	- libapache2-mod-auth-openid 0.7-0.1 (low; bug #674165)
	[squeeze] - libapache2-mod-auth-openid <no-dsa> (Minor issue)
CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-2758
	RESERVED
CVE-2012-2757
	RESERVED
CVE-2012-2756
	RESERVED
CVE-2012-2755
	RESERVED
CVE-2012-2754
	RESERVED
CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint Conne ...)
	NOT-FOR-US: Endpoint Connect
CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5 ...)
	NOT-FOR-US: VMware
CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly handle ...)
	{DSA-2506-1}
	- modsecurity-apache 2.6.6-1 (bug #678527)
	- libapache-mod-security <removed> (bug #678529)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown imp ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.23-1
	- mysql-5.1 <unfixed>
	NOTE: http://bugs.mysql.com/bug.php?id=59533
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authen ...)
	{DSA-2496-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.24+dfsg-1
CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote  ...)
	NOT-FOR-US: Joomla!
CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote  ...)
	NOT-FOR-US: Joomla!
CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server bef ...)
	- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-2745 (The copy_creds function in kernel/cred.c in the Linux kernel before 3. ...)
	- linux 3.2.15-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6 ...)
	- linux 2.6.34-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing a ...)
	- revelation 0.4.11-10 (low; bug #633088)
	[squeeze] - revelation <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
	- revelation 0.4.11-10 (bug #633088)
	[squeeze] - revelation <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...)
	- phplist <itp> (bug #612288)
CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...)
	- phplist <itp> (bug #612288)
CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 an ...)
	- openjdk-6 <removed> (unimportant)
	- openjdk-7 <removed> (unimportant)
	NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
	NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
	NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1
CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote au ...)
	- vte 1:0.28.2-5 (bug #677717)
	- vte3 1:0.32.2-1
	[squeeze] - vte 1:0.24.3-4
CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...)
	- accountsservice 0.6.21-6 (bug #679429)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
	NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...)
	- network-manager 0.9.4.0-1 (low; bug #655972)
	[squeeze] - network-manager 0.8.1-6+squeeze2
CVE-2012-2735 (Session fixation vulnerability in Cumin before 0.1.5444, as used in Re ...)
	NOT-FOR-US: Cumin
CVE-2012-2734 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin be ...)
	NOT-FOR-US: Cumin
CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP  ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-1 (bug #692440)
CVE-2012-2732
	REJECTED
CVE-2012-2731 (The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PH ...)
	NOT-FOR-US: Drupal module
CVE-2012-2730 (The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not p ...)
	NOT-FOR-US: Drupal module
CVE-2012-2729 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...)
	NOT-FOR-US: Drupal module
CVE-2012-2728 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...)
	NOT-FOR-US: Drupal module
CVE-2012-2727 (Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and  ...)
	NOT-FOR-US: Drupal module
CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML mod ...)
	NOT-FOR-US: Drupal module
CVE-2012-2724 (The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-a ...)
	NOT-FOR-US: Drupal module
CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2722 (The node selection interface in the WYSIWYG editor (CKEditor) in the N ...)
	NOT-FOR-US: Drupal module
CVE-2012-2721 (The default views in the Organic Groups (OG) module 6.x-2.x before 6.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2720 (The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for ...)
	NOT-FOR-US: Drupal module
CVE-2012-2719 (The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed  ...)
	NOT-FOR-US: Drupal module
CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows re ...)
	NOT-FOR-US: Drupal module
CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tool ...)
	NOT-FOR-US: Drupal module
CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment Moderat ...)
	NOT-FOR-US: Drupal module
CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function  ...)
	NOT-FOR-US: Drupal module
CVE-2012-2714 (The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drup ...)
	NOT-FOR-US: Drupal module
CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozi ...)
	NOT-FOR-US: Drupal module
CVE-2012-2712 (Multiple cross-site scripting (XSS) vulnerabilities in the Search API  ...)
	NOT-FOR-US: Drupal module
CVE-2012-2711 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Li ...)
	NOT-FOR-US: Drupal module
CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x bef ...)
	NOT-FOR-US: Drupal module
CVE-2012-2709
	REJECTED
CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the _hosting_task_log_tabl ...)
	NOT-FOR-US: Drupal module
CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does n ...)
	NOT-FOR-US: Drupal module
CVE-2012-2706 (Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PA ...)
	NOT-FOR-US: Drupal module
CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module 6.x-1.x befo ...)
	NOT-FOR-US: Drupal module
CVE-2012-2704 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not pr ...)
	NOT-FOR-US: Drupal Module
CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement module 6 ...)
	NOT-FOR-US: Drupal module
CVE-2012-2702 (The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal doe ...)
	NOT-FOR-US: Drupal module
CVE-2012-2701
	REJECTED
CVE-2012-2700
	REJECTED
CVE-2012-2699
	REJECTED
CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage function in ...)
	[squeeze] - mediawiki <not-affected> (bug #677895; only affects experimental version 1.9.0)
	- mediawiki 1:1.19.1-1
CVE-2012-2697 (Unspecified vulnerability in autofs, as used in Red Hat Enterprise Lin ...)
	- autofs 5.0.6-1
	NOTE: Fixed upstream with "fix paged ldap map read"
CVE-2012-2696 (The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) befo ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x befo ...)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
CVE-2012-2694 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
CVE-2012-2693 (libvirt, possibly before 0.9.12, does not properly assign USB devices  ...)
	- libvirt 0.9.12-1 (bug #677496)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-2692 (MantisBT before 1.2.11 does not check the delete_attachments_threshold ...)
	{DSA-2500-1}
	- mantis 1.2.11-1 (bug #676783)
CVE-2012-2691 (The mc_issue_note_update function in the SOAP API in MantisBT before 1 ...)
	- mantis 1.2.11-1 (bug #676783)
	[squeeze] - mantis <not-affected> (according to maintainer)
CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permission ...)
	- libguestfs 1:1.18.0-1
	NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
	NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5
CVE-2012-2689
	RESERVED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...)
	{DSA-2527-1}
	- php5 5.4.4-4 (low; bug #683274)
CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ...)
	- apache2 2.2.22-8 (low)
	[squeeze] - apache2 2.2.16-6+squeeze8
CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TL ...)
	- openssl 1.0.1e-1 (bug #699889)
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: DoS in specific protocol + cpu type combination
CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...)
	NOT-FOR-US: Cumin
CVE-2012-2684 (Multiple SQL injection vulnerabilities in the get_sample_filters_by_si ...)
	NOT-FOR-US: Cumin
CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0. ...)
	NOT-FOR-US: Cumin
CVE-2012-2682 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG  ...)
	NOT-FOR-US: Cumin
CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...)
	NOT-FOR-US: Cumin
CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...)
	NOT-FOR-US: Cumin
CVE-2012-2679 (Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg b ...)
	NOT-FOR-US: Red Hat Network configuration client
CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server bef ...)
	- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-2677 (Integer overflow in the ordered_malloc function in boost/pool/pool.hpp ...)
	- boost1.42 <removed> (low; bug #688331)
	[squeeze] - boost1.42 <no-dsa> (Minor issue)
	- boost1.49 1.49.0-3.1 (low; bug #677197)
CVE-2012-2676 (Multiple integer overflows in the (1) malloc and (2) calloc functions  ...)
	NOT-FOR-US: Hoard memory allocator
CVE-2012-2675 (Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedp ...)
	NOT-FOR-US: nedmalloc
CVE-2012-2674 (Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and ...)
	NOT-FOR-US: Android libc
CVE-2012-2673 (Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc ...)
	- libgc 1:7.1-9 (bug #677195)
	[squeeze] - libgc 1:6.8-2
CVE-2012-2672 (Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext ref ...)
	- mojarra 2.2.8-1 (bug #677194)
	[wheezy] - mojarra <not-affected> (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian)
	[squeeze] - mojarra <not-affected> (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian)
CVE-2012-2671 (The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other  ...)
	NOTE: https://github.com/rtomayko/rack-cache/blob/master/CHANGES
	- ruby-rack-cache 1.2-1
CVE-2012-2670 (manageuser.php in Collabtive before 0.7.6 allows remote authenticated  ...)
	- collabtive 0.7.6-1 (bug #676311)
	NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded
	NOTE: http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
	NOTE: http://www.collabtive.o-dyn.de/blog/?p=426
CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distri ...)
	- linux 3.2.23-1
	[squeeze] - linux-2.6 <not-affected> (userspace daemon not yet present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=761200
CVE-2012-2668 (libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, wh ...)
	- openldap <not-affected> (OpenLDAP in Debian uses GNUTLS instead of Mozilla NSS)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=825875
	NOTE: http://www.openldap.org/its/index.cgi?findid=7285
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2c2bb2e
CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.p ...)
	NOT-FOR-US: Symfony
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=418427
	NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released
	NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
	NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
CVE-2012-2666
	RESERVED
CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...)
	{DSA-2520-1}
	- libreoffice 1:3.5.4-7
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29 does no ...)
	NOT-FOR-US: sosreport (Red Hat tool)
CVE-2012-2663 (extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP S ...)
	- iptables <unfixed> (unimportant; bug #675445)
CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certifi ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ...)
	- rails <not-affected> (Doesn't affects RoR in Squeeze)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429)
	NOTE: http://seclists.org/oss-sec/2012/q2/448
CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
	NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
	RESERVED
CVE-2012-2658
	- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
	NOTE: Only triggerable by trusted input, not a security issue
CVE-2012-2657
	- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
	NOTE: Only triggerable by trusted input, not a security issue
CVE-2012-2656 (An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endp ...)
	- restlet <itp> (bug #596472)
CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0. ...)
	{DSA-2491-1}
	- postgresql-9.1 9.1.4-1
	- postgresql-8.4 8.4.12-1
CVE-2012-2654 (The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2 ...)
	- nova 2012.1-6 (bug #676465)
CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly othe ...)
	{DSA-2481-1}
	- arpwatch 2.1a15-1.2 (bug #674715)
	NOTE: Debian build includes the vulnerable patch (in .diff.gz)
CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the failur ...)
	{DSA-2545-1 DSA-2542-1}
	- qemu 1.1.0+dfsg-1 (bug #678280)
	- qemu-kvm 1.1.0+dfsg-1
CVE-2012-2651
	RESERVED
CVE-2012-2650
	RESERVED
CVE-2012-2649 (The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile  ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2012-2648 (Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 an ...)
	NOT-FOR-US: GoodReader
CVE-2012-2647 (Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote ...)
	NOT-FOR-US: Yahoo! Toolbar
CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Andr ...)
	NOT-FOR-US: The Yahoo! Japan Yahoo! Browser application
CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...)
	NOT-FOR-US: Movable Type MT4i plugin
CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6 ...)
	NOT-FOR-US: KENT-WEB YY-BOARD
CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...)
	NOT-FOR-US: Movable Type MT4i plugin
CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allo ...)
	NOT-FOR-US: Zenphoto
CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Andr ...)
	NOT-FOR-US: The NEC BIGLOBE Yome Collection
CVE-2012-2639
	REJECTED
CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...)
	NOT-FOR-US: SmallPICT
CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 an ...)
	NOT-FOR-US: KENT-WEB WEB PATIO
CVE-2012-2636 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 an ...)
	NOT-FOR-US: KENT-WEB WEB PATIO
CVE-2012-2635 (The Dolphin Browser HD application before 7.6 and Dolphin for Pad appl ...)
	NOT-FOR-US: Dolphin
CVE-2012-2634 (Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when ...)
	NOT-FOR-US: FeedDemon
CVE-2012-2633 (Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp p ...)
	NOT-FOR-US: WassUp
CVE-2012-2632 (SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 th ...)
	NOT-FOR-US: SEIL routers
CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart ...)
	NOT-FOR-US: WEBLOGIC
CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for Andr ...)
	NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site scripting (X ...)
	NOT-FOR-US: Axous
CVE-2012-2628
	RESERVED
CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell So ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell S ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-2625 (The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1a ...)
	{DSA-2636-1}
	- xen 4.1.3-4 (low; bug #688125)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
CVE-2012-2624 (Stack-based buffer overflow in Logica HotScan allows remote attackers  ...)
	NOT-FOR-US: Logica HotScan
CVE-2012-XXXX [two XSS]
	- spip 2.1.14-1 (low; bug #672961)
	[squeeze] - spip 2.1.1-3squeeze4
CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, a ...)
	NOT-FOR-US: Oracle Database
CVE-2012-2623
	RESERVED
CVE-2012-2622
	RESERVED
CVE-2012-2621
	RESERVED
CVE-2012-2620
	RESERVED
CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, ...)
	- firmware-nonfree <not-affected> (Affects different chipset combination, see bug #694716)
CVE-2012-2618
	RESERVED
CVE-2012-2617
	RESERVED
CVE-2012-2616
	RESERVED
CVE-2012-2615
	REJECTED
CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2  ...)
	NOT-FOR-US: Lattice Diamond Programmer
CVE-2012-2613
	RESERVED
CVE-2012-2612 (The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.7 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2611 (The DiagTraceR3Info function in the Dialog processor in disp+work.exe  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2610
	RESERVED
CVE-2012-2609
	RESERVED
CVE-2012-2608
	RESERVED
CVE-2012-2607 (The Johnson Controls CK721-A controller with firmware before SSM4388_0 ...)
	NOT-FOR-US: The Johnson Controls CK721-A
CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not require aut ...)
	NOT-FOR-US: Bradford Network Sentry
CVE-2012-2605 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: Bradford Network Sentry
CVE-2012-2604 (Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp ...)
	NOT-FOR-US: Bradford Network Sentry
CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote authen ...)
	NOT-FOR-US: CollabNet ScrumWorks Pro
CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWin ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsU ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2012-2600
	RESERVED
CVE-2012-2599
	REJECTED
CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 t ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2596 (The XPath functionality in unspecified web applications in Siemens Win ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified web ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2594
	RESERVED
CVE-2012-2593 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: Atmail Webmail Server
CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 a ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect  ...)
	NOT-FOR-US: EmailArchitect
CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPo ...)
	NOT-FOR-US: ESCON SupportPortal Professional Edition
CVE-2012-2589
	REJECTED
CVE-2012-2588 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Ente ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic Mail ...)
	NOT-FOR-US: AfterLogic MailSuite Pro
CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3 ...)
	NOT-FOR-US: Mailtraq
CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Se ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon F ...)
	NOT-FOR-US: Alt-N MDaemon Free
CVE-2012-2583 (Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget ...)
	NOT-FOR-US: WordPress plugin Mini Mail Dashboard Widget
CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	{DSA-2536-1}
	- otrs2 3.1.7+dfsg1-4
CVE-2012-2581
	RESERVED
CVE-2012-2580 (Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, a ...)
	NOT-FOR-US: WordPress plugin Postie
CVE-2012-2579 (Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMa ...)
	NOT-FOR-US: WordPress plugin SimpleMail
CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...)
	NOT-FOR-US: SmarterMail
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orio ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in SolarWinds Sto ...)
	NOT-FOR-US: SolarWinds
CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 all ...)
	NOT-FOR-US: NetWin SurgeMail
CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web  ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3 ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2572 (Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflecto ...)
	NOT-FOR-US: WordPress plugin ThreeWP Email Reflector
CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Serv ...)
	NOT-FOR-US: WinWebMail
CVE-2012-2570 (Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart ...)
	NOT-FOR-US: X-Cart Gold
CVE-2012-2569 (Cross-site scripting (XSS) vulnerability in Synametrics Technologies X ...)
	NOT-FOR-US: Synametrics Technologies Xeams
CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web server on t ...)
	NOT-FOR-US: Seagate BlackArmor
CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses h ...)
	NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2566 (Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwar ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2565 (Bloxx Web Filtering before 5.0.14 does not use a salt during calculati ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2564 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filte ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android does n ...)
	NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict t ...)
	NOT-FOR-US: HP Business Service Management
CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows r ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: WellinTech KingHistorian
CVE-2012-2558
	RESERVED
CVE-2012-2557 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through  ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-2556 (The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2555
	REJECTED
CVE-2012-2554
	REJECTED
CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report Mana ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft Works
CVE-2012-2549 (The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 20 ...)
	NOT-FOR-US: Windows Server
CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-2547
	REJECTED
CVE-2012-2546 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-2545
	REJECTED
CVE-2012-2544
	REJECTED
CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 20 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-2542
	REJECTED
CVE-2012-2541
	REJECTED
CVE-2012-2540
	REJECTED
CVE-2012-2539 (Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer;  ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-2538
	REJECTED
CVE-2012-2537
	REJECTED
CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems Manageme ...)
	NOT-FOR-US: Microsoft Systems Management Server
CVE-2012-2535
	REJECTED
CVE-2012-2534
	REJECTED
CVE-2012-2533
	REJECTED
CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (I ...)
	NOT-FOR-US: Microsoft FTP Service
CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak permission ...)
	NOT-FOR-US: Microsoft IIS
CVE-2012-2530 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2529 (Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and  ...)
	NOT-FOR-US: Microsoft Word
CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2525
	REJECTED
CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP ...)
	NOT-FOR-US: Microsoft Infopath
CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in  ...)
	NOT-FOR-US: Microsoft .NET framework
CVE-2012-2518
	REJECTED
CVE-2012-2517 (Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 al ...)
	NOT-FOR-US: PrestaShop
CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the  ...)
	NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...)
	NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 72 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.1 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2512 (The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 72 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2511 (The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2510
	RESERVED
CVE-2012-2509
	RESERVED
CVE-2012-2508
	RESERVED
CVE-2012-2507
	RESERVED
CVE-2012-2506
	RESERVED
CVE-2012-2505
	RESERVED
CVE-2012-2504
	RESERVED
CVE-2012-2503
	RESERVED
CVE-2012-2502
	RESERVED
CVE-2012-2501
	RESERVED
CVE-2012-2500 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not  ...)
	NOT-FOR-US: Cisco
CVE-2012-2499 (The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3. ...)
	NOT-FOR-US: Cisco
CVE-2012-2498 (Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ...)
	NOT-FOR-US: Cisco
CVE-2012-2497
	REJECTED
CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the WebL ...)
	NOT-FOR-US: Cisco
CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure Mobi ...)
	NOT-FOR-US: Cisco
CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco An ...)
	NOT-FOR-US: Cisco
CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco An ...)
	NOT-FOR-US: Cisco
CVE-2012-2492
	RESERVED
CVE-2012-2491
	RESERVED
CVE-2012-2490 (Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify ...)
	NOT-FOR-US: Cisco
CVE-2012-2489
	RESERVED
CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series de ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-2487
	RESERVED
CVE-2012-2486 (The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresenc ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-2485
	RESERVED
CVE-2012-2484
	RESERVED
CVE-2012-2483
	RESERVED
CVE-2012-2482
	RESERVED
CVE-2012-2481
	RESERVED
CVE-2012-2480
	RESERVED
CVE-2012-2479
	RESERVED
CVE-2012-2478
	RESERVED
CVE-2012-2477
	RESERVED
CVE-2012-2476
	RESERVED
CVE-2012-2475
	RESERVED
CVE-2012-2474 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series de ...)
	NOT-FOR-US: Cisco
CVE-2012-2473
	RESERVED
CVE-2012-2472 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2012-2471
	RESERVED
CVE-2012-2470
	RESERVED
CVE-2012-2469 (Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when ...)
	NOT-FOR-US: Cisco
CVE-2012-2468
	RESERVED
CVE-2012-2467
	RESERVED
CVE-2012-2466
	RESERVED
CVE-2012-2465
	RESERVED
CVE-2012-2464
	RESERVED
CVE-2012-2463
	RESERVED
CVE-2012-2462
	RESERVED
CVE-2012-2461
	RESERVED
CVE-2012-2460
	RESERVED
CVE-2012-2459 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5 ...)
	- bitcoin 0.6.2.1-1
	NOTE: https://bitcointalk.org/index.php?topic=81749.0
CVE-2012-2458
	RESERVED
CVE-2012-2457
	RESERVED
CVE-2012-2456
	REJECTED
CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not valida ...)
	NOT-FOR-US: Advanced Productivity Software DTE Axiom
CVE-2012-2454
	RESERVED
CVE-2012-2453
	RESERVED
CVE-2012-2452 (Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x be ...)
	NOT-FOR-US: pragmaMx
CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...)
	NOT-FOR-US: VMware
CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...)
	NOT-FOR-US: VMware
CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attac ...)
	NOT-FOR-US: VMware
CVE-2012-2447 (Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupd ...)
	NOT-FOR-US: Netsweeper WebAdmin Portal
CVE-2012-2446 (Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in  ...)
	NOT-FOR-US: Netsweeper WebAdmin Portal
CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary fil ...)
	- libconfig-inifiles-perl 2.72-1 (bug #671255; low)
	[squeeze] - libconfig-inifiles-perl 2.52-1+squeeze1
	NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
	NOTE: http://seclists.org/oss-sec/2012/q2/225
CVE-2012-2445
	RESERVED
CVE-2012-2444
	RESERVED
CVE-2012-2443
	RESERVED
CVE-2012-2442 (Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and  ...)
	NOT-FOR-US: Nokia PC Suite
CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory accou ...)
	NOT-FOR-US: RuggedCom Rugged Operating System
CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables web-base ...)
	NOT-FOR-US: TP-Link router
CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall enab ...)
	NOT-FOR-US: NETGEAR appliance
CVE-2012-2438 (ar web content manager (AWCM) 2.2 does not restrict the number of comm ...)
	NOT-FOR-US: ar web content manager
CVE-2012-2437 (cookie_gen.php in ar web content manager (AWCM) 2.2 does not require a ...)
	NOT-FOR-US: ar web content manager
CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS befor ...)
	NOT-FOR-US: Pligg
CVE-2012-2435 (Directory traversal vulnerability in the captcha module in Pligg CMS b ...)
	NOT-FOR-US: Pligg
CVE-2012-2434
	RESERVED
CVE-2012-2433
	RESERVED
CVE-2012-2432
	RESERVED
CVE-2012-2431
	RESERVED
CVE-2012-2430
	RESERVED
CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read operation,  ...)
	NOT-FOR-US: xArrow
CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows remote at ...)
	NOT-FOR-US: xArrow
CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1 allows ...)
	NOT-FOR-US: xArrow
CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate memory, w ...)
	NOT-FOR-US: xArrow
CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...)
	NOT-FOR-US: Intuit
CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...)
	NOT-FOR-US: Intuit
CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...)
	NOT-FOR-US: Intuit
CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers to ob ...)
	NOT-FOR-US: Intuit
CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka Intuit  ...)
	NOT-FOR-US: Intuit
CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...)
	NOT-FOR-US: Intuit
CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggabl ...)
	NOT-FOR-US: Intuit
CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System ...)
	NOT-FOR-US: Intuit
CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when us ...)
	{DSA-2502-1}
	- python-crypto 2.6-1
	NOTE: https://bugs.launchpad.net/pycrypto/+bug/985164
CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...)
	NOT-FOR-US: Joomla template
CVE-2012-2412
	REJECTED
CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealP ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2409 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2408 (The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2407 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 throug ...)
	NOT-FOR-US: RealPlayer
CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement  ...)
	- gallery2 <removed>
CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite redire ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to enabl ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote authentic ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPres ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress  ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2399 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2010-5136
	REJECTED
CVE-2010-5135
	REJECTED
CVE-2010-5134
	REJECTED
CVE-2010-5133
	REJECTED
CVE-2010-5132
	REJECTED
CVE-2010-5131
	REJECTED
CVE-2010-5130
	REJECTED
CVE-2010-5129
	REJECTED
CVE-2010-5128
	REJECTED
CVE-2010-5127
	REJECTED
CVE-2010-5126
	REJECTED
CVE-2010-5125
	REJECTED
CVE-2010-5124
	REJECTED
CVE-2010-5123
	REJECTED
CVE-2010-5122
	REJECTED
CVE-2010-5121
	REJECTED
CVE-2010-5120
	REJECTED
CVE-2010-5119
	REJECTED
CVE-2010-5118
	REJECTED
CVE-2010-5117
	REJECTED
CVE-2010-5116
	RESERVED
CVE-2010-5115
	RESERVED
CVE-2010-5114
	RESERVED
CVE-2010-5113
	RESERVED
CVE-2010-5112
	RESERVED
CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...)
	- echoping 6.0.2-4 (low; bug #606808)
	[squeeze] - echoping <no-dsa> (Minor issue)
	NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569
	NOTE: http://xforce.iss.net/xforce/xfdb/64141
	NOTE: http://secunia.com/advisories/42619/
CVE-2010-5110 (DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...)
	{DLA-24-1}
	- poppler 0.16.3-1 (bug #722705)
	[squeeze] - poppler 0.12.4-1.2+squeeze4
CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's  ...)
	- libytnef 1.5-5 (low; bug #705468)
	[squeeze] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	- claws-mail-extra-plugins <unfixed> (low)
	[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	- claws-mail 3.11.1-2 (bug #771360)
	[squeeze] - claws-mail <not-affected> (In Squeeze, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
	[wheezy] - claws-mail <not-affected> (In Wheezy, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
CVE-2010-5108 (Trac 0.11.6 does not properly check workflow permissions before modify ...)
	- trac 0.11.7-1 (bug #573260)
CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...)
	- openssh 1:6.0p1-4 (low; bug #700102)
	[squeeze] - openssh 1:5.5p1-6+squeeze3
CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress bef ...)
	- wordpress 3.0.3-1
CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ...)
	- blender <unfixed> (unimportant; bug #584621)
	[squeeze] - blender <no-dsa> (Minor issue)
	[wheezy] - blender <no-dsa> (Minor issue)
	NOTE: Neutralised by kernel temp hardening
CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before 4 ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php i ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2 ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install Too ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5099 (The fileDenyPattern functionality in the PHP file inclusion protection ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge function ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5096
	NOT-FOR-US: MyBB
CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in Si ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x befo ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages i ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in SilverSt ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...)
	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny channel driv ...)
	{DSA-2460-1}
	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2. ...)
	{DSA-2460-1}
	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...)
	- owncloud 3.0.3-1
CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0 ...)
	- owncloud 3.0.3-1
CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a den ...)
	- vlc <not-affected> (Not used, see bug #671727)
	- taglib 1.7.2-1 (unimportant)
CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and  ...)
	- wireshark 1.6.8-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824419
CVE-2012-2393 (epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wiresha ...)
	- wireshark 1.6.8-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-09.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824413
CVE-2012-2392 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote att ...)
	- wireshark 1.6.8-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805 Squeeze: vulnerable code not present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120 Squeeze: vulnerable code not present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124 Squeeze: vulnerable code not present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 is CVE-2012-3825 and CVE-2012-3826
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824411
CVE-2012-2391
	REJECTED
CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows lo ...)
	- linux 3.2.19-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permi ...)
	- hostapd <not-affected> (Debian package provides no default config file)
	- wpa <not-affected> (Debian package provides no default config file)
CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attacke ...)
	{DSA-2483-1}
	- strongswan 4.5.2-1.4
CVE-2012-2387 (devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random nu ...)
	- devotee <itp> (bug #470995)
CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the ph ...)
	{DSA-2492-1}
	- php5 5.4.4~rc1-1
CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote authenticat ...)
	- mosh 1.2.1-1 (low; bug #673871)
	[squeeze] - mosh 1.2.1-1 (low; bug #673871)
	NOTE: https://github.com/keithw/mosh/issues/271
	NOTE: https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e
CVE-2012-2384 (Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu ...)
	- linux-2.6 3.2.17-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2383 (Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/d ...)
	- linux-2.6 3.2.17-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2382
	REJECTED
CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...)
	NOT-FOR-US: Apache Roller
CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: Apache Roller
CVE-2012-2379 (Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2. ...)
	NOT-FOR-US: Apache CXF
CVE-2012-2378 (Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before  ...)
	NOT-FOR-US: Apache CXF
CVE-2012-2377 (JGroups diagnostics service in JBoss Enterprise Portal Platform before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ea ...)
	- php5 <not-affected> (Windows-specific vulnerability)
CVE-2012-2375 (The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 ...)
	- linux 3.2.19-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Incomplete patch was not released)
CVE-2012-2374 (CRLF injection vulnerability in the tornado.web.RequestHandler.set_hea ...)
	- python-tornado 2.1.0-3 (low; bug #673987)
	[squeeze] - python-tornado <not-affected> (Vulnerable code not present)
CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical Addre ...)
	- linux-2.6 3.2.19-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram ...)
	- linux 3.11.10-1 (unimportant)
	[wheezy] - linux 3.2.53-1
	NOTE: rds is not included in distributed kernel images, only marked as "experimental"
CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceTh ...)
	NOT-FOR-US: WP-FaceThumb plugin for WordPress
CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in io ...)
	- gdk-pixbuf 2.26.1-1 (low)
CVE-2012-2369 (Format string vulnerability in the log_message_cb function in otr-plug ...)
	{DSA-2476-1}
	- pidgin-otr 3.2.1-1 (medium; bug #673154)
	NOTE: libotr not affected
CVE-2012-2368 (Bytemark Symbiosis before Revision 1322 does not properly validate pas ...)
	NOT-FOR-US: Bytemark Symbiosis
CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, an ...)
	- moodle 2.2.3.dfsg-1 (low; bug #674163)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2. ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2365 (Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2364 (Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle  ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2363 (SQL injection vulnerability in calendar/event.php in the calendar impl ...)
	- moodle 2.0-1 (bug #674163)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
	NOTE: Only affects Moodle 1.9.x
CVE-2012-2362 (Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog i ...)
	- moodle 2.0-1 (bug #674163)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
	NOTE: Only affects Moodle 1.9.x
CVE-2012-2361 (Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2360 (Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Mood ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2359 (admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2. ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2358 (Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3  ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2357 (The Multi-Authentication feature in the Central Authentication Service ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2356 (The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2355 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2354 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...)
	{DSA-2477-1}
	- sympa 6.1.11~dfsg-1 (bug #672893; high)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8
CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...)
	{DSA-2467-1}
	- mahara 1.4.2-1
CVE-2012-2350 (pam_shield before 0.9.4: Default configuration does not perform protec ...)
	- pam-shield 0.9.2-3.3 (low; bug #658830)
	[squeeze] - pam-shield 0.9.2-3.3~squeeze1
CVE-2012-2349
	REJECTED
CVE-2012-2348
	REJECTED
CVE-2012-2347
	REJECTED
CVE-2012-2346
	REJECTED
CVE-2012-2345
	REJECTED
CVE-2012-2344
	REJECTED
CVE-2012-2343
	REJECTED
CVE-2012-2342
	REJECTED
CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control mo ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
	NOT-FOR-US: Drupal Take Control
CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not sp ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
	NOT-FOR-US: Drupal Contact Forms
CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1. ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
	NOT-FOR-US: Drupal Glossary
CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette 0 ...)
	NOT-FOR-US: Galette
	NOTE: http://redmine.ulysses.fr/issues/250
	NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1
CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ...)
	{DSA-2478-1}
	- sudo 1.8.3p2-1.1 (bug #673766)
CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when  ...)
	- php5 5.4.3 (unimportant)
	NOTE: Rather harmless bug
CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, whic ...)
	NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311
CVE-2012-2334 (Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice. ...)
	{DSA-2487-1}
	- libreoffice 1:3.5.2~rc2-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
CVE-2012-2333 (Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1 ...)
	{DSA-2475-1}
	- openssl 1.0.1c-1 (bug #672452)
	NOTE: http://seclists.org/oss-sec/2012/q2/299
	NOTE: http://www.openssl.org/news/secadv/20120510.txt
CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in Se ...)
	- serendipity <removed> (bug #671937; low)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt
	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in serendipity/serendipity_ad ...)
	- serendipity <removed> (bug #671937; low)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt
	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
CVE-2012-2330 (The Update method in src/node_http_parser.cc in Node.js before 0.6.17  ...)
	- nodejs 0.6.17~dfsg1-1
	NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
	NOTE: https://github.com/joyent/node/commit/c9a231d
CVE-2012-2329 (Buffer overflow in the apache_request_headers function in sapi/cgi/cgi ...)
	- php5 5.4.3-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: 5.4.x only
CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrume ...)
	NOT-FOR-US: sblim
CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obt ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel (A ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in t ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) b ...)
	NOT-FOR-US: MyBB
CVE-2012-2323
	REJECTED
CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c i ...)
	- connman 1.0-1 (bug #672989)
	[squeeze] - connman <not-affected> (Vulnerable code not present)
CVE-2012-2321 (The loopback plug-in in ConnMan before 0.85 allows remote attackers to ...)
	- connman 1.0-1 (low; bug #672989)
	[squeeze] - connman <no-dsa> (Minor issue)
CVE-2012-2320 (ConnMan before 0.85 does not ensure that netlink messages originate fr ...)
	- connman 1.0-1 (low; bug #672989)
	[squeeze] - connman <no-dsa> (Minor issue)
CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in  ...)
	- linux 3.2.17-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4  ...)
	- pidgin 2.10.4-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in th ...)
	- php5 5.3.6-1 (bug #581170)
	[squeeze] - php5 5.3.3-7+squeeze4
CVE-2012-2316 (Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthS ...)
	NOT-FOR-US: OpenKM
CVE-2012-2315 (admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not  ...)
	NOT-FOR-US: OpenKM
CVE-2012-2314 (The bootloader configuration module (pyanaconda/bootloader.py) in Anac ...)
	NOT-FOR-US: The anaconda installer
CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Lin ...)
	- linux 3.2.19-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2312 (An Elevated Privileges issue exists in JBoss AS 7 Community Release du ...)
	- jbossas4 <not-affected> (Only affects JBoss 7)
CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when  ...)
	{DSA-2465-1}
	- php5 5.4.3-1 (bug #671880)
	NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
	NOTE: http://www.kb.cert.org/vuls/id/520827
CVE-2012-2310 (Cross-site scripting (XSS) vulnerability in the cctags module for Drup ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2309 (Cross-site scripting (XSS) vulnerability in the Glossify Internal Link ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2308 (Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalo ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2307 (Cross-site request forgery (CSRF) vulnerability in the Addressbook mod ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2306 (SQL injection vulnerability in the Addressbook module for Drupal 6.x-4 ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node Gallery mo ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2304 (The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an ent ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce p ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4  ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2301 (The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote au ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart mo ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2299 (The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1  ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the RealName mo ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the Creative Co ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x b ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2295
	REJECTED
CVE-2012-2294 (EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before  ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2012-2293 (Directory traversal vulnerability in EMC RSA Archer SmartSuite Framewo ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2012-2292 (The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Frame ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2012-2291 (EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC ...)
	NOT-FOR-US: EMC Avamar
CVE-2012-2290 (The client in EMC NetWorker Module for Microsoft Applications (NMM) 2. ...)
	NOT-FOR-US: EMC NetWorker Module for Microsoft Applications
CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender W ...)
	NOT-FOR-US: EMC
CVE-2012-2288 (Format string vulnerability in the nsrd RPC service in EMC NetWorker 7 ...)
	NOT-FOR-US: EMC NetWorker
CVE-2012-2287 (The authentication functionality in EMC RSA Authentication Agent 7.1 a ...)
	NOT-FOR-US: EMC RSA Authentication agent
CVE-2012-2286 (Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premis ...)
	NOT-FOR-US: EMC RSA Authentication agent
CVE-2012-2285 (EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, a ...)
	NOT-FOR-US: EMC Cloud Tiering Appliance
CVE-2012-2284 (The (1) install and (2) upgrade processes in EMC NetWorker Module for  ...)
	NOT-FOR-US: EMC NetWorker Module for Microsoft Applications
CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware be ...)
	NOT-FOR-US: Iomega Home Media Network Hard Drive
CVE-2012-2282 (EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53. ...)
	NOT-FOR-US: EMC Celerra/VNX/VNXe
CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manage ...)
	NOT-FOR-US: RSA Access Manager
	NOTE: http://seclists.org/bugtraq/2012/Jul/36
CVE-2012-2280 (EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appl ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2012-2279 (Open redirect vulnerability in the Security Console in EMC RSA Authent ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2012-2278 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Se ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2012-2277 (The IRM Server in EMC Documentum Information Rights Management 4.x bef ...)
	NOT-FOR-US: EMC Documentum Information Rights Management
CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x bef ...)
	NOT-FOR-US: EMC Documentum Information Rights Management
CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...)
	NOT-FOR-US: TestLink
CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in P ...)
	NOT-FOR-US: PivotX
CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allo ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2012-2272
	RESERVED
CVE-2012-2271 (Buffer overflow in the InitLicenKeys function in a certain ActiveX con ...)
	NOT-FOR-US: SkinCrafter
CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ownCl ...)
	- owncloud 3.0.3-1
CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 3.0.2-1
CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS GENE ...)
	NOT-FOR-US: ICONICS, BizViz
CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 a ...)
	NOT-FOR-US: ICONICS GENESIS32, BizViz
CVE-2011-5087 (Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows rem ...)
	NOT-FOR-US: AdAstrA TRACE MODE Data Center
CVE-2011-5086 (https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before ...)
	NOT-FOR-US: Unitronics UniOPC
CVE-2012-2268 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and H ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and H ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-2266
	REJECTED
CVE-2012-2265
	REJECTED
CVE-2012-2264
	REJECTED
CVE-2012-2263
	REJECTED
CVE-2012-2262
	REJECTED
CVE-2012-2261
	REJECTED
CVE-2012-2260
	REJECTED
CVE-2012-2259
	REJECTED
CVE-2012-2258
	REJECTED
CVE-2012-2257
	REJECTED
CVE-2012-2256
	REJECTED
CVE-2012-2255
	REJECTED
CVE-2012-2254
	REJECTED
CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in Mahar ...)
	{DSA-2591-1}
	- mahara 1.5.1-3.1 (bug #695789)
CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsyn ...)
	{DSA-2578-1}
	- rssh 2.3.3-6
CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync prot ...)
	{DSA-2578-1}
	- rssh 2.3.3-6
CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of se ...)
	{DLA-17-1}
	- tor 0.2.3.24-rc-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of se ...)
	{DLA-17-1}
	- tor 0.2.3.23-rc-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-2248 (An issue was discovered in dhclient 4.3.1-6 due to an embedded path va ...)
	- isc-dhcp 4.2.4-3 (bug #690532)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u2
	[squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly defined)
	NOTE: Debian-specific
CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5  ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=4938
	NOTE: https://bugs.launchpad.net/mahara/+bug/1061980
CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attacke ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=493
	NOTE: https://bugs.launchpad.net/mahara/+bug/1057240
CVE-2012-2245
	REJECTED
CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authent ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=4936
	NOTE: https://bugs.launchpad.net/mahara/+bug/1057238
CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5  ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=4937
	NOTE: https://bugs.launchpad.net/mahara/+bug/1055232
	NOTE: https://bugs.launchpad.net/mahara/+bug/1063480
CVE-2012-2242 (scripts/dget.pl in devscripts before 2.10.73 allows remote attackers t ...)
	{DSA-2549-1}
	- devscripts 2.12.3
CVE-2012-2241 (scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to ...)
	{DSA-2549-1}
	- devscripts 2.12.3
CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote attacke ...)
	{DSA-2549-1}
	- devscripts 2.12.3
CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attacke ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
CVE-2012-2238 (trytond 2.4: ModelView.button fails to validate authorization ...)
	- tryton-server <not-affected> (only affected 2.4, in experimental)
CVE-2012-2237 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x be ...)
	{DSA-2540-1}
	- mahara 1.5.1-2
CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 al ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident Tracker ( ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php  ...)
	- teampass <itp> (bug #730180)
CVE-2012-2233
	RESERVED
CVE-2012-2232
	RESERVED
CVE-2012-2231
	RESERVED
CVE-2012-2230 (Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Mana ...)
	NOT-FOR-US: Cloudera Manager
CVE-2012-2229
	RESERVED
CVE-2012-2228
	RESERVED
CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...)
	NOT-FOR-US: PluXml
CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize user-supplied inpu ...)
	NOT-FOR-US: Invision Power Board
CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via  ...)
	NOT-FOR-US: 360zip
CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitra ...)
	NOT-FOR-US: Xunlei Thunder
CVE-2012-2223 (The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3 ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2012-2222
	RESERVED
CVE-2012-2221
	RESERVED
CVE-2012-2220
	RESERVED
CVE-2012-2219
	RESERVED
CVE-2012-2218
	RESERVED
CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3,  ...)
	NOT-FOR-US: Android
CVE-2012-2216
	REJECTED
CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before 1. ...)
	- wicd 1.7.2.4-1 (low; bug #668397)
	[squeeze] - wicd 1.7.0+ds1-5+squeeze2
CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ZEN ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2012-2214 (proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle  ...)
	- pidgin 2.10.4-1
	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
	NOTE: http://www.pidgin.im/news/security/?id=62
CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the acces ...)
	NOT-FOR-US: Disputed Squid access bypass, probably user error and minor impact anyway
CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to bypas ...)
	NOT-FOR-US: McAfee Web Gateway
CVE-2012-2211 (Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functi ...)
	- egroupware <removed>
CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Sony Bravia
CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Pi ...)
	- piwigo <removed> (bug #685364)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before 2.3. ...)
	- piwigo <removed> (bug #685364)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2012-2207
	RESERVED
CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7. ...)
	NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...)
	NOT-FOR-US: InfoSphere Guardium aix_ktap module
CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System
CVE-2012-2201
	RESERVED
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
	NOT-FOR-US: sendmail configuration in AIX
CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2012-2198
	RESERVED
CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure infrastructur ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2196 (IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2195
	RESERVED
CVE-2012-2194 (Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored p ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2193 (Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4- ...)
	NOT-FOR-US: AIX
CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2012-2190 (IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-2189
	RESERVED
CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1. ...)
	NOT-FOR-US: IBM Power Hardware Management Console
CVE-2012-2187 (IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2,  ...)
	NOT-FOR-US: IBM Remote Supervisor Adapter
CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open  ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Con ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2184 (Session fixation vulnerability in IBM Maximo Asset Management 7.1 thro ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2183 (Session fixation vulnerability in IBM Maximo Asset Management 6.2 thro ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2182
	RESERVED
CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere  ...)
	NOT-FOR-US: IBM WebSphere not in Debian
CVE-2012-2180 (The chaining functionality in the Distributed Relational Database Arch ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite  ...)
	NOT-FOR-US: AIX
CVE-2012-2178
	RESERVED
CVE-2012-2177 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX co ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote  ...)
	NOT-FOR-US: Notes
CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6  ...)
	NOT-FOR-US: AppScan
CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...)
	NOT-FOR-US: IBM System Storage DS Storage Manager
CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...)
	NOT-FOR-US: IBM System Storage DS Storage Manager
CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0  ...)
	NOT-FOR-US: WebSphere
CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload functional ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 al ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attacker ...)
	NOT-FOR-US: IBM XIV Storage System Gen3
CVE-2012-2166 (IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2 ...)
	NOT-FOR-US: IBM XIV Storage System
CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, w ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allow ...)
	NOT-FOR-US: IBM Scale Out Network Attached Storage
CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 a ...)
	NOT-FOR-US: WebSphere
CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Ec ...)
	NOT-FOR-US: IBM Security AppScan Source
CVE-2012-2160
	RESERVED
CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...)
	NOT-FOR-US: IBM Eclipse Help System
CVE-2012-2158
	RESERVED
CVE-2012-2157
	RESERVED
CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 ...)
	NOT-FOR-US: Plume CMS
CVE-2012-2155 (Cross-site request forgery (CSRF) vulnerability in the CDN2 Video modu ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x  ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...)
	- drupal7 7.14-1
CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in dh ...)
	{DSA-2498-1}
	- dhcpcd 1:3.2.3-11 (bug #671265)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...)
	{DSA-2461-1}
	- spip 2.1.13-1 (low; bug #671264)
CVE-2012-2150 (xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file ...)
	- xfsprogs 3.2.4-1 (low; bug #793495)
	[jessie] - xfsprogs <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - xfsprogs <no-dsa> (Minor issue)
	[squeeze] - xfsprogs <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817696
	NOTE: http://oss.sgi.com/pipermail/xfs/2015-July/042726.html
CVE-2012-2149 (The WPXContentListener::_closeTableRow function in WPXContentListener. ...)
	- libwpd 0.8.14-1
	NOTE: http://permalink.gmane.org/gmane.comp.security.full-disclosure/85789
	NOTE: http://sourceforge.net/p/libwpd/code/ci/437bf6702164e30761a10771f95dd1c796f474b7
	NOTE: http://sourceforge.net/p/libwpd/code/ci/5969b8f3f73418ebba2a722513a4cb285e7b9c23
CVE-2012-2148 (An issue exists in the property replacements feature in any descriptor ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a de ...)
	- munin 2.0~rc6-1 (bug #670811)
	[squeeze] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique i ...)
	- elixir 0.7.1-4 (low; bug #670919)
	[jessie] - elixir <no-dsa> (Minor issue)
	[squeeze] - elixir <no-dsa> (Minor issue)
	[wheezy] - elixir <no-dsa> (Minor issue)
CVE-2012-2145 (Apache Qpid 0.17 and earlier does not properly restrict incoming clien ...)
	- qpid-cpp 0.16-1 (bug #672124)
CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom ...)
	- horizon 2012.1-4 (bug #671604)
CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ...)
	{DSA-2491-1}
	- postgresql-9.1 9.1.4-1
	- postgresql-8.4 8.4.12-1
	- php5 5.3.3-1
	NOTE: Uses the unaffected system libraries since 5.3.3
CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote  ...)
	- xpdf <not-affected> (uses poppler's Error.cc)
	- poppler 0.18.4-7  (unimportant; bug #487773)
	NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent ...)
	- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
	[squeeze] - net-snmp 5.4.3~dfsg-2+squeeze1
	NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute  ...)
	- ruby-mail 2.4.4-1
CVE-2012-2139 (Directory traversal vulnerability in lib/mail/network/delivery_methods ...)
	- ruby-mail 2.4.4-1
CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the org.apache.sling.se ...)
	NOT-FOR-US: Apache Sling
CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Lin ...)
	- linux 3.2.20-1
CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux kern ...)
	- linux 3.2.20-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2135 (The utf-16 decoder in Python 3.1 through 3.3 does not update the align ...)
	- python3.1 <unfixed> (bug #670389)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3-1 (bug #670389)
	- python3.3 3.3.1-1
	NOTE: http://bugs.python.org/issue14579
CVE-2012-2134 (The handle_connection_error function in ldap_helper.c in bind-dyndb-ld ...)
	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when hu ...)
	{DSA-2469-1}
	- linux-2.6 3.2.19-1
CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or clear the ...)
	- midori <unfixed> (unimportant; bug #672880)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=758431
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSS ...)
	{DSA-2454-2}
	- openssl <not-affected> (only affected patch against 0.9.8)
	NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2
CVE-2012-2130 (A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1. ...)
	- polarssl 1.1.2-1
	[squeeze] - polarssl <not-affected> (Introduced in 0.99-pre4)
CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012- ...)
	- dokuwiki 0.0.20120125a-1 (low; bug #670917)
	[squeeze] - dokuwiki <not-affected>
	NOTE: http://secunia.com/advisories/48848/
CVE-2012-2128
	- dokuwiki 0.0.20120125a-1 (unimportant)
	NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
	- linux-2.6 3.2-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.1)
CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which allow ...)
	- rubygems 1.8.24-1 (bug #670228)
CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...)
	- rubygems 1.8.24-1 (bug #670228)
CVE-2012-2124 (functions/imap_general.php in SquirrelMail, as used in Red Hat Enterpr ...)
	- squirrelmail <not-affected> (Incorrect RedHat security update)
CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux k ...)
	{DSA-2469-1}
	- linux-2.6 3.2.16-1
CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.2 ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #677018)
	- mysql-5.5 5.5.24+dfsg-1
	NOTE: https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
	NOTE: http://seclists.org/oss-sec/2012/q2/493
	NOTE: Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected.
	NOTE: Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings.
CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not prope ...)
	{DSA-2668-1}
	- linux-2.6 3.2.17-1
CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ver ...)
	- texlive-extra 2012.20130315-1 (low; bug #668779)
	[wheezy] - texlive-extra <no-dsa> (Minor issue)
	[squeeze] - texlive-extra 2009-10+squeeze1
CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel befor ...)
	- linux 3.2.20-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, was added in 3.1)
CVE-2012-2118 (Format string vulnerability in the LogVHdrMessageVerb function in os/l ...)
	- xorg-server 2:1.12.1.902-1 (bug #673148)
	[squeeze] - xorg-server <not-affected> (Introduced in 1.10)
	NOTE: http://lists.x.org/pipermail/xorg-devel/2012-May/031411.html
CVE-2012-2117 (Cross-site scripting (XSS) vulnerability in the Gigya - Social optimiz ...)
	NOT-FOR-US: Drupal plugin (Gigya - Social Optimization) not in Debian
CVE-2012-2116 (Cross-site request forgery (CSRF) vulnerability in the Commerce Reorde ...)
	NOT-FOR-US: Drupal plugin (Commerce Reorder) not in Debian
CVE-2012-2115 (SQL injection vulnerability in interface/login/validateUser.php in Ope ...)
	NOT-FOR-US: OpenEMR
CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlie ...)
	NOT-FOR-US: musl libc not in Debian
CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow r ...)
	{DSA-2552-1}
	- tiff 4.0.2-1 (bug #678140)
	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in T ...)
	{DSA-2455-1}
	- typo3-src 4.5.15+dfsg1-1 (bug #669158)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4)  ...)
	{DSA-2463-1}
	- samba 2:3.6.5-1
	NOTE: http://www.samba.org/samba/history/samba-3.6.5.html
	NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected
CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL be ...)
	{DSA-2454-1}
	- openssl 1.0.1a-1
	NOTE: http://www.openssl.org/news/secadv/20120419.txt
CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1. ...)
	NOT-FOR-US: wordpress buddypress plugin
CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c i ...)
	- csound 1:5.17.6~dfsg-1 (low; bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2107 (Integer overflow in the main function in util/lpci_main.c in Csound be ...)
	- csound 1:5.17.6~dfsg-1 (bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2106 (Integer overflow in the pv_import function in util/pv_import.c in Csou ...)
	- csound 1:5.17.6~dfsg-1 (bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next  ...)
	NOT-FOR-US: tsheetx
CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without ...)
	- munin 2.0~rc6-1 (bug #668666)
	[squeeze] - munin <not-affected> (Vulnerable code not present)
	[lenny] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite a ...)
	- munin 2.0~rc6-1 (bug #668778)
	[squeeze] - munin <not-affected> (Vulnerable code not present)
	[lenny] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2102 (MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authen ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (low; bug #670636)
	- mysql-5.5 5.5.24+dfsg-1 (low)
CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the ...)
	- nova 2012.1-2 (bug #670637)
CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kerne ...)
	- linux-2.6 3.2.2-1
	[squeeze] - linux-2.6 2.6.32-41squeeze1
	NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
	NOTE: https://lkml.org/lkml/2012/2/20/422
CVE-2012-2099 (Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 ...)
	NOT-FOR-US: Wikidforum
CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms in bzip ...)
	- libcommons-compress-java 1.4.1-1 (low; bug #674448)
	[squeeze] - libcommons-compress-java <no-dsa> (Minor issue)
CVE-2012-2097 (Cross-site request forgery (CSRF) vulnerability in the Autosave module ...)
	NOT-FOR-US: Drupal module Autosave
CVE-2012-2096 (The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not proper ...)
	NOT-FOR-US: Drupal module Fivestar
CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh mechanism in t ...)
	- horizon 2012.1-3
CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to overwrite arbi ...)
	{DSA-2453-2 DSA-2453-1}
	- gajim 0.15-1.1 (low; bug #668710)
CVE-2012-2092 (A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2  ...)
	- cobbler <not-affected> (Ubuntu specific cobbler-ubuntu-import script not present)
CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2. ...)
	- simgear 2.10.0-3 (unimportant; bug #669024)
	- flightgear 2.6.0-1.1 (unimportant; bug #669025)
	NOTE: Negligible security impact, very obscure attack vector
CVE-2012-2090 (Multiple format string vulnerabilities in FlightGear 2.6 and earlier a ...)
	- simgear 2.10.0-2 (unimportant; bug #669024)
	- flightgear 2.6.0-1.1 (unimportant; bug #669025)
	NOTE: Negligible security impact, very obscure attack vector
CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module mo ...)
	- nginx 1.1.19-1
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirr ...)
	{DSA-2552-1}
	- tiff 4.0-1 (bug #678140)
	- tiff3 3.9.6-6
CVE-2012-2087 (ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entir ...)
	NOT-FOR-US: ISPConfig
CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines functio ...)
	{DSA-2453-2 DSA-2453-1}
	- gajim 0.15-1 (low; bug #668038)
CVE-2012-2085 (The exec_command function in common/helpers.py in Gajim before 0.15 al ...)
	{DSA-2453-2 DSA-2453-1}
	- gajim 0.15-1 (medium; bug #668038)
CVE-2012-2084 (Cross-site scripting (XSS) vulnerability in the Printer, email and PDF ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2083 (Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2081 (The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2080 (Cross-site request forgery (CSRF) vulnerability in the Node Limit Numb ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2079 (A cross-site request forgery (CSRF) vulnerability in the Activity modu ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2078 (Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1. ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2077 (Cross-site request forgery (CSRF) vulnerability in the ShareThis modul ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2076 (Cross-site scripting (XSS) vulnerability in the administration forms i ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2075 (Cross-site scripting (XSS) vulnerability in the Contact Save module 6. ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2074 (Unspecified vulnerability in certain default views in the Ubercart Vie ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2073 (The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not chec ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2072 (Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAn ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2071 (Cross-site scripting (XSS) vulnerability in the Contact Forms module 6 ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2070 (Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x- ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2069 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2068 (Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.mod ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2067 (Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2. ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2066 (Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2 ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2065 (Cross-site scripting (XSS) vulnerability in the Language Icons module  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2064 (Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.th ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2063 (The Slidebox module before 7.x-1.4 for Drupal does not properly check  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2062 (Open redirect vulnerability in the Redirecting click bouncer module fo ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2061 (Cross-site request forgery (CSRF) vulnerability in the Admin tools mod ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2060 (Cross-site scripting (XSS) vulnerability in the Admin tools module for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2059 (Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2058 (The Ubercart Payflow module for Drupal does not use a secure token, wh ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2057 (Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk S ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2056 (Cross-site request forgery (CSRF) vulnerability in the Content Lock mo ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2008-7311 (The session cookie store implementation in Spree 0.2.0 uses a hardcode ...)
	NOT-FOR-US: Spree
CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provide va ...)
	NOT-FOR-US: Spree
CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash t ...)
	NOT-FOR-US: Insoshi
CVE-2012-2055 (GitHub Enterprise before 20120304 does not properly restrict the use o ...)
	NOT-FOR-US: GitHub Enterprise
CVE-2012-2054 (Redmine before 1.3.2 does not properly restrict the use of a hash to p ...)
	- redmine 1.3.2+dfsg1-1
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: http://www.redmine.org/issues/10390
	NOTE: git mirror patch would be 5141f1e..177ff05
CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass 6.0. ...)
	NOT-FOR-US: F5 Firepass
CVE-2012-2052 (Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Pho ...)
	NOT-FOR-US: Adobe Photoshop plugin U3D.8BI library
CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-2048 (Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows at ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ColdFus ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-2040 (Untrusted search path vulnerability in the installer in Adobe Flash Pl ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2039 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2038 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2037 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2036 (Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x bef ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2035 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2034 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2033 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2032 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2031 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2030 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2028 (Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2025 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2024 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2023 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager ...)
	NOT-FOR-US: HP AssetManager
CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12 allow ...)
	NOT-FOR-US: HP Operations Agent
CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 allow ...)
	NOT-FOR-US: HP Operations Agent
CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...)
	NOT-FOR-US: HP Photosmart Wireless e-All-in-One
CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not properly val ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have an off  ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha pl ...)
	NOT-FOR-US: OpenVMS
CVE-2012-2009 (Unspecified vulnerability in HP Performance Insight for Networks 5.3.x ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-2008 (Cross-site scripting (XSS) vulnerability in HP Performance Insight for ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-2007 (SQL injection vulnerability in HP Performance Insight for Networks 5.3 ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-2006 (Unspecified vulnerability in HP Insight Management Agents before 9.0.0 ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2005 (Cross-site scripting (XSS) vulnerability in HP Insight Management Agen ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2004 (Open redirect vulnerability in HP Insight Management Agents before 9.0 ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2003 (Cross-site request forgery (CSRF) vulnerability in HP Insight Manageme ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2002 (Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 a ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2001 (Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux b ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2000 (Multiple unspecified vulnerabilities in HP System Health Application a ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-1999 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1998 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1997 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1994 (HP Systems Insight Manager before 7.0 allows a remote user on adjacent ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS  ...)
	NOT-FOR-US: CMD Made Simple
CVE-2012-1991
	RESERVED
CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider Elect ...)
	NOT-FOR-US: Schneider Electric Kerweb
CVE-2012-1989 (telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2 ...)
	- puppet 2.7.13-1
	[squeeze] - puppet <not-affected> (Only affects 2.7.x)
CVE-2012-1988 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2012-1987 (Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x befo ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2012-1986 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2011-5085 (Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x befo ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.2+dfsg-1
CVE-2011-5084 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.2+dfsg-1
CVE-2012-1985 (Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix  ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-1984 (Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks He ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-1983
	RESERVED
CVE-2012-1982 (Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1981
	RESERVED
CVE-2012-1980
	RESERVED
CVE-2012-1979 (Cross-site scripting (XSS) vulnerability in starnet/index.php in Synde ...)
	NOT-FOR-US: SyndeoCMS
CVE-2012-1978 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple P ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2012-1976 (Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesVa ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1975 (Use-after-free vulnerability in the PresShell::CompleteMove function i ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1974 (Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore fun ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1973 (Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1972 (Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentText ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1971 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-1970 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- iceape 2.7.7-1
	- icedove 10.0.7-1
CVE-2012-1969 (The get_attachment_link function in Template.pm in Bugzilla 2.x and 3. ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug- ...)
	- bugzilla <not-affected> (Only affects 4.1 to 4.3)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...)
	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...)
	{DSA-2514-1}
	- iceweasel 10.0.6esr-1
CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...)
	- iceweasel 10.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
CVE-2012-1964 (The certificate-warning functionality in browser/components/certerror/ ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x ...)
	- iceweasel 10.0.6esr-1
	[squeeze] - iceweasel <not-affected> (CSP not yet available)
	- icedove 10.0.6-1
	[squeeze] - icedove <not-affected> (CSP not yet available)
	- iceape 2.7.6-1
	[squeeze] - iceape <not-affected> (CSP not yet available)
CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend functi ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implemen ...)
	- iceweasel <not-affected> (Only affects Firefox > 10)
CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden functio ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1957 (An unspecified parser-utility class in Mozilla Firefox 4.x through 13. ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1956 (Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey be ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in  ...)
	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox  ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased  ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 a ...)
	{DSA-2528-1 DSA-2514-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 13)
CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozil ...)
	{DSA-2499-1 DSA-2489-1 DSA-2488-1}
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1946 (Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore fun ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1945 (Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thun ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox 4. ...)
	- iceweasel 10.0.5esr-1
	[squeeze] - iceweasel <not-affected> (CSP not yet available)
	- icedove 10.0.5-1
	[squeeze] - icedove <not-affected> (CSP not yet available)
CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the Windows Upda ...)
	- iceweasel <not-affected> (windows-specific)
CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12. ...)
	- iceweasel <not-affected> (windows-specific)
CVE-2012-1941 (Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypothet ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild function i ...)
	{DSA-2499-1 DSA-2489-1 DSA-2488-1}
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird  ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects iceweasel from experimental)
CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2499-1 DSA-2489-1 DSA-2488-1}
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in wp-includes/pluggable.p ...)
	NOT-FOR-US: Disputed Wordpress issue
CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x  ...)
	- newscoop <itp> (bug #604113)
CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop befo ...)
	- newscoop <itp> (bug #604113)
CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x b ...)
	- newscoop <itp> (bug #604113)
CVE-2012-1932 (A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlie ...)
	NOT-FOR-US: Wolf CMS
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an unspecifi ...)
	NOT-FOR-US: Opera
CVE-2012-1930 (Opera before 11.62 on UNIX uses world-readable permissions for tempora ...)
	NOT-FOR-US: Opera
CVE-2012-1929 (Opera before 11.62 on Mac OS X allows remote attackers to spoof the ad ...)
	NOT-FOR-US: Opera
CVE-2012-1928 (Opera before 11.62 allows remote attackers to spoof the address field  ...)
	NOT-FOR-US: Opera
CVE-2012-1927 (Opera before 11.62 allows remote attackers to spoof the address field  ...)
	NOT-FOR-US: Opera
CVE-2012-1926 (Opera before 11.62 allows remote attackers to bypass the Same Origin P ...)
	NOT-FOR-US: Opera
CVE-2012-1925 (Opera before 11.62 does not ensure that a dialog window is placed on t ...)
	NOT-FOR-US: Opera
CVE-2012-1924 (Opera before 11.62 allows user-assisted remote attackers to trick user ...)
	NOT-FOR-US: Opera
CVE-2012-1923 (RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x s ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-1922 (Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom  ...)
	NOT-FOR-US: Sitecom WLM-2501
CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in goform/admin/formWl ...)
	NOT-FOR-US: Sitecom
CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows rem ...)
	- atmailopen <removed>
CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client in At ...)
	- atmailopen <removed>
CVE-2012-1918 (Multiple directory traversal vulnerabilities in (1) compose.php and (2 ...)
	- atmailopen <removed>
CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05  ...)
	- atmailopen <removed>
CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote a ...)
	- atmailopen <removed>
CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drup ...)
	- drupal7 <removed> (unimportant)
CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_c ...)
	NOT-FOR-US: EllisLab CodeIgniter
CVE-2012-1914
	RESERVED
CVE-2012-1913
	REJECTED
CVE-2012-1912 (Cross-site scripting (XSS) vulnerability in preferences.php in PHP Add ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-1911 (Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and  ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x befor ...)
	- bitcoin <not-affected> (windows-only, qt gui not built)
CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bit ...)
	- bitcoin 0.6.0-1
CVE-2012-1908 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 all ...)
	NOT-FOR-US: Splunk
CVE-2012-1907 (The scanner engine in PrivaWall Antivirus 5.6 and earlier does not rec ...)
	NOT-FOR-US: PrivaWall Antivirus
CVE-2012-1906 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2012-1905
	RESERVED
CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks Rea ...)
	NOT-FOR-US: RealPlayer
CVE-2012-1903 (XSS in Telligent Community 5.6.583.20496 via a flash file and related  ...)
	NOT-FOR-US: Telligent Community
CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a con ...)
	- phpmyadmin 4:3.4.10.2-1 (unimportant)
CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS  ...)
	NOT-FOR-US: FlexCMS
CVE-2012-1900 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in  ...)
	NOT-FOR-US: RazorCMS
CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/ ...)
	NOT-FOR-US: Webfolio CMS
CVE-2012-1898 (Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/u ...)
	NOT-FOR-US: Wolf CMS
CVE-2012-1897 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS ...)
	NOT-FOR-US: Wolf CMS
CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the exist ...)
	- cifs-utils 2:5.3-2 (unimportant; bug #665923)
	NOTE: Harmless information leak, if a user can perform arbitrary CIFS mounts they probably
	NOTE: can do a lot more with this
CVE-2012-1896 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider  ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1895 (The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the  ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1892 (Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Te ...)
	NOT-FOR-US: Microsoft Visual Studio Team Foundation Server
CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC)  ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitiali ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1  ...)
	NOT-FOR-US: Microsoft Visio
CVE-2012-1887 (Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and S ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1884
	REJECTED
CVE-2012-1883
	REJECTED
CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain sc ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1871
	REJECTED
CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1869
	REJECTED
CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Windows Windows
CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microso ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Interne ...)
	NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync
CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal comp ...)
	NOT-FOR-US: Microsoft Dynamics AX
CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in ...)
	NOT-FOR-US: Microsoft
CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not prop ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office 20 ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration Protocol (RAP ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol (RAP) ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1851 (Format string vulnerability in the Print Spooler service in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the LanmanW ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Atten ...)
	NOT-FOR-US: Microsoft Lync, Attendee,, Attendant
CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to bypas ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier  ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-1844 (The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1843 (Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on  ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1842 (Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Qu ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1841 (Absolute path traversal vulnerability in logShow.htm on the Quantum Sc ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1840 (AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2012-1839 (Multiple directory traversal vulnerabilities in the Get Template featu ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2012-1838 (The web management interface on the LG-Nortel ELO GS24M switch allows  ...)
	NOT-FOR-US: Nortel switch
CVE-2012-1837 (The (1) webreports, (2) post/create-role, and (3) post/update-role pro ...)
	NOT-FOR-US: Tivoli
CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow re ...)
	{DSA-2448-1}
	- inspircd 2.0.5-0.1 (bug #667914)
CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One  ...)
	NOT-FOR-US: All-in-One Event Calendar plugin for WordPress
CVE-2012-1834 (Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head fun ...)
	NOT-FOR-US: WordPress plugin CMS Tree Page View
CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does no ...)
	NOT-FOR-US: Grails
CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote a ...)
	NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows remote  ...)
	NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Ar ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1 do not ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1827 (The web service in AutoFORM PDM Archive before 7.1 does not have autho ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1826 (dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute ...)
	NOT-FOR-US: dotCMS not in Debian
CVE-2012-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the status prog ...)
	NOT-FOR-US: ForeScout CounterACT
CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro Client bef ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when  ...)
	{DSA-2465-1}
	- php5 5.4.3-1
	NOTE: http://ompldr.org/vZGxxaQ
	NOTE: https://bugs.php.net/bug.php?id=61910
	NOTE: 5.4.2-1 'fixed' this, but fix is incomplete: CVE-2012-2311
CVE-2012-1822
	RESERVED
CVE-2012-1821 (The Network Threat Protection module in the Manager component in Syman ...)
	NOT-FOR-US: Symantec Endpoint Protection on Windows Server 2003
CVE-2012-1820 (The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlie ...)
	{DSA-2497-1}
	- quagga 0.99.21-3 (bug #676510)
CVE-2012-1819 (Untrusted search path vulnerability in WellinTech KingView 6.53 allows ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-1818 (An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstatio ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1817 (Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3. ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1816 (PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1,  ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1815 (SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations  ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV  ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remo ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remo ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote at ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote att ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100 ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100 ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1807 (Cross-site scripting (XSS) vulnerability in the web server in the ECOM ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1806 (The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1805 (Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM10 ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1804 (The OPC server in Progea Movicon before 11.3 allows remote attackers t ...)
	NOT-FOR-US: Progea Movicon
CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a facto ...)
	NOT-FOR-US: RuggedCom Rugged Operating System
CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens Scalance X I ...)
	NOT-FOR-US: Siemens Scalance X
CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX contr ...)
	NOT-FOR-US: ABB WebWare
CVE-2012-1800 (Stack-based buffer overflow in the Profinet DCP protocol implementatio ...)
	NOT-FOR-US: Siemens Scalance S
CVE-2012-1799 (The web server on the Siemens Scalance S Security Module firewall S602 ...)
	NOT-FOR-US: Siemens Scalance S
CVE-2012-1798 (The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick bef ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has u ...)
	NOT-FOR-US: IBM DB2
CVE-2012-1796 (Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as us ...)
	NOT-FOR-US: Tivoli
CVE-2012-1795 (webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to  ...)
	NOT-FOR-US: Webglimpse
CVE-2012-1794
	RESERVED
CVE-2012-1793
	RESERVED
CVE-2012-1792 (Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Se ...)
	NOT-FOR-US: OSCommerce Online Merchant
CVE-2012-1791
	RESERVED
CVE-2012-1777 (SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 ...)
	NOT-FOR-US: F5 Firepass
CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...)
	- vlc 2.0.1-1 (low)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1  ...)
	- vlc 2.0.1-1 (low)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dot ...)
	- dotclear 2.5+dfsg-1 (low; bug #670227)
	NOTE: Post-authentication; vulnerability is actually in admin/media.php.
CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows ...)
	NOT-FOR-US: Webgrind
CVE-2012-1789 (Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3  ...)
	NOT-FOR-US: Kongreg8
CVE-2012-1788 (Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi  ...)
	NOT-FOR-US: WonderDesk SQL
CVE-2012-1787 (Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in ...)
	NOT-FOR-US: Webglimpse
CVE-2012-1786 (The Media Upload form in the Video Embed &amp; Thumbnail Generator plu ...)
	NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator plugin for WordPress
CVE-2012-1785 (kg_callffmpeg.php in the Video Embed &amp; Thumbnail Generator plugin  ...)
	NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress
CVE-2012-1784 (SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers ...)
	NOT-FOR-US: MyJobList
CVE-2012-1783 (Tiny Server 1.1.9 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Tiny Server
CVE-2012-1782 (Multiple cross-site scripting (XSS) vulnerabilities in questions/ask i ...)
	NOT-FOR-US: OSQA
CVE-2012-1781 (Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentaja ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1780 (SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows re ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1779 (Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDire ...)
	NOT-FOR-US: IDevSpot idev-BusinessDirectory
CVE-2012-1778 (SQL injection vulnerability in artykul_print.php in CreateVision CMS a ...)
	NOT-FOR-US: CreateVision CMS
CVE-2011-5082 (Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin be ...)
	NOT-FOR-US: s2Member Pro plugin for WordPress
CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2. ...)
	NOT-FOR-US: Bitweaver
CVE-2009-5114 (Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5113 (Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5112 (wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers  ...)
	NOT-FOR-US: WebGlimpse
CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1765 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 10
CVE-2012-1764 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1763 (Unspecified vulnerability in the Oracle Clinical/Remote Data Capture c ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-1762 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1761 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows  ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1760 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows  ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1759 (Unspecified vulnerability in the Oracle AutoVue component in Oracle Su ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-1758 (Unspecified vulnerability in the Oracle AutoVue component in Oracle Su ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier al ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier al ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1755 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows  ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1753 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1752 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2012-1751 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1750 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Oracle Sun Solaris 8, 9, 10, and 11
CVE-2012-1749 (Unspecified vulnerability in the Oracle MapViewer component in Oracle  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1748 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products 9.1
CVE-2012-1747 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1746 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1745 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1744 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1743 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture O ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-1742 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows  ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1741 (Unspecified vulnerability in the Enterprise Manager for Fusion Middlew ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1740 (Unspecified vulnerability in the Oracle Application Express Listener c ...)
	NOT-FOR-US: Oracle Application Express Listener
CVE-2012-1739 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1738 (Unspecified vulnerability in the Oracle iPlanet Web Server component i ...)
	NOT-FOR-US: Oracle Sun Products Suite, iPlanet Web Server
CVE-2012-1737 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2012-1736 (Unspecified vulnerability in the Oracle MapViewer component in Oracle  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier al ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, a ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #682212)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows  ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1731 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows  ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1730 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1729 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hype ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2012-1728 (Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 all ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1727 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
CVE-2012-1721 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
CVE-2012-1720 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only affects Java on Solaris)
	- openjdk-7 <not-affected> (Only affects Java on Solaris)
CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1714 (Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyper ...)
	NOT-FOR-US: Oracle Hyperion Financial Management
CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1712 (Directory traversal vulnerability in the Liferay component in Oracle S ...)
	NOT-FOR-US: Oracle Sun GlassFish Web Space Server
CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition co ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-1709 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition co ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-1708 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2012-1707 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-1706 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-1705 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-1704 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-1703 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-1702 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-1701 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1700 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font server  ...)
	- xfs 1:1.0.1-1
CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authe ...)
	NOT-FOR-US: Solaris
CVE-2012-1697 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.23-1
CVE-2012-1696 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.5 5.5.23-1
CVE-2012-1695 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-1694 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...)
	NOT-FOR-US: Solaris
CVE-2012-1693 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers  ...)
	NOT-FOR-US: Oracle SPARC Enterprise M Series Servers
CVE-2012-1692 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2012-1691 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2012-1690 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, a ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #682212)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-1687 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local use ...)
	NOT-FOR-US: Oracle Solaris 10 and 11
CVE-2012-1686 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1685 (Unspecified vulnerability in the Secure Global Desktop component in Or ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2012-1684 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.2-1
CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2012-1680 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1679 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2012-1678 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2012-1677 (Unspecified vulnerability in the Oracle Application Server Single Sign ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1676 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2012-1674 (Unspecified vulnerability in the Siebel Clinical component in Oracle I ...)
	NOT-FOR-US: Oracle Siebel
CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing allows r ...)
	NOT-FOR-US: e-ticketing
CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 ...)
	NOT-FOR-US: Hotel Booking Portal
CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and ...)
	NOT-FOR-US: phpPaleo
CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote atta ...)
	NOT-FOR-US: PHP Grade Book
CVE-2012-1669 (Directory traversal vulnerability in index.php in phpMoneyBooks before ...)
	NOT-FOR-US: phpMoneyBooks
CVE-2012-1668
	RESERVED
CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9. ...)
	{DSA-2486-1}
	- bind9 1:9.8.1.dfsg.P1-4.1
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware Workstat ...)
	NOT-FOR-US: VMware Tools
CVE-2012-1665 (Multiple SQL injection vulnerabilities in the admin panel in osCMax be ...)
	NOT-FOR-US: osCMax
CVE-2012-1664 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
	NOT-FOR-US: osCMax
CVE-2012-1663 (Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows  ...)
	- gnutls28 3.0.14-1
	- gnutls26 <not-affected> (only GNUTLS 3.0 is affected)
CVE-2012-1662 (CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly pro ...)
	NOT-FOR-US: ESRI ArcMap, ArcGIS
CVE-2012-1660 (Multiple cross-site scripting (XSS) vulnerabilities in components/sele ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1659 (Cross-site scripting (XSS) vulnerability in the Node Recommendation mo ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1658 (Cross-site scripting (XSS) vulnerability in the Read More Link module  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1657 (Cross-site scripting (XSS) vulnerability in block_class.module in the  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1656 (SQL injection vulnerability in the Multisite Search module 6.x-2.2 for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1655 (Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment mod ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1654 (Multiple cross-site scripting (XSS) vulnerabilities in the Data module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1653 (Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integra ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1652 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select mo ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1651 (Cross-site scripting (XSS) vulnerability in the Submenu Tree module be ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access co ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1649 (Cool Aid module before 6.x-1.9 for Drupal does not enforce access rest ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1648 (Cross-site scripting (XSS) vulnerability in the Cool Aid module before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the "stand alon ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1646 (Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1644 (The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for D ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1643 (The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does n ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1642 (includes/linkchecker.pages.inc in the Link checker module 6.x-2.x befo ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1641 (The finder_import function in the Finder module 6.x-1.x before 6.x-1.2 ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1640 (Multiple cross-site scripting (XSS) vulnerabilities in the Managesite  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1639 (Multiple cross-site scripting (XSS) vulnerabilities in product/commerc ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1638 (SQL injection vulnerability in the Search Autocomplete module before 7 ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1637 (Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x- ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1636 (Cross-site request forgery (CSRF) vulnerability in the stickynote modu ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1634 (Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1632 (Cross-site scripting (XSS) vulnerability in password_policy.admin.inc  ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1631 (Cross-site request forgery (CSRF) vulnerability in the Admin:hover mod ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1630 (Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator mod ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1629 (Cross-site scripting (XSS) vulnerability in the Taxotouch module for D ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1628 (Cross-site scripting (XSS) vulnerability in the SuperCron module for D ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1627 (Cross-site scripting (XSS) vulnerability in vud_term.module in the Vot ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1626 (SQL injection vulnerability in the conversion form for Events in the D ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode functio ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1624 (Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek mo ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does not restr ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1622 (Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execut ...)
	NOT-FOR-US: Apache OFBiz
CVE-2012-1621 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For ...)
	NOT-FOR-US: Apache OFBiz
CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the scr ...)
	- suckless-tools 39-1 (unimportant; bug #667796)
CVE-2012-1619
	REJECTED
CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used  ...)
	- libpgjava <not-affected> (Even the version in oldstable had 8.2)
CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before 2.3 ...)
	NOT-FOR-US: OSClass not in Debian
CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll  ...)
	- argyll 1.4.0-1
	[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
	NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the
	NOTE: isolated security fix
CVE-2012-1615 (A Privilege Escalation vulnerability exits in Fedoraproject Sectool du ...)
	NOT-FOR-US: sectool
CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to obta ...)
	NOT-FOR-US: Coppermine
CVE-2012-1613 (Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Copper ...)
	NOT-FOR-US: Coppermine
CVE-2012-1612 (Cross-site scripting (XSS) vulnerability in the update manager in Joom ...)
	NOT-FOR-US: Joomla!
CVE-2012-1611 (Joomla! 2.5.x before 2.5.4 does not properly check permissions, which  ...)
	NOT-FOR-US: Joomla!
CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/property.c  ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
	RESERVED
CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5 ...)
	{DSA-2445-1}
	- typo3-src 4.5.14+dfsg1-1
CVE-2012-1607 (The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, ...)
	{DSA-2445-1}
	- typo3-src 4.5.14+dfsg1-1
CVE-2012-1606 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend com ...)
	{DSA-2445-1}
	- typo3-src 4.5.14+dfsg1-1
CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unser ...)
	- typo3-src <not-affected> (vulnerable code not yet present)
CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote  ...)
	NOT-FOR-US: NextBBS
CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0. ...)
	NOT-FOR-US: NextBBS
CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: NextBBS
CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...)
	{DSA-2469-1}
	- linux-2.6 3.2.17-1 (low)
CVE-2012-1600 (Multiple cross-site scripting (XSS) vulnerabilities in functions.php i ...)
	- phppgadmin 5.0.4-1
	[squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update)
CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...)
	NOT-FOR-US: Joomla!
CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors  ...)
	NOT-FOR-US: Joomla!
CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...)
	NOT-FOR-US: eZ Publish
CVE-2012-1596 (The mp2t_process_fragmented_payload function in epan/dissectors/packet ...)
	- wireshark 1.6.6-1 (unimportant; bug #666058)
	NOTE: Not suitable for code injection
CVE-2012-1595 (The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wi ...)
	- wireshark 1.6.6-1 (bug #666058)
	[squeeze] - wireshark 1.2.11-6+squeeze7
CVE-2012-1594 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wir ...)
	- wireshark 1.6.6-1 (unimportant; bug #666058)
	NOTE: Not suitable for code injection
CVE-2012-1593 (epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1 ...)
	- wireshark 1.6.6-1 (unimportant; bug #666058)
	[squeeze] - wireshark 1.2.11-6+squeeze7
	NOTE: Not suitable for code injection
CVE-2012-1592 (A local code execution issue exists in Apache Struts2 when processing  ...)
	- libstruts1.2-java <not-affected> (Only applies to Struts 2, see bug #657870)
CVE-2012-1591 (The image module in Drupal 7.x before 7.14 does not properly check per ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1590 (The forum list in Drupal 7.x before 7.14 does not properly check user  ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1589 (Open redirect vulnerability in the Form API in Drupal 7.x before 7.13  ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1588 (Algorithmic complexity vulnerability in the _filter_url function in th ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1587
	REJECTED
CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticat ...)
	- nova 2012-1~rc3-1 (bug #666888)
CVE-2012-1584 (Integer overflow in the mid function in toolkit/tbytevector.cpp in Tag ...)
	- taglib 1.7.1-1 (low; bug #662705)
	[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6 ...)
	- linux-2.6 2.6.22-1
CVE-2012-1582 (Cross-site scripting (XSS) vulnerability in the wikitext parser in Med ...)
	- mediawiki 1:1.15.5-9 (bug #666269)
	[squeeze] - mediawiki <end-of-life>
CVE-2012-1581 (MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak rand ...)
	- mediawiki 1:1.15.5-9 (bug #666269)
	[squeeze] - mediawiki <end-of-life>
CVE-2012-1580 (Cross-site request forgery (CSRF) vulnerability in Special:Upload in M ...)
	- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1579 (The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x befor ...)
	- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1578 (Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWik ...)
	- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1577 (lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. ...)
	- dietlibc 0.33~cvs20120325-1 (unimportant)
CVE-2012-1576 (The myuser_delete function in libathemecore/account.c in Atheme 5.x be ...)
	NOT-FOR-US: atheme
CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5 ...)
	NOT-FOR-US: cumin
CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.20 ...)
	- hadoop <itp> (bug #535861)
CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3 ...)
	{DSA-2441-1}
	- gnutls26 2.12.18-1 (high)
	- gnutls28 3.0.17-2 (high)
CVE-2012-1572 (OpenStack Keystone: extremely long passwords can crash Keystone by exh ...)
	- keystone 2012.1~rc2-1
CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...)
	{DSA-2422-1}
	- file 5.11-1 (low; bug #664263)
CVE-2012-1570 (The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 over ...)
	- maradns 1.4.12-1 (bug #665012)
	[squeeze] - maradns 1.4.03-1.1+squeeze1
CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 before  ...)
	{DSA-2440-1}
	- libtasn1-3 2.12-1 (high)
CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...)
	- linux-2.6 <not-affected> (execshield issue)
CVE-2012-1567 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...)
	NOT-FOR-US: LinuxMint
CVE-2012-1566 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...)
	NOT-FOR-US: LinuxMint
CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...)
	NOT-FOR-US: eZ Publish
CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in administration/create_albu ...)
	NOT-FOR-US: YVS
CVE-2012-1563 (Joomla! before 2.5.3 allows Admin Account Creation. ...)
	NOT-FOR-US: Joomla!
CVE-2012-1562 (Joomla! core before 2.5.3 allows unauthorized password change. ...)
	NOT-FOR-US: Joomla!
CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x  ...)
	NOT-FOR-US: Drupal Finder
CVE-2012-1560
	RESERVED
CVE-2012-1559
	RESERVED
CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...)
	- cyassl <not-affected> (Fixed before initial upload)
	NOTE: https://github.com/cyassl/cyassl/commit/6b77c8967aa34f2a0bae85e90a469c4170cb2bb1
CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Paralle ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2012-1556 (Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 f ...)
	NOT-FOR-US: Synology DiskStation Manager extension
CVE-2012-1555
	RESERVED
CVE-2012-1554
	RESERVED
CVE-2012-1553
	RESERVED
CVE-2012-1552
	RESERVED
CVE-2012-1551
	RESERVED
CVE-2012-1550
	RESERVED
CVE-2012-1549
	RESERVED
CVE-2012-1548
	RESERVED
CVE-2012-1547
	RESERVED
CVE-2012-1546
	RESERVED
CVE-2012-1545 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1544
	REJECTED
CVE-2012-1543 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-1542
	RESERVED
CVE-2012-1541 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1540
	RESERVED
CVE-2012-1539 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1538 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1537 (Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 i ...)
	NOT-FOR-US: DirectX 9.0 in Microsoft Windows
CVE-2012-1536
	RESERVED
CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-1534
	REJECTED
CVE-2012-1533 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1532 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1531 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-1530 (Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acro ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-1528 (Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1527 (Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5. ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1522 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-1519
	RESERVED
CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, V ...)
	NOT-FOR-US: VMware
CVE-2012-1517 (The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handl ...)
	NOT-FOR-US: VMware
CVE-2012-1516 (The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 ...)
	NOT-FOR-US: VMware
CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properl ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-1514 (Cross-site request forgery (CSRF) vulnerability in VMware vShield Mana ...)
	NOT-FOR-US: VMware vShield Manager
CVE-2012-1513 (The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 be ...)
	NOT-FOR-US: VMware vCenter Orchestrator
CVE-2012-1512 (Cross-site scripting (XSS) vulnerability in the internal browser in vS ...)
	NOT-FOR-US: VMware vSphere
CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in VMw ...)
	NOT-FOR-US: VMware View
CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, an ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 ...)
	NOT-FOR-US: VMware View
CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4 ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...)
	NOT-FOR-US: OrangeHRM
CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in lib/models ...)
	NOT-FOR-US: OrangeHRM
CVE-2012-1505
	RESERVED
CVE-2012-1504
	RESERVED
CVE-2012-1503 (Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Ap ...)
	NOT-FOR-US: Six Apart
CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0. ...)
	{DSA-2430-1}
	- python-pam 0.4.2-13
CVE-2012-1501
	REJECTED
CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and Gre ...)
	NOT-FOR-US: Atlassian
CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attac ...)
	- openjpeg <not-affected> (vulnerable code introduced after 1.3)
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...)
	NOT-FOR-US: Webfolio CMS
CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before 5.0 ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
	- webcalendar <removed>
CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers  ...)
	- webcalendar <removed>
CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
	RESERVED
	{DSA-2424-1}
	- libxml-atom-perl 0.39-1 (medium)
CVE-2012-1494
	RESERVED
CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x  ...)
	NOT-FOR-US: F5 BIG-IP appliances
CVE-2012-1492
	RESERVED
CVE-2012-1491
	RESERVED
CVE-2012-1490
	RESERVED
CVE-2012-1489
	RESERVED
CVE-2012-1488
	RESERVED
CVE-2012-1487
	RESERVED
CVE-2012-1486
	RESERVED
CVE-2012-1485 (Unspecified vulnerability in the NetFront Life Browser (com.access_com ...)
	NOT-FOR-US: NetFront Life Browser for Android
CVE-2012-1484 (Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) appl ...)
	NOT-FOR-US: WaliSMS CN (cn.com.wali.walisms) application
CVE-2012-1483 (Unspecified vulnerability in the Message Forwarder (com.gmail.zbnetium ...)
	NOT-FOR-US: Message Forwarder for Android
CVE-2012-1482 (Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdi ...)
	NOT-FOR-US: TouchPal Contacts for Android
CVE-2012-1481 (Unspecified vulnerability in the Textdroid (com.app.android.textdroid) ...)
	NOT-FOR-US: Textdroid for Android
CVE-2012-1480 (Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application ...)
	NOT-FOR-US: Pansi SMS
CVE-2012-1479 (Unspecified vulnerability in the AContact (com.movester.quickcontact)  ...)
	NOT-FOR-US: AContact
CVE-2012-1478 (Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm)  ...)
	NOT-FOR-US: UCMobile BloveStorm
CVE-2012-1477 (Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 ...)
	NOT-FOR-US: Cnectd
CVE-2012-1476 (Unspecified vulnerability in the KKtalk (com.kkliaotian.android) appli ...)
	NOT-FOR-US: KKtalk
CVE-2012-1475 (Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yag ...)
	NOT-FOR-US: YagattaTalk Messenge
CVE-2012-1474 (Unspecified vulnerability in the Youni SMS (com.snda.youni) applicatio ...)
	NOT-FOR-US: Youni SMS
CVE-2012-1473
	RESERVED
CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not prop ...)
	NOT-FOR-US: VMware vCenter Chargeback Manager
CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in ocPortal be ...)
	- ocportal <itp> (bug #625865)
CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...)
	- ocportal <itp> (bug #625865)
CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Sy ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before 2.3. ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin li ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 a ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica NetDeci ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1464 (Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remo ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1463 (The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitd ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1462 (The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG  ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1461 (The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, C ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1460 (The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Ca ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1459 (The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avir ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1458 (The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4 ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1457 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2. ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1456 (The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1455 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83 ...)
	NOT-FOR-US: NOD32 Antivirus, Rising Antivirus
CVE-2012-1454 (The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gate ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1453 (The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1452 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Uti ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1451 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus  ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1450 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Viru ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1449 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1448 (The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Mic ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1447 (The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, D ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1446 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee An ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1445 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, F ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1444 (The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1443 (The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Qu ...)
	NOTE: clamav, but upstream evaluated it as invalid (#668273)
CVE-2012-1442 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee An ...)
	NOT-FOR-US: Multiple Antivirus applications
CVE-2012-1441 (The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows r ...)
	NOT-FOR-US: eSafe, Prevx
CVE-2012-1440 (The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eT ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1439 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, F ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1438 (The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos A ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1437 (The Microsoft Office file parser in Comodo Antivirus 7425 allows remot ...)
	NOT-FOR-US: Comodo Antivirus 7425
CVE-2012-1436 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1435 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1434 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1433 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1432 (The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe  ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1431 (The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Co ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1430 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7 ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1429 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisof ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1428 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman An ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1427 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman An ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1426 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command A ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1425 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2. ...)
	NOT-FOR-US: Multiple Antivirus applications
CVE-2012-1424 (The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1423 (The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malwa ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1422 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Ant ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1421 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman An ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1420 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command A ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1419 (The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before 17.0.963. ...)
	NOT-FOR-US: Chrome books
CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local Phone boo ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCM ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1415 (Cross-site request forgery (CSRF) vulnerability in lib/logout.php in D ...)
	NOT-FOR-US: DFLabs PTK
CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...)
	NOT-FOR-US: Plume CMS
CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in zc_install/includes/module ...)
	NOT-FOR-US: Zen Cart
CVE-2012-1412
	RESERVED
CVE-2012-1411
	RESERVED
CVE-2012-1410 (Multiple cross-site scripting (XSS) vulnerabilities in the History Win ...)
	- kadu 0.11.0-1
	[squeeze] - kadu <not-affected> (Only affects >= 0.9)
CVE-2012-1409 (Unspecified vulnerability in the Tiny Password (com.tinycouch.android. ...)
	NOT-FOR-US: Tiny Password
CVE-2012-1408 (Unspecified vulnerability in the App Lock (com.cc.applock) application ...)
	NOT-FOR-US: App Lock
CVE-2012-1407 (Unspecified vulnerability in the GO Message Widget (com.gau.go.launche ...)
	NOT-FOR-US: GO Message Widget
CVE-2012-1406 (Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launch ...)
	NOT-FOR-US: GO Bookmark Widget
CVE-2012-1405 (Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex ...)
	NOT-FOR-US: GO Note Widget
CVE-2012-1404 (Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.bro ...)
	NOT-FOR-US: Dolphin Browser Mini
CVE-2012-1403 (Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.brows ...)
	NOT-FOR-US: Dolphin Browser CN
CVE-2012-1402 (Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) ...)
	NOT-FOR-US: QianXun YingShi
CVE-2012-1401 (Unspecified vulnerability in the CamScanner (com.intsig.camscanner) ap ...)
	NOT-FOR-US: CamScanner
CVE-2012-1400 (Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) appli ...)
	NOT-FOR-US: U+Box
CVE-2012-1399 (Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2 ...)
	NOT-FOR-US: U+Box
CVE-2012-1398 (Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex ...)
	NOT-FOR-US: GO WeiboWidget
CVE-2012-1397 (Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcher ...)
	NOT-FOR-US: GO QQWeiboWidget
CVE-2012-1396 (Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.go ...)
	NOT-FOR-US: GO FBWidget
CVE-2012-1395 (Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.g ...)
	NOT-FOR-US: GO TwiWidget
CVE-2012-1394 (Unspecified vulnerability in the GO Email Widget (com.gau.go.launchere ...)
	NOT-FOR-US: GO Email Widget
CVE-2012-1393 (Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application ...)
	NOT-FOR-US: GO SMS Pro
CVE-2012-1392 (Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyB ...)
	NOT-FOR-US: Dolphin Browser HD
CVE-2012-1391 (Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tio ...)
	NOT-FOR-US: mOffice - Outlook sync
CVE-2012-1390 (Unspecified vulnerability in the Miso (com.bazaarlabs.miso) applicatio ...)
	NOT-FOR-US: Miso
CVE-2012-1389 (Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) a ...)
	NOT-FOR-US: Di Long Weibo
CVE-2012-1388 (Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) ap ...)
	NOT-FOR-US: XiXunTianTian
CVE-2012-1387 (Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) applica ...)
	NOT-FOR-US: RealTalk
CVE-2012-1386 (Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.yo ...)
	NOT-FOR-US: YouMail Visual Voicemail Plus
CVE-2012-1385 (Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) ap ...)
	NOT-FOR-US: NetEase WeiboHD
CVE-2012-1384 (Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) app ...)
	NOT-FOR-US: NetEase Pmail
CVE-2012-1383 (Unspecified vulnerability in the NetEase Reader (com.netease.pris) app ...)
	NOT-FOR-US: NetEase Reader
CVE-2012-1382 (Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) a ...)
	NOT-FOR-US: Youdao Dictionary
CVE-2012-1381 (Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloud ...)
	NOT-FOR-US: NetEase CloudAlbum
CVE-2012-1380 (Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) applica ...)
	NOT-FOR-US: NetEaseWeibo
CVE-2012-1379
	RESERVED
CVE-2012-1378
	RESERVED
CVE-2012-1377
	RESERVED
CVE-2012-1376
	RESERVED
CVE-2012-1375
	RESERVED
CVE-2012-1374
	RESERVED
CVE-2012-1373
	RESERVED
CVE-2012-1372
	RESERVED
CVE-2012-1371
	RESERVED
CVE-2012-1370 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows re ...)
	NOT-FOR-US: Cisco
CVE-2012-1369
	RESERVED
CVE-2012-1368
	RESERVED
CVE-2012-1367 (The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and ...)
	NOT-FOR-US: Cisco
CVE-2012-1366 (Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listene ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1365 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authent ...)
	NOT-FOR-US: Cisco
CVE-2012-1364 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authent ...)
	NOT-FOR-US: Cisco
CVE-2012-1363
	RESERVED
CVE-2012-1362
	RESERVED
CVE-2012-1361 (Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) featu ...)
	NOT-FOR-US: Cisco
CVE-2012-1360
	RESERVED
CVE-2012-1359
	RESERVED
CVE-2012-1358
	RESERVED
CVE-2012-1357 (The igmp_snoop_orib_fill_source_update function in the IGMP process in ...)
	NOT-FOR-US: NX-OS
CVE-2012-1356
	RESERVED
CVE-2012-1355
	RESERVED
CVE-2012-1354
	RESERVED
CVE-2012-1353
	RESERVED
CVE-2012-1352
	RESERVED
CVE-2012-1351
	RESERVED
CVE-2012-1350 (Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attacke ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1349
	RESERVED
CVE-2012-1348 (Cisco Wide Area Application Services (WAAS) appliances with software 4 ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2012-1347
	RESERVED
CVE-2012-1346 (Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco Emergency Responder
CVE-2012-1345
	RESERVED
CVE-2012-1344 (Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allo ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1343
	RESERVED
CVE-2012-1342 (Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote att ...)
	NOT-FOR-US: Cisco Carrier Routing System
CVE-2012-1341
	RESERVED
CVE-2012-1340 (The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 ...)
	NOT-FOR-US: Cisco MDS NX-OS
CVE-2012-1339 (The Fabric Interconnect component in Cisco Unified Computing System (U ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-1338 (Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allo ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1337 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-1336 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-1335 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-1334
	RESERVED
CVE-2012-1333
	RESERVED
CVE-2012-1332
	RESERVED
CVE-2012-1331
	RESERVED
CVE-2012-1330
	RESERVED
CVE-2012-1329
	RESERVED
CVE-2012-1328 (Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2  ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2012-1327 (dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 al ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1326 (Cisco IronPort Web Security Appliance up to and including 7.5 does not ...)
	NOT-FOR-US: Cisco
CVE-2012-1325
	RESERVED
CVE-2012-1324 (Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1323
	RESERVED
CVE-2012-1322
	RESERVED
CVE-2012-1321
	RESERVED
CVE-2012-1320
	RESERVED
CVE-2012-1319
	RESERVED
CVE-2012-1318
	RESERVED
CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows remo ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1316 (Cisco IronPort Web Security Appliance does not check for certificate r ...)
	NOT-FOR-US: Cisco
CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall i ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote atta ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1313 (The remote debug shell on the PALO adapter card in Cisco Unified Compu ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1310 (Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1,  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1309
	RESERVED
CVE-2012-1308 (Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Li ...)
	NOT-FOR-US: D-Link
CVE-2012-1307
	RESERVED
CVE-2012-1306
	RESERVED
CVE-2012-1305
	RESERVED
CVE-2012-1304
	RESERVED
CVE-2012-1303 (Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash  ...)
	NOT-FOR-US: amCharts Flash
CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 all ...)
	NOT-FOR-US: amMap
CVE-2012-1301 (The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to  ...)
	NOT-FOR-US: Umbraco
CVE-2012-1300
	RESERVED
CVE-2012-1299
	RESERVED
CVE-2012-1298
	RESERVED
CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in main.php ...)
	NOT-FOR-US: Contao
CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/hand ...)
	NOT-FOR-US: Elefant CMS
CVE-2012-1295
	RESERVED
CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote att ...)
	NOT-FOR-US: CONTIMEX Impulsio CMS
CVE-2012-1292 (Unspecified vulnerability in the MessagingSystem servlet in SAP NetWea ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1291 (Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProces ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1290 (Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allo ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1293 (Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' F ...)
	{DSA-2414-1}
	- fex 20120215-1 (low; bug #660621)
CVE-2012-1288 (The UTC Fire &amp; Security GE-MC100-NTP/GPS-ZB Master Clock device us ...)
	NOT-FOR-US: UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock
CVE-2012-1287
	RESERVED
CVE-2012-1286
	RESERVED
CVE-2012-1285
	RESERVED
CVE-2012-1284
	RESERVED
CVE-2012-1283
	RESERVED
CVE-2012-1282
	RESERVED
CVE-2012-1281
	RESERVED
CVE-2012-1280
	RESERVED
CVE-2012-1279
	RESERVED
CVE-2012-1278
	RESERVED
CVE-2012-1277
	RESERVED
CVE-2012-1276
	RESERVED
CVE-2012-1275
	RESERVED
CVE-2012-1274
	RESERVED
CVE-2012-1273
	RESERVED
CVE-2012-1272
	RESERVED
CVE-2012-1271
	RESERVED
CVE-2012-1270
	RESERVED
CVE-2012-1269
	RESERVED
CVE-2012-1268
	RESERVED
CVE-2012-1267
	RESERVED
CVE-2012-1266
	RESERVED
CVE-2012-1265
	RESERVED
CVE-2012-1264 (Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.50 ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2012-1263
	RESERVED
CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi i ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusion ...)
	NOT-FOR-US: Plixer
CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in P ...)
	NOT-FOR-US: Plixer
CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International Scrutin ...)
	NOT-FOR-US: Plixer
CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow &amp ...)
	NOT-FOR-US: Plixer
CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...)
	- pidgin <unfixed> (unimportant)
	NOTE: Negligible local information disclosure
CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before 2010.1.1.8 ...)
	NOT-FOR-US: EasyVista
CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remot ...)
	NOT-FOR-US: Segue (CMS)
CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier ...)
	NOT-FOR-US: Segue (CMS)
CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...)
	- roundcube 0.7-1 (low)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows ...)
	- rssowl <itp> (bug #346541)
CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates from SSL ...)
	NOT-FOR-US: Opera
CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not properly  ...)
	NOT-FOR-US: Logitec LAN-W300N/R device
CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does not pr ...)
	NOT-FOR-US: iLunascape
CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not properly h ...)
	NOT-FOR-US: BaserCMS
CVE-2012-1247 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and  ...)
	NOT-FOR-US: KENT-WEB WEB MART
CVE-2012-1246 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and  ...)
	NOT-FOR-US: KENT-WEB WEB MART
CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls function  ...)
	NOT-FOR-US: OSQA
CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for Android d ...)
	NOT-FOR-US: Android app
CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not properl ...)
	NOT-FOR-US: Android app
CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou,  ...)
	NOT-FOR-US: various Ichitaro products
CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 d ...)
	NOT-FOR-US: ActiveScriptRuby
CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikun ...)
	NOT-FOR-US: RECRUIT Dokodemo
CVE-2012-1239 (The TopAccess web-based management interface on TOSHIBA TEC e-Studio m ...)
	NOT-FOR-US: TOSHIBA TEC e-Studio
CVE-2012-1238 (Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remot ...)
	NOT-FOR-US: SENCHA SNS
CVE-2012-1237 (Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1 ...)
	NOT-FOR-US: SENCHA SNS
CVE-2012-1236 (Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter ...)
	NOT-FOR-US: Janetter
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin  ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1233
	RESERVED
CVE-2012-1232
	RESERVED
CVE-2012-1231
	RESERVED
CVE-2012-1230
	RESERVED
CVE-2012-1229
	RESERVED
CVE-2012-1228
	RESERVED
CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...)
	NOT-FOR-US: pluck
CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alp ...)
	- dolibarr 3.3.4-1
CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and ...)
	- dolibarr 3.3.4-1
CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in system/classes/login.php i ...)
	NOT-FOR-US: ContentLion Alpha
CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search space of  ...)
	NOT-FOR-US: RabidHamster
CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlie ...)
	NOT-FOR-US: RabidHamster
CVE-2012-1221 (Directory traversal vulnerability in the telnet server in RabidHamster ...)
	NOT-FOR-US: RabidHamster
CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in modules/config/admi ...)
	NOT-FOR-US: GAzie
CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2 ...)
	NOT-FOR-US: freelancerKit
CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow rem ...)
	NOT-FOR-US: freelancerKit
CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Por ...)
	NOT-FOR-US: STHS
CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...)
	NOT-FOR-US: PBBoard
CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends module in  ...)
	NOT-FOR-US: Yoono extension
CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends module in  ...)
	NOT-FOR-US: Yoono Desktop Application
CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbr ...)
	NOT-FOR-US: Zimbra Web Client
CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName  ...)
	NOT-FOR-US: Semantic Enterprise Wiki
CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Pow ...)
	NOT-FOR-US: Powie pFile
CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allo ...)
	NOT-FOR-US: Powie pFile
CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in backend/core/engine/base.p ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in backend/core/en ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1207 (Directory traversal vulnerability in frontend/core/engine/javascript.p ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote ...)
	NOT-FOR-US: Hancom Office
CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php in Relo ...)
	NOT-FOR-US: Relocate Upload plugin
CVE-2012-1204
	RESERVED
CVE-2012-1203 (Cross-site request forgery (CSRF) vulnerability in starnet/index.php i ...)
	NOT-FOR-US: SyndeoCMS
CVE-2012-1202
	RESERVED
CVE-2012-1201
	RESERVED
CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow r ...)
	NOT-FOR-US: Nova CMS
CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis a ...)
	- acidbase <removed> (unimportant)
	NOTE: requires register_globals to be on
CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 al ...)
	- acidbase <removed> (unimportant; bug #661020)
	NOTE: unreproducible issue, extremely low on details in original report
CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 13 ...)
	NOT-FOR-US: ACDSee
CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service (WSVulner ...)
	NOT-FOR-US: Lenovo ThinkManagement Console
CVE-2012-1195 (Unrestricted file upload vulnerability in andesk/managementsuite/core/ ...)
	NOT-FOR-US: Lenovo ThinkManagement Console
CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server 200 ...)
	NOTE: DNS protocol flaw
CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites c ...)
	NOTE: DNS protocol flaw
CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names a ...)
	NOTE: DNS protocol flaw
CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...)
	- djbdns <removed>
	NOTE: DNS protocol flaw
	NOTE: RH made an update: https://bugzilla.redhat.com/show_bug.cgi?id=838761
CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...)
	- backuppc 3.1.0-9.1 (low; bug #661011)
	[squeeze] - backuppc 3.1.0-9.1
	[lenny] - backuppc <no-dsa> (Minor issue)
CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EX ...)
	{DSA-2414-1}
	- fex 20120215-1 (low; bug #660621)
CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the replication-setup func ...)
	- phpmyadmin 4:3.4.10.1-1 (unimportant)
	[lenny] - phpmyadmin <not-affected>
	[squeeze] - phpmyadmin <not-affected>
	NOTE: hypothetical issue
CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in  ...)
	- torcs 1.3.3-1 (low; bug #660555)
	[squeeze] - torcs <no-dsa> (Minor issue)
	- speed-dreams <itp> (bug #599884)
CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1187 (Bitlbee does not drop extra group privileges correctly in unix.c ...)
	- bitlbee 3.0.4+bzr855-1 (low)
	[squeeze] - bitlbee <no-dsa> (Minor issue)
CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c in Ima ...)
	{DSA-2462-1}
	- imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) magick/prope ...)
	{DSA-2462-1}
	- imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in main/u ...)
	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
	[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the  ...)
	{DSA-2460-1}
	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14 ...)
	{DSA-2450-1}
	- samba 2:3.6.4-1 (bug #668309)
	- samba4 4.0.0~alpha19+dfsg1-1 (bug #668309)
CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Se ...)
	{DSA-2436-1}
	- libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814)
CVE-2012-1180 (Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1 ...)
	{DSA-2434-1}
	- nginx 1.1.17-1 (bug #664137)
	NOTE: http://seclists.org/oss-sec/2012/q1/644
CVE-2012-1179 (The Linux kernel before 3.3.1, when KVM is used, allows guest OS users ...)
	- linux-2.6 3.2.14-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol plugi ...)
	- pidgin 2.10.2-1 (low; bug #664030)
	[squeeze] - pidgin <no-dsa> (Only exploitable by malicious server)
	NOTE: http://pidgin.im/news/security/?id=61
CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL  ...)
	{DSA-2482-1}
	- libgdata 0.10.2-1 (bug #664032)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi b ...)
	- pyfribidi 0.11.0-1 (bug #663189)
	[squeeze] - pyfribidi <no-dsa> (Minor issue)
CVE-2012-1175 (Integer overflow in the GnashImage::size method in libbase/GnashImage. ...)
	{DSA-2435-1}
	- gnash 0.8.10-5 (bug #664023)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login mana ...)
	- systemd 44-1 (bug #664364)
CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow r ...)
	{DSA-2447-1}
	- tiff3 3.9.6-2
	- tiff 4.0.1-2
CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does n ...)
	{DSA-2465-1}
	- php5 5.4.0-1 (bug #663760)
CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to by ...)
	- php5 <removed> (unimportant)
	NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant
CVE-2012-1170 (Moodle before 2.2.2 has an external enrolment plugin context check iss ...)
	- moodle <not-affected> (Only affects 2.2)
CVE-2012-1169 (Moodle before 2.2.2 has Personal information disclosure, when administ ...)
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1168 (Moodle before 2.2.2 has a password and web services issue where when t ...)
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x be ...)
	- ldm  2:2.2.7-1 (bug #663645)
	[squeeze] - ldm <not-affected> (Introduced in 2.2)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340
CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1 (low; bug #663642)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...)
	{DLA-203-1}
	- openldap 2.4.31-1 (low; bug #663644)
	[squeeze] - openldap <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...)
	- libzip 0.10.1-1 (bug #664990)
	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c ...)
	- libzip 0.10.1-1 (bug #664990)
	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
CVE-2012-1161 (Moodle before 2.2.2: Course information leak via hidden courses being  ...)
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1160 (Moodle before 2.2.2 has a permission issue in Forum Subscriptions wher ...)
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1159 (Moodle before 2.2.2: Overview report allows users to see hidden course ...)
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1158 (Moodle before 2.2.2 has a course information leak in gradebook where u ...)
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1157 (Moodle before 2.2.2 has a default repository capabilities issue where  ...)
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1156 (Moodle before 2.2.2 has users' private files included in course backup ...)
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1155 (Moodle has a database activity export permission issue where the expor ...)
	- moodle 1.9.9.dfsg2-6 (low; bug #668411)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
CVE-2012-1154 (mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used  ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2012-1153 (Unrestricted file upload vulnerability in addons/uploadify/uploadify.p ...)
	NOT-FOR-US: AppRain CMS
CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting function ...)
	{DSA-2432-1}
	- libyaml-libyaml-perl 0.38-2 (bug #661548)
CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD ...)
	{DSA-2431-1}
	- libdbd-pg-perl 2.19.0-1 (bug #661536)
CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x b ...)
	{DLA-25-1}
	- python2.5 <removed> (low)
	- python2.6 2.6.8-0.1 (low)
	- python2.7 2.7.3~rc1-1 (low)
	- python3.2 3.2.3-1 (low)
	- python3.1 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3,  ...)
	{DSA-2487-1 DSA-2473-1}
	- libreoffice 1:3.4.5-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat  ...)
	{DSA-2525-1}
	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
	- expat 2.1.0~beta3-1 (bug #663579)
CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...)
	- expat <not-affected> (readfilemap.c is not used in *IX)
CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in t ...)
	- linux-2.6 3.2.10-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-1145 (spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterpri ...)
	NOT-FOR-US: RHN Satellite
CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1125 (Unrestricted file upload vulnerability in uploadify/scripts/uploadify. ...)
	NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian)
CVE-2012-1124 (SQL injection vulnerability in search.php in phxEventManager 2.0 beta  ...)
	NOT-FOR-US: phxEventManager not in Debian
CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (bug #662858)
CVE-2012-1122 (bug_actiongroup.php in MantisBT before 1.2.9 does not properly check t ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669927)
CVE-2012-1121 (MantisBT before 1.2.9 does not properly check permissions, which allow ...)
	- mantis 1.2.10-1 (low; bug #669926)
	[squeeze] - mantis <not-affected> (according to maintainer)
CVE-2012-1120 (The SOAP API in MantisBT before 1.2.9 does not properly enforce the bu ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669925)
CVE-2012-1119 (MantisBT before 1.2.9 does not audit when users copy or clone a bug re ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669928)
CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in MantisBT b ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669924)
CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 al ...)
	NOT-FOR-US: Joomla!
CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 al ...)
	NOT-FOR-US: Joomla!
CVE-2012-1115 (A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Mana ...)
	- phpldapadmin 1.2.2-3 (low; bug #662050)
	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
	- ldap-account-manager 3.6-2 (low; bug #661904)
	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2012-1114 (A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Mana ...)
	- phpldapadmin 1.2.2-3 (low; bug #662050)
	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
	- ldap-account-manager 3.6-2 (low; bug #661904)
	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	- gallery2 2.3.2.dfsg-1 (low)
	[squeeze] - gallery2 <no-dsa> (Minor issue)
CVE-2012-1112 (Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier ...)
	NOT-FOR-US: OpenRealty CMS not in Debian
CVE-2012-1111 (lightdm before 1.0.9 does not properly close file descriptors before o ...)
	- lightdm 1.0.9-1 (bug #658678)
CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and  ...)
	NOT-FOR-US: etano not in Debian
CVE-2012-1109 (mwlib 0.13 through 0.13.4 has a denial of service vulnerability when p ...)
	NOT-FOR-US: mwlib not in Debian
CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier al ...)
	- taglib 1.7.1-1 (low; bug #662705)
	[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1107 (The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and ...)
	- taglib 1.7.1-1 (low; bug #662705)
	[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1106 (The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-1105 (An Information Disclosure vulnerability exists in the Jasig Project ph ...)
	- moodle 2.2.7.dfsg-1 (low; bug #662945)
	[squeeze] - moodle <no-dsa> (Minor issue)
	- glpi 0.80.7-2 (unimportant; bug #662944)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2 library fro ...)
	- moodle 2.2.7.dfsg-1 (low; bug #662945)
	[squeeze] - moodle <no-dsa> (Minor issue)
	- glpi 0.80.7-2 (unimportant; bug #662944)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs in ...)
	{DSA-2416-1}
	- notmuch 0.11.1-1
CVE-2012-1101 (systemd 37-1 does not properly handle non-existent services, which cau ...)
	- systemd 43-1 (bug #662029)
CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and  ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
	{DSA-2466-1}
	- ruby-actionpack-2.3 2.3.14-3 (bug #668607)
	- rails 2.3.14
	NOTE: (code lives within ruby-actionpack in unstable)
CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...)
	- ruby-actionpack-2.3 2.3.14-3 (bug #668977)
	- rails 2.3.14
	[squeeze] - rails <not-affected> (Vulnerable code not present)
	NOTE: (code lives within ruby-actionpack in unstable)
CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.1 ...)
	{DSA-2443-1}
	- linux-2.6 3.2.10-1 (low)
CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other users'  ...)
	- network-manager <unfixed> (low; bug #684259)
	[buster] - network-manager <ignored> (Minor issue)
	[stretch] - network-manager <ignored> (Minor issue)
	[jessie] - network-manager <ignored> (Minor issue)
	[wheezy] - network-manager <ignored> (Minor issue)
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329
CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package  ...)
	- osc <unfixed> (unimportant)
	NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc
CVE-2012-1094 (JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2012-1093 (The init script in the Debian x11-common package before 1:7.6+12 is vu ...)
	- xorg 1:7.6+12 (bug #661627)
	[squeeze] - xorg <no-dsa> (maintainer suggests no-dsa; confirm)
CVE-2012-1092
	REJECTED
CVE-2012-1091
	REJECTED
CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3 ...)
	{DSA-2443-1}
	- linux-2.6 3.2.10-1
CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-1088 (iproute2 before 3.3.0 allows local users to overwrite arbitrary files  ...)
	- iproute 20120319-1 (unimportant)
	NOTE: 1st issue only exploitable at build time / 2nd issue just example script in iproute-doc
CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to f ...)
	NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) ex ...)
	NOT-FOR-US: aeurltool extension for TYPO3
CVE-2012-1085 (Unspecified vulnerability in the BE User Switch (beuserswitch) extensi ...)
	NOT-FOR-US: beuserswitch for TYPO3
CVE-2012-1084 (Cross-site scripting (XSS) vulnerability in the BE User Switch (beuser ...)
	NOT-FOR-US: beuserswitch for TYPO3
CVE-2012-1083 (Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Sh ...)
	NOT-FOR-US: terminal extension TYPO3
CVE-2012-1082 (Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (te ...)
	NOT-FOR-US: terminal extension TYPO3
CVE-2012-1081 (Cross-site scripting (XSS) vulnerability in the Yet another Google sea ...)
	NOT-FOR-US: ya_googlesearch extension for TYPO3
CVE-2012-1080 (Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_e ...)
	NOT-FOR-US: skt_eurocalc extension for TYPO3
CVE-2012-1079 (Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservi ...)
	NOT-FOR-US: typo3_webservice extension for TYPO3
CVE-2012-1078 (The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3  ...)
	NOT-FOR-US: sysutils extension for TYPO3
CVE-2012-1077 (SQL injection vulnerability in the Post data records to facebook (bc_p ...)
	NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1076 (Cross-site scripting (XSS) vulnerability in the Documents download (rt ...)
	NOT-FOR-US: rtg_files extension for TYPO3
CVE-2012-1075 (SQL injection vulnerability in the Documents download (rtg_files) exte ...)
	NOT-FOR-US: rtg_files extension for TYPO3
CVE-2012-1074 (SQL injection vulnerability in the White Papers (mm_whtppr) extension  ...)
	NOT-FOR-US: mm_whtppr extension for TYPO3
CVE-2012-1073 (Cross-site scripting (XSS) vulnerability in the Category-System (toi_c ...)
	NOT-FOR-US: toi_category extension for TYPO3
CVE-2012-1072 (SQL injection vulnerability in the Category-System (toi_category) exte ...)
	NOT-FOR-US: toi_category extension for TYPO3
CVE-2012-1071 (SQL injection vulnerability in the Kitchen recipe (mv_cooking) extensi ...)
	NOT-FOR-US: mv_cooking extension for TYPO3
CVE-2012-1070 (Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) ext ...)
	NOT-FOR-US: irfaq extension for TYPO3
CVE-2012-1069 (Cross-site scripting (XSS) vulnerability in module/kb/search_word in t ...)
	NOT-FOR-US: lknSupport
CVE-2012-1068 (Cross-site scripting (XSS) vulnerability in the rc_ajax function in co ...)
	NOT-FOR-US: WP-RecentComments plugin for WordPress
CVE-2012-1067 (SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for  ...)
	NOT-FOR-US: WP-RecentComments plugin for WordPress
CVE-2012-1066 (Cross-site scripting (XSS) vulnerability in the template module in Sma ...)
	NOT-FOR-US: SmartyCMS
CVE-2012-1065 (Insecure method vulnerability in TuxScripting.dll in the TuxSystem Act ...)
	NOT-FOR-US: TuxSystem
CVE-2012-1064 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer  ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tc ...)
	NOT-FOR-US: jftcaforms extension for TYPO3
CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2  ...)
	NOT-FOR-US: irfaq extension for TYPO3
CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/up ...)
	NOT-FOR-US: Hulihan Amethyst
CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 bef ...)
	NOT-FOR-US: e107
CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 a ...)
	NOT-FOR-US: PHP-Nuke
CVE-2012-1063 (Multiple SQL injection vulnerabilities in ManageEngine Applications Ma ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2012-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ap ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2012-1061 (SQL injection vulnerability in GForge Advanced Server 6.0.0 and other  ...)
	NOT-FOR-US: GForge Advanced Server
CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in revisioning_the ...)
	NOT-FOR-US: Taxonomy module for Drupal
CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Sh ...)
	NOT-FOR-US: shirt module in OSCommerce
CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 al ...)
	NOT-FOR-US: Flyspray
CVE-2012-1057 (Cross-site request forgery (CSRF) vulnerability in the clickthrough tr ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2012-1056 (The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3  ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2012-1055 (Heap-based buffer overflow in PhotoLine 17.01 and possibly other versi ...)
	NOT-FOR-US: PhotoLine
CVE-2012-1054 (Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterpr ...)
	{DSA-2419-1}
	- puppet 2.7.11-1
CVE-2012-1053 (The change_user method in the SUIDManager (lib/puppet/util/suidmanager ...)
	{DSA-2419-1}
	- puppet 2.7.11-1
CVE-2012-1052 (Buffer overflow in IvanView 1.2.15 allows remote attackers to execute  ...)
	NOT-FOR-US: IvanView
CVE-2012-1051 (Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnVi ...)
	NOT-FOR-US: XnView
CVE-2012-1050 (Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1. ...)
	- mathopd <removed> (low; bug #660627)
	[lenny] - mathopd <no-dsa> (Minor issue, configuration specific)
	[squeeze] - mathopd <no-dsa> (Minor issue, configuration specific)
	NOTE: this is only an issue in specific configurations but not in the Debian configuration
CVE-2012-1049 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AD ...)
	NOT-FOR-US: ManageEngine ADManager Plus
CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in communityplusplus/www/admi ...)
	NOT-FOR-US: eFront Community++
CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service (js/html/wwhe ...)
	NOT-FOR-US: Cyberoam Central Console
CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1  ...)
	NOT-FOR-US: IBM Cognos
CVE-2012-1045
	RESERVED
CVE-2012-1044
	RESERVED
CVE-2012-1043
	RESERVED
CVE-2012-1042
	RESERVED
CVE-2012-1041
	RESERVED
CVE-2012-1040
	RESERVED
CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before ...)
	- dotclear 2.4.2+dfsg-1
CVE-2012-1038 (Cross-site scripting (XSS) vulnerability in the WebAAA login functiona ...)
	NOT-FOR-US: Juniper
CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.7 ...)
	- glpi 0.80.7-1 (bug #659383; unimportant)
	[squeeze] - glpi <not-affected> (Introduced in 0.78)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1036 (Cross-site scripting (XSS) vulnerability in the telerik HTML editor in ...)
	NOT-FOR-US: telerik
CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for  ...)
	NOT-FOR-US: AdaCore Ada Web Services
CVE-2011-5078 (The web administration interface in the server in Sybase M-Business An ...)
	NOT-FOR-US: Sybase
CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin inter ...)
	NOT-FOR-US: EPiServer CMS
CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server n ...)
	- bind9 1:9.8.1.dfsg.P1-4.1 (low)
	[squeeze] - bind9 <no-dsa> (low-severity dns protocol design flaw)
CVE-2012-1032 (Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker mo ...)
	NOT-FOR-US: EPiServer CMS module Euroling SiteSeeker
CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in cer ...)
	NOT-FOR-US: EPiServer CMS
CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0 ...)
	NOT-FOR-US: DotNetNuke
CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube Ace (Ad ...)
	NOT-FOR-US: Tube Ace
CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGro ...)
	NOT-FOR-US: SimpleGroupWare
CVE-2012-1027 (Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]pro ...)
	NOT-FOR-US: project-open
CVE-2012-1026 (Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 ...)
	NOT-FOR-US: XRay CMS
CVE-2012-1025 (Absolute path traversal vulnerability in file in Enigma2 Webinterface  ...)
	NOT-FOR-US: Enigma2
CVE-2012-1024 (Directory traversal vulnerability in file in Enigma2 Webinterface 1.5r ...)
	NOT-FOR-US: Enigma2
CVE-2012-1023 (Open redirect vulnerability in admin/index.php in 4images 1.7.10 allow ...)
	NOT-FOR-US: 4images
CVE-2012-1022 (SQL injection vulnerability in admin/categories.php in 4images 1.7.10  ...)
	NOT-FOR-US: 4images
CVE-2012-1021 (Cross-site scripting (XSS) vulnerability in admin/categories.php in 4i ...)
	NOT-FOR-US: 4images
CVE-2012-1020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Ne ...)
	NOT-FOR-US: NexorONE Online Banking
CVE-2012-1019 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterpris ...)
	NOT-FOR-US: Xwiki Enterprise
CVE-2012-1018 (Cross-site scripting (XSS) vulnerability in includes/convert.php in D- ...)
	NOT-FOR-US: Joomla addon
CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic A ...)
	- acidbase <removed> (low; bug #659287)
	[squeeze] - acidbase <no-dsa> (Minor issue)
CVE-2012-1016 (The pkinit_server_return_padata function in plugins/preauth/pkinit/pki ...)
	- krb5 1.10.1+dfsg-4+nmu1 (bug #702633)
	[squeeze] - krb5 <not-affected> (introduced upstream with 3725d22140c23a376dd79b69d130be8e2b91005f, not affecting 1.8.x)
CVE-2012-1015 (The kdc_handle_protected_negotiation function in the Key Distribution  ...)
	{DSA-2518-1}
	- krb5 1.10.1+dfsg-2 (bug #683429)
	NOTE: http://seclists.org/bugtraq/2012/Jul/171
CVE-2012-1014 (The process_as_req function in the Key Distribution Center (KDC) in MI ...)
	{DSA-2518-1}
	- krb5 1.10.1+dfsg-2 (bug #683429)
	NOTE: http://seclists.org/bugtraq/2012/Jul/171
CVE-2012-1013 (The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmi ...)
	- krb5 1.10.1+dfsg-3 (low; bug #687647)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: DoS only triggered by clients with admin permissions
CVE-2012-1012 (server/server_stubs.c in the kadmin protocol implementation in MIT Ker ...)
	- krb5 1.10.1+dfsg-1 (bug #670918)
	[squeeze] - krb5 <not-affected> (vulnerable code not present)
	NOTE: bug was introduced in krb5 1.10
CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remot ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the AllWebMen ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki 5. ...)
	NOT-FOR-US: HDWiki
CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0,  ...)
	NOT-FOR-US: HDWiki
CVE-2012-1009 (NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build  ...)
	NOT-FOR-US: NetSarang
CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: OfficeSIP Server
CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1 ...)
	- libstruts1.2-java <removed> (unimportant; bug #657870)
	NOTE: Just examples
CVE-2012-1006 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2012-1005 (Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software ...)
	NOT-FOR-US: Sphinx Software Mobile Web Server
CVE-2012-1004 (Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm  ...)
	- foswiki <itp> (bug #509864)
CVE-2012-1003 (Multiple integer overflows in Opera 11.60 and earlier allow remote att ...)
	NOT-FOR-US: Opera
CVE-2002-2483
	- linux-2.6 2.4.20
CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x before  ...)
	NOT-FOR-US: OpenConf
CVE-2012-1001 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2. ...)
	NOT-FOR-US: Chyrp
CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 an ...)
	NOT-FOR-US: LEPTON
CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON before 1 ...)
	NOT-FOR-US: LEPTON
CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in LEPTON ...)
	NOT-FOR-US: LEPTON
CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in  ...)
	NOT-FOR-US: 11in1
CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12- ...)
	NOT-FOR-US: 11in1
CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2  ...)
	NOT-FOR-US: ZENphoto
CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in zp-core/ad ...)
	NOT-FOR-US: ZENphoto
CVE-2012-0993 (Eval injection vulnerability in zp-core/zp-extensions/viewer_size_imag ...)
	NOT-FOR-US: ZENphoto
CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenti ...)
	NOT-FOR-US: OpenEMR
CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow re ...)
	NOT-FOR-US: OpenEMR
CVE-2012-0990 (Cross-site request forgery (CSRF) vulnerability in admin/settings/upda ...)
	NOT-FOR-US: DClassifieds
CVE-2012-0989 (Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefau ...)
	NOT-FOR-US: KnowledgeTree
CVE-2012-0987 (Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x  ...)
	NOT-FOR-US: ImpressCMS
CVE-2012-0986 (Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2. ...)
	NOT-FOR-US: ImpressCMS
CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control 4.0. ...)
	NOT-FOR-US: Sony VAIO wireless LAN management ActiveX
CVE-2012-0984 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2. ...)
	NOT-FOR-US: Xoops
CVE-2012-0983 (SQL injection vulnerability in Scriptsez.net Ez Album allows remote at ...)
	NOT-FOR-US: Ez Album
CVE-2012-0982 (SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone  ...)
	NOT-FOR-US: Vastal I-Tech Agent Zone
CVE-2012-0981 (Directory traversal vulnerability in phpShowtime 2.0 allows remote att ...)
	NOT-FOR-US: phpShowtime
CVE-2012-0980 (SQL injection vulnerability in download.php in phux Download Manager a ...)
	NOT-FOR-US: phux.org Download Manager
CVE-2012-0979 (Cross-site scripting (XSS) vulnerability in TWiki allows remote attack ...)
	- twiki <removed>
CVE-2012-0978 (Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug- ...)
	NOT-FOR-US: LuraWave JP2 Browser Plug-In
CVE-2012-0977 (Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Contr ...)
	NOT-FOR-US: LuraWave JP2 ActiveX Control
CVE-2012-0976 (Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverSt ...)
	- silverstripe <itp> (bug #528461)
CVE-2012-0975 (Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting  ...)
	NOT-FOR-US: Image Hosting Script DPI
CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the getParam fu ...)
	NOT-FOR-US: OSClass
CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow r ...)
	NOT-FOR-US: OSClass
CVE-2012-0972
	REJECTED
CVE-2012-0971
	REJECTED
CVE-2012-0970
	REJECTED
CVE-2012-0969
	REJECTED
CVE-2012-0968
	REJECTED
CVE-2012-0967
	REJECTED
CVE-2012-0966
	REJECTED
CVE-2012-0965
	REJECTED
CVE-2012-0964
	REJECTED
CVE-2012-0963
	REJECTED
CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when impor ...)
	- aptdaemon 0.45-2 (low)
	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789
CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ub ...)
	- apt 0.9.7.7 (bug #695832)
	[squeeze] - apt <not-affected> (Logged as 0600 in Squeeze)
CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...)
	NOT-FOR-US: Ubuntu Unity extension
CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account infor ...)
	NOT-FOR-US: Ubuntu remote login service
CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 fo ...)
	NOT-FOR-US: Firefox unity-firefox extension
CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel befo ...)
	- linux 3.2.32-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: https://lkml.org/lkml/2012/10/9/550
CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows rem ...)
	NOT-FOR-US: ubiquity-slideshow-ubuntu
CVE-2012-0955
	RESERVED
CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
	- apt 0.7.25 (unimportant)
	NOTE: net-update is not enabled by default in Debian
CVE-2012-0953 (A race condition was discovered in the Linux drivers for Nvidia graphi ...)
	- nvidia-graphics-drivers 295.53-1
CVE-2012-0952 (A heap buffer overflow was discovered in the device control ioctl in t ...)
	- nvidia-graphics-drivers 295.53-1
CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...)
	- nvidia-graphics-drivers 295.53-1
CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...)
	- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10,  ...)
	- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0948 (DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12 ...)
	- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in the VQA ...)
	{DSA-2471-1}
	- libav 6:0.8.2-1
	- ffmpeg 7:2.4.1-1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4
CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...)
	- nvidia-graphics-drivers 295.40-1
	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...)
	NOT-FOR-US: whoopsie-daisy
CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does  ...)
	- aptdaemon 0.43+bzr790-1
	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
CVE-2012-0943 (debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1 ...)
	- lightdm <not-affected> (Ubuntu-specific script)
CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix  ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-0941 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiG ...)
	NOT-FOR-US: Fortinet
CVE-2012-0940
	RESERVED
CVE-2012-0939 (Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier  ...)
	NOT-FOR-US: TestLink
CVE-2012-0938 (Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and  ...)
	NOT-FOR-US: TestLink
CVE-2012-0937 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
CVE-2012-0936 (Cross-site scripting (XSS) vulnerability in web/springframework/securi ...)
	- opennms <itp> (bug #450615)
CVE-2012-0935 (SQL injection vulnerability in Default.aspx in Aryadad CMS allows remo ...)
	NOT-FOR-US: Aryadad CMS
CVE-2012-0934 (PHP remote file inclusion vulnerability in ajax/savetag.php in the The ...)
	NOT-FOR-US: Wordpress plug-in
CVE-2012-0933 (Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5 ...)
	NOT-FOR-US: Acidcat CMS
CVE-2012-0932 (Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Ca ...)
	NOT-FOR-US: Lead Capture Page System
CVE-2012-0931 (Schneider Electric Modicon Quantum PLC does not perform authentication ...)
	NOT-FOR-US: Schneider Electric Modicon Quantum PLC
CVE-2012-0930 (Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon ...)
	NOT-FOR-US: Schneider Electric Modicon Quantum PLC
CVE-2012-0929 (Multiple buffer overflows in Schneider Electric Modicon Quantum PLC al ...)
	NOT-FOR-US: Schneider Electric Modicon Quantum PLC
CVE-2012-0928 (The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0. ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0927 (Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before  ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0925 (Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0924 (RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and Real ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0923 (The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before  ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15 ...)
	NOT-FOR-US: RealPlayer
CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support Inciden ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident Tracker (ak ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident Tracker (ak ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support Inciden ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5069 (Unrestricted file upload vulnerability in incident_attachments.php in  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 all ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2012-0921
	RESERVED
CVE-2012-0920 (Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012. ...)
	{DSA-2456-1}
	- dropbear 2012.55-1 (low; bug #661150)
	NOTE: this is limited to authenticated users with enforced command restrictions
CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Dire ...)
	NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Serv ...)
	NOT-FOR-US: Hitachi
CVE-2012-0917 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Anal ...)
	NOT-FOR-US: Hitachi IT Operations Analyzer
CVE-2012-0916 (Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers  ...)
	NOT-FOR-US: RenRen Talk
CVE-2012-0915 (Integer signedness error in RenRen Talk 2.9 allows remote attackers to ...)
	NOT-FOR-US: RenRen Talk
CVE-2012-0914 (Cross-site scripting (XSS) vulnerability in display_renderers/panels_r ...)
	NOT-FOR-US: admin view in the Panels module for Drupal
CVE-2012-0913 (SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeA ...)
	NOT-FOR-US: ICloudCenter ICTimeAttendance
CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 all ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote att ...)
	- tikiwiki <removed>
	NOTE: http://seclists.org/bugtraq/2012/Jul/19
CVE-2012-0910
	RESERVED
CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupw ...)
	- horde3 3.3.12+debian0-2.2 (low)
	[squeeze] - horde3 <no-dsa> (Minor issue)
CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis NeoAxis ...)
	NOT-FOR-US: NeoAxis NeoAxis web player
CVE-2012-0906 (SQL injection vulnerability in the Moviebase addon for deV!L'z Clanpor ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2012-0905 (SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addo ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2012-0904 (VLC media player 1.1.11 allows remote attackers to cause a denial of s ...)
	- vlc <not-affected> (not reproducible, no public fix from the vlc team either)
CVE-2012-0903 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop  ...)
	NOT-FOR-US: Zimbra Desktop
CVE-2012-0902 (AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AirTies Air
CVE-2012-0901 (Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo ...)
	NOT-FOR-US: YouSayToo auto-publishing plugin for WordPress
CVE-2012-0900 (Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1 ...)
	NOT-FOR-US: Beehive Forum
CVE-2012-0899 (Cross-site scripting (XSS) vulnerability in referencement/sites_inscri ...)
	NOT-FOR-US: Annuaire PHP
CVE-2012-0898 (Directory traversal vulnerability in meb_download.php in the myEASYbac ...)
	NOT-FOR-US: myEASYbackup plugin for WordPress
CVE-2012-0897 (Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIn ...)
	NOT-FOR-US: IrfanView PlugIns
CVE-2012-0896 (Absolute path traversal vulnerability in download.php in the Count Per ...)
	NOT-FOR-US: Count Per Day module for WordPress
CVE-2012-0895 (Cross-site scripting (XSS) vulnerability in map/map.php in the Count P ...)
	NOT-FOR-US: Count Per Day module for WordPress
CVE-2012-0894
	RESERVED
CVE-2012-0893
	RESERVED
CVE-2012-0892
	RESERVED
CVE-2012-0891 (Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboar ...)
	NOT-FOR-US: puppet-dashboard
CVE-2012-0890
	RESERVED
CVE-2012-0889
	RESERVED
CVE-2012-0888
	RESERVED
CVE-2012-0887
	RESERVED
CVE-2012-0886
	RESERVED
CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLph ...)
	{DSA-2387-1}
	- simplesamlphp 1.8.2-1
	NOTE: http://code.google.com/p/simplesamlphp/issues/detail?id=468
CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1 (low)
	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12
CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...)
	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other v ...)
	- mysql-5.5 5.5.22 (bug #675872)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: limited information about issue, only a video of exploit taking place
CVE-2012-0881 (Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ca ...)
	- libxerces2-java <unfixed> (unimportant)
	NOTE: Negligible impact for Xerces
CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of service ...)
	- xerces-c <unfixed> (unimportant)
	NOTE: Negligible impact for Xerces
CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before 2. ...)
	{DSA-2469-1}
	- linux-2.6 2.6.33-1
CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...)
	- pastescript 1.7.5-2 (low; bug #661061)
	[squeeze] - pastescript <no-dsa> (Minor issue)
	NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
CVE-2012-0877 (PyXML: Hash table collisions CPU usage Denial of Service ...)
	- python-xml <removed>
CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...)
	{DSA-2525-1}
	- expat 2.1.0~beta3-1 (bug #663579)
	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
	- python2.6 <not-affected> (configured with --with-system-expat since 2.6.6-4)
CVE-2012-0875 (SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged m ...)
	- systemtap 1.7-1 (low; bug #660929; bug #660886)
	[squeeze] - systemtap <not-affected> (Vulnerable code not present)
	[lenny] - systemtap <not-affected> (Vulnerable code not present)
CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servle ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin  ...)
	NOT-FOR-US: Boonex Dolphin
CVE-2012-0872 (Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 an ...)
	NOT-FOR-US: OxWall
CVE-2012-0871 (The session_link_x11_socket function in login/logind-session.c in syst ...)
	- systemd 43-1
CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used  ...)
	- samba 2:3.4.0~pre1-1
	[lenny] - samba <not-affected> (pre-release issue)
	[squeeze] - samba <not-affected> (pre-release issue)
CVE-2012-0868 (CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3 ...)
	{DSA-2418-1}
	- postgresql-9.1 9.1.3-1
	- postgresql-8.4 8.4.11-1
CVE-2012-0867 (PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9 ...)
	{DSA-2418-1}
	- postgresql-9.1 9.1.3-1
	- postgresql-8.4 8.4.11-1
CVE-2012-0866 (CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, ...)
	{DSA-2418-1}
	- postgresql-9.1 9.1.3-1
	- postgresql-8.4 8.4.11-1
CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier  ...)
	NOT-FOR-US: CubeCart
CVE-2012-0864 (Integer overflow in the vfprintf function in stdio-common/vfprintf.c i ...)
	- eglibc 2.13-31 (low; bug #660611)
	[squeeze] - eglibc 2.11.3-4
CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for .local/sh ...)
	{DSA-2411-1}
	- mumble 1.2.3-3 (bug #659039)
CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type whe ...)
	- xinetd 1:2.3.14-7.1 (bug #672381)
	[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2012-0861 (The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0860 (Multiple untrusted search path vulnerabilities in Red Hat Enterprise V ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in libavcodec  ...)
	{DSA-2471-1}
	- libav 6:0.8.3-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-0858 (The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7 ...)
	{DSA-2624-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.2.1-1
	[squeeze] - ffmpeg 4:0.5.9-1
CVE-2012-0857 (Multiple buffer overflows in the get_qcx function in the J2K decoder ( ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in libavcod ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0855 (Heap-based buffer overflow in the get_sot function in the J2K decoder  ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0 ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in  ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg bef ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcod ...)
	{DSA-2494-1}
	- libav 6:0.8.3-1
	- ffmpeg 7:2.4.1-1
CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0849 (Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function in liba ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Code in 0.5 not affected per upstream)
CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples function in  ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar  ...)
	- webcalendar <removed>
CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2. ...)
	{DLA-25-1}
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3~rc1-1
	- python2.7 2.7.3~rc1-1
	- python2.6 2.6.8-0.1
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
CVE-2012-0844 (Information-disclosure vulnerability in Netsurf through 2.8 due to a w ...)
	- netsurf 2.8-2 (bug #659376)
CVE-2012-0843 (uzbl: Information disclosure via world-readable cookies storage file ...)
	- uzbl 0.0.0~git.20111128-2 (bug #659379)
	[squeeze] - uzbl <no-dsa> (Minor issue)
CVE-2012-0842 (surf: cookie jar has read access from other local user ...)
	- surf 0.4.1-6 (bug #659296)
CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting the abil ...)
	{DSA-2417-1}
	- libxml2 2.7.8.dfsg-8 (bug #660846)
CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...)
	- apr 1.4.6-1 (low; bug #655435)
	[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not known to be exploitable in svn)
	NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions
CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the  ...)
	- ocaml 4.00.0~beta2-1 (low; bug #659149)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	[squeeze] - ocaml <no-dsa> (Minor issue)
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expressio ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to  ...)
	NOT-FOR-US: Joomla!
CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attacke ...)
	NOT-FOR-US: Joomla!
CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x befo ...)
	NOT-FOR-US: Joomla!
CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in php ...)
	- phpldapadmin 1.2.2-1 (low; bug #658907)
	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
CVE-2012-0833 (The acllas__handle_group_entry function in servers/plugins/acl/acllas. ...)
	- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-0832
	RESERVED
CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the  ...)
	{DSA-2408-1}
	- php5 5.3.10-1
CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9  ...)
	{DSA-2403-1}
	- php5 5.3.10-1
	NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Me ...)
	NOT-FOR-US: Mibew Messenger
CVE-2012-0828 (Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xch ...)
	- xchat <not-affected> (Only affects Xchat on Windows and Maemo)
CVE-2012-0827 (The File module in Drupal 7.x before 7.11, when using unspecified fiel ...)
	- drupal7 7.11-1
	- drupal6 <not-affected>
CVE-2012-0826 (Cross-site request forgery (CSRF) vulnerability in the Aggregator modu ...)
	{DSA-2776-1}
	- drupal7 7.11-1
	- drupal6 6.26-1
CVE-2012-0825 (Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attrib ...)
	{DSA-2776-1}
	- drupal7 7.11-1
	- drupal6 6.26-1
CVE-2012-0824 (gnusound 0.7.5 has format string issue ...)
	- gnusound <removed> (low; bug #654270)
	[squeeze] - gnusound 0.7.5-3+squeeze1
CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers  ...)
	- libvpx 1.0.0-1
	[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
	NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x befo ...)
	NOT-FOR-US: Joomla!
CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allo ...)
	NOT-FOR-US: Joomla!
CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x be ...)
	NOT-FOR-US: Joomla!
CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allo ...)
	NOT-FOR-US: Joomla!
CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files  ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attacker ...)
	- samba 2:3.6.3-1 (low)
	- samba4 4.0.0~alpha18.dfsg1-1
	[squeeze] - samba <not-affected> (Only affects 3.6.x)
	[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
	RESERVED
CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...)
	{DLA-140-1}
	- rpm 4.9.1.3-1 (bug #667031)
	[squeeze] - rpm <no-dsa> (Minor issue)
CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH b ...)
	- openssh 1:5.6p1-1 (low; bug #657445)
	[squeeze] - openssh 1:5.5p1-6+squeeze2
CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in /var/log ...)
	- wicd 1.7.1~b3-4 (unimportant; bug #652417)
	NOTE: Not a security issue per se, logfile only accessible by root:adm
CVE-2012-0812 (PostfixAdmin 2.3.4 has multiple XSS vulnerabilities ...)
	- postfixadmin 2.3.5-1
	NOTE: http://seclists.org/oss-sec/2012/q1/285
CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixad ...)
	- postfixadmin 2.3.5-1
	NOTE: http://seclists.org/oss-sec/2012/q1/285
CVE-2012-0810 (The int3 handler in the Linux kernel before 3.3 relies on a per-CPU de ...)
	- linux-2.6 3.2.16-1 (bug #672660)
	[squeeze] - linux-2.6 <not-affected> (rt patchset not yet present)
	NOTE: Ben Hutchings said it was fixed in 3.2.9-1, I checked it for 3.2.16-1
CVE-2012-0809 (Format string vulnerability in the sudo_debug function in Sudo 1.8.0 t ...)
	- sudo 1.8.3p2-1 (bug #657985)
	[squeeze] - sudo <not-affected> (Vulnerable code not present)
	[lenny] - sudo <not-affected> (Vulnerable code not present)
CVE-2012-0808 (as31 2.3.1-4 does not seed the random number generator and generates p ...)
	- as31 2.3.1-5 (bug #655496)
	[squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue. Check comments in the bug report)
CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie funct ...)
	- php-suhosin 0.9.33-1 (low; bug #657190)
	[squeeze] - php-suhosin <no-dsa> (Exploitable in rare setups)
	NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote authentica ...)
	{DSA-2393-1}
	- bip 0.8.8-2 (bug #657217)
	[lenny] - bip <not-affected> (Maintainer reports vulnerable code not present)
CVE-2012-0805 (Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, a ...)
	{DSA-2449-1}
	- sqlalchemy 0.6.7-1
CVE-2012-0804 (Heap-based buffer overflow in the proxy_connect function in src/client ...)
	{DSA-2407-1}
	- cvs 2:1.12.13+real-7
CVE-2012-0803 (The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows re ...)
	NOT-FOR-US: Apache CXF
CVE-2012-0802 (Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote  ...)
	NOT-FOR-US: spamdyke
CVE-2012-0801 (lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 d ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0800 (The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2. ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0799 (Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous fr ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0798 (The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2. ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0797 (The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x befo ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0796 (class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x  ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0795 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, an ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0794 (The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1. ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0793 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, an ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0792 (mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authent ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP befor ...)
	{DSA-2485-1}
	- imp4 4.3.10+debian0-1.1 (bug #659392)
CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...)
	{DSA-2651-1}
	- smokeping 2.6.8-2 (bug #659899)
CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows r ...)
	- php5 5.3.9-1 (low)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly intera ...)
	{DSA-2408-1}
	- php5 5.3.9-1
CVE-2012-0787 (The clone_file function in transfer.c in Augeas before 1.0.0, when cop ...)
	{DLA-28-1}
	- augeas 1.0.0-1 (low; bug #731132)
	[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2012-0786 (The transform_save function in transform.c in Augeas before 1.0.0 allo ...)
	{DLA-28-1}
	- augeas 1.0.0-1 (low; bug #731132)
	[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2012-0885 (chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x befor ...)
	- asterisk 1:1.8.8.2~dfsg-1 (bug #656596)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: AST-2012-001 http://downloads.asterisk.org/pub/security/AST-2012-001.html
CVE-2012-0784
	RESERVED
CVE-2012-0783
	RESERVED
CVE-2012-0782 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in  ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote attackers t ...)
	{DSA-2408-1}
	- php5 5.3.9-1 (low)
CVE-2012-0780 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-0779 (Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0778 (Buffer overflow in Adobe Flash Professional before CS6 allows attacker ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3  ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9 ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before 10.3.183.1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0771 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0770 (Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for f ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-0769 (Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0768 (The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0767 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0765 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0764 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0763 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0762 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0761 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0760 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0759 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0758 (Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0750
	RESERVED
CVE-2012-0749
	RESERVED
CVE-2012-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 t ...)
	NOT-FOR-US: IBM AIX
CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attack ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_U ...)
	NOT-FOR-US: IBM Tivoli Event Pump
CVE-2012-0741 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tes ...)
	NOT-FOR-US: (IBM Security AppScan Enterprise
CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM  ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0739
	RESERVED
CVE-2012-0738 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tes ...)
	NOT-FOR-US: (IBM Security AppScan Enterprise
CVE-2012-0737 (Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enter ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0736 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0735 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0734 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0733 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integ ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0732 (The Enterprise Console client in IBM Rational AppScan Enterprise 5.x a ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0731 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0730 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rati ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan Enterpr ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0728 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0727 (SQL injection vulnerability in IBM Maximo Asset Management 7.5, as use ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS)  ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.10 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.10 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0723 (The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, ...)
	NOT-FOR-US: IBM AIX, VIOS
CVE-2012-0721
	REJECTED
CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solution C ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...)
	NOT-FOR-US: IBM
CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...)
	NOT-FOR-US: IBM Tivoli Change and Configuration Management Database
CVE-2012-0714 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Ma ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 th ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0711 (Integer signedness error in the db2dasrrm process in the DB2 Administr ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0710 (IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 befor ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not  ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edi ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-0706 (IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requ ...)
	NOT-FOR-US: IBM Scale Out network Attached Storage (SONAS)
CVE-2012-0705 (InfoSphere Import Export Manager in InfoSphere Information Server Meta ...)
	NOT-FOR-US: InfoSphere Information Server
CVE-2012-0704
	RESERVED
CVE-2012-0703 (Open redirect vulnerability in Information Services Framework (ISF) in ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0702 (Information Services Framework (ISF) in IBM InfoSphere Information Ser ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0701 (The client applications in the DataStage Administrator client in InfoS ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere I ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in Family C ...)
	NOT-FOR-US: Family Connections CMS
CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a deni ...)
	{DSA-2576-1}
	- trousers 0.3.9-1 (low; bug #692649)
CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging Compon ...)
	NOT-FOR-US: WebSphere
CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: WebSphere
CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access Authentication impl ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allow ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl crea ...)
	- libpar-perl 1.005-1 (bug #650707)
	[squeeze] - libpar-perl 1.000-1+squeeze1
CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in  ...)
	NOT-FOR-US: Windows Server
CVE-2012-0697 (HP StorageWorks P2000 G3 MSA array systems have a default account, whi ...)
	NOT-FOR-US: HP StorageWorks
CVE-2012-0696 (Multiple cross-site scripting (XSS) vulnerabilities in the Executive V ...)
	NOT-FOR-US: IBM Cognos
CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before 17.0.963. ...)
	NOT-FOR-US: Google Chrome books
CVE-2012-0694 (SugarCRM CE &lt;= 6.3.1 contains scripts that use "unserialize()" with ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
	NOTE: http://seclists.org/bugtraq/2012/Jun/165
CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 al ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users to mod ...)
	NOT-FOR-US: CA License
CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly restric ...)
	NOT-FOR-US: CA License
CVE-2012-0690 (TIBCO Spotfire Web Application, Web Player Application, Automation Ser ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2012-0689 (The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric Activ ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2012-0688 (Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platfor ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2012-0687 (TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2. ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2012-0686
	RESERVED
CVE-2012-0685 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote  ...)
	NOT-FOR-US: XnView
CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote  ...)
	NOT-FOR-US: XnView
CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all  ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete attr ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0679 (Apple Safari before 6.0 allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0678 (Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 al ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...)
	NOT-FOR-US: Apple iTunes
CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state info ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require continue ...)
	NOT-FOR-US: Time Machine
CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the  ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0673
	RESERVED
CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ar ...)
	NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt
CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before 7. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x bef ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualiz ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized mem ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0653
	RESERVED
CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or netwo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 all ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in A ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows remo ...)
	NOT-FOR-US: VPN in Apple iOS
CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of ...)
	NOT-FOR-US: Siri
CVE-2012-0644 (Race condition in the Passcode Lock feature in Apple iOS before 5.1 al ...)
	NOT-FOR-US: Passcode Lock in Apple iOS
CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug syst ...)
	NOT-FOR-US: kernel in Apple iOS
CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to e ...)
	NOT-FOR-US: Apple iOS
CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request  ...)
	NOT-FOR-US: Apple iOS
CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement "From  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0638 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0637 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0636 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0635 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0634 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0633 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0632 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0631 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0630 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0629 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0628 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0627 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0626 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0625 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0624 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0623 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0622 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0621 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0620 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0619 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0618 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0617 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0616 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0615 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0614 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0613 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0612 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0611 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0610 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0609 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0608 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0607 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0606 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0605 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0604 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0603 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0602 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0601 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0600 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0599 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0598 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0597 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0596 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0595 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0594 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0593 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0592 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0591 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0590 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0589 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows  ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0583 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-0582 (Unspecified vulnerability in the Siebel Clinical component in Oracle I ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-0581 (Unspecified vulnerability in the Oracle Agile component in Oracle Supp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0580 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0579 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0578 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-0577 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0576 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0575 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0574 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-0573 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0572 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-0571 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0570 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...)
	NOT-FOR-US: Solaris
CVE-2012-0569 (Unspecified vulnerability Oracle Sun Solaris 10 allows local users to  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-0568 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows lo ...)
	NOT-FOR-US: Solaris
CVE-2012-0567 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0566 (Unspecified vulnerability in the Oracle Agile component in Oracle Supp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0565 (Unspecified vulnerability in the Oracle Agile component in Oracle Supp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0563 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0561 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0560 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0559 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0558 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2012-0557 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0556 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0555 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0553 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5 ...)
	{DSA-2780-1}
	- mysql-5.1 <removed> (bug #712059)
	- mysql-5.5 5.5.28+dfsg-1
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in Or ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers  ...)
	NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110
CVE-2012-0547 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-7 7u3-2.1.2-1 (low)
	- openjdk-6 6b24-1.11.4-1 (low)
CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0544 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0543 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0542 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier an ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #682212)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows lo ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0537 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0536 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0535 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0534 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0533 (Unspecified vulnerability in the PeopleSoft Enterprise FCSM component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0532 (Unspecified vulnerability in the Identity Manager component in Oracle  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0531 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0530 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0528 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in Oracl ...)
	- gridengine 6.2u5-7.1
	[squeeze] - gridengine <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.securityfocus.com/bid/53132
	NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0519 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0518 (Unspecified vulnerability in the Oracle Application Server Single Sign ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0517 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0516 (Unspecified vulnerability in the Oracle iPlanet Web Server component i ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2012-0515 (Unspecified vulnerability in the Identity Manager Connector component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0514 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0513 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0511 (Unspecified vulnerability in the OCI component in Oracle Database Serv ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0510 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0509 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0508 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0507 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: Replacement for misused CVE-2011-3571.
CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- openjdk-6 <not-affected> (Only applies to the Windows-specific update tool)
	- openjdk-7 <not-affected> (Only applies to the Windows-specific update tool)
	- sun-java6 <not-affected> (Only applies to the Windows-specific update tool)
CVE-2012-0503 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0502 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0501 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: OpenJDK browser plugin is a different code base.
CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK.
CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK.
CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0495 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0494 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0493 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0492 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0491 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0490 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0489 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0488 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0487 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0486 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0485 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0484 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0483
	RESERVED
CVE-2012-0482
	RESERVED
CVE-2012-0481
	RESERVED
CVE-2012-0480
	RESERVED
CVE-2011-5059 (Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote ...)
	NOT-FOR-US: Final Draft
CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 S ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thun ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla Firefo ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0476
	RESERVED
CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and Se ...)
	- icedove 10.0.4-1
	[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceweasel 12.0-1 (low; bug #703071)
	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	[wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceape <removed> (low)
	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	[wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell implementatio ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x  ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0472 (The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, F ...)
	- icedove <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x throug ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0470 (Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::Light ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0469 (Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRan ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0468 (The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5. ...)
	- icedove <not-affected> (Only affects Firefox 11 and above)
	- iceweasel <not-affected> (Only affects Firefox 11 and above)
	- iceape <not-affected> (Only affects Firefox 11 and above)
CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0466 (template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3 ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0465 (Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, a ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla Firefox  ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0463 (The nsWindow implementation in the browser engine in Mozilla Firefox b ...)
	- iceweasel <not-affected> (Only affects Firefox Mobile on Android)
CVE-2012-0462 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0460 (Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thun ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0459 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x b ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0457 (Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetwee ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4. ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x b ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0454 (Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Fire ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzi ...)
	- bugzilla <removed>
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0452 (Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Th ...)
	- icedove <not-affected> (Introduced in Thunderbird 10)
	- iceweasel 10.0.1-1
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Vulnerable version never uploaded to the archive)
CVE-2012-0451 (CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Fire ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (CSP introduced in Thunderbird 3.3)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (CSP introduced in Firefox 4)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (CSP introduced in Seamonkey 2.1)
CVE-2012-0450 (Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and  ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0449 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before  ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 10.0.3-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2012-0448 (Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7. ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0447 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaM ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0446 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0445 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaM ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0444 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before  ...)
	{DSA-2412-1 DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.3.2-1.2 (bug #664197)
	- icedove 10.0.3-1
	[lenny] - icedove <not-affected> (Vulnerable code not present)
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2012-0443 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0442 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 10.0.3-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security  ...)
	{DSA-2490-1}
	- nss 3.13.4-1
CVE-2012-0440 (Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugz ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0439 (An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 ...)
	NOT-FOR-US: GroupWise
CVE-2012-0438
	RESERVED
CVE-2012-0437
	RESERVED
CVE-2012-0436
	RESERVED
CVE-2012-0435 (SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify ...)
	NOT-FOR-US: YAST
CVE-2012-0434 (The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permission ...)
	NOT-FOR-US: Crowbar
CVE-2012-0433 (The install-chef-suse.sh script shipped with crowbar before 2012-10-02 ...)
	NOT-FOR-US: crowbar
CVE-2012-0432 (Stack-based buffer overflow in the Novell NCP implementation in NetIQ  ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0431
	RESERVED
CVE-2012-0430 (Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 a ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0429 (dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8. ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0428 (Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x b ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0427 (yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008. ...)
	NOT-FOR-US: inst-source-utils
CVE-2012-0426 (Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUS ...)
	NOT-FOR-US: SUSE Linux Enterprise for SAP Applications
CVE-2012-0425 (LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaS ...)
	NOT-FOR-US: SUSE YaST
CVE-2012-0424
	RESERVED
CVE-2012-0423
	RESERVED
CVE-2012-0422
	RESERVED
CVE-2012-0421 (The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager ...)
	NOT-FOR-US: SUSE Audit Log Keeper daemon
CVE-2012-0420 (zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6 ...)
	NOT-FOR-US: SUSE Zypper
CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces in Nove ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0418 (Unspecified vulnerability in the client in Novell GroupWise 8.0 before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0417 (Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWis ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0416
	RESERVED
CVE-2012-0415
	RESERVED
CVE-2012-0414 (Cross-site scripting (XSS) vulnerability in the Spacewalk service in S ...)
	NOT-FOR-US: SuSE extension to Spacewalk
CVE-2012-0413
	RESERVED
CVE-2012-0412
	RESERVED
CVE-2012-0411 (Unspecified vulnerability in Novell iPrint Client before 5.82 allows r ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWise bef ...)
	NOT-FOR-US: Groupwise
CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4. ...)
	NOT-FOR-US: EMC
CVE-2012-0408
	REJECTED
CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data Protection A ...)
	NOT-FOR-US: emc.com Data Protection Advisor
CVE-2012-0406 (The DPA_Utilities.cProcessAuthenticationData function in EMC Data Prot ...)
	NOT-FOR-US: emc.com Data Protection Advisor
CVE-2012-0405
	REJECTED
CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom befor ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0403 (Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 P ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0402 (EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded cre ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0401 (Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before  ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0400 (EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0399 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVisio ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session c ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6 ...)
	NOT-FOR-US: EMC RSA SecurID Software Token Converter
CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly e ...)
	NOT-FOR-US: EMC
CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before  ...)
	NOT-FOR-US: EMC
CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts bef ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 doe ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 does n ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 inter ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2011-5057 (Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces  ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash value ...)
	- maradns <not-affected> (Only affects 2.x, see #653838)
CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...)
	- maradns 1.4.09-1 (low)
	[squeeze] - maradns <no-dsa> (Minor issue)
CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function,  ...)
	- kdebase-workspace <unfixed> (unimportant)
	NOTE: the kcheckpass utility is not present in sid (still present in src package, will check with KDE maints)
	NOTE: Not exploitable without OpenPAM
CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar ...)
	NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755 . All products listed there are not part of Debian.
CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain  ...)
	- gnutls28 3.0.11-1
	- gnutls26 <not-affected> (lacks DTLS support and is not affected)
CVE-2012-0389 (Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in  ...)
	NOT-FOR-US: MailEnable Professional
CVE-2012-0388 (Memory leak in the H.323 inspection feature in the Zone-Based Firewall ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0387 (Memory leak in the HTTP Inspection Engine feature in the Zone-Based Fi ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0386 (The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0385 (The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allo ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x thr ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0383 (Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allow ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0382 (The Multicast Source Discovery Protocol (MSDP) implementation in Cisco ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0381 (The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 throu ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0380
	RESERVED
CVE-2012-0379
	RESERVED
CVE-2012-0378 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0377
	RESERVED
CVE-2012-0376 (The voice-sipstack component in Cisco Unified Communications Manager ( ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2012-0375
	RESERVED
CVE-2012-0374
	RESERVED
CVE-2012-0373
	RESERVED
CVE-2012-0372
	RESERVED
CVE-2012-0371 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6. ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0370 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6. ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0369 (Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0368 (The administrative management interface on Cisco Wireless LAN Controll ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0367 (Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-0366 (Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated  ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload applic ...)
	NOT-FOR-US: Cisco SRP 520 series devices
CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W- ...)
	NOT-FOR-US: Cisco SRP devices
CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...)
	NOT-FOR-US: Cisco SRP devices
CVE-2012-0362 (The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE  ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 throug ...)
	NOT-FOR-US: Cisco
CVE-2012-0360 (Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is ena ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...)
	NOT-FOR-US: Cisco Cius
CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf. ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0357
	RESERVED
CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances (AS ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-0351
	RESERVED
CVE-2012-0350
	RESERVED
CVE-2012-0349
	RESERVED
CVE-2012-0348
	RESERVED
CVE-2012-0347
	RESERVED
CVE-2012-0346
	RESERVED
CVE-2012-0345
	RESERVED
CVE-2012-0344
	RESERVED
CVE-2012-0343
	RESERVED
CVE-2012-0342
	RESERVED
CVE-2012-0341
	RESERVED
CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management interface o ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2012-0339 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also k ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0338 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also k ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco Unified Meet ...)
	NOT-FOR-US: Cisco
CVE-2012-0336
	RESERVED
CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2012-0334 (Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 ha ...)
	NOT-FOR-US: Cisco
CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and  ...)
	NOT-FOR-US: Cisco
CVE-2012-0332
	RESERVED
CVE-2012-0331 (Cisco TelePresence Video Communication Server with software before X7. ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-0330 (Cisco TelePresence Video Communication Server with software before X7. ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remot ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2012-0328 (Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain  ...)
	NOT-FOR-US: Janetter
CVE-2012-0327 (Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allow ...)
	- redmine 1.3.2+dfsg1-1
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: http://jvn.jp/en/jp/JVN93406632/
	NOTE: patch unclear: difficult to find the patch in 1.3.2 release
CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not prope ...)
	NOT-FOR-US: twicca application for Android
CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenk ...)
	- jenkins 1.424.6+dfsg-1
CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenk ...)
	- jenkins 1.424.6+dfsg-1
CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin be ...)
	NOT-FOR-US: Autocomplete plugin for SquirrelMail
CVE-2012-0322 (The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for  ...)
	NOT-FOR-US: EStrongs ES File Explorer
CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet Se ...)
	NOT-FOR-US: Kingsoft Internet Security 2011
CVE-2012-0320 (Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0319 (The file-management system in Movable Type before 4.38, 5.0x before 5. ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0318 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type be ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0317 (Multiple cross-site request forgery (CSRF) vulnerabilities in Movable  ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0316 (The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier ap ...)
	NOT-FOR-US: Cookpad
CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local  ...)
	NOT-FOR-US: ALFTP
CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the eAcc ...)
	NOT-FOR-US: eAccess Pocket WiFi
CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
	NOT-FOR-US: glucose
CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before  ...)
	NOT-FOR-US: osCommerce
CVE-2012-0311 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before  ...)
	NOT-FOR-US: osCommerce
CVE-2012-0310 (CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Casc ...)
	NOT-FOR-US: Cogent DataHub
CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and e ...)
	NOT-FOR-US: Cogent DataHub
CVE-2012-0308 (Cross-site request forgery (CSRF) vulnerability in Symantec Messaging  ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-0307 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messag ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-0306 (Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attacker ...)
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2012-0305 (Untrusted search path vulnerability in Symantec System Recovery 2011 b ...)
	NOT-FOR-US: Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5
CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ( ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in Brightma ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control Center  ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in Symante ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does not prop ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gate ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web Gate ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0296 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0295 (The Manager service in the management console in Symantec Endpoint Pro ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-0294 (Directory traversal vulnerability in the Manager service in the manage ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE Packag ...)
	NOT-FOR-US: Symantec Altiris WISE Package Studio
CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnyw ...)
	NOT-FOR-US: pcAnywhere
CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnyw ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0289 (Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x throug ...)
	NOT-FOR-US: Symantec Network Access Control
CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...)
	NOT-FOR-US: CoCSoft Stream Down
CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP Symposium  ...)
	NOT-FOR-US: Symposium plugin for Wordpress
CVE-2011-5050 (SQL injection vulnerability in corporate/Controller in Elitecore Techn ...)
	NOT-FOR-US: Elitecore Technologies Cyberoam UTM
CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to cause ...)
	NOT-FOR-US: MySQL on Windows
CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...)
	NOT-FOR-US: MailForm plugin for Movable Type
CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Montitorix
CVE-2004-2775
	RESERVED
CVE-2004-2774
	RESERVED
CVE-2004-2773
	RESERVED
CVE-2004-2772
	RESERVED
CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and BS ...)
	{DSA-3105-1 DLA-114-1}
	- heirloom-mailx 12.5-3.1 (bug #773417)
	- bsd-mailx 8.1.2-0.20071201cvs-1
	- mailx 1:8.1.2-0.20040524cvs-2 (bug #278748)
CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in t ...)
	- linux <not-affected> (Fixed before rename to src:linux)
	- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
	NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
CVE-2003-1602
	RESERVED
CVE-2003-1601
	RESERVED
CVE-2003-1600
	RESERVED
CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...)
	NOT-FOR-US: WordPress plugin wp-links
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...)
	- wordpress 1.0.1-1
CVE-2002-2444 (Snoopy before 2.0.0 has a security hole in exec cURL ...)
	- libphp-snoopy <not-affected> (affected version never was in the repo)
	NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
	NOTE: http://sourceforge.net/p/snoopy/bugs/13/
CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...)
	{DSA-2701-1}
	- krb5 1.10.1+dfsg-6 (bug #708267)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
	NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
CVE-2002-2442
	RESERVED
CVE-2002-2441
	RESERVED
CVE-2002-2440
	RESERVED
CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows atta ...)
	- gcc-4.1 <removed>
	[squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.3 <removed>
	[squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.4 <unfixed> (low)
	[squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	[wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.6 <unfixed> (low)
	[wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.7 <removed> (low; bug #710830)
	[wheezy] - gcc-4.7 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.8 4.8.0-1 (low)
	NOTE: Are there apps known to be exploitable through this?
	NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway?
	NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is
	NOTE: properly rebuild with a fixed version from the start
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
CVE-2002-2438
	RESERVED
	NOT-FOR-US: ancient linux 2.4 issue
CVE-2001-1592
	RESERVED
CVE-2001-1591
	RESERVED
CVE-2001-1590
	RESERVED
CVE-2001-1589
	RESERVED
CVE-2001-1588
	RESERVED
CVE-2000-1252
	RESERVED
CVE-2000-1251
	RESERVED
CVE-2000-1250
	RESERVED
CVE-2000-1249
	RESERVED
CVE-2000-1248
	RESERVED
CVE-1999-1598
	RESERVED
CVE-1999-1597
	RESERVED
CVE-1999-1596
	RESERVED
CVE-1999-1595
	RESERVED
CVE-1999-1594
	RESERVED
CVE-2012-0288
	RESERVED
CVE-2011-5048 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experie ...)
	NOT-FOR-US: IBM Web Experience Factory
CVE-2011-5047 (Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pf ...)
	NOT-FOR-US: pfSense
CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php in Wo ...)
	- wordpress 3.3.1+dfsg-1
	[squeeze] - wordpress <not-affected> (only 3.3.x vulnerable)
	[lenny] - wordpress <not-affected> (only 3.3.x vulnerable)
CVE-2012-0286 (Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwor ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNe ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-0284 (Stack-based buffer overflow in the SetSource method in the Cisco Links ...)
	NOT-FOR-US: Cisco
CVE-2012-0283 (Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList func ...)
	- dokuwiki 0.0.20120125b-1 (low; bug #683378)
	[squeeze] - dokuwiki <not-affected> (Vulnerable functionality not present, see #683378)
CVE-2012-0282 (Heap-based buffer overflow in XnView before 1.99 allows remote attacke ...)
	NOT-FOR-US: XnView
CVE-2012-0281
	RESERVED
CVE-2012-0280
	RESERVED
CVE-2012-0279 (Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Fu ...)
	NOT-FOR-US: Quest (quest.com) Toad
CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for I ...)
	NOT-FOR-US: IrfanView
CVE-2012-0277 (Heap-based buffer overflow in XnView before 1.99 allows remote attacke ...)
	NOT-FOR-US: XnView
CVE-2012-0276 (Multiple heap-based buffer overflows in XnView before 1.99 allow remot ...)
	NOT-FOR-US: XnView
CVE-2012-0275 (Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12. ...)
	NOT-FOR-US: Adobe Photoshop CS5
CVE-2012-0274
	RESERVED
CVE-2012-0273 (Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote at ...)
	NOT-FOR-US: MinaliC (Webserver)
CVE-2012-0272 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise  ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0270 (Multiple stack-based buffer overflows in Csound before 5.16.6 allow re ...)
	- csound 1:5.16.6~dfsg-1 (low; bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
	NOTE: http://secunia.com/secunia_research/2012-3/
	NOTE: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 throug ...)
	NOT-FOR-US: various Ichitaro products
CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows ...)
	NOT-FOR-US: NTR ActiveX control
CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control befor ...)
	NOT-FOR-US: NTR ActiveX control
CVE-2012-0265 (Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-5046 (The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode d ...)
	NOT-FOR-US: Microsoft Windows 7
CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in PHP Bo ...)
	NOT-FOR-US: PHP Booking Calendar 10e (not in Debian)
CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for  ...)
	NOT-FOR-US: SopCast (not in Debian)
CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: TomatoSoft Free Mp3 Player (not in Debian)
CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SA ...)
	NOT-FOR-US: SASHA (not in Debian)
CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1 ...)
	NOT-FOR-US: Pulse Pro CMS (not in Debian)
CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biz ...)
	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj all ...)
	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly  ...)
	NOT-FOR-US: hitAppoint (not in Debian)
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
	- libv8 3.6.6.14-2 (bug #653962)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
	{DSA-2783-1}
	- ruby-rack 1.4.0-1 (bug #653963)
	- librack-ruby <removed>
	NOTE: https://github.com/rack/rack/commit/5b9d09a81a9fdc9475f0ab0095cb2a33bf2a8f91
CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Se ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form parame ...)
	NOT-FOR-US: Apache Geronimo
CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security &amp; Fi ...)
	NOT-FOR-US: ConfigServer Security & Firewall
CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cau ...)
	NOT-FOR-US: WinMount
CVE-2011-5031 (Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalid ...)
	NOT-FOR-US: cApexWEB
CVE-2011-5030 (Cross-site scripting (XSS) vulnerability in the Meta tags quick module ...)
	NOT-FOR-US: Meta tags quick module for Drupal
CVE-2011-5029 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Sumple PHP Blog
CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in  ...)
	NOT-FOR-US: Novell Sentinel Log Manager
CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allow ...)
	- zabbix 1:1.8.10-1 (bug #652664)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in the addPost function in da ...)
	NOT-FOR-US: Winn Guestbook
CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki applic ...)
	- yaws 1.92-1 (low; bug #653966)
	[squeeze] - yaws <no-dsa> (Minor issue)
CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mai ...)
	NOT-FOR-US: ht://Dig integration for Mailman
CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows rem ...)
	NOT-FOR-US: Pligg CMS
CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows re ...)
	NOT-FOR-US: Pligg CMS
CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression Denia ...)
	- php-ids <itp> (bug #488848)
CVE-2011-5020 (An SQL Injection vulnerability exists in the ID parameter in Online TV ...)
	NOT-FOR-US: Online TV Database
CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...)
	- textpattern <unfixed> (low)
	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
CVE-2011-5018 (Koala Framework before 2011-11-21 has XSS via the request_uri paramete ...)
	NOT-FOR-US: Koala Framework
CVE-2011-5017
	RESERVED
CVE-2011-5016
	RESERVED
CVE-2011-5015
	RESERVED
CVE-2011-5014
	RESERVED
CVE-2011-5013
	RESERVED
CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7 ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Comme ...)
	NOT-FOR-US: xt:Commerce
CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows rem ...)
	NOT-FOR-US: Ctek SkyRouter
CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 S ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSy ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attacker ...)
	NOT-FOR-US: QQPlayer
CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier a ...)
	NOT-FOR-US: QuiXplorer
CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php in the  ...)
	NOT-FOR-US: Joomla extension
CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndex ...)
	NOT-FOR-US: Avid Media Composer
CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before 8.02 all ...)
	NOT-FOR-US: Final Draft
CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask function ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and e ...)
	- openssh 1:5.9p1-1
	[squeeze] - openssh 1:5.5p1-6+squeeze4
	NOTE: looking at the code an additional integer overflow check was added in at least 5.9
CVE-2011-4999
	REJECTED
CVE-2011-4998
	REJECTED
CVE-2011-4997
	REJECTED
CVE-2011-4996
	REJECTED
CVE-2011-4995
	REJECTED
CVE-2011-4994
	REJECTED
CVE-2011-4993
	REJECTED
CVE-2011-4992
	REJECTED
CVE-2011-4991
	REJECTED
CVE-2011-4990
	REJECTED
CVE-2011-4989
	REJECTED
CVE-2011-4988
	REJECTED
CVE-2011-4987
	REJECTED
CVE-2011-4986
	REJECTED
CVE-2011-4985
	REJECTED
CVE-2011-4984
	REJECTED
CVE-2011-4983
	REJECTED
CVE-2011-4982
	REJECTED
CVE-2011-4981
	REJECTED
CVE-2011-4980
	REJECTED
CVE-2011-4979
	REJECTED
CVE-2011-4978
	RESERVED
CVE-2011-4977
	RESERVED
CVE-2011-4976
	RESERVED
CVE-2011-4975
	RESERVED
CVE-2011-4974
	RESERVED
CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...)
	- libapache2-mod-nss 1.0.8-4 (low; bug #729626)
	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
	NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
	NOTE: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197
CVE-2011-4972 (hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not  ...)
	NOT-FOR-US: Drupal module
CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ( ...)
	{DSA-2832-1}
	- memcached 1.4.13-0.3 (bug #706426)
	NOTE: https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
CVE-2011-4970 (Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM)  ...)
	- lcgdm 1.8.6-1 (low; bug #702895)
	[wheezy] - lcgdm <no-dsa> (Minor issue)
	- dpm <removed>
	[squeeze] - dpm <no-dsa> (Minor issue)
CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when  ...)
	- jquery 1.6.4-1 (low; bug #699482)
	[squeeze] - jquery <no-dsa> (Minor issue)
	NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
	NOTE: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
CVE-2011-4968 (nginx http proxy module does not verify peer identity of https origin  ...)
	- nginx 1.9.1-1 (low; bug #697940)
	[jessie] - nginx <no-dsa> (Minor issue)
	[squeeze] - nginx <no-dsa> (Minor issue)
	[wheezy] - nginx <no-dsa> (Minor issue)
	NOTE: http://trac.nginx.org/nginx/ticket/13
	NOTE: Upstream commit: http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
CVE-2011-4967 (tog-Pegasus has a package hash collision DoS vulnerability ...)
	NOT-FOR-US: OpenPegasus
CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...)
	- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
	[squeeze] - freeradius <no-dsa> (Minor issue)
CVE-2011-4965
	REJECTED
CVE-2011-4964
	REJECTED
CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote  ...)
	- nginx <not-affected> (Only affects Nginx on Windows)
CVE-2011-4962 (code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x befor ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4961 (SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4960 (SQL injection vulnerability in the Folder::findOrMake method in Silver ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4959 (SQL injection vulnerability in the addslashes method in SilverStripe 2 ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4958 (Cross-site scripting (XSS) vulnerability in the process function in SS ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in WordPress ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 all ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
CVE-2011-4955 (Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in ...)
	NOT-FOR-US: wordpress bsuite plugin
CVE-2011-4954 (cobbler has local privilege escalation via the use of insecure locatio ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4953 (The set_mgmt_parameters function in item.py in cobbler before 2.2.2 al ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4952 (cobbler: Web interface lacks CSRF protection when using Django framewo ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware E ...)
	NOT-FOR-US: EGroupware
CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/tes ...)
	NOT-FOR-US: EGroupware
CVE-2011-4949 (SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/ ...)
	NOT-FOR-US: EGroupware
CVE-2011-4948 (Directory traversal vulnerability in admin/remote.php in EGroupware En ...)
	NOT-FOR-US: EGroupware
CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in e107_admin/users_ex ...)
	NOT-FOR-US: e107
CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 b ...)
	NOT-FOR-US: e107
CVE-2011-4945 (PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which  ...)
	- policykit-1 0.103-1
	[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ...)
	{DLA-25-1}
	- python2.7 2.7.3~rc2-2 (low; bug #650555)
	- python2.6 2.6.8-1 (unimportant; bug #615118)
	NOTE: Negligible impact
CVE-2011-4943 (ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed  ...)
	NOT-FOR-US: ImpressPages CMS
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in admin/configura ...)
	NOT-FOR-US: Geeklog
CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attac ...)
	- piwik <itp> (bug #506933)
CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...)
	{DLA-25-1}
	- python2.7 2.7.2-8 (unimportant)
	- python2.6 <unfixed> (unimportant; bug #664135)
	- python2.5 <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/11
	NOTE: This only affects IE7, which is inherently insecure anyway
CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...)
	- pidgin 2.10.2-1 (bug #664028)
	[squeeze] - pidgin <not-affected> (vulnerable code not present)
	NOTE: http://pidgin.im/news/security/?id=60
CVE-2011-4938 (Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 a ...)
	NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4936
	REJECTED
CVE-2011-4935
	REJECTED
CVE-2011-4934
	REJECTED
CVE-2011-4933
	REJECTED
CVE-2011-4932 (Eval injection vulnerability in ip_cms/modules/standard/content_manage ...)
	NOT-FOR-US: ImpressPages CMS not in Debian
CVE-2011-4931 (gpw generates shorter passwords than required ...)
	- gpw <unfixed> (unimportant; bug #651510)
	NOTE: This has only marginal security impact
CVE-2011-4930 (Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4,  ...)
	- condor <not-affected> (Fixed before initial release)
CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine  ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4928 (Cross-site scripting (XSS) vulnerability in the textile formatter in R ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4927 (Unspecified vulnerability in the bazaar repository adapter in Redmine  ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4926 (Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page ...)
	NOT-FOR-US: WordPress plugin Adminimize
CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource  ...)
	- torque <not-affected> (The version in Debian doesn't yet have MUNGE support)
CVE-2011-4924 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12,  ...)
	- zope2.12 2.12.22-1
	- zope3 <removed> (low)
	- zope2.10 <removed> (low)
	[lenny] - zope2.10 <no-dsa> (Minor issue)
	[lenny] - zope3 <no-dsa> (Minor issue)
	- zope2.11 <removed>
	- zope2.9 <removed>
	NOTE: http://openwall.com/lists/oss-security/2012/01/19/16
CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, ...)
	- backuppc 3.2.1-2 (bug #646865)
	[squeeze] - backuppc 3.1.0-9.1
CVE-2011-4922 (cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retain ...)
	- pidgin 2.7.11-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[squeeze] - pidgin <no-dsa> (Minor issue)
	NOTE: http://www.pidgin.im/news/security/?id=50
CVE-2011-4921 (SQL injection vulnerability in usersettings.php in e107 0.7.26, and po ...)
	NOT-FOR-US: e107
CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, an ...)
	NOT-FOR-US: e107
CVE-2011-4919 (mpack 1.6 has information disclosure via eavesdropping on mails sent b ...)
	- mpack 1.6-8 (low; bug #655971)
	[squeeze] - mpack <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
CVE-2011-4918 (Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009. ...)
	NOT-FOR-US: Elxis CMS, Aphrodite
CVE-2011-4917
	RESERVED
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4916
	RESERVED
CVE-2011-4915 (fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 doe ...)
	{DSA-2389-1}
	- linux-2.6 2.6.38-4
CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ker ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-4912 (Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified fi ...)
	NOT-FOR-US: Joomla!
CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allo ...)
	NOT-FOR-US: Joomla!
CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4908 (TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upl ...)
	NOT-FOR-US: Joomla!
CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...)
	NOT-FOR-US: Joomla!
CVE-2011-4906 (Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows fil ...)
	NOT-FOR-US: Joomla!
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
	- activemq 5.5.0+dfsg-5 (bug #655495)
CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2011-4898 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 al ...)
	NOT-FOR-US: Mini-Stream RM-MP3 Converter
CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service (daemon ou ...)
	- dhttpd <removed> (low; bug #533665)
	[squeeze] - dhttpd <no-dsa> (Minor issue)
	[lenny] - dhttpd <no-dsa> (Minor issue)
CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remot ...)
	NOT-FOR-US: Mini-Stream Ripper
CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a  ...)
	- apache2 2.2.15-3 (medium; bug #533661)
	- apache <removed> (medium; bug #533662)
	[lenny] - apache2 <no-dsa> (Minor issue)
CVE-2011-4904 (TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4903 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4902 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4901 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4900 (TYPO3 before 4.5.4 allows Information Disclosure in the backend. ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly manage sess ...)
	NOT-FOR-US: op5
CVE-2012-0263 (monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows ...)
	NOT-FOR-US: op5
CVE-2012-0262 (op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and  ...)
	NOT-FOR-US: op5
CVE-2012-0261 (license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appli ...)
	NOT-FOR-US: op5
CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0259 (The GetEXIFProperty function in magick/property.c in ImageMagick befor ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in the W ...)
	NOT-FOR-US: Invensys Wonderware Application Server
CVE-2012-0257 (Heap-based buffer overflow in the WWCabFile ActiveX component in the W ...)
	NOT-FOR-US: Invensys Wonderware Application Server
CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3. ...)
	- trafficserver 3.0.4-1
CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not pro ...)
	{DSA-2459-1}
	- quagga 0.99.20.1-1
CVE-2012-0254 (Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL Acti ...)
	NOT-FOR-US: Honeywell
CVE-2012-0253 (Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pl ...)
	NOT-FOR-US: Demand Media Pluck SiteLife
CVE-2012-0252
	RESERVED
CVE-2012-0251
	RESERVED
CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...)
	{DSA-2459-1}
	- quagga 0.99.20.1-1
CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c  ...)
	{DSA-2459-1}
	- quagga 0.99.20.1-1
CVE-2012-0248 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a den ...)
	{DSA-2427-1}
	- imagemagick 8:6.6.9.7-6 (low; bug #659339)
CVE-2012-0247 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a den ...)
	{DSA-2427-1}
	- imagemagick 8:6.6.9.7-6 (bug #659339)
CVE-2012-0246 (Directory traversal vulnerability in an unspecified ActiveX control in ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2012-0245 (Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Rob ...)
	NOT-FOR-US: ABB Robot Communications Runtime
CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/Bro ...)
	NOT-FOR-US: ActiveX
CVE-2012-0242 (Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0241 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cau ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0240 (GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not  ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0239 (uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not pr ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0238 (Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAcc ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0237 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0236 (Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers t ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin  ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0234 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAcce ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote Interfa ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-0231 (PRLicenseMgr.exe in the Proficy Server License Manager in GE Intellige ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
CVE-2012-0230 (PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platfor ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy Historia ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Historian
CVE-2012-0228 (Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not proper ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2012-0227 (Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in Component ...)
	NOT-FOR-US: Open Automation Software OPC Systems.NET
CVE-2012-0226 (SQL injection vulnerability in Invensys Wonderware Information Server  ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2012-0225 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware Inform ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 a ...)
	NOT-FOR-US: 7-Technologies (7T) AQUIS
CVE-2012-0223 (Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 ...)
	NOT-FOR-US: TERMIS
CVE-2012-0222 (The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Al ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley FactoryTalk
CVE-2012-0221 (The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Al ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley FactoryTalk
CVE-2011-4897 (Tor before 0.2.2.25-alpha, when configured as a relay without the Nick ...)
	- tor 0.2.2.27-beta-1 (unimportant)
CVE-2011-4896 (Tor before 0.2.2.24-alpha continues to use a reachable bridge that was ...)
	- tor 0.2.2.27-beta-1 (unimportant)
CVE-2011-4895 (Tor before 0.2.2.34, when configured as a bridge, sets up circuits thr ...)
	- tor 0.2.2.34-1 (unimportant)
CVE-2011-4894 (Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort  ...)
	- tor 0.2.2.34-1 (unimportant)
CVE-2011-4893
	REJECTED
CVE-2011-4892
	REJECTED
CVE-2011-4891
	REJECTED
CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows rem ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the Virtua ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-4888
	RESERVED
CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations Table in th ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-4886
	RESERVED
CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without rest ...)
	{DSA-2399-1}
	- php5 5.3.9-1 (low)
CVE-2011-4884
	RESERVED
CVE-2011-4883 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 doe ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4882 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 all ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4881 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 doe ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4880 (Directory traversal vulnerability in the web server in Certec atvise w ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4877 (HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 20 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4876 (Directory traversal vulnerability in HmiLoad in the runtime loader in  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4875 (Stack-based buffer overflow in HmiLoad in the runtime loader in Siemen ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4874 (Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows  ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4873 (Unspecified vulnerability in the server in Certec EDV atvise before 2. ...)
	NOT-FOR-US: Certec EDV atvise
CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, Gla ...)
	NOT-FOR-US: Android devices
CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows remote atta ...)
	NOT-FOR-US: opcsystems.com
CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...)
	NOT-FOR-US: Invensys Wonderware
CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly per ...)
	{DSA-2370-1}
	- unbound 1.4.14-1 (medium)
CVE-2011-4868 (The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when u ...)
	- isc-dhcp 4.2.2.dfsg.1-5 (low; bug #655746)
	[squeeze] - isc-dhcp <not-affected> (vulnerable code not present)
CVE-2011-4867 (The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android ...)
	NOT-FOR-US: Tencent QQPhoto (com.tencent.qqphoto) application
CVE-2011-4866 (The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for ...)
	NOT-FOR-US: Kaixin001 (com.kaixin001.activity) application
CVE-2011-4865 (The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 app ...)
	NOT-FOR-US: Tencent WBlog
CVE-2011-4864 (The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Androi ...)
	NOT-FOR-US: Tencent MobileQQ (com.tencent.mobileqq) application
CVE-2011-4863 (The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 fo ...)
	NOT-FOR-US: Tencent QQPimSecure (com.tencent.qqpimsecure) application
CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 throu ...)
	{DSA-2375-1 DSA-2373-1 DSA-2372-1}
	- heimdal 1.5.dfsg.1-1 (high)
	- inetutils 2:1.8-6 (high)
	- krb5 1.8+dfsg~aa+r23527-1 (high)
	- krb5-appl 1:1.0.1-1.2 (high; bug #654231)
	NOTE: krb5 fixed through move of code to krb5-appl.
CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric Quantum Ethe ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4860 (The ComputePassword function in the Schneider Electric Quantum Etherne ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the Quantum ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23  ...)
	{DSA-2401-1}
	- tomcat5 <removed>
	- tomcat6 6.0.35-1
	- tomcat7 7.0.26-1
CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5 ...)
	NOT-FOR-US: Winamp
CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before 2. ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5079 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entr ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensiti ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, Op ...)
	{DSA-2442-1}
	- openarena 0.8.5-6 (medium; bug #665656)
	- ioquake3 <not-affected> (fixed before upload)
	- tremulous 1.1.0-8 (bug #665842)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in  ...)
	- qt4-x11 4:4.6.3-1
	NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed
CVE-2009-5108
	REJECTED
CVE-2009-5107
	REJECTED
CVE-2009-5106
	RESERVED
CVE-2009-5105
	RESERVED
CVE-2009-5104
	RESERVED
CVE-2008-7308
	RESERVED
CVE-2008-7307
	RESERVED
CVE-2008-7306
	RESERVED
CVE-2008-7305
	RESERVED
CVE-2008-7304
	RESERVED
CVE-2007-6749
	RESERVED
CVE-2007-6748
	RESERVED
CVE-2007-6747
	RESERVED
CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a  ...)
	- telepathy-idle 0.1.15-1 (low; bug #706094)
	[wheezy] - telepathy-idle <no-dsa> (Minor issue)
	[squeeze] - telepathy-idle <no-dsa> (Minor issue)
CVE-2007-6745 (clamav 0.91.2 suffers from a floating point exception when using ScanO ...)
	- clamav 0.91.2-1~volatile1
	[etch] - clamav <not-affected> (Vulnerable code not present)
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2006-7251
	RESERVED
CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t  ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1
	NOTE: DSA addressed it in patch for CVE-2012-1165
CVE-2006-7249
	REJECTED
CVE-2006-7248
	REJECTED
CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component f ...)
	NOT-FOR-US: Joomla!
CVE-2005-4894
	RESERVED
CVE-2005-4893
	RESERVED
CVE-2005-4892
	RESERVED
CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...)
	NOT-FOR-US: Simple Machine Forum (SMF)
CVE-2011-4856 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sen ...)
	NOT-FOR-US: Plesk
CVE-2011-4855 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omi ...)
	NOT-FOR-US: Plesk
CVE-2011-4854 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...)
	NOT-FOR-US: Plesk
CVE-2011-4853 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 inc ...)
	NOT-FOR-US: Plesk
CVE-2011-4852 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 gen ...)
	NOT-FOR-US: Plesk
CVE-2011-4851 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 gen ...)
	NOT-FOR-US: Plesk
CVE-2011-4850 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...)
	NOT-FOR-US: Plesk
CVE-2011-4849 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...)
	NOT-FOR-US: Plesk
CVE-2011-4848 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 inc ...)
	NOT-FOR-US: Plesk
CVE-2011-4847 (SQL injection vulnerability in the Control Panel in Parallels Plesk Pa ...)
	NOT-FOR-US: Plesk
CVE-2011-4846
	RESERVED
CVE-2011-4845
	RESERVED
CVE-2011-4844
	RESERVED
CVE-2011-4843
	RESERVED
CVE-2011-4842
	RESERVED
CVE-2011-4841
	RESERVED
CVE-2011-4840
	RESERVED
CVE-2011-4839
	RESERVED
CVE-2011-4838 (JRuby before 1.6.5.1 computes hash values without restricting the abil ...)
	{DLA-209-1}
	- jruby 1.5.6-4 (low; bug #686867)
CVE-2012-0220 (Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin ...)
	{DSA-2474-1}
	- ikiwiki 3.20120516
CVE-2012-0219 (Heap-based buffer overflow in the xioscan_readline function in xio-rea ...)
	- socat 1.7.1.3-1.3 (low; bug #672994)
	[squeeze] - socat <no-dsa> (Minor issue)
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
CVE-2012-0218 (Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler  ...)
	{DSA-2501-1}
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-0217 (The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier,  ...)
	{DSA-2508-1 DSA-2501-1}
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
	- kfreebsd-8 8.3-4 (bug #677297)
	- kfreebsd-9 9.0-4 (bug #677298)
	- kfreebsd-10 10.0~svn237137-1 (bug #677299)
	NOTE: apparently this code is included in freebsd, xen, as well as
	NOTE: microsoft windows, which is also a part of this id assignment (and a
	NOTE: bit strangely the only os currently called out in the mitre description).
	NOTE: also affected the linux kernel, and was fixed 6 years earlier as CVE-2006-0744.
CVE-2012-0216 (The default configuration of the apache2 package in Debian GNU/Linux s ...)
	{DSA-2452-1}
	- apache2 2.2.22-4 (low)
CVE-2012-0215 (model/modelstorage.py in the Tryton application framework (trytond) be ...)
	{DSA-2444-1}
	- tryton-server 2.2.2-1 (medium)
CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Ad ...)
	- apt 0.8.15.10
	[squeeze] - apt <not-affected> (Vulnerable code not present)
	[lenny] - apt <not-affected> (Vulnerable code not present)
CVE-2012-0213 (The UnhandledDataStructure function in hwpf/model/UnhandledDataStructu ...)
	{DSA-2468-1}
	- libjakarta-poi-java <removed>
CVE-2012-0212 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11. ...)
	{DSA-2409-1}
	- devscripts 2.11.4
CVE-2012-0211 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11. ...)
	{DSA-2409-1}
	- devscripts 2.11.4
CVE-2012-0210 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11. ...)
	{DSA-2409-1}
	- devscripts 2.11.4
CVE-2012-0209 (Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edit ...)
	- horde3 3.3.12+debian0-2 (bug #660077)
	[squeeze] - horde3 <not-affected> (Introduced in 3.3.12)
	[lenny] - horde3 <not-affected> (Introduced in 3.3.12)
CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component in Oracl ...)
	{DSA-2472-1}
	- gridengine 6.2u5-6
	NOTE: http://www.securityfocus.com/bid/53123/info
	NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0207 (The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel b ...)
	- linux-2.6 3.1.8-2 (bug #654876)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2 ...)
	{DSA-2385-1}
	- pdns 3.0-1.1 (high)
CVE-2012-0205 (InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere  ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0204 (Untrusted search path vulnerability in InfoSphere Import Export Manage ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0203 (Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbe ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0202 (Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Ser ...)
	NOT-FOR-US: Admin Server in IBM Cognos TM1
CVE-2012-0201 (Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Persona ...)
	NOT-FOR-US: IBM Personal Communications
CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly i ...)
	NOT-FOR-US: IBM solidDB
CVE-2012-0199 (Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Mana ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2012-0198 (Stack-based buffer overflow in the RunAndUploadFile method in the Isig ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2012-0197
	RESERVED
CVE-2012-0196
	RESERVED
CVE-2012-0195 (Cross-site scripting (XSS) vulnerability in the Start Center Layout an ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2012-0194 (The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Se ...)
	NOT-FOR-US: AIX
CVE-2012-0193 (IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 befor ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library mo ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2012-0191 (The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP ...)
	NOT-FOR-US: IBM Lotus Expeditor
CVE-2012-0190 (Unspecified vulnerability in the Render method in the ExportHTML.ocx A ...)
	NOT-FOR-US: IBM SPSS Dimensions
CVE-2012-0189 (Multiple unspecified vulnerabilities in the (1) PrintFile and (2) Save ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-0188 (Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX ...)
	NOT-FOR-US: IBM SPSS Dimensions
CVE-2012-0187 (Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6 ...)
	NOT-FOR-US: IBM Lotus Expeditor
CVE-2012-0186 (Directory traversal vulnerability in the Eclipse Help component in IBM ...)
	NOT-FOR-US: IBM Lotus Expeditor
CVE-2011-4837 (Cross-site request forgery (CSRF) vulnerability in /ctrl in the web in ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4836 (Cross-site scripting (XSS) vulnerability in the web interface in HomeS ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4835 (Directory traversal vulnerability in the web interface in HomeSeer HS2 ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4834 (The GetInstalledPackages function in the configuration tool in HP Appl ...)
	NOT-FOR-US: HP Application Lifestyle Management
CVE-2011-4833 (Multiple SQL injection vulnerabilities in the Leads module in SugarCRM ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-4832 (Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Clas ...)
	NOT-FOR-US: CaupoShop
CVE-2011-4831 (Directory traversal vulnerability in webFileBrowser.php in Web File Br ...)
	NOT-FOR-US: Web File Browser
CVE-2011-4830 (Multiple cross-site scripting (XSS) vulnerabilities in the com_listing ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4829 (SQL injection vulnerability in the com_listing component in Barter Sit ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4828 (Unrestricted file upload vulnerability in includes/inline_image_upload ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4827 (Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4826 (SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0  ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4825 (Static code injection vulnerability in inc/function.base.php in Ajax F ...)
	NOT-FOR-US: Ajax File and Image Manager
CVE-2011-4824 (SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h a ...)
	{DSA-2384-1}
	- cacti 0.8.7i-1 (high; bug #652371)
CVE-2011-4823 (Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikreal ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4822 (Multiple cross-site scripting (XSS) vulnerabilities in the user profil ...)
	NOT-FOR-US: Atlassian FishEye
CVE-2011-4821 (Directory traversal vulnerability in the TFTP server in D-Link DIR-601 ...)
	NOT-FOR-US: D-Link router
CVE-2011-4820
	RESERVED
CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset M ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and A ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4816 (SQL injection vulnerability in the KPI component in IBM Maximo Asset M ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restri ...)
	{DLA-88-1}
	- ruby1.8 1.8.7.358-1
	- ruby1.9 <not-affected> (Includes randomisation of the hash function)
	- ruby1.9.1 <not-affected> (Includes randomisation of the hash function)
CVE-2012-0185 (Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 201 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-0184 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-0183 (Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for ...)
	NOT-FOR-US: Microsoft Word
CVE-2012-0182 (Microsoft Word 2007 SP2 and SP3 does not properly handle memory during ...)
	NOT-FOR-US: Microsoft Word
CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0179 (Double free vulnerability in tcpip.sys in Microsoft Windows Server 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0178 (Race condition in partmgr.sys in Windows Partition Manager in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0177 (Heap-based buffer overflow in the Office Works File Converter in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329  ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2012-0175 (The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0171 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0170 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0169 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0168 (Microsoft Internet Explorer 6 through 9 allows user-assisted remote at ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in Microsoft Off ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0166
	REJECTED
CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index values, whi ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0163 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0162 (Microsoft .NET Framework 4 does not properly allocate buffers, which a ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0161 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1,  ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0160 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1,  ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0158 (The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 Activ ...)
	NOT-FOR-US: Microsoft
CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0155 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0154 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft
CVE-2012-0153
	REJECTED
CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0151 (The Authenticode Signature Verification function in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2012-0147 (Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Upda ...)
	NOT-FOR-US: Microsoft
CVE-2012-0146 (Open redirect vulnerability in Microsoft Forefront Unified Access Gate ...)
	NOT-FOR-US: Microsoft
CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2012-0143 (Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handl ...)
	NOT-FOR-US: Microsoft
CVE-2012-0142 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...)
	NOT-FOR-US: Microsoft
CVE-2012-0141 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...)
	NOT-FOR-US: Microsoft
CVE-2012-0140
	REJECTED
CVE-2012-0139
	REJECTED
CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0137 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0136 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0135 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-0134 (Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include a com ...)
	NOT-FOR-US: HP ProCurve
CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...)
	NOT-FOR-US: HP Business Availability
CVE-2012-0131 (Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.1 ...)
	NOT-FOR-US: HP HP-UX
CVE-2012-0130 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to o ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2012-0129 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to b ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2012-0128 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to r ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows remote ...)
	NOT-FOR-US: HP Performance Manager
CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 ...)
	NOT-FOR-US: HP HP-UX
CVE-2012-0125 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 ...)
	NOT-FOR-US: HP HP-UX
CVE-2012-0124 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2012-0123 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2012-0122 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2012-0121 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2011-4814 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0  ...)
	- dolibarr 3.3.4-1 (low)
CVE-2011-4813 (Directory traversal vulnerability in clientarea.php in WHMCompleteSolu ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-4812 (Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro ...)
	NOT-FOR-US: BestShopPro
CVE-2011-4811 (SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows  ...)
	NOT-FOR-US: BestShopPro
CVE-2011-4810 (Multiple directory traversal vulnerabilities in WHMCompleteSolution (W ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-4809 (Multiple cross-site scripting (XSS) vulnerabilities in the HM Communit ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4808 (SQL injection vulnerability in the HM Community (com_hmcommunity) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4807 (Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and ...)
	NOT-FOR-US: phpAlbum
CVE-2011-4806 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in php ...)
	NOT-FOR-US: phpAlbum
CVE-2011-4805 (Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crys ...)
	NOT-FOR-US: SAP Crystal Report Server
CVE-2011-4804 (Directory traversal vulnerability in the obSuggest (com_obsuggest) com ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4803 (SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin  ...)
	NOT-FOR-US: WPTouch WordPress plugin
CVE-2011-4802 (Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probab ...)
	- dolibarr 3.3.4-1
CVE-2011-4801 (SQL injection vulnerability in akeyActivationLogin.do in Authenex Web  ...)
	NOT-FOR-US: Authenex Strong Authentication System
CVE-2011-4800 (Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2011-4799
	REJECTED
CVE-2011-4798
	REJECTED
CVE-2011-4797
	REJECTED
CVE-2011-4796
	REJECTED
CVE-2011-4795
	REJECTED
CVE-2011-4794
	REJECTED
CVE-2011-4793
	REJECTED
CVE-2011-4792
	REJECTED
CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier al ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, an ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP L ...)
	NOT-FOR-US: HP Diagnostics
CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP Stora ...)
	NOT-FOR-US: HP StorageWorks
CVE-2011-4787 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...)
	NOT-FOR-US: HP Easy Printer Care
CVE-2011-4786 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...)
	NOT-FOR-US: HP Easy Printer Care
CVE-2011-4785 (Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on  ...)
	NOT-FOR-US: HP-ChaiSOE/1.0 web server
CVE-2011-4784 (The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properl ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2011-4783 (The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted re ...)
	NOT-FOR-US: IDA Pro
CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFil ...)
	- phpmyadmin 4:3.4.9-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: unlikely exploitation scenario
CVE-2011-4781
	RESERVED
CVE-2011-4780 (Multiple cross-site scripting (XSS) vulnerabilities in libraries/displ ...)
	- phpmyadmin 4:3.4.9-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: unlikely exploitation scenario
CVE-2011-4779
	REJECTED
CVE-2011-4778 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4777 (Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteB ...)
	NOT-FOR-US: Plesk
CVE-2011-4776 (Multiple cross-site scripting (XSS) vulnerabilities in the Control Pan ...)
	NOT-FOR-US: Plesk
CVE-2011-4775
	RESERVED
CVE-2011-4774
	RESERVED
CVE-2011-5146 (Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users ...)
	- bokken 1.5-3 (bug #651931)
CVE-2012-0120 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0119 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0118 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0117 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0116 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0115 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0114 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0113 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0112 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0111 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 4.1.8-dfsg-1 (bug #659950)
	[squeeze] - virtualbox <not-affected> (Vulnerable code not present, see #659950)
CVE-2012-0110 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0109 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0108 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0107 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0106 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0105 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox-guest-additions-iso 4.1.8-1 (bug #659951)
	[squeeze] - virtualbox-guest-additions-iso <not-affected> (Vulnerable code not present, see #659950)
CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1  ...)
	- glassfish <not-affected> (Debian package only builds a few API elements)
CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Oracle Solaris Kernel
CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0098 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0097 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0096 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0095 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0094 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0093 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0092 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0091 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0090 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0089 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0088 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0087 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0086 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0085 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0084 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0083 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0082 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0081 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1  ...)
	- glassfish <not-affected> (Debian package only builds a few API elements)
CVE-2012-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0079 (Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote  ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2012-0078 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0077 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2012-0076 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0075 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0074 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0073 (Unspecified vulnerability in the Oracle Forms component in Oracle E-Bu ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0072 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0071 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-4773 (The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android do ...)
	NOT-FOR-US: AnGuanJia (com.anguanjia.safe) application
CVE-2011-4772 (The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android doe ...)
	NOT-FOR-US: 360 KouXin (com.qihoo360.kouxin) application
CVE-2011-4771 (The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for And ...)
	NOT-FOR-US: Scan to PDF Free (com.scan.to.pdf.trial) application
CVE-2011-4770 (The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not ...)
	NOT-FOR-US: QIWI Wallet (ru.mw) application
CVE-2011-4769 (The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2. ...)
	NOT-FOR-US: 360 MobileSafe (com.qihoo360.mobilesafe) application
CVE-2011-4768 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...)
	NOT-FOR-US: Plesk
CVE-2011-4767 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...)
	NOT-FOR-US: Plesk
CVE-2011-4766 (** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels  ...)
	NOT-FOR-US: Plesk
CVE-2011-4765 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...)
	NOT-FOR-US: Plesk
CVE-2011-4764 (Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor ...)
	NOT-FOR-US: Plesk
CVE-2011-4763 (Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBui ...)
	NOT-FOR-US: Plesk
CVE-2011-4762 (Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Ty ...)
	NOT-FOR-US: Plesk
CVE-2011-4761 (Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type hea ...)
	NOT-FOR-US: Plesk
CVE-2011-4760 (Parallels Plesk Small Business Panel 10.2.0 has web pages containing e ...)
	NOT-FOR-US: Plesk
CVE-2011-4759 (Parallels Plesk Small Business Panel 10.2.0 generates web pages contai ...)
	NOT-FOR-US: Plesk
CVE-2011-4758 (Parallels Plesk Small Business Panel 10.2.0 receives cleartext passwor ...)
	NOT-FOR-US: Plesk
CVE-2011-4757 (Parallels Plesk Small Business Panel 10.2.0 generates a password form  ...)
	NOT-FOR-US: Plesk
CVE-2011-4756 (Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPO ...)
	NOT-FOR-US: Plesk
CVE-2011-4755 (Parallels Plesk Small Business Panel 10.2.0 does not properly validate ...)
	NOT-FOR-US: Plesk
CVE-2011-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk ...)
	NOT-FOR-US: Plesk
CVE-2011-4753 (Multiple SQL injection vulnerabilities in Parallels Plesk Small Busine ...)
	NOT-FOR-US: Plesk
CVE-2011-4752 (SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type header ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4751 (SmarterTools SmarterStats 6.2.4100 generates web pages containing exte ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4750 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools Sm ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4749 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4748 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4747 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4746 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the billing sys ...)
	NOT-FOR-US: Plesk
CVE-2011-4744 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 se ...)
	NOT-FOR-US: Plesk
CVE-2011-4743 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 om ...)
	NOT-FOR-US: Plesk
CVE-2011-4742 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ha ...)
	NOT-FOR-US: Plesk
CVE-2011-4741 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 in ...)
	NOT-FOR-US: Plesk
CVE-2011-4740 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ge ...)
	NOT-FOR-US: Plesk
CVE-2011-4739 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ge ...)
	NOT-FOR-US: Plesk
CVE-2011-4738 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 do ...)
	NOT-FOR-US: Plesk
CVE-2011-4737 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 in ...)
	NOT-FOR-US: Plesk
CVE-2011-4736 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 re ...)
	NOT-FOR-US: Plesk
CVE-2011-4735 (Multiple cross-site scripting (XSS) vulnerabilities in the Control Pan ...)
	NOT-FOR-US: Plesk
CVE-2011-4734 (Multiple SQL injection vulnerabilities in the Control Panel in Paralle ...)
	NOT-FOR-US: Plesk
CVE-2011-4733 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4732 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4731 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4730 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4729 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4728 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4727 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4726 (Multiple cross-site scripting (XSS) vulnerabilities in the Server Admi ...)
	NOT-FOR-US: Plesk
CVE-2011-4725 (Multiple SQL injection vulnerabilities in the Server Administration Pa ...)
	NOT-FOR-US: Plesk
CVE-2011-4724
	RESERVED
CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which allows con ...)
	NOT-FOR-US: D-Link DIR-300 router
CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswi ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2011-4721
	RESERVED
CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Hillstone HS TFTP Server
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before 16.0.912. ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: Duplicate for chromebooks
CVE-2011-4718 (Session fixation vulnerability in the Sessions subsystem in PHP before ...)
	- php5 5.5.2+dfsg-1 (low)
	[wheezy] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
	NOTE: 5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows  ...)
	NOT-FOR-US: zFTPServer Suite
CVE-2011-4716 (Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1. ...)
	NOT-FOR-US: DreamBox
CVE-2011-4715 (Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha  ...)
	- koha <itp> (bug #389876)
CVE-2011-4714 (Directory traversal vulnerability in Virtual Vertex Muster before 6.20 ...)
	NOT-FOR-US: Virtual Vertex Muster
CVE-2011-4713 (Directory traversal vulnerability in catalog/content.php in osCSS2 2.1 ...)
	NOT-FOR-US: osCSS2
CVE-2011-4712 (Directory traversal vulnerability in Oxide WebServer allows remote att ...)
	NOT-FOR-US: Oxide
CVE-2011-4711 (Multiple directory traversal vulnerabilities in namazu.cgi in Namazu b ...)
	- namazu2 <not-affected> (Windows-specific issue)
CVE-2011-4710 (Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04  ...)
	NOT-FOR-US: Pixie CMS
CVE-2011-4709 (Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in t ...)
	NOT-FOR-US: Hotaru
CVE-2011-4708 (Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager ...)
	NOT-FOR-US: IBM Rational Asset Manager
CVE-2011-4707 (Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan  ...)
	NOT-FOR-US: SAP Netweaver
CVE-2011-4706
	RESERVED
CVE-2011-4705 (The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and  ...)
	NOT-FOR-US: Ming Blacklist Free (vc.software.blacklist) application
CVE-2011-4704 (The Voxofon (com.voxofon) application before 2.5.2 for Android does no ...)
	NOT-FOR-US: Voxofon (com.voxofon) application
CVE-2011-4703 (The Limit My Call (com.limited.call.view) application 2.11 for Android ...)
	NOT-FOR-US: Limit My Call (com.limited.call.view) application
CVE-2011-4702 (The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android doe ...)
	NOT-FOR-US: Nimbuzz (com.nimbuzz) application
CVE-2011-4701 (The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 ...)
	NOT-FOR-US: CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application
CVE-2011-4700 (The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 f ...)
	NOT-FOR-US: UberMedia UberSocial (com.twidroid) application
CVE-2011-4699 (The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11  ...)
	NOT-FOR-US: Ubermedia Twidroyd Legacy (com.twidroydlegacy) application
CVE-2011-4698 (The AndroidAppTools Easy Filter (com.phoneblocker.android) application ...)
	NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android)
CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2. ...)
	NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allow ...)
	NOT-FOR-US: Eye-Fi Helper
CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5. ...)
	NOT-FOR-US: Avast! Internet Security
CVE-2012-0785 (Hash collision attack vulnerability in Jenkins before 1.447, Jenkins L ...)
	- jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553)
	- jenkins-executable-war 1.25-1 (bug #655554)
	- jenkins 1.409.3+dfsg-2
CVE-2012-0070 (spamdyke prior to 4.2.1: STARTTLS reveals plaintext ...)
	NOT-FOR-US: spamdyke not in Debian
CVE-2012-0069 (SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows  ...)
	NOT-FOR-US: batavi not in Debian
CVE-2012-0068 (The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x  ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
CVE-2012-0067 (wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1. ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
CVE-2012-0066 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote att ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
CVE-2012-0065 (Heap-based buffer overflow in the receive_packet function in libusbmux ...)
	- usbmuxd 1.0.7-2 (medium; bug #656581)
	[lenny] - usbmuxd <not-affected> (introduced in 1.0.7)
	[squeeze] - usbmuxd <not-affected> (introduced in 1.0.7)
CVE-2012-0064 (xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB de ...)
	- xorg-server 2:1.11.3.901-2 (high; bug #656410)
	[squeeze] - xorg-server <not-affected> (introduced in 1.11)
	[lenny] - xorg-server <not-affected> (introduced in 1.11)
	NOTE: actually unfixed in experimental, not marked because of version numbering
CVE-2012-0063 (Insecure plugin update mechanism in tucan through 0.3.10 could allow r ...)
	- tucan <unfixed> (bug #656388)
	[squeeze] - tucan <no-dsa> (Minor issue)
CVE-2012-0062 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...)
	{DLA-140-1}
	- rpm 4.9.1.3-1 (bug #667031)
	[squeeze] - rpm <no-dsa> (Minor issue)
CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which allow ...)
	{DLA-140-1}
	- rpm 4.9.1.3-1 (bug #667031)
	[squeeze] - rpm <no-dsa> (Minor issue)
CVE-2012-0059 (Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 inc ...)
	NOT-FOR-US: RHN Satellite
CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3 ...)
	- linux-2.6 3.2.2-1
	[wheezy] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
	[squeeze] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
	[lenny] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
CVE-2012-0057 (PHP before 5.3.9 has improper libxslt security settings, which allows  ...)
	{DSA-2399-1}
	- php5 5.3.9-1 (bug #656308)
CVE-2012-0056 (The mem_write function in the Linux kernel before 3.2.2, when ASLR is  ...)
	- linux-2.6 3.2.1-2
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.39)
	NOTE: fix is http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc (queued for 3.3)
CVE-2012-0055 (OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10 ...)
	NOT-FOR-US: overlayfs is not (yet) in the Debian kernel
CVE-2012-0054 (libs/updater.py in GoLismero 0.6.3, and other versions before Git revi ...)
	NOT-FOR-US: golismero not in Debian
CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not pro ...)
	{DSA-2405-1}
	- apache2 2.2.22-1 (low)
CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-0051 (Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attacke ...)
	- tahoe-lafs <not-affected> (Only affects 1.9.0, not uploaded to the archive)
CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...)
	{DSA-2392-1}
	- openssl 1.0.0g-1
	NOTE: http://www.openssl.org/news/secadv/20120118.txt
CVE-2012-0049 (OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) t ...)
	{DSA-2524-1}
	- openttd 1.1.5-1 (low)
	NOTE: http://vcs.openttd.org/svn/changeset/23764
	NOTE: http://security.openttd.org/en/CVE-2012-0049
CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial  ...)
	NOTE: contacted MITRE, will be rejected
CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-0046 (mediawiki allows deleted text to be exposed ...)
	- mediawiki 1:1.15.5-6 (low; bug #655694)
	[squeeze] - mediawiki 1:1.15.5-2squeeze3
	[lenny] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM implement ...)
	{DSA-2443-1}
	- linux-2.6 3.2.2-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-0044 (Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu ...)
	- linux-2.6 3.1.5-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2012-0043 (Buffer overflow in the reassemble_message function in epan/dissectors/ ...)
	- wireshark 1.6.5-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
CVE-2012-0042 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2012-0041 (The dissect_packet function in epan/packet.c in Wireshark 1.4.x before ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
CVE-2012-0040 (Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie ...)
	{DSA-2387-1}
	- simplesamlphp 1.8.2-1
	NOTE: http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function i ...)
	- glib2.0 <unfixed> (unimportant; bug #655044)
CVE-2012-0038 (Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c ...)
	- linux-2.6 3.2.1-1
	[squeeze] - linux-2.6 2.6.32-41
CVE-2012-0037 (Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 ...)
	{DSA-2438-1}
	- raptor 1.4.21-7.1 (bug #677427)
CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special c ...)
	{DSA-2398-1}
	- curl 7.24.0-1
	[lenny] - curl <not-affected> (Only affects 7.20.0 to 7.23.1)
	NOTE: http://curl.haxx.se/docs/adv_20120124.html
CVE-2012-0035 (Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as u ...)
	- cedet <removed> (low; bug #655299)
	[squeeze] - cedet <no-dsa> (Minor issue)
	- emacs23 23.3+1-5 (low; bug #655300)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
CVE-2012-0034 (The NonManagedConnectionFactory in JBoss Enterprise Application Platfo ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2012-0033 (The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bounced ...)
	- znc 0.202-2
	[squeeze] - znc <not-affected> (Only affects 0.200 and 0.202)
	[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
CVE-2012-0032 (Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissi ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-0031 (scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow  ...)
	{DSA-2405-1}
	- apache2 2.2.22-1 (low)
CVE-2012-0030 (Nova 2011.3 and Essex, when using the OpenStack API, allows remote aut ...)
	- nova 2012.1~rc1-1
CVE-2012-0029 (Heap-based buffer overflow in the process_tx_desc function in the e100 ...)
	{DSA-2404-1 DSA-2396-1}
	- qemu-kvm 1.0+dfsg-5
	- xen-qemu-dm-4.0 <removed>
	[squeeze] - xen <not-affected> (vulnerable code not present)
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 (medium)
CVE-2012-0028 (The robust futex implementation in the Linux kernel before 2.6.28 does ...)
	- linux-2.6 2.6.32-1
CVE-2012-0027 (The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle inva ...)
	- openssl 1.0.0f-1
	[lenny] - openssl <not-affected> (no GOST support)
	[squeeze] - openssl <not-affected> (no GOST support)
CVE-2012-0026
	REJECTED
CVE-2012-0025 (Double free vulnerability in the Free_All_Memory function in jpeg/dect ...)
	NOT-FOR-US: libfpx
CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values  ...)
	- maradns 1.4.09-1
	[squeeze] - maradns <no-dsa> (Minor issue)
	[lenny] - maradns <no-dsa> (Minor issue)
	NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
CVE-2012-0023 (Double free vulnerability in the get_chunk_header function in modules/ ...)
	- vlc 1.1.13-1
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-0022 (Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7 ...)
	{DSA-2401-1}
	- tomcat5 <removed>
	- tomcat6 6.0.35-1
	- tomcat7 7.0.23-1
CVE-2012-0021 (The log_cookie function in mod_log_config.c in the mod_log_config modu ...)
	- apache2 2.2.22-1
	[squeeze] - apache2 <not-affected> (Introduced in 2.2.17)
	[lenny] - apache2 <not-affected> (Introduced in 2.2.17)
CVE-2011-4695 (Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is ins ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4694 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of dat ...)
	- chromium-browser 17.0.963.56~r121963-1 (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the tim ...)
	NOT-FOR-US: Opera
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of da ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-4688 (Mozilla Firefox 8.0.1 and earlier does not prevent capture of data abo ...)
	- iceweasel <removed> (unimportant)
CVE-2011-4687 (Opera before 11.60 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-4686 (Unspecified vulnerability in the Web Workers implementation in Opera b ...)
	NOT-FOR-US: Opera
CVE-2011-4685 (Dragonfly in Opera before 11.60 allows remote attackers to cause a den ...)
	NOT-FOR-US: Opera
CVE-2011-4684 (Opera before 11.60 does not properly handle certificate revocation, wh ...)
	NOT-FOR-US: Opera
CVE-2011-4683 (Unspecified vulnerability in Opera before 11.60 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2011-4682 (The JavaScript engine in Opera before 11.60 does not properly implemen ...)
	NOT-FOR-US: Opera
CVE-2011-4681 (Opera before 11.60 does not properly consider the number of . (dot) ch ...)
	NOT-FOR-US: Opera
CVE-2011-4680 (Multiple cross-site scripting (XSS) vulnerabilities in the customer po ...)
	NOT-FOR-US: vtiger CRM
CVE-2011-4679 (vtiger CRM before 5.3.0 does not properly recognize the disabled statu ...)
	NOT-FOR-US: vtiger CRM
CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3. ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly res ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly restrict ...)
	NOT-FOR-US: Opera
CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer 8.0 and e ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not properly rest ...)
	NOT-FOR-US: Safari
CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google Chrome 4 doe ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not ...)
	NOT-FOR-US: Opera
CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbi ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2002-2436 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox bef ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2002-2435 (The Cascading Style Sheets (CSS) implementation in Microsoft Internet  ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-4678 (The password reset feature in One Click Orgs before 1.2.3 generates di ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4677 (One Click Orgs before 1.2.3 does not have an off autocomplete attribut ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4676
	RESERVED
CVE-2011-4675 (The pathname canonicalization functionality in io/filesystem/filesyste ...)
	- widelands 1:15-3 (low)
	NOTE: Nearly a duplicate of CVE-2011-1932.
	NOTE: CVE's SPLIT decision is unclear.
CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, an ...)
	- zabbix 1:1.8.9-1 (bug #651225)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the Jetpack p ...)
	NOT-FOR-US: Jetpack plugin for Wordpress
CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earli ...)
	NOT-FOR-US: Valid tiny-erp, different from TinyERP, the former name of OpenERP
CVE-2011-4671 (SQL injection vulnerability in adrotate/adrotate-out.php in the AdRota ...)
	NOT-FOR-US: Adrorate plugin for Wordpress
CVE-2011-4670 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2. ...)
	NOT-FOR-US: vTiger CRM
CVE-2011-4669 (SQL injection vulnerability in wp-users.php in WordPress Users plugin  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...)
	NOT-FOR-US: Tivoli
CVE-2011-4667 (The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and  ...)
	NOT-FOR-US: Cisco
CVE-2011-4666
	RESERVED
CVE-2011-4665
	RESERVED
CVE-2011-4664
	RESERVED
CVE-2011-4663
	RESERVED
CVE-2011-4662
	RESERVED
CVE-2011-4661 (A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to ...)
	NOT-FOR-US: Cisco
CVE-2011-4660
	RESERVED
CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phon ...)
	NOT-FOR-US: Cisco TelePresence Software
CVE-2011-4658
	RESERVED
CVE-2011-4657
	RESERVED
CVE-2011-4656
	RESERVED
CVE-2011-4655
	RESERVED
CVE-2011-4654
	RESERVED
CVE-2011-4653
	RESERVED
CVE-2011-4652
	RESERVED
CVE-2011-4651
	RESERVED
CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive Logging Dur ...)
	NOT-FOR-US: Cisco
CVE-2011-4649
	RESERVED
CVE-2011-4648
	RESERVED
CVE-2011-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the story creat ...)
	NOT-FOR-US: Geeklog
CVE-2011-4646 (SQL injection vulnerability in wp-postratings.php in the WP-PostRating ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4645
	RESERVED
CVE-2011-4644 (Splunk 4.2.5 and earlier, when a Free license is selected, enables pot ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2. ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4642 (mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly  ...)
	NOT-FOR-US: Splunk Web
CVE-2003-1597
	RESERVED
CVE-2011-4641
	RESERVED
CVE-2011-4640 (Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan  ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4639 (The (1) Traceroute and (2) Ping implementations in tools.php in SpamTi ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4638 (Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3. ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4637
	RESERVED
CVE-2011-4636
	RESERVED
CVE-2011-4635
	RESERVED
CVE-2011-4634 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...)
	- phpmyadmin 4:3.4.8-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-4633
	RESERVED
CVE-2011-4632 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4631 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4630 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4629 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4628 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4627 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4626 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4625 (simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectl ...)
	{DSA-2330-1}
	- simplesamlphp 1.8.1-1
CVE-2011-4624 (Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND  ...)
	NOT-FOR-US: WordPress flash-album-gallery
CVE-2011-4623 (Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf. ...)
	- rsyslog 5.7.4-1
	[squeeze] - rsyslog <no-dsa> (Minor issue)
CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and p ...)
	{DSA-2389-1}
	- linux-2.6 3.1.8-1
CVE-2011-4621 (The Linux kernel before 2.6.37 does not properly implement a certain c ...)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.35)
CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...)
	{DSA-2425-1}
	- plib 1.8.5-5.1 (bug #654785)
CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before 0 ...)
	{DSA-2390-1}
	- openssl 1.0.0h-1
CVE-2011-4618 (Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanc ...)
	NOT-FOR-US: WordPress advanced-text-widget
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
	- python-virtualenv 1.6-1 (low; bug #652653)
	[lenny] - python-virtualenv <no-dsa> (Minor issue)
	[squeeze] - python-virtualenv 1.4.9-3squeeze1
CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro modu ...)
	- libhtml-template-pro-perl 0.9507-1 (low; bug #652587)
	[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1 ...)
	- zabbix 1:1.8.10-1 (bug #652664)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-4614 (PHP remote file inclusion vulnerability in Classes/Controller/Abstract ...)
	- typo3-src 4.5.9+dfsg1-1 (bug #652365)
	[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
	[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...)
	{DSA-2364-1}
	- xorg 1:7.6+10 (low; bug #652249)
	[lenny] - xorg <not-affected> (Introduced in 1:7.4~4)
CVE-2011-XXXX [X launcher doesn't drop group privileges]
	- xorg 1:7.6+10 (low)
	[squeeze] - xorg 1:7.5+8+squeeze1
	[lenny] - xorg <no-dsa> (potential privilege handling weakness, no known attack vector)
	NOTE: http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=commitdiff;h=e81b3943be75ca6674867fc7756905490e979522
CVE-2011-4612 (icecast before 2.3.3 allows remote attackers to inject control charact ...)
	- icecast2 2.3.3-1 (bug #652663)
	[lenny] - icecast2 <no-dsa> (Minor issue)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	[wheezy] - icecast2 2.3.2-9+deb7u2
CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in arch/powerpc/ ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-1
CVE-2011-4610 (JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1 ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 al ...)
	- eglibc 2.13-33 (low; bug #671478)
	[squeeze] - eglibc 2.11.3-4
CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4607 (PuTTY 0.59 through 0.61 does not clear sensitive process memory when m ...)
	- putty 0.62-1 (unimportant)
	[squeeze] - putty 0.60+2010-02-20-1+squeeze2
	NOTE: DSA-2736-1
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
	NOTE: Hardening measure, not a vulnerability
CVE-2011-4606 (Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 al ...)
	- rocksndiamonds 3.3.0.1+dfsg1-2.2 (bug #651620)
	[squeeze] - rocksndiamonds <no-dsa> (Contrib not supported)
	[lenny] - rocksndiamonds <no-dsa> (Contrib not supported)
CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invok ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4604 (The bat_socket_read function in net/batman-adv/icmp_socket.c in the Li ...)
	- batmand-adv-kernelland <removed>
	[squeeze] - batmand-adv-kernelland <not-affected> (Vulnerable code not present)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol plugin ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin b ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4600 (The networkReloadIptablesRules function in network/bridge_driver.c in  ...)
	- libvirt 0.9.9-1 (low)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/ul ...)
	{DSA-2397-1}
	- icu 4.8.1.1-3 (bug #654883)
CVE-2011-4598 (The handle_request_info function in channels/chan_sip.c in Asterisk Op ...)
	{DSA-2367-1}
	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-4597 (The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1 ...)
	{DSA-2367-1}
	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before  ...)
	- nova 2012.1~e1-4
CVE-2011-4595 (Pretty-Link WordPress plugin 1.5.2 has XSS ...)
	NOT-FOR-US: WordPress pretty-link plugin
CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel before  ...)
	- linux-2.6 3.1-1
	[squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
	[lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
CVE-2011-4593 (Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4592 (The command-line cron implementation in Moodle 2.0.x before 2.0.6 and  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4591 (Cross-site scripting (XSS) vulnerability in the print_object function  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4590 (The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4589 (backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4588 (The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x befor ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4587 (lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, a ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4586 (CRLF injection vulnerability in calendar/set.php in the Calendar subsy ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4585 (login/change_password.php in Moodle 1.9.x before 1.9.15 does not use h ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4584 (The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2 ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4583 (Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4582 (Open redirect vulnerability in the Calendar set page in Moodle 2.1.x b ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss E ...)
	NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in liba ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...)
	{DSA-2362-1}
	- acpid 1:2.0.11-1
CVE-2011-4577 (OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is  ...)
	- openssl 1.0.0f-1 (unimportant)
	NOTE: RFC 3779 support has not been enabled at compile time.
CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0 ...)
	{DSA-2390-1}
	- openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...)
	NOT-FOR-US: JMX Console
CVE-2011-4574
	RESERVED
CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly  ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
	NOT-FOR-US: CF Image Hosting Script
CVE-2011-4571 (SQL injection vulnerability in the Estate Agent (com_estateagent) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4570 (SQL injection vulnerability in the Time Returns (com_timereturns) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4569 (SQL injection vulnerability in userbarsettings.php in the Userbar plug ...)
	NOT-FOR-US: MyBB extension
CVE-2011-4568 (Cross-site scripting (XSS) vulnerability in view/frontend-head.php in  ...)
	NOT-FOR-US: Wordpress extension
CVE-2011-4567 (Cross-site scripting (XSS) vulnerability in includes/templates/templat ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...)
	{DSA-2399-1}
	- php5 5.3.9-1
CVE-2011-4565 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a,  ...)
	NOT-FOR-US: XOOPS
CVE-2011-4564 (Cross-site scripting (XSS) vulnerability in the admin script in Active ...)
	NOT-FOR-US: Active CMS
CVE-2011-4563 (Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4. ...)
	NOT-FOR-US: JAKCMS
CVE-2011-4562 (Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/ ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4561 (Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 ...)
	NOT-FOR-US: Phorum
CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node module 6 ...)
	NOT-FOR-US: Petition node module for Drupal
CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 ...)
	NOT-FOR-US: vTiger
CVE-2011-4558 (Tiki 8.2 and earlier allows remote administrators to execute arbitrary ...)
	- tikiwiki <removed>
	NOTE: http://dev.tiki.org/item4059
	NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
CVE-2011-4557
	RESERVED
CVE-2011-4556
	RESERVED
CVE-2011-4555 (One Click Orgs before 1.2.3 does not require unique e-mail addresses f ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4554 (One Click Orgs before 1.2.3 allows remote authenticated users to trigg ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4553 (Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3  ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4552 (Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs  ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4551 (Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in Tik ...)
	- tikiwiki <removed>
CVE-2011-4550
	RESERVED
CVE-2011-4549
	RESERVED
CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depen ...)
	NOT-FOR-US: Virtual War
CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in  ...)
	NOT-FOR-US: Virtual War
CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers t ...)
	NOT-FOR-US: Virtual War
CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (ak ...)
	NOT-FOR-US: Virtual War
CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) 1 ...)
	NOT-FOR-US: Virtual War
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before 16.0.912. ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: duplicate for chromebooks
CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in includes/templa ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4546
	RESERVED
CVE-2011-4545 (CRLF injection vulnerability in admin/displayImage.php in Prestashop 1 ...)
	NOT-FOR-US: Prestashop
CVE-2011-4544 (Multiple cross-site scripting (XSS) vulnerabilities in Prestashop befo ...)
	NOT-FOR-US: Prestashop
CVE-2011-4543 (Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow ...)
	NOT-FOR-US: osCommerce
CVE-2011-4542 (Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitra ...)
	- hastymail <removed>
CVE-2011-4541 (Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2. ...)
	- hastymail <removed>
CVE-2011-4540 (Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (ak ...)
	- atmailopen <removed>
CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 do ...)
	{DSA-2519-2 DSA-2519-1}
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to ...)
	NOT-FOR-US: Lexmark
CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...)
	NOT-FOR-US: 7-Technologies IGSS
CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka H ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-4535 (Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ...)
	NOT-FOR-US: TurboPower Abbrevia
CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows rem ...)
	NOT-FOR-US: COPA-DATA
CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows r ...)
	NOT-FOR-US: COPA-DATA
CVE-2011-4532 (Absolute path traversal vulnerability in the ALMListView.ALMListCtrl A ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allo ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4530 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4529 (Multiple buffer overflows in Siemens Automation License Manager (ALM)  ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory during pro ...)
	{DSA-2370-1}
	- unbound 1.4.14-1 (medium)
CVE-2011-4527
	RESERVED
CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess  ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to tri ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remo ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/Br ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/B ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4520 (Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTI ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4519 (Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOT ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4518 (Directory traversal vulnerability in the PmWebDir object in the web se ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.90 ...)
	{DSA-2371-1}
	- jasper 1.900.1-13 (bug #652649)
	- ghostscript 8.64~dfsg-2
	NOTE: ghostscript using system jasper since this version
CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in lib ...)
	{DSA-2371-1}
	- jasper 1.900.1-13 (bug #652649)
	- ghostscript 8.64~dfsg-2
	NOTE: ghostscript using system jasper since this version
CVE-2011-4515 (Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4512 (CRLF injection vulnerability in the HMI web server in Siemens WinCC fl ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4511 (Cross-site scripting (XSS) vulnerability in the HMI web server in Siem ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4510 (Cross-site scripting (XSS) vulnerability in the HMI web server in Siem ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4509 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 200 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4508 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 200 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products kleinanzeigen ...)
	NOT-FOR-US: MH Products kleinanzeigenmarkt
CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote att ...)
	NOT-FOR-US: RSStatic
CVE-2010-5060 (SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows r ...)
	NOT-FOR-US: NUs Newssystem
CVE-2010-5059 (SQL injection vulnerability in index.php in CMScout 2.0.8 allows remot ...)
	NOT-FOR-US: CMScout
CVE-2010-5058 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 al ...)
	NOT-FOR-US: CMS Ariadna
CVE-2010-5057 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 al ...)
	NOT-FOR-US: CMS Ariadna
CVE-2010-5056 (SQL injection vulnerability in the GBU Facebook (com_gbufacebook) comp ...)
	NOT-FOR-US: GBU Facebook
CVE-2010-5055 (SQL injection vulnerability in index.php in Almnzm 2.1 allows remote a ...)
	NOT-FOR-US: Almnzm
CVE-2010-5054 (Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki b ...)
	NOT-FOR-US: JAMWiki
CVE-2010-5053 (SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5052 (Cross-site scripting (XSS) vulnerability in admin/components.php in Ge ...)
	NOT-FOR-US: GetSimple CMS
CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php  ...)
	NOT-FOR-US: razorCMS
CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_sha ...)
	NOT-FOR-US: ManageEngine ADManager Plus
CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier  ...)
	- zabbix  1:1.8.2-1
CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script  ...)
	NOT-FOR-US: V-EVA Press Release Script
CVE-2010-5046 (Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows ...)
	NOT-FOR-US: ecoCMS
CVE-2011-4507 (The D-Link DIR-685 router, when certain WPA and WPA2 configurations ar ...)
	NOT-FOR-US: D-Link DIR-685 router
CVE-2011-4506 (The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 wit ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4505 (The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware be ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4504 (The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyX ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4503 (The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 al ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4502 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K  ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4501 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K  ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4500 (The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4499 (The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Li ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4498 (Cross-site request forgery (CSRF) vulnerability in the web console in  ...)
	NOT-FOR-US: Zenprise Device Manager
CVE-2011-4497 (QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4 ...)
	NOT-FOR-US: Asus device
CVE-2011-4496 (Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers ...)
	NOT-FOR-US: Aviosoft DTV Player
CVE-2011-4495
	RESERVED
CVE-2011-4494
	RESERVED
CVE-2011-4493
	RESERVED
CVE-2011-4492
	RESERVED
CVE-2011-4491
	RESERVED
CVE-2011-4490
	RESERVED
CVE-2011-4489
	RESERVED
CVE-2011-4488
	RESERVED
CVE-2011-4487 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-4486 (Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-4485
	RESERVED
CVE-2011-4484
	RESERVED
CVE-2011-4483
	RESERVED
CVE-2011-4482
	RESERVED
CVE-2011-4481
	RESERVED
CVE-2011-4480
	RESERVED
CVE-2011-4479
	RESERVED
CVE-2011-4478
	RESERVED
CVE-2011-4477
	RESERVED
CVE-2011-4476
	RESERVED
CVE-2011-4475
	RESERVED
CVE-2011-4474
	RESERVED
CVE-2011-4473
	RESERVED
CVE-2011-4472
	RESERVED
CVE-2011-4471
	RESERVED
CVE-2011-4470
	RESERVED
CVE-2011-4469
	RESERVED
CVE-2011-4468
	RESERVED
CVE-2011-4467
	RESERVED
CVE-2011-4466
	RESERVED
CVE-2011-4465 (Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect ( ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2011-4464
	RESERVED
CVE-2011-4463
	RESERVED
CVE-2011-4462 (Plone 4.1.3 and earlier computes hash values for form parameters witho ...)
	- plone3 <removed>
CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form parameters w ...)
	- jetty 6.1.26-1
	[squeeze] - jetty <no-dsa> (Minor issue)
CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 doe ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and  ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when J ...)
	NOT-FOR-US: OWASP HTML Sanitizer
CVE-2011-4456
	REJECTED
CVE-2011-4455 (Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier  ...)
	- tikiwiki <removed>
	NOTE: http://secunia.com/advisories/46740/
CVE-2011-4454 (Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earl ...)
	- tikiwiki <removed>
	NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
	- pmwiki <itp> (bug #330117)
CVE-2011-4452 (Cross-site request forgery (CSRF) vulnerability in the AdminUsers comp ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4451 (** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4450 (Directory traversal vulnerability in handlers/files.xml/files.xml.php  ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4449 (actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MO ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php i ...)
	NOT-FOR-US: WikkaWiki
CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-4447 (The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0. ...)
	- bitcoin 0.5.1-1
CVE-2011-4446
	RESERVED
CVE-2011-4445
	RESERVED
CVE-2011-4444
	RESERVED
CVE-2011-4443
	RESERVED
CVE-2011-4442
	RESERVED
CVE-2011-4441
	RESERVED
CVE-2011-4440
	RESERVED
CVE-2011-4439
	RESERVED
CVE-2011-4438
	RESERVED
CVE-2011-4437
	RESERVED
CVE-2012-0020 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0019 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0018 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate at ...)
	NOT-FOR-US: Microsoft Visio
CVE-2012-0017 (Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; Ex ...)
	NOT-FOR-US: Microsoft Expression Design
CVE-2012-0015 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate ...)
	NOT-FOR-US: Microsoft
CVE-2012-0014 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 befo ...)
	NOT-FOR-US: Microsoft
CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configurati ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0012 (Microsoft Internet Explorer 9 does not properly handle the creation an ...)
	NOT-FOR-US: Microsoft
CVE-2012-0011 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft
CVE-2012-0010 (Microsoft Internet Explorer 6 through 9 does not properly perform copy ...)
	NOT-FOR-US: Microsoft
CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager con ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0008 (Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP ...)
	NOT-FOR-US: Microsoft Visual Studio 2008
CVE-2012-0007 (The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0  ...)
	NOT-FOR-US: Microsoft Anti-Cross Site Scripting Library
CVE-2012-0006 (The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Window ...)
	NOT-FOR-US: DirectX
CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library i ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4436 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4435 (The web-server component in the Consolidation and Analysis Engine (CAE ...)
	NOT-FOR-US: IBM DB2
CVE-2011-4434 (Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4433
	REJECTED
CVE-2011-4432 (www/include/configuration/nconfigObject/contact/DB-Func.php in Merethi ...)
	NOT-FOR-US: Merethis Centreon
CVE-2011-4431 (Directory traversal vulnerability in main.php in Merethis Centreon bef ...)
	NOT-FOR-US: Merethis Centreon
CVE-2011-4430
	REJECTED
CVE-2011-4429
	REJECTED
CVE-2011-4428
	REJECTED
CVE-2011-4427
	REJECTED
CVE-2011-4426
	REJECTED
CVE-2011-4425
	REJECTED
CVE-2011-4424
	REJECTED
CVE-2011-4423
	REJECTED
CVE-2011-4422
	REJECTED
CVE-2011-4421
	REJECTED
CVE-2011-4420
	REJECTED
CVE-2011-4419
	REJECTED
CVE-2011-4418
	REJECTED
CVE-2011-4417
	REJECTED
CVE-2011-4416
	REJECTED
CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0 ...)
	- apache2 2.4.1-1 (unimportant)
	NOTE: apache2 does not protect or claim to protect against DoS through .htaccess
CVE-2011-4414
	REJECTED
CVE-2011-4413
	REJECTED
CVE-2011-4412
	REJECTED
CVE-2011-4411
	REJECTED
CVE-2011-4410
	REJECTED
CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LT ...)
	NOT-FOR-US: Ubuntu One
CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11. ...)
	- ubuntu-sso-client <removed> (bug #680492)
CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the s ...)
	- software-properties 0.76.7debian2+nmu2
	[squeeze] - software-properties <not-affected> (Vulnerable code not present)
	[lenny] - software-properties <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210/
CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does n ...)
	- accountsservice 0.6.15-3
CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 1 ...)
	- system-config-printer 1.3.7-1 (low; bug #651204)
	[squeeze] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere Updat ...)
	- jetty 6.1.19-1 (low; bug #528389)
	NOTE: duplicate of CVE-2009-1523
CVE-2011-4403 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4402
	REJECTED
CVE-2011-4401
	REJECTED
CVE-2011-4400
	REJECTED
CVE-2011-4399
	REJECTED
CVE-2011-4398
	REJECTED
CVE-2011-4397
	REJECTED
CVE-2011-4396
	REJECTED
CVE-2011-4395
	REJECTED
CVE-2011-4394
	REJECTED
CVE-2011-4393
	REJECTED
CVE-2011-4392
	REJECTED
CVE-2011-4391
	REJECTED
CVE-2011-4390
	REJECTED
CVE-2011-4389
	REJECTED
CVE-2011-4388
	REJECTED
CVE-2011-4387
	REJECTED
CVE-2011-4386
	REJECTED
CVE-2011-4385
	REJECTED
CVE-2011-4384
	REJECTED
CVE-2011-4383
	REJECTED
CVE-2011-4382
	REJECTED
CVE-2011-4381
	REJECTED
CVE-2011-4380
	REJECTED
CVE-2011-4379
	REJECTED
CVE-2011-4378
	REJECTED
CVE-2011-4377
	REJECTED
CVE-2011-4376
	REJECTED
CVE-2011-4375
	REJECTED
CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows atta ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acr ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development Service ...)
	NOT-FOR-US: Adobe Cold Fusion
CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer Fac ...)
	- mojarra <not-affected> (The Debian package only ships some API classes)
CVE-2011-4366
	REJECTED
CVE-2011-4365
	REJECTED
CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5. ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when T ...)
	- libproc-processtable-perl 0.45-6 (low; bug #650500)
	[squeeze] - libproc-processtable-perl 0.45-1+squeeze1
CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP aut ...)
	{DSA-2368-1}
	- lighttpd 1.4.30-1 (low; bug #652726)
	NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
	NOTE: http://redmine.lighttpd.net/issues/2370
	NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package
CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission before hand ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-4 (bug #650434)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page tit ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-4 (bug #650434)
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions]
	REJECTED
CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1  ...)
	{DSA-2359-1}
	- mojarra 2.0.3-2 (bug #650430)
CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in python/neo_ ...)
	{DSA-2355-1}
	- clearsilver 0.10.5-1.3 (bug #649322)
CVE-2011-4356 (Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4. ...)
	- celery 2.4.6-1
	- django-celery <not-affected> (Vulnerable code not present)
CVE-2011-4355 (GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defi ...)
	- gdb 7.6-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=HEAD (lists "auto-load safe-path" under "Changes in GDB 7.5")
CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as u ...)
	{DSA-2390-1}
	- openssl 0.9.8o-4squeeze3 (bug #650621)
CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
CVE-2011-4352 (Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c ...)
	- libav 4:0.7.3-1
	- ffmpeg <not-affected> (Was introduced in 0.6)
	- ffmpeg-debian <not-affected> (Was introduced in 0.6)
	NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x befo ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way certain U ...)
	- yaws 1.91-2 (bug #650009)
	[lenny] - yaws <not-affected> (Vulnerable code not present)
	[squeeze] - yaws <not-affected> (Vulnerable code not present)
CVE-2011-4349 (Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2)  ...)
	- colord 0.1.15-1 (medium; bug #650021)
CVE-2011-4348 (Race condition in the sctp_rcv function in net/sctp/input.c in the Lin ...)
	- linux-2.6 <not-affected> (Incomplete fix for RHEL5-specific backport regression)
	NOTE: incomplete fix for CVE-2011-2482
CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in  ...)
	{DSA-2443-1}
	- linux-2.6 <removed>
CVE-2011-4346 (Cross-site scripting (XSS) vulnerability in the web interface in Red H ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when ...)
	- namazu2 2.0.21-1 (low)
	[squeeze] - namazu2 <no-dsa> (Minor issue)
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...)
	- jenkins-winstone 0.9.10-jenkins-29+dfsg-1  (bug #649900)
CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...)
	NOT-FOR-US: Apache MyFaces
CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4341 (Multiple SQL injection vulnerabilities in symphony/content/content.pub ...)
	NOT-FOR-US: Symphony CMS
CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...)
	NOT-FOR-US: Symphony CMS
CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmito ...)
	{DSA-2376-2 DSA-2376-1}
	- ipmitool 1.8.11-5 (bug #651917)
CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.con ...)
	NOT-FOR-US: Arch-Linux specific tool
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...)
	NOT-FOR-US: Tiki Wiki
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...)
	NOT-FOR-US: Contao
CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded  ...)
	NOT-FOR-US: LabWiki
CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...)
	NOT-FOR-US: LabWiki
CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 a ...)
	NOT-FOR-US: Joomla!
CVE-2011-4331
	REJECTED
CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/tran ...)
	- linux-2.6 3.1.4-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0  ...)
	- dolibarr 3.3.4-1 (low)
CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ( ...)
	{DSA-2435-1}
	- gnash 0.8.10-1 (low; bug #649384)
CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platfo ...)
	- openssh <not-affected> (Only affects platforms w/o /dev/random)
	NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel b ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-40
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4325 (The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain ...)
	- linux-2.6 2.6.32-1
CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kern ...)
	- linux-2.6 <not-affected> (RHEL5-specific backport error)
CVE-2011-4323
	REJECTED
CVE-2011-4322 (websitebaker prior to and including 2.8.1 has an authentication error  ...)
	NOT-FOR-US: websitebaker
CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alp ...)
	- ejabberd 2.1.9-1 (low)
	[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file)
	NOTE: https://support.process-one.net/browse/EJAB-1498
CVE-2011-4319 (Cross-site scripting (XSS) vulnerability in the i18n translations help ...)
	- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-4318 (Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostn ...)
	- dovecot 1:2.0.18-1 (unimportant; bug #649511)
	NOTE: Additional hardening
CVE-2011-4317 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...)
	{DSA-2405-1}
	- apache2 2.2.21-3
	NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
CVE-2011-4316 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in cert ...)
	NOT-FOR-US: ovirt
	NOTE: While the Red Hat advisory refers to SPICE, this is a vulnerability in
	NOTE: the server-side ovirt logic (contacted Red Hat for clarification)
CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in core/n ...)
	- nginx 1.1.8-1 (low)
	[squeeze] - nginx 0.7.67-3+squeeze1
	[lenny] - nginx <no-dsa> (Minor issue)
	NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used i ...)
	- openid4java 0.9.6.662-1
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9 ...)
	{DSA-2347-1}
	- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commenting  ...)
	NOT-FOR-US: Review Board
CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys,  ...)
	NOT-FOR-US: ResourceSpace
CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers to cor ...)
	- cmsms <itp> (bug #608888)
CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4308 (mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5,  ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2011-4307 (Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4306 (Cross-site scripting (XSS) vulnerability in course/editsection.html in ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4305 (message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authen ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4304 (The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4303 (lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4302 (mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x be ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4301 (The MoodleQuickForm class in the Forms Library in lib/formslib.php in  ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4300 (The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x befo ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4299 (Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Mo ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4298 (Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4297 (comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 do ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4296 (lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4295 (The moodle_enrol_external:role_assign function in enrol/externallib.ph ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4294 (The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x b ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4293 (The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4292 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4291 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4290 (Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php  ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4289 (Moodle 2.0.x before 2.0.3 does not recognize the configuration setting ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4288 (Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly im ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4287 (admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4286 (Multiple cross-site scripting (XSS) vulnerabilities in the media-filte ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4285 (The default configuration of Moodle 2.0.x before 2.0.2 has an incorrec ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4284 (Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4283 (Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterp ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4282 (Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4281 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4280 (Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4279 (Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4278 (Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7 ...)
	NOT-FOR-US: CourseForum
CVE-2011-4276 (The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) ...)
	NOT-FOR-US: Android
CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Op ...)
	NOT-FOR-US: IT Operations Portal
CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobil ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserv ...)
	NOT-FOR-US: GoAhead Webserver
CVE-2011-4272
	REJECTED
CVE-2011-4271
	REJECTED
CVE-2011-4270
	REJECTED
CVE-2011-4269
	REJECTED
CVE-2011-4268
	REJECTED
CVE-2011-4267
	REJECTED
CVE-2011-4266 (Untrusted search path vulnerability in FFFTP before 1.98d allows local ...)
	NOT-FOR-US: FFFTP
CVE-2011-4265 (Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 al ...)
	NOT-FOR-US: phpWebSite
CVE-2011-4264 (Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows  ...)
	NOT-FOR-US: Etomite
CVE-2011-4263 (Cross-site scripting (XSS) vulnerability in Schneider Electric PowerCh ...)
	NOT-FOR-US: Schneider Electric PowerChute Business Edition
CVE-2010-5045 (Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart  ...)
	NOT-FOR-US: Smart ASP Survey
CVE-2010-5044 (SQL injection vulnerability in models/log.php in the Search Log (com_s ...)
	NOT-FOR-US: Search log Joomla addon
CVE-2010-5043 (SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) co ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5042 (Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_dja ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5041 (SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 ...)
	NOT-FOR-US: Nucleus CMS extension
CVE-2010-5040 (PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery. ...)
	NOT-FOR-US: Nucleus CMS extension
CVE-2010-5039 (SQL injection vulnerability in control/admin_login.php in ScriptsFeed  ...)
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2010-5038 (PHP remote file inclusion vulnerability in contact/contact.php in Groo ...)
	NOT-FOR-US: Groone's Simple Contact Form
CVE-2010-5037 (SQL injection vulnerability in article.php in SenseSites CommonSense C ...)
	NOT-FOR-US: SenseSites CommonSense CMS
CVE-2010-5036 (SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allow ...)
	NOT-FOR-US: iScripts eSwap
CVE-2010-5035 (Cross-site scripting (XSS) vulnerability in search.php in iScripts eSw ...)
	NOT-FOR-US: iScripts eSwap
CVE-2010-5034 (SQL injection vulnerability in viewhistorydetail.php in iScripts EasyB ...)
	NOT-FOR-US: iScripts EasyBiller
CVE-2010-5033 (SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows ...)
	NOT-FOR-US: Fusebox
CVE-2010-5032 (SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5031 (Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1  ...)
	NOT-FOR-US: fileNice
CVE-2010-5030 (Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5. ...)
	NOT-FOR-US: Ecomat CMS
CVE-2010-5029 (SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remo ...)
	NOT-FOR-US: Ecomat CMS
CVE-2010-5028 (SQL injection vulnerability in the JExtensions JE Job (com_jejob) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5027 (Cross-site scripting (XSS) vulnerability in winners.php in Science Fai ...)
	NOT-FOR-US: Science Fair In A Box (SFIAB)
CVE-2010-5026 (SQL injection vulnerability in winners.php in Science Fair In A Box (S ...)
	NOT-FOR-US: Science Fair In A Box (SFIAB)
CVE-2010-5025 (Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSIT ...)
	NOT-FOR-US: CuteSITE CMS
CVE-2010-5024 (SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2 ...)
	NOT-FOR-US: CuteSITE CMS
CVE-2010-5023 (SQL injection vulnerability in index.asp in Digital Interchange Calend ...)
	NOT-FOR-US: Digital Interchange Calendar
CVE-2010-5022 (SQL injection vulnerability in the JExtensions JE Story Submit (com_je ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5021 (SQL injection vulnerability in view_group.asp in Digital Interchange D ...)
	NOT-FOR-US: Digital Interchange Calendar
CVE-2010-5020 (SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2010-5019 (SQL injection vulnerability in view_photo.php in 2daybiz Online Classi ...)
	NOT-FOR-US: 2daybiz Online Classified Script
CVE-2010-5018 (Cross-site scripting (XSS) vulnerability in products/classified/header ...)
	NOT-FOR-US: 2daybiz Online Classified Script
CVE-2010-5017 (SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 a ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5016 (SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5015 (SQL injection vulnerability in view_photo.php in 2daybiz Network Commu ...)
	NOT-FOR-US: 2daybiz Network Community Script
CVE-2010-5014 (SQL injection vulnerability in standings.php in Elite Gaming Ladders 3 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5013 (SQL injection vulnerability in listing_detail.asp in Mckenzie Creation ...)
	NOT-FOR-US: Mckenzie Creations Virtual Real Estate Manager
CVE-2010-5012 (SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows ...)
	NOT-FOR-US: DaLogin
CVE-2010-5011 (SQL injection vulnerability in schoolmv2/html/studentmain.php in Schoo ...)
	NOT-FOR-US: SchoolMation
CVE-2010-5010 (Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain ...)
	NOT-FOR-US: SchoolMation
CVE-2010-5009 (SQL injection vulnerability in index.php in UTStats Beta 4 and earlier ...)
	NOT-FOR-US: UTStats
CVE-2010-5008 (SQL injection vulnerability in pages/contact_list_mail_form.asp in Bri ...)
	NOT-FOR-US: BrightSuite Groupware
CVE-2010-5007 (Cross-site scripting (XSS) vulnerability in pages/match_report.php in  ...)
	NOT-FOR-US: UTStats
CVE-2010-5006 (SQL injection vulnerability in googlemap/index.php in EMO Realty Manag ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2010-5005 (Cross-site scripting (XSS) vulnerability in members/profileCommentsRes ...)
	NOT-FOR-US: Rayzz Photoz
CVE-2010-5004 (SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Ad ...)
	NOT-FOR-US: 2daybiz Polls
CVE-2010-5000 (SQL injection vulnerability in login/login_index.php in MCLogin System ...)
	NOT-FOR-US: MCLogin System
CVE-2010-4998 (PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaIni ...)
	NOT-FOR-US: ardeaCore PHP Framework
CVE-2010-4997 (SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 a ...)
	NOT-FOR-US: OlyKit Swoopo Clone 2010
CVE-2010-4971 (Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Vid ...)
	NOT-FOR-US: VideoWhisper PHP 2 Way Video Chat
CVE-2011-4262 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 all ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4259 (Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remo ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4258 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4257 (The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote  ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4256 (The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPl ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4255 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4254 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4253 (Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4252 (The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPl ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4251 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4250 (Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4249 (Array index error in the RV30 codec in RealNetworks RealPlayer before  ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4248 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4246 (The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPla ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4245 (The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Ma ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4244 (Heap-based buffer overflow in the RealVideo renderer in RealNetworks R ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4243
	RESERVED
CVE-2011-4242
	RESERVED
CVE-2011-4241
	RESERVED
CVE-2011-4240
	RESERVED
CVE-2011-4239
	RESERVED
CVE-2011-4238
	RESERVED
CVE-2011-4237 (CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Comm ...)
	NOT-FOR-US: Cisco
CVE-2011-4236
	RESERVED
CVE-2011-4235
	RESERVED
CVE-2011-4234
	RESERVED
CVE-2011-4233
	RESERVED
CVE-2011-4232 (The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces diff ...)
	NOT-FOR-US: Cisco
CVE-2011-4231 (Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hu ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4230
	RESERVED
CVE-2011-4229
	RESERVED
CVE-2011-4228
	RESERVED
CVE-2011-4227
	RESERVED
CVE-2011-4226
	RESERVED
CVE-2011-4225
	RESERVED
CVE-2011-4224
	RESERVED
CVE-2011-4223 (Unspecified vulnerability in Investintech.com Absolute PDF Server allo ...)
	NOT-FOR-US: Investintech.com Absolute PDF Server
CVE-2011-4222 (Unspecified vulnerability in Investintech.com Able2Extract and Able2Ex ...)
	NOT-FOR-US: Investintech.com Able2Extract
CVE-2011-4221 (Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Pr ...)
	NOT-FOR-US: Investintech.com Able2Doc
CVE-2011-4220 (Investintech.com SlimPDF Reader does not properly restrict the argumen ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4219 (Investintech.com SlimPDF Reader does not prevent faulting-address data ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4218 (Investintech.com SlimPDF Reader does not prevent faulting-instruction  ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4217 (Investintech.com SlimPDF Reader does not properly restrict read operat ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4216 (Investintech.com SlimPDF Reader does not properly restrict write opera ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4215 (SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action  ...)
	NOT-FOR-US: OneOrZero Action & Information Management System (AIMS)
CVE-2011-4214 (OneOrZero Action &amp; Information Management System (AIMS) 2.7.0 allo ...)
	NOT-FOR-US: OneOrZero Action & Information Management System (AIMS)
CVE-2010-5003 (SQL injection vulnerability in the AutarTimonial (com_autartimonial) c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5002 (Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/sl ...)
	NOT-FOR-US: Exponent CMS
CVE-2010-5001 (SQL injection vulnerability in view.php in esoftpro Online Contact Man ...)
	NOT-FOR-US: esoftpro Online Contact Manager
CVE-2010-4999 (SQL injection vulnerability in index.php in esoftpro Online Photo Pro  ...)
	NOT-FOR-US: esoftpro Online Photo Pro
CVE-2010-4996 (SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbo ...)
	NOT-FOR-US: esoftpro Online Guestbook Pro
CVE-2010-4995 (SQL injection vulnerability in the NeoRecruit (com_neorecruit) compone ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4994 (SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4993 (SQL injection vulnerability in the eventcal (com_eventcal) component 1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4992 (SQL injection vulnerability in the Payments Plus component 2.1.5 for J ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4991 (SQL injection vulnerability in the NinjaMonials (com_ninjamonials) com ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4990 (SQL injection vulnerability in the Front-edit Address Book (com_addres ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4989 (SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows r ...)
	NOT-FOR-US: Ziggurat Farsi CMS
CVE-2010-4988 (PHP remote file inclusion vulnerability in mod_chatting/themes/default ...)
	NOT-FOR-US: Family Connections Who is Chatting
CVE-2010-4987 (SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GB ...)
	NOT-FOR-US: KMSoft Guestbook (aka GBook)
CVE-2010-4986 (SQL injection vulnerability in detail.php in Simple Document Managemen ...)
	NOT-FOR-US: Simple Document Management System (SDMS)
CVE-2010-4985 (Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Not ...)
	NOT-FOR-US: My Kazaam Notes Management System
CVE-2010-4984 (SQL injection vulnerability in notes.php in My Kazaam Notes Management ...)
	NOT-FOR-US: My Kazaam Notes Management System
CVE-2010-4983 (SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0  ...)
	NOT-FOR-US: iScripts CyberMatch
CVE-2010-4982 (SQL injection vulnerability in address_book/contacts.php in My Kazaam  ...)
	NOT-FOR-US: My Kazaam Address & Contact Organizer
CVE-2010-4981 (SQL injection vulnerability in trackads.php in YourFreeWorld Banner Ma ...)
	NOT-FOR-US: YourFreeWorld Banner Management
CVE-2010-4980 (SQL injection vulnerability in packagedetails.php in iScripts ReserveL ...)
	NOT-FOR-US: iScripts ReserveLogic
CVE-2010-4979 (SQL injection vulnerability in image/view.php in CANDID allows remote  ...)
	NOT-FOR-US: CANDID
CVE-2010-4978 (Cross-site scripting (XSS) vulnerability in image/view.php in CANDID a ...)
	NOT-FOR-US: CANDID
CVE-2010-4977 (SQL injection vulnerability in menu.php in the Canteen (com_canteen) c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4976 (Cross-site scripting (XSS) vulnerability in search/search.php in MetIn ...)
	NOT-FOR-US: MetInfo
CVE-2010-4975 (SQL injection vulnerability in the Techjoomla SocialAds For JomSocial  ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4974 (SQL injection vulnerability in info.php in BrotherScripts (BS) and Scr ...)
	NOT-FOR-US: BrotherScripts (BS) and ScriptsFeed Auto Dealer
CVE-2010-4973 (Cross-site scripting (XSS) vulnerability in the search feature in Camp ...)
	NOT-FOR-US: Campsite
CVE-2010-4972 (SQL injection vulnerability in index.php in YPNinc JokeScript allows r ...)
	NOT-FOR-US: YPNinc JokeScript
CVE-2010-4970 (SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0 ...)
	NOT-FOR-US: Wiki Web Help
CVE-2010-4969 (SQL injection vulnerability in articlesdetails.php in BrotherScripts ( ...)
	NOT-FOR-US: BrotherScripts (BS) Business Directory
CVE-2010-4968 (SQL injection vulnerability in the webmaster-tips.net Flash Gallery (c ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before 1.5 ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before 1.5 ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4211 (The FakeFile implementation in the sandbox environment in the Google A ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4210
	RESERVED
CVE-2011-4209
	RESERVED
CVE-2011-4208
	RESERVED
CVE-2011-4207
	RESERVED
CVE-2011-4206
	RESERVED
CVE-2011-4205
	RESERVED
CVE-2011-4204
	RESERVED
CVE-2011-4203 (CRLF injection vulnerability in calendar/set.php in the Calendar compo ...)
	NOT-FOR-US: Moodle addon
CVE-2011-4202 (The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions ( ...)
	NOT-FOR-US: Tadasoft Restorepoint
CVE-2011-4201 (remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image a ...)
	NOT-FOR-US: Tadasoft Restorepoint
CVE-2011-4200
	RESERVED
CVE-2011-4199
	RESERVED
CVE-2011-4198
	RESERVED
CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 cr ...)
	NOT-FOR-US: pfSense
CVE-2011-XXXX [spip privilege escalation]
	- spip 2.1.12-1 (bug #649113)
	[squeeze] - spip 2.1.1-3squeeze2
CVE-2011-XXXX [spip XSS]
	- spip 2.1.12-1 (bug #649113)
	[squeeze] - spip 2.1.1-3squeeze2
CVE-2011-XXXX [spip path disclosure]
	- spip 2.1.12-1 (unimportant; bug #646758)
	NOTE: http://archives.rezo.net/archives/spip-ann.mbox/5XCQ4RYDCYRXQSQQK42DT7IO2GVT7ZSI/
	NOTE: Path disclosure not an issue for Debian
CVE-2011-4196
	RESERVED
CVE-2011-4195 (kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 an ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise Serv ...)
	NOT-FOR-US: Novell iPrint
CVE-2011-4193 (Cross-site scripting (XSS) vulnerability in the overlay files tab in S ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4192 (kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in XNFS.NL ...)
	NOT-FOR-US: Novell NetWare
CVE-2011-4190 (The kdump implementation is missing the host key verification in the k ...)
	NOT-FOR-US: kdump as used in SuSE
CVE-2011-4189 (The client in Novell GroupWise 8.0x through 8.02HP3 allows remote atta ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-4188 (Buffer overflow in the Create Attribute function in jclient in Novell  ...)
	NOT-FOR-US: Novell iManager
CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll in No ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iPrint  ...)
	NOT-FOR-US: ActiveX
CVE-2011-4184
	RESERVED
CVE-2011-4183 (A vulnerability in open build service allows remote attackers to uploa ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=736243
	NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e
CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...)
	NOT-FOR-US: sysconfig in SUSE Linux Enterprise
CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain  ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=734003
	NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e
CVE-2011-4180
	RESERVED
CVE-2011-4179
	RESERVED
CVE-2011-4178
	RESERVED
CVE-2011-4177
	RESERVED
CVE-2011-4176
	RESERVED
CVE-2011-4175
	RESERVED
CVE-2011-4174
	RESERVED
CVE-2011-4173 (Cross-site request forgery (CSRF) vulnerability in Simple Machines For ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-4172 (Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FO ...)
	NOT-FOR-US: KENT WEB FORUM
CVE-2011-4171 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM W ...)
	NOT-FOR-US: WebSphere
CVE-2011-4170 (Cross-site scripting (XSS) vulnerability in the theme_adium_append_mes ...)
	- empathy 3.2.1.1-1
	[squeeze] - empathy <no-dsa> (Minor issue)
	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in  ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing  ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4166 (Directory traversal vulnerability in the MPAUploader.Uploader.1.Upload ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4165 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4164 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, ...)
	NOT-FOR-US: HP Protect Tools Device Access Manager
CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; Co ...)
	NOT-FOR-US: HP CM8060 Color MFP
CVE-2011-4160 (Unspecified vulnerability in HP Operations Agent 11.00 and Performance ...)
	NOT-FOR-US: HP Operations Agent
CVE-2011-4159 (Unspecified vulnerability in System Administration Manager (SAM) in EM ...)
	NOT-FOR-US: HP-UX
CVE-2011-4158 (Unspecified vulnerability in HP Directories Support for ProLiant Manag ...)
	NOT-FOR-US: HP Directories Support
CVE-2011-4157 (Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on th ...)
	NOT-FOR-US: HP SAN/iQ
CVE-2011-4156 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-4155 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-4154
	RESERVED
CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup f ...)
	{DSA-2408-1}
	- php5 5.3.9-1 (low)
CVE-2011-4152
	RESERVED
CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center (KD ...)
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	[lenny] - krb5 <not-affected> (introduced in 1.8)
CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6  ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvo ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP  ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 AS ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2011-4150
	REJECTED
CVE-2011-4149
	REJECTED
CVE-2011-4148
	REJECTED
CVE-2011-4147
	REJECTED
CVE-2011-4146
	REJECTED
CVE-2011-4145
	REJECTED
CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 be ...)
	NOT-FOR-US: EMC
CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote att ...)
	NOT-FOR-US: EMC
CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6. ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token  ...)
	NOT-FOR-US: RSA SecurID
CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4139 (Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host  ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4138 (The verify_exists functionality in the URLField implementation in Djan ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4137 (The verify_exists functionality in the URLField implementation in Djan ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4136 (django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4135 (Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexN ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4134 (Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11. ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4133 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) ...)
	- linux-2.6 3.1.6-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4131 (The NFSv4 implementation in the Linux kernel before 3.2.2 does not pro ...)
	- linux 3.2.9-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, minor impact)
CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD before 1.3 ...)
	{DSA-2346-2 DSA-2346-1}
	- proftpd-dfsg 1.3.4~rc3-2 (high; bug #648373)
	[lenny] - proftpd-dfsg <not-affected> (vulnerable functionality not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3711
CVE-2011-4129 ((1) services/twitter/twitter-contact-view.c and (2) services/twitter/t ...)
	- libsocialweb 0.25.20-1
CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in lib/gnutls_ ...)
	- gnutls26 2.12.14-1 (low; bug #648441)
	[squeeze] - gnutls26 2.8.6-1+squeeze1
	[lenny] - gnutls26 <no-dsa> (Minor issue)
CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl c ...)
	{DSA-2443-1 DSA-2389-1}
	- libguestfs 1:1.14.8-1
	- linux-2.6 <removed>
CVE-2011-4126
	RESERVED
CVE-2011-4125
	RESERVED
CVE-2011-4124
	RESERVED
CVE-2011-4123
	REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
	NOT-FOR-US: OpenPAM
CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up ...)
	- ruby1.9.1 <not-affected> (Only affected trunk versions)
CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...)
	- yubico-pam 2.10-1
CVE-2011-4119
	RESERVED
CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...)
	NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...)
	- perl <unfixed> (unimportant; bug #776268)
	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177
	NOTE: https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
CVE-2011-4115 (Parallel::ForkManager module before 1.0.0 for Perl does not properly h ...)
	- libparallel-forkmanager-perl <not-affected> (issue introduced in 0.7.6 upstream, never in Debian)
	NOTE: affected code was never in Debian. Upstream fixed in 1.0.0
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298
CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for P ...)
	- libpar-packer-perl 1.012-1 (bug #650706)
	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for Dr ...)
	- drupal6-mod-views 2.14-1
CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly res ...)
	- linux-2.6 3.1-1 (unimportant)
	NOTE: Turned out to be a non-issue, http://www.openwall.com/lists/oss-security/2011/11/24/3
CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in hw/ ...)
	- qemu 0.15.1+dfsg-2
	[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
	[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d
CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux  ...)
	{DSA-2389-1}
	- linux-2.6 3.1.4-1
CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_ ...)
	{DSA-2390-1}
	- openssl 1.0.0c-1
CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...)
	{DSA-2390-1}
	- openssl 1.0.0f-1 (low; bug #645805)
	NOTE: http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest
CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in (librarie ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.7.1-1 (bug #656247)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106 (TimThumb (timthumb.php) before 2.0 does not validate the entire source ...)
	NOT-FOR-US: wordpress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of arbitra ...)
	- lightdm 1.0.6-2
CVE-2011-4104 (The from_yaml method in serializers.py in Django Tastypie before 0.9.1 ...)
	- django-tastypie 0.9.10-1 (bug #647314)
CVE-2011-4103 (emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 doe ...)
	{DSA-2344-1}
	- python-django-piston 0.2.2-2 (high; bug #647315)
CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in wiretap/ ...)
	{DSA-2351-1}
	- wireshark 1.6.3-1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html
	NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch
	NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches
CVE-2011-4101 (The dissect_infiniband_common function in epan/dissectors/packet-infin ...)
	- wireshark 1.6.3-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html
CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...)
	- wireshark 1.6.3-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current wo ...)
	- libcap2 1:2.22-1 (low)
	[squeeze] - libcap2 <no-dsa> (Minor issue)
CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux kerne ...)
	- linux 3.2.1-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (fallocate support was added to GFS2 in 2.37)
CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the L ...)
	- linux-2.6 3.0.0-6
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not properly fr ...)
	{DSA-2381-1}
	- squid3 3.1.16-1
	[lenny] - squid3 <not-affected> (no IPv6 support)
CVE-2011-4095 (Jara 1.6 has an XSS vulnerability ...)
	NOT-FOR-US: Jara
CVE-2011-4094 (Jara 1.6 has a SQL injection vulnerability. ...)
	NOT-FOR-US: Jara
CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...)
	- net6 1:1.3.14-1 (low; bug #647318)
	[squeeze] - net6 <no-dsa> (Minor issue)
	[lenny] - net6 <no-dsa> (Minor issue)
CVE-2011-4092 (obby (aka libobby) does not verify SSL server certificates, which allo ...)
	- obby <removed> (low; bug #647317)
	[wheezy] - obby <no-dsa> (Minor design limitation)
	[lenny] - obby <no-dsa> (Minor design limitation)
	[squeeze] - obby <no-dsa> (Minor design limitation)
CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3. ...)
	[squeeze] - net6 <no-dsa> (Minor issue)
	[lenny] - net6 <no-dsa> (Minor issue)
	- net6 1:1.3.14-1 (low; bug #647318)
CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin which may  ...)
	- serendipity <removed> (bug #650937)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2011/q4/192
CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed exec ...)
	- bzip2 1.0.6-1 (low; bug #632862)
	[squeeze] - bzip2 1.0.5-6+squeeze1
	[lenny] - bzip2 <no-dsa> (Minor issue)
CVE-2011-4088 (ABRT might allow attackers to obtain sensitive information from crash  ...)
	NOT-FOR-US: abrt/libreport
CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the L ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linu ...)
	{DSA-2469-1}
	- linux-2.6 <removed> (low)
CVE-2011-4085 (The servlets invoked by httpha-invoker in JBoss Enterprise Application ...)
	NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
	REJECTED
CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x  ...)
	NOT-FOR-US: RedHat sos
CVE-2011-4082 (A local file inclusion flaw was found in the way the phpLDAPadmin befo ...)
	- phpldapadmin 0.9.8-1
CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...)
	- linux-2.6 3.0.0-6
	[squeeze] - linux-2.6 <not-affected> (CRYPTO_GHASH Introduced in 2.6.32)
CVE-2011-4080 (The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kern ...)
	- linux-2.6 2.6.39-1
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.2 ...)
	- openldap 2.4.28-1 (unimportant; bug #647610)
	NOTE: Not exploitable with glibc, see
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079
CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...)
	- roundcube 0.6+dfsg-1 (bug #646675)
	[squeeze] - roundcube <not-affected> (squeeze PHP version does not expose the issue)
	NOTE: http://trac.roundcube.net/ticket/1488086
	NOTE: This is arguably a PHP issue, but will probably not be fixed upstream.
CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c  ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-6
CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCE ...)
	- nova 2012.1~e1-1
	NOTE: https://bugs.launchpad.net/nova/+bug/868360
	NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/
CVE-2011-4075 (The masort function in lib/functions.php in phpLDAPadmin 1.2.x before  ...)
	{DSA-2333-1}
	- phpldapadmin 1.2.0.5-2.1 (bug #646754)
CVE-2011-4074 (Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1. ...)
	{DSA-2333-1}
	- phpldapadmin 1.2.0.5-2.1 (bug #646769)
CVE-2011-4073 (Use-after-free vulnerability in the cryptographic helper handler funct ...)
	{DSA-2374-1}
	- openswan 1:2.6.37-1 (low; bug #650674)
CVE-2007-6744 (Flexera Macrovision InstallShield before 2008 sends a digital-signatur ...)
	NOT-FOR-US: Flexera Macrovision InstallShield
CVE-2006-7246 (NetworkManager 0.9.x does not pin a certificate's subject to an ESSID  ...)
	- wpasupplicant 0.7.3-1
	[squeeze] - wpasupplicant <no-dsa> (Minor issue)
	- network-manager 0.9.4.0-1
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: might be fixed earlier; I checked the source versions in Wheezy
CVE-2011-4072
	REJECTED
CVE-2011-4071
	RESERVED
CVE-2011-4070
	RESERVED
CVE-2011-4069 (html/admin/login.php in PacketFence before 3.0.2 allows remote attacke ...)
	NOT-FOR-US: PacketFence
CVE-2011-4068 (The check_password function in html/admin/login.php in PacketFence bef ...)
	NOT-FOR-US: PacketFence
CVE-2011-4067
	RESERVED
CVE-2011-4066 (SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earl ...)
	NOT-FOR-US: GNU Board
CVE-2011-4065
	RESERVED
CVE-2011-4063 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...)
	- asterisk 1:1.8.7.1~dfsg-1 (bug #647252)
	[lenny] - asterisk <not-affected> (Only affects >= 1.8)
	[squeeze] - asterisk <not-affected> (Only affects >= 1.8)
CVE-2011-4062 (Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows lo ...)
	{DSA-2325-1}
	- kfreebsd-10 10.0~svn226224-1
	- kfreebsd-9 9.0~svn225873-1
	- kfreebsd-8 8.2-11 (bug #645377)
	- kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...)
	NOT-FOR-US: DB2
CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 do ...)
	NOT-FOR-US: QNX
CVE-2011-4059
	RESERVED
CVE-2011-4058
	RESERVED
CVE-2010-4965 (/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 co ...)
	NOT-FOR-US: D-Link DCS-2121
CVE-2010-4964 (recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 all ...)
	NOT-FOR-US: D-Link DCS-2121
CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in php ...)
	- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ver ...)
	NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime
CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix Fac ...)
	NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4055 (Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix ...)
	NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder ...)
	NOT-FOR-US: CA SiteMinder
CVE-2011-4053 (Untrusted search path vulnerability in 7-Technologies (7T) Interactive ...)
	NOT-FOR-US: 7-Technologies (7T) Interactive Graphical SCADA System
CVE-2011-4052 (Stack-based buffer overflow in CEServer.exe in the CEServer component  ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-4051 (CEServer.exe in the CEServer component in the Remote Agent module in I ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-4050 (Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA Sys ...)
	NOT-FOR-US: Interactive Graphical SCADA System
CVE-2011-4049
	RESERVED
CVE-2011-4048 (The Dell KACE K2000 System Deployment Appliance has a default username ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4047 (The Dell KACE K2000 System Deployment Appliance allows remote attacker ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4046 (The Dell KACE K2000 System Deployment Appliance stores the recovery ac ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4045 (Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in AR ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4044 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVu ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4043 (Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in A ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4042 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVu ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4041 (webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers t ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2011-4040 (Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows re ...)
	NOT-FOR-US: NJStar Communicator
CVE-2011-4039 (Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in  ...)
	NOT-FOR-US: Invensys Wonderware HMI Reports
CVE-2011-4038 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Re ...)
	NOT-FOR-US: Invensys Wonderware HMI Reports
CVE-2011-4037 (Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog ...)
	NOT-FOR-US: Sielco Sistemi Winlog PRO
CVE-2011-4036 (Directory traversal vulnerability in Schneider Electric Vijeo Historia ...)
	NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4035 (Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo H ...)
	NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4034 (Buffer overflow in the Steema TeeChart ActiveX control, as used in Sch ...)
	NOT-FOR-US: Steema TeeChart
CVE-2011-4033 (Buffer overflow in the Steema TeeChart ActiveX control, as used in Sch ...)
	NOT-FOR-US: Steema TeeChart
CVE-2011-4032
	RESERVED
CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in libavformat/r ...)
	- libav 0.8-1 (bug #675767)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4 ...)
	- plone3 <not-affected> (Only affects Plone 4.x)
CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...)
	- xorg-server 2:1.11.1.901-2 (low)
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
	NOTE: this has a poc now: http://web.archive.org/web/20111204204028/http://vladz.devzero.fr:80/Xorg-CVE-2011-4029.txt
CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...)
	- xorg-server 2:1.11.1.901-2 (low)
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
CVE-2011-4027
	RESERVED
CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remot ...)
	NOT-FOR-US: NexusPHP
CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...)
	NOT-FOR-US: Hulihan BXR
CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension bef ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension b ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yell ...)
	NOT-FOR-US: Branchenbuch
CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre P ...)
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows  ...)
	NOT-FOR-US: Prado Portal
CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ex ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_ques ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers A ...)
	NOT-FOR-US: APBoard Developers APBoard
CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...)
	NOT-FOR-US: xt:Commerce Gambio
CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1 ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) extensio ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xaj ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before 0.3. ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...)
	NOT-FOR-US: PHP Free Photo Gallery
CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: ALLPC
CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows re ...)
	NOT-FOR-US: ALLPC
CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) comp ...)
	NOT-FOR-US: CamelcityDB
CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) c ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...)
	NOT-FOR-US: Saurus CMS
CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in E-Xo ...)
	NOT-FOR-US: E-Xoopport Samsara
CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component 1_1028_ ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows  ...)
	NOT-FOR-US: WAnewsletter
CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm 1.2 a ...)
	NOT-FOR-US: MailForm
CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks) component i ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog (com_amblog) comp ...)
	NOT-FOR-US: Amblog
CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow) componen ...)
	NOT-FOR-US: Slide Show extension for Joomla
CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier a ...)
	NOT-FOR-US: Entrans
CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and earlier  ...)
	NOT-FOR-US: Get Tube
CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3. ...)
	NOT-FOR-US: Geeklog
CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in Entrans befo ...)
	NOT-FOR-US: Entrans
CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php in PH ...)
	NOT-FOR-US: PHP-Fusion
CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail ...)
	NOT-FOR-US: @mail Webmail
CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos) component fo ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_ ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide (com_restaurantgui ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires module 1.5  ...)
	NOT-FOR-US: Nuked Klan
CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in logic/contro ...)
	NOT-FOR-US: clearBudget
CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue B ...)
	NOT-FOR-US: Virtue Netz Virtue
CVE-2010-4922 (Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow ...)
	NOT-FOR-US: Allinta CMS
CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...)
	NOT-FOR-US: DMXReady Polling Booth Manager
CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental Prope ...)
	NOT-FOR-US: Micronetsoft
CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer We ...)
	NOT-FOR-US: Micronetsoft
CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine (com_magaz ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows ...)
	NOT-FOR-US: A-Blog
CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUse ...)
	NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 ...)
	NOT-FOR-US: ColdGen ColdBookmarks
CVE-2010-4914 (PHP remote file inclusion vulnerability in tools/phpmailer/class.phpma ...)
	NOT-FOR-US: PHP Classifieds
CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature in Cold ...)
	NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0 allows rem ...)
	NOT-FOR-US: UCenter
CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP Classifieds Ad ...)
	NOT-FOR-US: PHP Classifieds
CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06  ...)
	NOT-FOR-US: ColdGen ColdCalendar
CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCM ...)
	NOT-FOR-US: PaysiteReviewCMS
CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping Mall allo ...)
	NOT-FOR-US: Virtue Shopping Mall
CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenph ...)
	NOT-FOR-US: Zenphoto
CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3  ...)
	NOT-FOR-US: Zenphoto
CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article  ...)
	NOT-FOR-US: Softbiz
CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) com ...)
	NOT-FOR-US: Aardvertiser
CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remo ...)
	NOT-FOR-US: CubeCart
CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools (com_clantools ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...)
	NOT-FOR-US: MySource Matrix
CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ear ...)
	NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1  ...)
	NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component 3.0.1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remot ...)
	NOT-FOR-US: BlueCMS
CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in Member  ...)
	NOT-FOR-US: Member Management System
CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in chill ...)
	NOT-FOR-US: chillyCMS
CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 al ...)
	NOT-FOR-US: chillyCMS
CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS  ...)
	NOT-FOR-US: FestOS
CVE-2011-XXXX [lintian disclosure of file presense]
	- lintian 2.5.2 (unimportant)
	[squeeze] - lintian 2.4.3+squeeze1
CVE-2011-XXXX [0.1.1+dfsg-1 multiple issues]
	- ibid 0.1.1+dfsg-1
	[squeeze] - ibid 0.1.0+dfsg-2+squeeze1
CVE-2011-4025
	RESERVED
CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4891 (SQL injection vulnerability in the Yet Another Calendar (ke_yac) exten ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4890 (Cross-site scripting (XSS) vulnerability in the Yet Another Calendar ( ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4889 (Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4888 (SQL injection vulnerability in the Tiny Market (hm_tinymarket) extensi ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4887 (SQL injection vulnerability in the Commenting system Backend Module (c ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4886 (Cross-site scripting (XSS) vulnerability in the "official twitter twee ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4885 (Cross-site scripting (XSS) vulnerability in the XING Button (xing) ext ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4884 (PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaes ...)
	NOT-FOR-US: Gaestebuch
CVE-2010-4883 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODx  ...)
	NOT-FOR-US: MODx Revolution
CVE-2010-4882 (Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1. ...)
	NOT-FOR-US: Auto CMS
CVE-2010-4881 (Multiple cross-site request forgery (CSRF) vulnerabilities in calendar ...)
	NOT-FOR-US: ApPHP Calendar
CVE-2010-4880 (Multiple cross-site scripting (XSS) vulnerabilities in calendar.class. ...)
	NOT-FOR-US: ApPHP Calendar
CVE-2010-4879 (PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0  ...)
	- php-dompdf 0.6.1+dfsg-1
CVE-2010-4878 (PHP remote file inclusion vulnerability in formmailer.php in Kontakt F ...)
	NOT-FOR-US: Kontakt Formular
CVE-2010-4877 (Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1  ...)
	NOT-FOR-US: OneCMS
CVE-2010-4876 (SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows  ...)
	NOT-FOR-US: mBlogger
CVE-2010-4875 (Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpo ...)
	NOT-FOR-US: Wordpress plugin
CVE-2010-4874 (Multiple cross-site scripting (XSS) vulnerabilities in users.php in Ni ...)
	NOT-FOR-US: NinkoBB
CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...)
	NOT-FOR-US: WeBid
CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3  ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows att ...)
	NOT-FOR-US: SmartFTP
CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows re ...)
	NOT-FOR-US: BloofoxCMS
CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Invent ...)
	- ocsinventory-server 2.0.2-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2011-4023 (Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remo ...)
	NOT-FOR-US: Cisco
CVE-2011-4022 (The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allo ...)
	NOT-FOR-US: Cisco
CVE-2011-4021
	RESERVED
CVE-2011-4020
	RESERVED
CVE-2011-4019 (Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4018
	RESERVED
CVE-2011-4017
	RESERVED
CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when P ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7. ...)
	NOT-FOR-US: Cisco
CVE-2011-4013
	RESERVED
CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C)  ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4011
	RESERVED
CVE-2011-4010
	RESERVED
CVE-2011-4009
	RESERVED
CVE-2011-4008
	RESERVED
CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security Appliances (AS ...)
	NOT-FOR-US: Cisco
CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready  ...)
	NOT-FOR-US: Cisco SRP
CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the Cisco We ...)
	NOT-FOR-US: Cisco Webex
CVE-2011-4003
	RESERVED
CVE-2011-4002 (HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to exe ...)
	NOT-FOR-US: HP no Mawashimono Nikki
CVE-2011-4001 (Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and e ...)
	NOT-FOR-US: HP no Mawashimono Nikki
CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arb ...)
	{DSA-2361-1}
	- chasen 2.4.4-17 (medium; bug #648359)
CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader i ...)
	NOT-FOR-US: Iwate Portal Bar
CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and e ...)
	NOT-FOR-US: Apple WebObjects
CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote attac ...)
	NOT-FOR-US: Opengear
CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote attack ...)
	NOT-FOR-US: CSWorks
CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 an ...)
	NOT-FOR-US: Twilight Frontier Touhou Hisouten
CVE-2011-3994 (Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link DES-3800 ...)
	NOT-FOR-US: D-Link device
CVE-2011-3991 (Untrusted search path vulnerability in FFFTP 1.98a and earlier allows  ...)
	NOT-FOR-US: FFFTP
CVE-2011-3990 (Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in  ...)
	NOT-FOR-US: PukiWiki
CVE-2011-3989 (SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows re ...)
	NOT-FOR-US: DBD::mysqlPP Perl module
CVE-2011-3988 (SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11 ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard befor ...)
	NOT-FOR-US: DAEMON Tools
CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows  ...)
	NOT-FOR-US: Pligg
CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows  ...)
	NOT-FOR-US: Plume
CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 do ...)
	NOT-FOR-US: IBM AIX driver
CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...)
	NOT-FOR-US: DBHcms
CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka search.ph ...)
	NOT-FOR-US: W-Agora
CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in W ...)
	NOT-FOR-US: W-Agora
CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows  ...)
	NOT-FOR-US: Chipmunk Board
CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in Ge ...)
	NOT-FOR-US: GetSimple CMS
CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory (com_jedir ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows re ...)
	NOT-FOR-US: webSPELL
CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 a ...)
	NOT-FOR-US: MyPhpAuction
CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script allow ...)
	NOT-FOR-US: WebAsyst Shop-Script
CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stat ...)
	NOT-FOR-US: DNET Live-Stats
CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows re ...)
	NOT-FOR-US: CAG CMS
CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote  ...)
	NOT-FOR-US: xWeblog
CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote at ...)
	NOT-FOR-US: xWebLog
CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magi ...)
	NOT-FOR-US: Zuitu
CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) compone ...)
	NOT-FOR-US: Joomla extension
CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill (com_netinv ...)
	NOT-FOR-US: Joomla extension
CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows  ...)
	NOT-FOR-US: jSite
CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensions in ...)
	NOT-FOR-US: Oracle Solaris
CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...)
	- apache <removed>
CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the Allwebme ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndro ...)
	NOT-FOR-US: TYPO3 extension
CVE-2011-3979 (Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/ ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2011-3978 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php  ...)
	NOT-FOR-US: LightNEasy
CVE-2011-3977 (Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x b ...)
	NOT-FOR-US: NoMachine NX components
CVE-2011-3976 (Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP ...)
	NOT-FOR-US: AmmSoft ScriptFTP
CVE-2011-3975 (A certain HTC update for Android 2.3.4 build GRJ22, when the Sense int ...)
	NOT-FOR-US: HTC Android
CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavs ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3  ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3972 (The shader translator implementation in Google Chrome before 17.0.963. ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3971 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote at ...)
	- libxslt 1.1.26-11 (low; bug #660650)
	[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3968 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3967 (Unspecified vulnerability in Google Chrome before 17.0.963.46 allows r ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3966 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3965 (Google Chrome before 17.0.963.46 does not properly check signatures, w ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3964 (Google Chrome before 17.0.963.46 does not properly implement the drag- ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3963 (Google Chrome before 17.0.963.46 does not properly handle PDF FAX imag ...)
	- chromium-browser <not-affected> (Only affects proprietary Chrome)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3962 (Google Chrome before 17.0.963.46 does not properly perform path clippi ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3961 (Race condition in Google Chrome before 17.0.963.46 allows remote attac ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3960 (Google Chrome before 17.0.963.46 does not properly decode audio data,  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3959 (Buffer overflow in the locale implementation in Google Chrome before 1 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3958 (Google Chrome before 17.0.963.46 does not properly perform casts of va ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3957 (Use-after-free vulnerability in the garbage-collection functionality i ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3956 (The extension implementation in Google Chrome before 17.0.963.46 does  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3955 (Google Chrome before 17.0.963.46 allows remote attackers to cause a de ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3954 (Google Chrome before 17.0.963.46 allows remote attackers to cause a de ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3953 (Google Chrome before 17.0.963.46 does not prevent monitoring of the cl ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg befor ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...)
	- libav <not-affected> (Specific to newer ffmpeg after split)
	- ffmpeg <not-affected> (Specific to newer ffmpeg after split)
CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmp ...)
	- libav <not-affected> (Specific to newer ffmpeg after split)
	- ffmpeg <not-affected> (Specific to newer ffmpeg after split)
CVE-2011-3948
	RESERVED
CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0. ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg bef ...)
	{DSA-3003-1}
	- libav 6:10.3-1 (unimportant)
	- ffmpeg 7:2.4.1-1 (unimportant)
	NOTE: Not suitable for code injection, not treated as security issue
CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcode ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in FFm ...)
	{DSA-2855-1}
	- libav 6:9.10-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
CVE-2011-3943
	RESERVED
CVE-2011-3942
	RESERVED
CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg befo ...)
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6193ff68549ecbaf1a4d63a0e06964ec580ac620
CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before  ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3939
	RESERVED
CVE-2011-3938
	RESERVED
CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12,  ...)
	- libav 6:0.8.3-1
	- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7 ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
	{DSA-3003-1}
	- libav 6:10-1
	- ffmpeg <not-affected> (vuln. code not present, introduced later)
	NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
	{DSA-3003-1}
	- libav 6:10-1 (unimportant)
	- ffmpeg 7:2.4.1-1 (unimportant)
	NOTE: Fixed in libav trunk: http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d
	NOTE: only a crasher
CVE-2011-3933
	RESERVED
CVE-2011-3932
	RESERVED
CVE-2011-3931
	RESERVED
CVE-2011-3930
	RESERVED
CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x be ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3928 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3927 (Skia, as used in Google Chrome before 16.0.912.77, does not perform al ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3926 (Heap-based buffer overflow in the tree builder in Google Chrome before ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3925 (Use-after-free vulnerability in the Safe Browsing feature in Google Ch ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3924 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3923 (Apache Struts before 2.3.1.2 allows remote attackers to bypass securit ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-009
	NOTE: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows ...)
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3921 (Use-after-free vulnerability in Google Chrome before 16.0.912.75 allow ...)
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3920
	RESERVED
CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before ...)
	{DSA-2394-1}
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
	- libxml2 2.7.8.dfsg-7 (bug #656377)
CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests  ...)
	NOT-FOR-US: Android
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before 16. ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross re ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote atta ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8, as use ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (v8-i18n chrome issue)
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF document ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV video fr ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG documents ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows rem ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows remote attac ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote at ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex match ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3902
	RESERVED
CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information disclosure vuln ...)
	NOT-FOR-US: Android SQLite Journal
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	- libv8 3.5.10.24
	[squeeze] - chromium-browser <not-affected>
	[squeeze] - libv8 <not-affected>
CVE-2011-3899
	RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...)
	- chromium-browser 15.0.874.121~r109964-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 allo ...)
	- chromium-browser 15.0.874.121~r109964-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote att ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome befo ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (Chrome issue)
	- ffmpeg 7:2.4.1-1
	- libav 4:0.8~beta2-1 (bug #654534; bug #654573)
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 decodi ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV  ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	- libav 4:0.8~beta2-1 (bug #654534; bug #654572)
	- ffmpeg 7:2.4.1-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome befor ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
	- libav 4:0.8~beta2-1 (bug #654534; bug #654571)
	- ffmpeg 7:2.4.1-1
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in Google C ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows remote ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	- libv8 3.6
	[squeeze] - libv8 <not-affected>
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97402
CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address timing iss ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96632
CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3881 (WebKit, as used in Google Chrome before 15.0.874.102 and Android befor ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97353
CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an unspecifi ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to chrome ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/96610
CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows remote atta ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96999
CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache internals pag ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle downloading ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag and dr ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3874 (Stack-based buffer overflow in libsysutils in Android 2.2.x through 2. ...)
	NOT-FOR-US: Android
CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader t ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-XXXX [Fix file indirectory injection]
	- puppet 2.7.3-3 (unimportant)
	[squeeze] - puppet 2.6.2-5+squeeze1
	NOTE: Only exploitable during build/test suite run
	NOTE: DSA-2314-1
CVE-2011-3872 (Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterpri ...)
	{DSA-2352-1}
	- puppet 2.7.6-1
CVE-2011-3871 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when runni ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3870 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player  ...)
	NOT-FOR-US: Vmware
CVE-2011-3867
	REJECTED
CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly re ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3865 (Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3864 (Cross-site scripting (XSS) vulnerability in the The Erudite theme befo ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3863 (Cross-site scripting (XSS) vulnerability in the RedLine theme before 1 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3862 (Cross-site scripting (XSS) vulnerability in the Morning Coffee theme b ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3861 (Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3860 (Cross-site scripting (XSS) vulnerability in the Cover WP theme before  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3859 (Cross-site scripting (XSS) vulnerability in the Trending theme before  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3858 (Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme bef ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3857 (Cross-site scripting (XSS) vulnerability in the Antisnews theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3856 (Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme b ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3855 (Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3854 (Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3853 (Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0. ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3852 (Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1. ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3851 (Cross-site scripting (XSS) vulnerability in the News theme before 0.2  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3850 (Cross-site scripting (XSS) vulnerability in the Atahualpa theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3849 (Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1  ...)
	NOT-FOR-US: CA Directory
CVE-2011-3848 (Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2. ...)
	{DSA-2314-1}
	- puppet 2.7.3-2
CVE-2011-3847
	RESERVED
CVE-2011-3846 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-3845 (Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in wit ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3844 (Apple Safari 5.0.5 does not properly implement the setInterval functio ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3843
	RESERVED
CVE-2011-3842
	RESERVED
CVE-2011-3841 (Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avat ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3840
	RESERVED
CVE-2011-3839 (The administration functionality in Wuzly 2.0 allows remote attackers  ...)
	NOT-FOR-US: Wuzly
CVE-2011-3838 (Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attac ...)
	NOT-FOR-US: Wuzly
CVE-2011-3837 (Directory traversal vulnerability in blog_system/data_functions.php in ...)
	NOT-FOR-US: Wuzly
CVE-2011-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2. ...)
	NOT-FOR-US: Wuzly
CVE-2011-3835 (Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow ...)
	NOT-FOR-US: Wuzly
CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before 5 ...)
	NOT-FOR-US: Winamp
CVE-2011-3833 (Unrestricted file upload vulnerability in ftp_upload_file.php in Suppo ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3832 (Eval injection vulnerability in config.php in Support Incident Tracker ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3831 (SQL injection vulnerability in incident_attachments.php in Support Inc ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3830 (Cross-site scripting (XSS) vulnerability in search.php in Support Inci ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3829 (ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...)
	NOT-FOR-US: DVR Remote
CVE-2011-3827 (The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWI ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...)
	NOT-FOR-US: Eclime
CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote a ...)
	NOT-FOR-US: Eclime
CVE-2010-4850 (Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 a ...)
	NOT-FOR-US: Diferior
CVE-2010-4849 (SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B ...)
	NOT-FOR-US: Alibaba Clone B2B
CVE-2010-4848 (Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in  ...)
	NOT-FOR-US: AXScripts AxsLinks
CVE-2010-4847 (SQL injection vulnerability in view_item.php in MH Products MHP Downlo ...)
	NOT-FOR-US: MH Products MHP Downloadshop
CVE-2010-4846 (SQL injection vulnerability in view_item.php in MH Products Pay Pal Sh ...)
	NOT-FOR-US: MH Products Pay Pal Shop Digital
CVE-2010-4845 (Multiple SQL injection vulnerabilities in MH Products Projekt Shop all ...)
	NOT-FOR-US: MH Products Projekt Shop
CVE-2010-4844 (SQL injection vulnerability in content.php in MH Products Easy Online  ...)
	NOT-FOR-US: MH Products Easy Online Shop
CVE-2010-4843 (SQL injection vulnerability in website-page.php in PHP Web Scripts Ad  ...)
	NOT-FOR-US: PHP Web Scripts Ad Manager Pro
CVE-2010-4842 (SQL injection vulnerability in admin/login.php in MHP DownloadScript ( ...)
	NOT-FOR-US: MH Products Download Center
CVE-2011-3826 (Zikula 1.2.4 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3825 (Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3824 (Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3823 (Yamamah 1.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3822 (XOOPS 2.5.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3821 (xajax 0.6 beta1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3820 (WSN Software 6.0.6 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3819 (WoW Server Status 4.1 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3818 (WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3817 (Website Baker 2.8.1 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3816 (WEBinsta mailing list manager 1.3e allows remote attackers to obtain s ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3815 (WeBid 1.0.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3814 (WebCalendar 1.2.3, and other versions before 1.2.5, allows remote atta ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3813 (Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3812 (Vanilla 2.0.16 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3811 (TomatoCart 1.1.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3810 (TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3809 (TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3808 (The Bug Genie 2.1.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3807 (Textpattern 4.2.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3806 (TCExam 11.1.015 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3805 (TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3804 (SweetRice 0.7.1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3803 (SugarCRM 6.1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3802 (StatusNet 0.9.6 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3801 (SimpleTest 1.0.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3800 (Serendipity 1.5.5 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3799 (ReOS 2.0.5 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3798 (Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3797 (ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3796 (PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3795 (Podcast Generator 1.3 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3794 (Pligg CMS 1.1.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3793 (Pixie 1.04 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3792 (Pixelpost 1.7.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3791 (Piwik 1.1 allows remote attackers to obtain sensitive information via  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3790 (Piwigo 2.1.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3789 (phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3788 (PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3787 (phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3786 (PHProjekt 6.0.5 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3785 (PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3784 (Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3783 (phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3782 (phpLD 2-151.2.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3781 (PHPIDS 0.6.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3780 (PHP iCalendar 2.4 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3779 (PhpHostBot 2.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3778 (PhpGedView 4.2.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3777 (phpFreeChat 1.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3776 (phpFormGenerator 2.09 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3775 (PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3774 (php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obta ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3773 (PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3772 (phpCollab 2.5 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3771 (phpBook 2.1.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3770 (phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3769 (PHPads 2.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3768 (Phorum 5.2.15a allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3767 (osCommerce 3.0a5 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3766 (OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3765 (Open-Realty 2.5.8 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3764 (OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3763 (OpenCart 1.4.9.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3762 (OpenBlog 1.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3761 (NuSOAP 0.9.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3760 (Nucleus 3.61 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3759 (MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3758 (::mound:: 2.1.6 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3757 (Moodle 2.0.1 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3756 (MicroBlog 0.9.5 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3755 (MantisBT 1.2.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3754 (Mambo 4.6.5 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3753 (LinPHA 1.3.4 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3752 (LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3751 (LifeType 1.2.10 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3750 (kPlaylist 1.8.502 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3749 (ka-Map 1.0-20070205 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3748 (Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3747 (Joomla! 1.6.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3746 (Jcow 4.2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3745 (HycusCMS 1.0.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3744 (HTML Purifier 4.2.0 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3743 (Hesk 2.2 allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3742 (HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3741 (Ganglia 3.1.7 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3740 (FrontAccounting 2.3.1 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3739 (Freeway 1.5 Alpha allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3738 (Feng Office 1.7.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3737 (eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3736 (ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3735 (Escort Agency CMS (aka escort-agency-cms) allows remote attackers to o ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3734 (Energine 2.3.8 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3733 (Elgg 1.7.6 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3732 (eggBlog 4.1.2 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3731 (e107 0.7.24 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3730 (Drupal 7.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3729 (dotproject 2.1.4 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3728 (Dolphin 7.0.4 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3727 (DokuWiki 2009-12-25c allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3726 (DoceboLMS 4.0.4 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3725 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3724 (CubeCart 4.4.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3723 (Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3722 (Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtai ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3721 (concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3720 (conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote att ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3719 (CodeIgniter 1.7.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3718 (CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3717 (ClipBucket 2.0.9 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3716 (Claroline 1.9.7 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3715 (ClanTiger 1.1.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3714 (ClanSphere 2010.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3713 (cFTP r80 allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3712 (CakePHP 1.3.7 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3711 (BIGACE 2.7.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3710 (bbPress 1.0.2 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3709 (b2evolution 3.3.3 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3708 (Automne 4.0.2 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3707 (JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attack ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3706 (ATutor 2.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3705 (Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3704 (appRain 0.1.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3703 (AneCMS 1.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3702 (Ananta Gazelle 1.0 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3701 (AlegroCart 1.2.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3700 (Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3699 (John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain  ...)
	- libphp-adodb <unfixed> (unimportant)
	NOTE: path is already known
CVE-2011-3698 (AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3697 (Achievo 1.4.5 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3696 (60cycleCMS 2.5.2 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3695 (111WebCalendar 1.2.3 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3694 (The Server Administration Console in NetSaro Enterprise Messenger Serv ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3693 (NetSaro Enterprise Messenger Server 2.0 allows local users to discover ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3692 (NetSaro Enterprise Messenger Server 2.0 stores cleartext console crede ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3691 (Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718  ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-3690 (Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0  ...)
	NOT-FOR-US: PlotSoft PDFill PDF Editor
CVE-2011-3689 (Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Syst ...)
	NOT-FOR-US: Wibu-Systems CodeMeter WebAdmin
CVE-2011-3688 (Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9. ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3687 (Multiple cross-site scripting (XSS) vulnerabilities in Sonexis Confere ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3686 (Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.a ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3685 (Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cip ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2011-3684 (Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server  ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2011-3683
	RESERVED
CVE-2011-3682
	RESERVED
CVE-2011-3681
	REJECTED
CVE-2011-3680
	REJECTED
CVE-2011-3679
	REJECTED
CVE-2011-3678
	REJECTED
CVE-2011-3677
	REJECTED
CVE-2011-3676
	REJECTED
CVE-2011-3675
	REJECTED
CVE-2011-3674
	REJECTED
CVE-2011-3673
	REJECTED
CVE-2011-3672
	REJECTED
CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in ns ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before  ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 7.0-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3668 (Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bug ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and  ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS  ...)
	- iceweasel <not-affected> (MacOS specific)
CVE-2011-3665 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaM ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3664 (Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey befo ...)
	- iceweasel <not-affected> (MacOS specific)
CVE-2011-3663 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaM ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3662
	RESERVED
CVE-2011-3661 (YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 thro ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3659 (Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and Se ...)
	- iceweasel 9.0-1
	- iceape 2.7.1-1
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x an ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3656
	RESERVED
	- iceweasel 4.0-1
	[squeeze] - iceweasel <end-of-life> (Iceweasel not supported in Squeeze LTS)
CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perfor ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3654 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird befor ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3653 (Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do n ...)
	- iceweasel <not-affected> (MacOS X-specific)
CVE-2011-3652 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird befor ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3651 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3650 (Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird befo ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3649 (Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) A ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6 ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3646 (phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote atta ...)
	- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access rest ...)
	NOT-FOR-US: Newgen OmniDocs
CVE-2010-4841 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ev ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine EventLo ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2011-XXXX [atftp DoS]
	- atftp 0.7.dfsg-11 (low)
	[squeeze] - atftp <no-dsa> (Minor issue)
	[lenny] - atftp <not-affected> (Introduced with ipv6 patch)
CVE-2011-3644
	RESERVED
CVE-2011-3643
	RESERVED
CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...)
	- mahara <removed> (low; bug #699230)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441
CVE-2011-3641
	RESERVED
CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla Network  ...)
	{DSA-2339-1}
	- nss 3.13.1.with.ckbi.1.88-1 (low; bug #647614)
	[lenny] - nss <no-dsa> (Minor issue)
	[squeeze] - nss <no-dsa> (Minor issue)
	- chromium-browser <unfixed> (unimportant)
	NOTE: attacker needs to get malicious file into cwd first
	NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
CVE-2011-3639 (The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...)
	{DSA-2405-1}
	- apache2 2.2.18-1
	NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
CVE-2011-3638 (fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modif ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2 ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-3636 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
	NOT-FOR-US: FreeIPA
CVE-2011-3635 (Cross-site scripting (XSS) vulnerability in the theme_adium_append_mes ...)
	- empathy 3.2.1.1-1
	[squeeze] - empathy <no-dsa> (Minor issue)
	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when the cer ...)
	{DLA-0005-1}
	- apt 0.8.11 (low)
	[squeeze] - apt 0.8.10.3+squeeze2
	NOTE: Minor issue, apt is only affected if apt-transport-https is installed
	NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
	REJECTED
CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path names  ...)
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to heap-b ...)
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...)
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629 (Joomla! core 1.7.1 allows information disclosure due to weak encryptio ...)
	NOT-FOR-US: Joomla!
CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module)  ...)
	- pam 1.1.3-7 (low; bug #670076)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125
	NOTE: https://launchpadlibrarian.net/82729670/610125.patch
	NOTE: its not clear which version fixed this, but its present in the checked version 1.1.3-7
CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote attackers to ...)
	- clamav 0.97.3+dfsg-1 (low)
	[squeeze] - clamav 0.97.3+dfsg-1~squeeze1
CVE-2011-3626 (Double free vulnerability in the prepare_exec function in src/exec.c i ...)
	NOT-FOR-US: Logsurfer
CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in subr ...)
	- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
	[squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes)
	- mplayer2 2.0-134-g84d8671-9 (bug #646937)
CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and ea ...)
	- ruby1.8 <removed> (low; bug #646020)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed> (low; bug #646020)
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed> (low; bug #646020)
	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, there seems to be no patch upstream)
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media player bef ...)
	- vlc 1.1.3-1
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
CVE-2011-3622 (A Cross-Site Scripting (XSS) vulnerability exists in the admin login s ...)
	NOT-FOR-US: phorum
CVE-2011-3621 (A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_ ...)
	NOT-FOR-US: fluxbb
CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the joini ...)
	- qpid-cpp <not-affected> (Red Hat-specific extension, see bug #672124)
CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in the Li ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling ...)
	- atop 1.23-1.1 (low; bug #622794)
	[lenny] - atop 1.23-1+lenny1 (bug #622794)
	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to del ...)
	- tahoe-lafs 1.8.3-1 (bug #641540)
CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...)
	- conky 1.8.0-1.1 (low; bug #612033)
	[squeeze] - conky 1.8.0-1+squeeze1
	[lenny] - conky 1.6.0-2+lenny1
CVE-2011-3615 (Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF)  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-3614 (An Access Control vulnerability exists in the Facebook, Twitter, and E ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-3613 (An issue exists in Vanilla Forums before 2.0.17.9 due to the way cooki ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-3612 (Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in ...)
	NOT-FOR-US: UseBB
CVE-2011-3611 (A File Inclusion vulnerability exists in act parameter to admin.php in ...)
	NOT-FOR-US: UseBB
CVE-2011-3610 (A Cross-site Scripting (XSS) vulnerability exists in the Serendipity f ...)
	NOT-FOR-US: Serendipity plugin
CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3608
	REJECTED
CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Ap ...)
	{DSA-2405-1}
	- apache2 2.2.21-4
CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss Applicati ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) bef ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) bef ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3603 (The router advertisement daemon (radvd) before 1.8.2 does not properly ...)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
	NOTE: should be rejected (http://seclists.org/oss-sec/2011/q4/72)
CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router adve ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.2 (bug #644614)
	[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
	[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler i ...)
	- libxmlrpc3-java 3.1.3-1 (low)
	[lenny] - libxmlrpc3-java <no-dsa> (Minor issue)
CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when  ...)
	- libcrypt-dsa-perl 1.17-3 (unimportant; bug #644189)
	NOTE: All supported Debian kernels have /dev/random, so severity unimportant
CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin befo ...)
	- phppgadmin 5.0.3-1 (low; bug #644290)
	[squeeze] - phppgadmin 4.2.3-1.1squeeze1
	[lenny] - phppgadmin 4.2.2-1lenny1
CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for Perl ...)
	- libdigest-perl 1.17-1 (low; bug #644108)
	[squeeze] - libdigest-perl 1.16-1+squeeze1
	[lenny] - libdigest-perl 1.15-2+lenny1
	- perl 5.12.4-6 (low; bug #644108)
	[squeeze] - perl 5.10.1-17squeeze3
	[lenny] - perl <no-dsa> (Minor issue)
	NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-c ...)
	- polipo 1.0.4.1-1.2 (bug #644289)
	[squeeze] - polipo <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
CVE-2011-3595 (Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! t ...)
	NOT-FOR-US: Joomla!
CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libp ...)
	- pidgin 2.10.1-1 (unimportant)
	[squeeze] - pidgin 2.7.3-1+squeeze2
	NOTE: relatively obscure client crash
CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function in net ...)
	- linux-2.6 <not-affected> (RHEL6 only because of badly backported patches)
CVE-2011-3592 (Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlin ...)
	- phpmyadmin 4:3.4.5-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3591 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...)
	- phpmyadmin 4:3.4.5-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3590 (The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3589 (The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3588 (The SSH configuration in the Red Hat mkdumprd script for kexec-tools,  ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone  ...)
	- zope2.10 <not-affected> (Introduced in 2.12)
	- zope2.12 2.12.20-2
CVE-2011-3586
	REJECTED
CVE-2011-3585 (Multiple race conditions in the (1) mount.cifs and (2) umount.cifs pro ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:4.5-1 (low)
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to  ...)
	- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
	[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
	[lenny] - typo3-src 4.2.5-1+lenny9
CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...)
	- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
CVE-2011-3582 (A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced E ...)
	NOT-FOR-US: Advanced Electron Forums
CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal functio ...)
	{DSA-2353-1}
	- ldns 1.6.11-1 (bug #647297)
CVE-2011-3580 (IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote att ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10 ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.p ...)
	- mantis 1.2.7-1
	[squeeze] - mantis 1.1.8+dfsg-10squeeze1
CVE-2004-2770
	REJECTED
CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 do ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 all ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in N ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-3574 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3572
	REJECTED
CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI)  ...)
	NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507.
CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3568 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3567
	REJECTED
CVE-2011-3566 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1  ...)
	- glassfish <not-affected> (administration component not shipped)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=783897
CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
CVE-2011-3562 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3559 (Unspecified vulnerability in Oracle Communications Server 2.0; GlassFi ...)
	NOT-FOR-US: Oracle Communications Server, GlassFish Enterprise Server, Sun Java System App Server
CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - openjdk-6 <not-affected> (Hotspot version too old)
	[squeeze] - openjdk-6 <not-affected> (Hotspot version too old)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3543 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...)
	NOT-FOR-US: Oracle Solaris 11 Express
CVE-2011-3542 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3541 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3540
	REJECTED
CVE-2011-3539 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3538 (Unspecified vulnerability in the Sun Ray component in Oracle Virtualiz ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2011-3537 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3536 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3535 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3534 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3533 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3532 (Unspecified vulnerability in the Oracle Agile Product Supplier Collabo ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2011-3531 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3529 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3528 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3527 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3526 (Unspecified vulnerability in the Siebel Core - UIF Server component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-3525 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3524 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3523 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-3522 (Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra SPAR ...)
	NOT-FOR-US: SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade
CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3520 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise PeopleTools
CVE-2011-3519 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-3518 (Unspecified vulnerability in the Siebel Core - UIF Client component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-3517 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Su ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <not-affected> (Windows-specific)
	- openjdk-6 <not-affected> (Windows-specific)
CVE-2011-3515 (Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3514 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3513 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-3512 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3511 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3510 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3509 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3508 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3507 (Unspecified vulnerability in the Oracle Communications Unified compone ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3506 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Su ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3505
	REJECTED
CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly a ...)
	{DSA-2336-1}
	- libav 4:0.7.2-1 (bug #643859)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and pos ...)
	NOT-FOR-US: eSignal
CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote at ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote  ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub  ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attacker ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and  ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote at ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote at ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in Measure ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...)
	NOT-FOR-US: eSignal
CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...)
	NOT-FOR-US: Azeotech DAQFactory
CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and  ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft Sc ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ea ...)
	NOT-FOR-US: Rockwell RSLogix
CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows  ...)
	NOT-FOR-US: Equis MetaStock
CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel Plan ...)
	NOT-FOR-US: Carel PlantVisor
CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2011-3485
	RESERVED
CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server be ...)
	{DSA-2377-1}
	- cyrus-imapd-2.2 <unfixed>
	- cyrus-imapd-2.4 2.4.11-1
	- kolab-cyrus-imapd <removed>
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3480
	REJECTED
CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcA ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through 12.5 ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3477 (GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in S ...)
	NOT-FOR-US: Symantec
CVE-2011-3476
	REJECTED
CVE-2011-3475
	RESERVED
CVE-2011-3474
	RESERVED
CVE-2011-3473
	RESERVED
CVE-2011-3472
	RESERVED
CVE-2011-3471
	RESERVED
CVE-2011-3470
	RESERVED
CVE-2011-3469
	RESERVED
CVE-2011-3468
	RESERVED
CVE-2011-3467
	RESERVED
CVE-2011-3466
	RESERVED
CVE-2011-3465
	RESERVED
CVE-2011-3464 (Off-by-one error in the png_formatted_warning function in pngerror.c i ...)
	- libpng <not-affected> (Only affects libpng 1.5, which is only in experimental)
CVE-2011-3463 (WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properl ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3462 (Time Machine in Apple Mac OS X before 10.7.3 does not verify the uniqu ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3461
	RESERVED
CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows re ...)
	NOT-FOR-US: QuickTime
CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows r ...)
	NOT-FOR-US: QuickTime
CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to u ...)
	NOT-FOR-US: QuickTime
CVE-2011-3457 (The OpenGL implementation in Apple Mac OS X before 10.7.3 does not pro ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3456
	RESERVED
CVE-2011-3455
	RESERVED
CVE-2011-3454
	RESERVED
CVE-2011-3453 (Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows r ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3452 (Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3451
	RESERVED
CVE-2011-3450 (CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restri ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3449 (Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7 ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3448 (Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7. ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3447 (CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly con ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3446 (Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not pro ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3445
	RESERVED
CVE-2011-3444 (Address Book in Apple Mac OS X before 10.7.3 automatically switches to ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3443 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webspecidied Safari webkit issue, likely a Apple dupe
CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of f ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3441 (libinfo in Apple iOS before 5.0.1 does not properly formulate domain-n ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3440 (The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attac ...)
	{DSA-2350-1}
	- freetype 2.4.8-1 (bug #649122)
CVE-2011-3438 (WebKit, as used in Safari 5.0.6, allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS  ...)
	NOT-FOR-US: Apple Type Services (ATS) in Apple Mac OS
CVE-2011-3436 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a ...)
	NOT-FOR-US: Open Directory in Apple Mac OS
CVE-2011-3435 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users ...)
	NOT-FOR-US: Open Directory in Apple Mac OS
CVE-2011-3434 (The WiFi component in Apple iOS before 5 stores WiFi credentials in an ...)
	NOT-FOR-US: WiFi component in Apple iOS
CVE-2011-3433
	RESERVED
CVE-2011-3432 (The UIKit Alerts component in Apple iOS before 5 allows remote attacke ...)
	NOT-FOR-US: UIKit Alerts component in Apple iOS
CVE-2011-3431 (The Home screen component in Apple iOS before 5 does not properly supp ...)
	NOT-FOR-US: Home screen component in Apple iOS
CVE-2011-3430 (The Settings component in Apple iOS before 5, when a configuration pro ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3429 (The Settings component in Apple iOS before 5 stores a cleartext parent ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3428 (Buffer overflow in QuickTime before 7.7.1 for Windows allows remote at ...)
	NOT-FOR-US: Apple Quicktime
CVE-2011-3427 (The Data Security component in Apple iOS before 5 and Apple TV before  ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3426 (Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3425
	RESERVED
CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in  ...)
	NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer  ...)
	NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and  ...)
	NOT-FOR-US: Wordpress plugin Event Registration
CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component 1 ...)
	NOT-FOR-US: Joomla!
CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport ...)
	NOT-FOR-US: Joomla!
CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2 ...)
	NOT-FOR-US: PHPShop
CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS  ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2009-5101 (Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSES ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5100 (Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5099 (Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI S ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5098 (The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not vie ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module 5. ...)
	NOT-FOR-US: Drupal module Flag Content
	NOTE: might get packaged
CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...)
	- wireshark 1.6.2-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
	{DSA-2395-1}
	- wireshark 1.6.2-1
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
CVE-2011-3484 (The unxorFrame function in epan/dissectors/packet-opensafety.c in the  ...)
	- wireshark 1.6.2-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-12.html
CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before 14.0.835. ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	NOTE: duplicate
CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before 14.0.835. ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	NOTE: duplicate
CVE-2011-3419
	REJECTED
CVE-2011-3418
	REJECTED
CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable  ...)
	NOT-FOR-US: Microsoft .NET Framework
	NOTE: Might affect Mono, pinged maintainers
CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibili ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2011-3412 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote atta ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3409
	REJECTED
CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3407
	REJECTED
CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode ...)
	NOT-FOR-US: Microsoft Active Directory
CVE-2011-3405
	REJECTED
CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Cont ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handl ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Media Player
CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly h ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3399
	REJECTED
CVE-2011-3398
	REJECTED
CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 a ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2011-3395
	REJECTED
CVE-2011-3394 (SQL injection vulnerability in findagent.php in MYRE Real Estate Softw ...)
	NOT-FOR-US: MYRE Real Estate
CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php i ...)
	NOT-FOR-US: MYRE Real Estate
CVE-2009-5095 (PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0 ...)
	NOT-FOR-US: ea gBook
CVE-2009-5094 (SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate  ...)
	NOT-FOR-US: CMS Faethon
CVE-2009-5093 (Directory traversal vulnerability in gastbuch.php in G&#228;stebuch (G ...)
	NOT-FOR-US: Gastebuch
CVE-2009-5092 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Microsoft FAST ESP
CVE-2009-5091 (SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allo ...)
	NOT-FOR-US: Vlinks
CVE-2009-5090 (SQL injection vulnerability in editcomments.php in Bloggeruniverse Bet ...)
	NOT-FOR-US: Bloggeruniverse Beta 2
CVE-2009-5089 (Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0. ...)
	NOT-FOR-US: IdeaCart
CVE-2009-5088 (SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allow ...)
	NOT-FOR-US: IdeaCart
CVE-2009-5087 (Directory traversal vulnerability in geohttpserver in Geovision Digita ...)
	NOT-FOR-US: Geovision Digital Video Surveillance System
CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the control ...)
	NOT-FOR-US: Phorum
CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code t ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2011-3354 (The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel b ...)
	- quassel 0.7.3-1 (low; bug #640960)
	[squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960)
	NOTE: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in IB ...)
	NOT-FOR-US: IBM OpenAdmin Too
CVE-2010-4833 (Untrusted search path vulnerability in modules/engines/ms-windows/xp_t ...)
	- gtk+2.0 <not-affected> (win32 specific)
CVE-2011-3350 (masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c ...)
	- masqmail 0.2.30-1 (low; bug #638002)
	[lenny] - masqmail <no-dsa> (no security issue by itself)
	[squeeze] - masqmail 0.2.27-1.1+squeeze1
CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windo ...)
	{DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1 DLA-400-1 DLA-154-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
	- iceweasel <not-affected>
	NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
	- lighttpd 1.4.30-1
	NOTE: strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
	- curl 7.24.0-1
	NOTE: http://curl.haxx.se/docs/adv_20120124B.html
	- python2.6 2.6.8-0.1 (bug #684511)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.3~rc1-1
	- python3.1 <unfixed> (bug #678998)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3~rc1-1
	NOTE: http://bugs.python.org/issue13885
	NOTE: python3.1 is fixed starting 3.1.5
	- cyassl <removed>
	- gnutls26 <removed> (unimportant)
	- gnutls28 <unfixed> (unimportant)
	NOTE: No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
	- haskell-tls <unfixed> (unimportant)
	NOTE: No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	NOTE: matrixssl fix this upstream in 3.2.2
	- bouncycastle 1.49+dfsg-1
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
	NOTE: No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
	- nss 3.13.1.with.ckbi.1.88-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=665814
	NOTE: https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
	- polarssl <unfixed> (unimportant)
	NOTE: No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	- pound 2.6-2
	NOTE: Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
	- erlang 1:15.b-dfsg-1
	[squeeze] - erlang <no-dsa> (Minor issue)
	- asterisk 1:13.7.2~dfsg-1
	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
	NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure site t ...)
	NOT-FOR-US: Opera
CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authent ...)
	NOT-FOR-US: IBM Java
CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin pump  ...)
	NOT-FOR-US: Medtronic Paradigm wireless insulin pump
CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, a ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and ...)
	NOT-FOR-US: Sage
CVE-2011-3383 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allow ...)
	NOT-FOR-US: Phorum
CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.1 ...)
	NOT-FOR-US: Phorum
CVE-2011-3380 (Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a deni ...)
	- openswan <not-affected> (vulnerable versions never uploaded to the archive)
CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __auto ...)
	- php5 5.3.9-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ...)
	- rpm 4.9.1.2-1 (low; bug #645325)
	[squeeze] - rpm 4.8.1-6+squeeze1
	[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x be ...)
	{DSA-2420-1}
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1.4-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat  ...)
	- tomcat7 7.0.22-1
CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not pro ...)
	{DSA-2401-1}
	- tomcat6 6.0.33-1
	- tomcat7 7.0.22-1
CVE-2011-3374 (It was found that apt-key in apt, all versions, do not correctly valid ...)
	- apt <unfixed> (unimportant; bug #642480)
	NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 do ...)
	NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2 ...)
	{DSA-2318-1}
	- cyrus-imapd-2.2 2.4.11-1 (medium)
	- cyrus-imapd-2.4 2.4.11-1 (medium)
	- kolab-cyrus-imapd <removed> (medium)
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in include/functio ...)
	NOT-FOR-US: PunBB
CVE-2011-3370 (statusnet before 0.9.9 has XSS ...)
	- statusnet <itp> (bug #491723)
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before 0. ...)
	- etherape 0.9.12-1 (low; bug #645324)
	[lenny] - etherape <no-dsa> (Minor issue)
	[squeeze] - etherape 0.9.8-1+squeeze1
CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...)
	{DSA-2405-1}
	- apache2 2.2.21-2 (medium)
	NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font w ...)
	- arora <unfixed> (unimportant)
	NOTE: Requires CA compromise to exploit, browser still displays warning.
CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering ce ...)
	- rekonq <not-affected> (Only affected the 0.8.x devel versions and was fixed before final 0.8 release, see bug #647298)
	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and poss ...)
	- kde4libs 4:4.7.2-1
	[squeeze] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
	[lenny] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in setting ...)
	- network-manager-applet <not-affected> (ifcfg-rh plugin not built/included in Debian)
CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel be ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in commit 1bfe73c2)
CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavs ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC  ...)
	- backuppc 3.2.1-2 (bug #641450)
	[squeeze] - backuppc 3.1.0-9.1
	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
	NOTE: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 an ...)
	{DSA-2324-1}
	- wireshark 1.6.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-15.html
CVE-2011-3359 (The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux ker ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
	[lenny] - linux-2.6 <not-affected> (b43 allocate recieve buffer is 2404 bytes, which is already larger than the upstream fix of increasing it to 2382 bytes)
CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
	{DSA-2308-1}
	- mantis 1.2.7-1 (low; bug #640297)
	[squeeze] - mantis <not-affected> (Vulnerable code not present)
CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in M ...)
	{DSA-2308-1}
	- mantis 1.2.7-1 (medium; bug #640297)
CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in config_defaults ...)
	- mantis 1.2.7-1 (low; bug #640297)
	[squeeze] - mantis <not-affected> (Vulnerable code not present)
	[lenny] - mantis <not-affected> (Vulnerable code not present)
CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) con ...)
	- evolution-data-server3 3.2.1-1 (bug #641052)
CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...)
	{DSA-2389-1}
	- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...)
	NOT-FOR-US: Zikula
CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file insecurely  ...)
	- openvas-server <removed> (low; bug #641327)
	[squeeze] - openvas-server <no-dsa> (Minor issue)
	NOTE: openvas-scanner in experimental also affected according to #671327
CVE-2011-3349 (lightdm before 0.9.6 writes in .dmrc and Xauthority files using root p ...)
	- lightdm 0.9.6-1 (bug #639151)
CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...)
	- apache2 2.2.21-1
	[squeeze] - apache2 2.2.16-6+squeeze4
	[lenny] - apache2 <not-affected> (introduced in 2.2.12)
CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel pac ...)
	- linux-2.6 3.2-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-3346 (Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before ...)
	- qemu-kvm 0.15.1+dfsg-1 (bug #646118)
	[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_ker ...)
	- ofa-kernel <itp> (bug #541849)
CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attacke ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 al ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remo ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2010-4832 (Android OS before 2.2 does not display the correct SSL certificate in  ...)
	NOT-FOR-US: Android
CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in G ...)
	- gtk+2.0 <not-affected> (Win32-specific)
CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration Ma ...)
	NOT-FOR-US: Juniper IDP
CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control Center i ...)
	NOT-FOR-US: Sentinel HASP Run-time Environment
CVE-2011-3338
	RESERVED
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 f ...)
	NOT-FOR-US: eEye Digital Security Audits
CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to denial of s ...)
	NOT-FOR-US: BSD
CVE-2011-3335
	RESERVED
CVE-2011-3334
	RESERVED
CVE-2011-3333
	RESERVED
CVE-2011-3332 (Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix  ...)
	NOT-FOR-US: Iceni Argus
CVE-2011-3331
	RESERVED
CVE-2011-3330 (Buffer overflow in the UnitelWay Windows Device Driver, as used in Sch ...)
	NOT-FOR-US: Schneider Electric
CVE-2011-3329
	RESERVED
CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color ...)
	- libpng <not-affected> (Introduced in 1.5.4, which was only in experimental and which has been fixed since then)
CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99 ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attacker ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 impleme ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows re ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon  ...)
	NOT-FOR-US: Scadatec Limited Procyon SCADA
CVE-2011-3321 (Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loade ...)
	NOT-FOR-US: SIMATIC WinCC
CVE-2011-3320 (Cross-site scripting (XSS) vulnerability in the Web Administrator comp ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Historian
CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx Re ...)
	NOT-FOR-US: WebEx
CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software 1. ...)
	NOT-FOR-US: Cisco
CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the Solution En ...)
	NOT-FOR-US: Cisco
CVE-2011-3316
	RESERVED
CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco
CVE-2011-3314
	RESERVED
CVE-2011-3313
	RESERVED
CVE-2011-3312
	RESERVED
CVE-2011-3311
	RESERVED
CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 ...)
	NOT-FOR-US: Cisco CiscoWorks
CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-3308
	RESERVED
CVE-2011-3307
	RESERVED
CVE-2011-3306
	RESERVED
CVE-2011-3305 (Directory traversal vulnerability in Cisco Network Admission Control ( ...)
	NOT-FOR-US: Cisco Network Admission Control
CVE-2011-3304 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3303 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3302 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3301 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3300 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3299 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3298 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3297 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 befo ...)
	NOT-FOR-US: Cisco
CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 befo ...)
	NOT-FOR-US: Cisco
CVE-2011-3295 (The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as us ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in the admi ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Solu ...)
	NOT-FOR-US: Cisco
CVE-2011-3292
	RESERVED
CVE-2011-3291
	RESERVED
CVE-2011-3290 (Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Orac ...)
	NOT-FOR-US: Cisco
CVE-2011-3289 (Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect recursio ...)
	NOT-FOR-US: Cisco
CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x t ...)
	NOT-FOR-US: Cisco
CVE-2011-3286
	RESERVED
CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2011-3284
	RESERVED
CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a  ...)
	NOT-FOR-US: Cisco
CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15 ...)
	NOT-FOR-US: Cisco
CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain H ...)
	NOT-FOR-US: Cisco
CVE-2011-3280 (Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 a ...)
	NOT-FOR-US: Cisco
CVE-2011-3279 (The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12 ...)
	NOT-FOR-US: Cisco
CVE-2011-3278 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1  ...)
	NOT-FOR-US: Cisco
CVE-2011-3277 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1  ...)
	NOT-FOR-US: Cisco
CVE-2011-3276 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1  ...)
	NOT-FOR-US: Cisco
CVE-2011-3275 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x throug ...)
	NOT-FOR-US: Cisco
CVE-2011-3274 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15 ...)
	NOT-FOR-US: Cisco
CVE-2011-3273 (Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Fir ...)
	NOT-FOR-US: Cisco
CVE-2011-3272 (The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15. ...)
	NOT-FOR-US: Cisco
CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and  ...)
	NOT-FOR-US: Cisco
CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allo ...)
	NOT-FOR-US: Lexmark
CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...)
	- php5 5.3.8-1
	[squeeze] - php5 <not-affected> (Only affected 5.3.7)
	[lenny] - php5 <not-affected> (Only affected 5.3.7)
CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log function, w ...)
	{DSA-2408-1}
	- php5 5.3.7-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2011-3266 (The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and  ...)
	- wireshark 1.6.2-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2010-4830 (SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno ...)
	NOT-FOR-US: Techno Dreams (T-Dreams) Job Career Package
CVE-2010-4829 (SQL injection vulnerability in processview.asp in Techno Dreams (T-Dre ...)
	NOT-FOR-US: Techno Dreams
CVE-2010-4828 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orio ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2010-4827 (Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forum ...)
	NOT-FOR-US: Snitz Forums
CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...)
	NOT-FOR-US: Snitz Forums
CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Tw ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the c ...)
	- zabbix 1:1.8.9-1
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive inform ...)
	- zabbix 1:1.8.6-1 (unimportant)
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Installation path is known anyway for the Debian package
CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows con ...)
	- zabbix 1:1.8.6-1
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	- xen-3 <removed>
	[lenny] - xen-3 <no-dsa> (Minor issue; only marginally affected)
CVE-2011-3261 (Double free vulnerability in OfficeImport in Apple iOS before 5 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3260 (Buffer overflow in OfficeImport in Apple iOS before 5 allows remote at ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3259 (The kernel in Apple iOS before 5 and Apple TV before 4.4 does not prop ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3258
	RESERVED
CVE-2011-3257 (The Data Access component in Apple iOS before 5 does not properly hand ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3256 (FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5 ...)
	{DSA-2328-1}
	- freetype 2.4.7-1 (bug #646120)
CVE-2011-3255 (CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspe ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3254 (Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS befo ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3253 (CalDAV in Apple iOS before 5 does not validate X.509 certificates for  ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3252 (Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, all ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 do ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final chara ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X  ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3240
	RESERVED
CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, whic ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, a ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-3231 (The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3230 (Apple Safari before 5.1.1 on Mac OS X does not enforce an intended pol ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3229 (Directory traversal vulnerability in Apple Safari before 5.1.1 allows  ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to e ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3227 (libsecurity in Apple Mac OS X before 10.7.2 does not properly handle e ...)
	NOT-FOR-US: libsecurity in Apple Mac OS X
CVE-2011-3226 (Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 se ...)
	NOT-FOR-US: Open Directory in Apple Mac OS X
CVE-2011-3225 (The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 doe ...)
	NOT-FOR-US: SMB File Server component in Apple Mac OS X
CVE-2011-3224 (The User Documentation component in Apple Mac OS X through 10.6.8 uses ...)
	NOT-FOR-US: User Documentation component in Apple Mac OS X
CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows re ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows re ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process UR ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, all ...)
	NOT-FOR-US: Apple CoreMedia
CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X thr ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3217 (MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to e ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3216 (The kernel in Apple Mac OS X before 10.7.2 does not properly implement ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2011-3215 (The kernel in Apple Mac OS X before 10.7.2 does not properly prevent F ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2011-3214 (IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a ...)
	NOT-FOR-US: IOGraphics in Apple Mac OS X
CVE-2011-3213 (The File Systems component in Apple Mac OS X before 10.7.2 does not pr ...)
	NOT-FOR-US: File Systems component in Apple Mac OS X
CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that  ...)
	NOT-FOR-US: CoreStorage in Apple Mac OS X
CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remo ...)
	{DSA-2302-1}
	- bcfg2 1.1.2-2 (bug #640028)
	NOTE: information as reported by maintainer
CVE-2011-3210 (The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through  ...)
	- openssl 1.0.0e-1
	[lenny] - openssl 0.9.8g-15+lenny13
	[squeeze] - openssl 0.9.8o-4squeeze3
CVE-2011-3209 (The div_long_long_rem implementation in include/asm-x86/div64.h in the ...)
	- linux-2.6 2.6.26-1
CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c  ...)
	{DSA-2318-1}
	- cyrus-imapd-2.2 2.4.11-1 (medium)
	- cyrus-imapd-2.4 2.4.11-1 (medium)
	- kolab-cyrus-imapd <removed> (medium)
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initial ...)
	- openssl 1.0.0e-1
	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
	[lenny] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
CVE-2011-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: RHQ
CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the Gophe ...)
	{DSA-2304-1}
	- squid3 3.1.15-1 (low; bug #639755)
	- squid <not-affected> (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbit ...)
	- hammerhead <removed> (bug #639890)
	[lenny] - hammerhead <no-dsa> (Minor issue)
	[squeeze] - hammerhead <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/826679
CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...)
	NOT-FOR-US: Jcow
CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...)
	NOT-FOR-US: Jcow
CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to  ...)
	- evolution <unfixed> (unimportant)
	NOTE: Any attacks still involve quite some social engineering
CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in to ...)
	- rsyslog 5.8.5-1 (low; bug #644611)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
	NOTE: off-by-one/-two limited to 0 or :0
CVE-2011-3199 (Multiple cross-site scripting (XSS) vulnerabilities in Domain Technolo ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637584)
CVE-2011-3198 (Domain Technologie Control (DTC) before 0.34.1 includes a password in  ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637537)
CVE-2011-3197 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637487; bug #637498)
CVE-2011-3196 (The setup script in Domain Technologie Control (DTC) before 0.34.1 use ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637485)
CVE-2011-3195 (shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0. ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637477)
CVE-2011-3194 (Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...)
	{DLA-117-1}
	- qt4-x11 4:4.7.4-1 (bug #641738)
CVE-2011-3193 (Heap-based buffer overflow in the Lookup_MarkMarkPos function in the H ...)
	{DLA-117-1}
	- qt4-x11 4:4.7.4-1 (bug #641738)
	- pango1.0 1.28.3-1
	NOTE: affected code in pango1.0 removed earlier, but this is the version checked (lenny is affected)
CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2. ...)
	{DSA-2298-1}
	- apache2 2.2.19-2
CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in fs/cifs/cifss ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-5
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0  ...)
	{DSA-2401-1}
	- tomcat6 6.0.35-1
	- tomcat7 7.0.21-1
	- tomcat5.5 <removed>
CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, retur ...)
	- php5 5.3.8-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3 ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...)
	- rails <unfixed> (unimportant)
	NOTE: X-Forwarded-For header is user supplied (like User-Agent)
CVE-2011-3186 (CRLF injection vulnerability in actionpack/lib/action_controller/respo ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted rem ...)
	- pidgin <not-affected> (Windows-specific)
CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...)
	- pidgin 2.10.0-1 (unimportant)
	NOTE: Only exploitable by a malicious MSN server to crash the client
CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...)
	NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...)
	{DSA-2408-1}
	- php5 5.3.7-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking fe ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.4-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 an ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
	NOT-FOR-US: Novell Messenger
CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code injection of ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
CVE-2011-3177 (The YaST2 network created files with world readable permissions which  ...)
	NOT-FOR-US: YaST
CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 Ac ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nippl ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2011-3172 (A vulnerability in pam_modules of SUSE Linux Enterprise allows attacke ...)
	- libpam-unix2 <removed>
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645
	NOTE: Issue was not fixed up to the version removed from unstable.
	NOTE: Proposed update form SUSE: https://bugzilla.suse.com/attachment.cgi?id=441720
CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly oth ...)
	NOT-FOR-US: pure-FTPd add-on
CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earl ...)
	{DSA-2354-1}
	- cups 1.5.0-8
	NOTE: This ID is for an incomplete fix for CVE-2011-2896
CVE-2010-4824 (SQL injection vulnerability in the augmentSQL method in core/model/Tra ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4823 (Cross-site scripting (XSS) vulnerability in the httpError method in sa ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allo ...)
	NOT-FOR-US: phpMyFAQ
CVE-2010-4820 (Untrusted search path vulnerability in Ghostscript 8.62 allows local u ...)
	- ghostscript 8.71~dfsg2-6.1
	[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension (render/rende ...)
	- xorg-server 2:1.9.0.901-1
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated u ...)
	- xorg-server 2:1.9.99.902-1
	[squeeze] - xorg-server 2:1.7.7-4
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact:
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...)
	- pithos 0.3.5-1
CVE-2010-4816
	RESERVED
CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in HP TCP ...)
	NOT-FOR-US: HP OpenVMS
CVE-2011-3168 (Unspecified vulnerability in the POP and IMAP service implementations  ...)
	NOT-FOR-US: HP OpenVMS
CVE-2011-3167 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3166 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3165 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3164 (Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure R ...)
	NOT-FOR-US: HP-UX
CVE-2011-3163 (HP MFP Digital Sending Software 4.9x through 4.91.21 allows local user ...)
	NOT-FOR-US: HP MFP Digital Sending Software
CVE-2011-3162 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3161 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3160 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3159 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3158 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3157 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3156 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3155 (Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 throug ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2011-3154 (DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1 ...)
	- update-manager <not-affected> (ubuntu-specific issue)
	NOTE: see bug #650307
CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows loca ...)
	- lightdm 1.0.6-2
CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87. ...)
	- update-manager <not-affected> (ubuntu-specific issue)
	NOTE: see bug #650307
CVE-2011-3151 (The Ubuntu SELinux initscript before version 1:0.10 used touch to crea ...)
	NOT-FOR-US: Historic Ubuntu init script issue
CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validat ...)
	- software-center <not-affected> (ubuntu-specific issue)
	NOTE: debian package does not contain the vulnerable purchaseview.py code, and probably won't ever as that's part of their commercial interface code
CVE-2011-3149 (The _expand_arg function in the pam_env module (modules/pam_env/pam_en ...)
	{DSA-2326-1}
	- pam 1.1.3-5
	[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in modules/ ...)
	{DSA-2326-1}
	- pam 1.1.3-5
	[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3147 (Versions of nova before 2012.1 could expose hypervisor host files to a ...)
	- nova 2012.1~e1-1
	NOTE: http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604
CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, ...)
	- librsvg 2.34.1-1
	[squeeze] - librsvg <no-dsa> (Minor issue)
	NOTE: http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=658014
CVE-2011-3145 (When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreui ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
	[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
CVE-2011-3144 (Cross-site scripting (XSS) vulnerability in Control Microsystems Clear ...)
	NOT-FOR-US: Control Microsystems ClearSCADA
CVE-2011-3143 (Use-after-free vulnerability in Control Microsystems ClearSCADA 2005,  ...)
	NOT-FOR-US: Control Microsystems ClearSCADA
CVE-2011-3142 (Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in W ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for Invensys ...)
	NOT-FOR-US: Wonderware InBatch
CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX ...)
	NOT-FOR-US: IBM Web Application Firewall
CVE-2011-3139
	REJECTED
CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli Federated Ide ...)
	NOT-FOR-US: Tivoli
CVE-2011-3137 (Unspecified vulnerability in the Management Console in IBM Tivoli Fede ...)
	NOT-FOR-US: Tivoli
CVE-2011-3136 (Unspecified vulnerability in the Management Console in IBM Tivoli Fede ...)
	NOT-FOR-US: Tivoli
CVE-2011-3135 (Unspecified vulnerability in the Runtime in IBM Tivoli Federated Ident ...)
	NOT-FOR-US: Tivoli
CVE-2009-5085 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, whe ...)
	NOT-FOR-US: Tivoli
CVE-2009-5084 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, whe ...)
	NOT-FOR-US: Tivoli
CVE-2009-5083 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, whe ...)
	NOT-FOR-US: Tivoli
CVE-2008-7299 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses ...)
	NOT-FOR-US: Tivoli
CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3 ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0. ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3131 (Xen 4.1.1 and earlier allows local guest OS kernels with control of a  ...)
	{DSA-2582-1}
	- xen 4.1.2-1
CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before  ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3129 (The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 be ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached att ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rend ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attacke ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, a ...)
	NOT-FOR-US: InfoSphere
CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, a ...)
	NOT-FOR-US: InfoSphere
CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
	NOTE: original advisory seems to be http://technet.microsoft.com/en-us/security/msvr/msvr11-010
CVE-2011-3121
	RESERVED
CVE-2011-3120
	REJECTED
CVE-2011-3119
	REJECTED
CVE-2011-3118
	REJECTED
CVE-2011-3117
	REJECTED
CVE-2011-3116
	REJECTED
CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome be ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not pr ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality specific to Chrome)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- libv8 3.8.9.20-2 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows remo ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly perform a ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3108 (Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allo ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3107 (Google Chrome before 19.0.1084.52 does not properly implement JavaScri ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3106 (The WebSockets implementation in Google Chrome before 19.0.1084.52 doe ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3105 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3104 (Skia, as used in Google Chrome before 19.0.1084.52, allows remote atta ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3103 (Google V8, as used in Google Chrome before 19.0.1084.52, does not prop ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3102 (Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084 ...)
	{DSA-2479-1}
	- libxml2 2.7.8.dfsg-9.1 (bug #674191)
	NOTE: http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
CVE-2011-3101 (Google Chrome before 19.0.1084.46 on Linux does not properly mitigate  ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 20.0.1132.21~r139451-1
CVE-2011-3100 (Google Chrome before 19.0.1084.46 does not properly draw dash paths, w ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3099 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3098 (Google Chrome before 19.0.1084.46 on Windows uses an incorrect search  ...)
	- chromium-browser <not-affected> (Windows-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3097 (The PDF functionality in Google Chrome before 19.0.1084.46 allows remo ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3096 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on L ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3095 (The OGG container in Google Chrome before 19.0.1084.46 allows remote a ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3094 (Google Chrome before 19.0.1084.46 does not properly handle Tibetan tex ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3093 (Google Chrome before 19.0.1084.46 does not properly handle glyphs, whi ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3092 (The regex implementation in Google V8, as used in Google Chrome before ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3091 (Use-after-free vulnerability in the IndexedDB implementation in Google ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3089 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allo ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3088 (Google Chrome before 19.0.1084.46 does not properly draw hairlines, wh ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3087 (Google Chrome before 19.0.1084.46 does not properly perform window nav ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3086 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allo ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3085 (The Autofill feature in Google Chrome before 19.0.1084.46 does not pro ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3084 (Google Chrome before 19.0.1084.46 does not use a dedicated process for ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3083 (browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0. ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3082
	RESERVED
CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 all ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3080 (Race condition in the Inter-process Communication (IPC) implementation ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome  ...)
	{DSA-3260-1}
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	- icedove <not-affected> (Only affects Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-57/
CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 all ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3075 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3074 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3073 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3072 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass t ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3071 (Use-after-free vulnerability in the HTMLMediaElement implementation in ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3070 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3069 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3068 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3067 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass t ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3066 (Skia, as used in Google Chrome before 18.0.1025.151, does not properly ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3065 (Skia, as used in Google Chrome before 18.0.1025.142, allows remote att ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3064 (Use-after-free vulnerability in Google Chrome before 18.0.1025.142 all ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 18.0.1025.142~r129054-1
CVE-2011-3063 (Google Chrome before 18.0.1025.142 does not properly validate the rend ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome before 18. ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2011-3061 (Google Chrome before 18.0.1025.142 does not properly check X.509 certi ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3060 (Google Chrome before 18.0.1025.142 does not properly handle text fragm ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3059 (Google Chrome before 18.0.1025.142 does not properly handle SVG text e ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote  ...)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3055 (The browser native UI in Google Chrome before 17.0.963.83 does not req ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3054 (The WebUI privilege implementation in Google Chrome before 17.0.963.83 ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3053 (Use-after-free vulnerability in Google Chrome before 17.0.963.83 allow ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3052 (The WebGL implementation in Google Chrome before 17.0.963.83 does not  ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3051 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3050 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3049 (Google Chrome before 17.0.963.83 does not properly restrict the extens ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, ...)
	{DSA-2446-1}
	- libpng 1.2.49-1 (bug #667475)
CVE-2011-3047 (The GPU process in Google Chrome before 17.0.963.79 allows remote atta ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3046 (The extension subsystem in Google Chrome before 17.0.963.78 does not p ...)
	- chromium-browser 17.0.963.78~r125577-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3045 (Integer signedness error in the png_inflate function in pngrutil.c in  ...)
	{DSA-2439-1}
	- libpng 1.2.47-2 (bug #665208; high)
CVE-2011-3044 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3043 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3042 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3041 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3040 (Google Chrome before 17.0.963.65 does not properly handle text, which  ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3039 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3038 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3037 (Google Chrome before 17.0.963.65 does not properly perform casts of un ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3036 (Google Chrome before 17.0.963.65 does not properly perform a cast of a ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3035 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3034 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3033 (Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65,  ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3032 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3031 (Use-after-free vulnerability in the element wrapper in Google V8, as u ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3030
	RESERVED
CVE-2011-3029
	RESERVED
CVE-2011-3028
	RESERVED
CVE-2011-3027 (Google Chrome before 17.0.963.56 does not properly perform a cast of a ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before 17.0.963.5 ...)
	{DSA-2410-1}
	- libpng 1.2.46-5 (high; bug #660026)
CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264 data, w ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to cause a de ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3023 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3022 (translate/translate_manager.cc in Google Chrome before 17.0.963.56 and ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3021 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3020 (Unspecified vulnerability in the Native Client validator implementatio ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3019 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3018 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3017 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3016 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3015 (Multiple integer overflows in the PDF codecs in Google Chrome before 1 ...)
	- chromium-browser <not-affected> (PDF functionality not built)
CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3013 (WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3012 (The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremu ...)
	- openarena 0.8.5-5+exp1
	NOTE: Current openarena packages use the share ioquake3 engine
	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
	- ioquake3 1.36+svn1946-4
	- tremulous 1.1.0-6 (bug #660836)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle  ...)
	NOT-FOR-US: CA ARCserve D2D
CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5. ...)
	- twiki <removed>
CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon forking, wh ...)
	- ruby1.8 1.8.7.352-1
	[squeeze] - ruby1.8 1.8.7.302-2squeeze2
CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL) Gateway 1. ...)
	NOT-FOR-US: Avaya Secure Access Link Gateway
CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications  ...)
	NOT-FOR-US: Android browser
CVE-2008-7297 (Opera cannot properly restrict modifications to cookies established in ...)
	NOT-FOR-US: Opera
CVE-2008-7296 (Apple Safari cannot properly restrict modifications to cookies establi ...)
	NOT-FOR-US: Safari, see CVE-2008-7294 for potential webkit ramifications
CVE-2008-7295 (Microsoft Internet Explorer cannot properly restrict modifications to  ...)
	NOT-FOR-US: Internet Explorer
CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict modifications  ...)
	- chromium-browser 4.0.211.0
	- webkit <not-affected>
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to coo ...)
	- iceweasel 4.0-1 (unimportant)
	NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately
	NOTE: a security feature enhancement
CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before  ...)
	- bugzilla 3.0.4-1
CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Pr ...)
	NOT-FOR-US: McAfee SaaS
CVE-2011-3006 (The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS E ...)
	NOT-FOR-US: McAfee SaaS
CVE-2011-3005 (Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunder ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3004 (The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey b ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3003 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attac ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3002 (Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefo ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3001 (Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey b ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7. ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6. ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: Only affects firefox 3.6 code base, not 4.0 oder later
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2997 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 6)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox 6)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 6)
	- iceape <not-affected> (Only affects Firefox 6)
CVE-2011-2996 (Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x b ...)
	- icedove <not-affected> (Only affects MacOS)
	- xulrunner <not-affected> (Only affects MacOS)
	- iceweasel <not-affected> (Only affects MacOS)
	- iceape <not-affected> (Only affects MacOS)
CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2994
	RESERVED
CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla Fire ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x bef ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2990 (The implementation of Content Security Policy (CSP) violation reports  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x bef ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2988 (Buffer overflow in an unspecified string class in the WebGL shader imp ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2987 (Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANG ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x bef ...)
	- xulrunner <not-affected> (Only affects Windows)
	- iceweasel <not-affected> (Only affects Windows)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2985 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3 ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12,  ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20,  ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup fun ...)
	- icedove <not-affected> (Only affects Windows)
	- xulrunner <not-affected> (Only affects Windows)
	- iceweasel <not-affected> (Only affects Windows)
CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain  ...)
	{DSA-2322-1}
	- bugzilla <not-affected> (Only affects Bugzilla 4.1, never uploaded to the archive)
CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4 ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x befo ...)
	- bugzilla <not-affected> (Only affects Bugzilla on Windows)
CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2 ...)
	- bugzilla 3.6.1.0-0.1 (low)
	NOTE: Fixed in 3.5.1, but 3.6.1 was first fixed upload to archive
CVE-2011-2975 (Double free vulnerability in the msAddImageSymbol function in mapsymbo ...)
	- mapserver 6.0.1-1
	[lenny] - mapserver <not-affected> (Vulnerable code not present)
	[squeeze] - mapserver <not-affected> (Vulnerable code not present)
CVE-2011-2974
	REJECTED
CVE-2011-2973
	REJECTED
CVE-2011-2972
	REJECTED
CVE-2011-2971
	REJECTED
CVE-2011-2970
	REJECTED
CVE-2011-2969
	REJECTED
CVE-2011-2968
	REJECTED
CVE-2011-2967
	REJECTED
CVE-2011-2966
	REJECTED
CVE-2011-2965
	REJECTED
CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 al ...)
	{DSA-2380-1}
	- foomatic-filters 4.0.9-1
	NOTE: There two implementation of the affected filter: the version from foomatic-filters
	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in
	NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697
	NOTE: Fixed in foomatic-filters 4.0.8
CVE-2011-2963 (TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not  ...)
	NOT-FOR-US: Progea Movicon
CVE-2011-2962 (Multiple stack-based buffer overflows in Invensys Wonderware Informati ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2011-2961 (Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetP ...)
	NOT-FOR-US: Sunway pNetPower
CVE-2011-2960 (Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceContr ...)
	NOT-FOR-US: Sunway ForceControl
CVE-2011-2959 (Stack-based buffer overflow in the Open Database Connectivity (ODBC) s ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System (IGSS)
CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXo ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnosti ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Diagnostics Viewer
CVE-2011-2956 (AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authenti ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2011-XXXX [rtkit: failure to drop supplemental groups]
	- rtkit 0.10-2
CVE-2011-XXXX [minissdpd multiple issues]
	- minissdpd 1.0.20110729-1 (bug #635836)
CVE-2011-2955 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...)
	NOT-FOR-US: RealNetworks RealPlayer 11.0
CVE-2011-2954 (Use-after-free vulnerability in the AutoUpdate feature in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer 11.0
CVE-2011-2953 (An unspecified ActiveX control in the browser plugin in RealNetworks R ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2952 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2951 (Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2950 (Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlaye ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2949 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2948 (RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, R ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2947 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control i ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2946 (Unspecified vulnerability in an ActiveX control in RealNetworks RealPl ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2944 (SQL injection vulnerability in login.php in MegaLab The Uploader befor ...)
	NOT-FOR-US: MegaLab The Uploader
CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in libpu ...)
	- pidgin 2.10.0-1 (bug #638709)
	[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
	[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in net/bridge/br_ ...)
	- linux-2.6 <not-affected> (RHEL-specific backport issue)
CVE-2011-2941 (Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platfor ...)
	NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrar ...)
	- stunnel4 3:4.42-1 (bug #638758)
	[squeeze] - stunnel4 <not-affected> (Only 4.4x affected)
	[lenny] - stunnel4 <not-affected> (Only 4.4x affected)
CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in th ...)
	- perl 5.12.4-4 (low; bug #637376)
	[squeeze] - perl 5.10.1-17squeeze3
	[lenny] - perl <no-dsa> (Minor issue)
	- libencode-perl 2.44-1 (low)
CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php  ...)
	- mantis 1.2.6-1 (bug #638321)
	[squeeze] - mantis <not-affected> (Only affects Mantis 1.1)
	[lenny] - mantis <not-affected> (Only affects Mantis 1.1)
CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages functional ...)
	- roundcube 0.5.4+dfsg-1 (low; bug #641996)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...)
	- elgg <itp> (bug #526197)
CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
	- elgg <itp> (bug #526197)
CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...)
	{DSA-2655-1}
	- rails 2.3.14
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name method  ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-2929 (The template selection functionality in actionpack/lib/action_view/tem ...)
	- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kerne ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6,  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
	RESERVED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...)
	NOT-FOR-US: Cumin
CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...)
	- foomatic-filters 4.0.12-1 (low)
	[squeeze] - foomatic-filters 4.0.5-6+squeeze2
CVE-2011-2923 (foomatic-rip filter, all versions, used insecurely creates temporary f ...)
	- foomatic-filters <unfixed> (unimportant)
	NOTE: debug mode-only
CVE-2011-2922 (ktsuss versions 1.4 and prior spawns the GTK interface to run as root. ...)
	- ktsuss <removed>
CVE-2011-2921 (ktsuss versions 1.4 and prior has the uid set to root and does not dro ...)
	- ktsuss <removed>
CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6,  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does n ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
	[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS 4 ...)
	NOT-FOR-US: Mambo
CVE-2011-2916 (qtnx 0.9 stores non-custom SSH keys in a world-readable configuration  ...)
	- qtnx <removed> (low; bug #637439)
	[squeeze] - qtnx <no-dsa> (Minor issue)
CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams. ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.c ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.c ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in src ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.c ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2910 (The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check  ...)
	- ax25-tools 0.0.8-13.2 (low; bug #638198)
	[lenny] - ax25-tools <no-dsa> (Minor issue)
	[squeeze] - ax25-tools <no-dsa> (Minor issue)
CVE-2011-2909 (The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c  ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2908 (Cross-site request forgery (CSRF) vulnerability in the JMX Console (jm ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource  ...)
	- torque 2.4.15+dfsg-1
	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
CVE-2011-2906 (** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrou ...)
	NOT-FOR-US: ** REJECT **
CVE-2011-2905 (Untrusted search path vulnerability in the perf_config function in too ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
	[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix befor ...)
	- zabbix 1:1.8.6-1
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow attack ...)
	- tcptrack 1.4.2-1 (unimportant; bug #551092)
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-1 ...)
	- xpdf 3.02-19 (low; bug #635849)
	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
	[squeeze] - xpdf 3.02-12+squeeze1
CVE-2011-2901 (Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows  ...)
	- xen <not-affected> (Only affects Xen <= 3.3)
	- xen-3 <removed>
CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c  ...)
	NOT-FOR-US: Mongoose
CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic ...)
	- foomatic-gui 0.7.9.5 (low)
	- system-config-printer <not-affected> (Vulnerable code not present; bug #639243)
	[squeeze] - system-config-printer <not-affected> (Vulnerable code not present)
	[lenny] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not pr ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-1
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
CVE-2011-2897 (gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initiali ...)
	- gdk-pixbuf <not-affected> (This only applies to the old standalone copy shipped until Lenny)
CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the  ...)
	{DSA-2426-1 DSA-2354-1}
	- cups 1.5.0-8
	- gimp 2.6.11-5 (bug #643753)
CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile ...)
	{DSA-2293-1}
	- libxfont 1:1.4.4-1
CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3. ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-a ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a fr ...)
	NOT-FOR-US: Joomla!
CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla!
CVE-2011-2890 (The MediaViewMedia class in administrator/components/com_media/views/m ...)
	NOT-FOR-US: Joomla!
CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...)
	NOT-FOR-US: Joomla!
CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ca ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2886 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2885 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2884 (Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Ga ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control i ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 h ...)
	- chromium-browser <not-affected> (chromium uses libv8 system copy)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 allo ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/95667
	NOTE: http://trac.webkit.org/changeset/95689
	NOTE: http://trac.webkit.org/changeset/95728
CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object li ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94984
CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/95488
CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, w ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94508
CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 allo ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/95600
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (libv8 issue)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ope ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2872 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2871 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2870 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2869 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2868 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2867 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2866 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2865
	RESERVED
CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan cha ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2863 (Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0 ...)
	- chromium-browser 14.0.835.163~r101024-1
CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in  ...)
	- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93794
CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for non-g ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ar ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/93514
CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
	- webkit <not-affected>
	- libv8 3.4.14.21-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading S ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93227
CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94109
	NOTE: http://trac.webkit.org/changeset/94543
CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before 14.0.83 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
	- webkit <not-affected>
	- libv8 3.4.14.21-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, whic ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer chara ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 all ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote attacker ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome b ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93521
CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-2845 (Google Chrome before 15.0.874.102 does not properly handle history dat ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media buffe ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X does no ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform garbage co ...)
	- chromium-browser <not-affected> (pdf plugin)
	- webkit <not-affected>
CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote attacker ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90164
CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux d ...)
	- chromium-browser <not-affected> (Pdf plugin)
CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the MIME  ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC and PI ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar interaction ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows attackers t ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before  ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2832
	RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
	NOTE: CVE description is wrong, see #656057
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platfo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/92413
CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows remote ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91908
CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to bypass th ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91957
CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/r91738
	NOTE: http://trac.webkit.org/r91739
	NOTE: http://trac.webkit.org/changeset/92744
CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/92630
CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly parse U ...)
	- chromium-browser <not-affected> (windows only)
	- webkit <not-affected>
CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before  ...)
	{DSA-2394-1}
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
	[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91611
CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	NOTE: http://trac.webkit.org/changeset/91386
CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2812
	RESERVED
CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2810
	REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2807 (Incorrect handling of timer information in Timer.cpp in WebKit in Goog ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle  ...)
	- chromium-browser <not-affected> (It's in Windows-specific code)
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91152
CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle nested func ...)
	- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2803 (Google Chrome before 13.0.782.107 does not properly handle Skia paths, ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (skia code)
CVE-2011-2802 (Google V8, as used in Google Chrome before 13.0.782.107, does not prop ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
	- libv8 3.4
	[squeeze] - libv8 <not-affected>
	NOTE: Bug was introduced in http://code.google.com/p/v8/source/detail?r=8224
CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90936
CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain po ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/91044
	NOTE: http://developer.apple.com/library/safari/#documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9
CVE-2011-2799 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/90130
CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict access to ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90595
CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome before  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (skia code)
CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to functions  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/89782
CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform text itera ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89831
CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89595
CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89836
CVE-2011-2791 (The International Components for Unicode (ICU) functionality in Google ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (icu issue)
	NOTE: ICU bug only in debug build
CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89165
CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in Google ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88444
CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address re-entranc ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2786 (Google Chrome before 13.0.782.107 does not ensure that the speech-inpu ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2785 (The extensions implementation in Google Chrome before 13.0.782.107 doe ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2784 (Google Chrome before 13.0.782.107 allows remote attackers to obtain se ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in angleproject)
CVE-2011-2783 (Google Chrome before 13.0.782.107 does not ensure that developer-mode  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2782 (The drag-and-drop implementation in Google Chrome before 13.0.782.107  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2781
	RESERVED
CVE-2011-2780 (Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0  ...)
	NOT-FOR-US: Chyrp
CVE-2011-2779 (Windows Event Log SmartConnector in HP ArcSight Connector Appliance be ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remo ...)
	{DSA-2363-1}
	- tor 0.2.2.35-1
CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier  ...)
	- acpid 1:2.0.14-1
	[lenny] - acpid <not-affected> (Vulnerable code not present)
	[squeeze] - acpid 1:2.0.7-1squeeze3
CVE-2011-2776 (Buffer overflow in the Error function in super.c in Super 3.30.0 might ...)
	{DSA-2383-1}
	- super 3.30.0-6
CVE-2011-2775
	RESERVED
CVE-2011-2774 (The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1  ...)
	- mahara 1.4.1-1
	[squeeze] - mahara <not-affected> (Vulnerable code not present)
	[lenny] - mahara <not-affected> (Vulnerable code not present)
CVE-2011-4118 (Mahara before 1.4.1, when MNet (aka the Moodle network feature) is use ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
	NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
CVE-2011-2773 (Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2772 (The get_dataroot_image_path function in lib/file.php in Mahara before  ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2771 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1 ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2770 (Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html ...)
	{DSA-2335-1}
	- man2html 1.6g-6
CVE-2011-2769 (Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE a ...)
	{DSA-2331-1}
	- tor 0.2.2.34-1
CVE-2011-2768 (Tor before 0.2.2.34, when configured as a client or bridge, sends a TL ...)
	{DSA-2331-1}
	- tor 0.2.2.34-1
CVE-2011-2767 (mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl ...)
	{DLA-1507-1}
	- libapache2-mod-perl2 2.0.10-3 (bug #644169)
	[stretch] - libapache2-mod-perl2 2.0.10-2+deb9u1
	NOTE: https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=126984
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1623265#c3
CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by  ...)
	{DSA-2327-1}
	- libfcgi-perl 0.73-2 (bug #607479)
	[lenny] - libfcgi-perl <not-affected> (Introduced in 0.70)
CVE-2011-2765 (pyro before 3.15 unsafely handles pid files in temporary directory loc ...)
	- pyro 1:3.14-1 (low; bug #631912)
	[lenny] - pyro <no-dsa> (Minor issue)
	[squeeze] - pyro <no-dsa> (Minor issue)
	NOTE: https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
CVE-2011-2764 (The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ...)
	- openarena 0.8.5-5+exp1
	NOTE: Current openarena packages use the share ioquake3 engine
	[squeeze] - openarena 0.8.5-5+squeeze1
	- ioquake3 1.36+svn1946-4
	- tremulous 1.1.0-6 (bug #660836)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
	NOT-FOR-US: LifeSize Room appliance
CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) all ...)
	NOT-FOR-US: LifeSize Room appliance
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page g ...)
	- chromium-browser 14.0.835.157~r99685-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium issue)
CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...)
	NOT-FOR-US: Brocade BigIron RX
CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in IBM Tivo ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Serve ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine  ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 801 ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine  ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote atta ...)
	NOT-FOR-US: Parodia
CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ES ...)
	{DSA-2292-1}
	- isc-dhcp 4.2.2-1 (bug #638404)
	- dhcp3 <removed>
CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ES ...)
	{DSA-2292-1}
	- isc-dhcp 4.2.2-1 (bug #638404)
	- dhcp3 <removed>
CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle invalid ...)
	NOT-FOR-US: Google Picasa
CVE-2011-2746 (Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in  ...)
	- otrs2 2.4.7-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...)
	NOT-FOR-US: Chyrp
CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows remo ...)
	NOT-FOR-US: Chyrp
CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and e ...)
	NOT-FOR-US: Chyrp
CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firef ...)
	NOT-FOR-US: EMC RSA Key Manager
CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x befo ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor  ...)
	NOT-FOR-US: Cisco Unified Service Monitor, CiscoWorks LAN Management Solution
CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to re ...)
	NOT-FOR-US: RSA enVision
CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative crede ...)
	NOT-FOR-US: RSA enVision
CVE-2011-2735 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4. ...)
	NOT-FOR-US: EMC AutoStart
CVE-2011-2734
	REJECTED
CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware Spr ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource Sp ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023,  ...)
	{DSA-2504-1}
	- libspring-2.5-java <unfixed> (bug #677814)
CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 t ...)
	- commons-daemon 1.0.7-1
	[squeeze] - commons-daemon <not-affected> (Support for libcap was only added in 1.0.6)
	NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.14.2  ...)
	- perl 5.14.2-1 (unimportant)
	NOTE: requires the attacker to manipulate glob flags
CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3 ...)
	NOT-FOR-US: Tribiq CMS
CVE-2011-2726 (An access bypass issue was found in Drupal 7.x before version 7.5. If  ...)
	- drupal7 7.6-1
CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remo ...)
	- kdeutils 4:4.6.5-4 (low; bug #635541)
	[lenny] - kdeutils <no-dsa> (Minor issue)
	[squeeze] - kdeutils 4:4.4.5-1+squeeze1
CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs  ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:5.1-1 (low)
	[squeeze] - cifs-utils 2:4.5-2+squeeze1
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://web.archive.org/web/20111209193822/http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the L ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Lin ...)
	- hplip 3.11.10-1 (bug #635549; low)
	[squeeze] - hplip 3.10.6-2+squeeze0
	[lenny] - hplip <not-affected> (Vulnerable code not present)
CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in libc ...)
	- clamav 0.97.2+dfsg-1 (bug #635599)
	[squeeze] - clamav 0.97.2+dfsg-1~squeeze1
CVE-2011-2720 (The autocompletion functionality in GLPI before 0.80.2 does not blackl ...)
	- glpi 0.80.2-1 (bug #635544; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2011-2719 (libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3 ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.2-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2718 (Multiple directory traversal vulnerabilities in the relational schema  ...)
	- phpmyadmin 4:3.4.3.2-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2717 (The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011- ...)
	NOT-FOR-US: udhcp6c
CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ...)
	- busybox 1:1.20.0-3 (unimportant; bug #635548)
	NOTE: the default action script of busybox is not vulnerable to this attack
	NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable.
CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...)
	NOT-FOR-US: Drupal data module
CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...)
	NOT-FOR-US: Drupal data module
CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...)
	{DSA-2315-1}
	- libreoffice 1:3.4.3-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo functio ...)
	NOT-FOR-US: cgit
CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges,  ...)
	- libgssglue 0.4-1 (low; bug #670256)
	[squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze)
	NOTE: Our mount.nfs does not link against libgssglue,
	NOTE: so we do not appear to be affected directly.
CVE-2011-2708
	REJECTED
CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...)
	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...)
	NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby  ...)
	{DLA-235-1 DLA-88-1}
	- ruby1.8 1.8.7.352-1 (low; bug #635878)
	- ruby1.9.1 1.9.3~preview1-1 (low)
CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before  ...)
	{DSA-2285-1}
	- mapserver 6.0.1-1
CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x ...)
	{DSA-2285-1}
	- mapserver 6.0.1-1
CVE-2011-2702 (Integer signedness error in Glibc before 2.13 and eglibc before 2.13,  ...)
	- eglibc 2.13-10
	[squeeze] - eglibc <not-affected> (ssse3 optimizations not included in squeeze version)
	- glibc <not-affected> (ssse3 optimizations not included)
	NOTE: http://web.archive.org/web/20110824011938/http://www.nodefense.org:80/eglibc.txt
	NOTE: fixed well before 2.13-10, but that is the present testing version that was available to check
CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OC ...)
	- freeradius <not-affected> (Introduced in 2.1.11, even sid ships 2.1.10+dfsg-3+b2)
CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string function ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-1
	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2011-2699 (The IPv6 implementation in the Linux kernel before 3.1 does not genera ...)
	- linux-2.6 3.0.0-2
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2698 (Off-by-one error in the elem_cell_id_aux function in epan/dissectors/p ...)
	- wireshark 1.6.1-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 all ...)
	{DSA-2380-1}
	- hplip 3.10.6-2 (bug #635549; medium)
	NOTE: hplip might have been fixed earlier than stable, current versions use foomatic-rip
	NOTE: from foomatic-filters: /usr/lib/cups/filter/foomatic-rip
	- foomatic-filters 4.0
	NOTE: There two implementation of the affected filter: the version from foomatic-filters
	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in
	NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697
	NOTE: hplip includes local copy of the Perl version. It needs to be checked, whether
	NOTE: it's modified somehow
CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers t ...)
	{DSA-2288-1}
	- libsndfile 1.0.25-1
CVE-2011-2695 (Multiple off-by-one errors in the ext4 subsystem in the Linux kernel b ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 2.6.32-48
CVE-2011-2694 (Cross-site scripting (XSS) vulnerability in the chg_passwd function in ...)
	{DSA-2290-1}
	- samba 2:3.5.10~dfsg-1 (low)
CVE-2011-2693 (The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red  ...)
	NOTE: Duplicate of CVE-2011-2521
CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0. ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (low; bug #633871)
CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2. ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (low; bug #633871)
CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1. ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (high; bug #633871)
CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel befo ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
	[lenny] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
CVE-2011-2688 (SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_e ...)
	{DSA-2279-1}
	- libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637)
CVE-2011-2687 (Drupal 7.x before 7.3 allows remote attackers to bypass intended node_ ...)
	NOTE: http://drupal.org/node/1168756
	- drupal7 7.2-1 (bug #633385)
	- drupal6 6.22-1
	[squeeze] - drupal6 6.18-1squeeze1
CVE-2011-2686 (Ruby before 1.8.7-p352 does not reset the random seed upon forking, wh ...)
	{DLA-88-1}
	- ruby1.8 1.8.7.352-1 (low; bug #635878)
CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter in Lib ...)
	{DSA-2275-1}
	- libreoffice 1:3.3.3-1
	- openoffice.org 1:3.3.0-1
	[lenny] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2684 (foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722df ...)
	- foo2zjs 20110722dfsg-1 (low; bug #633870)
	[lenny] - foo2zjs <no-dsa> (Minor issue)
	[squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0
CVE-2011-2683 (reseed seeds random numbers from an insecure HTTP request to random.or ...)
	- reseed <removed>
	[lenny] - reseed <no-dsa> (Minor issue)
CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Adva ...)
	NOT-FOR-US: Best Soft Inc.
CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...)
	NOT-FOR-US: Drupal 6.x Category Tokens module
CVE-2010-4812 (Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 all ...)
	NOT-FOR-US: 6kbbs
CVE-2010-4811 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php  ...)
	NOT-FOR-US: 6kbbs
CVE-2010-4810 (Multiple PHP remote file inclusion vulnerabilities in AR Web Content M ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2010-4809 (SQL injection vulnerability in index.php in DBSite 1.0 allows remote a ...)
	NOT-FOR-US: DBSite
CVE-2010-4808 (SQL injection vulnerability in index.php in Webmatic allows remote att ...)
	NOT-FOR-US: Webmatic
CVE-2011-2682 (The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4. ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2681 (IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly h ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2680 (Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x befor ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2679 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Acc ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2678 (The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platf ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2011-2677 (Cybozu Office before 8.0.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Cybozu Office
CVE-2011-2676 (The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A- ...)
	NOT-FOR-US: A-Form
CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 al ...)
	NOT-FOR-US: Enkai-kun
CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to the mem ...)
	NOT-FOR-US: BaserCMS
CVE-2011-2673 (Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 a ...)
	NOT-FOR-US: BaserCMS
CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.9 ...)
	NOT-FOR-US: SemanticScuttle
CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th editio ...)
	NOT-FOR-US: Megalith
CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...)
	- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
CVE-2011-2669 (Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ...)
	- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
CVE-2011-2668 (Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the  ...)
	- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Sec ...)
	NOT-FOR-US: CA Gateway Security for HTTP
CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open S ...)
	- asterisk 1:1.8.3.3-1
	[squeeze] - asterisk <no-dsa> (minor issue; can be addressed through configuration)
CVE-2011-2665 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...)
	- asterisk 1:1.8.4.3-1 (bug #631445)
	[squeeze] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / Pro ...)
	NOT-FOR-US: Check Point Multi-Domain Management
CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWi ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in Novell  ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in No ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before 0.5.1-55. ...)
	- vpnc <not-affected>
	NOTE: This only affects the SUSE packaging.
CVE-2011-2659
	RESERVED
CVE-2011-2658 (The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Con ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-2657 (Directory traversal vulnerability in the LaunchProcess function in the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-2656 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld M ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2655 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld M ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager 1.1.2 bef ...)
	NOT-FOR-US: Novell Cloud Manager
CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZE ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2652 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2651 (Unspecified vulnerability in the file browser in Kiwi before 3.74.2, a ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2650 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2649 (Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows at ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2648 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2647 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2646 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2645 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2644 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2643 (Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x befor ...)
	- phpmyadmin 4:3.4.3.2-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2642 (Multiple cross-site scripting (XSS) vulnerabilities in the table Print ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.2-1
CVE-2011-XXXX [stardict: minor information disclosure]
	- stardict 3.0.1-5 (low; bug #632260)
	[squeeze] - stardict <no-dsa> (minor information disclosure)
	[lenny] - stardict <no-dsa> (minor information disclosure)
CVE-2011-2641 (Opera 11.11 allows remote attackers to cause a denial of service (appl ...)
	NOT-FOR-US: Opera
CVE-2011-2640 (Opera before 11.10 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2639 (Opera before 11.10 does not properly handle hidden animated GIF images ...)
	NOT-FOR-US: Opera
CVE-2011-2638 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2637 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2636 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2635 (The Cascading Style Sheets (CSS) implementation in Opera before 11.10  ...)
	NOT-FOR-US: Opera
CVE-2011-2634 (Opera before 11.10 allows remote attackers to hijack (1) searches and  ...)
	NOT-FOR-US: Opera
CVE-2011-2633 (Unspecified vulnerability in Opera before 11.11 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2632 (Opera before 11.11 does not properly handle destruction of a Silverlig ...)
	NOT-FOR-US: Opera
CVE-2011-2631 (The Cascading Style Sheets (CSS) implementation in Opera before 11.11  ...)
	NOT-FOR-US: Opera
CVE-2011-2630 (Opera before 11.11 allows user-assisted remote attackers to cause a de ...)
	NOT-FOR-US: Opera
CVE-2011-2629 (Unspecified vulnerability in Opera before 11.11 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2628 (Opera before 11.11 does not properly implement FRAMESET elements, whic ...)
	NOT-FOR-US: Opera
CVE-2011-2627 (Unspecified vulnerability in the DOM implementation in Opera before 11 ...)
	NOT-FOR-US: Opera
CVE-2011-2626 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2625 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2624 (Opera before 11.50 allows user-assisted remote attackers to cause a de ...)
	NOT-FOR-US: Opera
CVE-2011-2623 (Unspecified vulnerability in the SVG BiDi implementation in Opera befo ...)
	NOT-FOR-US: Opera
CVE-2011-2622 (Unspecified vulnerability in the Web Workers implementation in Opera b ...)
	NOT-FOR-US: Opera
CVE-2011-2621 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2620 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2619 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2618 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2617 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2616 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2615 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2614 (The SVG implementation in Opera before 11.50 allows remote attackers t ...)
	NOT-FOR-US: Opera
CVE-2011-2613 (The Array.prototype.join method in Opera before 11.50 allows remote at ...)
	NOT-FOR-US: Opera
CVE-2011-2612 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2611 (Unspecified vulnerability in the printing functionality in Opera befor ...)
	NOT-FOR-US: Opera
CVE-2011-2610 (Unspecified vulnerability in Opera before 11.50 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2011-2609 (Opera before 11.50 does not properly restrict data: URIs, which makes  ...)
	NOT-FOR-US: Opera
CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Ag ...)
	NOT-FOR-US: HP OpenView
CVE-2011-2607 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2606 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2605 (CRLF injection vulnerability in the nsCookieService::SetCookieStringIn ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2604 (The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote atta ...)
	NOT-FOR-US: Windows XP
CVE-2011-2603 (The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attacke ...)
	NOT-FOR-US: Mac OS X
CVE-2011-2602 (The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows re ...)
	NOT-FOR-US: Windows XP
CVE-2011-2601 (The GPU support functionality in Mac OS X does not properly restrict r ...)
	NOT-FOR-US: Mac OS X
CVE-2011-2600 (The GPU support functionality in Windows XP does not properly restrict ...)
	NOT-FOR-US: Windows XP
CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as a WebGL ...)
	- chromium-browser <unfixed> (unimportant)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote attacker ...)
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2009-5082 (The (1) configure and (2) config.guess scripts in GNU troff (aka groff ...)
	- groff 1.20.1-5 (unimportant; bug #538338)
	NOTE: Only exploitable during build
CVE-2009-5081 (The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) con ...)
	- groff 1.20.1-5 (unimportant)
	NOTE: Only exploitable during build
CVE-2009-5080 (The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2gr ...)
	- groff 1.20.1-5 (low; bug #538330)
	[lenny] - groff <no-dsa> (Minor issue)
CVE-2009-5079 (The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/r ...)
	- groff 1.20.1-5 (unimportant)
CVE-2009-5078 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launch ...)
	- groff 1.20.1-5 (low; bug #538338)
	[etch] - groff <not-affected> (pdfroff not yet present)
	[lenny] - groff <not-affected> (pdfroff not yet present)
CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x  ...)
	- wireshark 1.6.1-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-2596
	RESERVED
CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 14 ...)
	NOT-FOR-US: ACDSee FotoSlate
CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other  ...)
	NOT-FOR-US: KMPlayer
	NOTE: This is http://www.kmplayer.com and not our kmplayer package.
CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX contro ...)
	NOT-FOR-US: Citrix Access Gateway Enterprise Edition Plug-in
CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom Acti ...)
	NOT-FOR-US: ActiveX control for Citrix Access Gateway
CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow remot ...)
	NOT-FOR-US: Provideo ActiveX
CVE-2011-2590 (The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010  ...)
	NOT-FOR-US: UUSee 201
CVE-2011-2589 (Heap-based buffer overflow in the SendLogAction method in the UUPlayer ...)
	NOT-FOR-US: UUSee 201
CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in libav ...)
	- vlc 1.1.11-1 (bug #633675)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...)
	- vlc 1.1.11-1 (bug #633674)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows r ...)
	NOT-FOR-US: Cisco Show and Share
CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows r ...)
	NOT-FOR-US: Cisco Show and Share
CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remo ...)
	NOT-FOR-US: Cisco CCX
CVE-2011-2582
	RESERVED
CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2011-2580
	RESERVED
CVE-2011-2579
	RESERVED
CVE-2011-2578 (Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to caus ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/ ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2011-2576
	RESERVED
CVE-2011-2575
	RESERVED
CVE-2011-2574
	RESERVED
CVE-2011-2573
	RESERVED
CVE-2011-2572
	RESERVED
CVE-2011-2571
	RESERVED
CVE-2011-2570
	RESERVED
CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing Sys ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2011-2568
	RESERVED
CVE-2011-2567
	RESERVED
CVE-2011-2566
	RESERVED
CVE-2011-2565
	RESERVED
CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, for ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager (ak ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2559
	RESERVED
CVE-2011-2558
	RESERVED
CVE-2011-2557
	RESERVED
CVE-2011-2556
	RESERVED
CVE-2011-2555 (Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a defau ...)
	NOT-FOR-US: Cisco TelePresence Recording Server
CVE-2011-2554
	RESERVED
CVE-2011-2553
	RESERVED
CVE-2011-2552
	RESERVED
CVE-2011-2551
	RESERVED
CVE-2011-2550
	RESERVED
CVE-2011-2549 (Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco  ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2011-2548
	RESERVED
CVE-2011-2547 (The web-based management interface on Cisco SA 500 series security app ...)
	NOT-FOR-US: Cisco SA 500 series appliances management interface
CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on C ...)
	NOT-FOR-US: Cisco SA 500 series appliances management interface
CVE-2011-2545 (Cross-site scripting (XSS) vulnerability in the SIP implementation on  ...)
	NOT-FOR-US: Cisco SPA
CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System Int ...)
	NOT-FOR-US: Cisco
CVE-2011-2542
	RESERVED
CVE-2011-2541
	RESERVED
CVE-2011-2540
	RESERVED
CVE-2011-2539
	RESERVED
CVE-2011-2538 (Cisco Video Communications Server (VCS) before X7.0.3 contains a comma ...)
	- plone3 <removed>
CVE-2011-2537
	RESERVED
CVE-2011-XXXX [unspecified security vulnerabilities from 4.3.7]
	- movabletype-opensource 4.3.7+dfsg-1 (bug #631437)
CVE-2011-2536 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x bef ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.4~dfsg-1 (bug #632029)
CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in net/ipv4/netfi ...)
	- linux-2.6 2.6.32-34 (low)
CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows lo ...)
	- dbus 1.3.2~git20100715.821f99c-1 (unimportant)
	NOTE: Compile-time only
CVE-2011-2532 (The json.decode function in util/json.lua in Prosody 0.8.x before 0.8. ...)
	- prosody 0.8.1-1
	[squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2531 (Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect d ...)
	- prosody 0.8.1-1
	[squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2530 (Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Instal ...)
	NOT-FOR-US: EDS Hardware Installation tool
CVE-2011-2535 (chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x b ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.3-1 (bug #631448)
	[squeeze] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
CVE-2011-2529 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x bef ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.3-1 (bug #631446)
CVE-2011-2528 (Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x ...)
	- plone3 <removed>
CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earli ...)
	{DSA-2282-1}
	- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
	- kvm <not-affected> (Vulnerable code not present)
CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7 (bug #634992)
	- tomcat7 7.0.19-1 (bug #634992)
	- tomcat5.5 <removed> (bug #634992)
CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux kernel b ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.35-1
CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in libso ...)
	{DSA-2369-1}
	- libsoup2.4 2.34.3-1 (bug #635837)
CVE-2011-2523 (vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backd ...)
	- vsftpd <not-affected> (backdoored version was never in the Debian archive)
CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Samb ...)
	{DSA-2290-1}
	- samba 2:3.5.10~dfsg-1 (low)
CVE-2011-2521 (The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c i ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2520 (fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickl ...)
	NOT-FOR-US: system-config-firewall
CVE-2011-2519 (Xen in the Linux kernel, when running a guest on a host without hardwa ...)
	- xen-3 3.2.1-2
	NOTE: Possibly fixed earlier than 3.2.1-2, but that's the version in oldstable, which
	NOTE: was checked to contain http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
	- xen <not-affected> (Only affects older Xen 3 releases)
CVE-2011-2518 (The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux  ...)
	- linux-2.6 2.6.39-3 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux kerne ...)
	{DSA-2303-1}
	- linux-2.6 2.6.39-3 (unimportant)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Requires CAP_NET_ADMIn to exploit
CVE-2011-2516 (Off-by-one error in the XML signature feature in Apache XML Security f ...)
	{DSA-2277-1}
	- xml-security-c 1.6.1-1 (low; bug #632973)
CVE-2011-2515 (PackageKit 0.6.17 allows installation of unsigned RPM packages as thou ...)
	- packagekit 0.6.17-1
CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6  ...)
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-2513 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6  ...)
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1.2-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not proper ...)
	{DSA-2270-1}
	- qemu-kvm 0.14.1+dfsg-2 (bug #631975)
	- kvm <removed>
	[lenny] - kvm <not-affected> (Vulnerability not present)
CVE-2011-2511 (Integer overflow in libvirt before 0.9.3 allows remote authenticated u ...)
	{DSA-2280-1}
	- libvirt 0.9.2-7 (bug #633630)
CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding feature  ...)
	- dokuwiki 0.0.20110525a-1 (low; bug #631818)
	[squeeze] - dokuwiki 0.0.20091225c-10+squeeze2
	[lenny] - dokuwiki 0.0.20080505-4+lenny3
CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in  ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2507 (libraries/server_synchronize.lib.php in the Synchronize implementation ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1 (unimportant)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: neutralized by Suhosin patch
CVE-2011-2506 (setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2  ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2505 (libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2504 (Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf  ...)
	- x11-apps 7.7~1 (low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2011-2503 (The insert_module function in runtime/staprun/staprun_funcs.c in the s ...)
	{DSA-2348-1}
	- systemtap 1.6-1 (bug #635542)
	[lenny] - systemtap <not-affected> (Signed modules not yet supported)
CVE-2011-2502 (runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun ...)
	- systemtap 1.6-1 (bug #635542)
	[lenny] - systemtap <not-affected> (Affected option introduced in 1.4)
	[squeeze] - systemtap <not-affected> (Affected option introduced in 1.4)
CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x before 1. ...)
	{DSA-2287-1}
	- libpng 1.2.44-3 (bug #632786)
CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c in nf ...)
	- nfs-utils 1:1.2.4-1 (bug #633155)
	[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...)
	NOT-FOR-US: Mambo CMS
CVE-2011-2498 (The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
CVE-2011-2497 (Integer underflow in the l2cap_config_req function in net/bluetooth/l2 ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-3
CVE-2011-2496 (Integer overflow in the vma_to_resize function in mm/mremap.c in the L ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-1 (low)
CVE-2011-2495 (fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly r ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1 (low)
CVE-2011-2494 (kernel/taskstats.c in the Linux kernel before 3.1 allows local users t ...)
	- linux-2.6 3.0.0-5 (low)
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2493 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel be ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
	[lenny] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not pr ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1 (low)
CVE-2011-2491 (The Network Lock Manager (NLM) protocol implementation in the NFS clie ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1
CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not chec ...)
	{DSA-2281-1}
	- opie <removed> (bug #631345)
CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 a ...)
	{DSA-2281-1}
	- opie <removed> (bug #631344)
CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
	NOT-FOR-US: Joomla!
CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...)
	NOT-FOR-US: Apache CXF
CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...)
	- nspluginwrapper <unfixed> (bug #671846)
	[squeeze] - nspluginwrapper <no-dsa> (Contrib not supported)
CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk- ...)
	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
	[squeeze] - gdk-pixbuf <no-dsa> (Minor issue)
	[lenny] - gdk-pixbuf <no-dsa> (Minor issue)
CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux kerne ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-3 (low)
CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain plat ...)
	{DSA-2399-1 DSA-2340-1}
	- libcrypt-eksblowfish-perl <not-affected> (discovered and corrected in initial release in 2007)
	- php-suhosin <not-affected> (bug #631283; that portion is not used since PHP 5.3)
	[lenny] - php-suhosin <unfixed> (bug #631283)
	- postgresql-8.4 8.4.9-1 (bug #631285)
	- postgresql-9.0 9.0.5-1 (bug #631285)
	- postgresql-9.1 9.1~rc1-1
	- php5 5.3.6-13 (bug #631347)
	- libxcrypt 1:2.4-1.1 (bug #679628)
	[squeeze] - libxcrypt <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
CVE-2011-2482 (A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/ ...)
	- linux-2.6 <not-affected> (RHEL-specific regression)
CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace  ...)
	- tomcat7 7.0.19-1
CVE-2011-2480 (Information Disclosure vulnerability in the 802.11 stack, as used in F ...)
	- kfreebsd-9 9.0~svn223502-1 (bug #631160)
	- kfreebsd-8 8.2-3 (bug #631161)
	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze1
	- kfreebsd-7 <removed>
CVE-2011-2479 (The Linux kernel before 2.6.39 does not properly create transparent hu ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry in Ske ...)
	NOT-FOR-US: Google SketchUp
CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php  ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2469
	RESERVED
CVE-2011-2467 (SQL injection vulnerability in lsassd in Lsass in the Likewise Securit ...)
	NOT-FOR-US: Likewise
CVE-2011-2466
	RESERVED
CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ...)
	- bind9 1:9.8.1.dfsg.P1-1
	[squeeze] - bind9 <not-affected> (Only affects 9.8)
	[lenny] - bind9 <not-affected> (Only affects 9.8)
CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9. ...)
	{DSA-2272-1}
	- bind9 1:9.8.1.dfsg-1 (high)
CVE-2011-2463 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 throu ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acr ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-2461 (Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and ...)
	NOT-FOR-US: Adobe Flex
CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows  ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows  ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier  ...)
	NOT-FOR-US: Adobe Photoshop Elements
CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe Reade ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x befo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2430 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2429 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2428 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2427 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2426 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2424 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2418
	REJECTED
CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2414 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2413
	RESERVED
CVE-2011-2412 (Unspecified vulnerability in HP Business Service Automation (BSA) Esse ...)
	NOT-FOR-US: HP Business Service Automation
CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x th ...)
	NOT-FOR-US: HP NonStop Servers
CVE-2011-2410 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance In ...)
	NOT-FOR-US: HP OpenView
CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar application i ...)
	NOT-FOR-US: HP Palm webOS 3.x
CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts application i ...)
	NOT-FOR-US: HP Palm webOS 3.x
CVE-2011-2407 (Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31 ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2011-2406 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance In ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware befor ...)
	NOT-FOR-US: HP ProLiant SL Advanced Power Manager
CVE-2011-2404 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...)
	NOT-FOR-US: HP Easy Printer Care Software
CVE-2011-2403 (SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-2402 (Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-2401 (Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x all ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-2400 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, an ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-2399 (Unspecified vulnerability in the Media Management Daemon (mmd) in HP D ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B ...)
	NOT-FOR-US: HP-UX
CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows remote  ...)
	NOT-FOR-US: Iron Mountain Connected Backup
CVE-2011-2396
	RESERVED
CVE-2011-2394
	RESERVED
CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	- kfreebsd-7 <removed> (low)
	- kfreebsd-8 <removed> (low)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	- kfreebsd-9 <removed> (low; bug #684072)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-10 <unfixed> (unimportant)
	[jessie] - kfreebsd-10 <no-dsa> (Minor issue)
	NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
	NOTE: Starting with stretch kfreebsd is no longer supported
CVE-2011-2392
	RESERVED
CVE-2011-2391 (The IPv6 implementation in the kernel in Apple iOS before 7 allows rem ...)
	NOT-FOR-US: Apple iOS
CVE-2011-2390
	RESERVED
CVE-2011-2389
	RESERVED
CVE-2011-2388
	RESERVED
CVE-2011-2387
	RESERVED
CVE-2011-2386 (VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey befo ...)
	NOT-FOR-US: VisiWave Site Survey
CVE-2011-2385 (The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in  ...)
	- otrs2 <not-affected> (does not include iPhoneHandle package)
CVE-2011-2384
	RESERVED
CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x  ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4. ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22. ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird befor ...)
	- xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- iceape <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- icedove <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
CVE-2011-2376 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2375 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 5.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 5.0, not yet in unstable)
CVE-2011-2374 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x  ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7. ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla Firefox be ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2370 (Mozilla Firefox before 5.0 does not properly enforce the whitelist for ...)
	- xulrunner <not-affected> (Only affects Firefox 4.x and above)
	- iceweasel 5.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 4.x and above)
	- iceape <not-affected> (Only affects Firefox 4.x and above)
	- icedove <not-affected> (Only affects Firefox 4.x and above)
CVE-2011-2369 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x throug ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2368 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2367 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2366 (Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbir ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2365 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
CVE-2011-2364 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...)
	- xulrunner <not-affected> (Only affects Firefox >= 3.6)
	- iceweasel <not-affected> (Only affects Firefox >= 3.6)
	- iceape <not-affected> (Only affects Firefox >= 3.6)
	- icedove <not-affected> (Only affects Firefox >= 3.6)
CVE-2011-2363 (Use-after-free vulnerability in the nsSVGPointList::AppendElement func ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonke ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user is pro ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes d ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	NOTE: http://trac.webkit.org/changeset/90068
CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension insta ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading f ...)
	NOT-FOR-US: Android
CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2355
	RESERVED
CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2353 (Use after free vulnerability in documentloader in WebKit in Google Chr ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88584
	NOTE: http://trac.webkit.org/changeset/88549
CVE-2011-2350 (The HTML parser in Google Chrome before 12.0.742.112 does not properly ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88411
	NOTE: http://trac.webkit.org/changeset/88434
CVE-2011-2349 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an i ...)
	- libv8 3.4.14-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading S ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88448
CVE-2011-2346 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: introduced in http://trac.webkit.org/changeset/77740
	NOTE: http://trac.webkit.org/changeset/87827
CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 does not ...)
	- chromium-browser <not-affected> (linux version is not affected)
	- webkit <not-affected>
CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext H ...)
	NOT-FOR-US: Android SDK
CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically proxim ...)
	NOT-FOR-US: Android
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2340
	RESERVED
CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in Googl ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before  ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2333
	RESERVED
CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...)
	- rampart 1.3.0-3 (low; bug #631221)
	[squeeze] - rampart <no-dsa> (Minor issue)
CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified compone ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2326 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2325 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2324 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2323 (Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Ma ...)
	NOT-FOR-US: Oracle Thesaurus Management System
CVE-2011-2322 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2321 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2320 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2319 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2318 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2317 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2316 (Unspecified vulnerability in the Siebel Apps - Marketing component in  ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-2315 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2011-2314 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2313 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2312 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2311 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2310 (Unspecified vulnerability in the Oracle Waveset component in Oracle Su ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2309 (Unspecified vulnerability in the Health Sciences - Oracle Clinical, Re ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2011-2308 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2307 (Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SP ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2306 (Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authen ...)
	NOT-FOR-US: Oracle Linux-specific feature
CVE-2011-2305 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local use ...)
	- virtualbox-ose <not-affected> (Only affects 4.x)
	- virtualbox 4.0.10-dfsg-1
CVE-2011-2304 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2303 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2302 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2301 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2011-2300 (Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4 ...)
	- virtualbox-guest-additions-iso 4.0.10-1 (bug #635276)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
CVE-2011-2299 (Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M50 ...)
	NOT-FOR-US: Oracle SPARC Enterprise
CVE-2011-2298 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2297 (Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local u ...)
	NOT-FOR-US: Oracle Solaris Cluster
CVE-2011-2296 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2295 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2294 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2293 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2292 (Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows lo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2291 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2290 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2289 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2288 (Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM)  ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2287 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2286 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2285 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2284 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2283 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2282 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2281 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2280 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2279 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2278 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2277 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2276
	REJECTED
CVE-2011-2275 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2274 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2273 (Unspecified vulnerability in the Agile Core Technology component in Or ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2011-2272 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2271 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2270
	REJECTED
CVE-2011-2269
	REJECTED
CVE-2011-2268
	REJECTED
CVE-2011-2267 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2266
	REJECTED
CVE-2011-2265
	REJECTED
CVE-2011-2264 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2263 (Unspecified vulnerability in Sun Integrated Lights Out Manager in Orac ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2262 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2011-2261 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2260 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2259 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2258 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2257 (Unspecified vulnerability in the Database Target Type Menus component  ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2256
	REJECTED
CVE-2011-2255 (Unspecified vulnerability in the Oracle WebLogic Portal component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-2254
	REJECTED
CVE-2011-2253 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2252 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2251 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2250 (Unspecified vulnerability in the PeopleSoft Enterprise FIN component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2249 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2248 (Unspecified vulnerability in the SQL Performance Advisories/UIs compon ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2247
	REJECTED
CVE-2011-2246 (Unspecified vulnerability in the Business Intelligence component in Or ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2245 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2244 (Unspecified vulnerability in the Security Framework component in Oracl ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2243 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2242 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2241 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2240 (Unspecified vulnerability in the Oracle Universal Installer component  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2239 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2238 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2237 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-2236
	REJECTED
CVE-2011-2235
	REJECTED
CVE-2011-2234
	REJECTED
CVE-2011-2233
	REJECTED
CVE-2011-2232 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2231 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2230 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2229
	REJECTED
CVE-2011-2228
	REJECTED
CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager (a ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2224 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2223 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2222 (Session fixation vulnerability in WebAdmin in the Mobility Pack before ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2221 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter E ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-2219 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2218 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex5 ...)
	NOT-FOR-US: VMware
CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux k ...)
	{DSA-2389-1 DSA-2310-1}
	- linux-2.6 2.6.39-3
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier ...)
	{DSA-2282-1}
	- qemu-kvm 0.14.1+dfsg-3 (bug #632987)
	- kvm <removed>
CVE-2011-2207 (dirmngr before 2.1.0 improperly handles certain system calls, which al ...)
	- dirmngr <unfixed> (unimportant; bug #627377)
	NOTE: Negligible impact
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
	NOT-FOR-US: Djabberd
CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during entity  ...)
	- prosody 0.7.0-1 (low; bug #579087)
	[squeeze] - prosody <no-dsa> (Minor issue)
	[lenny] - prosody <no-dsa> (Minor issue)
CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ...)
	{DSA-2401-1}
	- tomcat5.5 <removed> (low; bug #632882)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.32-5 (low; bug #632882)
	[lenny] - tomcat6 <no-dsa> (Minor issue)
	[squeeze] - tomcat6 <no-dsa> (Minor issue)
	- tomcat7 7.0.16-3 (low; bug #632882)
CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when untaint ...)
	- libdata-formvalidator-perl 4.66-3 (low; bug #629511)
	[lenny] - libdata-formvalidator-perl <no-dsa> (Minor issue)
	[squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1
CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ( ...)
	- dbus 1.4.12-1 (low; bug #629938)
	[squeeze] - dbus 1.2.24-4+squeeze1
	[lenny] - dbus <no-dsa> (Minor issue)
CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...)
	- rails <not-affected> (Affected plugin not installed, see bug #634990)
CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...)
	NOT-FOR-US: JBoss Seam
CVE-2011-2195
	RESERVED
CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue  ...)
	{DSA-2329-1}
	- torque 2.4.15+dfsg-1 (bug #635342)
CVE-2011-2192 (The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10. ...)
	{DSA-2271-1}
	- curl 7.21.6-2 (high; bug #631615)
CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in C ...)
	- cherokee <removed> (low; bug #661993)
	[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does n ...)
	- linux-2.6 2.6.35-1 (low)
	[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
	[squeeze] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
	- vsftpd 2.3.4-1 (bug #629373)
	[squeeze] - vsftpd 2.3.2-3+squeeze2
	[lenny] - vsftpd 2.0.7-1+lenny1
	NOTE: this is technically a kernel bug. however this has been workarounded specifically
	NOTE: for vsftpd by adding a kernel check before using this feature, see DSA-2304-1
	NOTE: for details
CVE-2011-2187 (xscreensaver before 5.14 crashes during activation and leaves the scre ...)
	- xscreensaver 5.14-1 (bug #627382)
	[squeeze] - xscreensaver <not-affected> (introduced in 5.13)
CVE-2011-2186
	REJECTED
CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC)  ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A Really  ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2177 (OpenOffice.org v3.3 allows execution of arbitrary code with the privil ...)
	NOT-FOR-US: Claimed older OpenOffice vulnerability, which was never disclosed
CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the auth_a ...)
	- network-manager 0.9.0-1 (low; bug #631520)
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e
CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...)
	- dovecot 1:2.0.13-1 (low)
	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
	[lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the user a ...)
	- dovecot 1:2.0.13-1 (low)
	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
	[lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel befor ...)
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-48
CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, al ...)
	NOT-FOR-US: CRE Loaded
CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...)
	- icinga 1.4.1-1
	[squeeze] - icinga <no-dsa> (Minor issue)
	- nagios3 3.4.1-1
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	NOTE: Nagios might be fixed earlier than 3.4.1, checked the Wheezy version
CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ( ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in arch/alp ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2209 (Integer signedness error in the osf_sysinfo function in arch/alpha/ker ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2210 (The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linu ...)
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2211 (The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux ker ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2203 (The hfs_find_init function in the Linux kernel 2.6 allows local users  ...)
	- linux-2.6 3.1.1-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ...)
	{DSA-2266-1}
	- php5 5.3.6-12
CVE-2011-2199 (Buffer overflow in tftp-hpa before 5.1 allows remote attackers to caus ...)
	- tftp-hpa 5.1-1 (low)
	[squeeze] - tftp-hpa <no-dsa> (Minor issue)
	NOTE: http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
CVE-2011-2198 (The "insert-blank-characters" capability in caps.c in gnome-terminal ( ...)
	- vte 1:0.28.1-1 (low; bug #629688)
	[lenny] - vte <no-dsa> (Minor issue)
	[squeeze] - vte 1:0.24.3-3
CVE-2011-2185 (Fabric before 1.1.0 allows local users to overwrite arbitrary files vi ...)
	- fabric 1.1.2-1 (low; bug #629003)
	[squeeze] - fabric <no-dsa> (Minor issue)
CVE-2011-2475 (Format string vulnerability in ECTrace.dll in the iMailGateway service ...)
	NOT-FOR-US: Sybase OneBridge Mobile Data Suite
CVE-2011-2474 (Directory traversal vulnerability in the HTTP Server in Sybase EAServe ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-2473 (The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and ear ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2472 (Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2471 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users  ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2468 (Directory traversal vulnerability in the web interface in AnyMacro Mai ...)
	NOT-FOR-US: AnyMacro Mail System G4X
CVE-2011-2395 (The Neighbor Discovery (ND) protocol implementation in Cisco IOS on un ...)
	NOT-FOR-US: Cisco
CVE-2011-2383 (Microsoft Internet Explorer 9 and earlier does not properly restrict c ...)
	NOT-FOR-US: Microsoft
CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91 allows remo ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88071
CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 bet ...)
	NOT-FOR-US: Microsoft
CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows remote  ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 3.4.14-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: execScript removed in libv8 3.2 branch
CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media pla ...)
	{DSA-2257-1}
	- vlc 1.1.10-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ti ...)
	- cherokee 1.0.14-1 (low; bug #647205)
	[squeeze] - cherokee 1.0.8-5+squeeze1
	[lenny] - cherokee <no-dsa> (Minor issue)
	NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212
CVE-2011-2188 (LuaExpat before 1.2.0 does not properly detect recursion during entity ...)
	- lua-expat 1.2.0-1 (low; bug #629225)
	[squeeze] - lua-expat 1.2.0-0squeeze1
	[lenny] - lua-expat <no-dsa> (Minor issue)
CVE-2011-2184 (The key_replace_session_keyring function in security/keys/process_keys ...)
	- linux-2.6 2.6.39-2
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in mm/ksm.c in  ...)
	{DSA-2389-1}
	- linux-2.6 2.6.39-3 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
	[squeeze] - linux-2.6 2.6.32-36
CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo  ...)
	- shadow 1:4.1.5-1 (low; bug #628843)
	[squeeze] - shadow <no-dsa> (Minor issue)
	[lenny] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
	- sudo 1.7.4p4 (low; bug #657784)
	NOTE: sudo might be fixed earlier, use_pty present in stable
CVE-2011-2331 (Integer overflow in img.exe in HP Intelligent Management Center (IMC)  ...)
	NOT-FOR-US: HP Intelligent Management Center (IMC)
CVE-2011-2330 (Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1,  ...)
	NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-2328 (Buffer overflow in HP LoadRunner allows remote attackers to cause a de ...)
	NOT-FOR-US: HP LoadRunner
CVE-2011-2215 (Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2 ...)
	NOT-FOR-US: WalRack
CVE-2011-2214 (Unspecified vulnerability in the Open Database Connectivity (ODBC) com ...)
	NOT-FOR-US: 7T Interactive Graphical SCADA System
CVE-2011-2175 (Integer underflow in the visual_read function in wiretap/visual.c in W ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant; bug #630159)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in epan/tvbuf ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (bug #630159)
CVE-2011-2173 (The implementation of OutputMediator objects in IBM WebSphere Portal 6 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2172 (Cross-site scripting (XSS) vulnerability in the search center in IBM W ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2171 (Unspecified vulnerability in the dbugs package in Google Chrome OS bef ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2170 (Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabl ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2169 (Google Chrome OS before R12 0.12.433.38 Beta allows local users to gai ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2168 (Multiple integer overflows in the glob implementation in libc in OpenB ...)
	NOT-FOR-US: OpenBSD
CVE-2011-2165 (The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not pro ...)
	NOT-FOR-US: WatchGuard XCS
CVE-2010-4807 (Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 a ...)
	NOT-FOR-US: IBM Web Content Manager
CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 ...)
	NOT-FOR-US: IBM Web Content Manager
CVE-2011-2182 (The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel b ...)
	{DSA-2264-1}
	- linux-2.6 2.6.39-2
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...)
	- nagios3 3.2.3-3 (bug #629127)
	[lenny] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
	[squeeze] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
	- icinga 1.4.1-1 (bug #629131)
	[squeeze] - icinga <not-affected> (Affected feature got introduced in 1.3.1)
	[lenny] - icinga <not-affected> (Affected feature got introduced in 1.3.1)
	NOTE: http://tracker.nagios.org/view.php?id=224
CVE-2011-2178 (The virSecurityManagerGetPrivateData function in security/security_man ...)
	- libvirt 0.9.1-2 (bug #629128)
	[squeeze] - libvirt <not-affected> (Introduced in 0.8.8)
	[lenny] - libvirt <not-affected> (Introduced in 0.8.8)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=709769
	NOTE: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
CVE-2011-2216 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...)
	- asterisk 1:1.8.4.2-1 (bug #629130)
	[lenny] - asterisk <not-affected> (Only affects 1.8)
	[squeeze] - asterisk <not-affected> (Only affects 1.8)
	NOTE: http://downloads.digium.com/pub/security/AST-2011-007.html
CVE-2011-XXXX [unspecified security vulnerabilities]
	- movabletype-opensource 4.3.6+dfsg-1 (bug #627936)
	[squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2
	[lenny] - movabletype-opensource 4.2.3-1+lenny3
CVE-2011-2164 (Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4  ...)
	NOT-FOR-US: Photoshop
CVE-2011-2163 (Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Syste ...)
	NOT-FOR-US: IBM Systems Director
CVE-2011-2162 (Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: duplicate of CVE-2011-1198
CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg before  ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: duplicate of CVE-2011-0723
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2157 (The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSett ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2156 (The SmarterTools SmarterStats 6.0 web server allows remote attackers t ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2155 (Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2154 (login.aspx in the SmarterTools SmarterStats 6.0 web server does not in ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2153 (Login.aspx in the SmarterTools SmarterStats 6.0 web server supports UR ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2152 (The SmarterTools SmarterStats 6.0 web server generates web pages conta ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2151 (The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSetting ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2150 (The SmarterTools SmarterStats 6.0 web server does not properly validat ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2149 (Multiple SQL injection vulnerabilities in the SmarterTools SmarterStat ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2148 (Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server all ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2147 (Openswan 2.2.x does not properly restrict permissions for (1) /var/run ...)
	- openswan <not-affected> (In Debian no starter.pid is ever written and the subsys entry gets created with -rw-r--r-- permissions, bug #628449)
CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Wor ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631507)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-2145 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Wor ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631508)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2009-5075 (Monkey's Audio before 4.02 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Monkey's Audio
CVE-2006-7245 (Monkey's Audio before 4.01b2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Monkey's Audio
CVE-2011-2144 (The eDocument Conversion Actions implementation in IBM Datacap Taskmas ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2143 (IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authenti ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2142 (The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before  ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2141 (SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2140 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2139 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2138 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2137 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2136 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2135 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 bef ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, all ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Su ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2129
	REJECTED
CVE-2011-2128 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows att ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shoc ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe Shockwave P ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in Adobe S ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player befor ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2110 (Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player bef ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2106 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2105 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2104 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2103 (Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2102 (Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on W ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2101 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2100 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2099 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2098 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2097 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2096 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2095 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2094 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2093 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and e ...)
	NOT-FOR-US: Adobe LiveCycle Data Services
CVE-2011-2092 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and e ...)
	NOT-FOR-US: Adobe LiveCycle Data Services
CVE-2011-2091 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-2090
	RESERVED
CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the Versio ...)
	NOT-FOR-US: ICONICS BizViz, GENESIS32
CVE-2011-2088 (XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymp ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2011-2087 (Multiple cross-site scripting (XSS) vulnerabilities in component handl ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2011-2086
	RESERVED
CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in Best Pra ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 all ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical  ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT 3.x bef ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for inventiv ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allo ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it  ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP ...)
	NOT-FOR-US: Historical Chrome issue on Windows
CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922  ...)
	NOT-FOR-US: Skype
CVE-2011-2073
	RESERVED
CVE-2011-2072 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x thro ...)
	NOT-FOR-US: Cisco
CVE-2011-2071
	RESERVED
CVE-2011-2070
	RESERVED
CVE-2011-2069
	RESERVED
CVE-2011-2068
	RESERVED
CVE-2011-2067
	RESERVED
CVE-2011-2066
	RESERVED
CVE-2011-2065
	RESERVED
CVE-2011-2064 (Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Ga ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2063
	RESERVED
CVE-2011-2062
	RESERVED
CVE-2011-2061
	RESERVED
CVE-2011-2060 (The platform-sw component on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2011-2059 (The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2058 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2057 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2056
	RESERVED
CVE-2011-2055
	RESERVED
CVE-2011-2054 (A vulnerability in the Cisco ASA that could allow a remote attacker to ...)
	NOT-FOR-US: Cisco
CVE-2011-2053
	RESERVED
CVE-2011-2052
	RESERVED
CVE-2011-2051
	RESERVED
CVE-2011-2050
	RESERVED
CVE-2011-2049
	RESERVED
CVE-2011-2048
	RESERVED
CVE-2011-2047
	RESERVED
CVE-2011-2046
	RESERVED
CVE-2011-2045
	RESERVED
CVE-2011-2044
	RESERVED
CVE-2011-2043
	RESERVED
CVE-2011-2042 (The Sybase SQL Anywhere database component in Cisco CiscoWorks Common  ...)
	NOT-FOR-US: Cisco CiscoWorks
CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure  ...)
	NOT-FOR-US: Cisco
CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (for ...)
	NOT-FOR-US: Cisco
CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (for ...)
	NOT-FOR-US: Cisco
CVE-2011-2038
	RESERVED
CVE-2011-2037
	RESERVED
CVE-2011-2036
	RESERVED
CVE-2011-2035
	RESERVED
CVE-2011-2034
	RESERVED
CVE-2011-2033
	RESERVED
CVE-2011-2032
	RESERVED
CVE-2011-2031
	RESERVED
CVE-2011-2030
	RESERVED
CVE-2011-2029
	RESERVED
CVE-2011-2028
	RESERVED
CVE-2011-2027
	RESERVED
CVE-2011-2026
	RESERVED
CVE-2011-2025
	RESERVED
CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative passwo ...)
	NOT-FOR-US: Cisco
CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php in Squi ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1
CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c i ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-2021 (Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3  ...)
	NOT-FOR-US: TIBCO iProcess Engine
CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine befo ...)
	NOT-FOR-US: TIBCO iProcess Engine
CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 o ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-2017
	REJECTED
CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows Meetin ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2015
	REJECTED
CVE-2011-2014 (The LDAP over SSL (aka LDAPS) implementation in Active Directory, Acti ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2013 (Integer overflow in the TCP/IP implementation in Microsoft Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2012 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1,  ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese  ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-2009 (Untrusted search path vulnerability in Windows Media Center in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and  ...)
	NOT-FOR-US: Microsoft Host Integration Server
CVE-2011-2007 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and  ...)
	NOT-FOR-US: Microsoft Host Integration Server
CVE-2011-2006
	REJECTED
CVE-2011-2005 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2004 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2003 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2002 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2001 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2000 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1999 (Microsoft Internet Explorer 8 does not properly allocate and access me ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1998 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1997 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1994
	REJECTED
CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2;  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Offic ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in O ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1985 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Off ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize  ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1981
	REJECTED
CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2 ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objec ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly valid ...)
	NOT-FOR-US: Microsoft .NET
CVE-2011-1977 (The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Co ...)
	NOT-FOR-US: Microsoft .NET
CVE-2011-1976 (Cross-site scripting (XSS) vulnerability in the Report Viewer Control  ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing compone ...)
	NOT-FOR-US: Microsoft
CVE-2011-1974 (NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1973
	REJECTED
CVE-2011-1972 (Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not pro ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-1971 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1,  ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1968 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1967 (Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1966 (The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 do ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1965 (Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1964 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1963 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1962 (Microsoft Internet Explorer 6 through 9 does not properly handle unspe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1961 (The telnet URI handler in Microsoft Internet Explorer 6 through 9 does ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1960 (Microsoft Internet Explorer 6 through 9 does not properly implement Ja ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1959 (The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1 ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant; bug #630159)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assis ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the D ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect point ...)
	- wireshark 1.4.6-1 (unimportant)
	[lenny] - wireshark <not-affected> (Affects 1.4.5 only)
	[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1955
	RESERVED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Rev ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in P ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1952 (common.php in Post Revolution before 0.8.0c-2 allows remote attackers  ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1951 (lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global fl ...)
	- syslog-ng 3.2.4-1 (low)
	[squeeze] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
	[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
	NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...)
	- plone3 <removed>
CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in Pr ...)
	- plone3 <removed>
CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allo ...)
	- plone3 <removed>
CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time a ...)
	- fetchmail 6.3.22-1 (unimportant)
	NOTE: http://www.fetchmail.info/fetchmail-SA-2011-01.txt
CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but pr ...)
	NOT-FOR-US: libgnomesu
CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and  ...)
	{DSA-2309-1}
	- openssl 1.0.0e-1 (low)
CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x  ...)
	{DSA-2255-1}
	- libxml2 2.7.8.dfsg-3 (bug #628537)
CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util in t ...)
	- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
	RESERVED
CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin 3. ...)
	- phpmyadmin 4:3.4.1-1
	[lenny] - phpmyadmin <not-affected> (3.4.x only)
	[squeeze] - phpmyadmin <not-affected> (3.4.x only)
CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3. ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.1-1
	[lenny] - phpmyadmin <not-affected> (3.3.x+ only)
	[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
CVE-2011-1939 (SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ...)
	- zendframework 1.11.6-1 (low)
	[squeeze] - zendframework <no-dsa> (Minor issue)
CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext/sock ...)
	{DSA-2399-1}
	- php5 5.3.6-13 (low)
	[lenny] - php5 <not-affected> (The Lenny version doesn't use memcpy)
CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier a ...)
	- webmin <removed>
CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization extens ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d94372 ...)
	- libpcap 1.1.1-4 (low; bug #623868)
	[squeeze] - libpcap 1.1.1-2+squeeze1
	[lenny] - libpcap <not-affected>
	NOTE: <878vsbyviu.fsf@silenus.orebokech.com>
CVE-2011-1934 (lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. ...)
	- lilo 23.1-2 (low; bug #615103)
	[squeeze] - lilo <not-affected> (Introduced in 23.1)
	[lenny] - lilo <not-affected> (Introduced in 23.1)
CVE-2011-1933 (SQL injection vulnerability in Jifty::DBI before 0.68. ...)
	- libjifty-dbi-perl 0.68-1 (low; bug #622919)
	[squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in Wi ...)
	- widelands 1:15-3 (low; bug #617960)
	[lenny] - widelands <no-dsa> (Minor issue)
CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg bef ...)
	- libav 4:0.6.2-3 (bug #624339)
	- ffmpeg <not-affected> (vulnerability introduced in 0.6)
	- ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
CVE-2011-1930 (In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /t ...)
	- klibc 1.5.22-1 (low)
	[squeeze] - klibc 1.5.20-1+squeeze1
	[lenny] - klibc 1.5.12-2lenny1
CVE-2011-1929 (lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2. ...)
	{DSA-2252-1}
	- dovecot 1:2.0.13-1 (bug #627443)
	NOTE: [lenny] - dovecot <not-affected> (Vulnerability introduced in 1.1)
	NOTE: <e15277de7326d4d7f8b560cd853e1a12@muenster.org> claims lenny is affected
CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache Portable Run ...)
	{DSA-2237-2}
	- apr 1.4.5-1 (bug #627182)
CVE-2011-1927 (The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel b ...)
	- linux-2.6 2.6.39-1 (high)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not ...)
	{DSA-2258-1 DSA-2242-1}
	- cyrus-imapd-2.2 2.2.13p1-11 (bug #627081)
	- cyrus-imapd-2.4 2.4.7-1
	- kolab-cyrus-imapd 2.2.13p1-0.1 (bug #629350)
CVE-2011-1925 (nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote ...)
	- nbd 1:2.9.22-1 (bug #627042)
	[wheezy] - nbd <not-affected>
	[squeeze] - nbd <not-affected>
	[lenny] - nbd <not-affected>
CVE-2011-1924 (Buffer overflow in the policy_summarize function in or/policies.c in T ...)
	- tor 0.2.1.30-1
	[squeeze] - tor <no-dsa> (Only affects the central Tor directory servers)
	[lenny] - tor <no-dsa> (Only affects the central Tor directory servers)
CVE-2011-1923 (The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL be ...)
	- polarssl 0.14.3-1 (low; bug #616114)
	[squeeze] - polarssl <no-dsa> (Minor issue)
CVE-2011-1922 (daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functiona ...)
	- unbound 1.4.10-1 (unimportant)
	[lenny] - unbound 1.4.6-1~lenny2 (unimportant)
	[squeeze] - unbound 1.4.6-1+squeeze2 (unimportant)
	NOTE: http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt
	NOTE: asserts not enabled in Debian build
CVE-2011-1921 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake 1.111  ...)
	- pmake 1.111-3 (low; bug #626673)
	[squeeze] - pmake 1.111-2+squeeze1
	[lenny] - pmake 1.111-1+lenny1
CVE-2011-1919 (Multiple stack-based buffer overflows in GE Intelligent Platforms Prof ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2011-1918 (Stack-based buffer overflow in the Data Archiver service in GE Intelli ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2011-1917
	RESERVED
CVE-2011-1916
	RESERVED
CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution ...)
	NOT-FOR-US: Enspire Distribution Management Solution
CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Se ...)
	NOT-FOR-US: ActiveX
CVE-2011-1913 (SQL injection vulnerability in the login form in the web interface in  ...)
	NOT-FOR-US: Mercator SENTINEL
CVE-2011-1912
	RESERVED
CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 ...)
	NOT-FOR-US: JasperReports Server
CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x befor ...)
	{DSA-2244-1}
	- bind9 1:9.8.1.dfsg-1 (high)
	NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html
CVE-2011-1909
	RESERVED
CVE-2011-1908 (Integer overflow in the Type 1 font decoder in the FreeType engine in  ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...)
	NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging S ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint M ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint M ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web Studi ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-1899 (Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0. ...)
	NOT-FOR-US: CA eHealth
CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough  ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	[lenny] - xen-3 <not-affected>
CVE-2011-1897 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unifie ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1896 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unifie ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified Access Gat ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and S ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoi ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 a ...)
	NOT-FOR-US: MS Windows
CVE-2011-1887 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 a ...)
	NOT-FOR-US: MS Windows
CVE-2011-1886 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does ...)
	NOT-FOR-US: MS Windows
CVE-2011-1885 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1884 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1883 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1882 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1881 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1880 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1878 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1877 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1876 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1875 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1874 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1873 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1872 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 all ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1871 (Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2011-1870 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) i ...)
	NOT-FOR-US: MS Windows
CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1868 (The Distributed File System (DFS) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote attackers to ...)
	NOT-FOR-US: Android Browser
CVE-2011-XXXX [fglrx-driver xauth cookie leak]
	- fglrx-driver 1:11-6-3 (low; bug #625868)
	[squeeze] - fglrx-driver <no-dsa> (Non-free not supported)
	[lenny] - fglrx-driver <no-dsa> (Non-free not supported)
CVE-2011-1907 (ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...)
	- bind9 1:9.8.1.dfsg.P1-1
	[squeeze] - bind9 <not-affected> (Only affects 9.8.0)
	[lenny] - bind9 <not-affected> (Only affects 9.8.0)
CVE-2011-1765 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, w ...)
	- mediawiki <not-affected> (Incomplete fix was never released for Debian, neither in sid, nor oldstable/stable)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
CVE-2011-1766 (includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogi ...)
	- mediawiki <not-affected> (Vulnerable code not present, planned next upload will skip it)
	[lenny] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.16.0)
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.16.0)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
CVE-2011-1867 (Stack-based buffer overflow in iNodeMngChecker.exe in the User Access  ...)
	NOT-FOR-US: iNodeMngChecker.exe of HP Intelligent Management Center
CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView Sto ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP OpenVi ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6 ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7 ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...)
	NOT-FOR-US: HP Business Availability
CVE-2011-1855 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x all ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1853 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0 ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1852 (Multiple stack-based buffer overflows in tftpserver.exe in HP Intellig ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1851 (Stack-based buffer overflow in tftpserver.exe in HP Intelligent Manage ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1850 (Stack-based buffer overflow in the logging functionality in dbman.exe  ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1849 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0 ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1848 (Stack-based buffer overflow in img.exe in HP Intelligent Management Ce ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1847 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows  ...)
	NOT-FOR-US: IBM DB2 9.5
CVE-2011-1846 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows  ...)
	NOT-FOR-US: IBM DB2 9.5
CVE-2011-1845 (Multiple memory leaks in the DataGrid control implementation in Micros ...)
	NOT-FOR-US: Silverlight
CVE-2011-1844 (Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remot ...)
	NOT-FOR-US: Silverlight
CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remot ...)
	- tinyproxy 1.8.2-2 (unimportant; bug #627503)
	[squeeze] - tinyproxy 1.8.2-1squeeze2 (unimportant)
	NOTE: Only exploitable through config files, which are under admin control
CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before 0 ...)
	NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in Mojo ...)
	{DSA-2239-1}
	- libmojolicious-perl 1.12-1
CVE-2011-1840 (The MartiniCreations PassmanLite Password Manager application before 1 ...)
	NOT-FOR-US: MartiniCreations PassmanLite Password Manager for Android
CVE-2011-1839 (IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirec ...)
	NOT-FOR-US: IBM Rational Build Forge 7.1.0
CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.p ...)
	- twiki <removed>
CVE-2011-1837 (The lock-counter implementation in utils/mount.ecryptfs_private.c in e ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1836 (utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not es ...)
	- ecryptfs-utils 92-1
	[squeeze] - ecryptfs-utils <not-affected> (Vulnerable code not present)
	[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
CVE-2011-1835 (The encrypted private-directory setup process in utils/ecryptfs-setup- ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1834 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in ...)
	{DSA-2443-1}
	- ecryptfs-utils 92-1
	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
	- linux-2.6 3.1.1-1
	NOTE: cannot be fixed in ecryptfs-utils (squeeze, lenny) until kernel fix is in place
CVE-2011-1832 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1831 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1830 (Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga ...)
	- ekiga <not-affected> (Vulnerable code not in a released version)
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647 (EKIGA_3_3_0)
	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/ekiga/commit/87d3a0824b373a3d16e9198540174ce16e4ab3db (EKIGA_3_3_0)
CVE-2011-1829 (APT before 0.8.15.2 does not properly validate inline GPG signatures,  ...)
	- apt 0.8.15.2
	[squeeze] - apt <not-affected> (Vulnerable code not present)
	[lenny] - apt <not-affected> (Vulnerable code not present)
CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce int ...)
	NOT-FOR-US: usb-creator, Ubuntu-specific package
CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5 check ...)
	{DSA-2239-1}
	- libmojolicious-perl 0.999929-1
CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform C ...)
	{DSA-2239-1}
	- libmojolicious-perl 0.999929-1
CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static implementat ...)
	- libmojolicious-perl <not-affected> (Fixed before initial upload)
CVE-2011-XXXX [spip DoS]
	- spip 2.1.11-0.1
	[squeeze] - spip 2.1.1-3squeeze1
CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network Extend ...)
	NOT-FOR-US: Check Point
CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in BaconMap  ...)
	NOT-FOR-US: BaconMap
CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote ...)
	NOT-FOR-US: BaconMap
CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when m ...)
	NOT-FOR-US: Chipmunk Pwngame
CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 al ...)
	NOT-FOR-US: OrangeHRM
CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth  ...)
	NOT-FOR-US: Truworth Flex Timesheet
CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote at ...)
	NOT-FOR-US: PHPYun
CVE-2010-4795 (SQL injection vulnerability in the JS Calendar (com_jscalendar) compon ...)
	NOT-FOR-US: JS Calendar component for Joomla!
CVE-2010-4794 (Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSelle ...)
	NOT-FOR-US: JoomlaSeller JS Calendar component for Joomla!
CVE-2010-4793 (SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager  ...)
	NOT-FOR-US: Site2Nite Auto e-Manager
CVE-2010-4792 (Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverL ...)
	NOT-FOR-US: OPEN IT OverLook
CVE-2010-4791 (SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_us ...)
	NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion
CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and proba ...)
	NOT-FOR-US: FilterFTP
CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot  ...)
	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the Administrat ...)
	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not prop ...)
	NOT-FOR-US: Opera
CVE-2011-1823 (The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 tru ...)
	NOT-FOR-US: Android
CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 b ...)
	NOT-FOR-US: Tivoli
CVE-2011-1821 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 o ...)
	NOT-FOR-US: Tivoli
CVE-2011-1820 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010,  ...)
	NOT-FOR-US: Tivoli
CVE-2011-1819 (Google Chrome before 12.0.742.91 allows remote attackers to perform un ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions)
CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google Chrome befo ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86725
CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement history d ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google Chrome b ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86507
CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to inject scr ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions specific)
CVE-2011-1814 (Google Chrome before 12.0.742.91 attempts to read data from an uniniti ...)
	- chromium-browser <not-affected> (chromium pdiflugin)
	- webkit <not-affected> (chromium pdf plugin)
CVE-2011-1813 (Google Chrome before 12.0.742.91 does not properly implement the frame ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1812 (Google Chrome before 12.0.742.91 allows remote attackers to bypass int ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions)
CVE-2011-1811 (Google Chrome before 12.0.742.91 does not properly handle a large numb ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1810 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/83345
CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in Google Ch ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80890
CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before 12.0.742.91 allow ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84096
	NOTE: http://trac.webkit.org/changeset/84098
	NOTE: http://trac.webkit.org/changeset/84119
CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle blobs, which ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement the GPU c ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1805 (Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote at ...)
	- chromium-browser 11.0.696.65~r84435-1
CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86448
CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...)
	- chromium-browser 11.0.696.71~r86024-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/85977
CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in WebCor ...)
	- chromium-browser 11.0.696.68~r84545-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/85926
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of va ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.68~r84545-1
CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	{DSA-2245-1}
	- chromium-browser 12.0.742.91~r87961-1
CVE-2011-1796 (Use-after-free vulnerability in the FrameView::calculateScrollbarModes ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84300
CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement function i ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/83690
CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function in platf ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84422
CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Goog ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/85406
CVE-2011-1792
	RESERVED
CVE-2011-1791
	RESERVED
CVE-2011-1790
	RESERVED
CVE-2010-4789 (Use-after-free vulnerability in the proxy-server implementation in IBM ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4788 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2010-4787 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2010-4786 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2010-4785 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server  ...)
	NOT-FOR-US: Tivoli
CVE-2009-5073 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2009-5072 (Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Se ...)
	NOT-FOR-US: Tivoli
CVE-2008-7290 (Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directo ...)
	NOT-FOR-US: Tivoli
CVE-2008-7289 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 d ...)
	NOT-FOR-US: Tivoli
CVE-2008-7288 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 o ...)
	NOT-FOR-US: Tivoli
CVE-2008-7287 (Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_dir ...)
	NOT-FOR-US: Tivoli
CVE-2007-6743 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 bef ...)
	NOT-FOR-US: Tivoli
CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2  ...)
	NOT-FOR-US: Tivoli
CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package  ...)
	NOT-FOR-US: vSphere
CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Up ...)
	NOT-FOR-US: vCenter
CVE-2011-1787 (Race condition in mount.vmhgfs in the VMware Host Guest File System (H ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631506)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 be ...)
	NOT-FOR-US: Likewise
CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to  ...)
	NOT-FOR-US: VMware
CVE-2011-1784 (The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and e ...)
	- keepalived 1:1.2.2-2 (low; bug #626281)
	[lenny] - keepalived <no-dsa> (Minor issue)
	[squeeze] - keepalived 1:1.1.20-1+squeeze1
CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in file-p ...)
	{DSA-2426-1}
	- gimp 2.6.11-3 (bug #629830)
CVE-2011-1781 (SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows ...)
	- systemtap 1.6-1 (bug #628819)
	[squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
	[lenny] - systemtap <not-affected> (Only affects version 1.4.x)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
CVE-2011-1780 (The instruction emulation in Xen 3.0.3 allows local SMP guest users to ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5  ...)
	- libarchive 3.0.4-2 (bug #669197)
	[squeeze] - libarchive <not-affected> (vulnerable code not present in 2.x series)
	NOTE: http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7
	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to ...)
	{DSA-2413-1}
	- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1777 (Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_d ...)
	{DSA-2413-1}
	- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel b ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1 (low)
CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx i ...)
	- tigervnc <not-affected> (Fixed before initial release in Debian)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/ce6c8b097f0d5b161039dc8c8208aff078d433ff
CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security sett ...)
	NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue
	NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when  ...)
	NOT-FOR-US: virt-v2v
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
	- libstruts1.2-java <not-affected> (xwork introduced in 2.x)
CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel before 2 ...)
	- linux-2.6 2.6.38-4
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-1770 (Integer underflow in the dccp_parse_options function (net/dccp/options ...)
	{DSA-2240-1}
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34squeeze1
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit e77b8363b2ea7c0d89919547c1a8b0562f298b57)
CVE-2011-1769 (SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is ena ...)
	- systemtap 1.6-1 (unimportant; bug #628819)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
	NOTE: http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
	NOTE: a DoS with a very limited exploitation possibility
CVE-2011-1768 (The tunnels implementation in the Linux kernel before 2.6.34, when tun ...)
	{DSA-2264-1}
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-1767 (net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is co ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-34squeeze1
CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in ...)
	{DSA-2232-1}
	- exim4 4.75-3 (high; bug #624670)
	[lenny] - exim4 <not-affected> (vulnerable code not present)
CVE-2011-1763 (The get_free_port function in Xen allows local authenticated DomU user ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1762
	RESERVED
CVE-2011-1761 (Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1 (low; bug #625966)
CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users  ...)
	{DSA-2254-2 DSA-2254-1}
	- oprofile 0.9.6-1.2 (medium; bug #624212)
CVE-2011-1759 (Integer overflow in the sys_oabi_semtimedop function in arch/arm/kerne ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1
CVE-2011-1758 (The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in Sy ...)
	- sssd <not-affected> (Only affects version 1.5+)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=700867
	NOTE: http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a
CVE-2011-1757 (DJabberd 0.84 and earlier does not properly detect recursion during en ...)
	NOTE: DJabberd
CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly ...)
	{DSA-2250-1}
	- citadel 8.04-1 (medium)
CVE-2011-1755 (jabberd2 before 2.2.14 does not properly detect recursion during entit ...)
	- jabberd2 2.2.8-2.1 (medium)
CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion durin ...)
	{DSA-2249-1}
	- jabberd14 1.6.1.1-5.1
CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and ...)
	{DSA-2248-1}
	- ejabberd 2.1.6-2.1 (medium)
CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1751 (The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Managem ...)
	{DSA-2241-1}
	- qemu-kvm 0.14.1+dfsg-1
	- kvm <undetermined>
CVE-2011-1750 (Multiple heap-based buffer overflows in the virtio-blk driver (hw/virt ...)
	{DSA-2230-1}
	- qemu-kvm 0.14.1+dfsg-1 (bug #624177)
	- kvm <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906
CVE-2011-1749 (The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.ns ...)
	- nfs-utils 1:1.2.3-3 (low; bug #629420)
	[squeeze] - nfs-utils 1:1.2.2-4squeeze2
	[lenny] - nfs-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before 2 ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1
CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not pr ...)
	- linux-2.6 <removed> (unimportant)
	NOTE: Can only be triggered with root equivalent privs -> non-issue
CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_ ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in drivers/ ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1744 (EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin  ...)
	NOT-FOR-US: EMC
CVE-2011-1743 (Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 b ...)
	NOT-FOR-US: EMC
CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext account cred ...)
	NOT-FOR-US: EMC
CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbir ...)
	NOT-FOR-US: OpenText Hummingbird Client Connector
CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authen ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...)
	NOT-FOR-US: FreeBSD mountd
CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Dev ...)
	NOT-FOR-US: HP Palm webOS
CVE-2011-1737 (Multiple cross-site scripting (XSS) vulnerabilities in the Email appli ...)
	NOT-FOR-US: HP Palm webOS
CVE-2011-1736 (Directory traversal vulnerability in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1735 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1734 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1733 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1732 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1731 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1730 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1729 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1728 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13,  ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13,  ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9 ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment before 6.3  ...)
	NOT-FOR-US: HP Virtual Server Environment
CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rht ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_di ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2011-1721 (Cross-site request forgery (CSRF) vulnerability in php/partie_administ ...)
	NOT-FOR-US: WebJaxe
CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x b ...)
	{DSA-2233-1}
	- postfix 2.8.3-1
	NOTE: http://www.postfix.org/CVE-2011-1720.html
CVE-2011-1719 (Multiple stack-based buffer overflows in the Web Viewer ActiveX contro ...)
	NOT-FOR-US: ActiveX
CVE-2011-1718 (The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 be ...)
	NOT-FOR-US: CA SiteMinder
CVE-2011-1716 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in X ...)
	- xymon 4.3.7-1
	[wheezy] - xymon <no-dsa> (Minor issue)
	[squeeze] - xymon <no-dsa> (Minor issue)
CVE-2009-5071 (Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown i ...)
	NOT-FOR-US: Palm WebOS
CVE-2011-1717 (Skype for Android stores sensitive user data without encryption in sql ...)
	NOT-FOR-US: Skype for Android
CVE-2011-1715 (Directory traversal vulnerability in framework/source/resource/qx/test ...)
	NOT-FOR-US: QooxDoo
CVE-2011-1714 (Cross-site scripting (XSS) vulnerability in framework/source/resource/ ...)
	NOT-FOR-US: QooxDoo
CVE-2011-1713 (Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allo ...)
	NOT-FOR-US: Microsoft
CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.c ...)
	- iceweasel 4.0.1-1 (unimportant)
CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in No ...)
	NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
CVE-2011-1710 (Multiple integer overflows in the HTTP server in the Novell XTier fram ...)
	NOT-FOR-US: Novell XTier
CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, ena ...)
	- gdm3 <not-affected> (Vulnerable code patched out in Debian package in sid, patched in 3.0.4 experimental)
	- gdm <not-affected> (Vulnerable code not present)
CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1698
	RESERVED
CVE-2011-1697
	RESERVED
CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager (a ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2011-1695
	RESERVED
CVE-2011-1694
	RESERVED
CVE-2011-1693
	RESERVED
CVE-2011-1692
	RESERVED
CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in t ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82222
CVE-2011-1690 (Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8 ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1689 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical  ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1688 (Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1687 (Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1686 (Multiple SQL injection vulnerabilities in Best Practical Solutions RT  ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1685 (Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4. ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x b ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
	- phplist <itp> (bug #612288)
CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...)
	{DSA-2218-1}
	- vlc 1.1.8-3 (medium)
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	[squeeze] - vlc 1.1.3-1squeeze5
	NOTE: CVE id requested
CVE-2011-1681 (vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-t ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (low; bug #623968)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ loc ...)
	- ncpfs 2.2.6-9 (low; bug #660545)
	[squeeze] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the  ...)
	- ncpfs 2.2.6-9 (low; bug #660545)
	[squeeze] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to app ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:5.1-1 (low)
	[squeeze] - cifs-utils 2:4.5-2+squeeze1
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lo ...)
	- util-linux 2.20.1-1 (low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...)
	NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983
CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the /etc/mt ...)
	- util-linux 2.20.1-1 (low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attacke ...)
	NOT-FOR-US: NetGear ProSafe WNAP210
CVE-2011-1673 (BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attacker ...)
	NOT-FOR-US: NetGear ProSafe WNAP210
CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier ...)
	NOT-FOR-US: Dell KACE K2000 Systems Deployment Appliance
CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in app/controllers/todos_cont ...)
	NOT-FOR-US: Tracks
CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
	NOT-FOR-US: InTerra
CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in the WP Custom  ...)
	NOT-FOR-US: WP Custom Pages module for WordPress
CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web Conte ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows  ...)
	NOT-FOR-US: Anzeigenmarkt
CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Metaways Tine
CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: PHPBoost
CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in the Translation Man ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1663 (SQL injection vulnerability in the Translation Management module 6.x b ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management mod ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_ ...)
	NOT-FOR-US: Node Quick Find module for Drupal
CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamic ...)
	NOT-FOR-US: GrapeCity Data Dynamics Reports
CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
	- eglibc 2.13-8
	[squeeze] - eglibc 2.11.3-2
	- glibc 2.13-8
	[lenny] - glibc <no-dsa> (Minor issue)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expan ...)
	- eglibc 2.13-33 (low; bug #672119)
	[squeeze] - eglibc <not-affected>
CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions i ...)
	{DSA-2408-1}
	- php5 5.3.7-1 (unimportant)
	NOTE: safe mode not supported
CVE-2011-1656
	RESERVED
CVE-2011-1655 (The management.asmx module in the Management Web Service in the Unifie ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1654 (Directory traversal vulnerability in the Heartbeat Web Service in CA.I ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1653 (Multiple SQL injection vulnerabilities in the Unified Network Control  ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1652 (** DISPUTED ** The default configuration of Microsoft Windows 7 immedi ...)
	NOT-FOR-US: Microsoft Windows 7
CVE-2010-4784 (Multiple SQL injection vulnerabilities in member.php in PHP Web Script ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4783 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4782 (Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal ( ...)
	NOT-FOR-US: Softwebs Nepal Ananda Real Estate
CVE-2010-4781 (index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1. ...)
	NOT-FOR-US: Enano CMS
CVE-2010-4780 (SQL injection vulnerability in the check_banlist function in includes/ ...)
	NOT-FOR-US: Enano CMS
CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php  ...)
	NOT-FOR-US: WPtouch plugin for WordPress
CVE-2011-1651 (Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when ...)
	NOT-FOR-US: Cisco
CVE-2011-1650
	RESERVED
CVE-2011-1649 (The Internet Streamer application in Cisco Content Delivery System (CD ...)
	NOT-FOR-US: Cisco
CVE-2011-1648
	RESERVED
CVE-2011-1647 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...)
	NOT-FOR-US: Cisco
CVE-2011-1646 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...)
	NOT-FOR-US: Cisco
CVE-2011-1645 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...)
	NOT-FOR-US: Cisco
CVE-2011-1644
	RESERVED
CVE-2011-1643 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1642
	RESERVED
CVE-2011-1641
	RESERVED
CVE-2011-1640 (The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1639
	RESERVED
CVE-2011-1638
	RESERVED
CVE-2011-1637 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software be ...)
	NOT-FOR-US: Cisco
CVE-2011-1636
	RESERVED
CVE-2011-1635
	RESERVED
CVE-2011-1634
	RESERVED
CVE-2011-1633
	RESERVED
CVE-2011-1632
	RESERVED
CVE-2011-1631
	RESERVED
CVE-2011-1630
	RESERVED
CVE-2011-1629
	RESERVED
CVE-2011-1628
	RESERVED
CVE-2011-1627
	RESERVED
CVE-2011-1626
	RESERVED
CVE-2011-1625 (Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switchi ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1624 (Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1623 (Cisco Media Processing Software before 1.2 on Media Experience Engine  ...)
	NOT-FOR-US: Cisco
CVE-2011-1622
	RESERVED
CVE-2011-1621
	RESERVED
CVE-2011-1620
	RESERVED
CVE-2011-1619
	RESERVED
CVE-2011-1618
	RESERVED
CVE-2011-1617
	RESERVED
CVE-2011-1616
	RESERVED
CVE-2011-1615
	RESERVED
CVE-2011-1614
	RESERVED
CVE-2011-1613 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2011-1612
	RESERVED
CVE-2011-1611
	RESERVED
CVE-2011-1610 (Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1609 (SQL injection vulnerability in Cisco Unified Communications Manager (a ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1608
	RESERVED
CVE-2011-1607 (Directory traversal vulnerability in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1606 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1605 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM, formerl ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1603 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software be ...)
	NOT-FOR-US: Cisco
CVE-2011-1602 (The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones ...)
	NOT-FOR-US: Cisco
CVE-2011-1601
	RESERVED
CVE-2011-1600
	RESERVED
CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x befor ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before 2 ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
	REJECTED
CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in disk. ...)
	- rdesktop 1.7.0-1 (low; bug #623552)
	[squeeze] - rdesktop <no-dsa> (Minor issue)
	[lenny] - rdesktop <no-dsa> (Minor issue)
CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Netwo ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x b ...)
	- wireshark <not-affected> (Windows-specific)
CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in epan/dissectors/p ...)
	- wireshark 1.4.5-1
	[squeeze] - wireshark <not-affected> (Only affects 1.4.x)
	[lenny] - wireshark <not-affected> (Only affects 1.4.x)
CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x befor ...)
	{DSA-2274-1}
	- wireshark 1.4.5-1 (unimportant)
CVE-2011-1589 (Directory traversal vulnerability in Path.pm in Mojolicious before 1.1 ...)
	{DSA-2221-1}
	- libmojolicious-perl 1.16-1
CVE-2011-1588 (Thunar before 1.3.1 could crash when copy and pasting a file name with ...)
	- thunar <not-affected> (Introduced in 1.2, only in experimental)
	NOTE: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, w ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1586 (Directory traversal vulnerability in the KGetMetalink::File::isValidNa ...)
	- kdenetwork 4:4.6.3-1
	[squeeze] - kdenetwork 4:4.4.5-2+squeeze1
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kerne ...)
	{DSA-2240-1}
	- linux-2.6 <removed> (unimportant)
	NOTE: an exploitation requires the ability to run mount.cifs w/ root privs
CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the Media Ma ...)
	- dotclear <not-affected> (Fixed before initial upload to archive)
CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xe ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	- xen-3 <removed>
	[lenny] - xen-3 <no-dsa> (Minor issue; only marginally affected)
CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servl ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1581 (The bond_select_queue function in drivers/net/bonding/bond_main.c in t ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3 does not ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext parser ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, w ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in fs/partitio ...)
	{DSA-2264-1}
	- linux-2.6 2.6.39-3 (low)
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-1576 (The Generic Receive Offload (GRO) implementation in the Linux kernel 2 ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-5
	[lenny] - linux-2.6 <not-affected> (Code not present)
	NOTE: "...code path in question is no longer reachable..." not sure when this was fixed
CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)
	- pure-ftpd 1.0.30-1 (low)
	[squeeze] - pure-ftpd 1.0.28-3+squeeze1
	[lenny] - pure-ftpd <no-dsa> (Minor issue)
CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in l ...)
	{DSA-2226-1}
	- libmodplug 1:0.8.8.2-1 (low; bug #622091)
CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip ...)
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-34
	NOTE: http://xorl.wordpress.com/2011/05/08/cve-2011-1573-linux-kernel-sctp-initinit-ack-length-miscalculation/
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8170c35e738d62e9919ce5b109cf4ed66e9
CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands (ADC)  ...)
	{DSA-2215-1}
	- gitolite 1.5.7-2
	NOTE: https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075
	NOTE: https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc
	[squeeze] - gitolite 1.5.4-2+squeeze1
CVE-2011-1571 (Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1570 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1569 (download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obta ...)
	NOT-FOR-US: Douran Portal
CVE-2011-1568 (Format string vulnerability in the logText function in shmemmgr9.dll i ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1567 (Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11 ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1566 (Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier  ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1565 (Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063  ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1564 (Multiple integer overflows in the HMI application in DATAC RealFlex Re ...)
	NOT-FOR-US: DATAC RealFlex RealWin
CVE-2011-1563 (Multiple stack-based buffer overflows in the HMI application in DATAC  ...)
	NOT-FOR-US: DATAC RealFlex RealWin
CVE-2011-1562 (Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attacker ...)
	NOT-FOR-US: Ecava IntegraXor HMI
CVE-2011-1561 (The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, whe ...)
	NOT-FOR-US: IBM AIX 6.1
CVE-2011-1560 (solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x  ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-1559 (Unspecified vulnerability in the IBM Web Interface for Content Managem ...)
	NOT-FOR-US: IBM WEBi
CVE-2011-1558 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...)
	NOT-FOR-US: IBM WEBi
CVE-2009-5070
	RESERVED
CVE-2009-5069
	RESERVED
CVE-2009-5068 (There is a file disclosure vulnerability in SMF (Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows remot ...)
	- html2ps 1.0b7-1 (low; bug #548633)
	[squeeze] - html2ps <no-dsa> (Minor issue)
CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...)
	- jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages)
CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
CVE-2011-XXXX [drupal6-mod-tagadelic XSS]
	- drupal6-mod-tagadelic 1.3-1 (low)
	NOTE: DRUPAL-SA-CONTRIB-2011-013
CVE-2011-1557 (SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remot ...)
	NOT-FOR-US: ICloudCenter ICJobSite
CVE-2011-1556 (SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Ap ...)
	NOT-FOR-US: Aphpkb
CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs. ...)
	- imp4 4.3.10+debian0-1
	[squeeze] - imp4 <no-dsa> (Minor issue)
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3. ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xp ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ direc ...)
	- cobbler <not-affected> (bug #796151; perms different on Debian)
	NOTE: /var/log/cobbler is set to cobbler:cobbler and daemon runs as root
CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses r ...)
	- logrotate <not-affected> (SuSE-specific, see CVE-2011-1548 for Debian)
CVE-2011-1549 (The default configuration of logrotate on Gentoo Linux uses root privi ...)
	- logrotate <not-affected> (Gentoo-specific, see CVE-2011-1548 for Debian)
CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root p ...)
	- logrotate 3.7.8-6
CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and  ...)
	- eglibc 2.10.1-7
	- glibc 2.10.1-7
	NOTE: Obscure attack
CVE-2011-1547 (Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0 ...)
	NOT-FOR-US: NetBSD
CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Ap ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1545 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2011-1544 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2011-1543 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight  ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2011-1542 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2011-1541 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8 ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack ( ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1536 (Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5 ...)
	NOT-FOR-US: HP Performance Insight
CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linu ...)
	NOT-FOR-US: HP Insight Control
CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x all ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-1533 (Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1532 (Unspecified vulnerability in the SNMP component on the HP Photosmart D ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1531 (The webscan component in the Embedded Web Server (EWS) on the HP Photo ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1530 (The process_tgs_req function in do_tgs_req.c in the Key Distribution C ...)
	- krb5 1.10+dfsg~alpha1-7
	[squeeze] - krb5 <not-affected> (Only affecs 1.9 and higher)
	[lenny] - krb5 <not-affected> (Only affecs 1.9 and higher)
CVE-2011-1529 (The lookup_lockout_policy function in the Key Distribution Center (KDC ...)
	{DSA-2379-1}
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1528 (The krb5_ldap_lockout_audit function in the Key Distribution Center (K ...)
	{DSA-2379-1}
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1527 (The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerber ...)
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[squeeze] - krb5 <not-affected> (Introduced in 1.9)
	[lenny] - krb5 <not-affected> (Introduced in 1.9)
CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Application ...)
	{DSA-2283-1}
	- krb5-appl 1:1.0.1-1.1
CVE-2011-1525 (Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer  ...)
	NOT-FOR-US: RealPlayer
CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI p ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.c ...)
	- nagios3 3.2.3-3 (bug #629127)
	- icinga 1.4.1-1 (bug #629131)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[lenny] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - icinga <no-dsa> (Minor issue)
	[lenny] - icinga <no-dsa> (Minor issue)
	NOTE: http://tracker.nagios.org/view.php?id=207
CVE-2011-1522 (Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\ ...)
	{DSA-2223-1}
	- doctrine 1.2.4-1 (bug #622674)
CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14 ...)
	- perl 5.20.1-1 (unimportant; bug #628836)
	NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug
	NOTE: likely fixed sometime around 5.18, but 5.20 was the version checked
CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c in libp ...)
	- libpng 1.2.39-1 (unimportant)
CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions be ...)
	- libpng 1.2.39-1 (unimportant)
CVE-2011-1520 (The default configuration of the server console in IBM Lotus Domino do ...)
	NOT-FOR-US: Lotus Domino
CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino 7.x an ...)
	NOT-FOR-US: Lotus Domino
CVE-2011-1518 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	{DSA-2231-1}
	- otrs2 2.4.10+dfsg1-1
CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x befo ...)
	{DLA-25-1}
	- python3.1 <removed> (bug #628453)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2-3
	- python2.7 2.7.1-7
	- python2.6 2.6.7-1 (bug #628455)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue11662
CVE-2011-XXXX [htmlpurifier various]
	- php-htmlpurifier 4.3.0+dfsg1-1 (unimportant)
	- mahara 1.2.5-1
	[lenny] - mahara 1.0.4-4+lenny10
	NOTE: http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released
	NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself
	NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara)
CVE-2011-1517 (SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service c ...)
	NOT-FOR-US: SAP
CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1513 (Static code injection vulnerability in install_.php in e107 CMS 0.7.24 ...)
	NOT-FOR-US: e107
CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used i ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk P ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1 ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre On ...)
	NOT-FOR-US: PreProjects Pre Online Tests Generator Pro
CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5  ...)
	NOT-FOR-US: Relevant Content addon for Drupal
CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote a ...)
	NOT-FOR-US: AuraCMS
CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D  ...)
	NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service
CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2 ...)
	NOT-FOR-US: S-CMS
CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remot ...)
	NOT-FOR-US: S-CMS
CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD Renta ...)
	NOT-FOR-US: CommodityRentals DVD Rentals Script
CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) compone ...)
	NOT-FOR-US: Jimtawl
CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and Mail ...)
	NOT-FOR-US: Kerio
CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2011-1504 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1503 (The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x a ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1502 (Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1501
	REJECTED
CVE-2011-1500 (PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict  ...)
	- pithos 0.3.8-1 (low)
CVE-2011-1499 (acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting s ...)
	{DSA-2222-1}
	- tinyproxy 1.8.2-2 (bug #621493)
	[lenny] - tinyproxy <not-affected> (Vulnerable code not present)
CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...)
	- httpcomponents-client 4.1.1-1 (bug #628727)
	[squeeze] - httpcomponents-client 4.0.1-1squeeze1
	NOTE: http://seclists.org/oss-sec/2011/q2/188
	NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
CVE-2011-1497
	RESERVED
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...)
	{DSA-2212-1}
	- tmux 1.4-6 (bug #620304)
	NOTE: CVE id requested
CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earl ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/m ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1493 (Array index error in the rose_parse_national function in net/rose/rose ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not prop ...)
	- roundcube 0.5.1-1
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly han ...)
	- roundcube 0.5.1-1 (low)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-1490 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1489 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1488 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1487 (The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.1 ...)
	{DSA-2265-1}
	- perl 5.10.1-20 (unimportant; bug #622817)
	NOTE: http://nntp.perl.org/group/perl.perl5.porters/171010
CVE-2011-1486 (libvirtd in libvirt before 0.9.0 does not use thread-safe error report ...)
	{DSA-2280-1}
	- libvirt 0.9.0-1 (low; bug #623222)
	[lenny] - libvirt <no-dsa> (Minor issue)
CVE-2011-1485 (Race condition in the pkexec utility and polkitd daemon in PolicyKit ( ...)
	{DSA-2319-1}
	- policykit-1 0.101-4 (bug #644500)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922
CVE-2011-1484 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...)
	NOT-FOR-US: JBoss Seam
CVE-2011-1483 (wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise ...)
	NOT-FOR-US: JBoss Enterprise Web Platform
CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration backend ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1479 (Double free vulnerability in the inotify subsystem in the Linux kernel ...)
	- linux-2.6 2.6.38-4
	[lenny] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
	[squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
CVE-2011-1478 (The napi_reuse_skb function in net/core/dev.c in the Generic Receive O ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1477 (Multiple array index errors in sound/oss/opl3.c in the Linux kernel be ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the Linu ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1474 (A locally locally exploitable DOS vulnerability was found in pax-linux ...)
	NOT-FOR-US: PaX hardening patch
	NOTE: http://seclists.org/oss-sec/2011/q1/579
CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...)
	NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456
	NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically p ...)
	NOT-FOR-US: Nokia E75 phone
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 servi ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7285 (Unspecified vulnerability in the docnote string handling implementatio ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP b ...)
	{DSA-2266-1}
	- php5 5.3.6-1
CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent attacke ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 mig ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: under normal conditions the amount of memory leaked is insignificant
CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfm ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	[lenny] - php5 <not-affected> (intl extension included since 5.3)
	NOTE: Only triggerable with malicious script
CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension ...)
	{DSA-2266-1}
	- php5 5.3.6-1
	NOTE: null pointer deref because of int overflow. Fix has a bug
CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc in Goo ...)
	- chromium-browser <not-affected> (only the dev version was affected)
	- webkit <not-affected> (chromium specific)
CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the p ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: ini setting needs to be modified.
CVE-2011-1463
	RESERVED
CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1461
	RESERVED
CVE-2011-1460 (WebKit in Google Chrome before Blink M11 contains a bad cast to Render ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1459 (The WebKit::WebPluginContainerImpl::handleEvent function in Google Chr ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1458
	RESERVED
CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, w ...)
	- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF document ...)
	- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling functionality in G ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84015
CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id maps, ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/83209
CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file dialog ...)
	- chromium-browser 11.0.696.65~r84435-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in Googl ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82088
CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform height calc ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81786
CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle drop-down li ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81851
CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to spoof the  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG document ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81689
CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.65~r84435-1
	- webkit <not-affected> (chromium sandbox)
CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement layering, ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82624
CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle mutation eve ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81611
CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a cast of a ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80773
	NOTE: http://trac.webkit.org/changeset/81088
CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 allow ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.65~r84435-1
	NOTE: http://trac.webkit.org/changeset/84009
CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly isolate re ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to bypass the ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81399
CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57 allow r ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/79462
CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly interact w ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1435 (Google Chrome before 11.0.696.57 does not properly implement the tabs  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1434 (Google Chrome before 11.0.696.57 does not ensure thread safety during  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in Open Ti ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security impact
CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly disab ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly handl ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System (OTRS) be ...)
	- otrs2 2.4.7+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in Open T ...)
	- otrs2 2.4.8+dfsg1-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...)
	- otrs2 2.4.10+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket Request Sys ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security impact
CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor compo ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security impact
CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket Request Syst ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notifi ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: No security impact, feature enhancement
CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: No security impact, feature enhancement
CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an  ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security enhancement
CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 d ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5055 (Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer group su ...)
	- otrs2 2.2.6-1
CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open T ...)
	- otrs2 2.2.6-1
CVE-2008-7281 (Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing ...)
	- otrs2 2.2.7-1
CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Reque ...)
	- otrs2 2.2.7-1
CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System (OTRS) b ...)
	- otrs2 2.3.2-1
CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5,  ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) befo ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	- otrs2 2.3.3-1
CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly  ...)
	NOT-FOR-US: SCO SCOoffice Server
CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the net ...)
	- qmail <removed> (unimportant; bug #652378)
	NOTE: The TLS patch is shipped in the source package, but it's not applied
	- netqmail <not-affected> (Doesn't include the TLS patch)
CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and  ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
	- mutt 1.5.21-5 (low; bug #619216)
	[squeeze] - mutt 1.5.20-9+squeeze2
	[lenny] - mutt <no-dsa> (Minor issue)
	NOTE: http://dev.mutt.org/trac/ticket/3506
CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...)
	{DSA-2598-1}
	- weechat 0.3.5-1
CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5. ...)
	NOT-FOR-US: Kodak InSite
CVE-2011-1426 (The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 thr ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in  ...)
	{DSA-2219-1}
	- xmlsec1 1.2.14-1.1 (bug #620560)
	NOTE: http://www.aleksey.com/xmlsec/news.html
CVE-2011-1424 (The default configuration of ExShortcut\Web.config in EMC SourceOne Em ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention ( ...)
	NOT-FOR-US: RSA Data Loss Prevention Enterprise Manager
CVE-2011-1422 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave F ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-1421 (EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the  ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC p ...)
	NOT-FOR-US: EMC Data Protection Advisor Collector
CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in t ...)
	NOT-FOR-US: Apple iOS
CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: QuickLook,
CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0 ...)
	NOT-FOR-US: BlackBerry
CVE-2011-1415
	REJECTED
CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 bef ...)
	NOT-FOR-US: e107
CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web server, as u ...)
	NOT-FOR-US: TIBCO tibbr
CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in Wo ...)
	- openarena <not-affected> (Vulnerable code not present, the version in sid uses ioquake3)
	- ioquake3 1.36+svn1946-4
CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...)
	{DSA-2284-1}
	- opensaml2 2.4.3-1
CVE-2011-1410
	RESERVED
CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly othe ...)
	{DSA-2259-1}
	- fex 20110610-1
CVE-2011-1408 (ikiwiki before 3.20110608 allows remote attackers to hijack root's tty ...)
	- ikiwiki 3.20110608 (low)
	[squeeze] - ikiwiki <no-dsa> (Minor issue)
CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for  ...)
	{DSA-2236-1}
	- exim4 4.76-1
	[lenny] - exim4 <not-affected> (Vulnerable code not present)
CVE-2011-1406 (Mahara before 1.3.6 does not properly handle an https URL in the wwwro ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses t ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms implem ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass intend ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber  ...)
	{DSA-2214-1}
	- ikiwiki 3.20110328
CVE-2011-1400 (The default configuration of the shell_escape_commands directive in co ...)
	{DSA-2198-1}
	- tex-common 2.09
CVE-2011-1399
	RESERVED
CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5. ...)
	- php5 5.4.0~rc5-1 (low)
	[squeeze] - php5 <no-dsa> (Minor issue)
CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
	NOT-FOR-US: IBM Tivoli
CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo A ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1394 (IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1,  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1393 (Unspecified vulnerability in the authentication functionality in the s ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-1392 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1391 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1390 (SQL injection vulnerability in the Maintenance tool in IBM Rational Cl ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2011-1389 (Multiple directory traversal vulnerabilities in the vendor daemon in R ...)
	NOT-FOR-US: Telelogic License Server
CVE-2011-1388 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1387
	RESERVED
CVE-2011-1386 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Iden ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2011-1385 (IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote att ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1384 (The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd prog ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1383
	RESERVED
CVE-2011-1382
	RESERVED
CVE-2011-1381 (Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before ...)
	NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2011-1380
	RESERVED
CVE-2011-1379
	RESERVED
CVE-2011-1378 (IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM gr ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1377 (The Web Services Security component in the Web Services Feature Pack b ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1376 (iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.4 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_ ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1374 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...)
	NOT-FOR-US: Appe QuickTime
CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the  ...)
	NOT-FOR-US: IBM DB2
CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries wit ...)
	NOT-FOR-US: IBM web interface to tape libraries
CVE-2011-1371 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM W ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1370 (The default configuration of the Sametime configuration servlet (SCS)  ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2011-1369
	RESERVED
CVE-2011-1368 (The JavaServer Faces (JSF) application functionality in IBM WebSphere  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1367 (Unspecified vulnerability in the File Load feature in IBM Rational App ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2011-1366 (Unspecified vulnerability in the Import feature in IBM Rational AppSca ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2011-1365
	RESERVED
CVE-2011-1364 (Cross-site request forgery (CSRF) vulnerability in _ah/admin/interacti ...)
	NOT-FOR-US: Goole App Engine Python SDK
CVE-2011-1363
	RESERVED
CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation Verificat ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1361
	RESERVED
CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2011-1359 (Directory traversal vulnerability in the administration console in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1358
	RESERVED
CVE-2011-1357 (Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2011-1356 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 bef ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1355 (Open redirect vulnerability in IBM WebSphere Application Server (WAS)  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1354
	RESERVED
CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Window ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-1352 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to gai ...)
	NOT-FOR-US: Anroid
CVE-2011-1351
	RESERVED
CVE-2011-1350 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to obt ...)
	NOT-FOR-US: Android
CVE-2011-1349
	RESERVED
CVE-2011-1348
	RESERVED
CVE-2011-1347 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows  ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1346 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows  ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIb ...)
	NOT-FOR-US: Tivoli
CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in skins/plone_templates/defa ...)
	- plone3 <removed>
CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance be ...)
	NOT-FOR-US: Google Search Appliance
CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows loc ...)
	NOT-FOR-US: XnView
CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote attackers to e ...)
	NOT-FOR-US: ALZip
CVE-2011-1335 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8  ...)
	NOT-FOR-US: Cybozu Office
CVE-2011-1334 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Ga ...)
	NOT-FOR-US: Cybozu
CVE-2011-1333 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu ...)
	NOT-FOR-US: Cybozu
CVE-2011-1332 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 throug ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2011-1331 (JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitar ...)
	NOT-FOR-US: JustSystems Ichitaro Products
CVE-2011-1330 (Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 P ...)
	NOT-FOR-US: WeblyGo
CVE-2011-1329 (WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restri ...)
	NOT-FOR-US: WalRack
CVE-2011-1328 (SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows ...)
	NOT-FOR-US: RADVISION iVIEW Suite
CVE-2011-1327 (The Keystroke Encryption feature in Trend Micro Internet Security 2009 ...)
	NOT-FOR-US: Trend Micro Internet Security
CVE-2011-1326 (Unspecified vulnerability on the La Fonera+ router with firmware befor ...)
	NOT-FOR-US: La Fonera+ router
CVE-2011-1325 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11 ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-1324 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: Buffalo routers
CVE-2011-1323 (Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6. ...)
	NOT-FOR-US: Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers
CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the We ...)
	NOT-FOR-US: WebSphere
CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM We ...)
	NOT-FOR-US: WebSphere
CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) 6.1.0 ...)
	NOT-FOR-US: WebSphere
CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) 6.1.0 ...)
	NOT-FOR-US: WebSphere
CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...)
	NOT-FOR-US: WebSphere
CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaS ...)
	NOT-FOR-US: WebSphere
CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport comp ...)
	NOT-FOR-US: WebSphere
CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application Serve ...)
	NOT-FOR-US: WebSphere
CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere Ap ...)
	NOT-FOR-US: WebSphere
CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: WebSphere
CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application Serv ...)
	NOT-FOR-US: WebSphere
CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) befor ...)
	NOT-FOR-US: WebSphere
CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere Applicat ...)
	NOT-FOR-US: WebSphere
CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: WebSphere
CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation Verificat ...)
	NOT-FOR-US: WebSphere
CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before 7.0.0.1 ...)
	NOT-FOR-US: WebSphere
CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google Chro ...)
	NOT-FOR-US: Google ChromeOS
CVE-2011-1305 (Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/76713
CVE-2011-1304 (Unspecified vulnerability in Google Chrome before 11.0.696.57 allows r ...)
	- chromium-browser 11.0.696.65~r84435-1 (unimportant)
CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle floating obj ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80682
CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome before  ...)
	- chromium-browser 10.0.648.205~r81283-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1301 (Use-after-free vulnerability in the GPU process in Google Chrome befor ...)
	- chromium-browser 10.0.648.205~r81283-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1300 (The Program::getActiveUniformMaxLength function in libGLESv2/Program.c ...)
	NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows
CVE-2011-1299
	RESERVED
CVE-2011-1298 (An Integer Overflow exists in WebKit in Google Chrome before Blink M11 ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1297
	RESERVED
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, w ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80520
CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari  ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/80487
CVE-2011-1294 (Google Chrome before 10.0.648.204 does not properly handle Cascading S ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80144
CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in G ...)
	{DSA-2245-1}
	- chromium-browser 10.0.648.204~r79063-1
	NOTE: http://trac.webkit.org/changeset/80797
CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in Goo ...)
	{DSA-2245-1}
	- chromium-browser 10.0.648.204~r79063-1
	NOTE: http://trac.webkit.org/changeset/79808
CVE-2011-1291 (Google Chrome before 10.0.648.204 does not properly handle base string ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) Bl ...)
	{DSA-2192-1}
	- chromium-browser 10.0.648.133~r77742-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: needs port
	NOTE: http://trac.webkit.org/changeset/80787
CVE-2011-1289
	RESERVED
CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1287
	RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1285 (The regular-expression functionality in Google Chrome before 10.0.648. ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1284 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) i ...)
	NOT-FOR-US: MS Windows
CVE-2011-1283 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: MS Windows
CVE-2011-1282 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: MS Windows
CVE-2011-1281 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: MS Windows
CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 200 ...)
	NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio Express, Visual Studio
CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly valid ...)
	NOT-FOR-US: Microsoft Excel, Office
CVE-2011-1277 (Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Forma ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1276 (Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; O ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1275 (Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Ope ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1274 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1273 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1272 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1,  ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows r ...)
	NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3
CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...)
	NOT-FOR-US: Microsoft
CVE-2011-1268 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1267 (The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll in Microsof ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1265 (The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Win ...)
	NOT-FOR-US: MS Windows
CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory Certifica ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1263 (Cross-site scripting (XSS) vulnerability in the logon page in Remote D ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1259
	REJECTED
CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly restrict web ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1257 (Race condition in Microsoft Internet Explorer 6 through 8 allows remot ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementa ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1253 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and  ...)
	NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1250 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1247 (Untrusted search path vulnerability in the Microsoft Active Accessibil ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content setting ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict script  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce intended doma ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1243 (The Windows Messenger ActiveX control in msgsc.dll in Microsoft Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1242 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1241 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1240 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1239 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1238 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1237 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1236 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1235 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1234 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1233 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1232 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1231 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1230 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1229 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1228 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1227 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1226 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1225 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-XXXX [dokuwiki ACL bypass]
	- dokuwiki 0.0.20101107a-1 (low)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
	[lenny] - dokuwiki <no-dsa> (Minor issue)
CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not u ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the backu ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control i ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivo ...)
	NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-1219
	RESERVED
CVE-2011-1218 (Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lot ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1217 (Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lo ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1216 (Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used i ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1215 (Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used  ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1214 (Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used  ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1213 (Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lot ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1212
	RESERVED
CVE-2011-1211
	RESERVED
CVE-2011-1210
	RESERVED
CVE-2011-1209 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 bef ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1208 (IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3 ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-1207 (The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX  ...)
	NOT-FOR-US: IBM Rational System
CVE-2011-1206 (Stack-based buffer overflow in the server process in ibmslapd.exe in I ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational Commo ...)
	NOT-FOR-US: IBM Rational ClearCase, ClearQuest
CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/79810
	NOTE: very hard to merge: needs introduction of ScopedEventQueue.cpp
CVE-2011-1203 (Google Chrome before 10.0.648.127 does not properly handle SVG cursors ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79476
CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 a ...)
	- libxslt 1.1.26-7 (low; bug #617413)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <no-dsa> (minor issue)
	- iceweasel 3.5.19-1
	[squeeze] - iceweasel <no-dsa> (minor issue)
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[squeeze] - iceape <no-dsa> (minor issue)
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
	[squeeze] - libxslt 1.1.26-6+squeeze1
	[lenny] - libxslt <no-dsa> (minor issue)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-1201 (The context implementation in WebKit, as used in Google Chrome before  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (losecontext not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/78921
CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a cast of  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/78744
CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle DataView ob ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in libv8 bindings)
	NOTE: https://trac.webkit.org/changeset/78738
CVE-2011-1198 (The video functionality in Google Chrome before 10.0.648.127 allows re ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- libav <not-affected> (Specific to ffmpeg-mt)
CVE-2011-1197 (Google Chrome before 10.0.648.127 does not properly perform table pain ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79734
CVE-2011-1196 (The OGG container implementation in Google Chrome before 10.0.648.127  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- libav 4:0.7.1-1
	- ffmpeg-debian <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
	- ffmpeg <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
CVE-2011-1195 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 allo ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/78147
CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before 10.0.648. ...)
	- chromium-browser 10.0.648.127~r76697-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/77049
	NOTE: http://trac.webkit.org/changeset/77329
	NOTE: popup blocker bypass not treated as a security issue
CVE-2011-1193 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly handle Un ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in chromium-specific code)
	NOTE: http://trac.webkit.org/changeset/76732
CVE-2011-1191 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 allo ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not yet present)
	NOTE: http://trac.webkit.org/changeset/76652
CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.127 al ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/77563
CVE-2011-1189 (Google Chrome before 10.0.648.127 does not properly perform box layout ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79689
CVE-2011-1188 (Google Chrome before 10.0.648.127 does not properly handle counter nod ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/77142
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass th ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- icedove 17.0.2-1 (low)
	[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceweasel 12.0-1 (bug #703071)
	[wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceape <removed> (low)
	[wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly handle pa ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1185 (Google Chrome before 10.0.648.127 does not prevent (1) navigation and  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/74853
CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users t ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
CVE-2011-1181 [missing error handling in linux netdev]
	REJECTED
CVE-2011-1180 (Multiple stack-based buffer overflows in the iriap_getvaluebyclass_ind ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly othe ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...)
	- gimp 2.6.10-1
	NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
	RESERVED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk  ...)
	{DSA-2202-1}
	- apache2 2.2.17-2 (bug #618857; medium)
	[lenny] - apache2 <not-affected> (different source package in lenny: apache2-mpm-itk)
	- apache2-mpm-itk <removed>
	[lenny] - apache2-mpm-itk <not-affected> (bug was introduced later, in 2.2.11-01)
CVE-2011-1175 (tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before  ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1174 (manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x bef ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1173 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ker ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1172 (net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linu ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1171 (net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1170 (net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linu ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi ...)
	- linux-2.6 2.6.38-2
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1168 (Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError f ...)
	- kde4libs 4:4.4.5-4 (low)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in ...)
	{DSA-2210-1}
	- tiff 3.9.4-9 (bug #619614)
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a d ...)
	{DSA-2337-1}
	- xen 4.1.0-1
	- xen-3 <removed>
CVE-2011-1165 (Vino, possibly before 3.2, does not properly document that it opens po ...)
	- vino <unfixed> (unimportant)
	NOTE: Mostly interface glitches
CVE-2011-1164 (Vino before 2.99.4 can connect external networks contrary to the state ...)
	- vino <unfixed> (unimportant)
	NOTE: Mostly interface glitches
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel  ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1
CVE-2011-1162 (The tpm_read function in the Linux kernel 2.6 does not properly clear  ...)
	- linux-2.6 3.0.0-5 (low)
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-1161
	REJECTED
CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel be ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in  ...)
	{DSA-2362-1}
	- acpid 1:2.0.9-1
	[lenny] - acpid <no-dsa> (Minor issue)
CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120304003020/https://code.google.com/p/feedparser/issues/detail?id=255
CVE-2011-1157 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120211010803/https://code.google.com/p/feedparser/issues/detail?id=254
CVE-2011-1156 (feedparser.py in Universal Feed Parser (aka feedparser or python-feedp ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20130326201801/http://code.google.com/p/feedparser/issues/detail?id=91
CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier  ...)
	- logrotate 3.8.0-1
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier  ...)
	- logrotate 3.8.0-1
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ex ...)
	{DSA-2266-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: only exploitable by malicious scripts
CVE-2011-1152
	REJECTED
CVE-2011-1151 (Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and  ...)
	NOT-FOR-US: Joomla!
CVE-2011-1150 (bbPress through 1.0.2 has XSS in /bb-login.php url via the re paramete ...)
	NOT-FOR-US: bbPress
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system pro ...)
	NOT-FOR-US: Android
CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP 5.3 ...)
	{DSA-2408-1}
	- php5 5.4.0-1 (unimportant)
	NOTE: only exploitable by malicious scripts
CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) decode ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1 (bug #614580)
CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restri ...)
	{DSA-2194-1}
	- libvirt 0.8.8-3 (low; bug #617773)
	[lenny] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
CVE-2011-1145 (The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a pos ...)
	- unixodbc 2.2.14p2-3 (low; bug #617655)
	[squeeze] - unixodbc <no-dsa> (Only exploitable through a malicious server)
	[lenny] - unixodbc <no-dsa> (Only exploitable through a malicious server)
	NOTE: http://seclists.org/oss-sec/2011/q1/446
CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to overwrit ...)
	- php5 <not-affected> (incomplete fix never used in Debian packages)
CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...)
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in  ...)
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14 ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1140 (Multiple stack consumption vulnerabilities in the dissect_ms_compresse ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1 ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1138 (Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpa ...)
	- wireshark 1.4.4-1
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-1131 (The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1130 (Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, doe ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1129 (Cross-site scripting (XSS) vulnerability in the EditNews function in M ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1128 (The loadUserSettings function in Load.php in Simple Machines Forum (SM ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1127 (SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2 ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstat ...)
	NOT-FOR-US: VMware Workstation
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) allo ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: That's standard POSIX behaviour implemented by (e)glibc. Applications using
	NOTE: glob need to impose limits for themselves
CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put fu ...)
	NOTE: That's essentially shooting yourself in your own foot:
	NOTE: http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html
CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2,  ...)
	NOT-FOR-US: FreeBSD/NetBSD libc
CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, whi ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code introduced in commit 75823)
	NOTE: http://trac.webkit.org/changeset/78775
CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 allow ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to  ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows re ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote att ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: needs port (s/logicalBottom/bottom)
	NOTE: http://trac.webkit.org/changeset/77565
CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows re ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (webgl support not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77956
CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device or ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (device orientation code/support not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77418
CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ele ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77144
CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML docume ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77262
CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG animatio ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77548
CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, whic ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76915
CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, whic ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state)
	NOTE: http://trac.webkit.org/changeset/77141
CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not pr ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG renderi ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms con ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: needs port (s/FormAssociatedElement/HTMLFormElement)
	NOTE: http://trac.webkit.org/changeset/77114
CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/76828
CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in Ca ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76728
CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement JavaScrip ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (Chromium specific)
CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows r ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (history controller code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/76205
CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEa ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, whe ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, whe ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.ph ...)
	NOT-FOR-US: BLOG:CMS
CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1. ...)
	NOT-FOR-US: BLOG:CMS
CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.2 ...)
	NOT-FOR-US: pmwiki
CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in wordpress-processing-embed ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allo ...)
	NOT-FOR-US: Mutare EVM
CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare E ...)
	NOT-FOR-US: Mutare EVM
CVE-2011-1103 (The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before ho ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2011-1102 (Cross-site scripting (XSS) vulnerability in the WebReporting module in ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2011-1101 (Multiple unspecified vulnerabilities in a third-party component of the ...)
	NOT-FOR-US: Citrix License Management Console
CVE-2011-1100 (Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost ...)
	- pixelpost <removed>
CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick P ...)
	NOT-FOR-US: FocalMedia.Net Quick Polls
CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in logr ...)
	- logrotate 3.8.0-1 (low)
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ownershi ...)
	- rsync 3.0.8 (low; bug #621866)
	[squeeze] - rsync <no-dsa> (Minor issue)
CVE-2011-1096 (The W3C XML Encryption Standard, as used in the JBoss Web Services (JB ...)
	NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or  ...)
	- glibc 2.13-16
	[lenny] - glibc <no-dsa> (Minor issue)
	- eglibc 2.13-16
	[squeeze] - eglibc 2.11.3-2
	NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not  ...)
	- kde4libs 4:4.4.5-4 (low)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
	- kdelibs <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/oss-sec/2011/q1/434
CVE-2011-1093 (The dccp_rcv_state_process function in net/dccp/input.c in the Datagra ...)
	{DSA-2264-1}
	- linux-2.6 2.6.38-1 (low)
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows conte ...)
	{DSA-2408-1}
	- php5 5.4.0-1 (unimportant)
	NOTE: only exploitable by malicious scripts
	NOTE: http://seclists.org/oss-sec/2011/q1/430
CVE-2011-1091 (libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 t ...)
	- pidgin 2.7.11-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[squeeze] - pidgin <no-dsa> (Minor issue)
CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux ker ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1 (low)
CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13  ...)
	- glibc 2.13-8
	- eglibc 2.13-8
	[squeeze] - eglibc 2.11.3-1
	NOTE: http://seclists.org/oss-sec/2011/q1/368
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assiste ...)
	- vlc 1.1.10-1 (low; bug #616156)
	[squeeze] - vlc <no-dsa> (Minor issue)
	[lenny] - vlc <no-dsa> (Minor issue)
	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
	NOTE: obscure exploit scenario
CVE-2011-1086 (Cross-site scripting (XSS) vulnerability in admin/system.html in Openf ...)
	NOT-FOR-US: openfiler
CVE-2011-1085 (CSRF vulnerability in Smoothwall Express 3. ...)
	NOT-FOR-US: smoothwall
CVE-2011-1084 (A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. ...)
	NOT-FOR-US: smoothwall
CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
	- linux-2.6 3.2.9-1 (low)
	[squeeze] - linux-2.6 2.6.32-47
CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file des ...)
	- linux-2.6 2.6.38-1 (low)
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attack ...)
	- openldap 2.4.25-1 (low; bug #617606)
	[lenny] - openldap 2.4.11-1+lenny2.1
	[squeeze] - openldap 2.4.23-7.1
CVE-2011-1080 (The do_replace function in net/bridge/netfilter/ebtables.c in the Linu ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1079 (The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1078 (The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Lin ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva  ...)
	NOT-FOR-US: Apache Archiva
CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows re ...)
	- linux-2.6 2.6.38-1
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1075
	RESERVED
CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ex ...)
	- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users  ...)
	- cron <not-affected> (Debian's cron not affected)
CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIB ...)
	- glibc 2.11.2-12
	- eglibc 2.11.2-12 (bug #615120)
	[squeeze] - eglibc 2.11.3-2
CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are sent ...)
	- v86d 0.1.10-1 (low; bug #619404)
	[squeeze] - v86d 0.1.9-1+squeeze1
	[lenny] - v86d 0.1.5.2-1+lenny1
CVE-2011-1069 (PHPShop through 0.8.1 has XSS. ...)
	NOT-FOR-US: PHPShop
CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1. ...)
	NOT-FOR-US: Microsoft Windows Azure SDK
CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not  ...)
	NOT-FOR-US: s389 LDAP server
CVE-2011-1066 (Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2 ...)
	NOT-FOR-US: Messaging module for Drupal
CVE-2011-1065 (Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX con ...)
	NOT-FOR-US: PIPI Player
CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 ...)
	NOT-FOR-US: Qi Bo CMS
CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design P ...)
	NOT-FOR-US: Cherry-Design Photopad
CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in include/html/he ...)
	NOT-FOR-US: TaskFreak!
CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows ...)
	NOT-FOR-US: WSN Guest
CVE-2011-1060 (SQL injection vulnerability in the member function in classes/member.p ...)
	NOT-FOR-US: WSN Guest
CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as us ...)
	- webkit <not-affected> (history controller code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77705
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 Direct ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...)
	{DSA-2321-1}
	- moin 1.9.3-3
CVE-2011-1057
	REJECTED
CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
	NOT-FOR-US: Metasploit Framework
CVE-2011-1055 (SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS  ...)
	NOT-FOR-US: Lingxia I.C.E CMS
CVE-2011-1054 (Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1053 (Unspecified vulnerability in the Mach-O input file loader in Hex-Rays  ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1052 (Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pr ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1051 (Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Ra ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1050 (Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown  ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1049 (Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5. ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1048 (SQL injection vulnerability in product.php in MihanTools 1.33 allows r ...)
	NOT-FOR-US: MihanTools
CVE-2011-1047 (Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka F ...)
	NOT-FOR-US: VastHTML Forum Server
CVE-2011-1046 (IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used  ...)
	NOT-FOR-US: FileNet P8 Content Engine
CVE-2011-1045 (Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 thr ...)
	NOT-FOR-US: Rendition Engine
CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before ...)
	NOT-FOR-US: PHPXref
CVE-2011-XXXX [pam_pgsql overflow]
	- pam-pgsql 0.7.1-5 (bug #603436)
	[lenny] - pam-pgsql 0.6.3-2+lenny1
	[squeeze] - pam-pgsql 0.7.1-4+squeeze1
CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 2.6.26-26lenny2
CVE-2011-1043
	RESERVED
CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...)
	NOT-FOR-US: flimflam in Google Chrome OS
CVE-2011-1041
	RESERVED
CVE-2011-1040
	RESERVED
CVE-2011-1039
	RESERVED
CVE-2011-1038 (Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in t ...)
	NOT-FOR-US: Lotus Sametime
CVE-2011-1037
	RESERVED
CVE-2011-1036 (The XML Security Database Parser class in the XMLSecDB ActiveX control ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to m ...)
	NOT-FOR-US: PivotX
CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unk ...)
	- abcm2ps 5.9.22-1 (low)
	[squeeze] - abcm2ps <no-dsa> (Minor issue)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in abc ...)
	- abcm2ps 5.9.22-1 (low)
	[squeeze] - abcm2ps <no-dsa> (Minor issue)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in MediaDBPla ...)
	NOT-FOR-US: MediaDBPlayback.DLL
CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool  ...)
	NOT-FOR-US: Moxa Device Manager
CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Bui ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...)
	NOT-FOR-US: Maian Media Silver
CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Si ...)
	NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System
CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Ren ...)
	NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and  ...)
	NOT-FOR-US: GateSoft DocuSafe
CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax Soluti ...)
	NOT-FOR-US: Ecommercemax Solutions Digital-goods seller
CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment fea ...)
	NOT-FOR-US: Skeletonz CMS
CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ( ...)
	NOT-FOR-US: IBM
CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0 ...)
	NOT-FOR-US: IBM
CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier  ...)
	- feh 1.12-1 (low)
	[lenny] - feh <no-dsa> (Minor issue)
	[squeeze] - feh <no-dsa> (Minor issue)
CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...)
	NOT-FOR-US: IBM
CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM
CVE-2011-1028 (The $smarty.template variable in Smarty3 allows attackers to possibly  ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in cg ...)
	NOT-FOR-US: cgit
CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache A ...)
	NOT-FOR-US: Apache Archiva
CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require  ...)
	- openldap 2.4.25-1 (unimportant; bug #617606)
	[squeeze] - openldap 2.4.23-7.1
	NOTE: NBD backend disabled in Debian builds
CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-sl ...)
	- openldap 2.4.25-1 (low; bug #617606)
	[lenny] - openldap 2.4.11-1+lenny2.1
	[squeeze] - openldap 2.4.23-7.1
CVE-2011-1023 (The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel befo ...)
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrul ...)
	{DSA-2193-1}
	- libcgroup 0.37.1-1 (bug #615987)
CVE-2011-1021 (drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local use ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.33)
CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37 and earl ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-1
CVE-2011-1019 (The dev_load function in net/core/dev.c in the Linux kernel before 2.6 ...)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.32)
	- linux-2.6 2.6.38-1 (unimportant)
	NOTE: We won't fix this for Squeeze. This only applies to non-standard setups with fine
	NOTE: grained security capability models, and an attacker can only load modules from
	NOTE: /lib/modules, which is only writable with root privs
CVE-2011-1018 (logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbit ...)
	{DSA-2182-1}
	- logwatch 7.3.6.cvs20090906-2 (bug #615995)
CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in fs/partitio ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not pr ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-1
CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in P ...)
	{DLA-25-1}
	- python2.6 2.6.8-1 (low; bug #614860)
	[wheezy] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	- python2.5 <unfixed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	[lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: Python 2.7 and 3.1 are fixed
	NOTE: http://bugs.python.org/issue2254
CVE-2011-1014
	REJECTED
CVE-2011-1013 (Integer signedness error in the drm_modeset_ctl function in (1) driver ...)
	- linux-2.6 2.6.38-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1012 (The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel ...)
	{DSA-2264-1}
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1011 (The seunshare_mount function in sandbox/seunshare.c in seunshare in ce ...)
	NOT-FOR-US: seunshare
CVE-2011-1010 (Buffer overflow in the mac_partition function in fs/partitions/mac.c i ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1009 (Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...)
	- request-tracker3.8 3.8.10-1 (bug #614576)
	[squeeze] - request-tracker3.8 3.8.8-7+squeeze1
	[lenny] - request-tracker3.6 3.6.7-5+lenny6
CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform certain redi ...)
	- request-tracker3.6 <removed> (unimportant)
	- request-tracker3.8 3.8.10-1 (unimportant)
	NOTE: A physically proximate attacker can do far more damage anyway
CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in tools/ ...)
	{DSA-2193-1}
	- libcgroup 0.37.1-1
CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through  ...)
	- ruby1.8 1.8.7.334-1 (bug #615517)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <not-affected>
	- ruby1.9.1 <not-affected>
CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-4 ...)
	- ruby1.8 1.8.7.334-1 (bug #615518)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed> (bug #615519)
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 1.9.2.180-1 (bug #615519)
	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, patch would change behaviour and might break things)
CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in  ...)
	- clamav 0.97+dfsg-1 (low)
	[squeeze] - clamav 0.97+dfsg-2~squeeze1 (bug #617444)
	[lenny] - clamav <end-of-life>
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=2486
	NOTE: http://web.archive.org/web/20110304224953/http://git.clamav.net:80/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
CVE-2011-1002 (avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remo ...)
	{DSA-2174-1}
	- avahi 0.6.28-4 (bug #614785)
	NOTE: duped with CVE-2011-0634
CVE-2011-1001 (dexdump in Android SDK before 2.3 does not properly perform structural ...)
	NOT-FOR-US: Android SDK
CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0 ...)
	{DSA-2169-1}
	- telepathy-gabble 0.9.15-2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048
CVE-2011-0999 (mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not preven ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.38-rc1, fixed in 2.6.38-rc5)
CVE-2011-0998
	RESERVED
CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV befo ...)
	{DSA-2217-1 DSA-2216-1}
	- isc-dhcp 4.1.1-P1-16.1 (bug #621099)
	- dhcp3 <removed>
CVE-2011-XXXX [isc-dhcp: omapi dos]
	- isc-dhcp <not-affected> (only affects 4.2.0)
	- dhcp3 <not-affected> (only affects 4.2.0)
	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/4820
	NOTE: inrodroduced in 4.2.0 and fixed in 4.2.1
CVE-2011-0996 (dhcpcd before 5.2.12 allows remote attackers to execute arbitrary comm ...)
	- dhcpcd <not-affected> (old shell quoting code is not vulnerable)
	NOTE: Debian's dhcpcd.sh is not vulnerable.
CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...)
	- ruby-sqlite3 <not-affected> (SuSE-specific packaging flaw)
CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (N ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-0993 (SUSE Lifecycle Management Server before 1.1 uses world readable postgr ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1  ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1  ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0990 (Race condition in the FastCopy optimization in the Array.Copy method i ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0988 (pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and S ...)
	- pure-ftpd <not-affected> (SUSE-specific)
CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modb ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA  ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS10 ...)
	NOT-FOR-US: WebSCADA
CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login fu ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8  ...)
	NOT-FOR-US: Apple IPv6 implementation
CVE-2011-XXXX [kfreebsd dos]
	- kfreebsd-8 8.2-1 (low; bug #613312; bug #611476)
	[squeeze] - kfreebsd-8 8.1+dfsg-8
	[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
	- kfreebsd-7 <removed>
	[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
CVE-2011-1133 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1134 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1135 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d a ...)
	{DSA-2185-1}
	- proftpd-dfsg 1.3.3d-4 (bug #616179)
	[lenny] - proftpd-dfsg <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
	NOTE: http://www.exploit-db.com/exploits/16129/
CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}]
	- smarty3 3.0.8-1 (unimportant)
	- smarty <removed> (unimportant)
	NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
	NOTE: https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7)
	NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems
CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAd ...)
	{DSA-2167-1}
	- phpmyadmin 4:3.3.9.2-1
CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...)
	- phpmyadmin 4:3.3.9.2-1 (unimportant)
	NOTE: Path disclosure; paths in Debian are public info already
CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process term ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (Chromium specific)
CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, whi ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (doesn't include v8 code)
	NOTE: http://trac.webkit.org/changeset/76264
	NOTE: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all
CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous blo ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (vulnerable code not yet present in 1.2)
	NOTE: http://trac.webkit.org/changeset/75810
CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows ...)
	- chromium-browser 9.0.597.98~r74359-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76990
CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event handli ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76708
CVE-2011-0980 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Office Excel 2003
CVE-2011-0979 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0978 (Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0977 (Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 S ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0976 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-0975 (Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in  ...)
	NOT-FOR-US: BMC PATROL
CVE-2011-0974
	RESERVED
CVE-2011-0973
	RESERVED
CVE-2011-0972
	RESERVED
CVE-2011-0971
	RESERVED
CVE-2011-0970
	RESERVED
CVE-2011-0969
	RESERVED
CVE-2011-0968
	RESERVED
CVE-2011-0967
	RESERVED
CVE-2011-0966 (Directory traversal vulnerability in cwhp/auditLog.do in the Homepage  ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2011-0965
	RESERVED
CVE-2011-0964
	RESERVED
CVE-2011-0963 (The default configuration of the RADIUS authentication feature on the  ...)
	NOT-FOR-US: Cisco Network Access Control (NAC) Guest Server
CVE-2011-0962 (Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.n ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0961 (Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in t ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2011-0960 (Multiple SQL injection vulnerabilities in Cisco Unified Operations Man ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0959 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified O ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0958
	RESERVED
CVE-2011-0957
	RESERVED
CVE-2011-0956
	RESERVED
CVE-2011-0955
	RESERVED
CVE-2011-0954
	RESERVED
CVE-2011-0953
	RESERVED
CVE-2011-0952
	RESERVED
CVE-2011-0951 (The web-based management interface in Cisco Secure Access Control Syst ...)
	NOT-FOR-US: Cisco ACS
CVE-2011-0950
	RESERVED
CVE-2011-0949 (Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does no ...)
	NOT-FOR-US: Cisco
CVE-2011-0948
	RESERVED
CVE-2011-0947
	RESERVED
CVE-2011-0946 (The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0945 (Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0944 (Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0943 (Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco
CVE-2011-0942
	RESERVED
CVE-2011-0941 (Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-0940
	RESERVED
CVE-2011-0939 (Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS X ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0938
	RESERVED
CVE-2011-0937
	RESERVED
CVE-2011-0936
	RESERVED
CVE-2011-0935 (The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent perm ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0934
	RESERVED
CVE-2011-0933
	RESERVED
CVE-2011-0932
	RESERVED
CVE-2011-0931
	RESERVED
CVE-2011-0930
	RESERVED
CVE-2011-0929
	RESERVED
CVE-2011-0928
	RESERVED
CVE-2011-0927
	RESERVED
CVE-2011-0926 (A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Deskt ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2011-0925 (The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisc ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2011-0924 (The client in HP Data Protector does not verify the contents of files  ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0923 (The client in HP Data Protector does not properly validate EXEC_CMD ar ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0922 (The client in HP Data Protector allows remote attackers to execute arb ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0921 (crs.exe in the Cell Manager Service in the client in HP Data Protector ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0920 (The Remote Console in IBM Lotus Domino, when a certain unsupported con ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0919 (Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP ser ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0918 (Stack-based buffer overflow in the NRouter (aka Router) service in IBM ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0917 (Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attacke ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0916 (Stack-based buffer overflow in the SMTP service in IBM Lotus Domino al ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0915 (Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0914 (Integer signedness error in ndiiop.exe in the DIIOP implementation in  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0913 (Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0912 (Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in Zikula ...)
	NOT-FOR-US: zikula
CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6 makes it e ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0. ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows r ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0907
	RESERVED
CVE-2011-0906
	RESERVED
CVE-2011-0905 (The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...)
	{DSA-2238-1}
	- vino 2.28.2-3
	- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
	- kdenetwork 4:4.0
	NOTE: Only affects the krfb from KDE 3.5
CVE-2011-0904 (The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...)
	{DSA-2238-1}
	- vino 2.28.2-3
	- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
	- kdenetwork 4:4.0
	NOTE: Only affects the krfb from KDE 3.5
CVE-2011-0903 (Multiple directory traversal vulnerabilities in AR Web Content Manager ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2011-0902 (Multiple untrusted search path vulnerabilities in the Java Service in  ...)
	NOT-FOR-US: SunOS
CVE-2011-0901 (Multiple stack-based buffer overflows in the tsc_launch_remote functio ...)
	- tsclient <removed> (low; bug #613204)
	[lenny] - tsclient <no-dsa> (Minor issue)
	[squeeze] - tsclient <no-dsa> (Minor issue)
CVE-2011-0900 (Stack-based buffer overflow in the tsc_launch_remote function (src/sup ...)
	- tsclient <removed> (low; bug #613204)
	[lenny] - tsclient <no-dsa> (Minor issue)
	[squeeze] - tsclient <no-dsa> (Minor issue)
CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging  ...)
	NOT-FOR-US: AES module for Drupal
CVE-2011-0898 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0897 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 all ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0896 (Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on  ...)
	NOT-FOR-US: HP-UX
CVE-2011-0895 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allo ...)
	NOT-FOR-US: HP Operations
CVE-2011-0893 (Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX ...)
	NOT-FOR-US: HP Operations
CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8. ...)
	NOT-FOR-US: HP Diagnostics
CVE-2011-0891 (Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX ...)
	NOT-FOR-US: HP HP-UX
CVE-2011-0890 (HP Discovery &amp; Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.6 ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA ...)
	NOT-FOR-US: HP Client Automation Enterprise
CVE-2011-0888
	RESERVED
CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast Business  ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0884 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0883 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0882 (Unspecified vulnerability in the Content Management component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0881 (Unspecified vulnerability in the EMCTL component in Oracle Database Se ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0880 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0879 (Unspecified vulnerability in the Instance Management component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0878
	REJECTED
CVE-2011-0877 (Unspecified vulnerability in the Instance Management component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0876 (Unspecified vulnerability in the Enterprise Manager Console component  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0875 (Unspecified vulnerability in the EMCTL component in Oracle Database Se ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0874
	REJECTED
CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0872 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: OpenJDK on Microsoft Windows
CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0870 (Unspecified vulnerability in the Schema Management component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0866 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment ( ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0861 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Upd ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0860 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Upd ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0859 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0858 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0857 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0856 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA thro ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0855 (Unspecified vulnerability in the InForm component in Oracle Industry A ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2011-0854 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0853 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0852 (Unspecified vulnerability in the Security Management component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0851 (Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bund ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0850 (Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bund ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0849 (Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 al ...)
	NOT-FOR-US: Oracle Java Dynamic Management Kit
CVE-2011-0848 (Unspecified vulnerability in the Security Framework component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0847 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java Syste ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-0846 (Unspecified vulnerability in the Oracle Sun Java System Access Manager ...)
	NOT-FOR-US: Oracle Sun Java System Access Manager Policy Agent
CVE-2011-0845 (Unspecified vulnerability in the Database Control component in Oracle  ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2011-0844 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java Syste ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-0843 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0842
	REJECTED
CVE-2011-0841 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0840 (Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise PeopleTools
CVE-2011-0839 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0838 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0837 (Unspecified vulnerability in the Agile Technology Platform component i ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2011-0836 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0835 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0834 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0833 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0832 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0831 (Unspecified vulnerability in the Enterprise Config Management componen ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0830 (Unspecified vulnerability in the Event Management component in Oracle  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0829 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0828 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle # ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0827 (Unspecified vulnerability in the PeopleSoft Enterprise component in Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-0826 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle # ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-0825 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0824 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0823 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0822 (Unspecified vulnerability in the Streams, AQ &amp; Replication Mgmt co ...)
	NOT-FOR-US: Oracle Database Serve
CVE-2011-0821 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0820 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0819 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0818 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0816 (Unspecified vulnerability in the CMDB Metadata &amp; Instance APIs com ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0815 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0814 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0813 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0812 (Unspecified vulnerability in the Solaris component in Oracle Solaris 8 ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0811 (Unspecified vulnerability in the Enterprise Config Management componen ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0810 (Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0809 (Unspecified vulnerability in the Web ADI component in Oracle E-Busines ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0808 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0807 (Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2. ...)
	NOT-FOR-US: Oracle Sun GlassFish Enterprise Server
CVE-2011-0806 (Unspecified vulnerability in the Network Foundation component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0805 (Unspecified vulnerability in the UIX component in Oracle Database Serv ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0804 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0803 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-0802 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0801 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0800 (Unspecified vulnerability in the Solaris component in Oracle Solaris 8 ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0799 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0798 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0797 (Unspecified vulnerability in the Applications Install component in Ora ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0796 (Unspecified vulnerability in the Applications Install component in Ora ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0795 (Unspecified vulnerability in the Single Sign On component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0794 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0793 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0792 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0791 (Unspecified vulnerability in the Application Object Library component  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0790 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local user ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0789 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0788 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0787 (Unspecified vulnerability in the Application Service Level Management  ...)
	NOT-FOR-US: Oracle
CVE-2011-0786 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0785 (Unspecified vulnerability in the Oracle Help component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2011-0784 (Race condition in Google Chrome before 9.0.597.84 allows remote attack ...)
	- chromium-browser 9.0.597.84~r72991-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84 allows us ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0782 (Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate ...)
	- chromium-browser <not-affected> (mac only)
	- webkit <not-affected> (chromium specific)
CVE-2011-0781 (Google Chrome before 9.0.597.84 does not properly handle autofill prof ...)
	- chromium-browser 9.0.597.84~r72991-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-0780 (The PDF event handler in Google Chrome before 9.0.597.84 does not prop ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (chromium specific)
CVE-2011-0779 (Google Chrome before 9.0.597.84 does not properly handle a missing key ...)
	{DSA-2192-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag and dr ...)
	{DSA-2188-1 DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/71925
CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/72230
CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on Mac O ...)
	- chromium-browser <not-affected> (mac only)
	- webkit <not-affected> (chromium specific)
CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism for ( ...)
	NOT-FOR-US: zikula
CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random n ...)
	NOT-FOR-US: zikula
CVE-2011-XXXX [evince segfault]
	- evince 2.30.3-1
	[lenny] - evince <unfixed> (bug #612668)
CVE-2011-XXXX [php-gettext XSS]
	- php-gettext <unfixed> (unimportant)
	NOTE: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html
	NOTE: Vulnerable code only in examples/
CVE-2011-1136 (In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user  ...)
	- tesseract 2.04-2.1 (low; bug #612032)
	[squeeze] - tesseract 2.04-2+squeeze1
	[lenny] - tesseract 2.03-2+lenny1 (bug #612032)
CVE-2011-XXXX [aptitude tempfile]
	- aptitude 0.6.3-4 (low; bug #612034)
	[squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034)
	[lenny] - aptitude 0.4.11.11-1~lenny2 (bug #612034)
CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attacker ...)
	NOT-FOR-US: PivotX
CVE-2011-0774 (PivotX before 2.2.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: PivotX
CVE-2011-0773 (Cross-site scripting (XSS) vulnerability in pivotx/modules/module_imag ...)
	NOT-FOR-US: PivotX
CVE-2011-0772 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, a ...)
	NOT-FOR-US: PivotX
CVE-2011-0771 (The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not v ...)
	NOT-FOR-US: Janrain Engage Drupal module
CVE-2011-0770 (Cross-site scripting (XSS) vulnerability in Windows Event Log SmartCon ...)
	NOT-FOR-US: Windows Event Log SmartConnector
CVE-2011-0769
	RESERVED
CVE-2011-0768
	RESERVED
CVE-2011-0767 (Cross-site scripting (XSS) vulnerability in the management GUI in the  ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-0766 (The random number generator in the Crypto application before 2.0.2.2,  ...)
	- erlang 1:14.b.3-dfsg-1 (low; bug #628456)
	[squeeze] - erlang 1:14.a-dfsg-3squeeze1
	NOTE: http://www.kb.cert.org/vuls/id/178990
	NOTE: https://github.com/erlang/otp/commit/f228601de45c5
CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)
	NOT-FOR-US: pWhois Layer Four Traceroute
CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...)
	{DSA-2388-1}
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
	- t1lib 5.1.2-3.3
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: http://www.toucan-system.com/advisories/tssa-2011-01.txt
CVE-2011-0763
	RESERVED
CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...)
	{DSA-2305-1}
	- vsftpd 2.3.4-1 (bug #622741)
	[squeeze] - vsftpd 2.3.2-3+squeeze2
	[lenny] - vsftpd 2.0.7-1+lenny1
CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial of se ...)
	- perl 5.12.0-1 (unimportant; bug #628817)
CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the conf ...)
	NOT-FOR-US: WP Related Posts plugin for WordPress
CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the conf ...)
	NOT-FOR-US: Recaptcha plugin for WordPress
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the &lt;?php and ? ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the as ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in S ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 h ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value when sett ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote  ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 hav ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8. ...)
	NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
	NOT-FOR-US: IBM DB2
CVE-2011-0756 (The application server in Trustwave WebDefend Enterprise before 5.0 us ...)
	NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...)
	- php5 5.3.5-1 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...)
	- php5 <not-affected> (Only affects PHP on Windows)
CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when a user ...)
	- php5 5.3.5-1 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the  ...)
	- php5 5.3.3-7 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) b ...)
	NOT-FOR-US: Nostromo webserver
CVE-2011-0750
	RESERVED
CVE-2011-0749
	RESERVED
CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
	- phplist <itp> (bug #612288)
CVE-2011-0747
	RESERVED
CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in Forms/PortForwardin ...)
	NOT-FOR-US: ZyXEL O2 DSL Router
CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and direct requ ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-0744
	RESERVED
CVE-2011-0743
	RESERVED
CVE-2011-0742 (Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management ...)
	NOT-FOR-US: Novell ZENworks Handheld Management
CVE-2011-0741 (Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution  ...)
	NOT-FOR-US: ModX
CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...)
	- magpierss 0.72-10 (low; bug #611940)
	[squeeze] - magpierss 0.72-8+squeeze1
	[lenny] - magpierss 0.72-5+lenny1
CVE-2011-0739 (The deliver function in the sendmail delivery agent (lib/mail/network/ ...)
	NOT-FOR-US: Ruby mail gem
CVE-2011-0738 (MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2 ...)
	NOT-FOR-US: MyProxy
CVE-2011-0737 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote a ...)
	NOT-FOR-US: Adobe Coldfusion
CVE-2011-0736 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web app ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0735 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0734 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0733 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0732 (Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal ( ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component in IB ...)
	NOT-FOR-US: IBM DB2
CVE-2011-0730 (Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubu ...)
	- eucalyptus <not-affected> (It was once removed from archive, then re-added as 3.1.0)
CVE-2011-0729 (dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector ...)
	NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-0728 (Cross-site scripting (XSS) vulnerability in templatefunctions.py in Lo ...)
	- loggerhead 1.18.1-1 (low)
	[squeeze] - loggerhead <no-dsa> (Minor issue)
CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to ch ...)
	{DSA-2205-1}
	- gdm3 2.30.5-9
	- gdm <not-affected> (Affected code was introduced in 2.28)
CVE-2011-0726 (The do_task_stat function in fs/proc/array.c in the Linux kernel befor ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
	[lenny] - linux-2.6 2.6.26-26lenny3
	[squeeze] - linux-2.6 2.6.32-32
CVE-2011-0725 (Absolute path traversal vulnerability in the org.debian.apt.UpdateCach ...)
	- aptdaemon 0.43+bzr707-1
	[squeeze] - aptdaemon <not-affected> (Introduced in 0.33)
CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctl ...)
	- italc <not-affected> (Only Edubuntu Live DVD affected)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864
	NOTE: http://web.archive.org/web/20140817234205/https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
CVE-2011-0723 (FFmpeg 0.5.x, as used in MPlayer and other products, allows remote att ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows rem ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in sh ...)
	{DSA-2164-1}
	- shadow 1:4.1.4.2+svn3283-3
	[lenny] - shadow <not-affected> (Vulnerable code not present)
CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote a ...)
	NOT-FOR-US: Immo Makler
CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) co ...)
	NOT-FOR-US: Joomla JEAuto addon
CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component bef ...)
	NOT-FOR-US: Joomla JRadio addon
CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenblogg ...)
	NOT-FOR-US: Joomla Lyftenbloggie addon
CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga,  ...)
	- plone3 <removed>
CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 d ...)
	{DSA-2175-1}
	- samba 2:3.5.7~dfsg-1
CVE-2011-0718 (Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay a ...)
	NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0717 (Session fixation vulnerability in Red Hat Network (RHN) Satellite Serv ...)
	NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0716 (The br_multicast_add_group function in net/bridge/br_multicast.c in th ...)
	- linux-2.6 2.6.38-1 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
	[wheezy] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2181-1}
	- subversion 1.6.16dfsg-1
CVE-2011-0714 (Use-after-free vulnerability in a certain Red Hat patch for the RPC se ...)
	- linux-2.6 <not-affected> (This issue only affects Red Hat Enterprise Linux 6)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144
	NOTE: http://seclists.org/oss-sec/2011/q1/438
CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 t ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
CVE-2011-0712 (Multiple buffer overflows in the caiaq Native Instruments USB audio fu ...)
	{DSA-2310-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1 (low)
CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the Linux k ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-2 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux k ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ...)
	{DSA-2266-1}
	- php5 5.3.6-1
CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py  ...)
	{DSA-2170-1}
	- mailman 1:2.1.14-1
	NOTE: patch http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt
	NOTE: present in 2.1.14 and earlier
	NOTE: http://mail.python.org/pipermail/mailman-developers/2011-February/021317.html
CVE-2011-0706 (The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in Open ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.7-1
CVE-2011-0705
	REJECTED
CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote a ...)
	NOT-FOR-US: 389 Directory Server
CVE-2011-0703 (In gksu-polkit before 0.0.3, the source file for xauth may contain arb ...)
	- gksu-polkit <removed> (bug #684489)
	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
	- feh 1.12-1 (low; bug #612035)
	[squeeze] - feh <no-dsa> (Minor issue)
	[lenny] - feh <no-dsa> (Minor issue)
CVE-2011-0701 (wp-admin/async-upload.php in the media uploader in WordPress before 3. ...)
	{DSA-2190-1}
	- wordpress 3.0.5+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
	{DSA-2190-1}
	- wordpress 3.0.5+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
CVE-2011-0699 (Integer signedness error in the btrfs_ioctl_space_info function in the ...)
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 <not-affected> (code introduced in .37)
	[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
	[lenny] - linux-2.6 <not-affected> (code introduced in .37)
CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ...)
	- python-django <not-affected> (Windows-specific)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4  ...)
	{DSA-2163-1}
	- python-django 1.2.5-1
	[lenny] - python-django <not-affected> (Vulnerable code not present)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
	[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ...)
	{DSA-2163-1}
	- python-django 1.2.5-1
	[lenny] - python-django <not-affected> (Vulnerable code not present)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
	[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand drive ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2011-0693
	RESERVED
CVE-2011-0692
	RESERVED
CVE-2011-0691
	RESERVED
CVE-2011-0690
	RESERVED
CVE-2011-0689
	RESERVED
CVE-2011-0688 (Intel Alert Management System (aka AMS or AMS2), as used in Symantec A ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2011-0687 (Opera before 11.01 does not properly implement Wireless Application Pr ...)
	NOT-FOR-US: Opera
CVE-2011-0686 (Unspecified vulnerability in Opera before 11.01 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-0685 (The Delete Private Data feature in Opera before 11.01 does not properl ...)
	NOT-FOR-US: Opera
CVE-2011-0684 (Opera before 11.01 does not properly handle redirections and unspecifi ...)
	NOT-FOR-US: Opera
CVE-2011-0683 (Opera before 11.01 does not properly restrict the use of opera: URLs,  ...)
	NOT-FOR-US: Opera
CVE-2011-0682 (Integer truncation error in opera.dll in Opera before 11.01 allows rem ...)
	NOT-FOR-US: Opera
CVE-2011-0681 (The Cascading Style Sheets (CSS) Extensions for XML implementation in  ...)
	NOT-FOR-US: Opera
CVE-2011-0680 (data/WorkingMessage.java in the Mms application in Android before 2.2. ...)
	NOT-FOR-US: Mms for Android
CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server component in  ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher component ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1) WebAccess Agen ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise before 8.02H ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise Interne ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4711 (Double free vulnerability in the IMAP server component in GroupWise In ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0679 (IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in Lomte ...)
	NOT-FOR-US: Lomtec ActiveWeb Professional
CVE-2011-0677 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0676 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0675 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0674 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0673 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0672 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0671 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0670 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0669
	REJECTED
CVE-2011-0668
	RESERVED
CVE-2011-0667 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0666 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0664 (Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and ...)
	NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5. ...)
	NOT-FOR-US: Microsoft JScript
CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Se ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0660 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0659
	REJECTED
CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation in VBS ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2011-0655 (Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 fo ...)
	NOT-FOR-US: Microsoft
CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the Comm ...)
	NOT-FOR-US: Windows 2003
CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 all ...)
	NOT-FOR-US: Look 'n' Stop Firewall
CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs Iconfid ...)
	NOT-FOR-US: Iconfidant SSL Server (VxWorks OS)
CVE-2011-0650 (Cross-site request forgery (CSRF) vulnerability in Greenbone Security  ...)
	NOT-FOR-US: Greenbone Security Manager appliance
CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the  ...)
	- yui <removed> (unimportant)
	NOTE: Mostly a case of mis-documentation
CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OP ...)
	NOT-FOR-US: Automated Solutions Modbus/TCP Master
CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through ...)
	NOT-FOR-US: TIBCO Rendezvous
CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote  ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before 5.3 and ...)
	NOT-FOR-US: EMC
CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows rem ...)
	NOT-FOR-US: PHPLOWBIDS
CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remot ...)
	NOT-FOR-US: PHPCMS
CVE-2011-0644 (SQL injection vulnerability in include/admin/model_field.class.php in  ...)
	NOT-FOR-US: PHPCMS
CVE-2011-0643 (Cross-site request forgery (CSRF) vulnerability in admin/conf_users_ed ...)
	NOT-FOR-US: PHP Link Directory
CVE-2011-0642 (Cross-site request forgery (CSRF) vulnerability in news/admin.php in N ...)
	NOT-FOR-US: N-13 News
CVE-2011-0641 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin. ...)
	NOT-FOR-US: StatPressCN Wordpress Plugin
CVE-2011-0640 (The default configuration of udev on Linux does not warn the user befo ...)
	NOTE: Not much that could sensibly be fixed here
CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling additio ...)
	NOT-FOR-US: Mac OS X
CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling addi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0637 (The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a time ...)
	NOT-FOR-US: AIX
CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA C ...)
	NOT-FOR-US: NVIDIA CUDA Toolkit
CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier a ...)
	NOT-FOR-US: Simploo
CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the  ...)
	- pam 1.1.3-7.1 (low; bug #611136)
	[lenny] - pam <no-dsa> (Minor issue, too invasive for a stable release)
	[squeeze] - pam <no-dsa> (Minor issue, too invasive for a stable release)
CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in Linux ...)
	- pam 1.1.3-1 (low)
	[lenny] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth modu ...)
	- pam 1.1.3-1 (low)
	[lenny] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in lib ...)
	{DSA-2165-1}
	- ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495)
	- ffmpeg-debian <removed>
	NOTE: recheck when 0.6.x gets uploaded
CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earl ...)
	{DSA-2306-1 DSA-2165-1}
	- libav 4:0.6.2-1 (low; bug #611495)
	- ffmpeg 7:2.4.1-1 (low; bug #611495)
	- ffmpeg-debian <removed>
	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
	NOTE: Not packaged in Debian, separate package Shibboleth IdP
	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1 ...)
	{DSA-2196-1}
	- maradns 1.4.03-1.1 (bug #610834)
CVE-2011-0634
	REJECTED
CVE-2011-0633 (The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW ...)
	- libwww-perl 6.01-1 (low; bug #669126)
	[squeeze] - libwww-perl <no-dsa> (Minor issue)
CVE-2011-0632
	RESERVED
CVE-2011-0631
	RESERVED
CVE-2011-0630
	RESERVED
CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0628 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows,  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0626 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0625 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0624 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0623 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0622 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0621 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0620 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0619 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0618 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows,  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0617
	REJECTED
CVE-2011-0616
	REJECTED
CVE-2011-0615 (Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow re ...)
	NOT-FOR-US: Adobe Audition
CVE-2011-0614 (Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote atta ...)
	NOT-FOR-US: Adobe Audition
CVE-2011-0613 (Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and  ...)
	NOT-FOR-US: RoboHelp
CVE-2011-0612 (Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, all ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2011-0611 (Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player / Acrobat Reader
CVE-2011-0610 (The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlie ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0606 (Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0604 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0601
	REJECTED
CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0597
	REJECTED
CVE-2011-0596 (The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0594 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0593 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0592 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0591 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0590 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0589 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0588 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0587 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0586 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0585 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0584 (Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 a ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0583 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 throu ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0582 (Unspecified vulnerability in the administrator console in Adobe ColdFu ...)
	NOT-FOR-US: ColdFusion
CVE-2011-0581 (Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 throug ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0580 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0579 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0578 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0577 (Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 all ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0576
	REJECTED
CVE-2011-0575 (Untrusted search path vulnerability in Adobe Flash Player before 10.2. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0574 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0573 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0572 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0571 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0570 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0567 (AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x befor ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0565 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0564 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0563 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0562 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0561 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0560 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0559 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0558 (Integer overflow in Adobe Flash Player before 10.2.152.26 allows attac ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows re ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 al ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0554 (The management console in Symantec IM Manager before 8.4.18 allows rem ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0553 (SQL injection vulnerability in the management console in Symantec IM M ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0552 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0551 (Cross-site request forgery (CSRF) vulnerability in the Web Interface i ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2011-0550 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Interfa ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI in Sym ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Aut ...)
	NOT-FOR-US: Lotus Freelance Graphics
CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Admi ...)
	NOT-FOR-US: Veritas
CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not vali ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Syman ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-0544 (phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. ...)
	- phpbb3 3.0.7-PL1-5 (low; bug #612477)
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier,  ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / bef ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot  ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0540
	REJECTED
CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7,  ...)
	- openssh 1:5.8p1-2
	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees a ...)
	{DSA-2201-1}
	- wireshark 1.4.3-3 (low; bug #613202)
CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) languages/Language ...)
	- mediawiki <not-affected> (Only affected when running on Windows or Novell Netware)
CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in c ...)
	- eglibc 2.11.2-8 (bug #600667)
	- glibc <not-affected> (Lenny version not affected)
CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...)
	NOT-FOR-US: zikula
CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...)
	{DSA-2160-1}
	- tomcat5.5 <not-affected> (Vulnerable code not present)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0533 (Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 throu ...)
	NOT-FOR-US: Apache Continuum
CVE-2011-0532 (The (1) backup and restore scripts, (2) main initialization script, an ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media play ...)
	{DSA-2159-1}
	- vlc 1.1.7-1 (medium)
	[lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the server ...)
	{DSA-2183-1}
	- nbd 1:2.9.16-8 (bug #611187)
	[etch] - nbd <not-affected> (reintroduced in 2.9.0)
CVE-2011-0529 (Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to m ...)
	- weborf 0.12.5-1
CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node r ...)
	- puppet 2.6.2-3
	[lenny] - puppet <not-affected> (Only affects 2.6.x)
CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0 ...)
	NOT-FOR-US: VMware vFabric tc Server
CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forum ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0525 (Batavi before 1.0 has CSRF. ...)
	NOT-FOR-US: Batavi
CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...)
	- gypsy <itp> (bug #491723)
CVE-2011-0523 (gypsy 0.8 does not properly restrict the files that can be read while  ...)
	- gypsy <itp> (bug #491723)
CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in th ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gal ...)
	NOT-FOR-US: Gallarific
CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS F ...)
	NOT-FOR-US: LotusCMS
CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and e ...)
	NOT-FOR-US: Winlog Pro
CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site  ...)
	NOT-FOR-US: BetMore Site Suite
CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2  ...)
	NOT-FOR-US: Kingsoft AntiVirus
CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows rem ...)
	NOT-FOR-US: HP Data Protector Manager
CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows lo ...)
	NOT-FOR-US: SecurStar DriveCrypt
CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure module  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2011-0511 (SQL injection vulnerability in the allCineVid component (com_allcinevi ...)
	NOT-FOR-US: Joomla! component
CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost Billing Sy ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows ...)
	NOT-FOR-US: Vaadin
CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in system/modules/comments/Co ...)
	NOT-FOR-US: Contao CMS
CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1 ...)
	NOT-FOR-US: Blackmoon FTP
	NOTE: Windows-only
CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in Ax De ...)
	NOT-FOR-US: AxDCMS
CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii 2.1.1,  ...)
	NOT-FOR-US: Zwii
CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1 ...)
	NOT-FOR-US: VaM Shop
CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1 ...)
	NOT-FOR-US: VaM Shop
CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly ...)
	NOT-FOR-US: Music Animation Machine MIDI Player
	NOTE: Windows-only
CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI Player 200 ...)
	NOT-FOR-US: Music Animation Machine MIDI Player
	NOTE: Windows-only
CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and Vid ...)
	NOT-FOR-US: VideoSpirit Pro
CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versio ...)
	NOT-FOR-US: VideoSpirit Pro
CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, a ...)
	NOT-FOR-US: Nokia Multimedia Player
CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ES ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ES ...)
	NOT-FOR-US: Sybase EAServer
CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb Ren ...)
	NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before 1. ...)
	NOT-FOR-US: Joomla component
CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in fxs ...)
	NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor
CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in main/uti ...)
	{DSA-2171-1}
	- asterisk 1:1.6.2.9-2+squeeze1 (bug #610487)
CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Mana ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require authentica ...)
	NOT-FOR-US: Objectivity/DB
CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...)
	NOT-FOR-US: NTWebServer
CVE-2011-0487 (ICQ 7 does not verify the authenticity of updates, which allows man-in ...)
	NOT-FOR-US: ICQ
CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...)
	NOT-FOR-US: IBM Cognos
CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
	- php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient)
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP b ...)
	- php5 5.3.5-1 (unimportant)
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...)
	- php5 5.3.3-7 (unimportant)
	NOTE: Only exloitable with malicious script
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...)
	{DSA-2408-1}
	- php5 5.3.5-1 (unimportant)
	NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22  ...)
	NOT-FOR-US: Joomla!
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session co ...)
	- hastymail <removed>
CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remo ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote at ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2 ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to L ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-XXXX [multiple spip issues]
	- spip 2.1.1-3 (bug #609212; bug #610016)
CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/75082
	NOTE: http://trac.webkit.org/changeset/75084
CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/74787
CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-5
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/74779
CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS befo ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFm ...)
	{DSA-2306-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (webm not supported yet)
	- ffmpeg-debian <not-affected> (webm not supported yet)
	- libav 4:0.6.1-1 (bug #610550)
CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/74636
CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (chromium specific)
CVE-2011-0476 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allo ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0475 (Use-after-free vulnerability in Google Chrome before 8.0.552.237 and C ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/74574
CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/73927
	NOTE: http://trac.webkit.org/changeset/73937
CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0471 (The node-iteration implementation in Google Chrome before 8.0.552.237  ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/73559
	NOTE: http://trac.webkit.org/changeset/73620
CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-0469 (Code injection in openSUSE when running some source services used in t ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=679325
	NOTE: Main fix: https://github.com/openSUSE/open-build-service/commit/76b0ab003f34435ca90d943e02dd22279cdeec2a
	NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and befo ...)
	NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0467 (A vulnerability in the listing of available software of SUSE Studio On ...)
	NOT-FOR-US: SUSE Studio Onsite
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2. ...)
	NOT-FOR-US: openSUSE Build Service
CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...)
	{DSA-2213-1}
	- x11-xserver-utils 7.6+2 (low; bug #621423)
	NOTE: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
	NOTE: low as this is not enabled in a standard setup
CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 ...)
	NOT-FOR-US: Novell Vibe OnPrem
CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Or ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page  ...)
	NOT-FOR-US: openSUSE Build Service
CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 i ...)
	NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0460 (The init script in kbd, possibly 1.14.1 and earlier, allows local user ...)
	- kbd <not-affected> (SUSE-specific)
CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault W ...)
	NOT-FOR-US: Cyber-Ark
CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in G ...)
	NOT-FOR-US: Google Picasa
CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier al ...)
	NOT-FOR-US: e107
CVE-2011-0456 (webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier al ...)
	- otrs2 2.4.5-1
CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 an ...)
	NOT-FOR-US: Things BBS
CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
	NOT-FOR-US: PPP Access Concentrator
CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not requir ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper
CVE-2011-0452 (Untrusted search path vulnerability in the script function in Lunascap ...)
	NOT-FOR-US: Lunascape
CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not proper ...)
	NOT-FOR-US: Opera
CVE-2011-0449 (actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...)
	- rails <not-affected> (Only affects 3.x)
CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...)
	- rails <not-affected> (Only affects 3.x)
CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ...)
	{DSA-2247-1}
	- rails 2.3.11-0.1 (bug #614864)
CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ...)
	{DSA-2247-1}
	- rails 2.3.11-0.1 (bug #614864)
CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as di ...)
	- gif2png 2.5.4-2 (low; bug #610479)
	[lenny] - gif2png <no-dsa> (Minor issue)
	[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow  ...)
	- gif2png 2.5.4-2 (low; bug #610479)
	[lenny] - gif2png <no-dsa> (Minor issue)
	[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help Conten ...)
	- eclipse <not-affected> (Fixed before the version now in Squeeze)
CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter  ...)
	NOT-FOR-US: VMware
CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...)
	- wireshark <not-affected> (Only affects Wireshark 1.4, fixed in experimental)
CVE-2011-0444 (Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-l ...)
	- wireshark 1.2.11-6
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2,  ...)
	NOT-FOR-US: tinyBB
CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to t ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-0441 (The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows lo ...)
	{DSA-2195-1}
	- php5 5.3.6-1 (bug #618489)
	NOTE: Debian-specific
CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before ...)
	{DSA-2206-1}
	- mahara 1.2.7-1
CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7  ...)
	{DSA-2206-1}
	- mahara 1.2.7-1
CVE-2011-0438 (nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success co ...)
	- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental)
CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation i ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain Te ...)
	{DSA-2179-1}
	- dtc 0.32.10-1 (bug #614302)
CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require authen ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control ( ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0433 (Heap-based buffer overflow in the linetoken function in afmparse.c in  ...)
	{DSA-2388-1}
	- evince 2.32.0-1 (bug #614668)
	[squeeze] - evince 2.30.3-2+squeeze1
	- vftool 2.0alpha-4.1 (low; bug #614669)
	[squeeze] - vftool 2.0alpha-4+squeeze1
	[lenny] - vftool 2.0alpha-3+lenny1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: vuln source file is lib/t1lib/parseAFM.c, which differs slightly from evince's afmparse.c in the affected areas but it is indeed affected
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=643882
CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in t ...)
	{DSA-2177-1}
	- pywebdav 0.9.4-3
CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel  ...)
	{DSA-2168-1}
	- openafs 1.4.14+dfsg-1
CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS 1.4.14,  ...)
	{DSA-2168-1}
	- openafs 1.4.14+dfsg-1
CVE-2011-0429
	RESERVED
CVE-2011-0428 (Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow re ...)
	- ikiwiki 3.20110122
	[squeeze] - ikiwiki 3.20100815.5
	[lenny] - ikiwiki <not-affected> (Vulnerable code not present)
	NOTE: https://ikiwiki.info/security/#index38h2
CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0 ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0425
	RESERVED
CVE-2011-0424
	RESERVED
CVE-2011-0423 (The PolyVision RoomWizard with firmware 3.2.3 has a default password o ...)
	NOT-FOR-US: PolyVision RoomWizard
CVE-2011-0422
	RESERVED
CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip extensio ...)
	{DSA-2266-1}
	- php5 5.3.6-1
	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
	- libzip 0.10-1 (low)
	[squeeze] - libzip <no-dsa> (Minor issue)
	NOTE: http://hg.nih.at/libzip/?fd=13654bfdc88c;file=lib/zip_name_locate.c
CVE-2011-0420 (The grapheme_extract function in the Internationalization extension (I ...)
	{DSA-2266-1}
	- php5 5.3.6-1 (unimportant)
	[lenny] - php5 <not-affected> (intl extension added in 5.3)
	NOTE: Only triggerable through malicious script
	NOTE: http://svn.php.net/viewvc?view=revision&revision=306449
CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in apr_f ...)
	{DSA-2237-2}
	- apr 1.4.4-1 (low)
CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in Net ...)
	- pure-ftpd 1.0.32-1 (unimportant)
	NOTE: The attack could not be reproduced on Linux. The upstream change from 1.0.32
	NOTE: only disables GLOB_BRACE, possibly to protect installations with a vulnerable libc
CVE-2011-0417
	RESERVED
CVE-2011-0416
	RESERVED
CVE-2011-0415
	RESERVED
CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative s ...)
	{DSA-2208-1}
	- bind9 1:9.7.3.dfsg-1 (bug #601830)
	[lenny] - bind9 <not-affected> (Introduced in 9.7.1)
CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...)
	{DSA-2184-1}
	- isc-dhcp 4.1.1-P1-16 (bug #611217)
	- dhcp3 <not-affected> (vuln code introduced in 4.0)
	- dhcp <not-affected> (vuln code introduced in 4.0)
	NOTE: maintainer is aware
	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2011-0413
CVE-2011-0412 (Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unenc ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x befo ...)
	{DSA-2233-1}
	- postfix 2.8.0-1 (bug #617849)
	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
	NOTE: http://www.postfix.org/CVE-2011-0411.html
	NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for networ ...)
	NOT-FOR-US: CollabNet ScrumWorks Basic
CVE-2011-0409
	RESERVED
CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cau ...)
	- libpng <not-affected> (vulnerable code introduced in 1.5.0, not packaged)
CVE-2011-0407 (SQL injection vulnerability in the store function in _phenotype/system ...)
	NOT-FOR-US: Phenotype CMS
CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6. ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-0405 (Directory traversal vulnerability in module.php in PhpGedView 4.2.3 an ...)
	- phpgedview <removed>
CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.0 ...)
	NOT-FOR-US: NetSupport Manager Agent for Linux
CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, ...)
	NOT-FOR-US: ImgBurn
CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted rem ...)
	{DSA-2142-1}
	- dpkg 1.15.8.8
CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored un ...)
	- piwik <itp> (bug #506933)
CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the se ...)
	- piwik <itp> (bug #506933)
CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login form insi ...)
	- piwik <itp> (bug #506933)
CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not properly ...)
	- piwik <itp> (bug #506933)
CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Phot ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-0397
	RESERVED
CVE-2011-0396 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0395 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0394 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0393 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0392 (Cisco TelePresence Recording Server devices with software 1.6.x do not ...)
	NOT-FOR-US: Cisco
CVE-2011-0391 (Cisco TelePresence Recording Server devices with software 1.6.x allow  ...)
	NOT-FOR-US: Cisco
CVE-2011-0390 (The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CT ...)
	NOT-FOR-US: Cisco
CVE-2011-0389 (Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0. ...)
	NOT-FOR-US: Cisco
CVE-2011-0388 (Cisco TelePresence Recording Server devices with software 1.6.x and Ci ...)
	NOT-FOR-US: Cisco
CVE-2011-0387 (The administrative web interface on Cisco TelePresence Multipoint Swit ...)
	NOT-FOR-US: Cisco
CVE-2011-0386 (The XML-RPC implementation on Cisco TelePresence Recording Server devi ...)
	NOT-FOR-US: Cisco
CVE-2011-0385 (The administrative web interface on Cisco TelePresence Recording Serve ...)
	NOT-FOR-US: Cisco
CVE-2011-0384 (The Java Servlet framework on Cisco TelePresence Multipoint Switch (CT ...)
	NOT-FOR-US: Cisco
CVE-2011-0383 (The Java Servlet framework on Cisco TelePresence Recording Server devi ...)
	NOT-FOR-US: Cisco
CVE-2011-0382 (The CGI subsystem on Cisco TelePresence Recording Server devices with  ...)
	NOT-FOR-US: Cisco
CVE-2011-0381 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2011-0380 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2011-0379 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 serie ...)
	NOT-FOR-US: Cisco
CVE-2011-0378 (The XML-RPC implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0377 (Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x  ...)
	NOT-FOR-US: Cisco
CVE-2011-0376 (The TFTP implementation on Cisco TelePresence endpoint devices with so ...)
	NOT-FOR-US: Cisco
CVE-2011-0375 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0374 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0373 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0372 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0371
	RESERVED
CVE-2011-0370
	RESERVED
CVE-2011-0369
	RESERVED
CVE-2011-0368
	RESERVED
CVE-2011-0367
	RESERVED
CVE-2011-0366
	RESERVED
CVE-2011-0365
	RESERVED
CVE-2011-0364 (The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2 ...)
	NOT-FOR-US: Cisco Security Agent Management
CVE-2011-0363
	RESERVED
CVE-2011-0362
	RESERVED
CVE-2011-0361
	RESERVED
CVE-2011-0360
	RESERVED
CVE-2011-0359
	RESERVED
CVE-2011-0358
	RESERVED
CVE-2011-0357
	RESERVED
CVE-2011-0356
	RESERVED
CVE-2011-0355 (Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through  ...)
	NOT-FOR-US: Cisco
CVE-2011-0354 (The default configuration of Cisco Tandberg C Series Endpoints, and Ta ...)
	NOT-FOR-US: Cisco
CVE-2011-0353
	RESERVED
CVE-2011-0352 (Buffer overflow in the web-based management interface on the Cisco Lin ...)
	NOT-FOR-US: Linksys router
CVE-2011-0351
	RESERVED
CVE-2011-0350 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 o ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0349 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 o ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0348 (Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in MSHTM ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0345 (Directory traversal vulnerability in the NMS server in Alcatel-Lucent  ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in t ...)
	NOT-FOR-US: Unified Maintenance Tool
CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in  ...)
	NOT-FOR-US: InduSoft ISSymbol ActiveX
CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in apps/moz ...)
	NOT-FOR-US: MuPDF plug-in for Firefox
CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol. ...)
	NOT-FOR-US: ISSymbol.ocx
CVE-2011-0339
	RESERVED
CVE-2011-0338
	RESERVED
CVE-2011-0337
	RESERVED
CVE-2011-0336
	RESERVED
CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (G ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0333 (Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf func ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom b ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the Honeywell ...)
	NOT-FOR-US: Honeywell ScanServer
CVE-2011-0330 (The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx  ...)
	NOT-FOR-US: Dell System Lite
CVE-2011-0329 (Directory traversal vulnerability in the GetData method in the Dell De ...)
	NOT-FOR-US: Dell System Lite
CVE-2011-0328
	RESERVED
CVE-2011-0327
	RESERVED
CVE-2011-0326
	RESERVED
CVE-2011-0325
	RESERVED
CVE-2011-0324 (Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro Acti ...)
	NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other ver ...)
	NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0. ...)
	NOT-FOR-US: EMC RSA Access Manager Server
CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0316 (The Administrative Console component in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0315 (Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web C ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0314 (Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0313
	RESERVED
CVE-2011-0312
	RESERVED
CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IB ...)
	NOT-FOR-US: IBM Java
CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote a ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0309
	RESERVED
CVE-2011-0308
	RESERVED
CVE-2011-0307
	RESERVED
CVE-2011-0306
	RESERVED
CVE-2011-0305
	RESERVED
CVE-2011-0304
	RESERVED
CVE-2011-0303
	RESERVED
CVE-2011-0302
	RESERVED
CVE-2011-0301
	RESERVED
CVE-2011-0300
	RESERVED
CVE-2011-0299
	RESERVED
CVE-2011-0298
	RESERVED
CVE-2011-0297
	RESERVED
CVE-2011-0296
	RESERVED
CVE-2011-0295
	RESERVED
CVE-2011-0294
	RESERVED
CVE-2011-0293
	RESERVED
CVE-2011-0292
	RESERVED
CVE-2011-0291 (The BlackBerry PlayBook service on the Research In Motion (RIM) BlackB ...)
	NOT-FOR-US: BlackBarry PlayBook
CVE-2011-0290 (The BlackBerry Collaboration Service in Research In Motion (RIM) Black ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2011-0289
	RESERVED
CVE-2011-0288
	RESERVED
CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API in Rese ...)
	NOT-FOR-US: BlackBerry products
CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in the Blac ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security Appl ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco Adapt ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS befor ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not prop ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, a ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attacker ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series de ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2011-XXXX
	- xdigger <removed> (bug #609096)
	[lenny] - xdigger 1.0.10-13+lenny1
	NOTE: CVE ID requested
CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
	- php5 5.3.3-7 (high)
	[lenny] - php5 <not-affected>
	NOTE: lenny10 includes a test for the bug. With lenny's toolchain
	NOTE: and settings, the bug can't be reproduced.
CVE-2011-XXXX [Crash with long HOME environment variable]
	- toppler 1.1.4-2 (unimportant; bug #608979)
	NOTE: Negligible privilege escalation
CVE-2011-XXXX [Crash with long HOME environment variable]
	- lbreakout2 <unfixed> (unimportant; bug #608980)
	NOTE: sgid games is dropped before buffer overflow
CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
	- libggi <removed> (bug #608981)
	[squeeze] - libggi <no-dsa> (Minor issue)
CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeB ...)
	- syslog-ng 3.1.3-2 (bug #608491)
	[lenny] - syslog-ng <not-affected> (2.0 not affected, also Freebsd-specific, which is not supported in Lenny anyway)
CVE-2010-XXXX [XSS in ftpls]
	- ftpcopy 0.6.7-3 (bug #607494)
	[squeeze] - ftpcopy <no-dsa> (Minor issue)
	[lenny] - ftpcopy <no-dsa> (Minor issue)
	NOTE: CVE ID requested
CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing  ...)
	- krb5 1.9.1+dfsg-1 (bug #622681)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <not-affected> (see below)
	NOTE: 1.6 is not affected: While the error case in the process_chpw_request()
	NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the error
	NOTE: path in its caller will not free() that pointer (the invalid pointer
	NOTE: goes out of scope without being freed), unlike in krb5-1.7 and later.
	NOTE: Those later releases add support for password changing over TCP, and
	NOTE: the error path in the TCP handling code is what frees the
	NOTE: uninitialized pointer. (Clarification by Tom Yu)
CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in do_as_re ...)
	- krb5 1.8.3+dfsg-6 (low; bug #618517)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed through a point update)
CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 all ...)
	- krb5 <not-affected> (Only affects 1.9.x)
	[squeeze] - krb5 <no-dsa> (minor issue)
	[lenny] - krb5 <no-dsa> (minor issue)
CVE-2011-0282 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x t ...)
	- krb5 1.8.3+dfsg-5
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed in a point update)
CVE-2011-0281 (The unparse implementation in the Key Distribution Center (KDC) in MIT ...)
	- krb5 1.8.3+dfsg-5
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed in a point update)
CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ( ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows remote attac ...)
	- libarchive 3.0.4-2 (bug #669197)
	[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
	NOTE: http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b
	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in tiffdu ...)
	{DSA-2552-1}
	- tiff <not-affected> (vulnerable code not present)
	- tiff3 3.9.5
CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restriction by ...)
	- consolekit 0.4.2-1 (low)
	[squeeze] - consolekit <no-dsa> (Minor issue)
CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-4662 (PmWiki before 2.2.21 has XSS. ...)
	NOT-FOR-US: pmwiki
CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...)
	- udisks 1.0.3-1
	[squeeze] - udisks <no-dsa> (Minor issue)
	NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
	NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the way add ...)
	- statusnet <itp> (bug #491723)
CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in  ...)
	- statusnet <itp> (bug #491723)
CVE-2010-4658 (statusnet through 2010 allows attackers to spoof syslog messages via n ...)
	- statusnet <itp> (bug #491723)
CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...)
	- php5 5.4.4-1 (low)
	[squeeze] - php5 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
	NOTE: Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4
	NOTE: and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442
CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Li ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not initiali ...)
	{DSA-2264-1}
	- linux-2.6 2.6.32-27
CVE-2010-4654 (poppler before 0.16.3 has malformed commands that may cause corruption ...)
	- kdegraphics <not-affected> (no stackheight)
	- xpdf <not-affected> (no stackheight)
	- poppler 0.16.3-1
	[lenny] - poppler <not-affected> (stackheights introduced after 0.12)
	[squeeze] - poppler <not-affected> (stackheights introduced after 0.12)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
CVE-2010-4653 (An integer overflow condition in poppler before 0.16.3 can occur when  ...)
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.16.3-1 (low)
	[lenny] - poppler <no-dsa> (minor issue)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function (contrib/ ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.3a-6
CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ...)
	- patch <unfixed> (unimportant)
	NOTE: Applying a patch blindly opens more severe security issues than only directory traversal...
	NOTE: openwall ships a fix
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=667529 for details
CVE-2010-4650 (Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29)
CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniba ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4648 (The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/we ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help Conten ...)
	- eclipse 3.5.2-9 (low; bug #611849)
	[squeeze] - eclipse 3.5.2-6squeeze2
CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 all ...)
	- hastymail <removed>
CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
	- subversion 1.6.12dfsg-3 (low; bug #608989)
	[lenny] - subversion <no-dsa> (Minor issue)
CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and  ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2. ...)
	NOT-FOR-US: XWiki
CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows remo ...)
	NOT-FOR-US: XWiki
CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...)
	NOT-FOR-US: XWiki
CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows rem ...)
	NOT-FOR-US: MySource Matrix
CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in controller ...)
	NOT-FOR-US: Joomla! JQuarks4s component
CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...)
	NOT-FOR-US: FeedList
CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business e-List ...)
	NOT-FOR-US: Site2Nite
CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...)
	NOT-FOR-US: Site2Nite
CVE-2010-4634
	NOT-FOR-US: osTicket
CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remot ...)
	NOT-FOR-US: digiSHOP
CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot C ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create ...)
	NOT-FOR-US: WordPress Survey and Quiz Tool plugin
CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ui ...)
	NOT-FOR-US: MyBB
CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...)
	NOT-FOR-US: MyBB
CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) be ...)
	NOT-FOR-US: MyBB
CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a co ...)
	NOT-FOR-US: MyBB
CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated u ...)
	NOT-FOR-US: MyBB
CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1 ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Mana ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2010-4621
	RESERVED
CVE-2010-4620
	RESERVED
CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in file-p ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb functi ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4541 (Stack-based buffer overflow in the loadit function in plug-ins/common/ ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in pl ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Ma ...)
	NOT-FOR-US: Mafya Oyun Scrpti
CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSa ...)
	NOT-FOR-US: Algis Info for Joomla!
CVE-2010-4617 (Directory traversal vulnerability in the JotLoader (com_jotloader) com ...)
	NOT-FOR-US: JotLoader for Joomla!
CVE-2010-4616 (Cross-site scripting (XSS) vulnerability in modules/content/admin/cont ...)
	NOT-FOR-US: ImpressCMS
CVE-2010-4615 (Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow ...)
	NOT-FOR-US: Oto Galeri Sistemi
CVE-2010-4614 (SQL injection vulnerability in item.php in Ero Auktion 2010 allows rem ...)
	NOT-FOR-US: Ero Auktion
CVE-2010-4613 (Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow  ...)
	NOT-FOR-US: Hycus CMS
CVE-2010-4612 (Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3 ...)
	NOT-FOR-US: Hycus CMS
CVE-2010-4611 (Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4610 (Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4609 (SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4608 (Habari 0.6.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Habari
CVE-2010-4607 (Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, w ...)
	NOT-FOR-US: Habari
CVE-2010-4606 (Unspecified vulnerability in the Space Management client in the Hierar ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4605 (Unspecified vulnerability in the backup-archive client in IBM Tivoli S ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4604 (Stack-based buffer overflow in the GeneratePassword function in dsmtca ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4603 (IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4602 (The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4601 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manage ...)
	NOT-FOR-US: HP Power Manager
CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91. ...)
	NOT-FOR-US: HP Multifunction Peripheral
CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 an ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power Manager (H ...)
	NOT-FOR-US: HP Power Manager
CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 c ...)
	NOT-FOR-US: HP OpenView Performance Insight Server
CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6 ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...)
	NOT-FOR-US: HP Business Availability
CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell  ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote attacker ...)
	NOT-FOR-US: HP LoadRunner
CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and  ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0269 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0268 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0267 (Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0266 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0265 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0264 (Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node  ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0263 (Multiple stack-based buffer overflows in ovas.exe in the OVAS service  ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0262 (Buffer overflow in the stringToSeconds function in ovutil.dll in ovweb ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView N ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0260 (The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not properly ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to execu ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote a ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0248 (Stack-based buffer overflow in the QuickTime ActiveX control in Apple  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0247 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0246 (Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote attack ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0243
	RESERVED
CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 all ...)
	NOT-FOR-US: Apple Safari
CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0239
	RESERVED
CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0236
	RESERVED
CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services (A ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0229 (Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not pr ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x befor ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2 ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, ...)
	{DSA-2294-1}
	- freetype 2.4.6-1 (bug #635871)
CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0220 (Apple Bonjour before 2011 allows a crash via a crafted multicast DNS p ...)
	NOT-FOR-US: Apple
CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same O ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts tha ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote  ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly addr ...)
	NOT-FOR-US: ImageIO in Apple Safari
CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly ha ...)
	NOT-FOR-US: CFNetwork in Apple Safari
CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows re ...)
	NOT-FOR-US: QuickTime in Apple Mac OS
CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to e ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartex ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server compo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X bef ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4. ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allow ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other vers ...)
	{DSA-2210-1}
	- tiff 3.9.4-7
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used  ...)
	{DSA-2210-1}
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed before initial upload)
	NOTE: This might've been fixed earlier even
CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does not p ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6 before 10 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Rub ...)
	{DLA-235-1 DLA-88-1}
	- ruby1.8 1.8.7.352-1 (bug #628452)
	- ruby1.9 <removed> (bug #628451)
	- ruby1.9.1 1.9.2.290-1 (bug #628450)
CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to e ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0185 (Format string vulnerability in the debug-logging feature in Applicatio ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an un ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X before 10 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows rem ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local u ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to ex ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 pro ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers t ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0171
	RESERVED
CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes  ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, d ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properl ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
	NOT-FOR-US: Safari in Apple iOS
CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement appli ...)
	NOT-FOR-US: MobileSafari in Apple iOS
CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS,  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not prope ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not prope ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the Cas ...)
	NOT-FOR-US: Apple
CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the htmlele ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes befo ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 all ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and e ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4597 (Stack-based buffer overflow in the save method in the IntegraXor.Proje ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, a ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disabl ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when  ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4593 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does n ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4592 (The Mobile Network Connections functionality in the Connection Manager ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4591 (The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4590 (Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4589 (Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote ...)
	NOT-FOR-US: IBM ENOVIA 6
CVE-2010-4588 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Ad ...)
	NOT-FOR-US: Microsoft
CVE-2011-0110
	REJECTED
CVE-2011-0109
	REJECTED
CVE-2011-0108
	REJECTED
CVE-2011-0107 (Untrusted search path vulnerability in Microsoft Office XP SP3, Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-0106
	REJECTED
CVE-2011-0105 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0103 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0102
	REJECTED
CVE-2011-0101 (Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0100
	REJECTED
CVE-2011-0099
	REJECTED
CVE-2011-0098 (Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 S ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0097 (Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0096 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Window ...)
	NOT-FOR-US: Microsoft mhtml
CVE-2011-0095
	REJECTED
CVE-2011-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does  ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in Microsof ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not pr ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0085 (Use-after-free vulnerability in the nsXULCommandDispatcher function in ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox be ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.6)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem func ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox 4.0. ...)
	- xulrunner <removed> (unimportant)
	- iceweasel <removed> (unimportant; bug #627552)
	NOTE: Negligible impact
CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozill ...)
	- xulrunner <not-affected> (Only affects MacOS X)
	- iceweasel <not-affected> (Only affects MacOS X)
CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey b ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
CVE-2011-0068
	RESERVED
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey b ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6. ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.15-1+b1
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6. ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.15-1+b1
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in P ...)
	{DSA-2178-1}
	- pango1.0 1.28.3-2~sid1
	[wheezy] - pango1.0 1.28.3-1+squeeze2
	[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2 2011020 ...)
	NOT-FOR-US: Majordomo
CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird be ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
CVE-2011-0060
	REJECTED
CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox bef ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6. ...)
	- icedove <not-affected> (Windows-specific)
	- xulrunner <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in Mozi ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5 ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in js3250.dl ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5 ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0052
	RESERVED
CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey b ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface (inter ...)
	{DSA-2158-1}
	- cgiirc 0.5.9-3.1 (bug #612671)
CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in li ...)
	NOT-FOR-US: Majordomo
CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4 ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0047 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 al ...)
	- mediawiki 1:1.15.5-3 (low; bug #611787)
	[lenny] - mediawiki 1:1.12.0-2lenny8 (low; bug #611787)
	[squeeze] - mediawiki 1:1.15.5-2squeeze1 (low; bug #611787)
CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do n ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-4
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/73432
CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp  ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-4
	- webkit 1.2.7-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883
	NOTE: http://code.google.com/p/chromium/issues/detail?id=63866
	NOTE: http://trac.webkit.org/changeset/72685
CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607843; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=63529
CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in browser/extensi ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607846; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=60761
	NOTE: http://codereview.chromium.org/5326011/
CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before  ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607848; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=56449
	NOTE: http://codereview.chromium.org/4716006
CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is p ...)
	NOT-FOR-US: VMware ESXi
CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3 ...)
	{DSA-2322-1}
	- bugzilla <removed>
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
	NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see above reference)
CVE-2010-4571
	RESERVED
CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the duplicate-detection fu ...)
	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7 ...)
	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3 ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4 ...)
	{DSA-2322-1}
	- bugzilla <removed> (high; bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4566 (The web authentication form in the NT4 authentication component in Cit ...)
	NOT-FOR-US: Citrix Acces Gateway
CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager)  ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4564
	RESERVED
CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to determin ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2011/Apr/254
CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4561
	RESERVED
CVE-2010-4560
	REJECTED
CVE-2010-4559
	REJECTED
CVE-2010-4587 (Opera before 11.00 on Windows does not properly implement the Insecure ...)
	NOT-FOR-US: Opera
CVE-2010-4586 (The default configuration of Opera before 11.00 enables WebSockets fun ...)
	NOT-FOR-US: Opera
CVE-2010-4585 (Unspecified vulnerability in the auto-update functionality in Opera be ...)
	NOT-FOR-US: Opera
CVE-2010-4584 (Opera before 11.00, when Opera Turbo is used, does not properly presen ...)
	NOT-FOR-US: Opera
CVE-2010-4583 (Opera before 11.00, when Opera Turbo is enabled, does not display a pa ...)
	NOT-FOR-US: Opera
CVE-2010-4582 (Opera before 11.00 does not properly handle security policies during u ...)
	NOT-FOR-US: Opera
CVE-2010-4581 (Unspecified vulnerability in Opera before 11.00 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2010-4580 (Opera before 11.00 does not clear WAP WML form fields after manual nav ...)
	NOT-FOR-US: Opera
CVE-2010-4579 (Opera before 11.00 does not properly constrain dialogs to appear on to ...)
	NOT-FOR-US: Opera
CVE-2010-XXXX [calibre XSS]
	- calibre 0.7.38+dfsg-1 (bug #608822)
	[squeeze] - calibre <not-affected> (Vulnerable code not present, see #608822)
	NOTE: http://www.waraxe.us/advisory-77.html
	NOTE: CVE ID requested
CVE-2010-XXXX [calibre file disclosure]
	- calibre 0.7.38+dfsg-1 (bug #608822)
	[squeeze] - calibre <not-affected> (Vulnerable code not present, see #608822)
	NOTE: http://www.waraxe.us/advisory-77.html
	NOTE: CVE ID requested
CVE-2010-XXXX [webkit info leak]
	- chromium-browser 26.0.1410.43-1 (low)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: this was fixed much earlier (webkit 1.2), but this was the version checked
	NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and De ...)
	NOT-FOR-US: phpMyFAQ
CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8 ...)
	NOT-FOR-US: Invensys Wonderware InBatch
CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control  ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 a ...)
	- opensc 0.11.13-1.1 (low; bug #607427)
	[lenny] - opensc 0.11.4-5+lenny1.1
CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not  ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1
CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 d ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4552 (Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote a ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4551 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4550 (IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cau ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4549 (IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device succes ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4548 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4547 (IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environmen ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4546 (IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment  ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4545 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus N ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows rem ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not p ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5033 (IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "*  ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0. ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0044
	REJECTED
CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 suppo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0041 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003 SP2 do ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0038 (Untrusted search path vulnerability in Microsoft Internet Explorer 8 m ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0037 (Microsoft Malware Protection Engine before 1.1.6603.0, as used in Micr ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2011-0036 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0034 (Stack-based buffer overflow in the OpenType Compact Font Format (aka O ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote  ...)
	NOT-FOR-US: Microsoft
CVE-2011-0028 (WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does n ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0027 (Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows D ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2011-0026 (Integer signedness error in the SQLConnectW function in an ODBC API (o ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2010-XXXX [ircd-ratbox password disclosure during TLS handshake]
	- ircd-ratbox 3.0.6.dfsg-2
	[lenny] - ircd-ratbox <not-affected> (TLS support not yet activated)
CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache  ...)
	- subversion 1.6.12dfsg-4 (low; bug #608989)
	[lenny] - subversion <no-dsa> (Minor issue)
CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/ ...)
	{DSA-2144-1}
	- wireshark 1.2.11-6 (bug #608990)
CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public st ...)
	NOT-FOR-US: CrawlTrack
CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used i ...)
	- wordpress 3.0.4+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
	- moodle <not-affected> (Moodle's version of KSES is not affected)
	- egroupware <not-affected> (Only uses a minor subset of KSES)
CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django befo ...)
	- python-django 1.2.4-1
	[squeeze] - python-django 1.2.3-3
	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
CVE-2010-4534 (The administrative interface in django.contrib.admin in Django before  ...)
	- python-django 1.2.4-1
	[squeeze] - python-django 1.2.3-3
	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
CVE-2010-4533 (offlineimap before 6.3.4 added support for SSL server certificate vali ...)
	- offlineimap 6.3.4-1 (low; bug #606962)
	NOTE: offlineimap uses the "ssl" standard lib in Python, marking the version of offlineimap in wheezy as fixed
	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4532 (offlineimap before 6.3.2 does not check for SSL server certificate val ...)
	- offlineimap 6.3.2~rc3-2 (low; bug #603450)
	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the Answer ...)
	{DSA-2156-1}
	- pcsc-lite 1.5.5-4 (low; bug #607781)
CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Car ...)
	- ccid 1.3.11-2 (unimportant; bug #607780)
	NOTE: Theoretical attack
CVE-2011-XXXX [remote DoS when case of the characters of a nickname is modified]
	- bip 0.8.7-1
	[squeeze] - bip 0.8.2-1squeeze3
	[lenny] - bip <not-affected> (Vulnerable code not present)
CVE-2010-4529 (Integer underflow in the irda_getsockopt function in net/irda/af_irda. ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7 ...)
	- pidgin 2.7.9-1 (bug #608331; medium)
	[squeeze] - pidgin <not-affected> (Vulnerable code not present)
	[lenny] - pidgin <not-affected> (Vulnerable code not present)
CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the OSS so ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in net/sctp ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_even ...)
	- linux-2.6 2.6.35-1
	[squeeze] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
	[lenny] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
	[wheezy] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonAr ...)
	- mhonarc 2.6.18-1 (low; bug #607693)
	[squeeze] - mhonarc <no-dsa> (Minor issue)
CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...)
	NOT-FOR-US: MyBB
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x befor ...)
	- drupal6-mod-views 2.12-1
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...)
	- drupal6-mod-views 2.11-1
CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the View ...)
	- drupal6-mod-views 2.11-1
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-sea ...)
	NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) co ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Co ...)
	NOT-FOR-US: Joomla!
CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0,  ...)
	NOT-FOR-US: Citrix Web Interface
CVE-2010-4514 (Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx ...)
	NOT-FOR-US: DotNetNuke
CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0 ...)
	NOT-FOR-US: Zimplit CMS
CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x befo ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 a ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7  ...)
	- xulrunner <not-affected> (Only affects Firefox 4.x)
CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values containing s ...)
	- modsecurity-apache <not-affected> (Fixed before initial upload)
	- libapache-mod-security 2.5.12-1
	NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allo ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.1 (medium; bug #672455)
	NOTE: Upstream ticket http://code.google.com/p/openjpeg/issues/detail?id=5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812317
CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.15 al ...)
	- eglibc 2.13-24 (low; bug #656108)
	[squeeze] - eglibc 2.11.3-3
	- glibc 2.13-24
	NOTE: http://support.novell.com/security/cve/CVE-2009-5029.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=735850
CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows remote atta ...)
	- namazu2 2.0.20-1.0 (low)
CVE-2009-5027
	REJECTED
CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x  ...)
	- mysql-5.1 5.1.53-1
CVE-2009-5025 (A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an att ...)
	NOT-FOR-US: PyForum
CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_l ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #671482)
CVE-2009-5023 (The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf,  ...)
	- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
	[lenny] - fail2ban <no-dsa> (Minor issue)
	[squeeze] - fail2ban 0.8.4-3+squeeze1
CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibT ...)
	{DSA-2256-1}
	- tiff 3.9.5-1 (bug #624287)
	- tiff3 <not-affected> (fixed before initial upload)
	[lenny] - tiff <not-affected> (3.9+ only)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999
CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an installati ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpo ...)
	NOT-FOR-US: iSpot/ClearSpot hardware devices
CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A  ...)
	NOT-FOR-US: Passlogix
CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4,  ...)
	NOT-FOR-US: Injader
CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Direc ...)
	NOT-FOR-US: eSyndiCat
CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows  ...)
	NOT-FOR-US: Aigaion
CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite  ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2010-4501
	REJECTED
CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG ...)
	NOT-FOR-US: MRCGIGUY FreeTicket
CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does  ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.5-1
	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
	[lenny] - openjdk-6 <no-dsa> (bug #614151)
CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...)
	- wireshark 1.2-0-1
CVE-2011-0023
	RESERVED
CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subtitles ...)
	- vlc 1.1.3-1squeeze2
	[lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...)
	- vlc 1.1.3-1squeeze2
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...)
	- pango1.0 1.28.3-1+squeeze1 (bug #610792)
CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1. ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not check ...)
	{DSA-2154-1}
	- exim4 4.72-4
CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...)
	{DSA-2162-1}
	- openssl 0.9.8o-5 (low)
	[lenny] - openssl <not-affected> (Only 0.9.8h through 0.9.8q are affected)
CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ...)
	{DSA-2160-1}
	- tomcat5.5 <removed> (low)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly othe ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password i ...)
	{DSA-2230-1}
	- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
	- kvm <not-affected> (Vulnerable code not present)
	NOTE: Harmless implementation bug, see discussion in #611134
CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured ...)
	- sudo 1.7.4p4-6 (bug #609641)
	[lenny] - sudo <not-affected> (Only affects 1.7.x)
	[squeeze] - sudo 1.7.4p4-2.squeeze.1
	NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
CVE-2011-0009 (Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc ...)
	{DSA-2150-1}
	- request-tracker3.8 3.8.8-7
CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fe ...)
	- sudo <not-affected> (Fedora-specific issue)
CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local us ...)
	{DSA-2147-1}
	- pimd 2.1.6-1 (unimportant; bug #609304)
	[squeeze] - pimd 2.1.1-1.1 (unimportant; bug #609304)
CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c  ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for  ...)
	NOT-FOR-US: Joomla!
CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1. ...)
	- piwik <itp> (bug #506933)
CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is enable ...)
	{DTSA-207-1}
	- mediawiki 1:1.15.5-2
	[lenny] - mediawiki 1:1.12.0-2lenny7
CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...)
	- libuser 1:0.56.9.dfsg.1-1.1 (bug #610034)
CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/ ...)
	{DSA-2209-1}
	- tgt 1:1.0.4-3
CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager se ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information  ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information Ma ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in TIB ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...)
	{DSA-2137-1}
	- libxml2 2.7.8.dfsg-2 (bug #607922)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (never embedded libxml2's xpath.c)
CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-3
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/72013
CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-3
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/71686
CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict privileged ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in chromium-specific webkit code)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=62168
	NOTE: http://trac.webkit.org/changeset/71533
CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to cause a de ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (chromium specific issue)
CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly other ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	- libvpx 0.9.5-1 (bug #610510)
	[squeeze] - libvpx <not-affected> (regression in later version)
CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP proxy a ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium issue)
	NOTE: only a browser crash
CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (chromium issue)
CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 allow ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/71170
CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the genera ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/69914
	NOTE: only a browser crash due to opening too many dialogs (i.e. a dos)
CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 databa ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
	NOTE: only a browser crash
CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read acces ...)
	- chromium-browser 6.0.472.63~r59945-3
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows r ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: unimportant, bypass the pop-up blocker
	NOTE: http://trac.webkit.org/changeset/69990
CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authen ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-3 (bug #608290)
	NOTE: enables phpinfo output; this is disabled by default and phpinfo on Debian
	NOTE: systems is by and large full of otherwise predictable information.
CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1 ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-3 (bug #608290)
CVE-2010-4510
	REJECTED
CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96. ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly val ...)
	- openssh <not-affected> (J-PAKE not activated, see bug #606922)
CVE-2010-4477
	REJECTED
CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in Ora ...)
	{DSA-2161-2 DSA-2161-1}
	- openjdk-6 6b18-1.8.7-1 (bug #612660)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
	- sun-java6 6.24-1
	NOTE: Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
	NOTE: Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
	NOTE: Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
CVE-2010-4475 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4474 (Unspecified vulnerability in the Java DB component in Oracle Java SE a ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4473 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4472 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4471 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4470 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4469 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4468 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4467 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4466 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4465 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote  ...)
	NOT-FOR-US: Oracle Convergence
CVE-2010-4463 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4462 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Solaris
CVE-2010-4459 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Solaris
CVE-2010-4458 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Solaris
CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...)
	NOT-FOR-US: Solaris
CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications Exp ...)
	NOT-FOR-US: Oracle Sun Java System Communications Express
CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-4454 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic
CVE-2010-4452 (Unspecified vulnerability in the Deployment component in Java Runtime  ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4451 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4450 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...)
	NOT-FOR-US: Oracle Audit
CVE-2010-4448 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4447 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Solaris
CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...)
	NOT-FOR-US: OpenSSO
CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Solaris
CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Solaris
CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local use ...)
	NOT-FOR-US: Oracle Express
CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, a ...)
	- glassfish <not-affected> (Only builds a few class libs)
CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: WebLogic
CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0  ...)
	NOT-FOR-US: SunMC
CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager compone ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1  ...)
	NOT-FOR-US: Oracle Sun Java System Portal Server
CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle BI Publisher
CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle BI Publisher
CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4422 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in Ora ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local use ...)
	- virtualbox-ose <not-affected> (Support for extensions was added in 4.x, see #611925)
CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle D ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta  ...)
	NOT-FOR-US: pfSense
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote att ...)
	- perl 5.10.1-17 (bug #606995)
	[lenny] - perl 5.10.0-19lenny3
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
	- libcgi-pm-perl 3.51-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm befo ...)
	- perl 5.10.1-17 (bug #606995)
	[lenny] - perl 5.10.0-19lenny3
	- libcgi-pm-perl 3.50-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2 ...)
	NOT-FOR-US: Apache archiva
CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
	- openssl 0.9.8k-1
	[lenny] - openssl 0.9.8g-15+lenny11
	NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180
	NOTE: which disabled the bug compatibility code
CVE-2010-4334 (The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERI ...)
	- libio-socket-ssl-perl 1.35-1 (bug #606058)
	[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
	[lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present)
CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php  ...)
	- cakephp 1.3.2-1.1 (bug #606386)
	[lenny] - cakephp <not-affected>
	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4. ...)
	{DSA-2133-1}
	- collectd 4.10.1-2.1 (bug #605092; low)
	[squeeze] - collectd 4.10.1-1+squeeze2
CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ar ...)
	{DSA-2435-1}
	- gnash 0.8.8-8 (unimportant; bug #605419)
CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might a ...)
	- php5 5.3.3-6 (low)
	NOTE: old, known, issue -- partial protection by the suhosin extension
	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_sym ...)
	- php5 5.3.3-6
	[lenny] - php5 <not-affected> (intl extension included since 5.3)
	NOTE: http://www.kb.cert.org/vuls/id/479900
CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Al ...)
	NOT-FOR-US: AlGuest
CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton LittlePh ...)
	NOT-FOR-US: LittlePhpGallery
CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404 ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows remote ...)
	NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
	NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain ...)
	NOT-FOR-US: DynPG
CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows r ...)
	NOT-FOR-US: DynPG
CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS 4. ...)
	NOT-FOR-US: DynPG
CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a cer ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4393 (Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 t ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, Real ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPla ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPl ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 t ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4381 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4380 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4379 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4378 (The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4377 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4376 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4375 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to caus ...)
	NOT-FOR-US: Winamp
CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to caus ...)
	NOT-FOR-US: Winamp
CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remo ...)
	NOT-FOR-US: Winamp
CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remot ...)
	NOT-FOR-US: Winamp
CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6  ...)
	NOT-FOR-US: Winamp
CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote  ...)
	- awstats 6.9.5~dfsg-5 (low; bug #606263)
	[lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir param ...)
	- awstats <not-affected> (Windows-specific issue)
	NOTE: looks like it's the same as CVE-2010-4367
CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
	- awstats 6.9.5~dfsg-5 (low; bug #606263)
	[lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 allow ...)
	- awstats 6.9.5~dfsg-1 (unimportant)
CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbi ...)
	- ocrodjvu 0.4.6-2 (low; bug #598134)
CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows rem ...)
	- hypermail <removed> (low; bug #598743)
	[lenny] - hypermail <no-dsa> (Minor issue)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in forum_new_topic ...)
	NOT-FOR-US: Chameleon Social Networking
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxevent ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does  ...)
	NOT-FOR-US: DaDaBIK
CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG ...)
	NOT-FOR-US: FreeTicket
CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Websi ...)
	NOT-FOR-US: MicroNetsoft RV Dealer
CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopa ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows rem ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGI ...)
	NOT-FOR-US: MRCGIGUY (MCG) Guestbook
CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1 allows r ...)
	NOT-FOR-US: SiteEngine
CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big Truck ...)
	NOT-FOR-US: Site2Nite Big Truck
CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2,  ...)
	NOT-FOR-US: DaDaBIK
CVE-2009-5019 (Web Wiz NewsPad stores sensitive information under the web root with i ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-7269 (Open redirect vulnerability in api.php in SiteEngine 5.x allows user-a ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7268 (The phpinfo function in SiteEngine 5.x allows remote attackers to obta ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x all ...)
	NOT-FOR-US: SiteEngine
CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
	- elfsign <removed> (low; bug #555668)
	[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security  ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-4353 (Unrestricted file upload vulnerability in modules/gallery/models/item. ...)
	- gallery3 <itp> (bug #511715)
CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allow ...)
	{DSA-2149-1}
	- dbus 1.2.24-4
CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.4-1
	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
	[lenny] - openjdk-6 <no-dsa> (bug #614151)
CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in M ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote at ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4348 (Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.p ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permi ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel)
CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux kernel  ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by leverag ...)
	{DSA-2154-1}
	- exim4 4.72-3 (bug #606527)
CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in string.c  ...)
	{DSA-2131-1}
	- exim4 4.70-1 (bug #606612)
CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...)
	- sssd 1.2.1-4.1 (bug #610032)
	[squeeze] - sssd 1.2.1-4+squeeze1
	[wheezy] - sssd 1.2.1-4+squeeze1
CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...)
	NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to  ...)
	NOT-FOR-US: Pointter PHP Content Management System
CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...)
	NOT-FOR-US: Seo Panel
CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse  ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton funct ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-2
CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd i ...)
	NOT-FOR-US: Novell iPrint LPD
CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory 8.8. ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (G ...)
	NOT-FOR-US: Groupwise
CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in No ...)
	NOT-FOR-US: Groupwise
CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the U ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Confi ...)
	NOT-FOR-US: Novell ZENworks
CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell V ...)
	NOT-FOR-US: Novell Vibe
CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Nov ...)
	NOT-FOR-US: Novell iPrint client
CVE-2010-4320
	RESERVED
CVE-2010-4319
	RESERVED
CVE-2010-4318
	RESERVED
CVE-2010-4317
	RESERVED
CVE-2010-4316
	RESERVED
CVE-2010-4315
	RESERVED
CVE-2010-4314 (Remote attackers can use the iPrint web-browser ActiveX plugin in Nove ...)
	NOT-FOR-US: iPrint web-browser ActiveX plugin in Novell iPrint Client
CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in O ...)
	NOT-FOR-US: Orbis CMS
CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the HT ...)
	- tomcat6 6.0.35-5 (unimportant; bug #608286)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows c ...)
	NOT-FOR-US: Free Simple Software
CVE-2010-4310
	RESERVED
CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows att ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 523 ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC) System 3545 ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4303 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the L ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4302 (/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Vi ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4299 (Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handhe ...)
	NOT-FOR-US: Novell Zenworks
CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple Soft ...)
	NOT-FOR-US: Free Simple Software
CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x befo ...)
	NOT-FOR-US: VMware
CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Li ...)
	NOT-FOR-US: VMware
CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware Works ...)
	NOT-FOR-US: VMware
CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in VMwar ...)
	NOT-FOR-US: VMware
CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave F ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2010-XXXX [directory traversal]
	- openacs 5.5.1+dfsg-2
	- dotlrn 2.5.0+dfsg-2
CVE-2010-XXXX [insecure python path handling]
	- pymca 4.4.1p1-1 (low; bug #605160)
	- opendnssec 1.1.3-2 (low; bug #605161)
	- pybliographer 1.2.14-3 (low; bug #605153)
	[squeeze] - pybliographer 1.2.12-4squeeze1
	- calendarserver 2.4.dfsg-2.1 (low; bug #605157)
	[lenny] - calendarserver <no-dsa> (Minor issue)
	- gquilt 0.22-1.1 (low; bug #605152)
	[lenny] - gquilt 0.20-2+lenny1
	- snappea 3.0d3-20 (low; bug #605151)
	[lenny] - snappea <no-dsa> (Minor issue)
	- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
	[lenny] - ironpython <no-dsa> (Minor issue)
	- gnome-schedule 2.1.1-3.1 (low; bug #605169)
	[lenny] - gnome-schedule <no-dsa> (Minor issue)
	- gnumed-client 0.8.5-1 (low; bug #605159)
	[squeeze] - gnumed-client 0.7.10-1
	[lenny] - gnumed-client <no-dsa> (Minor issue)
	- distcc 3.1-3.2 (low; bug #605168)
	[lenny] - distcc <not-affected> (Vulnerable code not present)
	- mmass 3.8.0-2 (low; bug #605150)
	[squeeze] - mmass <not-affected> (Doesn't set PYTHONPATH)
	- guake 0.4.2-3 (low; bug #605163)
CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wires ...)
	- wireshark <not-affected> (Only affects >= 1.4)
CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function (epan ...)
	- wireshark 1.2.11-4
	[lenny] - wireshark <not-affected> (Only affects >= 1.2)
CVE-2010-4293
	REJECTED
CVE-2010-4292
	REJECTED
CVE-2010-4291
	REJECTED
CVE-2010-4290
	REJECTED
CVE-2010-4289
	REJECTED
CVE-2010-4288
	REJECTED
CVE-2010-4287
	REJECTED
CVE-2010-4286
	REJECTED
CVE-2010-4285
	REJECTED
CVE-2010-4284 (SQL injection vulnerability in the authentication form in the integrat ...)
	NOT-FOR-US: Samsung Integrated Management System
CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in  ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before 3.1 ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 all ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an  ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows re ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
	NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...)
	NOT-FOR-US: LiveZilla
CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager  ...)
	NOT-FOR-US: Radius Manager
CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0  ...)
	NOT-FOR-US: IBM Systems Director
CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC IMove ...)
	NOT-FOR-US: DescargarVista ACC
CVE-2010-4272 (SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sp ...)
	NOT-FOR-US: Pulse Infotech Sponsor Wall
CVE-2010-4271 (SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remo ...)
	NOT-FOR-US: ImpressCMS
CVE-2010-4270 (Directory traversal vulnerability in the nBill (com_netinvoice) compon ...)
	NOT-FOR-US: Joomla addon
CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 allow ...)
	NOT-FOR-US: Collabtive
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipw ...)
	NOT-FOR-US: Pulse Infotech
CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/ ...)
	{DSA-2152-1}
	- hplip 3.10.6-2 (bug #610960)
CVE-2010-4266
	RESERVED
CVE-2010-4265 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...)
	- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
CVE-2010-4264
	RESERVED
CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the Inte ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote atta ...)
	- xfig 1:3.2.5.b-1.1 (bug #606257)
	NOTE: details and patch at https://bugzilla.redhat.com/659676
CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (icon extractor not yet present)
	NOTE: Fixed in 1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV b ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote attack ...)
	{DSA-2253-1}
	- fontforge 0.0.20100501-4 (bug #605537)
CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before 2.6.3 ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in wp-includ ...)
	{DSA-2138-1}
	NOTE: http://core.trac.wordpress.org/changeset/16625
	- wordpress 3.0.2-1 (bug #605603)
CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 ...)
	- linux-2.6 <not-affected> (introduced in 2.6.35; fixed in 2.6.37)
CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and ear ...)
	- xen 4.0.1-2 (bug #609531)
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used ...)
	- moon <not-affected> (Debian's version of Moonlight is not affected, see #608288)
CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and  ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly valid ...)
	- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
	NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel befor ...)
	- linux-2.6 2.6.32-22
CVE-2010-4250 (Memory leak in the inotify_init1 function in fs/notify/inotify/inotify ...)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <not-affected> (Introduced after 2.6.32)
	[lenny] - linux-2.6 <not-affected> (Introduced after 2.6.32)
	[wheezy] - linux-2.6 <not-affected> (Introduced after 2.6.32)
CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the L ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ( ...)
	- linux-2.6 <not-affected> (changes included since introduction of dom0 support)
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pf ...)
	NOT-FOR-US: pfSense
CVE-2010-4245 (pootle 2.0.5 has XSS via 'match_names' parameter ...)
	- pootle 2.0.5-0.3 (low; bug #604060)
	[lenny] - pootle <not-affected> (Vulnerable code not present)
CVE-2010-4244
	REJECTED
CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Ki ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver (drivers/bluetoo ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-28
CVE-2010-4241 (Tiki Wiki CMS Groupware 5.2 has CSRF ...)
	- tikiwiki <removed>
CVE-2010-4240 (Tiki Wiki CMS Groupware 5.2 has XSS ...)
	- tikiwiki <removed>
CVE-2010-4239 (Tiki Wiki CMS Groupware 5.2 has Local File Inclusion ...)
	- tikiwiki <removed>
CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on  ...)
	- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind E ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, a ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CM ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and T ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4232 (The web-based administration interface on the Camtron CMNC-200 Full HD ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4231 (Directory traversal vulnerability in the web-based administration inte ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the Camtr ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inv ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP se ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before  ...)
	NOT-FOR-US: Novell Netware
CVE-2010-4226 (cpio, as used in build 2007.05.10, 2010.07.28, and possibly other vers ...)
	NOT-FOR-US: OpenSuSE build services
	NOTE: This might qualify as a cpio hardening issue, but this CVE-ID is not about cpio itself.
CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...)
	- mono 2.6.7-5 (bug #608288)
CVE-2010-4224
	RESERVED
CVE-2010-4223
	RESERVED
CVE-2010-4222
	RESERVED
CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UT ...)
	- xulrunner <undetermined>
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in P ...)
	- php5 5.3.3-4
	[lenny] - php5 5.2.6.dfsg.1-1+lenny10
	[squeeze] - php5 5.3.3-7+squeeze1
	NOTE: Also fixed by debian/patches/CVE-2010-3870.patch
CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets func ...)
	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution Co ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in I ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown  ...)
	NOT-FOR-US: IBM ENOVIA 6
CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli Directo ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF00 ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4215 (UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated us ...)
	- foswiki <itp> (bug #509864)
CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username a ...)
	NOT-FOR-US: Wells Fargo Mobile for Android
CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security que ...)
	NOT-FOR-US: Bank of America application for Android
CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each vis ...)
	NOT-FOR-US: USAA application for Android
CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ho ...)
	NOT-FOR-US: PayPal app for iOS
CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x  ...)
	- kfreebsd-7 <unfixed>
	[lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
	- kfreebsd-8 8.1-1
	- kfreebsd-9 <not-affected> (fixed prior to first upload)
	- kfreebsd-10 <not-affected> (fixed prior to first upload)
CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4206 (Array index error in the FEBlend::apply function in WebCore/platform/g ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/70652
CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data type ...)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159
	NOTE: http://trac.webkit.org/changeset/70550
CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1 ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281
	NOTE: http://trac.webkit.org/changeset/70517
CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...)
	- webkit <not-affected> (skia issue)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://code.google.com/p/skia/source/detail?r=606
	NOTE: http://code.google.com/p/skia/source/detail?r=607
CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
CVE-2010-4200
	REJECTED
CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...)
	{DSA-2188-1}
	- webkit 1.2.7-1
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/69936
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1 ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/69735
	NOTE: style fix change set: http://trac.webkit.org/changeset/69801
CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome befor ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/70594
CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9. ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does n ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate un ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online W ...)
	NOT-FOR-US: OnlineTechTools
CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 a ...)
	NOT-FOR-US: Energine
CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cle ...)
	NOT-FOR-US: NetSupport Manager
CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier b ...)
	- php-htmlpurifier 4.1.1+dfsg1-1
CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) l ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
	- yaws <not-affected> (Only affects Windows)
CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_R ...)
	{DSA-2141-1}
	- openssl 0.9.8o-4
	NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, Realt ...)
	NOT-FOR-US: RedHat documentation of MRG
CVE-2010-4178 (MySQL-GUI-tools (mysql-administrator) leaks passwords into process lis ...)
	- mysql-gui-tools <unfixed> (low; bug #605542)
	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
CVE-2010-4177 (mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+op ...)
	- mysql-gui-tools <unfixed> (low; bug #605542)
	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 a ...)
	- dracut <not-affected> (vulnerable script not shipped)
	- udev <not-affected> (vulnerable script not shipped; fedora-specific issue)
CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) i ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (RDS introduced in 2.6.30)
CVE-2010-4174
	REJECTED
CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
	- libsdp 1.1.99-2.1 (bug #603841)
CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager app ...)
	- tomcat6 6.0.28-9 (bug #606388)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a modul ...)
	{DSA-2348-1}
	- systemtap 1.2-3 (bug #603946)
CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the  ...)
	{DSA-2348-1}
	- systemtap 1.2-3 (bug #603946)
CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel befo ...)
	- linux-2.6 2.6.32-29
	[lenny] - linux-2.6 <not-affected> (perf counters not yet present)
CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5  ...)
	- openttd 1.0.4-3 (bug #603752)
	[lenny] - openttd <not-affected> (Introduced in 1.0)
CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick befo ...)
	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22  ...)
	NOT-FOR-US: Joomla!
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel b ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ne ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6. ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat  ...)
	- linux-2.6 2.6.28-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 a ...)
	- mono 2.6.7-4 (bug #605097)
	[lenny] - mono <no-dsa> (Minor issue)
CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through  ...)
	- php5 5.3.3-4 (bug #603751)
	[lenny] - php5 <not-affected> (Only affects 5.3.x)
CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 a ...)
	NOT-FOR-US: eXV2 CMS
CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager  ...)
	NOT-FOR-US: Rhino Software, Inc. FTP Voyager
CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably  ...)
	NOT-FOR-US: CrossFTP
CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, a ...)
	NOT-FOR-US: 4site CMS
CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly  ...)
	NOT-FOR-US: DeluxeBB
CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ext ...)
	{DSA-2195-1}
	- php5 5.3.3-7
CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 expos ...)
	- turbogears2 2.0.3-1
CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before 2 ...)
	- turbogears2 2.0.3-1
CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote aut ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.2-1 (low)
CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Ch ...)
	- libvpx 0.9.1-2 (bug #602693)
CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in net ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel be ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4157 (Integer overflow in the ioc_general function in drivers/scsi/gdth.c in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28 (low)
CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5. ...)
	NOT-FOR-US: FreshWebMaster Fresh FTP
CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly  ...)
	NOT-FOR-US: AnyConnect
CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping C ...)
	NOT-FOR-US: Pentasoft Avactis Shopping Cart
CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for  ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root w ...)
	NOT-FOR-US: Kisisel Radyo Script
CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allow ...)
	NOT-FOR-US: Kisisel Radyo Script
CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magi ...)
	NOT-FOR-US: phpCheckZ
CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8 ...)
	NOT-FOR-US: DATAC RealWin
CVE-2010-4141
	REJECTED
CVE-2010-4140
	REJECTED
CVE-2010-4139
	REJECTED
CVE-2010-4138
	REJECTED
CVE-2010-4137
	REJECTED
CVE-2010-4136
	REJECTED
CVE-2010-4135
	REJECTED
CVE-2010-4134
	REJECTED
CVE-2010-4133
	REJECTED
CVE-2010-4132
	REJECTED
CVE-2010-4131
	REJECTED
CVE-2010-4130
	REJECTED
CVE-2010-4129
	REJECTED
CVE-2010-4128
	REJECTED
CVE-2010-4127
	REJECTED
CVE-2010-4126
	REJECTED
CVE-2010-4125
	REJECTED
CVE-2010-4124
	REJECTED
CVE-2010-4123
	REJECTED
CVE-2010-4122
	REJECTED
CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Mana ...)
	NOT-FOR-US: IBM Tivoli
CVE-2010-XXXX
	- weborf 0.12.4-1 (bug #601585)
CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...)
	NOT-FOR-US: IBM Tivoli
CVE-2010-4119
	REJECTED
CVE-2010-4118
	REJECTED
CVE-2010-4117
	REJECTED
CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x bef ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100 ...)
	NOT-FOR-US: HP StorageWorks
CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery &amp; Depende ...)
	NOT-FOR-US: HP DDMI
CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 al ...)
	NOT-FOR-US: HP HPPM
CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to obt ...)
	NOT-FOR-US: HP Insight Management Agents
CVE-2010-4111 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Onl ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the I ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application i ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threa ...)
	NOT-FOR-US: HP-UX
CVE-2010-4107 (The default configuration of the PJL Access value in the File System E ...)
	NOT-FOR-US: HP LaserJet
CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allow ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allow ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard be ...)
	NOT-FOR-US: HP Insight Managed System Setup Wizard
CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows rem ...)
	NOT-FOR-US: HP Insight Recovery
CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...)
	NOT-FOR-US: HP Insight Recovery
CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabl ...)
	NOT-FOR-US: NitroSecurity NitroView
CVE-2010-4098 (monotone before 0.48.1, when configured to allow remote commands, allo ...)
	- monotone 0.48-3
	[lenny] - monotone <not-affected> (Vulnerable feature introduced in 0.46)
CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aa ...)
	NOT-FOR-US: Aardvark Topsites PHP
CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti Syste ...)
	NOT-FOR-US: Serengeti Systems Incorporated Robo-FTP 3.7.3
CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test La ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4091 (The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel befor ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c i ...)
	- linux-2.6 2.6.32-24 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4081 (The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4080 (The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the L ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24 (low)
CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Li ...)
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel  ...)
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4075 (The uart_get_count function in drivers/serial/serial_core.c in the Lin ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4074 (The USB subsystem in the Linux kernel before 2.6.36-rc5 does not prope ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24 (low)
CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initi ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel befor ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2. ...)
	- otrs2 2.4.9+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.4)
CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper  ...)
	NOT-FOR-US: portmap.exe
CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x t ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x befo ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local user ...)
	- monkeysphere 0.31-3 (bug #600304)
	NOTE: micah requested this CVE from mitre, issue has been fixed in debian already
CVE-2010-4067
	RESERVED
CVE-2010-4066
	RESERVED
CVE-2010-4065
	RESERVED
CVE-2010-4064
	RESERVED
CVE-2010-4063
	RESERVED
CVE-2010-4062
	RESERVED
CVE-2010-4061
	RESERVED
CVE-2010-4060
	RESERVED
CVE-2010-4059
	RESERVED
CVE-2010-4058
	RESERVED
CVE-2010-4057 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4056 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 an ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...)
	- ghostscript 8.71~dfsg-1 (unimportant)
	NOTE: Crash-only
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in onin ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the G ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: Deficiency in the regexp engine of glibc, while there implementations which
	NOTE: process such expressions more efficiently, imposing a limit lies within
	NOTE: the application accepting it from user input
CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: Deficiency in the regexp engine of glibc, while there implementations which
	NOTE: process such expressions more efficiently, imposing a limit lies within
	NOTE: the application accepting it from user input
CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch]
	- fusionforge 5.0.2-3
CVE-2010-XXXX [insecure usage of temporary files in flash-kernel]
	- flash-kernel 2.33 (low)
	[lenny] - flash-kernel <no-dsa> (Minor issue)
CVE-2010-4050 (Opera before 10.63 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-4049 (Opera before 10.63 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-4048 (Opera before 10.63 allows user-assisted remote web servers to cause a  ...)
	NOT-FOR-US: Opera
CVE-2010-4047 (Opera before 10.63 does not properly select the security context of Ja ...)
	NOT-FOR-US: Opera
CVE-2010-4046 (Opera before 10.63 does not properly verify the origin of video conten ...)
	NOT-FOR-US: Opera
CVE-2010-4045 (Opera before 10.63 does not properly restrict web script in unspecifie ...)
	NOT-FOR-US: Opera
CVE-2010-4044 (Opera before 10.63 does not ensure that the portion of a URL shown in  ...)
	NOT-FOR-US: Opera
CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-origin d ...)
	NOT-FOR-US: Opera
CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/68096
CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...)
	- webkit <not-affected> (issue with chromium sandbox)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF  ...)
	{DSA-2188-1}
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/68446
CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the PAT ...)
	- webkit <not-affected> (chromium-specifc LD_LIBRARY_PATH issue)
	- chromium-browser <not-affected> (package uses its own startup script)
CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 9.0.570
	[squeeze] - chromium-browser <not-affected> (websocket_experiment not enabled in v6)
	[wheezy] - chromium-browser <not-affected>
CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows re ...)
	- webkit <not-affected> (affected gesture code not present in 1.2.x)
	- chromium-browser <unfixed> (unimportant)
	NOTE: http://trac.webkit.org/changeset/67716
CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...)
	- webkit <not-affected> (chromium-specifc issue)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ope ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which  ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the autofi ...)
	- webkit <not-affected> (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/63786
	NOTE: http://trac.webkit.org/changeset/67240
CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control Perform ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when  ...)
	NOT-FOR-US: HP Storage Essentials
CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunne ...)
	NOT-FOR-US: HP LoadRunner
CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS 1 ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 al ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows  ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Power Management
CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power M ...)
	NOT-FOR-US: HP Insight Control Power Management
CVE-2010-4022 (The do_standalone function in the MIT krb5 KDC database propagation da ...)
	- krb5 1.8.3+dfsg-5 (low)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <not-affected> (Only affects 1.7.x onwards)
	[etch] - krb5 <not-affected> (Only affects 1.7.x onwards)
CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 doe ...)
	- krb5 1.8+dfsg~alpha1-1
	[lenny] - krb5 <not-affected> (Only affects 1.7.x)
CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key- ...)
	- krb5 1.8.3+dfsg-3 (bug #605553)
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.8)
CVE-2010-4019
	RESERVED
CVE-2010-4018
	RESERVED
CVE-2010-4017
	RESERVED
CVE-2010-4016
	RESERVED
CVE-2010-4015 (Buffer overflow in the gettoken function in contrib/intarray/_int_bool ...)
	{DSA-2157-1}
	- postgresql-9.0 9.0.3-1
	- postgresql-8.4 8.4.7-1
	- postgresql-8.3 <removed>
CVE-2010-4014
	RESERVED
CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x bef ...)
	NOT-FOR-US: This is not the PackageKit distributed by Debian, but a different code base
CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later al ...)
	NOT-FOR-US: Apple iOS
CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memor ...)
	- dovecot <not-affected> (HT4452 claims it is Apple-specific and doesn't affect the OSS version)
CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS  ...)
	NOT-FOR-US: Apple Type Services
CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Appl ...)
	{DSA-2128-1}
	- libxml2 2.7.8.dfsg-1 (bug #602609)
CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message Authenti ...)
	- mojarra <not-affected> (Fixed before initial upload, in 2.0.1)
CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0. ...)
	NOT-FOR-US: WSN Links
CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and  ...)
	- tomboy 1.2.2-2 (low; bug #605096)
	[lenny] - tomboy <no-dsa> (Minor issue)
CVE-2010-4004
	RESERVED
CVE-2010-4003
	RESERVED
CVE-2010-4002
	RESERVED
CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-l ...)
	NOTE: Not a security issue
CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name  ...)
	- gnome-shell 2.91.3-1 (bug #605098)
	[lenny] - gnome-shell <no-dsa> (Minor issue)
CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length direct ...)
	- gnucash 2.2.9-10 (low; bug #603329)
	[lenny] - gnucash <no-dsa> (Minor issue)
CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlie ...)
	- banshee 1.6.1-1.1 (bug #605095)
	[lenny] - banshee <no-dsa> (Minor issue)
CVE-2010-3997
	RESERVED
CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) Festiv ...)
	- festival <not-affected> (From Lenny onwards we don't include the server component)
CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib  ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l permissi ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5011 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5010 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7264 (The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7263 (ftpserver.py in pyftpdlib before 0.5.0 does not delay its response aft ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7262 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6741 (The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does n ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6740 (The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does n ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6739 (FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to caus ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6738 (pyftpdlib before 0.1.1 does not choose a random value for the port ass ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6737 (FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempte ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6736 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2010-3995
	RESERVED
CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control Reposit ...)
	NOT-FOR-US: HP VCRM
CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration befor ...)
	NOT-FOR-US: HP Insight
CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration befor ...)
	NOT-FOR-US: HP Insight
CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server  ...)
	NOT-FOR-US: HP Insight
CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2  ...)
	NOT-FOR-US: HP Virtual Server Environment
CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight
CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine Manage ...)
	NOT-FOR-US: HP Insight
CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual ...)
	NOT-FOR-US: HP Insight
CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VC ...)
	NOT-FOR-US: HP VCEM
CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestratio ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenti ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigg ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3981 (Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterp ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3980 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the  ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3978 (Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data usi ...)
	NOT-FOR-US: Spree
CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plug ...)
	NOT-FOR-US: cForm wordpress plugin
CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before 9.0.2 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows loc ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3974 (fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3973 (The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Micr ...)
	NOT-FOR-US: Microsoft
CVE-2010-3972 (Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData fu ...)
	NOT-FOR-US: Microsoft Internet Information Services
CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...)
	NOT-FOR-US: Microsoft Internet Explorer 7 and 8
CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in s ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3969
	REJECTED
CVE-2010-3968
	REJECTED
CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ( ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on Micr ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions Lau ...)
	NOT-FOR-US: Microsoft Office SharePoint Server
CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows gues ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2 ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attacke ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-3953
	REJECTED
CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft Offi ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics filter ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office X ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3948
	REJECTED
CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters i ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in  ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3938
	REJECTED
CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote a ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft F ...)
	NOT-FOR-US: Forefront Unified Access Gateway
CVE-2010-3935
	REJECTED
CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software 5.0 ...)
	NOT-FOR-US: BlackBerry Device Software
CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ...)
	- rails <not-affected> (Only affects >= 2.3.9, which is not yet in the archive)
CVE-2010-3932
	REJECTED
CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion produc ...)
	NOT-FOR-US: Rocomotion
CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier  ...)
	NOT-FOR-US: MODx
CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...)
	NOT-FOR-US: MODx
CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a term ...)
	NOT-FOR-US: Ruby Version Manager
CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows l ...)
	NOT-FOR-US: Lunascape
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX ...)
	NOT-FOR-US: SGX-SP Final
CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which allo ...)
	NOT-FOR-US: Contents-Mall
CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remo ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows  ...)
	NOT-FOR-US: AttacheCase
CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x be ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311)
CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311)
CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 a ...)
	NOT-FOR-US: Seiko Epson printer driver
CVE-2010-3919 (Fenrir Grani 4.5 and earlier does not prevent interaction between web  ...)
	NOT-FOR-US: Fenrir Grani
CVE-2010-3918 (Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between ...)
	NOT-FOR-US: Fenrir Sleipnir
CVE-2010-3917 (Google Chrome before 3.0 does not properly handle XML documents, which ...)
	- chromium-browser <not-affected> (Fixed before initial upload to Debian)
CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim befo ...)
	- vim <not-affected> (Windows-specific)
CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.01 ...)
	NOT-FOR-US: TransWARE Active! mail
CVE-2010-3912 (The supportconfig script in supportutils in SUSE Linux Enterprise 11 S ...)
	NOT-FOR-US: SLES support scripts
CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM befo ...)
	NOT-FOR-US: vTiger CRM
CVE-2010-3910 (Multiple directory traversal vulnerabilities in the return_application ...)
	NOT-FOR-US: vTiger CRM
CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in vtiger CR ...)
	NOT-FOR-US: vtiger CRM
CVE-2010-3908 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows rem ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in Vid ...)
	- vlc 1.1.3-1squeeze1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...)
	- git-core <removed>
	[lenny] - git-core 1.5.6.5-3+lenny3.3
	- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for Eucalypt ...)
	- eucalyptus <not-affected> (bug #608289) (It was once removed from archive, then re-added as 3.1.0)
CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable Data ...)
	- linux-2.6 2.6.32-26
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote Any ...)
	- openconnect 2.25-0.1
CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the debuggin ...)
	- openconnect 3.02-1 (unimportant)
	NOTE: This is an additional safety net for careless users, not a vulnerability
CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...)
	- openconnect 2.25-0.1 (bug #590873)
CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2 ...)
	- midori 0.2.7-1.1 (unimportant; bug #607497)
	NOTE: Current Midori SSL support is very limited
	NOTE: Midori should not be used if SSL support is important to you
CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with a ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3897 (ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x  ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3896 (The ESSearchApplication directory tree in IBM OmniFind Enterprise Edit ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3895 (esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows loca ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3894 (Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3893 (The administrator interface in IBM OmniFind Enterprise Edition 8.x and ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3892 (Session fixation vulnerability in the login form in the administrator  ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3891 (Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3890 (Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Ed ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms all ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms all ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail  ...)
	NOT-FOR-US: Apple Mail
CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft msh ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3885
	REJECTED
CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change Group Pe ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3881 (arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initia ...)
	- linux-2.6 2.6.32-29 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not pr ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3879 (FUSE, possibly 2.8.5 and earlier, allows local users to create mtab en ...)
	- fuse 2.8.5-1 (bug #602333)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3879
CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX Console in  ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel before  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel be ...)
	{DSA-2264-1 DSA-2240-1 DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in net/can/bcm. ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not p ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28 (low)
CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcg ...)
	{DSA-2140-1}
	- libapache2-mod-fcgid 1:2.3.6-1 (bug #605484)
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme ...)
	- mahara <not-affected> (Vulnerable feature introduced in 1.3)
CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle  ...)
	{DSA-2195-1}
	- php5 5.3.3-4 (bug #603751)
CVE-2010-3869 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate Sys ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2010-3868 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate Sys ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc modu ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.3a-4
CVE-2010-3866
	REJECTED
CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in t ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9 ...)
	{DSA-2125-1}
	- openssl 0.9.8o-3
CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize  ...)
	- shiro <not-affected> (Fixed before the initial release in Debian)
CVE-2010-3862 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kern ...)
	- linux-2.6 2.6.32-29
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2 ...)
	- openjdk-6 6b18-1.8.3-1
CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in the L ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27
CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before 2 ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27
CVE-2010-3857 (JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID paramet ...)
	- jbossas4 <not-affected> (Vulnerable code not present)
	NOTE: JBoss 5 only; fixed in 5.1.0
CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...)
	{DSA-2122-2 DSA-2122-1}
	- glibc 2.11.2-8
	- eglibc 2.11.2-8 (bug #600667)
CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/tt ...)
	{DSA-2155-1}
	- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	- couchdb 1.1.0-1
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) bef ...)
	- pam 1.1.3-1 (low; bug #608273)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga  ...)
	NOT-FOR-US: Red Hat Conga
CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 an ...)
	NOT-FOR-US: libguestfs
CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kerne ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ker ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in net/econ ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) throu ...)
	{DSA-2122-2 DSA-2122-1}
	- eglibc 2.11.2-8 (bug #600667)
	- glibc 2.11.2-8
CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS 1.1 ...)
	- cvs <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
CVE-2010-3844 (An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure ...)
	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
	NOTE: Very far-fetched attack vector
CVE-2010-3843
	RESERVED
	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
	NOTE: Very far-fetched attack vector
CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, w ...)
	- curl <not-affected> (Doesn't affect POSIX systems)
CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...)
	NOT-FOR-US: TWiki
CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow remot ...)
	- openconnect 1.40-1
CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnec ...)
	NOT-FOR-US: isco Secure Desktop
CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows lo ...)
	NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in br ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache  ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5004 (qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 m ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in pl ...)
	- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
	[lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1
CVE-2010-4237 (Mercurial before 1.6.4 fails to verify the Common Name field of SSL ce ...)
	- mercurial 1.6.4-1 (low; bug #598841)
	[lenny] - mercurial <no-dsa> (Minor issue)
CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticat ...)
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allow ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticat ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.5 ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does  ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management implementati ...)
	NOT-FOR-US: Apple iOS Telophony
CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic Authenti ...)
	NOT-FOR-US: Apple iOS Photos
CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during  ...)
	NOT-FOR-US: Apple iOS Networking
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the r ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle a ...)
	NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before disp ...)
	NOT-FOR-US: Apple iOS configuration installation utility
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3825
	RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3815
	RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in Fr ...)
	{DSA-2155-1}
	- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLin ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: fixed much earlier in chromium, but this was the version checked
CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in WebK ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: fixed much earlier in chromium, but this was the version checked
	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3807
	RESERVED
CVE-2010-3806
	RESERVED
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 1 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 o ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3799
	RESERVED
CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6 ...)
	- xar <removed>
	[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not  ...)
	NOT-FOR-US: Apple Safari RSS
CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialize ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x befor ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke ...)
	NOT-FOR-US: Apple QuickLook
CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x befor ...)
	NOT-FOR-US: Apple QuickLook
CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple  ...)
	NOT-FOR-US: Apple Printing
CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...)
	NOT-FOR-US: Apple Password Server
CVE-2010-3782 (obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...)
	- open-build-service <not-affected> (Fixed before initial upload to archive)
CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly pro ...)
	- postgresql-9.0 9.0.1-1
CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...)
	- dovecot 1:1.2.15-1 (bug #599521)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ...)
	- dovecot 1:1.2.15-1 (bug #599521)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thun ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.11-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and T ...)
	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	- icedove 3.0.11-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey b ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the rendering e ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 and  ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.11-1
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird bef ...)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
	- icedove 3.0.11-1
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox before  ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6. ...)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunder ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.15-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.10-1
	- icedove 3.0.10-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (bug in optimization added later)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3 ...)
	- bugzilla 3.6.3.0-1 (bug #602420; low)
	[squeeze] - bugzilla 3.6.2.0-4.2
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in Ma ...)
	- mantis 1.1.8+dfsg-9 (bug #601618)
	[lenny] - mantis 1.1.6+dfsg-2lenny4
CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not  ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P2-1 (bug #599515)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
	NOTE: ACL bypass claimed to only affect >=9.7.2: https://kb.isc.org/article/AA-00935/0/CVE-2010-3762%3A-failure-to-handle-bad-signatures-if-multiple-trust-anchors-configured.html
	NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2.
CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ( ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3759 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ( ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3758 (Multiple stack-based buffer overflows in FastBackServer.exe in the Ser ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3757 (Format string vulnerability in the _Eventlog function in FastBackServe ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3756 (The _CalcHashValueWithLength function in FastBackServer.exe in the Ser ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3755 (The _DAS_ReadBlockReply function in FastBackServer.exe in the Server i ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3754 (The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Ser ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3753 (programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.26)
CVE-2010-3752 (programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3751 (Multiple heap-based buffer overflows in an ActiveX control in RealNetw ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3750 (rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer  ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3749 (The browser-plugin implementation in RealNetworks RealPlayer 11.0 thro ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3748 (Stack-based buffer overflow in the RichFX component in RealNetworks Re ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3747 (An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealP ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3746
	RESERVED
CVE-2010-3745
	RESERVED
CVE-2010-3744
	RESERVED
CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC ...)
	NOT-FOR-US: Visual Synapse HTTP Server
CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
	NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM) BlackBerry De ...)
	NOT-FOR-US: BlackBerry Desktop Software
CVE-2010-3740 (The Net Search Extender (NSE) implementation in the Text Search compon ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3739 (The audit facility in the Security component in IBM DB2 UDB 9.5 before ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3738 (The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT event ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3737 (Memory leak in the Relational Data Services component in IBM DB2 UDB 9 ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3736 (Memory leak in the Relational Data Services component in IBM DB2 UDB 9 ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3735 (The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5  ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3734 (The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, a ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3733 (The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses wor ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remo ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation in the  ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information abou ...)
	- webkit <not-affected> (issue in libv8)
	- chromium-browser 6.0.472.62~r59676-1
	- libv8 <not-affected>
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700
	NOTE: http://trac.webkit.org/changeset/67509
CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 do ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.62~r59676-1
CVE-2010-3728
	REJECTED
CVE-2010-3727
	REJECTED
CVE-2010-3726
	REJECTED
CVE-2010-3725
	REJECTED
CVE-2010-3724
	REJECTED
CVE-2010-3723
	REJECTED
CVE-2010-3722
	REJECTED
CVE-2010-3721
	REJECTED
CVE-2010-3720
	REJECTED
CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the administra ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...)
	{DSA-2160-1}
	- tomcat5.5 <removed> (low)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3716 (The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x befor ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3715 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x bef ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in tslib/class.tslib_ ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum configur ...)
	NOT-FOR-US: UseBB
CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.2 ...)
	NOT-FOR-US: Joomla!
CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...)
	- pidgin 2.7.4-1
	[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2. ...)
	{DSA-2195-1}
	- php5 5.3.3-3 (bug #601619)
CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
	{DSA-2195-1}
	- php5 5.3.3-4 (bug #603751)
CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss Ente ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...)
	- dovecot 1:1.2.15-1
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ...)
	- dovecot 1:1.2.15-1
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux k ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser i ...)
	{DSA-2135-1 DSA-2119-1}
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.12.4-1.2 (bug #599165)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in poppler/Functio ...)
	- kdegraphics 4:4.0.0-1
	[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
	- xpdf 3.02-9
	[lenny] - xpdf <not-affected> (Vulnerable code not present)
	- poppler 0.12.4-1.2 (bug #599165)
	[lenny] - poppler <not-affected> (Vulnerable code not present)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, pop ...)
	{DSA-2135-1 DSA-2119-1}
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.12.4-1.2 (bug #599165)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...)
	NOT-FOR-US: Red Hat Enterprise MRG
CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3. ...)
	NOT-FOR-US: VMware SpringSource Spring Security
CVE-2010-3699 (The backend driver in Xen 3.x allows guest OS users to cause a denial  ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-31
CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not prop ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...)
	- freeradius 2.1.10+dfsg-1 (bug #600176; unimportant)
	NOTE: requires server to be down already
CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in cert ...)
	- freeradius 2.1.10+dfsg-1 (bug #600176)
	[lenny] - freeradius <not-affected> (Vulnerable code not present)
CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Hord ...)
	{DSA-2204-1}
	- imp4 4.3.7+debian0-2.1 (bug #598584; low)
	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde Applicati ...)
	{DSA-2278-1}
	- horde3 3.3.8+debian0-2 (bug #598582)
	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) b ...)
	- dimp1 1.1.4+debian2-1.1 (bug #598583)
	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
CVE-2010-3692 (Directory traversal vulnerability in the callback function in client.p ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ena ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1 ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length di ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-4340 (libcloud before 0.4.1 does not verify SSL certificates for HTTPS conne ...)
	- libcloud 0.5.0-1 (low; bug #598463)
CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA We ...)
	NOT-FOR-US: NetArtMEDIA WebSiteAdmin
CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs passwo ...)
	NOT-FOR-US: Synology Disk Station
CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote aut ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote auth ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ca ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote aut ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3675
	RESERVED
CVE-2010-3658 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3657 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player be ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5 ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3651
	REJECTED
CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Win ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media Ser ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5. ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3630 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3629 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3628 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3626 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3625 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3624 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3623 (Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3622 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3621 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does ...)
	NOT-FOR-US: PGP Desktop
CVE-2010-3617
	RESERVED
CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover p ...)
	- isc-dhcp <not-affected> (Only affects 4.2.x)
	- dhcp3 <not-affected> (Only affects 4.2.x)
	- dhcp <not-affected> (Only affects 4.2.x)
CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended locations for a ...)
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	[lenny] - bind9 <not-affected> (Doesn't affect 9.6 ESV)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV  ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, an ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3612
	RESERVED
CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2 ...)
	- isc-dhcp 4.1.1-P1-14
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- dhcp <not-affected> (Only affects DHCP 4.x)
CVE-2010-3610
	RESERVED
CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other ve ...)
	{DLA-304-1}
	- openslp-dfsg 1.2.1-8 (low; bug #623551)
	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
	[lenny] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3660 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3661 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3662 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3663 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3664 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3665 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3666 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3667 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3668 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3669 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows  ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3670 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3671 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3672 (TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea v ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3673 (TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows  ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-XXXX [piwigo]
	- piwigo 2.1.2-2
	NOTE: http://www.exploit-db.com/exploits/14973/
	NOTE: First unfilled CVE-request http://www.openwall.com/lists/oss-security/2010/12/07/1
	NOTE: Second CVE-request http://www.openwall.com/lists/oss-security/2012/10/06/3
CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...)
	NOT-FOR-US: wpQuiz
CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
	NOT-FOR-US: NetArt MEDIA Real Estate Portal
CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in Ne ...)
	NOT-FOR-US: NetArt MEDIA Real Estate Portal
CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension 1. ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and earli ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager se ...)
	NOT-FOR-US: mojoPortal
CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPo ...)
	NOT-FOR-US: mojoPortal
CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows r ...)
	NOT-FOR-US: ibPhotohost
CVE-2010-3499 (F-Secure Anti-Virus does not properly interact with the processing of  ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2010-3498 (AVG Anti-Virus does not properly interact with the processing of hcp:/ ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2010-3497 (Symantec Norton AntiVirus 2011 does not properly interact with the pro ...)
	NOT-FOR-US: Symantec Norton AntiVirus
CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact w ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB)  ...)
	- zodb 1:3.9.4-1.1 (bug #599711)
CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...)
	- python-pyftpdlib 0.5.2-1 (low)
	NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python 2.6 ...)
	- python3.1 3.1.2+20100829-1
	- python2.6 2.6.6-1 (low; bug #601690)
	- python2.5 <unfixed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle unsu ...)
	- python2.7 2.7.8-11 (unimportant)
	- python3.1 <removed> (unimportant)
	- python3.2 3.4.2-1 (unimportant)
	NOTE: likely fixed much earlier, but these were the versions checked
CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator compon ...)
	NOT-FOR-US: TIBCO ActiveMatrix Service Grid
CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
	NOT-FOR-US: FreePBX
CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login ...)
	NOT-FOR-US: CMS Digital Workroom
CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote atta ...)
	NOT-FOR-US: QuickShare
CVE-2010-3487 (Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows a ...)
	NOT-FOR-US: YelloSoft Pinky
CVE-2010-3486 (Directory traversal vulnerability in FileStorageUpload.ashx in Smarter ...)
	NOT-FOR-US: SmarterMail
CVE-2010-3483 (cms_write.php in Primitive CMS 1.0.9 does not properly restrict access ...)
	NOT-FOR-US: Primitive CMS
CVE-2010-3482 (Multiple SQL injection vulnerabilities in cms_write.php in Primitive C ...)
	NOT-FOR-US: Primitive CMS
CVE-2010-3481 (Multiple SQL injection vulnerabilities in login.php in ApPHP PHP Micro ...)
	NOT-FOR-US: MicroCMS
CVE-2010-3480 (Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1 ...)
	NOT-FOR-US: MicroCMS
CVE-2010-3479 (SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote ...)
	NOT-FOR-US: BoutikOne
CVE-2009-5003 (SQL injection vulnerability in click.php in e-soft24 Banner Exchange S ...)
	NOT-FOR-US: e-soft24 Banner Exchange Script
CVE-2010-3478
	RESERVED
CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the acti ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3600 (Unspecified vulnerability in the Client System Analyzer component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2010-3599 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3598 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3597 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3596 (Unspecified vulnerability in the mod_ssl component in Oracle Secure Ba ...)
	NOT-FOR-US: Dupe of CVE-2009-3555, will be rejected
CVE-2010-3595 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3594 (Unspecified vulnerability in the Real User Experience Insight componen ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-3593 (Unspecified vulnerability in the Health Sciences - Oracle Argus Safety ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2010-3592 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3591 (Unspecified vulnerability in the Oracle Document Capture component in  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3590 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2010-3589 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle Application Object Library component
CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component  ...)
	NOT-FOR-US: Oracle Applications
CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to af ...)
	- xscreensaver <not-affected> (Solaris-specific patch)
CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2. ...)
	NOT-FOR-US: OracleVM
CVE-2010-3583 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3582 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3581 (Unspecified vulnerability in the BPEL Console component in Oracle Fusi ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3580 (Unspecified vulnerability in Oracle OpenSolaris allows local users to  ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3579 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Jav ...)
	NOT-FOR-US: Java Communications Suite
CVE-2010-3578 (Unspecified vulnerability in Oracle OpenSolaris allows remote attacker ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3577 (Unspecified vulnerability in Oracle OpenSolaris allows remote attacker ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3576 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3575 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in Oracl ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...)
	- openjdk-6 6b18-1.8.2-1
CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java S ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java S ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle  ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle Ja ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ( ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager comp ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3543
	REJECTED
CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java S ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3538 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL compon ...)
	NOT-FOR-US: PeopleSoft Enterprise FMS
CVE-2010-3537 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM compon ...)
	NOT-FOR-US: PeopleSoft Enterprise FMS
CVE-2010-3536 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: PeopleSoft Enterprise SCM
CVE-2010-3535 (Unspecified vulnerability in the Directory Server Enterprise Edition c ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3534 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2010-3533 (Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM  ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3532 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Cap ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3531 (Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM co ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3529 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Mana ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3528 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Co ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3527 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3526 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3525 (Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SC ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3524 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3523 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3522 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay compon ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3520 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3519 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3518 (Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan  ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3517 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3516 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3515 (Unspecified vulnerability in the Solaris component in Oracle Solaris 9 ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3514 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3513 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...)
	NOT-FOR-US: Oracle Solaris and OpenSolaris
CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java S ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to  ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle WebLogic
CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) compon ...)
	NOT-FOR-US: Oracle Explorer
CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3502 (Unspecified vulnerability in the Siebel Core component in Oracle Siebe ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3501 (Unspecified vulnerability in the OID component in Oracle Fusion Middle ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before  ...)
	- otrs2 2.4.8+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege requirement ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or invalida ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3473 (Open redirect vulnerability in the Workplace (aka WP) component in IBM ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3472 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3471 (Session fixation vulnerability in the Workplace (aka WP) component in  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3470 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3469
	RESERVED
CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 b ...)
	NOT-FOR-US: Mura CMS
CVE-2009-5002 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-5001 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-5000 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4999 (Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) com ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4998 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2008-7261 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2006-7242 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2006-7241 (The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in E-Xooppor ...)
	NOT-FOR-US: E-Xoopport Samsara
CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the hosted_si ...)
	NOT-FOR-US: NetArt Media iBoutique.MALL
CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping Ca ...)
	NOT-FOR-US: XSE Shopping Cart
CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in admin/manager_users ...)
	NOT-FOR-US: SantaFox
CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in modules/search/search.clas ...)
	NOT-FOR-US: SantaFox
CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in backend/plugin/Registratio ...)
	NOT-FOR-US: Mollify
CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 a ...)
	NOT-FOR-US: eNdonesia
CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts (ES ...)
	NOT-FOR-US: EnergyScripts Simple Download
CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0  ...)
	NOT-FOR-US: AChecker
CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem functi ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in OpenOffice. ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x a ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x a ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2 ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before 1.2. ...)
	NOT-FOR-US: Redback
CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-12 (bug #565790; unimportant)
	NOTE: this is more of a hardware bug rather than a security issue
CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file viewe ...)
	- gollem 1.1.1+debian0-1.1 (bug #598585)
	[lenny] - gollem <not-affected> ($filename not printed directly and passed through htmlspecialchars())
	NOTE: http://bugs.horde.org/ticket/9191
CVE-2010-3446
	RESERVED
CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...)
	{DSA-2127-1}
	- wireshark 1.2.11-3 (low)
	NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU Fri ...)
	- pyfribidi 0.10.0-2 (bug #570068)
	[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be installed to trigger this)
CVE-2010-3443 (ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows  ...)
	- quassel 0.7.1-1 (bug #597853)
	[squeeze] - quassel 0.6.3-1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in sound/core/c ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
	NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote  ...)
	- abcm2ps 5.9.13-0.1 (low; bug #577014)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-3440 (babiloo 2.0.9 before 2.0.11 creates temporary files with predictable n ...)
	- babiloo 2.0.11-1 (low; bug #591995)
CVE-2010-3439 (It is possible to cause a DoS condition by causing the server to crash ...)
	- alien-arena 7.33-5 (low; bug #575621)
	[lenny] - alien-arena 7.0-1+lenny2
CVE-2010-3438 (libpoe-component-irc-perl before v6.32 does not remove carriage return ...)
	- libpoe-component-irc-perl 6.32+dfsg-1
	[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in dr ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attacke ...)
	- php5 5.3.3-4 (unimportant)
	NOTE: http://svn.php.net/viewvc?view=revision&revision=303824
CVE-2010-3435 (The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...)
	- pam 1.1.3-1 (low; bug #599832)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
	NOTE: Fix from 1.1.2 is not fully complete
CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in libclam ...)
	- clamav 0.96.3+dfsg-1
	[lenny] - clamav <end-of-life>
	NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)
CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30 ...)
	{DSA-2120-1}
	- postgresql-9.0 9.0.1-1
	- postgresql-8.4 8.4.5-1
	[squeeze] - postgresql-8.4 8.4.5-0squeeze1
	- postgresql-8.3 <removed>
CVE-2010-3432 (The sctp_packet_config function in net/sctp/output.c in the Linux kern ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...)
	- pam 1.1.3-1 (low; bug #599832)
	[squeeze] - pam <no-dsa> (Minor issue)
	NOTE: 20100924164823.GA21584@openwall.com
CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2) pam_m ...)
	- pam 1.1.3-1 (bug #599832)
	[squeeze] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
	[lenny] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
	NOTE: 20100924164823.GA21584@openwall.com
CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlaye ...)
	{DSA-2165-1}
	- ffmpeg 4:0.5.2-6 (bug #598590)
	- ffmpeg-debian <removed>
	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
CVE-2010-XXXX [mingetty directory traversal]
	- mingetty 1.07-2 (low; bug #597382)
	[lenny] - mingetty <no-dsa> (Minor issue)
CVE-2010-XXXX [config file world readable]
	- sabnzbdplus 0.5.4-1 (low; bug #593829)
CVE-2010-XXXX [signature verification issue]
	- dpkg 1.15.1 (unimportant; bug #592115)
CVE-2008-XXXX [greylistd bypass]
	- greylistd 0.8.7+nmu2 (low; bug #464084)
	[lenny] - greylistd <no-dsa> (Minor issue)
CVE-2010-XXXX [numpy memory corruption]
	- python-numpy 1:1.4.1-5 (low; bug #581058)
	[lenny] - python-numpy <no-dsa> (Minor issue)
	NOTE: http://projects.scipy.org/numpy/changeset/8364
CVE-2010-XXXX [mediatomb directory traversal]
	- mediatomb 0.12.1-47-g7ab7616-1 (low; bug #580120; bug #778669)
	[wheezy] - mediatomb 0.12.1-4+deb7u1
	[squeeze] - mediatomb 0.12.0~svn2018-6.1
	NOTE: was previously fixed in 580120 but patch was not applied to later maintainer uploads
CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh Gro ...)
	NOT-FOR-US: Intermesh Group-Office
CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open Classified ...)
	NOT-FOR-US: Open Classifieds
CVE-2010-3426 (Directory traversal vulnerability in jphone.php in the JPhone (com_jph ...)
	NOT-FOR-US: JPhone for Joomla
CVE-2010-3425 (Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHel ...)
	NOT-FOR-US: SmarterStats
CVE-2010-3424 (Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbco ...)
	NOT-FOR-US: Invision Power Board
CVE-2010-3423 (SQL injection vulnerability in the Yr Weatherdata module for Drupal 6. ...)
	NOT-FOR-US: Yr Weatherdata module for Drupal
CVE-2010-3422 (SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 fo ...)
	NOT-FOR-US: JGen for Joomla
CVE-2010-3421 (Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in Prod ...)
	NOT-FOR-US: ProductCart
CVE-2010-3420 (Cross-site scripting (XSS) vulnerability in Products_Results.php in Po ...)
	NOT-FOR-US: PowerStore
CVE-2010-3419 (Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Fam ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2010-3418 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Ca ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2010-3417 (Google Chrome before 6.0.472.59 does not prompt the user before granti ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement t ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44960
	NOTE: http://trac.webkit.org/changeset/66689
CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement Geolocatio ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45112
	NOTE: http://trac.webkit.org/changeset/66837
	NOTE: depends on http://trac.webkit.org/changeset/66837
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45257
CVE-2010-3414 (Google Chrome before 6.0.472.59 on Mac OS X does not properly implemen ...)
	- webkit <not-affected> (Does not affect linux)
	- chromium-browser <not-affected> (Does not affect linux)
CVE-2010-3413 (Unspecified vulnerability in the pop-up blocking functionality in Goog ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3412 (Race condition in the console implementation in Google Chrome before 6 ...)
	- libv8 2.2.24-6 (bug #597856)
CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle curs ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3410
	REJECTED
CVE-2010-3409
	REJECTED
CVE-2010-3408
	REJECTED
CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in nno ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...)
	NOT-FOR-US: AIX 5.3
CVE-2010-3405 (Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1,  ...)
	NOT-FOR-US: AIX 6.1, VIOS
CVE-2010-3404 (Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com ...)
	NOT-FOR-US: eshtery CMS
CVE-2010-3403 (Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic  ...)
	NOT-FOR-US: Qualcomm eXtensible Diagnostic Monitor
CVE-2010-3402 (Untrusted search path vulnerability in IDM Computer Solutions UltraEdi ...)
	NOT-FOR-US: UltraEdit
CVE-2010-3401
	RESERVED
CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
CVE-2010-3398 (Unspecified vulnerability in the webcontainer implementation in IBM Lo ...)
	NOT-FOR-US: IBM Lotus Sametime Connect
CVE-2010-3397 (Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9. ...)
	NOT-FOR-US: PGP Desktop
CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and  ...)
	NOT-FOR-US: Kingsoft Antivirus
CVE-2010-3395
	RESERVED
CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...)
	- texmacs 1:1.0.7.7-1.1 (bug #598424)
	[squeeze] - texmacs 1:1.0.7.4-3.1
	[lenny] - texmacs <no-dsa> (minor issue)
CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name i ...)
	- magics++ 2.10.0.dfsg-5.1 (bug #598418)
CVE-2010-3392
	RESERVED
CVE-2010-3391
	RESERVED
CVE-2010-3390
	RESERVED
CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...)
	- cluster-agents 1:1.0.3-3.1 (bug #598549)
CVE-2010-3388
	RESERVED
CVE-2010-3387
	- vdr 1.6.0-19.1 (unimportant; bug #598308)
	NOTE: Only affects a debugging tool, see bug #598308
CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length  ...)
	- ust 0.7-2.1 (bug #598309)
	[squeeze] - ust 0.5-1+squeeze1
	[wheezy] - ust 0.5-1+squeeze1
CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- tuxguitar 1.2-7 (bug #598307)
	[lenny] - tuxguitar <no-dsa> (Minor issue)
CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...)
	- torcs 1.3.1-5 (bug #598306)
	[lenny] - torcs <no-dsa> (Minor issue)
CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...)
	- teamspeak-client 2.0.32-3.1 (low; bug #598304)
	[lenny] - teamspeak-client <no-dsa> (Non-free not supported)
	- teamspeak-server 2.0.24.1+debian-1.1 (low; bug #598305)
	[lenny] - teamspeak-server <no-dsa> (Non-free not supported)
CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-leng ...)
	- tau 2.16.4-1.4 (bug #598303)
CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0. ...)
	- tangerine 0.3.2.2-6 (bug #598302)
	[lenny] - tangerine <no-dsa> (minor issue)
CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2 ...)
	- slurm-llnl 2.1.15-2 (bug #602340)
	[wheezy] - slurm-llnl 2.1.11-1squeeze1 (bug #602340)
	[squeeze] - slurm-llnl 2.1.11-1squeeze1 (bug #602340)
	[lenny] - slurm-llnl <no-dsa> (Minor issue)
	NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1
CVE-2010-3379
	RESERVED
CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scil ...)
	- scilab 5.2.2-8 (bug #598423; bug #598422)
	[lenny] - scilab <no-dsa> (Non-free not supported)
CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hx ...)
	- salome 5.1.3-11 (bug #598421)
CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in  ...)
	- root-system 5.34.00-1 (bug #598420; bug #598419)
	[lenny] - root-system <no-dsa> (minor issue)
CVE-2010-3375 (qtparted has insecure library loading which may allow arbitrary code e ...)
	- qtparted 0.4.5-8 (low; bug #598301)
	[lenny] - qtparted <no-dsa> (Minor issue)
CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the LD_ ...)
	- qtcreator 1.3.1-3 (bug #598300)
CVE-2010-3373 (paxtest handles temporary files insecurely ...)
	- paxtest 1:0.9.9-1 (unimportant; bug #598413)
CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource Con ...)
	- nordugrid-arc-nox 1.1.0~rc6-2.1 (bug #606151)
CVE-2010-3371
	RESERVED
CVE-2010-3370
	RESERVED
CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, a ...)
	- mono-debugger 2.6.3-2.1 (low; bug #598299)
	[lenny] - mono-debugger <no-dsa> (Minor issue)
CVE-2010-3368
	RESERVED
CVE-2010-3367
	RESERVED
CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH ...)
	- mn-fit <removed> (bug #598298)
	[lenny] - mn-fit <no-dsa> (Minor issue)
CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- mistelix 0.31-2 (low; bug #598297)
CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory nam ...)
	- vips 7.14.5-2 (unimportant; bug #598296)
	NOTE: Scripts are not used for any real world scenarios
CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the LD ...)
	- roaraudio 0.3-2 (low; bug #598295)
	[lenny] - roaraudio <no-dsa> (Minor issue)
CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PAT ...)
	- lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294)
	[lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 p ...)
	- ike 2.1.5+dfsg-2 (low; bug #598292)
	[lenny] - ike <no-dsa> (Minor issue)
CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...)
	- hipo <removed> (bug #598291)
	[lenny] - hipo <no-dsa> (Minor issue)
CVE-2010-3359 (If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, th ...)
	- gargoyle-free 2009-08-25-2
	NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in th ...)
	- henplus <removed> (bug #598290)
CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBR ...)
	- gnome-subtitles 1.0-2 (low; bug #598289)
	[lenny] - gnome-subtitles <no-dsa> (Minor issue)
CVE-2010-3356
	RESERVED
CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH ...)
	- ember 0.5.7-1.1 (low; bug #598288)
CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...)
	- dropbox 0.8.107-1 (low; bug #598287)
	[lenny] - dropbox <no-dsa> (Non-free not supported)
CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_ ...)
	- cowbell <not-affected> (See bug #598286)
CVE-2010-3352
	RESERVED
CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in  ...)
	- bristol 0.60.5-2 (bug #598285)
CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- bareftp 0.3.4-1.1 (bug #598284)
CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PA ...)
	- ardour 1:2.8.11-2 (low; bug #598282)
CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3347
	REJECTED
CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3344
	REJECTED
CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3341
	REJECTED
CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3339
	REJECTED
CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2 ...)
	NOT-FOR-US: Microsoft Office 2007 SP2
CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac  ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010 ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010 ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict scr ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote atta ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet Expl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle unspe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the Sa ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session  ...)
	NOT-FOR-US: Splunk
CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticat ...)
	NOT-FOR-US: Splunk
CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not  ...)
	NOT-FOR-US: RSA Authentication Client
CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4 ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a sessi ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits pass ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4 ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth module in L ...)
	- pam 1.1.2-1 (unimportant; bug #599832)
	NOTE: partial fix http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
	NOTE: Not exploitable with current kernels
CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as distr ...)
	{DSA-2118-1}
	- subversion 1.6.12dfsg-2 (low)
CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1. ...)
	{DSA-2013-1}
	- egroupware <removed> (high; bug #573279)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serv ...)
	{DSA-2013-1}
	- egroupware <removed> (high; bug #573279)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditiona ...)
	- epiphany-browser 2.29.91-1 (bug #564690)
	[lenny] - epiphany-browser <not-affected> (Introduced with the switch to webkit after Lenny release)
CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType libr ...)
	{DSA-2116-1}
	- freetype 2.4.0-1
	NOTE: Only the 2.3.x series is affected
CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux  ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3309
	REJECTED
CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2. ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
	NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3305 (Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 cou ...)
	- pixelpost <removed> (bug #597224)
CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...)
	- dovecot 1.2.13-1
	[lenny] - dovecot <not-affected> (only affects 1.2.x)
CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
	- mantis 1.1.8+dfsg-8 (bug #599710)
	[lenny] - mantis 1.1.6+dfsg-2lenny3
CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2. ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entr ...)
	- linux-2.6 2.6.32-23
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
CVE-2010-3300
	RESERVED
CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...)
	- rails <unfixed> (unimportant)
	NOTE: http://seclists.org/oss-sec/2010/q3/415
	NOTE: http://seclists.org/oss-sec/2010/q3/413
	NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux kerne ...)
	- linux-2.6 2.6.32-24
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3295
	REJECTED
CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x throug ...)
	NOT-FOR-US: HP AssetCenter
CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 6 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight  ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access Control ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and  ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) bef ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3282 (389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucen ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka T ...)
	NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center
CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the  ...)
	NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center
CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...)
	- php-apc <unfixed> (unimportant)
	NOTE: vulnerable script is, mainly, for debugging purposes
	NOTE: and is distributed gzip-compressed
CVE-2010-3293 (mailscanner can allow local users to prevent virus signatures from bei ...)
	- mailscanner <removed> (bug #596397; unimportant)
	NOTE: or even unimportant, the script is not used by default
CVE-2010-3292 (The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 down ...)
	- mailscanner <removed> (bug #596396; low)
	[squeeze] - mailscanner <no-dsa> (Minor issue)
CVE-2010-3278
	REJECTED
CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and  ...)
	NOT-FOR-US: VMware Workstation
CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
	{DSA-2211-1}
	- vlc 1.1.8-1
	NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
	{DSA-2211-1}
	- vlc 1.1.8-1
	NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remo ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3272 (accounts/ValidateAnswers in the security-questions implementation in Z ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3271 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Inte ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...)
	NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording For ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in th ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5  ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET  ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3265
	RESERVED
CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...)
	- phpmyadmin 4:3.3.7-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3 ...)
	NOT-FOR-US: flock
CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 befo ...)
	NOT-FOR-US: RSA Authentication Agent 7.0 for Web
CVE-2010-3260 (oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server co ...)
	NOT-FOR-US: Orbeon Forms
CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, G ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
	NOTE: http://trac.webkit.org/changeset/65826
CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/65748
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44226
CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not prop ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
	NOTE: http://trac.webkit.org/changeset/66052
CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/65135
CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (notifications not yet used in webkit)
	NOTE: http://trac.webkit.org/changeset/64647
	NOTE: http://trac.webkit.org/changeset/64651
CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (notifications not yet used in webkit)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43645
	NOTE: http://trac.webkit.org/changeset/65742
CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 allow ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows re ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG filter ...)
	- chromium-browser 6.0.472.53~r57914-1
	NOTE: http://trac.webkit.org/changeset/60541
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to  ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the charact ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank va ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44969
	NOTE: http://trac.webkit.org/changeset/66742
CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite (forme ...)
	NOT-FOR-US: Blackboard Transact Suite
CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackbo ...)
	NOT-FOR-US: Blackboard Transact Suite
CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the lock_on_su ...)
	- gnome-power-manager 2.28.0-1 (unimportant)
CVE-2009-4996
	NOTE: Disputed non-issue
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the lock_on_sus ...)
	- gnome-power-manager 2.28.0-1 (unimportant)
CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...)
	- weborf 0.12.3-1 (bug #596112)
CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3240 (Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Co ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3239 (Microsoft Excel 2002 SP3 does not properly validate record information ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3238 (Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does n ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3237 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly valid ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3236 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3235 (Microsoft Excel 2002 SP3 does not properly validate formula informatio ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3234 (Microsoft Excel 2002 SP3 does not properly validate formula informatio ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3233 (Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate recor ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3232 (Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; O ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3231 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3230 (Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers t ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft Window ...)
	NOT-FOR-US: Microsoft OSes
CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms d ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3226
	REJECTED
CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing Servi ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2010-3224
	REJECTED
CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem (RP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3221 (Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Vi ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 f ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote att ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote at ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote att ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3214 (Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook W ...)
	NOT-FOR-US: Microsoft Outlook Web Access
CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier  ...)
	NOT-FOR-US: Seagull
CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro ...)
	NOT-FOR-US: Joomla addon
CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E- ...)
	NOT-FOR-US: Multi-lingual E-Commerce System
CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 al ...)
	NOT-FOR-US: Seagull
CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Bui ...)
	NOT-FOR-US: Wiccle Web Builder
CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when mag ...)
	NOT-FOR-US: GaleriaSHQIP
CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allo ...)
	NOT-FOR-US: DiY-CMS
CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern CM ...)
	- textpattern <removed>
	[squeeze] - textpattern <no-dsa> (Minor issue)
CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5  ...)
	NOT-FOR-US: Pecio CMS
CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) compone ...)
	NOT-FOR-US: PicSell
CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 a ...)
	NOT-FOR-US: flock
CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4. ...)
	NOT-FOR-US: NetWin Surgemail
CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attac ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...)
	NOT-FOR-US: TortoiseSVN
CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows  ...)
	- zope2.10 <removed>
	- zope2.11 <removed>
CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3196 (IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote au ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3195 (Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, a ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3194 (The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C Library (ak ...)
	- eglibc <unfixed> (unimportant)
	NOTE: Minor information leak
CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and  ...)
	NOT-FOR-US: Adobe Captivate
CVE-2010-3190 (Untrusted search path vulnerability in the Microsoft Foundation Class  ...)
	NOT-FOR-US: ATL MFC Trace Tool
CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (Uf ...)
	NOT-FOR-US: Trend Micro Internet Security Pro
CVE-2010-3188 (SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3187 (Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attac ...)
	NOT-FOR-US: IBM AIX
CVE-2010-3186 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSph ...)
	NOT-FOR-US: WebSphere
CVE-2010-3185
	RESERVED
CVE-2010-3184
	RESERVED
CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox bef ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (bug in optimization added later)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 a ...)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel <not-affected> (run-mozilla.sh not used)
CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 a ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla Fire ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in Moz ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher pars ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x befo ...)
	{DSA-2123-1}
	- nss 3.12.8-1
CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3. ...)
	- bugzilla 3.6.3.0-1 (bug #602420; low)
	[squeeze] - bugzilla 3.6.2.0-4.2
CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla F ...)
	NOTE: Will likely be rejected by MITRE
CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...)
	{DSA-2123-1}
	- nss 3.12.8-1
	- kde4libs 4:4.4.5-4 (low)
	- qt4-x11 4:4.7.2-4 (low)
	[squeeze] - qt4-x11 4:4.6.3-4+squeeze1
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3. ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText func ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- icedove 3.0.7-1
	[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and ear ...)
	NOT-FOR-US: Yokka NoEditor and others
CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earli ...)
	NOT-FOR-US: Fenrir Sleipnir, Grani
CVE-2010-3163 (Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 an ...)
	NOT-FOR-US: Fenrir Sleipnir, Grani
CVE-2010-3162 (Untrusted search path vulnerability in Apsaly before 3.74 allows local ...)
	NOT-FOR-US: Apsaly
CVE-2010-3161 (Untrusted search path vulnerability in TeraPad before 1.00 allows loca ...)
	NOT-FOR-US: TeraPad
CVE-2010-3160 (Untrusted search path vulnerability in Archive Decoder 1.23 and earlie ...)
	NOT-FOR-US: Archive Decoder
CVE-2010-3159 (Untrusted search path vulnerability in Explzh 5.67 and earlier allows  ...)
	NOT-FOR-US: Explzh
CVE-2010-3158 (Untrusted search path vulnerability in Lhaplus before 1.58 allows loca ...)
	NOT-FOR-US: Lhaplus
CVE-2010-3157 (Untrusted search path vulnerability in XacRett before 50 allows attack ...)
	NOT-FOR-US: XacRett
CVE-2010-3156 (Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows ...)
	NOT-FOR-US: K2Editor
CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15  ...)
	- wireshark <not-affected> (Only affects Windows port)
CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 a ...)
	- xulrunner <not-affected> (Only affects Windows port)
	- iceweasel <not-affected> (Only affects Windows port)
CVE-2010-3123
	RESERVED
CVE-2010-3155 (Untrusted search path vulnerability in Adobe ExtendScript Toolkit (EST ...)
	NOT-FOR-US: Adobe ExtendedScript Toolkit
CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0 ...)
	NOT-FOR-US: Adobe Extension Manager
CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesig ...)
	NOT-FOR-US: Adobe InDesign
CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, C ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Build 315 ...)
	NOT-FOR-US: Adobe On Location
CVE-2010-3150 (Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (31 ...)
	NOT-FOR-US: Adobe Premier Pro
CVE-2010-3149 (Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0( ...)
	NOT-FOR-US: Adobe Device Central
CVE-2010-3148 (Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft Visio
CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windo ...)
	NOT-FOR-US: Microsoft Address Book
CVE-2010-3146 (Multiple untrusted search path vulnerabilities in Microsoft Groove 200 ...)
	NOT-FOR-US: Microsoft Office Groove
CVE-2010-3145 (Untrusted search path vulnerability in the BitLocker Drive Encryption  ...)
	NOT-FOR-US: Microsoft Vista BitLocker
CVE-2010-3144 (Untrusted search path vulnerability in the Internet Connection Signup  ...)
	NOT-FOR-US: Microsoft Internet Connection Signup Wizard
CVE-2010-3143 (Untrusted search path vulnerability in Microsoft Windows Contacts allo ...)
	NOT-FOR-US: Microsoft Windows Contacts
CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint 200 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 allow ...)
	NOT-FOR-US: Microsoft Power Point
CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet Comm ...)
	NOT-FOR-US: Microsoft Windows Internet Communication Settings
CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman Group ...)
	NOT-FOR-US: Microsoft Windows Progman Group Converter
CVE-2010-3138 (Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax  ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-3137 (Untrusted search path vulnerability in Nullsoft Winamp 5.581, and prob ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2010-3136 (Untrusted search path vulnerability in Skype 4.2.0.169 and earlier all ...)
	NOT-FOR-US: Skype
CVE-2010-3135 (Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows  ...)
	NOT-FOR-US: Cisco Packet Tracer
CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allo ...)
	NOT-FOR-US: Google Earth
CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 buil ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit all versions 1 ...)
	NOT-FOR-US: TechSmith Snagit
CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allo ...)
	NOT-FOR-US: uTorrent
CVE-2010-3128 (Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier ...)
	NOT-FOR-US: TeamViewer
CVE-2010-3127 (Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 ...)
	NOT-FOR-US: Adobe PhotoShop
CVE-2010-3126 (Untrusted search path vulnerability in avast! Free Antivirus version 5 ...)
	NOT-FOR-US: avast! Free Antivirus version
CVE-2010-3125 (Untrusted search path vulnerability in TeamMate Audit Management Softw ...)
	NOT-FOR-US: TeamMate Audit Management Software Suite
CVE-2010-3122 (The DevonIT thin-client management tool relies on a shared secret for  ...)
	NOT-FOR-US: DevonIT thin-client management tool
CVE-2010-3121 (Buffer overflow in tm-console-bin in the DevonIT thin-client managemen ...)
	NOT-FOR-US: DevonIT thin-client management tool
CVE-2009-4995 (Cross-site scripting (XSS) vulnerability in frmTickets.aspx in Smarter ...)
	NOT-FOR-US: SmarterTools SmarterTrack
CVE-2009-4994 (Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in Smarte ...)
	NOT-FOR-US: SmarterTools SmarterTrack
CVE-2009-4993 (PHP remote file inclusion vulnerability in home.php in LM Starmail Pai ...)
	NOT-FOR-US: LM Starmail Paidmail
CVE-2009-4992 (SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail  ...)
	NOT-FOR-US: LM Starmail Paidmail
CVE-2009-4991 (Cross-site scripting (XSS) vulnerability in users/resume_register.php  ...)
	NOT-FOR-US: Omnistar Recruiting
CVE-2009-4990 (Cross-site scripting (XSS) vulnerability in the Webform report module  ...)
	NOT-FOR-US: Webform report module for Drupal
CVE-2009-4989 (Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pr ...)
	NOT-FOR-US: AJ Auction Pro OOPD
CVE-2009-4988 (Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business O ...)
	NOT-FOR-US: SAP Business One
CVE-2009-4987 (admin/header.php in Scripteen Free Image Hosting Script 2.3 allows rem ...)
	NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-4986 (Directory traversal vulnerability in index.php in In-Portal 4.3.1, whe ...)
	NOT-FOR-US: In-Portal
CVE-2009-4985 (SQL injection vulnerability in browse.php in Accessories Me PHP Affili ...)
	NOT-FOR-US: Accessories Me PHP Affiliate Script
CVE-2009-4984 (Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me  ...)
	NOT-FOR-US: Accessories Me PHP Affiliate Script
CVE-2009-4983 (Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classif ...)
	NOT-FOR-US: Silurus Classifieds
CVE-2009-4982 (SQL injection vulnerability in the select function in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2009-4981 (Multiple cross-site request forgery (CSRF) vulnerabilities in Photokor ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4980 (Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Galle ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4979 (Multiple SQL injection vulnerabilities in search.php in Photokorn Gall ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4978 (Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows ...)
	NOT-FOR-US: MyBackup
CVE-2009-4977 (PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 ...)
	NOT-FOR-US: MyBackup
CVE-2010-3124 (Untrusted search path vulnerability in bin/winvlc.c in VLC Media Playe ...)
	- vlc <not-affected> (Windows specific vulnerability)
CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the Geolo ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
	NOTE: http://trac.webkit.org/changeset/65329
	NOTE: http://trac.webkit.org/changeset/65325
CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not pro ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
	NOTE: http://trac.webkit.org/changeset/65090
CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the notif ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in Apple Sa ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/64293
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
	NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series
CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/63925
	NOTE: http://trac.webkit.org/changeset/64077
	NOTE: only partially fixed: only 64077 applied in 1.2.4-1
CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, a ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
	NOTE: http://trac.webkit.org/changeset/63773
CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
	NOTE: http://trac.webkit.org/changeset/63865
CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file dial ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 5.0.375.127~r55887-1
CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an unspecif ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for the Li ...)
	NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function  ...)
	{DSA-2104-1}
	- quagga 0.99.17-1 (bug #594262)
CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which  ...)
	{DSA-2104-1}
	- quagga 0.99.17-1 (bug #594262)
CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint Cli ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before 5 ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in Novel ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint  ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 i ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, a ...)
	NOT-FOR-US: DeskShare AutoFTP Manager
CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.0 ...)
	NOT-FOR-US: FTPGetter
CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3 ...)
	NOT-FOR-US: SiteDesigner Technologies
CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1  ...)
	NOT-FOR-US: FTPx Corp FTP Explorer
CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and possib ...)
	NOT-FOR-US: Porta+ FTP Client
CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0 ...)
	NOT-FOR-US: SmartSoft Ltd SmartFTP
CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 an ...)
	NOT-FOR-US: IoRush Software FTP Rush
CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3 ...)
	NOT-FOR-US: WinFrigate Frigate 3 FTP
CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...)
	NOT-FOR-US: SoftX FTP Client 3.3
CVE-2010-3095 (mailscanner before 4.79.11-2.1 might allow local users to overwrite ar ...)
	- mailscanner 4.79.11-2.1 (bug #596403)
CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allow ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does n ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090
	REJECTED
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman bef ...)
	{DSA-2170-1}
	- mailman 1:2.1.13-4.1 (bug #599833)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0 ...)
	NOT-FOR-US: Knotify plugin for Pidgin
CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attacke ...)
	- tiff 3.9.4-5 (bug #600188)
	- tiff3 <not-affected> (fixed before initial upload)
	[lenny] - tiff <not-affected> (Vulnerable code not present)
CVE-2010-3086 (include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not pro ...)
	- linux-2.6 2.6.25-1
CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow r ...)
	- mednafen 0.8.D-1 (unimportant)
	NOTE: Extremely obscure attack vector, marking as unimportant
CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/ne ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.30)
CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Ente ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2  ...)
	- python-django 1.2.3-1 (low; bug #596205)
	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-23 (high)
CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/co ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-24
CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugf ...)
	- linux-2.6 2.6.32-24
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-24
CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in t ...)
	{DSA-2278-1}
	- horde3 3.3.8+debian0-2 (bug #598582)
	NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for BI ...)
	{DSA-2103-1}
	- smbind 0.4.7-5 (high)
	NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Not backportable, breaks backwards-compatibility)
CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of a ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Minor issue)
CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer  ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Minor issue)
CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before 3.1. ...)
	{DSA-2111-1}
	- squid3 3.1.6-1.1 (bug #596086; low)
	- squid <not-affected> (Only affects 3.x)
CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service  ...)
	- bip 0.8.6-1 (low; bug #595409)
	[lenny] - bip <not-affected> (vulnerable code ('LINK(lc)->name') not in 0.7.4-2)
	[squeeze] - bip 0.8.2-1squeeze2
CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in M ...)
	- nusoap 0.7.3-4 (low; bug #595248)
CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...)
	{DSA-2109-1}
	- samba 2:3.5.5~dfsg-1 (bug #596891)
CVE-2010-3068
	REJECTED
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before 2.6. ...)
	- linux-2.6 2.6.23-1
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in  ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3 ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in th ...)
	NOT-FOR-US: Tivoli
CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation in th ...)
	NOT-FOR-US: Tivoli
CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the Server i ...)
	NOT-FOR-US: Tivoli
CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x b ...)
	NOT-FOR-US: Tivoli
CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 throu ...)
	{DSA-2089-1}
	- php5 5.3.3-1
CVE-2010-3057
	RESERVED
CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...)
	- freetype 2.4.2-1 (unimportant)
CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11 ...)
	{DSA-2097-2 DSA-2097-1}
	- phpmyadmin 4:3.3.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2010-5/
CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2 ...)
	{DSA-2097-2 DSA-2097-1}
	- phpmyadmin 4:3.0.0
	NOTE: Affects only 2.x branch
CVE-2010-3052
	RESERVED
CVE-2010-3051
	RESERVED
CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to caus ...)
	NOT-FOR-US: Cisco
CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of s ...)
	NOT-FOR-US: Cisco
CVE-2010-3048 (Cisco Unified Personal Communicator 7.0 (1.13056) does not free alloca ...)
	NOT-FOR-US: Cisco
CVE-2010-3047
	RESERVED
CVE-2010-3046
	RESERVED
CVE-2010-3045
	RESERVED
CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) an ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...)
	NOT-FOR-US: Cisco Intelligent Contact Manager
CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the L ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing ( ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the w ...)
	NOT-FOR-US: Cisco
CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not proper ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possib ...)
	NOT-FOR-US: Cisco
CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in  ...)
	NOT-FOR-US: SAP Crystal Reports 2008
CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other version ...)
	NOT-FOR-US: Wyse ThinOS
CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open B ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows re ...)
	NOT-FOR-US: PHPKick
CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure perm ...)
	NOT-FOR-US: Joomla!
CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0 ...)
	NOT-FOR-US: Tycoon Baseball Script
CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in application/modules ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Op ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/mai ...)
	NOT-FOR-US: DiamondList
CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1 ...)
	NOT-FOR-US: DiamondList
CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging mo ...)
	NOT-FOR-US: Drupal Addon
CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly  ...)
	NOT-FOR-US: Opera
CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote attacke ...)
	NOT-FOR-US: Opera
CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.5 ...)
	NOT-FOR-US: RSA Access Manager
CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7 ...)
	NOT-FOR-US: RSA Access Manager
CVE-2010-3016
	REJECTED
CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 al ...)
	NOT-FOR-US: Pligg
CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) be ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect  ...)
	NOT-FOR-US: HP 3Com OfficeConnect
CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for L ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data Prote ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data Prote ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote  ...)
	NOT-FOR-US: HP ProLiant G6 Lights-Out
CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windo ...)
	NOT-FOR-US: HP Operations Agents
CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windo ...)
	NOT-FOR-US: HP Operations Agents
CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Onl ...)
	NOT-FOR-US: HP Insight Diagnostics Online Edition
CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet Explor ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in RealNetwo ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2999 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPla ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and Rea ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-2997 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Wind ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client Ac ...)
	NOT-FOR-US: Citrix ICA Client
CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp &amp; XenDesktop before 1 ...)
	NOT-FOR-US: Citrix ICA Client
CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Ness ...)
	NOT-FOR-US: Nessus
CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Net ...)
	NOT-FOR-US: Cisco
CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless  ...)
	NOT-FOR-US: Cisco
CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.d ...)
	NOT-FOR-US: Cisco
CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere S ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4 ...)
	NOT-FOR-US: Cisco
CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...)
	NOT-FOR-US: Cisco
CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allo ...)
	NOT-FOR-US: Cisco
CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allo ...)
	NOT-FOR-US: Cisco
CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5 ...)
	NOT-FOR-US: Cisco
CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5 ...)
	NOT-FOR-US: Cisco
CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
	NOT-FOR-US: Cisco
CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
	NOT-FOR-US: Cisco
CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x th ...)
	NOT-FOR-US: Cisco
CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 doe ...)
	NOT-FOR-US: Cisco
CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in t ...)
	NOT-FOR-US: Wonderware Application Server
CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone  ...)
	NOT-FOR-US: Apple
CVE-2010-2972
	REJECTED
CVE-2008-7260
	RESERVED
CVE-2008-7259
	RESERVED
CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when ...)
	- kfreebsd-7 <unfixed>
	- kfreebsd-8 8.1-5
	- kfreebsd-9 <not-affected> (fixed prior to first upload)
	- kfreebsd-10 <not-affected> (fixed prior to first upload)
CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extent ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-22
CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...)
	{DSA-2101-1}
	- wireshark 1.2.10-1
CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...)
	- wireshark 1.2.10-1
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0. ...)
	{DSA-2101-1}
	- wireshark 1.2.10-1
CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote atta ...)
	- wireshark 1.2.10-1
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly acc ...)
	{DSA-2081-1}
	- libmikmod 3.1.11-6.3
CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x  ...)
	- moin 1.9.3-1 (low)
CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3  ...)
	- moin 1.9.3-1
CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP connection ...)
	NOT-FOR-US: vxworks
CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks be ...)
	NOT-FOR-US: vxworks
CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and ...)
	NOT-FOR-US: vxworks
CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and ...)
	NOT-FOR-US: vxworks
CVE-2010-2964
	RESERVED
CVE-2010-2963 (drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) imp ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-26
CVE-2010-2962 (drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the roo ...)
	NOT-FOR-US: mountall
CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
	- linux-2.6 2.6.32-23
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-20
CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php  ...)
	- phpmyadmin 4:3.3.6-1
	[lenny] - phpmyadmin <not-affected> (only affects 3.x)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2010-6/
CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4,  ...)
	- serendipity 1.5.3-2 (bug #594905)
CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...)
	- sudo 1.7.4p4-1 (bug #595935)
	[lenny] - sudo <not-affected> (Only affects 1.7.x)
	NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in t ...)
	- linux-2.6 2.6.32-23
CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel befor ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-22
CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux patc ...)
	{DSA-2107-1}
	- couchdb 0.11.0-1 (low; bug #594412)
CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ...)
	- trafficserver <not-affected> (Fixed before initial release)
CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enable ...)
	- squid3 3.1.6-1.2 (bug #599709)
	[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
	NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5 ...)
	- php5 5.3.3-2 (low)
	[lenny] - php5 <not-affected> (phar extension introduced in 5.3)
CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in lib ...)
	- libhx 3.5-2 (low; bug #594393)
	[lenny] - libhx <no-dsa> (Minor issue, asked maintainer to fix through spu)
CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly h ...)
	- linux-2.6 2.6.32-21
	[lenny] - linux-2.6 2.6.26-25
CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) a ...)
	- slim 1.3.1-7 (low; bug #594414)
	[lenny] - slim 1.3.0-1+lenny3
CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope- ...)
	{DSA-2096-1}
	- zope-ldapuserfolder <removed> (high; bug #593466)
CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (test case fails on 2.6.26)
CVE-2010-2942 (The actions implementation in the network queueing functionality in th ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 2.6.26-25
CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate me ...)
	{DSA-2176-1}
	- cups 1.4.4-7 (bug #603344)
CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System Securit ...)
	- sssd 1.2.1-4 (bug #594413)
CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the ...)
	{DSA-2100-1}
	- openssl 0.9.8o-2 (low; bug #594415)
CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS ...)
	- linux-2.6 <not-affected> (affected code not present in any of the released kernels; only affects xen package itself)
	- xen 4.0.1-1
	NOTE: probably fixed well before this version, but this is the one i checked and its fixed
CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in V ...)
	- vlc 1.1.3-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in OpenOffice.o ...)
	{DSA-2099-1}
	- openoffice.org 1:3.2.1-6
CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x ...)
	{DSA-2099-1}
	- openoffice.org 1:3.2.1-6
CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attacke ...)
	- znc 0.092-2 (unimportant; bug #599708)
CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote at ...)
	NOT-FOR-US: AV Arcade
CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz ...)
	NOT-FOR-US: BarCodeWiz BarCode
CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...)
	NOT-FOR-US: SigPlus Pro activex control
CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink 1.0 ...)
	- hsolink <removed>
CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.1 ...)
	- hsolink <removed>
CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...)
	NOT-FOR-US: VMware vCenter Server
CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS)  ...)
	NOT-FOR-US: Tivoli
CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitp ...)
	- webkitkde 0.4svn1059630-1
CVE-2009-4975 (Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrows ...)
	- rekonq 0.5.0-1
CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote at ...)
	NOT-FOR-US: sNews CMS
CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allo ...)
	NOT-FOR-US: OpenFreeway
CVE-2010-2924 (SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugi ...)
	NOT-FOR-US: myLinksDump WordPress plugin
CVE-2010-2923 (SQL injection vulnerability in the YouTube (com_youtube) component 1.5 ...)
	NOT-FOR-US: com_youtube Joomla extension
CVE-2010-2922 (SQL injection vulnerability in default.asp in AKY Blog allows remote a ...)
	NOT-FOR-US: Aspindir AKY Blog
CVE-2010-2921 (SQL injection vulnerability in the Golf Course Guide (com_golfcoursegu ...)
	NOT-FOR-US: Joomla Component com_golfcourseguide
CVE-2010-2920 (Directory traversal vulnerability in the Foobla Suggestions (com_foobl ...)
	NOT-FOR-US: Joomla Component Foobla Suggestions
CVE-2010-2919 (SQL injection vulnerability in the StaticXT (com_staticxt) component f ...)
	NOT-FOR-US: Joomla Component StaticXT
CVE-2010-2918 (PHP remote file inclusion vulnerability in core/include/myMailer.class ...)
	NOT-FOR-US: Joomla Component Visites
CVE-2010-2917 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ ...)
	NOT-FOR-US: AJ square
CVE-2010-2916 (SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN  ...)
	NOT-FOR-US: AJ square
CVE-2010-2915 (SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME  ...)
	NOT-FOR-US: AJ square
CVE-2010-2914 (Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in ...)
	NOT-FOR-US: Nessus plugin
CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account data  ...)
	NOT-FOR-US: Citibank Citi Mobile app
CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 al ...)
	NOT-FOR-US: Kayako eSupport
CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 al ...)
	NOT-FOR-US: Kayako eSupport
CVE-2010-2910 (SQL injection vulnerability in the Ozio Gallery (com_oziogallery) comp ...)
	NOT-FOR-US: Ozio Gallery
CVE-2010-2909 (SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2908 (SQL injection vulnerability in the Joomdle (com_joomdle) component 0.2 ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2907 (SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) co ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2906 (SQL injection vulnerability in articlesdetails.php in ScriptsFeed and  ...)
	NOT-FOR-US: ScriptsFeed / BrotherScripts
CVE-2010-2905 (SQL injection vulnerability in info.php in ScriptsFeed and BrotherScri ...)
	NOT-FOR-US: ScriptsFeed / BrotherScripts
CVE-2010-2904 (Multiple cross-site scripting (XSS) vulnerabilities in the System Land ...)
	NOT-FOR-US: System Landscape Directory
CVE-2010-2903 (Google Chrome before 5.0.375.125 performs unexpected truncation and im ...)
	- webkit <not-affected> (Chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows remo ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621
	NOTE: http://trac.webkit.org/changeset/62662
	NOTE: duplicate of cve-2010-1793
CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 allow ...)
	{DSA-2188-1}
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373
	NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large canv ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962
	NOTE: http://trac.webkit.org/changeset/63219
CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google Chrom ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
	NOTE: http://trac.webkit.org/changeset/62134
CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an unspeci ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an unspeci ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.]
	- openjdk-6  6b18-1.8.1-1
CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property]
	- openjdk-6  6b18-1.8.1-1
CVE-2010-2895
	RESERVED
CVE-2010-2894
	RESERVED
CVE-2010-2893
	RESERVED
CVE-2010-2892 (gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and ...)
	NOT-FOR-US: LANDesk Management Gateway
CVE-2010-2891 (Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4. ...)
	{DSA-2145-1}
	- libsmi 0.4.8+dfsg2-3
CVE-2010-2890 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2889 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2888 (Multiple unspecified vulnerabilities in an ActiveX control in Adobe Re ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x b ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp  ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, an ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acroba ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not proper ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2881 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2880 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not proper ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2879 (Multiple integer overflows in the allocator in the TextXtra.x32 module ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2878 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2877 (Adobe Shockwave Player before 11.5.8.612 does not properly validate a  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2876 (Adobe Shockwave Player before 11.5.8.612 does not properly validate va ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before 11.5.8.612 a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly validate of ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly validate an ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2871 (Integer overflow in the 3D object functionality in Adobe Shockwave Pla ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2870 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2869 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2868 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2867 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not prope ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2866 (Integer signedness error in the DIRAPI module in Adobe Shockwave Playe ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2865 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2864 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properl ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2863 (Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2861 (Multiple directory traversal vulnerabilities in the administrator cons ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts exter ...)
	NOT-FOR-US: EMC
CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar  ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows rem ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the log in  ...)
	NOT-FOR-US: SimpleID
CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...)
	NOT-FOR-US: AJAX Chat
CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for T ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement (SBbanne ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr)  ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 fo ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipse ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) exten ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers  ...)
	NOT-FOR-US: KSP
CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension bef ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...)
	NOT-FOR-US: Fat Player
CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration informa ...)
	NOT-FOR-US: Lanai Core
CVE-2009-4960 (Directory traversal vulnerability in modules/backup/download.php in La ...)
	NOT-FOR-US: Lanai Core
CVE-2009-4959 (SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) ext ...)
	NOT-FOR-US: T3M E-Mail Marketing Tool
CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breeder Manager (aka E ...)
	NOT-FOR-US: EMO Breader Manager
CVE-2010-2859 (news.php in SimpNews 2.47.3 and earlier allows remote attackers to obt ...)
	NOT-FOR-US: SimpNews
CVE-2010-2858 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in Sim ...)
	NOT-FOR-US: SimpNews
CVE-2010-2857 (Directory traversal vulnerability in the Music Manager component for J ...)
	NOT-FOR-US: Joomla! Music Manager
CVE-2010-2856 (Cross-site scripting (XSS) vulnerability in admin/currencies.php in os ...)
	NOT-FOR-US: osCSS
CVE-2010-2855 (Multiple SQL injection vulnerabilities in modfile.php in Event Horizon ...)
	NOT-FOR-US: Event Horizon
CVE-2010-2854 (Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in  ...)
	NOT-FOR-US: Event Horizon
CVE-2010-2853 (SQL injection vulnerability in flashPlayer/playVideo.php in iScripts V ...)
	NOT-FOR-US: iScripts VisualCaster
CVE-2010-2852 (Cross-site scripting (XSS) vulnerability in modules/headlines/magpiers ...)
	NOT-FOR-US: RunCMS
CVE-2010-2851 (SQL injection vulnerability in the BookLibrary From Same Author (com_b ...)
	NOT-FOR-US: Joomla! BookLibrary From Same Author
CVE-2010-2850 (Directory traversal vulnerability in productionnu2/fileuploader.php in ...)
	NOT-FOR-US: nuBuilder
CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php i ...)
	NOT-FOR-US: nuBuilder
CVE-2010-2848 (Directory traversal vulnerability in assets/captcha/includes/alikon/pl ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (co ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ( ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1 ...)
	NOT-FOR-US: Joomla! QuickFAQ
CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz Ne ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0 ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before  ...)
	NOT-FOR-US: Cisco
CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...)
	NOT-FOR-US: Cisco
CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified Communicati ...)
	NOT-FOR-US: Cisco
CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco
CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1,  ...)
	NOT-FOR-US: Cisco
CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x  ...)
	NOT-FOR-US: Cisco
CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x  ...)
	NOT-FOR-US: Cisco
CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in Cis ...)
	NOT-FOR-US: Cisco
CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco I ...)
	NOT-FOR-US: Cisco
CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and  ...)
	NOT-FOR-US: Cisco
CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS 12. ...)
	NOT-FOR-US: Cisco
CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS 12. ...)
	NOT-FOR-US: Cisco
CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Cisco
CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco A ...)
	NOT-FOR-US: Cisco
CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine (ACE ...)
	NOT-FOR-US: Cisco
CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...)
	NOT-FOR-US: Cisco
CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco Adapt ...)
	NOT-FOR-US: Cisco
CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...)
	NOT-FOR-US: Cisco
CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...)
	NOT-FOR-US: Cisco
CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not prop ...)
	{DSA-2091-1}
	- squirrelmail 2:1.4.21-1 (low)
	[lenny] - squirrelmail <no-dsa> (low-risk issue)
CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of s ...)
	- znc 0.092-2 (unimportant; bug #599708)
CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...)
	- vdsm <itp> (bug #668538)
CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in WWW/Libr ...)
	- lynx-cur 2.8.8dev.5-1 (bug #594300)
	[lenny] - lynx-cur <no-dsa> (Minor issue, exploit scenario really obscure)
CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in Uzbl befor ...)
	- uzbl 0.0.0~git.20100403-3 (bug #594301)
CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds  ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType befor ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2804
	RESERVED
CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rend ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-22
CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allo ...)
	- mantis <not-affected> (vulnerable code introduced in 1.2.x)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract bef ...)
	{DSA-2087-1}
	- cabextract 1.3-1 (bug #591552)
CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote attacke ...)
	- cabextract 1.3-1 (bug #591552; unimportant)
CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in So ...)
	{DSA-2090-1}
	- socat 1.7.1.3-1 (bug #591443; medium)
CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kern ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-20
CVE-2010-2797 (Directory traversal vulnerability in lib/translation.functions.php in  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when  ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack sessio ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users t ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet E ...)
	NOT-FOR-US: SPICE plugin for Internet Explorer
CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox al ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,  ...)
	- apache2 2.2.9-10 (low)
CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)
	- zabbix 1:1.8.3-1 (bug #594304)
	[squeeze] - zabbix 1:1.8.2-1squeeze1
	[lenny] - zabbix <no-dsa> (Minor issue)
CVE-2010-2789 (PHP remote file inclusion vulnerability in MediaWikiParserTest.php in  ...)
	- mediawiki <not-affected> (Affects mediawiki 1:1.16.0beta* - was not and will not be in Debian)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2788 (Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWi ...)
	- mediawiki 1:1.15.5-1 (bug #590669; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of public cach ...)
	- mediawiki 1:1.15.5-1 (bug #590660; low)
	[lenny] - mediawiki <no-dsa> (Minor issue)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows re ...)
	- piwik <itp> (bug #506933)
CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not  ...)
	{DSA-2078-1}
	- kvirc 4:4.0.0-3
CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register  ...)
	- qemu-kvm 0.12.5+dfsg-3 (bug #594478)
	- kvm <removed>
	[lenny] - kvm 72+dfsg-5~lenny6
CVE-2010-2783 (IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary  ...)
	- openjdk-6 6b18-1.8.1-1
CVE-2009-4957 (Directory traversal vulnerability in loadpanel.php in Interspire Activ ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2009-4956 (Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_s ...)
	NOT-FOR-US: typo3 third party component (ws_stats)
CVE-2009-4955 (SQL injection vulnerability in the ultraCards (th_ultracards) extensio ...)
	NOT-FOR-US: typo3 third party component (th_ultracards)
CVE-2009-4954 (SQL injection vulnerability in the Versatile Calendar Extension [VCE]  ...)
	NOT-FOR-US: typo3 third party component (sk_calendar)
CVE-2009-4953 (Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit ( ...)
	NOT-FOR-US: typo3 third party component (sg_userdata)
CVE-2009-4952 (Directory traversal vulnerability in the Directory Listing (dir_listin ...)
	NOT-FOR-US: typo3 third party component (dir_listing)
CVE-2009-4951 (Unspecified vulnerability in the ClickStream Analyzer [output] (altern ...)
	NOT-FOR-US: typo3 third party component (alternet_csa_out)
CVE-2009-4950 (SQL injection vulnerability in the A21glossary Advanced Output (a21glo ...)
	NOT-FOR-US: typo3 third party component (a21glossary_advanced_output)
CVE-2009-4949 (SQL injection vulnerability in the Store Locator extension before 1.2. ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2009-4948 (Cross-site scripting (XSS) vulnerability in the Store Locator extensio ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2009-4947 (SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Sol ...)
	NOT-FOR-US: Q2 Solutions ConnX
CVE-2009-4946 (Directory traversal vulnerability in the Messaging (com_messaging) com ...)
	NOT-FOR-US: Joomla! Messaging
CVE-2010-2782
	RESERVED
CVE-2010-2781
	RESERVED
CVE-2010-2780
	RESERVED
CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...)
	NOT-FOR-US: GroupWise
CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...)
	NOT-FOR-US: GroupWise
CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise  ...)
	NOT-FOR-US: GroupWise
CVE-2010-2776
	RESERVED
CVE-2010-2775
	RESERVED
CVE-2010-2774
	RESERVED
CVE-2010-2773
	RESERVED
CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded passwor ...)
	NOT-FOR-US: SCADA
CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to exe ...)
	NOT-FOR-US: IBM solidDB
CVE-2009-4945 (AdPeeps 8.5d1 has a default password of admin for the admin account, w ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4944 (Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1. ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4943 (index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4942 (Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows  ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4941 (Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC AColla ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4940 (SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier  ...)
	NOT-FOR-US: Zeus Cart
CVE-2009-4939 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ad ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4938 (SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3. ...)
	NOT-FOR-US: JVideo
CVE-2009-4937 (Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 ...)
	NOT-FOR-US: SPirate
CVE-2009-4936 (Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 a ...)
	NOT-FOR-US: SPirate
CVE-2010-3484 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows r ...)
	- mapserver 5.6.4-1 (low)
	[lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-3485 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows r ...)
	- mapserver 5.6.4-1 (low)
	[lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	- xulrunner <not-affected> (The vulnerability is MacOS-specific)
	- iceweasel <not-affected> (The vulnerability is MacOS-specific)
	- iceape <not-affected> (The vulnerability is MacOS-specific)
CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5 ...)
	{DSA-2124-1 DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12  ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3. ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla Fir ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- icedove 3.0.7-1
	[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
	- iceweasel <not-affected> (Only affects 3.6, only in experimental)
CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.p ...)
	- perl 5.10.1-17 (bug #606995)
	- libcgi-pm-perl 3.50-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
	[lenny] - perl 5.10.0-19lenny3 (bug #606995)
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in Mozill ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6. ...)
	- bugzilla 3.6.2.0-1 (bug #595015; medium)
CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6. ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4. ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not pro ...)
	- xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only exploitable in Firefox 3.6.x and above)
CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 an ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x befo ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5 ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocS ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac a ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2749
	REJECTED
CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check  ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control lib ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly de ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly pe ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in Micr ...)
	NOT-FOR-US: Windows
CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in USP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2737
	REJECTED
CVE-2010-2736
	REJECTED
CVE-2010-2735
	REJECTED
CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in Micro ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in Microso ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft Forefron ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ( ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5,  ...)
	NOT-FOR-US: Microsoft IIS
CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, an ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2010-2727
	REJECTED
CVE-2010-2726
	REJECTED
CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the (1 ...)
	{DSA-2102-1}
	- barnowl 1.6.2-1 (bug #593299)
CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select mo ...)
	NOT-FOR-US: Drupal addon module
CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows  ...)
	NOT-FOR-US: LISTSERV
CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint  ...)
	NOT-FOR-US: RightInPoint Lyrics Script
CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...)
	NOT-FOR-US: RightInPoint Lyrics Script
CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and p ...)
	NOT-FOR-US: phpaaCms
CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and p ...)
	NOT-FOR-US: phpaaCms
CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware Cr ...)
	NOT-FOR-US: CruxSoftware
CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in CruxS ...)
	NOT-FOR-US: CruxSoftware
CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote atta ...)
	NOT-FOR-US: PsNews
CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PH ...)
	NOT-FOR-US: TCW PHP Album
CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 a ...)
	NOT-FOR-US: TCW PHP Album
CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in l ...)
	[lenny] - vte <not-affected> (Uses a hardcoded string in the terminal icon/window title)
	- vte 1:0.24.3-1
	NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
	NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.1 ...)
	NOT-FOR-US: Software Distributor in HP HP-UX
CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the  ...)
	NOT-FOR-US: HP MagCloud app
CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network No ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.2 ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches be ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with soft ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and  ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll mo ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function i ...)
	NOT-FOR-US: Unreal engine
CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow rem ...)
	NOT-FOR-US: FathFTP ActiveX control
CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clic ...)
	NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank Affilia ...)
	NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software a ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community So ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in X ...)
	NOT-FOR-US: Xlight FTP Server
CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag wh ...)
	- kfreebsd-7 7.3-5
	[lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
	- kfreebsd-8 8.0-10
CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Des ...)
	NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Desig ...)
	NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) co ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS  ...)
	NOT-FOR-US: Internet DM WebDM CMS
CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat Classified ...)
	NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat Class ...)
	NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in the TopManag ...)
	NOT-FOR-US: SAP module
CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not p ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm PageDire ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm PageDir ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator (com_real ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) compo ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE Section/Proper ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component i ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! a ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web A ...)
	NOT-FOR-US: Open Web Analytics
CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web  ...)
	NOT-FOR-US: Open Web Analytics
CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1 ...)
	NOT-FOR-US: TSOKA:CMS
CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2. ...)
	NOT-FOR-US: TSOKA:CMS
CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ea ...)
	NOT-FOR-US: Devana
CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2 ...)
	- ezpublish <removed>
CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ P ...)
	- ezpublish <removed>
CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts Reci ...)
	NOT-FOR-US: BrotherScripts Recipe Website
CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in admin/editors/text/editor- ...)
	NOT-FOR-US: Orbis CMS
CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Ada ...)
	NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter
CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance Manageme ...)
	NOT-FOR-US: VMware Studio
CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce p ...)
	NOT-FOR-US: Opera
CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Wind ...)
	NOT-FOR-US: Opera
CVE-2010-2664 (Opera before 10.60 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-2663 (Opera before 10.60 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2010-2662 (Opera before 10.60 allows remote attackers to bypass the popup blocker ...)
	NOT-FOR-US: Opera
CVE-2010-2661 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX p ...)
	NOT-FOR-US: Opera
CVE-2010-2660 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX p ...)
	NOT-FOR-US: Opera
CVE-2010-2659 (Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10 ...)
	NOT-FOR-US: Opera
CVE-2010-2658 (Opera before 10.60 does not properly restrict certain interaction betw ...)
	NOT-FOR-US: Opera
CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent c ...)
	NOT-FOR-US: Opera
CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware bui ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on th ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCe ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2653 (Race condition in the hvc_close function in drivers/char/hvc_console.c ...)
	- linux-2.6 2.6.32-25
CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook Pro al ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-4934 (Cross-site scripting (XSS) vulnerability in index.php in Online Photo  ...)
	NOT-FOR-US: Online Photo Pro
CVE-2009-4933 (Multiple SQL injection vulnerabilities in login.php in EZ Webitor allo ...)
	NOT-FOR-US: EZ Webitor
CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote a ...)
	NOT-FOR-US: 1by1
CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote ...)
	NOT-FOR-US: Groovy Media Player
CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQue ...)
	NOT-FOR-US: SunGard Banner Student System
CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require administr ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: WB News
CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact  ...)
	NOT-FOR-US: Online Contact Manager
CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito  ...)
	NOT-FOR-US: Portale e-commerce Creasito
CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal dial ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
	NOTE: http://trac.webkit.org/changeset/59247
CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has unkno ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows re ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797
	NOTE: http://trac.webkit.org/changeset/60973
	NOTE: http://trac.webkit.org/changeset/60977
CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi al ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
	NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a den ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
	NOTE: http://trac.webkit.org/changeset/61667
	NOTE: http://trac.webkit.org/changeset/61669 mac fixes
	NOTE: http://trac.webkit.org/changeset/61676 chromium fixes
	NOTE: http://trac.webkit.org/changeset/61679 additional layout test
	NOTE: duplicate of cve-2010-1786
CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed IF ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
	NOTE: http://trac.webkit.org/changeset/58873
	NOTE: http://trac.webkit.org/changeset/59870 chromium updates
CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when Web ...)
	- webkit <not-affected> (doesn't include webgl code yet)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039
	NOTE: http://trac.webkit.org/changeset/58957
CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1  ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component i ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend c ...)
	{DSA-2388-1 DSA-2357-1}
	- evince 3.0.2-1 (bug #609534)
	[squeeze] - evince 2.30.3-2+squeeze1
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component i ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component i ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote att ...)
	NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allow ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not en ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store pa ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0 ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...)
	NOT-FOR-US: RSA enVision
CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3. ...)
	NOT-FOR-US: EMC
CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10 ...)
	NOT-FOR-US: Solaris FTP server
CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first stag ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly vali ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02  ...)
	NOT-FOR-US: Cisco
CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...)
	- strongswan 4.4.1-1
	[lenny] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
	[squeeze] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 engine ...)
	NOT-FOR-US: Refractor 2
CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
	NOT-FOR-US: Miyabi CGI Tools SEO Links
CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi Ser ...)
	NOT-FOR-US: Hitachi ServerConductor
CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...)
	NOT-FOR-US: iScripts EasySnaps
CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...)
	NOT-FOR-US: Internet DM Specialist Bed and Breakfast
CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly 1.1. ...)
	NOT-FOR-US: Joomanager
CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in src_network_ssl_qss ...)
	- qt4-x11 4:4.6.3-2 (low; bug #587711)
	[lenny] - qt4-x11 <no-dsa> (Harmless impact)
	NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597
CVE-2010-2620 (Open&amp;Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote  ...)
	NOT-FOR-US: Open&Compact FTP Server
CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlie ...)
	NOT-FOR-US: Citrix XenServer (it's based on Xen, likely a duplicate of an existing Xen issue)
CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...)
	- python-cjson 1.0.5-4 (low; bug #593302)
	[lenny] - python-cjson <no-dsa> (Minor issue)
CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) bo ...)
	- bogofilter 1.2.1-3 (low; bug #588090)
	[lenny] - bogofilter 1.1.7-1+lenny1
	NOTE: this is "only" null write to an invalid pointer, no arbitrary location
CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP imple ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29)
CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...)
	NOT-FOR-US: AdaptCMS
CVE-2010-2617 (Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Sea ...)
	NOT-FOR-US: PHP Bible Search
CVE-2010-2616 (SQL injection vulnerability in bible.php in PHP Bible Search, probably ...)
	NOT-FOR-US: PHP Bible Search
CVE-2010-2615 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php ...)
	NOT-FOR-US: Grafik CMS
CVE-2010-2614 (SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, an ...)
	NOT-FOR-US: Grafik CMS
CVE-2010-2613 (Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Son ...)
	NOT-FOR-US: com_awd_song component for joomla!
CVE-2010-2612 (Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVM ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-2611 (SQL injection vulnerability in show_search_result.php in i-netsolution ...)
	NOT-FOR-US: i-netsolution Job Search Engine
CVE-2010-2610 (Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allo ...)
	NOT-FOR-US: 2daybiz Job Site Script
CVE-2010-2609 (SQL injection vulnerability in show_search_result.php in 2daybiz Job S ...)
	NOT-FOR-US: 2daybiz Job Search Engine Script
CVE-2010-2608
	RESERVED
CVE-2010-2607
	RESERVED
CVE-2010-2606
	RESERVED
CVE-2010-2605
	RESERVED
CVE-2010-2604 (Multiple buffer overflows in the PDF Distiller in the BlackBerry Attac ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-2603 (RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Ma ...)
	NOT-FOR-US: RIM BlackBerry Desktop Software
CVE-2010-2602 (Multiple buffer overflows in the PDF distiller component in the BlackB ...)
	NOT-FOR-US: BlackBerry Enterprise Serve
CVE-2010-2601 (Multiple buffer overflows in the PDF distiller in the Attachment Servi ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-2600 (Untrusted search path vulnerability in BlackBerry Desktop Software bef ...)
	NOT-FOR-US: BlackBerry Desktop Software
CVE-2010-2599 (Unspecified vulnerability in Research In Motion (RIM) BlackBerry Devic ...)
	NOT-FOR-US: BlackBerry Device Software
CVE-2010-2594 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: InterSect Allience Snare Agent
CVE-2010-2593
	RESERVED
CVE-2010-2592
	RESERVED
CVE-2010-2591
	RESERVED
CVE-2010-2590 (Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl ...)
	NOT-FOR-US: ActiveX
CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave Player be ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winam ...)
	NOT-FOR-US: Winamp
CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX contro ...)
	NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in Rea ...)
	NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogato ...)
	NOT-FOR-US: SonicWALL
CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player befo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not pro ...)
	NOT-FOR-US: MailEnable
CVE-2010-2579 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2578 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow rem ...)
	NOT-FOR-US: Pligg
CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download dialo ...)
	NOT-FOR-US: Opera
CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in t ...)
	- okular 4:4.4.5-2
	[lenny] - okular 0.7-2+lenny1
	- kdegraphics 4:4.4.5-2
	[lenny] - kdegraphics <not-affected> (Lenny's kdegraphics doesn't yet contain Okular)
	NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
	NOTE: Okular was initially a single source package (lenny days), then it was merged into
	NOTE: kdegraphics (squeeze days) and later split off again (wheezy)
CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...)
	- mantis 1.1.8+dfsg-6 (low; bug #595510)
	[lenny] - mantis 1.1.6+dfsg-2lenny2
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as u ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2  ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2 ...)
	{DLA-610-1}
	- tiff 4.0.6-1 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
	NOTE: according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
	NOTE: unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
	NOTE: that the reproducer does not trigger the crash anymore.
	NOTE: Tom Lane's patch should be applied for tiff in Wheezy too.
	NOTE: Not confirmed which exact version should fix the issue.
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in Ima ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, Power ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows r ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2 ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2010-2565
	REJECTED
CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6 ...)
	NOT-FOR-US: Microsoft
CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle H ...)
	NOT-FOR-US: Microsoft
CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft
CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft
CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remot ...)
	NOT-FOR-US: Microsoft
CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft
CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft
CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista S ...)
	NOT-FOR-US: Microsoft
CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2010-2548 (IcedTea6 before 1.7.4 does not properly check property access, which a ...)
	- openjdk-6 6b18-1.8.1-1
CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...)
	{DSA-2076-1}
	- gnupg2 2.0.14-2
CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod ...)
	{DSA-2081-1}
	- libmikmod 3.1.11-6.3
CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti bef ...)
	- cacti 0.8.7g-1
CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in include/top_graph_header.p ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in setup. ...)
	{DSA-2114-1}
	- git-core 1:1.7.1-1.1 (low; bug #590026)
CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType b ...)
	{DSA-2105-1}
	- freetype 2.4.2-1 (low)
CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 d ...)
	{DSA-2079-1}
	- mapserver 5.6.4-1
CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in M ...)
	{DSA-2079-1}
	- mapserver 5.6.4-1
CVE-2010-2538 (Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and  ...)
	- rekonq 0.5.0-2 (bug #593300)
CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...)
	NOT-FOR-US: Joomla!
CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...)
	- openttd 1.0.3-1
	[lenny] - openttd <not-affected> (Introduced in 1.0.1)
	NOTE: http://bugs.openttd.org/task/3909
CVE-2010-2533
	REJECTED
CVE-2010-2532
	- lxsession 0.4.4-3 (bug #591409)
CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3  ...)
	{DSA-2266-1}
	- php5 5.3.3-2 (low)
CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb module  ...)
	NOT-FOR-US: NetBSD
CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 200 ...)
	{DSA-2645-1}
	- iputils 3:20100418-2
	- inetutils 2:1.9-2
	[lenny] - iputils 3:20071127-1+lenny1
CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol plu ...)
	- pidgin 2.7.2-1
	[lenny] - pidgin <not-affected> (Vulnerable code not present, support for X-Status was added later)
CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 al ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in L ...)
	{DSA-2095-1}
	- lvm2 2.02.66-3 (bug #591204)
CVE-2010-2525
	RESERVED
CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Lin ...)
	{DSA-2264-1}
	- linux-2.6 2.6.32-19
CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allo ...)
	NOT-FOR-US: UMIP
CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ori ...)
	NOT-FOR-US: UMIP
CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementati ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-13
CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in truetype/ttinter ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in b ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...)
	NOT-FOR-US: P8 Content Search Engine
CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...)
	NOT-FOR-US: ClearQuest
CVE-2010-2516 (Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketin ...)
	NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2009-4923 (Unspecified vulnerability in the DTLS implementation on Cisco Adaptive ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4922 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4921 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4920 (Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4919 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 serie ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4918 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4917 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4916 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4915 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4914 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series de ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4913 (The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 55 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4912 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4911 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4910 (Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq (com_j ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) compon ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxe ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz Matrimonia ...)
	NOT-FOR-US: 2daybiz Matrimonial Script
CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Mar ...)
	NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template S ...)
	NOT-FOR-US: 2daybiz Web Template
CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Tem ...)
	NOT-FOR-US: 2daybiz Web Template
CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video Commu ...)
	NOT-FOR-US: 2daybiz Video
CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery (com_picasa2ga ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54 ...)
	NOT-FOR-US: Linksys
CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remo ...)
	NOT-FOR-US: Soft SaschArt SasCAM Webcam Server
CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenti ...)
	NOT-FOR-US: Splunk
CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 thro ...)
	NOT-FOR-US: Splunk
CVE-2010-2502 (Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0 ...)
	NOT-FOR-US: Splunk
CVE-2010-2501
	RESERVED
CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c  ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in Fre ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows re ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2496
	RESERVED
CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) i ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messagin ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-19
CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...)
	- roundup 1.4.13-3.1 (bug #590769)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
	NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
CVE-2010-2490 (Mumble: murmur-server has DoS due to malformed client query ...)
	- mumble 1.2.2-4 (bug #587713)
	[lenny] - mumble <no-dsa> (Minor issue)
	- qt4-x11 <not-affected> (low; bug #587713)
CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...)
	- ruby1.8 <not-affected> (Windows-specific)
	- ruby1.9.1 <not-affected> (Windows-specific)
CVE-2010-2488 (NULL pointer dereference vulnerability in ZNC before 0.092 caused by t ...)
	{DSA-2069-1}
	- znc 0.090-2 (bug #584929)
CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3  ...)
	{DSA-2083-1}
	- moin 1.9.3-1 (bug #584809)
CVE-2010-2486
	RESERVED
CVE-2010-2485
	RESERVED
CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
	- tiff 3.9.4-4 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid td_strip ...)
	{DSA-2552-1}
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ha ...)
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python stan ...)
	- mako 0.3.4-1 (low)
	[lenny] - mako <no-dsa> (Minor issue)
CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
	NOTE: http://thread.gmane.org/gmane.linux.network/164869
CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpe ...)
	- paste 1.7.4-1 (low)
	[lenny] - paste 1.7.1-1+lenny1
	NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
CVE-2010-2475
	RESERVED
CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through  ...)
	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-2476 (syscp 1.4.2.1 allows attackers to add arbitrary paths via the document ...)
	- syscp <removed> (bug #587481)
CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for th ...)
	NOT-FOR-US: Linear eMerge
CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 an ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eM ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eM ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom befor ...)
	NOT-FOR-US: Jamroom
CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...)
	NOT-FOR-US: Toma Cero OroHYIP
CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 al ...)
	NOT-FOR-US: JCE-Tech Overstock
CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech S ...)
	NOT-FOR-US: JCE-Tech Shareasale Script
CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community Po ...)
	NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...)
	NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search allo ...)
	NOT-FOR-US: K-Search
CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker IM ...)
	NOT-FOR-US: Linker IMG
CVE-2010-2455 (Opera does not properly manage the address bar between the request to  ...)
	NOT-FOR-US: Opera
CVE-2010-2454 (Apple Safari does not properly manage the address bar between the requ ...)
	- webkit <not-affected> (iceweasel/safari-specific issues)
	- chromium-browser <not-affected> (iceweasel/safari-specific issues)
	NOTE: i tested both firefox and safari poc's, and neither of them caused the
	NOTE: address bar to be spoofed in either webkit or chrome
	NOTE: this will be address in iceweasel in cve-2010-1206
CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk S ...)
	NOT-FOR-US: Synology Disk Station
CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct brute-forc ...)
	NOT-FOR-US: oBlog
CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow rem ...)
	NOT-FOR-US: oBlog
CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog al ...)
	NOT-FOR-US: oBlog
CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in Acc PH ...)
	NOT-FOR-US: Acc PHP eMail
CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...)
	NOT-FOR-US: Acc Statistics
CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which allows ...)
	NOT-FOR-US: oBlog
CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog allows  ...)
	NOT-FOR-US: oBlog
CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc 3. ...)
	{DSA-2065-1}
	- kvirc 4:4.0.0~svn4340+rc3-1
CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in KVI ...)
	{DSA-2065-1}
	- kvirc 4:4.0.0~svn4340+rc3-1
CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9. ...)
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
	NOTE: Triggers a NULL pointer deref, crasher only
CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict fo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote a ...)
	- webkit 1.2.1-3 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation W ...)
	NOT-FOR-US: Subtitle Translation Wizard
CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to exec ...)
	NOT-FOR-US: MoreAmp
CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...)
	NOT-FOR-US: G.CMS
CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in A ...)
	NOT-FOR-US: AneCMS BLog
CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1 ...)
	NOT-FOR-US: AneCMS Blog
CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...)
	- weborf 0.12.2-1
CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explz ...)
	NOT-FOR-US: Explzh
CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in content/interna ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS befo ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, wit ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-2430
	RESERVED
CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2,  ...)
	NOT-FOR-US: Splunk
CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the  ...)
	NOT-FOR-US: Wing FTP Server
CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which al ...)
	NOT-FOR-US: VMware Studio
CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River Technolo ...)
	NOT-FOR-US: Titan FTP Server
CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River Technolo ...)
	NOT-FOR-US: Titan FTP Server
CVE-2010-2424
	RESERVED
CVE-2010-2423
	RESERVED
CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone  ...)
	- plone3 <removed>
CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have unknow ...)
	NOT-FOR-US: Opera
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...)
	NOT-FOR-US: Sleipnir
CVE-2008-7258
	- ssmtp <unfixed> (unimportant; bug #591515)
CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1 ...)
	{DSA-2067-1}
	- php-htmlpurifier 4.1.1+dfsg1-1
	- mahara 1.2.5-1
	- moodle 1.9.9.dfsg2-1 (low; bug #593301)
	[lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier)
	- knowledgeroot 0.9.9.5-5
	[lenny] - knowledgeroot <no-dsa> (low)
CVE-2010-2419 (Unspecified vulnerability in the Java Virtual Machine component in Ora ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2418 (Unspecified vulnerability in the Oracle Territory Management component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2417 (Unspecified vulnerability in the Agile PLM component in Oracle Supply  ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2416 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle E-Business Intelligence
CVE-2010-2415 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2414 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Jav ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-2413 (Unspecified vulnerability in the BI Publisher component in Oracle Fusi ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2412 (Unspecified vulnerability in the OLAP component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2411 (Unspecified vulnerability in the Job Queue component in Oracle Databas ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2410 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2409 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2408 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2407 (Unspecified vulnerability in the XDK component in Oracle Database Serv ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2406 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-2405 (Unspecified vulnerability in the Siebel Core - Highly Interactive Clie ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-2404 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...)
	NOT-FOR-US: Solaris
CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Solaris
CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application Server ...)
	NOT-FOR-US: Oracle Sun Java System Application Serve
CVE-2010-2396 (Unspecified vulnerability in the Forms component in Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2395 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Solaris
CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Solaris
CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows  ...)
	NOT-FOR-US: Solaris
CVE-2010-2391 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2390 (Unspecified vulnerability in the Database Control component in EM Cons ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2389 (Unspecified vulnerability in the Perl component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x bef ...)
	- gdm 2.20.11-1
CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Solaris
CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4 ...)
	NOT-FOR-US: Oracle Sun Java System Web Proxy Server
CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSola ...)
	NOT-FOR-US: Solaris
CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2010-2381 (Unspecified vulnerability in the Application Server Control component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time &amp ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspeci ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local u ...)
	NOT-FOR-US: Solaris
CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle Enterpris ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process Management co ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2369 (Untrusted search path vulnerability in Lhasa 0.19 and earlier allows l ...)
	NOT-FOR-US: Lhasa
CVE-2010-2368 (Untrusted search path vulnerability in Lhaplus before 1.58 allows loca ...)
	NOT-FOR-US: Lhaplus
CVE-2010-2367 (Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 bef ...)
	NOT-FOR-US: AD-EDIT2
CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Ana ...)
	NOT-FOR-US: CGI Cafe Access Analyzer
CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 befor ...)
	NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...)
	NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the S ...)
	NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers
CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information,  ...)
	NOT-FOR-US: Winny
CVE-2010-2361 (Winny 2.0b7.1 and earlier does not properly process BBS information, w ...)
	NOT-FOR-US: Winny
CVE-2010-2360 (Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow rem ...)
	NOT-FOR-US: Winny
CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com  ...)
	NOT-FOR-US: eWebquiz
CVE-2010-2358 (PHP remote file inclusion vulnerability in modules/catalog/upload_phot ...)
	NOT-FOR-US: Nakid CMS
CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script 1. ...)
	NOT-FOR-US: Eicra Realestate Script
CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Gro ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ( ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS  ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0  ...)
	NOT-FOR-US: Novell Netware
CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows  ...)
	- ziproxy 3.1.1-1 (bug #587039)
	[lenny] - ziproxy <not-affected> (Introduced in 3.1.0)
CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: H264WebCam
CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0. ...)
	NOT-FOR-US: Batch Audio Converter
CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 thr ...)
	NOT-FOR-US: SAP J2EE Telnet Interface
CVE-2010-2346
	RESERVED
CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and pos ...)
	NOT-FOR-US: odCMS
CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...)
	NOT-FOR-US: odCMS
CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007 ...)
	NOT-FOR-US: D.R. Software Audio Converter
CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady O ...)
	NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2010-2341 (PHP remote file inclusion vulnerability in system/application/views/pu ...)
	NOT-FOR-US: EZPX Photoblog
CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ma ...)
	NOT-FOR-US: Arab Portal
CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...)
	NOT-FOR-US: Subdreamer CMS
CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor  ...)
	NOT-FOR-US: VU Web Visitor Analyst
CVE-2010-2337 (Open redirect vulnerability in RSA Federated Identity Manager 4.0 befo ...)
	NOT-FOR-US: RSA Federated Identity Manager
CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obt ...)
	NOT-FOR-US: Yamamah Photo Gallery
CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00 ...)
	NOT-FOR-US: Yamamah Photo Gallery
CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in Ya ...)
	NOT-FOR-US: Yamamah Phote Gallery
CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...)
	NOT-FOR-US: LiteSpeed Web Server
CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...)
	NOT-FOR-US: Impact PDF Reader
CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allow ...)
	NOT-FOR-US: iSharer File Sharing Wizard
CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allow ...)
	NOT-FOR-US: iSharer File Sharing Wizard
CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote attacker ...)
	NOT-FOR-US: Rosoft Audio Converter
CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.3 ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNo ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS all ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS mig ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in j ...)
	- fastjar 2:0.98-3 (low)
	[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...)
	NOT-FOR-US: Adobe InDesign
CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in winscard_svc. ...)
	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
	NOTE: of the weird CVE assignments on this one
CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smar ...)
	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
	NOTE: of the weird CVE assignments on this one
CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows remote atta ...)
	- bozohttpd 20100621-1 (low; bug #590298)
	[lenny] - bozohttpd <no-dsa> (Minor information leak)
CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allo ...)
	NOT-FOR-US: IDevSpot TextAds
CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPor ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow ...)
	NOT-FOR-US: WmsCms
CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: WmsCms
CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in SmartISof ...)
	NOT-FOR-US: SmartISoft phpBazar
CVE-2010-2314 (PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter. ...)
	NOT-FOR-US: NP_Twitter Plugin
CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne Productions  ...)
	NOT-FOR-US: SIMM Management System
CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted House Dir ...)
	NOT-FOR-US: HauntmAx Haunted House Directory Listing CMS
CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows us ...)
	NOT-FOR-US: Power Tab Editor
CVE-2010-2310 (SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a de ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2309 (Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6. ...)
	NOT-FOR-US: EvoLogical EvoCam
CVE-2010-2308 (Unspecified vulnerability in the filter driver (savonaccessfilter.sys) ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2010-2307 (Multiple directory traversal vulnerabilities in the web server for Mot ...)
	NOT-FOR-US: Motorola firmware
CVE-2010-2306 (The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; ...)
	NOT-FOR-US: Sourcefire 3D Sensor
CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Syg ...)
	NOT-FOR-US: Symantec Sygate Personal Firewall
CVE-2010-2304
	REJECTED
CVE-2010-2303
	REJECTED
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome bef ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59876
	NOTE: duplicate of cve-2010-1771
CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebC ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59241
	NOTE: http://trac.webkit.org/changeset/59242
	NOTE: duplicate of cve-2010-1762
CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes funct ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59109
	NOTE: duplicate of cve-2010-1759
CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc i ...)
	- webkit <not-affected> (chromium-specific)
	- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome bef ...)
	- webkit <not-affected> (chromium-specific)
	- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome b ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before  ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
	NOTE: http://trac.webkit.org/changeset/57627
	NOTE: http://trac.webkit.org/changeset/57658
	NOTE: http://trac.webkit.org/changeset/57658
	NOTE: http://trac.webkit.org/changeset/59769
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0 ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2009-4900 (pixelpost 1.7.1 has XSS ...)
	- pixelpost <removed> (bug #597224)
	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4899 (pixelpost 1.7.1 has SQL injection ...)
	- pixelpost <removed> (bug #597224)
	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2  ...)
	NOT-FOR-US: TWiki
CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allo ...)
	{DSA-2093-1}
	- ghostscript 8.70~dfsg-1
CVE-2009-4896 (Multiple directory traversal vulnerabilities in the mlmmj-php-admin we ...)
	{DSA-2073-1}
	- mlmmj 1.2.17-1.1 (bug #588038)
CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...)
	NOT-FOR-US: Plume CMS
CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote auth ...)
	NOT-FOR-US: Dlink Di-604
CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web interfa ...)
	NOT-FOR-US: Dlink Di-604 Router
CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone firm ...)
	NOT-FOR-US: snom VoIP Phone
CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfe ...)
	NOT-FOR-US: McAfee
CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper Netwo ...)
	NOT-FOR-US: Juniper Networks
CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Junip ...)
	NOT-FOR-US: Juniper Networks
CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 all ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus Conne ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connect ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Conne ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before 0. ...)
	- dojo <not-affected> (Doesn't affect the Debian packaging)
CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1 ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x befo ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before  ...)
	- dojo <not-affected> (only affects 0.4 branch)
CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka  ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable http ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web Ser ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Acco ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Ser ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service (cra ...)
	- nginx <not-affected> (Confirmed Windows only, see bug #590768)
CVE-2009-4895 (Race condition in the tty_fasync function in drivers/char/tty_io.c in  ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-9
CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in  ...)
	NOT-FOR-US: PunBB
CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::opt ...)
	- unrealircd <itp> (bug #515130)
CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- chromium-browser 6.0.466.0~r52279-1
	NOTE: This is a large series of risky behaviour-changing changesets.
	NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that
CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows ...)
	- nginx <not-affected> (Windows-specific vulnerability when running on NTFS)
CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! allo ...)
	NOT-FOR-US: Content Management System WEBjump!
CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allow ...)
	NOT-FOR-US: CS-Cart
CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login appli ...)
	NOT-FOR-US: vBook
CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel (book_panel ...)
	NOT-FOR-US: book_panel module for php-fusion
CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2 ...)
	NOT-FOR-US: PHortail
CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder  ...)
	NOT-FOR-US: CMS S.Builder
CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 a ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in p ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when m ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.3 ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 throug ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 th ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 throug ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine  ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wiresh ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to  ...)
	- weborf 0.12.1-1
CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers  ...)
	NOT-FOR-US: Linksys WAP54Gv3
CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design B ...)
	NOT-FOR-US: Gabmbit Design Bandwidth Meter
CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) comp ...)
	NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBa ...)
	NOT-FOR-US: phpBannerExchange
CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video Ch ...)
	NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute  ...)
	NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) co ...)
	NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for  ...)
	NOT-FOR-US: joomla!
CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to  ...)
	- libwww-perl 5.835-1 (low)
	[lenny] - libwww-perl 5.813-1+lenny2
CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of t ...)
	{DSA-2088-1}
	- wget 1.12-2.1 (low; bug #590296)
CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not pr ...)
	{DSA-2085-1}
	- lftp 4.0.6-1 (low)
	[lenny] - lftp <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1. ...)
	{DSA-2072-1}
	- libpng 1.2.44-1 (low; bug #587670)
	- tuxonice-userui 1.0-1 (unimportant)
	NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel befor ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-12 (low)
CVE-2010-2247 (makepasswd 1.10 default settings generate insecure passwords ...)
	- makepasswd 1.10-5 (low; bug #564559)
	[lenny] - makepasswd 1.10-3+lenny1
CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might all ...)
	- feh 1.8-1 (low; bug #587205)
	[lenny] - feh <no-dsa> (Minor issue)
CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earli ...)
	NOT-FOR-US: Apache Wink
CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in  ...)
	{DSA-2086-1}
	- avahi 0.6.26-1
CVE-2010-2243 (A vulnerability exists in kernel/time/clocksource.c in the Linux kerne ...)
	- linux-2.6 2.6.32-11
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improp ...)
	- libvirt 0.8.3-1 (low)
	[lenny] - libvirt 0.4.6-10+lenny1
CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Ha ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel befo ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-21
CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images with ...)
	- libvirt 0.8.3-1 (low)
	[lenny] - libvirt <not-affected> (only affects >= 0.6.0)
CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ...)
	- libvirt 0.8.3-1
	[lenny] - libvirt <not-affected> (only affects >= 0.7.2)
CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ...)
	- libvirt 0.8.3-1
	[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and Re ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Sa ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...)
	- tiff 3.9.4-2
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export pro ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://issues.apache.org/jira/browse/DERBY-2925
CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in report/overview/rep ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.1 ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
	- wordpress 3.0.4+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
	- egroupware <not-affected> (Only forks a minor subset of KSES)
CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php  ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control in ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 be ...)
	{DSA-2207-1}
	- tomcat5.5 <removed>
	- tomcat6 6.0.28-1 (bug #588813)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel bef ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in P ...)
	{DSA-2089-1}
	- php5 5.3.3-1
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise Virtualizatio ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualiza ...)
	- vdsm <itp> (bug #668538)
CVE-2010-2222 (The _ger_parse_control function in Red Hat Directory Server 8 and the  ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1)  ...)
	- iscsitarget 1.4.20.1-1
CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0 ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, a ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2210 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2209 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2208 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x befo ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2204 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2203 (Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to e ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2200
	RESERVED
CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...)
	- rpm <unfixed> (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2198 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...)
	- rpm <unfixed> (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2197 (rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax o ...)
	- rpm 4.8.1-1 (low; bug #584257)
	[lenny] - rpm <no-dsa> (Minor issue)
CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of  ...)
	- rpm 4.7.0-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2004-2768 (dpkg 1.9.21 does not properly reset the metadata of a file during repl ...)
	- dpkg 1.10.19 (bug #225692)
CVE-2010-2196
	RESERVED
CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows a ...)
	- bozohttpd 20100621-1 (low; bug #590298)
	[lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512)
CVE-2010-2194
	RESERVED
CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) Web ...)
	NOT-FOR-US: CA Global Advisor
CVE-2010-2192 (The make_lockdir_name function in policy.c in pmount 0.9.18 allow loca ...)
	{DSA-2063-1}
	- pmount 0.9.23-1
CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...)
	- php5 5.3.3-1 (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions i ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2187 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2186 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2185 (Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2184 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2183 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2182 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2181 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2180 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2179 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2178 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2177 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2176 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2175 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2174 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2173 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2172 (Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms al ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2171 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2170 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2169 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2167 (Multiple heap-based buffer overflows in Adobe Flash Player before 9.0. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2166 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2165 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2164 (Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2163 (Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2162 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2161 (Array index error in Adobe Flash Player before 9.0.277.0 and 10.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2160 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to cause a ...)
	NOT-FOR-US: Dameng DM Database
CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm modul ...)
	NOT-FOR-US: Storm module for Drupal
CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2,  ...)
	NOT-FOR-US: CA ARCserve
CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote att ...)
	- isc-dhcp 4.1.1-P1-1
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- dhcp <not-affected> (Only affects DHCP 4.x)
	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2010-2156
CVE-2010-2155 (Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/ht ...)
	{DSA-2056-1}
	- zonecheck 2.1.1-1 (bug #583290)
CVE-2010-2154 (Cross-site scripting (XSS) vulnerability in the Search Site in CMScout ...)
	NOT-FOR-US: CMScout
CVE-2010-2153 (Unrestricted file upload vulnerability in admin/code/tce_functions_tce ...)
	NOT-FOR-US: TCExam
CVE-2010-2152 (Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, I ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2010-2151 (Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2150 (Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allow ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2149 (Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2148 (SQL injection vulnerability in the My Car (com_mycar) component 1.0 fo ...)
	NOT-FOR-US: My Car for Joomla
CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) com ...)
	NOT-FOR-US: My Car for Joomla
CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor Logge ...)
	NOT-FOR-US: Visitor Logger
CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4 ...)
	NOT-FOR-US: ClearSite
CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways  ...)
	NOT-FOR-US: Zeeways eBay Clone auction script
CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 a ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote  ...)
	NOT-FOR-US: Cyberhost
CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows r ...)
	NOT-FOR-US: NITRO Web Gallery
CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows  ...)
	NOT-FOR-US: Multishop CMS
CVE-2010-2139 (SQL injection vulnerability in pages.php in Multishop CMS allows remot ...)
	NOT-FOR-US: Multishop CMS
CVE-2010-2138 (Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earli ...)
	NOT-FOR-US: ProMan
CVE-2010-2137 (PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 ...)
	NOT-FOR-US: ProMan
CVE-2010-2136 (Directory traversal vulnerability in admin/index.php in Article Friend ...)
	NOT-FOR-US: Article Friendly
CVE-2010-2135 (Multiple SQL injection vulnerabilities in login.php in HazelPress Lite ...)
	NOT-FOR-US: HazelPress Lite
CVE-2010-2134 (Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 ...)
	NOT-FOR-US: Project Man
CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows r ...)
	NOT-FOR-US: My Little Forum
CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...)
	NOT-FOR-US: Open Education System
CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...)
	NOT-FOR-US: TYPO3 extenson Calendar Base
CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...)
	NOT-FOR-US: Aris Global ARISg
CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in Zo ...)
	{DSA-2056-1}
	- zonecheck 2.1.1-1 (bug #583290)
CVE-2008-7256 (mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcomm ...)
	- linux-2.6 2.6.28-1 (low)
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar (com_j ...)
	NOT-FOR-US: JE Ajax Event Calenda
CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form (com_jequot ...)
	NOT-FOR-US: JE Quotation Form for Joomla
CVE-2010-2127 (PHP remote file inclusion vulnerability in gallery.php in JV2 Folder G ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3. ...)
	NOT-FOR-US: Snipe Gallery
CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banne ...)
	NOT-FOR-US: Rotor Banner module for Drupal
CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4 ...)
	NOT-FOR-US: Bartels Schone ConPresso
CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm modul ...)
	NOT-FOR-US: Storm module for Drupal
CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload (com_simpledow ...)
	NOT-FOR-US: SimpleDownload for Joomla
CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service (resou ...)
	NOT-FOR-US: Opera
CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to c ...)
	NOT-FOR-US: MS IE
CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows re ...)
	NOT-FOR-US: MS IE
CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ca ...)
	- xulrunner <unfixed> (unimportant)
CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...)
	{DSA-2058-1}
	- eglibc 2.10.1-1 (unimportant)
	- glibc 2.11.1-1 (unimportant)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f
CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the GNU C  ...)
	{DSA-2058-1}
	- eglibc 2.11.1-1 (unimportant)
	- glibc 2.11.1-1 (unimportant)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3
CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 al ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a de ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke ...)
	NOT-FOR-US: Brekeke PBX
CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in The Unif ...)
	NOT-FOR-US: The Uniform Server
CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA befor ...)
	NOT-FOR-US: FileCOPA
CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...)
	NOT-FOR-US: Pacific Timesheet
CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript c ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (issue in chrome's libv8 bindings)
	NOTE: http://trac.webkit.org/changeset/58229
CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows us ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58441
CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows re ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows at ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (doesn't have safebrowsing feature)
CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55 might all ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the Safe Brow ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (doesn't have safebrowsing feature)
CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0. ...)
	NOT-FOR-US: Orbit Downloader
CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/en ...)
	- axis <not-affected> (axis != axis2, vulnerable code not present)
CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to exe ...)
	NOT-FOR-US: Webby Webserver
CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_w ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_b ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access contr ...)
	NOT-FOR-US: e107
CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20  ...)
	NOT-FOR-US: e107
CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ear ...)
	NOT-FOR-US: CMSQlite
CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier a ...)
	NOT-FOR-US: CMSQlite
CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP 5. ...)
	- php5 5.3.3-1 (low)
	[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in  ...)
	- php5 5.3.3-1 (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier a ...)
	{DSA-2060-1}
	- cacti 0.8.7e-4 (bug #582691)
CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft OWA
CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM Communication ...)
	NOT-FOR-US: IBM Communications Server
CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the relations ...)
	- python3.1 3.1.2+20100706-1 (low)
	- python2.7 2.7-1 (low)
	- python2.6 2.6.5+20100706-1 (low)
	- python2.5 2.5.5-10 (low; bug #599739)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application  ...)
	- mojarra <unfixed> (unimportant; bug #611130)
	NOTE: Affected feature is fundamentally insecure
CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application S ...)
	NOT-FOR-US: Apache MyFaces
CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property  ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system pas ...)
	NOT-FOR-US: Microsoft Dynamics GP
CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ca ...)
	NOT-FOR-US: Cisco
CVE-2010-2081
	RESERVED
CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	- otrs2 2.4.8+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows att ...)
	NOT-FOR-US: Novell Access Manager
CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell Acce ...)
	NOT-FOR-US: Novell Access Manager
CVE-2009-4877 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI b ...)
	- webgui 7.7.22-1
CVE-2009-4876 (admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify ...)
	NOT-FOR-US: Netrix CMS
CVE-2009-4875 (FCKeditor.Java 2.4 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: FCKeditor.Java, different than fckeditor in the archive
CVE-2009-4874 (TalkBack 2.3.14 does not properly restrict access to the edit comment  ...)
	NOT-FOR-US: TalkBack
CVE-2009-4873 (Stack-based buffer overflow in the HTTP server in Rhino Software Serv- ...)
	NOT-FOR-US: Rhino Software Serv-U Web Client
CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended restri ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root director ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2077
	REJECTED
CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before  ...)
	NOT-FOR-US: Apache CXF
CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from Novemb ...)
	- unrealircd <itp> (bug #515130)
CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_se ...)
	- w3m 0.5.2-5 (low; bug #587445)
	[lenny] - w3m 0.5.2-2+lenny1
CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and pa ...)
	- pyftpd 0.8.5 (low; bug #585776)
	[lenny] - pyftpd 0.8.4.6+lenny1
CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary d ...)
	- pyftpd 0.8.5 (low; bug #585773)
	[lenny] - pyftpd 0.8.4.6+lenny1
CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Lin ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29)
CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and  ...)
	- xen-3 3.2.1-2
	NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier
CVE-2010-2069
	REJECTED
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 thr ...)
	- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function i ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the Linu ...)
	- linux-2.6 2.6.32-21
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31)
CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allo ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
CVE-2010-2064 (rpcbind 0.2.0 allows local users to write to arbitrary files or gain p ...)
	- rpcbind 0.2.0-4.1
	NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root
CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the chai ...)
	{DSA-2061-1}
	- samba 2:3.4.0~pre1-1 (high)
	NOTE: the affected code has been completely rewritten since 3.4.x
CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, as use ...)
	{DSA-2044-1 DSA-2043-1}
	- vlc 1.0.1-1
	[lenny] - vlc 0.8.6.h-4+lenny2.3
	- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
	[lenny] - mplayer 1.0~rc2-17+lenny3.2
	- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
	NOTE: DSA-2043 and DSA-2044
CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2)  ...)
	- rpcbind 0.2.0-4.1
CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows r ...)
	- beanstalkd 1.4.6-1 (unimportant; bug #585162)
	NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network,
	NOTE: "as it has no authorisation/authentication mechanisms". So this is likely a non-issue
CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and R ...)
	- rpm 4.8.1-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...)
	- prewikka 1.0.0-1.1 (low; bug #584469)
	[lenny] - prewikka <no-dsa> (The insecure permissions only apply for a very short timeframe during pkg update)
	NOTE: FEDORA-2009-3761 http://lwn.net/Articles/330642
CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2. ...)
	NOT-FOR-US: Apache MyFaces
CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files vi ...)
	- gv 1:3.7.1-1 (low)
	[lenny] - gv <no-dsa> (Minor issue)
CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the curre ...)
	- ghostscript 8.71~dfsg2-6.1 (bug #584653; bug #592569; bug #584663)
	[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 t ...)
	NOT-FOR-US: SBLIM SFCB
CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local user ...)
	- emesene 1.6.2-1 (low)
	[lenny] - emesene <not-affected> (Introduced in 1.6.1)
CVE-2010-2052
	REJECTED
CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows  ...)
	NOT-FOR-US: Debliteck DBCart
CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS Comment (c ...)
	NOT-FOR-US: Moron Solutions MS Comment
CVE-2010-2049 (Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportRe ...)
	NOT-FOR-US: ManageEngine ADAudit Plus
CVE-2010-2048 (Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat m ...)
	NOT-FOR-US: Heartbeat module for Drupal
CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allow ...)
	NOT-FOR-US: JE CMS
CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelpe ...)
	NOT-FOR-US: ActiveHelper LiveHelp for Joomla
CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...)
	NOT-FOR-US: Dione Form Wizard
CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) compone ...)
	NOT-FOR-US: Konsultasi for Joomla
CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack Sys ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows remot ...)
	NOT-FOR-US: ECShop
CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...)
	NOT-FOR-US: PHP-Calendar
CVE-2010-2040 (Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzi ...)
	NOT-FOR-US: V-EVA Shopzilla script
CVE-2010-2039 (Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1 ...)
	NOT-FOR-US: gpEasy CMS
CVE-2010-2038 (Cross-site scripting (XSS) vulnerability in include/tool/editing_files ...)
	NOT-FOR-US: gpEasy CMS
CVE-2010-2037 (Directory traversal vulnerability in the Percha Downloads Attach (com_ ...)
	NOT-FOR-US: Percha
CVE-2010-2036 (Directory traversal vulnerability in the Percha Fields Attach (com_per ...)
	NOT-FOR-US: Percha
CVE-2010-2035 (Directory traversal vulnerability in the Percha Gallery (com_perchagal ...)
	NOT-FOR-US: Percha
CVE-2010-2034 (Directory traversal vulnerability in the Percha Image Attach (com_perc ...)
	NOT-FOR-US: Percha
CVE-2010-2033 (Directory traversal vulnerability in the Percha Multicategory Article  ...)
	NOT-FOR-US: Percha
CVE-2010-2032 (Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/dig ...)
	NOT-FOR-US: Caucho Technology Resin Professional
CVE-2010-2031 (KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3 ...)
	NOT-FOR-US: Kingsoft Webshield
CVE-2010-2030 (Cross-site scripting (XSS) vulnerability in the External Link Page mod ...)
	NOT-FOR-US: External Link Page module for Drupal
CVE-2010-2029 (Cybozu Office 7 Ktai and Dotsales do not properly restrict access to t ...)
	NOT-FOR-US: Cybozu Office and Dotsales
CVE-2010-2028 (Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 all ...)
	NOT-FOR-US: k23productions TFTPGUI
CVE-2010-2027 (Mathematica 7, when running on Linux, allows local users to overwrite  ...)
	NOT-FOR-US: Mathematica
CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ca ...)
	NOT-FOR-US: Cisco
CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Cisco
CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is enabl ...)
	- exim4 4.72-1 (low)
	[lenny] - exim4 <no-dsa> (Minor issue)
CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable sti ...)
	- exim4 4.72-1 (low)
	[lenny] - exim4 <no-dsa> (Minor issue)
CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root ...)
	- kfreebsd-6 <not-affected> (jail binary not yet provided, see bug #584930)
	- kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930)
	- kfreebsd-8 <not-affected> (jail binary not yet provided, see bug #584930)
CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x befo ...)
	NOT-FOR-US: Global Redirect module for Drupal is not in Debian
CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD  ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default)
	- kfreebsd-7 7.3-2
	[lenny] - kfreebsd-7 <no-dsa> (Minor issue, not enabled by default)
	- kfreebsd-8 8.0-6 (bug #584930)
CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, whe ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2018 (Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4. ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2017 (Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lo ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2016 (SQL injection vulnerability in details.php in Iceberg CMS allows remot ...)
	NOT-FOR-US: Iceberg CMS
CVE-2010-2015 (Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote at ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2014 (Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiS ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2013 (Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK  ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when magi ...)
	NOT-FOR-US: MigasCMS
CVE-2006-7239 (The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c ...)
	- gnutls26 <not-affected> (fix is present in lenny/sid; fixed originally in upstream 1.4.2, which precedes 26)
CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...)
	NOT-FOR-US: Microsoft Dynamics GP
CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool  ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global BS.Playe ...)
	NOT-FOR-US: BS.Global BS.Player
CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter datab ...)
	- mysql-5.1 5.1.48-1
	- mysql-dfsg-5.0 <not-affected> (Only affects MySQL 5.1 onwards)
CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS  ...)
	- mydms <removed> (bug #590904; low)
	[lenny] - mydms <no-dsa> (Minor issue)
	NOTE: seems to have changed name to letoDMS
CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS (forme ...)
	{DSA-2146-1}
	- mydms 1.7.2+1.7.3-1.1 (bug #582587; medium)
	NOTE: seems to have changed name to letoDMS
CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine  ...)
	NOT-FOR-US: Datalife Engine
CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Fre ...)
	NOT-FOR-US: BS.Player
CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Adva ...)
	NOT-FOR-US: Advanced Poll
CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x  ...)
	NOT-FOR-US: Wordfilter module for Drupal
CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module be ...)
	NOT-FOR-US: CiviRegister module for Drupal
CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio)  ...)
	NOT-FOR-US: Biblio module for Drupal
CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie Ope ...)
	NOT-FOR-US: OpenMairie
CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module  ...)
	NOT-FOR-US: CCK TableField module for Drupal
CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus C ...)
	NOT-FOR-US: Saurus CMS
CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 all ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: U ...)
	NOT-FOR-US: Opera
CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations whe ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
	NOTE: poc is just one window, but can be changed to open many
	NOTE: this is a dos-only attack, so its considered unimportant
CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, exec ...)
	- xulrunner <unfixed> (unimportant; bug #582590)
	- iceape <removed> (unimportant)
	NOTE: browser dos attacks are not considered security-relevant
CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG elem ...)
	NOT-FOR-US: Opera
CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cau ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Six Apart Movable type
CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb mo ...)
	NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1983 (Directory traversal vulnerability in the redTWITTER (com_redtwitter) c ...)
	NOT-FOR-US: com_redtwitter component for joomla!
CVE-2010-1982 (Directory traversal vulnerability in the JA Voice (com_javoice) compon ...)
	NOT-FOR-US: com_javoice component for joomla!
CVE-2010-1981 (Directory traversal vulnerability in the Fabrik (com_fabrik) component ...)
	NOT-FOR-US: com_fabrik component for joomla!
CVE-2010-1980 (Directory traversal vulnerability in joomlaflickr.php in the Joomla Fl ...)
	NOT-FOR-US: com_joomlaflickr component for joomla!
CVE-2010-1979 (Directory traversal vulnerability in the Affiliate Datafeeds (com_data ...)
	NOT-FOR-US: com_datafeeds component for joomla!
CVE-2010-1978 (PHP remote file inclusion vulnerability in default_theme.php in FreePH ...)
	NOT-FOR-US: FreePHPBlogSoftware
CVE-2010-1977 (Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmc ...)
	NOT-FOR-US: com_jwhmcs component for joomla!
CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb mo ...)
	NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed> (low)
CVE-2010-1974
	REJECTED
CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...)
	NOT-FOR-US: OpenVMS
CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise In ...)
	NOT-FOR-US: HP Client Automation
CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
	NOT-FOR-US: HP Insight
CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterpr ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
	NOT-FOR-US: HP Insight
CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for W ...)
	NOT-FOR-US: HP Insight
CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows befo ...)
	NOT-FOR-US: HP Insight
CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows re ...)
	NOT-FOR-US: HP ServiceCenter
CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks
CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Netwo ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1960 (Buffer overflow in the error handling functionality in ovwebsnmpsrv.ex ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 be ...)
	NOT-FOR-US: HP TestDirector for Quality Center
CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x b ...)
	NOT-FOR-US: Drupal addon
CVE-2010-1957 (Directory traversal vulnerability in the Love Factory (com_lovefactory ...)
	NOT-FOR-US: com_lovefactory component for joomla!
CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory (com_gadgetfac ...)
	NOT-FOR-US: com_gadgetfactory component for joomla!
CVE-2010-1955 (Directory traversal vulnerability in the Deluxe Blog Factory (com_blog ...)
	NOT-FOR-US: com_blogfactory component for joomla!
CVE-2010-1954 (Directory traversal vulnerability in the iNetLanka Multiple root (com_ ...)
	NOT-FOR-US: com_multiroot component for joomla!
CVE-2010-1953 (Directory traversal vulnerability in the iNetLanka Multiple Map (com_m ...)
	NOT-FOR-US: com_multimap component for joomla!
CVE-2010-1952 (Directory traversal vulnerability in the BeeHeard (com_beeheard) and B ...)
	NOT-FOR-US: com_beeheard component for joomla!
CVE-2010-1951 (Multiple directory traversal vulnerabilities in 60cycleCMS allow remot ...)
	NOT-FOR-US: 60cycleCMS
CVE-2010-1950 (SQL injection vulnerability in the Online News Paper Manager (com_jnew ...)
	NOT-FOR-US: Online News Paper Manager
CVE-2010-1949 (SQL injection vulnerability in the Online News Paper Manager (com_jnew ...)
	NOT-FOR-US: Online News Paper Manager
CVE-2010-1948 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...)
	NOT-FOR-US: openMairie
CVE-2010-1947 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...)
	NOT-FOR-US: openMairie
CVE-2010-1946 (Multiple PHP remote file inclusion vulnerabilities in openMairie Openr ...)
	NOT-FOR-US: openMairie
CVE-2010-1945 (Multiple PHP remote file inclusion vulnerabilities in openMairie Openf ...)
	NOT-FOR-US: openMairie
CVE-2010-1944 (Multiple PHP remote file inclusion vulnerabilities in openMairie openC ...)
	NOT-FOR-US: openMairie
CVE-2010-1943 (Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister  ...)
	NOT-FOR-US: NEC CapsSuite Small Edition
CVE-2010-1942 (Unspecified vulnerability in the Servlet service in Fujitsu Limited In ...)
	NOT-FOR-US: Fujitsu Limited Interstage Application Server
CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ear ...)
	NOT-FOR-US: NEC WebSAM DeploymentManager
CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header  ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: Safari-specific. Chromium and Safari have totally separate HTTP stacks.
CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows r ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code execution is possible
	NOTE: This is Safari only
CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...)
	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
	[lenny] - opie 2.32-10.2+lenny2
CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SF ...)
	NOT-FOR-US: SBLIM SFCB
CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...)
	NOT-FOR-US: openMairie openComInterne
CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie Ope ...)
	NOT-FOR-US: openMairie Openpresse
CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie openP ...)
	NOT-FOR-US: openMairie openPlanning
CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...)
	NOT-FOR-US: openMairie openPlanning
CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie openC ...)
	NOT-FOR-US: openMairie openCourrier
CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ope ...)
	NOT-FOR-US: openMairie openCourrier
CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows  ...)
	NOT-FOR-US: tekno.Portal
CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shop ...)
	NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System
CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 So ...)
	NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System
CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 all ...)
	NOT-FOR-US: 29o3 CMS
CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie openA ...)
	NOT-FOR-US: OpenMairie openAnnuaire
CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ope ...)
	NOT-FOR-US: OpenMairie openAnnuaire
CVE-2010-1933
	RESERVED
CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allow ...)
	NOT-FOR-US: XnView
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in CubeCa ...)
	NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows  ...)
	NOT-FOR-US: Novell iManager
CVE-2010-1929 (Multiple stack-based buffer overflows in the jclient._Java_novell_jcli ...)
	NOT-FOR-US: Novell iImanager
CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allow ...)
	NOT-FOR-US: EMC
CVE-2010-1913 (The default configuration of pluginlicense.ini for the SdcWebSecureBas ...)
	NOT-FOR-US: Consona
CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistan ...)
	NOT-FOR-US: Consona
CVE-2010-1911 (The site-locking implementation in the SdcWebSecureBase interface in t ...)
	NOT-FOR-US: Consona
CVE-2010-1910 (The Forgot Password implementation in Consona Live Assistance, Dynamic ...)
	NOT-FOR-US: Consona
CVE-2010-1909 (Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX c ...)
	NOT-FOR-US: Consona
CVE-2010-1908 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live As ...)
	NOT-FOR-US: Consona
CVE-2010-1907 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live As ...)
	NOT-FOR-US: ConsonA
CVE-2010-1906 (tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manag ...)
	NOT-FOR-US: Consona
CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live As ...)
	NOT-FOR-US: Consona
CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5. ...)
	NOT-FOR-US: EMC RSA key manager
CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, a ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007  ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Offi ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Offi ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1884
	REJECTED
CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsof ...)
	NOT-FOR-US: MPEG Layer-3 Audio Codec for
CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1878 (Directory traversal vulnerability in the OrgChart (com_orgchart) compo ...)
	NOT-FOR-US: com_orgchart component for joomla!
CVE-2010-1877 (SQL injection vulnerability in the JTM Reseller (com_jtm) component 1. ...)
	NOT-FOR-US: com_jtm component for joomla!
CVE-2010-1876 (SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allow ...)
	NOT-FOR-US: AJ Shopping Cart
CVE-2010-1875 (Directory traversal vulnerability in the Real Estate Property (com_pro ...)
	NOT-FOR-US: com_properties component for joomla!
CVE-2010-1874 (SQL injection vulnerability in the Real Estate Property (com_propertie ...)
	NOT-FOR-US: com_properties component for joomla!
CVE-2010-1873 (SQL injection vulnerability in the Jvehicles (com_jvehicles) component ...)
	NOT-FOR-US: com_jvehicles component for joomla!
CVE-2010-1872 (Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2 ...)
	NOT-FOR-US: FlashCard
CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlie ...)
	NOT-FOR-US: EFront ask_chat
CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 thro ...)
	{DSA-2089-1}
	- php5 5.3.3-1 (low)
	[lenny] - php5 <no-dsa> (Minor issue)
CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2  ...)
	- serendipity 1.5.3-1
	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
	- horde3 <not-affected> (Vulnerable code not included, see bug #585165)
	- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
	- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3. ...)
	- php5 <removed> (unimportant)
CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...)
	- php5 <removed> (unimportant)
CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Pl ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
	- libstruts1.2-java <not-affected> (issue involves a problem in xwork, which was introduced in struts2)
	- libspring-2.5-java <not-affected> (Vulnerable code not present)
CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
	{DSA-2080-1}
	- ghostscript 8.71~dfsg-4
	NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...)
	- php5 <removed> (unimportant)
CVE-2010-1867 (SQL injection vulnerability in the ArticleAttachment::GetAttachmentsBy ...)
	NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chu ...)
	- php5 5.3.3-1 (low)
	[lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earl ...)
	NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module (modules/shoutbox.p ...)
	NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3 ...)
	- php5 <removed> (unimportant)
CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
	- php5 <removed> (unimportant)
CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 thro ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) c ...)
	NOT-FOR-US: com_smestorage component for joomla!
CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...)
	NOT-FOR-US: RepairShop2
CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1 ...)
	NOT-FOR-US: RepairShop2
CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch &amp; Bid  ...)
	NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Wat ...)
	NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function i ...)
	- transmission 1.92-1
	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is enab ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses cook ...)
	NOT-FOR-US: Invisible Hand extension for chromium
CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in  ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows B ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal a ...)
	NOT-FOR-US: PHPCityPortal
CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest B ...)
	NOT-FOR-US: Nasim Guest Book
CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0  ...)
	NOT-FOR-US: Hitron Soft Answer Me
CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a d ...)
	NOT-FOR-US: Tuniac
CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Scrip ...)
	NOT-FOR-US: Matt's Script Archive (MSA) Simple Search
CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in I-Esco ...)
	NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in escorts_search. ...)
	NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows r ...)
	NOT-FOR-US: UltraPlayer Media Player
CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote att ...)
	NOT-FOR-US: Alwasel
CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...)
	NOT-FOR-US: SupportPRO SupportDesk
CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier  ...)
	NOT-FOR-US: Typing Pal
CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work Ord ...)
	NOT-FOR-US: Online Work Order Suite (OWOS)
CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Yaho ...)
	NOT-FOR-US: Yahoo Answers Clone
CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vot ...)
	NOT-FOR-US: PHP Photo Vote
CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy S ...)
	NOT-FOR-US: PHP Easy Shopping Cart
CVE-2009-4855
	NOT-FOR-US: Bogus issue claimed for typo3
	NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3
CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to execut ...)
	NOT-FOR-US: TalkBack
CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before  ...)
	NOT-FOR-US: JumpBox
CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...)
	NOT-FOR-US: SemanticScuttle
CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before  ...)
	NOT-FOR-US: XOOPS
CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote at ...)
	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer
CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirt ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual Vir ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to caus ...)
	NOT-FOR-US: Deliantra Server
CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...)
	NOT-FOR-US: Deliantra Server
CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 con ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to t ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require admin ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual Vir ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allo ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-XXXX [wicd changes permissions of resolv.conf]
	- wicd 1.7.0+ds1-3 (low; bug #582798)
CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through  ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1  ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly pe ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remot ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x be ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1839
	RESERVED
CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1835
	RESERVED
CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly val ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1831 (Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1827
	RESERVED
CVE-2010-1826
	RESERVED
CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome befor ...)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Apple iTunes before ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/66795
CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in Googl ...)
	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/65958
CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 an ...)
	- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
	- chromium-browser 6.0.472.62~r59676-1
CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10 ...)
	NOT-FOR-US: Apple Filing Protocol Server
CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple Qui ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple Quick ...)
	NOT-FOR-US: QuickTime
CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and i ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the  ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webki ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows rem ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows re ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and  ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android  ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/64706
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461
	NOTE: the problem is that the standard-library strtod()
	NOTE: parses "NAN(payload)" as a NaN with a user-defined payload, which is bad for the nan-boxing
	NOTE: scheme used by webkit (and mozilla). The fix is not to accept "NAN(payload)".
	NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)")
	NOTE: reproduced with epiphany
CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x  ...)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/63772
CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 a ...)
	- webkit <not-affected> (windows-specific issue)
	- chromium-browser <not-affected> (windows-specific issue)
	NOTE: This is the windows DLL planting attack
CVE-2010-1804 (Unspecified vulnerability in the network bridge functionality on the A ...)
	NOT-FOR-US: Apple
CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perf ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 an ...)
	NOT-FOR-US: CoreGraphics
CVE-2010-1800 (CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL a ...)
	NOT-FOR-US: CFNetwork
CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in Appl ...)
	NOT-FOR-US: Apple QuickTime on Windows
CVE-2010-1798
	RESERVED
CVE-2010-1797 (Multiple stack-based buffer overflows in the cff_decoder_parse_charstr ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 thr ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: Very Safari specific
CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when r ...)
	NOT-FOR-US: Apple iTunes on Windows
CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel exte ...)
	NOT-FOR-US: Apple
CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari befo ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: http://trac.webkit.org/changeset/62482
	NOTE: http://trac.webkit.org/changeset/62662
	NOTE: duplicated as cve-2010-2902
CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/62386
	NOTE: Chromium uses a totally different regexp implementation.
CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/62301
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on M ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994
	NOTE: http://trac.webkit.org/changeset/62482
CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/61044
CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: http://trac.webkit.org/changeset/61667
	NOTE: duplicated as cve-2010-2647
CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: http://trac.webkit.org/changeset/61050
	NOTE: http://trac.webkit.org/changeset/61051
CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) impleme ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: http://trac.webkit.org/changeset/62271
CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	{DSA-2188-1}
	- webkit 1.2.7-1
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899
	NOTE: http://trac.webkit.org/changeset/62134
CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and  ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
	NOTE: http://trac.webkit.org/changeset/61921
CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPh ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407
	NOTE: http://trac.webkit.org/changeset/60984
CVE-2010-1779
	RESERVED
CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1  ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: Safari only (chromium security team)
CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-1776 (Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iO ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone an ...)
	NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
	NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-1773 (Off-by-one error in the toAlphabetic function in rendering/RenderListM ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
	NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in Web ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
	NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
	NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
	NOTE: http://trac.webkit.org/changeset/59795
CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 o ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: dupe of CVE-2010-1774
CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local user ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in loader/DocumentThre ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
	NOTE: http://trac.webkit.org/changeset/57041
CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake functi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
	NOTE: http://trac.webkit.org/changeset/56380
CVE-2010-1765
	RESERVED
	- webkit <not-affected> (doesn't include cf code)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933
	NOTE: http://trac.webkit.org/changeset/57995
CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410
	NOTE: http://trac.webkit.org/changeset/55157
CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Wind ...)
	- webkit <not-affected> (vulnerable code introduced in svn58950, which isn't included in 1.2.1 yet)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008
	NOTE: http://trac.webkit.org/changeset/59486
CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
	NOTE: http://trac.webkit.org/changeset/59241
	NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
	NOTE: http://trac.webkit.org/changeset/59263
CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementati ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
	NOTE: http://trac.webkit.org/changeset/58409
CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
	NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
	NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enf ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod  ...)
	NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not pro ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does  ...)
	NOT-FOR-US: Apple Passcode Lock
CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remo ...)
	NOT-FOR-US: iOS
CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the  ...)
	NOT-FOR-US: Apple CFNetwork
CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...)
	NOT-FOR-US: Apple Application Sandbox
CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows all ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
	NOTE: http://trac.webkit.org/changeset/45941
CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web interfa ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-1747
	RESERVED
CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (c ...)
	NOT-FOR-US: com_grid component for joomla!
CVE-2010-1745
	REJECTED
CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows  ...)
	NOT-FOR-US: B2B Gold Script
CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...)
	NOT-FOR-US: Scratcher
CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher  ...)
	NOT-FOR-US: Scratcher
CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC 5.2. ...)
	NOT-FOR-US: Billwerx
CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows r ...)
	NOT-FOR-US: GuppY
CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...)
	NOT-FOR-US: com_newsfeeds component for joomla!
CVE-2010-1738
	REJECTED
CVE-2010-1737 (PHP remote file inclusion vulnerability in core/includes/gfw_smarty.ph ...)
	NOT-FOR-US: Gallo
CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: KrM Haber
CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft W ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02 ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a denia ...)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults)
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
	NOTE: not reproducible with chromium-browser 5.0.375.55~r47796-1
CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...)
	NOT-FOR-US: Dolphin browser, Konqueror not covered by security support
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...)
	- webkit <unfixed> (unimportant)
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
	NOTE: dos-only on webkit
CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a  ...)
	NOT-FOR-US: Opera
CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote a ...)
	NOT-FOR-US: JobPost
CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...)
	NOT-FOR-US: EC21
CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinu ...)
	NOT-FOR-US: Alibaba Clone Platinum
CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula Applicat ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in  ...)
	NOT-FOR-US: Roxio CinePlayer
CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in IAManag ...)
	NOT-FOR-US: Roxio CinePlayer
CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis  ...)
	- acidbase 1.4.5-1 (bug #587819)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis an ...)
	- acidbase 1.4.4-1 (low)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis  ...)
	- acidbase 1.4.4-1 (low)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP  ...)
	NOT-FOR-US: Movie PHP Script
CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ( ...)
	- libsndfile 1.0.21-3 (unimportant; bug #530831)
	NOTE: application crash only, so not security-relevant
CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw Roo ...)
	NOT-FOR-US: com_drawroot component for joomla!
CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) co ...)
	NOT-FOR-US: com_market component for joomla!
CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka IPropert ...)
	NOT-FOR-US: com_iproperty component for joomla!
CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) componen ...)
	NOT-FOR-US: com_qpersonel component for joomla!
CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagl ...)
	NOT-FOR-US: com_mtfireeagle component for joomla!
CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery  ...)
	NOT-FOR-US: com_archeryscores component for joomla!
CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT (com_if_surfaler ...)
	NOT-FOR-US: com_if_surfalert component for joomla!
CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) co ...)
	NOT-FOR-US: com_agenda component for joomla!
CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka Onlin ...)
	NOT-FOR-US: com_onlineexam component for joomla!
CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games (com_arcadegames ...)
	NOT-FOR-US: com_arcadegames component for joomla!
CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows re ...)
	NOT-FOR-US: PostNuke
CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.p ...)
	NOT-FOR-US: Webmobo WB News
CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siest ...)
	NOT-FOR-US: Siestta
CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when re ...)
	NOT-FOR-US: Siestta
CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G ...)
	NOT-FOR-US: G5-Scripts
CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free Realt ...)
	NOT-FOR-US: Free Realty
CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	- piwigo 2.0.10-1
CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
	NOT-FOR-US: 2daybiz Auction Script
CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows re ...)
	NOT-FOR-US: Modelbook
CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced  ...)
	NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in index_search.ph ...)
	NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script  ...)
	NOT-FOR-US: PHP Video Battle Script
CVE-2010-1700
	REJECTED
CVE-2010-1699
	REJECTED
CVE-2010-1698
	REJECTED
CVE-2010-1697
	REJECTED
CVE-2010-1696
	REJECTED
CVE-2010-1695
	REJECTED
CVE-2010-1694
	REJECTED
CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows loc ...)
	NOT-FOR-US: OpenFabrics Enterprise Distribution (OFED)
	NOTE: openibd is part of ofa-kernel (ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd), fixed in 2010-10-28 build
	NOTE: http://www.openfabrics.org/downloads/ofa_1_5_kernel/
	NOTE: ITP for ofa-kernel is bug #541849
CVE-2010-1692
	REJECTED
CVE-2010-1691
	REJECTED
CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1688 (Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20. ...)
	NOT-FOR-US: 2BrightSparks SyncBack Freeware
CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows rem ...)
	NOT-FOR-US: Mocha W32 LPD
CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Bac ...)
	NOT-FOR-US: Urgent Backup
CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user ...)
	NOT-FOR-US: CursorArts ZipWrangler
CVE-2010-1684
	RESERVED
CVE-2010-1683
	RESERVED
CVE-2010-1682
	RESERVED
CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office Visio
CVE-2010-1680
	REJECTED
CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 1.14.3 ...)
	{DSA-2142-1}
	- dpkg 1.15.8.8
CVE-2010-1678 (Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol  ...)
	- mapserver 5.6.5-2
	NOTE: http://trac.osgeo.org/mapserver/ticket/3641
CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (C ...)
	- mhonarc 2.6.18-1 (low)
	[squeeze] - mhonarc <no-dsa> (Minor issue)
CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0 ...)
	{DSA-2136-1}
	- tor 0.2.1.26-6
CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a denia ...)
	{DSA-2197-1}
	- quagga 0.99.18-1
CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows  ...)
	{DSA-2197-1}
	- quagga 0.99.18-1
CVE-2010-1673 (A cross-site scripting (XSS) vulnerability in ikiwiki before 3.2010111 ...)
	- ikiwiki 3.20101112
	[squeeze] - ikiwiki 3.20100815.2
	[lenny] - ikiwiki <not-affected>
CVE-2010-1672
	RESERVED
CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain privilege ...)
	- hsolink <removed> (bug #590670)
CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has i ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x bef ...)
	- mahara 1.2.5-1
	[lenny] - mahara <not-affected>
CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara b ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1 ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding i ...)
	{DSA-2068-1}
	- python-cjson 1.0.5-3 (bug #587700)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, whic ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58201
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 media ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/57922
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google Chro ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (issue is in google url; i.e. chromium-specific)
CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Qui ...)
	NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0 ...)
	NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript Classified ...)
	NOT-FOR-US: CLScript Classifieds Script
CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio (com_ultim ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard (com_ ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1657 (Directory traversal vulnerability in the SmartSite (com_smartsite) com ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1656 (SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1. ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in  ...)
	NOT-FOR-US: PowerEasy
CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in I ...)
	NOT-FOR-US: Infocus Real Estate Enterprise Edition
CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics (com ...)
	NOT-FOR-US: Graphics component for Joomla!
CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help Cen ...)
	NOT-FOR-US: Help Center Live
CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...)
	NOT-FOR-US: Joomla!
CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
	- mediawiki 1:1.15.4-1 (bug #585918; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15 ...)
	- mediawiki 1:1.15.4-1 (bug #585918; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1. ...)
	{DSA-2062-1}
	- sudo 1.7.2p7-1 (bug #585394)
CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HP ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcomm ...)
	- linux-2.6 2.6.28-1
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Sa ...)
	- samba 2:3.5.4~dfsg-2 (unimportant)
	NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel b ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in  ...)
	- clamav 0.96.1+dfsg-1 (bug #584183)
	[lenny] - clamav <end-of-life>
CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...)
	- clamav 0.96.1+dfsg-1 (bug #584183)
	[lenny] - clamav <end-of-life>
CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall res ...)
	- horde3 <unfixed> (unimportant)
CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...)
	- squirrelmail 2:1.4.21-1 (unimportant)
CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functi ...)
	- linux-2.6 2.6.32-14
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 an ...)
	- samba 2:3.6.1-2 (unimportant)
	NOTE: http://git.samba.org/?p=samba.git;a=commitdiff;h=25452a2268ac7013da28125f3df22085139af12d
	NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in Pytho ...)
	- python3.1 3.1.2+20100822-1 (low)
	- python2.7 2.7-1 (low)
	- python2.6 2.6.6-1 (low)
	- python2.5 2.5.5-10 (low; bug #599739)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in O ...)
	- openssl <not-affected> (This bug is only present in OpenSSL 1.0.0, first version of 1.0.0 ever uploaded was 1.0.0c)
CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...)
	- axis2c 1.6.0-1
CVE-2010-1631
	REJECTED
CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unk ...)
	- phpbb3 3.0.7-PL1-1 (low)
	[lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allow ...)
	NOT-FOR-US: Phorum
CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows context-dep ...)
	{DSA-2093-1}
	- ghostscript 8.71~dfsg2-4 (medium; bug #584516)
	NOTE: no upstream fix available, see issue #1 in ubuntu bug report:
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permi ...)
	- phpbb3 3.0.7-PL1-1 (low)
	[lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index fi ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.46-1 (bug #582526)
	- mysql-dfsg-5.0 <removed> (low; bug #584400)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer befor ...)
	{DSA-2092-1}
	- lxr <removed> (low; bug #588138)
	[lenny] - lxr <no-dsa> (Minor issue)
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in l ...)
	- pidgin 2.7.0-1 (low)
	[lenny] - pidgin 2.4.3-4lenny6
	NOTE: MSN support was disabled in 2.4.3-4lenny6
CVE-2010-1623 (Memory leak in the apr_brigade_split_line function in buckets/apr_brig ...)
	{DSA-2117-1}
	- apr-util 1.3.9+dfsg-4 (medium)
	- apache2 2.2.16-3
	[lenny] - apache2 <not-affected> (vulnerable code introduced in 2.2.15-2 or -3)
CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2 ...)
	- libspring-2.5-java 2.5.6.SEC02-1 (medium)
CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1  ...)
	- mysql-5.1 5.1.46-1
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190
CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in gdoma ...)
	- gnustep-base 1.19.3-2 (bug #584401)
	[lenny] - gnustep-base <no-dsa> (Minor issue)
CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Applianc ...)
	NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allo ...)
	NOT-FOR-US: AlegroCart
CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in OpenCa ...)
	NOT-FOR-US: OpenCart
CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and pos ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web Merch ...)
	NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla!
CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Port ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs  ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or co ...)
	NOT-FOR-US: ZiMB Core component for Joomla!
CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment ...)
	NOT-FOR-US: ZiMB Comment component for Joomla!
CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) co ...)
	NOT-FOR-US: JA Comment component for Joomla!
CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall)  ...)
	NOT-FOR-US: Media Mall Factory component for Joomla!
CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2. ...)
	NOT-FOR-US: NKInFoWeb
CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when Ima ...)
	NOT-FOR-US: phpThumb()
CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allo ...)
	NOT-FOR-US: ZipGenius
CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Zeroboard
CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not veri ...)
	NOT-FOR-US: MySQL Connector/NET
CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...)
	NOT-FOR-US: DLPCryptCore
CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates du ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the fix_non_standard_entit ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (low; bug #585425)
	- wordpress <not-affected> (Vulnerable code not present)
	- egroupware <not-affected> (Vulneable code not present)
CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library  ...)
	{DSA-2115-1}
	- libphp-cas <itp> (bug #495542)
	- moodle 1.9.8-1 (low; bug #574757)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 doe ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (unimportant; bug #585427)
	NOTE: i have a hard time seeing the security impact, moodle is a course management
	NOTE: system and the real names of your colleagues are probably not a secret, since
	NOTE: a patch exists I filed a bug anyway
CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restorin ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 a ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x be ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate se ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication w ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS  ...)
	- ocsinventory-server 1.02.1-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/inde ...)
	- ocsinventory-server 1.02.1-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe be ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoft ...)
	NOT-FOR-US: SiSoftware Sandra
CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does n ...)
	NOT-FOR-US: Beijing Rising International Rising Antivirus
CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Roc ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt I ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in shopsessions ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4. ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management Ho ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFrag ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module before  ...)
	NOT-FOR-US: Context module for drupal
CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the TznDbConn ...)
	NOT-FOR-US: Tirzen Framework
CVE-2010-1582
	RESERVED
CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) implem ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Ad ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used  ...)
	NOT-FOR-US: Cisco
CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before 8.2 ...)
	NOT-FOR-US: Cisco
CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...)
	NOT-FOR-US: Cisco
CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000  ...)
	NOT-FOR-US: Cisco
CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded userna ...)
	NOT-FOR-US: Linksys firmware
CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in Cisc ...)
	NOT-FOR-US: Cisco
CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco Uni ...)
	NOT-FOR-US: Cisco
CVE-2010-1569
	RESERVED
CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag Plug- ...)
	NOT-FOR-US: Cisco IronPort Desktop Flag Plug-in for Microsoft Outlook
CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1566
	RESERVED
CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...)
	NOT-FOR-US: com_sermonspeaker component for joomla!
CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attac ...)
	- openx <itp> (bug #513771)
CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated Logout modul ...)
	NOT-FOR-US: Automated Logout module for drupal
CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in administration/admi ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in Mail M ...)
	NOT-FOR-US: Mail Manager Pro
CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.ph ...)
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...)
	NOT-FOR-US: 8pixel.net Blog
CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Ser ...)
	{DSA-1897-1}
	- kolab-webclient <undetermined>
	- horde3 3.3.5+debian0-1
	NOTE: package only in experimental; claimed fixed in version 20091202, but not enough info to check
	NOTE: http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/horde-webmail/1.2.0/tg/Attic/t_framework_H_JS_Form_FixFormSecurityForImageUploads.diff?rev=1.1.2.1&only_with_tag=kolab_2_2_branch
CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.h ...)
	NOT-FOR-US: cPanel
CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require administrativ ...)
	NOT-FOR-US: D-Link DIR-615
CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web root with  ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php in PHP ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in PHPSimplicity  ...)
	NOT-FOR-US: PHPSimplicity of Upload
CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate Uploader ...)
	NOT-FOR-US: Element-IT Ultimate Uploader
CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php in MegaL ...)
	NOT-FOR-US: MegaLab The Uploader
CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remo ...)
	NOT-FOR-US: Serv-U
CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research webMathem ...)
	NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBu ...)
	NOT-FOR-US: MyBB
CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to obtain sens ...)
	NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Aut ...)
	NOT-FOR-US: VMware
CVE-2010-2447 (gitolite before 1.4.1 does not filter src/ or hooks/ from path names. ...)
	- gitolite 1.4.2-1 (low)
	NOTE: http://secunia.com/advisories/39587/
CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...)
	- gitolite 1.4.2-1 (medium)
	NOTE: http://secunia.com/advisories/39587/
CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...)
	NOT-FOR-US: HP MFP Digital Sending Software
CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Cont ...)
	NOT-FOR-US: HP Insight Control Server Migration
CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe i ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in n ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView Netw ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 an ...)
	NOT-FOR-US: HP LoadRunner
CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) m ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Chao ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1545
	RESERVED
CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to c ...)
	NOT-FOR-US: RCA DCM425 Cable Modem
CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...)
	NOT-FOR-US: eTracker module for drupal
CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/co ...)
	NOT-FOR-US: DFD Cart
CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...)
	NOT-FOR-US: DFD Cart
CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog (com_mybl ...)
	NOT-FOR-US: com_myblog component for joomla!
CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2. ...)
	NOT-FOR-US: workflow module for drupal
CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0 ...)
	NOT-FOR-US: phpRAINCHECK
CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...)
	NOT-FOR-US: phpCDB
CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module  ...)
	NOT-FOR-US: AddThis Button module for drupal
CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) c ...)
	NOT-FOR-US: com_travelbook component for joomla!
CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) c ...)
	NOT-FOR-US: com_shoutbox component for joomla!
CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) compone ...)
	NOT-FOR-US: com_tweetla component for joomla!
CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro (com_ ...)
	NOT-FOR-US: com_powermail component for joomla!
CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) compone ...)
	NOT-FOR-US: com_redshop component for joomla!
CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the Internation ...)
	NOT-FOR-US: Internationalization module for drupal
CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) compo ...)
	NOT-FOR-US: com_fsf component for joomla!
CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in Uig ...)
	NOT-FOR-US: Uiga Proxy
CVE-2010-1527 (Stack-based buffer overflow in Novell iPrint Client before 5.44 allows ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...)
	- libgdiplus 2.6.7-2 (low; bug #594155)
	[lenny] - libgdiplus 1.9-1+lenny1
CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in A ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4  ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...)
	NOT-FOR-US: Winamp
CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_b ...)
	NOT-FOR-US: com_booklibrary component for joomla!
CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in TaskFre ...)
	NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! O ...)
	NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow context-depe ...)
	- libglpng <removed> (low; bug #595171)
	[lenny] - libglpng <no-dsa> (Minor issue)
CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 Activ ...)
	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...)
	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...)
	NOT-FOR-US: SWFtools (were once packaged)
CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in To ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier  ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allo ...)
	- ziproxy 3.1.0-1 (bug #584933)
	[lenny] - ziproxy <no-dsa> (Minor issue, obscure attack vector)
CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows remote  ...)
	{DSA-2047-1}
	- aria2 1.9.3-1
	NOTE: http://seclists.org/fulldisclosure/2010/May/168
CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request dow ...)
	- kdenetwork 4:4.4.4-1 (low)
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
	NOTE: http://seclists.org/fulldisclosure/2010/May/164
CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer  ...)
	NOT-FOR-US: IrfanView
CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the We ...)
	NOT-FOR-US: YAST
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow atta ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (doesn't use v8 bindings yet)
	NOTE: http://trac.webkit.org/changeset/45826
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210
	NOTE: http://trac.webkit.org/changeset/57224
CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.2 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.2 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific directory traversal)
CVE-2010-1501
	REJECTED
CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, whi ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (proof-of-concept not effective; chromium-specific issue)
CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allow ...)
	NOT-FOR-US: MusicBox
CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow re ...)
	NOT-FOR-US: dl_stats
CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in dl_st ...)
	NOT-FOR-US: dl_stats
CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component 1 ...)
	NOT-FOR-US: com_joltcard component for joomla!
CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) compone ...)
	NOT-FOR-US: com_matamko component for joomla!
CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) compone ...)
	NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component bef ...)
	NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix 1. ...)
	NOT-FOR-US: Elastix
CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) compon ...)
	NOT-FOR-US: com_mmsblog component for joomla!
CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before 2.5. ...)
	- samhain 2.5.4-1 (unimportant)
	NOTE: Support for client/server operation is not enabled in the Debian packages
CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File Sharin ...)
	NOT-FOR-US: Easy File Sharing Web Server
CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers ...)
	NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article Publishe ...)
	NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library 1.0.1 does ...)
	NOT-FOR-US: Digital Interchange Document Library
CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_q ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) ex ...)
	NOT-FOR-US: cal extension for typo3
CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary (a21glossary ...)
	NOT-FOR-US: a21glossary extension for typo3
CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr) extension be ...)
	NOT-FOR-US: fsatmgr extension for typo3
CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows remote at ...)
	NOT-FOR-US: EZ-Blog
CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...)
	NOT-FOR-US: IBM Cognos
CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 al ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with in ...)
	NOT-FOR-US: Diskos CMS
CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote  ...)
	NOT-FOR-US: Diskos CMS
CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier al ...)
	NOT-FOR-US: JobHut
CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function  ...)
	NOT-FOR-US: glFusion
CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2 ...)
	NOT-FOR-US: Xlight FTP Server
CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remo ...)
	NOT-FOR-US: Community CMS
CVE-2009-4793 (Unrestricted file upload vulnerability in adminpanel/scripts/addphotos ...)
	NOT-FOR-US: BandSite CMS
CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in  ...)
	NOT-FOR-US: BandSite CMS
CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka FCMS ...)
	NOT-FOR-US: Family Connections
CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog com ...)
	NOT-FOR-US: mojoblog component for joomla!
CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allo ...)
	NOT-FOR-US: Pligg
CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg be ...)
	NOT-FOR-US: Pligg
CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1. ...)
	NOT-FOR-US: Pligg
CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) componen ...)
	NOT-FOR-US: com_quicknews component for joomla!
CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component 1 ...)
	NOT-FOR-US: com_joaktree component for joomla!
CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, a ...)
	NOT-FOR-US: Theeta CMS
CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, pos ...)
	NOT-FOR-US: Theeta CMS
CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...)
	NOT-FOR-US: TUKEVA Password Reminder
CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...)
	NOT-FOR-US: phpMyFAQ
CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...)
	NOT-FOR-US: NukeHall
CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the Attac ...)
	NOT-FOR-US: BlackBerry PDF distiller
CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi JP1/Automati ...)
	NOT-FOR-US: Hitachi Job Management / System Observer
CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit fo ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before  ...)
	NOT-FOR-US: Ipswitch WS_FTP Professional
CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 thr ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-XXXX [prosody password world-readable]
	- prosody 0.7.0-1 (low; bug #579087)
CVE-2010-XXXX [gnome-orca: shell access without logon]
	- gnome-orca 2.30.0-2 (bug #578928)
	[lenny] - gnome-orca <not-affected> (Doesn't affect Lenny's version)
CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e an ...)
	{DSA-2039-1}
	- cacti 0.8.7e-3 (bug #578909)
	NOTE: http://seclists.org/fulldisclosure/2010/Apr/272
	NOTE: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly perf ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel befo ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...)
	NOT-FOR-US: CactuShop
CVE-2010-1485
	RESERVED
CVE-2010-1484
	RESERVED
CVE-2010-1483
	RESERVED
CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWik ...)
	NOT-FOR-US: PmWiki
CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica Jfeedbac ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) c ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints (com_alphause ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1475 (Directory traversal vulnerability in the Preventive &amp; Reservation  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper (com_sweetykeep ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope (com_horoscop ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the order-managemen ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard func ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart mod ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5  ...)
	NOT-FOR-US: httpdx
CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...)
	NOT-FOR-US: httpdx
CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft I ...)
	NOT-FOR-US: World of Warcraft
CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pl ...)
	NOT-FOR-US: Plohni Shoutbox
CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves  ...)
	- amsn 0.97.1~debian-1 (low)
CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence Vacc ...)
	NOT-FOR-US: openUrgence
CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence Va ...)
	NOT-FOR-US: openUrgence
CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1 ...)
	NOT-FOR-US: Trellian FTP
CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-S ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE al ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has unk ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle (com_photobattle ...)
	NOT-FOR-US: Photo Battle Component for Joomla!
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware bef ...)
	NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value  ...)
	- mono 2.4.4~svn151842-3 (bug #585440)
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Uti ...)
	NOT-FOR-US: TweakFS
CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not p ...)
	- fetchmail 6.3.16-2 (low)
	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
	NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
	NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293
CVE-2010-1457 (Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local us ...)
	- gnustep-base 1.19.3-2 (bug #584402)
	[lenny] - gnustep-base <not-affected> (Not installed setuid root)
	NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
CVE-2010-1456
	REJECTED
CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 throu ...)
	- wireshark 1.2.8-1 (unimportant)
	NOTE: Not triggerable remotely
CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMwa ...)
	NOT-FOR-US: VMware
CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0. ...)
	- piwik <itp> (bug #506933)
CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2. ...)
	- apache2 2.2.16-1 (low)
	[lenny] - apache2 2.2.9-10+lenny10
CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Li ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10
CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module in P ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5  ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR C ...)
	{DSA-2092-1}
	- lxr <removed> (low; bug #585411)
	[lenny] - lxr <no-dsa> (Minor issue)
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
	NOTE: seems to be a dupe of CVE-2010-1738
CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for  ...)
	{DSA-2267-1 DSA-2051-1}
	- postgresql-8.4 8.4.4-1
	- postgresql-8.3 <removed>
	- perl 5.12.3-1
	NOTE: Originally attributed to Postgres, but also affects standard Perl
CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12 (unimportant)
	NOTE: KGDB is not currently enabled in debian builds
CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 a ...)
	- vlc 1.0.6-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...)
	- vlc 1.0.6-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c in the  ...)
	- vlc 1.0.6-1 (unimportant)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers to caus ...)
	- vlc 1.0.6-1
	[lenny] - vlc 0.8.6.h-4+lenny3
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...)
	- vlc 1.0.6-1
	[lenny] - vlc 0.8.6.h-4+lenny3
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live  ...)
	- texlive-bin 2009-6 (low; bug #580668)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools)  ...)
	NOT-FOR-US: Red Hat Network Client Tools
CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames u ...)
	- wafp <itp> (bug #562949)
CVE-2010-1437 (Race condition in the find_keyring_by_name function in security/keys/k ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-13
CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1435
	RESERVED
CVE-2010-1434
	RESERVED
CVE-2010-1433
	RESERVED
CVE-2010-1432
	RESERVED
CVE-2010-1430
	REJECTED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterpri ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...)
	NOT-FOR-US: MODx Evolution
CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3 allows remo ...)
	NOT-FOR-US: MODx Evolution
CVE-2010-1425 (F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft  ...)
	NOT-FOR-US: F-Secure Internet Security
CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Governm ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before 5 ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
	NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
	NOTE: http://trac.webkit.org/changeset/58616
CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
	NOTE: http://trac.webkit.org/changeset/58844
	NOTE: http://trac.webkit.org/changeset/56651
	NOTE: http://trac.webkit.org/changeset/57627
CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
	NOTE: http://trac.webkit.org/changeset/58201
	NOTE: if this commit is correct, this is a dup of cve-2010-1665
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
	NOTE: http://trac.webkit.org/changeset/56810
CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000
	NOTE: http://trac.webkit.org/changeset/56420
CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818
	NOTE: http://trac.webkit.org/changeset/55783
CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit <not-affected> (affected cf/iss code is not present)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230
	NOTE: http://trac.webkit.org/changeset/57232
CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
	NOTE: http://trac.webkit.org/changeset/57759
	NOTE: http://trac.webkit.org/changeset/57817
CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in tif_fax3. ...)
	{DSA-2084-1}
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603
	NOTE: http://trac.webkit.org/changeset/55511
CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 5. ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451
	NOTE: http://trac.webkit.org/changeset/54193
CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571
	NOTE: http://trac.webkit.org/changeset/56489
	NOTE: http://trac.webkit.org/changeset/56492
	NOTE: http://trac.webkit.org/changeset/56879
CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not pro ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
	NOTE: http://trac.webkit.org/changeset/56365
CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841
	NOTE: http://trac.webkit.org/changeset/50226
	NOTE: http://trac.webkit.org/changeset/50240
CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
	NOTE: http://trac.webkit.org/changeset/56186
CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
	NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
	NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac  ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598
	NOTE: http://trac.webkit.org/changeset/55182
CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353
	NOTE: http://trac.webkit.org/changeset/55196
CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734
	NOTE: http://trac.webkit.org/changeset/54521
CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599
	NOTE: http://trac.webkit.org/changeset/46437
CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Wi ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305
	NOTE: http://trac.webkit.org/changeset/55167
CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842
	NOTE: http://trac.webkit.org/changeset/52034
	NOTE: http://trac.webkit.org/changeset/55114
CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621
	NOTE: http://trac.webkit.org/changeset/55462
	NOTE: http://trac.webkit.org/changeset/55465
CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868
	NOTE: http://trac.webkit.org/changeset/46068
CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: http://trac.webkit.org/changeset/55203
	NOTE: http://trac.webkit.org/changeset/55212
CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
	NOTE: http://trac.webkit.org/changeset/53607
CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
	NOTE: http://trac.webkit.org/changeset/56297
CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage  ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243
	NOTE: http://trac.webkit.org/changeset/56139
CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078
	NOTE: http://trac.webkit.org/changeset/49487
CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33970
	NOTE: http://trac.webkit.org/changeset/53442
	NOTE: http://trac.webkit.org/changeset/53835
	NOTE: http://trac.webkit.org/changeset/53659
CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and b ...)
	- webkit <not-affected> (issue in mac-specific code)
	- chromium-browser <not-affected> (issue in mac-specific code)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28755
	NOTE: http://trac.webkit.org/changeset/47829
CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTun ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
	NOTE: http://trac.webkit.org/changeset/54129
	NOTE: http://trac.webkit.org/changeset/54141
	NOTE: http://trac.webkit.org/changeset/54265
CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2 ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
	NOTE: http://trac.webkit.org/changeset/56188
CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10 ...)
	- webkit <not-affected> (this is a bug in Apple's PDFKit)
	- chromium-browser <not-affected> (this is a bug in Apple's PDFKit)
CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model
	NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar.
CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web se ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X 10.5.8, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in Apple Ma ...)
	NOT-FOR-US: Apple-specific CUPS filter "cgtexttops"
CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perfo ...)
	- openssl <not-affected> (fix for an apple-specific flaw)
	NOTE: sounds like a duplicate of CVE-2009-2409
CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencry ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in App ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, a ...)
	NOT-FOR-US: iChat
CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI  ...)
	- sun-java6 6.20-1 (high)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-2449 (Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID. ...)
	- gource 0.26-2 (low; bug #577958)
CVE-2010-1564
	REJECTED
CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) com ...)
	NOT-FOR-US: Joomla!
CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classifi ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings A ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...)
	NOT-FOR-US: GameScript
CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_log ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in Uig ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as download ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as d ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) componen ...)
	NOT-FOR-US: Joomla!
CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1. ...)
	NOT-FOR-US: Own Term module for Drupal
CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING ...)
	NOT-FOR-US: PHPepperShop
CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.0 ...)
	NOT-FOR-US: FAQEngine
CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL  ...)
	NOT-FOR-US: xt:Commerce
CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio)  ...)
	NOT-FOR-US: Biblio module for Drupal
CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php  ...)
	NOT-FOR-US: SBD Directory Software
CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ( ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communi ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores ...)
	NOT-FOR-US: MS-Pro Portal Scripti
CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web root  ...)
	NOT-FOR-US: CNR Hikaye Portal
CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1 ...)
	NOT-FOR-US: Joomla!
CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) c ...)
	NOT-FOR-US: Joomla!
CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox ...)
	NOT-FOR-US: Joomla!
CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...)
	NOT-FOR-US: Nodesforum
CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4 ...)
	NOT-FOR-US: Joomla!
CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and L ...)
	NOT-FOR-US: IBM AIX
CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...)
	NOT-FOR-US: Mini CMS RibaFS
CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms (com_ck ...)
	NOT-FOR-US: Joomla!
CVE-2010-1344 (SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1343 (SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows re ...)
	NOT-FOR-US: SiteX
CVE-2010-1342 (Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10 ...)
	NOT-FOR-US: Direct News
CVE-2010-1341 (SQL injection vulnerability in index.php in Systemsoftware Community B ...)
	NOT-FOR-US: Systemsoftware Community Black Forum
CVE-2010-1340 (Directory traversal vulnerability in jresearch.php in the J!Research ( ...)
	NOT-FOR-US: Joomla!
CVE-2010-1339 (Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsi ...)
	NOT-FOR-US: Teamsite Hack plugin
CVE-2010-1338 (SQL injection vulnerability in ts_other.php in the Teamsite Hack plugi ...)
	NOT-FOR-US: Teamsite Hack plugin
CVE-2010-1337 (Multiple PHP remote file inclusion vulnerabilities in definitions.php  ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2010-1336 (Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote at ...)
	NOT-FOR-US: INVOhost
CVE-2010-1335 (Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-01 ...)
	NOT-FOR-US: Insky CMS
CVE-2010-1334 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-1333 (Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Comp ...)
	NOT-FOR-US: Almas Inc. Compiere J300_A02
CVE-2010-1332 (Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail  ...)
	NOT-FOR-US: PrettyBook PrettyFormMail
CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...)
	NOT-FOR-US: Heartlogic HL-SiteManager
CVE-2010-1330 (The regular expression engine in JRuby before 1.4.1, when $KCODE is se ...)
	- jruby 1.5.0~rc1-1
CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall 5. ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall
CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1. ...)
	NOT-FOR-US: TornadoStore
CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earli ...)
	NOT-FOR-US: TornadoStore
CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03  ...)
	{DSA-2108-1}
	- cvsnt 2.5.04.3236-1.2 (medium; bug #593884)
	NOTE: http://march-hare.com/cvspro/vuln.htm
CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms pa ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not prope ...)
	- krb5 1.8.3+dfsg-3 (bug #605553)
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...)
	{DSA-2129-1}
	- krb5 1.8.3+dfsg-3 (bug #605553)
CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution  ...)
	- krb5 1.8.3+dfsg-2 (bug #599237)
	[lenny] - krb5 <not-affected> (Only affects 1.8)
	[etch] - krb5 <not-affected> (Only affects 1.8)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt
CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-AP ...)
	{DSA-2052-1}
	- krb5 1.8.1+dfsg-3 (low; bug #582261)
	- heimdal 1.4.0~git20100605.dfsg.1-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution Cent ...)
	- krb5 1.8.1+dfsg-2 (bug #577490)
	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1. ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in  ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the webERPc ...)
	NOT-FOR-US: Joomla!
CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) c ...)
	NOT-FOR-US: Joomla!
CVE-2010-1313 (Directory traversal vulnerability in the Seber Cart (com_sebercart) co ...)
	NOT-FOR-US: Joomla!
CVE-2010-1312 (Directory traversal vulnerability in the iJoomla News Portal (com_news ...)
	NOT-FOR-US: Joomla!
CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.9 ...)
	- clamav 0.96+dfsg-2 (bug #577462; low)
	[lenny] - clamav <end-of-life> (bug #577462; low)
	NOTE: Lenny version achieved end of life! see
	NOTE: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Opera
CVE-2010-1309 (Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0. ...)
	NOT-FOR-US: Pepsi CMS
CVE-2010-1308 (Directory traversal vulnerability in the SVMap (com_svmap) component 1 ...)
	NOT-FOR-US: Joomla!
CVE-2010-1307 (Directory traversal vulnerability in the Magic Updater (com_joomlaupda ...)
	NOT-FOR-US: Joomla!
CVE-2010-1306 (Directory traversal vulnerability in the Picasa (com_joomlapicasa2) co ...)
	NOT-FOR-US: Joomla!
CVE-2010-1305 (Directory traversal vulnerability in jinventory.php in the JInventory  ...)
	NOT-FOR-US: Joomla!
CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...)
	NOT-FOR-US: Joomla!
CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Fi ...)
	NOT-FOR-US: Drupal module
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...)
	NOT-FOR-US: Joomla!
CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows remot ...)
	- centreon-web <itp> (bug #913903)
CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Al ...)
	NOT-FOR-US: Yamamah
CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...)
	NOT-FOR-US: DynPG CMS
CVE-2008-7254 (Directory traversal vulnerability in includes/template-loader.php in I ...)
	NOT-FOR-US: Pepsi CMS
CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allow ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-1297 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow u ...)
	NOT-FOR-US: Adobe Photoshop CS4
CVE-2010-1295 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allo ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator page in  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Playe ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allo ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a d ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D ob ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ca ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validat ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x befor ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in  ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...)
	- zabbix 1:1.8.2-1 (bug #577058)
	[lenny] - zabbix <not-affected> (vulnerable code not present)
	[etch] - zabbix <not-affected> (vulnerable code not present)
	NOTE: This is a bug that was introduced with the Zabbix 1.8 API
CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2  ...)
	NOT-FOR-US: BBSXP
CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...)
	NOT-FOR-US: BBSXP
CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allo ...)
	NOT-FOR-US: Emweb Wt
CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...)
	NOT-FOR-US: Emweb Wt
CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat ...)
	NOT-FOR-US: Gnat-TGP
CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows  ...)
	NOT-FOR-US: smartplugs
CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett  ...)
	NOT-FOR-US: Multi Auktions Komplett System
CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Geb ...)
	NOT-FOR-US: Gebote Pro Auktions System
CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0,  ...)
	NOT-FOR-US: justVisual CMS
CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...)
	NOT-FOR-US: WebMaid CMS
CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2- ...)
	NOT-FOR-US: WebMaid CMS
CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flas ...)
	NOT-FOR-US: dcsFlashGames
CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 ...)
	NOT-FOR-US: Microsoft
CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, a ...)
	NOT-FOR-US: Microsoft
CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, a ...)
	NOT-FOR-US: Microsoft
CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine th ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as u ...)
	NOT-FOR-US: Microsoft
CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Ext ...)
	NOT-FOR-US: Microsoft
CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for ma ...)
	NOT-FOR-US: Microsoft
CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...)
	NOT-FOR-US: Microsoft
CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...)
	NOT-FOR-US: Microsoft
CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Ma ...)
	NOT-FOR-US: Microsoft
CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2 ...)
	NOT-FOR-US: Microsoft
CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
	- moodle <not-affected> (Vulnerable code not present)
	- phpmyadmin <not-affected> (Vulnerable code not present)
	- tcpdf 6.0.010+dfsg-1
	NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
	NOTE: http://seclists.org/fulldisclosure/2010/Apr/104
	NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
CVE-2010-XXXX [xmail insecure temp files handling]
	- xmail 1.27-1 (low)
	[lenny] - xmail <no-dsa> (Minor issue)
	NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
CVE-2010-1159 (Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow r ...)
	- aircrack-ng 1:1.1-1 (low; bug #577758)
	[lenny] - aircrack-ng <no-dsa> (low)
	[etch] - aircrack-ng <no-dsa> (low)
	NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in createDestination.a ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 c ...)
	NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...)
	NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in Ado ...)
	NOT-FOR-US: Acrobat Reader
CVE-2010-1240 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute  ...)
	NOT-FOR-US: Foxit Reader
CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha protectio ...)
	- moin 1.9.2-3 (bug #575995; medium)
	[lenny] - moin 1.7.1-3+lenny4 (bug #575995; medium)
	NOTE: see http://www.debian.org/security/2010/dsa-2024
CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that  ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7  ...)
	NOT-FOR-US: Novell NetWare
CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows r ...)
	NOT-FOR-US: Novell NetWare
CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5  ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5  ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell Ne ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5  ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not p ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows rem ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...)
	NOT-FOR-US: Novell NetWare
CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows rem ...)
	NOT-FOR-US: Novell NetWare
CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 al ...)
	NOT-FOR-US: Novell NetWare
CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to  ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55511
	NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKi ...)
	- webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55822
CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows  ...)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: issue in chrome-specific download dialog
CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow  ...)
	- webkit <not-affected> (v8 and webgl not yet included)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55376
CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a d ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before invoki ...)
	- webkit <not-affected> (does not yet have a "safe browsing" feature; i.e. chromium-specific issue)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior  ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does n ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google Chrom ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System Communicat ...)
	NOT-FOR-US: Sun Java System Communication Express
CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G  ...)
	NOT-FOR-US: Apple iPhone
CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor (a ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x be ...)
	- asterisk 1:1.6.2.6-1 (low; bug #576560)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote at ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, wh ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1220
	RESERVED
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
	- interchange 5.7.6-1
CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) componen ...)
	NOT-FOR-US: com_janews component for Joomla!
CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8 ...)
	NOT-FOR-US: mm_forum extension for TYPO3
CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator (com_jeformcr ...)
	NOT-FOR-US: com_jeformcr component for Joomla!
CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in n ...)
	NOT-FOR-US: notsoPureEdit
CVE-2010-1215 (Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1  ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only affects Firefox 3.6.x and above)
CVE-2010-1214 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x befo ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3. ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
CVE-2010-1212 (js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x bef ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only affects Firefox 3.6.x and above)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - icedove <end-of-life>
	- icedove 3.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1210 (intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3. ...)
	- xulrunner <not-affected> (Only affects 1.9.2 and above)
	- iceweasel <not-affected> (Only affects 1.9.2 and above)
CVE-2010-1209 (Use-after-free vulnerability in the NodeIterator implementation in Moz ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning functionality in ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1207 (Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not prope ...)
	- xulrunner <not-affected> (Only affects 1.9.2 and above)
	- iceweasel <not-affected> (Only affects 1.9.2 and above)
CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in M ...)
	- iceweasel 3.5.11-1
	[lenny] - iceweasel <not-affected> (Vulnerable code not present)
	NOTE: Introduced by https://bugzilla.mozilla.org/show_bug.cgi?id=254714
CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...)
	{DSA-2075-1 DSA-2072-1}
	- libpng 1.2.44-1 (bug #587670)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- tuxonice-userui 1.0-1 (unimportant)
	NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...)
	- bugzilla 3.4.7.0-1 (low; bug #587663)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remo ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
	- iceweasel <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla Fi ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - icedove <end-of-life>
	- icedove 3.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 an ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMon ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[lenny] - icedove <end-of-life>
	- iceape 2.0.5-1
	- icedove 3.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and p ...)
	- libesmtp 1.0.4-2 (bug #311191)
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other versions ...)
	- sahana <itp> (bug #497414)
CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the N ...)
	NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVis ...)
	NOT-FOR-US: ClickHeat plugin
CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kern ...)
	- linux-2.6 2.6.20-1
CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in Li ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6 ...)
	NOT-FOR-US: SAP MaxDB
CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key derived ...)
	NOT-FOR-US: Microsoft Wireless Keyboard
CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003  ...)
	NOT-FOR-US: Microsoft Internet Explorer 7.0
CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Cisco TFTP Server
CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject properti ...)
	- dbus-glib 0.88-1 (low; bug #592753)
	[lenny] - dbus-glib <no-dsa> (Minor issue)
CVE-2010-1171 (Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsol ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before  ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed>
CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed>
CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows context-depe ...)
	- perl 5.10.1-13 (bug #582978)
	[lenny] - perl 5.10.0-19lenny3
CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X  ...)
	- xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected)
	NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated administra ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA  ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does  ...)
	- sudo 1.7.2p6-1 (bug #578275)
	[lenny] - sudo <not-affected> (ignore_dot default value is off and can't be changed in runtime)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3
CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ker ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a fi ...)
	- nano 2.2.4-1 (low; bug #577817)
	[lenny] - nano 2.0.7-5
CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed  ...)
	- nano 2.2.4-1 (low; bug #577817)
	[lenny] - nano 2.0.7-5
CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
	- perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective)
CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allo ...)
	{DSA-2207-1}
	- tomcat6 6.0.26-5 (bug #587447; unimportant)
	- tomcat5.5 <removed> (unimportant)
	NOTE: Negligible information disclosure
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to caus ...)
	- irssi 0.8.15-1 (low)
	[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...)
	- irssi 0.8.15-1 (low)
	[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1154
	REJECTED
CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3 ...)
	- typo3-src 4.3.3-1 (bug #577993)
	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...)
	- memcached 1.4.5-1 (low; bug #579913)
	[lenny] - memcached <no-dsa> (Minor issue)
CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP Serve ...)
	- libapache2-mod-auth-shadow <itp> (bug #503184)
CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not proper ...)
	{DSA-2041-1}
	- mediawiki 1:1.15.3-1 (low)
CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TA ...)
	- udisks 1.0.1-1 (medium; bug #576687)
CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hu ...)
	- opendchub 0.8.2-1 (bug #576308)
	[lenny] - opendchub <not-affected> (Vulnerable code not present)
CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exis ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
	REJECTED
CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in d ...)
	- libnids 1.23-1.2 (low; bug #576281)
	[lenny] - libnids <no-dsa> (Minor issue)
	NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly Virt ...)
	NOT-FOR-US: VMware
CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VM ...)
	NOT-FOR-US: VMware products
CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VM ...)
	NOT-FOR-US: VMware products
CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 an ...)
	NOT-FOR-US: VMware products
CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware W ...)
	NOT-FOR-US: VMware products
CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 bu ...)
	NOT-FOR-US: VMware products
CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Virtua ...)
	NOT-FOR-US: VMware Server
CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs  ...)
	- moin 1.9.2-1 (bug #569975; medium)
	[lenny] - moin 1.7.1-3+lenny3 (bug #569975; medium)
	NOTE: see http://www.debian.org/security/2010/dsa-2014
CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...)
	NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the we ...)
	NOT-FOR-US: Winn ASP Guestbook
CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers  ...)
	NOT-FOR-US: BrotherSoft BMXPlay
CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remot ...)
	NOT-FOR-US: Mpegable Player
CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows r ...)
	NOT-FOR-US: BrotherSoft EW-MusicPlayer
CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatpo ...)
	NOT-FOR-US: Beatport Player
CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 all ...)
	NOT-FOR-US: Mercury Audio Player
CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...)
	NOT-FOR-US: Mercury Audio Player
CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS Adapte ...)
	NOT-FOR-US: Addonics NAS Adapter NASU2FW41
CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5  ...)
	- tikiwiki <removed>
CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...)
	- tikiwiki <removed>
CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in  ...)
	- tikiwiki <removed>
CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x b ...)
	- tikiwiki <removed>
CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, a ...)
	NOTE: browser crashes are not considered security-relevant
CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, do ...)
	- php5 5.3.2-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ha ...)
	- php5 5.3.2-1 (unimportant)
	NOTE: safe_mode not supported
CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not  ...)
	{DSA-2195-1}
	- php5 5.3.2-1 (low)
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data s ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to sen ...)
	- webkit <not-affected> (proof-of-concept not effective; windows-only?)
CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
	NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading  ...)
	NOT-FOR-US: IBM AIX
CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with th ...)
	- deliver <removed>
CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in Swing ...)
	NOT-FOR-US: Swinger Club Portal
CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club Port ...)
	NOT-FOR-US: Swinger Club Portal
CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer  ...)
	NOT-FOR-US: Top Paidmailer
CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 al ...)
	NOT-FOR-US: PHP Live!
CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category  ...)
	NOT-FOR-US: My Category Order plugin for wordpress
CVE-2009-4747 (PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlba ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels D ...)
	NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels Dre ...)
	NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in Expo ...)
	NOT-FOR-US: Exponent CMS
CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in history-storage ...)
	NOT-FOR-US: AfterLogic WebMail
CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote  ...)
	NOT-FOR-US: Docebo
CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Sky ...)
	NOT-FOR-US: Skype
CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ext ...)
	NOT-FOR-US: ws_ecard extension for typo3
CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
	NOT-FOR-US: SkaDate Dating
CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read ...)
	- freeciv 2.2.1-1 (low; bug #584589)
	[lenny] - freeciv <no-dsa> (Minor issue)
	NOTE: http://gna.org/bugs/?15624
CVE-2010-2446 (Rbot Reaction plugin allows command execution ...)
	- rbot 0.9.14-2 (bug #575286)
	[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
	[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allow ...)
	- xulrunner <not-affected> (Only affects the Firefox 3.6 branch)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=552216
CVE-2010-1121 (Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows re ...)
	NOT-FOR-US: Apple Type Services
CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on M ...)
	- webkit 1.2.1-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850
	NOTE: http://trac.webkit.org/changeset/53501
	NOTE: http://trac.webkit.org/changeset/53504
CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows  ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root w ...)
	NOT-FOR-US: LookMer Music Portal
CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server Creat ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web Serv ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 all ...)
	NOT-FOR-US: KloNews
CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete  ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 allow ...)
	NOT-FOR-US: phpMySport
CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...)
	NOT-FOR-US: phpMySport
CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module 5 ...)
	NOT-FOR-US: third-party Drupal module
CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...)
	NOT-FOR-US: third-party Drupal module
CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in Advertisem ...)
	NOT-FOR-US: AdvertisementManager
CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in Advertise ...)
	NOT-FOR-US: AdvertisementManager
CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass intend ...)
	NOT-FOR-US: Stainless
CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...)
	NOT-FOR-US: OmniWeb
CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to b ...)
	NOT-FOR-US: Alexander Clauss iCab
CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended p ...)
	- arora <not-affected> (Advisory is wrong, URL range is protected by QUrl)
CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass int ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as u ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_star ...)
	NOT-FOR-US: DeDeCMS
CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFe ...)
	NOT-FOR-US: ScriptsFeed Dating Software
CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in login_reset_password_page. ...)
	NOT-FOR-US: Tracking Requirements & Use Cases
CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rg ...)
	NOT-FOR-US: Auktionshaus V4rgo
CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_q ...)
	NOT-FOR-US: 1024 CMS
CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Bus ...)
	NOT-FOR-US: ScriptsFeed Business Directory
CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in  ...)
	NOT-FOR-US: phpMySite
CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote at ...)
	NOT-FOR-US: phpMySite
CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2  ...)
	NOT-FOR-US: PHP Trouble Ticket
CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follo ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10
CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel  ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-9 (low)
CVE-2010-1086 (The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_ ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10 (low)
CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...)
	- linux-2.6 2.6.32-9
	[lenny] - linux-2.6 <not-affected> (affected call not present)
CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allow ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11
CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux  ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-9
CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when m ...)
	NOT-FOR-US: OI.Blogs
CVE-2010-1081 (Directory traversal vulnerability in the Community Polls (com_communit ...)
	NOT-FOR-US: com_communitypolls component for Joomla!
CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2. ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allo ...)
	NOT-FOR-US: Sawmill
CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS  ...)
	NOT-FOR-US: Xlent Projects SphereCMS
CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO p ...)
	NOT-FOR-US: Crawlability vBSEO plugin for vBulletin
CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level C ...)
	NOT-FOR-US: Entry Level CMS
CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) a ...)
	NOT-FOR-US: Entry Level CMS
CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange modu ...)
	NOT-FOR-US: Currency Exchange module for Drupal
CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed)  ...)
	NOT-FOR-US: com_jembed component for Joomla!
CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...)
	NOT-FOR-US: Sniggabo CMS
CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remot ...)
	NOT-FOR-US: phpMDJ
CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art C ...)
	NOT-FOR-US: ImagoScripts
CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript allow ...)
	NOT-FOR-US: ProArcadeScript
CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...)
	NOT-FOR-US: NetWin SurgeFTP
CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: E-membres
CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under t ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information un ...)
	NOT-FOR-US: Lebisoft Ziparetci Defteri
CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root w ...)
	NOT-FOR-US: Erolife AjxGaleri VT
CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real Esta ...)
	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in Php ...)
	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01 ...)
	NOT-FOR-US: Phpkbo Short URL
CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in Phpko ...)
	NOT-FOR-US: Phpkobo Short URL
CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in Phpko ...)
	NOT-FOR-US: Phpkobo Address Book Script
CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in Php ...)
	NOT-FOR-US: Phpkobo Adress Book Script
CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka  ...)
	NOT-FOR-US: Phpkobo AdFreely
CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads (com_rokdownload ...)
	NOT-FOR-US: com_rokdownloads component for Joomla!
CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...)
	NOT-FOR-US: osDate
CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote attacke ...)
	NOT-FOR-US: ParsCMS
CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ea ...)
	NOT-FOR-US: Zen Time Tracking
CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Au ...)
	NOT-FOR-US: AudiStat
CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 al ...)
	NOT-FOR-US: AudiStat
CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...)
	NOT-FOR-US: AudiStat
CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow r ...)
	NOT-FOR-US: Uiga Business Portal
CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Bus ...)
	NOT-FOR-US: Uiga Business Portal
CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...)
	NOT-FOR-US: MASA2EL Music City
CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1  ...)
	NOT-FOR-US: Rostermain
CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) compo ...)
	NOT-FOR-US: com_productbook component for Joomla!
CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 al ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows re ...)
	NOT-FOR-US: jaxCMS
CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the W ...)
	NOT-FOR-US: IBM DB2 Content Manager Toolkit
CVE-2010-1040 (The "IP address range limitation" function in OpenPNE 1.6 through 1.8, ...)
	NOT-FOR-US: OpenPNE
CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in I ...)
	NOT-FOR-US: HP-UX
CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 allo ...)
	NOT-FOR-US: HP System Insight Manager
CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight M ...)
	NOT-FOR-US: HP System Insight Manager
CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager  ...)
	NOT-FOR-US: hP System Insight Manager
CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VM ...)
	NOT-FOR-US: HP Virtual Machine Manager
CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 b ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX c ...)
	NOT-FOR-US: HP Operations Manager
CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ca ...)
	NOT-FOR-US: HP-UX
CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linu ...)
	NOT-FOR-US: HP Insight Control
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabl ...)
	NOT-FOR-US: HP-UX
CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function i ...)
	- webkit <not-affected> (proof-of-concept not effective)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) exten ...)
	NOT-FOR-US: travelmate extension for typo3
CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) exten ...)
	NOT-FOR-US: tmsw_cleandb extension for typo3
CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_ne ...)
	NOT-FOR-US: tgm_newsletter extension for typo3
CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ext ...)
	NOT-FOR-US: tgm_newsletter extension for typo3
CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, Recen ...)
	NOT-FOR-US: taskcenter_recent extension for typo3
CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) exte ...)
	NOT-FOR-US: t3sec_saltedpw extension for typo3
CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3qu ...)
	NOT-FOR-US: t3quixplorer extension for typo3
CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_sim ...)
	NOT-FOR-US: sk_simplegallery extension for typo3
CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) e ...)
	NOT-FOR-US: sk_simplegallery extension for typo3
CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) extens ...)
	NOT-FOR-US: sk_bookreview extension for typo3
CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months (sav_filter_month ...)
	NOT-FOR-US: sav_filter_months extension for typo3
CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors (sav_filter_se ...)
	NOT-FOR-US: sav_filter_selectors extension for typo3
CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_a ...)
	NOT-FOR-US: sav_filter_abc extension for typo3
CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ( ...)
	NOT-FOR-US: reports_logview extension for typo3
CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database (pd_ ...)
	NOT-FOR-US: pd_diocesedatabase extension for typo3
CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0. ...)
	NOT-FOR-US: nf_cleandb extension for typo3
CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboa ...)
	NOT-FOR-US: mydashboard extension for typo3
CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ext ...)
	NOT-FOR-US: mk_wastebasket extension for typo3
CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3  ...)
	NOT-FOR-US: educator extension for typo3
CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget I ...)
	NOT-FOR-US: chsellector extension for typo3
CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem)  ...)
	NOT-FOR-US: ch_lightem extension for typo3
CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and e ...)
	NOT-FOR-US: brainstorming extension for typo3
CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 sear ...)
	NOT-FOR-US: yatse extension for typo3
CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine (YA ...)
	NOT-FOR-US: yatse extension for typo3
CVE-2009-4738 (Unspecified vulnerability in JustSystems Corporation ATOK 2006 through ...)
	NOT-FOR-US: JustSystems Corporation
CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 20 ...)
	NOT-FOR-US: JustSystems Corporation Ichitaro
CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense  ...)
	NOT-FOR-US: CommonSense CMS
CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
	- libphp-cas <itp> (bug #495542)
	- glpi 0.72.4-2 (bug #574760; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open Fo ...)
	- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
	- iceape <not-affected> (Vulnerable code not present)
	- calibre 2.38.0+dfsg-1 (bug #787085)
	[jessie] - calibre <no-dsa> (Minor issue)
	[wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)
	NOTE: 2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/
CVE-2010-XXXX [Escape href attribute in auto links]
	- redmine 0.9.3-3
CVE-2010-XXXX [Fixes permission check in QueriesController]
	- redmine 0.9.3-3
CVE-2010-1003 (Directory traversal vulnerability in www/editor/tiny_mce/langs/languag ...)
	NOT-FOR-US: eFront-learning
CVE-2010-1002
	RESERVED
CVE-2010-1001
	RESERVED
CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4. ...)
	- kdenetwork 4:4.4.3-2
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
	NOTE: http://seclists.org/fulldisclosure/2010/May/165
CVE-2010-0999 (Directory traversal vulnerability in Free Download Manager (FDM) befor ...)
	NOT-FOR-US: Free Download Manager
CVE-2010-0998 (Multiple stack-based buffer overflows in Free Download Manager (FDM) b ...)
	NOT-FOR-US: Free Download Manager
CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in 107_plugins/content/conten ...)
	NOT-FOR-US: e107
CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows re ...)
	NOT-FOR-US: e107
CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before  ...)
	NOT-FOR-US: Internet Download Manager
CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...)
	NOT-FOR-US: Visualization Library
CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1. ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CM ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dep ...)
	- imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine Act ...)
	NOT-FOR-US: Creative Software AutoUpdate
CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before 1. ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ( ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process ass ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4735 (SQL injection vulnerability in login.php in Allomani Audio &amp; Video ...)
	NOT-FOR-US: Allomani Audio & Video Library
CVE-2009-4734 (SQL injection vulnerability in login.php in Allomani Movies Library (M ...)
	NOT-FOR-US: Allomani Movies Library
CVE-2009-4733 (SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, wh ...)
	NOT-FOR-US: SimpleLoginSys
CVE-2009-4732 (SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5 ...)
	NOT-FOR-US: TT Web Site Manager
CVE-2009-4731 (SQL injection vulnerability in photos.php in Model Agency Manager PRO  ...)
	NOT-FOR-US: Model Agency Manager PRO
CVE-2009-4730 (SQL injection vulnerability in report.php in x10 Adult Media Script 1. ...)
	NOT-FOR-US: Adult Media Script
CVE-2009-4729 (Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media ...)
	NOT-FOR-US: Adult Media Script
CVE-2009-4728 (SQL injection vulnerability in the administrative interface in Questio ...)
	NOT-FOR-US: Questions Answered
CVE-2009-4727 (SQL injection vulnerability in x/login in JungleScripts Ajax Short Url ...)
	NOT-FOR-US: JungleScripts Ajax Short Url
CVE-2009-4726 (Directory traversal vulnerability in download.php in Quickdev 4 PHP al ...)
	NOT-FOR-US: Quickdev 4 PHP
CVE-2009-4725 (Directory traversal vulnerability in modules/aljazeera/admin/setup.php ...)
	NOT-FOR-US: Arab Portal
CVE-2009-4724 (SQL injection vulnerability in shop.htm in PaymentProcessorScript.net  ...)
	NOT-FOR-US: PaymentProcessorScript.net PPScript
CVE-2009-4723 (Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 all ...)
	NOT-FOR-US: Netpet CMS
CVE-2009-4722 (SQL injection vulnerability in the CheckLogin function in includes/fun ...)
	NOT-FOR-US: Limny
CVE-2009-4721 (Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-W ...)
	NOT-FOR-US: Andrews-Web BannerAd
CVE-2009-4720 (SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allo ...)
	- gnudip <removed> (medium; bug #539452)
CVE-2009-4719 (SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows ...)
	NOT-FOR-US: Discloser
CVE-2010-XXXX [dojo can be used as a redirector]
	- dojo 1.4.2+dfsg-1 (low)
	NOTE: http://web.archive.org/web/20101029020014/http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
	NOTE: http://bugs.dojotoolkit.org/ticket/10773
CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager (com_ab ...)
	NOT-FOR-US: com_abbrev component for Joomla!
CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the w ...)
	NOT-FOR-US: Acidcat CMS
CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in Rez ...)
	NOT-FOR-US: Rezervi
CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) c ...)
	NOT-FOR-US: com_cartweberp component for Joomla!
CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for J ...)
	NOT-FOR-US: com_tpjobs component for Joomla!
CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1 ...)
	NOT-FOR-US: Left 4 Dead Stats
CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in Obsession-D ...)
	NOT-FOR-US: Obsession-Design Image-Gallery
CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under th ...)
	NOT-FOR-US: KMSoft Guestbook
CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: PD PORTAL
CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after install ...)
	NOT-FOR-US: Acidcat CMS
CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in PHPCityPort ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote a ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain Verka ...)
	NOT-FOR-US: phppool Media Domain Verkaus and Auktions Portal
CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) com ...)
	NOT-FOR-US: com_gcalendar component for Joomla!
CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 al ...)
	NOT-FOR-US: ATutor CMS
CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows r ...)
	NOT-FOR-US: PhpMyLogon
CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 a ...)
	NOT-FOR-US: Geekhelps ADMP
CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, w ...)
	NOT-FOR-US: Geekhelps ADMP
CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z C ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...)
	NOT-FOR-US: Jevci Siparis Formu Scripti
CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows rem ...)
	NOT-FOR-US: Eros Webkatalog
CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download T ...)
	NOT-FOR-US: dl Download Ticket Service
CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does  ...)
	- linux-2.6 2.6.10-1
CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...)
	{DSA-2020-1}
	- ikiwiki 3.20100312 (low)
CVE-2010-0747 (drbd8 allows local users to bypass intended restrictions for certain a ...)
	{DSA-2015-1}
	- linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected)
	- drbd8 2:8.3.7-1
	[lenny] - drbd8 2:8.0.14-2+lenny1
CVE-2009-4718 (SQL injection vulnerability in visitorduration.php in Gonafish WebStat ...)
	NOT-FOR-US: Gonafish WebStatCaffe
CVE-2009-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebSta ...)
	NOT-FOR-US: Gonafish WebStatCaffe
CVE-2009-4716 (Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZW ...)
	NOT-FOR-US: EDGEPHP EZWebSearch
CVE-2009-4715 (Cross-site scripting (XSS) vulnerability in rates.php in Real Time Cur ...)
	NOT-FOR-US: Real Time Currency Exchange
CVE-2009-4714 (Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS  ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4713 (Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Qu ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4712 (SQL injection vulnerability in index.php in Tukanas Classifieds (aka E ...)
	NOT-FOR-US: EasyClassifieds
CVE-2009-4711 (SQL injection vulnerability in the CoolURI (cooluri) extension before  ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4710 (SQL injection vulnerability in the Reset backend password (cwt_resetbe ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4709 (SQL injection vulnerability in the datamints Newsticker (datamints_new ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4708 (SQL injection vulnerability in the [Gobernalia] Front End News Submitt ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4707 (Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4706 (Cross-site scripting (XSS) vulnerability in the Mailform (mailform) ex ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4705 (Cross-site scripting (XSS) vulnerability in the Twitter Search (twitte ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4704 (Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1 ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4703 (SQL injection vulnerability in the Webesse Image Gallery (ws_gallery)  ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4702 (SQL injection vulnerability in the Tour Extension (pm_tour) extension  ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4701 (SQL injection vulnerability in the Myth download (myth_download) exten ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4700 (Directory traversal vulnerability in index.php in SkaDate Dating allow ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4699 (Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating  ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4698 (Multiple SQL injection vulnerabilities in the Qas (aka Quas) module fo ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit plat ...)
	- unbound 1.4.3-1
	[lenny] - unbound <not-affected> (Vulnerable code not present)
CVE-2010-XXXX [moin: hierarchical ACLs security issue]
	- moin 1.8.4-1 (low)
	[lenny] - moin 1.7.1-3+lenny3
	NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Ti ...)
	NOT-FOR-US: Apple
CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VI ...)
	NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIO ...)
	NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/L ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in Tribis ...)
	NOT-FOR-US: Tribisur
CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's Shopsyste ...)
	NOT-FOR-US: Saskia's Shopsystem
CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remo ...)
	NOT-FOR-US: OpenCart
CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 a ...)
	NOT-FOR-US: Bild Flirt Community
CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre E ...)
	NOT-FOR-US: Pre Projects Pre E-Learning Portal
CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows r ...)
	NOT-FOR-US: phpCOIN
CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quo ...)
	NOT-FOR-US: OneCMS
CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows remot ...)
	NOT-FOR-US: dev4u CMS
CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...)
	NOT-FOR-US: Natychmiast CMS
CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...)
	NOT-FOR-US: Natychmiast CMS
CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_ ...)
	NOT-FOR-US: Bigforum
CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network T ...)
	NOT-FOR-US: BBSMAX
CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ra ...)
	NOT-FOR-US: RadNICS Gold 5
CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows remo ...)
	NOT-FOR-US: RadNICS Gold 5
CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance Gold 7 ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4694 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts Ra ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4693 (Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2. ...)
	NOT-FOR-US: GraFX MiniCWB
CVE-2009-4692 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts Ra ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4691 (SQL injection vulnerability in addlink.php in Classified Linktrader Sc ...)
	NOT-FOR-US: Classified Linktrader Script
CVE-2009-4690 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld P ...)
	NOT-FOR-US: YourFreeWorld Programs Rating Script
CVE-2009-4689 (SQL injection vulnerability in index.php in PHP Shopping Cart Selling  ...)
	NOT-FOR-US: PHP Shopping Cart Selling Website Script
CVE-2009-4688 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...)
	NOT-FOR-US: PHP Shopping Cart Selling Website Script
CVE-2009-4687 (SQL injection vulnerability in silentum_guestbook.php in Silentum Gues ...)
	NOT-FOR-US: Silentum Guestbook
CVE-2009-4686 (Cross-site scripting (XSS) vulnerability in account.php in phplemon Ad ...)
	NOT-FOR-US: phplemon AdQuick
CVE-2009-4685 (Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scr ...)
	NOT-FOR-US: PHP Scripts Now Astrology
CVE-2009-4684 (Cross-site scripting (XSS) vulnerability in index.php in EZodiak allow ...)
	NOT-FOR-US: EZodiak
CVE-2009-4683 (Directory traversal vulnerability in vote.php in Good/Bad Vote allows  ...)
	NOT-FOR-US: Good/Bad Vote
CVE-2009-4682 (Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote  ...)
	NOT-FOR-US: Good/Bad Vote
CVE-2009-4681 (Cross-site scripting (XSS) vulnerability in search.php in phpDirectory ...)
	NOT-FOR-US: phpDirectorySource
CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource 1.x al ...)
	NOT-FOR-US: phpDirectorySource
CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...)
	{DSA-2021-2 DSA-2021-1}
	- spamass-milter 0.3.1-9 (bug #573228)
	[lenny] - spamass-milter 0.3.1-8+lenny1
CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from linking to  ...)
	{DSA-2022-1}
	- mediawiki 1:1.15.2-1 (low)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
	[lenny] - mediawiki 1:1.12.0-2lenny4
CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with access-restrictio ...)
	{DSA-2022-1}
	- mediawiki 1:1.15.2-1 (low)
	[lenny] - mediawiki 1:1.12.0-2lenny4
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) Softwa ...)
	NOT-FOR-US: com_ksadvertiser component for Joomla!
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets (co ...)
	NOT-FOR-US: com_hotbrackets component for Joomla!
CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...)
	NOT-FOR-US: com_jcollection component for Joomla!
CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase)  ...)
	NOT-FOR-US: com_jashowcase component for Joomla!
CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect (com_jvideodirec ...)
	NOT-FOR-US: com_jvideodirect component for Joomla!
CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hi ...)
	NOT-FOR-US: eTek Systems Hit Counter
CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PH ...)
	NOT-FOR-US: Simple PHP Guestbook
CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Visialis ABB Forum
CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Fo ...)
	NOT-FOR-US: Todoo Forum
CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before 2 ...)
	NOT-FOR-US: Visualization Library
CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKV ...)
	NOT-FOR-US: D-LINK firmware
CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF Portfolio Nex ...)
	NOT-FOR-US: com_if_nexus component for Joomla!
CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn Guestboo ...)
	NOT-FOR-US: Winn Guestbook
CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Fo ...)
	NOT-FOR-US: phpFK PHP Forum
CVE-2010-XXXX [phpbb 3.0.7 permissions bypass]
	- phpbb3 3.0.7-PL1
	[lenny] - phpbb3 <not-affected> (older version is in the archive)
	[squeeze] - phpbb3 <not-affected> (older version is in the archive)
	NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ...)
	- openssl <unfixed> (unimportant)
	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
	NOTE: somewhat impractical right now, but the openssl developers are working
	NOTE: on a fix just in case
CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
	- samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is empty ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote aut ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows rem ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ca ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5. ...)
	NOT-FOR-US: JetCast.exe
CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant ...)
	NOT-FOR-US: Mole Group Gastro Portal
CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script an ...)
	NOT-FOR-US: Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket
CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult Portal  ...)
	NOT-FOR-US: Mole Group Adult Portal Script
CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox plugin ...)
	NOT-FOR-US: WP-Lytebox plugin for WordPress
CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass auth ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require authenticatio ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow rem ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5. ...)
	NOT-FOR-US: JetCast.exe
CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows remote ...)
	NOT-FOR-US: WebMember
CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev Downloa ...)
	NOT-FOR-US: Webradev Download Protect
CVE-2009-4665 (Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.a ...)
	NOT-FOR-US: Cute Editor
CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0924 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0923 (Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner loc ...)
	- kdebase 4:4.4.2-1
	[lenny] - kdebase <not-affected> (Only affected version 4.4.0)
	- kdebase-workspace 4:4.4.2-1
CVE-2010-0922 (Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300- ...)
	NOT-FOR-US: IBM AIX
CVE-2010-0921 (Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (a ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0920 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domi ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0919 (Stack-based buffer overflow in the Lotus Domino Web Access ActiveX con ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0918 (Multiple unspecified vulnerabilities in the UltraLite functionality in ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog compo ...)
	NOT-FOR-US: Oracle
CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote  ...)
	NOT-FOR-US: Oracle
CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle Times ...)
	NOT-FOR-US: Oracle
CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle Database S ...)
	NOT-FOR-US: Oracle
CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remo ...)
	NOT-FOR-US: Oracle
CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server comp ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle S ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager compon ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle S ...)
	NOT-FOR-US: Oracle sun Product Suite
CVE-2010-0892 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in Or ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in  ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle  ...)
	- sun-java6 6.20-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in  ...)
	- sun-java6 6.20-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications Expres ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun P ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun P ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle C ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical Remot ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Mana ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle Communication ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle Times ...)
	NOT-FOR-US: Oracle
CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database 1 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database 1 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place In-Seaso ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown Optim ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component i ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database 9. ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle Ja ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE a ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion M ...)
	NOT-FOR-US: Oracle
CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...)
	- base-files <not-affected> (ubuntu-specific fix for their default OEM configuration on the Dell Latitude 2110, which permitted installation of unsigned packages)
CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8 ...)
	NOT-FOR-US: Likewise
CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1 ...)
	- pam <not-affected> (flaw in ubuntu-specific changes to the package)
CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in jarto ...)
	- fastjar 2:0.98-3 (low)
	[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in elf/d ...)
	{DSA-2058-1}
	- glibc 2.11-1
	- eglibc 2.11-1
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTe ...)
	{DSA-2048-1}
	- dvipng 1.13-1 (low; bug #580628)
	- texlive-bin <not-affected> (dvipng is not shipped in texlive-bin Debian packages)
CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the De ...)
	{DSA-2024-1}
	- moin 1.9.2-3 (low; bug #575995)
CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, all ...)
	- texlive-bin 2009-6 (low; bug #580669)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss- ...)
	- libnss-db 2.2.3pre1-3.2 (low; bug #577057)
	[squeeze] - libnss-db <no-dsa> (Minor issue)
	[lenny] - libnss-db <no-dsa> (Minor issue)
CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users t ...)
	- emacs21 <removed> (low)
	[lenny] - emacs21 <no-dsa> (Minor issue)
	NOTE: Only exploitable when configured as setgid mail, which isn't set by default
	- emacs22 <removed> (low; bug #590301)
	[lenny] - emacs22 <no-dsa> (Minor issue)
	- xemacs21 21.4.22-3.1 (low)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xmacs21 <no-dsa> (Minor issue)
	- emacs23 23.2+1-1 (low)
CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allow ...)
	- fwbuilder 3.0.7-1 (bug #547390; medium)
	[lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
	- libfwbuilder 3.0.7-1 (bug #547390; medium)
	[lenny] - libfwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
	NOTE: m68k package in debports in still affected at version 3.0.5
	NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX  ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-4661 (Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow  ...)
	NOT-FOR-US: BigAnt Server
CVE-2009-4660 (Stack-based buffer overflow in the AntServer Module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2009-4659 (Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows  ...)
	NOT-FOR-US: MP3-Cutter Ease Audio Cutter
CVE-2009-4658 (Xerver 4.32 allows remote authenticated users to cause a denial of ser ...)
	NOT-FOR-US: Xerver
CVE-2009-4657 (The administrator package for Xerver 4.32 does not require authenticat ...)
	NOT-FOR-US: Xerver
CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2. ...)
	NOT-FOR-US: E-Soft DJ Studio Pro
CVE-2010-XXXX [esmtp: world-readable config file]
	- esmtp 1.2-3 (unimportant; bug #568925)
	NOTE: Documentation advises against adding password data to the respective config file
CVE-2010-XXXX [irssi emote leak]
	- irssi-plugin-otr 1.0.0~alpha2-1 (unimportant; bug #569506)
CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/s ...)
	- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
	- shibboleth-sp <not-affected> (Vulnerable code not present)
CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0'  ...)
	- libesmtp 1.0.4-5 (bug #572960)
	[lenny] - libesmtp <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
	NOT-FOR-US: VMware Server
CVE-2010-XXXX [argyll unsafe udev rules]
	- argyll <not-affected> (issue with redhat-specific changes to the package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly b ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...)
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
	- linux-ftpd <not-affected> (Performs proper length checks, see #572813)
CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Offic ...)
	NOT-FOR-US: Microsoft
CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0819 (Unspecified vulnerability in the Windows OpenType Compact Font Format  ...)
	NOT-FOR-US: Microsoft
CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Micr ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, ...)
	NOT-FOR-US: Microsoft Outlook Express, Windows Live Mail, and Windows Mail
CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft O ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-0813
	REJECTED
CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0809
	REJECTED
CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not p ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka iepeer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet E ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...)
	NOT-FOR-US: iBoutique
CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) com ...)
	NOT-FOR-US: jVideoDirect
CVE-2010-0802 (SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modi ...)
	NOT-FOR-US: Invision Power Board
CVE-2010-0801 (Directory traversal vulnerability in the AutartiTarot (com_autartitaro ...)
	NOT-FOR-US: Joomla!
CVE-2010-0800 (SQL injection vulnerability in the Ossolution Team Documents Seller (a ...)
	NOT-FOR-US: Joomla!
CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ph ...)
	NOT-FOR-US: phpunity.newsmanager
CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier  ...)
	NOT-FOR-US: T3BLOG extension for TYPO3
CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...)
	NOT-FOR-US: T3BLOG extension for TYPO3
CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) comp ...)
	NOT-FOR-US: Joomla!
CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars (com_jeeventcale ...)
	NOT-FOR-US: Joomla!
CVE-2010-0794
	RESERVED
CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cau ...)
	{DSA-2049-1}
	- barnowl 1.5.1-1 (bug #574418)
CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary fi ...)
	- fcron <removed> (unimportant; bug #572587)
	NOTE: On Debian runs suid/sgid fcron and the issue is limited to the exposure
	NOTE: of the content of crontabs
CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2. ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detaile ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local  ...)
	{DSA-1989-1}
	- fuse 2.8.1-1.2 (bug #567633)
	NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain se ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3 ...)
	{DSA-2004-1}
	- samba 2:3.4.5~dfsg-2 (bug #567554)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
	NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows rem ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0780 (IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0775 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0774 (The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0773
	RESERVED
CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ 7 ...)
	NOT-FOR-US: IMB WebSphere MQ
CVE-2010-0771
	REJECTED
CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0767
	RESERVED
CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo  ...)
	NOT-FOR-US: Luxology Modo
CVE-2010-0765 (fipsForum 2.6 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: fipsForum
CVE-2010-0764 (SQL injection vulnerability in index.php in KuwaitPHP eSmile allows re ...)
	NOT-FOR-US: KuwaitPHP eSmile
CVE-2010-0763 (SQL injection vulnerability in index.php in CommodityRentals Vacation  ...)
	NOT-FOR-US: ComodityRentals Vacation Rental Software
CVE-2010-0762 (SQL injection vulnerability in index.php in CommodityRentals CD Rental ...)
	NOT-FOR-US: CommodityRentals CD Rental Software
CVE-2010-0761 (SQL injection vulnerability in index.php in CommodityRentals Books/eBo ...)
	NOT-FOR-US: CommodityRentals Books/eBooks Rentals Script
CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design Script ...)
	NOT-FOR-US: Joomla!
CVE-2010-0759 (Directory traversal vulnerability in plugins/system/cdscriptegrator/li ...)
	NOT-FOR-US: Joomla!
CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows re ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote att ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in WikyBl ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Tem ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) compone ...)
	NOT-FOR-US: Joomla!
CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module  ...)
	NOT-FOR-US: Weekly Archive by Node Type (Drupal module)
CVE-2010-1144
	REJECTED
CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users t ...)
	- policykit-1 <not-affected> (pkexec introduced in 0.92)
	[lenny] - policykit-1 <not-affected> (pkexec introduced in 0.92)
CVE-2010-0749 (Transmission before 1.92 allows attackers to prevent download of a fil ...)
	- transmission 1.92-1 (unimportant; bug #574507)
CVE-2010-0748 (Transmission before 1.92 allows an attacker to cause a denial of servi ...)
	- transmission 1.92-1 (medium; bug #574507)
	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as  ...)
	- udisks 1.0.0~git20100212.aae17d9-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
	NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
CVE-2010-0745 (Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...)
	- dovecot 1:1.2.11-1 (low)
	[lenny] - dovecot <not-affected> (this problem exists only with v1.2.x, not with v1.0 or v1.1)
	NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
	[etch] - dovecot <not-affected> (Vulnerable code not present)
CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, do ...)
	- amsn 0.98.3-1 (low; bug #572818)
	[lenny] - amsn <no-dsa> (Minor issue)
CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI tar ...)
	{DSA-2042-1}
	- iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
	- tgt 1:1.0.3-2 (medium; bug #576086)
CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cm ...)
	- openssl 1.0.0e-1 (unimportant; bug #584592)
	[lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later)
	NOTE: unimportant since cms is disabled by default
CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the virtio- ...)
	- linux-2.6 2.6.26-1
CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)
	- openssl 0.9.8n-1 (medium; bug #575607)
	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
	NOTE: http://www.openssl.org/news/secadv/20100324.txt
CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips  ...)
	- texlive-bin 2009-6 (low; bug #560668)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-0737 (A missing permission check was found in The CLI in JBoss Operations Ne ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform functio ...)
	- viewvc 1.1.5-1 (bug #575787)
CVE-2010-0735
	REJECTED
CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...)
	{DSA-2023-1}
	- curl 7.20.0-1 (low)
	NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
	NOTE: depends on the application that uses libcurl
CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4. ...)
	- postgresql-8.4 8.4.2-1
CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver be ...)
	- gtk+2.0 2.18.5-1
	[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before 1 ...)
	- gnutls26 <not-affected> (Fixed before initial release)
	- gnutls13 1.2.1-1
CVE-2010-0730 (The MMIO instruction decoder in the Xen hypervisor in the Linux kernel ...)
	- linux-2.6 <not-affected> (redhat-specific issue in the 2.6.18 xen kernel)
CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Lin ...)
	- linux-2.6 <not-affected> (vulnerability in redhat-specific patch)
CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled ...)
	- samba 2:3.4.7~dfsg-1 (high; bug #573223)
	[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
CVE-2010-0727 (The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-2010 ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack  ...)
	{DSA-2009-1}
	- tdiary 2.2.1-1.1 (low; bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in Moin ...)
	{DSA-2014-1}
	- moin 1.9.0~rc2-1
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngirc ...)
	- ngircd 15-0.1
	[lenny] - ngircd <not-affected> (SSL/TLS support not yet present)
CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3  ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 befo ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1 ...)
	NOT-FOR-US: Arab Cart
CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...)
	NOT-FOR-US: Arab Cart
CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 al ...)
	NOT-FOR-US: Ero Auktion
CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows remo ...)
	NOT-FOR-US: Php Auktion Pro
CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allow ...)
	NOT-FOR-US: Auktionshaus Gelb
CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows  ...)
	NOT-FOR-US: Erotik Auktionshaus
CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint b ...)
	NOT-FOR-US: Microsoft
CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM  ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2 ...)
	- zenoss <itp> (bug #361253)
	NOTE: http://seclists.org/fulldisclosure/2010/Jan/296
CVE-2010-0712 (Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEven ...)
	- zenoss <itp> (bug #361253)
	NOTE: http://seclists.org/fulldisclosure/2010/Jan/241
CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ASPC ...)
	NOT-FOR-US: ASPCode CMS
CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...)
	NOT-FOR-US: ASPCode CMS
CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2. ...)
	NOT-FOR-US: Limny
CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...)
	NOT-FOR-US: Sun Directory Server Enterprise Edition
CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in Emp ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...)
	NOT-FOR-US: Subex Nikira Fraud Management System
CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...)
	NOT-FOR-US: Windows 2000
CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a predictable se ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell eDirectory 8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell eDirectory 8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VP ...)
	NOT-FOR-US: PortWise SSL VPN
CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in F ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen Softw ...)
	NOT-FOR-US: Newgen Software OmniDocs
CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer 2. ...)
	NOT-FOR-US: WampServer
CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in VideoSearchSc ...)
	NOT-FOR-US: VideoSearchScript Pro
CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...)
	NOT-FOR-US: Dynamicsoft WSC CMS
CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6 ...)
	NOT-FOR-US: iTweak Upload module for Drupal
CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the Joom ...)
	NOT-FOR-US: Joomla!
CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-C ...)
	NOT-FOR-US: BASIC-CMS
CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) c ...)
	NOT-FOR-US: Joomla!
CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade  ...)
	NOT-FOR-US: CommodityRentals Trade Manager Script
CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Compo ...)
	NOT-FOR-US: Joomla!
CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows r ...)
	NOT-FOR-US: JTL-Shop
CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video Gam ...)
	NOT-FOR-US: CommodityRentals Video Games Rentals
CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0 ...)
	NOT-FOR-US: ActiveX
CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assiste ...)
	NOT-FOR-US: Orbital Viewer
CVE-2010-0687
	RESERVED
CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, an ...)
	NOT-FOR-US: VMware Server
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source 1.2.x ...)
	- asterisk 1:1.6.2.6-1
	NOTE: Design limitation documented in that version
	[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
	[squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action i ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read t ...)
	- wordpress 2.9.2-1 (low)
	[lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9)
CVE-2010-XXXX [multiple typo issues]
	- typo3-src 4.3.2-1 (bug #571151)
	[lenny] - typo3-src 4.2.5-1+lenny3
	NOTE: DSA-2008
CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: ZeusCMS
CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows r ...)
	NOT-FOR-US: ZeusCMS
CVE-2010-0679 (Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ...)
	NOT-FOR-US: ActiveX
CVE-2010-0678 (PHP remote file inclusion vulnerability in includes/moderation.php in  ...)
	NOT-FOR-US: Katalog Stron Hurricane
CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron Hurricane 1. ...)
	NOT-FOR-US: Katalog Stron Hurricane
CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards (com_rwc ...)
	NOT-FOR-US: RWCards component for Joomla!
CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik B ...)
	NOT-FOR-US: BGSvetionik BGS CMS
CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root with i ...)
	NOT-FOR-US: StatCounteX
CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog ...)
	NOT-FOR-US: Copperleaf Photolog plugin for WordPress
CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02 allows remo ...)
	NOT-FOR-US: WSN Guest
CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allow ...)
	NOT-FOR-US: KR MEDIA Pogodny CMS
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Compone ...)
	NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitiz ...)
	{DSA-2014-1}
	- moin 1.9.2-1 (bug #569975)
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x befor ...)
	{DSA-2014-1}
	- moin 1.9.2-1 (bug #569975)
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of th ...)
	- moin 1.9.1-1
	[lenny] - moin <not-affected> (versions before 1.9 are not affected)
	[etch] - moin <not-affected> (versions before 1.9 are not affected)
	NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
	NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
	NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under t ...)
	NOT-FOR-US: JAG
CVE-2009-4651 (Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comme ...)
	NOT-FOR-US: Webee Comments component for Joomla!
CVE-2009-4650 (SQL injection vulnerability in the Webee Comments (com_webeecomment) c ...)
	NOT-FOR-US: Webee Comments component for Joomla!
CVE-2009-4649 (Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1  ...)
	NOT-FOR-US: geccBBlite
CVE-2009-4648 (Accellion Secure File Transfer Appliance before 8_0_105 does not prope ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4647 (Cross-site scripting (XSS) vulnerability in Accellion Secure File Tran ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4646 (Static code injection vulnerability in the administrative web interfac ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4645 (Directory traversal vulnerability in web_client_user_guide.html in Acc ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote  ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
	- linux-2.6 2.6.12-1
	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2009-5050 (konversation before 1.2.3 allows attackers to cause a denial of servic ...)
	- konversation 1.2.3-1 (low)
	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
CVE-2010-0664 (Stack consumption vulnerability in the ChildProcessSecurityPolicy::Can ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0663 (The ParamTraits&lt;SkBitmap&gt;::Read function in common/common_param_ ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0662 (The ParamTraits&lt;SkBitmap&gt;::Read function in common/common_param_ ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r524 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (libv8 issue)
	NOTE: http://trac.webkit.org/changeset/52401
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer head ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome be ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before 4. ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the expect ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
	NOTE: claimed to be a windows-only issue
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, pres ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbir ...)
	{DSA-2124-1 DSA-2075-1}
	- xulrunner 1.9.1.11-1 (bug #570743)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets eve ...)
	NOT-FOR-US: Opera
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS styles ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and A ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	NOTE: http://trac.webkit.org/changeset/52784
CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, a ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (unimportant)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=3275
	NOTE: unimportant because this is just a popup blocker bypass
CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function i ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to disco ...)
	- xulrunner <undetermined> (bug #570743)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, allo ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (medium)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before r ...)
	- chromium-browser 5.0.375.29~r46008-1
	- libv8 2.1.6-1
	- webkit <not-affected> (libv8 issue)
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
	- chromium-browser 5.0.375.29~r46008-1
	- libv8 2.1.6-1
	- webkit <not-affected> (libv8 issue)
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is config ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
	NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/Log ...)
	NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance Man ...)
	NOT-FOR-US: CA eHealth Performance Manager
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.ST ...)
	- squid 2.7.STABLE8-1 (bug #572553)
	[lenny] - squid <no-dsa> (Minor issue, only affects non-default setup)
	- squid3 3.1.0.17-1 (bug #572554)
	[lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup)
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 a ...)
	- webcalendar <removed> (bug #572557)
CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper I ...)
	NOT-FOR-US: Juniper Installer Service
CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
	- ffmpeg 4:0.5.1-1 (medium; bug #570713)
	- ffmpeg-debian <end-of-life>
CVE-2010-XXXX [phpbb3 weak captcha]
	- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) be ...)
	- flex 2.5.35-1
CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmin ...)
	{DSA-2031-1}
	- krb5 1.7+dfsg-1 (low)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
CVE-2010-0628 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...)
	- krb5 1.8+dfsg-1.1 (bug #575740)
	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8. ...)
	- couchdb 0.11.0-2.1 (bug #570013)
	[lenny] - couchdb <no-dsa> (does not support authentication at all)
CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalen ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2 ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch meth ...)
	NOT-FOR-US: JEvents Search plugin for Joomla!
CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier ...)
	NOT-FOR-US: Citrix XenServer
CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com ...)
	NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla!
CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car Renta ...)
	NOT-FOR-US: Eicra Car Rental-Script
CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke Scri ...)
	NOT-FOR-US: Evernew Free Joke Script
CVE-2010-0627
	RESERVED
CVE-2010-0626
	RESERVED
CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP se ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib. ...)
	- cpio 2.11-1 (low)
	- tar 1.23-1 (low)
	[lenny] - tar 1.20-1+lenny1
	[lenny] - cpio 2.9-13lenny1
CVE-2010-0621
	RESERVED
CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase S ...)
	NOT-FOR-US: EMC HomeBase Server
CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode  ...)
	NOT-FOR-US: Lexmark laser printers
CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...)
	NOT-FOR-US: Lexmark laser and injet printers and MarkNet devices
CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.0 ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which a ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1 ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remo ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts  ...)
	NOT-FOR-US: ARWScripts Fonts Script
CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown im ...)
	NOT-FOR-US: DocumentManager
CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal Syste ...)
	NOT-FOR-US: Baal Systems
CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog ...)
	NOT-FOR-US: Photoblog component for Joomla!
CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows re ...)
	NOT-FOR-US: NovaBoard
CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows rem ...)
	NOT-FOR-US: NovaBoard
CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1  ...)
	NOT-FOR-US: Sterlite SAM300 AX Router
CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket b ...)
	NOT-FOR-US: osTicket
CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 S ...)
	NOT-FOR-US: osTicket
CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PWG
CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software  ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2 ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security  ...)
	NOT-FOR-US: Cisco Router and Security Device Manager
CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC23 ...)
	NOT-FOR-US: Cisco RVS4000 Router
CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka C ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager (ak ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desk ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentati ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4 ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3  ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3  ...)
	NOT-FOR-US: CiscoIOS
CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attack ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 an ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size  ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possib ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...)
	NOT-FOR-US: Cisco Digital Media Player
CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticat ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x a ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default passwo ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface t ...)
	- gnome-screensaver 2.26.1-2
	[lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26)
	NOTE: only an issue under certain desktop environments such as xfce
CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation s ...)
	- gnome-screensaver 2.28.0-2 (low; bug #569667)
	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2010-XXXX [multiple mod_security issues]
	- libapache-mod-security 2.5.12-1 (bug #569658)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel befor ...)
	- linux-2.6 2.6.32-9
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel befor ...)
	{DSA-2012-1 DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-9
	- linux-2.6.24 <removed>
CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeS ...)
	NOT-FOR-US: Trend Micro URL Filtering Engine
CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attacker ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows re ...)
	- ffmpeg 7:2.4.1-1 (unimportant; bug #550442)
	- ffmpeg-debian <removed> (unimportant)
	NOTE: denial-of-service only, so not worth worrying about
	NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154/focus=97156
	NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.issues/6111/focus=6116
CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a deni ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service (crash ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and po ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ca ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparis ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain point ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remot ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application Se ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...)
	- fetchmail 6.3.13-2 (low)
	[lenny] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
	[etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
	NOTE: the conditions so that this is exploitable are rather obscure
CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...)
	NOT-FOR-US: NetBSD
CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, D ...)
	NOT-FOR-US: Intel Desktop BIOS
CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, s ...)
	NOT-FOR-US: Sun Cluster
CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access t ...)
	NOT-FOR-US: IBM Cognos Express
CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 popul ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote att ...)
	NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote at ...)
	NOT-FOR-US: WebExpert
CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...)
	NOT-FOR-US: WebLogExpert
CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote at ...)
	NOT-FOR-US: SurfStats
CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote at ...)
	NOT-FOR-US: WebTrends
CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...)
	NOT-FOR-US: Microsoft
CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...)
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant; bug #570740)
	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
	NOTE: then that itself should be fixed
CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...)
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant; bug #570740)
	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
	NOTE: then that itself should be fixed
CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is  ...)
	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prev ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and e ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0553 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users t ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0552 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0551 (HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earli ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0550 (admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enfo ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0549 (Unspecified vulnerability in the Network Controller in Xerox WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier  ...)
	{DSA-2004-1}
	- samba 2:3.4.5~dfsg-2 (bug #568942; medium)
CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 befor ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.2.1-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
	NOTE: http://trac.webkit.org/changeset/58792
	NOTE: http://trac.webkit.org/changeset/58796
CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remot ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...)
	- ruby1.8 1.8.7.302-1
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed>
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 1.9.2.0-1 (bug #593298)
CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...)
	NOT-FOR-US: Apple Java
CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10. ...)
	NOT-FOR-US: Apple Java
CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...)
	NOT-FOR-US: Apple DesktopServices
CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled ...)
	- dovecot <not-affected> (Apple specific, http://marc.info/?l=oss-security&m=136546217008001&w=2)
CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the  ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple AFP Server
CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1  ...)
	NOT-FOR-US: Apple itunes
CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the  ...)
	NOT-FOR-US: QuickTime
CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple Quicktime
CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
	NOT-FOR-US: Apple Mail
CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X S ...)
	- freeradius <not-affected> (Apple specific configuration issue)
CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types  ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly determi ...)
	NOT-FOR-US: Apple Server Admin
CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly  ...)
	NOT-FOR-US: Apple Server Admin
CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in A ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows r ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6. ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before  ...)
	NOT-FOR-US: Apple PS Normalizer
CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before  ...)
	NOT-FOR-US: Apple Accounts Preferences
CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the acce ...)
	NOT-FOR-US: Apple Podcast Producer
CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not proper ...)
	NOT-FOR-US: Apple Password Server
CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local  ...)
	NOT-FOR-US: Apple SFLServer
CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...)
	NOT-FOR-US: Apple Mail
CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows re ...)
	NOT-FOR-US: Apple Image RAW
CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote at ...)
	NOT-FOR-US: Apple Image RAW
CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3  ...)
	NOT-FOR-US: Apple ImageIO
CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS  ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server  ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat i ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X Serv ...)
	NOT-FOR-US: Apple FTP Server
CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly valida ...)
	NOT-FOR-US: Apple Event Monitor
CVE-2010-0499
	RESERVED
CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly p ...)
	NOT-FOR-US: Apple Directory Services
CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expec ...)
	NOT-FOR-US: Apple Disk Images
CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for i ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2010-0495
	REJECTED
CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0493
	REJECTED
CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet Explo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll i ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification 5.1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Pa ...)
	NOT-FOR-US: Palo Alto Networks Firewall
CVE-2010-0474
	RESERVED
	{DSA-2188-1}
	- webkit 1.4.0-1
CVE-2010-0473
	RESERVED
CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-0471 (SQL injection vulnerability in the comment submission interface (inclu ...)
	NOT-FOR-US: Enano CMS
CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend C ...)
	NOT-FOR-US: Comtrend
CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, a ...)
	NOT-FOR-US: Files2Links
CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in  ...)
	NOT-FOR-US: PaperThin CommonSpot Content Server
CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter (com_ccnewslette ...)
	NOT-FOR-US: ccNewsletter component for Joomla!
CVE-2010-XXXX [nautilus: file preview html script execution]
	- nautilus <not-affected> (proof-of-concept script is previewed as text, not executed)
	NOTE: http://seclists.org/fulldisclosure/2010/Feb/112
CVE-2010-XXXX [browser javascript document.write denial-of-service]
	- xulrunner <unfixed> (unimportant; bug #568486)
	- webkit <unfixed> (unimportant; bug #568485)
	- qt4-x11 <unfixed> (unimportant)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
CVE-2010-0466
	RESERVED
CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents funct ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser avoi ...)
	- roundcube 0.3.1-3 (bug #569660)
CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser avoi ...)
	- imp4 4.3.7+debian0-2 (low; bug #569661)
	[lenny] - imp4 4.2-4lenny2
CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6,  ...)
	NOT-FOR-US: IBM DB2
CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 f ...)
	NOT-FOR-US: Joomla!
CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) compone ...)
	NOT-FOR-US: Joomla!
CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows rem ...)
	NOT-FOR-US: magic-portal
CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server (com_gamese ...)
	NOT-FOR-US: Joomla!
CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in Pun ...)
	NOT-FOR-US: PunBB
CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publiqu ...)
	NOT-FOR-US: Publique! CMS
CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and  ...)
	NOT-FOR-US: HP Project and Portfolio Management Center
CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP  ...)
	NOT-FOR-US: HP-UX
CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64  ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64  ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance I ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmw ...)
	NOT-FOR-US: HP DreamScreen
CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a bl ...)
	NOT-FOR-US: HP Operations Agent
CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before V ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...)
	- asterisk 1:1.6.2.2-1
	[lenny] - asterisk <not-affected> (Only affects 1.6.x)
	[etch] - asterisk <not-affected> (Only affects 1.6.x)
CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cis ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of servic ...)
	- deliver <removed>
CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in O ...)
	{DSA-1993-1}
	- otrs <not-affected> (vulnerable code not present)
	[etch] - otrs2 <not-affected> (vulnerable code not present)
	- otrs2 2.4.7-1 (medium)
	NOTE: http://web.archive.org/web/20111224162621/http://otrs.org/advisory/OSA-2010-01-en/
CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...)
	- linux-2.6 2.6.26-9
CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation (S ...)
	{DSA-2037-1}
	- kdebase 4:4.0
	- kdebase-workspace 4:4.4.3-1
	NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace
	NOTE: in KDE 4.x, i.e. Squeeze onwards
CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualizat ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP S ...)
	{DSA-2035-1}
	- apache2 2.2.15-1
CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before  ...)
	- openssl <not-affected> (Kerberos support not enabled)
	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...)
	NOT-FOR-US: Apache Open For Business Project (OFBiz)
CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat E ...)
	- qemu-kvm <not-affected> (QXL support not yet present in Debian packages)
	- kvm <not-affected> (QXL support not yet present in Debian packages)
CVE-2010-0430 (libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hyp ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor)  ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor)  ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, doe ...)
	{DSA-2006-1}
	- sudo 1.7.0-1
	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-com ...)
	{DSA-2006-1}
	- sudo 1.7.2p1-1.2 (bug #570737)
	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server  ...)
	- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2)  ...)
	- cron <not-affected> (vulnerability in redhat-specific changes to their cron forks; cronie and vixie-cron)
CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a  ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize t ...)
	- gnome-screensaver 2.28.3-1
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in  ...)
	{DSA-2019-1}
	- pango1.0 1.26.2-1 (bug #574021)
CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user cha ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...)
	{DSA-2010-1}
	- kvm <removed>
CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...)
	NOT-FOR-US: Chumby device's web interface
CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and R ...)
	NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and  ...)
	NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before  ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers  ...)
	- gnome-screensaver 2.28.2-1 (bug #569084)
	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0413
	RESERVED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of t ...)
	- systemtap 1.2-1 (bug #572560)
	[lenny] - systemtap <not-affected> (Server component not yet present)
	[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) __get ...)
	- systemtap 1.2-1 (low; bug #568809)
	[lenny] - systemtap <not-affected> (Vulnerable code not present)
	[etch] - systemtap <no-dsa> (Minor issue)
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allo ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodin ...)
	{DSA-2082-1}
	- gmime2.2 2.2.25-1.1 (bug #568291)
	- gmime2.4 2.4.14-1+nmu1 (bug #573877)
CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp  ...)
	{DSA-2035-1}
	- apache2 2.2.15-1 (low)
	[lenny] - apache2 <no-dsa> (minor issue)
	NOTE: Will be fixed in s-p-u
CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in win ...)
	{DSA-2059-1}
	- pcsc-lite 1.5.4-1
CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of serv ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzi ...)
	{DSA-2112-1}
	- bzip2 1.0.5-6
	- clamav 0.96.3+dfsg-1
	[lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before  ...)
	{DSA-2046-1}
	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517)
CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare (phpgw) ...)
	{DSA-2046-1}
	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584518)
CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of certai ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0401 (OpenTTD before 1.0.1 accepts a company password for authentication in  ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows rem ...)
	{DSA-2030-1}
	- mahara 1.2.4-1 (medium)
CVE-2010-0399
	RESERVED
CVE-2010-0398 (The init script in autokey before 0.61.3-2 allows local attackers to w ...)
	- autokey 0.61.3-2
CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing m ...)
	{DSA-2018-1}
	- php5 5.3.2-1 (medium; bug #573573)
CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...)
	{DSA-2011-1}
	- dpkg 1.15.6
CVE-2010-0395 (OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote at ...)
	{DSA-2055-1}
	- openoffice.org 1:3.2.1-1 (low)
CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny ...)
	{DSA-1990-2 DSA-1990-1}
	- trac-git 0.0.20090320-1 (high; bug #567039)
CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1 ...)
	{DSA-2007-1}
	- cupsys <removed>
	- cups 1.4.2-9.1
CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applications,  ...)
	- xulrunner 1.9.1-1 (low)
	[etch] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0-1 (low)
	[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	NOTE: mozilla's dns prefetching leads to disclosure of the user's network location
CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other appl ...)
	- icedove 3.0.2-1 (unimportant)
	[etch] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape <removed> (unimportant)
	[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Contro ...)
	NOT-FOR-US: Sun StorEdge 6130
CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5 ...)
	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messagi ...)
	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Mana ...)
	NOT-FOR-US: Sun Management Center
CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patc ...)
	NOT-FOR-US: VERITAS File System
CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Cl ...)
	NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies Inte ...)
	NOT-FOR-US: InterBase SMP 2009 9.0.3.437
CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in  ...)
	NOT-FOR-US: PHP F1 Max's Image Uploader
CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows rem ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd i ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the admin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and  ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functionin ...)
	- tor 0.2.1.22-1 (low)
	[lenny] - tor <not-affected> (only affects versions > 0.2.1.6-alpha)
	NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected
	NOTE: confirmed with Tor developers, Lenny is not affected
CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirr ...)
	- tor <not-affected> (only affects versions 0.2.2.x)
	[lenny] - tor <not-affected> (only affects versions 0.2.2.x)
	NOTE: does not appear to be a real vulnerability?
CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...)
	- tor 0.2.1.22-1 (medium)
	[lenny] - tor 0.2.0.35-1~lenny2 (medium)
CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1
CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
	NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows rem ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino Server ...)
	NOT-FOR-US: IBM Lotus Domino Server
CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-XXXX [gmetad incorrect file permissions]
	- ganglia 3.1.2-3 (low; bug #567175)
CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0 ...)
	{DSA-2051-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 <removed> (low; bug #567058)
	- postgresql-8.4 8.4.3-1
CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03 ...)
	- maradns 1.4.03-1 (low; bug #584587)
	[lenny] - maradns <no-dsa> (minor issue)
	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
CVE-2010-XXXX [sqlite: info leak]
	- sqlite3 3.6.21-1 (low; bug #566326)
	[lenny] - sqlite3 <no-dsa> (Minor information leak)
CVE-2010-XXXX [backup-manager: make sure password is not written to world-readable files]
	- backup-manager 0.7.9-1 (low)
	[lenny] - backup-manager 0.7.7-2
	NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
	NOTE: checked in 0.7.9-1, but may have been fixed sooner
CVE-2010-XXXX [sudosh3: many security weaknesses]
	- sudosh3 <removed> (high; bug #566142)
CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX c ...)
	NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distribu ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
	NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Te ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP Calend ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace (com_marke ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for J ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hi ...)
	NOT-FOR-US: Hitmaaan Gallery
CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x ...)
	NOT-FOR-US: Node Blocks module for Drupal
CVE-2010-0369
	RESERVED
CVE-2010-0368
	RESERVED
CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits  ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php  ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts B ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows  ...)
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	NOTE: subset of CVE-2007-6681
CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3 ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs for D ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0361 (Stack-based buffer overflow in the WebDAV implementation in webservd i ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0360 (Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attac ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0359 (Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 a ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0358 (Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotu ...)
	NOT-FOR-US: IBM Lotus Web Content Management
CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 Activ ...)
	NOT-FOR-US: ActiveX
CVE-2010-0355
	RESERVED
CVE-2010-0354
	RESERVED
CVE-2010-0353
	RESERVED
CVE-2010-0352
	RESERVED
CVE-2010-0351
	RESERVED
CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdug ...)
	NOT-FOR-US: Joomla!
CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in M ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allow ...)
	NOT-FOR-US: phpNagios
CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in component ...)
	NOT-FOR-US: Joomla!
CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows  ...)
	NOT-FOR-US: Nicecoder iDesk
CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...)
	NOT-FOR-US: Advanced Comment System
CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier  ...)
	NOT-FOR-US: Discuz
CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...)
	NOT-FOR-US: Joomla!
CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) componen ...)
	NOT-FOR-US: Joomla!
CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script al ...)
	NOT-FOR-US: Tourism Script Bus Script
CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...)
	NOT-FOR-US: Tourism Script Accommodation Hotel Booking Portal Script
CVE-2009-4616 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday ...)
	NOT-FOR-US: MYRE Holiday Rental Manager
CVE-2009-4615 (SQL injection vulnerability in review.php in MYRE Holiday Rental Manag ...)
	NOT-FOR-US: MYRE Holiday Rental Manager
CVE-2009-4614 (Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2. ...)
	NOT-FOR-US: Moa Gallery
CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12,  ...)
	- zope3 <removed> (low)
	[lenny] - zope3 <no-dsa> (Minor issue)
	- zope2.11 <removed>
	- zope2.10 <removed> (low)
	[lenny] - zope2.10 <no-dsa> (Minor issue)
	- zope2.9 <removed>
	NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ex ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.3 ...)
	NOT-FOR-US: WebCalenderC3
CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and e ...)
	NOT-FOR-US: WebCalenderC3
CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension 1. ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension 1.0. ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) exten ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) exten ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) exte ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) extensi ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) extensi ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) extens ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_ale ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumpe ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news (vo ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news (vote_for_tt_new ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6  ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) exten ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_ta ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and earli ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_un ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_ ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list)  ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension  ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Jo ...)
	NOT-FOR-US: Jamit Job Board 3.0
CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter  ...)
	NOT-FOR-US: Glitter Central Script
CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 a ...)
	NOT-FOR-US: Docmint
CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...)
	- kfreebsd-6 <not-affected> (vulnerable code introduced in freebsd 7)
	- kfreebsd-7 7.2-10 (medium; bug #566684)
	[lenny] - kfreebsd-7 <no-dsa> (kfreebsd not support in Lenny)
	- kfreebsd-8 8.0-2 (medium)
CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Novell Netware
CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote attack ...)
	NOT-FOR-US: Google SketchUp
CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, allo ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target U ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System Dire ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server  ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka IdM ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain privil ...)
	NOT-FOR-US: Trusted Extensions in Sun Solaris 10
CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt  ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2010-XXXX [zend framework multiple issues]
	- zendframework 1.9.7-1
	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
CVE-2010-XXXX [ZF2010-07]
	- zendframework 1.10.3-1
	NOTE: http://framework.zend.com/security/advisory/ZF2010-07
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP  ...)
	- jetty 6.1.22-1 (bug #575789)
CVE-2009-4611 (Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data with ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty  ...)
	- jetty <not-affected> (low; bug #575790)
	NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attacke ...)
	- jetty <not-affected> (low; bug #575791)
	NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT)  ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
	NOTE: http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=336f40a728b9a4a5db5e1df5c89852c79ff95604
CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through  ...)
	{DSA-1991-1}
	- squid 2.7.STABLE8-1
	- squid3 3.1.0.16-1 (bug #575747)
CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel be ...)
	{DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to c ...)
	{DSA-2033-1}
	- ejabberd 2.1.2-2 (medium; bug #568383)
	NOTE: https://support.process-one.net/browse/EJAB-1173
CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 t ...)
	{DSA-1983-1}
	- wireshark 1.2.6-1
CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2  ...)
	{DSA-1982-1}
	- hybserv 1.9.2-4.1 (low; bug #550389)
CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling  ...)
	- cups 1.4.2-10 (bug #572940)
	[lenny] - cups 1.3.8-1+lenny9
	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
	NOTE: This is for an incomplete fix for CVE-2009-3553
CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d opt ...)
	{DSA-1981-1}
	- maildrop 2.2.0-3.1 (low; bug #564601)
CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...)
	{DSA-1980-1}
	- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low)
CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure permi ...)
	- linux-2.6 2.6.32-6
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level (C ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB pas ...)
	- qemu-kvm 0.11.1+dfsg-1
	- kvm <removed> (low)
	[lenny] - kvm <no-dsa> (minor issue)
CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka gli ...)
	{DSA-2058-1}
	- glibc 2.11-1 (bug #583908)
	- eglibc 2.11-1
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540
CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read op ...)
	{DSA-1987-1}
	- lighttpd 1.4.26-1 (medium)
CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a s ...)
	{DSA-1992-1}
	- chrony 1.23-7 (low)
CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 do ...)
	{DSA-1992-1}
	- chrony 1.23-7 (low)
CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony bef ...)
	{DSA-1992-1}
	- chrony 1.23-7 (medium)
CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before  ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1 (medium)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL  ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (low)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://secunia.com/advisories/38205/
CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (medium; bug #565406)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847
	NOTE: issue being exploited
CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin (plugins/a ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (low)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://secunia.com/advisories/38205/
CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication extens ...)
	- typo3-src 4.3.1-1 (bug #567163)
	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...)
	- gnome-screensaver 2.28.3-1 (low)
	[lenny] - gnome-screensaver <no-dsa> (Minor issue)
	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616
CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the Portal ...)
	NOT-FOR-US: Novell Access Manager
CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 bef ...)
	- krb5 1.8+dfsg~alpha1-7
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
CVE-2010-0282
	RESERVED
CVE-2010-0281
	RESERVED
CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Googl ...)
	- lib3ds 1.3.0-5 (low; bug #575741)
	[lenny] - lib3ds <no-dsa> (Minor issue)
	[etch] - lib3ds <no-dsa> (Minor issue)
	- openscenegraph 2.8.0-1
	[lenny] - openscenegraph 2.4.0-1.1+lenny1
	NOTE: openscenegraph embeds acopy of lib3ds
	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
	NOTE: issue was published saying it affects google sketchup,
	NOTE: but the vulnerable code is in lib3ds
	NOTE: http://code.google.com/p/lib3ds/issues/detail?id=9
CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ex ...)
	NOT-FOR-US: BTS-GI Read excel
CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Wind ...)
	NOT-FOR-US: ActiveX
CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. AC ...)
	NOT-FOR-US: ACCESSGUARDIAN
CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 with Gu ...)
	NOT-FOR-US: Overland Storage Snap Server
CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the WebDriv ...)
	NOT-FOR-US: South River Technologies WebDrive
CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the Fernan ...)
	NOT-FOR-US: Joomla!
CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7 ...)
	NOT-FOR-US: SAP Kernel
CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x  ...)
	NOT-FOR-US: Randomizer module for Drupal
CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.php in ...)
	NOT-FOR-US: ZeeJobsite
CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt  ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) com ...)
	NOT-FOR-US: Joomla!
CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 f ...)
	NOT-FOR-US: Joomla!
CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1 ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows r ...)
	NOT-FOR-US: PHP Inventory
CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6,  ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low; bug #566775)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Dom ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) be ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light Mod ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 o ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6  ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_ ...)
	NOT-FOR-US: hald in Sun OpenSolaris
CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle o ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, an ...)
	NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2  ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0259
	REJECTED
CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does n ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prev ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does n ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0253
	REJECTED
CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel Acti ...)
	NOT-FOR-US: Microsoft Data Analyzer ActiveX control
CVE-2010-0251
	REJECTED
CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1,  ...)
	NOT-FOR-US: Microsoft
CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly h ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004  ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows loc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures  ...)
	- postfix <not-affected> (SUSE-specific packaging issue)
CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash  ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash  ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash  ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password rep ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a p ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edi ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0220 (The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverL ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: browser DoS not treated as security issue
CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2 ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.2.4-1
	NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
	NOTE: there is still at least one unserialize() call on _POST data
CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access o ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...)
	NOT-FOR-US: Bftpd
CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic Analysis an ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security Engine (BAS ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php in Ba ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
	NOTE: 1.4.5 fixed more XSS issues in this file
CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control ...)
	NOT-FOR-US: AwingSoft Awakening
CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of ...)
	- cherokee <not-affected> (Only affects Windows and DOS)
	NOTE: this only works on windows and dos as you are not allowed
	NOTE: to use a file name with AUX and any or no extension as this is a
	NOTE: reserved device name. cherokee was lacking error handling...
CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in W ...)
	NOT-FOR-US: Wowd client
CVE-2010-0219 (Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterpri ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-0218 (ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the  ...)
	- bind9 <not-affected> (Only affects 9.7.2, which is not yet in the archive)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
	NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
CVE-2010-0217 (Zeacom Chat Server before 5.1 uses too short a random string for the J ...)
	NOT-FOR-US: Zeacom Chat Server
CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows r ...)
	NOT-FOR-US: MediaCAST
CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass  ...)
	NOT-FOR-US: ActiveCollab
CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with firmwar ...)
	NOT-FOR-US: PolyVision RoomWizard
CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trus ...)
	- bind9 9.7.1.dfsg.P2
	[lenny] - bind9 <not-affected> (vulnerability introduced in 9.7.1)
CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ( ...)
	{DSA-2077-1}
	- openldap 2.4.23-1
CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not  ...)
	{DSA-2077-1}
	- openldap 2.4.23-1
CVE-2010-0210
	RESERVED
CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adob ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-0208
	RESERVED
CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows remote  ...)
	- kdegraphics 4:4.0.0-1 (unimportant)
	- xpdf <unfixed> (unimportant)
	- poppler 0.16.3-1 (unimportant)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
	NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...)
	- kdegraphics 4:4.0.0-1 (unimportant)
	- xpdf <unfixed>  (unimportant)
	- poppler 0.16.3-1 (unimportant)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: Just a crasher, not treated as a security issue
CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...)
	{DSA-2032-1}
	- libpng 1.2.43-1 (low; bug #572308)
	NOTE: http://www.kb.cert.org/vuls/id/576029
CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0200
	REJECTED
CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Win ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 al ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Ado ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ac ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO Dom ...)
	NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots functi ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6 ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.9-1 (low)
	[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
	- iceape 2.0.4-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <end-of-life>
CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey bef ...)
	- xulrunner 1.9.1.9-1 (unimportant)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0180 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_ ...)
	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey be ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3. ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in  ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the as ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x bef ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected w ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoade ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceape 2.0.3-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in content/base/src/nsDocum ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x befor ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.c ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp  ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0164 (Use-after-free vulnerability in the imgContainer::InternalAddFrameHelp ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 proces ...)
	{DSA-2025-1}
	- icedove 3.0.4-1 (medium)
CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMon ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[etch] - xulrunner <end-of-life>
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in M ...)
	- xulrunner <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 an ...)
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
	[lenny] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[etch] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
	[lenny] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x be ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0158
	NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy)  ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local user ...)
	- puppet 0.25.4-2
	[lenny] - puppet <no-dsa> (Minor issue)
CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management Inter ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local Manage ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Loca ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local Manag ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used i ...)
	NOT-FOR-US: Cisco
CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285 ...)
	NOT-FOR-US: Cisco Security Agent
CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco Securit ...)
	NOT-FOR-US: Cisco
CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco S ...)
	NOT-FOR-US: Cisco
CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco Ir ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the emb ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the embed ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unifie ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.6 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ( ...)
	NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor
CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2010-0136 (OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce ...)
	{DSA-1995-1}
	- openoffice.org 1:3.1.1-11
CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), a ...)
	NOT-FOR-US: WordPerfect reader on Windows
CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10. ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 rea ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 an ...)
	- viewvc 1.1.5-1 (bug #576307)
CVE-2010-0131 (Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might all ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player befor ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy KeyVi ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2010-0125 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the m ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software  ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0121 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, place ...)
	NOT-FOR-US: Bournal
CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files v ...)
	NOT-FOR-US: Bournal
CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 throug ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and Real ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...)
	NOT-FOR-US: UranyumSoft Listing Service
CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...)
	NOT-FOR-US: dB Masters Multimedia Links Directory
CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...)
	NOT-FOR-US: XOOPS module
CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in RoseOnline ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3  ...)
	NOT-FOR-US: Hasta Blog
CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue (com_art ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms (com_facil ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...)
	NOT-FOR-US: MDForum module for MAXdev MDPro
CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component 1 ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qperso ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts Direct ...)
	NOT-FOR-US: I-Escorts Directory Script
CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (m ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allow ...)
	NOT-FOR-US: PhpShop
CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 a ...)
	NOT-FOR-US: PhpShop
CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remot ...)
	NOT-FOR-US: PhpShop
CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote a ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Us ...)
	- webmin <removed>
CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
	NOT-FOR-US: Viscacha
CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remo ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the Z ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in zp-core/admin-optio ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenph ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...)
	NOT-FOR-US: WebLeague
CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows r ...)
	NOT-FOR-US: WebLeague
CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module 6. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alp ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module 5. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal products
CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCar ...)
	NOT-FOR-US: AgoraCart
CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 20 ...)
	NOT-FOR-US: Snitz Forums
CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ca ...)
	NOT-FOR-US: iRehearse
CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for  ...)
	NOT-FOR-US: module for Miniweb
CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 a ...)
	NOT-FOR-US: module for Miniweb
CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote  ...)
	NOT-FOR-US: A2 Media Player Pro
CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk  ...)
	NOT-FOR-US: ViArt Helpdesk
CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x a ...)
	NOT-FOR-US: ViArt CMS
CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers  ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromoso ...)
	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft Tech ...)
	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft  ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remot ...)
	NOT-FOR-US: Mini CMS
CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager  ...)
	NOT-FOR-US: SQLiteManager
CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) compon ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android r ...)
	NOT-FOR-US: Symantec Norton Mobile Security application 1.0
CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Ha ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2010-0109 (DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9  ...)
	NOT-FOR-US: Symantec
CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the Syman ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360  ...)
	NOT-FOR-US: Symantec
CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before  ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6 ...)
	NOT-FOR-US: Apple hfs implementation
CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management Fi ...)
	NOT-FOR-US: Broadcom Integrated NIC Management Firmware
CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software conta ...)
	NOT-FOR-US: Energizer DUO USB Battery Charger Software
CVE-2010-0102
	RESERVED
CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...)
	NOT-FOR-US: Lexmark printers and MarkNet devices
CVE-2010-0100
	RESERVED
CVE-2010-0099
	REJECTED
CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z fil ...)
	- clamav 0.96+dfsg-1
	[lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1
CVE-2010-0096
	RESERVED
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2 ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6 (low; bug #564114)
	[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
	- linux-2.6.24 <removed> (low)
	NOTE: just like CVE-2009-4536 but was reported later
CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 a ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11 (medium; bug #564110; bug #591581)
	- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-6 (low; bug #564114)
	- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the sourc ...)
	NOT-FOR-US: Mongoose
CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6 ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x bef ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the source  ...)
	NOT-FOR-US: httpdx
CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the sourc ...)
	NOT-FOR-US: Mongoose
CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote att ...)
	NOT-FOR-US: InterVations NaviCOPA Web Server
CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupa ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail and PD ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 all ...)
	NOT-FOR-US: Zainu
CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCM ...)
	NOT-FOR-US: BloofoxCMS
CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse ...)
	NOT-FOR-US: Eclipse Business Intelligence and Reporting Tools
CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknow ...)
	NOT-FOR-US: Ortro
CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privi ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Int ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the Workflow mo ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when Us ...)
	NOT-FOR-US: Oscailt
CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) befor ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication Ser ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4508
	RESERVED
CVE-2009-4507
	RESERVED
CVE-2009-4506
	RESERVED
CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Co ...)
	NOT-FOR-US: OpenCMS
CVE-2009-4504
	RESERVED
CVE-2009-4503
	RESERVED
CVE-2009-4502 (The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, whe ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4501 (The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Serv ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4500 (The process_trap function in trapper/trapper.c in Zabbix Server before ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in the  ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows r ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
	{DSA-2092-1}
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing non-print ...)
	- boa 0.94.14rc21-4 (unimportant; bug #578035)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable c ...)
	- yaws <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing non-print ...)
	- aolserver4 <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without sanit ...)
	NOT-FOR-US: Orion httpd
CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patc ...)
	- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
	- ruby1.9 <removed> (unimportant; bug #564647)
	- ruby1.9.1 1.9.1.378-1 (unimportant; bug #564646)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
	NOTE: same as CVE-2009-4487
CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing non-printab ...)
	- thttpd <removed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing non-print ...)
	- mini-httpd <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without  ...)
	- cherokee 0.99.37-1 (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitiz ...)
	- varnish <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing non-printabl ...)
	- nginx <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell iManage ...)
	NOT-FOR-US: iManager
CVE-2009-4485
	REJECTED
CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName func ...)
	{DSA-1997-1}
	- mysql-dfsg-5.0 <removed> (medium)
	- mysql-5.1 5.1.41-4 (medium)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: http://web.archive.org/web/20100129040903/http://intevydis.blogspot.com:80/2010/01/mysq-yassl-stack-overflow.html
	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remot ...)
	NOT-FOR-US: MailSite
CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attac ...)
	NOT-FOR-US: TVersity
CVE-2009-4481
	REJECTED
CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might a ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MailSite
CVE-2009-4478 (Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Est ...)
	NOT-FOR-US: Xstate Real Estate
CVE-2009-4477 (SQL injection vulnerability in page.html in Xstate Real Estate 1.0 all ...)
	NOT-FOR-US: Xstate Real Estate
CVE-2009-4476 (Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-0 ...)
	NOT-FOR-US: HAURI ViRobot Desktop
CVE-2009-4475 (SQL injection vulnerability in the Joomlub (com_joomlub) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4474 (SQL injection vulnerability in the Mike de Boer zoom (com_zoom) compon ...)
	NOT-FOR-US: Mambo component
CVE-2009-4473 (Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/Conten ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2009-4472 (Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and ...)
	NOT-FOR-US: PHPope
CVE-2009-4471 (Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 ...)
	NOT-FOR-US: FreeSchool
CVE-2009-4470 (SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remot ...)
	NOT-FOR-US: DVBBS
CVE-2009-4469 (Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc. ...)
	NOT-FOR-US: phpPowerCards
CVE-2009-4468 (Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 a ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4467 (misc.php in DeluxeBB 1.3 allows remote attackers to register accounts  ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4466 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4465 (DeluxeBB 1.3 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4464 (Cross-site scripting (XSS) vulnerability in searchadvance.asp in Activ ...)
	NOT-FOR-US: Active Business Directory
CVE-2009-4463 (Intellicom NetBiter WebSCADA devices use default passwords for the HIC ...)
	NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility (NetBiterCon ...)
	NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...)
	- flatpress <itp> (bug #466297)
CVE-2009-4460 (Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traff ...)
	NOT-FOR-US: Auto-Surf Traffic Exchange Script
CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the chara ...)
	- redmine 0.9.1-1 (bug #563940)
CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses pred ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Gene ...)
	- sarg 2.2.5-1 (low)
CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...)
	- sarg 2.2.4-1 (medium)
CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a  ...)
	{DSA-1985-1}
	- sendmail 8.14.3-9.1 (medium; bug #564581)
	NOTE: http://www.sendmail.org/releases/8.14.4
CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 a ...)
	NOT-FOR-US: FreePBX
CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module befor ...)
	- webmin <removed>
CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1 ...)
	NOT-FOR-US: Green Desktiny
CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...)
	- videocache <itp> (bug #505329)
CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX contr ...)
	NOT-FOR-US: SoftCab Sound Converter ActiveX
CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Vir ...)
	NOT-FOR-US: Kaspersky Anti-Viru
CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper 0 ...)
	NOT-FOR-US: kandalf upper
CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in Live ...)
	NOT-FOR-US: LiveZilla
CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10 ...)
	NOT-FOR-US: MyBB
CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possi ...)
	NOT-FOR-US: MyBB
CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: Jax Guestbook
CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGal ...)
	NOT-FOR-US: phpInstantGallery
CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in conjunctio ...)
	NOT-FOR-US: Microsoft
CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only th ...)
	NOT-FOR-US: Microsoft
CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) funct ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server Enter ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4441 (Directory Proxy Server (DPS) in Sun Java System Directory Server Enter ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4440 (Directory Proxy Server (DPS) in Sun Java System Directory Server Enter ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4439 (Unspecified vulnerability in the Query Compiler, Rewrite, and Optimize ...)
	NOT-FOR-US: DB2
CVE-2009-4438 (The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 be ...)
	NOT-FOR-US: DB2
CVE-2009-4437 (Multiple SQL injection vulnerabilities in Active Auction House 3.6 all ...)
	NOT-FOR-US: Active Auction House 3.6
CVE-2009-4436 (Multiple SQL injection vulnerabilities in Active Web Softwares eWebqui ...)
	NOT-FOR-US: Active Web Softwares eWebquiz
CVE-2009-4435 (Multiple directory traversal vulnerabilities in F3Site 2009 allow remo ...)
	NOT-FOR-US: F3Site 2009
CVE-2009-4434 (Directory traversal vulnerability in index.php in IDevSpot iSupport 1. ...)
	NOT-FOR-US: IDevSpot
CVE-2009-4433 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSuppo ...)
	NOT-FOR-US: IDevSpot
CVE-2009-4432 (SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 all ...)
	NOT-FOR-US: CodeMight VideoCMS
CVE-2009-4431 (PHP remote file inclusion vulnerability in cal_popup.php in the Anythi ...)
	NOT-FOR-US: Joomla addon
CVE-2009-4430 (SQL injection vulnerability in index.php in VirtueMart 1.0 allows remo ...)
	NOT-FOR-US: VirtueMart
CVE-2009-4429 (Cross-site scripting (XSS) vulnerability in the Sections module 5.x be ...)
	NOT-FOR-US: Drupal addon
CVE-2009-4428 (SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) c ...)
	NOT-FOR-US: Joomla addon
CVE-2009-4427 (Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 a ...)
	{DSA-1965-1}
	- phpldapadmin 1.1.0.7-1.1 (medium; bug #561975)
	[etch] - phpldapadmin <not-affected> (Vulnerable code not present)
CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, when mag ...)
	NOT-FOR-US: Ignition
CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...)
	NOT-FOR-US: iDevCart
CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2009-XXXX [ampache DoS and CSRF]
	- ampache 3.5.3-1 (low)
	[lenny] - ampache <no-dsa> (minor issue)
CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows r ...)
	NOT-FOR-US: weenCompany
CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArgum ...)
	- libphp-jpgraph <not-affected> (Vulnerable code not present)
CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP B ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Sec ...)
	NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM)
CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SI ...)
	NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows context-depen ...)
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script, not treated as a security issue
	NOTE: per Debian PHP security policy
CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend Framew ...)
	NOTE: the CVE talks about the Zend Framework, but the culprit
	NOTE: is actually piwik
CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare  ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12 ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 allow ...)
	- serendipity 1.5.3-1 (low; bug #562634)
CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when runni ...)
	- acl 2.2.49-2 (low; bug #499076)
	[etch] - acl <not-affected> (Vulnerable code not present)
	[lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
	NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser i ...)
	NOT-FOR-US: PyForum
CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum  ...)
	NOT-FOR-US: PyForum
CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American P ...)
	NOT-FOR-US: APC Switched Rack PDU AP7932 B2
CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknow ...)
	- trac 0.11.6-1 (low)
	[lenny] - trac <no-dsa> (Minor information disclosure)
CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allow ...)
	- t-prot 2.8-1 (low)
	[etch] - t-prot <no-dsa> (Minor issue)
	[lenny] - t-prot <no-dsa> (Minor issue)
CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...)
	NOT-FOR-US: Rumba XML
CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file ...)
	- linux-2.6 2.6.32-1 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
CVE-2009-4401 (SQL injection vulnerability in the Parish Administration Database (ste ...)
	NOT-FOR-US: ste_parish_admin typo3 extension
CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish Administration  ...)
	NOT-FOR-US: ste_parish_admin typo3 extension
CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit Religious ...)
	NOT-FOR-US: hs_religiousartgallery typo3 extension
CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spi ...)
	NOT-FOR-US: hs_religiousartgallery typo3 extension
CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth  ...)
	NOT-FOR-US: pd_resources typo3 extension
CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth Resources Dat ...)
	NOT-FOR-US: pd_resources typo3 extension
CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_p ...)
	NOT-FOR-US: ste_prayer2 typo3 extension
CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...)
	NOT-FOR-US: ste_prayer2 typo3 extension
CVE-2009-4393 (SQL injection vulnerability in the Document Directorys (danp_documentd ...)
	NOT-FOR-US: danp_documentdirs
CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff) extensio ...)
	NOT-FOR-US: xds_staff typo3 extension
CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list (dr_blob) ex ...)
	NOT-FOR-US: dr_blob typo3 extension
CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 ...)
	NOT-FOR-US: car typo3 extension
CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0 ...)
	NOT-FOR-US: aba_watchdog typo3 extension
CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) e ...)
	NOT-FOR-US: nl_listman typo3 extension
CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ShowInContentAr ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur B ...)
	NOT-FOR-US: Venalsur Booking Centre Booking System
CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptse ...)
	NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E ...)
	NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum  ...)
	NOT-FOR-US: Rocomotion P forum
CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS ...)
	NOT-FOR-US: PHPFABER CMS
CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in texmedia Mill ...)
	NOT-FOR-US: texmedia Million Pixel Script
CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3. ...)
	NOT-FOR-US: Valarsoft Webmatic
CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webma ...)
	NOT-FOR-US: Valarsoft Webmatic
CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in componen ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows re ...)
	NOT-FOR-US: Solaris
CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle Ja ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0081 (Unspecified vulnerability in the Application Server Control component  ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile  ...)
	NOT-FOR-US: PeopleSoft Enterprise HCM
CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0076 (Unspecified vulnerability in the Application Express Application Build ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Se ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server compon ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows  ...)
	- wireshark <not-affected> (Windows-specific)
CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 a ...)
	{DSA-1983-1}
	- wireshark 1.2.5-1
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA  ...)
	- wireshark 1.2.5-1
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4374 (Directory traversal vulnerability in repository/repository_attachment. ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4373 (Unrestricted file upload vulnerability in repository/repository_attach ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5,  ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module (modules ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module (modules/m ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module (module ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1 (low)
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unk ...)
	- centreon-web <itp> (bug #913903)
CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") i ...)
	NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez  ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez  ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framewo ...)
	{DSA-1966-1}
	- horde3 3.3.6+debian0-1 (low)
CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users t ...)
	NOT-FOR-US: IBM AIX
CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users  ...)
	NOT-FOR-US: IBM AIX
CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the Conten ...)
	NOT-FOR-US: XOOPS
CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the SmartMed ...)
	NOT-FOR-US: XOOPS
CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure pe ...)
	NOT-FOR-US: freebsd-update
CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in Wina ...)
	NOT-FOR-US: Winamp
CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib ...)
	{DSA-1970-1}
	- openssl 0.9.8k-8 (low)
	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
	NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not  ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Activ ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...)
	NOT-FOR-US: WSCreator
CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in administration/admi ...)
	NOT-FOR-US: Link Up Gold
CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker ...)
	NOT-FOR-US: Harold Bakker's NewsScript
CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...)
	NOT-FOR-US: daloRADIUS
CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news submitte ...)
	NOT-FOR-US: fe_rtenews typo3 extension
CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox)  ...)
	NOT-FOR-US: vShoutbox typo3 extension
CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_lin ...)
	NOT-FOR-US: zid_linklist typo3 extension
CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company Datab ...)
	NOT-FOR-US: trainincdb typo3 extension
CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) extensio ...)
	NOT-FOR-US: jobexchange typo3 extension
CVE-2009-4341 (SQL injection vulnerability in the No indexed Search (no_indexed_searc ...)
	NOT-FOR-US: no_indexed_search typo3 extension
CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search (no_ ...)
	NOT-FOR-US: no_indexed_search typo3 extension
CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) exte ...)
	NOT-FOR-US: mf_subscription typo3 extension
CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) extensi ...)
	NOT-FOR-US: slideshow typo3 extension
CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_ ...)
	NOT-FOR-US: pd_calendar typo3 extension
CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth  ...)
	NOT-FOR-US: pd_calendar typo3 extension
CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in t ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 con ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 9. ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component i ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2009-XXXX [libhaml-ruby XSS issue]
	- libhaml-ruby 2.2.8-1
CVE-2009-XXXX [roundup: unspecified issue]
	- roundup 1.4.11-1
CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remot ...)
	NOT-FOR-US: Apple Disk Images
CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ow ...)
	NOT-FOR-US: Apple DesktopServices
CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple CoreTypes
CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0061
	RESERVED
CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple CoreAudio
CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to e ...)
	NOT-FOR-US: Apple CoreAudio
CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009 ...)
	- clamav <not-affected> (apple-specific configuration issue)
CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use  ...)
	NOT-FOR-US: Apple AFP Server
CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10 ...)
	NOT-FOR-US: Apple AppKit
CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package signat ...)
	- xar <removed> (bug #572556)
	[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/53812
	NOTE: http://trac.webkit.org/changeset/53813
	NOTE: http://trac.webkit.org/changeset/54242
CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/50466
CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/51877
CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the cro ...)
	NOTE: http://trac.webkit.org/changeset/52784
	NOTE: duplicate of CVE-2010-0651
CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/52073
CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/52527
CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/51962
CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 al ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/50698
CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Saf ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/51727
CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate extern ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...)
	NOT-FOR-US: Apple PubSub
	NOTE: apple's pubsub is rss-oriented and all debian packages with pubsub
	NOTE: components are not; hence this is very likely an issue specifically with
	NOTE: their own code, or their wrapper code around another PubSub library
CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows  ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort ...)
	NOT-FOR-US: Apple
CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for  ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 al ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 al ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 a ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote  ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP ...)
	NOT-FOR-US: Microsoft Paint
CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 Gol ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server servi ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0. ...)
	NOT-FOR-US: Microsoft Silverlight on Windows
CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.d ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows S ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 an ...)
	{DSA-1973-1}
	- eglibc 2.10.2-4 (medium; bug #560333)
	- glibc 2.10.2-4 (medium)
CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 aut ...)
	- sssd 1.0.5-1
CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin  ...)
	- pidgin 2.6.5-1 (medium; bug #563206)
	[lenny] - pidgin <not-affected> (vulnerable code not present)
	- gaim <not-affected> (vulnerable code not present)
	NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in Tra ...)
	{DSA-1967-1}
	- transmission 1.77-1 (low)
	NOTE: http://trac.transmissionbt.com/changeset/9829/
	NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625
CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes  ...)
	- uzbl 0.0.0~git.20100105-1 (medium)
	NOTE: http://www.uzbl.org/news.php?id=22
	NOTE: maintainer is aware of it
CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util. ...)
	- apache <removed> (low)
	NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
	NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
	NOTE: proxy situations, the backend server is usually trusted, anyway.
CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain  ...)
	- couchdb 0.11.0-1 (bug #576304)
	[lenny] - couchdb <no-dsa> (Minor information leak)
CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ker ...)
	- linux-2.6 2.6.23-1
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the netfilte ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
	- linux-2.6.24 <removed>
CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel  ...)
	- linux-2.6 2.6.32-6
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...)
	- viewvc 1.1.5-1 (bug #575777)
CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the a ...)
	- viewvc 1.1.5-1 (bug #575777)
CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
	[etch] - linux-2.6 <not-affected> (does not have print-fatal-signals)
	- linux-2.6.24 <removed>
CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for  ...)
	- bash <not-affected> (mandriva-specific packaging issue)
CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4  ...)
	{DSA-2074-1 DSA-1974-1}
	- gzip 1.3.12-9 (medium; bug #566002)
	- linux-2.6 <not-affected> (does not include unlzw.c in its gzip code copy)
	- klibc <not-affected> (does not include unlzw.c in its gzip code copy)
	- busybox <not-affected> (does not include unlzw.c in its gzip code copy)
	- pristine-tar <not-affected> (does not include unlzw.c in its gzip code copy)
	- ncompress 4.2.4.3-1
CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in Mult ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-4323 (The installation for Zen Cart stores sensitive information and insecur ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to obta ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other v ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...)
	NOT-FOR-US: The Next Generation of Genealogy Sitebuilding
CVE-2009-4319 (PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form. ...)
	NOT-FOR-US: eoCMS
CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate M ...)
	NOT-FOR-US: Real Estate Manager
CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez  ...)
	NOT-FOR-US: ScriptsEz
CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in  ...)
	NOT-FOR-US: ZeeLyrics
CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...)
	NOT-FOR-US: Nuggetz CMS
CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group  ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows Med ...)
	NOT-FOR-US: Microsoft
CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows Medi ...)
	NOT-FOR-US: Microsoft
CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 filesyst ...)
	{DSA-2005-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kerne ...)
	{DSA-2443-1}
	- linux-2.6 2.6.32-2 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.27)
CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents)  ...)
	- linux-2.6 2.6.32-2 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-4291
	RESERVED
CVE-2009-4290
	RESERVED
CVE-2009-4289
	RESERVED
CVE-2009-4288
	RESERVED
CVE-2009-4287
	RESERVED
CVE-2009-4286
	RESERVED
CVE-2009-4285
	RESERVED
CVE-2009-4284
	RESERVED
CVE-2009-4283
	RESERVED
CVE-2009-4282
	RESERVED
CVE-2009-4281
	RESERVED
CVE-2009-4280
	RESERVED
CVE-2009-4279
	RESERVED
CVE-2009-4278
	RESERVED
CVE-2009-4277
	RESERVED
CVE-2009-4276
	REJECTED
CVE-2009-4275
	REJECTED
CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm befo ...)
	{DSA-2026-1 DTSA-206-1}
	- netpbm-free 2:10.0-12.2 (medium; bug #569060)
CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
	- systemtap 1.1-1 (bug #568865)
	[lenny] - systemtap <not-affected> (Server component not yet present)
	[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.1 ...)
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411
CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platform ...)
	- linux-2.6 2.6.18-1
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
	{DSA-2080-1}
	- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication f ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://issues.apache.org/jira/browse/DERBY-4483
CVE-2009-4268
	REJECTED
CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed]
	- gnome-screensaver 2.28.0-2 (low; bug #560895)
	[etch] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
	[lenny] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
	NOTE: the code in etch's version is more different but it seems to be affected
	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
CVE-2009-5018 (Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier  ...)
	- gif2png 2.5.2-1 (low; bug #550978)
	[etch] - gif2png <no-dsa> (minor issue)
	[lenny] - gif2png <no-dsa> (minor issue)
CVE-2009-XXXX [browser-based css info disclosure]
	- xulrunner <unfixed> (unimportant; bug #560108)
	- webkit <unfixed> (unimportant; bug #560870)
	- qt4-x11 <unfixed> (unimportant; bug #561754)
	- kdelibs <unfixed> (unimportant; bug #561752)
	- kde4libs <removed> (unimportant; bug #561753)
	- kazehakase <unfixed> (unimportant; bug #560871)
	- epiphany-browser <unfixed> (unimportant; bug #560872)
	- galeon <unfixed> (unimportant; bug #560873)
	- dillo <unfixed> (unimportant; bug #560874)
	NOTE: Minor design issue
CVE-2009-XXXX [xpat2: save game permissions issue]
	- xpat2 1.07-17 (unimportant; bug #560087)
CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured Certific ...)
	- network-manager-applet 0.7.2-2 (low; bug #560067)
	[lenny] - network-manager-applet <not-affected> (WPA/enterprise was added in 0.7.2)
	- network-manager <not-affected> (vulnerable code is in -applet, which is a source package on its own as of 0.6.5)
CVE-2009-XXXX [unsafe xfs]
	- xfs 1:1.0.8-6 (low; bug #521107)
	[etch] - xfs <no-dsa> (minor issue)
	[lenny] - xfs 1:1.0.8-2.2+lenny1
CVE-2009-XXXX [xserver-xorg: inherits user's mask]
	- xorg-server 2:1.7.2-1 (low; bug #555308)
	[lenny] - xorg-server 2:1.4.2-10.lenny3
CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and e ...)
	NOT-FOR-US: Taxonomy Timer module for Drupal
CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA pri ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka utauthd)  ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30  ...)
	NOT-FOR-US: Internet Initiative Japan
CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet Initiative J ...)
	NOT-FOR-US: Internet Initiative Japan
CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in YABSoft Adva ...)
	NOT-FOR-US: YABSoft Advanced Image Hosting (AIH) Script
CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and po ...)
	NOT-FOR-US: Ideal Administration
CVE-2009-4264 (PHP remote file inclusion vulnerability in components/core/connect.php ...)
	NOT-FOR-US: AROUNDMe
CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...)
	NOT-FOR-US: PTCPay
CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obta ...)
	NOT-FOR-US: Harold Bakker's Newscript HB-NS
CVE-2009-XXXX [php-net-ping argument injection]
	- php-net-ping 2.4.2-1.1 (medium)
	[etch] - php-net-ping 2.4.2-1+etch1
	[lenny] - php-net-ping 2.4.2-1+lenny1
CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (medium; bug #559531)
	NOTE: MSA-09-0031
CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random pa ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (bug #559531)
	[lenny] - moodle <no-dsa> (Minor issue)
	[etch] - moodle <no-dsa> (Minor issue)
	NOTE: MSA-09-0029
CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hash ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0028
CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0027
CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MN ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0026
CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.1 ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (bug #559531)
	[lenny] - moodle <no-dsa> (Minor issue)
	[etch] - moodle <no-dsa> (Minor issue)
	NOTE: MSA-09-0025
CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 befor ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0024
CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0023
CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0022
CVE-2009-5042 (python-docutils allows insecure usage of temporary files ...)
	- python-docutils 0.6-2 (low; bug #560755)
	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
	[lenny] - python-docutils 0.5-2+lenny1
	NOTE: cve requested
CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator framewo ...)
	{DSA-1959-1}
	- ganeti 2.0.5-1 (low)
	NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
CVE-2009-4260
	RESERVED
CVE-2009-4259
	RESERVED
CVE-2009-4258
	RESERVED
CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlre ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...)
	NOT-FOR-US: AlefMentor
CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: PowerPhlogger
CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlog ...)
	NOT-FOR-US: PowerPhlogger
CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image Hostin ...)
	NOT-FOR-US: Image Hosting Script DPI
CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Pai ...)
	NOT-FOR-US: Jasc Paint Shop Pro
CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNew ...)
	NOT-FOR-US: CuteNews
CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNew ...)
	NOT-FOR-US: CuteNews
CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest functio ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4247 (Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetwo ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer  ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function  ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the Dat ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM Inf ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow  ...)
	NOT-FOR-US: TestLink
CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2009-4236 (The process function in data/class/pages/admin/customer/LC_Page_Admin_ ...)
	NOT-FOR-US: EC-CUBE
CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
	{DSA-1960-1}
	- acpid 1.0.6 (low; bug #560771)
	NOTE: all versions set umask(0), might be worth double-checking what it opens
CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtm ...)
	NOT-FOR-US: Micronet Network Access Controller
CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php i ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not prop ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0 ...)
	NOT-FOR-US: SweetRice
CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the FastCGI pr ...)
	NOT-FOR-US: IIPImage Server
CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bi ...)
	NOT-FOR-US: ActiveWebSoftwares Active Bids
CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris snv_1 ...)
	NOT-FOR-US: OpenSolaris kernel
CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.d ...)
	NOT-FOR-US: PestPatrol
CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ...)
	- xfig <unfixed> (unimportant)
CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in f_r ...)
	- xfig 1:3.2.5.b-1 (low; bug #559274)
	[lenny] - xfig <no-dsa> (Minor issue)
	[etch] - xfig <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12 ...)
	{DSA-2002-1}
	- polipo 1.0.4-2 (low; bug #560779)
	[etch] - polipo <no-dsa> (Minor issue)
	[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
	NOT-FOR-US: SweetRice
CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1 ...)
	NOT-FOR-US: KR-Web
CVE-2009-4222 (phpBazar 2.1.1fix and earlier does not require administrative authenti ...)
	NOT-FOR-US: phpBazar
CVE-2009-4221 (SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and ...)
	NOT-FOR-US: phpBazar
CVE-2009-4220 (PHP remote file inclusion vulnerability in includes/classes/pctemplate ...)
	NOT-FOR-US: PointComma
CVE-2009-4219 (Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX c ...)
	NOT-FOR-US: Haihaisoft Universal Player
CVE-2009-4218 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Ba ...)
	NOT-FOR-US: JiRo's Banner System eXperience (JBSX)
CVE-2009-4217 (SQL injection vulnerability in the Itamar Elharar MusicGallery (com_mu ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4216 (Directory traversal vulnerability in funzioni/lib/menulast.php in klin ...)
	NOT-FOR-US: klinza
CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus Pr ...)
	NOT-FOR-US: Panda
CVE-2009-4213
	RESERVED
CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption func ...)
	{DSA-1969-1}
	- krb5 1.8+dfsg~alpha1-1
CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness  ...)
	NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script
CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Ser ...)
	NOT-FOR-US: Microsoft
CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: moziloCMS
CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS)  ...)
	NOT-FOR-US: Open-school
CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x bef ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free Edit ...)
	NOT-FOR-US: Flashlight Free Edition
CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition all ...)
	NOT-FOR-US: Flashlight Free Edition
CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php  ...)
	NOT-FOR-US: Arab Portal
CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery (com_omp ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant Professiona ...)
	NOT-FOR-US: Mp3 Tag Assistant Professional
CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component 1.2 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos  ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows remo ...)
	NOT-FOR-US: MyMiniBill
CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7 ...)
	NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple script ...)
	NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4195 (Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlie ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2009-4194 (Directory traversal vulnerability in Golden FTP Server 4.30 Free and P ...)
	NOT-FOR-US: Golden FTP
CVE-2009-4192 (Directory traversal vulnerability in dialog/file_manager.php in Inters ...)
	NOT-FOR-US: Interspire Knowledge Manager
CVE-2009-4191 (Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSola ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4190 (Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 all ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4189 (HP Operations Manager has a default password of OvW*busr1 for the ovwe ...)
	NOT-FOR-US: HP Operations Manager
CVE-2009-4188 (HP Operations Dashboard has a default password of j2deployer for the j ...)
	NOT-FOR-US: HP Operations Dashboard
CVE-2009-4187 (Multiple cross-site scripting (XSS) vulnerabilities in the Gateway com ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2009-4186 (Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allow ...)
	NOT-FOR-US: Apple Safari
CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in H ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECM ...)
	NOT-FOR-US: HP Enterprise Cluster Master Toolkit
CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 a ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a r ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Nod ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager ( ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenVie ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote atta ...)
	NOT-FOR-US: CuteNews
CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews befor ...)
	NOT-FOR-US: CuteNews
CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1. ...)
	NOT-FOR-US: CuteNews
CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteN ...)
	NOT-FOR-US: CuteNews
CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.21 ...)
	NOT-FOR-US: ActiveX
CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, al ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-C ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_b ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 fo ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ext ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar (simple ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3. ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_se ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter a ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter configurati ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...)
	NOT-FOR-US: Joomla!
CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in Ci ...)
	NOT-FOR-US: Ciamos CMS
CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...)
	NOT-FOR-US: Eshopbuilde
CVE-2009-4154 (Directory traversal vulnerability in includes/feedcreator.class.php in ...)
	NOT-FOR-US: Elxis CMS
CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM WebSphere  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration componen ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in  ...)
	{DSA-1944-1}
	- request-tracker3.6 3.6.9-2 (low)
	- request-tracker3.4 <removed>
CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA Se ...)
	NOT-FOR-US: CA Service Desk
CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...)
	NOT-FOR-US: DAZ Studio
CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld- ...)
	- kfreebsd-6 <not-affected> (the affected file -rtld.c-  is not in the archive, not even kFreeBSD)
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld- ...)
	- kfreebsd-6 <not-affected> (the affected file -rtld.c-  is not in the archive, not even kFreeBSD)
CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection o ...)
	- network-manager-applet 0.7.2-2 (low; bug #563371)
	- network-manager <not-affected> (-editor introduced in 0.7 on the -applet package)
	[lenny] - network-manager-applet <not-affected> (-editor was introduced in 0.7)
CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has uns ...)
	{DSA-2001-1}
	- php5 5.2.12.dfsg.1-1 (low)
CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly h ...)
	{DSA-2001-1}
	- php5 5.2.12.dfsg.1-1 (medium)
CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in fs/fcntl ...)
	- linux-2.6 2.6.32-6
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
	- piwik <itp> (bug #506933)
CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java  ...)
	NOT-FOR-US: spacewalk-java
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when p ...)
	{DSA-2005-1}
	- linux-2.6 2.6.32-3 (medium)
	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before  ...)
	- piwik <itp> (bug #506933)
CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1. ...)
	{DSA-1964-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 8.3.9-1 (low)
	- postgresql-8.4 8.4.2-1 (low)
CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...)
	- coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows remote atta ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2009-4132
	REJECTED
CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the e ...)
	- linux-2.6 2.6.32-2 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (introduced in 2.6.31)
CVE-2009-XXXX [monkey DoS]
	- monkey 0.9.3-1 (low)
	[lenny] - monkey <no-dsa> (Minor issue, fringe package)
CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function  ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...)
	- grub2 1.97+20091115-1 (bug #555195)
	[lenny] - grub2 <not-affected> (Password authentication not yet present)
	- grub <not-affected> (only affects grub2)
CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9. ...)
	NOT-FOR-US: Wikipedia Toolbar extension for Firefox
CVE-2009-4126
	RESERVED
CVE-2009-4125
	RESERVED
CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in string.c  ...)
	- ruby1.9.1 1.9.1.376-1
	- ruby1.9 <removed> (bug #572817)
	- ruby1.8 <not-affected>
	NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
CVE-2009-4123
	RESERVED
CVE-2009-4122
	RESERVED
CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CM ...)
	NOT-FOR-US: Quick CMS
CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Ca ...)
	NOT-FOR-US: Quick.Cart
CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.ex ...)
	NOT-FOR-US: Cisco VPN client for Windows
CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before  ...)
	NOT-FOR-US: MuPDF
CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6 ...)
	NOT-FOR-US: CutePHP
CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories modul ...)
	NOT-FOR-US: CutePHP CuteNews
CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ver ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-4113 (Static code injection vulnerability in the Categories module in CutePH ...)
	NOT-FOR-US: CutePHP CuteNews
CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent an ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remo ...)
	NOT-FOR-US: Invisible Browsing
CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...)
	NOT-FOR-US: Agoko CMS
CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a d ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyfte ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allow ...)
	NOT-FOR-US: Robo-FTP
CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain operatio ...)
	{DSA-1951-1}
	- firefox-sage 1.4.3-4 (medium; bug #559267)
CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ope ...)
	NOT-FOR-US: infoRSS extension for Firefox
CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations w ...)
	NOT-FOR-US: Yoono extension for Firefox
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar (com_gcal ...)
	NOT-FOR-US: Joomla! Component
CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ads ...)
	- openx <itp> (bug #513771)
CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
	NOT-FOR-US: Serenity Audio Player
CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web roo ...)
	NOT-FOR-US: RADIO istek scripti
CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an  ...)
	NOT-FOR-US: myPhile
CVE-2009-4094 (PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav. ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...)
	NOT-FOR-US: Simplog
CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...)
	NOT-FOR-US: Simplog
CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not proper ...)
	NOT-FOR-US: Simplog
CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in telep ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to bypass aut ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 a ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allow ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-4085 (PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_i ...)
	NOT-FOR-US: PHP Traverser
CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16 and e ...)
	NOT-FOR-US: e107
CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and ...)
	NOT-FOR-US: e107
CVE-2009-4082 (PHP remote file inclusion vulnerability in forums/Forum_Include/index. ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...)
	- dstat <not-affected> (Fixed/tracked as CVE-2009-3894)
	NOTE: This second ID is about the same issue, but for an older version, see
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=293497
	NOTE: For Debian we'll just use CVE-2009-3894 and mark this one as not-affected
CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP cl ...)
	NOT-FOR-US: ldap_cachemgr in Sun Solaris
CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and e ...)
	- redmine 0.9.0~svn2902-1
CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 a ...)
	- redmine 0.9.0~svn2902-1
CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...)
	- roundcube 0.3-1
CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...)
	- roundcube 0.3-1
CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41,  ...)
	- mysql-5.1 5.1.49-3 (low; bug #569484)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
	{DSA-2301-1 DSA-2260-1}
	- rails 2.2.3-2 (low; bug #558685)
	NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify  ...)
	- rails 2.2.3-1 (medium; bug #558685)
	[lenny] - rails <not-affected> (Vulnerable code not present)
	NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows rem ...)
	NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places scr ...)
	NOT-FOR-US: Opera
CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly othe ...)
	{DSA-1818-1}
	- gforge 4.7.3-2
CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14,  ...)
	{DSA-1818-1}
	- gforge 4.7.3-2
CVE-2009-4068
	RESERVED
CVE-2009-4067 (Buffer overflow in the auerswald_probe function in the Auerswald Linux ...)
	{DSA-2310-1}
	- linux-2.6 2.6.28-1 (low)
	NOTE: Driver was removed in 2.6.27
CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the S ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the Printfriend ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement m ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in Cu ...)
	NOT-FOR-US: CubeCart
CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component f ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction Scri ...)
	NOT-FOR-US: Telebid Auction Script
CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (co ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5  ...)
	NOT-FOR-US: Betsy CMS
CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27 ...)
	{DSA-1952-1}
	- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-4054
	REJECTED
CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1 ...)
	NOT-FOR-US: Home FTP Server
CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget  ...)
	NOT-FOR-US: IBM Rational Application Developer for WebSphere
CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Home FTP Server
CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro 2. ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in a ...)
	NOT-FOR-US: avast
CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated  ...)
	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1 ...)
	NOT-FOR-US: PHD Help Desk
CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
	[experimental] - cacti 1.2.0~beta2+ds1-1
	- cacti 1.2.1+ds1-1 (unimportant; bug #561339)
	NOTE: 4B0E1566.1070509@moritz-naumann.com in bugtraq
	NOTE: as one requires admin access to cacti, upstream will implement a whitelist
	NOTE: https://github.com/Cacti/cacti/issues/1072
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e al ...)
	{DSA-1954-1}
	- cacti 0.8.7e-1.1 (low; bug #561338)
	NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
	NOTE: http://www.cacti.net/download_patches.php
	NOTE: incomplete, probably another CVE id will be allocated: https://bugzilla.redhat.com/show_bug.cgi?id=541279#c17
CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x b ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before  ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected a ...)
	NOT-FOR-US: Web Services module for Drupal
CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x be ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x be ...)
	NOT-FOR-US: theme for Drupal
CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: UseBB
CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...)
	NOT-FOR-US: phpMyFAQ
CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...)
	- piwigo <not-affected> (Fixed before initial upload to the archive)
CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Ax ...)
	NOT-FOR-US: NCH Software Axon Virtual PBX
CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before  ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4036
	REJECTED
CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
	- kdegraphics 4:4.0.0-1
	- xpdf 3.01-1
	- poppler 0.5.1-1
	- swftools 0.9.2+ds1-2
	NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
	NOTE: but at least version 0.4.5 does *not* contain the ship.
	NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1. ...)
	{DSA-1964-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 8.3.9-1 (low)
	- postgresql-8.4 8.4.2-1 (low)
CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...)
	- acpid <not-affected> (problem in redhat-specific patch; debian uses sensible permissions 0664)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062
CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulat ...)
	{DSA-1962-1}
	- linux-2.6 2.6.32-3 (low)
	[lenny] - linux-2.6 2.6.26-21
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed> (low; bug #562075)
CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain privile ...)
	{DSA-1997-1}
	- mysql-5.1 5.1.43-1
	- mysql-dfsg-5.0 <removed>
CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, an ...)
	- automake 1:1.4-p6-13.1
	[lenny] - automake <no-dsa> (Minor issue)
	- automake1.9 1.9.6+nogfdl-3.1
	[lenny] - automake1.9 <no-dsa> (Minor issue)
	- automake1.7 1.7.9-9.1
	[lenny] - automake1.7 <no-dsa> (Minor issue)
	- automake1.10 1:1.10.3-1
	[lenny] - automake1.10 <no-dsa> (Minor issue)
	NOTE: spu will be released to avoid spreading the bug even further
	NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x b ...)
	- mysql-5.1 <not-affected> (Vulnerable code not present)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
	NOTE: built with --without-openssl
CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before 2. ...)
	{DSA-1996-1 DTSA-204-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.26)
	- linux-2.6.24 <not-affected> (introduced in 2.6.26)
CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-2009 ...)
	{DTSA-204-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.30)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.30)
	- linux-2.6.24 <not-affected> (introduced in 2.6.30)
CVE-2009-4025 (Argument injection vulnerability in the traceroute function in Tracero ...)
	NOT-FOR-US: Net_Traceroute PEAR module
CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in t ...)
	{DSA-1949-1}
	- php-net-ping 2.4.2-1.1 (medium)
	NOTE: fix applied by upstream is incomplete, reported to oss-sec
CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail pack ...)
	{DSA-1938-1}
	- php-mail 1.1.14-2 (medium; bug #557121)
	[lenny] - php-mail  1.1.14-1+lenny1
	[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...)
	{DSA-1938-1}
	- php-mail 1.1.14-2 (medium; bug #557121)
	[lenny] - php-mail  1.1.14-1+lenny1
	[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before  ...)
	{DSA-1961-1}
	- bind9 1:9.6.1.dfsg.P2-1 (medium)
	NOTE: https://www.isc.org/node/504
	NOTE: Only affects installations with trust anchors, but then the
	NOTE: consequences are quite severe.
CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2 ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-3 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ( ...)
	{DSA-1997-1}
	- mysql-5.1 5.1.41-1
	- mysql-dfsg-5.0 <removed>
	NOTE: http://web.archive.org/web/20140722233305/http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
	NOTE: http://web.archive.org/web/20140723045533/http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
	NOTE: http://bugs.mysql.com/47780
	NOTE: http://bugs.mysql.com/48291
CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before 5.2.1 ...)
	- php5 5.2.11.dfsg.1-1 (unimportant)
	NOTE: safe_mode bypass
CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote at ...)
	NOT-FOR-US: Tftpd32
CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Sim ...)
	NOT-FOR-US: Tftpd32
CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1)  ...)
	{DSA-1980-1}
	- ircd-ratbox 3.0.6.dfsg-1 (medium; bug #567191)
	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (medium; bug #567192)
	- oftc-hybrid 1.6.3.dfsg-1.1 (medium; bug #567193)
CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x befor ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through 1.23. ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow contex ...)
	{DSA-1971-1}
	- libthai 0.1.13-1
CVE-2009-4011 (dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an atta ...)
	- dtc-xen 0.5.4-1
	[lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows r ...)
	{DSA-1968-2 DSA-1968-1}
	- pdns-recursor 3.1.7.2-1 (high)
CVE-2009-4009 (Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote atta ...)
	{DSA-1968-1}
	- pdns-recursor 3.1.7.2-1 (high)
	[etch] - pdns-recursor <not-affected> (vulnerable code not present)
CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones after mi ...)
	{DSA-2243-1}
	- unbound 1.4.4-1 (low)
CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in src ...)
	- openttd 0.7.5-1
	[lenny] - openttd 0.6.2-1+lenny1
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
	NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the L ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers  ...)
	NOT-FOR-US: XnView
CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP P ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power M ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-3998
	RESERVED
CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Win ...)
	NOT-FOR-US: winamp
CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug- ...)
	{DSA-2071-1}
	- libmikmod 3.1.11-6.2 (bug #575742)
	- pysol-sound-server <removed> (unimportant)
	NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files
CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Dec ...)
	{DSA-2081-1 DSA-2071-1}
	- libmikmod 3.1.11-6.2 (bug #575742)
	- pysol-sound-server <removed> (unimportant)
	NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files
CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in src-IL/src/il_di ...)
	- devil 1.7.8-6 (low; bug #560080)
	[lenny] - devil <no-dsa> (Minor issue)
	[etch] - devil <no-dsa> (Minor issue)
CVE-2009-3993
	REJECTED
CVE-2009-3992
	REJECTED
CVE-2009-3991
	REJECTED
CVE-2009-3990
	REJECTED
CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3. ...)
	- bugzilla 3.4.7.0-1 (unimportant)
	NOTE: http://www.bugzilla.org/security/3.0.10/
CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMon ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3 ...)
	- xulrunner <not-affected> (Windows-specific vulnerability)
CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	- xulrunner 1.9.1.6-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1
	NOTE: Only affects Firefox 3
CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner 1.9.1.6-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
	- xulrunner 1.9.1.5-1 (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ActiveDom.oc ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to caus ...)
	NOT-FOR-US: Labtam ProFTP
CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2. ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...)
	NOT-FOR-US: Invision Power Board
CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script allo ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirl ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 a ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka Websit ...)
	NOT-FOR-US: PHP Dir Submit
CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote attacker ...)
	NOT-FOR-US: Faslo Player
CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote a ...)
	NOT-FOR-US: ITechBids
CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged L ...)
	NOT-FOR-US: Ed Charkow SuperCharged Linking
CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Arcade Trade Script
CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 all ...)
	NOT-FOR-US: New 5 star Rating
CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) com ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3898 (Directory traversal vulnerability in src/http/modules/ngx_http_dav_mod ...)
	- nginx 0.7.63-1 (low; bug #557389)
	[etch] - nginx <no-dsa> (upload rights required)
	[lenny] - nginx <no-dsa> (upload rights required)
CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ce ...)
	- dovecot 1:1.2.8-1 (medium; bug #557601)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
	[etch] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number  ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-2 (medium)
	- php4 <removed> (medium)
	NOTE: workarounds include using 5.3.1 or php5-suhosin
	NOTE: 4B068517.802@acunetix.com on bugtraq explains it
CVE-2009-3080 (Array index error in the gdth_read_event function in drivers/scsi/gdth ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have  ...)
	NOT-FOR-US: XOOPS
CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW,  ...)
	NOT-FOR-US: 2wire Gateway
CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats (aka su ...)
	NOT-FOR-US: Super Serious Stats
CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveC ...)
	NOT-FOR-US: LiveCycle
CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus  ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and  ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illust ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Flash Player
CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus SunTrac ...)
	NOT-FOR-US: Bractus SunTrack
CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not req ...)
	NOT-FOR-US: VivaPrograms Infinity
CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a d ...)
	NOT-FOR-US: JetAudio
CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows rem ...)
	NOT-FOR-US: Tandberg MXP F7.0
CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's X ...)
	NOT-FOR-US: Joomla!
CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content c ...)
	NOT-FOR-US: component in Joomla!
CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 all ...)
	NOT-FOR-US: BlackBerry Browser on the BlackBerry 8800
CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0. ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not pro ...)
	- msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not prop ...)
	- mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6 ...)
	- virtualbox-guest-additions 3.0.10-1
CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel  ...)
	{DSA-1996-1}
	- linux-2.6 2.6.32-6 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <removed> (low)
CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x ...)
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm 88+dfsg-2 (medium; bug #557736)
	[lenny] - kvm <not-affected> (vulnerable code not present)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a9e38c3e01ad242fe2a625354cf065c34b01e3aa
CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through  ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x  ...)
	NOT-FOR-US: Citrix Online Plug-in
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, allo ...)
	- webkit <not-affected> (chromium-specific issue in their timer)
	- qt4-x11 <not-affected> (chromium-specific issue in their timer)
	- kdelibs <not-affected> (chromium-specific issue in their timer)
	- kde4libs <not-affected> (chromium-specific issue in their timer)
	- chromium-browser <not-affected> (Only 0.x is affected)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows user-assist ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (gears is only implemented in chromium)
CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow u ...)
	- file 5.03-1
	[lenny] - file <not-affected>
	[etch] - file <not-affected>
CVE-2009-3929
	REJECTED
CVE-2009-3928
	REJECTED
CVE-2009-3927
	REJECTED
CVE-2009-3926
	REJECTED
CVE-2009-3925
	REJECTED
CVE-2009-XXXX [eglibc: ldd arbitrary code execution]
	- eglibc 2.10.1-7 (unimportant; bug #552518)
	- glibc 2.10.1-7 (unimportant; bug #552518)
CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and poss ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Inf ...)
	NOT-FOR-US: Sun Virtual Desktop Infrastructure
CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3 ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integratio ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x bef ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the "Separate title and UR ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation m ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools all ...)
	NOT-FOR-US: Xerox Fiery Webtools
CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 allo ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3910
	RESERVED
CVE-2009-3909 (Integer overflow in the read_channel_data function in plug-ins/file-ps ...)
	- gimp 2.6.7-1.1 (medium; bug #556750)
	NOTE: http://secunia.com/secunia_research/2009-43/
CVE-2009-3908
	REJECTED
CVE-2009-3907
	REJECTED
CVE-2009-3906
	REJECTED
CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS a ...)
	NOT-FOR-US: e-Courier CMS
CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not proper ...)
	NOT-FOR-US: CubeCart
CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp ...)
	NOT-FOR-US: ManageEngine Netflow Analyzer 7.5 build 7500
CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ear ...)
	- cherokee <not-affected> (Only windows version is affected)
CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS a ...)
	NOT-FOR-US: e-Courier CMS
CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in IBM P ...)
	NOT-FOR-US: IBM PowerHA
CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14 ...)
	{DSA-1920-1}
	- nginx 0.7.62-1
CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...)
	- libexif 0.6.19-1 (medium; bug #557137)
	[lenny] - libexif <not-affected> (Only 0.6.18 is affected)
	[etch] - libexif <not-affected> (Only 0.6.18 is affected)
CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 a ...)
	- dstat 0.7.0-1 (low; bug #557989)
	[lenny] - dstat <no-dsa> (Minor issue)
	[etch] - dstat <no-dsa> (Minor issue)
	NOTE: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
CVE-2009-3893
	RESERVED
CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...)
	- wordpress 2.8.6-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype functi ...)
	- wordpress 2.8.6-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel befor ...)
	{DSA-2005-1}
	- linux-2.6 2.6.27-1 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2. ...)
	- linux-2.6 <not-affected> (Vulnerable code not built)
	- linux-2.6.24 <not-affected> (Vulnerable code not built)
CVE-2009-3887 (ytnef has directory traversal ...)
	- ytnef <removed> (bug #567631)
	[lenny] - ytnef <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
	NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 do ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows all ...)
	- openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
	- sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114
CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 an ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in Su ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK,  ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32Graph ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspeci ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Upd ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Upd ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) i ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update  ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in J ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the Abstra ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before  ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in  ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Up ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime Env ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
	- openjdk-6 6b17 (unimportant)
	- sun-java6 6-17-1 (unimportant)
	NOTE: a problem in their updater, which is irrelevant since debian
	NOTE: updates are provided by the security team
CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise  ...)
	NOT-FOR-US: ActiveX
CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and e ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...)
	NOT-FOR-US: SafeNet SoftRemote
CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider al ...)
	NOT-FOR-US: Idefense Labs COMRaider
CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retin ...)
	NOT-FOR-US: Retina Network Security Scanner
CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote att ...)
	NOT-FOR-US: GejoSoft
CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows user-assis ...)
	NOT-FOR-US: Softonic International SciTE
CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ i ...)
	NOT-FOR-US: Twilight CMS
CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux bac ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in I ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) schedu ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for Jav ...)
	NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of  ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execut ...)
	- blender <unfixed> (unimportant)
	NOTE: attack vector is social engineering to get the user to open
	NOTE: a malicious .blend file. by design, blend files support
	NOTE: all python operations, so ultimately any code can be executed
CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Net ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView Dat ...)
	NOT-FOR-US: HP OpenView Data Protector Application
CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in t ...)
	NOT-FOR-US: HP Operations Manager
CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
	NOT-FOR-US: HP Color LaserJet
CVE-2009-3841 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping Inv ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping
CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView  ...)
	NOT-FOR-US: HP OpenView
CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy con ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly  ...)
	NOT-FOR-US: Pegasus Mail
CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 se ...)
	NOT-FOR-US: Eureka Email
CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aru ...)
	NOT-FOR-US: ArubaOS
CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for Joo ...)
	NOT-FOR-US: Joomla!
CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...)
	NOT-FOR-US: Joomla!
CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0. ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ren ...)
	NOT-FOR-US: Opera
CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Opera
CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ShareP ...)
	NOT-FOR-US: Microsoft
CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows rem ...)
	{DSA-1942-1}
	- wireshark 1.2.2-1 (bug #553583)
CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
	NOT-FOR-US: Everfocus EDR1600 DVR
CVE-2009-3827
	RESERVED
CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to  ...)
	{DSA-2040-1}
	- squidguard 1.2.0-9 (low; bug #553319)
CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006 allow remo ...)
	NOT-FOR-US: GenCMS
CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in Greenwoo ...)
	NOT-FOR-US: Greenwood PHP Content Manager
CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...)
	NOT-FOR-US: Mobilelib GOLD
CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ( ...)
	NOT-FOR-US: com_ajaxchat component for Joomla
CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search (so ...)
	NOT-FOR-US: Apache Solr Search extension for TYPO3
CVE-2009-3820 (SQL injection vulnerability in the Flagbit Filebase (fb_filebase) exte ...)
	NOT-FOR-US: Flagbit Filebase extension for TYPO3
CVE-2009-3819 (Unspecified vulnerability in the Random Images (maag_randomimage) exte ...)
	NOT-FOR-US: Random Images extension for TYPO3
CVE-2009-3818 (Unspecified vulnerability in the session handling feature in freeCap C ...)
	NOT-FOR-US: freeCap CAPTCHA for TYPO3
CVE-2009-3817 (PHP remote file inclusion vulnerability in doc/releasenote.php in the  ...)
	NOT-FOR-US: com_booklibrary component for Joomla!
CVE-2009-3816 (Multiple cross-site scripting (XSS) vulnerabilities in Activities page ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2009-3815 (RunCMS 2M1, when running with certain error_reporting levels, allows r ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3814 (Static code injection vulnerability in RunCMS 2M1 allows remote authen ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3813 (Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote auth ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3812 (Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio  ...)
	NOT-FOR-US: OtsAV products
CVE-2009-3811 (Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows  ...)
	NOT-FOR-US: Music Tag Editor
CVE-2009-3810 (Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows r ...)
	NOT-FOR-US: Acoustica MP3 Audio Mixer
CVE-2009-3809 (Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attacke ...)
	NOT-FOR-US: Acoustica MP3 Audio Mixer
CVE-2009-3808 (MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: MixSense DJ Studio
CVE-2009-3807 (Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attack ...)
	NOT-FOR-US: MixVibes
CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows r ...)
	NOT-FOR-US: DedeCMS
CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows rem ...)
	NOT-FOR-US: Gpg4win
	NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific
	NOTE: to kleopatra
CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in Ru ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3803 (Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0 ...)
	NOT-FOR-US: Amiro.CMS
CVE-2009-3802 (Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Amiro.CMS
CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows re ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-XXXX [multiple missing input sanity checks in KDE]
	- kdelibs 4:3.5.10.dfsg.1-3 (low)
	- kde4libs 4:4.3.4-1 (low)
	[lenny] - kde4libs <no-dsa> (Minor issue)
	[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
	[etch] - kdelibs <no-dsa> (minor and unlikely to be exploited)
	NOTE: http://www.ocert.org/advisories/ocert-2009-015.html
	NOTE: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/pre-2014-advisories/
	NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
	NOTE: but the "fixes" linked from the advisory only change code in kdelibs
	NOTE: more info at oss-sec threads
CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in A ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 m ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3795
	REJECTED
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) be ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5 ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3 ...)
	NOT-FOR-US: FormMax
CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2. ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-3788 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows re ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct dire ...)
	NOT-FOR-US: Vivvo CMS
CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabu ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simplene ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module f ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a module fo ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 a ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 a ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2,  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-5045 (Dump Servlet information leak in jetty before 6.1.22. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5047
	REJECTED
CVE-2009-5048 (Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5049 (WebApp JSP Snoop page XSS in jetty though 6.1.21. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-XXXX [cherokee 0.5.4 DoS]
	- cherokee <not-affected> (not reproducible)
	NOTE: <4089.110.37.64.157.1256562313.squirrel@mail.xc0re.net> in bugtraq
	NOTE: not reproducible in etch's 0.5.5 nor sid's 0.99.22-1.1
CVE-2009-3777
	RESERVED
CVE-2009-3776
	RESERVED
CVE-2009-3775
	RESERVED
CVE-2009-3774
	RESERVED
CVE-2009-3773
	RESERVED
CVE-2009-3772
	RESERVED
CVE-2009-3771
	RESERVED
CVE-2009-3770
	RESERVED
CVE-2009-3769
	RESERVED
CVE-2009-3768
	RESERVED
CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other  ...)
	{DSA-1943-1}
	- openldap 2.4.17-2.1 (low; bug #553432)
	- openldap2.3 <removed>
CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenS ...)
	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
	NOTE: our mutt is linked against gnutls, bug #553433
CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not p ...)
	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
	NOTE: our mutt is linked against gnutls
CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO E ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO component in ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remo ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3761
	RESERVED
CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the s ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample c ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the XenServ ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in  ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: phpBMS
CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 all ...)
	NOT-FOR-US: phpBMS
CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote att ...)
	NOT-FOR-US: phpBMS
CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote atta ...)
	NOT-FOR-US: Opial
CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote att ...)
	NOT-FOR-US: Opial
CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allo ...)
	NOT-FOR-US: Opial
CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote at ...)
	NOT-FOR-US: ToyLog
CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal Emai ...)
	NOT-FOR-US: Websense Personal Email Manager
CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Adminis ...)
	NOT-FOR-US: Websense Personal Email Manager
CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...)
	NOT-FOR-US: TBmnetCMS
CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is enab ...)
	NOT-FOR-US: XScreenSaver in Sun Solaris 10
CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM Rati ...)
	NOT-FOR-US: IBM Rational AppScan Enterprise Edition
CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote atta ...)
	NOT-FOR-US: EMC RepliStor
CVE-2009-3743 (Off-by-one error in the Ins_MINDEX function in the TrueType bytecode i ...)
	- ghostscript 8.71~dfsg-1
CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3. ...)
	- liferay-portal <itp> (bug #569819)
CVE-2009-3741
	REJECTED
CVE-2009-3740
	RESERVED
CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB Mic ...)
	NOT-FOR-US: Micrologix
CVE-2009-3738
	RESERVED
CVE-2009-3737 (The Oracle Siebel Option Pack for IE ActiveX control does not properly ...)
	NOT-FOR-US: Oracle Siebel Option Pack
CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...)
	{DSA-1958-1}
	- libtool 2.2.6b-1 (low; bug #559797)
	- arts <not-affected> (Uses absolute path to the sound backend)
	- bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
	- camserv <removed> (low; bug #559800)
	NOTE: requested camserv removal
	[lenny] - camserv <no-dsa> (Minor issue)
	[etch] - camserv <no-dsa> (Minor issue)
	- collectd 4.8.2-1 (low; bug #559801)
	[lenny] - collectd <no-dsa> (Minor issue)
	[etch] - collectd <no-dsa> (Minor issue)
	- cvsnt 2.5.04.3236-1.2 (low; bug #559803)
	[etch] - cvsnt <no-dsa> (Minor issue)
	[lenny] - cvsnt <no-dsa> (Minor issue)
	- ggobi 2.1.9~20091212-1 (low; bug #559806)
	[etch] - ggobi <no-dsa> (Minor issue)
	[lenny] - ggobi <no-dsa> (Minor issue)
	- gnash 0.8.7-2 (low; bug #559808)
	[lenny] - gnash <no-dsa> (Minor issue)
	- gnu-smalltalk 3.1-2 (low; bug #559809)
	[lenny] - gnu-smalltalk <no-dsa> (Minor issue)
	[etch] - gnu-smalltalk <no-dsa> (Minor issue)
	- graphicsmagick 1.3.5-6 (low; bug #559811)
	[lenny] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
	[etch] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
	- guile-1.6 1.6.8-7 (low; bug #559813)
	[etch] - guile-1.6 <no-dsa> (Minor issue)
	[lenny] - guile-1.6 <no-dsa> (Minor issue)
	- hamlib 1.2.10-1 (low; bug #559814)
	[lenny] - hamlib 1.2.7.1-1+lenny1
	[etch] - hamlib <no-dsa> (Minor issue)
	- hercules 3.06-1.2 (low; bug #559815)
	[lenny] - hercules <no-dsa> (Minor issue)
	[etch] - hercules <no-dsa> (Minor issue)
	- jags 1.0.4-1 (low; bug #559816)
	- kdelibs <not-affected> (dl_open open loads from fixed paths)
	- libannodex <removed> (low; bug #559818)
	[lenny] - libannodex <no-dsa> (Minor issue)
	[etch] - libannodex <no-dsa> (Minor issue)
	- libextractor 0.5.23+dfsg-4 (low; bug #559819)
	[etch] - libextractor <no-dsa> (Minor issue)
	[lenny] - libextractor <no-dsa> (Minor issue)
	- libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
	- libtunepimp 0.5.3-7.3 (low; bug #559821)
	[lenny] - libtunepimp <no-dsa> (Minor issue)
	[etch] - libtunepimp <no-dsa> (Minor issue)
	- mp4h 1.3.1-4.1 (low; bug #559822)
	[etch] - mp4h <no-dsa> (Minor issue)
	[lenny] - mp4h <no-dsa> (Minor issue)
	- naim <removed> (low; bug #559823)
	[lenny] - naim <no-dsa> (Minor issue)
	[etch] - naim <no-dsa> (Minor issue)
	- parser-mysql 10.3-2 (unimportant; bug #559824)
	- pinball 0.3.1-11 (low; bug #559825)
	[lenny] - pinball <no-dsa> (Minor issue)
	[etch] - pinball <no-dsa> (Minor issue)
	- redland 1.0.10-1 (low; bug #559826)
	[etch] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
	[lenny] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
	- siproxd 1:0.8.1-1 (low; bug #559827)
	[lenny] - siproxd <no-dsa> (Minor issue)
	[etch] - siproxd <no-dsa> (Minor issue)
	- ski <removed> (low; bug #559828)
	- synfig 0.62.00-1 (low; bug #559829)
	[lenny] - synfig <no-dsa> (Minor issue)
	- xmlsec1 1.2.14-1 (unimportant; bug #559831)
	NOTE: Embedded code copy isn't used
	- clamav 0.95+dfsg-1 (low; bug #559832)
	[lenny] - clamav <no-dsa> (Minor issue)
	[etch] - clamav <no-dsa> (Minor issue)
	- imagemagick 6:6.2.3.1-1 (low; bug #559833)
	[lenny] - imagemagick <no-dsa> (Minor issue)
	[etch] - imagemagick <no-dsa> (Minor issue)
	- hypre 2.4.0b-5 (low; bug #559834)
	[etch] - hypre <no-dsa> (Minor issue)
	[lenny] - hypre <no-dsa> (Minor issue)
	- lam 7.1.2-1.6 (low; bug #559835)
	[lenny] - lam <no-dsa> (Minor issue)
	[etch] - lam <no-dsa> (Minor issue)
	- openmpi 1.3.3-4 (low; bug #559836)
	[lenny] - openmpi <no-dsa> (Minor issue)
	[etch] - openmpi <no-dsa> (Minor issue)
	- parser 3.4.0-2 (unimportant; bug #559837)
	NOTE: users with write access can modify configuration to load new extensions, see #559837
	- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
	- sdcc 2.9.0-5 (low; bug #559840)
	[lenny] - sdcc <no-dsa> (Minor issue)
	[etch] - sdcc <no-dsa> (Minor issue)
	- proftpd-dfsg <not-affected> (Only loads from /usr/lib/proftpd)
	- babel 1.4.0.dfsg-5 (low; bug #559843)
	[lenny] - babel <no-dsa> (Minor issue)
	- libprelude 0.9.14-2 (low; bug #559844)
	[etch] - libprelude <no-dsa> (Minor issue)
	- heartbeat 2.1.4-7 (unimportant; bug #559845)
	NOTE: the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
	NOTE: might've been fixed earlier
	- graphviz 2.26.3-14 (low; bug #702436)
	[squeeze] - graphviz 2.26.3-5+squeeze1
CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3 ...)
	NOT-FOR-US: ActiveScan Installer ActiveX control
CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
	NOT-FOR-US: S2 Security Linear eMerge Access Control System
CVE-2009-XXXX [mandos 0600 file being included in initrd]
	- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 b ...)
	- vmware-package <removed>
CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware  ...)
	NOT-FOR-US: VMware
CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2 ...)
	NOT-FOR-US: WebWorks Help
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
	NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality i ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance metho ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0 ...)
	{DSA-1952-1}
	- asterisk 1:1.6.2.0~rc6-1
	[lenny] - asterisk <no-dsa> (Minor issue)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client i ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not requi ...)
	{DSA-2012-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <removed> (medium)
CVE-2009-3724 (python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XS ...)
	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2009-3723 (asterisk allows calls on prohibited networks ...)
	[etch] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
	- asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html
CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in t ...)
	{DSA-1962-1}
	[etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
	[lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
	- linux-2.6 2.6.31-1 (low)
	- kvm 88+dfsg-2 (low; bug #557739)
	NOTE: http://bugzilla.redhat.com/531660
	NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
CVE-2009-3721 [ytnef buffer overflow]
	RESERVED
	- ytnef <removed> (bug #567631)
	[lenny] - ytnef <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
	NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat  ...)
	{DSA-1977-1 DSA-1921-1}
	- expat 2.0.1-5 (low; bug #551936)
	- mcabber 0.10.0-1 (low; bug #601053)
	[lenny] - mcabber <no-dsa> (Minor issue)
	- w3c-libwww <removed> (low; bug #551938)
	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
	- python-xml <removed> (low; bug #560951)
	[etch] - python-xml <no-dsa> (minor issue)
	[lenny] - python-xml 0.8.4-10.1+lenny1
	- python2.5 2.5.4-3.1 (low; bug #560912)
	- python2.4 2.4.4-3etch3 (low; bug #560913)
	- python-4suite 1.0.2-7.2 (low; bug #560914)
	[etch] - python-4suite <no-dsa> (Minor issue)
	[lenny] - python-4suite <no-dsa> (Minor issue)
	- wxwindows2.4 <removed> (unimportant; bug #560915)
	- wxwidgets2.6 2.6.3.2.2-4 (unimportant; bug #560916)
	- wxwidgets2.8 2.8.10.1-2 (unimportant; bug #560917)
	- audacity 1.3.2-1 (unimportant; bug #560919)
	- matanza <unfixed> (unimportant; bug #560920)
	- tdom 0.8.3~20080525-1 (low; bug #560921)
	[etch] - tdom <no-dsa> (minor issue)
	- udunits 2.1.8-4 (unimportant; bug #560922)
	- ayttm 0.6.1-2 (low; bug #560924)
	[etch] - ayttm <no-dsa> (minor issue)
	[lenny] - ayttm <no-dsa> (minor issue)
	- cableswig <removed> (unimportant; bug #560925)
	- cadaver <unfixed> (unimportant; bug #560926)
	- centerim 4.22.10-1 (low)
	[lenny] - centerim <no-dsa> (Minor issue)
	- cmake 2.6.0-6 (unimportant; bug #560927)
	- coin3 <unfixed> (unimportant; bug #560928)
	- gdcm 2.0.14-2 (low; bug #560929)
	- ghostscript 8.71~dfsg-2 (unimportant; bug #560930)
	- gs-gpl <removed> (unimportant)
	- grmonitor <removed> (unimportant; bug #560931)
	- iceape <removed> (unimportant; bug #560932)
	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
	- paraview 3.6.2-1 (unimportant; bug #560935)
	- poco 1.3.6p1-1 (unimportant; bug #560936)
	- simgear 2.10.0-1 (unimportant; bug #560937)
	- smart 1.2-5 (low; bug #560953)
	[etch] - smart <no-dsa> (minor issue)
	[lenny] - smart <no-dsa> (minor issue)
	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
	[lenny] - tla 1.3.5+dfsg-14+lenny1
	- xmlrpc-c 1.06.27-1.1 (low; bug #560942)
	[etch] - xmlrpc-c <no-dsa> (minor issue)
	[lenny] - xmlrpc-c <no-dsa> (minor issue)
	- iceweasel <not-affected> (uses xulrunner; bug #560943)
	- kompozer 1:0.8~b1-2 (unimportant; bug #560944)
	- vxl 1.13.0-2 (low; bug #560945)
	- xulrunner <unfixed> (unimportant; bug #560946)
	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
	- vnc4 <not-affected> (Not affected, see bug #560949)
	- xotcl 1.6.5-1.2 (low; bug #560950)
	[lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
	NOT-FOR-US: Battle Blog
CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1 ...)
	NOT-FOR-US: Battle Blog
CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attac ...)
	NOT-FOR-US: LucVil PatPlayer
CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1  ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox  ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in MCshout ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ear ...)
	NOT-FOR-US: MorcegoCMS
CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp i ...)
	NOT-FOR-US: httpdx
CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username  ...)
	NOT-FOR-US: RioRey RIOS
CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae Tec ...)
	NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae Tec ...)
	NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Aut ...)
	NOT-FOR-US: VMware
CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...)
	NOT-FOR-US: ZFS filesystem in Sun Solaris
CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo bef ...)
	NOT-FOR-US: Achievo
CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, all ...)
	NOT-FOR-US: ZoIPer
CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2 ...)
	NOT-FOR-US: WordPress plugin
CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 a ...)
	NOT-FOR-US: PHP-Calendar
CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	{DSA-1966-1}
	- horde3 3.3.6+debian0-1 (low)
	NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote att ...)
	{DSA-2040-1}
	- squidguard 1.2.0-9 (low; bug #553319)
CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon libra ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier a ...)
	NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator functionality  ...)
	{DSA-1918-1}
	- phpmyadmin 4:3.2.2.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2 ...)
	{DSA-1918-1}
	- phpmyadmin 4:3.2.2.1-1
CVE-2009-3610
	REJECTED
CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django 1. ...)
	{DSA-1905-1}
	- python-django 1.1.1-1 (medium; bug #550457)
	[etch] - python-django <not-affected> (introduced in 1.0)
	[lenny] - python-django 1.0.2-1+lenny2
CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...)
	NOT-FOR-US: ezRecipe-Zee 91
CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX con ...)
	NOT-FOR-US: Persits.XUpload.2 ActiveX
CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informi ...)
	NOT-FOR-US: IBM Informix Client SDK
CVE-2009-3690
	RESERVED
CVE-2009-3689
	REJECTED
CVE-2009-3688
	REJECTED
CVE-2009-3687
	REJECTED
CVE-2009-3686
	REJECTED
CVE-2009-3685
	REJECTED
CVE-2009-3684
	REJECTED
CVE-2009-3683
	REJECTED
CVE-2009-3682
	REJECTED
CVE-2009-3681
	REJECTED
CVE-2009-3680
	REJECTED
CVE-2009-3679
	REJECTED
CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in M ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP ...)
	NOT-FOR-US: Microsoft Internet Authentication Service
CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...)
	NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allow ...)
	NOT-FOR-US: KSP Sound Player
CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions (com_foobla_sugg ...)
	NOT-FOR-US: Joomla! component
CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1 ...)
	NOT-FOR-US: Ardguest 1.8
CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows re ...)
	NOT-FOR-US: AdsDX
CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0 ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1 ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam Bl ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...)
	NOT-FOR-US: httpdx
CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: FileCopa FTP Server
CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalo ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in E ...)
	NOT-FOR-US: Efront
CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allo ...)
	NOT-FOR-US: BS Counter
CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (s ...)
	NOT-FOR-US: Sb.SuperBuddy.1 ActiveX
CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers  ...)
	NOT-FOR-US: Rhino Software Serv-U
CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupa ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links inter ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the "Monitor browsers' fea ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier an ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power  ...)
	NOT-FOR-US: PBBoard
CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a m ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft  ...)
	NOT-FOR-US: YABSoft Mega File Hosting Script (aka MFH or MFHS)
CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtai ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_ ...)
	NOT-FOR-US: JoomlaCache
CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component 1 ...)
	NOT-FOR-US: Joomla component
CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to c ...)
	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in  ...)
	NOT-FOR-US: FrontRange HEAT
CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote att ...)
	- snort 2.8.5.2-1 (unimportant; bug #553584)
	NOTE: current debian packages are not compiled with support for ipv6
CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM sub ...)
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 <not-affected> (introduced post 2.6.27)
	[etch] - linux-2.6 <not-affected> (introduced post 2.6.27)
	- linux-2.6.24 <not-affected> (introduced post 2.6.27)
	- kvm 88+dfsg-2 (medium; bug #557737)
	[lenny] - kvm <not-affected> (Vulnerable code not present)
CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2 ...)
	{DSA-1925-1}
	- proftpd-dfsg 1.3.2a-2 (low)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in  ...)
	{DSA-1962-1 DSA-1927-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
	NOTE: fixed in upstream 2.6.32-rc4
	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
	- kvm <removed> (medium; bug #562076)
CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in clien ...)
	- alien-arena 7.33-1 (medium; bug #552038)
	[lenny] - alien-arena 7.0-1+lenny1
CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool subcompon ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x befor ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box (ak ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalu ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing featur ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1 ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1 ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend sub ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1 ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 allo ...)
	{DSA-1923-1}
	- libhtml-parser-perl 3.64-1 (bug #552531)
	NOTE: http://secunia.com/advisories/37155/
CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of se ...)
	- perl 5.10.1-6 (bug #552291)
	[lenny] - perl <not-affected> (Vulnerable code not present)
	[etch] - perl <not-affected> (Vulnerable code not present)
CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 a ...)
	- sahana <itp> (bug #497414)
CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in th ...)
	- linux-2.6 2.6.31-2 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
	NOTE: fixed upstream in 2.6.32-rc5
CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 sub ...)
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress  ...)
	- wordpress 2.8.5-1
	[lenny] - wordpress 2.5.1-11+lenny3
	[etch] - wordpress 2.0.10-1etch6
	NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows loc ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-g ...)
	{DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.32-1 (medium)
	- linux-2.6.24 <removed> (medium)
	NOTE: https://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7
CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1. ...)
	- viewvc 1.0.9-1 (low; bug #545779; bug #560903)
CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 be ...)
	- viewvc 1.0.9-1 (low; bug #545779; bug #560903)
CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function i ...)
	- aria2 1.6.2-1 (low)
	[lenny] - aria2 <not-affected> (Vulnerable code not present)
	[etch] - aria2 <not-affected> (Vulnerable code not present)
CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in  ...)
	- qemu 0.11.0-1 (medium; bug #553589)
	[lenny] - qemu <not-affected> (Vulnerable code not present)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm <removed> (medium; bug #553590)
	[lenny] - kvm <not-affected> (Vulnerable code not present)
CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adiu ...)
	{DSA-1932-1}
	- pidgin 2.6.3-1
	NOTE: http://pidgin.im/news/security/?id=41
CVE-2009-3614 (liboping 1.3.2 allows users reading arbitrary files upon the local sys ...)
	- liboping 1.3.3-1 (low; bug #548684)
	[lenny] - liboping <not-affected> (doesn't have -f option yet)
	[etch] - liboping <not-affected> (doesn't have -f option yet)
CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c i ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.29-1 (medium)
	- linux-2.6.24 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink subsy ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ce ...)
	- backintime 0.9.26-3 (bug #543785)
CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
	{DSA-1941-1}
	- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf bef ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote  ...)
	{DSA-1941-1}
	- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3. ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ( ...)
	- dopewars 1.5.12-9 (low; bug #550913)
	[etch] - dopewars <no-dsa> (negligible issue)
	[lenny] - dopewars <no-dsa> (neglibigble issue)
CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a p ...)
	- incron 0.5.7-1
CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus en ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus en ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows  ...)
	NOT-FOR-US: CoreHTTP
CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in  ...)
	{DSA-1944-1}
	- request-tracker3.4 <removed>
	- request-tracker3.6 3.6.9-2 (low)
CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie  ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in SQL- ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in SQL ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8. ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya  ...)
	NOT-FOR-US: Autodesk Maya
CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allo ...)
	NOT-FOR-US: Autodesk
CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...)
	NOT-FOR-US: Autodesk Softimage
CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2 ...)
	{DSA-1957-1}
	- aria2 1.2.0-1 (low; bug #551070)
	[etch] - aria2 <not-affected> (Vulnerable code not present)
CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact a ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impa ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote atta ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Dr ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in S ...)
	- virtualbox-ose 3.0.8-dfsg-1
	[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 rec ...)
	{DSA-1963-1}
	- unbound 1.3.4-1 (low)
	NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...)
	NOT-FOR-US: Scriptsez Ultimate Poll
CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration informat ...)
	NOT-FOR-US: HUBScript
CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBS ...)
	NOT-FOR-US: HUBScript
CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in eCard ...)
	NOT-FOR-US: eCardMAX FormXP
CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root  ...)
	NOT-FOR-US: Digitaldesign CMS
CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to admin/man ...)
	NOT-FOR-US: JoxTechnology Ajox Poll
CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows re ...)
	NOT-FOR-US: VS PANEL
CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog Sys ...)
	NOT-FOR-US: BLOB Blog System
CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...)
	NOT-FOR-US: Freelancers
CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in Quali ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows re ...)
	NOT-FOR-US: VS PANEL
CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Tuniac
CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 Activ ...)
	NOT-FOR-US: ActiveX
CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not pr ...)
	NOT-FOR-US: OpenBSD
CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ ...)
	NOT-FOR-US: Kayako SupportSuite and eSupport
CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...)
	- jetty <unfixed> (unimportant)
	NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
	NOTE: only an example application
CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 do ...)
	NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/m ...)
	NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups whe ...)
	- puppet 0.25.1-3 (low; bug #551073)
	[etch] - puppet <no-dsa> (minor issue)
	[lenny] - puppet <no-dsa> (minor issue)
CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote  ...)
	{DSA-1948-1}
	- ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074)
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 al ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows re ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...)
	{DSA-1977-1 DSA-1953-2 DSA-1953-1}
	- expat 2.0.1-6 (low; bug #560901)
	- mcabber 0.10.0-1 (low; bug #601053)
	[lenny] - mcabber <no-dsa> (Minor issue)
	- w3c-libwww <removed>
	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
	- python-xml <removed> (low; bug #560951)
	[etch] - python-xml <no-dsa> (minor issue)
	[lenny] - python-xml 0.8.4-10.1+lenny1
	- python2.5 2.5.4-3.1 (low; bug #560912)
	- python2.4 2.4.4-3+etch3 (low; bug #560913)
	- python2.6 2.6.4-4
	- python-4suite 1.0.2-7.2 (low; bug #560914)
	[etch] - python-4suite <no-dsa> (Minor issue)
	[lenny] - python-4suite <no-dsa> (Minor issue)
	- wxwindows2.4 <removed> (unimportant; bug #560915)
	- wxwidgets2.6 2.6.3.2.2-4 (unimportant; bug #560916)
	- wxwidgets2.8 2.8.10.1-2 (unimportant; bug #560917)
	- audacity 1.3.2-1 (unimportant; bug #560919)
	- matanza <unfixed> (unimportant; bug #560920)
	- tdom 0.8.3~20080525-1 (low; bug #560921)
	[etch] - tdom <no-dsa> (minor issue)
	- udunits 2.1.8-4 (unimportant; bug #560922)
	- ayttm 0.6.1-2 (low; bug #560924)
	[etch] - ayttm <no-dsa> (minor issue)
	[lenny] - ayttm <no-dsa> (minor issue)
	- cableswig <removed> (unimportant; bug #560925)
	- cadaver <unfixed> (unimportant; bug #560926)
	- cmake 2.6.0-6 (unimportant; bug #560927)
	- coin3 <unfixed> (unimportant; bug #560928)
	- gdcm 2.0.14-2 (low; bug #560929)
	- ghostscript 8.71~dfsg-2 (unimportant; bug #560930)
	- gs-gpl <removed> (unimportant)
	- grmonitor <removed> (unimportant; bug #560931)
	- iceape <removed> (unimportant; bug #560932)
	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
	- paraview 3.6.2-1 (unimportant; bug #560935)
	- poco 1.3.6p1-1 (unimportant; bug #560936)
	- simgear 2.10.0-1 (unimportant; bug #560937)
	- smart 1.2-5.1 (low; bug #560953)
	[etch] - smart <no-dsa> (minor issue)
	[lenny] - smart <no-dsa> (minor issue)
	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
	[lenny] - tla 1.3.5+dfsg-14+lenny1
	- xmlrpc-c 1.06.27-1.1 (low; bug #560942)
	[etch] - xmlrpc-c <no-dsa> (minor issue)
	[lenny] - xmlrpc-c <no-dsa> (minor issue)
	- iceweasel <not-affected> (uses xulrunner; bug #560943)
	- kompozer 1:0.8~b1-2 (low; bug #560944)
	- vxl 1.13.0-2 (low; bug #560945)
	- xulrunner <unfixed> (unimportant; bug #560946)
	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
	- vnc4 <not-affected> (Not affected, see bug #560949)
	- xotcl <not-affected> (Vulnerable code not present in embedded Expat copy)
CVE-2009-3559
	- php5 <removed> (unimportant)
	NOTE: safe_mode regression
CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 an ...)
	- php5 5.2.12.dfsg.1-1 (unimportant)
	NOTE: open_basedir bypass
CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5 ...)
	- php5 5.2.12.dfsg.1-1 (unimportant)
	NOTE: safe_mode bypass
CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in the Lin ...)
	- linux-2.6 <not-affected> (redhat-specific configuration issue)
	- linux-2.6.24 <not-affected> (redhat-specific configuration issue)
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...)
	{DSA-3253-1 DSA-2626-1 DSA-2141-2 DSA-2141-1 DSA-1934-1 DLA-400-1}
	- apache2 2.2.14-2
	- openssl 0.9.8k-6
	- nss 3.12.6-1
	- sun-java5 <removed>
	[lenny] - sun-java5 <no-dsa> (Minor issue)
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-22-0lenny
	NOTE: Update 22 for Sun Java implemented the new RFC extension
	- openjdk-6 6b18-1.8.2-1
	- nginx 0.7.64-1
	- matrixssl 1.8.8-1
	[lenny] - matrixssl <no-dsa> (Fringe SSL implementation, can be fixed in spu)
	- tomcat-native 1.1.18-1
	[lenny] - tomcat-native <no-dsa> (Minor issue)
	- gnutls26 <not-affected> (safely handles renegotiation; however support for RFC 5746 would be useful)
	- polarssl 1.2.0-1 (bug #704946)
	- classpath <removed>
	- zorp 3.9.2-1
	[squeeze] - zorp <no-dsa> (Minor issue)
	[lenny] - zorp <no-dsa> (Minor issue)
	- lighttpd 1.4.30-1
	- pound 2.6-6.1 (bug #765649)
	[jessie] - pound <no-dsa> (Minor issue)
	NOTE: the anti_beast.patch in pound 2.6-2 has some provision for this issue too but it seems to be broken, cf #765649
	NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation
	NOTE: the following implement RFC 5746:
	NOTE: - openssl 0.9.8m-1
	NOTE: - apache 2.2.15-1
	NOTE: - nss 3.12.6-1
	NOTE: - sun-java6 6.19-1
CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EA ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling  ...)
	{DSA-2176-1}
	- cups 1.4.2-4 (low; bug #557740)
	[lenny] - cups <no-dsa> (Minor issue)
	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
	NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
CVE-2009-3552 (In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not ver ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Manager
CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-sm ...)
	- wireshark 1.2.3-1 (low; bug #553583)
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 t ...)
	{DSA-1942-1}
	- wireshark 1.2.3-1 (low; bug #553583)
CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1 ...)
	- wireshark 1.2.3-1 (low; bug #553583)
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 th ...)
	- tomcat6 <not-affected> (Windows only)
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.3 ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (high)
	- linux-2.6.24 <removed> (high)
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...)
	{DSA-1936-1}
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
	- php5 <not-affected> (the php packages use the system libgd2)
	NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
	NOTE: <20091015173822.084de220@redhat.com> in OSS-sec
CVE-2009-3545 (DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticat ...)
	NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server
CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source c ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-3526
	RESERVED
CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite arb ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (low; bug #546164)
CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-9 (bug #549871)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-3543 (SQL injection vulnerability in _phenotype/admin/login.php in Phenotype ...)
	NOT-FOR-US: Phenotype CMS
CVE-2009-3542 (Directory traversal vulnerability in ls.php in LittleSite (aka LS or L ...)
	NOT-FOR-US: LittleSite
CVE-2009-3541 (PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealog ...)
	NOT-FOR-US: PHPGenealogy
CVE-2009-3540 (Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWor ...)
	NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
CVE-2009-3539 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld U ...)
	NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
CVE-2009-3538 (Directory traversal vulnerability in thumb.php in Clear Content 1.1 al ...)
	NOT-FOR-US: Clear Content
CVE-2009-3537 (Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 ...)
	NOT-FOR-US: EpicDJSoftware EpicDJ
CVE-2009-3536 (Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 ...)
	NOT-FOR-US: EpicDJSoftware EpicVJ
CVE-2009-3535 (Directory traversal vulnerability in image.php in Clear Content 1.1 al ...)
	NOT-FOR-US: Clear Content
CVE-2009-3534 (Directory traversal vulnerability in index.php in LionWiki 3.0.3, when ...)
	NOT-FOR-US: LionWiki
CVE-2009-3533 (SQL injection vulnerability in report.php in Meeting Room Booking Syst ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2009-3532 (Multiple SQL injection vulnerabilities in login.asp (aka the login scr ...)
	NOT-FOR-US: LogRover
CVE-2009-3531 (SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows  ...)
	NOT-FOR-US: Universe CMS
CVE-2009-3530 (Cross-site scripting (XSS) vulnerability in storefront.php in RadScrip ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2009-3529 (SQL injection vulnerability in index.php in RadScripts RadBids Gold 4  ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remot ...)
	NOT-FOR-US: MyMsg
CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not sup ...)
	- xen-3 <unfixed> (unimportant)
	- xen-unstable <removed> (unimportant)
	NOTE: This is an enhancement, not a security issue.
	NOTE: A user must have access to a guest hard drive image in order to boot it,
	NOTE: so he can simply mount the drive and remove the password option.
CVE-2009-5041 (overkill has buffer overflow via long player names that can corrupt da ...)
	- overkill 0.16-14.1 (bug #549310; low)
	[lenny] - overkill <no-dsa> (Minor issue)
	[etch] - overkill <no-dsa> (Minor issue)
CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professio ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before 4.8.13 ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and Professi ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the Visualizati ...)
	NOT-FOR-US: WebSphere
CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account mo ...)
	NOT-FOR-US: CMSphp
CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe  ...)
	NOT-FOR-US: IBM Installation Manager
CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does no ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not p ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...)
	NOT-FOR-US: d.net CMS
CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote attac ...)
	NOT-FOR-US: d.net CMS
CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG ...)
	NOT-FOR-US: Pilot Group (PG) eTraining
CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 al ...)
	NOT-FOR-US: MyWeight
CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 a ...)
	NOT-FOR-US: justVisual
CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Bet ...)
	NOT-FOR-US: linkSpheric
CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in C ...)
	NOT-FOR-US: CJ Dynamic Poll PRO
CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allo ...)
	NOT-FOR-US: MUJE CMS
CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...)
	NOT-FOR-US: CMSphp
CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 all ...)
	NOT-FOR-US: CMSphp
CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Z ...)
	NOT-FOR-US: Vastal I-Tech MMORPG Zone
CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 all ...)
	NOT-FOR-US: Alibaba Clone
CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse B ...)
	NOT-FOR-US: BPowerHouse BPHolidayLettings
CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 al ...)
	NOT-FOR-US: BPowerHouse BPMusic
CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents  ...)
	NOT-FOR-US: BPowerHouse BPStudents
CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allo ...)
	NOT-FOR-US: BPowerHouse BPGames
CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCa ...)
	NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments
CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms 1. ...)
	NOT-FOR-US: HBcms
CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...)
	NOT-FOR-US: Vastal I-Tech Agent
CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-T ...)
	NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone  ...)
	NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0 ...)
	NOT-FOR-US: T-HTB Manager
CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBachec ...)
	NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9 ...)
	NOT-FOR-US: Loggix Project
CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion (com_sportfus ...)
	NOT-FOR-US: Kinfusion SportFusion
CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a do ...)
	{DSA-1904-1}
	- wget 1.12-1 (medium; bug #549293)
CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
	NOT-FOR-US: Adobe Photoshop Elements
CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka Bibl ...)
	NOT-FOR-US: Drupal Bibliography Module
CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web inter ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web inter ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in Jun ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-ass ...)
	NOT-FOR-US: Core FTP
CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in GlobalSCA ...)
	NOT-FOR-US: CuteFTP
CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.129 ...)
	NOT-FOR-US: TrustPort Antivirus and PC Security
CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2. ...)
	NOT-FOR-US: Joomla component
CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) componen ...)
	NOT-FOR-US: Joomla component
CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x  ...)
	NOT-FOR-US: Bibliography
CVE-2009-3478 (Argument injection vulnerability in (1) src/content/js/connection/sftp ...)
	NOT-FOR-US: Bibliography
CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before  ...)
	NOT-FOR-US: Blackberry Browser in RIM BlackBerry Device Software
CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibbole ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml 3.0.0-2
	- opensaml2 2.2.1-1
	- shibboleth-sp 3.0.2+dfsg1-2
	- shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and  ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml 3.0.0-2
	- opensaml2 2.2.1-1
	- shibboleth-sp 3.0.2+dfsg1-2
	- shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by  ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml 3.0.0-2
	- opensaml2 2.2.1-1
	- shibboleth-sp 3.0.2+dfsg1-2
	- shibboleth-sp2 2.2.1+dfsg-1
	[lenny] - opensaml 1.1.1-2+lenny1
	[lenny] - opensaml2 2.0-2+lenny1
CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege f ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remot ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 befor ...)
	NOT-FOR-US: IBM Informix Dynamic Server (IDS)
CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment (CD ...)
	NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified method in A ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows r ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attac ...)
	NOT-FOR-US: Adobe
CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x throu ...)
	NOT-FOR-US: Adobe
CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1. ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) bef ...)
	NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly hand ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: This was caused by a bug in NSS (CVE-2009-2408). chromium-browser uses libnss3
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly han ...)
	NOT-FOR-US: Apple Safari
CVE-2009-3454
	REJECTED
CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quick ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive I ...)
	NOT-FOR-US: RADactive
CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.a ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MP3 Collector
CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote atta ...)
	NOT-FOR-US: BakBone NetVault Backup
CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before 2008 ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-XXXX [xen-tools: world readable disk image files]
	- xen-tools 4.2~beta1-1 (low; bug #548909)
	[lenny] - xen-tools 3.9-4+lenny1
CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...)
	NOT-FOR-US: com_mytube component for Joomla!
CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before  ...)
	NOT-FOR-US: Ability Mail Server
CVE-2009-3444 (Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 a ...)
	NOT-FOR-US: e107
CVE-2009-3443 (SQL injection vulnerability in the Fastball (com_fastball) component 1 ...)
	NOT-FOR-US: com_fastball component for Joomla!
CVE-2009-3442 (The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does no ...)
	NOT-FOR-US: Nodewords module for Drupal
CVE-2009-3441 (Open Source Security Information Management (OSSIM) before 2.1.2 allow ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3440 (Cross-site scripting (XSS) vulnerability in Open Source Security Infor ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3439 (Multiple SQL injection vulnerabilities in Open Source Security Informa ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3438 (SQL injection vulnerability in the JoomlaFacebook (com_facebook) compo ...)
	NOT-FOR-US: com_facebook component for Joomla!
CVE-2009-3437 (Cross-site scripting (XSS) vulnerability in the live preview feature i ...)
	NOT-FOR-US: Markdown Preview module for Drupal
CVE-2009-3436 (Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal al ...)
	NOT-FOR-US: MaxWebPortal
CVE-2009-3435 (Cross-site scripting (XSS) vulnerability in the variable editor in the ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2009-3434 (SQL injection vulnerability in the Tupinambis (com_tupinambis) compone ...)
	NOT-FOR-US: com_tupinambis for Mambo and Joomla!
CVE-2009-3433 (Unspecified vulnerability in clsetup in the configuration utility in S ...)
	NOT-FOR-US: Sun Solaris Cluster
CVE-2009-3432 (Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenS ...)
	NOT-FOR-US: Sun OpenSolaris xscreensaver
CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1 ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions R ...)
	- request-tracker3.8 3.8.5-1 (bug #546829)
	- request-tracker3.6 3.6.9-1 (bug #546778)
	[etch] - request-tracker3.6 <not-affected> (vulnerable code not present)
	[lenny] - request-tracker3.6 3.6.7-5+lenny2
	NOTE: CVE id requested
CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
	NOT-FOR-US: Allomani Mobile
CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61  ...)
	NOT-FOR-US: Pirate Radio Destiny Media Player
CVE-2009-3428 (Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote ...)
	NOT-FOR-US: Easy Music Player
CVE-2009-3427 (Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.0 ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2009-3426 (PHP remote file inclusion vulnerability in includes/file_manager/speci ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3425 (Directory traversal vulnerability in includes/inc.thcms_admin_dirtree. ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3424 (Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3423 (login.php in Zenas PaoLink 1.0, when register_globals is enabled, allo ...)
	NOT-FOR-US: Zenas PaoLink
CVE-2009-3422 (login.php in Zenas PaoLiber 1.1, when register_globals is enabled, all ...)
	NOT-FOR-US: Zenas PaoLiber
CVE-2009-3421 (login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is  ...)
	NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3420 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...)
	NOT-FOR-US: Miniweb Publisher module
CVE-2009-3419 (SQL injection vulnerability in index.php in the Publisher module 2.0 f ...)
	NOT-FOR-US: Miniweb Publisher module
CVE-2009-3418 (Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) re ...)
	NOT-FOR-US: Plume CMS
CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 ...)
	NOT-FOR-US: IDoBlog component Joomla
CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle Database 9. ...)
	NOT-FOR-US: Oracle Database and Oracle Application Server
CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle Database 11 ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) compo ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle  ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle  ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools &amp; Enterpri ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product Suit ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3398
	REJECTED
CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle E-Busines ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3394
	REJECTED
CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management (ED ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-4193 (Merkaartor 0.14 allows local users to append data to arbitrary files v ...)
	- merkaartor 0.14+svnfixes~20090912-2 (low; bug #548546)
	[lenny] - merkaartor <not-affected> (vulnerable code not present)
	NOTE: does not run as root so minor issue.
CVE-2009-XXXX [SA-CORE-2009-008]
	- drupal6 6.14-1 (bug #547140)
	[lenny] - drupal6 6.6-3lenny3
CVE-2009-3391
	RESERVED
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsi ...)
	NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used i ...)
	{DSA-2045-1}
	- libtheora 1.1 (bug #572950)
	[etch] - libtheora <not-affected> (vulnerable code not present)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before  ...)
	- liboggplay 0.2.1~git20091227-1.1 (bug #575743)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group re ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allo ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not properl ...)
	{DSA-1922-1}
	- xulrunner 1.9.0.15-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0-1
	[lenny] - iceape <not-affected> (stub package)
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before  ...)
	- webkit 1.1.17-2 (medium; bug #559759)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <not-affected> (vulnerable code not present)
	- kde4libs <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/48725
CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla  ...)
	{DSA-1939-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.3-1 (medium)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3378 (The oggplay_data_handle_theora_frame function in media/liboggplay/src/ ...)
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (ogg support added in firefox 3.5)
	[lenny] - xulrunner <not-affected> (ogg support added in firefox 3.5)
	- liboggplay 0.2.1~git20091120-1 (medium; bug #552743)
CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
	- liboggz 0.9.9-1 (low)
	[lenny] - liboggz <no-dsa> (Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep)
CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey be ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x  ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation i ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox  ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey be ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 all ...)
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
	[lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
	- kompozer <unfixed> (unimportant; bug #555326)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote a ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservat ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image galler ...)
	NOT-FOR-US: An image gallery 1.0
CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image galler ...)
	NOT-FOR-US: An image gallery 1.0
CVE-2009-3365 (PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/ ...)
	NOT-FOR-US: Aurora CMS
CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote F ...)
	NOT-FOR-US: FTPShell Client
CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x be ...)
	NOT-FOR-US: a module for Drupal
CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2. ...)
	NOT-FOR-US: SZNews
CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows remo ...)
	NOT-FOR-US: PHP-IPNMonitor
CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 al ...)
	NOT-FOR-US: Datemill
CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency Bi ...)
	NOT-FOR-US: Match Agency BiZ
CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult Po ...)
	NOT-FOR-US: Tourism Scripts Adult
CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking Reservatio ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows re ...)
	NOT-FOR-US: Image voting
CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia B ...)
	NOT-FOR-US: Datetopia Buy Dating Site
CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...)
	NOT-FOR-US: Rest API module for Drupal
CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for Drupa ...)
	NOT-FOR-US: Node2Node module for Drupal
CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ro ...)
	NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for Dr ...)
	NOT-FOR-US: Node Browser module for Drupal
CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module f ...)
	NOT-FOR-US: Subdomain Manager module for Drupal
CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote attacke ...)
	NOT-FOR-US: Datavore Gyro
CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows r ...)
	NOT-FOR-US: Datavore Gyro
CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote at ...)
	NOT-FOR-US: D-Link DIR-400 wireless router
CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows re ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unkn ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on Window ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows re ...)
	NOT-FOR-US: HotWeb Rentals
CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php  ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote a ...)
	NOT-FOR-US: Linksys WRT54GL wireless router
CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...)
	NOT-FOR-US: FreeSSHD
CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance 5 ...)
	NOT-FOR-US: McAfee Email and Web Security Appliance
CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b a ...)
	NOT-FOR-US: Magic Morph
CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...)
	NOT-FOR-US: plugin for Serendipity
CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid allo ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for Jooml ...)
	NOT-FOR-US: TurtuShout component 0.11 for Joomla!
CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Int ...)
	NOT-FOR-US: Lhacky! Extensions Cave Joomla!
CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the koeSub ...)
	NOT-FOR-US: koeSubmit (com_koesubmit) component 1.0 for Mambo
CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) c ...)
	NOT-FOR-US: BudgetsMagic (com_jbudgetsmagic) component for Joomla!
CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allo ...)
	NOT-FOR-US: DDL CMS
CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1, when mag ...)
	NOT-FOR-US: cP Creator
CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted r ...)
	NOT-FOR-US: Winplot
CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1 ...)
	NOT-FOR-US: WX-Guestbook
CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow r ...)
	NOT-FOR-US: WX-Guestbook
CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content Managem ...)
	NOT-FOR-US: CMScontrol
CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey Manag ...)
	NOT-FOR-US: Survey Manager (com_surveymanager) component 1.5.0 for Joomla!
CVE-2009-3324 (PHP remote file inclusion vulnerability in include/prodler.class.php i ...)
	NOT-FOR-US: ProdLer
CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation  ...)
	NOT-FOR-US: BAnner ROtation System mini (BAROSmini)
CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to cause ...)
	NOT-FOR-US: Siemens Gigaset SE361 WLAN router
CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc  ...)
	NOT-FOR-US: SaphpLesson
CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLin ...)
	NOT-FOR-US: Zenas PaoLink (aka Pao-Link)
CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03  ...)
	NOT-FOR-US: DCI-Designs Dawaween
CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album (com_a ...)
	NOT-FOR-US: Roland Breedveld Album (com_album) component 1.14 for Joomla!
CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php in Ope ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2009-3316 (SQL injection vulnerability in the JReservation (com_jreservation) com ...)
	NOT-FOR-US: JReservation (com_jreservation) component 1.0 and 1.5 for Joomla!
CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp Publis ...)
	NOT-FOR-US: NeLogic Nephp Publisher Enterprise
CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote at ...)
	NOT-FOR-US: FMyClone
CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in phpPol ...)
	NOT-FOR-US: phpPollScript
CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScrip ...)
	NOT-FOR-US: RSSMediaScript
CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows remote at ...)
	NOT-FOR-US: Zainu
CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allow ...)
	NOT-FOR-US: CF ShopKart
CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows  ...)
	NOT-FOR-US: FanUpdate
CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allo ...)
	NOT-FOR-US: FSphp
CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in Clear ...)
	NOT-FOR-US: ClearSite
CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to  ...)
	{DSA-2002-1}
	- polipo 1.0.4-1.1 (low; bug #547047)
	[etch] - polipo <no-dsa> (Minor issue)
	[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbi ...)
	{DSA-1945-1}
	- gforge  4.8.2-1
CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GF ...)
	{DSA-1937-1}
	- gforge 4.8.1-3 (low)
CVE-2009-3302 (filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remot ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-3301 (Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) be ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity Pr ...)
	{DSA-1947-1}
	- shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608)
	- shibboleth-sp 3.0.2+dfsg1-2 (medium)
	- opensaml2 2.3-1 (medium)
	NOTE: xmltooling also needs to be updated, changed in sid in 1.3.1-1
CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in Ma ...)
	{DSA-1924-1}
	- mahara 1.1.7-1 (low)
	NOTE: http://mahara.org/interaction/forum/topic.php?id=1170
CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authentica ...)
	{DSA-1924-1}
	- mahara 1.1.7-1 (low)
	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
CVE-2009-3297 [mount race conditions]
	REJECTED
CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...)
	{DSA-1912-2 DSA-1912-1}
	- camlimages 1:3.0.1-5 (low)
	- advi 1.6.0-15 (low; bug #551282)
CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...)
	- krb5 1.7+dfsg-4 (medium)
	[lenny] - krb5 <not-affected> (code introduced in 1.7)
	[etch] - krb5 <not-affected> (code introduced in 1.7)
CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5 ...)
	- php5 <not-affected> (win32-specific)
CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...)
	- php5 <not-affected> (the php packages use the system libgd2)
	- php4 <not-affected> (the php packages use the system libgd2)
	NOTE: the transparent colours functionality is only on php5's bundled libgd2
CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1 ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low)
	NOTE: unknown impact, it is related to missing sanity checks
	NOTE: when determining the length of sections of jpg headers
	NOTE: a missing limit on the nesting level of TIFF files, and
	NOTE: missing EOF checks, possibly leading to NULL dereferences
	NOTE: experimental is likely to be affected (as of 5.3.0)
CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before 5.2.1 ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low)
	[lenny] - php5 <no-dsa> (rather unimportant)
	[etch] - php5 <no-dsa> (rather unimportant)
	NOTE: seems to be related to handling of \0 on CN
	NOTE: not worth a dsa on its own, php doesn't verify certificates by default
	NOTE: experimental is likely to be affected (as of 5.3.0)
CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target  ...)
	- glib2.0 2.22.0-1 (low)
	[lenny] - glib2.0 2.16.6-3
	[etch] - glib2.0 <no-dsa> (Minor issue)
CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X ...)
	- thin 1.2.4-1 (low)
CVE-2009-3285
	RESERVED
CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image Captur ...)
	NOT-FOR-US: phpspot Products
CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...)
	NOT-FOR-US: phpspot Products
CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...)
	NOT-FOR-US: VMware Fusion
CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839  ...)
	NOT-FOR-US: VMware Fusion
CVE-2009-3280 (Integer signedness error in the find_ie function in net/wireless/scan. ...)
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <not-affected> (vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 062 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 062 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allo ...)
	NOT-FOR-US: datavault
CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed  ...)
	NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
	NOT-FOR-US: Microsoft patterns & practices Enterprise Library
CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3 ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...)
	- qt4-x11 <unfixed> (unimportant)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	NOTE: browser crashers are not considered security-relevant
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a den ...)
	NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...)
	{DSA-1915-1 DSA-1907-1 DTSA-203-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
	- kvm 85+dfsg-4.1 (high; bug #548975)
CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2. ...)
	- linux-2.6 2.6.31-1 (low)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does no ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote att ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause  ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	NOTE: browser denial of services not considered security-relevant
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.1671 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...)
	NOT-FOR-US: Opera
CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remo ...)
	NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an  ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x  ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- webkit <not-affected> (chrome-specific issue)
	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
	NOTE: other browsers are not affected (only chrome and opera)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...)
	NOT-FOR-US: IBM Tivoli Identity Manager
CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require admi ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remo ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...)
	NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with certai ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass th ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php  ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2 ...)
	NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56 beta all ...)
	NOT-FOR-US: Ultimate Player
CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allow ...)
	NOT-FOR-US: TriceraSoft Swift Ultralite
CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0. ...)
	NOT-FOR-US: Rock Band CMS
CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remo ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail functionality ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS module in v ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities module in v ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allow ...)
	NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause  ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: browser denial of services aren't considered security-relevant
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a d ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: browser denial-of-services are unimportant
CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from bn_w ...)
	- openssl 0.9.8m-1 (low; bug #575433)
	[lenny] - openssl 0.9.8g-15+lenny7
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe S ...)
	NOT-FOR-US: Adobe ShockWave Player
CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and  ...)
	- wireshark <not-affected> (Windows-only issue)
CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in Wir ...)
	- wireshark 1.2.2-1 (low; bug #547704)
	[etch] - wireshark <not-affected> (Only affects 1.2.x)
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...)
	{DSA-1942-1}
	- wireshark 1.2.2-1 (low; bug #547704)
	[etch] - wireshark <not-affected> (Only affects >= 0.99.6)
	[lenny] - wireshark 1.0.2-3+lenny6
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
	NOT-FOR-US: module for XOOPS
CVE-2009-3239
	REJECTED
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux kern ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.30-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...)
	{DSA-1966-1}
	- horde3 3.3.5+debian0-1 (low)
	[lenny] - horde3 3.2.2+debian0-2+lenny1
	NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch
CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1 ...)
	{DSA-1893-1 DSA-1892-1}
	- cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
	- dovecot 1:1.2.1-1 (medium; bug #546656)
	NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2. ...)
	- linux-2.6 2.6.13-1 (low)
	- linux-2.6.24 <not-affected> (fixed prior to first upload of 2.6.24)
CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and 3 ...)
	{DSA-1897-1}
	- horde3 3.3.5+debian0-1 (medium; bug #547318)
CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...)
	NOT-FOR-US: MODx CMS
CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6. ...)
	NOT-FOR-US: MODx CMS
CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...)
	NOT-FOR-US: PunBB
CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in Lin ...)
	NOT-FOR-US: Linux Web Shop (LWS) php User Base
CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in kernel/perf_counter. ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.31, fixed in Debian package before initial 2.6.31 upload)
	- linux-2.6.24 <not-affected> (Introduced in 2.6.31)
CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Al ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond Classifi ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almo ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro
CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when usi ...)
	NOT-FOR-US: Super Mod System
CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver  ...)
	NOT-FOR-US: Inout Adserver
CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebScript ...)
	NOT-FOR-US: FreeWebScriptz Honest Traffic
CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote at ...)
	NOT-FOR-US: Audio Lib Player (ALP)
CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In O ...)
	NOT-FOR-US: All In One Control Panel
CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ( ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content Man ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...)
	NOT-FOR-US: iWiccle
CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when mag ...)
	NOT-FOR-US: iWiccle
CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, an ...)
	NOT-FOR-US: IXXO Cart Standalone
CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.254 ...)
	NOT-FOR-US: Photodex ProShow Gold
CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attacke ...)
	NOT-FOR-US: broid
CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, whe ...)
	NOT-FOR-US: VivaPrograms Infinity Script
CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script 2.x. ...)
	NOT-FOR-US: VivaPrograms Infinity Script
CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka  ...)
	NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd party module)
CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 a ...)
	NOT-FOR-US: PHP eMail Manager
CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote a ...)
	NOT-FOR-US: phpfreeBB
CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10 ...)
	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache  ...)
	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote a ...)
	NOT-FOR-US: CBAuthority
CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...)
	NOT-FOR-US: Stiva Forum
CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x al ...)
	NOT-FOR-US: AJ Auction Pro OOPD
CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Fo ...)
	NOT-FOR-US: ULoKI PHP Forum
CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted re ...)
	NOT-FOR-US: Media Player Classic
CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 062 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639 Pro
CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web  ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Aff ...)
	NOT-FOR-US: Affiliate Master
CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP  ...)
	NOT-FOR-US: JCE-Tech PHP Video Script
CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auctio ...)
	NOT-FOR-US: JCE-Tech Auction RSS Content Script
CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech Sear ...)
	NOT-FOR-US: JCE-Tech SearchFeed Script
CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Li ...)
	NOT-FOR-US: LinkorCMS
CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Script ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow r ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guest ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 a ...)
	NOT-FOR-US: phpSANE
CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alon ...)
	NOT-FOR-US: Stand Alone Arcade
CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ  ...)
	NOT-FOR-US: VideoGirls BiZ
CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...)
	NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The  ...)
	NOT-FOR-US: Pirates of The Caribbean
CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via C ...)
	{DSA-1891-1}
	- changetrack 4.5-2 (medium; bug #546791)
CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before 0.29beta85 ...)
	- whitedune <not-affected> (bug #546903)
	NOTE: The debian binary versions are not compiled with the --with-aflockdebug option
CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remo ...)
	{DSA-1902-1}
	- elinks 0.11.3-1 (low; bug #380347)
CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenS ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7238 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7237 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7236 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7235 (Unspecified vulnerability in the Oracle Forms component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7234 (Unspecified vulnerability in the Oracle BPEL Worklist Application comp ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7233 (Unspecified vulnerability in the E-Business Application client, as use ...)
	NOT-FOR-US: E-Business Application client
CVE-2008-7232 (Buffer overflow in the report function in xtacacsd 4.1.2 and earlier a ...)
	NOT-FOR-US: xtacacsd
CVE-2008-7231 (Cross-site scripting (XSS) vulnerability in Meridio Document and Recor ...)
	NOT-FOR-US: Meridio Document and Records Management
CVE-2008-7230 (Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before  ...)
	NOT-FOR-US: Small Footprint CIM Broker
CVE-2008-7229 (GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers t ...)
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-7227 (PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 a ...)
	NOT-FOR-US: GeoServer
CVE-2008-7226 (SQL injection vulnerability in index.php in the Recipes module 1.3, 1. ...)
	NOT-FOR-US: Recipes module for PHP-Nuke
CVE-2008-7225 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Serv ...)
	NOT-FOR-US: Foxit Remote Access Server
CVE-2008-7223 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2008-7222 (Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...)
	NOT-FOR-US: RunCMS
CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL  ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in B ...)
	{DSA-1913-1}
	- bugzilla 3.2.5.0-1 (low; bug #547132)
	[etch] - bugzilla <not-affected> (Vulnerable code not present)
	NOTE: Introduced in 2.23.4
CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework (prototype ...)
	{DSA-1952-1}
	- prototypejs 1.6.0.2-1
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby 1.1.4-1 (low; bug #555223)
	[lenny] - libjson-ruby 1.1.2-1+lenny1
	- lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	NOTE: prototype.js copy unused per #555225
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Vulnerable code not present)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
	- mediatomb 0.12.0~svn2018-5 (low; bug #555232)
	[lenny] - mediatomb <no-dsa> (minor issue)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers 0.3.4-2 (low; bug #555239)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress 2.5.0-2 (low; bug #555242)
	[etch] - wordpress <not-affected> (prototype.js not present)
	- exaile 0.2.14+debian-2.2 (low; bug #555244)
	[lenny] - exaile <no-dsa> (minor issue)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package; bug #555258)
	- scriptaculous 1.8.3-1 (low; bug #555259)
	[lenny] - scriptaculous <no-dsa> (Minor issue)
	- activeldap 1.0.9-1 (unimportant; bug #555263)
	NOTE: Only shipped in an example
	- otrs2 2.3.4-6 (low; bug #555266)
	[etch] - otrs2 <not-affected> (prototype.js not present)
	[lenny] - otrs2 <not-affected> (prototype.js not present)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
	- webcit <not-affected> (fixed since initial inclusion)
	- zabbix <not-affected> (fixed since initial inclusion)
	- chora2 <not-affected> (fixed since initial inclusion)
	- gollem <not-affected> (fixed since initial inclusion)
	- ingo1 <not-affected> (fixed since initial inclusion)
	- kronolith2 <not-affected> (fixed since initial inclusion)
	- jifty <not-affected> (fixed since initial inclusion)
	- jquery <not-affected> (fixed since initial inclusion)
	- passenger <not-affected> (fixed since initial inclusion)
CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...)
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 a ...)
	{DSA-1897-1}
	- horde3 3.1.6-1
	- turba2 2.1.7-1
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that  ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in loaders/dtt_load ...)
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers  ...)
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2009-3182 (Unrestricted file upload vulnerability in admin/editor/filemanager/bro ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a passwo ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris Deployment So ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Sol ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown  ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 al ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager PRO (fo ...)
	NOT-FOR-US: Model Agency Manager PRO
CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php in OBO ...)
	NOT-FOR-US: OBOphiX
CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in The R ...)
	NOT-FOR-US: Rat CMS Alpha
CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 t ...)
	NOT-FOR-US: Hitachi Groupmax Groupware Server
CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gaze ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330)  ...)
	NOT-FOR-US: AIMP2 Audio Converter
CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission  ...)
	NOT-FOR-US: Hitachi
CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly restri ...)
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft Gazelle C ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2008-7216 (Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CA ...)
	NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress
CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and e ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in administrator/index ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/j ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Enso ...)
	NOT-FOR-US: CreativeLabs WDM audio driver
CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass input v ...)
	NOT-FOR-US: AJchat
CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in a_upload. ...)
	NOT-FOR-US: OneCMS
CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly ear ...)
	NOT-FOR-US: OneCMS
CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in config.php, w ...)
	NOT-FOR-US: RivetTracker
CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 ha ...)
	NOT-FOR-US: Electronic Logbook
CVE-2008-7205 (Unspecified vulnerability in the product view functionality in VirtueM ...)
	NOT-FOR-US: VirtueMart
CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a  ...)
	NOT-FOR-US: VirtueMart
CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...)
	NOT-FOR-US: Valve Software Half-Life Counter-Strike
CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GN ...)
	- pam 1.0.1-10 (bug #519927)
	[lenny] - pam <not-affected> (pam-auth-update not yet present)
	[etch] - pam <not-affected> (pam-auth-update not yet present)
CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8 ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <not-affected>
	- postgresql-7.4 <not-affected>
CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8 ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <removed>
	- postgresql-7.4 <removed>
CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 befor ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <not-affected>
	- postgresql-7.4 <not-affected>
CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris  ...)
	NOT-FOR-US: Solaris
CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in  ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (medium)
	- silc-client 1.1-2 (medium)
	- silc-server 1.1.2-1 (medium)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3145
	REJECTED
CVE-2009-3144
	REJECTED
CVE-2009-3143
	REJECTED
CVE-2009-3142
	REJECTED
CVE-2009-3141
	REJECTED
CVE-2009-3140
	REJECTED
CVE-2009-3139
	REJECTED
CVE-2009-3138
	REJECTED
CVE-2009-3137
	REJECTED
CVE-2009-3136
	REJECTED
CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows r ...)
	NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows at ...)
	NOT-FOR-US: IBM WebSpHere MQ
CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7 ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require authentication, w ...)
	NOT-FOR-US: simplePHPWeb
CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module 6.x be ...)
	NOT-FOR-US: Calendar module for Drupal
CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools sub-module  ...)
	NOT-FOR-US: Date module for Drupal
CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Cla ...)
	NOT-FOR-US: Almond Classifieds component for Joomla!
CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) co ...)
	NOT-FOR-US: Almond Classifieds component for Joomla!
CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search  ...)
	NOT-FOR-US: x10 MP3 Search engine
CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in becommunity/com ...)
	NOT-FOR-US: NTSOFT BBS E-Market Professional
CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in Ultri ...)
	NOT-FOR-US: Ultrize TimeSheet
CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows r ...)
	NOT-FOR-US: Multi Website
CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when mag ...)
	- elgg <itp> (bug #526197)
CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...)
	NOT-FOR-US: PortalXP Teacher Edition
CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewP ...)
	NOT-FOR-US: ReviewPost Pro
CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in Arti ...)
	NOT-FOR-US: ArticleFriend Script
CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in B ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail allo ...)
	NOT-FOR-US: QuarkMail
CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor  ...)
	NOT-FOR-US: Wap-Motor
CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control,  ...)
	NOT-FOR-US: Ajax Table module module for Drupal
CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x  ...)
	NOT-FOR-US: Ajax Table module module for Drupal
CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...)
	NOT-FOR-US: BIGACE Web CMS
CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ( ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...)
	NOT-FOR-US: Danneo CMS
CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus Syste ...)
	NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows  ...)
	NOT-FOR-US: Uiga Church Portal
CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers t ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and  ...)
	NOT-FOR-US: OXID eShop Professional
CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and  ...)
	NOT-FOR-US: OXID eShop Professional
CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote attac ...)
	- freeradius 2.0.0-1 (low)
CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail bef ...)
	NOT-FOR-US: OpenWebMail
CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Lantronix MSS485-T
CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has un ...)
	NOT-FOR-US: Deliantra server engine
CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a den ...)
	NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC
CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have u ...)
	NOT-FOR-US: phpns
CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have un ...)
	NOT-FOR-US: G15Daemon
CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact  ...)
	NOT-FOR-US: metashell
CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used i ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used i ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remo ...)
	NOT-FOR-US: PHPKIT
CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in WoltLa ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote attacke ...)
	- polipo 1.0.4-1 (low)
CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and a ...)
	NOT-FOR-US: Adium
CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...)
	NOT-FOR-US: Local Media Browser
CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain functionali ...)
	NOT-FOR-US: ClipShare
CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtai ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to upda ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: ZyXEL P-330W
CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: ZyXEL P-330W
CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris  ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris Dep ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 do ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere Applicatio ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domi ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 20 ...)
	NOT-FOR-US: Symantec Norton AntiVirus
CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in  ...)
	NOT-FOR-US: Microsoft
CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manage ...)
	NOT-FOR-US: Zmanda Recovery Manager
CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolar ...)
	- xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSol ...)
	- xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Win ...)
	NOT-FOR-US: HP OpenView Operations Manager
CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...)
	NOT-FOR-US: HP Operations Dashboard
CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on  ...)
	NOT-FOR-US: HP Performance Insight
CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 all ...)
	NOT-FOR-US: HP Performance Insight
CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote attac ...)
	{DSA-1934-1}
	- apache2 2.2.13-2 (low; bug #545951)
	[etch] - apache2 <no-dsa> (minor issue)
	[lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
	NOTE: The attacker needs to have valid credentials for the FTP server, which
	NOTE: makes this irrelevant in most cases. Based on a VulnDisco commercial 0day.
CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the  ...)
	{DSA-1934-1}
	- apache2 2.2.13-2 (low; bug #545951)
	[etch] - apache2 <no-dsa> (minor issue)
	[lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has unkn ...)
	NOT-FOR-US: ASUS WL-500W
CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...)
	NOT-FOR-US: ASUS WL-500W
CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and  ...)
	NOT-FOR-US: ASUS WL-330gE
CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on  ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus Do ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x be ...)
	{DSA-2260-1}
	- rails 2.2.3-1 (low; bug #545063)
	[etch] - rails <no-dsa> (Minor issue)
CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not  ...)
	- pidgin 2.6.2-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c  ...)
	{DSA-2038-1}
	- pidgin 2.6.2-1 (low)
CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the  ...)
	{DSA-2038-1}
	- pidgin 2.6.2-1 (low)
CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of se ...)
	- rhythmbox <unfixed> (unimportant)
	NOTE: No practical security impact
CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...)
	NOT-FOR-US: Diigo Toolbar and Diigolet
CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2. ...)
	NOT-FOR-US: EVA CMS
CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus Syst ...)
	NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows  ...)
	NOT-FOR-US: Uiga Church Portal
CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x  ...)
	{DSA-1886-1}
	- iceweasel 3.0.14-1
	[etch] - iceweasel <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not proper ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain dial ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-2025-1 DSA-1885-1}
	- xulrunner 1.9.0.14-1
	- icedove 3.0~rc2-2
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox  ...)
	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2025-1 DSA-1885-1}
	- xulrunner 1.9.0.14-1
	- icedove 3.0~rc2-2
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
CVE-2008-7182 (Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and poss ...)
	NOT-FOR-US: Surgemail
CVE-2008-7181 (Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitr ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-7180 (del_query1.php in Telephone Directory 2008 allows remote attackers to  ...)
	NOT-FOR-US: Telephone Directory
CVE-2008-7179 (OTManager CMS 2.4 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: OTManager
CVE-2008-7178 (Directory traversal vulnerability in Uploader module 1.1 for XOOPS all ...)
	NOT-FOR-US: XOOPS
CVE-2008-7177 (Buffer overflow in the listing module in Netwide Assembler (NASM) befo ...)
	- nasm 2.03.01-1 (low)
CVE-2008-7176 (Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow  ...)
	NOT-FOR-US: Facil CMS
CVE-2008-7175 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in Next ...)
	NOT-FOR-US: NextGEN Gallery third party plugin for wordpress
CVE-2008-7174 (Multiple buffer overflows in the Jura Internet Connection Kit for the  ...)
	NOT-FOR-US: Jura Impressa
CVE-2008-7173 (The Jura Internet Connection Kit for the Jura Impressa F90 coffee make ...)
	NOT-FOR-US: Jura Impressa
CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict access t ...)
	NOT-FOR-US: Lightweight news portal
CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight new ...)
	NOT-FOR-US: Lightweight news portal
CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce administrat ...)
	NOT-FOR-US: GSC build
CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...)
	NOT-FOR-US: Joomla!
CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ( ...)
	NOT-FOR-US: ActiveX
CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager 2 ...)
	NOT-FOR-US: Page Manager
CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ( ...)
	NOT-FOR-US: Adobe RoboHelp Server
CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation M ...)
	NOT-FOR-US: Reservation Manager
CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchSc ...)
	NOT-FOR-US: PropertyWatchScript.com Property Watch
CVE-2009-3065 (PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in ...)
	NOT-FOR-US: Ve-EDIT
CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT ...)
	NOT-FOR-US: Ve-EDIT
CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver) compon ...)
	NOT-FOR-US: Joomla!
CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP Live!  ...)
	NOT-FOR-US: OSI Codes PHP Live!
CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 a ...)
	NOT-FOR-US: Alqatari Q R Script
CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (ak ...)
	NOT-FOR-US: Joker Board
CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 ...)
	NOT-FOR-US: Joker Board
CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers  ...)
	NOT-FOR-US: akPlayer
CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Be ...)
	NOT-FOR-US: AOM Software Beex
CVE-2009-3056 (PHP remote file inclusion vulnerability in include/engine/content/elem ...)
	NOT-FOR-US: KingCMS
CVE-2009-3055 (PHP remote file inclusion vulnerability in engine/api/api.class.php in ...)
	NOT-FOR-US: DataLife Engine
CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal (com_artpor ...)
	NOT-FOR-US: Joomla!
CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora) component 3 ...)
	NOT-FOR-US: Joomla!
CVE-2009-3052 (SQL injection vulnerability in root/includes/prime_quick_style.php in  ...)
	NOT-FOR-US: Prime Quick Style addon
CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859)  ...)
	NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859)
CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administra ...)
	NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi
CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have u ...)
	NOT-FOR-US: Shareaza
CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php in Sine ...)
	NOT-FOR-US: SineCMS
CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote attackers to c ...)
	NOT-FOR-US: Hero Super Player
CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 a ...)
	NOT-FOR-US: Fortinet FortiGuard Fortinet
CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Se ...)
	{DSA-1879-1}
	[lenny] - silc-toolkit 1.1.7-2+lenny1
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server <not-affected> (Vulnerable code not present)
	NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
CVE-2009-3051 (Multiple format string vulnerabilities in lib/silcclient/client_entry. ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (medium)
	- silc-client 1.1-2 (medium)
	- silc-server 1.1.2-1 (medium)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c i ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server 1.1.2-1 (low)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1 ...)
	- htmldoc 1.8.27-4.1 (low; bug #537637)
	[etch] - htmldoc <no-dsa> (Minor issue)
	[lenny] - htmldoc <no-dsa> (Minor issue)
CVE-2009-3049 (Opera before 10.00 does not properly display all characters in Interna ...)
	NOT-FOR-US: Opera
CVE-2009-3048 (Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly im ...)
	NOT-FOR-US: Opera
CVE-2009-3047 (Opera before 10.00, when a collapsed address bar is used, does not pro ...)
	NOT-FOR-US: Opera
CVE-2009-3046 (Opera before 10.00 does not check all intermediate X.509 certificates  ...)
	NOT-FOR-US: Opera
CVE-2009-3045 (Opera before 10.00 trusts root X.509 certificates signed with the MD2  ...)
	NOT-FOR-US: Opera
CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or (2 ...)
	NOT-FOR-US: Opera
CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...)
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remot ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier  ...)
	NOT-FOR-US: EkinBoard
CVE-2008-7156 (EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows  ...)
	NOT-FOR-US: EkinBoard
CVE-2008-7155 (NetRisk 1.9.7 does not properly restrict access to admin/change_submit ...)
	NOT-FOR-US: NetRisk
CVE-2008-7154 (Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Docebo
CVE-2008-7153 (SQL injection vulnerability in the autoDetectRegion function in docebo ...)
	NOT-FOR-US: Docebo
CVE-2009-3039
	RESERVED
CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...)
	NOT-FOR-US: ActiveX
CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka F ...)
	NOT-FOR-US: Autonomy KeyView XLS viewer
CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image D ...)
	NOT-FOR-US: Specimen Image Database
CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x ...)
	NOT-FOR-US: Live third-party Drupal module
CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x bef ...)
	NOT-FOR-US: Refine by Taxonomy
CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impac ...)
	NOT-FOR-US: AgileWiki
CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 al ...)
	- synfig 0.61.08-1
CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Soft ...)
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...)
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ph ...)
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...)
	NOT-FOR-US: RARLAB WinRAR
CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when th ...)
	- phpbb2 <removed>
CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module (fronte ...)
	NOT-FOR-US: cPanel
CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...)
	NOT-FOR-US: @lex Poll
CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook  ...)
	NOT-FOR-US: @lex Guestbook
CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based  ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers t ...)
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers t ...)
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...)
	NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...)
	NOT-FOR-US: onlinetools.org EasyImageCatalogue
CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...)
	NOT-FOR-US: Nuked-Klan
CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before 6 ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3034
	REJECTED
CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
	NOT-FOR-US: ActiveX
CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autono ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the Alt ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressio ...)
	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec Se ...)
	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dl ...)
	NOT-FOR-US: Symantec
CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection S ...)
	NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to c ...)
	- pidgin 2.6.1-1 (low)
	[lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
	[etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking featu ...)
	- libio-socket-ssl-perl 1.30-1
	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
	[etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14)
CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information S ...)
	NOT-FOR-US: Microsoft IIS
CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and e ...)
	NOT-FOR-US: bingo!CMS
CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' pl ...)
	NOT-FOR-US: Site Calendar 'mycaljp' plugin
CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...)
	NOT-FOR-US: Maxthon Browser
CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...)
	NOT-FOR-US: Orca Browser
CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs  ...)
	NOT-FOR-US: Apple Safari
CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...)
	- qt4-x11 <unfixed> (unimportant)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; S ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
	- iceweasel <removed> (unimportant)
CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
	NOT-FOR-US: Opera
CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre do ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0. ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; S ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
	- iceweasel <removed> (unimportant)
CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ...)
	{DSA-1887-1}
	- rails 2.2.3-1 (low; bug #545063)
	[etch] - rails <no-dsa> (Unsupported)
CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
	NOT-FOR-US: K-Meleon
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow con ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.3-3 (low)
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 2.0-1 (low)
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceape <not-affected> (Iceape from Lenny only provides NSS libs)
	- webkit <not-affected> (proof-of-concept did not work)
CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the  ...)
	NOT-FOR-US: Maxthon Browser
CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...)
	NOT-FOR-US: Lunascape
CVE-2009-3004 (Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof t ...)
	NOT-FOR-US: Avant Browser
CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to spo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data st ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	NOTE: minor info leaks
CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2. ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	NOTE: minor info leak
CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_ ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-7131 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier  ...)
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7130 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier  ...)
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service  ...)
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does no ...)
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earli ...)
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.0 ...)
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7125 (pphoto in Ariadne before 2.6 allows remote authenticated users with ce ...)
	NOT-FOR-US: Ariadne
CVE-2008-7124 (zKup CMS 2.0 through 2.3 does not require administrative authenticatio ...)
	NOT-FOR-US: zKup CMS
CVE-2008-7123 (Static code injection vulnerability in admin/configuration/modifier.ph ...)
	NOT-FOR-US: zKup CMS
CVE-2008-7122 (Multiple insecure method vulnerabilities in an ActiveX control in (epR ...)
	NOT-FOR-US: ActiveX
CVE-2008-7121 (Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL- ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7120 (SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and ear ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7119 (SQL injection vulnerability in item.php in WeBid auction script 0.5.4  ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7118 (WeBid auction script 0.5.4 stores sensitive information under the web  ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7117 (eledicss.php in WeBid auction script 0.5.4 allows remote attackers to  ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7116 (SQL injection vulnerability in the admin panel (admin/) in WeBid aucti ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7115 (The web interface to the Belkin Wireless G router and ADSL2 modem F5D7 ...)
	NOT-FOR-US: Belkin Wireless G
CVE-2008-7114 (SQL injection vulnerability in members_search.php in iFusion Services  ...)
	NOT-FOR-US: iFusion Services
CVE-2008-7113 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 u ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7112 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 a ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7111 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 d ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7110 (Directory traversal vulnerability in the Scanner File Utility (aka lis ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7109 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 a ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart ...)
	NOT-FOR-US: Carmosa phpCart
CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to caus ...)
	NOT-FOR-US: ESET Smart Security
CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote attac ...)
	NOT-FOR-US: Android
CVE-2009-XXXX [serveez: buffer overflow in header parser]
	- serveez <removed> (low)
	[lenny] - serveez 0.1.5-2.1+lenny1
	[etch] - serveez 0.1.5-2+etch1
CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1. ...)
	NOT-FOR-US: Adobe
CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7,  ...)
	NOT-FOR-US: Adobe
CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x befo ...)
	NOT-FOR-US: Adobe
CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before  ...)
	NOT-FOR-US: Adobe
CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before  ...)
	NOT-FOR-US: Adobe
CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and A ...)
	NOT-FOR-US: Adobe
CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x befo ...)
	NOT-FOR-US: Adobe
CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, an ...)
	NOT-FOR-US: Adobe
CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and Ac ...)
	NOT-FOR-US: Adobe
CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x be ...)
	NOT-FOR-US: Adobe
CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibl ...)
	NOT-FOR-US: Adobe
CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...)
	NOT-FOR-US: Adobe
CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x bef ...)
	NOT-FOR-US: Adobe
CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibl ...)
	NOT-FOR-US: Adobe
CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents  ...)
	NOT-FOR-US: Cisco
CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly invol ...)
	- xulrunner <not-affected> (unimportant)
	NOTE: browser crashes not treated as security issues
	NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attack ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't support 'chromehtml' protocol)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a  ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 befo ...)
	NOT-FOR-US: Microsoft Exchange
CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remo ...)
	NOT-FOR-US: Sophos PureMessage for Microsoft Exchange
CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for  ...)
	NOT-FOR-US: Sophos PureMessage Scanner service
CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dl ...)
	NOT-FOR-US: Toolbar 2.0.4.1
CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx fil ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allo ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows rem ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft K-R ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Pr ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow r ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35M ...)
	NOT-FOR-US: Intel Desktop and Intel Mobile Boards
CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does n ...)
	NOT-FOR-US: ArubaOS
CVE-2009-2971
	RESERVED
CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an Acti ...)
	NOT-FOR-US: UiTV UiPlayer
CVE-2009-2969
	RESERVED
CVE-2009-2968 (Directory traversal vulnerability in a support component in the web in ...)
	NOT-FOR-US: VMware Studio
CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6  ...)
	- buildbot 0.7.11p3-1
	[lenny] - buildbot <no-dsa> (Minor issue)
	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica Affinium Cam ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium Campaig ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium  ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow  ...)
	NOT-FOR-US: Pligg
CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier  ...)
	NOT-FOR-US: Pligg
CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allo ...)
	NOT-FOR-US: Pligg
CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in PhotoPost vBGa ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1. ...)
	NOT-FOR-US: OpenPro
CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: Maian Greetings
CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS On ...)
	NOT-FOR-US: TheHockeyStop HockeySTATS Online
CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in Velocity Se ...)
	NOT-FOR-US: Velocity Security Management System
CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0. ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvisi ...)
	NOT-FOR-US: Radvision Scopia
CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...)
	{DSA-2091-1}
	- squirrelmail 2:1.4.20~rc2-1 (low; bug #543818)
CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...)
	NOT-FOR-US: Toolbar Uninstaller
CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows r ...)
	NOT-FOR-US: Thaddy de Konng KOL Player
CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to page ...)
	NOT-FOR-US: CuteFlow
CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status v ...)
	- buildbot 0.7.11p3-1 (low; bug #543822)
	[lenny] - buildbot <no-dsa> (Minor issue)
	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when --ena ...)
	{DSA-1876-1}
	- dnsmasq 2.50-1
	[etch] - dnsmasq <not-affected>
CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in d ...)
	{DSA-1876-1}
	- dnsmasq 2.50-1
	[etch] - dnsmasq <not-affected>
CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Comm ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause  ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	NOTE: browser denial of services are not considered security-relevant
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attacke ...)
	- xulrunner <unfixed> (unimportant; bug #557753)
	NOTE: browser denial-of-services are considered unimportant
CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...)
	NOT-FOR-US: Phenotype CMS
CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...)
	NOT-FOR-US: ReVou Micro Blogging Twitter clone
CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key pa ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allo ...)
	NOT-FOR-US: RaidSonic ICY BOX NAS firmware
CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...)
	NOT-FOR-US: Team PHP PHP Classifieds Script
CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to c ...)
	NOT-FOR-US: Nero ShowTime
CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote attacker ...)
	NOT-FOR-US: Rumpus
CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remot ...)
	NOT-FOR-US: SailPlanner
CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in K ...)
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star  ...)
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...)
	NOT-FOR-US: MemeCode Software i.Scribe
CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS m ...)
	NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Tops ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites a ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shi ...)
	- kvirc <not-affected> (Only affects Windows builds)
	NOTE: https://svn.kvirc.de/kvirc/ticket/274#comment:8
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information un ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7067 (PHP remote file inclusion vulnerability in admin/plugins/Online_Users/ ...)
	NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: OpenForum
CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cau ...)
	NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in global.p ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with  ...)
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download  ...)
	NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
	NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows rem ...)
	NOT-FOR-US: One-News
CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4  ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in BandSit ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for adminpanel/phpm ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the d ...)
	NOT-FOR-US: ezContents
CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...)
	NOT-FOR-US: ezContents
CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remo ...)
	NOT-FOR-US: LogMeIn
CVE-2009-2950 (Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompress ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-2949 (Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3 ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (medium; bug #550423)
CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...)
	{DSA-1882-1}
	- xapian-omega 1.0.15-2
CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in de ...)
	{DSA-1878-2 DSA-1878-1}
	- devscripts 2.10.54
CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford Univer ...)
	- webauth 3.6.2-1 (low)
	[lenny] - webauth 3.6.0-1+lenny1
	[etch] - webauth <not-affected> (Vulnerable code not present)
CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki bef ...)
	{DSA-1875-1}
	- ikiwiki 3.1415926
CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL  ...)
	{DSA-1909-1}
	- postgresql-ocaml 1.12.1-1 (low)
CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the m ...)
	{DSA-1910-1}
	- mysql-ocaml 1.0.4-7 (low)
CVE-2009-2941
	RESERVED
CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support ...)
	{DSA-1911-1}
	- pygresql 1:4.0-1 (low)
CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix ...)
	- postfix 2.6.5-3 (low)
	[lenny] - postfix 2.5.5-1.1+lenny1
	[etch] - postfix <no-dsa> (Minor issue)
CVE-2009-2938
	RESERVED
CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venu ...)
	- planet <removed> (low; bug #546178)
	[lenny] - planet <no-dsa> (Minor issue)
	[etch] - planet <no-dsa> (Minor issue)
	- planet-venus 0~bzr116-1 (low; bug #546179)
	[lenny] - planet-venus 0~bzr95-2+lenny1
	[etch] - planet-venus <no-dsa> (Minor issue)
CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or administr ...)
	- varnish 2.1.0-2 (unimportant)
	NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote a ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed Inte ...)
	NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 all ...)
	- piwigo <not-affected> (Fixed before initial upload to the archive)
CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director 1. ...)
	NOT-FOR-US: SlideShowPro Director
CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
	NOT-FOR-US: elka CMS (aka Elkapax)
CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x a ...)
	NOT-FOR-US: TGS Content Management
CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content M ...)
	NOT-FOR-US: TGS Content Management
CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CM ...)
	NOT-FOR-US: DigitalSpinners DS CMS
CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA  ...)
	NOT-FOR-US: PHP Competition System BETA
CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects  ...)
	NOT-FOR-US: Pre Projects Pre Real Estate Listings
CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: AJ Square AJ Article
CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid Manage ...)
	NOT-FOR-US: WoW Raid Manager
CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1  ...)
	NOT-FOR-US: NatterChat
CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...)
	NOT-FOR-US: NatterChat
CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: NatterChat
CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to bypa ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote  ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square  ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in FreshScrip ...)
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts Fre ...)
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: AJ Classifieds
CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow Sword ...)
	NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in Gela ...)
	NOT-FOR-US: Gelato CMS
CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke all ...)
	NOT-FOR-US: My_eGallery module for PHP-Nuke
CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Wi ...)
	NOT-FOR-US: ITN News Gadget
CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in De ...)
	NOT-FOR-US: DevTracker module 3.0 for bcoos
CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component i ...)
	NOT-FOR-US: Simple Machines phpRaider
CVE-2008-7034 (PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class. ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: component for Joomla!
CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
	NOT-FOR-US: web management console in F5 BIG-IP
CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Serv ...)
	NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web al ...)
	NOT-FOR-US: Site2Nite Real Estate Web
CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG Applicat ...)
	NOT-FOR-US: AlilG Application AliBoard
CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass auth ...)
	NOT-FOR-US: RPG.Board
CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in eFr ...)
	NOT-FOR-US: eFront
CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe runnin ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows  ...)
	NOT-FOR-US: Arz Development The Gemini Portal
CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...)
	NOT-FOR-US: ArubaOS
CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat S ...)
	NOT-FOR-US: Chilkat Software IMAP ActiveX control
CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript  ...)
	NOT-FOR-US: AvailScript Jobs Portal Script
CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre- ...)
	NOT-FOR-US: McAfee SafeBoot Device Encryption
CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authent ...)
	NOT-FOR-US: Esqlanelapse
CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
	NOT-FOR-US: NashTech Easy PHP Calendar
CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 2008 ...)
	NOT-FOR-US: CAcert
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple comm ...)
	NOT-FOR-US: tnftpd
CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ent ...)
	- tikiwiki <removed>
CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly oth ...)
	- pidgin 2.6.1-1 (low; bug #542891)
	[lenny] - pidgin 2.4.3-4lenny4
	NOTE: gaim nof affected, it never claimed to support TLS/SSL
	NOTE: http://developer.pidgin.im/ticket/8131
	NOTE: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
CVE-2009-2962
	REJECTED
CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allo ...)
	NOT-FOR-US: DJCalendar
CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2  ...)
	NOT-FOR-US: Videos Broadcast Yourself 2
CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1 ...)
	NOT-FOR-US: BitmixSoft PHP-Lance
CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria  ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
	NOT-FOR-US: MOC Designs PHP News
CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 all ...)
	NOT-FOR-US: Elvin
CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2  ...)
	NOT-FOR-US: Boonex Orca
CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows  ...)
	NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
	NOT-FOR-US: ImTOO MPEG Encoder
CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in  ...)
	NOT-FOR-US: 2K Games Vietcong
CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery Sys ...)
	NOT-FOR-US: 2FLY Gift Delivery System
CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero Communi ...)
	NOT-FOR-US: XZero Community Classified
CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero Communi ...)
	NOT-FOR-US: XZero Community Classified
CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not proper ...)
	- systemtap 1.0-2 (bug #551918)
	[lenny] - systemtap <not-affected> (Affected functionality only added in 1.0)
CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <unfixed> (medium)
CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in net/ax25/a ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux  ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc ...)
	NOT-FOR-US: SpringSource tc Server, Application Management Suite, Hyperic HQ Open Source, and Hyperic Enterprise
CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,  ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (low; bug #550423)
CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0. ...)
	{DSA-1894-1}
	- newt 0.52.10-4.1 (medium; bug #548198)
CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in OpenS ...)
	- openssh <not-affected> (issue with homechroot patch specific to Red Hat)
CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x throu ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ...)
	{DSA-2207-1}
	- tomcat6 6.0.24-1 (low)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5.5 <removed>
CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6 ...)
	- tomcat6 <not-affected> (Windows-only)
	- tomcat5.5 <not-affected> (Windows-only)
CVE-2009-2900
	RESERVED
CVE-2009-2899 (The monitor perl script in the Sybase database plug-in in SpringSource ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/G ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attac ...)
	NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (U ...)
	NOT-FOR-US: Ultimate Regnow Affiliate
CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZ ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
	NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles all ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts N ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman al ...)
	NOT-FOR-US: PHP Scripts Now Hangman
CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts No ...)
	NOT-FOR-US: PHP Scripts Now President Bios
CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President B ...)
	NOT-FOR-US: PHP Scripts Now President
CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's Tal ...)
	NOT-FOR-US: PHP Scripts Now World's
CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts No ...)
	NOT-FOR-US: PHP Scripts Now World's Tallest Buildings
CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, whe ...)
	NOT-FOR-US: SaphpLesson
CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking  ...)
	NOT-FOR-US: PG MatchMaking
CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote  ...)
	NOT-FOR-US: Basilic
CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in us ...)
	- backuppc 3.1.0-8 (low; bug #542218)
	[etch] - backuppc <not-affected> (No configuration GUI)
	[lenny] - backuppc 3.1.0-4lenny2
CVE-2009-5043 (burn allows file names to escape via mishandled quotation marks ...)
	- burn 0.4.5-1 (low; bug #542329)
	[lenny] - burn 0.4.3-2.1+lenny1
	[etch] - burn <no-dsa> (Minor issue)
CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x befor ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Play ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x befor ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6) ...)
	NOT-FOR-US: Cisco Unified Presence
CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Expre ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Expre ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sess ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cis ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certifi ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2865 (Buffer overflow in the login implementation in the Extension Mobility  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2863 (Race condition in the Firewall Authentication Proxy feature in Cisco I ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Li ...)
	NOT-FOR-US: Cisco
CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows  ...)
	NOT-FOR-US: db2jds in IBM DB2
CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-2858 (Memory leak in the Security component in IBM DB2 8.1 before FP18 on Un ...)
	NOT-FOR-US: IBM DB2
CVE-2009-2857 (The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103 ...)
	NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding i ...)
	NOT-FOR-US: Sun Virtual Desktop Infrastructure
CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allo ...)
	{DSA-1991-1}
	- squid 2.7.STABLE7-1 (low; bug #534982)
	- squid3 3.0.STABLE19-1
CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain actions ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1
CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via  ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1
CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_global ...)
	NOT-FOR-US: WP-Syntax plugin
CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator interfac ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low)
CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow conte ...)
	NOT-FOR-US: NASA Common Data Format
CVE-2009-2845
	REJECTED
CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel  ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: fhttpd
CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a denial  ...)
	NOT-FOR-US: Baidu Hi IM
CVE-2008-7012 (courier/1000@/api_error_email.html (aka "error reporting page") in Acc ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tourname ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers t ...)
	NOT-FOR-US: Skalfa Software SkaLinks Exchange Script
CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Sui ...)
	NOT-FOR-US: Check Point ZoneAlarm Security Suite
CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass aut ...)
	NOT-FOR-US: HyperStop Web Host Directory
CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0. ...)
	NOT-FOR-US: Minb Is Not a Blog
CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown  ...)
	NOT-FOR-US: Electronic Logbook
CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 mi ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-4 (medium)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (medium)
CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and earli ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 thr ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-6 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component (driv ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-6 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and oth ...)
	- linux-2.6 2.6.30-7 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
	- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accept ...)
	NOT-FOR-US: Mac OS X
CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2841 (The HTMLMediaElement::loadResource function in html/HTMLMediaElement.c ...)
	- webkit 1.1.21-1 (medium; bug #559759)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/49480
	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <not-affected> (No support for HTML5 video tags)
CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to e ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ta ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International Compo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...)
	- file 5.03-1
	[lenny] - file <not-affected>
	[etch] - file <not-affected>
CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 all ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 al ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not properl ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTT ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not p ...)
	NOT-FOR-US: AirPort Utility
CVE-2009-2821
	RESERVED
CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X befo ...)
	{DSA-1933-1}
	- cups 1.4.2-1 (low; bug #555666)
	- cupsys <removed>
CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ha ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit,  ...)
	- webkit 1.1.21-1 (low; bug #559759)
	[lenny] - webkit <not-affected> (vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/47494
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not properl ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.1 ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (bug #550422)
	NOTE: requires an administrator to manually configure a user account without
	NOTE: a home dir, otherwise, this is ineffective
CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively cle ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers t ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS conn ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS  ...)
	- cupsys <not-affected> (issue in darwin-specific code; bug #550150)
	- cups <not-affected> (issue in darwin-specific code; bug #550150)
CVE-2009-2806
	RESERVED
CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8  ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ex ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2802 (MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME ty ...)
	- mantis <not-affected> (Only affects 1.2.x)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
	NOTE: http://www.mantisbt.org/blog/?p=113
CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified fi ...)
	NOT-FOR-US: Apple Application Firewall
CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and iPho ...)
	- webkit 1.1.21-1 (low; bug #559759)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	NOTE: http://trac.webkit.org/changeset/42483
CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iP ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple iPh ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and iPho ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms doe ...)
	NOT-FOR-US: NetBSD kernel
CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in Reall ...)
	NOT-FOR-US: Really Simple CMS
CVE-2009-2791 (PHP remote file inclusion vulnerability in pda_projects.php in WebDyna ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2009-2790 (SQL injection vulnerability in cat_products.php in SoftBiz Dating Scri ...)
	NOT-FOR-US: SoftBiz Dating
CVE-2009-2789 (SQL injection vulnerability in the Permis (com_groups) component 1.0 f ...)
	NOT-FOR-US: com_groups component for Joomla!
CVE-2009-2788 (Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remot ...)
	NOT-FOR-US: Mobilelib GOLD
CVE-2009-2787 (Directory traversal vulnerability in include/reputation/rep_profile.ph ...)
	NOT-FOR-US: Reputation plugin for PunBB
CVE-2009-2786 (SQL injection vulnerability in reputation.php in the Reputation plugin ...)
	NOT-FOR-US: Reputation plugin for PunBB
CVE-2009-2785 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classi ...)
	NOT-FOR-US: PHP Open Classifieds Script
CVE-2009-2784 (Multiple directory traversal vulnerabilities in dit.cms 1.3, when regi ...)
	NOT-FOR-US: dit.cms
CVE-2009-2783 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 all ...)
	NOT-FOR-US: XOOPS
CVE-2009-2782 (SQL injection vulnerability in the JFusion (com_jfusion) component for ...)
	NOT-FOR-US: com_jfusion component for Joomla!
CVE-2009-2781 (SQL injection vulnerability in forum.php in Arab Portal 2.x, when magi ...)
	NOT-FOR-US: Arab Portal
CVE-2009-2780 (Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds  ...)
	NOT-FOR-US: 68 Classifieds
CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows remot ...)
	NOT-FOR-US: AJ Matrix DNA
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alp ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
	- php5 (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...)
	NOT-FOR-US: phpAuction
CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote at ...)
	NOT-FOR-US: phpAuction
CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Goog ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to caus ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilte ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, whi ...)
	NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allow ...)
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-6991 (SQL injection vulnerability in public/page.php in Websens CMSbright al ...)
	NOT-FOR-US: CMSbright
CVE-2008-6990 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka  ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6989 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka  ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6988 (Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gall ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6987 (Unrestricted file upload vulnerability in eZoneScripts Dating Website  ...)
	NOT-FOR-US: eZoneScripts Dating Website script
CVE-2008-6986 (SQL injection vulnerability in the actionMultipleAddProduct function i ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6985 (Multiple SQL injection vulnerabilities in includes/classes/shopping_ca ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6984 (Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, all ...)
	NOT-FOR-US: Plesk
CVE-2008-6983 (modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers t ...)
	NOT-FOR-US: devalcms
CVE-2008-6982 (Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a ...)
	NOT-FOR-US: devalcms
CVE-2008-6981 (index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6980 (SQL injection vulnerability in as_archives.php in phpAdultSite CMS, po ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6979 (Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdul ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebAlbum  ...)
	NOT-FOR-US: aspWebAlbum
CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full Revoluti ...)
	NOT-FOR-US: aspWebAlbum
CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remot ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in Garage ...)
	NOT-FOR-US: GarageSales script
CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script  ...)
	NOT-FOR-US: GarageSales Script
CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey allo ...)
	NOT-FOR-US: Smart ASP Survey
CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arc ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Scrip ...)
	NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...)
	NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Fin ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 all ...)
	NOT-FOR-US: Free Arcade Script
CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and g ...)
	NOT-FOR-US: PowerUpload
CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in Ul ...)
	NOT-FOR-US: Ultrize TimeSheet
CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat  ...)
	- linux-2.6 2.6.30-6 (medium)
	[etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29)
CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux k ...)
	- linux-2.6 2.6.30-6 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not requi ...)
	NOT-FOR-US: DD-WRT
CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ver ...)
	NOT-FOR-US: DD-WRT
CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 plat ...)
	NOT-FOR-US: Microsoft
CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cg ...)
	NOT-FOR-US: DD-WRT
CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cg ...)
	NOT-FOR-US: DD-WRT
CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ( ...)
	- ocsinventory-server 1.02.1-2 (unimportant; bug #541995)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and Softwa ...)
	- ocsinventory-server 1.02.1-2 (unimportant; bug #541995)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2009-2763
	RESERVED
CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
	- logrotate 3.7.8-4 (low; bug #388608)
	[lenny] - logrotate <no-dsa> (Minor issue)
CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 bef ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1 ...)
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-XXXX [XSS in drupal printing module]
	- drupal6 <removed> (unimportant)
	NOTE: you need admin privs in orde to exploit this
	NOTE: http://lampsecurity.org/drupal-print-module-vulnerabilities
CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler (sched.exe ...)
	NOT-FOR-US: Avira AntiVir
CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content  ...)
	NOT-FOR-US: Drupal Content Construction Kit (third-party module)
CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 a ...)
	NOT-FOR-US: UBB.threads
CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...)
	NOT-FOR-US: Avactis Shopping Cart
CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9. ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon b ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does no ...)
	NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...)
	NOT-FOR-US: AJ Square AJ Auction OOPD
CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows  ...)
	NOT-FOR-US: X7 Chat
CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to b ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, a ...)
	NOT-FOR-US: Avira AntiVir Premium
CVE-2009-2760
	RESERVED
CVE-2009-2759
	RESERVED
CVE-2009-2758
	RESERVED
CVE-2009-2757
	RESERVED
CVE-2009-2756
	RESERVED
CVE-2009-2755
	RESERVED
CVE-2009-2754 (Integer signedness error in the authentication functionality in librpc ...)
	NOT-FOR-US: Informix Storage Manager
CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in librp ...)
	NOT-FOR-US: Informix Storage Manager
CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a databas ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2751 (IBM WebSphere Commerce 7.0 uses the same cryptographic key for session ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2750 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2  ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before 1.0. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2748 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2747 (The Java Naming and Directory Interface (JNDI) implementation in IBM W ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2745
	RESERVED
CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSph ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...)
	NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention Syste ...)
	NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS)
CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allo ...)
	NOT-FOR-US: FreeNAS
CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeN ...)
	NOT-FOR-US: FreeNAS
CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5  ...)
	NOT-FOR-US: X10media
CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control (C ...)
	NOT-FOR-US: ActiveX
CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote auth ...)
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset  ...)
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...)
	NOT-FOR-US: mxCamArchive
CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with  ...)
	NOT-FOR-US: mxCamArchive
CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote a ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ver ...)
	NOT-FOR-US: ooVoo
CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier  ...)
	NOT-FOR-US: MauryCMS
CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative authentica ...)
	NOT-FOR-US: MauryCMS
CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosti ...)
	NOT-FOR-US: Bankoi WebHosting Control Panel
CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in Collabti ...)
	NOT-FOR-US: Collabtive
CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remo ...)
	NOT-FOR-US: Collabtive
CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: Collabtive
CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in Colla ...)
	NOT-FOR-US: Collabtive
CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...)
	- interchange 5.6.1-1 (low; bug #505732)
CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...)
	NOT-FOR-US: ScriptsFeed Auto Classifieds
CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing  ...)
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifi ...)
	NOT-FOR-US: ScriptsFeed Realtor Classifieds System
CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under  ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass a ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop applic ...)
	NOT-FOR-US: Pi3Web
CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...)
	NOT-FOR-US: Exodus
CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...)
	NOT-FOR-US: Exodus
CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...)
	NOT-FOR-US: Exodus
CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...)
	NOT-FOR-US: Sanus|artificium (aka Sanusart)
CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2 ...)
	NOT-FOR-US: MiniGal
CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in AlstraSof ...)
	NOT-FOR-US: AlstraSoft SendIt Pro
CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka PHP ...)
	NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows  ...)
	NOT-FOR-US: PHPStore Real Estate
CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds al ...)
	NOT-FOR-US: PHPStore Auto Classifieds
CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete Classified ...)
	NOT-FOR-US: PHPStore Complete Classifieds
CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2 ...)
	{DSA-1754-1}
	- roundup 1.4.4-4+lenny1 (bug #518768)
CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester OpenNew ...)
	NOT-FOR-US: OpenNews
CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, w ...)
	NOT-FOR-US: OpenNews
CVE-2009-2734 (SQL injection vulnerability in the get_employee function in classweekr ...)
	NOT-FOR-US: Achievo
CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before  ...)
	NOT-FOR-US: Achievo
CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier al ...)
	- ntop 3:3.3-12 (low; bug #543312)
	[lenny] - ntop <no-dsa> (Minor issue)
	[etch] - ntop <no-dsa> (Minor issue)
CVE-2009-2731
	RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' chara ...)
	{DSA-1935-1}
	- gnutls26 2.8.3-1 (low; bug #541439)
	- gnutls13 <removed>
CVE-2009-2729
	RESERVED
CVE-2009-2728
	RESERVED
CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in t ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1. ...)
	- asterisk 1:1.6.2.0~dfsg~rc1-1 (bug #541441)
	[squeeze] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
	[lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
	[etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
CVE-2009-2725
	RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before Upda ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in  ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2720 (Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.i ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 al ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 befo ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 befo ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not pr ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4ima ...)
	NOT-FOR-US: cPanel
CVE-2008-6926 (Directory traversal vulnerability in autoinstall4imagesgalleryupgrade. ...)
	NOT-FOR-US: cPanel
CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1 ...)
	NOT-FOR-US: Zenphoto
CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: eSyndiCat Directory
CVE-2008-6923 (SQL injection vulnerability in the content component (com_content) 1.0 ...)
	NOT-FOR-US: Joomla!
CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5 ...)
	NOT-FOR-US: CMailServer
CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8  ...)
	NOT-FOR-US: phpAdBoard
CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in phpEmployment 1. ...)
	NOT-FOR-US: phpEmployment
CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attackers to  ...)
	NOT-FOR-US: TaskDriver 1.3
CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ThePort ...)
	NOT-FOR-US: ThePortal2
CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...)
	- wordpress 2.8.3-2 (unimportant; bug #541102)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: not really a security issue in my opinion, just an annoying bug
CVE-2008-7291 (gri before 2.12.18 generates temporary files in an insecure way. ...)
	- gri 2.12.18-1 (low)
	[etch] - gri <no-dsa> (Minor issue)
	[lenny] - gri <no-dsa> (Minor issue)
CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
	- virtualbox-ose 3.0.4-dfsg-1 (medium)
	[lenny] - virtualbox-ose <not-affected> (Doesn't affect 1.6.x)
CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows gue ...)
	- virtualbox-ose 3.0.4-dfsg-1
	[lenny] - virtualbox-ose <not-affected> (Only 3.0.x affected per Sun advisory)
CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and Op ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and  ...)
	NOT-FOR-US: XScreenSaver in Sun Solaris
CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Fin ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attac ...)
	NOT-FOR-US: Siemens SpeedStream 5200
CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in Z ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways Z ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in Zeewa ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Zeeways SHAADICLONE
CVE-2009-XXXX [mantis: information leak]
	- mantis 1.1.8+dfsg-2 (medium; bug #425010)
	[lenny] - mantis 1.1.6+dfsg-2lenny1
	NOTE: cve id requested on oss-sec
CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper acc ...)
	- spip 2.0.9-1 (medium)
CVE-2009-XXXX [rubygems: integrity violation]
	- libgems-ruby <not-affected> (Debian's version installs gems packages to /var/lib/gems, bug #540610)
	NOTE: so no opportunity to overwrite system files
	NOTE: CVE id already requested
CVE-2009-XXXX [bugzilla: unauthorized bug modification]
	- bugzilla 3.2.4-1 (low)
	[etch] - bugzilla <no-dsa> (minor issue)
	[lenny] - bugzilla <no-dsa> (minor issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257
CVE-2009-5044 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows ...)
	- groff 1.20.1-5 (low; bug #538330)
	[etch] - groff <not-affected> (pdfroff not yet present)
	[lenny] - groff <not-affected> (pdfroff not yet present)
	NOTE: requested CVE ids
CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution video devices]
	- xscreensaver 5.05-3+nmu1 (low; bug #539699)
	[etch] - xscreensaver <not-affected> (vulnerable code not present)
	[lenny] - xscreensaver 5.05-3+lenny1
CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2 ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
	[etch] - php5 <no-dsa> (too risky to fix it there)
	NOTE: requires the script itself to set and then restore a config var
CVE-2009-XXXX [php5: 'open_basedir' bypass]
	- php5 5.3.1-1 (unimportant; bug #540606)
	NOTE: only affects 5.3.0 in experimental, open_basedir unsupported
CVE-2009-2710
	REJECTED
CVE-2009-2709
	REJECTED
CVE-2009-2708
	REJECTED
CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation functiona ...)
	NOT-FOR-US: SUSE Linux
CVE-2009-2706
	REJECTED
CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in includ ...)
	NOT-FOR-US: BrewBlogger
CVE-2008-6910 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6909 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6908 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6907 (Multiple SQL injection vulnerabilities in checkuser.php in 2532designs ...)
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6906 (Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1 ...)
	NOT-FOR-US: BabbleBoard
CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in Babble ...)
	NOT-FOR-US: BabbleBoard
CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site scripting ( ...)
	NOT-FOR-US: SiteMinder
CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ( ...)
	NOT-FOR-US: SiteMinder
CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...)
	- pidgin 2.6.2 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[etch] - pidgin <no-dsa> (Minor issue)
	[lenny] - gaim <not-affected> (Only a transitional package)
	- gaim <removed>
	NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server
CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ' ...)
	{DSA-1916-1}
	- kdelibs 4:3.5.10.dfsg.1-2.1 (low; bug #546212)
	- kde4libs 4:4.3.2-1 (low; bug #546218)
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage ...)
	- zodb 1:3.9.0-1
	[etch] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
	[lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...)
	{DSA-1988-1}
	- qt4-x11 4:4.5.3-1 (medium; bug #545793)
	[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3)
CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in poll/unix/por ...)
	- apr <not-affected> (does not affect Linux or kFreeBSD)
CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp ...)
	{DSA-1872-1}
	- linux-2.6 2.6.19-1 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19)
CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before 2. ...)
	- gdm <not-affected> (TCP Wrappers support enabled correctly)
CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ca ...)
	NOT-FOR-US: Red-Hat-specific patching problem in Tomcat
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717
CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap oper ...)
	{DSA-2005-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2694 (The msn_slplink_process_msg function in libpurple/protocols/msn/slplin ...)
	{DSA-1870-1}
	- pidgin 2.5.9-1 (medium; bug #542486)
	[lenny] - gaim <not-affected> (Only a transitional package)
	- gaim <removed>
CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ...)
	{DSA-2207-1}
	- tomcat6 6.0.24-1 (low)
	[lenny] - tomcat6 <not-affected> (The package only ships the servlet packages)
	- tomcat5.5 <removed>
CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, d ...)
	{DSA-1864-1 DSA-1865-1 DSA-1862-1}
	- linux-2.6 2.6.30-6 (high; bug #541403)
	- linux-2.6.24 <removed>
CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30. ...)
	{DSA-2005-1}
	- linux-2.6 2.6.30-7 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed>
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants rea ...)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 b ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when  ...)
	- xemacs21 21.4.22-3 (low; bug #540470)
	[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
	[lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web se ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and t ...)
	NOT-FOR-US: Embedded Web Server in HP printers
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics S ...)
	NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP ...)
	NOT-FOR-US: HP-UX
CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...)
	NOT-FOR-US: HP ProCurve Identity Driven Manager
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...)
	NOT-FOR-US: HP StorageWorks
CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and  ...)
	NOT-FOR-US: HP HP-UX
CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name Server on ...)
	NOT-FOR-US: Open System Services (OSS) Name Server on HP NonStop
CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <undetermined> (bug #566769)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime Environm ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <undetermined> (bug #566769)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runti ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment (JR ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment (JR ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) i ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE  ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0. ...)
	NOT-FOR-US: Microsoft
CVE-2009-2667 (Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1 ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2008-6904 (Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linu ...)
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/ ...)
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in 2532desi ...)
	NOT-FOR-US: 2532designs
CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs  ...)
	NOT-FOR-US: 2532designs
CVE-2008-6900 (Unrestricted file upload vulnerability in "Add Pen/Author Name" featur ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...)
	NOT-FOR-US: freeSSHd
CVE-2008-6898 (Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for ...)
	NOT-FOR-US: ActiveX control
CVE-2008-6897 (Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2  ...)
	NOT-FOR-US: Andres Garcia Getleft
CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ch ...)
	{DSA-1852-1}
	- fetchmail 6.3.9~rc2-6
CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in content/base/src/nsD ...)
	- xulrunner 1.9.1.8-1
	[lenny] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
	[etch] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript eng ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
	{DSA-1939-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
	- xulrunner 1.9.1.2-1 (medium; bug #540961)
	[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
	[lenny] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4 ...)
	{DSA-1899-1}
	- strongswan 4.3.2-1.1 (bug #540144)
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow context-depen ...)
	{DSA-1912-2 DSA-1912-1 DSA-1857-1}
	- camlimages 1:3.0.1-3 (low; bug #540146)
	- advi 1.6.0-15 (low; bug #551282)
CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary  ...)
	- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android  ...)
	NOT-FOR-US: Android
CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is re ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6895 (3CX Phone System 6.0.806.0 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6894 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3C ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6893 (Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient  ...)
	NOT-FOR-US: MDaemon WorldClient
CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows remot ...)
	NOT-FOR-US: Peel
CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote a ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1 (low; bug #539891)
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2653
	NOT-FOR-US: Microsoft Windows
CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...)
	NOT-FOR-US: Solaris Trusted Extensions
CVE-2008-6891 (Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Scrip ...)
	NOT-FOR-US: ASP Forum Script
CVE-2008-6890 (SQL injection vulnerability in messages.asp in ASP Forum Script allows ...)
	NOT-FOR-US: ASP Forum Script
CVE-2008-6889 (SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 all ...)
	NOT-FOR-US: ASPReferral
CVE-2008-6888 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classifi ...)
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6887 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6886 (RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict ...)
	NOT-FOR-US: RSA EnVision
CVE-2008-6885 (Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1  ...)
	NOT-FOR-US: XOOPS
CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when regi ...)
	NOT-FOR-US: XOOPS
CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOu ...)
	{DSA-1941-1}
	- poppler 0.12.2-2.1 (low; bug #534680)
	[etch] - poppler <not-affected> (Vulnerable code not present)
CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before  ...)
	{DSA-2025-1 DSA-1874-1}
	- nss 3.12.3-1 (medium; bug #539934)
	- icedove 2.0.0.24-1 (medium)
CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote  ...)
	- asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: AST-2009-004
CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
	NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
	- kfreebsd-8 8.0-1 (bug #572811)
	- kfreebsd-7 7.3-1 (bug #572811)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed> (bug #572811)
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration inf ...)
	NOT-FOR-US: FlashDen Guestbook
CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky I ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-2646 (Multiple unspecified vulnerabilities in the PDF distiller in the Attac ...)
	NOT-FOR-US: Research In Motion (RIM) BlackBerry Enterprise Server (BES)
CVE-2009-2645
	REJECTED
CVE-2009-2644 (Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6883 (SQL injection vulnerability in the Live Chat (com_livechat) component  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6882 (Live Chat (com_livechat) component 1.0 for Joomla! allows remote attac ...)
	NOT-FOR-US: Joomla!
CVE-2008-6881 (Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) ...)
	NOT-FOR-US: Joomla!
CVE-2008-6880 (SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes  ...)
	NOT-FOR-US: EasySiteNetwork Free Jokes Website
CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3. ...)
	NOT-FOR-US: Apache Roller
CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and  ...)
	- python-django 1.1-1 (low; bug #539134)
	[etch] - python-django <no-dsa> (Minor issue)
	[lenny] - python-django 1.0.2-1+lenny1
CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the Attac ...)
	NOT-FOR-US: BlackBerry Products
CVE-2009-XXXX [ser2net DoS]
	- ser2net 2.6-1 (low; bug #535159)
	[etch] - ser2net <no-dsa> (Minor issue)
	[lenny] - ser2net <no-dsa> (Minor issue)
CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers to bypa ...)
	NOT-FOR-US: Desi Short URL
CVE-2009-2641 (PHP remote file inclusion vulnerability in app_and_readme/navigator/in ...)
	NOT-FOR-US: School Data Navigator
CVE-2009-2640 (Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy P ...)
	NOT-FOR-US: Interlogy Profile Manager Basic
CVE-2009-2639 (SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System ...)
	NOT-FOR-US: MRCGIGUY
CVE-2009-2638 (SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2637 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Book ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2636 (Cross-site scripting (XSS) vulnerability in the Integration page in th ...)
	NOT-FOR-US: WebMail component in Kerio MailServer
CVE-2009-2635 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Real ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2634 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Medi ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Vehi ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as use ...)
	{DSA-1893-1 DSA-1892-1 DSA-1881-1}
	- cyrus-imapd-2.2 2.2.13-15 (medium)
	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
	- dovecot 1:1.2.1-1 (medium; bug #546656)
CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, includi ...)
	NOT-FOR-US: Commercial SSL VPN products
CVE-2009-2630
	RESERVED
CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0 ...)
	{DSA-1884-1}
	- nginx 0.7.61-3 (medium)
CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3  ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlu ...)
	NOT-FOR-US: Acer LunchApp
CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime En ...)
	{DSA-1984-1}
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
	- libxerces2-java 2.9.1-4.1 (bug #548358)
CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a h ...)
	{DSA-1974-1}
	- gzip 1.3.12-8 (medium; bug #507263)
CVE-2009-2623
	RESERVED
CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6 ...)
	- firebird2.0 2.0.5.13206-0.ds2-4 (low; bug #539477)
	[lenny] - firebird2.0 2.0.4.13130-1.ds1-4+lenny1
	- firebird2.1 2.1.2.18118-0.ds1-4 (low; bug #539478)
CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions V-Spac ...)
	NOT-FOR-US: DataCheck Solutions V-SpacePal
CVE-2009-2618 (SQL injection vulnerability in the Surveys (aka NS-Polls) module in MD ...)
	NOT-FOR-US: MDPro module
CVE-2009-2617 (Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 al ...)
	NOT-FOR-US: BaoFeng Storm
CVE-2009-2616 (SQL injection vulnerability in z_admin_login.asp in DataCheck Solution ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2615 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solut ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2614 (SQL injection vulnerability in z_admin_login.asp in DataCheck Solution ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2613 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solut ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2612 (SQL injection vulnerability in login.aspx in ProSMDR allows remote att ...)
	NOT-FOR-US: ProSMDR
CVE-2009-2611 (Directory traversal vulnerability in infusions/last_seen_users_panel/l ...)
	NOT-FOR-US: MyFusion
CVE-2009-2610 (Cross-site scripting (XSS) vulnerability in the Links Related module i ...)
	NOT-FOR-US: Drupal module
CVE-2009-2609 (SQL injection vulnerability in the amoCourse (com_amocourse) component ...)
	NOT-FOR-US: Joomla! module
CVE-2009-2608 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2009-2607 (SQL injection vulnerability in the com_pinboard component for Joomla!  ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2606 (ASP Football Pool 2.3 stores sensitive information under the web root  ...)
	NOT-FOR-US: ASP Football Pool
CVE-2009-2605 (Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up ...)
	NOT-FOR-US: Traidnt up
CVE-2009-2604 (Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help D ...)
	NOT-FOR-US: Zen Help Desk
CVE-2009-2603 (Multiple SQL injection vulnerabilities in index.php in Escon SupportPo ...)
	NOT-FOR-US: Escon SupportPortal Pro
CVE-2009-2602 (R2 Newsletter Lite, Pro, and Stats stores sensitive information under  ...)
	NOT-FOR-US: R2 Newsletter Store
CVE-2009-2601 (SQL injection vulnerability in the Joomlaequipment (aka JUser or com_j ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2600 (Multiple directory traversal vulnerabilities in view.php in Webboard 2 ...)
	NOT-FOR-US: Webboard
CVE-2009-2599 (SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 al ...)
	NOT-FOR-US: RadCLASSIFIEDS
CVE-2009-2598 (Multiple SQL injection vulnerabilities in Online Grades &amp; Attendan ...)
	NOT-FOR-US: Online Grades & Attendance
CVE-2009-2597 (The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for S ...)
	NOT-FOR-US: Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server
CVE-2009-2596 (Unspecified vulnerability in the Solaris Auditing subsystem in Sun Sol ...)
	NOT-FOR-US: Solaris Auditing subsystem
CVE-2008-6878 (** DISPUTED ** Directory traversal vulnerability in admin/includes/lan ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6877
	NOT-FOR-US: Zen Cart
CVE-2009-2622 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote  ...)
	{DSA-1843-2 DSA-1843-1}
	- squid3 3.0.STABLE18-1 (medium; bug #538989)
	- squid <not-affected> (see NOTE)
	NOTE: squid 2.x not affected, according to
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not prope ...)
	{DSA-1843-2 DSA-1843-1}
	- squid3 3.0.STABLE18-1 (medium; bug #538989)
	- squid <not-affected> (see NOTE)
	NOTE: squid 2.x not affected, according to
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2595 (Cross-site scripting (XSS) vulnerability in productSearch.html in Cens ...)
	NOT-FOR-US: Censura
CVE-2009-2594 (Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.1 ...)
	NOT-FOR-US: Censura
CVE-2009-2593 (SQL injection vulnerability in censura.php in Censura 1.16.04 allows r ...)
	NOT-FOR-US: Censura
CVE-2009-2592 (SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6  ...)
	NOT-FOR-US: PHPJunkYard
CVE-2009-2591 (SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3. ...)
	NOT-FOR-US: MyAnnonces module for E-Xoopport
CVE-2009-2590 (SQL injection vulnerability in showcategory.php in Hutscripts PHP Webs ...)
	NOT-FOR-US: Hutscripts PHP
CVE-2009-2589 (Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP  ...)
	NOT-FOR-US: Hutscripts PHP
CVE-2009-2588 (Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type ...)
	NOT-FOR-US: Hotscripts Type PHP Clone Script
CVE-2009-2587 (Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart al ...)
	NOT-FOR-US: DragDropCart
CVE-2009-2586 (Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZ ...)
	NOT-FOR-US: EZArticles
CVE-2009-2585 (SQL injection vulnerability in index.php in Mlffat 2.2 allows remote a ...)
	NOT-FOR-US: Mlffat
CVE-2008-6876 (Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires ...)
	NOT-FOR-US: EsPartenaires
CVE-2008-6875 (SQL injection vulnerability in default.asp in ASP Product Catalog allo ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2008-6874 (Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 an ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2009-XXXX [nilfs-tools privilege escalation]
	- nilfs2-tools <not-affected> (We don't install this with setuid)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=505374
CVE-2009-XXXX [XSS in drupal 6 calendar field]
	- drupal6 <removed> (unimportant)
	NOTE: you need to be able to create new calendar items, e.g. admistrative
	NOTE: access in order to exploit that
	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069849.html
CVE-2009-2584 (Off-by-one error in the options_write function in drivers/misc/sgi-gru ...)
	- linux-2.6 2.6.31-2 (high)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 <not-affected> (vulnerable code not present)
	NOTE: exploit code exists
CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity Manag ...)
	NOT-FOR-US: IBM Tivoli
CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager  ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScr ...)
	NOT-FOR-US: EditeurScripts EsNews
CVE-2009-2580
	REJECTED
CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward po ...)
	NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a d ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	NOTE: browser denial of services not considered security-relevant
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote at ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers t ...)
	NOT-FOR-US: BlackBerry
CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...)
	NOT-FOR-US: MiniTwitter
CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when m ...)
	NOT-FOR-US: MiniTwitter
CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...)
	NOT-FOR-US: Drupal Module
CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ve ...)
	NOT-FOR-US: VerliAdmin
CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...)
	NOT-FOR-US: Symantec WinFax Pro
CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Contro ...)
	NOT-FOR-US: vhcp
CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0 ...)
	NOT-FOR-US: Sorinara Streaming Audio Player
CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) co ...)
	NOT-FOR-US: Joomla! component
CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote attac ...)
	NOT-FOR-US: Active Web Mail 4.0
CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the  ...)
	NOT-FOR-US: ASPThai.NET ASPThai Forums
CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with insufficie ...)
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended secur ...)
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive informat ...)
	NOT-FOR-US: Oramon Oracle Database Monitoring Tool
CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in Edite ...)
	NOT-FOR-US: EsBaseAdmin
CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30 ...)
	NOT-FOR-US: TFM MMPlayer
CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromu ...)
	NOT-FOR-US: Perl CGI's By Mrs. Shiromuku shiromuku
CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6 ...)
	NOT-FOR-US: Adobe
CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0 ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0)
CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 thro ...)
	{DSA-1942-1}
	- wireshark 1.2.1-1 (low; bug #538237)
	[lenny] - wireshark 1.0.2-3+lenny6
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 al ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote a ...)
	{DSA-1942-1}
	- wireshark 1.2.1-1 (bug #538237)
CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict  ...)
	NOT-FOR-US: Admin News Tools
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...)
	NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer  ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specfic renderer issue)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1. ...)
	- chromium-browser <not-affected> (Only 1.x and 2.x are affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote at ...)
	{DSA-1848-1}
	- znc 0.074-1 (medium; bug #537977)
	NOTE: http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
	NOTE: CVE id requested
CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php  ...)
	NOT-FOR-US: Joomla!
CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...)
	NOT-FOR-US: Super Simple Blog Script
CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in Super  ...)
	NOT-FOR-US: Super Simple Blog Script
CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy  ...)
	NOT-FOR-US: ScriptsEz Easy Image Downloader
CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote ...)
	NOT-FOR-US: Hamster Audio Player
CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed As ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earli ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1. ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa FileServer comp ...)
	NOT-FOR-US: Marcelo Costa FileServer
CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0 ...)
	NOT-FOR-US: IBM Proventia engine
CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Netscape 6 and 8
CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attacker ...)
	NOT-FOR-US: Sony PLAYSTATION 3
CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to cause a d ...)
	NOT-FOR-US: Opera
CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of service (m ...)
	NOT-FOR-US: Aigo P8860
CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet al ...)
	NOT-FOR-US: Nokia N95
CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of service (me ...)
	- kdebase <unfixed> (unimportant; bug #537931)
CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers to cau ...)
	NOT-FOR-US: Microsoft Internet Explorer 5
CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and T ...)
	- iceweasel 3.0.5-1 (unimportant)
	[etch] - iceweasel 2.0.0.19-0etch1 (unimportant)
CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow  ...)
	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before 1 ...)
	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold a ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed obj ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allow ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec ...)
	NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local Secu ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2522
	REJECTED
CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft Intern ...)
	NOT-FOR-US: Microsoft Internet Information Server
CVE-2009-2520
	REJECTED
CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote atta ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly hand ...)
	NOT-FOR-US: Microsoft Windows Server 2003
CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2514 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2513 (The Graphics Device Interface (GDI) in win32k.sys in the kernel in Mic ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2512 (The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2508 (The single sign-on implementation in Active Directory Federation Servi ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista S ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .N ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Win ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows  ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...)
	NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Me ...)
	NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX Contro ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
	- movabletype-opensource 4.2.6.1-1 (low; bug #537935)
	[lenny] - movabletype-opensource 4.2.3-1+lenny1
CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block implemen ...)
	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
	[etch] - mediawiki1.7 <not-affected> (vulnerably code introduced in 1.14.0)
	[lenny] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
	NOTE: fixed in upstream 1.15.1
CVE-2009-XXXX [insecure tmp file vulnerability in slim]
	- slim <removed> (unimportant; bug #537604)
	NOTE: exploit scenario too constructed
	[lenny] - slim 1.3.0-1+lenny2
CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in modu ...)
	- vlc <not-affected> (The vulnerability affects Windows builds only)
CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attacke ...)
	- xulrunner 1.9.1.1-1
	[etch] - xulrunner <not-affected> (only affects firefox 3.5)
	[lenny] - xulrunner <not-affected> (only affects firefox 3.5)
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of servi ...)
	- xulrunner <not-affected> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 b ...)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK,  ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly  ...)
	- neon27 0.28.6-1 (low; bug #542926)
	[lenny] - neon27 <no-dsa> (Minor issue)
	- neon26 0.26.4-3 (low; bug #542926)
	[lenny] - neon26 <no-dsa> (Minor issue)
	- neon <removed> (low; bug #542926)
	[etch] - neon <no-dsa> (Minor issue)
	- gnome-vfs2 <removed>
	NOTE: affected neon code copy present in gnome-vfs2 [./imported/*]
	- litmus 0.13-1
	NOTE: affected neon code copy present in litmus [./libneon/*]
	NOTE: The new reintroduced litmus package removes the embedded copy
CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect recur ...)
	- neon27 <not-affected> (neon27 is compiled to use libxml2 instead of expat)
	- neon26 <not-affected> (neon26 is compiled to use libxml2 instead of expat)
	- neon <removed>
	[etch] - neon <not-affected> (neon is compiled to use libxml2 instead of expat)
CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrappe ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not prop ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote S ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element  ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3 ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
	NOTE: related issue to CVE-2009-1194
CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attac ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers t ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozil ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base6 ...)
	{DSA-2025-1 DSA-1931-1}
	- nspr 4.8.2-1
	- icedove 3.0~rc2-2
	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird al ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solari ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Sof ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2489 (Unspecified vulnerability in the utdmsession program in Sun Ray Server ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2488 (Unspecified vulnerability in the NFSv4 module in the kernel in Sun Sol ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2487 (Use-after-free vulnerability in the frpr_icmp function in the ipfilter ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2486 (Unspecified vulnerability in the SCTP implementation in Sun Solaris 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2485 (Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attacker ...)
	NOT-FOR-US: HT-MP3Player
CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local  ...)
	NOT-FOR-US: NetBSD
CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 befo ...)
	NOT-FOR-US: NetBSD OpenPAM
CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global temp ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does not secu ...)
	- mathtex 1.03-1 (low; bug #537253)
CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when  ...)
	- mathtex 1.03-1 (medium; bug #537253)
	NOTE: severity set to medium as this is used in several web applications for conversions
CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded befor ...)
	{DSA-1917-1}
	- mimetex 1.50-1.1 (medium; bug #537254)
	NOTE: set impact to medium as this is used in several web applications for conversions
CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100  ...)
	NOT-FOR-US: Sun Fire V215 Server
CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remot ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remot ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin. ...)
	NOT-FOR-US: @mail
CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6,  ...)
	NOT-FOR-US: Citrix Web Interface
CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3  ...)
	NOT-FOR-US: Citrix XenApp
CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unk ...)
	NOT-FOR-US: Citrix Licensing
CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2 ...)
	NOT-FOR-US: MIM:InfiniX
CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites (SFS)  ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew module f ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote attackers  ...)
	NOT-FOR-US: Xigla Software Absolute Live Support .NET
CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote attacker ...)
	NOT-FOR-US: Xigla Software
CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass authent ...)
	NOT-FOR-US: Absolute Content Rotator
CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers ...)
	NOT-FOR-US: Xigla Software Absolute Newsletter
CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to ...)
	NOT-FOR-US: Xigla Software Absolute Poll Manager
CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote attackers t ...)
	NOT-FOR-US: Xigla Software Absolute Control Panel
CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to bypass aut ...)
	NOT-FOR-US: Absolute Banner Manager .NET
CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Absolute Podcast .NET
CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote attackers t ...)
	NOT-FOR-US: Xigla Software Absolute News Manager.NET
CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote a ...)
	NOT-FOR-US: Xigla Software Absolute News Feed
CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...)
	NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET
CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...)
	- xulrunner 1.9.1.2-1 (bug #537104)
	[lenny] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
	[etch] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Arm ...)
	NOT-FOR-US: Tall Emu Online Armor Personal Firewall
CVE-2009-2449 (Directory traversal vulnerability in maillinglist/admin/change_config. ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Gue ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2445 (Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun  ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2009-2444 (Directory traversal vulnerability in maillinglist/setup/step1.php.inc  ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to  ...)
	NOT-FOR-US: Siteframe
CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in Linea2 ...)
	NOT-FOR-US: Linea21
CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Gue ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook ...)
	NOT-FOR-US: JNM Guestbook
CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House Alibab ...)
	NOT-FOR-US: Web Development House Alibaba
CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the search mo ...)
	NOT-FOR-US: ClanSphere
CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Re ...)
	NOT-FOR-US: MyPHPDating
CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating Software MyPH ...)
	NOT-FOR-US: MyPHPDating
CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web Conferencin ...)
	NOT-FOR-US: IBM Lotus
CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3 allows lo ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft Int ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to obta ...)
	- wordpress 2.8.3-1 (unimportant; bug #537146)
	NOTE: Installation path is a known fact on a Debian package installation
CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML comm ...)
	- wordpress 2.8.3-1 (unimportant; bug #537146)
	NOTE: Minor information leak
CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in c ...)
	NOT-FOR-US: SmartFilter Web Gateway Security
CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow ...)
	NOT-FOR-US: Tausch Ticket Script
CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows re ...)
	NOT-FOR-US: Jobbr
CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in src/or/rel ...)
	- tor 0.2.0.35-1 (low; bug #537148)
	[lenny] - tor 0.2.0.35-1~lenny1
CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of servi ...)
	- tor 0.2.0.35-1 (low; bug #537148)
	[lenny] - tor 0.2.0.35-1~lenny1
CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2 ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009 allows  ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2422 (The example code for the digest authentication functionality (http_aut ...)
	- rails 2.3.5-1 (bug #535896)
	[lenny] - rails <not-affected> (vulnerable code not present, introduced in 2.3.x)
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command functio ...)
	{DSA-1877-1}
	- mysql-dfsg-5.0 <removed> (low; bug #536726)
	[squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
	- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
	NOTE: hostname validition is not implemented until 1.14, so etch
	NOTE: is in a way is not affected, but in another sense, it is
	NOTE: completely affected since no validation done at all
CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in App ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol hand ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in W ...)
	- webkit 1.1.10-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2009-2418
	REJECTED
CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is u ...)
	{DSA-1869-1}
	- curl 7.19.5-1.1 (medium; bug #541991)
CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6 ...)
	{DSA-1861-1 DSA-1859-1}
	- libxml2 2.7.3.dfsg-2.1 (low; bug #540865)
	- libxml <removed>
CVE-2009-2415 (Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote  ...)
	{DSA-1853-1}
	- memcached 1.4.1-1 (medium; bug #540379)
	- memcachedb 1.2.0-5 (medium; bug #540381)
	NOTE: the impact varies, on etch this runs as root and is not bound
	NOTE: to the loopback interface by default, memcached is even distributed
	NOTE: but fortunately not in a stable release.
CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6 ...)
	{DSA-1861-1 DSA-1859-1}
	- libxml2 2.7.3.dfsg-2.1 (medium; bug #540865)
	- libxml <removed>
CVE-2009-2413
	REJECTED
CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR) librar ...)
	{DSA-1854-1}
	- apr 1.3.8-1
	- apr-util 1.3.9+dfsg-1
CVE-2009-2411 (Multiple integer overflows in the libsvn_delta library in Subversion b ...)
	{DSA-1855-1}
	- subversion 1.6.4dfsg-1
CVE-2009-2410 (The local_handler_callback function in server/responder/pam/pam_LOCAL_ ...)
	- sssd <not-affected> (Fixed before initial upload to the archive)
CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in  ...)
	{DSA-1935-1 DSA-1888-1 DSA-1874-1}
	- nss 3.12.3-1 (low; bug #539895)
	- openssl 0.9.8k-4 (low; bug #539899)
	[etch] - openssl 0.9.8c-4etch8
	- gnutls26 2.4.2-5 (low; bug #539901)
	- openjdk-6 6b17~pre3-1 (low)
	- gnutls13 <removed>
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in fs/ec ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-5 (medium)
	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
	- linux-2.6.24 <removed>
CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in fs/ ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-5 (medium)
	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
	- linux-2.6.24 <removed>
CVE-2009-2405 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Console ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla N ...)
	{DSA-2025-1 DSA-1874-1}
	- nss 3.12.3-1 (low; bug #539934)
	- icedove 2.0.0.24-1 (low)
CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to c ...)
	NOT-FOR-US: SCMPX
CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in PHPEch ...)
	NOT-FOR-US: PHPEcho
CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...)
	NOT-FOR-US: PHPEcho
CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...)
	NOT-FOR-US: Joomla!
CVE-2009-2399 (PHP remote file inclusion vulnerability in dm-albums/template/album.ph ...)
	NOT-FOR-US: DM FileManager
CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80  ...)
	NOT-FOR-US: PHP-Sugar
CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Article Dir ...)
	NOT-FOR-US: Audio Article Directory
CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM Al ...)
	NOT-FOR-US: DM Albums
CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta an ...)
	NOT-FOR-US: Joomla!
CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Ara ...)
	NOT-FOR-US: SMSPages
CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not re ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Online Te ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Vir ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component 2 ...)
	NOT-FOR-US: Joomla!
CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NE ...)
	NOT-FOR-US: USOLVED NEWSolved
CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows rem ...)
	NOT-FOR-US: Opial
CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun OpenSolaris sn ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer pl ...)
	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer plugin
CVE-2009-2369 (Integer overflow in the wxImage::Create function in src/common/image.c ...)
	{DSA-1890-1}
	- wxwidgets2.8 2.8.7.1-2 (medium; bug #537174)
	- wxwidgets2.6 2.6.3.2.2-3.1 (medium; bug #537175)
	- wxwindows2.4 <removed> (medium)
CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the Pas ...)
	{DSA-1829-1}
	- sork-passwd-h3 3.1-1.1 (low; bug #536554)
CVE-2009-2385 (SQL injection vulnerability in the awardsMembers function in Sources/P ...)
	NOT-FOR-US: Member Awards component for Simple Machines Forum
CVE-2009-2384 (Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assi ...)
	NOT-FOR-US: Brothersoft PEamp
CVE-2009-2383 (SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites ...)
	NOT-FOR-US: Related Sites plugin for WordPress
CVE-2009-2382 (admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to byp ...)
	NOT-FOR-US: phpMyBlockchecker
CVE-2009-2381 (Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, wh ...)
	NOT-FOR-US: Gizmo
CVE-2009-2380 (Cross-site scripting (XSS) vulnerability in includes/functions.php in  ...)
	NOT-FOR-US: 4images
CVE-2009-2379 (Directory traversal vulnerability in public/index.php in BIGACE Web CM ...)
	NOT-FOR-US: BIGACE Web CMS
CVE-2009-2378 (PHP remote file inclusion vulnerability in formmailer.admin.inc.php in ...)
	NOT-FOR-US: Jax FormMailer
CVE-2009-2377 (Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in ...)
	NOT-FOR-US: AVAX-software Avax Vector ActiveX
CVE-2009-2376 (Cross-site scripting (XSS) vulnerability in the Html::textarea functio ...)
	NOT-FOR-US: TangoCMS
CVE-2009-2375 (Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earl ...)
	NOT-FOR-US: Photo DVD Maker
CVE-2009-2371 (Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not preve ...)
	NOT-FOR-US: Advanced Forum module for Drupal
CVE-2009-2370 (Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before  ...)
	NOT-FOR-US: Advanced Forum module for Drupal
CVE-2009-2368 (Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown ...)
	NOT-FOR-US: Socks Server
CVE-2009-2367 (cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable ses ...)
	NOT-FOR-US: Iomega StorCenter Pro
CVE-2009-2366 (SQL injection vulnerability in login.asp in DataCheck Solutions ForumP ...)
	NOT-FOR-US: DataCheck Solutions ForumPal FE
CVE-2009-2365 (SQL injection vulnerability in login.asp in DataCheck Solutions Galler ...)
	NOT-FOR-US: DataCheck Solutions GalleryPal FE
CVE-2009-2364 (Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers t ...)
	NOT-FOR-US: Mp3-Nator
CVE-2009-2363 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remo ...)
	NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows rem ...)
	NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in osTicket bef ...)
	NOT-FOR-US: osTicket
CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context- ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini f ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2357 (The default configuration of TekRADIUS 3.0 uses the sa account to comm ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2356 (Multiple stack-based buffer overflows in the pgsqlQuery function in Nu ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2355 (The forum module in NullLogic Groupware 1.2.7 allows remote authentica ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2354 (SQL injection vulnerability in the auth_checkpass function in the logi ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute arbitra ...)
	- eaccelerator-src <itp> (bug #460341)
CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs i ...)
	- chromium-browser 5.0.375.70~r48679-2
	- webkit <not-affected> (doesn't have a 'view-source' handler)
	NOTE: poc didn't seem to work against 5.0.375.70~r48679-2
	NOTE: chromium security team doesn't consider this a valid security issue
	NOTE: http://crbug.com/40086
CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh head ...)
	NOT-FOR-US: Opera
CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block j ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2349
	RESERVED
CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permis ...)
	NOT-FOR-US: Android
CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in l ...)
	{DSA-1835-1}
	- tiff 3.8.2-13
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before  ...)
	- asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf)
CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 a ...)
	NOT-FOR-US: ClanSphere
CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC)  ...)
	NOT-FOR-US: Sourcefire
CVE-2009-2342 (Cross-site scripting (XSS) vulnerability in admin.php (aka the login p ...)
	NOT-FOR-US: CMME
CVE-2009-2341 (SQL injection vulnerability in albumdetail.php in Opial 1.0 allows rem ...)
	NOT-FOR-US: Opial
CVE-2009-2340 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows rem ...)
	NOT-FOR-US: Opial
CVE-2009-2339 (SQL injection vulnerability in index.php in Rentventory allows remote  ...)
	NOT-FOR-US: Rentventory
CVE-2009-2338 (Directory traversal vulnerability in includes/startmodules.inc.php in  ...)
	NOT-FOR-US: FreeWebshop.org
CVE-2009-2337 (SQL injection vulnerability in includes/module/book/index.inc.php in w ...)
	NOT-FOR-US: w3b|cms
CVE-2008-6853 (SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3 ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-6852 (SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 ...)
	NOT-FOR-US: Joomla! component
CVE-2008-6851 (SQL injection vulnerability in page.php in PHP Link Directory (phpLD)  ...)
	NOT-FOR-US: PHP Link Directory
CVE-2008-6850 (Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-6849 (Unrestricted file upload vulnerability in index.php in phpGreetCards 3 ...)
	NOT-FOR-US: phpGreetCards
CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...)
	NOT-FOR-US: phpGreetCards
CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before 2.8. ...)
	- wordpress 2.8.3-1 (unimportant; bug #536724)
	NOTE: Minor information leak
CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...)
	- wordpress 2.8.3-1 (unimportant; bug #536724)
	NOTE: Minor information leak
CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #536724)
CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ea ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and  ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CM ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensi ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earli ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 all ...)
	NOT-FOR-US: Clicknet CMS
CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor befor ...)
	{DSA-1836-1}
	- fckeditor 1:2.6.4.1-1 (low; bug #536051)
	- moin 1.8.2-2
	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
	[lenny] - moin <no-dsa> (unimportant; provides FCKeditor as example files in /usr/share/doc, but not executable in general case)
	[etch] - moin <not-affected> (doesn't provide FCKeditor sample files)
	- knowledgeroot 0.9.8.5-3
	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
	[etch] - knowledgeroot <not-affected> (doesn't provide FCKeditor sample files)
	- karrigell <removed>
	[etch] - karrigell <not-affected> (doesn't provide FCKeditor sample files)
	- gforge 4.6.99+svn6225-1
	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
	- egroupware <not-affected> (doesn't provide FCKeditor sample files)
	- request-tracker3.8 <not-affected> (doesn't provide FCKeditor sample files)
CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the  ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side JavaSc ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV 41 ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Iden ...)
	NOT-FOR-US: IBM Tivoli
CVE-2009-2315
	REJECTED
CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...)
	NOT-FOR-US: Lightweight Availability Collection Tool
CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote atta ...)
	NOT-FOR-US: XMB
CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows  ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 al ...)
	{DSA-1940-1}
	- php5 5.2.10.dfsg.1-2 (low; bug #535888)
	- php4 <removed> (low; bug #535897)
	NOTE: 5.3.0 (in experimental) is not affected
CVE-2009-XXXX [apache2: htaccess override]
	- apache2 2.2.9-1 (low; bug #535886)
	[etch] - apache2 2.2.3-4+etch8
	NOTE: fixed in etch in DSA-1816-1
CVE-2009-XXXX [xscreensaver: symlink attack enables local information disclosure]
	- xscreensaver <not-affected> (does not run setuid in debian)
	NOTE: http://bugs.debian.org/535870
CVE-2009-XXXX [libdkim: signature parsing is not thread-safe]
	- libdkim 1:1.0.19-4 (unimportant; bug #532740)
	NOTE: This is mostly a missing feature, it's unlikely that any threaded application
	NOTE: is using libdkim in the current state, so the practical impact is none
CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input]
	- mimedecode <removed> (low; bug #530430)
	[etch] - mimedecode <no-dsa> (minor issue)
	[lenny] - mimedecode <no-dsa> (minor issue)
CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media Jukebo ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in c ...)
	NOT-FOR-US: Secure Computing SmartFilter
CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab B ...)
	NOT-FOR-US: rGallery plugin for WoltLab
CVE-2009-2310 (SQL injection vulnerability in include/get_read.php in Extensible-BioL ...)
	NOT-FOR-US: Extensible-BioLawCom CMS
CVE-2009-2309 (SQL injection vulnerability in index.php in Codice CMS 2 allows remote ...)
	NOT-FOR-US: Codice CMS 2
CVE-2009-2308 (Multiple SQL injection vulnerabilities in affiliates.php in the Affili ...)
	NOT-FOR-US: PunBB
CVE-2009-2307 (SQL injection vulnerability in the CWGuestBook module 2.1 and earlier  ...)
	NOT-FOR-US: MDPro
CVE-2009-2306 (The ARD-9808 DVR card security camera stores sensitive information und ...)
	NOT-FOR-US: ARD-9808 DVR card security camera
CVE-2009-2305 (The ARD-9808 DVR card security camera allows remote attackers to cause ...)
	NOT-FOR-US: ARD-9808 DVR card security camera
CVE-2009-2304 (index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote att ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2303 (index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote att ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2302 (Cross-site scripting (XSS) vulnerability in index.php in Aardvark Tops ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2301 (The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gatew ...)
	NOT-FOR-US: AppWall Web Application Firewall
CVE-2009-2300 (The management interface in the phion airlock Web Application Firewall ...)
	NOT-FOR-US: phion airlock Web Application Firewall
CVE-2009-2299 (The Artofdefence Hyperguard Web Application Firewall (WAF) module befo ...)
	NOT-FOR-US: Artofdefence Hyperguard Web Application Firewall
CVE-2009-2298 (Stack-based buffer overflow in rping in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP Network Node Manager rping
CVE-2009-2297 (Unspecified vulnerability in the udp subsystem in the kernel in Sun So ...)
	NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris befo ...)
	NOT-FOR-US: kernel module in Sun Solaris
CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow c ...)
	{DSA-1912-2 DSA-1832-1}
	- camlimages 1:3.0.1-2 (low; bug #535909)
	- advi 1.6.0-15 (low; bug #550440)
CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 an ...)
	- dillo 3.0-1 (medium; bug #535788)
CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote atta ...)
	NOT-FOR-US: Optimum Web Design Tutorial Share
CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allow ...)
	NOT-FOR-US: Appleple a-News
CVE-2009-2291 (Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a m ...)
	NOT-FOR-US: LoginToboggan module for Drupal
CVE-2009-2290 (SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) c ...)
	NOT-FOR-US: Joomla!
CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade  ...)
	NOT-FOR-US: Arcade Trade Script
CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel  ...)
	{DSA-1846-1 DSA-1845-1}
	- linux-2.6 2.6.30-2 (low)
	- linux-2.6.24 <removed>
	- kvm 88+dfsg-2 (low; bug #557737)
CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allo ...)
	{DSA-1835-1}
	- tiff 3.8.2-12 (low; bug #534137)
	- tiff3 <not-affected> (fixed prior to initial upload)
	NOTE: this doesn't allow code execution, only a crash.
CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp sc ...)
	NOT-FOR-US: Sun Java Web Console in Solaris
CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...)
	NOT-FOR-US: LDoms in Sun Solaris
CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in  ...)
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0 ...)
	NOT-FOR-US: avast! Linux Home Edition
CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote attacker ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <no-dsa> (Support was discontinued)
CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and earlier ...)
	NOT-FOR-US: eZ Publish
CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as used  ...)
	NOT-FOR-US: Fantastico
CVE-2008-6842 (Directory traversal vulnerability in data/modules/blog/module_pages_si ...)
	NOT-FOR-US: Pluck
CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain Informat ...)
	NOT-FOR-US: component for Joomla!
CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4  ...)
	NOT-FOR-US: V-webmail
CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (low; bug #535435)
	- drupal5 <not-affected> (Vulnerable code not present)
	NOTE: http://drupal.org/node/507572
	NOTE: requested CVE id
CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user sign ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (medium; bug #535435)
	- drupal5 <not-affected> (Vulnerable code not present)
	NOTE: http://drupal.org/node/507572
	NOTE: marked as medium as this might lead to code execution if the php filter is enabled
	NOTE: requested CVE id
CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize  ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (low; bug #535435)
	- drupal5 5.18-1.1 (low; bug #535476)
	NOTE: http://drupal.org/node/507572
	NOTE: requested CVE id
CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1  ...)
	- phpmyadmin 4:3.2.0.1-1 (medium; bug #535890)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: affects 3.x branch only
CVE-2009-2280
	RESERVED
CVE-2009-2279
	RESERVED
CVE-2009-2278
	RESERVED
CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Virtua ...)
	NOT-FOR-US: VMware
CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us extens ...)
	NOT-FOR-US: voteforus.php extension for PunBB
CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html  ...)
	NOT-FOR-US: cPanel
CVE-2009-2274 (The Huawei D100 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2273 (The default configuration of the Wi-Fi component on the Huawei D100 do ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2272 (The Huawei D100 stores the administrator's account name and password i ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2271 (The Huawei D100 has (1) a certain default administrator password for t ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2270 (Unrestricted file upload vulnerability in member/uploads_edit.php in d ...)
	NOT-FOR-US: dedecms
CVE-2009-2269 (SQL injection vulnerability in Empire CMS 5.1 allows remote attackers  ...)
	NOT-FOR-US: Empire CMS
CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain Controlle ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5. ...)
	- vmware-package <removed>
CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attacker ...)
	NOT-FOR-US: OXID eShop
CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in  ...)
	{DSA-1914-1}
	- mapserver 5.4.2-1 (medium; bug #535340)
	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4 ...)
	{DSA-1836-1}
	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
	NOTE: http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager
	- moin 1.8.2-2
	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
	[lenny] - moin <unfixed> (unimportant)
	[etch] - moin <not-affected> (Vulnerable code not present)
	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
	- request-tracker3.8 <not-affected> (Vulnerable code not present)
	- egroupware 1.6.002+dfsg-1 (low)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
	- gforge 4.6.99+svn6225-1
	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
	- knowledgeroot 0.9.8.5-3 (medium; bug #538722)
	- karrigell <removed>
	[etch] - karrigell <not-affected> (Vulnerable code not present)
	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
CVE-2009-2264
	RESERVED
CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega Fil ...)
	NOT-FOR-US: Mega File Manager
CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in AjaxPorta ...)
	NOT-FOR-US: AjaxPortal
CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remot ...)
	NOT-FOR-US: PeaZIP
CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the contents ...)
	- stardict 3.0.1-5 (low; bug #534731)
	[etch] - stardict <not-affected> (netdict plugin not yet present)
	[lenny] - stardict 3.0.1-4+lenny1
CVE-2009-2259
	REJECTED
CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the administrati ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware 3. ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2256 (The administrative web interface on the Netgear DG632 with firmware 3. ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative au ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative au ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2253
	RESERVED
CVE-2009-2252
	RESERVED
CVE-2009-2251
	RESERVED
CVE-2009-2250
	RESERVED
CVE-2009-2249
	RESERVED
CVE-2009-2248
	RESERVED
CVE-2009-2247
	RESERVED
CVE-2009-2246
	RESERVED
CVE-2009-2245
	RESERVED
CVE-2009-2244
	RESERVED
CVE-2009-2243 (SQL injection vulnerability in active_appointments.asp in ASP Inline C ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2242 (SQL injection vulnerability in active_appointments.asp in ASP Inline C ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2241 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline C ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2240 (Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka  ...)
	NOT-FOR-US: Web Conference Room Free
CVE-2009-2239 (SQL injection vulnerability in the (1) casinobase (com_casinobase), (2 ...)
	NOT-FOR-US: Joomla! components
CVE-2009-2238 (Unrestricted file upload vulnerability in includes/shared_scripts/wysi ...)
	NOT-FOR-US: DMXReady Registration Manager
CVE-2009-2237 (Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x- ...)
	NOT-FOR-US: contributed Views Bulk Operations module for Drupal
CVE-2009-2236 (SQL injection vulnerability in yad-admin/login.php in Your Article Dir ...)
	NOT-FOR-US: Your Articles Directory
CVE-2009-2235 (SQL injection vulnerability in page.php in Your Articles Directory all ...)
	NOT-FOR-US: Your Articles Directory
CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call C ...)
	NOT-FOR-US: VICIDIAL Call Center Suite
CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow  ...)
	{DSA-1830-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceape 1.1.17-1
	[squeeze] - iceape <not-affected> (only provides a stub for XPCOM)
	[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <not-affected> (mail suite not compiled)
	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057
CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Man ...)
	NOT-FOR-US: TGS Content Management
CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
	- zoph 0.8.0.1-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: it seems a duplicate of CVE-2008-3258
CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
	- zoph 0.8.0.1-1 (bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: the details are unknown
CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before  ...)
	- zoph 0.7.5-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5 ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy]
	- udev 0.141-1 (low; bug #530245; bug #462655; bug #404927)
	[lenny] - udev <no-dsa> (Minor issue)
	[etch] - udev <no-dsa> (minor issue)
CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execut ...)
	{DSA-1825-1}
	- nagios3 3.0.6-5
	- nagios2 <removed>
	NOTE: http://secunia.com/advisories/35543
CVE-2009-2286 (Buffer overflow in compface 1.5.2 and earlier allows user-assisted att ...)
	- libcompface 1:1.5.2-5 (unimportant; bug #534973)
CVE-2009-2233 (The admin interface in AWScripts.com Gallery Search Engine 1.5 allows  ...)
	NOT-FOR-US: AWScripts.com Gallery Search Engine
CVE-2009-2232 (SQL injection vulnerability in image.php in Softbiz Banner Ad Manageme ...)
	NOT-FOR-US: Softbiz Banner Ad Management Script
CVE-2009-2231 (MIDAS 1.43 allows remote attackers to bypass authentication and obtain ...)
	NOT-FOR-US: MIDAS
CVE-2009-2230 (SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka  ...)
	NOT-FOR-US: MyBB
CVE-2009-2229 (Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5  ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-2228 (Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-2227 (Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.2 ...)
	NOT-FOR-US: Bopup Communication Server
CVE-2009-2226 (Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/1 ...)
	NOT-FOR-US: Let's PHP! Tree BBS
CVE-2009-2225 (Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial  ...)
	NOT-FOR-US: SureThing CD/DVD Labeler
CVE-2009-2224 (Directory traversal vulnerability in ang/shared/flags.php in AN Guestb ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-2223 (Directory traversal vulnerability in locms/smarty.php in LightOpenCMS  ...)
	NOT-FOR-US: LightOpenCMS
CVE-2009-2222 (Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allow ...)
	NOT-FOR-US: PHP-I-BOARD
CVE-2009-2221 (Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlie ...)
	NOT-FOR-US: PHP-I-BOARD
CVE-2009-2220 (Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, wh ...)
	NOT-FOR-US: Tribiq CMS
CVE-2009-2219 (Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExcha ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2218 (Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchan ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2217 (Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows r ...)
	NOT-FOR-US: NBBC
CVE-2009-2216 (Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmi ...)
	NOT-FOR-US: DirectAdmin
CVE-2009-2215 (Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6. ...)
	NOT-FOR-US: URD
CVE-2009-2214 (The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier al ...)
	NOT-FOR-US: Citrix Secure Gateway
CVE-2009-2213 (The default configuration of the Security global settings on the Citri ...)
	NOT-FOR-US: Citrix NetScaler Access Gateway
CVE-2009-2212 (The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-2211 (Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Ra ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-2209 (SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 al ...)
	NOT-FOR-US: RS-CMS
CVE-2009-2208 (FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIO ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-2
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone  ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in  ...)
	NOT-FOR-US: Mac OS X
CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple iPho ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan befor ...)
	NOT-FOR-US: Admin application in Apple Xsan
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...)
	- kdelibs <not-affected>
	- webkit <not-affected> (gtk-based frame loader not affected)
	- qt4-x11 <not-affected>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
	NOTE: http://trac.webkit.org/changeset/44905
	NOTE: http://trac.webkit.org/changeset/44909
CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 4. ...)
	- kdelibs <not-affected>
	- webkit <not-affected> (problem with look-alike character rendering with mac-specific fonts)
	- qt4-x11 <not-affected>
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies  ...)
	NOT-FOR-US: Apple GarageBand
CVE-2009-2197 (Apple Safari before 9.1 allows remote attackers to spoof the user inte ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote a ...)
	- webkit 1.1.12-1 (medium)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 <not-affected>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
	NOTE: http://trac.webkit.org/changeset/45696
CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file descrip ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 all ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete ...)
	NOT-FOR-US: MobileMe in Apple Mac OS X
CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11  ...)
	NOT-FOR-US: Login Window in Apple Mac OS X
CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers t ...)
	NOT-FOR-US: launchd in Apple Mac OS X
CVE-2009-2189 (The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme B ...)
	NOT-FOR-US: Apple
CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and S ...)
	NOT-FOR-US: ImageIO in Apple Mac OS X
CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementat ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465  ...)
	NOT-FOR-US: Adobe Shockwave Playe
CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongsw ...)
	{DSA-1899-1 DSA-1898-1}
	- strongswan 4.2.14-1.2 (bug #533837)
	- openswan 1:2.6.22+dfsg-1
CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in Gravy Me ...)
	NOT-FOR-US: Gravy Media Photo
CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in Campsite 3. ...)
	NOT-FOR-US: Campsite
CVE-2009-2182 (Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 R ...)
	NOT-FOR-US: Campsite
CVE-2009-2181 (Cross-site scripting (XSS) vulnerability in admin-files/templates/list ...)
	NOT-FOR-US: Campsite
CVE-2009-2180 (Multiple directory traversal vulnerabilities in upfiles/index.php in P ...)
	NOT-FOR-US: Pc4 Uploader
CVE-2009-2179 (SQL injection vulnerability in search.php in phpDatingClub 3.7 allows  ...)
	NOT-FOR-US: phpDatingClub
CVE-2009-2178 (Cross-site scripting (XSS) vulnerability in website.php in phpDatingCl ...)
	NOT-FOR-US: phpDatingClub
CVE-2009-2177 (code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quot ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a  ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in fl ...)
	- gnome-xcf-thumbnailer 1.0-1.1 (low; bug #601735)
	[lenny] - gnome-xcf-thumbnailer <no-dsa> (Minor issue)
	- xcftools 1.0.7-1 (low; bug #533361)
	[etch] - xcftools 1.0.4-1+etch1
	[lenny] - xcftools 1.0.4-1+lenny1
CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service (cra ...)
	- gupnp 0.12.6-3.1 (low; bug #534594)
	[etch] - gupnp <no-dsa> (Minor issue)
	[lenny] - gupnp <no-dsa> (Minor issue)
CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...)
	NOT-FOR-US: Carom3D
CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in th ...)
	NOT-FOR-US: Radio and TV Player addon for vBulletin
CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX ...)
	NOT-FOR-US: Edraw PDF Viewer
CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a ...)
	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus  ...)
	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS Inventory NG b ...)
	- ocsinventory-server 1.02.1-1 (unimportant; bug #531735)
	NOTE: README.Debian states Important: access to the reports server should be restricted
CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.0 ...)
	NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach
CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, w ...)
	NOT-FOR-US: kjtechforce
CVE-2009-2163 (Cross-site scripting (XSS) vulnerability in login/default.aspx in Site ...)
	NOT-FOR-US: Sitecore CMS
CVE-2009-2162 (Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiM ...)
	NOT-FOR-US: XOOPS MANIAC PukiWikiMod module
CVE-2009-2161 (Directory traversal vulnerability in backend/admin-functions.php in To ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2160 (TorrentTrader Classic 1.09 allows remote attackers to (1) obtain confi ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2159 (backup-database.php in TorrentTrader Classic 1.09 does not require adm ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2158 (account-recover.php in TorrentTrader Classic 1.09 chooses random passw ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2157 (Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 a ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2156 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader C ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2155 (Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do ...)
	NOT-FOR-US: WebNMS
CVE-2009-2154 (SQL injection vulnerability in admin/login.php in Impleo Music Collect ...)
	NOT-FOR-US: Impleo Music Collection
CVE-2009-2153 (Cross-site scripting (XSS) vulnerability in index.php in Impleo Music  ...)
	NOT-FOR-US: Impleo Music Collection
CVE-2009-2152 (SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows re ...)
	NOT-FOR-US: AdaptWeb
CVE-2009-2151 (Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allow ...)
	NOT-FOR-US: AdaptWeb
CVE-2009-2150 (Multiple cross-site request forgery (CSRF) vulnerabilities in Campus V ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2149 (Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual- ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2148 (SQL injection vulnerability in news/index.php in Campus Virtual-LMS al ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and ear ...)
	NOT-FOR-US: phpWebThings
CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email feature in ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 ...)
	NOT-FOR-US: transLucid
CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before 1.6.2-stabl ...)
	NOT-FOR-US: FireStats plugin for WordPress
CVE-2009-2143 (PHP remote file inclusion vulnerability in firestats-wordpress.php in  ...)
	NOT-FOR-US: FireStats plugin for WordPress
CVE-2009-2142 (Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store ...)
	NOT-FOR-US: Zip Store Chat
CVE-2009-2141 (Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01 ...)
	NOT-FOR-US: TBDev.NET
CVE-2008-6834 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 a ...)
	NOT-FOR-US: fuzzylime
CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime (cms) b ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2140 (Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/e ...)
	- openoffice.org <not-affected> (bug introduced by a patch not applied to the deb)
CVE-2009-2139 (Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow rem ...)
	NOT-FOR-US: TBDev.NET
CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n ...)
	NOT-FOR-US: Ultra-SPARC T2 crypto provider device driver in Sun Solaris 10
CVE-2009-2136 (Unspecified vulnerability in the TCP/IP networking stack in Sun Solari ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-2135 (Multiple race conditions in the Solaris Event Port API in Sun Solaris  ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-2134 (pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obt ...)
	NOT-FOR-US: Pivot
CVE-2009-2133 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 an ...)
	NOT-FOR-US: Pivot
CVE-2009-2132 (Directory traversal vulnerability in global.php in 4images before 1.7. ...)
	NOT-FOR-US: 4images
CVE-2009-2131 (Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier  ...)
	NOT-FOR-US: 4images
CVE-2009-2130 (Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) ...)
	NOT-FOR-US: Elvin
CVE-2009-2129 (Cross-site request forgery (CSRF) vulnerability in login.php in Elvin  ...)
	NOT-FOR-US: Elvin
CVE-2009-2128 (SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 all ...)
	NOT-FOR-US: Elvin
CVE-2009-2127 (Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin ...)
	NOT-FOR-US: Elvin
CVE-2009-2126 (Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin bef ...)
	NOT-FOR-US: Elvin
CVE-2009-2125 (delete_bug.php in Elvin before 1.2.1 does not require administrative p ...)
	NOT-FOR-US: Elvin
CVE-2009-2124 (Directory traversal vulnerability in page.php in Elvin 1.2.0 allows re ...)
	NOT-FOR-US: Elvin
CVE-2009-2123 (Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote att ...)
	NOT-FOR-US: Elvin
CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari Phot ...)
	NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before 2.0.172. ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 befo ...)
	{DSA-1822-1}
	- mahara 1.1.5-1 (low)
CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when saving a ...)
	- mahara 1.1.5-1 (low)
	[lenny] - mahara <not-affected> (vulnerable code introduced in 1.1)
CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow ...)
	NOT-FOR-US: TekBase
CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface (my.lo ...)
	NOT-FOR-US: FirePass
CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or screen fitt ...)
	NOT-FOR-US: IrfanView
CVE-2009-2117 (uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authe ...)
	NOT-FOR-US: phPortal
CVE-2009-2116 (Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r2 ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2115 (admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated admini ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2114 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Sk ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2113 (Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote at ...)
	NOT-FOR-US: FretsWeb
CVE-2009-2112 (Directory traversal vulnerability in include/page_bottom.php in phpFK  ...)
	NOT-FOR-US: phpFK
CVE-2009-2111 (Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 ...)
	NOT-FOR-US: DB Top Site
CVE-2009-2110 (Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when ...)
	NOT-FOR-US: DB Top Sites 1.0
CVE-2009-2109 (Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow rem ...)
	NOT-FOR-US: FretsWeb
CVE-2009-2108 (git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cau ...)
	{DSA-1841-2 DSA-1841-1}
	- git-core 1:1.6.3.3-1 (medium; bug #532935)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
CVE-2009-XXXX [moin: heirarchical ACL vulnerability]
	- moin 1.8.4-1 (unimportant; bug #533673)
	NOTE: Not a specific vulnerability, rather a security-related behaviour change, see bug
	[etch] - moin <not-affected> (vulnerable code not present in 1.5.3-1.2etch2)
CVE-2009-XXXX [pcsc-lite: creates world-writable directory]
	- pcsc-lite 1.5.4-1 (low; bug #533670)
	[etch] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
	[lenny] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers]
	- squid <not-affected>
	- squid3 <not-affected>
	NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
	- lighttpd <not-affected>
CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in We ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers]
	- request-tracker3.6 3.6.8-1 (low; bug #532990)
	[lenny] - request-tracker3.6 3.6.7-5+lenny1
	[etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
	- request-tracker3.4 <not-affected> (flaw introduced in 3.6.2; bug #534498)
	- request-tracker3.8 3.8.4-1
CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ex ...)
	NOT-FOR-US: Virtual Civil Services extension for TYPO3
CVE-2009-2105 (SQL injection vulnerability in the References database (t3references)  ...)
	NOT-FOR-US: References database extension for TYPO3
CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Com ...)
	NOT-FOR-US: Modern Guestbook extension for TYPO3
CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player)  ...)
	NOT-FOR-US: Frontend MP3 Player extension for TYPO3
CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and ...)
	NOT-FOR-US: Jumi component for Joomla
CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve 1.4,  ...)
	NOT-FOR-US: TorrentVolve
CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise Projectfork (com ...)
	NOT-FOR-US: JoomlaPraise component for Joomla
CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss ...)
	NOT-FOR-US: iJoomla RSS Feeder component for Joomla
CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0 allows rem ...)
	NOT-FOR-US: phPortal
CVE-2009-2097 (SQL injection vulnerability in system/application/controllers/catalog. ...)
	NOT-FOR-US: Zoki Catalog
CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in phpCollegeExc ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2095 (PHP remote file inclusion vulnerability in template/simpledefault/admi ...)
	NOT-FOR-US: Mundi Mail
CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise bef ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner Ga ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not pro ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2091 (The System Management/Repository component in IBM WebSphere Applicatio ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System Management/Reposito ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere Applicatio ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server (WA ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2086
	REJECTED
CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 b ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 befor ...)
	{DSA-1776-1}
	- slurm-llnl 1.3.15-1 (bug #524980)
	[lenny] - slurm-llnl 1.3.6-1lenny3
CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail page  ...)
	NOT-FOR-US: Taxonomy
CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web Solution ...)
	NOT-FOR-US: Creative Web Solutions Multi-Level CMS
CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings 1.5.2 an ...)
	NOT-FOR-US: phpWebThings
CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict ...)
	NOT-FOR-US: MRCGIGUY
CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative page in ...)
	NOT-FOR-US: Taxonomy
CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x be ...)
	NOT-FOR-US: Booktree module for drupal
CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenti ...)
	- drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6,  ...)
	- drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drup ...)
	NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2 ...)
	NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-XXXX [backuppc: web frontend installed insecurely by default]
	- backuppc 3.1.0-6
	[lenny] - backuppc 3.1.0-4lenny1
CVE-2009-XXXX [clamav scanner bypass with archives]
	- clamav 0.95.2+dfsg-1 (low; bug #535881)
	[lenny] - clamav <no-dsa> (Inherent to the concept of malware concept)
	[etch] - clamav <no-dsa> (Support was discontinued)
	NOTE: http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
CVE-2009-2073 (Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wir ...)
	NOT-FOR-US: Linksys
CVE-2009-2072 (Apple Safari does not require a cached certificate before displaying a ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate for a (1 ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT r ...)
	NOT-FOR-US: Opera
CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached certificate for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2068 (Google Chrome detects http content in https web pages only when the to ...)
	- chromium-browser 5.0.342.9~r43360-1
CVE-2009-2067 (Opera detects http content in https web pages only when the top-level  ...)
	NOT-FOR-US: Opera
CVE-2009-2066 (Apple Safari detects http content in https web pages only when the top ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects http cont ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions, detects ht ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response bef ...)
	NOT-FOR-US: Opera
CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response be ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.1 ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine th ...)
	NOT-FOR-US: Opera
CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine the c ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to dete ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ca ...)
	NOT-FOR-US: Cisco
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x  ...)
	NOT-FOR-US: Cisco
CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0( ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration interfa ...)
	NOT-FOR-US: Cisco
CVE-2009-2047 (Directory traversal vulnerability in the Administration interface in C ...)
	NOT-FOR-US: Cisco
CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500 Series IP ...)
	NOT-FOR-US: Cisco
CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3, as us ...)
	NOT-FOR-US: Cisco
CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...)
	- xulrunner <not-affected> (uses external cairo library)
	- cairo 1.8.8-2 (unimportant)
	NOTE: http://cgit.freedesktop.org/cairo/commit/?id=2cf82eaf0d08e68b787bb0792da97e73d8d4ce38
	NOTE: Just a crasher
CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remot ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images w ...)
	{DSA-2032-1}
	- libpng 1.2.37-1 (low; bug #533676)
	[etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
	- xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used)
CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0. ...)
	NOT-FOR-US: activeCollab
CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, wh ...)
	NOT-FOR-US: Grestul
CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3 for osC ...)
	NOT-FOR-US: Luottokunta module for osCommerce
CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2 for o ...)
	NOT-FOR-US: Finnish Bank Payment module 2.2 for osCommerce
CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades &amp; At ...)
	NOT-FOR-US: Online Grades
CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows rem ...)
	NOT-FOR-US: Open Biller
CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module fo ...)
	NOT-FOR-US: Service module for Drupal
CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when re ...)
	NOT-FOR-US: Yogurt
CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 al ...)
	NOT-FOR-US: Yogurt
CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, w ...)
	NOT-FOR-US: PDshopPro
CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount pe ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification fu ...)
	NOT-FOR-US: IBM OS/400
CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 b ...)
	NOT-FOR-US: Adobe
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the dtsco ...)
	NOT-FOR-US: CA Software Delivery
CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers to byp ...)
	NOT-FOR-US: DM FileManager
CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the  ...)
	NOT-FOR-US: Vlad Titarenko ASP VT Auth
CVE-2009-2023 (SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when ...)
	NOT-FOR-US: Shop-Script
CVE-2009-2022 (fipsCMS Light 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: fipsCMS
CVE-2009-2021 (SQL injection vulnerability in search.php in Virtue Classifieds allows ...)
	NOT-FOR-US: Virtue Classifieds allows
CVE-2009-2020 (Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue  ...)
	NOT-FOR-US: News Manager
CVE-2009-2019 (SQL injection vulnerability in news_detail.php in Virtue News Manager  ...)
	NOT-FOR-US: Virtue News Manager
CVE-2009-2018 (SQL injection vulnerability in admin/index.php in Jared Eckersley MyCa ...)
	NOT-FOR-US: Jared Eckersley MyCars
CVE-2009-2017 (SQL injection vulnerability in products.php in Virtue Book Store allow ...)
	NOT-FOR-US: Virtue Book Store
CVE-2009-2016 (SQL injection vulnerability in products.php in Virtue Shopping Mall al ...)
	NOT-FOR-US: Virtue Shopping Mall
CVE-2009-2015 (Directory traversal vulnerability in includes/file_includer.php in the ...)
	NOT-FOR-US: com_moofaq for Joomla!
CVE-2009-2014 (SQL injection vulnerability in the ComSchool (com_school) component 1. ...)
	NOT-FOR-US: com_school for Joomla!
CVE-2009-2013 (SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3 ...)
	NOT-FOR-US: Frontis
CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through s ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probabl ...)
	NOT-FOR-US: Worldweaver DX Studio Player
CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family Connecti ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, a ...)
	NOT-FOR-US: Dokeos
CVE-2009-2008 (Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly e ...)
	NOT-FOR-US: Dokeos
CVE-2009-2007 (Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and poss ...)
	NOT-FOR-US: Dokeos
CVE-2009-2006 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, a ...)
	NOT-FOR-US: Dokeos
CVE-2009-2005 (Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and p ...)
	NOT-FOR-US: Dokeos
CVE-2009-2004 (Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php  ...)
	NOT-FOR-US: Dokeos
CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote attackers to  ...)
	NOT-FOR-US: Ascad Networks Password Protector
CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle Database 1 ...)
	NOT-FOR-US: Oracle Database
CVE-2009-2000 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence Enterprise Edit ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order and Servi ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2009-1997 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in Oracle D ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1993 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence Enterprise Edit ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component i ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile M ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - E ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle Applications Manager
CVE-2009-1985 (Unspecified vulnerability in the Network Authentication component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1984 (Unspecified vulnerability in the Application Install component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component i ...)
	NOT-FOR-US: Siebel Product Suite
CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1979 (Unspecified vulnerability in the Network Authentication component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle Appli ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) Or ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) Or ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component in Ora ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in Oracl ...)
	NOT-FOR-US: Oracle Database
CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Ente ...)
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA  ...)
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6830 (The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Ja ...)
	NOT-FOR-US: Java Application Servers
CVE-2008-6829 (VicFTPS 5.0 allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: VicFTPS
CVE-2008-6828 (Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6827 (The ListView control in the Client GUI (AClient.exe) in Symantec Altir ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6826 (dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: MHF Media Pro
CVE-2009-XXXX [predictable random number generator used in web browsers]
	- webkit 1.2 (low; bug #532514)
	NOTE: The implementations for UNIX seems fine, might be fixed earlier
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdebase <unfixed> (unimportant; bug #532519)
	- w3m <unfixed> (unimportant; bug #532521)
	NOTE: w3m doesn't have Javascript support and the boundary issue is harmles
	- chromium-browser 26.0.1410.43-1 (bug #520324)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: chromium has provides window.crypto.getRandomValues as a strong random number generator
	NOTE: https://code.google.com/p/chromium/issues/detail?id=246054
	- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
	NOTE: lynx doesn't have Javascript and form-data support
	- dillo <not-affected> (bug #532522)
	NOTE: These issues can be fixed in more recent upstream versions, but the risk
	NOTE: of regression doesn't outweigh the issue at hand
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2 ...)
	{DSA-1844-1}
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Affected code was introduced in 2.6.19)
	[lenny] - linux-2.6 2.6.26-16
	- linux-2.6.24 <removed>
	NOTE: fixed in lenny 5.0.2 release
CVE-2009-1959 (Off-by-one error in the event_wallops function in fe-common/irc/fe-eve ...)
	- irssi 0.8.13-2 (low; bug #532607; bug #531357)
	[lenny] - irssi 0.8.12-7
	[etch] - irssi 0.8.10-3
	NOTE: exploitability limited, DoS rather obscure attack scenario
CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache APR-uti ...)
	- apr-util 1.3.7+dfsg-1 (low)
	[lenny] - apr-util 1.2.12+dfsg-8+lenny3
CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Ap ...)
	{DSA-1812-1}
	- apr-util 1.3.7+dfsg-1 (medium)
CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 a ...)
	NOT-FOR-US: IBM AIX
CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSph ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative login fea ...)
	NOT-FOR-US: PropertyMax
CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in PropertyMax P ...)
	NOT-FOR-US: PropertyMax
CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allow ...)
	NOT-FOR-US: WebEyes Guest Book
CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote at ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in Unclassif ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in unb_lib/dat ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in AdaptBB  ...)
	NOT-FOR-US: AdaptBB
CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allow ...)
	NOT-FOR-US: cWebCal
CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attac ...)
	NOT-FOR-US: AIMP
CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet ...)
	NOT-FOR-US: SafeNet SoftRemote
CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2 ...)
	NOT-FOR-US: Quiz module for Drupal
CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web docume ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: Joomla!
CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity template for ...)
	NOT-FOR-US: Joomla!
CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5. ...)
	NOT-FOR-US: Joomla!
CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting featur ...)
	NOT-FOR-US: LightNEasy
CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a  ...)
	NOT-FOR-US: cpCommerce
CVE-2009-1935 (Integer overflow in the pipe_build_write_buffer function (sys/kern/sys ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-2
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in  ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117,  ...)
	NOT-FOR-US: Solaris
CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality trixbo ...)
	NOT-FOR-US: trixbox
CVE-2009-XXXX [pgp4pine off-by-one]
	- pgp4pine <removed> (bug #457947; medium)
	[etch] - pgp4pine <no-dsa> (Contrib not supported)
	[lenny] - pgp4pine <no-dsa> (Contrib not supported)
	NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html
	NOTE: unlike the note states this is not just an off-by-one, classic stack-based buffer overflow
CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) user_end ...)
	{DSA-1839-1}
	- gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352)
CVE-2009-1931
	RESERVED
CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client A ...)
	NOT-FOR-US: ActiveX
CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active Director ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1927
	REJECTED
CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gol ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1921
	REJECTED
CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 fo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 fo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute a ...)
	NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...)
	NOT-FOR-US: ICQ
CVE-2009-1914 (The pci_register_iommu_region function in arch/sparc/kernel/pci_common ...)
	{DSA-1844-1}
	- linux-2.6 2.6.29-1 (low; bug #532722)
	[lenny] - linux-2.6 2.6.26-16
	- linux-2.6.24 <removed>
	NOTE: updated in lenny 5.0.2 release
CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic ...)
	NOT-FOR-US: LuxBum
CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka admin/_inc ...)
	NOT-FOR-US: QuiXplorer
CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows  ...)
	NOT-FOR-US: RTWebalbum
CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and  ...)
	NOT-FOR-US: Skip
CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, an ...)
	NOT-FOR-US: Skip
CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in claroline/linker/notfound. ...)
	NOT-FOR-US: Claroline
CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access poin ...)
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth Pro ...)
	NOT-FOR-US: NEPT Image Uploader
CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before F ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
	{DSA-1860-1}
	- ruby1.8 1.8.7.173-1 (low; bug #532689)
	- ruby1.9 <removed> (bug #575778)
	NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows remo ...)
	- libapache-mod-security 2.5.9-1
CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote atta ...)
	- libapache-mod-security 2.5.9-1
CVE-2009-1901 (The Security component in IBM WebSphere Application Server (WAS) 6.0.2 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1900 (The Configservice APIs in the Administrative Console component in IBM  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1899 (Unspecified vulnerability in the Administrative Configservice API in t ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1898 (The secure login page in the Administrative Console component in IBM W ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6821 (Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 b ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, w ...)
	- dokuwiki 0.0.20090214b-1 (unimportant)
	NOTE: we don't support setups with register_globals enabled
CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in ...)
	- linux-2.6 2.6.30-3 (high; bug #537409)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
	NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html
CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b ...)
	- openjdk-6 6b16-1.6-1 (bug #542210)
CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3 has a  ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-3 (low)
	[etch] - linux-2.6 <not-affected> (mmap_min_addr first indroduced in 2.6.23)
	- linux-2.6.24 <removed>
CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local us ...)
	{DSA-1838-1}
	- pulseaudio 0.9.15-4.1 (high; bug #537351)
	[etch] - pulseaudio <not-affected> (vulnerable code not present)
CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP 3.0. ...)
	NOT-FOR-US: Red Hat dhcpd init script for DHCP
CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...)
	{DSA-1833-2}
	- isc-dhcp 3.1.2p1-2 (low; bug #539492)
	- dhcp3 3.1.2p1-2 (low; bug #549584)
	[etch] - dhcp3 <not-affected> (problematic assert is not present)
	[lenny] - dhcp3 3.1.1-6+lenny2
CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses l ...)
	{DSA-1834-1}
	- apache2 2.2.11-7 (medium; bug #534712)
CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy mo ...)
	{DSA-1834-1}
	- apache2 2.2.11-7 (medium; bug #536718)
	[etch] - apache2 <not-affected> (bug introduced in 2.2.5)
	[lenny] - apache2 2.2.9-10+lenny4
CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
	- pidgin 2.5.8-1 (low; bug #535790)
	[lenny] - pidgin <no-dsa> (Minor issue)
	NOTE: http://developer.pidgin.im/ticket/9483
	NOTE: http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba  ...)
	{DSA-1823-1}
	- samba 2:3.3.6-1 (low)
	[etch] - samba <not-affected> (Vulnerable code not present)
	NOTE: Successful exploitation requires that "dos filemode" is set to "yes" in smb.conf.
CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Li ...)
	- net-snmp <not-affected> (Vulnerable code not present)
	NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and stable.
CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...)
	{DSA-1823-1}
	- samba 2:3.3.6-1
	[etch] - samba <not-affected> (Vulnerable code not present)
	NOTE: Only the 3.2.x branch was affected, so marking 3.3 as affected
CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Ap ...)
	- xerces-c 3.0.1-2 (low; bug #540297)
	[etch] - xerces-c <no-dsa> (Minor issue)
	[lenny] - xerces-c <no-dsa> (Minor issue)
	- xerces-c2 2.8.0+deb1-2 (low; bug #541986)
	[lenny] - xerces-c2 2.8.0-3+lenny1
	- xerces27 <removed>
	[etch] - xerces27 <no-dsa> (Minor issue)
CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the Compress ...)
	- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
	[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the Lin ...)
	{DSA-1929-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19)
	NOTE: See Solar Designer's posting to oss-security
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in Ima ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.5.1.0-1.1 (medium; bug #530838)
	- graphicsmagick 1.3.5-5.1 (medium; bug #530946)
CVE-2009-1881 (Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remot ...)
	NOT-FOR-US: MT312
CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remot ...)
	NOT-FOR-US: MT312
CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability]
	- ocsinventory-server 1.02.1-1 (unimportant; bug #531735)
	NOTE: README.Debian states Important: access to the reports server should be restricted
	NOTE: can be exploited only if magic_quotes is off
CVE-2009-3870
	REJECTED
CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...)
	NOT-FOR-US: Adobe Flex
CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier a ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1876 (Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sen ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1875 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusio ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1874 (Multiple cross-site scripting (XSS) vulnerabilities in the Management  ...)
	NOT-FOR-US: Adobe JRun
CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in the Mana ...)
	NOT-FOR-US: Adobe JRun
CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusio ...)
	NOT-FOR-US: Adobe ColdFusion Server
CVE-2009-1871
	REJECTED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 b ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-1859 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat  ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1858 (The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe R ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat  ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe R ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass authen ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board 2. ...)
	NOT-FOR-US: Kensei Board
CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow r ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and  ...)
	NOT-FOR-US: phpBugTracker
CVE-2009-1850 (SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows ...)
	NOT-FOR-US: phpBugTracker
CVE-2009-1849 (Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth func ...)
	NOT-FOR-US: PRTG Traffic Grapher
CVE-2009-1848 (SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com ...)
	NOT-FOR-US: JoomlaMe
CVE-2009-1847 (Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B ...)
	NOT-FOR-US: Easy PX 41 CMS
CVE-2009-1846 (Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418  ...)
	NOT-FOR-US: SiteX
CVE-2009-1845 (Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lu ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2009-1844 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...)
	{DSA-1808-1}
	- drupal5 5.17-1.1 (low; bug #529191)
	- drupal6 6.11-1.1 (low; bug #529190; bug #531386)
CVE-2009-1843 (Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remo ...)
	NOT-FOR-US: Flash Quiz
CVE-2009-1842 (SQL injection vulnerability in main/tracking/userLog.php in Francisco  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6819 (win32k.sys in Microsoft Windows Server 2003 and Vista allows local use ...)
	NOT-FOR-US: Microsoft Windows Server 2003 and Vista
CVE-2008-6818 (Mole Group Real Estate Script 1.1 and earlier stores passwords in clea ...)
	NOT-FOR-US: Mole Group Real Estate Script
CVE-2008-6817 (Mole Group Lastminute Script 4.0 and earlier stores passwords in clear ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2004-2764 (Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4 ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2004-2763 (The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 throug ...)
	NOT-FOR-US: Sun ONE iPlanet Web Server
CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference impleme ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ap ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 all ...)
	{DSA-1899-1}
	- strongswan 4.2.14-1.1 (medium; bug #531612)
	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN befo ...)
	{DSA-1899-1}
	- strongswan 4.2.14-1.1 (medium; bug #531612)
	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3 ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before 3.0.11 ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in modules/plug ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate lo ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird be ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of se ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1827 (The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to  ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1831 (The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Wina ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2009-1830 (Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote a ...)
	NOT-FOR-US: Soulseek
CVE-2009-1826 (modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require admi ...)
	NOT-FOR-US: myGesuad
CVE-2009-1825 (modules/admuser.php in myColex 1.4.2 does not require administrative a ...)
	NOT-FOR-US: myColex
CVE-2009-1824 (The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protect ...)
	NOT-FOR-US: ArcaBit ArcaVir
CVE-2009-1823 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: 3rd party Printer, e-mail and PDF module for Drupal
CVE-2009-1822 (Multiple PHP remote file inclusion vulnerabilities in the InterJoomla  ...)
	NOT-FOR-US: Joomla!
CVE-2009-1821 (DMXReady Registration Manager 1.1 stores sensitive information under t ...)
	NOT-FOR-US: DMXReady Registration Manager
CVE-2009-1820 (Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Cus ...)
	NOT-FOR-US: 2daybiz Custom T-shirt Design Script
CVE-2009-1819 (SQL injection vulnerability in product.php in 2daybiz Custom T-shirt D ...)
	NOT-FOR-US: 2daybiz Custom T-shirt Design Script
CVE-2009-1818 (SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 a ...)
	NOT-FOR-US: MaxCMS
CVE-2009-1817 (Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attacker ...)
	NOT-FOR-US: DigiMode Maya
CVE-2009-1816 (SQL injection vulnerability in admin.php in My Game Script 2.0 allows  ...)
	NOT-FOR-US: My Game Script
CVE-2009-1815 (Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b all ...)
	NOT-FOR-US: Sonic Spot Audioactive Player
CVE-2009-1814 (SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier a ...)
	NOT-FOR-US: PHPenpals
CVE-2009-1813 (Multiple SQL injection vulnerabilities in admin/index.php in Submitter ...)
	NOT-FOR-US: Submitter Script
CVE-2009-1812 (Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) al ...)
	NOT-FOR-US: myGesuad
CVE-2009-1811 (Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 ...)
	NOT-FOR-US: myGesuad
CVE-2009-1810 (Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote a ...)
	NOT-FOR-US: myColex
CVE-2009-1809 (Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 a ...)
	NOT-FOR-US: myColex
CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20  ...)
	{DSA-1942-1}
	- wireshark 1.0.8-1 (low; bug #533347)
	[lenny] - wireshark 1.0.2-3+lenny6
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of servi ...)
	NOT-FOR-US: Microsoft
CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...)
	NOT-FOR-US: Baofeng
CVE-2009-1806 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 r ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounting dr ...)
	NOT-FOR-US: VMware (experimental feature anyway)
CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in VideoScri ...)
	NOT-FOR-US: videoscript
CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...)
	NOT-FOR-US: FreePBX
CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX  ...)
	NOT-FOR-US: FreePBX
CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1,  ...)
	NOT-FOR-US: FreePBX
CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control  ...)
	NOT-FOR-US: Chinagames
CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...)
	NOT-FOR-US: ST-Gallery
CVE-2008-6816 (Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remot ...)
	NOT-FOR-US: Eaton
CVE-2008-6815 (mykdownload.php in MyKtools 2.4 does not require administrative authen ...)
	NOT-FOR-US: MyKtools
CVE-2008-6814 (Unrestricted file upload vulnerability in image_upload.php in the Simp ...)
	NOT-FOR-US: SimpleBoard for Mambo
CVE-2009-1798 (Multiple cross-site scripting (XSS) vulnerabilities on the Network Man ...)
	NOT-FOR-US: APC
CVE-2009-1797 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Netw ...)
	NOT-FOR-US: APC
CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal Ser ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2009-1795
	RESERVED
CVE-2009-1794
	RESERVED
CVE-2009-1793
	RESERVED
CVE-2009-1792 (The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka  ...)
	NOT-FOR-US: StoneTrip Ston3D StandalonePlayer
CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2. ...)
	NOT-FOR-US: CGI Rescue Trees
CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteS ...)
	NOT-FOR-US: PHP Dir Submit
CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...)
	NOT-FOR-US: IBM AIX libc
CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...)
	NOT-FOR-US: Ulteo Open Virtual Desktop
CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus pro ...)
	NOT-FOR-US: AVG anti-virus
CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including Antiviru ...)
	NOT-FOR-US: FRISK Software F-Prot anti-virus
CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for Micros ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php Recomm ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require au ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Re ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in Bi ...)
	NOT-FOR-US: BigACE CMS
CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1. ...)
	NOT-FOR-US: Matt Wright FormMail
CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in  ...)
	NOT-FOR-US: Matt Wright FormMail
CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virt ...)
	NOT-FOR-US: Ulteo Open Virtual Desktop
CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in Strawberr ...)
	NOT-FOR-US: Strawberry
CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: activeCollab
CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...)
	NOT-FOR-US: activeCollab
CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative authenti ...)
	NOT-FOR-US: Flyspeck CMS
CVE-2009-1770 (Directory traversal vulnerability in includes/database/examples/addres ...)
	NOT-FOR-US: Flyspeck CMS
CVE-2009-1769 (The web interface in Open Computer and Software Inventory Next Generat ...)
	- ocsinventory-server 1.02.1-1 (unimportant; bug #529344)
	NOTE: README.Debian states Important: access to the reports server should be restricted
CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS 0 ...)
	NOT-FOR-US: Rama Zaiten CMS
CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require  ...)
	NOT-FOR-US: 2daybiz Template Monster Clone
CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows re ...)
	NOT-FOR-US: LightOpenCMS
CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when regi ...)
	NOT-FOR-US: pluck CMS
CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remot ...)
	NOT-FOR-US: MaxCMS
CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver (a ...)
	NOT-FOR-US: Solaris
CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess l ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-XXXX [radare-common insecure temp files handling]
	- radare 1.4-1 (low)
CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windo ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...)
	{DSA-1815-1}
	- libtorrent-rasterbar 0.14.4-1 (medium)
CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function (trun ...)
	{DSA-1817-1}
	- ctorrent 1.3.4-dnh3.2-1.1 (medium; bug #530255)
CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as app ...)
	{DSA-1809-1}
	- linux-2.6 2.6.28-1 (low; bug #536148)
	- linux-2.6.24 <removed>
CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 be ...)
	- transmission 1.61-1 (low)
	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
	[etch] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
CVE-2009-1754 (The PackageManagerService class in services/java/com/android/server/Pa ...)
	NOT-FOR-US: Android
CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to (1 ...)
	NOT-FOR-US: exJune Office Message System
CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware Technol ...)
	NOT-FOR-US: Realty Web-Base
CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows remote au ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ca ...)
	NOT-FOR-US: Catviz
CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in Catviz 0. ...)
	NOT-FOR-US: Catviz
CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 al ...)
	NOT-FOR-US: bSpeak
CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0  ...)
	NOT-FOR-US: Dian Gemilang DGNews
CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x  ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in  ...)
	NOT-FOR-US: Pinnacle
CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinna ...)
	NOT-FOR-US: Pinnacle
CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for re ...)
	NOT-FOR-US: PC4Arb Pc4 Uploader
CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM FileManager  ...)
	NOT-FOR-US: DM FileManager
CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer Active ...)
	NOT-FOR-US: D-Link MPEG4 Viewer
CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before  ...)
	NOT-FOR-US: Feed Block
CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows remot ...)
	NOT-FOR-US: MyPic
CVE-2009-1736 (SQL injection vulnerability in the GridSupport (GS) Ticket System (com ...)
	NOT-FOR-US: GridSupport component for Joomla
CVE-2009-1735 (Cross-site scripting (XSS) vulnerability in search.php in VidSharePro  ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...)
	- ipplan 4.91a-1.1 (unimportant; bug #530271)
	NOTE: Only exploitable with admin rights
CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in IPpla ...)
	{DSA-1827-1}
	- ipplan 4.91a-1.1 (low; bug #530271)
CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows re ...)
	NOT-FOR-US: MLFFAT
CVE-2009-1730 (Multiple directory traversal vulnerabilities in NetMechanica NetDecisi ...)
	NOT-FOR-US: NetDecision TFTP Server
CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before ...)
	NOT-FOR-US: Image RAW in Apple Mac OS X
CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and  ...)
	NOT-FOR-US: ColorSync in Apple Mac OS X
CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1,  ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.13-1 (medium; bug #538346)
	- qt4-x11 4:4.5.2-2 (medium; bug #538347)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	- kdelibs <not-affected> (medium; bug #538350)
	- kde4libs <not-affected> (medium; bug #538349)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=513813#c18
	NOTE: patch http://trac.webkit.org/changeset/44799/
	NOTE: PoC http://web.archive.org/web/20110813092643/https://cevans-app.appspot.com/static/webkitentityoffbyone.html
CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- qt4-x11 <not-affected> (bug #538403)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- webkit 1.1.13-1 (low; bug #538402)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
	NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in OpenEX ...)
	{DSA-1842-1}
	- openexr 1.6.1-1 (medium; bug #540424)
CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...)
	{DSA-1842-1}
	- openexr 1.6.1-4.1 (medium; bug #540424)
CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-de ...)
	{DSA-1842-1}
	- openexr 1.6.1-4.1 (medium; bug #540424)
CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote attacker ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/44010
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allo ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly prot ...)
	NOT-FOR-US: CFNetwork in Apple
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/31890
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.3-1 (low)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not p ...)
	{DSA-1988-1}
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	NOTE: http://trac.webkit.org/changeset/34533
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of l ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	NOTE: http://trac.webkit.org/changeset/41568
CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory  ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	NOTE: http://trac.webkit.org/changeset/36918
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-1
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/35157
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation  ...)
	{DSA-1866-1}
	- webkit 0~svn32442-1
	NOTE: fixed in upstream commit http://trac.webkit.org/changeset/32230
	- kdelibs <not-affected> (vulnerable code in kdegraphics)
	- kde4libs <not-affected> (Vulnerable code not present)
	- kdegraphics 4:4.0 (medium; bug #534951)
	NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series)
CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari befo ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows doe ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly u ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image fi ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
	NOTE: http://trac.webkit.org/changeset/42533
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42216
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in W ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained, only affects fringe apps)
	- kdelibs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: invasive patch to backport.
	NOTE: http://trac.webkit.org/changeset/40881
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone O ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/38065
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before 4.0 ...)
	{DSA-1988-1}
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	NOTE: http://trac.webkit.org/changeset/42081
	- qt4-x11 4:4.5.2-1
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534949)
	- kde4libs 4:4.3.0-1 (medium)
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPh ...)
	{DSA-1950-1}
	- webkit 1.1.15.2-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/41262
CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/39510
	NOTE: http://trac.webkit.org/changeset/39553
CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42223
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/35935
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	- qt4-x11 4:4.6.2-4 (unimportant)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
	NOTE: http://trac.webkit.org/changeset/41741
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/32791
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	NOTE: http://trac.webkit.org/changeset/42532
	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534952)
	- kde4libs 4:4.3.0-1 (medium; bug #534949)
	NOTE: http://websvn.kde.org/?view=rev&revision=983316
	- qt4-x11 4:4.5.2-1 (medium; bug #534947)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
	NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
	NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	- kdelibs 4:3.5.10.dfsg.1-2.1 (bug #534952)
	- kde4libs 4:4.3.0-1
	NOTE: http://trac.webkit.org/changeset/41854
	- qt4-x11 4:4.5.2-1 (medium; bug #534946)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/31431
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.0.1-4 (bug #535793)
	- kdelibs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34574
CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42365
CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhon ...)
	NOT-FOR-US: iPhone
CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended V ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/42333
CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod tou ...)
	NOT-FOR-US: Safari in Apple iPhone OS
CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
	NOT-FOR-US: iPhone
CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Editi ...)
	NOT-FOR-US: phpWebNews
CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Ed ...)
	NOT-FOR-US: phpWebNews
CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (m ...)
	- slim 1.3.1-2 (low; bug #529306)
	[lenny] - slim 1.3.0-1+lenny2
CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in packet.c ...)
	{DSA-1803-1}
	- nsd3 3.2.2-1 (medium; bug #529418)
	- nsd 2.3.7-3 (medium; bug #529420)
	NOTE: VU#710316
CVE-2009-1753 (Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a ...)
	- coccinelle 0.1.7.deb-3 (low)
CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in rss/feed ...)
	NOT-FOR-US: Bitweaver
CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed functio ...)
	NOT-FOR-US: Bitweaver
CVE-2009-1676
	REJECTED
CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows r ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-as ...)
	NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1673 (The kernel in Sun Solaris 9 allows local users to cause a denial of se ...)
	NOT-FOR-US: SunOS
CVE-2009-1672 (The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Su ...)
	NOT-FOR-US: ActiveX
CVE-2009-1671 (Multiple buffer overflows in the Deployment Toolkit ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2009-1670 (user/index.php in TCPDB 3.8 does not require administrative authentica ...)
	NOT-FOR-US: TCPDB
CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in ...)
	{DSA-1919-1}
	- smarty 2.6.26-0.1 (low; bug #529810)
	[etch] - smarty <not-affected> (Vulnerable code not present)
	[lenny] - smarty <no-dsa> (Minor issue)
CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: TYPSoft
CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows r ...)
	NOT-FOR-US: CastRipper
CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50 ...)
	NOT-FOR-US: CycloMedia CycloScopeLite
CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows remote ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does not veri ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1663 (Unrestricted file upload vulnerability in myaccount.php in Easy Script ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1662 (Multiple SQL injection vulnerabilities in admin/login.php in Wright Wa ...)
	NOT-FOR-US: Wright Way Services Recipe Script
CVE-2009-1661 (SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when ma ...)
	NOT-FOR-US: uTopic
CVE-2009-1660 (Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows ...)
	NOT-FOR-US: ViPlay3
CVE-2009-1659 (Unrestricted file upload vulnerability in admin/uploadimage.php in eLi ...)
	NOT-FOR-US: eLitius
CVE-2009-1658 (Multiple SQL injection vulnerabilities in admin/admin.php in Realty We ...)
	NOT-FOR-US: Web-Base
CVE-2009-1657 (Multiple SQL injection vulnerabilities in the Starrating plugin before ...)
	NOT-FOR-US: Starrating plugin for b2evolution
CVE-2009-1656 (Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and  ...)
	NOT-FOR-US: Xerox
CVE-2009-1655 (Multiple SQL injection vulnerabilities in myaccount.php in Easy Script ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1654 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1653 (Directory traversal vulnerability in examples/tbs_us_examples_0view.ph ...)
	NOT-FOR-US: TinyButStrong
CVE-2009-1652 (admin/adminaddeditdetails.php in Business Community Script does not pr ...)
	NOT-FOR-US: Business Community Script
CVE-2009-1651 (SQL injection vulnerability in admin/member_details.php in 2daybiz Bus ...)
	NOT-FOR-US: 2daybiz
CVE-2009-1650 (Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1  ...)
	NOT-FOR-US: Shutter
CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows r ...)
	NOT-FOR-US: beLive
CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Se ...)
	NOT-FOR-US: yast2-ldap-server on SUSE
CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 al ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allow ...)
	NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-1645 (Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Conve ...)
	NOT-FOR-US: Mini-stream Easy RM-MP Converter
CVE-2009-1644 (Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 all ...)
	NOT-FOR-US: Streaming Audio Player
CVE-2009-1643 (Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows ...)
	NOT-FOR-US: Sorinara Soritong MP3 Player
CVE-2009-1642 (Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Conver ...)
	NOT-FOR-US: Mini-stream ASX to MP3 Converter
CVE-2009-1641 (Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 al ...)
	NOT-FOR-US: Mini-stream Ripper
CVE-2009-1640 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery f ...)
	NOT-FOR-US: Nucleus Data Recovery Kernel Recovery
CVE-2009-1639 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery f ...)
	NOT-FOR-US: Nucleus Data Recovery Kernel Recovery
CVE-2009-1638 (Techno Dreams Job Career Package 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Techno Dreams Job Career Package
CVE-2009-1637 (profile.php in Simple Customer 1.3 does not require administrative aut ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6811 (Unrestricted file upload vulnerability in image_processing.php in the  ...)
	NOT-FOR-US: e-Commerce Plugin for Wordpress
CVE-2008-6810 (Multiple SQL injection vulnerabilities in admin/checklogin.php in Vena ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6809 (SQL injection vulnerability in hotel_habitaciones.php in Venalsur Book ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 thr ...)
	{DSA-1814-1 DTSA-202-1}
	- libsndfile 1.0.20-1 (low; bug #528650)
CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 th ...)
	{DSA-1814-1 DTSA-202-1}
	- libsndfile 1.0.20-1 (low; bug #528650)
CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component i ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess c ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8. ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel be ...)
	{DSA-1865-1 DSA-1844-1 DSA-1809-1}
	- linux-2.6 2.6.30-1
	- linux-2.6.24 <removed>
CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attacke ...)
	{DSA-1804-1}
	- ipsec-tools 1:0.7.1-1.5 (medium; bug #528933)
CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses world-readab ...)
	- evolution 2.29.90-1 (unimportant; bug #526409)
	NOTE: Mostly a security enhancement, only for local users/mail and open homedirs
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client implemen ...)
	{DSA-1865-1 DSA-1844-1 DSA-1809-1}
	- linux-2.6 2.6.30-1
	- linux-2.6.24 <removed>
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with pr ...)
	{DSA-1994-1}
	- ajaxterm 0.10-5 (medium; bug #528938)
CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ea ...)
	{DSA-1826-1}
	- eggdrop 1.6.19-1.2 (medium; bug #528778)
CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
	- cron 3.0pl1-106 (low; bug #528434)
	[lenny] - cron <no-dsa> (Minor issue)
	[etch] - cron <no-dsa> (Minor issue)
CVE-2009-1628 (Stack-based buffer overflow in mnet.exe in Unisys Business Information ...)
	NOT-FOR-US: Unisys Business Information Server
CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) Downlo ...)
	NOT-FOR-US: Streaming Download Project (SDP)
CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog before B ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox Gallery 2 a ...)
	NOT-FOR-US: Thickbox Gallery 2
CVE-2009-1624 (Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0  ...)
	NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLin ...)
	NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote  ...)
	NOT-FOR-US: EcShop 2.5.0
CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8 allow ...)
	NOT-FOR-US: OpenCart
CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php in Ma ...)
	NOT-FOR-US: MataChat
CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Teraway FileStream
CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: Teraway LiveHelp
CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Teraway LinkTracker
CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ ...)
	NOT-FOR-US: SFS Link Directory
CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in osprey 1 ...)
	NOT-FOR-US: osprey
CVE-2008-6806 (Unrestricted file upload vulnerability in includes/imageupload.php in  ...)
	NOT-FOR-US: 7Shop
CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Copper ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4  ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1613 (Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4,  ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1612 (Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control i ...)
	NOT-FOR-US: ActiveX
CVE-2009-1611 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows r ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1610 (admin/changepassword.php in Job Script Job Board Software 2.0 allows r ...)
	NOT-FOR-US: Job Script Job Board Software
CVE-2009-1609 (Unrestricted file upload vulnerability in admin/uploadform.asp in Batt ...)
	NOT-FOR-US: Battle Blog
CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly ear ...)
	NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: LinkBase
CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo DafoloC ...)
	NOT-FOR-US: Dafolo DafoloControl ActiveX
CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function in mupd ...)
	NOT-FOR-US: MuPDF
CVE-2009-1604 (Unspecified vulnerability in LimeSurvey before 1.82 allows remote atta ...)
	- limesurvey <itp> (bug #472802)
CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used wit ...)
	- opensc 0.11.8 (high; bug #527640)
	[etch] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
	[lenny] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
	NOTE: checked code, public exponent set correctly in etch/lenny versions (CK_BYTE publicExponent[] = { 3 };)
CVE-2009-1602 (Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote a ...)
	NOT-FOR-US: Pablo Software
CVE-2009-1601 (The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+df ...)
	- clamav <not-affected> (Vulnerable code not present)
	NOTE: from what I see this code was never uploaded to the debian archive
CVE-2009-1600 (Apple Safari executes DOM calls in response to a javascript: URI in th ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the targe ...)
	NOT-FOR-US: Opera
CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in t ...)
	- chromium-browser <unfixed> (unimportant)
	- webkit <not-affected> (chrome-specific issue)
	NOTE: it sounds like a "researcher misconception bug" (as seeming explained by Abobe) rather than a security issue
CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the  ...)
	NOT-FOR-US: Openfire
CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Real ...)
	NOT-FOR-US: Openfire
CVE-2008-6805 (Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_q ...)
	NOT-FOR-US: Mic_Blog
CVE-2008-6804 (** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to bypas ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-6803 (SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portal ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2009-XXXX [More file buffer overflows]
	- file 5.03-1 (bug #525820)
	[etch] - file <not-affected> (CDF code not yet present in 4.x)
	[lenny] - file <not-affected> (CDF code not yet present in 4.x)
CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x  ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x  ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows r ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allo ...)
	NOT-FOR-US: CGI RESCUE Web Mailer
CVE-2009-1590 (Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows r ...)
	NOT-FOR-US: CGI RESCUE FORM2MAIL
CVE-2009-1589 (Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows r ...)
	NOT-FOR-US: CGI RESCUE MiniBBS
CVE-2009-1588 (Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t befo ...)
	NOT-FOR-US: CGI RESCUE MiniBBS
CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games]
	- hex-a-hop <unfixed> (unimportant; bug #528250)
	NOTE: That's a simple bug, it's silly to treat this as a security issue
CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass authe ...)
	NOT-FOR-US: PHP Site Lock
CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7. ...)
	NOT-FOR-US: GrabIt
CVE-2009-1585 (Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_q ...)
	NOT-FOR-US: TemaTres
CVE-2009-1584 (Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, wh ...)
	NOT-FOR-US: TemaTres
CVE-2009-1583 (Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3  ...)
	NOT-FOR-US: TemaTres
CVE-2009-1582 (Million Dollar Text Links 1.0 does not properly restrict administrator ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2008-6802 (Multiple SQL injection vulnerabilities in index.php in phPhotoGallery  ...)
	NOT-FOR-US: phPhotoGallery
CVE-2008-6801 (Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4. ...)
	NOT-FOR-US: Vivvo CMS
CVE-2008-6800
	REJECTED
CVE-2008-6799 (connection.php in FlashChat 5.0.8 allows remote attackers to bypass th ...)
	NOT-FOR-US: FlashChat
CVE-2008-6798 (Multiple SQL injection vulnerabilities in login.php in Pre Projects Pr ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6797 (The server in Mitel NuPoint Messenger R11 and R3 sends usernames and p ...)
	NOT-FOR-US: Mitel NuPoint Messenger
CVE-2008-6796 (SQL injection vulnerability in manager/login.php in Pre Projects Pre R ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6795 (SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CM ...)
	NOT-FOR-US: nicLOR Vibro-School-CMS
CVE-2008-6794 (SQL injection vulnerability in directory.php in Scripts For Sites (SFS ...)
	NOT-FOR-US: Scripts For Sites (SFS)
CVE-2008-6793 (The get_file_type function in lib/file_content.php in DFLabs PTK 0.1,  ...)
	NOT-FOR-US: DFLabs
CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used  ...)
	- system-tools-backends 2.6.0-6.1 (low; bug #527952)
	[lenny] - system-tools-backends 2.6.0-2lenny3
	[etch] - system-tools-backends <not-affected> (SHA was added to crypt(3) post-etch)
CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not protect the  ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
CVE-2009-1580 (Session fixation vulnerability in SquirrelMail before 1.4.18 allows re ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676
CVE-2009-1579 (The map_yp_alias function in functions/imap_general.php in SquirrelMai ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (medium; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674
	NOTE: doesn't affect every setup
CVE-2009-1578 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670
CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in fin ...)
	- cscope 15.6-1
CVE-2009-1576 (Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.1 ...)
	{DSA-1792-1}
	- drupal6 6.11-1 (bug #526378)
	- drupal5 5.17-1
CVE-2009-1575 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and ...)
	{DSA-1792-1}
	- drupal6 6.11-1 (bug #526378)
	- drupal5 5.17-1
CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attacke ...)
	{DSA-1804-1}
	- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0 ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
CVE-2009-1570 (Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-re ...)
	- gimp 2.6.7-1.1 (medium; bug #555929)
CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5. ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30 ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox upl ...)
	NOT-FOR-US: ActiveX
CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creato ...)
	NOT-FOR-US: Roxio Easy Media Creator
CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4  ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMwa ...)
	NOT-FOR-US: VMwar
CVE-2009-1563
	REJECTED
CVE-2009-1562
	RESERVED
CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in administration.cgi  ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1560 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1559 (Absolute path traversal vulnerability in adm/file.cgi on the Cisco Lin ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1558 (Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1557 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Links ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1556 (img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with  ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1555 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1554 (Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun W ...)
	NOT-FOR-US: Sun Woodstock
CVE-2009-1553 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin Conso ...)
	NOT-FOR-US: Sun GlassFish Enterprise Server
CVE-2009-1552 (Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7 ...)
	NOT-FOR-US: SCO UnixWare
CVE-2009-1551 (Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 a ...)
	NOT-FOR-US: Qt quickteam
CVE-2009-1550 (Zakkis Technology ABC Advertise 1.0 does not properly restrict access  ...)
	NOT-FOR-US: Zakkis Technology ABC Advertise
CVE-2009-1549 (AGTC MyShop 3.2b allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: AGTC MyShop
CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows remote a ...)
	NOT-FOR-US: BluSky CMS
CVE-2009-XXXX [prelude-manager: password world-readable]
	- prelude-manager <not-affected> (The postinst sets correct permissions, see bug #527344)
	NOTE: FEDORA-2009-3931 http://lwn.net/Articles/331612
CVE-2009-XXXX [bash-completion: does not properly quote characters]
	- bash-completion 200811xx~bzr1223 (bug #259987)
	NOTE: adding this reference to track the fact that this has already been addressed by debian security
	NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently
	NOTE: FEDORA-2009-3639 http://lwn.net/Articles/331605
CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling fu ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ha ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1543
	REJECTED
CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 20 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1541
	REJECTED
CVE-2009-1540
	REJECTED
CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Micro ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Micro ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in quar ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and S ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS)  ...)
	NOT-FOR-US: IIS
CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in Micros ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in Micros ...)
	NOT-FOR-US: Microsoft
CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for Wind ...)
	NOT-FOR-US: Microsoft
CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...)
	- linux-2.6 2.6.29-5 (high)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...)
	NOT-FOR-US: Directadmin
CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authent ...)
	NOT-FOR-US: Directadmin
CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1. ...)
	- jetty 6.1.19-1 (low; bug #527571)
CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...)
	- jetty 6.1.19-1 (low; bug #528389)
CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 o ...)
	NOT-FOR-US: Tivoli
CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Ma ...)
	NOT-FOR-US: Tivoli
CVE-2009-1520 (Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) ...)
	NOT-FOR-US: Tivoli
CVE-2009-XXXX [moin: XSS in AttachFile.py via attachements]
	- moin 1.8.3-1 (low; bug #526594)
	[lenny] - moin 1.7.1-3+lenny2
	[etch] - moin <not-affected> (Vulnerable code not present)
	NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
	NOTE: CVE id requested
CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in libmodp ...)
	{DSA-1850-1}
	- libmodplug 1:0.8.7-1 (medium; bug #526084)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077)
	[etch] - libmodplug <not-affected> (Vulnerable code not present)
	NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug.
CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allo ...)
	NOT-FOR-US: Pecio CMS
CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3. ...)
	NOT-FOR-US: Beltane
CVE-2009-1517 (Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 A ...)
	NOT-FOR-US: ActiveX
CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX con ...)
	NOT-FOR-US: ActiveX
CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of  ...)
	- chromium-browser 5.0.375.38~r46659-1 (low)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: PumpKIN TFTP Server
CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote attacke ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6789 (SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows rem ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magi ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly ot ...)
	- xorg-server 2:1.6.1.901-3 (low; bug #526678)
	[etch] - xorg-server <no-dsa> (minor issue)
	[lenny] - xorg-server <no-dsa> (minor issue)
CVE-2009-1515 (Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c i ...)
	- file 5.02-1
	[lenny] - file <not-affected> (Vulnerable code not present)
	[etch] - file <not-affected> (Vulnerable code not present)
	NOTE: code introduced in 5.xx series
CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote aut ...)
	NOT-FOR-US: X-Forum
CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a de ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...)
	NOT-FOR-US: KoschtIT Image Gallery
CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPorta ...)
	NOT-FOR-US: MyioSoft AjaxPortal
CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in Com ...)
	NOT-FOR-US: X-Forum
CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...)
	NOT-FOR-US: Node Access User Reference module for Drupal
CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows re ...)
	NOT-FOR-US: eLitius
CVE-2009-1505 (SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 ...)
	NOT-FOR-US: News Page module for Drupal
CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass authe ...)
	NOT-FOR-US: Absolute Form Processor XE
CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document  ...)
	NOT-FOR-US: Tiger Document Management System
CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable an ...)
	NOT-FOR-US: S-Cms
CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x be ...)
	NOT-FOR-US: EXIF module for Drupal
CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...)
	NOT-FOR-US: ProjectCMS
CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component i ...)
	NOT-FOR-US: com_mailto component for Joomla!
CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...)
	NOT-FOR-US: Game Maker 2k Internet Discussion Boards
CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Pla ...)
	NOT-FOR-US: GOM Player
CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace (com_cmimarke ...)
	NOT-FOR-US: com_cmimarketplace component for Joomla!
CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root  ...)
	NOT-FOR-US: Web File Explorer
CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware C ...)
	NOT-FOR-US: Lizardware CMS
CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in Geeki ...)
	NOT-FOR-US: GeekiGeeki
CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5 allows re ...)
	NOT-FOR-US: Mini File Host
CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For Sites (SFS ...)
	NOT-FOR-US: EZ Adult Directory
CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...)
	NOT-FOR-US: EZ Home Business Directory
CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...)
	NOT-FOR-US: EZ Hosting Directory
CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...)
	NOT-FOR-US: Gaming Directory
CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for Sites (SFS ...)
	NOT-FOR-US: EZ Affiliate
CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) ...)
	NOT-FOR-US: EZ Auction
CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier  ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Sites ( ...)
	NOT-FOR-US: EZ Hot or Not
CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ca ...)
	NOT-FOR-US: HTC Touch
CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses memory-allocati ...)
	- memcached 1.2.8-1 (low; bug #526554)
	[lenny] - memcached <not-affected> (Affected compile-time options not set)
	[etch] - memcached <not-affected> (Affected compile-time options not set)
CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe R ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and Acr ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1491 (McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and ...)
	NOT-FOR-US: McAfee GroupShield for Microsoft Exchange
CVE-2009-1490 (Heap-based buffer overflow in Sendmail before 8.13.2 allows remote att ...)
	- sendmail 8.13.2-0
CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
	- samba 2:3.2.6 (bug #514151)
	[lenny] - samba 2:3.2.5-4lenny1
	[etch] - samba <not-affected> (Bug not yet present in Etch's version)
CVE-2009-1572 (The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote atta ...)
	{DSA-1788-1}
	- quagga 0.99.11-2 (high; bug #526270)
	[lenny] - quagga 0.99.10-1lenny2
	[etch] - quagga <not-affected> (no AS4 code)
CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass au ...)
	NOT-FOR-US: Fungamez
CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 al ...)
	NOT-FOR-US: Fungamez
CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows  ...)
	NOT-FOR-US: Fungamez
CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allo ...)
	NOT-FOR-US: Flatchat
CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers  ...)
	NOT-FOR-US: eMule Plus
CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface fea ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam Patt ...)
	NOT-FOR-US: Adam Patterson Studio Lounge Address Book
CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...)
	{DSA-1791-1}
	- moin 1.8.3-1 (low; bug #526594)
	[etch] - moin <not-affected> (Not exploitable)
	NOTE: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...)
	NOT-FOR-US: PuterJam's Blog
CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remo ...)
	NOT-FOR-US: Pragyan CMS
CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm in Box ...)
	NOT-FOR-US: Boxalino
CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in S ...)
	NOT-FOR-US: Solaris
CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end e ...)
	NOT-FOR-US: YourPlace
CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php i ...)
	NOT-FOR-US: YourPlace
CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check  ...)
	NOT-FOR-US: YourPlace
CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: YourPlace
CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: YourPlace
CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace 1.0. ...)
	NOT-FOR-US: YourPlace
CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in K ...)
	NOT-FOR-US: K&S Shopsoftware
CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with firmwa ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1476 (Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter ( ...)
	NOT-FOR-US: IPFilter
CVE-2009-1475
	RESERVED
CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP K ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with firmwa ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1471
	RESERVED
CVE-2009-1470
	RESERVED
CVE-2009-1469 (CRLF injection vulnerability in the Forgot Password implementation in  ...)
	NOT-FOR-US: IceWarp
CVE-2009-1468 (Multiple SQL injection vulnerabilities in the search form in server/we ...)
	NOT-FOR-US: IceWarp
CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail S ...)
	NOT-FOR-US: IceWarp
CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2)  ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default  ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.aa ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4 allows remo ...)
	NOT-FOR-US: razorCMS
CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the permis ...)
	NOT-FOR-US: razorCMS
CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page form i ...)
	NOT-FOR-US: razorCMS
CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_con ...)
	NOT-FOR-US: razorCMS
CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 ...)
	NOT-FOR-US: razorCMS
CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: razorCMS
CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke Evoluti ...)
	NOT-FOR-US: Nuke Evolution Xtreme
CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows  ...)
	NOT-FOR-US: Malleo
CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebColla ...)
	NOT-FOR-US: WebCollab
CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab bef ...)
	NOT-FOR-US: WebCollab
CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4 ...)
	NOT-FOR-US: Tiny Blogr
CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0. ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
	NOT-FOR-US: SMA-DB
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attac ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote atta ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access t ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in Silentum Logi ...)
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypas ...)
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, prob ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6761 (Static code injection vulnerability in admin/install.php in Flexcustom ...)
	NOT-FOR-US: Flexcustomer
CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain s ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain s ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php in Vi ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php in ViAr ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka C ...)
	NOT-FOR-US: CoolPlayer
CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net  ...)
	NOT-FOR-US: LovPop.net
CVE-2009-1447 (Unrestricted file upload vulnerability in admin/editor/image.php in e- ...)
	NOT-FOR-US: e-cart.biz Free Shopping Car
CVE-2009-1446 (Unrestricted file upload vulnerability in upload.php in Elkagroup Imag ...)
	NOT-FOR-US: Elkagroup Image Gallery
CVE-2009-1445 (Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta ...)
	NOT-FOR-US: WebPortal CMS
CVE-2009-1444 (PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS ...)
	NOT-FOR-US: WebPortal CMS
CVE-2009-1443 (Multiple unspecified vulnerabilities in the Server component in OCS In ...)
	- ocsinventory-server 1.02-1 (unimportant)
	NOTE: Only supported in trusted environments, see debtags
CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x befor ...)
	NOT-FOR-US: skia
CVE-2009-1441 (Heap-based buffer overflow in the ParamTraits&lt;SkBitmap&gt;::Read fu ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.2 ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-2 (bug #523365)
	- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp ...)
	{DSA-1851-1 DSA-1850-1}
	- libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
	- gst-plugins-bad0.10 0.10.10.2-1 (bug #527075)
	NOTE: gstreamer in unstable dynamically linked to external libmodplug
CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka C ...)
	NOT-FOR-US: CoolPlayer
CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PREREL ...)
	- kfreebsd-7 <not-affected> (Debian/kfreebsd uses glibc)
CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patc ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0. ...)
	- foswiki <itp> (bug #509864)
CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.co ...)
	- zoneminder 1.22.3-5
CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to t ...)
	- zoneminder 1.24.1-1 (unimportant; bug #528252)
	NOTE: we are also affected but this is not a security issue by itself even if it's ugly
CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote a ...)
	NOT-FOR-US: vBullerin addon
CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...)
	NOT-FOR-US: SilverStripe
CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in Sil ...)
	NOT-FOR-US: SilverStripe
CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corpora ...)
	NOT-FOR-US: Symantec
CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec  ...)
	NOT-FOR-US: Symantec
CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Or ...)
	NOT-FOR-US: Symantec
CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...)
	NOT-FOR-US: Symantec
CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
	NOT-FOR-US: Symantec
CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause ...)
	NOT-FOR-US: HP-UX
CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, ...)
	NOT-FOR-US: HP ProLiant
CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 o ...)
	NOT-FOR-US: ONCplus on HP HP-UX
CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-1419 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping Inv ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and e ...)
	- gnutls26 2.6.6-1 (low; bug #528281)
	[lenny] - gnutls26 <no-dsa> (Minor issue, explicitly labeled as a test program)
	- gnutls13 <removed>
	[etch] - gnutls13 <no-dsa> (Minor issue, explicitly labeled as a test program)
CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates R ...)
	- gnutls26 2.6.6-1 (medium)
	- gnutls13 <removed>
	[lenny] - gnutls26 <not-affected> (Vulnerable code not present, only affects 2.6.x)
	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not proper ...)
	- gnutls26 2.6.6-1 (medium)
	- gnutls13 <removed>
	[lenny] - gnutls26 <not-affected> (Vulnerable code not present)
	[etch] - gnutls26 <not-affected> (Vulnerable code not present)
	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ac ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, w ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol handler i ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
	- iodine 0.5.1 (low)
	[lenny] - iodine 0.4.2-2~lenny1
CVE-2009-XXXX [ntop: access.log permissions]
	- ntop <not-affected> (fedora-specific configuration issue; debian package not affected)
	NOTE: bug #524801 (http://bugs.debian.org/524801)
CVE-2009-1402
	RESERVED
CVE-2009-1401
	RESERVED
CVE-2009-1400
	RESERVED
CVE-2009-1399
	RESERVED
CVE-2009-1398
	RESERVED
CVE-2009-1397
	RESERVED
CVE-2009-1396
	RESERVED
CVE-2009-1395
	RESERVED
CVE-2009-1394 (Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows  ...)
	NOT-FOR-US: Motorola Timbuktu Pro
CVE-2009-1393
	RESERVED
CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird bef ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in Compress::Raw:: ...)
	- perl 5.10.0-23 (low; bug #532736)
	[etch] - perl <not-affected> (Doesn't yet include Compress-Raw-Zlib)
	- libcompress-raw-zlib-perl 2.015-2 (low; bug #532738)
	[lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
	[lenny] - perl 5.10.0-19lenny1
CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTL ...)
	- mutt 1.5.20-1
	[lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19)
	[etch] - mutt <not-affected> (Affected code was introduced in 1.5.19)
	[squeeze] - mutt <not-affected> (Affected code was introduced in 1.5.19)
CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the ...)
	{DSA-1865-1 DSA-1844-1}
	- linux-2.6 2.6.26-16 (high; bug #532376)
	- linux-2.6.24 <removed>
	NOTE: potential for kernel memory corruption by remote attacker
CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.1 ...)
	- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
	- linux-2.6.24 <not-affected> (problem in redhat-specific kernel patches)
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in Open ...)
	- openssl 0.9.8k-2 (low; bug #532037)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...)
	- openssl 0.9.8k-1 (low; bug #532037)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1 ...)
	{DSA-1865-1 DSA-1844-1}
	- linux-2.6 2.6.26-16 (low; bug #532721)
	- linux-2.6.24 <removed>
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RH ...)
	- libpam-krb5 <not-affected> (different code base than Debian's libpam-krb5)
CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded b ...)
	- mathtex 1.03-1 (medium; bug #537258)
CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when  ...)
	{DSA-1917-1}
	- mimetex 1.50-1.1 (medium; bug #537254)
CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in SquirrelMai ...)
	{DSA-1802-2}
	- squirrelmail 2:1.4.19-1
CVE-2009-1380 (Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in  ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment f ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2 ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)  ...)
	- pidgin 2.5.6-1
	[lenny] - pidgin <not-affected> (QQ support not yet present)
	- gaim <not-affected> (QQ support not yet present)
CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (former ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0 ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf 0.2. ...)
	{DSA-1796-1}
	- libwmf 0.2.8.4-6.1 (low; bug #526434)
CVE-2009-1363
	RESERVED
CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c  ...)
	- linux-2.6 2.6.29-1 (low; bug #529342)
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...)
	NOT-FOR-US: Seditio CMS
CVE-2009-1410 (SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows  ...)
	NOT-FOR-US: Quick.Cms.Lite
CVE-2009-1409 (SQL injection vulnerability in usersettings.php in e107 0.7.15 and ear ...)
	NOT-FOR-US: e107
CVE-2009-1408 (Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows rem ...)
	NOT-FOR-US: webSPELL
CVE-2009-1407 (Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows ...)
	NOT-FOR-US: NotFTP
CVE-2009-1406 (Directory traversal vulnerability in cms_detect.php in TotalCalendar 2 ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-1405 (Directory traversal vulnerability in index.php in PastelCMS 0.8.0, whe ...)
	NOT-FOR-US: PastelCMS
CVE-2009-1404 (SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magi ...)
	NOT-FOR-US: PastelCMS
CVE-2009-1403 (SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allo ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Conver ...)
	NOT-FOR-US: Xilisoft Video Converter
CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11 allow ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.1 ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypal ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-1362 (SQL injection vulnerability in administration/index.php in chCounter 3 ...)
	NOT-FOR-US: chCounter
CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to execute a ...)
	NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in Sun Op ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2008-6752 (adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou ...)
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6751 (Unrestricted file upload vulnerability in index.php in the Twitter Clo ...)
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6750 (Unrestricted file upload vulnerability in add.php in FlexPHPDirectory  ...)
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6749 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6748 (Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers ...)
	NOT-FOR-US: Megacubo
CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to administr ...)
	NOT-FOR-US: dotProject
CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display view i ...)
	NOT-FOR-US: Turba Contact Manager
CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain administrator ...)
	NOT-FOR-US: BlogPHP
CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cy ...)
	NOT-FOR-US: Cybozu Office
CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: RSMScript
CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System Delegat ...)
	NOT-FOR-US: Sun Java System Delegated Administrator
CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows remote att ...)
	NOT-FOR-US: Elecard AVC HD Player
CVE-2009-1355 (Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 al ...)
	NOT-FOR-US: IBM AIX
CVE-2009-1354 (Directory traversal vulnerability in Mongoose 2.4 allows remote attack ...)
	NOT-FOR-US: Mongoose
CVE-2009-1353 (Buffer overflow in the http_parse_hex function in libz/misc.c in Zervi ...)
	NOT-FOR-US: Zervit Webserver
CVE-2009-1352 (Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote  ...)
	NOT-FOR-US: PowerCHM
CVE-2009-1351 (Heap-based buffer overflow in Apollo 37zz allows remote attackers to c ...)
	NOT-FOR-US: Apollo 37zz
CVE-2009-1350 (Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client  ...)
	NOT-FOR-US: Novell NetIdentity Client
CVE-2009-1349 (Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allow ...)
	NOT-FOR-US: C2Net Stronghold
CVE-2008-6742 (Foxy P2P software allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxy P2P
CVE-2008-6741 (SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6740 (PHP remote file inclusion vulnerability in html/admin/modules/plugin_a ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-6739 (Todd Woolums ASP Download management script 1.03 does not require auth ...)
	NOT-FOR-US: Todd Woolums ASP Download management script
CVE-2008-6738 (MyShoutPro 1.2 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: MyShoutPro
CVE-2008-6737 (Crysis 1.21 and earlier allows remote attackers to obtain sensitive pl ...)
	NOT-FOR-US: Crysis
CVE-2008-6736 (Flat Calendar 1.1 does not properly restrict access to administrative  ...)
	NOT-FOR-US: Flat Calendar
CVE-2008-6735 (Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 a ...)
	NOT-FOR-US: ThaiQuickCart
CVE-2008-6734 (Directory traversal vulnerability in Public/index.php in Keller Web Ad ...)
	NOT-FOR-US: Keller Web Admin CMS
CVE-2008-6733 (Cross-site scripting (XSS) vulnerability in the error handling page in ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6732 (Cross-site scripting (XSS) vulnerability in the Language skin object i ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allo ...)
	NOT-FOR-US: MyShoutPro
CVE-2009-1358 (apt-get in apt before 0.7.21 does not check for the correct error code ...)
	{DSA-1779-1 DTSA-199-1}
	- apt 0.7.21 (bug #433091)
CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2. ...)
	{DSA-1821-1}
	- amule 2.2.5-1.1 (low; bug #525078)
	[etch] - amule <not-affected> (Doesn't support preview of complete files, which is the vulnerable part)
CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, I ...)
	NOT-FOR-US: Various AV junk
CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...)
	NOT-FOR-US: chCounter
CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 all ...)
	NOT-FOR-US: NetHoteles
CVE-2009-1345 (SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows ...)
	NOT-FOR-US: cpCommerce
CVE-2009-1344 (Cross-site scripting (XSS) vulnerability in the Localization client mo ...)
	NOT-FOR-US: Localization client for drupal
CVE-2009-1343 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: Print module for Drupal
CVE-2009-1342 (Cross-site scripting (XSS) vulnerability in the CCK comment reference  ...)
	NOT-FOR-US: CCK comment module for Drupal
CVE-2008-6731 (Unrestricted file upload vulnerability in submitlink.php in FlexPHPLin ...)
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6730 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6729 (Multiple cross-site request forgery (CSRF) vulnerabilities in password ...)
	NOT-FOR-US: PHPmotion
CVE-2008-6728 (SQL injection vulnerability in the Sections module in PHP-Nuke, probab ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6727 (Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2 ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2009-XXXX [git-core in Debian has non-root-owned files under /usr]
	- git-core 1:1.6.2.1-1 (bug #516669)
	[lenny] - git-core 1:1.5.6.5-3+lenny3.2
	NOTE: fixed accidently through spu
CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (a ...)
	{DSA-1780-1}
	- libdbd-pg-perl 2.1.3-1
CVE-2009-1340
	RESERVED
CVE-2009-1339 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1  ...)
	- twiki <removed> (bug #526258)
	NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux kerne ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before 2 ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-5
	- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly in ...)
	{DSA-1794-1}
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows rem ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html i ...)
	NOT-FOR-US: IBM Tivoli Continuous Data Protection
CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the we ...)
	NOT-FOR-US: HP Deskjet
CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and En ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.526 ...)
	NOT-FOR-US: Windows Media Player
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
	- pptp-linux 1.7.2-3 (low; bug #523476)
	[lenny] - pptp-linux <no-dsa> (Minor issue)
	[etch] - pptp-linux <no-dsa> (Minor issue)
CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote  ...)
	NOT-FOR-US: Easy RM to MP3 Converter
CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0. ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 al ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allow ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allow ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remot ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0. ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 allow ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web roo ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product  ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in include/zstore. ...)
	NOT-FOR-US: Zazzle Store Builder
CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal  ...)
	NOT-FOR-US: GuestCal
CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
	NOT-FOR-US: Jamroom
CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quo ...)
	NOT-FOR-US: Aqua CMS
CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote a ...)
	NOT-FOR-US: AbleSpace
CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 a ...)
	NOT-FOR-US: Ablespace
CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ar ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1313 (The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameTh ...)
	- xulrunner 1.9.0.10-1 (low)
	[etch] - xulrunner <not-affected> (introduced in 1.9.0.9)
	[lenny] - xulrunner <not-affected> (introduced in 1.9.0.9)
CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascr ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-as ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin imple ...)
	{DSA-1886-1}
	- iceweasel 3.0.9-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not proper ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0 ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbi ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird bef ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird be ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 c ...)
	- mpg123 1.7.2-1 (low)
	[etch] - mpg123 <no-dsa> (Minor issue)
	[lenny] - mpg123 <no-dsa> (Minor issue)
	NOTE: http://secunia.com/advisories/34587/3/
	NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
	NOTE: crashing the application
CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid da ...)
	{DSA-1779-1 DTSA-199-1}
	- apt 0.7.21 (bug #523213)
CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when reg ...)
	NOT-FOR-US: CMScout
CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote au ...)
	NOT-FOR-US: CMScout
CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1 ...)
	NOT-FOR-US: Perl Nopaste
CVE-2009-1299 (The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 an ...)
	{DSA-2017-1}
	- pulseaudio 0.9.21-1.1 (bug #573615)
CVE-2009-1298 (The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kern ...)
	{DTSA-204-1}
	- linux-2.6 2.6.32-1 (low)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (introduced in 2.6.29)
CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and S ...)
	- open-iscsi 2.0.871-1 (low; bug #547011)
	[lenny] - open-iscsi 2.0.870~rc3-0.4.1
	[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)
CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubunt ...)
	- ecryptfs-utils 75-2 (unimportant; bug #532372)
	NOTE: this is a non-issue as the debian installer doesn't support per user
	NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the
	NOTE: installer logs on disk
CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.1 ...)
	NOT-FOR-US: Apport
CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home  ...)
	NOT-FOR-US: Novell Teaming
CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 thr ...)
	NOT-FOR-US: Novell Teaming
CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x befor ...)
	NOT-FOR-US: ClearCase
CVE-2008-6723 (TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypas ...)
	NOT-FOR-US: TurnkeyForms
CVE-2008-6722 (Novell Access Manager 3 SP4 does not properly expire X.509 certificate ...)
	NOT-FOR-US: Novell Access Manager
CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article allow ...)
	NOT-FOR-US: AJ Square AJ Article
CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95. ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552
CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in libclamav ...)
	- clamav 0.95.1+dfsg-1
	[etch] - clamav <not-affected> (vulnerable code not present)
	[lenny] - clamav <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552
CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartS ...)
	NOT-FOR-US: SmartSockets
CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1289 (private/login.ssi in the Advanced Management Module (AMM) on the IBM B ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1288 (Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Ma ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1287 (Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Serv ...)
	NOT-FOR-US: Cisco Subscriber Edge Services Manager
CVE-2009-1286 (The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 a ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-6720 (SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-6719 (U&amp;M Software Event Lister (aka JustListIt) 1.0 does not require ad ...)
	NOT-FOR-US: Software Event Lister
CVE-2008-6718 (U&amp;M Software JustBookIt 1.0 does not require administrative authen ...)
	NOT-FOR-US: JustBookIt
CVE-2008-6717 (U&amp;M Software Signup 1.0 and 1.1 does not require administrative au ...)
	NOT-FOR-US: Software Signup
CVE-2008-6716 (homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not req ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal  ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2009-1285 (Static code injection vulnerability in the getConfigFile function in s ...)
	- phpmyadmin 4:3.1.3.2-1 (unimportant; bug #524804)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to by ...)
	NOT-FOR-US: xeCMS
CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote attackers to c ...)
	NOT-FOR-US: World in Conflict
CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and  ...)
	NOT-FOR-US: Crysis
CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6709 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6708 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services (SES) 3. ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management interface i ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6705 (The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Sha ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in S.T.A.L ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve function in S ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote a ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and InfiniStream  ...)
	NOT-FOR-US: NetScout Visualizer
CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organ ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library (tjs_resl ...)
	NOT-FOR-US: Resource Library extension for TYPO3
CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (wo ...)
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 ...)
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earl ...)
	NOT-FOR-US: Fussballtippspiel extension for TYPO3
CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons (timtab_so ...)
	NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3
CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TY ...)
	NOT-FOR-US: Random Prayer extension for TYPO3
CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader) extensi ...)
	NOT-FOR-US: Download system extension for TYPO3
CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training Courses  ...)
	NOT-FOR-US: Training Courses extension for TYPO3
CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar Today (p ...)
	NOT-FOR-US: Calendar Today extension for TYPO3
CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection (nd_antisp ...)
	NOT-FOR-US: Spam Protection extension for TYPO3
CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and e ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglema ...)
	NOT-FOR-US: DCD GoogleMap extension for TYPO3
CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier ex ...)
	NOT-FOR-US: CoolURI extension for TYPO3
CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0. ...)
	NOT-FOR-US: Frontend Filemanager extension for TYPO3
CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in Apartment S ...)
	NOT-FOR-US: Apartment Search Script
CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment  ...)
	NOT-FOR-US: Apartment Search Script
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to c ...)
	- texlive-bin 2009-1 (low; bug #520920)
	[etch] - texlive-bin <no-dsa> (Minor issue)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided pas ...)
	NOT-FOR-US: glFusion
CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in glFus ...)
	NOT-FOR-US: glFusion
CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allo ...)
	NOT-FOR-US: glFusion
CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the com_ ...)
	NOT-FOR-US: Joomla!
CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 thr ...)
	NOT-FOR-US: Joomla!
CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in Gra ...)
	NOT-FOR-US: Gravity Board
CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0  ...)
	NOT-FOR-US: Gravity Board
CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Sol ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other prod ...)
	- tiles 2.2.0-1
CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo befor ...)
	NOT-FOR-US: Dojo
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and  ...)
	NOT-FOR-US: Dojo
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
	- libpam-ssh 1.92-7 (low; bug #535877)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[lenny] - libpam-ssh 1.91.0-9.3+lenny1
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x befo ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3
	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before  ...)
	{DSA-1789-1 DSA-1775-1}
	- php5 5.2.9.dfsg.1-1
	- php4 <not-affected> (the JSON extension was introduced in php5.2)
	- php-json-ext <unfixed>
CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows rem ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark <not-affected> (Vulnerable code not present; introduced in 0.99.6)
CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in Wiresh ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark 0.99.4-5.etch.4
CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 th ...)
	- wireshark <not-affected> (Only affects Wireshark on Windows)
CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact ...)
	NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kern ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-4
	- linux-2.6.24 <removed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and e ...)
	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
	NOT-FOR-US: Joomla!
CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and possi ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9 ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earli ...)
	NOT-FOR-US: UltraISO
CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions Adap ...)
	NOT-FOR-US: Insane Visions AdaptBB
CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component 1. ...)
	NOT-FOR-US: Joomla!
CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows re ...)
	NOT-FOR-US: Magic ISO Maker
CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to  ...)
	NOT-FOR-US: FlexCMS
CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) Memcac ...)
	- memcached 1.2.8-1 (low)
	[etch] - memcached <no-dsa> (Minor issue)
	[lenny] - memcached <no-dsa> (Minor issue)
	[squeeze] - memcached <no-dsa> (Minor issue)
	- memcachedb 1.2.0-3 (low; bug #527330)
	[squeeze] - memcachedb <no-dsa> (Minor issue)
	NOTE: why are weaknesses in security hardening features like ASLR considered minor?
	NOTE: even though this is not directly a vulnerability itself, part of this application's armor is now missing; making it easier for unknown vulnerabilities to be effective.
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
	{DSA-2080-1}
	- ghostscript 8.64~dfsg-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6677 (Unrestricted file upload vulnerability in fckeditor251/editor/filemana ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8 ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-m ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict acces ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a d ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a d ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote at ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: nweb2fax
CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ear ...)
	NOT-FOR-US: nweb2fax
CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...)
	NOT-FOR-US: A+ PHP Scripts News Management System (NMS)
CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA al ...)
	NOT-FOR-US: Kronos webTA
CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...)
	NOT-FOR-US: Ananta CMS
CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: SH-News
CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuct ...)
	NOT-FOR-US: PHPAuctions
CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote a ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for L ...)
	NOT-FOR-US: Bitdefender
CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...)
	NOT-FOR-US: Alexey Ozerov BigDump
CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines Foru ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines Foru ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly o ...)
	{DSA-2080-1}
	- ghostscript 8.63.dfsg.1-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause  ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cau ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary c ...)
	{DSA-1764-1}
	- tunapie 2.1.17-1
CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary file ...)
	{DSA-1764-1}
	- tunapie 2.1.17-1
CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ntp_crypto. ...)
	{DSA-1801-1}
	- ntp 1:4.2.4p6+dfsg-2 (high; bug #525373)
	NOTE: VU#853097
CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in OpenA ...)
	{DSA-1768-1}
	- openafs 1.4.10+dfsg1-1
CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...)
	{DSA-1768-1}
	- openafs 1.4.10+dfsg1-1
	[etch] - openafs 1.4.2-6etch3
CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x be ...)
	NOT-FOR-US: Feed element mapper for Drupal
CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control Pa ...)
	NOT-FOR-US: Acute Control Panel
CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0  ...)
	NOT-FOR-US: Acute Control Panel
CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow rem ...)
	NOT-FOR-US: Blogplus
CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin funct ...)
	NOT-FOR-US: CCCP Community Clan Portal Pastebin
CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in V ...)
	NOT-FOR-US: VMware
CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocki ...)
	- linux-2.6 <not-affected> (Issue was introduced after 2.6.27 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementati ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.30-1
	[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
	- linux-2.6.24 <removed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
	NOT-FOR-US: Open Auto Classifieds
CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)
	NOT-FOR-US: GEDCOM_TO_MYSQL
CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in Info ...)
	NOT-FOR-US: InfoBiz Server
CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting Compon ...)
	NOT-FOR-US: Joomla!
CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote att ...)
	NOT-FOR-US: OneCMS
CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject O ...)
	NOT-FOR-US: OxYProject OxYBox
CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...)
	NOT-FOR-US: miniBloggie
CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in Kto ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 a ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3  ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix  ...)
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0 ...)
	NOT-FOR-US: Opencosmo VisualSentinel
CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...)
	NOT-FOR-US: LokiCMS
CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x al ...)
	NOT-FOR-US: DotContent FluentCMS
CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remot ...)
	NOT-FOR-US: Shader TV
CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote at ...)
	NOT-FOR-US: BatmanPorTaL
CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXpl ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader Ac ...)
	NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
	NOT-FOR-US: Library Video Company SAFARI Montage
CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody  ...)
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in Geody  ...)
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attack ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attack ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 an ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bl ...)
	NOT-FOR-US: BlogPHP
CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 an ...)
	NOT-FOR-US: wt_gallery extension for TYPO3
CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN M ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628
	REJECTED
CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1. ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and e ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02,  ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka  ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card  ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in javascript/edit ...)
	NOT-FOR-US: GraFX miniCWB
CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSy ...)
	NOT-FOR-US: ClassSystem
CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...)
	NOT-FOR-US: ClassSystem
CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in Sit ...)
	NOT-FOR-US: SiteXS CMS
CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software  ...)
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...)
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in  ...)
	NOT-FOR-US: Micro CMS
CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, w ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in Minima ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows r ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ph ...)
	NOT-FOR-US: phpcksec
CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...)
	NOT-FOR-US: phpcksec
CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events Calenda ...)
	NOT-FOR-US: DevelopItEasy Events Calendar
CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...)
	NOT-FOR-US: MatPo Link
CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows  ...)
	NOT-FOR-US: MatPo Link
CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in  ...)
	NOT-FOR-US: 2wire
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote attacker ...)
	- clamav 0.95+dfsg-1 (medium; bug #526042)
	[etch] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
	[lenny] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081 ...)
	NOT-FOR-US: IBM Proventia
CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain situ ...)
	NOT-FOR-US: IBM DB2
CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 a ...)
	NOT-FOR-US: PicoFlat CMS
CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_h ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable code not present)
CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has unkno ...)
	NOT-FOR-US: Download Center Lite
CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to o ...)
	NOT-FOR-US: Epona
CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in XMLP ...)
	NOT-FOR-US: XMLPortal
CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the we ...)
	NOT-FOR-US: CookieCheck
CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact a ...)
	NOT-FOR-US: WANPIPE
CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php i ...)
	NOT-FOR-US: PHCDownload
CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allo ...)
	NOT-FOR-US: PHCDownload
CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for TYP ...)
	NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 al ...)
	NOT-FOR-US: 3dparty typo3 extension
CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (a ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no databas ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no  ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a defau ...)
	NOT-FOR-US: Aztech port router
CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze  ...)
	NOT-FOR-US: Azureus HTML WebUI
CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in &# ...)
	NOT-FOR-US: ?Torrent (uTorrent) WebUI
CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in T ...)
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
	NOT-FOR-US: BS.player
CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in demuxers/ ...)
	- xine-lib 1.1.16.3-1 (medium; bug #522811)
	- vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and ea ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1236 (Heap-based buffer overflow in the AppleTalk networking stack in XNU 12 ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does no ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1234 (Opera 9.64 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Opera
CVE-2009-1233 (Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to ca ...)
	NOT-FOR-US: Safari on Windows
CVE-2009-1232 (Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attacke ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1231 (Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8. ...)
	NOT-FOR-US: DB2
CVE-2009-1230 (Static code injection vulnerability in index.php in Podcast Generator  ...)
	NOT-FOR-US: Podcast Generator
CVE-2009-1229 (SQL injection vulnerability in Arcadwy Arcade Script allows remote att ...)
	NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Ar ...)
	NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1227
	NOT-FOR-US: Check Point
CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not pr ...)
	NOT-FOR-US: Podcast Generator
CVE-2009-1225 (Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook ...)
	NOT-FOR-US: Turnkey Ebook Store
CVE-2009-1224 (SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.p ...)
	NOT-FOR-US: vsp stats processor
CVE-2009-1223 (aspWebCalendar Free Edition stores sensitive information under the web ...)
	NOT-FOR-US: aspWebCalendar Free Edition
CVE-2009-1222 (Directory traversal vulnerability in index.php in webEdition 6.0.0.4 a ...)
	NOT-FOR-US: webEdition
CVE-2008-6582 (SQL injection vulnerability in index.php in Miniweb 2.0 allows remote  ...)
	NOT-FOR-US: Miniweb
CVE-2008-6581 (login.php in PhpAddEdit 1.3 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: PhpAddEdit
CVE-2008-6580 (The Red_Reservations script for ColdFusion stores sensitive informatio ...)
	NOT-FOR-US: ColdFusion
CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root  ...)
	NOT-FOR-US: Web Wiz Guestbook
CVE-2009-1221
	RESERVED
CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in Web ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...)
	NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Ex ...)
	NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in Mic ...)
	NOT-FOR-US: Windows GDI+
CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c i ...)
	NOTE: Duplicate of CVE-2006-4335, confirmed by Microsoft. They're working on
	NOTE: getting it rejected
CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to obt ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server 10 ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the Communication ...)
	NOT-FOR-US: Nortel appliances
CVE-2008-6576 (Unspecified vulnerability in the "session limitation technique" in the ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Co ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement Service ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ove ...)
	- screen 4.0.3-13 (low; bug #521123)
	[etch] - screen <not-affected> (etch version predates #433338)
	[lenny] - screen 4.0.3-11+lenny1
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with  ...)
	- screen 4.0.3-13 (bug #521123)
	[lenny] - screen 4.0.3-11+lenny1
	NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
	NOTE: should this really be considered minor?  see fedora bug and FSA:
	NOTE: - https://bugzilla.redhat.com/show_bug.cgi?id=494398
	NOTE: - https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html
CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the Precis ...)
	NOT-FOR-US: PrecisionID Datamatrix ActiveX control
CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in  ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remot ...)
	- amaya <removed>
CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other versi ...)
	{DSA-1757-1}
	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and O ...)
	NOT-FOR-US: Solaris
CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Pro ...)
	NOT-FOR-US: Cafe Access Analyzer CGI Professional
CVE-2009-1205
	REJECTED
CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupw ...)
	- tikiwiki <removed>
CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with sof ...)
	NOT-FOR-US: Cisco
CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with sof ...)
	NOT-FOR-US: Cisco
CVE-2009-1201 (Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/ ...)
	NOT-FOR-US: Cisco
CVE-2009-1200
	RESERVED
CVE-2009-1199
	RESERVED
CVE-2009-1198 (Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 al ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-1197 (Apache jUDDI before 2.0 allows attackers to spoof entries in log files ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS 1.1.17 a ...)
	- cups 1.1.99.b1.r4748-1
	- cupsys <removed>
	[etch] - cupsys 1.1.99.b1.r4748-1
CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not proper ...)
	{DSA-1816-1}
	- apache2 2.2.11-6 (low; bug #530834)
CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in pango/ ...)
	{DSA-1798-1}
	- pango1.0 1.24.0-2 (medium; bug #527474)
CVE-2009-1193
	REJECTED
CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functio ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-4
	- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server  ...)
	- apache2 2.2.11-4 (low)
	[etch] - apache2 <not-affected> (introduced in 2.2.11)
	[lenny] - apache2 <not-affected> (introduced in 2.2.11)
CVE-2009-1190 (Algorithmic complexity vulnerability in the java.util.regex.Pattern.co ...)
	- libspring-2.5-java 2.5.6.SEC01-1
CVE-2009-1189 (The _dbus_validate_signature_with_reason function (dbus-marshal-valida ...)
	{DSA-1837-1}
	- dbus 1.2.14-1 (high; bug #532720)
	NOTE: remote signature spoofing possible, and this was supposed to be
	NOTE: originally fixed with the updates for CVE-2008-3834
CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the SplashBitmap::Sp ...)
	{DSA-2050-1 DSA-2028-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[etch] - poppler <not-affected> (SplashBitmap code not present)
	[lenny] - poppler 0.8.7-3.1
	- xpdf 3.02-2 (bug #575779)
	- kdegraphics 4:4.0
	- swftools 0.9.2+ds1-2
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before 0.10. ...)
	{DSA-1941-1}
	- poppler 0.10.6-1 (medium; bug #524806)
CVE-2009-1186 (Buffer overflow in the util_path_encode function in udev/lib/libudev-u ...)
	{DSA-1772-1}
	- udev 0.141-1 (medium)
CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...)
	{DSA-1772-1}
	- udev 0.141-1 (medium)
CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in security/selinux/ ...)
	{DSA-1809-1 DSA-1800-1}
	- linux-2.6 2.6.29-5
	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earl ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager  ...)
	NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in M ...)
	- mapserver 5.2.2-1 (medium; bug #523027)
	[lenny] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch)
	[etch] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch)
CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2 ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (low; bug #523027)
	NOTE: covered by 02_CVE-2009-840-CVE-2009-2281.dpatch as well
CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft AbleDati ...)
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu G ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 al ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote attac ...)
	NOT-FOR-US: Yehe
CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free ...)
	NOT-FOR-US: Gallarific Free Edition
CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impa ...)
	NOT-FOR-US: Octopussy
CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and othe ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ea ...)
	NOT-FOR-US: Trillian
CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack  ...)
	NOT-FOR-US: Jack (tR) Jax LinkLists
CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not c ...)
	NOT-FOR-US: Citrix
CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs Priv ...)
	NOT-FOR-US: Vidalia
CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs Privo ...)
	- tork <not-affected> (Affects only Windows and MacOS)
CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X,  ...)
	NOT-FOR-US: Vidalia
CVE-2006-7237 (PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libr ...)
	NOT-FOR-US: Ixprim
CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web  ...)
	NOT-FOR-US: Jax Guestbook
CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.p ...)
	NOT-FOR-US: Jax Guestbook
CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x b ...)
	NOT-FOR-US: Tivoli
CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2 ...)
	NOT-FOR-US: Tivoli
CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in th ...)
	- banshee <unfixed> (unimportant)
	NOTE: banshee is intented as a desktop music player with no serious
	NOTE: login credentials that an attacker could use remote
CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: WebSphere
CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak pe ...)
	NOT-FOR-US: WebSphere
CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security component ...)
	NOT-FOR-US: WebSphere
CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 bef ...)
	{DSA-1761-1}
	- moodle 1.8.2.dfsg-5 (medium; bug #522116)
	NOTE: this applies only to people who have a complete tex environment and
	NOTE: aren't just using mimetex to render the tex
CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 a ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...)
	{DSA-1756-1}
	- xulrunner 1.9.0.8-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0( ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-1167 (Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) p ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1166 (The administrative web interface on the Cisco Wireless LAN Controller  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1165 (Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x be ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1164 (The administrative web interface on the Cisco Wireless LAN Controller  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1163 (Memory leak on the Cisco Physical Access Gateway with software before  ...)
	NOT-FOR-US: Cisco
CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine login  ...)
	NOT-FOR-US: Cisco IronPort AsyncOS
CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco CiscoWo ...)
	NOT-FOR-US: CiscoWorks
CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series an ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2009-1153
	REJECTED
CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly othe ...)
	NOT-FOR-US: Siemens router
CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x  ...)
	{DSA-1824-1}
	- phpmyadmin 4:3.1.3.1-1
CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the export page ...)
	{DSA-1824-1}
	- phpmyadmin 4:3.1.3.1-1
CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB s ...)
	- phpmyadmin 4:3.1.3.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in the B ...)
	- phpmyadmin 4:3.1.3.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine Communica ...)
	NOT-FOR-US: VmWare
CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstati ...)
	NOT-FOR-US: VmWare
CVE-2009-1145
	RESERVED
CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf befo ...)
	- xpdf <not-affected> (Gentoo specific vulnerability in building xpdf)
CVE-2009-1143
	RESERVED
CVE-2009-1142
	RESERVED
CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 doe ...)
	NOT-FOR-US: Microsoft
CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control (aka O ...)
	NOT-FOR-US: ActiveX
CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold an ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server
CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Ex ...)
	NOT-FOR-US: Microsoft
CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection (for ...)
	NOT-FOR-US: Microsoft
CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer (P ...)
	NOT-FOR-US: Microsoft
CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-1127 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1124 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1123 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS)  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1121
	RESERVED
CVE-2009-1120 (EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remo ...)
	NOT-FOR-US: EMC
CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 a ...)
	NOT-FOR-US: EMC RepliStor
CVE-2009-1118
	RESERVED
CVE-2009-1117
	RESERVED
CVE-2009-1116
	RESERVED
CVE-2009-1115
	RESERVED
CVE-2009-1114
	RESERVED
CVE-2009-1113
	RESERVED
CVE-2009-1112
	RESERVED
CVE-2009-1111
	RESERVED
CVE-2009-1110
	RESERVED
CVE-2009-1109
	RESERVED
CVE-2009-1108
	RESERVED
CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal functio ...)
	{DSA-1795-1}
	- ldns 1.5.1-1
CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedo ...)
	- redhat-cluster 2.20081102-1
	NOTE: This seems like a non-issue, since the config file should be under control
	NOTE: of the admin?
	NOTE: Fixed in 2.03.09 upstream version.
CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users  ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in Reli ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote atta ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote atta ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attacker ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 all ...)
	NOT-FOR-US: Aztech router
CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...)
	NOT-FOR-US: Micro CMS
CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or overwrite  ...)
	- redhat-cluster 2.20081102-1
	NOTE: Fixed in 2.03.09 upstream version.
	NOTE: Similar to CVE-2008-4192 and CVE-2008-4579
CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and ...)
	NOT-FOR-US: e-vision CMS
CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire ...)
	NOT-FOR-US: Glossaire
CVE-2008-6549 (The password_checker function in config/multiconfig.py in MoinMoin 1.6 ...)
	- moin 1.6.2-1 (low)
CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check t ...)
	- moin 1.6.2-1 (low)
CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ap ...)
	- python-formencode 1.0.1-1
	[etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...)
	NOT-FOR-US: phpns
CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php i ...)
	NOT-FOR-US: Web Server Creator Web Portal
CVE-2008-6544
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM  ...)
	NOT-FOR-US: ComScripts TEAM Quick Classifieds
CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8 ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in D ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar 0.2.2- ...)
	- destar <removed> (bug #522123)
CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a di ...)
	- destar <not-affected> (bug #522123)
	NOTE: we include a default configuration user which can be changed with instructions in README.Debian
CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows ...)
	NOT-FOR-US: LightNEasy No database
CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and ...)
	- p7zip 4.57~dfsg.1-1
CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to bypass ...)
	NOT-FOR-US: PayPal eStores
CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1 ...)
	NOT-FOR-US: NULL FTP Server
CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related  ...)
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the upda ...)
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before 3.13. ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in eZoneScript ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScrip ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the ...)
	NOT-FOR-US: NTFS TmaxSoft JEUS 5
CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before release 1 ...)
	- bouncycastle 1.38-1
CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development K ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE Developmen ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server implementatio ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK)  ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java Run ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Envi ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java Ru ...)
	{DSA-1769-1}
	- sun-java6 6-13-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and Jav ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE Develo ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java  ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary f ...)
	- xfig 1:3.2.5.a-1
	[etch] - xfig <no-dsa> (Minor issue)
	[lenny] - xfig <no-dsa> (Minor issue)
CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX  ...)
	NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech r ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech rev.36 a ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in Rapidleech rev. ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote authen ...)
	NOT-FOR-US: Hannon Hill Cascade Server
CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1. ...)
	NOT-FOR-US: PPLive
CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the web ro ...)
	- piwik <itp> (bug #506933)
CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not proper ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX,  ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote a ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforc ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1077 (The Change My Password implementation in the admin interface in Sun Ja ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differ ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differ ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SS ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 all ...)
	NOT-FOR-US: GO4I.NET ASP Forum
CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev BosClassifieds allo ...)
	NOT-FOR-US: BosClassifieds
CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script  ...)
	NOT-FOR-US: Nice PHP FAQ Script
CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows remote authe ...)
	NOT-FOR-US: openInvoice
CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote attackers  ...)
	NOT-FOR-US: openInvoice
CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile functio ...)
	NOT-FOR-US: OpenTerracotta
CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attac ...)
	NOT-FOR-US: OpenTerracotta
CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in Xitami Web ...)
	NOT-FOR-US: Xitami Web Server
CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, a ...)
	NOT-FOR-US: Xitami Web Server
CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature in VidiS ...)
	NOT-FOR-US: VidiScript
CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote atta ...)
	NOT-FOR-US: NewsHOWLER
CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allo ...)
	NOT-FOR-US: phpKF-Portal
CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/ns ...)
	{DSA-1758-1}
	- nss-ldapd 0.6.8
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD c ...)
	{DSA-1800-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allo ...)
	{DSA-1774-1}
	- ejabberd 2.0.5-1 (bug #520852)
	[etch] - ejabberd <not-affected> (Vulnerable expression not present)
CVE-2009-1071 (Stack-based buffer overflow in Icarus 2.0 allows remote attackers to c ...)
	NOT-FOR-US: Icarus
CVE-2009-1070 (Cross-site scripting (XSS) vulnerability in system/index.php in Expres ...)
	NOT-FOR-US: ExpressionEngine
CVE-2009-1069 (Multiple cross-site scripting (XSS) vulnerabilities in the node edit f ...)
	NOT-FOR-US: Drupal module
CVE-2009-1068 (Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Fre ...)
	NOT-FOR-US: BS.Player
CVE-2009-1067 (Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.0 ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1066 (SQL injection vulnerability in the referral function in admin/lib/lib_ ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1065 (SQL injection vulnerability in index.php in Pixie CMS 1.01a allows rem ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1064 (Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit  ...)
	NOT-FOR-US: Orbit Downloader
CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers ...)
	NOT-FOR-US: eXeScope
CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1  ...)
	NOT-FOR-US: Acrobat Reader
CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 befo ...)
	NOT-FOR-US: Acrobat Reader
CVE-2009-1060 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1059 (Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote ...)
	NOT-FOR-US: Trident PowerZip
CVE-2009-1058 (Stack-based buffer overflow in ZipGenius might allow remote attackers  ...)
	NOT-FOR-US: ZipGenius
CVE-2009-1057 (MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execu ...)
	NOT-FOR-US: MicroSmarts Enterprise ZipItFast!
CVE-2009-1056 (IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers ...)
	NOT-FOR-US: IBM Rational AppScan Enterprise
CVE-2009-1055 (Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev ...)
	NOT-FOR-US: Sitecore CMS
CVE-2009-1054 (Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 200 ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2009-1053 (chaozzDB 1.2 and earlier stores sensitive information under the web ro ...)
	NOT-FOR-US: chaozzDB
CVE-2009-1052 (FireAnt 1.3 and earlier stores sensitive information under the web roo ...)
	NOT-FOR-US: FireAnt
CVE-2009-1051 (FubarForum 1.6 and earlier stores sensitive information under the web  ...)
	NOT-FOR-US: FubarForum
CVE-2009-1050 (Bloginator 1A allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: Bloginator
CVE-2009-1049 (SQL injection vulnerability in articleCall.php in Bloginator 1A allows ...)
	NOT-FOR-US: Bloginator
CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another p ...)
	NOT-FOR-US: yappa-ng
CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with physica ...)
	- compiz-fusion-plugins-main 0.8.2-1 (low)
	[lenny] - compiz-fusion-plugins-main <no-dsa> (Minor issue)
CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowle ...)
	NOT-FOR-US: Andy's PHP Knowledgebase
CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears befor ...)
	NOT-FOR-US: Google Gears
CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom 360 ...)
	NOT-FOR-US: snom VoIP phones
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module  ...)
	NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before 2.6.28 ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a d ...)
	- vlc 0.9.9a-1 (unimportant; bug #522170)
	NOTE: access is limited to localhost
CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute  ...)
	{DSA-1756-1}
	- xulrunner 1.9.0.8-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...)
	- kfreebsd-7 7.1-3
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlie ...)
	NOT-FOR-US: Openfire
CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Con ...)
	NOT-FOR-US: Openfire
CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3. ...)
	NOT-FOR-US: Openfire
CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin ...)
	NOT-FOR-US: Openfire
CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ob ...)
	- phpbb3 3.0.2-4
CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x be ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: looks like this was introduced in 2.x, see upstream trunk r688095
CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1 ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote a ...)
	NOT-FOR-US: WinAsm
CVE-2009-1039 (Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbi ...)
	NOT-FOR-US: CDex
CVE-2009-1038 (Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote  ...)
	NOT-FOR-US: YAP Blog
CVE-2009-1037 (Unspecified vulnerability in the Send by e-mail module in the "Printer ...)
	NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1 module b ...)
	NOT-FOR-US: Plus 1 module for Drupal
CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1. ...)
	NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x- ...)
	NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1033 (SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier al ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-1032 (SQL injection vulnerability in gallery_list.php in YABSoft Advanced Im ...)
	NOT-FOR-US: YABSoft Advanced Image Gallery
CVE-2009-1031 (Directory traversal vulnerability in the FTP server in Rhino Software  ...)
	NOT-FOR-US: FTP Rhino Software Serv-U
CVE-2009-1030 (Cross-site scripting (XSS) vulnerability in the choose_primary_blog fu ...)
	- wordpress-mu 2.9.1-1 (bug #399756)
CVE-2009-1029 (Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows r ...)
	NOT-FOR-US: POP Peeper
CVE-2009-1028 (Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote at ...)
	NOT-FOR-US: ediSys eZip Wizard
CVE-2009-1027 (SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers  ...)
	NOT-FOR-US: OpenCart
CVE-2009-1026 (Multiple SQL injection vulnerabilities in login.php in Kim Websites 1. ...)
	NOT-FOR-US: Kim Websites
CVE-2009-1025 (PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PH ...)
	NOT-FOR-US: Beerwin PHPLinkAdmin
CVE-2009-1024 (Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 all ...)
	NOT-FOR-US: Beerwin PHPLinkAdmin
CVE-2009-1023 (SQL injection vulnerability in index.php in phpComasy 0.9.1 allows rem ...)
	NOT-FOR-US: phpComasy
CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function in Gre ...)
	NOT-FOR-US: Gretech GOMlab GOM Encoder
CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in Oracl ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1012 (Unspecified vulnerability in the plug-ins for Apache and IIS web serve ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1010 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1009 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA Product Suit ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator (AquaL ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1004 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1002 (Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 Gol ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1001 (Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold throu ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1000 (The Oracle Applications Framework component in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0999 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0998 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefit ...)
	NOT-FOR-US: PeopleSoft Enterprise HRMS
CVE-2009-0997 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0996 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0995 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0994 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0993 (Unspecified vulnerability in the OPMN component in Oracle Application  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0992 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0991 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0990 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0989 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in Oracle D ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0984 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0983 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0982 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-0981 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0980 (Unspecified vulnerability in the SQLX Functions component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0979 (Unspecified vulnerability in the Resource Manager component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0978 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0977 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0976 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0975 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0974 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0973 (Unspecified vulnerability in the Cluster Ready Services component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0972 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1. ...)
	NOT-FOR-US: PrestaShop
CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remot ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6501 (Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro  ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6500 (Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart ...)
	NOT-FOR-US: CodeToad ASP Shopping Cart Script
CVE-2008-6499 (security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operatio ...)
	NOT-FOR-US: XAMPP
CVE-2008-6498 (Cross-site request forgery (CSRF) vulnerability in security/xamppsecur ...)
	NOT-FOR-US: XAMPP
CVE-2008-6497 (The Neostrada Livebox ADSL Router allows remote attackers to cause a d ...)
	NOT-FOR-US: Neostrada Livebox ADSL Router
CVE-2008-6496 (Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX co ...)
	NOT-FOR-US: VSPDFEditorX.ocx
CVE-2008-6495 (Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger  ...)
	NOT-FOR-US: Fritz Berger yet another php photo album - next generation
CVE-2008-6494 (ASP User Engine.NET stores sensitive information under the web root wi ...)
	NOT-FOR-US: ASP User Engine.NET
CVE-2008-6493 (Easy Content Management Publishing stores sensitive information under  ...)
	NOT-FOR-US: Easy Content Management Publishing
CVE-2008-6492 (Unrestricted file upload vulnerability in process.php in Tizag Countdo ...)
	NOT-FOR-US: Tizag Countdown Creator
CVE-2009-0971 (Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access A ...)
	NOT-FOR-US: futomi's CGI Cafe Access Analyzer CGI Standard Version
CVE-2009-0970 (PHP remote file inclusion vulnerability in includes/class_image.php in ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2009-0969 (Cross-site request forgery (CSRF) vulnerability in account/settings/ac ...)
	NOT-FOR-US: phpFoX
CVE-2009-0968 (SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 f ...)
	NOT-FOR-US: fMoblog plugin for WordPress
CVE-2009-0967 (The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authent ...)
	NOT-FOR-US: Serv-U
CVE-2009-0966 (PHP remote file inclusion vulnerability in cross.php in YABSoft Mega F ...)
	NOT-FOR-US: YABSoft Mega File Hosting
CVE-2009-0965 (SQL injection vulnerability in functions/browse.php in Ganesha Digital ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2009-0964 (UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passw ...)
	NOT-FOR-US: PHPRunner
CVE-2009-0963 (Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly  ...)
	NOT-FOR-US: PHPRunner
CVE-2009-0962 (Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eComme ...)
	NOT-FOR-US: Futomi's CGI Cafe MP Form Mail CGI eCommerce
CVE-2009-0961 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS  ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0960 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS  ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0959 (The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0958 (Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 thr ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0957 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0956 (Apple QuickTime before 7.6.2 does not properly initialize memory befor ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0955 (Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0954 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0953 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0952 (Buffer overflow in Apple QuickTime before 7.6.2 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0951 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows remote a ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 do ...)
	{DSA-1811-1}
	- cups 1.3.10-1
CVE-2009-0948
	RESERVED
	- file 5.02-1
CVE-2009-0947
	RESERVED
	- file 5.02-1
CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote  ...)
	{DSA-1784-1}
	- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...)
	{DSA-1988-1 DSA-1950-1 DSA-1866-1}
	- qt4-x11 4:4.5.2-1 (medium; bug #532718)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
	NOTE: http://trac.webkit.org/changeset/43590
	- kde4libs 4:4.3.0-1 (medium; bug #534917)
	[lenny] - kde4libs <not-affected> (khtml doesn't have SVG support)
	NOTE: http://websvn.kde.org/?view=rev&revision=983302
	- kdegraphics 4:4.0 (medium; bug #534918)
	NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series
	NOTE: http://websvn.kde.org/?view=rev&revision=983306
CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X ...)
	NOT-FOR-US: Microsoft Office Spotlight
CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not  ...)
	NOT-FOR-US: Help Viewer in Apple Mac OS X
CVE-2009-0942 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not  ...)
	NOT-FOR-US: Help Viewer in Apple Mac OS X
CVE-2009-0941 (The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Pri ...)
	NOT-FOR-US: HP Embedded Web Server
CVE-2009-0940 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HP E ...)
	NOT-FOR-US: HP Embedded Web Server
CVE-2008-6491 (PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0. ...)
	NOT-FOR-US: PHPGKit
CVE-2008-6490 (function/update_xml.php in FLABER 1.1 and earlier allows remote attack ...)
	NOT-FOR-US: FLABER
CVE-2008-6489 (SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for ...)
	NOT-FOR-US: MyAlbum component (com_myalbum) for Joomla!
CVE-2008-6488 (SQL injection vulnerability in index.php in SoftComplex PHP Image Gall ...)
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6487 (Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAf ...)
	NOT-FOR-US: Digiappz DigiAffiliate
CVE-2008-6486 (PHP remote file inclusion vulnerability in slideshow_uploadvideo.conte ...)
	NOT-FOR-US: sharedlog CMS
CVE-2008-6485 (SQL injection vulnerability in index.php in SoftComplex PHP Image Gall ...)
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6484 (SQL injection vulnerability in login.php in Mole Group Taxi Map Script ...)
	NOT-FOR-US: Mole Group Taxi Map Script
CVE-2008-6483 (PHP remote file inclusion vulnerability in admin.googlebase.php in the ...)
	NOT-FOR-US: Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component for Joomla!
CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the Flas ...)
	NOT-FOR-US: Flash Tree Gallery (com_treeg) component for Joomla!
CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which h ...)
	- tor 0.2.0.34-1
CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirr ...)
	- tor 0.2.0.34-1 (bug #512728)
CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirr ...)
	- tor 0.2.0.34-1 (bug #514580)
CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to c ...)
	- tor 0.2.0.34-1
CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6 ...)
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
	[lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
	- linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	- dotclear <not-affected> (Fixed before initial upload to archive)
CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Hord ...)
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #513265; medium)
CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search scrip ...)
	- horde3 3.2.2+debian0-2 (bug #513265)
	[etch] - horde3 <not-affected> (Vulnerable code not present)
CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP befor ...)
	{DSA-1770-1}
	- imp4 4.2-4 (medium; bug #513266)
CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS  ...)
	NOT-FOR-US: Nucleus CMS
CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Profess ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before ...)
	NOT-FOR-US: Adobe Reader and Adobe Acrobat
CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in Sun O ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-0925 (Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, an ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0924 (Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, wh ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-0923 (Unspecified vulnerability in Kerberos Incremental Propagation in Solar ...)
	NOT-FOR-US: Solaris
CVE-2009-0922 (PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows rem ...)
	- postgresql-8.3 8.3.7-1 (bug #517405)
	[lenny] - postgresql-8.3 8.3.7-0lenny1
	- postgresql-8.1 <removed>
	- postgresql-7.4 <removed>
	[etch] - postgresql-8.1 8.1.17-0etch1
	[etch] - postgresql-7.4 <no-dsa> (Minor issue)
CVE-2008-6481 (SQL injection vulnerability in the Versioning component (com_versionin ...)
	NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenVi ...)
	NOT-FOR-US: HP Openview
CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Networ ...)
	NOT-FOR-US: HP Openview
CVE-2009-0919 (XAMPP installs multiple packages with insecure default passwords, whic ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0918 (Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0917 (Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1 ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0916 (Unspecified vulnerability in Opera before 9.64 has unknown impact and  ...)
	NOT-FOR-US: Opera
CVE-2009-0915 (Opera before 9.64 allows remote attackers to conduct cross-domain scri ...)
	NOT-FOR-US: Opera
CVE-2009-0914 (Opera before 9.64 allows remote attackers to execute arbitrary code vi ...)
	NOT-FOR-US: Opera
CVE-2009-0913 (Unspecified vulnerability in the keysock kernel module in Solaris 10 a ...)
	NOT-FOR-US: Solaris
CVE-2009-0912 (perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly  ...)
	NOT-FOR-US: perl-MDK-Common
CVE-2009-0911
	RESERVED
CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in engine/modules/imag ...)
	NOT-FOR-US: Datalife Engine
CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the "change passwor ...)
	NOT-FOR-US: swsoft
CVE-2008-6478 (Cross-site request forgery (CSRF) vulnerability in the file manager in ...)
	NOT-FOR-US: swsoft
CVE-2008-6477 (SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote att ...)
	NOT-FOR-US: Mumbo Jumbo Media
CVE-2008-6476 (Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEn ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2008-6475 (SQL injection vulnerability in the guestbook component (components/gue ...)
	NOT-FOR-US: Drake CMS
CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote authenticate ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remot ...)
	NOT-FOR-US: Blogator-script
CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5 ...)
	NOT-FOR-US: VmWare
CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5 ...)
	NOT-FOR-US: VmWare
CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in  ...)
	NOT-FOR-US: VmWare
CVE-2009-0907
	REJECTED
CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM WebSpher ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0905 (IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not pr ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM WebS ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Fea ...)
	NOT-FOR-US: WebSphere
CVE-2009-0902
	RESERVED
CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-0900 (Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 befor ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 th ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NN ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 bef ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the initi ...)
	- xvidcore <not-affected> (Fixed before initial release)
CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the  ...)
	- xvidcore <not-affected> (Fixed before initial release)
CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) 6 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0890
	RESERVED
CVE-2009-0889 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0888 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in libpam/pam_mis ...)
	- pam 1.0.1-10 (low; bug #520115)
	[lenny] - pam 1.0.1-5+lenny1
	[etch] - pam 0.79-5+etch1
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1 ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow remot ...)
	NOT-FOR-US: Media Commands
CVE-2009-0884 (Buffer overflow in FileZilla Server before 0.9.31 allows remote attack ...)
	NOT-FOR-US: FileZilla Server (only client packaged in debian)
CVE-2009-0883 (SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when ma ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0882 (Multiple SQL injection vulnerabilities in nForum 1.5 allow remote atta ...)
	NOT-FOR-US: nForum
CVE-2009-0881 (SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows  ...)
	NOT-FOR-US: isiAJAX
CVE-2009-0880 (Directory traversal vulnerability in the CIM server in IBM Director be ...)
	NOT-FOR-US: Windows
CVE-2009-0879 (The CIM server in IBM Director before 5.20.3 Service Update 2 on Windo ...)
	NOT-FOR-US: Windows
CVE-2009-0878 (The read_game_map function in src/terrain_translation.cpp in Wesnoth b ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2009-0876 (Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and ...)
	- virtualbox-ose <not-affected> (Vulnerable code not present, Debian version patches localconf)
	[lenny] - virtualbox-ose <not-affected> (lenny version doesn't install binaries with suid 0)
CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun Solaris 8 t ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ker ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote at ...)
	[etch] - wireshark <not-affected> (vulnerable code not present)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink 1 ...)
	NOT-FOR-US: MountainGrafix easyLink
CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 all ...)
	NOT-FOR-US: ClanSphere
CVE-2008-6469 (SQL injection vulnerability in index.php in PlainCart 1.1.2 allows rem ...)
	NOT-FOR-US: PlainCart
CVE-2008-6468 (SQL injection vulnerability in index.php in Diesel Pay allows remote a ...)
	NOT-FOR-US: Diesel Pay
CVE-2008-6467 (SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel  ...)
	NOT-FOR-US: Diesel Pay
CVE-2008-6466 (SQL injection vulnerability in image_gallery.php in the Akira Powered  ...)
	NOT-FOR-US: e107
CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in we ...)
	NOT-FOR-US: Parallels H-Sphere
CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic PH ...)
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...)
	NOT-FOR-US: Diocese of Portsmouth Church Search extension for TYPO3
CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...)
	NOT-FOR-US: My quiz and poll
CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...)
	NOT-FOR-US: TYPO3 addon Random Prayer
CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects (mw_random_ob ...)
	NOT-FOR-US: TYPO3 addon Simple Random Objects
CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration (autobeus ...)
	NOT-FOR-US: TYPO3 addon auto BE User Registration
CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address &amp ...)
	NOT-FOR-US: TYPO3 addon
CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ext ...)
	NOT-FOR-US: TYPO3 addon
CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and  ...)
	NOT-FOR-US: TYPO3 addon
CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote a ...)
	NOT-FOR-US: Edikon phpShop
CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows rem ...)
	NOT-FOR-US: 6rbScript
CVE-2008-6453 (Directory traversal vulnerability in section.php in 6rbScript 3.3, whe ...)
	NOT-FOR-US: 6rbScript
CVE-2008-6452 (SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earli ...)
	NOT-FOR-US: Oceandir
CVE-2008-6451 (SQL injection vulnerability in humor.php in jPORTAL 2 allows remote at ...)
	NOT-FOR-US: jPORTAL
CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv ...)
	NOT-FOR-US: Solaris
CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does ...)
	NOT-FOR-US: Solaris
CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4 ...)
	- asterisk <not-affected> (Vulnerable code introduced in 1.4.22)
CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolar ...)
	NOT-FOR-US: Solaris
CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM  ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu Jasmin ...)
	NOT-FOR-US: Fujitsu Jasmine2000 Enterprise Edition
CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 a ...)
	NOT-FOR-US: Fujitsu Enhanced Support Facility
CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root with in ...)
	NOT-FOR-US: pHNews
CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method in the  ...)
	NOT-FOR-US: GeoVision
CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: S-Cms
CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stab ...)
	NOT-FOR-US: S-Cms
CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_outp ...)
	NOT-FOR-US: TangoCMS
CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 all ...)
	NOT-FOR-US: phpDenora
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in  ...)
	NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the Lin ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
	NOTE: for locally modified configs and even for that I fail to
	NOTE: see why anyone would run a kernel w/o CONFIG_SHMEM?
CVE-2009-0858 (The response_addname function in response.c in Daniel J. Bernstein djb ...)
	{DSA-1831-1}
	- djbdns 1:1.05-5 (low; bug #518169; bug #517631)
CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the Perfor ...)
	NOT-FOR-US: SunMC
CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample applicat ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows  ...)
	NOT-FOR-US: CelerBB
CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserve ...)
	NOT-FOR-US: CelerBB
CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_qu ...)
	NOT-FOR-US: CelerBB
CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender Internet Secur ...)
	NOT-FOR-US: BitDefender
CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in NovaStor No ...)
	NOT-FOR-US: NovaNET
CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1  ...)
	- gtk+2.0 <not-affected> (suse specific patch)
CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Affected code present, but not exploitable before 1.6.3)
CVE-2009-0846 (The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c i ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
CVE-2009-0845 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT Kerbe ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (bug #523027)
	NOTE: this can only probe for files that are not present, useless when not
	NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows rem ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (bug #523027)
	NOTE: this doesn't work under linux as the root from the directory traversal needs to exist
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c  ...)
	{DSA-1914-1}
	- mapserver 5.4.2-1 (medium; bug #523027)
	NOTE: Initial fix was incomplete
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x b ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv ...)
	NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, inc ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, includin ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction, Baby ( ...)
	NOT-FOR-US: Under Construction, Baby
CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple Century Sy ...)
	NOT-FOR-US: Century Systems routers
CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC Syst ...)
	NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor
CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail Ma ...)
	NOT-FOR-US: QuikSoft EasyMail
CVE-2008-6446 (Static code injection vulnerability in the Guestbook component in CMS  ...)
	NOT-FOR-US: CMS MAXSITE
CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact ...)
	NOT-FOR-US: YourPlace
CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might all ...)
	NOT-FOR-US: Baidu Hi IM
CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows remote  ...)
	NOT-FOR-US: phpKF
CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Contr ...)
	NOT-FOR-US: Sina Inc. DLoader Class ActiveX
CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine client, as ...)
	NOT-FOR-US: Epic Games Unreal engine client
CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to ob ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php in ABK- ...)
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php in the ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1. ...)
	NOT-FOR-US: PHPFreeForum
CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in Xerox Wo ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1  ...)
	NOT-FOR-US: phpSQLiteCMS
CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River Interactive Gro ...)
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue River In ...)
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 all ...)
	NOT-FOR-US: BMForum
CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) com ...)
	NOT-FOR-US: Joomla!
CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbi ...)
	- kaya 0.4.2-1 (low)
	[etch] - kaya <no-dsa> (Minor issue)
	NOTE: the fix checks with a regex for malicious characters in the HTTP header, see CGI.k changes
CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker Professional 1.0 ...)
	NOT-FOR-US: Hivemaker Professional
CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows remot ...)
	NOT-FOR-US: ComicShout
CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote FTP ser ...)
	NOT-FOR-US: FFFTP
CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 R ...)
	NOT-FOR-US: PassWiki
CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and  ...)
	NOT-FOR-US: PsychoStats
CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php in Soc ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read arbitr ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator (SSG)  ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader before 2008 ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows atta ...)
	NOT-FOR-US: GreenSQL-Console
CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Consol ...)
	NOT-FOR-US: GreenSQL-Console
CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a logi ...)
	- dash <not-affected> (Debian uses upstream's patch to implement -l)
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp sub ...)
	{DSA-1800-1}
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
	- linux-2.6.24 <removed>
	[etch] - linux-2.6.24 <no-dsa> (unimportant)
	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earl ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 f ...)
	NOT-FOR-US: Winamp
CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) mod ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote at ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote attac ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient acces ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...)
	NOT-FOR-US: PollHelper
CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient a ...)
	NOT-FOR-US: BlogHelper
CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3 ...)
	NOT-FOR-US: TinX/cms
CVE-2009-0824 (Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in Sl ...)
	NOT-FOR-US: Elaborate Bytes ElbyCDIO.sys
CVE-2009-0823
	RESERVED
CVE-2009-0822
	RESERVED
CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...)
	NOT-FOR-US: CCProxy
CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum S ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x ...)
	NOT-FOR-US: Answers module for Drupal
CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3. ...)
	NOT-FOR-US: Vignette Content Management
CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Explay CMS
CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks manager  ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol'bookmarks m ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks manager ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engi ...)
	NOT-FOR-US: DataLife Engine
CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone al ...)
	NOT-FOR-US: Hotscripts Clone
CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtro ...)
	NOT-FOR-US: eXtrovert Software Thyme
CVE-2008-6403 (PHP remote file inclusion vulnerability in themes/default/include/html ...)
	NOT-FOR-US: OpenRat
CVE-2008-6402 (PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart ...)
	NOT-FOR-US: Sofi WebGui
CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote at ...)
	NOT-FOR-US: JETIK-WEB
CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allow ...)
	NOT-FOR-US: refbase
CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remot ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause  ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser DoS not treated as security issues
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
	NOT-FOR-US: phpScheduleIt
CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 a ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
	- mysql-5.1 5.1.32-1
CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_t ...)
	NOT-FOR-US: Taxonomy Theme module for Drupal
CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module  ...)
	NOT-FOR-US: Protected Node module for Drupal
CVE-2009-0816 (Multiple cross-site scripting (XSS) vulnerabilities in the backend use ...)
	{DTSA-193-1}
	- typo3-src 4.2.6-1 (low; bug #514713)
	[etch] - typo3-src 4.0.2+debian-8
CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8 ...)
	{DTSA-193-1}
	- typo3-src 4.2.6-1 (medium; bug #514713)
	[etch] - typo3-src 4.0.2+debian-8
CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...)
	NOT-FOR-US: Blogsa
CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control (Im ...)
	NOT-FOR-US: ActiveX
CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23,  ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX control i ...)
	NOT-FOR-US: ActiveX
CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0 allows remo ...)
	NOT-FOR-US: xGuestbook
CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release  ...)
	NOT-FOR-US: Dassault Systemes ENOVIA SmarTeam
CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allo ...)
	NOT-FOR-US: SimpleCMMS
CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative access via  ...)
	NOT-FOR-US: zFeeder
CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authen ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...)
	NOT-FOR-US: piCal
CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
	- ziproxy 2.7.2-1 (low; bug #521051)
	[lenny] - ziproxy <no-dsa> (Minor issue)
CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuar ...)
	NOT-FOR-US: SmoothWall
CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the  ...)
	NOT-FOR-US: Qbik WinGate
CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP Ho ...)
	- squid 4.1-1 (unimportant; bug #521053)
	- squid3 3.3.3-1 (unimportant; bug #521052)
	NOTE: This only affects HTTP connections and only in transparent mode
	NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless
	NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0  (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cau ...)
	{DSA-1786-1}
	- acpid 1.0.10-1 (medium)
CVE-2009-0797
	REJECTED
CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Statu ...)
	- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
	[lenny] - libapache2-mod-perl2 2.0.4-5+lenny1
	- apache <removed>
	[etch] - apache <no-dsa> (minor issue)
CVE-2009-0795
	REJECTED
CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in src/java/org/cl ...)
	- openjdk-6 6b16-1
	[lenny] - openjdk-6 <not-affected> (no PulseAudio support included)
CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)
	{DSA-1769-1}
	- openjdk-6 6b16-1
	- lcms 1.18.dfsg-1.1 (low; bug #530785)
	[lenny] - lcms <no-dsa> (Minor issue)
	[etch] - lcms <no-dsa> (Minor issue)
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color Consort ...)
	{DSA-2080-1 DTSA-198-1}
	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as use ...)
	- cupsys <removed> (medium; bug #535488)
	- cups 1.3.10-1 (medium; bug #535489)
	[etch] - cupsys <not-affected> (pdftops source included, but not built)
	[lenny] - cups <not-affected> (pdftops source included, but not built)
CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.2 ...)
	{DSA-1760-1 DSA-1759-1}
	- openswan 1:2.6.21+dfsg-1 (medium; bug #521949)
	- strongswan 4.2.14-1 (medium; bug #521950)
CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does not pr ...)
	- openssl <not-affected> (only non-Debian architectures affected)
CVE-2009-0788 (Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly r ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs funct ...)
	- linux-2.6 2.6.29-1 (medium; bug #529326)
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28)
CVE-2009-0786
	REJECTED
CVE-2009-0785
	RESERVED
CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.2009031 ...)
	{DSA-1755-1}
	- systemtap 0.0.20090314-2
	[etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ...)
	{DSA-2207-1}
	- tomcat5.5 <removed> (low; bug #532366)
	- tomcat6 6.0.20-1 (low; bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (low; bug #532363)
CVE-2009-0782
	REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ca ...)
	{DSA-2207-1}
	- tomcat5.5 <removed> (unimportant; bug #532366)
	- tomcat6 6.0.20-1 (unimportant; bug #532362)
	- tomcat5 <removed> (unimportant; bug #532363)
	NOTE: Just examples on how to use Tomcat, not for production
CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4 ...)
	NOT-FOR-US: openbsd
CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users t ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2 ...)
	- linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonk ...)
	- iceweasel 3.0.7-1 (low; bug #576466)
	[lenny] - iceweasel <no-dsa> (minor issue)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0. ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
	{DSA-1751-1}
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird bef ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before  ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: QIP
CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier a ...)
	NOT-FOR-US: YapBB
CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: Kipper
CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01 allows ...)
	NOT-FOR-US: Kipper
CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01 allows r ...)
	NOT-FOR-US: Kipper
CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 all ...)
	NOT-FOR-US: Kipper
CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 ...)
	NOT-FOR-US: Kipper
CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment a ...)
	NOT-FOR-US: ScriptsEz Ez PHP Comment
CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1 ...)
	NOT-FOR-US: Team Board
CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the web root ...)
	NOT-FOR-US: Team Board
CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.06 ...)
	{DSA-1735-1}
	- znc 0.066-1 (bug #516950)
CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in avahi-core ...)
	{DSA-2086-1}
	- avahi 0.6.24-3 (low; bug #517683)
	[etch] - avahi <no-dsa> (Minor issue)
	NOTE: reflector is off by default
CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent at ...)
	- mpfr 2.4.0-5 (low; bug #527475)
	[lenny] - mpfr <not-affected> (Vulnerable code not yet present)
	[etch] - mpfr <not-affected> (Vulnerable code not yet present)
CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 a ...)
	- poppler 0.10.6-1 (low; bug #518478)
	[lenny] - poppler 0.8.7-2
	[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
	NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release
CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 a ...)
	{DSA-1941-1}
	- poppler 0.10.6-1 (low; bug #518478)
	[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
	[etch] - poppler <not-affected> (vulnerable code not present; forms introduced after 0.4.5)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows l ...)
	{DSA-1789-1}
	- php4 <removed> (low)
	- php5 5.2.9.dfsg.1-2 (low; bug #523049)
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary fil ...)
	- sng 1.0.2-6 (bug #496407; unimportant)
CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbi ...)
	- sgml2x 1.0.0-11.2 (bug #496368; low)
	[etch] - sgml2x <no-dsa> (Minor issue)
CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in Celerondude ...)
	NOT-FOR-US: Celerondude Uploader
CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g  ...)
	NOT-FOR-US: web management interface in 3Com Wireless
CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earl ...)
	NOT-FOR-US: CS-Cart
CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause a den ...)
	{DSA-1741-1}
	- psi 0.12.1-1 (low; bug #518468)
	[etch] - psi <not-affected> (Vulnerable code not present)
CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution 4 ...)
	- movabletype-opensource <not-affected> (bug #518469)
	NOTE: http://www.sixapart.com/pipermail/mtos-dev/2009-March/002677.html
CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service  ...)
	{DSA-1740-1}
	- yaws 1.80-1
CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script  ...)
	NOT-FOR-US: txtSQL
CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote attacke ...)
	NOT-FOR-US: Jbook
CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media Contac ...)
	NOT-FOR-US: Rae Media Contact Management Software
CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the w ...)
	NOT-FOR-US: Rapid Classified
CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ro ...)
	NOT-FOR-US: Quick Tree View .NET
CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange  ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter RevS ...)
	NOT-FOR-US: W3matter RevSense
CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment  ...)
	NOT-FOR-US: Comment Mail
CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource Man ...)
	NOT-FOR-US: SpeedTech Organization and Resource Manager
CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with  ...)
	NOT-FOR-US: ASP Portal
CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1 ...)
	NOT-FOR-US: bcoos
CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...)
	NOT-FOR-US: Active Web Helpdesk
CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...)
	NOT-FOR-US: Gallery MX
CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...)
	NOT-FOR-US: Calendar Mx Professional
CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...)
	NOT-FOR-US: Multi SEO phpBB
CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote attacke ...)
	NOT-FOR-US: Jbook
CVE-2008-6375 (JBook stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: JBook
CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive informa ...)
	NOT-FOR-US: MailingListPro Free Edition
CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified impac ...)
	- nagios3 3.0.6-3
	[etch] - nagios2 <no-dsa> (Related to CVE-2008-5028, which has minimal attack vector)
CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro  ...)
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Con ...)
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager  ...)
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m al ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in S ...)
	NOT-FOR-US: Social Groupie
CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Affili ...)
	NOT-FOR-US: Ad Server Solutions Affiliate Software Java
CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Man ...)
	NOT-FOR-US: Ad Server Solutions Ad Management Software Java
CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server Solution ...)
	NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java
CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0. ...)
	NOT-FOR-US: DesignWorks Professional
CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership Scr ...)
	NOT-FOR-US: Multiple Membership Script
CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...)
	NOT-FOR-US: InSun Feed CMS
CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in m ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbo ...)
	NOT-FOR-US: Max's Guestbook
CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie allow ...)
	NOT-FOR-US: Social Groupie
CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the  ...)
	NOT-FOR-US: MyCal Personal Events Calendar
CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root  ...)
	NOT-FOR-US: evCal Events Calendar
CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the we ...)
	NOT-FOR-US: ASPired2poll
CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web r ...)
	NOT-FOR-US: ASPired2poll
CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote  ...)
	NOT-FOR-US: ASP-CMS
CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remo ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyFor ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local Clas ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Business Survey Pro
CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery  ...)
	NOT-FOR-US: DevelopItEasy Photo Gallery
CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...)
	NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2. ...)
	{DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 b ...)
	{DSA-1749-1}
	- linux-2.6 2.6.28-2 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2 ...)
	{DSA-1749-1}
	- linux-2.6 2.6.28-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2. ...)
	{DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in t ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing
CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module fo ...)
	NOT-FOR-US: Cisco
CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) exte ...)
	NOT-FOR-US: DR Wiki extension for TYPO3
CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 al ...)
	NOT-FOR-US: SolarCMS
CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3. ...)
	NOT-FOR-US: TU-Clausthal Staff extension for TYPO3
CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc ...)
	NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3
CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser (simplefile ...)
	NOT-FOR-US: Simple File Browser extension for TYPO3
CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (S ...)
	NOT-FOR-US: SB Universal Plugin extension for TYPO3
CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_pop ...)
	NOT-FOR-US: Vox populi extension for TYPO3
CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities (wes_facil ...)
	NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3
CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System (com_vo ...)
	NOT-FOR-US: Volunteer Management System module for Joomla!
CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines Rearra ...)
	NOT-FOR-US: Text Lines Rearrange Script
CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online Ke ...)
	NOT-FOR-US: eMetrix Online Keyword Research Tool
CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract W ...)
	NOT-FOR-US: eMetrix Extract Website
CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), wh ...)
	NOT-FOR-US: RSS Simple News
CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber  ...)
	NOT-FOR-US: Streber
CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier  ...)
	NOT-FOR-US: MyTopix
CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...)
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 a ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote  ...)
	NOT-FOR-US: ProQuiz
CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as downloa ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classif ...)
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows re ...)
	NOT-FOR-US: CF_Forum
CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource CF_Aucti ...)
	NOT-FOR-US: CFMSource CF_Auction
CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows r ...)
	NOT-FOR-US: CFMSource CFMBlog
CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insu ...)
	NOT-FOR-US: CF Shopkart
CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows r ...)
	NOT-FOR-US: CF Shopkart
CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...)
	NOT-FOR-US: CF_Calendar
CVE-2008-6318 (PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl- ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6317 (Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.p ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6315 (PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars. ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module 4 ...)
	NOT-FOR-US: Tag Board module
CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit  ...)
	NOT-FOR-US: phpAddEdit
CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote  ...)
	NOT-FOR-US: ProQuiz
CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 a ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 allo ...)
	NOT-FOR-US: W3matter RevSense
CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows re ...)
	NOT-FOR-US: W3matter AskPert
CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging Syst ...)
	NOT-FOR-US: Private Messaging System
CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass authent ...)
	NOT-FOR-US: E-topbiz Link Back Checker
CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz  ...)
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory  ...)
	NOT-FOR-US: Free Directory Script
CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ma ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows rem ...)
	NOT-FOR-US: ToursManager
CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass authe ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...)
	NOT-FOR-US: Small ShoutBox module
CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 a ...)
	NOT-FOR-US: Joomla!
CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remo ...)
	NOT-FOR-US: sISAPILocation
CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...)
	NOT-FOR-US: DHCart
CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6 ...)
	NOT-FOR-US: Camera Life
CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypas ...)
	NOT-FOR-US: Acc Statistics
CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypa ...)
	NOT-FOR-US: Acc Real Estate
CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: Acc Autos
CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Acc PHP eMail
CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, w ...)
	NOT-FOR-US: nicLOR Sito
CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 allow ...)
	NOT-FOR-US: Tours Manager
CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a den ...)
	{DSA-1728-1}
	- dkim-milter 2.6.0.dfsg-2 (low)
	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in l ...)
	- optipng 0.6.2.1-1 (low)
	[etch] - optipng 0.5.5-2
	[lenny] - optipng 0.6.1.1-2
CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home ...)
	NOT-FOR-US: Craft Silicon Banking@Home
CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease allows r ...)
	NOT-FOR-US: BlueBird Prelease
CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows remote  ...)
	NOT-FOR-US: MyNews
CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows remote ...)
	NOT-FOR-US: Auth Php
CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows ...)
	NOT-FOR-US: Pebble
CVE-2009-0735 (Directory traversal vulnerability in lib/classes/message_class.php in  ...)
	NOT-FOR-US: Papoo CMS
CVE-2009-0734 (Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia ...)
	NOT-FOR-US: MultimediaPlayer.exe
CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function  ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
	- openjdk-6 6b18-1.8.13-0+squeeze2
	NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier
CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with insufficien ...)
	NOT-FOR-US: Downloadcenter
CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade Scr ...)
	NOT-FOR-US: Free Arcade Script
CVE-2009-0730 (Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) ...)
	NOT-FOR-US: GigCalendar
CVE-2009-0729 (Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Ba ...)
	NOT-FOR-US: Page Engine CMS
CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev MDPro ...)
	NOT-FOR-US: MAXdev MDPro/Postnuke
CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ear ...)
	NOT-FOR-US: taifajobs
CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component  ...)
	NOT-FOR-US: Joomla!
CVE-2009-0725
	RESERVED
CVE-2009-0724
	RESERVED
CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1 ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
	- openjdk-6 6b18-1.8.13-0+squeeze2
	NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier
CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 al ...)
	NOT-FOR-US: Potato News
CVE-2009-0721 (Unspecified vulnerability in Easy Login in the Sender module in HP Rem ...)
	NOT-FOR-US: HP Remote Graphics
CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0716 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6 ...)
	NOT-FOR-US: HP Storage Essentials
CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dp ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...)
	NOT-FOR-US: WMI Mapper
CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...)
	NOT-FOR-US: WMI Mapper
CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote attackers to r ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0709 (SQL injection vulnerability in login.php in PHPFootball 1.6 allows rem ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in Semantic ...)
	NOT-FOR-US: SemanticScuttle
CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a allo ...)
	NOT-FOR-US: PowerClan
CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) c ...)
	NOT-FOR-US: Joomla!
CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5. ...)
	NOT-FOR-US: PowerScripts PowerNews
CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows rem ...)
	NOT-FOR-US: WSN Guest
CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 a ...)
	NOT-FOR-US: ASPThai.Net Webboard
CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation (com_phocadocum ...)
	NOT-FOR-US: Joomla!
CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in Cyb ...)
	NOT-FOR-US: Cybershade
CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated use ...)
	NOT-FOR-US: Plunet BusinessManager
CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemei ...)
	NOT-FOR-US: Plunet BusinessManager
CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...)
	- xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
	- vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-0697
	RESERVED
CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 befo ...)
	{DSA-1847-1}
	- bind9 1:9.6.1.dfsg.P1-1 (bug #538975; high)
	NOTE: See also http://www.kb.cert.org/vuls/id/725188
CVE-2009-0695 (hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authent ...)
	NOT-FOR-US: Wyse Device Manager not in Debian
CVE-2009-0694
	RESERVED
CVE-2009-0693 (Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow rem ...)
	NOT-FOR-US: Wyse Device Manager not in Debian
CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in clien ...)
	{DSA-1833-2 DSA-1833-1}
	- dhcp3 3.1.2p1-1 (medium)
	NOTE: dhcp in etch is not affected.
CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit  ...)
	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit  ...)
	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa. ...)
	{DSA-1998-1 DSA-1931-1 DLA-1564-1 DLA-376-1}
	- nspr 4.8-2
	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	- kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265)
	- kde4libs 4:4.3.4-1 (medium; bug #559266)
	[lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny, hardly any attack vector)
	- mono 4.2.1.102+dfsg2-4
	[wheezy] - mono <no-dsa> (Minor issue)
	NOTE: http://www.mono-project.com/docs/about-mono/vulnerabilities/
	NOTE: https://gist.github.com/directhex/01e853567fd2cc74ed39
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23  ...)
	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
	- cyrus-sasl2-heimdal 2.1.23.dfsg1-1
	NOTE: VU#238019
CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used in Op ...)
	NOT-FOR-US: OpenBSD Packet Filter
CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in T ...)
	NOT-FOR-US: Trend Micro Internet Pro
CVE-2009-0685
	RESERVED
CVE-2009-0684
	RESERVED
CVE-2009-0683
	RESERVED
CVE-2009-0682 (vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0 ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2009-0681 (PGP Desktop before 9.10 allows local users to (1) cause a denial of se ...)
	NOT-FOR-US: PGP Desktop
CVE-2009-0680 (cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows ...)
	NOT-FOR-US: Netgear
CVE-2009-0679 (Cross-site scripting (XSS) vulnerability in the Your Account module in ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0678 (images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0677 (avatarlist.php in the Your Account module, reached through modules.php ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel be ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Original fix was incomplete/risky, see:
	NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
	NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
	NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kern ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when register ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your  ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0672 (SQL injection vulnerability in the Resend_Email module in Raven Web Se ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0671
	REJECTED
CVE-2009-0670
	RESERVED
CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...)
	{DSA-2234-1 DSA-1863-1}
	- zope3 <removed> (bug #540462)
	- zope2.11 2.11.4-1 (bug #540463)
	- zope2.10 2.10.9-1 (bug #540464)
	- zope2.9 <removed>
	- zodb 1:3.8.2-1 (bug #540465)
CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...)
	{DSA-2234-1 DSA-1863-1}
	- zope3 <removed> (medium; bug #540462)
	- zope2.11 2.11.4-1 (medium; bug #540463)
	- zope2.10 2.10.9-1 (medium; bug #540464)
	- zope2.9 <removed>
	- zodb 1:3.8.2-1 (medium; bug #540465)
CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventor ...)
	{DSA-1828-1}
	- ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416)
CVE-2009-0666
	RESERVED
CVE-2009-0665
	RESERVED
CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x be ...)
	{DSA-1778-1}
	- mahara 1.1.3-1 (low)
CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-per ...)
	{DSA-1780-1}
	- libdbd-pg-perl 2.1.3-1
CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product  ...)
	- plone3 <removed> (medium; bug #525943)
CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attack ...)
	{DSA-1744-1}
	- weechat 0.2.6.1-1 (medium; bug #519940)
	[etch] - weechat <not-affected> (vulnerable code not present)
CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 befo ...)
	{DSA-1736-1}
	- mahara 1.1.2-1 (low)
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
	NOT-FOR-US: TPTEST
CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and e ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate attacker ...)
	NOT-FOR-US: Toshiba Face Recognition
CVE-2009-0656 (Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypa ...)
	NOT-FOR-US: Asus SmartLogon
CVE-2009-0655 (Lenovo Veriface III allows physically proximate attackers to login to  ...)
	NOT-FOR-US: Lenovo Veriface
CVE-2009-0654 (Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attacke ...)
	- tor <unfixed> (unimportant)
	NOTE: attacker already controls entry and exit node at this stage
CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an  ...)
	- openssl 0.9.8-1 (bug #517791)
CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox  ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
	NOT-FOR-US: Veritas network daemon
CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
	NOT-FOR-US: TPTEST
CVE-2009-0649 (The web browser in Symbian OS on the Nokia N95 cell phone allows remot ...)
	NOT-FOR-US: Symbian OS
CVE-2008-6288 (Directory traversal vulnerability in download.php in Interface Medien  ...)
	NOT-FOR-US: Interface Medien ibase
CVE-2008-6287 (Multiple PHP remote file inclusion vulnerabilities in Broadcast Machin ...)
	NOT-FOR-US: Broadcast Machine
CVE-2008-6286 (Multiple SQL injection vulnerabilities in SubscriberStart.asp in Activ ...)
	NOT-FOR-US: Active Newsletter
CVE-2008-6285 (SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earl ...)
	NOT-FOR-US: PHP TV Portal
CVE-2008-6284 (SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remot ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6283 (Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote  ...)
	NOT-FOR-US: Subtext
CVE-2008-6282 (SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS  ...)
	NOT-FOR-US: CMS Ortus
CVE-2008-6281 (SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote ...)
	NOT-FOR-US: Bluo CMS
CVE-2008-6280 (Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys W ...)
	NOT-FOR-US: Linksys WRT160N
CVE-2008-6279 (RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remot ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6278 (Multiple cross-site scripting (XSS) vulnerabilities in product.php in  ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6277 (SQL injection vulnerability in product.php in RakhiSoftware Price Comp ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6276 (Multiple SQL injection vulnerabilities in the User Karma module 5.x be ...)
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6275 (Cross-site scripting (XSS) vulnerability in the User Karma module 5.x  ...)
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6274 (Multiple SQL injection vulnerabilities in index.php in FamilyProject 2 ...)
	NOT-FOR-US: FamilyProject
CVE-2008-6273 (Directory traversal vulnerability in configuration_script.php in MyKto ...)
	NOT-FOR-US: MyKtools
CVE-2008-6272 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0 ...)
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6271 (Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when  ...)
	NOT-FOR-US: TBmnetCMS
CVE-2008-6270 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0 ...)
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6269 (Joovili 3.1.4 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: Joovili
CVE-2008-6268 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Language ...)
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6267 (Cross-site scripting (XSS) vulnerability in detail.php in Multi Langua ...)
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6266 (SQL injection vulnerability in links.php in Appalachian State Universi ...)
	NOT-FOR-US: phpWebSite
CVE-2008-6265 (Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7 ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-6264 (SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popup ...)
	NOT-FOR-US: E-topbiz Slide Popups
CVE-2008-6263 (SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows ...)
	NOT-FOR-US: SaturnCMS
CVE-2008-6262 (SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allow ...)
	NOT-FOR-US: SaturnCMS
CVE-2008-6261 (SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows ...)
	NOT-FOR-US: E-topbiz AdManager
CVE-2008-6260 (SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3 ...)
	NOT-FOR-US: Ultrastats
CVE-2008-6259 (Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-S ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6258 (SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and p ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6257 (SQL injection vulnerability in default.asp in Openasp 3.0 and earlier  ...)
	NOT-FOR-US: Openasp
CVE-2008-6256 (SQL injection vulnerability in admincp/admincalendar.php in vBulletin  ...)
	NOT-FOR-US: vBulletin
CVE-2008-6255 (Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote ...)
	NOT-FOR-US: vBulletin
CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu Galaxies  ...)
	NOT-FOR-US: Jadu Galaxies
CVE-2008-6253 (Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pl ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 2.1.2  ...)
	NOT-FOR-US: smcFanControl
CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in phpFan ...)
	NOT-FOR-US: phpFan
CVE-2008-6250 (SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier al ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in Galatolo Web ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebMan ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS)  ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ( ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ( ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites  ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPSite
CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in O ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital As ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in archive/savedqueries/saveq ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted a ...)
	- vim 2:7.2.148-1 (low)
	[lenny] - vim <not-affected> (proof-of-concept does not work)
	[etch] - vim <no-dsa> (Minor issue)
CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and Ma ...)
	NOT-FOR-US: Joomla!
CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...)
	NOT-FOR-US: Five Dollar Scripts Drinks script
CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-6231 (Pre Classified Listing PHP allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Pre Classified Listing PHP
CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Po ...)
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: CCK module for Drupal
CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass auth ...)
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Sh ...)
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto L ...)
	NOT-FOR-US: Pre Projects PHP Auto Listings Script
CVE-2008-6225
	NOT-FOR-US: Mole Group Airline Ticket Sale Script
CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The Warr ...)
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of Th ...)
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center (com_ ...)
	NOT-FOR-US: Joomla!
CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC NetWorke ...)
	NOT-FOR-US: EMC Networker products
CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in libpng be ...)
	{DSA-1750-1}
	- libpng 1.2.33-1
CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt Frame ...)
	NOT-FOR-US: Extrakt Framework
CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Book ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6215 (Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in  ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6214 (SQL injection vulnerability in poll_results.php in Harlandscripts Pro  ...)
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2008-6213 (SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffi ...)
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2009-XXXX [thunar: potential exploits via  application launchers]
	- thunar <unfixed> (bug #517020; unimportant)
	NOTE: Minor impact, any attack would still require a significant amount of social engineering
CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally exploitable security flaw]
	- sysvinit <unfixed> (bug #517018; unimportant)
	NOTE: hardly a security issue, if an attacker has local access to the machine and you
	NOTE: don't use encryption or something similar you have lost anyway
	NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
	NOTE:   have local access to the machine. it is worth it to make it as difficult as
	NOTE:   possible without impacting authorized users. otherwise, why spend so much effort
	NOTE:   to make sure xscreensaver, gdm, and login are rock solid?
	NOTE: - i would like to track as low, rather than unimportant
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7  ...)
	{DSA-1739-1}
	- mldonkey 3.0.0-1 (bug #516829; medium)
	[etch] - mldonkey <not-affected> (vulnerable code not present)
	NOTE: daemon is run as non-root and can only be exploited via localhost
CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: Falt4 CMS
CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206,  ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2008-6212 (Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1 ...)
	NOT-FOR-US: Php-Stats
CVE-2008-6211 (Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net m ...)
	NOT-FOR-US: PhpForums.net mcGallery
CVE-2008-6210 (SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 a ...)
	NOT-FOR-US: dream4 Koobi
CVE-2008-6209 (SQL injection vulnerability in view_product.php in Vastal I-Tech Softw ...)
	NOT-FOR-US: Vastal I-Tech Software Zone
CVE-2008-6208 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS ...)
	NOT-FOR-US: e107 CMS
CVE-2008-6207 (Unrestricted file upload vulnerability in form_upload.php in PHPG Uplo ...)
	NOT-FOR-US: PHPG Upload
CVE-2008-6206 (Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 a ...)
	NOT-FOR-US: RobotStats
CVE-2008-6205 (Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flaha ...)
	NOT-FOR-US: Xavier Flahaut URLStreet
CVE-2008-6204 (Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlie ...)
	NOT-FOR-US: SuperNET Shop
CVE-2008-6203 (SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remot ...)
	NOT-FOR-US: CoBaLT
CVE-2008-6202 (SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to e ...)
	NOT-FOR-US: CoBaLT
CVE-2008-6201 (Directory traversal vulnerability in help.php in the eskuel module in  ...)
	NOT-FOR-US: KwsPHP
CVE-2008-6200 (Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow ...)
	NOT-FOR-US: Swiki
CVE-2008-6199 (2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to tri ...)
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6198 (SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin fo ...)
	NOT-FOR-US: Custom Pages 1.0 plugin for MyBulletinBoard
CVE-2008-6197 (SQL injection vulnerability in index.php in the galerie module for Kws ...)
	NOT-FOR-US: KwsPHP
CVE-2008-6196 (Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT ...)
	NOT-FOR-US: Philippe CROCHAT EasySite
CVE-2008-6195 (Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.ex ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-6194 (Memory leak in the DNS server in Microsoft Windows allows remote attac ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-6193 (Sam Crew MyBlog stores passwords in cleartext in a MySQL database, whi ...)
	NOT-FOR-US: Sam Crew MyBlog
CVE-2008-6192 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified Por ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2008-6191 (Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a h ...)
	NOT-FOR-US: Intrinsic Swimage Encore
CVE-2008-6190 (Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 a ...)
	NOT-FOR-US: EEBCMS
CVE-2008-6189 (SQL injection vulnerability in GForge 4.5.19 allows remote attackers t ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6188 (SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6187 (SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and  ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6186 (Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote ...)
	NOT-FOR-US: RaidenFTPD
CVE-2008-6185 (NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a  ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-6184 (SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-6183 (Multiple directory traversal vulnerabilities in index.php in My PHP In ...)
	NOT-FOR-US: My PHP Indexer
CVE-2008-6182 (SQL injection vulnerability in the Ignite Gallery (com_ignitegallery)  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6181 (SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4jooml ...)
	NOT-FOR-US: Joomla!
CVE-2008-6180 (SQL injection vulnerability in system/nlb_user.class.php in NewLife Bl ...)
	NOT-FOR-US: NewLife Blogger
CVE-2008-6179 (SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows r ...)
	NOT-FOR-US: IndexScript
CVE-2008-6178 (Unrestricted file upload vulnerability in editor/filemanager/browser/d ...)
	NOTE: Alleged exploit does not work.
CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ma ...)
	NOT-FOR-US: LightBlog
CVE-2008-6176
	REJECTED
CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SilverSHielD
CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-6173 (Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShar ...)
	NOT-FOR-US: ClipShare Pro
CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6171 (includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, w ...)
	- drupal5 5.12-1 (low; bug #519114)
	- drupal6 6.6-1 (low; bug #519115)
CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6169 (Cross-site request forgery (CSRF) vulnerability in the Localization cl ...)
	NOT-FOR-US: Localization modules for Drupal
CVE-2008-6168 (Cross-site scripting (XSS) vulnerability in search.php in miniPortail  ...)
	NOT-FOR-US: miniPortail
CVE-2008-6167 (Directory traversal vulnerability in search.php in miniPortail 2.2 and ...)
	NOT-FOR-US: miniPortail
CVE-2009-0646 (Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier al ...)
	NOT-FOR-US: 4Site CMS
CVE-2009-0645 (Directory traversal vulnerability in index.php in Jaws 0.8.8 allows re ...)
	NOT-FOR-US: Jaws
CVE-2009-0644 (The HTTP interface in Swann DVR4-SecuraNet has a certain default admin ...)
	NOT-FOR-US: Swann DVR4-SecuraNet
CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP News 1.0 ...)
	NOT-FOR-US: Simple PHP News
CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check th ...)
	{DSA-1860-1}
	- ruby1.9 1.9.0.5-1 (bug #513528)
	- ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939)
CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions de ...)
	NOT-FOR-US: FreeBSD telnetd (apparently there's some common code base in netkit-telnet, but it's not affected
CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in  ...)
	NOT-FOR-US: Swann DVR4-SecuraNet
CVE-2009-0639 (PHP remote file inclusion vulnerability in moduli/libri/index.php in p ...)
	NOT-FOR-US: phpyabs
CVE-2008-6166 (SQL injection vulnerability in the KBase (com_kbase) 1.2 component for ...)
	NOT-FOR-US: Joomla!
CVE-2008-6165 (SQL injection vulnerability in gestion.php in CSPartner 0.1, when magi ...)
	NOT-FOR-US: CSPartner
CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost Hos ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allo ...)
	- openx <itp> (bug #513771)
CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: Bux.to Clone script
CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) bef ...)
	NOT-FOR-US: WOW Raid Manager
CVE-2008-6160 (Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1 ...)
	NOT-FOR-US: Semantically-Interconnected Online Communities
CVE-2008-6159 (Content Management Made Easy (CMME) 1.19 allows remote attackers to ob ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_ma ...)
	- acidbase 1.2.1-1
CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Acc ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voi ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulati ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) implementa ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversa ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configu ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka ST ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allow ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when run ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attack ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine Modu ...)
	NOT-FOR-US: Cisco
CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE A ...)
	NOT-FOR-US: Cisco
CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine Modu ...)
	NOT-FOR-US: Cisco
CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine Modu ...)
	NOT-FOR-US: Cisco
CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...)
	NOT-FOR-US: Cisco
CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...)
	NOT-FOR-US: Cisco
CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) befor ...)
	NOT-FOR-US: Cisco
CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application Netwo ...)
	NOT-FOR-US: Cisco
CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default M ...)
	NOT-FOR-US: Cisco
CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default use ...)
	NOT-FOR-US: Cisco
CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking Mana ...)
	NOT-FOR-US: Cisco
CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified MeetingPl ...)
	NOT-FOR-US: Cisco
CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237  ...)
	NOT-FOR-US: Trend Micro
CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and I ...)
	NOT-FOR-US: Trend Micro
CVE-2009-0611 (Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminS ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2009-0610 (Multiple static code injection vulnerabilities in post.php in Simple P ...)
	NOT-FOR-US: Simple PHP News
CVE-2009-0609 (Sun Java System Directory Proxy Server in Sun Java System Directory Se ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-0608 (Integer overflow in the showLog function in fake_log_device.c in liblo ...)
	NOT-FOR-US: Android
CVE-2009-0607 (Multiple integer overflows in malloc_leak.c in Bionic in Open Handset  ...)
	NOT-FOR-US: Android
CVE-2009-0606 (The link_image function in linker/linker.c in the dynamic linker in Bi ...)
	NOT-FOR-US: Android
CVE-2009-0605 (Stack consumption vulnerability in the do_page_fault function in arch/ ...)
	- linux-2.6 <not-affected> (CONFIG_KPROBES is not enabled)
	- linux-2.6.24 <not-affected> (CONFIG_KPROBES is not enabled)
CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b&gt;cm ...)
	NOT-FOR-US: w3blabor CMS
CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in data/ ...)
	NOT-FOR-US: SepCity Classified Ads
CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and earl ...)
	NOT-FOR-US: PHP Director
CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the Link modu ...)
	NOT-FOR-US: Link drupal module
CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-W ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers t ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0 ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 al ...)
	NOT-FOR-US: PhpMesFilms
CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b&gt;cms (aka w3bl ...)
	NOT-FOR-US: w3b>cms
CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in phpSke ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0595 (PHP remote file inclusion vulnerability in skysilver/login.tpl.php in  ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1 ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder 3.7 al ...)
	NOT-FOR-US: plx Auto Reminder
CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earl ...)
	NOT-FOR-US: PNphpBB2
CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907  ...)
	NOT-FOR-US: AdMan
CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1  ...)
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1  ...)
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo ...)
	NOT-FOR-US: Jay Patel Pixel8 Web Photo
CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Port ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads  ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 f ...)
	NOT-FOR-US: Joomla!
CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...)
	NOT-FOR-US: Joomla!
CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: ForumApp
CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, whe ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion Forum (we ...)
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discuss ...)
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication and obta ...)
	NOT-FOR-US: OwenPoll
CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPic
CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is  ...)
	- openssl <not-affected> (vulnerable versions not uploaded to Debian)
CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remo ...)
	{DSA-1763-1}
	- openssl 0.9.8g-16 (low; bug #522002)
CVE-2009-0589
	REJECTED
CVE-2009-0588 (agent/request/op.cgi in the Registration Authority (RA) component in R ...)
	NOT-FOR-US: Registration Authority (RA) component in Red Hat Certificate System (RHCS)
CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka evolution-dat ...)
	{DSA-1813-1}
	- evolution-data-server 2.22.3-1 (medium)
	NOTE: this version doesnt fix the overflows but uses the glib functions for decoding instead
CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs ...)
	- gst-plugins-base0.10 0.10.22-4
	[lenny] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present)
	[etch] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present)
CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in  ...)
	{DSA-1748-1}
	- libsoup 2.2.105-4 (medium; bug #520039)
CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka  ...)
	{DSA-1746-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
	- argyll 1.0.3-2 (bug #522448)
	- gs-gpl <removed> (medium)
	- gs-esp <removed>
CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color Consort ...)
	{DSA-1746-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
	- argyll 1.0.3-2 (bug #522448)
	- gs-gpl <removed> (medium)
	- gs-esp <removed>
CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism  ...)
	{DSA-1813-1}
	- evolution-data-server 2.26.1.1-1
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as us ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ...)
	{DSA-2207-1}
	- tomcat6 6.0.20-1 (low; bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (low; bug #532363)
	- tomcat5.5 <removed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age (MIND ...)
	- pam 1.0.1-10 (unimportant; bug #514437)
	NOTE: the ability to change a password earlier than scheduled is not a security
	NOTE: vulnerability in itself (unless the user changes their password back to
	NOTE: their previous password; thus violating the security policy as defined by
	NOTE: the administrator)
CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify privileg ...)
	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
	[lenny] - network-manager-applet <not-affected> (Bug affected the 0.7.x series)
CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS 1.1.1 ...)
	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640
CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 a ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the theme_views_bulk_opera ...)
	NOT-FOR-US: Views Bulk Operations
CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine allows rem ...)
	NOT-FOR-US: Easy CafeEngine
CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Bu ...)
	NOT-FOR-US: FotoWeb
CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php in Flat ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillis ...)
	NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs Mailist ...)
	NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows rem ...)
	NOT-FOR-US: Becky! Internet Mail
CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0567
	REJECTED
CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0564
	RESERVED
CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3,  ...)
	NOT-FOR-US: ActiveX
CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, an ...)
	NOT-FOR-US: Microsoft
CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office 200 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, an ...)
	NOT-FOR-US: Microsoft
CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and Powe ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, an ...)
	NOT-FOR-US: Microsoft
CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report Sett ...)
	NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-ma ...)
	{DSA-1813-1}
	- evolution-data-server 2.24.5-2 (low; bug #508479)
CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier all ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote atta ...)
	NOT-FOR-US: ZeroShell
CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attack ...)
	{DSA-1726-1}
	- python-crypto 2.0.1+dfsg1-3 (bug #516660)
CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote attacker ...)
	{DSA-1730-1 DSA-1727-1}
	- proftpd-dfsg 1.3.2-1 (medium; bug #516388)
	[etch] - proftpd-dfsg <not-affected> (etch version not affected)
	[lenny] - proftpd-dfsg 1.3.1-17lenny2
CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 a ...)
	{DSA-1730-1 DSA-1727-1}
	- proftpd-dfsg 1.3.2-1 (medium; bug #516388)
	[etch] - proftpd-dfsg <not-affected> (etch version not affected)
	[lenny] - proftpd-dfsg 1.3.1-17lenny2
CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 a ...)
	NOT-FOR-US: Magento
CVE-2009-0540 (Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possib ...)
	NOT-FOR-US: Libero
CVE-2009-0539
	RESERVED
CVE-2009-0538 (Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 all ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) Ope ...)
	- glibc <not-affected> (Vulnerable code not present)
	NOTE: glibc checks the comlete path length being not longer than USHRT_MAX
	NOTE: and closes the directory path + free of structures in case , io/fts.c line 727
CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 th ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and earli ...)
	NOT-FOR-US: Thyme
CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers to exec ...)
	NOT-FOR-US: FlexCMS
CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in Scripts fo ...)
	NOT-FOR-US: Sites EZ Reminder
CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in Scripts Fo ...)
	NOT-FOR-US: Scripts For Sites (SFS) EZ Baby
CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better Member-Bas ...)
	NOT-FOR-US: A Better Member-Based ASP Photo Gallery
CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2. ...)
	NOT-FOR-US: SnippetMaster
CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster ...)
	NOT-FOR-US: SnippetMaster
CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and ea ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2009-0527 (PHP remote file inclusion vulnerability in plugins/rss_importer_functi ...)
	NOT-FOR-US: AdaptCMS
CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ad ...)
	NOT-FOR-US: AdaptCMS
CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the sajax_get_common_js fu ...)
	NOT-FOR-US: Sajax
CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 al ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php in We ...)
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in WebBiscuit ...)
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupa ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a m ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Dru ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script  ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 an ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows  ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1. ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows  ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10. ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and e ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6125 (Unspecified vulnerability in the user editing interface in Moodle 1.5. ...)
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6124 (SQL injection vulnerability in the hotpot_delete_selected_attempts fun ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp ...)
	- net-snmp 5.4.3~dfsg-1 (low; bug #516801)
	[etch] - net-snmp <no-dsa> (Minor issue)
	[lenny] - net-snmp <no-dsa> (Minor issue)
CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote attacke ...)
	NOT-FOR-US: Netgear WGR614v9
CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allo ...)
	NOT-FOR-US: SocialEngine
CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in SocialEngine (S ...)
	NOT-FOR-US: SocialEngine
CVE-2008-6119 (Static code injection vulnerability in gooplecms/admin/account/action/ ...)
	NOT-FOR-US: Goople CMS
CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers to by ...)
	NOT-FOR-US: Goople CMS
CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows  ...)
	NOT-FOR-US: PG Job Site Pro
CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme ...)
	NOT-FOR-US: Joomla!
CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
	NOT-FOR-US: Prozilla Hosting Index
CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper Zog ...)
	NOT-FOR-US: Mytipper Zogo-shop
CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.9 ...)
	NOT-FOR-US: SemanticScuttle
CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone Manager al ...)
	NOT-FOR-US: Ez Ringtone Manager
CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog System 1. ...)
	NOT-FOR-US: NetArt Media Vlog System
CVE-2009-XXXX [nautilus: potential exploits via application launchers]
	- nautilus 2.26.2-1 (low; bug #515104)
	[lenny] - nautilus <no-dsa> (Minor issue)
	[etch] - nautilus <no-dsa> (Minor issue)
	NOTE: need to submit a request for CVE id
CVE-2009-XXXX [konqueror: potential exploits via application launchers]
	- kdebase <unfixed> (unimportant; bug #515106)
	NOTE: Minor impact, any attack would still require a significant amount of social engineering
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based i ...)
	{DSA-1901-1}
	- mediawiki 1:1.14.0-1 (low; bug #514547)
	- mediawiki1.7 <removed>
	[lenny] - mediawiki 1:1.12.0-2lenny3
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, an ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 an ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before 9 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 doe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...)
	NOT-FOR-US: VMware
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earl ...)
	NOT-FOR-US: phpSlash
CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...)
	NOT-FOR-US: BusinessSpace
CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet Another NOC ...)
	NOT-FOR-US: YANOCC
CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76 allow re ...)
	NOT-FOR-US: WebFrame
CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 al ...)
	NOT-FOR-US: WebFrame
CVE-2009-0512 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0511 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0510 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere A ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for  ...)
	NOT-FOR-US: IBM TXSeries
CVE-2009-0504 (WSPolicy in the Web Services component in IBM WebSphere Application Se ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database co ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown i ...)
	NOT-FOR-US: SemanticScuttle
CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...)
	NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager
CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo Web ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, th ...)
	- linux-2.6 2.6.25-4 (low)
	- linux-2.6.24 <removed>
CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for B ...)
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...)
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows remote ...)
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk Event C ...)
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader Script allo ...)
	NOT-FOR-US: Link Trader Script
CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner Exchange Webs ...)
	NOT-FOR-US: Adult Banner Exchange Website
CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, wh ...)
	NOT-FOR-US: Discussion Forums
CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal 1.1 an ...)
	NOT-FOR-US: RPortal
CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...)
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-3 (low)
	NOTE: MSA-09-0004
CVE-2009-0501 (Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...)
	{DTSA-195-1}
	- moodle 1.8.2.dfsg-4 (low)
	[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1 ...)
	{DSA-1724-1 DTSA-195-1}
	- moodle 1.8.2.dfsg-3 (low)
CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum code in M ...)
	- moodle 1.8.2.dfsg-3 (low)
	[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information under the  ...)
	NOT-FOR-US: Virtual GuestBook
CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime Openfi ...)
	NOT-FOR-US: Openfire
CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
	NOT-FOR-US: Openfire
CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in REALT ...)
	NOT-FOR-US: REALTOR
CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...)
	NOT-FOR-US: Joomla!
CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier al ...)
	NOT-FOR-US: IT CMS
CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknow ...)
	NOT-FOR-US: SimpleIrcBot
CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081 ...)
	NOT-FOR-US: Elecard MPEG Player
CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allow ...)
	NOT-FOR-US: Phorum
CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls t ...)
	- bugzilla 3.2.4.0-1 (bug #514143)
	[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
	[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2. ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 befor ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3. ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris bef ...)
	NOT-FOR-US: Solaris
CVE-2008-6098 (Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.2 ...)
	- bugzilla <unfixed> (unimportant)
CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before ...)
	NOT-FOR-US: WikyBlog
CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
	NOT-FOR-US: Juniper NetScreen ScreenOS
CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...)
	NOT-FOR-US: OpenNMS
CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...)
	NOT-FOR-US: Celoxis Technologies Celoxis
CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...)
	NOT-FOR-US: Noname CMS
CVE-2008-6092 (phpscripts Ranking Script allows remote attackers to bypass authentica ...)
	NOT-FOR-US: phpscripts Ranking Script
CVE-2008-6091 (SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_ ...)
	NOT-FOR-US: BMForum
CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary use ...)
	- wicd 1.5.9-1
CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in Onl ...)
	NOT-FOR-US: Online Grades
CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun  ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0  ...)
	NOT-FOR-US: MultiMedia Soft audio components
CVE-2009-0475 (Integer underflow in the Huffman decoding functionality (pvmp3_huffman ...)
	NOT-FOR-US: OpenCORE
CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A  ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell Autom ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP server in  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1 ...)
	NOT-FOR-US: futomi's CGI Cafe
CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.htm ...)
	NOT-FOR-US: Profense Web Application Firewall
CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web ...)
	NOT-FOR-US: Profense Web Application Firewall
CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 all ...)
	NOT-FOR-US: Vivvo CMS
CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL ...)
	NOT-FOR-US: Synactis ALL In-The-Box ActiveX 3
CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php in Groo ...)
	NOT-FOR-US: Groone GBook
CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php in Groo ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0462 (Multiple SQL injection vulnerabilities in customer_login_check.asp in  ...)
	NOT-FOR-US: ClickTech ClickCart
CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote attackers to by ...)
	NOT-FOR-US: Whole Hog Password Protect
CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Whole Hog Ware Support
CVE-2009-0459 (Multiple SQL injection vulnerabilities in admin/login_submit.php in Wh ...)
	NOT-FOR-US: Whole Hog Password Protect
CVE-2009-0458 (Multiple SQL injection vulnerabilities in admin/login_submit.php in Wh ...)
	NOT-FOR-US: Whole Hog Ware Support
CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow r ...)
	NOT-FOR-US: AJA Portal
CVE-2009-0456 (PHP remote file inclusion vulnerability in examples/example_clientside ...)
	NOT-FOR-US: patForms
CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous comments fea ...)
	NOT-FOR-US: glFusion
CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook Man ...)
	NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration in ...)
	NOT-FOR-US: Online Grades
CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in Online  ...)
	NOT-FOR-US: Online Grades
CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attac ...)
	NOT-FOR-US: Skalfa SkaLinks
CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier  ...)
	NOT-FOR-US: BlazeVideo
CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations  ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-0448 (Directory traversal vulnerability in admin/modules/aa/preview.php in S ...)
	NOT-FOR-US: Syntax Desktop
CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in MyDesign Saya ...)
	NOT-FOR-US: MyDesign Sayac
CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remot ...)
	NOT-FOR-US: WEBalbum
CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery Builder  ...)
	NOT-FOR-US: Dreampics Gallery Builder
CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, whe ...)
	NOT-FOR-US: GRBoard
CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows  ...)
	NOT-FOR-US: Elecard AVC HD PLAYER
CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1 ...)
	NOT-FOR-US: PHPbbBook
CVE-2009-0441 (PHP remote file inclusion vulnerability in skin_shop/standard/2_view_b ...)
	NOT-FOR-US: Technote
CVE-2009-0440 (IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not pro ...)
	NOT-FOR-US: IBM WebSphere Partner Gateway
CVE-2009-0439 (Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows all ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere Applic ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x  ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libi ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere Ap ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0432 (The installation process for the File Transfer servlet in the System M ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini Hos ...)
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image  ...)
	NOT-FOR-US: ScriptsEz
CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01  ...)
	NOT-FOR-US: Joomla!
CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2 ...)
	NOT-FOR-US: Camera Life
CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...)
	NOT-FOR-US: Camera Life
CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products, including I ...)
	NOT-FOR-US: F-Secure
CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in Iamma  ...)
	NOT-FOR-US: Iamma Simple Gallery
CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta 1.0 al ...)
	NOT-FOR-US: TXTshop
CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause a den ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 allo ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles (com ...)
	NOT-FOR-US: Joomla!
CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an unsp ...)
	{DSA-2029-1}
	- imlib2 1.4.2-1 (bug #576469)
	NOTE: poked upstream for more details
CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging (com_ ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a an ...)
	NOT-FOR-US: LoudBlog
CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) 1. ...)
	NOT-FOR-US: Joomla!
CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...)
	NOT-FOR-US: Bahar Download Script
CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and earl ...)
	NOT-FOR-US: phpcrs
CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...)
	NOT-FOR-US: StorageCrypt
CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14,  ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in coders/pict. ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 fo ...)
	NOT-FOR-US: eChat plugin
CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) compone ...)
	NOT-FOR-US: Joomla!
CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...)
	NOT-FOR-US: Windows
CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a deni ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows rem ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a deni ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ca ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ca ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote a ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2008-7272 (FireGPG before 0.6 handle user&#8217;s passphrase and decrypted cleart ...)
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-7273 (A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure ...)
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard Editio ...)
	NOT-FOR-US: LinksPro
CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids all ...)
	NOT-FOR-US: Active Bids
CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote att ...)
	NOT-FOR-US: Active Bids
CVE-2009-0428 (SQL injection vulnerability in CategoryManager/upload_image_category.a ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0427 (SQL injection vulnerability in CategoryManager/upload_image_category.a ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0426 (SQL injection vulnerability in CategoryManager/upload_image_category.a ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ear ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook  ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album (PHP ...)
	NOT-FOR-US: Php Photo Album
CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in phpLis ...)
	- phplist <itp> (bug #612288)
CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x compo ...)
	NOT-FOR-US: Joomla!
CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
	NOT-FOR-US: Joomla!
CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX  ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-6067
	REJECTED
CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 all ...)
	NOT-FOR-US: Meet#Web
CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE perm ...)
	NOT-FOR-US: Oracle Database Server
CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote att ...)
	NOT-FOR-US: DomPHP
CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places  ...)
	NOT-FOR-US: Microsoft
CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary  ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary  ...)
	NOT-FOR-US: Techsmith Camtasia Studio
CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary  ...)
	NOT-FOR-US: InfoSoft FusionCharts
CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not pro ...)
	- webkit <not-affected> (bug #516555; low)
	NOTE: webkit in linux needs libsoup for cookie support
CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote attacke ...)
	NOT-FOR-US: Syslserve
CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under t ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2. ...)
	NOT-FOR-US: World Recipe
CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ro ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under  ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the we ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...)
	NOT-FOR-US: MetaCart Free
CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) 1. ...)
	NOT-FOR-US: Tech Articles
CVE-2008-6049
	REJECTED
CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...)
	NOT-FOR-US: TangoCMS
CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...)
	NOT-FOR-US: ADbNewsSender
CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remot ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(n ...)
	NOT-FOR-US: Agavi
CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based L ...)
	NOT-FOR-US: sblim-sfcb
CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...)
	- trickle 1.07-6 (bug #513456; low)
	[etch] - trickle <no-dsa> (Minor issue)
CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcu ...)
	- roundcube 0.2~stable-1 (low; bug #514179)
	[lenny] - roundcube <not-affected> (Vulnerable code not present)
CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping Car ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and  ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2 ...)
	NOT-FOR-US: osCommerce
CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 al ...)
	NOT-FOR-US: PHP-CMS
CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and earl ...)
	NOT-FOR-US: Community CMS
CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 allow ...)
	NOT-FOR-US: smartSite CMS
CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics  ...)
	NOT-FOR-US: Bioinformatics htmLawed
CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk Blog ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain Techno ...)
	NOT-FOR-US: Domain Technologie Control
CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows remo ...)
	NOT-FOR-US: E-Php CMS
CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial all ...)
	NOT-FOR-US: SocialEngine
CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator  ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in gst/qtdemux/ ...)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in gs ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W88 ...)
	NOT-FOR-US: Sony Ericsson
CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car P ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises (PLE ...)
	NOT-FOR-US: Pre Lecture Exercises
CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wi ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax mod ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...)
	NOT-FOR-US: Enomaly Elastic Computing Platform
CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) A ...)
	NOT-FOR-US: ActiveX
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
	- tightvnc <not-affected> (bug in the windows-specific client connection code)
	NOTE: http://bugs.debian.org/528204
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in gst/qtdemux ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in gs ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remot ...)
	NOT-FOR-US: OwnRS CMS
CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which  ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation 5 ...)
	- drupal5 <not-affected> (Translation module not packaged)
	- drupal6 <not-affected> (Issue only affects the 5.x branch)
CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Ca ...)
	NOT-FOR-US: BazaarBuilder Ecommerce Shopping Cart
CVE-2009-0380
	NOT-FOR-US: Sigsiu Online Business Index
CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess ...)
	NOT-FOR-US: Prince Clan Chess Club
CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the beamospet ...)
	NOT-FOR-US: Joomla!
CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla!
CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2009-0374
	- chromium-browser <unfixed> (unimportant)
	- webkit <not-affected> (poc doesn't work)
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine Delux ...)
	NOT-FOR-US: Joomla!
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik Mano ...)
	NOT-FOR-US: Miltenovik Manojlo MemHT Portal
CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and  ...)
	NOT-FOR-US: SiteXS CMS
CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 al ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-6045 (Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0 ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia Rea ...)
	NOT-FOR-US: NetArtMedia Real Estate Portal
CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Da ...)
	NOT-FOR-US: Dataspade
CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through  ...)
	NOT-FOR-US: Arcadem Pro
CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows  ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote a ...)
	NOT-FOR-US: MapCal
CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script  ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...)
	NOT-FOR-US: BaseBuilder
CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1. ...)
	NOT-FOR-US: Achievo
CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1. ...)
	NOT-FOR-US: Achievo
CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows r ...)
	NOT-FOR-US: WSN Links
CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P  ...)
	NOT-FOR-US: WSN Links
CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 all ...)
	NOT-FOR-US: WSN Links
CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3  ...)
	NOT-FOR-US: NetArtMedia Jobs Portal
CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earli ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland Li ...)
	NOT-FOR-US: Library Fez
CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in BL ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remot ...)
	NOT-FOR-US: BlueCUBE CMS
CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...)
	NOT-FOR-US: openElec
CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6023 (PHP remote file inclusion vulnerability in includes/todofleetcontrol.p ...)
	NOT-FOR-US: Xnova
CVE-2008-6022 (PHP remote file inclusion vulnerability in includes/todofleetcontrol.p ...)
	NOT-FOR-US: Xnova
CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for Secu ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...)
	NOT-FOR-US: View module (drupal module)
CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows r ...)
	NOT-FOR-US: EACOMM DO-CMS
CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when magi ...)
	NOT-FOR-US: MyPHPSite
CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows re ...)
	NOT-FOR-US: I-Rater Basic
CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows remot ...)
	NOT-FOR-US: EsFaq
CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allo ...)
	NOT-FOR-US: EsFaq
CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 all ...)
	NOT-FOR-US: Freeway
CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and earl ...)
	NOT-FOR-US: Pritlog
CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0  ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal  ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web roo ...)
	NOT-FOR-US: hyBook Guestbook Script
CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...)
	NOT-FOR-US: QuidaScript BookMarks Favourites Script
CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation Bank ...)
	NOT-FOR-US: Micronation Banking System
CVE-2009-0487 (Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows ...)
	- mahara 1.0.9-1 (low)
	[lenny] - mahara 1.0.4-4
CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allo ...)
	{DSA-1732-1}
	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
	- squid3 3.0.STABLE8-3 (medium)
	[etch] - squid <not-affected> (Vulnerable code not present)
CVE-2009-XXXX [glpi sql injection]
	- glpi 0.71.5-1 (bug #513611; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted f ...)
	{DTSA-192-1}
	- audacity 1.3.6-1 (bug #514138)
	[lenny] - audacity 1.3.5-2+lenny1
CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass i ...)
	{DSA-1734-1}
	- opensc 0.11.7-1
	[etch] - opensc <not-affected> (vulnerable code not present)
CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows rem ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an inc ...)
	{DSA-1955-1}
	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
	- network-manager 0.6.5-1 (medium)
	NOTE: network-manager in lenny not affected, because it is in network-manager-applet
CVE-2009-0364 (Format string vulnerability in the mini_calendar component in Citadel. ...)
	{DSA-1752-1}
	- webcit 7.38b-dfsg-2 (low)
CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1. ...)
	{DTSA-197-1}
	- barnowl 1.0.5-1
	[lenny] - barnowl 1.0.1-4
	- owl 2.2.2-1 (bug #515118)
	[lenny] - owl <no-dsa> (Minor issue)
	[etch] - owl <no-dsa> (Minor issue)
CVE-2009-0362 (filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expre ...)
	- fail2ban 0.8.3-2sid1 (low; bug #514163)
CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in So ...)
	{DSA-1722-1 DSA-1721-1}
	- libpam-heimdal 3.10-2.1 (bug #516695)
	- libpam-krb5 3.13-2
	[lenny] - libpam-krb5 3.11-4
CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, d ...)
	{DSA-1721-1}
	- libpam-krb5 3.13-2
	[lenny] - libpam-krb5 3.11-4
CVE-2009-0359 (Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before ...)
	{DTSA-194-1}
	- samizdat 0.6.2-2
CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) n ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not proper ...)
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ( ...)
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- kompozer <not-affected> (.desktop file support is not available)
CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox befor ...)
	- iceweasel 3.0.6-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x  ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunder ...)
	{DSA-1830-1}
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1830-1}
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform al ...)
	- systrace <removed>
CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows  ...)
	- systrace <removed>
CVE-2009-0351 (Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remo ...)
	NOT-FOR-US: WinFTP
CVE-2009-0350 (Stack-based buffer overflow in Merak Media Player 3.2 allows remote at ...)
	NOT-FOR-US: Merak Media Player
CVE-2009-0349 (Stack-based buffer overflow in FTPShell Server 4.3 allows user-assiste ...)
	NOT-FOR-US: FTPShell Server
CVE-2009-0348 (The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0347 (Open redirect vulnerability in cs.html in the Autonomy (formerly Verit ...)
	NOT-FOR-US: Autonomy (formerly Verity) Ultraseek search engine
CVE-2009-0346 (The IP-in-IP packet processing implementation in the IPsec and IP stac ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0345 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0344 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0341 (The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0340 (Multiple directory traversal vulnerabilities in Simple PHP Newsletter  ...)
	NOT-FOR-US: Simple PHP Newsletter
CVE-2009-0339 (SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0338 (Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in  ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0337 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allow ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0336 (Katy Whitton BlogIt! stores sensitive information under the web root w ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0335 (Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton  ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0334 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allow ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0333 (SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_w ...)
	NOT-FOR-US: Joomla!
CVE-2009-0332 (Multiple SQL injection vulnerabilities in AV Book Library before 1.1 a ...)
	NOT-FOR-US: AV Book Library
CVE-2009-0331 (Directory traversal vulnerability in gallery/comment.php in Enhanced S ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery (ESPG)
CVE-2009-0330 (Directory traversal vulnerability in index.php in Simple Content Manag ...)
	NOT-FOR-US: Simple Content Management System (SCMS)
CVE-2009-0329 (SQL injection vulnerability in the PcCookBook (com_pccookbook) compone ...)
	NOT-FOR-US: Joomla!
CVE-2009-0328 (ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) ...)
	NOT-FOR-US: ROBS-PROJECTS Digital Sales IPN
CVE-2009-0327 (SQL injection vulnerability in readbible.php in Free Bible Search PHP  ...)
	NOT-FOR-US: Free Bible Search PHP Script
CVE-2009-0326 (SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta all ...)
	NOT-FOR-US: Dark Age CMS
CVE-2009-0325 (Directory traversal vulnerability in entries/index.php in Ninja Blog 4 ...)
	NOT-FOR-US: Ninja Blog
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote at ...)
	NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and  ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote at ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O acti ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun So ...)
	NOT-FOR-US: Solaris
CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction P ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pr ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...)
	NOT-FOR-US: web-cp
CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to byp ...)
	NOT-FOR-US: ADN Forum
CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 20 ...)
	NOT-FOR-US: G DATA AntiVirus
CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module  ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save func ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5997 (Absolute path traversal vulnerability in admin/fileKontrola/browser.as ...)
	NOT-FOR-US: Omnicom Content Platform
CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x  ...)
	NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_fr ...)
	NOT-FOR-US: freeCap CAPTCHA extension for TYPO3
CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point C ...)
	NOT-FOR-US: Check Point Connectra
CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
	NOT-FOR-US: Barcode Generator 1D
CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2 ...)
	NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for MailSca ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab 1 ...)
	NOT-FOR-US: emergecolab
CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and  ...)
	NOT-FOR-US: PHPcounterJadu CMS
CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...)
	NOT-FOR-US: Jadu CMS
CVE-2008-XXXX [minor cyrus sasl DoS]
	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in libavfo ...)
	{DSA-1782-1 DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-16 (medium; bug #524799)
	- ffmpeg 0.svn20080206-16
	- xmovie <removed>
	- mplayer 1.0~rc2-14 (medium; bug #524805)
	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter  ...)
	{DTSA-190-1}
	- gnumeric 1.8.4-3 (low; bug #513418)
	[etch] - gnumeric 1.6.3-5.1+etch2
CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings fo ...)
	- nautilus-python 0.4.3-3.2 (low; bug #513419)
CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python i ...)
	- vim 2:7.2.025-2 (low; bug #493937)
	[lenny] - vim 1:7.1.314-3+lenny2
	[squeeze] - vim 1:7.1.314-3+lenny2
	[etch] - vim <no-dsa> (Minor issue)
	NOTE: Not included in this round, could be fixed via next DSA with other issues
CVE-2009-0315 (Untrusted search path vulnerability in the Python module in xchat allo ...)
	- xchat 2.8.6-2.1 (low; bug #513509)
	[etch] - xchat <no-dsa> (Minor issue)
CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit allo ...)
	{DTSA-191-1}
	- gedit 2.22.3-2 (low; bug #513513)
	[etch] - gedit <no-dsa> (Minor issue)
CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: winetricks
CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2  ...)
	NOT-FOR-US: EMC AutoStart
CVE-2009-0310 (Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through ...)
	NOT-FOR-US: SuSE blinux
CVE-2009-0309
	RESERVED
CVE-2009-0308
	RESERVED
CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the "Customize Statistics  ...)
	NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in  ...)
	NOT-FOR-US: IBM Lotus Notes Intellisync ActiveX
CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion RIM Ax ...)
	NOT-FOR-US: ActiveX
CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before s ...)
	NOT-FOR-US: Solaris
CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.1 ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-0302 (SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX  ...)
	NOT-FOR-US: FlexCell Grid Control
CVE-2009-0300
	REJECTED
CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows r ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...)
	NOT-FOR-US: MW6 Technologies Barcode
CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction allows  ...)
	NOT-FOR-US: ClickAuction
CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in Script Tok ...)
	NOT-FOR-US: Script Toko Online
CVE-2009-0295 (SQL injection vulnerability in index.php in Information Technology Lig ...)
	NOT-FOR-US: ITLPoll
CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, w ...)
	NOT-FOR-US: WB News
CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating Softw ...)
	NOT-FOR-US: Wazzum Dating Software
CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows rem ...)
	NOT-FOR-US: SHOP-INET
CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remo ...)
	- openx <itp> (bug #513771)
CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.0 ...)
	NOT-FOR-US: GNU Board
CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before  ...)
	NOT-FOR-US: KEEP Toolkit
CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 an ...)
	NOT-FOR-US: BBSXP
CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article Manager 1. ...)
	NOT-FOR-US: Flax Article Manager
CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows re ...)
	NOT-FOR-US: Oblog
CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking Club all ...)
	NOT-FOR-US: WarHound Walking Club
CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Asp Project Management
CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ea ...)
	NOT-FOR-US: Pardal CMS
CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in Eye of  ...)
	- eog 2.22.3-2 (bug #504352; low)
	[etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin with Python ...)
	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
	[etch] - csound <not-affected> (Vulnerable code not present)
CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphan ...)
	- epiphany-browser 2.22.3-7 (bug #504363; low)
	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia 0.96.1 ...)
	- dia 0.96.1-7.1 (low; bug #504251)
	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function  ...)
	- python3.1 3.1.2+20100703-1 (low; bug #575780)
	- python2.6 2.6.5+20100529-1 (low; bug #572010)
	- python2.5 <unfixed> (low)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.5 <no-dsa> (Minor issue, patch only introduces a new, more secure API)
	- python2.4 <unfixed> (low)
	[etch] - python2.4 <no-dsa> (Minor issue)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: I suppose the behaviour will be changed in a future Python release, but
	NOTE: a backport has a significant risk of breakage for little gain. If a
	NOTE: proper upstream patch should be available, this can be re-evaluated
	NOTE: http://bugs.python.org/issue5753
CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows r ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 an ...)
	- amaya <removed> (medium; bug #507587)
	NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...)
	{DSA-1714-1 DSA-1713-1 DSA-1712-1}
	- rt2400 1.2.2+cvs20080623-3 (bug #512999)
	- rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000)
	- rt2570 1.1.0+cvs20080623-2 (bug #513001)
	- rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995)
CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature (secu ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (low)
	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google Chrom ...)
	- chromium-browser <not-affected> (only 1.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWis ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise We ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel befo ...)
	{DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	- linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not prop ...)
	- bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x)
CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 a ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not req ...)
	- phpicalendar <removed> (bug #513517)
CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote atta ...)
	NOT-FOR-US: Sun Java System Application Server (AS)
CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0275 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy  ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0271 (Directory traversal vulnerability in the TFTP service in Fujitsu Syste ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0270 (Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWiz ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0268 (Race condition in the pseudo-terminal (aka pty) driver module in Sun S ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0267 (libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does n ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0266 (Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows u ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0264 (Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWiza ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2008-5981 (PacPoll 4.0 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: PacPoll
CVE-2008-5980 (Ocean12 Mailing List Manager Gold stores sensitive data under the web  ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5979 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mai ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5978 (Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5977 (SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE  ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5976 (Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgo ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5975 (SQL injection vulnerability in links.asp in Active Price Comparison 4. ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5974 (Multiple SQL injection vulnerabilities in login.aspx in Active Price C ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5973 (SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allow ...)
	NOT-FOR-US: Active Web Mail
CVE-2008-5972 (SQL injection vulnerability in default.asp in Active Business Director ...)
	NOT-FOR-US: Active Business Directory
CVE-2008-5971 (Cross-site scripting (XSS) vulnerability in profile_social.php in i-Ne ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5970 (SQL injection vulnerability in profile_social.php in i-Net Solution Or ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5969 (SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower al ...)
	NOT-FOR-US: Sunbyte e-Flower
CVE-2008-5966 (globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Globsy
CVE-2008-5965 (Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and ea ...)
	NOT-FOR-US: LokiCMS
CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow remote att ...)
	NOT-FOR-US: Winamp
CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 al ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 al ...)
	NOT-FOR-US: EffectMatrix Total Video Player
CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (bug #513158; low)
CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 a ...)
	NOT-FOR-US: Social ImpressCMS
CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity Getti ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in Gravity  ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Co ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.1 ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 ...)
	NOT-FOR-US: Active Test
CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...)
	NOT-FOR-US: Active Test
CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) com ...)
	NOT-FOR-US: Joomla!
CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information und ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Web ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer Database (K ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5951 (ASP Template Creature stores sensitive information under the web root  ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP Template C ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 a ...)
	NOT-FOR-US: ccTiddly
CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and earli ...)
	NOT-FOR-US: BNCwi
CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote ...)
	- openoffice.org 2.0.4.dfsg.2-7
	NOTE: Checked with maintainer and issue was fixed long ago, marking etch version as fixed for now
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into vis ...)
	NOTE: Mozilla #474967, upstream disputes this being a bug
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb e ...)
	NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy  ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0250 (Ryneezy phoSheezy 0.2 stores sensitive information under the web root  ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0249 (Katy Whitton RankEm stores sensitive information under the web root wi ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0248 (Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0247 (The server for 53KF Web IM 2009 Home, Professional, and Enterprise edi ...)
	NOT-FOR-US: 53KF Web IM
CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impac ...)
	- tor 0.2.0.33-1
CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the Micro ...)
	NOT-FOR-US: Microsoft product
CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and NoDriveTyp ...)
	NOT-FOR-US: Microsoft product
CVE-2008-5947 (PHP remote file inclusion vulnerability in include/class_yapbbcooker.p ...)
	NOT-FOR-US: YapBB
CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Nukeviet
CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 ...)
	NOT-FOR-US: NavBoard
CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) al ...)
	NOT-FOR-US: NavBoard
CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9 ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and  ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier,  ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9. ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5938 (PHP remote file inclusion vulnerability in assets/snippets/reflect/sni ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of servi ...)
	NOT-FOR-US: AyeView
CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5935 (Facto stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: Facto
CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remot ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in CM ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the web roo ...)
	NOT-FOR-US: CodeAvalanche FreeForum
CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the web r ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the web r ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory Scrip ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...)
	NOT-FOR-US: FlexPHPNews
CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Interna ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the web roo ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Di ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary  ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...)
	NOT-FOR-US: Cant Find A Gaming CMS
CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal all ...)
	NOT-FOR-US: Umer Inc Songs Portal
CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0  ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3  ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 thr ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 4 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0242
	REJECTED
CVE-2009-0241 (Stack-based buffer overflow in the process_path function in gmetad/ser ...)
	{DSA-1710-1}
	- ganglia-monitor-core 2.5.7-5 (medium; bug #512637)
CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN aut ...)
	{DSA-1725-1}
	- websvn 2.0-4+lenny1 (bug #512191)
	[etch] - websvn <not-affected> (authenthication doesn't exist in that version)
CVE-2009-0239 (Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Mic ...)
	NOT-FOR-US: Microsoft
CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Exc ...)
	NOT-FOR-US: Microsoft
CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2009-0236
	REJECTED
CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad i ...)
	NOT-FOR-US: Microsoft WordPad
CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0231 (The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in Wi ...)
	NOT-FOR-US: Microsoft
CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (P ...)
	NOT-FOR-US: Microsoft
CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in ...)
	NOT-FOR-US: Microsoft
CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft
CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer ( ...)
	NOT-FOR-US: Microsoft
CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion (RIM ...)
	NOT-FOR-US: BlackBerry
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch Applica ...)
	NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) re ...)
	{DSA-1995-1 DSA-1849-1 DTSA-205-1}
	- xml-security-c 1.4.0-4
	- xmlsec1 1.2.12-1
	[lenny] - xmlsec1 <no-dsa> (Minor issue)
	- mono 2.4.2.3+dfsg-1
	NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
	NOTE: http://web.archive.org/web/20090124230233/http://anonsvn.mono-project.com:80/viewvc?view=rev
	NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
	- openoffice.org 1:3.1.1-16
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication inv ...)
	NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM Acces ...)
	NOT-FOR-US: IBM Access Support ActiveX
CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA e-te ...)
	NOT-FOR-US: WebFGServer
CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA e-terrahab ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA e-te ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA e-te ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not properly use  ...)
	NOT-FOR-US: OSIsoft PI System
CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, whe ...)
	NOT-FOR-US: HP Virtual Rooms Client
CVE-2009-0207 (Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk ...)
	NOT-FOR-US: VERITAS Oracle Disk Manager
CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier  ...)
	NOT-FOR-US: HP ONCplus
CVE-2009-0205
	RESERVED
CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6 ...)
	NOT-FOR-US: HP Select Access
CVE-2009-0203
	RESERVED
CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and St ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/ ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMwa ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allow ...)
	NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function (jb ...)
	{DSA-2080-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
	- jbig2dec <not-affected> (already fixed in initial upload)
CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, an ...)
	{DSA-1790-1}
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
CVE-2009-0194 (The domain-locking implementation in the GARMINAXCONTROL.GarminAxContr ...)
	NOT-FOR-US: Garmin Communicator Plug-In
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 bef ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, includin ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0190
	REJECTED
CVE-2009-0189
	REJECTED
CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and p ...)
	NOT-FOR-US: Orbit Downloader
CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other pro ...)
	{DSA-1742-1 DTSA-202-1}
	- libsndfile 1.0.19-1 (medium)
CVE-2009-0185 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in Fre ...)
	NOT-FOR-US: Free Download Manager
CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download  ...)
	NOT-FOR-US: Free Download Manager
CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted atta ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an  ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedor ...)
	NOT-FOR-US: Fedora specific issue
CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other p ...)
	- libmikmod 3.1.11-6.1 (low; bug #476339)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 r ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd. ...)
	NOT-FOR-US: vmware-authd
CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the Attac ...)
	NOT-FOR-US: Attachment Service in Research in Motion
CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allo ...)
	NOT-FOR-US: Heathco Software MP3 TrackMaker
CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers t ...)
	NOT-FOR-US: VUPlayer
CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote a ...)
	- websvn 1.61-21 (bug #503330)
CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/ ...)
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #512592)
CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x befo ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low)
CVE-2008-5915 (An unspecified function in the JavaScript implementation in Google Chr ...)
	NOT-FOR-US: Google
CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple Safa ...)
	NOT-FOR-US: Apple
CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla F ...)
	- xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516)
	- iceape 2.0.5-1 (unimportant)
	[lenny] - iceape <not-affected> (Just a stub package)
	NOTE: Limited to browser life time
CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix Mobil ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possi ...)
	- libmikmod 3.1.11-6.1 (low; bug #461519)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
	- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
	[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)
CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-0172 (Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a,  ...)
	NOT-FOR-US: IBM DB2 9.1
CVE-2009-0171 (The Sun SPARC Enterprise M4000 and M5000 Server, within a certain rang ...)
	NOT-FOR-US: Sun SPARC Enterprise M4000 and M5000 Server
CVE-2009-0170 (Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows re ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0169 (Sun Java System Access Manager 7.1 allows remote authenticated sub-rea ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0168 (Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris  ...)
	NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris
CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as  ...)
	{DSA-1793-1 DSA-1790-1}
	- xpdf 3.02-1.4+lenny1 (low; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (low; bug #528369)
CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the HTTP Ho ...)
	- cups 1.3.10-1 (low)
	[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for attack)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for attack)
CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...)
	{DSA-1773-1}
	- cups 1.3.10-1
	- cupsys <removed>
CVE-2009-0162 (Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 ...)
	NOT-FOR-US: Safari
CVE-2009-0161 (The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: Mac OS X
	NOTE: dupe of CVE-2009-0642
CVE-2009-0160 (QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 all ...)
	NOT-FOR-US: QuickDraw Manager
CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...)
	{DSA-1801-1}
	- ntp 1:4.2.4p6+dfsg-2 (low; bug #525373)
CVE-2009-0158 (Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10 ...)
	NOT-FOR-US: telnet in Apple Mac OS X
CVE-2009-0157 (Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before  ...)
	NOT-FOR-US: CFNetwork in Apple
CVE-2009-0156 (Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allow ...)
	NOT-FOR-US: Launch Services in Apple Mac OS
CVE-2009-0155 (Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS
CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Type Services
CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x ver ...)
	{DSA-1889-1}
	- icu 4.0.1-1 (low; bug #534590)
CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instan ...)
	NOT-FOR-US: iChat in Apple Mac OS X
CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not ...)
	NOT-FOR-US: screen saver in Dock in Apple Mac OS X
CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to ga ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attacker ...)
	{DSA-1806-1}
	- cscope 15.7a-1 (low; bug #528510)
CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ea ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (low; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ear ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone  ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse ...)
	NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-0143 (Apple iTunes before 8.1 does not properly inform the user about the or ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local use ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creat ...)
	NOT-FOR-US: XTerm in Apple Mac OS X
CVE-2009-0140 (Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0139 (Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0138 (servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0137 (Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0134 (Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX contro ...)
	NOT-FOR-US: EasyGrid.SGCtrl.32 ActiveX control
CVE-2008-5910 (Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown  ...)
	NOT-FOR-US: txzonemgr in Sun OpenSolaris
CVE-2008-5909 (Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown i ...)
	NOT-FOR-US: conv_lpd in Sun OpenSolaris
CVE-2008-5908 (Unspecified vulnerability in the root/boot archive tool in Sun OpenSol ...)
	NOT-FOR-US: root/boot archive tool in Sun OpenSolaris
CVE-2009-0135 (Multiple integer overflows in the Audible::Tag::readTag function in me ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0136 (Multiple array index errors in the Audible::Tag::readTag function in m ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0133 (Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allow ...)
	NOT-FOR-US: Microsoft HTML Help Workshop
CVE-2009-0132 (Integer overflow in the aio_suspend function in Sun Solaris 8 through  ...)
	NOT-FOR-US: Solaris
CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...)
	NOT-FOR-US: UFS in OpenSolaris
CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not proper ...)
	- erlang <unfixed> (unimportant; bug #511520)
	NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which
	NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise
	NOTE: this is likely to be rejected
CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value fro ...)
	- libcrypt-openssl-dsa-perl 0.13-4 (bug #511519)
CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Re ...)
	{DTSA-185-1}
	- slurm-llnl 1.3.13-1 (bug #511511)
CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from  ...)
	- m2crypto <unfixed> (bug #511515; unimportant)
	NOTE: m2crypto provides a direct mapping of the OpenSSL functions, no incorrect
	NOTE: call sites are known, if such are found they should be fixed in the respective
	NOTE: applications
CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...)
	{DSA-1718-1}
	- boinc 6.2.14-3 (bug #511521)
CVE-2009-0125
	- libnasl <removed> (unimportant; bug #511517)
CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radi ...)
	- tqsllib 2.0-8 (low; bug #511509)
	[etch] - tqsllib <no-dsa> (Minor issue)
CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8. ...)
	- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42,  ...)
	{DSA-1750-1}
	- libpng 1.2.35-1 (bug #512665)
	NOTE: Only an issues when using libpng to create out-of-spec images
CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent b ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote attack ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2009-XXXX [unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry]
	- drupal6 6.6-3
CVE-2009-XXXX [unspecified Drupal SQL injection]
	- drupal5 5.15-1
CVE-2009-0121 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allow ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0120 (The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3. ...)
	NOT-FOR-US: Web Sphere
CVE-2009-0119 (Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2009-0118
	RESERVED
CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information Servic ...)
	NOT-FOR-US: IIS
CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log request ...)
	NOT-FOR-US: IIS
CVE-1999-1593 (Windows Internet Naming Service (WINS) allows remote attackers to caus ...)
	NOT-FOR-US: Windows
CVE-2009-0117
	RESERVED
CVE-2009-0116
	RESERVED
CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or device-m ...)
	{DSA-1767-1}
	- multipath-tools 0.4.8-15 (low; bug #522813)
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root  ...)
	NOT-FOR-US: iyzi Forum
CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...)
	NOT-FOR-US: CodeAvalanche Articles
CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ro ...)
	NOT-FOR-US: CodeAvalanche FreeForAll
CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web roo ...)
	NOT-FOR-US: CodeAvalanche Directory
CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeWallpaper
CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ro ...)
	NOT-FOR-US: CodeAvalanche RateMySite
CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ea ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 allow ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in Clic ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote a ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing functi ...)
	NOT-FOR-US: Injader
CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 allow ...)
	NOT-FOR-US: Injader
CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&amp;Rank ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&amp;Rank allow remote  ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via unk ...)
	- phplist <itp> (bug #612288)
CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
	NOT-FOR-US: TAKempis Discussion Web
CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web  ...)
	NOT-FOR-US: Net Guys ASPired2Quote
CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of servi ...)
	NOT-FOR-US: AyeView
CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...)
	NOT-FOR-US: mini-pub
CVE-2008-5904 (The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrd ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5903 (Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bi ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...)
	- amaya <removed> (medium; bug #507587)
	NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
	- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support)
CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash Playe ...)
	NOT-FOR-US: Flash
CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the XSta ...)
	NOT-FOR-US: Joomla! component
CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.as ...)
	NOT-FOR-US: PollPro
CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and e ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier al ...)
	NOT-FOR-US: RiotPix
CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier a ...)
	NOT-FOR-US: RiotPix
CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass a ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuct ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2  ...)
	NOT-FOR-US: EZpack
CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...)
	NOT-FOR-US: EZpack
CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 al ...)
	NOT-FOR-US: playSMS
CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...)
	NOT-FOR-US: Citrix
CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow re ...)
	NOT-FOR-US: playSMS
CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3,  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0101
	REJECTED
CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Exc ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) provide ...)
	NOT-FOR-US: Microsoft
CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exch ...)
	NOT-FOR-US: Microsoft
CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validat ...)
	NOT-FOR-US: Microsoft
CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0092
	REJECTED
CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enfor ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not proper ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in M ...)
	NOT-FOR-US: Microsoft Word
CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 an ...)
	NOT-FOR-US: DirectX
CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0081 (The graphics device interface (GDI) implementation in the kernel in Mi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, d ...)
	NOT-FOR-US: Windows Vista
CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft Win ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway,  ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, allows  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during a ...)
	NOT-FOR-US: Microsoft
CVE-2009-0074
	REJECTED
CVE-2009-0073
	REJECTED
CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attack ...)
	NOT-FOR-US: Internet Explorer
CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is e ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to re ...)
	NOT-FOR-US: Apple Safari
CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass auth ...)
	NOT-FOR-US: Gobbl CMS
CVE-2008-5879 (Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsit ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5878 (Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PC ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5877 (Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.2 ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5876 (Buffer overflow in Irrlicht before 1.5 allows remote attackers to caus ...)
	- irrlicht <not-affected> (package was first introduced in version 1.5)
CVE-2008-5875 (SQL injection vulnerability in the com_lowcosthotels component in the  ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5874 (Multiple SQL injection vulnerabilities in the Hotel Booking Reservatio ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5873 (Yerba SACphp 6.3 and earlier allows remote attackers to bypass authent ...)
	NOT-FOR-US: Yerba
CVE-2008-5872 (Multiple unspecified vulnerabilities in the UNIStim File Transfer Prot ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5871 (Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not veri ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to cause a d ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunam ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user ...)
	NOT-FOR-US: IntelliTamper
CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in  ...)
	NOT-FOR-US: Solaris
CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute arbit ...)
	- xdg-utils <not-affected> (xdg-open is not added to mailcap)
CVE-2009-0067
	RESERVED
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for Trus ...)
	NOT-FOR-US: Intel system software for TXT
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Trans ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...)
	NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center in Syma ...)
	NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC),  ...)
	NOT-FOR-US: Cisco
CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC dr ...)
	NOT-FOR-US: Cisco
CVE-2009-0060
	RESERVED
CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless  ...)
	NOT-FOR-US: Cisco
CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless  ...)
	NOT-FOR-US: Cisco
CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0055 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2 ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2 ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access  ...)
	NOT-FOR-US: Netgear WNDAP330 Access Point
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from th ...)
	NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from  ...)
	{DSA-1700-1}
	- lasso 2.2.1-2 (bug #511262)
CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly ch ...)
	{DSA-1946-1}
	- belpic 2.6.0-6 (bug #511261)
CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the return valu ...)
	NOT-FOR-US: OpenEvidence
CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value from th ...)
	NOT-FOR-US: Gale
CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the return valu ...)
	NOT-FOR-US: Sun GridEngine
CVE-2009-0045
	RESERVED
CVE-2009-0044
	RESERVED
CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 ...)
	NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and Service
CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library (arclib.dll ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23- ...)
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413)
	[lenny] - asterisk <no-dsa> (Minor issue)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote at ...)
	NOT-FOR-US: Yerba
CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public  ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0 in the  ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5864 (SQL injection vulnerability in the Top Hotel (com_tophotelmodule) comp ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator module 3 ...)
	NOT-FOR-US: Module for Woltlab Burning Board
CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410  ...)
	NOT-FOR-US: webcamXP
CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics 1.0 allo ...)
	NOT-FOR-US: FreeLyrics
CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in Construct ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and  ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree b ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote  ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS befor ...)
	NOT-FOR-US: ClaSS
CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information under the  ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in my ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stor ...)
	NOT-FOR-US: ChoCoMaS
CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web root wi ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats (MyP ...)
	NOT-FOR-US: My PHP Baseball Stats
CVE-2008-5850
	REJECTED
CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address Tran ...)
	NOT-FOR-US: Check Point
CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default password, w ...)
	NOT-FOR-US: Advantech ADAM-6000 module
CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a M ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated us ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movab ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functi ...)
	- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
	[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local u ...)
	- pdfjam <not-affected> (the debian package sets pdflatex and thus dirname can't result in returning .)
	NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call
	NOTE: as our version uses random names, see #510584
CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which mak ...)
	NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
CVE-2008-XXXX [auctex insecure temp file]
	- auctex 11.83-7.3 (low; bug #506961)
	[etch] - auctex <no-dsa> (Minor issue)
CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allo ...)
	NOT-FOR-US: iGaming
CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass authe ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Foxmail
CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts E-S ...)
	NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart
CVE-2008-5837
	RESERVED
CVE-2008-5836
	RESERVED
CVE-2008-5835
	RESERVED
CVE-2008-5834
	RESERVED
CVE-2008-5833
	RESERVED
CVE-2008-5832
	RESERVED
CVE-2008-5831
	RESERVED
CVE-2008-5830
	RESERVED
CVE-2008-5829
	RESERVED
CVE-2008-5828 (Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Pr ...)
	NOT-FOR-US: Microsoft
CVE-2008-5827 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmwar ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5826 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmwar ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5825 (The SmartPoster implementation on the Nokia 6131 Near Field Communicat ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5823 (An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used  ...)
	NOT-FOR-US: Microsoft Money
CVE-2008-5822 (Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other prod ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Just a crash, no security impact
CVE-2008-5821 (Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Wi ...)
	NOT-FOR-US: Webkit on Windows
CVE-2008-5820 (SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 a ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5819 (Directory traversal vulnerability in eDNews_archive.php in eDreamers e ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers eDContaine ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble So ...)
	NOT-FOR-US: Web Scribble Solutions webClassifieds
CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earli ...)
	NOT-FOR-US: ILIAS
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
	NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ea ...)
	{DSA-1789-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #523028)
	NOTE: I don't know in which version this was fixed specifically, but
	NOTE: I've checked that the patch is present in this version
	- php4 <removed> (low; bug #523028)
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1. ...)
	- spip 2.0.6-1
CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 be ...)
	- spip 2.0.6-1
CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) compone ...)
	NOT-FOR-US: joomla
CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0,  ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-5809 (futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Acc ...)
	NOT-FOR-US: futomi CGI Cafe Access Analyzer CGI Standard
CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Ent ...)
	NOT-FOR-US: Six Apart Movable Type Enterprise
CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and possibl ...)
	{DTSA-182-1}
	- xterm 238-1 (medium; bug #510030)
	[etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
	NOTE: Somewhat mitigated by a filter for control characters in
	NOTE: post-etch versions.
CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP Classifie ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP Classifi ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Num ...)
	NOT-FOR-US: e-topbiz Number Links 1 Php Script
CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz Online Stor ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online Store 1.0  ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary) extension  ...)
	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ext ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_peop ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) extensio ...)
	NOT-FOR-US: CMS Poll system for TYPO3
CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1 and ear ...)
	NOT-FOR-US: advCalendar extension for TYPO3
CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments (eluna_pagecomm ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page Comments (e ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in LoveCM ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the Clickheat -  ...)
	NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla!
CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in Indiscri ...)
	NOT-FOR-US: Indiscripts Enthusiast
CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution ...)
	NOT-FOR-US: PrestaShop e-Commerce Solution
CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the Recly!Compet ...)
	NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla!
CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly Intera ...)
	NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla!
CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allo ...)
	NOT-FOR-US: Domain Seller
CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Win ...)
	NOT-FOR-US: Arab Portal
CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find extension 1 ...)
	NOT-FOR-US: Silva Find
CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2  ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypa ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers  ...)
	NOT-FOR-US: V3 Chat
CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows  ...)
	NOT-FOR-US: ZeeMatri
CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CF ...)
	NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS)
CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Forest Blog
CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory Script ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links Directory Scri ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5777 (SQL injection vulnerability in index.php in CadeNix allows remote atta ...)
	NOT-FOR-US: CadeNix
CVE-2008-5776 (Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allo ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5775 (SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 all ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5774 (Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0  ...)
	NOT-FOR-US: ASPSiteWare HomeBuilder
CVE-2008-5773 (Nukedit 4.9.8 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: Nukedit
CVE-2008-5772 (Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1 ...)
	NOT-FOR-US: ASPSiteWare RealtyListings
CVE-2008-5771 (Directory traversal vulnerability in test.php in PHP Weather 2.2.2 all ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5770 (Cross-site scripting (XSS) vulnerability in config/make_config.php in  ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5769 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5768 (SQL injection vulnerability in print.php in the AM Events (aka Amevent ...)
	NOT-FOR-US: AM Events
CVE-2008-5767 (SQL injection vulnerability in authors.asp in gNews Publisher allows r ...)
	NOT-FOR-US: gNews Publisher
CVE-2008-5766 (SQL injection vulnerability in download.php in Farsi Script Faupload a ...)
	NOT-FOR-US: Farsi Script Faupload
CVE-2008-5765 (WorkSimple 1.2.1 stores sensitive information under the web root with  ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5764 (PHP remote file inclusion vulnerability in calendar.php in WorkSimple  ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5763 (PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simpl ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5762 (Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive inform ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5761 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (ak ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5760 (Cross-site scripting (XSS) vulnerability in error413.php in Kerio Mail ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5759 (Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3 ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5758 (Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0 ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5757 (Cross-site scripting (XSS) vulnerability in textarea/index.php in Text ...)
	- textpattern 4.0.6-1
CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user- ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2008-5755 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remo ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows user-assi ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 al ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip Im ...)
	NOT-FOR-US: Page Flip Image Gallery plugin for WordPress
CVE-2008-5751 (SQL injection vulnerability in index.php in AlstraSoft Web Email Scrip ...)
	NOT-FOR-US: AlstraSoft Web Email Script Enterprise
CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...)
	NOT-FOR-US: Microsoft
CVE-2008-5749
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php  ...)
	NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-viru ...)
	NOT-FOR-US: F-Prot
CVE-2008-5746 (Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local  ...)
	NOT-FOR-US: Sun SNMP Management Agent
CVE-2008-5745 (Integer overflow in quartz.dll in the DirectShow framework in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2008-5824 (Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0 ...)
	{DSA-1972-1}
	- audiofile 0.2.6-7.1 (medium; bug #510205)
CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4 ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3 (bug #510583)
CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...)
	- pdfjam 1.10-1 (low; bug #510584)
CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5741
	RESERVED
CVE-2008-5740
	RESERVED
CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Be ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass  ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1. ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6 ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19  ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Sof ...)
	NOT-FOR-US: IceWarp Software Merak Mail Server
CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog Sys ...)
	NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in Kafo ...)
	NOT-FOR-US: KafooeyBlog
CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Des ...)
	NOT-FOR-US: PGP Desktop
CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlie ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.1 ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and e ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in A ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows  ...)
	NOT-FOR-US: stormBoards
CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTe ...)
	NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in E ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka Kann ...)
	NOT-FOR-US: CGI RESCUE KanniBBS2000
CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote attacker ...)
	NOT-FOR-US: SAWStudio
CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers  ...)
	NOT-FOR-US: BlackJumboDog
CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...)
	NOT-FOR-US: Mayaa
CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workf ...)
	NOT-FOR-US: Hitachi
CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain var ...)
	{DSA-1705-1 DTSA-183-1}
	- netatalk 2.0.4~beta2-1 (medium; bug #510585)
CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Man ...)
	NOT-FOR-US: Hitachi
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
	- xen-3 <not-affected> (Vulnerable code never entered Debian)
	- xen-unstable <not-affected> (Vulnerable code never entered Debian)
	NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
	NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to caus ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for r ...)
	{DSA-1907-1 DTSA-203-1}
	- qemu 0.9.1-10 (low; bug #509882)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm 82-1 (low; bug #509997)
	[lenny] - kvm <no-dsa> (Minor issue)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux kerne ...)
	{DSA-1794-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 <removed>
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to caus ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5711 (Heap-based buffer overflow in the Facebook PhotoUploader ActiveX contr ...)
	NOT-FOR-US: Facebook PhotoUploader ActiveX
CVE-2008-5710 (Multiple unspecified vulnerabilities in the web management interface i ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5709 (Multiple unspecified vulnerabilities in the web management interface i ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5708 (redirect.php in SlimCMS 1.0.0 does not require authentication, which a ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5707 (SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistem ...)
	NOT-FOR-US: Iltaweb Alisveris Sistemi
CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might all ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwr ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700 ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux kerne ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum timeou ...)
	{DSA-1787-1}
	- linux-2.6 2.6.26-13
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, was introduced later)
	- linux-2.6.24 <removed>
CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: Solaris
CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allo ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 fo ...)
	NOT-FOR-US: Skype extension
CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
	- wordpress 2.3.2 (low; bug #510786; bug #513959)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: only the admin has manage_options capabilities by default and only editors
	NOTE: have upload_files capabilities
	NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
CVE-2008-5694 (PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhand ...)
	NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswit ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX co ...)
	NOT-FOR-US: Phoenician Casino FlashAX ActiveX
CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, a ...)
	NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 a ...)
	NOT-FOR-US: Solaris
CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExce ...)
	- mediawiki 1:1.13.3-1 (unimportant)
	- mediawiki1.7 <removed> (unimportant)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly pr ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (low)
	- mediawiki1.7 <removed>
	[etch] - mediawiki1.7 <not-affected> (The backup feature was introduced in 1.11)
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its  ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun F ...)
	NOT-FOR-US: Sun ScApp firmware
CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka  ...)
	NOT-FOR-US: Solaris
CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows r ...)
	NOT-FOR-US: Opera
CVE-2008-5681 (Opera before 9.63 does not block unspecified "scripted URLs" during th ...)
	NOT-FOR-US: Opera
CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote  ...)
	NOT-FOR-US: Opera
CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers t ...)
	NOT-FOR-US: Opera
CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
	NOT-FOR-US: OLIB7 WebView
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ea ...)
	NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka mod_secur ...)
	- libapache-mod-security 2.5.6-1
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 h ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network webc ...)
	NOT-FOR-US: Darkwet Network webcamXP
CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHParano ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
	NOT-FOR-US: Joomla!
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password duri ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (ak ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x  ...)
	NOT-FOR-US: VBA32 Personal Antivirus
CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows  ...)
	NOT-FOR-US: WinFTP
CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in XOOP ...)
	NOT-FOR-US: XOOPS
CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
	NOT-FOR-US: Realtek Media Player
CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and  ...)
	NOT-FOR-US: Kusaba
CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC  ...)
	NOT-FOR-US: Sun Java Wireless Toolkit
CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 t ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earl ...)
	- classpath 2:0.98-1 (bug #512532; low)
	[lenny] - classpath <no-dsa> (Minor issue)
	- libgnucrypto-java <removed> (low; bug #559789)
	[lenny] - libgnucrypto-java <no-dsa> (Minor issue)
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows rem ...)
	- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for th ...)
	- typo3-src 4.2.3-1 (bug #505325)
	[etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected)
CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0  ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5651 (SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.p ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web H ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article M ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP Sho ...)
	NOT-FOR-US: DeltaScripts PHP Shop
CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before  ...)
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ca ...)
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks  ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...)
	- typo3-src 4.2.3-1 (bug #505324)
	[etch] - typo3-src <not-affected> (Only TYPO3 4.2.2 is affected)
CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for Joo ...)
	NOT-FOR-US: Joomla!
CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made Simpl ...)
	NOT-FOR-US: CMS Made Simple
CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allow ...)
	NOT-FOR-US: Active Bids
CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha al ...)
	NOT-FOR-US: TxtBlog
CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 al ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows rem ...)
	NOT-FOR-US: ParsBlogger
CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_q ...)
	NOT-FOR-US: Lito Lite CMS
CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 al ...)
	NOT-FOR-US: Active Membership
CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0  ...)
	NOT-FOR-US: Active Force Matrix
CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows  ...)
	NOT-FOR-US: ActiveVotes
CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2  ...)
	NOT-FOR-US: Active Time Billing
CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...)
	NOT-FOR-US: Active eWebquiz
CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate P ...)
	NOT-FOR-US: Post Affiliate
CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script allo ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows re ...)
	NOT-FOR-US: CMS little
CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows re ...)
	NOT-FOR-US: Active Trade
CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2008-5623
	RESERVED
CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attack ...)
	- roundcube 0.1.1-10 (low; bug #509596)
CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 b ...)
	- rsyslog 3.18.6-1 (low; bug #510906)
CVE-2008-5615
	RESERVED
CVE-2008-5614
	RESERVED
CVE-2008-5613
	RESERVED
CVE-2008-5612
	RESERVED
CVE-2008-5611
	RESERVED
CVE-2008-5610
	RESERVED
CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and earlie ...)
	NOT-FOR-US: Commerce extension
CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with in ...)
	NOT-FOR-US: AutoDealer
CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) com ...)
	NOT-FOR-US: joomla
CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information un ...)
	NOT-FOR-US: Gazatem QMail Mailing List Manager
CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote atta ...)
	NOT-FOR-US: ASP Portal
CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0  ...)
	NOT-FOR-US: My Simple Forum
CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ins ...)
	NOT-FOR-US: ASPTicker
CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with i ...)
	NOT-FOR-US: Natterchat
CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root w ...)
	NOT-FOR-US: User Engine Lite ASP
CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server a ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 go ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-5597 (Cold BBS stores sensitive information under the web root with insuffic ...)
	NOT-FOR-US: Cold BBS
CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: Ikon AdManager
CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows rem ...)
	NOT-FOR-US: ASP AutoDealer
CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...)
	NOT-FOR-US: Mini Blog
CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS  ...)
	NOT-FOR-US: Mini CMS
CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the we ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Per ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru Inf ...)
	NOT-FOR-US: Kalptaru Infotech Product Sale Framework
CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allow ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdm ...)
	{DSA-1693-1}
	- phppgadmin 4.2.1-1.1 (low; bug #508026)
	NOTE: register_globals=on is required
	NOTE: http://www.milw0rm.com/exploits/7363
CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New Generati ...)
	NOT-FOR-US: Check Up New Generation
CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1  ...)
	NOT-FOR-US: lcxBBportal
CVE-2007-XXXX [tdiary XSS]
	- tdiary 2.2.0-1 (bug #464778)
	[etch] - tdiary 2.0.2+20060303-5
	NOTE: fixed in r6 point update
	NOTE: http://www.tdiary.org/20071215.html
CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
	{DSA-1830-1 DSA-1750-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- libpng 1.2.35-1 (bug #516256)
CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	- geronimo <itp> (bug #481869)
CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	- geronimo <itp> (bug #481869)
CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, w ...)
	{DSA-1738-1}
	- curl 7.18.2-8.1 (bug #518423)
CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...)
	- libvirt 0.5.1-7 (unimportant)
	NOTE: not building libvirt proxy from libvirt source package
CVE-2009-0035 (alsa-utils 1.0.19 and later versions allows local users to overwrite a ...)
	- alsa-driver 1.0.20-1 (unimportant)
	NOTE: alsainfo not built into source package
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret  ...)
	- sudo 1.6.9p17-2 (medium)
	[etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ...)
	{DSA-2207-1}
	- tomcat6 6.0.28-1
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (medium; bug #532363)
	- tomcat5.5 <removed> (medium; bug #532366)
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3 ...)
	NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function (security/keys ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
	- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (medium; bug #536147)
	- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows lo ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application Platfor ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabb ...)
	NOT-FOR-US: Apache Jackrabbit
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ...)
	{DSA-1703-1}
	- bind9 1:9.5.1.dfsg.P1-1 (low; bug #511936)
	NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
	NOTE: low severity because it is believed hard to trigger and only
	NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel b ...)
	- linux-2.6 2.6.24-4
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
	NOTE: Fixed in 2.6.24 before initial upload
CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apa ...)
	{DSA-1812-1}
	- apr-util 1.3.7+dfsg-1
CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows re ...)
	- samba 2:3.2.5-3
	[etch] - samba <not-affected> (Only 3.2.x affected)
CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly  ...)
	{DSA-1702-1}
	- ntp 1:4.2.4p4+dfsg-8
CVE-2009-0020 (Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0019 (Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0018 (The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 do ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0017 (csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a  ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0015 (Unspecified vulnerability in fseventsd in the FSEvents framework in Ap ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0014 (Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0013 (dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that pa ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0012 (Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0011 (Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to o ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 1 ...)
	NOT-FOR-US: QuickDraw Manager in Apple Mac OS X
CVE-2009-0009 (Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0008 (Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows remote a ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote attackers  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-5622
	REJECTED
CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...)
	{DSA-1723-1}
	- phpmyadmin 4:2.11.8.1-5
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-10/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b
CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in Projec ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5582 (SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, a ...)
	NOT-FOR-US: Nukedit
CVE-2008-5581 (PHP remote file inclusion vulnerability in mini-pub.php/front-end/img. ...)
	NOT-FOR-US: mini-pub
CVE-2008-5580 (mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5579 (Absolute path traversal vulnerability in mini-pub.php/front-end/cat.ph ...)
	NOT-FOR-US: mini-pub
CVE-2008-5578 (Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0,  ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5577 (PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5576 (admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote a ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5575 (Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier a ...)
	NOT-FOR-US: Pro Clan Manager
CVE-2008-5574 (SQL injection vulnerability in member.php in Webmaster Marketplace all ...)
	NOT-FOR-US: Webmaster Marketplace
CVE-2008-5573 (SQL injection vulnerability in the login feature in Poll Pro 2.0 allow ...)
	NOT-FOR-US: Poll Pro
CVE-2008-5572 (Professional Download Assistant 0.1 stores sensitive information under ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5571 (SQL injection vulnerability in admin/login.asp in Professional Downloa ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5570 (Directory traversal vulnerability in index.php in PHP Multiple Newslet ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5569 (Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1. ...)
	NOT-FOR-US: PHPepperShop
CVE-2008-5568 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php  ...)
	NOT-FOR-US: IPN Pro
CVE-2008-5567 (Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.p ...)
	NOT-FOR-US: Bonza Cart
CVE-2008-5566 (Cross-site scripting (XSS) vulnerability in index.php in Triangle Solu ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5565 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php  ...)
	NOT-FOR-US: DL PayCart
CVE-2008-5564 (Unspecified vulnerability in the media server in Orb Networks Orb befo ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5563 (Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x,  ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-5562 (ASPPortal stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5561 (SQL injection vulnerability in Netref 4.0 allows remote attackers to e ...)
	NOT-FOR-US: Netref
CVE-2008-5560 (PostEcards stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: PostEcards
CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows remot ...)
	NOT-FOR-US: PostEcards
CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2. ...)
	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_ht ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (bug #511493)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny1
	NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time
CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to by ...)
	- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5555 (Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAll ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5554 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not prop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5553 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itse ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5552 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp  ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in Su ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Interne ...)
	NOT-FOR-US: HAURI ViRobot
CVE-2008-5546 (VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, al ...)
	NOT-FOR-US: VirusBlokAda VBA32
CVE-2008-5545 (Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet ...)
	NOT-FOR-US: Trend Micro VSAPI
CVE-2008-5544 (Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Interne ...)
	NOT-FOR-US: Hacksoft The Hacker
CVE-2008-5543 (Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, al ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2008-5542 (Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explor ...)
	NOT-FOR-US: Sunbelt VIPRE
CVE-2008-5541 (Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-5540 (Secure Computing Secure Web Gateway (aka Webwasher), when Internet Exp ...)
	NOT-FOR-US: Webwasher
CVE-2008-5539 (RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet E ...)
	NOT-FOR-US: RISING Antivirus
CVE-2008-5538 (Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote a ...)
	NOT-FOR-US: Prevx Prevx1 2
CVE-2008-5537 (PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, all ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2008-5536 (Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Panda Antivirus
CVE-2008-5535 (Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: Norman Antivirus
CVE-2008-5534 (ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6  ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2008-5533 (K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 o ...)
	NOT-FOR-US: K7AntiVirus
CVE-2008-5532 (Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Inte ...)
	NOT-FOR-US: Ikarus Virus Utilities
CVE-2008-5531 (Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, a ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2008-5530 (Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: Ewido Security Suite
CVE-2008-5529 (CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used,  ...)
	NOT-FOR-US: CA eTrust Antivirus
CVE-2008-5528 (Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows  ...)
	NOT-FOR-US: Aladdin eSafe
CVE-2008-5527 (ESET Smart Security, when Internet Explorer 6 or 7 is used, allows rem ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used,  ...)
	NOT-FOR-US: DrWeb Anti-virus
CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is us ...)
	- clamav <not-affected> (medium; bug #526041)
	NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
	NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
	NOTE: - all other browsers are not vulnerable
	NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 i ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, al ...)
	NOT-FOR-US: avast! antivirus
CVE-2008-5522 (AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allow ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 ...)
	NOT-FOR-US: Avira AntiVir
CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
	NOT-FOR-US: AhnLab V3
CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat al ...)
	{DSA-1810-1}
	- libapache-mod-jk 1:1.2.26-2.1 (bug #523054)
CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
	- geronimo <itp> (bug #481869)
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote att ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low; bug #512330)
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote att ...)
	{DSA-1708-1}
	- git-core 1:1.5.6-1
CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 throug ...)
	{DSA-2207-1}
	- tomcat5 <removed> (bug #532363)
	- tomcat5.5 <removed> (bug #532366)
	- tomcat6 6.0.20-1 (bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the RFC822BUFFE ...)
	{DTSA-174-2}
	- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)
	[etch] - uw-imap <not-affected> (Vulnerable code not present)
	- alpine 2.02-3.1 (low)
	[lenny] - alpine <no-dsa> (Minor issue)
	[squeeze] - alpine  2.00+dfsg-6+squeeze1
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Fi ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0. ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
	RESERVED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird  ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass int ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch now available and will be checked for next patch round
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arb ...)
	{DSA-1707-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	[etch] - xulrunner <not-affected> (The vulnerable feature is only included in 1.8.1 branch)
	NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.1 ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1 (low)
	NOTE: JavaScript for mails is disabled by default and if users enable it ...
CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2 ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36,  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...)
	- php5 <not-affected> (php5 links to the shared lib)
	- libgd2 <not-affected> (code is specific to php's libgd)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361
CVE-2008-5497 (BandSite CMS 1.1.4 allows remote attackers to bypass authentication an ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-5496 (SQL injection vulnerability in showcategory.php in PozScripts Business ...)
	NOT-FOR-US: PozScripts Business Directory Script
CVE-2008-5495 (Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0. ...)
	NOT-FOR-US: GungHo LoadPrgAx
CVE-2008-5494 (SQL injection vulnerability in the Contact Information Module (com_con ...)
	NOT-FOR-US: Contact Information Module (com_contactinfo) component for Joomla!
CVE-2008-5493 (SQL injection vulnerability in track.php in PHPStore Wholesales (aka W ...)
	NOT-FOR-US: PHPStore Wholesales
CVE-2008-5492 (Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX contro ...)
	NOT-FOR-US: PDFVIEW.PdfviewCtrl.1
CVE-2008-5491 (SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier a ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5490 (SQL injection vulnerability in index.php in PHPStore Yahoo Answers all ...)
	NOT-FOR-US: PHPStore Yahoo Answers
CVE-2008-5489 (SQL injection vulnerability in channel_detail.php in ClipShare Pro 4,  ...)
	NOT-FOR-US: ClipShare
CVE-2008-5488 (SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 all ...)
	NOT-FOR-US: E-topbiz Domain Shop
CVE-2008-5487 (Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms  ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sal ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in libmpdem ...)
	{DSA-1782-1 DTSA-181-1}
	- mplayer 1.0~rc2-19 (low; bug #508803)
CVE-2008-XXXX [axel URL parser buffer overflow]
	- axel 2.2 (unimportant)
	[etch] - axel <no-dsa> (Minor issue)
	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
	NOTE: this only work for non-interactive sessions which is a quite exotic usecase
CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMaile ...)
	- roundcube 0.1.1-9 (high; bug #508628; bug #536498)
	NOTE: According to the bug report, this is being exploited.
	- moodle 1.8.2.dfsg-2 (bug #508909)
	[etch] - moodle <not-affected> (Vulnerable code not present)
	NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
	- mahara 1.1.3-1 (high; bug #524778)
	[lenny] - mahara <not-affected> (html2text.php wasn't yet included)
	- atmailopen <removed>
CVE-2008-5485
	REJECTED
CVE-2008-5484
	REJECTED
CVE-2008-5483
	REJECTED
CVE-2008-5482
	REJECTED
CVE-2008-5481
	REJECTED
CVE-2008-5480
	REJECTED
CVE-2008-5479
	REJECTED
CVE-2008-5478
	REJECTED
CVE-2008-5477
	REJECTED
CVE-2008-5476
	REJECTED
CVE-2008-5475
	REJECTED
CVE-2008-5474
	REJECTED
CVE-2008-5473
	REJECTED
CVE-2008-5472
	REJECTED
CVE-2008-5471
	REJECTED
CVE-2008-5470
	REJECTED
CVE-2008-5469
	REJECTED
CVE-2008-5468
	REJECTED
CVE-2008-5467
	REJECTED
CVE-2008-5466
	REJECTED
CVE-2008-5465
	REJECTED
CVE-2008-5464
	REJECTED
CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins fo ...)
	NOT-FOR-US: Oracle
CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle
CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerform ...)
	NOT-FOR-US: Oracle
CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle E-Bu ...)
	NOT-FOR-US: Oracle
CVE-2008-5453
	REJECTED
CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle
CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform Engineer ...)
	NOT-FOR-US: Oracle
CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component i ...)
	NOT-FOR-US: Oracle
CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB befo ...)
	NOT-FOR-US: PunBB
CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow re ...)
	NOT-FOR-US: PunBB
CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...)
	NOT-FOR-US: PunBB
CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 b ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixe ...)
	- icedove <unfixed> (unimportant)
	NOTE: crashes icedove, but no security impact
CVE-2008-5429 (Incredimail build 5853710 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: Incredimail
CVE-2008-5428 (Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed  ...)
	NOT-FOR-US: Opera
CVE-2008-5427 (Norton Antivirus in Norton Internet Security 15.5.0.23 does not proper ...)
	NOT-FOR-US: Norton Internet Security
CVE-2008-5426 (Kaspersky Internet Security Suite 2009 does not properly handle (1) mu ...)
	NOT-FOR-US: Kaspersky Internet Security Suite
CVE-2008-5425 (ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: NOD32
CVE-2008-5424 (The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outloo ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-5423 (Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector  ...)
	NOT-FOR-US: Sun Ray Software
CVE-2008-5422 (Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict ...)
	NOT-FOR-US: Sun Sun Ray Server Software
CVE-2008-5421 (The SSL web administration service in NetWin SmsGate 1.1n and earlier  ...)
	NOT-FOR-US: NetWin SmsGate
CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC Control ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service (aka m ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal module ...)
	NOT-FOR-US: PunBB
CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses ...)
	NOT-FOR-US: HP DECnet-Plus
CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services in the  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere Ap ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traf ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 ...)
	NOT-FOR-US: Solaris
CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Fre ...)
	NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet Security and Software602 Groupware Server
CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec Backup Exe ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec remote-agent l ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes ...)
	NOT-FOR-US: Apple QuickTime Player and iTunes
CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder in Ca ...)
	NOT-FOR-US: Cain & Abel
CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX control in  ...)
	NOT-FOR-US: FlexCell
CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin in Tril ...)
	NOT-FOR-US: Trillian
CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before 3.1.12. ...)
	NOT-FOR-US: Trillian
CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation in Tri ...)
	NOT-FOR-US: Trillian
CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum ...)
	NOT-FOR-US: mvnForum
CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers (aka " ...)
	NOT-FOR-US: mvnForum
CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ClientDNSRejectInter ...)
	- tor 0.2.0.32-1
CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and (2) Gro ...)
	- tor 0.2.0.32-1 (bug #505178)
CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in  ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the Li ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kerne ...)
	NOT-FOR-US: Ubuntu Privacy Remix
CVE-2008-5392
	REJECTED
CVE-2008-5391
	REJECTED
CVE-2008-5390
	REJECTED
CVE-2008-5389
	REJECTED
CVE-2008-5388
	REJECTED
CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print q ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local us ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics Workbe ...)
	NOT-FOR-US: National Instruments Electronics Workbench
CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL ...)
	NOT-FOR-US: I-O firmware
CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout)  ...)
	NOT-FOR-US: ffdshow
CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite a ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary  ...)
	- netdisco-mibs-installer 1.4 (low; bug #508940)
	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitra ...)
	- arb 0.0.20071207.1-6 (low; bug #508942)
CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files  ...)
	- cups 1.3.8-1lenny1 (low)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Example script)
CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary file ...)
	- crip 3.7-5 (low; bug #509275)
	[etch] - crip 3.7-3+etch1
CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite arbi ...)
	- cmus 2.2.0-1.1 (unimportant; bug #509277)
	NOTE: Just an example script
CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a sym ...)
	- bash 4.0-2 (unimportant; bug #509279)
	NOTE: scripts are examples
CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users t ...)
	- bacula 2.4.0-1 (unimportant; bug #509301)
	NOTE: script is an example
CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbit ...)
	- sdm 0.4.1-1 (unimportant; bug #509331)
	NOTE: Not really a bug since only "touch" is used on the temp file
CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary  ...)
	- screenie 1.30.0-5.1 (low; bug #509332)
CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite ...)
	- pvpgn 1.8.1-2 (low; bug #509336)
	[etch] - pvpgn <no-dsa> (Contrib not supported)
CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files v ...)
	- no-ip 2.1.9-1 (unimportant; bug #509348)
	NOTE: original issue doesn't seem to be present, however there is a tmprace in the init
	NOTE: script if it is used to debug with strace and a missing check for mkstemp failing
	NOTE: but these situations are really corner cases
CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...)
	- muttprint 0.72d-10 (low; bug #509487)
	[etch] - muttprint 0.72d-8etch1
CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to o ...)
	- ppp <unfixed> (unimportant)
	NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local u ...)
	- ppp <unfixed> (unimportant; bug #509488)
	NOTE: Package postinst isn't vulnerable, only .tmp files in /etc
CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares A ...)
	NOT-FOR-US: ActiveWebSoftwares
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1 ...)
	NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does no ...)
	- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and page_ ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (medium; bug #508021)
	- php4 <removed> (medium; bug #559787)
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ( ...)
	- vinagre 0.5.1-2
CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...)
	- sun-java5 1.5.0-17-0.1 (low; bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (low; bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE  ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun J ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5355 (The "Java Update" feature for Java Runtime Environment (JRE) for Sun J ...)
	- sun-java5 <not-affected> (Java update not used in Debian)
	- sun-java6 <not-affected> (Java update not used in Debian)
	- openjdk-6 <not-affected> (Java update not used in Debian)
CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun  ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpac ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun J ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (bug in plugin code)
	NOTE: For OpenJDK, see: http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html
CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (a ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5336 (SQL injection vulnerability in index.php in WebStudio CMS allows remot ...)
	NOT-FOR-US: WebStudio CMS
CVE-2008-5335 (SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5334 (PHP remote file inclusion vulnerability in includes/common.php in Nitr ...)
	NOT-FOR-US: NitroTech
CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows  ...)
	NOT-FOR-US: NitroTech
CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow  ...)
	NOT-FOR-US: Pie Web M{a,e}sher
CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: ClearCase RWP IBM
CVE-2008-5329 (ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows  ...)
	NOT-FOR-US: IBM
CVE-2008-5328 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 st ...)
	NOT-FOR-US: IBM
CVE-2008-5327 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7. ...)
	NOT-FOR-US: IBM
CVE-2008-5326 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 befor ...)
	NOT-FOR-US: IBM
CVE-2008-5325 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM R ...)
	NOT-FOR-US: IBM
CVE-2008-5324 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM R ...)
	NOT-FOR-US: IBM
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to e ...)
	NOT-FOR-US: Wiz-Ad
CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507857)
	- php4 <removed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module for XO ...)
	NOT-FOR-US: XOOPS module
CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13 and ear ...)
	NOT-FOR-US: e107
CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact an ...)
	- tikiwiki <removed>
CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact an ...)
	- tikiwiki <removed>
CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in src/cmsgamma ...)
	{DSA-1684-1}
	- lcms 1.17-1
	- openjdk-6 6b16-1 (medium; bug #542210)
CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...)
	{DSA-1684-1}
	- lcms 1.16-1
CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple iPhone ...)
	NOT-FOR-US: Apple iPhone Configuration Web Utility
CVE-2008-XXXX [Insecure tmpdir creation]
	[lenny] - devscripts 2.10.35lenny1 (low)
	- devscripts 2.10.42 (low; bug #507482)
	[etch] - devscripts 2.9.26etch2
CVE-2008-XXXX [Insecure tempfile creation]
	- devscripts 2.10.42 (low; bug #508111)
	[etch] - devscripts <not-affected> (vulnerable code not present)
	[lenny] - devscripts 2.10.35lenny1 (low)
CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV befor ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.2-1 (medium; bug #507624)
CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System 1 ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal 2. ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 all ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder S ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate Solut ...)
	NOT-FOR-US: PG Real Estate Solution
CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote attac ...)
	- twiki <removed> (medium; bug #508257)
CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows  ...)
	- twiki <removed> (low; bug #508256)
CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 (lib/File/Pat ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...)
	- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service (" ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_glob ...)
	- gallery 1.5.9-1.2 (low; bug #506824)
	[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 all ...)
	NOT-FOR-US: Jamit Job Board
CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue allow ...)
	NOT-FOR-US: WebStudio eCatalogue
CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows re ...)
	NOT-FOR-US: WebStudio eHotel
CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows ...)
	NOT-FOR-US: VideoGirls
CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03  ...)
	NOT-FOR-US: FuzzyLime
CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hil ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean  ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in Werne ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ M ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other v ...)
	NOT-FOR-US: IEA Software RadiusNT and RadiusX
CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attac ...)
	NOT-FOR-US: File Upload Manager
CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1  ...)
	NOTE: neither in Etch nor Lenny, removal has been proposed
	- amaya <removed> (bug #507587)
CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows r ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server  ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZI ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of  ...)
	- pdns 2.9.21.2-1 (low)
	[etch] - pdns <not-affected> (old version of HINFO parser)
CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) "Unzip archive ...)
	NOT-FOR-US: net2ftp
CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News M ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCM ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...)
	NOT-FOR-US: Yuhhu Superstar
CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows re ...)
	NOT-FOR-US: pSys
CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal a ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when magic ...)
	NOT-FOR-US: Experts
CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in configuration/httpListener ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, whe ...)
	NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Kn ...)
	NOT-FOR-US: Tornado Knowledge Retrieval System
CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead func ...)
	NOT-FOR-US: ksquirrel
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...)
	{DSA-1717-1 DTSA-184-1}
	- devil 1.7.5-4 (low; bug #511844; bug #512122)
	NOTE: fix for 1.7.5-3 incomplete, see #512122
CVE-2008-5261
	RESERVED
CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control  ...)
	NOT-FOR-US: ActiveX
CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and possibly earl ...)
	NOT-FOR-US: DivX Web Player
CVE-2008-5258
	RESERVED
CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-busine ...)
	NOT-FOR-US: WebSEAL
CVE-2008-5255
	RESERVED
CVE-2008-5254
	RESERVED
CVE-2008-5253
	RESERVED
CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import  ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508870)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5251
	RESERVED
CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1 ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508869)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1 ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508868)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real d ...)
	- vlc 0.9.8a-1 (low)
	[etch] - vlc <not-affected> (vulnerable code not present)
	[lenny] - vlc <not-affected> (vulnerable code not present)
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507101)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
	- php4 <removed>
	NOTE: if a user has write access to a file he simply can use fopen()
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in  ...)
	- wordpress 2.5.1-11 (low; bug #507193)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: introduced in 2.5
CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 thro ...)
	{DSA-1677-1}
	- cups 1.3.8-1lenny4 (bug #507183; medium)
CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ]
	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
	NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...)
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in xine-li ...)
	- xine-lib <unfixed> (unimportant; bug #508715)
	NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
	NOTE: the integer overflows covered by the ocert advisory in the same code snippet
	NOTE: got an own identifier
CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow r ...)
	- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before a ...)
	- xine-lib 1.1.14-3 (low)
	[etch] - xine-lib <not-affected> (The version from Etch doesn't yet perform pre-allocation)
CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
	- xine-lib 1.1.14-3 (unimportant)
	- faad2 2.6.1-1 (unimportant)
	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
	NOTE: overlaps with CVE-2008-4610, same aac issue
	NOTE: just a crasher, no security implications known so far
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, an ...)
	- xine-lib 1.1.16-1 (bug #508716)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
	NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
	NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions,  ...)
	- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 a ...)
	- xine-lib 1.1.16-1 (low; bug #509008)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an u ...)
	- xine-lib 1.1.16-2 (low; bug #509352)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not prope ...)
	- xine-lib 1.1.16-2 (medium; bug #509353)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in xi ...)
	- xine-lib 1.1.14-3 (low)
	NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
	NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
	NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ea ...)
	- xine-lib 1.1.16-1 (bug #509265; low)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1 ...)
	- xine-lib 1.1.16-1 (bug #509521)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in sr ...)
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ver ...)
	- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for  ...)
	- xine-lib 1.1.14-3 (low)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Me ...)
	NOT-FOR-US: Microsoft Windows Media Services
CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in unspecifi ...)
	NOT-FOR-US: WPA weakness
CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi ...)
	NOT-FOR-US: Microsoft Device IO Control
CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace Content Mana ...)
	NOT-FOR-US: IBM Workplace Content Management
CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to execute ...)
	NOT-FOR-US: PHPCow
CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads) component 1.0 ...)
	NOT-FOR-US: com_mambads component for Mambo
CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare ...)
	NOT-FOR-US: Xerox DocuShare
CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and ear ...)
	NOT-FOR-US: Kent Web Mart
CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows ...)
	NOT-FOR-US: Airvae Commerce
CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote  ...)
	NOT-FOR-US: Dvbbs
CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3 and ea ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php in wPo ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and ...)
	NOT-FOR-US: VideoScript
CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with  ...)
	NOT-FOR-US: ScriptsEz FREEze Greetings
CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3, when reg ...)
	NOT-FOR-US: textCMS
CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square ZeusCart ...)
	NOT-FOR-US: AJ Square ZeusCart
CVE-2008-5215 (SQL injection vulnerability in service/profil.php in ClanLite 2.2006.0 ...)
	NOT-FOR-US: ClanLite
CVE-2008-5214 (Cross-site scripting (XSS) vulnerability in service/calendrier.php in  ...)
	NOT-FOR-US: ClanLite
CVE-2008-5213 (SQL injection vulnerability in featured_article.php in AJ Article 1.0  ...)
	NOT-FOR-US: AJ Article
CVE-2008-5212 (SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 a ...)
	NOT-FOR-US: AJ Auction
CVE-2008-5211 (Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3. ...)
	NOT-FOR-US: Sphider
CVE-2008-5210 (Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 al ...)
	NOT-FOR-US: PhpBlock
CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in  ...)
	NOT-FOR-US: Admidio
CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery (co ...)
	NOT-FOR-US: Datsogallery joomla module
CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow rem ...)
	NOT-FOR-US: Jonascms
CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...)
	NOT-FOR-US: MosXML
CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allo ...)
	NOT-FOR-US: wellyblog
CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1,  ...)
	NOT-FOR-US: PowerAward
CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in Power ...)
	NOT-FOR-US: PowerAward
CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a al ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component fo ...)
	NOT-FOR-US: Xe webtv
CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in PHPOutsourci ...)
	NOT-FOR-US: PHPOutsourcing IdeaBox
CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allow ...)
	NOT-FOR-US: Acmlmboard
CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows re ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...)
	NOT-FOR-US: Kroax
CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow  ...)
	NOT-FOR-US: SebracCMS
CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software  ...)
	NOT-FOR-US: SoftVisions Software Online Booking Manager
CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philb ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and  ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote at ...)
	NOT-FOR-US: SePortal
CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote att ...)
	NOT-FOR-US: eSHOP100
CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial  ...)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other  ...)
	{DSA-1709-1}
	- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechani ...)
	- verlihub <removed> (low; bug #506530)
CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechani ...)
	- verlihub <removed> (low; bug #506530)
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ...)
	- rails 2.1.0-6 (low)
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ( ...)
	- ecryptfs-utils 66-1 (low)
	[lenny] - ecryptfs-utils <no-dsa> (Minor issue)
CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the gues ...)
	- cups 1.3.8-1
	[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might  ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office 2010 beta ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server (O ...)
	NOT-FOR-US: Microsoft Office Communications Server
CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote atta ...)
	NOT-FOR-US: Opera on Windows
CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite Ba ...)
	NOT-FOR-US: Yosemite Backup
CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.62 ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly oth ...)
	{DSA-1672-1}
	- imlib2 1.4.0-1.2 (bug #505714)
CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictio ...)
	- php5 <removed> (unimportant)
	NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow lo ...)
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5313
CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow loc ...)
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
	NOT-FOR-US: AceFTP
CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website 2.1. ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote aut ...)
	NOT-FOR-US: testMaker
CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Soft ...)
	NOT-FOR-US: Yazd Forum Software
CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...)
	NOT-FOR-US: phpBLASTER CMS
CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website 1.1 ...)
	NOT-FOR-US: Cheats Complete Website
CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete Web ...)
	NOT-FOR-US: Drinks Complete Website
CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0  ...)
	NOT-FOR-US: Tips Complete Website
CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php i ...)
	NOT-FOR-US: Orca Interactive Forum Script
CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 all ...)
	NOT-FOR-US: Riddles Website
CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote a ...)
	NOT-FOR-US: eTicket
CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allo ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does  ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
	- openssh 1:5.1p1-5 (low; bug #506115)
	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 allo ...)
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (medium)
CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers t ...)
	- msp-webserver <removed> (bug #506268)
CVE-2008-5159 (Integer overflow in the remote administration protocol processing in C ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote a ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a symli ...)
	- tau 2.16.4-1.3 (bug #506348)
	[etch] - tau <no-dsa> (Minor issue)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ove ...)
	- systemimager <removed> (bug #506269)
	[etch] - systemimager <no-dsa> (Minor issue)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitr ...)
	- smsclient <unfixed> (unimportant; bug #498901)
CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary f ...)
	- p3nfs 5.19-1.2 (low; bug #506270)
	[etch] - p3nfs <no-dsa> (Minor issue)
CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite  ...)
	{DSA-1724-1}
	- moodle 1.8.2.2dfsg-4
	[lenny] - moodle 1.8.2.dfsg-3+lenny1
	NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite arbitrar ...)
	- mh-book <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...)
	- mayavi <unfixed> (unimportant)
	NOTE: just a comment, not code
CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to arbi ...)
	- maildirsync <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite  ...)
	- ncbi-tools6 6.1.20080302-4 (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
	- geda-gnetlist <unfixed> (unimportant)
	NOTE: unsafe code is an example script
CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...)
	- docvert 3.4-7 (unimportant)
	NOTE: unsafe code is in test script with multiple hardcoded files
CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite arb ...)
	- ctn <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary file ...)
	- ltp 20060918-3 (low; bug #506272)
	[etch] - ltp <no-dsa> (Minor issue)
	NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
	- nvidia-cg-toolkit <unfixed> (unimportant)
	NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwri ...)
	[etch] - multi-gnome-terminal <no-dsa> (Symlink issue not run as root)
	- multi-gnome-terminal <removed>
CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local u ...)
	- freebsd-sendpr <unfixed> (unimportant)
	NOTE: code is only executed when the script to send bug reports fails
CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite arb ...)
	{DSA-1676-1}
	- flamethrower 0.1.8-2 (low; bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before  ...)
	- mailscanner 4.57.6-1 (unimportant)
	NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary fil ...)
	{DSA-1674-1}
	- jailer 0.4-10 (bug #410548; low)
CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite arbitra ...)
	- libpam-mount 1.2+gitaa4791f-1 (low)
	[lenny] - libpam-mount 0.44-1+lenny2
CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
	- tkman 2.2-4 (low; bug #506496)
	[etch] - tkman 2.2-2etch1
CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files vi ...)
	[etch] - tkusr <no-dsa> (Minor issue)
	- tkusr <removed> (low)
CVE-2008-5135
	- os-prober <unfixed> (unimportant)
CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in drivers/net/wireles ...)
	{DSA-1681-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, wh ...)
	NOT-FOR-US: ipnat
CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remot ...)
	{DSA-2176-1}
	- cups 1.3.9-13 (low; bug #506180)
	[lenny] - cups <no-dsa> (Minor issue)
	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP serv ...)
	{DSA-1686-1}
	- no-ip 2.1.7-11 (bug #506179)
CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Porta ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And Art ...)
	NOT-FOR-US: Develop It Easy News And Article System
CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under  ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the w ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the  ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under th ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CM ...)
	NOT-FOR-US: BoutikOne
CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass authen ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ve ...)
	NOT-FOR-US: JSCAPE Secure FTP Applet
CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows re ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ekt ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233  ...)
	NOT-FOR-US: Citrix Deterministic Network Enhancer
CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger se ...)
	NOT-FOR-US: MultiNet finger service
CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in Scripts4Prof ...)
	NOT-FOR-US: Scripts4Profit DXShopCart
CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 all ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 th ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp in Su ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System Ide ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and  ...)
	NOT-FOR-US: Microsoft
CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
	NOT-FOR-US: Solaris
CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0 does n ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context- ...)
	NOT-FOR-US: Adobe AIR
CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and Deskto ...)
	NOT-FOR-US: Citrix PS
CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attac ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a den ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
	- zope2.10 <unfixed> (unimportant)
	NOTE: this only affects installations in which users have unrestricted access to the management
	NOTE: interface. On Debian there one admin user is added for this at installation time and
	NOTE: non-trustworthy users shouldn't have access to the interface.
	- zope3 <not-affected> (Vulnerable code not present)
CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework 2.0.50 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0. ...)
	NOT-FOR-US: Sun Logical Domain Manager
CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging  ...)
	NOT-FOR-US: Sun Java System Messaging Serve
CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow  ...)
	- syslog-ng 2.0.9-4.1 (unimportant; bug #505791)
	NOTE: no security flaw by itself, still it should be fixed
CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote at ...)
	NOT-FOR-US: MyFWB
CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...)
	NOT-FOR-US: TYPO3 third party extension "file_list"
CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User Applicatio ...)
	NOT-FOR-US: Novell User Application
CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory bef ...)
	NOT-FOR-US: eDirectory
CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (H ...)
	NOT-FOR-US: eDirectory
CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ( ...)
	NOT-FOR-US: eDirectory
CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before  ...)
	NOT-FOR-US: eDirectory
CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attac ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2008-5089 (Multiple insecure method vulnerabilities in the DDActiveReportsViewer2 ...)
	NOT-FOR-US: Data Dynamics ActiveReports ActiveX control
CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Softwar ...)
	NOT-FOR-US: PHPKB
CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anothe ...)
	NOT-FOR-US: wrg_anotherbelogin extension for typo3
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...)
	- libvirt 0.4.6-10
CVE-2008-5085
	RESERVED
CVE-2008-5084
	RESERVED
CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security  ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function (avahi-core/s ...)
	{DSA-1690-1 DTSA-189-1}
	- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote c ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ea ...)
	{DSA-1787-1 DSA-1687-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function (src/ ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value fr ...)
	{DSA-1701-1}
	- openssl 0.9.8g-15
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uplo ...)
	NOT-FOR-US: E-Uploader Pro
CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 mod ...)
	NOT-FOR-US: Freshlinks module for PHP-Fusion
CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks De ...)
	NOT-FOR-US: Novell ZENworks ActiveX control
CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...)
	NOT-FOR-US: K-Lite Mega Codec Pack
CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel  ...)
	NOT-FOR-US: Yoxel
CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, whe ...)
	NOT-FOR-US: Panuwat PromoteWeb MySQL
CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery a ...)
	NOT-FOR-US: Kmita Gallery
CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalo ...)
	NOT-FOR-US: Kmita Catalogue
CVE-2008-5066 (PHP remote file inclusion vulnerability in upload/admin/frontpage_righ ...)
	NOT-FOR-US: Agares Media ThemeSiteScript
CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication and g ...)
	NOT-FOR-US: TlGuestBook
CVE-2008-5064 (SQL injection vulnerability in liga.php in H&amp;H WebSoccer 2.80 allo ...)
	NOT-FOR-US: H&H WebSoccer
CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTM ...)
	NOT-FOR-US: OTManager
CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calen ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php in Min ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 a ...)
	NOT-FOR-US: ModernBill
CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4. ...)
	NOT-FOR-US: ModernBill
CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple ...)
	NOT-FOR-US: Pre Simple CMS
CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali a ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in department_offline_context ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in Activ ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy Membership S ...)
	NOT-FOR-US: Develop It Easy Membership System
CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php in the  ...)
	NOT-FOR-US: com_rssreader component for Joomla!
CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla  ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 f ...)
	NOT-FOR-US: joomla
CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger E ...)
	NOT-FOR-US: ISecSoft Anti-Keylogger
CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...)
	NOT-FOR-US: ISecSoft Anti-Trojan
CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental Sc ...)
	NOT-FOR-US: Mole Group Rental Script
CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script al ...)
	NOT-FOR-US: Mole Group Pizza Script
CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...)
	NOT-FOR-US: Network-Client FTP Now
CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based i ...)
	NOT-FOR-US: IBM Metrica Service Assurance Framework
CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypa ...)
	NOT-FOR-US: Zeeways PhotoVideoTube
CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default  ...)
	NOT-FOR-US: Sweex RO002 Router
CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for PHP- ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) featur ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
	NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
	- typo3-src 4.2.3-1 (bug #505326)
	[etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected)
CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUr ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the Linu ...)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls)
CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, all ...)
	- python2.5 2.5.2-11.1
	[etch] - python2.5 <no-dsa> (Minor issue)
	[etch] - python2.4 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #507317; bug #504620)
	NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
	NOTE: maybe fixed earlier, doko is not able to tell the exact version atm
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in cddb ...)
	{DSA-1665-1}
	- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunder ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1 ...)
	{DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x befor ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5020
	REJECTED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2. ...)
	{DSA-1671-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch for xulrunner currently not suitable, Alexander will check this further
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Moz ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - iceape <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - icedove <not-affected> (Doesn't affect Firefox 2.x et al)
CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file:  ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,  ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1
CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and O ...)
	NOT-FOR-US: in.dhcpd
CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user ...)
	- optipng 0.6.1.1-1 (bug #505399)
	[etch] - optipng <not-affected> (Vulnerable code not present referring to upstream)
CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware Manag ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number  ...)
	NOT-FOR-US: Microsoft
CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quick ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, w ...)
	NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hf ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.2 ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or li ...)
	- libsamplerate 0.1.4-1 (low)
	[etch] - libsamplerate <no-dsa> (Minor issue)
CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP Toolki ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	- uw-imap 7:2007d~dfsg-1
CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington  ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	[lenny] - uw-imap 2007b~dfsg-4+lenny1
	- uw-imap 7:2007d~dfsg-1
	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be installed)
CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie Lite  ...)
	NOT-FOR-US: myWebland Bloggie Lite
CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows remote a ...)
	NOT-FOR-US: Shahrood
CVE-2008-5002 (Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 Act ...)
	NOT-FOR-US: ActiveX
CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in vncview ...)
	NOT-FOR-US: UltraVNC
CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5 ...)
	NOT-FOR-US: PHPX
CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to ca ...)
	NOT-FOR-US: Nortel Networks UNIStim IP Phone
CVE-2008-4997
	- pilot-qof <unfixed> (unimportant; bug #496429)
CVE-2008-4996
	- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7. ...)
	NOT-FOR-US: Sun System Firmware
CVE-2008-5050 (Off-by-one error in the get_unicode_name function (libclamav/vba_extra ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earli ...)
	NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
	- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain dan ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2 ...)
	NOT-FOR-US: Enomalism
CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in l ...)
	{DSA-1719-1}
	- gnutls26 2.4.2-3 (bug #505360)
	- gnutls13 <removed>
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implemen ...)
	NOT-FOR-US: Cisco IOS and CatOS
CVE-2008-4962
	RESERVED
CVE-2008-4961
	RESERVED
CVE-2008-4953
	- firehol <unfixed> (unimportant; bug #496424)
	NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overw ...)
	- dpkg-cross <unfixed> (unimportant; bug #496413)
	NOTE: executed under a chroot when a package failed to cross-build
CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...)
	- aegis 4.24-3.1 (low; bug #496400)
	[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linu ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allo ...)
	NOT-FOR-US: U-Mail Webmail server
CVE-2008-XXXX [universalindentgui insecure usage of temp files]
	- universalindentgui 0.8.1-1.2 (low; bug #504726)
CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...)
	{DSA-1819-1 DTSA-176-1}
	- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before  ...)
	- vlc 1.0.3-1 (low)
	[etch] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
	[lenny] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in firm ...)
	NOT-FOR-US: firmCHANNEL Digital Signage
CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded  ...)
	NOT-FOR-US: MyBB
CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compo ...)
	NOT-FOR-US: MyBB
CVE-2008-4928 (Cross-site scripting (XSS) vulnerability in the redirect function in f ...)
	NOT-FOR-US: MyBB
CVE-2008-4927 (Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assist ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-4926 (Multiple insecure method vulnerabilities in MW6 Technologies PDF417 Ac ...)
	NOT-FOR-US: MW6 Technologies PDF417 ActiveX
CVE-2008-4925 (Multiple insecure method vulnerabilities in MW6 Technologies DataMatri ...)
	NOT-FOR-US: MW6 Technologies DataMatrix ActiveX
CVE-2008-4924 (Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcod ...)
	NOT-FOR-US: MW6 Technologies 1D Barcode ActiveX
CVE-2008-4923 (Multiple insecure method vulnerabilities in MW6 Technologies Aztec Act ...)
	NOT-FOR-US: MW6 Technologies Aztec ActiveX
CVE-2008-4922 (Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office ( ...)
	NOT-FOR-US: DjVu ActiveX
CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to ...)
	NOT-FOR-US: Chipmunk CMS
CVE-2008-4920
	REJECTED
CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X Active ...)
	NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
	NOT-FOR-US: SonicOS Enhanced
CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor befo ...)
	- nagios3 <removed> (unimportant)
	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
	NOTE: users shouldn't have access to nagios anyway
CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagi ...)
	- nagios3 3.0.6-1 (low; bug #504894)
	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware W ...)
	NOT-FOR-US: VMWare
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401- ...)
	NOT-FOR-US: VMware
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ea ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...)
	NOT-FOR-US: RS MAXSOFT
CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in Chattaitaliano  ...)
	NOT-FOR-US: Chattaitaliano Istant-Replay
CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers to exec ...)
	NOT-FOR-US: Sun Java Web Start
CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and  ...)
	NOT-FOR-US: CompactCMS
CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local u ...)
	- crossfire-maps 1.11.0-2 (low; bug #496358; bug #504561)
	[etch] - crossfire-maps <no-dsa> (Minor issue)
CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_m ...)
	NOT-FOR-US: Lyrics (lyrics_menu) plugin for e107
CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating password ...)
	- typo <itp> (bug #379399)
CVE-2008-4904 (SQL injection vulnerability in the "Manage pages" feature (admin/pages ...)
	- typo <itp> (bug #379399)
CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment (feedbac ...)
	- typo <itp> (bug #379399)
CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article Publisher ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article Publisher Pr ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Bla ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1. ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 all ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz podcast CM ...)
	NOT-FOR-US: Logz podcast CMS
CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Lo ...)
	NOT-FOR-US: Logz CMS
CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline Builde ...)
	NOT-FOR-US: YourFreeWorld Downline
CVE-2008-4894 (Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tri ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetl ...)
	NOT-FOR-US: Planetluc MyGallery
CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetlu ...)
	NOT-FOR-US: SignMe
CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4 Professional ...)
	NOT-FOR-US: 1st News 4 Professional
CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP)  ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 a ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and earlier al ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld Shopping Car ...)
	NOT-FOR-US: YourFreeWorld Shopping
CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text ...)
	NOT-FOR-US: YourFreeWorld Scrolling Text
CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hos ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Sc ...)
	NOT-FOR-US: YourFreeWorld Blog Blaster
CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder H ...)
	NOT-FOR-US: YourFreeWorld Autoresponder
CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder Servic ...)
	NOT-FOR-US: YourFreeWorld Reminder
CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop allows r ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows remot ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...)
	- dovecot 1:1.1.7-1 (low)
	[etch] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
	[lenny] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
CVE-2008-5186
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (bug #504445)
	NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
	NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
	- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
	NOTE: DokuWiki passes a static string to $path parameter
	- pgfouine 1.0-1.1 (unimportant; bug #504681)
	NOTE: pgfouine too does not override default language files path
CVE-2008-6432
	REJECTED
CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" featur ...)
	NOT-FOR-US: WebCards
CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when magic_q ...)
	NOT-FOR-US: WebCards
CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server component i ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips Electro ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with firmw ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Sepal SPBOARD
CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBid ...)
	NOT-FOR-US: iTechBids Gold
CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2 ...)
	NOT-FOR-US: My Little Forum
CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...)
	- dovecot <unfixed> (unimportant)
	NOTE: by default this file doesnt containt sensitive information and administrator
	NOTE: changing this should ensure on its own that the mode is secure
CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers t ...)
	- ffmpeg-debian 0.svn20080206-15 (unimportant; bug #504977)
	NOTE: A regular bug, but hardly a security issue
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in libavcodec/ ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- ffmpeg-debian <not-affected> (Vulnerable code not present)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as  ...)
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 befor ...)
	{DSA-1782-1}
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows lo ...)
	- valgrind 1:3.3.1-3 (unimportant; bug #507312)
	NOTE: That's hardly an issue
CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in Pytho ...)
	- python2.5 2.5.2-12 (low; bug #504619)
	[etch] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #504620)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 a ...)
	- blender 2.46+dfsg-5 (bug #503632; low)
	[etch] - blender 2.42a-8
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4862
	REJECTED
CVE-2008-4861
	REJECTED
CVE-2008-4860
	REJECTED
CVE-2008-4859
	REJECTED
CVE-2008-4858
	REJECTED
CVE-2008-4857
	REJECTED
CVE-2008-4856
	REJECTED
CVE-2008-4855
	REJECTED
CVE-2008-4854
	REJECTED
CVE-2008-4853
	REJECTED
CVE-2008-4852
	REJECTED
CVE-2008-4851
	REJECTED
CVE-2008-4850
	REJECTED
CVE-2008-4849
	REJECTED
CVE-2008-4848
	REJECTED
CVE-2008-4847
	REJECTED
CVE-2008-4846
	REJECTED
CVE-2008-4845
	REJECTED
CVE-2008-4844 (Use-after-free vulnerability in the CRecordInstance::TransferToDestina ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4843
	REJECTED
CVE-2008-4842
	REJECTED
CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4840
	REJECTED
CVE-2008-4839
	REJECTED
CVE-2008-4838
	REJECTED
CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4836
	REJECTED
CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP ...)
	NOT-FOR-US: Windows
CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2008-4833
	REJECTED
CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows lo ...)
	NOT-FOR-US: rPath
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusi ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI ...)
	NOT-FOR-US: KWEdit ActiveX control
CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow r ...)
	{DSA-1683-1}
	- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote Ag ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) T ...)
	NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826
	REJECTED
CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other v ...)
	NOT-FOR-US: UltraISO
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret p ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is us ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 an ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader 8.1. ...)
	NOT-FOR-US: Adobe Reader on Windows
CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2  ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader and A ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow re ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer extens ...)
	NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in  ...)
	{DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in  ...)
	{DSA-1919-1 DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is fixed in r2797
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in I ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover pa ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for the adm ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x be ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Conne ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke all ...)
	NOT-FOR-US: NFU Gallery module 1.3 for PHP-Nuke
CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Sc ...)
	NOT-FOR-US: Simple PHP Scripts gallery
CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Scripts blog
CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing non-pri ...)
	- htop 0.8.1-2 (unimportant; bug #504144)
	NOTE: That scenario is too constructed to call it a security issue, especially
	NOTE: given that the standard top will display the maliciously hidden processes
	NOTE: just fine.
CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualB ...)
	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service  ...)
	NOT-FOR-US: SQL CAD service
CVE-2008-4800 (The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Mi ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 ...)
	NOT-FOR-US: WebGUI
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server  ...)
	NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 a ...)
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- libphp-snoopy 1.2.4-1 (bug #504168; medium)
	- ampache 3.4.1-2 (bug #504169)
	- mahara 1.0.5-2 (bug #504170)
	[lenny] - mahara 1.0.4-3
	- pixelpost 1.7.1-5 (bug #504171)
	- mediamate 0.9.3.6-5 (bug #504172; unimportant)
	NOTE: mediamate does not use snoopy in https requests
	- opendb <removed> (unimportant; bug #504173)
	- wordpress 2.5.1-9 (bug #504234)
	- moodle 1.8.2-2 (bug #504235)
	- gforge-plugin-scmcvs <removed>
	[etch] - gforge-plugin-scmcvs <not-affected> (Snoopy function not used on URLs that come from user input)
	- magpierss <not-affected> (Fixed in all supported distributions)
CVE-2008-4795 (The links panel in Opera before 9.62 processes Javascript within the c ...)
	NOT-FOR-US: Opera
CVE-2008-4794 (Opera before 9.62 allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: Opera
CVE-2008-4793 (The node module API in Drupal 5.x before 5.11 allows remote attackers  ...)
	- drupal5 5.10-3 (low)
	- drupal6 <not-affected> (Vulnerable code not present)
CVE-2008-4792 (The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4791 (The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might all ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4790 (The core upload module in Drupal 5.x before 5.11 allows remote authent ...)
	- drupal5 5.10-3 (low)
CVE-2008-4789 (The validation functionality in the core upload module in Drupal 6.x b ...)
	- drupal6 6.4-2 (low)
CVE-2008-4788 (Microsoft Internet Explorer 6 omits high-bit URL-encoded characters wh ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4787 (Visual truncation vulnerability in Microsoft Internet Explorer 6 allow ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4786 (SQL injection vulnerability in easyshop.php in the EasyShop plugin for ...)
	NOT-FOR-US: EasyShop plugin for e107
CVE-2008-4785 (SQL injection vulnerability in newuser.php in the alternate_profiles p ...)
	NOT-FOR-US: e107
CVE-2008-4784 (aflog 1.01 allows remote attackers to bypass authentication and gain a ...)
	NOT-FOR-US: aflog
CVE-2008-4783 (tlAds 1.0 allows remote attackers to bypass authentication and gain ad ...)
	NOT-FOR-US: tlAds
CVE-2008-4782 (SQL injection vulnerability in public/code/cp_polls_results.php in All ...)
	NOT-FOR-US: AIOCP
CVE-2008-4781 (Directory traversal vulnerability in update.php in MyKtools 2.4 allows ...)
	NOT-FOR-US: MyKtools
CVE-2008-4780 (Directory traversal vulnerability in admin/centre.php in MyForum 1.3,  ...)
	NOT-FOR-US: MyForum
CVE-2008-4779 (Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers  ...)
	NOT-FOR-US: TUGzip
CVE-2008-4778 (SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 a ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-4777 (SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) co ...)
	NOT-FOR-US: Showroom Joomlearn LMS
CVE-2008-4774 (Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS  ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4773 (Directory traversal vulnerability in main/main.php in QuestCMS allows  ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4772 (SQL injection vulnerability in main/main.php in QuestCMS allows remote ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4771 (Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-4770 (The CMsgReader::readRect function in the VNC Viewer component in RealV ...)
	{DSA-1716-1}
	- vnc4 4.1.1+X4.3.0-31 (medium; bug #513531)
CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of servic ...)
	{DSA-1664-1}
	- libgadu 1:1.8.0+r592-3 (low; bug #503916)
	- kadu 0.6.0.2-3 (low; bug #504429)
	- ekg 1:1.8~rc0-1 (low)
	- centerim 4.22.9-1 (low; bug #559782)
	[lenny] - centerim <no-dsa> (Minor issue)
	NOTE: claimed to be fixed in point update but is not: [lenny] - centerim 4.22.5-1+lenny1
	- qutecom <not-affected> (does not use libgadu embed; bug #559784)
CVE-2008-4769 (Directory traversal vulnerability in the get_category_template functio ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-1
CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to  ...)
	NOT-FOR-US: TLM CMS
CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1 ...)
	NOT-FOR-US: Oxygen Bulletin Board
CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth  ...)
	NOT-FOR-US: osCommerce Poll Booth Add-On
CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module (com_extplor ...)
	NOT-FOR-US: eXtplorer module in Joomla!
CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in W ...)
	NOT-FOR-US: WiKID wClient-PHP
CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authentica ...)
	NOT-FOR-US: freeSSHd
CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/ ...)
	NOT-FOR-US: Kayako eSupport
CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, wh ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 a ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily al ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote attac ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP- ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified Au ...)
	NOT-FOR-US: PozScripts Classified Auctions Script
CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...)
	NOT-FOR-US: Scripts for Sites Ez Forum
CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader all ...)
	NOT-FOR-US: AJ Square RSS Reader
CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain a ...)
	NOT-FOR-US: TlNews
CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei Guestboo ...)
	NOT-FOR-US: iPei Guestbook
CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX ...)
	NOT-FOR-US: ActiveX
CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX c ...)
	NOT-FOR-US: ActiveX
CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System LDA ...)
	NOT-FOR-US: Sun Java System LDAP JDK
CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2. ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin  ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...)
	NOT-FOR-US: DXShopCart
CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...)
	NOT-FOR-US: QuidaScript FAQ Management Script
CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in interface/Login ...)
	NOT-FOR-US: TimeTrex
CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when m ...)
	NOT-FOR-US: FAR-PHP
CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...)
	NOT-FOR-US: ZZ_Templater module in TinyCMS
CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows l ...)
	- lynx-cur 2.8.7dev4-1 (low)
	- lynx <not-affected> (Doesn't include the current directory in the search path)
CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when se ...)
	- kvirc <not-affected> (Windows-specific vulnerability)
CVE-2008-XXXX [balazar3: insecure temp file handling]
	- balazar3 0.1-2 (bug #503750)
CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin  ...)
	- phpmyadmin 4:2.11.8.1-4 (low)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.securityfocus.com/archive/1/497815
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/600a2ca21bc8b40742fd0a919a6b06a477548647
CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when  ...)
	NOT-FOR-US: PlugSpace
CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remo ...)
	NOT-FOR-US: MyCard
CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite  ...)
	NOT-FOR-US: WhoDomLite
CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ea ...)
	NOT-FOR-US: RPG.Board
CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord Asset ...)
	NOT-FOR-US: Concord software
CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP C ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment Rem ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown  ...)
	- yacy <itp> (bug #452422)
CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 al ...)
	- phpmyid <itp> (bug #492325)
CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX cont ...)
	NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728 (Multiple insecure method vulnerabilities in the DeployRun.DeploymentSe ...)
	NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page (s ...)
	NOT-FOR-US: SunGard Banner Student
CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4  ...)
	NOT-FOR-US: GoodTech SSH
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 al ...)
	NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0 ...)
	- webkit 1.1.7-1 (low; bug #520052)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	- iceweasel <not-affected>
	NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM)  ...)
	NOT-FOR-US: Sun ILOM
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authent ...)
	NOT-FOR-US: PHP Jabbers
CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini Porta ...)
	NOT-FOR-US: The Gemini Portal
CVE-2008-4719 (PHP remote file inclusion vulnerability in cms/classes/openengine/file ...)
	NOT-FOR-US: openEngine
CVE-2008-4718 (Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 ...)
	NOT-FOR-US: X7 Chat
CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...)
	NOT-FOR-US: ZEELYRICS
CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 a ...)
	NOT-FOR-US: PHP-Lance
CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for J ...)
	NOT-FOR-US: com_jpad for Joomla!
CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_ ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows r ...)
	NOT-FOR-US: 212cafe Board
CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9. ...)
	NOT-FOR-US: LnBlog
CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quo ...)
	NOT-FOR-US: Joovili
CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in S ...)
	NOT-FOR-US: Stock module for Drupal
CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) eTrai ...)
	NOT-FOR-US: PG eTraining
CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vB ...)
	NOT-FOR-US: VBGooglemap Hotspot Edition
CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating  ...)
	NOT-FOR-US: MyPHPDating
CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...)
	NOT-FOR-US: SezHoo
CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows r ...)
	NOT-FOR-US: BosDev BosNews
CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 al ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when magi ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlie ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
	NOT-FOR-US: Peachtree Accounting
CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a  ...)
	NOT-FOR-US: Opera
CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located  ...)
	NOT-FOR-US: Opera
CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before  ...)
	NOT-FOR-US: Opera
CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Opera
CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before FP1 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in th ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx i ...)
	- lynx <not-affected> (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely)
CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, w ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the privileg ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in  ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handl ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL  ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ca ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wiresha ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 al ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM  ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...)
	- vim <unfixed> (unimportant)
	NOTE: documented in netrw documentation
CVE-2008-XXXX [local file inclusion in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 5.10-3 (low; bug #503217)
CVE-2008-XXXX [XSS in book module in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 <not-affected> (vulnerable code not present)
CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation Serv ...)
	NOT-FOR-US: Citrix XenApp
CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earli ...)
	NOT-FOR-US: PHPcounter
CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real  ...)
	NOT-FOR-US: Conkurent Real Estate Manager
CVE-2008-4673 (PHP remote file inclusion vulnerability in panel/common/theme/default/ ...)
	NOT-FOR-US: WebBiscuits Software Events Calendar
CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in buym ...)
	NOT-FOR-US: buymyscripts Lyrics Script
CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in W ...)
	- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Cli ...)
	NOT-FOR-US: Ed Pudol Clickbank Portal
CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
	NOT-FOR-US: Dan Fletcher Recipe Script
CVE-2008-4668 (Directory traversal vulnerability in the Image Browser (com_imagebrows ...)
	NOT-FOR-US: com_imagebrowser for Joomla!
CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 all ...)
	NOT-FOR-US: ArabCMS
CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00  ...)
	NOT-FOR-US: Ultimate Webboard
CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers  ...)
	NOT-FOR-US: PG Matchmaking
CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (Q ...)
	NOT-FOR-US: QvodInsert
CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...)
	NOT-FOR-US: K's CGI Access Log Kaiseki
CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when  ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_ ...)
	NOT-FOR-US: sm_pageimprovements for TYPO3
CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extensi ...)
	NOT-FOR-US: m1_intern for TYPO3
CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist ...)
	NOT-FOR-US: kiddog_playerlist for TYPO3
CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 a ...)
	NOT-FOR-US: dmmjobcontrol for TYPO3
CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ea ...)
	NOT-FOR-US: econda for TYPO3
CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) 0 ...)
	NOT-FOR-US: fersview for TYPO3
CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0  ...)
	NOT-FOR-US: simplesurvey for TYPO3
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly  ...)
	NOT-FOR-US: Makale module for XOOPS
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communica ...)
	NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows rem ...)
	NOT-FOR-US: myEvent
CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allow ...)
	NOT-FOR-US: Elxis
CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 200 ...)
	NOT-FOR-US: Elxis
CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remo ...)
	NOT-FOR-US: sweetCMS
CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the S ...)
	NOT-FOR-US: Websense Enterprise
CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP add ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows re ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...)
	NOT-FOR-US: AstroSPACES
CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ea ...)
	- jhead 2.84-2 (low; bug #503645)
CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ea ...)
	- jhead 2.85-1 (unimportant; bug #504194)
	NOTE: no issue, jhead is just unlinking the output file if it already exists, this is not following symlinks
CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users t ...)
	- jhead 2.84-1 (low)
CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas Fil ...)
	NOT-FOR-US: Symantec VxFS
CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 al ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allo ...)
	NOT-FOR-US: SUSE Linux and Novell Linux (yast2-backup)
CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
	NOT-FOR-US: XOOPS module
CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.2 ...)
	- movabletype-opensource 4.2.1-3 (low; bug #503114)
CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x be ...)
	NOT-FOR-US: Node Vote
CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure 0.6. ...)
	NOT-FOR-US: Kure
CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in me ...)
	NOT-FOR-US: MUSCLE, NOTE this is not the multiple alignment program for protein sequences in Debian
CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Fr ...)
	NOT-FOR-US: Midgard Components Framework
CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 al ...)
	NOT-FOR-US: myWebland miniBloggie
CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Bu ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ano ...)
	NOT-FOR-US: yappa-ng
CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsle ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL  ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) com ...)
	NOT-FOR-US: DS-Syndicate
CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allo ...)
	NOT-FOR-US: phpFastNews
CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproper ...)
	NOT-FOR-US: ZeeScripts Zeeproperty
CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) befo ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the  ...)
	{DSA-1681-1}
	- linux-2.6 2.6.26-10
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! al ...)
	NOT-FOR-US: actualite module for Joomla!
CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass res ...)
	NOT-FOR-US: SpamBam plugin for WordPress
CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...)
	NOT-FOR-US: PortalApp
CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ( ...)
	NOT-FOR-US: PortalApp
CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remo ...)
	NOT-FOR-US: PortalApp
CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remot ...)
	NOT-FOR-US: PortalApp
CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretc ...)
	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service (applicat ...)
	{DTSA-181-1}
	- mplayer 1.0~rc2-20 (bug #407010)
	NOTE: only the aac issue affected mplayer because it built against a copy of faad
	NOTE: the ogm issue is a problem in ffmpeg
	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
	- ffmpeg 7:2.4.1-1 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: just a crasher, no security implications known so far
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix,  ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service
	NOTE: there is no upstream solution
	NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables
	NOTE: also see usage of ipt_connlimit as a mitigation strategy
CVE-2008-4608
	REJECTED
CVE-2008-4607
	REJECTED
CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...)
	NOT-FOR-US: IP Reg
CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to e ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 a ...)
	NOT-FOR-US: iGaming CM
CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro 2 ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in Habar ...)
	NOT-FOR-US: Habari CMS
CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows r ...)
	NOT-FOR-US: PokerMax Poker League Tournament Script
CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows  ...)
	NOT-FOR-US: Mosaic Commerce
CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drup ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly restric ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a  ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...)
	NOT-FOR-US: Slaytanic Scripts Content Plus
CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N  ...)
	NOT-FOR-US: Linksys WAP4400N firmware
CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...)
	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
	- mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
	[lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left)
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty dem ...)
	- vlc 1.0.3-1 (low; bug #502726)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the TiV ...)
	{DSA-1819-1 DTSA-175-1}
	- vlc 0.8.6.h-4.1 (medium; bug #503118)
CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote authenticate ...)
	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
	NOTE: only registered users can perform this
CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web Pan ...)
	NOT-FOR-US: Sports Clubs Web Panel
CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in admin/include/i ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote att ...)
	NOT-FOR-US: Stash
CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo  ...)
	NOT-FOR-US: Lenovo Rescue and Recovery
CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, poss ...)
	NOT-FOR-US: Etype Eserv
CVE-2008-4587 (Insecure method vulnerability in the MSVNClientDownloadManager61Lib.Do ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4586 (Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 A ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4585 (Belong Software Site Builder 0.1 beta allows remote attackers to bypas ...)
	NOT-FOR-US: Software Site Builder
CVE-2008-4584 (Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (Chi ...)
	NOT-FOR-US: Chilkat Mail
CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...)
	NOT-FOR-US: Chilkat FTP
CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and  ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- iceape 1.1.13-1
	- icedove 2.0.0.19-1
CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows lo ...)
	- redhat-cluster 2.20080801-1 (low; bug #496410)
	[etch] - redhat-cluster <no-dsa> (Minor issue)
	NOTE: already fixed in lenny
CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fenc ...)
	- redhat-cluster 2.20081102-1 (low; bug #496410)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
	[etch] - redhat-cluster <no-dsa> (Minor issue)
CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass inte ...)
	- dovecot 1:1.1.9-1 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
	[lenny] - dovecot <no-dsa> (Minor issue)
CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights a ...)
	- dovecot 1:1.0.15-2.2 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might a ...)
	- jhead 2.84-1 (bug #502353; low)
CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in P ...)
	- plone3 3.0.4-1 (low)
CVE-2008-4569 (SQL injection vulnerability in xlacomments.asp in XIGLA Software Absol ...)
	NOT-FOR-US: XIGLA Software Absolute Poll Manager
CVE-2008-4574 (SQL injection vulnerability in default.asp in Ayco Okul Portali allows ...)
	NOT-FOR-US: Ayco Okul Portali
CVE-2008-4573 (SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W ...)
	NOT-FOR-US: MunzurSoft Wep Portal W3
CVE-2008-4572 (GuildFTPd 0.999.14, and possibly other versions, allows remote attacke ...)
	NOT-FOR-US: GuildFTPd
CVE-2008-4570 (SQL injection vulnerability in index.php in Real Estate Classifieds al ...)
	NOT-FOR-US: Real Estate Classifieds
CVE-2008-4568
	RESERVED
CVE-2008-4567
	RESERVED
CVE-2008-4566
	RESERVED
CVE-2008-4565
	RESERVED
CVE-2008-4564 (Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 1 ...)
	NOT-FOR-US: Autonomy KeyView SDK
CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the d ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network Nod ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4561
	RESERVED
CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows  ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows  ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (a ...)
	NOT-FOR-US: CuteNews.ru
CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind  ...)
	NOT-FOR-US: Sun Solstice AdminSuite
CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y (lib ...)
	- graphviz 2.20.2-3 (low)
	[etch] - graphviz 2.8-3+etch1
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before  ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...)
	{DSA-1657-1}
	- qemu 0.9.1-6 (low; bug #496394)
CVE-2008-4552 (The good_client function in nfs-utils 1.0.9, and possibly other versio ...)
	- nfs-utils 1:1.1.3-1
	[lenny] - nfs-utils 1:1.1.2-6lenny1
	[etch] - nfs-utils <no-dsa> (Minor issue)
CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...)
	- strongswan 4.2.4-5 (bug #502676)
	[etch] - strongswan <not-affected> (Vulnerable code not present)
CVE-2008-4550
	RESERVED
CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in Imag ...)
	NOT-FOR-US: ImageShack Toolbar ActiveX control
CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (Ca ...)
	NOT-FOR-US: PTZCamPanelCtrl ActiveX control
CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (p ...)
	NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
	- vlc 0.9.3-1 (medium; bug #502314)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x bef ...)
	NOT-FOR-US: Cisco
CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by  ...)
	NOT-FOR-US: Microsoft
CVE-2008-4543 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x bef ...)
	NOT-FOR-US: Cisco
CVE-2008-4542 (Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2 ...)
	NOT-FOR-US: Cisco
CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords availab ...)
	NOT-FOR-US: Windows Mobile
CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...)
	{DSA-1799-1}
	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
	[etch] - qemu <not-affected> (Vulnerable code not present)
CVE-2008-4538
	RESERVED
CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ear ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ear ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ea ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ve ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, whic ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and  ...)
	NOT-FOR-US: Kantan WEB Server
CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript We ...)
	NOT-FOR-US: MaxiScript Website Directory
CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x befo ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.2 ...)
	NOT-FOR-US: asiCMS
CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline's Personal ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) mod ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote  ...)
	NOT-FOR-US: CCMS
CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remot ...)
	NOT-FOR-US: AmpJuke
CVE-2008-4524 (SQL injection vulnerability in the "Check User" feature (includes/chec ...)
	NOT-FOR-US: AdaptCMS
CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier all ...)
	NOT-FOR-US: IP Reg
CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio  ...)
	NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script
CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of Wa ...)
	NOT-FOR-US: World of Warcraft tracker
CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNess ...)
	NOT-FOR-US: AutoNessus
CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d  ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remo ...)
	NOT-FOR-US: geccBBlite
CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows remot ...)
	NOT-FOR-US: Galerie
CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScr ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to caus ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crash is a non-issue
CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in Phoru ...)
	NOT-FOR-US: Phorum
CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...)
	NOT-FOR-US: ASP/MS Access Shoutbox
CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb un ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allo ...)
	NOT-FOR-US: Microsoft
CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS Gal ...)
	NOT-FOR-US: FOSS Gallery
CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec Inte ...)
	NOT-FOR-US: Tonec Internet Download Manager
CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Pl ...)
	NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allow ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent att ...)
	- xerces-c2 <unfixed> (unimportant; bug #502102)
	NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3
CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional o ...)
	NOT-FOR-US: Flash CS3 Professional
CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DF ...)
	NOT-FOR-US: DataFeedFile PHP Framework API
CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1  ...)
	NOT-FOR-US: Serv-U
CVE-2008-4500 (Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authentic ...)
	NOT-FOR-US: Serv-U
CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...)
	NOT-FOR-US: PHP Web Explorer
CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 al ...)
	NOT-FOR-US: PHP Autos
CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real Estat ...)
	NOT-FOR-US: Built2Go Real Estate Listings
CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows  ...)
	NOT-FOR-US: PHP Realtor
CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 all ...)
	NOT-FOR-US: PHP Auto Dealer
CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader  ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as u ...)
	NOT-FOR-US: PicturePusher ActiveX
CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows  ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the serv ...)
	NOT-FOR-US: Mac OS
CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...)
	NOT-FOR-US: phpAbook
CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0  ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CM ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...)
	NOT-FOR-US: SACphp
CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in  ...)
	NOT-FOR-US: Blue Coat Security Gateway OS
CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier allows remote attackers to g ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 an ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier  ...)
	NOT-FOR-US: Redmine
CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16 ...)
	NOT-FOR-US: LiveUpdate ActiveX
CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class i ...)
	NOT-FOR-US: DWF Viewer ActiveX
CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assiste ...)
	NOT-FOR-US: Numark
CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freel ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zo ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech To ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech  ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zon ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zon ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal I ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone a ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in  ...)
	NOT-FOR-US: eXtrovert Thyme
CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading Marke ...)
	NOT-FOR-US: E-Php B2B Trading Marketplace Script
CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal  ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51-1 (low; bug #526254)
CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL Qu ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5 ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging Acti ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allow ...)
	NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv
CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...)
	NOT-FOR-US: ESET System Analyzer Tool
CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Win ...)
	NOT-FOR-US: XAMPP
CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ex ...)
	NOT-FOR-US: mIRC
CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in Posi ...)
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive So ...)
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 an ...)
	NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream C ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.6
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2008-4443
	RESERVED
CVE-2008-4442
	RESERVED
CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with fi ...)
	NOT-FOR-US: Linksys
CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in Mart ...)
	NOT-FOR-US: MartinWood Datafeed Studio
CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed Stu ...)
	NOT-FOR-US: Datafeed Studio
CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before 2 ...)
	{DTSA-170-1}
	- bugzilla 3.0.5.0-1 (low; bug #502019)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
	NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Down ...)
	NOT-FOR-US: RMSOFT Downloads Plus
CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earli ...)
	NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop modul ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT M ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlie ...)
	NOT-FOR-US: IceBB
CVE-2008-4430
	REJECTED
CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 a ...)
	NOT-FOR-US: SOURCENEXT Virus Security ZERO
CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's Pe ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4427 (changepassword.php in Phlatline's Personal Information Manager (pPIM)  ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in Phlatline's  ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4425 (Directory traversal vulnerability in upload.php in Phlatline's Persona ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain Group  ...)
	NOT-FOR-US: Domain Group Network GooCMS
CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows rem ...)
	NOT-FOR-US: Ovidentia
CVE-2008-4422
	REJECTED
CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably  ...)
	NOT-FOR-US: MetaGauge
CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in  ...)
	NOT-FOR-US: DynaZip Max
CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web administrati ...)
	NOT-FOR-US: HP-ChaiSOE
CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.1 ...)
	NOT-FOR-US: HP-UX
CVE-2008-4417
	REJECTED
CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows loc ...)
	NOT-FOR-US: HP-UX
CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71  ...)
	NOT-FOR-US: HP Service Manager (HPSM)
CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UN ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Vi ...)
	- linux-2.6 2.6.26-8
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities  ...)
	- libxml2 <not-affected>
	[lenny] - libxml2 <not-affected> (Vulnerable code not present)
	[etch] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: The bug affects only to 2.7.0 and 2.7.1
CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4 ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the /local/d ...)
	- xen-3 3.4.0-1 (bug #503811)
	- xen-unstable <removed>
	NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeri ...)
	NOT-FOR-US: IPv6 NDP on IBM zSeries
CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0,  ...)
	{DTSA-171-1}
	- mediawiki 1:1.13.2-1 (low; bug #501115)
	[etch] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a sym ...)
	- ibackup <removed> (low; bug #496432)
	[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not requ ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (former ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dl ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) i ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
	NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary fi ...)
	- ltp 20060918-3 (low; bug #496411)
	[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files v ...)
	- fml <removed> (low; bug #496370)
	[etch] - fml <no-dsa> (Minor issue)
CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to ove ...)
	- gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
	NOTE: Only applies to a script used for an obscure SGI compiler
CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary file ...)
	- bulmages <removed> (unimportant; bug #496382)
	NOTE: Only present in example scripts
CVE-2008-5034
	- printfilters-ppd <unfixed> (unimportant; bug #496417)
	NOTE: Only exploitable when modifying master-filter by hand
CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary  ...)
	- freevo <unfixed> (unimportant; bug #496373)
	NOTE: Only exploitable when modifying script by hand
CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...)
	- netmrg 0.20-2 (low; bug #496384)
	[etch] - netmrg <no-dsa> (Minor issue)
CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files  ...)
	- impose+ 0.2-11.1 (low; bug #496435)
	[etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...)
	- konwert 1.8-11.2 (low; bug #496379)
	[etch] - konwert <no-dsa> (Minor issue)
CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a symlin ...)
	- wims 3.62-13.1 (low; bug #496387)
	[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to overw ...)
	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary ...)
	- bk2site <removed> (unimportant; bug #496430)
	NOTE: Only debug code, script needs to be edited to exploit this
CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
	- scilab 4.1.2-6 (low; bug #496414)
	[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
	{DSA-1731-1}
	- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before 2.1.4 ...)
	NOT-FOR-US: Gentoo package manager Portage
CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery  ...)
	NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultane ...)
	- djbdns <removed> (high; bug #516394)
CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the NetCamPlaye ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 s ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4389 (Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x  ...)
	NOT-FOR-US: Symantec AppStream
CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Syma ...)
	NOT-FOR-US: LaunchObj ActiveX
CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrm ...)
	NOT-FOR-US: ActiveX
CVE-2008-4386
	RESERVED
CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Ana ...)
	NOT-FOR-US: LLC Systems Requirements Lab
CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...)
	NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management w ...)
	NOT-FOR-US: Agranet-Emweb
CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of se ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser dos not treated as security issue. This is the same like CVE-2008-4381
	NOTE: which will work in every JS browser as the PoC just creates a large string passing
	NOTE: it to alert and thus eating memory, no security issue.
CVE-2008-4381 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4380 (The web interface in Samsung DVR SHR2040 allows remote attackers to ca ...)
	NOT-FOR-US: Samsung DVR SHR2040
CVE-2008-4379 (Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy  ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4378 (SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4377 (SQL injection vulnerability in index.asp in Creative Mind Creator CMS  ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-4376 (SQL injection vulnerability in index.php in Live TV Script allows remo ...)
	NOT-FOR-US: Live TV Script
CVE-2008-4375 (SQL injection vulnerability in viewprofile.php in Availscript Classmat ...)
	NOT-FOR-US: Availscript
CVE-2008-4374 (SQL injection vulnerability in index.php in CMS Buzz allows remote att ...)
	NOT-FOR-US: CMS Buzz
CVE-2008-4373 (SQL injection vulnerability in job_seeker/applynow.php in AvailScript  ...)
	NOT-FOR-US: Availscript
CVE-2008-4372 (Cross-site scripting (XSS) vulnerability in articles.php in AvailScrip ...)
	NOT-FOR-US: Availscript
CVE-2008-4371 (SQL injection vulnerability in articles.php in AvailScript Article Scr ...)
	NOT-FOR-US: Availscript
CVE-2008-4370 (Multiple cross-site scripting (XSS) vulnerabilities in Availscript Pho ...)
	NOT-FOR-US: Availscript
CVE-2008-4369 (SQL injection vulnerability in pics.php in Availscript Photo Album all ...)
	NOT-FOR-US: Availscript
CVE-2008-4368 (The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10. ...)
	NOT-FOR-US: Java on OSX
CVE-2008-4367
	RESERVED
CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite  ...)
	{DTSA-177-1 DTSA-178-1}
	- liquidsoap 0.3.8.1+2-2 (low; bug #496360)
	[lenny] - liquidsoap 0.3.6-4+lenny1
CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary  ...)
	- openswan 1:2.6.21+dfsg-2 (unimportant; bug #496376)
	NOTE: Only unused packaging bits
CVE-2008-4941 (arb-common 0.0.20071207.1 allows local users to overwrite arbitrary fi ...)
	- arb 0.0.20071207.1-5 (low; bug #496396)
CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary fi ...)
	- aptoncd 0.1-1.2 (bug #496390; low)
CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwri ...)
	- dhis-server 5.3-1.2 (bug #496388; unimportant)
CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a  ...)
	- linuxtrade <removed> (unimportant; bug #496372)
	NOTE: unimportant since the program is dysfunctional with the current
	NOTE: trading website and thus not exploitable for practical purposes
CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary file ...)
	- rccp 0.9-2.1 (low; bug #496364)
	[etch] - rccp <no-dsa> (Minor issue)
CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary f ...)
	- digitaldj 0.7.5-6.1 (low; bug #496399)
	[etch] - digitaldj <no-dsa> (Minor issue)
CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ar ...)
	- cdrw-taper 0.4-2.1 (low; bug #496380)
	[etch] - cdrw-taper <no-dsa> (Minor issue)
CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
	- gdrae 0.1-1.1 (low; bug #496378)
	[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component i ...)
	NOT-FOR-US: Camera Life
CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1. ...)
	NOT-FOR-US: Siteman
CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CM ...)
	NOT-FOR-US: ParsaGostar ParsaWeb CMS
CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a d ...)
	NOT-FOR-US: DESlock
CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 all ...)
	NOT-FOR-US: DESlock
CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote  ...)
	NOT-FOR-US: PowerPortal
CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operati ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redire ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP  ...)
	NOT-FOR-US: SPAW Editor PHP
CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows r ...)
	NOT-FOR-US: Powie pLink
CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ( ...)
	NOT-FOR-US: Powie PSCRIPT Forum
CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media iBo ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote att ...)
	NOT-FOR-US: Linkarity
CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCo ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 allo ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...)
	NOT-FOR-US: vbLOGIX Tutorial Script
CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0n ...)
	NOT-FOR-US: s0nic Paranews
CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...)
	NOT-FOR-US: PHPortfolio
CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows  ...)
	NOT-FOR-US: Powie pNews
CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...)
	NOT-FOR-US: TalkBack
CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote atta ...)
	NOT-FOR-US: 6rbScript
CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...)
	NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control
CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX  ...)
	NOT-FOR-US: ActiveX
CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cau ...)
	- chromium-browser <not-affected> (only 0.x is affected)
	- webkit <not-affected> (poc not effective)
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in Sy ...)
	NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save fu ...)
	NOT-FOR-US: drupal brilliant gallery 3rd party module
CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows rem ...)
	NOT-FOR-US: Bitweaver
CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo  ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1 ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus all ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php  ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in  ...)
	NOT-FOR-US: phpOCS
CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 allow ...)
	NOT-FOR-US: LanSuite
CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php i ...)
	NOT-FOR-US: openEngine
CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008  ...)
	NOT-FOR-US: EasyRealtorPRO
CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly hand ...)
	NOT-FOR-US: Microsoft
CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in phpM ...)
	{DSA-1675-1}
	- phpmyadmin 4:2.11.8.1-3
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44f9f2f8b7475c2d48c529d9bfd0ff473cd328b1 (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d219abdcd55c11f7f629a58a2279f0839bd2acc
CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the H ...)
	- viewvc 1.0.9-1 (bug #500779; unimportant)
CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on Window ...)
	- iceweasel <removed> (unimportant)
	NOTE: reproducible but browser DoS not treated as security issue
CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted atta ...)
	NOT-FOR-US: Windows Explorer
CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Serv ...)
	NOT-FOR-US: Microsoft
CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...)
	NOT-FOR-US: FlashGet FTP
CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before  ...)
	NOT-FOR-US: OpenNMS
CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18  ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Observer
CVE-2008-4317
	REJECTED
CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow ...)
	{DSA-1747-1}
	- glib2.0 2.20.0-1 (medium; bug #520046)
CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RH ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to rea ...)
	- samba 2:3.2.5-1
	[etch] - samba <not-affected> (Vulnerable code not present)
CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 doe ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4312
	REJECTED
CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before 1. ...)
	- dbus 1.2.1-5 (low; bug #508032)
	[etch] - dbus <no-dsa> (Backport for Etch too risky for regressions for too little gain)
CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat En ...)
	- ruby <not-affected> (bug #508030)
	NOTE: Red Hat-specific
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in agent ...)
	{DSA-1663-1}
	- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 th ...)
	- tomcat5.5 5.5.23-1 (low)
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux  ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-4305 (Static code injection vulnerability in installation/setup.php in phpCo ...)
	NOT-FOR-US: phpCollab
CVE-2008-4304 (general/login.php in phpCollab 2.5 rc3 and earlier allows remote attac ...)
	NOT-FOR-US: phpCollab
CVE-2008-4303 (Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and  ...)
	NOT-FOR-US: phpCollab
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22. ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-4 (low)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-4301
	NOT-FOR-US: Microsoft
CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet Informat ...)
	NOT-FOR-US: Microsoft
CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication Ser ...)
	NOT-FOR-US: Microsoft
CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission setti ...)
	- mercurial 1.0.1-5.1 (low; bug #500781)
	NOTE: the package doesnt install this script by default but ships it with the examples
	[etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its def ...)
	NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices  ...)
	NOT-FOR-US: Microsoft
CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user pri ...)
	NOT-FOR-US: IBM Tivoli Netcool/Webtop
CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when regist ...)
	NOT-FOR-US: Opera
CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a  ...)
	NOT-FOR-US: Opera
CVE-2008-4291
	RESERVED
CVE-2008-4290
	RESERVED
CVE-2008-4289
	RESERVED
CVE-2008-4288
	RESERVED
CVE-2008-4287
	RESERVED
CVE-2008-4286
	RESERVED
CVE-2008-4285 (Unspecified vulnerability in the Performance Monitoring Infrastructure ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet in IBM  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM WebS ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4282
	RESERVED
CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-20 ...)
	NOT-FOR-US: VMWare ESXi
CVE-2008-4280
	RESERVED
CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in VMwar ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displ ...)
	NOT-FOR-US: VMWare VirtualCenter
CVE-2008-4277
	REJECTED
CVE-2008-4276
	REJECTED
CVE-2008-4275
	REJECTED
CVE-2008-4274
	REJECTED
CVE-2008-4273
	REJECTED
CVE-2008-4272
	REJECTED
CVE-2008-4271
	REJECTED
CVE-2008-4270
	REJECTED
CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft Window ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 a ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
	REJECTED
CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute arb ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4263
	REJECTED
CVE-2008-4262
	REJECTED
CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted o ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitializ ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly valid ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4257
	REJECTED
CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studi ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX contro ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual Fox ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual  ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4251
	REJECTED
CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4249
	REJECTED
CVE-2008-4248
	REJECTED
CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allo ...)
	NOT-FOR-US: Denora IRC Stats Server
CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require adm ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) i ...)
	NOT-FOR-US: Epic Games Unreal Tournament
CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple  ...)
	{DSA-1689-1}
	- proftpd-dfsg 1.3.1-15 (low; bug #502674)
CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows  ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2008-4240
	RESERVED
CVE-2008-4239
	RESERVED
CVE-2008-4238
	RESERVED
CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...)
	NOT-FOR-US: Managed Client Mac OS X
CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows  ...)
	NOT-FOR-US: Apple Type Services
CVE-2008-4235
	RESERVED
CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in CoreTy ...)
	NOT-FOR-US: CoreTypes Apple Mac OS X
CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Safari
CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhon ...)
	NOT-FOR-US: Apple
CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 thr ...)
	NOT-FOR-US: Apple
CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhon ...)
	NOT-FOR-US: Apple
CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 throu ...)
	NOT-FOR-US: Apple
CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 al ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allo ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to  ...)
	NOT-FOR-US: UDF Mac OS X
CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote at ...)
	NOT-FOR-US: Podcast Producer Mac OS X
CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sh ...)
	NOT-FOR-US: natd Mac OS X
CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows c ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before 10.5 ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...)
	NOT-FOR-US: BOM Apple Mac OS X
CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not pr ...)
	NOT-FOR-US: Safari
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error con ...)
	NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10. ...)
	NOT-FOR-US: Script Editor in Mac OS X
CVE-2008-4213
	RESERVED
CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...)
	NOT-FOR-US: MacOS-only issue
CVE-2008-4211 (Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and ...)
	NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip se ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-1
	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
	NOTE: easily exploitable but of limited use as the attacker already needs access to a
	NOTE: directory that is setgid to the group he wants to get privileges for
CVE-2008-4209
	RESERVED
CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has un ...)
	NOT-FOR-US: OSADS Alliance Database
CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax Dol ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and  ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation  ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earli ...)
	NOT-FOR-US: CzarNews
CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...)
	NOT-FOR-US: Gonafish LinksCaffePRO
CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news fee ...)
	NOT-FOR-US: Opera
CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...)
	NOT-FOR-US: Opera
CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an http ...)
	NOT-FOR-US: Opera
CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when proces ...)
	NOT-FOR-US: Opera
CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows r ...)
	NOT-FOR-US: Opera
CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed w ...)
	NOT-FOR-US: Opera
CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...)
	- pdnsd 1.2.6-par-10 (bug #500910)
CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologi ...)
	NOT-FOR-US: Alt-N Technologies SecurityGateway
CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and  ...)
	- redhat-cluster 2.20081102-1 (bug #496410; low)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to overwrit ...)
	- emacspeak 28.0-2 (bug #496431; low)
	[lenny] - emacspeak 26.0-3+lenny1
	[etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x thro ...)
	{DSA-1760-1}
	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
	[etch] - openswan <no-dsa> (Vulnerable code only in example script)
CVE-2008-XXXX [jumpnbump: insecure temp file]
	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
	[etch] - jumpnbump 1.50-6+etch1
CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...)
	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...)
	- dist 1:3.5-17-2 (low; bug #496412)
	[etch] - dist 3.70-31etch1
CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary fi ...)
	- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly ot ...)
	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
	[etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
	- linux-ftpd 0.17-29 (bug #500278)
	[etch] - linux-ftpd <no-dsa> (Minor issue)
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
	- wordpress 2.8.4-1 (bug #500295; unimportant)
	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttp ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (medium)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
	- chillispot 1.0-10 (low; bug #500181)
	NOTE: the changelog doesn't mention the fix but its included in -10
	[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
	- debtorrent 0.1.10 (unimportant; bug #500180)
	NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch
CVE-2008-4189
	REJECTED
CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ex ...)
	NOT-FOR-US: kw_secdir extension for TYPO3
CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...)
	NOT-FOR-US: ProActive CMS
CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition allo ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition allo ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with  ...)
	NOT-FOR-US: IntegraMOD
CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turb ...)
	{DSA-1770-1}
	- turba2 2.2.1-2 (bug #500114; low)
	[etch] - turba2 <no-dsa> (Minor issue)
	- imp4 4.2-3 (bug #500553; low)
CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel
CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote attacke ...)
	NOT-FOR-US: NooMS
CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...)
	NOT-FOR-US: NooMS
CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special Cate ...)
	NOT-FOR-US: DownlineGoldmine, etc.
CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings  ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta  ...)
	NOT-FOR-US: FoT Video scripti
CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow re ...)
	NOT-FOR-US: Link Bid Script
CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dy ...)
	NOT-FOR-US: Dynamic MP3 Lister
CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote attac ...)
	NOT-FOR-US: ProArcadeScript
CVE-2008-4172 (SQL injection vulnerability in page.php in Cars &amp; Vehicle (aka Car ...)
	NOT-FOR-US: Cars & Vehicle
CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board (IP. ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to  ...)
	NOT-FOR-US: osCommerce
CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex, p ...)
	NOT-FOR-US: iScripts EasyIndex
CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2co ...)
	NOT-FOR-US: Pro2col Stingray FTS
CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not  ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build  ...)
	NOT-FOR-US: Avant Browser
CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a us ...)
	NOT-FOR-US: Kolab Groupware Server 1.0.0
	NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php.
	NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different.
CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to  ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9. ...)
	- bind9 <not-affected> (windows specific issue)
CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remo ...)
	NOT-FOR-US: NooMS
CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows  ...)
	NOT-FOR-US: Assetman
CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through 1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS l ...)
	NOT-FOR-US: Jaw Portal and Zanfi CMS
CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...)
	NOT-FOR-US: Zanfi CMS
CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1  ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Po ...)
	NOT-FOR-US: CustomCms (CCMS) Gaming Portal
CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow rem ...)
	NOT-FOR-US: EasySite
CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote a ...)
	NOT-FOR-US: living-e webEdition CMS
CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module fo ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows r ...)
	NOT-FOR-US: CYASK
CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke Sit ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to  ...)
	NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal
CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1 ...)
	NOT-FOR-US: Mailhandler module for Drupal
CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x be ...)
	NOT-FOR-US: Mailsave module for Drupal
CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...)
	NOT-FOR-US: Addalink
CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 bet ...)
	NOT-FOR-US: Addalink
CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Scri ...)
	NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop
CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce Sh ...)
	NOT-FOR-US: RazorCommerce Shopping Cart
CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote  ...)
	NOT-FOR-US: E-Php CMS
CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Aut ...)
	NOT-FOR-US: x10Media x10 Automatic MP3 Script
CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3. ...)
	NOT-FOR-US: Quick.Cart
CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution  ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2008-4138 (PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin ...)
	NOT-FOR-US: Technote
CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0 ...)
	NOT-FOR-US: PHP-Crawler
CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote att ...)
	NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra- ...)
	NOT-FOR-US: Symbian
CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in  ...)
	NOT-FOR-US: phpRealty
CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ear ...)
	NOT-FOR-US: D-Link
CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX cont ...)
	NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX
CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 a ...)
	- gallery2 2.2.6-1
CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle Z ...)
	- gallery 1.5.9-1 (medium)
	- gallery2 2.2.6-1 (medium)
CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
	- phpbb2 2.0.23+repack-3 (low; bug #500086)
	[etch] - phpbb2 <no-dsa> (Minor issue)
	- phpbb3 <not-affected> (vulnerable code not present)
	NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but
	NOTE: fixing it nonetheless as a workaround.
CVE-2008-4124
	RESERVED
CVE-2008-4123
	RESERVED
CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in a ...)
	NOT-FOR-US: Joomla!
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce befo ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
	NOT-FOR-US: FlatPress
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
	NOT-FOR-US: CA Service Desk
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
	NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun Manag ...)
	NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote  ...)
	NOT-FOR-US: Apple
CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function (frontend/mai ...)
	- faad2 2.6.1-3.1 (bug #499899)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
	NOTE: http://www.audiocoding.com/
	NOTE: http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration informa ...)
	NOT-FOR-US: TalkBack
CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the St ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-4112
	REJECTED
CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSp ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in To ...)
	NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cry ...)
	- php5 <removed> (unimportant; bug #500087)
	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about i ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that  ...)
	NOT-FOR-US: Joomla!
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 all ...)
	NOT-FOR-US: Joomla!
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 send ...)
	NOT-FOR-US: Joomla!
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, whic ...)
	NOT-FOR-US: Joomla!
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape characters ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (low; bug #500381)
	[lenny] - vim 1:7.1.314-3+lenny1
	[squeeze] - vim 1:7.1.314-3+lenny1
CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege che ...)
	{DSA-1662-1}
	- mysql-dfsg-5.0 5.0.67-1
	[lenny] - mysql-dfsg-5.0 5.0.51a-18
	[squeeze] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
	{DSA-1608-1}
	- mysql-dfsg-5.0 5.0.51a-10
CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV b ...)
	NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ...)
	- rails 2.1.0-1 (medium; bug #500791)
	NOTE: in mysql this only allows information disclosure as multiline statements are
	NOTE: not allowed by default
CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3 ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) bef ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allo ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MP ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8 ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allow ...)
	NOT-FOR-US: Acoustica Beatcraft
CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager 1 ...)
	NOT-FOR-US: Reciprocal Links Manager
CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary  ...)
	- plait 1.5.2-2 (low; bug #496381)
CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php  ...)
	NOT-FOR-US: MyioSoft EasyClassifields
CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Br ...)
	NOT-FOR-US: Brim
CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ma ...)
	NOT-FOR-US: Brim
CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass authe ...)
	NOT-FOR-US: Stash
CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is d ...)
	NOT-FOR-US: Stash
CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x thro ...)
	- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) Led ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledg ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1. ...)
	NOT-FOR-US: Tor World Software
CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board 3. ...)
	NOT-FOR-US: D-iscussion Board
CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutO ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutO ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 all ...)
	NOT-FOR-US: phsBlog
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and  ...)
	{DSA-1697-1 DSA-1696-1}
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey befor ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 a ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 a ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows r ...)
	{DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.17-1
CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird befo ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before 2.0 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird befo ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remo ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x bef ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before 3. ...)
	NOT-FOR-US: Objective Development Sharity
CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in Matterd ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...)
	NOT-FOR-US: Million Pixel Ad Script
CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...)
	NOT-FOR-US: Kolifa.net Download Script
CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...)
	NOT-FOR-US: Bluemoon PopnupBLOG
CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Ser ...)
	NOT-FOR-US: OpenVMS for Integrity Servers
CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...)
	NOT-FOR-US: Smart Survey
CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7 ...)
	NOT-FOR-US: Novell Forum
CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...)
	NOT-FOR-US: eliteCMS
CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allo ...)
	NOT-FOR-US: @Mail
CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square aj ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4042
	REJECTED
CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1. ...)
	NOT-FOR-US: Softalk Mail Server
CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in Kyo ...)
	NOT-FOR-US: Kyocera FS-118MFP
CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows r ...)
	NOT-FOR-US: Spice Classifieds
CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4035
	REJECTED
CVE-2008-4034
	REJECTED
CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through  ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Sea ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and  ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac al ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly alloc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4022
	REJECTED
CVE-2008-4021
	REJECTED
CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 al ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 200 ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...)
	{DSA-1638-1 CVE-2006-5051}
	- openssh 1:4.6p1-1 (low)
	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
	NOTE: fully address the issue. The upstream fix in 4.4p1 was
	NOTE: right, and it the next unstable upload after that was 4.6p1.
CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential trans ...)
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not supported in untrusted contexts, fix documents this in README.Debian
CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 all ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8.1-2 (medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8d65ec564ada5c839be8f3f07f483cd82ce6a11 (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/64623fe9dbccff3f1ad9a54f844f91cefd07569c
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
	- smsclient <unfixed> (unimportant; bug #498901)
	NOTE: script is not in use and only a suggestion for users
CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) i ...)
	- python-defaults <unfixed> (unimportant; bug #498899)
	NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application  ...)
	NOT-FOR-US: Oracle
CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...)
	NOT-FOR-US: Oracle
CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA Pr ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA Pr ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache co ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components comp ...)
	NOT-FOR-US: Oracle
CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component  ...)
	NOT-FOR-US: Oracle
CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service Se ...)
	NOT-FOR-US: Oracle
CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...)
	NOT-FOR-US: Oracle
CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component i ...)
	NOT-FOR-US: Oracle
CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator compo ...)
	NOT-FOR-US: Oracle
CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle
CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
	{DSA-1627-2}
	- opensc 0.11.4-5
CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in callbacks. ...)
	- gmanedit 0.4.1-1.1 (low; bug #497835)
	[etch] - gmanedit <no-dsa> (Minor issue)
CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not verif ...)
	{DTSA-169-1}
	- libpam-mount 0.48-1 (low; bug #499841)
CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow rem ...)
	- bitlbee 1.2.3-1 (bug #498159)
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB befo ...)
	NOT-FOR-US: PunBB
CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not pro ...)
	NOT-FOR-US: MyBB
CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...)
	NOT-FOR-US: MyBB
CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard)  ...)
	NOT-FOR-US: MyBB
CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macin ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka db2jd ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before  ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a deni ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3 ...)
	NOT-FOR-US: Masir Camp E-Shop Module
CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per P ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal I-T ...)
	NOT-FOR-US: Vastal I-Tech Shaadi Zone
CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows remot ...)
	NOT-FOR-US: EsFaq
CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zon ...)
	NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:me ...)
	- webkit <not-affected> (Vulnerable code not present)
	NOTE: bug #500306
CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python s ...)
	- emacs22 22.2+2-4 (low; bug #499568)
	- emacs21 <not-affected> (doesn't provide the python functionality)
	- xemacs21 <not-affected> (doesn't provide the python functionality)
	NOTE: This can happen with any Python script, just because Emacs autoloads one
	NOTE: doesn't make it much worse
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows r ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain priv ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local u ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows remot ...)
	NOT-FOR-US: Words tag
CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remot ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living Loc ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script al ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earl ...)
	NOT-FOR-US: BizDirectory
CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...)
	NOT-FOR-US: AVTECH PageR Enterprise
CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in O ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media Coll ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause  ...)
	NOT-FOR-US: Dreambox DM500C
CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earli ...)
	NOT-FOR-US: DIC shop_v50
CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files  ...)
	- r-base-core-ra 1.1.1-2 (low; bug #496363)
	- r-base 2.7.2-1 (low; bug #496418)
	[etch] - r-base <no-dsa> (Minor issue)
	[lenny] - r-base 2.7.1-1+lenny1
CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to overwr ...)
	- citadel 7.37-3 (low; bug #496359)
CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ar ...)
	- ampache 3.4.1-2 (unimportant; bug #496369)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: when translating ampache to a new language
CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary  ...)
	- honeyd 1.5c-5 (unimportant; bug #496365)
	NOTE: Script not used by package, only a manual test script
CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arb ...)
	- tiger 1:3.2.2-4 (unimportant; bug #496415)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: during build time
CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management Mad ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in Conten ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3924 (The "Make a backup" functionality in Content Management Made Easy (CMM ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php  ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote att ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals  ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products al ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows rem ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6 ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c i ...)
	- ed 0.7-2 (low)
	[etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
	NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2 ...)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...)
	- mono 1.9.1+dfsg-4 (low; bug #498894)
CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 be ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #498978)
	- ruby1.9 1.9.0.2-6 (bug #498977)
CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1 ...)
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-003.html
CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
	NOT-FOR-US: HP firmware 68DTT
CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23  ...)
	{DSA-1653-1}
	- linux-2.6 2.6.23-1
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
	- ssmtp 2.62-1.1 (low; bug #498366)
	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does  ...)
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 befo ...)
	- libpng 1.2.27-2 (low; bug #501109)
	[etch] - libpng <not-affected> (Vulnerable code not present)
	NOTE: off-by-one error in pngpread.c is not present, must have
	NOTE: been introduced later, but pngtest.c is affected. However, there
	NOTE: is no known exploit.
CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of  ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 mig ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknow ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 thro ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (bug #497878)
	[etch] - wireshark <not-affected> (Only >= 0.99.6)
CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers t ...)
	{DSA-1673-1 DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to  ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environmen ...)
	- gpicview 0.1.9-2 (low; bug #498022)
CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores u ...)
	{DSA-1640-1}
	- python-django 1.0-1
	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a cer ...)
	- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, st ...)
	- linux-patch-tuxonice <not-affected> (Fixed before initial upload)
CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authen ...)
	NOT-FOR-US: Intel firmware
CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Key ...)
	NOT-FOR-US: TrueCrypt
CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication pass ...)
	NOT-FOR-US: Secu Star DriveCrypt
CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords  ...)
	NOT-FOR-US: DiskCryptor
CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords  ...)
	- grub <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway
CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in th ...)
	- lilo <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can edit the configuration anyway
CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passw ...)
	NOT-FOR-US: IBM Lenovo firmware
CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authen ...)
	NOT-FOR-US: Bitlocker
CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware  ...)
	NOT-FOR-US: VMware COM API
CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote se ...)
	NOT-FOR-US: SAML Service for Google Apps
CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an e ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 a ...)
	NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject 2.1. ...)
	NOT-FOR-US: dotProject
CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in do ...)
	NOT-FOR-US: dotProject
CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1. ...)
	NOT-FOR-US: Blogn
CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...)
	NOT-FOR-US: Blogn
CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary  ...)
	- caudium 1.4.12-11.1 (low; bug #496404)
CVE-2008-3882 (Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and ...)
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23 ...)
	- zoneminder 1.24.1-1 (low; bug #497640)
CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1. ...)
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...)
	NOT-FOR-US: Acoustica Mixcraft
CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically proximat ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 a ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo Van ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player 9 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and pos ...)
	NOT-FOR-US: UltraISO
CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows re ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allo ...)
	NOT-FOR-US: Interact
CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1  ...)
	NOT-FOR-US: Interact
CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Mic ...)
	NOT-FOR-US: Trend Micro Personal Firewall
CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the  ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Tren ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in src ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend Mic ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and  ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...)
	NOT-FOR-US: IBM, Lotus Quickr 8.1
CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the admini ...)
	NOT-FOR-US: Davlin Thickbox Gallery
CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 re ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3856 (The routine infrastructure component in IBM DB2 8 before FP17, 9.1 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in th ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 a ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function com ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Win ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer FT ...)
	NOT-FOR-US: Accellion File Transfer
CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...)
	NOT-FOR-US: Civic Website Manager
CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows re ...)
	NOT-FOR-US: Z-Breaknews
CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (A ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlie ...)
	NOT-FOR-US: mysql-lists
CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSL ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion dur ...)
	NOT-FOR-US: Old CVE id
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
	- nfdump 1.5.7-5 (bug #497452)
CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-2008090 ...)
	- postfix 2.5.5-1 (low)
	[etch] - postfix <not-affected> (Vulnerable code not present)
	NOTE: http://www.postfix.org/announcements/20080902.html
CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context- ...)
	{DSA-1634-1 DTSA-163-1}
	- wordnet 1:3.0-12 (medium; bug #497441)
	[lenny] - wordnet 3.0-11+lenny1
	[etch] - wordnet 1:2.1-4+etch1
	NOTE: 1:3.0-12 had a regression and the patch was slightly updated
	NOTE: by 1:3.0-13 to fix this bug
CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote att ...)
	{DTSA-164-1 DTSA-164-2}
	[lenny] - newsbeuter 0.9.1-1+lenny3
	- newsbeuter 1.2-1 (medium)
	NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the
	NOTE: crafted part of the URL can be hidden. This of course only affects people not reading
	NOTE: articles in the built-in reader.
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote attack ...)
	- bitlbee 1.2.2-1
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files  ...)
	- radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH,  ...)
	NOT-FOR-US: Red Hat services issue
CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in Mic ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in Mic ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in  ...)
	NOT-FOR-US: Freeway eCommerce
CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in  ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun Solar ...)
	NOT-FOR-US: Solaris
CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zone ...)
	NOT-FOR-US: Solaris
CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey be ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.3-1 (low)
	- xulrunner 1.9.0.3-1 (low)
	- iceape 1.1.12-1 (low)
CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers  ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox befor ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) be ...)
	{DSA-1658-1}
	- dbus 1.2.1-4 (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ker ...)
	{DSA-1653-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel be ...)
	- linux-2.6 <not-affected> (Fedora-specific patch)
	- linux-2.6.24 <not-affected> (Fedora-specific patch)
CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...)
	{DSA-1655-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-9
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration sp ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor befor ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor bef ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in MPla ...)
	{DSA-1644-1 DTSA-168-1}
	- mplayer 1.0~rc2-18 (medium; bug #500683)
	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to e ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...)
	NOT-FOR-US: Different code base than Debian's libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in  ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3822
	REJECTED
CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event  ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector (GS ...)
	NOT-FOR-US: Cisco Application Control Engine Global Site Selector (GSS)
CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with  ...)
	NOT-FOR-US: Cisco ONS
CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series an ...)
	NOT-FOR-US: Cisco
CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco
CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x b ...)
	NOT-FOR-US: Cisco
CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mg ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP)  ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP)  ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (ak ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecar ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 serie ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 serie ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3803 (A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol L ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service (d ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3797
	RESERVED
CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of s ...)
	- swfdec0.6 0.6.8-1
CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP serve ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3793
	REJECTED
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) i ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-4
	[etch] - linux-2.6 <not-affected>
CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9,  ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory Scrip ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO P ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
	NOT-FOR-US: MiaCMS
CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earl ...)
	NOT-FOR-US: BtiTracker
CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy Mar ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 a ...)
	NOT-FOR-US: GMOD GBrowse
CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review Scrip ...)
	NOT-FOR-US: Five Star Review Script
CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five S ...)
	NOT-FOR-US: Five Star Review Script
CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) Serve ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement Servi ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1. ...)
	NOT-FOR-US: Fujitsu Web-Based Admin View
CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the pa ...)
	NOT-FOR-US: Folder Lock
CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote a ...)
	NOT-FOR-US: Simasy CMS
CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3. ...)
	NOT-FOR-US: vBulletin
CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u Videosh ...)
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u Vide ...)
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, whe ...)
	NOT-FOR-US: Freeway
CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php  ...)
	NOT-FOR-US: Freeway
CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey We ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
	NOT-FOR-US: phpBazar
CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection too ...)
	NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon)
CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows re ...)
	NOT-FOR-US: Quick Poll Script
CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Hel ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live  ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Li ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...)
	NOT-FOR-US: VMware Workstation
	NOTE: we only share a package to build VMware
CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page i ...)
	NOT-FOR-US: Vanilla
CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.ph ...)
	NOT-FOR-US: Vanilla
CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...)
	NOT-FOR-US: Vanilla
CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix  ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds S ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text A ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs R ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Scr ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url &amp; ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Scr ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner Manageme ...)
	NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks  ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ar ...)
	- emacs-jabber 0.7.91-2 (low; bug #496428)
	[etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a sym ...)
	- xastir 1.9.2-1.1 (low; bug #496383)
	[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbit ...)
	{DSA-1648-1}
	- mon 0.99.2-13 (medium; bug #496398)
CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7 ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #496808)
	- ruby1.9 1.9.0.2-6 (bug #497610)
CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files via a s ...)
	- apertium 3.0.7+1-1.1 (low; bug #496395)
	[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a sy ...)
	- convirt 0.9.6-1 (medium; bug #496419)
CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary  ...)
	- audiolink 0.05-1.1 (low; bug #496433)
	[etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
	- lmbench 3.0-a9-1 (low; bug #496427)
	[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary f ...)
	- newsgate <removed> (low; bug #496437)
	[etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary fil ...)
	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
	[etch] - myspell <no-dsa> (Minor issue)
CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...)
	- ogle <removed> (unimportant; bug #496420; bug #496425)
	NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
	{DTSA-161-1}
	- samba 2:3.2.3-1 (bug #496073; medium)
	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
	- nvi 1.81.6-4 (low; bug #496462)
	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary f ...)
	- rkhunter 1.3.2-6 (low; bug #496375)
	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files  ...)
	- scratchbox2 1.99.0.24-2 (low; bug #496409)
CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite arb ...)
	- realtimebattle 1.0.8-8 (low; bug #496385)
	[etch] - realtimebattle <no-dsa> (Minor issue)
CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...)
	- mgt 2.31-6 (low; bug #496434)
	[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-4998
	- twiki 1:4.1.2-4 (low; bug #494648)
CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite arbitrar ...)
	- mafft 6.240-2 (low; bug #496366)
CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary f ...)
	- xen-3 3.4.0-1 (low; bug #496367)
	[etch] - xen-3 <no-dsa> (Minor issue)
CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary fi ...)
	- mgetty 1.1.36-1.3 (low; bug #496403)
	[etch] - mgetty <no-dsa> (Minor issue)
CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary file ...)
	- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
	[etch] - sympa <no-dsa> (Minor issues)
CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary fil ...)
	- aview 1.3.0rc1-8.1 (low; bug #496422)
	[etch] - aview <no-dsa> (Minor issue)
CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitr ...)
	- fwbuilder 2.1.19-5 (low; bug #496406)
	[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite a ...)
	{DSA-1643-1}
	- feta 1.4.16+nmu1 (low; bug #496397)
CVE-2008-4977
	NOTE: Historic Postfix non issue, #496401
CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite arbit ...)
	- cdcontrol <removed> (low; bug #496438)
	[etch] - cdcontrol <no-dsa> (Minor issue)
CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a symli ...)
	- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local user ...)
	- xmcd 2.6-21 (low; bug #496416)
	[etch] - xmcd <no-dsa> (Minor issue)
CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via  ...)
	- xcal 4.1-19 (low; bug #496393)
	[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environmen ...)
	- gpicview 0.1.9-2 (low; bug #495968)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869
CVE-2008-XXXX [Overwrite symlink without check]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869
	NOTE: CVE id requested
	NOTE: non-issue, not exploitable by other users
CVE-2008-XXXX [Overwrite certain images without notice]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
	NOTE: non-issue, not exploitable by other users
	NOTE: CVE id requested
CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite  ...)
	- openoffice.org 1:2.4.1-8 (low; bug #496361)
	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrar ...)
	- rancid 2.3.2~a8-2 (low; bug #496426)
	[etch] - rancid <no-dsa> (Minor issue)
CVE-2008-4985 (vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows l ...)
	- vdr 1.6.0-6 (low; bug #496421)
	[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to o ...)
	- lazarus 0.9.24-0-11 (unimportant; bug #496377)
	NOTE: vulnerable script only called when updating the source
	NOTE: thus neither actively used nor invoked automatically
CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in modules ...)
	{DSA-1819-1 DTSA-166-1}
	- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in  ...)
	- wordpress 2.5.1-6 (low; bug #497216)
	[etch] - wordpress <not-affected> (Does not have force-sll mechanism)
CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of  ...)
	- neon27 0.28.2-4
	- neon26 <not-affected> (Issue was introduced in 0.28)
CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants La! ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...)
	NOT-FOR-US: SpaceTag LacoodaST
CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) Syst ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi befo ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_ ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote  ...)
	NOT-FOR-US: EO Video
CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC Me ...)
	{DTSA-166-1}
	- vlc 0.8.6.h-2
	[etch] - vlc <not-affected> (TTA module not present)
CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other ver ...)
	NOT-FOR-US: Serv-U File
CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document Manage ...)
	NOT-FOR-US: NOAH
CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a esp ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a esp ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in Micro ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration i ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Scrip ...)
	NOT-FOR-US: YourFreeWorld Ad Board Script
CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows  ...)
	NOT-FOR-US: Papoo
CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 H ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows rem ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 a ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate Director ...)
	NOT-FOR-US: SFS Affiliate Directory
CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote aut ...)
	NOT-FOR-US: cyberBB
CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to lis ...)
	NOT-FOR-US: Harmoni
CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6. ...)
	NOT-FOR-US: Harmoni
CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-prev ...)
	NOT-FOR-US: FlexCMS
CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8  ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
	NOTE: upstream bug 2001151
CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote  ...)
	NOT-FOR-US: PHPBasket
CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...)
	NOT-FOR-US: Mambo
CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcad ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Li ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow r ...)
	NOT-FOR-US: dotCMS
CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lit ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allow ...)
	NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in  ...)
	NOT-FOR-US: EchoVNC Linux
CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask ...)
	NOT-FOR-US: Msmask32.ocx
CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka Vx ...)
	NOT-FOR-US: Symantec Veritas Storage Foundation
CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX con ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite  ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware Workst ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build 108 ...)
	NOT-FOR-US: VMware Server on Windows
CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3690
	RESERVED
CVE-2008-3689
	RESERVED
CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote at ...)
	{DTSA-159-1}
	- havp 0.88-1.1 (bug #496034)
CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26- ...)
	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent s ...)
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service  ...)
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web  ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows remo ...)
	NOT-FOR-US: YPN PHP Realty
CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...)
	NOT-FOR-US: Joomla!
CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and earl ...)
	NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ID ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in  ...)
	NOT-FOR-US: Freeway
CVE-2008-3677 (Directory traversal vulnerability in includes/events_application_top.p ...)
	NOT-FOR-US: Freeway
CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allo ...)
	NOT-FOR-US: hMailServer
CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato 0.9 ...)
	NOT-FOR-US: Gelato
CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Vide ...)
	NOT-FOR-US: PozScripts TubeGuru Video Sharing Script
CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...)
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts Classifi ...)
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not proper ...)
	NOT-FOR-US: Echo Server
CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly Pr ...)
	NOT-FOR-US: Article Friendly Pro
CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews Opin ...)
	NOT-FOR-US: ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP
CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Soci ...)
	NOT-FOR-US: XOOPS
CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows  ...)
	NOT-FOR-US: Maxthon Browser
CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Applicat ...)
	NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in magnatunebrowse ...)
	- amarok 1.4.10-1 (unimportant; bug #494765)
	[etch] - amarok <not-affected>
	NOTE: The code in question doesn't dereference the symlink, tested with Etch
	NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
	NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in Drupa ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 tr ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (medium; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code not present)
	- drupal-4.7 <removed>
CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
	- drupal-4.7 <removed>
CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2008-3665
	RESERVED
CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remo ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session cooki ...)
	- squirrelmail 2:1.4.15-3 (low; bug #499942)
	[etch] - squirrelmail <no-dsa> (less important and fix changes behaviour)
	NOTE: only relevant for installations that are also offered over http
	NOTE: which isn't normally a good idea anyway. Fixing in stable will
	NOTE: change behaviour so not really suited for DSA.
CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure fl ...)
	- gallery 1.5.9-1
	- gallery2 2.2.6-1
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the se ...)
	- drupal5 5.10-2 (low; bug #501063)
	- drupal6 6.4-2 (low; bug #501058)
	NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration
	NOTE: to fix this has been documented in README.Debian
CVE-2008-3660 (PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI  ...)
	{DSA-1647-1}
	- php5 5.2.6-4 (medium)
	- php4 <removed>
	NOTE: *not* duplicate after all, needs review
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and  ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
	NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
	NOTE: could not reproduce locally
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4. ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8 ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3656 (Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_h ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7- ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows  ...)
	- tikiwiki <removed>
CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before  ...)
	- tikiwiki <removed>
CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an "orph ...)
	- ipsec-tools 0.7.1-1.2 (low; bug #501026)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools b ...)
	- ipsec-tools 1:0.7.1-1 (low; bug #495214)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
	- horde3 3.2.1+debian0-1 (low; bug #495332)
	- turba2 2.2.1-1
	[etch] - turba2 <not-affected> (Vulnerable code not present)
	[etch] - horde3 <not-affected> (dup of CVE-2008-3330)
	NOTE: this is actually two issues:
	NOTE: - one a dup of CVE-2008-3330 in horde3
	NOTE: - another an issue in turba2
CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly  ...)
	NOT-FOR-US: Article Friendly Standard
CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows  ...)
	NOT-FOR-US: Mac OS
CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...)
	NOT-FOR-US: MacOS-only problem
CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the EAPOLCont ...)
	NOT-FOR-US: Mac OS
CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-ass ...)
	NOT-FOR-US: Mac OS
CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows rem ...)
	NOT-FOR-US: Mac OS
CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3 ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS befor ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in  ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on  ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in Micro ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspe ...)
	NOT-FOR-US: Apple Quick Times
CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3633
	RESERVED
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
	- webkit 1.0.1-4 (bug #499771)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/34815
CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone  ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an appli ...)
	NOT-FOR-US: Apple Bonjour
CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms i ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime befor ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2  ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...)
	NOT-FOR-US: Mac OS X
CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3620
	RESERVED
CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissio ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iP ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current pass ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4,  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows conte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1 ...)
	NOT-FOR-US: Qbik WinGate
CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, whe ...)
	NOT-FOR-US: McAfee Encrypted USB Manager
CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows  ...)
	NOT-FOR-US: ZeeBuddy
CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website)  ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 a ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in Gal ...)
	- gallery <removed> (unimportant)
	- gallery2 <not-affected> (Vulnerable code not present)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows remot ...)
	NOT-FOR-US: OpenImpro
CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote att ...)
	NOT-FOR-US: psipuss
CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Skulltag
CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allow ...)
	NOT-FOR-US: Harmoni
CVE-2008-3595 (PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startu ...)
	NOT-FOR-US: txtSQL
CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...)
	NOT-FOR-US: MagicScripts E-Store
CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...)
	NOT-FOR-US: SyzygyCMS
CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the admi ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone Degree ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Pol ...)
	NOT-FOR-US: E. Z. Poll 2
CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...)
	NOT-FOR-US: mozilo CMS 1.10.1
CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote a ...)
	NOT-FOR-US: phsBlog 0.1.1
CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris Buntin ...)
	NOT-FOR-US: Homes 4 Sale
CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component fo ...)
	NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Sho ...)
	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not prope ...)
	NOT-FOR-US: NetBSD
CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
	NOT-FOR-US: Keld PHP-MySQL News Script 0.7.1
CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote a ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative authentic ...)
	NOT-FOR-US: Calacode Atmail
CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: HydraIRC
CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows loca ...)
	- openttd 0.6.2-1 (unimportant)
	NOTE: no vulnerability at all, not exploitable remote or local, openttd
CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in OpenT ...)
	- openttd 0.6.2-1
CVE-2008-3575 (PHP remote file inclusion vulnerability in modules/calendar/minicalend ...)
	NOT-FOR-US: ezContents CMS
CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, wh ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francis ...)
	NOT-FOR-US: Pligg
CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 a ...)
	NOT-FOR-US: Pligg
CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Xerox Phaser 8400
CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...)
	NOT-FOR-US: Africa Be Gone
CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, wh ...)
	NOT-FOR-US: XAMPP
CVE-2008-3568 (Absolute path traversal vulnerability in fckeditor/editor/filemanager/ ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: unak specific change, see fckeditor/unak_changes.txt in source
CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying functionality in  ...)
	NOT-FOR-US: NullSoft Winamp
CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 a ...)
	NOT-FOR-US: ZoneO-soft freeForum
CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Bo ...)
	NOT-FOR-US: Meeting Room Booking System (MRBS)
CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox Bl ...)
	NOT-FOR-US: Dayfox Blog
CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allo ...)
	NOT-FOR-US: Plogger
CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module i ...)
	NOT-FOR-US: Chupix CMS
CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ma ...)
	NOT-FOR-US: Powergap Shopsystem
CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the Ks ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice  ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in a ...)
	NOT-FOR-US: Webex Meeting Manager (Windows)
CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass aut ...)
	NOT-FOR-US: Free Hosting Manager
CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...)
	NOT-FOR-US: Wsn Knowledge Base
CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remot ...)
	NOT-FOR-US: Discuz!
CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition de ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro Editio ...)
	NOT-FOR-US: Sun Java Platform Micro Edition
CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote at ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in  ...)
	NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware  ...)
	NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3544 (Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Net ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on H ...)
	NOT-FOR-US: HP-UX
CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402  ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2008-3541
	REJECTED
CVE-2008-3540
	RESERVED
CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connec ...)
	NOT-FOR-US: HP OpenView Select Identity (HPSI)
CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52  ...)
	NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Ma ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Ma ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in t ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs implementat ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533 (Format string vulnerability in the window_error function in yelp-windo ...)
	{DTSA-154-1}
	- yelp 2.22.1-4 (low)
	[etch] - yelp <not-affected> (Vulnerable code not present)
CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in F ...)
	- kfreebsd-7 7.0-5
CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD  ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in  ...)
	{DSA-1654-1}
	- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/di ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
	NOTE: Comment from tytso:
	NOTE: Note: some people thinks this represents a security bug, since it
	NOTE: might make the system go away while it is printing a large number of
	NOTE: console messages, especially if a serial console is involved. Hence,
	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
	NOTE: either has physical access to your machine to insert a USB disk with a
	NOTE: corrupted filesystem image (at which point why not just hit the power
	NOTE: button), or is otherwise able to convince the system administrator to
	NOTE: mount an arbitrary filesystem image (at which point why not just
	NOTE: include a setuid shell or world-writable hard disk device file or some
	NOTE: such). Me, I think they're just being silly.
CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDS ...)
	{DSA-1687-1}
	- linux-2.6 2.6.21-1
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/ ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-7
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux  ...)
	NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
	RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...)
	{DSA-2080-1}
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
	- gs-gpl <removed> (medium; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in libjasper/base/ja ...)
	- jasper 1.900.1-5.1 (unimportant; bug #501021)
	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow context-depen ...)
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (low; bug #559778)
	[lenny] - ghostscript <not-affected> (Too intrusive to backport)
	- gs-gpl <removed> (low; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss En ...)
	- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
	REJECTED
CVE-2008-3517
	REJECTED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 rel ...)
	NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuk ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke a ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image G ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty  ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) a ...)
	NOT-FOR-US: LoveCMS
CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote att ...)
	NOT-FOR-US: LiteNews
CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...)
	NOT-FOR-US: LiteNews
CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows re ...)
	NOT-FOR-US: PolyPager
CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earl ...)
	NOT-FOR-US: PolyPager
CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 h ...)
	NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict vi ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...)
	NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple inter ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...)
	NOT-FOR-US: suggested terms, additional drupal module
CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea folder" in Ektron ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component 1. ...)
	NOT-FOR-US: nBill, joomla component
CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows rem ...)
	NOT-FOR-US: MyPHP CMS
CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format f ...)
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (code not present)
	- linux-2.6.24 <not-affected> (code not present)
CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows re ...)
	NOT-FOR-US: Pcshey Portal
CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass  ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC serv ...)
	NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allow ...)
	NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTG ...)
	NOT-FOR-US: Scripts24 iPost
CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online Dat ...)
	NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489 (SQL injection vulnerability in checkCookie function in includes/functi ...)
	NOT-FOR-US: PHPX
CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) al ...)
	NOT-FOR-US: Novell iManager
CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced  ...)
	NOT-FOR-US: PHPAuction GPL Enhanced
CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation S ...)
	NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certif ...)
	- pidgin 2.4.3-2 (bug #492434)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: http://developer.pidgin.im/ticket/6500
CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) diff_cha ...)
	{DSA-1637-1 DTSA-153-1 DTSA-153-2}
	- git-core 1:1.5.6.5 (medium; bug #494097)
CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers t ...)
	NOT-FOR-US: eStoreAff
CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and  ...)
	NOT-FOR-US: ScrewTurn Wiki
CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in  ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and e ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) Activ ...)
	NOT-FOR-US: Anzio Web Print Object
CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ser ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3478
	REJECTED
CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not prop ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle er ...)
	NOT-FOR-US: Microsoft
CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...)
	NOT-FOR-US: Microsoft
CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...)
	NOT-FOR-US: Microsoft
CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...)
	NOT-FOR-US: Microsoft
CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...)
	NOT-FOR-US: Microsoft
CVE-2008-3470
	REJECTED
CVE-2008-3469
	REJECTED
CVE-2008-3468
	REJECTED
CVE-2008-3467
	REJECTED
CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2008-3463
	REJECTED
CVE-2008-3462
	REJECTED
CVE-2008-3461
	REJECTED
CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Offic ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when  ...)
	- openvpn 2.1~rc9-1 (low; bug #493488)
	NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
	[etch] - openvpn <not-affected> (Upstream states that the 2.0.x versions are unaffected)
CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web roo ...)
	NOT-FOR-US: Vtiger CRM
CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin be ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1
	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 (2.11 branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bfb27fb0538f43e9c49b6a183b767c2bed1524d
CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in JnSHos ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass a ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown im ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 al ...)
	NOT-FOR-US: eNdonesia
CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with a ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...)
	NOT-FOR-US: Solaris
CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attacke ...)
	NOT-FOR-US: MailEnable
CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common soluti ...)
	NOT-FOR-US: csphonebook
CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attac ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 all ...)
	NOT-FOR-US: LetterIt
CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 al ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows r ...)
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8 ...)
	{DSA-1695-1}
	- ruby1.8 1.8.7.72-1 (low; bug #494401)
	- ruby1.9 1.9.0.2-9 (low)
	NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
	NOTE: this specific problem does not exist in ruby1.9 but a very similar problem
	NOTE: that has been fixed in this version (308_regexp_segv.dpatch)
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of update ...)
	NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity  ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, d ...)
	- sun-java5 <not-affected> (only java updater for windows affected)
	- sun-java6 <not-affected> (only java updater for windows affected)
CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify th ...)
	NOT-FOR-US: SpeedBit Video Acceleration
CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, w ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the authent ...)
	- openoffice.org <not-affected> (update feature disabled)
CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not prop ...)
	NOT-FOR-US: Notepad++
CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly veri ...)
	NOT-FOR-US: LinkedIn
CVE-2008-3434 (Apple iTunes before 10.5.1 does not properly verify the authenticity o ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not prope ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in os_ ...)
	- vim <not-affected> (Vulnerable code only present in 6.2 and 6.3, none of them in the archive anymore)
CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in  ...)
	NOT-FOR-US: Eyeball MessengerSDK
CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote authen ...)
	NOT-FOR-US: phpFreeChat
CVE-2008-3427
	REJECTED
CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and Cont ...)
	NOT-FOR-US: Solaris
CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WR ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to by ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net cla ...)
	- mono 1.9.1+dfsg-4 (low; bug #494406)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=413534
	NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately c ...)
	- openssh 1:3.6p1-1 (unimportant)
CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled  ...)
	- openssh 1:3.8.1p1-8.sarge.4 (low)
CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualB ...)
	- virtualbox-ose <not-affected> (affects only windows host systems)
	NOTE: CORE-2008-0716
CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from  ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1 (low)
	NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remo ...)
	- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboa ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4. ...)
	NOT-FOR-US: Mobius Web Publishing Software
CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows re ...)
	NOT-FOR-US: Youtuber Clone
CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier allo ...)
	NOT-FOR-US: TriO
CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before 1.0 ...)
	NOT-FOR-US: IceBB
CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when  ...)
	NOT-FOR-US: CMScout
CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote at ...)
	NOT-FOR-US: SiteAdmin
CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction P ...)
	NOT-FOR-US: Greatclone GC Auction Platinum
CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0  ...)
	NOT-FOR-US: Comsenz EPShop
CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 softwa ...)
	NOT-FOR-US: The Axesstel AXW-D800 modem
CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows rem ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer 2.18, and possibly other ver ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and acc ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows rem ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral nzFot ...)
	NOT-FOR-US: Ricardo Amaral nzFotolog
CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGues ...)
	NOT-FOR-US: MJGuest
CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals all ...)
	NOT-FOR-US: MojoPersonals
CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Sta ...)
	NOT-FOR-US: HIOX Browser Statistics
CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Ra ...)
	NOT-FOR-US: HIOX Random Ad
CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration inform ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3399 (PHP remote file inclusion vulnerability in activities/workflow-activit ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS befo ...)
	NOT-FOR-US: Runesoft Cerberus CMS
CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attacke ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for  ...)
	NOT-FOR-US: Calacode
CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in B ...)
	NOT-FOR-US: BookMine
CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote at ...)
	NOT-FOR-US: BookMine
CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 a ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9 ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in Min ...)
	NOT-FOR-US: Minishowcase Image Gallery
CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6,  ...)
	NOT-FOR-US: Ingres
CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote  ...)
	NOT-FOR-US: Def-Blog
CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows remo ...)
	NOT-FOR-US: PHPFootball
CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share Ent ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php  ...)
	NOT-FOR-US: Help Agent
CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in Inter ...)
	NOT-FOR-US: Interact Learning Community Environment Interact
CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote  ...)
	NOT-FOR-US: MojoAuto
CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2 ...)
	NOT-FOR-US: MojoClassifieds
CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedS ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable macro not present)
CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioS ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allo ...)
	NOT-FOR-US: Snark VisualPic
CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows  ...)
	NOT-FOR-US: Fizzmedia
CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows rem ...)
	NOT-FOR-US: phpTest
CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unkn ...)
	NOT-FOR-US: JamRoom
CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom befo ...)
	NOT-FOR-US: JamRoom
CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...)
	NOT-FOR-US: Gregarius
CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allo ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone allo ...)
	NOT-FOR-US: Getacoder Clone
CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack 2.3. ...)
	NOT-FOR-US: TalkBack
CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera Uni ...)
	NOT-FOR-US: CUA Login Module in EMC Centera Universal Access
CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and  ...)
	NOT-FOR-US: ViArt Shop
CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php i ...)
	NOT-FOR-US: ATutor
CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web  ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allow ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on W ...)
	- pixelpost <not-affected> (Exploit relies on register_globals to be on)
CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeSc ...)
	NOT-FOR-US: Trend Micro OfficeScan Corp Edition Web-Deployment
CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos E-L ...)
	NOT-FOR-US: Dokeos E-Learning System
CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio Gan ...)
	NOT-FOR-US: Giulio Ganci Wp Downloads Manager module
CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web si ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7  ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and Chr ...)
	- owl-dms 0.95-1.1 (bug #493372)
CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...)
	NOT-FOR-US: SAP NetWeaver portal
CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingre ...)
	NOT-FOR-US: Ingres
CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres  ...)
	NOT-FOR-US: Ingres
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 al ...)
	NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ( ...)
	NOT-FOR-US: Newbb Plus
CVE-2008-3353 (Multiple cross-site scripting (XSS) vulnerabilities in Pure Software L ...)
	NOT-FOR-US: Pure Software Lore
CVE-2008-3352 (SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allo ...)
	NOT-FOR-US: Live Music Plus
CVE-2008-3351 (SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0 ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service (dae ...)
	- dnsmasq 2.44-1 (low)
	[etch] - dnsmasq <not-affected> (Issue was introduced in 2.43)
CVE-2008-3349 (Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on  ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2008-3348 (Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/i ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3347 (SQL injection vulnerability in staticpages/easycalendar/index.php in M ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3346 (SQL injection vulnerability in product_detail.php in ShopCart DX allow ...)
	NOT-FOR-US: ShopCart DX
CVE-2008-3345 (SQL injection vulnerability in staticpages/easyecards/index.php in Myi ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3344 (Multiple cross-site scripting (XSS) vulnerabilities in staticpages/eas ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3343 (SQL injection vulnerability in staticpages/easypublish/index.php in My ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3342 (Cross-site scripting (XSS) vulnerability in staticpages/easypublish/in ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3341 (Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex  ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3340 (Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbe ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain  ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.4 ...)
	{DSA-1626-1}
	- httrack 3.42.3-1 (low)
CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawka ...)
	NOT-FOR-US: TIBCO Hawk
CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...)
	{DSA-1628-1}
	- pdns 2.9.21.1-1 (low)
CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1. ...)
	NOT-FOR-US: PunBB
CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote attacke ...)
	NOT-FOR-US: PunBB
CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 a ...)
	NOT-FOR-US: MyBB
CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis befor ...)
	- mantis 1.1.2+dfsg-2
	NOTE: I've marked the above version as fixed, however I am not sure if it wasn't fixed
	NOTE: earlier. However, lenny is fixed and it is not in etch and sarge is not supported anymore.
CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before 1. ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is  ...)
	- links2 2.1pre37-1.1 (low; bug #492744)
	[etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac be ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ve ...)
	NOT-FOR-US: PartyGaming PartyPoker
CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the auth ...)
	NOT-FOR-US: Cygwin
CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote attacker ...)
	NOT-FOR-US: Maian *
CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote attack ...)
	NOT-FOR-US: Maian *
CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote attac ...)
	NOT-FOR-US: Maian *
CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Maian *
CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote attacker ...)
	NOT-FOR-US: Maian *
CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote attacker ...)
	NOT-FOR-US: Maian *
CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the  ...)
	NOT-FOR-US: Geeklog
CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.1 ...)
	NOT-FOR-US: Claroline
CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: ZDaemon
CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allo ...)
	NOT-FOR-US: CreaCMS
CVE-2008-3312 (Directory traversal vulnerability in lemon_includes/FCKeditor/editor/f ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: lemon cms patched sources, vulnerable code not present in plain fckeditor in no version.
	NOTE: if in doubt contact the fsckeditor people.
CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam Scheinbe ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows r ...)
	NOT-FOR-US: Pre Survey Poll
CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earl ...)
	NOT-FOR-US: DigiLeave
CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Des ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (y ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog (yt ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno  ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled,  ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, wh ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: AlphAdmin CMS
CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: eSyndiCat
CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for temp ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.8 ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php i ...)
	NOT-FOR-US: XOOPS
CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with Py ...)
	- vim <not-affected> (Build issue)
	NOTE: It looks like the vulnerability only occurs during build, so it shouldn't be an issue for Debian
CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass auth ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...)
	NOT-FOR-US: AproxEngine
CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows r ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in  ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Server
CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows r ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: SWAT 4
CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows re ...)
	NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
	REJECTED
CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red  ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in sal/rtl/source/ ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during e ...)
	{DSA-1631-1 DTSA-158-1}
	- libxml2 2.6.32.dfsg-3 (medium)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-3280
	RESERVED
CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
	- brltty <not-affected> (RedHat-specific)
CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...)
	- frysk <removed>
CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
	- ibutils <not-affected> (RedHat-specific)
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in net/dccp/pr ...)
	{DSA-1653-1 DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in t ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA  ...)
	NOT-FOR-US: FreeIPA
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2 ...)
	- jbossas4 <not-affected> (Only provides a few class libs)
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers t ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.1
	- tomcat6 <not-affected>
	NOTE: It is unlikely that this is exploitable in real world scenarios.
CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify th ...)
	NOT-FOR-US: Red Hat
CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2 ...)
	NOT-FOR-US: WinRemotePC
CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when u ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote  ...)
	NOT-FOR-US: MojoJobs
CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Re ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3  ...)
	NOT-FOR-US: DT Register
CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source 1 ...)
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html
CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x  ...)
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html
CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before 1. ...)
	NOT-FOR-US: Claroline
CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline b ...)
	NOT-FOR-US: Claroline
CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...)
	NOT-FOR-US: Claroline
CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11Use ...)
	- openssh <not-affected> (linux check that the effective userid matches or that bind addresses dont overlap on rebind)
CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow re ...)
	- zoph 0.7.1-1
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=614672
CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and e ...)
	NOT-FOR-US: Siteframe CMS
CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebP ...)
	NOT-FOR-US: LunarNight Laboratory WebProxy
CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote att ...)
	NOT-FOR-US: preCMS
CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...)
	NOT-FOR-US: Citrix XenServer Express
CVE-2008-3252 (Stack-based buffer overflow in the read_article function in getarticle ...)
	{DSA-1622-1}
	- newsx 1.6-3 (bug #492742)
CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remo ...)
	NOT-FOR-US: tplSoccerSite
CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly valid ...)
	NOT-FOR-US: Lenovo System Update
CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas Fi ...)
	NOT-FOR-US: Symantec Veritas File System on HP-UX
CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 o ...)
	- linux-2.6 2.6.25-7
	[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
	- linux-2.6.24 <not-affected> (2.6.25-only issue)
CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the BlackB ...)
	NOT-FOR-US: BlackBerry Attachment Service
CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4 ...)
	NOT-FOR-US: phpHoo3
CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 al ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before 4.4 ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in PPM ...)
	NOT-FOR-US: PPMate
CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats 0.2.13 ...)
	NOT-FOR-US: UltraStats
CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate Netwo ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function i ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow rem ...)
	NOT-FOR-US: ITechBids
CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in I ...)
	NOT-FOR-US: ITechBids
CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System Management/Reposito ...)
	NOT-FOR-US: Wsadmin
CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in th ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...)
	- openssh <unfixed> (unimportant)
	NOTE: this is by design
CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN  ...)
	- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in Dotclea ...)
	NOT-FOR-US: dotclear
CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...)
	- xine-lib 1.1.14-2 (bug #492870; unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a deni ...)
	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
	- ffmpeg 0.svn20080206-16 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain sec ...)
	NOT-FOR-US: Joomla!
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact a ...)
	NOT-FOR-US: Joomla!
CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows attacke ...)
	NOT-FOR-US: Joomla!
CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration functio ...)
	NOT-FOR-US: Joomla!
CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest rando ...)
	{DSA-1544-2}
	- pdns-recursor 3.1.7-1 (low; bug #493576)
CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to  ...)
	{DSA-1616-2}
	- clamav 0.93.1.dfsg-1.1 (medium)
CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service (dae ...)
	- dnsmasq 2.26-1 (medium)
CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS P ...)
	NOT-FOR-US: WebCMS
CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attack ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows r ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...)
	NOT-FOR-US: Black Ice Document Imaging SDK
CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 a ...)
	NOT-FOR-US: Simple DNS Plus
CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...)
	NOT-FOR-US: Pragyan CMS
CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black C ...)
	NOT-FOR-US: Yuhhu Pubs Black Cat
CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi Wik ...)
	NOT-FOR-US: Easy-Script Wysi Wiki Wyg
CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...)
	NOT-FOR-US: E-topbiz Million Pixels
CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform  ...)
	NOT-FOR-US: AuraCMS
CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...)
	NOT-FOR-US: Xomol
CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pa ...)
	NOT-FOR-US: Pagefusion
CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080 ...)
	NOT-FOR-US: Avlc Forum
CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arb ...)
	{DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before 4.2 ...)
	{DSA-1639-1}
	- twiki 1:4.1.2-5 (low; bug #499534)
	NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-3194 (Multiple directory traversal vulnerabilities in data/inc/themes/predef ...)
	NOT-FOR-US: pluck CMS
CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...)
	NOT-FOR-US: jSite
CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows  ...)
	NOT-FOR-US: jSite
CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, w ...)
	NOT-FOR-US: mForum
CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...)
	NOT-FOR-US: CodeDB
CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager  ...)
	NOT-FOR-US: DreamNews Manager
CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the config ...)
	- libxcrypt <not-affected> (Suse issue)
CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 d ...)
	NOT-FOR-US: SUSE Zypper
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.ph ...)
	{DSA-1765-1}
	- horde3 3.2.1+debian0-1 (low; bug #492578)
	- turba2 2.2.1-1 (low)
	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
	{DSA-1691-1}
	- moodle 1.8.1-1 (low)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1. ...)
	{DSA-1691-1}
	- moodle 1.8.2-2 (low; bug #492492)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers  ...)
	- moodle <removed> (unimportant)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
	NOTE: Does not allow any attack vectors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
	- mantis 1.1.2+dfsg-1 (low)
	NOTE: http://www.mantisbt.org/bugs/changelog_page.php
	NOTE: CVE id requested by redhat
	NOTE: 0008975 (CSRF) covered by CVE-2008-2276
	NOTE: 0008976 remote code execution only possible with valid administrator account
CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with a ...)
	- byacc 20070509-1.1 (low; bug #491182)
	[etch] - byacc <no-dsa> (Minor issue)
CVE-2008-XXXX [libetpan NULL deref]
	- libetpan 0.54-3 (low)
	[etch] - libetpan <no-dsa> (Minor issue)
	NOTE: http://lwn.net/Alerts/287640/
	NOTE: http://libetpan.cvs.sourceforge.net/libetpan/libetpan/src/low-level/imf/mailimf.c?view=diff&r1=1.46&r2=1.47
CVE-2008-XXXX [XSS in press-this of wordpress]
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: this code was never present in a released wordpress version
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
	- phpbb3 3.0.2-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2 ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.7.1-1 (low)
	NOTE: this only allows via csrf to create an empty database.
	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?)
CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ( ...)
	NOT-FOR-US: Chipmunk Blog
CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.1 ...)
	NOT-FOR-US: vBulletin
CVE-2008-3183 (PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/too ...)
	NOT-FOR-US: gapicms
CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (D ...)
	NOT-FOR-US: Download Accelerator Plus
CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in upload/file/lan ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business (W2 ...)
	NOT-FOR-US: phpDatingClub
CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in WebXe ...)
	NOT-FOR-US: WebXell Editor
CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in Sopho ...)
	NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
	RESERVED
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the server i ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Int ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for domain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level d ...)
	NOT-FOR-US: Opera
CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different  ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific top- ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 al ...)
	NOT-FOR-US: Empire Server
CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world c ...)
	NOT-FOR-US: Empire Server
CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6 ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2008-3166 (PHP remote file inclusion vulnerability in modules/global/inc/content. ...)
	NOT-FOR-US: BoonEx Ray
CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a  ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 al ...)
	NOT-FOR-US: DodosMail
CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in libavfo ...)
	{DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-10 (bug #489965; low)
	- ffmpeg 0.svn20080206-10
	- xmovie <removed>
CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/syst ...)
	NOT-FOR-US: IBM Maximo
CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1. ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...)
	NOT-FOR-US: eDirectory
CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.9 ...)
	NOT-FOR-US: Novell Client for Windows
CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...)
	NOT-FOR-US: Nortel SIP Multimedia PC Client
CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan befo ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in P ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows rem ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers  ...)
	NOT-FOR-US: Triton CMS Pro
CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC  ...)
	NOT-FOR-US: SmartPPC
CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke al ...)
	NOT-FOR-US: PHP-NUke
CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic Edit ...)
	NOT-FOR-US: Neutrino Atomic Edition
CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote a ...)
	NOT-FOR-US: F5 FirePass
CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f al ...)
	NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) W ...)
	NOT-FOR-US: WeFi
CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (medium; bug #497878)
CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in Python/my ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.4 2.4.5-5
	- python2.5 2.5.2-7
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow context- ...)
	{DSA-1667-1}
	- python2.4 2.4.5-1
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.5 2.5.2-1
CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platfor ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allow ...)
	NOT-FOR-US: AShop Delux
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 al ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.4-1 (bug #491439)
	- imagemagick <unfixed> (unimportant; bug #559775)
	NOTE: several DoS fixed in 1.2.4 according to upstream
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...)
	NOT-FOR-US: BareNuked CMS
CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla component
CVE-2008-3131 (SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when m ...)
	NOT-FOR-US: PSys
CVE-2008-3130 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...)
	NOT-FOR-US: OpenCart
CVE-2008-3129 (Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta ...)
	NOT-FOR-US: Catviz
CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...)
	NOT-FOR-US: Pivot
CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIO ...)
	NOT-FOR-US: HIOX Banner Rotator
CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface  ...)
	NOT-FOR-US: Fujitsu Siemens Computers ServerView
CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute Scri ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-3124 (SQL injection vulnerability in index.php in Mole Group Hotel Script 1. ...)
	NOT-FOR-US: Mole Group
CVE-2008-3123 (SQL injection vulnerability in index.php in Mole Group Real Estate Scr ...)
	NOT-FOR-US: Mole Group
CVE-2008-3122 (Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) b ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWar ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3120
	REJECTED
CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows r ...)
	NOT-FOR-US: DreamPics Builder
CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier a ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3117 (Unrestricted file upload vulnerability in update_profile.php in PHPmot ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3116 (Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou ...)
	NOT-FOR-US: Snail Game
CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...)
	NOT-FOR-US: ancient issue
CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests  ...)
	NOT-FOR-US: ancient issue
CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions,  ...)
	NOT-FOR-US: ancient issue
CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth sup ...)
	- op <not-affected> (not configured with xauth support)
CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...)
	- drupal5 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before  ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5 ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <not-affected> (Vulnerable code not present)
	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog
CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6 ...)
	- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...)
	- drupal5 5.9-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...)
	- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.1 ...)
	{DSA-1673-1}
	- wireshark 1.0.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlie ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 befor ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 bef ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
	- openjdk-6 <undetermined> (bug #566770)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 befor ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-04-1 (bug #490260)
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java Ru ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java Ru ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5 ...)
	- sun-java5 1.5.0-10-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime E ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ( ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) mana ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the  ...)
	- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0. ...)
	NOT-FOR-US: vtiger CRM
CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve B ...)
	- owl-dms 0.95-1.1 (low; bug #493579)
CVE-2008-3099
	RESERVED
CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuz ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Ti ...)
	NOT-FOR-US: additional drupal module Tinytax
CVE-2008-3096 (The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each ...)
	NOT-FOR-US: additional drupal module Outline Designer
CVE-2008-3095 (Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) mo ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1 ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x befo ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger mo ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...)
	NOT-FOR-US: BlognPlus
CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze  ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in Kassel ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote  ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3086
	REJECTED
CVE-2008-3085
	REJECTED
CVE-2008-3084
	REJECTED
CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a proj ...)
	- projectl 1.001.dfsg1-2 (low; bug #489988)
	[etch] - projectl <no-dsa> (Minor issue)
CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks ...)
	NOT-FOR-US: com_brightweblinks omponent for Joomla!
CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in UPM/English/login/login.as ...)
	NOT-FOR-US: Commtouch Enterprise Anti-Spam Gateway
CVE-2008-3081 (Multiple unspecified "input validation" vulnerabilities in the Web man ...)
	NOT-FOR-US: Avaya Message Storage Server
CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in myWebl ...)
	NOT-FOR-US: myBloggie
CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows attac ...)
	NOT-FOR-US: Opera
CVE-2008-3078 (Opera before 9.51 does not properly manage memory within functions sup ...)
	NOT-FOR-US: Opera
CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x ...)
	- linux-2.6 2.6.25-7
	- linux-2.6.24 <not-affected> (Vulnerable code added later)
	[etch] - linux-2.6 <not-affected> (Vulnerable code added later)
	NOTE: 1e9a615bfce7996ea4d815d45d364b47ac6a74e8
CVE-2008-3076 (The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted  ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3075 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3074 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in MyBB be ...)
	NOT-FOR-US: MyBB
CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1 ...)
	NOT-FOR-US: MyBB
CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2 ...)
	NOT-FOR-US: MyBB
CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook,  ...)
	NOT-FOR-US: Microsoft Crypto API
CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when passwo ...)
	- sudo 1.6.9p12-1
	[etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
CVE-2008-3066 (Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3065
	RESERVED
CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealP ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might allo ...)
	NOT-FOR-US: V-webmail
CVE-2008-3062
	RESERVED
CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows  ...)
	NOT-FOR-US: V-webmail
CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: V-webmail
CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly oth ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and p ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not  ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) exten ...)
	NOT-FOR-US: cd_petition extension for TYPO3
CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension 0. ...)
	NOT-FOR-US: ext_tbl extension for TYPO3
CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (m ...)
	NOT-FOR-US: mh_branchenbuch extension for TYPO3
CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1 ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and earlie ...)
	NOT-FOR-US: Pinboard extension for TYPO3
CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) exte ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for T ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) exte ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extens ...)
	NOT-FOR-US: kb_unpack extension for TYPO3
CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) extensi ...)
	NOT-FOR-US: kb_packman extension for TYPO3
CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka Branchendatenb ...)
	NOT-FOR-US: pro_industrydb extension for TYPO3
CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) extens ...)
	NOT-FOR-US: newscalendar extension for TYPO3
CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...)
	NOT-FOR-US: wec_discussion extension for TYPO3
CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) extensi ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ex ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory (sp_ ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 all ...)
	NOT-FOR-US: CMS little
CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Fina ...)
	NOT-FOR-US: XchangeBoard
CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow rem ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for  ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin ...)
	NOT-FOR-US: phpmyadmin extension for TYPO3
CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda 2. ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...)
	NOT-FOR-US: EfesTECH Shop
CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ( ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...)
	NOT-FOR-US: sr_sendcard extension for TYPO3
CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9  ...)
	NOT-FOR-US: VanGogh Web CMS
CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet  ...)
	NOT-FOR-US: OneClick CMS
CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remo ...)
	NOT-FOR-US: plx Ad Trader
CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3 ...)
	NOT-FOR-US: phgrafx in QNX Momentics
CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and e ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunays ...)
	NOT-FOR-US: PHPortal
CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
	REJECTED
CVE-2008-3016
	REJECTED
CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Of ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
	REJECTED
CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 t ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 t ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...)
	NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Argument injection vulnerability in a URI handler in Microsoft Office  ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007  ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002  ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Offic ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the  ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
	REJECTED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote att ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x b ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remo ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5 ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...)
	NOT-FOR-US: FOG Forum
CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earl ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 an ...)
	NOT-FOR-US: Adobe RoboHelp Server 7
CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in th ...)
	NOT-FOR-US: FacileForms
CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remot ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja CM ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 a ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 al ...)
	NOT-FOR-US: phpDMCA
CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS  ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in C ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows r ...)
	NOT-FOR-US: Demo4 CMS
CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2 ...)
	NOT-FOR-US: HomePH
CVE-2008-2981 (PHP remote file inclusion vulnerability in admin/templates/template_th ...)
	NOT-FOR-US: HomePH
CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2 ...)
	NOT-FOR-US: HomePH
CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php  ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when reg ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.ph ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, wh ...)
	NOT-FOR-US: MM Chat
CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...)
	NOT-FOR-US: MM Chat
CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote atta ...)
	NOT-FOR-US: KbLance
CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows r ...)
	NOT-FOR-US: CiBlog
CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT Y ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web Tool ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT Y ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web To ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows r ...)
	NOT-FOR-US: ResearchGuide
CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote attacker ...)
	NOT-FOR-US: MyBlog
CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow re ...)
	NOT-FOR-US: MyBlog
CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS  ...)
	NOT-FOR-US: CMS Mini
CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsof ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterp ...)
	NOT-FOR-US: Solstice Enterprise Agents in Sun Solaris
CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Ide ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, p ...)
	- linux-2.6 <not-affected>
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 <not-affected>
CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing  ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing (HPL ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_pro ...)
	- apache2 2.2.9-7 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.3 ...)
	NOTE: This is an issue in the respective JVMs, Tomcat only includes a workaround
	NOTE: Check status of free JVMs
	- tomcat5.5 5.5.26-5 (unimportant; bug #496309)
CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mai ...)
	- postfix 2.5.4-1 (low)
	[etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 bef ...)
	{DSA-1629-2 DSA-1629-1 DTSA-155-1}
	- postfix 2.5.4-1
CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ex ...)
	{DSA-1624-1 DTSA-152-1}
	- libxslt 1.1.24-2 (bug #493162)
	NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to  ...)
	- iceweasel <not-affected> (MacOS-specific)
CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|'  ...)
	{DSA-1697-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote at ...)
	NOT-FOR-US: Red Hat adminutil
CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel befo ...)
	{DSA-1630-1}
	- linux-2.6 2.6.22
	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, a ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil l ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIP ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote attac ...)
	NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
	NOT-FOR-US: Webmatic
CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in Lyr ...)
	NOT-FOR-US: Lyris ListManager
CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...)
	NOT-FOR-US: Dana IRC client
CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and e ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and  ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 al ...)
	NOT-FOR-US: Gryphon
CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics Car ...)
	NOT-FOR-US: Application Dynamics Cartweaver
CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART allow ...)
	NOT-FOR-US: E-SMART CART
CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earli ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (ak ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the sear ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when m ...)
	NOT-FOR-US: Devalcms
CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4. ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Co ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text- ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows r ...)
	NOT-FOR-US: Clever Copy
CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in  ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...)
	NOT-FOR-US: WebChamado
CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allo ...)
	NOT-FOR-US: WebChamado
CVE-2008-2905 (PHP remote file inclusion vulnerability in includes/Cache/Lite/Output. ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is only in experimental
	NOTE: filed removal bug for Mambo from experimental #490291
CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows  ...)
	NOT-FOR-US: Conkurent PHPMyCart
CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing Sy ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family Connecti ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows remot ...)
	NOT-FOR-US: PHPAuction
CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS  ...)
	NOT-FOR-US: j00lean-CMS
CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in Hedgehog-C ...)
	NOT-FOR-US: Hedgehog-CMS
CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta all ...)
	NOT-FOR-US: PageSquid
CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows r ...)
	NOT-FOR-US: FireAnt
CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4  ...)
	NOT-FOR-US: AproxEngine
CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software Cl ...)
	NOT-FOR-US: NCH Software Classic FTP Windows
CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ H ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component 1. ...)
	NOT-FOR-US: Joomla!
CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows  ...)
	NOT-FOR-US: emuCMS
CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football Leag ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...)
	NOT-FOR-US: AceBIT WISE-FTP
CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, wh ...)
	NOT-FOR-US: MiGCMS
CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz@work FubarFor ...)
	NOT-FOR-US: FubarForum
CVE-2008-2886 (PHP remote file inclusion vulnerability in include/plugins/jrBrowser/p ...)
	NOT-FOR-US: Jamroom
CVE-2008-2885 (PHP remote file inclusion vulnerability in src/browser/resource/catego ...)
	NOT-FOR-US: Open Digital Assets Repository System
CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in RSS-aggregat ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-2883 (PHP remote file inclusion vulnerability in include/plugins/jrBrowser/p ...)
	NOT-FOR-US: Jamroom
CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require administra ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in clear ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3 ...)
	NOT-FOR-US: IBM AFP Viewer Plug-in
CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, wh ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ( ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2877 (PHP remote file inclusion vulnerability in admin/include/lib.module.ph ...)
	NOT-FOR-US: cmsWorks
CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows r ...)
	NOT-FOR-US: mUnky
CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allow ...)
	NOT-FOR-US: Webdevindo-CMS
CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny  ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics
CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earl ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php i ...)
	NOT-FOR-US: PEGames
CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remo ...)
	NOT-FOR-US: ShareCMS
CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows r ...)
	NOT-FOR-US: E-topbiz Link ADS
CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...)
	NOT-FOR-US: ware DUcalendar
CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...)
	NOT-FOR-US: E-topbiz Viral
CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net Ca ...)
	NOT-FOR-US: CaupoShop Classic
CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...)
	NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attacker ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site C ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer (E ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Sit ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...)
	NOT-FOR-US: AJSquare AJ Auction Pro Web
CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail befo ...)
	NOT-FOR-US: NetWin SurgeMail
CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows remo ...)
	NOT-FOR-US: WebChamado
CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in  ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remot ...)
	NOT-FOR-US: OwnRS
CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...)
	NOT-FOR-US: OwnRS
CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6  ...)
	NOT-FOR-US: Orlando CMS
CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows r ...)
	NOT-FOR-US: Easy Webstore
CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when a ...)
	- cgiwrap <removed> (low; bug #497761)
	[etch] - cgiwrap <no-dsa> (Minor issue)
	NOTE: only applies to certain character sets and only works with
	NOTE: browsers. There isn't a good solution available, the patch uses
	NOTE: a compile-time charset specification. All in all not a real
	NOTE: priority to fix in etch.
CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote at ...)
	NOT-FOR-US: OFF System
CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before 5.x-1. ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x  ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: MindTouch DekiWiki
CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...)
	NOT-FOR-US: Maxtrade
CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds al ...)
	NOT-FOR-US: BoatScripts Classifieds
CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows  ...)
	NOT-FOR-US: MyBizz-Classifieds
CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds all ...)
	NOT-FOR-US: Carscripts Classifieds
CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlie ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doIT ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earl ...)
	{DTSA-146-1}
	- poppler 0.8.4-1.1 (medium; bug #489756)
	[etch] - poppler <not-affected> (Vulnerable code not present)
	- xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized)
CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1805-1 DSA-1610-1}
	- pidgin 2.4.3-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through  ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1. ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 0.99.8 to 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3140 (The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows rem ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark (formerly  ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ca ...)
	{DSA-1650-1 DTSA-151-1}
	- openldap2.3 <removed> (low; bug #488710)
	- openldap 2.4.10-3 (low; bug #488710)
CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service (cra ...)
	- pidgin 2.4.3-1 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
CVE-2008-2956
	- pidgin <unfixed> (unimportant; bug #488632)
	NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, a ...)
	- pidgin 2.4.3-4 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: probably only a bandwidth issue
CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allow ...)
	- mercurial 1.0.1-2 (low; bug #488628)
	[etch] - mercurial <not-affected> (Vulnerable functionality not present)
CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remot ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows l ...)
	- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
	- python-werkzeug 0.3.1-1
	NOTE: http://web.archive.org/web/20081229140824/http://lucumr.pocoo.org:80/cogitations/2008/06/24/werkzeug-031-released/
CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on Window ...)
	- xchat <not-affected> (Windows specific problem)
CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1. ...)
	NOT-FOR-US: Exero CMS
CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in Train ...)
	NOT-FOR-US: Traindepot
CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 allow ...)
	NOT-FOR-US: Traindepot
CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote atta ...)
	NOT-FOR-US: CMS-BRD
CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in WebCa ...)
	- webcalendar 1.0.5-1 (low)
	- gforge <not-affected> (code in lenny internally sets its own path)
CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...)
	NOT-FOR-US: IGSuite
CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image DataBa ...)
	NOT-FOR-US: Scientific Image DataBase
CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to  ...)
	NOT-FOR-US: le.cms
CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full R ...)
	NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831 (Multiple cross-site scripting (XSS) vulnerabilities in the delegated s ...)
	NOT-FOR-US: MailMarshal
CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
	{DTSA-144-1}
	- php5 5.2.6-2 (low)
	[etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
	NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ne ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-6 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
	NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerl ...)
	NOT-FOR-US: PHPeasyblog
CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in 3D-F ...)
	NOT-FOR-US: 3D-FTP Client
CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech Secur ...)
	NOT-FOR-US: Glub Tech Secure FTP
CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open Azim ...)
	NOT-FOR-US: Open Azimyt CMS
CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlie ...)
	NOT-FOR-US: BlognPlus
CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remot ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 a ...)
	NOT-FOR-US: NiTrO Web Gallery
CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin  ...)
	NOT-FOR-US: Oxygen
CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 all ...)
	NOT-FOR-US: MyMarket
CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast  ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server Shou ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty operat ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-7
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, Th ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonk ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS  ...)
	- iceweasel <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remo ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10
	- xulrunner 1.9.0.1-1
CVE-2008-2804
	REJECTED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox befor ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- icedove 2.0.0.16-1
	- xulrunner 1.9.0.1-1
CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remo ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEng ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote  ...)
	NOT-FOR-US: FreeCMS
CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM C ...)
	NOT-FOR-US: IDM Computer Solutions Inc UltraEdit
CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification  ...)
	NOT-FOR-US: Symantec Altiris Notification
CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before 3.0 ...)
	NOT-FOR-US: ClipShare
CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier all ...)
	NOT-FOR-US: eroCMS
CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...)
	NOT-FOR-US: Kalptaru Infotech
CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade  ...)
	NOT-FOR-US: MountainGrafix easyTrade
CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows rem ...)
	NOT-FOR-US: BASIC-CMS
CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1. ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2. ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7,  ...)
	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
	NOTE: We haven't supported installations with register_globals enabled since a long time
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647
CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
	{DTSA-142-1}
	- perl 5.10.0-11 (bug #487319; medium)
	[etch] - perl <not-affected> (doesn't change link target permissions)
	NOTE: affects other packages like debsums, see bugreport
CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause  ...)
	- tmsnc 0.3.2-1.1 (low; bug #487222)
CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
	NOT-FOR-US: Just hashes posted to full-disclosure, no specific information
	NOTE: Unless more specific information pops up, this can be considered covered by
	NOTE: CVE-2008-2785
CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird befo ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0 (medium; bug #488358)
	- icedove 2.0.0.16-1
	- iceape 1.1.11-1 (bug #491163)
	- xulrunner 1.9.0.1-1 (bug #491161)
	NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
	NOT-FOR-US: spamdyke
CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware ...)
	- kronolith2 <not-affected> (unimportant; Nonreproducable 'issue')
	- horde3 <not-affected> (unimportant; Nonreproducable 'issue')
	NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209
CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow re ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allow ...)
	NOT-FOR-US: DZOIC Handshakes
CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores t ...)
	NOT-FOR-US: Anubis
CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Bu ...)
	NOT-FOR-US: GlobalSCAPE CuteFTP Home
CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search Syst ...)
	NOT-FOR-US: RevokeBB
CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows  ...)
	NOT-FOR-US: Ortro
CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepie ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping  ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module  ...)
	NOT-FOR-US: Taxonomy Image module for Drupal
CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote atta ...)
	NOT-FOR-US: Magic Tabs module for Drupal
CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 fo ...)
	NOT-FOR-US: Node Hierarchy module for Drupal
CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_q ...)
	NOT-FOR-US: MycroCMS
CVE-2008-2769 (PHP remote file inclusion vulnerability in authentication/smf/smf.func ...)
	NOT-FOR-US: phpRaider
CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla  ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE all ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Galle ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gal ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla  ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live Suppo ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form Proce ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute  ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute Ban ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute  ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute  ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News Manag ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla A ...)
	NOT-FOR-US: Xigla Absolute Control Panel XE
CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote att ...)
	NOT-FOR-US: JAMM CMS
CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...)
	NOT-FOR-US: eFiction
CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...)
	NOT-FOR-US: Pooya Site Builder
CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly h ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish w ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux k ...)
	- linux-2.6 2.6.26
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: 6b6707a50c7598a83820077393f8823ab791abf8
CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar Serve ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a den ...)
	NOT-FOR-US: Skulltag
CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissio ...)
	NOT-FOR-US: Windows
CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allo ...)
	NOT-FOR-US: Gryphon gllcTS2
CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in  ...)
	NOT-FOR-US: BiAnno ActiveX Control
CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...)
	NOT-FOR-US: vBulletin
CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...)
	NOT-FOR-US: web server Xerox
CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/ ...)
	NOT-FOR-US: Achievo
CVE-2008-2741
	RESERVED
CVE-2008-2740
	RESERVED
CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System (I ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-2738
	RESERVED
CVE-2008-2737
	REJECTED
CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 device ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security App ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 befor ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection functionali ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2731
	RESERVED
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: cisco
CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some  ...)
	{DSA-1630-1}
	- linux-2.6 2.6.19-1
	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
CVE-2008-2728
	REJECTED
CVE-2008-2727
	REJECTED
CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and e ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and e ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4 ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page add ...)
	NOT-FOR-US: Opera
CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP Mu ...)
	NOT-FOR-US: Solaris
CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module o ...)
	NOT-FOR-US: Solaris
CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSP ...)
	NOT-FOR-US: Solaris
CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and O ...)
	NOT-FOR-US: Solaris
CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1,  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remo ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger (G ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...)
	NOT-FOR-US: ALTools ESTsoft ALFTP
CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...)
	NOT-FOR-US: joomla extension
CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager (G ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...)
	NOT-FOR-US: WEBalbum
CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) comp ...)
	NOT-FOR-US: joomla extension
CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows  ...)
	NOT-FOR-US: phpInv
CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...)
	NOT-FOR-US: phpInv
CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperien ...)
	NOT-FOR-US: JiRo's FAQ Manager eXperience
CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002 ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in BrowserC ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 all ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...)
	NOT-FOR-US: ProManager
CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows r ...)
	NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
	- wdiff 0.5-18 (low; bug #425254)
	[etch] - wdiff  <no-dsa> (Minor issue)
CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...)
	- nasm 2.03.01-1 (low; bug #486715)
	[etch] - nasm <not-affected> (vulnerable code not present)
CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ...)
	{DSA-1733-1 DTSA-143-1}
	- vim 1:7.1.314-3 (low; bug #486502)
CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of  ...)
	- exiv2 0.17-1 (low; bug #486328)
	[etch] - exiv2 <no-dsa> (Minor issue)
	NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to  ...)
	{DSA-1616-2 DTSA-138-1}
	- clamav 0.93.1.dfsg-1.1 (low; bug #490925)
CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
	- fetchmail 6.3.9~rc2-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
	NOTE: -vv is only used for debugging purposes so this does not
	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
	NOTE: use.
CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2 ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto Galler ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass permiss ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to o ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for non-albu ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1,  ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black I ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black I ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attac ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in _includes/ ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, wh ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Dir ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal (com_news_porta ...)
	NOT-FOR-US: com_news_portal component for Joomla!
CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gal ...)
	NOT-FOR-US: PHP Image Gallery
CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as use ...)
	NOT-FOR-US: Interstage Management Console
CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...)
	NOT-FOR-US: pNews
CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and  ...)
	- ewiki <removed> (unimportant)
	NOTE: register_globals is not supported
CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows  ...)
	NOT-FOR-US: DCFM Blog
CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote a ...)
	NOT-FOR-US: yBlog
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 a ...)
	NOT-FOR-US: yBlog
CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier  ...)
	- php5 <removed> (unimportant)
	NOTE: safe mode not supported
CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP  ...)
	- php5 5.2.6.dfsg.1-3 (unimportant)
	NOTE: safe mode not supported
CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8 ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4  ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby 1 ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2661
	RESERVED
CVE-2008-2660
	RESERVED
CVE-2008-2659
	RESERVED
CVE-2008-2658
	RESERVED
CVE-2008-2657
	RESERVED
CVE-2008-2656
	RESERVED
CVE-2008-2655
	RESERVED
CVE-2008-2653
	RESERVED
CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b a ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB  ...)
	NOT-FOR-US: com_joobb component for Joomla!
CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...)
	NOT-FOR-US: CMSimple
CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 B ...)
	NOT-FOR-US: DesktopOnNet
CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in meBi ...)
	NOT-FOR-US: meBiblio
CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in me ...)
	NOT-FOR-US: meBiblio
CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7  ...)
	NOT-FOR-US: meBiblio
CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly B ...)
	NOT-FOR-US: Brim
CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) compon ...)
	NOT-FOR-US: com_biblestudy component for Joomla!
CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remot ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlie ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 Hist ...)
	NOT-FOR-US: Adobe Flex
CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect Citec ...)
	NOT-FOR-US: Citect CitectSCADA
CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 an ...)
	NOT-FOR-US: 1Book
CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5 FirePass SSL VPN
CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 all ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow r ...)
	NOT-FOR-US: BitKinex
CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online  ...)
	NOT-FOR-US: I-Pos Internet Pay Online Store
CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomr ...)
	NOT-FOR-US: com_joomradio component for Joomla!
CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component 0.1 ...)
	NOT-FOR-US: com_acctexp component for Joomla!
CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows re ...)
	NOT-FOR-US: MDaemon
CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 f ...)
	NOT-FOR-US: com_jb2 component for Joomla!
CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...)
	NOT-FOR-US: LifeType module for Drupal
CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component 0.9 ...)
	NOT-FOR-US: com_equotes component for Joomla!
CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...)
	NOT-FOR-US: com_idoblog for Joomla!
CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ear ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle
CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2616 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2615 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2614 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2613 (Unspecified vulnerability in the Database Scheduler component in Oracl ...)
	NOT-FOR-US: Oracle database
CVE-2008-2612 (Unspecified vulnerability in the Hyperion BI Plus component in Oracle  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2611 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle database
CVE-2008-2610 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2609 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2608 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle database
CVE-2008-2607 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2606 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle database
CVE-2008-2605 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle database
CVE-2008-2604 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle database
CVE-2008-2603 (Unspecified vulnerability in the Resource Manager component in Oracle  ...)
	NOT-FOR-US: Oracle database
CVE-2008-2602 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle database
CVE-2008-2601 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle database
CVE-2008-2600 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle database
CVE-2008-2599 (Unspecified vulnerability in the TimesTen Client/Server component in O ...)
	NOT-FOR-US: Oracle database
CVE-2008-2598 (Unspecified vulnerability in the TimesTen Client/Server component in O ...)
	NOT-FOR-US: Oracle database
CVE-2008-2597 (Unspecified vulnerability in the TimesTen Client/Server component in O ...)
	NOT-FOR-US: Oracle database
CVE-2008-2596 (Unspecified vulnerability in the Mobile Application Server component i ...)
	NOT-FOR-US: Oracle database
CVE-2008-2595 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle database
CVE-2008-2594 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle database
CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in Or ...)
	NOT-FOR-US: Oracle database
CVE-2008-2590 (Unspecified vulnerability in the Instance Management component in Orac ...)
	NOT-FOR-US: Oracle database
CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle database
CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle database
CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle database
CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle database
CVE-2008-2584
	REJECTED
CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for t ...)
	NOT-FOR-US: Oracle database
CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, S ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php i ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote au ...)
	NOT-FOR-US: freeSSHd
CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog a ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerl ...)
	- limesurvey <itp> (bug #472802)
CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component 1 ...)
	NOT-FOR-US: com_easybook component for Joomla!
CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: com_simpleshop component for Joomla!
CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Rel ...)
	NOT-FOR-US: Fenriru Sleipnir
CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Boo ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and e ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...)
	NOT-FOR-US: com_jotloader component for Joomla!
CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.ph ...)
	NOT-FOR-US: SamTodo
CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ea ...)
	NOT-FOR-US: PowerPhlogger
CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 all ...)
	NOT-FOR-US: 427BB
CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remo ...)
	NOT-FOR-US: 427BB
CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion 3 ...)
	- motion 3.2.9-3 (low; bug #484572)
	[etch] - motion <no-dsa> (minor issue)
CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...)
	{DSA-1688-1}
	- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remo ...)
	NOT-FOR-US: Borland Interbase
CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute fo ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ea ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and e ...)
	NOT-FOR-US: PHP Visit Counter
CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote  ...)
	NOT-FOR-US: EasyWay CMS
CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote att ...)
	NOT-FOR-US: BP Blog
CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated St ...)
	{DSA-1633-1}
	- slash 2.2.6-8etch1 (low; bug #484499)
	NOTE: See CVE-2008-2231
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris 1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6  ...)
	NOT-FOR-US: DownloaderActiveX Control
CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in IB ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remot ...)
	NOT-FOR-US: Acrobat Reader
CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the EX ...)
	NOT-FOR-US: JPEG thumbprint component in the EXIF parser on Motorola cell phones
CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001. ...)
	NOT-FOR-US: Microsoft Windows Installer
CVE-2008-2546
	REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sens ...)
	NOT-FOR-US: Skype
CVE-2008-2544
	RESERVED
	- linux <unfixed> (unimportant)
	NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and As ...)
	- asterisk-addons 1.4.7-1 (bug #484796)
CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in NA ...)
	NOT-FOR-US: NASA Ames Research Center BigView
CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service (ici ...)
	NOT-FOR-US: CA eTrust
CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and  ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows r ...)
	NOT-FOR-US: HispaH Model Search
CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image Hosti ...)
	NOT-FOR-US: YABSoft Advanced Image
CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2  ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix  ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CM ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square aj- ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...)
	NOT-FOR-US: Build A Niche Store
CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts &amp; Solutions Qui ...)
	NOT-FOR-US: Concepts & Solutions QuickUpCMS
CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ( ...)
	NOT-FOR-US: Advanced Links Management
CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 4. ...)
	NOT-FOR-US: Citrix Access Gateway Standard Edition
CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts  ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Server
CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gal ...)
	NOT-FOR-US: WT Gallery
CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka rl ...)
	NOT-FOR-US: typo3 extension Event Database
CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...)
	NOT-FOR-US: BlogPHP
CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...)
	NOT-FOR-US: RakNet
CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script f ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File Hostin ...)
	NOT-FOR-US: YABSoft Mega File
CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...)
	NOT-FOR-US: BigACE
CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 al ...)
	NOT-FOR-US: Core FTP client
CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search mechan ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's enc ...)
	NOT-FOR-US: SaraB
CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allow ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local use ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2513 (Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows loca ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2512 (Directory traversal vulnerability in Symantec Backup Exec System Recov ...)
	NOT-FOR-US: Symantec Backup Exec System Recovery Manager
CVE-2008-2511 (Directory traversal vulnerability in the UmxEventCli.CachedAuditDataLi ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2008-2510 (SQL injection vulnerability in wp-uploadfile.php in the Upload File pl ...)
	NOT-FOR-US: Upload File plugin for WordPress
CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote  ...)
	NOT-FOR-US: Excuse Online
CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...)
	NOT-FOR-US: Brown Bear Software Calcium
CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 thr ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2505 (Cross-site scripting (XSS) vulnerability in result.php in Simpel Side  ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2504 (Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 throu ...)
	NOT-FOR-US: Simpel Side Netbutik
CVE-2008-2503 (Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown im ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2502 (Unspecified vulnerability in the web server in eMule X-Ray before 1.4  ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2501 (Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remot ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor ( ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2008-2499 (Stack-based buffer overflow in the Community Services Multiplexer (aka ...)
	NOT-FOR-US: Community Services Multiplexer
CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo before 4. ...)
	NOT-FOR-US: Mambo
CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote attac ...)
	NOT-FOR-US: Mambo
CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 ...)
	NOT-FOR-US: Quate CMS
CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows  ...)
	NOT-FOR-US: Zina
CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3  ...)
	NOT-FOR-US: Zina
CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus B ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 al ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows rem ...)
	NOT-FOR-US: AbleSpace
CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (a ...)
	NOT-FOR-US: KJ Image Lightbox 2
CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins (aka s ...)
	NOT-FOR-US: Library for Frontend Plugins sg_zfelib
CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require administrati ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier a ...)
	NOT-FOR-US: MAXSITE
CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown impact ...)
	- amule <not-affected> (Different code)
CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection script ...)
	NOT-FOR-US: PCPIN chat
CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in insanevisions  ...)
	NOT-FOR-US: OneCMS
CVE-2008-2481 (PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb ...)
	NOT-FOR-US: phpRaider
CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP Short U ...)
	NOT-FOR-US: plusPHP
CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote atta ...)
	NOT-FOR-US: phpFix
CVE-2008-2478
	NOT-FOR-US: cPanel
CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) Porta ...)
	NOT-FOR-US: MxBB (MX-System)
CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeB ...)
	- kfreebsd-7 7.0-6
	NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) bef ...)
	NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit  ...)
	NOT-FOR-US: ABB Process Communication Unit
CVE-2008-2473
	RESERVED
CVE-2008-2472
	RESERVED
CVE-2008-2471
	RESERVED
CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll  ...)
	NOT-FOR-US: InstallShield
CVE-2008-2469 (Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Sp ...)
	{DSA-1659-1 DTSA-172-1}
	- libspf2 1.2.9-1 (high)
CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe)  ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-2467
	RESERVED
CVE-2008-2466
	RESERVED
CVE-2008-2465
	RESERVED
CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD  ...)
	NOT-FOR-US: NetBSD
CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 1 ...)
	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
	NOT-FOR-US: Caucho Resin
CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows rem ...)
	NOT-FOR-US: Netious
CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows  ...)
	NOT-FOR-US: vBulletin
CVE-2008-2459 (Directory traversal vulnerability in page.php in EntertainmentScript 1 ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in Starsgames Co ...)
	NOT-FOR-US: Starsgames
CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0  ...)
	NOT-FOR-US: PHP-Jokesite
CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and earlier ...)
	NOT-FOR-US: ComicShout
CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG Engine  ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) compo ...)
	NOT-FOR-US: xsstream-dm
CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script allow ...)
	NOT-FOR-US: PHP Classifieds Script
CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsu ...)
	NOT-FOR-US: Questionaire pbsurvey
CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the Statistics  ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan p ...)
	NOT-FOR-US: phpInstantGallery
CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote  ...)
	NOT-FOR-US: Meto Forum
CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper ZoGo-shop  ...)
	NOT-FOR-US: Mytipper ZoGo-shop
CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group Communication Cent ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web Group C ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2  ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate Script all ...)
	NOT-FOR-US: Real Estate Script
CVE-2008-2442
	RESERVED
CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x befo ...)
	NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
	RESERVED
CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in TmLis ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2438 (Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager ...)
	NOT-FOR-US: HP OpenView
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeSc ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef functio ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-2435 (Use-after-free vulnerability in the Trend Micro HouseCall ActiveX cont ...)
	NOT-FOR-US: ActiveX
CVE-2008-2434 (The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 i ...)
	NOT-FOR-US: ActiveX
CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0,  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an unspecif ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow re ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC Me ...)
	{DSA-1819-1 DTSA-148-1}
	- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.2007111 ...)
	NOT-FOR-US: Calendarix
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic a ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...)
	NOT-FOR-US: NConvert, GFL SDK, XnView
CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 al ...)
	{DSA-1594-1}
	- imlib2 1.4.0-1.1 (medium; bug #483816)
	- imlib <not-affected> (Partly not present / partly fixed)
CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote  ...)
	NOT-FOR-US: FicHive
CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows remo ...)
	NOT-FOR-US: Web Slider
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web App ...)
	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of  ...)
	NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun Solar ...)
	NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
	NOT-FOR-US: Webboard
CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote  ...)
	NOT-FOR-US: FicHive
CVE-2008-2415 (Directory traversal vulnerability in template/purpletech/base_include. ...)
	NOT-FOR-US: DigitalHive
CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN Guest ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows ...)
	NOT-FOR-US: ACGV News
CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, ...)
	NOT-FOR-US: SazCart
CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine and Web ...)
	NOT-FOR-US: Web Server service in IBM Lotus Domino
CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10 ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in talk.dl ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian be ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2406 (The administration application server in Sun Java Active Server Pages  ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote a ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in  ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP applic ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4 ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4 ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a se ...)
	- stunnel4 <not-affected> (Windows specific issue)
CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before 0.98.20 ...)
	NOT-FOR-US: FireFTP
CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to execut ...)
	- cbrpager 0.9.17-1 (low; bug #482853)
	[etch] - cbrpager 0.9.14-3+etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
	- xscreensaver 5.05-3 (unimportant; bug #482385)
CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not prop ...)
	- pam-pgsql 0.6.3-2 (medium; bug #481970)
	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
	NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the "Standard demo ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...)
	- stunnel4 3:4.22-1.1 (low; bug #482644)
CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open  ...)
	NOT-FOR-US: AppServ Open Project
CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in dotC ...)
	NOT-FOR-US: dotCMS
CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...)
	NOT-FOR-US: microSSys
CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta  ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow re ...)
	NOT-FOR-US: TAGWORX.CMS
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 a ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier  ...)
	- wordpress 2.5.1-4 (low; bug #485807)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Unrestricted file upload vulnerability was introduced in 2.3.0
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
	NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) E ...)
	NOT-FOR-US: HP Software Update
CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access arbitra ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have u ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2387
	RESERVED
CVE-2008-2386
	RESERVED
CVE-2008-2385
	RESERVED
CVE-2008-2384 (SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql  ...)
	- mod-auth-mysql 4.3.9-11 (medium)
CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers t ...)
	{DSA-1694-1 DTSA-182-1}
	- xterm 238-2 (medium; bug #510030)
CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) Qem ...)
	- qemu 0.9.1-9
	[etch] - qemu <not-affected> (Tested by maintainer)
	- kvm 72+dfsg-4
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2008-2381 (SQL injection vulnerability in the create function in common/include/G ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-7
CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib befor ...)
	{DSA-1688-1 DTSA-180-1}
	- courier-authlib 0.61.0-1+lenny1
CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...)
	{DSA-1682-1}
	- squirrelmail 2:1.4.15-4
CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 al ...)
	{DSA-1668-1}
	- hf 0.8-8.1 (medium; bug #504182)
CVE-2008-2377 (Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_cle ...)
	- gnutls26 2.4.1-1 (medium)
	- gnutls13 <not-affected> (Problem was introduced in 2.3.5)
CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-2
	- ruby1.8 1.8.7.22-2
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on  ...)
	- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.3 ...)
	- bluez-libs 3.34 (low)
	[etch] - bluez-libs <no-dsa> (Minor issue)
	- bluez-utils 3.34 (low)
	[etch] - bluez-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
	REJECTED
CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users  ...)
	- linux-2.6 2.6.26-1
	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
	NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Re ...)
	{DSA-1602-1 DTSA-145-1}
	- pcre3 7.6-2.1 (medium; bug #488919)
CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 th ...)
	- tomcat5.5 5.5.26-4 (bug #494504)
CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a har ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in the Us ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions for pas ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
	- openoffice.org <not-affected> (RedHat-specific packaging flaw)
CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel 2. ...)
	- linux-2.6 2.6.17
	NOTE: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 f5b40e363ad6041a96e3da32281d8faa191597b9
	NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de
CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
	- pan 0.132-3.1 (bug #483562)
	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
	NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render  ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network be ...)
	NOT-FOR-US: system-config-network Fedora
CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c i ...)
	{DSA-1592-1}
	- linux-2.6 2.6.20-1
	NOTE: DCCP feature sanitising was introduced in 2.6.20
	NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
	{DSA-1587-1}
	- mtr 0.73-1
CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 a ...)
	NOT-FOR-US: Archangel Weblog
CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...)
	NOT-FOR-US: WR-Meeting
CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker bef ...)
	NOT-FOR-US: testMaker
CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0  ...)
	NOT-FOR-US: GNU/Gallery
CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when mag ...)
	NOT-FOR-US: Smeego
CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS WebManager- ...)
	NOT-FOR-US: WebManager-Pro
CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 thro ...)
	NOT-FOR-US: bcoos
CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain administrati ...)
	NOT-FOR-US: Zomplog
CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass applicati ...)
	NOT-FOR-US: MeltingIce File System
CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application authent ...)
	NOT-FOR-US: MyPicGallery
CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass auth ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ext ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0  ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ob ...)
	NOT-FOR-US: News Manager
CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager 2 ...)
	NOT-FOR-US: News Manager
CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News Man ...)
	NOT-FOR-US: News Manager
CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow remot ...)
	NOT-FOR-US: News Manager
CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop  ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain pr ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_qu ...)
	NOT-FOR-US: IMGallery
CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 al ...)
	NOT-FOR-US: 68 Classifieds
CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in Vast ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow r ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...)
	NOT-FOR-US: Barracuda
CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows conte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2328
	RESERVED
CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat,  ...)
	{DSA-1632-1 DTSA-160-1}
	- tiff 3.8.2-11 (medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for W ...)
	NOT-FOR-US: Apple Bonjour for Windows
CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 an ...)
	NOT-FOR-US: Apple Mac OS X
	NOTE: the original apple advisory (HT3613) is completely different from the current CVE
	NOTE: description. it claims that this is a webkit issue, which is completely wrong
CVE-2008-2319
	RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools befo ...)
	NOT-FOR-US: Apple Xcode
CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection o ...)
	NOT-FOR-US: Safari
CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5 ...)
	{DSA-1977-1 DTSA-157-1}
	- python2.5 2.5.2-11 (low; bug #493797)
	- python2.4 <not-affected> (hashlib module introduced in python2.5)
CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow context-d ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos&#233; hot corner ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 1 ...)
	- binutils 2.18.1~cvs20080103-1 (low)
	[etch] - binutils <no-dsa> (Minor issue)
CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 an ...)
	NOT-FOR-US: Alias Manager in Apple Mac OS X
CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as d ...)
	- webkit 1.0.1-1
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the U ...)
	NOT-FOR-US: Windows issue
CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Type Services (ATS)
CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreI ...)
	NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...)
	NOT-FOR-US: Safari
CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...)
	NOT-FOR-US: Kostenloses Linkmanagementscript
CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and earlie ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of Cit ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Web Slider
CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Rantx
CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in  ...)
	NOT-FOR-US: Rgboard
CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3 ...)
	NOT-FOR-US: Rgboard
CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain pri ...)
	NOT-FOR-US: Pet Grooming Management System
CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remot ...)
	NOT-FOR-US: Multi-Page Comment System
CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in Net-SNM ...)
	{DSA-1663-1 DTSA-134-1}
	- net-snmp 5.4.1~dfsg-8 (medium; bug #482333)
CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x b ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec Alti ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris Dep ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ha ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 do ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris Deploy ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-10
CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5 ...)
	NOT-FOR-US: Fusebox
CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via  ...)
	NOT-FOR-US: IDAutomation
CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...)
	NOT-FOR-US: Internet Photoshow
CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
	NOT-FOR-US: Internet Explorer
CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive in ...)
	- typo3-src 4.0.2-1
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script  ...)
	NOT-FOR-US: PHP PicEngine
CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction  ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating Scrip ...)
	NOT-FOR-US: Feedback and Rating Script
CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4 ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in Ar ...)
	NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...)
	NOT-FOR-US: Site Documentation Drupal module
CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenlos ...)
	NOT-FOR-US: PHPWAY Linkmanagementscript
CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers t ...)
	NOT-FOR-US: GasTracker
CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6 ...)
	NOT-FOR-US: Mjguest
CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...)
	NOT-FOR-US: Postlet
CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows r ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4  ...)
	NOT-FOR-US: CyrixMED
CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link Exch ...)
	NOT-FOR-US: Automated Link Exchange Portal
CVE-2008-2262
	REJECTED
CVE-2008-2261
	REJECTED
CVE-2008-2260
	REJECTED
CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ob ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, whi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows  ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) f ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) f ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly im ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...)
	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
	REJECTED
CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightS ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCSer ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM Lotus Dom ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-2239
	RESERVED
CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 al ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 al ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom bef ...)
	- blosxom 2.1.2-1 (low; bug #500873)
	[etch] - blosxom 2.0-14+etch1 (low; bug #500873)
CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control informa ...)
	{DSA-1627-2}
	- opensc 0.11.4-4
	NOTE: https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html
CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote at ...)
	- openwsman <itp> (bug #754501)
CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, al ...)
	- openwsman <itp> (bug #754501)
CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local user ...)
	{DSA-1611-1 DTSA-149-1}
	- afuse 0.2-3 (bug #490921; medium)
CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling Ho ...)
	{DSA-1633-1}
	- slash <removed> (medium; bug #484499)
	NOTE: See CVE-2008-2553
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...)
	- reportbug 3.41 (low; bug #484311)
	- reportbug-ng 0.2008.03.28 (low; bug #484474)
	[etch] - reportbug <no-dsa> (Unlikely attack scenario)
CVE-2008-2229
	RESERVED
CVE-2008-2228 (PHP remote file inclusion vulnerability in portfolio/commentaires/dern ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 a ...)
	NOT-FOR-US: OpenKM
CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows re ...)
	NOT-FOR-US: gameCMS
CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, w ...)
	NOT-FOR-US: SazCart
CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...)
	NOT-FOR-US: vShare YouTube Clone
CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...)
	NOT-FOR-US: EQdkp
CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere Applicat ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact Learnin ...)
	NOT-FOR-US: Interact Learning Community Environment
CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C ...)
	NOT-FOR-US: C-News.fr
CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia Commu ...)
	NOT-FOR-US: Nortel Multimedia
CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content Managem ...)
	NOT-FOR-US: CMS Phprojekt
CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in Proje ...)
	NOT-FOR-US: PBCS
CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based Calendar ...)
	NOT-FOR-US: PBCS
CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock Comp ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/foote ...)
	NOT-FOR-US: Maian Links
CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1  ...)
	NOT-FOR-US: Maian Cart
CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/foote ...)
	NOT-FOR-US: Maian Guestbook
CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1 ...)
	NOT-FOR-US: Maian Support
CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows  ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian G ...)
	NOT-FOR-US: Maian Gallery
CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...)
	NOT-FOR-US: Maian Music
CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows rem ...)
	NOT-FOR-US: Maian Music
CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...)
	NOT-FOR-US: Maian Search
CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows r ...)
	NOT-FOR-US: Maian Search
CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader  ...)
	NOT-FOR-US: Maian Uploader
CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...)
	NOT-FOR-US: Maian Recipe
CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4. ...)
	NOT-FOR-US: Maian Weblog
CVE-2008-2199 (PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode. ...)
	NOT-FOR-US: Kmita Mail
CVE-2008-2198 (PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode. ...)
	NOT-FOR-US: Kmita Tellfriend
CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb a ...)
	NOT-FOR-US: Miniweb
CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2. ...)
	NOT-FOR-US: LifeType
CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier  ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas Gossm ...)
	NOT-FOR-US: ScorpNews
CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in IT!C ...)
	NOT-FOR-US: itcms
CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ear ...)
	NOT-FOR-US: pnEncyclopedia
CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online Re ...)
	NOT-FOR-US: Online Rental Property Script
CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allow ...)
	NOT-FOR-US: Online AnServ Auction XL
CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1 ...)
	NOT-FOR-US: EJ3 BlackBook
CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...)
	NOT-FOR-US: Mjguest
CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek Conten ...)
	NOT-FOR-US: Chilek CMS
CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka SMBlo ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 a ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...)
	NOT-FOR-US: powermail extension for TYPO3
CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in c ...)
	NOT-FOR-US: cpLinks
CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quo ...)
	NOT-FOR-US: cpLinks
CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5 ...)
	NOT-FOR-US: SysAid
CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2. ...)
	NOT-FOR-US: LifeType
CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, w ...)
	NOT-FOR-US: phpDirectorySource
CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in Zomp ...)
	NOT-FOR-US: Zomplog
CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PH ...)
	NOT-FOR-US: Gamma Scripts BlogMe PHP
CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal She ...)
	NOT-FOR-US: Animal Shelter Manager
CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...)
	NOT-FOR-US: Yamaha routers
CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote attacker ...)
	NOT-FOR-US: Hitachi GR routers
CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote attacker ...)
	NOT-FOR-US: AlaxalA AX routers
CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers t ...)
	NOT-FOR-US: Century routers
CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to  ...)
	NOT-FOR-US: Avici routers
CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier a ...)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch4 (low)
	NOTE: This is really a browser issue. Recent apache versions add a workaround.
CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows re ...)
	NOT-FOR-US: ZyXEL ZyWALL
CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun J ...)
	NOT-FOR-US: Sun Java System
CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cis ...)
	NOT-FOR-US: Cisco Building Broadband Service Manager (BBSM) Captive Portal
CVE-2008-2164
	RESERVED
CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 befor ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in manage_user_create. ...)
	- mantis 1.0.8-4.1 (bug #481504)
CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...)
	- uudeview 0.5.20-3.1 (low; bug #480972)
	[etch] - uudeview <no-dsa> (Minor issue)
	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
	- pan <not-affected> (Code patched to use g_mkstemp)
	NOTE: See CVE-2004-2265, where the problem occured as well
CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in the admi ...)
	- python-django 0.96.2-1 (bug #481164; low)
	[etch] - python-django 0.95.1-1etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6 ...)
	NOT-FOR-US: SonicWall Email Security
CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...)
	NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows
CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image  ...)
	NOT-FOR-US: Microsoft Windows CE 5.0
CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ev ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line Interface pr ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows all ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2156
	RESERVED
CVE-2008-2155
	RESERVED
CVE-2008-2154 (IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-2153
	RESERVED
CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in sal/rtl/source/ ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-2151
	RESERVED
CVE-2008-2150
	RESERVED
CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2 ...)
	{DSA-1634-1}
	- wordnet 1:3.0-10 (bug #481186)
	NOTE: wordnet can be used as a backend to web applications
CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and o ...)
	- linux-2.6 2.6.25-3 (bug #481195)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allo ...)
	NOT-FOR-US: Novell Client 4.91 SP4
CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun  ...)
	NOT-FOR-US: Solaris print service
CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cac ...)
	NOT-FOR-US: Microsoft Outlook Web Access (OWA)
CVE-2008-2141
	RESERVED
CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin i ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not r ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote attacker ...)
	NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g
CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d, part of 2.6.25.3
CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux k ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02, part of 2.6.25.3
CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0 ...)
	NOT-FOR-US: VisualShapers ezContents
CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to  ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in Tru- ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...)
	NOT-FOR-US: Systementor PostcardMentor
CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows rem ...)
	NOT-FOR-US: mvnForum
CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...)
	NOT-FOR-US: iGaming
CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when magi ...)
	NOT-FOR-US: Galleristic
CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...)
	NOT-FOR-US: Faethon
CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon  ...)
	NOT-FOR-US: Faethon
CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 all ...)
	NOT-FOR-US: Tux CMS
CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2. ...)
	NOT-FOR-US: Musicbox
CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS al ...)
	NOT-FOR-US: fipsASP
CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Tran ...)
	NOT-FOR-US: WGate
CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 2004 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Editio ...)
	- asterisk 1.4
	NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Pro ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ScriptsE ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in S ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1 ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allow ...)
	NOT-FOR-US: PHPEasyData
CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to cre ...)
	- fnord 1.7-1 (low)
CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) fi ...)
	- emacs22 22.2+2-3 (low; bug #480885)
	- xemacs21-packages 2009.02.17-1 (low; bug #480886)
	[etch] - xemacs21-packages <no-dsa> (Minor issue)
	[lenny] - xemacs21-packages <no-dsa> (Minor issue)
	[etch] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	- emacs21 21.4a+1-5.5 (low; bug #480877)
	[etch] - emacs21 <no-dsa> (Minor issue)
CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allow ...)
	{DSA-1819-1 DTSA-132-1}
	- vlc 0.8.6.e-2.2 (low; bug #480724)
	NOTE: https://trac.videolan.org/vlc/ticket/1578
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
	REJECTED
CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and r ...)
	NOT-FOR-US: Sun Ray Kiosk Mode
CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlie ...)
	NOT-FOR-US: Yahoo Assistant
CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager  ...)
	NOT-FOR-US: QTOFileManager
CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent atta ...)
	- libid3tag 0.15.1b-8 (low; bug #480187)
	[etch] - libid3tag <no-dsa> (Minor issue)
	NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5,  ...)
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: http://web.archive.org/web/20120118120046/http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5,  ...)
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated user ...)
	NOT-FOR-US: Call of Duty
CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3 ...)
	- bugzilla 3.0.4-1 (low)
	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users wit ...)
	- bugzilla <not-affected> (regression introduced in 3.1.3 referring to upstream)
CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later  ...)
	- bugzilla 3.0.4-1 (low; bug #480190)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-2102
	RESERVED
CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware  ...)
	NOT-FOR-US: VMware ESX
CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...)
	- vmware-package <removed> (low; bug #485919)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...)
	- vmware-package <not-affected> (Windows issue according to CVE)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
	- vmware-package <removed> (low; bug #484491)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
	NOT-FOR-US: Vmware ESX/i
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers  ...)
	NOT-FOR-US: BackLinkSpider
CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook (com_flip ...)
	NOT-FOR-US: FlippingBook
CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for X ...)
	NOT-FOR-US: XOOPS
CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) componen ...)
	NOT-FOR-US: JOOMLA extra component
CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause  ...)
	NOT-FOR-US: Linksys SPA-2102 Phone Adapter
CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6 ...)
	NOT-FOR-US: Kubelance
CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun S ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun S ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2  ...)
	NOT-FOR-US: PHP Forge
CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host D ...)
	NOT-FOR-US: Softbiz Web Host Directory Script
CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ea ...)
	- openjdk-6 <not-affected> (browser plugin is different code base)
	- sun-java5 <removed>
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-10-1
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
	NOT-FOR-US: MyArticles
CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
	NOT-FOR-US: Prozilla Hosting
CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x ...)
	NOT-FOR-US: Siteman
CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 allow ...)
	NOT-FOR-US: Siteman
CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfr ...)
	NOT-FOR-US: NASA Goddard Space Flight Center Common Data Format (CDF) library
CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, a ...)
	{DSA-1608-1 DTSA-150-1}
	- mysql-dfsg-5.0 5.0.51a-10 (low; bug #480292)
CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to "access ...)
	- robocode 1.6.0~beta2-1 (low)
CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown imp ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts Actual ...)
	NOT-FOR-US: ActualScripts
CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0  ...)
	NOT-FOR-US: AstroCam
CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...)
	NOT-FOR-US: Harris Yusuf Arifin Harris Wap Chat 1.0
CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...)
	NOT-FOR-US: vlbook
CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual Desig ...)
	NOT-FOR-US: vlbook
CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM  ...)
	NOT-FOR-US: cPanel
CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 be ...)
	NOT-FOR-US: cPanel
CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ...)
	- wordpress 2.5.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remo ...)
	NOT-FOR-US: miniBB
CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2 ...)
	NOT-FOR-US: miniBB
CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site S ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have u ...)
	{DSA-1580-1}
	- phpgedview 4.1.e+4.1.5-1
CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...)
	NOT-FOR-US: Joovili
CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: Cisco Real-Time Information Server (RIS) Data Collector service
CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco Unif ...)
	NOT-FOR-US: Cisco Computer Telephony Integration (CTI) Manager service
CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5 ...)
	NOT-FOR-US: Cisco
CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive Securit ...)
	NOT-FOR-US: Cisco
CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...)
	NOT-FOR-US: Cisco
CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 th ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...)
	NOT-FOR-US: E-Post Mail Server
CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in A ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remot ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia Sit ...)
	NOT-FOR-US: Softpedia
CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community Edit ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the demoSessio ...)
	NOT-FOR-US: netOffice Dwins
CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel,  ...)
	NOT-FOR-US: cPanel
CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media a ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
	{DSA-1578-1 DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://www.php.net/ChangeLog-5.php
	NOTE: http://web.archive.org/web/20120524033327/http://www.sektioneins.de/advisories/SE-2008-03.txt
CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP bef ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: php4 not affected, the vulnerable code isn't present
	NOTE: http://www.php.net/ChangeLog-5.php
CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8. ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-2039
	REJECTED
CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in Turn ...)
	NOT-FOR-US: Tunkey WebTools
CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts  ...)
	NOT-FOR-US: EidteurScripts
CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allo ...)
	NOT-FOR-US: Koobi Pro
CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) Bac ...)
	NOT-FOR-US: Bluemoon
CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...)
	NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
CVE-2008-2033
	REJECTED
CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote attacker ...)
	NOT-FOR-US: Acritum Femitter Server
CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: VicFTPS
CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5  ...)
	NOT-FOR-US: FirePass
CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2)  ...)
	NOT-FOR-US: miniBB
CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, al ...)
	NOT-FOR-US: miniBB
CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authenti ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9 ...)
	- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
	[lenny] - libstruts1.2-java <no-dsa> (Minor issue)
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, a ...)
	NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 all ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software M ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote attack ...)
	NOT-FOR-US: Lhaplus
CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly gener ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 HF ...)
	NOT-FOR-US: PHPizabi
CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System  ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management S ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX co ...)
	NOT-FOR-US: WatchFire
CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial o ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes / hangs not treated as security issues
CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 throu ...)
	NOT-FOR-US: pnFlashGames
CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 modul ...)
	NOT-FOR-US: PostSchedule
CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail Enquirie ...)
	NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget
CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2  ...)
	NOT-FOR-US: Windows
CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for underpopulat ...)
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-4 (bug #482039)
	[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	NOTE: additional hardening features have already been added to the unstable
	NOTE: packages that would be useful to have in stable, so proposing as spu/ospu
CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean Studi ...)
	NOT-FOR-US: Cerulean Studios Trillian Basic
CVE-2008-2007
	REJECTED
CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-as ...)
	NOT-FOR-US: Apple iCal
CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before  ...)
	NOT-FOR-US: SuiteLink
CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw d ...)
	{DTSA-133-1}
	- qemu 0.9.1-5
	- kvm 66+dfsg-1.1 (bug #481204)
	- xen-3 3.4.0-1 (bug #490409)
	- xen-unstable <removed> (bug #490411)
	- xen-3.0 <removed>
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web docu ...)
	NOT-FOR-US: BadBlue
CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...)
	NOT-FOR-US: Motorola software
CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote attacker ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9. ...)
	NOT-FOR-US: Windows specific
CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 be ...)
	NOT-FOR-US: IBM DB2
CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...)
	- licq 1.3.5-6 (low; bug #479036)
	[etch] - licq <no-dsa> (Minor issue)
CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a  ...)
	NOT-FOR-US: Sun Java System Directory Proxy Server
CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ( ...)
	- acon 1.0.5-6.1 (low; bug #475733)
CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...)
	NOT-FOR-US: Acidcat
CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mai ...)
	NOT-FOR-US: Acidcat
CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...)
	NOT-FOR-US: Acidcat
CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remo ...)
	NOT-FOR-US: Acidcat
CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...)
	NOT-FOR-US: Flash Chat
CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in  ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in EncapsGaller ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog  ...)
	NOT-FOR-US: PixelMotion
CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2. ...)
	NOT-FOR-US: DigitalHive
CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure C ...)
	NOT-FOR-US: eTrust
CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (A ...)
	NOT-FOR-US: Advanced Electron Forum (AEF)
CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0 ...)
	NOT-FOR-US: Wordpress Spreadsheet plugin
CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x befor ...)
	NOT-FOR-US: e-publish
CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1 ...)
	NOT-FOR-US: e-publish
CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5. ...)
	NOT-FOR-US: Ubercart
CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the Internationaliz ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modu ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...)
	NOT-FOR-US: E-RESERV
CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allow ...)
	NOT-FOR-US: SubEdit Player
CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user accoun ...)
	NOT-FOR-US: Exponent CMS
CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified  ...)
	NOT-FOR-US: phShoutBox
CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure permissi ...)
	NOT-FOR-US: muCommander
CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 a ...)
	NOT-FOR-US: Cezanne
CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authe ...)
	NOT-FOR-US: Cezanne
CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cez ...)
	NOT-FOR-US: Cezanne
CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in t ...)
	NOT-FOR-US: Windows specific
CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in rcplaunche ...)
	NOT-FOR-US: Lotus Expeditor
CVE-2008-1964
	- xine-lib <not-affected> (nsf support disabled by maintainer)
	NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
	NOTE: while copyright is 100 bytes long (+ padding for chunks)
CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in Q ...)
	NOT-FOR-US: Quate Grape Web Statistics
CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remo ...)
	NOT-FOR-US: Aterr
CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0 ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...)
	NOT-FOR-US: ContRay
CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media functio ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in admin/ ...)
	NOT-FOR-US: Tr Script News
CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows r ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ...)
	{DSA-1564-1}
	- wordpress 2.2.3-1
	NOTE: http://trac.wordpress.org/ticket/4748
	NOTE: fixed in DSA-1564-1
CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function (cor ...)
	{DSA-1583-1 DSA-1582-1}
	- peercast 0.1218+svn20080104-1.1 (medium; bug #478573)
	- gnome-peercast <removed>
	NOTE: etch version tested with PoC, affected
CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kron ...)
	{DSA-1560-1}
	- kronolith2 2.1.8-1
CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...)
	NOT-FOR-US: Wikepage Opus
CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER  ...)
	NOT-FOR-US: Martin BOUCHER MyBoard
CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...)
	NOT-FOR-US: Web Calendar Pro
CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1. ...)
	NOT-FOR-US: Sitedesigner
CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in  ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
	NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed)
CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script  ...)
	NOT-FOR-US: Red Hat issue
CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libg ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c  ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (medium)
	- gnutls26 2.2.5-1 (medium)
CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 throug ...)
	{DSA-1593-1}
	- tomcat5.5 5.5.26-3 (low; bug #484643)
	- tomcat5 <removed>
CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2. ...)
	- coreutils 5.93-1
CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which  ...)
	{DSA-1799-1}
	- qemu 0.9.1-5 (low; bug #526013)
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtu ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11 ...)
	- linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1 (bug #478133)
CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow r ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...)
	NOT-FOR-US: Sony firmware
CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when  ...)
	- moin 1.6.3-1
	[etch] - moin <not-affected> (1.5.x is not affected)
	NOTE: acl_hierarchic was introduced in 1.6.0
	NOTE: userform processing issue was introduced in 1.6.1
CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows r ...)
	NOT-FOR-US: Classifieds Caffe
CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...)
	NOT-FOR-US: Filiale
CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1  ...)
	NOT-FOR-US: Crazy Goomba
CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Zune
CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTK ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6. ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1929
	RESERVED
CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause  ...)
	- libimager-perl 0.64-1
CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in uti ...)
	{DTSA-126-1}
	- util-linux 2.13.1.1-1 (low; bug #478135)
	[etch] - util-linux <not-affected> (Audit support not available in Etch's version)
CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72 ...)
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...)
	- sarg 2.2.4-1
CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th Av ...)
	NOT-FOR-US: 5th Avenue Shopping Cart
CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the Persona ...)
	NOT-FOR-US: ICQ
CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...)
	NOT-FOR-US: YourFreeWorld Apartment Search Script
CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6. ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allo ...)
	NOT-FOR-US: AMFPHP
CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5. ...)
	NOT-FOR-US: Ubercart (drupal module)
CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...)
	NOT-FOR-US: BlogWorx
CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of  ...)
	- wordpress 2.5.1-1 (medium; bug #477910)
	NOTE: only exploitable in blogs that allow user registering
	[etch] - wordpress <not-affected> (Vulnerable code was introduced in 2.5)
CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent attac ...)
	{DSA-1556-2}
	- perl 5.10.0-1 (bug #454792)
CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and u ...)
	- inspircd 1.1.18+dfsg-1 (low)
CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running  ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5.2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79fe2890d28076d9406f7032198109ecd22866a6
CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt Messenger
CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...)
	NOT-FOR-US: Lasernet CMS
CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earl ...)
	NOT-FOR-US: DivX Player
CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 b ...)
	NOT-FOR-US: 1024 CMS
CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in  ...)
	NOT-FOR-US: Borland InterBase
CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPK ...)
	NOT-FOR-US: PHPKB
CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1907 (Multiple SQL injection vulnerabilities in functions/display_page.func. ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Ne ...)
	NOT-FOR-US: Nero MediaHome
CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_coo ...)
	NOT-FOR-US: CcMail
CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz New ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user o ...)
	- aptlinex 0.91-1 (low; bug #476572)
	NOTE: the user gets a confirmation dialog
CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files v ...)
	- aptlinex 0.91-1 (medium; bug #476588)
	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote  ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1899
	RESERVED
CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed  ...)
	NOT-FOR-US: Microsoft Works
CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2 ...)
	{DSA-1563-1}
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communit ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and e ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/log ...)
	NOT-FOR-US: BusinessObjects InfoView
CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online Ban ...)
	NOT-FOR-US: W2B Online Banking
CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-sc ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier ...)
	- ruby1.8 1.8.7.22-1 (unimportant)
	- ruby1.9 1.9.0.2-1 (unimportant)
	NOTE: corner-case only exploitable if web application is run on windows fs
CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...)
	NOT-FOR-US: Jom Comment for Joomla!
CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2 ...)
	NOT-FOR-US: XplodPHP AutoTutorials
CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoi ...)
	NOT-FOR-US: Windows
CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetwo ...)
	NOT-FOR-US: CDNetworks Nefficient Download
CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX c ...)
	NOT-FOR-US: NeffyLauncher
CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 200 ...)
	NOT-FOR-US: Wikepage
CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1882
	RESERVED
CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function (modules/demux/su ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #477805)
CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on Gento ...)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Firebird 1.5 no longer supported, see last DSA)
	- firebird2.0 2.0.3.12981.ds1-14 (bug #481389)
	NOTE: on debian after the installation firebird2.0-super is disabled, to enable it
	NOTE: you need to call dpkg-reconfigure
CVE-2008-1879
	RESERVED
CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ( ...)
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
	- egroupware 1.4.004-2.dfsg-1 (bug #476977)
CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic 0.3. ...)
	NOT-FOR-US: VisualPic
CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ( ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.0 ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message featur ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher  ...)
	NOT-FOR-US: Comdev News Publisher
CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links Dir ...)
	NOT-FOR-US: Scriptsagent.com
CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earl ...)
	NOT-FOR-US: PIGMy-SQL
CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote attack ...)
	NOT-FOR-US: Site Sift Listings
CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does no ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...)
	NOT-FOR-US: openmosix-tools
CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers all ...)
	NOT-FOR-US: Prozilla Freelancers
CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat Scri ...)
	NOT-FOR-US: Prozilla Cheat Script
CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the QUE ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and  ...)
	NOT-FOR-US: LokiCMS
CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare allow ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 an ...)
	NOT-FOR-US: 724Networks 724CMS
CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...)
	NOT-FOR-US: Mole
CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not requi ...)
	NOT-FOR-US: LinPHA
CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...)
	NOT-FOR-US: McAfee
CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in  ...)
	NOT-FOR-US: SmarterMail Web Server
CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, an ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, an ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Om ...)
	NOT-FOR-US: Omnistar Interactive OSI Affiliate
CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer (c ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! component
CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joo ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla!
CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...)
	NOT-FOR-US: phpAddressBook
CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not en ...)
	NOT-FOR-US: SAP
CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not f ...)
	- mksh 33.4-1 (low)
	[etch] - mksh 28.0-3
CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows r ...)
	NOT-FOR-US: W2B phpHotResources
CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka Datin ...)
	NOT-FOR-US: W2B DatingClub
CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node Man ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in b ...)
	NOT-FOR-US: Coppermine
CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery  ...)
	NOT-FOR-US: Coppermine
CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in module/main.ph ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System 3. ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 a ...)
	- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
	- swfdec0.6 0.6.4-1 (low)
	- swfdec0.5 <removed> (low; bug #477037)
CVE-2008-1833 (Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allow ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown  ...)
	NOT-FOR-US: Flip4Mac
CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supp ...)
	- dbmail 2.2.9
CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in sr ...)
	{DSA-1586-1 DTSA-128-1}
	- xine-lib 1.1.12-2 (medium; bug #476990)
	NOTE: not patched but disabled in testing/unstable
CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder componen ...)
	NOT-FOR-US: Oracle Siebel Enterprise
CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1829 (Unspecified vulnerability in the PeopleSoft HCM Recruiting component i ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1828 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1827 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1826 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1825 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2008-1824 (Unspecified vulnerability in the Oracle Dynamic Monitoring Service com ...)
	NOT-FOR-US: Oracle
CVE-2008-1823 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1822 (Unspecified vulnerability in the Oracle Application Express component  ...)
	NOT-FOR-US: Oracle
CVE-2008-1821 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-1820 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2008-1819 (Unspecified vulnerability in the Oracle Net Services component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-1818 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-1817 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1816 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2008-1815 (Unspecified vulnerability in the Change Data Capture component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-1814 (Unspecified vulnerability in the Oracle Secure Enterprise Search or Ul ...)
	NOT-FOR-US: Oracle
CVE-2008-1813 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager component i ...)
	NOT-FOR-US: Oracle
CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has unsp ...)
	NOT-FOR-US: Oracle
CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 o ...)
	NOT-FOR-US: SAP MaxDB
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dep ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (low; bug #485841)
CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ar ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent at ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versi ...)
	NOT-FOR-US: Skype
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not pr ...)
	{DTSA-173-1}
	- snort 2.7.0-20 (low; bug #483160)
	[lenny] - snort 2.7.0-20.2 (low; bug #483160)
	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in RDes ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in rdeskt ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5 ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Di ...)
	NOT-FOR-US: DivXDB
CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75  ...)
	NOT-FOR-US: sabros.us
CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php i ...)
	NOT-FOR-US: Dragoon
CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before bu ...)
	NOT-FOR-US: Secure Computing Webwasher
CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, whic ...)
	- comix 3.6.4-1.1 (unimportant)
	NOTE: only exploitable with insecure umask settings
CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Acad ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform Dru ...)
	NOT-FOR-US: Webform Drupal module
CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Sma ...)
	NOT-FOR-US: Smart
CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in th ...)
	NOT-FOR-US: Flickr Drupal module
CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and  ...)
	NOT-FOR-US: My Gaming Ladder
CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows r ...)
	NOT-FOR-US: iScripts
CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows remo ...)
	NOT-FOR-US: Prozilla Forum
CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers  ...)
	NOT-FOR-US: Prozilla Entertainers
CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Po ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in mu ...)
	NOT-FOR-US: CA products
CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users t ...)
	NOT-FOR-US: Prozilla Top 100
CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform administrativ ...)
	NOT-FOR-US: Prozilla Topsites
CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...)
	NOT-FOR-US: Prozilla Reviews
CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector  ...)
	NOT-FOR-US: Advanced Software Engineering ChartDirector
CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a  ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning engi ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitra ...)
	- cecilia 2.0.5-2.1 (low; bug #476321)
	[etch] - cecilia <no-dsa> (Minor issue)
CVE-2008-1781
	REJECTED
CVE-2008-1780 (Unspecified vulnerability in the labeled networking functionality in S ...)
	NOT-FOR-US: Solaris
CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a d ...)
	NOT-FOR-US: Solaris
CVE-2008-1778 (Unspecified vulnerability in the floating point context switch impleme ...)
	NOT-FOR-US: Solaris
CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell eDirecto ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1776 (PHP remote file inclusion vulnerability in modules/basicfog/basicfogfa ...)
	NOT-FOR-US: PhpBlock
CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine  ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remo ...)
	NOT-FOR-US: Pligg
CVE-2008-1773 (PHP remote file inclusion vulnerability in includes/header.inc.php in  ...)
	NOT-FOR-US: Dragoon
CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media Serve ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX contro ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service  ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (low; bug #478140)
CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #478140)
CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-d ...)
	{DSA-1589-1}
	- libxslt 1.1.24-1 (bug #482664)
CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknow ...)
	- phpbb3 3.0.1-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and poss ...)
	NOT-FOR-US: Adobe
CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and  ...)
	NOT-FOR-US: Opera
CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in B ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script  ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows  ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP all ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ConcoursP ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine  ...)
	NOT-FOR-US: Sun
CVE-2008-1755 (Directory traversal vulnerability in the showSource function in showSo ...)
	NOT-FOR-US: World of Phaos
CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the Deploym ...)
	NOT-FOR-US: Symantec
CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in system/workplace/admin/wor ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: ezRADIUS
CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail a ...)
	NOT-FOR-US: Ksemail
CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earl ...)
	NOT-FOR-US: LiveCart
CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8 ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before  ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1  ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager (C ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x  ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco Unifi ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in Ci ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in Ci ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) a ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before 6.0( ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a de ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behaviou ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain para ...)
	NOT-FOR-US: Comodo Firewall
CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to  ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux mi ...)
	NOT-FOR-US: PHP Toolkit (Gentoo specific)
CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in t ...)
	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in Predicti ...)
	NOT-FOR-US: Prediction Football
CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not pro ...)
	NOT-FOR-US: Drupal module Simple Access
CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts Galle ...)
	NOT-FOR-US: ARWScripts Gallery Script Lite
CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, wh ...)
	NOT-FOR-US: Drupal 6 (not packaged yet)
CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows re ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access  ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when mag ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E ...)
	NOT-FOR-US: ActiveX
CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer metho ...)
	NOT-FOR-US: ActiveX
CVE-2008-1723
	RESERVED
CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) filter/im ...)
	{DSA-1625-1}
	- cups 1.3.7-2 (medium; bug #476305)
	- cupsys 1.3.7-2 (medium; bug #476305)
CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2  ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET  ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, a ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community Framewor ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and e ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when  ...)
	NOT-FOR-US: FaScript FaPhoto
CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attack ...)
	NOT-FOR-US: NoticeWare Email Server
CVE-2008-1712 (PHP remote file inclusion vulnerability in includes/functions_weblog.p ...)
	NOT-FOR-US: mx_blogs
CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores p ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-ass ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field t ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows  ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB 06. ...)
	NOT-FOR-US: IBM solidDB
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux  ...)
	{DSA-1588-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <not-affected>
	NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x,
	NOTE: but fixed in git, so marking as fixed in 2.6.26-1
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a parame ...)
	- tss <removed> (medium; bug #475747; bug #475736)
CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xatt ...)
	{DSA-1545-1}
	- rsync 3.0.2-1
	NOTE: Etch is affected (it enables the acl upstream patch)
	NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...)
	NOT-FOR-US: TIBCO
CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, a ...)
	NOT-FOR-US: TIBCO
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery 2 ...)
	NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service (ABEN ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...)
	NOT-FOR-US: Desi Quintans Writer's Block CMS
CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gall ...)
	NOT-FOR-US: Simple Gallery
CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network No ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...)
	NOT-FOR-US: DaZPHPNews
CVE-2008-1695
	RESERVED
CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local use ...)
	- emacs21 21.4a+1-5.6 (low; bug #476612)
	[etch] - emacs21 <no-dsa> (Minor issue)
	- emacs22 22.2+2-2 (low; bug #476611)
	- xemacs21 21.4.21-4 (low; bug #476613)
	[etch] - xemacs21 <no-dsa> (Minor issue)
CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler, possi ...)
	{DSA-1606-1 DSA-1548-1}
	- xpdf 3.02
	- poppler 0.6.4-1 (bug #476842)
	- kdegraphics <not-affected> (Vulnerable code not present)
	- texlive-bin <not-affected> (code already has the needed fix)
	NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
	NOTE: a stream or not. Anyone knows a fixed version?
	- texlive-base <not-affected> (Vulnerable code not present)
	- swftools <not-affected> (Vulnerable file/code not present)
CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...)
	- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earl ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earli ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earl ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow context- ...)
	- m4 <unfixed> (unimportant)
	NOTE: The file name is passed through a cmdline argument and m4 doesn't run with
	NOTE: elevated privileges.
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1. ...)
	- m4 <unfixed> (unimportant)
	NOTE: This is more a generic bug and not a security issue: the random output would
	NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in libf ...)
	{DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1}
	- speex 1.2~beta2-1 (medium)
	- libfishsound 0.7.0-2.2 (medium; bug #475152)
	- xine-lib 1.1.12-1 (medium)
CVE-2008-1685
	- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
	NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local u ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1683
	REJECTED
CVE-2008-1682 (PHP remote file inclusion vulnerability in quiz/common/db_config.inc.p ...)
	NOT-FOR-US: com_onlineflashquiz component for Joomla!
CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ha ...)
	NOT-FOR-US: IBM DB2IBM DB2
CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configurat ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3 allow c ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1678 (Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...)
	{DTSA-131-1}
	- apache2 2.2.8-4
	[etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate Sys ...)
	NOT-FOR-US: Red Hat Issue
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux k ...)
	- linux-2.6 2.6.25-2 (low)
	[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: Fixed in 2.6.24.6 and 2.6.25.1
CVE-2008-1674
	REJECTED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 an ...)
	{DSA-1592-1}
	- linux-2.6 2.6.25-5 (bug #485944)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root,  ...)
	{DSA-1867-1}
	- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
	[etch] - kdelibs <no-dsa> (Minor issue)
CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader (decode ...)
	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
	- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection mecha ...)
	{DSA-1575-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns u ...)
	NOT-FOR-US: wu-ftpd in HP-UX
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European Performan ...)
	NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.0 ...)
	NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Acti ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allo ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager (SAM ...)
	NOT-FOR-US: HP System Administration Manager
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Stora ...)
	NOT-FOR-US: HP StorageWorks
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B. ...)
	NOT-FOR-US: HP-UX
CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allo ...)
	NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper (polkit-grant-helper.c ...)
	- policykit-1 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated user ...)
	- openssh 1:4.7p1-8 (low; bug #475156)
	[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ac ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and  ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager  ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple funct ...)
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 a ...)
	NOT-FOR-US: EasyNews
CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0  ...)
	NOT-FOR-US: EasyNews
CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in staticpages/easypublish/in ...)
	NOT-FOR-US: EasyNews
CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service  ...)
	{DSA-1600-1}
	- sympa 5.3.4-4 (medium; bug #475163)
CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 Act ...)
	NOT-FOR-US: ChilkatHttp
CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2  ...)
	NOT-FOR-US: WP-Download plugin for WordPress
CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager (phpSM ...)
	NOT-FOR-US: phpSpamManager
CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2. ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.ex ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...)
	NOT-FOR-US: Sava's GuestBook
CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allow ...)
	NOT-FOR-US: EfesTECH Video
CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treff ...)
	NOT-FOR-US: JGS-Treffen
CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows rem ...)
	NOT-FOR-US: Neat weblog
CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for p ...)
	NOT-FOR-US: Nik Sharpener Pro
CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calcula ...)
	{DSA-1544-2 DSA-1544-1}
	- pdns-recursor 3.1.7-1
	NOTE: Fix in 3.1.5 was incomplete, see CVE-2008-3217
CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gal ...)
	NOT-FOR-US: JV2 Quick Gallery
CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It Simpl ...)
	NOT-FOR-US: Keep It Simple Guest Book
CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Ga ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown imp ...)
	- mondo 1:2.2.7-1 (bug #475221)
CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0  ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0  ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...)
	NOT-FOR-US: PHPkrm
CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in  ...)
	{DTSA-123-1}
	- audit 1.5.3-2.1 (medium; bug #475227)
	NOTE: auditd runs as root
CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to de ...)
	NOT-FOR-US: CDS Invenio
CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote atta ...)
	NOT-FOR-US: eggBlog
CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not  ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server 1 ...)
	NOT-FOR-US: Jshop Server
CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash all ...)
	NOT-FOR-US: Smoothflash
CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow r ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow  ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0 ...)
	NOT-FOR-US: ThinClientServer
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers  ...)
	- xen-3 <not-affected> (Debian Xen does not support ia64)
	- xen-unstable <not-affected> (Debian Xen does not support ia64)
	- xen-3.0 <not-affected> (Debian Xen does not support ia64)
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing  ...)
	NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile. ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1616
	RESERVED
CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on AMD6 ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-1 (medium; bug #480390)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a rac ...)
	{DSA-1550-1 DTSA-124-1}
	- suphp 0.6.2-2.1 (low; bug #475431)
CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0. ...)
	NOT-FOR-US: RedDot CMS
CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows at ...)
	{DSA-1646-2}
	- squid 2.6.18-1 (medium)
CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows r ...)
	NOT-FOR-US: TFTP Server for Windows
CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allo ...)
	NOT-FOR-US: TFTP Server Pro
CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another fla ...)
	NOT-FOR-US: JAF CMS
CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows  ...)
	NOT-FOR-US: Clever Copy
CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba  ...)
	NOT-FOR-US: Serbay Arslanhan Bomba Haber
CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1  ...)
	NOT-FOR-US: Elastic Path
CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmm ...)
	NOT-FOR-US: LEADTOOLS
CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 all ...)
	NOT-FOR-US: PerlMailer
CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9  ...)
	NOT-FOR-US: GNB DesignForm
CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...)
	NOT-FOR-US: Orbit downloader
CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...)
	- spamassassin 3.1.7-2
CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI Cit ...)
	NOT-FOR-US: CGI City CC Guestbook
CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly han ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly hand ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 allow ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not prop ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JF ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3,  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips inp ...)
	NOT-FOR-US: PostNuke
CVE-2008-1590 (JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch bef ...)
	NOT-FOR-US: iPhone
CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterpr ...)
	NOT-FOR-US: iPhone
CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows rem ...)
	- webkit <not-affected> (mac-specific issue)
	NOTE: http://trac.webkit.org/changeset/23963
	NOTE: as of 1.1.21, all mac-specific code is no longer even present
CVE-2008-1587
	RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touc ...)
	NOT-FOR-US: Apple ImageIO
CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handle ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically send ...)
	NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attacke ...)
	NOT-FOR-US: Wiki Server Apple Mac OS
CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1577 (Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1576 (Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used,  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1575 (Unspecified vulnerability in the Apple Type Services (ATS) server in A ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1574 (Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows rem ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X bef ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temp ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1571 (Directory traversal vulnerability in the embedded web server in Image  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine  ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0. ...)
	NOT-FOR-US: PJIRC module for phpBB
CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before 1 ...)
	NOT-FOR-US: Dan Costin File Transfer
CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in Wir ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected)
CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.9 ...)
	- wireshark <not-affected> (Only Windows builds are affected according to #1613)
CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal)  ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected)
CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDo ...)
	NOT-FOR-US: Digiappz DigiDomain
CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alp ...)
	NOT-FOR-US: com_alphacontent component for Joomla!
CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in stream/realr ...)
	{DSA-1552-1 DTSA-121-1}
	- mplayer 1.0~rc2-10 (medium; bug #473056)
CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: BolinOS
CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 a ...)
	NOT-FOR-US: BolinOS
CVE-2008-1555 (Directory traversal vulnerability in system/_b/contentFiles/gbincluder ...)
	NOT-FOR-US: BolinOS
CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, whe ...)
	NOT-FOR-US: TopperMod
CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows r ...)
	NOT-FOR-US: TopperMod
CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c)  ...)
	- silc-toolkit 1.1.7-1 (low)
	- silc-client <not-affected> (links against libsilc)
	NOTE: this can't result code execution but only in a crash as data_len - i always results
	NOTE: in -1 and malloc will never succeed and thus not reaching any free
CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module fo ...)
	NOT-FOR-US: RunCMS
CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cu ...)
	NOT-FOR-US: CubeCart
CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface (AB ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser  ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outl ...)
	NOT-FOR-US: Outlook
CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electr ...)
	NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft  ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft  ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management componen ...)
	NOT-FOR-US: Airspan WiMAX ProST
CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its p ...)
	NOT-FOR-US: BSDU
CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Web ...)
	NOT-FOR-US: HIS Webshop
CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3 ...)
	NOT-FOR-US: com_datsogallery module for Joomla!
CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ManageE ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in P ...)
	NOT-FOR-US: PowerScripts PowerBook
CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro  ...)
	NOT-FOR-US: Photo Cart
CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekr ...)
	NOT-FOR-US: com_rekry component for Joomla!
CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b al ...)
	NOT-FOR-US: PowerPHPBoard
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
	NOT-FOR-US: Joomla!
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote at ...)
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd 1.4. ...)
	{DSA-1540-1}
	- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE met ...)
	- iceweasel <not-affected> (old version and CVE)
CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: ScozNet ScozBook
CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNe ...)
	NOT-FOR-US: ScozNet ScozBook
CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores se ...)
	NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System
CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight 0.1.1 ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
	NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
CVE-2008-1569 (policyd-weight 0.1.14 beta-16 and earlier allows local users to modify ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a filen ...)
	- comix 3.6.4-1.1 (low; bug #462840)
	[etch] - comix <no-dsa> (Minor issue)
	NOTE: comix can't be used in a non-interactive setup thus the impact level
CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) passw ...)
	{DSA-1557-1}
	- phpmyadmin 2.11.5.1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/533bb88e32aafc17e754e5ea5e26e9b02b306993
	NOTE: It is a workaround for the limited security that PHP has for
	NOTE: session files on a shared host. This limitation is documented with
	NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
	NOTE: I hence consider it a security enhancement/feature, not a vulnerability.
CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial  ...)
	- gnupg <not-affected> (Only 1.4.8 is affected)
	NOTE: The next upload was 1.4.9-1, so no vulnerable version was ever in the
	NOTE: archive
	[etch] - gnupg <not-affected> (Only 1.4.8 is affected)
	[sarge] - gnupg <not-affected> (Only 1.4.8 is affected)
	- gnupg2 2.0.9-1 (bug #472928)
	[etch] - gnupg2 <not-affected> (Only 2.0.8 is affected)
	[sarge] - gnupg2 <not-affected> (Only 2.0.8 is affected)
CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the admin ac ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers, including P- ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and P-661  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with  ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1520
	RESERVED
CVE-2008-1519
	RESERVED
CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2008-1517 (Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 befo ...)
	NOT-FOR-US: Apple Mac OS X xnu Kernel
CVE-2008-1516
	RESERVED
CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 a ...)
	- otrs2 2.2.5-2
	[etch] - otrs2 <not-affected> (Vulnerable code not present)
	[etch] - otrs <not-affected> (Vulnerable code not present)
	[sarge] - otrs <not-affected> (Vulnerable code not present)
	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions be ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-8
	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earli ...)
	NOT-FOR-US: Danneo CMS
CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme Sty ...)
	NOT-FOR-US: XS module for phpBB
CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 a ...)
	NOT-FOR-US: ooComments
CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in system/workplace/admin/acc ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier ...)
	NOT-FOR-US: XLPortal
CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kont&#246;r and earlier allo ...)
	NOT-FOR-US: EfesTech E-Kontoer
CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account ...)
	NOT-FOR-US: Peel
CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to obtain conf ...)
	NOT-FOR-US: Peel
CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV custompages ( ...)
	NOT-FOR-US: com_custompages component for Joomla!
CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven ph ...)
	NOT-FOR-US: phpMyChat
CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.1 ...)
	- ircd-ircu <not-affected> (Vulnerable code not present)
	NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20
	NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible
CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0. ...)
	NOT-FOR-US: TinyPortal
CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...)
	NOT-FOR-US: cPanel
CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3. ...)
	NOT-FOR-US: Surgemail
CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38 ...)
	NOT-FOR-US: Surgemail
CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earli ...)
	NOT-FOR-US: PEEL
CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in  ...)
	NOT-FOR-US: PEEL
CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage  ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 a ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix phpAddres ...)
	NOT-FOR-US: CoronaMatrix
CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in  ...)
	NOT-FOR-US: ASUS Remote Console
CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4 ...)
	NOT-FOR-US: ImageUploader4
CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC  ...)
	{DSA-1543-1 DTSA-119-1}
	- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3. ...)
	- php-apc <not-affected> (Fixed before initial upload)
CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft  ...)
	NOT-FOR-US: Phorum
CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier a ...)
	NOT-FOR-US: PunBB
CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses predictabl ...)
	NOT-FOR-US: PunBB
CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to hija ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-5 (bug #463011)
CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...)
	{DSA-1586-1 DTSA-120-1}
	- xine-lib 1.1.11.1-1 (medium; bug #472639)
CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1. ...)
	NOT-FOR-US: webSPELL
CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.ne ...)
	NOT-FOR-US: cfnetgs
CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Home FTP Server
CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eF ...)
	NOT-FOR-US: eForum
CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property permission ...)
	- roundup 1.4.4-1.1 (medium; bug #484728)
	[etch] - roundup <not-affected> (xml-rpc code introduced in 1.4.0)
CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unkn ...)
	{DSA-1554-1}
	- roundup 1.3.3-3.1 (low; bug #472643)
CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris Deploymen ...)
	NOT-FOR-US: Symantec Altiris
CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl. ...)
	NOT-FOR-US: ARCserve Backup
CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ F ...)
	NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID R ...)
	NOT-FOR-US: WebID RSA Authentication Agent
CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ph ...)
	NOT-FOR-US: Gallarific
CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu befor ...)
	- namazu2 2.0.18-0.1 (low; bug #472644)
CVE-2008-1467
	- centerim 4.22.3-1 (unimportant; bug #472649)
	NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
	NOTE: the victim can see the complete URL including the commands however so the impact is really low
CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allo ...)
	NOT-FOR-US: W-Agora
CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante (com_restaurant ...)
	NOT-FOR-US: com_restaurante component for Mambo and Joomla!
CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1  ...)
	NOT-FOR-US: Gallarific
CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in Impe ...)
	NOT-FOR-US: Imperva SecureSphere MX Management Server
CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...)
	NOT-FOR-US: XnView
CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2 ...)
	NOT-FOR-US: com_joovideo component for Mambo and Joomla!
CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and e ...)
	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
	NOT-FOR-US: CS-Cart
CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455 (A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3,  ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...)
	NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gol ...)
	NOT-FOR-US: Windows Xp
CVE-2008-1452
	REJECTED
CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1450
	REJECTED
CVE-2008-1449
	REJECTED
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1,  ...)
	{DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
	- bind9 1:9.5.0.dfsg-5 (high)
	NOTE: glibc stub resolver relies on source port randomisation in kernel
	- dnsmasq 2.43-1 (medium; bug #490123)
	- refpolicy 2:0.0.20080702-1
	- pdnsd 1.2.6-par-11 (bug #502275)
	- python-dns 2.3.1-5 (low; bug #490217)
	- dnspython <unfixed> (unimportant; bug #492465)
	NOTE: Just a stub resolver Linux kernel provides source port randomisation
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
	- udns 0.2-1 (bug #493599)
	- libnet-dns-perl 0.63-2 (low; bug #492700)
	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
	NOTE: a kernel which provides source port randomization
	- ruby1.9 1.9.0.2-6 (low)
	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
	NOTE: already use source port randomization.
	NOTE: Marking non-caching stub resolvers as low since these really should be fixed,
	NOTE: but are much less vulnerable than a caching server.
CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI extensi ...)
	NOT-FOR-US: Microsoft
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1443
	REJECTED
CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft In ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does no ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1439
	REJECTED
CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpen ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpen ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...)
	NOT-FOR-US: Windows
CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008 ...)
	NOT-FOR-US: Windows issue
CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP S ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1433
	REJECTED
CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...)
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partit ...)
	NOT-FOR-US: RaidSonic NAS-4220-B firmware
CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote attac ...)
	NOT-FOR-US: ASPapp
CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows re ...)
	- silc-server 1.1.1-1 (medium)
CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5. ...)
	NOT-FOR-US: Ubercart
CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 a ...)
	NOT-FOR-US: com_acajoom component for Joomla!
CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows remo ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in Easy ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1424
	RESERVED
CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in X ...)
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
	REJECTED
CVE-2008-1421
	REJECTED
CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation  ...)
	{DSA-1591-1}
	- libvorbisidec <not-affected> (Vulnerable code not present)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero v ...)
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
	RESERVED
CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2 ...)
	NOT-FOR-US: PHPauction GPL
CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...)
	NOT-FOR-US: SNewsCMS Rus
CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, in ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earl ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Ac ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in E ...)
	NOT-FOR-US: Exero CMS
CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...)
	NOT-FOR-US: phpBP
CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module fo ...)
	NOT-FOR-US: WebChat module for eXV2
CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8  ...)
	NOT-FOR-US: MyAnnonces
CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in fuzzyli ...)
	NOT-FOR-US: fuzzylime
CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) 2 ...)
	NOT-FOR-US: Viso module for eXV2
CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.9 ...)
	NOT-FOR-US: BootManage TFTPD
CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote  ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server (mg ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...)
	NOT-FOR-US: Clansphere
CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 so ...)
	NOT-FOR-US: Check Point VPN
CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server secr ...)
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and pa ...)
	- zope-cmfplone <removed>
	[etch] - zope-cmfplone <no-dsa> (low)
	NOTE: doesn't apply to v3
	NOTE: more a security enhancement
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 enco ...)
	- plone3 <removed> (low; bug #473571; bug #486333)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player 2 ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2. ...)
	NOT-FOR-US: FreeWebShop.org
CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for CU ...)
	- cups 1.1.23-10sarge1
	- cupsys 1.1.23-10sarge1
CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1 ...)
	{DSA-1528-1}
	- serendipity 1.3-1
	NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in  ...)
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
	- wordpress 2.5.0-1 (bug #504243)
	- moodle 1.8.2-1.3 (bug #489533)
CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...)
	{DSA-2058-1}
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- glibc 2.11-1 (low)
	- eglibc 2.11-1 (low)
	[lenny] - glibc <no-dsa> (minor issue)
	NOTE: not sure if it is a security bug, an attacker should not be able to change the format string
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=10600
	NOTE: PoC php -r 'money_format("%.1073741821i",1);' I can reproduce on 32bit, not 64bit
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.1 ...)
	- asterisk 1:1.4.19.1~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows r ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <not-affected> (parsing does not continue on error)
	NOTE: see <20081203184852.GB30968@l03.local>
CVE-2008-1388
	RESERVED
CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of servic ...)
	- clamav 0.92.1~dfsg2-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer i ...)
	- serendipity <not-affected> (Vulnerable code not present)
	NOTE: we do not ship the serendipity installer
CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ref ...)
	- serendipity 1.3.1-1 (low)
	NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent att ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://securityreason.com/achievement_securityalert/52
	NOTE: Only exploitable through malicious script
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or sr ...)
	NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 thr ...)
	- libpng 1.2.26-1 (low; bug #476669)
	NOTE: 1.2.26-1 contains a patch to fix that
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and possib ...)
	{DTSA-130-1}
	- zoneminder 1.23.3-1 (medium; bug #479034)
	NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird  ...)
	{DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1}
	- iceweasel 2.0.0.14-1
	- icedove 2.0.0.14-1
	- iceape 1.1.9-2
	- xulrunner 1.8.1.14-1
CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM extensio ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
	REJECTED
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients fu ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...)
	NOT-FOR-US: Red Hat build script
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in Li ...)
	{DSA-1565-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remo ...)
	{DSA-1625-1 DTSA-122-1}
	- cupsys 1.3.7-1 (medium)
	- cups 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
	- bzip2 1.0.5-0.1 (low; bug #471670)
	[etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake CM ...)
	NOT-FOR-US: Drake CMS
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap B ...)
	NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling function ...)
	- linux-2.6 2.6.24-5 (bug #469058)
	[etch] - linux-2.6 <not-affected> (Only exposed with GCC 4.3)
	- kfreebsd-6 6.3-4 (bug #469564)
	- kfreebsd-7 7.0-2 (bug #469565)
	- gcc-4.3 4.3.0-2 (bug #469567)
	- glibc 2.7-8 (bug #465583)
	[etch] - glibc <not-affected> (Problem only exposed with GCC 4.3)
CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ea ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate Editio ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation 5. ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB  ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies M ...)
	NOT-FOR-US: MDaemon
CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...)
	NOT-FOR-US: McAfee Common Management Agent
CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Deskt ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles Techn ...)
	NOT-FOR-US: Jeebles Directory
CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solut ...)
	NOT-FOR-US: VSO-XP
CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denia ...)
	- zabbix 1:1.4.5-1 (low; bug #471678)
	[etch] - zabbix <no-dsa> (Minor issue)
CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...)
	NOT-FOR-US: EdiorCMS
CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS all ...)
	NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm)  ...)
	NOT-FOR-US: Fully Modded phpBB
CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Ga ...)
	NOT-FOR-US: bamaGalerie
CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite  ...)
	NOT-FOR-US: eWeather module for PHP-Nuke
CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in staticpages/eas ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in My ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_ ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr  ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO U ...)
	NOT-FOR-US: SCO Unixware
CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search feat ...)
	NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFron ...)
	NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation 6 ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1339
	RESERVED
CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier f ...)
	NOT-FOR-US: Timbuktu Pro for Windows
CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows re ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 an ...)
	NOT-FOR-US: NetBSD
CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass auth ...)
	NOT-FOR-US: BT Home Hub router
CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0 ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway
	[sarge] - asterisk <not-affected> (Only 1.6.x affected)
CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access service ...)
	NOT-FOR-US: OmniPCX Office
CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell GroupWis ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve Back ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for Lapt ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) i ...)
	NOT-FOR-US: Gallarific
CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific a ...)
	NOT-FOR-US: Gallarific
CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in Uberghey  ...)
	NOT-FOR-US: Uberghey CMS
CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in Travelsiz ...)
	NOT-FOR-US: Travelsized CMS
CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in WoltLa ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0. ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier d ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earl ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1319 (Untrusted search path and argument injection vulnerability in the Vers ...)
	NOT-FOR-US: Versant Object Database
CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication (IPC) mes ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickT ...)
	NOT-FOR-US: QuickTalk Forum
CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for PHP-Nuke al ...)
	NOT-FOR-US: ZClassifieds module for PHP-Nuke
CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module ...)
	NOT-FOR-US: Johannes Hass gaestebuch
CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and e ...)
	NOT-FOR-US: Bloo
CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap Networks pt ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earl ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap Net ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in Real ...)
	NOT-FOR-US: RealPlayer
CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 modu ...)
	NOT-FOR-US: NukeC30 module for PHP-Nuke
CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in ...)
	NOT-FOR-US: KingSoft Antivirus
CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content M ...)
	NOT-FOR-US: Savvy Content Manager
CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod for ph ...)
	NOT-FOR-US: Filebase mod for phpBb
CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...)
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: referring to upstream this only affected wordpress.com and not the regular wordpress code
CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1301 (Absolute path traversal vulnerability in system/workplace/admin/workpl ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer Setting ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows remot ...)
	NOT-FOR-US: Hadith module for PHP-Nuke
CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting (com_ewriting ...)
	NOT-FOR-US: com_ewriting module for Mambo and Joomla!
CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1 ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka  ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly checki ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root wi ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1290 (ViewVC before 1.0.5 includes "all-forbidden" files within search resul ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18. ...)
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
CVE-2007-6710
	RESERVED
CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ear ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisc ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Links ...)
	NOT-FOR-US: Cisco Linksys
CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows  ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.11-1 (low)
CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite arbitra ...)
	- axyl 2.2.0 (low; bug #471227)
	[sarge] - axyl <not-affected> (Vulnerable code not present)
	[etch] - axyl <not-affected> (Vulnerable code not present)
CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check  ...)
	{DSA-1565-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remot ...)
	- mediawiki 1:1.11.2-1
	[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remot ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3. ...)
	NOT-FOR-US: Sun Javav Web Console
CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF ...)
	NOT-FOR-US: Sun Java Server Faces
CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0 ...)
	{DSA-1519-1}
	- horde3 3.1.7-1 (medium; bug #470640)
CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 all ...)
	NOT-FOR-US: Neptune Web Server
CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...)
	NOT-FOR-US: B21Soft BFup
CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...)
	NOT-FOR-US: Argon Technology Client Management Services
CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acr ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in Ac ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and W ...)
	NOT-FOR-US: Remotely Anywhere
CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and  ...)
	NOT-FOR-US: MailEnable
CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEna ...)
	NOT-FOR-US: MailEnable
CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows loc ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 al ...)
	NOT-FOR-US: imageVue
CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and  ...)
	NOT-FOR-US: BM Classifieds
CVE-2008-1271
	REJECTED
CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilizati ...)
	NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS
CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ...)
	{DSA-1521-1}
	- lighttpd 1.4.19-1
	NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi- ...)
	NOT-FOR-US: Alice Gate 2 Plus router firmware
CVE-2008-1268 (The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware doe ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1267 (The Siemens SpeedStream 6520 router allows remote attackers to cause a ...)
	NOT-FOR-US: Siemens SpeedStream
CVE-2008-1266 (Multiple buffer overflows in the web interface on the D-Link DI-524 ro ...)
	NOT-FOR-US: D-Link router
CVE-2008-1265 (The Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1264 (The Linksys WRT54G router has "admin" as its default FTP password, whi ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1263 (The Linksys WRT54G router stores passwords and keys in cleartext in th ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1262 (The administration panel on the Airspan WiMax ProST 4.1 antenna with 6 ...)
	NOT-FOR-US: Airspan WiMax ProST antenna
CVE-2008-1261 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides diffe ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1260 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxe ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1259 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains auth ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1258 (Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI- ...)
	NOT-FOR-US: D-Link router
CVE-2008-1257 (Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1256 (The ZyXEL P-660HW series router has "admin" as its default password, w ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1255 (The ZyXEL P-660HW series router maintains authentication state by IP a ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1254 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXE ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1253 (Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Lin ...)
	NOT-FOR-US: D-Link router
CVE-2008-1252 (b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W5 ...)
	NOT-FOR-US: Telekom Speedport W500 DSL router
CVE-2008-1251 (Cross-site scripting (XSS) vulnerability in the web interface on the c ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1250 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1249 (snomControl.swf in the central phone server for the Snom 320 SIP Phone ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1248 (The web interface on the central phone server for the Snom 320 SIP Pho ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 do ...)
	NOT-FOR-US: Linksys WRT54g router
CVE-2008-1246
	NOT-FOR-US: Cisco PIX/ASA Finesse Operation System
CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with fi ...)
	NOT-FOR-US: Belkin router
CVE-2008-1244 (cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.0 ...)
	NOT-FOR-US: Belkin router
CVE-2008-1243 (Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router ...)
	NOT-FOR-US: Linksys WRT300N router
CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...)
	NOT-FOR-US: Belkin router
CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMo ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1. ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1239
	RESERVED
CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when gener ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderb ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderb ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 throug ...)
	- tomcat5.5 5.5.26-4 (low; bug #494504)
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2 ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139  ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.10 ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...)
	NOT-FOR-US: MG2
CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in lib/si ...)
	- silc-toolkit 1.1.6-1
CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Ed ...)
	NOT-FOR-US: WebCT Campus Edition
CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in BosClassifi ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers  ...)
	NOT-FOR-US: Dokeos
CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 al ...)
	NOT-FOR-US: Dokeos
CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld  ...)
	NOT-FOR-US: MicroWorld eScan
CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke all ...)
	NOT-FOR-US: 4nChat for PHP-Nuke
CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 mod ...)
	NOT-FOR-US: Kutub-i Sitte for PHP-Nuke
CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not pro ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function i ...)
	NOT-FOR-US: BSD net/userppp
CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allo ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linu ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in Pod ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allow ...)
	NOT-FOR-US: BosDates
CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer's  ...)
	NOT-FOR-US: Programmer's Notepad
CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebCo ...)
	NOT-FOR-US: Xitex WebContent M1
CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check Po ...)
	NOT-FOR-US: CheckPoint VPN-1
CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repos ...)
	NOT-FOR-US: Fujitsu Interstage
CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in Li ...)
	NOT-FOR-US: Linux Kiss Server
CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the Administrat ...)
	NOT-FOR-US: Sun Java System
CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Adobe LiveCycle Workflow
CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flas ...)
	NOT-FOR-US: Adobe Flash CS3 Professional
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote user-assis ...)
	NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5  ...)
	NOT-FOR-US: Red Hat specific
CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with firm ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK  ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library i ...)
	- sun-java6 6-05-1 (unimportant)
	- sun-java5 1.5.0-15-1 (unimportant)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing Li ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Up ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Updat ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Updat ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 <not-affected> (No more information by sun)
CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ea ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web  ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JD ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime  ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime  ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before  ...)
	- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax L ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense befo ...)
	NOT-FOR-US: BSD Perimeter pfSense
CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote ...)
	NOT-FOR-US: Juniper
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.c ...)
	NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in include/common/ ...)
	- centreon-web <itp> (bug #913903)
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...)
	- centreon-web <itp> (bug #913903)
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market (af ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in  ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1175 (Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allo ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1174 (Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX  ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1173 (Cross-site scripting (XSS) vulnerability in account-inbox.php in Torre ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1172 (Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1171
	NOT-FOR-US: 123 Flash Chat Module for phpBB
CVE-2008-1170 (Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow ...)
	NOT-FOR-US: KCWiki
CVE-2008-1169 (Directory traversal vulnerability in the embedded HTTP server in SCI P ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Gene ...)
	- sarg 2.2.5-1
CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c i ...)
	- sarg 2.2.4-1
CVE-2008-1166 (Flyspray 0.9.9.4 generates different error messages depending on wheth ...)
	- flyspray <removed>
CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9  ...)
	- flyspray <removed>
CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows remot ...)
	NOT-FOR-US: phpComasy CMS
CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0 throug ...)
	NOT-FOR-US: phpArcadeScript
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Pho ...)
	NOT-FOR-US: phpwebscript
CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...)
	{DSA-1536-1}
	- xine-lib 1.1.10.1-1 (medium)
CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra p ...)
	NOT-FOR-US: ZyXEL ZyWALL 1050
CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12 ...)
	NOT-FOR-US: Cisco ssh server
CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before 6.0( ...)
	NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a  ...)
	NOT-FOR-US: Cisco IPM
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network (MV ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3. ...)
	NOT-FOR-US: Cisco
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified C ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the I ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through 12. ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS befo ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters  ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5-1 (low)
	[etch] - phpmyadmin <no-dsa> (Minor issue)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c57b39bed91f06d574a95d8a5a091e5e59492d69
	NOTE: SQL injection if you can set local cookies, which means
	NOTE: you must be able to create pages in the same cookie domain, which seems
	NOTE: rare and unwise. low priority.
CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses AD ...)
	NOT-FOR-US: OpenBSD / NetBSD
CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses XO ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <removed> (bug #559107)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses XO ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with firm ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1143
	RESERVED
CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allo ...)
	NOT-FOR-US: DESlock+
CVE-2008-1140 (DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users ...)
	NOT-FOR-US: DESlock+
CVE-2008-1139 (DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys ...)
	NOT-FOR-US: DESlock+
CVE-2008-1138 (DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users  ...)
	NOT-FOR-US: DESlock+
CVE-2008-1137 (SQL injection vulnerability in the Garys Cookbook (com_garyscookbook)  ...)
	NOT-FOR-US: com_garyscookbook component for Mambo and Joomla!
CVE-2008-1136 (The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through  ...)
	- vdccm <removed>
CVE-2008-1135 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates diff ...)
	NOT-FOR-US: OMEGA
CVE-2008-1134 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authe ...)
	NOT-FOR-US: OMEGA
CVE-2008-1133 (The Drupal.checkPlain function in Drupal 6.0 only escapes the first in ...)
	- drupal5 <not-affected> (Vulnerable code introduced in 6.x)
CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client fo ...)
	NOT-FOR-US: WebSphere
CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 410 ...)
	NOT-FOR-US: F5 FirePass
CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...)
	- vdccm <removed>
CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka r ...)
	NOT-FOR-US: FS4104-AW firmware
CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...)
	NOT-FOR-US: Uploader
CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before R ...)
	NOT-FOR-US: Novell GroupWise
CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to o ...)
	NOT-FOR-US: XOOPS
CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWe ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sens ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the Sp ...)
	NOT-FOR-US: Splatt Forum module for PHP-Nuke
CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased gue ...)
	NOT-FOR-US: Filebased guestbook
CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1 ...)
	{DSA-1516-1}
	- dovecot 1:1.0.13-1
	[etch] - dovecot <not-affected> (Vulnerable code not present)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: exploitable through code introduced in 1.0.11
	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac  ...)
	{DSA-1561-1 DTSA-118-1}
	- ldm 2:0.1~bzr20080308-1 (bug #469462)
	- ltsp 5.0.40~bzr20071229-1
	NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate source package
CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5- ...)
	- ruby1.8 1.8.6.114-1 (unimportant; bug #469475)
	- ruby1.9 1.9.0.1-1 (unimportant; bug #469482)
	[sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case)
	NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
CVE-2008-1199 (Dovecot before 1.0.11, when configured to use mail_extra_groups to all ...)
	{DSA-1516-1}
	- dovecot 1:1.0.12-1 (medium; bug #469457)
CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net Activit ...)
	NOT-FOR-US: Net Activity Viewer
CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote a ...)
	- drupal <not-affected> (Vulnerable code not present, affects only 6.x branch)
	- drupal5 <not-affected> (Vulnerable code not present, affects only 6.x branch)
CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...)
	NOT-FOR-US: WebSphere
CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in XR ...)
	NOT-FOR-US: XRMS
CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in phpMyT ...)
	NOT-FOR-US: phpMyTourney
CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis 1.1.1.5 ...)
	NOT-FOR-US: Crysis
CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo  ...)
	NOT-FOR-US: Barryvan Compo Manager
CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0  ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast Generato ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elit ...)
	NOT-FOR-US: SiteBuilder
CVE-2008-1122 (SQL injection vulnerability in the downloads module in Koobi Pro 5.7 a ...)
	NOT-FOR-US: Koobi
CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...)
	NOT-FOR-US: eazyPortal
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer componen ...)
	NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in Cent ...)
	- centreon-web <itp> (bug #913903)
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does no ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ins ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ( ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected Extensib ...)
	NOT-FOR-US: Vocera
CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible  ...)
	NOT-FOR-US: Cisco
CVE-2008-1112
	REJECTED
CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the x ...)
	- xine-lib 1.1.10-1
	[etch] - xine-lib <not-affected> (Not affected per assessment of maintainer)
	[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted re ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the user accepts the iCalendar request and replies
	NOTE: to it from the "Calendars" window.
CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec Control ...)
	NOT-FOR-US: Danske Bank e-Sec Control Module
CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 a ...)
	NOT-FOR-US: Akamai Client
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in util/soc ...)
	{DSA-1590-1}
	- samba 1:3.0.30-1 (medium; bug #483410)
CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allo ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact an ...)
	- blender 2.40-1 (low)
CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender 2.4 ...)
	{DSA-1567-1}
	- blender 2.45-5 (medium; bug #477808)
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine  ...)
	NOT-FOR-US: KeyView
CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe. ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not p ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1098 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8  ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX cod ...)
	{DSA-1858-1}
	- graphicsmagick 1.1.7-13
	- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMa ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
	[lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1
	- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in B ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the authen ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Data ...)
	NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allow ...)
	NOT-FOR-US: Microsoft
CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP S ...)
	NOT-FOR-US: Microsoft
CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Interne ...)
	NOT-FOR-US: Microsoft
CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4,  ...)
	NOT-FOR-US: Microsoft
CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in  ...)
	NOT-FOR-US: Microsoft
CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization filt ...)
	NOT-FOR-US: Opera
CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute arb ...)
	NOT-FOR-US: Opera
CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read arbitr ...)
	NOT-FOR-US: Opera
CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in SendFile.jar for  ...)
	NOT-FOR-US: Beehive Software SendFile.NET
CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and  ...)
	- am-utils <not-affected> (Affected code not present in the binary package)
	NOTE: sendmail includes a copy of the script, which has been fixed since
	NOTE: several years
CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard (com_simpl ...)
	NOT-FOR-US: com_simpleboard component for Mambo and Joomla!
CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire S ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1. ...)
	NOT-FOR-US: Maian Cart
CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP- ...)
	NOT-FOR-US: GROUP-E
CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in In ...)
	NOT-FOR-US: Internet Security Systems
CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99 ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affected in conjunction with later libcairo)
	[sarge] - ethereal <not-affected> (Only affected in conjunction with later libcairo)
CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.9 ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.6 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.6 onwards)
CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.9 ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.5 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.5 onwards)
CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game Lib ...)
	NOT-FOR-US: Quantum Game Library
CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php  ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...)
	- phpqladmin <removed>
CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...)
	{DSA-1520-1}
	- smarty 2.6.18-1.1 (low; bug #469492)
	- moodle <not-affected> (low; bug #471158)
	- gallery2 2.2.5-2 (low; bug #471160)
	- mahara 0.9.2-2 (low; bug #471201)
	NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace
CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the XM-Memberst ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red Mexi ...)
	NOT-FOR-US: rmgs module for XOOPs
CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the XM-Membersta ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (ak ...)
	NOT-FOR-US: InterVideo IMC Server/InterVideo Home Theater
CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1. ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets 1. ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1059 (PHP remote file inclusion vulnerability in modules/syntax_highlight.ph ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2  ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 a ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 throug ...)
	NOT-FOR-US: Symark PowerBroker
CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php a ...)
	NOT-FOR-US: nukestyles.com addon for PHP-Nuke
CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instea ...)
	{DSA-1513-1}
	- lighttpd 1.4.18-4 (low; bug #469307)
CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment va ...)
	- rxvt 1:2.6.4-13 (unimportant; bug #469296)
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 an ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in  ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1053 (Multiple SQL injection vulnerabilities in the Kose_Yazilari module for ...)
	NOT-FOR-US: Kose_Yazilari module for PHP-Nuke
CVE-2008-1052 (The administration web interface in NetWin SurgeFTP 2.3a2 and earlier  ...)
	NOT-FOR-US: SurgeFTP
CVE-2008-1051 (PHP remote file inclusion vulnerability in include/body_comm.inc.php i ...)
	NOT-FOR-US: phpProfiles
CVE-2008-1050 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny  ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics Script
CVE-2008-1049 (Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1. ...)
	NOT-FOR-US: Parallels SiteStudio
CVE-2008-1048 (Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plum ...)
	NOT-FOR-US: Plume CMS
CVE-2008-1047 (Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in T ...)
	- tikiwiki <removed>
CVE-2008-1046 (PHP remote file inclusion vulnerability in footer.php in Quinsonnas Ma ...)
	NOT-FOR-US: Quinsonnas Mail Checker
CVE-2008-1045 (Cross-site scripting (XSS) vulnerability in the file tree navigation f ...)
	NOT-FOR-US: OpenCMS
CVE-2008-1044 (Stack-based buffer overflow in the Quantum Streaming Player (Quantum S ...)
	NOT-FOR-US: Quantum Streaming Player
CVE-2008-1043 (PHP remote file inclusion vulnerability in templates/default/header.in ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1042 (Directory traversal vulnerability in include/body.inc.php in Linux Web ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1041 (Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson  ...)
	NOT-FOR-US: MWhois
CVE-2008-1040 (Buffer overflow in the Single Sign-On function in Fujitsu Interstage A ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2008-1039 (SQL injection vulnerability in question.asp in PORAR WEBBOARD allows r ...)
	NOT-FOR-US: PORAR WEBBOARD
CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php in D ...)
	NOT-FOR-US: DBHcms
CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function  ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...)
	{DSA-1762-1}
	- icu 4.0.1-1
CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows re ...)
	NOT-FOR-US: Apple iCal
CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...)
	- cups 1.3.7-1
CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers t ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1030 (Integer overflow in the CFDataReplaceBytes function in the CFData API  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1029
	RESERVED
CVE-2008-1028 (Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allo ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1027 (Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 doe ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler (JavaScriptCo ...)
	- webkit 0~svn31841-1
	- qt4-x11 <not-affected> (vulnerable code not present referring to upstream)
	NOTE: for qt, referring to upstream this only applies to optimized code in safari 3.1
	NOTE: branch and qt 4.4 is based on safari 3.0
CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in S ...)
	- qt4-x11 <not-affected> (QUrl handles URLs and is not vulnerable to this CVE, see bug #479644)
	- webkit 0~svn31841-1 (medium)
CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime b ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in Appl ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media trac ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station Firmwa ...)
	NOT-FOR-US: Apple AirPort
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple S ...)
	NOTE: As far as I can see this has been addressed in revision 30871.
	NOTE: Please doublecheck.
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows  ...)
	NOTE: As far as I can see this has been addressed in revision 31388.
	NOTE: Please doublecheck.
CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the fram ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask th ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple  ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 al ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, w ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki Serv ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration co ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save authenticat ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when p ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF fil ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows context-depen ...)
	- pax <not-affected> (issue specific to Apple's version of pax)
CVE-2008-0991
	RESERVED
CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so li ...)
	NOT-FOR-US: Google Android
CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework  ...)
	NOT-FOR-US: Google Android
CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 all ...)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.32-1
CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as us ...)
	{DSA-1543-1 DTSA-116-1}
	- vlc 0.8.6.e-1 (medium; bug #467652)
CVE-2008-6426
	REJECTED
CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obt ...)
	NOT-FOR-US: Spyce
CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce -  ...)
	NOT-FOR-US: Spyce
CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python  ...)
	NOT-FOR-US: Spyce
CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...)
	NOT-FOR-US: Double-Take
CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...)
	NOT-FOR-US: Double-Take
CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...)
	NOT-FOR-US: Double-Take
CVE-2008-0972
	RESERVED
CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Ba ...)
	NOT-FOR-US: Barracuda Networks products
CVE-2008-0970
	RESERVED
CVE-2008-0969
	RESERVED
CVE-2008-0968
	RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware Workstat ...)
	- vmware-package <removed> (low; bug #486110)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
	RESERVED
CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 throu ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 throug ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allo ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC DiskXte ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which al ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x b ...)
	{DSA-1663-1 DTSA-137-1}
	- net-snmp 5.4.1~dfsg-8.1 (medium; bug #485945)
CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader T ...)
	NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install Runn ...)
	NOT-FOR-US: BackWeb Lite Install
CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...)
	NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
	RESERVED
CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX contro ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0952 (The AppendStringToFile function in the HPISDataManagerLib.Datamgr Acti ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoR ...)
	NOT-FOR-US: Windows Vista
CVE-2008-0950
	RESERVED
CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x thr ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by  ...)
	- krb5 1.3-1 (unimportant)
	NOTE: glibc properly defines FD_SETSIZE
CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in MI ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or IMs ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ( ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote atta ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries Browse ...)
	NOT-FOR-US: Eagle Software Aeries
CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle Softwar ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Brow ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before  ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Alb ...)
	NOT-FOR-US: WP Photo Album plugin for WordPress
CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List (prayerlis ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX contr ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...)
	NOT-FOR-US: NukeC phpnuke module
CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) subsyst ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permission ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to  ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0929
	REJECTED
CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device  ...)
	{DSA-1799-1 DTSA-133-1}
	- qemu 0.9.1+svn20081207-1 (low; bug #469649)
	- xen-unstable 3.2.0-4 (bug #469654)
	- xen-3 3.2.0-4 (bug #469662)
	- xen-3.0 <removed>
	- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remo ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 an ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for VM ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke al ...)
	NOT-FOR-US: Manuales module for PHP-Nuke
CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows remo ...)
	NOT-FOR-US: beContent
CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source  ...)
	NOT-FOR-US: OSSIM
CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open  ...)
	NOT-FOR-US: OSSIM
CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in th ...)
	NOT-FOR-US: astatsPRO component for Joomla!
CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 a ...)
	NOT-FOR-US: TorWorld software
CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare (com_ ...)
	NOT-FOR-US: com_hwdvideoshare component for Joomla!
CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and  ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation s ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB  ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...)
	NOT-FOR-US: Sybase MobiLink
CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts MultiCar ...)
	NOT-FOR-US: iScripts MultiCart
CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security 200 ...)
	NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires  ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic Port ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows r ...)
	NOT-FOR-US: Inhalt module for PHP-Nuke
CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows rem ...)
	NOT-FOR-US: Docum module for PHP-Nuke
CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 all ...)
	NOT-FOR-US: Globsy
CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree Coll ...)
	NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...)
	NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote attacke ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1  ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 throug ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allo ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator de ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remot ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially sensit ...)
	NOT-FOR-US: Apple Safari
CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Ad ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS s ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for  ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for un ...)
	{DSA-1522-1}
	- unzip 5.52-11
CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server i ...)
	- gnome-screensaver 2.22.2-1 (low; bug #475154)
	[etch] - gnome-screensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2008-0886
	REJECTED
CVE-2008-0885
	RESERVED
CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) lspp-ea ...)
	NOT-FOR-US: Red Hat Enterprise Linux
	NOTE: Seems Redhat specific
CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS  ...)
	{DSA-1530-1 DTSA-117-1}
	- cupsys 1.3.6-1 (medium; bug #467653)
	- cups 1.3.6-1 (medium; bug #467653)
	[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for  ...)
	NOT-FOR-US: Okul module for PHP-Nuke
CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module f ...)
	NOT-FOR-US: EasyContent module for PHP-Nuke
CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...)
	NOT-FOR-US: Web_Links module for PHP-Nuke
CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ear ...)
	NOT-FOR-US: MyAnnonces module for RunCMS
CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media J ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi SE ...)
	NOT-FOR-US: Hitachi SEWB3
CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related Cl ...)
	NOT-FOR-US: Hitachi EUR Print Manager
CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for X ...)
	NOT-FOR-US: eEmpregos module for XOOPS
CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds mo ...)
	NOT-FOR-US: jlmZone Classifieds module for XOOPS
CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail E ...)
	NOT-FOR-US: SmarterTools SmarterMail Enterprise
CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.2 ...)
	NOT-FOR-US: Now SMS/MMS Gateway
CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under cer ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA Aq ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Wo ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allow ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertent ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web s ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus  ...)
	NOT-FOR-US: IBM Lotus Quickplace
CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remo ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer  ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board 3.0. ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remo ...)
	NOT-FOR-US: e-Vision CMS
CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) comp ...)
	NOT-FOR-US: com_facileforms component for Joomla! and Mambo
CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla!  ...)
	NOT-FOR-US: com_salesrep component for Joomla! and Mambo
CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! an ...)
	NOT-FOR-US: com_detail component for Joomla! and Mambo
CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: freeSSHd
CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 al ...)
	- dokeos <itp> (bug #433352)
CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote at ...)
	- dokeos <itp> (bug #433352)
CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads (com_downloa ...)
	NOT-FOR-US: com_downloads component for Mambo and Joomla!
CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Sy ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for XO ...)
	NOT-FOR-US: myTopics module for XOOPS
CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component  ...)
	NOT-FOR-US: com_profile component for Mambo and Joomla!
CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-Pe ...)
	NOT-FOR-US: WP-People plugin for WordPress
CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook (com_pccook ...)
	NOT-FOR-US: com_pccookbook component for Joomla!
CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: StatCounteX
CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier (com_clasif ...)
	NOT-FOR-US: com_clasifier component for Joomla!
CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette  ...)
	NOT-FOR-US: com_ricette component for Joomla!
CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public Warehou ...)
	NOT-FOR-US: LightBlog
CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO (com_astatsp ...)
	NOT-FOR-US: com_astatspro component for Joomla!
CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	NOT-FOR-US: Sophos, Email Security Appliance
CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the Joh ...)
	NOT-FOR-US: John Godley Search Unleashed plugin for WordPress
CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ear ...)
	NOT-FOR-US: Simple CMS
CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS bef ...)
	NOT-FOR-US: Lotus Quickr
CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component  ...)
	NOT-FOR-US: com_galeria component for Joomla!
CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius com_qur ...)
	NOT-FOR-US: com_quran component for Mambo and Joomla!
CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidr ...)
	NOT-FOR-US: com_rapidrecipe component for Joomla!
CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allow ...)
	NOT-FOR-US: DPAP server for iPhoto
CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ( ...)
	NOT-FOR-US: com_jooget component for Joomla! and Mambo
CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 an ...)
	NOT-FOR-US: ATutor
CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows rem ...)
	NOT-FOR-US: Books module of PHP-Nuke
CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 all ...)
	NOT-FOR-US: Claroline
CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote at ...)
	NOT-FOR-US: Claroline
CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...)
	NOT-FOR-US: Claroline
CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 fo ...)
	NOT-FOR-US: Header Image Module for Drupal
CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows re ...)
	NOT-FOR-US: Scribe
CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in  ...)
	NOT-FOR-US: PHP Live!
CVE-2008-0820
	NOT-FOR-US: Etomite CMS
CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator  ...)
	NOT-FOR-US: PlutoStatus Locator
CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 all ...)
	NOT-FOR-US: freePHPgallery
CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla!  ...)
	NOT-FOR-US: com_filebase component for Joomla! and Mambo
CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and Ma ...)
	NOT-FOR-US: com_sg component for Joomla! and Mambo
CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! all ...)
	NOT-FOR-US: com_mezun component for Joomla!
CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking Requirem ...)
	NOT-FOR-US: TRUC
CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3. ...)
	NOT-FOR-US: XPWeb
CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 a ...)
	NOT-FOR-US: BanPro DMS
CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote at ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! a ...)
	NOT-FOR-US: com_scheduling module for Joomla! and Mambo
CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...)
	NOT-FOR-US: PHPizabi
CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus N ...)
	NOT-FOR-US: Thecus N5200Pro NAS Server
CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not pr ...)
	{DSA-1609-1}
	- lighttpd 1.4.18-2 (medium; bug #466663)
CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...)
	NOT-FOR-US: Adobe Acrobat Reader
	NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan M ...)
	NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide (com_medias ...)
	NOT-FOR-US: Joomla component
CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery (com_paxxg ...)
	NOT-FOR-US: Joomla component
CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0. ...)
	NOT-FOR-US: Joomla component
CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 a ...)
	NOT-FOR-US: Joomla component
CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign web ...)
	NOT-FOR-US: artmedic webdesign
CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 r ...)
	NOT-FOR-US: iTheora
CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows remot ...)
	NOT-FOR-US: Nuboard
CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1 ...)
	NOT-FOR-US: Joomla component
CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate Mark ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in T ...)
	NOT-FOR-US: Tendenci CMS
CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security 200 ...)
	NOT-FOR-US: F-Secure
CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attac ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate WinIP ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdow ...)
	NOT-FOR-US: LI Countdown
CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2 ...)
	NOT-FOR-US: MyBB
CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before  ...)
	NOT-FOR-US: MyBB
CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 be ...)
	- cacti 0.8.7b-1
	[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
	NOTE: this is prevented by PHP since 4.4.2/5.1.2.
CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b an ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows  ...)
	- cacti 0.8.7b-1 (unimportant)
	NOTE: paths on Debian already known
CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 bef ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
	[etch] - cacti 0.8.6i-3.3
CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5 ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows rem ...)
	{DSA-1508-1}
	- sword 1.5.9-8 (high; bug #466449)
	NOTE: source package named sword, binary package named diatheke
CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a syml ...)
	- wyrd 1.4.3b-4 (low; bug #466382)
	[etch] - wyrd <no-dsa> (Minor issue)
CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...)
	{DSA-1507-1}
	- turba2 2.1.7-1 (bug #464058)
CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security 3 ...)
	NOT-FOR-US: Fortinet FortiClient 3.0
CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in QTPlugi ...)
	NOT-FOR-US: QuickTime
CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 6.3-3 (bug #483152)
	- kfreebsd-7 7.0-1 (bug #483152)
CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
	NOT-FOR-US: iTechBids
CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machi ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel  ...)
	NOT-FOR-US: Loris Hotel Reservations
CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for  ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite all ...)
	NOT-FOR-US: Site2Nite
CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ear ...)
	NOT-FOR-US: ibProArcade
CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...)
	NOT-FOR-US: Livelink
CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows RP ...)
	NOT-FOR-US: IBM Informix
CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earl ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Mana ...)
	NOT-FOR-US: Brooks Remote Print Manager
CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdes ...)
	NOT-FOR-US: artmedic
CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network  ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Se ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component  ...)
	NOT-FOR-US: com_iomezun component for Joomla!
CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...)
	NOT-FOR-US: Prince Clan Chess Club component for Joomla!
CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...)
	NOT-FOR-US: SafeNet Sentinel Protection Server
CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earl ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP embedd ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard  ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cy ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the L ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid Recip ...)
	NOT-FOR-US: Rapid Recipe component for Joomla!
CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5  ...)
	NOT-FOR-US: Virtual War
CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery (com_neogal ...)
	NOT-FOR-US: Neogallery component for Joomla!
CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 pl ...)
	NOT-FOR-US: Spartacus plugin (freetag) for serendipity
CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoar ...)
	NOT-FOR-US: Husrev BlackBoard
CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS  ...)
	NOT-FOR-US: Calimero.CMS
CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...)
	NOT-FOR-US: Sony ImageStation
CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlie ...)
	NOT-FOR-US: COWON America jetAudio
CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery)  ...)
	NOT-FOR-US: Gallery component for Mambo and Joomla!
CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 al ...)
	NOT-FOR-US: DomPHP
CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre H ...)
	NOT-FOR-US: Pre Hotels & Resorts Management System
CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...)
	NOT-FOR-US: PowerNews
CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in IB ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPre ...)
	NOT-FOR-US: CandyPress
CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, an ...)
	NOT-FOR-US: CandyPress
CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in Candy ...)
	NOT-FOR-US: CandyPress
CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly  ...)
	NOT-FOR-US: CandyPress
CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in Au ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, an ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike Por ...)
	NOT-FOR-US: CS Team Counter Strike Portals
CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...)
	NOT-FOR-US: Novell Client
CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica a ...)
	NOT-FOR-US: Civica Software Civica
CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows 2 ...)
	NOT-FOR-US: Windows
CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95 ...)
	NOT-FOR-US: Bajie Http Web Server
CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in phpWebFileMan ...)
	NOT-FOR-US: phpWebFileManager
CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web  ...)
	NOT-FOR-US: PlanetMoon Guestbook
CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with  ...)
	NOT-FOR-US: WF-Chat
CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks whe ...)
	NOT-FOR-US: Apache Geronimo
CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not pr ...)
	NOT-FOR-US: SuSE kernel/apparmor
CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ( ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers  ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before  ...)
	- clamav 0.92.1~dfsg-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows  ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ad ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...)
	NOT-FOR-US: The Everything Development System
CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1 ...)
	NOT-FOR-US: MyNews
CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0. ...)
	NOT-FOR-US: Pagetool
CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) 0. ...)
	NOT-FOR-US: Sermon component for Mambo
CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...)
	- webmin <removed>
CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the Custom ...)
	NOT-FOR-US: osCommerce Online Merchant
CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in S ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 thr ...)
	NOT-FOR-US: IBM WebSphere Edge Server
CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 al ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user ...)
	NOT-FOR-US: ACDSee
CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...)
	NOT-FOR-US: Mihalism Multi Host
CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23 ...)
	NOT-FOR-US: HP-UX B
CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics)  ...)
	NOT-FOR-US: HP HPeDiag
CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP iLO ...)
	NOT-FOR-US: HP iLO-2 management processors
CVE-2008-0710
	REJECTED
CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442 ...)
	NOT-FOR-US: HP USB 2.0 Floppy Drive Key
CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B ...)
	NOT-FOR-US: HP-UX
CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP Comp ...)
	NOT-FOR-US: BIOS F.26
CVE-2008-0705
	REJECTED
CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Servi ...)
	NOT-FOR-US: HP OpenVMS
CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow remo ...)
	NOT-FOR-US: sflog!
CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0. ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check per ...)
	NOT-FOR-US: Magnolia CE
CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux Softwar ...)
	NOT-FOR-US: CruxCMS
CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_S ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16  ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 allo ...)
	NOT-FOR-US: BookmarkX
CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/ ...)
	NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0
CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 C ...)
	NOT-FOR-US: Print Manager Plus
CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and  ...)
	NOT-FOR-US: iTechBids
CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...)
	NOT-FOR-US: WP-Footnotes plugin for WordPress
CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory (com_dire ...)
	NOT-FOR-US: mosDirectory component for Joomla!
CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace (com_marke ...)
	NOT-FOR-US: Marketplace component for Joomla!
CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...)
	NOT-FOR-US: Smartscript Domain Trader
CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/inc ...)
	NOT-FOR-US: Youtube Clone Script
CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences (com_neo ...)
	NOT-FOR-US: NeoReferences component for Joomla!
CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 all ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassi ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis  ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...)
	NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remot ...)
	NOT-FOR-US: PHPShop
CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to  ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 a ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote  ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote atta ...)
	NOT-FOR-US: A-Blog
CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 all ...)
	NOT-FOR-US: A-Blog
CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything Developm ...)
	NOT-FOR-US: Everything Development System
CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute  ...)
	{DSA-1499-1 DTSA-115-1}
	- pcre3 7.6-1 (medium)
	- php5 <not-affected> (Uses sytem copy)
CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbo ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in TinTin+ ...)
	- tintin++ 1.97.9-2 (medium; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias (com_noticias ...)
	NOT-FOR-US: Noticias component for Joomla!
CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity a ...)
	NOT-FOR-US: Sift Unity
CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnom ...)
	{DSA-1546-1}
	- gnumeric 1.8.1-1 (medium)
CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe A ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...)
	NOT-FOR-US: Novell Challenge Response Client
CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureCli ...)
	NOT-FOR-US: SecuRemote/SecureClient NGX R60 and R56
CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote att ...)
	NOT-FOR-US: dBpowerAMP Audio Player
CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader Active ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control  ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.3 ...)
	{DSA-1541-1}
	- openldap2.3 2.4.7-6.1 (low; bug #465875)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built from this version)
	NOTE: only authenticated users can exploit this
CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment i ...)
	- sun-java6 6-02-1
	- sun-java5 1.5.0-14-1
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documen ...)
	NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat befor ...)
	NOT-FOR-US: Adobe Reader
CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow r ...)
	NOT-FOR-US: Azucar CMS
CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0. ...)
	NOT-FOR-US: Ynews component for Joomla!
CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads (com_downloa ...)
	NOT-FOR-US: Downloads for Mambo and Joomla!
CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice CMS a ...)
	NOT-FOR-US: Pedro Santana Codice CMS
CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta al ...)
	NOT-FOR-US: Simple OS CMS
CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory Project ...)
	NOT-FOR-US: Astanda Directory Project
CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0. ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2008-0647 (Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGame ...)
	NOT-FOR-US: Ourgame GLWorld
CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp in Ra ...)
	- deluge-torrent 0.5.8.3-1 (bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php  ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypa ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe Rob ...)
	NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwik ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0641
	RESERVED
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...)
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the Spoole ...)
	NOT-FOR-US: Novell Client
CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator (VE ...)
	NOT-FOR-US: Veritas Enterprise Administrator service
CVE-2008-0637
	RESERVED
CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x  ...)
	NOT-FOR-US: Managed Workplace Service Center
CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 thro ...)
	NOT-FOR-US: Openads
CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in  ...)
	NOT-FOR-US: NamoInstaller
CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when user auth ...)
	NOT-FOR-US: Anon Proxy Server
	NOTE: this is not anon-proxy
CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in Light ...)
	NOT-FOR-US: LightBlog
CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow  ...)
	NOT-FOR-US: MailBee Objects
CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allow ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464532)
CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r258 ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464533)
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Upd ...)
	- sun-java6 6-04-1
	- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
CVE-2008-0627
	REJECTED
CVE-2008-0626
	REJECTED
CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Ya ...)
	NOT-FOR-US: Yahoo! Music Jukebox
CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in  ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control (datag ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and ear ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 an ...)
	NOT-FOR-US: SAP GUI
CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before  ...)
	NOT-FOR-US: SAPSprint
CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 a ...)
	NOT-FOR-US: Nero Media Player
CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestboo ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestboo ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0616 (SQL injection vulnerability in the administration panel in the DMSGues ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the DMSGues ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery 1.543 al ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows  ...)
	NOT-FOR-US: XOOPS
CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery S ...)
	NOT-FOR-US: RMSOFT Gallery module for XOOPS
CVE-2008-0610 (Stack-based buffer overflow in the ClientConnection::NegotiateProtocol ...)
	NOT-FOR-US: UltraVNC
CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD We ...)
	NOT-FOR-US: Web Pack 2.0
CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...)
	NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo
CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2)  ...)
	NOT-FOR-US: Shambo2 component for Mambo and Joomla!
CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpD ...)
	NOT-FOR-US: AstroSoft HelpDesk
CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...)
	NOT-FOR-US: XLight FTP Server
CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! (com_a ...)
	NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla!
CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1 ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1  ...)
	{DSA-1494-1 DTSA-113-1}
	- linux-2.6 2.6.24-4 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...)
	{DTSA-135-1}
	- php5 5.2.6-1
	[etch] - php5 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
	[etch] - php4 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the Li ...)
	{DSA-1630-1}
	- linux-2.6 2.6.26-4 (bug #490910)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: (mimeDeleteType included since 1.2.x
	NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
	NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
	NOTE: versions in Debian.
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: see CVE-2008-0597
CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
	{DSA-1599-1}
	- dbus 1.1.20-1
CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery  ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and Se ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does n ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remo ...)
	NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in IB ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to  ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permi ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 al ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
	NOT-FOR-US: Skype
CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
	NOT-FOR-US: Skype
CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by obtai ...)
	NOT-FOR-US: LSrunasE
CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed  ...)
	NOT-FOR-US: LSrunasE and Supercrypt
CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense (com_buslic ...)
	NOT-FOR-US: buslicense component for Joomla!
CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login p ...)
	NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface
CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5 ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in admin/admincenter.p ...)
	NOT-FOR-US: webSPELL
CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01 ...)
	NOT-FOR-US: webSPELL
CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote  ...)
	NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote
CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.1 ...)
	NOT-FOR-US: Mindmeld
CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5. ...)
	NOT-FOR-US: Userpoints module for Drupal
CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ver ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 modul ...)
	NOT-FOR-US: Comment upload module for Drupal
CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the Secu ...)
	NOT-FOR-US: Secure Site module for Drupal
CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine Chr ...)
	NOT-FOR-US: ChronoEngine ChronoForms component for Joomla!
CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in Delt ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3  ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in service/impl/UserLo ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant (com_restau ...)
	NOT-FOR-US: Restaurant component for Mambo and Joomla!
CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze AkoGaller ...)
	NOT-FOR-US: AkoGallery component for Mambo and Joomla!
CVE-2008-0560
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11  ...)
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional  ...)
	NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop (com_catal ...)
	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
	NOT-FOR-US: OpenCA PKI Project
CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 do ...)
	- apache <removed>
	[etch] - apache <no-dsa> (only exploitable in very specific setups)
	NOTE: Only affects the apache-ssl package, not apache or apache-perl.
	NOTE: Only relevant if the attacker can get a CA that is trusted by the server
	NOTE: to sign client certs with arbitrary CN, but cannot influence the contents
	NOTE: of the other DN fields.
	NOTE: OTOH, the configuration used in Debian's apache-ssl 1.55 (per-dir
	NOTE: ssl-renegotiation switched off), has obviously not been tested by upstream
	NOTE: with 1.59 (it doesn't even compile).
	NOTE: Also, upstream's fix breaks API/ABI compatibility in some corner cases.
	NOTE: While these cases are not really supported by Debian, all in all the low
	NOTE: severity of the issue is not in proportion to the risk of breaking something
	NOTE: with the fix.
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6 ...)
	NOT-FOR-US: eTicket
CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3 ...)
	NOT-FOR-US: Namo Web Editor
CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote attacke ...)
	NOT-FOR-US: Steamcast
CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 an ...)
	NOT-FOR-US: Steamcast
CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Steamcast
CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp ...)
	NOT-FOR-US: CandyPress
CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, an ...)
	NOT-FOR-US: CandyPress
CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32  ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution allo ...)
	NOT-FOR-US: Pre Dynamic Institution
CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler Sim ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Ge ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...)
	NOT-FOR-US: trixbox
CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...)
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...)
	NOT-FOR-US: phpIP Management
CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervi ...)
	NOT-FOR-US: Cisco
CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service Contr ...)
	NOT-FOR-US: Cisco
CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service Contr ...)
	NOT-FOR-US: Cisco
CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...)
	NOT-FOR-US: Cisco
CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/C ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Chang ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960 ...)
	NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G,  ...)
	NOT-FOR-US: Cisco
CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP f ...)
	NOT-FOR-US: Cisco
CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmw ...)
	NOT-FOR-US: Cisco
CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch Man ...)
	NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
	NOT-FOR-US: Yamaha router firmware
CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...)
	NOT-FOR-US: SoftCart
CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks shop ...)
	NOT-FOR-US: Hal Networks shopping-cart products
CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32  ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp plugi ...)
	NOT-FOR-US: WassUp plugin for WordPress
CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes (com_joke ...)
	NOT-FOR-US: Atapin Jokes component for Mambo and Joomla!
CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes)  ...)
	NOT-FOR-US: Recipes component for Mambo and Joomla!
CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi EstateAge ...)
	NOT-FOR-US: EstateAgent component for Mambo and Joomla!
CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...)
	NOT-FOR-US: SQLiteManager
CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes (com_musepoes ...)
	NOT-FOR-US: musepoes component for Mambo and Joomla!
CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary (com_glossary ...)
	NOT-FOR-US: Glossary component for Mambo and Joomla!
CVE-2008-0513 (Directory traversal vulnerability in parser/include/class.cache_phpcms ...)
	NOT-FOR-US: phpCMS
CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component  ...)
	NOT-FOR-US: fq component for Mambo and Joomla!
CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) comp ...)
	NOT-FOR-US: MaMML component for Mambo and Joomla!
CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter (com_newsle ...)
	NOT-FOR-US: Newsletter component for Mambo and Joomla!
CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cau ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in deans_permalinks_mi ...)
	NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress
CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin f ...)
	NOT-FOR-US: AdServe plugin for WordPress
CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) befo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.ph ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CP ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Pub ...)
	NOT-FOR-US: Netwerk Smart Publisher
CVE-2008-0502 (PHP remote file inclusion vulnerability in templates/Official/part_use ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web i ...)
	NOT-FOR-US: openbsd
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...)
	NOT-FOR-US: AIM PicEditor
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote auth ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1 ...)
	- webcalendar 1.1.6-7 (bug #466935)
	[lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4 ...)
	NOT-FOR-US: Drake CMS
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ...)
	{DSA-1601-1}
	- wordpress 2.3.3-1 (medium; bug #464170)
	[etch] - wordpress <not-affected> (vulnerable code not present)
	NOTE: The blog has to provide user accounts
	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
	NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is
	NOTE: not included in any other packages.
	- libwordpress-xmlrpc-perl <removed>
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
	- tk8.5 8.5.0-3
	- tk8.4 8.4.17-2
	- tk8.3 8.3.5-12
	- libtk-img 1:1.3-release-7 (bug #485785)
CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in netpbm  ...)
	{DSA-1579-1}
	- netpbm-free 10.0-11.1 (medium; bug #464056)
CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before  ...)
	- mailman 1:2.1.10~b3-1 (low)
	[etch] - mailman <no-dsa> (Minor issue)
	[sarge] - mailman <no-dsa> (Minor issue)
	NOTE: Someone authenticated as list admin can insert malicious script
	NOTE: into list templates. This already consists of a high degree of
	NOTE: control over the mailinglist, so not a very important issue.
	NOTE: This enhances the fix for CVE-2006-3636.
	NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allow ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arb ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote att ...)
	NOT-FOR-US: phpMyClub
CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unkno ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attac ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...)
	NOT-FOR-US: Bigware Shop
CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS  ...)
	NOT-FOR-US: Nucleus CMS
CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...)
	NOT-FOR-US: AmpJuke
CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Ma ...)
	NOT-FOR-US: Pegasus CIM Server
CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in End ...)
	NOT-FOR-US: Endian Firewall
CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remot ...)
	NOT-FOR-US: FlashPix plugin for IrfanView
CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control i ...)
	NOT-FOR-US: Persits XUpload
CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugi ...)
	NOT-FOR-US: fGallery for WordPress
CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal 0 ...)
	NOT-FOR-US: WP-Cal plugin for WordPress
CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere 2007.4. ...)
	NOT-FOR-US: Clansphere
CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing allo ...)
	NOT-FOR-US: VB Marketing
CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
	NOT-FOR-US: ASPired2Protect
CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc ...)
	{DSA-1536-1 DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
	- xine-lib 1.1.10.1-1 (bug #464696)
	[sarge] - xine-lib <not-affected> (Vulnerable code not present)
CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ear ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
CVE-2008-0484
	RESERVED
CVE-2008-0483
	RESERVED
CVE-2008-0482
	RESERVED
CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz R ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 an ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz N ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows  ...)
	NOT-FOR-US: SetCMS
CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX contro ...)
	NOT-FOR-US: Move Networks Upgrade Manager
CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check authen ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote attacke ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ap ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote  ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltla ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpB ...)
	{DSA-1488-1}
	- phpbb2 2.0.22-3 (low; bug #463589)
CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attack ...)
	NOT-FOR-US: Comodo AntiVirus
CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System (TPN ...)
	NOT-FOR-US: Tiger Php News System
CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier a ...)
	NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...)
	{DSA-1529-1}
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4 ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 al ...)
	NOT-FOR-US: Seagull
CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon Mai ...)
	NOT-FOR-US: aconon Mail Enterprise SQL
CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before  ...)
	NOT-FOR-US: Workflow module for Drupal
CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x ...)
	NOT-FOR-US: Archive module for Drupal
CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in PHP-N ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1 ...)
	- mediawiki 1:1.11.1-1 (low)
	[etch] - mediawiki <not-affected> (Doesn't include API functionality)
CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
	NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
	NOT-FOR-US: SLAED CMS
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...)
	NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the Apac ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
	NOT-FOR-US: Skype
CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe allo ...)
	NOT-FOR-US: Easysitenetwork Recipe
CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 all ...)
	NOT-FOR-US: Siteman
CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote au ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Car ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-0448 (PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.p ...)
	NOT-FOR-US: phpSearch
CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0  ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows re ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG)  ...)
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG)  ...)
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX co ...)
	NOT-FOR-US: Lycos FileUploader Module
CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small Ax ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in c ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in clearte ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in templates/default/admincp/ ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering functio ...)
	NOT-FOR-US: Novemberborn sIFR
CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 Activ ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp  ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 all ...)
	NOT-FOR-US: OZJournals
CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail Ser ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2008-0433 (PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwo ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo  ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in IDM ...)
	NOT-FOR-US: IDMOS
CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows  ...)
	NOT-FOR-US: 360 Web Manager
CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per P ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in system ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in P ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse  ...)
	NOT-FOR-US: Frimousse
CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...)
	NOT-FOR-US: Mooseguy Blog System
CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software al ...)
	NOT-FOR-US: Lama Software
CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...)
	NOT-FOR-US: bMachine
CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allo ...)
	NOT-FOR-US: Invision Gallery
CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox befor ...)
	{DSA-1534-1 DSA-1484-1}
	- iceape 1.1.8-1
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but clarified
	NOTE: later, see http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12,  ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird  ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird bef ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in  ...)
	{DSA-1510-1}
	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
	- gs-gpl <removed> (medium)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 t ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
	- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-3 (medium)
CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image  ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-2 (medium)
CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain c ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) bef ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append a ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with  ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...)
	- mantis <not-affected> (Vulnerable code not present)
	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does no ...)
	NOT-FOR-US: Belkin Wireless firmware
CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and  ...)
	NOT-FOR-US: IBM WebSphere Business Modeler
CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the mode ...)
	NOT-FOR-US: Singapore
CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordS ...)
	NOT-FOR-US: Toshiba Surveillance
CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly e ...)
	NOT-FOR-US: aflog
CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and possibly ear ...)
	NOT-FOR-US: aflog
CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server (http.e ...)
	NOT-FOR-US: BitDefender Update Server
CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain server c ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote  ...)
	NOT-FOR-US: Citadel SMTP server
CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3 and ear ...)
	NOT-FOR-US: GradMan
CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentic ...)
	NOT-FOR-US: aliTalk
CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows  ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled featu ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...)
	NOT-FOR-US: WP-Forum plugin for WordPress
CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to e ...)
	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...)
	NOT-FOR-US: Urulu
CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel pa ...)
	NOT-FOR-US: OpenBSD
CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allo ...)
	NOT-FOR-US: MyBB
CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier all ...)
	NOT-FOR-US: MyBB
CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown impact an ...)
	- mahara 0.9.1-1 (low)
CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl Active ...)
	NOT-FOR-US: Digital Data Communications
CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control (EnterpriseContr ...)
	NOT-FOR-US: Crystal Reports
CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when  ...)
	NOT-FOR-US: SocksCap
CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and gain ad ...)
	NOT-FOR-US: MicroNews
CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small Ax ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.0 ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web P ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max's File Uploader a ...)
	NOT-FOR-US: PHP F1 Max's File Uploader
CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_ ...)
	NOT-FOR-US: aliTalk
CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel  ...)
	NOT-FOR-US: cPanel
CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allo ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when p ...)
	- iceweasel 3.0 (low)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Mozilla #244273
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to SSD ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local us ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1. ...)
	NOT-FOR-US: BitTorrent/uTorrent
CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier  ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 ...)
	NOT-FOR-US: GradMan
CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows remot ...)
	NOT-FOR-US: Pixelpost
CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in Galaxyscripts ...)
	NOT-FOR-US: Galaxyscripts
CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA) servi ...)
	NOT-FOR-US: Citrix Presentation Server
CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in PHPEch ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in IBM Lot ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...)
	NOT-FOR-US: php-residence
CVE-2008-XXXX [apt-cacher arbitrary command execution]
	- apt-cacher 1.6.1
	[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
	[sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ca ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced after 2.6.19 release)
CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attac ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to  ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in O ...)
	NOT-FOR-US: Oracle
CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...)
	NOT-FOR-US: Oracle
CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function i ...)
	NOT-FOR-US: miniweb
CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in htt ...)
	NOT-FOR-US: miniweb
CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in BugTrack ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7. ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in pm/language/spanish/prefer ...)
	NOT-FOR-US: pMachine
CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in  ...)
	NOT-FOR-US: AfterLogic MailBee WebMail Pro 4.1 for ASP.NET
CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria 0.9 ...)
	NOT-FOR-US: Aria ERP (not the aria we ship)
CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 PAT ...)
	NOT-FOR-US: Funkwerk
CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote attack ...)
	NOT-FOR-US: Radiator
CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_supp ...)
	NOT-FOR-US: LulieBlog
CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows  ...)
	NOT-FOR-US: FaScript
CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows r ...)
	NOT-FOR-US: FaScript
CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript FaPersianHac ...)
	NOT-FOR-US: FaScript
CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...)
	NOT-FOR-US: FaScript
CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allow ...)
	NOT-FOR-US: Cisco
CVE-2008-0323
	RESERVED
CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsof ...)
	NOT-FOR-US: Microsoft Windows XP driver
CVE-2008-0321
	RESERVED
CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org befor ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2008-0319
	RESERVED
CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV bef ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
	RESERVED
CVE-2008-0316
	RESERVED
CVE-2008-0315
	RESERVED
CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 all ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1 (medium)
CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX contro ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request functi ...)
	NOT-FOR-US: Borland CaliberRM
CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 befo ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products in ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibl ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows  ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0305
	RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and  ...)
	{DSA-1697-1 DSA-1621-1}
	- icedove 2.0.0.12-1 (medium)
	- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including imageRUNNE ...)
	NOT-FOR-US: Canon printer firmware
CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote ...)
	NOT-FOR-US: Mapbender
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to exec ...)
	NOT-FOR-US: Mapbender
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ca ...)
	- webkit <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- qt4-x11 <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kdelibs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kde4libs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	NOTE: Not reproducible, might be fixed before all the forks went off
CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
	NOT-FOR-US: PhotoKorn
CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLA ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in th ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
	NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it
CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in FreeSe ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when  ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie P ...)
	NOT-FOR-US: Dansie Photo Album
CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS allow ...)
	NOT-FOR-US: RichStrong CMS
CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery befo ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows rem ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 h ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not che ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious fil ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto G ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows attacker ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery bef ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2008-0161
	RESERVED
CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ear ...)
	NOT-FOR-US: Digital Hive
CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member Are ...)
	NOT-FOR-US: Member Area System
CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow rem ...)
	NOT-FOR-US: ImageAlbum
CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 all ...)
	NOT-FOR-US: VisionBurst vcart
CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard al ...)
	NOT-FOR-US: Article Dashboard
CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remot ...)
	- ngircd 0.10.3-2 (bug #461067; low)
	[etch] - ngircd <no-dsa> (Minor issue)
CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP  ...)
	NOT-FOR-US: DomPHP
CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81  ...)
	NOT-FOR-US: DomPHP
CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlie ...)
	NOT-FOR-US: ID-Commerce
CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ear ...)
	NOT-FOR-US: MTCMS
CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibl ...)
	NOT-FOR-US: Xforum
CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...)
	NOT-FOR-US: X7 Chat
CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows re ...)
	NOT-FOR-US: Fileshare module for Drupal
CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before 5. ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...)
	NOT-FOR-US: Atom module for Drupal
CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...)
	- drupal5 5.6-1 (unimportant)
	NOTE: needs register_globals on
CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5 ...)
	- drupal5 5.6-1 (low)
CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator modu ...)
	- drupal5 5.6-1 (low)
CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x be ...)
	NOT-FOR-US: BUEditor
CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earli ...)
	NOT-FOR-US: TaskFreak!
CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10  ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5. ...)
	NOT-FOR-US: eTicket
CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...)
	NOT-FOR-US: eTicket
CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in eTicke ...)
	NOT-FOR-US: eTicket
CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search func ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 mod ...)
	NOT-FOR-US: Meta Tags module for Drupal
CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4. ...)
	NOT-FOR-US: Ingate Firewall
CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares Php ...)
	NOT-FOR-US: Agares PhpAutoVideo
CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo  ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration in ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php  ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running M ...)
	NOT-FOR-US: PHP Running Management
CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...)
	NOT-FOR-US: Dansie Search
CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Galle ...)
	NOT-FOR-US: Matteo Binda ASP Photo Gallery
CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 a ...)
	NOT-FOR-US: iGaming
CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka Photos ...)
	NOT-FOR-US: TutorialCMS
CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows r ...)
	NOT-FOR-US: Binn SBuilder
CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in (1 ...)
	{DSA-1481-1}
	- python-cherrypy 2.2.1-3.1 (low; bug #461069)
	- cherrypy3 3.0.2-2
CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before 2 ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-ass ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database credenti ...)
	NOT-FOR-US: PHP Webquest
CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...)
	NOT-FOR-US: StreamAudio ChainCast ProxyManager
CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service (dsmsv ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...)
	NOT-FOR-US: UploadScript
CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password  ...)
	NOT-FOR-US: UploadImage
CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to exec ...)
	- maxdb-7.5.00 <removed> (medium; bug #461444)
	NOTE: see #461456 for removal explanation
CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allo ...)
	NOT-FOR-US: Lotus Domino
CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...)
	NOT-FOR-US: Sun Solari
CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System  ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 throug ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
	NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked  ...)
	- paramiko 1.6.4-1.1 (low; bug #460706)
	[etch] - paramiko <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20100715101310/http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 al ...)
	NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0)  ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers t ...)
	NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control
CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions  ...)
	NOT-FOR-US: Apple Quicktime Player
CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earli ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow rem ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned Stu ...)
	NOT-FOR-US: Tune Studio
CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate 2.0. ...)
	NOT-FOR-US: osDate
CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Mode ...)
	NOT-FOR-US: LevelOne router firmware
CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Li ...)
	NOT-FOR-US: Linksys WRT54GL firmware
CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/lib ...)
	{DSA-1472-1 DTSA-109-1}
	- xine-lib 1.1.10-1 (medium; bug #460551)
CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ea ...)
	NOT-FOR-US: RunCMS
CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSyste ...)
	NOT-FOR-US: JustSystem
CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the W ...)
	NOT-FOR-US: Wp-FileManager plugin for WordPress
CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1  ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP Webques ...)
	NOT-FOR-US: Webquest
CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak  ...)
	NOT-FOR-US: Merak IceWarp Mail Server
CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openp ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not pr ...)
	- kfreebsd-5 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage  ...)
	NOT-FOR-US: HP SRM
CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual  ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Com ...)
	NOT-FOR-US: BIOS F.04
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication stat ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums  ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha ...)
	NOT-FOR-US: Captcha!
CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in math-com ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in math-comment-sp ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/ad ...)
	NOT-FOR-US: Cryptographp plugin for WordPress
CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 an ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ExpressionEng ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in account/index.h ...)
	NOT-FOR-US: RotaBanner
CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in wp-conta ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and e ...)
	- wordpress 2.3.3-1
	[etch] - wordpress <no-dsa> (Auth is needed and attacker should have permissions to edit files)
CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain sensiti ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0 ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPr ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...)
	- wordpress 2.0.10-1
	NOTE: poked hendry
CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive  ...)
	- wordpress <unfixed> (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in templates/examp ...)
	NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
	REJECTED
CVE-2008-0188
	REJECTED
CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPw ...)
	NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
	NOT-FOR-US: NetRisk
CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...)
	NOT-FOR-US: NetRisk
CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on Lin ...)
	NOT-FOR-US: Sys-Hotel
CVE-2008-0183
	RESERVED
CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet i ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in Lifer ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServ ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin Sessi ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME  ...)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	NOTE: Linux kernel code is not affected, the proper check is there
	NOTE: (somewhat difficult to spot, it happens in the caller).
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SC ...)
	NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time I ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTT ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost r ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (ak ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0170
	RESERVED
CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 t ...)
	- ikiwiki 2.48 (medium; bug #483770)
	[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
CVE-2008-0168
	RESERVED
CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 upd ...)
	{DSA-1577-1}
	- gforge 4.6.99+svn6496-1 (low)
	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operat ...)
	{DSA-1576-1 DSA-1571-1}
	- openssl 0.9.8g-9 (high)
	[sarge] - openssl <not-affected> (Vulnerable code not present)
	- openssh 4.7p1-9 (high)
	NOTE: http://www.debian.org/security/key-rollover/
CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 ...)
	{DSA-1553-1}
	- ikiwiki 2.42
CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CM ...)
	- plone3 3.1.1-1 (bug #473571)
CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access re ...)
	{DSA-1494-1}
	- linux-2.6 2.6.25-1 (high)
CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges bef ...)
	{DSA-1500-1}
	- splitvt 1.6.6-4
CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in apt-listc ...)
	{DSA-1465-2}
	- apt-listchanges 2.82 (medium)
	[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
	NOTE: see http://web.archive.org/web/20080206193307/http://git.madism.org:80/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32
CVE-2008-0160
	RESERVED
CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-6678
	REJECTED
CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam I ...)
	NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manag ...)
	NOT-FOR-US: ONEdotOH Simple File
CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...)
	{DSA-1459-1}
	- gforge 4.6.99+svn6330-1 (medium)
	NOTE: this is exploitable by unauthenticated users
	NOTE: Requires register_globals to be On, unsupported in lenny+sid.
	NOTE: In lenny+sid these scripts just don't work, so no security issue.
	NOTE: In etch+sarge we support gforge with rg On, unfortunately.
CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier  ...)
	NOT-FOR-US: eggBlog
CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and  ...)
	NOT-FOR-US: Shop-Script
CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote  ...)
	NOT-FOR-US: FlexBB
CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar S ...)
	NOT-FOR-US: Million Dollar Script
CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1 ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) all ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers t ...)
	NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier  ...)
	NOT-FOR-US: SeattleLab SLNet RF Telnet Server
CVE-2008-0151 (Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 35 ...)
	NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba  ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a dir ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows  ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlie ...)
	NOT-FOR-US: SmallNuke
CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL  ...)
	NOT-FOR-US: W3-mSQL
CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when open_based ...)
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7  ...)
	NOT-FOR-US: NetRisk
CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...)
	NOT-FOR-US: samPHPweb
CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords  ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7 ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...)
	NOT-FOR-US: Loudblog
CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...)
	NOT-FOR-US: XOOPS
CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...)
	NOT-FOR-US: SNETWORKS
CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information unde ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz  ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier all ...)
	NOT-FOR-US: Tribisur
CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long i ...)
	NOT-FOR-US: Pragma FortressSSH
CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant  ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in Si ...)
	NOT-FOR-US: Site@School
CVE-2008-0128 (The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn ...)
	{DSA-1468-1}
	- tomcat5 <removed> (unimportant)
	NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see #34724
	- tomcat5.5 5.5.23-1 (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ear ...)
	NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
	RESERVED
CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wa ...)
	NOT-FOR-US: Michael Wagner phpstats
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1 ...)
	{DSA-1528-1}
	- serendipity 1.3~b1-1 (low; bug #469667)
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8 ...)
	- moodle 1.9.8-1 (unimportant)
	NOTE: the issue itself has a quite small attack vector
	NOTE: and considering that the apache configuration that comes
	NOTE: with moodle limits connections to localhost this is no issue
CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...)
	- bind <removed>
	[sarge] - bind <no-dsa> (applications will use inet_network in libc)
	[etch] - bind <no-dsa> (applications will use inet_network in libc)
	- bind9 <not-affected> (does not build libbind)
	- glibc 2.2-1
	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
	NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allow ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote att ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 S ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, an ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Vi ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Vi ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP  ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File  ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Exp ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, an ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, an ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier  ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attack ...)
	NOT-FOR-US: RealPlayer
CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks S ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD)  ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Bu ...)
	- asterisk 1:1.4.17~dfsg-1 (medium; bug #458952)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content Managemen ...)
	NOT-FOR-US: MODx Content Management System
CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php i ...)
	NOT-FOR-US: eTicket
CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-6675 (The b_system_comments_show function in htdocs/modules/system/blocks/sy ...)
	NOT-FOR-US: XOOPS
CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare  ...)
	NOT-FOR-US: RapidShare Database
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows remo ...)
	NOT-FOR-US: Makale Scripti
CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protec ...)
	- jetty 6.1.18-1 (medium; bug #462793; bug #559765)
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows  ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload  ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not requi ...)
	NOT-FOR-US: MySpace Content Zone
CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search mo ...)
	NOT-FOR-US: Appalachian State University phpWebSite
CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET WEBFT ...)
	NOT-FOR-US: AGENCY4NET WEBFTP
CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows  ...)
	NOT-FOR-US: DivX Player
CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...)
	NOT-FOR-US: ClipShare
CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows 200 ...)
	NOT-FOR-US: Windows
CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 S ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (M ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows V ...)
	NOT-FOR-US: Windows
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scriptin ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...)
	NOT-FOR-US: Windows Messenger
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft  ...)
	NOT-FOR-US: Windows
CVE-2008-0079
	REJECTED
CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Micro ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ( ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ( ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073 (Array index error in the sdpplin_parse function in input/libreal/sdppl ...)
	{DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-128-1}
	- xine-lib 1.1.11-1 (medium)
	- vlc 0.8.6.e-2 (medium; bug #473057)
	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...)
	{DSA-1512-1}
	- evolution 2.12.3-1.1
	NOTE: SA29057
CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...)
	NOT-FOR-US: uTorrent 1.7.7 (build 8179) / BitTorrent 6.0.1 (build 7859)
CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA  ...)
	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assi ...)
	NOT-FOR-US: XnView
CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView Netw ...)
	NOT-FOR-US: HP OpenView
CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...)
	NOT-FOR-US: HP OpenView Network Node Manager (OV NNM)
CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in Aut ...)
	NOT-FOR-US: KeyView
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5. ...)
	NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.9 ...)
	NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not pro ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for som ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attacke ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0057 (Multiple integer overflows in a "legacy serialization format" parser i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 al ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable directorie ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent att ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS  ...)
	{DSA-1625-1}
	- cupsys 1.3.6-1
	- cups 1.3.6-1
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might all ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1. ...)
	{DSA-1530-1}
	- cupsys 1.3.6-3 (medium; bug #472105)
	- cups 1.3.6-3 (medium; bug #472105)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect Ger ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...)
	NOT-FOR-US: Apple iPhoto
CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple  ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.a ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows rem ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninst ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle whe ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 t ...)
	NOT-FOR-US: Apple cocoa Foundation
	NOTE: AFAICS this is not the same as libfoundation in Debian
CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier  ...)
	NOT-FOR-US: MyPHP Forum
CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 a ...)
	NOT-FOR-US: Zenphoto
CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL  ...)
	NOT-FOR-US: Netchemia
CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ea ...)
	NOT-FOR-US: WebPortal
CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html. ...)
	NOT-FOR-US: Pragmatic Utopia PU Arcade
CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows r ...)
	NOT-FOR-US: CuteNews
CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without sup ...)
	NOT-FOR-US: 2z project
CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: 2z project
CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9. ...)
	NOT-FOR-US: 2z project
CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS)  ...)
	NOT-FOR-US: CCMS
CVE-2007-6657 (PHP remote file inclusion vulnerability in source/includes/load_forum. ...)
	NOT-FOR-US: Mihalism
CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module f ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in Ko ...)
	NOT-FOR-US: Kontakt Formular
CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision InstallShi ...)
	NOT-FOR-US: Macrovision InstallShield Update Service Web Agent
CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi Ho ...)
	NOT-FOR-US: Mihalism
CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser  ...)
	NOT-FOR-US: XCMS
CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in Bitwea ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in Ma ...)
	NOT-FOR-US: MatPo Bilder Gallery
CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery 0.1. ...)
	NOT-FOR-US: SanyBee Gallery
CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier  ...)
	NOT-FOR-US: w-Agora
CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...)
	NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote auth ...)
	NOT-FOR-US: Joomla!
CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to p ...)
	NOT-FOR-US: Joomla!
CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in  ...)
	NOT-FOR-US: Joomla!
CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla!  ...)
	NOT-FOR-US: Joomla!
CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Re ...)
	NOT-FOR-US: milliscripts
CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not pro ...)
	NOT-FOR-US: Creammonkey and GreaseKit
CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier al ...)
	NOT-FOR-US: IPTBB
CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web roo ...)
	NOT-FOR-US: March Networks
CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...)
	- flashplugin-nonfree 1:1.4 (bug #459071)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html
CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu befor ...)
	NOT-FOR-US: Bitflu
CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in  ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly  ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPl ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbit ...)
	NOT-FOR-US: xml2owl
CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier al ...)
	NOT-FOR-US: LScube libnemesi
CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by  ...)
	NOT-FOR-US: Netembryo
CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows remot ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in R ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform Serv ...)
	NOT-FOR-US: Platform Service Process (asampsp)
CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i an ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili 3.0 ...)
	NOT-FOR-US: Joovili
CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 do ...)
	NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition
CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to delet ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterp ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleF ...)
	NOT-FOR-US: SimpleForum
CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares Medi ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in i ...)
	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
	[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
	- unp 1.0.13 (bug #448437; low)
	[etch] - unp <no-dsa> (Only used as archiver in third-party software)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
	NOT-FOR-US: CoolPlayer
CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5. ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain se ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain co ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2 ...)
	NOT-FOR-US: SkyFex Client
CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...)
	NOT-FOR-US: XCMS
CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and rea ...)
	NOT-FOR-US: Hot or Not Clone
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub 0.5. ...)
	NOT-FOR-US: NoseRub
CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8 ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	[sarge] - postgresql <unfixed>
CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...)
	NOT-FOR-US: IPortalX
CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...)
	{DSA-1458-1}
	- openafs 1.4.6.dfsg1-1 (medium)
	NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a syml ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (low; bug #458532)
	[etch] - clamav <not-affected> (Minor issue, first issue doesn't apply)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...)
	- clamav 0.92.1~dfsg-1 (unimportant; bug #458532)
	[etch] - clamav <no-dsa> (Minor issue)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
	NOTE: this is more a feature request than a bug
CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak per ...)
	NOT-FOR-US: Lotus Notes
CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy (forme ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the b ...)
	NOT-FOR-US: Safari
CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server cer ...)
	- kdebase 4:4.0.3-1 (low; bug #458968)
	[etch] - kdebase <no-dsa> (Minor issue)
	[lenny] - kdebase <no-dsa> (Minor issue)
	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
	NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
CVE-2007-6590
	REJECTED
CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...)
	{DSA-1534-1}
	- iceape 1.1.7-1 (medium)
	- iceweasel 2.0.0.10-1 (medium)
CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows re ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 al ...)
	NOT-FOR-US: Plogger
CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows r ...)
	NOT-FOR-US: nicLOR-CMS
CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php i ...)
	NOT-FOR-US: NmnNewsletter
CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow r ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in 102 ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows rem ...)
	NOT-FOR-US: mBlog
CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 allo ...)
	NOT-FOR-US: Social Engine
CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow  ...)
	NOT-FOR-US: Wallpaper Site
CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote atta ...)
	NOT-FOR-US: Ip Reg
CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote a ...)
	NOT-FOR-US: PHP ZLink
CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...)
	NOT-FOR-US: zBlog
CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earli ...)
	NOT-FOR-US: Adult Script
CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote at ...)
	NOT-FOR-US: MMSLamp
CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 an ...)
	NOT-FOR-US: Dokeos
CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: QK SMTP
CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy  ...)
	NOT-FOR-US: Sun Java System Web Proxy
CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database func ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log functio ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero Com ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community Clas ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta an ...)
	NOT-FOR-US: Blakord Portal
CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before  ...)
	{DSA-1467-1}
	- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to o ...)
	{DSA-1543-1 DTSA-132-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
	NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see https://trac.videolan.org/vlc/ticket/1371
CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function (networ ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VL ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to caus ...)
	- vlc 0.8.6.c-4.1 (bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: That's hardly a security problem, just a bug
CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including us ...)
	{DSA-1457-1}
	- dovecot 1:1.0.10-1 (low; bug #458315)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	[etch] - dovecot <no-dsa> (very minor issue)
	NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
	NOTE: low, because issue is only with quite rare configurations
CVE-2007-6612 (Directory traversal vulnerability in DirHandler (lib/mongrel/handlers. ...)
	- mongrel 1.1.3-1 (medium)
CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0 ...)
	NOT-FOR-US: Limbo CMS
CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ot ...)
	NOT-FOR-US: WinAce
CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen  ...)
	{DSA-1443-1}
	- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted re ...)
	NOT-FOR-US: PDFLib
CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic befor ...)
	NOT-FOR-US: Logaholic
CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 all ...)
	NOT-FOR-US: Logaholic
CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a denia ...)
	NOT-FOR-US: TotalPlayer
CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote  ...)
	NOT-FOR-US: MeGaCheatZ
CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow rem ...)
	NOT-FOR-US: websihirbazi
CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 an ...)
	NOT-FOR-US: TeamCal
CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1. ...)
	NOT-FOR-US: TeamCal
CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows r ...)
	NOT-FOR-US: AuraCMS
CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, a ...)
	NOT-FOR-US: MailMachine
CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact an ...)
	NOT-FOR-US: RunCMS
CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...)
	NOT-FOR-US: RunCMS
CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during  ...)
	NOT-FOR-US: RunCMS
CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it easi ...)
	NOT-FOR-US: RunCMS
CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1 ...)
	NOT-FOR-US: RunCMS
CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow re ...)
	NOT-FOR-US: RunCMS
CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exch ...)
	NOT-FOR-US: eSyndiCat Link Exchange Script
CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...)
	NOT-FOR-US: Arcadem LEArcadem LE
CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...)
	NOT-FOR-US: neuron news
CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...)
	NOT-FOR-US: neuron news
CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot iSuppo ...)
	NOT-FOR-US: IDevspot iSupport
CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...)
	- moodle <not-affected> (Vulnerable code not present, third party module)
CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...)
	NOT-FOR-US: WinUAE
CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta pres ...)
	NOT-FOR-US: Google Toolbar
CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006 ...)
	NOT-FOR-US: YShortcut ActiveX control
CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher all ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-ass ...)
	NOT-FOR-US: Zoom Player
CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce  ...)
	- libxfcegui4 4.4.2 (low)
	[sarge] - libxfcegui4 <no-dsa> (Minor issue)
	[etch] - libxfcegui4 <no-dsa> (Minor issue)
CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in Xf ...)
	- xfce4-panel 4.4.2 (low)
	[sarge] - xfce4-panel <no-dsa> (Minor issue)
	[etch] - xfce4-panel <no-dsa> (Minor issue)
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
	NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unk ...)
	- tikiwiki <removed>
CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki b ...)
	- tikiwiki <removed>
CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload ...)
	NOT-FOR-US: PunBB
CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in  ...)
	- tikiwiki <removed>
CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) T ...)
	NOT-FOR-US: IBM DB2 Content Manager
CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially sensit ...)
	NOT-FOR-US: Opera
CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...)
	NOT-FOR-US: Opera
CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...)
	NOT-FOR-US: Opera
CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain scri ...)
	NOT-FOR-US: Opera
CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System (FF ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab Burnin ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2007-6517 (SQL injection vulnerability in the forget password section (LostPwd.as ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.o ...)
	NOT-FOR-US: RavWare Software MAS Flic ActiveX Control
CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to exe ...)
	NOT-FOR-US: SiteScape
CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports  ...)
	NOT-FOR-US: HP eSupportDiagnostics ActiveX control
CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...)
	NOT-FOR-US: PHP MySQL Banner Exchange
CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content fi ...)
	NOT-FOR-US: Websense Enterprise
CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62  ...)
	NOT-FOR-US: ProWizard
CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process Manage ...)
	NOT-FOR-US: Appian Enterprise Business Process Management Suite
CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows remo ...)
	NOT-FOR-US: xeCMS
CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a Wi ...)
	- linux-2.6 2.6.17-1 (low; bug #529318)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.17)
	NOTE: While labeled as an Apache flaw, fix required in smbfs
CVE-2007-XXXX [venkman preinst symlink dos]
	- venkman 0.9.87.2-1 (bug #456520)
	[lenny] - venkman <not-affected> (Vulnerable code not present)
	[sarge] - venkman <not-affected> (Vulnerable code not present)
	[etch] - venkman <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable]
	- unace-nonfree 2.5-3
	[etch] - unace-nonfree 2.5-1etch1
CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, befo ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.d ...)
	NOT-FOR-US: HP Software Update
CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd  ...)
	NOT-FOR-US: Solaris
CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1  ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authentic ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot f ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attac ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allo ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...)
	NOT-FOR-US: iMesh
CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...)
	NOT-FOR-US: iMesh
CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS all ...)
	NOT-FOR-US: Kvaliitti WebDoc CMS
CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One C ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series O ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series On ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 a ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka  ...)
	NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ( ...)
	- centreon-web <itp> (bug #913903)
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote a ...)
	NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...)
	NOT-FOR-US: SafeNet Sentinel Protection and Keys Server
CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in  ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in  ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...)
	NOT-FOR-US: Oracle database component in Sun Management Center
CVE-2007-6479 (Unrestricted file upload vulnerability in the "My productions" compone ...)
	NOT-FOR-US: Dokeos
CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and p ...)
	NOT-FOR-US: Rosoft Media Player
CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature i ...)
	NOT-FOR-US: Citrix Web Interface and NFuse
CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration inform ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow  ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explor ...)
	NOT-FOR-US: WFTPD Explorer Pro
CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allo ...)
	NOT-FOR-US: phpMyRealty
CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Win ...)
	NOT-FOR-US: phPay
CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: phpRPG
CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qut ...)
	NOT-FOR-US: phpRPG
CVE-2007-6468 (Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman. ...)
	NOT-FOR-US: Hammer of Thyrion
CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows re ...)
	NOT-FOR-US: MKPortal
CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in  ...)
	- ganglia-monitor-core <not-affected> (ganglia web-frontend not included)
CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0 ...)
	NOT-FOR-US: Form tools
CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate Classif ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fl ...)
	- flyspray <removed>
CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Serv ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers t ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 al ...)
	NOT-FOR-US: 123tkShop
CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 a ...)
	NOT-FOR-US: NetWin SurgeMail 38k4
CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffic ...)
	NOT-FOR-US: Planamesa NeoOffice
	NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO
CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ma ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...)
	{DSA-1583-1 DSA-1441-1}
	- peercast 0.1218+svn20071220+2 (medium; bug #457300)
	- gnome-peercast 0.5.4-1.2 (medium; bug #466539)
CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php i ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google  ...)
	- gwt 1.6.4-1 (low; bug #563542)
CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly  ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 all ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6449
	REJECTED
CVE-2007-6448
	REJECTED
CVE-2007-6447
	REJECTED
CVE-2007-6446
	REJECTED
CVE-2007-6445
	REJECTED
CVE-2007-6444
	REJECTED
CVE-2007-6443
	REJECTED
CVE-2007-6442
	REJECTED
CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows rem ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6440
	REJECTED
CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause  ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly  ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows rem ...)
	{DSA-1464-1 DTSA-105-1}
	- syslog-ng 2.0.6-1 (low; bug #457334)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Op ...)
	NOT-FOR-US: predating security tracker
CVE-2008-0030
	REJECTED
CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...)
	NOT-FOR-US: Cisco
CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance a ...)
	NOT-FOR-US: Cisco
CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) Provide ...)
	NOT-FOR-US: Cisco
CVE-2008-0026 (SQL injection vulnerability in Cisco Unified CallManager/Communication ...)
	NOT-FOR-US: Cisco
CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
	NOT-FOR-US: JustSystems
CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTM ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual  ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected)
CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query clas ...)
	- jbosseam <itp> (bug #451956)
CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5,  ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and  ...)
	{DSA-1525-1}
	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow context ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension i ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows context-depe ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and pos ...)
	NOT-FOR-US: EMC RepliStor
CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transpor ...)
	NOT-FOR-US: HP-UX
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in cert ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2007-6423
	- apache2 <not-affected> (disputed / only for Windows)
CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in mod_pr ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the balancer-manage ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 <no-dsa> (minor issue)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	NOTE: Won't be fixed in etch.
CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.2 ...)
	NOT-FOR-US: HP-UX
CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen 3 ...)
	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
	- xen-3 <not-affected> (We only have xen for i386 and amd64)
	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...)
	{DSA-1473-1}
	- scponly 4.6-1.2 (high)
CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a redire ...)
	NOT-FOR-US: Adult ScriptAdult Script
CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in Bitwea ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG  ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows re ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed b ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified informati ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Prov ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Co ...)
	NOT-FOR-US: CA eTrust Threat Management Console
CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttp ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assist ...)
	NOT-FOR-US: Winamp
CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic (M ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ( ...)
	NOT-FOR-US: PolDoc CMS
CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote authenticate ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass authe ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP  ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP Bo ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 allo ...)
	NOT-FOR-US: Content Injector
CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script  ...)
	NOT-FOR-US: Ace Image Hosting Script
CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows remo ...)
	NOT-FOR-US: DWdirectory
CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 allow ...)
	NOT-FOR-US: SH-News
CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar plug ...)
	- serendipity <not-affected> (This is an external plugin not included in our packages)
CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 mig ...)
	- gnome-screensaver 2.22.0-1 (low; bug #455484)
	[etch] - gnome-screensaver <no-dsa> (Minor issue)
CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache H ...)
	- apache <removed> (low)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users  ...)
	{DSA-1437-1}
	- cups 1.3.5-1 (low; bug #456960)
	- cupsys 1.3.5-1 (low; bug #456960)
	[sarge] - cupsys <no-dsa> (Minor issue)
	NOTE: the debian package is a bit confusing here as it also ships a pdftops
	NOTE: wrapper script as an example but the original script is installed
	NOTE: under /usr/lib/cups/filters
CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (in ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (low; bug #457062)
CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact a ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependen ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (medium; bug #457330)
CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (low; bug #457330)
CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windo ...)
	NOT-FOR-US: P4Web
CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQ ...)
	{DSA-1501-1}
	- dspam 3.6.8-5.1 (low; bug #448519)
CVE-2008-0025
	RESERVED
CVE-2008-0024
	RESERVED
CVE-2008-0023
	RESERVED
CVE-2008-0022
	RESERVED
CVE-2008-0021
	RESERVED
CVE-2008-0020 (Unspecified vulnerability in the Load method in the IPersistStreamInit ...)
	NOT-FOR-US: Microsoft
CVE-2008-0019
	RESERVED
CVE-2008-0018
	RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3 ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in Mozil ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream functio ...)
	NOT-FOR-US: Microsoft
CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 an ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 Acti ...)
	NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend  ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not prop ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA  ...)
	NOT-FOR-US: BEA WebLogic Mobility Server
CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ch ...)
	NOT-FOR-US: Chandler
CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote attac ...)
	NOT-FOR-US: Robocode
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in  ...)
	{DSA-1439-1}
	- typo3-src 4.1.5-1 (low; bug #457446)
	NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1 ...)
	NOT-FOR-US: e-Xoops
CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: BadBlue
CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and e ...)
	NOT-FOR-US: BadBlue
CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll i ...)
	NOT-FOR-US: BadBlue
CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi P ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier  ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow rem ...)
	NOT-FOR-US: GestDown
CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remo ...)
	NOT-FOR-US: JUNOS
CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attac ...)
	NOT-FOR-US: Nokia N95
CVE-2007-6370
	REJECTED
CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the Pict ...)
	NOT-FOR-US: PictPress
CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 all ...)
	NOT-FOR-US: ezContents
CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook i ...)
	NOT-FOR-US: SineCMS
CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier al ...)
	NOT-FOR-US: SineCMS
CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php i ...)
	NOT-FOR-US: bcoos
CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLM ...)
	NOT-FOR-US: JLMForo System
CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when u ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery (com_rsgalle ...)
	NOT-FOR-US: RSGallery
CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web roo ...)
	NOT-FOR-US: Gekko
CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility  ...)
	NOT-FOR-US: Sun eXtended System Control Facility
CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote,  ...)
	NOT-FOR-US: Microsoft Office Access
CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...)
	{DSA-1474-1}
	- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...)
	{DSA-1473-1}
	- scponly 4.6-1.1 (high; bug #437148)
CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net befo ...)
	- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php i ...)
	NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allo ...)
	NOT-FOR-US: Rainboard
CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...)
	NOT-FOR-US: aurora
CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms Eas ...)
	NOT-FOR-US: Mcms Easy Web Make
CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node M ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module (AuthCA ...)
	NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such a ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.63-1 (low; bug #457445)
	NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ciph ...)
	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (Do ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill E ...)
	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in nsis ...)
	{DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to exec ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote atta ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and pos ...)
	NOT-FOR-US: Ingres on Windows
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...)
	NOT-FOR-US: HP Info Center HP Quick Launch Buttons
CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 Active ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...)
	NOT-FOR-US: Meridian Prolog Manager
CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sig ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-6328
	- dosbox 0.72-1 (unimportant; bug #458950)
	NOTE: this is not a security issue, its a feature of dosbox and the first
	NOTE: thing documented in the manpage
CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media Technolog ...)
	NOT-FOR-US: Online Media Technologies
CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attac ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6325 (PHP remote file inclusion vulnerability in adminbereich/designconfig.p ...)
	NOT-FOR-US: Fastpublish
CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter 0.9. ...)
	NOT-FOR-US: CityWriter
CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 al ...)
	NOT-FOR-US: MMS Gallery PHP
CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...)
	NOT-FOR-US: xml2owl
CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does n ...)
	NOT-FOR-US: Feature (third party drupal module)
CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8 ...)
	NOT-FOR-US: Lyris ListManager
CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress 2.3. ...)
	- wordpress 2.3.2-1 (low; bug #459305)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416
CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web Ser ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server  ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote authe ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read t ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...)
	- mysql-dfsg-5.0 <not-affected> (this only affects >= 5.1.x, update for experimental is on its way)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web Repo ...)
	NOT-FOR-US: Web Security Suite
CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) admin/i ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in we ...)
	NOT-FOR-US: webSPELL
CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows re ...)
	NOT-FOR-US: HttpLogger
CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php  ...)
	NOT-FOR-US: wwwstats
CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map f ...)
	- libjfreechart-java 1.0.9-1 (low; bug #456148)
	[sarge] - libjfreechart-java <no-dsa> (Contrib not supported)
CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3 ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in OpenNewslet ...)
	NOT-FOR-US: OpenNewsletter
CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 a ...)
	NOT-FOR-US: Fusion News
CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for Dr ...)
	NOT-FOR-US: shoutbox (third party module for Drupal)
CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14. ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyC ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page i ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ea ...)
	NOT-FOR-US: MWOpen
CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manag ...)
	NOT-FOR-US: Xigla Absolute Banner Manager .NET
CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in SERWe ...)
	NOT-FOR-US: SERWeb
CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev ...)
	NOT-FOR-US: SERWeb
CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow  ...)
	NOT-FOR-US: TCExam
CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs H ...)
	NOT-FOR-US: HyperVM
CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...)
	- tomcat5.5 <not-affected> (Does not use apr connector)
	- tomcat5 <removed>
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux distrib ...)
	- autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
	- autofs5 5.0.3-1
	NOTE: for autofs5 see 12disable_default_auto_master.dpatch
CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows context-de ...)
	{DSA-1461-1}
	- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
	- libxml 1.8.17-14.1 (medium)
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ...)
	- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote r ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
	NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.2 ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0. ...)
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
	[etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32)
CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x be ...)
	- drupal5 5.5-1
	- drupal 4.7.10-1
CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2,  ...)
	- roundcube 0.1~rc2-6 (low; bug #455840)
	NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
CVE-2007-6280
	RESERVED
CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec (FLA ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: According to upstream this issue is not exploitable for code injection
	NOTE: due to the layout of the seektable memory
CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assi ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: Such validations are within the responsibility of the respective applications
CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC  ...)
	{DSA-1469-1}
	- flac 1.2.1-1
CVE-2007-6276 (The accept_connections function in the virtual private network daemon  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos  ...)
	NOT-FOR-US: bcoos
CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/di ...)
	NOT-FOR-US: bcoos
CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in So ...)
	NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...)
	NOT-FOR-US: Joomla!
CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News M ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolu ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute Ne ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 an ...)
	NOT-FOR-US: Citrix EdgeSight
CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier all ...)
	NOT-FOR-US: bcoos
CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions b ...)
	NOT-FOR-US: avast!
CVE-2007-6264
	RESERVED
CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, whe ...)
	- linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733)
	[sarge] - linux-ftpd-ssl <no-dsa> (Minor issue)
	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...)
	- vlc <not-affected> (Windows only issue)
CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with def ...)
	NOT-FOR-US: Oracle
CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol implementat ...)
	NOT-FOR-US: Sun SunForum
CVE-2007-6259
	RESERVED
CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV  ...)
	- libapache2-mod-jk2 2.0.4-1
CVE-2007-6257
	RESERVED
CVE-2007-6256
	REJECTED
CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBE ...)
	NOT-FOR-US: Microsoft HRTBEAT.OCX
CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects BusinessObject ...)
	NOT-FOR-US: SAP
CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5 ...)
	NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation STRunn ...)
	NOT-FOR-US: Street Technologies
CVE-2007-6251
	RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPl ...)
	NOT-FOR-US: AmpX ActiveX control
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the um ...)
	NOT-FOR-US: Gentoo portage
CVE-2007-6248
	RESERVED
CVE-2007-6247
	REJECTED
CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up  ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up  ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up  ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier m ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unkno ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06  ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before  ...)
	{DSA-1646-2 DSA-1482-1}
	- squid 2.6.17-1 (medium; bug #455910)
CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie paramete ...)
	NOT-FOR-US: DeluxeBB
CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause  ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote  ...)
	NOT-FOR-US: RealNetworks RealPlayer 11
CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass authent ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allo ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1 ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7  ...)
	NOT-FOR-US: tellmatic
CVE-2007-6230 (Directory traversal vulnerability in common/classes/class_HeaderHandle ...)
	NOT-FOR-US: Rayzz
CVE-2007-6229 (PHP remote file inclusion vulnerability in common/classes/class_Header ...)
	NOT-FOR-US: Rayzz
CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 A ...)
	NOT-FOR-US: Yahoo! Toolbar
CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating syst ...)
	- qemu <not-affected> (Windows issue)
CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Powe ...)
	NOT-FOR-US: American Power Conversion (APC)
CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used o ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc326 ...)
	NOT-FOR-US: RealAudioObjects.RealAudio ActiveX
CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3  ...)
	NOT-FOR-US: phpBB Garage
CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT Interleav ...)
	NOT-FOR-US: Interleave
CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain configurati ...)
	NOT-FOR-US: TuMusika
CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of se ...)
	- typespeed 0.6.4-1 (unimportant; bug #454527)
CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Securit ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ( ...)
	NOT-FOR-US: Irola My-Time
CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...)
	NOT-FOR-US: Web-MeetMe
CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in Lear ...)
	NOT-FOR-US: LearnLoop
CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in  ...)
	NOT-FOR-US: WebED
CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 allow ...)
	NOT-FOR-US: KML share
CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux kerne ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.2 ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 bui ...)
	{DSA-1476-1}
	- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that registe ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
	- libxfont 1:1.3.1-2
	[etch] - libxfont 1:1.2.2-2.etch1
CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-de ...)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache2 <no-dsa> (browser issue; low impact)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
	REJECTED
CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback  ...)
	NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...)
	- tomcat5.5 <not-affected> (Only Tomcat 6 is affected, according to upstream)
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.1 ...)
	{DSA-1479-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
	- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plu ...)
	{DSA-1528-1}
	- serendipity 1.2.1-1 (low)
CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...)
	NOT-FOR-US: HP OpenView
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ...)
	- apache2 2.2.6-3 (low)
	[sarge] - apache2 <no-dsa> (minor issue)
	- apache <not-affected> (vulnerable code not present)
	NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
	[etch] - apache2 2.2.3-4+etch4
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users  ...)
	- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" script ...)
	{DSA-1420-1 DTSA-93-1}
	- zabbix 1:1.4.2-4 (bug #452682)
CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome S ...)
	NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users  ...)
	- sing 1.1-16 (low; bug #454167)
	[etch] - sing 1.1-13etch1
	[sarge] - sing 1.1-9sarge1
CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
	- zsh 4.3.4-dev-3-2 (low; bug #454073)
	[etch] - zsh <no-dsa> (Minor issue)
	[sarge] - zsh <no-dsa> (Minor issue)
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x bef ...)
	- wesnoth 1:1.2.8-1 (low)
	[etch] - wesnoth 1.2-4
	[sarge] - wesnoth 0.9.0-8
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a wr ...)
	- rsync 2.6.9-6 (low; bug #453652)
	[etch] - rsync <no-dsa> (Minor issue)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is n ...)
	- rsync 2.6.9-6 (unimportant; bug #453652)
	NOTE: Security feature enhancement, not really a security problem
CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5 ...)
	NOT-FOR-US: Plumtree
CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 a ...)
	NOT-FOR-US: Plumtree
CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
	NOT-FOR-US: Calacode
CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in Softw ...)
	NOT-FOR-US: HP-UX
CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 a ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
	NOT-FOR-US: Citrix
CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses w ...)
	NOT-FOR-US: Citrix
CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.m ...)
	NOT-FOR-US: Armin Burger p.mapper
CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobi ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in Bit ...)
	NOT-FOR-US: BitDefender Online Anti-Virus Scanner
CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7 ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect  ...)
	NOT-FOR-US: PHP Content Architect
CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impa ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS  ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...)
	NOT-FOR-US: Project Alumni
CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 al ...)
	NOT-FOR-US: ISPmanager
CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier  ...)
	NOT-FOR-US: Cygwin
CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in  ...)
	NOT-FOR-US: Solaris
CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0. ...)
	NOT-FOR-US: Charray's CMS
CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Con ...)
	NOT-FOR-US: Easy Hosting Control Panel for Ubuntu
CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in PHP ...)
	NOT-FOR-US: PHP-CON
CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...)
	NOT-FOR-US: KB-Bestellsystem
CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: Lhaplus
CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain pri ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay  ...)
	- liferay-portal <itp> (bug #569819)
CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...)
	NOT-FOR-US: wpQuiz
CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows r ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might  ...)
	NOT-FOR-US: Yast2
CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used i ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote at ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote a ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1. ...)
	NOT-FOR-US: FMDeluxe
CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to obta ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier  ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...)
	NOT-FOR-US: Proverbs Web Calendar
CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...)
	NOT-FOR-US: SimpleGallery
CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.p ...)
	- acidbase 1.3.9-1 (low; bug #453838)
	[etch] - acidbase <not-affected> (vulnerable code not present, in etch acidbase exits in this case)
CVE-2007-6155
	RESERVED
CVE-2007-6154
	RESERVED
CVE-2007-6153
	RESERVED
CVE-2007-6152
	RESERVED
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
	- linux-2.6 2.6.23-2
CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media Ser ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media S ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1. ...)
	NOT-FOR-US: IAPR COMMENCE
CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Win ...)
	NOT-FOR-US: JP1/File Transmission Server/FTP on windows
CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP  ...)
	NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP
CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control i ...)
	NOT-FOR-US: Xunlei Thunder
CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU  ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...)
	NOT-FOR-US: JAF CMS
CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 B ...)
	NOT-FOR-US: vBTube
CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote  ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1. ...)
	NOT-FOR-US: Mp3 ToolBox
CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows remo ...)
	NOT-FOR-US: VU Mass Mailer
CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 allow ...)
	NOT-FOR-US: Content Injector
CVE-2007-6136 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2 ...)
	NOT-FOR-US: M2Scripts MySpace Scripts
CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSli ...)
	NOT-FOR-US: PHPSlideShow
CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6. ...)
	NOT-FOR-US: PHPKIT
CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...)
	NOT-FOR-US: DevMass Shopping Cart
CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in gtk/sr ...)
	{DSA-1431-1 DTSA-102-1}
	- ruby-gnome2 0.16.0-10 (medium; bug #453689)
CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine (res_confi ...)
	- asterisk 1:1.4.15~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...)
	{DSA-1417-1}
	- asterisk 1:1.4.15~dfsg-1 (medium)
CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices  ...)
	- kfreebsd-7 7.0~cvs20080107-1
	- kfreebsd-6 6.3~cvs20080107-1
	- kfreebsd-5 <removed> (medium; bug #453944)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-6132
	REJECTED
CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite  ...)
	- scanbuttond 0.2.3-6 (unimportant; bug #453239)
	NOTE: this is just an example script, maintainer adds a note about it
	NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, wh ...)
	- gnump3d 3.0-1 (medium)
	[sarge] - gnump3d <not-affected> (Vulnerable code not present)
	[etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php  ...)
	NOT-FOR-US: Amber script
CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 all ...)
	NOT-FOR-US: WorkingOnWeb
CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ear ...)
	NOT-FOR-US: Alumni
CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni  ...)
	NOT-FOR-US: Alumni
CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers  ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Free ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...)
	NOT-FOR-US: IRC Services
CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before 5.0.6 ...)
	NOT-FOR-US: IRC Services
CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6  ...)
	{DSA-1429-1}
	- htdig 1:3.2.0b6-4 (low; bug #453278)
	[sarge] - htdig <not-affected> (Vulnerable code not present)
CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...)
	{DTSA-98-1 DTSA-99-1}
	- emacs22 22.1+1-2.2 (bug #455432)
	- emacs21 21.4a+1-5.2 (bug #455433)
	[etch] - emacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
	- xemacs21 21.4.21-4 (bug #457764)
	[etch] - xemacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
CVE-2007-6108
	RESERVED
CVE-2007-6107
	RESERVED
CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98  ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 a ...)
	NOT-FOR-US: TalkBack
CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...)
	NOT-FOR-US: FileMaker Pro
CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1)  ...)
	- ihu 0.5.6-3.1 (unimportant; bug #453280)
	NOTE: Would only terminate normal phone call by hanging up, not a real security bug
CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2J ...)
	NOT-FOR-US: feed2js
CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to c ...)
	NOT-FOR-US: Ability Mail Server
CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth ...)
	- phpmyadmin 4:2.11.2.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/960064b55f68cd74969e8f0eee56da045f6ea57a
CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParato ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log tru ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate Firewal ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext  ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0  ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator  ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParat ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Ba ...)
	NOT-FOR-US: JiRo's Banner System (JBS)
CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...)
	NOT-FOR-US: Nuked-Klan
CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...)
	NOT-FOR-US: meBiblio
CVE-2007-6088 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: phpBBViet
CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in Vigile ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts  ...)
	NOT-FOR-US: HotScripts Clone script
CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in Sciu ...)
	NOT-FOR-US: Sciurus Hosting Panel
CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...)
	NOT-FOR-US: Windows
CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the banner ...)
	NOT-FOR-US: bcoos
CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos 1.0.1 ...)
	NOT-FOR-US: bcoos
CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote a ...)
	NOT-FOR-US: SkyPortal
CVE-2007-6076
	RESERVED
CVE-2007-6075
	RESERVED
CVE-2007-6074
	RESERVED
CVE-2007-6073
	RESERVED
CVE-2007-6072
	RESERVED
CVE-2007-6071
	RESERVED
CVE-2007-6070
	REJECTED
CVE-2007-6069
	RESERVED
CVE-2007-6068
	RESERVED
CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser  ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-6066
	RESERVED
CVE-2007-6065
	RESERVED
CVE-2007-6064
	RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
	- ngircd 0.10.3-1 (bug #451875)
	[etch] - ngircd 0.10.0-2etch1
CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name w ...)
	- audacity 1.3.4-1.1 (bug #453283; low)
	[etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a f ...)
	NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
CVE-2007-6059
	NOT-FOR-US: Javamail
CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0  ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm Socia ...)
	NOT-FOR-US: datecomm Social Networking Script
CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a  ...)
	NOT-FOR-US: Aida-Web
CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay  ...)
	- liferay-portal <itp> (bug #569819)
CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the mana ...)
	NOT-FOR-US: Aruba 800 Mobility Controller
CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggre ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 befor ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 UD ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unkn ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates predic ...)
	NOT-FOR-US: Windows
CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Co ...)
	NOT-FOR-US: SWSoft Confixx Professional
CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in sequencer.c ...)
	NOT-FOR-US: Rigs of Rods (RoR)
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to caus ...)
	NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ...)
	- php5 5.2.5-1 (unimportant; bug #453295)
	NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
	NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails 1 ...)
	- rails 1.2.6-1 (low; bug #452748)
CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal)  ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.9 ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly  ...)
	{DTSA-92-1}
	- wireshark 0.99.6pre1-1 (low)
	[etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very intrusive backport)
CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 thro ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethe ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99 ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark (formerl ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows  ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0. ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in  ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...)
	NOT-FOR-US: LIVE555 Media Server
CVE-2007-6034
	REJECTED
CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure p ...)
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web Publish ...)
	NOT-FOR-US: Aleris Web Publishing Server
CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attack ...)
	NOT-FOR-US: VanDyke VShell
CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknow ...)
	NOT-FOR-US: Weird Solutions BOOTPTurbo
CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote at ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL Ac ...)
	NOT-FOR-US: ComponentOne FlexGrid
CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka M ...)
	NOT-FOR-US: Microsoft Jet Engine
CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 a ...)
	- wpasupplicant 0.6.0-4
	[etch] - wpasupplicant <not-affected> (Vulnerable code not present)
	[sarge] - wpasupplicant <not-affected> (Vulnerable code not present)
CVE-2007-6024
	RESERVED
CVE-2007-6023
	RESERVED
CVE-2007-6022
	RESERVED
CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows u ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...)
	NOT-FOR-US: KeyView
CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, al ...)
	- flashplugin-nonfree 1:1.4
CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...)
	{DSA-1470-1}
	- horde3 3.1.6-1 (bug #461131; low)
	- imp4 <not-affected> (xss.php is only present in horde3 package)
CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in th ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6016 (Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar. ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in S ...)
	{DSA-1427-1 DTSA-100-1}
	- samba 3.0.28-1 (high)
CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ear ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash o ...)
	- wordpress 2.5.0-1 (low; bug #452251)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: if untrusted people are allowed to read the database they could still
	NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 ...)
	NOT-FOR-US: DocuSafe
CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in N ...)
	NOT-FOR-US: Novell iChain
CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x ...)
	NOT-FOR-US: Xoops
CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...)
	NOT-FOR-US: predating security tracker
CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...)
	{DSA-1418-1}
	- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System b ...)
	NOT-FOR-US: BugHotel
CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allow ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote a ...)
	NOT-FOR-US: ACD products
CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (fo ...)
	NOT-FOR-US: Autonomy
CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manage ...)
	NOT-FOR-US: Pro Photo Manager
CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization me ...)
	NOT-FOR-US: TestLink
CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX c ...)
	NOT-FOR-US: WebEx
CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...)
	NOT-FOR-US: Toko Instan
CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Th ...)
	NOT-FOR-US: SpeedTouch
CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.1 ...)
	NOT-FOR-US: Fenriru
CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ba ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a den ...)
	- kdebase <unfixed> (unimportant; bug #451794)
	NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer
	NOTE: it seems konqueror only treats the cookie value until some special length
	NOTE: as cookie, after this length it will open the rest as site content. This eats alot
	NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after
	NOTE: no memory is left, not treated as security problem.
CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions Sc ...)
	NOT-FOR-US: Softbiz
CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus S ...)
	NOT-FOR-US: Softbiz
CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner Ex ...)
	NOT-FOR-US: Softbiz Banner Exchange Network Script
CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link Direct ...)
	NOT-FOR-US: Softbiz Link Directory Script
CVE-2007-5995 (PHP remote file inclusion vulnerability in examples/patExampleGen/bbco ...)
	NOT-FOR-US: patBBcode
CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz  ...)
	NOT-FOR-US: php photo album
CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in Li ...)
	NOT-FOR-US: vtls
CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...)
	NOT-FOR-US: Social Networking Script
CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote a ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote a ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not  ...)
	{DSA-1570-1}
	- pcre3 7.0-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...)
	NOT-FOR-US: Symantec Web Security
CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and po ...)
	NOT-FOR-US: YaBB
CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...)
	NOT-FOR-US: Skype
CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user acc ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is disabl ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker bef ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker befo ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 a ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstr ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4,  ...)
	NOT-FOR-US: X7 Chat
CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which  ...)
	NOT-FOR-US: Lantronix
CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog be ...)
	NOT-FOR-US: eggblog
CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass
CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module fo ...)
	NOT-FOR-US: XOOPS
CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmi ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/83adea5d6f79640648d3d5384c910820f1d085c3
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6225d4533abb0ffee0c985354326295a746cc79e
CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11 ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) T ...)
	NOT-FOR-US: TBSource
CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote a ...)
	NOT-FOR-US: JPortal
CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and earli ...)
	NOT-FOR-US: JPortal
CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in lib/k ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: potential attackers must have privileges to store the krb5kdc master key
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 functi ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authent ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
	NOTE: version in experimental is affected by this
	NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x be ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
	- mysql-dfsg-4.1 <removed>
CVE-2007-5968
	REJECTED
CVE-2007-5967
	RESERVED
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in  ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verif ...)
	- qt4-x11 4.3.3-1
	[etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
	- qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, suc ...)
	- autofs 3.1.4-8 (medium)
	- autofs5 5.0.3-1
CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a den ...)
	- kdebase <unfixed> (unimportant)
	NOTE: This has only theoretical security impact
CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...)
	- vsftpd <not-affected> (Vulnerability in Red Hat-specific patch)
CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network channe ...)
	NOT-FOR-US: Red Hat Network channel search feature
CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-39
CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-38
CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the existen ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Ubuntu-specific regression)
CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library  ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library  ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not  ...)
	- pcre3 6.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.T ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET bef ...)
	NOT-FOR-US: UPDIR.NET
CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo Sy ...)
	NOT-FOR-US: JLMForo System
CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...)
	NOT-FOR-US: Really Simple CalDAV Store
CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios  ...)
	NOT-FOR-US: Helios Calendar
CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows re ...)
	NOT-FOR-US: E-Vendejo
CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11,  ...)
	NOT-FOR-US: NetCommons
CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6. ...)
	NOT-FOR-US: IBM Tivoli Service Desk
CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF- ...)
	NOT-FOR-US: SF-Shoutbox
CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1 (low; bug #451624)
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-37
CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11. ...)
	NOT-FOR-US: HP-UX
CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of reposito ...)
	NOT-FOR-US: usvn
CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Conta ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a me ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive informati ...)
	- bandersnatch <removed> (unimportant; bug #451365)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adob ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users  ...)
	- texlive-bin 2005.dfsg.2-1
	- feynmf 1.08-1
CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...)
	- heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok)
CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1. ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2 ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to obta ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 200 ...)
	{DTSA-97-1}
	- texlive-bin 2007.dfsg.1-1
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...)
	- php-mdb2 2.5.0b2-1
CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to  ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not  ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows co ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B. ...)
	NOT-FOR-US: HP-UX
CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in Po ...)
	NOT-FOR-US: PostNuke
CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke 0.7 ...)
	NOT-FOR-US: PostNuke
CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 throu ...)
	NOT-FOR-US: JBrowser
CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire Gate ...)
	NOT-FOR-US: 2Wire Gateway
CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...)
	NOT-FOR-US: PostNuke
CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...)
	NOT-FOR-US: Fatwire Content Server
CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in Oran ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in Cerbe ...)
	NOT-FOR-US: Cerberus Ftp Server
CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote auth ...)
	NOT-FOR-US: OpenBase
CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to trigg ...)
	NOT-FOR-US: OpenBase
CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier allow ...)
	NOT-FOR-US: OpenBase
CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to execu ...)
	NOT-FOR-US: OpenBase
CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the In ...)
	{DSA-1413-1 DTSA-91-1}
	- mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in  ...)
	NOT-FOR-US: eTrust SiteMinder Agent
CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloade ...)
	- ircii-pana <not-affected> (Does not ship this script)
CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...)
	NOT-FOR-US: Solaris
CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...)
	NOT-FOR-US: Domenico Mancini PicoFlat CMS
CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web r ...)
	NOT-FOR-US: MyWebFTP
CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS  ...)
	NOT-FOR-US: MS TopSites
CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in admin/admin_account ...)
	NOT-FOR-US: Skalinks
CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 al ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 a ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5914 (Direct static code injection vulnerability in dirsys/modules/config/po ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not  ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote a ...)
	NOT-FOR-US: jPORTAL
CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX cont ...)
	NOT-FOR-US: Viewpoint Media Player
CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView View ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5908
	REJECTED
CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from applicatio ...)
	- xen-3 3.1.2-1 (unimportant; bug #451626)
	- xen-3.0 <removed> (unimportant)
	NOTE: CONFIG_SECCOMP isn't activated in Debian kernels
CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of servi ...)
	- xen-3 3.1.2-1 (medium; bug #451626)
	- xen-3.0 <removed>
CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earli ...)
	{DSA-1428-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3
CVE-2007-5903
	RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in lib/rpc/ ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in lib ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms co ...)
	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
	NOTE: from CVS and later re-introduction
	NOTE: http://bugs.php.net/bug.php?id=41561
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before  ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1,  ...)
	NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of s ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5895
	RESERVED
CVE-2007-5894
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2006-7224
	REJECTED
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6 ...)
	NOT-FOR-US: WebTrends Reporting Center
CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...)
	NOT-FOR-US: Quick 'n Easy FTP Server (Windows only)
CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gall ...)
	NOT-FOR-US: XTREME ASP Photo Gallery
CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Techno ...)
	NOT-FOR-US: Codeworx Technologies DCP-Portal
CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full insta ...)
	NOT-FOR-US: Justice Guestbook
CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestb ...)
	NOT-FOR-US: Justice Guestbook
CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows r ...)
	NOT-FOR-US: PhpPass
CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows rem ...)
	NOT-FOR-US: PhpMyShop
CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Sof ...)
	NOT-FOR-US: Lilikoi Software Ceilidh
CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier  ...)
	- phpbb2 <not-affected> (Vulnerable versions too old to have been in Debian)
CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk a ...)
	NOT-FOR-US: Seagull Software Systems J Walk
CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ov ...)
	NOT-FOR-US: Fujitsu Siemens NetWorker
CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote a ...)
	NOT-FOR-US: Sockets Library
CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReade ...)
	NOT-FOR-US: SSReader
CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...)
	NOT-FOR-US: ManageEngine OpManager and OpManager
CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows  ...)
	NOT-FOR-US: easyGB
CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha  ...)
	NOT-FOR-US: IDMOS
CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in Copper ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...)
	NOT-FOR-US: ASP Message Board
CVE-2007-5886
	RESERVED
CVE-2007-5885
	RESERVED
CVE-2007-5884
	RESERVED
CVE-2007-5883
	RESERVED
CVE-2007-5882
	RESERVED
CVE-2007-5881
	RESERVED
CVE-2007-5880
	RESERVED
CVE-2007-5879
	RESERVED
CVE-2007-5878
	RESERVED
CVE-2007-5877
	RESERVED
CVE-2007-5876
	RESERVED
CVE-2007-5875
	RESERVED
CVE-2007-5874
	RESERVED
CVE-2007-5873
	RESERVED
CVE-2007-5872
	RESERVED
CVE-2007-5871
	RESERVED
CVE-2007-5870
	RESERVED
CVE-2007-5869
	RESERVED
CVE-2007-5868
	RESERVED
CVE-2007-5867
	RESERVED
CVE-2007-5866
	RESERVED
CVE-2007-5865
	RESERVED
CVE-2007-5864
	RESERVED
CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ex ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypas ...)
	NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allo ...)
	NOT-FOR-US: Spin Tracer (Apple Mac OS X)
CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allo ...)
	NOT-FOR-US: Safari RSS (Apple Mac OS X)
CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 thro ...)
	NOT-FOR-US: Safari (Apple Mac OS X)
CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from acce ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does n ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has be ...)
	NOT-FOR-US: Mail (Apple Mac OS X)
CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HT ...)
	NOT-FOR-US: Launch Services (Apple Mac OS X)
CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4. ...)
	NOT-FOR-US: IO Storage Family (Apple Mac OS X)
CVE-2007-5852
	RESERVED
CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attacke ...)
	NOT-FOR-US: iChat (Apple Mac OS X)
CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4. ...)
	NOT-FOR-US: Desktop Services (Apple Mac OS X)
CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...)
	{DSA-1437-1}
	- cupsys 1.3.5-1 (medium; bug #457453)
	- cups 1.3.5-1 (medium; bug #457453)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin u ...)
	- cupsys 1.2.0
	- cups 1.2.0
	NOTE: This only affects the Cups 1.1 series
	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in Cor ...)
	NOT-FOR-US: Core Foundation (Apple Mac OS X)
CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote a ...)
	{DSA-1483-1 DTSA-88-1}
	- net-snmp 5.4.1~dfsg-1
	NOTE: 5.4.1 already includes a fix by the upstream author
CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...)
	NOT-FOR-US: GuppY
CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 a ...)
	NOT-FOR-US: GuppY
CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in scWi ...)
	NOT-FOR-US: scWiki
CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1. ...)
	NOT-FOR-US: Vortex Portal
CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard  ...)
	NOT-FOR-US: nuBoard
CVE-2007-5840 (PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.i ...)
	NOT-FOR-US: SyndeoCMS
CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 a ...)
	NOT-FOR-US: Symantec
CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, a ...)
	{DSA-1477-1}
	- yarssr 0.2.2-3 (bug #448721)
CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote  ...)
	NOT-FOR-US: Amazing Flash AFCommerce
CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication  ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows re ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarke ...)
	NOT-FOR-US: BosDev BosMarket Business Directory System
CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before  ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer bef ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya Mes ...)
	NOT-FOR-US: Avaya Messaging Storage Server
CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10. ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-5828
	- python-django 1.2.1 (unimportant)
	NOTE: this is documented in docs/csrf.txt included in the python-django package and
	NOTE: there is a plugin enabling this feature. This is intended behaviour pre-1.2.
	NOTE: https://docs.djangoproject.com/en/1.10/ref/csrf/#using-csrf
CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...)
	{DTSA-106-1}
	- iscsitarget 0.4.15-5 (bug #448873)
	NOTE: init script has "dump" function, which marks conffile correctly
CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX c ...)
	NOT-FOR-US: EDraw Flowchart
CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c i ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1 (bug #459961)
CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allo ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.1 (bug #459961)
CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 an ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng Scri ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...)
	NOT-FOR-US: DM Guestbook
CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS (Ax ...)
	NOT-FOR-US: Ax Developer CMS
CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php  ...)
	NOT-FOR-US: sBlog
CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX c ...)
	NOT-FOR-US: WebCacheCleaner
CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunc ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ISPwor ...)
	NOT-FOR-US: ISPworker
CVE-2007-5812 (Directory traversal vulnerability in modules/Builder/DownloadModule.ph ...)
	NOT-FOR-US: ModuleBuilder
CVE-2007-5811
	NOT-FOR-US: phpMyConferences
CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminex ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 t ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule com ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal
CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX  ...)
	NOT-FOR-US: SSReader
CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in Services/Utilities/classes ...)
	NOT-FOR-US: ILIAS
CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 <removed> (low; bug #482445)
	- nagios3 3.0.2-1 (low; bug #485439)
CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf Technologie ...)
	NOT-FOR-US: Firewolf Technologies Synergiser
CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has u ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPr ...)
	NOT-FOR-US: BackUpWordPress
CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/ ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigat ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ex ...)
	- geronimo <itp> (bug #481869)
CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in  ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked  ...)
	{DSA-1430-1}
	- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local user ...)
	- ircii-pana <removed> (low; bug #449149)
	[etch] - ircii-pana <no-dsa> (Minor issue)
	[sarge] - ircii-pana <no-dsa> (Minor issue)
CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when enable-lo ...)
	{DTSA-79-1}
	- emacs22 22.1+1-2.1 (medium; bug #449008)
	NOTE: Emacs 21 is not affected
CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/ ...)
	NOT-FOR-US: Stonesoft StoneGate IPS
CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP pack ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify  ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequ ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Micro Login System
CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 al ...)
	NOT-FOR-US: GoSamba
CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 al ...)
	NOT-FOR-US: JobSite
CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro  ...)
	NOT-FOR-US: CaupoShop Pro
CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows re ...)
	NOT-FOR-US: emagiC cms
CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows r ...)
	NOT-FOR-US: FireConfig
CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0 ...)
	NOT-FOR-US: Sige
CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in t ...)
	NOT-FOR-US: teatro
CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in  ...)
	NOT-FOR-US: Gretech Online Movie Player
CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the Retinax ...)
	NOT-FOR-US: Mobile Spy
CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information und ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar Produ ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute a ...)
	NOT-FOR-US: BitDefender
CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote attac ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the Fi ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5772 (Direct static code injection vulnerability in the download module in F ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrat ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, an ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1
	- ruby1.8 1.8.6.111-1 (low; bug #451374)
CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit  ...)
	- netkit-ftp <not-affected> (Vulnerable code not present)
CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password informati ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application (clntrust.e ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-5765
	RESERVED
CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2,  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5763
	REJECTED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, al ...)
	NOT-FOR-US: Novell NetWare Client
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 h ...)
	NOT-FOR-US: Motorola netOctopus
CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver befor ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5759
	REJECTED
CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration Ser ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal Data ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
	NOT-FOR-US: WinPcap
CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control  ...)
	NOT-FOR-US: AOL Radio
CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php  ...)
	NOT-FOR-US: phpFaber
CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) befor ...)
	NOT-FOR-US: Light FMan PHP
CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does  ...)
	NOT-FOR-US: PHP-AGTC Membership
CVE-2007-5750
	RESERVED
CVE-2007-5749
	RESERVED
CVE-2007-5748
	RESERVED
CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers  ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allo ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5744
	RESERVED
CVE-2007-5743 (viewvc 1.0.3 allows improper access control to files in a repository w ...)
	- viewvc 1.0.3-2.1 (bug #416696)
CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for W ...)
	{DSA-1421-1 DTSA-90-1}
	- wesnoth 1:1.2.8-1 (medium; bug #453500)
CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers  ...)
	{DSA-1405-2 DSA-1405-1}
	- zope-cmfplone 2.5.2-2 (bug #449523)
	[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
	NOTE: Fix available:
	NOTE: http://plone.org/about/security/advisories/cve-2007-5741
CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies OwnSer ...)
	NOT-FOR-US: Anteco Visual Technologies OwnServer
CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service (crash ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is provide ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive informat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ema ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth con ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community st ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file locati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in XO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document roo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2379
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password prot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail Ret ...)
	{DSA-1398-1 DTSA-84-1}
	- perdition 1.17.1-1 (medium; bug #448853)
CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opm ...)
	{DTSA-107-1}
	- liferea 1.4.6-1 (low; bug #448850)
	[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	NOTE: this file can contain credentials for rss feeds
CVE-2007-5739 (Directory traversal vulnerability in component/flashupload/download.js ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side protect ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in Kore ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 B ...)
	NOT-FOR-US: SeeBlick
CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root w ...)
	NOT-FOR-US: eFileMan
CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows  ...)
	NOT-FOR-US: eFileMan
CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in Japanes ...)
	NOT-FOR-US: Japanese PHP Gallery Hosting
CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's Forc ...)
	NOT-FOR-US: eLouai's Force Download
CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and  ...)
	- slide-webdavclient <not-affected> (Vulnerable code is only in the server part, but debian only has the client part)
CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly  ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitr ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, a ...)
	{DSA-1693-1}
	- phppgadmin 4.1.3-0.1 (bug #449103; low)
CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in com ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allo ...)
	NOT-FOR-US: Smart-Shop
CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live a ...)
	NOT-FOR-US: Omnistar Live
CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c  ...)
	{DTSA-82-1}
	- nufw 2.2.7-1 (low)
	[etch] - nufw <not-affected> (Vulnerable code not present)
CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
	NOT-FOR-US: GlobalLink
CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in My ...)
	NOT-FOR-US: MySpacePros MySpace Resource Script
CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in Profi ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...)
	NOT-FOR-US: miniBB
CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded L ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality  ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log me ...)
	- denyhosts 2.6-2 (low)
	[etch] - denyhosts <no-dsa> (Minor issue)
	NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch
CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account w ...)
	- mldonkey <not-affected> (Gentoo-specific packaging flaw)
CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...)
	NOT-FOR-US: Half-Life Server
CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1 ...)
	{DSA-1640-1}
	- python-django 0.96-1.1 (low; bug #448838)
CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows remot ...)
	NOT-FOR-US: Conflict
CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.ph ...)
	- wordpress 2.3.1-1 (unimportant)
	NOTE: requires register_globals On, which we don't support
CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...)
	NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
	- vobcopy 1.0.2-1 (low; bug #448319)
	[etch] - vobcopy <no-dsa> (Minor issue)
	[sarge] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles Direc ...)
	NOT-FOR-US: Jeebles
CVE-2007-5705 (Unspecified vulnerability in the Settings component in the administrat ...)
	NOT-FOR-US: Jeebles
CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...)
	NOT-FOR-US: CodeWidgets
CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk ...)
	NOT-FOR-US: RSA KEON
CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions  ...)
	NOT-FOR-US: SWAMP OpenSUSE
CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) i ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security Analyze ...)
	NOT-FOR-US: eIQNetworks
CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark GO ...)
	NOT-FOR-US: CREApark GOLD KOY PORTALI
CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 al ...)
	NOT-FOR-US: phpImage
CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic al ...)
	NOT-FOR-US: phpBasic
CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows rem ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448690)
	NOTE: there is no real exploit scenario
CVE-2007-5694 (Absolute path traversal vulnerability in the translation module (trans ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5693 (Eval injection vulnerability in the translation module (translator.php ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 a ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448689)
CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers  ...)
	- iceweasel 2.0.0.8-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5690
	- zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763)
	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) i ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the Multi-F ...)
	NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...)
	- shadow <unfixed> (unimportant)
	NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
	NOTE: unknown usernames are not recorded on login failures
CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers t ...)
	NOT-FOR-US: shttp
CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and e ...)
	- tikiwiki <removed>
CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8. ...)
	- tikiwiki <removed>
CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWi ...)
	- tikiwiki <removed>
CVE-2007-5681
	RESERVED
CVE-2007-5680
	RESERVED
CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configur ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow lo ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in MyMarke ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify pac ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without roo ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in Mo ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in Op ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative settin ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to back ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbit ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and pos ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreel ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which all ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (O ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail int ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 all ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.d ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in SonicW ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in Script-Sh ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communic ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block atta ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically bl ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web r ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user s ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows r ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a denia ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a d ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V authentic ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2324 (The "System Restore" directory and subdirectories, and possibly other  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access contro ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ad ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email mes ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews allow ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.10 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociR ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7. ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ta ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other domain ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2313 (Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote atta ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web docu ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ter ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix  ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of se ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1 (medium; bug #440632)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, w ...)
	{DSA-1541-1 DTSA-87-1}
	- openldap2.3 2.3.39-1 (medium; bug #448644)
CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer w ...)
	NOT-FOR-US: British Telecommunications Consumer webhelper
CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug- ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.9 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a defau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast Arbei ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in cpCommerc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP Manag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Be ...)
	NOT-FOR-US: DM CMS
CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows rem ...)
	NOT-FOR-US: phpBasic
CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hac ...)
	NOT-FOR-US: Hackish
CVE-2007-5676 (PHP remote file inclusion vulnerability in modules/Forums/favorites.ph ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm Ap ...)
	NOT-FOR-US: MultiXTpm Application Server
CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ( ...)
	NOT-FOR-US: InstaGuide Weather
CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...)
	NOT-FOR-US: ifnet WebIf
CVE-2007-5672
	RESERVED
CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before  ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-5670
	REJECTED
CVE-2007-5669
	RESERVED
CVE-2007-5668
	RESERVED
CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...)
	NOT-FOR-US: Novell Client
CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1  ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management  ...)
	NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5662
	RESERVED
CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) Ac ...)
	NOT-FOR-US: Macrovision InstallShield
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in isu ...)
	NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlie ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ea ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger u ...)
	NOT-FOR-US: LiteSpeed
CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do no ...)
	- php5 <not-affected> (windows only)
CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol (E ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 all ...)
	NOT-FOR-US: ReloadCMS
CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Di ...)
	NOT-FOR-US: Creative Digital Resources SocketMail
CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rN ...)
	NOT-FOR-US: rnote
CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5  ...)
	NOT-FOR-US: SocketKB
CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines F ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges fo ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ea ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project Mana ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote  ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support Incid ...)
	NOT-FOR-US: Salford Software Support Incident Tracke
CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on  ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on  ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 th ...)
	NOT-FOR-US: Solaris
CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...)
	NOT-FOR-US: PeopleAggregator
CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.1 ...)
	NOT-FOR-US: BBsProcesS BBPortalS
CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in Shoppin ...)
	NOT-FOR-US: ShoppingTree CandyPress Store #
CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The On ...)
	NOT-FOR-US: TOWeLS
CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php i ...)
	NOT-FOR-US: Socketmail
CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MyS ...)
	- bacula 5.0.0-1 (unimportant; bug #446809)
	NOTE: this script needs the default database password and name needs to be set which
	NOTE: would be a bigger problem in a non-trusted environment. Apart from
	NOTE: this is documented in the bacula documentation
	NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected
CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site S ...)
	NOT-FOR-US: Site Search SearchSimon Lite
CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 all ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.9-1.1 (low; bug #448371)
CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins (nagios-p ...)
	{DSA-1495-1}
	- nagios-plugins 1.4.8-2.2 (medium; bug #448372)
	[sarge] - nagios-plugins <not-affected> (Vulnerable code not present)
CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6. ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allo ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incom ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to caus ...)
	NOT-FOR-US: SonicWall Pro
CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read arbitrar ...)
	NOT-FOR-US: Truegalerie
CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...)
	NOT-FOR-US: Truegalerie
CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4 ...)
	NOT-FOR-US: Phorum
CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full pa ...)
	NOT-FOR-US: Phorum
CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to by ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base stati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write pe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust Exce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 throug ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ex ...)
	NOT-FOR-US: HP-UX
CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the destina ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and tt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer functi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption alg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue 5.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files wit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores pass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthentic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the challe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in 3prox ...)
	- 3proxy <itp> (bug #718219)
CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token modul ...)
	NOT-FOR-US: Token Drupal
	NOTE: Token is not included in the drupal packages
CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashCha ...)
	NOT-FOR-US: ZZ:FlashChat
CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user pa ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5618 (Unquoted Windows search path vulnerability in the Authorization and ot ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0  ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
	NOT-FOR-US: SSH Tectia Client and Server
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows r ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote  ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Je ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers  ...)
	NOT-FOR-US: IBM Director
CVE-2007-5611
	RESERVED
CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr Active ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5609
	RESERVED
CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX co ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5607 (Buffer overflow in the RegistryString function in the HPISDataManagerL ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5606 (Buffer overflow in the MoveFile function in the HPISDataManagerLib.Dat ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5605 (Buffer overflow in the GetFileTime function in the HPISDataManagerLib. ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5604 (Buffer overflow in the ExtractCab function in the HPISDataManagerLib.D ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELau ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5 ...)
	NOT-FOR-US: SwiftView Viewer
CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll  ...)
	NOT-FOR-US: RealPlayer (windows only issue)
CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 an ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...)
	NOT-FOR-US: awrate
CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x  ...)
	- drupal5 <not-affected> (bug #447748)
	- drupal <not-affected> (bug #447746)
	NOTE: drupal weblinks is not included in the drupal package in debian
CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3  ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in includes/c ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection a ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ser ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...)
	NOT-FOR-US: awzMB
CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Ch ...)
	NOT-FOR-US: Nortel Enterprise VoIP-Core-CS
CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote attacke ...)
	NOT-FOR-US: Miranda
CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43  ...)
	{DTSA-103-1}
	- mnogosearch 3.3.4-4.1 (low; bug #447753)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
	[etch] - mnogosearch <no-dsa> (Minor issue)
CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5586
	REJECTED
CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without xscreensaver-gl-ex ...)
	{DTSA-83-1}
	- xscreensaver 5.03-3.1 (medium; bug #448157)
	[etch] - xscreensaver <not-affected> (Vulnerable code not present)
	[sarge] - xscreensaver <not-affected> (Vulnerable code not present)
CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2 ...)
	NOT-FOR-US: Cisco
CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco Ci ...)
	NOT-FOR-US: Cisco
CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/m ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 befo ...)
	NOT-FOR-US: Cisco
CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the director ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to impor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin Streami ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS Syste ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1411 (PHP remote file inclusion vulnerability in emailreader_execute_on_each ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the so ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c32d999eb16a9e2748a834e3ad722cc4d33f7dd5
CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when res ...)
	NOT-FOR-US: Pligg CMS
CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirec ...)
	- acidbase 1.3.8 (low)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterpr ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allo ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 all ...)
	NOT-FOR-US: PHPDJPHPDJ
CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php i ...)
	- limesurvey <itp> (bug #472802)
CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple P ...)
	NOT-FOR-US: SPHPBlog
CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier,  ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier,  ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configure ...)
	NOT-FOR-US: Cisco
CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2007-5567 (PHP remote file inclusion vulnerability in _lib/fckeditor/upload_confi ...)
	- moin <not-affected> (Does not contain the vulnerable code)
	- karrigell <not-affected> (Does not contain the vulnerable code)
	- knowledgeroot <not-affected> (Does not contain the vulnerable code)
CVE-2007-5566
	NOT-FOR-US: PHPBlog
CVE-2007-5565
	NOT-FOR-US: phpSCMS
CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (forme ...)
	NOT-FOR-US: NSSboard
CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote at ...)
	NOT-FOR-US: VirtueMart
CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the l ...)
	NOT-FOR-US: Netgear firmware
CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...)
	NOT-FOR-US: Oracle
CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote a ...)
	NOT-FOR-US: Juniper HTTP Service
CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows  ...)
	NOT-FOR-US: IBM ThinkVantage TPM Service
CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to c ...)
	NOT-FOR-US: LG Mobile handset
CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote atta ...)
	NOT-FOR-US: NEC mobile handset
CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote atta ...)
	NOT-FOR-US: Avaya VoIP Handset
CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution allo ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via cr ...)
	NOT-FOR-US: Oracle
CVE-2007-5553
	REJECTED
CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute arbit ...)
	NOT-FOR-US: Cisco
CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute arbit ...)
	NOT-FOR-US: Cisco
CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to obta ...)
	NOT-FOR-US: Cisco
CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local us ...)
	NOT-FOR-US: Cisco
CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS all ...)
	NOT-FOR-US: Cisco
CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote at ...)
	NOT-FOR-US: Cisco
CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remot ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote attacke ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-5543 (Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remot ...)
	NOT-FOR-US: Miranda
CVE-2007-5542 (Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attacker ...)
	NOT-FOR-US: Miranda
CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module fo ...)
	NOT-FOR-US: PhpNuke
CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...)
	- eject 2.0.13-1
CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts fals ...)
	NOT-FOR-US: Cisco
CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote at ...)
	NOT-FOR-US: Opera
CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to  ...)
	NOT-FOR-US: KaZaA Media Desktop
CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information su ...)
	NOT-FOR-US: CoffeeCup Software Password Wizard
CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to caus ...)
	NOT-FOR-US: Gupta SQLBase
CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to e ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the p ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byt ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without war ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to cr ...)
	NOT-FOR-US: Opera
CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, a ...)
	NOT-FOR-US: Opera
CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ob ...)
	NOT-FOR-US: AXIS 2400 Video Server
CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ex ...)
	NOT-FOR-US: Invision Power Board
CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1 ...)
	NOT-FOR-US: PY-Livredor
CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: WEB-ERP
CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to  ...)
	NOT-FOR-US: ISMail
CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Val ...)
	NOT-FOR-US: AMX Half-Life Server
CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 allow ...)
	NOT-FOR-US: BisonFTP Server
CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obt ...)
	NOT-FOR-US: clarkconnectd
CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD)  ...)
	NOT-FOR-US: Smart IRC Daemon
CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected Z ...)
	NOT-FOR-US: WinZip 8.0
CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local  ...)
	NOT-FOR-US: HP-UX 10.20
CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to exec ...)
	NOT-FOR-US: HP-UX 11.0
CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to  ...)
	NOT-FOR-US: KaZaA Media Desktop
CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows rem ...)
	NOT-FOR-US: Immobilier
CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in MyPHPLin ...)
	NOT-FOR-US: MyPHPLinks
CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...)
	NOT-FOR-US: ShopFactory
CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify  ...)
	NOT-FOR-US: ShopFactory
CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...)
	NOT-FOR-US: Lawson Financials
CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com N ...)
	NOT-FOR-US: 3Com NBX ftpd
CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware 0. ...)
	NOT-FOR-US: Thatware
CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3  ...)
	NOT-FOR-US: Thatware
CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5 ...)
	NOT-FOR-US: Thatware
CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bul ...)
	NOT-FOR-US: YABB
CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allow ...)
	NOT-FOR-US: Pico Server
CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, E ...)
	NOT-FOR-US: Symantec Raptor
CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...)
	NOT-FOR-US: Webshots Desktop screensaver
CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon  ...)
	NOT-FOR-US: Remote Console Applet in Halycon
CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Calisto Internet Talker
CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows r ...)
	NOT-FOR-US: BadBlue
CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the physica ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB A ...)
	NOT-FOR-US: phpBB Advanced Quick Reply Hack
CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote  ...)
	NOT-FOR-US: apt-www-proxy
CVE-2002-2285 (eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may  ...)
	NOT-FOR-US: eTrust
CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to bypa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not r ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searc ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP addre ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap  ...)
	NOT-FOR-US: aldap
CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in Po ...)
	NOT-FOR-US: PortailPHP
CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...)
	NOT-FOR-US: PortailPHP
CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physi ...)
	NOT-FOR-US: PHP Board
CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the W ...)
	NOT-FOR-US: Fortres
CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the akfing ...)
	NOT-FOR-US: akfingerd
CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 thr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Con ...)
	NOT-FOR-US: BigFun
CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, an ...)
	NOT-FOR-US: HP-UX
CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to exec ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitra ...)
	- bogofilter 0.9.0.5
CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeetin ...)
	NOT-FOR-US: NetScreen
CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of O ...)
	NOT-FOR-US: Open Source Internet Solutions
CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...)
	NOT-FOR-US: Internet Group Management Protocol
CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 run ...)
	NOT-FOR-US: HP-UX Visualize Conference
CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...)
	NOT-FOR-US: HP-UX xntpd
CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relayi ...)
	- sendmail 8.12.7
CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in Mozil ...)
	{DSA-218}
	- bugzilla 2.14.2-1
CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in S ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1244 (Computer Associates InoculateIT Agent for Exchange Server does not rec ...)
	NOT-FOR-US: Exchange Server
CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an "externa ...)
	NOT-FOR-US: Opera
CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact Managem ...)
	NOT-FOR-US: Cisco
CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1  ...)
	NOT-FOR-US: Cisco
CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11. ...)
	NOT-FOR-US: HP-UX
CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown im ...)
	NOT-FOR-US: RunCms
CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft En ...)
	NOT-FOR-US: Oracle
CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle Peop ...)
	NOT-FOR-US: Oracle
CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle Peop ...)
	NOT-FOR-US: Oracle
CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle Ap ...)
	NOT-FOR-US: Oracle
CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications  ...)
	NOT-FOR-US: Oracle
CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...)
	NOT-FOR-US: Oracle
CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...)
	NOT-FOR-US: Oracle
CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle
CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle
CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle
CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt &amp; Notificatio ...)
	NOT-FOR-US: Oracle
CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have  ...)
	NOT-FOR-US: Oracle
CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, an ...)
	NOT-FOR-US: Oracle
CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in Or ...)
	NOT-FOR-US: Oracle
CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database b ...)
	NOT-FOR-US: Oracle
CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager componen ...)
	NOT-FOR-US: Oracle
CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia applic ...)
	NOT-FOR-US: Oracle
CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component  ...)
	NOT-FOR-US: Oracle
CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8 ...)
	NOT-FOR-US: Oracle
CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...)
	NOT-FOR-US: Oracle
CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote a ...)
	{DSA-1542-1 DTSA-96-1}
	- libcairo 1.4.10-1.1 (medium; bug #453686)
CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does  ...)
	NOT-FOR-US: OpenSSL Fips object module
CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux  ...)
	- linux-2.6 2.6.23-1 (high)
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 che ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-2
CVE-2007-5499
	REJECTED
CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when  ...)
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 all ...)
	{DSA-1422-1 DTSA-95-1}
	- e2fsprogs 1.40.3-1 (bug #454760)
CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allow ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitr ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...)
	- linux-2.6 <not-affected> (RedHat specific patch)
CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-5492 (Static code injection vulnerability in the translation module (transla ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5491 (Directory traversal vulnerability in the translation module (translato ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2. ...)
	NOT-FOR-US: Okul Otomasyon Portal
CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allo ...)
	NOT-FOR-US: COWON America jetAudioc
CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...)
	NOT-FOR-US: dotProject
CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for Kws ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows lo ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTe ...)
	NOT-FOR-US: Sun firmware
CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attacker ...)
	- dcc <not-affected> (vulnerable code introduced in 1.3.65)
CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge Innov ...)
	NOT-FOR-US: ZInnovaAge InnovaShop
CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer al ...)
	NOT-FOR-US: Xcomputer
CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbea ...)
	NOT-FOR-US: Sbportal
CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...)
	NOT-FOR-US: djeyl.net WebMod
CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier,  ...)
	NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in L ...)
	NOT-FOR-US: Linksys WAP4400N Wi-Fi access point
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware 2. ...)
	NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when runnin ...)
	- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
	NOT-FOR-US: HIPS
CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through  ...)
	- phpbb2 <not-affected> (phpbb was the vulnerable one)
CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in myPHPN ...)
	NOT-FOR-US: myPHPNuke
CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote attacker ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote attacker ...)
	NOT-FOR-US: ByteCatcher FTP client
CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...)
	NOT-FOR-US: 32bit FTP client
CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and possib ...)
	NOT-FOR-US: Majordomo
CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions  ...)
	NOT-FOR-US: OpenBSD 2.0
CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does  ...)
	NOT-FOR-US: CGI::Lite 2.0
CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versi ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configu ...)
	NOT-FOR-US: HP-UX
CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli St ...)
	NOT-FOR-US: HP-UX
CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) land ...)
	NOT-FOR-US: HP-UX
CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...)
	NOT-FOR-US: HP-UX
CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variabl ...)
	NOT-FOR-US: HP-UX
CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk- ...)
	- asterisk-addons 1.4.4-1
CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUS ...)
	- libgssapi 0.8-1
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
	NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469
	- openser 1.3.0-1 (unimportant; bug #446956)
	NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest authenticati ...)
	NOT-FOR-US: Cisco
CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote attacker ...)
	NOT-FOR-US: eXtremail
CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote  ...)
	NOT-FOR-US: eXtremail
CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...)
	NOT-FOR-US: doop CMS
CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allow ...)
	NOT-FOR-US: Live for Speed
CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta a ...)
	NOT-FOR-US: ViArt Shop
CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library (lib ...)
	NOT-FOR-US: Solaris
CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak enc ...)
	NOT-FOR-US: Microsoft ActiveSync
CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in t ...)
	NOT-FOR-US: MouseoverDictionary
CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0  ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to b ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 an ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing Sys ...)
	NOT-FOR-US: PHP File Sharing
CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow rem ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-S ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the com_ ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouc ...)
	NOT-FOR-US: Apple firmware
CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes Por ...)
	NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial  ...)
	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
	NOT-FOR-US: ionCube
CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: PBEmail
CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX  ...)
	NOT-FOR-US: VImpX
CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full pat ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5440
	NOT-FOR-US: Crs Manager
CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stor ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...)
	- vmware-package <not-affected> (Windows only)
CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM (Threa ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL  ...)
	NOT-FOR-US: G DATA Antivirus
CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFus ...)
	NOT-FOR-US: CA ERwin Process Modeler
CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earl ...)
	NOT-FOR-US: PRO-search
CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Si ...)
	NOT-FOR-US: Site-Up
CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the pa ...)
	NOT-FOR-US: Stride
CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 conta ...)
	NOT-FOR-US: Stride module
CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote atta ...)
	NOT-FOR-US: Stride
CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01  ...)
	NOT-FOR-US: Nucleus
CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote atta ...)
	NOT-FOR-US: UMI CMS
CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component i ...)
	NOT-FOR-US: Joomla!
CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5 ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB  ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to bypas ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: if the function is blacklisted but not its alias it is a configuration
	NOTE: issue of the site not a vulnerability in php
CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ex ...)
	- tikiwiki <removed>
CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security  ...)
	NOT-FOR-US: Solaris Auditing
CVE-2007-5421
	REJECTED
CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote manag ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an  ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 al ...)
	NOT-FOR-US: CARE2X
CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka bM ...)
	NOT-FOR-US: boastMachine
CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the inpu ...)
	- drupal5 <unfixed> (unimportant; bug #446887)
	- drupal <unfixed> (unimportant)
	NOTE: The underlying PHP issue has been fixed in DSA 1206.
	NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when  ...)
	- iceweasel <removed> (unimportant)
	NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
	NOTE: equivalent strings in UTF-7
	NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
	NOTE: CVE-2007-5414, mailed mitre
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...)
	- iceweasel 2.0+dfsg-1
CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Ph ...)
	NOT-FOR-US: Linksys
CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in t ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in  ...)
	NOT-FOR-US: NuSEO
CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...)
	NOT-FOR-US: cpDynaLinks
CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the JContentSubs ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Auto ...)
	NOT-FOR-US: KeyView
CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the A ...)
	NOT-FOR-US: KeyView
CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on whethe ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox  ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ( ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton  ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...)
	NOT-FOR-US: KeyView
CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in nm ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high)
CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka APServ ...)
	NOT-FOR-US: activePDF Server
CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...)
	NOT-FOR-US: Miranda
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in tokenize. ...)
	{DSA-1432-1}
	- link-grammar 4.2.5-1 (medium; bug #450695)
CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for Em ...)
	NOT-FOR-US: ProxyView
CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 th ...)
	NOT-FOR-US: HP-UX
CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 a ...)
	NOT-FOR-US: Battlefield
CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...)
	NOT-FOR-US: Battlefield
CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach Projec ...)
	NOT-FOR-US: Outreach
CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login an ...)
	- gabber 0.8.8-1
	- gabber2 <not-affected> (No code to send data to update@jabber.org)
CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...)
	NOT-FOR-US: EditTag
CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by i ...)
	NOT-FOR-US: List Site Pro 2.0
CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...)
	NOT-FOR-US: NITE ftp-server
CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org  ...)
	NOT-FOR-US: Guestbook
CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 a ...)
	NOT-FOR-US: Geeklog
CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allo ...)
	NOT-FOR-US: DWL-900AP
CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00  ...)
	NOT-FOR-US: WebCollection
CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote at ...)
	NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 mi ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows re ...)
	NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 an ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service (cr ...)
	NOT-FOR-US: Moby NetSuite
CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c f ...)
	NOT-FOR-US: libcgi
	NOTE: this is another libcgi than the one we ship
CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...)
	NOT-FOR-US: pWins
CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3  ...)
	- phpbb2 2.0.13-6sarge3
	NOTE: might be fixed in prior versions
CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in  ...)
	- linux-2.6 <not-affected> (Fixed before initial upload into the archive, during 2.4)
CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier  ...)
	- libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded)
CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earl ...)
	NOT-FOR-US: Thatware
CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos Lui ...)
	NOT-FOR-US: Marcos Luiz Onisto
CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allo ...)
	NOT-FOR-US: Sybase
CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows r ...)
	NOT-FOR-US: News Evolution
CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class  ...)
	NOT-FOR-US: Netscape
CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allow ...)
	NOT-FOR-US: Mambo
	NOTE: mambo is in experimental
CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before 3. ...)
	NOT-FOR-US: VisNetic Website
CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a dig ...)
	NOT-FOR-US: NetBSD ftpd
CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...)
	NOT-FOR-US: Akfingerd
CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...)
	NOT-FOR-US: Akfingerd
CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file pe ...)
	NOT-FOR-US: Apple Package Manager of KisMAC
CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3. ...)
	NOT-FOR-US: Deerfield VisNetic WebSite
CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remo ...)
	NOT-FOR-US: MyServer
CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600  ...)
	NOT-FOR-US: Cisco
CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...)
	NOT-FOR-US: Kunani ODBC FTP Server
CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: tftp32 TFTP
CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy 0 ...)
	NOT-FOR-US: apt-www-proxy
CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict  ...)
	NOT-FOR-US: vBulletin
CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the  ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...)
	NOT-FOR-US: Enceladus Server Suite
CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers  ...)
	NOT-FOR-US: Enceladus Server Suite
CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows rem ...)
	NOT-FOR-US: Ikonboard
CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows rem ...)
	NOT-FOR-US: Ikonboard
CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53  ...)
	NOT-FOR-US: WebReflex
CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers  ...)
	- mailscanner 4.22.5-1
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-2 (low; bug #448664)
	- tomcat5 <removed>
	NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010  ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0 ...)
	NOT-FOR-US: PicoFlat
CVE-2007-5389
	NOT-FOR-US: Joomla! extension
CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 a ...)
	NOT-FOR-US: WebDesktop
CVE-2007-5387 (PHP remote file inclusion vulnerability in active/components/xmlrpc/cl ...)
	NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMy ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1 (bug #446451)
	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/27d5467dc3ba6e594d5e5cd291a908b48464e289
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alc ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Thom ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub  ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...)
	NOT-FOR-US: CiscoWorks
CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco  ...)
	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...)
	- rails 1.2.5-1
CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...)
	- rails 1.2.5-1
	[etch] - rails <not-affected> (Vulnerable code not present)
CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolk ...)
	{DSA-1743-1 DSA-1416-1 DSA-1415-1}
	- tk8.3 8.3.5-10 (medium; bug #446465)
	- tk8.4 8.4.16-1 (medium)
	- libtk-img 1.3-release-8 (medium)
CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functi ...)
	- tramp <not-affected> (the version we ship still uses make-temp-file)
	- emacs22 <not-affected> (the version we ship still uses make-temp-file)
CVE-2007-5376
	RESERVED
CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows u ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrati ...)
	NOT-FOR-US: LightBlog
CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument wh ...)
	{DSA-1517-1 DTSA-68-1}
	- ldapscripts 1.7.1-2 (bug #445582; medium)
CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through  ...)
	- sql-ledger <unfixed> (unimportant; bug #446366)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php i ...)
	NOT-FOR-US: MODx
CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewswe ...)
	NOT-FOR-US: NetWin
CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in Co ...)
	NOT-FOR-US: conflict
CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions i ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c  ...)
	{DSA-1388-3 DSA-1388-1}
	- dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354)
	- dhcp3 <not-affected> (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c)
	NOTE: dhcp has a request for removal #446386
CVE-2007-5364
	NOT-FOR-US: ViArt Shopping Cart
CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde  ...)
	NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and  ...)
	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...)
	NOT-FOR-US: OpenPegasus Management server
CVE-2007-5359
	RESERVED
CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk 1 ...)
	- asterisk 1:1.4.13~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
CVE-2007-5357
	REJECTED
CVE-2007-5356
	REJECTED
CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Expl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5354
	REJECTED
CVE-2007-5353
	REJECTED
CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem Servic ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) si ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5349
	REJECTED
CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
	REJECTED
CVE-2007-5345
	REJECTED
CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5343
	REJECTED
CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache To ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-4 (low; bug #458237)
	- tomcat5 <not-affected> (Vulnerable code not present)
CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla Firefo ...)
	- iceweasel 2.0.0.8-1
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox b ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5 (high)
	NOTE: MFSA2007-29
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbir ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (bug #447734; high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5
	NOTE: MFSA2007-29
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...)
	{DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-35
CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when runnin ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-34
CVE-2007-5336
	REJECTED
CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain s ...)
	{DSA-1396-1}
	- iceweasel 2.0.0.8-1 (low)
	NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove
	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-33
CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 th ...)
	- tomcat5.5 5.5.26-1 (low; bug #465645)
	- tomcat5 <removed>
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA BrightS ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01  ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message Engin ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5324
	REJECTED
CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote atta ...)
	NOT-FOR-US: RepliStor Server Service
CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX cont ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control Pan ...)
	NOT-FOR-US: Verlihub Control Panel
CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging Im ...)
	NOT-FOR-US: Imaging ImagXpress
CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...)
	NOT-FOR-US: Solaris
CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 all ...)
	NOT-FOR-US: Typolight webCMS
CVE-2007-5317
	REJECTED
CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recr ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9 ...)
	NOT-FOR-US: LiveAlbum
CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in x ...)
	NOT-FOR-US: xKiosk WEB
CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in Pictu ...)
	NOT-FOR-US: Picturesolution
CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in To ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in t ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm)  ...)
	NOT-FOR-US: phpHPm)
CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input d ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta  ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS  ...)
	NOT-FOR-US: SnewsCMS
CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System Manag ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-5300 (Off-by-one error in the do_login_loop function in libwzd-core/wzd_logi ...)
	{DSA-1452-1}
	- wzdftpd 0.8.2-2.1 (medium; bug #446192)
CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, a ...)
	NOT-FOR-US: SkaDate
CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion a ...)
	NOT-FOR-US: CMS Creamotion
CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 al ...)
	NOT-FOR-US: Minki
CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp  ...)
	NOT-FOR-US: dbList
CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a ...)
	NOT-FOR-US: Wikepage Opus
CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0 ...)
	NOT-FOR-US: IDMOS
CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta  ...)
	NOT-FOR-US: IDMOS
CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Im ...)
	NOT-FOR-US: Directory Image Gallery
CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...)
	NOT-FOR-US: DB Manager
CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirec ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in input/vorbis/vor ...)
	{DSA-1538-1 DTSA-66-1}
	- alsaplayer 0.99.80~rc4-1 (low; bug #446034)
CVE-2007-5288
	REJECTED
CVE-2007-5287
	REJECTED
CVE-2007-5286
	REJECTED
CVE-2007-5285
	REJECTED
CVE-2007-5284
	REJECTED
CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor  ...)
	NOT-FOR-US: Hitachi TPBroker
CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library S ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Deve ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...)
	NOT-FOR-US: Appfuse
CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21  ...)
	NOT-FOR-US: PowerArchiver
CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information und ...)
	NOT-FOR-US: Zomplog
CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed connectio ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP p ...)
	NOT-FOR-US: Opera
CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause  ...)
	- flashplugin-nonfree 9.0.115.0.1 (bug #449110)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allo ...)
	NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...)
	NOT-FOR-US: Trionic Cite CMS
CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5. ...)
	- drupal <not-affected> (does not ship this module)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
	- libpng 1.2.15~beta5-3 (low; bug #446308)
	[sarge] - libpng <no-dsa> (Minor issue)
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) log ...)
	- libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19)
CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1 ...)
	NOT-FOR-US: Dawn of Time
CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online accou ...)
	NOT-FOR-US: Battlefront
CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier al ...)
	NOT-FOR-US: Battlefront
CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 a ...)
	NOT-FOR-US: Battlefront
CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has  ...)
	NOT-FOR-US: Tincan Limited PHPlist
CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attac ...)
	NOT-FOR-US: Mega Upload Progress Bar
CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in Cryst ...)
	NOT-FOR-US: Crystal Enterprise
CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" (help.ph ...)
	- horde2 <removed>
CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in PHProje ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows re ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroB ...)
	NOT-FOR-US: Zero board
CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...)
	NOT-FOR-US: NetSupport DNA HelpDesk
CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: Polar HelpDesk
CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allo ...)
	NOT-FOR-US: P4DB
CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses  ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, w ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Netbilling
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/open ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 2.6.18-1
	NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions
CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2 ...)
	NOT-FOR-US: PsTools
CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 al ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and  ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 t ...)
	NOT-FOR-US: MailEnable
CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly han ...)
	NOT-FOR-US: MailEnable
CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote a ...)
	NOT-FOR-US: MultiCart
CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: ASP-CMS
CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.0 ...)
	NOT-FOR-US: SysAid
CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...)
	NOT-FOR-US: FreeLog
CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control  ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...)
	NOT-FOR-US: FSD
CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...)
	NOT-FOR-US: Google Mini Search Appliance
CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Wr ...)
	NOT-FOR-US: VirusBlokAda Vba32 AntiVirus
CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attac ...)
	NOT-FOR-US: Cart32
CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, an ...)
	NOT-FOR-US: NetSupport Manager/School Student
CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 all ...)
	NOT-FOR-US: Helm
CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by America ...)
	NOT-FOR-US: Americas Army
CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal engine ...)
	NOT-FOR-US: Americas Army
CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 engin ...)
	NOT-FOR-US: Doom 3 engine
CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech engine ...)
	NOT-FOR-US: Monolith engine
CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2 ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446472)
CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1. ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446475)
CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8 ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE  ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE  ...)
	- sun-java6 6-03-1 (unimportant)
	- sun-java5 1.5.0-13-1 (unimportant)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
	NOTE: Leaked information hardly sensitive
CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not prop ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK a ...)
	- sun-java6 <not-affected> (Windows only)
	- sun-java5 <not-affected> (Windows only)
	- openjdk-6 <not-affected> (Windows only)
CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7. ...)
	NOT-FOR-US: Uebimiau
CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management Sy ...)
	NOT-FOR-US: Web Template Management System
CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in Zo ...)
	NOT-FOR-US: Zomplog
CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...)
	NOT-FOR-US: Zomplog
CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner Feed ...)
	NOT-FOR-US: FeedBurner FeedSmith wordpress plugin
CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription functiona ...)
	- drupal <not-affected> (does not shipt this module)
CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in messaging/cours ...)
	NOT-FOR-US: BlackBoard Learning System
CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...)
	- dircproxy 1.0.5-5.1 (low; bug #445883)
	[sarge] - dircproxy <no-dsa> (Minor issue)
	[etch] - dircproxy 1.0.5-5etch1
CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 in ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclo ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local u ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default permissi ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remo ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows lo ...)
	NOT-FOR-US: IBM DB2
CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...)
	NOT-FOR-US: Aztek Forum
CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause  ...)
	NOT-FOR-US: Chat Anywhere
CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session files ...)
	NOT-FOR-US: NessusWXdd
CVE-2004-2722
	- nessus-core <unfixed> (unimportant)
	NOTE: this is no security issue assuming correct permissions
CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public k ...)
	NOT-FOR-US: openSkat
CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz Foru ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5 ...)
	NOT-FOR-US: Foxmail
CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after installat ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in PHPMyCha ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.1 ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass aut ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows at ...)
	- wmaker 0.90-1
CVE-2004-2713
	NOT-FOR-US: ZoneAlarm
CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 a ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 all ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 all ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyac ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, w ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) befor ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 all ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN)  ...)
	- pvpgn 1.6.4+20040826-1
CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...)
	- hastymail <removed>
CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweep ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...)
	NOT-FOR-US: Plesk
CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetS ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allo ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to  ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with th ...)
	- imwheel 1.0.0pre12-1
CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...)
	NOT-FOR-US: InvScoutd
CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code (subscr ...)
	NOT-FOR-US: vBulletin
CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass intend ...)
	NOT-FOR-US: Outlook
CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installe ...)
	NOT-FOR-US: HP-UX
CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mo ...)
	NOT-FOR-US: php-exec-dir patch
CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firm ...)
	NOT-FOR-US: 3Com firmware
CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ac ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allow ...)
	NOT-FOR-US: NewsPHP
CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the developmen ...)
	- openssh <not-affected> (fixed in 2001)
CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote atta ...)
	NOT-FOR-US: CardBoard
CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows r ...)
	NOT-FOR-US: Original Photo Gallery
CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network P ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...)
	NOT-FOR-US: MAXdev
CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...)
	NOT-FOR-US: Poppawid
CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog allo ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 Activ ...)
	NOT-FOR-US: CyberLink Power DVD
CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DR ...)
	NOT-FOR-US: Don Barnes DRBGuestbook
CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...)
	NOT-FOR-US: Altnet Download Manager
CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...)
	NOT-FOR-US: eArk
CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle God ...)
	NOT-FOR-US: GodSend
CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks  ...)
	NOT-FOR-US: Peakflow
CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6 ...)
	NOT-FOR-US: Peakflow
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock  ...)
	NOT-FOR-US: CenterTools
CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1. ...)
	{DSA-1462-1 DTSA-72-1}
	- hplip 1.6.10-4.3 (medium; bug #447341)
	[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
	RESERVED
CVE-2007-5205
	RESERVED
CVE-2007-5204
	RESERVED
CVE-2007-5203
	RESERVED
CVE-2007-5202
	RESERVED
CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a com ...)
	- duplicity 0.4.3-2 (low; bug #442840)
	[etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	[sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
	NOTE: be transferred through the scp, sftp or rsync backends.
	NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html
CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE 10 ...)
	{DTSA-74-1}
	- hugin 0.6.1-1.1 (low; bug #447344)
	[etch] - hugin <no-dsa> (Minor issue)
CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows r ...)
	- libxfont 1:1.3.2-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=327854
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef
CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios Plugin ...)
	{DSA-1495-1 DTSA-67-1}
	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
	NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and  ...)
	{DSA-1397-1 DTSA-76-1}
	- mono 1.2.5.1-2
CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
	NOT-FOR-US: rMake
CVE-2007-5192
	RESERVED
CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and  ...)
	{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
	- util-linux 2.13-8 (low)
	- loop-aes-utils 2.13-2 (low)
CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVis ...)
	NOT-FOR-US: Alcatel OmniVista
CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script Gues ...)
	NOT-FOR-US: X-Script
CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17. ...)
	NOT-FOR-US: Xoops
CVE-2007-5187 (SQL injection vulnerability in infusions/calendar_events_panel/show_si ...)
	NOT-FOR-US: Php-Fusion
CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8. ...)
	NOT-FOR-US: Segue CMS
CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...)
	NOT-FOR-US: phpWCMS XT
CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...)
	NOT-FOR-US: smbFtpd
CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuit ...)
	NOT-FOR-US: OdysseySuite
CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak  ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allo ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow re ...)
	NOT-FOR-US: Ohesa Emlak Portali
CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...)
	NOT-FOR-US: Iletisim Formu
CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB pla ...)
	NOT-FOR-US: mxBB
CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads)  ...)
	NOT-FOR-US: Mambo extension
CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelp ...)
	NOT-FOR-US: eHelpDesk
CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991  ...)
	NOT-FOR-US: actSite
CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 a ...)
	NOT-FOR-US: actSite
CVE-2007-5173 (PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID ...)
	NOT-FOR-US: phpBB Openid
CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a symli ...)
	- guilt 0.27-1.2 (medium; bug #445308)
CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and pos ...)
	- twiki 1:4.1.2-3 (bug #444982; low)
	[etch] - twiki <no-dsa> (Minor packaging flaw, doesn't warrant an update)
CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows re ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) befor ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01 ...)
	NOT-FOR-US: Clan lite
CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in p ...)
	NOT-FOR-US: phpLister
CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a all ...)
	NOT-FOR-US: SiteSys
CVE-2007-5165
	NOT-FOR-US: myIpacNG-stats
CVE-2007-5164
	NOT-FOR-US: UniversiBO
CVE-2007-5163
	NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1 (low)
	- ruby1.8 1.8.6.111-1 (low; bug #444929)
	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in i-System ...)
	NOT-FOR-US: Feedreader 3
	NOTE: editor not included in native wordpress
CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche  ...)
	NOT-FOR-US: Thierry Leriche Restaurant Management System
CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g pac ...)
	- ntfs-3g 1:1.913-2 (medium; bug #445315)
CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet Explo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex Koc ...)
	NOT-FOR-US: PHP Fidonet Tosser
CVE-2007-5156 (Incomplete blacklist vulnerability in editor/filemanager/upload/php/up ...)
	- knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
	- moin 1.5.8-4.1 (unimportant)
	NOTE: This problem should rather be addressed by proper httpd config
	NOTE: The change only adds a workaround for insecure configs
	- karrigell <not-affected> (Does not include vulnerable php code)
	- gforge 4.6.99+svn6169-1 (low; bug #447590)
	[etch] - gforge <not-affected> (fckeditor is not shipped in these versions)
	[sarge] - gforge <not-affected> (fckeditor is not shipped in these versions)
CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments ...)
	NOT-FOR-US: ICEOWS
CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlie ...)
	NOT-FOR-US: Aipo
CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java Syste ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in includes/nu ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5150 (SQL injection vulnerability in the is_god function in includes/nukesen ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5149 (PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc. ...)
	NOT-FOR-US: North Country Public Radio Public Media Manager
CVE-2007-5148
	NOT-FOR-US: FrontAccounting
CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS  ...)
	NOT-FOR-US: Puzzle Apps CMS
CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der D ...)
	NOT-FOR-US: Der Dirigent
CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...)
	NOT-FOR-US: Windows XP
CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used f ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows loca ...)
	NOT-FOR-US: Anti-Virus for Windows Servers
CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Nov ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allo ...)
	NOT-FOR-US: SiteX
CVE-2007-5140 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...)
	NOT-FOR-US: IntegraMOD Nederland
CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...)
	NOT-FOR-US: Chupix
CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in lustig.c ...)
	NOT-FOR-US: lustig.cms
CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
	{DSA-1743-1}
	- tk8.4 8.4.16-1
	[etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	[sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	- tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
	- libtk-img 1.3-release-8
CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP address ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote  ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...)
	NOT-FOR-US: ActiveKB
CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SimpGB
CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with in ...)
	NOT-FOR-US: SimpGB
CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows rem ...)
	NOT-FOR-US: SimpNews
CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02  ...)
	NOT-FOR-US: SimpGB
CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup Exe ...)
	NOT-FOR-US: Symantec Veritas Backup Exec
CVE-2007-5125
	REJECTED
CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Messenger
CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote at ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds P ...)
	NOT-FOR-US: SoftBiz Classifieds PLUS
CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allow ...)
	- jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
	- jspwiki 2.5.139-1 (medium; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sen ...)
	- jspwiki 2.5.139-1 (unimportant; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class dr ...)
	NOT-FOR-US: Solaris
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting  ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular Expre ...)
	{DSA-1400-1 DTSA-78-1}
	- perl 5.8.8-12 (medium; bug #450794)
	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9 ...)
	{DSA-1379-1}
	- openssl 0.9.8e-9 (low; bug #444435)
	[sarge] - openssl 0.9.7e-3sarge5
CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Cont ...)
	NOT-FOR-US: Ekke Doerre Contenido
CVE-2007-5114
	NOT-FOR-US: phpmyProfiler
CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allo ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5110 (Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in FlatNu ...)
	NOT-FOR-US: flatnuke
CVE-2007-5108 (Unspecified vulnerability in IAC Search &amp; Media ask.com toolbar ha ...)
	NOT-FOR-US: IAC Search & Media ask.com toolbar
CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 A ...)
	NOT-FOR-US: AskJeevesToolBar
CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...)
	- wordpress 2.0.2-1 (low)
CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...)
	- wordpress 2.0.4-1 (low)
CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 R ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter accou ...)
	NOT-FOR-US: ChironFS
CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...)
	NOT-FOR-US: phpBB plus (phpbb2 does not include this module)
CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters H ...)
	NOT-FOR-US: helplink
CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 a ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5097
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-5096 (PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822 ...)
	NOT-FOR-US: guanxiCRM Business Solution
CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Inter ...)
	NOT-FOR-US: Windows Media Player
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitc ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
	- linux-2.6 2.6.23-1
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music modu ...)
	NOT-FOR-US: phpNuke module
CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4. ...)
	- egroupware 1.2.107-2.dfsg-2 (low; bug #444351)
CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Micr ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.l ...)
	NOT-FOR-US: Sklog
CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...)
	NOT-FOR-US: freeside
CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support  ...)
	- linux-2.6 <not-affected> (2.6 code base handles ARP entries differently)
CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not  ...)
	NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache Geron ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) Bri ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor Hier ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) Brig ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers  ...)
	- ssldump 0.9b3-1 (low)
CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Playe ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
	- gdm <not-affected> (Red Hat-specific packaging flaw)
CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager al ...)
	NOT-FOR-US: eGov Manager
CVE-2007-5077
	RESERVED
CVE-2007-5076
	RESERVED
CVE-2007-5075
	RESERVED
CVE-2007-5074
	RESERVED
CVE-2007-5073
	RESERVED
CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX contr ...)
	NOT-FOR-US: Easy Mail Message Printer
CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke M ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allo ...)
	NOT-FOR-US: phpFullAnnu
CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remo ...)
	NOT-FOR-US: iMatix Xitami Web Server
CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows rem ...)
	- webmin <removed>
CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6 ...)
	NOT-FOR-US: Xunlei Web Thunder
CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information unde ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote atta ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere  ...)
	NOT-FOR-US: Clansphere
CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass functiona ...)
	NOT-FOR-US: XCMS
CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow  ...)
	NOT-FOR-US: GreenSQL
CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration int ...)
	NOT-FOR-US: Barracuda
CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...)
	NOT-FOR-US: NetSupport Manager Client
CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lit ...)
	NOT-FOR-US: ADOdb Lite
CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and  ...)
	NOT-FOR-US: iziContents
CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC ...)
	NOT-FOR-US: iziContents
CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...)
	NOT-FOR-US: iziContents
CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: Vigile CMS
CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1. ...)
	{DSA-1559-1}
	- phpgedview 4.1.e+4.1.1-2 (low; bug #443901)
CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 allo ...)
	NOT-FOR-US: Neuron News
CVE-2007-5049
	REJECTED
CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote attack ...)
	NOT-FOR-US: lhaplus
CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate cer ...)
	NOT-FOR-US: Norton Internet Security
CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for  ...)
	NOT-FOR-US: IceWarp Merak Mail Server
CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameter ...)
	NOT-FOR-US: ZoneAlam Pro
CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate certa ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain  ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain parame ...)
	NOT-FOR-US: G DATA InternetSecurity
CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain pa ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain par ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for B ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in src/inotifyto ...)
	{DSA-1440-1}
	- inotify-tools 3.11-1 (medium; bug #443913)
CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with firmwa ...)
	NOT-FOR-US: AirDefense firmware
CVE-2007-5035
	NOT-FOR-US: openEngine
CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ap ...)
	{DSA-1380-1}
	- elinks 0.11.1-1.5 (low; bug #443914)
CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2  ...)
	NOT-FOR-US: phpBB XS
CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in Franci ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbl ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to  ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are appro ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspec ...)
	- dibbler 0.6.1-1 (medium; bug #444002)
CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...)
	NOT-FOR-US: WBR3404TX firmware
CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ro ...)
	NOT-FOR-US: dBlog CMS
CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 a ...)
	NOT-FOR-US: VMware
CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in clearte ...)
	NOT-FOR-US: VMware
CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation b ...)
	NOT-FOR-US: VMware
CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM)  ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-5021
	REJECTED
CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows a ...)
	NOT-FOR-US: Acrobat Reader
CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to re ...)
	- distcc 2.18.1-1 (low)
	NOTE: since 2.18.1-1 there is the --allow switch to control network access
	NOTE: https://github.com/distcc/distcc/issues/155
	NOTE: Fix in depth is only in later version 3.3, cf.
	NOTE: https://bugs.debian.org/892973
CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in Sola ...)
	NOT-FOR-US: Solaris
CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotosha ...)
	NOT-FOR-US: eZnet
CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ea ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earl ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...)
	NOT-FOR-US: mIRC
CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote atta ...)
	NOT-FOR-US: Tftpd32
CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers t ...)
	NOT-FOR-US: Solaris
CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun  ...)
	NOT-FOR-US: Solaris
CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
	- mp 3.7.1-8 (low)
	[sarge] - mp <no-dsa> (Minor issue)
	[etch] - mp <no-dsa> (Minor issue)
	NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java Runt ...)
	- sun-java6 <removed> (unimportant)
	- sun-java5 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote  ...)
	NOT-FOR-US: Pegasus Mail Mercury
CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows re ...)
	NOT-FOR-US: OneCMS
CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP M ...)
	NOT-FOR-US: Streamline
CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allo ...)
	NOT-FOR-US: pSlash
CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ph ...)
	NOT-FOR-US: Phormer
CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGalle ...)
	NOT-FOR-US: PhpWebGallery
CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: WebBatch
CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote att ...)
	NOT-FOR-US: WebBatch
CVE-2007-5009 (PHP remote file inclusion vulnerability in language/lang_german/lang_m ...)
	NOT-FOR-US: Phpbb Plus
	NOTE: vulnerable code not included in phpbb2
CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not cor ...)
	NOT-FOR-US: HP-UX
CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa befo ...)
	- balsa 2.3.20-1 (low)
	[etch] - balsa 2.3.13-3
	NOTE: Minor issue fixed in 4.0r4 point release
	[sarge] - balsa <no-dsa> (Minor issue)
	NOTE: attacker needs to get the victim a prepared server to use
CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ARCse ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer Associa ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve Backu ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) Brig ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
	RESERVED
CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ser ...)
	- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...)
	[sarge] - apache2 <no-dsa> (minor issue)
	[sarge] - apache <no-dsa> (minor issue)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache2 2.2.3-4+etch4
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allo ...)
	- pidgin 2.2.2-1 (medium)
CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...)
	- coreutils 4.1.2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
CVE-2007-4997 (Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80 ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-1
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge me ...)
	- pidgin 2.2.1-1 (medium)
	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0. ...)
	{DSA-1571-1}
	- openssl 0.9.8f-1 (low)
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not p ...)
	NOT-FOR-US: Redhat Certificate Server
CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a gue ...)
	{DSA-1384-1}
	- xen-3 3.1.1-1 (medium; bug #444430)
	- xen-3.0 <removed>
CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in fbserver ...)
	- firebird1.5 <removed> (medium; bug #446373)
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration
CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 all ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4989
	REJECTED
CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick befor ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ImageMagi ...)
	{DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow context ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
	NOT-FOR-US: StylesDemo
CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX  ...)
	NOT-FOR-US: jetAudio
CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCo ...)
	NOT-FOR-US: QRCode
CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in Obedi ...)
	NOT-FOR-US: Obedit
CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java i ...)
	NOT-FOR-US: GCALDaemon
CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in Kws ...)
	NOT-FOR-US: KwsPHP
CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2  ...)
	NOT-FOR-US: phpSyncML
CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Pho ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo G ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...)
	NOT-FOR-US: b1gMail
CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in libsndf ...)
	{DSA-1442-1}
	- libsndfile 1.0.17-4 (bug #443386; medium)
	[sarge] - libsndfile <not-affected> (Vulnerable code not present)
	- ardour 1:2.1-1.1 (medium; bug #445889)
	[sarge] - ardour <not-affected> (Vulnerable code not present)
	[etch] - ardour <not-affected> (Vulnerable code not present)
CVE-2007-4973
	RESERVED
CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System Se ...)
	NOT-FOR-US: NtRegmon
CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters  ...)
	NOT-FOR-US: ProSecurity
CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to Sy ...)
	NOT-FOR-US: ProcessGuard
CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to  ...)
	NOT-FOR-US: Process Monitor
CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...)
	NOT-FOR-US: Privatefirewal
CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ce ...)
	NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge 4. ...)
	NOTE: Duplicate of CVE-2007-3913
CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and e ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.5 2.5.1-6 (low; bug #443333)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[sarge] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.4-7 (low; bug #443335)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinImage
CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows re ...)
	NOT-FOR-US: WinImage
CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows  ...)
	NOT-FOR-US: WinImage
CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by th ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life secondl ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in catalog_products_with_imag ...)
	NOT-FOR-US: osCMax
CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery  ...)
	NOT-FOR-US: TinyWebGallery
CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...)
	NOT-FOR-US: ChupixCMS
CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote atta ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote atta ...)
	NOT-FOR-US: SimpCMS
CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2007-4951
	NOT-FOR-US: YaPiG
CVE-2007-4950
	NOT-FOR-US: Phportal
CVE-2007-4949
	NOT-FOR-US: phpreactor
CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia Explore ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0. ...)
	NOT-FOR-US: myphpPagetool
CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information (i ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade all ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux,  ...)
	NOT-FOR-US: Opera
CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll  ...)
	NOT-FOR-US: Baofeng Storm
CVE-2007-4942 (PHP remote file inclusion vulnerability in modules/Discipline/StudentF ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a den ...)
	NOT-FOR-US: KMPlayer for windows
	NOTE: its not kmplayer we ship its a windows only media player
CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and e ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MP ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
	{DTSA-65-1}
	- mplayer 1.0~rc1-16.1 (bug #443478)
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with insu ...)
	NOT-FOR-US: CS Guestbook
CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has u ...)
	NOT-FOR-US: SafeSquid
CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...)
	NOT-FOR-US: phpFFL
CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...)
	NOT-FOR-US: phpFFL
CVE-2007-4933 (Direct static code injection vulnerability in includes/admin/sub/conf_ ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the  ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in conjunct ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W c ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the confi ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote auth ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and pass ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment  ...)
	NOT-FOR-US: eWire Payment Client
CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
	- opal 2.2.11~dfsg1-1 (low)
	[etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
	NOTE: will be fixed by regular stable update
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in  ...)
	NOT-FOR-US: Joomla extension
CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module fo ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php  ...)
	NOT-FOR-US: Ajax File Browser
CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2 ...)
	NOT-FOR-US: Webquest
CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote a ...)
	NOT-FOR-US: Jblog
CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato allo ...)
	NOT-FOR-US: Gelato
CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats  ...)
	NOT-FOR-US: Php-Stats
CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC ...)
	NOT-FOR-US: MFC Library
CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLa ...)
	- boa <not-affected> (We don't ship this extension)
CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision Pow ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board)  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...)
	NOT-FOR-US: JetCast Server
CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown imp ...)
	NOT-FOR-US: Netinvoicing
CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...)
	NOT-FOR-US: WinSCP
CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and earl ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow rem ...)
	NOT-FOR-US: X-Cart
CVE-2007-4906 (PHP remote file inclusion vulnerability in tasks/send_queued_emails.ph ...)
	NOT-FOR-US: NuclearBB
CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2. ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0. ...)
	- helix-player <unfixed> (unimportant; bug #443130)
	NOTE: Just a floating point exception by via a crafted .au file)
CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll  ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVi ...)
	NOT-FOR-US: RSA EnVision
CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.1 ...)
	NOT-FOR-US: Boinc Forum
CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1  ...)
	NOT-FOR-US: Xwiki
CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remo ...)
	{DTSA-94-1}
	- pwlib 1.10.10-1.1 (low; bug #454133)
	- pwlib-titan 1.11.2-1.1 (low; bug #454139)
	[etch] - pwlib 1.10.2-2+etch1
	[sarge] - pwlib 1.8.4-1+sarge1.1
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in admin/header.ph ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ( ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ...)
	- wordpress 2.2.3-1 (medium)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ...)
	- wordpress 2.2.3-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...)
	NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.35.dfsg-3
	[etch] - libgd2 2.0.33-5.2etch1
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Mi ...)
	NOT-FOR-US: PDWizard
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX contro ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...)
	- php5 <removed> (unimportant)
	NOTE: basedir and safemode not supported
CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2  ...)
	NOT-FOR-US: Xwiki
CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent atta ...)
	- php5 5.2.5-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and pro ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a d ...)
	NOT-FOR-US: Avnex AV MP3 Player
CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ca ...)
	NOT-FOR-US: Windows
CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in  ...)
	- mediawiki-extensions <not-affected> (We don't ship this extension)
CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel Custo ...)
	NOT-FOR-US: TechExcel CustomerWise
CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com s ...)
	NOT-FOR-US: Psilabs
CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ce ...)
	NOT-FOR-US: IBM Tivoli Storage Manager (TSM)
CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, c ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1 (low; bug #444803)
	- iceape 1.1.9-1 (low; bug #444805)
	- xulrunner 1.8.1.13-1
CVE-2007-4878
	RESERVED
CVE-2007-4877
	RESERVED
CVE-2007-4876
	RESERVED
CVE-2007-4875
	RESERVED
CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.0 ...)
	NOT-FOR-US: SimpNews
CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with  ...)
	NOT-FOR-US: SimpNews
CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: SimpNews
CVE-2007-4871
	RESERVED
CVE-2007-4870
	RESERVED
CVE-2007-4869
	RESERVED
CVE-2007-4868
	RESERVED
CVE-2007-4867
	RESERVED
CVE-2007-4866
	RESERVED
CVE-2007-4865
	RESERVED
CVE-2007-4864
	RESERVED
CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote  ...)
	NOT-FOR-US: SAXON
CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5. ...)
	NOT-FOR-US: SAXON
CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to obt ...)
	NOT-FOR-US: SAXON
CVE-2007-4860
	RESERVED
CVE-2007-4859
	RESERVED
CVE-2007-4858
	RESERVED
CVE-2007-4857
	RESERVED
CVE-2007-4856
	RESERVED
CVE-2007-4855
	RESERVED
CVE-2007-4854
	RESERVED
CVE-2007-4853
	RESERVED
CVE-2007-4852
	RESERVED
CVE-2007-4851
	REJECTED
CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Autho ...)
	NOT-FOR-US: Xwiki
CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user passw ...)
	NOT-FOR-US: Xwiki
CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ...)
	- php4 <removed> (unimportant)
	- php5 5.2.6-1 (unimportant)
	NOTE: Safe mode bypasses not treated as security problems
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly o ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1 (bug #442245; low)
CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to d ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by Pi ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1. ...)
	NOT-FOR-US: Webace-Linkscript
CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Down ...)
	NOT-FOR-US: RW::Download
CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly rea ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 bu ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan Explo ...)
	NOT-FOR-US: Magellan Explorer
CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMon ...)
	- iceweasel <not-affected> (windows only issue)
	- iceape <not-affected> (windows only issue)
	- xulrunner <not-affected> (windows only issue)
	- icedove <not-affected> (windows only issue)
	NOTE: MFSA2007-36
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a de ...)
	- glibc 2.7-1 (unimportant)
	NOTE: Original PHP issue only triggerable by malicious script
CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier al ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows r ...)
	NOT-FOR-US: Proxy Anket
CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0. ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows rem ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 a ...)
	NOT-FOR-US: phpRealty
CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere Appli ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier  ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in account_setting ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
	- perl 5.10.0-19
	[etch] - perl <not-affected> (Was merged into Perl as of 5.10)
	- libarchive-tar-perl 1.38-1 (low; bug #449544)
	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing mo ...)
	- mediawiki 1.10.2-1 (low; bug #442255)
	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in Min ...)
	NOT-FOR-US: Modbus Slave ActiveX Control
CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...)
	{DSA-1382-1}
	- quagga 0.99.9-1 (low; bug #442133)
	NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ...)
	- php5 5.2.5-1 (unimportant)
	- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
	NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems
CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google P ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack vec ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device manageme ...)
	NOT-FOR-US: Buffalo AirStation firmware
CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.2 ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo K ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 all ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allo ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante (com_restaur ...)
	NOT-FOR-US: Joomla component
	NOTE: not included in standard joomla installation, joomla has an itp though
CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps ...)
	NOT-FOR-US: BaoFeng2
CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus  ...)
	NOT-FOR-US: WebED
CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed Ma ...)
	NOT-FOR-US: Microsoft SQL Server Enterprise Manager
CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Bet ...)
	NOT-FOR-US: Domino Blogsphere
CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions bef ...)
	NOT-FOR-US: Mac OS
CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...)
	NOT-FOR-US: Netjuke
CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...)
	NOT-FOR-US: Netjuke
CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy F ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote att ...)
	NOT-FOR-US: TLM CMS
CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 al ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4806 (PHP remote file inclusion vulnerability in modules/Discipline/Category ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime (cms ...)
	NOT-FOR-US: Fuzzylime CMS
CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote a ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remot ...)
	NOT-FOR-US: GlobalLink
CVE-2007-4801
	RESERVED
CVE-2007-4800
	RESERVED
CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...)
	NOT-FOR-US: AIX perfstat kernel extension
CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in invscout.r ...)
	NOT-FOR-US: invscout
CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) comm ...)
	NOT-FOR-US: System V print
CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows  ...)
	NOT-FOR-US: uucp IBM AIX
CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 al ...)
	NOT-FOR-US: mkpath IBM AIX
CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2  ...)
	NOT-FOR-US: fcstat IBM AIX
CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allo ...)
	NOT-FOR-US: xlplm IBM AIX
CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3  ...)
	NOT-FOR-US: ibstat IBM AIX
CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5. ...)
	NOT-FOR-US: swcons IBM AIX
CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.O ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Cont ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Con ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1 ...)
	NOT-FOR-US: Cisco ASA
CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...)
	NOT-FOR-US: Sony Micro Vault
CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent at ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial  ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...)
	NOT-FOR-US: Joomla!
CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (ak ...)
	NOT-FOR-US: Joomla!
CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component (com_c ...)
	NOT-FOR-US: Joomla!
CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) al ...)
	NOT-FOR-US: Joomla!
CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6 ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
	RESERVED
CVE-2007-4774 (The Linux kernel before 2.4.36-rc1 has a race condition. It was possib ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60
CVE-2007-4773 (Systrace before 1.6.0 has insufficient escape policy enforcement. ...)
	- systrace <removed>
CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13 (low)
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1 (low)
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp  ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	[sarge] - postgresql <unfixed>
CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not  ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression (PCRE ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4765
	RESERVED
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1  ...)
	NOT-FOR-US: Pawfaliki
CVE-2007-4763 (PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.ph ...)
	NOT-FOR-US: PHPOF
CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMAR ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 al ...)
	NOT-FOR-US: Barbo91
CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus  ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in C ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus D ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney al ...)
	NOT-FOR-US: phpMytourney
CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...)
	NOT-FOR-US: Total Commander
CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a d ...)
	- alien-arena 6.05-4.1 (low; bug #442075)
CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in acesrc/ace ...)
	- alien-arena 6.05-4.1 (medium; bug #442075)
CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in  ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allow ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attacker ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted c ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-1 (low; bug #444738)
	[etch] - openssh <no-dsa> (minor issue in weak security measure)
	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
	NOTE: An exploit needs limited control over the machine running a
	NOTE: trusted X client, so this is only a slight privilege
	NOTE: escalation. The X Security extension is merely an afterthought
	NOTE: and is unlikely to provide strong security guarantees.
CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0 ...)
	NOT-FOR-US: PowerPlayer
CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway Encoder/Deco ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone an ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.4 ...)
	NOT-FOR-US: AkoBook
CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in AnyInven ...)
	NOT-FOR-US: AnyInventory
CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to o ...)
	NOT-FOR-US: Claroline
CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Cl ...)
	NOT-FOR-US: Claroline
CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.Regis ...)
	NOT-FOR-US: HPRevolutionRegistryManager
CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when  ...)
	{DSA-1394-1}
	- reprepro 2.2.4-1 (high; bug #440535)
	NOTE: patch for etch in the BTS
	[sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0)
CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold Shopp ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allow ...)
	NOT-FOR-US: Virtual DJ
CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted re ...)
	NOT-FOR-US: OTSTurntables
CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is di ...)
	NOT-FOR-US: Aztech firmware
CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special F ...)
	NOT-FOR-US: Special File System
CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote at ...)
	NOT-FOR-US: Ccproxy
CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_G ...)
	{DSA-1387-1 DSA-1367-1}
	- krb5 1.6.dfsg.1-7 (high; bug #441209)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
	- librpcsecgss 0.14-4 (high; bug #441393)
	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll i ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the Co ...)
	{DSA-1372-1 DTSA-73-1}
	- xorg-server 2:1.4-1
	NOTE: XFree86 is not affected
CVE-2007-4729
	RESERVED
CVE-2007-4728
	RESERVED
CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fast ...)
	{DSA-1362-1}
	- lighttpd 1.4.18-1 (medium; bug #441555)
	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
	NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
	NOTE: http://www.milw0rm.com/exploits/4391
CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote at ...)
	NOT-FOR-US: Web Oddity
CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4. ...)
	NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the cal ...)
	- tomcat5.5 <not-affected> (Version already ships fixed files)
	- tomcat5 <removed> (unimportant; bug #441205)
	- libservlet2.4-java 5.0.30-6 (unimportant)
	NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel 4.3 ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming Interne ...)
	NOT-FOR-US: Quantum Streaming
CVE-2007-4721
	REJECTED
CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/C ...)
	NOT-FOR-US: Hitachi
CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allo ...)
	NOT-FOR-US: 212cafeBoard
CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in Claro ...)
	NOT-FOR-US: Claroline
CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...)
	NOT-FOR-US: Claroline
CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 al ...)
	NOT-FOR-US: PHD Help Desk
CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allo ...)
	NOT-FOR-US: Weblogicnet
CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows remo ...)
	NOT-FOR-US: Yvora
CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in U ...)
	NOT-FOR-US: Urchin
CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 allo ...)
	NOT-FOR-US: eNetman
CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5. ...)
	NOT-FOR-US: CFNetwork (Apple Mac OS X)
CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11  ...)
	NOT-FOR-US: Address Book (Apple Mac OS X)
CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in App ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4705
	RESERVED
CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a roo ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when "Block all incom ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporar ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4  ...)
	NOT-FOR-US: Apple Mac OS X, Windows
CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4695 (Unspecified "input validation" vulnerability in WebCore in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows at ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ca ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 conta ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users t ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ca ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not p ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows att ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote att ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows remot ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari  ...)
	NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated  ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create da ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
	NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before 5. ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...)
	{DTSA-61-1}
	- php5 5.2.4-1 (low)
	[etch] - php5 <no-dsa> (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway)
CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	- php4 <removed>
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
	NOTE: Only exploitable by malicious script
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP  ...)
	{DSA-1518-1}
	- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Ba ...)
	NOT-FOR-US: CGI RESCUE Shopping Basket
CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cis ...)
	NOT-FOR-US: SSHield
CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ea ...)
	NOT-FOR-US: Cisco Content Services Switch
CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to b ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir() not supported
CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows  ...)
	NOT-FOR-US: Adobe Connect Enterprise Server
CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow att ...)
	{DSA-1404-1}
	- gallery2 2.2.3-1
	NOTE: does not affect gallery 1.x (package 'gallery')
CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows re ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and In ...)
	NOT-FOR-US: MicroWorld eScan Virus Contro
CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak perm ...)
	NOT-FOR-US: Norman Virus Control
CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allow ...)
	NOT-FOR-US: Ourspace
CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite  ...)
	NOT-FOR-US: Hexamail
CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remo ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier all ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ear ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0. ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain debu ...)
	NOT-FOR-US: EnterpriseDB
CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows r ...)
	NOT-FOR-US: StarCraft
CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit a ...)
	NOT-FOR-US: xGB
CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allo ...)
	NOT-FOR-US: phpBG
CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ca ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and Unifie ...)
	NOT-FOR-US: Cisco
CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManag ...)
	NOT-FOR-US: Cisco
CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VT ...)
	NOT-FOR-US: Cisco
CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and o ...)
	- qgit 1.5.5-1.1 (bug #440950; low)
	[etch] - qgit <no-dsa> (Minor issue)
CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07 ...)
	{DSA-1445-1}
	- maradns 1.2.12.08-1
	NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...)
	NOT-FOR-US: Absolute Poll Manager
CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in MapSer ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1
CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...)
	NOT-FOR-US: phpns
CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows remo ...)
	NOT-FOR-US: ABC eStore
CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote attacke ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of se ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign D ...)
	NOT-FOR-US: AbleDesign Dynamic Picture Frame
CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) libdns_nons ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain p ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) Aler ...)
	NOT-FOR-US: CA products
CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
	{DSA-1469-1}
	- flac 1.2.1-1 (medium)
CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an adm ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold th ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale Moon ...)
	NOT-FOR-US: Moonware
CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale Moo ...)
	NOT-FOR-US: Moonware
CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in Moonwar ...)
	NOT-FOR-US: Moonware
CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for a ...)
	NOT-FOR-US: eyeOS
CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ePersonne ...)
	NOT-FOR-US: ePersonnel
CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6 ...)
	NOT-FOR-US: EasyMailSMTPObj ActiveX control
CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in  ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...)
	NOT-FOR-US: Vwar
CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows  ...)
	NOT-FOR-US: DL PayCart
CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 al ...)
	NOT-FOR-US: ACG news
CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by De ...)
	NOT-FOR-US: Micro-CMS
CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 1 ...)
	NOT-FOR-US: Mathsoft Mathcad
CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...)
	NOT-FOR-US: RealPlayer
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager  ...)
	NOT-FOR-US: IBM
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, whic ...)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
	NOT-FOR-US: Mayaa
CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly valid ...)
	NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Rational
CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynR ...)
	NOT-FOR-US: Ignite-UX
CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria es ...)
	NOT-FOR-US: escafeWeb
CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension  ...)
	NOT-FOR-US: iisfunc (windows only)
CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2 ...)
	NOT-FOR-US: 2532|Gigs
CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC serv ...)
	- ircii-pana <removed> (medium; bug #443544)
CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the nvUtility.Util ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX cont ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 al ...)
	NOT-FOR-US: WBB2-Addon: Acrotxt 1
CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might all ...)
	- tcp-wrappers 7.6.dbs-12 (bug #405342; medium)
	[etch] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
	[sarge] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows loca ...)
	NOT-FOR-US: BufferZone (Windows)
CVE-2007-4579
	REJECTED
CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows  ...)
	NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
	NOT-FOR-US: Sophos
CVE-2007-4576
	REJECTED
CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...)
	{DSA-1419-1}
	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
	- hsqldb 1.8.0.9-1
CVE-2007-4574 (Unspecified vulnerability in the "stack unwinder fixes" in kernel in R ...)
	- linux-2.6 <not-affected> (Redhat specific vulnerability)
	NOTE: I contacted the redhat security team about this, this was caused by an incomplete
	NOTE: backport for stack unwinder fixes in the linux kernel made by them.
	NOTE: redhat sent a reproducer to the vendor-sec list
CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...)
	{DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22-5 (medium)
CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, wh ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high; bug #451385)
CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the Advance ...)
	{DSA-1505-1 DSA-1479-1}
	- linux-2.6 2.6.22-5 (low; bug #444571)
	- alsa-driver 1.0.15-1
	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
	NOTE: very easy to exploit locally
CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in  ...)
	NOT-FOR-US: MCS translation daemon
CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...)
	{DSA-1376-1 DTSA-60-1}
	- kdebase 4:3.5.7-4
	[sarge] - kdebase <not-affected> (problem not present in code)
	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server (x ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4567 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel  ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha  ...)
	NOT-FOR-US: SIDVault
CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...)
	{DSA-1377-2}
	- fetchmail 6.3.8-8 (bug #440006; low)
	[etch] - fetchmail <no-dsa> (Hardly a security problem)
	[sarge] - fetchmail <not-affected> (problem not present in source)
CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later mi ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later mi ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosm ...)
	NOT-FOR-US: Hitachi DABroker
CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server bef ...)
	NOT-FOR-US: Helix DNA Server
CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, al ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1 (high)
CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) extractal ...)
	- python2.3 <removed> (unimportant)
	- python2.4 <unfixed> (unimportant; bug #440097)
	- python2.5 <unfixed> (unimportant; bug #440099)
	NOTE: According to upstream this is the intended behaviour for the module.
	NOTE: Since this is a library interface to embed Tar functionality into applications
	NOTE: it is in order to not provide the full security safety belts one might
	NOTE: expect from an enduser application like tar(1). Plus, addressing this would
	NOTE: mean to diverge from upstream permanently and could break the behaviour
	NOTE: of external apps. Anyone who wants to see this "fixed" should rather file
	NOTE: a PEP on an improved tar interface with additional security guarantees
	NOTE: provided by design.
CVE-2007-4558
	REJECTED
CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in Nove ...)
	NOT-FOR-US: Novell
CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0. ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows rem ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php i ...)
	- tikiwiki <removed>
CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01  ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media A ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean migh ...)
	NOT-FOR-US: ALPass
CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow  ...)
	NOT-FOR-US: ALPass
CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...)
	NOT-FOR-US: Apache Geronimo
CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the C ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92  ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPres ...)
	NOT-FOR-US: WordPress multi-user (MU)
CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla  ...)
	- bugzilla 2.22.1-2.2 (low; bug #440106)
	[etch] - bugzilla <no-dsa> (Affected code only shipped in example, minor issue anyway)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer befor ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1 (bug #439346)
CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download  ...)
	NOT-FOR-US: Olate Download
CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate Downlo ...)
	NOT-FOR-US: Olate Download
CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 do ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers t ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm impl ...)
	NOT-FOR-US: Skulltag
CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in  ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...)
	NOT-FOR-US: Vavoom
CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker ...)
	NOT-FOR-US: Vavoom
CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in Vavoo ...)
	NOT-FOR-US: Vavoom
CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Serve ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote auth ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not f ...)
	NOT-FOR-US: ffi extension for php
CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net  ...)
	NOT-FOR-US: phUploader
CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before 3.5 ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2007-4525
	- spip 2.0.6-1
CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2 ...)
	NOT-FOR-US: PhPress
CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Ma ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 a ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an I ...)
	- asterisk <not-affected> (The voicemail backend is not enabled in Debian)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
	NOTE: the backend will be enabled in future uploads with a fixed package.
CVE-2007-4520
	RESERVED
CVE-2007-4519
	RESERVED
CVE-2007-4518
	RESERVED
CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedur ...)
	NOT-FOR-US: Oracle
CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in Syman ...)
	NOT-FOR-US: Volume Manager Scheduler Service
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before 20 ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manag ...)
	NOT-FOR-US: HP ProCurve Manager
CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow loc ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Wind ...)
	NOT-FOR-US: Sophos Anti-Virus for Windows
CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
	NOT-FOR-US: Sun Application Server
CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	NOTE: Only exploitable if CL_EXPERIMENTAL is set
CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component (c ...)
	NOT-FOR-US: EventList component for Joomla!
CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
	NOT-FOR-US: Rebellion Asura engine
CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 al ...)
	NOT-FOR-US: External PHP component only relevant for Windows
CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ( ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ( ...)
	NOT-FOR-US: RemoSitory component for Mambo
CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles componen ...)
	NOT-FOR-US: RSfiles component for Joomla!
CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component (c ...)
	NOT-FOR-US: Nice Talk component for Joomla!
CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component (com_ ...)
	NOT-FOR-US: BibTeX component for Joomla!
CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2  ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American Finan ...)
	NOT-FOR-US: American Financing eMail Image Upload
CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0 ...)
	NOT-FOR-US: Grandstream SIP Phone
CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on  ...)
	NOT-FOR-US: Solaris
CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9 ...)
	- ezpublish <removed>
CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
	- ezpublish <removed>
CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun Sol ...)
	NOT-FOR-US: Solaris
CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows r ...)
	NOT-FOR-US: Gurur haber
CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProte ...)
	NOT-FOR-US: Trend Micro
CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
	NOT-FOR-US: eCentrex VOIP
CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gig ...)
	NOT-FOR-US: Siemens GigaSet firmware
CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in Lin ...)
	NOT-FOR-US: Linkliste
CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly on ...)
	NOT-FOR-US: Butterfly online visitors counter
CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER 1.0 ...)
	NOT-FOR-US: My_REFERER
CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0. ...)
	NOT-FOR-US: Pool 1.0.7 theme for WordPress
CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix  ...)
	NOT-FOR-US: Rus themes for WordPress
CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1. ...)
	NOT-FOR-US: Sirius 1.0 theme for WordPress
CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search Engi ...)
	NOT-FOR-US: Search Engine Builder
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
	NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...)
	{DSA-1566-1 DSA-1438-1}
	- tar 1.18-1 (low; bug #441444)
	- cpio 2.9-5 (low; bug #449222)
CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webvie ...)
	NOT-FOR-US: EAI WebViewer3D ActiveX control
CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web Acce ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate se ...)
	NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings Play ...)
	NOT-FOR-US: Broderbund Expressit
CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online E ...)
	NOT-FOR-US: QuickBooks
CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping NC ...)
	NOT-FOR-US: Earth Resource Mapping NCSView
CVE-2007-4469
	RESERVED
CVE-2007-4468
	RESERVED
CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...)
	NOT-FOR-US: Oracle
CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCt ...)
	NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX
CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in FLICSource ...)
	NOT-FOR-US: Media Player Classic
CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple a ...)
	NOT-FOR-US: snif
CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge s ...)
	NOT-FOR-US: snif
CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apa ...)
	- apache <removed> (low)
	- apache2 2.2.6-1 (bug #453783)
	[sarge] - apache <no-dsa> (browser issue, low impact)
	[sarge] - apache2 <no-dsa> (browser issue, low impact)
	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
	NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
	NOTE: but many users change this.
	NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3.
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Co ...)
	NOT-FOR-US: Total Commander
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted rem ...)
	NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwr ...)
	- po4a 0.31-1 (bug #439226)
	[etch] - po4a 0.29-1etch1
	[sarge] - po4a 0.20-2sarge1
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote attack ...)
	- nufw 2.2.4-1 (bug #439227)
	[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8 ...)
	{DSA-1365-3 DSA-1365-2 DSA-1365-1}
	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in includes/class/class_tpl.ph ...)
	NOT-FOR-US: Firesoft
CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...)
	NOT-FOR-US: Dalai Forum
CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ (com_simplef ...)
	NOT-FOR-US: mambo
	NOTE: mambo is in experimental though
CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.11~dfsg-1
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...)
	NOT-FOR-US: Olate Download
CVE-2007-4453
	NOT-FOR-US: vBulletin
CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Toribash
CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote attac ...)
	NOT-FOR-US: Toribash
CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long  ...)
	NOT-FOR-US: Toribash
CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Toribash
CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle parti ...)
	NOT-FOR-US: Toribash
CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier a ...)
	NOT-FOR-US: Toribash
CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...)
	NOT-FOR-US: Toribash
CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier all ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and 2004 ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal engi ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP  ...)
	- php5 <not-affected> (Windows-specific)
CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mai ...)
	NOT-FOR-US: Mercury mail system
CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in Squirre ...)
	NOT-FOR-US: Squirrelcart
CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 al ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
	- drupal <not-affected> (External addon, see bug #439379)
CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 al ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the  ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...)
	NOT-FOR-US: SUSE
CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earli ...)
	NOT-FOR-US: Safari/windows
CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows contex ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a  ...)
	NOT-FOR-US: Skype
CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via unknow ...)
	NOT-FOR-US: lhaz
CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the C ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 all ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user be ...)
	NOT-FOR-US: Safari
CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID functio ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN wi ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1  ...)
	NOT-FOR-US: Olate Download
CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin u ...)
	NOT-FOR-US: Olate Download
CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization,  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not proper ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4416
	NOT-FOR-US: BellaBook
CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 In ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to g ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...)
	NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2
CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solut ...)
	NOT-FOR-US: Deskpro
CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the hi ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick actio ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote att ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allow ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a  ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of servi ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote attack ...)
	NOT-FOR-US: mirc/winamp
CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote attack ...)
	NOT-FOR-US: mirc
CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC Integrati ...)
	NOT-FOR-US: mirc
CVE-2007-4400 (CRLF injection vulnerability in the included media script in Konversat ...)
	- konversation 1.0.1-4 (low; bug #439837)
	[etch] - konversation <no-dsa> (minor issue)
	[sarge] - konversation <no-dsa> (minor issue)
CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allo ...)
	NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package)
CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and  ...)
	- irssi-scripts 20070925 (low; bug #439840)
	- weechat-scripts 20070425-0.1 (low; bug #439839)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[etch] - weechat-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMM ...)
	NOT-FOR-US: various IRC now_playing scripts
CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33t ...)
	- irssi-scripts 20070925 (low; bug #439840)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
	NOTE: weechat-scripts does not include the mentioned scripts
CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control  ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the fi ...)
	NOT-FOR-US: findutils-locate on SUSE Linux
CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 place ...)
	NOT-FOR-US: oracle
CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service (prog ...)
	NOT-FOR-US: winamp
CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger  ...)
	NOT-FOR-US: kakadu
CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, o ...)
	NOT-FOR-US: BlueCat
CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...)
	NOT-FOR-US: 2wire
CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17. ...)
	NOT-FOR-US: 2wire
CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...)
	NOT-FOR-US: 2wire
CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows rem ...)
	NOT-FOR-US: GetMyOwnArcade
CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input valid ...)
	NOT-FOR-US: Stinger
CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...)
	NOT-FOR-US: Stephane Pineau VOTE
CVE-2007-4383
	NOT-FOR-US: Trackeur
CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote atta ...)
	NOT-FOR-US: CounterPath X-Lite
CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun JD ...)
	- sun-java5 1.5.0-10-1
CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8. ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and e ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k allow ...)
	NOT-FOR-US: SurgeMail
CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon  ...)
	NOT-FOR-US: Szymon Kosok Best Top List
CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 Profes ...)
	NOT-FOR-US: Diskeeper
CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat me ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly imp ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 20 ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems Cac ...)
	NOT-FOR-US: InterSystems Cache
CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in Inte ...)
	NOT-FOR-US: InterSystems Cache
CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) implementati ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
	- libpam-usb 0.4.1-1 (medium)
	NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
	- lwat 0.15-2 (low)
CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in  ...)
	NOT-FOR-US: Neuron Blog
CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer 0. ...)
	NOT-FOR-US: Racer
CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4. ...)
	NOT-FOR-US: SOTEeSKLEP
CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) W ...)
	NOT-FOR-US: IBM Rational ClearQuest (CQ)
CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code vi ...)
	NOT-FOR-US: Opera
CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service (d ...)
	- wengophone 2.1.1.dfsg0-3 (bug #438419)
CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain authentic ...)
	NOT-FOR-US: Fedora Commons
CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the nodereferen ...)
	NOT-FOR-US: Drupal Content Construction Kit (CCK)
CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...)
	NOT-FOR-US: Prozilla Webring
CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...)
	NOT-FOR-US: ReadyNAS RAIDiator
CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with fi ...)
	NOT-FOR-US: Dell
CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems J ...)
	NOT-FOR-US: JobLister3
CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Zoidcom
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof t ...)
	- mozilla-firefox <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- iceape <removed> (unimportant)
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML fil ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3  ...)
	NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in  ...)
	NOT-FOR-US: AIX
CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in  ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	NOTE: cups uses xpdf-utils and poppler-utils since version 1.1.22-7
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
	{DSA-1407-1 DTSA-81-1}
	- cupsys 1.3.4-1 (medium; bug #448866)
	- cups 1.3.4-1 (medium; bug #448866)
	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: HP SiteScope
CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...)
	NOT-FOR-US: HP OpenView Report
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tiv ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in  ...)
	NOT-FOR-US: Job Engine
CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for Windo ...)
	NOT-FOR-US: Job Engine
CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail S ...)
	NOT-FOR-US: IMail Client
CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...)
	NOT-FOR-US: ACDSee
CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-ass ...)
	NOT-FOR-US: IrfanView
CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral L ...)
	NOT-FOR-US: PHPCentral
CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in Om ...)
	NOT-FOR-US: Omnistar Lib2 PHP
CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 a ...)
	NOT-FOR-US: phpDVD
CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll  ...)
	NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 al ...)
	NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in l ...)
	{DSA-1683-1}
	- streamripper 1.62.2-1 (low)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation DXSurface.LivePicture. ...)
	NOT-FOR-US: Microsoft
CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik WinGa ...)
	NOT-FOR-US: Qbik WinGate
CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1 ...)
	NOT-FOR-US: Php-stats
CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in A ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when  ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...)
	NOT-FOR-US: FindNix
CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1. ...)
	NOT-FOR-US: Shoutbox
CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 all ...)
	NOT-FOR-US: Web News
CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Gal ...)
	NOT-FOR-US: Bilder Galerie
CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader 1. ...)
	NOT-FOR-US: File Uploader
CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader  ...)
	NOT-FOR-US: Bilder Uploader
CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...)
	NOT-FOR-US: Gaestebuch
CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other version ...)
	- flashplugin-nonfree 9.0.115.0.1
	[etch] - flashplugin-nonfree 9.0.115.0.1~etch1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows rem ...)
	- denyhosts 2.6-2.1 (bug #438162; medium)
	[etch] - denyhosts 2.6-1etch1
CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftp ...)
	NOT-FOR-US: BlockHosts
CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...)
	{DSA-1456-1}
	- fail2ban 0.8.0-4 (bug #438187; medium)
CVE-2007-4320 (PHP remote file inclusion vulnerability in admin/addons/archive/archiv ...)
	NOT-FOR-US: Ncaster
CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...)
	NOT-FOR-US: Zyxel
CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the man ...)
	NOT-FOR-US: Zyxel
CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: Zyxel
CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...)
	NOT-FOR-US: Zyxel
CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows loca ...)
	NOT-FOR-US: ATI
CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the readin ...)
	NOT-FOR-US: Pixlie
CVE-2007-4313 (PHP remote file inclusion vulnerability in public_includes/pub_blocks/ ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0  ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remot ...)
	NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenti ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI la ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
	- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 a ...)
	NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...)
	- phpmyadmin <unfixed> (unimportant)
	[sarge] - phpmyadmin <not-affected>
	NOTE: It seems that this requires knowledge of a unguessable session token.
	NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail  ...)
	NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when  ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic So ...)
	NOT-FOR-US: Generic Software Wrappers Toolkit
CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: WebCart
CVE-2007-4300
	RESERVED
CVE-2007-4299
	RESERVED
CVE-2007-4298
	RESERVED
CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...)
	NOT-FOR-US: Modulu
CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (A ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy Server
CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...)
	NOT-FOR-US: Cisco
CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Cisco
CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote atta ...)
	NOT-FOR-US: Cisco
CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Cisco
CVE-2007-4290
	NOT-FOR-US: Guestbook Script
CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT style ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted  ...)
	NOT-FOR-US: Microsoft
CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...)
	NOT-FOR-US: FishCart
CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionali ...)
	NOT-FOR-US: Cisco
CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12. ...)
	NOT-FOR-US: Cisco
CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified M ...)
	NOT-FOR-US: Cisco
CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Co ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2007-4282 (The "Extended properties for entries" (entryproperties) plugin in sere ...)
	- serendipity 1.1.4-1
	[etch] - serendipity <not-affected> (introduced in 1.1.x)
CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source  ...)
	- knowledgetree <removed>
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in FrontAccounti ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE servi ...)
	NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Tr ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4274
	REJECTED
CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local us ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 an ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4266
	RESERVED
CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3 ...)
	NOT-FOR-US: VisionProject
CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...)
	NOT-FOR-US: snif
CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...)
	- asterisk 1:1.4.10~dfsg-1
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-019.htm
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP)  ...)
	NOT-FOR-US: Cisco
CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earli ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default "admin" account for galle ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download arb ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site Dire ...)
	NOT-FOR-US: Prozilla
CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...)
	NOT-FOR-US: YNP Portal System
CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-depe ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL  ...)
	NOT-FOR-US: Microsoft
CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in Envol ...)
	NOT-FOR-US: Envolution
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple  ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.3 ...)
	NOT-FOR-US: Advanced Searchbar
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for  ...)
	NOT-FOR-US: ExportNation toolbar
CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolb ...)
	NOT-FOR-US: Toolbar Gaming toolbar
CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem I ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTE ...)
	NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! Reactions ...)
	NOT-FOR-US: Joomla!
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Ga ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform vir ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisc ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl)  ...)
	NOT-FOR-US: Help Center Live
CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp i ...)
	NOT-FOR-US: C-SAM oneWallet
CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin,  ...)
	NOT-FOR-US: AIX
CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...)
	NOT-FOR-US: AIX
CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows l ...)
	NOT-FOR-US: AIX
CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow re ...)
	NOT-FOR-US: VietPHP
CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote atta ...)
	NOT-FOR-US: Camera Life
CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow a ...)
	NOT-FOR-US: Camera Life
CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...)
	NOT-FOR-US: PHPNews
CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...)
	NOT-FOR-US: PhpHostBot
CVE-2007-4230
	NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows re ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ( ...)
	NOT-FOR-US: AIX
CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote  ...)
	NOT-FOR-US: Microsoft
CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...)
	NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote a ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address b ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an u ...)
	NOT-FOR-US: Microsoft Sysinternals DebugView
CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Wi ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6. ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as u ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) i ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.3 ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-4215
	RESERVED
CVE-2007-4214
	RESERVED
CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote at ...)
	NOT-FOR-US: Palm OS
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search Modu ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated use ...)
	- dovecot 1:1.0.3-2 (low)
	[etch] - dovecot <no-dsa> (minor issue)
	[sarge] - dovecot <no-dsa> (minor issue)
CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...)
	NOT-FOR-US: LANAI CMS
CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows  ...)
	NOT-FOR-US: Aceboard forum
CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio Manag ...)
	NOT-FOR-US: Next Gen Portfolio Manager
CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...)
	NOT-FOR-US: Gallery In A Box
CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets inc ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2 ...)
	NOT-FOR-US: BlueCat Networks Adonis
CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collabo ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration
CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attack ...)
	NOT-FOR-US: Mambo
CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly  ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 int ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted re ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sle ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL poin ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth K ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to  ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD R ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's in ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) al ...)
	NOT-FOR-US: Joomla!
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow)  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...)
	NOT-FOR-US: Joomla!
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the  ...)
	NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Joomla!
CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earli ...)
	NOT-FOR-US: paBugs
CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1 ...)
	NOT-FOR-US: WikiWebWeaver
CVE-2007-4181
	NOT-FOR-US: Pluck
CVE-2007-4180
	NOT-FOR-US: Pluck
CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HPUX
CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2 ...)
	NOT-FOR-US: Webdirector
CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...)
	NOT-FOR-US: Interact
CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...)
	NOT-FOR-US: EQDKP Plus
CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...)
	NOT-FOR-US: Openrat CMS
CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly re ...)
	- tor 0.1.2.16-1 (medium)
CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali  ...)
	NOT-FOR-US: Hunkaray Okul Portali
CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (O ...)
	NOT-FOR-US: Openwebmail
CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for au ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 al ...)
	NOT-FOR-US: AL-Athkar
CVE-2007-4169
	NOT-FOR-US: vgallite
CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in AL-Carica ...)
	NOT-FOR-US: AL-Caricatier
CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed t ...)
	NOT-FOR-US: Xu Yiyang
CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue Memo ...)
	- wordpress <not-affected> (Wordpress doesn't ship this theme)
CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java Syste ...)
	NOT-FOR-US: IndexScript
CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 befo ...)
	NOT-FOR-US: IndexScript
CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integr ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in  ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5 ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: PHPBlogger
CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote attack ...)
	NOT-FOR-US: wolioCMS
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	- vmware-package 0.16
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows r ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1 (low)
	NOTE: see issue 4690 and 4691 in wordpress trac
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ( ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX befo ...)
	NOT-FOR-US: Interspire ArticleLive NX
CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2 ...)
	NOT-FOR-US: WebEvent
CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX con ...)
	NOT-FOR-US: BlueSkychat
CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in sample-forms/simple-contac ...)
	NOT-FOR-US: MitriDAT eMail Form Processor Pro
CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote authe ...)
	NOT-FOR-US: Billing Control Panel in phpCoupon
CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server  ...)
	NOT-FOR-US: IBM Lotus Sametime Server
CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain se ...)
	NOT-FOR-US: OpenRat CMS
CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows use ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads edit ...)
	NOT-FOR-US: Temporary Uploads
CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...)
	- samba 3.0.26-1
	[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
	[sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech  ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
	- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ca ...)
	NOT-FOR-US: Conga
CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle re ...)
	- libnfsidmap 0.18-0 (low; bug #442935)
	NOTE: https://issues.rpath.com/browse/RPL-1731
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 a ...)
	- star 1.5a67-1.1 (bug #440100; low)
	[etch] - star <no-dsa> (Minor issue)
CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions i ...)
	{DSA-1504-1 DSA-1381-2}
	- linux-2.6 2.6.20-1
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 al ...)
	NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in  ...)
	{DSA-1438-1}
	- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RH ...)
	- linux-2.6 2.6.12-1 (low)
	NOTE: a fix is included in 2.6, see line 854 mempolicy.c
	NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git
	NOTE: which I can see and ships the fix
CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a sy ...)
	- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...)
	NOT-FOR-US: com_gmaps for Joomla!
CVE-2007-4127
	NOT-FOR-US: Ralf Image Gallery
CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2007-4124 (The session failover function in Cosminexus Component Container in Cos ...)
	NOT-FOR-US: Cosminexus
CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax  ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV)  ...)
	NOT-FOR-US: Hitachi Hierarchical Viewer
CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scr ...)
	NOT-FOR-US: E-Commerce Scripts Shopping Cart Script
CVE-2007-4120
	NOT-FOR-US: vBulletin
CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Zi ...)
	NOT-FOR-US: Defteri
CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php  ...)
	NOT-FOR-US: phpVoter
CVE-2007-4117
	NOT-FOR-US: phpVoter
CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography (s ...)
	NOT-FOR-US: Spectrum Cash Receipting System
CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
	- teamspeak-server 2.0.23.19-1 (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
	- tor 0.1.2.16-1
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum Por ...)
	NOT-FOR-US: Metyus Forum Portal
CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms)  ...)
	NOT-FOR-US: IT!CMS (itcms)
CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygula ...)
	NOT-FOR-US: SuskunDuygular Uyelik Sistemi
CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) be ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing Sys ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...)
	NOT-FOR-US: Real Estate listing website
CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / Threade ...)
	NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template
CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store  ...)
	NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template)
CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...)
	NOT-FOR-US: phpMyForum
CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Tim ...)
	NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface
CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...)
	NOT-FOR-US: Baidu Soba Search Bar
CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStat ...)
	NOT-FOR-US: WP-FeedStats plugin for WordPress
CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2. ...)
	- asterisk 1:1.4.9~dfsg-1
	[etch] - asterisk <not-affected> (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected)
	[sarge] - asterisk <not-affected> (1.0 not affected)
CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...)
	NOT-FOR-US: sBlog
CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 a ...)
	NOT-FOR-US: Madoa Poll
CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_in ...)
	- mldonkey 2.9.0-1 (bug #435439)
	[etch] - mldonkey <no-dsa> (Minor issue)
CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ne ...)
	- tor 0.1.2.15-1
CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from diff ...)
	- tor 0.1.2.15-1
CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for te ...)
	- tor 0.1.2.15-1
CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, a ...)
	- tor 0.1.2.15-1
CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows  ...)
	NOT-FOR-US: BSM Store Dependent Forums
CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ID ...)
	NOT-FOR-US: IDevSpot PhpHostBot
CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web r ...)
	NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and earl ...)
	NOT-FOR-US: iFoto
CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow  ...)
	{DSA-1360-1}
	- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain se ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enter ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow r ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskM ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php AlstraS ...)
	NOT-FOR-US: AlstraSoft Article Manager Pro
CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Fri ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS  ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Vide ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris Sites ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sit ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074 (The default configuration of Centre for Speech Technology Research (CS ...)
	- festival 1.96~beta-6 (bug #435445; low)
	[etch] - festival <no-dsa> (Minor issue)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a fri ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within HT ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in uploader/index. ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun S ...)
	- lbxproxy <removed>
CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ear ...)
	NOT-FOR-US: IndexScript
CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote at ...)
	NOT-FOR-US: Webyapar
CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav Ac ...)
	NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow con ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 a ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...)
	- drupal 4.7.7-1 (low)
	- drupal5 5.2-1 (low)
	[sarge] - drupal <not-affected> (Only Drupal 5.x is affected)
CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...)
	- drupal5 5.2-1 (low)
	NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vuln ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in Ness ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in  ...)
	NOT-FOR-US: corehttp
CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	- vmware-package 0.16
CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	- vmware-package 0.16
CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio  ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult Directo ...)
	NOT-FOR-US: Adult Directory
CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allo ...)
	NOT-FOR-US: SimpleBlog
CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...)
	NOT-FOR-US: PHP123 Top Sites
CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA 1. ...)
	NOT-FOR-US: LinPHA
CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in nuk ...)
	NOT-FOR-US: nukedit
CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag 1. ...)
	NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
	NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049
	REJECTED
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2. ...)
	{DTSA-58-1}
	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
	- phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685)
	[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
	NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) del ...)
	NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery (com_pony ...)
	NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other Linu ...)
	- cupsys 1.2
	- cups 1.2
	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
	REJECTED
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 al ...)
	NOT-FOR-US: Netscape Navigator
CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...)
	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
	- iceweasel 2.0.0.6-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5-1
CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and Outlo ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs  ...)
	- icedove <not-affected> (Windows-specific)
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, wh ...)
	{DSA-1338-1}
	- iceweasel 2.0.0.5-1
CVE-2007-4037
	NOT-FOR-US: Guidance Software
CVE-2007-4036
	NOT-FOR-US: Guidance Software
CVE-2007-4035
	NOT-FOR-US: Guidance Software
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Ins ...)
	NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/ ...)
	{DSA-1390-1}
	- t1lib 5.1.0-3 (bug #439927)
	NOTE: originally posted as a php vuln, actually in libt1
	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote  ...)
	NOT-FOR-US: CrystalPlayer
CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in Ness ...)
	NOT-FOR-US: Nessus ActiveX control
CVE-2007-4030
	RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows cont ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
	NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...)
	NOT-FOR-US: Areca
CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...)
	NOT-FOR-US: epesi
CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server  ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W ...)
	NOT-FOR-US: W1L3D4
CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in A ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/change ...)
	NOT-FOR-US: cPanel
CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Br ...)
	NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Ad ...)
	NOT-FOR-US: AdMan
CVE-2007-4019
	REJECTED
CVE-2007-5645
	REJECTED
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows at ...)
	NOT-FOR-US: Citrix
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based admin ...)
	NOT-FOR-US: Citrix
CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access Ga ...)
	NOT-FOR-US: Citrix
CVE-2007-4015
	REJECTED
CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php instal ...)
	NOT-FOR-US: Blix themes for WordPress
CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6La ...)
	NOT-FOR-US: Citrix
CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...)
	NOT-FOR-US: Cisco
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...)
	NOT-FOR-US: Cisco
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and disa ...)
	- php5 <not-affected> (Windows-specific issue)
CVE-2007-4009 (PHP remote file inclusion vulnerability in admin/business_inc/saveserv ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article Direct ...)
	NOT-FOR-US: Article Directory
CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unkno ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1 ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4002
	RESERVED
CVE-2007-4001
	RESERVED
CVE-2007-4000 (The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy. ...)
	- krb5 1.6.dfsg.1-7 (high)
	[etch] - krb5 <not-affected> (Vulnerable code not present)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in li ...)
	{DSA-1368-1 DSA-1367-1}
	- librpcsecgss 0.14-3
	- krb5 1.6.dfsg.1-7 (high)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, d ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	- php4 <removed> (low)
	NOTE: this applies to php4 as well
	NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
	NOTE: so maybe this is already fixed in 5.2.3, not sure
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: only exploitable by malicious script
CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: Debian's PHP packages are linked dynamically against libgd
	NOTE: see http://www.php.net/releases/5_2_4.php
CVE-2007-3995
	RESERVED
CVE-2007-3994
	RESERVED
CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...)
	NOT-FOR-US: Kerio MailServer
CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro  ...)
	NOT-FOR-US: iExpress Property Pro
CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp c ...)
	NOT-FOR-US: Asp cvmatik
CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System (VHCS ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, wh ...)
	NOT-FOR-US: ImageRacer
CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing Secu ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms cl ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics DDActiveRep ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ActiveRepor ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition al ...)
	NOT-FOR-US: WSN Links
CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameS ...)
	NOT-FOR-US: RCMS Pro RGameScript Pro
CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...)
	NOT-FOR-US: BlogSite Professional
CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to hi ...)
	NOT-FOR-US: bwired
CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote attac ...)
	NOT-FOR-US: bwired
CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote attac ...)
	NOT-FOR-US: bwired
CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1 ...)
	NOT-FOR-US: Elite Forum
CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...)
	NOT-FOR-US: JBlog
CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...)
	NOT-FOR-US: JBlog
CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a  ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote att ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote attac ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the  ...)
	NOT-FOR-US: dirLIST
CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...)
	NOT-FOR-US: dirLIST
CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ex ...)
	NOT-FOR-US: Munch Pro
CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...)
	NOT-FOR-US: uFMOD
CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote atta ...)
	NOT-FOR-US: Itaka
CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, an ...)
	NOT-FOR-US: UseBB
CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib b ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier  ...)
	NOT-FOR-US: Ipswitch Collaboration Suite (ICS)
CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attacker ...)
	NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value  ...)
	- teamspeak-server 2.0.23.19-1 (bug #435707)
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in Li ...)
	NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote attack ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters  ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections  ...)
	- lighttpd 1.4.16-1 (low; bug #434888)
CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #428368)
	[etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself)
CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attacke ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly u ...)
	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular Ex ...)
	NOT-FOR-US: MobileSafari
CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows r ...)
	NOT-FOR-US: Infinite Responder
CVE-2007-3942
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Ma ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...)
	NOT-FOR-US: MAXdev MDPro (MD-Pro)
CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allo ...)
	NOT-FOR-US: A-shop
CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0 ...)
	NOT-FOR-US: A-shopA-shop
CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the SupaNa ...)
	NOT-FOR-US: SupaNav
CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php i ...)
	NOT-FOR-US: BBS E-Market
CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and  ...)
	NOT-FOR-US: QuickEStore
CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component fo ...)
	NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation s ...)
	NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and DocuWi ...)
	NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...)
	NOT-FOR-US: Opera
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to c ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitc ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)
	- sun-java5 1.5.0-12-2
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files v ...)
	{DSA-1402-1}
	- gforge 4.6.99+svn6169-1
CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...)
	{DTSA-75-1}
	[etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version)
	[etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version)
	- gnome-screensaver 2.20.0-1.1
	- xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium)
CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local user ...)
	{DSA-1395-1}
	- xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044)
	- xen-3 3.1.2-1 (low)
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in GFor ...)
	{DSA-1383-1}
	- gforge 4.6.99+svn6094-1
CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before  ...)
	{DSA-1386-1}
	- wesnoth 1.2.7-1
CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
	- skktools 1.2+0.20061004-3 (low)
	[sarge] - skktools <no-dsa> (Minor issue)
	[etch] - skktools <no-dsa> (Minor issue)
CVE-2007-3915 (Mondo 2.24 has insecure handling of temporary files. ...)
	- mondo 2.24-2 (low)
CVE-2007-3914
	RESERVED
CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote attacke ...)
	{DSA-1369-1 DTSA-57-1}
	- gforge 4.6.99+svn6086-1
CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain  ...)
	{DSA-1527-1}
	- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka sche ...)
	NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows re ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remot ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Ent ...)
	NOT-FOR-US: HP ServiceGuard
CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...)
	NOT-FOR-US: LedgerSMB
CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point Fire ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote  ...)
	{DSA-1389-2 DSA-1389-1}
	- zoph 0.7.0.2-1 (bug #435711)
CVE-2007-3904
	REJECTED
CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in mshtml ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible  ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
	REJECTED
CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, a ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...)
	NOT-FOR-US: Outlook Express
CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft Wind ...)
	NOT-FOR-US: Windows
CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 throu ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3894
	REJECTED
CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through  ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to  ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows  ...)
	NOT-FOR-US: Windows Vista
CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, an ...)
	NOT-FOR-US: Microsoft
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...)
	NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...)
	NOT-FOR-US: Element CMS
CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in hu ...)
	NOT-FOR-US: husrevforum
CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0. ...)
	NOT-FOR-US: husrevforum
CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earl ...)
	NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows remo ...)
	NOT-FOR-US: Expert Advisor
CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture R ...)
	NOT-FOR-US: Pictures Rating
CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) Ne ...)
	NOT-FOR-US: Net Connect
CVE-2007-3879
	RESERVED
CVE-2007-3878
	RESERVED
CVE-2007-3877
	RESERVED
CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows lo ...)
	NOT-FOR-US: SMB (Apple Mac OS X)
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE s ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI En ...)
	NOT-FOR-US: SSAPI Engine
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service (OVT ...)
	NOT-FOR-US: HP OpenView
CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...)
	NOT-FOR-US: Stampit
CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow atta ...)
	- gftp 2.0.18-17 (unimportant; bug #437710)
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
	- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
	NOTE: IE browser bug are not treated as security issues in packages applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management c ...)
	NOT-FOR-US: Oracle
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship Mana ...)
	NOT-FOR-US: Oracle
CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSo ...)
	NOT-FOR-US: Oracle
CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10. ...)
	NOT-FOR-US: Oracle
CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server  ...)
	NOT-FOR-US: Oracle
CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10. ...)
	NOT-FOR-US: Oracle
CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application S ...)
	NOT-FOR-US: Oracle
CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly Orac ...)
	NOT-FOR-US: Oracle
CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component f ...)
	NOT-FOR-US: Oracle
CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for Orac ...)
	NOT-FOR-US: Oracle
CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...)
	NOT-FOR-US: Oracle
CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...)
	NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp ...)
	- sysstat <not-affected> (We have our own init script not prone to this vulnerability)
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used  ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on Pow ...)
	- linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES)
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intru ...)
	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send arbi ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Ap ...)
	- apache2 2.2.6-1 (bug #441845; low)
	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
	- apache <removed> (unimportant)
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used  ...)
	NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x be ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-27
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and  ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-26
CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable fo ...)
	{DSA-1363-1}
	- linux-2.6 2.6.23-1 (bug #446073)
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise F ...)
	NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux al ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
	NOT-FOR-US: Traffic Stats
CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC serve ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote attacker ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...)
	NOT-FOR-US: Ex Libris MetaLib
CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...)
	NOT-FOR-US: Ex Libris ALEPH
CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios T ...)
	NOT-FOR-US: Trillian
CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...)
	NOT-FOR-US: Trillian
CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5 ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player 2.60.1 ...)
	NOT-FOR-US: InterActual Player
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka " ...)
	NOTE: Unreproducible for upstream
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097
CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ale ...)
	NOT-FOR-US: CA Alert Notification Server
CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows r ...)
	NOT-FOR-US: MzK Blog
CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows rem ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7 ...)
	NOT-FOR-US: Webcit
CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11  ...)
	NOT-FOR-US: Webcit
CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in th ...)
	NOT-FOR-US: Opera
CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5 ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4 ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3816
	NOT-FOR-US: JWIG
CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike Sloveni ...)
	NOT-FOR-US: Poslovni informator Republike Slovenije
CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote  ...)
	NOT-FOR-US: MKPortal
CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the NoB ...)
	NOT-FOR-US: NoBoard BETA module for MKPortal
CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier  ...)
	NOT-FOR-US: CMScout
CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote attac ...)
	NOT-FOR-US: eSyndiCat
CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote  ...)
	NOT-FOR-US: Realtor 747
CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script al ...)
	NOT-FOR-US: Prozilla Directory Script
CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 all ...)
	NOT-FOR-US: paFileDB
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
	NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to c ...)
	{DSA-1578-1 DSA-1572-1 DTSA-61-1}
	- php5 5.2.4-1 (medium; bug #441433)
	- php4 <removed>
	[etch] - php5 <no-dsa> (requires malicious script)
	[etch] - php4 <no-dsa> (requires malicious script)
	[sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80. ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81 ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does n ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3802
	REJECTED
CVE-2007-3801
	REJECTED
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
	NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	NOTE: this does not affect default installs, only those who have written
	NOTE: custom session handlers (which isn't *that* uncommon though), and
	NOTE: also may not work if other cookie values are set.
	NOTE: fix sneaked into php 5.2.3 sans-mention:
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
	- php4 <removed> (low)
	- php5 5.2.4-1 (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6  ...)
	{DSA-1353-1}
	- tcpdump 3.9.5-3 (bug #434030)
CVE-2007-3797
	RESERVED
CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for M ...)
	NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP
CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P,  ...)
	NOT-FOR-US: Hitachi
CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit fo ...)
	NOT-FOR-US: Hitachi
CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/N ...)
	NOT-FOR-US: Job Management Partner
CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...)
	NOT-FOR-US: AzDG Dating Gold
CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha a ...)
	{DSA-1361-1}
	- postfix-policyd 1.80-2.2 (bug #435735)
CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ...)
	- php5 <not-affected> (com_print_typeinfo is a windows only func)
	- php4 <not-affected> (com_print_typeinfo is a windows only func)
CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...)
	NOT-FOR-US: Inmostore
CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within th ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old p ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3786
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: EldoS SecureBlackbox
CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F ...)
	NOT-FOR-US: Belkin
CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...)
	NOT-FOR-US: enVivo!CMS
CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality was introduced in 5.0)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality was introduced in 5.0)
CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such  ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-1
	[etch] - mysql-dfsg-5.0 <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause  ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.44
	[sarge] - mysql-dfsg <not-affected> (Introduced with SSL support in 4.1)
CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PG ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelma ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edit ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and  ...)
	NOT-FOR-US: Cisco
CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...)
	NOT-FOR-US: Cisco
CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with i ...)
	NOT-FOR-US: Dvbbs
CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template  ...)
	NOT-FOR-US: Generic YouTube Clone Script
CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 allow ...)
	NOT-FOR-US: PsNews
CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect featur ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce Te ...)
	{DSA-1393-1}
	- xfce4-terminal 0.2.6-3 (bug #437454)
CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server manage ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FT ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3767
	RESERVED
CVE-2007-3766
	RESERVED
CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW be ...)
	- asterisk 1:1.4.8~dfsg-1 (bug #433681)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-017.htm
CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and  ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-016.htm
CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4. ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-015.htm
CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in  ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1 (high)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-014.htm
CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to  ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...)
	NOT-FOR-US: Safari
CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...)
	NOT-FOR-US: Safari
CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, do ...)
	NOT-FOR-US: Safari
CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to  ...)
	NOT-FOR-US: Safari
CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to fo ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user whe ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximat ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote at ...)
	NOT-FOR-US: iTunes
CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime bef ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the c ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized  ...)
	NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 c ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device St ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 Bet ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1 ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp  ...)
	- gimp 2.2.17-1 (unimportant)
	NOTE: Only DoS by memleaks or double-frees, not treated as security problems
CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix exten ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22
CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.20-1
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
	{DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (medium)
	- xulrunner 1.8.1.5-1 (medium)
	- iceweasel 2.0.0.5-1 (medium)
	NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbi ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	- iceweasel 2.0.0.5-1 (high)
	NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (low)
	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (high; bug #444010)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3733
	RESERVED
CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...)
	- linux-2.6 2.6.23-1
	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and S ...)
	- silc-toolkit 1.1.2-1
	[etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected)
	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have unkno ...)
	NOT-FOR-US: WebMatic
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in unr ...)
	- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
	- rar 1:3.7b1-1 (low; bug #437704)
	[etch] - rar <not-affected> (Vulnerable code was fixed already)
	[sarge] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows u ...)
	{DSA-1340-1 DTSA-43-1}
	- clamav 0.91-1
	[sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of t ...)
	NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling b ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to "i ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling base ...)
	- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to " ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: This is the existing default behaviour of the scheduler, can be tuned
	NOTE: to suit individual needs
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in Appl ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 bef ...)
	- sun-java6 6-02-1 (medium)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 befo ...)
	NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 a ...)
	NOT-FOR-US: Ada Image Server
CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...)
	{DSA-1433-1 DTSA-55-1}
	- centericq 4.22.1-2.1 (bug #438511; medium)
	- centerim 4.22.1-2.1 (medium)
CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ...)
	NOT-FOR-US: HiddenChest
CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x  ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3710 (PHP remote file inclusion vulnerability in example/gamedemo/inc.functi ...)
	NOT-FOR-US: PHP Comet-Server
CVE-2007-3709 (CRLF injection vulnerability in the redirect function in url_helper.ph ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 2 ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 be ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 al ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3702 (Directory traversal vulnerability in the load function in cgi-bin/mail ...)
	NOT-FOR-US: Mail Machine
CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a hex-encode ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server)  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote a ...)
	NOT-FOR-US: Symantec
CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1  ...)
	- sun-java5 1.5.0-12-1
	- sun-java6 6-02-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashB ...)
	NOT-FOR-US: FlashBB
CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model Validator ...)
	NOT-FOR-US: CA ERwin Data Model Validator
CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly A ...)
	NOT-FOR-US: CA ERwin
CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project  ...)
	NOT-FOR-US: Broadcast Machine
CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...)
	NOT-FOR-US: gobi
CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI Do ...)
	NOT-FOR-US: EZFactory KDDI Download CGI
CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial  ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal al ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allo ...)
	NOT-FOR-US: Print module for Drupal
CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...)
	NOT-FOR-US: Inferno Technologies
CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Aja ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earl ...)
	NOT-FOR-US: Aigaion
CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier a ...)
	NOT-FOR-US: OpenLD
CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in Wi ...)
	NOT-FOR-US: WinPcap
CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm i ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or ...)
	NOT-FOR-US: Citrix
CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word  ...)
	NOT-FOR-US: QuarkXPress
CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow r ...)
	NOT-FOR-US: Maxsi eVisit Analyst
CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on Su ...)
	- sendmail <not-affected> (Concerns only ancient sendmail V5)
CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan A ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
	RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotCle ...)
	NOT-FOR-US: DotClear
CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when  ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
	NOTE: MFSA2007-23
CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP Inn ...)
	NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVD ...)
	NOT-FOR-US: NMSDVDXLib
CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport  ...)
	NOT-FOR-US: ActiveReportsExcelReport
CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 all ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Nor ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService Act ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attacke ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DL ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows  ...)
	NOT-FOR-US: Nonnoi
CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allo ...)
	NOT-FOR-US: FreeWRL
CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-3657
	NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not pe ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-24
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
	- sun-java5 1.5.0-12-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2 ...)
	NOT-FOR-US: NetBSD
CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (a ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka FaS ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive i ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly oth ...)
	NOT-FOR-US: WebMatic
CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and  ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ea ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges whe ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c i ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-2
CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not  ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent at ...)
	NOT-FOR-US: Adobe Apollo
CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers  ...)
	NOT-FOR-US: MKPortal
CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before  ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelma ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat  ...)
	NOT-FOR-US: Chilkat Software
CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka  ...)
	NOTE: Moodle contains a copy of the files, but not the string
	NOTE: "homedir", so it is not affected.
CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 a ...)
	NOT-FOR-US: GameSiteScript
CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require a ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allo ...)
	NOT-FOR-US: Levent Veysi Portal
CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR St ...)
	NOT-FOR-US: Structures-DataGrid-DataSource-MDB2
CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...)
	NOT-FOR-US: Hitachi
CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients f ...)
	NOT-FOR-US: Citrix
CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message S ...)
	NOT-FOR-US: SAP
CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand  ...)
	NOT-FOR-US: Hitachi
CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon b ...)
	NOT-FOR-US: MDaemon
CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3 ...)
	NOT-FOR-US: AsteriDex
CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 a ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service (nsre ...)
	NOT-FOR-US: EMC Software NetWorker
CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply s ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB We ...)
	NOT-FOR-US: SAP DB Web Server
CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Inte ...)
	NOT-FOR-US: SAP
CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...)
	NOT-FOR-US: Visual IRC
CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not r ...)
	NOT-FOR-US: VRNews
CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 all ...)
	NOT-FOR-US: phpVID
CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating Softw ...)
	NOT-FOR-US: eMeeting
CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...)
	NOT-FOR-US: SAP
CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...)
	NOT-FOR-US: SAP
CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX cont ...)
	NOT-FOR-US: SAP
CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX cont ...)
	NOT-FOR-US: SAP
CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access  ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3603 (SQL injection vulnerability in the dashboard (include/utils/SearchUtil ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that au ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote  ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import an ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows re ...)
	NOT-FOR-US: Zen Cart
CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
	NOT-FOR-US: phpVideoPro
CVE-2007-3595
	REJECTED
CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet Manag ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ne ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticat ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board befor ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB  ...)
	NOT-FOR-US: b1gBB
CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote at ...)
	NOT-FOR-US: b1gbb
CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote  ...)
	NOT-FOR-US: VBZooM
CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...)
	NOT-FOR-US: MyCMS
CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 a ...)
	NOT-FOR-US: MyCMS
CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 an ...)
	NOT-FOR-US: MyCMS
CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earl ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 an ...)
	NOT-FOR-US: Girlserv ads
CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event Calend ...)
	NOT-FOR-US: SuperCali PHP Event Calendar
CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which m ...)
	NOT-FOR-US: Jedox
CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as d ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text prop ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic express ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr meth ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3576
	NOT-FOR-US: Microsoft
CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr  ...)
	NOT-FOR-US: FreeDomain.co.nr Clone
CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on th ...)
	NOT-FOR-US: Linksys
CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote atta ...)
	NOT-FOR-US: AkoComment
CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in th ...)
	NOT-FOR-US: Yoggie
CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allo ...)
	NOT-FOR-US: Novell
CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Relea ...)
	NOT-FOR-US: Novell
CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library  ...)
	NOT-FOR-US: Oliver Library Management System
CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows context-depen ...)
	- imlib 1.9.15-3 (bug #437708; low)
	[sarge] - imlib <no-dsa> (Minor issue, just a crash)
	[etch] - imlib <no-dsa> (Minor issue, just a crash)
CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in  ...)
	NOT-FOR-US: MysqlDumper
CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in  ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-3565
	RESERVED
CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does no ...)
	{DSA-1333-1}
	- curl 7.16.4-1 (low)
CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1 ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ear ...)
	NOT-FOR-US: PHP Director
CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...)
	NOT-FOR-US: Efendy Blog
CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have u ...)
	NOT-FOR-US: Esqlanelapse
CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/s ...)
	NOT-FOR-US: PHP-Fusion
CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1,  ...)
	NOT-FOR-US: Wheatblog
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1  ...)
	{DSA-1691-1}
	- moodle 1.8.2-1 (low; bug #432264)
CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control  ...)
	NOT-FOR-US: HP
CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server i ...)
	NOT-FOR-US: Oracle
CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...)
	NOT-FOR-US: bbs100
CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause  ...)
	NOT-FOR-US: bbs100
CVE-2007-3550
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allo ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...)
	NOT-FOR-US: W3Filer
CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket  ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus  ...)
	NOT-FOR-US: Nessus Windows GUI
CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remot ...)
	NOT-FOR-US: Warzone
CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.p ...)
	- wordpress 2.2.2-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and W ...)
	- wordpress 2.2.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...)
	NOT-FOR-US: Pluxml
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...)
	NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...)
	NOT-FOR-US: rwAuction
CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:200706 ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...)
	NOT-FOR-US: QuickTalk
CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX cont ...)
	NOT-FOR-US: AMX NetLinx VNC
CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...)
	NOT-FOR-US: WebChat
CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attacker ...)
	NOT-FOR-US: 3Com
CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14. ...)
	- nvidia-kernel-common 20051028+1-0.1 (bug #434398; low)
	[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
	[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
	- nvclock 0.8b-1 (low)
CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and passwor ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to  ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptogra ...)
	- dar 2.3.3-1 (low; bug #425335)
	[etch] - dar <no-dsa> (Minor issue)
	[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users t ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier a ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to obta ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website Man ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in  ...)
	NOT-FOR-US: XCMS
CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 all ...)
	NOT-FOR-US: sPHPell
CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 a ...)
	NOT-FOR-US: ArcadeBuilder Game Portal Manager
CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...)
	NOT-FOR-US: Easybe
CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0. ...)
	NOT-FOR-US: phpEventCalendar
CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script  ...)
	NOT-FOR-US: HispaH YouTube Clone Script
CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...)
	NOT-FOR-US: Claroline
CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Go ...)
	NOT-FOR-US: Gorki Online Santrac Sitesi
CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 a ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote at ...)
	NOT-FOR-US: SAP SAPLPD
CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for edit ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for "con ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege requi ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-1858
CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-1708
CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop proces ...)
	NOT-FOR-US: Intel processor
CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information unde ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in m ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3 ...)
	- ezpublish <removed>
CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5,  ...)
	- ezpublish <removed>
CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's rea ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 befor ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through 3. ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissio ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and crea ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password att ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-530
	NOTE: http://issues.apache.org/jira/browse/DERBY-559
CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which al ...)
	- matrixssl 1.1-1
CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely l ...)
	- matrixssl 1.1-1
CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without  ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kerne ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3
	NOTE: in Linus' tree.
CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows  ...)
	NOT-FOR-US: Lhaca
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (bug #438873; low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-32
CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 F ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exe ...)
	NOT-FOR-US: Symantec
CVE-2007-3508
	- glibc 2.6-2 (unimportant; bug #431858)
	NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
	- flac123 0.0.11-1 (low; bug #432008)
	[etch] - flac123 <no-dsa> (Minor issue)
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
	- freetype 2.3.4 (bug #432013)
	[sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[lenny] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 al ...)
	NOT-FOR-US: QuickTalk forum
CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun Jav ...)
	- sun-java5 <not-affected>
	NOTE: Sun Alert ID 102957 says issue is Windows only
CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML  ...)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java5 1.5.0-12-1
	[etch] - sun-java6 <no-dsa> (non-free)
	- sun-java6 6-01-1 (bug #432006)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration syste ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a modifie ...)
	NOT-FOR-US: Xeweb XEForum
CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as eviden ...)
	NOT-FOR-US: SlackRoll
CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php  ...)
	NOT-FOR-US: HTML Purifier
CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD ...)
	NOT-FOR-US: SAP Web Dynpro Java
CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP Interne ...)
	NOT-FOR-US: SAP Internet Communication Framework
CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges w ...)
	NOT-FOR-US: Papoo CMS
CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTA ...)
	NOT-FOR-US: NCTAudioStudio
CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a denia ...)
	NOT-FOR-US: Conti FtpServer
CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0 ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote at ...)
	NOT-FOR-US: Microsoft Excel 2003 SP2
CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in th ...)
	NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony Netwo ...)
	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0 ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine al ...)
	NOT-FOR-US: AltaVista
CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server a ...)
	NOT-FOR-US: Yandex.Server
CVE-2007-3484
	NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a  ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3481
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows us ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in th ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is a crash, and does not seem to be attacker controlled.
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: CPU consumption DoS
CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted rem ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: out-of-band memory read, does not appear attacker controlled.
CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD Graph ...)
	NOTE: appears to be prophylactic dup of CVE-2007-3476.
CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) befor ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash (same as CVE-2007-3472)
CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash.
CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) Sess ...)
	NOT-FOR-US: Sun Solaris dtsession
CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attac ...)
	{DSA-1332-1}
	- vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN V ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (bug #429726)
CVE-2007-3466
	RESERVED
CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3463
	NOT-FOR-US: Microsoft Windows XP SP2
CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point SofaWar ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in EV ...)
	NOT-FOR-US: EVA-Web
CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vect ...)
	NOT-FOR-US: Civitech Avax Vector
CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris libsldap
CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP  ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allo ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote atta ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and owne ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET,  ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semap ...)
	{DSA-1529-1}
	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
	- firebird2 1.5.3.4870-4 (low; bug #362001)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
	[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion B ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corpora ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Tre ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
	NOT-FOR-US: Papoo
CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...)
	NOT-FOR-US: eDocStore
CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog  ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopp ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier a ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" an ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mo ...)
	NOT-FOR-US: SJphone
CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows r ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does  ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270  ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with firmwar ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC Clie ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain Acti ...)
	NOT-FOR-US: BarCodeAx.dll
CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...)
	NOT-FOR-US: Pluxml
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...)
	NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...)
	NOT-FOR-US: e107
CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earl ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1 ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 an ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.or ...)
	NOT-FOR-US: WebAPP
CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...)
	NOT-FOR-US: WebAPP
CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP b ...)
	NOT-FOR-US: WebAPP
CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...)
	NOT-FOR-US: WebAPP
CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in c ...)
	NOT-FOR-US: WebAPP
CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org We ...)
	NOT-FOR-US: WebAPP
CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-ap ...)
	NOT-FOR-US: WebAPP
CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib ...)
	NOT-FOR-US: WebAPP
CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: WebAPP
CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...)
	NOT-FOR-US: phpRaider
CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5  ...)
	NOT-FOR-US: access2asp
CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.5 ...)
	NOT-FOR-US: bosDataGrid
CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGal ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server 5 ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue  ...)
	- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause  ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspe ...)
	- dia <not-affected> (Windows packaging with bundled FreeType libs)
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ob ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp  ...)
	NOT-FOR-US: Lebisoft zdefter
CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3. ...)
	NOT-FOR-US: SiteDepth CMS
CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka  ...)
	NOT-FOR-US: dreamLog
CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows remot ...)
	NOT-FOR-US: pagetool
CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
	NOT-FOR-US: B1GBB
CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as d ...)
	NOT-FOR-US: NCTAudioEditor2 ActiveX control
CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power Phlog ...)
	NOT-FOR-US: Power Phlogger
CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service (hang ...)
	NOT-FOR-US: LiveWEB
CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before 6.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...)
	NOT-FOR-US: KeyFocus
CVE-2007-3395
	REJECTED
CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote a ...)
	NOT-FOR-US: eNdonesia
CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdata ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-6
	- qt4-x11 <not-affected> (This problem is not present in any version of Qt 4)
	NOTE: http://web.archive.org/web/20080206133848/http://trolltech.com:80/company/newsroom/announcements/press.2007-07-27.7503755960
CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in x ...)
	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
	- poppler 0.5.4-6.1 (bug #435460)
	- gpdf <removed>
	- xpdf 3.02-1.1 (bug #435462)
	- kdegraphics 4:3.5.7-3
	- koffice 1:1.6.3-2
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (unimportant; bug #436099)
	- cups <not-affected> (unimportant; bug #436099)
	NOTE: cups uses xpdf-utils
	- pdfkit.framework 0.8-4
	NOTE: links to poppler since 0.8-4, thus marking as fixed
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- ipe <not-affected> (Does not include the vulnerable code)
	- swftools 0.9.2+ds1-2
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet f ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-1
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servle ...)
	NOT-FOR-US: tomcat 3.3
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the exa ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
	NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x b ...)
	- gdm 2.18.4-1 (low)
	[sarge] - gdm <no-dsa> (Minor issue)
	[etch] - gdm <no-dsa> (Minor issue)
CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ke ...)
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (R ...)
	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...)
	- php4 <removed> (unimportant)
	- php5 5.2.4-1 (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predic ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-as ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows  ...)
	NOT-FOR-US: Lhaca
CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluste ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA bef ...)
	NOT-FOR-US: phpTrafficA
CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam va ...)
	NOT-FOR-US: phpBB component com_forum
CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba 2.2 ...)
	- samba <not-affected> (Vulnerable version not in any suite)
CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the  ...)
	- mysql-dfsg-5.0 <not-affected> (Newer versions in all suites apart oldstable)
	NOTE: oldstable is affected, everything else uses libmysqlclient15
CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain sys ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service  ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99. ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a de ...)
	{DSA-1690-1}
	- avahi 0.6.20-2 (low)
	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in plugins/widgets/htmledit/ht ...)
	NOT-FOR-US: Powl
CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.0 ...)
	NOT-FOR-US: Sun Board
CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootRO ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SI ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...)
	NOT-FOR-US: cPanel
CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwr ...)
	NOT-FOR-US: cPanel
CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase characte ...)
	NOT-FOR-US: MyServer
CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sam ...)
	NOT-FOR-US: MyServer
CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 al ...)
	NOT-FOR-US: AGEphone
CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC Hy ...)
	NOT-FOR-US: AGEphone
CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remot ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitr ...)
	- ircii-pana <removed> (medium; bug #432120)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120
CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...)
	NOT-FOR-US: SerWeb
CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in SerWe ...)
	NOT-FOR-US: SerWeb
CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored  ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain sensi ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds  ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3353
	NOT-FOR-US: MyEvent
CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in Stephe ...)
	NOT-FOR-US: Stephen Ostermiller Contact Form
CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim  ...)
	NOT-FOR-US: SJPhone SIP
CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...)
	NOT-FOR-US: AIM
CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1 ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a de ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are  ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 allo ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01 ...)
	NOT-FOR-US: netjukebox
CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14  ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (M ...)
	NOT-FOR-US: Movable Type
CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft Inter ...)
	NOT-FOR-US: Microsoft
CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ca ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in forum/include/e ...)
	NOT-FOR-US: ColdFusion
CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 9 ...)
	NOT-FOR-US: Ingres
CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...)
	NOT-FOR-US: Ingres
CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server ...)
	NOT-FOR-US: Ingres
CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho C ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server  ...)
	NOT-FOR-US: Ingres
CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 al ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for P ...)
	NOT-FOR-US: Satel Lite for PhpNuke
CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO  ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 all ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) get_inter_ ...)
	NOT-FOR-US: Xvid
CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 be ...)
	NOT-FOR-US: Interact
CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sens ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow  ...)
	NOT-FOR-US: vBulletin
CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN Man ...)
	NOT-FOR-US: LAN Management System
CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7 ...)
	NOT-FOR-US: Comersus Cart
CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in Comer ...)
	NOT-FOR-US: Comersus Shop Cart
CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote atta ...)
	NOT-FOR-US: AGEphone
CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4168
	REJECTED
CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP  ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP  ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access C ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC Medi ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (medium; bug #429726)
CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant Salamande ...)
	NOT-FOR-US: Altap Servant Salamander
CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in Jasmi ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and earl ...)
	NOT-FOR-US: Articles
CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...)
	NOT-FOR-US: TDizin
CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ins ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1. ...)
	NOT-FOR-US: Solar Empire
CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in  ...)
	NOT-FOR-US: MiniBill
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1 ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, al ...)
	- apache <removed> (low)
	- apache2 2.2.4-2 (low)
	[etch] - apache2 2.2.3-4+etch2
	[sarge] - apache2 2.0.54-5sarge2 (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...)
	- apache2 <unfixed> (unimportant)
	NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3. ...)
	NOT-FOR-US: CA
CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in Fu ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux  ...)
	NOT-FOR-US: F-Secure
CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
	- awffull 3.7.4final-1 (unimportant)
	NOTE: awffull (a webalizer fork) does not have any cookie based authentication
	NOTE: or other sensitive data that could be leaked through this
CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote attacke ...)
	NOT-FOR-US: Spey
CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
	NOT-FOR-US: Musoo
CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbo ...)
	NOT-FOR-US: Web Thunderbolt
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
	NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension fo ...)
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlie ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allo ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier al ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...)
	NOT-FOR-US: WiwiMod for XOOPS
CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automa ...)
	NOT-FOR-US: skeltoac stats plugin for WordPress
CVE-2007-3287
	RESERVED
CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM objec ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote att ...)
	- iceweasel <not-affected> (Affects only Firefox in Windows)
	NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root i ...)
	- xscreensaver <not-affected> (Not a security issue: works as documented)
CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX o ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting B ...)
	NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements functi ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust authentic ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
	- postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for WI ...)
	NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ( ...)
	NOT-FOR-US: Site
CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active Director ...)
	NOT-FOR-US: MailWasher Server
CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows  ...)
	NOT-FOR-US: MiniBB
CVE-2007-3271 (PHP remote file inclusion vulnerability in templates/2blue/bodyTemplat ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in  ...)
	NOT-FOR-US: phpMyInventory
CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...)
	NOT-FOR-US: Papoo Light
CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS Depl ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows r ...)
	NOT-FOR-US: WEBIF
CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in I ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM We ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM We ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php  ...)
	NOT-FOR-US: dKret
CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used  ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: Calendarix
CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to obt ...)
	NOT-FOR-US: Calendarix
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
	{DSA-1325-1 DSA-1321-1}
	- evolution 2.12.0-1
	- evolution-data-server 1.10.2-2 (bug #429876)
	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and p ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos E ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterpri ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG)  ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: PortalApp
CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and  ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before 200 ...)
	NOT-FOR-US: Elxis CMS
CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...)
	NOT-FOR-US: Letterman Subscriber
CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote  ...)
	NOT-FOR-US: VirtueMart
CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack  ...)
	NOT-FOR-US: Spey
CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows attacke ...)
	NOT-FOR-US: Spey
CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
	NOT-FOR-US: IRC Services
CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote atta ...)
	NOT-FOR-US: IRC Services
CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...)
	NOT-FOR-US: bbPress
CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0. ...)
	NOT-FOR-US: bbPress
CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9. ...)
	NOT-FOR-US: WebAPP
CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the cordob ...)
	NOT-FOR-US: cordobo-green-park theme for WordPress
CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Li ...)
	NOT-FOR-US: Vistered-Little theme for WordPress
CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the Andy ...)
	NOT-FOR-US: AndyBlue theme for WordPress
CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the defau ...)
	{DSA-1502-1}
	- wordpress 2.2.2-1 (low)
CVE-2007-3237 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...)
	NOT-FOR-US: XOOPS
CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...)
	NOT-FOR-US: XOOPS
CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows r ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 all ...)
	NOT-FOR-US: TEC-IT
CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password fo ...)
	NOT-FOR-US: IBM
CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack vec ...)
	- mecab 0.95-1.1 (bug #429174; low)
	[etch] - mecab <no-dsa> (Minor issue)
	[sarge] - mecab <no-dsa> (Minor issue)
CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer P ...)
	NOT-FOR-US: PHP::HTML
CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Singapore Gallery
CVE-2007-3228 (PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/ ...)
	NOT-FOR-US: Sitellite CMS
CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...)
	- rails 1.2.5-1 (bug #429177)
CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2  ...)
	NOT-FOR-US: dotProject
CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd)  ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server (sla ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before 2 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...)
	NOT-FOR-US: XOOPS
CVE-2007-3221 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...)
	NOT-FOR-US: XOOPS
CVE-2007-3220 (PHP remote file inclusion vulnerability in admin/editor2/spaw_control. ...)
	NOT-FOR-US: XOOPS
CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in Invis ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an  ...)
	NOT-FOR-US: Prototype of an PHP application
CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer As ...)
	NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote attacker ...)
	{DSA-1315-1}
	- libphp-phpmailer 1.73-4 (high; bug #429179)
	- flyspray 0.9.8-12 (bug #429191; bug #429195)
	[etch] - flyspray <not-affected> (Vulnerable code not)
	[sarge] - flyspray <not-affected> (Vulnerable code not included)
	- moodle 1.8.2-2 (bug #429190)
	- owl-dms 0.94-2 (bug #429197)
	- knowledgeroot 0.9.8.2-2 (bug #429196)
	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
	[etch] - owl-dms <not-affected> (Vulnerable code not used)
	- ipplan 4.85-2 (bug #429193)
	- glpi 0.68.3.2-1 (bug #429192)
	[etch] - glpi <not-affected> (Vulnerable code not used)
	- wordpress 2.2.1-1 (bug #429194)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	- mahara 1.0.5-2 (bug #504253)
	[lenny] - mahara 1.0.4-3
	[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
	- phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255)
	- egroupware <not-affected> (bug #504283; Vulnerable code not used)
CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earl ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
	NOT-FOR-US: Sporum Forum
CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in Be ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain Technolo ...)
	NOT-FOR-US: Domain Technologie Control (DTC)
CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Obj ...)
	NOT-FOR-US: Cellosoft Tokens Object
CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
	- mail-notification 4.0.dfsg.1-2 (low; bug #428157)
	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1  ...)
	NOT-FOR-US: YaBB
CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6 ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-3206
	RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin,  ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: That's by design
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network Manage ...)
	NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
	NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602P ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in We ...)
	NOT-FOR-US: Webwiz
CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0  ...)
	NOT-FOR-US: Windows Privacy Tray (WinPT)
CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ear ...)
	NOT-FOR-US: Novell
CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form 3. ...)
	NOT-FOR-US: Link Request Contact Form
CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP  ...)
	NOT-FOR-US: Maran PHP Blog
CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1 ...)
	NOT-FOR-US: vBulletin
CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated Ti ...)
	NOT-FOR-US: VBulletin
CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1. ...)
	NOT-FOR-US: ERFAN WIKI
CVE-2007-3194
	NOT-FOR-US: myBloggie
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configurati ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8 ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4 (medium)
	NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include
	NOTE: a note about the CVE id.
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote at ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun Net ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun N ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
	NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
	NOT-FOR-US: Apple
CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote attacker ...)
	NOT-FOR-US: Apple
CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, all ...)
	NOT-FOR-US: Cisco
CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, whe ...)
	NOT-FOR-US: Calendarix
CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7. ...)
	NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows  ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (medium)
	NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
	NOTE: in the pool to check and since this version is in testing and unstable...
CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows  ...)
	NOT-FOR-US: HP
CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle Blo ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1 ...)
	NOT-FOR-US: Sistemi
CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to b ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before 4.5. ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow rem ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Ban ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an  ...)
	NOT-FOR-US: Almnzm
CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau W ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmai ...)
	NOT-FOR-US: Uebimiau
CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office Viewe ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component (edrawo ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...)
	NOT-FOR-US: Vivotek
CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remot ...)
	NOT-FOR-US: Qualcomm Eudora
CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is  ...)
	- tor 0.1.2.14-1 (medium)
CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentic ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico Cal ...)
	- moin 1.5.8-4.1 (unimportant; bug #429205)
	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
	- karrigell <removed> (unimportant; bug #429207)
	NOTE: This is only exploitable on NTFS filesystems
	NOTE: Given the state of Linux' NTFS support it seems highly unlikely
	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
	NOTE: web server with NTFS
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX contro ...)
	NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote F ...)
	NOT-FOR-US: Ace-FTP Client
CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP Rea ...)
	NOT-FOR-US: PHP Real Estate Classifieds Premium Plus
CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...)
	NOT-FOR-US: MiniWeb
CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to r ...)
	NOT-FOR-US: ASP Folder Gallery
CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12 ...)
	NOT-FOR-US: SafeNET
CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi i ...)
	- webmin <removed>
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown i ...)
	- egroupware 1.2.107-2.dfsg-1 (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltip ...)
	NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware
	NOTE: of any security problem, see #429215, #429209, #429214, #429213
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other tha ...)
	NOT-FOR-US: c-ares
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number gene ...)
	NOT-FOR-US: c-ares
CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper 7 ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute arbitr ...)
	NOT-FOR-US: Google Desktop
CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check  ...)
	- sudo <not-affected> (Not linked with krb5)
CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr. ...)
	NOT-FOR-US: Yahoo! Webcam Viewer
CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl. ...)
	NOT-FOR-US: Yahoo! Webcam Upload
CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Zen Help Desk
CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote attacker ...)
	- galeon <removed> (unimportant; bug #429216)
	NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
	NOTE: phishing protections anyway
CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote attack ...)
	NOTE: Minor issue, exact details unknown to upstream
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote attac ...)
	- kdebase 4:3.5.7-3 (low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3
CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...)
	NOT-FOR-US: phpWebThings
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...)
	- wordpress 2.2.1-1 (bug #428073)
	[etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default userna ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution Quick. ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in W ...)
	NOT-FOR-US: WmsCMS
CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in new ...)
	NOT-FOR-US: newsSync
CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom  ...)
	NOT-FOR-US: Atom Photoblog
CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.p ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 all ...)
	NOT-FOR-US: W1L3D4
CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ea ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light B ...)
	NOT-FOR-US: Light Blog
CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (fo ...)
	NOT-FOR-US: OpenWiki
CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and  ...)
	NOT-FOR-US: Sun Java on Microsoft Windows
CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a den ...)
	NOT-FOR-US: Microsoft
CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a deni ...)
	NOT-FOR-US: Microsoft
CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a de ...)
	NOT-FOR-US: Microsoft
CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News P ...)
	NOT-FOR-US: Utopia News Pro
CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when magic ...)
	NOT-FOR-US: WSPortal
CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
	NOT-FOR-US: WSPortal
CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a denia ...)
	- gimp 2.8.22-1 (unimportant; bug #885382)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=773233
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=46bcd82800e37b0f5aead76184430ef2fe802748 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7 (gimp-2-8)
CVE-2007-3125
	REJECTED
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in  ...)
	NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 a ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 all ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the z ...)
	- zvbi 0.2.25-1 (bug #429221; unimportant)
	NOTE: Only exploitable through malformed closed captions
	NOTE: Malicious TV networks have more subtle methods to control people...
CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php i ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (a ...)
	NOT-FOR-US: Kartli Alisveris Sistemi
CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter  ...)
	NOT-FOR-US: Kravchuk letter
CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...)
	NOT-FOR-US: ADPLAN
CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...)
	{DSA-1319-1}
	- maradns 1.2.12.05-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3112 (graph_image.php in Cacti 0.8.6i, and possibly other versions, allows r ...)
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ISSCamCont ...)
	NOT-FOR-US: Provideo Camimage
CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...)
	NOT-FOR-US: Andy Frank Beatnik
CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage all ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9. ...)
	{DSA-1571-1}
	- openssl 0.9.8e-6 (bug #438142; low)
	- openssl097 <removed> (bug #438180)
	[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
	[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including 2.6.2 ...)
	- linux-2.6 2.6.22-1 (unimportant)
	NOTE: Not reproducibly reliably by an attacker, mostly a bug
	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
	NOTE: in Linus' tree.
CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2. ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) imple ...)
	{DSA-1504-1 DSA-1363-1}
	- linux-2.6 2.6.22-4
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...)
	{DSA-1428-1}
	- linux-2.6 2.6.22-4 (low)
CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux d ...)
	{DSA-1342-1}
	- xfs 1:1.0.8-2.1 (low)
	NOTE: i've checked 1.0.8, and this problem is no longer present
CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in  ...)
	- openssh <not-affected> (This is a redhat/fedora specific issue)
	NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch)
	NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on:
	NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF app ...)
	NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-8 ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before  ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc b ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16 ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and  ...)
	NOT-FOR-US: Symantec Reporting Server
CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris M ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris Manageme ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...)
	NOT-FOR-US: MSIE6
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090
	REJECTED
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write  ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (low; bug #427691)
	- iceape 1.1.3-1 (low)
	- xulrunner 1.8.1.5-1 (low)
	NOTE: MFSA2007-20
CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote a ...)
	NOT-FOR-US: Comicsense
CVE-2007-3087 (Peercast places a cleartext password in a query string, which might al ...)
	NOT-FOR-US: PeerCast
CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4. ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow rem ...)
	NOT-FOR-US: PBSite
CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: Z-Blog
CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...)
	NOT-FOR-US: Sendcard
CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in Comd ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1 ...)
	NOT-FOR-US: Hunkaray Okul Portaly
CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...)
	NOT-FOR-US: EQdkp
CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before  ...)
	NOT-FOR-US: Aigaion
CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earl ...)
	NOT-FOR-US: EQdkp
CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allo ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer allow ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read fi ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earli ...)
	NOTE: Duplicate of CVE-2008-4067
CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX co ...)
	NOT-FOR-US: eSellerate
CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web  ...)
	NOT-FOR-US: BDigital Web Solutions WebStudio
CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session w ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows re ...)
	NOT-FOR-US: DVD X Player
CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key Tra ...)
	NOT-FOR-US: EQdkp
CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook a ...)
	NOT-FOR-US: My Datebook
CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote  ...)
	NOT-FOR-US: My Datebook
CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web roo ...)
	NOT-FOR-US: Cactushop
CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SendCard
CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-3057 (PHP remote file inclusion vulnerability in include/wysiwyg/spaw_contro ...)
	NOT-FOR-US: XOOPS
CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN  ...)
	- websvn 1.61-22.3 (unimportant; bug #439337)
	NOTE: Websvn does not have cookie based authentication by itself.
	NOTE: I therefore don't think this is serious enough for a stable update.
CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib Linke ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib Link ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier al ...)
	NOT-FOR-US: Calimero
CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earl ...)
	NOT-FOR-US: PostNuke
CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft Revok ...)
	NOT-FOR-US: RevokeSoft RevokeBB
CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...)
	NOT-FOR-US: chameleon cms
CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...)
	NOT-FOR-US: Buttercup BWFM
CVE-2007-3048
	- screen <not-affected> (not reproducible)
CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...)
	NOT-FOR-US: Vonage
CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library be ...)
	NOT-FOR-US: Advanced Software Production Line Vortex Library
CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/ ...)
	NOT-FOR-US: Hitachi TP1
CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi X ...)
	NOT-FOR-US: Hitachi
CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File Shari ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows re ...)
	NOT-FOR-US: Meneame
CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for Inter ...)
	NOT-FOR-US: Microsoft
CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Ag ...)
	NOT-FOR-US: Windows
CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) se ...)
	NOT-FOR-US: Windows
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...)
	NOT-FOR-US: Windows Services for UNIX
CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10 ...)
	NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering En ...)
	NOT-FOR-US: Microsoft
CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlin ...)
	NOT-FOR-US: Microsoft
CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3031
	REJECTED
CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows u ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 all ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...)
	NOT-FOR-US: Panda
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0 ...)
	- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 use ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not proper ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...)
	NOT-FOR-US: Symantec
CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...)
	NOT-FOR-US: Symantec
CVE-2007-3020
	RESERVED
CVE-2007-3019
	RESERVED
CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-cr ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.29 ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3016
	RESERVED
CVE-2007-3015
	RESERVED
CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb conte ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch B ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens C ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterpris ...)
	NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in  ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has  ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode rest ...)
	- php5 5.2.3-1 (unimportant)
CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted r ...)
	NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005
	REJECTED
CVE-2007-3004
	REJECTED
CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier  ...)
	NOT-FOR-US: myBloggie
CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ( ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow  ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect fo ...)
	NOT-FOR-US: Microsoft
CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS f ...)
	NOT-FOR-US: OpenVMS
CVE-2007-2997
	NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...)
	NOT-FOR-US: DGNews
CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka O ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in E ...)
	NOT-FOR-US: Evenzia CMS
CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 a ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic e ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...)
	NOT-FOR-US: Inout Meta Search Engine
CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in  ...)
	NOT-FOR-US: AdminBot
CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting  ...)
	NOT-FOR-US: Pheap
CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group CD ...)
	NOT-FOR-US: Media Technology Group CDPass
CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business C ...)
	NOT-FOR-US: British Telecommunications Business Connect
CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies LEAD ...)
	NOT-FOR-US: LeadTools
CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS L ...)
	NOT-FOR-US: LeadTools
CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive infor ...)
	NOT-FOR-US: Techno Dreams Web Directory / Search Engine
CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows rem ...)
	NOT-FOR-US: eggblog
CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in th ...)
	NOT-FOR-US: DOMjudge
CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet Service ...)
	NOT-FOR-US: Centrinity
CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier (forme ...)
	NOT-FOR-US: Ignite Realtime
CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus  ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to c ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 a ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earl ...)
	NOT-FOR-US: gCards
CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi i ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in WAnewslet ...)
	NOT-FOR-US: WAnewsletter
CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versio ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
	- webpy 0.210-1 (bug #427715; unimportant)
	NOTE: This is not a vulnerability, but an additional precaution function for
	NOTE: a development framework. If someone wants to have this updated in Etch, this
	NOTE: needs to go through a point update
CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection]
	- owl-dms 0.94-1 (medium; bug #416296)
CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux  ...)
	NOT-FOR-US: F-Secure
CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure anti-vi ...)
	NOT-FOR-US: F-Secure
CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in multi ...)
	NOT-FOR-US: F-Secure
CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and e ...)
	NOT-FOR-US: F-Secure
CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle Gal ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 allo ...)
	NOT-FOR-US: FileCloset
CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 a ...)
	NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before 1 ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
	- sylpheed-claws 1.0.5-5.2 (low; bug #441854)
	[etch] - sylpheed-claws <no-dsa> (Minor issue)
	[sarge] - sylpheed-claws <no-dsa> (Minor issue)
	- sylpheed 2.4.5-1 (low)
	[etch] - sylpheed <no-dsa> (Minor issue)
	[sarge] - sylpheed <no-dsa> (Minor issue)
	NOTE: the cvs referenced in redhat bugzilla is not available anymore however
	NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...)
	NOT-FOR-US: McAfee on Solaris
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1)  ...)
	NOT-FOR-US: Qtpfsgui and pfstools
CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in multi ...)
	NOT-FOR-US: Norton Antivirus/Internet Security/System Works
CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...)
	NOT-FOR-US: Novell Client
CVE-2007-2953 (Format string vulnerability in the helptags_one function in src/ex_cmd ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-056+1 (low)
CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka k9fil ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3 ...)
	- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara  ...)
	NOT-FOR-US: Centennial
CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the p ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	- ingimp 2.2.16.20070710-1
	NOTE: http://secunia.com/secunia_research/2007-63/advisory
CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlay ...)
	{DSA-1313-1}
	- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0 ...)
	NOT-FOR-US: OpenBASE Alpha
CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster Dialo ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2945 (RMForum stores sensitive information under the web root with insuffici ...)
	NOT-FOR-US: RMForum
CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: WabCMS
CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis  ...)
	NOT-FOR-US: Webavis
CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ear ...)
	NOT-FOR-US: My Little Forum
CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in v ...)
	NOT-FOR-US: vBulletin Google Yahoo Site Map
CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 B ...)
	NOT-FOR-US: FlaP
CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...)
	NOT-FOR-US: Mazen's PHP Chat
CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBas ...)
	NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module
CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...)
	NOT-FOR-US: TROforum
CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock  ...)
	NOT-FOR-US: Frequency Clock
CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remo ...)
	NOT-FOR-US: Fundanemt
CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered  ...)
	NOT-FOR-US: Vistered Little
CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form (com_phila ...)
	NOT-FOR-US: Phil-a-Form
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine  ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7. ...)
	NOT-FOR-US: MSN Messenger
CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...)
	- bind <removed> (bug #442910)
	[etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
	[sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter dri ...)
	NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during  ...)
	{DSA-1341-2}
	- bind9 1:9.4.1-P1-1
CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ...)
	- bind9 1:9.4.1-P1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
	[sarge] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX  ...)
	NOT-FOR-US: RealNetworks GameHouse
CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in  ...)
	NOT-FOR-US: LocalExec ActiveX control
CVE-2007-2922
	RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx Active ...)
	NOT-FOR-US: Corel
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX co ...)
	NOT-FOR-US: Zoomify Viewer
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX co ...)
	NOT-FOR-US: FViewerLoading
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...)
	NOT-FOR-US: Logitech
CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...)
	NOT-FOR-US: Authentium
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music  ...)
	NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows re ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0 ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...)
	NOT-FOR-US: ClonusWiki
CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unau ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...)
	NOT-FOR-US: vBulletin
CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote  ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Java Embedding Plugin for Mac OS X
CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging  ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 C ...)
	NOT-FOR-US: Microsoft Office ActiveX control
CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 an ...)
	NOT-FOR-US: Dokeos
CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-0 ...)
	NOT-FOR-US: Scallywag
CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in NavB ...)
	NOT-FOR-US: Navboard
CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote attack ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...)
	NOT-FOR-US: Symantec
CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...)
	- bochs <unfixed> (unimportant)
CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iode ...)
	{DSA-1351-1}
	- bochs 2.3+20070705-1 (low; bug #427144)
	NOTE: kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730
CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...)
	NOT-FOR-US: ASP-Nuke
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 a ...)
	NOT-FOR-US: FirmWorX
CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ea ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5  ...)
	NOT-FOR-US: Dokeos
CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows  ...)
	NOT-FOR-US: UltraISO
CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yo ...)
	NOT-FOR-US: WIYS
CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in Enterp ...)
	NOT-FOR-US: Nortel
CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in  ...)
	NOT-FOR-US: Microsoft Visual Database Tools
CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allo ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier store ...)
	NOT-FOR-US: Credant
CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 th ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support (sock ...)
	NOT-FOR-US: Sun Java Web Proxy Server
CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 all ...)
	NOT-FOR-US: Digirez
CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Po ...)
	NOT-FOR-US: GNUTurk
CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run o ...)
	{DSA-1479-1}
	- linux-2.6 2.6.21-3
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 al ...)
	NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conn ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kerne ...)
	{DSA-1363-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in wp ...)
	- wpasupplicant <not-affected> (Fedora-only issue)
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as  ...)
	- spamassassin 3.2.1-1 (low)
	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only locally exploitable)
	[etch] - spamassassin 3.1.7-2etch1
	NOTE: Minor issue fixed in etch r6 point update
	NOTE: Only obscure setups affected, only locally exploitable
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
	NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-17
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-16
	- iceweasel 2.0.0.4-1 (medium)
	- iceape 1.1.2-1 (medium)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12 ...)
	{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
	NOTE: MFSA2007-13
	- iceweasel 2.0.0.4-1
	- iceape 1.1.2-1
	- mozilla <removed>
	- xulrunner 1.8.1.4-1
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox  ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5. ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in modules/admin/modules/galler ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin  ...)
	{DSA-1693-1}
	- phppgadmin 4.1.2-1 (low; bug #427151)
	[sarge] - phppgadmin <not-affected> (Vulnerable code not present)
	NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN
CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content up ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content up ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow  ...)
	NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple Accessibl ...)
	NOT-FOR-US: SAXON
CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated user ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 al ...)
	NOT-FOR-US: SimpGB
CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the IP-T ...)
	NOT-FOR-US: IP-Tracking Mod for phpBB
CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Exc ...)
	NOT-FOR-US: ABC Excel Parser Pro
CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression Ac ...)
	NOT-FOR-US: Dart Communications PowerTCP
CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5. ...)
	NOT-FOR-US: Dart ZipLite
CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in BtiTra ...)
	NOT-FOR-US: BtiTracker
CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD  ...)
	NOT-FOR-US: Virtual CD
CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ( ...)
	NOT-FOR-US: LeadTools
CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix
CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) befo ...)
	- knowledgetree <removed> (bug #432123)
CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox  ...)
	NOT-FOR-US: Sky Software
CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in  ...)
	NOT-FOR-US: HLstats
CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Ma ...)
	NOT-FOR-US: Avast
CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Ma ...)
	NOT-FOR-US: Avast
CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems,  ...)
	- php5 <not-affected> (Multi-threaded operation not supported in Debian)
	- php4 <not-affected> (Multi-threaded operation not supported in Debian)
CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Safari
	NOTE: Does not seem to work with Konqueror.
CVE-2007-2842
	RESERVED
CVE-2007-2841
	REJECTED
CVE-2007-2840
	RESERVED
CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files insecur ...)
	{DSA-1329-1}
	- gfax 0.6 (bug #431893; low)
	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 a ...)
	{DSA-1327-1}
	- gsambad 0.1.6-2 (bug #431331)
CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in fir ...)
	{DSA-1326-1}
	- fireflier 1.1.7
CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through  ...)
	{DSA-1324-1}
	- hiki 0.8.7-1 (bug #430691; medium)
	[sarge] - hiki <not-affected> (Vulnerable code not present)
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_p ...)
	{DSA-1328-1}
	- unicon 3.0.4-12 (bug #431336)
CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3 ...)
	{DSA-1375-1}
	- openoffice.org 2.2.1-9 (medium)
	[sarge] - openoffice.org 1.1.3-9sarge8
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ( ...)
	{DSA-1316-1}
	- emacs21 21.4a+1-5.1 (bug #408929; low)
	- emacs-snapshot <removed>
	NOTE: The bug is not present in emacs22 22.2+1-1. It was probably
	NOTE: fixed before the first emacs22 upload.
CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application firewa ...)
	NOT-FOR-US: Cisco
CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee ...)
	- madwifi 1:0.9.3-2 (high; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 a ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi befo ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php  ...)
	NOT-FOR-US: AdSense-Deluxe
CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...)
	NOT-FOR-US: LeadTools
CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in Madi ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in  ...)
	NOT-FOR-US: @Mail
CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...)
	NOT-FOR-US: HT Editor
CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...)
	{DSA-1502-1}
	- wordpress 2.2-1 (high)
	NOTE: seems present in etch even though admin-ajax.php was not shipped yet
CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX C ...)
	NOT-FOR-US: KSign
CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3. ...)
	NOT-FOR-US: Track+
CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSof ...)
	NOT-FOR-US: Parodia
CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 al ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7 ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2815 (The "hit-highlighting" functionality in webhits.dll in Microsoft Inter ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX co ...)
	NOT-FOR-US: Pegasus ImagN'
CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL sup ...)
	NOT-FOR-US: Cisco
CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...)
	NOT-FOR-US: HLstats
CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and  ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal  ...)
	NOT-FOR-US: Gazi Download Portal
CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for Windo ...)
	NOT-FOR-US: Opera
CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4. ...)
	{DSA-1486-1}
	- gnatsweb 4.00-1.1 (low; bug #427156)
CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1. ...)
	{DSA-1826-1 DSA-1448-1}
	- eggdrop 1.6.18-1.1 (medium; bug #427157)
CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ga ...)
	NOT-FOR-US: GaliX
CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...)
	NOT-FOR-US: ClientExec
CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodLis ...)
	NOT-FOR-US: CandyPress Store
CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Site ...)
	NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in  ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTi ...)
	NOT-FOR-US: eTicket
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the "file" program 4.20, when running on 32-bit sy ...)
	{DSA-1343-2 DSA-1343-1}
	- file 4.21-1 (medium; bug #428293)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in  ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local DoS when Apache memory limit is set high
CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...)
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on  ...)
	NOT-FOR-US: MAILsweeper
CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...)
	NOT-FOR-US: MAILsweeper
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
	- mantis 1.0.7+dfsg-1
	[sarge] - mantis 0.19.2-5sarge5
	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
	- ntfs-3g 1:1.516-1
	NOTE: local root exploit
CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in  ...)
	- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Arris Cadant
CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remot ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2007-2794
	RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in Gee ...)
	NOT-FOR-US: Geeklog
CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component (a ...)
	NOT-FOR-US: com_yanc for Mambo
	NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5 ...)
	NOT-FOR-US: HP Tru64
CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP  ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11 ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java  ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) lttmb ...)
	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote at ...)
	NOT-FOR-US: ircd-ratbox
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to crea ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1. ...)
	NOT-FOR-US: Globus Toolkit
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 an ...)
	NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence n ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in include/sessionRegister.ph ...)
	NOT-FOR-US: WikyBlog
CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensi ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in Libstat ...)
	NOT-FOR-US: Libstats
CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allo ...)
	NOT-FOR-US: MolyX BOARD
CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in A ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to th ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but d ...)
	NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
	NOT-FOR-US: SunLight CMS
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in  ...)
	NOT-FOR-US: Zomplog
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and r ...)
	NOT-FOR-US: CA BrightStor Backup
CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 20 ...)
	NOT-FOR-US: LeadTools JPEG 2000
CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
	NOT-FOR-US: Eudora
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly  ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) be ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQ ...)
	- backup-manager 0.7.6-1 (low)
	[sarge] - backup-manager <no-dsa> (Minor issue)
	[etch] - backup-manager 0.7.5-5
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemo ...)
	NOT-FOR-US: BlockHosts
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches bef ...)
	NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules subsy ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast (b ...)
	NOT-FOR-US: Build it Fast
CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allo ...)
	NOT-FOR-US: MagicISO
CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 d ...)
	NOT-FOR-US: Adempiere
CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the V ...)
	NOT-FOR-US: Adempiere
CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted rem ...)
	NOT-FOR-US: WinImage
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 al ...)
	NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted attack ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low)
	[etch] - libgd <no-dsa> (Minor issue)
	[sarge] - libgd <no-dsa> (Minor issue)
	[etch] - libgd2 <no-dsa> (Minor issue)
	[sarge] - libgd2 <no-dsa> (Minor issue)
	NOTE: https://web.archive.org/web/20090212193455/http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and e ...)
	{DSA-1334-1 DSA-1302-1}
	- freetype 2.2.1-6 (bug #425625)
	[sarge] - freetype 2.1.7-8
CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the we ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal  ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 a ...)
	NOT-FOR-US: PHPGlossar
CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and earli ...)
	NOT-FOR-US: SimpNews
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and e ...)
	NOT-FOR-US: FAQEngine
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows context-depe ...)
	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
	NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webma ...)
	NOT-FOR-US: vDesk Webmail
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX con ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in GlossWor ...)
	NOT-FOR-US: GlossWord
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 B ...)
	NOT-FOR-US: w2box
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows re ...)
	- lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
	- php-xajax 0.2.5-1 (bug #426103; unimportant)
	NOTE: This issue was created because of an upstream changelog entry, which however
	NOTE: was meant for the XSS, which is the general issue.
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows  ...)
	{DSA-1692-1}
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7  ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 modul ...)
	NOT-FOR-US: MyConference for Xoops
CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0  ...)
	NOT-FOR-US: Achievo
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 an ...)
	NOT-FOR-US: ResManager for Xoops
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width an ...)
	NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote aut ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might a ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test fo ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81,  ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed  ...)
	- php5 5.2.3-1 (low)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php4 <not-affected> (no soap functions in php4)
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4 ...)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php5 5.2.2-1 (low)
	NOTE: Code not present in PHP 4.
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: BitsCast
CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control  ...)
	NOT-FOR-US: DeWizardX
CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
	NOT-FOR-US: fotolog
CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to  ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers t ...)
	NOT-FOR-US: NewzCrawler
CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG- ...)
	{DSA-2036-1}
	- jasper 1.900.1-6 (medium; bug #413033; bug #528543)
	NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543
	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
	- gs-gpl <removed> (medium; bug #561717)
	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html
CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
	NOT-FOR-US: Group-Office
CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in Stal ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c an ...)
	NOT-FOR-US: EQdkp
CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only  ...)
	- wu-ftpd 2.6.2-4
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to cha ...)
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet bef ...)
	- wordpress 2.2-1
	NOTE: See http://plugins.trac.wordpress.org/changeset/12812/akismet/trunk/akismet.php
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when  ...)
	NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ha ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remot ...)
	NOT-FOR-US: TinyIdentD
CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt Com ...)
	NOT-FOR-US: News-Script
CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php i ...)
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...)
	NOT-FOR-US: Geeklog
CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA WebL ...)
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if  ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA WebLogi ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show plainte ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express an ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Ex ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT p ...)
	- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg <not-affected> (Only MySQL 5.1 affected)
CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x be ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42 (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality not implemented)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830)
CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M  ...)
	NOT-FOR-US: ISS
CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain full-wid ...)
	NOT-FOR-US: Check Point
CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS  ...)
	NOT-FOR-US: Cisco
CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.E ...)
	NOT-FOR-US: MicroWorld
CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2. ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute arbit ...)
	- mutt 1.5.15+20070608-1 (low; bug #426116)
	[etch] - mutt <no-dsa> (Minor issue, hardly exploitable)
	[sarge] - mutt <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as u ...)
	NOT-FOR-US: Adobe
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution 1. ...)
	- b2evolution <unfixed> (unimportant)
	NOTE: This is a register_globals=on issue.
	NOTE: More than just blogs/index.php is affected (that file isn't
	NOTE: installed by the Debian package).
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery  ...)
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint  ...)
	NOT-FOR-US: Netsprint
CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess Communi ...)
	NOT-FOR-US: phpChess
CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open Tr ...)
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings  ...)
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 all ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura 1 ...)
	NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allo ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of s ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the install ...)
	NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 an ...)
	NOT-FOR-US: PHPChain
CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execut ...)
	NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
	NOT-FOR-US: VImpX
CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
	NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0 ...)
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...)
	NOT-FOR-US: Yaap
CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php  ...)
	NOT-FOR-US: Beacon
CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attack ...)
	NOT-FOR-US: EfesTECH
CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remot ...)
	NOT-FOR-US: BlogMe
CVE-2007-2660
	NOT-FOR-US: PhpConcept
CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced Transfe ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5  ...)
	NOT-FOR-US: ID Automation
CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX contr ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview Active ...)
	NOT-FOR-US: HP
CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...)
	NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure pe ...)
	- xfsdump 2.2.45-1 (bug #417894; low)
	[etch] - xfsdump <no-dsa> (Minor issue)
CVE-2007-2653
	REJECTED
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow rem ...)
	NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow re ...)
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to  ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for i ...)
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 Active ...)
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php i ...)
	NOT-FOR-US: MonAlbum
CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted re ...)
	NOT-FOR-US: yEnc32
CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in exif-dat ...)
	{DSA-1487-1}
	- libexif 0.6.15-1 (bug #424775)
CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3. ...)
	NOT-FOR-US: Morovia
CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs  ...)
	NOT-FOR-US: maGAZIn
CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 al ...)
	NOT-FOR-US: R2K Gallery
CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0. ...)
	NOT-FOR-US: W1L3D4
CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid "trivial  ...)
	NOT-FOR-US: LibTMCG
CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote atta ...)
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: eFileCabinet
CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars  ...)
	{DSA-1514-1}
	- moin 1.5.7-2 (low)
CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote attack ...)
	NOT-FOR-US: phpTodo
CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote at ...)
	- interchange 5.4.2-1 (low)
CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in aFor ...)
	NOT-FOR-US: aForum
CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows re ...)
	NOT-FOR-US: H-Sphere
CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User  ...)
	NOT-FOR-US: phpMUR
CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8- ...)
	NOTE: Duplicate of CVE-2007-2589
CVE-2007-2630 (Incomplete blacklist vulnerability in filemanager/browser/default/conn ...)
	- moin 1.5.8-4.1 (unimportant)
	- karrigell <not-affected> (Vulnerable php code not present)
	- knowledgeroot 0.9.8.2-2 (unimportant)
CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) allow ...)
	NOT-FOR-US: Bradford
CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in Justi ...)
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress,  ...)
	- wordpress 2.2.2-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-2626
	NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in shared/code/cp_authorizati ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624 (Dynamic variable evaluation vulnerability in shared/config/cp_config.p ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1. ...)
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier a ...)
	NOT-FOR-US: TaskDriver
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 al ...)
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
	NOT-FOR-US: Jakub Steiner (aka jimmac) original
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login creden ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows re ...)
	NOT-FOR-US: Drake CMS
CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core p ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE servic ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLoja ...)
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in php ...)
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared vir ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikk ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 all ...)
	NOT-FOR-US: CGX
CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1 ...)
	NOT-FOR-US: OpenLD
CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 all ...)
	NOT-FOR-US: gnuedu
CVE-2007-2608 (PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.p ...)
	NOT-FOR-US: Miplex2
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
	NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger m ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (low)
	NOTE: Minor issue, because conffile is restricted
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ISoftomat ...)
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows remo ...)
	NOT-FOR-US: FlexLabel
CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper  ...)
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows att ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith Playe ...)
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (ak ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop T ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL all ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1 ...)
	NOT-FOR-US: telltarget CMS
CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum 1 ...)
	NOT-FOR-US: aForum
CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...)
	NOT-FOR-US: RSAuction
CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in php ...)
	NOT-FOR-US: phpMyPortal
CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS,  ...)
	NOT-FOR-US: Microsoft
CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisy ...)
	NOT-FOR-US: Nokia
CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0. ...)
	NOT-FOR-US: Nokia
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possi ...)
	NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1 (low)
	NOTE: CVE id has later been assigned to a part of this issue
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlie ...)
	- wu-ftpd 2.6.2-26 (unimportant; bug #425162)
	NOTE: Linux' limit is 4096 chars
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 an ...)
	{DSA-1504-1}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa ...)
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authen ...)
	NOT-FOR-US: Cisco
CVE-2007-2586 (The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check  ...)
	NOT-FOR-US: Cisco
CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz A ...)
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSu ...)
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: [sarge] Not affected, test case doesn't crash the daemon
CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) servi ...)
	NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
	NOT-FOR-US: Safari
CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
	NOT-FOR-US: ACP3
CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in AC ...)
	NOT-FOR-US: ACP3
CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
	NOT-FOR-US: ACP3
CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 Active ...)
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm (ak ...)
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog 0.9 ...)
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in P ...)
	NOT-FOR-US: PHPtree
CVE-2007-2572 (PHP remote file inclusion vulnerability in modules/noevents/templates/ ...)
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module  ...)
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in W ...)
	NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 a ...)
	NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assis ...)
	NOT-FOR-US: VCDGear
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Cod ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control a ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers  ...)
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music Ment ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...)
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote  ...)
	NOT-FOR-US: fipsCMS
CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 an ...)
	NOT-FOR-US: ACGVannu
CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart 3. ...)
	NOT-FOR-US: american cart
CVE-2007-2558
	NOT-FOR-US: pfa CMS
CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, whic ...)
	NOT-FOR-US: Mambo
CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attacker ...)
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote  ...)
	NOT-FOR-US: Podium CMS
CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
	NOT-FOR-US: Newspower
CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 all ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaW ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 a ...)
	NOT-FOR-US: CubeCart
CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebToo ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 an ...)
	NOT-FOR-US: SMF
CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9. ...)
	NOT-FOR-US: Persism
CVE-2007-2544 (PHP remote file inclusion vulnerability in templates/default/tpl_messa ...)
	NOT-FOR-US: TopTree BBS
CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
	NOT-FOR-US: XOOPS
CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench sur ...)
	NOT-FOR-US: workbench survival guide
CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php i ...)
	NOT-FOR-US: Versado
CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and e ...)
	NOT-FOR-US: PMECMS
CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote atta ...)
	NOT-FOR-US: RunCms
CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms 1. ...)
	NOT-FOR-US: RunCms
CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 an ...)
	NOT-FOR-US: NPDS
CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: Picozip
CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite  ...)
	NOT-FOR-US: WinAce
CVE-2007-2534
	NOT-FOR-US: phpHoo3
CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Sec ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duo ...)
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in Ber ...)
	NOT-FOR-US: Berylium2
CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowel ...)
	NOT-FOR-US: Tropicalm
CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 b ...)
	NOT-FOR-US: Solaris 10
CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD befor ...)
	NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewe ...)
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
	NOTE: Linus' tree.
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Re ...)
	{DSA-1298-1}
	- otrs2 2.1.1-1 (bug #423524)
	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070 ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA Anti-Vi ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! befor ...)
	NOT-FOR-US: E-GADS!
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when magic_qu ...)
	NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
	- php5 5.2.3-1 (unimportant; bug #441433)
	- php4 <removed> (unimportant)
	NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't
	NOTE: cross trust boundaries
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple product ...)
	NOT-FOR-US: Symantec
CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 pos ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and l ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP befo ...)
	{DTSA-39-1}
	- php5 5.2.2-1
	NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before 5 ...)
	{DSA-1295-1 DTSA-39-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before  ...)
	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.5 ...)
	NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble D ...)
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and  ...)
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 all ...)
	NOT-FOR-US: MailCOPA
CVE-2007-2504
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with so ...)
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before 0.9 ...)
	NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player ...)
	{DTSA-48-1}
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and e ...)
	NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote a ...)
	NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a den ...)
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote at ...)
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control  ...)
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX con ...)
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ &amp; RU ...)
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for  ...)
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.3 ...)
	NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows rem ...)
	NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and o ...)
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ex ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and 1 ...)
	NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the m ...)
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in th ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the wp-T ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the wordTu ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the  ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not pro ...)
	NOT-FOR-US: Mambo
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <not-affected> (Upstream: "This bug was never present in a Debian release.")
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does n ...)
	{DSA-1358-1}
	- asterisk 1:1.4.5~dfsg-1 (low)
	NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line
	NOTE: could just as well hang-up
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-013.htm
CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.2 ...)
	- linux-2.6 2.6.22-1 (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers t ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477
	NOT-FOR-US: phpMyChat
CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0 ...)
	NOT-FOR-US: Novell
CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogi ...)
	NOT-FOR-US: Novell
CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3 ...)
	NOT-FOR-US: Sendcard
CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...)
	NOT-FOR-US: Sendcard
CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...)
	NOT-FOR-US: FileRun
CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier al ...)
	NOT-FOR-US: FileRun
CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 an ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions  ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) f ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1  ...)
	NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...)
	NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...)
	NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PI ...)
	NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in modules/admin/include/confi ...)
	NOT-FOR-US: FireFly
CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl mo ...)
	{DSA-1498-1}
	- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery  ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in resources/includes/class.Sm ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 a ...)
	NOT-FOR-US: FireFly
CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual mac ...)
	NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
	NOT-FOR-US: Parallels
CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2. ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (low)
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in locate/ ...)
	- findutils 4.2.31-1 (low; bug #426862)
	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
	[etch] - findutils 4.2.28-1etch1 (low)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES i ...)
	- linux-2.6 2.6.21-3
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
	{DSA-1468-1}
	- tomcat4 <removed> (low)
	- tomcat5 <removed> (low)
	- tomcat5.5 5.5.25-1 (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP fil ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Only present in the examples, not in production code
CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial  ...)
	- subversion 1.4.4dfsg1-1 (bug #428194; low)
	[etch] - subversion <no-dsa> (Minor issue)
	[sarge] - subversion <no-dsa> (Minor issue)
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allo ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in Sam ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	[etch] - libgd2 2.0.33-5.2etch1 (low)
	- libpng 1.2.15~beta5-2
	- libpng3 <not-affected>
	[etch] - libpng 1.2.15~beta5-1+etch2
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1
CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in svc_a ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; high)
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 a ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile,  ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-022+1 (bug #435401; low)
	[sarge] - vim <not-affected> (Vulnerable code not present)
	NOTE: Exploitable through modelines, needs to be used with care in any case
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, an ...)
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java  ...)
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remot ...)
	NOT-FOR-US: Aventail Connect
CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
	NOT-FOR-US: Ariadne
CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in nu ...)
	NOT-FOR-US: Nukedit
CVE-2007-2431 (Dynamic variable evaluation vulnerability in shared/config/tce_config. ...)
	NOT-FOR-US: TCExam
CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote at ...)
	NOT-FOR-US: TCExam
CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to obta ...)
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp ...)
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 modul ...)
	NOT-FOR-US: pnFlashGames
CVE-2007-2426 (PHP remote file inclusion vulnerability in myfunctions/mygallerybrowse ...)
	NOT-FOR-US: myGallery
CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 all ...)
	NOT-FOR-US: Imageview
CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The Merch ...)
	NOT-FOR-US: The Merchant
CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5. ...)
	{DSA-1514-1}
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07- ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macro ...)
	NOT-FOR-US: Macrovision
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging an ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software Progre ...)
	NOT-FOR-US: Progress Software Progress and OpenEdge
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote attack ...)
	NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: MyServer
CVE-2007-2413
	REJECTED
CVE-2007-2412
	NOT-FOR-US: Seir Anphin
CVE-2007-2411
	NOT-FOR-US: Sphider
CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of cer ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10. ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly re ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows fi ...)
	- samba <not-affected> (MacOS/Apple-specific vulnerability)
CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certai ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allow ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly valid ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform suff ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4 ...)
	NOT-FOR-US: Apple
CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Window ...)
	NOT-FOR-US: Apple
CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1 ...)
	NOT-FOR-US: Apple
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly che ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before 7. ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-a ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 fo ...)
	NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows re ...)
	NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear  ...)
	NOT-FOR-US: Apple
CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not proper ...)
	NOT-FOR-US: Apple
CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...)
	NOT-FOR-US: Apple
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 a ...)
	NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object Notatio ...)
	- yui <removed> (unimportant; bug #557745)
	- bcfg2 <not-affected> (present in source but not included in any binary files)
	- serendipity 1.5.3-1 (low; bug #557746)
	- moodle <not-affected> (uses system libjs-yui)
	- jifty 0.91117-1 (low; bug #557748)
	- webgui <not-affected> (uses system libjs-yui)
	- loggerhead <not-affected> (uses system libjs-yui)
	NOTE: see https://web.archive.org/web/20071105202514/http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object N ...)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data  ...)
	{DSA-1952-1}
	- prototypejs <not-affected> (fixed before initial upload)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <no-dsa> (minor issue)
	[lenny] - asterisk <no-dsa> (minor issue)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby <not-affected> (has prototype.js >= 1.5.1)
	- lucene2 2.9.1+ds1-2 (low; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	[lenny] - lucene2 <no-dsa> (minor issue)
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Uses the prototype.js copy from scriptaculous)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd <no-dsa> (minor issue)
	- mediatomb 0.11.0-3 (low; bug #555232)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers <not-affected> (fixed since initial inclusion)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress <not-affected> (fixed since initial inclusion)
	- exaile <not-affected> (fixed since initial inclusion)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (fixed since initial inclusion)
	- scriptaculous <not-affected> (fixed since initial inclusion)
	- activeldap <not-affected> (fixed since initial inclusion)
	- mantis <not-affected> (fixed since initial inclusion)
	- otrs2 <not-affected> (fixed since initial inclusion)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (fixed since initial inclusion)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ( ...)
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object N ...)
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ( ...)
	- jquery <removed> (unimportant)
	NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself.
	NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
	- gwt <removed> (unimportant; bug #563542)
	NOTE: javascript security guidelines provided to developers to avoid these issues
	NOTE: https://developers.google.com/web-toolkit/articles/security_for_gwt_applications
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data  ...)
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation (JS ...)
	NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security Man ...)
	NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1 ...)
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and  ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ear ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 an ...)
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 a ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4. ...)
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted rem ...)
	NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0 ...)
	NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and  ...)
	NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted rem ...)
	NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
	{DSA-1434-1 DTSA-36-1}
	- mydns 1:1.1.0-8
	[sarge] - mydns <not-affected> (Vulnerable code not present)
CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, ...)
	NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, ...)
	NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton G ...)
	NOT-FOR-US: Symantec
CVE-2007-2358
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in Si ...)
	NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in sunras. ...)
	{DSA-1301-1}
	- gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ...)
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote at ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4. ...)
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows r ...)
	NOT-FOR-US: freePBX
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.B ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell met ...)
	- lftp 3.5.9-1 (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in  ...)
	NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
	NOT-FOR-US: PHP-Generics
CVE-2007-2345 (PHP remote file inclusion vulnerability in include/include_stream.inc. ...)
	NOT-FOR-US: phpBrowse
CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight In ...)
	NOT-FOR-US: Enterasys
CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys NetSig ...)
	NOT-FOR-US: Enterasys
CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory  ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in phpBandM ...)
	NOT-FOR-US: phpBandManager
CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in inc/include_all. ...)
	NOT-FOR-US: phporacleview
CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow r ...)
	NOT-FOR-US: Phorum
CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in include/admin/banli ...)
	NOT-FOR-US: Phorum
CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0. ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 200 ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader functi ...)
	NOT-FOR-US: Lunascape
CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...)
	NOT-FOR-US: Nortel
CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...)
	NOT-FOR-US: Nortel
CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_ ...)
	NOT-FOR-US: Nortel
CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the Site ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist f ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the correc ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and Algorithm. ...)
	NOT-FOR-US: PureTLS
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
	NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in Dyn ...)
	NOT-FOR-US: DynaTracker
CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in Searchacti ...)
	NOT-FOR-US: Searchactivity
CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...)
	NOT-FOR-US: phpMYTGP
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox  ...)
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
	- smarty <removed> (unimportant; bug #488523)
	- moodle 1.8.2-2 (unimportant; bug #488525)
	- gallery2 2.2.5-2 (unimportant; bug #488527)
	NOTE: this is a non-issue
	NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory
	NOTE: (should be the case for embedded copies), however
	NOTE: additionally this relies on register_globals being switched on.
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups ...)
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows r ...)
	NOT-FOR-US: JulmaCMS
CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...)
	NOT-FOR-US: InterVideo
CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remo ...)
	NOT-FOR-US: Nero
CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe  ...)
	NOT-FOR-US: SilverStripe
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier a ...)
	NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and earli ...)
	NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 allo ...)
	- filezilla 3.0.0~beta2-3 (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...)
	NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business Managem ...)
	NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to caus ...)
	NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly  ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the Shotcas ...)
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...)
	NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...)
	NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in We ...)
	NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick an ...)
	NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ( ...)
	NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News Manag ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8  ...)
	NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0 ...)
	NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto  ...)
	NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier a ...)
	NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 a ...)
	NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x  ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quickt ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
	{DSA-1358-1}
	- asterisk 1:1.4.3~dfsg-1 (low)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-012.htm
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in c ...)
	- asterisk 1:1.4.3~dfsg-1 (high)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	[lenny] - asterisk <not-affected> (vulnerable code not present)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-010.htm
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for  ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and Ne ...)
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net do ...)
	NOT-FOR-US: doruk100net
CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 Fin ...)
	NOT-FOR-US: comus
CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP  ...)
	NOT-FOR-US: Built2Go
CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...)
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote a ...)
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote attacke ...)
	NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6. ...)
	NOT-FOR-US: Cisco
CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe  ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ser ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundat ...)
	NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to h ...)
	NOT-FOR-US: Plogger
CVE-2007-2276
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced Edi ...)
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to  ...)
	NOT-FOR-US: Opera
CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in Ales ...)
	NOT-FOR-US: wavewoo
CVE-2007-2272 (PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.p ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Dist ...)
	NOT-FOR-US: TotaRam
CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a denia ...)
	NOT-FOR-US: Linksys
CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for Wind ...)
	NOT-FOR-US: Plesk
CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for Windo ...)
	NOT-FOR-US: Plesk
CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 b ...)
	NOT-FOR-US: Sun Cluster
CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, m ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows  ...)
	NOT-FOR-US: YA Book
CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and  ...)
	NOT-FOR-US: RealPlayer
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...)
	- tomcat5.5 5.5.17-1 (low)
CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
	- tomcat5.5 5.5.15-1 (low)
CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in html/php/detail. ...)
	NOT-FOR-US: jmuffin
CVE-2007-2261 (PHP remote file inclusion vulnerability in espaces/communiques/annotat ...)
	NOT-FOR-US: C-Arbre
CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
	NOT-FOR-US: bibtex mase
CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote  ...)
	NOT-FOR-US: EsForum
CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in PH ...)
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded  ...)
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 al ...)
	NOT-FOR-US: TJSChat
CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine  ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in P ...)
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtai ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS 0. ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earl ...)
	NOT-FOR-US: Xaraya
CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain th ...)
	NOT-FOR-US: Phorum
CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote  ...)
	NOT-FOR-US: Phorum
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Ph ...)
	NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace  ...)
	NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running s ...)
	NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b4134b65a7e7ed355121b6c2db9ea6c9624509bc
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator  ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-1 (low; bug #421595)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ...)
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...)
	NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera C ...)
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components A ...)
	NOT-FOR-US: Whale Client Components ActiveX control
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to incl ...)
	NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 an ...)
	NOT-FOR-US: PunBB
CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly handl ...)
	NOT-FOR-US: PunBB
CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authen ...)
	NOT-FOR-US: CoSign
CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers  ...)
	NOT-FOR-US: CoSign
CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dove ...)
	{DSA-1359-1}
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote aut ...)
	NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for unspecif ...)
	NOT-FOR-US: Microsoft
CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2,  ...)
	NOT-FOR-US: Windows
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2007-2226
	REJECTED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote atta ...)
	NOT-FOR-US: Microsoft XML
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft W ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	REJECTED
CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000,  ...)
	NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...)
	NOT-FOR-US: Kodak Image Viewer
CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215
	REJECTED
CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in  ...)
	NOT-FOR-US: DmCMS
CVE-2007-2213 (Unspecified vulnerability in the Initialize function in NetscapeFTPHan ...)
	NOT-FOR-US: WS_FTP
CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoa ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...)
	NOT-FOR-US: Netsprint
CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft Im ...)
	NOT-FOR-US: AccuSoft
CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3 ...)
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website Manag ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe  ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (G ...)
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows  ...)
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution  ...)
	NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in Pag ...)
	NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcl ...)
	NOT-FOR-US: Joomla!
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System (LMS ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2. ...)
	NOT-FOR-US: NeatUpload
CVE-2007-2196
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
	- amsn <not-affected> (Appears bogus, no such port is opened; bug #557754)
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remo ...)
	NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
	NOT-FOR-US: ACDSee
CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remot ...)
	NOT-FOR-US: Photofiltre
CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x a ...)
	NOT-FOR-US: freePBX
CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php i ...)
	NOT-FOR-US: Eba News
CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php i ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka transact ...)
	NOT-FOR-US: eXtremail
CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remo ...)
	NOT-FOR-US: eXtremail
CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Foxit Reader
CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b a ...)
	NOT-FOR-US: Supasite
CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
	NOT-FOR-US: jchit
CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System (a ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
	NOT-FOR-US: WEBInsta
CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote att ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in XceddZipL ...)
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity  ...)
	NOT-FOR-US: Sharity
CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers t ...)
	NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available
CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ot ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Eng ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) cou ...)
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 cau ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in GWINTER.e ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not c ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem 1. ...)
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
	NOT-FOR-US: AimStats
CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 all ...)
	NOT-FOR-US: AimStats
CVE-2007-2166 (PHP remote file inclusion vulnerability in administration/user/lib/gro ...)
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous au ...)
	- proftpd 1.3.0-24 (low)
	[sarge] - proftpd <no-dsa> (Minor issue)
	- proftpd-dfsg 1.3.0-24 (low)
	[etch] - proftpd-dfsg 1.3.0-19etch1
	NOTE: Minor issue Fixed in 4.0r4 point release
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service (bro ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Data ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database Ad ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 a ...)
	NOT-FOR-US: jGallery
CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in Zomp ...)
	NOT-FOR-US: Zomplog
CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic  ...)
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber TopSi ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154 (PHP remote file inclusion vulnerability in services/samples/inclusionS ...)
	NOT-FOR-US: Cabron Connector
CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 al ...)
	NOT-FOR-US: @Mail
CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterpris ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...)
	NOT-FOR-US: McAfee
CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allo ...)
	NOT-FOR-US: BlueArc
CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores userna ...)
	NOT-FOR-US: Chatness
CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in Stephe ...)
	NOT-FOR-US: Chatness
CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and  ...)
	NOT-FOR-US: Chatness
CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote  ...)
	NOT-FOR-US: MiniGal
CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php  ...)
	NOT-FOR-US: JoomlaPack
CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 t ...)
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php all ...)
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
	NOT-FOR-US: ShoutPro
CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin  ...)
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA (fo ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
	NOT-FOR-US: Tivoli
CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol Perform ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote  ...)
	NOT-FOR-US: Oracle
CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards Ente ...)
	NOT-FOR-US: Oracle
CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital M ...)
	NOT-FOR-US: Oracle
CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise  ...)
	NOT-FOR-US: Oracle
CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has un ...)
	NOT-FOR-US: Oracle
CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle Collabo ...)
	NOT-FOR-US: Oracle
CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle Applicat ...)
	NOT-FOR-US: Oracle
CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10 ...)
	NOT-FOR-US: Oracle
CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the  ...)
	NOT-FOR-US: Oracle
CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component i ...)
	NOT-FOR-US: Oracle
CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_U ...)
	NOT-FOR-US: Oracle
CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have  ...)
	NOT-FOR-US: Oracle
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application e ...)
	- tomcat5.5 5.5.16-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Ap ...)
	- tomcat5.5 5.5.20-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	[etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30)
	- git-core 1:1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f
	NOTE: http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
	{DSA-1311-1 DSA-1309-1}
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content Manageme ...)
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0 ...)
	NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow re ...)
	NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum  ...)
	NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...)
	NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root wit ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConc ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in  ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 al ...)
	NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia 0.5 ...)
	NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft Gu ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft Gu ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_bloc ...)
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evol ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx Developme ...)
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 an ...)
	- sitebar 3.3.8-7 (low)
	NOTE: this was register globals only and is fixed in Debian anyway
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, wh ...)
	NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allo ...)
	NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in My ...)
	NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows all ...)
	NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
	NOT-FOR-US: XAMPP
CVE-2007-2078
	NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search  ...)
	NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery  ...)
	NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on m ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execu ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery S ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2. ...)
	NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.1 ...)
	NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront m ...)
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Is ...)
	NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Lad ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaett ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writab ...)
	NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user- ...)
	NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLo ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in eIQnet ...)
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-a ...)
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remo ...)
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary command ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow re ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow rem ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in Modules/_localemo ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 2.5.1-1 (bug #416934; low)
	- python2.3 <removed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has unkno ...)
	NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBo ...)
	NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Mod ...)
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Consol ...)
	NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (ak ...)
	NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads  ...)
	NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 an ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Anto ...)
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde  ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde  ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN AC ...)
	NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points be ...)
	NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x befor ...)
	NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) bef ...)
	NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive i ...)
	NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...)
	NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...)
	NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded F ...)
	NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, an ...)
	- 3proxy <itp> (bug #718219)
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might a ...)
	- lha 1.14i-10.2 (bug #437621; low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) all ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://bugzilla.clamav.net/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
	- freeradius 1.1.6-1 (low)
	[sarge] - freeradius <no-dsa> (Minor issue)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string func ...)
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent  ...)
	- file 4.20-6 (low)
	[etch] - file 4.17-5etch3
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.2 ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple Techno ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020
	NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in phpGall ...)
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share Enter ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not c ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMy ...)
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It 1.0 ...)
	NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in include/blocks/week_events. ...)
	NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Ein ...)
	NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4. ...)
	NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
	NOT-FOR-US: DeskPro
CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote authentica ...)
	NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light  ...)
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allo ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authent ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1 ...)
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1  ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect head ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to acc ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in admin/configu ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
	NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages 1.7 ...)
	NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) 4. ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract fu ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
	NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...)
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File  ...)
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
	NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailSe ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...)
	NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
	NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in  ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUN ...)
	NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in phpexplorator.ph ...)
	NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
	NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php  ...)
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple PH ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Wi ...)
	NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module fo ...)
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ea ...)
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1 ...)
	NOT-FOR-US: holaCMS
CVE-2007-1976
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allo ...)
	NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in class/wfsart ...)
	NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2006-7194 (PHP remote file inclusion vulnerability in modules/Mysqlfinder/Mysqlfi ...)
	NOT-FOR-US: Agora
CVE-2006-7193
	NOT-FOR-US: disputed (SMARTY_DIR is a constant)
CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...)
	NOT-FOR-US: Half-Life
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 20 ...)
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
	- iceweasel <removed> (unimportant; bug #556267)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Cr ...)
	NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...)
	NOT-FOR-US: MyBlog
CVE-2007-1967
	NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows  ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4. ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is available ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963 (SQL injection vulnerability in the create_session function in class_se ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and e ...)
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in command.cp ...)
	- tinymux <unfixed> (unimportant)
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a deni ...)
	- tinymux 2.4.3.31-1
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6 ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX Active ...)
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 buil ...)
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote a ...)
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attac ...)
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizza ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attack ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM W ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server (WA ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent  ...)
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependen ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter  ...)
	NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 lo ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in  ...)
	NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows remo ...)
	NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1 ...)
	NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAd ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ( ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 mo ...)
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Boo ...)
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2. ...)
	NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in Smod ...)
	NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, a ...)
	NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
	NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows  ...)
	NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer  ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin  ...)
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone Nuk ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924
	NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control  ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.D ...)
	NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
	NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in  ...)
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 a ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC  ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Libra ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 be ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted r ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remo ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote atta ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.n ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant Mes ...)
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content  ...)
	NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Tech ...)
	NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0  ...)
	NOT-FOR-US: SonicBB
CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote att ...)
	NOT-FOR-US: SonicBB
CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: SonicBB
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ex ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 al ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitra ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach  ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MyS ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager Ac ...)
	NOT-FOR-US: Akamai
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function  ...)
	NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zen ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c i ...)
	- sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sq ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	- php4-sqlite <removed> (medium; bug #420456)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2. ...)
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in PH ...)
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-depende ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Qualit ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus,  ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in Kaspers ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo ...)
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of  ...)
	NOT-FOR-US: VMware
CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest o ...)
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions  ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remo ...)
	NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows rem ...)
	NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows rem ...)
	NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ( ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial o ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deplo ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute a ...)
	NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865
	NOT-FOR-US: not a bug
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7,  ...)
	{DSA-1331-1 DSA-1330-1}
	- php4 <removed>
	- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), wh ...)
	- apache2 2.2.4-1 (low)
	- apache <removed> (unimportant)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not  ...)
	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel  ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 de ...)
	{DSA-1312-1}
	- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for credentia ...)
	- xscreensaver 5.03-1 (low; bug #433964)
	[etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
	[sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4 ...)
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <removed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure p ...)
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_cl ...)
	NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container 07 ...)
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Glob ...)
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852
	NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and  ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php i ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows remot ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php i ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module fo ...)
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and earli ...)
	NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsite ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in M ...)
	NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before 2.0.1 ...)
	NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in  ...)
	{DSA-1299-1 DTSA-42-1}
	- ipsec-tools 1:0.6.6-3.2 (medium; bug #423252)
	[sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle com ...)
	NOT-FOR-US: Microsoft ASP .NET Framework
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3 ...)
	- net-snmp 5.2.2-1 (medium)
CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...)
	[sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not es ...)
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
	NOT-FOR-US: CodeBB
CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ea ...)
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0. ...)
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836 (The command line administration interface in Data Domain OS before 4.0 ...)
	NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unifie ...)
	NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
	NOT-FOR-US: WebAPP
CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have unknow ...)
	NOT-FOR-US: WebAPP
CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org Web ...)
	NOT-FOR-US: WebAPP
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in web-a ...)
	NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2. ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 befo ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or remo ...)
	NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote att ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to retr ...)
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a  ...)
	NOT-FOR-US: Nortel Networks
CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (S ...)
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php  ...)
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews (lykos_r ...)
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for X ...)
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for Xoop ...)
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and earlie ...)
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812 (PHP remote file inclusion vulnerability in utilitaires/gestion_sondage ...)
	NOT-FOR-US: BT-Sondage
CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 a ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company We ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and earl ...)
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the myAl ...)
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmg ...)
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and earli ...)
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service  ...)
	{DTSA-44-1}
	- pulseaudio 0.9.6-1 (low)
	[etch] - pulseaudio <no-dsa> (Minor issue)
CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote  ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta  ...)
	NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust Agen ...)
	NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...)
	{DSA-1373-2 DSA-1373-1}
	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows loc ...)
	NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote  ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	- graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2  ...)
	NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PH ...)
	NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9,  ...)
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9. ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec  ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ea ...)
	NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction So ...)
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low val ...)
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.cl ...)
	NOT-FOR-US: Time-Assistant
CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online Communit ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5  ...)
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus  ...)
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	REJECTED
CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Ma ...)
	{DSA-1287-1}
	- ldap-account-manager 1.0.0-1 (medium)
CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
	NOT-FOR-US: WebAPP
CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in  ...)
	NOT-FOR-US: WebAPP
CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net WebAP ...)
	NOT-FOR-US: WebAPP
CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches f ...)
	NOT-FOR-US: WebAPP
CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attacker ...)
	NOT-FOR-US: WebAPP
CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php  ...)
	NOT-FOR-US: CMSmelborp
CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ( ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit Engin ...)
	NOT-FOR-US: Exhibit Engine
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
	- xmovie <removed>
CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access t ...)
	NOT-FOR-US: CruiseWorks
CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to  ...)
	NOT-FOR-US: Minna De Office
CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in Advanc ...)
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuk ...)
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5  ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (medium)
	- php5 5.2.0-11 (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com D4 ...)
	NOT-FOR-US: D4J eZine
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4  ...)
	NOT-FOR-US: JBrowser
CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allo ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow remot ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers  ...)
	NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in manage/javascript/formjavas ...)
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental System ...)
	NOT-FOR-US: ArcSDE
CVE-2007-1769
	REJECTED
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in app/helpers/application_he ...)
	NOT-FOR-US: Mephisto
CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AO ...)
	NOT-FOR-US: AOL
CVE-2007-1766 (PHP remote file inclusion vulnerability in login/engine/db/profiledit. ...)
	NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user- ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs bef ...)
	- iceweasel 3.0.1-1 (unimportant; bug #445515)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1761
	REJECTED
CVE-2007-1760
	REJECTED
CVE-2007-1759
	REJECTED
CVE-2007-1758
	REJECTED
CVE-2007-1757
	REJECTED
CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1755
	REJECTED
CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1753
	REJECTED
CVE-2007-1752
	REJECTED
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...)
	NOT-FOR-US: Vector Markup Language
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name Sy ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 200 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam An ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for VM ...)
	NOT-FOR-US: VMware
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison f ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino befo ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
	NOT-FOR-US: TrueCrypt
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HT ...)
	NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or  ...)
	- iceweasel <removed> (unimportant)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565 ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in net/dccp/proto. ...)
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remot ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732
	- wordpress 2.1.3-1 (unimportant)
	NOTE: Administrators can post full HTML, that is a feature. Rightly disputed.
CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous FT ...)
	NOT-FOR-US: hpaftpd
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
	- linux-2.6 2.6.21-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 1000 ...)
	NOT-FOR-US: Flexbb
CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstati ...)
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 a ...)
	NOT-FOR-US: IceBB
CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remot ...)
	NOT-FOR-US: IceBB
CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and atta ...)
	NOT-FOR-US: ReactOS
CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: IronMail
CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea SK ...)
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 a ...)
	NOT-FOR-US: C-Arbre
CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the Addressboo ...)
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD,  ...)
	NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 <removed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 t ...)
	- php4 6:4.4.6-2 (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console de ...)
	NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
	NOT-FOR-US: CcCounter
CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
	NOT-FOR-US: BASP21
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...)
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 a ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-2
	- php5 5.2.0-9
	NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-de ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC  ...)
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS  ...)
	NOT-FOR-US: ttCMS
CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side Conte ...)
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remot ...)
	NOT-FOR-US: eWebQuiz
CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows re ...)
	NOT-FOR-US: Active Trade
CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager (com_resma ...)
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards)  ...)
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the Fla ...)
	NOT-FOR-US: Flatmenu
CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is e ...)
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, c ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	[sarge] - php4 4:4.3.10-21
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version. likewise the oldstable
	NOTE: version was fixed.
CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_ ...)
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to re ...)
	NOT-FOR-US: Philex
CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex 0. ...)
	NOT-FOR-US: Philex
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
	NOT-FOR-US: Active Newsletter
CVE-2007-1695
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before 1 ...)
	- yate 1.2.0-1.dfsg-1 (low; bug #421994)
	[etch] - yate <no-dsa> (Minor issue, fringe application)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy Auto ...)
	NOT-FOR-US: Microsoft
CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ActiveG ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL  ...)
	NOT-FOR-US: Norton
CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Calli ...)
	NOT-FOR-US: PhPInfo ActiveX control
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX Im ...)
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36,  ...)
	NOT-FOR-US: BlueCoat
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in sldimd ...)
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the Inc ...)
	NOT-FOR-US: IncrediMail
CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX contr ...)
	NOT-FOR-US: FileManager ActiveX
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java W ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension f ...)
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the N ...)
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP s ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LAN ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and earli ...)
	[sarge] - zoo <no-dsa> (Minor issue)
	[etch] - zoo <no-dsa> (Minor issue)
	- zoo 2.10-19 (bug #424686)
	- unzoo 4.4-7 (bug #424690)
	[sarge] - unzoo <no-dsa> (Minor issue)
	[etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a den ...)
	NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers t ...)
	NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ca ...)
	NOT-FOR-US: Panda
CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1 ...)
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue I ...)
	NOT-FOR-US: IDA Pro
CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1et ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote att ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663 (Memory leak in the image message functionality in ekg before 1:1.7~rc2 ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads pas ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 backtrack ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not  ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows co ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- kazehakase 0.5.2-1
	- pcre3 7.3-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remo ...)
	NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip  ...)
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Au ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX bef ...)
	{DSA-1317-1}
	- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sf ...)
	NOT-FOR-US: ne7ssh
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID e ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows remot ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
	NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap  ...)
	- php5 5.2.2-1
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ro ...)
	- moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 al ...)
	NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 20 ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on Microsof ...)
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management S ...)
	NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows rem ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows remo ...)
	NOT-FOR-US: PortailPHP
CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 an ...)
	NOT-FOR-US: ClassWeb
CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_ ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the chec ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI ...)
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 a ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net Porta ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal Dy ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio Cir ...)
	NOT-FOR-US: Splatt Forum
CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has u ...)
	NOT-FOR-US: webCMS
CVE-2007-1631
	NOT-FOR-US: CLBOX
CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...)
	NOT-FOR-US: Active Link Engine
CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner (S ...)
	NOT-FOR-US: Study planner
CVE-2007-1627
	REJECTED
CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame Mo ...)
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in realGues ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow rem ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5 ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in Activ ...)
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer  ...)
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo R ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2. ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 an ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and  ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in zzi ...)
	{DTSA-56-1}
	- zziplib 0.13.49-0 (bug #436701; low)
	[etch] - zziplib <no-dsa> (Minor issue)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows r ...)
	NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a certai ...)
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Sof ...)
	NOT-FOR-US: NewsGlue
CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Mon ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain po ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Ag ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agor ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attack ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing Contes ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye G ...)
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect authenti ...)
	{DSA-1601-1}
	- wordpress 2.2.2-1 (bug #437085; low)
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 a ...)
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the we ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address  ...)
	NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk doe ...)
	- asterisk 1:1.4.0~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only affects 1.4.x)
	[sarge] - asterisk <not-affected> (Only affects 1.4.x)
CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
	NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertent ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.104 ...)
	NOT-FOR-US: Trend Micro
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 a ...)
	NOT-FOR-US: MNews
CVE-2006-7181
	NOT-FOR-US: Morcego CMS
CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets b ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process Ch ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH fra ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a  ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update  ...)
	- sendmail <not-affected> (Not a program flaw, a DNS error)
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update  ...)
	- sendmail <not-affected> (Debian compiles with FFR_TLS correctly)
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample co ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the operatin ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and boot ...)
	NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows loca ...)
	NOT-FOR-US: Truecrypt
CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling Proc ...)
	NOT-FOR-US: MyServer
CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remo ...)
	NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link  ...)
	NOT-FOR-US: Zyxel
CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.0 ...)
	NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows context-de ...)
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <removed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service (dae ...)
	NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attac ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in Atriu ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows re ...)
	NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0 ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_ ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain co ...)
	NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...)
	NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earl ...)
	NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in Radica ...)
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attacker ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 all ...)
	NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earli ...)
	NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows  ...)
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ( ...)
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote serve ...)
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6  ...)
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559 (Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxi ...)
	NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 charact ...)
	{DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1}
	NOTE: Affects various clients, but no practical security implications
	NOTE: MFSA2007-15
	- icedove 2.0.0.4-1
	- iceape 1.1.2-1
	- fetchmail 6.3.8-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	- mailfilter 0.8.2-1 (unimportant)
	- mutt 1.5.18-6 (unimportant)
	NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the
	NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846)
	- balsa 2.3.17-1 (unimportant)
	- claws-mail 2.9.1-1 (unimportant)
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security 6.0 ...)
	NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 al ...)
	NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 bui ...)
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php  ...)
	NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote att ...)
	NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum 0.51 ...)
	NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 all ...)
	NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote att ...)
	NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 a ...)
	NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web  ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio  ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 al ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio Sys ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in server/dia/audi ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in server ...)
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running  ...)
	NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only c ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 an ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX Land ...)
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538
	NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 S ...)
	NOT-FOR-US: Microsoft
CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program be ...)
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user acti ...)
	NOT-FOR-US: Microsoft
CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains a ...)
	NOT-FOR-US: Microsoft
CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same non ...)
	NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included i ...)
	NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather re ...)
	NOT-FOR-US: Microsoft
CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
	NOT-FOR-US: Microsoft
CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote authentic ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox B ...)
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6  ...)
	NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versio ...)
	NOT-FOR-US: NetBSD
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and 5. ...)
	{DSA-1283-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 6:4.4.6-2 (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and e ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8. ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
	NOT-FOR-US: WSN Guest
CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in t ...)
	NOT-FOR-US: Dimension module of phpBB
CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats 0 ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP- ...)
	NOT-FOR-US: PHP-Stats
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 al ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 a ...)
	NOTE: Duplicate of CVE-2007-2297
CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in Cic ...)
	NOT-FOR-US: CcMail
CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4. ...)
	- imp4 4.1.3-4 (medium; bug #415117)
CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb Porta ...)
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX Compan ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the M ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and earl ...)
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 thro ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder k ...)
	NOT-FOR-US: krypt
CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x befo ...)
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_war ...)
	NOT-FOR-US: Oracle Portal
CVE-2007-1505 (Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V1 ...)
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in Fuj ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
	- rhapsody <removed> (medium)
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
	- rhapsody <removed> (medium)
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remo ...)
	NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to overwrit ...)
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote  ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 Act ...)
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows  ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006  ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive  ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote attacker ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Av ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 bef ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal (We ...)
	NOT-FOR-US: WebAPP
CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 be ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder (ak ...)
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in Carbo ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485
	NOT-FOR-US: LIBFtp
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x  ...)
	- php4 <removed> (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9. ...)
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
	NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote attac ...)
	NOT-FOR-US: WBBlog
CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an administrativ ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative  ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read arbitra ...)
	NOT-FOR-US: McGallery
CVE-2007-1477
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Fire ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconn ...)
	- php4 <removed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde P ...)
	{DSA-1406-1}
	- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in H ...)
	{DSA-1406-1}
	- horde3 3.1.4-1 (low; bug #434045)
CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in  ...)
	NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass  ...)
	NOT-FOR-US: Orion-Blog
CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote att ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2 ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (C ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.h ...)
	NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function i ...)
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 all ...)
	NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in Inksc ...)
	- inkscape 0.45.1-1 (medium)
	[etch] - inkscape <not-affected> (Versions prior to 0.45 used loudmouth, which isn't affected)
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows user-assi ...)
	- inkscape 0.45.1-1 (low)
	[etch] - inkscape <no-dsa> (Minor issue)
	[sarge] - inkscape <no-dsa> (Minor issue)
	NOTE: shell code would be prominently inside the file names
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
	NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP befor ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6 ...)
	NOT-FOR-US: WebCreator
CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
	NOT-FOR-US: CARE2X
CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer Uniq ...)
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as use ...)
	NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the  ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement  ...)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a dire ...)
	NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlie ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...)
	NOT-FOR-US: Open Education System
CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for default.as ...)
	NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary f ...)
	- netperf 2.4.3-8 (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the SetSe ...)
	NOT-FOR-US: Oracle Database
CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (P ...)
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows r ...)
	NOT-FOR-US: JGBBS
CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bi ...)
	NOT-FOR-US: MySQL Commander
CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 all ...)
	NOT-FOR-US: X-Ice News System
CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers  ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall allo ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...)
	NOT-FOR-US: phpBB module Add Name
CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote atta ...)
	NOT-FOR-US: ProRat Server
CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remo ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remo ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when servi ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
	NOT-FOR-US: Avant Browser
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger bef ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and  ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to c ...)
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earl ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and  ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote att ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1  ...)
	- pennmush 1.8.2p7-1 (low; bug #436249)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430 (PHP remote file inclusion vulnerability in include/adodb-connection.in ...)
	NOT-FOR-US: ClipShare
CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 all ...)
	- moodle <not-affected>
	NOTE: Security problem with the Windows version
	NOTE: Debian Maintainer and Upstream state that debian is not affected
	NOTE: and the problem is not reproducible there
CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 a ...)
	NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
	NOT-FOR-US: AssetMan
CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attack ...)
	NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2 ...)
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media G ...)
	NOT-FOR-US: DataLife Engine
CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system e-co ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti all ...)
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2  ...)
	NOT-FOR-US: SubDog
CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of servic ...)
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ove ...)
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.ph ...)
	NOT-FOR-US: DekiWiki
CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (ak ...)
	NOT-FOR-US: URLshrink
CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0 ...)
	NOT-FOR-US: PMB Services
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP 5 ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 al ...)
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versio ...)
	- php4 <not-affected> (no mssql extension in Debian)
	- php5 <not-affected> (no mssql extension in Debian)
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal  ...)
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via  ...)
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outpos ...)
	NOT-FOR-US: Vallheru
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has un ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header s ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attac ...)
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in SwDir.d ...)
	NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows rem ...)
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
	NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8. ...)
	{DSA-1330-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2)  ...)
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and  ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 th ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6215e201eb98226837954059f6c99c9aa1c55a9a
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
	NOT-FOR-US: Flat Chat
CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2 ...)
	NOT-FOR-US: Magic CMS
CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows  ...)
	NOT-FOR-US: netForo!
CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.ph ...)
	NOT-FOR-US: WEBO
CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 a ...)
	NOT-FOR-US: dynalias
CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: dynalias
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux k ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0r ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to c ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 all ...)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow context-depend ...)
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ...)
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP b ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before 4.4 ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP befo ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, N ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <removed>
	- php5 5.2.0-11
	NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and earli ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz F ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport  ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php  ...)
	NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
	- conquest 8.2b-1 (low)
	[sarge] - conquest <no-dsa> (Minor issue)
	[etch] - conquest <no-dsa> (Minor issue)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4 ...)
	NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya Co ...)
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the divis ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows rem ...)
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain privi ...)
	NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow  ...)
	NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-14
	- iceape 1.1.2-1 (low)
	- iceweasel 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in V ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x befo ...)
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlie ...)
	- libapache-mod-security 2.1.2-1
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before  ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	REJECTED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the appdev/samp ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Just an example application for documentation purposes
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX Co ...)
	NOT-FOR-US: JBoss Application Server
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont b ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
	{DSA-1454-1 DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
	- freetype 2.3.5-1 (medium; bug #426771)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 al ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mo ...)
	- apache <removed> (low)
	- libapache2-mod-perl2 2.0.2-5 (low; bug #433549)
	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-1348
	REJECTED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and p ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA (Co ...)
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 a ...)
	NOT-FOR-US: Ezstream
CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does  ...)
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelso ...)
	NOT-FOR-US: vBulletin
CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not us ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz N ...)
	NOT-FOR-US: News-Letterman
CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management Applicati ...)
	NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort Extr ...)
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 d ...)
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Bank ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Sol ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.1 ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before  ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard  ...)
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-serv ...)
	NOT-FOR-US: silc daemon
CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows r ...)
	- serendipity <removed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in php ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b81f9a364c2a2204e6acbdff5b71e6cc6daead1e
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u ...)
	NOT-FOR-US: SnapGear
CVE-2007-1323
	REJECTED
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing t ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region f ...)
	{DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
	- xen-3 3.1.0-2 (bug #444007; medium)
	- xen-3.0 <removed>
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in t ...)
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly va ...)
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated u ...)
	NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before  ...)
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attacker ...)
	{DSA-1358-1}
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sav ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earli ...)
	NOT-FOR-US: RRDBrowse
CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable Enterpri ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier v ...)
	NOT-FOR-US: ISPUtil
CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats Rea ...)
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows rem ...)
	NOT-FOR-US: AJ Auction
CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
	NOT-FOR-US: AJ Dating
CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds 1. ...)
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows  ...)
	NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in D ...)
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ma ...)
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin befo ...)
	NOT-FOR-US: vBulletin
CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Track ...)
	NOT-FOR-US: TygerBT
CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking Sy ...)
	NOT-FOR-US: TygerBT
CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking Syst ...)
	NOT-FOR-US: TygerBT
CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News  ...)
	NOT-FOR-US: WB News
CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted  ...)
	NOT-FOR-US: DreameeSoft Password Master
CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files co ...)
	- putty 0.59-1 (bug #400804; unimportant)
	NOTE: Unsafe default, but not a vulnerability
	NOTE: Sensitive operations like key generation should only be done in private home
CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows  ...)
	NOT-FOR-US: Hazir Site
CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earli ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in BTI ...)
	NOT-FOR-US: BTI-Tracker
CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle Application Express
CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-as ...)
	NOT-FOR-US: Google Earth
CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in Keywo ...)
	NOT-FOR-US: miniBB module Keyword Replacer
CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via certai ...)
	NOT-FOR-US: Iono
CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote attack ...)
	NOT-FOR-US: ASP-Nuke Community
CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library (liblt ...)
	- libtool <not-affected> (Specific to Fedora build)
CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote att ...)
	NOT-FOR-US: Mambo
CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x all ...)
	NOT-FOR-US: Mambo
CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...)
	NOT-FOR-US: phpBB module maluinfo
CVE-2006-7147 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: phpBB module Import Tools
CVE-2006-7146
	NOT-FOR-US: communityPortals
CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote a ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier a ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93  ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores hard-c ...)
	NOT-FOR-US: Utimaco Safeguard
CVE-2006-7141
	NOT-FOR-US: Oracle Database
CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun Solar ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, al ...)
	- kdepim <unfixed> (unimportant)
	NOTE: Annoying bug, but neglectable "security implications"
CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in th ...)
	NOT-FOR-US: Oracle APEX
CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 al ...)
	NOT-FOR-US: TinyPortal
CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in PH ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and  ...)
	- php4 <removed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows  ...)
	- php5 5.2.2-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey  ...)
	{DSA-1336-1}
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux  ...)
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and  ...)
	NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 upda ...)
	NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updat ...)
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites d ...)
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in  ...)
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0be ...)
	NOT-FOR-US: PHPMyDesk
CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2. ...)
	NOT-FOR-US: Jinzora
CVE-2006-7130 (PHP remote file inclusion vulnerability in backend/primitives/cache/me ...)
	NOT-FOR-US: Jinzora
CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versi ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and  ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 al ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in BS ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup func ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote at ...)
	NOT-FOR-US: Linksys SPA-921
CVE-2006-7120
	NOT-FOR-US: OSL maintain
CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php i ...)
	NOT-FOR-US: PHPGiggle
CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine Manag ...)
	NOT-FOR-US: DMXReady Site Engine Manager
CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier  ...)
	NOT-FOR-US: Kubix
CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...)
	NOT-FOR-US: Kubix
CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attacker ...)
	NOT-FOR-US: PHPKit
CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with insuffi ...)
	NOT-FOR-US: P-News
CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote att ...)
	NOT-FOR-US: P-News
CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ea ...)
	NOT-FOR-US: MD-Pro
CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ear ...)
	NOT-FOR-US: KMail CGI
CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE befor ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal mo ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1:1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before 2006 ...)
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attac ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows  ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ...)
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...)
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd argu ...)
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...)
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd argu ...)
	- enigmail 2:0.95.0+1-1 (unimportant; bug #415225)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the comm ...)
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
	[sarge] - gnupg2 <no-dsa> (Minor issue)
	[etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before 0 ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in server.cp ...)
	NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unk ...)
	NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
	NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
	NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address b ...)
	- iceweasel <removed> (unimportant)
	NOTE: Not exploitable
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connecti ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Board ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script f ...)
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 17 ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ntserv/warn ...)
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning M ...)
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 do ...)
	NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News M ...)
	NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNe ...)
	NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service (a ...)
	NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication an ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3  ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins Audien ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0. ...)
	NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows  ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive informat ...)
	NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a re ...)
	NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote attacker ...)
	NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow rem ...)
	NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in STWC ...)
	NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1 ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServ ...)
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 al ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissio ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy 4 ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL  ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows  ...)
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by  ...)
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attac ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not pro ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin Ph ...)
	NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as  ...)
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216 (Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5un ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows loc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	REJECTED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ( ...)
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	REJECTED
CVE-2007-1207
	REJECTED
CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2,  ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1200
	RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read arbitrar ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 al ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unkn ...)
	NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for Win ...)
	NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow r ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt De ...)
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM be ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive informati ...)
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes us ...)
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX contro ...)
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell L ...)
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
	NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, w ...)
	NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
	NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setti ...)
	NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof anoth ...)
	NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profil ...)
	NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the usern ...)
	NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
	NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in cer ...)
	NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts relate ...)
	NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in c ...)
	NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0 ...)
	NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 2 ...)
	NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service (X ...)
	NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05 ...)
	NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0. ...)
	NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25,  ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 2 ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ear ...)
	NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows remot ...)
	NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1  ...)
	NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1 ...)
	NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and e ...)
	NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ( ...)
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call Cen ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when auth ...)
	- util-linux 2.17.2-9 (unimportant)
	NOTE: likely fixed far before this, which is the version in squeeze that was checked
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent S ...)
	NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power Ph ...)
	NOT-FOR-US: Power Phlogger
CVE-2006-7105
	- smarty <not-affected> (described vulnerability never existed)
CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the Cha ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 an ...)
	NOT-FOR-US: EZOnlineGallery
CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...)
	NOT-FOR-US: phpBurningPortal quiz-modul
CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier  ...)
	NOT-FOR-US: PHPWind
CVE-2006-7100 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: phpBB Insert User
CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows remo ...)
	NOT-FOR-US: SolarPay
CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
	- apache 1.3.34-4.1 (low; bug #357561)
CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have u ...)
	NOT-FOR-US: TaskFreak!
CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in  ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7095 (Integer signedness error in the network_receive_packet function in soc ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the effectiv ...)
	- linux-ftpd 0.17-23 (bug #384454; low)
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows r ...)
	NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Ty ...)
	- viewvc 0.9.4+svn20060318-1 (low)
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
	- viewvc 0.9.4+svn20060318-1 (low)
	NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this
	NOTE: has been fixed in cvs for 0.9.3
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
	- libapache2-mod-python 3.2.8-1 (low)
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the 802.1 ...)
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to  ...)
	NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in Pyropho ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...)
	NOT-FOR-US: Pagesetter
CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAda ...)
	NOT-FOR-US: JBoss
CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access c ...)
	NOT-FOR-US: JBrowser
CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote authe ...)
	NOT-FOR-US: webSPELL
CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to exe ...)
	NOT-FOR-US: webSPELL
CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 all ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote  ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote au ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remo ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCM ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remo ...)
	NOT-FOR-US: hbm
CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost al ...)
	NOT-FOR-US: arabhost
CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Nav ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigat ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allo ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News P ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote a ...)
	NOT-FOR-US: pheap
CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla P ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromos ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts  ...)
	NOT-FOR-US: Putmail
CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to  ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alph ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown i ...)
	NOT-FOR-US: Watchtower
CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 al ...)
	NOT-FOR-US: FCRing
CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us ...)
	NOT-FOR-US: MTCMS
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis Foru ...)
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gaste ...)
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow r ...)
	NOT-FOR-US: MTCMS
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus a ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows re ...)
	NOT-FOR-US: xtcommerce
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Sim ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple one ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...)
	NOT-FOR-US: ZPanel
CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions  ...)
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management Supp ...)
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 a ...)
	NOT-FOR-US: eFiction
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI  ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset fr ...)
	NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default  ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe meth ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar  ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ActiveCalend ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1 ...)
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schn ...)
	NOT-FOR-US: CS-Gallery
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo Gall ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106 (PHP remote file inclusion vulnerability in includes/functions_nomoketo ...)
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ph ...)
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module Imple ...)
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, whic ...)
	- tor <unfixed> (unimportant)
	NOTE: Minor issue, just puts more noise on the node
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Photostand
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2. ...)
	NOT-FOR-US: Photostand
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan Pickl ...)
	NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
	- dropbear 0.49-1 (unimportant; bug #412899)
	[etch] - dropbear 0.48.1-2 (unimportant)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unk ...)
	NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function i ...)
	NOT-FOR-US: Wiclear
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart  ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low; bug #445514)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-30
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ( ...)
	NOT-FOR-US: Network Node Manager
CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow  ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote user-a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local u ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9. ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not pr ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 befor ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows remo ...)
	NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...)
	- iceweasel <removed> (unimportant; bug #556268)
	- iceape <removed> (unimportant)
	- epiphany-browser <unfixed> (unimportant; bug #556272)
	NOTE: only epiphany-gecko backend affected
	- galeon 2.0.7-2 (unimportant; bug #556270)
	- kazehakase 0.5.8-2 (bug #556271)
	[lenny] - kazehakase 0.5.4-2lenny1
	- conkeror <not-affected> (doesn't support bookmarks)
	- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX contr ...)
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allo ...)
	NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5,  ...)
	- typo3-src 4.0.5+debian-1
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow  ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0 ...)
	NOT-FOR-US: FTP Voyager
CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScrip ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2. ...)
	NOT-FOR-US: UserPages2
CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ser ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allo ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows r ...)
	NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911 ...)
	NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple Ma ...)
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attack ...)
	NOT-FOR-US: VMware
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ( ...)
	NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7 ...)
	NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and  ...)
	NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendS ...)
	NOT-FOR-US: SendStudio
CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fu ...)
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Build ...)
	NOT-FOR-US: Online Web Building
CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application Swi ...)
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user restric ...)
	NOT-FOR-US: VMware
CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053
	NOT-FOR-US: phpXmms
CVE-2007-1052
	NOT-FOR-US: PBLang
CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ab ...)
	NOT-FOR-US: MyCalendar
CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...)
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC)  ...)
	- dcc <removed> (medium; bug #439718)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a direc ...)
	NOT-FOR-US: Dem_trac
CVE-2007-1045 (mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrat ...)
	NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list th ...)
	NOT-FOR-US: PowerSchool
CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass auth ...)
	NOT-FOR-US: Ezboo
CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News (X-New ...)
	NOT-FOR-US: Xpression News
CVE-2007-1041 (Multiple stack-based buffer overflows in S&amp;H Computer Systems News ...)
	NOT-FOR-US: News Rover
CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News (X ...)
	NOT-FOR-US: Xpression News
CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 an ...)
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: Grabit
CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier a ...)
	NOT-FOR-US: News File Grabber
CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Securi ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5 ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht Topsite ...)
	NOT-FOR-US: Topsites FREE
CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...)
	NOT-FOR-US: phpBB Security
CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote  ...)
	NOT-FOR-US: Ban
CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4  ...)
	NOT-FOR-US: Simple PHP Forum
CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...)
	NOT-FOR-US: Dotdeb PHP
CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remot ...)
	NOT-FOR-US: Hot Links
CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers t ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7084
	REJECTED
CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers t ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allo ...)
	NOT-FOR-US: PhpNews
CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 2.0.4. ...)
	NOT-FOR-US: exV2
CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional Ho ...)
	NOT-FOR-US: Professional Home Page Tools Login Script
CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced  ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for A ...)
	- aqualung 0.9~beta6-1 (medium)
CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authen ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod b ...)
	NOT-FOR-US: Opentools Attachment Mod
CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise  ...)
	NOT-FOR-US: GeoClassifieds Enterprise
CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision P ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7070 (Unrestricted file upload vulnerability in manager/media/ibrowser/scrip ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in Socket ...)
	NOT-FOR-US: Socketwiz Bookmarks
CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65  ...)
	NOT-FOR-US: CliServ Web Community
CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to t ...)
	NOT-FOR-US: Oracle
CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invisi ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 a ...)
	NOT-FOR-US: TinyPHPforum
CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows r ...)
	NOT-FOR-US: Kamgaing Email System
CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before  ...)
	NOT-FOR-US: Sphider
CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c all ...)
	NOT-FOR-US: Sphider
CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAd ...)
	NOT-FOR-US: HostAdmin
CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar  ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1  ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For Ar ...)
	NOT-FOR-US: DotWidget
CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...)
	- linux-2.6 2.6.23-1 (low)
	[etch] - linux-2.6 <no-dsa> (Design limitation, use resource limits if it poses a problem)
CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) bef ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the s ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5  ...)
	NOT-FOR-US: Claroline
CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP  ...)
	NOT-FOR-US: Shoutpro
CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php  ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1. ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in Cla ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogge ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in Chi ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allow ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security feat ...)
	NOT-FOR-US: MathCAD
CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...)
	NOT-FOR-US: Andy's Chat
CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link  ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange Sc ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...)
	NOT-FOR-US: FlashBB
CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote att ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers  ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers  ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allo ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs un ...)
	NOT-FOR-US: Microsoft ISA
CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in Aardvar ...)
	NOT-FOR-US: Topsites PHP
CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and  ...)
	NOT-FOR-US: Bookmark4U
CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...)
	NOT-FOR-US: VirtueMart
CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to  ...)
	NOT-FOR-US: CheckPoint Firewall
CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smt ...)
	NOT-FOR-US: QwikMail SMTP
CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a d ...)
	NOT-FOR-US: SonicWALL
CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: SafeNet VPN
CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allo ...)
	NOT-FOR-US: PGPFreeware
CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cau ...)
	NOT-FOR-US: NetScreen-Remote
CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...)
	NOT-FOR-US: FreeBSD
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg 2.2.3.dfsg.1-2 (low; bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	[sarge] - apg <no-dsa> (Minor issue)
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd 0.9~r1586-1 (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new 1:2.5.2-1 (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
	- pure-ftpd 1.0.21-1 (low)
	NOTE: oldstable is affected
CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce funct ...)
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
	NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 1 ...)
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...)
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x ...)
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs  ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a  ...)
	- libevent <not-affected> (vulnerable version 1.2 was never uploaded)
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 compone ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pag ...)
	NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux a ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier al ...)
	NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in VS ...)
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's  ...)
	NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3. ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allo ...)
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News  ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31  ...)
	NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when regi ...)
	NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in VirtualSy ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in Virtua ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remo ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber  ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote attack ...)
	NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in VirtualSyst ...)
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 a ...)
	NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in VS-Gas ...)
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0,  ...)
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallSc ...)
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a de ...)
	NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows r ...)
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the gm_main_window_flash_mes ...)
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in  ...)
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and p ...)
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.0.4-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555
CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList functio ...)
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in calendar/gui ...)
	{DSA-1325-1}
	- evolution 2.10.2-1
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp func ...)
	- libgd2 2.0.33-1 (medium)
	NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2.
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other version ...)
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly oth ...)
	- xen-3.0 <removed> (bug #436250; medium)
	[etch] - xen-3.0 <unfixed>
	NOTE: Fedora disabled the VNC access to the Qemu monitor
	NOTE: An adjusted patch has been sent to the debian bugreport
CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel 2. ...)
	- linux-2.6 2.6.18-1
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0 ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey  ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x befor ...)
	{DSA-1336-1}
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	REJECTED
CVE-2007-0992
	REJECTED
CVE-2007-0991
	REJECTED
CVE-2007-0990
	REJECTED
CVE-2007-0989
	REJECTED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4 ...)
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 al ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1. ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earl ...)
	NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
	NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Conten ...)
	NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0. ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x befo ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for S ...)
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2 ...)
	NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain pr ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx ...)
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before  ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0. ...)
	NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ju ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in Jup ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remo ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and e ...)
	NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.2 ...)
	NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) bef ...)
	NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remot ...)
	NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the H ...)
	NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to u ...)
	NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to  ...)
	NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4 ...)
	NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5 ...)
	NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Securit ...)
	NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when conf ...)
	NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ka ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote att ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professiona ...)
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
	NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 an ...)
	NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net V ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsit ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.0 ...)
	NOT-FOR-US: iTinySoft
CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Wind ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Win ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	REJECTED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object Mo ...)
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content Manageme ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does  ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	REJECTED
CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow rem ...)
	NOT-FOR-US: Microsoft
CVE-2007-0935
	REJECTED
CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote user-a ...)
	NOT-FOR-US: Microsoft
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ( ...)
	NOT-FOR-US: D-Link
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Al ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba M ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 allo ...)
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with  ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to  ...)
	NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows r ...)
	NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx  ...)
	NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obta ...)
	NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in P ...)
	NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrar ...)
	NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 a ...)
	NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ser ...)
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System (IP ...)
	NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to  ...)
	NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote user-a ...)
	NOT-FOR-US: Microsoft
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
	NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1  ...)
	NOT-FOR-US: fx-APP
CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepre ...)
	NOT-FOR-US: fx-APP
CVE-2006-7021 (PHP remote file inclusion vulnerability in manager/tools/link/dbinstal ...)
	NOT-FOR-US: Plume CMS
CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
	NOT-FOR-US: phpwcms
CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attac ...)
	NOT-FOR-US: phpwcms
CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attac ...)
	NOT-FOR-US: phpwcms
CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 all ...)
	NOT-FOR-US: Indexu
CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain  ...)
	NOT-FOR-US: Jobline
CVE-2006-7015
	NOT-FOR-US: Jobline
CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a us ...)
	NOT-FOR-US: BloggIT
CVE-2006-7013
	NOT-FOR-US: Simple Machine Forum
CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: SCart
CVE-2006-7011
	NOT-FOR-US: FlashChat
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
	NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
	- php5 5.2.2-1 (bug #410561; bug #410995; medium)
	[etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and  ...)
	{DSA-1264-1}
	- php5 5.2.0-9
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	NOTE: this extension is not enabled by default in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a denia ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
	- php5 5.2.0-9 (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows  ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd be ...)
	- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature  ...)
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in M ...)
	- moin 1.5 (bug #411084; medium)
	NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard  ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 (There is a possible heap overflow in libclamav/fsg.c before 0.100.0. ...)
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav 0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV be ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav 0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav 0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10 ...)
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a de ...)
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2)  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ...)
	- mediawiki <removed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows re ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote  ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPa ...)
	NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible enco ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools  ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials ...)
	NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows rem ...)
	NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject. ...)
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows rem ...)
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in portalgroups/portalgroups/getfile ...)
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root  ...)
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows u ...)
	NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows Mo ...)
	NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital  ...)
	NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image Galler ...)
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875
	NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ac ...)
	NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) add ...)
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File Host ...)
	NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set  ...)
	NOT-FOR-US: Joomla!
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend su ...)
	NOT-FOR-US: Joomla!
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact  ...)
	NOT-FOR-US: Joomla!
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers t ...)
	NOT-FOR-US: Tiny FTPd
CVE-2006-7006
	NOT-FOR-US: Somery
CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote a ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY A ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion P ...)
	NOT-FOR-US: Fusion Polls
CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatbl ...)
	NOT-FOR-US: Wheatblog
CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9  ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers  ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote a ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable Sta ...)
	NOT-FOR-US: MailEnable
CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1 ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain pr ...)
	NOT-FOR-US: V3 Chat
CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...)
	NOT-FOR-US: OzzyWork Gallery
CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neu ...)
	NOT-FOR-US: Neuron Blog
CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ema ...)
	- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager (ad ...)
	NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! Mes ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in Site-As ...)
	NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on HP- ...)
	NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and earl ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allo ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863
	NOT-FOR-US: Trevorchan
CVE-2007-0862
	NOT-FOR-US: gnopaste
CVE-2007-0861
	NOT-FOR-US: phpCOIN
CVE-2007-0860
	NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the sys ...)
	NOT-FOR-US: Palm OS Treo
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attack ...)
	NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attac ...)
	NOT-FOR-US: Fast Browser Pro
CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attac ...)
	NOT-FOR-US: Enigma Browser
CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows  ...)
	NOT-FOR-US: NetCaptor
CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remot ...)
	NOT-FOR-US: Slim Browser
CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
	NOT-FOR-US: FineBrowser Freeware
CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers t ...)
	NOT-FOR-US: PhaseOut
CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote att ...)
	NOT-FOR-US: Maxthon
CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote atta ...)
	NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote  ...)
	NOT-FOR-US: MYweb4net Browser
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (R ...)
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR an ...)
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge] - rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[sarge] - unrar-nonfree 1:3.5.2-0.2
	[etch] - unrar-nonfree 1:3.5.4-1.1
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel Web ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers  ...)
	NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
	NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before  ...)
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and execut ...)
	NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly q ...)
	NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php  ...)
	NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server C ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Se ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVC ...)
	NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have u ...)
	NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
	NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in index/index_albu ...)
	NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a den ...)
	NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
	NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows rem ...)
	NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...)
	NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the availab ...)
	NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in A ...)
	NOT-FOR-US: Atsphp
CVE-2007-0830
	NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a c ...)
	NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in MyS ...)
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote  ...)
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows r ...)
	NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of s ...)
	NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1 ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been display ...)
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux 1 ...)
	- util-linux <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailP ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE Po ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assi ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web serve ...)
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associat ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapp ...)
	NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
	NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production MySearchEn ...)
	NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB)  ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Wi ...)
	NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in Gee ...)
	NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows re ...)
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7. ...)
	NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local us ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
	NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote attacke ...)
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
	- iceweasel 2.0.0.16-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked  ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allow ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1. ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in bluev ...)
	NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, all ...)
	NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal Serve ...)
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in GlobalMeg ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.2 ...)
	- bugzilla 2.22.1-2.1 (bug #409824; low)
	[etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor impact)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP serv ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote attack ...)
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9 ...)
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple In ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie  ...)
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in Flipsou ...)
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond  ...)
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0 ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...)
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x befo ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x befor ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla  ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function (native/ ...)
	- libapache-mod-jk 1:1.2.21-1 (medium)
	[sarge] - libapache-mod-jk <not-affected>
	[etch] - libapache-mod-jk <not-affected>
	NOTE: affects only 1.2.19 and 1.2.20
CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...)
	- linux-2.6 2.6.12-1
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remo ...)
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows  ...)
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c i ...)
	{DSA-1903-1 DSA-1858-1 DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	- graphicsmagick 1.1.7-14 (bug #417862; medium)
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic au ...)
	- 3proxy <itp> (bug #718219)
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows  ...)
	- 3proxy <itp> (bug #718219)
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a  ...)
	- amarok 1.4.4-4 (bug #410850; unimportant)
	NOTE: This could only be exploited through the Magnatune shop
CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...)
	- amarok 1.4.4-1 (bug #410850; low)
	[sarge] - amarok <not-affected> (Vulnerable code not present)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selecti ...)
	NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selecti ...)
	NOT-FOR-US: FreeTextBox
CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in Cent ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6975
	NOT-FOR-US: CentiPaid
CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for certai ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows  ...)
	NOT-FOR-US: BtitTracker
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows rem ...)
	- iceweasel <not-affected> (Windows only)
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud Protectio ...)
	NOT-FOR-US: Opera
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 befo ...)
	- jetty 5.1.10-4 (medium; bug #445283)
	NOTE: http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52&r2=1.53&view=patch
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions befo ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when th ...)
	- libpam-ssh 1.91.0-9.2 (bug #410236; low)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[sarge] - libpam-ssh <no-dsa> (Minor issue)
CVE-2007-0769
	NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact Det ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before  ...)
	NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows u ...)
	NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03  ...)
	NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier allow ...)
	NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment functiona ...)
	NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in p ...)
	NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...)
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by verif ...)
	NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remot ...)
	NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24  ...)
	NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes C ...)
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...)
	NOT-FOR-US: Apple
CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...)
	NOT-FOR-US: Apple
CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 a ...)
	NOT-FOR-US: Apple
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in pr ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration fil ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 throu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display fil ...)
	NOT-FOR-US: Apple
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the so ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not displa ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not prop ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 throu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base  ...)
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB Fi ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through  ...)
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	REJECTED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for DirectoryS ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allo ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3. ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to caus ...)
	- cups 1.2.7-1 (bug #434734; low)
	- cupsys 1.2.7-1 (bug #434734; low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through  ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Wi ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows rem ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall)  ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall)  ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assi ...)
	NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Exp ...)
	NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and P ...)
	NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...)
	NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in  ...)
	NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0. ...)
	NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epist ...)
	NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain Por ...)
	NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in Gu ...)
	NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier all ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to chan ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Port ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 a ...)
	NOT-FOR-US: DGNews
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...)
	NOT-FOR-US: DGNews
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: DGNews
CVE-2007-0691
	REJECTED
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: myEvent
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation contr ...)
	NOT-FOR-US: Phorum
CVE-2006-6967
	REJECTED
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the in ...)
	NOT-FOR-US: phpGraphy
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allo ...)
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys)  ...)
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 20 ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Port ...)
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in O ...)
	NOT-FOR-US: Omegaboard
CVE-2007-0682 (PHP remote file inclusion vulnerability in theme/include_mode/template ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ch ...)
	NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in P ...)
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nico ...)
	NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting  ...)
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Brows ...)
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech C ...)
	NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and  ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp; Desktops  ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers t ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local us ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local us ...)
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ...)
	- sql-ledger <unfixed> (bug #409703; unimportant)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute  ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007  ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver
	NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile ...)
	NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC),  ...)
	NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before 0 ...)
	NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for M ...)
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module f ...)
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to r ...)
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in p ...)
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies  ...)
	NOT-FOR-US: MicroWorld
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-ass ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ot ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professi ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Prof ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2 ...)
	NOT-FOR-US: OpenEMR
CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
	NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-as ...)
	NOT-FOR-US: AppleKit
CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Ma ...)
	NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assiste ...)
	NOT-FOR-US: iPhoto
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remot ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-a ...)
	NOT-FOR-US: Bloodshed Dev-C++
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU scri ...)
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0  ...)
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack v ...)
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY 4 ...)
	NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
	NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact a ...)
	NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6  ...)
	NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows rem ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633 (PHP remote file inclusion vulnerability in include/themes/themefunc.ph ...)
	NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
	NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not p ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password argumen ...)
	NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal befo ...)
	- drupal 4.7.6-1
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validat ...)
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the  ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulleti ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ar ...)
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zen ...)
	NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Manage ...)
	NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...)
	NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...)
	NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vis ...)
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CM ...)
	NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows r ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores gl ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced Gu ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3 ...)
	NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over  ...)
	NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro Vir ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newspo ...)
	NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4 ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allo ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek For ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Si ...)
	NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with in ...)
	NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with in ...)
	NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows re ...)
	NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An V ...)
	NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre  ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quickti ...)
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals  ...)
	NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php i ...)
	NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander  ...)
	NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows re ...)
	NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB  ...)
	NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
	NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
	NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows remot ...)
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ACGVcli ...)
	NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats  ...)
	NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login pag ...)
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in  ...)
	NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in D ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
	NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes G ...)
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote at ...)
	NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in M ...)
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in Interactive-S ...)
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earli ...)
	NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) befor ...)
	NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Se ...)
	NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP  ...)
	NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2  ...)
	NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier a ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 all ...)
	NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in In ...)
	NOT-FOR-US: vHostAdmin
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature  ...)
	NOT-FOR-US: Cisco
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ori ...)
	NOT-FOR-US: rPath
CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8 ...)
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8. ...)
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
	NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php i ...)
	NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in install/default/error404.h ...)
	NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
	NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard  ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root wi ...)
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root  ...)
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web r ...)
	NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestb ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitr ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwi ...)
	{DSA-1564-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote att ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Telligent
CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not p ...)
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop supplementa ...)
	NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and K ...)
	NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive informat ...)
	NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeW ...)
	NOT-FOR-US: FreeWebShop
CVE-2007-0530
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the admini ...)
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications (ak ...)
	NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.log ...)
	NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (Min ...)
	NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
	NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Nokia
CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a deni ...)
	NOT-FOR-US: Motorola
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cau ...)
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allo ...)
	NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Insta ...)
	NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive inform ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the  ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with pe ...)
	NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remot ...)
	NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitach ...)
	NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64) ...)
	NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 0 ...)
	NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD ...)
	NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ...)
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unk ...)
	NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4 ...)
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0  ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4 ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and p ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 bef ...)
	NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows  ...)
	NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum Too ...)
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in Bra ...)
	NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim p ...)
	NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
	NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in Upload-Se ...)
	NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs  ...)
	NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in P ...)
	NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01 ...)
	NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpe ...)
	NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in includes/functions.visohotl ...)
	NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Q ...)
	NOT-FOR-US: Huawei
CVE-2007-0487
	NOT-FOR-US: FreeForum
CVE-2007-0486
	NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
	NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote  ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1  ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 al ...)
	NOT-FOR-US: Sun
CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Cisco
CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does  ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.1 ...)
	NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2 ...)
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4 ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoer ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not fixed in 0.8.0, see
	NOTE: https://web.archive.org/web/20070712072042/http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 d ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to (1 ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03- ...)
	- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
	NOT-FOR-US: MailEnable
CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...)
	NOT-FOR-US: Docebo
CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the  ...)
	NOT-FOR-US: RS Gallery2
CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2. ...)
	NOT-FOR-US: phpBlueDragon CMS
CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php i ...)
	NOT-FOR-US: Docebo
CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service (applicatio ...)
	NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service  ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
	NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager c ...)
	NOT-FOR-US: GlobeTrotter Mobility Manager
CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers (1 ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allow ...)
	NOT-FOR-US: Cisco
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy  ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClo ...)
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...)
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
	- mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
	NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 do ...)
	- libgems-ruby 0.9.3-1 (low; bug #408299)
	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (M ...)
	NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin gro ...)
	NOT-FOR-US: Apple
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 al ...)
	NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4. ...)
	NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 o ...)
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktim ...)
	NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before 2. ...)
	- dazuko-source <removed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and  ...)
	- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.9 ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (f ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly  ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Grap ...)
	{DSA-1936-1}
	- libgd2 2.0.35.dfsg-1 (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 throug ...)
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users  ...)
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.23-1 (unimportant)
	NOTE: This only adds an additional control settings for path delimiters, the
	NOTE: necessary proxies still need to be secured or fixed individually (e.g.
	NOTE: as done for mod_jk in a DSA
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Ba ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI h ...)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Sym ...)
	NOT-FOR-US: Symantec
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Merc ...)
	NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand Scann ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
	NOT-FOR-US: Citrix
CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in Gracen ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impa ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample Cach ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS14 ...)
	NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in Sitefram ...)
	NOT-FOR-US: siteframe
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 thr ...)
	NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject m ...)
	NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote a ...)
	NOT-FOR-US: AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ea ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed w ...)
	NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for W ...)
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered e ...)
	NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 thro ...)
	NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
	NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
	NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
	NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allow ...)
	NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to  ...)
	NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache  ...)
	NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and  ...)
	NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce acce ...)
	NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 thro ...)
	NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a bac ...)
	NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1  ...)
	NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when  ...)
	NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
	NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate cli ...)
	NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, an ...)
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in E ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Ea ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Si ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in A ...)
	NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog a ...)
	NOT-FOR-US: Odysseus Blog
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 all ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in My ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allow ...)
	NOT-FOR-US: JVN
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS)  ...)
	NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in c ...)
	NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in libraries/grab_globals.lib. ...)
	NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file descriptor ...)
	NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors be ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of BitDe ...)
	NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
	NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS)  ...)
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board (wB ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks com ...)
	NOT-FOR-US: Joomla!
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has  ...)
	NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain se ...)
	NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews sec ...)
	NOT-FOR-US: PostNuke
CVE-2007-0383
	NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the L ...)
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote  ...)
	NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remo ...)
	NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attacke ...)
	NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote at ...)
	NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows re ...)
	NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Joomla!
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2 ...)
	- mambo 4.6.1-5 (bug #407995; low)
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow rem ...)
	NOT-FOR-US: Joomla!
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ( ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.20 ...)
	NOT-FOR-US: phpBP
CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows re ...)
	NOT-FOR-US: phpBP
CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local  ...)
	NOT-FOR-US: mbse
CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and dire ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows l ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...)
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com I ...)
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote attacker ...)
	NOT-FOR-US: VirtueMart
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Op ...)
	NOT-FOR-US: Openads
CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in  ...)
	NOT-FOR-US: FreshReader
CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphoru ...)
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2 ...)
	NOT-FOR-US: Oreon
CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey C ...)
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP Jetdi ...)
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz ...)
	NOT-FOR-US: AVM
CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Ac ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Ma ...)
	NOT-FOR-US: Apple
CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0 ...)
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) logi ...)
	NOT-FOR-US: myBloggie
CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle us ...)
	NOT-FOR-US: Microsoft
CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
	NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com INDE ...)
	NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not prope ...)
	- cvstrac 2.0.1-1
	[etch] - cvstrac <not-affected> (Vulnerable code not present)
	[sarge] - cvstrac <not-affected> (Vulnerable code not present)
	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
	NOTE: are done like using %q instead of %s for user supplied data
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
	NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain A ...)
	NOT-FOR-US: Apple
CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2)  ...)
	- colloquy <removed>
CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: OpenBSD
CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple WebKit
CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earli ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84 ...)
	NOT-FOR-US: ThWboard
CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in Scrip ...)
	NOT-FOR-US: FileMailer
CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
	NOT-FOR-US: KGB
CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows loca ...)
	NOT-FOR-US: Rixstep
CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book 1.0. ...)
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and SIP ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access r ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques  ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynami ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch  ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote attac ...)
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in Macrov ...)
	NOT-FOR-US: Macrovision
CVE-2007-0327
	RESERVED
CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...)
	NOT-FOR-US: PNI Digital Media Photo Upload
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in befor ...)
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion (RIM ...)
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online  ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in isusweb ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ActiveEmailTest.Em ...)
	NOT-FOR-US: Motive ActiveEmailTest
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-depende ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla be ...)
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote att ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System 1 ...)
	NOT-FOR-US: Article System
CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) befo ...)
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ins ...)
	NOT-FOR-US: wcSimple
CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier al ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates differen ...)
	NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in Franci ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before  ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in Popla ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
	NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon S ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 al ...)
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have u ...)
	NOT-FOR-US: Zina
CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1. ...)
	NOT-FOR-US: InstantASP
CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in Fd ...)
	NOT-FOR-US: FdWeB
CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1. ...)
	NOT-FOR-US: TLM CMS
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byt ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
	NOT-FOR-US: LunarPoll
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/663eb2b85ed30c1226c5d617bb06c5afe1d3caf5
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full s ...)
	- phpmyadmin 4:2.9.1.1-2 (unimportant)
	NOTE: Only path disclosure
CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin befo ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/59d245f36ab4e0b8a49c44b1f9045fc9aef939b2
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to  ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
	NOT-FOR-US: OWA
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Twilight Webserver
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...)
	NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...)
	NOT-FOR-US: Oracle
CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...)
	NOT-FOR-US: Oracle
CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has un ...)
	NOT-FOR-US: Oracle
CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has un ...)
	NOT-FOR-US: Oracle
CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and  ...)
	NOT-FOR-US: Oracle
CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Col ...)
	NOT-FOR-US: Oracle
CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...)
	NOT-FOR-US: Oracle
CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9. ...)
	NOT-FOR-US: Oracle
CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...)
	NOT-FOR-US: Oracle
CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has  ...)
	NOT-FOR-US: Oracle
CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9. ...)
	NOT-FOR-US: Oracle
CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartrid ...)
	NOT-FOR-US: Oracle
CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10 ...)
	NOT-FOR-US: Oracle
CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has u ...)
	NOT-FOR-US: Oracle
CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10 ...)
	NOT-FOR-US: Oracle
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal  ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal S ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ca ...)
	NOT-FOR-US: Winzip
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows user- ...)
	NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify t ...)
	{DTSA-33-1}
	- wordpress 2.0.8-1 (bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when auth ...)
	NOT-FOR-US: sNews
CVE-2007-0260
	NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2 ...)
	NOT-FOR-US: Fastilo
CVE-2007-0257
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of servi ...)
	- vlc 0.8.6.c-1 (unimportant; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in er ...)
	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
	NOTE: If've verified the Etch version to contain the necessary format strings
CVE-2007-0253
	- kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote at ...)
	NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort 2 ...)
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain poten ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers  ...)
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 befor ...)
	{DSA-1297-1}
	- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier a ...)
	{DSA-1307-1}
	- openoffice.org 2.2.1~rc1-1
	[lenny] - openoffice.org 2.0.4.dfsg.2-7etch1
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3 ...)
	{DSA-1288-2 DSA-1288-1}
	- pptpd 1.3.4-1
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Upda ...)
	- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does n ...)
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier al ...)
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote attacker ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCa ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ov ...)
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in  ...)
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly unse ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.ph ...)
	NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, wh ...)
	NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php  ...)
	NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and Fr ...)
	NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer al ...)
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify nam ...)
	- slocate 3.1-1.1 (bug #411937; low)
	[sarge] - slocate <not-affected> (Performs correct access checks)
	[etch] - slocate <no-dsa> (Minor issue)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set. This is
	NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
	NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-AS ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shoppin ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php  ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side compo ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Ser ...)
	NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...)
	NOT-FOR-US: Microsoft
CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 an ...)
	NOT-FOR-US: Microsoft
CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 20 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does no ...)
	NOT-FOR-US: Microsoft
CVE-2007-0212
	REJECTED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...)
	NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...)
	NOT-FOR-US: Microsoft
CVE-2007-0207
	REJECTED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via  ...)
	- ed 0.2-19
CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech  ...)
	NOT-FOR-US: NitroTech CMS
CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gall ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery a ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...)
	NOT-FOR-US: Portix
CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4. ...)
	NOT-FOR-US: Portix
CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root w ...)
	NOT-FOR-US: Easy Chat Server
CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access Da ...)
	NOT-FOR-US: Image Gallery
CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during pre ...)
	- snort 2.7.0-1 (low; bug #407421)
	[sarge] - snort <no-dsa> (Minor issue)
	[etch] - snort <no-dsa> (Minor issue)
CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allo ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classifie ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allo ...)
	NOT-FOR-US: Rialto
CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote atta ...)
	NOT-FOR-US: Rialto
CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors ...)
	NOT-FOR-US: eXtremail
CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...)
	NOT-FOR-US: bitweaver
CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: bitweaver
CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver 1. ...)
	NOT-FOR-US: bitweaver
CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System (phpdea ...)
	NOT-FOR-US: Deadlock
CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a  ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-e ...)
	NOT-FOR-US: HP
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows remot ...)
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex Guestboo ...)
	NOT-FOR-US: @alex
CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
	NOT-FOR-US: Nucleus
CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ex ...)
	- firefox-sage 1.3.6-3
	NOTE: 1.3.6-3 disabled HTML mode entirely
CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion b ...)
	NOT-FOR-US: GeoBB
CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ca ...)
	NOT-FOR-US: Getahead
CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ha ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and e ...)
	NOT-FOR-US: @lex
CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Fire ...)
	NOT-FOR-US: TIS
CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Go ...)
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4  ...)
	NOT-FOR-US: Cisco
CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise,  ...)
	NOT-FOR-US: Cisco
CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote att ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web  ...)
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays d ...)
	NOT-FOR-US: F5
CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: MKPortal
CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by unau ...)
	NOT-FOR-US: FON La Fonera
CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main opera ...)
	NOT-FOR-US: MKPortal
CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allo ...)
	NOT-FOR-US: MKPortal
CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x  ...)
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189
	NOT-FOR-US: GeoBB
CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access re ...)
	NOT-FOR-US: F5
CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to acces ...)
	NOT-FOR-US: F5
CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5
CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ca ...)
	NOT-FOR-US: Getahead
CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ob ...)
	NOT-FOR-US: Getahead
CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Ser ...)
	NOT-FOR-US: iPlanet Web
CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo stor ...)
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...)
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted  ...)
	NOT-FOR-US: EF Commander
CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows r ...)
	NOT-FOR-US: PHPKIT
CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...)
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWi ...)
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...)
	{DSA-1475-1}
	- gforge 4.6.99+svn6347-1 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolu ...)
	{DSA-1568-1}
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll  ...)
	NOT-FOR-US: Sina UC2006
CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3. ...)
	NOT-FOR-US: AllMyGuest
CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5 ...)
	NOT-FOR-US: AllMyLinks
CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors  ...)
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserv ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
	NOT-FOR-US: PPC Search
CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathname ...)
	- kfreebsd-5 <not-affected>
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remo ...)
	NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, whic ...)
	NOT-FOR-US: Camouflage
CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in t ...)
	NOT-FOR-US: Steganography
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permi ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as u ...)
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.c ...)
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158 (thttpd 2007 has buffer underflow. ...)
	- thttpd <removed>
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...)
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156 (M-Core stores the database under the web document root, which allows r ...)
	NOT-FOR-US: M-Core
CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with  ...)
	NOT-FOR-US: HarikaOnline
CVE-2007-0154 (Webulas stores sensitive information under the web root with insuffici ...)
	NOT-FOR-US: Webulas
CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: AJLogin
CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficie ...)
	NOT-FOR-US: OhhASP
CVE-2007-0151 (MitiSoft stores sensitive information under the web root with insuffic ...)
	NOT-FOR-US: MitiSoft
CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in Day ...)
	NOT-FOR-US: Dayfox
CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with i ...)
	NOT-FOR-US: EMembersPro
CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote a ...)
	NOT-FOR-US: OminiGroup
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an incorre ...)
	NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips C ...)
	NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP N ...)
	NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Q ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
	NOT-FOR-US: NUNE News
CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce S ...)
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Li ...)
	NOT-FOR-US: YALD
CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download (Yenion ...)
	NOT-FOR-US: Kolayindir
CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to c ...)
	NOT-FOR-US: IBM
CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows re ...)
	NOT-FOR-US: IBM
CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remot ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And Orde ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users t ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1. ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow  ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/O ...)
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ  ...)
	NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...)
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233 - DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix  ...)
	NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow  ...)
	NOT-FOR-US: IG Shop
CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in iGener ...)
	NOT-FOR-US: IG Shop
CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
	NOT-FOR-US: IG Shop
CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves  ...)
	NOT-FOR-US: JAMWiki
CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 al ...)
	NOT-FOR-US: iG Calendar
CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and  ...)
	NOT-FOR-US: LocazoList
CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlie ...)
	NOT-FOR-US: Digirez
CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly vali ...)
	NOT-FOR-US: Opera
CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ex ...)
	NOT-FOR-US: Opera
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux b ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...)
	- drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows rem ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3  ...)
	NOT-FOR-US: RI Blog
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlie ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 all ...)
	NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow  ...)
	NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 1 ...)
	NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive informati ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote  ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
	NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
	NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as u ...)
	NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Ac ...)
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error m ...)
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
	NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure Acc ...)
	NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patc ...)
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf 3.02 (bug #406852; unimportant)
	- swftools <not-affected> (first version that entered the archive is based on xpdf 3.02)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat befor ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Prev ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
	NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it overwri ...)
	NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services 3.0 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 an ...)
	NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) Read ...)
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
	NOT-FOR-US: Carbon Communities
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive informa ...)
	- phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content Manageme ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 al ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: WineGlass
CVE-2007-0089 (jgbbs stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: jgbbs
CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
	NOT-FOR-US: openmedia
CVE-2007-0087
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084
	NOT-FOR-US: Windows NT
CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
	NOT-FOR-US: Nuked Klan
CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ha ...)
	NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possib ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: rblog
CVE-2007-0078 (BattleBlog stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: BattleBlog
CVE-2007-0077 (lblog stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: lblog
CVE-2007-0076 (Openforum stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: AspBB
CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0. ...)
	- flashplugin-nonfree 1:1.4
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2007-0070
	RESERVED
CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x be ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, whe ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) Autom ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5 ...)
	NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before  ...)
	- vmware-package 0.16
CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before  ...)
	- vmware-package 0.16
CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...)
	- vmware-package 0.16
CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...)
	NOT-FOR-US: CA
CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allow ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4. ...)
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Fo ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Fo ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2 ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows r ...)
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ver ...)
	NOT-FOR-US: Apple iPhoto
CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...)
	NOT-FOR-US: Fersch Formbankserver
CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Com ...)
	NOT-FOR-US: Karl Dahlke Edbrowse
CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluet ...)
	NOT-FOR-US: Bluetooth Stack COM Server (Windows)
CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown  ...)
	NOT-FOR-US: Bluesoil Bluetooth
CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and  ...)
	NOT-FOR-US: Bluetooth stack on Mac OS
CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows remot ...)
	NOT-FOR-US: Broadcom
CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...)
	NOT-FOR-US: Toshiba Bluetooth stack
CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows  ...)
	NOT-FOR-US: Windows Mobile
CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4  ...)
	NOT-FOR-US: Mac OS
CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obt ...)
	- bluez-utils 3.7-1 (bug #408889; medium)
CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote at ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows (BT ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly implem ...)
	NOT-FOR-US: Plantronic Headset
CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly impleme ...)
	NOT-FOR-US: Sony Ericsson T60
CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown  ...)
	NOT-FOR-US: SPINE
CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ser ...)
	- tor <unfixed> (unimportant)
	NOTE: It could be argued that this is a laws-of-physics vulnerability
	NOTE: that is a fundamental design limitation of certain hardware
	NOTE: implementations.
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function i ...)
	NOT-FOR-US: Jonathon J. Freeman OvBB
CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root w ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root wi ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root wi ...)
	NOT-FOR-US: P-News
CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows remo ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: phpwcms
CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remo ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
	NOT-FOR-US: Sky Software
CVE-2006-6883
	NOT-FOR-US: PHPIrc_bot
CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote  ...)
	NOT-FOR-US: Golden Book
CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux P ...)
	NOT-FOR-US: ATMEL WLAN drivers
CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Upd ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in PHP-Upd ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote attacker ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli 3ed ...)
	NOT-FOR-US: Matteo Lucarelli 3editor
CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module (l ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open Settleme ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in e ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 all ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows r ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 a ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6869 (Directory traversal vulnerability in includes/search/search_mdforum.ph ...)
	NOT-FOR-US: MAXdev
CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Sh ...)
	NOT-FOR-US: Zen Cart
CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshak ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Ahead4
CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp  ...)
	NOT-FOR-US: Softartisans
CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma ...)
	NOT-FOR-US: Enigma2
CVE-2006-6863
	NOT-FOR-US: Enigma2
CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 al ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
	NOT-FOR-US: MythControl
CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs Fo ...)
	NOT-FOR-US: Website Designs for Less
CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdo ...)
	NOT-FOR-US: eNdonesia
CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 a ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-XXXX [ssmtp password leak]
	- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
	- avahi 0.6.16-1 (low)
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050
	NOT-FOR-US: OpenPinboard
CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to a ...)
	NOT-FOR-US: TaskTracker
CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin dist ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0 ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before 8. ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat R ...)
	{DSA-1336-1}
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Exp ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1. ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1. ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 fo ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2007-0037
	REJECTED
CVE-2007-0036
	REJECTED
CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2,  ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microso ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers  ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	REJECTED
CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, an ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation (v ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote attacke ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic Tran ...)
	NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earl ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX con ...)
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler fun ...)
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers  ...)
	NOT-FOR-US: MoviePlay
CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bub ...)
	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in modules/credits/credits.ph ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and  ...)
	NOT-FOR-US: WebText CMS
CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ca ...)
	NOT-FOR-US: AIDeX Mini-WebServer
CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickC ...)
	NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related)
CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on Wind ...)
	NOT-FOR-US: Durian Web Application Server
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allow ...)
	- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php  ...)
	NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster M ...)
	NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not properl ...)
	NOT-FOR-US: Cahier de texte (CDT)
CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remot ...)
	NOT-FOR-US: ASPTicker
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 al ...)
	NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) In ...)
	NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simp ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...)
	NOT-FOR-US: EasyPartner component for Joomla!
CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
	NOT-FOR-US: Acronym Mod for phpBB2
CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has un ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact an ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact an ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHea ...)
	NOT-FOR-US: Total Commander
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ex ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
	- sun-java5 <removed> (unimportant)
	- sun-java6 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0  ...)
	NOT-FOR-US: IBM
CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down U ...)
	NOT-FOR-US: Land Down Under
CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unk ...)
	NOT-FOR-US: Joomla!
CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...)
	NOT-FOR-US: Joomla!
CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allo ...)
	NOT-FOR-US: Joomla!
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote at ...)
	NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog  ...)
	NOT-FOR-US: b2 Blog
CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web  ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier  ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a d ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal b ...)
	NOT-FOR-US: Personal .NET Portal
CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under  ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...)
	NOT-FOR-US: iCalendar
CVE-2006-6823 (PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc ...)
	NOT-FOR-US: Yrch!
CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate t ...)
	NOT-FOR-US: Enthrallweb eClassifieds
CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the MM_r ...)
	NOT-FOR-US: Enthrallweb eNews
CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the M ...)
	NOT-FOR-US: Enthrallweb eCoupons
CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the w ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass authen ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain sensit ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login Manage ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx  ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload Manag ...)
	NOT-FOR-US: Mxmania File Upload Manager
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10 ...)
	NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service (cra ...)
	- kdenetwork 4:3.5.5-4 (low; bug #405828)
	[sarge] - kdenetwork <no-dsa> (Minor issue)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in src/main. ...)
	NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in V ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in  ...)
	- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda  ...)
	NOT-FOR-US: Ananda Real Estate
CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1. ...)
	NOT-FOR-US: Enthrallweb eMates
CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs all ...)
	NOT-FOR-US: Enthrallweb eJobs
CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business Dire ...)
	NOT-FOR-US: Dragon Business Directory - Pro
CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allo ...)
	NOT-FOR-US: Enthrallweb eCars
CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages all ...)
	NOT-FOR-US: Enthrallweb ePages
CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, w ...)
	NOT-FOR-US: SH-News
CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event mo ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when register ...)
	{DSA-1250-1}
	- cacti 0.8.6i-3 (bug #404818; high)
CVE-2006-6798
	RESERVED
CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allo ...)
	NOT-FOR-US: Microsoft
CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...)
	NOT-FOR-US: MTCMS
CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...)
	NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows r ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX BASI ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remo ...)
	NOT-FOR-US: chatwm
CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in Ultima ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-6789 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...)
	NOT-FOR-US: Phpbbxtra
CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...)
	NOT-FOR-US: LuckyBot
CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsle ...)
	NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated administra ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open Newslette ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote attacker ...)
	NOT-FOR-US: Netbula Anyboard
CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload arb ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ear ...)
	NOT-FOR-US: pnamazu
CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: HLstats
CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through  ...)
	NOT-FOR-US: HLstats
CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows r ...)
	NOT-FOR-US: vBulletin
CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...)
	NOT-FOR-US: TimberWolf
CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future Intern ...)
	NOT-FOR-US: Future Internet
CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...)
	NOT-FOR-US: Future Internet
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of servi ...)
	NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in socios/maquetacion_socio.ph ...)
	NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote att ...)
	NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in w ...)
	- w3m 0.5.1-5.1 (bug #404564; low)
	- w3mmee <not-affected> (Does not include this format string vuln in the code)
	[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Ju ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger Sol ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 a ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...)
	NOT-FOR-US: SMC
CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions befo ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow remo ...)
	NOT-FOR-US: Copernicus Europa
CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) be ...)
	- tmsnc 0.2.5-1
CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 a ...)
	NOT-FOR-US: Land Down Under
CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote  ...)
	- interchange 4.9.8-1
CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before  ...)
	NOT-FOR-US: Lotus Domino
CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601  ...)
	NOT-FOR-US: Land Down Under (LDU)
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of servic ...)
	- oftpd <removed>
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlie ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
	NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It Simp ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows rem ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMa ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in  ...)
	NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 1 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote  ...)
	NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 allo ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a guessabl ...)
	NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote atta ...)
	NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly dis ...)
	NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain pri ...)
	NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper  ...)
	NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows rem ...)
	NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 all ...)
	NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index fil ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain p ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP Lase ...)
	NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1. ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8. ...)
	NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...)
	NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java R ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java R ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Sh ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php i ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in Suppor ...)
	NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0  ...)
	NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java R ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
	NOTE: Access to DMA-capable hardware such as graphics cards can,
	NOTE: by design, bypass security restrictions. Not a real issue.
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier al ...)
	NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN Messeng ...)
	NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in in ...)
	NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ine ...)
	NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and e ...)
	NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, inc ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allow ...)
	NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers t ...)
	NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Kn ...)
	NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in A ...)
	NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
	- wget 1.13-1 (unimportant)
	NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=bd7f4ef701ce5db64659db496d3f47aeedfadac2 (v1.13)
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password f ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management packe ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric  ...)
	NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...)
	NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11 ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0 ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in Newx ...)
	NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8. ...)
	NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site Man ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader Act ...)
	NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control
CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 throu ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu Wo ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail befo ...)
	NOT-FOR-US: @Mail
CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9 ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before  ...)
	NOT-FOR-US: @Mail
CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail We ...)
	NOT-FOR-US: @Mail
CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remot ...)
	NOT-FOR-US: @Mail
CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and pos ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files unde ...)
	- gconf2 2.24.0-1 (unimportant; bug #404743)
	NOTE: Minor nuisance, not much of a security problem
CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
	{DSA-1245-1}
	- proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium)
CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in EternalMa ...)
	NOT-FOR-US: EternalMart Guestbook (EMGB)
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart Mail ...)
	NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in Op ...)
	- openser 1.1.0-8 (medium; bug #404591)
CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
	- libflash 0.4.13-9 (low; bug #399508)
	[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Port ...)
	NOT-FOR-US: Oracle
CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vis ...)
	NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ca ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader  ...)
	NOT-FOR-US: E-Uploader
CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopp ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4. ...)
	- typo3-src 4.0.2+debian-2 (high; bug #403906)
	NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3  ...)
	NOT-FOR-US: Paristemi
CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edit ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal  ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock  ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allow ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates us ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for clie ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need f ...)
	- chetcpasswd <removed> (low)
CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...)
	{DSA-1251-1}
	- netrik 1.15.3-1.1 (medium; bug #404233)
CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a  ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 An ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...)
	NOT-FOR-US: Novell
CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...)
	NOT-FOR-US: Ozeki HTTP-SMS Gateway
CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: WinFtp Server
CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...)
	NOT-FOR-US: Download Portal
CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download Porta ...)
	NOT-FOR-US: Download Portal
CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown i ...)
	NOT-FOR-US: Nortel CallPilot
CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in WebC ...)
	{DSA-1279-1}
	- webcalendar 1.0.5-2 (low; bug #404234)
CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier a ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...)
	NOT-FOR-US: DeepBurner
CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and 20 ...)
	NOT-FOR-US: Aleph One
CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and 2006-12-1 ...)
	NOT-FOR-US: Aleph One
CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on SUS ...)
	NOT-FOR-US: Linux User Management (novell-lum)
CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ear ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Ko ...)
	- kdelibs <not-affected> (at least it is fixed in 4:3.5.5a.dfsg.1-5)
	NOTE: is DoS only, anyway
CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2. ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when conf ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remo ...)
	- chetcpasswd <removed> (low)
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) be ...)
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Se ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Ser ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary fi ...)
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in th ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise Linu ...)
	NOTE: if security relevant at all, it's 2.4.* only
	- linux-2.6 <not-affected> (2.4 only)
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers t ...)
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document importer/ ...)
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in  ...)
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Inktomi
CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD 3 ...)
	NOT-FOR-US: NetBSD
CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...)
	NOT-FOR-US: NetBSD
CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD 3. ...)
	NOT-FOR-US: NetBSD
CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and  ...)
	NOT-FOR-US: NetBSD
CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in NetBSD- ...)
	NOT-FOR-US: NetBSD
CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3 ...)
	NOT-FOR-US: Intel
CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...)
	NOT-FOR-US: mxBB
CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...)
	NOT-FOR-US: HyperVM
CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in planetluc.c ...)
	NOT-FOR-US: RateMe
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4. ...)
	NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Proj ...)
	NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in language/lang_english/lang_ ...)
	NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
	NOT-FOR-US: Meeting module for mxBB
CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...)
	NOT-FOR-US: Fightersoft Multimedia Star FTP server
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 a ...)
	NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance v ...)
	NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCa ...)
	NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM
CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere App ...)
	NOT-FOR-US: IBM
CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in J ...)
	NOT-FOR-US: JumbaCMS
CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ( ...)
	NOT-FOR-US: ExtCalThai for Mambo
CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php i ...)
	NOT-FOR-US: YapBB
CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 an ...)
	NOT-FOR-US: Genepi
CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php i ...)
	NOT-FOR-US: osprey
CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey 1 ...)
	NOT-FOR-US: osprey
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Langua ...)
	NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remo ...)
	- openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105)
	NOTE: No code injection possible, just a crash
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in BitDe ...)
	NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component o ...)
	- moodle 1.6-1
	NOTE: Does not affect moodle 1.6 according to SecurityFocus.
CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in M ...)
	- moodle 1.6.3-2 (low)
	NOTE: "SC#341 fixed initilaization of navtail variable"
	NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log
CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users  ...)
	NOT-FOR-US: Sambar
CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment Bl ...)
	NOT-FOR-US: Sygate
CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Pro ...)
	NOT-FOR-US: Soft4Ever Look 'n' Stop
CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environme ...)
	NOT-FOR-US: Filseclab Personal Firewall
CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Bl ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...)
	NOT-FOR-US: AVG Anti-Virus plus Firewall
CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (P ...)
	NOT-FOR-US: AntiHook 3.0.0.23 - Desktop
CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 al ...)
	NOT-FOR-US: Microsoft
CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...)
	NOT-FOR-US: w00t Gallery
CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php  ...)
	NOT-FOR-US: Activity Games module for mxBB
CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) 2.10 ...)
	- fai 3.1.3 (low; bug #402644)
	[sarge] - fai <no-dsa> (Minor issue, only in rare configs and use cases)
CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Be ...)
	NOT-FOR-US: phpAlbum
CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0 ...)
	NOT-FOR-US: PhpMyCms
CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman 0.0 ...)
	NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote at ...)
	- nexuiz 2.2.1-1 (low)
	NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of servi ...)
	- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP Integr ...)
	NOT-FOR-US: HP
CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for IB ...)
	NOT-FOR-US: IBM
CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6. ...)
	NOT-FOR-US: jclarens
CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard  ...)
	NOT-FOR-US: MailEnable
CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in TorrentFlu ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...)
	NOT-FOR-US: YMMAPI.YMailAttach
CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows X ...)
	NOT-FOR-US: Windows
CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2 ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users t ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux be ...)
	- torrentflux 2.1-6
CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows user-assist ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute arbit ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1  ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ScriptMat ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZ ...)
	NOT-FOR-US: AMAZONIA MOD for phpBB
CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...)
	NOT-FOR-US: Bloq
CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in E ...)
	NOT-FOR-US: EXlor
CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR Membe ...)
	NOT-FOR-US: AR Memberscript
CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ecommerce/control/keywords ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation i ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBl ...)
	NOT-FOR-US: Vortex Blog
CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly popula ...)
	- iceweasel 2.0.0.1+dfsg-1
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow re ...)
	NOT-FOR-US: italkplus (Italk+)
CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to obta ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in Ver ...)
	NOT-FOR-US: PHP_Debug
CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is permi ...)
	NOT-FOR-US: ProNews
CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_RE ...)
	NOT-FOR-US: Microsoft
CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Mac ...)
	NOT-FOR-US: Microsoft
CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ( ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allo ...)
	NOT-FOR-US: Golden FTP Server
CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Y ...)
	NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap)
CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for I ...)
	{DSA-1467-1}
	- mantis 1.0.6+dfsg-3 (bug #402802)
	[sarge] - mantis 0.19.2-5sarge5
CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...)
	- mantis 0.19.2-1
CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a sess ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensu ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response]
	- gaim 1:2.0.0+beta5-9 (low)
	[sarge] - gaim <no-dsa> (minor issue)
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
	- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
	NOTE: While older terminals were vulnerable to some attacks involving terminal
	NOTE: sequences, the lack of shell escaping is not a vulnerability in dsniff
CVE-2006-XXXX [archivemail insecure temporary file issues]
	- archivemail 0.6.2-2
	[sarge] - archivemail <no-dsa> (minor issue)
CVE-2006-XXXX [pythonpaste web root esacpe]
	- paste 1.0.1-1
	NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php)]
	- moodle 1.6.3-2
CVE-2006-XXXX [znc file access security hole]
	- znc 0.045-3 (bug #403141; medium)
CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Editio ...)
	NOT-FOR-US: Citrix
CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) Opti ...)
	NOT-FOR-US: Citrix
CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in Gen ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader  ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source c ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the  ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php i ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6566 (PHP remote file inclusion vulnerability in includes/profilcp_constants ...)
	NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a deni ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a deni ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in c ...)
	- proftpd-dfsg 1.3.0-17 (medium)
	[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6562
	RESERVED
CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewe ...)
	NOT-FOR-US: Microsoft
CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the  ...)
	NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB
CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request F ...)
	NOT-FOR-US: Lotfian Request For Travel
CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Crob FTP Server
CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unkn ...)
	NOT-FOR-US: Skulls!
CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before  ...)
	NOT-FOR-US: EyeOS
CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow  ...)
	NOT-FOR-US: EasyFill
CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remo ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-6553 (PHP remote file inclusion vulnerability in includes/newssuite_constant ...)
	NOT-FOR-US: NewsSuite 1.03 module for mxBB
CVE-2006-6552 (PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharin ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6551 (PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/ ...)
	NOT-FOR-US: Tucows Client Code Suite (CCS)
CVE-2006-6550
	NOT-FOR-US: Phorum
CVE-2006-6549
	NOT-FOR-US: Rad Upload
CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost  ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod P ...)
	NOT-FOR-US: Winamp
CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in cutene ...)
	NOT-FOR-US: cutenews
CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the  ...)
	NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB
CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote at ...)
	NOT-FOR-US: CM68 News
CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect Sp ...)
	NOT-FOR-US: AppIntellect SpotLight CRM
CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ea ...)
	NOT-FOR-US: Fantastic News
CVE-2006-6541
	NOT-FOR-US: Animated Smiley Generator
CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before 1. ...)
	NOT-FOR-US: Bluetrait
CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ea ...)
	NOT-FOR-US: Winamp Web Interface
CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1)  ...)
	NOT-FOR-US: D-LINK
CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allo ...)
	NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Fr ...)
	NOT-FOR-US: Cilem Haber Free Edition
CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before callin ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a ...)
	NOT-FOR-US: osCommerce
CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php  ...)
	NOT-FOR-US: osCommerce
CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1 ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 fo ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private mess ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom v ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar 0316200 ...)
	NOT-FOR-US: Gizzar
CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar 0316200 ...)
	NOT-FOR-US: Gizzar
CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 an ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 an ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTra ...)
	NOT-FOR-US: BoxTrapper in cPanel
CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale T ...)
	NOT-FOR-US: WikiTimeScale TwoZero
CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in Messageriescrip ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows rem ...)
	NOT-FOR-US: ProNews
CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 all ...)
	NOT-FOR-US: ProNews
CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and  ...)
	NOT-FOR-US: KDPics
CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_thresh ...)
	- mantis 1.0.6+dfsg-1 (unimportant)
	NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163
	NOTE: Not a security bug, only a very annoying feature.
CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient co ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface (Waw ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive  ...)
	NOT-FOR-US: dadaIMC
CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is installe ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in Si ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
	{DSA-1488-1}
	NOTE: This is covered/duped by CVE-2006-6841
	- phpbb2 2.0.21-6
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass C ...)
	NOTE: MFSA-2006-76
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner <not-affected> (maintainer reported)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6506 (The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...)
	NOTE: MFSA-2006-75
	- iceweasel 2.0.0.1+dfsg-1 (low)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5 ...)
	{DSA-1265-1}
	NOTE: MFSA-2006-74
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 1.5.0.9.dfsg1-1 (high)
	- iceape 1.0.7-1 (high)
	- mozilla <removed>
CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonke ...)
	NOTE: MFSA-2006-73
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	NOTE: Flaw was introduced in Firefox 1.5.0.4
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird  ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-72
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (high)
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for Mozill ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-71
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (unimportant)
	- icedove 1.5.0.9.dfsg1-1 (unimportant)
	NOTE: Not exploitable in standard Icedove configuration
CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-70
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5. ...)
	NOTE: MFSA-2006-69
	- iceweasel <not-affected> (windows only)
	- xulrunner <not-affected> (Windows only)
	- iceape <not-affected> (windows only)
	- firefox <not-affected> (windows only)
	- mozilla <not-affected> (windows only)
	- mozilla-firefox <not-affected> (windows only)
	- mozilla-thunderbird <not-affected> (windows only)
	- icedove <not-affected> (windows only)
CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
	NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv
	NOTE: user? I don't think so
CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for Mozi ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla  ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (medium)
	- xulrunner 1.8.0.9-1 (medium)
	- iceape 1.0.7-1 (medium)
	- firefox 45.0-1 (medium)
	- firefox-esr 45.0esr-1 (medium)
	- mozilla <removed> (medium)
	- mozilla-firefox <removed> (medium)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 200 ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 all ...)
	NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and  ...)
	NOT-FOR-US: Solaris
CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerbe ...)
	- openldap2.3 <not-affected> (kerberos support not enabled)
	- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
	REJECTED
CVE-2006-6491
	REJECTED
CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.d ...)
	NOT-FOR-US: SupportSoft ActiveX
CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-E ...)
	NOT-FOR-US: SISCO OSI stack
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrap ...)
	NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook  ...)
	NOT-FOR-US: DT Guestbook
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to exe ...)
	NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 an ...)
	NOT-FOR-US: ShopSite
CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition 2. ...)
	NOT-FOR-US: MailEnable
CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tag ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a deni ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (low; bug #401874)
CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remo ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow re ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux 4510 ...)
	NOT-FOR-US: McAfee
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.0 ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03 ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in Wi ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6465
	NOT-FOR-US: WikyBlog
CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) fi ...)
	NOT-FOR-US: Midicart
CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart al ...)
	NOT-FOR-US: Midicart
CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in C ...)
	NOT-FOR-US: CM68 News
CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attacke ...)
	NOT-FOR-US: Yourfreeworld Stylish Text Ads Script
CVE-2006-6460 (Yourfreeworld.com Short Url &amp; Url Tracker Script allows remote att ...)
	NOT-FOR-US: Yourfreeworld.com Short Url Script
CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Topli ...)
	NOT-FOR-US: Toplist for phpBB
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150  ...)
	NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other version ...)
	- tikiwiki <removed> (bug #404472)
	NOTE: Might be a mis-report, check with upstream
CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and W ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware  ...)
	NOT-FOR-US: DUware
CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows  ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OW ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles  ...)
	NOT-FOR-US: RunCMS
CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8. ...)
	NOT-FOR-US: Plesk
CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...)
	NOT-FOR-US: Novell ZENworks Patch Management
CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the we ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlie ...)
	NOT-FOR-US: Vt-Forum
CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1 ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4,  ...)
	NOT-FOR-US: iWare Professional
CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
	NOT-FOR-US: Envolution
CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and p ...)
	NOT-FOR-US: Nostra DivX Player
CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print  ...)
	NOT-FOR-US: Novell Distributed Print Services
CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the CDDBC ...)
	NOT-FOR-US: America Online
CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000,  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox Work ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro befor ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.0 ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 1 ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...)
	NOT-FOR-US: ThinkEdit
CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMa ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow re ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable Profess ...)
	NOT-FOR-US: MailEnable
CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ce ...)
	NOT-FOR-US: AgileBill AgileVoice
CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box im ...)
	- phpbb2 2.0.21-6 (medium)
	[sarge] - phpbb2 <not-affected>
CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the  ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Edito ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in inc/CONTROL/import/import-m ...)
	- b2evolution <not-affected> (vulnerable code added later)
CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univ ...)
	NOT-FOR-US: PhpLeague
CVE-2006-6415
	NOT-FOR-US: phpAdsNew
CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye  ...)
	NOT-FOR-US: dol storye
CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earl ...)
	NOT-FOR-US: Amateras sns
CVE-2006-6412
	RESERVED
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows r ...)
	NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local use ...)
	NOT-FOR-US: VMWare
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
	NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attac ...)
	NOT-FOR-US: Kaspersky
CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attack ...)
	NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (medium; bug #401873)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to byp ...)
	NOT-FOR-US: BitDefender
CVE-2006-6404 (INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows rem ...)
	NOT-FOR-US: Innovation Data Processing's FDR Backup
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlie ...)
	NOT-FOR-US: MyStats
CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in  ...)
	NOT-FOR-US: MyStats
CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
	NOT-FOR-US: JustSystems
CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 all ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios UPublis ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6397
	NOTE: not a vuln
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibl ...)
	NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before  ...)
	NOT-FOR-US: Ulrik Petersen Emdros Database Engine
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas Gauff ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1. ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka  ...)
	NOT-FOR-US: plxWebDev
CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution Quick.Ca ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution Quick.Ca ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile all ...)
	NOT-FOR-US: ac4p Mobile
CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LI ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management Serv ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
	NOT-FOR-US: CVS management/tracker (drupal plugin)
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before 2006120 ...)
	NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 crea ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk  ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate Help ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
	NOT-FOR-US: BrightStor Backup Discovery Service
CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with insuffic ...)
	NOT-FOR-US: BTSaveMySql
CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root  ...)
	NOT-FOR-US: Uploadscript
CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File  ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple Mach ...)
	NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow  ...)
	- phpmyadmin <not-affected> (low; bug #404744)
	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c9d93f63940fe960d3b6341d8bfb7b707c87e744
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...)
	- phpmyadmin 4:2.9.1.1-1 (unimportant)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/98575f4e563c9323df597e2a9783e637b00b87e9
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/416285c4930ed24504edf58774384db4ffec1f86
	NOTE: The commits are both the same but they seem to be cherry-picks one of the other at some point
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-8/
	NOTE: path is known in Debian anyway
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Gue ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in Invis ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision C ...)
	NOT-FOR-US: Invision Community Blog Mod
CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a  ...)
	NOT-FOR-US: APC PowerChute
CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10G ...)
	NOT-FOR-US: Affects only Windows despite other claims
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
	NOT-FOR-US: awrate
CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownl ...)
	NOT-FOR-US: Duware
CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in includes/elements/spellche ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and  ...)
	NOT-FOR-US: Duware
CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside System ...)
	NOT-FOR-US: Inside Systems Mail (ISMail)
CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Sec ...)
	NOT-FOR-US: BlueSocket Secure Controller
CVE-2006-6362
	REJECTED
CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file func ...)
	NOT-FOR-US: Bitflux Upload Progress Mete
CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload  ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookma ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in Stefa ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in  ...)
	NOT-FOR-US: PHPNews
CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in templates/link_ ...)
	NOT-FOR-US: PHPNews
CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate allow ...)
	NOT-FOR-US: DuWare
CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews  ...)
	NOT-FOR-US: DuWare
CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X a ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remo ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with insuffic ...)
	NOT-FOR-US: KhaledMuratList
CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient  ...)
	NOT-FOR-US: listpics 5
CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The Classif ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 a ...)
	NOT-FOR-US: mowdBB
CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote au ...)
	NOT-FOR-US: TFT-Gallery
CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40  ...)
	NOT-FOR-US: SAP
CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service (IG ...)
	NOT-FOR-US: SAP
CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earl ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and  ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Frase ...)
	NOT-FOR-US: KLF-DESIGN
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3. ...)
	NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ser ...)
	NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ( ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z  ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogan ...)
	NOT-FOR-US: Aspee Ziyaretci Defteri
CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe)  ...)
	NOT-FOR-US: Eudora WorldMail
CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before  ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.oc ...)
	NOT-FOR-US: Citrix Presentation Server Client
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wron ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWif ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is  ...)
	- torrentflux 2.1-7 (bug #400582; medium)
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to execut ...)
	- torrentflux 2.1-6 (bug #399169; medium)
CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files  ...)
	- torrentflux 2.1-6 (bug #399169)
CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 all ...)
	- torrentflux 2.1-5 (bug #395930; medium)
	NOTE: duplicate of CVE-2006-5609
CVE-2006-6327
	RESERVED
CVE-2006-6326
	RESERVED
CVE-2006-6325
	RESERVED
CVE-2006-6324
	RESERVED
CVE-2006-6323
	RESERVED
CVE-2006-6322
	RESERVED
CVE-2006-6321
	RESERVED
CVE-2006-6320
	RESERVED
CVE-2006-6319
	RESERVED
CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier allow ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1
CVE-2006-6317
	RESERVED
CVE-2006-6316
	RESERVED
CVE-2006-6315
	RESERVED
CVE-2006-6314
	RESERVED
CVE-2006-6313
	RESERVED
CVE-2006-6312
	RESERVED
CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
	NOT-FOR-US: Tivoli
CVE-2006-6308
	NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote  ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services  ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configu ...)
	- net-snmp <not-affected> (Only affects version 5.3.0)
CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets  ...)
	- linux-2.6 <not-affected> (Only affects plain 2.6.19)
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
	- ruby1.8 1.8.5-4 (low)
CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remo ...)
	NOT-FOR-US: CuteNews
CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM ...)
	NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yone ...)
	NOT-FOR-US: Metyus Okul Yonetim Sistemi
CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin  ...)
	- kdegraphics <unfixed> (unimportant)
	NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) serv ...)
	NOT-FOR-US: Microsoft
CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in t ...)
	NOT-FOR-US: MxBB Portal
CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot Antiviru ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4 ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini,  ...)
	NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professi ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
	NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variabl ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier al ...)
	NOT-FOR-US: Niek Albers CoolPlayer
CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
	NOT-FOR-US: AtomixMP3
CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions  ...)
	NOT-FOR-US: Palm Desktop
CVE-2006-6285
	NOT-FOR-US: Kai Blankenhorn Bitfolge
CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 al ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a  ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in dicshun ...)
	NOT-FOR-US: dicshunary
CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulleti ...)
	NOT-FOR-US: Oxygen (O2PHP Bulletin Board)
CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain se ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex Guestboo ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ContentSe ...)
	NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server b ...)
	NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1)  ...)
	NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, whi ...)
	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows rem ...)
	- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obta ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 all ...)
	NOT-FOR-US: PHPOLL
CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote attac ...)
	NOT-FOR-US: ASPMForum
CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...)
	NOT-FOR-US: Infinitytechs Restaurants CM
CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in  ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers  ...)
	NOT-FOR-US: PostNuke
CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start  ...)
	NOTE: It seems that no significant packet amplification takes place.
	NOTE: Probably harmless.
CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote att ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source Tere ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing he ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Kl ...)
	NOT-FOR-US: PHPJunkYard MBoard
CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows  ...)
	NOT-FOR-US: Quintessential Player
CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema Integra ...)
	NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP)
CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) class/functions.ph ...)
	NOT-FOR-US: AlternC
CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQ ...)
	NOT-FOR-US: AlternC
CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are enabl ...)
	NOT-FOR-US: AlternC
CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in admin/ ...)
	NOT-FOR-US: AlternC
CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI 0 ...)
	NOT-FOR-US: NukeAI
CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote at ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, p ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual emotico ...)
	NOT-FOR-US: Microsoft Windows Live Messenger
CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...)
	NOT-FOR-US: VUPlayer
CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier a ...)
	NOT-FOR-US: Songbird Media Player
CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earli ...)
	NOT-FOR-US: Chama Cargo
CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: GPhotos
CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1 ...)
	NOT-FOR-US: UPhotoGallery
CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ownershi ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b a ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) befor ...)
	NOT-FOR-US: Coalescent Systems freePBX
CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow  ...)
	NOT-FOR-US: FipsSHOP
CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and  ...)
	- serendipity 1.0.4-1 (unimportant; bug #401614)
	NOTE: Only exploitable with register_globals
CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2. ...)
	NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify th ...)
	NOT-FOR-US: Apple Safari
CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in thread.ph ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote at ...)
	NOT-FOR-US: Acrobat Reader
CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
	{DSA-1231-1}
	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
	- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in PHP-Nu ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown versio ...)
	NOT-FOR-US: PostNuke
CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in DreamAcc ...)
	NOT-FOR-US: DreamAccount
CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: VuBB
CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote at ...)
	NOT-FOR-US: VuBB
CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs fai ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (a ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and  ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allo ...)
	NOT-FOR-US: GeekLog
CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...)
	NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance an ...)
	NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote a ...)
	NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes Com ...)
	NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in de ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...)
	NOT-FOR-US: Mermaid module for PHP-NUKE
CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hac ...)
	NOT-FOR-US: Nivisec Hacks List
CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wal ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical v ...)
	NOT-FOR-US: PEGames
CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News (si ...)
	NOT-FOR-US: Site News
CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0  ...)
	NOT-FOR-US: BirdBlog
CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart a ...)
	NOT-FOR-US: MidiCart ASP Shopping Cart
CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds all ...)
	NOT-FOR-US: Enthreallweb eClassifieds
CVE-2006-6207
	NOT-FOR-US: Evolve Merchant
CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping C ...)
	NOT-FOR-US: WarHound General Shopping Cart
CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in E ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow rem ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME  ...)
	NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker
CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by  ...)
	NOT-FOR-US: Borland idsql32.dll
CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Profes ...)
	NOT-FOR-US: BlazeVideo BlazeDVD
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost  ...)
	NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8 ...)
	- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
	NOT-FOR-US: Ultimate Survey Pro
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier  ...)
	NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3. ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (a ...)
	NOT-FOR-US: Anna^ IRC Bot
CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click  ...)
	NOT-FOR-US: ClickTech Click Blog
CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTe ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery allo ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow remo ...)
	NOT-FOR-US: enomphp
CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery  ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (A ...)
	NOT-FOR-US: Allied Telesyn TFTP Server
CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and pos ...)
	NOT-FOR-US: 3Com 3CTftpSvc
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop store ...)
	NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech Cli ...)
	NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.n ...)
	NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstal ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Coun ...)
	NOT-FOR-US: Muhammad A. Muquit wwwcoun
CVE-2006-XXXX [libxslt segfault / DoS]
	- libxslt 1.1.19-1 (low)
	[sarge] - libxslt <not-affected> (vulnerability added later)
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before  ...)
	NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
	- kronolith2 2.1.4-1 (bug #400899; bug #401061)
	- kronolith <not-affected> (Vulnerable code not present)
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2. ...)
	- tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in vm/vm ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP strea ...)
	{DSA-1244-1}
	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
	- mplayer 1.0~rc1-11 (medium)
CVE-2006-6171
	{DSA-1218}
	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) i ...)
	NOT-FOR-US: Norton
CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver (VSDATANT ...)
	NOT-FOR-US: ZoneAlarm
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to  ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167
	NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin C ...)
	NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165
	NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9  ...)
	NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in Tik ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php i ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help  ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php i ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help D ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and earlie ...)
	NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX S ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star R ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star Ra ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Class ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System  ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie Lo ...)
	NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.ph ...)
	NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allo ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp  ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow re ...)
	NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator ...)
	NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plai ...)
	NOT-FOR-US: CRYPTOCard
CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for Kerber ...)
	- krb5 <not-affected> (Only 1.5 onwards are vulnerable)
CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1 ...)
	- krb5 1.4.4-6 (high)
	[sarge] - krb5 <not-affected>
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-1241-1}
	- squirrelmail 2:1.4.9a-1
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a den ...)
	NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8  ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) doe ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE ...)
	NOT-FOR-US: Windows Media
CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for Micro ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow rem ...)
	NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWeb ...)
	NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of servi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in openfil ...)
	{DSA-1231-1}
	- gnupg 1.4.5-3 (medium; bug #401765)
	- gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [smb4k security issue]
	- smb4k 0.7.5-1
	[sarge] - smb4k <not-affected> (Vulnerable code not present)
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows loca ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other  ...)
	- linux <not-affected> (Kernel rejects the malformed filesystem)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Kernel rejects the malformed filesystem)
	NOTE: It's not obvious when or how this was fixed
CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1 ...)
	NOT-FOR-US: NetGear
CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server  ...)
	NOT-FOR-US: SeleniumServer Web Server
CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ena ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact  ...)
	- tin 1:1.8.2-1
CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...)
	NOT-FOR-US: Acer
CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft PowerPo ...)
	- koffice 1:1.6.1-1 (bug #401230; medium)
CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: mmgallery
CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1. ...)
	NOT-FOR-US: mmgallery
CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earli ...)
	NOT-FOR-US: fipsGallery
CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and earli ...)
	NOT-FOR-US: fipsForum
CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier al ...)
	NOT-FOR-US: fipsCMS
CVE-2006-6114
	REJECTED
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Monkey Boards
CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of t ...)
	NOT-FOR-US: LifeType
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 all ...)
	NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech  ...)
	NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 al ...)
	NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
	NOT-FOR-US: EC-CUBE
CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in bus/sign ...)
	- dbus 1.0.2-1 (low)
	[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the  ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
	- gdm 2.16.4-1 (medium; bug #403219)
	[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in  ...)
	- mono 1.2.2.1-1 (low)
CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE extensi ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE exten ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ext ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6100
	REJECTED
CVE-2006-6099
	REJECTED
CVE-2006-6098
	REJECTED
CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...)
	{DSA-1223-1}
	- tar 1.16-2 (high; bug #399845)
CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in A ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow rem ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow rem ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php i ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...)
	NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before  ...)
	NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote a ...)
	NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Ga ...)
	NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...)
	NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1. ...)
	NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions a ...)
	- kile 1:1.9.3-1 (low)
	[sarge] - kile <no-dsa> (Minor issue)
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allo ...)
	NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Cre ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php i ...)
	NOT-FOR-US: Telaen
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews Publ ...)
	NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 al ...)
	NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan  ...)
	NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earli ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.0.10-1 (medium)
	NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Compu ...)
	NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp fo ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart a ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart a ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTe ...)
	NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLog ...)
	- twiki 1:4.0.5-2 (bug #401303; low)
CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
	NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain  ...)
	NOT-FOR-US: mAlbum
CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in func ...)
	NOT-FOR-US: mAlbum
CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Est ...)
	NOT-FOR-US: DataShed
CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events Lis ...)
	NOT-FOR-US: Dragon Calendar
CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in t ...)
	NOT-FOR-US: CalSnails Module for MxBB Portal
CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in  ...)
	NOT-FOR-US: Fuzzball MUCK
CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allo ...)
	NOT-FOR-US: XMPlay
CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possi ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA52 ...)
	NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, includi ...)
	{DSA-1504-1 DSA-1436-1}
	- linux-2.6 2.6.22-6
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on F ...)
	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELi ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G ...)
	NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users t ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages dep ...)
	NOT-FOR-US: NetEpi Case Manager
CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the M ...)
	NOT-FOR-US: MosReporter (com_reporter) component for Joomla!
CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allo ...)
	NOT-FOR-US: Rank'em
CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2  ...)
	NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo
CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when  ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite 0.6. ...)
	NOT-FOR-US: Etomite CMSEtomite CMS
CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 a ...)
	NOT-FOR-US: eggblog
CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...)
	NOT-FOR-US: omdev One Admin
CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQ ...)
	NOT-FOR-US: PHPQuickGallery
CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver (forme ...)
	NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...)
	NOT-FOR-US: phpWebThings
CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den  ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.p ...)
	NOT-FOR-US: vBulletin
CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMak ...)
	NOT-FOR-US: MatchMaker
CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pFor ...)
	NOT-FOR-US: Powie's PHP Forum
CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Da ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote atta ...)
	NOT-FOR-US: OpenHuman
CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...)
	NOT-FOR-US: SitesOutlet E-commerce Kit-1
CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPB ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet  ...)
	NOT-FOR-US: ASPCart
CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow rem ...)
	NOT-FOR-US: E-Calendar ProE-Calendar Pro
CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allow ...)
	NOT-FOR-US: Property Pro
CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov DoSe ...)
	NOT-FOR-US: DoSePa
CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote at ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix Mob ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denia ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ve ...)
	NOT-FOR-US: Eudora Worldmail
CVE-2006-6023
	NOT-FOR-US: Bloo
CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebA ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp Datin ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog Torre ...)
	NOT-FOR-US: Blog Torrent Preview
CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in extensions/googiespell/goo ...)
	NOT-FOR-US: Bloo
CVE-2006-6018
	NOT-FOR-US: My-BIC
CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a  ...)
	- wordpress 2.0.5-0.1
CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...)
	- wordpress 2.0.5-0.1
CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple Ma ...)
	- kdebase <unfixed> (unimportant; bug #400121)
	NOTE: Browser crashes are not treated as security problems
CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform bo ...)
	NOT-FOR-US: NetBSD
CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the Fi ...)
	- kfreebsd-5 5.4-21
	[etch] - kfreebsd-5 <no-dsa> (no security support)
CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MG ...)
	NOT-FOR-US: Car Site Manager
CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 pa ...)
	NOT-FOR-US: SAP
CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive informatio ...)
	NOT-FOR-US: SAP
CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing  ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, d ...)
	{DSA-1217}
	- linux-ftpd 0.17-23
CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2006-6006
	REJECTED
CVE-2006-6005
	REJECTED
CVE-2006-6004
	REJECTED
CVE-2006-6003
	REJECTED
CVE-2006-6002
	REJECTED
CVE-2006-6001
	REJECTED
CVE-2006-6000
	REJECTED
CVE-2006-5999
	REJECTED
CVE-2006-5998
	REJECTED
CVE-2006-5997
	REJECTED
CVE-2006-5996
	REJECTED
CVE-2006-5995
	REJECTED
CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-5993
	REJECTED
CVE-2006-5992
	REJECTED
CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop all ...)
	NOT-FOR-US: CactuShop
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
	NOT-FOR-US: VMWare
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allo ...)
	{DSA-1247-1}
	- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running  ...)
	NOT-FOR-US: Windows
CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly 1. ...)
	NOT-FOR-US: ASPintranet
CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not r ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in admin/options.p ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hostin ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software D ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user passw ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP Ser ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ear ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure p ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impac ...)
	NOT-FOR-US: E-Xoopport
CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote  ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3. ...)
	NOT-FOR-US: BlogMe
CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
	NOT-FOR-US: BlogMe
CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message de ...)
	- fetchmail 6.3.6-1 (low)
	[sarge] - fetchmail <not-affected> (Vulnerable code not present)
CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and  ...)
	- dovecot 1.0.rc15-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4. ...)
	NOT-FOR-US: SAP
CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
	- firefox-sage <not-affected> (medium; bug #399170)
	NOTE: Debian's version has HTML disabled
CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
	NOT-FOR-US: NetGear
CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity U ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm 2. ...)
	- fvwm 1:2.5.18-2 (low; bug #400303)
	[sarge] - fvwm <no-dsa> (Minor issue)
CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ins ...)
	NOT-FOR-US: MDaemon
CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before  ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows re ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
	NOT-FOR-US: PassGo SSO Plus
CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows ...)
	NOT-FOR-US: PentaZip
CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite ...)
	NOT-FOR-US: PentaZip
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow re ...)
	NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
	NOT-FOR-US: Mercury Mail Transport
CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in account_login.a ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce allow ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allo ...)
	NOT-FOR-US: INFINICART
CVE-2006-5957
	NOT-FOR-US: INFINICART
CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) datab ...)
	NOT-FOR-US: PHPRunner
CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Rea ...)
	NOT-FOR-US: DataShed
CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier all ...)
	NOT-FOR-US: NetVIOS
CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart (a ...)
	NOT-FOR-US: Evolve shopping cart
CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 all ...)
	NOT-FOR-US: ASP Smiley
CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2  ...)
	NOT-FOR-US: Exophpdesk
CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and  ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpP ...)
	NOT-FOR-US: phpPeanuts
CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2 ...)
	NOT-FOR-US: Conxint FTP Server
CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP  ...)
	NOT-FOR-US: FunkyASP Glossary
CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager  ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MG ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in inventory/display/display_ ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5941
	REJECTED
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote at ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 al ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce Syste ...)
	NOT-FOR-US: SiteXpress E-Commerce
CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and earlie ...)
	NOT-FOR-US: ShopSystems
CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent Manag ...)
	NOT-FOR-US: Estate Agent Manager
CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows remo ...)
	NOT-FOR-US: UltraSite
CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single su ...)
	NOT-FOR-US: Kahua
CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web base ...)
	NOT-FOR-US: Aigaion
CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web base ...)
	NOT-FOR-US: Aigaion
CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in Phpjobschedu ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler  ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
	NOT-FOR-US: ASP Scripter Easy Portal
CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before  ...)
	NOT-FOR-US: Vallheru
CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed  ...)
	{DSA-1240-1 DSA-1228-1 DSA-1226-1}
	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
	- elinks 0.11.1-1.2 (medium; bug #399187)
	- links2 2.1pre25-2 (medium; bug #400718)
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP  ...)
	NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac gtca ...)
	NOT-FOR-US: gtcatalog
CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5920
	NOT-FOR-US: Exporia
CVE-2006-5919 (PHP remote file inclusion vulnerability in admin/e_data/visEdit_contro ...)
	NOT-FOR-US: KnowledgeBuilder
CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kil ...)
	NOT-FOR-US: RapidKill
CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager all ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass vi ...)
	NOT-FOR-US: Intego VirusBarrier
CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMED ...)
	NOT-FOR-US: LandShop
CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remot ...)
	NOT-FOR-US: LandShop
CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a s ...)
	NOT-FOR-US: Microsoft
CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has unknow ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware Campsit ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware Campsit ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research For ...)
	NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in y ...)
	NOT-FOR-US: Yet Another News System
CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in Jean ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5906
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database a ...)
	NOT-FOR-US: Web Directory Pro
CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 a ...)
	NOT-FOR-US: MWChat Pro
CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perfo ...)
	NOT-FOR-US: GSpace
CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform  ...)
	NOT-FOR-US: viksoe GMail Drive
CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP addres ...)
	NOT-FOR-US: Hawking Technology wireless router WR254-CA
CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/H ...)
	NOT-FOR-US: Zend Framework Preview
CVE-2006-5899
	NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 i ...)
	NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the f ...)
	NOT-FOR-US: Web Mech Designer
CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS  ...)
	NOT-FOR-US: EncapsCMS
CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ear ...)
	NOT-FOR-US: Rama CMS
CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs  ...)
	NOT-FOR-US: iWonder Designs Storystream
CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Po ...)
	NOT-FOR-US: The Net Guys ASPired2Poll
CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios USto ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios USup ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1  ...)
	NOT-FOR-US: BrewBlogger
CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Datawo ...)
	NOT-FOR-US: Dynamic Dataworx NuSchool
CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic Datawor ...)
	NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems)
CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows remo ...)
	NOT-FOR-US: NuStore
CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x bef ...)
	- fvwm 2.5.10-1
CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX contro ...)
	NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer
CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel 10
CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...)
	NOT-FOR-US: Broadcom BCMWL5.SYS
CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx N ...)
	NOT-FOR-US: Dynamic Dataworx NuCommunity
CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...)
	NOT-FOR-US: Munch Pro
CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta an ...)
	NOT-FOR-US: ASPPortal
CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10  ...)
	{DSA-1209}
	- trac 0.10.1-1 (bug #397683)
CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, e ...)
	- enigmail 2:0.94.2-1 (bug #406604)
CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP lib ...)
	{DSA-1248-1}
	- libsoup 2.2.98-2 (bug #405197; medium)
CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attacke ...)
	{DSA-1236-1}
	- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ca ...)
	{DSA-1232-1}
	- clamav 0.86-1
CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...)
	{DSA-1230-1}
	- l2tpns 2.1.21-1 (medium; bug #401742)
	NOTE: http://secunia.com/advisories/23230/
CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...)
	{DSA-1239-1}
	- sql-ledger 2.6.21-1
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.3 ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier,  ...)
	{DSA-1246-1}
	- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute arbitrar ...)
	{DSA-1220}
	- pstotext 1.9-4 (bug #356988; medium)
CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 b ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.11
CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may trans ...)
	{DSA-1259-1}
	- fetchmail 6.3.6-1 (low)
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpM ...)
	NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...)
	NOT-FOR-US: Script Dowload
CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for LetterI ...)
	NOT-FOR-US: LetterIt
CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web  ...)
	NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in  ...)
	NOT-FOR-US: Citrix
CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console  ...)
	NOT-FOR-US: Adobe JRun
CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
	NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
	NOT-FOR-US: Adobe
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 a ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5 ...)
	NOT-FOR-US: Tivoli
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in Nove ...)
	NOT-FOR-US: Novell Netware
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CM ...)
	NOT-FOR-US: Immediacy CMS
CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ar ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows al ...)
	NOT-FOR-US: Essentia Web Server
CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in Irayo ...)
	NOT-FOR-US: IrayoBlog
CVE-2006-5848
	REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 an ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0  ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the  ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2. ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running o ...)
	NOT-FOR-US: Unicore
CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...)
	NOT-FOR-US: DodosMail
CVE-2006-5840
	NOT-FOR-US: Abarcar Realty Portal
CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...)
	NOT-FOR-US: PHPAdventure
CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in N ...)
	NOT-FOR-US: NewP News Publication System
CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the SimpleCha ...)
	NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS
CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwi ...)
	NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X
CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Dom ...)
	NOT-FOR-US: IBM Lotus Notes Domino
CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution Quick ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require auth ...)
	NOT-FOR-US: GreenBeast CMS
CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote att ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP Classifi ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...)
	NOT-FOR-US: phpComasy CMS
CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 a ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako Suppor ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows l ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in  ...)
	NOT-FOR-US: Citrix
CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBudd ...)
	NOT-FOR-US: SuperBuddy ActiveX control
CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server  ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
	{DSA-1243-1 DSA-1214}
	- gv 1:3.6.2-3 (medium; bug #398292)
	- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permis ...)
	NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Bu ...)
	NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0  ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to caus ...)
	NOT-FOR-US: Kerio
CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlis ...)
	NOT-FOR-US: XOOPS
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB befor ...)
	NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses in ...)
	NOT-FOR-US: Cisco
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escap ...)
	NOT-FOR-US: Cisco
CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configure ...)
	NOT-FOR-US: Cisco
CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a secur ...)
	NOT-FOR-US: Microsoft
CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced Guest ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-5803 (PHP remote file inclusion vulnerability in modules/mx_smartor/album.ph ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers  ...)
	NOT-FOR-US: The Web Drivers Simple Forum
CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not pro ...)
	NOT-FOR-US: owfs
CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in xenis.creat ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro E ...)
	NOT-FOR-US: Soholaunch Pro
CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 an ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in  ...)
	- openssh 1:4.3p2-6 (unimportant)
	NOTE: Not a direct vulnerability
CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in li ...)
	- libpng 1.2.13-0 (low; bug #398706)
	[sarge] - libpng <no-dsa> (Minor issue)
CVE-2006-XXXX [obexpushd arbitrary command execution]
	- obexpushd 0.4+svn10-1 (bug #397297; medium)
CVE-2006-XXXX [motion insecure tempfile creation]
	- motion 3.2.3-2 (bug #393846; low)
	[sarge] - motion <no-dsa> (Minor issue)
CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote a ...)
	NOT-FOR-US: XLink Omni-NFS Enterprise
CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ea ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated user ...)
	NOT-FOR-US: WarFTPd
CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) admin ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote attacke ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and earl ...)
	NOT-FOR-US: e107
CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before pa ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application Serve ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5783
	NOTE: irreproducible firefox issue
CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...)
	NOT-FOR-US: HP OpenView
CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2  ...)
	NOT-FOR-US: iodine
CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 a ...)
	NOT-FOR-US: XLink Omni-NFS
CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of se ...)
	- openldap2.2 <removed> (bug #397673)
	- openldap2.3 2.3.29-1
CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to  ...)
	NOT-FOR-US: Creasito E-Commerce Content Manager
CVE-2006-5776
	NOT-FOR-US: Ariadne
CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0 ...)
	NOT-FOR-US: FunkBoard
CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before  ...)
	NOT-FOR-US: Hyper NIKKI System
CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 an ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0  ...)
	NOT-FOR-US: Arkoon SSL360
CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile all ...)
	NOT-FOR-US: Mobile
CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS  ...)
	NOT-FOR-US: admin.tool CMS
CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 R ...)
	NOT-FOR-US: Cyberfolio
CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article Syste ...)
	NOT-FOR-US: Article System
CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ear ...)
	NOT-FOR-US: Article Script
CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File Ho ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File Hostin ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free Fil ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CM ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2. ...)
	NOT-FOR-US: phpDynaSite
CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote att ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 fi ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
	REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not p ...)
	{DSA-1381-2}
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly initiali ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux kernel ...)
	{DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304}
	- linux-2.6 2.6.20-1
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_st ...)
	- apache2 2.2.4-2 (low)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	- apache <removed> (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in net/bridge/br_ioct ...)
	{DSA-1233}
	- linux-2.6 2.6.18-8 (medium)
CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository clas ...)
	NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...)
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...)
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.5.0.8-1 (high)
	- mozilla-firefox <removed>
	- mozilla-thunderbird <removed>
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-thunderbird <not-affected> (Vulnerable code not present)
CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not pro ...)
	NOT-FOR-US: AirMagnet
CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the XMLHTT ...)
	NOT-FOR-US: Microsoft
CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and High ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterp ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enter ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Le ...)
	NOT-FOR-US: communityPortals
CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow re ...)
	NOT-FOR-US: PunBB
CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from th ...)
	NOT-FOR-US: PunBB
CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...)
	NOT-FOR-US: PunBB
CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB befor ...)
	NOT-FOR-US: PunBB
CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 a ...)
	NOT-FOR-US: ATutor
CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and e ...)
	NOT-FOR-US: PostNuke
CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earl ...)
	NOT-FOR-US: T.G.S. CMS
CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS  ...)
	NOT-FOR-US: Lithium CMS
CVE-2006-5730 (PHP remote file inclusion vulnerability in manager/media/browser/mcpuk ...)
	NOT-FOR-US: Modx CMS
CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum p ...)
	NOT-FOR-US: Yazd Discussion Forum
CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote authentica ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in  ...)
	NOT-FOR-US: sazcart
CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to c ...)
	NOT-FOR-US: Solaris
CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to determ ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5724 (Heap-based buffer overflow the "Answering Service" function in ICQ 200 ...)
	NOT-FOR-US: ICQ
CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier  ...)
	NOT-FOR-US: DataparkSearch Engine
CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9  ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) a ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the Journ ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall Expl ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...)
	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/39893dd0c956de6505d5a4d4590ad3e1f64bdffa
CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Dat ...)
	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allo ...)
	NOT-FOR-US: FreeNews
CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS fil ...)
	NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book
CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file s ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) We ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows r ...)
	NOT-FOR-US: Mirapoint WebMail
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote att ...)
	NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin k ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and  ...)
	NOT-FOR-US: PHPEasyData
CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
	- php5 5.2.0-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
CVE-2006-5705 (Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...)
	- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 befo ...)
	NOT-FOR-US: HP
CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in  ...)
	- tikiwiki 1.9.6+dfsg-1 (low)
CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...)
	- tikiwiki 1.9.6+dfsg-1 (medium)
CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel 2.6.x ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- squashfs 1:3.1r2-6.1
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-5700
	REJECTED
CVE-2006-5699
	REJECTED
CVE-2006-5698
	REJECTED
CVE-2006-5697
	REJECTED
CVE-2006-5696
	REJECTED
CVE-2006-5695
	REJECTED
CVE-2006-5694
	REJECTED
CVE-2006-5693
	REJECTED
CVE-2006-5692
	REJECTED
CVE-2006-5691
	REJECTED
CVE-2006-5690
	REJECTED
CVE-2006-5689
	REJECTED
CVE-2006-5688
	REJECTED
CVE-2006-5687
	REJECTED
CVE-2006-5686
	REJECTED
CVE-2006-5685
	REJECTED
CVE-2006-5684
	REJECTED
CVE-2006-5683
	REJECTED
CVE-2006-5682
	REJECTED
CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Qua ...)
	NOT-FOR-US: QuickTime on Mac OS X
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
	- libarchive 1.3.1-1 (unimportant)
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows loc ...)
	- kfreebsd-5 <removed> (medium)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5678
	NOT-FOR-US: Les Visiteurs
CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and  ...)
	- torque 2.1.6-1
CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert PhpL ...)
	NOT-FOR-US: PhpLeague
CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence  ...)
	NOT-FOR-US: Pentaho Business Intelligence (BI) Suite
CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...)
	NOT-FOR-US: miniBB
CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2 ...)
	NOT-FOR-US: miniBB
CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in My ...)
	NOT-FOR-US: MySource CMS
CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image H ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free Ima ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in G ...)
	NOT-FOR-US: Gepi
CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_ ...)
	NOT-FOR-US: Ampache
CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and  ...)
	NOT-FOR-US: P-Book
CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 all ...)
	NOT-FOR-US: E-Annu
CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in t ...)
	NOT-FOR-US: phpBB module Spider Friendly
CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software Developmen ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows re ...)
	NOT-FOR-US: easy notesManager (eNM)
CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netq ...)
	NOT-FOR-US: Netquery
CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 doe ...)
	NOT-FOR-US: Cisco
CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, whi ...)
	NOT-FOR-US: PAM_extern
CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ( ...)
	NOT-FOR-US: BlooMooWeb ActiveX control
CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 h ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum be ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows re ...)
	NOT-FOR-US: OpenDocMan
CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in Su ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in  ...)
	NOT-FOR-US: Sun Java System Messenger Express
CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Serv ...)
	NOT-FOR-US: Sun
CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to o ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5. ...)
	NOT-FOR-US: ICQPhone.SipxPhoneManager
CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling"  ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a  ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for L ...)
	NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security  ...)
	NOT-FOR-US: Sophos
CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for L ...)
	NOT-FOR-US: Sophos
CVE-2006-5644
	RESERVED
CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...)
	NOT-FOR-US: foresite CMS
CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown i ...)
	NOT-FOR-US: NmnLogger
CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Anno ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams Gues ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ( ...)
	NOT-FOR-US: OpenWBEM
CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2 ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq Admini ...)
	NOT-FOR-US: Faq Administrator
CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple Websit ...)
	NOT-FOR-US: Simple Website Software
CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums allo ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1  ...)
	NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ...)
	- firefox 45.0-1 (unimportant)
	- firefox-esr 45.0esr-1 (unimportant)
	- iceweasel <removed> (unimportant)
	- icedove <unfixed> (unimportant)
	- mozilla <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- mozilla-thunderbird <removed> (unimportant)
CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 befor ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management  ...)
	NOT-FOR-US: UNISOR Content Management System (CMS)
CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...)
	NOT-FOR-US: QnECMS
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htm ...)
	NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in  ...)
	NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comme ...)
	NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic En ...)
	NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...)
	NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
	NOT-FOR-US: MiniBILL
CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linu ...)
	{DSA-1233}
	- linux-2.6 2.6.18-4 (low)
CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref  ...)
	NOT-FOR-US: Netref
CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload  ...)
	NOT-FOR-US: Thepeak File Upload Manager
CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...)
	NOT-FOR-US: OpenPBS
CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern  ...)
	NOT-FOR-US: Textpattern
CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP S ...)
	NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSa ...)
	NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...)
	NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ha ...)
	NOT-FOR-US: Toshiba
CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php  ...)
	NOT-FOR-US: Teake Nutma Foing
CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...)
	- torrentflux 2.1-5 (bug #395930; medium)
CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before  ...)
	NOT-FOR-US: Extended Tracker (xtracker) for Drupal
CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 all ...)
	NOT-FOR-US: INCA IM-204
CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplor ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer ...)
	NOT-FOR-US: phpCards
CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards 1 ...)
	NOT-FOR-US: phpCards
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.0 ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores pass ...)
	NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...)
	NOT-FOR-US: GOOP Gallery
CVE-2006-5597 (join.asp in MiniHTTP Web Forum &amp; File Server PowerPack 4.0 allows  ...)
	NOT-FOR-US: MiniHTTP Web Forum
CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate 4 ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark (formerl ...)
	- wireshark 0.99.4-1 (bug #396258)
CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British Colum ...)
	NOT-FOR-US: iPeer
CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow re ...)
	NOT-FOR-US: Desknet's (niokeru)
CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: PacPoll
CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4 ...)
	NOT-FOR-US: PacPoll
CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach S ...)
	NOT-FOR-US: ArticleBeach Script
CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and e ...)
	NOT-FOR-US: LedgerSMB (LSMB)
CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0  ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ea ...)
	NOT-FOR-US: MDweb
CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...)
	NOT-FOR-US: Microsoft GDI
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and S ...)
	NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 us ...)
	NOT-FOR-US: Microsoft
CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft
CVE-2006-5582
	REJECTED
CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2006-5580
	RESERVED
CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to r ...)
	NOT-FOR-US: Microsoft
CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to o ...)
	NOT-FOR-US: Microsoft
CVE-2006-5576
	REJECTED
CVE-2006-5575
	REJECTED
CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker  ...)
	NOT-FOR-US: Microsoft
CVE-2006-5573
	REJECTED
CVE-2006-5572
	REJECTED
CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks  ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in Cruise ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which a ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.3 ...)
	NOT-FOR-US: WinAmp
CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script allow ...)
	NOT-FOR-US: Shop-Script
CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote att ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro  ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1. ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in Sou ...)
	NOT-FOR-US: SourceForge (gforge is not affected)
CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...)
	NOT-FOR-US: Discuz! GBK
CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch Prog ...)
	NOT-FOR-US: ProgSys
CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...)
	NOT-FOR-US: ADODB.Connection 2.7 ActiveX control
CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and  ...)
	NOT-FOR-US: HP-UX
CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify comm ...)
	NOT-FOR-US: HP-UX
CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other functio ...)
	NOT-FOR-US: swask
CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in EPNad ...)
	NOT-FOR-US: EPNadmin
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows r ...)
	NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 befo ...)
	NOT-FOR-US: Cisco
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and e ...)
	NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow re ...)
	NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause  ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5549
	NOT-FOR-US: Adobe PHP SDK
CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x bef ...)
	NOT-FOR-US: Symantec
CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 allow ...)
	NOT-FOR-US: Microsoft
CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP G ...)
	NOT-FOR-US: PHP Generator of Object SQL Database
CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0. ...)
	- postgresql-7.4 1:7.4.14-1 (unimportant)
	- postgresql-8.1 8.1.5-1 (unimportant)
	[sarge] - postgresql <unfixed> (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remot ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in UeberPr ...)
	NOT-FOR-US: UeberProject Management System
CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attac ...)
	NOT-FOR-US: D-Link
CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm i ...)
	NOT-FOR-US: D-Link
CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...)
	NOT-FOR-US: D-Link
CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager  ...)
	NOT-FOR-US: WebHostManager cPanel
CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zw ...)
	NOT-FOR-US: Zwahlen Online Shop Freeware
CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9,  ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT  ...)
	NOT-FOR-US: RMSOFT Gallery System
CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended Gu ...)
	NOT-FOR-US: Ascended Guestbook
CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/ ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2. ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in Intel ...)
	NOT-FOR-US: InteliEditor
CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foin ...)
	NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10. ...)
	- phplist <itp> (bug #612288)
CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0 ...)
	NOT-FOR-US: EZ-Ticket
CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
	NOT-FOR-US: Kawf
CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03  ...)
	NOT-FOR-US: Net_DNS
CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in DeltaScrip ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5519 (PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_opti ...)
	- egroupware <not-affected> (there is no path variable used to include plugin.php)
CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher Fowl ...)
	NOT-FOR-US: RSSonate
CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island Ope ...)
	NOT-FOR-US: Open Meetings Filing Application
CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in actions/userset ...)
	NOT-FOR-US: WikiNi
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in php ...)
	NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication Cen ...)
	NOT-FOR-US: Web Group Communication
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allo ...)
	NOT-FOR-US: GeoNetwork opensource
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other  ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in  ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities]
	- mysql-dfsg-5.0 5.0.26-1 (low)
CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Onl ...)
	NOT-FOR-US: Zwahlen Online Shop
CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH Pexp ...)
	NOT-FOR-US: Pexplorer
CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book 1 ...)
	NOT-FOR-US: Burning Book
CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burn ...)
	NOT-FOR-US: Burning Book
CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (De ...)
	NOT-FOR-US: Der Dirigent
CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 all ...)
	NOT-FOR-US: WiClear
CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote  ...)
	NOT-FOR-US: 2BGal
CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple Machin ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple Machin ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX contro ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDo ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in in ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9 ...)
	- serendipity 1.0.2-1
CVE-2006-5498 (Directory traversal vulnerability in themes/program/themesettings.inc. ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5497 (PHP remote file inclusion vulnerability in themes/program/themesetting ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...)
	NOT-FOR-US: Timothy Claason KnowledgeBank
CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS  ...)
	NOT-FOR-US: Trawler Web CMS
CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in modules/My_eGall ...)
	NOT-FOR-US: pandaBB for PHP-Nuke
CVE-2006-5493 (PHP remote file inclusion vulnerability in template/purpletech/base_in ...)
	NOT-FOR-US: DigitalHive
CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allo ...)
	NOT-FOR-US: Maarch
CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in UltraCM ...)
	NOT-FOR-US: UltraCMS
CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management Sys ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before H ...)
	NOT-FOR-US: RIM BlackBerry Enterprise Server
CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x ...)
	NOT-FOR-US: Marshal MailMarshal SMTP
CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2bet ...)
	NOT-FOR-US: SpeedBerg
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 an ...)
	NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified d ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified  ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor P ...)
	NOT-FOR-US: Castor
CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Casto ...)
	NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser  ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ge ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2006-5473
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer Libr ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php i ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5470
	REJECTED
CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark (formerl ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
	{DSA-1235-1 DSA-1234-1}
	- ruby1.8 1.8.5-3 (low; bug #398457)
	- ruby1.9 1.9.0+20070606-1 (low)
	[etch] - ruby1.9 <no-dsa> (Minor issue)
CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm  ...)
	- rpm 4.4.1-11 (low; bug #397076)
	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
	NOTE: Only hypothetical, far-fetched attacks feasible
CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
	{DSA-1206-1}
	- php4 4:4.4.4-4 (high; bug #396764)
	- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceweasel 2.0+dfsg-1 (low)
	- icedove 1.5.0.8-1 (low)
	- mozilla <removed> (low)
	- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-67
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used  ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-66
	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
	NOTE: the fixes for CVE-2006-4340 were incomplete
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink mes ...)
	- avahi 0.6.15-1 (low)
CVE-2006-XXXX [diffmon information leakage]
	- diffmon 20020222-2.2 (bug #382132)
CVE-2006-5460
	NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine  ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...)
	NOT-FOR-US: Casino Script (Masvet)
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagi ...)
	{DSA-1213}
	- graphicsmagick 1.1.7-9 (medium)
	- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <no-dsa> (CSRF infrastructure not present, too intrusive to backport)
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.2 ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
	{DSA-1208-1}
	- bugzilla 2.22.1-1 (bug #395094; low)
CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
	NOT-FOR-US: HP Tru64
CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
	- torrentflux 2.1-5 (bug #395099; low)
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
	NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote authentica ...)
	{DSA-1204-1}
	- ingo1 1.1.2-1 (bug #396099)
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Man ...)
	NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web Manag ...)
	NOT-FOR-US: DEV Web Management System (WMS)
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino S ...)
	NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver (channels/chan_sip ...)
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel drive ...)
	{DSA-1229-1}
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Ser ...)
	- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP header ...)
	- viewvc 1.0.3-1 (medium; bug #397669)
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev For ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Mis ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev For ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5437
	NOT-FOR-US: phpAdsNew
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e  ...)
	NOT-FOR-US: FreeFAQ
CVE-2006-5435
	- phpbb2 <not-affected> (not vulnerable)
CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 a ...)
	NOT-FOR-US: P-News
CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
	NOT-FOR-US: ALiCE-CMS
CVE-2006-5432 (Multiple direct static code injection vulnerabilities in db/txt.inc.ph ...)
	NOT-FOR-US: phpPowerCards
CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHP ...)
	NOT-FOR-US: PHPOutsourcing Zorum
CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: db-central (dbc) Enterprise CMS
CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
	NOT-FOR-US: BRIM
CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileg ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
	NOT-FOR-US: Php AMX
CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Cal ...)
	NOT-FOR-US: LoCal Calendar System
CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attac ...)
	NOT-FOR-US: XORP (eXtensible Open Router Platform)
CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial vers ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in L ...)
	NOT-FOR-US: Lou Portail
CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel (p ...)
	NOT-FOR-US: Lodel
CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitra ...)
	NOT-FOR-US: WSN Forum
CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
	NOT-FOR-US: Specimen Image Database (SID)
CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php i ...)
	NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB
CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAf ...)
	NOT-FOR-US: McAfee
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Netwo ...)
	NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in includes/functions_newshr.p ...)
	NOT-FOR-US: News Defilante Horizontale
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to rea ...)
	NOT-FOR-US: Barry Nauta BRIM
CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 f ...)
	NOT-FOR-US: SuperMod for YABB (YaBBSM)
CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_gl ...)
	NOT-FOR-US: PHP Outburst Easynews
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web Publ ...)
	NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/ ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management  ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ID ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket a ...)
	NOT-FOR-US: osTicket
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure pe ...)
	NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver  ...)
	NOT-FOR-US: Toshiba Bluetooth wireless device driver
CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec Autom ...)
	NOT-FOR-US: Symantec
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec Aut ...)
	NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
	NOT-FOR-US: PHPMyBibli
CVE-2006-5401 (PHP remote file inclusion vulnerability in template/barnraiser_01/p_ne ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in CyberBra ...)
	NOT-FOR-US: CyberBrau
CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows  ...)
	NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 an ...)
	- libx11 2:1.0.3-3 (low; bug #398460)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka clspack.ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an uncheck ...)
	NOT-FOR-US: Cisco
CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtSh ...)
	NOT-FOR-US: Cisco
CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCor ...)
	NOT-FOR-US: OpenDock FullCore
CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Xfire
CVE-2006-5390 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: ACP User Registration (MMW) module for phpBB
CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensi ...)
	NOT-FOR-US: PHP-Wyana
CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earli ...)
	NOT-FOR-US: WebSPELL
CVE-2006-5387 (PHP remote file inclusion vulnerability in mods/iai/includes/constants ...)
	NOT-FOR-US: PlusXL phpBB module
CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm W ...)
	NOT-FOR-US: NuralStorm Webmail
CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
	NOT-FOR-US: SpamOborona phpBB module
CVE-2006-5384 (PHP remote file inclusion vulnerability in modification/SendAlertEmail ...)
	NOT-FOR-US: CDS Agenda
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlie ...)
	NOT-FOR-US: Def-Blog
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlie ...)
	NOT-FOR-US: 3Com
CVE-2003-1307
	NOTE: More of an apache flaw than a php flaw. And just one more reason
	NOTE: why you have lost as soon as an attacker can execute arbitrary
	NOTE: php scripts.
	NOTE: http://www.securityfocus.com/bid/9302
	NOTE: Probably an unfixable design flaw. But if you can execute a malicious
	NOTE: program, you can do $BADSTUFF anyway.
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2006-XXXX [unspecified steam cache vulnerability]
	- steam <not-affected> (affects the old steam environment for corporate knowledge management package shipped in lenny and before, not the new Valve steam package)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with insufficie ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5380
	NOT-FOR-US: Contenido CMS
CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics Driv ...)
	- nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
	[sarge] - nvidia-graphics-drivers <not-affected> (1.0.7174 not affected)
	NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards Ente ...)
	NOT-FOR-US: EnterpriseOne
CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in Oracl ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in Oracl ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1  ...)
	NOT-FOR-US: Oracle
CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in Orac ...)
	NOT-FOR-US: Oracle
CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...)
	NOT-FOR-US: Oracle
CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...)
	NOT-FOR-US: Oracle
CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle Appl ...)
	NOT-FOR-US: Oracle
CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle Applicat ...)
	NOT-FOR-US: Oracle
CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer compo ...)
	NOT-FOR-US: Oracle
CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle Applicat ...)
	NOT-FOR-US: Oracle
CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...)
	NOT-FOR-US: Oracle
CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...)
	NOT-FOR-US: Oracle
CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express (fo ...)
	NOT-FOR-US: Oracle
CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running  ...)
	NOT-FOR-US: Oracle
CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collab ...)
	NOT-FOR-US: Oracle
CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Col ...)
	NOT-FOR-US: Oracle
CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Or ...)
	NOT-FOR-US: Oracle
CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in Or ...)
	NOT-FOR-US: Oracle
CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in Or ...)
	NOT-FOR-US: Oracle
CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC)  ...)
	NOT-FOR-US: Oracle
CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for  ...)
	NOT-FOR-US: Oracle
CVE-2006-5331 (The altivec_unavailable_exception function in arch/powerpc/kernel/trap ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/6c4841c2b6c32a134f9f36e5e08857138cc12b10 (2.6.19-rc3)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=213229
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and e ...)
	- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
	NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version)
	NOTE: or not but it's fix in 9.0.31.0.1 for sure.
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
CVE-2006-5329
	REJECTED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earl ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier,  ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5326 (PHP remote file inclusion vulnerability in language/lang/lang_contact_ ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Se ...)
	NOT-FOR-US: dwingmods for phpBB
CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM WebSpher ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow  ...)
	- phplist <itp> (bug #612288)
CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before  ...)
	- phplist <itp> (bug #612288)
CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans No ...)
	NOT-FOR-US: Album Photo Sans Nom
CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows r ...)
	NOT-FOR-US: Foafgen
CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine  ...)
	NOT-FOR-US: Nayco JASmine
CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows r ...)
	NOT-FOR-US: eboli
CVE-2006-5316 (registroTL stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: registroTL
CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL allo ...)
	NOT-FOR-US: registroTL
CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3. ...)
	NOT-FOR-US: TribunaLibre
CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated  ...)
	- hastymail <removed>
CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Sh ...)
	NOT-FOR-US: Ajax Shoutbox
CVE-2006-5311 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...)
	NOT-FOR-US: Buzlas
CVE-2006-5310 (PHP remote file inclusion vulnerability in common/visiteurs/include/me ...)
	NOT-FOR-US: phpMyConferences
CVE-2006-5309 (PHP remote file inclusion vulnerability in language/lang_french/lang_p ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference  ...)
	NOT-FOR-US: Open Conference Systems
CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2 ...)
	NOT-FOR-US: AFGB GUESTBOOK
CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals Sys ...)
	NOT-FOR-US: Journals System module for phpBB
CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr  ...)
	NOT-FOR-US: lat2cyr
CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS  ...)
	NOT-FOR-US: IncCMS Core
CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtai ...)
	NOT-FOR-US: Secure Computing SafeWord RemoteAccess
CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
	NOT-FOR-US: Redaction System
CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in th ...)
	NOT-FOR-US: SpamBlockerMODv module for phpBB
CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 all ...)
	NOT-FOR-US: HP
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gc ...)
	NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlie ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client 1.5.1 ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a contain ...)
	NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist befor ...)
	- phplist <itp> (bug #612288)
CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcin ...)
	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in Exhibi ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-5291 (PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_co ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of X ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 a ...)
	NOT-FOR-US: Vtiger CRM
CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a  ...)
	NOT-FOR-US: Cisco
CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 all ...)
	NOT-FOR-US: Xeobook
CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allow ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
	NOT-FOR-US: XeoPort
CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen  ...)
	NOT-FOR-US: PHP News Reader (aka pnews)
CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 al ...)
	NOT-FOR-US: Minichat
CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and  ...)
	NOT-FOR-US: SH-News
CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board  ...)
	NOT-FOR-US: n@board
CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
	NOT-FOR-US: communityPortals
CVE-2006-5279
	RESERVED
CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data Collec ...)
	NOT-FOR-US: Cisco
CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service  ...)
	NOT-FOR-US: Cisco
CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort befor ...)
	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
CVE-2006-5275
	RESERVED
CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, Pro ...)
	NOT-FOR-US: McAfee
CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through  ...)
	NOT-FOR-US: McAfee
CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
	NOT-FOR-US: McAfee
CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, Pr ...)
	NOT-FOR-US: McAfee
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine (mpengine. ...)
	NOT-FOR-US: Microsoft
CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 al ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5267
	RESERVED
CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Pla ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Pla ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.2 ...)
	NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in phpMyAge ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and e ...)
	- hastymail <removed>
CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 an ...)
	NOT-FOR-US: PHPMyNews
CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2  ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in Compteu ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management befor ...)
	NOT-FOR-US: Asbru Web Content Management
CVE-2006-5257 (PHP remote file inclusion vulnerability in modules/forum/include/confi ...)
	NOT-FOR-US: Ciamos Content Management System
CVE-2006-5256 (PHP remote file inclusion vulnerability in claroline/inc/lib/import.li ...)
	NOT-FOR-US: Claroline
CVE-2006-5255
	NOT-FOR-US: gCards
CVE-2006-5254 (PHP remote file inclusion vulnerability in registration_detailed.inc.p ...)
	NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed
CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana Netwo ...)
	NOT-FOR-US: phpOnline (aka PHP-Online)
CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in We ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a  ...)
	NOT-FOR-US: Deep CMS
CVE-2006-5250 (PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSear ...)
	NOT-FOR-US: BlueShoes
CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in Ta ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical  ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ad ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5244 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Bl ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Do ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...)
	NOT-FOR-US: Etomite Content Management System
CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Ga ...)
	NOT-FOR-US: Easy Gallery
CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in Docmi ...)
	NOT-FOR-US: Docmint
CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 a ...)
	NOT-FOR-US: eXpBlog
CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley Org ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 allow ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows remo ...)
	NOT-FOR-US: 4images
CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php i ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5234
	NOT-FOR-US: phpWebSite
CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0 ...)
	NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone
CVE-2006-5232
	NOT-FOR-US: iSearch
CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, all ...)
	NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9. ...)
	NOT-FOR-US: FreeForum
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote attack ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and v ...)
	NOTE: This issues depends on the stack of selected authentication modules, while
	NOTE: some are resilient against such timing attacks, some aren't
	NOTE: This is inside responsibility of an admin
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php  ...)
	NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2 ...)
	- torrentflux 2.1-4 (bug #392501; low)
CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in Prolog ...)
	NOT-FOR-US: Freenews
CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...)
	NOT-FOR-US: AAIportal
CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php  ...)
	NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB
CVE-2006-5223 (PHP remote file inclusion vulnerability in includes/functions_user_vie ...)
	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of php ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow re ...)
	NOT-FOR-US: Cahier de textes
CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, wh ...)
	NOT-FOR-US: WebYep
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in Mo ...)
	- moodle 1.6.2+20060930-1 (medium; bug #390294)
	[sarge] - moodle <not-affected> (Vulnerable code not present)
CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in  ...)
	NOT-FOR-US: systrace in OpenBSD and NetBSD
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...)
	NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.3 ...)
	NOT-FOR-US: Simple HTTPD
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD befo ...)
	- xdm 1:1.0.5-1 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager (x ...)
	- xdm 1:1.0.5-1 (low)
	- xorg 1:7.1.0-13 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient permis ...)
	NOT-FOR-US: Solaris
CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-1 ...)
	NOT-FOR-US: IronWebMail
CVE-2006-5209 (PHP remote file inclusion vulnerability in admin/admin_topic_action_lo ...)
	NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow re ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5207 (PHP remote file inclusion vulnerability in images/smileys/smileys_pack ...)
	NOT-FOR-US: phpMyTeam
CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote at ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows rem ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted  ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when makin ...)
	NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and  ...)
	- sun-java5 1.5.0-10-1 (bug #393042)
	NOTE: this is similar to CVE-2006-4339
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
	NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
	NOT-FOR-US: Adobe
CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "File ...)
	NOT-FOR-US: WinZip
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
	NOT-FOR-US: Motorola SURFboard
CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 a ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93  ...)
	NOT-FOR-US: net2ftp
CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt W ...)
	NOT-FOR-US: WikyBlog
CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in phpG ...)
	NOT-FOR-US: phpGreetz
CVE-2006-5191 (PHP remote file inclusion vulnerability in includes/functions_static_t ...)
	NOT-FOR-US: Nivisec Static Topics module for phpBB
CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2  ...)
	NOT-FOR-US: osCommerce
CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php i ...)
	NOT-FOR-US: klinza professional cms
CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP G ...)
	NOT-FOR-US: webGENEius GOOP Gallery
CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in B ...)
	NOT-FOR-US: Bulletin Board Ace (BBaCE)
CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in phpMyProfi ...)
	NOT-FOR-US: phpMyProfiler
CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...)
	NOT-FOR-US: HAMweather
CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 all ...)
	NOT-FOR-US: PKR Internet Taskjitsu
CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs D ...)
	NOT-FOR-US: Dayfox Blog
CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ph ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in Seb ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attac ...)
	NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
	- php5 5.2.0-1 (bug #391281; unimportant)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	NOTE: open_basedir is not supported
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise  ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0  ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: TeraStation HD-HTGL
CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 be ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-5
	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
	- linux-2.6 2.6.18-1
CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Co ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Co ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and  ...)
	{DSA-1203-1}
	- libpam-ldap 180-1.2 (bug #392984; medium)
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: Pebble
CVE-2005-4813 (Unspecified vulnerability in Report Application Server (Crystalras.exe ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, all ...)
	NOT-FOR-US: Microsoft
CVE-2006-XXXX [zabbix format string vulnerabilities]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-XXXX [zabbix buffer overflows]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 an ...)
	NOT-FOR-US: BasiliX
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web Sc ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in Sk ...)
	NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...)
	NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly oth ...)
	NOT-FOR-US: IBM
CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved pass ...)
	NOT-FOR-US: IBM
CVE-2006-5160
	- firefox <not-affected> (no real issues)
CVE-2006-5159
	NOT-FOR-US: Bogus Firefox issue
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel be ...)
	- linux-2.6 2.6.15
CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
	NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and Pr ...)
	NOT-FOR-US: McAfee
CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2 ...)
	NOT-FOR-US: VideoDB
CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal  ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for  ...)
	NOT-FOR-US: HP
CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before 0.5. ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b a ...)
	NOT-FOR-US: Forum82
CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml  ...)
	NOT-FOR-US: VAMP Webmail
CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow rem ...)
	NOT-FOR-US: Yblog
CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow re ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in OlateDow ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 a ...)
	NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 cli ...)
	NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. Gord ...)
	NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...)
	NOT-FOR-US: Image Host Script (phpkimagehost)
CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to corru ...)
	NOT-FOR-US: MkPortal
CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee UBB.t ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in  ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow r ...)
	NOT-FOR-US: A-Blog
CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to c ...)
	NOT-FOR-US: Mercury SiteScope
CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have  ...)
	NOT-FOR-US: GuildFTPd
CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0  ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another  ...)
	NOT-FOR-US: just another flat file (JAF) CMS
CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso  ...)
	NOT-FOR-US: ConPresso
CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...)
	NOT-FOR-US: ConPresso
CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by home ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ph ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenthe ...)
	NOT-FOR-US: PHProjekt
CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteSco ...)
	NOT-FOR-US: SiteScope
CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the Admi ...)
	NOT-FOR-US: PostNuke
CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer R ...)
	NOT-FOR-US: Red Mombin
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5  ...)
	NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD packa ...)
	NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web do ...)
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
	NOTE: Only path disclosure
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdm ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b3906852bbcb5c4e116cc20e214b7f6793ca97aa
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ac2f606a21d474596a4b2cada961385439cbc8f0
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/50319d634c620044a0542495939cd68530f00259
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows rem ...)
	NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP In ...)
	NOT-FOR-US: SAP
CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exp ...)
	NOT-FOR-US: Exporia
CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by gpg ...)
	- libksba 0.9.14-1 (low; bug #391278)
	[sarge] - libksba <no-dsa> (Minor issue)
CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2. ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: CubeCart
CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeC ...)
	NOT-FOR-US: CubeCart
CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x all ...)
	NOT-FOR-US: CubeCart
CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 f ...)
	NOT-FOR-US: FacileForms for Mambo and Joomla!
CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1  ...)
	NOT-FOR-US: SyntaxCMS
CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x all ...)
	NOT-FOR-US: vBulletin
CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew  ...)
	NOT-FOR-US: bbsNew
CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV I ...)
	NOT-FOR-US: Comdev CSV Importer
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in WEB//NE ...)
	NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attack ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5097
	NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: VirtueMart
CVE-2006-5095
	NOT-FOR-US: MyPhotos
CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php i ...)
	NOT-FOR-US: phpBB XS
CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in A-Bl ...)
	NOT-FOR-US: A-Blog
CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Sa ...)
	NOT-FOR-US: HP-UX Samba
CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evoluti ...)
	NOT-FOR-US: Phoenix Evolution CMS (PECMS)
CVE-2006-5089
	NOT-FOR-US: My-BIC
CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...)
	NOT-FOR-US: phpMyChat
CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ea ...)
	NOT-FOR-US: evoBB
CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay Sk ...)
	NOT-FOR-US: Skype
CVE-2006-5083 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: Integrated MODs (IM) Portal
CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...)
	NOT-FOR-US: Movable Type
CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt Hum ...)
	NOT-FOR-US: paBugs
CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in Kristia ...)
	NOT-FOR-US: Polaring
CVE-2006-5077 (PHP remote file inclusion vulnerability in admin/admin_topic_action_lo ...)
	NOT-FOR-US: Minerva
CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back ...)
	NOT-FOR-US: OpenConcept Back-End
CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 1 ...)
	NOT-FOR-US: Solaris
CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2. ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary fi ...)
	- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0. ...)
	NOT-FOR-US: eyeOS
CVE-2006-5070 (PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links. ...)
	NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
	- typo3-src <not-affected> (only versions 4.0.0+4.0.1 affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in Brudaswe ...)
	NOT-FOR-US: BrudaNews
CVE-2006-5067
	NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0 ...)
	NOT-FOR-US: DanPHPSupport
CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in Zoo ...)
	NOT-FOR-US: ZoomStats
CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 an ...)
	NOT-FOR-US: BirdBlog
CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote a ...)
	{DSA-1242-1}
	- elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-5062 (PHP remote file inclusion vulnerability in templates/pb/language/lang_ ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Sc ...)
	NOT-FOR-US: Advanced-Clan-Script (AVCX)
CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.1 ...)
	NOT-FOR-US: Jamroom
CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4. ...)
	NOT-FOR-US: WWWthreads
CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
	NOT-FOR-US: Call of Duty
CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net Phot ...)
	NOT-FOR-US: PhotoStore
CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/V ...)
	NOT-FOR-US: Opial Audio/Video Download Management
CVE-2006-5055 (PHP remote file inclusion vulnerability in admin/testing/tests/0004_in ...)
	NOT-FOR-US: syntaxCMS
CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Bet ...)
	NOT-FOR-US: iyzi Forum
CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in Web ...)
	NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
	[etch] - openssh <no-dsa> (Minor issue)
	- openssh 1:4.6p1-1 (low)
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote atta ...)
	{DSA-1638-1 DSA-1212 DSA-1189-1}
	- openssh 1:4.6p1-1 (low)
	- openssh-krb5 <removed> (high)
	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
	NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox allo ...)
	- busybox <not-affected> (bug #390555; irreproducible)
	[sarge] - busybox <not-affected> (Vulnerable code not present)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component 1 ...)
	NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images  ...)
	NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 compon ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and e ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component  ...)
	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard  ...)
	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly com_hotpropertie ...)
	NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspeci ...)
	NOT-FOR-US: SEF404x (com_sef) for Joomla!
CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for J ...)
	NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07,  ...)
	NOT-FOR-US: FiWin
CVE-2006-5037
	NOT-FOR-US: MySource Matrix
CVE-2006-5036
	NOT-FOR-US: MySource Matrix
CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Comp ...)
	NOT-FOR-US: vCAP
CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
	NOT-FOR-US: vCAP
CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith  ...)
	NOT-FOR-US: vCAP
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1. ...)
	NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in Cak ...)
	- cakephp 1.1.13.4450-1
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 2.0. ...)
	NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board (wB ...)
	NOT-FOR-US: WoltLab Burning Board (wBB)
CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in SW ...)
	NOT-FOR-US: Plesk
CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
	NOT-FOR-US: JevonCMS
CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
	NOT-FOR-US: xweblog
CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in Josh ...)
	NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0 ...)
	NOT-FOR-US: RedBLoG
CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 a ...)
	NOT-FOR-US: SolidState
CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Google Mini
CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an I ...)
	NOT-FOR-US: ContentKeeper
CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and  ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava G ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
	NOT-FOR-US: Kietu
CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remot ...)
	NOT-FOR-US: cPanel
CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 syst ...)
	NOT-FOR-US: Solaris
CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925  ...)
	NOT-FOR-US: Solaris
CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows l ...)
	NOT-FOR-US: AIX
CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows a ...)
	NOT-FOR-US: AIX
CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local user ...)
	NOT-FOR-US: AIX
CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5 ...)
	NOT-FOR-US: AIX
CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5. ...)
	NOT-FOR-US: AIX
CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5 ...)
	NOT-FOR-US: AIX
CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 throu ...)
	NOT-FOR-US: AIX
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 be ...)
	NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and p ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4999
	RESERVED
CVE-2006-4998
	RESERVED
CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 fo ...)
	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestat ...)
	NOT-FOR-US: BSQ Sitestats for Joomla!
CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache Friend ...)
	NOT-FOR-US: XAMPP
CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4. ...)
	NOT-FOR-US: AllMyGuests
CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...)
	NOT-FOR-US: JD-WordPress for Joomla!
CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows p ...)
	NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager
CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow  ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michael ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick Michaeli ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandS ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSi ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network w ...)
	NOT-FOR-US: Cisco
CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device prop ...)
	NOT-FOR-US: Cisco
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass co ...)
	NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before  ...)
	{DSA-1198-1 DSA-1197-1}
	- python2.5 2.5-1 (bug #391589)
	- python2.4 2.4.3-9 (bug #391589)
	- python2.3 2.3.5-16 (bug #393053)
	- python2.2 <not-affected> (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php i ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) back/upload_i ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote attac ...)
	- libphp-adodb <unfixed> (unimportant)
	- gallery2 <removed> (unimportant)
	- phppgadmin 5.1+ds-1 (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpwiki <unfixed> (unimportant)
	- moodle <removed> (unimportant)
	NOTE: full path is known in Debian anyway
CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain JavaScri ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows re ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual  ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM E-C ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce  ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4968 (PHP remote file inclusion vulnerability in includes/functions_admin.ph ...)
	NOT-FOR-US: PNphpBB
	NOTE: code in phpBB is different and not affected
CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart al ...)
	NOT-FOR-US: NextAge Cart
CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in chump ...)
	NOT-FOR-US: phpQuestionnaire
CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ex ...)
	NOT-FOR-US: Apple
	NOTE: also used for related MFSA-2007-28, but still a QuickTime/Windows only issue
CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3  ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in public_ ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon  ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows rem ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Glob ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...)
	NOT-FOR-US: MyReview
CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in  ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon  ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not v ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows rem ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute a ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...)
	NOT-FOR-US: Cisco
CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profil ...)
	NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFT ...)
	NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keyw ...)
	NOT-FOR-US: Search Keywords module for Drupal
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in  ...)
	NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Fre ...)
	NOT-FOR-US: DigitalWebShop
CVE-2006-4944 (PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.ph ...)
	NOT-FOR-US: ProgSys
CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (File not present)
CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ...)
	- moodle 1.6.2-1
CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ...)
	- moodle 1.6.2-1
CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (Function not present)
CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of certai ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...)
	- moodle 1.6.2-1
CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id  ...)
	- moodle 1.6.2-1
CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle up ...)
	- moodle 1.6.2-1
CVE-2006-4934
	RESERVED
CVE-2006-4933
	RESERVED
CVE-2006-4932
	RESERVED
CVE-2006-4931
	RESERVED
CVE-2006-4930
	RESERVED
CVE-2006-4929
	RESERVED
CVE-2006-4928
	RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drive ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and  ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
	NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
	{DSA-1304}
	- linux-2.6 2.6.14
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial o ...)
	- openssh 1:5.1p1-5 (unimportant)
	NOTE: That's a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, all ...)
	{DSA-1212 DSA-1189-1}
	- openssh 1:4.3p2-4 (low; bug #389995)
	- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Po ...)
	NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in starnet/editors/htmlarea/pop ...)
	NOT-FOR-US: Site@School
CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 an ...)
	NOT-FOR-US: Site@School
CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S ...)
	NOT-FOR-US: Site@School
CVE-2006-4919 (Directory traversal vulnerability in starnet/editors/htmlarea/popups/i ...)
	NOT-FOR-US: Site@School
CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple Discussio ...)
	NOT-FOR-US: Simple Discussion Board
CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7. ...)
	NOT-FOR-US: PT News
CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1. ...)
	NOT-FOR-US: Tekman Portal
CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate Port ...)
	NOT-FOR-US: Innovate Portal
CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote att ...)
	NOT-FOR-US: A.l-Pifou
CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in Alstr ...)
	NOT-FOR-US: AlstraSoft E-friends
CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earli ...)
	NOT-FOR-US: PHP DocWriter
CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 bef ...)
	NOT-FOR-US: Cisco
CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before 4.1(5c) ...)
	NOT-FOR-US: Cisco
CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigatio ...)
	NOT-FOR-US: Cisco
CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: OSU
CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: OSU
CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in More.group ...)
	NOT-FOR-US: More.groupware
CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...)
	NOT-FOR-US: Artmedic Links
CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-C ...)
	NOT-FOR-US: X-Cart
CVE-2006-4903
	RESERVED
CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up  ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust S ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security Com ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in  ...)
	NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web do ...)
	NOT-FOR-US: CMtextS
CVE-2006-4896
	REJECTED
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to del ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in  ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4893 (PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_ ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manage ...)
	NOT-FOR-US: Techno Dreams FAQ
CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams  ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...)
	NOT-FOR-US: UNAK-CMS
CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKor ...)
	NOT-FOR-US: Telekorn SignKorn Guestbook
CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...)
	NOT-FOR-US: Apple
CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise  ...)
	NOT-FOR-US: McAfee
CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and e ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSuppo ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDir ...)
	NOT-FOR-US: IDevSpot BizDirectory
CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon Car ...)
	NOT-FOR-US: Cart 3
CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett P ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ( ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett PHP-P ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0  ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote att ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4875 (Unrestricted file upload vulnerability in modules/galleryuploadfunctio ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS all ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Jangh ...)
	NOT-FOR-US: ECardPro
CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan J ...)
	NOT-FOR-US: EShoppingPro
CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, an ...)
	NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ph ...)
	NOT-FOR-US: phpunity.postcard
CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine (v ...)
	NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allo ...)
	NOT-FOR-US: GNUTurk
CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in R ...)
	NOT-FOR-US: Apple
CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...)
	NOT-FOR-US: ReviewPost
CVE-2006-4863
	NOT-FOR-US: mcLinksCounter
CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote  ...)
	NOT-FOR-US: easypage
CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panj ...)
	NOT-FOR-US: Complain Center
CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc ...)
	NOT-FOR-US: Limbo
CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the Cont ...)
	NOT-FOR-US: Limbo
CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in t ...)
	NOT-FOR-US: Serverstat (com_serverstat) component for Mambo
CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in Cli ...)
	NOT-FOR-US: ClickBlog
CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogge ...)
	NOT-FOR-US: WebLogger
CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006  ...)
	NOT-FOR-US: Symantec
CVE-2006-4854
	REJECTED
CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1. ...)
	NOT-FOR-US: Haberx
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allow ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHT ...)
	NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIn ...)
	NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in MobilePublish ...)
	NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848
	NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced Acces ...)
	NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in includes/footer.html.inc.ph ...)
	NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in inc/claro_init_local.inc.ph ...)
	NOT-FOR-US: Claroline
CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in S ...)
	- xulrunner 1.8.0.9-1 (low; bug #405062)
	[sarge] - mozilla <no-dsa> (Minor issue)
	NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
CVE-2006-4841
	RESERVED
CVE-2006-4840
	REJECTED
CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Sophos
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6 ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6. ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows r ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attacke ...)
	NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
	NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 1 ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT S ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before 0 ...)
	NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in D ...)
	NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
	NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in PhotoPo ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1 ...)
	NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed Port ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index. ...)
	NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in Quick ...)
	NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in Re ...)
	NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in eM ...)
	NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview  ...)
	NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11. ...)
	NOT-FOR-US: HP-UX
CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attacke ...)
	NOT-FOR-US: Opera
CVE-2006-4818
	RESERVED
CVE-2006-4817
	RESERVED
CVE-2006-4816
	RESERVED
CVE-2006-4815
	RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not prop ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
	- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6 ...)
	{DSA-1233}
	- linux-2.6 2.6.13-1
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
	- php4 <not-affected>
	- php5 5.1.6-5 (bug #391586)
CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 bef ...)
	{DSA-1200-1}
	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
	- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used b ...)
	{DSA-1219}
	- texinfo 4.8.dfsg.1-4
CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, an ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allo ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote attack ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...)
	{DSA-1201-1}
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4804
	RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in Sym ...)
	NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possi ...)
	NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p200605 ...)
	{DSA-1215}
	- ffmpeg 0.cvs20060329-1
	- xmovie <removed>
	- xine-lib 1.1.2-1
	- gst-ffmpeg 0.8.7-7 (medium; bug #401304)
	- gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311)
	- mplayer 1.0~rc1-1
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow contex ...)
	{DSA-1215}
	- xine-lib 1.1.2-1 (bug #369876; medium)
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which mig ...)
	- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Inter ...)
	NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums  ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allo ...)
	NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 a ...)
	NOT-FOR-US: TualBLOG
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...)
	{DSA-1217}
	- linux-ftpd 0.17-23 (low; bug #384454)
CVE-2006-XXXX [ejabberd HTML code injection]
	- ejabberd 1.1.1-8
CVE-2006-4792
	RESERVED
CVE-2006-4791
	RESERVED
CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users t ...)
	NOT-FOR-US: Open Movie Editor
CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in Tel ...)
	NOT-FOR-US: SignKorn Guestbook
CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive informa ...)
	NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive i ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earli ...)
	- moodle 1.6.2-1 (medium; bug #387177)
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 an ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earl ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals i ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in p ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4779 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before 3. ...)
	NOT-FOR-US: Creative Commons Tools ccHost
CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control (Direct ...)
	NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and Cat ...)
	NOT-FOR-US: Cisco
CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows  ...)
	NOT-FOR-US: Cisco
CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earl ...)
	NOT-FOR-US: Sun StorEdge
CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 all ...)
	NOT-FOR-US: ForumJBC
CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0  ...)
	NOT-FOR-US: MiniPort@l
CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 al ...)
	NOT-FOR-US: p4CMS
CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst Newsscrip ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst Newsscr ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows a ...)
	NOT-FOR-US: NETGEAR
CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE W ...)
	NOT-FOR-US: WTools
CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lig ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...)
	NOT-FOR-US: Ykoon RssReader
CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman S ...)
	NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...)
	NOT-FOR-US: RSSOwl
CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname end ...)
	NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which a ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-4 (bug #388120; unimportant)
	NOTE: Only exploitable by admins, which you'd need to trust
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 0. ...)
	NOT-FOR-US: e107
CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and  ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirector ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...)
	NOT-FOR-US: PHProg
CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 al ...)
	NOT-FOR-US: PHProg
CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote att ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Mat ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4750 (PHP remote file inclusion vulnerability in openi-admin/base/fileloader ...)
	NOT-FOR-US: OPENi-CMS
CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Tra ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow rem ...)
	NOT-FOR-US: F-ART BLOG:CMS
CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAd ...)
	NOT-FOR-US: IdevSpot TextAds
CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php  ...)
	NOT-FOR-US: Web Server Creator
CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to p ...)
	NOT-FOR-US: ScaryBear PocketExpense Pro
CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication  ...)
	NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...)
	- wordpress 2.0.5-0.1 (unimportant)
	NOTE: path disclosure only
CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot P ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in IDevSp ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote a ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allo ...)
	NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sens ...)
	- magpierss <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php i ...)
	- tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122)
CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...)
	NOT-FOR-US: simple, integrated publishing system (SIPS)
CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unkn ...)
	NOT-FOR-US: Microsoft
CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in sipssys/c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated publishi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) a ...)
	{DSA-1239-1}
	- sql-ledger 2.6.19-1
CVE-2006-4730
	RESERVED
CVE-2006-4729
	RESERVED
CVE-2006-4728
	RESERVED
CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in  ...)
	NOT-FOR-US: Tumbleweed EMF Administration Module
CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 th ...)
	NOT-FOR-US: Adobe
CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security r ...)
	NOT-FOR-US: Adobe
CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in  ...)
	NOT-FOR-US: Adobe
CVE-2006-4723 (PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/che ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB ...)
	NOT-FOR-US: Open Bulletin Board (OpenBB)
CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports  ...)
	NOT-FOR-US: CCleague Pro Sports CMS
CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...)
	NOT-FOR-US: mcGalleryPRO
CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1. ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...)
	NOT-FOR-US: KorviBlog
CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module bef ...)
	NOT-FOR-US: Pubcookie module for Drupal
CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft  ...)
	NOT-FOR-US: Fire Soft Board (FSB)
CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Arti ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivv ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...)
	NOT-FOR-US: PSYWERKS PUMA
CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allo ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remo ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedD ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows re ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic Gamb ...)
	NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker (WMIScript ...)
	NOT-FOR-US: Microsoft
CVE-2006-4703
	REJECTED
CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2006-4701
	REJECTED
CVE-2006-4700
	REJECTED
CVE-2006-4699
	REJECTED
CVE-2006-4698
	REJECTED
CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...)
	NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows 2 ...)
	NOT-FOR-US: Microsoft
CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for M ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager (packa ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in th ...)
	NOT-FOR-US: Microsoft
CVE-2006-4690
	REJECTED
CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for Net ...)
	NOT-FOR-US: Microsoft
CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core S ...)
	NOT-FOR-US: Microsoft
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 thro ...)
	{DSA-1176-1}
	- zope2.7 <removed>
	- zope2.8 2.8.8-2
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
	NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director befo ...)
	NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords wh ...)
	NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, whic ...)
	- dokuwiki 0.0.20060309-5.1 (low; bug #388082)
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
	NOT-FOR-US: News Evolution
CVE-2006-4677
	NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and  ...)
	NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in DokuWik ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki bef ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
	NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic  ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Galler ...)
	NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...)
	NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley A ...)
	NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote at ...)
	NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst New ...)
	NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...)
	NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: Premod Shadow
CVE-2006-4663
	NOT-FOR-US: User problem
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ  ...)
	NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not prop ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed mo ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 u ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses  ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 store ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in admin/editeur/spaw_control. ...)
	NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...)
	NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...)
	NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store sens ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a def ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly  ...)
	NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the  ...)
	NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ( ...)
	NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ( ...)
	NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...)
	NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto mo ...)
	NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...)
	NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in  ...)
	NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeag ...)
	NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator p ...)
	NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal  ...)
	NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News 0. ...)
	NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1  ...)
	NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlie ...)
	NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ear ...)
	NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ear ...)
	NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in So ...)
	NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING  ...)
	NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php  ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...)
	NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via Mic ...)
	NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4. ...)
	NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	- php5 5.2.0-1 (bug #391281; unimportant)
	NOTE: open_basedir violations not supported in Debian's PHP
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 al ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation compo ...)
	{DSA-1304}
	- linux-2.6 2.6.18-1
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server Creat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3 ...)
	{DSA-1182-1}
	NOTE: GNUTLS-SA-2006-4
	- gnutls13 1.4.4-1 (high)
	- gnutls12 <removed> (high)
	- gnutls11 <removed> (high)
CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack]
	NOTE: GNUTLS-SA-2006-3 (withdrawn)
	- gnutls13 1.4.3-1 (unimportant)
	- gnutls12 <removed> (unimportant)
	- gnutls11 <removed> (unimportant)
CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV (ak ...)
	NOT-FOR-US: AnnonceV
CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2,  ...)
	NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with M ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...)
	NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in  ...)
	- libphp-adodb <not-affected> (vulnerable code seems to be In-link specific)
	- egroupware <not-affected> (vulnerable code seems to be In-link specific)
	- moodle <not-affected> (vulnerable code seems to be In-link specific)
	- phppgadmin <not-affected> (vulnerable code seems to be In-link specific)
	- gallery2 <not-affected> (vulnerable code seems to be In-link specific)
	- phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger CR ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise befo ...)
	NOT-FOR-US: MailEnable
CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores  ...)
	NOT-FOR-US: Shape Services
CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords i ...)
	NOT-FOR-US: PDAapps Verichat
CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow  ...)
	NOT-FOR-US: SnapGear
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows re ...)
	NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks bef ...)
	NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.1 ...)
	NOT-FOR-US: GrapAgenda
CVE-2006-4609
	NOT-FOR-US: PHProjekt
CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome  ...)
	NOT-FOR-US: php-Revista
CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote atta ...)
	NOT-FOR-US: php-Revista
CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1 ...)
	NOT-FOR-US: php-Revista
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php i ...)
	NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass aut ...)
	NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows r ...)
	NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...)
	- openldap2.3 2.3.25-1
	- openldap2.2 <removed> (low)
	- openldap2 <not-affected> (low) (slapd not built from this version)
CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator  ...)
	NOT-FOR-US: Autentificator
CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 al ...)
	NOT-FOR-US: ssLinks
CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier  ...)
	NOT-FOR-US: ICBlogger
CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...)
	NOT-FOR-US: MyBace Light Skrip
CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under the web do ...)
	NOT-FOR-US: muforum
CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Tra ...)
	NOT-FOR-US: phpAtm
CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 an ...)
	NOT-FOR-US: SoftBB
CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...)
	NOT-FOR-US: Simple Blog
CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Templ ...)
	NOT-FOR-US: AltraSoft Template Seller
CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...)
	NOT-FOR-US: Jetstat.com JS ASP Faq Manager
CVE-2006-4589 (PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte ...)
	NOT-FOR-US: DynCMS
CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to byp ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2. ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash f ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add  ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...)
	NOT-FOR-US: FlashChat
CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1. ...)
	NOT-FOR-US: The Address Book
CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e valid ...)
	NOT-FOR-US: The Address Book
CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to bypa ...)
	NOT-FOR-US: The Address Book
CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book 1.0 ...)
	NOT-FOR-US: The Address Book
CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...)
	NOT-FOR-US: The Address Book
CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Boo ...)
	NOT-FOR-US: The Address Book
CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e all ...)
	NOT-FOR-US: The Address Book
CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow ...)
	NOT-FOR-US: The Address Book
CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark (formerl ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...)
	{DSA-1202-1}
	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows re ...)
	- linux-2.6 2.6.18.dfsg.1-9 (medium)
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-64
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "L ...)
	{DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-63
	- thunderbird 1.5.0.7-1
	- mozilla <removed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...)
	NOTE: MFSA-2006-62
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
	[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-61
	- mozilla <removed> (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
	NOTE: MFSA-2006-58
	- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
	- thunderbird 1.5.0.7-1 (unimportant)
	[sarge] - mozilla-firefox <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple Mach ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-4562
	NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary J ...)
	- xulrunner 1.8.0.7-1 (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to execu ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another Comm ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4557
	NOT-FOR-US: Discloser
CVE-2006-4556
	NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control a ...)
	NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ZOO-proces ...)
	NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the com ...)
	NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01- ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows re ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allo ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the sourc ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...)
	NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain sen ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have adm ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4545
	NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...)
	NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34  ...)
	NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a  ...)
	{DSA-1199-1}
	- webmin <removed> (bug #391284)
	- usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly  ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.c ...)
	NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) includes/widge ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platfor ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.17-9
CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alph ...)
	NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0. ...)
	NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local u ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.18-1
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6  ...)
	NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...)
	NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in me ...)
	NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5.  ...)
	NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5  ...)
	NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when  ...)
	NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in Cub ...)
	NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlie ...)
	NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz  ...)
	NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and Offic ...)
	NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows loca ...)
	NOT-FOR-US: IBM AIX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to  ...)
	- libphp-adodb <not-affected>
	- egroupware <not-affected>
	- moodle <not-affected>
	- phppgadmin 4.0.1-2 (unimportant)
	- gallery2 <not-affected>
	- phpwiki <unfixed> (unimportant)
CVE-2006-XXXX [hostapd dos]
	- hostapd 1:0.5.4-1
	[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS modu ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to  ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
	RESERVED
CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in Gn ...)
	{DSA-1221-1}
	- libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly mswor ...)
	- wv 1.2.4-1 (bug #396256; medium)
	- abiword 2.4.6-1
	[sarge] - abiword 2.4.6-1.1 (bug #396360)
	NOTE: exact abiword fixed version not known, but <= 2.4.6-1
CVE-2006-4512
	RESERVED
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in No ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in th ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1 ...)
	- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
	NOT-FOR-US: Sony
	NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to  ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows re ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allo ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURL ...)
	NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAl ...)
	NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows re ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar  ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ins ...)
	NOT-FOR-US: xbiff2
	NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows a ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2( ...)
	NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before 6 ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07 ...)
	NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in modules/userstop/userstop.p ...)
	NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web doc ...)
	NOT-FOR-US: DUpoll
CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, wh ...)
	{DSA-1331-1}
	- php5 5.1.6-1
	- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
	- php5 5.1.6-1
	- php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ...)
	- libgd2 2.0.33-5.1 (medium; bug #384838)
	- xloadimage <unfixed> (unimportant; bug #384841)
	NOTE: xloadimage is a crasher only, not a security problem
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) wor ...)
	{DSA-1206-1}
	- php5 5.1.6-1 (medium)
	- php4 4:4.4.4-1 (medium)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5  ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Basedir violations not supported
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Sh ...)
	NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ez ...)
	NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers e ...)
	NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla!
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups functi ...)
	NOT-FOR-US: Joomla!
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, whe ...)
	NOT-FOR-US: Joomla!
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow at ...)
	NOT-FOR-US: Joomla!
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows r ...)
	NOT-FOR-US: Joomla!
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defi ...)
	NOT-FOR-US: Joomla!
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows  ...)
	NOT-FOR-US: Joomla!
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla!
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0 ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
	NOT-FOR-US: Joomla!
CVE-2006-4465
	NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allo ...)
	NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in Jets ...)
	NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
	NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0. ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause  ...)
	NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in calendar/inc/class.holidaycalc.in ...)
	- phpgroupware 0.9.16.011-1 (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
	NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard 2 ...)
	NOT-FOR-US: phpECard
CVE-2006-4455
	- xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...)
	NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allow ...)
	NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in security/include/_class.sec ...)
	NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows  ...)
	NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, a ...)
	- phpbb2 2.0.21-1 (unimportant)
	NOTE: That's by design and even disabled by default
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in MyBullet ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, wh ...)
	NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ...)
	{DSA-1193-1}
	- xbase-clients 1:7.1.ds-2 (unimportant)
	- xtrans 1.0.0-6 (unimportant)
	- xorg-server 1:1.0.2-9 (low)
	- libx11 2:1.0.0-7 (unimportant)
	- xdm 1:1.0.5-1 (unimportant)
	- xterm <unfixed> (unimportant)
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ( ...)
	NOT-FOR-US: Microsoft
CVE-2006-4445
	NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Wind ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0. ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System Soluti ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System Solut ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure  ...)
	NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33 ...)
	NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to e ...)
	NOT-FOR-US: Tagger LE
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla a ...)
	- mozilla <removed> (low)
	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
	- xulrunner <not-affected>
	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 S ...)
	- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Se ...)
	{DSA-1175-1}
	- isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows context-depende ...)
	NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote a ...)
	{DSA-1164}
	- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.4-0.1 (unimportant)
	NOTE: Sanitising this is an application's job
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier a ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows r ...)
	NOT-FOR-US: Cisco
CVE-2006-4429
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4428
	NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass a ...)
	NOT-FOR-US: eFiction
CVE-2006-4426 (PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurit ...)
	NOT-FOR-US: AlberT-EasySite
CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 al ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 all ...)
	NOT-FOR-US: Bigace
CVE-2006-4422
	NOT-FOR-US: Jetbox CMS
CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in template/default/thanks_co ...)
	NOT-FOR-US: Yet Another PHP Image Gallery
CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 a ...)
	NOT-FOR-US: Phaos
CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows remo ...)
	NOT-FOR-US: ProManager
CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a Op ...)
	NOT-FOR-US: Wikepage
CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 all ...)
	NOT-FOR-US: Xoops
CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4415
	RESERVED
CVE-2006-4414
	RESERVED
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain  ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x thr ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
	RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when u ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier al ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X 10 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 throug ...)
	NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier do ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3. ...)
	NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, al ...)
	NOT-FOR-US: Mac OS
CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 throug ...)
	NOT-FOR-US: Mac OS
CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X 1 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remo ...)
	NOT-FOR-US: Mac OS
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the  ...)
	NOT-FOR-US: Mac OS
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted r ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4383
	RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-a ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service (p ...)
	{DSA-1169}
	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
	- mysql-dfsg <not-affected> (only 4.1 affected)
	- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaborati ...)
	NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378
	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechn ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch  ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4375
	NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd)
CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause  ...)
	NOT-FOR-US: IrfanView
CVE-2006-4373 (PHP remote file inclusion vulnerability in modules/visitors2/include/c ...)
	NOT-FOR-US: pSlash
CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php  ...)
	NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo
CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 a ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibl ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4368 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack 1. ...)
	NOT-FOR-US: All Topics Hack for phpBB
CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 al ...)
	NOT-FOR-US: RedBLoG
CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 a ...)
	NOT-FOR-US: VistaBB
CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N Techn ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
	NOT-FOR-US: CropImage component (com_cropimage) for Mambo
CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid M ...)
	NOT-FOR-US: Diesel Paid Mail
CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forg ...)
	NOT-FOR-US: Diesel Job Site
CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal  ...)
	NOT-FOR-US: E-commerce for Drupal
CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 38 ...)
	NOT-FOR-US: PowerZip
CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay al ...)
	NOT-FOR-US: Diesel Pay
CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
	NOT-FOR-US: Diesel Smart Traffic
CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module (easylinks.modu ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (e ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in P ...)
	NOT-FOR-US: Phome Empire CMS
CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server 4 ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content Ser ...)
	NOT-FOR-US: Cisco
CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6 ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows r ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4349
	NOT-FOR-US: ToendaCMS
CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
	NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla!
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request handl ...)
	NOT-FOR-US: Cool Manager
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to det ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asteris ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) bef ...)
	NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL 0.9. ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...)
	- linux-2.6 <not-affected> (Flaw specific to Red Hat backport)
CVE-2006-4341
	REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used  ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, wh ...)
	{DSA-1174-1 DSA-1173-1}
	- openssl 0.9.8b-3 (medium)
	- openssl097 0.9.7i-2 (medium)
	- openssl096 <removed>
CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent at ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (medium)
	- lha 1.14i-10.1 (medium; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in gzi ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5  ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH dec ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent attac ...)
	{DSA-1974-1 DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 all ...)
	{DSA-1171}
	- wireshark 0.99.2-5.1 (low; bug #384529)
	- ethereal <removed> (low; bug #384528)
CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
	- wireshark <not-affected> (windows only)
	- ethereal <not-affected> (windows only)
CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in Wires ...)
	- wireshark 0.99.2-5.1 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
	- wireshark 0.99.2-5 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising R ...)
	NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive Link ...)
	NOT-FOR-US: CloudNine
CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in  ...)
	NOT-FOR-US: CloudNine
CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, I ...)
	NOT-FOR-US: Ichitaro
CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbo ...)
	NOT-FOR-US: Doika
CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFre ...)
	NOT-FOR-US: CityForFree
CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0,  ...)
	NOT-FOR-US: CityForFree
CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the Esta ...)
	NOT-FOR-US: Mambo
CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine P ...)
	NOT-FOR-US: Mambo
CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0. ...)
	NOT-FOR-US: OpenSEF for Joomla
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows l ...)
	NOT-FOR-US: Solaris
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to execut ...)
	NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab  ...)
	NOT-FOR-US: WoltLab
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root priv ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia prod ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
	NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentr ...)
	NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise Adressboo ...)
	NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of s ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
	- iceweasel 2.0+dfsg-1
	- mozilla <removed>
	- mozilla-firefox <removed>
	- xulrunner 1.8.0.8-1
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not passw ...)
	NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Lear ...)
	NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allow ...)
	NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote att ...)
	{DSA-1190-1}
	- maxdb-7.5.00 7.5.00.34-5 (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
	- kfreebsd-5 5.4-18 (bug #391289)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solar ...)
	NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Star ...)
	- sun-java5 1.5.0-07-1
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earl ...)
	NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in Ti ...)
	- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in osCommerc ...)
	NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before  ...)
	NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-B ...)
	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda Activ ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4 ...)
	- twiki 1:4.0.4-3 (bug #389267; low)
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows re ...)
	- honeyd 1.5b-1 (low; bug #384806)
	[sarge] - honeyd <no-dsa> (Minor issue)
CVE-2006-4291 (PHP remote file inclusion vulnerability in handlers/email/mod.listmail ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x,  ...)
	NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x befor ...)
	NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
	NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
	NOT-FOR-US: NES Game and NES System
CVE-2006-4286
	NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News  ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier  ...)
	NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Ed ...)
	NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the Mambo ...)
	NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in AkoComme ...)
	NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280
	NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ear ...)
	NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in includes/layout/plain.foote ...)
	NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 a ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier  ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the Cata ...)
	NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
	REJECTED
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 an ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
	NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269
	NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
	NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier  ...)
	NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
	NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows re ...)
	NOT-FOR-US: Kaspersky
CVE-2006-4264
	NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product Scro ...)
	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow user-assist ...)
	{DSA-1186-1}
	- cscope 15.5+cvs20060902-1 (low; bug #385893)
CVE-2006-4261
	REJECTED
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 allo ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1 ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in Anti ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote au ...)
	NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote at ...)
	{DSA-1406-1}
	- horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Ho ...)
	- imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0  ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ...)
	NOTE: MFSA-2006-59
	- xulrunner 1.8.0.7-1 (medium)
	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.7-1 (low)
	- mozilla-firefox <removed> (unimportant)
	[sarge] - mozilla <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al.
CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...)
	- pdns-recursor 3.1.4-1 (bug #398559)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow rem ...)
	{DSA-1211}
	- pdns-recursor 3.1.4-1 (bug #398557; high)
	- pdns 2.9.20-4
	NOTE: Recursor module has been moved to pdns-recursor
CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows loc ...)
	{DSA-1278-1}
	- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ano ...)
	- zope-cmfplone 2.5.1-3 (bug #401796)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows l ...)
	{DSA-1205-1}
	- thttpd 2.23beta1-5 (bug #396277)
CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on P ...)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
	- zope-cmfplone 2.5.1-1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read arbitr ...)
	{DSA-1177-1}
	- usermin <removed> (bug #374609)
CVE-2006-4245 (archivemail 0.6.2 uses temporary files insecurely leading to a possibl ...)
	- archivemail 0.6.2-2 (bug #385253)
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that  ...)
	{DSA-1239-1}
	- sql-ledger 2.6.18-1 (medium; bug #386519)
CVE-2006-4243 (linux vserver 2.6 before 2.6.17 suffers from privilege escalation in r ...)
	- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM  ...)
	NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php  ...)
	NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News 3. ...)
	NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in Outr ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2. ...)
	NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php i ...)
	NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow r ...)
	NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
	NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in  ...)
	NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local use ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4. ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a denia ...)
	NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in Liz ...)
	NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the mosListM ...)
	NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before M ...)
	NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid  ...)
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ru ...)
	{DSA-1169}
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
	REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual Wa ...)
	NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context- ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer Active ...)
	NOT-FOR-US: IBM
CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novel ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote attacker ...)
	NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allo ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in modules/usersonline/users.p ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4216
	REJECTED
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0 ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent No ...)
	NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Eng ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register ...)
	NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta Ma ...)
	NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB- ...)
	- wordpress 2.0.5-0.1 (unimportant; bug #384800)
	NOTE: Only exploitable by admin users, someone with the privilege to backup
	NOTE: your data must be trustworthy
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discl ...)
	NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlaygro ...)
	NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite Proj ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 an ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP Com ...)
	NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script  ...)
	NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP O ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows remot ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83  ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in Whe ...)
	NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBra ...)
	{DSA-1162}
	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
	- libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0 ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) a ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in th ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Suppor ...)
	NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a de ...)
	NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, w ...)
	NOT-FOR-US: 04WebServer
CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL strings ...)
	NOT-FOR-US: 04WebServer
CVE-2006-XXXX [gallery2 session ID disclosure]
	- gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
	- mysql-dfsg-5.0 5.0.24-1
	NOTE: mysql_upgrade not in 4.x
CVE-2006-4194
	NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
	NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and  ...)
	- libmodplug 1:0.7-5.2 (medium; bug #383574)
	- gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
	NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML modu ...)
	NOT-FOR-US: PHP-Nuke module AutoHTML
CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allo ...)
	NOT-FOR-US: Dolphin
CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.0 ...)
	NOT-FOR-US: HP-UX
CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when  ...)
	NOT-FOR-US: HP-UX
CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes pa ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3. ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce a ...)
	NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) an ...)
	NOT-FOR-US: Microsoft
CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions befor ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL accounti ...)
	NOT-FOR-US: GNU Radius
CVE-2006-4180
	REJECTED
CVE-2006-4179
	RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and  ...)
	- kfreebsd-5 <removed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory befo ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4176
	RESERVED
CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Pat ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-4174
	RESERVED
CVE-2006-4173
	RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5 ...)
	- kfreebsd-5 <removed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4171
	RESERVED
CVE-2006-4170
	REJECTED
CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...)
	NOT-FOR-US: G/PGP (GPG) plugin for Squirrelmail
CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in libexif/ ...)
	{DSA-1310-1}
	- libexif 0.6.16-1 (bug #430012)
CVE-2006-4167
	RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earl ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earli ...)
	NOT-FOR-US: NetCommons
CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in phpPr ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4163
	NOT-FOR-US: miniBloggie
CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and  ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in prof ...)
	NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and V ...)
	NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette 08070 ...)
	NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
	NOT-FOR-US: Spaminator
CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another B ...)
	NOT-FOR-US: Yet another Bulletin Board (YaBB)
CVE-2006-4156
	NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded vie ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x a ...)
	NOT-FOR-US: mod_tcl
CVE-2006-4153
	RESERVED
CVE-2006-4152
	RESERVED
CVE-2006-4151
	RESERVED
CVE-2006-4150
	RESERVED
CVE-2006-4149
	RESERVED
CVE-2006-4148
	RESERVED
CVE-2006-4147
	RESERVED
CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2r ...)
	- gdb 7.3-1 (unimportant)
	NOTE: Every sensible use of gdb involves executing the debugged binary
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=204841
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gdb/+bug/62695
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6. ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-7
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to caus ...)
	NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar)  ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 an ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before 5.3 ...)
	NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File vi ...)
	NOT-FOR-US: Microsoft
CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ob ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4135
	NOT-FOR-US: Calendarix
CVE-2006-4134 (Unspecified vulnerability related to a "design flaw" in SAP Internet G ...)
	NOT-FOR-US: SAP
CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and po ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibl ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
	NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in t ...)
	NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec f ...)
	NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ea ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier  ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ear ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to  ...)
	- lesstif2 1:0.94.4-1 (bug #382411; medium)
CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in Boi ...)
	NOT-FOR-US: Boite de News
CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to b ...)
	NOT-FOR-US: Simple one-file guestbook
CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce  ...)
	NOT-FOR-US: See-Commerce
CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module (recipe. ...)
	NOT-FOR-US: Recipe module (recipe.module) for Drupal
CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier a ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier  ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...)
	NOT-FOR-US: Solaris
CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-a ...)
	NOT-FOR-US: Lhaz
CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket  ...)
	NOT-FOR-US: PgMarket
CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMy ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fr ...)
	NOT-FOR-US: hitweb
CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution mechanism" in  ...)
	- rails 1.1.6-1 (bug #382255; medium)
CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ...)
	- rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
	- apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography (biblio.modul ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6  ...)
	NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allow ...)
	NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD ...)
	NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.c ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason Al ...)
	NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme  ...)
	NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
	RESERVED
CVE-2006-4100
	RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ses ...)
	NOT-FOR-US: Business Objects
CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Ac ...)
	NOT-FOR-US: Cisco
CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4094
	RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerP ...)
	{DSA-1184-2 DSA-1237}
	- linux-2.6 2.6.17-7
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to  ...)
	NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel Manag ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 all ...)
	NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earl ...)
	{DSA-1179-1}
	- alsaplayer 0.99.76-9 (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8. ...)
	NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.c ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search En ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4  ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland  ...)
	NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcod ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through  ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1. ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, all ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
	NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
	NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz php ...)
	NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
	NOT-FOR-US: Club-Nuke [XP]
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick  ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314)
	- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
	NOTE: GNUTLS-SA-2006-2
	- gnutls11 <removed> (unimportant)
	- gnutls12 1.2.11-3 (unimportant)
	- gnutls13 1.4.2-1 (unimportant)
	NOTE: Normal bug, no reliable denial of service potential
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in th ...)
	NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows user-assist ...)
	NOT-FOR-US: Imendio Planner
CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino O ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a usernam ...)
	NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in Cak ...)
	- cakephp 1.1.13.4450-1
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SA ...)
	NOT-FOR-US: SAPID Gallery
CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script 1 ...)
	NOT-FOR-US: YenerTurk Haber Script
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPI ...)
	NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc ...)
	NOT-FOR-US: SAPID Shop
CVE-2006-4061
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual Even ...)
	NOT-FOR-US: Visual Events Calendar
CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolve ...)
	NOT-FOR-US: USOLVED NEWSolved Lite
CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9 ...)
	NOT-FOR-US: Simplog
CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch Mur ...)
	NOT-FOR-US: Eremove
CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process i ...)
	NOT-FOR-US: katzlbt The Address Book
CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring Th ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download Syst ...)
	NOT-FOR-US: ME Download System
CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME  ...)
	NOT-FOR-US: ME Download System
CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: Turnkey Web Tools PHP Simple Shop
CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web T ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in  ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server S ...)
	NOT-FOR-US: Sun
CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP address ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and earlie ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News  ...)
	NOT-FOR-US: Torbstoff News
CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
	NOT-FOR-US: phpCodeCabinet
CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote attac ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland m ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a Postgr ...)
	- pike7.6 7.6.86-1
	[sarge] - pike7.6 <unfixed> (unimportant; bug #382607; bug #383766)
	[sarge] - pike7.2 <unfixed> (unimportant; bug #382607; bug #383766)
	NOTE: No applications using pike+postgres in Sarge, fix provides
	NOTE: new functions for proper quoting
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland my ...)
	NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php i ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
	NOT-FOR-US: Fenestrae Faxination Server
CVE-2006-4036 (PHP remote file inclusion vulnerability in includes/usercp_register.ph ...)
	NOT-FOR-US: ZoneX Publishers
CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c  ...)
	NOT-FOR-US: CounterChaos
CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in  ...)
	NOT-FOR-US: ModernGigabyte ModernBill
CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibl ...)
	NOT-FOR-US: Lhaplus
CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) allow ...)
	NOT-FOR-US: Cisco
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to a ...)
	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
	- mysql-dfsg <removed> (bug #380271; low)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real fix feasible)
	[sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix feasible)
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5.3-1
	- gallery2 <not-affected> (vulnerable code not present)
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 al ...)
	NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have un ...)
	- wordpress 2.0.4-1
CVE-2006-4027
	RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
	- realtime-lsm 0.8.7-2 (bug #382161; low)
	[sarge] - realtime-lsm <not-affected>
	NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows re ...)
	NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlie ...)
	NOT-FOR-US: XennoBB
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5. ...)
	- festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
	- php5 <removed> (unimportant; bug #382257)
	- php4 <removed> (unimportant; bug #382270)
	NOTE: Not every lack of protection of programmer's flaws is a vulnerability
	NOTE: See notes by Sean for details
	NOTE: > the entry states that this is more likely a bug in any
	NOTE: > applications not performing further validation/sanitizing,
	NOTE: > and i tend to agree based on the php.net documentation, which
	NOTE: > states: "ip2long() should not be used as the sole form of IP
	NOTE: > validation. Combine it with long2ip()".
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4. ...)
	NOT-FOR-US: Intel Windows driver
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to iden ...)
	NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows contex ...)
	- php5 5.1.6-1 (unimportant; bug #382256; bug #382262)
	- php4 4:4.4.4-1 (unimportant; bug #382261)
	NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in SquirrelMa ...)
	{DSA-1154}
	- squirrelmail 2:1.4.8-1 (bug #382621)
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in libclamav/upx. ...)
	{DSA-1153}
	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
	NOT-FOR-US: Inter Network Marketing (INM) CMS G3
CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS st ...)
	NOT-FOR-US: toendaCMS
CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Cen ...)
	NOT-FOR-US: Symantec
CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail An ...)
	NOT-FOR-US: Symantec
CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb  ...)
	NOT-FOR-US: circeOS SaveWeb
CVE-2006-4011 (PHP remote file inclusion vulnerability in esupport/admin/autoclose.ph ...)
	NOT-FOR-US: Kayako eSupport
CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...)
	NOT-FOR-US: Virtual War
CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vw ...)
	NOT-FOR-US: Virtual War
CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht Guestbook
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and possib ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a deni ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 throu ...)
	NOT-FOR-US: vbPortal
CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 perm ...)
	NOT-FOR-US: Henrik Storner Hobbit monitor
CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6  ...)
	{DSA-1147-1}
	- drupal 4.5.8-2 (bug #382087; medium)
CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.05 ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barr ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ver ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka  ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster (ak ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and e ...)
	NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.p ...)
	NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in u2u.inc.p ...)
	NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf Noehr ...)
	NOT-FOR-US: The Search Engine Project
CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.s ...)
	NOT-FOR-US: Intel
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh  ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Sa ...)
	- egroupware <not-affected>
	NOTE: According to upstream egroupware is not affected, see #382207
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in Knu ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerA ...)
	NOT-FOR-US: ConeXware
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in A ...)
	NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in php(Reac ...)
	NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in Knusperleich ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gall ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in administrator/components/co ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass authenticat ...)
	NOT-FOR-US: ColdFusion MX
CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on  ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0. ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0. ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com Offi ...)
	NOT-FOR-US: 3Com
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is run ...)
	NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in includes/operator_chattranscript. ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.p ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO Componen ...)
	NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in administrator/components/co ...)
	NOT-FOR-US: Colophon for joomla
CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01 ...)
	NOT-FOR-US: Solaris
CVE-2006-3967 (PHP remote file inclusion vulnerability in component/option,com_moskoo ...)
	NOT-FOR-US: moskool
CVE-2006-3966 (PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.ph ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web docu ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP My ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Excha ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in administrator/components/co ...)
	NOT-FOR-US: com_bayesiannaivefilter for mambo
CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee S ...)
	NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2 ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection 1 ...)
	NOT-FOR-US: X-Scripts X-Protection
CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in Tas ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev BosDa ...)
	NOT-FOR-US: BosDates
CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in  ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka MyBulleti ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP Serv ...)
	NOT-FOR-US: EFS Software Easy File Sharing FTP
CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle al ...)
	NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts X-Statist ...)
	NOT-FOR-US: X-Statistics
CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
	NOT-FOR-US: com_artlinks for Mambo
CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke IN ...)
	NOT-FOR-US: php-nuke
CVE-2006-3947 (PHP remote file inclusion vulnerability in components/com_mambatstaff/ ...)
	NOT-FOR-US: Mambatstaff
CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...)
	NOT-FOR-US: Apple Safari 2.0.4
	NOTE: konqueror 3.5.x is not affected
	NOTE: PoC http://web.archive.org/web/20130701013045/http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote attac ...)
	NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 an ...)
	NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote a ...)
	NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ad ...)
	NOT-FOR-US: ScriptsCenter ezUpload Pro
CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: DotClear
CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain  ...)
	NOT-FOR-US: x_atrix xGuestBook
CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 al ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before  ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in Alkaco ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2 ...)
	NOT-FOR-US: OpenCms
CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 al ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas Aira ...)
	NOT-FOR-US: Midirecord
CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php i ...)
	NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin scrip ...)
	NOT-FOR-US: Zyxel
CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a an ...)
	NOT-FOR-US: WMNews
CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpPr ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote  ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1 ...)
	NOT-FOR-US: Dokeos
CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Topl ...)
	NOT-FOR-US: Fire-Mouse Toplist
CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php  ...)
	NOT-FOR-US: PortailPHP
CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Serve ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 all ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows remot ...)
	NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 bef ...)
	{DSA-1167-1}
	- apache2 2.0.55-4.1 (bug #381376; low)
	[sarge] - apache2 2.0.54-5sarge2
	- apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. Cors ...)
	NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka So ...)
	NOT-FOR-US: Solucija News
CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite  ...)
	NOT-FOR-US: Academic Suite
CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 200 ...)
	{DSA-1142-1}
	- freeciv 2.0.8-3 (bug #381378; medium)
CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 be ...)
	NOT-FOR-US: WinRAR
CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 a ...)
	NOT-FOR-US: PHP Live
CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allo ...)
	NOT-FOR-US: Microsoft
CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-3908 (Format string vulnerability in the flush_output function in ConsoleStr ...)
	- gnelib 0.75+svn20091130-1
	NOTE: issue was fixed back in 2006 but there hasn't been any
	NOTE: release since 0.70 which is affected
CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Siemens
CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisc ...)
	NOT-FOR-US: Cisco
CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote a ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1  ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in myW ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopS ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EM ...)
	NOT-FOR-US: Tumbleweed Email Firewall
CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1 ...)
	NOT-FOR-US: TP-Book
CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...)
	NOT-FOR-US: NeoScale Systems CryptoStor
CVE-2006-3895
	RESERVED
CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...)
	NOT-FOR-US: RSA BSAFE
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit  ...)
	NOT-FOR-US: Newtone ImageKit
CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato NetWor ...)
	NOT-FOR-US: EMC NetWorker
CVE-2006-3891
	RESERVED
CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX contr ...)
	NOT-FOR-US: Sky Software FileView ActiveX
CVE-2006-3889
	RESERVED
CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDo ...)
	NOT-FOR-US: AOL
CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX c ...)
	NOT-FOR-US: AOL
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allo ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W befor ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish LinksC ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksC ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain c ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880
	NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in li ...)
	- libmikmod <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
	NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...)
	NOT-FOR-US: Microsoft
CVE-2006-3874
	REJECTED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-3872
	REJECTED
CVE-2006-3871
	REJECTED
CVE-2006-3870
	REJECTED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows remot ...)
	NOT-FOR-US: Microsoft
CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...)
	NOT-FOR-US: Microsoft
CVE-2006-3866
	REJECTED
CVE-2006-3865
	REJECTED
CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3863
	REJECTED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through  ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before  ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) al ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 a ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBo ...)
	NOT-FOR-US: Micro GuestBook
CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earl ...)
	NOT-FOR-US: X7 Chat
CVE-2006-3850
	NOT-FOR-US: Vanilla CMS
CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2 ...)
	NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calcula ...)
	- ipcalc 0.41-1 (bug #381469; low)
	[sarge] - ipcalc <no-dsa> (No exploit potential)
CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...)
	NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in  ...)
	NOT-FOR-US: MultiBanners
CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 bet ...)
	NOT-FOR-US: WinRAR
CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenti ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in Calenda ...)
	NOT-FOR-US: Calendar Mambo Module
CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Bu ...)
	NOT-FOR-US: Zoho Virtual Office
CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before 20060718- ...)
	NOT-FOR-US: WebScarab
CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
	NOT-FOR-US: various ISS products
CVE-2006-3839
	RESERVED
CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise Securi ...)
	NOT-FOR-US: eIQnetworks Enterprise
CVE-2006-XXXX [syslog-ng dos]
	- syslog-ng 2.0rc1-2 (low)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
	- courier-authlib 0.58-3.1 (bug #378571; medium)
	[sarge] - courier-authlib <not-affected> (bug #378571; medium)
CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 a ...)
	- ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
	- uqwk 2.21-13 (bug #376577; low)
	[sarge] - uqwk <no-dsa> (Minor issue)
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ex ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
	NOT-FOR-US: UNIDOmedia Chameleon
CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list director ...)
	- tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
	- tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite exi ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog  ...)
	NOT-FOR-US: Gerrit van Aaken Loudblog
CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine)  ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh boastMa ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Ka ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine (forme ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Ka ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh bo ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory  ...)
	NOT-FOR-US: Solaris
CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoA ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic
CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions GeoAucti ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions
CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 al ...)
	NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loud ...)
	NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 th ...)
	- twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell G ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connectio ...)
	- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a s ...)
	{DSA-1128}
	- heartbeat 1.2.4-13 (bug #379904; bug #380289)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
	{DSA-1166}
	- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4  ...)
	NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	NOTE: MFSA-2006-56
	[sarge] - mozilla <not-affected>
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (unimportant)
	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-55
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
	{DSA-1159}
	NOTE: MFSA-2006-54
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-53
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-52
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-51
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and S ...)
	NOTE: MFSA-2006-49
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	[sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
	- mozilla <removed> (high)
	- thunderbird 1.5.0.5-1 (high)
	- mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
	NOTE: MFSA-2006-48
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	NOTE: MFSA-2006-47
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
	NOTE: MFSA-2006-44
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- xulrunner 1.8.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce S ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL inject ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3794
	NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth  ...)
	NOT-FOR-US: SiteDepth
CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in server_ ...)
	NOT-FOR-US: UFO2000
CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn  ...)
	NOT-FOR-US: UFO2000
CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn  ...)
	NOT-FOR-US: UFO2000
CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) recv_select_uni ...)
	NOT-FOR-US: UFO2000
CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow r ...)
	NOT-FOR-US: UFO2000
CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 doe ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka  ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox wit ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the "Symant ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
	NOT-FOR-US: Solaris
CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent a ...)
	NOT-FOR-US: Solaris
CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web r ...)
	NOT-FOR-US: Keyifweb Keyif Portal
CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Window ...)
	NOT-FOR-US: Citrix
CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to  ...)
	NOT-FOR-US: IBM
CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLi ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the perForm ...)
	NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1. ...)
	NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login  ...)
	NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
	NOT-FOR-US: iManage CMS
CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber TopSit ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and  ...)
	NOT-FOR-US: Top XL
CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2 ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in Darren' ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to bo ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher We ...)
	NOT-FOR-US: uttenlocher Webdesign hwdeGUEST
CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new pol ...)
	NOT-FOR-US: phpPolls
CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to  ...)
	NOT-FOR-US: Touch Control ActiveX control
CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earli ...)
	NOT-FOR-US: Geeklog
CVE-2006-3755 (PHP remote file inclusion vulnerability in Include/editor/class.rich.p ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3754 (PHP remote file inclusion vulnerability in Include/editor/rich_files/c ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page T ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional Ho ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3751 (PHP remote file inclusion vulnerability in popups/ImageManager/config. ...)
	NOT-FOR-US: HTMLArea3
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash  ...)
	NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap  ...)
	NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in includes/abbc/abbc.class.ph ...)
	NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module (mo ...)
	{DSA-1132-1 DSA-1131-1}
	- apache 1.3.34-3 (medium; bug #380231)
	- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote a ...)
	{DSA-1141-1 DSA-1140-1}
	- gnupg 1.4.5-1 (medium; bug #381204)
	- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the  ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.17-7
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows user-ass ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-7
CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assis ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwo ...)
	- kdebase <not-affected>
	NOTE: only in Fedora
CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and  ...)
	{DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X s ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9. ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-XXXX [htdig: several unspecified security problems]
	- htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
	- ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
	- ldap-account-manager 1.0.3-1 (bug #375453; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in filemanager/filemanager.ph ...)
	NOT-FOR-US: Plesk
CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php  ...)
	NOT-FOR-US: VideoDB for Mambo
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (modu ...)
	NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface (CL ...)
	NOT-FOR-US: Cisco
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web applicatio ...)
	NOT-FOR-US: Cisco
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) befo ...)
	NOT-FOR-US: Cisco
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attack ...)
	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 al ...)
	NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
	NOT-FOR-US: MSIE
CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch 11882 ...)
	NOT-FOR-US: Solaris
CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow re ...)
	NOT-FOR-US: Eskolar CMS
CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th Ju ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a d ...)
	NOT-FOR-US: Norton Personal Firewall
CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorl ...)
	NOT-FOR-US: Oracle
CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle P ...)
	NOT-FOR-US: Oracle
CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle P ...)
	NOT-FOR-US: Oracle
CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for  ...)
	NOT-FOR-US: Oracle
CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise Ma ...)
	NOT-FOR-US: Oracle
CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite 1 ...)
	NOT-FOR-US: Oracle
CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2 ...)
	NOT-FOR-US: Oracle
CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3 ...)
	NOT-FOR-US: Oracle
CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4. ...)
	NOT-FOR-US: Oracle
CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have  ...)
	NOT-FOR-US: Oracle
CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9 ...)
	NOT-FOR-US: Oracle
CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10 ...)
	NOT-FOR-US: Oracle
CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have  ...)
	NOT-FOR-US: Oracle
CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavas ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows l ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
	{DSA-1157 DSA-1139-1}
	- ruby1.8 1.8.4-3 (bug #378029; medium)
	- ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges v ...)
	NOT-FOR-US: Rocks Clusters
CVE-2006-3692
	NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allo ...)
	NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...)
	NOT-FOR-US: MiniBB
CVE-2006-3689
	NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gal ...)
	NOT-FOR-US: Francisco Charrua Photo-Gallery
CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...)
	NOT-FOR-US: D-Link
CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 a ...)
	NOT-FOR-US: HP OpenVMS
CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14  ...)
	NOT-FOR-US: CzarNews
CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...)
	NOT-FOR-US: SoftComplex PHP Event Calendar
CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1. ...)
	NOT-FOR-US: Flipper Poll
CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attack ...)
	- awstats 6.5-2 (bug #378960; low)
	[sarge] - awstats 6.4-1sarge3
	NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective
CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in A ...)
	- awstats 6.5-2 (bug #378960; unimportant)
	NOTE: Path disclosure is not an issue for Debian
CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1 ...)
	NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access  ...)
	NOT-FOR-US: FatWire Content Server
CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) befor ...)
	NOT-FOR-US: TippingPoint
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ...)
	NOTE: MFSA-2006-45
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird <not-affected>
	- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remo ...)
	NOT-FOR-US: planetGallery
CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configurati ...)
	NOT-FOR-US: Password Safe
	NOTE: mypasswordsafe and pwsafe might use code from Password Safe,
	NOTE: but the problematic functionality is not present
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote  ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote  ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a den ...)
	- kdelibs 4:3.5.4-1 (bug #378962; unimportant)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate fun ...)
	{DTSA-31-1}
	- hyperestraier 1.3.3-1 (bug #379060; low)
CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to  ...)
	NOT-FOR-US: Winlpd
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running o ...)
	NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
	{DSA-1123}
	- libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking  ...)
	NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc d ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows  ...)
	- squirrelmail 2:1.4.7-1 (unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 al ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
	NOT-FOR-US: Finjan Appliance
CVE-2006-3662
	NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4. ...)
	NOT-FOR-US: CuteNews
CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown imp ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-ass ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allo ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet  ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote a ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows  ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not  ...)
	NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3646
	REJECTED
CVE-2006-3645
	REJECTED
CVE-2006-3644
	REJECTED
CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3642
	REJECTED
CVE-2006-3641
	REJECTED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to persis ...)
	NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the  ...)
	NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle uninit ...)
	NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle va ...)
	NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before  ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local user ...)
	- linux <not-affected> (Fixed before initial rename to src:linux)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440
	NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5)
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functi ...)
	- linux-2.6 2.6.17-1 (medium)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to exe ...)
	NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows re ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka Ether ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Eth ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.1 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (ak ...)
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: FLV Players
CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 a ...)
	NOT-FOR-US: FLV Players
CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in Mc ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to o ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5 ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in Ko ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC  ...)
	{DSA-1170}
	- gcc-4.1 4.1.1-11 (bug #368397; low)
	- gcc-3.4 3.4.4-0
	NOTE: gcc-3.4 no longer builds the fastjar package
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (P ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixela ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazar ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, w ...)
	NOT-FOR-US: Phorum
CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to tr ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Tec ...)
	NOT-FOR-US: Chamberland Technology ezWaiter
CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remot ...)
	NOT-FOR-US: Phorum
CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote  ...)
	NOT-FOR-US: Phorum
CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ob ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders O ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when G ...)
	NOT-FOR-US: Simone Vellei Flatnuke
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner  ...)
	NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange libra ...)
	NOTE: Sun Solaris
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and  ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Net ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.p ...)
	NOTE: this is CVE-2005-4600
	NOT-FOR-US: Farsinews
CVE-2006-3601
	NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup functio ...)
	{DSA-1135-1}
	- libtunepimp 0.4.2-4 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module fo ...)
	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
	NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password bla ...)
	- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco In ...)
	NOT-FOR-US: Cisco
CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...)
	NOT-FOR-US: Cisco
CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0 ...)
	NOT-FOR-US: Cisco
CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5 ...)
	NOT-FOR-US: Cisco
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
	{DSA-1111}
	- linux-2.6 2.6.17-4 (bug #378324; high)
CVE-2006-XXXX [insufficient form variable escaping]
	- webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows use ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructu ...)
	NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0  ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0  ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attack ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote att ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earli ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earl ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.6 ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows remo ...)
	NOT-FOR-US: LifeType
CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense CM ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee Viru ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupma ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing
CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp  ...)
	NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earl ...)
	NOT-FOR-US: Papoo
CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.p ...)
	NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in Drup ...)
	- drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php i ...)
	NOT-FOR-US: Fantastic Guestbook
CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration int ...)
	NOT-FOR-US: Juniper
CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: HiveMail
CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and  ...)
	NOT-FOR-US: HiveMail
CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 an ...)
	NOT-FOR-US: HiveMail
CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winge ...)
	NOT-FOR-US: Winged Gallery
CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow rem ...)
	NOT-FOR-US: Plume CMS
CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earli ...)
	NOT-FOR-US: BT Voyager
CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...)
	NOT-FOR-US: Blue Dojo Graffiti Forums
CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...)
	NOT-FOR-US: auraCMS
CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...)
	NOT-FOR-US: auraCMS
CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...)
	NOT-FOR-US: MT Orumcek Toplist
CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed  ...)
	NOT-FOR-US: Mohamed Moujami ExtCalendar
CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in P ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...)
	NOT-FOR-US: MKPortal
CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass authentica ...)
	NOT-FOR-US: planetNews
CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaborati ...)
	NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium
CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and p ...)
	NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell)
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks Fir ...)
	NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 an ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547
	NOT-FOR-US: EMC VMware Player
CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attacker ...)
	NOT-FOR-US: Patrice Freydiere ImgSvr
CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote atta ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3544
	NOT-FOR-US: Invision Power Board
CVE-2006-3543
	NOT-FOR-US: Invision Power Board
CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown  ...)
	NOT-FOR-US: Garry Glendown Shopping Cart
CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna k ...)
	NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help
CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dr ...)
	NOT-FOR-US: DKScript.com Dragon's Kingdom Script
CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in Bea ...)
	NOT-FOR-US: BeatificFaith Eprayer
CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop befor ...)
	NOT-FOR-US: Randshop
CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php i ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9 ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9 ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2  ...)
	- pivot <itp> (bug #305786)
CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.3 ...)
	- pivot <itp> (bug #305786)
CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...)
	- pivot <itp> (bug #305786)
CVE-2006-3530 (PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.p ...)
	NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
	NOT-FOR-US: EarlyImpact ProductCart
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 200 ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mamb ...)
	NOT-FOR-US: Simpleboard Mambo module
CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds C ...)
	NOT-FOR-US: BosClassifieds Classified Ads
CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php i ...)
	NOT-FOR-US: Sport-slo Advanced Guestbook
CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
	NOT-FOR-US: PHCDownload
CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
	NOT-FOR-US: SIPfoundry sipXtapi
CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote atta ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge ...)
	NOT-FOR-US: SiteForge Collaborative Development Platform
CVE-2006-3520 (PHP remote file inclusion vulnerability in skins/advanced/advanced1.ph ...)
	NOT-FOR-US: Sabdrimer Pro
CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engi ...)
	NOT-FOR-US: The Banner Engine
CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal  ...)
	NOT-FOR-US: Webvizyon Portal
CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download,  ...)
	NOT-FOR-US: RW::Download
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote attack ...)
	NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in A ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.p ...)
	NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a d ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple M ...)
	NOT-FOR-US: Apple
CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...)
	NOT-FOR-US: Apple
CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver o ...)
	NOT-FOR-US: Apple
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and O ...)
	NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ca ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assis ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows u ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assi ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the "compression state handling" in Bom f ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys i ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0. ...)
	NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9 ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO  ...)
	NOT-FOR-US: MICO
CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
	NOT-FOR-US: Kaillera Server
CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Sec ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Sec ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in VirtuaSt ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with insuffi ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1. ...)
	NOT-FOR-US: AstroDog Press Some Chess
CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1 ...)
	NOT-FOR-US: ATutor
CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document  ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailLis ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow  ...)
	NOT-FOR-US: Joomla!
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block funct ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in styles/default/global_heade ...)
	NOT-FOR-US: MyPHP CMS
CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate Pr ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGall ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1  ...)
	NOT-FOR-US: QBoard
CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO a ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
	- drupal <not-affected> (form_mail Module not in debian)
CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not requir ...)
	NOT-FOR-US: Dell Openmanage CD
CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1. ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attack ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to cau ...)
	{DSA-1193-1 DSA-1178-1}
	- freetype 2.2.1-5 (bug #379920; medium)
	- libxfont 1:1.2.0-2 (medium; bug #383353)
CVE-2006-3466
	REJECTED
CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF libra ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before  ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library (li ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) be ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3486
	- mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Vir ...)
	NOT-FOR-US: Symantec
CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiViru ...)
	NOT-FOR-US: Symantec
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate E ...)
	NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers  ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure f ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collec ...)
	NOT-FOR-US: Microsoft
CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, p ...)
	NOT-FOR-US: Microsoft
CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2006-3447
	REJECTED
CVE-2006-3446
	REJECTED
CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Mic ...)
	NOT-FOR-US: Microsoft
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows 2 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in Micr ...)
	NOT-FOR-US: Microsoft
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP S ...)
	NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, X ...)
	NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink ...)
	NOT-FOR-US: Microsoft
CVE-2006-3437
	REJECTED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X f ...)
	NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2006-3433
	REJECTED
CVE-2006-3432
	REJECTED
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink Updat ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server (PLUS ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2 ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, possibl ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1. ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows r ...)
	NOT-FOR-US: WonderEdit Pro CMS
CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlie ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in MyB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_byte ...)
	- tor 0.1.1.20-1
CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's finge ...)
	- tor 0.1.1.20-1
CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or is ...)
	- tor 0.1.1.20-1
CVE-2006-3416
	- tor 0.1.1.20-1
CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" destinati ...)
	- tor 0.1.1.20-1
CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
	- tor 0.1.1.20-1
CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on App ...)
	- tor 0.1.1.20-1
CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall option ...)
	- tor 0.1.1.20-1
CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys bas ...)
	- tor 0.1.1.20-1
CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting o ...)
	- tor 0.1.1.20-1
CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to exe ...)
	- tor 0.1.1.20-1
CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor b ...)
	- tor 0.1.1.20-1
CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or po ...)
	- tor 0.1.1.20-1
CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 a ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManage ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows  ...)
	{DSA-1110}
	- samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Aren ...)
	NOT-FOR-US: Quake 3
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake  ...)
	NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki befor ...)
	NOT-FOR-US: MoniWiki
CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes passwor ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu befor ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in Galler ...)
	NOT-FOR-US: Galleria Mambo Module
CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3 ...)
	NOT-FOR-US: SiteBuilder-FX
CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP 0.3. ...)
	NOT-FOR-US: BXCP
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
	NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path f ...)
	{DSA-1199-1}
	- webmin <removed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 a ...)
	NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation pat ...)
	- wordpress 2.0.4-1 (unimportant)
	NOTE: http://wordpress.org/news/2006/07/wordpress-204/
CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain sensiti ...)
	- wordpress 2.0.4-1 (unimportant)
	NOTE: http://wordpress.org/news/2006/07/wordpress-204/
CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 al ...)
	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6d6f47bdb2c7f5519dcc6497a6ebf9ebc305e6de
CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News 1 ...)
	NOT-FOR-US: Fusion News
CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to obta ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent Lecl ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allo ...)
	NOT-FOR-US: mAds
CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 all ...)
	NOT-FOR-US: mAds
CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code  ...)
	NOT-FOR-US: SturGeoN
CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 al ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5  ...)
	{DSA-1119}
	- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called  ...)
	{DSA-1150-1}
	- shadow 1:4.0.14-1 (bug #379174)
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP  ...)
	NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple pr ...)
	{DSA-1194-1}
	- libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in  ...)
	NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 a ...)
	NOT-FOR-US: Randshop
CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit  ...)
	NOT-FOR-US: Hobbit
CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document  ...)
	NOT-FOR-US: Eupla Foros
CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root wi ...)
	NOT-FOR-US: Blueboy
CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with i ...)
	NOT-FOR-US: Kamikaze-QSCM
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with insu ...)
	NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web  ...)
	NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow r ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via (1 ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG: ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire  ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connector.php ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier ...)
	NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...)
	- phpsysinfo <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpgroupware <unfixed> (unimportant)
	NOTE: Only the existence of files inside the WWW root is leaked. If this is
	NOTE: a threat to your setup you most probably shouldn't install a script which
	NOTE: exposes all your system data, either.
CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PR ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ne ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) i ...)
	NOT-FOR-US: HTML Help ActiveX control
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ear ...)
	NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll al ...)
	- mpg123 0.60-1 (bug #377264; medium)
	[sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) v ...)
	NOT-FOR-US: Opera
CVE-2006-3352
	NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2 ...)
	NOT-FOR-US: Windows Explorer
CVE-2006-3695 (Trac before 0.9.6 does not disable the "raw" or "include" commands whe ...)
	{DSA-1152}
	- trac 0.9.6-1 (medium)
	[sarge] - trac 0.8.1-3sarge5
CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does n ...)
	{DSA-1113}
	- zope2.7 <removed> (bug #377285; medium)
	- zope2.8 2.8.7-2 (bug #377277; medium)
	- zope2.9 2.9.3-3 (bug #377286; medium)
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c  ...)
	{DSA-1116}
	- gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
	NOT-FOR-US: AutoVue SolidModel Professional Desktop
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote atta ...)
	NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Be ...)
	NOT-FOR-US: HSPcomplete
CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3 ...)
	NOT-FOR-US: deV!Lz Clanportal DZCP
CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows rem ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...)
	NOT-FOR-US: AliPAGER
CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass  ...)
	NOT-FOR-US: Siemens Speedstream Wireless Router
CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in Cris ...)
	NOT-FOR-US: CrisoftRicette
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2  ...)
	NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
	NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo  ...)
	NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows r ...)
	NOT-FOR-US: Atlassian
CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156  ...)
	NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in frontend/x/files/select.ht ...)
	NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the up ...)
	- twiki 1:4.0.4-3 (low; bug #381907)
	NOTE: only in some server configurations
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in  ...)
	- libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
	NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
	NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3 ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows rem ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying  ...)
	NOT-FOR-US: Opera
CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PH ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal a ...)
	NOT-FOR-US: Hostflow
CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating s ...)
	NOT-FOR-US: Custom dating biz dating script
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote use ...)
	NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quak ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660834)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the Icc ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660832)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF Piada ...)
	NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in phpRa ...)
	NOT-FOR-US: phpRaid
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp i ...)
	NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3 ...)
	{DSA-1130-1}
	- sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCale ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and poss ...)
	NOT-FOR-US: phpRaid
CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
	NOT-FOR-US: phpRaid
CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 al ...)
	NOT-FOR-US: phpRaid
CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified  ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified  ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smar ...)
	NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bil ...)
	NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Prof ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3310
	RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal To ...)
	NOT-FOR-US: Scout Portal
CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS bbsengin ...)
	NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine befor ...)
	NOT-FOR-US: bbsengine
CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring function ...)
	NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmai ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier all ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in Delux ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mamb ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2. ...)
	- phpqladmin <removed> (bug #376442; low)
CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in P ...)
	NOT-FOR-US: phpmysms
CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...)
	NOT-FOR-US: Usenet Script
CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to caus ...)
	NOT-FOR-US: Offical Yahoo! Messenger client
CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webm ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows r ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open Guestbo ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in C ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote  ...)
	NOT-FOR-US: EnergyMech
CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows  ...)
	NOT-FOR-US: Jaws
CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on th ...)
	NOT-FOR-US: Cisco
CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and Windo ...)
	NOT-FOR-US: Cisco
CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...)
	NOT-FOR-US: Cisco
CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and e ...)
	NOT-FOR-US: Cisco
CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 all ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote at ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to  ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...)
	NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and  ...)
	NOT-FOR-US: H-Sphere
CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
	NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 1 ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlie ...)
	NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on  ...)
	- webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
	NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some Ch ...)
	NOT-FOR-US: Some Chess
CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow rem ...)
	NOT-FOR-US: Softbiz Dating
CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows r ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php  ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell GroupWis ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
	NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1. ...)
	NOT-FOR-US: Bee-hive
CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qd ...)
	NOT-FOR-US: Qdig
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSe ...)
	NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in M ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in M ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control Manage ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 a ...)
	NOT-FOR-US: vlbook
CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allo ...)
	NOT-FOR-US: e107
CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in B ...)
	NOT-FOR-US: BNBT TrinEdit and EasyTracker
CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...)
	NOT-FOR-US: Claroline
CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board (WB ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ( ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board  ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3253
	NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic Re ...)
	NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c fo ...)
	{DSA-1114}
	- hashcash 1.21 (bug #376444)
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-a ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2006-3249
	NOT-FOR-US: Phorum
CVE-2006-3248
	REJECTED
CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL- ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf For ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember  ...)
	NOT-FOR-US: mvnForum
CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier al ...)
	NOT-FOR-US: Anthill
CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in im ...)
	{DSA-1108}
	- mutt 1.5.11+cvs20060403-2 (low; bug #375828)
CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1. ...)
	NOT-FOR-US: XennoBB
CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in do ...)
	NOT-FOR-US: dotProject
CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier  ...)
	NOT-FOR-US: VBZooM
CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allo ...)
	NOT-FOR-US: VBZooM
CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise Gr ...)
	NOT-FOR-US: Enterprise Groupware System
CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier all ...)
	NOT-FOR-US: thinkWMS
CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...)
	NOT-FOR-US: FineShop
CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 an ...)
	NOT-FOR-US: FineShop
CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Ope ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) be ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Trac ...)
	NOT-FOR-US: Azureus plugin that isn't distributed by default
CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, a ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5 ...)
	NOT-FOR-US: WinAmp
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web browse ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the clie ...)
	NOT-FOR-US: Cisco
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
	NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attacker ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM),  ...)
	NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP)
CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12  ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ea ...)
	NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab Burni ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board (WB ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board (W ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows  ...)
	NOT-FOR-US: JaguarEditControl
CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exch ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exch ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ear ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attack ...)
	NOT-FOR-US: WeBBoA Hosting
CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1. ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1. ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when reg ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spa ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remo ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically we ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier include ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain  ...)
	NOT-FOR-US: NetBSD's KAME stack
CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ca ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) v ...)
	NOT-FOR-US: Opera
CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Opera
CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to o ...)
	NOT-FOR-US: singapore
CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.1 ...)
	NOT-FOR-US: singapore
CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
	NOT-FOR-US: singapore
CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSi ...)
	NOT-FOR-US: BandSite
CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows r ...)
	NOT-FOR-US: Ad Manager
CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 al ...)
	NOT-FOR-US: MPCS
CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php  ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in administration/tblcontent/ ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earli ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3 ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3 ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS Faet ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator befo ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts M ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile S ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space C ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx P ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
	{DSA-1144-1}
	- chmlib 0.38-1 (bug #374085; low)
CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
	NOT-FOR-US: The Bible Portal Project
CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allo ...)
	NOT-FOR-US: xarancms
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3  ...)
	NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
	- squirrelmail 2:1.4.7-1 (bug #375782; unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder  ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder  ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote att ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 a ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote atta ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
	NOT-FOR-US: Free Realty
CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free Realt ...)
	NOT-FOR-US: Free Realty
CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
	NOT-FOR-US: Free Realty
CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0  ...)
	NOT-FOR-US: tplShop
CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
	NOT-FOR-US: IMGallery
CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in Sma ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple  ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
	NOT-FOR-US: Sun ONE/iPlanet Messaging Server
CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions  ...)
	NOT-FOR-US: Eduha Meeting
CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory  ...)
	NOT-FOR-US: UltimateGoogle
CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eSho ...)
	NOT-FOR-US: Ultimate eShop
CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auctio ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ear ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estat ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlie ...)
	NOT-FOR-US: phpTRADER
CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (a ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlie ...)
	NOT-FOR-US: CavoxCms
CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4. ...)
	NOT-FOR-US: phpMyForum
CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in Open-Realt ...)
	NOT-FOR-US: Open-Realty
CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...)
	NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remo ...)
	- netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
CVE-2006-3144 (PHP remote file inclusion vulnerability in micro_cms_files/microcms-in ...)
	NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus  ...)
	NOT-FOR-US: Maximus SchoolMAX
CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote  ...)
	NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye  ...)
	NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
	NOT-FOR-US: openCI
CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar ...)
	NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory  ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge  ...)
	NOT-FOR-US: Edge eCommerce Shop
CVE-2006-3136
	NOT-FOR-US: Nucleus
CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by m ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2006-3133
	RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManag ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow  ...)
	NOT-FOR-US: Clubpage
CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote att ...)
	NOT-FOR-US: Clubpage
CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...)
	NOT-FOR-US: LinkList
CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does no ...)
	NOT-FOR-US: easy-CMS
CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun Ja ...)
	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute  ...)
	{DSA-1165}
	- capi4hylafax 1:01.03.00.99.svn.300-3
CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows  ...)
	{DSA-1163}
	- gtetrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before 1.61 ...)
	{DSA-1158}
	- streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt func ...)
	{DSA-1138-1}
	- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2. ...)
	{DSA-1143-1}
	- dhcp 2.0pl5-19.5 (bug #380273)
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsyst ...)
	{DSA-1151-1}
	- heartbeat-2 2.0.6-2
	- heartbeat 1.2.4-14
CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 allow ...)
	{DSA-1129}
	- osiris 4.2.0-2 (medium)
CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ty ...)
	{DSA-1124}
	- fbi 2.05-1
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port  ...)
	- spread 3.17.3-4 (bug #375617; low)
	[sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 an ...)
	NOT-FOR-US: phpRaid
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
	NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the " ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ...)
	NOTE: MFSA-2006-46
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09  ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.0 ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 befo ...)
	NOT-FOR-US: Cisco
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email Serve ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop| ...)
	NOT-FOR-US: phpMyDesktop
CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers  ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain sen ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remot ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run o ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Se ...)
	NOT-FOR-US: Cisco
CVE-2006-3099
	RESERVED
CVE-2006-3098
	RESERVED
CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and st ...)
	NOT-FOR-US: HP-UX Support Tools Manager
CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...)
	NOT-FOR-US: iPostMX
CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2. ...)
	NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.2006040 ...)
	NOT-FOR-US: Calendarix Basic
CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass authen ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attacke ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possi ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1 ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car Classifie ...)
	NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 a ...)
	NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName f ...)
	NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1 ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)  ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,  ...)
	{DSA-1115 DSA-1107}
	- gnupg 1.4.3-2 (bug #375052; bug #375473; low)
	- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x be ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 (termpkg 3.3 suffers from buffer overflow. ...)
	- termpkg 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
	- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
	- webalizer-stonesteps 2.4.1.2-1
CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForu ...)
	NOT-FOR-US: aXentForum
CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1 ...)
	NOT-FOR-US: SSPwiz Plus
CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier a ...)
	NOT-FOR-US: APBoard
CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGues ...)
	NOT-FOR-US: aXentGuestbook
CVE-2006-3076 (PHP remote file inclusion vulnerability in software_upload/public_incl ...)
	NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis Profe ...)
	NOT-FOR-US: PictureDis Professional
CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Vi ...)
	NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feat ...)
	NOT-FOR-US: Cisco
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before 4.0.2 ...)
	NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Ar ...)
	NOT-FOR-US: MP3 Search/Archive
CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_m ...)
	NOT-FOR-US: Zeroboard
CVE-2006-3069
	NOT-FOR-US: DoubleSpeak
CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote at ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UD ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ( ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.4 ...)
	NOT-FOR-US: blur6ex
CVE-2006-3064 (SQL injection vulnerability in the add_hit function in include/functio ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbo ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review a ...)
	NOT-FOR-US: 5 Star Review
CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote  ...)
	NOT-FOR-US: P.A.I.D
CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3058
	RESERVED
CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) a ...)
	- dhcdbd 1.14-1
CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows remo ...)
	NOT-FOR-US: VBZooM
CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote att ...)
	NOT-FOR-US: VBZooM
CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote att ...)
	NOT-FOR-US: VBZooM
CVE-2006-3053
	NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows  ...)
	NOT-FOR-US: Event Registration
CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, an ...)
	NOT-FOR-US: SixCMS
CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and oth ...)
	NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
	NOT-FOR-US: Mole Group Ticket Booking Script
CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier v ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possi ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, i ...)
	NOT-FOR-US: Subtext
CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing 0 ...)
	NOT-FOR-US: Foing
CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows re ...)
	NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe  ...)
	NOT-FOR-US: CFXe-CMS
CVE-2006-3042
	NOT-FOR-US: ISPConfig
CVE-2006-3041
	NOT-FOR-US: Codewalkers Ltwcalendar
CVE-2006-3040
	NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts Rea ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts Rea ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in  ...)
	NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegaller ...)
	NOT-FOR-US: 35mmslidegallery
CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows rem ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Phot ...)
	NOT-FOR-US: Xtreme ASP Photo Gallery
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fi ...)
	NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
	NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech C ...)
	NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in stat_modules/users_age/modu ...)
	NOT-FOR-US: Minerva
CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
	NOT-FOR-US: Enthrallwebe ePhotos
CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5. ...)
	NOT-FOR-US: ClickGallery
CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Luci ...)
	NOT-FOR-US: Chris Lea Lucid Calendar
CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counte ...)
	NOT-FOR-US: EvGenius Counter
CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp  ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1. ...)
	NOT-FOR-US: fipsGallery
CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Ga ...)
	NOT-FOR-US: BlueCollar i-Gallery
CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp i ...)
	NOT-FOR-US: WS-Album
CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2  ...)
	NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in PH ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x  ...)
	{DSA-1206-1}
	- php5 5.1.4-0.1 (medium)
	- php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 4:4.4.4-1 (unimportant; bug #382259)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remo ...)
	NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ja ...)
	NOT-FOR-US: Microsoft Excel / Flashplayer for Windows
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 a ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and 5. ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: Safe mode violations are not supported
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP functi ...)
	NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to  ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before 4.3. ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality  ...)
	- php4 4:4.3.2+rc3-1
CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
	NOT-FOR-US: IBM AIX
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management (OB ...)
	NOT-FOR-US: Open Business Management
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...)
	NOT-FOR-US: Open Business Management
CVE-2006-3008
	REJECTED
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
	NOT-FOR-US: SHOUTcast
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly o ...)
	NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is bu ...)
	- libjpeg6b <not-affected> (--maxmem is set during configure)
	- libjpeg-mmx <removed> (bug #373672; low)
	[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Man ...)
	NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the f ...)
	NOT-FOR-US: Easy Ad-Manager
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Man ...)
	NOT-FOR-US: OkScripts product
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Ok ...)
	NOT-FOR-US: OkScripts product
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Ok ...)
	NOT-FOR-US: OkScripts product
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Qu ...)
	NOT-FOR-US: OkScripts product
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free QBoa ...)
	NOT-FOR-US: QBoard
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when  ...)
	- zope-zms <unfixed> (bug #373667; unimportant)
	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
	NOTE: register_globals is an unsupported mode of operation in Debian
CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in LoveC ...)
	NOT-FOR-US: aePartner
CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1 ...)
	NOT-FOR-US: WebprojectDB
CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...)
	NOT-FOR-US: phazizGuestbook
CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and e ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo Sc ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 al ...)
	NOT-FOR-US: Ringlink
CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...)
	NOT-FOR-US: VanillaSoft
CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPi ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...)
	NOT-FOR-US: Chemical Dictionary
CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...)
	NOT-FOR-US: PICRATE
CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Medi ...)
	NOT-FOR-US: vSCAL and vsREAL
CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earli ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1. ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and Pa ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise Times ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats be ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...)
	NOT-FOR-US: ViArt
CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...)
	NOT-FOR-US: ViArt
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the i ...)
	NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earli ...)
	NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery b ...)
	NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.ph ...)
	NOT-FOR-US: PBL Guestbook
CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect  ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite Calend ...)
	NOT-FOR-US: PHP Lite Calendar
CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats  ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows r ...)
	- overkill 0.16-9 (bug #373687; low)
	[sarge] - overkill <no-dsa> (Only DoS against an obscure game, no code injection possible)
CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow  ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware  ...)
	NOT-FOR-US: LabWiki
CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network r ...)
	NOT-FOR-US: SafeNET
CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wik ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft P ...)
	NOT-FOR-US: Particle Whois
CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts D ...)
	NOT-FOR-US: Xtreme Downloads
CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Caba ...)
	NOT-FOR-US: Cabacos Web CMS
CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergeni ...)
	NOT-FOR-US: Empris
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remot ...)
	NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in Joom ...)
	NOT-FOR-US: Joomla!
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 an ...)
	NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote attacke ...)
	NOT-FOR-US: FilZip
CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlie ...)
	NOT-FOR-US: i.List
CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...)
	NOT-FOR-US: i.List
CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice  ...)
	NOT-FOR-US: KAPhotoservice
CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow  ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS)  ...)
	NOT-FOR-US: NPDS
CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dyna ...)
	NOT-FOR-US: NPDS
CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attack ...)
	NOT-FOR-US: NPDS
CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root wi ...)
	NOT-FOR-US: A-CART
CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with insuffi ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in  ...)
	- dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier all ...)
	NOT-FOR-US: FORM2MAIL
CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...)
	NOT-FOR-US: WebFORM
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ad ...)
	- twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of s ...)
	- mailman <not-affected> (Mailman uses the system version of the affected Python lib)
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-2939
	REJECTED
CVE-2006-2938
	REJECTED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote atta ...)
	{DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up t ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in drivers/cdrom/cd ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kern ...)
	- linux-2.6 2.6.17-3
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterpri ...)
	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
	- kdebase 3.5.2-1 (medium)
	NOTE: exact fixed version not known, however bug only affects < 3.2
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split sup ...)
	- linux-2.6 <not-affected> (vulnerable code not present)
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engin ...)
	NOT-FOR-US: Sun
CVE-2006-2929 (PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_ ...)
	NOT-FOR-US: OpenEMR
CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5  ...)
	NOT-FOR-US: CMS-Bandits
CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in Cod ...)
	NOT-FOR-US: CAForum
CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6. ...)
	NOT-FOR-US: Qbik
CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in Ingat ...)
	NOT-FOR-US: Ingate
CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4. ...)
	NOT-FOR-US: Ingate
CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as use ...)
	- iaxclient 0.0+svn20060520-2
CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2. ...)
	NOT-FOR-US: MiraksGalerie
CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in Cla ...)
	NOT-FOR-US: CMPro
CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote att ...)
	- sylpheed 2.2.6-1 (low)
	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
	- sylpheed-claws 1.0.5-3 (bug #372891; low)
	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote a ...)
	NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores th ...)
	NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate 6.1.2. ...)
	NOT-FOR-US: WinGate
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later  ...)
	- arts 1.5.3-2 (bug #374003; low)
	[sarge] - arts <not-affected> (Not setuid root in Debian)
	NOTE: artswrapper is not suid root by default, but README.Debian describes it
CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote a ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows rem ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo bef ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ver ...)
	NOT-FOR-US: jetAudio
CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension (zipinfo.d ...)
	NOT-FOR-US: PicoZip
CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard (My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2907
	RESERVED
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
	{DSA-1117}
	- libgd2 2.0.33-5 (bug #372912; low)
	- tetex-bin <not-affected> (Links dynamically, see #382506)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
	NOT-FOR-US: Partial Links
CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle Link ...)
	NOT-FOR-US: Partial Links
CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow  ...)
	NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware  ...)
	NOT-FOR-US: D-Link
CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read arbi ...)
	NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before 2006 ...)
	NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 an ...)
	{DSA-1126}
	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
	- iax 0.2.2-5
	[sarge] - iax <not-affected> (Vulnerable code not present)
	- iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remo ...)
	NOT-FOR-US: Funkboard
CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change arbi ...)
	NOT-FOR-US: Funkboard
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to vers ...)
	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, M ...)
	{DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full p ...)
	NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3  ...)
	NOT-FOR-US: GANTTy
CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelp ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allo ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig  ...)
	NOT-FOR-US: Wikiwig
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earli ...)
	NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote  ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree O ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remot ...)
	NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1. ...)
	NOT-FOR-US: Kmita
CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPS ...)
	NOT-FOR-US: ASPScriptz
CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
	NOT-FOR-US: DreamAccount
CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages f ...)
	NOT-FOR-US: pyblosxom package doesn't ship plugins
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine 1. ...)
	NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier a ...)
	- dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlie ...)
	NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
	NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake  ...)
	- tremulous 1.1.0-6 (bug #660827)
	[squeeze] - tremulous 1.1.0-7~squeeze1
	- ioquake3 1.36+svn1788j-1
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has un ...)
	NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4 ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 a ...)
	NOT-FOR-US: Rumble
CVE-2006-2871
	NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in Intell ...)
	NOT-FOR-US: Intelligent Solutions Inc.
CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
	NOT-FOR-US: Avast
CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6  ...)
	NOT-FOR-US: Claroline
CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta an ...)
	NOT-FOR-US: CoolForum
CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in DotCl ...)
	NOT-FOR-US: DotClear
CVE-2006-2865
	NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framew ...)
	NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in C ...)
	NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
	NOT-FOR-US: Particle Gallery
CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ea ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allow ...)
	NOT-FOR-US: Webspotblogging
CVE-2006-2859
	NOT-FOR-US: MyBloggie
CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1 ...)
	NOT-FOR-US: LocazoList
CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows remo ...)
	NOT-FOR-US: LifeType
CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib d ...)
	NOT-FOR-US: ActiveState
CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote  ...)
	NOT-FOR-US: xueBook
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows  ...)
	NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal 5. ...)
	NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ear ...)
	NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject 2. ...)
	NOT-FOR-US: dotProject
CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP L ...)
	NOT-FOR-US: LabWiki
CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php  ...)
	NOT-FOR-US: Bytehoard
CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the adm ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows rem ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Po ...)
	NOT-FOR-US: VisionGate
CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
	NOT-FOR-US: Redaxo
CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
	NOT-FOR-US: Redaxo
CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote  ...)
	NOT-FOR-US: Redaxo
CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka  ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "u ...)
	NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module (PGProbl ...)
	NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for Microsof ...)
	NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book a ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies L ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
	NOT-FOR-US: saphplesson
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in gnop ...)
	NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module (upload. ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ...)
	{DSA-1125}
	NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
	NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
	NOTE: fixes CVE-2006-2831.
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent  ...)
	NOT-FOR-US: TIBCO
CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4 ...)
	NOT-FOR-US: TIBCO
CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote atta ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-2827
	NOT-FOR-US: X-Cart
CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLi ...)
	NOT-FOR-US: PHPLIB
CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir configu ...)
	NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool
CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8  ...)
	NOT-FOR-US: Logicalware
CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive in ...)
	NOT-FOR-US: ashopKart
CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeA ...)
	NOT-FOR-US: cforum
CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pr ...)
	NOT-FOR-US: DeltaScripts
CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog O ...)
	NOT-FOR-US: HotWebScripts
CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Iglo ...)
	NOT-FOR-US: Barnraiser Igloo
CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron  ...)
	NOT-FOR-US: Cameron McKay Informium
CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
	NOT-FOR-US: tekno.Portal
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in co ...)
	NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Fac ...)
	NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions i ...)
	NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart allow ...)
	NOT-FOR-US: iShopCart
CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Do ...)
	NOT-FOR-US: PICRATE
CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidenti ...)
	NOT-FOR-US: Ovidentia
CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundr ...)
	NOT-FOR-US: Belchior vCard
CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar ...)
	NOT-FOR-US: ar-blog
CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR gues ...)
	NOT-FOR-US: Lycos
CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to chan ...)
	NOT-FOR-US: ASPwebSoft
CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache Jame ...)
	NOT-FOR-US: Apache James
CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earl ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1 ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ad ...)
	NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS a ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass authenti ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password  ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in Kaya ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResp ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2006-2842
	- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
	NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [webalizer: symlink vulnerability]
	- webalizer 2.01.10-29 (low; bug #359745)
	[sarge] - webalizer <no-dsa> (Minor issue)
	NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote attacker ...)
	NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intellig ...)
	NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
	NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
	{DSA-1105}
	- xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in toen ...)
	NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCal ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 a ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1 ...)
	NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking S ...)
	NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier a ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
	NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and p ...)
	NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment (S ...)
	NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if s ...)
	- evolution 2.4.0-1 (low)
	[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
	NOTE: Verified that the patch has been applied in 2.4.0-1,
	NOTE: may have been fixed earlier.
CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.4 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-31
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-33
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-34
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-36
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-42
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
	- webkit 1.0.1-1 (bug #535793)
	NOTE: http://trac.webkit.org/changeset/33380
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	- kdelibs <not-affected> (bug #561765)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-41
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
	{DSA-1134-1 DSA-1118}
	NOTE: MFSA-2006-40
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers  ...)
	{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-38
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMon ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-43
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-37
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-35
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne C ...)
	NOT-FOR-US: QontentOne
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does  ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogst ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not v ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 an ...)
	NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2. ...)
	- snort 2.3.3-8 (low; bug #381726)
	[sarge] - snort <no-dsa> (Minor impact)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when register ...)
	NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when registe ...)
	NOT-FOR-US: Ottoman
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in In ...)
	NOT-FOR-US: Interlink
CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows rem ...)
	NOT-FOR-US: GuestbookXL
CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote atta ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in WebC ...)
	{DSA-1096-1}
	- webcalendar 1.0.4-1 (medium)
CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITS ...)
	NOT-FOR-US: Hitachi
CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91  ...)
	NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary  ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allow ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows  ...)
	NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Eitsop
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5. ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3. ...)
	- openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant)
	NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux  ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image Cata ...)
	NOT-FOR-US: OSIC
CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query functio ...)
	NOT-FOR-US: OSIC
CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image Cat ...)
	NOT-FOR-US: OSIC
CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
	NOT-FOR-US: OSIC
CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade  ...)
	NOT-FOR-US: PhpMyDesktop
CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interact ...)
	NOT-FOR-US: F@cile
CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile Interacti ...)
	NOT-FOR-US: F@cile
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in F@cil ...)
	NOT-FOR-US: F@cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_m ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 all ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 all ...)
	NOT-FOR-US: tinyBB
CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
	NOT-FOR-US: tinyBB
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns  ...)
	NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a stati ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote atta ...)
	NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
	NOT-FOR-US: Blend Portal
CVE-2006-2735 (PHP remote file inclusion vulnerability in language/lang_english/lang_ ...)
	NOT-FOR-US: Amod
CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote atta ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security co ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and e ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php i ...)
	NOT-FOR-US: Hot Open Tickets
CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in Ph ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in Ph ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to cha ...)
	NOT-FOR-US: Eggblog
CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d all ...)
	NOT-FOR-US: Fastpublish
CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 al ...)
	NOT-FOR-US: Eggblog
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to caus ...)
	- firefox 45.0-1 (unimportant)
	- firefox-esr 45.0esr-1 (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allow ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote atta ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
	NOT-FOR-US: JIWA
CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's usernam ...)
	NOT-FOR-US: JIWA
CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and se ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ha ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not  ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8. ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possib ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same in ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate  ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows re ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not  ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows re ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows re ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8. ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL certificat ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows rem ...)
	NOT-FOR-US: Geeklog
CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2  ...)
	NOT-FOR-US: Geeklog
CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1. ...)
	NOT-FOR-US: Geeklog
CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ful ...)
	NOT-FOR-US: Geeklog
CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allo ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0  ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers  ...)
	NOT-FOR-US: DGNews
CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.1 ...)
	NOT-FOR-US: EzUpload
CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in Niv ...)
	NOT-FOR-US: Nivisec
CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1. ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2691 (Unspecified "information leakage" vulnerabilities in aMuleWeb for AMul ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 a ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
	NOT-FOR-US: Achievo
CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Me ...)
	NOT-FOR-US: AGTC
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow re ...)
	NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
	- acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS M ...)
	NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS  ...)
	NOT-FOR-US: open-medium
CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End C ...)
	NOT-FOR-US: Back-End
CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2 ...)
	NOT-FOR-US: SocketMail
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Albu ...)
	NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
	NOT-FOR-US: Cisco
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manage ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc configurait ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earl ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads  ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earl ...)
	NOT-FOR-US: Tamber Forum
CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin Bo ...)
	NOT-FOR-US: Elite-Board
CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One  ...)
	NOT-FOR-US: Realty Pro One
CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to  ...)
	NOT-FOR-US: ChatPat
CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 all ...)
	NOT-FOR-US: ChatPat
CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Ma ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05  ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and earl ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2666 (PHP remote file inclusion vulnerability in includes/mailaccess/pop3.ph ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2665 (PHP remote file inclusion vulnerability in includes/mailaccess/pop3/co ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote a ...)
	NOT-FOR-US: iFdate
CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 all ...)
	NOT-FOR-US: iFlance
CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory a ...)
	NOT-FOR-US: VMware Server
CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a den ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4  ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
	NOTE: tempnam create a file without the temp extension. sounds like
	NOTE: another shoot yourself in the foot issue, since the local user
	NOTE: could just as easily create the file manually, and if the
	NOTE: tempnam function is taking unsanitized input, it's an
	NOTE: application error
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in  ...)
	- xsp 1.1.15-1
CVE-2006-2657
	REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally dis ...)
	NOT-FOR-US: build process for ypserv in FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
	NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Li ...)
	NOT-FOR-US: D-Link
CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier a ...)
	NOT-FOR-US: WikiNi
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation Rent ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in CosmicShopping ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ASP ...)
	NOT-FOR-US: ASPBB
CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows r ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-2645 (PHP remote file inclusion vulnerability in manager/frontinc/prepend.ph ...)
	NOT-FOR-US: Plume
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated  ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #365910)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
	- mkvtoolnix 1.7.0-2 (bug #370144; low)
CVE-2006-XXXX ['Cache' shell injection vulnerability]
	- wordpress 2.0.3-1 (high; bug #369014)
CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x bef ...)
	{DSA-1092-1}
	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)
	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
	- mysql-dfsg-4.1 <removed> (bug #369754; medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause  ...)
	{DSA-1101}
	- courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2  ...)
	{DSA-1091-1}
	- tiff 3.8.2-3 (bug #369819; low)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top L ...)
	NOT-FOR-US: Monster Top List
CVE-2006-2642
	NOT-FOR-US: Php-residence
CVE-2006-2641
	NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (ak ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in prattmi ...)
	NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote att ...)
	NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) M ...)
	NOT-FOR-US: TuttoPhp
CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to b ...)
	NOT-FOR-US: Katy Whitton NewsCMSLite
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka T ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ( ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php  ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2. ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts  ...)
	NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Secu ...)
	NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP p ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-2628
	RESERVED
CVE-2006-2627
	RESERVED
CVE-2006-2626
	RESERVED
CVE-2006-2625
	RESERVED
CVE-2006-2624
	RESERVED
CVE-2006-2623
	RESERVED
CVE-2006-2622
	RESERVED
CVE-2006-2621
	RESERVED
CVE-2006-2620
	RESERVED
CVE-2006-2619
	RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Di ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Direc ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 record ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versi ...)
	NOTE: Installation path disclosure is uninteresting on Debian systems.
	NOTE: The profile path might be more sensitive, but exploit that
	NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the  ...)
	NOT-FOR-US: Novell Client for Windows
	NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in  ...)
	- mediawiki1.7 <not-affected> (Fixed in 1.7 prior to release)
	- mediawiki1.5 <removed>
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5  ...)
	NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when register_g ...)
	NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when register_glo ...)
	NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows  ...)
	{DSA-1184-2}
	- linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x befor ...)
	- sun-java5 1.5.0-06-1 (low; bug #384734)
CVE-2006-XXXX [mono xsp file disclosure]
	- xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return  ...)
	- cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
	NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier all ...)
	NOT-FOR-US: DSChat
CVE-2006-2604
	REJECTED
CVE-2006-2603
	REJECTED
CVE-2006-2602
	REJECTED
CVE-2006-2601
	REJECTED
CVE-2006-2600
	REJECTED
CVE-2006-2599
	REJECTED
CVE-2006-2598
	REJECTED
CVE-2006-2597
	REJECTED
CVE-2006-2596
	REJECTED
CVE-2006-2595
	REJECTED
CVE-2006-2594
	REJECTED
CVE-2006-2593
	REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to exe ...)
	NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and  ...)
	NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote attacke ...)
	NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
	NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
	NOT-FOR-US: WebTool HTTP server
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier a ...)
	NOT-FOR-US: IpLogger
CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows remo ...)
	NOT-FOR-US: Destiney Links Script
CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Sky ...)
	NOT-FOR-US: SkyeBox
CVE-2006-2583 (PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.ph ...)
	NOT-FOR-US: Nucleus
CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attack ...)
	NOT-FOR-US: RWiki
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1. ...)
	NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy Serv ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 Stan ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server Platfo ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 an ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is en ...)
	NOT-FOR-US: eSyndicat Directory
CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earl ...)
	- netpanzer 0.8+svn20060319-2 (bug #370146; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX  ...)
	NOT-FOR-US: Software Distributor in HP-UX
CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with magic_quo ...)
	NOT-FOR-US: DGBook
CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 al ...)
	NOT-FOR-US: DGBook
CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon Ope ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 all ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ea ...)
	NOT-FOR-US: Linklist
CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB. ...)
	NOT-FOR-US: UBB.threads
CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in Alst ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain s ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allo ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Al ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to  ...)
	- php4 4:4.4.4-1 (bug #370166; unimportant)
	- php5 5.1.6-1 (bug #370165; unimportant)
	NOTE: Safe mode violations are not supported
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access restrict ...)
	NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access restri ...)
	NOT-FOR-US: Edimax BR-6104K router
CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to  ...)
	NOT-FOR-US: Sitecom WL-153 router
CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to  ...)
	NOT-FOR-US: Linksys WRT54G router
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier a ...)
	NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in Flo ...)
	NOT-FOR-US: Newsportal
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
	- newsportal <itp> (bug #149069)
	NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote at ...)
	NOT-FOR-US: Genecys
CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys 0. ...)
	NOT-FOR-US: Genecys
CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local  ...)
	NOT-FOR-US: HP-UX
CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when res ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolv ...)
	NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary  ...)
	- bind <removed> (unimportant)
	- bind9 <not-affected> (does not send parallel queries)
	NOTE: Disabling recursion does not close all attack vectors.
	NOTE: Browser reflection attacks will still work.
	NOTE: Bind 8 design limitations that are only addressed in bind 9 are not
	NOTE: treated a security issues, DNS admins need to be aware what they are using
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: perlpodder
CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool be ...)
	NOT-FOR-US: PDF Form Filling and Flattening Tool
CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
	NOT-FOR-US: prodder/perlpodder
CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix b ...)
	NOT-FOR-US: Sap
CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server 8 ...)
	NOT-FOR-US: BEA
CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ma ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors an ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
	{DSA-1086-1}
	- xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows re ...)
	NOT-FOR-US: Zixforum
CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive in ...)
	NOT-FOR-US: Diesel
CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
	NOT-FOR-US: Sybase
CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-ass ...)
	NOT-FOR-US: Windows-only Firefox plugin
CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earli ...)
	NOT-FOR-US: *BOR
CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1. ...)
	NOT-FOR-US: Destiney
CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ob ...)
	NOT-FOR-US: Destiney
CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
	NOT-FOR-US: Destiney
CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2)  ...)
	NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote attacker ...)
	NOT-FOR-US: Destiney
CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity v ...)
	NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
	NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in php ...)
	NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: phpBazar
CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy Galer ...)
	NOT-FOR-US: PHP Easy Galerie
CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
	NOT-FOR-US: UseBB
CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier  ...)
	NOT-FOR-US: UseBB
CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro 2. ...)
	NOT-FOR-US: phpListPro
CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users ...)
	NOT-FOR-US: Dayfox
CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory  ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier  ...)
	NOT-FOR-US: BitZipper
CVE-2006-2519 (Directory traversal vulnerability in include/inc_ext/spaw/spaw_control ...)
	NOT-FOR-US: phpwcms
CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows r ...)
	NOT-FOR-US: phpwcms
CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition,  ...)
	NOT-FOR-US: MyWeb
CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is e ...)
	NOT-FOR-US: XOOPS
CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestboo ...)
	NOT-FOR-US: Hiox
CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with mod_mim ...)
	NOT-FOR-US: Coppermine
CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java Syst ...)
	NOT-FOR-US: Sun
CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR V ...)
	NOT-FOR-US: Hitachi
CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated us ...)
	NOT-FOR-US: FrontRange
CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short Ur ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Te ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foin ...)
	NOT-FOR-US: phpbb2 mod
CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in S ...)
	NOT-FOR-US: Sphider
CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute arb ...)
	NOT-FOR-US: Oracle
CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
	NOT-FOR-US: AZBOARD
CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3. ...)
	- cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
	NOT-FOR-US: Sun
CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalan ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News (CANe ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to exe ...)
	NOT-FOR-US: Invision
CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 all ...)
	NOT-FOR-US: AspBB
CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
	NOT-FOR-US: Novell
CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager i ...)
	- serendipity 1.0-1
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote attack ...)
	NOT-FOR-US: IntelliTampe
CVE-2006-2493
	REJECTED
CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll C ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2005-1754
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1753
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote a ...)
	- gforge 3.1-30
	NOTE: viewFile.php disabled in 3.1-30
CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, O ...)
	NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/ ...)
	NOT-FOR-US: BoastMachine
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Netw ...)
	NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x bef ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
	- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (W ...)
	NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 a ...)
	NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
	NOT-FOR-US: YapBB
CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Quezza
CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebM ...)
	NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in Squirre ...)
	NOT-FOR-US: Squirrelcart
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for De ...)
	NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stor ...)
	NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted attackers ...)
	- dia 0.95.0-4 (bug #368202; low)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify  ...)
	NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
	NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ro ...)
	NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) be ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ear ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2473
	NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 thro ...)
	NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 t ...)
	NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration Consol ...)
	NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
	NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1  ...)
	NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 di ...)
	NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote atta ...)
	NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
	- mp3info 0.8.4-9.1 (bug #368207; low)
	[sarge] - mp3info <no-dsa> (Hardly exploitable)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7 ...)
	NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers  ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service P ...)
	NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set th ...)
	NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_glob ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlie ...)
	{DSA-1081-1}
	- libextractor 0.5.14-1
CVE-2006-2457
	RESERVED
CVE-2006-2456
	RESERVED
CVE-2006-2455
	RESERVED
CVE-2006-2454
	RESERVED
CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have unspeci ...)
	- dia 0.95.0-4 (bug #368202; medium)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature i ...)
	- gdm 2.16.1-1 (bug #375281; medium)
	[sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
	- linux-2.6 2.6.17-3 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authent ...)
	- libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users  ...)
	{DSA-1156}
	- kdebase 4:3.5.2-2 (bug #374002; medium)
CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, doe ...)
	- linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
	{DSA-1090-1}
	- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.16-1
	NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the
	NOTE: patch is included there
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.2 ...)
	- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel  ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
	{DSA-1062-1}
	- kphone 1:4.2-3 (bug #337830; medium)
CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assi ...)
	NOT-FOR-US: ZipCentral
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the docum ...)
	NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for Cauc ...)
	NOT-FOR-US: Caucho
CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) sto ...)
	NOT-FOR-US: IBM
CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 an ...)
	NOT-FOR-US: IBM
CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulativ ...)
	NOT-FOR-US: IBM
CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6 ...)
	NOT-FOR-US: IBM
CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server Er ...)
	NOT-FOR-US: IBM
CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
	NOT-FOR-US: IBM
CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6 ...)
	NOT-FOR-US: IBM
CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Duware
CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h a ...)
	- clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 an ...)
	{DSA-1769-1}
	- sun-java5 1.5.0-10-1 (bug #384734)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b14-1.5~pre1-3 (bug #566766)
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpR ...)
	NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and earli ...)
	NOT-FOR-US: ezUserManager
CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Conf ...)
	NOT-FOR-US: Confixx
CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
	NOT-FOR-US: phpCOIN
CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remo ...)
	NOT-FOR-US: Pragma
CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows r ...)
	NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
	- bugzilla <unfixed> (unimportant)
CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory Lis ...)
	NOT-FOR-US: Directory Listing Script
CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of phpM ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before  ...)
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier al ...)
	NOT-FOR-US: e107
CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 an ...)
	NOT-FOR-US: FlexChat
CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows r ...)
	{DSA-1080-1}
	- dovecot 1.0.beta8-1 (low)
	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a den ...)
	- gnunet 0.7.0e-1 (bug #368159; medium)
	[sarge] - gnunet <not-affected> (according to maintainer)
CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
	NOT-FOR-US: Raydium
CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in Raydi ...)
	NOT-FOR-US: Raydium
CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN revi ...)
	NOT-FOR-US: Raydium
CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c i ...)
	NOT-FOR-US: Raydium
CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow rem ...)
	NOT-FOR-US: Raydium
CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Compo ...)
	NOT-FOR-US: ActiveX component
CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassifi ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassi ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance  ...)
	NOT-FOR-US: RadScripts
CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to  ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp fo ...)
	NOT-FOR-US: Outgun
CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ear ...)
	NOT-FOR-US: Outgun
CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ear ...)
	NOT-FOR-US: Outgun
CVE-2006-2399 (Stack-based buffer overflow in the ServerNetworking::incoming_client_d ...)
	NOT-FOR-US: Outgun
CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and earl ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote  ...)
	NOT-FOR-US: phpODP
CVE-2006-2395 (PHP remote file inclusion vulnerability in resources/includes/popp.con ...)
	NOT-FOR-US: PopPhoto
CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helpe ...)
	NOT-FOR-US: PHP Live Support
CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote atta ...)
	NOT-FOR-US: Debian's 'empire' is a different game
CVE-2006-2392 (PHP remote file inclusion vulnerability in public_includes/pub_popup/p ...)
	NOT-FOR-US: PHP Blue Dragon Platinum
CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remo ...)
	NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...)
	NOT-FOR-US: Microsoft
CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier a ...)
	NOT-FOR-US: Microsoft
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2381
	REJECTED
CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server du ...)
	NOT-FOR-US: Microsoft
CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2377
	REJECTED
CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering Eng ...)
	NOT-FOR-US: Microsoft
CVE-2006-2375
	REJECTED
CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service (RASMA ...)
	NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in Mic ...)
	NOT-FOR-US: Microsoft
CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink I ...)
	- vnc4 4.1.1+X4.3.0-10 (high)
	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka  ...)
	NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka  ...)
	NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r op ...)
	- libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allow ...)
	NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in  ...)
	NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
	NOT-FOR-US: Limbo
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software Found ...)
	- binutils 2.17-1 (low; bug #368237)
	[sarge] - binutils <no-dsa> (Very minor issue)
CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in D ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB a ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart mo ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2192
	RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files  ...)
	{DSA-857-1}
	- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
	{DSA-1216}
	- flexbackup 1.2.1-3 (bug #334350; low)
CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Anot ...)
	NOT-FOR-US: YaPIG
CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image Ga ...)
	NOT-FOR-US: YaPIG
CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
	NOT-FOR-US: YaPIG
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
	NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premi ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006  ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 an ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsU ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsU ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350
	REJECTED
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Busin ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows r ...)
	- vpopmail <not-affected> (vulnerability introduced in 5.4.14)
	NOTE: Unable to reach CVS to determine if prior versions are affected
	NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAG ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with  ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine  ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMas ...)
	NOT-FOR-US: PassMasterFlex
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and evoTop ...)
	NOT-FOR-US: evoTopsites
CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain adm ...)
	NOT-FOR-US: PlaNet
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wir ...)
	NOT-FOR-US: D-Link
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and  ...)
	NOT-FOR-US: vBulletin
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsof ...)
	NOT-FOR-US: Windows
CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of s ...)
	NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
	- firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3. ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensiti ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6 ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iP ...)
	NOT-FOR-US: Novell
CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info Onli ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.in ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2324 (180solutions Zango downloads "required Adware components" without chec ...)
	NOT-FOR-US: 180solutions
CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpLi ...)
	NOT-FOR-US: SmartISoft
CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...)
	NOT-FOR-US: Cisco
CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science I ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4 ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a an ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33 ...)
	NOT-FOR-US: Intel Windows software
CVE-2006-2315
	NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13 ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (medium; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (medium)
	- postgresql-8.1 8.1.4-1 (medium)
	- pygresql 3.8-1.1 (medium)
	[sarge] - pygresql <not-affected> (Already includes proper quoting)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code. That's why
	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
	NOTE: The following packages needed to adapted to cope with the new system:
	NOTE: psycopg 1.1.21-5 (bug #369230)
	NOTE: python-pgsql 2.4.0-8 (bug #369250)
	NOTE: pygresql 1:3.8-1.1 (bug #369239)
	NOTE: dovecot 1.0.beta8-3 (bug #369359)
	NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13 ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (high; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (high)
	- postgresql-8.1 8.1.4-1 (high)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code. That's why
	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...)
	NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and Serv ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote at ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain sen ...)
	NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25  ...)
	NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2 ...)
	NOT-FOR-US: Website Baker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisher ...)
	NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow  ...)
	NOT-FOR-US: Jadu
CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Nove ...)
	NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 bui ...)
	NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x allo ...)
	NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri al ...)
	NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote attac ...)
	NOT-FOR-US: EImagePro
CVE-2006-2299
	RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the libi ...)
	NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System Librar ...)
	NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0  ...)
	NOT-FOR-US: EDirectoryPro
CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote att ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Cal ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php i ...)
	NOT-FOR-US: 2005-Comments-Script
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local user ...)
	- avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service (m ...)
	- avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0 ...)
	NOT-FOR-US: Vision Source
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in claro_init_globa ...)
	NOT-FOR-US: Dokeos
CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6. ...)
	NOT-FOR-US: Dokeos
CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5  ...)
	NOT-FOR-US: Claroline
CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
	NOT-FOR-US: phpRaid
CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier  ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbit ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 Bet ...)
	NOT-FOR-US: openEngine
CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows remo ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow context-dependen ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cau ...)
	{DSA-1059-1}
	- quagga 0.99.4-1 (bug #366980; low)
CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...)
	- linux-2.6 2.6.16-13
CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav ...)
	NOT-FOR-US: Verisign
CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows re ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 <not-affected>
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in Jetb ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3  ...)
	NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows r ...)
	NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to  ...)
	NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calend ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows  ...)
	NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9 ...)
	NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allow ...)
	NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module (projec ...)
	- drupal <not-affected> (bug #366947)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows re ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule  ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
	NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp  ...)
	NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal 1. ...)
	NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attacke ...)
	NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in St ...)
	NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allo ...)
	NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in Invi ...)
	NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in C ...)
	NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages dependin ...)
	{DSA-1056-1}
	- webcalendar 1.0.2-2.2 (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition a ...)
	NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php  ...)
	NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service (applic ...)
	NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL  ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in Fuj ...)
	NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
	NOT-FOR-US: Newsadmin
CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
	{DSA-1058-1}
	- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Ret ...)
	- tremulous 1.1.0-6 (bug #660827)
	[squeeze] - tremulous 1.1.0-7~squeeze1
	- ioquake3 1.36+svn1788j-1
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is  ...)
	NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1. ...)
	NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51 ...)
	NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 2 ...)
	NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
	NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0 ...)
	{DSA-1093-1}
	- xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...)
	- openvpn <unfixed> (unimportant)
	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
	NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4. ...)
	NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 a ...)
	NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows re ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows  ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly impleme ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, al ...)
	NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock InstallBuild ...)
	- ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables u ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: SQL query disclosure
CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types befor ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: path disclosure
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Window ...)
	NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board allow ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain t ...)
	NOT-FOR-US: OpenBB
CVE-2006-2215
	REJECTED
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd)  ...)
	NOT-FOR-US: Solaris
CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in Solari ...)
	- xview <not-affected> (xview on Solaris)
	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
	NOTE: those anyway. Exact information is not available, but a similar problem
	NOTE: is already fixed in the Debian package.
CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library (l ...)
	NOT-FOR-US: Solaris
CVE-2006-XXXX [cyrus-imapd allows user probes]
	- cyrus-imapd-2.2 2.2.13-3
	- kolab-cyrus-imapd 2.2.13-1
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier al ...)
	NOT-FOR-US: 4images
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ( ...)
	{DSA-1065-1}
	- hostapd 1:0.5.0-1 (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows  ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft PhP-Gall ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-G ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena paChe ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php  ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2207
	RESERVED
CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 us ...)
	NOT-FOR-US: UltraVNC
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a d ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality (post_ ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allo ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager (CAIRI ...)
	NOT-FOR-US: CA Resource Initialization Manager
CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and  ...)
	- libmms 0.2-7 (bug #374577; medium)
	- mimms 2.0.0-1 (bug #374577; medium)
	- xine-lib 1.1.2-2 (bug #374577; unimportant)
	NOTE: Not exploitable within xine, as alloced buffer are large enough
CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0 ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent att ...)
	{DSA-1100}
	- wv2 0.2.2-6 (medium)
CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain  ...)
	{DSA-1102}
	- pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3. ...)
	{DSA-1099-1 DSA-1098-1}
	- horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check th ...)
	{DSA-1106}
	- ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in li ...)
	{DSA-1091-1}
	- tiff 3.8.2-4 (bug #371064; bug #370355; medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2191
	- mailman 1:2.1.9-1 (unimportant)
	NOTE: https://mail.python.org/pipermail/mailman-announce/2006-September/000087.html
	NOTE: not exploitable
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMai ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allow ...)
	NOT-FOR-US: Servous sBLOG
CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 an ...)
	NOT-FOR-US: CMScout
CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1  ...)
	NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensi ...)
	NOT-FOR-US: zenphoto
CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password  ...)
	NOT-FOR-US: Novell
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowle ...)
	NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running sui ...)
	NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2 ...)
	NOT-FOR-US: albinator
CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...)
	NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers  ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote atta ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allo ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
	NOT-FOR-US: geoBlog
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in PH ...)
	NOT-FOR-US: PHP Linkliste
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
	NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in admin/server_da ...)
	NOT-FOR-US: Virtual Hosting Control System (VHCS)
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authentic ...)
	NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated  ...)
	NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execu ...)
	NOT-FOR-US: WarFTPD
CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensiti ...)
	- request-tracker3.4 <not-affected> (file not included in 3.4)
CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to by ...)
	NOT-FOR-US: FileProtection Express
CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0,  ...)
	NOT-FOR-US: SloughFlash
CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shoppin ...)
	NOT-FOR-US: Avactis
CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2  ...)
	NOT-FOR-US: Avactis
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
	- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9 ...)
	NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ( ...)
	NOT-FOR-US: Russcom
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp a ...)
	NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus Gue ...)
	NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ear ...)
	NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin  ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...)
	NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB TopLis ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB TopLi ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in Aardv ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not prop ...)
	{DSA-1047-1}
	- resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB ...)
	NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 all ...)
	NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2 ...)
	NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0. ...)
	NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in L ...)
	NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in Collaborati ...)
	NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 a ...)
	NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow  ...)
	NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...)
	NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke a ...)
	NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote attack ...)
	NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...)
	NOT-FOR-US: Ruperts News
CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php  ...)
	NOT-FOR-US: phpbb2 mod
CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and  ...)
	NOT-FOR-US: Cisco
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
	{DSA-1052-1}
	- cgiirc 0.5.9-1 (bug #365680; medium)
	[sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and e ...)
	NOT-FOR-US: BoonEx Barracuda
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows remot ...)
	NOT-FOR-US: DUclassified
CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDE ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows r ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x al ...)
	NOT-FOR-US: Blog Mod
CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and  ...)
	NOT-FOR-US: MaxTrade
CVE-2006-2125
	REJECTED
CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...)
	NOT-FOR-US: SunShop
CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in Netw ...)
	NOT-FOR-US: Network Administration Visualiazed
CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allo ...)
	NOT-FOR-US: CoolMenus
CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...)
	NOT-FOR-US: I-RATER Platinum
CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
	{DSA-1078-1}
	- tiff 3.8.1 (bug #366588; medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
	NOT-FOR-US: Artmedic
CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
	NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote at ...)
	NOT-FOR-US: Thyme
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote atta ...)
	NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to exe ...)
	NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print e ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products i ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x bef ...)
	{DSA-1060-1}
	- kernel-patch-vserver 2:2.0.1-4 (low)
	- linux-2.6 2.6.16-11 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str functi ...)
	NOTE: #357204: request for removal
	- jsboard 2.0.10-2 (bug #368305; low)
CVE-2006-2108 (parser.exe in Oc&#233; (OCE) 3121/3122 Printer allows remote attackers ...)
	NOT-FOR-US: OCE
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote att ...)
	NOT-FOR-US: BL4
CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9 ...)
	- trac 0.9.5-1 (medium)
	[sarge] - trac <unfixed> (medium)
	NOTE: http://trac.edgewall.org/changeset/3201
	NOTE: http://trac.edgewall.org/changeset/3287
	NOTE: the second reference fixes a regression in the first. i *believe*
	NOTE: that these correctly solve the problem, though we really ought
	NOTE: to run this by upstream or the reporter.
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 an ...)
	NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email  ...)
	NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows rem ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote attack ...)
	NOT-FOR-US: PowerISO
CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote attacker ...)
	NOT-FOR-US: WinISO
CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows r ...)
	NOT-FOR-US: Magic ISO
CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...)
	NOT-FOR-US: UltraISO
CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before  ...)
	NOT-FOR-US: Thumbnail AutoIndex
CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board (I ...)
	NOT-FOR-US: Invision
CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote attack ...)
	NOT-FOR-US: LDU
CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and Windo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attack ...)
	- libnasl 2.2.8-1 (bug #365898; low)
	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4 ...)
	NOT-FOR-US: HP
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows rem ...)
	NOT-FOR-US: Virtual War
CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x  ...)
	NOT-FOR-US: MySmartBB
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MyS ...)
	NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bul ...)
	NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx b ...)
	NOT-FOR-US: juniper SSL-VPN
CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in S ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended attribu ...)
	- rsync 2.6.8-1 (bug #365614; high)
	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in produc ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660831)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute arb ...)
	NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky Me ...)
	NOT-FOR-US: Verosky
CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky M ...)
	NOT-FOR-US: Verosky
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, in ...)
	NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attacker ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ca ...)
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers  ...)
	NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
	- bind9 1:9.3.3-1 (low)
	NOTE: Only exploitable by trusted users after TSIG transaction
	NOTE: https://lists.isc.org/pipermail/bind-users/2011-October/085298.html
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and  ...)
	NOT-FOR-US: DeleGate
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in Hi ...)
	NOT-FOR-US: Hitachi
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State Universi ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a  ...)
	NOT-FOR-US: Opera
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
	- linux-2.6 2.6.16-8
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0  ...)
	NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
	- pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote attacke ...)
	NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
	NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MK ...)
	NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earli ...)
	NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 m ...)
	NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full  ...)
	NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
	NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision Po ...)
	NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
	NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
	NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
	NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user- ...)
	NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows  ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
	NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier  ...)
	NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant Phot ...)
	NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.p ...)
	NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3. ...)
	NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts D ...)
	NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ed ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows  ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics Cartwea ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
	NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default us ...)
	NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local use ...)
	NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that al ...)
	NOT-FOR-US: Adobe
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitr ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 all ...)
	NOT-FOR-US: photokorn
CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help  ...)
	NOT-FOR-US: Help Center Live
CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier al ...)
	NOT-FOR-US: ampleShop
CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0  ...)
	NOT-FOR-US: Thwboard
CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly  ...)
	NOT-FOR-US: iOpus
CVE-2006-2035 (Websense, when configured to permit access to the dynamic content cate ...)
	NOT-FOR-US: Websense
CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB 0.5. ...)
	NOT-FOR-US: FlexBB
CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ear ...)
	NOT-FOR-US: Core
CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earl ...)
	NOT-FOR-US: Core
CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2. ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-2/
	NOTE: The first linked commit is the official one for linked in PMASA
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc
CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
	NOT-FOR-US: Allied Telesyn
CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...)
	NOT-FOR-US: Simplog
CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy As ...)
	NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in  ...)
	NOT-FOR-US: Pablo Software
CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for li ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow context-depende ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c i ...)
	NOT-FOR-US: Fenice
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module (rtsp/par ...)
	NOT-FOR-US: Fenice
CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in  ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores  ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
	NOT-FOR-US: Apple
CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 caus ...)
	{DTSA-107-1}
	- beagle 0.2.13-1 (low)
	[etch] - beagle <no-dsa> (Minor issue)
	- banshee 0.11.2+dfsg-1 (low)
	- liferea 1.4.9-1 (low; bug #451548)
	[etch] - liferea <no-dsa> (Minor issue)
	- blam 1.8.4-1 (low)
	[etch] - blam <no-dsa> (Minor issue)
	NOTE: lintian bug filed: #451559
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 1 ...)
	- tomboy 0.8.1-2 (low)
	[etch] - tomboy <no-dsa> (Minor issue)
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, do ...)
	- resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, al ...)
	- resmgr <not-affected>
CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...)
	- resmgr <not-affected>
CVE-2006-XXXX [librsvg2 crash on certain svg files]
	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows  ...)
	NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service (app ...)
	- dnsmasq 2.30-1 (medium)
	[sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0. ...)
	{DSA-1057-1}
	- phpldapadmin 0.9.8.3-1 (bug #365313; low)
	- egroupware 1.2-104.dfsg-1 (bug #365314; low)
	NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin
CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote  ...)
	NOT-FOR-US: SL_site
CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 allow ...)
	NOT-FOR-US: SL_site
CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote a ...)
	NOT-FOR-US: SL_site
CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows remot ...)
	NOT-FOR-US: Skulltag
CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7  ...)
	NOT-FOR-US: 4images
CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage  ...)
	NOT-FOR-US: Bloggage
CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda  ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go P ...)
	NOT-FOR-US: Built2Go
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
	NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 bet ...)
	NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
	NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote att ...)
	NOT-FOR-US: RI Blog
CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...)
	NOT-FOR-US: Community Architect Guestbook
CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...)
	NOT-FOR-US: MyGamingLadder
CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery  ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...)
	NOT-FOR-US: logMethods
CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of serv ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware synchroni ...)
	NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 all ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier allo ...)
	NOT-FOR-US: dForum
CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, all ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows context-de ...)
	- php4 <not-affected> (substr_compare does not exist in PHP 4.4.2)
	- php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
	- php4 4:4.4.2-1.1 (bug #365311; unimportant)
	- php5 5.1.4-0.1 (bug #365312; unimportant)
	NOTE: This could only be exploited by a malicious, local user, which is an
	NOTE: unsupported use case
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in Fre ...)
	{DSA-1050-1}
	- clamav 0.88.2
	[sarge] - clamav 0.84-2.sarge.9
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function  ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 31 ...)
	NOT-FOR-US: BOMArchiveHelper
CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier al ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may  ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows  ...)
	NOT-FOR-US: W2B Online Banking
CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web M ...)
	NOT-FOR-US: Manic Web MWGuest
CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earli ...)
	NOT-FOR-US: FlexBB
CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earl ...)
	NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote att ...)
	{DSA-1055-1 DSA-1053-1}
	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
	- mozilla <removed> (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
	- typo3-src 4.0.2-1 (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
	- moin 1.5.3-1
CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer R ...)
	NOT-FOR-US: Prayer Request Board
CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in  ...)
	NOT-FOR-US: PHP-Gastebuch
CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) bef ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router all ...)
	NOT-FOR-US: Linksys router
CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...)
	NOT-FOR-US: EasyGallery
CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM Con ...)
	NOT-FOR-US: KRANKIKOM ContentBoxX
CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...)
	NOT-FOR-US: KCScripts Classifieds
CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an un ...)
	NOT-FOR-US: KCScripts
CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCSc ...)
	NOT-FOR-US: KCScripts
CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KC ...)
	NOT-FOR-US: KCScripts
CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote at ...)
	NOT-FOR-US: Fortinet
CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net  ...)
	NOT-FOR-US: Net Clubs Pro
CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earli ...)
	NOT-FOR-US: ASPSitem
CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and  ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows rem ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express  ...)
	NOT-FOR-US: Cisco
CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user int ...)
	NOT-FOR-US: Cisco
CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Lite
CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...)
	NOT-FOR-US: WWWThreads
CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remot ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remot ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fis ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NF ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 fo ...)
	NOT-FOR-US: Caucho
CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...)
	NOT-FOR-US: WinAgents TFTP Server for Windows
CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ea ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in  ...)
	NOT-FOR-US: PerlCoders BannerFarm
CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and  ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1948 (The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss ...)
	NOT-FOR-US: Lotus Notes
CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and  ...)
	NOT-FOR-US: Visale
CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5  ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #364443; medium)
	NOTE: this might be the same core issue as CVE-2005-2732
CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft Communi ...)
	NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
	NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-39
	- firefox 1.5.dfsg+1.5.0.4-1 (low)
	- thunderbird <not-affected> (Windows-specific)
	- mozilla 2:1.7.13-0.3 (low)
	- xulrunner <not-affected> (Windows-specific)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a  ...)
	NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remo ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 a ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 a ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14  ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attacker ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attacke ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remot ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14  ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to  ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, whi ...)
	{DSA-1157}
	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
	- ruby1.8 1.8.3 (bug #365520)
CVE-2006-1930
	NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in I-Rat ...)
	NOT-FOR-US: I-Rater Platinum
CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS ...)
	NOT-FOR-US: Cisco
CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS ...)
	NOT-FOR-US: Cisco
CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 a ...)
	NOT-FOR-US: ThWboard
CVE-2006-1925 (Directory traversal vulnerability in the editnews module (inc/editnews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 al ...)
	NOT-FOR-US: LinPHA
CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) auth.p ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
	NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
	NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet Photo ...)
	NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 all ...)
	NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ClanMemberSk ...)
	NOT-FOR-US: Blackorpheus ClanMemberSkript
CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in  ...)
	NOT-FOR-US: DbbS
CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlie ...)
	NOT-FOR-US: DbbS
CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: DbbS
CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax G ...)
	NOT-FOR-US: Jax Guestbook
CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL var ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to in ...)
	- serendipity 1.0-1
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 all ...)
	NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x allo ...)
	NOT-FOR-US: myEvent
CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote att ...)
	NOT-FOR-US: myEvent
CVE-2005-4787
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2004-2657
	- mozilla-firefox <not-affected>
	- firefox <not-affected>
CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1  ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpL ...)
	NOT-FOR-US: phpLister
CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0 ...)
	- xine-ui 0.99.4-1 (bug #363370; unimportant)
	NOTE: This is a non-issue: An attacker would need to trick the user into opening
	NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode
CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis  ...)
	NOT-FOR-US: AnimeGenesis Gallery
CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 impro ...)
	- gcc-4.1 4.1.0-2 (bug #356896; unimportant)
	NOTE: Turned out to be a non-issue
CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a denia ...)
	NOT-FOR-US: Mozilla Camino
CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4 ...)
	- amaya 9.51-1 (bug #362575; medium)
CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
	NOT-FOR-US: Neuron Blog
CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Ti ...)
	NOT-FOR-US: Tiny PHP Forum
CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script ...)
	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users w ...)
	{DSA-1066-1}
	- phpbb2 2.0.18-3 (bug #365533; medium)
CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
	- phpbb2 <not-affected> (bug #365535)
CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived  ...)
	NOT-FOR-US: RevoBoard / PunBB
CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 a ...)
	NOT-FOR-US: ar-blog
CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify permiss ...)
	NOT-FOR-US: avast! 4 Linux Home Edition
CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
	NOT-FOR-US: betaboard
CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland myEven ...)
	NOT-FOR-US: myWebland
CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler  ...)
	NOT-FOR-US: Boardsolution
CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass authent ...)
	NOT-FOR-US: phpGraphy
CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security  ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework compon ...)
	NOT-FOR-US: Oracle
CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System co ...)
	NOT-FOR-US: Oracle
CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...)
	NOT-FOR-US: Oracle
CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in  ...)
	NOT-FOR-US: Oracle
CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopS ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0 ...)
	NOT-FOR-US: Oracle
CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1. ...)
	NOT-FOR-US: Oracle
CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknow ...)
	NOT-FOR-US: Oracle
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows attacke ...)
	- beagle 0.2.6-2 (bug #365371; medium)
CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier  ...)
	{DSA-1103}
	- linux-2.6 2.6.16-10
CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local u ...)
	- linux-2.6 <not-affected> (seems to be RedHat-specific)
CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote attacke ...)
	{DSA-1095-1}
	- freetype 2.2.1-1
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attac ...)
	- linux-2.6 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16. ...)
	- linux-2.6 2.6.16-14
CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ad ...)
	{DSA-1184-2}
	- linux-2.6 2.6.16-12
CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain de ...)
	{DSA-1184-2}
	NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog
	- linux-2.6 2.6.12-1
CVE-2006-1854
	NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
	NOT-FOR-US: ModernBill
CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro 1 ...)
	NOT-FOR-US: Article Publisher Pro
CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ins ...)
	NOT-FOR-US: xFlow
CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 a ...)
	NOT-FOR-US: xFlow
CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in xF ...)
	NOT-FOR-US: xFlow
CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php  ...)
	NOT-FOR-US: LinPHA
CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1845
	REJECTED
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.5 ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	NOTE: seems to be a duplicate of CVE-2006-1376
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1. ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1. ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
	NOT-FOR-US: boastMachine
CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 a ...)
	NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album 0 ...)
	NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass  ...)
	NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows rem ...)
	NOT-FOR-US: Fuju News
CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in Syman ...)
	NOT-FOR-US: Symantec LiveUpdate
CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix  ...)
	NOT-FOR-US: Calendarix
CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the  ...)
	NOT-FOR-US: NetBSD
CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the inst ...)
	NOT-FOR-US: sysinfo
CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1 ...)
	NOT-FOR-US: sysinfo
CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain  ...)
	NOT-FOR-US: Sun Java Studio Enterprise
CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenti ...)
	NOT-FOR-US: EAServer Manager in Sybase EAServer
CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
	NOT-FOR-US: PHP121
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlie ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
	[woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll 5.8 ...)
	NOT-FOR-US: HAURI anti-virus
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3 ...)
	NOT-FOR-US: Snipe Gallery
CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1. ...)
	NOT-FOR-US: phpLinks
CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.ph ...)
	NOT-FOR-US: PhpGuestbook
CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier a ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2. ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows re ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 al ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in index. ...)
	NOT-FOR-US: phpWebSite
CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1 ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, wit ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...)
	NOT-FOR-US: VBulletin
CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of s ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ea ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remo ...)
	NOT-FOR-US: FlexBB
CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BE ...)
	NOT-FOR-US: FlexBB
CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Lifetype
CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0. ...)
	NOT-FOR-US: Lifetype
CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3  ...)
	NOT-FOR-US: Musicbox
CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3. ...)
	NOT-FOR-US: Musicbox
CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows rem ...)
	NOT-FOR-US: PowerClan
CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows  ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected>
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-3/
	NOTE: The first linked commit is the official commit from PMASA
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fde2f613ad402e442a3b54d628ad85444faaeabe
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bf717892f9207c6161dc7800eb63e940478ec47
CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7. ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport)
	NOTE: maintainer considers this not-affected.
CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in TinyWebGaller ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in pl ...)
	NOT-FOR-US: planetSearch+
CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 thro ...)
	NOT-FOR-US: SimpleBBS
CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers t ...)
	NOT-FOR-US: Censtore
CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote  ...)
	NOT-FOR-US: RateIt
CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local us ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links functiona ...)
	- wordpress 2.0.1 (bug #328909)
CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...)
	NOT-FOR-US: UPDI Network Enterprise
CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earli ...)
	NOTE: only in experimental
	- mambo 4.5.3h-1 (bug #354468)
CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows rem ...)
	NOT-FOR-US: runCMS
CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Ed ...)
	NOT-FOR-US: MailEnable
CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allow ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5
	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earli ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in PAJA ...)
	NOT-FOR-US: pajax
CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, provid ...)
	NOT-FOR-US: Adobe
CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's sess ...)
	NOT-FOR-US: Adobe
CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for  ...)
	NOT-FOR-US: Adobe
CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote authenti ...)
	NOT-FOR-US: Adobe
CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in Sphi ...)
	NOT-FOR-US: Sphider
CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...)
	NOT-FOR-US: PatroNet CMS
CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to obt ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R M ...)
	NOT-FOR-US: Circle R Monster Top List
CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ca ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcra ...)
	NOT-FOR-US: Simplog
CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...)
	NOT-FOR-US: Simplog
CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft  ...)
	NOT-FOR-US: Simplog
CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ash ...)
	NOT-FOR-US: Simplog
CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 al ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Only exploitable by authenticated admin users
CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqH ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 a ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogo ...)
	- mnogosearch 3.2.37-3.1 (bug #361775)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXo ...)
	NOT-FOR-US: SAXoPRESS
CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Desig ...)
	NOT-FOR-US: AzDGVote
CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com IN ...)
	NOT-FOR-US: INDEXU
CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...)
	NOT-FOR-US: Papoo
CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 all ...)
	NOT-FOR-US: JBook
CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web documen ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 allo ...)
	NOT-FOR-US: blur6ex
CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 all ...)
	NOT-FOR-US: blur6ex
CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow  ...)
	NOT-FOR-US: JetPhoto
CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in  ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...)
	NOT-FOR-US: Vegadns
CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99  ...)
	NOT-FOR-US: Vegadns
CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a direc ...)
	NOT-FOR-US: MD News 1
CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote at ...)
	NOT-FOR-US: MD News 1
CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0. ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite arb ...)
	{DSA-1035-1}
	- fcheck 2.7.59-8
CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in  ...)
	NOT-FOR-US: MvBlog
CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remo ...)
	NOT-FOR-US: MvBlog
CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Au ...)
	NOT-FOR-US: Autogallery
CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro 2. ...)
	NOT-FOR-US: phpListPro
CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows rem ...)
	NOT-FOR-US: XMB Forum
CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 al ...)
	NOT-FOR-US: Virtual War
CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
	- phplist <itp> (bug #612288)
CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
	NOT-FOR-US: Bitweaver
CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow  ...)
	NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: The Mozilla Foundation labels this as "critical", but it's not
	NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
	NOTE: exploitable in the default configuration.
	- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Sui ...)
	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla <removed> (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: If print preview (and this bug) can be triggered from JavaScript,
	NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes c ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.2 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 al ...)
	NOT-FOR-US: ShopXS
CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer  ...)
	{DSA-1042-1}
	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson  ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information u ...)
	NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl TUGZ ...)
	NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder phpMyFor ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph Roe ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook  ...)
	NOT-FOR-US: DNGuestbook
CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in  ...)
	NOTE: this does not affect linux
CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not chec ...)
	NOT-FOR-US: NetBSD
CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is c ...)
	NOT-FOR-US: NetBSD
CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
	NOT-FOR-US: SergiD Top Music module
CVE-2005-4780
	NOT-FOR-US: LightHouse CMS
CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
	NOT-FOR-US: NetBSD
CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspeci ...)
	- powersave 0.12.7-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=119628&x=18&y=11&=Find
CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP pa ...)
	NOT-FOR-US: Tashcom ASPEdit
CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
	NOT-FOR-US: NetBSD
CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin accoun ...)
	NOT-FOR-US: Contineo
CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote  ...)
	NOT-FOR-US: Xerver
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x al ...)
	NOT-FOR-US: VMware
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like A ...)
	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows  ...)
	{DSA-1036-1}
	- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...)
	- mailman 0:2.1.7-2.1.8rc1-1
	[sarge] - mailman <not-affected> (Only affects Mailman 2.1.7)
CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1)  ...)
	{DSA-1032-1}
	- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in interakti ...)
	NOT-FOR-US: interaktiv.shop
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
	NOT-FOR-US: Clansys
CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include arbitra ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote  ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" p ...)
	NOT-FOR-US: Oracle
CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files w ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws al ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8 ...)
	- spip 2.0.6-1
CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in Shadow ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for authentica ...)
	NOT-FOR-US: Aweb Scripts Seller
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner G ...)
	NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3. ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3. ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allow ...)
	- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environme ...)
	{DSA-1068-1}
	- fbi 2.05-1 (bug #361370)
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and e ...)
	NOT-FOR-US: XBrite Members
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1. ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow re ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attac ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewslet ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LD ...)
	NOT-FOR-US: HP-UX
CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and e ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in APT-webshop-s ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier all ...)
	NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook a ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft  ...)
	NOT-FOR-US: TalentSoft Web+Shop
CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ear ...)
	- cherokee 0.5.1-1
CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attac ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in Jupi ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b
CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.0 ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics modu ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1 ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in PHPWebGaller ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard v ...)
	NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...)
	NOT-FOR-US: Cisco
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series n ...)
	NOT-FOR-US: Cisco
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series n ...)
	NOT-FOR-US: Cisco
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team P ...)
	NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PH ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable a ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and earlie ...)
	- xine-lib <not-affected> (Not reproducible with Debian version, see bug #363127)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2006-1663
	REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote at ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...)
	NOT-FOR-US: SKForum
CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz  ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow  ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky  ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ive ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 200510 ...)
	NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Sui ...)
	NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise S ...)
	NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard  ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...)
	NOT-FOR-US: Tux Racer TuxBank
CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, wh ...)
	- xscreensaver 4.18-1 (low)
CVE-2006-XXXX [linphone insecure password leakage]
	- linphone 1.3.5-1 (bug #361913)
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the s ...)
	- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted attacker ...)
	{DSA-1074-1}
	- mpg123 0.59r-22 (bug #361863)
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbo ...)
	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in AngelineC ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ear ...)
	NOT-FOR-US: UltraVNC
CVE-2006-1651
	NOT-FOR-US: MS ISA
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and p ...)
	NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The "restore to" selection in the "quarantine a file" capability of ES ...)
	NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versi ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified "logical programming mistake" in SMART SynchronEyes Stu ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg ...)
	NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732
CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...)
	NOT-FOR-US: ReloadCMS
CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...)
	NOT-FOR-US: Interact
CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows remo ...)
	NOT-FOR-US: Interact
CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remo ...)
	NOT-FOR-US: Interact
CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote a ...)
	NOT-FOR-US: CzarNews
CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14  ...)
	NOT-FOR-US: CzarNews
CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote a ...)
	NOT-FOR-US: wpBlog
CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote atta ...)
	NOT-FOR-US: aWebBB
CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allo ...)
	NOT-FOR-US: aWebBB
CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar 1.5. ...)
	NOT-FOR-US: VWar
CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0. ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1633
	RESERVED
CVE-2006-1632
	RESERVED
CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in Cis ...)
	NOT-FOR-US: Cisco
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute a ...)
	{DSA-1045-1}
	- openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows  ...)
	NOT-FOR-US: Adobe LiveCycle
CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide prope ...)
	NOT-FOR-US: Adobe Document Server
CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote attac ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package doe ...)
	- sysklogd <unfixed> (unimportant)
	NOTE: No sane person will open a network socket for syslog without apropriate
	NOTE: firewall rules. The default is not to listen to the network.
CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified "file created  ...)
	NOT-FOR-US: FleXiBle Development
CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allow ...)
	NOT-FOR-US: PHPSelect
CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allo ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote att ...)
	NOT-FOR-US: WebSphere
CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf f ...)
	NOT-FOR-US: Doomsday/deng
CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2 ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow rem ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote at ...)
	NOT-FOR-US: aWebNews
CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in  ...)
	NOT-FOR-US: aWebNews
CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allo ...)
	NOT-FOR-US: KGB Archiver
CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery  ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, a ...)
	NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users  ...)
	- php4 4:4.4.4-1 (bug #361856; unimportant)
	- php5 5.1.4-0.1 (bug #361915; unimportant)
	NOTE: Safe mode violations not supported
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before  ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before 0 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before 0 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unkno ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.1 ...)
	- phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
	NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
	NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
	NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
	NOTE: javascript in your password can't be exposed otherwise
	NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
CVE-2006-1602 (PHP remote file inclusion vulnerability in includes/functions_common.p ...)
	NOT-FOR-US: PHPNuke Clan
CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 a ...)
	NOT-FOR-US: Sun Cluster
CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 all ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3 ...)
	NOT-FOR-US: v-creator
CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remot ...)
	NOT-FOR-US: AN HTTPD
CVE-2006-1597
	RESERVED
CVE-2006-1596 (PHP remote file inclusion vulnerability in learnPath/include/scormExpo ...)
	NOT-FOR-US: Claroline
CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in C ...)
	NOT-FOR-US: Claroline
CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php  ...)
	NOT-FOR-US: Claroline
CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLeve ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1)  ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allo ...)
	NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage functio ...)
	- acidbase 1.2.5-1 (bug #363548; unimportant)
	[sarge] - acidbase <no-dsa> (Hardly exploitable)
	- acidlab <removed> (bug #363549; unimportant)
	[sarge] - acidlab <no-dsa> (Hardly exploitable)
	NOTE: Not exploitable with the default configuration anyway.
CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local user ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not c ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the ...)
	NOT-FOR-US: NetBSD
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite f ...)
	- openoffice.org 1.0.2
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser (l ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (C ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam Ant ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
	NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote  ...)
	NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser f ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III  ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg  ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 all ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 a ...)
	NOT-FOR-US: Bugzero
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board Sy ...)
	NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library Sui ...)
	NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.ph ...)
	{DSA-1133-1}
	[woody] - mantis <not-affected> (Vulnerable code not present)
	- mantis 0.19.4-3.1 (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
	NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLn ...)
	NOT-FOR-US: QLnews
CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, W ...)
	NOT-FOR-US: Groupmax World Wide Web et. al.
CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash Gal ...)
	NOT-FOR-US: MediaSlash Gallery
CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote  ...)
	NOT-FOR-US: Oxygen
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in qliteNew ...)
	NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 a ...)
	NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote atta ...)
	NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: RedCMS
CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteS ...)
	NOT-FOR-US: SiteSearch Indexer
CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Deb ...)
	- libtunepimp 0.4.2-3 (bug #359241; low)
	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...)
	- gpib 3.2.06-3 (bug #359239; low)
	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subv ...)
	- subversion 1.3.0-5 (bug #359234; low)
	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ( ...)
	NOT-FOR-US: VBook
CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in vs ...)
	NOT-FOR-US: VBook
CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiew ...)
	NOT-FOR-US: VBook
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...)
	NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote attacker ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script I ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote a ...)
	NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier ...)
	NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows re ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS L ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5 ...)
	NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation  ...)
	- php4 <removed> (bug #361854; unimportant)
	- php5 5.1.4-0.1 (bug #361917; unimportant)
	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 S ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out th ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migrati ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) store ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow rem ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and WebLog ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction a ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 wit ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote att ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in vscr ...)
	NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in vsc ...)
	NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewic ...)
	NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on Li ...)
	NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow
	NOTE: Should be rejected
CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ea ...)
	NOT-FOR-US: EzASPSite
CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 al ...)
	NOT-FOR-US: Microsoft
CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in t ...)
	- bsdgames 2.17-6 (bug #361160)
	[sarge] - bsdgames <no-dsa> (Minor impact)
CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from  ...)
	NOT-FOR-US: Enova X-Wall ASIC
CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain  ...)
	- webcalendar <unfixed> (unimportant)
CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93 ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net P ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote attac ...)
	NOT-FOR-US: Null news
CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop newsle ...)
	NOT-FOR-US: Sourceworkshop newsletter
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP Classifi ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1046-1}
	- firefox 1.5.0.2-1 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ser ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.13-1
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
	- linux-2.6 2.6.16-12 (low)
CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server  ...)
	- xorg-server 1:1.0.2-8 (bug #378464)
	[sarge] - xfree86 <not-affected> (Vulnerable code not present)
CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users  ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow f ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling (signa ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1  ...)
	- linux-2.6 2.6.16-7
CVE-2006-1521
	REJECTED
CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library  ...)
	NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag)
	- libspf <not-affected> (bug #368780; low)
CVE-2006-1519
	REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0 ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium)
	- mysql-dfsg-4.1 <removed> (bug #365939; medium)
	- mysql-dfsg <removed> (bug #365939; bug #356751; medium)
	- mysql <removed> (bug #365939; medium)
CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0. ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0 ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; bug #366043; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and earl ...)
	{DSA-1084-1}
	- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20 ...)
	{DSA-1043-1}
	- abcmidi 20060422-1
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted a ...)
	{DSA-1041-1}
	- abc2ps <removed> (bug #373685; low)
CVE-2006-1512
	REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "d ...)
	NOT-FOR-US: HP-UX
CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software Con ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remot ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5 ...)
	NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) befo ...)
	- acidbase 1.2.4-1 (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in includes/functions_install. ...)
	NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attacke ...)
	NOT-FOR-US: MPlayer
	NOTE: I can't find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows r ...)
	NOT-FOR-US: OneOrZero
CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remot ...)
	NOT-FOR-US: Tilde CMS 3.0
CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows rem ...)
	NOT-FOR-US: vCounter
CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows  ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) PHPColl ...)
	NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 all ...)
	- php4 4:4.4.4-1 (bug #361855; unimportant)
	- php5 5.1.4-0.1 (bug #361916; unimportant)
	NOTE: open_basedir violations are not supported
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP all ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows rem ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local. ...)
	NOT-FOR-US: FusionZONE CouponZONE
CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in Virtua ...)
	NOT-FOR-US: Virtual War
CVE-2006-XXXX [unixodbc rpath set to /home]
	- unixodbc 2.2.11-11 (bug #358142; low)
	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
CVE-2006-XXXX [fftw rpath set to user home]
	- fftw 2.1.3-17 (bug #358157; low)
	[sarge] - fftw <not-affected> (No rpath set in Sarge)
CVE-2006-XXXX [gauche-config rpath set to user home]
	- gauche 0.8.7-1 (bug #358139; low)
	[sarge] - gauche <not-affected> (gauche-config is a shell script in Sarge)
CVE-2006-XXXX [tcpquota rpath set to user home]
	- tcpquota 1.6.15-11 (bug #358369; low)
	[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell name)
CVE-2006-XXXX [hamlib3-perl rpath set to user home]
	- hamlib 1.2.5-3 (bug #358166; low)
	[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in D ...)
	{DSA-1025-1}
	- dia 0.94.0-18 (bug #360566)
CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...)
	- mediawiki 1.4.15-1
	- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions 3 ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions o ...)
	- php5 5.1.4-0.1 (bug #359907; low)
	- php4 4:4.4.2-1.1 (bug #359904; low)
	[sarge] - php4 <no-dsa> (Application's responsibility to sanitize input)
CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the f ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in re ...)
	NOT-FOR-US: realestateZONE
CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users wi ...)
	NOT-FOR-US: Greymatter
CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files,  ...)
	NOT-FOR-US: Genius VideoCAM NB Driver
CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...)
	NOT-FOR-US: Blazix Web Server
CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1  ...)
	NOT-FOR-US: ConfTool
CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows re ...)
	NOT-FOR-US: PHP Ticket
CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...)
	NOT-FOR-US: WebAlbum
CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-p ...)
	NOT-FOR-US: Serge Rey gtd-php
CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect applic ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce applicat ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the "failed" functionality ...)
	NOT-FOR-US: Raindance Web Conferencing Pro
CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 al ...)
	NOT-FOR-US: Apple
CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allow ...)
	NOT-FOR-US: Apple
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers t ...)
	- openldap2 <not-affected> (Vulnerable code not present)
	- openldap2.2 <removed> (medium)
CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10 ...)
	NOT-FOR-US: Apple
CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before 6 ...)
	NOT-FOR-US: Apple iTunes
CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects  ...)
	NOT-FOR-US: Apple
CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers  ...)
	NOT-FOR-US: Apple
CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers  ...)
	NOT-FOR-US: Apple
CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote  ...)
	NOT-FOR-US: Apple
CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote a ...)
	NOT-FOR-US: Apple
CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote a ...)
	NOT-FOR-US: Apple
CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote  ...)
	NOT-FOR-US: Apple
CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote at ...)
	NOT-FOR-US: Apple
CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloa ...)
	NOT-FOR-US: Apple
CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows  ...)
	NOT-FOR-US: Apple
CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows remot ...)
	NOT-FOR-US: Apple
CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4 ...)
	NOT-FOR-US: Apple
CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a n ...)
	NOT-FOR-US: MySQL Manager
CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ex ...)
	NOT-FOR-US: Apple
CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows re ...)
	NOT-FOR-US: Apple
CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attack ...)
	NOT-FOR-US: Apple
CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cau ...)
	NOT-FOR-US: Apple
CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an applicatio ...)
	NOT-FOR-US: Apple
CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assisti ...)
	NOT-FOR-US: Apple
CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4. ...)
	NOT-FOR-US: Apple
CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 l ...)
	NOT-FOR-US: Apple
CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote a ...)
	NOT-FOR-US: Apple
CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite  ...)
	NOT-FOR-US: Apple
CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enabl ...)
	NOT-FOR-US: Apple
CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Know ...)
	NOT-FOR-US: aphpkb
CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web d ...)
	NOT-FOR-US: UPOINT
CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...)
	NOT-FOR-US: UPOINT
CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in Accounti ...)
	NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria
CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in Annuair ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full p ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE co ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ( ...)
	NOT-FOR-US: CONTROLzx HMS
CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classi ...)
	NOT-FOR-US: classifiedZONE
CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 a ...)
	NOT-FOR-US: phpCOIN
CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3. ...)
	NOT-FOR-US: WebAPP
CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remo ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1 ...)
	NOT-FOR-US: phpmyfamily
CVE-2006-1424
	REJECTED
CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0  ...)
	NOT-FOR-US: UBB.threads
CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calenda ...)
	NOT-FOR-US: PHP Booking Calendar
CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...)
	NOT-FOR-US: AkoComment
CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows rem ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...)
	NOT-FOR-US: nuked-klan
CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris Pla ...)
	NOT-FOR-US: Caloris Planitia E-School Management
CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planiti ...)
	NOT-FOR-US: Caloris Planitia Online Quiz System
CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...)
	NOT-FOR-US: Absolute FAQ Manager .NET
CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2 ...)
	NOT-FOR-US: dotNetBB
CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in To ...)
	NOT-FOR-US: Toast Forums
CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1 ...)
	NOT-FOR-US: EZHomepagePro
CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with  ...)
	NOT-FOR-US: TFT Gallery
CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE  ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute  ...)
	NOT-FOR-US: XIGLA Absolute Live Support
CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers t ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hostin ...)
	NOT-FOR-US: Helm Web Hosting Control Panel
CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx i ...)
	NOT-FOR-US: uniForum
CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite. ...)
	NOT-FOR-US: SweetSuite.NET Content Management System
CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in Blan ...)
	NOT-FOR-US: BlankOL
CVE-2006-1403 (Format string vulnerability in the PrintString function in c_console.c ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows  ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in C ...)
	NOT-FOR-US: Calendar Express
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.a ...)
	NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in Meetin ...)
	NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1. ...)
	NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew a ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Hel ...)
	NOT-FOR-US: WebHost Automation Ltd Helm
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote a ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRA ...)
	{DSA-1089-1}
	- freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier r ...)
	NOT-FOR-US: Solaris
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Ba ...)
	NOT-FOR-US: Cholod
CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Bo ...)
	NOT-FOR-US: Cholod
CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft I ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcook ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in th ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Ser ...)
	NOT-FOR-US: Quick 'n Easy/Baby Web Server
CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...)
	NOT-FOR-US: Shortcoming of Gentoo-specific games packaging
CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B ...)
	NOT-FOR-US: HP-UX
CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows re ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenti ...)
	- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ac ...)
	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in WavePac ...)
	NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the w ...)
	NOT-FOR-US: IBM Tivoli Business Systems Manager
CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 al ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in vBul ...)
	NOT-FOR-US: vBulletin
CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, us ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ( ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.10 ...)
	NOT-FOR-US: Trend Micro
CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May  ...)
	NOT-FOR-US: Baby FTP Server
CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...)
	NOT-FOR-US: Baby FTP Server
CVE-2002-2209 (Unspecified "security vulnerability" in Baby FTP Server versions befor ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak  ...)
	NOT-FOR-US: PasswordSafe
CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog  ...)
	NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the f ...)
	NOT-FOR-US: AdMan
CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
	NOT-FOR-US: AdMan
CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP Li ...)
	NOT-FOR-US: PHP Live!
CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
	NOT-FOR-US: 1WebCalendar
CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows  ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page
CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6. ...)
	NOT-FOR-US: Real Player, according to Real Helix not affected
CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ke ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Mo ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other  ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E39 ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCom ...)
	NOT-FOR-US: Microsoft
CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System (FreeW ...)
	NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 a ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
	NOT-FOR-US: OSWiki
CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow re ...)
	NOT-FOR-US: MusicBox
CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Fire ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, a ...)
	- libvc 003-4
CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissio ...)
	NOT-FOR-US: avast AV
CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remot ...)
	{DSA-1089-1}
	- freeradius 1.1.0-1.2 (bug #359042; high)
CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier  ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ( ...)
	NOT-FOR-US: 99Articles.com
CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Be ...)
	NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaet ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter g ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg Neustaett ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers t ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as use ...)
	NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, an ...)
	{DSA-1184-2 DSA-1097-1}
	- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_ ...)
	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in AnyPor ...)
	NOT-FOR-US: Veritas Backup
CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22  ...)
	NOT-FOR-US: AnyPortal
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows r ...)
	NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to  ...)
	NOT-FOR-US: CuteNews
CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise  ...)
	NOT-FOR-US: MailEnable
CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edi ...)
	NOT-FOR-US: MailEnable
CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0  ...)
	NOT-FOR-US: ExtCalendar
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with AllowD ...)
	- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remot ...)
	NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and ea ...)
	NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain s ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in No ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier  ...)
	NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows rem ...)
	- jabberd2 2.0s11-1 (bug #357874)
CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP Downloa ...)
	NOT-FOR-US: Skull-Splitter PHP
CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote att ...)
	NOT-FOR-US: SoftBB
CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power  ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remot ...)
	NOT-FOR-US: Streber
CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows use ...)
	NOT-FOR-US: WinHKI
CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Netware
CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Off ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-1317
	REJECTED
CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in M ...)
	NOT-FOR-US: Microsoft
CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Wi ...)
	NOT-FOR-US: Microsoft JScript
CVE-2006-1312
	REJECTED
CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1310
	REJECTED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1307
	REJECTED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote att ...)
	NOT-FOR-US: Microsoft
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assis ...)
	NOT-FOR-US: Microsoft
CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5. ...)
	NOT-FOR-US: Microsoft
CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assis ...)
	NOT-FOR-US: Microsoft
CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4,  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1299
	REJECTED
CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server Re ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow loca ...)
	- beagle 0.2.3-1 (bug #357392; low)
CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8 ...)
	- spip 2.0.6-1
CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in Knowled ...)
	NOT-FOR-US: KnowledgebasePublisher
CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS  ...)
	NOT-FOR-US: Contrexx
CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalen ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earl ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Capti ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for  ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost S ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10- ...)
	- libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard (M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBo ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
	- libcgi-session-perl 4.07-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files vi ...)
	- libcgi-session-perl 4.11-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote  ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File Stor ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows re ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: GGZ Gaming Zone
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop priv ...)
	NOT-FOR-US: Antivir
CVE-2006-1273
	NOT-FOR-US: Reportedly problem with a firefox addon
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote atta ...)
	NOT-FOR-US: OxyNews
CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in In ...)
	NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might all ...)
	- zoo 2.10-18 (bug #367858; low)
	[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allow ...)
	NOT-FOR-US: Funkwerk X2300
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions  ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VP ...)
	NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net discu ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 b ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1263 (Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ...)
	- wordpress 2.0.2-1
CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown  ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00  ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read arbi ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1-1 (bug #358812)
CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remo ...)
	NOT-FOR-US: Maian Support
CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows  ...)
	- phpmyadmin 4:2.8.0.2-2 (bug #382228)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce Serv ...)
	NOT-FOR-US: Microsoft
CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boy ...)
	NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook
CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging 5. ...)
	NOT-FOR-US: Mercur Messaging
CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows rem ...)
	NOT-FOR-US: BorderWare MXtreme
CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote atta ...)
	NOT-FOR-US: glFTPd
CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2  ...)
	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3  ...)
	NOT-FOR-US: Winmail
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B. ...)
	NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows l ...)
	NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 al ...)
	NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900. ...)
	NOT-FOR-US: Microsoft
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp P ...)
	NOT-FOR-US: NeLogic Nephp Publisher
CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploi ...)
	NOT-FOR-US: Echelog
CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...)
	NOT-FOR-US: NetBSD
CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s0508 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows r ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote aut ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote aut ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow lo ...)
	NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tu ...)
	NOT-FOR-US: TuxBank
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka  ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated use ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2005-XXXX [xsupplicant information leak]
	- xsupplicant 1.0.1-5 (bug #317703; low)
CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as u ...)
	{DSA-1019-1 DSA-982-1}
	- xpdf <not-affected> (All issues previously fixed)
	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
	- gpdf 2.10.0-3
	- koffice 2.3.3-1
	NOTE: xpdf (and therewith the questionable code) is not part of koffice for some time now
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog  ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2. ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-4
CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbser ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in  ...)
	NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disa ...)
	NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic ...)
	NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the S ...)
	NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
	NOT-FOR-US: Tivoli
CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
	{DSA-1009-1}
	- crossfire 1.9.0-2 (medium)
CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost 1 ...)
	NOT-FOR-US: HitHost
CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with magic_ ...)
	NOT-FOR-US: DSCounter
CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow re ...)
	NOT-FOR-US: WMNews
CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_q ...)
	NOT-FOR-US: DSDownload
CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, al ...)
	- capi4hylafax <not-affected> (Affected DEFINE not defined)
CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in v ...)
	NOT-FOR-US: vCard
CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 (H ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x  ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is  ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8  ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x be ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows  ...)
	NOT-FOR-US: GuppY
CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1. ...)
	NOT-FOR-US: Jupiter Content Manager
CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 p ...)
	NOT-FOR-US: zeroboard
CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service (VSMON.e ...)
	NOT-FOR-US: TrueVector
CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
	NOT-FOR-US: PEAR Text_Password
CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
	- darcsweb 0.15-1
CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac O ...)
	NOT-FOR-US: MacOS X
CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2. ...)
	- gallery2 2.0.4-1
CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3. ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to e ...)
	NOT-FOR-US: DSPoll
CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x  ...)
	NOT-FOR-US: Runcms
CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burnin ...)
	NOT-FOR-US: Woltlab BB
CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denia ...)
	NOT-FOR-US: UnrealIRCd
CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier allow ...)
	NOT-FOR-US: JiRo's Banner System Experience and Professional
CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows r ...)
	NOT-FOR-US: CoreNews
CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL data ...)
	NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 i ...)
	NOT-FOR-US: Tivoli
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive infor ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute a ...)
	NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with insuf ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedde ...)
	- dropbear 0.48-1
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBlo ...)
	NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4- ...)
	NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum 1.0.4- ...)
	NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0  ...)
	NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net phpBann ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave Lin ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a pa ...)
	NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with in ...)
	NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 a ...)
	NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly i ...)
	NOT-FOR-US: Microsoft
CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 thro ...)
	NOT-FOR-US: Microsoft
CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1187
	REJECTED
CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the i ...)
	- base-config <not-affected> (UBuntu specific)
	- shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Docum ...)
	NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
	RESERVED
CVE-2006-1180
	RESERVED
CVE-2006-1179
	RESERVED
CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Tamarack MMSd
CVE-2006-1177
	RESERVED
CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
	NOT-FOR-US: eBay Enhanced Picture Services
CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scr ...)
	NOT-FOR-US: WeOnlyDo! SFTP
CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions befo ...)
	- shadow 1:4.0.15-10 (low)
	[sarge] - shadow <not-affected> (Vulnerable code was introduced later)
CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of se ...)
	{DSA-1155}
	- sendmail 8.13.7-1 (low; bug #373801)
CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in Cryptomath ...)
	NOT-FOR-US: ActiveX control
CVE-2006-1171
	REJECTED
CVE-2006-1170
	REJECTED
CVE-2006-1169
	REJECTED
CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...)
	{DSA-1149-1}
	- ncompress 4.2.4-16
CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the las ...)
	NOT-FOR-US: SGI
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
	- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
	NOT-FOR-US: Nodez
CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remot ...)
	NOT-FOR-US: Nodez
CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows  ...)
	NOT-FOR-US: Nodez
CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web S ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) We ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2  ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script be ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site Members ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic Ne ...)
	NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...)
	NOT-FOR-US: D2-Shoutbox
CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 a ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automaticall ...)
	- teg 0.11.1-3 (bug #357645; low)
	[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intr ...)
	NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function  ...)
	- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Editio ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in A ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in acebot_cmd ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remot ...)
	NOT-FOR-US: Hit Host
CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 all ...)
	NOT-FOR-US: FTPoed Blog Engine
CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows r ...)
	NOT-FOR-US: Ravenous Web Server
CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows rem ...)
	- qmailadmin <removed> (bug #357896; medium)
CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote at ...)
	NOT-FOR-US: RedBLoG
CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox Copy ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre a ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox Wor ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox Copy ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 all ...)
	NOT-FOR-US: sBlog
CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quot ...)
	NOT-FOR-US: CyBoards
CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 all ...)
	NOT-FOR-US: vbzoom
CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote at ...)
	NOT-FOR-US: vbzoom
CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS  ...)
	NOT-FOR-US: bitweaver
CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows rem ...)
	NOT-FOR-US: EKINboard
CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows re ...)
	NOT-FOR-US: EKINboard
CVE-2005-4729 (SQL injection vulnerability in show.php in VBZooM Forum allows remote  ...)
	NOT-FOR-US: VBZooM
CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory c ...)
	- monotone 0.26pre1-0.1 (low)
	[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
	NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class (Galle ...)
	- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allo ...)
	- gallery2 2.0.3
CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP addres ...)
	- gallery2 2.0.3
CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Every ...)
	NOT-FOR-US: Grisoft AVG
CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote at ...)
	NOT-FOR-US: RevilloC MailServer and Proxy
CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0 ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remo ...)
	NOT-FOR-US: CuteNews
CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1. ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...)
	NOT-FOR-US: Cpanel (PHP)
CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows remo ...)
	NOT-FOR-US: Aardvark
CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) n ...)
	NOT-FOR-US: nCipher
CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 t ...)
	NOT-FOR-US: nCipher
CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/pri ...)
	NOT-FOR-US: nCipher
CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 a ...)
	NOT-FOR-US: Loudblog
CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 all ...)
	NOT-FOR-US: Loudblog
CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows rem ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...)
	NOT-FOR-US: Total Ecommerce
CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allow ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe befor ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and e ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain con ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ear ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube  ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in Sauerbrate ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remo ...)
	NOT-FOR-US: logIT
CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce  ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2 ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1096
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in Mod_pyt ...)
	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltl ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process fil ...)
	NOT-FOR-US: Solaris
CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an unspe ...)
	NOT-FOR-US: PunBB
CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...)
	NOT-FOR-US: PunBB
CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potent ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1086
	REJECTED
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlie ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and  ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
	NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan Beck ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2. ...)
	NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products suc ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable, but source contains note about
	NOTE: not being safe for sudo
	NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, a ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary  ...)
	NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic  ...)
	NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason Boe ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers  ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog 1.0 ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1 ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestboo ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x be ...)
	NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote at ...)
	NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote attack ...)
	NOT-FOR-US: VXWorks
CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems wi ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and  ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote atta ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier all ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 a ...)
	- curl 7.15.3-1
	[woody] - curl <not-affected> (Vulnerable code not present)
	[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
	{DSA-1038-1 DSA-1037-1}
	- xzgv 0.8-5.1 (bug #362288; medium)
	- zgv 5.9-2
CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trus ...)
	- samba 3.0.22-1
	[woody] - samba <not-affected>
	[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which mak ...)
	- busybox 1:1.1.3-1 (low; bug #360578)
	[woody] - busybox <not-affected>
	[sarge] - busybox <not-affected>
CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local use ...)
	{DSA-1040-1}
	- gdm 2.14.4-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running  ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
	- kfreebsd-5 5.4-17
	- xen-3.0 3.0.2+hg9656-1
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12  ...)
	- linux-2.6 2.6.16-6
CVE-2006-1054
	REJECTED
CVE-2006-1053
	RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows  ...)
	{DSA-1184-2}
	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
	NOT-FOR-US: Akurru Social BookMarking Engine
CVE-2006-1050
	NOT-FOR-US: Kwik-Pay Payroll
CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian G ...)
	- amaya 9.4-1 (bug #341424)
	[sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set)
CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little e ...)
	- runit 1.4.1-1 (bug #356016; medium)
	[sarge] - runit <not-affected>
CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in J ...)
	NOT-FOR-US: Joomla!
CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access r ...)
	NOT-FOR-US: Joomla!
CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login functionality" in  ...)
	NOT-FOR-US: Joomla!
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial o ...)
	- monopd 0.9.3-2 (bug #355797; low)
	[sarge] - monopd <no-dsa> (Very minor security ramifications)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ...)
	{DSA-1051-1 DSA-1046-1}
	- thunderbird 1.5.0.2-1
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSER ...)
	NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microso ...)
	NOT-FOR-US: Microsoft
CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...)
	NOT-FOR-US: Gregarius
CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...)
	NOT-FOR-US: Gregarius
CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...)
	NOT-FOR-US: vBulletin
CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote att ...)
	NOT-FOR-US: SAP
CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and  ...)
	NOT-FOR-US: SecureCRT
CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and e ...)
	NOT-FOR-US: Oracle
CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module  ...)
	NOT-FOR-US: Oracle
CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ear ...)
	NOT-FOR-US: Oracle
CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS b ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
	NOT-FOR-US: phpRPC
CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...)
	NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allo ...)
	NOT-FOR-US: Joomla!
CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in class.inputfilter.ph ...)
	NOT-FOR-US: Joomla!
CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any a ...)
	NOT-FOR-US: JFacets
CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft Stor ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 P ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage (SM ...)
	NOT-FOR-US: HP System Management
CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uye ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Foru ...)
	NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1  ...)
	NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03  ...)
	NOT-FOR-US: DCI-Design Dawaween
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x  ...)
	NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet Explore ...)
	NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x appl ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <removed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x applicatio ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <removed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka S ...)
	NOT-FOR-US: SMartBlog
CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ver ...)
	- wordpress 2.0.1-1
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...)
	NOT-FOR-US: LetterMerger
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ol ...)
	{DSA-1001-1}
	- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
	NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1 ...)
	NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remo ...)
	NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard bef ...)
	NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote attack ...)
	NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parod ...)
	NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall Ro ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of super_user ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty I ...)
	NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 an ...)
	NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...)
	NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...)
	NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...)
	NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5. ...)
	- php4 4:4.4.4-1 (bug #361853; unimportant)
	- php5 5.1.4-0.1 (bug #361914; unimportant)
	NOTE: Non-issue, explicit debug feature
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions befor ...)
	NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows  ...)
	NOT-FOR-US: Sophos
CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before 2. ...)
	NOT-FOR-US: 3Com
CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 P ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon (bp ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in Veri ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server  ...)
	NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when configured ...)
	- bind <unfixed> (bug #355787; unimportant)
	- bind9 1:9.4.0-1 (bug #356266; unimportant)
	NOTE: This is within the responsibilities of a local admin, especially when
	NOTE: operating a DNS server, affected sites can configure AllowRecursion
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain sensitiv ...)
	- wordpress 2.0.2-1 (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post comme ...)
	- wordpress 2.0.2-1 (bug #355055; medium)
CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...)
	NOT-FOR-US: EJ3 TOPo not in debian
CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)
	NOT-FOR-US: QWikiWiki not in debian
CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circ ...)
	NOT-FOR-US: McAfee Virex 7.7 for Macintosh
CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier al ...)
	NOT-FOR-US: WinAce
CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI  ...)
	NOT-FOR-US: Jay Eckles CGI Calendar
CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...)
	NOT-FOR-US: Nidelven IT Issue Dealer
CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View Header ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts a ...)
	NOT-FOR-US: MTS Pro
CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris Her ...)
	NOT-FOR-US: SPiD
CVE-2006-0975
	REJECTED
CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe b ...)
	NOT-FOR-US: bttlxeForum 2.0
CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State Univers ...)
	NOT-FOR-US: phpWebSite
CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News 2 ...)
	NOT-FOR-US: Tony Baird Fantastic News
CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b  ...)
	NOT-FOR-US: DirectContact
CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more Ac ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de P ...)
	NOT-FOR-US: PixelArtKingdom TopSites
CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 B ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build  ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to  ...)
	- stlport5 5.0.2-1 (bug #358471; medium)
CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to exe ...)
	NOT-FOR-US: VuBB
CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows re ...)
	NOT-FOR-US: Cilem Hiber
CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote attacke ...)
	NOT-FOR-US: Compex NetPassage WPE54G router
CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ZoneO-So ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS soc ...)
	- nufw 1.0.23-1 (bug #358475; low)
CVE-2006-0955
	RESERVED
CVE-2006-0954
	RESERVED
CVE-2006-0953
	RESERVED
CVE-2006-0952
	RESERVED
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the  ...)
	NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary files ...)
	- unalz 0.55-1 (bug #356832; low)
	[sarge] - unalz <no-dsa> (Minor issue)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of sc ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other versio ...)
	NOT-FOR-US: AOL
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote atta ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems  ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel  ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in Pws ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibl ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Sho ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0940 (Multiple direct static code injection vulnerabilities in savesettings. ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attacker ...)
	NOT-FOR-US: DCI-Taskeen
CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earli ...)
	- ezpublish <removed>
CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
	{DSA-1109}
	- rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allo ...)
	- webcheck 1.9.6
CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: U.N.U. Mailgust
CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...)
	NOT-FOR-US: Free Host Shop Website Generator
CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Microsoft
CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 all ...)
	NOT-FOR-US: webinsta Limbo
CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote a ...)
	NOT-FOR-US: PHPX
CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archiv ...)
	NOT-FOR-US: zip.lib.php
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other  ...)
	- php5 <removed> (bug #368545; unimportant)
	- php4 <removed> (bug #368545; unimportant)
	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
	NOTE: in any application not checking for such archives.
	NOTE: Lack of a security feature is not a vulnerability
CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server P ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail  ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attacker ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS- ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt Standar ...)
	NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8 ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allow ...)
	NOT-FOR-US: iCal
CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...)
	NOT-FOR-US: MyPHPNuke
CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an  ...)
	NOT-FOR-US: CubeCart
CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in FCKed ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP pas ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! E ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...)
	NOT-FOR-US: The Bat!
CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, aut ...)
	NOT-FOR-US: Melange Chat Server
CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences i ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the (1 ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly hand ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Oreka
CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote atta ...)
	NOT-FOR-US: WhatsUp Professional
CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers t ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers t ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injecti ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
	NOT-FOR-US: D3Jeeb Pro
CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1 ...)
	- kfreebsd-5 5.4-16
CVE-2006-0904
	REJECTED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging mechanis ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
	RESERVED
CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and  ...)
	NOT-FOR-US: Solaris
CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial o ...)
	- kfreebsd-5 5.4-15
CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ea ...)
	NOT-FOR-US: 4Images
CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode ...)
	{DSA-996-1}
	- libcrypt-cbc-perl 2.17-1
CVE-2006-0897
	NOT-FOR-US: VCS Virtual Program Management Intranet
CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in Si ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation pa ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1. ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with pre ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used  ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remo ...)
	NOT-FOR-US: Calcium
CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation  ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library (PHPL ...)
	NOT-FOR-US: PHPLIB
CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ma ...)
	NOT-FOR-US: DEV web management system
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews  ...)
	NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ...)
	{DSA-1051-1 DSA-1046-1}
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
	- mozilla 2:1.7.13-0.1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ver ...)
	- xscreensaver 4.21-1
	NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
	NOTE: in the Sarge version --jmm
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) dri ...)
	- xscreensaver 4.15-1
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not prope ...)
	- openssh 1:3.8.1p1-4
	[woody] - openssh <not-affected>
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in No ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds 1 ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the installat ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote att ...)
	NOT-FOR-US: Easy Forum
CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ser ...)
	{DSA-1061-1}
	- popfile 0.22.4-1 (bug #354464; medium)
CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 all ...)
	NOT-FOR-US: runCMS
CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerc ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in Coppermi ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in Mamb ...)
	- mambo 4.5.3h-1 (bug #354468)
	NOTE: only in experimental
CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke CMS
CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in live ...)
	NOT-FOR-US: PHP PEAR LiveUser
CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth Con ...)
	- php-auth 1.2.4-0.1 (bug #354474)
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...)
	NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute forc ...)
	NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cook ...)
	NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attacker ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Sol ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows rem ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer  ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows rem ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
	NOT-FOR-US: StarForce Safe'n'Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...)
	NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21  ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
	{DSA-991-1}
	- zoo 2.10-17 (bug #354461)
CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive Poi ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA ...)
	NOT-FOR-US: TrueNorth Internet Anywhere
CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook 1.2 ...)
	NOT-FOR-US: Admbook
CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and  ...)
	NOT-FOR-US: ilchClan
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ilch ...)
	NOT-FOR-US: ilchClan
CVE-2006-0849
	RESERVED
CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple Ma ...)
	NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in Che ...)
	- cherrypy2.1 2.1.1-1 (bug #353542)
	- python-cherrypy 2.1.1-1 (bug #354479)
CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright' ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with admin ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when aut ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files u ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows  ...)
	NOT-FOR-US: Calacode @Mail
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4  ...)
	{DSA-1133-1}
	- mantis 0.19.4-3.1 (bug #378353)
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly h ...)
	{DSA-944-1}
	- mantis 1.0
	NOTE: This was actually fixed upstream in Mantis 1.0.0rc5,
	NOTE: which was never uploaded.
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly rea ...)
	- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3 in sid)
CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwo ...)
	NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable perm ...)
	NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an uns ...)
	NOTE: Denial of service by tricking someone into importing a manipulated LDIF file
	NOTE: That's a bug, but calling it a security problem is very far-fetched
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar P ...)
	NOT-FOR-US: MitriDAT Web Calendar
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ad ...)
	NOT-FOR-US: Uniden UIP1868P VoIP Telephone
CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Direc ...)
	NOT-FOR-US: Barracuda Directory
CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow  ...)
	NOT-FOR-US: WPC.easy
CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi  ...)
	NOT-FOR-US: Tasarim Rehberi
CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remot ...)
	NOT-FOR-US: E-Blah Platinum
CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer W ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and Micr ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer W ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and Mi ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4. ...)
	NOT-FOR-US: Geeklog
CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr ...)
	NOT-FOR-US: Geeklog
CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17  ...)
	NOT-FOR-US: EmuLinker Kaillera Server
CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote a ...)
	NOT-FOR-US: BXCP
CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 al ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source c ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Serv ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail Serv ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...)
	NOT-FOR-US: Orion Application Server
CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script  ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
	NOT-FOR-US: Lighttpd under windows
CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted attacke ...)
	NOT-FOR-US: WinACE
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4 ...)
	NOT-FOR-US: WinACE VisNetic AntiVirus
CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before  ...)
	NOT-FOR-US: gBook
CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...)
	- squid 2.5.6
CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
	NOT-FOR-US: Skate Board
CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows remo ...)
	NOT-FOR-US: Skate Board
CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
	NOT-FOR-US: Skate Board
CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service (message ...)
	NOT-FOR-US: MUTE
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word Proces ...)
	NOT-FOR-US: NJStar
CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as  ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #358872; medium)
	- moodle 1.6.1+20060825-1 (bug #360396; medium)
	- cacti 0.8.6d-1 (medium)
	NOTE: according to maintainer, "Moodle neither uses nor plans to use
	NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for
	NOTE: it anyway, just in case somebody decides to use it out of the blue
CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed chall ...)
	NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to exe ...)
	- tin 1:1.8.2-1
	[sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online Update (YO ...)
	NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module fo ...)
	NOT-FOR-US: PostNuke
CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke 0. ...)
	NOT-FOR-US: PostNuke
CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote at ...)
	NOT-FOR-US: PostNuke
CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a legitim ...)
	NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in Ma ...)
	NOT-FOR-US: Macallan Mail Solution
CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 a ...)
	NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the inst ...)
	NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phi ...)
	NOT-FOR-US: V-webmail
CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php i ...)
	NOT-FOR-US: V-webmail
CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost Host ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0789 (Certain unspecified Kyocera printers have a default "admin" account wi ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows remo ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earl ...)
	NOT-FOR-US: Plaino Wimpy
CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Rele ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 R ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers  ...)
	NOT-FOR-US: D-Link hardware
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe B ...)
	NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier a ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and e ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in Pe ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9. ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 al ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 all ...)
	NOT-FOR-US: BirthSys
CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library  ...)
	NOT-FOR-US: DB_eSession
CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - C ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container 02-0 ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used b ...)
	NOT-FOR-US: PunkBuster
CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletin ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Kadu
CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive inform ...)
	- cgiwrap 3.9-3.1
	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance of users on a system)
CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, an ...)
	NOT-FOR-US: ICQ
CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis)  ...)
	NOT-FOR-US: ICQ
CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in  ...)
	NOT-FOR-US: Cisco
CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cP ...)
	NOT-FOR-US: cPanel (not the same as in the cpanel package)
CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized a ...)
	NOT-FOR-US: WinAbility Folder Guard
CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...)
	NOT-FOR-US: LightTPD on windows
CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier all ...)
	NOT-FOR-US: HiveMail
CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 an ...)
	NOT-FOR-US: HiveMail
CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier al ...)
	NOT-FOR-US: HiveMail
CVE-2006-0756 (** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and ...)
	NOT-FOR-US: dotProject
CVE-2006-0755 (** DISPUTED ** Multiple PHP remote file include vulnerabilities in dot ...)
	NOT-FOR-US: dotProject
CVE-2006-0754 (** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: dotProject
CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pa ...)
	NOT-FOR-US: Microsoft
CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fr ...)
	- honeyd 1.5a-1 (bug #353064; low)
	[sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in USErspac ...)
	NOT-FOR-US: Network Object Oriented File System (NOOFS)
CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) Ar ...)
	NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (high)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
	- xulrunner 1.8.0.1-9
CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ca ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
	{DSA-1008-1}
	- kdegraphics 4:3.5.0-3
	NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ina ...)
	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
	- xorg-server 1:1.0.2-1 (bug #378465; medium)
	- xfree86 <not-affected>
CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical retu ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net 1 ...)
	NOT-FOR-US: Log4Net
CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ke ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0740
	RESERVED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow r ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication modul ...)
	NOT-FOR-US: pam_micasa / Novell
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows remot ...)
	NOT-FOR-US: MUTE
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ac ...)
	NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows rem ...)
	NOT-FOR-US: PhpTagCool
CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick 6 ...)
	{DSA-1168-1}
	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML: ...)
	NOT-FOR-US: My Blog
CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...)
	NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2 ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 a ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earl ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow  ...)
	- dovecot 1.0.beta3-1 (bug #353341; medium)
	[sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1)
CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allo ...)
	NOT-FOR-US: Teca Diary
CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and earl ...)
	NOT-FOR-US: webSPELL
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFM ...)
	NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dr ...)
	NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1. ...)
	NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registe ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday Ente ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when regist ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allow ...)
	NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows us ...)
	NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds 6.1 ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VS ...)
	NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote at ...)
	NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote at ...)
	NOT-FOR-US: sNews
CVE-2006-0714 (Directory traversal vulnerability in the installation file (sql/instal ...)
	- flyspray <not-affected> (Vulnerable code not included in Debian)
CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote attacker ...)
	NOT-FOR-US: LinPHA
CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly va ...)
	NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl i ...)
	NOT-FOR-US: NeoMail
CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 a ...)
	NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a  ...)
	{DSA-995-1}
	- metamail 2.7-51 (bug #352482; bug #353539)
CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow re ...)
	NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows rem ...)
	- pyblosxom 1.3.2-1 (high)
	[sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in G&#228;stebuch (G ...)
	NOT-FOR-US: Gaestebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various S ...)
	NOT-FOR-US: Proprietary SFTP servers
CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error pag ...)
	NOT-FOR-US: iE Integrator
CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown im ...)
	NOT-FOR-US: imageVue
CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ar ...)
	NOT-FOR-US: imageVue
CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list direct ...)
	NOT-FOR-US: imageVue
CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission sett ...)
	NOT-FOR-US: imageVue
CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1. ...)
	NOT-FOR-US: QWikiWiki
CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote atta ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, w ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote att ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which a ...)
	NOT-FOR-US: Ansilove
CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove befo ...)
	NOT-FOR-US: Ansilove
CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
	NOT-FOR-US: Roberto Butti CALimba
CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Times ...)
	NOT-FOR-US: Carey Briggs Timesheet
CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that th ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3 ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in T ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0688 (PHP remote file include vulnerability in application.php in nicecoder. ...)
	NOT-FOR-US: nicecoder.com indexu
CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo vari ...)
	NOT-FOR-US: DocMGR
CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earl ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control Syste ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 a ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control Sy ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system  ...)
	NOT-FOR-US: e107
CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
	NOT-FOR-US: powerd
	NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote a ...)
	NOT-FOR-US: WebGUI
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0. ...)
	NOTE: Only vulnerable when compiled with asserts
	- postgresql <unfixed> (unimportant)
	- postgresql-8.0 8.0.7-1 (unimportant)
	- postgresql-8.1 8.1.3-1 (unimportant)
CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allo ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ob ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to  ...)
	{DSA-1044-1}
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6  ...)
	NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote  ...)
	NOT-FOR-US: Hitachi TP1
CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows re ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5. ...)
	NOT-FOR-US: SiteFrame
CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L ...)
	NOT-FOR-US: IBM AIX
CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic Calen ...)
	NOT-FOR-US: Magic Calendar Lite
CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0 ...)
	NOT-FOR-US: HP PSC 1210 All-in-One printer
CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ph ...)
	NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to  ...)
	{DSA-990-1}
	- bluez-hcidump 1.30-1 (bug #351881; medium)
CVE-2006-0669
	NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary fi ...)
	NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels i ...)
	NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) manage_proj_c ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iN ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21  ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earl ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ear ...)
	NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 a ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moin 1.5.8-4.1
	[etch] - moin <not-affected> (Vulnerable php code not present)
	- karrigell <not-affected> (Vulnerable php code not present)
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Cale ...)
	NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 th ...)
	NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate passwo ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions t ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote attack ...)
	NOT-FOR-US: vwdev
CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPA ...)
	NOT-FOR-US: CPAINT
CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...)
	NOT-FOR-US: DataparkSearch
CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2 ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstance ...)
	- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2 ...)
	{DSA-986-1 DSA-985-1}
	- libtasn1-2 <removed> (bug #352182; bug #365234)
	NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
	- libtasn1-3 0.3.4-1
	- gnutls13 1.3.5-1
	- gnutls12 1.2.11-1
	- gnutls11 <removed>
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...)
	NOT-FOR-US: OpenVMPS
CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6 ...)
	- pam-mysql 0.6.2-1 (bug #353589; low)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper  ...)
	NOT-FOR-US: Handicapper
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
	- dpkg-sig 0.13 (bug #352723; low)
	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ins ...)
	- pioneers 0.9.55-1 (bug #351986; medium)
	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in CPG-Nuk ...)
	NOT-FOR-US: CPG-Nuke Dragonfly CMS
CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Confere ...)
	NOT-FOR-US: WiredRed e/pop Web Conferencing
CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Secur ...)
	NOT-FOR-US: Trend Micro
CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP  ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to d ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows re ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the  ...)
	NOT-FOR-US: eyeOS
CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i&gt;sizeof(i ...)
	- tcc 0.9.24~cvs20070502-1 (bug #352202; low)
	[sarge] - tcc <no-dsa> (Only incorrect code gen, hardly any production use)
	[etch] - tcc <no-dsa> (Documented as insecure; only incorrect code gen, hardly any production use)
CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent ...)
	NOT-FOR-US: Borland C++Builder
CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board (IP ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently rando ...)
	- phpbb2 2.0.20 (low)
	[sarge] - phpbb2 <no-dsa> (Minor issue)
	NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against
	NOTE: brute-force password guessing and as password seeding is based on milliseconds
	NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
	NOTE: instead of a million
	NOTE: Fixed in 2.0.20
CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailbac ...)
	NOT-FOR-US: Erik C. Thauvin mailback
CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers fr ...)
	NOT-FOR-US: The Bat!
CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allo ...)
	NOT-FOR-US: AIM
CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute a ...)
	NOT-FOR-US: Dale Ray MyQuiz
CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager  ...)
	NOT-FOR-US: Whomp Real Estate Manager
CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable p ...)
	NOT-FOR-US: QNX
CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of servic ...)
	NOT-FOR-US: QNX
CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...)
	NOT-FOR-US: QNX
CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...)
	NOT-FOR-US: QNX
CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...)
	NOT-FOR-US: QNX
CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 a ...)
	NOT-FOR-US: QNX
CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Updat ...)
	NOT-FOR-US: Sun Java
CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ear ...)
	NOT-FOR-US: Sun Java
CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Updat ...)
	NOT-FOR-US: Sun Java
CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ear ...)
	NOT-FOR-US: Sun Java
CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...)
	NOT-FOR-US: Sun Java
CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain privilege ...)
	- powersave 0.11.2-1
CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and earli ...)
	NOT-FOR-US: @Mail
CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...)
	NOT-FOR-US: 2200net Calender system
CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design p ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allo ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when cer ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allo ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain  ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton  ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg Guestboo ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0601
	RESERVED
CVE-2006-0596
	RESERVED
CVE-2006-0595
	RESERVED
CVE-2006-0594
	RESERVED
CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allo ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products an ...)
	NOT-FOR-US: AutoCAD
CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attacke ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7  ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
	NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and Free ...)
	NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian
CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: MyTopix
CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: MyTopix
CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remo ...)
	NOT-FOR-US: MyTopix
CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allo ...)
	- gallery 1.5.2-pl2-1
CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before  ...)
	NOT-FOR-US: Oracle
CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 wit ...)
	NOT-FOR-US: PeopleSoft People Tools
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and  ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0. ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allow ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in dem ...)
	- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
	NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CO ...)
	NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by  ...)
	NOT-FOR-US: Lexmark printer
CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...)
	- oprofile 0.9.1-9 (bug #352910; low)
	[sarge] - oprofile <no-dsa> (requires sudo access to be vulnerable)
CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to c ...)
	- fcron <not-affected> (Not included in Debian package)
CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ear ...)
	NOT-FOR-US: cPanel
CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to identif ...)
	NOT-FOR-US: phpstatus
CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 a ...)
	NOT-FOR-US: phpstatus
CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magi ...)
	NOT-FOR-US: phpstatus
CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2. ...)
	NOT-FOR-US: Papoo
CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze all ...)
	NOT-FOR-US: Outblaze
CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...)
	NOT-FOR-US: Xaraya
CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote  ...)
	NOT-FOR-US: Communigate Pro
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in L ...)
	NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702. ...)
	NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allo ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut  ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ad ...)
	NOT-FOR-US: Cisco
CVE-2006-0560
	REJECTED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield 4. ...)
	NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not s ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0556
	REJECTED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial  ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitiv ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to  ...)
	- postgresql-8.1 8.1.3-1
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow re ...)
	NOT-FOR-US: Oracle
CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in O ...)
	NOT-FOR-US: Oracle
CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ex ...)
	NOT-FOR-US: Oracle
CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application availa ...)
	NOT-FOR-US: Strange app at www.egeinternet.com
CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
	NOT-FOR-US: UBB.threads
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0)  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb Guest ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1. ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
	- fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ena ...)
	NOT-FOR-US: IronMail
CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange  ...)
	NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
	NOT-FOR-US: NeoMail
CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community Serve ...)
	NOT-FOR-US: Community Server
CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: CyberShop Ultimate E-commerce
CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
	NOT-FOR-US: cPanel
	NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker  ...)
	NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestB ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Buil ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Buil ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly  ...)
	- evolution 2.2.3-4 (low)
	[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
	[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allo ...)
	- bind 1:8.4.7-1 (low)
	[sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix)
	NOTE: BIND 8 is unsuitable for forwarder use because of its
	NOTE: architecture. Upgrade to BIND 9 as a fix.
	NOTE: This was fixed in sid by documenting it as an unfixable design limitation
CVE-2006-0526 (The default configuration of the America Online (AOL) client software  ...)
	NOT-FOR-US: AOL
CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator  ...)
	NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashau ...)
	NOT-FOR-US: Derek Ashauer ashnews
CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows r ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec  ...)
	NOT-FOR-US: Symantec Sygate Management Server
CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM  ...)
	NOT-FOR-US: Browser CRM
CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 fo ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows rem ...)
	- spip 2.0.6-1 (medium; bug #351336)
CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...)
	- spip 2.0.6-1 (medium; bug #351335)
CVE-2006-0517 (Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_f ...)
	- spip 2.0.6-1 (medium; bug #351334)
CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ...)
	- spip 2.0.6-1 (medium; bug #352076)
	NOTE: http://www.securityfocus.com/bid/16556
CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and  ...)
	- spip 2.0.6-1 (medium; bug #352077)
	NOTE: http://www.securityfocus.com/bid/16551
CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 bi ...)
	NOT-FOR-US: Solaris
CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x b ...)
	NOT-FOR-US: Cisco
CVE-2006-0514
	RESERVED
CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server P ...)
	NOT-FOR-US: Tivoli
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which allow ...)
	{DSA-1187-1}
	- migrationtools 46-2.1 (bug #338920; medium)
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not prop ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allow ...)
	NOT-FOR-US: Daffodil
CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in  ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-0508 (Easy CMS stores the images directory under the web document root with  ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow  ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1. ...)
	NOT-FOR-US: Nuked-klaN
CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to c ...)
	NOT-FOR-US: Zbattle
CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2  ...)
	NOT-FOR-US: MailEnable Enterprise Edition
CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows rem ...)
	NOT-FOR-US: MailEnable Professional Edition
CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows  ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document r ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 m ...)
	NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package)
CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...)
	NOT-FOR-US: JBoss Enterprise Java Beans
CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...)
	NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client)
CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 al ...)
	NOT-FOR-US: Derek Ashauer ashNews
CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before  ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow rem ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibl ...)
	- iceweasel 3.0-1 (unimportant; bug #349339)
	- mozilla-firefox <removed> (unimportant; bug #349339)
	- iceape <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: This is not a direct vulnerability, but rather the lack of protection
	NOTE: for shooting into own's own foot, so we should treat it as a security
	NOTE: enhancement bug and not as a vulnerability.
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to Favorite ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 a ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Min ...)
	NOT-FOR-US: MG2
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote atta ...)
	NOT-FOR-US: Calendarix
CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4  ...)
	NOT-FOR-US: SZUserMgnt
CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...)
	NOT-FOR-US: ASPThai Forums
CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6 ...)
	NOT-FOR-US: mIRC
CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS applica ...)
	NOT-FOR-US: Microsoft
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email Fire ...)
	NOT-FOR-US: Tumbleweed MailGate Email Firewall
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance rele ...)
	NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S bef ...)
	NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE CONTR ...)
	NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7 ...)
	NOT-FOR-US: Cisco
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng 1.2 ...)
	- libpng 1.2.8rel-3 (bug #352902; bug #352918)
	[sarge] - libpng <not-affected> (Only 1.2.7 affected)
	[woody] - libpng <not-affected> (Only 1.2.7 affected)
	[sarge] - libpng3 1.2.8rel-1
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in sPa ...)
	NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allow ...)
	NOT-FOR-US: PmWiki
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
	NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remot ...)
	- git-core 1.1.5-1 (bug #350274)
CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to exe ...)
	NOT-FOR-US: Winamp
CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows remo ...)
	NOT-FOR-US: PHP-Ping
CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers  ...)
	NOT-FOR-US: Shareaza
CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in web ...)
	NOT-FOR-US: My little homepage
CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...)
	NOT-FOR-US: My little homepage
CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in fun ...)
	NOT-FOR-US: My little homepage
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBo ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possib ...)
	NOT-FOR-US: uebimiau
	NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ca ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before  ...)
	NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers  ...)
	NOT-FOR-US: Windows Tomcat vulnerability
CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in IP ...)
	NOT-FOR-US: IPBProArcade
CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun Solar ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) o ...)
	NOT-FOR-US: TellMe
CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows remo ...)
	NOT-FOR-US: TellMe
CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier all ...)
	NOT-FOR-US: TellMe
CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local u ...)
	NOT-FOR-US: Microsoft
CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP key ...)
	NOT-FOR-US: Microsoft
CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain B ...)
	NOT-FOR-US: WebGUI
CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to caus ...)
	- gaim-encryption 3.0~beta5-3 (low; bug #337127)
	[sarge] - gaim-encryption <no-dsa> (Minor issue)
CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5 ...)
	NOT-FOR-US: mroovca
CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
	NOT-FOR-US: NetBSD
CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation priv ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes i ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail a ...)
	NOT-FOR-US: PunBB
CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's I ...)
	NOT-FOR-US: PunBB
CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.p ...)
	NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when  ...)
	NOTE: see CVE-2005-4684
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	[sarge] - mozilla <no-dsa> (Hardly exploitable)
	- xulrunner <unfixed> (unimportant)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS re ...)
	NOTE: http://www.redhat.com/archives/fedora-extras-commits/2006-August/msg01104.html says "ignore (kdebase) not fixed upstream, low, can't fix"
	- kdebase <unfixed> (unimportant)
	[sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of /etc ...)
	- migrationtools 46-2.1 (bug #338920; unimportant)
	NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView  ...)
	NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allo ...)
	NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote attack ...)
	NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the U ...)
	NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the Addition ...)
	NOT-FOR-US: osCommerce
CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null termi ...)
	- exiv2 0.9
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute a ...)
	NOT-FOR-US: VMware
CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.4 ...)
	{DSA-964-1}
	[woody] - gnocatan 0.6.1-5woody3
	[sarge] - gnocatan 0.8.1.59-1sarge1
	- pioneers 0.9.49-1 (bug #350237; medium)
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Con ...)
	NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in a ...)
	NOT-FOR-US: active121 Site Manager
CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent Man ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09 ...)
	NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in Expressi ...)
	NOT-FOR-US: ExpressionEngine
CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote  ...)
	{DSA-997-1}
	- bomberclone 0.11.6.2-1
CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generat ...)
	{DSA-1020-1}
	- flex 2.5.33-1
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu ...)
	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl fun ...)
	- linux-2.6 2.6.15-6
CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 c ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature verifica ...)
	{DSA-978-1}
	- gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
	- gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICM ...)
	- linux-2.6 2.6.15-5
	[sarge] - kernel-source-2.6.8 <not-affected>
	[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote attacke ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allow ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of  ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
	NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for
	NOTE: a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail 4.0 ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail  ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote  ...)
	NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users t ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1 ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog  ...)
	NOT-FOR-US: CheesyBlog
CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote att ...)
	NOT-FOR-US: Sami FTP Server
CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload fi ...)
	NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the w ...)
	NOT-FOR-US: Text Rider
CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when  ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: No real world risk according to maintainer
CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Intended behaviour according to maintainer
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 al ...)
	NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Databas ...)
	NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows r ...)
	NOT-FOR-US: phpXplorer
CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP C ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP Cou ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether  ...)
	NOT-FOR-US: ioFTPD
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php  ...)
	NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in Ci ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost Au ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin a ...)
	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK  ...)
	NOT-FOR-US: ParoxProxy
CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not prope ...)
	- kfreebsd-5 5.4-13
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express 9.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security provi ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5,  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLog ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 throu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted attacke ...)
	{DSA-1012-1}
	- unzip 5.52-7 (low; bug #349794)
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allo ...)
	NOT-FOR-US: 123 Flash Chat Server
CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and earlie ...)
	NOT-FOR-US: miniBloggie
CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass authent ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0 ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden service ...)
	- tor 0.1.1.11-alpha-1 (bug #349283)
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow r ...)
	NOT-FOR-US: NewsPHP
CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ex ...)
	NOT-FOR-US: CyberShop
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session coo ...)
	NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQ ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #349985; medium)
	- moodle 1.6-1 (bug #360395; medium)
	- cacti 0.8.6d-1 (medium)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Pho ...)
	NOT-FOR-US: Pixelpost Photoblog
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
	NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Bo ...)
	NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allo ...)
	- tiff 3.8.0-2 (bug #350715)
	- tiff3 <not-affected> (fixed prior to initial upload)
	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
	[woody] - tiff <not-affected> (Vulnerability was introduced later)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document roo ...)
	NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote at ...)
	NOT-FOR-US: e-moBLOG
CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote attac ...)
	{DSA-989-1}
	- zoph 0.5-1 (bug #350717)
CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on a ...)
	NOT-FOR-US: Apple
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers  ...)
	NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes  ...)
	NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes  ...)
	NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes  ...)
	NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patc ...)
	NOT-FOR-US: Apple
CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly rec ...)
	NOT-FOR-US: Apple
CVE-2006-0394
	REJECTED
CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple
CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attacker ...)
	NOT-FOR-US: Apple
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X 10. ...)
	NOT-FOR-US: Apple
CVE-2006-0390
	REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) i ...)
	NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows re ...)
	NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier,  ...)
	NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user  ...)
	NOT-FOR-US: Apple
CVE-2006-0385
	RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
	NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allo ...)
	NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of serv ...)
	NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD  ...)
	- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel t ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buf ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allo ...)
	NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows rem ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
CVE-2006-0376 (The 802.11 wireless client in certain operating systems including Wind ...)
	NOT-FOR-US: Windows
CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 runni ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 runni ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran Fo ...)
	NOT-FOR-US: Douran FollowWeb
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
	NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog  ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under  ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369
	- mysql-dfsg-4.1 <unfixed> (unimportant)
	NOTE: This isn't a security hole, it's expected behaviour
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4. ...)
	NOT-FOR-US: Cisco
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 be ...)
	NOT-FOR-US: Cisco
CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) a ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message b ...)
	NOT-FOR-US: XMB
CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) all ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores passwor ...)
	NOT-FOR-US: MSN Messenger
CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324,  ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Bl ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to  ...)
	NOT-FOR-US: MPM SIP IP Phone
CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote att ...)
	NOT-FOR-US: eyeBeam SIP Softphone
CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 be ...)
	NOT-FOR-US: PowerPortal
CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...)
	NOT-FOR-US: Grant Averett Cerberus FTP Server
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause a ...)
	NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers  ...)
	NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) al ...)
	NOT-FOR-US: Cisco
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs users.0.da ...)
	NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...)
	{DSA-963-1}
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote a ...)
	NOT-FOR-US: eggblog
CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to  ...)
	NOT-FOR-US: eggblog
CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG befo ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote a ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remot ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote a ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server  ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced  ...)
	NOT-FOR-US: Hitachi JP1/NetInsight II
CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows  ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe  ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) suppo ...)
	NOT-FOR-US: Cisco
CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to exe ...)
	NOT-FOR-US: BitComet
CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and Lin ...)
	NOT-FOR-US: F-Secure
CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions  ...)
	NOT-FOR-US: F-Secure
CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon St ...)
	NOT-FOR-US: My Amazon Store Manager
CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote  ...)
	NOT-FOR-US: ar-blog
CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
	- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
	[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin al ...)
	NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allow ...)
	{DSA-1148-1}
	- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS ...)
	NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
	NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information vi ...)
	- typo3-src 4.0.2-1 (bug #364351; unimportant)
	NOTE: Only path disclosure
CVE-2006-0326
	RESERVED
CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions,  ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote attac ...)
	NOT-FOR-US: WebspotBlogging
CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...)
	NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
	- mediawiki 1.4.15-1 (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1  ...)
	NOT-FOR-US: PHlyMail
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to  ...)
	{DSA-956-1}
	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
	NOTE: woody seems to be vulnerable as well (looking at the source code).
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Applic ...)
	NOT-FOR-US: Oracle
CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote attacker ...)
	- fetchmail 6.3.2-1 (bug #348747; low)
	[sarge] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
	[woody] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8. ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) i ...)
	NOT-FOR-US: Farmers WIFE
CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_qu ...)
	NOT-FOR-US: BlogPHP
CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKerne ...)
	NOT-FOR-US: RedKernel Referrer Tracker
CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) P ...)
	NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control
CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p p ...)
	NOT-FOR-US: EZDatabase
CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which allo ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allo ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: aoblogger
CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows remot ...)
	NOT-FOR-US: aoblogger
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remot ...)
	NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote att ...)
	NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the htmlt ...)
	NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer Associ ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in  ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
	NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component,  ...)
	NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 all ...)
	NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other prod ...)
	{DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1}
	- poppler 0.4.5-1 (medium)
	- tetex-bin 3.0-12 (medium)
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- kdegraphics 4:3.5.1-2 (medium)
	- gpdf 2.10.0-3 (medium)
	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
	- koffice 1.5.0-1 (medium)
	- libextractor 0.5.10-1 (medium)
	- pdfkit.framework 0.8-4 (medium)
	- swftools <not-affected> (splash/ is not included, therefore no vulnerable code)
CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...)
	{DSA-987-1}
	- tar 1.15.1-3 (bug #354091; high)
	- dpkg <not-affected> (has completely different tar implementation)
	[woody] - tar <not-affected>
CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird  ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before  ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if  ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	- mozilla 2:1.7.13-0.1
	- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected>
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript  ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- mozilla-thunderbird <removed>
	- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox 1. ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before  ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox 1.0.4-2sarge6
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, Applicati ...)
	NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server 6.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer c ...)
	NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP2 ...)
	NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 B ...)
	NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite Rel ...)
	NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade component of  ...)
	NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) Wal ...)
	NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0264
	REJECTED
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server 10.1.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 Secure ...)
	NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
	- geronimo <itp> (bug #481869)
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Nei ...)
	NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote atta ...)
	NOT-FOR-US: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.7 ...)
	- faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
	NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
	NOTE: This bug is present in a fork, not in the mainline
	NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1 ...)
	NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 an ...)
	NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula An ...)
	NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
	NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7- ...)
	NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** Directory traversal vulnerability in workspaces.php in  ...)
	NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote a ...)
	NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 a ...)
	NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows  ...)
	NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 all ...)
	NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
	NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0 ...)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers  ...)
	NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
	NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...)
	NOT-FOR-US: microBlog
CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow lo ...)
	NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ha ...)
	- kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium)
	- kernel-patch-2.4-grsecurity <removed> (bug #349247; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, a ...)
	NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c)  ...)
	NOT-FOR-US: freebsd kernel
CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ...)
	- openssh 1:4.3p2-1 (low; bug #349645; bug #352254)
	[sarge] - openssh <no-dsa> (Protocol flaws inherited from rcp)
	- dropbear 0.48-1 (unimportant)
	NOTE: dropbear doesn't include scp in binary package
CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 an ...)
	{DSA-976-1}
	- libast 0.7-1
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier al ...)
	NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Se ...)
	NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon  ...)
	NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3  ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from old ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auctio ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remo ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Q ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows remo ...)
	NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 an ...)
	NOT-FOR-US: Kolab Server
	NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba Blu ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire Tr ...)
	NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
	NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5 ...)
	- php5 5.1.2-1
	- php4 4:4.4.2-1 (bug #354682; low)
	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow re ...)
	{DSA-1331-1}
	- php5 5.1.2-1 (bug #347894)
	- php4 4:4.4.2-1 (bug #354683)
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040 ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not veri ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Tool ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Tool ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the mysq ...)
	- php5 5.1.2-1 (bug #347894; unimportant)
	- php4 <not-affected> (vulnerable code was introduced in PHP5)
	NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2  ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
	NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org 6.8 ...)
	NOTE: Historic X11 bug #349251
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 al ...)
	NOT-FOR-US: slsnif
CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0  ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354062)
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.0 ...)
	NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel  ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 al ...)
	NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to caus ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows r ...)
	NOT-FOR-US: eStara Softphone
CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to  ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354064)
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other version ...)
	NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly  ...)
	NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ea ...)
	NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail me ...)
	NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...)
	NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permission ...)
	NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers ...)
	NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass au ...)
	NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earl ...)
	NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1. ...)
	NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier a ...)
	NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote attacker ...)
	NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 al ...)
	NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which a ...)
	NOT-FOR-US: Joomla!
CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestb ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earl ...)
	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...)
	- knowledgetree 2.0.7-2 (bug #348306; medium)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0186
	REJECTED
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) N ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote att ...)
	NOT-FOR-US: AspTopSites
CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal Calenda ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to by ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) befo ...)
	NOT-FOR-US: Cisco
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 al ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Cisco
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local use ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and src/unix/file ...)
	- xmame 0.104-1 (medium; bug #349653)
	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
	NOTE: question, that makes it very clear that setuid root is only for single-user
	NOTE: systems and xmame-sdl and xmess aren't setuid at all
	[sarge] - xmame <no-dsa> (XMame is non-free software)
CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5 ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5 ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility i ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb E-comme ...)
	NOT-FOR-US: OrjinWeb E-commerce
CVE-2006-0170
	REJECTED
CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, whic ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remot ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers t ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stor ...)
	NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries funct ...)
	NOT-FOR-US: WebGUI
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is enab ...)
	NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module (modules/Search/index ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown i ...)
	NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4  ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4  ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote attacke ...)
	NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in  ...)
	{DSA-951-2}
	- trac 0.9.3-1
	[sarge] - trac 0.8.1-3sarge4 (medium)
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS  ...)
	NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 B ...)
	NOT-FOR-US: HydroBB
CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allow ...)
	NOT-FOR-US: Venom Board
CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows  ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS all ...)
	NOT-FOR-US: CyberDoc SiteSuite CMS
CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remot ...)
	NOT-FOR-US: Reamday Enterprises Magic News Plus
CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remot ...)
	NOT-FOR-US: Foxforum
CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...)
	NOT-FOR-US: 427BB
CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 a ...)
	NOT-FOR-US: 427BB
CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the u ...)
	NOT-FOR-US: 427BB
CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and  ...)
	NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environ ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (medium)
	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
	NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason fun ...)
	{DSA-952-1}
	- libapache-auth-ldap <removed> (bug #347416)
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_en ...)
	NOT-FOR-US: SimpBook
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: NetSarang Xlpd
CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script  ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1 (medium)
	- moodle 1.6.3-2 (medium)
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in mu ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1 (medium)
	- moodle 1.6.3-2 (medium)
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and Ope ...)
	NOT-FOR-US: NetBSD
CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in  ...)
	NOT-FOR-US: Neither php-pear nor php4-pear ship this file
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote attack ...)
	NOT-FOR-US: Windows
CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...)
	NOT-FOR-US: Andromeda
CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...)
	NOT-FOR-US: Eudora
CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 S ...)
	NOT-FOR-US: Navboard
CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in P ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote a ...)
	NOT-FOR-US: eazyCMS
CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4  ...)
	NOT-FOR-US: class-1 Poll
CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/C ...)
	- linux-2.6 2.6.15-1 (low)
CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote atta ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, doe ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
	NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows a ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamA ...)
	{DSA-947-1}
	- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denia ...)
	- amsn 0.98.9-1 (low; bug #557754)
	[squeeze] - amsn <no-dsa> (minor issue)
	[etch] - amsn <no-dsa> (minor issue)
	[lenny] - amsn <no-dsa> (minor issue)
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares  ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook m ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 al ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in TheWebForu ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow loc ...)
	NOT-FOR-US: AIX
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6  ...)
	NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in Rocklif ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in Rocklif ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.2 ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe Mai ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and non ...)
	- rxvt-unicode 6.3-1
	[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
	[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows  ...)
	NOT-FOR-US: AppServ
CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0 ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote  ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquife ...)
	NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5. ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Ser ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Ser ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before  ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allo ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore Ebusi ...)
	NOT-FOR-US: iNETstore Ebusiness Software
CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CM ...)
	NOT-FOR-US: OnePlug Solutions OnePlug CMS
CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs fo ...)
	NOT-FOR-US: Joomla!
CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the  ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simp ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media Shoppi ...)
	NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
	NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows rem ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to  ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on  ...)
	NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allo ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and  ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Bet ...)
	NOT-FOR-US: sBLOG
CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local user ...)
	NOT-FOR-US: NicoFTP
CVE-2006-0099 (PHP remote file include vulnerability in (1) include/templates/categor ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3 ...)
	NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in libmy ...)
	- php4 <not-affected> (Windows specific)
	- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 allo ...)
	NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP  ...)
	NOT-FOR-US: @Card ME PHP
CVE-2006-0092
	REJECTED
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0. ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
	NOT-FOR-US: IDV Directory Viewer
CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ca ...)
	NOT-FOR-US: ESRI ArcPad
CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha  ...)
	NOT-FOR-US: inTouch
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in Liz ...)
	NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation Ima ...)
	NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attacker ...)
	NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ear ...)
	NOT-FOR-US: raSMP
CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
	REJECTED
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ear ...)
	NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier a ...)
	NOT-FOR-US: Zina
CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows remo ...)
	NOT-FOR-US: ClientExec
CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to e ...)
	NOT-FOR-US: SMBCMS
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ear ...)
	NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
	NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs admin/site. ...)
	NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
	NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows rem ...)
	NOT-FOR-US: PTnet ircd
CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: eFileGo
CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote attack ...)
	NOT-FOR-US: eFileGo
CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in vBu ...)
	NOT-FOR-US: vBulletin
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to execu ...)
	NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools (s ...)
	{DSA-930-2 DSA-930-1}
	- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions,  ...)
	{DSA-954-1 CVE-2005-4560}
	- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c fo ...)
	{DSA-1213}
	- imagemagick 6:6.2.4.5-0.6 (bug #345876)
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
	- b2evolution 0.9.1b-4 (bug #344000)
CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerat ...)
	NOT-FOR-US: Intel
CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possi ...)
	NOT-FOR-US: vBulletin
CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 a ...)
	NOT-FOR-US: ScozNet
CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software  ...)
	NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
	NOT-FOR-US: File::ExtAttr
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 allo ...)
	NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and earlie ...)
	NOT-FOR-US: phpBook
CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote  ...)
	NOT-FOR-US: PHPenpals
CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
	NOT-FOR-US: DiscusWare Discus
CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attack ...)
	NOT-FOR-US: SCO Openserver
CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bi ...)
	- pinentry <not-affected> (Gentoo-specific packaging flaw)
CVE-2006-0070
	- drupal <not-affected> (According to upstream advisory is junk, behaviour intentional)
	NOTE: This will probably be REJECTED anyway
CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk G ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows remot ...)
	NOT-FOR-US: Primo Cart
CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 an ...)
	NOT-FOR-US: VEGO Links Builder
CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows re ...)
	NOT-FOR-US: PHPjournaler
CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) functions_update ...)
	NOT-FOR-US: VEGO Web Forum
CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
	NOT-FOR-US: CubeCart
CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowe ...)
	- phpbb2 2.0.21-1 (unimportant)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
	NOTE: (Upstream fix was in 2.0.20.)
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
	NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows remot ...)
	NOT-FOR-US: iSupport
CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlie ...)
	NOT-FOR-US: DapperDesk
CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier  ...)
	NOT-FOR-US: digiSHOP
CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remo ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote  ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ea ...)
	NOT-FOR-US: Free ClickBank
CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12,  ...)
	- dopewars <not-affected> (According to upstream Windows-specific)
CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to obta ...)
	NOT-FOR-US: BugPort
CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows remot ...)
	NOT-FOR-US: BugPort
CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
	NOT-FOR-US: BugPort
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz prod ...)
	NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions bef ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1
	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
	- xshisen 1.51-1-2 (bug #291613)
CVE-2006-0062 (xlockmore 5.13 allows potential xlock bypass when FVWM switches to the ...)
	- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 (xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns ...)
	- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
	[sarge] - xlockmore <no-dsa> (Minor issue)
CVE-2006-0060
	RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC  ...)
	NOT-FOR-US: LiveData
CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows  ...)
	{DSA-1015-1}
	- sendmail 8.13.6-1 (bug #358440; high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...)
	NOT-FOR-US: Windows
CVE-2006-0056 (Double free vulnerability in the authentication and authentication tok ...)
	- pam-mysql 0.6.2-1 (bug #353589; medium)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable f ...)
	- ee 1:1.4.2-5 (bug #348322)
CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ca ...)
	NOT-FOR-US: FreeBSD
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows l ...)
	- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Comp ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moodle <not-affected> (has newer version)
	- wordpress 2.5.1-3
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
	NOTE: uses the system copy of tinymce and the exact fixed version is not
	NOTE: really determinably anymore
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyM ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestboo ...)
	NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei Guestboo ...)
	NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook  ...)
	NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4 ...)
	NOT-FOR-US: NView and XnView, different from nview from nvi
CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers  ...)
	NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...)
	NOT-FOR-US: phpDocumentor
CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows r ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94 ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on  ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the re ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote atta ...)
	NOT-FOR-US: Koobi
CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...)
	NOT-FOR-US: Juniper
CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 all ...)
	NOT-FOR-US: PHPSurveyor
CVE-2005-XXXX [snort: DoS in verbose mode]
	- snort 2.3.3-2 (bug #328134; low)
	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers t ...)
	{DSA-957-2}
	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
	NOTE: Exploitable through Gnus and Thunderbird.
	- graphicsmagick 1.1.7-1
CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to  ...)
	{DSA-1028-1}
	- libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, wh ...)
	{DSA-1027-1}
	- mailman 2.1.6-1 (bug #358892)
CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...)
	{DSA-1023-1}
	- kaffeine 0.8-1
CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary fi ...)
	{DSA-1013-1}
	- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached sign ...)
	{DSA-993-2}
	- gnupg 1.4.2.2-1 (bug #356125; medium)
	- gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a deni ...)
	- tcpick 0.2.1-3 (bug #360571; low)
	[sarge] - tcpick <no-dsa> (Minor issue)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
	{DSA-994-1}
	- freeciv 2.0.8-1 (medium; bug #355211)
CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote atta ...)
	{DSA-966-1}
	- adzapper 20060115-1
CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and loa ...)
	{DSA-949-1}
	- crawl 1:4.0.0beta26-7 (medium)
CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application t ...)
	{DSA-942-1}
	- albatross 1.33-1
CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0 ...)
	- ethereal 0.10.14-1 (bug #345243; low)
	NOTE: This affects Woody and Sarge
CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a den ...)
	- bzflag 2.0.6.20060412-1 (bug #345245; low)
	[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX Se ...)
	NOT-FOR-US: VMWare
CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity chec ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: Even an authenticated server might serve unwanted content, so
	NOTE: this can't be considered a real vulnerability.
CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to e ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows re ...)
	NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business L ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - Con ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Busines ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngin ...)
	NOT-FOR-US: Fatwire Update Engine
CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote attac ...)
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin Co ...)
	{DSA-1201-1}
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in P ...)
	NOT-FOR-US: Plogger
CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart all ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in Fortine ...)
	NOT-FOR-US: FortiOS
CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology (formerl ...)
	NOT-FOR-US: FTGate
CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly  ...)
	NOT-FOR-US: FTGate
CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technolo ...)
	NOT-FOR-US: FTGate
CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) impleme ...)
	NOT-FOR-US: NetVanta
CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 (IK ...)
	NOT-FOR-US: NetVanta
CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN N ...)
	NOT-FOR-US: NetVanta
CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...)
	NOT-FOR-US: Enterprise Heart Enterprise Connector
CVE-2005-4562
	REJECTED
CVE-2005-4561
	REJECTED
CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in Microsof ...)
	{CVE-2006-0106}
	NOT-FOR-US: Microsoft
CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Ser ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNet ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Serv ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as us ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web managem ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system 1. ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to e ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...)
	NOT-FOR-US: Sun Solaris PC NetLink
CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpB ...)
	NOT-FOR-US: codegrrl SimpBook
CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion F ...)
	NOT-FOR-US: Oracle
CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server  ...)
	NOT-FOR-US: Oracle
CVE-2005-4548 (SQL injection vulnerability in the "user area" in RWS Statistics Count ...)
	NOT-FOR-US: RWS Statistics Counter
CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full p ...)
	NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect Sh ...)
	NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
	REJECTED
CVE-2005-4543
	REJECTED
CVE-2005-4542
	REJECTED
CVE-2005-4541
	REJECTED
CVE-2005-4540
	REJECTED
CVE-2005-4539
	REJECTED
CVE-2005-4538
	REJECTED
CVE-2005-4537
	REJECTED
CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enable ...)
	{DSA-960-3}
	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
	REJECTED
CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and earlie ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system support ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4531
	REJECTED
CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: EPay Enterprise
CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to  ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB a ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...)
	NOT-FOR-US: Direct News
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 all ...)
	NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local user ...)
	NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a bu ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feed ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the view_filter ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows rem ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis 1.0. ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page (manage ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4515
	NOT-FOR-US: WebDB
CVE-2005-4514
	NOT-FOR-US: Webwasher
CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows r ...)
	NOT-FOR-US: WANDSOFT e-SEARCH
CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...)
	NOT-FOR-US: WAXTRAPP
CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows lo ...)
	NOT-FOR-US: TN3270 Resource Gateway
CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7  ...)
	NOT-FOR-US: Netpublish Server
CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote attac ...)
	NOT-FOR-US: pTools
CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to o ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts  ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan Enterpr ...)
	NOT-FOR-US: McAfee
CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in A ...)
	- kdelibs <not-affected>
	NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote  ...)
	NOT-FOR-US: httprint
CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and possibl ...)
	NOT-FOR-US: httprint
CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string" ...)
	- mediawiki 1.4.13-1 (bug #345280)
CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
	NOT-FOR-US: MusicBox
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concent ...)
	NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier a ...)
	NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...)
	NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1  ...)
	NOT-FOR-US: Syntax CMS
CVE-2005-4495
	NOT-FOR-US: SpireMedia
CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier all ...)
	- spip 2.0.6-1 (medium; bug #352078)
CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier a ...)
	NOT-FOR-US: SpearTek
CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18  ...)
	NOT-FOR-US: Starphire SiteSage
CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...)
	NOT-FOR-US: Sitekit CMS
CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and  ...)
	NOT-FOR-US: SCOOP!
CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier  ...)
	NOT-FOR-US: Scoop
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Re ...)
	NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ea ...)
	NOT-FOR-US: RAMSite
CVE-2005-4486
	NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3  ...)
	NOT-FOR-US: ProjectApp
CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...)
	NOT-FOR-US: IntranetApp
CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3. ...)
	NOT-FOR-US: SiteEnable
CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...)
	NOT-FOR-US: PortalApp
CVE-2005-4481
	NOT-FOR-US: Polypoly
CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlie ...)
	NOT-FOR-US: Plexcor CMS
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and earli ...)
	NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allo ...)
	NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earli ...)
	NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html  ...)
	NOT-FOR-US: OpenEdit
CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier  ...)
	NOT-FOR-US: OpenCms
CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.1 ...)
	{DSA-1208-1}
	- bugzilla 2.18 (bug #329387; low)
	NOTE: The vulnerable script has been removed in the 2.18 upstream release
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
	- libjpeg6b 6b-11 (bug #340079; low)
	[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
	[sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable)
CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as  ...)
	{DSA-975-1}
	- nfs-user-server 2.2beta47-22 (high; bug #350020)
	NOTE: nfs-utils (kernel NFS server) is not affected
	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_par ...)
	{DSA-1000-2}
	- libapreq2 2.07-1
CVE-2006-0041
	REJECTED
CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
	- evolution 2.10.1 (bug #398064; low)
	[etch] - evolution <no-dsa> (Minor issue)
	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux  ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux bef ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 an ...)
	- linux-2.6 2.6.15-3
CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...)
	{DSA-948-1}
	- kdelibs 4:3.5.1-1 (medium)
CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows  ...)
	NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS)  ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2 ...)
	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in  ...)
	{DSA-1039-1 DTSA-29-1}
	- blender 2.40-1 (bug #344398; medium)
	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView 3. ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in PHPGedV ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView  ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll i ...)
	NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIV ...)
	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote  ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive inf ...)
	- wordpress 1.5.2-1 (unimportant)
	NOTE: Only path disclosure
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP web ...)
	NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ea ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ea ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe  ...)
	NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly  ...)
	NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote attacker ...)
	NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and Enterpri ...)
	NOT-FOR-US: MailEnable
CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJour ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote aut ...)
	NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under t ...)
	NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 all ...)
	NOT-FOR-US: HP-UX
CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 al ...)
	NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated administrator ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 che ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN  ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x a ...)
	NOT-FOR-US: ASPBite
CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in Pega ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gento ...)
	- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Ge ...)
	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network segmentat ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network seg ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to c ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in  ...)
	NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing Proto ...)
	NOT-FOR-US: IOS
CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
	NOT-FOR-US: IOS
CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
	NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x al ...)
	NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach St ...)
	NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 a ...)
	NOT-FOR-US: PlaySMS
CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to e ...)
	NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
	NOT-FOR-US: LogicBill
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers t ...)
	NOT-FOR-US: CS-Cart
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus Help ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remo ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...)
	NOT-FOR-US: YaBB
CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allo ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...)
	NOT-FOR-US: PHPKIT
CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows re ...)
	NOT-FOR-US: PHPFM
CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stabl ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
	NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterpri ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honey ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1 ...)
	NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote  ...)
	NOT-FOR-US: TML CMS
CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 a ...)
	NOT-FOR-US: TML CMS
CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown i ...)
	NOT-FOR-US: Teamwork 3
CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts  ...)
	NOT-FOR-US: Websphere
CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user passwo ...)
	NOT-FOR-US: Citrix
CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote a ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote  ...)
	NOT-FOR-US: NQcontent
CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier a ...)
	NOT-FOR-US: MMBase
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earli ...)
	NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4 ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlie ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x all ...)
	NOT-FOR-US: Media2 CMS
CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier all ...)
	NOT-FOR-US: Marwel
CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and Enter ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier a ...)
	NOT-FOR-US: Lutece
CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Li ...)
	NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in Libert ...)
	NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398
	NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote attack ...)
	NOT-FOR-US: iCMS
CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS  ...)
	NOT-FOR-US: iCMS
CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier all ...)
	NOT-FOR-US: FarCry
CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier all ...)
	NOT-FOR-US: EPiX
CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS  ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2 ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote attac ...)
	NOT-FOR-US: damoon
CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and earlie ...)
	NOT-FOR-US: ContentServ
CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtai ...)
	NOT-FOR-US: CONTENS
CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0  ...)
	NOT-FOR-US: CONTENS
CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
	NOT-FOR-US: contenite
CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlie ...)
	NOT-FOR-US: Colony CMS
CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC ...)
	NOT-FOR-US: Cofax
CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain th ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Comm ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x allow ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
	NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 a ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earli ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1 ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows remot ...)
	NOT-FOR-US: Amaxus
CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allow ...)
	NOT-FOR-US: Amaxus
CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 a ...)
	NOT-FOR-US: Allinta
CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote attack ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive W ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
	NOT-FOR-US: Acidcat
CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and  ...)
	NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows re ...)
	NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ($rcmail_co ...)
	- roundcube <not-affected> (Quotes are stripped now and if the task can't be found there is a default of mail)
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in DRZ ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote a ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
	NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana We ...)
	NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in Komod ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remot ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia Co ...)
	NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...)
	NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 al ...)
	NOT-FOR-US: ODFaq
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ob ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowe ...)
	- phpbb2 2.0.21-1 (bug #344674; low)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to execu ...)
	NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow re ...)
	NOT-FOR-US: UStore
CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimp ...)
	NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when co ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2 ...)
	- linux-2.6 2.6.18-3
CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
	- linux-2.6 2.6.18-3
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 an ...)
	NOT-FOR-US: WBEM Services
CVE-2005-4349 [SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7....]
	- phpmyadmin 4:3.2.0-1 (unimportant)
	NOTE: A big commit that included a lot of fixes/versions
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/644366eaf1bd10dd087bfc8c46ed98a337c04ab4#diff-4cb9ef0ba2c5556cd595ceb5dd85fd33R2070
	NOTE: Only for authenticated used, will possibly be rejected
CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in  ...)
	NOT-FOR-US: IOS
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidr ...)
	{DSA-939-1}
	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5. ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1
CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and  ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1 (bug #329090; medium)
	- kernel-patch-vserver 2.3 (bug #329087; medium)
	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier a ...)
	NOT-FOR-US: phpBB Blog
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password has ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the  ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6 ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite 6.3. ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4340
	REJECTED
CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and Co ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in  ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in A ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ear ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers t ...)
	NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board Sy ...)
	NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allow ...)
	NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant Versio ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall all ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extr ...)
	NOT-FOR-US: paFileDB
CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimp ...)
	NOT-FOR-US: WebGlimpse
CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt W ...)
	NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute Netwo ...)
	NOT-FOR-US: APC hardware issue
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have unk ...)
	NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07 ...)
	NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 0 ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosmine ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani Ne ...)
	NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the in ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 a ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earl ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not pro ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers t ...)
	NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART  ...)
	NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shoppin ...)
	NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond Personal ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond Classifi ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier,  ...)
	NOT-FOR-US: DCForum
CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authen ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows rem ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to i ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
	NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
	NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1,  ...)
	- trac 0.9.3-1 (bug #344006)
	[sarge] - trac <unfixed> (medium)
	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
	NOTE: invasive set of patches to backport. basically most instances
	NOTE: of input being escape()'d are no longer done so, and instead a
	NOTE: Markup() function replaces them, and special checks are done
	NOTE: on rendered HTML output to prevent XSS code from being displayed.
CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to o ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earl ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earl ...)
	NOT-FOR-US: pgpXplorer
CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in libre ...)
	NOT-FOR-US: libremail
CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
	NOT-FOR-US: Atlant Pro
CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.0 ...)
	NOT-FOR-US: AtlantForum
CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier a ...)
	NOT-FOR-US: bbBoard
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE  ...)
	NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0 ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
	NOT-FOR-US: ClickCartPro
CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlie ...)
	NOT-FOR-US: CommerceSQL
CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Online ...)
	NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
	NOT-FOR-US: ECW-Cart
CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
	NOT-FOR-US: eDatCat
CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E- ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows  ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote atta ...)
	NOT-FOR-US: PhpLogCon
CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copit ...)
	NOT-FOR-US: Dick Copits PDEstore
CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine  ...)
	NOT-FOR-US: StaticStore Search Engine
CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earl ...)
	NOT-FOR-US: The CITY Shop
CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and e ...)
	NOT-FOR-US: Zaygo DomainCart
CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and  ...)
	NOT-FOR-US: Zaygo HostingCart
CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
	- cmake <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on  ...)
	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo  ...)
	- perl <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS bef ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Westell Versalink
CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to caus ...)
	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x all ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) getComman ...)
	NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote at ...)
	NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows rem ...)
	NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
	- cpio 2.6-10 (bug #344134; medium)
	[sarge] - cpio <unfixed> (medium)
	[woody] - cpio <unfixed> (medium)
CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote at ...)
	NOT-FOR-US: Qualcomm WorldMail
CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when  ...)
	- snort 2.3.0-1
CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.3 ...)
	NOT-FOR-US: YaCy
CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5. ...)
	NOT-FOR-US: NetBSD
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
	NOTE: not reproducible
	- rageircd <not-affected> (bug #343543; medium)
CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Sessio ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265
	REJECTED
CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support Tic ...)
	NOT-FOR-US: PHP Support Tickets
CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows re ...)
	NOT-FOR-US: Envolution
CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in Envolut ...)
	NOT-FOR-US: Envolution
CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ (cpplus ...)
	NOT-FOR-US: CP+
CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and l ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attac ...)
	NOT-FOR-US: ASPBB
CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a  ...)
	NOT-FOR-US: Cisco
CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Fo ...)
	NOT-FOR-US: ASP-DEV XM Forum
CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1. ...)
	NOT-FOR-US: WikkaWiki
CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels DreamPo ...)
	NOT-FOR-US: DreamLevels DreamPoll
CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1 ...)
	NOT-FOR-US: Torrential
CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earl ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlie ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier all ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext  ...)
	NOT-FOR-US: ADP Forum
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta  ...)
	NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows remot ...)
	NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe Galler ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows  ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in VCD-d ...)
	NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier a ...)
	NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php  ...)
	NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in M ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earl ...)
	NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allow ...)
	NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCo ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and  ...)
	NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager  ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2005-4232
	NOT-FOR-US: Jamit Job Board
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earli ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlie ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
	NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earl ...)
	NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...)
	NOT-FOR-US: pgpWebThings
CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3  ...)
	NOT-FOR-US: myBloggie
CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might a ...)
	NOT-FOR-US: e107
CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro  ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi i ...)
	NOT-FOR-US: Lars Ellingsen Guestserver
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
	NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote  ...)
	NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains user ...)
	NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows re ...)
	NOT-FOR-US: PHPWebThings
CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
	- perl <not-affected> (MacOS specific vulnerability)
CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Se ...)
	NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
	NOT-FOR-US: Motorola hardware
CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote  ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1 ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in php ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor (I ...)
	NOT-FOR-US: Opera
CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to  ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote atta ...)
	NOT-FOR-US: Flatnuke
CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script allow ...)
	NOT-FOR-US: BTGrup Admin WebController Script
CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite 6.3. ...)
	NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
	NOT-FOR-US: LocazoList
CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows r ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allo ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
	NOT-FOR-US: My Album Online
CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) befor ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote a ...)
	NOT-FOR-US: Netref
CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to e ...)
	NOT-FOR-US: Nortel SSL VPN
CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal To ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1 ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming M ...)
	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows re ...)
	NOT-FOR-US: UseBB
CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3  ...)
	- turba2 2.0.5-1 (bug #342946; medium)
CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in templates/notep ...)
	- mnemo2 2.0.3-1 (bug #342944; medium)
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in templates/taskl ...)
	- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...)
	{DSA-1033-1}
	- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	{DSA-970-1}
	- kronolith2 2.0.6-1 (bug #342943; medium)
	- kronolith <removed> (bug #349261; medium)
CVE-2005-4188
	RESERVED
CVE-2005-4187
	RESERVED
CVE-2005-4186
	RESERVED
CVE-2005-4185
	RESERVED
CVE-2005-4184
	RESERVED
CVE-2005-4183
	RESERVED
CVE-2005-4182
	RESERVED
CVE-2005-4181
	RESERVED
CVE-2005-4180
	RESERVED
CVE-2005-4179
	RESERVED
CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Per ...)
	NOT-FOR-US: Magic Book Personal and Professional
CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after rea ...)
	NOT-FOR-US: AWARD BIOS
CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the  ...)
	NOT-FOR-US: Insyde BIOS
CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow r ...)
	NOT-FOR-US: eFiction
CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, wh ...)
	NOT-FOR-US: eFiction
CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
	NOT-FOR-US: eFiction
CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote at ...)
	NOT-FOR-US: eFiction
CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 a ...)
	NOT-FOR-US: eFiction
CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allow ...)
	NOT-FOR-US: eFiction
CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUp ...)
	NOT-FOR-US: DUportal
CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum  ...)
	NOT-FOR-US: ASP-DEV ASP Resources Forum
CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated us ...)
	{DSA-923-1}
	- dropbear 0.47-1 (high)
CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows  ...)
	NOT-FOR-US: PHP-addressbook
CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 al ...)
	NOT-FOR-US: Captcha
CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCa ...)
	NOT-FOR-US: ACME PerlCal
CVE-2005-4161
	NOT-FOR-US: MilliScripts
CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 allo ...)
	NOT-FOR-US: Torrential
CVE-2005-4159
	NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allo ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), wi ...)
	NOT-FOR-US: Mambo
CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execut ...)
	NOT-FOR-US: ATutor
CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows u ...)
	- php5 5.1.1-1
	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial  ...)
	{DSA-955-1}
	- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to tur ...)
	NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Profes ...)
	NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in C ...)
	NOT-FOR-US: CA Clever Path
CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain s ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, include ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote at ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the  ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORD ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allo ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 t ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote attac ...)
	NOT-FOR-US: ASPMForum
CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker  ...)
	NOT-FOR-US: Website Baker
CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84  ...)
	NOT-FOR-US: ThWboard
CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...)
	NOT-FOR-US: ThWboard
CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.1 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
	- mozilla 2:1.7.13-0.1 (unimportant)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
	NOTE: Not exploitable beyond a sluggish browser startup, see
	NOTE: http://web.archive.org/web/20141206010602/https://www.mozilla.org/security/history-title.html
CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web  ...)
	NOT-FOR-US: Solaris
CVE-2005-4132 (Unspecified "security leak" vulnerability in Contenido before 4.6.4, w ...)
	NOT-FOR-US: Contenido
CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Excel
CVE-2005-4130
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4129
	REJECTED
CVE-2005-4128
	REJECTED
CVE-2005-4127
	REJECTED
CVE-2005-4126
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
	REJECTED
CVE-2005-4124
	REJECTED
CVE-2005-4123
	REJECTED
CVE-2005-4122
	REJECTED
CVE-2005-4121
	REJECTED
CVE-2005-4120
	REJECTED
CVE-2005-4119
	REJECTED
CVE-2005-4118
	REJECTED
CVE-2005-4117
	REJECTED
CVE-2005-4116
	REJECTED
CVE-2005-4115
	REJECTED
CVE-2005-4114
	REJECTED
CVE-2005-4113
	REJECTED
CVE-2005-4112
	REJECTED
CVE-2005-4111
	REJECTED
CVE-2005-4110
	REJECTED
CVE-2005-4109
	REJECTED
CVE-2005-4108
	REJECTED
CVE-2005-4107
	REJECTED
CVE-2005-4106
	REJECTED
CVE-2005-4105
	REJECTED
CVE-2005-4104
	REJECTED
CVE-2005-4103
	REJECTED
CVE-2005-4102
	REJECTED
CVE-2005-4101
	REJECTED
CVE-2005-4100
	REJECTED
CVE-2005-4099
	REJECTED
CVE-2005-4098
	REJECTED
CVE-2005-4097
	REJECTED
CVE-2005-4096
	REJECTED
CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...)
	NOT-FOR-US: Apache James
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the fckeditor2rc ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows rem ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, N ...)
	NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTi ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1- ...)
	NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is r ...)
	NOT-FOR-US: HP-UX
CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass cross-do ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows rem ...)
	NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar Su ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite  ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web c ...)
	NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allow ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by def ...)
	NOT-FOR-US: QNX
CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
	NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
	- imp4 4.0.4-1 (bug #342654; unimportant)
	NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though
CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote a ...)
	- phpmyadmin <not-affected> (Affects only 2.7.0)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5f3b086ed22b8ca49472d27a014df3908b0388ac
CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1. ...)
	NOT-FOR-US: Ideal BB.NET
CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local  ...)
	NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earl ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List  ...)
	NOT-FOR-US: Magic List Pro
CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Person ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
	REJECTED
CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure  ...)
	NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1  ...)
	NOT-FOR-US: AIX
CVE-2005-4067
	REJECTED
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and p ...)
	NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac befo ...)
	{DSA-951-2}
	- trac 0.9.2-1 (bug #342232; medium)
	[sarge] - trac 0.8.1-3sarge4
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attac ...)
	NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp  ...)
	NOT-FOR-US: NetAuctionHelp
CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassifi ...)
	NOT-FOR-US: XcClassified
CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlb ...)
	NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pr ...)
	NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ea ...)
	NOT-FOR-US: LocazoList
CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote a ...)
	NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut N ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allo ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and earlie ...)
	NOT-FOR-US: Cars Portal
CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and  ...)
	NOT-FOR-US: PluggedOut Bot
CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...)
	NOT-FOR-US: coWiki
CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web sit ...)
	NOT-FOR-US: e107
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a downl ...)
	NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with  ...)
	NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
	NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function  ...)
	{DSA-1005-1 DSA-1004-1 DSA-992-1}
	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
	- xmovie <removed>
	- xine-lib 1.0.1-1.5 (bug #342208; medium)
	- mplayer <not-affected> (Fixed before initial upload)
	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
	- vlc 0.8.4.debian-2 (medium)
	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
	NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnow ...)
	NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java Sy ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 Delegate ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Searc ...)
	NOT-FOR-US: Amazon Search Directory
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ea ...)
	NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earli ...)
	NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy H ...)
	NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows remo ...)
	NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal S ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal Sol ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate M ...)
	NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future Ke ...)
	NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterpr ...)
	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating Professio ...)
	NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data  ...)
	NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search  ...)
	NOT-FOR-US: Easy Search System
CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows re ...)
	- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows  ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames  ...)
	NOT-FOR-US: WebEOC
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow r ...)
	NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers t ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr ...)
	NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect install.p ...)
	NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 a ...)
	NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before  ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" f ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log unde ...)
	- gallery2 2.0.2-1 (low)
CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
	NOT-FOR-US: Widget Imprint
CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
	NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to obta ...)
	NOT-FOR-US: Widget Property
CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote at ...)
	NOT-FOR-US: Widget Property
CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the si ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a d ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statist ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows  ...)
	NOT-FOR-US: Kbase Express
CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 a ...)
	NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 throug ...)
	{DSA-919-2}
	- curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, rel ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 all ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSi ...)
	NOT-FOR-US: MyTemplateSite
CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package So ...)
	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, wh ...)
	NOT-FOR-US: WebEOC
CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and  ...)
	NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater  ...)
	NOT-FOR-US: SiteBeater News System
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater M ...)
	NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress Ne ...)
	NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows  ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in Zen Car ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX serve ...)
	NOT-FOR-US: Sobexsrv
	NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
	REJECTED
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 an ...)
	NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan (RAT ...)
	NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14. ...)
	NOT-FOR-US: phpMyChat
CVE-2005-3990
	REJECTED
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack befor ...)
	NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies L ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote a ...)
	NOT-FOR-US: Tradesoft CMS
CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and  ...)
	NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro S ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote attacke ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981
	NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall Tra ...)
	- trac 0.9.1-1 (bug #341697; medium)
	[sarge] - trac <not-affected>
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 be ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 15 ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware pr ...)
	NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and  ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PH ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (low)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 th ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in Extre ...)
	NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix M ...)
	NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre1 ...)
	NOT-FOR-US: MXChange
CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allow ...)
	NOT-FOR-US: MXChange
CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier  ...)
	NOT-FOR-US: PHPX
CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action mo ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search  ...)
	NOT-FOR-US: Java Search Engine
CVE-2005-3965
	REJECTED
CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, an ...)
	- openmotif 2.2.3-1.4 (bug #342092; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 al ...)
	NOT-FOR-US: DotClear
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in  ...)
	NOT-FOR-US: Eudora
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
	NOT-FOR-US: FreezeX
CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows r ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has u ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has u ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote at ...)
	NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which ...)
	NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1 ...)
	NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3 ...)
	NOT-FOR-US: LinuxStat
CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows remo ...)
	NOT-FOR-US: Journalness
CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote  ...)
	NOT-FOR-US: osCommerce
CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
	NOT-FOR-US: Zyxel hardware
CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
	NOT-FOR-US: TinyWeb
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System 4.0.0. ...)
	NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5. ...)
	NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attac ...)
	NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configu ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5 ...)
	- phpmyadmin 1:2.5.7-pl1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-1/
CVE-2004-2630 (The MIME transformation system (transformations/text_plain__external.i ...)
	- phpmyadmin 2:2.6.0-pl2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-2/
CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for Firs ...)
	NOT-FOR-US: Click to Meet express
CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4,  ...)
	- thttpd <not-affected> (Windows-specific vulnerabilities)
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
	NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular phon ...)
	NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows remo ...)
	NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki  ...)
	NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when regist ...)
	NOT-FOR-US: Rippy the Aggregator
CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not requir ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when op ...)
	NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly h ...)
	NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail p ...)
	NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0. ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 all ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote a ...)
	NOT-FOR-US: ActivePost Standard
CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions speci ...)
	NOT-FOR-US: Cutenews
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MyWeb
CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
	- kernel-patch-ctx 1:1.28-1 (bug #262903; medium)
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, w ...)
	NOT-FOR-US: BNC
CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28  ...)
	NOT-FOR-US: Sophster suite
CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain priv ...)
	NOT-FOR-US: mntd
CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boo ...)
	NOT-FOR-US: Symantec PowerQuest DeployCenter
CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news d ...)
	NOT-FOR-US: SmartWebby Smart Guest Book
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.2 ...)
	- kernel-patch-ctx 1:1.29-1
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
	{DSA-943-1}
	- perl 5.8.7-9 (bug #341542; medium)
CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext fu ...)
	NOT-FOR-US: Microsoft
CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in Mi ...)
	NOT-FOR-US: Microsoft
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, i ...)
	NOT-FOR-US: Microsoft
CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0,  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 an ...)
	- flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly othe ...)
	NOT-FOR-US: Microsoft
CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office  ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows re ...)
	NOT-FOR-US: Microsoft
CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0018
	REJECTED
CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ove ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Kadu
CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...)
	NOT-FOR-US: FreeWebStat
CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows rem ...)
	NOT-FOR-US: Entergal MX
CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear 1 ...)
	NOT-FOR-US: DotClear
CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 a ...)
	NOT-FOR-US: DMANews
CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1,  ...)
	NOT-FOR-US: MagpieRSS
CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows rem ...)
	NOT-FOR-US: blogBuddies
CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers  ...)
	NOT-FOR-US: Bedeng PSP
CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote atta ...)
	NOT-FOR-US: PHP Labs Top Auction
CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard al ...)
	NOT-FOR-US: PHP Labs Survey Wizard
CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users  ...)
	- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remo ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ea ...)
	NOT-FOR-US: PHPAlbum
CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center al ...)
	NOT-FOR-US: PHP Upload Center
CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service (crash ...)
	NOT-FOR-US: Opera
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 a ...)
	NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 a ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ear ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca Knowl ...)
	NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier  ...)
	NOT-FOR-US: Orca Blog
CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c an ...)
	NOT-FOR-US: Orca Ringmaker
CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
	NOT-FOR-US: WSN Knowledge Base
CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allow ...)
	NOT-FOR-US: Softbiz FAQ
CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script  ...)
	NOT-FOR-US: Softbiz B2B
CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows re ...)
	NOT-FOR-US: SocketKB
CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remot ...)
	NOT-FOR-US: SocketKB
CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 3 ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar  ...)
	NOT-FOR-US: 88Script's Event Calendar
CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and e ...)
	NOT-FOR-US: O-Kiraku Nikki
CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows rem ...)
	NOT-FOR-US: ASP-Rider
CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows remot ...)
	NOT-FOR-US: N-13 News
CVE-2005-3929 (Directory traversal vulnerability in the create function in xarMLSXML2 ...)
	NOT-FOR-US: Xaraya
	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users t ...)
	NOT-FOR-US: QNX
CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlie ...)
	NOT-FOR-US: GuppY
CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
	NOT-FOR-US: GuppY
CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC Helpd ...)
	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop  ...)
	NOT-FOR-US: Randshop
CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NetObjects Fusion
CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus l ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for I ...)
	NOT-FOR-US: IOS
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers t ...)
	NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote  ...)
	NOT-FOR-US: PBLang
CVE-2005-3918
	NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 Onl ...)
	NOT-FOR-US: CommidityRentals
CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
	NOT-FOR-US: WSN Forum
CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in Claviste ...)
	NOT-FOR-US: Clavister Web Client
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remo ...)
	NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual Ho ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin b ...)
	{DSA-1199-1}
	- webmin <not-affected> (Fixed through corrected Perl)
	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
	NOT-FOR-US: BosDates
CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magi ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate P ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in GhostScripte ...)
	NOT-FOR-US: GhostScripter Amazon Shop
CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and  ...)
	NOT-FOR-US: Sun Java
CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK an ...)
	NOT-FOR-US: Sun Java
CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1 ...)
	NOT-FOR-US: Sun Java
CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java  ...)
	NOT-FOR-US: Sun Java
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows loc ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficie ...)
	NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
	NOT-FOR-US: Google Talk
CVE-2005-3898
	REJECTED
CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Safari
	NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU cons ...)
	NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
	- mozilla <removed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 throug ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Ope ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket Requ ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a we ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers  ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service vi ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenam ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5. ...)
	NOT-FOR-US: Cisco
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.4 ...)
	{DSA-916-1}
	- inkscape 0.42-1 (bug #321501; low)
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu 2 ...)
	NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP befor ...)
	- php4 4:4.4.2-1 (bug #341726; medium)
	- php5 5.1.1-1 (bug #341368; medium)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowle ...)
	NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Bas ...)
	NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earli ...)
	NOT-FOR-US: Omnistar KBase
CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository  ...)
	NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
	NOT-FOR-US: PHP Doc System
CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management S ...)
	NOT-FOR-US: Simple Document Management System
CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center  ...)
	NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 a ...)
	NOT-FOR-US: Enterprise Connector
CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earli ...)
	NOT-FOR-US: Netzbrett
CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 all ...)
	NOT-FOR-US: ShockBoard
CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier all ...)
	NOT-FOR-US: Ugroup
CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0 ...)
	NOT-FOR-US: JBB
CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
	NOT-FOR-US: edmoBBS
CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API Se ...)
	NOT-FOR-US: Google API
CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier all ...)
	NOT-FOR-US: K-Search
CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
	NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1 ...)
	NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and earl ...)
	NOT-FOR-US: AllWeb search
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and earli ...)
	NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and e ...)
	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
	- centericq 4.21.0-6 (bug #340959; medium)
	- orpheus 1.5-5 (bug #368402; medium)
	- motor 2:3.4.0-6 (bug #368400; medium)
	NOTE: DTSA is for centericq only
	NOTE: This affects Sarge and Woody centericq
	NOTE: This affects Sarge and Woody motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to execut ...)
	{DSA-959-1}
	- unalz 0.55-1 (bug #340842; medium)
CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz 0. ...)
	NOT-FOR-US: phpGreetz
CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May At ...)
	NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 al ...)
	NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux k ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1. ...)
	- krusader 1.70.0-1 (bug #336169; low)
	[sarge] - krusader <not-affected>
	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
	NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS a ...)
	NOT-FOR-US: EasyPageCMS
CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier allo ...)
	NOT-FOR-US: sNews
CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ( ...)
	NOT-FOR-US: Online Work Order Suite
CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online Atten ...)
	NOT-FOR-US: Online Attendance System
CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online Knowl ...)
	NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ea ...)
	NOT-FOR-US: Fantastic News
CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allo ...)
	NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article Manag ...)
	NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows r ...)
	NOT-FOR-US: Nicecode iDesk
CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a an ...)
	NOT-FOR-US: pdjk-support suite
CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
	NOT-FOR-US: kPlaylist
CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
	NOT-FOR-US: Omnistar Live
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk all ...)
	NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft Suppo ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in sCssB ...)
	NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
	NOT-FOR-US: DeskLance
CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in DeskLa ...)
	NOT-FOR-US: DeskLance
CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 a ...)
	NOT-FOR-US: Tunez
CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier  ...)
	NOT-FOR-US: Tunez
CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, a ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, a ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote  ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows re ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBu ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ear ...)
	NOT-FOR-US: AgileBill
CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
	NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
	NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote attacke ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier a ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger CR ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier a ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2  ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory S ...)
	NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 a ...)
	NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlie ...)
	NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro al ...)
	NOT-FOR-US: SmartPPC Pro
CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterpri ...)
	NOT-FOR-US: MailEnable
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic Winm ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ker ...)
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
	NOT-FOR-US: Cisco
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed" ...)
	NOT-FOR-US: Cisco
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03  ...)
	NOT-FOR-US: Belkin hardware
CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test possib ...)
	NOT-FOR-US: PasswordSafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak  ...)
	NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information v ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Not a real security problem, error messages might disclose the installation
	NOTE: which is known for the Debian package anyway
CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template  ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in Alstr ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in PHP-Nuk ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6  ...)
	NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter. ...)
	NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow re ...)
	NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0( ...)
	NOT-FOR-US: Cisco
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0191fc3c33feb809cf668f018ad53dc35061fe4c
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/2e5c10aa2fc10fb1004aac7db78ebdaac21b9220
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/053d90b6019959c3a503d6b12b9cd23dc31df2be
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZE ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix ...)
	NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 inc ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14. ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and pass ...)
	NOT-FOR-US: Apple
CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a sym ...)
	- astats <removed> (bug #287604)
CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy allow ...)
	NOT-FOR-US: PHProxy
CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in UberT ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live (H ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live (H ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) 1.5- ...)
	NOT-FOR-US: Intel hardware
CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in m ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
	NOTE: There is a big note in the quake2 package stating that it is not secure.
	NOTE: Otherwise severity would be high.
CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 o ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 o ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...)
	NOT-FOR-US: ButtUglySoftware CleanCache
CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...)
	NOT-FOR-US: meindlSOFT Cute PHP Library
CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service (a ...)
	- gaim 0.82-1 (medium)
CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme messag ...)
	NOT-FOR-US: XMB
CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows re ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in SmarterT ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in Smarter ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 al ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows  ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the pro ...)
	NOT-FOR-US: iChain
CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a  ...)
	NOT-FOR-US: iChain
CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows r ...)
	NOT-FOR-US: iChain
CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...)
	NOT-FOR-US: iChain
CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2)  ...)
	- phpgroupware 0.9.16.002-1
CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True,  ...)
	- phpgroupware 0.9.14-0.RC3.1
CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htac ...)
	- phpgroupware 0.9.16.000.1.cvs.20040620-1
CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain s ...)
	- phpgroupware 0.9.14.007
CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare  ...)
	- phpgroupware 0.9.14.007
CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ph ...)
	- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in PmWik ...)
	NOT-FOR-US: PmWiki
CVE-2003-XXXX [Insecure tempfile in x-face-el]
	- x-face-el 1.3.6.23-1
	NOTE: DSA-340
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to exe ...)
	NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 a ...)
	NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to dele ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote al ...)
	NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact a ...)
	NOT-FOR-US: Joomla!
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow r ...)
	NOT-FOR-US: Joomla!
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
	NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
	NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) impleme ...)
	NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the  ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages und ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded fi ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and  ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation  ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module (navigationmodule ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and la ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere Applic ...)
	NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly Go ...)
	NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
	NOTE: is well documented and can be switched off. Let's hope that all users
	NOTE: of saxon are aware of this. A warning has been added to the readme.
	NOTE: Current rdependencies:
	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, al ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command (di ...)
	NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3 ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote attacker ...)
	- jetty 5.1.8-1 (bug #340582; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote att ...)
	NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and p ...)
	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlie ...)
	NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
	NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
	NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earl ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when register_glo ...)
	NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 throu ...)
	{DSA-916-1 DTSA-24-1}
	- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart al ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote at ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper  ...)
	NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg ...)
	{DSA-965-1}
	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote atta ...)
	- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and met ...)
	NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
	NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
	NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld produ ...)
	NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
	NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6 ...)
	NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business Enterpris ...)
	NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences W ...)
	NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits exe ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access administr ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access  ...)
	NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
	NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server b ...)
	NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Sambar
CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in mm/t ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2. ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3. ...)
	{DSA-909-1}
	- horde3 3.0.7-1 (bug #340323; medium)
CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...)
	{DSA-907-1}
	- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorS ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain s ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the we ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix Softw ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows re ...)
	NOT-FOR-US: ArticleLive NX
CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addr ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attacker ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disabl ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows  ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP WI ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI  ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator pa ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWo ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWork ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWork ...)
	NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers t ...)
	NOT-FOR-US: Opera
CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
	NOT-FOR-US: PHP Easy Download
CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk Lin ...)
	NOT-FOR-US: Uresk Links Lite
CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attac ...)
	NOT-FOR-US: Arki-DB
CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php i ...)
	NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allo ...)
	{DSA-912-1}
	- centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm Medi ...)
	NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server  ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailE ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the installati ...)
	NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 a ...)
	NOT-FOR-US: XMB
CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote a ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified NewsBoar ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Sh ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled,  ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enab ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
	NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads modul ...)
	NOT-FOR-US: Xoops
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS 2.2. ...)
	NOT-FOR-US: Xoops
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-A ...)
	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows r ...)
	NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote a ...)
	- helix-player <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allo ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to cau ...)
	NOTE: Generic protocol weakness, likely hard to fix at the kernel
	NOTE: level without performance impact.
CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the libi ...)
	NOT-FOR-US: libike from Solaris
CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check Po ...)
	NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in Stonesof ...)
	NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
	- openswan 1:2.4.4-1 (bug #339082; low)
	[sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation)
	NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange vers ...)
	NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange vers ...)
	NOT-FOR-US: Cisco
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of I ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified implement ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple unspeci ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/05c719aba3b99820daa3187e055c6ef4540b53cc
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
	NOT-FOR-US: Tivoli
CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcod ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and  ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses w ...)
	NOT-FOR-US: FoolProof Security
CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Fire ...)
	NOT-FOR-US: Novell Client Firewall
CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remo ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
	- xboard 4.2.7-3 (bug #343560; unimportant)
CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow r ...)
	NOT-FOR-US: Layton HelpBox
CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified Per ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allo ...)
	NOT-FOR-US: Nortel hardware
CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) Surg ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attacker ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
	- samba 3.0.6-1
CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote atta ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 e ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as epi ...)
	NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, allow ...)
	{DSA-1064-1}
	- cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
	NOTE: Sarge and Woody are affected
CVE-2005-XXXX [unsafe file permissions in vpnc]
	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
	NOTE: Only an example file
CVE-2006-0017
	RESERVED
CVE-2006-0016
	RESERVED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll ...)
	NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote a ...)
	NOT-FOR-US: Microsoft
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0011
	REJECTED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP ...)
	NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versio ...)
	NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP ...)
	NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with I ...)
	NOT-FOR-US: Microsoft
CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which  ...)
	NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exch ...)
	NOT-FOR-US: Microsoft
CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 a ...)
	NOT-FOR-US: Microsoft
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware Up ...)
	NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remo ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 al ...)
	NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote attack ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote attacker ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allo ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3703
	REJECTED
CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote att ...)
	NOT-FOR-US: Safari
CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator util ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in  ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the -al ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0. ...)
	NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
	NOTE: resource management systems can be deployed
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7 ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x bef ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Cent ...)
	NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in mod_aut ...)
	{DSA-935-1}
	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
	- libapache2-mod-auth-pgsql 2.0.2b1-7
	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote Man ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
	NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various Compute ...)
	NOT-FOR-US: IGateway
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 a ...)
	NOT-FOR-US: Citrix
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix func ...)
	{DSA-920-1}
	- ethereal 0.10.13-1.1 (bug #342911; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the  ...)
	NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users t ...)
	NOTE: only exploitable in certian configurations (non-default)
	NOTE: warning added..
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <not-affected> (Isn't explotable in sarge)
CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in d ...)
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from  ...)
	NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpA ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remo ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2 ...)
	NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
	NOT-FOR-US: Informix
CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing enable ...)
	NOT-FOR-US: Oracle
CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of Floosie ...)
	NOT-FOR-US: FTGate
CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow re ...)
	NOT-FOR-US: Ekinboard
CVE-2005-3637
	REJECTED
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Applica ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6. ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web Appli ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
	- udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain se ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle cer ...)
	NOTE: current sudo cleans the environment, so we are not affected
	- sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Strea ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml,  ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.3-2
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpd ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- gpdf 2.10.0-2 (bug #342286)
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR pr ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
	- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ...)
	- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 patc ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface f ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
	NOT-FOR-US: VMWare ESX
CVE-2005-3617
	RESERVED
CVE-2005-3616
	RESERVED
CVE-2005-3615
	RESERVED
CVE-2005-3614
	RESERVED
CVE-2005-3613
	RESERVED
CVE-2005-3612
	RESERVED
CVE-2005-3611
	RESERVED
CVE-2005-3610
	RESERVED
CVE-2005-3609
	RESERVED
CVE-2005-3608
	RESERVED
CVE-2005-3607
	RESERVED
CVE-2005-3606
	RESERVED
CVE-2005-3605
	RESERVED
CVE-2005-3604
	RESERVED
CVE-2005-3603
	RESERVED
CVE-2005-3602
	RESERVED
CVE-2005-3601
	RESERVED
CVE-2005-3600
	RESERVED
CVE-2005-3599
	RESERVED
CVE-2005-3598
	RESERVED
CVE-2005-3597
	REJECTED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote attacker ...)
	NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank pas ...)
	NOT-FOR-US: Windows XP
CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores v ...)
	NOT-FOR-US: e107
CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CuteNews
CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier a ...)
	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote a ...)
	NOT-FOR-US: FileZilla Server
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 all ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-947-1}
	- clamav 0.87.1-1 (medium)
	NOTE: sarge is affected (not in oldstable)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to  ...)
	NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows  ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings  ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit (S ...)
	NOT-FOR-US: Sun Java
CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group  ...)
	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to increa ...)
	- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to incre ...)
	- qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote at ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3 ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Wal ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ac ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier all ...)
	NOT-FOR-US: Cyphor
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote at ...)
	NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
	{DSA-955-1}
	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allow ...)
	NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHP ...)
	NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before 2 ...)
	{DSA-914-1}
	- horde2 2.2.9-1 (bug #338983)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX  ...)
	NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allow ...)
	NOT-FOR-US: DB2
CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 bin ...)
	NOT-FOR-US: Tivoli
CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for U ...)
	NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and  ...)
	NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obt ...)
	NOT-FOR-US: HP-UX
CVE-2005-3563
	REJECTED
CVE-2005-3562
	REJECTED
CVE-2005-3561
	REJECTED
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
	NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 throu ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remot ...)
	NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist 2.1 ...)
	- phplist <itp> (bug #612288)
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1  ...)
	- phplist <itp> (bug #612288)
CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier a ...)
	- phplist <itp> (bug #612288)
CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1  ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before 0.6 ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power  ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power Bo ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 a ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before  ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ibPro ...)
	NOT-FOR-US: ibProArcade
CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allow ...)
	NOT-FOR-US: XMB
CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
	NOT-FOR-US: Phorum
CVE-2005-3542
	REJECTED
CVE-2005-3541
	RESERVED
CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to exec ...)
	{DSA-929-1}
	- petris 1.0.1-5
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier a ...)
	{DSA-933-1}
	- hylafax 2:4.2.4-2 (bug #347298)
	NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrar ...)
	- hylafax 2:4.2.4-1
	[sarge] - hylafax <not-affected> (Affected only 4.2.3)
	[woody] - hylafax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows r ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote att ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary  ...)
	{DSA-926-1}
	- ketm 0.0.6-17sarge1 (low)
CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ear ...)
	{DSA-924-1}
	- nbd 1:2.8.3-1
CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute arb ...)
	{DSA-918-1}
	- osh 1.7-15
CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...)
	{DSA-917-1}
	- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows loca ...)
	{DTSA-27-1}
	- fuse 2.4.1-0.1 (bug #340398; low)
	[sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
	NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...)
	- linux-2.6 2.6.14-1 (low)
	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 200 ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer fo ...)
	NOT-FOR-US: Adobe
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine  ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6 ...)
	NOT-FOR-US: e107
CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...)
	NOT-FOR-US: MySource
CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow r ...)
	NOT-FOR-US: MySource
CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 all ...)
	NOT-FOR-US: PunBB
CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the insta ...)
	NOT-FOR-US: Chipmunk Scripts Guestbook
CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk  ...)
	NOT-FOR-US: Chipmunk Directory
CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk  ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum  ...)
	NOT-FOR-US: Chipmunk Forum
CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the inst ...)
	NOT-FOR-US: VUBB
CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc ...)
	NOT-FOR-US: VUBB
CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4 ...)
	NOT-FOR-US: Spymac Web OS
CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denia ...)
	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote attacke ...)
	NOT-FOR-US: JPortal
CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2. ...)
	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote atta ...)
	NOT-FOR-US: CuteNews
CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...)
	NOT-FOR-US: Entropy Chat Script
CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled ...)
	NOT-FOR-US: AIX
CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other o ...)
	NOT-FOR-US: SuSE fork of passwd
CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to vi ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection vi ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5. ...)
	NOT-FOR-US: WebSphere
CVE-2005-3497
	NOT-FOR-US: PHP Handicapper
CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows rem ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier al ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Battle Carry
CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in FlatFr ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video Secu ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a d ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow r ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ea ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attacke ...)
	NOT-FOR-US: Glider Collect'n kill
CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allow ...)
	NOT-FOR-US: NeroNET
CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
	NOT-FOR-US: GO-Global
CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software Deve ...)
	NOT-FOR-US: Proprietary Java
CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet  ...)
	NOT-FOR-US: Kazaa
CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information s ...)
	NOT-FOR-US: IBM Net.Data
CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a sym ...)
	NOT-FOR-US: cgihtml
CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote attack ...)
	NOT-FOR-US: cgihtml
CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and possibl ...)
	NOT-FOR-US: S-PLUS
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows rem ...)
	NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Boa ...)
	NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's  ...)
	NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Pocket Internet Explorer
CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...)
	NOT-FOR-US: Winamp
CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...)
	NOT-FOR-US: Winamp
CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to caus ...)
	NOT-FOR-US: Winamp
CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remot ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service (bo ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server pa ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) add ...)
	NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92  ...)
	NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...)
	NOT-FOR-US: Ancient Mozilla issue
CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, an ...)
	NOT-FOR-US: Longshine hardware
CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: iCal
CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1 ...)
	- libhttpfetcher 1.1.0-1
CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbi ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to caus ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows re ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain sensi ...)
	NOT-FOR-US: E-theni
CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute arb ...)
	NOT-FOR-US: E-theni
CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote at ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute a ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows rem ...)
	NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute arbitra ...)
	NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...)
	NOT-FOR-US: N/X 2000
CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 confi ...)
	NOT-FOR-US: Efficient Networks hardware issue
CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which allow ...)
	NOT-FOR-US: WebIntelligence
CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary com ...)
	NOT-FOR-US: WebShell
CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attack ...)
	NOT-FOR-US: WebShell
CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain administrat ...)
	NOT-FOR-US: Mambo
CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...)
	- phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3)
CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote  ...)
	NOT-FOR-US: Sage
CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...)
	NOT-FOR-US: Sage
CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) a ...)
	NOT-FOR-US: MyGuestbook
CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 al ...)
	NOT-FOR-US: WihPhoto
CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ea ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earli ...)
	NOT-FOR-US: WWWBoard
CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in netzi ...)
	NOT-FOR-US: Tanne
CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server  ...)
	NOT-FOR-US: BRW WebWeaver
CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through  ...)
	NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port
CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in decrypti ...)
	- ssldump 0.9b3
CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows l ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote attacker ...)
	NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks tha ...)
	NOTE: verified with rpm 4.4.1, but this can hardly affect debian at
	NOTE: all since it requires rpm be configured to trust some key,
	NOTE: which in debian requires a manual and non-documented
	NOTE: initialization of the rpm database which is not configured in
	NOTE: the package
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...)
	NOT-FOR-US: Outlook Express
CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows  ...)
	- webmin 1.000 (high)
CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attacke ...)
	NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM)
CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...)
	NOTE: freebsd misconfiguration
CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...)
	- zmailer 2.99.56-1 (high)
	NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian.
CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the enum_csc_policy dat ...)
	- samba 2.2.5 (high)
CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and earlie ...)
	NOT-FOR-US: Winamp
CVE-2002-2194
	REJECTED
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
	NOT-FOR-US: Mojo Mail
CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the 'Domino ...)
	NOT-FOR-US: (Lotus Domino
CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext unde ...)
	NOT-FOR-US: ArtsCore Studios CuteCast Forum
CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software Acti ...)
	NOT-FOR-US: ActiveXperts Software ActiveWebserver
CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service (ke ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, a ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the s ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ca ...)
	NOTE: fixed in IRIX..
CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP  ...)
	NOT-FOR-US: DigiChat
CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to  ...)
	NOT-FOR-US: phpShare
CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 al ...)
	NOT-FOR-US: MSN666
CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited we ...)
	NOT-FOR-US: SonicWall
CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not prope ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment al ...)
	NOT-FOR-US: ClearPath MCP
CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for php ...)
	NOT-FOR-US: phpWebSite
CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP reque ...)
	NOT-FOR-US: BEA
CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote attacker ...)
	NOT-FOR-US: Gender MOD
CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find  ...)
	NOT-FOR-US: phpSquidPass
CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly allo ...)
	NOT-FOR-US: Informed Designer, Informed Filler
CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows  ...)
	NOT-FOR-US: acWEB
CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 att ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...)
	NOT-FOR-US: AIM
CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1  ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for Thors ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allow ...)
	NOT-FOR-US: FuseTalk
CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...)
	NOT-FOR-US: IMHO Webmail for Roxen
CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows  ...)
	NOT-FOR-US: MSIE
CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...)
	NOT-FOR-US: KvPoll
CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR)  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2002-2160
	REJECTED
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the fir ...)
	NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full  ...)
	NOT-FOR-US: zenTrack
CVE-2002-2157
	REJECTED
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite respon ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows r ...)
	NOT-FOR-US: Monkey HTTP Daemon
CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 al ...)
	NOT-FOR-US: Software602
CVE-2002-2151
	REJECTED
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than th ...)
	NOTE: SYN floods etc generally filed as issues in linux specifically
	NOTE: if it is affected
CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Rout ...)
	NOT-FOR-US: Lucent Access Point
CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Route ...)
	NOT-FOR-US: Lucent MAX Router
CVE-2002-2147
	REJECTED
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote attacke ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass au ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows  ...)
	NOT-FOR-US: BearShare
CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative pas ...)
	NOT-FOR-US: MySimple News
CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3  ...)
	NOT-FOR-US: BEA
CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...)
	NOT-FOR-US: BEA
CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3,  ...)
	NOT-FOR-US: Cisco
CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delet ...)
	NOT-FOR-US: Cisco
CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when r ...)
	NOT-FOR-US: HP Advanced Server
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and poss ...)
	NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136
	REJECTED
CVE-2002-2135
	REJECTED
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: PEEL
CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption  ...)
	NOT-FOR-US: Telindus 1100 ASDL router
CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove o ...)
	NOT-FOR-US: Windows
CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows re ...)
	NOT-FOR-US: Perl-HTTPd
CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execut ...)
	- gallery 1.3.3 (high)
CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4 ...)
	NOT-FOR-US: w-Agora
CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary  ...)
	NOT-FOR-US: w-Agora
CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \De ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate  ...)
	NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows re ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows rem ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-6/
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl ...)
	{DSA-896-1}
	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
	- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before 2.6.15 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
	- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
	- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote att ...)
	{DSA-891-1}
	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
	- note 1.3.1-3 (bug #337492; unimportant)
	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
	NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) bef ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in Lig ...)
	NOT-FOR-US: Cisco
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitra ...)
	NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail Case ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials Mana ...)
	NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in Inv ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and O ...)
	NOT-FOR-US: OpenVMS
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a de ...)
	NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
	NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express 20 ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch fo ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in MailWat ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows re ...)
	NOT-FOR-US: News2Net
CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: F-Secure
CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
	NOT-FOR-US: Oracle
CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle Enterpris ...)
	NOT-FOR-US: Oracle
CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
	NOT-FOR-US: Oracle
CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server 1. ...)
	NOT-FOR-US: Oracle
CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application Se ...)
	NOT-FOR-US: Oracle
CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0  ...)
	NOT-FOR-US: Oracle
CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server  ...)
	NOT-FOR-US: Oracle
CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in  ...)
	NOT-FOR-US: Oracle
CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up t ...)
	NOT-FOR-US: Oracle
CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database Serv ...)
	NOT-FOR-US: Oracle
CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up  ...)
	NOT-FOR-US: Oracle
CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up t ...)
	NOT-FOR-US: Oracle
CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database S ...)
	NOT-FOR-US: Oracle
CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remo ...)
	NOT-FOR-US: Nuked-Klan
CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to  ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) se ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers  ...)
	NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protect ...)
	NOT-FOR-US: MiniGal2
CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express be ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express befor ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save logi ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
	NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ser ...)
	NOT-FOR-US: Cisco
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allow ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1
CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allow ...)
	{DSA-877-1}
	- gnump3d 2.9.5-1 (low)
CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remot ...)
	NOT-FOR-US: Subdreamer
CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Foru ...)
	NOT-FOR-US: ASP Fast Forum
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attack ...)
	NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify  ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
	NOTE: http://www.hardened-php.net/advisory_172005.75.html
	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
	NOTE: Remote code execution may be possible, especially in conjunction
	NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 all ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 an ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is d ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ses ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection  ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with insuff ...)
	NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
	NOT-FOR-US: eyeOS
CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
	NOT-FOR-US: Elite Forum
CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2 ...)
	NOT-FOR-US: Snitz Forums
CVE-2005-3410
	RESERVED
CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote atta ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #337334; low)
CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows  ...)
	NOT-FOR-US: gCards
CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote  ...)
	NOT-FOR-US: phpESP
CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier a ...)
	NOT-FOR-US: phpESP
CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: ATutor
CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1. ...)
	NOT-FOR-US: ATutor
CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 th ...)
	NOT-FOR-US: ATutor
CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
	NOTE: That's a non-issue; only a feature request for an improvement in a corner case.
	NOTE: If someone wants to use security-sensitive communication a TLS-secured server
	NOTE: should be used.
CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote att ...)
	NOT-FOR-US: TheHacker
CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote attac ...)
	NOT-FOR-US: Fortinet
CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attac ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
	NOT-FOR-US: Solaris Management Console
CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
	NOT-FOR-US: Comersus BackOffice
CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3,  ...)
	NOT-FOR-US: AIX
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote at ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1 ...)
	NOT-FOR-US: oaboard
CVE-2005-3393 (Format string vulnerability in the foreign_option function in options. ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual  ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: According to CVE, this is a safe mode violation,
	NOTE: therefore low impact. (According to SuSE, it's an
	NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5 ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
	NOTE: http://www.hardened-php.net/advisory_202005.79.html
	NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, whe ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
	NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...)
	{CVE-2002-1954}
	- php4 4:4.4.2-1 (bug #336645; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (not worth an update)
	NOTE: http://www.hardened-php.net/advisory_182005.77.html
	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, wh ...)
	- ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script allo ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script allow ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows  ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script allow ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine al ...)
	NOT-FOR-US: Sophos
CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) 1. ...)
	NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows re ...)
	NOT-FOR-US: Panda Titanium
CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1 ...)
	NOT-FOR-US: Trend Micro
CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine a ...)
	NOT-FOR-US: Norman
CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite 7. ...)
	NOT-FOR-US: McAfee
CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote attac ...)
	NOT-FOR-US: Kaspersky
CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote att ...)
	NOT-FOR-US: Ikarus
CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers  ...)
	NOT-FOR-US: F-Prot
CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers  ...)
	NOT-FOR-US: Dr. Web
CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 eng ...)
	NOT-FOR-US: eTrust
CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...)
	NOT-FOR-US: AVG
CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allow ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module (info_db. ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...)
	NOT-FOR-US: SparkleBlog
CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 t ...)
	NOT-FOR-US: PHP iCalendar
CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier all ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote atta ...)
	NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1  ...)
	NOT-FOR-US: saphp Lesson
CVE-2005-3362
	REJECTED
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuk ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
	NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
	{DSA-1103}
	- linux-2.6 2.6.14
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ser ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost  ...)
	- apache2 2.0.55-4 (bug #351246; low)
	[sarge] - apache2 2.0.54-5sarge2
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations,  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unkn ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...)
	{DSA-908-1 DSA-906-1}
	- sylpheed 2.0.4-1 (bug #338434; medium)
	- sylpheed-gtk1 1.0.6-1 (medium)
	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 all ...)
	{DSA-1206-1}
	- php4 4:4.4.2-1 (bug #339577; medium)
	- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of Apa ...)
	{DSA-1167-1}
	- apache 1.3.34-2 (bug #343466; low)
	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
	NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e- ...)
	- spamassassin 3.1.0a-1 (bug #339526; low)
	[sarge] - spamassassin <no-dsa> (DoS affects only a single message)
	[woody] - spamassassin <no-dsa> (DoS affects only a single message)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and p ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; high)
	- giflib 4.1.4-1 (bug #395382)
CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitr ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 a ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in phpSysInf ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3346 (Buffer overflow in the environment variable substitution code in main. ...)
	{DSA-918-1}
	- osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium)
CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access restricti ...)
	- rssh 2.3.0-1 (bug #344395; bug #344424)
	[sarge] - rssh 2.2.3-1.sarge.1
	NOTE: Update was introduced through s-p-u, not a DSA
CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative acc ...)
	{DSA-884-1}
	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files vi ...)
	{DSA-927-1}
	- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary file ...)
	{DSA-968-1}
	- noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earli ...)
	{DSA-941-1}
	- tuxpaint 1:0.9.15b-1 (low)
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier al ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv  ...)
	NOT-FOR-US: nylon
CVE-2005-XXXX [ntop format string vulnerability]
	- ntop 3:4.0.3+dfsg1-1 (bug #335996; unimportant)
	NOTE: Not exploitable
CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users  ...)
	{DSA-928-1}
	- dhis-tools-dns 5.0-5
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which h ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using reminder ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0 ...)
	NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second
	NOTE: issue). This will be rejected.
CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remot ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (high)
CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php  ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9. ...)
	{DSA-953-1}
	- flyspray 0.9.8-4 (bug #335997; low)
	NOTE: Sarge is confirmed vulnerable
CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
	NOT-FOR-US: eBASEweb
CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in Belch ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary file ...)
	- mgdiff 1.0-28 (bug #335188; unimportant)
CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as  ...)
	- wordpress <not-affected> (bug #335817; unimportant)
	NOTE: Upstream claims the modified Snoopy class is secure
CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent f ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 t ...)
	NOT-FOR-US: PunBB
CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators t ...)
	NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) al ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Ana ...)
	{DSA-893-1}
	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
	NOTE: the fix from 1.2-2 did not address the problem fully
	- acidlab 0.9.6b20-13
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote at ...)
	NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows re ...)
	{DSA-910-1}
	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote att ...)
	- squid <not-affected>
	NOTE: see bug #334882 for details
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify pe ...)
	NOT-FOR-US: SuSE-specific tool
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pr ...)
	NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php ...)
	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
	- php5 5.1.1-1 (bug #336005; low)
	[sarge] - php4 <not-affected>
	NOTE: can't reproduce, error may not be present in 4.3.
	NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib (chml ...)
	{DSA-886-1}
	- chmlib 0.37-1 (bug #335931; medium)
CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2 ...)
	NOT-FOR-US: ZipGenius
CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
	NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch Manage ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...)
	NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
	- ethereal 0.10.14-1 (medium)
CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other platform ...)
	NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and avata ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote att ...)
	NOT-FOR-US: Zomplog
CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 all ...)
	NOT-FOR-US: Zomplog
CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allo ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote  ...)
	NOT-FOR-US: Nuked Klan
CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote at ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87  ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (high)
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
	NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple applicati ...)
	NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impac ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0  ...)
	NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive conn ...)
	NOT-FOR-US: NETFile Server
CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause  ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password fo ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer securi ...)
	- gnutls11 1.0.16-8 (bug #336006; low)
	- gnutls12 <not-affected> (fixed before upload)
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers t ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watc ...)
	NOT-FOR-US: Webcam Watchdog
CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP bef ...)
	NOT-FOR-US: Microsoft
CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Director ...)
	NOT-FOR-US: Tivoli
CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity  ...)
	- serendipity 1.0-1
CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allow ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function i ...)
	NOT-FOR-US: OpenFTPD
CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
	NOT-FOR-US: Gattaca
CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
	NOT-FOR-US: Gattaca
CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authentica ...)
	NOT-FOR-US: Gattaca
CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Gattaca
CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Gattaca
CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: myServer
CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote attack ...)
	NOT-FOR-US: myServer
CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
	NOT-FOR-US: VMWare Workstation
CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in modules/private_messages/i ...)
	NOT-FOR-US: PowerPortal
CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 all ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and e ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3. ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UB ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) lo ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wi ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g a ...)
	NOT-FOR-US: WIKINDX
CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of erro ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8,  ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Inweb Mail Server
CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to over ...)
	- im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected)
CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
	NOT-FOR-US: MailEnable Professional
CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impac ...)
	- ilohamail 0.8.14-0rc1
CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page G ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page Gen ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in Hitac ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attac ...)
	NOT-FOR-US: OpenText FirstClass
CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Serv ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail Ser ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (G ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to  ...)
	NOT-FOR-US: Opera
CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40 ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) befor ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees uni ...)
	- dropbear 0.43-2
CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major s ...)
	NOT-FOR-US: PHP Live!
CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 an ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
	- linux-2.6 2.6.12-2
	[sarge] - kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected>
	NOTE: http://kernel.suse.com/cgit/kernel/commit/?h=v2.6.12.5&id=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
	- thttpd 2.23beta1-4 (low)
	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for phpMyAdmi ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-4/
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote att ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote at ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote att ...)
	NOT-FOR-US: HP-UX
CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
	NOT-FOR-US: HP-UX
CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows  ...)
	NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of scrip ...)
	NOT-FOR-US: Xerver
CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 al ...)
	NOT-FOR-US: Xeobook
CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable per ...)
	- spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows rem ...)
	NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
	NOT-FOR-US: AIX
CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files w ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote a ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1. ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_search ...)
	NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...)
	NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...)
	NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the underl ...)
	NOT-FOR-US: Paros
CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
	- bmv 1.2-18 (bug #335497; unimportant)
	NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan Kybi ...)
	{DSA-981-1}
	- bmv 1.2-18 (bug #335497; medium)
	NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote a ...)
	NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
	- adduser 3.77 (bug #331720; low)
	[sarge] - adduser <no-dsa> (Very minimal security ramifications, admin's reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
	- pavuk 0.9.33-1 (bug #264684; high)
	NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows remo ...)
	{DSA-934-1}
	- pound 1.9.4-1 (low)
	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before 2.6. ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-2
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linu ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.13-1 (low)
	- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4  ...)
	{DSA-922-1}
	- linux-2.6 2.6.13-1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source En ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the bridg ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in multi ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec No ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative int ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and  ...)
	- yiff 2.14.2-8 (bug #334616; low)
	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before 1. ...)
	NOT-FOR-US: Skype
CVE-2005-3266
	REJECTED
CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows r ...)
	NOT-FOR-US: Skype
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1. ...)
	NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 thro ...)
	NOT-FOR-US: WinRAR
CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows  ...)
	NOT-FOR-US: WinRAR
CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ve ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in versatileBullet ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ear ...)
	- squid <not-affected> (bug #334882; medium)
	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
	NOTE: this patch was never applied to the Debian package.
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly s ...)
	{DSA-889-1}
	- enigmail 2:0.93-1 (bug #335731; medium)
CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5 ...)
	NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for  ...)
	- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
	- gallery2 2.0.1-1 (medium)
CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a deni ...)
	NOT-FOR-US: Solaris
CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0 ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause  ...)
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3  ...)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attacker ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow  ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote  ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted att ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option  ...)
	NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibl ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote  ...)
	NOT-FOR-US: Cyphor
CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote att ...)
	NOT-FOR-US: Cyphor
CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland Prote ...)
	NOT-FOR-US: Proland Protector Plus
CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG A ...)
	NOT-FOR-US: Grisoft AVG Antivirus
CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix Antiv ...)
	NOT-FOR-US: Trustix Antivirus
CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker all ...)
	NOT-FOR-US: TheHacker
CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick Hea ...)
	NOT-FOR-US: CAT Quick Heal
CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda Antivir ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV Antivi ...)
	- clamav <not-affected> (predates any supported Debian release)
	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus AntiVi ...)
	NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
	NOT-FOR-US: UNA Antivirus
CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir Antiv ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) eTrust-Ir ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir Antiv ...)
	NOT-FOR-US: AntiVir
CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising Antivi ...)
	NOT-FOR-US: Rising Antivirus
CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 Antivir ...)
	NOT-FOR-US: VBA32 Antivirus
CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet Anti ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus  ...)
	NOT-FOR-US: Norman Antivirus
CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira Antivir ...)
	NOT-FOR-US: Avira Antivirus
CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web Antivi ...)
	NOT-FOR-US: Dr. Web Antivirus
CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec Anti ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos Antivi ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee Antivi ...)
	NOT-FOR-US: McAfee Antivirus
CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast Antivir ...)
	NOT-FOR-US: Avast Antovirus
CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot Antivi ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 Antivir ...)
	NOT-FOR-US: NOD32 Antivirus
CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender A ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky Ant ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store p ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop a ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 al ...)
	NOT-FOR-US: Oracle
CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Or ...)
	NOT-FOR-US: Oracle
CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows  ...)
	NOT-FOR-US: Oracle
CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 s ...)
	NOT-FOR-US: Oracle
CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB  ...)
	NOT-FOR-US: Oracle
CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1. ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
	NOT-FOR-US: aspReady
CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to dis ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Fire ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a defau ...)
	NOT-FOR-US: Planet Technology switch
CVE-2005-3195
	REJECTED
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
	NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function i ...)
	{DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice <not-affected> (Vulnerable xpdf code not contained)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.0 ...)
	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.3-2 (bug #342288; medium)
	NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) DCTStream::readProgres ...)
	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- pdfkit.framework 0.8-4
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cups 1.1.23-13 (unimportant)
	- cupsys 1.1.23-13 (unimportant)
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 befor ...)
	NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server al ...)
	NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ex ...)
	NOT-FOR-US: Winamp
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a al ...)
	NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
	{DSA-913-1 DSA-911-1}
	- gtk+2.0 2.6.10-2 (bug #339431; medium)
	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service L ...)
	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-lib ...)
	- w3c-libwww 5.4.0-11 (bug #334443; low)
	[sarge] - w3c-libwww <no-dsa> (Minor DoS)
CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity  ...)
	NOT-FOR-US: GFI MailSecurity
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
	- xscreensaver 4.23-2 (bug #334193; low)
	[sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
	{DSA-919-2}
	- wget 1.10.2-1 (medium)
	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
	[woody] - wget <not-affected> (Does not contain NTML authentication code)
	- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows re ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before 2.6. ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
	- php5 5.0.5-2 (unimportant)
	- php4 4:4.4.0-3 (unimportant)
	NOTE: Safe mode violations not supported
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in request_key_au ...)
	- linux-2.6 2.6.13-2 (low)
	- kernel-source-2.4.27 <not-affected>
	NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs w ...)
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow us ...)
	{DSA-859-1 DSA-858-1}
	- xloadimage 4.1-15 (bug #332524; medium)
	- xli 1.17.0-20 (medium)
	NOTE: xli couldn't load the provided test images when I checked?
CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows a ...)
	{DSA-1039-1}
	- blender 2.37a-1 (bug #330895; medium)
	[woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record  ...)
	NOT-FOR-US: Microsoft
CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local a ...)
	NOT-FOR-US: Microsoft
CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to  ...)
	NOT-FOR-US: Microsoft
CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply g ...)
	NOT-FOR-US: Microsoft
CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before Upda ...)
	NOT-FOR-US: Microsoft
CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
	NOT-FOR-US: Microsoft
CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for S ...)
	NOT-FOR-US: Microsoft
CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...)
	NOT-FOR-US: Microsoft
CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 f ...)
	NOT-FOR-US: Microsoft
CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
	- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki  ...)
	- mediawiki 1.4.11-1 (bug #332408)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...)
	- mediawiki 1.4.9
CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 throu ...)
	NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
	- polipo 0.9.9-1 (bug #332411; low)
	[sarge] - polipo <no-dsa> (Minor issue)
CVE-2005-3162
	REJECTED
CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 a ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusi ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows remot ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 all ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy  ...)
	NOT-FOR-US: EasyGuppy
CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and P ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging functionality in BitDefende ...)
	NOT-FOR-US: Bitdefender Antivirus
CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers  ...)
	NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3  ...)
	NOT-FOR-US: CubeCart
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows attacker ...)
	- blender <unfixed> (bug #332413; unimportant)
	NOTE: To exploit this an attacker would need to trick a user into opening a file
	NOTE: with a very suspicious file, no automatic processing of Blender files
	NOTE: This might even be fixed in 2.42
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
	{DSA-855-1}
	- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handl ...)
	{DSA-895-1 DTSA-22-1}
	- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for sym ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434)
CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable pe ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434; medium)
CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ope ...)
	{DSA-1022-1}
	- storebackup 1.19-2 (bug #332434; medium)
	NOTE: The upstream fix only mitigated the issue, but didn't fix it
CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ca ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ca ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before  ...)
	NOT-FOR-US: Mailbox Server for 4D WebStar
CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kasper ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions send ...)
	NOT-FOR-US: Procom NetFORCE
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow  ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows re ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attacke ...)
	NOT-FOR-US: Citrix
CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2. ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ear ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Serv ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 a ...)
	- serendipity 1.0-1
CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add Plu ...)
	NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0. ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scri ...)
	{DSA-945-1}
	- antiword 0.35-2 (low)
CVE-2005-3125
	REJECTED
CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ar ...)
	{DSA-883-1}
	- thttpd 2.23beta1-4
CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remot ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
	REJECTED
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file  ...)
	{DSA-867-1}
	- module-assistant 0.9.10
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and e ...)
	{DSA-1085-1 DSA-876-1 DSA-874-1}
	- lynx 2.8.5-2sarge1 (bug #335033; high)
	- lynx-cur 2.8.6-16 (bug #334423; high)
	- lynx-ssl <removed>
CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user use ...)
	{DSA-845-1}
	- mason 1.0.0-3
CVE-2005-3117
	REJECTED
CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume  ...)
	NOT-FOR-US: VERITAS Backup
CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
	NOT-FOR-US: mpeg-tools
CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger (NateonDow ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) a ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cau ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to  ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping v ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito  ...)
	{DSA-922-1}
	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
	NOTE: Montecito CPUs are not available on the market yet
	- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
	- openldap 2.4.13 (bug #253838; low)
	- openldap2.3 <removed>
	[lenny] - openldap <no-dsa> (Minor issue)
	[etch] - openldap2.3 <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
	- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
	- coreutils 5.93-1 (bug #306076; low)
	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
	- tar <unfixed> (bug #290435; unimportant)
	[sarge] - tar <no-dsa> (Hardly exploitable)
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
	- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
	- libnss-ldap 199-1 (bug #169793)
CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact  ...)
	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
	- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
	- barrendero 1.1-1 (bug #279163)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
	- hdup 2.0.14-2 (bug #302790; low)
	NOTE: Minor issue, workaround and patch documented since version above
	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
	- crypt++el 2.91-2.1 (bug #105562; low)
CVE-2004-XXXX [Two vulnerabilities in sredird]
	- sredird 2.2.1-1.1 (bug #267098)
CVE-2003-XXXX [fuzz: Insecure temp file usage]
	- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
	- findutils 4.2.22-1 (bug #313081)
	[woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
	[sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earli ...)
	{DSA-847-1}
	- dia 0.94.0-15 (bug #330890; medium)
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
	- sanitizer 1.76-1 (bug #149799; medium)
	[sarge] - sanitizer <not-affected> (Sarge version already fixed)
	NOTE: This was fixed earlier in fact, but it's unknown when
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
	- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
	- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to redirec ...)
	NOT-FOR-US: Movable Type
CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 al ...)
	NOT-FOR-US: Movable Type
CVE-2005-3102 (The administrative interface in Movable Type allows attackers to uploa ...)
	NOT-FOR-US: Movable Type
CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates differ ...)
	NOT-FOR-US: Movable Type
CVE-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4 ...)
	NOT-FOR-US: Astato Security Linux
CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Sol ...)
	NOT-FOR-US: Solaris
CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitr ...)
	- qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary)
CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka c ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote at ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of servi ...)
	NOT-FOR-US: Nokia cell phones
CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allo ...)
	NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 all ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php i ...)
	- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) vi ...)
	- mozilla-firefox 1.0.7-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 create ...)
	{DSA-900-3}
	- fetchmail 6.2.5.4-1 (bug #336096; low)
CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary fil ...)
	{DSA-827-1}
	- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
	- microcode.ctl 0.20080131-1 (bug #282583; unimportant)
	NOTE: The validity of the microcode is ensure inside the CPU
CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
	- gnupg 1.0.7-1 (bug #107374)
CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
	NOT-FOR-US: SecureW2 TLS
CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ 3. ...)
	NOT-FOR-US: contentSrv
CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Rive ...)
	NOT-FOR-US: Riverdark Studios RSS Syndicator
CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2 ...)
	NOT-FOR-US: Sony PSP
CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simp ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows rem ...)
	NOT-FOR-US: SEO-Board
CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary c ...)
	{DSA-1006-1}
	- wzdftpd 0.5.5-1 (high)
CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
	NOT-FOR-US: GeSHi
CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...)
	NOT-FOR-US: PunBB
CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows  ...)
	NOT-FOR-US: PunBB
CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL co ...)
	NOT-FOR-US: Simplog
CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote attack ...)
	NOT-FOR-US: Zengaia
CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and be ...)
	NOT-FOR-US: RSyslog
CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
	- interchange 5.2.1-1 (bug #329705)
CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange  ...)
	- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the U ...)
	- hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
	NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwr ...)
	{DSA-865-1}
	- hylafax 1:4.2.2+rc1 (bug #329384; low)
CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ( ...)
	{DSA-869-1}
	- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver  ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
	NOT-FOR-US: MailGust
CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft E-F ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9. ...)
	NOT-FOR-US: PowerArchiver
CVE-2003-XXXX [Insecure temp files in lilo]
	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
	- distcc 2.18.3-3 (bug #298929; low)
	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
	- phpwiki 1.3.12p2-1 (bug #282565; medium)
CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
	- gnumach 1:20050801-3 (bug #46709)
	NOTE: Nearly six years old :-)
CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Window ...)
	NOT-FOR-US: Opera
CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8 ...)
	NOT-FOR-US: FortiGate
CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...)
	NOT-FOR-US: FortiGate
CVE-2005-3056 (TWiki allows arbitrary shell command execution via the Include functio ...)
	- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not p ...)
	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
	- php5 5.0.5-2 (bug #353585; medium)
	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x al ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 al ...)
	NOT-FOR-US: jportal
CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7- ...)
	NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with insu ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allow ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1  ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows r ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and 1 ...)
	NOT-FOR-US: My Little Forum
CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp co ...)
	- emacs21 21.3-1 (bug #286183; medium)
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
	- mailleds 0.93-11.1 (bug #329365; low)
	[sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
	- kdebase <unfixed> (bug #325369; unimportant)
	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
	NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attac ...)
	- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows  ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "ful ...)
	- webmin 1.230-1 (high; bug #329741)
	[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
	- usermin 1.160-1 (high; bug #329742)
	NOTE: SNS Advisory 83, http://marc.info:80/?m=112733083203821
CVE-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before  ...)
	NOT-FOR-US: Opera
CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll)  ...)
	NOT-FOR-US: TAC Vista
CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4  ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server  ...)
	NOT-FOR-US: Handy Address Book Server
CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in p ...)
	NOT-FOR-US: File Transfer Anywhere
CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to  ...)
	NOT-FOR-US: vxWeb - WinCE software
CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute a ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 V ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3028
	REJECTED
CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which a ...)
	NOT-FOR-US: Sybari Antigen anti spam solution
CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro  ...)
	NOT-FOR-US: Epay Pro
CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier  ...)
	NOT-FOR-US: vBulletin
CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier  ...)
	NOT-FOR-US: vBulletin
CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with  ...)
	NOT-FOR-US: vBulletin
CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin befor ...)
	NOT-FOR-US: vBulletin
CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
	NOT-FOR-US: vBulletin
CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service (app ...)
	NOT-FOR-US: Safari
CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 all ...)
	NOT-FOR-US: Content2Web
CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 all ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows r ...)
	NOT-FOR-US: Ensim webppliance
CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...)
	NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for SimpleC ...)
	NOT-FOR-US: SimpleCDR-X
CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier allo ...)
	{DSA-1219}
	- texinfo 4.8-1 (bug #328365; low)
	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-3010 (Direct static code injection vulnerability in the flood protection fea ...)
	NOT-FOR-US: CuteNews
CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote att ...)
	NOT-FOR-US: CuteNews
CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via  ...)
	NOT-FOR-US: Tofu
CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
	NOT-FOR-US: Opera
CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the use ...)
	NOT-FOR-US: Opera
CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Helpdesk Software Hesk
CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote at ...)
	NOT-FOR-US: Interakt MX Shop
CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release 1 ...)
	NOT-FOR-US: NooTopList
CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ca ...)
	NOT-FOR-US: Multi-Computer Control System
CVE-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows loca ...)
	NOT-FOR-US: Solaris
CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain s ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the admi ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer  ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM s ...)
	NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read sensiti ...)
	- bacula 1.38.9-1 (bug #329271; low)
	NOTE: Sarge affected, didn't exist in Woody
CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ClearQues ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4 ...)
	NOT-FOR-US: HP Tru64
CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary  ...)
	- ncompress <not-affected> (bug #329052; unimportant)
	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files  ...)
	{DSA-843-1}
	- arc 5.21m-1 (low)
CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sens ...)
	NOT-FOR-US: LineControl Java Client
CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
	NOT-FOR-US: DeluxeBB
CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect contr ...)
	NOT-FOR-US: HP printers
CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows  ...)
	NOT-FOR-US: Digital Scribe
CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusB ...)
	NOT-FOR-US: AhnLab antivirus and related products
CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks aeDatin ...)
	NOT-FOR-US: aeDating script
CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote  ...)
	NOT-FOR-US: Avocent hardware issue
CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical Referen ...)
	NOT-FOR-US: Oracle
CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allow ...)
	NOT-FOR-US: CompaqHTTPServer
CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allo ...)
	NOT-FOR-US: Orion
CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcin ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's clas ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses un ...)
	{DSA-878-1}
	- netpbm-free 2:10.0-10
CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to perfor ...)
	- pam 0.99.7.1-2 (bug #336344; low)
	[etch] - pam 0.79-5
	[sarge] - pam <not-affected> (Does not contain SELinux support)
	[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
	- gtk+2.0 2.6.10-2
CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before  ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
	- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of se ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; unimportant)
	- giflib 4.1.4-1 (bug #395382; unimportant)
	NOTE: Just a bug, hardly security implications
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5,  ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in Abi ...)
	{DSA-894-1}
	- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
	{DSA-872-1}
	- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain circ ...)
	- apache2 2.0.55-1 (bug #340337; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: this occurs in the binary package apache2-mpm-worker
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0 ...)
	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
	- openssl 0.9.8-3 (bug #333500; low)
	- openssl097 0.9.7g-5 (bug #333500; low)
	- openssl094 <removed>
	- openssl095 <removed>
	- openssl096 <removed>
CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
	{DSA-868-1}
	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
	{DSA-863-1}
	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
CVE-2005-2965
	REJECTED
CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers  ...)
	{DSA-894-1}
	- abiword 2.2.10-1 (bug #329839; medium)
CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with Aut ...)
	{DSA-844-1}
	- mod-auth-shadow 1.4-2 (bug #323789; medium)
CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets world-reada ...)
	{DSA-830-1}
	- ntlmaps 0.9.9-4
CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4  ...)
	{DSA-834-1}
	NOTE: prozilla is not in sarge or etch
CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary fi ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows lo ...)
	{DSA-870-1}
	- sudo 1.6.8p9-3 (medium)
CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access librar ...)
	{DSA-871-1}
	- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 wi ...)
	NOT-FOR-US: AVIRA Desktop
CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat log ...)
	NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
	NOT-FOR-US: ATutor
CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before  ...)
	NOT-FOR-US: ATutor
CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merch ...)
	NOT-FOR-US: MIVA Merchant
CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09 ...)
	NOT-FOR-US: Subscribe Me Pro
CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in AzDGDatingLit ...)
	NOT-FOR-US: AzDGDating lite
CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1. ...)
	NOT-FOR-US: Sawmill
CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes betwe ...)
	NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list re ...)
	NOT-FOR-US: KillProcess
CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted a ...)
	NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for creatin ...)
	- openssl 0.9.8-1 (bug #314465; unimportant)
	NOTE: MD5 is still good enough for most applications, second preimage attacks
	NOTE: haven't been presented yet
CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center (gw ...)
	NOT-FOR-US: GNOME Workstation Command Center
CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows re ...)
	{DSA-902-1}
	- xmail 1.22-1 (bug #333863; medium)
CVE-2005-2942
	REJECTED
CVE-2005-2941
	RESERVED
CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware 1. ...)
	NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...)
	NOT-FOR-US: VMWare
CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in iTun ...)
	NOT-FOR-US: iTunes
CVE-2005-2937
	REJECTED
CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer  ...)
	NOT-FOR-US: Real Player
CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware mi ...)
	NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 al ...)
	NOT-FOR-US: SCO
CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c fo ...)
	{DSA-861-1}
	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
	- pine 4.64-1 (medium; bug #348407)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, incl ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 i ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attac ...)
	- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
	RESERVED
CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, an ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Open ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
	NOT-FOR-US: IRIX
CVE-2005-2924
	RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ( ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple RealNetw ...)
	- helix-player 1.0.7-1 (bug #358754; medium)
CVE-2005-2921
	RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions be ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default con ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default con ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2913
	REJECTED
CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2911
	RESERVED
CVE-2005-2910
	RESERVED
CVE-2005-2909
	RESERVED
CVE-2005-2908
	RESERVED
CVE-2005-2907
	RESERVED
CVE-2005-2906
	RESERVED
CVE-2005-2905
	RESERVED
CVE-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows remo ...)
	NOT-FOR-US: Zebedee
CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 112 ...)
	NOT-FOR-US: NOD32 Anti virus
CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows re ...)
	NOT-FOR-US: class-1 Forum
CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0  ...)
	NOT-FOR-US: CjWeb2Mail
CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 a ...)
	NOT-FOR-US: CjLinkOut
CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in  ...)
	NOT-FOR-US: CjTagBoard
CVE-2005-2898
	NOT-FOR-US: Filezilla
CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers t ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows re ...)
	NOT-FOR-US: PBLang
CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in P ...)
	NOT-FOR-US: PBLang
CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang  ...)
	NOT-FOR-US: PBLang
CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
	NOT-FOR-US: PBLang
CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marke ...)
	NOT-FOR-US: WebArchiveX
CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to phy ...)
	NOT-FOR-US: SecureOL
CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the prede ...)
	NOT-FOR-US: Check Point
CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Previ ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote att ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1 ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versi ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down Un ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2883
	REJECTED
CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCal ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3,  ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encry ...)
	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable permi ...)
	{DSA-843-1}
	- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication,  ...)
	{DSA-828-1}
	- squid 2.5.10-7
	NOTE: Patch was added to -6, but not listed in dpatch's list of patches
CVE-2005-XXXX [user password file created by gajim is world-readable]
	- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
	[sarge] - wine <no-dsa> (Minor issue)
CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0 ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote a ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; medium)
CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlie ...)
	{DSA-822-1}
	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local u ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (medium)
	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and earli ...)
	NOTE: proactively fixed by the robustness patch
	- twiki 20040902-2
CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
	{DSA-825-1 DSA-823-1}
	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
	- loop-aes-utils 2.12p-9 (bug #328626; medium)
CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via p ...)
	{DSA-856-1}
	- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in  ...)
	- cups 1.1.23-1
	- cupsys 1.1.23-1
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in Mozi ...)
	{DSA-868-1 DSA-866-1 DSA-837-1}
	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
	- mozilla 2:1.7.12-1 (bug #327455; medium)
	- mozilla-thunderbird 1.0.7-1
	NOTE: epiphany-browser is apparently fixed fix the mozilla
	NOTE: upload; see bug #327366
CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_l ...)
	{DSA-886-1}
	- chmlib 0.36-1 (bug #327431; medium)
CVE-2005-2802
	REJECTED
CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU Ma ...)
	{DSA-841-1 DTSA-20-1}
	- mailutils 1:0.6.90-3 (bug #327424; high)
CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows remot ...)
	NOT-FOR-US: Solaris
CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pr ...)
	NOT-FOR-US: ZipTorrent
CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
	NOT-FOR-US: BlueWhaleCRM
CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: Mercora IMRadio
CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3. ...)
	NOT-FOR-US: aMember Pro
CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a sy ...)
	NOT-FOR-US: URBAN
CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in Ope ...)
	NOT-FOR-US: OpenWebmail
CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on  ...)
	NOT-FOR-US: ADSL hardware
CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Editi ...)
	NOT-FOR-US: N-Stealth
CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier all ...)
	- nikto 1.35-1.1 (bug #327339; medium)
CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the Savant\U ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7. ...)
	NOT-FOR-US: Rediff BOL)
CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an o ...)
	NOT-FOR-US: Free SMTP Server
CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party comp ...)
	NOT-FOR-US: ALZip
CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5 ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedba ...)
	NOT-FOR-US: thesitewizard.com chfeedback.pl
CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a an ...)
	NOT-FOR-US: GuppY
CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5 ...)
	NOT-FOR-US: Novell Netware
CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read s ...)
	{DTSA-25-1}
	- smb4k 0.6.4-1 (bug #337471; medium)
	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service (cr ...)
	NOT-FOR-US: SlimFTPD
CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running fi ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 a ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-2845 (Ariba Spend Management System sends the username and password to the s ...)
	NOT-FOR-US: Ariba Spend Management System
CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows rem ...)
	NOT-FOR-US: Indiatimes Messenger
CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and pas ...)
	NOT-FOR-US: Hesk
CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4. ...)
	NOT-FOR-US: DameWare Mini
CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
	NOT-FOR-US: IOS
CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier h ...)
	NOT-FOR-US: MAXdev
CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1 ...)
	NOT-FOR-US: MAXdev
CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and e ...)
	NOT-FOR-US: myBloggie
CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI  ...)
	NOT-FOR-US: WebGUI
CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a  ...)
	NOT-FOR-US: Phorum
CVE-2005-2835
	RESERVED
CVE-2005-2834
	RESERVED
CVE-2005-2833
	RESERVED
CVE-2005-2832
	RESERVED
CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS prox ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2828
	RESERVED
CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and 20 ...)
	NOT-FOR-US: Windows NT
CVE-2005-2826
	RESERVED
CVE-2005-2825
	RESERVED
CVE-2005-2824
	RESERVED
CVE-2005-2823
	RESERVED
CVE-2005-2822
	RESERVED
CVE-2005-2821
	RESERVED
CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows rem ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327181; medium)
CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges  ...)
	NOT-FOR-US: DownFile
CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
	NOT-FOR-US: DownFile
CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote a ...)
	NOT-FOR-US: Greymatter
CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remo ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earli ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P a ...)
	NOT-FOR-US: man2web
CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, o ...)
	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow loca ...)
	NOT-FOR-US: urban game
CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0  ...)
	NOT-FOR-US: silc daemon
CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, whic ...)
	- frox 0.7.18-1 (medium)
CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop privileg ...)
	- frox <not-affected> (does not run setuid root in the Debian package)
CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows rem ...)
	NOT-FOR-US: BNBT EasyTracker
CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to non-exis ...)
	NOT-FOR-US: e107
CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and  ...)
	NOT-FOR-US: GroupWise
CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implementation in the SCSI procfs interfac ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-6 (low)
	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and po ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: Not enabled in the binary build, see #326065
	- openssh-krb5 <removed> (bug #327233; medium)
	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle d ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ear ...)
	{DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2795
	RESERVED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...)
	{DSA-809-3 DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BF ...)
	NOT-FOR-US: BFCC
CVE-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BF ...)
	NOT-FOR-US: BFCC
CVE-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BF ...)
	NOT-FOR-US: BFCC
CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 an ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to d ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8. ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the dat ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2784 (SQL injection vulnerability in the login function for the administrati ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ea ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for AutoL ...)
	NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly  ...)
	{DSA-1063-1}
	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
	[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
	NOTE: Sarge affected, woody isn't
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allo ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to obt ...)
	NOT-FOR-US: iTAN
CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) al ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 2 ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify k ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows  ...)
	NOT-FOR-US: Litium Quake mod
CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote attack ...)
	NOT-FOR-US: HP OpenView
CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota gophe ...)
	{DSA-832-1}
	- gopher 3.0.11 (bug #327722; high)
CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-S ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-S ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possib ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327727; medium)
CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
	NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: LeapFTP
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
	- linux-2.6 2.6.12-6 (low)
CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2765 (The user interface in the Windows Firewall does not properly display c ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in proce ...)
	NOT-FOR-US: VPNRemote
CVE-2005-2760
	RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton An ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec  ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Serv ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to overwri ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does no ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by appli ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, c ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows l ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2740
	REJECTED
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visibl ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent m ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allo ...)
	NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier all ...)
	NOT-FOR-US: YaPig
CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earli ...)
	NOT-FOR-US: phpGraphy
CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earl ...)
	{DSA-1148-1}
	- gallery 1.5-2 (bug #325285; medium)
CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly res ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
	NOTE: path disclosure, so not very important on debian systems
	NOTE: unreproducible according to bug #327729
CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when u ...)
	NOT-FOR-US: Astato specific
CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
	NOT-FOR-US: Astato specific
CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter H ...)
	NOT-FOR-US: Astato specific
CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote attack ...)
	{DSA-805-1}
	NOTE: The CVE description is wrong, this has been merged for 2.0.55
	- apache2 2.0.54-5 (bug #326435; medium)
CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server inf ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remo ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ver ...)
	NOT-FOR-US: QNX
CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmeth ...)
	NOT-FOR-US: PaFileDB
CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php o ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ( ...)
	NOT-FOR-US: HAURI Antivirus
CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Ventrilo
CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remo ...)
	NOT-FOR-US: MPlayer
CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 al ...)
	{DSA-799-1}
	- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715 (Format string vulnerability in the Java user interface service (bpjava ...)
	NOT-FOR-US: VERITAS NetBackup Data and Business Center
CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple
CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, a ...)
	NOT-FOR-US: IBM
CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC P ...)
	NOT-FOR-US: ISS
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 allo ...)
	{DSA-826-1}
	NOTE: see  http://www.open-security.org/advisories/13
	- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 al ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on 64 ...)
	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and  ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite b ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (bug #329778; medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyCli ...)
	{DSA-807-1 DSA-805-1}
	- libapache-mod-ssl 2.8.24-1 (medium)
	- apache2 2.0.54-5 (bug #327210; medium)
CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1. ...)
	NOT-FOR-US: PHPKit
CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publis ...)
	NOT-FOR-US: Nephp Publisher Enterprise
CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes i ...)
	NOT-FOR-US: Notes
CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking functionalit ...)
	NOT-FOR-US: Cisco
CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allo ...)
	NOT-FOR-US: WinAce
CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitiz ...)
	NOT-FOR-US: SunOS
CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly bef ...)
	NOT-FOR-US: Solaris
CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
	NOT-FOR-US: SunOS
CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows rem ...)
	{DSA-793-1}
	- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 doe ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
	- linux-2.6 2.6.18-1 (bug #332381; low)
	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
	NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6 ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
	- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 al ...)
	{DSA-798-1}
	- phpgroupware 0.9.16.008-1
CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in N ...)
	{DSA-796-1}
	- affix 2.1.2-3 (bug #325444; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
	- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely,  ...)
	{DSA-806-1 DSA-802-1}
	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
	- cvs 1:1.11.5-4 (bug #325106; low)
	- gcvs 1.0final-8 (bug #324969; low)
CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
	NOT-FOR-US: RunCMS
CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract functi ...)
	NOT-FOR-US: RunCMS
CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke 0.760- ...)
	NOT-FOR-US: PostNuke
CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760- ...)
	NOT-FOR-US: PostNuke
CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3 ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows re ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote a ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP cod ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-XXXX [Insecure temp files in firehol]
	- firehol 1.231-4 (unimportant)
	NOTE: Only exploitable inside modified binary installation
CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ex ...)
	NOT-FOR-US: Virtual Edge Netquery
CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote at ...)
	NOT-FOR-US: PHPKit
CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before  ...)
	NOT-FOR-US: DTLink AreaEdit
CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic i ...)
	NOT-FOR-US: Cisco
CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other versi ...)
	NOT-FOR-US: Sysinternals Process Explorer
CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NA ...)
	NOT-FOR-US: MSIE
CVE-2005-2677 (ACNews stores the database in a file under the web document root with  ...)
	NOT-FOR-US: ACNews
CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in Copper ...)
	NOT-FOR-US: Coppermine
CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. Multiple SQL  ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. Multiple cros ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2. ...)
	NOT-FOR-US: Burning Board
CVE-2005-2671
	REJECTED
CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products includi ...)
	NOT-FOR-US: HAURI
CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 befor ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing  ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other implement ...)
	- openssh 1:4.0p1-1 (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, a ...)
	NOT-FOR-US: elm-me+ is no longer in unstable or testing
CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in pl ...)
	NOT-FOR-US: Whisper
CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (low; bug #329307)
CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary co ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (high; bug #329307)
CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function i ...)
	{DSA-852-1}
	- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
	{DSA-839-1}
	- apachetop 0.12.5-3
CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as  ...)
	{DSA-886-1}
	- chmlib 0.37-2 (medium)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
	{DSA-812-1}
	- turqstat 2.2.4-1 (medium)
CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier allow ...)
	{DSA-811-2}
	- common-lisp-controller 4.18 (bug #328633; medium)
CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with world- ...)
	{DSA-794-1}
	NOTE: Fix in -8 had problems
	- polygen 1.0.6-9 (bug #325468; low)
CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before exec ...)
	{DSA-791-1 DTSA-11-1}
	- maildrop 2.0.2-7 (bug #325135; medium)
CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous a ...)
	{DSA-790-1}
	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
	- cplay 1.49-8 (bug #324913; low)
	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
	[sarge] - cplay <no-dsa> (Hardly exploitable)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurel ...)
	{DSA-814-1 DTSA-17-1}
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote  ...)
	NOT-FOR-US: BBCaffe
CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
	NOT-FOR-US: Zorum
CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitra ...)
	NOT-FOR-US: Zorum
CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestboo ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
	NOT-FOR-US: ATutor
CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ea ...)
	NOT-FOR-US: W-Agora
CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Serv ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document Cent ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document Cent ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl al ...)
	NOT-FOR-US: JaguarControl
CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and  ...)
	- tor 0.1.0.14-1 (bug #323786; medium)
CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
	- mutt <not-affected> (bug #323956; high)
	NOTE: Status is not clear; upstream is unresponsive.
	NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle  ...)
	{DSA-785-1}
	- libpam-ldap 178-1sarge1 (bug #324899)
CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
	NOT-FOR-US: Outlook
CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to con ...)
	NOT-FOR-US: MyProxy
CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass se ...)
	NOTE: could not reproduce this with squid 2.5, neither could the redhat guys
	NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522
	- squid 2.5
CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensi ...)
	- squid 2.5.8
CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Tra ...)
	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the p ...)
	NOT-FOR-US: DiamondCS
CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN runni ...)
	NOT-FOR-US: Juniper
CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 all ...)
	NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.4 ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew an ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...)
	NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) bo ...)
	NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in mediabox ...)
	NOT-FOR-US: Mediabox 404
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to  ...)
	NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 1 ...)
	- helix-player <not-affected> (Only Windows version of Real are affected)
CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne P ...)
	{DSA-915-1}
	- helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execut ...)
	- flashplugin-nonfree 7.0.61-1.1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote a ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote at ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: MS IE
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 a ...)
	NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers t ...)
	NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows lo ...)
	NOT-FOR-US: wmFrog
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine bef ...)
	NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact an ...)
	NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1 ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlie ...)
	NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a larg ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a de ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Serv ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 all ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attacke ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files vi ...)
	- cplay 1.49-3 (medium)
CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to  ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote at ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users  ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or crea ...)
	NOT-FOR-US: Open WebMail
CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier al ...)
	NOT-FOR-US: miniBB
CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows  ...)
	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4 ...)
	NOT-FOR-US: Tutti Nova
CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01 ...)
	NOT-FOR-US: Hitachi Cosminexus Portal Framework
CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or  ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wil ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and  ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
	NOT-FOR-US: S-Mart Shopping Cart or RediCart
CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
	NOT-FOR-US: Jaws
CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allo ...)
	NOT-FOR-US: Jaws
CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an H ...)
	NOT-FOR-US: Jaws
CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
	NOT-FOR-US: Kerio
CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlie ...)
	- proxytunnel 1.2.0-1
CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers do ...)
	NOT-FOR-US: HP printers
CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows rem ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores t ...)
	NOT-FOR-US: Computer Associates Unicenter Common Services
CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in C ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers  ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of the ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0. ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the p ...)
	NOT-FOR-US: Novell GroupWise
CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
	NOT-FOR-US: Autonomy
CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...)
	NOT-FOR-US: Autonomy
CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
	NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 thr ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not d ...)
	NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX spam ...)
	NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
	NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and earl ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow rem ...)
	NOT-FOR-US: BEA
CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch IMa ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote at ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP  ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain username ...)
	NOT-FOR-US: Keene Digital Media Server
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to exe ...)
	NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
	NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote atta ...)
	NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service  ...)
	NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Over ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 al ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 thr ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4. ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2. ...)
	- samhain 2.0.2
CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 thr ...)
	- samhain 2.0.2
CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earli ...)
	- kernel-patch-vserver 1.9.2
CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown at ...)
	- phpgroupware 0.9.14.002
CVE-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before 0 ...)
	- phpgroupware 0.9.14.002
CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including F- ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2404
	REJECTED
CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3. ...)
	NOT-FOR-US: YaBB
CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP  ...)
	NOT-FOR-US: YaBB
CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging be ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in plaintex ...)
	NOT-FOR-US: WinFTP Server
CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote atta ...)
	NOT-FOR-US: Sidewinder
CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe
CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0  ...)
	NOT-FOR-US: Blue Coat
CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ser ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin op ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not pro ...)
	NOT-FOR-US: Sun JSSE
CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
	NOT-FOR-US: libuser
CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2 ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a.  ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg- ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5  ...)
	NOT-FOR-US: ECW-Shop
CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through  ...)
	NOT-FOR-US: (FreeBSD)
	NOTE: old freebsd, before it was introduced in Debian
CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
	NOT-FOR-US: Sun JSSE and JRE
CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6 ...)
	{DTSA-16-1}
	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html - amd64 specific DOS
	- linux-2.6 2.6.12-6
CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
	NOT-FOR-US: ezUpload
CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
	NOT-FOR-US: EQdkp
CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are upl ...)
	NOT-FOR-US: Discuz
CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows atta ...)
	NOT-FOR-US: CPAINT Ajax
CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier a ...)
	- wordpress 1.5.2-1 (bug #323040; high)
CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec  ...)
	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1 ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
	NOT-FOR-US: SafeHTML
CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity Simpli ...)
	NOT-FOR-US: PHPSimplicity
CVE-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail 3.0 ...)
	NOT-FOR-US: PHlyMail
CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allo ...)
	NOT-FOR-US: Lasso Professional Server
CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image Gal ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to o ...)
	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to exe ...)
	NOT-FOR-US: MidiCart
CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products su ...)
	{DSA-899-1 DSA-798-1}
	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial en ...)
	NOT-FOR-US: Hummingbird FTP for Connectivity
CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier ...)
	NOT-FOR-US: Dokeos
CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
	NOT-FOR-US: AOL Client
CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin  ...)
	{DSA-879-1}
	- gallery 1.5-2 (medium)
CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alph ...)
	NOT-FOR-US: Dada Mail
CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ca ...)
	NOT-FOR-US: Apple Safari
CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with un ...)
	NOT-FOR-US: MindAlign
CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions allo ...)
	NOT-FOR-US: MindAlign
CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to li ...)
	NOT-FOR-US: MindAlign
CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and  ...)
	NOT-FOR-US: MindAlign
CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
	NOT-FOR-US: WRT54GS wireless router
CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 a ...)
	NOT-FOR-US: DVBBS
CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
	NOT-FOR-US: PHPTB Topic Boards
CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web adm ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote atta ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running f ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumente ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writ ...)
	NOT-FOR-US: Kaspersky
CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibl ...)
	NOT-FOR-US: Grandstream BudgeTone
CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
	NOT-FOR-US: Contivity
CVE-2005-2578
	REJECTED
CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
	NOT-FOR-US: Wyse Winterm
CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers t ...)
	NOT-FOR-US: CaLogic
CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows r ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before  ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly res ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote attacke ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66C ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 a ...)
	NOT-FOR-US: SysCP
CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier al ...)
	NOT-FOR-US: SysCP
CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity B ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attac ...)
	NOT-FOR-US: MYFAQ
CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 al ...)
	NOT-FOR-US: CFBB
CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows rem ...)
	NOT-FOR-US: e107 portal
CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 bef ...)
	{DSA-833-2 DSA-831-1 DSA-829-1}
	- mysql-dfsg-4.1 4.1.13 (medium)
	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (low)
CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with registe ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to  ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-6 (medium)
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd str ...)
	NOT-FOR-US: rexecd
CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
	NOT-FOR-US: sercd
CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before 2.3 ...)
	NOT-FOR-US: sercd
CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path inf ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Winamp
CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote atta ...)
	- jetty 4.2.19-1 (medium)
CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight Utiliti ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for  ...)
	NOT-FOR-US: @Mail
CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: @Mail
CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a de ...)
	NOT-FOR-US: Alcatel OmniSwitch
CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0. ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
	NOT-FOR-US: 1st Class Mail Server
CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the serv ...)
	NOT-FOR-US: BadBlue
CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
	NOT-FOR-US: AIM
CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows loc ...)
	- bochs 2.1.1-1
CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and earl ...)
	NOT-FOR-US: Red Storm Games
CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillia ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6  ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 a ...)
	NOT-FOR-US: Opt-X
CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows  ...)
	NOT-FOR-US: WFTPD
CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 all ...)
	NOT-FOR-US: GlobalScape Secure FTP Server
CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows loc ...)
	NOT-FOR-US: Microsoft
CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3. ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical  ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 a ...)
	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Targem Battle Mages
CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB  ...)
	- phpbb2 2.0.6c (low)
CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does no ...)
	NOT-FOR-US: roofpoint Protection Server
CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...)
	NOT-FOR-US: Fizmez
CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (C ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 throu ...)
	NOT-FOR-US: 4nGuestbook
CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf)  ...)
	NOT-FOR-US: BugPort
CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 all ...)
	NOT-FOR-US: GBook
CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 all ...)
	NOT-FOR-US: GBook
CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6  ...)
	- phpbb2 2.0.8 (low)
CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
	NOT-FOR-US: Tunez
CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...)
	NOT-FOR-US: Sybari AntiGen for Domino
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attack ...)
	NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Serve ...)
	NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4,  ...)
	NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW12 ...)
	NOT-FOR-US: VocalTec
CVE-2004-2343 (** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local user ...)
	NOTE: apache disputes this and I agree -- joeyh
CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service (s ...)
	NOT-FOR-US: ChatterBox
CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for iSearc ...)
	NOT-FOR-US: iSearch
CVE-2004-2340
	NOT-FOR-US: PunkBuster Screenshot Database
CVE-2004-2339 (** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows lo ...)
	NOT-FOR-US: Microsoft
CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules with ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed wit ...)
	NOT-FOR-US: inlook
CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0  ...)
	NOT-FOR-US: Novel Groupwise
CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used  ...)
	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2 ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area,  ...)
	NOT-FOR-US: Bodington
CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form  ...)
	NOT-FOR-US: WWW::Form
CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox se ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a deni ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbi ...)
	NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers  ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
	NOT-FOR-US: IP3 Networks NetAccess
CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNet ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop)  ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows re ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules  ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users t ...)
	NOT-FOR-US: IBM Informatik Dynamic Server
CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0 ...)
	NOT-FOR-US: SurgeFTP Server
CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allo ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ca ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ca ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
	NOT-FOR-US: Novell iChain Server
CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error message ...)
	- courier <unfixed> (unimportant)
	NOTE: This is a lack of a security feature, but not a direct vulnerability
CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid,  ...)
	NOT-FOR-US: AIX only
CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domi ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows loca ...)
	NOT-FOR-US: Crob FTP Server
CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly  ...)
	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attac ...)
	NOT-FOR-US: MS IE
CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled a ...)
	NOT-FOR-US: Solaris
CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote  ...)
	NOT-FOR-US: Computer Associates
CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
	- mtools 3.9.9
CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
	- mathopd 1.5b14
CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
	- gallery 1.4.1
CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
	NOT-FOR-US: BEA
CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 a ...)
	NOT-FOR-US: BEA
CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 dis ...)
	NOT-FOR-US: BEA
CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 S ...)
	NOT-FOR-US: BEA
CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a for ...)
	NOT-FOR-US: BEA
CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ci ...)
	NOT-FOR-US: BEA
CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6 ...)
	NOT-FOR-US: BEA
CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for Gal ...)
	- gallery 1.3.3
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
	- clamav 0.86.2-1 (low)
	[sarge] - clamav 0.84-2.sarge.2
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x befor ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated  ...)
	NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 o ...)
	NOT-FOR-US: Novell eDirectory
CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attack ...)
	{DSA-782-1 DTSA-9-1}
	- bluez-utils 2.19-1 (bug #323365; medium)
CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Arab Portal
CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0 ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev eComme ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev eComme ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arb ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or s ...)
	NOTE: This is intended behaviour, after all tar is an archiving tool and you
	NOTE: need to give -p as a command line flag
	- tar <unfixed> (bug #328228; unimportant)
CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ve ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5  ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers t ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers t ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when c ...)
	{DSA-792-1}
	- pstotext 1.9-2 (bug #319758; medium)
CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue w ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS authe ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac O ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Appl ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2528
	REJECTED
CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X  ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a  ...)
	NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descri ...)
	NOT-FOR-US: MacOS X
CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to b ...)
	NOT-FOR-US: MacOS X
CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server i ...)
	NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs wit ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure tempora ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows rem ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatt ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execu ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOve ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerbe ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, w ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 al ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical a ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in a ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows extern ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ker ...)
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which al ...)
	- slocate <not-affected> (Uses secure glibc code, see #324951)
CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML- ...)
	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
	- drupal 4.5.5-1 (bug #323347; high)
	- phpgroupware 0.9.16.008-1 (bug #323349; high)
	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
	- phpwiki <unfixed> (unimportant)
	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
	- php4 4:4.3.10-16 (bug #323366; high)
	- php5 5.0.5-1 (high)
CVE-2005-2497
	REJECTED
CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
	{DSA-801-1}
	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
	- ntp 1:4.2.0a+stable-2sarge1 (medium)
	[etch] - ntp 1:4.2.0a+stable-2sarge1 (medium)
CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted ...)
	{DSA-816-1}
	- xorg-x11 6.8.2.dfsg.1-7 (medium)
CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ac ...)
	{DSA-815-1}
	- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
	RESERVED
CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allow ...)
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular Expressi ...)
	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
	- pcre3 6.3-1 (bug #324531; medium)
	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
	- goffice 0.1.0-3 (bug #326898; unimportant)
	- vfu <not-affected> (does not include the vulnerable part of pcre)
	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
	- python2.1 2.1.3dfsg-3 (medium)
	- python2.2 2.2.3dfsg-4 (medium)
	- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions i ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Buffer overflow in Description parsing]
	- bidwatcher <removed> (bug #319489; low)
	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
	- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
	- classpath 2:0.92-1 (bug #267040; bug #301134; high)
	[etch] - classpath <not-affected> (Doesn't build the gcjwebplugin binary package)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
	- dbmail 2.2.1-1 (bug #290833; medium)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attac ...)
	{DSA-922-1 DTSA-16-1}
	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
	NOTE: 2.6.12-1 contained a partially broken fix
	- linux-2.6 2.6.12-6 (bug #309308; low)
CVE-2005-2489 (Web Content Management News System allows remote attackers to create a ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management New ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
	NOT-FOR-US: Sun switches
CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in PortailPH ...)
	NOT-FOR-US: PortailPHP
CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
	NOT-FOR-US: Logicampus
CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 mig ...)
	NOT-FOR-US: Denora IRC stats
CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote a ...)
	NOT-FOR-US: Karrigell
CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and  ...)
	NOT-FOR-US: Metasploit Framework
CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Fusebox
CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 a ...)
	NOT-FOR-US: Fusebox
CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote attacker ...)
	NOT-FOR-US: Silvernews
CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote at ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxto ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions  ...)
	{DSA-903-1}
	- unzip 5.52-4 (bug #321927; low)
CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive informa ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote atta ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote attacke ...)
	NOT-FOR-US: BusinessMail
CVE-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when call ...)
	{DSA-1021-1}
	- netpbm-free 2:10.0-9 (bug #319757; low)
CVE-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 t ...)
	NOT-FOR-US: Adobe
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 all ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173; medium)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Eudora
CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote a ...)
	NOT-FOR-US: Omnicron
CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 a ...)
	NOT-FOR-US: Novell Internet Messaging System
CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
	NOT-FOR-US: Pointsec
CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attac ...)
	NOT-FOR-US: SurfControl
CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to exec ...)
	NOT-FOR-US: QNX
CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remot ...)
	NOT-FOR-US: Blue World Lasso Web Data Engine
CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Microsoft
CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers t ...)
	NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) L ...)
	NOT-FOR-US: Hyper NIKKI System (HNS) Lite
CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arb ...)
	- netjuke 1.0b7
CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ar ...)
	NOT-FOR-US: HTMLsearch
CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
	NOT-FOR-US: RCA Digital Cable Modem
CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Fwmon
CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
	NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
	NOTE: debian's nms-formmail is a reimplementation of old formmail
CVE-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony VA ...)
	NOT-FOR-US: Sony VAIO
CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in Verid ...)
	NOT-FOR-US: OpenKeyServer
CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21  ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from boo ...)
	NOT-FOR-US: Microsoft
CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers  ...)
	NOT-FOR-US: Ganglia PHP RRD Web Client
	NOTE: not ganglia-monitor
CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed  ...)
	- apache 1.3.24 (low)
CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to  ...)
	- jzlib 0.0.7 (low)
CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary Ja ...)
	NOT-FOR-US: Microsoft
CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the fil ...)
	NOT-FOR-US: Microsoft
CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows loc ...)
	- ddd <not-affected> (ddd is not setuid/gid so not exploitable)
CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remot ...)
	NOT-FOR-US: Axspawn-pam
CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers  ...)
	- maradns 0.9.01 (low)
CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWa ...)
	NOT-FOR-US: Netware
CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ar ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full pa ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is  ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ea ...)
	NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, 0. ...)
	NOT-FOR-US: decfingerd
CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers  ...)
	NOT-FOR-US: aucho Technology Resin server
CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ar ...)
	NOT-FOR-US: Solaris
CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
	NOT-FOR-US: clump/os
CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for Netwa ...)
	NOT-FOR-US: ScriptEase
CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
	NOT-FOR-US: UnixWare/OpenUnix
CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
	NOT-FOR-US: SCO
CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
	NOT-FOR-US: CDE
CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ex ...)
	NOTE: insufficient info to check, but not same code base
CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
	NOT-FOR-US: Apple
CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Tren ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3. ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
	- wine 0.0.20050830-1 (bug #321470; unimportant)
	NOTE: Not shipped in binary package
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
	- metamail 2.7-48 (bug #321473; low)
	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
	- xfree86 <removed> (bug #321447; low)
	[woody] - xfree86 <no-dsa> (Hardly exploitable)
	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
	- x11-apps 7.7~1 (bug #321447; low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
	- ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant)
	NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
	NOTE: binary not shipped
	- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
	- fftw3 3.0.1-12 (low; bug #321566)
	[sarge] - fftw3 <no-dsa> (Minor issue)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
	- clamav-getfiles 0.5-1 (bug #321446; medium)
	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect m ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316881; low)
	[sarge] - cgiwrap <no-dsa> (Minor impact)
CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/ ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316901; low)
	[sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs)
CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows r ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows re ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6. ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
	- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
	- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
	- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux kerne ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in xfrm_use ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-2 (bug #321401; medium)
	- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitr ...)
	NOT-FOR-US: Greasemonkey
CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure de ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1. ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of servi ...)
	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
	- tiff 3.7.0-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled,  ...)
	NOT-FOR-US: IOS
CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file f ...)
	{DSA-776-1 DTSA-3-1}
	- clamav 0.86.2-1 (medium)
CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create o ...)
	NOT-FOR-US: sandbox
CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow rem ...)
	{DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1}
	- ekg 1:1.5+20050718+1.6rc3-1 (low)
	- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
	REJECTED
CVE-2005-2446
	REJECTED
CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows  ...)
	NOT-FOR-US: Product Cart
CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the pas ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root wit ...)
	NOT-FOR-US: KShout
CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebIns ...)
	NOT-FOR-US: SPI Dynamics Web Inspect
CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow re ...)
	NOT-FOR-US: VBzoom
CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage  ...)
	NOT-FOR-US: Thomson Web Skill Vantage Manager
CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quo ...)
	NOT-FOR-US: UseBB
CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier al ...)
	NOT-FOR-US: UseBB
CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain  ...)
	NOT-FOR-US: Website Baker
CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website Bake ...)
	NOT-FOR-US: Website Baker
CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ev ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a  ...)
	- phplist <itp> (bug #612288)
CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to modi ...)
	- phplist <itp> (bug #612288)
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 d ...)
	- gforge 4.5.14-2 (bug #328224; unimportant)
	NOTE: Direct flooding is possible as well in most circumstances.
	NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allo ...)
	{DSA-1094-1}
	- gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set  ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" en ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ al ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a deni ...)
	NOT-FOR-US: FTPshell Server
CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote attack ...)
	NOT-FOR-US: Ares FileShare
CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware 4.2.8. ...)
	NOT-FOR-US: Siemens hardware
CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Beehive
CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
	NOT-FOR-US: Beehive
CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
	NOT-FOR-US: Beehive
CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbit ...)
	NOT-FOR-US: FtpLocate
CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: hardware issue
CVE-2005-2418
	REJECTED
CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Contrexx
CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
	NOT-FOR-US: Contrexx
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow  ...)
	NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as F ...)
	- firefox 1.5.dfsg-1 (unimportant)
	- mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant)
	- mozilla 1.5.dfsg-1 (bug #327550; unimportant)
	- iceweasel <not-affected>
	NOTE: The turned out to be non-exploitable
CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in A ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost  ...)
	NOT-FOR-US: First Post
CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and t ...)
	{DSA-808-1}
	- tdiary 2.0.2-1 (bug #319315; medium)
CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
	NOT-FOR-US: Network Manager
CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, whil ...)
	NOT-FOR-US: nbsmtp
CVE-2005-2408
	REJECTED
CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted attacker ...)
	NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting (XS ...)
	NOT-FOR-US: Opera
CVE-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is install ...)
	NOT-FOR-US: Opera
CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to c ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the Re ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to caus ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary co ...)
	NOT-FOR-US: Microsoft
CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBull ...)
	NOT-FOR-US: vBulletin
CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web Fil ...)
	NOT-FOR-US: Light Web File Manager
CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows remo ...)
	NOT-FOR-US: ActivePerl
CVE-2004-2285
	REJECTED
CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
	NOT-FOR-US: osCommerce
CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows r ...)
	NOT-FOR-US: Sendcard
CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, whi ...)
	NOT-FOR-US: RealChat
CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearc ...)
	NOT-FOR-US: PHPSiteSearch
CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
	NOT-FOR-US: PHPFinance
CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via mi ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows rem ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1 ...)
	NOT-FOR-US: phpBook
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlie ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
	- firefox <removed> (bug #320539; unimportant)
	- iceweasel <removed> (bug #320539; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
	- mozilla <removed> (bug #320538; unimportant)
	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
	NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit
	NOTE: This also seems like a rare setup.
CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the  ...)
	NOT-FOR-US: CuteNews
CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remo ...)
	NOT-FOR-US: CuteNews
CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
	NOT-FOR-US: CMSimple
CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point  ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allo ...)
	{DSA-795-2}
	- proftpd 1.2.10-20 (low)
	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denia ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
	NOT-FOR-US: some windows USB driver
CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 all ...)
	NOT-FOR-US: GoodTech SMTP server
CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1. ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM priv ...)
	NOT-FOR-US: Oray PeanutHull
CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 all ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports  ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote atta ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate Ser ...)
	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote attacker ...)
	NOT-FOR-US: Race Driver
CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows rem ...)
	NOT-FOR-US: Race Driver
CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative pass ...)
	NOT-FOR-US: Belkin 54g wireless routers
CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated  ...)
	NOT-FOR-US: SlimFTPd
CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary di ...)
	NOT-FOR-US: Oracle Forms
CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 1 ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before 1 ...)
	{DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
	- gaim 1:1.4.0-5 (low)
	- centericq 4.20.0-9 (bug #323185; low)
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before 1 ...)
	{DSA-813-1 DTSA-2-1}
	- centericq 4.20.0-9 (bug #323185; medium)
	- gaim 1:1.5.0-1 (bug #350071; medium)
	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
	[sarge] - ekg <not-affected>
	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external user-a ...)
	{DTSA-12-1}
	- vim 1:6.3-085+1 (bug #320017; medium)
	[sarge] - vim 1:6.3-071+1sarge1
	NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security
CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in Eth ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0 ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAM ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector,  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.1 ...)
	- ethereal 0.10.12-1 (bug #320183; low)
	NOTE: This affects partially Woody and Sarge
CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector,  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used  ...)
	- kfreebsd-5 5.3-1 (medium)
CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbit ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0  ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
	REJECTED
CVE-2005-2347
	RESERVED
CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2005-2345
	REJECTED
CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) BlackBer ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerr ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to  ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Atta ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remo ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of mse ...)
	NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
	NOT-FOR-US: Xoops
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
	{DSA-864-1 DSA-862-1 DSA-860-1}
	- ruby <removed>
	- ruby1.6 1.6.8-13 (medium)
	- ruby1.8 1.8.3-1 (bug #332742; medium)
	- ruby1.9 1.9.0+20050921-1 (medium)
CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.2-1
CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell  ...)
	NOT-FOR-US: Y.SAK
CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-B ...)
	NOT-FOR-US: smilies_popup.php
CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allo ...)
	NOT-FOR-US: PHPPageProtect
CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
	NOT-FOR-US: MooseGallery
CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, wh ...)
	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 an ...)
	NOT-FOR-US: Laffer
CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier all ...)
	NOT-FOR-US: e107
CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full pa ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.2 ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0 ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
	NOT-FOR-US: CaLogic
CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and earlie ...)
	NOT-FOR-US: Yawp
CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 S ...)
	NOT-FOR-US: DVBBS
CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0 ...)
	{DSA-849-1}
	- shorewall 2.4.1-2 (bug #318946; medium)
CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers  ...)
	NOT-FOR-US: dnrd
CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allow ...)
	NOT-FOR-US: dnrd
CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to o ...)
	NOT-FOR-US: PHPsFTPd
CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows att ...)
	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote atta ...)
	NOT-FOR-US: Realnode Emilda
CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
	- sms-pl 2.1.0-1 (bug #320540; unimportant)
	NOTE: vulnerable contrib file only in source package
CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions be ...)
	NOT-FOR-US: Winamp
CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU c ...)
	NOT-FOR-US: Opera
CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote attacker ...)
	NOT-FOR-US: MSIE
CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows loc ...)
	NOT-FOR-US: Microsoft
CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: DG Remote Control Server
CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2005-2303
	REJECTED
CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range  ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not pr ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: Skype
CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message  ...)
	NOT-FOR-US: Simple Message Board
CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all attach ...)
	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5  ...)
	NOT-FOR-US: Sybase EAServer
CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: YabbSE
CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
	- netpanzer 0.8+svn20060319-1 (bug #318329; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of reco ...)
	NOT-FOR-US: Oracle
CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
	NOT-FOR-US: Oracle
CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords  ...)
	NOT-FOR-US: Oracle
CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext passwo ...)
	NOT-FOR-US: Oracle
CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
	NOT-FOR-US: WPS
CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remo ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a d ...)
	NOT-FOR-US: SoftiaCom wMailServer
CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which  ...)
	NOT-FOR-US: WebEOC
CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as  ...)
	NOT-FOR-US: WebEOC
CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow re ...)
	NOT-FOR-US: WebEOC
CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
	NOT-FOR-US: WebEOC
CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6 ...)
	NOT-FOR-US: WebEOC
CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2 ...)
	NOT-FOR-US: Cisco
CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable P ...)
	NOT-FOR-US: MailEnable
CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows rem ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318328; medium)
CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
	NOT-FOR-US: Novell Groupwise WebAccess
CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
	NOT-FOR-US: OpenWebmail
CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote at ...)
	- dansguardian 2.6.1-13 (medium)
CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filt ...)
	- dansguardian 2.7.7-2
CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 F ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHo ...)
	NOT-FOR-US: vHost
CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life serve ...)
	NOT-FOR-US: aGSM Half-Life
CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbit ...)
	NOT-FOR-US: I-Mall Commerce
CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and at ...)
	NOT-FOR-US: w3m Jigsaw
CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: efFingerD
CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD 0. ...)
	NOT-FOR-US: efFingerD
CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 all ...)
	NOT-FOR-US: IBM Parallel Environment
CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection Syste ...)
	- pads 1.1.1 (high)
CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: PimenGest2
CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allo ...)
	NOT-FOR-US: Ansel
CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote att ...)
	NOT-FOR-US: Ansel
CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during  ...)
	- uudeview 0.5.20-2.1 (bug #320541; low)
	[sarge] - uudeview <no-dsa> (Hardly exploitable)
	NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500)
CVE-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in filen ...)
	- less <not-affected> (less is not suid, explotability unlikely)
CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in Pl ...)
	NOT-FOR-US: PlaySMS
CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
	NOT-FOR-US: e107
CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote attacke ...)
	NOT-FOR-US: e107
CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the addres ...)
	NOT-FOR-US: Opera
CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause  ...)
	- vsftpd 2.0.1-1 (low)
CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definiti ...)
	NOT-FOR-US: Hummingbird Exceed
CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remot ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote att ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, al ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ea ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to  ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides informa ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before 0.1. ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before 0.1. ...)
	NOT-FOR-US: SecureEditor
CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact  ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in Audi ...)
	NOT-FOR-US: AudienceConnect
CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allo ...)
	NOT-FOR-US: Goollery
CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remot ...)
	NOT-FOR-US: Goollery
CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9 ...)
	NOT-FOR-US: Oracle
CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by st ...)
	NOT-FOR-US: Phorum
CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, poss ...)
	NOT-FOR-US: Phorum
CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier  ...)
	NOT-FOR-US: Phorum
CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier al ...)
	NOT-FOR-US: Phorum
CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
	- vpopmail <removed> (bug #320608; low)
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
	NOTE: maintainer says does not apply to debian, see #320608
CVE-2004-2238 (** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5. ...)
	NOTE: format string vuln in vpopmail doesn't seem to be real
CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and at ...)
	- moodle 1.4-1
CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and at ...)
	- moodle 1.3.3-1
CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and atta ...)
	- moodle 1.2.1-1
CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in a ...)
	- moodle 1.2.1-1
CVE-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle befo ...)
	- moodle 1.3.2-1
CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in Moodl ...)
	- moodle 1.4.2-1
CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
	NOT-FOR-US: InstallAnywhere
CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allow ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable permission ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file downlo ...)
	- mozilla-firefox 1.0-1
CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Ma ...)
	- mozilla-thunderbird 1.0-3
CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitr ...)
	- mozilla-firefox 0.99+1.0RC1-1
CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
	NOT-FOR-US: Message Foundry
CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before  ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows rem ...)
	NOT-FOR-US: SoftCart
CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not prop ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the add ...)
	NOT-FOR-US: Microsoft
CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and e ...)
	NOT-FOR-US: PHPMyWebHosting
CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow r ...)
	NOT-FOR-US: yChat
CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlie ...)
	NOT-FOR-US: Sun Java
CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, whi ...)
	- rxvt-unicode 3.8-1
CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to by ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ob ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
	- xmovie <removed>
CVE-2005-XXXX [xgalaga score file segfault]
	- xgalaga 2.0.34-31 (bug #319686; low)
	[sarge] - xgalaga <no-dsa> (Minor issue)
CVE-2005-XXXX [xemeraldia games file overwrite]
	- xemeraldia 0.4-1 (bug #319661; low)
	[sarge] - xemeraldia <no-dsa> (Very minor issue)
CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows  ...)
	{DSA-774-1}
	NOTE: previous fix in -15 was broken
	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to assistan ...)
	{DSA-766-1}
	- webcalendar 0.9.45-7 (bug #315671; medium)
CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of  ...)
	NOT-FOR-US: Website Baker
CVE-2005-2275
	RESERVED
CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a Javascrip ...)
	NOT-FOR-US: MSIE
CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript di ...)
	NOT-FOR-US: Opera
CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript dialo ...)
	NOT-FOR-US: Sfari
CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
	NOT-FOR-US: iCab
CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone  ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
	- mozilla-thunderbird 1.0.6-1 (high)
CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does no ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associa ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and  ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to  ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (low; bug #318728)
CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive inform ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla  ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers t ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9,  ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before 1.7 ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of Sq ...)
	NOT-FOR-US: magicHTML
CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 be ...)
	NOT-FOR-US: WWWeBBB forum
CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
	NOT-FOR-US: Portix
CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to  ...)
	NOT-FOR-US: Novell Netware
CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication s ...)
	NOT-FOR-US: FTGate
CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cau ...)
	NOT-FOR-US: Microsoft
CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FTGate
CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX ...)
	- kernel-patch-openmosix <removed> (bug #319621; low)
CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FT ...)
	NOT-FOR-US: FTGate
CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear mem ...)
	NOT-FOR-US: Microsoft
CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allo ...)
	NOT-FOR-US: Lil' HTTP server
CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: ICQ
CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote a ...)
	NOT-FOR-US: Mailidx
CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on M ...)
	NOT-FOR-US: Microsoft
CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in JR ...)
	NOT-FOR-US: Sun Java
CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Tru64
CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams  ...)
	NOT-FOR-US: SecureClean
CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are atta ...)
	NOT-FOR-US: Eraser
CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams tha ...)
	NOT-FOR-US: Eraser
CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows a ...)
	NOT-FOR-US: BCWipe
CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' e ...)
	NOT-FOR-US: WebCalender
CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain admin ...)
	NOT-FOR-US: PhpWebGallery
CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and exec ...)
	NOT-FOR-US: AtGuard
CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explor ...)
	NOT-FOR-US: Microsoft
CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earli ...)
	NOTE: fixed in upstream 1.0.1
	NOTE: see http://web.archive.org/web/20090628044831/http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
	- mozilla 2:1.1-1 (low)
CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash cli ...)
	- links2 <not-affected> (Fixed before upload into archiv; 2.0pre5)
CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not  ...)
	NOT-FOR-US: Intel motherboards
CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage statistic ...)
	NOT-FOR-US: TeeKai
CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/ ...)
	NOT-FOR-US: TeeKai
CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows re ...)
	NOT-FOR-US: TeeKai
CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Trac ...)
	NOT-FOR-US: TeeKai
CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the admini ...)
	NOT-FOR-US: TeeKai
CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented  ...)
	NOT-FOR-US: Cisco
CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release,  ...)
	NOT-FOR-US: Cisco
CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used  ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when down ...)
	NOTE: one day upstream webserver compromise
CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to exe ...)
	NOT-FOR-US: PFinger
CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows rem ...)
	- sketch 0.6.13-1 (low)
CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers  ...)
	NOT-FOR-US: X-News
CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to  ...)
	NOT-FOR-US: x-stat
CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
	NOT-FOR-US: x-stat
CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
	NOTE: old patch
CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allo ...)
	NOT-FOR-US: QNX
CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 al ...)
	NOT-FOR-US: QNX
CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operat ...)
	NOT-FOR-US: QNX
CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows  ...)
	NOT-FOR-US: QNX
CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based s ...)
	NOT-FOR-US: NGPT
	NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
	NOTE: NPTL does not have this problem.
CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
	NOT-FOR-US: Sun
CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ear ...)
	NOT-FOR-US: RealityScape
CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers  ...)
	NOT-FOR-US: Email Sanitizer
CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
	NOT-FOR-US: FAQManager
CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to  ...)
	NOT-FOR-US: PHPNuke
CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
	NOT-FOR-US: Microsoft
CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ s ...)
	NOT-FOR-US: PHP, Mircrosoft
CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify  ...)
	NOT-FOR-US: Microsoft
CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not proper ...)
	NOT-FOR-US: DOOW
CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to  ...)
	NOT-FOR-US: BrowseFTP
CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root pa ...)
	- imp 3:2.2.6-5 (high)
CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and  ...)
	NOT-FOR-US: We use the OTHER beep program :P
CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows l ...)
	NOTE: only affects old-stable
CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbb ...)
	NOT-FOR-US: wbboard
CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default a ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in osComme ...)
	NOT-FOR-US: osCommerce
CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by  ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code b ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel addr ...)
	- user-mode-linux 2.4.17-9 (high)
CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows  ...)
	NOT-FOR-US: PostNuke
CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a  ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Lin ...)
	NOT-FOR-US: Apache
CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.c ...)
	NOT-FOR-US: faqomatic
CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht: ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root pat ...)
	NOT-FOR-US: Tomcat
CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the  ...)
	NOT-FOR-US: Tomcat
CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remo ...)
	NOT-FOR-US: Tomcat
CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 thro ...)
	NOT-FOR-US: Tomcat
CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1 ...)
	NOT-FOR-US: Sun
CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ca ...)
	NOT-FOR-US: Compaq
CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote at ...)
	NOT-FOR-US: Compaq
CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
	NOT-FOR-US: Compaq
CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
	NOT-FOR-US: jmcce
CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use pr ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow rem ...)
	NOT-FOR-US: VVOS
CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0  ...)
	NOT-FOR-US: UnixWare
CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier  ...)
	NOT-FOR-US: Postnuke
CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
	NOT-FOR-US: Postnuke
CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
	NOT-FOR-US: Windows
CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute  ...)
	NOT-FOR-US: WebBBS
CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or  ...)
	NOT-FOR-US: Windows
CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary c ...)
	NOT-FOR-US: osCommerce
CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical p ...)
	NOT-FOR-US: Resin
CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service (thre ...)
	NOT-FOR-US: Resin
CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service (memo ...)
	NOT-FOR-US: Resin
CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 al ...)
	NOT-FOR-US: Resin
CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
	NOTE: presumably fixed in linux 2.4.12
CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user acc ...)
	NOT-FOR-US: Microsoft
CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name U ...)
	NOT-FOR-US: Openwave WAP gateway
CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL wi ...)
	NOT-FOR-US: CMG WAP gateway
CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to bypa ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0. ...)
	- vanessa-logger 0.0.2
CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
	NOT-FOR-US: MacOS
CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11  ...)
	NOT-FOR-US: HP-UX
CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linu ...)
	NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to g ...)
	- nvi 1.79-16a.1
	NOTE: was DSA 085
CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to e ...)
	NOTE: DSA 082
	- xvt 2.1-13
CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and X ...)
	NOT-FOR-US: Microsoft
CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
	NOT-FOR-US: OpenBSD
CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
	- snort 1.8.3
CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gai ...)
	NOT-FOR-US: AIX
CVE-2001-1556 (The log files in Apache web server contain information directly suppli ...)
	NOTE: documented issue in apache, unlikely to be changed
	NOTE: see http://httpd.apache.org/docs/logs.html
CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal privileg ...)
	NOT-FOR-US: Solaris
CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote  ...)
	NOT-FOR-US: AIX
CVE-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...)
	- setiathome <not-affected> (not suid in debian)
CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, whi ...)
	NOTE: no info in CVE db about fix
CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
	NOT-FOR-US: Centra
CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filter ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local u ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ope ...)
	NOT-FOR-US: Outlook
CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and password ...)
	NOT-FOR-US: Pathways Homecare
CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a. ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS)  ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default  ...)
	NOT-FOR-US: Axis network camera
CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperl ...)
	NOT-FOR-US: NAI WebShield SMTP
CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3. ...)
	NOT-FOR-US: BSDI UUCP
CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denia ...)
	NOT-FOR-US: IPRoute router software
	NOTE: This is not for iproute/iproute2.
	NOTE: From Chris Gragsone's message on BUGTRAQ:
	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
	NOTE: "for networks running the Internet Protocol (IP)."
CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The JavaScript se ...)
	NOT-FOR-US: MSIE
CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of " ...)
	NOT-FOR-US: SpeedXess HA-120 DSL router
CVE-2001-1537 (The default "basic" security setting' in config.php for TWIG webmail 2 ...)
	NOTE: current twig package seems to have secure cookies enabled
	NOTE: still uses "basic" security setting.
CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, whi ...)
	NOT-FOR-US: Autogalaxy
CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random password ...)
	- slash 2.2.6-8 (bug #328927; low)
	[sarge] - slash <no-dsa> (Lack of a security feature, minor security problem)
CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's u ...)
	- apache <unfixed> (bug #328919; unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: Cookies are only used for invading user privacy,
	NOTE: not for authentication, so apache and apache2 should be fine.
CVE-2001-1533 (** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Serve ...)
	NOT-FOR-US: Microsoft
CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, w ...)
	NOT-FOR-US: WebX
CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cau ...)
	NOT-FOR-US: Claris Emailer
CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-wri ...)
	NOTE: verified current webmin is ok
CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attac ...)
	NOT-FOR-US: AIX
CVE-2001-1528 (AmTote International homebet program returns different error messages  ...)
	NOT-FOR-US: AmTote International homebet
CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in cleartext  ...)
	NOT-FOR-US: easynews
CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ind ...)
	NOT-FOR-US: easynews
CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews 1 ...)
	NOT-FOR-US: easynews
CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for P ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by start ...)
	NOT-FOR-US: Xircom REX
CVE-2001-1519 (** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to ...)
	NOT-FOR-US: RunAs
CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
	NOT-FOR-US: RunAs
CVE-2001-1517 (** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext auth ...)
	NOT-FOR-US: RunAs
CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ea ...)
	NOT-FOR-US: phpReview
CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 S ...)
	NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced securi ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicat ...)
	NOT-FOR-US: JRun
CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to d ...)
	NOT-FOR-US: JRun
CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remot ...)
	NOT-FOR-US: JRun
CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, A ...)
	NOT-FOR-US: JRun
CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not p ...)
	NOT-FOR-US: HP-UX
CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows  ...)
	- lprng <not-affected> (Not suid in Debian)
	- cups <not-affected> (Not suid in Debian)
	- cupsys <not-affected> (Not suid in Debian)
CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly authent ...)
	- openssh 1:3.0.1
CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an inva ...)
	NOT-FOR-US: FTGate
CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application  ...)
	NOT-FOR-US: Oracle
CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql i ...)
	NOT-FOR-US: Oracle
CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
	NOT-FOR-US: Phorum
CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum 3 ...)
	NOT-FOR-US: Phorum
CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ce ...)
	NOT-FOR-US: Phorum
CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary fi ...)
	NOT-FOR-US: Phorum
CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to acces ...)
	NOT-FOR-US: Phorum
CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator passw ...)
	NOT-FOR-US: Phorum
CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet Cr ...)
	NOT-FOR-US: USANet
CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
	NOT-FOR-US: Squito Gallery
CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to  ...)
	NOT-FOR-US: PhpSlash
CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 a ...)
	{DSA-759-1}
	- phppgadmin 3.5.4-1 (bug #318284; medium)
CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote atta ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5  ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers t ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in PHPSecurePage ...)
	NOT-FOR-US: PHPSecurePages (phpSP)
CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 a ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact  ...)
	NOT-FOR-US: Jinzora
CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 allo ...)
	NOT-FOR-US: DownloadProtect
CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown i ...)
	NOTE: no details available
	- moodle 1.5.1-1
CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1  ...)
	NOT-FOR-US: iPhotoAlbum
CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers  ...)
	NOT-FOR-US: BIG-IP
CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ear ...)
	NOT-FOR-US: Cisco
CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
	{DSA-1003-1}
	- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
	- oftpd 20040304-1 (bug #318286; medium)
	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to  ...)
	NOT-FOR-US: AIX
CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and  ...)
	NOT-FOR-US: AIX
CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and  ...)
	NOT-FOR-US: AIX
CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3,  ...)
	NOT-FOR-US: AIX
CVE-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 m ...)
	NOT-FOR-US: AIX
CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
	NOT-FOR-US: AIX
CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to  ...)
	{DSA-761-2}
	- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmos ...)
	- elmo 1.3.0-1.1 (bug #318291; low)
	[sarge] - elmo <no-dsa> (Minor issue)
CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web doc ...)
	NOT-FOR-US: Blog Torrent
CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message tit ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite ...)
	NOT-FOR-US: Softiacom wMailserver
CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account wh ...)
	NOT-FOR-US: Outlook
CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Microsoft
CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard befor ...)
	NOT-FOR-US: MailEnable
CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Profession ...)
	NOT-FOR-US: MailEnable
CVE-2005-2221
	NOT-FOR-US: Dragonfly
CVE-2005-2220
	NOT-FOR-US: Dragonfly
CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check  ...)
	- kfreebsd5-source 5.3-17 (medium)
CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with  ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo  ...)
	NOT-FOR-US: PhotoGal
CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x bef ...)
	- mediawiki 1.4.9
CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
	- apt-setup <unfixed> (bug #305142; unimportant)
	NOTE: That's by design. We want to provide non-root users access to the source code,
	NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive
	NOTE: as it'll be sent non-encrypted over the wire.
CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS Ripp ...)
	NOT-FOR-US: MMS Ripper
CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world readabl ...)
	NOTE: duplicate of CVE-2005-1856
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
	NOTE: duplicate of CVE-2005-1855
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows r ...)
	NOT-FOR-US: Internet Download Manager
CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as  ...)
	NOT-FOR-US: ScanShare
CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: PrivaShare
CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote attacke ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers  ...)
	NOT-FOR-US: kaiseki.cgi
CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) e ...)
	NOT-FOR-US: SiteMinder
CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to bypa ...)
	NOT-FOR-US: phpWishlist
CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
	NOT-FOR-US: Xerox Hardware issue
CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox WorkCent ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for Xer ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in PP ...)
	NOT-FOR-US: PPA web photo gallery
CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3 ...)
	NOT-FOR-US: SPiD
CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows re ...)
	NOT-FOR-US: Id Board
CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a  ...)
	NOT-FOR-US: Apple Airport
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers  ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 a ...)
	NOT-FOR-US: Apple
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in profile ...)
	NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
	NOT-FOR-US: SimplePHPBlog
CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus shoppi ...)
	NOT-FOR-US: Comersus
CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
	NOT-FOR-US: Comersus
CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 store ...)
	NOT-FOR-US: Lantronix SecureLinx
CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2187 (McAfee IntruShield Security Management System allows remote authentica ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShi ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote atta ...)
	NOT-FOR-US: eRoom
CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
	NOT-FOR-US: eRoom
CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle l ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not prop ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the  ...)
	NOT-FOR-US: SIP phone hardware issue
CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ins ...)
	- gnats 4.0 (bug #318481; high)
CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
	NOT-FOR-US: Jaws
CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via sh ...)
	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
	NOTE: the affected probe.cgi
CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when  ...)
	{DSA-873-1}
	- net-snmp 5.2.1.2-1 (bug #318420; low)
	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
	[sarge] - ucd-snmp <no-dsa> (Minor issue)
CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without p ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
	NOT-FOR-US: Notes
CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 i ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2. ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2172
	RESERVED
CVE-2005-2171
	RESERVED
CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint a ...)
	NOT-FOR-US: Tivoli
CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allo ...)
	NOT-FOR-US: AliveSites
CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allo ...)
	NOT-FOR-US: AliveSites
CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Con ...)
	NOT-FOR-US: Express-Web
CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5 ...)
	NOT-FOR-US: IdealBB
CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1. ...)
	NOT-FOR-US: IdealBB
CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4. ...)
	NOT-FOR-US: IdealBB
CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
	NOT-FOR-US: NatterChat
CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allo ...)
	NOT-FOR-US: Veritas
CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running  ...)
	NOT-FOR-US: Cold Fusion
CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows  ...)
	NOT-FOR-US: Ansel
CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 thro ...)
	NOT-FOR-US: DUclassified
CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows r ...)
	NOT-FOR-US: DUforum
CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
	NOT-FOR-US: DUforum
CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 al ...)
	NOT-FOR-US: DUclassified
CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attack ...)
	NOT-FOR-US: DUclassmate
CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the own ...)
	NOT-FOR-US: kdocker
CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of  ...)
	NOT-FOR-US: Zanfi
CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
	NOT-FOR-US: Zanfi
CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition bef ...)
	NOT-FOR-US: MailEnable
CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4 ...)
	NOT-FOR-US: CJOverkill
CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic  ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact an ...)
	- unzoo 4.4-3 (bug #306164)
CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows re ...)
	NOT-FOR-US: DMXReady
CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Mana ...)
	NOT-FOR-US: DMXReady
CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "fi ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
	NOT-FOR-US: Digicraft Yak!
CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to exec ...)
	NOT-FOR-US: WeHelpBUS
CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote at ...)
	NOT-FOR-US: Macromedia JRun
CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remot ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.6 ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote a ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 al ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow rem ...)
	NOT-FOR-US: ReviewPost
CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact  ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductC ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt passw ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allo ...)
	- cherokee 0.4.8
CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan 2 ...)
	NOT-FOR-US: Caravan
CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote aut ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service (CP ...)
	NOT-FOR-US: BaSoMail
CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other vers ...)
	- latex2rtf 1.9.16
CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C ...)
	NOT-FOR-US: Canon ImageRUNNER
CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, allo ...)
	NOT-FOR-US: Lords of the Realm
CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database connect ...)
	NOT-FOR-US: VP-ASP
CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line  ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote att ...)
	- serendipity 1.0-1
CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
	NOT-FOR-US: Online Recruitment Agency
CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its au ...)
	NOT-FOR-US: Online-bookmarks
CVE-2005-2348
	REJECTED
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty P ...)
	NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote unauthe ...)
	NOT-FOR-US: Plague
CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News S ...)
	NOT-FOR-US: Plague
CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
	NOT-FOR-US: Plague
CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute arbitr ...)
	NOT-FOR-US: GlobalNoteScript
CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote atta ...)
	NOT-FOR-US: Covide
CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
	NOT-FOR-US: AutoIndex PHP Script
CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestboo ...)
	NOT-FOR-US: MyGuestbook
CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
	{DSA-768-1}
	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which a ...)
	NOT-FOR-US: IMail
CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attacke ...)
	NOT-FOR-US: PlanetDNS
CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows rem ...)
	NOT-FOR-US: JBoss
CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
	NOT-FOR-US: nabopoll
CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and e ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) open.ph ...)
	NOT-FOR-US: osTicket
CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
	NOT-FOR-US: osTicket
CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote att ...)
	NOT-FOR-US: Geeklog
CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures whe ...)
	{DSA-784-1}
	- courier 0.47-6 (bug #320290; low)
CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does  ...)
	NOT-FOR-US: Microsoft
CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set  ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to p ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary  ...)
	{DSA-739-1}
	- trac 0.8.4-1
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows  ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of  ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and mo ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service (cr ...)
	NOT-FOR-US: Microsoft
CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows rem ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: TCP Chat
CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 allow ...)
	NOT-FOR-US: FSboard
CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta A ...)
	NOT-FOR-US: Pavsta
CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev eComme ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers  ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, an ...)
	NOT-FOR-US: Raritan Dominion SX
CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Websi ...)
	NOT-FOR-US: EtoShop
CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow  ...)
	NOT-FOR-US: NetBSD
CVE-2005-2133
	REJECTED
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1. ...)
	NOT-FOR-US: SCO UnixWare
CVE-2005-2131
	RESERVED
CVE-2005-2130
	RESERVED
CVE-2005-2129
	RESERVED
CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...)
	NOT-FOR-US: Windows
CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet Explore ...)
	NOT-FOR-US: Windows
CVE-2005-2125
	RESERVED
CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...)
	NOT-FOR-US: Windows
CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL ...)
	NOT-FOR-US: Windows
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Serv ...)
	NOT-FOR-US: Windows
CVE-2005-2121
	RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPM ...)
	NOT-FOR-US: Windows
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed Transacti ...)
	NOT-FOR-US: Microsoft
CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Serv ...)
	NOT-FOR-US: Windows
CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Windows
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as cas ...)
	- cups 1.1.20final+rc1-1 (low)
	- cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116
	REJECTED
CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause  ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Mele ...)
	NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits
	[sarge] - mozilla <not-affected> (Unreproducible)
	- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC se ...)
	NOT-FOR-US: Xoops
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 an ...)
	NOT-FOR-US: Xoops
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to  ...)
	NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensit ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers  ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and  ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Wor ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1  ...)
	{DSA-745-1}
	- drupal 4.5.4-1 (bug #316362)
CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authent ...)
	NOT-FOR-US: IOS
CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive informat ...)
	NOT-FOR-US: sysreport
CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows  ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (high; bug #323706)
CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cau ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (medium; bug #323706)
CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in / ...)
	{DSA-818-1}
	- kdeedu 4:3.4.2-1 (low)
CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux  ...)
	- linux-2.6 <not-affected> (Red Hat specific according to Horms)
	- kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms)
CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring t ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2 ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files,  ...)
	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
	- kdegraphics 4:3.4.2-1 (bug #322458; low)
	- xpdf 3.00-15 (bug #322462; low)
	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
	- tetex-bin 3.0-12
	NOTE: tetex links to poppler since 3.0-12
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- gpdf 2.10.0-4 (bug #334454; low)
	NOTE: Cups switched to xpdf-utils
	- cupsys 1.1.22-7 (bug #324464)
	- cups 1.1.22-7 (bug #324464)
	[woody] - cupsys <not-affected> (Vulnerable code not present)
	- poppler 0.4.0-1 (low)
	- libextractor 0.5.8-1 (medium)
CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial  ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1}
	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
	NOTE: Florian Weimer is doing a comprehensive audit using clamav
	NOTE: to search for static zlib signatures in binaries in Debian
	NOTE: Not all of the listed packages have been checked for actual
	NOTE: exploitability using this hole.
	NOTE: oldstable (woody) had zlib 1.1, which is not affected
	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
	- dpkg 1.13.11 (bug #317967; unimportant)
	NOTE: You need to trust debs anyway, when installing them
	- zsync 0.4.0-2 (bug #317968; medium)
	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
	- dump 0.4b40-1 (bug #317966; low)
	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
	- aide 0.10-6.1.1 (bug #317523; unimportant)
	NOTE: aide only uses zlib to compress/decompress internal data
	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- amd64-libs 1.3 (bug #317970; medium)
	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- ia32-libs 1.6 (bug #317971; medium)
	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
	- bacula 1.36.3-2 (bug #318014; medium)
	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
	- sash 3.7-6 (bug #318246; bug #318069; medium)
	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- libphysfs 1.0.0-5 (bug #318091; unimportant)
	- oops 1.5.23.cvs-3 (bug #318097; medium)
	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
	- rpm 4.0.4-31.1 (bug #318099; unimportant)
	NOTE: You need to trust rpms anyway, when installing them
	- rageircd 2.0.0-3sid1 (bug #309196; medium)
	- systemimager-ssh <not-affected> (bug #318101; unimportant)
	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- texmacs 1:1.0.5-3 (bug #318100; medium)
	[sarge] - texmacs <no-dsa> (Hardly exploitable)
	- zlib 1:1.2.2-7 (bug #317133; medium)
	- pvpgn 1.7.8-2 (bug #332236)
	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
	NOTE: as the included version was never affected, despite claiming them so.
CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the extr ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the we ...)
	NOT-FOR-US: Sun
CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attacker ...)
	NOT-FOR-US: Oracle
CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison  ...)
	NOT-FOR-US: Websphere
CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allo ...)
	- tomcat4 4.1.28-1
	NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ca ...)
	NOT-FOR-US: Microsoft
CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ac ...)
	{DSA-805-1 DSA-803-1}
	- apache 1.3.33-8 (bug #322607; medium)
	- apache2 2.0.54-5 (bug #316173; medium)
CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating system ...)
	NOT-FOR-US: Microsoft
CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0. ...)
	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7  ...)
	NOT-FOR-US: Inframail
CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Comm ...)
	NOT-FOR-US: Community Forum
CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate Editi ...)
	NOT-FOR-US: IA eMailServer
CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: imTRSET
CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in As ...)
	- asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant)
	NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands
CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VE ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS B ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows remot ...)
	NOT-FOR-US: Lpanel
CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GoodTech SMTP Server
CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software 1. ...)
	NOT-FOR-US: Real Estate Management Software
CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Chatman
CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different e ...)
	NOT-FOR-US: INTELLIPEER Email Server
CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for M ...)
	- mysql-dfsg-4.1 4.1.5-1
CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava Asta ...)
	- fprobe-ng 1.1-1
	- fprobe 1.1-4
	NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package
	NOTE: replaced fprobe therefore marking as fixed in 1.1-4
CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook al ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows  ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows r ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Baal Smart Forms
CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to  ...)
	NOT-FOR-US: Mambo Portal
CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
	- sdd 1.52-1
CVE-2004-2141
	REJECTED
CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
	NOT-FOR-US: YaBB
CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows  ...)
	NOT-FOR-US: YaBB
CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScri ...)
	NOT-FOR-US: MySQLGuest
CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a deni ...)
	NOT-FOR-US: BisonFTP Server
CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting Cont ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable fil ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
	NOT-FOR-US: DB2
CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...)
	NOT-FOR-US: Solaris
CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to exec ...)
	NOT-FOR-US: Solaris
CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used i ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #318755; medium)
CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a sla ...)
	{DSA-785-1}
	- openldap2.2 2.2.26-3 (bug #316674; medium)
	- openldap2 2.1.30-11 (medium)
	- libpam-ldap 178-1sarge1 (bug #316972; medium)
	- libnss-ldap 238-1.1 (bug #316973; medium)
CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers t ...)
	- kfreebsd-source <unfixed>
CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of aspn ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allow ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP Nu ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow r ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSel ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow r ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to inclu ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) adda ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6 ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Thr ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.8 ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne  ...)
	NOT-FOR-US: Affected only Real Player, not Helix Player
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obta ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: iSMTP
CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windo ...)
	NOT-FOR-US: Microsoft
CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
	NOT-FOR-US: QNX
CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in Ic ...)
	NOTE: verified current version is not vulnerable to exploit
CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "publ ...)
	NOT-FOR-US: Microsoft
CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 t ...)
	NOT-FOR-US: Solaris
CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclas ...)
	NOT-FOR-US: Watchguard SOHO
CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewa ...)
	NOT-FOR-US: IPFilter
CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to th ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
	- net-tools <unfixed> (unimportant)
	NOTE: This seems to be a misunderstanding of what the PROMISC flag
	NOTE: is about. ifconfig reports properly when it is set using
	NOTE: "ifconfig promisc".
CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt t ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require a ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (I ...)
	NOT-FOR-US: Microsoft
CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch ...)
	NOT-FOR-US: pp_powerSwitch
CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft Networking_Uti ...)
	NOT-FOR-US: Sourcecraft Networking Utils
CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the rul ...)
	NOT-FOR-US: SnortCenter
CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
	NOT-FOR-US: Magic Notebook
CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and  ...)
	NOT-FOR-US: Com21 hardware
CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause  ...)
	NOT-FOR-US: XiRCON
CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards Pla ...)
	NOT-FOR-US: My Postcards Platinum
CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitam ...)
	NOT-FOR-US: Imatix Xitami
CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote atta ...)
	NOT-FOR-US: phpEventCalender
CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit  ...)
	NOTE: No kernels in Sarge or sid affected
CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to by ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to by ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
	NOT-FOR-US: Cybozu Share
CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrar ...)
	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...)
	NOT-FOR-US: kmMail
CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9. ...)
	- pen <not-affected> (pen was introduced after this old vulnerability)
CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions,  ...)
	- rox 1.3.0-1
CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting CI ...)
	NOT-FOR-US: Iomega hardware issue
CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...)
	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
	NOTE: php function that displays the PHP logo and version information. In the bug
	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
	NOTE: function.
	NOTE: can not reproduce in any versions of php4 in the archive.
	- php4 <not-affected> (bug #349260; low)
	- php5 5.1.1-1 (bug #336654; low)
CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant Messenge ...)
	NOT-FOR-US: AIM
CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL operati ...)
	NOT-FOR-US: phpRank
CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ex ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote  ...)
	NOT-FOR-US: phpRank
CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega  ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to exe ...)
	- gringotts <not-affected> (fixed before Gringotts was in Debian)
CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all install ...)
	- webmin 1.000-2
CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000 ...)
	NOT-FOR-US: VNSL
CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attacker ...)
	NOT-FOR-US: SmailMail
CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola Surfboard
CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, lea ...)
	NOT-FOR-US: SafeTP
CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive co ...)
	NOT-FOR-US: Imatix
CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote a ...)
	NOT-FOR-US: RadioBird
CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes  ...)
	NOT-FOR-US: LCC-Win32
CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are transfer ...)
	NOT-FOR-US: FlashFXP
CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Virgil CGI Scanner
CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the adminis ...)
	NOT-FOR-US: Symantex Appliance
CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door account ...)
	NOT-FOR-US: UTStarcom
CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2)  ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leak ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not  ...)
	NOT-FOR-US: Microsoft
CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send adminis ...)
	NOT-FOR-US: Microsoft
CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 a ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attacker ...)
	NOT-FOR-US: AN HTTPd
CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena  ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory tr ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify  ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File Manag ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ca ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during installati ...)
	NOT-FOR-US: Powerchute
CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when runni ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBul ...)
	NOT-FOR-US: vBulletin
CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when runni ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: FtpXQ
CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remo ...)
	NOT-FOR-US: VS-ASP
CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MD ...)
	NOT-FOR-US: Microsoft ADO
CVE-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...)
	NOT-FOR-US: Geeklog
CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers  ...)
	NOT-FOR-US: Pirch
CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to caus ...)
	NOT-FOR-US: tip
CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of servi ...)
	- dump 0.4b31-1
CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbit ...)
	NOT-FOR-US: myPHPNuke
CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable t ...)
	NOT-FOR-US: SkyStream
CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allow ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak  ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause  ...)
	NOT-FOR-US: TelCondex
CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attacker ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allo ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 thr ...)
	NOT-FOR-US: ghttpd
CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: a ...)
	- pine 4.62-1 (low)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: checked listed version, and it didn't have the problem
	NOTE: pine is non-free (alpine is free)
CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: CGIForum
CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 a ...)
	NOT-FOR-US: BBGallery
CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...)
	NOT-FOR-US: Pinboard
CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a d ...)
	NOT-FOR-US: MyWebserver
CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, all ...)
	- alsaplayer 0.99.72-1
CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using  ...)
	- tomcat4 <not-affected> (Windows-specific Tomcat problems)
CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0 ...)
	- phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295)
CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1 ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password i ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to e ...)
	NOT-FOR-US: IRCIT
CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbi ...)
	NOT-FOR-US: RedHat specific
CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
	NOT-FOR-US: Logsurfer
CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to t ...)
	NOT-FOR-US: CommonName Toolbar
CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for phpMyNews ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with in ...)
	NOT-FOR-US: TightAuction
CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlo ...)
	NOT-FOR-US: PPhlogger
CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ad ...)
	NOT-FOR-US: Py-Membres
CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...)
	- qt-x11-free 2:3.0.4-1
CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attacke ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by mo ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers t ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...)
	NOT-FOR-US: w-Agora
CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions f ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, a ...)
	NOT-FOR-US: Entercept Agent
CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...)
	NOT-FOR-US: Astrocam
CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure Cal ...)
	NOT-FOR-US: Microsoft
CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled ...)
	NOT-FOR-US: Microsoft
CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid roo ...)
	NOT-FOR-US: Solaris
CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle w ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does  ...)
	NOT-FOR-US: Heysoft EventSave
CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...)
	NOT-FOR-US: Dispair
CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 do ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descri ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI- ...)
	NOT-FOR-US: Embedded HTTP server
CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 thr ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other models ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: SmartMail Server
CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, all ...)
	NOT-FOR-US: Sybase ASE
CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers t ...)
	NOT-FOR-US: Pramati
CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...)
	NOT-FOR-US: Orion
CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1 ...)
	NOT-FOR-US: Oracle
CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: jo! jo Webserver
CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote atta ...)
	NOT-FOR-US: HP Application Server
CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows remot ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execu ...)
	NOT-FOR-US: rlaj whois.cgi
CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...)
	NOT-FOR-US: MyNewsGroups
CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
	- monkey 0.9.2-1
	NOTE: Vulnerable code verified not be present in any Debian version
CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute c ...)
	NOT-FOR-US: WS_FTP Pro
CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly re ...)
	- apache2 2.0.42-1
CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back butto ...)
	NOT-FOR-US: ParaChat
CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords  ...)
	NOT-FOR-US: TightVNC on Windows only
CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a use ...)
	NOT-FOR-US: YaBB
CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another B ...)
	NOT-FOR-US: YaBB
CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, i ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Perlbot
CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Perlbot
CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not restri ...)
	NOT-FOR-US: Nogusta NOLA
CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could con ...)
	NOT-FOR-US: some irssi tarballs contained a backdoor
CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record th ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52)
CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbi ...)
	NOT-FOR-US: Charities.cron
CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display Syste ...)
	NOT-FOR-US: Image Display System
CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exp ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 run ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 all ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a  ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in Firestor ...)
	NOT-FOR-US: Firestorm IDS
CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attacker ...)
	NOT-FOR-US: Microsoft MSN Messenger Service
CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypa ...)
	NOT-FOR-US: Open Bulletin Board
CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bull ...)
	NOT-FOR-US: Open Bulletin Board
CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Savant Webserver
CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of  ...)
	- sendmail 8.12-4
CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass  ...)
	- kernel-patch-2.4-grsecurity 1.9.6-1
CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0  ...)
	NOT-FOR-US: WASD
CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
	NOT-FOR-US: MSIE
CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1. ...)
	NOT-FOR-US: Zeroo
CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the pa ...)
	NOT-FOR-US: IBM HTTP Server on AS/400
CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated user ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administ ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote at ...)
	NOT-FOR-US: TinyHTTPD
CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ar ...)
	NOT-FOR-US: httpbench
CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsN ...)
	NOT-FOR-US: Veritas
CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
	NOT-FOR-US: ATPhttpd
CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in Aquo ...)
	NOT-FOR-US: Aquonics
CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows l ...)
	- bonobo <not-affected> (efstool not suid on Debian)
CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2 ...)
	NOT-FOR-US: AIM
CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to execu ...)
	NOT-FOR-US: gdam123
CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 a ...)
	NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to  ...)
	NOT-FOR-US: D-Link DWL-900AP+ Access Point
CVE-2002-1809 (The default configuration of the Windows binary release of MySQL 3.23. ...)
	NOT-FOR-US: MySQL windows binary
CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System 1 ...)
	NOT-FOR-US: Meunity
CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows re ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
	NOT-FOR-US: Drupal
CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
	- dacode <removed> (bug #322605; low)
	[sarge] - dacode <no-dsa> (Minor issue; attacker would need to bypass moderator review/approval)
	NOTE: Sarge is affected (has same version as testing/unstable)
CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote att ...)
	NOT-FOR-US: NPDS
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remot ...)
	NOT-FOR-US: Xoops
CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ser ...)
	NOT-FOR-US: phpRank
CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote  ...)
	NOT-FOR-US: phpRank
CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) up ...)
	NOT-FOR-US: MidiCart
CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 815 ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 41 ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft T ...)
	NOT-FOR-US: Microsoft
CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product  ...)
	NOT-FOR-US: HP ldapux-pamauthz
CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
	NOT-FOR-US: HP Virtualvault OS
CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
	NOT-FOR-US: Fake Identd
CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0  ...)
	NOT-FOR-US: microsoft
CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows l ...)
	- newsx 1.4pl6.0-2
CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 thr ...)
	- nn 6.6.4-1
CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through  ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
	NOT-FOR-US: Zeus Administration Server
CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allo ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_ur ...)
	- php4 4:4.3.10-15
CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause  ...)
	NOT-FOR-US: microsoft
CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote attack ...)
	NOT-FOR-US: JAF CMS
CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6 ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console  ...)
	NOT-FOR-US: BEWAC
CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers t ...)
	- tor 0.0.9.10-1 (medium)
CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
	NOT-FOR-US: Duware
CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and poss ...)
	NOT-FOR-US: Duware
CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allo ...)
	NOT-FOR-US: Duware
CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and  ...)
	NOT-FOR-US: Duware
CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 al ...)
	NOT-FOR-US: Duware
CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 an ...)
	NOT-FOR-US: ATutor
CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
	NOT-FOR-US: XAMPP
CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allo ...)
	NOT-FOR-US: ajax-spell
CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other p ...)
	NOT-FOR-US: ViRobot
CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd f ...)
	{DSA-758-1}
	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CVE-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and e ...)
	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ot ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow rem ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Caf&#233;) Chat 1.2.1 allows remote  ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf&#233; ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCol ...)
	NOT-FOR-US: iGallery
CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar Pr ...)
	NOT-FOR-US: iGallery
CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote attac ...)
	NOT-FOR-US: socialMPN
CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
	NOT-FOR-US: external script that allow interaction between amarok and a browser
CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ea ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does no ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a h ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers  ...)
	{DSA-738-1}
	NOTE: varying and apparently innacurate info about what versions fix it
	- razor 2.720-1 (low)
CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Li ...)
	- gnupg2 1.9.15-1
CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
	NOT-FOR-US: iPlanet
CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier all ...)
	NOT-FOR-US: cPanel
CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network S ...)
	NOT-FOR-US: 3com Network Supervisor
CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) o ...)
	NOT-FOR-US: FreeBSD ipfw
CVE-2005-2018
	RESERVED
CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain priv ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2016
	RESERVED
CVE-2005-2015
	RESERVED
CVE-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
	NOT-FOR-US: paFAQ
CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: paFAQ
CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 al ...)
	NOT-FOR-US: paFAQ
CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta  ...)
	NOT-FOR-US: paFAQ
CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Rel ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow rem ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the  ...)
	- yaws 1.56-1 (low)
CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier a ...)
	- trac 0.8.4-1 (bug #315145)
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain  ...)
	NOT-FOR-US: JBOSS
CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat f ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (U ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlie ...)
	NOT-FOR-US: Mambo
CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and  ...)
	NOT-FOR-US: paFileDB
CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier all ...)
	NOT-FOR-US: paFileDB
CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
	NOT-FOR-US: McGallery
CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to arbitr ...)
	NOT-FOR-US: McGallery
CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site Ma ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download b ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-comman ...)
	{DSA-735-2 DSA-735-1}
	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets  ...)
	{DSA-748-1}
	- ruby1.8 1.8.2-8 (bug #315064; medium)
	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CVE-2005-1991
	RESERVED
CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MSIE
CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows re ...)
	NOT-FOR-US: MSIE
CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows re ...)
	NOT-FOR-US: MSIE
CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in Micros ...)
	NOT-FOR-US: Microsoft
CVE-2005-1986
	RESERVED
CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, X ...)
	NOT-FOR-US: Microsoft
CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microso ...)
	NOT-FOR-US: Spoolsv.exe
CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for Mic ...)
	NOT-FOR-US: Microsoft
CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory str ...)
	NOT-FOR-US: Microsoft
CVE-2005-1977
	RESERVED
CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...)
	NOT-FOR-US: Novell NetMail
CVE-2002-1782 (The default configuration of University of Washington IMAP daemon (wu- ...)
	- uw-imap 7:2002ddebian1-2 (bug #315499; unimportant)
	NOTE: This only applies to very exotic setups. It's also documented in the FAQ
	NOTE: and if someone has such a setup she will have to recompile the package with
	NOTE: the security features enabled.
CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
	NOT-FOR-US: DeleGate
CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
	NOT-FOR-US: BPM Studio Pro
CVE-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal F ...)
	NOT-FOR-US: Norton
CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to bypa ...)
	NOT-FOR-US: Norton
CVE-2002-1777 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...)
	NOT-FOR-US: Symantec
CVE-2002-1776 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...)
	NOT-FOR-US: Symantec
CVE-2002-1775 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...)
	NOT-FOR-US: Symantec
CVE-2002-1774 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...)
	NOT-FOR-US: Symantec
CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows rem ...)
	NOT-FOR-US: ICQ for MacOS X
CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain A ...)
	NOT-FOR-US: Novell Netware
CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send s ...)
	NOT-FOR-US: FormMail
CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code  ...)
	NOT-FOR-US: Eudora
CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_A ...)
	NOT-FOR-US: Microsoft
CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows  ...)
	NOT-FOR-US: Cisco
CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linu ...)
	NOT-FOR-US: Oracle
CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ove ...)
	NOT-FOR-US: Netscape
	NOTE: didn't check mozilla
CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
	- evolution 1.0.5
CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to o ...)
	NOT-FOR-US: acrobat
CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" an ...)
	NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans  ...)
	NOT-FOR-US: Microsoft
CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows  ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 al ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ver ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify da ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authent ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service (crash ...)
	NOT-FOR-US: ACDSee
CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets,  ...)
	- tinc 1.0pre5
CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows loca ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows  ...)
	NOT-FOR-US: csNews
CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers t ...)
	NOT-FOR-US: csChat-R-Box
CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attacke ...)
	NOT-FOR-US: csLiveSupport
CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attacke ...)
	NOT-FOR-US: csGuestbook
CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of t ...)
	NOT-FOR-US: Windows 2000 Terminal Services
CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
	- slash 2.2.3
CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows remot ...)
	- vtun 2.5b2
CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions b ...)
	- vtun 2.5b2
CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5. ...)
	NOT-FOR-US: Microsoft
CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: AOL ICQ
CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
	- soap-lite 0.55
CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient fo ...)
	NOT-FOR-US: WorldClient
CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologie ...)
	NOT-FOR-US: WorldClient
CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption al ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaem ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and directori ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
	NOT-FOR-US: CGINews
CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain privile ...)
	NOT-FOR-US: dlogin
CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized administrato ...)
	NOT-FOR-US: NewsPro
CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message boar ...)
	NOT-FOR-US: Prospero MessageBoards
CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
	NOT-FOR-US: Actinic Catalog
CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
	NOT-FOR-US: IBM AS/400
CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary mess ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allo ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine  ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_ ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authen ...)
	NOT-FOR-US: PhotoDB
CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPIm ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the  ...)
	NOT-FOR-US: Powerboards
CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
	NOT-FOR-US: microsoft
CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attacker ...)
	- altermime <not-affected> (fixed before the first Debian upload)
CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows rem ...)
	NOT-FOR-US: Spooky Login
CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify po ...)
	NOT-FOR-US: Bavo
CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote attac ...)
	NOT-FOR-US: microsoft
CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote attacker ...)
	NOT-FOR-US: microsoft
CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on Microsof ...)
	NOT-FOR-US: microsoft
CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to by ...)
	- openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.")
CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in  ...)
	NOT-FOR-US: msec
CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: microsoft
CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX direc ...)
	NOT-FOR-US: BasiliX
CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 doe ...)
	NOT-FOR-US: BasiliX
CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote atta ...)
	NOT-FOR-US: BasiliX
CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allow ...)
	NOT-FOR-US: BasiliX
CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "re ...)
	- phpbb2 2.0.6c-1
CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7 ...)
	NOT-FOR-US: Cisco
CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" varia ...)
	NOT-FOR-US: Zeroboard
CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft Ne ...)
	NOT-FOR-US: NetAuction
CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifie ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template handl ...)
	NOT-FOR-US: ColdFusion
CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 al ...)
	NOT-FOR-US: ASP Client Check
CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 all ...)
	NOT-FOR-US: Microsoft
CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak en ...)
	- vtun 2.6-1
CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently s ...)
	NOT-FOR-US: Microsoft Outlook plugin
CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
	NOT-FOR-US: Norton
CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with F ...)
	NOT-FOR-US: Microsoft
CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows attac ...)
	NOT-FOR-US: Microsoft
CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors an ...)
	NOT-FOR-US: AIX
CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could all ...)
	NOT-FOR-US: AIX
CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
	NOT-FOR-US: Microsoft
CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users t ...)
	NOT-FOR-US: AIX
CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown impact ...)
	NOT-FOR-US: AIX
CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2)  ...)
	NOT-FOR-US: Deerfield D2Gfx
CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1 ...)
	NOT-FOR-US: BadBlue Personal Edition
CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
	NOT-FOR-US: NewsReactor
CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases Jun ...)
	- slash <not-affected> (Only present in intermediate CVS version, not released in Debian)
CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shoppi ...)
	NOT-FOR-US: COWS
CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 al ...)
	NOT-FOR-US: vBulletin
CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft  ...)
	NOT-FOR-US: vBulletin
CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine th ...)
	NOT-FOR-US: mrtgconfig
CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local user ...)
	NOT-FOR-US: BindView NetInventory
CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c i ...)
	NOT-FOR-US: Unreal IRCd
CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of s ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter sc ...)
	- webmin 0.93 (medium)
CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with inse ...)
	- webmin <not-affected> (packaging flaw of an unknown RPM based distro)
	NOTE: Permissions of Debian's webmin package look sane and FHS compliant
CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites previousl ...)
	NOT-FOR-US: Microsoft
CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with  ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of servic ...)
	NOT-FOR-US: HP-UX
CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and earlie ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 a ...)
	NOT-FOR-US: Oracle
CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP Se ...)
	NOT-FOR-US: HP Secure OS layer
CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into u ...)
	- tinc 1.0pre5-1
CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Lotus Notes
CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS  ...)
	NOT-FOR-US: Sun
CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote atta ...)
	NOT-FOR-US: WebCart
CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions a ...)
	NOTE: Fix went into proftpd CVS on 2002-12-12
	- proftpd 1.2.8-1
CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly verif ...)
	- proftpd 1.2.4-1
CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error mess ...)
	NOT-FOR-US: Check Point
CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary  ...)
	NOT-FOR-US: mod_bf
CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
	- thttpd 2.21
CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers to ...)
	NOT-FOR-US: Network Query Tool
CVE-2001-1494 (script command in the util-linux package before 2.11n allows local use ...)
	- util-linux 2.11n-1
CVE-2001-1492
	REJECTED
CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU c ...)
	NOT-FOR-US: Opera
CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service (CP ...)
	NOTE: mozilla is quite easily DOSable with all sorts of large html
	NOTE: files, probably not worth following up on.
CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft
CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 doe ...)
	NOT-FOR-US: Open Projects ircd
CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
	- qpopper <not-affected> (Vulnerable code verified not present)
CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File  ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remo ...)
	- libpam-opie <unfixed> (bug #112279; unimportant)
	NOTE: This is documented and not really important. In contrast to passwords
	NOTE: used by humans
	[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allow ...)
	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in plainte ...)
	NOT-FOR-US: Xitami
CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows unt ...)
	NOT-FOR-US: Sun Java
CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows loc ...)
	NOT-FOR-US: Sun
CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0 ...)
	NOT-FOR-US: UnixWare
CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS m ...)
	- snort 1.6.1-1
CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
	NOT-FOR-US: Xitami
CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1 ...)
	NOT-FOR-US: Annuaire
CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE)  ...)
	NOT-FOR-US: Sun Java
CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0  ...)
	NOT-FOR-US: Sun Java
CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11  ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta  ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Wind ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserve ...)
	NOT-FOR-US: Pragma Telnetserver
CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce befo ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows  ...)
	NOT-FOR-US: e107
CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...)
	NOT-FOR-US: Broadpool Siteframe
CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia Po ...)
	NOT-FOR-US: Ovidentia Portal
CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 a ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allo ...)
	NOT-FOR-US: C-JDBC
CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers t ...)
	NOT-FOR-US: C.J. Steele Tattle
CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute a ...)
	NOT-FOR-US: JamMail
CVE-2005-1958
	REJECTED
CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user authentic ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files  ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9 ...)
	NOT-FOR-US: singapore
CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: singapore
CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server (pServ ...)
	NOT-FOR-US: Pico Server
CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows re ...)
	NOT-FOR-US: Pico Server
CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Mil ...)
	NOT-FOR-US: osCommerce
CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webhints
CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
	NOT-FOR-US: e107
CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before 1.3. ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery be ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 F ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary fil ...)
	NOT-FOR-US: xmysqladmin
CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 al ...)
	NOT-FOR-US: Loki download manager
CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-st ...)
	NOT-FOR-US: SilverCity
CVE-2005-1940
	RESERVED
CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
	REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote at ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.6-1 (medium)
	- mozilla 2:1.7.10-1 (medium)
	[woody] - mozilla <not-affected> (regression of a previous security fix)
CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network Controlle ...)
	NOT-FOR-US: Xerox hardware issue
CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component (rpt ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2)  ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console 5. ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1927
	RESERVED
CVE-2005-1926
	RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1  ...)
	NOT-FOR-US: Tikiwiki
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...)
	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #316401; bug #316462; medium)
CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 all ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (low)
CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XM ...)
	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
	- serendipity 1.0-1
	- drupal 4.5.4-1 (high; bug #316362)
	- phpgroupware 0.9.16.006-1 (high)
	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
	- phpwiki 1.3.7-4 (bug #316714; high)
	- php4 4:4.3.10-16 (high; bug #316447)
	- horde3 <not-affected> (horde3 ships different XMLRPC code)
CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4. ...)
	{DSA-804-2}
	- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
	REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability (CV ...)
	- tar 1.14-2.2
	NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite arb ...)
	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows  ...)
	NOT-FOR-US: log4sh
CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable  ...)
	{DSA-754-1 DTSA-2-1}
	- centericq 4.20.0-7 (medium)
CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a den ...)
	{DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.6.11 2.6.11-6 (medium)
CVE-2005-1912
	REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang whil ...)
	- leafnode 1.11.3.rel-1 (bug #338886; low)
	[sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events Sys ...)
	NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote attack ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls f ...)
	NOT-FOR-US: Perception LiteWeb
CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and Accelerati ...)
	NOT-FOR-US: Microsoft
CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows r ...)
	NOT-FOR-US: livingmailing
CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
	NOT-FOR-US: Kaspersky
CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
	NOT-FOR-US: JiRo's Upload Systems
CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 all ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before  ...)
	NOT-FOR-US: Sawmill
CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: Sawmill
CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released befo ...)
	NOT-FOR-US: RakNet
CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before 1.5 ...)
	NOT-FOR-US: phpThumb
CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before  ...)
	NOT-FOR-US: FlexCast
CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allow ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remo ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote at ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
	NOT-FOR-US: Mortiforo
CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenanc ...)
	NOT-FOR-US: Sun ONE
CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 all ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and libprojec ...)
	NOT-FOR-US: Solaris
CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0 ...)
	NOT-FOR-US: YaPiG
CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ob ...)
	NOT-FOR-US: YaPiG
CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir comman ...)
	NOT-FOR-US: YaPiG
CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
	NOT-FOR-US: YaPiG
CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0 ...)
	NOT-FOR-US: YaPiG
CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict  ...)
	NOT-FOR-US: YaPiG
CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: everybuddy
CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: LutelWall
CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite arb ...)
	NOT-FOR-US: GIPTables
CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel  ...)
	NOT-FOR-US: Lpanel
CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier allo ...)
	NOT-FOR-US: CuteNews
CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ( ...)
	NOT-FOR-US: Exhibit Engine
CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote att ...)
	NOT-FOR-US: Dzip
CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier vers ...)
	NOT-FOR-US: Crob
CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere Applica ...)
	NOT-FOR-US: WebSphere
CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through  ...)
	- drupal 4.5.3-1
CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in Popp ...)
	NOT-FOR-US: Popper
CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6 ...)
	NOT-FOR-US: MWChat
CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to e ...)
	NOT-FOR-US: I-Man
CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ad ...)
	NOT-FOR-US: Symantec
CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allo ...)
	NOT-FOR-US: Calendarix
CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in Calenda ...)
	NOT-FOR-US: Calendarix
CVE-2003-1218
	REJECTED
CVE-2003-1217
	REJECTED
CVE-2005-1863
	REJECTED
CVE-2005-1862
	REJECTED
CVE-2005-1861
	REJECTED
CVE-2005-1860
	REJECTED
CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
	NOT-FOR-US: arshell
CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ma ...)
	{DSA-786-1}
	- simpleproxy 3.2-4 (medium)
CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixe ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (bug #315582; low)
	NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (medium)
	NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...)
	{DSA-772-1}
	- apt-cacher 0.9.10 (high)
CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
	{DSA-770-1}
	- gopher 3.0.8 (low)
CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3  ...)
	{DSA-767-1 DTSA-4-1}
	- kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
	NOTE: no shared lib version is found. As the Debian package has a dependency on
	NOTE: it the maintainer does not intent to fix it, see # 319443
	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier  ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier c ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of  ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1}
	NOTE: This is only contrib code not built in the binary packages AFAIK
	- zlib 1:1.2.3-1 (low)
	- zsync 0.4.1-1 (low)
	- sash 3.7-5sarge1 (low)
	NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.
CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause  ...)
	{DSA-750-1}
	- dhcpcd 1:1.3.22pl4-22 (medium)
CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to exec ...)
	NOT-FOR-US: YaMT
CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allo ...)
	NOT-FOR-US: YaMT
CVE-2005-1845
	REJECTED
CVE-2005-1844
	REJECTED
CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suit ...)
	NOT-FOR-US: Windows
CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suit ...)
	NOT-FOR-US: Windows
CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX ...)
	NOT-FOR-US: acroread
CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory f ...)
	{DSA-744-1}
	- fuse 2.3.0-1
CVE-2005-2349 (Zoo 2.10 has Directory traversal ...)
	- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 (Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remo ...)
	- websieve <removed> (bug #311838; low)
CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
	NOT-FOR-US: phpCMS
CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in Li ...)
	NOT-FOR-US: Liberum
CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username wi ...)
	NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with insu ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows rem ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1831
	- sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side)
CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 al ...)
	NOT-FOR-US: SoftICE
CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a d ...)
	NOT-FOR-US: Microsoft
CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the rou ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and g ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadig ...)
	NOT-FOR-US: HP Radia
CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP R ...)
	NOT-FOR-US: HP Radia
CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL aut ...)
	- mailutils 1:0.6.1-2
CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Car ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in Power ...)
	NOT-FOR-US: PowerDownload
CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attacke ...)
	NOT-FOR-US: Zeroboard
CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0. ...)
	NOT-FOR-US: NikoSoft WebMail
CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
	NOT-FOR-US: NewLife Blogger
CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to  ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 a ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote attacke ...)
	NOT-FOR-US: PicoWebServer
CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server Evalua ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in Word ...)
	- wordpress 1.5.1.2-1
CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sony hardware issue
CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers t ...)
	NOT-FOR-US: Stronghold game
CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier all ...)
	- libphp-phpmailer 1.73
CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows remo ...)
	NOT-FOR-US: PeerCast
CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by Onli ...)
	NOT-FOR-US: Online Solutions for Educators
CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System (N ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dyna ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a d ...)
	NOT-FOR-US: Nortel hardware
CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of s ...)
	NOT-FOR-US: Nokia hardware
CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 t ...)
	NOT-FOR-US: Jaws glossary gadget
CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and W ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software  ...)
	NOT-FOR-US: ServersCheck
CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
	NOTE: Cryptographic attack on AES, cannot be fixed
CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses  ...)
	{DSA-749-1}
	- ettercap 1:0.7.1-1.1 (bug #311615)
CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85 ...)
	NOT-FOR-US: ClamAV on Mac OS X
CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stor ...)
	NOT-FOR-US: Microsoft
CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating sys ...)
	NOT-FOR-US: Microsoft
CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the use ...)
	NOT-FOR-US: Microsoft
CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...)
	{CVE-2005-3896}
	NOT-FOR-US: Microsoft
	NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896.
CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution s ...)
	NOT-FOR-US: India Software Solution shopping cart
CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting Contro ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: phpStat
CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 all ...)
	NOT-FOR-US: FunkyASP
CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
	NOT-FOR-US: ZonGG
CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the  ...)
	NOT-FOR-US: BookReview
CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
	NOT-FOR-US: BookReview
CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows rem ...)
	NOT-FOR-US: MailEnable
CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager  ...)
	NOT-FOR-US: Active News Manager
CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36 ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows r ...)
	NOT-FOR-US: PostNuke
CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in game_message_functi ...)
	NOT-FOR-US: C'Nedra
CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote attac ...)
	NOT-FOR-US: Terminator game
CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Uni ...)
	- davfs2 0.2.4-1 (bug #310757; medium)
CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1. ...)
	NOT-FOR-US: Listserv
CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the  ...)
	NOT-FOR-US: Terminator game
CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
	NOT-FOR-US: HPUX
CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6  ...)
	NOT-FOR-US: Avast
CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium)
CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ca ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment fau ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 2.4.27-11
	NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic)
CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1 ...)
	{DSA-826-1}
	- helix-player 1.0.5-1 (bug #316276; high)
	NOTE: Helix Player is affected according to:
	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard pag ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 p ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users t ...)
	{DSA-1018-1 DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in  ...)
	NOT-FOR-US: sysreport
CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to modif ...)
	- shtool 2.0.1-2 (low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (unimportant)
	- php4 4:4.4.0-1 (unimportant)
CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell Ne ...)
	NOT-FOR-US: Novell
CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.5 ...)
	NOT-FOR-US: Novell
CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novel ...)
	NOT-FOR-US: Novell
CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to creat ...)
	{DSA-789-1 DTSA-15-1}
	- shtool 2.0.1-2 (bug #311206; low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
	- php4 4:4.3.10-16 (low)
CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems with ...)
	- linux-2.6 2.6.10-1 (low)
	- linux-2.6.24 <not-affected> (fixed before initial upload)
CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems wi ...)
	- linux-2.6 2.6.32-2 (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: minor issue; solution (removal of cryptoloop) would be a significant change
	NOTE: if backported to the stable releases
	NOTE: mitigation: use dm-crypt or loop-aes for disk encrytion instead of cryptoloop
CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for  ...)
	NOT-FOR-US: Oracle
CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, cont ...)
	NOT-FOR-US: CVSup third party modules
CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo re ...)
	NOT-FOR-US: PJ CGI Nero
CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server  ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in  ...)
	- phpbb2 2.0.6d-2
CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: SurfNOW
CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows  ...)
	NOT-FOR-US: WebWeaver
CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote attack ...)
	NOT-FOR-US: Web Blog
CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure p ...)
	NOT-FOR-US: BlackICE
CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
	NOT-FOR-US: BlackICE
CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through 1. ...)
	- gallery 1.4.4-pl1-1
CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E ...)
	NOT-FOR-US: Nextplace
CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
	NOT-FOR-US: Intra Forum
CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server (BW ...)
	NOT-FOR-US: Borland Web Server
CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Reptile Web Server
CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows rem ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote att ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Ser ...)
	NOT-FOR-US: Oracle
CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earl ...)
	NOT-FOR-US: ProxyNow!
CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows r ...)
	NOT-FOR-US: BremsServer
CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote a ...)
	NOT-FOR-US: BremsServer
CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP Se ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 all ...)
	NOT-FOR-US: Phorum
CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.a ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not au ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attacke ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attacke ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise  ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified v ...)
	NOT-FOR-US: Freesco
CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote at ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ver ...)
	NOT-FOR-US: Need for Speed game
CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5. ...)
	NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbi ...)
	- fvwm <not-affected> (Used mktemp)
	- xbase-clients <not-affected> (x11perfcomp uses mkdir atomically)
	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 fi ...)
	NOT-FOR-US: Mephistoles
CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags se ...)
	- honeyd 0.8-1
CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows r ...)
	NOT-FOR-US: WebcamXP
CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier  ...)
	- phpbb2 2.0.8a-1
CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add a ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
	- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 (Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of ser ...)
	- mutt 1.5.20-7 (bug #311296; unimportant)
	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
	NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
	NOTE: no longer affected.
	- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
	- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
	- zile 2.0.4-2
CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 all ...)
	NOT-FOR-US: ezwdc NewsletterEz
CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Servic ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 throug ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through Ser ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack  ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 do ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 an ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users  ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to c ...)
	NOT-FOR-US: Halo
CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecu ...)
	- net-snmp <not-affected> (fixproc not installed in Debian package)
CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick befo ...)
	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in delbadf ...)
	NOT-FOR-US: Iron Bars Shell
CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized u ...)
	NOT-FOR-US: PROMS
CVE-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights,"  ...)
	NOT-FOR-US: PROMS
CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0. ...)
	NOT-FOR-US: PROMS
CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remo ...)
	NOT-FOR-US: PROMS
CVE-2005-1733 (Cookie Cart stores the password file under the web document root with  ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification lis ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1731
	REJECTED
CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novel ...)
	NOT-FOR-US: Novell iManager
CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Novell
CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Port ...)
	NOT-FOR-US: Apple
CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writ ...)
	NOT-FOR-US: Apple
CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users w ...)
	NOT-FOR-US: Apple
CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users t ...)
	NOT-FOR-US: Apple
CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the - ...)
	NOT-FOR-US: Apple
CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
	NOT-FOR-US: Apple
CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 1 ...)
	NOT-FOR-US: Apple
CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
	NOT-FOR-US: Apple
CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
	NOT-FOR-US: Apple
CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earli ...)
	NOT-FOR-US: avast! antivirus
CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote a ...)
	NOT-FOR-US: War Times
CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remo ...)
	NOT-FOR-US: Zyxel hardware
CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the w ...)
	NOT-FOR-US: TOPo
CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2. ...)
	NOT-FOR-US: TOPo
CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 all ...)
	NOT-FOR-US: SurgeMail
CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
	NOT-FOR-US: Serendipity
CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple auth ...)
	NOT-FOR-US: Serendipity
CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0. ...)
	NOT-FOR-US: Gibraltar Firewall
CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Repor ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter befor ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14  ...)
	NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "i ...)
	- mailscanner 4.42.9 (bug #310774; low)
	[sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the .gdb ...)
	- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb b ...)
	- gdb 6.3-6
CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers  ...)
	NOT-FOR-US: PortailPHP
CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in Po ...)
	NOT-FOR-US: PostNuke
CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia mod ...)
	NOT-FOR-US: PostNuke
CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: PostNuke
CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote at ...)
	NOT-FOR-US: PostNuke
CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750  ...)
	NOT-FOR-US: PostNuke
CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module  ...)
	NOT-FOR-US: PostNuke
CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia m ...)
	NOT-FOR-US: PostNuke
CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
	NOT-FOR-US: CA Antivirus
CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ve ...)
	- gxine 0.4.7-0.1 (bug #310712; medium)
CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP b ...)
	NOT-FOR-US: SAP
CVE-2005-1690
	REJECTED
CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT Kerbero ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive  ...)
	- wordpress 1.5.1-1
CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and e ...)
	- wordpress 1.5.1-1
CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to cau ...)
	{DSA-753-1}
	NOTE: Only exploitable under rare circumstances
	- gedit 2.10.3-1 (low)
CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication an ...)
	NOT-FOR-US: episodex
CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex g ...)
	NOT-FOR-US: episodex
CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2005-1682
	NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21,  ...)
	NOT-FOR-US: phpATM
CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firm ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
	- picasm 1.12c-1
CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, a ...)
	NOT-FOR-US: Groove
CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338,  ...)
	NOT-FOR-US: Groove
CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile W ...)
	NOT-FOR-US: Groove
CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, a ...)
	NOT-FOR-US: Groove
CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live al ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow remot ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center Liv ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activat ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches  ...)
	NOT-FOR-US: Extreme BlackDiamond hardware
CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
	NOT-FOR-US: Opera
CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain privilege ...)
	NOT-FOR-US: YusASP Web Asset Manager
CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a denia ...)
	NOT-FOR-US: DataTrac Activity Console
CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remot ...)
	NOT-FOR-US: Orenosv
CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not crypt ...)
	NOT-FOR-US: Microsoft
CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote a ...)
	NOT-FOR-US: Microsoft
CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 al ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web d ...)
	NOT-FOR-US: EZGuestbook
CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServe ...)
	NOT-FOR-US: MyServer
CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 a ...)
	NOT-FOR-US: MyServer
CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005  ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source c ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to cau ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers  ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync  ...)
	- rsync 2.6.1-1
CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for multipl ...)
	NOT-FOR-US: InoculateIT
CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ide ...)
	NOT-FOR-US: Microsoft
CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Matrix FTP Server
CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scannin ...)
	NOT-FOR-US: Sophos
CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote attacke ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before th ...)
	NOT-FOR-US: Sambar
CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpC ...)
	NOT-FOR-US: phpcodeCabinet
CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop E-Comm ...)
	NOT-FOR-US: JShop
CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick us ...)
	NOT-FOR-US: Opera
CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authent ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spa ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication  ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attacke ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 all ...)
	NOT-FOR-US: Nadeo
CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBu ...)
	NOT-FOR-US: Jelsoft Bulletin
CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Sophos
CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ca ...)
	NOT-FOR-US: Dream FTP
CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a virtua ...)
	- kernel-patch-vserver 1.9.4-1
CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open S ...)
	NOT-FOR-US: Mambo
CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versi ...)
	NOT-FOR-US: Macallan
CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
	NOT-FOR-US: VisualShapers
CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal databa ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized acti ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPorta ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows rem ...)
	NOT-FOR-US: Monkey
CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local us ...)
	NOT-FOR-US: Oracle
CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a den ...)
	NOT-FOR-US: Crob
CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote at ...)
	NOT-FOR-US: Crob
CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a de ...)
	NOT-FOR-US: Crob
CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...)
	NOT-FOR-US: Mambo
CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site S ...)
	NOT-FOR-US: Mambo
CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before 0.5 ...)
	NOT-FOR-US: Monkey
CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...)
	NOT-FOR-US: Mambo
CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote attacke ...)
	NOT-FOR-US: Caucho Technology Resin
CVE-2005-XXXX [Two DoS condition in ekg]
	- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
	- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
	- lbreakout2 2.5.2-2
CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware  ...)
	NOT-FOR-US: Woppoware
CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
	NOT-FOR-US: Woppoware
CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware PostMas ...)
	NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) gener ...)
	NOT-FOR-US: Woppoware
CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, wit ...)
	NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database f ...)
	NOT-FOR-US: GASoft
CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file  ...)
	NOT-FOR-US: GASoft
CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, whi ...)
	NOT-FOR-US: Fastream NETFile
CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web docum ...)
	NOT-FOR-US: Keyvan1 Gallery
CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Liv ...)
	NOT-FOR-US: Livre d'Or
CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ear ...)
	NOT-FOR-US: Zoidcom
CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab Bu ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 a ...)
	NOT-FOR-US: Sigma
CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ha ...)
	NOT-FOR-US: SafeHTML
CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remot ...)
	NOT-FOR-US: NPDS
CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 crea ...)
	{DSA-783-1}
	- mysql-dfsg 4.0.12-2 (bug #319526; low)
	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain  ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Port ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and  ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules befo ...)
	- cheetah 0.9.16-1
CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view p ...)
	NOT-FOR-US: Booby
CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a "s ...)
	NOT-FOR-US: phpbb attachment mod
CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
	NOT-FOR-US: Photopost
CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows r ...)
	NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a potentia ...)
	- viewglob 2.0.1-1
	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
	NOT-FOR-US: Pico Server
CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in  ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-1624
	RESERVED
CVE-2005-1623
	RESERVED
CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in  ...)
	NOT-FOR-US: MetaCart
CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in pnMod.p ...)
	NOT-FOR-US: Postnuke mod
CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1 ...)
	NOT-FOR-US: Skull-Splitter Guestbook
CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page. ...)
	NOT-FOR-US: PHPMyChat
CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remot ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
	NOT-FOR-US: Willings WebCAM
CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows rem ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open Bulleti ...)
	NOT-FOR-US: OpenBB
CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB ...)
	NOT-FOR-US: OpenBB
CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x a ...)
	NOT-FOR-US: Web Crossing
CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone  ...)
	NOT-FOR-US: Tru-Zone NukeET
CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
	NOT-FOR-US: Sun StorEdge 6130 Arrays
CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean AutoT ...)
	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart al ...)
	NOT-FOR-US: Remote Cart
CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such  ...)
	NOT-FOR-US: H-Sphere Winbox
CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for SiteStud ...)
	NOT-FOR-US: guestbook for SiteStudio
CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
	NOT-FOR-US: phpATM
CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to cau ...)
	NOT-FOR-US: NiteEnterprises Remote File Manager
CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File  ...)
	NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the w ...)
	NOT-FOR-US: MRO Maximo Self Service
CVE-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature  ...)
	NOT-FOR-US: LibTomCrypt
CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subje ...)
	NOT-FOR-US: Kryloff Technologies Subject Search Server
CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ea ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) top ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the extr ...)
	NOT-FOR-US: Fusion SBX
CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, whic ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1 ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat S ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3 ...)
	NOT-FOR-US: BirdBlog
CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows loc ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allo ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.c ...)
	NOT-FOR-US: LedForums
CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: HTTP Commander
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
	- clamav 0.85.1-1 (low)
	[sarge] - clamav 0.84-2.sarge.1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler (pktc ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	[sarge] - kernel-source-2.6.8 <not-affected>
CVE-2005-1588
	NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0 ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as use ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remo ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum  ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new sto ...)
	NOT-FOR-US: 1Two News
CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1. ...)
	NOT-FOR-US: 1Two News
CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remo ...)
	NOT-FOR-US: bug_list.php
CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
	NOT-FOR-US: BoastMachine
CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration Ov ...)
	NOT-FOR-US: EnCase
CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to sensit ...)
	NOT-FOR-US: APG Classmaster
CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content protec ...)
	NOT-FOR-US: Windows
CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News Ma ...)
	NOT-FOR-US: ASP Virtual News Manager
CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service (s ...)
	NOT-FOR-US: ShowOff
CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow r ...)
	NOT-FOR-US: ShowOff
CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full pa ...)
	NOTE: for-for-us (bttlxeForum)
CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 a ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtai ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 a ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass  ...)
	NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is promp ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18-7 (bug #308789; medium)
CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows  ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different er ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earli ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in Max ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute  ...)
	NOT-FOR-US: Nexusway
CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute  ...)
	NOT-FOR-US: Nexusway
CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass a ...)
	NOT-FOR-US: Nexusway
CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestboo ...)
	NOT-FOR-US: WebApp Guestbook PRO
CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a de ...)
	NOT-FOR-US: Gamespy cd-key validation system
CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in Col ...)
	NOT-FOR-US: JRun
CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1 ...)
	NOT-FOR-US: WowBB
CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a w ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when se ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses whe ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute a ...)
	NOT-FOR-US: easy message board
CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
	NOT-FOR-US: easy message board
CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 a ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, an ...)
	NOT-FOR-US: Bakbone Netvault
CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remo ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows re ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote atta ...)
	{DSA-755-1}
	NOTE: CVE info about vulnerable version number is bogus
	- tiff 3.7.2-3 (bug #309739)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote Managem ...)
	NOT-FOR-US: Novell Zenworks
CVE-2005-1542
	RESERVED
CVE-2005-1541
	RESERVED
CVE-2005-1540
	RESERVED
CVE-2005-1539
	RESERVED
CVE-2005-1538
	RESERVED
CVE-2005-1537
	RESERVED
CVE-2005-1536
	RESERVED
CVE-2005-1535
	RESERVED
CVE-2005-1534
	RESERVED
CVE-2005-1533
	RESERVED
CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly li ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly  ...)
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, all ...)
	NOT-FOR-US: Sophos
CVE-2005-1529
	RESERVED
CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX Neut ...)
	NOT-FOR-US: QNX
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
	{DSA-892-1}
	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in Cact ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before 0. ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8. ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and  ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions be ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU  ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for  ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered  ...)
	{DSA-751-1}
	- squid 2.5.9-9 (bug #309504)
CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated Nam ...)
	NOT-FOR-US: Solaris
CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 a ...)
	NOT-FOR-US: Cisco
CVE-2005-XXXX [Buffer overflow in libotr]
	- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
	- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
	- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
	NOTE: already fixed since 2.15-6
	- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
	- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
	NOTE: Source package has been renamed from unrar to unrar-free
	- unrar-free 1:0.0.1-2
CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded pict ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remot ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 al ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
	NOT-FOR-US: WebSTAR
CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0. ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configurin ...)
	NOT-FOR-US: MacOS
CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, a ...)
	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart a ...)
	NOT-FOR-US: MidiCart
CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MidiCart
CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
	NOT-FOR-US: myBloggie
CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ar ...)
	NOT-FOR-US: myBloggie
CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
	NOT-FOR-US: myBloggie
CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: myBloggie
CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE J ...)
	NOT-FOR-US: Oracle
CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
	NOT-FOR-US: Oracle
CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in Me ...)
	NOT-FOR-US: MegaBook
CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote attac ...)
	NOT-FOR-US: SimpleCam
CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threa ...)
	NOT-FOR-US: Gossamer Threads Links
CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote auth ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox. ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Serv ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1487
	NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow re ...)
	NOT-FOR-US: FishCart
CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 200 ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by modifyi ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Cor ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
	NOT-FOR-US: RaidenFTPD
CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and  ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows  ...)
	NOT-FOR-US: DMail
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass auth ...)
	NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions i ...)
	{DSA-4692-1 DLA-2234-1}
	- qmail 1.03-38
	- netqmail 1.06-6.2
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large amo ...)
	{DSA-4692-1 DLA-2234-1}
	- qmail 1.03-38
	- netqmail 1.06-6.2
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when run ...)
	{DSA-4692-1 DLA-2234-1}
	- qmail 1.03-38
	- netqmail 1.06-6.2
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/16/2
CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and  ...)
	NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remo ...)
	NOT-FOR-US: LinPHA
CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ext ...)
	- dansguardian 2.5.2-0-0.1
CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier a ...)
	NOT-FOR-US: lostBook
CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ea ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
	NOT-FOR-US: RiSearch
CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db directo ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow r ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information vi ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers t ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows r ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
	- phpbb2 2.0.10-1
CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote at ...)
	- phpbb2 2.0.10-1
CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns Stadtp ...)
	NOT-FOR-US: Easyins Stadtportal
CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accep ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware 2 ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ear ...)
	NOT-FOR-US: no_package
CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for  ...)
	NOT-FOR-US: no_package
CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7 ...)
	NOT-FOR-US: no_package
CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router  ...)
	NOT-FOR-US: no_package
CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such a ...)
	NOT-FOR-US: no_package
CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other versio ...)
	{DSA-1014-1}
	- firebird2 1.5.3.4870-3 (bug #357580)
CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote atta ...)
	NOT-FOR-US: no_package
CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in e1 ...)
	NOT-FOR-US: no_package
CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allo ...)
	NOT-FOR-US: no_package
CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: no_package
CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) befo ...)
	NOT-FOR-US: no_package
CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
	NOT-FOR-US: no_package
CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: no_package
CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildT ...)
	NOT-FOR-US: no_package
CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: no_package
CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL  ...)
	NOT-FOR-US: no_package
CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows re ...)
	NOT-FOR-US: no_package
CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for L ...)
	NOT-FOR-US: no_package
CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 R ...)
	NOT-FOR-US: no_package
CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows r ...)
	NOT-FOR-US: no_package
CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers t ...)
	- icecast2 2.0.1.debian-1
CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound  ...)
	- pound 1.7-1
CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3  ...)
	NOT-FOR-US: no_package
CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain deb ...)
	NOT-FOR-US: no_package
CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 bef ...)
	NOT-FOR-US: no_package
CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, w ...)
	NOT-FOR-US: various perls on Windows
CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce 2. ...)
	NOT-FOR-US: osCommerce
CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x th ...)
	NOT-FOR-US: php-nuke
CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attacker ...)
	NOT-FOR-US: php-nuke
CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x t ...)
	NOT-FOR-US: php-nuke
CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic T ...)
	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earl ...)
	NOT-FOR-US: netchat
CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allow ...)
	NOT-FOR-US: WebCT
CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
	- wget 1.9.1-12
CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in  ...)
	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current  ...)
	NOT-FOR-US: NetBSD
CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to  ...)
	NOT-FOR-US: MSIE
CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1  ...)
	NOT-FOR-US: phpShop
CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full pa ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1 ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone  ...)
	NOT-FOR-US: OfficeScan
CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows rem ...)
	NOT-FOR-US: Eudora
CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
	NOT-FOR-US: SUSE Live CD
CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter (sslwa ...)
	NOT-FOR-US: DeleGate
CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote at ...)
	NOT-FOR-US: IRIX
CVE-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disa ...)
	NOT-FOR-US: IRIX
CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x th ...)
	NOT-FOR-US: Php-Nuke
CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in Ph ...)
	NOT-FOR-US: Windows
CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote attacke ...)
	NOT-FOR-US: php-nuke
CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, w ...)
	NOT-FOR-US: kolab
CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct r ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail 0.9 ...)
	NOT-FOR-US: omail
CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote atta ...)
	NOT-FOR-US: Serv-U
CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allo ...)
	NOT-FOR-US: aweb
CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: aweb
CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine Pho ...)
	NOT-FOR-US: Coppermine
CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine  ...)
	NOT-FOR-US: Coppermine
CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4  ...)
	NOT-FOR-US: Coppermine
CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo G ...)
	NOT-FOR-US: Coppermine
CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers  ...)
	NOT-FOR-US: Coppermine
CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for L ...)
	- kernel-patch-adamantix <not-affected> (Only affects PaX for kernel 2.6)
CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify record ...)
	NOT-FOR-US: YaBB
CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
	NOT-FOR-US: Crystal Reports
CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allow ...)
	NOT-FOR-US: PROPS
CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6 ...)
	NOT-FOR-US: PROPS
CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before  ...)
	- moodle 1.3
CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers  ...)
	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote admin ...)
	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in paf ...)
	NOT-FOR-US: paFileDB
CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: paFileDB
CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: DiGi Web Server
CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery M ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung switches ...)
	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
	NOT-FOR-US: OpenBB
CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
	NOT-FOR-US: OpenBB
CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php ...)
	NOT-FOR-US: OpenBB
CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin B ...)
	NOT-FOR-US: OpenBB
CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query T ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obt ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 al ...)
	NOT-FOR-US: Protector System
CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to bypa ...)
	NOT-FOR-US: Protector System
CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in Prote ...)
	NOT-FOR-US: Protector System
CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remot ...)
	NOT-FOR-US: Protector System
CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine all ...)
	NOT-FOR-US: Unreal engine
CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726  ...)
	NOT-FOR-US: PostNuke
CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a dir ...)
	NOT-FOR-US: PostNuke
CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows  ...)
	NOT-FOR-US: phProfession
CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in phProfessio ...)
	NOT-FOR-US: phProfession
CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: phProfession
CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote at ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.2 ...)
	- xine-ui 0.99.1
CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwar ...)
	- phpbb2 2.0.9
CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remot ...)
	NOT-FOR-US: PostNuke
CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are inclu ...)
	- ncftp 2:3.1.8-1 (low)
CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender S ...)
	NOT-FOR-US: bitdefender
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c fo ...)
	- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
	NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a de ...)
	NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB m ...)
	NOT-FOR-US: phpbb as modified by przemo
CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 throu ...)
	NOT-FOR-US: Solaris
CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to c ...)
	NOT-FOR-US: Fastream NETFile FTP/Web Server
CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to c ...)
	- kphone 1:4.0.2
CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows r ...)
	NOT-FOR-US: Zaep
CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows re ...)
	NOT-FOR-US: Phorum
CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1. ...)
	NOT-FOR-US: Nuked-KlaN
CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote at ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
	NOT-FOR-US: SCT Campus Pipeline
CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50  ...)
	NOT-FOR-US: Gemitel
CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
	NOT-FOR-US: Citadel
CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-N ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function  ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php i ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ea ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml)  ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attacker ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupw ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attacker ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the  ...)
	NOT-FOR-US: MSIE
CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" usern ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote  ...)
	NOT-FOR-US: Crackalaka
CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service (conne ...)
	NOT-FOR-US: rsniff
CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ear ...)
	- lcdproc 0.4.5
CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x v ...)
	- lcdproc 0.4.5
CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc 0 ...)
	- lcdproc 0.4.5
CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as u ...)
	NOT-FOR-US: phpnuke
CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in NukeCalenda ...)
	NOT-FOR-US: phpnuke
CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php,  ...)
	NOT-FOR-US: phpnuke
CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allow ...)
	NOT-FOR-US: AzDGDatingLite
CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
	NOT-FOR-US: Symantec
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to  ...)
	- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows rem ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.1 ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service a ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute a ...)
	NOT-FOR-US: blaxxun
CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential s ...)
	NOT-FOR-US: Citrix MetaFrame Password Manager
CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary fil ...)
	NOT-FOR-US: gentoo portage
CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert St ...)
	NOT-FOR-US: IGI 2 Covert Strike server
CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote at ...)
	- monit 1:4.2.1
CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit 1 ...)
	- monit 1:4.2.1-1
CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote attack ...)
	- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 throu ...)
	NOT-FOR-US: no_package
CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ove ...)
	NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows loc ...)
	NOT-FOR-US: no_package
CVE-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...)
	NOT-FOR-US: no_package
CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ( ...)
	NOT-FOR-US: no_package
CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with  ...)
	NOT-FOR-US: no_package
CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute arbitr ...)
	NOT-FOR-US: no_package
CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view director ...)
	NOT-FOR-US: no_package
CVE-2004-1886
	REJECTED
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to exec ...)
	NOT-FOR-US: no_package
CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
	NOT-FOR-US: no_package
CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow re ...)
	NOT-FOR-US: no_package
CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in Cac ...)
	NOT-FOR-US: no_package
CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp  ...)
	NOT-FOR-US: no_package
CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier al ...)
	- openldap2 2.1.17-1
CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allow ...)
	NOT-FOR-US: no_package
CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, obtai ...)
	NOT-FOR-US: no_package
CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i Appli ...)
	NOT-FOR-US: no_package
CVE-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon  ...)
	- clamav 0.70-1
CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R8 ...)
	NOT-FOR-US: no_package
CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2 ...)
	NOT-FOR-US: no_package
CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1 ...)
	NOT-FOR-US: no_package
CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP P ...)
	NOT-FOR-US: no_package
CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and  ...)
	NOT-FOR-US: no_package
CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allow ...)
	NOT-FOR-US: no_package
CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest B ...)
	NOT-FOR-US: no_package
CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
	- nstx 1.1-beta4-1
CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel i ...)
	NOT-FOR-US: no_package
CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta all ...)
	NOT-FOR-US: no_package
CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extrem ...)
	NOT-FOR-US: no_package
CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme Message ...)
	NOT-FOR-US: no_package
CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to enc ...)
	NOT-FOR-US: no_package
CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
	NOT-FOR-US: no_package
CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web Viruswa ...)
	NOT-FOR-US: no_package
CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: no_package
CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7. ...)
	NOT-FOR-US: no_package
CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
	NOT-FOR-US: no_package
CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA publi ...)
	NOT-FOR-US: no_package
CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier  ...)
	NOT-FOR-US: no_package
CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transm ...)
	NOT-FOR-US: no_package
CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data t ...)
	NOT-FOR-US: no_package
CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 al ...)
	NOT-FOR-US: no_package
CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: no_package
CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: no_package
CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow  ...)
	NOT-FOR-US: no_package
CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager Li ...)
	NOT-FOR-US: no_package
CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System 2 ...)
	NOT-FOR-US: no_package
CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows rem ...)
	NOT-FOR-US: no_package
CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x throug ...)
	NOT-FOR-US: no_package
CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke all ...)
	NOT-FOR-US: no_package
CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis mod ...)
	NOT-FOR-US: no_package
CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain  ...)
	NOT-FOR-US: no_package
CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers  ...)
	NOT-FOR-US: no_package
CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3. ...)
	NOT-FOR-US: no_package
CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site Li ...)
	NOT-FOR-US: no_package
CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision Galler ...)
	NOT-FOR-US: no_package
CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, inc ...)
	- apache2 2.0.53-1
CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
	NOT-FOR-US: no_package
CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: no_package
CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attacker ...)
	NOT-FOR-US: no_package
CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gi ...)
	NOT-FOR-US: no_package
CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization t ...)
	NOT-FOR-US: no_package
CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaB ...)
	NOT-FOR-US: no_package
CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 stab ...)
	NOT-FOR-US: no_package
CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open So ...)
	NOT-FOR-US: no_package
CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...)
	NOT-FOR-US: no_package
CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBullet ...)
	NOT-FOR-US: no_package
CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 thro ...)
	NOT-FOR-US: no_package
CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7 ...)
	NOT-FOR-US: no_package
CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in 4nal ...)
	NOT-FOR-US: no_package
CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to o ...)
	NOT-FOR-US: no_package
CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.9 ...)
	NOT-FOR-US: no_package
CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7. ...)
	NOT-FOR-US: no_package
CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
	NOT-FOR-US: no_package
CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
	NOT-FOR-US: no_package
CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: no_package
CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) cam ...)
	NOT-FOR-US: no_package
CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through  ...)
	NOT-FOR-US: no_package
CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
	NOT-FOR-US: no_package
CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier a ...)
	- phpbb2 2.0.10-1
	NOTE: probably fixed in 2.0.6d-3
CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing  ...)
	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
	NOTE: see bug #308875
CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5. ...)
	NOT-FOR-US: no_package
CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remo ...)
	NOT-FOR-US: no_package
CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal Engin ...)
	NOT-FOR-US: no_package
CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: no_package
CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their I ...)
	NOT-FOR-US: no_package
CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote at ...)
	NOT-FOR-US: no_package
CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, do ...)
	NOT-FOR-US: no_package
CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: no_package
CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop  ...)
	NOT-FOR-US: no_package
CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier a ...)
	NOT-FOR-US: no_package
CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying f ...)
	NOT-FOR-US: no_package
CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
	NOT-FOR-US: no_package
CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and  ...)
	NOT-FOR-US: no_package
CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a def ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: ZyWALL
CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web documen ...)
	NOT-FOR-US: ASP-Nuke
CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote attack ...)
	NOT-FOR-US: PostCalendar
CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
	NOT-FOR-US: PortalApp
CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board 1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows remot ...)
	NOT-FOR-US: web server of Webcam Watchdog
CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 all ...)
	NOT-FOR-US: Net2Soft Flash FTP Server
CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ex ...)
	NOT-FOR-US: Athena Web Registration
CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and acces ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard bef ...)
	NOT-FOR-US: ThWboard
CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and earli ...)
	NOT-FOR-US: omail webmail
CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDA ...)
	- openldap2 2.1.17-1
CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 thr ...)
	NOT-FOR-US: MDaemon
CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows re ...)
	NOT-FOR-US: MyProxy
CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote attacke ...)
	- cherokee 0.4.21b01-1
CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows re ...)
	NOT-FOR-US: VieBoard
CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 al ...)
	NOT-FOR-US: VieBoard
CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 all ...)
	NOT-FOR-US: Booby
CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of Va ...)
	NOT-FOR-US: Portal DB
CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote a ...)
	NOT-FOR-US: IA WebMail Server
CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
	NOT-FOR-US: e107
CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, al ...)
	NOT-FOR-US: Nokia IPSO
CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) b ...)
	NOT-FOR-US: Unichat
CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6. ...)
	NOT-FOR-US: PHPKIT
CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allo ...)
	NOT-FOR-US: TelCondex SimpleWebServer
CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 a ...)
	NOT-FOR-US: ThWboard
CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2 ...)
	NOT-FOR-US: ThWboard
CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3 ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows r ...)
	NOT-FOR-US: MPM Guestbook
CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2. ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 al ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before  ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote m ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 a ...)
	NOT-FOR-US: Sympoll
CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users  ...)
	NOT-FOR-US: NullSoft Shoutcast Server
CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive  ...)
	NOT-FOR-US: Centrinity FirstClass
CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in Ap ...)
	NOT-FOR-US: Apache Software Foundation Cocoon
CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in mod_secur ...)
	- libapache-mod-security 1.8.4-1
CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2  ...)
	NOT-FOR-US: kpopup
CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
	NOT-FOR-US: DATEV Nutzungskontrolle
CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killa ...)
	NOT-FOR-US: kpopup
CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.as ...)
	NOT-FOR-US: HTTP Commander
CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attack ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remo ...)
	- mldonkey 2.5.11-1
CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Ganglia gmond
CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net,  ...)
	- linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper)
CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass a ...)
	NOT-FOR-US: FlexWATCH
CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to caus ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web Serv ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFr ...)
	NOT-FOR-US: Citrix
CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4. ...)
	NOT-FOR-US: Sun JRE/SDK
CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrit ...)
	- xcdroast 0.98+0alpha15-1 (bug #310046)
CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus prote ...)
	NOT-FOR-US: MAILsweeper
CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
	NOT-FOR-US: byteHoard
CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
	NOT-FOR-US: WebTide
CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6. ...)
	NOT-FOR-US: Fastream
CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet S ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...)
	NOT-FOR-US: Les Visiteurs
CVE-2003-1147
	REJECTED
CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
	NOT-FOR-US: Easy PHP Photo Album
CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAuto ...)
	NOT-FOR-US: OpenAutoClassifieds
CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe 1 ...)
	NOT-FOR-US: Perception LiteServe
CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
	NOT-FOR-US: Croteam Serious Sam demo
CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute arb ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbi ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by tr ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat Li ...)
	- apache2 <not-affected> (Red Hat specific default config)
CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to r ...)
	NOT-FOR-US: sh-httpd
CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1. ...)
	NOT-FOR-US: Chi Kien Uong Guestbook
CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cau ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial  ...)
	NOT-FOR-US: Sun JVM
CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts wit ...)
	NOT-FOR-US: The Bat!
CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to exec ...)
	NOT-FOR-US: vBulletin
CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain privilege ...)
	NOT-FOR-US: PortalApp
CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ch ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the b ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript  ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote  ...)
	NOT-FOR-US: Opera
CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install  ...)
	NOT-FOR-US: Apple
CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical  ...)
	NOT-FOR-US: Apple
CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce  ...)
	NOT-FOR-US: Apple
CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 al ...)
	NOT-FOR-US: RSA SecurID Web Agent
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
	- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
	- maradns 1.0.27-1
CVE-2005-2352 (I race condition in Temp files was found in gs-gpl before 8.56 addons  ...)
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
CVE-2005-XXXX [Possible SQL injection in freeradius]
	- freeradius 1.0.2-4
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ...)
	{DSA-1051-1 DSA-1046-1}
	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- firefox 1.5.dfsg+1.5.0.2-1
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
	- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
	- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
	- trackballs 1.1.1-1 (bug #302454; medium)
	[sarge] - trackballs <no-dsa> (Hardly exploitable)
	NOTE: CVE request sent to mitre (who sent this? any response?)
	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
	NOTE: stored in user's home directories instead.
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP,  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.1 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP,  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before 0.1 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS,  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote at ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal be ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreCh ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissec ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for  ...)
	- freeradius 1.0.2-4
CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL mod ...)
	- freeradius 1.0.2-4
CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to c ...)
	- leafnode 1.11.2.rel-1
CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, whe ...)
	- openssh 1:3.8p1
CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ca ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attacke ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2005-XXXX [Missing input validation in xtradius]
	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
	- fai 2.8.2
CVE-2005-2354 (Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in  ...)
	NOTE: have not checked to see which security holes are in it exactly
	- nvu <removed> (bug #306822; medium)
CVE-2005-2356
	RESERVED
	NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
	- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
	- ipsec-tools 1:0.5.2-1
CVE-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed b ...)
	- serendipity 1.0-1
CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...)
	- serendipity 1.0-1
CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for Serendip ...)
	- serendipity 1.0-1
CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for Sere ...)
	- serendipity 1.0-1
CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to up ...)
	NOT-FOR-US: SitePanel
CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ea ...)
	NOT-FOR-US: SitePanel
CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for I ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4  ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Ente ...)
	NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket allow ...)
	NOT-FOR-US: osTicket
CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...)
	NOT-FOR-US: osTicket
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote attack ...)
	NOT-FOR-US: osTicket
CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow  ...)
	NOT-FOR-US: osTicket
CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated us ...)
	- openwebmail <removed>
CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV  ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation Servic ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1432
	RESERVED
CVE-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before  ...)
	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ter ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows re ...)
	NOT-FOR-US: WWWguestbook
CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers t ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document  ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1426 (Uapplication Ublog Reload stores sensitive information under the web r ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-1425 (Uapplication Uguestbook 1.0 stores sensitive information under the web ...)
	NOT-FOR-US: Uapplication Uguestbook
CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and  ...)
	NOT-FOR-US: GoText
CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE  ...)
	NOT-FOR-US: 602 LAN SUITE
CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server  ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 Maili ...)
	NOT-FOR-US: Ocean12 Mailing list manager
CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
	NOT-FOR-US: Netleaf
CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and  ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote at ...)
	NOT-FOR-US: 04WebServer
CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote a ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, includin ...)
	NOT-FOR-US: FilePocket
CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote atta ...)
	NOT-FOR-US: enVivo
CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional Guest ...)
	NOT-FOR-US: ECommPro
CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the world-readabl ...)
	NOT-FOR-US: ICUII
CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) d ...)
	- postgresql 7.4.7-6
CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain  ...)
	- postgresql 7.4.7-6
CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary  ...)
	NOT-FOR-US: Apple
CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
	NOT-FOR-US: Skype
CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly cle ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function i ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by modif ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's A ...)
	NOT-FOR-US: JW Amazon Web Store
CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
	NOT-FOR-US: NeL libarary
CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ear ...)
	NOT-FOR-US: Mtp-Target
CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 all ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions f ...)
	- kfreebsd5-source 5.3-10
CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, cr ...)
	NOT-FOR-US: Skype
CVE-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows loc ...)
	NOT-FOR-US: Skype
CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product p ...)
	NOT-FOR-US: PHPCart
CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before 0.10 ...)
	NOT-FOR-US: PHPCalender
CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows lo ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allo ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 a ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with world-reada ...)
	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earl ...)
	{DSA-934-1}
	[sarge] - pound 1.8.2-1sarge1
	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
	REJECTED
CVE-2005-1389
	REJECTED
CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allo ...)
	NOT-FOR-US: SURVIVOR
CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrat ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Safari
CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote a ...)
	NOT-FOR-US: phpCoin
CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled,  ...)
	NOT-FOR-US: Oracle
CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
	NOT-FOR-US: Oracle
CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
	NOT-FOR-US: Oracle
CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allo ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandra ...)
	- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module f ...)
	NOT-FOR-US: phpbb mod
CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3  ...)
	NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or (2 ...)
	NOT-FOR-US: Claroline
CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6  ...)
	NOT-FOR-US: Claroline
CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CM ...)
	NOT-FOR-US: Koobi CMS
CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
	NOT-FOR-US: NetVault
CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not proper ...)
	NOT-FOR-US: NetVault
CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView R ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6 ...)
	- kernel-source-2.4.27 <not-affected>
	- kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel 2. ...)
	[sarge] - kernel-source-2.6.8 <not-affected>
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read arbitra ...)
	NOT-FOR-US: pServ
CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain  ...)
	NOT-FOR-US: pServ
CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: pServ
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
	- shadow 4.0.8
	[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
	[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow remot ...)
	NOT-FOR-US: MetaBid Auctions
CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow all ...)
	NOT-FOR-US: MetaCart
CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allo ...)
	NOT-FOR-US: MetaCart
CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow re ...)
	NOT-FOR-US: MetaCart
CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 al ...)
	NOT-FOR-US: GrayCMS
CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows rem ...)
	NOT-FOR-US: text.cgi
CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands  ...)
	NOT-FOR-US: text.cgi
CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a  ...)
	NOT-FOR-US: text.cgi
CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary comma ...)
	NOT-FOR-US: forum.pl
CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files vi ...)
	NOT-FOR-US: forum.pl
CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows r ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via  ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows  ...)
	{DSA-727-1}
	- libconvert-uulib-perl 1.0.5.1
CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier  ...)
	NOT-FOR-US: MailEnable
CVE-2005-1347
	NOT-FOR-US: acrobat
CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005  ...)
	NOT-FOR-US: Symantec
CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it i ...)
	{DSA-721-1}
	- squid 2.5.9-7
CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ex ...)
	- apache2 2.0.54-3 (bug #322604)
CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X befo ...)
	NOT-FOR-US: vpnd for Mac OS X
CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3. ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not re ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to esca ...)
	- lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot)
CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ldap_exte ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote att ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain pr ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1334
	REJECTED
CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object exc ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth fil ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display sc ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of servic ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sen ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service (ap ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burnin ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote au ...)
	NOT-FOR-US: VooDoo cIRCle BOTNET
CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and i ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for p ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
	NOT-FOR-US: NetTerm
CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manage ...)
	- nag 1.1-3.1 (bug #307173)
CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module befo ...)
	- sork-vacation 2.2.2-1
CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager b ...)
	- mnemo 1.1-2.1 (bug #307180)
	- mnemo2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client b ...)
	- imp4 <not-affected>
	- imp3 3.2.8-1 (bug #328218; low)
CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forw ...)
	- sork-forwards 2.2.2-1
CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before  ...)
	NOT-FOR-US: Hord Chora module
CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module befo ...)
	- sork-accounts 2.1.2-1
CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before  ...)
	- turba 1.2.5-1
CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module bef ...)
	- kronolith 1.1.4-1
CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
	- sork-passwd 2.2.2-1
CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allow ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allo ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to  ...)
	NOT-FOR-US: bBlog
CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote  ...)
	NOT-FOR-US: bBlog
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or HT ...)
	- courier <unfixed> (bug #307575; unimportant)
CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version  ...)
	NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 all ...)
	NOT-FOR-US: Adobe Reader 7
CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files v ...)
	NOT-FOR-US: hyper.cgi
CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files vi ...)
	NOT-FOR-US: citat.pl
CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote  ...)
	NOT-FOR-US: Confixx
CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update  ...)
	NOT-FOR-US: nProtect:Netizen
CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script al ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script all ...)
	NOT-FOR-US: include.cgi
CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary comman ...)
	NOT-FOR-US: include.cgi
CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: include.cgi
CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for Linu ...)
	- affix-kernel 2.1.1-1.1
CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal 2 ...)
	NOT-FOR-US: StorePortal
CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Car ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remot ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 an ...)
	- phpbb2 2.0.13-6sarge1 (low)
CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: E-Cart
CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
	NOT-FOR-US: ACS Blog
CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote at ...)
	NOT-FOR-US: BK Forum
CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows loc ...)
	NOT-FOR-US: Bitdefender
CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burn ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote at ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server P ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail S ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.10.10-2
CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote att ...)
	- ethereal 0.10.10-2
	- tcpdump 3.8.3-4
CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
	{DSA-850-1}
	- tcpdump 3.8.3-4
CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1  ...)
	- tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
	REJECTED
CVE-2005-1276
	RESERVED
CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for I ...)
	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV  ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-1273
	RESERVED
CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL Serv ...)
	NOT-FOR-US: Backup Agent for Microsoft SQL
CVE-2005-1271
	REJECTED
CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter befo ...)
	- rkhunter 1.2.7-14 (medium)
CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow atta ...)
	- apache 1.3.31-1
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
	- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) veri ...)
	{DSA-805-1}
	- apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
	- apache <not-affected> (Not affected, see #322613)
CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle  ...)
	{DSA-854-1}
	- tcpdump 3.9.0.cvs.20050614-1 (medium)
CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
	{DSA-736-2 DSA-736-1}
	- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create mem ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	[sarge] - kernel-source-2.4.27 2.4.27-10
	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of se ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
	{DSA-741-1}
	- bzip2 1.0.2-7
CVE-2005-1259
	RESERVED
CVE-2005-1258
	RESERVED
CVE-2005-1257
	RESERVED
CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail  ...)
	NOT-FOR-US: IMail
CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1253
	RESERVED
CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in Ips ...)
	NOT-FOR-US: IMail
CVE-2005-1251
	RESERVED
CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ( ...)
	NOT-FOR-US: IpSwitch
CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) al ...)
	NOT-FOR-US: IMail
CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to  ...)
	NOT-FOR-US: Apple iTunes
CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ca ...)
	NOT-FOR-US: Novell Nsure Audit
CVE-2005-1246 (Format string vulnerability in the snmppd_log function in snmppd_util. ...)
	NOT-FOR-US: snmppd
CVE-2005-XXXX [Multiple security problems in Quake 2]
	NOTE: this release added lots of warnings about the security problems
	- quake2 1:0.3-1.1
CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, wh ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1244
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1243 (Directory traversal vulnerability in the third party tool from SafeSto ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe,  ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1241 (Directory traversal vulnerability in the third party tool from Powerte ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1240 (Directory traversal vulnerability in the third party tool from Castleh ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1239 (Directory traversal vulnerability in the third party tool from Raz-Lee ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
	NOT-FOR-US: AS/400 FTP server
CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows re ...)
	NOT-FOR-US: FlexPHPNews
CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3. ...)
	NOT-FOR-US: DUPortal
CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remot ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote a ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proF ...)
	NOT-FOR-US: PHP Labs proFile
CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
	NOT-FOR-US: Sun ONE Proxy Server
CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in Gl ...)
	NOT-FOR-US: JAWS
CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote attack ...)
	NOT-FOR-US: Yawcan
CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows remot ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #306693; medium)
CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1 ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier  ...)
	NOT-FOR-US: PHPProjekt
CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which al ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows r ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allo ...)
	NOT-FOR-US: DUPortal
CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.0 ...)
	NOT-FOR-US: Ocean12 Calender manager
CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to exec ...)
	NOT-FOR-US: Annuaire Netref
CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro  ...)
	NOT-FOR-US: ECommPro
CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain se ...)
	NOT-FOR-US: Shoutbox
CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows a ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1217
	RESERVED
CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to servic ...)
	NOT-FOR-US: Microsoft
CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ca ...)
	NOT-FOR-US: Microsoft
CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet cont ...)
	NOT-FOR-US: Microsoft
CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook E ...)
	NOT-FOR-US: Microsoft
CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft Inte ...)
	NOT-FOR-US: Microsoft
CVE-2005-1210
	RESERVED
CVE-2005-1209
	RESERVED
CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, an ...)
	NOT-FOR-US: Microsoft
CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for Mi ...)
	NOT-FOR-US: Microsoft
CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and W ...)
	NOT-FOR-US: Microsoft
CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, whi ...)
	- postgresql <unfixed> (unimportant)
	NOTE: This is not a real world problem; it's only applicable in rare circurstances
	NOTE: like someone analysing stolen user database information and even then the gain
	NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
	- libpam-ssh 1.91.0-9
CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote attack ...)
	NOT-FOR-US: Desktop Rover
CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware befo ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware befo ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board (AZb ...)
	NOT-FOR-US: AZbb
CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ Bullet ...)
	NOT-FOR-US: AZbb
CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows r ...)
	NOT-FOR-US: UBB.threads
CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
	NOT-FOR-US: Anaconda Foundation Directory
CVE-2005-1197 (SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CH ...)
	NOT-FOR-US: Oracle
CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
	NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) MM ...)
	- xine-lib 1.0.1-1
	- mplayer <not-affected> (fixed in 1.0-pre7, which was released before etch)
CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm 0.9 ...)
	- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php fo ...)
	- phpbb2 2.0.13-6sarge1 (medium)
CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
	NOT-FOR-US: HP-UX
CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and mod ...)
	NOT-FOR-US: Cisco
CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating Soft ...)
	NOT-FOR-US: Cisco
CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
	NOT-FOR-US: Cisco
CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords"  ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows rem ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the local ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1473 (The SSH-1 protocol allows remote servers to conduct man-in-the-middle  ...)
	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allo ...)
	- phpbb2 2.0.6c-1
CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
	- phpbb2 2.0.6c-1
CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final bloc ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to modif ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in phpSecure ...)
	NOT-FOR-US: phpSecurePages
CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, se ...)
	- expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by pid)
	NOTE: doesn't seem to seed at all; my tests indicate it generates no dups in
	NOTE: some 100000 passwords.
CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH- ...)
	NOT-FOR-US: VanDyke SecureCRT
CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP GE ...)
	NOT-FOR-US: SurfControl SuperScout
CVE-2001-1464 (Crystal Reports, when displaying data for a password protected databas ...)
	NOT-FOR-US: Crystal Reports
CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends the us ...)
	NOT-FOR-US: RhinoSoft Serv-U
CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Wi ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through 0. ...)
	NOT-FOR-US: PostNuke
CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication M ...)
	- openssh 1:3.0.1p1-1
CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allo ...)
	NOT-FOR-US: Novell Groupwise
CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote att ...)
	NOT-FOR-US: CrazyWWWBoard
CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntl ...)
	NOT-FOR-US: Gauntlet Firewall
CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypa ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to exe ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allo ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cach ...)
	NOT-FOR-US: Windows
CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microso ...)
	NOT-FOR-US: Windows
CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause  ...)
	NOT-FOR-US: Windows
CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
	- apache <not-affected> (Mandrake specific packaging flaw)
CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local us ...)
	NOT-FOR-US: Magic eDeveloper
CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to g ...)
	NOT-FOR-US: Windows
CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
	NOT-FOR-US: MacOS X
CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5 ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Ke ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not enc ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 all ...)
	- inn2 2.3.3+20020922-1
	- innfeed 0.10.1.7-7
CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Pro ...)
	NOT-FOR-US: VisualAge for Java
CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable authe ...)
	NOT-FOR-US: AIX
CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 throug ...)
	NOT-FOR-US: HP-UX
CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module  ...)
	NOT-FOR-US: Handspring Visor
CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full pa ...)
	NOT-FOR-US: easyScripts easyNews
CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when gi ...)
	NOT-FOR-US: Dallas Semiconductor iButton DS1991
CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of s ...)
	NOT-FOR-US: Tru64 UNIX
CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read sy ...)
	NOT-FOR-US: IOS
CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ex ...)
	NOT-FOR-US: Quikstore Shopping Cart
CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute t ...)
	NOT-FOR-US: AIX
CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ope ...)
	- lpr 1:0.48-1
CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ope ...)
	- lpr 1:0.48-1
CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not  ...)
	- gcc-3.3 1:3.3.4-1
CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft W ...)
	NOT-FOR-US: Windows
CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a  ...)
	NOT-FOR-US: Windows
CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
	NOT-FOR-US: AIX
CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
	NOT-FOR-US: Lotus Domino
CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute  ...)
	NOT-FOR-US: AIX
CVE-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows  ...)
	NOT-FOR-US: Cisco
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.e ...)
	NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ho ...)
	- sendmail <not-affected> (Sun-specific)
CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
	NOT-FOR-US: Windows
CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, I ...)
	NOT-FOR-US: Windows
CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Int ...)
	NOT-FOR-US: Windows
CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl ...)
	NOT-FOR-US: Acrobat Reader
CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (img ...)
	NOT-FOR-US: Kodak/Wang tools for IE
CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow  ...)
	NOT-FOR-US: AIX
CVE-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexe ...)
	NOT-FOR-US: HP-UX
CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2 ...)
	NOT-FOR-US: Windows
CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other v ...)
	NOT-FOR-US: WinHex
CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com doma ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00 ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
	NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced
CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows re ...)
	NOT-FOR-US: mvnForum
CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for W ...)
	NOT-FOR-US: iSeries OS
CVE-2005-1181
	NOT-FOR-US: Ariadne CMS
CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuk ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various Work ...)
	NOT-FOR-US: Xerox
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote attacker ...)
	NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 cause ...)
	- webmin <not-affected>
	NOTE: I haven't found further information on this, but this appears to only
	NOTE: affect non-Debian setups
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while  ...)
	NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC)  ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDS ...)
	NOT-FOR-US: Oracle
CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote atta ...)
	NOT-FOR-US: PMSoftware Simple Web Server
CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank m ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for php ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, whic ...)
	NOT-FOR-US: Mafia Blog
CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows  ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in  ...)
	NOT-FOR-US: Dameware
CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Yager game
CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Yager game
CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote attac ...)
	NOT-FOR-US: Yager game
CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore a ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote a ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Su ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1159 (The native implementations of InstallTrigger and other functions in Fi ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow remot ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite be ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote atta ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a p ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the umask ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before pro ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlie ...)
	NOT-FOR-US: Sun Java
CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1 ...)
	NOT-FOR-US: ACNews
CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain s ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain s ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1146
	NOT-FOR-US: CalenderScript
CVE-2005-1145
	NOT-FOR-US: CalenderScript
CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to o ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalend ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0 ...)
	- gocr 0.39-5
CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when  ...)
	- gocr 0.39-5
CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows rem ...)
	NOT-FOR-US: MyBloggie
CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital certificate ...)
	NOT-FOR-US: Opera
CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allo ...)
	NOT-FOR-US: Kerio
CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sen ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) c ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP  ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and earlie ...)
	NOT-FOR-US: Serendipity
CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
	NOT-FOR-US: AS/400 system software
CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: LG mobile phone
CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier  ...)
	NOT-FOR-US: Veritas Focalpoint Server
CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: PinnacleCart
CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attac ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow r ...)
	NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 an ...)
	{DSA-1122 DSA-1121}
	- libnet-server-perl 0.89-1 (bug #378640)
	NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention
	NOTE: the security implication, which was noticed later. I've verified both fixes
	NOTE: are identical
	NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make
	NOTE: scripts happy (at time of writing, 0.90-1 is in testing)
	- postgrey 1.22-1
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 an ...)
	NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in multi-th ...)
	- libsafe <removed>
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library  ...)
	NOT-FOR-US: Solaris
CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause  ...)
	NOT-FOR-US: monkeyd
CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) befor ...)
	NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
	{DSA-726-1}
	- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.1 ...)
	{DSA-1010-1}
	- ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary  ...)
	- sudo <unfixed> (bug #283161; unimportant)
	NOTE: That's a policy violation, but not a security problem
CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the R ...)
	NOT-FOR-US: RSA authentication agent
CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in All4WWW-Homepa ...)
	NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ph ...)
	NOT-FOR-US: phpbb2 calendar addon
CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0 ...)
	NOT-FOR-US: Photo Album
CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo Al ...)
	NOT-FOR-US: Photo Album
CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
	NOT-FOR-US: PhpBB Plus
CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the doc ...)
	NOT-FOR-US: IBM Websphere
CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify pe ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #305372; low)
CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in t ...)
	NOT-FOR-US: Sumus web server
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote atta ...)
	{DSA-713-1}
	- junkbuster <removed> (bug #304793)
	- privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-thre ...)
	{DSA-713-1}
	- junkbuster <removed>
	- privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ins ...)
	NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
	- postgrey 1.21-1
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers t ...)
	NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName meth ...)
	- libgnumail-java <unfixed> (bug #304712; unimportant)
	NOTE: This just provides an Java API function to receive a file name, sanitising
	NOTE: this file name for further use must be done inside the application calling
	NOTE: the function
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow  ...)
	NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4. ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in template-functi ...)
	NOTE: Upstream developers don't consider this an issue, see bug #304468
CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in Greyl ...)
	- postfix-gld 1.5-1
CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in G ...)
	- postfix-gld 1.5-1
CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in plain ...)
	NOT-FOR-US: GetDataBack for NTFS (Windows)
CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
	NOT-FOR-US: Rebrand P2P Share Spy
CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membe ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xm ...)
	NOT-FOR-US: FTP Now
CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with  ...)
	NOT-FOR-US: Miranda IM
CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext  ...)
	NOT-FOR-US: DeluxeFTP
CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
	NOT-FOR-US: Maxthon
CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API fo ...)
	NOT-FOR-US: Maxthon
CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append  ...)
	NOT-FOR-US: DC++
CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mi ...)
	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Serv ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allo ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in aeDat ...)
	NOT-FOR-US: aeDating
CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows remo ...)
	NOT-FOR-US: aeDating
CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
	NOT-FOR-US: aeDating
CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 all ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlat ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) utili ...)
	NOT-FOR-US: JAR in J2SE SDK
CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2  ...)
	NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows attac ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x all ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board funct ...)
	NOT-FOR-US: WebCT
CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadB ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids  ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows  ...)
	NOT-FOR-US: PunBB
CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2. ...)
	NOT-FOR-US: JPortal
CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to g ...)
	NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users t ...)
	- pine 4.63-1 (unimportant)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ex ...)
	- tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ch ...)
	- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0. ...)
	NOT-FOR-US: Kerio
CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0. ...)
	NOT-FOR-US: Kerio
CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
	- logwatch 5.0-1
CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novel ...)
	NOT-FOR-US: Novell Netware
CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password wit ...)
	NOT-FOR-US: Linksys WET11
CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile tha ...)
	NOT-FOR-US: Cisco
CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH vers ...)
	NOT-FOR-US: Cisco
CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 th ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web roo ...)
	NOT-FOR-US: TowerBlog
CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill 4.3. ...)
	NOT-FOR-US: ModernBill
CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
	NOT-FOR-US: ModernBill
CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remot ...)
	NOT-FOR-US: PunBB
CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows rem ...)
	NOT-FOR-US: PostNuke
CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 al ...)
	NOT-FOR-US: PostNuke
CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allow ...)
	NOT-FOR-US: PostNuke
CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not proper ...)
	NOT-FOR-US: PunBB
CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote atta ...)
	{DSA-714-1}
	- kdelibs 4:3.3.2-6
CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings befo ...)
	NOT-FOR-US: OpenText
CVE-2005-1044
	REJECTED
CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial  ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop  ...)
	- netapplet <not-affected> (Not vulnerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2 ...)
	- coreutils 6.10-1 (bug #304556; unimportant)
	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows loc ...)
	NOTE: long fixed in Debian's cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client,  ...)
	NOT-FOR-US: AIX
CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permis ...)
	NOT-FOR-US: FreeBSD
CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack v ...)
	- pavuk 0.9.32-1
CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (a ...)
	NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CubeCart
CVE-2005-1032
	REJECTED
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), wh ...)
	NOT-FOR-US: exoops
CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction  ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow r ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x th ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
	NOT-FOR-US: SnailSource phpBB mod
CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote  ...)
	NOT-FOR-US: IBM
CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain s ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root i ...)
	NOT-FOR-US: ColdFusion
CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
	NOT-FOR-US: IOS
CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote atta ...)
	NOT-FOR-US: IOS
CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier all ...)
	NOT-FOR-US: Aeon
CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) Bri ...)
	NOT-FOR-US: CA ArcServe Backup
CVE-2005-XXXX [Some security issues in mod_security]
	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
	NOTE: the changelog entries matches the security criteria, but the changelog
	NOTE: claims so.
	- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
	- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
	- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
	- obexftp 0.10.7-3
CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in events_fu ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for Max ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attacke ...)
	NOT-FOR-US: MailEnable
CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and Profess ...)
	NOT-FOR-US: MailEnable
CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows re ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows rem ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) re ...)
	NOT-FOR-US: NetVault
CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM F ...)
	NOT-FOR-US: XM Forum
CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro bef ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO  ...)
	NOT-FOR-US: SonicWALL
CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: PayProCart
CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCo ...)
	NOT-FOR-US: PayProCart
CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode PayProCa ...)
	NOT-FOR-US: PayProCart
CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows re ...)
	NOT-FOR-US: LOG-FT File Transfer
CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 al ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtai ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
	NOT-FOR-US: ProductCart
CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
	NOT-FOR-US: ProductCart
CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users  ...)
	NOT-FOR-US: SCO
CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin be ...)
	- phpmyadmin 3:2.6.2-rc1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-3/
CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location f ...)
	NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite a ...)
	- sharutils 1:4.2.1-13
CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for Mozil ...)
	{DSA-781-1}
	- mozilla 2:1.7.7-1 (bug #306001)
	- mozilla-firefox 1.0.2-3
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
	NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0. ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows  ...)
	NOT-FOR-US: Apple
CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jed ...)
	NOT-FOR-US: Star Wars game
CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to  ...)
	NOT-FOR-US: Quake 3 based games
CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another For ...)
	NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft EPa ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attack ...)
	NOT-FOR-US: Rumba
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT Bl ...)
	NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ker ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
	NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o  ...)
	NOT-FOR-US: Apple
CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ear ...)
	NOT-FOR-US: Apple
CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ea ...)
	NOT-FOR-US: Apple
CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X 10.3. ...)
	NOT-FOR-US: Apple
CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and execu ...)
	NOT-FOR-US: Apple
CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in M ...)
	NOT-FOR-US: Apple
CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote  ...)
	NOT-FOR-US: CA eTrust IDS
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service (appli ...)
	- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
	- openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions,  ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlie ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier all ...)
	NOT-FOR-US: Kerio firewall
CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine  ...)
	NOT-FOR-US: ACPI BIOS hardware issue
CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart a ...)
	NOT-FOR-US: SquirrelCart
CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-R ...)
	- horde3 3.0.4-1
	- horde2 2.2.8-1
CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c  ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may a ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attacker ...)
	NOT-FOR-US: BayTech RPC
CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kar ...)
	NOT-FOR-US: InterAKT MX Kart
CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote at ...)
	NOT-FOR-US: InterAKT MX Shop
CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remo ...)
	NOT-FOR-US: Windows
CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
	{DSA-730-1}
	- bzip2 1.0.2-6
	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
	NOTE: attacker would have to exploit the minimal time span between uncompressing
	NOTE: the file and chmodding it to delete the file and place a hardlink to another
	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 all ...)
	NOT-FOR-US: PafileDB
CVE-2005-0951
	REJECTED
CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
	NOT-FOR-US: FastStone 4in1 Browser
CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in  ...)
	NOT-FOR-US: PortalApp
CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows remot ...)
	NOT-FOR-US: PortalApp
CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
	NOT-FOR-US: phpCoin
CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remot ...)
	NOT-FOR-US: phpCoin
CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remo ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.86 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlie ...)
	NOT-FOR-US: Cisco
CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: Sybase ASE
CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
	- openoffice.org 1.1.3-9
CVE-2005-0939
	RESERVED
CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ro ...)
	NOT-FOR-US: UBlog
CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform get_use ...)
	- kernel-source-2.6.8 2.6.8-16
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
	- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
	- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
	- kdenetwork 4:3.3.2-2
CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal St ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 al ...)
	NOT-FOR-US: WackoWiki
CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b an ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier a ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 al ...)
	NOT-FOR-US: The Includer
CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness 2. ...)
	NOT-FOR-US: Chatness
CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote  ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP P ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has  ...)
	NOT-FOR-US: WebAPP
CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ca ...)
	- sylpheed 1.0.4-1
	- sylpheed-claws 1.0.4-1
CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton A ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton An ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
	NOT-FOR-US: Lotus
CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow r ...)
	NOT-FOR-US: Bugtracker.NET
CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier,  ...)
	NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for Encaps ...)
	NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
	- kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypas ...)
	NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9 ...)
	NOT-FOR-US: CPG Dragonfly
CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier (modifier.regex_re ...)
	- smarty 2.6.8-1
CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, p ...)
	NOT-FOR-US: deplate
CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote atta ...)
	NOT-FOR-US: exoops
CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow re ...)
	NOT-FOR-US: exoops
CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's Sho ...)
	NOT-FOR-US: THai's Shoutbox
CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shop ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network lib ...)
	NOT-FOR-US: Tincat network library
CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially  ...)
	NOT-FOR-US: Maxthon
CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown f ...)
	NOT-FOR-US: Microsoft
CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attacke ...)
	NOT-FOR-US: QuickTime PictureViewer
CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP- ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0 ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which a ...)
	NOT-FOR-US: AS/400 running OS400
CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in E-Stor ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store Kit- ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in p ...)
	NOT-FOR-US: phpMyDirectory
CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Netcomm 1300NB DSL Modem
CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local  ...)
	- openmosixview 1.5-7
CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain uns ...)
	- smail <removed> (bug #335042; unimportant)
	NOTE: cording to upstream impossible to exploit
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local us ...)
	{DSA-722-1}
	- smail 3.2.0.115-7 (bug #301428; high)
CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote a ...)
	NOTE: The description is wrong; 2.6 is affected as well
	- gtk+2.0 2.6.4-1
	- gdk-pixbuf 0.22.0-7.1
CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow att ...)
	- sharutils 1:4.2.1-12
CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows loca ...)
	- sharutils 1:4.2.1-11
CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ot ...)
	NOT-FOR-US: X-News
CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and iPlan ...)
	NOT-FOR-US: Netscape Enterprise Server
CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4 ...)
	NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does n ...)
	- cryptcat 20031202-2
	NOTE: don't know when it was fixed, verified above version is ok
CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers t ...)
	- cgiemail 1.6-14
CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows rem ...)
	NOT-FOR-US: Verity Search97
CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before 1. ...)
	- squirrelmail 1:1.2.3
CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelM ...)
	- squirrelmail 1:1.2.3
CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...)
	- squirrelmail 1:1.2.3
CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user  ...)
	- slash 2.2.6-8 (bug #160579; low)
	[sarge] - slash <no-dsa> (Minor security implications)
CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for Wo ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0 ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ( ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction lo ...)
	- postgresql 7.2.3
CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configur ...)
	NOT-FOR-US: Oracle
CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-1638
	REJECTED
CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are install ...)
	NOT-FOR-US: Oracle
CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
	NOT-FOR-US: Oracle
CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application Se ...)
	NOT-FOR-US: Oracle
CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote atta ...)
	NOT-FOR-US: NetWare
CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
	NOT-FOR-US: QNX
CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages tha ...)
	NOT-FOR-US: Oracle
CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) al ...)
	NOT-FOR-US: Oracle
CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST,  ...)
	NOT-FOR-US: Multi-Tech ProxyServer
CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote at ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.p ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allo ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
	NOT-FOR-US: XMB Forum
CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by d ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for Di ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0  ...)
	NOT-FOR-US: BirdBlog
CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for In ...)
	NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) index ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3  ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache vi ...)
	- dnsmasq 2.21
CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers  ...)
	- dnsmasq 2.21
CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0,  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Ora ...)
	NOT-FOR-US: Oracle
CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in  ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when  ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
	- phpsysinfo 2.3-7
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
	- phpsysinfo 2.3-3 (bug #301118; unimportant)
CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) I ...)
	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite k ...)
	- kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ov ...)
	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
	[sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
	[woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass in ...)
	NOT-FOR-US: Scalable OGo (SOGo)
CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vo ...)
	NOT-FOR-US: Mike Spice Mike's Vote CGI
CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me!  ...)
	NOT-FOR-US: Mike Spice Quiz CGI
CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
	NOT-FOR-US: Mike Spice My Calendar
CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when loggin ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using Agg ...)
	NOT-FOR-US: General protocol flaw, cannot be fixed
CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attac ...)
	NOT-FOR-US: AIX
CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
	NOT-FOR-US: AIX
CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PS ...)
	NOT-FOR-US: AIX
CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attac ...)
	NOT-FOR-US: AIX
CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) roo ...)
	NOT-FOR-US: Samsung ADSL modems
CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and pos ...)
	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows re ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0. ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow attacker ...)
	NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows  ...)
	NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows remot ...)
	NOT-FOR-US: CzarNews
CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier al ...)
	NOT-FOR-US: CoolForum
CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0 ...)
	NOT-FOR-US: CoolForum
CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
	NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sen ...)
	NOT-FOR-US: CoolForum
CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote  ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, wh ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of servi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a d ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Code Ocean FTP Server
CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not p ...)
	NOT-FOR-US: HP-UX
CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ex ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute arbitra ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4. ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g,  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g,  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly re ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE ...)
	- screen <not-affected> (HAVE_BRAILLE not set in binary build)
CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email auto- ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in SurgeMai ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of  ...)
	NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows re ...)
	NOT-FOR-US: Phorum
CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...)
	NOT-FOR-US: Kayako eSupport
CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit ...)
	NOT-FOR-US: phpmyfamily
CVE-2005-0840
	REJECTED
CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and obta ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up t ...)
	NOT-FOR-US: Java Web Start for proprietary Sun Java
CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows re ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a mann ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allow ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by  ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier,  ...)
	NOT-FOR-US: Xzabite DynDNS Updater
CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the Digitan ...)
	NOT-FOR-US: PHP-Fusion Addon
CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1. ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: OllyDbg MS Windows debugger
CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute a ...)
	- ltris 1.0.6-1.1 (bug #291620)
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1. ...)
	- mathopd 1.5p5-1
CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root privilege ...)
	NOT-FOR-US: Cherokee
CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
	NOT-FOR-US: Cherokee
CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Se ...)
	NOT-FOR-US: Nokia Firewall appliances
CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
	NOT-FOR-US: Cayman DSL router
CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local use ...)
	NOTE: I could track this down to this posting
	NOTE: http://web.archive.org/web/20051206035530/http://cert.uni-stuttgart.de:80/archive/vuln-dev/2001/11/msg00104.html
	NOTE: This looks very obscure an does not contain useful information on how this
	NOTE: was triggered and even then it's not a problem, as mcedit usage does not
	NOTE: have a remote impact and is not suid
CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped  ...)
	NOT-FOR-US: IPC@CHIP Embedded web server
CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allow ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel S ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132 ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
	- cernlib 2004.11.04-3
CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usern ...)
	NOT-FOR-US: iSnooker
CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
	NOT-FOR-US: Citrix
CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 all ...)
	NOT-FOR-US: Citrix
CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in t ...)
	NOT-FOR-US: MS Office
CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attacke ...)
	NOT-FOR-US: Novell Netware
CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote  ...)
	NOT-FOR-US: Pun BB
CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway S ...)
	NOT-FOR-US: Symantec Gateway
CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in L ...)
	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1  ...)
	{DSA-717-1}
	- lsh-utils 2.0.1-1
CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0 ...)
	NOT-FOR-US: ir
CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access  ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote att ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote at ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CVE-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote  ...)
	NOT-FOR-US: Cain &amp; Abel
CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ( ...)
	- evolution 2.0.4-2
CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when mag ...)
	NOT-FOR-US: Subdreamer
CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers  ...)
	NOT-FOR-US: MailEnable
CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allo ...)
	NOT-FOR-US: Windows
CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer allo ...)
	NOT-FOR-US: The Includer
CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 a ...)
	NOT-FOR-US: mcNews
CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers wi ...)
	NOT-FOR-US: MySQL on Windows
CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages if ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote att ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes direct ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scr ...)
	NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...)
	NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to e ...)
	NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2 ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote atta ...)
	NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2 ...)
	NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5 ...)
	NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allo ...)
	NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ca ...)
	NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attac ...)
	NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is a ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5 ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify admini ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not l ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts i ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 th ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
	NOT-FOR-US: IDA Pro
CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet S ...)
	NOT-FOR-US: GoodTech Telnet Server
CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allow ...)
	- kernel-source-2.6.8 2.6.8-15
CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 throug ...)
	- ethereal 0.10.10-1
CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows  ...)
	- ethereal 0.10.10-1
CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
	- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allo ...)
	{DSA-698-1}
	- mc 1:4.6.0-4.6.1-pre3-1
	NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote attack ...)
	- imagemagick 5:6.0.2.5 (bug #301110)
CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to  ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of se ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
	- gzip 1.3.5-10 (low)
	- bzip2 1.0.2-8.1 (bug #321286; low)
	[sarge] - bzip2 <no-dsa> (Minor issue)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux  ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
	- linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on t ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player  ...)
	- helix-player 1.0.4-1
CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without con ...)
	- kdewebdev 1:3.3.2-6
CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to execu ...)
	{DSA-742-1}
	- cvs 1:1.12.9-13
CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote  ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-0751
	REJECTED
CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
	- kernel-source-2.4.27 2.4.27-10
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local  ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-10
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in KnowledgeBuild ...)
	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe d ...)
	NOT-FOR-US: Adobe PhotoDeluxe
CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows rem ...)
	NOT-FOR-US: Advanced Poll
CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for multi ...)
	NOT-FOR-US: WinVNC
CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a den ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attacke ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a den ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a den ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log message ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove arbitrar ...)
	NOT-FOR-US: no_package
	NOTE: Debian's nvi recover script is very different
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
	- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allo ...)
	NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable permi ...)
	- wine 0.0.20050310-1.1
CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attacke ...)
	- openslp 1.0.11a-2
CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mai ...)
	NOT-FOR-US: WEBInsta
CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: ApplyYourself
CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allow ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local use ...)
	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 a ...)
	NOT-FOR-US: Xoops
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System Applicatio ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 a ...)
	NOT-FOR-US: YaBB
CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attac ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does n ...)
	{DSA-718-1}
	- ethereal 0.10.10-1
CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain privilege ...)
	NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows  ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0728
	REJECTED
CVE-2005-0727
	REJECTED
CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows  ...)
	NOT-FOR-US: UBB.threads
CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in wfsfile ...)
	NOT-FOR-US: wfsections
CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: paFileDB
CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in f ...)
	NOT-FOR-US: paFileDB
CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the we ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2  ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP mcN ...)
	NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix 4. ...)
	NOT-FOR-US: Tru64
CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denia ...)
	- squid 2.5.8 (bug #305605)
CVE-2005-0717
	RESERVED
CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Dr ...)
	NOT-FOR-US: Mac OS
CVE-2005-0714
	REJECTED
CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launch ...)
	NOT-FOR-US: Mac OS
CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain di ...)
	NOT-FOR-US: Mac OS
CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable fil ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authen ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authen ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
	- kfreebsd-8 <not-affected> (Fixed before initial release; bug #613311)
	- kfreebsd-7 <not-affected> (Fixed before initial release; bug #613311)
CVE-2003-1130
	REJECTED
CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) Acti ...)
	NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between  ...)
	NOT-FOR-US: X2 XMMS Remote
CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
	NOT-FOR-US: e-Gap
CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on  ...)
	NOT-FOR-US: SunOne/iPlanet
CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5 ...)
	NOT-FOR-US: SunOne
CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
	NOT-FOR-US: Sun Management Center
CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
	NOT-FOR-US: Sun JRE
CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses insecu ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a denia ...)
	- openssh <not-affected>
CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...)
	- setiathome 3.04
CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem  ...)
	NOT-FOR-US: RealSystem Server
CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel Network ...)
	NOT-FOR-US: Nortel Networks Succession Communication Server
CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix Tele ...)
	NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP Expr ...)
	NOT-FOR-US: IPTel SIP Express Router
CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate Firewal ...)
	NOT-FOR-US: Ingate Firewall and Ingate SIParator
CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple dynam ...)
	NOT-FOR-US: dynamicsoft
CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP U ...)
	NOT-FOR-US: Columbia SIP User Agent
CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel OmniPC ...)
	NOT-FOR-US: Alcatel
CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
	NOT-FOR-US: Microsoft
CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 al ...)
	NOT-FOR-US: MSIE
CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remot ...)
	NOT-FOR-US: IBM Tivoli Firewall Toolbox
CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS  ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ins ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to o ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird Cyb ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files wi ...)
	NOT-FOR-US: shar on HP-UX
CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
	NOT-FOR-US: HP-UX)
CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when  ...)
	NOT-FOR-US: HP-UX)
CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds (clas ...)
	NOT-FOR-US: Mike Spice's My Classifieds
CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content  ...)
	- dansguardian 2.4.5-1
CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earli ...)
	NOT-FOR-US: Computer Associates MLink
CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attacker ...)
	NOT-FOR-US: Cisco
CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attacker ...)
	NOT-FOR-US: Cisco
CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to re ...)
	NOT-FOR-US: Cisco
CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a sy ...)
	- shadow <not-affected> (Debian's pwck and grpck do not overflow and are not suid)
CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ho ...)
	- apache2 2.0.42
CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI app ...)
	- apache2 2.0.36
CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted  ...)
	NOT-FOR-US: AIM in MSIE
CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collabo ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
	[sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code)
	- grip 3.2.0-4 (low)
	- libcdaudio 0.99.9-2.1 (bug #304799; low)
	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
	- gnome-vfs2 2.10.1-3
CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ig ...)
	- ethereal 0.10.10-1
CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0. ...)
	- ethereal 0.10.10-1
CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows r ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1769 (The "Allow cPanel users to reset their password via email" feature in  ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain priv ...)
	NOT-FOR-US: Solaris
CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature  ...)
	NOT-FOR-US: NetScreen-Security Manager
CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apa ...)
	- libapache-mod-security <not-affected> (only seems to affect 1.7.4, not the newer branch in Debian)
CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, an ...)
	NOT-FOR-US: HP-UX
CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
	NOT-FOR-US: hsrun.exe
CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux bef ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
	- ethereal 0.10.3
CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...)
	NOT-FOR-US: Cisco
CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM serve ...)
	NOT-FOR-US: Cisco
CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the admin ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 SP ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses passwo ...)
	NOT-FOR-US: Cisco
CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" s ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain cod ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a J ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition  ...)
	- file 3.4.1
CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streamin ...)
	NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attac ...)
	NOT-FOR-US: AbsoluteTelnet
CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
	NOT-FOR-US: Xerox MicroServer Web Server
CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote atta ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i  ...)
	NOT-FOR-US: Oracle
CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows remo ...)
	NOT-FOR-US: Aztek
CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the CD ...)
	- ethereal 0.10.9-2
CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...)
	NOT-FOR-US: PHPWebLog
CVE-2005-0697 (SQL injection vulnerability in the process_picture function xp_publish ...)
	NOT-FOR-US: CopperExport
CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authentic ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting Controll ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under t ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attack ...)
	NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fu ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for modules.ph ...)
	NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control cons ...)
	NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute arbitr ...)
	NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, allo ...)
	NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers t ...)
	- hashcash 1.17-1
CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf suppor ...)
	- mlterm 2.9.2 (bug #298621)
CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ( ...)
	NOT-FOR-US: OutStart Participate Enterprise
CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.0 ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-0683
	REJECTED
CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal befor ...)
	- drupal 4.5.2
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in download_center_lite.inc.ph ...)
	NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for T ...)
	NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form M ...)
	NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain act ...)
	NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL error ...)
	NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 al ...)
	NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox  ...)
	NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ph ...)
	- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows re ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2. ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 th ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prev ...)
	NOT-FOR-US: HAVP
CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9 ...)
	- sylpheed 1.0.3-1
	- sylpheed-claws 1.0.3-1
CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 be ...)
	- kernel-patch-adamantix 1.7
CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly  ...)
	{DSA-709-1}
	- libexif 0.6.9-5
CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in session. ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 al ...)
	NOT-FOR-US: D-Forum
CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive i ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
	NOT-FOR-US: TYPO3 extension
CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4. ...)
	NOT-FOR-US: Computalynx CProxy
CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 all ...)
	NOT-FOR-US: auraCMS
CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: auraCMS
CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote att ...)
	NOTE: this is not a security issue according to maintainer
CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
	- phpmyadmin 3:2.6.1-pl3-1
CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha  ...)
	NOT-FOR-US: OpenVMS
CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remo ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5 ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cro ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow rem ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject arb ...)
	NOT-FOR-US: paNews
CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
	NOT-FOR-US: paNews
CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1 ...)
	NOT-FOR-US: CuteNews
CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before 443 ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before 435 ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer Associa ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer  ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
	{DSA-695-1 DSA-694-1}
	- xloadimage 4.1-14.2
	- xli 1.17.0-17
CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to exe ...)
	{DSA-695-1 DSA-694-1}
	- xli 1.17.0-18
	- xloadimage 4.1-14.1 (bug #298926)
CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote attack ...)
	NOT-FOR-US: Foxmail
CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to execu ...)
	NOT-FOR-US: Foxmail
CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to e ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 a ...)
	NOT-FOR-US: PHPNews
CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete a ...)
	NOT-FOR-US: PBLang
CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ar ...)
	NOT-FOR-US: PBLang
CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in  ...)
	NOT-FOR-US: 427BB
CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 all ...)
	NOT-FOR-US: Forumwa
CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be wo ...)
	- qt-x11-free <not-affected> (RPATH disabled in Debian's build)
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products a ...)
	NOT-FOR-US: Symantec DNSd
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full  ...)
	NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 an ...)
	NOT-FOR-US: Zorum
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Net ...)
	- squid 2.5.9-2
CVE-2005-0940
	REJECTED
CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, whic ...)
	- reportbug 3.8 (bug #295407)
CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
	- reportbug 3.8 (bug #295407)
CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions bef ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows  ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Scrapland
CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the world- ...)
	NOT-FOR-US: Einstein
CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and pass ...)
	NOT-FOR-US: Einstein
CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R  ...)
	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.7 ...)
	NOT-FOR-US: PostNuke
CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download mo ...)
	NOT-FOR-US: PostNuke
CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.p ...)
	NOT-FOR-US: PostNuke
CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ga ...)
	- phpbb2 2.0.13-1
CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, a ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
	NOT-FOR-US: Cisco
CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.105 ...)
	NOT-FOR-US: Real
CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in F ...)
	NOT-FOR-US: FreeBSD portupgrade
CVE-2005-0609
	REJECTED
CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
	NOT-FOR-US: Half Life WebMod
CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the  ...)
	NOT-FOR-US: CubeCert
CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeC ...)
	NOT-FOR-US: CubeCert
CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a  ...)
	{DSA-723-1}
	- lesstif2 1:0.93.94-11.1 (bug #298183; bug #299236)
	NOTE: libxmp4 is the real culprit
	- xfree86 4.3.0.dfsg.1-13
	- xorg-x11 <not-affected> (Fixed before upload into archive)
	- openmotif 2.2.3-1.1 (bug #308819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the usern ...)
	NOT-FOR-US: GFI Languard Network Security Scanner
CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to o ...)
	- phpbb2 2.0.13-1
CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
	- unzip 5.52-1
	NOTE: um, tar does this too, not really considered a security hole
CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
	NOT-FOR-US: Real
CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon cra ...)
	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
	- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to  ...)
	NOT-FOR-US: BadBlue
CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
	NOT-FOR-US: Apple
CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers  ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefo ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
	- mozilla-firefox 1.0.1
CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...)
	- mozilla-firefox 1.0.1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers  ...)
	- mozilla-firefox 1.0.1
CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious  ...)
	NOTE: windows only
CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious  ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domai ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTT ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License  ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 al ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client a ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges be ...)
	NOT-FOR-US: cmd5checkpw
CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTH ...)
	NOT-FOR-US: FreeNX
CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable  ...)
	- mozilla-firefox 1.0.1-1
CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier  ...)
	NOT-FOR-US: MKBold-MKItalic
CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font  ...)
	NOT-FOR-US: STSF in Solaris
CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
	NOT-FOR-US: Stormy Studios Knet
CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows remot ...)
	NOT-FOR-US: CIS Webserver
CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a denia ...)
	NOTE: Historic Gaim on Windows
CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to  ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitr ...)
	NOT-FOR-US: PunBB
CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: PunBB
CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote att ...)
	NOT-FOR-US: PunBB
CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a den ...)
	NOT-FOR-US: Soldier of Fortune II
CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...)
	- phpmyadmin 3:2.6.1-pl2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-1/
CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remot ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote att ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and  ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Acce ...)
	NOT-FOR-US: Microsoft
CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
	NOT-FOR-US: MSN Messenger
CVE-2005-0561
	RESERVED
CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in x ...)
	NOT-FOR-US: Exchange server
CVE-2005-0559
	RESERVED
CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allow ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0557
	RESERVED
CVE-2005-0556
	RESERVED
CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer  ...)
	NOT-FOR-US: MSIE
CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer 5. ...)
	NOT-FOR-US: MSIE
CVE-2005-0553 (Race condition in the memory management routines in the DHTML object p ...)
	NOT-FOR-US: MSIE
CVE-2005-0552
	RESERVED
CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
	NOT-FOR-US: Microsoft
CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Docume ...)
	NOT-FOR-US: Solaris
CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Docume ...)
	NOT-FOR-US: Solaris
CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
	NOT-FOR-US: Apple Java plugin
CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote atta ...)
	NOT-FOR-US: Gaucho
CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote  ...)
	NOT-FOR-US: Ground Control II
CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: RealVNC
CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when  ...)
	NOT-FOR-US: Attack Mitigator IPS 5500
CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ( ...)
	NOT-FOR-US: NtRegmon
CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ru ...)
	NOT-FOR-US: NetworkEverywhere NR041
CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snip ...)
	NOT-FOR-US: PHP Code Snippet Library
CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote attacker ...)
	NOT-FOR-US: Painkiller
CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to caus ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote attack ...)
	NOT-FOR-US: WebAPP
CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: musicd
CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: musicd
CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Bird Chat
CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows r ...)
	NOT-FOR-US: JShop
CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows r ...)
	- cacti 0.8.5a-5
CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
	- cacti 0.8.5a-5
CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in  ...)
	- sympa 4.1.5-4 (bug #298105; unimportant)
	NOTE: A user with the privilege to create new mailing lists needs to be trustworthy
CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remot ...)
	- mantis 0.19.2-1
CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions al ...)
	- mydms 1.4.3-1
CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4. ...)
	- mydms 1.4.3-1
CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send e ...)
	- mantis 0.19.0-1
CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows r ...)
	- mantis 0.19.0-1
CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
	NOT-FOR-US: Nihuo Web Log Analyzer
CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote  ...)
	NOT-FOR-US: sarad
CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service (refu ...)
	NOT-FOR-US: BadBlue
CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm. ...)
	NOT-FOR-US: XV
CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers t ...)
	NOT-FOR-US: XV
CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server 5.2. ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail Se ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak Mai ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail S ...)
	NOT-FOR-US: Merak Webmail Server
CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 an ...)
	NOT-FOR-US: IPD
CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv (ghost ...)
	- gv 1:3.6.1-1
CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows  ...)
	NOT-FOR-US: PForum
CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4  ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) firewall.ini ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01 ...)
	NOT-FOR-US: PRM on HP-UX
CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote atta ...)
	NOT-FOR-US: TypePad
CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before  ...)
	- moodle 1.4-1
CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via she ...)
	NOT-FOR-US: page.cgi
CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Webbsyte
CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracl ...)
	NOT-FOR-US: Oracle
CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote attack ...)
	NOT-FOR-US: U.S. Robotics wireless access point
CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privilege ...)
	NOT-FOR-US: WpQuiz
CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
	NOT-FOR-US: Fusion News
CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecure ...)
	NOT-FOR-US: Lexar Safe Guard
CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in H ...)
	NOT-FOR-US: diagmond on HP-UX
CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11 ...)
	NOT-FOR-US: ftpd on HP-UX
CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attac ...)
	- cyrus21-imapd 2.1.18-1
CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Activ ...)
	NOT-FOR-US: MS Office
CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of th ...)
	- phpmyadmin 3:2.6.1-pl2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-2/
CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows re ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 a ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server  ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote at ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before  ...)
	NOT-FOR-US: IBM
CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ( ...)
	NOT-FOR-US: ginp
CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) S ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x bef ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI befo ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for Lin ...)
	- kernel-source-2.6.8 2.6.8-14
	NOTE: affects only 2.6 (see #296906)
CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for of ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
	REJECTED
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via plug ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 all ...)
	NOT-FOR-US: PBLang
CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 a ...)
	{DSA-729-1 DSA-708-1}
	- php4 4:4.3.10-10
	- php3 3:3.0.18-31
CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 an ...)
	- php3 <not-affected>
	- php4 4:4.3.10-10
CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows rem ...)
	{DSA-719-1}
	- prozilla 1:1.3.7.4-1
CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in  ...)
	NOT-FOR-US: Chat Anywhere
CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including password ...)
	NOT-FOR-US: SendLink
CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arb ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arb ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: eXeem
CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext  ...)
	NOT-FOR-US: PeerFTP
CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote  ...)
	NOT-FOR-US: ImageGalleryPlugin for Twiki
CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other version ...)
	NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5. ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the E ...)
	NOT-FOR-US: pMachine
CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allo ...)
	NOT-FOR-US: Mambo
CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in H ...)
	NOT-FOR-US: vBulletin
CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine  ...)
	NOT-FOR-US: pMachine
CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause  ...)
	NOT-FOR-US: fallback-reboot
CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5  ...)
	NOTE: default config of Mono not vulnerable
	- mono 1.1.6-4 (medium)
CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attack ...)
	- batik 1.5.1-1
CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier allo ...)
	NOT-FOR-US: SD Server
CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP S ...)
	NOT-FOR-US: Avaya IP Office Phone Manager
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before 1.5 ...)
	- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial dr ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.6.8 2.6.8-12
	- kernel-source-2.6.9 2.6.9-5
	- kernel-source-2.6.10 2.6.10-2
	- kernel-source-2.4.27 2.4.27-8
CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
	- uim 1:0.4.6beta2-1
CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows r ...)
	NOT-FOR-US: Xinkaa
CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Bontago
CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spo ...)
	NOT-FOR-US: MSIE6
CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain s ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain pr ...)
	NOT-FOR-US: ADP Elite System
CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that  ...)
	NOT-FOR-US: Arkeia Network Backup
CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote at ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable mo ...)
	NOT-FOR-US: Thomson TCW690 cable modem
CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2. ...)
	NOT-FOR-US: Biz Mail From
CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause  ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows  ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and  ...)
	- curl 7.13.0-2
CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2 ...)
	- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in c ...)
	- cfengine2 2.1.8-1
CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnac ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers t ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earl ...)
	NOT-FOR-US: PopMessenger
CVE-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter  ...)
	NOT-FOR-US: Computer Associates Unicenter Management Portal
CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default user ...)
	NOT-FOR-US: Symantec
CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ( ...)
	NOT-FOR-US: Mambo
CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1. ...)
	NOT-FOR-US: Mambo
CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a de ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3 ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root  ...)
	- sudo 1.6.8p3-1
CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Pigeon Server
CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04  ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to byp ...)
	NOT-FOR-US: MSIE
CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ru ...)
	NOT-FOR-US: SMC router
CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an A ...)
	NOT-FOR-US: Zyxel
CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
	NOT-FOR-US: crrtrap
CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote authen ...)
	NOT-FOR-US: QNX FTP
CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-in ...)
	NOT-FOR-US: QNX
CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware 2.1.11 ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote at ...)
	NOT-FOR-US: TwinFTP
CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remo ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive inform ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6 ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denia ...)
	NOT-FOR-US: Serv-U FTP
CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web M ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 w ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 wi ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Po ...)
	NOT-FOR-US: Subjects
CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
	NOT-FOR-US: Halo Combat Evolved
CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 al ...)
	NOT-FOR-US: PsNews
CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Call of Duty
CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as Sto ...)
	NOT-FOR-US: Engenio/LSI Logic storage controllers
CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: YaBB
CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: MailWorks
CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier  ...)
	NOT-FOR-US: CuteNews
CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3. ...)
	NOT-FOR-US: CuteNews
CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with administrat ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events Vi ...)
	NOT-FOR-US: DasBlog
CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows r ...)
	NOT-FOR-US: Comersus Shopping Cart
CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ear ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite 0.9.3 ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, whic ...)
	- openssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
	NOTE: See bug #296547 for details
CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if th ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP add ...)
	NOT-FOR-US: D-Link DCS-900
CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to e ...)
	NOT-FOR-US: Msinfo32.exe
CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangeP ...)
	NOT-FOR-US: Password Protect
CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote attacker ...)
	NOT-FOR-US: Password Protect
CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
	NOT-FOR-US: Xedus
CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote at ...)
	NOT-FOR-US: Xedus
CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
	NOT-FOR-US: Xedus
CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of se ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a den ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
	NOT-FOR-US: Titan
CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and  ...)
	NOT-FOR-US: XOOPS
CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem  ...)
	NOT-FOR-US: Thomson cable modem
CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and  ...)
	- krb4 <unfixed> (unimportant)
	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	- krb5 1.8.3+dfsg-4 (unimportant)
	[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	- netkit-telnet <not-affected> (netkit-telnet is not affected)
	NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check
CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows re ...)
	NOTE: This is not a real security issue; it just describes the fact that the Gecko
	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
	NOTE: during transfer any user will cancel the transfer and if you load it from the
	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
	NOTE: generally try to make sense of anything even remotely resembling HTML.
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
	NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers t ...)
	NOT-FOR-US: Hawking Technologies HAR11A modem/router
CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection functio ...)
	NOT-FOR-US: WvTftp
CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insi ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, whe ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
	- bugzilla 2.16.7
CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
	- moniwiki 1.0.9
CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduc ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open Wor ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
	NOT-FOR-US: Dwc_articles
CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows remot ...)
	- rssh 2.2.2
CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
	NOT-FOR-US: ability server
CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, a ...)
	NOT-FOR-US: ability server
CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown  ...)
	NOT-FOR-US: pGina
CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening exte ...)
	NOT-FOR-US: Carbon Copy
CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allow ...)
	NOT-FOR-US: UBB.threads
CVE-2004-1621
	NOT-FOR-US: Lotus Notes
CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows remot ...)
	NOT-FOR-US: Serendipity
CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows remote at ...)
	NOT-FOR-US: Privateer's Bounty: Age of Sail II
CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a de ...)
	NOT-FOR-US: Tonecast
CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers  ...)
	{DSA-1077-1 DSA-1076-1}
	- lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low)
	- lynx-cur 2.8.6-6 (low)
	- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory con ...)
	- links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid me ...)
	NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service (applicat ...)
	- mozilla-firefox <not-affected> (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6)
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service (applicat ...)
	NOTE: example page did not bother firefox 1.0+dfsg.1-6
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote atta ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before perfo ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain fil ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive info ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers  ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by mod ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbi ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users t ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amo ...)
	- proftpd 1.2.10-4
CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable a ...)
	NOT-FOR-US: coolphp
CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain sensit ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-s ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ar ...)
	NOT-FOR-US: Acrobat
CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote at ...)
	NOT-FOR-US: RIM Blackberry
CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remot ...)
	NOT-FOR-US: 3COM router
CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers t ...)
	NOT-FOR-US: ShixxNote
CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode. ...)
	NOT-FOR-US: SCT email client
CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...)
	- ocportal <itp> (bug #625865)
CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM runni ...)
	NOT-FOR-US: Micronet Wireless Router
CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via a ...)
	NOT-FOR-US: clientexec
CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board allo ...)
	NOT-FOR-US: GoSmart
CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote att ...)
	NOT-FOR-US: GoSmart
CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator  ...)
	NOT-FOR-US: Monolith Games
CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as "shu ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows r ...)
	- wordpress 1.2.1-1.1
CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 an ...)
	NOT-FOR-US: FTP server in TriDComm
CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows rem ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remo ...)
	NOT-FOR-US: CubeCart
CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive  ...)
	NOT-FOR-US: CubeCart
CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision Powe ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive infor ...)
	NOT-FOR-US: phplinks
CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and e ...)
	NOT-FOR-US: Judge Dredd
CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a  ...)
	- xerces25 2.5.0-4
	- xerces24 2.4.0-4
	- xerces23 <not-affected> (not affected, see bug #296432)
	- xerces21 <not-affected> (not affected, see bug #296466)
CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote a ...)
	NOT-FOR-US: Vypress
CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set permis ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data,  ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via  ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote att ...)
	NOT-FOR-US: bBlog
CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) a ...)
	NOT-FOR-US: dbPowerAmp
CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
	NOT-FOR-US: Parachat
CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm  ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full  ...)
	NOT-FOR-US: w-Agora
CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
	NOT-FOR-US: w-Agora
CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a  ...)
	NOT-FOR-US: w-Agora
CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows  ...)
	NOT-FOR-US: w-Agora
CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers t ...)
	- icecast2 2.0.2.debian-1
CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 a ...)
	- wordpress 1.2.2-1.1
CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 th ...)
	NOT-FOR-US: YahooPOPS
CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, mo ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Messa ...)
	NOT-FOR-US: BroadBoard Instant ASP Message Board
CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex G ...)
	NOT-FOR-US: @lex GuestBook
CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to  ...)
	NOT-FOR-US: aspWebAlbum
CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers  ...)
	NOT-FOR-US: aspWebCalendar
CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file  ...)
	NOT-FOR-US: PafileDB
CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote at ...)
	NOT-FOR-US: Motorola Router
CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of pass ...)
	NOT-FOR-US: ActivePost
CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost Sta ...)
	NOT-FOR-US: ActivePost
CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote a ...)
	NOT-FOR-US: ActivePost
CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to c ...)
	NOT-FOR-US: MDaemon
CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache  ...)
	- moniwiki 1.0.9-4
CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupp ...)
	NOT-FOR-US: Kyako ESupport
CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
	NOT-FOR-US: Tarantella Secure Global Desktop
CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0 ...)
	NOT-FOR-US: paNews
CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
	NOT-FOR-US: GProFTPD
CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk ...)
	NOT-FOR-US: Glftpd
CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files  ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlie ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote  ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision  ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows r ...)
	NOT-FOR-US: hpm_guestbook.cgi
CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other version ...)
	NOT-FOR-US: paFAQ
CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in user.p ...)
	- webcalendar 0.9.45-3
CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
	- gaim 1:1.1.3-1
CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
	{DSA-716-1}
	- gaim 1:1.1.3-1
CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long file ...)
	NOT-FOR-US: SUN JRE
CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
	- wpasupplicant 0.3.8-1
CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based Tel ...)
	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
	- krb4 1.2.2-11.2 (bug #306141)
	- krb5 1.3.6-2
	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
	- netkit-telnet 0.17-28
	- heimdal 0.6.3-10
CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
	{DSA-731-1 DSA-703-1}
	- krb5 1.3.6-2
	- krb4 1.2.2-11.2 (bug #306141)
CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_r ...)
	- putty 0.57-1
CVE-2005-0466
	RESERVED
CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, w ...)
	NOT-FOR-US: SGI IRIX
CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does no ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1. ...)
	- jspwiki 2.0.52-8
CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cv ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows  ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote attacke ...)
	NOT-FOR-US: SecureCRT
CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versio ...)
	NOT-FOR-US: ZyXEL Routers
CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ca ...)
	NOT-FOR-US: Halo: Combat Evolved
CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1. ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...)
	NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled,  ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allow ...)
	NOT-FOR-US: DMS POP3
CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, wh ...)
	NOT-FOR-US: AppServ
CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB)  ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for PHP- ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain c ...)
	NOT-FOR-US: MSIE
CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game pl ...)
	NOT-FOR-US: Hired Team
CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial 2 ...)
	NOT-FOR-US: Hired Team
CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote attacker ...)
	NOT-FOR-US: Army Men RTS
CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mai ...)
	NOT-FOR-US: Eudora
CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authe ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows r ...)
	NOT-FOR-US: phpBugTracker
CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers  ...)
	NOT-FOR-US: Zone Labs IMsecure
CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vB ...)
	NOT-FOR-US: vBulletin
CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to lo ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in 0 ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web browsers ...)
	NOT-FOR-US: Hotfoon
CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying cr ...)
	- webcalendar 0.9.45-1
CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive  ...)
	- webcalendar 0.9.45-1
CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary l ...)
	- webcalendar 0.9.45-1
CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
	- webcalendar 0.9.45-1
CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar all ...)
	- webcalendar 0.9.45-1
CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat fi ...)
	NOT-FOR-US: JAF
CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ( ...)
	NOT-FOR-US: JAF
CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment  ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows re ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in multipl ...)
	NOT-FOR-US: Lithtech
CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form i ...)
	NOT-FOR-US: HELM
CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
	NOT-FOR-US: HELM
CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Pow ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to c ...)
	NOT-FOR-US: WinRAR
CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005  ...)
	NOT-FOR-US: XDICT
CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to inpu ...)
	NOT-FOR-US: ulog-php
CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1 ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote at ...)
	NOT-FOR-US: NewsBruiser
CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to o ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote att ...)
	- phpmyadmin 4:2.6.2 (unimportant)
	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
	NOTE: I think it is not a problem on Debian as far as everybody knows the full
	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in osCommer ...)
	- oscommerce <itp> (bug #532489)
CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugi ...)
	NOT-FOR-US: Opera
CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded binar ...)
	NOT-FOR-US: Opera
CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME type ...)
	NOT-FOR-US: Opera
CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in  ...)
	NOT-FOR-US: Opera
CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to i ...)
	NOT-FOR-US: Opera
CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed f ...)
	NOT-FOR-US: Real
CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not p ...)
	NOT-FOR-US: Lighttpd
CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.N ...)
	NOT-FOR-US: Microsoft
CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows rem ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote at ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before  ...)
	{DSA-1678-1 DSA-696-1}
	- perl 5.8.4-7
CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote a ...)
	NOT-FOR-US: Quake 3
CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Solaris
CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denia ...)
	{DSA-688-1}
	- squid 2.5.8-3
CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows re ...)
	- openwebmail <removed>
CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries u ...)
	NOT-FOR-US: VMware
CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the  ...)
	NOT-FOR-US: CubeCart
CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 allo ...)
	NOT-FOR-US: CubeCart
CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server Enterp ...)
	NOT-FOR-US: Sybase
CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
	- elog 2.5.7+r1558-1
CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 allow ...)
	- elog 2.5.7+r1558-1
CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain se ...)
	- awstats 6.3-1
CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
	- awstats 6.3-1
CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6 ...)
	- awstats 6.3-1
CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read serv ...)
	- awstats 6.3-1
CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 al ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pa ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domai ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin 3 ...)
	NOT-FOR-US: vBulletin
CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
	- pdns 2.9.16-6
CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encr ...)
	- webmin <not-affected> (Gentoo specific)
CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ca ...)
	NOT-FOR-US: Solaris
CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, an ...)
	NOT-FOR-US: Websphere
CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows re ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat f ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows re ...)
	NOT-FOR-US: Microsoft
CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote aut ...)
	NOT-FOR-US: 3com
CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up t ...)
	NOT-FOR-US: Sun Java
CVE-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ea ...)
	NOT-FOR-US: IBM DB2
CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows 20 ...)
	NOT-FOR-US: Windows
CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow  ...)
	NOT-FOR-US: Emdros
CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows  ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows re ...)
	NOT-FOR-US: Spidean PostWrap
CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and  ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ear ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) i ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of  ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibl ...)
	NOT-FOR-US: Openconf
CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images m ...)
	- imagemagick <unfixed> (bug #298051; unimportant)
	NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
	NOTE: <Piet> 'convert -strip' will remove exif data according to http://web.archive.org/web/20130922031724/http://www.imagemagick.org:80/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
	RESERVED
CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email inform ...)
	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
	- kdepim 3.4-1 (bug #305601; low)
	[sarge] - kdepim <no-dsa> (Hardly exploitable)
	NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also
	NOTE: warns that HTML mails introduce the risk of phishing. This could as well
	NOTE: be unimportant
CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterp ...)
	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
	- mozilla-firefox 1.0.2-1
CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozill ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote attacke ...)
	- ipsec-tools 1:0.5-5
CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c fo ...)
	{DSA-702-1}
	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
	- graphicsmagick 1.1.7-1
CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE b ...)
	NOTE: fix in -4 was broken
	- kdelibs 4:3.3.2-6
CVE-2005-0395
	REJECTED
CVE-2005-0394
	RESERVED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...)
	{DSA-733-1}
	- crip 3.5-1sarge2 (low)
CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which all ...)
	{DSA-725-2 DSA-725-1}
	- ppxp 0.2001080415-11
CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and  ...)
	{DSA-712-1}
	- geneweb 4.10-7 (bug #304405)
CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel  ...)
	{DSA-706-1}
	- axel 1.0b-1
CVE-2005-0389
	REJECTED
CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader  ...)
	{DSA-700-1}
	- mailreader 2.3.29-11
CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure s ...)
	{DSA-693-1}
	- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when  ...)
	- wget 1.9.1-11
CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
	- wget 1.9.1-11
CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote attac ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Breed game
CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 all ...)
	NOT-FOR-US: forumKIT
CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) print_catego ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and e ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
	- horde2 <not-affected>
	- horde3 3.0.1-1
CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows  ...)
	NOT-FOR-US: sgallery
CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local  ...)
	NOT-FOR-US: sgallery
CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: sgallery
CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier a ...)
	NOT-FOR-US: bitboard
CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as  ...)
	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
	NOTE: cyrus-sasl2 already has patch applied
	NOTE: oldstable version not affected, thus marking it as done with the oldstable version
	- cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
	- cyrus-sasl2 2.1.19.dfsg1-0sarge2
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allow ...)
	{DSA-686-1}
	- gftp 2.0.18-1
	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ear ...)
	- armagetron 0.2.8.2.1-1 (bug #296840; low)
	[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
	[etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ear ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but oldstable is affected
CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but olstable is affected
CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote attacke ...)
	NOT-FOR-US: CMScore
CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1 ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that w ...)
	- gnupg 1.4.1-1
CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.1 ...)
	- bind9 <not-affected> (Bind on hp-ux)
CVE-2005-0361
	RESERVED
CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterp ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge En ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence  ...)
	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
	- kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
	RESERVED
CVE-2005-0354
	RESERVED
CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel L ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop SY ...)
	NOT-FOR-US: Servers Alive
CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO Op ...)
	NOT-FOR-US: SCO OpenServer
CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and Interne ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor AR ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2004-9999
	REJECTED
CVE-2004-9998
	REJECTED
CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and C ...)
	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ma ...)
	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped)
	- atftp <not-affected> (atftp checks h_length)
	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
	- tftp-hpa <not-affected> (bug #295297; not exploitable)
	NOTE: The address length comes from libc, not the network.
CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat 1 ...)
	- socat 1.4.0.3-1
CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace characte ...)
	NOT-FOR-US: BNC irc proxy
CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12. ...)
	NOT-FOR-US: Real
CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks Com ...)
	NOT-FOR-US: HP StorageWorks Command View XP
CVE-2004-1479
	REJECTED
CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which a ...)
	NOT-FOR-US: JRun
CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: JRun
CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc ...)
	- xine-lib 1-rc6
	- vlc <not-affected> (affected part of xine-lib code copy not present)
	- libcdio 0.69
CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5  ...)
	- xine-lib 1-rc6
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
	- cvs 1:1.12.9
CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions be ...)
	NOT-FOR-US: snipsnap
CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and othe ...)
	NOT-FOR-US: SUS
CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
	- webmin 1.160
	- usermin 1.090
CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0. ...)
	- egroupware 1.0.00.004
CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes non-ima ...)
	- gallery 1.4.4-pl2
CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow attacker ...)
	NOT-FOR-US: WinZip
CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
	- moin 1.2.3-1
CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote atta ...)
	- moin 1.2.3-1
CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a s ...)
	NOT-FOR-US: Cisco
CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when conf ...)
	NOT-FOR-US: Cisco
CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a Lig ...)
	NOT-FOR-US: Cisco
CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access Contr ...)
	NOT-FOR-US: Cisco
CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager 3 ...)
	NOT-FOR-US: Novell
CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary comma ...)
	- cvstrac 1.1.4-1
CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and e ...)
	- xine-lib 1-rc5-1.1
	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF)  ...)
	NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, an ...)
	- glibc 2.3.5 (bug #272210; unimportant)
	NOTE: according to GOTO Masanori this is not a security problem
	NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
	NOTE: Although not a real issue we should play safe with 2.3.5, where the code
	NOTE: was reorganized
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions o ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar w ...)
	- mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
	- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 all ...)
	- mozilla 2:1.7-1
CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers wi ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the d ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewa ...)
	NOT-FOR-US: ScreenOS
CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly earli ...)
	- nessus-core 2.0.12-1
CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows  ...)
	- roundup 0.7.3-1
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in  ...)
	- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in  ...)
	NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.0 ...)
	NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY b ...)
	- putty 0.56-1
CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to execut ...)
	NOT-FOR-US: BlackJumboDog
CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier al ...)
	- subversion 1.0.6-1
CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality i ...)
	- pavuk 0.9pl28-3.1
CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4. ...)
	NOT-FOR-US: Cisco
CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
	NOT-FOR-US: FormMail.php != nms-formmail
CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in  ...)
	NOT-FOR-US: Arcade.php
CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times th ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user nam ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2 ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs  ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and earl ...)
	- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 a ...)
	- moodle 1.4.3-1
CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP ...)
	NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sens ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ( ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in W ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlie ...)
	NOT-FOR-US: ZeroBoard
CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlie ...)
	NOT-FOR-US: WPKontakt
CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2 ...)
	NOT-FOR-US: PsychoStats
CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as us ...)
	NOT-FOR-US: RealOne IE plugin
CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) dis ...)
	NOT-FOR-US: 2Bgal
CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow re ...)
	NOT-FOR-US: Kayako
CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...)
	NOT-FOR-US: Kayako
CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a den ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ea ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web App ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web Applicati ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image Galler ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 throug ...)
	NOT-FOR-US: Ikonboard
CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not  ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39  ...)
	NOT-FOR-US: GNU Board
CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ex ...)
	NOT-FOR-US: iWebNegar
CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote a ...)
	NOT-FOR-US: Asp-rider
CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to a ...)
	NOT-FOR-US: ASP Calendar
CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and  ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...)
	NOT-FOR-US: MacOSX
CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remo ...)
	- usemod-wiki 1.0-6
CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ca ...)
	NOT-FOR-US: Winamp
CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
	NOT-FOR-US: Lithtech engine
CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service  ...)
	- monit 1:4.2.1-1
CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attacker ...)
	- monit 1:4.2.1-1
CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files wi ...)
	- kdelibs 4:3.3.2-2
CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute a ...)
	{DSA-682-1}
	- awstats 6.2-1.2
CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
	- awstats 6.2-1.2
	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book 1. ...)
	NOT-FOR-US: Woltlab Burning Book
CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows remot ...)
	NOT-FOR-US: RealArcade
CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote att ...)
	NOT-FOR-US: RealArcade
CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
	NOT-FOR-US: SafeNet
CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2 ...)
	NOT-FOR-US: php-fusion
CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allow ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
	NOT-FOR-US: PerlDesk
CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite arb ...)
	NOT-FOR-US: Apple
CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP he ...)
	NOT-FOR-US: Apple
CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows rem ...)
	NOT-FOR-US: Apple
CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Foxmail
CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ex ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_ ...)
	- postfix 2.1.4-5
CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web S ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server 5 ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial o ...)
	NOT-FOR-US: LanChat
CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration Se ...)
	NOT-FOR-US: DeskNow Mail server
CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
	NOT-FOR-US: Winrar
CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ver ...)
	NOT-FOR-US: Painkiller
CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows  ...)
	NOT-FOR-US: ZipGenius
CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest fir ...)
	NOT-FOR-US: Netgear
CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arb ...)
	NOT-FOR-US: PafileDB
CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PafileDB
CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game s ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain s ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery W ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7. ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote auth ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6 ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdm ...)
	NOT-FOR-US: Webadmin
CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validat ...)
	NOT-FOR-US: Webadmin
CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Al ...)
	NOT-FOR-US: Webadmin
CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
	NOT-FOR-US: WebWasher
CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail  ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server 4 ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote authent ...)
	NOT-FOR-US: WarFTPD under NT
CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session  ...)
	NOT-FOR-US: Ingate
CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Exponent
CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php o ...)
	NOT-FOR-US: Exponent
CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier a ...)
	NOT-FOR-US: W32Dasm
CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Me ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive informati ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlie ...)
	NOT-FOR-US: Siteman
CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier allow ...)
	NOT-FOR-US: DivX Player
CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_su ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and  ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allo ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and  ...)
	- jsboard 2.0.10-1
CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows rem ...)
	- gforge 3.1-26
CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the loca ...)
	NOT-FOR-US: Oracle
CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows remot ...)
	NOT-FOR-US: Oracle
CVE-2005-0296
	NOT-FOR-US: Novell
CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any pro ...)
	NOT-FOR-US: nProtect
CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Minis
CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows r ...)
	NOT-FOR-US: Minis
CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift Regist ...)
	NOT-FOR-US: phpGiftReg
CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR  ...)
	NOT-FOR-US: NetGear
CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, allo ...)
	NOT-FOR-US: NetGear
CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, confi ...)
	NOT-FOR-US: Apple
CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment Appl ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to re ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged op ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows rem ...)
	NOT-FOR-US: QwikiWiki
CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) al ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in Soldn ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier a ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the "me ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attacke ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 al ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com 3CDa ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and e ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2. ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP  ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ex ...)
	NOT-FOR-US: GNU Board
CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote at ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an admin ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X  ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0. ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in O ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local us ...)
	NOT-FOR-US: AIX
CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop p ...)
	NOT-FOR-US: AIX
CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor AR ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ava ...)
	- phpbb2 2.0.12-1
CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) u ...)
	- phpbb2 2.0.12-1
CVE-2005-0257
	RESERVED
CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 all ...)
	{DSA-705-1}
	- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
	NOT-FOR-US: BibORB
CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and p ...)
	NOT-FOR-US: BibORB
CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier vers ...)
	NOT-FOR-US: BibORB
CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1. ...)
	NOT-FOR-US: BibORB
CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5. ...)
	NOT-FOR-US: AIX
CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec AntiViru ...)
	NOT-FOR-US: Symantec AntiVirus Library
CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when cre ...)
	NOT-FOR-US: Solaris
CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier m ...)
	{DSA-683-1}
	- postgresql 7.4.7-2
CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows atta ...)
	- postgresql 7.4.7-1
CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow a ...)
	{DSA-683-1}
	- postgresql 7.4.7-1
CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE  ...)
	- postgresql 7.4.7-1
CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0. ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and p ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 an ...)
	- squid 2.5.7-7
CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle w ...)
	NOT-FOR-US: Solaris
CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris for SP ...)
	NOT-FOR-US: Solaris
CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files  ...)
	NOT-FOR-US: Solaris
CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local u ...)
	NOT-FOR-US: Solaris
CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC ...)
	NOT-FOR-US: Solaris
CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enab ...)
	NOT-FOR-US: Solaris
CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ena ...)
	NOT-FOR-US: Solaris
CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 thro ...)
	NOT-FOR-US: Solaris
CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local users to g ...)
	NOT-FOR-US: Solaris
CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows lo ...)
	NOT-FOR-US: Solaris
CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a deni ...)
	NOT-FOR-US: Solaris
CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users t ...)
	NOT-FOR-US: Solaris
CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remo ...)
	NOT-FOR-US: Solaris
CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ndb ...)
	NOT-FOR-US: Solaris
CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows  ...)
	NOT-FOR-US: Solaris
CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and 10899 ...)
	NOT-FOR-US: Solaris
CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Solaris
CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 10880 ...)
	NOT-FOR-US: Solaris
CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
	NOT-FOR-US: Solaris
CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a  ...)
	NOT-FOR-US: Solaris
CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to caus ...)
	NOT-FOR-US: Solaris
CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in S ...)
	NOT-FOR-US: Solaris
CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct  ...)
	NOT-FOR-US: Solaris
CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solari ...)
	NOT-FOR-US: Solaris
CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to crea ...)
	NOT-FOR-US: Solaris
CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 m ...)
	NOT-FOR-US: Solaris
CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
	NOT-FOR-US: Solaris
CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_D ...)
	NOT-FOR-US: Solaris
CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
	NOT-FOR-US: Mailtool for OpenWindows
CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 all ...)
	NOT-FOR-US: Solaris
CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of servic ...)
	NOT-FOR-US: Solaris
CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for S ...)
	NOT-FOR-US: Solaris
CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in Solari ...)
	NOT-FOR-US: Solaris
CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does  ...)
	NOT-FOR-US: Solaris
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows  ...)
	NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote  ...)
	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
	- epiphany-browser 1.4.8-2
CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE  ...)
	- kdelibs 4:3.3.2-3
CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
	NOT-FOR-US: Omniweb
CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows remot ...)
	NOT-FOR-US: Opera
CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows rem ...)
	NOT-FOR-US: Safari
CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino .8. ...)
	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
	NOTE: solution in the future
	- mozilla-firefox 1.0.1-1
	- mozilla 2:1.7.6-1
CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration pa ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a use ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file  ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0228
	REJECTED
CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
	{DSA-668-1}
	- postgresql 7.4.7-1
CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for  ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with predic ...)
	- firehol 1.214-4
CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 throug ...)
	NOT-FOR-US: HP-UX
CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4. ...)
	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitiv ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 A ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 a ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-p ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog al ...)
	NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Bu ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to cau ...)
	- mozilla <not-affected> (Mozilla 1.6 for Windows)
CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
	NOT-FOR-US: SPHPBlog
CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote attacke ...)
	NOT-FOR-US: WinHKI
CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier a ...)
	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remot ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a de ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-15
	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a d ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
	- gaim 1:1.1.4
CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows N ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CV ...)
	- xpdf <not-affected> (Initial Debian fix was already correct)
	- gpdf <not-affected> (Initial Debian fix was already correct)
	- kdegraphics <not-affected> (Initial Debian fix was already correct)
	- tetex-bin <not-affected> (Initial Debian fix was already correct)
	- pdftohtml <not-affected> (Initial Debian fix was already correct)
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
	NOTE: cupsys uses an external xpdf now.
CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain  ...)
	{DSA-692-1}
	- kdenetwork 4:3.1.6
CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
CVE-2005-0203
	REJECTED
CVE-2005-0202 (Directory traversal vulnerability in the true_path function in private ...)
	{DSA-674-1}
	- mailman 2.1.5-6
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...)
	- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been  ...)
	NOT-FOR-US: TikiWiki
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...)
	NOT-FOR-US: Cisco
CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp lo ...)
	NOT-FOR-US: Cisco
CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
	{DSA-667-1}
	- squid 2.5.7-7
CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync  ...)
	NOT-FOR-US: mRouter in iSync in OS X
CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata  ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc toolba ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar a ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS T ...)
	NOT-FOR-US: Cisco
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows re ...)
	NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin 0. ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allow ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
	NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
	RESERVED
CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in sc ...)
	[sarge] - kernel-source-2.6.8 2.6.8-12
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4)
CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of s ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9)
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows l ...)
	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, whic ...)
	- kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to u ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the open ...)
	- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1  ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative Assistan ...)
	NOT-FOR-US: Veritas NetBackup Administrative Assistant
CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS GP ...)
	- gpsd 2.7-4
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local  ...)
	- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...)
	NOT-FOR-US: TikiWiki
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...)
	- phpgroupware 0.9.16.005-1 (unimportant)
	NOTE: path disclosure only, path is known on Debian anyway
CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0. ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and  ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to o ...)
	- glibc 2.3.2.ds1-19
CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus scanni ...)
	- clamav 0.81
CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington IM ...)
	- uw-imap 7:2002edebian1-6
CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...)
	- squid 2.5.7-6
CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated u ...)
	{DSA-667-1}
	- squid 2.5.7-4
CVE-2005-0172
	REJECTED
CVE-2005-0171
	REJECTED
CVE-2005-0170
	REJECTED
CVE-2005-0169
	REJECTED
CVE-2005-0168
	REJECTED
CVE-2005-0167
	REJECTED
CVE-2005-0166
	REJECTED
CVE-2005-0165
	REJECTED
CVE-2005-0164
	RESERVED
CVE-2005-0163
	RESERVED
CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in  ...)
	- openswan 2.3.0-2
	- freeswan <not-affected>
CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow attac ...)
	- unace 1.2b-3
CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute arb ...)
	- unace 1.2b-3
CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU ...)
	{DSA-679-1}
	- toolchain-source 3.4-5
CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote  ...)
	{DSA-687-1}
	- bidwatcher 1.3.17-1
CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to s ...)
	{DSA-720-1}
	- smartlist 3.15-18
CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when insta ...)
	- perl 5.8.4-6
CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid su ...)
	- perl 5.8.4-6
	- mooix 1.0rc5.pre4
CVE-2005-0154
	RESERVED
CVE-2005-0153
	RESERVED
CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows r ...)
	{DSA-662-1}
	- squirrelmail 1:1.2.7-1
	NOTE: This bug exists only in version 1.2.6.
CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management  ...)
	NOT-FOR-US: Adobe License Management Software
CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) d ...)
	- mozilla-firefox 1.0
CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obe ...)
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the defa ...)
	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between user-generate ...)
	- mozilla-firefox 1.0
CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozill ...)
	- mozilla-firefox 1.0
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.5
CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: PeID
CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6. ...)
	NOT-FOR-US: Irix
CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly a ...)
	NOT-FOR-US: Irix
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has certai ...)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- linux-2.6 2.6.11
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) architec ...)
	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (backgroun ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of s ...)
	- clamav 0.80-0.81rc1-1
CVE-2005-0132
	RESERVED
CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses th ...)
	- konversation 0.15-3
CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ex ...)
	- konversation 0.15-3
CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
	- konversation 0.15-3
CVE-2005-0128
	REJECTED
CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, generate ...)
	NOT-FOR-US: MacOS
CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ar ...)
	NOT-FOR-US: MacOS
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop  ...)
	NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for Linu ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 2.6.12-1
CVE-2005-0123
	REJECTED
CVE-2005-0122
	REJECTED
CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
	NOT-FOR-US: golddig
CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary file ...)
	NOT-FOR-US: helvis
CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the  ...)
	NOT-FOR-US: helvis
CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable dir ...)
	NOT-FOR-US: helvis
CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute a ...)
	- xshisen 1.51-1-1.1 (bug #289784)
CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
	- awstats 6.2-1.1
CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler (ID ...)
	NOT-FOR-US: DataRescue Interactive Disassembler
CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wirel ...)
	NOT-FOR-US: ZoneAlarm
CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands v ...)
	NOT-FOR-US: IRIX
CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7 ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypas ...)
	NOT-FOR-US: MSIE
CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating sys ...)
	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
	NOTE: attack, paranoid people should disable hyper threading
	- kfreebsd5-source 5.3-11
CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malic ...)
	{DSA-659-1}
	- libapache-mod-auth-radius 1.5.7-6
	- libpam-radius-auth 1.3.16-3
CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, wh ...)
	{DSA-690-1}
	- bsmtpd 2.3pl8b-16
CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
	- libnet-ssleay-perl 1.25-1.1
CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local user ...)
	{DSA-684-1}
	- typespeed 0.4.4-8
CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMai ...)
	{DSA-662-1}
	- squirrelmail 2:1.4.4
CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier a ...)
	{DSA-673-1}
	- evolution 2.0.3-1.2 (bug #295548)
CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and e ...)
	- newspost 2.1.1-2
CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
	{DSA-685-1 DSA-671-1 DSA-670-1}
	- emacs21 21.3+1-9
	- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop p ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before  ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote atta ...)
	- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
	- squid 2.5.7-4
CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows  ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply parse ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0093
	REJECTED
CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB sp ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
	{DSA-666-1}
	- python2.2 2.2.3-14
	- python2.3 2.3.4+2.3.5c1-2
	- python2.4 2.4-5
CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote a ...)
	{DSA-689-1}
	- libapache2-mod-python 3.1.3-3
	- libapache-mod-python 2:2.7.10-4
CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for  ...)
	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
	- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allow ...)
	- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3. ...)
	{DSA-680-1}
	- htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
	{DSA-653-1}
	- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and othe ...)
	- maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ver ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine xine- ...)
	{DSA-657-1}
	- xine-lib 1-rc6a-1
CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
	- jabber 1.4.3-3 (unimportant)
	NOTE: We do not ship jadc2s.
CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) script ...)
	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: mod_access_referer
CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute arbitr ...)
	- xshisen 1.51-1-1 (bug #213957)
CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
	- mailman 2.1.5-5
CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
	{DSA-649-1}
	- xtrlock 2.0-9
CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the r ...)
	{DSA-660-1}
	- kdebase 4:3.0.5
CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
	{DSA-658-1}
	- libdbi-perl 1.46-6
CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local use ...)
	{DSA-672-1}
	- xview 3.2p1.4-19
CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to exec ...)
	{DSA-676-1}
	- xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when r ...)
	{DSA-677-1}
	- sympa 4.1.2-2.1
CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user config ...)
	{DSA-655-1}
	- zhcon 1:0.2.3-8.1 (bug #292210)
CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows attacker ...)
	{DSA-656-1}
	- vdr 1.2.6-6
CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when instal ...)
	{DSA-681-1}
	- synaesthesia 2.1-3
	NOTE: does not apply for sarge, program is not setuid anymore
CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local user ...)
	- vim 1:6.3-058+1
CVE-2005-0068 (The original design of ICMP does not require authentication for host-g ...)
	NOTE: general icmp design error
CVE-2005-0067 (The original design of TCP does not require that port numbers be assig ...)
	NOTE: general tcp design error, no indication it affects linux
CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
	NOTE: general tcp design error
CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
	NOTE: general tcp design error
CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc fo ...)
	{DSA-648-1 DSA-645-1}
	- xpdf 3.00-13
	- gpdf 2.8.2-1.2
	- pdftohtml 0.36-11
	- kdegraphics 4:3.3.2-2
	- tetex-bin 2.0.2-26
	- cupsys 1.1.22-6 (bug #324459)
	- cups 1.1.22-6 (bug #324459)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.23-13, the dormant code in the source
	NOTE: package was fixed.
CVE-2005-0063 (The document processing application used by the Windows Shell in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2005-0062
	RESERVED
CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Wind ...)
	NOT-FOR-US: Microsoft
CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface (TA ...)
	NOT-FOR-US: TAPI for Windows
CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0052
	RESERVED
CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remot ...)
	NOT-FOR-US: Microsoft
CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 Server ...)
	NOT-FOR-US: Microsoft
CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, a ...)
	NOT-FOR-US: Microsoft
CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0046
	RESERVED
CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchan ...)
	NOT-FOR-US: Microsoft
CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
	NOT-FOR-US: iTunes
CVE-2005-0042
	RESERVED
CVE-2005-0041
	RESERVED
CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke befo ...)
	NOT-FOR-US: DotNetNuke
CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security Pay ...)
	NOTE: These are known issues of IPSEC and basically every VPN system using
	NOTE: encryption without authentication.
	NOTE: openswan even prevents such configurations
CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote at ...)
	- pdns 2.9.17-1
CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to  ...)
	NOT-FOR-US: dnrd
CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote at ...)
	NOT-FOR-US: DeleGate
CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ea ...)
	NOT-FOR-US: Adobe
CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in B ...)
	- bind9 1:9.3.1
	[woody] - bind9 <not-affected>
	[sarge] - bind9 <not-affected>
	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND 8. ...)
	- bind 1:8.4.6-1
CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
	NOT-FOR-US: MSIE
CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX  ...)
	NOT-FOR-US: HP-UX
CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ex ...)
	NOT-FOR-US: NetBSD
CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
	NOT-FOR-US: Shoutcast
CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow loc ...)
	NOT-FOR-US: IBM DB2
CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote attacke ...)
	NOT-FOR-US: Oracle
CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run w ...)
	NOT-FOR-US: Oracle
CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a deni ...)
	NOT-FOR-US: Oracle
CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to  ...)
	NOT-FOR-US: Oracle
CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that contai ...)
	NOT-FOR-US: Oracle
CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account  ...)
	NOT-FOR-US: Oracle
CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
	NOT-FOR-US: Oracle
CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g allo ...)
	NOT-FOR-US: Oracle
CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ex ...)
	NOT-FOR-US: Oracle
CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application Ser ...)
	NOT-FOR-US: Oracle
CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through  ...)
	NOT-FOR-US: Windows
CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when inv ...)
	NOT-FOR-US: Solaris
CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 all ...)
	NOT-FOR-US: Solaris
CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable  ...)
	NOT-FOR-US: Solaris
CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properl ...)
	NOT-FOR-US: ssh on Solaris
CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allo ...)
	NOT-FOR-US: Solaris
CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates  ...)
	NOT-FOR-US: Solaris
CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role  ...)
	NOT-FOR-US: Solaris
CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allo ...)
	NOT-FOR-US: Solaris
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 thro ...)
	NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server (formerl ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
	- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause  ...)
	- xfree86 <not-affected> (xdm on Solaris)
	- xorg-x11 <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users t ...)
	NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CVE-2004-1344
	REJECTED
CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 al ...)
	{DSA-711-1}
	- info2www 1.2.2.9-23 (bug #281655)
CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the  ...)
	{DSA-659-1}
	- libpam-radius-auth 1.3.16-1.1
CVE-2005-0032
	RESERVED
CVE-2005-0031
	RESERVED
CVE-2005-0030
	RESERVED
CVE-2005-0029
	RESERVED
CVE-2005-0028
	RESERVED
CVE-2005-0027
	RESERVED
CVE-2005-0026
	RESERVED
CVE-2005-0025
	RESERVED
CVE-2005-0024
	RESERVED
CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to sp ...)
	- gnome-libs <unfixed> (bug #329156; unimportant)
	- vte <unfixed> (bug #330907; unimportant)
	NOTE: Not considered a security problem, see #329156
CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before 4.43 ...)
	- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to e ...)
	{DSA-637-1 DSA-635-1}
	- exim4 4.34-10
	- exim 3.36-13 (bug #290036)
	- exim-tls <removed>
CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute a ...)
	{DSA-641-1}
	- playmidi 2.4debian-3
CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to e ...)
	{DSA-675-1}
	- hztty 2.0-6.1
CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read  ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read a ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos be ...)
	{DSA-640-1}
	- gatos 0.0.5-15
CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitra ...)
	{DSA-650-1}
	- sword 1.5.7-7 (bug #291433)
CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malici ...)
	- ncpfs 2.2.6-1
CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before  ...)
	{DSA-665-1}
	- ncpfs 2.2.6-1
CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo b ...)
	- dillo 0.8.3-1
CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
	- kdeedu 4:3.3.2-2
CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
	- ethereal 0.10.9-1
CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 thr ...)
	- ethereal 0.10.9-1
CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through  ...)
	- ethereal 0.10.9-1
CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
	- ethereal 0.10.9-1
CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote att ...)
	- ethereal 0.10.9-1
CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and  ...)
	{DSA-646-1}
	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.1 ...)
	{DSA-647-1}
	- mysql-dfsg-4.1 4.1.8a-6
	- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ar ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 2.4.27-9
	[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not  ...)
	NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel 2. ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	NOTE: i386 and smp specific
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2 ...)
	NOT-FOR-US: oracle
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
	NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with p ...)
	- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel be ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with th ...)
	NOT-FOR-US: hpux
CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows r ...)
	NOT-FOR-US: microsoft
CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users t ...)
	NOT-FOR-US: AIX
CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) lsmcod ...)
	NOT-FOR-US: AIX
CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: hpux
CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious serv ...)
	NOT-FOR-US: Crystal FTP client
CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute  ...)
	NOT-FOR-US: Ultrix
CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow remot ...)
	NOT-FOR-US: Microsoft
CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow  ...)
	NOT-FOR-US: Netbsd
CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange ...)
	NOT-FOR-US: Cisco
CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
	NOT-FOR-US: MSIE
CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0. ...)
	{DSA-627-1}
	- namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, whe ...)
	- netcat <not-affected> (only affects netcat in Windows)
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol. ...)
	- mozilla 2:1.7.5-1 (bug #288047)
CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the hi ...)
	- phpbb2 2.0.10-3
CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by inj ...)
	NOT-FOR-US: MacOS
CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly o ...)
	NOT-FOR-US: My Firewall Plus
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used  ...)
	NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c f ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality  ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in demux_bmp ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3 ...)
	{DSA-617-1}
	- tiff 3.6.1-4
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c  ...)
	- tiff 3.7.0 (low)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows 20 ...)
	NOT-FOR-US: Microsoft
CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file bef ...)
	- file 4.12
CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows remot ...)
	NOT-FOR-US: Yanf
CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attack ...)
	NOT-FOR-US: YAMT
CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for xlread ...)
	NOT-FOR-US: xlreader
CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for xin ...)
	- xine-lib 1-rc8-1
	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum 2.6 ...)
	NOT-FOR-US: vilistextum
CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows r ...)
	NOT-FOR-US: vb2c
CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for un ...)
	- unrtf 0.19.3-1.1 (bug #287038)
CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow loca ...)
	- groff 1.18.1.1-5
CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in uml-utilit ...)
	- uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP serve ...)
	- tnftp 20050625-0.1 (bug #285902; medium)
CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2 ...)
	NOT-FOR-US: rtf2latex2e
CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for r ...)
	NOT-FOR-US: ringtonetools
CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the serve ...)
	NOT-FOR-US: qwik-smtpd
CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
	NOT-FOR-US: pgn2web
CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c an ...)
	{DSA-625-1}
	- pcal 4.8.0-1
CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read 0.0. ...)
	NOT-FOR-US: o3read
CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 1. ...)
	{DSA-623-1}
	- nasm 0.98.38-1.1 (bug #285889)
CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for NapSh ...)
	NOT-FOR-US: NapShare
CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
	NOT-FOR-US: mplayer
CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for mpg12 ...)
	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
	- mpg123 0.59r-20 (bug #287043)
CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview progr ...)
	NOT-FOR-US: mview
CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp 1.2 ...)
	{DSA-632-1}
	- linpopup 1.2.0-7
CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP serv ...)
	NOT-FOR-US: junkie
CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1  ...)
	NOT-FOR-US: junkie
CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 a ...)
	NOT-FOR-US: jpegtoavi
CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps 2 ...)
	NOT-FOR-US: jcabc2ps
CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP  ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local u ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for html2hdm ...)
	NOT-FOR-US: html2hdml
CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote atta ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for  ...)
	- filter 2.4.2-1.1
CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows r ...)
	NOT-FOR-US: dxfscope
CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure t ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it enco ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS p ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the hp ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for c ...)
	NOT-FOR-US: csv2xml
CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the  ...)
	NOT-FOR-US: Convex
CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
	{DSA-644-1}
	- chbg 1.5-4
CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, allow ...)
	NOT-FOR-US: ChangePassword
CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm  ...)
	NOT-FOR-US: bsb2ppm
CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23  ...)
	NOT-FOR-US: asp2php
CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in subs.cp ...)
	NOT-FOR-US: abctab2ps
CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c  ...)
	NOT-FOR-US: abcpp
CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
	- abcm2ps 4.8.5-1
CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6. ...)
	NOT-FOR-US: abc2mtex
CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
	- abcmidi 20050101-1
CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote  ...)
	NOT-FOR-US: 2fax
CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1253
	RESERVED
CVE-2004-1252
	RESERVED
CVE-2004-1251
	RESERVED
CVE-2004-1250
	RESERVED
CVE-2004-1249
	RESERVED
CVE-2004-1248
	RESERVED
CVE-2004-1247
	RESERVED
CVE-2004-1246
	RESERVED
CVE-2004-1245
	RESERVED
CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Microsoft
CVE-2004-1243
	REJECTED
CVE-2004-1242
	REJECTED
CVE-2004-1241
	REJECTED
CVE-2004-1240
	REJECTED
CVE-2004-1239
	REJECTED
CVE-2004-1238
	REJECTED
CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit s ...)
	- linux-2.6 <not-affected> (Apparently Red Hat specific)
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server (N ...)
	NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout functio ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a d ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a denia ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and re ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows  ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and e ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gai ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allo ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 thr ...)
	- mtr 0.67-1
CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows remot ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows  ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and e ...)
	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the adminis ...)
	NOT-FOR-US: paFileDB
CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Remote Execute
CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Kreed
CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote at ...)
	NOT-FOR-US: Kreed
CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced Gues ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent pr ...)
	NOT-FOR-US: Blog Torrent
CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allo ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4. ...)
	NOT-FOR-US: IpCop
CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, do ...)
	NOT-FOR-US: Verisign Payflow Link
CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Orbz
CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol  ...)
	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in pnTresMail ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ga ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a deni ...)
	NOTE: at best a local DOS by the user running fluxbox.
	NOTE: Where's the security hole?
	- fluxbox 0.9.11-1
CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug mod ...)
	NOT-FOR-US: phpCMS
CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
	NOT-FOR-US: phpCMS
CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Opera
CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of servic ...)
	NOTE: memory leak, doubt it's usefully exploitable
	NOTE: did not followup
CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a den ...)
	NOT-FOR-US: Safari
CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: MSIE
CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
	NOT-FOR-US: inShop
CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
	NOT-FOR-US: Insite Inmail
CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remot ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to byp ...)
	NOT-FOR-US: Prevex Home
CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems  ...)
	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-6
	- linux-2.6 <not-affected> (fixed before initial upload)
	- linux-2.6.24 <not-affected> (fixed before initial upload)
CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
	NOTE: has a misleading entry titled "Fix exploitable hole"
	NOTE: http://www.securityfocus.com/advisories/7579
	NOTE: http://xforce.iss.net/xforce/xfdb/18370
	NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT  ...)
	{DSA-629-1}
	- krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other packa ...)
	- xine-lib 1-rc8-1
	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99 ...)
	- xine-lib 1-rc8-1
	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or  ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote attack ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or loc ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
	{DSA-626-1}
	- tiff 3.6.1-5
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfax ...)
	{DSA-634-1}
	- hylafax 1:4.2.1-1
CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary fil ...)
	{DSA-622-1}
	- htmlheadline <removed>
CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on littl ...)
	{DSA-678-1}
	- netkit-rwho 0.17-8
CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7. ...)
	{DSA-615-1}
	- debmake 3.7.7
CVE-2004-1178
	RESERVED
CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in mailm ...)
	{DSA-674-1}
	- mailman 2.1.5-5
CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earl ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute arbitr ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attack ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup blocke ...)
	NOT-FOR-US: MSIE
CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup Exe ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1 ...)
	- kdelibs 4:3.3.1-2
	- kdebase 4:3.3.1-3
CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via sh ...)
	{DSA-612-1}
	- a2ps 1:4.13b-4.2 (bug #283134)
CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause  ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7. ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable l ...)
	NOT-FOR-US: gentoo mirrorselect
CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1 ...)
	NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP comma ...)
	{DSA-631-1}
	- kdelibs 4:3.3.2-1
CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 al ...)
	NOT-FOR-US: Cisco
CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ser ...)
	NOT-FOR-US: Cisco
CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict pr ...)
	- scponly 4.0-1
CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
	- rssh 2.2.3-1
CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote attack ...)
	NOT-FOR-US: Netscape
CVE-2004-1159
	REJECTED
CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remot ...)
	- kdelibs 4:3.3.1-3
	- kdebase 4:3.3.1-4
CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote attac ...)
	NOT-FOR-US: Opera
CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attacker ...)
	- mozilla 2:1.7.6-1
	- mozilla-firefox 1.0.1
CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof arbi ...)
	NOT-FOR-US: Microsoft MSIE
CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x thr ...)
	{DSA-701-1}
	- samba 3.0.10-1
CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0. ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader  ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 t ...)
	NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0. ...)
	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
	- phpmyadmin 2:2.6.1-rc1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0
	NOTE: A very big commit that might include useless changes
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2
CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external t ...)
	- phpmyadmin 2:2.6.1-rc1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0
	NOTE: A very big commit that might include useless changes
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2
CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and  ...)
	- cvstrac 1.1.5
CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) all ...)
	- kdelibs 4:3.3.2-1
CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD6 ...)
	NOTE: amd64 specific
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 milli ...)
	- mailman 2.1.5-5
CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denia ...)
	{DSA-613-1}
	- ethereal 0.10.8-1
CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote att ...)
	- ethereal 0.10.8-1
CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denia ...)
	- ethereal 0.10.8-1
CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 throug ...)
	- ethereal 0.10.8-1
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute arbitr ...)
	- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel 2. ...)
	- linux-2.6 <not-affected> (Fixed before upload into the archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other versio ...)
	NOT-FOR-US: CuteFTP
CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remot ...)
	NOT-FOR-US: WS-Ftpd
CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
	NOT-FOR-US: Microsoft
CVE-2004-1132
	RESERVED
CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer 5.0 ...)
	NOT-FOR-US: SCO
CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5 ...)
	NOT-FOR-US: CMailServer
CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
	NOT-FOR-US: CMailServer
CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attac ...)
	NOT-FOR-US: CMailServer
CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ad ...)
	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
CVE-2004-1126
	RESERVED
CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00,  ...)
	{DSA-621-1 DSA-619-1}
	- xpdf 3.00-11
	- cupsys 1.1.22-2
	- cups 1.1.22-2
	- tetex-bin 2.0.2-25
	- gpdf 2.8.2-1
	- koffice 1:1.3.5-1
CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 al ...)
	NOT-FOR-US: UnixWare
CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows r ...)
	NOT-FOR-US: Darwin Streaming Server
CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive wind ...)
	NOT-FOR-US: Safari
CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the UR ...)
	NOT-FOR-US: Safari
CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c a ...)
	{DSA-663-1}
	- prozilla 1:1.3.7.3-1
CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibl ...)
	NOT-FOR-US: Winamp
CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component bef ...)
	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned pr ...)
	NOT-FOR-US: ChessBrain
CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9  ...)
	NOT-FOR-US: GIMPS
CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) pr ...)
	- setiathome <not-affected> (Gentoo-specific vulnerability)
CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype 1.0 ...)
	NOT-FOR-US: Skype
CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service bef ...)
	- sqlgrey 1.2.0
CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 1 ...)
	NOT-FOR-US: Cisco
CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local  ...)
	- mtink 1.0.5
	NOTE: debian not vulnerable except in edge case
CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allo ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overw ...)
	NOT-FOR-US: Gentoolkit
CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to o ...)
	NOT-FOR-US: Portage
CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earl ...)
	{DSA-642-1}
	- gallery 1.4.4-pl4-1
CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error messag ...)
	NOT-FOR-US: Nortel Networks Contivity VPN Client
CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is en ...)
	NOT-FOR-US: MailPost
CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different  ...)
	NOT-FOR-US: MailPost
CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allow ...)
	NOT-FOR-US: MailPost
CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5 ...)
	NOT-FOR-US: MailPost
CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
	- mime-tools 5.415-1
CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string f ...)
	- cherokee <not-affected> (Fixed before upload into archive)
CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs  ...)
	- libarchive-zip-perl 1.14-1
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgi ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerb ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remot ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows l ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3. ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Window ...)
	NOT-FOR-US: Microsoft
CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
	- ncpfs 2.2.5-2
CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program Neighborh ...)
	NOT-FOR-US: Citrix
CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
	NOT-FOR-US: Citrix
CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c  ...)
	{DSA-609-1}
	- atari800 1.3.2-1
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtm ...)
	- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux k ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.2 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.2 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) i ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ca ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (2.6 only issue)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 2.4.27-7
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Serve ...)
	- cyrus21-imapd <not-affected> (Only affected 2.2 series)
CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and  ...)
	NOT-FOR-US: FreeBSD
CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 an ...)
	- php4 4:4.3.10-1
CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
	- php4 4:4.3.10-1
CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
	- php4 4:4.3.10-1
CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 a ...)
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, incl ...)
	- bugzilla 2.16.7-2
CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) d ...)
	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2 ...)
	- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the envi ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ma ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not pro ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6. ...)
	- phpmyadmin 2:2.6.0-pl3-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-3/
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5 ...)
	NOT-FOR-US: AIX
CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote mal ...)
	NOT-FOR-US: fetch on FreeBSD
CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and poss ...)
	{DSA-595-1}
	- bnc <removed>
CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands b ...)
	{DSA-596-2}
	- sudo 1.6.8p3-1
CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2004-1048
	RESERVED
CVE-2004-1047
	RESERVED
CVE-2004-1046
	RESERVED
CVE-2004-1045
	RESERVED
CVE-2004-1044
	RESERVED
CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to exe ...)
	NOT-FOR-US: MSIE
CVE-2004-1042
	RESERVED
CVE-2004-1041
	RESERVED
CVE-2004-1040
	RESERVED
CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with phy ...)
	NOT-FOR-US: IEEE1394 specification bug, physical security
CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to execu ...)
	- twiki 20030201-6
CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded te ...)
	- squirrelmail 2:1.4.3a-3
CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3 ...)
	- up-imapproxy 1.2.2+1.2.3rc2-1
CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, whos ...)
	- kaffeine 0.4.3.1-3
	- gxine 0.4-rc1
CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptor ...)
	- fcron 2.9.5.1-1
CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...)
	- fcron 2.9.5.1-1
CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...)
	- fcron 2.9.5.1-1
CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...)
	- fcron 2.9.5.1-1
CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4 ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2. ...)
	NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line opt ...)
	{DSA-652-1}
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and e ...)
	{DSA-628-1 DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
	- imlib2 1.1.2-2.1
CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, whic ...)
	{DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
CVE-2004-1024
	RESERVED
CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does n ...)
	NOT-FOR-US: MacOS
CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ( ...)
	- php4 4:4.3.10-1
CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2  ...)
	- php4 4:4.3.10-1
CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers  ...)
	- php4 4:4.3.10-1
	- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to 2. ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, wit ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signa ...)
	{DSA-606-1}
	- nfs-utils 1:1.0.6-3.1
CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x th ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6  ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8,  ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when us ...)
	{DSA-624-1}
	- zip 2.30-8
CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before 0. ...)
	- putty 0.56-1
CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows rem ...)
	- bogofilter 0.92.8-1
CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
	{DSA-584-1}
	- dhcp 2.0pl5-19.1
CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlie ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) 4.5. ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: Trend ScanMail
CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attack ...)
	- ppp 2.4.2+20040428-3
CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1,  ...)
	{DSA-585-1}
	NOTE: Fixed in shadow 1:4.0.3-30.3 for the first time.
	NOTE: Apparently, the fix was lost somehow, see #309587.
	NOTE: It was reapplied to sarge before the release, and to sid in
	NOTE: version 1:4.0.3-35.
	- shadow 1:4.0.3-35
	[sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was  ...)
	{DSA-630-1}
	- lintian 1.23.6 (bug #286379; low)
CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service (applic ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
	NOTE: changelog says he only patched 1095, but diff comparison
	NOTE: shows 0999 was also fixed.
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows rem ...)
	{DSA-616-1}
	- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ke ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with predictabl ...)
	{DSA-610-1}
	- cscope 15.5-1.1 (bug #282815)
	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CVE-2004-0995
	REJECTED
CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote attack ...)
	{DSA-614-1}
	NOTE: only indication that it's this CVE is in the debian package changelog
	- xzgv 0.8-3
CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
	{DSA-604-1}
	- hpsockd 0.14
CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in Proxytun ...)
	NOT-FOR-US: Proxytunnel
CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to e ...)
	- mpg123 0.59r-19
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and pos ...)
	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
	- libgd2 2.0.30-1
	- libgd 1.8.4-36.1
CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and p ...)
	{DSA-582-1}
	- libxml 1:1.8.17-9
	- libxml2 2.6.11-5
CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on Wind ...)
	NOT-FOR-US: Apple
CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 allo ...)
	{DSA-598-1}
	- yardradius 1.0.20-15
CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly lo ...)
	{DSA-580-1}
	- iptables 1.2.11-4
CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to exe ...)
	NOT-FOR-US: windows
CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils befor ...)
	- mailutils 1:0.5-4
CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows  ...)
	{DSA-586-1}
	- ruby1.8 1.8.1+1.8.2pre2-4
	- ruby1.6 1.6.8-12
	- ruby <removed>
CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123  ...)
	{DSA-578-1}
	- mpg123 0.59r-18
	NOTE: Original fix in -17 was incomplete
CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1. ...)
	{DSA-593-1}
	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
	- graphicsmagick 1.1.7-1
CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 th ...)
	{DSA-592-1}
	- ez-ipupdate 3.0.11b8-8
CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...)
	NOT-FOR-US: windows
CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX cont ...)
	NOT-FOR-US: windows
CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows  ...)
	{DSA-577-1}
	- postgresql 7.4.6-1
CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 throu ...)
	{DSA-620-1}
	- perl 5.8.4-4
CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
	{DSA-603-1}
	- openssl 0.9.7e-3
	NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and poss ...)
	- netatalk 1.6.4a-1 (low)
CVE-2004-0973
	REJECTED
CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
	{DSA-583-1}
	- lvm10 1:1.0.8-8
CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ...)
	NOTE: Not shipped in the krb5 binary package
	- krb5 <unfixed> (bug #278271; unimportant)
	- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
	{DSA-588-1}
	- gzip 1.3.5-8 (bug #259043; bug #257314; medium)
CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as us ...)
	- groff 1.18.1.1-2
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to  ...)
	{DSA-636-1}
	- glibc 2.3.2.ds1-19
CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in ...)
	- gs-common 0.3.6-0.1
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext packag ...)
	- gettext 0.14.1-6
CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
	NOT-FOR-US: HP-UX
CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
	{DSA-587-1}
	- zinf <not-affected> (According to DSA-587 not affected, as module was rewritten)
	- freeamp <removed>
CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibl ...)
	NOT-FOR-US: windows
CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root w ...)
	NOT-FOR-US: Apple Remote Desktop Client
CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to caus ...)
	- freeradius 1.0.1
CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...)
	- freeradius 1.0.1
CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ar ...)
	- php4 4:4.3.9
CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read se ...)
	- php4 4:4.3.9
CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user  ...)
	{DSA-707-1}
	- mysql-dfsg-4.1 4.1.10a-6
	- mysql-dfsg 4.0.24-5
CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of servi ...)
	- mysql-dfsg <not-affected> (Not vulnerable, http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge)
CVE-2004-0955
	REJECTED
CVE-2004-0954
	REJECTED
CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
	- jabber <not-affected> (Jabber version 2 is vulnerable, we have an older version that seems not)
CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ad ...)
	NOT-FOR-US: HP-UX
CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before C ...)
	NOT-FOR-US: HP-UX
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
	NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in L ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
CVE-2004-0948
	REJECTED
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ex ...)
	{DSA-652-1}
	NOTE: see http://lwn.net/Alerts/110733/
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit archi ...)
	- nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications  ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications  ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0943
	REJECTED
CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
	- apache2 2.0.52-2
CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 an ...)
	{DSA-602-1 DSA-601-1}
	- libgd2 2.0.33-1.1
	- libgd 1.8.4-36.1
CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache 1.3. ...)
	{DSA-594-1}
	- apache 1.3.33-2
CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and  ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...)
	- freeradius 1.0.1
CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection v ...)
	NOT-FOR-US: RAV antivirus
CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote attac ...)
	NOT-FOR-US: Eset anti-virus
CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus prote ...)
	NOT-FOR-US: Kaspersky antivirus
CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 throug ...)
	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ve ...)
	- samba 3.0.8-1
CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg ...)
	- tiff3g <removed>
CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6 ...)
	NOT-FOR-US: Macromedia
CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example se ...)
	NOT-FOR-US: MacOS
CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
	NOT-FOR-US: MacOS
CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, do ...)
	NOT-FOR-US: MacOS
CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ro ...)
	NOT-FOR-US: MacOS
CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a devic ...)
	{DSA-566-1}
	- cupsys 1.1.20final+rc1-9
	- cups 1.1.20final+rc1-9
CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, doe ...)
	NOT-FOR-US: MacOS
CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an A ...)
	NOT-FOR-US: MacOS
CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus o ...)
	NOT-FOR-US: norton
CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to re ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid We ...)
	{DSA-576-1}
	- squid 2.5.7
CVE-2004-0917 (The default installation of Vignette Application Portal installs the d ...)
	NOT-FOR-US: Vignette Application Portal
CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows remo ...)
	{DSA-574-1}
	- cabextract 1.1-1
CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporti ...)
	{DSA-605-1}
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237)
CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in X ...)
	{DSA-607-1}
	NOTE: Previous -9 fix had some issues of its own
	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
	NOTE: lesstif1 and 2 have to be fixed separately
	- lesstif1-1 1:0.93.94-11.3 (bug #294099)
	NOTE: but lesstif2 did get fixed for this hole..
	- lesstif2 1:0.93.94-11.2
	- openmotif 2.2.3-1.1 (bug #309819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514- ...)
	{DSA-572-1}
	- ecartis 1.0.0+cvs.20030911-8
CVE-2004-0912
	RESERVED
CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on D ...)
	{DSA-569-1 DSA-556-1}
	- netkit-telnet-ssl 0.17.24+0.1-4
	- netkit-telnet 0.17-26
CVE-2004-0910
	REJECTED
CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and  ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and  ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the Prev ...)
	- mozilla-firefox <not-affected> (non-Debian packaging issue)
CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and  ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox befor ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in nsVCardObj.c ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the Pre ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in Wo ...)
	NOT-FOR-US: Microsoft
CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and Termin ...)
	NOT-FOR-US: Microsoft
CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and Termin ...)
	NOT-FOR-US: Microsoft
CVE-2004-0898
	RESERVED
CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
	NOT-FOR-US: Windows
CVE-2004-0896
	RESERVED
CVE-2004-0895
	RESERVED
CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 Ser ...)
	NOT-FOR-US: Microsoft
CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for Win ...)
	NOT-FOR-US: Microsoft
CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is inc ...)
	NOT-FOR-US: Microsoft
CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 all ...)
	- gaim 1:1.0.2
CVE-2004-0890
	REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use xp ...)
	- xpdf 3.00-10 (medium)
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages tha ...)
	{DSA-599-1 DSA-581-1 DSA-573-1}
	- koffice 1:1.3.4-1
	- tetex-bin 2.0.2-23
	- xpdf 3.00-9
	- gpdf 2.8.0-1
	- kdegraphics 4:3.3.1-1 (bug #280373)
	- cupsys 1.1.22-6 (bug #324460)
	- cups 1.1.22-6 (bug #324460)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
	NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote a ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SS ...)
	- apache2 2.0.52-2
	- libapache-mod-ssl 2.8.20-1
CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ea ...)
	{DSA-568-1 DSA-563-3}
	- cyrus-sasl <removed>
	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kern ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 2.4.27-6
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x th ...)
	NOTE: details http://security.e-matters.de/advisories/132004.html
	- samba 3.0.7
CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to over ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0879
	RESERVED
CVE-2004-0878
	RESERVED
CVE-2004-0877
	RESERVED
CVE-2004-0876
	RESERVED
CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (a ...)
	- phpgroupware 0.9.16.002
CVE-2004-0874
	REJECTED
CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execu ...)
	NOT-FOR-US: apple
CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure channel  ...)
	NOT-FOR-US: Opera
CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure channe ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure  ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an insec ...)
	NOT-FOR-US: MSIE
CVE-2004-0868
	REJECTED
CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for country-spec ...)
	- mozilla-firefox 0.9.3
CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for country-spec ...)
	NOT-FOR-US: MSIE
CVE-2004-0865
	RESERVED
CVE-2004-0864
	RESERVED
CVE-2004-0863
	RESERVED
CVE-2004-0862
	RESERVED
CVE-2004-0861
	REJECTED
CVE-2004-0860
	REJECTED
CVE-2004-0859
	REJECTED
CVE-2004-0858
	REJECTED
CVE-2004-0857
	REJECTED
CVE-2004-0856
	REJECTED
CVE-2004-0855
	REJECTED
CVE-2004-0854
	REJECTED
CVE-2004-0853
	REJECTED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute arbit ...)
	{DSA-611-1}
	- htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
	{DSA-559-1}
	- net-acct 0.71-7
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) bef ...)
	- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
	NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to exec ...)
	NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows  ...)
	NOT-FOR-US: microsoft
CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
	NOT-FOR-US: microsoft
CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content ...)
	NOT-FOR-US: microsoft
CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in navigatio ...)
	NOT-FOR-US: microsoft
CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, al ...)
	NOT-FOR-US: microsoft
CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary pro ...)
	NOT-FOR-US: microsoft
CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft Window ...)
	NOT-FOR-US: microsoft
CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
	NOT-FOR-US: microsoft
CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to c ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5 ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 allo ...)
	- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-b ...)
	{DSA-554-1}
	- sendmail 8.13.1-13
CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2 ...)
	- squid 2.5.6-8
CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
	NOT-FOR-US: McAfee
CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchan ...)
	NOT-FOR-US: Microsoft
CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial  ...)
	- samba 2.2.11
CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and  ...)
	NOTE: not-fos-us (AIX)
CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x befo ...)
	{DSA-547-1}
	- imagemagick 5:6.0.7.1-1
CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
	NOT-FOR-US: netscape NSS
CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3 ...)
	NOT-FOR-US: Apple
CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ove ...)
	NOT-FOR-US: Apple
CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
	NOT-FOR-US: Apple
CVE-2004-0822 (Buffer overflow in The Core Foundation framework (CoreFoundation.frame ...)
	NOT-FOR-US: Apple
CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user supp ...)
	NOT-FOR-US: Apple
CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary scrip ...)
	NOT-FOR-US: winamp
CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a gatewa ...)
	NOT-FOR-US: openbsd
CVE-2004-0818
	REJECTED
CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler al ...)
	{DSA-548-2}
	- imlib+png2 1.9.14-16.2
	- imlib 1.9.14-17 (bug #285025)
CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (2.6 specific issue)
CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x  ...)
	{DSA-600-1}
	- samba 3.0.6-1 (bug #274342)
CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	[sarge] - kernel-source-2.6.8 2.6.8-8
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows loca ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 <not-affected> (Only an issue with botched permissions)
CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AM ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.0-test10)
	- kernel-source-2.4.27 <not-affected> (2.4 not support for amd64)
CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Sa ...)
	- apache2 2.0.52
CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to c ...)
	NOT-FOR-US: Netopia Timbuktu
CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote attacker ...)
	{DSA-558-1}
	- apache2 2.0.51-1
	- libapache-mod-dav 1.0.3-10
CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 a ...)
	- samba 3.0.7
CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of s ...)
	- samba 3.0.7
CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ro ...)
	- cdrtools 4:2.0+a34-2
CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s  ...)
	{DSA-564-1}
	- mpg123 0.59r-16
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to  ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
	{DSA-552-1}
	- imlib2 1.1.0-12.4
CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows  ...)
	- foomatic-filters 3.0.2
CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9  ...)
	NOT-FOR-US: Solaris
CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gol ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
	- zlib 1:1.2.1.1-6
	[woody] - zlib <not-affected> (zlib 1.1 is not affected)
CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ca ...)
	- spamassassin 2.64
CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe  ...)
	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd befor ...)
	{DSA-551-1}
	- lukemftpd 1.1-2.2 (bug #266370)
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop  ...)
	- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in uti ...)
	{DSA-538}
	- rsync 2.6.2-3
CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to cau ...)
	- kernel-source-2.4.27 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
	- linux-2.6 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to cau ...)
	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib 1.0 ...)
	NOT-FOR-US: DNS impleementations not in Debian
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0. ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
	NOT-FOR-US: OpenCA
CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache 2.0.5 ...)
	- apache <not-affected> (not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge)
	- apache2 2.0.51
CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers t ...)
	- gaim 1:0.82
CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote attac ...)
	- gaim 1:0.82
CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
	{DSA-549-1}
	- gtk+2.0 2.4.9-2
CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast in ...)
	{DSA-541}
	- icecast-server 1:1.3.12-8
CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote att ...)
	- cvs 1:1.12.9
CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
	- courier 0.45.6-1 (medium; bug #266723)
	NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite
	NOTE: mentioned in the bug report.
CVE-2004-0776
	RESERVED
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
	NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Wind ...)
	NOT-FOR-US: Real Helix server
CVE-2004-0773
	RESERVED
CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT  ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may al ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to over ...)
	- dgen 1.23-6
CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary co ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer of ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service  ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before 0 ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certi ...)
	- mozilla-firefox 0.9.3
CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a di ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files v ...)
	- mozilla 2:1.7
CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even wh ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for  ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0756
	REJECTED
CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and po ...)
	{DSA-537}
	- ruby1.8 1.8.1+1.8.2pre1-4
	- ruby <removed>
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause  ...)
	- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 be ...)
	{DSA-546-1}
	- gdk-pixbuf 0.22.0-7
CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with insecu ...)
	- openoffice.org 1.1.2-4
CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, wh ...)
	- apache2 2.0.50-11
CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares  ...)
	NOT-FOR-US: Red Hat specific
CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not prop ...)
	- subversion 1.0.9-2
CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause  ...)
	- apache2 2.0.51
CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to gai ...)
	[sarge] - apache2 <not-affected>
	- apache2 2.0.51
CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3
CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands vi ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows remot ...)
	NOT-FOR-US: MacOS
CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the PO ...)
	NOT-FOR-US: MacOS
CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote aut ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ca ...)
	NOT-FOR-US: LionMax Software WWW File Share Pro
CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows remot ...)
	NOT-FOR-US: Lexmark
CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers  ...)
	NOT-FOR-US: Whisper FTP Surfer
CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in Php-Nuk ...)
	NOT-FOR-US: phpnuke
CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the Sear ...)
	NOT-FOR-US: phpnuke
CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain sensitiv ...)
	NOT-FOR-US: phpnuke
CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlie ...)
	NOT-FOR-US: various windows games
CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Web_Store.cgi
CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
	NOT-FOR-US: OllyDbg
CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for Php- ...)
	NOT-FOR-US: phpnuke
CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search mo ...)
	NOT-FOR-US: phpnuke
CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 all ...)
	- phpbb2 2.0.10
CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via  ...)
	- phpbb2 2.0.10
CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management Se ...)
	NOT-FOR-US: Microsoft
CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 a ...)
	- moodle 1.4
CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to cau ...)
	NOT-FOR-US: Half Life
CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) Netsca ...)
	- mozilla 2:1.6
CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly  ...)
	[sarge] - kdebase 4:3.2.3-1.sarge.1
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
	- kdebase 4:3.3.0-1
CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from inje ...)
	NOT-FOR-US: Safari
CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, an ...)
	NOT-FOR-US: Microsoft
CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netsca ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
	NOTE: upstream versions became vulnerable again, see
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
	NOTE: and were fixed again, it got CVE-2005-1937 for the reversion
	- mozilla 2:1.7.10-1 (medium)
	- mozilla-firefox 1.0.6-1 (medium)
CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a  ...)
	NOT-FOR-US: opera 7.50
CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ( ...)
	NOT-FOR-US: HP-UX
CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and WebLo ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
	NOT-FOR-US: Cisco
CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLo ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in Win ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches il ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series  ...)
	NOT-FOR-US: Cisco
CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode UT ...)
	NOT-FOR-US: HP OpenView Select Access
CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges  ...)
	- moin 1.2.2
CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, wh ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) editcompone ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bug ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla 2.17. ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password i ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 do ...)
	NOT-FOR-US: Solaris
CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function i ...)
	{DSA-532}
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point VP ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify arb ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote at ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows rem ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 an ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0694 (Buffer overflow in LHA 1.14 and earlier allows remote attackers to cau ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote atta ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote atta ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT l ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain una ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links  ...)
	{DSA-539}
	- kdelibs 4:3.3.0-1
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in parse ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the  ...)
	- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user funct ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02,  ...)
	NOT-FOR-US: WebSphere Edge Server
CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cau ...)
	NOT-FOR-US: Norton
CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other v ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_cu ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be acce ...)
	NOT-FOR-US: Zoom DSL modem
CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly othe ...)
	NOT-FOR-US: UnrealIRCd
CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Plan ...)
	NOT-FOR-US: 12Planet Chat Server
CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attac ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6 ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32w ...)
	NOT-FOR-US: c32web.exe
CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware 7.0. ...)
	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4. ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
	NOT-FOR-US: Netegrity IdentityMinder Web Edition
CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote atta ...)
	NOT-FOR-US: Brightmail Spamfilter
CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote attacker ...)
	NOT-FOR-US: Rompager
CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authent ...)
	NOT-FOR-US: Lotus
CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Lotus
CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows acces ...)
	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
	- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allow ...)
	NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive informati ...)
	NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x al ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information  ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware 2. ...)
	NOT-FOR-US: D-Link AirPlus DI-614+
CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
	NOT-FOR-US: CuteNews
CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 a ...)
	- mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly report ...)
	- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
	- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins)
CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP se ...)
	- ntp 4.0
CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows remot ...)
	- pure-ftpd 1.0.19-1
CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ar ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when configu ...)
	NOT-FOR-US: Solaris
CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 o ...)
	NOT-FOR-US: Solaris
CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack  ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 thro ...)
	NOT-FOR-US: Sun JRE
CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec  ...)
	NOT-FOR-US: Cisco
CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow remot ...)
	{DSA-530}
	- l2tpd 0.70-pre20031121-2
CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird be ...)
	- mozilla 2:1.7.1
	- mozilla-firefox 0.9.2
	- mozilla-thunderbird 0.7.2
CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local u ...)
	- shorewall 2.0.3a
CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 we ...)
	NOT-FOR-US: JRun
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library  ...)
	{DSA-579-1 DSA-550-1}
	- abiword 2.0.8
	- wv 1.0.2-0.1 (bug #264972)
	NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT Ker ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT Kerbero ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 decod ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and poss ...)
	NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in telnetd. ...)
	{DSA-529}
	- netkit-telnet-ssl 0.17.24+0.1-2
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1. ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package (db ...)
	NOT-FOR-US: Oracle
CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to e ...)
	NOT-FOR-US: Oracle
CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler f ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote att ...)
	{DSA-528}
	- ethereal 0.10.5-1
CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows re ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote at ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when splitti ...)
	NOT-FOR-US: adobe reader
CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0 ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Uni ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5 ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allo ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
	- mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0,  ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium)
	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux kerne ...)
	[sarge] - kernel-source-2.6.8 2.6.8-1
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote attacker ...)
	NOT-FOR-US: Infinity WEB
CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic link ...)
	NOT-FOR-US: Artmedic links
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remo ...)
	{DSA-590-1}
	- gnats 4.0-6.1
CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does no ...)
	NOT-FOR-US: MacOS
CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain administra ...)
	NOT-FOR-US: Newsletter ZWS
CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ne ...)
	NOT-FOR-US: vBulletin
CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom 582 ...)
	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
	NOTE: does not seem to be part of linux kernel or other package
CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a deni ...)
	NOT-FOR-US: freebsd
CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remo ...)
	NOT-FOR-US: ArbitroWeb
CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP com ...)
	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
	NOT-FOR-US: D-Link DI-614+ SOHO router
CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the up ...)
	NOT-FOR-US: osTicket
CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and  ...)
	NOT-FOR-US: osTicket
CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mo ...)
	NOT-FOR-US: ZoneAlarm Pro
CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote at ...)
	NOT-FOR-US: Netgear FVS318 VPN Router
CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router a ...)
	NOT-FOR-US: Microsoft MN-500 Wireless Router
CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering  ...)
	- rssh 2.2.1
CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation  ...)
	NOT-FOR-US: Unreal Engine
CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies c ...)
	- ipsec-tools 0.3.3-1
CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running f ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2)  ...)
	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows  ...)
	NOT-FOR-US: giFT-FastTrack not in debian
CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the crea ...)
	- gzip <not-affected> (Gentoo-specific bug in gzip introduced by botched security fix)
CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not properl ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not interpr ...)
	- distcc 2.18.1-4
CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3 ...)
	- samba 3.0.5 (bug #260838)
CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
	{DSA-571-1 DSA-570-1 DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in mult ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in L ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3 ...)
	{DSA-669-1 DSA-531}
	- php3 3:3.0.18-27
	- php4 4:4.3.8-1
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5 ...)
	{DSA-669-1 DSA-531}
	- php4 4:4.3.8-1
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before aut ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in th ...)
	NOT-FOR-US: linux 2.4 with usagi patches
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc functi ...)
	{DSA-533}
	- courier 0.45.4-4
CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including superfrees ...)
	- freeswan 2.04-10
	- openswan 2.2.0
CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when co ...)
	NOT-FOR-US: Cisco
CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for Us ...)
	- usermin 1.090-1
CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Lin ...)
	- qla2x00 7.01.01-1
CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-2004-0585
	REJECTED
CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "securi ...)
	- imp3 3.2.4
CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin  ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to bypas ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
	NOT-FOR-US: Mandrake script
CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Rout ...)
	NOT-FOR-US: Linksys routers
CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
	{DSA-522}
	- super 3.23.0-1
CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions s ...)
	NOT-FOR-US: Wingate
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions s ...)
	NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
	NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP  ...)
	NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft Windo ...)
	NOT-FOR-US: Windows
CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on Offi ...)
	NOT-FOR-US: Windows
CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) m ...)
	NOT-FOR-US: Windows
CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ce ...)
	NOT-FOR-US: Microsoft
CVE-2004-0570
	RESERVED
CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote att ...)
	NOT-FOR-US: Windows
CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP ...)
	NOT-FOR-US: HyperTerminal
CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
	NOT-FOR-US: Windows
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote attacker ...)
	NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for Linux 2 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run set ...)
	{DSA-557-1}
	- rp-pppoe 3.5-4 (bug #343264)
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before 1 ...)
	{DSA-555-1}
	- freenet6 1.0-2.2
CVE-2004-0562
	REJECTED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon (goph ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attack ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users t ...)
	{DSA-544-1}
	- webmin 1.160-1
	- usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before 1.1 ...)
	{DSA-545-1}
	- cups 1.1.20final+rc1-6
	- cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
	{DSA-565-1}
	- sox 12.17.4-9 (bug #262083)
CVE-2004-0556
	REJECTED
CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
	{DSA-643-1}
	- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a den ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
	RESERVED
CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle f ...)
	NOT-FOR-US: Sophos Small Business Suite
CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX ...)
	NOT-FOR-US: Cisco
CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
	NOT-FOR-US: Real Player
CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML renderin ...)
	NOT-FOR-US: Windows
CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress functi ...)
	- aspell 0.50.5-3
CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows  ...)
	{DSA-516}
	- postgresql 07.03.0200-3
CVE-2004-0546
	RESERVED
CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary file ...)
	NOT-FOR-US: AIX
CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
	NOT-FOR-US: AIX
CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
	- php4 <not-affected> (Only affects Windows)
CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function  ...)
	- squid 2.5.5-5
CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
	NOT-FOR-US: Windows
CVE-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X 10.3 ...)
	NOT-FOR-US: MacOS
CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers a ...)
	NOT-FOR-US: MacOS
CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut  ...)
	NOT-FOR-US: Opera
CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier,  ...)
	- tripwire 2.3.1.2.0-2.1
CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView  ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces acc ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0532
	RESERVED
CVE-2004-0531
	RESERVED
CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a  ...)
	- php4 <not-affected> (Slackware specific rpath issue)
CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate U ...)
	NOT-FOR-US: Netscape Navigator 7.1
CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legit ...)
	- kdebase 2.2.3
CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote attacke ...)
	NOT-FOR-US: Windows
CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 all ...)
	NOT-FOR-US: iLO
CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin be ...)
	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos  ...)
	{DSA-520}
	- krb5 1.3.3-2
CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass authentica ...)
	{DSA-512}
	- gallery 1.4.3-pl2-1
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows re ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail  ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related  ...)
	NOT-FOR-US: MacOS
CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of proc ...)
	NOT-FOR-US: MacOS
CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package installa ...)
	NOT-FOR-US: MacOS
CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to " ...)
	NOT-FOR-US: MacOS
CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to " ...)
	NOT-FOR-US: MacOS
CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...)
	NOT-FOR-US: MacOS
CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7 ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7 ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and p ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0509
	RESERVED
CVE-2004-0508
	RESERVED
CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 al ...)
	- ethereal 0.10.4
CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attacke ...)
	- ethereal 0.10.4
CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause  ...)
	- ethereal 0.10.4
CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ( ...)
	- ethereal 0.10.4
CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default z ...)
	NOT-FOR-US: Microsoft
CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
	NOT-FOR-US: Microsoft
CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access restric ...)
	NOT-FOR-US: Microsoft
CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
	- gaim 1:0.81-3
CVE-2004-0499
	REJECTED
CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlie ...)
	NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to mod ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
	NOTE: fixed in 2.6.7
CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow loc ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc1)
CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) bef ...)
	- gnome-vfs 1.0.1
CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows re ...)
	- apache2 2.0.50-1
CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3 ...)
	{DSA-525}
	- apache 1.3.31-2
CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not pr ...)
	NOTE: appears redhat specific
CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec op ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on  ...)
	NOT-FOR-US: MacOS
CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function i ...)
	{DSA-532}
	- apache2 2.0.50-1
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows rem ...)
	NOT-FOR-US: Norton
CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
	NOT-FOR-US: MacOS
CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 1 ...)
	NOT-FOR-US: MacOS
CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attac ...)
	NOT-FOR-US: Microsoft
CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote  ...)
	NOT-FOR-US: IRIX
CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs. ...)
	NOT-FOR-US: OpenBSD
CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
	NOT-FOR-US: the KCMS on Solaris
CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allo ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Microsoft
CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial o ...)
	NOTE: only a Mozilla DOS
CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router all ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 a ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows  ...)
	NOT-FOR-US: Microsoft
CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or execut ...)
	NOT-FOR-US: Help Center (HelpCtr.exe)
CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not properl ...)
	NOT-FOR-US: opera
CVE-2004-0472
	REJECTED
CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 throu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 throu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and  ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows rem ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote att ...)
	NOT-FOR-US: WebConnect
CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 an ...)
	NOT-FOR-US: WebConnect
CVE-2004-0464
	REJECTED
CVE-2004-0463
	REJECTED
CVE-2004-0462 (The built-in web servers for multiple networking devices do not set th ...)
	NOT-FOR-US: Multiple embedded hardware vendors
CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when com ...)
	- dhcp3 3.0.1
CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD)  ...)
	- dhcp3 3.0.1
CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wirele ...)
	NOT-FOR-US: DOS in 802.11 protocol
CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ser ...)
	{DSA-503}
	- mah-jong 1.6.2-1
CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the sc ...)
	{DSA-540}
	- mysql-dfsg 4.0.20-11
	- mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ot ...)
	{DSA-527}
	- pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
	{DSA-523}
	- www-sql 0.5.7-18
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allow ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in VI ...)
	- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
	{DSA-1678-1 DSA-620-1}
	- perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
	{DSA-521}
	- sup 1.8-11
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail befor ...)
	{DSA-513}
	- log2mail 0.2.8-3
CVE-2004-0449
	REJECTED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and  ...)
	{DSA-510}
	- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local use ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-0446
	RESERVED
CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and Profess ...)
	NOT-FOR-US: Norton
CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Se ...)
	NOT-FOR-US: Norton
CVE-2004-0443
	RESERVED
CVE-2004-0442
	RESERVED
CVE-2004-0441
	RESERVED
CVE-2004-0440
	RESERVED
CVE-2004-0439
	RESERVED
CVE-2004-0438
	RESERVED
CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions b ...)
	NOT-FOR-US: Titan FTP Server
CVE-2004-0436
	RESERVED
CVE-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD 5.2. ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute arbi ...)
	{DSA-504}
	- heimdal 0.6.2-1
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) c ...)
	- mplayer 1.0~pre6a-1
	- xine-lib 1-rc4
CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL  ...)
	- proftpd 1.2.9-4
CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allow ...)
	NOT-FOR-US: Apple QuickTime
CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0429 (Unknown vulnerability related to "the handling of large requests" in R ...)
	NOT-FOR-US: RAdmin for Mac OS X
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS  ...)
	NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2. ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a rea ...)
	{DSA-499}
	- rsync 2.6.1-1
CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows re ...)
	NOT-FOR-US: windows
CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22  ...)
	NOTE: fixed after 2.6.4/2.4.26 kernel
CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users  ...)
	- ssmtp <unfixed> (unimportant)
	NOTE: bug still exists in the ssmtp source, but is only activated if
	NOTE: --enable-logfile is used in ./configure
	NOTE: The package doesn't enable that flag so it is safe.
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows lo ...)
	{DSA-500}
	- flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier allo ...)
	{DSA-498}
	- libpng 1.0.15-5
	- libpng3 1.2.5.0-6
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT 4. ...)
	NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.r ...)
	[sarge] - xfree86 <not-affected> (vulnerable code not present)
	- xdm <not-affected> (vulnerable code not present)
CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_d ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to  ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc6)
CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not proper ...)
	{DSA-517}
	- cvs 1:1.12.9-1
CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn:/ ...)
	- subversion 1.0.5-1
CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords  ...)
	- mailman 2.1.4-5
CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properl ...)
	{DSA-518}
	- kdelibs 4:3.2.3
CVE-2004-0410
	REJECTED
CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0  ...)
	{DSA-493}
	- xchat 2.0.8-1
CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident daem ...)
	{DSA-494}
	- ident2 1.04-2
CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim  ...)
	NOT-FOR-US: ColdFusion
CVE-2004-0406
	REJECTED
CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files  ...)
	{DSA-488}
	- logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of s ...)
	- ipsec-tools 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other v ...)
	{DSA-508}
	- xpcd 2.08-10
CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
	- libtasn1 0.1.2-2
CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the headers_ch ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing functi ...)
	{DSA-507 DSA-506}
	- cadaver 0.22.1-3
	- neon 0.24.6.dfsg-1
CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in S ...)
	- subversion 1.0.3-1 (bug #249791)
CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up  ...)
	{DSA-505}
	- cvs 1:1.12.5-6
CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root pr ...)
	{DSA-509}
	- gatos 0.0.5-12
CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon (rlprd ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of s ...)
	- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting  ...)
	NOT-FOR-US: Cisco
CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style acce ...)
	NOT-FOR-US: SCO OpenServer
CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote atta ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite arbit ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-6
CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8 ...)
	NOT-FOR-US: RealPlayer plugin
CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0. ...)
	- mplayer 1.0~pre6a-1
CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9 ...)
	NOT-FOR-US: Oracle 9i Application Server Web Cache
CVE-2004-0384
	RESERVED
CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unk ...)
	NOT-FOR-US: Mail for Mac OS X
CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 a ...)
	NOT-FOR-US: CUPS printing system in Mac OS X
CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via  ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-4
CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 throug ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Share ...)
	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CVE-2004-0378
	REJECTED
CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's Activ ...)
	- perl <not-affected> (Win32 specific)
CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of s ...)
	{DSA-473}
	- oftpd 20040304-1 (bug #353882)
CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the conten ...)
	{DSA-471}
	- interchange 5.0.1-1
CVE-2004-0373
	RESERVED
CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink att ...)
	{DSA-477}
	- xine-ui 0.99.1-1
CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly pe ...)
	{DSA-476}
	- heimdal 0.6.1-1
CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used i ...)
	NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec  ...)
	NOT-FOR-US: Entrust LibKmp ISAKMP library
CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and oth ...)
	NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 a ...)
	{DSA-469}
	- pam-pgsql 0.5.2-7.1
	NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9
CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for Ethe ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Securi ...)
	NOT-FOR-US: WrapNISUM ActiveX
CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component (sy ...)
	NOT-FOR-US: SymSpamHelper ActiveX
CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of t ...)
	NOT-FOR-US: ISS Protocol Analysis Module
CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote attacker ...)
	NOT-FOR-US: safari
CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
	NOT-FOR-US: solaris
CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision Pow ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
	NOT-FOR-US: VirtuaNews Admin Panel
CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attacke ...)
	NOT-FOR-US: SL Mail Pro
CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain sensiti ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6 ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU A ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x ...)
	NOT-FOR-US: Cisco
CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the pr ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remot ...)
	NOT-FOR-US: GWeb HTTP Server
CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ca ...)
	NOT-FOR-US: SpiderSales
CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 th ...)
	- proftpd 1.2.9
CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote s ...)
	NOT-FOR-US: Red Faction
CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5. ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled ...)
	NOT-FOR-US: WFPTD
CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
	NOT-FOR-US: WFPTD
CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Se ...)
	NOT-FOR-US: WFPTD
CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, po ...)
	- phpbb2 2.0.6d
CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum all ...)
	NOT-FOR-US: Invision Board Forum
CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro  ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory brows ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic Authoriza ...)
	NOT-FOR-US: AXIS 2100
CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
	- uudeview 0.5.20 (medium)
CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all d ...)
	NOT-FOR-US: extremail
CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows  ...)
	NOT-FOR-US: Dell OpenManage Web Server
CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticat ...)
	NOT-FOR-US: Serv-U
CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: FreeChat
CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 al ...)
	NOT-FOR-US: Gigabyte Broadband Router
CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager 1 ...)
	NOT-FOR-US: PhpNewsManager
CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote  ...)
	NOT-FOR-US: GateKeeper Pro
CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a d ...)
	NOT-FOR-US: TypSoft
CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute arbit ...)
	NOT-FOR-US: confirm 0.70
CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remo ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final S ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Team Factor
CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7. ...)
	NOT-FOR-US: ezBoard
CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID e ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x al ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a d ...)
	NOT-FOR-US: Avirt
CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Avirt
CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 a ...)
	NOT-FOR-US: WebzEdit
CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a de ...)
	NOT-FOR-US: PSOProxy
CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP re ...)
	NOT-FOR-US: LINKSYS
CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
	NOT-FOR-US: APC
CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 al ...)
	NOT-FOR-US: LiveJournal
CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 befo ...)
	NOT-FOR-US: cisco
CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex Web ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via absol ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers  ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store  ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote atta ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
	NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service (C ...)
	NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists o ...)
	NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote att ...)
	NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote atta ...)
	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 al ...)
	NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game se ...)
	NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to  ...)
	NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13  ...)
	- mnogosearch 3.2.18
	NOTE: it's not quite clear which version exactly fixes the problem;
	NOTE: I checked the source code of the most recent version and compared
	NOTE: it with the problematic section described in the advisory
	NOTE: (http://marc.info/?l=bugtraq&m=107695139930726&w=2)
	NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a de ...)
	NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers ...)
	NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...)
	NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow  ...)
	NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a sy ...)
	NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain sensiti ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP sou ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, Lea ...)
	NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers  ...)
	NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 a ...)
	NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal al ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly  ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote att ...)
	NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust I ...)
	NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the "public message" capability (public ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6 ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client allow ...)
	NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
	NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows re ...)
	NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealO ...)
	NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ca ...)
	NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x  ...)
	NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to exe ...)
	NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
	NOT-FOR-US: rxgoogle.cgi
CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allow ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
	NOT-FOR-US: PHPX
CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote a ...)
	NOT-FOR-US: PHPX
CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote attacker ...)
	NOT-FOR-US: Chaser
CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.li ...)
	NOT-FOR-US: Les Commentaires
CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Web Crossing
CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Featu ...)
	NOT-FOR-US: Cisco
CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displ ...)
	NOT-FOR-US: AIX
CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote attack ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6  ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow  ...)
	- overkill 0.16-7
CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal all ...)
	NOT-FOR-US: Aprox PHP Portal
CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
	NOT-FOR-US: thePHOTOtool
CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote  ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in he ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory trave ...)
	NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) befo ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote attack ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: the attack works with a certain non-negligible probability, but even
	NOTE: when successful, it only causes a TCP disconnect, which will (in most
	NOTE: circumstances) be reestablished right away, causing essentially no impact
CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
	- linux-2.6 2.6.6-1
	- linux-2.6.24 <not-affected>
CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
	- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allo ...)
	- zoneminder 1.22.3-1
	NOTE: fixed in 1.19.2, which was released before initial upload of 1.22.3
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may  ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0225
	RESERVED
CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Cou ...)
	- courier 0.45.1-1
CVE-2004-0223
	RESERVED
CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remo ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan E ...)
	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet Explo ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial ...)
	NOT-FOR-US: MS-Outlook-Express
CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility Ma ...)
	NOT-FOR-US: Windows bug
CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain va ...)
	NOT-FOR-US: Windows bug
CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows lo ...)
	NOT-FOR-US: Windows bug
CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of Mi ...)
	NOT-FOR-US: Windows bug
CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, W ...)
	NOT-FOR-US: Windows bug
CVE-2004-0207 ("Shatter" style vulnerability in the Window Management application pro ...)
	NOT-FOR-US: Windows bug
CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows  ...)
	NOT-FOR-US: Windows bug
CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 all ...)
	NOT-FOR-US: Windows bug
CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business Obje ...)
	NOT-FOR-US: Visual Studio bug
CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exc ...)
	NOT-FOR-US: Exchange bug
CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft Dire ...)
	NOT-FOR-US: DirectX
CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML He ...)
	NOT-FOR-US: Windows HTML Help
CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Grap ...)
	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server 200 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0198
	RESERVED
CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote att ...)
	NOT-FOR-US: MSJet bug
CVE-2004-0196
	RESERVED
CVE-2004-0195
	RESERVED
CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2004-0187
	REJECTED
CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ser ...)
	- mailman <not-affected> (RedHat specific bug)
CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in whi ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre5)
CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
	{DSA-487}
	- neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3)
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly initializ ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote at ...)
	{DSA-511}
	- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allo ...)
	{CVE-2000-0992}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
	NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
	NOTE: jmm: 3.9p1 thus marked as fixed version
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multip ...)
	- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ltrac ...)
	- ltrace <not-affected> (Not setuid/setgid in Debian)
CVE-2004-0170
	RESERVED
CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related t ...)
	NOT-FOR-US: CoreFoundation for Mac OS X
CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 relate ...)
	NOT-FOR-US: Safari
CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which a ...)
	- ipsec-tools 0.3.3-1
	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
	NOTE: the problem, but the patch that fixes the bug is applied:
	NOTE: http://marc.info/?l=bugtraq&m=107411758202662&w=2
CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the  ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
	{DSA-445}
	- lbreakout2 2.4
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to f ...)
	{DSA-484}
	- xonix 1.4-21
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event function ...)
	{DSA-485}
	- ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
	- ipsec-tools 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers  ...)
	- nfs-utils 1:1.0.5-3
CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may a ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users  ...)
	{DSA-462}
	- xitalk 1.1.11-11
CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ga ...)
	{DSA-451}
	- xboing 2.4-26.1 (bug #174924)
CVE-2004-0147
	REJECTED
CVE-2004-0146
	REJECTED
CVE-2004-0145
	REJECTED
CVE-2004-0144
	REJECTED
CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote a ...)
	NOT-FOR-US: Nokia mobile phones
CVE-2004-0142
	REJECTED
CVE-2004-0141
	REJECTED
CVE-2004-0140
	REJECTED
CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5. ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows lo ...)
	NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows lo ...)
	NOT-FOR-US: IRIX
CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allow ...)
	NOT-FOR-US: IRIX
CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain priv ...)
	NOT-FOR-US: IRIX
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in whi ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...)
	NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: phpGedView
CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for phpGedV ...)
	NOT-FOR-US: phpGedView
CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verif ...)
	NOT-FOR-US: FreeBSD jail
CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Ser ...)
	NOT-FOR-US: Windows bug
CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT 4 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows 20 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows N ...)
	NOT-FOR-US: Windows bug
CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows  ...)
	NOT-FOR-US: Windows bug
CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM activat ...)
	NOT-FOR-US: Windows bug
CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, wh ...)
	- openssl 0.9.7d-1
CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft  ...)
	{DSA-455}
	- libxml 1:1.8.17-5
	- libxml2 2.6.6-1
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel  ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allo ...)
	- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote att ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier all ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when  ...)
	{DSA-432}
	- crawl 1:4.0.0beta26-4
CVE-2004-0102
	RESERVED
CVE-2004-0101
	RESERVED
CVE-2004-0100
	RESERVED
CVE-2004-0098
	REJECTED
CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers  ...)
	{DSA-448}
	- pwlib 1.5.2-4
CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10. ...)
	NOT-FOR-US: Safari
CVE-2004-0091
	NOT-FOR-US: vBulletin
CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 thro ...)
	NOT-FOR-US: MacOS
CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
	NOT-FOR-US: MacOS
CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows  ...)
	NOT-FOR-US: MacOS
CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has  ...)
	NOT-FOR-US: MacOS
CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and  ...)
	NOT-FOR-US: MacOS
CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3. ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 throu ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message t ...)
	{DSA-465}
	- openssl 0.9.6d-1
CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0. ...)
	{DSA-465}
	- openssl 0.9.7d-1
	- openssl096 0.9.6m-1
CVE-2004-0076
	REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain priv ...)
	- xsok <not-affected> (Not vulnerable. See bug #278777)
CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) conf ...)
	NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 allow ...)
	NOT-FOR-US: Accipiter Direct Server 6.0
CVE-2004-0071 (Directory traversal vulnerability in buildManPage in class.manpagelook ...)
	NOT-FOR-US: PHP Man Page Lookup 1.2.0
CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and earl ...)
	NOT-FOR-US: HD Soft Windows FTP Server 1.6
CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView befo ...)
	NOT-FOR-US: phpGedView
CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute  ...)
	NOT-FOR-US: phpGedView
CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
	NOT-FOR-US: phpGedView
CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows loc ...)
	NOT-FOR-US: SuSE YaST
CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various v ...)
	NOT-FOR-US: FishCart
CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File Sha ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local u ...)
	NOT-FOR-US: Antivir
CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for Nort ...)
	NOT-FOR-US: Nortel Networks products
CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for Cisc ...)
	NOT-FOR-US: Cisco
CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the fu ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2004-0048
	RESERVED
CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before  ...)
	{DSA-430}
	- trr19 1.0beta5-17.1 (bug #264702)
CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
	NOT-FOR-US: SnapStream PVS LITE
CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allo ...)
	NOT-FOR-US: Yahoo Instant Messenger
CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether o ...)
	- vsftpd 2.0.1-1
	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce t ...)
	{DSA-421}
	- mod-auth-shadow 1.4-1
CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application Intelligenc ...)
	NOT-FOR-US: Check Point Firewall
CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3  ...)
	NOT-FOR-US: McAfee
CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute arbit ...)
	NOT-FOR-US: FistClass Desktop Client
CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 an ...)
	NOT-FOR-US: Phorum
CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) auth ...)
	NOT-FOR-US: PHPGEDVIEW
CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
	NOT-FOR-US: Lotus Notes Domino
CVE-2004-0027
	RESERVED
CVE-2004-0026
	RESERVED
CVE-2004-0025
	RESERVED
CVE-2004-0024
	RESERVED
CVE-2004-0023
	RESERVED
CVE-2004-0022
	RESERVED
CVE-2004-0021
	RESERVED
CVE-2004-0020
	RESERVED
CVE-2004-0019
	RESERVED
CVE-2004-0018
	RESERVED
CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) inf ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
	{DSA-412}
	- nd 0.8.2-1
CVE-2004-0012
	REJECTED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in Li ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7)
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0. ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic  ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows rem ...)
	NOT-FOR-US: FreeBSD netinet
CVE-2003-1565
	REJECTED
CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modi ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database 8 ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow  ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS dire ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of Intern ...)
	NOT-FOR-US: microsoft
CVE-2003-1047
	REJECTED
CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
	- bugzilla 2.16.4-1
CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, a ...)
	- bugzilla 2.16.4-1
CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is  ...)
	- bugzilla 2.16.4-1
CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
	- bugzilla 2.16.4-1
CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
	- bugzilla 2.16.4-1
CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute arbit ...)
	NOT-FOR-US: microsoft
CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0 ...)
	NOTE: linux kernel kmod local DoS, fixed in all current kernels
CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow  ...)
	NOT-FOR-US: SAP
CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows r ...)
	NOT-FOR-US: SAP
CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet Tr ...)
	NOT-FOR-US: SAP
CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet Tran ...)
	NOT-FOR-US: SAP
CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to b ...)
	NOT-FOR-US: SAP
CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserv ...)
	NOT-FOR-US: SAP
CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development  ...)
	NOT-FOR-US: SAP
CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
	NOT-FOR-US: Pi3Web not in debian
CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
	NOT-FOR-US: VBulletin
CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows rem ...)
	NOT-FOR-US: Dameware
CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote at ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote attacke ...)
	NOT-FOR-US: microsoft
CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof  ...)
	NOT-FOR-US: microsoft
CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris  ...)
	NOT-FOR-US: solaris
CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
	{DSA-424}
	- mc 1:4.6.0-4.6.1-pre1-1
CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local user ...)
	NOT-FOR-US: SCO
CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 al ...)
	- irssi-text 0.8.9-0.1
CVE-2003-1019
	RESERVED
CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 al ...)
	NOT-FOR-US: AIX
CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a  ...)
	- flashplugin-nonfree 7.0.25-1
CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote  ...)
	NOTE: Multiple vendor MIME quote bypass filtering
CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote  ...)
	- mime-tools 5.411-2
CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote  ...)
	NOTE: Multiple vendor MIME RFC822 comment bypass filtering
CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows r ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keybo ...)
	NOT-FOR-US: Apple
CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Ma ...)
	NOT-FOR-US: Apple
CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 an ...)
	NOT-FOR-US: Apple
CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
	NOT-FOR-US: Apple
CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not pro ...)
	NOT-FOR-US: Apple
CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 a ...)
	NOT-FOR-US: Apple
CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote atta ...)
	NOT-FOR-US: Apple
CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Clien ...)
	NOT-FOR-US: Cisco
CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600  ...)
	NOT-FOR-US: Cisco
CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service (cras ...)
	- xchat 2.0.7
CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint li ...)
	NOT-FOR-US: Solaris
CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer Associat ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer Associate ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows r ...)
	NOT-FOR-US: Microsoft
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for  ...)
	- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
	- squirrelmail 1.4.2 (low)
	NOTE: Only potentially exploitable withexternel GPG Plugin, see
	NOTE: http://www.securityfocus.com/archive/1/348366
	NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of serv ...)
	{DSA-425}
	- tcpdump 3.8.1
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
	- apache 1.3.29.0.2-5
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior  ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do n ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that shoul ...)
	NOT-FOR-US: Cisco
CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
	NOT-FOR-US: Cisco
CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name  ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape l ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP interface ...)
	NOT-FOR-US: gpgkeys_hkp
CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server  ...)
	- cvs 1:1.11.10
CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
	NOT-FOR-US: netware
CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 al ...)
	NOT-FOR-US: MacOS
CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct unauth ...)
	NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x befo ...)
	{DSA-452}
	- libapache-mod-python 2:2.7.10-1
CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, a ...)
	{DSA-408}
	- screen 4.0.2-0.1
CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal typ ...)
	{DSA-429}
	- gnupg 1.2.4-1
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote at ...)
	NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experim ...)
	- freeradius 1.0.1 (unimportant)
	NOTE: freeradius module in question is not built in debian package
CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to  ...)
	- freeradius 0.9.2-4
CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) Un ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for M ...)
	{DSA-436}
	- mailman 2.1.4-1
CVE-2003-0964
	REJECTED
CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for  ...)
	{DSA-406}
	- lftp 2.6.10-1
CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in serv ...)
	{DSA-404}
	- rsync 2.5.6-1.1
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in Lin ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain  ...)
	NOT-FOR-US: OpenCA
CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 architectu ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21)
CVE-2003-0958
	RESERVED
CVE-2003-0957
	RESERVED
CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel p ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22)
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ser ...)
	NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users t ...)
	NOT-FOR-US: rcp
CVE-2003-0953
	REJECTED
CVE-2003-0952
	REJECTED
CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
	NOT-FOR-US: HP-UX
CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
	NOT-FOR-US: PeopleSoft PeopleTools
CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and executi ...)
	{DSA-405}
	- xsok 1.02-11
CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary co ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 t ...)
	- clamav 0.65
CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 gene ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB b ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ar ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for S ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows  ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to b ...)
	NOT-FOR-US: UnixWare
CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows att ...)
	NOT-FOR-US: PCAnywhere
CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
	- net-snmp 5.0.9
CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the defa ...)
	NOT-FOR-US: Symbol Access Portable Data Terminal
CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to  ...)
	{DSA-398}
	- conquest 7.2-5
CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute arbitr ...)
	{DSA-400}
	- omega-rpg 1:0.90-pa9-11
CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect filename ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remot ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0923
	REJECTED
CVE-2003-0922
	REJECTED
CVE-2003-0921
	REJECTED
CVE-2003-0920
	REJECTED
CVE-2003-0919
	REJECTED
CVE-2003-0918
	REJECTED
CVE-2003-0917
	REJECTED
CVE-2003-0916
	RESERVED
CVE-2003-0915
	RESERVED
CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote att ...)
	{DSA-409}
	- bind 1:8.4.3-1
CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 (C ...)
	NOT-FOR-US: MacOS
CVE-2003-0912
	RESERVED
CVE-2003-0911
	RESERVED
CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the Loca ...)
	NOT-FOR-US: Windows
CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by creatin ...)
	NOT-FOR-US: Windows
CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe wi ...)
	NOT-FOR-US: Windows
CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly  ...)
	NOT-FOR-US: Windows
CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
	NOT-FOR-US: Windows
CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured  ...)
	NOT-FOR-US: Windows
CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
	{DSA-402}
	- minimalist 2.4-1
CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3 ...)
	{DSA-397}
	- postgresql 7.3.4-1
	NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the
	NOTE: DSA, that's why the DSA says that unstable is not affected.
CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random numb ...)
	- perl 5.8.2
CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allo ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3
CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, all ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...)
	NOT-FOR-US: microsoft
CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the  ...)
	NOT-FOR-US: Sun/Java
CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9 ...)
	NOT-FOR-US: Oracle
CVE-2003-0893
	RESERVED
CVE-2003-0892
	RESERVED
CVE-2003-0891
	RESERVED
CVE-2003-0890
	RESERVED
CVE-2003-0889
	RESERVED
CVE-2003-0888
	RESERVED
CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache file ...)
	NOTE: verified Debian is not explitable; we don't put the cache in /tmp
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier all ...)
	{DSA-401}
	- hylafax 1:4.1.8-1
CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have bee ...)
	- xscreensaver 4.15
CVE-2003-0884
	RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant num ...)
	NOT-FOR-US: Apple
CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Res ...)
	NOT-FOR-US: Apple
CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ac ...)
	NOT-FOR-US: Apple
CVE-2003-0879
	REJECTED
CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ar ...)
	NOT-FOR-US: Apple
CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ove ...)
	NOT-FOR-US: Apple
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute p ...)
	NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for OpenS ...)
	NOTE: Vulnerable code not shipped in the binary package
	- openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier al ...)
	NOT-FOR-US: Deskpro
CVE-2003-0873
	REJECTED
CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to overwr ...)
	NOT-FOR-US: SCO
CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attack ...)
	NOT-FOR-US: Opera
CVE-2003-0869
	REJECTED
CVE-2003-0868
	REJECTED
CVE-2003-0867
	REJECTED
CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat 4.0. ...)
	{DSA-395}
	- tomcat4 4.1.24-2
CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
	{DSA-435}
	- mpg123 0.59r-15
CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10. ...)
	- ircd-irc2 2.10.3p5-1
CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of PH ...)
	NOTE: php4, this bug appears not to have been fixed.
	NOTE: submitted to BTS on libapache-mod-php4
	NOTE: developer claims there is no problem
CVE-2003-0862
	REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP  ...)
	- php4 4:4.3.3-1
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown a ...)
	- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows l ...)
	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...)
	NOT-FOR-US: Data predating security tracker
CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of serv ...)
	{DSA-492}
	- iproute 20010824-13.1
CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of se ...)
	- pan 0.13.4-1
CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to consum ...)
	- coreutils 5.2.1-1
CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may a ...)
	- coreutils 5.2.1-1
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
	- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service (c ...)
	- openssl096 0.9.6l
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote  ...)
	{DSA-410}
	- libnids 1.18-1
CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote a ...)
	- cfengine2 2.0.9+2.1.0b3-1
CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly othe ...)
	{DSA-428}
	- slocate 2.7-3
CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows lo ...)
	NOT-FOR-US: SuSE
CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allow ...)
	NOT-FOR-US: SuSE
CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
	NOT-FOR-US: JBoss
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions,  ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a  ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a  ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in gues ...)
	NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other oper ...)
	NOT-FOR-US: HPUX
CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...)
	NOT-FOR-US: microsoft
CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions  ...)
	NOT-FOR-US: microsoft
CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Win ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 a ...)
	NOTE: mplayer fixed before upload
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
	NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to e ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote a ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline cha ...)
	- proftpd 1.2.9-1
CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to gai ...)
	{DSA-390}
	- marbles <removed>
CVE-2003-0829
	RESERVED
CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local user ...)
	{DSA-391}
	- freesweep 0.88-4.1 (bug #242616)
CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote  ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ( ...)
	{DSA-717-1}
	- lsh-utils 1.4.2-6
CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Micr ...)
	NOT-FOR-US: microsoft
CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct  ...)
	NOT-FOR-US: microsoft
CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute  ...)
	NOT-FOR-US: microsoft
CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2 ...)
	NOT-FOR-US: microsoft
CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
	NOT-FOR-US: microsoft
CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
	NOT-FOR-US: microsoft
CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: microsoft
CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: microsoft
CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: microsoft
CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality  ...)
	NOT-FOR-US: microsoft
CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows Workstat ...)
	NOT-FOR-US: microsoft
CVE-2003-0811
	RESERVED
CVE-2003-0810
	RESERVED
CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object tag ...)
	NOT-FOR-US: microsoft
CVE-2003-0808
	RESERVED
CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP  ...)
	NOT-FOR-US: microsoft
CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft W ...)
	NOT-FOR-US: microsoft
CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x b ...)
	{DSA-387}
	- gopher 3.0.6
	NOTE: gopherd was removed from the gopher package in version 3.0.6.
CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10. ...)
	NOT-FOR-US: BSD
CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to us ...)
	NOT-FOR-US: Nokia
CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ob ...)
	NOT-FOR-US: Nokia
CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic Documenta ...)
	NOT-FOR-US: Nokia
CVE-2003-0800
	REJECTED
CVE-2003-0799
	REJECTED
CVE-2003-0798
	REJECTED
CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 all ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 all ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, do ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
	- gdm 2.4.4.4
CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restr ...)
	- gdm 2.4.4.4
CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
	- fetchmail 6.2.5
CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earl ...)
	- mozilla 2:1.5
CVE-2003-0790
	REJECTED
CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not  ...)
	- apache2 2.0.48
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) implemen ...)
	- cups 1.1.19
	- cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets  ...)
	- openssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3. ...)
	- openssh 1:3.7.1p2
CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets t ...)
	{DSA-389}
	- ipmasq 3.5.12
CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
	NOT-FOR-US: IBM TSM
CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root  ...)
	{DSA-385}
	- hztty 2.0-6
CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to c ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly valida ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4. ...)
	{DSA-381}
	- mysql-dfsg 4.0.15-1
CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging fu ...)
	- asterisk 0.7.0
CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are enab ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the  ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrar ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle conne ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
	NOT-FOR-US: WS_FTP server
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary fi ...)
	- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not pro ...)
	NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestboo ...)
	NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
	NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, de ...)
	NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and po ...)
	NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allow ...)
	NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain sens ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine  ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 all ...)
	NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session Initi ...)
	- asterisk 0.5.0
CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: optisoft blubster
CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before F ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before F ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers  ...)
	NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1. ...)
	NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remo ...)
	NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read a ...)
	NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possi ...)
	NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ea ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to by ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet Transa ...)
	NOT-FOR-US: SAP
CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 all ...)
	NOT-FOR-US: SAP
CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, inclu ...)
	NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the c ...)
	NOT-FOR-US: castlerock SNMPc
CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote at ...)
	- leafnode 1.9.42
CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
	{DSA-376}
	- exim 3.36-8
CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary pr ...)
	NOT-FOR-US: SCO
CVE-2003-0741
	REJECTED
CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
	- stunnel 2:3.26 (bug #278942)
	- stunnel4 2:4.04
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows loc ...)
	NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9. ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before v ...)
	- libpam-ldap 164-1
	- libnss-ldap 207-1
CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integr ...)
	NOT-FOR-US: BEA weblogic
CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...)
	NOT-FOR-US: cisco
CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...)
	NOT-FOR-US: cisco
CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 all ...)
	{DSA-380}
	- xfree86 4.2.1-12
CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ex ...)
	NOT-FOR-US: tellurian tftpdNT
CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session  ...)
	- horde2 2.2.4
CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for  ...)
	NOT-FOR-US: oracle
CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in  ...)
	NOT-FOR-US: RealOne player
CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source plug-i ...)
	NOT-FOR-US: Real Networks Server / Helix Server
CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signat ...)
	NOT-FOR-US: HP Tru64
CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow  ...)
	- gkrellm 2.1.14
CVE-2003-0722 (The default installation of sadmind on Solaris uses weak authenticatio ...)
	NOT-FOR-US: solaris
CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE b ...)
	- pine 4.58
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
	- pine 4.58
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
	NOT-FOR-US: microsoft
CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) 5.0 ...)
	NOT-FOR-US: microsoft
CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not prop ...)
	NOT-FOR-US: microsoft
CVE-2003-0716
	RESERVED
CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ( ...)
	NOT-FOR-US: microsoft
CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 all ...)
	NOT-FOR-US: microsoft
CVE-2003-0713
	RESERVED
CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the  ...)
	NOT-FOR-US: microsoft
CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and Sup ...)
	NOT-FOR-US: pchealth for windows
CVE-2003-0710
	RESERVED
CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is someti ...)
	- whois 4.6.7
CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attacke ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote atta ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers  ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing file ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary k ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
	NOT-FOR-US: microsoft
CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that  ...)
	NOT-FOR-US: microsoft
CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the g ...)
	NOTE: fixed in 2.4.22-pre3
CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the g ...)
	NOTE: fixed in 2.4.21-rc2
CVE-2003-0698
	REJECTED
CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
	NOT-FOR-US: AIX
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close s ...)
	NOT-FOR-US: AIX
CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow  ...)
	{DSA-383 DSA-382}
	- openssh 1:3.7.1
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to exe ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for Ope ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-6.0
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation alg ...)
	{DSA-388}
	- kdebase 4:3.2
CVE-2003-0691
	REJECTED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred f ...)
	{DSA-443 DSA-388}
	- xfree86 4.3.0-0pre1v2
	- kdebase 4:3.2
CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	- glibc 2.2.5
CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdn ...)
	- sendmail 8.12.9
CVE-2003-0687
	REJECTED
CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when au ...)
	{DSA-374}
	- libpam-smb <removed>
CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other version ...)
	{DSA-372}
	- netris 0.52-1
CVE-2003-0684
	REJECTED
CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certa ...)
	NOT-FOR-US: SGI
CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-9
CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9,  ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0678
	REJECTED
CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet Administratio ...)
	NOT-FOR-US: Sun iPlanet
CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remo ...)
	{DSA-370}
	- pam-pgsql 0.5.2-7
CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ne ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of serv ...)
	NOT-FOR-US: solaris
CVE-2003-0668
	RESERVED
CVE-2003-0667
	RESERVED
CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote attac ...)
	NOT-FOR-US: microsoft
CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot V ...)
	NOT-FOR-US: microsoft
CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certa ...)
	NOT-FOR-US: microsoft
CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem Servic ...)
	NOT-FOR-US: microsoft
CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Micr ...)
	NOT-FOR-US: microsoft
CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
	NOT-FOR-US: microsoft
CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server 200 ...)
	NOT-FOR-US: microsoft
CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through Serv ...)
	NOT-FOR-US: microsoft
CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenS ...)
	NOT-FOR-US: docview / caldera
CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for phpgr ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files  ...)
	{DSA-366}
	- eroaster 2.2.0-0.5-1
CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite arb ...)
	- cdrtools 4:2.0+a18-1
CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute a ...)
	{DSA-373}
	- autorespond 2.0.4-1
CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier doe ...)
	NOT-FOR-US: NetBSD
CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges v ...)
	{DSA-367}
	- xtokkaetama 1.0b-9
CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 an ...)
	NOT-FOR-US: mod_mylo for apache
CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, po ...)
	NOT-FOR-US: gamespy
CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local us ...)
	{DSA-368}
	- xpcd 2.08-9
CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow lo ...)
	{DSA-472}
	- fte 0.50.0-1.1 (bug #203871)
CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allo ...)
	NOT-FOR-US: Cisco
CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro Hous ...)
	NOT-FOR-US: ActiveX
CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE  ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc fil ...)
	- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation (fi ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local us ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local us ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start serve ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allow ...)
	NOT-FOR-US: novell ichain
CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, a ...)
	NOT-FOR-US: novell ichain
CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a n ...)
	NOT-FOR-US: novell ichain
CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that  ...)
	NOT-FOR-US: novell ichain
CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before S ...)
	NOT-FOR-US: novell ichain
CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Or ...)
	NOT-FOR-US: oracle
CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J  ...)
	NOT-FOR-US: oracle
CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR)  ...)
	NOT-FOR-US: oracle
CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 an ...)
	NOT-FOR-US: VMware
CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of th ...)
	{DSA-359}
	- atari800 1.3.1-2
CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environ ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in  ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote  ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote  ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers  ...)
	{DSA-360}
	- xfstt 1.5.1-1
CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for B ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed  ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in Lin ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local u ...)
	{DSA-431}
	- perl 5.8.3-3
CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
	{DSA-362}
	- mindi 0.86-1
CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy Orchestr ...)
	NOT-FOR-US: McAfee
CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm all ...)
	{DSA-371}
	- perl 5.8.0-19
CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1  ...)
	{DSA-355}
	- gallery 1.3.4-3
CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows l ...)
	{DSA-369}
	- zblast 1.2.1-7
CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users  ...)
	- crafty 19.3-1
CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain ...)
	{DSA-356}
	- xtokkaetama 1.0b-8
CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy Orch ...)
	NOT-FOR-US: McAfee
CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-0608
	RESERVED
CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of th ...)
	{DSA-354}
	- xconq 7.4.1-2.1 (bug #202963)
CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which al ...)
	{DSA-353}
	- sup 1.8-9
CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attac ...)
	NOT-FOR-US: Microsoft
CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer an ...)
	NOT-FOR-US: Microsoft
CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versi ...)
	- bugzilla 2.16.3
CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
	- bugzilla 2.16.3
CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does no ...)
	NOT-FOR-US: Apple
CVE-2003-0600
	RESERVED
CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for  ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0598
	REJECTED
CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7 ...)
	NOT-FOR-US: Unixware
CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary dire ...)
	{DSA-352}
	- fdclone 2.04-1
CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows re ...)
	NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access restr ...)
	NOTE: cannot find reference to it being fixed.
CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access restric ...)
	NOT-FOR-US: opera
CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers t ...)
	{DSA-459}
	- kdelibs 4:3.1.3-1
CVE-2003-0591
	REJECTED
CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Digi-ads
CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Digi-news
CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin  ...)
	NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain s ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 throug ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix (BR ...)
	NOT-FOR-US: BRU
CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and  ...)
	NOT-FOR-US: BRU
CVE-2003-0582
	REJECTED
CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
	{DSA-360}
	- xfstt 1.5-1
CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier all ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-suppli ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and  ...)
	- mpg123 0.59r-1
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
	NOT-FOR-US: IRIX
CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI IR ...)
	NOT-FOR-US: IRIX
CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly e ...)
	NOT-FOR-US: IRIX
CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possib ...)
	NOT-FOR-US: IRIX
CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and po ...)
	NOT-FOR-US: IRIX
CVE-2003-0571
	REJECTED
CVE-2003-0570
	REJECTED
CVE-2003-0569
	REJECTED
CVE-2003-0568
	REJECTED
CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco
CVE-2003-0566
	RESERVED
CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the X.4 ...)
	NOTE: affects many implementations of the X.400 protocol
CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the Sec ...)
	NOTE: affects multiple S/MIME implementations
	NOTE: checked current mozilla, which contains safe NSS 3.9.1
	- mozilla 2:1.7.3
CVE-2003-0563
	RESERVED
CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
	NOT-FOR-US: Novell Netware
CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
	NOT-FOR-US: IglooFTP
CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote at ...)
	NOT-FOR-US: VP-ASP
CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
	NOT-FOR-US: phpforum
CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to exec ...)
	NOT-FOR-US: LeapFTP
CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and possi ...)
	NOT-FOR-US: StoreFront
CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Polycom MGC
CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of  ...)
	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, allo ...)
	NOT-FOR-US: NeoModus Direct Connect
CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll)  ...)
	NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding tab ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly verif ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide sufficie ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before  ...)
	- gdm 2.4.1.5
CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before  ...)
	- gdm 2.4.1.5
CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, a ...)
	- gdm 2.4.1.5
CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures,  ...)
	NOT-FOR-US: up2date
CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to  ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characte ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rew ...)
	- apache2 2.0.48
	- apache 1.3.29
CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers t ...)
	{DSA-710-1}
	- evolution <not-affected> (Does not affect evolution on debian)
	- gtkhtml 1.0.4-6.2
CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote at ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and th ...)
	{DSA-343}
	- skk 10.62a-6
	- ddskk 12.1.cvs.20030622-1
CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications t ...)
	{DSA-342}
	- mozart 1.2.5.20030212-2
CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporar ...)
	{DSA-341}
	- liece 2.0+0.20030527cvs-1
CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
	{DSA-346}
	- phpsysinfo 2.1-1
CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain pri ...)
	{DSA-345}
	- xbl 1.0k-6
CVE-2003-0534
	RESERVED
CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service functi ...)
	NOT-FOR-US: Microsoft
CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
	NOT-FOR-US: Microsoft
CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0529
	RESERVED
CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ( ...)
	NOT-FOR-US: Microsoft
CVE-2003-0527
	RESERVED
CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Securit ...)
	NOT-FOR-US: Microsoft
CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that i ...)
	NOT-FOR-US: Microsoft
CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary fi ...)
	- qt-x11-free <not-affected> (appears specific to the knoppix CD)
CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain versio ...)
	NOT-FOR-US: ProductCart
CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 al ...)
	NOT-FOR-US: ProductCart
CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows envi ...)
	NOT-FOR-US: Microsoft
CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
	NOT-FOR-US: MacOS
CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwri ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printa ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authe ...)
	{DSA-347}
	- teapop 0.3.5-2
CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access  ...)
	NOT-FOR-US: Safari
CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
	NOT-FOR-US: MSIE
CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message inste ...)
	NOT-FOR-US: Cisco
CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices runnin ...)
	NOT-FOR-US: Cisco
CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
	NOT-FOR-US: ezbounce
CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allow ...)
	NOT-FOR-US: Cyberstrong eShop
CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Rea ...)
	NOT-FOR-US: acroread
CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 be ...)
	NOT-FOR-US: Microsoft
CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0. ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in Win ...)
	NOT-FOR-US: Microsoft
CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive i ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module (m ...)
	{DSA-338}
	- proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
	{DSA-335}
	- mantis 0.17.5-6
CVE-2003-0498 (Cach&#233; Database 5.x installs the /cachesys/csp directory with inse ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0497 (Cach&#233; Database 5.x installs /cachesys/bin/cache with world-writab ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to gai ...)
	NOT-FOR-US: Microsoft
CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote  ...)
	NOT-FOR-US: lednews; not in debian
CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote attacker ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forum ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers  ...)
	NOT-FOR-US: Xoops
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
	NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after obt ...)
	{DSA-330}
	- tcptraceroute 1.4-4
CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authe ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earli ...)
	- phpbb2 2.0.6
CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows att ...)
	NOT-FOR-US: Progress 4GL Compiler
CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB al ...)
	- phpbb2 2.0.6d-3
CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium  ...)
	NOT-FOR-US: XMB Forum
CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by uploadi ...)
	- tutos 1.1.20030715-1
CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	- tutos 1.1.20030715-1
CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite arbit ...)
	NOT-FOR-US: VMware
CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS a ...)
	NOT-FOR-US: WebBBS; not in debian
CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, an ...)
	NOT-FOR-US: bahamut and other irc daemons; not in debian
CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial o ...)
	- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of t ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote attac ...)
	NOT-FOR-US: iWeb server
CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote attacke ...)
	NOT-FOR-US: iWeb server
CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes sno ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a  ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers t ...)
	NOT-FOR-US: webadmin / win
CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuF ...)
	NOT-FOR-US: symantec activex
CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows  ...)
	NOT-FOR-US: microsoft
CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to c ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kern ...)
	NOTE: fixed in linux 2.4.21
CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the re ...)
	{DSA-357}
	- wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
	- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
	NOTE: arch specific asm versions:
	NOTE: x86 is not affected
	NOTE: ppc32 fixed in 2.4.22-rc4
	NOTE: not an issue on alpha, see bug #280492
	- kernel-source-2.4.27 2.4.27-8
	NOTE: above fixes s390x, ppc64 and s390 and generic C version
CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are  ...)
	NOTE: fixed in linux 2.4.22-pre8
CVE-2003-0463
	REJECTED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are initial ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of cha ...)
	{DSA-423 DSA-358}
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 2.4.27-1
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 s ...)
	- apache <not-affected> (Affects only Apache for Windows and OS/2)
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and  ...)
	NOT-FOR-US: HP
CVE-2003-0457
	RESERVED
CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full pathna ...)
	NOT-FOR-US: visnetic website
CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary fi ...)
	{DSA-331}
	- imagemagick 4:5.5.7-1
CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local us ...)
	{DSA-334}
	- xgalaga 2.0.34-22
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized me ...)
	{DSA-348}
	- traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute arb ...)
	{DSA-329}
	- osh 1.7-12
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
	{DSA-327}
	- xbl 1.0k-5
CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remot ...)
	{DSA-321}
	- radiusd-cistron 1.6.6-2
CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load lib ...)
	NOT-FOR-US: progress database
CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read a ...)
	NOT-FOR-US: portmon; not in debian
CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6 ...)
	NOT-FOR-US: microsoft
CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly  ...)
	NOT-FOR-US: microsoft
CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to exec ...)
	{DSA-328}
	- webfs 1.20
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attac ...)
	{DSA-337}
	- gtksee 0.5.6-1
CVE-2003-0443
	RESERVED
CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID suppor ...)
	{DSA-351}
	- php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ea ...)
	{DSA-326}
	- orville-write 2.54-1
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and  ...)
	{DSA-339}
	- semi 1.14.5+20030609-1 (bug #223456)
	- wemi <removed>
CVE-2003-0439
	REJECTED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
	{DSA-325}
	- eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote att ...)
	- mnogosearch 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote att ...)
	- mnogosearch 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allow ...)
	{DSA-322}
	- typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
	- kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable)
	- gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
	- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attacker ...)
	{DSA-315}
	- gnocatan 0.8.0-1 (bug #328136)
	- pioneers <not-affected> (bug #328136)
CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly,  ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote atta ...)
	- ethereal 0.9.13-1
CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote attacke ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0. ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
	{DSA-320}
	- mikmod 3.1.6-6
CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before 4 ...)
	NOT-FOR-US: Apple
CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin Streamin ...)
	NOT-FOR-US: Apple
CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote  ...)
	NOT-FOR-US: Apple
CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1. ...)
	NOT-FOR-US: Apple
CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote  ...)
	NOT-FOR-US: Apple
CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote  ...)
	NOT-FOR-US: Apple
CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server 10. ...)
	NOT-FOR-US: Apple
CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
	NOT-FOR-US: SMC
CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of  ...)
	- kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
	- linux-2.6 <not-affected> (Affects only Linux 2.0.x)
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote att ...)
	NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4  ...)
	NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample  ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the co ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attac ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execu ...)
	NOT-FOR-US: AnalogX proxy
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attack ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other  ...)
	NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remo ...)
	- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCD ...)
	NOT-FOR-US: PalmVNC
CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to exe ...)
	NOT-FOR-US: Vignette
CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryS ...)
	NOT-FOR-US: Vignette
CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to rea ...)
	NOT-FOR-US: Vignette
CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and  ...)
	NOT-FOR-US: Vignette
CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to obtai ...)
	NOT-FOR-US: Vignette
CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the  ...)
	NOT-FOR-US: Vignette / AIX
CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other version ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI E ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
	NOT-FOR-US: FastTrack network code (Kazaa)
CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if u ...)
	- linux-atm 2.4.1
CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ar ...)
	NOT-FOR-US: BLNews
CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming packet ...)
	NOT-FOR-US: Privacyware Privatefirewall
CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote  ...)
	NOT-FOR-US: ST FTP Service (DOS)
CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly  ...)
	NOT-FOR-US: Magic WinMail Server
CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
	- opt 3.19
CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect functi ...)
	NOT-FOR-US: RSA ACE/Agent
CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use ...)
	- pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer)
	NOTE: From the libc documentation:
	NOTE: "The user cannot do anything to fool these functions."
	NOTE: This means that this is not a bug in getlogin.
CVE-2003-0387
	RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP  ...)
	- openssh 1:3.8p1-1
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allow ...)
	{DSA-310}
	- xaos 3.1r-4
CVE-2003-0384
	RESERVED
CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges v ...)
	{DSA-309}
	- eterm 0.9.2-1
CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary fi ...)
	{DSA-323}
	- noweb 2.10c-3.1 (bug #271146)
CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possib ...)
	{DSA-314}
	- atftp 0.6.2
CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X  ...)
	NOT-FOR-US: MaxOS
CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with  ...)
	NOT-FOR-US: MaxOS
CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface  ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a den ...)
	NOT-FOR-US: Eudora
CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
	NOT-FOR-US: XMBforum aka Partagium)
CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus  ...)
	- nessus-core 2.0.6
CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow loca ...)
	- nessus-core 2.0.6
CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows  ...)
	- nessus-core 2.0.6
CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers  ...)
	NOT-FOR-US: Prishtina FTP client
CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Com ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0369
	RESERVED
CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to caus ...)
	NOT-FOR-US: Nokia Gateway GPRS
CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary fil ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause  ...)
	{DSA-318}
	- lyskom-server 2.0.7-2
CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Con ...)
	NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6)
CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ve ...)
	- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a  ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source  ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with insecu ...)
	{DSA-316}
	- nethack 3.4.1-1
	- jnethack 1.1.5-15
	- slashem 0.0.6E4F8-6
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1 ...)
	{DSA-350 DSA-316}
	- falconseye 1.9.3-9
	- nethack 3.4.1-1
	- slashem 0.0.6E4F8-6
	- jnethack 1.1.5-15
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earli ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier all ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name  ...)
	NOT-FOR-US: Safari
CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers  ...)
	- gs-gpl 7.07
CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access Co ...)
	NOT-FOR-US: Microsoft
CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2003-0351
	REJECTED
CVE-2003-0350 (The control for listing accessibility options in the Accessibility Uti ...)
	NOT-FOR-US: Microsoft
CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
	NOT-FOR-US: Microsoft
CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control allo ...)
	NOT-FOR-US: Microsoft
CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
	NOT-FOR-US: Microsoft
CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
	NOT-FOR-US: Microsoft
CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000,  ...)
	NOT-FOR-US: Microsoft
CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allo ...)
	NOT-FOR-US: Microsoft
CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 a ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the loggin ...)
	NOT-FOR-US: Puresecure
CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 a ...)
	NOT-FOR-US: WsMp3
CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and  ...)
	NOT-FOR-US: WsMp3
CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 al ...)
	NOT-FOR-US: lsadmin
CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files  ...)
	NOT-FOR-US: Eudora
CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which cause ...)
	NOT-FOR-US: Slaskware specific
CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a de ...)
	- ircii-pana 1:1.0-0c19.20030512-1
CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
	NOT-FOR-US: C-Kermit on HP-UX
CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier v ...)
	NOT-FOR-US: BadBlue
CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to exec ...)
	NOT-FOR-US: ttForum
CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the set ...)
	NOT-FOR-US: CesarFTP
CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later version ...)
	{DSA-399 DSA-306}
	- epic4 1:1.1.11.20030409-2
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers t ...)
	NOT-FOR-US: Sybase Adaptive Server Enterprise
CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
	- slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments)
	NOTE: Even if exploited, you get only slocate gid.
CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local us ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malici ...)
	{DSA-287}
	- epic4 1:1.1.11.20030409-1
	- epic 3.004-19
CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious IR ...)
	{DSA-298 DSA-291}
	- epic4 1:1.1.11.20030409-1
	- ircii 20030315-1
CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remo ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier al ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject  ...)
	NOT-FOR-US: ttCMS
CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0. ...)
	NOT-FOR-US: SmartMax MailMax
CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi Wir ...)
	NOT-FOR-US: Venturi Client
CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0311
	RESERVED
CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ pub ...)
	- ezpublish 2.2.8-1
CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: MSIE
CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely  ...)
	{DSA-305}
	- sendmail 8.12.9-2
CVE-2003-0307 (Poster version.two allows remote authenticated users to gain administr ...)
	NOT-FOR-US: Poster version.two
CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to exec ...)
	NOT-FOR-US: Windows
CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka  ...)
	NOT-FOR-US: Cisco
CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers t ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1. ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers  ...)
	NOT-FOR-US: Eudora
CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malic ...)
	NOT-FOR-US: Microsort
CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP serve ...)
	NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway
CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
	NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway
CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP  ...)
	- mozilla 2:1.5-1
	NOTE: May have been fixed in an earlier version. Not clear how
	NOTE: Mozilla's a/b versions map to the Debian version.
CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remo ...)
	- uw-imap 7:2002c
	- pine 4.62-1
	- alpine <not-affected> (this was fixed in pine before alpine was released to the public)
	NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable
CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP serve ...)
	- evolution 1.3.2
CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin  ...)
	NOT-FOR-US: vBulletin
CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: php-proxima
CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU consu ...)
	NOT-FOR-US: PalmOS
CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5 ...)
	NOT-FOR-US: Inktomi
CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clea ...)
	NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eServ
CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in c ...)
	- cdrtools 4:2.0+a14-1
CVE-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP Mes ...)
	NOT-FOR-US: IP Messenger for Win
CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, a ...)
	NOT-FOR-US: Movable Type
CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 befor ...)
	NOT-FOR-US: Snitz Forums
CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
	NOT-FOR-US: bad sendmail config on AIX
CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, wh ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
	NOT-FOR-US: Phorum
CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ov ...)
	{DSA-344}
	- unzip 5.50-3
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and p ...)
	- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4. ...)
	NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycg ...)
	NOT-FOR-US: HappyMail
CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com H ...)
	NOT-FOR-US: HappyMail
CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a den ...)
	NOT-FOR-US: Pi3Web
CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: YaBB SE
CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remo ...)
	NOT-FOR-US: ListProc
CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for Requ ...)
	- request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian)
CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain administrativ ...)
	NOT-FOR-US: miniPortail
CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to exec ...)
	NOT-FOR-US: Personal FTP Server
CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
	NOT-FOR-US: Apple Airport
CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a  ...)
	NOT-FOR-US: youbin
CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attacke ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows rem ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical f ...)
	NOT-FOR-US: SDBINST for SAP database
CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
	NOT-FOR-US: SLMail
CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGate ...)
	NOT-FOR-US: FTGatePro
CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
	{DSA-299}
	- leksbot 1.2-5 (bug #186421)
CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could a ...)
	{DSA-302}
	- fuzz 0.6-7.1
CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3,  ...)
	NOT-FOR-US: AIX
CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the  ...)
	- kdenetwork 3.2.0
CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly determ ...)
	- gnupg 1.2.2
CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
	- apache2 2.0.47
CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle cer ...)
	- apache2 2.0.47
CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
	{DSA-349}
	- nfs-utils 1:1.0.3-2
CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
	- nis 3.11
CVE-2003-0250
	RESERVED
CVE-2003-0249
	NOTE: unimportant (php)
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU stat ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
	- linux-2.6 <not-affected>
CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows  ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not pro ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable Runt ...)
	- apache2 2.0.46
CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP conn ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2)
	- linux-2.6 <not-affected>
CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute  ...)
	NOT-FOR-US: Happycgi.com Happymall
CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain incom ...)
	NOT-FOR-US: MacOS
CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sen ...)
	NOT-FOR-US: FrontRange GoldMine / win
CVE-2003-0240 (The web-based administration capability for various Axis Network Camer ...)
	NOT-FOR-US: Axis Network Camera
CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote at ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 200 ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0234
	RESERVED
CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5 ...)
	NOT-FOR-US: microsoft
CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute a ...)
	NOT-FOR-US: microsoft
CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenti ...)
	NOT-FOR-US: microsoft
CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain priv ...)
	NOT-FOR-US: microsoft
CVE-2003-0229
	RESERVED
CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player 7. ...)
	NOT-FOR-US: microsoft
CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the  ...)
	NOT-FOR-US: microsoft
CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remot ...)
	NOT-FOR-US: microsoft
CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information  ...)
	NOT-FOR-US: microsoft
CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information Servic ...)
	NOT-FOR-US: microsoft
CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function responsib ...)
	NOT-FOR-US: microsoft
CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
	NOT-FOR-US: oracle
CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and  ...)
	NOT-FOR-US: HP tru64
CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio  ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monke ...)
	NOT-FOR-US: Monkey http daemon; not in debian
CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual E ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to b ...)
	NOT-FOR-US: cisco
CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allo ...)
	NOT-FOR-US: bttlxeForum / win
CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ove ...)
	{DSA-292}
	- mime-support 3.23-1
CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attac ...)
	{DSA-295}
	- pptpd 1.1.4-0.b3.2
CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the connec ...)
	{DSA-289}
	- rinetd 0.61-2
CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
	- xinetd 1:2.3.11
CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco Secu ...)
	NOT-FOR-US: cisco
CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for Sno ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user t ...)
	NOT-FOR-US: macromedia flash
CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, whi ...)
	{DSA-286}
	- gs-common 0.3.3.1
CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execu ...)
	{DSA-296 DSA-293 DSA-284}
	- kdebase 4:3.1.0-1
	- kdegraphics 4:3.1.0-1
CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP  ...)
	{DSA-281}
	- moxftp 2.2-18.20
CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow loc ...)
	{DSA-279}
	- metrics <removed>
CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba  ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0200
	REJECTED
CVE-2003-0199
	REJECTED
CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
	NOT-FOR-US: MacOS
CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local us ...)
	NOT-FOR-US: Interbase Database
CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote atta ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of servic ...)
	{DSA-317}
	- cups 1.1.19final-1
	- cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when starti ...)
	- tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw)
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
	{DSA-575-1}
	- catdoc 0.91.5-2
CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3 ...)
	- apache2 2.0.47
CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enable ...)
	- openssh 1:3.8.1p1-8.sarge.4 (bug #196413)
CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix doe ...)
	- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows l ...)
	{DSA-304}
	- lv 4.49.5-2
CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with CONFI ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21)
CVE-2003-0186
	RESERVED
CVE-2003-0185
	RESERVED
CVE-2003-0184
	RESERVED
CVE-2003-0183
	RESERVED
CVE-2003-0182
	RESERVED
CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0 ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allo ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does no ...)
	NOT-FOR-US: IRIX
CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI IR ...)
	NOT-FOR-US: IRIX
CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
	NOT-FOR-US: IRIX
CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not proper ...)
	NOT-FOR-US: IRIX
CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, whi ...)
	{DSA-283}
	- xfsdump 2.2.8-1
CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
	- php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to l ...)
	NOT-FOR-US: MacOS
CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use K ...)
	NOT-FOR-US: AIX
CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
	NOT-FOR-US: HP Instant TopTools
CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allo ...)
	NOT-FOR-US: Apple QuickTime Player
CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1 ...)
	{DSA-300 DSA-274}
	- balsa 2.0.10
	- mutt 1.4.0
CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 al ...)
	- php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to  ...)
	- eog 2.2.1
CVE-2003-0164
	RESERVED
CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does  ...)
	- gaim-encryption <not-affected> (fixed before first upload; 1.16)
CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
	{DSA-271}
	- ecartis 1.0.0+cvs.20030321-1
CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
	{DSA-290 DSA-278}
	- sendmail-wide 8.12.9+3.5Wbeta-1
	- sendmail 8.12.9-1
CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...)
	- squirrelmail 1:1.2.11
CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and  ...)
	- ethereal 0.9.10
CVE-2003-0158
	REJECTED
CVE-2003-0157
	REJECTED
CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) all ...)
	{DSA-264}
	- lxr 0.3-4
CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access t ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool  ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote a ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly rest ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows mys ...)
	- mysql <removed>
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrato ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 t ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and r ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly othe ...)
	{DSA-263}
	- lpr 1:2000.05.07-4.20
	- netpbm-free 2:9.20-9
CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE  ...)
	{DSA-275 DSA-267}
	- lpr 1:2000.05.07-4.20
	- lpr-ppd 1:0.72-3
CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ru ...)
	NOT-FOR-US: acroread
CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, Real ...)
	NOT-FOR-US: Real
CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up  ...)
	{DSA-268}
	- mutt 1.5.4-1
CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos  ...)
	{DSA-273 DSA-266}
	- krb4 1.2.2-1
	- krb5 1.2.7-3
CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and othe ...)
	{DSA-273 DSA-269 DSA-266}
	- krb4 1.2.2-1
	- heimdal 0.5.2-1
	- krb5 1.2.7-3
CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS  ...)
	NOT-FOR-US: Nokia Serving GPRS support node
CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite arbitrar ...)
	{DSA-285}
	- lprng 3.8.20-4.
CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrapp ...)
	- vsftpd <not-affected> (Red Hat specific packaging flaw)
CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, version ...)
	- apache2 2.0.46
CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote attacker ...)
	- evolution 1.2.4
CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to  ...)
	- apache2 2.0.45
CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and  ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail U ...)
	- evolution 1.2.3
CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attac ...)
	- evolution 1.2.3
CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4. ...)
	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
	[sarge] - kernel-source-2.6.8 <not-affected>
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21)
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier,  ...)
	NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass attachmen ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socke ...)
	NOT-FOR-US: AIX
CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and Administratio ...)
	NOT-FOR-US: Microsoft
CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll  ...)
	NOT-FOR-US: Microsoft
CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check  ...)
	NOT-FOR-US: Microsoft
CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check  ...)
	NOT-FOR-US: Microsoft
CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and  ...)
	NOT-FOR-US: Microsoft
CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain privilege ...)
	NOT-FOR-US: Microsoft
CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) buil ...)
	NOT-FOR-US: Microsoft
CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Micros ...)
	NOT-FOR-US: Microsoft
CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Statu ...)
	NOT-FOR-US: ServerMask
CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 do ...)
	{DSA-319}
	- webmin 1.070-1
CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3 ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10. ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1,  ...)
	NOT-FOR-US: Oracle
CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Sola ...)
	NOT-FOR-US: Solaris
CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on Sol ...)
	NOT-FOR-US: Solaris
CVE-2003-0090
	REJECTED
CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX B.11.0 ...)
	NOT-FOR-US: HP-UX
CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local user ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for S ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operati ...)
	NOT-FOR-US: mod_auth_any not in Debian
CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
	- apache2 2.0.46
	- apache 1.3.25
CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...)
	{DSA-266}
	- krb5 1.3.3-2
CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not inc ...)
	- gnome-lokkit 0.50.22-4
CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 Lin ...)
	- dcgui 0.2.2
CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools pa ...)
	- plptools 0.12-0
CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...)
	{DSA-266}
	- krb5 1.2.7-3
	NOTE: changelog does not mention this one, verified patch from upstream was applied to this version.
CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to exec ...)
	NOT-FOR-US: HP UX
CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
	- krb5 1.2.4
CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote at ...)
	{DSA-248}
	- hypermail 2.1.6-1
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local use ...)
	{DSA-252}
	- slocate 2.7-1
CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrat ...)
	NOT-FOR-US: MacOS
CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory,  ...)
	- putty 0.53-b-2003-01-04-1
	NOTE: apparently fixed upstream 2002-11-12 changelog
CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2 ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from memor ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) example ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, all ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code  ...)
	- krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs)
CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
	{DSA-436}
	- mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote  ...)
	{DSA-244}
	- noffle 1.1.2-1
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux,  ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers packag ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the printe ...)
	- mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable)
	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
	NOTE: chooser/mtinkc.c's version, which goes into mtinkc
CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
	NOT-FOR-US: Protegrity Secure.Data Extension Feature
CVE-2003-0029
	RESERVED
CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
	{DSA-282 DSA-272 DSA-266}
	- glibc 2.3.1-16
	- dietlibc 0.22-2
	- krb5 1.3.3-2
	NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines o ...)
	{DSA-231}
	- dhcp3 3.0+3.0.1rc11-1
CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow  ...)
	{DSA-229}
	- imp 2.2.6-7
	- imp3 <not-affected>
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbi ...)
	{DSA-633-1}
	- bmv 1.2-17
CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application filte ...)
	NOT-FOR-US: Microsoft
CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows S ...)
	NOT-FOR-US: Windows Script Engine for JScript
CVE-2003-0008
	RESERVED
CVE-2003-0006
	RESERVED
CVE-2003-0005
	RESERVED
CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not p ...)
	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)
CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Datab ...)
	NOT-FOR-US: IBM DB2
CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail a ...)
	[woody] - mailreader <not-affected> (Affects only 2.3.30-2.3.32)
	- mailreader 2.3.33
CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3. ...)
	{DSA-534}
	- mailreader 2.3.29-9
CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 a ...)
	{DSA-215}
	- cyrus-imapd 1.5.19-9.10
CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SAP
CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2  ...)
	NOT-FOR-US: SAP
CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and p ...)
	NOT-FOR-US: SAP
CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory t ...)
	NOT-FOR-US: SAP
CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via C ...)
	{DSA-437}
	- cgiemail 1.6-20
CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pci ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ( ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earli ...)
	- ucd-snmp 4.2.3-2
CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ex ...)
	- gv 1:3.5.8-27
CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks  ...)
	- openssl 0.9.6g-1
CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows r ...)
	NOTE: tomcat4 cross-site scripting vuln
CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
	- netris 0.52-1
CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows attacke ...)
	- wget 1.8.2-8
CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal potenti ...)
	NOT-FOR-US: microsoft
CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of servic ...)
	- stunnel4 4.04-1
	- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual hostin ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3 (bug #216677)
CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allo ...)
	NOT-FOR-US: microsoft
CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remo ...)
	NOT-FOR-US: ion-p
CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
	NOT-FOR-US: cisco
CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNM ...)
	NOT-FOR-US: cisco
CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames an ...)
	NOT-FOR-US: cisco
CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attac ...)
	NOT-FOR-US: cisco
CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a  ...)
	NOT-FOR-US: AIX
CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass passwo ...)
	NOT-FOR-US: Webweaver
CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain t ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server 2.2 ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to c ...)
	NOT-FOR-US: SolarWinds
CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote  ...)
	NOT-FOR-US: MDaemon
CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: Molly
CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6. ...)
	NOT-FOR-US: Symantec
CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine a ...)
	- jetty <not-affected> (Fixed before upload into archive; 4.1 series)
CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine th ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmai ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for Su ...)
	NOT-FOR-US: Sun
CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 al ...)
	NOT-FOR-US: Miniserver
CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other versio ...)
	NOT-FOR-US: PowerFTP
CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta  ...)
	NOT-FOR-US: Coolforum
CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: BRU
CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users t ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote attac ...)
	NOT-FOR-US: Unreal
CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to execu ...)
	- linuxconf <removed>
CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows  ...)
	NOT-FOR-US: webserver-4everyone
CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
	NOT-FOR-US: AFD not in debian
CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4. ...)
	NOT-FOR-US: NetBSD
CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows remot ...)
	NOT-FOR-US: FactoSystem
CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows r ...)
	NOT-FOR-US: SWServer
CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows rem ...)
	NOT-FOR-US: Jawmail
CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux,  ...)
	NOT-FOR-US: Cisco
CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote  ...)
	NOT-FOR-US: PlanetDNS
CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious IR ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious IR ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and 0. ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows r ...)
	NOT-FOR-US: db4web
CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote  ...)
	NOT-FOR-US: db4web
CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, w ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require authentica ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows r ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0 ...)
	NOT-FOR-US: HPUX
CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tr ...)
	NOT-FOR-US: HPUX
CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.1 ...)
	NOT-FOR-US: HPUX
CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
	NOT-FOR-US: Shoutcase
CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to byp ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows  ...)
	NOT-FOR-US: Cafelog
CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote at ...)
	NOT-FOR-US: Cafelog
CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool all ...)
	NOT-FOR-US: Cafelog
CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versi ...)
	NOT-FOR-US: Organic PHP
CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary comm ...)
	NOT-FOR-US: Webshop Manager
CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was u ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when t ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when t ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows remo ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to e ...)
	NOT-FOR-US: mIRC
CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
	NOT-FOR-US: OmniHTTPD
CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute pa ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows r ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows  ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
	NOT-FOR-US: Blazix not in Debian
CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of servic ...)
	NOT-FOR-US: IBM UniVerse
CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under t ...)
	NOT-FOR-US: eUpload not in Debian
CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows r ...)
	NOT-FOR-US: CERN HTTPD not in Debian
CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6 ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to perfo ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remo ...)
	NOT-FOR-US: Tomahawk
CVE-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that  ...)
	NOT-FOR-US: Gateway
CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon fo ...)
	NOT-FOR-US: HPUX
CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail mo ...)
	NOT-FOR-US: Kerio
CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Kerio
CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document  ...)
	NOT-FOR-US: MidiCart
CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
	NOT-FOR-US: Belkin
CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
	NOT-FOR-US: ShoutBox
CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass auth ...)
	NOT-FOR-US: dotproject
CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator  ...)
	NOT-FOR-US: Easy Homepage Creator
CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a de ...)
	NOT-FOR-US: HP
CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read  ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to crea ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote at ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates difffer ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 an ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
	NOT-FOR-US: Duma
CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, whi ...)
	NOT-FOR-US: East Guestbook
CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a deni ...)
	NOT-FOR-US: HPUX
CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 s ...)
	NOT-FOR-US: HP Openview
CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown imp ...)
	NOT-FOR-US: HPUX
CVE-2002-1404
	REJECTED
CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment varia ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add  ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL bef ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in Post ...)
	- postgresql 7.2.2-2
CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows  ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and earl ...)
	- postgresql 7.2.2-2
CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and dir ...)
	{DSA-202}
	- im 1:141-20
CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quo ...)
	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
	- kdemultimedia 4:3.0.5a
	- kdebase 4:3.0.5a
	- kdeutils 4:3.0.5a
	- kdegames 4:3.0.5a
	- kdesdk 4:3.0.5a
	- kdepim 4:3.0.5a
	- kdelibs 4:3.0.5a
	- kdenetwork 4:3.0.5a
	- kdegraphics 4:3.0.5a
	- kdeadmin 4:3.0.5a
CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow loca ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.1 ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attack ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier  ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0. ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1370
	REJECTED
CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with  ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with em ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or da ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial o ...)
	- ethereal 0.9.8-1
CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal 0. ...)
	- ethereal 0.9.8-1
CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows  ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under th ...)
	NOT-FOR-US: LocalWEB2000 HTTP server
CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earli ...)
	NOT-FOR-US: CartMan
CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
	NOT-FOR-US: Melange Chat System
CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allo ...)
	- cyrus-sasl2 2.1.10-1
CVE-2002-1346
	RESERVED
CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX sy ...)
	NOTE: multiple ftp client issues
CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a remo ...)
	{DSA-209}
	- wget 1.8.2-8
CVE-2002-1343
	RESERVED
CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote a ...)
	{DSA-203}
	- smb2www 980804-17
CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for Squirrel ...)
	{DSA-220}
	- squirrelmail 1:1.3.2-2
CVE-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in Of ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web Compo ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC)  ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape  ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
	- w3m-ssl <removed>
CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01  ...)
	NOT-FOR-US: BizDesign
CVE-2002-1333
	RESERVED
CVE-2002-1332
	RESERVED
CVE-2002-1331
	RESERVED
CVE-2002-1330
	RESERVED
CVE-2002-1329
	RESERVED
CVE-2002-1328
	RESERVED
CVE-2002-1326
	RESERVED
CVE-2002-1324
	RESERVED
CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows re ...)
	NOT-FOR-US: ClearCase
CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote attac ...)
	NOT-FOR-US: Realplayer
CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11,  ...)
	NOT-FOR-US: iPlanet
CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for iPlan ...)
	NOT-FOR-US: iPlanet
CVE-2002-1314
	RESERVED
CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 wi ...)
	NOT-FOR-US: Linksys
CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KD ...)
	{DSA-214}
	- kdenetwork 4:2.2.2-14.20
CVE-2002-1305
	REJECTED
CVE-2002-1304
	REJECTED
CVE-2002-1303
	REJECTED
CVE-2002-1302
	REJECTED
CVE-2002-1301
	REJECTED
CVE-2002-1300
	REJECTED
CVE-2002-1299
	REJECTED
CVE-2002-1298
	REJECTED
CVE-2002-1297
	REJECTED
CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can p ...)
	NOT-FOR-US: Microsoft
CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, provi ...)
	NOT-FOR-US: Microsoft
CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as u ...)
	NOT-FOR-US: Microsoft
CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root priv ...)
	NOT-FOR-US: SuSE-specific lprfilter package
CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote  ...)
	NOT-FOR-US: Novell iManager (eMFrame)
CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to caus ...)
	NOT-FOR-US: RealSecure Event Collector
CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17,  ...)
	{DSA-194}
	- masqmail 0.2.15-1
CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in Sq ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when u ...)
	{DSA-192}
	- html2ps 1.0b3-2
CVE-2002-1274
	RESERVED
CVE-2002-1273
	RESERVED
CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2. ...)
	NOT-FOR-US: MacOS
CVE-2002-1263
	REJECTED
CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security check ...)
	NOT-FOR-US: Microsoft
CVE-2002-1261
	REJECTED
CVE-2002-1259
	REJECTED
CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and includ ...)
	NOT-FOR-US: Microsoft
CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cr ...)
	NOT-FOR-US: Microsoft
CVE-2002-1249
	RESERVED
CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw soc ...)
	{DSA-193}
	- kdenetwork 4:2.2.2-14.3
CVE-2002-1246
	RESERVED
CVE-2002-1243
	RESERVED
CVE-2002-1241
	RESERVED
CVE-2002-1240
	RESERVED
CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote atta ...)
	NOT-FOR-US: Peter Sandvik's Simple Web Server
CVE-2002-1237
	RESERVED
CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility administr ...)
	{DSA-185 DSA-184 DSA-183}
	- heimdal 0.4e-22
	- krb4 1.1-11-8
	- krb5 1.2.6-2
CVE-2002-1234
	REJECTED
CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl packa ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier co ...)
	NOT-FOR-US: Avaya Cajun switches
CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, pos ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the  ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1218
	RESERVED
CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used  ...)
	NOT-FOR-US: Microsoft
CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...)
	- tar 1.13.25
CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier  ...)
	{DSA-174}
	- heartbeat 0.4.9.2-1
CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 Ev ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1. ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email a ...)
	NOT-FOR-US: Eudora
CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, an ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2002-1208
	RESERVED
CVE-2002-1207
	RESERVED
CVE-2002-1206
	RESERVED
CVE-2002-1205
	RESERVED
CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a us ...)
	NOT-FOR-US: Netscape Communicator 4.x
CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before d ...)
	NOT-FOR-US: IBM SecureWay Firewall
CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: AIX
CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
	NOT-FOR-US: NetBSD
CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD  ...)
	NOT-FOR-US: NetBSD
CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
	NOT-FOR-US: Sabre Desktop
CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which c ...)
	NOT-FOR-US: Cisco
CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
	NOT-FOR-US: Winamp
CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Winamp
CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not prope ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1173
	RESERVED
CVE-2002-1172
	RESERVED
CVE-2002-1171
	RESERVED
CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Ca ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Ca ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows r ...)
	- wn <removed>
CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.1 ...)
	- sendmail 8.12.3-5
CVE-2002-1161
	REJECTED
CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to e ...)
	NOTE: kon2. patched, but I don't know when.
	NOTE: assuming the current unstable/testing version is ok then..
	- kon2 0.3.9b-18
CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability fo ...)
	NOT-FOR-US: Microsoft Netmeeting
CVE-2002-1149 (The installation procedure for Invision Board suggests that users inst ...)
	NOT-FOR-US: Invision Board
CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of Micro ...)
	NOT-FOR-US: Microsoft SQL
CVE-2002-1144
	RESERVED
CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive inf ...)
	NOT-FOR-US: Microsoft Word & Excel
CVE-2002-1136
	RESERVED
CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES  ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 all ...)
	NOT-FOR-US: Dino's Webserver
CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1130
	RESERVED
CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows l ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ea ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain pri ...)
	{DSA-166}
	- purity 1-16
CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for Exchan ...)
	NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages.
CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote att ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private bug ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to exe ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, w ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, all ...)
	NOT-FOR-US: Cisco
CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, all ...)
	NOT-FOR-US: Cisco
CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x befor ...)
	NOT-FOR-US: Cisco
CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
	- libesmtp 0.8.11-1
CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides sens ...)
	NOT-FOR-US: Oracle
CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.ph ...)
	NOT-FOR-US: ezContents
CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier  ...)
	NOT-FOR-US: ezContents
CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and e ...)
	NOT-FOR-US: ezContents
CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not prope ...)
	NOT-FOR-US: ezContents
CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier all ...)
	NOT-FOR-US: ezContents
CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows rem ...)
	NOT-FOR-US: ezContents
CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 a ...)
	NOT-FOR-US: Abyss
CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory conte ...)
	NOT-FOR-US: Abyss
CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote attacke ...)
	NOT-FOR-US: IPSwitch
CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote  ...)
	NOT-FOR-US: Pegasus
CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 allow ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows re ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module all ...)
	- phpwiki 1.3.4-1
CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers  ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware 7.1. ...)
	NOT-FOR-US: IC9 Print Server
CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Jana Server
CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, doe ...)
	NOT-FOR-US: Jana Server
CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, gen ...)
	NOT-FOR-US: Jana Server
CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, all ...)
	NOT-FOR-US: Jana Server
CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1. ...)
	NOT-FOR-US: Jana Server
CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2. ...)
	NOT-FOR-US: Jana Server
CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3 ...)
	NOT-FOR-US: Cobalt Qube
CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h prin ...)
	NOT-FOR-US: Brother hardware
CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS  ...)
	NOT-FOR-US: Jigsaw
CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the administrat ...)
	NOT-FOR-US: HP printers
CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote atta ...)
	NOT-FOR-US: Soho Firewall
CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to c ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ser ...)
	NOT-FOR-US: iPlanet
CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration com ...)
	NOT-FOR-US: SMIT
CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration utilitie ...)
	NOT-FOR-US: WebSecure
CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.2-1
CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before  ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.2-1
CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics Sea ...)
	NOT-FOR-US: Fluid Dynamics
CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbi ...)
	NOT-FOR-US: iRunBook
CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
	NOT-FOR-US: iRunBook
CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows r ...)
	NOT-FOR-US: KeyFocus Web Server
CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote attacke ...)
	NOT-FOR-US: Worldspam for Windows
CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song Request ...)
	NOT-FOR-US: Oddsock Winamp plugin
CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error scrip ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2. ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: BadBlue
CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, whic ...)
	NOT-FOR-US: BadBlue
CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such  ...)
	NOT-FOR-US: BadBlue
CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote attac ...)
	NOT-FOR-US: Adobe
CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote attac ...)
	NOT-FOR-US: Adobe
CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a  ...)
	NOT-FOR-US: Adobe
CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other s ...)
	NOT-FOR-US: Adobe
CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, prin ...)
	NOT-FOR-US: Adobe
CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) Ma ...)
	NOT-FOR-US: Tivoli
CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) En ...)
	NOT-FOR-US: Tivoli
CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions  ...)
	NOT-FOR-US: Domino
CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as include ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as incl ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote atta ...)
	NOT-FOR-US: Blackboard
CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to caus ...)
	NOT-FOR-US: ArGoSoft
CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote attacker ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers  ...)
	NOT-FOR-US: AnalogX Proxy
CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
	NOT-FOR-US: CARE
CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
	NOT-FOR-US: CARE
CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
	NOT-FOR-US: Novell
CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
	NOT-FOR-US: Novell
CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote a ...)
	NOT-FOR-US: SunPci II VNC
CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE)  ...)
	NOT-FOR-US: HP
CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced o ...)
	NOT-FOR-US: HP
CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01 ...)
	NOT-FOR-US: HP
CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
	{DSA-157}
	- irssi-text 0.8.5-2
CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an e ...)
	NOT-FOR-US: Microsoft
CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet Expl ...)
	NOT-FOR-US: Microsoft
CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX contr ...)
	NOT-FOR-US: Microsoft
CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xwe ...)
	NOT-FOR-US: Microsoft
CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 REL ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial o ...)
	{DSA-165}
	- postgresql 7.2.2-1
CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ex ...)
	NOT-FOR-US: Microsoft Windows specific
CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
	NOT-FOR-US: 4D web server
CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earli ...)
	NOT-FOR-US: GeekLog
CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allo ...)
	NOT-FOR-US: GeekLog
CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote att ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0. ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote a ...)
	NOT-FOR-US: Splatt Forum
CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a  ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system stand ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulleti ...)
	NOT-FOR-US: YaBB
CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX  ...)
	NOT-FOR-US: Cisco
CVE-2002-0951 (SQL injection vulnerability in Ruslan &lt;Body&gt;Builder allows remot ...)
	NOT-FOR-US: Ruslan
CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
	NOT-FOR-US: TransWARE Active!
CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain privi ...)
	NOT-FOR-US: Telindus ADSL router
CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
	NOT-FOR-US: MakeBook
CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 throug ...)
	NOT-FOR-US: DeepMetrix LiveStats
CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root wit ...)
	NOT-FOR-US: MetaCart
CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers  ...)
	NOT-FOR-US: Lugiment Log Explorer
CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use  ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator C ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to c ...)
	NOT-FOR-US: JRun
CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
	- tomcat 3.2.3-1
CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically  ...)
	NOT-FOR-US: Jon Hedley AlienForm2
CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
	NOT-FOR-US: Datalex PLC BooktIt Consumer
CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and  ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possi ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 S ...)
	NOT-FOR-US: Netware
CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote a ...)
	NOT-FOR-US: Netware
CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to  ...)
	NOT-FOR-US: pirch
CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica 1 ...)
	NOT-FOR-US: webMathematica
CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote attacke ...)
	NOT-FOR-US: mmftpd not in Debian anymore
CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute  ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read arb ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database fi ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted password ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to modi ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the p ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web docu ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to rea ...)
	NOT-FOR-US: Xandros specific tool
CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client  ...)
	NOT-FOR-US: Slurp NNTP
CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other opera ...)
	NOTE: DSA-129
CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers t ...)
	NOTE: netstd
CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
	NOT-FOR-US: mnews
CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS Devi ...)
	NOT-FOR-US: Cisco
CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 al ...)
	NOT-FOR-US: SHOUTcast
CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to  ...)
	NOT-FOR-US: Informix
CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small nu ...)
	NOT-FOR-US: wbboard
CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remo ...)
	- phpbb2 2.0.6c-1
CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk  ...)
	- amanda 2.4.0b6-1
CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to by ...)
	NOT-FOR-US: Falcon
CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
	- swatch 3.0.4-1
CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1  ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, a ...)
	NOT-FOR-US: 3com
CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and pos ...)
	NOT-FOR-US: Solaris
CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on Sol ...)
	NOT-FOR-US: Solaris
CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1 ...)
	NOT-FOR-US: Compaq
CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 a ...)
	NOT-FOR-US: Cisco
CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default admini ...)
	NOT-FOR-US: Cisco
CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to rea ...)
	NOT-FOR-US: CFXImage
CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software i ...)
	NOT-FOR-US: LogiSense
CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 a ...)
	NOT-FOR-US: Shambala
CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Shambala
CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ru ...)
	{DSA-150}
	- interchange 4.8.6-1
CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series a ...)
	NOT-FOR-US: Cisco
CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for Microso ...)
	NOT-FOR-US: IIS
CVE-2002-0868
	RESERVED
CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and R ...)
	NOT-FOR-US: Windows
CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a def ...)
	NOT-FOR-US: Oracle
CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility (lsnr ...)
	NOT-FOR-US: Oracle
CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows rem ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd)  ...)
	NOT-FOR-US: SuSE specific
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 a ...)
	NOT-FOR-US: Cisco
CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with wor ...)
	NOT-FOR-US: iSCSI
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) i ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0841
	REJECTED
CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x befor ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier ...)
	{DSA-182 DSA-179 DSA-176}
	- kdegraphics 4:2.2.2-6.9
	- gnome-gv 1.99.7-9
	- gv 1:3.5.8-27
CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remo ...)
	- wordtrans 1.1pre9
CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier a ...)
	{DSA-162}
	- ethereal 0.9.6-1
CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ot ...)
	NOT-FOR-US: Eudora
CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cook ...)
	NOT-FOR-US: Internet Explorer
CVE-2002-0828
	REJECTED
CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows loc ...)
	NOT-FOR-US: UnixWare
CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 a ...)
	- libnss-ldap 199-1
CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial o ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers  ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, allo ...)
	- arts <not-affected> (artscontrol not suid root)
CVE-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netsc ...)
	- mozilla 2:1.0.0-1
CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway  ...)
	NOT-FOR-US: Compaq hardware
CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, a ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote at ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of director ...)
	NOT-FOR-US: BadBlue
CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
	NOT-FOR-US: YoungZoft
CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local user ...)
	NOT-FOR-US: HP
CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris 5. ...)
	NOT-FOR-US: Solaris
CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for Sol ...)
	NOT-FOR-US: Solaris
CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX  ...)
	NOT-FOR-US: QNX
CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) 11 ...)
	NOT-FOR-US: Cisco
CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers  ...)
	NOT-FOR-US: Novell
CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
	NOT-FOR-US: iCon
CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory Serv ...)
	NOT-FOR-US: Critical Path inJoin Directory Server
CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b allo ...)
	NOT-FOR-US: Lidik web server
CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled all ...)
	NOT-FOR-US: Novell
CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers  ...)
	NOT-FOR-US: Novell
CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attack ...)
	NOT-FOR-US: Novell
CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote atta ...)
	NOT-FOR-US: Novell
CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view arbit ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default p ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting Contro ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 al ...)
	- viewcvs 0.9.2-5
CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain se ...)
	NOT-FOR-US: Historic Quake2 issue
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog Tel ...)
	NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file desc ...)
	NOT-FOR-US: simpleinit
CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Phorum
CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on HP-U ...)
	NOT-FOR-US: HP
CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled al ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1)  ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to exec ...)
	NOT-FOR-US: Talentsoft
CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is  ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use csMa ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read arb ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure li ...)
	NOT-FOR-US: AIX
CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long argument ...)
	NOT-FOR-US: AIX
CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long arg ...)
	NOT-FOR-US: AIX
CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed setui ...)
	- slrn 0.9.6.2-9
CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to i ...)
	NOT-FOR-US: PostCalendat
CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid  ...)
	- squid <not-affected> (Historic vulnerability, fixed before Woody was released)
CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote at ...)
	NOT-FOR-US: MyGuestbook
CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for vqServ ...)
	NOT-FOR-US: vqServer
CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip Chinery' ...)
	NOT-FOR-US: guestbook
CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before 1.2. ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local a ...)
	NOT-FOR-US: windows
CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft Wi ...)
	NOT-FOR-US: windows
CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the d ...)
	NOT-FOR-US: internet explorer
CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for e ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of servi ...)
	- php4 4:4.2.2-1
CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy authenticat ...)
	- squid 2.4.6-2
CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
	- squid 2.4.6-2
CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly requir ...)
	NOT-FOR-US: EASM
CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
	NOT-FOR-US: HP
CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for SurfContro ...)
	NOT-FOR-US: no_package
CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for SurfCo ...)
	NOT-FOR-US: no_package
CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows rem ...)
	NOT-FOR-US: no_package
CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout We ...)
	NOT-FOR-US: no_package
CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
	NOT-FOR-US: no_package
CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS  ...)
	- dhcp3 3.0+3.0.1rc9-1
CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
	NOT-FOR-US: windows
CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Micro ...)
	NOT-FOR-US: windows
CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator (e ...)
	NOT-FOR-US: McAfee
CVE-2002-0689
	RESERVED
CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) 4 ...)
	NOT-FOR-US: no_package
CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of netwo ...)
	- glibc 2.2.5-8
CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote attacke ...)
	NOT-FOR-US: no_package
CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows re ...)
	NOT-FOR-US: no_package
CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows rem ...)
	NOT-FOR-US: no_package
CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to o ...)
	NOT-FOR-US: no_package
CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...)
	NOT-FOR-US: no_package
CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...)
	NOT-FOR-US: no_package
CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...)
	NOT-FOR-US: no_package
CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ha ...)
	NOT-FOR-US: no_package
CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not prop ...)
	{DSA-201}
	- freeswan 1.99-1
CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
	NOT-FOR-US: ZMerge
CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Wind ...)
	- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ena ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not prop ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly rem ...)
	{DSA-138}
	- gallery 1.3-3
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
	NOT-FOR-US: windows mta
CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScre ...)
	NOT-FOR-US: juniper router
CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive in ...)
	NOT-FOR-US: windows mta
CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67. ...)
	NOT-FOR-US: ncipher hardware
CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe i ...)
	NOT-FOR-US: windows firewall
CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454  ...)
	NOT-FOR-US: cisco
CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD b ...)
	NOT-FOR-US: cisco
CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) da ...)
	NOT-FOR-US: windows mta
CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...)
	NOT-FOR-US: monkeyd, not in debian
CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistak ...)
	- eggdrop 1.6.17
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player 2. ...)
	NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a de ...)
	- clamav 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global  ...)
	- php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to byp ...)
	NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
	NOT-FOR-US: open/netbsd
CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to o ...)
	- libtool 1.5.6
CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for Adob ...)
	NOT-FOR-US: acroread
CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM),  ...)
	NOT-FOR-US: realsecure/blackice
CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ne ...)
	- mozilla 2:1.7.3
CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext password ...)
	NOT-FOR-US: symantec
CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
	{DSA-474}
	- squid 2.5.5-1
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
	{DSA-461}
	- calife 2.8.6-1 (bug #235157)
CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allow ...)
	{DSA-463}
	- samba 3.0.2-2
CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp da ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and Ap ...)
	NOT-FOR-US: apache/cygwin
CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote att ...)
	NOT-FOR-US: freebsd/os x
CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote  ...)
	NOT-FOR-US: os x
CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initia ...)
	NOT-FOR-US: os x
CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon (p ...)
	NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary c ...)
	{DSA-446}
	- synaesthesia 2.1-3
	NOTE: synaesthesia is no longer setuid in Debian.
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated  ...)
	{DSA-447}
	- hsftp 1.15-1
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2 ...)
	{DSA-458-3}
	- python2.2 2.2.2
CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, all ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon (radi ...)
	NOT-FOR-US: gnu radiusd, not in debian
CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 an ...)
	- phpmyadmin 2:2.6.0-pl2
CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration sc ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directo ...)
	NOT-FOR-US: freebsd
CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain r ...)
	NOT-FOR-US: microsoft
CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not su ...)
	NOT-FOR-US: microsoft
CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 all ...)
	NOT-FOR-US: microsoft
CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for Free ...)
	NOT-FOR-US: bsd
CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 a ...)
	- apache2 2.0.52
CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ( ...)
	{DSA-464}
	- gdk-pixbuf 0.22.0-3
CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to  ...)
	{DSA-460}
	- sysstat 5.0.2-1
CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when cre ...)
	NOT-FOR-US: freebsd
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to c ...)
	- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a d ...)
	NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to c ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x al ...)
	NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1 ...)
	- samba 3.0.7
CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after  ...)
	NOT-FOR-US: debian uses different login
CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...)
	- mutt 1.5.6-20040722+1
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to 2.2. ...)
	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3)
	- kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the copy_from ...)
	- kernel-source-2.4.24 2.4.24-3
	NOTE: fixed in 2.4.26-pre3
CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents a ...)
	NOT-FOR-US: ezcontents, commercial
CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...)
	NOT-FOR-US: phpdig, not in debian
CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1. ...)
	NOT-FOR-US: ncipher hsm
CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attac ...)
	NOT-FOR-US: real helix
CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control messag ...)
	- inn2 2.4.1+20040820
	[woody] - inn2 <not-affected>
CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentic ...)
	NOT-FOR-US: cisco
CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4. ...)
	NOT-FOR-US: checkpoint
CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x  ...)
	NOT-FOR-US: vbulletin, commercial
CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and earli ...)
	NOT-FOR-US: phorum, not in debian
CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2 ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and  ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
	{DSA-420}
	- jitterbug 1.6.2-4.5
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the "save ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before execu ...)
	{DSA-418}
	- vbox3 0.1.8
CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...)
	{DSA-414}
	- jabber 1.4.3-1
CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute  ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...)
	- apache-ssl 1.3.31
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6  ...)
	NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace emul ...)
	- kernel-image-2.6.8-9-amd64-generic <unfixed>
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and  ...)
	NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to byp ...)
	NOT-FOR-US: windows
CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2003-0994 (The GUI functionality for an interactive session in Symantec LiveUpdat ...)
	NOT-FOR-US: norton
CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...)
	- apache 1.3.29.0.2-4
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before 2. ...)
	{DSA-436}
	- mailman 2.1-1
	NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal In ...)
	- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1)
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
	{DSA-411}
	- mpg321 0.2.10.3
CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and possi ...)
	NOT-FOR-US: elm
CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, whic ...)
	{DSA-426}
	- netpbm-free 2:9.25-9
CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows Med ...)
	NOT-FOR-US: microsoft
CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components (MD ...)
	NOT-FOR-US: microsoft
CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows Serve ...)
	NOT-FOR-US: microsoft
CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability  ...)
	{DSA-261}
	- tcpdump 3.7.2-1
CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null te ...)
	{DSA-259}
	- qpopper 4.0.4-9
CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before f ...)
	NOT-FOR-US: SOHO Routefinder
CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a malfo ...)
	NOT-FOR-US: man before 1.51
CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 th ...)
	NOT-FOR-US: lotus notes
CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.1 ...)
	NOT-FOR-US: lotus notes
CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...)
	{DSA-256}
	- mhc 0.25+20030224-1
CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers  ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is c ...)
	- zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8. ...)
	NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote attack ...)
	NOT-FOR-US: nokia handset
CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows at ...)
	{DSA-260}
	- file 3.40-1.1
CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers  ...)
	NOT-FOR-US: cisco
CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to  ...)
	- php4 4:4.3.2+rc3-1
CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7 ...)
	NOT-FOR-US: oracle
CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 a ...)
	NOT-FOR-US: mandrake specific
CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attacker ...)
	{DSA-261}
	- tcpdump 3.7.1-1
CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to  ...)
	NOT-FOR-US: macosX
CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language Suppo ...)
	NOT-FOR-US: AIX
CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector f ...)
	{DSA-258}
	- ethereal 0.9.9-2
CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal em ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...)
	{DSA-253}
	- openssl 0.9.7a-1
CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and poss ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for Bla ...)
	NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows at ...)
	{DSA-303}
	- mysql-dfsg 4.0.12-2
CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in XFree ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...)
	- vte 1:0.11.10-1
CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...)
	- putty 0.54-1
CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to modi ...)
	{DSA-496}
	- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to modif ...)
	- rxvt 1:2.6.4-6.1 (bug #244810)
	NOTE: woody version is still vulnerable
CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window tit ...)
	NOT-FOR-US: uxterm not in Debian
CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window tit ...)
	NOT-FOR-US: dtterm not in Debian
CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows attack ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows lo ...)
	NOT-FOR-US: NOD32 not in Debian
CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for MI ...)
	- krb5 1.2.5-1
CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remo ...)
	- krb5 1.2.5-1
CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin Streami ...)
	NOT-FOR-US: apple
CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Strea ...)
	NOT-FOR-US: apple
CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Dar ...)
	NOT-FOR-US: apple
CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...)
	NOT-FOR-US: apple
CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...)
	NOT-FOR-US: apple
CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...)
	NOT-FOR-US: apple
CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remo ...)
	NOT-FOR-US: windows
CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, use ...)
	{DSA-246}
	- tomcat 3.3.1a-1
CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier  ...)
	{DSA-247}
	- courier 0.40.2-3
	- courier-ssl 0.40.2-3
CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versi ...)
	{DSA-245}
	- dhcp3 3.0+3.0.1rc11-3
	NOTE: Version information in DSA is wrong.
CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a deni ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
	NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu opti ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu opti ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0022 (The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite  ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0021 (The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers  ...)
	- eterm 0.9.2-1
	NOTE: According to upstream changelog and http://marc.info/?l=bugtraq&m=104612710031920&w=2
	NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs,  ...)
	- apache2 2.0.49
	- apache 1.3.29.0.2-4
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrec ...)
	NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers  ...)
	NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me oper ...)
	NOT-FOR-US: apache on windows
CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote atta ...)
	{DSA-233}
	- cvs 1.11.2-5.1
CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16. ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x b ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center fo ...)
	NOT-FOR-US: windows
CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt em ...)
	NOT-FOR-US: windows
CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft Window ...)
	NOT-FOR-US: windows
CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT 4. ...)
	NOT-FOR-US: windows
CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...)
	NOT-FOR-US: windows
CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before 2.4.2 ...)
	NOTE: fixed after 2.6/2.4.20 kernel
CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: gbook not in Debian
CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users  ...)
	NOT-FOR-US: novell
CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary fi ...)
	NOT-FOR-US: AIX
CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...)
	NOT-FOR-US: lhttpd not in Debian
CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ma ...)
	NOT-FOR-US: AIX
CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...)
	NOT-FOR-US: Netscreen
CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...)
	NOT-FOR-US: NetBSD
CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...)
	NOT-FOR-US: BadBlue not in Debian
CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x befor ...)
	NOT-FOR-US: norton
CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote authenti ...)
	NOT-FOR-US: acusend not in Debian
CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administra ...)
	- phpbb2 2.0.6c-1
	NOTE: according to http://www.securityfocus.com/archive/1/297419
	NOTE: phpBB versions above 2.0.0 are not vulnerable.
CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary file ...)
	NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian
CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the admin ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the s ...)
	NOT-FOR-US: mondosearch
CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) all ...)
	NOT-FOR-US: winamp
CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...)
	NOT-FOR-US: webserver 4D
CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and R ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard Firebo ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions whi ...)
	NOT-FOR-US: IRIX
CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ac ...)
	NOT-FOR-US: IRIX
CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows loc ...)
	NOT-FOR-US: IRIX
CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite file ...)
	NOT-FOR-US: interbase
CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 a ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() functi ...)
	- vnc 3.3.3r2-21
CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary att ...)
	- xfree86 4.1.0-7
CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...)
	NOT-FOR-US: redhat and mandrake only
CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board (wB ...)
	NOT-FOR-US: WoltLab Burning Board not in Debian
CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...)
	NOT-FOR-US: xbreaky not in Debian
CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) befor ...)
	NOT-FOR-US: Enterasys
CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allow ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows r ...)
	NOT-FOR-US: Aestiva
CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook a ...)
	NOT-FOR-US: Lycos
CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most rece ...)
	NOT-FOR-US: Cisco
CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of se ...)
	NOT-FOR-US: NetBSD
CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext i ...)
	- cacti 0.6.8-1
CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via  ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti adm ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and  ...)
	NOT-FOR-US: NetBSD
CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...)
	- xfree86 4.2.1-1 (bug #280872)
CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ve ...)
	- evolution 1.2.0-1 (bug #280883)
CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or  ...)
	- scponly 3.8-1
	NOTE: according to http://web.archive.org/web/20150425070754/http://sublimation.org/scponly/ (scponly home page)
	NOTE: only versions of scponly older than scponly-2.4 are affected
CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ar ...)
	NOT-FOR-US: AIX
CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and  ...)
	NOT-FOR-US: symantec
CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...)
	NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before 3. ...)
	NOT-FOR-US: Cisco
CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric v ...)
	NOT-FOR-US: nCipher PKCS#11 library
CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to monit ...)
	NOT-FOR-US: Google toolbar
CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 all ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 all ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0 ...)
	NOT-FOR-US: Achievo not in Debian
CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read a ...)
	NOT-FOR-US: Sympoll not in Debian
CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier  ...)
	{DSA-141}
	- mpack 1.5-9
CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote atta ...)
	- mpack 1.5-9
CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...)
	NOT-FOR-US: OpenBSD
CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes th ...)
	NOT-FOR-US: IRIX on Origin
CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting Serve ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server  ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges vi ...)
	- qmailadmin 1.0.6-1
CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, al ...)
	NOT-FOR-US: RCONAG6 for Novell Netware SP2
CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an  ...)
	NOT-FOR-US: TinySSL not in Debian
CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote a ...)
	{DSA-210}
	- lynx 2.8.4.1b-4
	- lynx-ssl 1:2.8.4.1b-3.1
CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
	- bugzilla 2.16.2-1
CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to exe ...)
	{DSA-219}
	- dhcpcd 1:1.3.22pl2-2
	NOTE: Debian sarge uses dhcp >= 2.0
CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...)
	- php4 4:4.3.2+rc3-1
	NOTE: according to http://www.securityfocus.com/bid/6488
	NOTE: woody is not vulnerable
CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet a ...)
	{DSA-225}
	- tomcat4 4.1.16-1
CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote  ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested  ...)
	{DSA-223}
	- geneweb 4.09-1
CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to g ...)
	{DSA-217}
	- typespeed 0.4.2-2
CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allo ...)
	{DSA-221}
	- mhonarc 2.5.14-1
CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users t ...)
	- openwebmail 1.90-1
CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...)
	{DSA-232 DSA-226 DSA-222}
	- xpdf-i 2.01-2
	- xpdf 2.01-2
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to exe ...)
	- flashplugin-nonfree 6.0.69-1
CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...)
	- exim4 4.11-0.0.1
	- exim 3.36-14
CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service (cr ...)
	{DSA-336}
	- kernel-source-2.2.25 2.2.25-2
CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to exec ...)
	- vim 6.1.263-1
	NOTE: woody seems to be still vulnerable
	NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003
	NOTE: but no advisory (nor fixed package) have been published yet.
	NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this.
	NOTE: No response from maintainer, I have mailed security team.
	NOTE: Martin Schulze don't consider this as an issue for updating woody.
CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4. ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x befor ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3 ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not prop ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 throu ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 doe ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local  ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not acc ...)
	{DSA-216}
	- fetchmail 6.2.0-1
CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows  ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does  ...)
	{DSA-213}
	- libpng 1.0.12-7
	- libpng3 1.2.5-8
CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of se ...)
	{DSA-211}
	- micq 0.4.9.4-1
CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Har ...)
	NOT-FOR-US: sun
CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly  ...)
	{DSA-206}
	- tcpdump 3.7.2-1
	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
	- gtetrinet 0.4.4-1
CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 all ...)
	NOT-FOR-US: PC-cillin
CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attri ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to  ...)
	{DSA-257}
	- sendmail 8.13.0.PreAlpha4-0
	- sendmail-wine <removed>
	NOTE: problem in sendmail 8.12, sarge uses 8.13
CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...)
	- tightvnc 1.2.6-1
CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP  ...)
	NOT-FOR-US: windows
CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remot ...)
	NOT-FOR-US: windows
CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may al ...)
	{DSA-208}
	- perl 5.8.0-14
CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: pine not in Debian
CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 sy ...)
	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers t ...)
	{DSA-200}
	- samba 2.2.7
CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...)
	NOT-FOR-US: solaris
CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...)
	{DSA-198}
	- nullmailer 1.00RC5-17
CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...)
	{DSA-197}
	- courier 0.40.0-1
CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote attac ...)
	- mozilla 2:1.2-1
	NOTE: woody is vulnerable see #237422
CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...)
	{DSA-199}
	- mhonarc 2.5.13-1
CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris d ...)
	NOT-FOR-US: Solaris
CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the pas ...)
	- kdeutils 4:3.2.1-1
CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...)
	NOTE: Linuxconf not in testing/unstable
CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow  ...)
	{DSA-190}
	- wmaker 0.80.1-4
CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a bac ...)
	NOT-FOR-US: Alcatel
CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ea ...)
	{DSA-386}
	- libmailtools-perl 1.51 (bug #168381)
CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted IS ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service b ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a di ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not pr ...)
	NOTE: don't know which version of glibc fix this
	NOTE: I've mailed maintainers.
CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 da ...)
	NOT-FOR-US: oracle
CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machin ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allo ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via comma ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...)
	NOT-FOR-US: PeopleSoft
CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to  ...)
	{DSA-186}
	- log2mail 0.2.6-1
CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain r ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other vers ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ex ...)
	{DSA-189}
	- luxman 0.41-19
CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...)
	NOT-FOR-US: Pablo FTP Server
CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authe ...)
	NOT-FOR-US: PHP-Nuke not in Debian
CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...)
	NOT-FOR-US: QNX
CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast Cable/D ...)
	NOT-FOR-US: Linksys
CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS p ...)
	{DSA-180}
	- nis 3.9-6.2
CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a d ...)
	NOT-FOR-US: SCO
CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2 ...)
	NOT-FOR-US: Windows NT
CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) pass ...)
	{DSA-177}
	- pam 0.76-6
CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0 ...)
	- kdenetwork 4:3.1.0-1
CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView i ...)
	- kdegraphics 4:3.1.0-1
CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst switche ...)
	NOT-FOR-US: CISCO
CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of se ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of  ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8  ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 20 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Prometheus not in Debian
CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when u ...)
	{DSA-175}
	- syslog-ng 1.5.21-1
CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary fi ...)
	NOT-FOR-US: ypxfrd not in Debian
CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes fro ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282500
CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x  ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282501
CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2 ...)
	{DSA-173}
	- bugzilla 2.16.0-2.1
CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ht:/ ...)
	{DSA-169}
	- htcheck 1:1.1-1.2
CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite f ...)
	{DSA-172}
	- tkmail <removed>
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block in ...)
	NOT-FOR-US: CISCO
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
	NOT-FOR-US: Microsoft
CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 thr ...)
	NOT-FOR-US: Microsoft
CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security  ...)
	NOT-FOR-US: Microsoft
CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain par ...)
	NOT-FOR-US: Microsoft
CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default permissio ...)
	NOT-FOR-US: Microsoft
CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Bas ...)
	NOT-FOR-US: Microsoft
CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Microsoft
CVE-2002-1180 (A typographical error in the script source access permissions for Inte ...)
	NOT-FOR-US: Microsoft
CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ser ...)
	- jetty 4.1.0
CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon i ...)
	- net-snmp 5.0.6
CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1. ...)
	NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server
CVE-2002-1160 (The default configuration of the pam_xauth module forwards MIT-Magic-C ...)
	NOT-FOR-US: pam_xauth
CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which allow ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and earlie ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9  ...)
	{DSA-181}
	- libapache-mod-ssl 2.8.9-2.3
CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...)
	- apache2 2.0.43
CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the PROG ...)
	- analog 2:5.23
CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secur ...)
	- kdebase 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
	{DSA-167}
	- kdelibs 4:2.2.2-14
CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in T ...)
	{DSA-170}
	- tomcat4 4.1.12-1
CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch firmwar ...)
	NOT-FOR-US: HP Procurve 4000M Switch firmware
CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
	- glibc 2.3
	- bind 1:8.3.3
CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...)
	NOT-FOR-US: Microsoft
CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as  ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack ...)
	NOT-FOR-US: Microsoft
CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MS ...)
	NOT-FOR-US: Microsoft
CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles us ...)
	NOT-FOR-US: Microsoft
CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, all ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine th ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape a ...)
	- mozilla 2:1.2
CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL Serve ...)
	NOT-FOR-US: Microsoft
CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2. ...)
	NOT-FOR-US: Microsoft
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary f ...)
	{DSA-159}
	- python1.5 1.5.2-24
	- python2.1 2.1.3-6a
	- python2.2 2.2.1-8
	- python2.3 <not-affected>
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
	NOT-FOR-US: Oracle
CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymo ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ear ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs with ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify th ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows us ...)
	NOTE: old amavis shell script
CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...)
	NOT-FOR-US: Cisco
CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...)
	NOT-FOR-US: Cisco
CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...)
	NOT-FOR-US: Cisco
CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...)
	NOT-FOR-US: Cisco
CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x befo ...)
	NOT-FOR-US: Cisco
CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...)
	NOT-FOR-US: Cisco
CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTP ...)
	NOT-FOR-US: Cisco
CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restri ...)
	NOT-FOR-US: Cisco
CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restri ...)
	NOT-FOR-US: Cisco
CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled,  ...)
	NOT-FOR-US: Cisco
CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before  ...)
	NOT-FOR-US: Cisco
CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when conf ...)
	NOT-FOR-US: Cisco
CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers  ...)
	- mozilla 2:1.0.2
CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...)
	NOT-FOR-US: Novell GroupWise
CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote at ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows rem ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before  ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerl ...)
	NOT-FOR-US: CacheFlow CacheOS
CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...)
	NOT-FOR-US: Van Dyke SecureCRT SSH client
CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows re ...)
	NOT-FOR-US: SmartMax MailMax POP3 daemon
CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...)
	NOT-FOR-US: Microsoft
CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and  ...)
	NOT-FOR-US: Pablo FTP server
CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server be ...)
	NOT-FOR-US: W3C Jigsaw Proxy Server
CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG tracero ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attacke ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows re ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebo ...)
	NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before 2 ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/20020706
CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Omnicron OmniHTTPd
CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list directo ...)
	NOT-FOR-US: KeyFocus (KF) web server
CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express  ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code v ...)
	NOT-FOR-US: JRun
CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attack ...)
	NOT-FOR-US: Cisco
CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10. ...)
	NOT-FOR-US: Real
CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne  ...)
	NOT-FOR-US: Real
CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 t ...)
	NOT-FOR-US: Inktomi
CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to Spee ...)
	NOT-FOR-US: Betsie
CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail  ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attac ...)
	NOT-FOR-US: Novell
CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attack ...)
	NOT-FOR-US: AnalogX SimpleServer:Shout
CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges vi ...)
	NOT-FOR-US: PHPAuction
CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 th ...)
	NOT-FOR-US: Symantec
CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 al ...)
	{DSA-158}
	- gaim 1:0.59.1-2
CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1. ...)
	NOT-FOR-US: Xsco
CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop pri ...)
	NOT-FOR-US: Xsco
CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ch ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to 4 ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x befo ...)
	{DSA-156}
	- epic4-script-light 1:2.7.30p5-2
CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0. ...)
	NOT-FOR-US: ndcfg
CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to dele ...)
	NOT-FOR-US: Help and Support Center for Windows XP
CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ver ...)
	{DSA-155}
	- kdelibs 4:2.2.2-14
CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta  ...)
	NOTE: mysql problem only affects Windows
CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows re ...)
	NOT-FOR-US: AnalogX SimpleServer:WWW
CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote att ...)
	NOT-FOR-US: eDonkey
CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on Windo ...)
	NOT-FOR-US: Oracle
CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause  ...)
	NOT-FOR-US: Half Life
CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2. ...)
	NOT-FOR-US: PHP Reactor
CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen a ...)
	NOT-FOR-US: PHP Address
CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 a ...)
	NOT-FOR-US: Cisco
CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8 ...)
	NOT-FOR-US: Oracle
CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601  ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a de ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4. ...)
	NOT-FOR-US: Java on Windows
CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remot ...)
	NOT-FOR-US: Cisco
CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, al ...)
	- tomcat4 4.1.9-1
CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ms ...)
	- squid 2.4.7
CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...)
	- courier 0.46
CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator passwo ...)
	NOT-FOR-US: Caldera Volution Manager
CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a cu ...)
	- sendmail 8.12.5
CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers t ...)
	- kismet 2.2.2-1
CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows r ...)
	NOT-FOR-US: pks
CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary fil ...)
	NOT-FOR-US: Opera
CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: LocalWEB2000
CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attacke ...)
	NOT-FOR-US: MatuFtpServer
CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows r ...)
	NOT-FOR-US: NewAtlanta ServletExec ISAPI
CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ce ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local use ...)
	- qpopper 4.0.5-1
CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...)
	NOT-FOR-US: scoadmin
CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivile ...)
	{DSA-154}
	- fam 2.6.8-1
CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the v ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which allo ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services th ...)
	{DSA-151}
	- xinetd 1:2.3.7-1
CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allo ...)
	NOT-FOR-US: Microsoft
CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in Micr ...)
	NOT-FOR-US: Microsoft
CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP all ...)
	NOT-FOR-US: Microsoft
CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office W ...)
	NOT-FOR-US: Microsoft
CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on Mi ...)
	NOT-FOR-US: Microsoft
CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote a ...)
	NOT-FOR-US: Oracle
CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows re ...)
	NOT-FOR-US: Cisco
CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) daem ...)
	- isdnutils 1:3.2
CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...)
	NOT-FOR-US: PGP corporate desktop
CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, a ...)
	NOT-FOR-US: Cisco
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
	{DSA-145}
	- tinyproxy 1.4.3-3
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to  ...)
	- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows rem ...)
	NOT-FOR-US: Sun ONE
CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD b ...)
	- cvs 1:1.11.2
CVE-2002-0842 (Format string vulnerability in certain third party modifications to mo ...)
	NOTE: mod_dav for apache not vulnerable according to
	NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html
CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of  ...)
	{DSA-195 DSA-188 DSA-187}
	- apache2 2.0.43-1
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the sy ...)
	{DSA-207}
	- tetex-bin 1.0.7+20021025-4
CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to  ...)
	NOT-FOR-US: RedHat/Intel PXE daemon
	NOTE: this is not the one in Debian
CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local us ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, Net ...)
	NOT-FOR-US: BSD/NFS
CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...)
	NOT-FOR-US: WS FTP server
CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary fil ...)
	NOT-FOR-US: BSD/pppd
CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute arb ...)
	NOT-FOR-US: Windows
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote  ...)
	{DSA-144}
	- wwwoffle 2.7d-1
CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to g ...)
	{DSA-139}
	- super 3.18.0-3
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain roo ...)
	NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server  ...)
	NOT-FOR-US: VMware
CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error me ...)
	- bugzilla 2.16.0
CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properl ...)
	- bugzilla 2.16.0
CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing  ...)
	- bugzilla 2.16.0
CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authentic ...)
	- bugzilla 2.16.0
CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new  ...)
	- bugzilla 2.16.0
CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured  ...)
	- bugzilla 2.16.0
CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding cons ...)
	- postgresql 7.2
CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...)
	NOT-FOR-US: Macromedia / Windows
CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local us ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in  ...)
	NOT-FOR-US: AIX
CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...)
	- mnogosearch 3.1.19-3
CVE-2002-0788 (An interaction between PGP 7.0.3 with the "wipe deleted files" option, ...)
	NOT-FOR-US: windows
CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial  ...)
	NOT-FOR-US: AOL AIM
CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and Cont ...)
	NOT-FOR-US: CISCO
CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlie ...)
	NOT-FOR-US: Ipswitch not in Debian
CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to  ...)
	NOT-FOR-US: Hosting Controller 2002
CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and po ...)
	- lukemftp 1.5-7
CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of servic ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain  ...)
	- openssh 1:3.3p1-0.0woody1
CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the /etc/pass ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1 ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenL ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1 ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote a ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Labview
CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU c ...)
	NOT-FOR-US: psyBNC
CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from arc ...)
	{DSA-163}
	- mhonarc 2.5.11-1
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain  ...)
	NOT-FOR-US: Sambar web server
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly loa ...)
	NOT-FOR-US: B2
CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows r ...)
	- thttpd 2.21
CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC)  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0719 (SQL injection vulnerability in the function that services for Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) 20 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5. ...)
	NOT-FOR-US: SCO OpenServer
CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresse ...)
	- squid 2.4.6
CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier all ...)
	NOT-FOR-US: sendform.cgi
CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ("iptab ...)
	NOTE: kernel netfilter bug, not in user space
	NOTE: this is fixed in kernel 2.4.20
	- kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant)
CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl  ...)
	- perl 5.8.0-7 (bug #282527)
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process wi ...)
	NOT-FOR-US: BSD
CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchang ...)
	NOT-FOR-US: Microsoft
CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files wit ...)
	NOT-FOR-US: Microsoft
CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Mi ...)
	NOT-FOR-US: Microsoft
CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Mil ...)
	NOT-FOR-US: Microsoft
CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft Fron ...)
	NOT-FOR-US: Microsoft
CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...)
	{DSA-490}
	- zope 2.6.0-0.1
CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 al ...)
	- zope 2.5.1b2
CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for P ...)
	NOT-FOR-US: PGP Outlook Encryption Plug-In
CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remot ...)
	- tomcat 4.0.4
CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC datab ...)
	NOT-FOR-US: CDE
CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to overwr ...)
	NOT-FOR-US: CDE ToolTalk
CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when downl ...)
	NOT-FOR-US: MacOS
CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP pho ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 al ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to bypas ...)
	NOT-FOR-US: Microsoft
CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Fi ...)
	NOT-FOR-US: Norton
CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users t ...)
	{DSA-160}
	- scrollkeeper 0.3.11-2
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to g ...)
	{DSA-137}
	- mm 1.1.3-7
CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ca ...)
	{DSA-135}
	- libapache-mod-ssl 2.8.9-2
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and libb ...)
	- glibc 2.2.5-8
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote a ...)
	NOT-FOR-US: microsoft
CVE-2002-0648 (The legacy &lt;script&gt; data-island capability for XML in Microsoft  ...)
	NOT-FOR-US: microsoft
CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially  ...)
	NOT-FOR-US: microsoft
CVE-2002-0642 (The registry key containing the SQL Server service account information ...)
	NOT-FOR-US: microsoft
CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote  ...)
	- openssh 1:3.4 (high)
CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote at ...)
	- openssh 1:3.4 (high)
CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 thr ...)
	NOT-FOR-US: SGI
CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote  ...)
	NOT-FOR-US: Polycom
CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote atta ...)
	NOT-FOR-US: Polycom
CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Serve ...)
	NOT-FOR-US: Microsoft
CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft Commer ...)
	NOT-FOR-US: Microsoft
CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer u ...)
	NOT-FOR-US: Microsoft
CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player 7. ...)
	NOT-FOR-US: Microsoft
CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attacke ...)
	NOT-FOR-US: DNSTools
CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,2 ...)
	NOT-FOR-US: Flash
CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers  ...)
	NOT-FOR-US: ISS
CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Blahz
CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner grabb ...)
	NOT-FOR-US: Foundstone
CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ca ...)
	NOT-FOR-US: Microsoft
CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers  ...)
	NOT-FOR-US: ColdFusion
CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Ke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solari ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access r ...)
	NOT-FOR-US: Oracle
CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access  ...)
	NOT-FOR-US: Oracle
CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...)
	NOT-FOR-US: Oracle
CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows r ...)
	NOT-FOR-US: SunShop
CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...)
	NOT-FOR-US: Winamp
CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server (abyssw ...)
	NOT-FOR-US: Aprelium
CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative  ...)
	NOT-FOR-US: Demarc
CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrite ...)
	NOT-FOR-US: Symantec
CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a ..  ...)
	NOT-FOR-US: EMU
CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x  ...)
	NOT-FOR-US: EMU
CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies o ...)
	NOT-FOR-US: popper_mod
CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in Calde ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework authenti ...)
	NOT-FOR-US: Cisco
CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ser ...)
	NOT-FOR-US: Posadis
CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: csSearch
CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 al ...)
	NOT-FOR-US: WebSight
CVE-2002-0493 (Apache Tomcat may be started without proper security settings if error ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...)
	NOT-FOR-US: Instant Web Mail
CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote att ...)
	NOT-FOR-US: Linux Directory Penguin
CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base directo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and earl ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote  ...)
	NOT-FOR-US: ARSC
CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Modul ...)
	NOT-FOR-US: Big Sam
CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attacker ...)
	NOT-FOR-US: PHProjekt
CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to obt ...)
	NOT-FOR-US: PHP FirstPost
CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial versio ...)
	NOT-FOR-US: Windows
CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that pr ...)
	NOT-FOR-US: Windows
CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...)
	NOT-FOR-US: PHP Imglist
CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) directo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU consump ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.2.20 <removed>
CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive inf ...)
	NOT-FOR-US: mIRC
CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...)
	NOT-FOR-US: SPHERE
CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to  ...)
	NOT-FOR-US: Red-M
CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, a ...)
	NOT-FOR-US: Red-M
CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...)
	NOT-FOR-US: Red-M
CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be dis ...)
	NOT-FOR-US: Red-M
CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, w ...)
	NOT-FOR-US: Red-M
CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remot ...)
	- apache2 2.0.37
CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating sy ...)
	{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
	- acm 5.0-10
	- glibc 2.2.5-13
	- dietlibc 0.20-0cvs20020808
	- krb5 1.2.5-2
	- openafs 1.2.6-1
CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module f ...)
	NOT-FOR-US: Sun
CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers t ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ima ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and group-wri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...)
	NOT-FOR-US: Apple
CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap P ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows M ...)
	NOT-FOR-US: Microsoft
CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player f ...)
	NOT-FOR-US: Microsoft
CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not p ...)
	NOT-FOR-US: Microsoft
CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows N ...)
	NOT-FOR-US: Microsoft
CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows re ...)
	NOT-FOR-US: AOL
CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allo ...)
	NOT-FOR-US: IRIX
CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows loca ...)
	NOT-FOR-US: MediaMail
CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the  ...)
	NOT-FOR-US: SGI
CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enab ...)
	NOT-FOR-US: Cisco
CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin B ...)
	NOT-FOR-US: OpenBB
CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ear ...)
	NOT-FOR-US: Snitz
CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to  ...)
	NOT-FOR-US: Essentia
CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the fi ...)
	NOT-FOR-US: Symantec
CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops l ...)
	NOT-FOR-US: Symantec
CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code v ...)
	NOT-FOR-US: CatchUp
CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in S ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...)
	NOT-FOR-US: WebNews
CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, w ...)
	NOT-FOR-US: pforum
CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to by ...)
	NOT-FOR-US: Falcon
CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before 0.3 ...)
	NOT-FOR-US: SIPS
CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file  ...)
	NOT-FOR-US: Sawmill
CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through J3210 ...)
	NOT-FOR-US: HP
CVE-2002-0246 (Format string vulnerability in the message catalog library functions i ...)
	NOT-FOR-US: UnixWare
CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1  ...)
	NOT-FOR-US: Cisco
CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Age ...)
	NOT-FOR-US: ISS
CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...)
	NOT-FOR-US: DCForum
CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ar ...)
	NOT-FOR-US: Xinet
CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3  ...)
	NOT-FOR-US: Tarantella
CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (S ...)
	NOT-FOR-US: Nortel
CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows rem ...)
	NOT-FOR-US: Real Networks
CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted ...)
	NOT-FOR-US: psyBNC
CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the se ...)
	NOT-FOR-US: ACD
CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to exe ...)
	NOT-FOR-US: Microsoft
CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to exe ...)
	NOT-FOR-US: Microsoft
CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of Microsof ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly import ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly hand ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection again ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Softw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for objec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0160 (The administration function in Cisco Secure Access Control Server (ACS ...)
	NOT-FOR-US: Cisco
CVE-2002-0159 (Format string vulnerability in the administration function in Cisco Se ...)
	NOT-FOR-US: Cisco
CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows op ...)
	NOT-FOR-US: Microsoft
CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server (IIS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet Informa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the maxim ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! Stand ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments rec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server (II ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for In ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR scr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even whe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for L ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and E ...)
	NOT-FOR-US: Microsoft
CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Conne ...)
	NOT-FOR-US: Microsoft
CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new grou ...)
	NOT-FOR-US: Microsoft
CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Serve ...)
	NOT-FOR-US: Microsoft
CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives "Everyone" group ...)
	NOT-FOR-US: Microsoft
CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment bef ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restri ...)
	NOT-FOR-US: Microsoft
CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Conte ...)
	NOT-FOR-US: Microsoft
CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an att ...)
	NOT-FOR-US: Microsoft
CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ar ...)
	NOT-FOR-US: Microsoft
CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in mshtml.d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allow ...)
	NOT-FOR-US: Microsoft
CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that recei ...)
	NOT-FOR-US: Microsoft
CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0004 (Heap corruption vulnerability in the "at" program allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1407 (Bugzilla before 2.14 allows Bugzilla users to bypass group security ch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1406 (process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1391 (Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1386 (WFTPD 3.00 allows remote attackers to read arbitrary files by uploadin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1385 (The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1383 (initscript in setserial 2.17-4 and earlier uses predictable temporary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1382 (The "echo simulation" traffic analysis countermeasure in OpenSSH befor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1380 (OpenSSH before 2.9.9, while using keypairs and multiple keys of differ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1378 (fetchmailconf in fetchmail before 5.7.4 allows local users to overwrit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1375 (tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1374 (expect before 5.32 searches for its libraries in /var/tmp before other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1373 (MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1372 (Oracle 9i Application Server 1.0.2 allows remote attackers to obtain t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1371 (The default configuration of Oracle Application Server 9iAS 1.0.2.2 en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1370 (prepend.php3 in PHPLib before 7.2d, when register_globals is enabled f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1369 (Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1367 (The checkAccess function in PHPSlice 0.1.4, and all other versions bet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1359 (Volution clients 1.0.7 and earlier attempt to contact the computer cre ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1352 (Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1351 (Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1350 (Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1349 (Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1347 (Windows 2000 allows local users to cause a denial of service and possi ...)
	NOT-FOR-US: Microsoft
CVE-2001-1345 (bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1342 (Apache before 1.3.20 on Windows and OS/2 systems allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1334 (Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1328 (Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1327 (pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1322 (xinetd 2.1.8 and earlier runs with a default umask of 0, which could a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1303 (The default configuration of SecuRemote for Check Point Firewall-1 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1302 (The change password option in the Windows Security interface for Windo ...)
	NOT-FOR-US: Microsoft
CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions befo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to incl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script befor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1296 (More.groupware PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1295 (Directory traversal vulnerability in Cerberus FTP Server 1.5 and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1291 (The telnet server for 3Com hardware such as PS40 SuperStack II does no ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1279 (Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1277 (makewhatis in the man package before 1.5i2 allows an attacker in group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1276 (ispell before 3.1.20 allows local users to overwrite files of other us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1266 (Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1252 (Network Associates PGP Keyserver 7.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1251 (SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1247 (PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1246 (PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1240 (The default configuration of sudo in Engarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1237 (Phormation PHP script 0.9.1 and earlier allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1236 (myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1235 (pSlash PHP script 0.7 and earlier allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass security co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1215 (Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1203 (Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1201 (Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1200 (Microsoft Windows XP allows local users to bypass a locked screen and  ...)
	NOT-FOR-US: Microsoft
CVE-2001-1199 (Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1193 (Directory traversal vulnerability in EFTP 2.0.8.346 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2001-1180 (FreeBSD 4.3 does not properly clear shared signal handlers when execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1177 (ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1176 (Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1175 (vipw in the util-linux package before 2.10 causes /etc/shadow to be wo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1174 (Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1172 (OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1166 (linprocfs on FreeBSD 4.3 and earlier does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1162 (Directory traversal vulnerability in the %m macro in the smb.conf conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1161 (Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1160 (udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1158 (Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, ac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1155 (TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1153 (lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1149 (Panda Antivirus Platinum before 6.23.00 allows a remore attacker to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1147 (The PAM implementation in /bin/login of the util-linux package before  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1146 (AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1145 (fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and Open ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1144 (Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1141 (The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1121 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of CVE ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1118 (A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1117 (LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1116 (Identix BioLogon 2.03 and earlier does not lock secondary displays on  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1113 (Buffer overflow in TrollFTPD 1.26 and earlier allows local users to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1108 (Directory traversal vulnerability in SnapStream PVS 1.2a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1106 (The default configuration of Sambar Server 5 and earlier uses a symmet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1103 (FTP Voyager ActiveX control before 8.0, when it is marked as safe for  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange 2 ...)
	NOT-FOR-US: Norton
CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in p ...)
	NOT-FOR-US: Cisco
CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a cor ...)
	NOT-FOR-US: AIX
CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could allow local users to execute arb ...)
	NOT-FOR-US: AIX
CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier,  ...)
	NOT-FOR-US: Microsoft
CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1081 (Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1080 (diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable ...)
	NOT-FOR-US: AIX
CVE-2001-1079 (create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates ...)
	NOT-FOR-US: AIX
CVE-2001-1075 (poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1074 (Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1072 (Apache with mod_rewrite enabled on most UNIX systems allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1071 (Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allo ...)
	NOT-FOR-US: Cisco
CVE-2001-1069 (libCoolType library as used in Adobe Acrobat (acroread) on Linux creat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1067 (Buffer overflow in AOLserver 3.0 allows remote attackers to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1066 (ns6install installation script for Netscape 6.01 on Solaris, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1063 (Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1062 (Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1059 (VMWare creates a temporary file vmware-log.USERNAME with insecure perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1056 (IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1055 (The Microsoft Windows network stack allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1054 (PHPAdsNew PHP script allows remote attackers to include arbitrary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1053 (AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1049 (Phorecast PHP script before 0.40 allows remote attackers to include ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1048 (AWOL PHP script allows remote attackers to include arbitrary files fro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1046 (Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1043 (ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1038 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attacker ...)
	NOT-FOR-US: Cisco
CVE-2001-1037 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to  ...)
	NOT-FOR-US: Cisco
CVE-2001-1036 (GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1035 (Binary decoding feature of slrn 0.9 and earlier allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1032 (admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1030 (Squid before 2.3STABLE5 in HTTP accelerator mode does not enable acces ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1029 (libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1028 (Buffer overflow in ultimate_source function of man 1.5 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1027 (Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1022 (Format string vulnerability in pic utility in groff 1.16.1 and other v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1020 (edit_image.php in Vibechild Directory Manager before 0.91 allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1017 (rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.pas ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1016 (PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Free ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1011 (index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1010 (Directory traversal vulnerability in pagecount CGI script in Sambar Se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1008 (Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1002 (The default configuration of the DVI print filter (dvips) in Red Hat L ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0998 (IBM HACMP 4.4 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0995 (PHProjekt before 2.4a allows remote attackers to perform actions as ot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0993 (sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0987 (Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0982 (Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Directo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0981 (HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix passwor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0980 (docview before 1.0-15 allows remote attackers to execute arbitrary com ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0978 (login in HP-UX 10.26 does not record failed login attempts in /var/adm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0977 (slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0973 (BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0969 (ipfw in FreeBSD does not properly handle the use of "me" in its rules  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0965 (glFTPD 1.23 allows remote attackers to cause a denial of service (CPU  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0963 (Directory traversal vulnerability in SpoonFTP 1.1 allows local and som ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0962 (IBM WebSphere Application Server 3.02 through 3.53 uses predictable se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0961 (Buffer overflow in tab expansion capability of the most program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0960 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 st ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0959 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 cr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0954 (Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0951 (Windows 2000 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Microsoft
CVE-2001-0946 (apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0940 (Buffer overflow in the GUI authentication code of Check Point VPN-1/Fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0939 (Lotus Domino 5.08 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0936 (Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0929 (Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC ...)
	NOT-FOR-US: Cisco
CVE-2001-0921 (Netscape 4.79 and earlier for MacOS allows an attacker with access to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0920 (Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0918 (Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0917 (Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0914 (Linux kernel before 2.4.11pre3 in multiple Linux distributions allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0912 (Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0909 (Buffer overflow in helpctr.exe program in Microsoft Help Center for Wi ...)
	NOT-FOR-US: Microsoft
CVE-2001-0907 (Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges via a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0905 (Race condition in signal handling of procmail 3.20 and earlier, when r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0902 (Microsoft IIS 5.0 allows remote attackers to spoof web log entries via ...)
	NOT-FOR-US: Microsoft
CVE-2001-0901 (Hypermail allows remote attackers to execute arbitrary commands on a s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0900 (Directory traversal vulnerability in modules.php in Gallery before 1.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0899 (Network Tools 0.2 for PHP-Nuke allows remote attackers to execute comm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0896 (Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0895 (Multiple Cisco networking products allow remote attackers to cause a d ...)
	NOT-FOR-US: Cisco
CVE-2001-0894 (Vulnerability in Postfix SMTP server before 20010228-pl07, when config ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0891 (Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0889 (Exim 3.22 and earlier, in some configurations, does not properly verif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0888 (Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0887 (xSANE 0.81 and earlier allows local users to modify files of other xSA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0886 (Buffer overflow in glob function of glibc allows attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0884 (Cross-site scripting vulnerability in Mailman email archiver before 2. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0879 (Format string vulnerability in the C runtime functions in SQL Server 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0877 (Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0876 (Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0875 (Internet Explorer 5.5 and 6.0 allows remote attackers to cause the Fil ...)
	NOT-FOR-US: Microsoft
CVE-2001-0874 (Internet Explorer 5.5 and 6.0 allow remote attackers to read certain f ...)
	NOT-FOR-US: Microsoft
CVE-2001-0873 (uuxqt in Taylor UUCP package does not properly remove dangerous long o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly clea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0869 (Format string vulnerability in the default logging callback function _ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0867 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not pr ...)
	NOT-FOR-US: Cisco
CVE-2001-0866 (Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not pr ...)
	NOT-FOR-US: Cisco
CVE-2001-0865 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not su ...)
	NOT-FOR-US: Cisco
CVE-2001-0864 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not pr ...)
	NOT-FOR-US: Cisco
CVE-2001-0863 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ha ...)
	NOT-FOR-US: Cisco
CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not bl ...)
	NOT-FOR-US: Cisco
CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...)
	NOT-FOR-US: Microsoft
CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0857 (Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0852 (TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0851 (Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0850 (A configuration error in the libdb1 package in OpenLinux 3.1 uses inse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0846 (Lotus Domino 5.x allows remote attackers to read files or execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0843 (Squid proxy server 2.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0837 (DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0836 (Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0834 (htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0833 (Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0830 (6tunnel 0.08 and earlier does not properly close sockets that were ini ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0828 (A cross-site scripting vulnerability in Caucho Technology Resin before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0825 (Buffer overflow in internal string handling routines of xinetd before  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0823 (The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0822 (FPF kernel module 1.0 allows a remote attacker to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0819 (A buffer overflow in Linux fetchmail before 5.8.6 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0816 (OpenSSH before 2.9.9, when running sftp using sftp-server and using re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0815 (Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0806 (Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0805 (Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enter ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0804 (Directory traversal vulnerability in story.pl in Interactive Story 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0803 (Buffer overflow in the client connection routine of libDtSvc.so.1 in C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0801 (lpstat in IRIX 6.5.13f and earlier allows local users to gain root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0797 (Buffer overflow in login in various System V based operating systems a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0796 (SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0792 (Format string vulnerability in XChat 1.2.x allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0787 (LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0784 (Directory traversal vulnerability in Icecast 1.3.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0779 (Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0774 (Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0773 (Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0770 (Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0769 (Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0765 (BisonFTP V4R1 allows local users to access directories outside of thei ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0764 (Buffer overflow in ntping in scotty 2.1.0 allows local users to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0763 (Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0760 (Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0757 (Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC ca ...)
	NOT-FOR-US: Cisco
CVE-2001-0754 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0752 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use predicta ...)
	NOT-FOR-US: Cisco
CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial  ...)
	NOT-FOR-US: Cisco
CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other pr ...)
	NOT-FOR-US: Cisco
CVE-2001-0745 (Netscape 4.7x allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0741 (Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to ca ...)
	NOT-FOR-US: Cisco
CVE-2001-0740 (3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0739 (Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0738 (LogLine function in klogd in sysklogd 1.3 in various Linux distributio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0733 (The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0731 (Apache 1.3.20 with Multiviews enabled allows remote attackers to view  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0730 (split-logfile in Apache 1.3.20 allows remote attackers to overwrite ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0728 (Buffer overflow in Compaq Management Agents before 5.2, included in Co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0727 (Internet Explorer 6.0 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Microsoft
CVE-2001-0726 (Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used w ...)
	NOT-FOR-US: Microsoft
CVE-2001-0724 (Internet Explorer 5.5 allows remote attackers to bypass security restr ...)
	NOT-FOR-US: Microsoft
CVE-2001-0723 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and modi ...)
	NOT-FOR-US: Microsoft
CVE-2001-0722 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and modi ...)
	NOT-FOR-US: Microsoft
CVE-2001-0720 (Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2001-0719 (Buffer overflow in Microsoft Windows Media Player 6.4 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2001-0718 (Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2001-0717 (Format string vulnerability in ToolTalk database server rpc.ttdbserver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0716 (Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0710 (NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0706 (Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0701 (Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and ear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0700 (Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0699 (Buffer overflow in cb_reset in the System Service Processor (SSP) pack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0698 (Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0697 (NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0696 (NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0692 (SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0690 (Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0686 (Buffer overflow in mail included with SunOS 5.8 for x86 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0685 (Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0682 (ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0680 (Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/T ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0677 (Eudora 5.0.2 allows a remote attacker to read arbitrary files via an e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0676 (Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0675 (Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker t ...)
	NOT-FOR-US: Microsoft
CVE-2001-0670 (Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0668 (Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 thro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0667 (Internet Explorer 6 and earlier, when used with the Telnet client in S ...)
	NOT-FOR-US: Microsoft
CVE-2001-0666 (Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenti ...)
	NOT-FOR-US: Microsoft
CVE-2001-0665 (Internet Explorer 6 and earlier allows remote attackers to cause certa ...)
	NOT-FOR-US: Microsoft
CVE-2001-0664 (Internet Explorer 5.5 and 5.01 allows remote attackers to bypass secur ...)
	NOT-FOR-US: Microsoft
CVE-2001-0663 (Terminal Server in Windows NT and Windows 2000 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0662 (RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0660 (Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0659 (Buffer overflow in IrDA driver providing infrared data exchange on Win ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0658 (Cross-site scripting (CSS) vulnerability in Microsoft Internet Securit ...)
	NOT-FOR-US: Microsoft
CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0650 (Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a  ...)
	NOT-FOR-US: Cisco
CVE-2001-0648 (Directory traversal vulnerability in PHProjekt 2.1 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when it is ...)
	NOT-FOR-US: Microsoft
CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0635 (Red Hat Linux 7.1 sets insecure permissions on swap files created duri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0634 (Sun Chili!Soft ASP has weak permissions on various configuration files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0631 (Centrinity First Class Internet Services 5.50 allows for the circumven ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0630 (Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0629 (HP Event Correlation Service (ecsd) as included with OpenView Network  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0628 (Microsoft Word 2000 does not check AutoRecovery (.asd) files for macro ...)
	NOT-FOR-US: Microsoft
CVE-2001-0627 (vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0625 (ftpdownload in Computer Associates InoculateIT 6.0 allows a local atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0622 (The web management service on Cisco Content Service series 11000 switc ...)
	NOT-FOR-US: Cisco
CVE-2001-0621 (The FTP server on Cisco Content Service 11000 series switches (CSS) be ...)
	NOT-FOR-US: Cisco
CVE-2001-0616 (Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0615 (Directory traversal vulnerability in Faust Informatics Freestyle Chat  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0613 (Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0612 (McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0611 (Becky! 2.00.05 and earlier can allow a remote attacker to gain additio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0596 (Netscape Communicator before 4.77 allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0593 (Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0590 (Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0589 (NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-10 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0586 (TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0585 (Gordano NTMail 6.0.3c allows a remote attacker to create a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0574 (Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0573 (lsfs in AIX 4.x allows a local user to gain additional privileges by c ...)
	NOT-FOR-US: AIX
CVE-2001-0567 (Digital Creations Zope 2.3.2 and earlier allows a local attacker to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0565 (Buffer overflow in mailx in Solaris 8 and earlier allows a local attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0564 (APC Web/SNMP Management Card prior to Firmware 310 only supports one t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0563 (ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0560 (Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0559 (crontab in Vixie cron 3.0.1 and earlier does not properly drop privile ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0558 (T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0554 (Buffer overflow in BSD-based telnetd telnet daemon on various operatin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0553 (SSH Secure Shell 3.0.0 on Unix systems does not properly perform passw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0550 (wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0549 (Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a regis ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0548 (Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security and Ac ...)
	NOT-FOR-US: Microsoft
CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allo ...)
	NOT-FOR-US: Microsoft
CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and e ...)
	NOT-FOR-US: Microsoft
CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass auth ...)
	NOT-FOR-US: Cisco
CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows loc ...)
	NOT-FOR-US: AIX
CVE-2001-0530 (Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0529 (OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0528 (Oracle E-Business Suite Release 11i Applications Desktop Integrator (A ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0527 (DCScripts DCForum versions 2000 and earlier allow a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0526 (Buffer overflow in the Xview library as used by mailtool in Solaris 8  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0525 (Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0522 (Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0518 (Oracle listener before Oracle 9i allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0517 (Oracle listener in Oracle 8i on Solaris allows remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0514 (SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run in-proc ...)
	NOT-FOR-US: Microsoft
CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows r ...)
	NOT-FOR-US: Microsoft
CVE-2001-0502 (Running Windows 2000 LDAP Server over SSL, a function does not properl ...)
	NOT-FOR-US: Microsoft
CVE-2001-0501 (Microsoft Word 2002 and earlier allows attackers to automatically exec ...)
	NOT-FOR-US: Microsoft
CVE-2001-0500 (Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0497 (dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0495 (Directory traversal in DataWizard WebXQ server 1.204 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0494 (Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0493 (Small HTTP server 2.03 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0489 (Format string vulnerability in gftp prior to 2.0.8 allows remote malic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0488 (pcltotiff in HP-UX 10.x has unnecessary set group id permissions, whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0487 (AIX SNMP server snmpd allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: AIX
CVE-2001-0486 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0485 (Unknown vulnerability in netprint in IRIX 6.2, and possibly other vers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0482 (Configuration error in Argus PitBull LX allows root users to bypass sp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0481 (Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure te ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0475 (index.php in Jelsoft vBulletin does not properly initialize a PHP vari ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0474 (Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0473 (Format string vulnerability in Mutt before 1.2.5 allows a remote malic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0469 (rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other opera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0467 (Directory traversal vulnerability in RobTex Viking Web server before 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0465 (TurboTax saves passwords in a temporary file when a user imports inves ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0463 (Directory traversal vulnerability in cal_make.pl in PerlCal allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0462 (Directory traversal vulnerability in Perl web server 0.3 and earlier a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0461 (template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0457 (man2html before 1.5-22 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0456 (postinst installation script for Proftpd in Debian 2.2 does not proper ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0455 (Cisco Aironet 340 Series wireless bridge before 8.55 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2001-0449 (Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0444 (Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") com ...)
	NOT-FOR-US: Cisco
CVE-2001-0442 (Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0440 (Buffer overflow in logging functions of licq before 1.0.3 allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0439 (licq before 1.0.3 allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0434 (The LogDataListToFile ActiveX function used in (1) Knowledge Center an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0430 (Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0429 (Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an ...)
	NOT-FOR-US: Cisco
CVE-2001-0428 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attac ...)
	NOT-FOR-US: Cisco
CVE-2001-0427 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attac ...)
	NOT-FOR-US: Cisco
CVE-2001-0423 (Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0422 (Buffer overflow in Xsun in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0416 (sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files wit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0414 (Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0413 (BinTec X4000 Access router, and possibly other versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0412 (Cisco Content Services (CSS) switch products 11800 and earlier, aka Ar ...)
	NOT-FOR-US: Cisco
CVE-2001-0409 (vim (aka gvim) allows local users to modify files being edited by othe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0408 (vim (aka gvim) processes VIM control codes that are embedded in a file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0407 (Directory traversal vulnerability in MySQL before 3.23.36 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0405 (ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0402 (IPFilter 3.4.16 and earlier does not include sufficient session inform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0394 (Remote manager service in Website Pro 3.0.37 allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0388 (time server daemon timed allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0387 (Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0386 (AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0383 (banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to mod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0379 (Vulnerability in the newgrp program included with HP9000 servers runni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0378 (readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authenticatio ...)
	NOT-FOR-US: Cisco
CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0368 (Directory traversal vulnerability in BearShare 2.2.2 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0366 (saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0365 (Eudora before 5.1 allows a remote attacker to execute arbitrary code,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0364 (SSH Communications Security sshd 2.4 for Windows allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0361 (Implementations of SSH version 1.5, including (1) OpenSSH up to versio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0353 (Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0351 (Microsoft Windows 2000 telnet service allows a local user to make a ce ...)
	NOT-FOR-US: Microsoft
CVE-2001-0348 (Microsoft Windows 2000 telnet service allows attackers to cause a deni ...)
	NOT-FOR-US: Microsoft
CVE-2001-0347 (Information disclosure vulnerability in Microsoft Windows 2000 telnet  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0346 (Handle leak in Microsoft Windows 2000 telnet service allows attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0345 (Microsoft Windows 2000 telnet service allows attackers to prevent idle ...)
	NOT-FOR-US: Microsoft
CVE-2001-0344 (An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mi ...)
	NOT-FOR-US: Microsoft
CVE-2001-0341 (Buffer overflow in Microsoft Visual Studio RAD Support sub-component o ...)
	NOT-FOR-US: Microsoft
CVE-2001-0340 (An interaction between the Outlook Web Access (OWA) service in Microso ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0339 (Internet Explorer 5.5 and earlier allows remote attackers to display a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digital c ...)
	NOT-FOR-US: Microsoft
CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an err ...)
	NOT-FOR-US: Microsoft
CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to enumerat ...)
	NOT-FOR-US: Microsoft
CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0327 (iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0326 (Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Applica ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0321 (opendir.php script in PHP-Nuke allows remote attackers to read arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0319 (orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0318 (Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0317 (Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0316 (Linux kernel 2.4 and 2.2 allows local users to read kernel memory and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0311 (Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0310 (sort in FreeBSD 4.1.1 and earlier, and possibly other operating system ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0309 (inetd in Red Hat 6.2 does not properly close sockets for internal serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0301 (Buffer overflow in Analog before 4.16 allows remote attackers to execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0299 (Buffer overflow in Voyager web administration server for Nokia IP440 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0295 (Directory traversal vulnerability in War FTP 1.67.04 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0290 (Vulnerability in Mailman 2.0.1 and earlier allows list administrators  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0289 (Joe text editor 2.8 searches the current working directory (CWD) for t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0288 (Cisco switches and routers running IOS 12.1 and earlier produce predic ...)
	NOT-FOR-US: Cisco
CVE-2001-0287 (VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0284 (Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0280 (Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0279 (Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0278 (Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0276 (ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0274 (kicq IRC client 1.0.0, and possibly later versions, allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0266 (Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0265 (ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0260 (Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0259 (ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0252 (iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0245 (Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0244 (Buffer overflow in Microsoft Index Server 2.0 allows remote attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0243 (Windows Media Player 7 and earlier stores Internet shortcuts in a user ...)
	NOT-FOR-US: Microsoft
CVE-2001-0241 (Buffer overflow in Internet Printing ISAPI extension in Windows 2000 a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0240 (Microsoft Word before Word 2002 allows attackers to automatically exec ...)
	NOT-FOR-US: Microsoft
CVE-2001-0239 (Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Pro ...)
	NOT-FOR-US: Microsoft
CVE-2001-0238 (Microsoft Data Access Component Internet Publishing Provider 8.103.251 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0237 (Memory leak in Microsoft 2000 domain controller allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2001-0236 (Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0235 (Vulnerability in crontab allows local users to read crontab files of o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0234 (NewsDaemon before 0.21b allows remote attackers to execute arbitrary S ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0233 (Buffer overflow in micq client 0.4.6 and earlier allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0230 (Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly othe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0222 (webmin 0.84 and earlier allows local users to overwrite and create arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0221 (Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0219 (Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0218 (Format string vulnerability in mars_nwe 0.99.pl19 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0215 (ROADS search.pl program allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0207 (Buffer overflow in bing allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0204 (Watchguard Firebox II allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0203 (Watchguard Firebox II firewall allows users with read-only access to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0197 (Format string vulnerability in print_client in icecast 1.3.8beta2 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly set gr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/sha ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0193 (Format string vulnerability in man in some Linux distributions allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0191 (gnuserv before 3.12, as shipped with XEmacs, does not properly check t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0190 (Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0189 (Directory traversal vulnerability in LocalWEB2000 HTTP server allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0187 (Format string vulnerability in wu-ftp 2.6.1 and earlier, when running  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0185 (Netopia R9100 router version 4.6 allows authenticated users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0183 (ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0182 (FireWall-1 4.1 with a limited-IP license allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0179 (Allaire JRun 3.0 allows remote attackers to list contents of the WEB-I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0178 (kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0176 (The setuid doroot program in Voyant Sonata 3.x executes arbitrary comm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0175 (The caching module in Netscape Fasttrack Server 4.1 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0174 (Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0170 (glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0169 (When using the LD_PRELOAD environmental variable in SUID or SGID appli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0166 (Macromedia Shockwave Flash plugin version 8 and earlier allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0165 (Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0164 (Buffer overflow in Netscape Directory Server 4.12 and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0157 (Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0156 (VShell SSH gateway 1.0.1 and earlier has a default port forwarding rul ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0155 (Format string vulnerability in VShell SSH gateway 1.0.1 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0154 (HTML e-mail feature in Internet Explorer 5.5 and earlier allows attack ...)
	NOT-FOR-US: Microsoft
CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual St ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0152 (The password protection option for the Compressed Folders feature in P ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ser ...)
	NOT-FOR-US: Microsoft
CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using comma ...)
	NOT-FOR-US: Microsoft
CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows rem ...)
	NOT-FOR-US: Microsoft
CVE-2001-0148 (The WMP ActiveX Control in Windows Media Player 7 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2001-0147 (Buffer overflow in Windows 2000 event viewer snap-in allows attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0144 (CORE SDI SSH1 CRC-32 compensation attack detector allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0143 (vpop3d program in linuxconf 1.23r and earlier allows local users to ov ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0142 (squid 2.3 and earlier allows local users to overwrite arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0141 (mgetty 1.1.22 allows local users to overwrite arbitrary files via a sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0140 (arpwatch 2.1a4 allows local users to overwrite arbitrary files via a s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0139 (inn 2.2.3 allows local users to overwrite arbitrary files via a symlin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0138 (privatepw program in wu-ftpd before 2.6.1-6 allows local users to over ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0137 (Windows Media Player 7 allows remote attackers to execute malicious Ja ...)
	NOT-FOR-US: Microsoft
CVE-2001-0136 (Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0130 (Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0129 (Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0128 (Zope before 2.2.4 does not properly compute local roles, which could a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0126 (Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0125 (exmh 2.2 and earlier allows local users to overwrite arbitrary files v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0124 (Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0123 (Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0122 (Kernel leak in AfpaCache module of the Fast Response Cache Accelerator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0121 (ImageCast Control Center 4.1.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0120 (useradd program in shadow-utils program may allow local users to overw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0119 (getty_ps 2.0.7j allows local users to overwrite arbitrary files via a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0118 (rdist 6.1.5 allows local users to overwrite arbitrary files via a syml ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0117 (sdiff 2.7 in the diffutils package allows local users to overwrite fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0116 (gpm 1.19.3 allows local users to overwrite arbitrary files via a symli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0115 (Buffer overflow in arp command in Solaris 7 and earlier allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0111 (Format string vulnerability in splitvt before 1.6.5 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0110 (Buffer overflow in jaZip Zip/Jaz drive manager allows local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0109 (rctab in SuSE 7.0 and earlier allows local users to create or overwrit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0108 (PHP Apache module 4.0.4 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0106 (Vulnerability in inetd server in HP-UX 11.04 and earlier allows attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0105 (Vulnerability in top in HP-UX 11.04 and earlier allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0100 (bslist.cgi mailing list script allows remote attackers to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authenticati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0092 (A function in Internet Explorer 5.0 through 5.5 does not properly veri ...)
	NOT-FOR-US: Microsoft
CVE-2001-0091 (The ActiveX control for invoking a scriptlet in Internet Explorer 5.0  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0090 (The Print Templates feature in Internet Explorer 5.5 executes arbitrar ...)
	NOT-FOR-US: Microsoft
CVE-2001-0089 (Internet Explorer 5.0 through 5.5 allows remote attackers to read arbi ...)
	NOT-FOR-US: Microsoft
CVE-2001-0085 (Buffer overflow in Kermit communications software in HP-UX 11.0 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 do ...)
	NOT-FOR-US: Microsoft
CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set reco ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2001-0078 (in.mond in Sun Cluster 2.x allows local users to read arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0077 (The clustmon service in Sun Cluster 2.x does not require authenticatio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0072 (gpg (aka GnuPG) 1.0.4 and other versions imports both public and priva ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly verify deta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via a mal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0063 (procfs in FreeBSD and possibly other operating systems allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0062 (procfs in FreeBSD and possibly other operating systems allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0061 (procfs in FreeBSD and possibly other operating systems does not proper ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0060 (Format string vulnerability in stunnel 3.8 and earlier allows attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0059 (patchadd in Solaris allows local users to overwrite arbitrary files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0058 (The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier  ...)
	NOT-FOR-US: Cisco
CVE-2001-0057 (Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attacker ...)
	NOT-FOR-US: Cisco
CVE-2001-0056 (The Cisco Web Management interface in routers running CBOS 2.4.1 and e ...)
	NOT-FOR-US: Cisco
CVE-2001-0055 (CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0054 (Directory traversal vulnerability in FTP Serv-U before 2.5i allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0053 (One-byte buffer overflow in replydirname function in BSD-based ftpd al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0050 (Buffer overflow in BitchX IRC client allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0043 (phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0042 (PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0041 (Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches all ...)
	NOT-FOR-US: Cisco
CVE-2001-0040 (APC UPS daemon, apcupsd, saves its process ID in a world-writable file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0039 (IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0036 (KTH Kerberos IV allows local users to overwrite arbitrary files via a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0035 (Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0034 (KTH Kerberos IV allows local users to specify an alternate proxy using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0033 (KTH Kerberos IV allows local users to change the configuration of a Ke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0028 (Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0026 (rp-pppoe PPPoE client allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to execute  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content Ser ...)
	NOT-FOR-US: Cisco
CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced Server ...)
	NOT-FOR-US: Microsoft
CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2001-0016 (NTLM Security Support Provider (NTLMSSP) service does not properly che ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0015 (Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users ...)
	NOT-FOR-US: Microsoft
CVE-2001-0014 (Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not p ...)
	NOT-FOR-US: Microsoft
CVE-2001-0013 (Format string vulnerability in nslookupComplain function in BIND 4 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0012 (BIND 4 and BIND 8 allow remote attackers to access sensitive informati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0011 (Buffer overflow in nslookupComplain function in BIND 4 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0010 (Buffer overflow in transaction signature (TSIG) handling code in BIND  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0009 (Directory traversal vulnerability in Lotus Domino 5.0.5 web server all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0008 (Backdoor account in Interbase database server allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0007 (Buffer overflow in NetScreen Firewall WebUI allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropr ...)
	NOT-FOR-US: Microsoft
CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in Microso ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ex ...)
	NOT-FOR-US: Microsoft
CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain th ...)
	NOT-FOR-US: Microsoft
CVE-2001-0001 (cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1212 (Zope 2.2.0 through 2.2.4 does not properly protect a data updating met ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1211 (Zope 2.2.0 through 2.2.4 does not properly perform security registrati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1210 (Directory traversal vulnerability in source.jsp of Apache Tomcat befor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1203 (Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1200 (Windows NT allows remote attackers to list all users in a domain by ob ...)
	NOT-FOR-US: Microsoft
CVE-2000-1196 (PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1195 (telnet daemon (telnetd) from the Linux netkit package before netkit-te ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1193 (Performance Metrics Collector Daemon (PMCD) in Performance Copilot in  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1190 (imwheel-solo in imwheel package allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1189 (Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1187 (Buffer overflow in the HTML parser for Netscape 4.75 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1184 (telnetd in FreeBSD 4.2 and earlier, and possibly other operating syste ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1182 (WatchGuard Firebox II allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers to obta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to rea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1178 (Joe text editor follows symbolic links when creating a rescue copy cal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1174 (Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1171 (Directory traversal vulnerability in cgiforum.pl script in CGIForum 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1170 (Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1169 (OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1167 (ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict ac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1166 (Twig webmail system does not properly set the "vhosts" variable if it  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1165 (Balabit syslog-ng allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1164 (WinVNC installs the WinVNC3 registry key with permissions that give Sp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1163 (ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental var ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1162 (ghostscript before 5.10-16 allows local users to overwrite files of ot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1149 (Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server a ...)
	NOT-FOR-US: Microsoft
CVE-2000-1148 (The installation of VolanoChatPro chat server sets world-readable perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1146 (Recourse ManTrap 1.6 allows attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1145 (Recourse ManTrap 1.6 allows attackers who have gained root access to u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1144 (Recourse ManTrap 1.6 sets up a chroot environment to hide the fact tha ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1143 (Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1142 (Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1141 (Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1140 (Recourse ManTrap 1.6 does not properly hide processes from attackers,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates a us ...)
	NOT-FOR-US: Microsoft
CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1131 (Bill Kendrick web site guestbook (GBook) allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1124 (Buffer overflow in piobe command in IBM AIX 4.3.x allows local users t ...)
	NOT-FOR-US: AIX
CVE-2000-1123 (Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may all ...)
	NOT-FOR-US: AIX
CVE-2000-1122 (Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may a ...)
	NOT-FOR-US: AIX
CVE-2000-1121 (Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow  ...)
	NOT-FOR-US: AIX
CVE-2000-1120 (Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows  ...)
	NOT-FOR-US: AIX
CVE-2000-1119 (Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows ...)
	NOT-FOR-US: AIX
CVE-2000-1115 (Buffer overflow in remote web administration component (webprox.dll) o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1113 (Buffer overflow in Microsoft Windows Media Player allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2000-1112 (Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS ...)
	NOT-FOR-US: Microsoft
CVE-2000-1111 (Telnet Service for Windows 2000 Professional does not properly termina ...)
	NOT-FOR-US: Microsoft
CVE-2000-1109 (Midnight Commander (mc) 4.5.51 and earlier does not properly process m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1108 (cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not prop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1107 (in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1106 (Trend Micro InterScan VirusWall creates an "Intscan" share to the "Int ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1101 (Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1099 (Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1097 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1096 (crontab by Paul Vixie uses predictable file names for a temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1095 (modprobe in the modutils 2.3.x package on Linux systems allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1094 (Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1089 (Buffer overflow in Microsoft Phone Book Service allows local users to  ...)
	NOT-FOR-US: Microsoft
CVE-2000-1080 (Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1077 (Buffer overflow in the SHTML logging functionality of iPlanet Web Serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1075 (Directory traversal vulnerability in iPlanet Certificate Management Sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1074 (csstart program in iCal 2.1 Patch 2 uses relative pathnames to install ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1073 (csstart program in iCal 2.1 Patch 2 searches for the cshttpd program i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1072 (iCal 2.1 Patch 2 installs many files with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1071 (The GUI installation for iCal 2.1 Patch 2 disables access control for  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1070 (pollit.cgi in Poll It 2.01 and earlier uses data files that are locate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1069 (pollit.cgi in Poll It 2.01 and earlier allows remote attackers to acce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1068 (pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1061 (Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-1060 (The default configuration of XFCE 3.5.1 bypasses the Xauthority access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1059 (The default configuration of the Xsession file in Mandrake Linux 7.1 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1058 (Buffer overflow in OverView5 CGI program in HP OpenView Network Node M ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1057 (Vulnerabilities in database configuration scripts in HP OpenView Netwo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1056 (CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to b ...)
	NOT-FOR-US: Cisco
CVE-2000-1055 (Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows re ...)
	NOT-FOR-US: Cisco
CVE-2000-1054 (Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and ...)
	NOT-FOR-US: Cisco
CVE-2000-1051 (Directory traversal vulnerability in Allaire JRun 2.3 server allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1050 (Allaire JRun 3.0 http servlet server allows remote attackers to direct ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1049 (Allaire JRun 3.0 http servlet server allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1047 (Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1045 (nss_ldap earlier than 121, when run with nscd (name service caching da ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1044 (Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1043 (Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1042 (Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1041 (Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1040 (Format string vulnerability in logging function of ypbind 3.3, while r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1038 (The web administration interface for IBM AS/400 Firewall allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1036 (Directory traversal vulnerability in Extent RBS ISP web server allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows 2000  ...)
	NOT-FOR-US: Microsoft
CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine  ...)
	NOT-FOR-US: Cisco
CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the Upl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1022 (The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier  ...)
	NOT-FOR-US: Cisco
CVE-2000-1019 (Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1018 (shred 1.0 file wiping utility does not properly open a file for overwr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1016 (The default configuration of Apache (httpd.conf) on SuSE 6.4 includes  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1014 (Format string vulnerability in the search97.cgi CGI script in SCO help ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1011 (Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1010 (Format string vulnerability in talkd in OpenBSD and possibly other BSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1007 (I-gear 3.5.7 and earlier does not properly process log entries in whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1006 (Microsoft Exchange Server 5.5 does not properly handle a MIME header w ...)
	NOT-FOR-US: Microsoft
CVE-2000-1005 (Directory traversal vulnerability in html_web_store.cgi and web_store. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1004 (Format string vulnerability in OpenBSD photurisd allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1003 (NETBIOS client in Windows 95 and Windows 98 allows a remote attacker t ...)
	NOT-FOR-US: Microsoft
CVE-2000-1002 (POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1001 (add_2_basket.asp in Element InstantShop allows remote attackers to mod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1000 (Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0996 (Format string vulnerability in OpenBSD su program (and possibly other  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0995 (Format string vulnerability in OpenBSD yp_passwd program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0994 (Format string vulnerability in OpenBSD fstat program (and possibly oth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil librar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a remot ...)
	{CVE-2004-0175}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to c ...)
	NOT-FOR-US: Cisco
CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a se ...)
	NOT-FOR-US: Microsoft
CVE-2000-0981 (MySQL Database Engine uses a weak authentication method which leaks in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0980 (NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink do ...)
	NOT-FOR-US: Microsoft
CVE-2000-0979 (File and Print Sharing service in Windows 95, Windows 98, and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0978 (bbd server in Big Brother System and Network Monitor before 1.5c2 allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0977 (mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0976 (Buffer overflow in xlib in XFree 3.3.x possibly allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0975 (Directory traversal vulnerability in apexec.pl in Anaconda Foundation  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0974 (GnuPG (gpg) 1.0.3 does not properly check all signatures of a file con ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0973 (Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier tha ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0967 (PHP 3 and 4 do not properly cleanse user-injected format strings, whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0966 (Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of H ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0965 (The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0964 (Buffer overflow in the web administration service for the HiNet LP5100 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0962 (The IPSEC implementation in OpenBSD 2.7 does not properly handle empty ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0961 (Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0960 (The POP3 server in Netscape Messaging Server 4.15p1 generates differen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0959 (glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG enviro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of a web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before 0.4.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0953 (Shambala Server 4.5 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0947 (Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0946 (Compaq Easy Access Keyboard software 1.3 does not properly disable acc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0945 (The web configuration interface for Catalyst 3500 XL switches allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0944 (CGI Script Center News Update 1.1 does not properly validate the origi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0943 (Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0942 (The CiWebHitsFile component in Microsoft Indexing Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0941 (Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0938 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a differe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0937 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0936 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0935 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0934 (Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0933 (The Input Method Editor (IME) in the Simplified Chinese version of Win ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0932 (MAILsweeper for SMTP 3.x does not properly handle corrupt CDA document ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0930 (Pegasus Mail 3.12 allows remote attackers to read arbitrary files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0929 (Microsoft Windows Media Player 7 allows attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0928 (WQuinn QuotaAdvisor 4.1 allows users to list directories and files by  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0927 (WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0926 (SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0925 (The default installation of SmartWin CyberOffice Shopping Cart 2 (aka  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0924 (Directory traversal vulnerability in search.cgi CGI script in Armada M ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0923 (authenticate.cgi CGI program in Aplio PRO allows remote attackers to e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0922 (Directory traversal vulnerability in Bytes Interactive Web Shopper sho ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0921 (Directory traversal vulnerability in Hassan Consulting shop.cgi shoppi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0920 (Directory traversal vulnerability in BOA web server 0.94.8.2 and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0919 (Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0917 (Format string vulnerability in use_syslog() function in LPRng 3.6.24 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0915 (fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0914 (OpenBSD 2.6 and earlier allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0913 (mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0912 (MultiHTML CGI script allows remote attackers to read arbitrary files a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0911 (IMP 2.2 and earlier allows attackers to read and delete arbitrary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0910 (Horde library 1.02 allows attackers to execute arbitrary commands via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0909 (Buffer overflow in the automatic mail checking component of Pine 4.21  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0908 (BrowseGate 2.80 allows remote attackers to cause a denial of service a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0901 (Format string vulnerability in screen 3.9.5 and earlier allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0900 (Directory traversal vulnerability in ssi CGI program in thttpd 2.19 an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0897 (Small HTTP Server 2.03 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0896 (WatchGuard SOHO firewall allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0895 (Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0894 (HTTP server on the WatchGuard SOHO firewall does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0892 (Some telnet clients allow remote telnet servers to request environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0891 (A default ECL in Lotus Notes before 5.02 allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0890 (periodic in FreeBSD 4.1.1 and earlier, and possibly other operating sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0888 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ma ...)
	NOT-FOR-US: Microsoft
CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of t ...)
	NOT-FOR-US: Microsoft
CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on Mandr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary comm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0877 (mailform.pl CGI script in MailForm 2.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0876 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the  f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0875 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0874 (Eudora mail client includes the absolute path of the sender's host wit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0873 (netstat in AIX 4.x.x does not properly restrict access to the -Zi opti ...)
	NOT-FOR-US: AIX
CVE-2000-0871 (Buffer overflow in EFTP allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0870 (Buffer overflow in EFTP allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0869 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables W ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0868 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0867 (Kernel logging daemon (klogd) in Linux does not properly cleanse user- ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0865 (Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0864 (Race condition in the creation of a Unix domain socket in GNOME esound ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0863 (Buffer overflow in listmanager earlier than 2.105.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0862 (Vulnerability in an administrative interface utility for Allaire Spect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0861 (Mailman 1.1 allows list administrators to execute arbitrary commands v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0860 (The file upload capability in PHP versions 3 and 4 allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0859 (The web configuration server for NTMail V5 and V6 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0858 (Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2000-0856 (Buffer overflow in SunFTP build 9(1) allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0854 (When a Microsoft Office 2000 document is launched, the directory of th ...)
	NOT-FOR-US: Microsoft
CVE-2000-0853 (YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0852 (Multiple buffer overflows in eject on FreeBSD and possibly other OSes  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0851 (Buffer overflow in the Still Image Service in Windows 2000 allows loca ...)
	NOT-FOR-US: Microsoft
CVE-2000-0850 (Netegrity SiteMinder before 4.11 allows remote attackers to bypass its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0849 (Race condition in Microsoft Windows Media server allows remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2000-0848 (Buffer overflow in IBM WebSphere web application server (WAS) allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0847 (Buffer overflow in University of Washington c-client library (used by  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0846 (Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0844 (Some functions that implement the locale subsystem on Unix do not  pro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0839 (WinCOM LPD 1.00.90 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0838 (Fastream FUR HTTP server 1.0b allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0837 (FTP Serv-U 2.5e allows remote attackers to cause a denial of service b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0834 (The Windows 2000 telnet client attempts to perform NTLM authentication ...)
	NOT-FOR-US: Microsoft
CVE-2000-0830 (annclist.exe in webTV for Windows allows remote attackers to cause a d ...)
	NOT-FOR-US: Microsoft
CVE-2000-0829 (The tmpwatch utility in Red Hat Linux forks a new process for each dir ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0825 (Ipswitch Imail 6.0 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0824 (The unsetenv function in glibc 2.1.1 does not properly unset an enviro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0818 (The default installation for the Oracle listener program 7.3.4, 8.0.6, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0816 (Linux tmpwatch --fuser option allows local users to execute arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0813 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0811 (Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0810 (Auction Weaver 1.0 through 1.04 does not properly validate the names o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0809 (Buffer overflow in Getkey in the protocol checker in the inter-module  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0808 (The seed generation mechanism in the inter-module S/Key authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0807 (The OPSEC communications authentication mechanism (fwn1) in Check Poin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0806 (The inter-module authentication mechanism (fwa1) in Check Point VPN-1/ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0805 (Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0804 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0803 (GNU Groff uses the current working directory to find a device descript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0799 (inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0797 (Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0796 (Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0795 (Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0792 (Gnome Lokkit firewall package before 0.41 does not properly restrict a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0790 (The web-based folder display capability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-0788 (The Mail Merge tool in Microsoft Word does not prompt the user before  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0787 (IRC Xchat client versions 1.4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0786 (GNU userv 1.0.0 and earlier does not properly perform file descriptor  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0783 (Watchguard Firebox II allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0782 (netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0781 (uagentsetup in ARCServeIT Client Agent 6.62 does not properly check fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0780 (The web server in IPSWITCH IMail 6.04 and earlier allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0777 (The password protection feature of Microsoft Money can store the passw ...)
	NOT-FOR-US: Microsoft
CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify t ...)
	NOT-FOR-US: Microsoft
CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0766 (Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0765 (Buffer overflow in the HTML interpreter in Microsoft Office 2000 allow ...)
	NOT-FOR-US: Microsoft
CVE-2000-0764 (Intel Express 500 series switches allow a remote attacker to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0763 (xlockmore and xlockf do not properly cleanse user-injected format stri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0762 (The default installation of eTrust Access Control (formerly SeOS) uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0761 (OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0758 (The web interface for Lyris List Manager 3 and 4 allows list subscribe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0754 (Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0753 (The Microsoft Outlook mail client identifies the physical path of the  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0751 (mopd (Maintenance Operations Protocol loader daemon) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0750 (Buffer overflow in mopd (Maintenance Operations Protocol loader daemon ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0749 (Buffer overflow in the Linux binary compatibility module in FreeBSD 3. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0747 (The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0745 (admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0744 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of CVE ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0742 (The IPX protocol implementation in Microsoft Windows 95 and 98 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0741 (Format string vulnerability in strong.exe program in NAI Net Tools PKI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0740 (Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0739 (Directory traversal vulnerability in strong.exe program in NAI Net Too ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0738 (WebShield SMTP 4.5 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0737 (The Service Control Manager (SCM) in Windows 2000 creates predictable  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0733 (Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0732 (Worm HTTP server allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0731 (Directory traversal vulnerability in Worm HTTP server allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0730 (Vulnerability in newgrp command in HP-UX 11.0 allows local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0729 (FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0728 (xpdf PDF viewer client earlier than 0.91 allows local users to overwri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0727 (xpdf PDF viewer client earlier than 0.91 does not properly launch a we ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0726 (CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0725 (Zope before 2.2.1 does not properly restrict access to the getRoles me ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0720 (news.cgi in GWScripts News Publisher does not properly authenticate re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0718 (A race condition in MandrakeUpdate allows local users to modify RPM fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0717 (GoodTech FTP server allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0716 (WorldClient email client in MDaemon 2.8 includes the session ID in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0712 (Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0711 (Netscape Communicator does not properly prevent a ServerSocket object  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0708 (Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0707 (PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0706 (Buffer overflows in ntop running in web mode allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0705 (ntop running in web mode allows remote attackers to read arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0703 (suidperl (aka sperl) does not properly cleanse the escape sequence "~! ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0702 (The net.init rc script in HP-UX 11.00 (S008net.init) allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0700 (Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethern ...)
	NOT-FOR-US: Cisco
CVE-2000-0699 (Format string vulnerability in ftpd in HP-UX 10.20 allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0698 (Minicom 1.82.1 and earlier on some Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0694 (pgxconfig in the Raptor GFX configuration tool allows local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0693 (pgxconfig in the Raptor GFX configuration tool uses a relative path na ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0685 (BEA WebLogic 5.1.x does not properly restrict access to the PageCompil ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0684 (BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0683 (BEA WebLogic 5.1.x allows remote attackers to read source code for par ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0682 (BEA WebLogic 5.1.x allows remote attackers to read source code for par ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0681 (Buffer overflow in BEA WebLogic server proxy plugin allows remote atta ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0679 (The CVS 1.10.8 client trusts pathnames that are provided by the CVS se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0678 (PGP 5.5.x through 6.5.3 does not properly check if an Additional Decry ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0677 (Buffer overflow in IBM Net.Data db2www CGI program allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0676 (Netscape Communicator and Navigator 4.04 through 4.74 allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0675 (Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0674 (ftp.pl CGI program for Virtual Visions FTP browser allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0673 (The NetBIOS Name Server (NBNS) protocol does not perform authenticatio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0672 (The default configuration of Jakarta Tomcat does not restrict access t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0671 (Roxen web server earlier than 2.0.69 allows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0670 (The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with writ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0669 (Novell NetWare 5.0 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0668 (pam_console PAM module in Linux systems allows a user to access the sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0666 (rpc.statd in the nfs-utils package in various Linux distributions does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0665 (GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0664 (AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0663 (The registry entry for the Windows Shell executable (Explorer.exe) in  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0662 (Internet Explorer 5.x and Microsoft Outlook allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0661 (WircSrv IRC Server 5.07s allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0655 (Netscape Communicator 4.73 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0654 (Microsoft Enterprise Manager allows local users to obtain database pas ...)
	NOT-FOR-US: Microsoft
CVE-2000-0652 (IBM WebSphere allows remote attackers to read source code for executab ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0651 (The ClientTrust program in Novell BorderManager does not properly veri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0650 (The default installation of VirusScan 4.5 and NetShield 4.5 has insecu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0644 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0643 (Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0642 (The default configuration of WebActive HTTP Server 1.00 stores the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0641 (Savant web server allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0640 (Guild FTPd allows remote attackers to determine the existence of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does not in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary co ...)
	NOT-FOR-US: Microsoft
CVE-2000-0636 (HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0635 (The view_page.html sample page in the MiniVend shopping cart program a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0634 (The web administration interface for CommuniGate Pro 3.2.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0633 (Vulnerability in Mandrake Linux usermode package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and 5 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP 1.9 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0624 (Buffer overflow in Winamp 2.64 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0622 (Buffer overflow in Webfind CGI program in O'Reilly WebSite Professiona ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0621 (Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allo ...)
	NOT-FOR-US: Microsoft
CVE-2000-0620 (libX11 X library allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0619 (Top Layer AppSwitch 2500 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0616 (Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain addit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0615 (LPRng 3.6.x improperly installs lpd as setuid root, which can allow lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0613 (Cisco Secure PIX Firewall does not properly identify forged TCP Reset  ...)
	NOT-FOR-US: Cisco
CVE-2000-0611 (The default configuration of NetWin dMailWeb and cwMail trusts all POP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0604 (gkermit in Red Hat Linux is improperly installed with setgid uucp, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0603 (Microsoft SQL Server 7.0 allows a local user to bypass permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2000-0602 (Secure Locate (slocate) in Red Hat Linux allows local users to gain pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0601 (LeafChat 1.7 IRC client allows a remote IRC server to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0600 (Netscape Enterprise Server in NetWare 5.1 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0599 (Buffer overflow in iMesh 1.02 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0598 (Fortech Proxy+ allows remote attackers to bypass access restrictions f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0597 (Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are mar ...)
	NOT-FOR-US: Microsoft
CVE-2000-0596 (Internet Explorer 5.x does not warn a user before opening a Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0595 (libedit searches for the .editrc file in the current directory instead ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0594 (BitchX IRC client does not properly cleanse an untrusted format string ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0593 (WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0591 (Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0590 (Poll It 2.0 CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0588 (SawMill 5.0.21 CGI program allows remote attackers to read the first l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0587 (The privpath directive in glftpd 1.18 allows remote attackers to bypas ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0586 (Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0585 (ISC DHCP client program dhclient allows remote attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0584 (Buffer overflow in Canna input system allows remote attackers to execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0583 (vchkpw program in vpopmail before version 4.8 does not properly cleans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0582 (Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0581 (Windows 2000 Telnet Server allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Microsoft
CVE-2000-0579 (IRIX crontab creates temporary files with predictable file names and w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0577 (Netscape Professional Services FTP Server 1.3.6 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0576 (Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows re ...)
	NOT-FOR-US: AIX
CVE-2000-0575 (SSH 1.2.27 with Kerberos authentication support stores Kerberos ticket ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0573 (The lreply function in wu-ftpd 2.6.0 and earlier does not properly cle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0571 (LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0570 (FirstClass Internet Services server 5.770, and other versions before 6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0569 (Sybergen Sygate allows remote attackers to cause a denial of service b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0568 (Sybergen Secure Desktop 2.1 does not properly protect against false ro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0567 (Buffer overflow in Microsoft Outlook and Outlook Express allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0566 (makewhatis in Linux man package allows local users to overwrite files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0565 (SmartFTP Daemon 0.2 allows a local user to access arbitrary files by u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0561 (Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0558 (Buffer overflow in HP Openview Network Node Manager 6.1 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0557 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0556 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0555 (Ceilidh allows remote attackers to cause a denial of service via a lar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0553 (Race condition in IPFilter firewall 3.4.3 and earlier, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0552 (ICQwebmail client for ICQ 2000A creates a world readable temporary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0551 (The file transfer mechanism in Danware NetOp 6.0 does not provide auth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0550 (Kerberos 4 KDC program improperly frees memory twice (aka "double-free ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0549 (Kerberos 4 KDC program does not properly check for null termination of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0548 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0542 (Tigris remote access server before 11.5.4.22 does not properly record  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0541 (The Panda Antivirus console on port 2001 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0540 (JSP sample files in Allaire JRun 2.3.x allow remote attackers to acces ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0539 (Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0538 (ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0537 (BRU backup software allows local users to append data to arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0536 (xinetd 2.1.8.x does not properly restrict connections if hostnames are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0534 (The apsfilter software in the FreeBSD ports package does not properly  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0533 (Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0532 (A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0530 (The KApplication class in the KDE 1.1.2 configuration file management  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0529 (Net Tools PKI Server allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0528 (Net Tools PKI Server does not properly restrict access to remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0525 (OpenSSH does not properly drop privileges when the UseLogin option is  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0523 (Buffer overflow in the logging feature of EServ 2.9.2 and earlier allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0522 (RSA ACE/Server allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0521 (Savant web server allows remote attackers to read source code of CGI s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0519 (Internet Explorer 4.x and 5.x does not properly re-validate an SSL cer ...)
	NOT-FOR-US: Microsoft
CVE-2000-0518 (Internet Explorer 4.x and 5.x does not properly verify all contents of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0517 (Netscape 4.73 and earlier does not properly warn users about a potenti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0516 (When configured to store configuration information in an LDAP director ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0515 (The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0514 (GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict acces ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0513 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0512 (CUPS (Common Unix Printing System) 1.04 and earlier does not properly  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0511 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0510 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0508 (rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0507 (Imate Webmail Server 2.5 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0506 (The "capabilities" feature in Linux before 2.2.16 allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0505 (The Apache 1.3.x HTTP server for Windows platforms allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0504 (libICE in XFree86 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0502 (Mcafee VirusScan 4.03 does not properly restrict access to the alert t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0501 (Race condition in MDaemon 2.8.5.0 POP server allows local users to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0500 (The default configuration of BEA WebLogic 5.1.0 allows a remote attack ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0499 (The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source code o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source cod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0495 (Microsoft Windows Media Encoder allows remote attackers to cause a den ...)
	NOT-FOR-US: Microsoft
CVE-2000-0494 (Veritas Volume Manager creates a world writable .server_pids file, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0493 (Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0490 (Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0489 (FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords v ...)
	NOT-FOR-US: Microsoft
CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0482 (Check Point Firewall-1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0481 (Buffer overflow in KDE Kmail allows a remote attacker to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0478 (In some cases, Norton Antivirus for Exchange (NavExchange) enters a "f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0477 (Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0475 (Windows 2000 allows a local user process to access another user's desk ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0474 (Real Networks RealServer 7.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0472 (Buffer overflow in innd 2.2.2 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0471 (Buffer overflow in ufsrestore in Solaris 8 and earlier allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0470 (Allegro RomPager HTTP server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0469 (Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0468 (man in HP-UX 10.20 and 11 allows local attackers to overwrite files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0467 (Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell metac ...)
	NOT-FOR-US: AIX
CVE-2000-0465 (Internet Explorer 4.x and 5.x does not properly verify the domain of a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2000-0463 (BeOS 5.0 allows remote attackers to cause a denial of service via frag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0462 (ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0461 (The undocumented semconfig system call in BSD freezes the state of sem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0460 (Buffer overflow in KDE kdesud on Linux allows local uses to gain privi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0459 (IMP does not remove files properly if the MSWordView application quits ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file conten ...)
	NOT-FOR-US: Microsoft
CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0454 (Buffer overflow in Linux cdrecord allows local users to gain privilege ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0453 (XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0452 (Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0451 (The Intel express 8100 ISDN router allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0448 (The WebShield SMTP Management Tool version 4.5.44 does not properly re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0447 (Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0446 (Buffer overflow in MDBMS database server allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0445 (The pgpk command in PGP 5.x on Unix systems uses an insufficiently ran ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0443 (The web interface server in HP Web JetAdmin 5.6 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0442 (Qpopper 2.53 and earlier allows local users to gain privileges via a f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0441 (Vulnerability in AIX 3.2.x and 4.x allows local users to gain write ac ...)
	NOT-FOR-US: AIX
CVE-2000-0440 (NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0439 (Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain cl ...)
	NOT-FOR-US: Microsoft
CVE-2000-0438 (Buffer overflow in fdmount on Linux systems allows local users in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0437 (Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0436 (MetaProducts Offline Explorer 1.2 and earlier allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0435 (The allmanageup.pl file upload CGI script in the Allmanage Website adm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0432 (The calender.pl and the calendar_admin.pl calendar scripts by Matt Kru ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0431 (Cobalt RaQ2 and RaQ3 does not properly set the access permissions and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0430 (Cart32 allows remote attackers to access sensitive debugging informati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0428 (Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0427 (The Aladdin Knowledge Systems eToken device allows attackers with phys ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0426 (UltraBoard 1.6 and other versions allow remote attackers to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0425 (Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0424 (The CGI counter 4.0.7 by George Burgyan allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0421 (The process_bug.cgi script in Bugzilla allows remote attackers to exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0419 (The Office 2000 UA ActiveX Control is marked as "safe for scripting,"  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0418 (The Cayman 3220-H DSL router allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0417 (The HTTP administration interface to the Cayman 3220-H DSL router allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0416 (NTMail 5.x allows network users to bypass the NTMail proxy restriction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0414 (Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0411 (Matt Wright's FormMail CGI script allows remote attackers to obtain en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0410 (ColdFusion Server 4.5.1 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new certi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service v ...)
	NOT-FOR-US: Microsoft
CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0405 (Buffer overflow in L0pht AntiSniff allows remote attackers to execute  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0404 (The CIFS Computer Browser service allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0403 (The CIFS Computer Browser service on Windows NT 4.0 allows a remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0402 (The Mixed Mode authentication capability in Microsoft SQL Server 7.0 s ...)
	NOT-FOR-US: Microsoft
CVE-2000-0399 (Buffer overflow in MDaemon POP server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0398 (Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0397 (The EMURL web-based email account software encodes predictable identif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0396 (The add.exe program in the Carello shopping cart software allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0395 (Buffer overflow in CProxy 3.3 allows remote users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0394 (NetProwler 3.0 allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0393 (The KDE kscd program does not drop privileges when executing a program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0392 (Buffer overflow in ksu in Kerberos 5 allows local users to gain root p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0391 (Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0390 (Buffer overflow in krb425_conv_principal function in Kerberos 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0389 (Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0388 (Buffer overflow in FreeBSD libmytinfo library allows local users to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0387 (The makelev program in the golddig game from the FreeBSD ports collect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0382 (ColdFusion ClusterCATS appends stale query string arguments to a URL d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0381 (The Gossamer Threads DBMan db.cgi CGI script allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0380 (The IOS HTTP service in Cisco routers and switches running IOS 11.1 th ...)
	NOT-FOR-US: Cisco
CVE-2000-0379 (The Netopia R9100 router does not prevent authenticated users from mod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0378 (The pam_console PAM module in Linux systems performs a chown on variou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0377 (The Remote Registry server in Windows NT 4.0 allows local authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0376 (Buffer overflow in the HTTP proxy server for the i-drive Filo software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates core  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux, and po ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0372 (Vulnerability in Caldera rmt command in the dump package 0.4b4 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0371 (The libmediatool library used for the KDE mediatool allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0370 (The debug option in Caldera Linux smail allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads for eac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the lo ...)
	NOT-FOR-US: Cisco
CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root privile ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0362 (Buffer overflows in Linux cdwtools 093 and earlier allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0361 (The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0360 (Buffer overflow in INN 2.2.1 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0359 (Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0356 (Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0354 (mirror 2.8.x in Linux systems allows remote attackers to create files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0353 (Pine 4.x allows a remote attacker to execute arbitrary commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0352 (Pine before version 4.21 does not properly filter shell metacharacters ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0351 (Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0350 (A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0349 (Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0348 (A vulnerability in the Sendmail configuration file sendmail.cf as inst ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0347 (Windows 95 and Windows 98 allow a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0346 (AppleShare IP 6.1 and later allows a remote attacker to read potential ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0344 (The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0342 (Eudora 4.x allows remote attackers to bypass the user warning for exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0341 (ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0340 (Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0339 (ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0338 (Concurrent Versions Software (CVS) uses predictable temporary file nam ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0337 (Buffer overflow in Xsun X server in Solaris 7 allows local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0336 (Linux OpenLDAP server allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0335 (The resolver in glibc 2.1.3 uses predictable IDs, which allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0334 (The Allaire Spectra container editor preview tool does not properly en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0332 (UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0331 (Buffer overflow in Microsoft command processor (CMD.EXE) for Windows N ...)
	NOT-FOR-US: Microsoft
CVE-2000-0330 (The networking software in Windows 95 and Windows 98 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0329 (A Microsoft ActiveX control allows a remote attacker to execute a mali ...)
	NOT-FOR-US: Microsoft
CVE-2000-0328 (Windows NT 4.0 generates predictable random TCP initial sequence numbe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0327 (Microsoft Virtual Machine (VM) allows remote attackers to escape the J ...)
	NOT-FOR-US: Microsoft
CVE-2000-0324 (pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0323 (The Microsoft Jet database engine allows an attacker to modify text fi ...)
	NOT-FOR-US: Microsoft
CVE-2000-0322 (The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Packa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0320 (Qpopper 2.53 and 3.0 does not properly identify the \n string which id ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0319 (mail.local in Sendmail 8.10.x does not properly identify the .\n strin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0318 (Atrium Mercur Mail Server 3.2 allows local attackers to read other use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0316 (Buffer overflow in Solaris 7 lp allows local users to gain root privil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0315 (traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0314 (traceroute in NetBSD 1.3.3 and Linux systems allows local users to flo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0313 (Vulnerability in OpenBSD 2.6 allows a local user to change interface m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0311 (The Windows 2000 domain controller allows a malicious user to modify A ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0310 (IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0309 (The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0308 (Insecure file permissions for Netscape FastTrack Server 2.x, Enterpris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0307 (Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0306 (Buffer overflow in calserver in SCO OpenServer allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0305 (Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0304 (Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory install ...)
	NOT-FOR-US: Microsoft
CVE-2000-0303 (Quake3 Arena allows malicious server operators to read or modify files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0302 (Microsoft Index Server allows remote attackers to view the source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0301 (Ipswitch IMAIL server 6.02 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0298 (The unattended installation of Windows 2000 with the OEMPreinstall opt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0297 (Allaire Forums 2.0.5 allows remote attackers to bypass access restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0296 (fcheck allows local users to gain privileges by embedding shell metach ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0294 (Buffer overflow in healthd for FreeBSD allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0292 (The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0290 (Buffer overflow in Webstar HTTP server allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0289 (IP masquerading in Linux 2.2.x allows remote attackers to route UDP pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0287 (The BizDB CGI script bizdb-search.cgi allows remote attackers to execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0285 (Buffer overflow in XFree86 3.3.x allows local users to execute arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0283 (The default installation of IRIX Performance Copilot allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0282 (TalentSoft webpsvr daemon in the Web+ shopping cart application allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0279 (BeOS allows remote attackers to cause a denial of service via malforme ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0278 (The SalesLogix Eviewer allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0277 (Microsoft Excel 97 and 2000 does not warn the user when executing Exce ...)
	NOT-FOR-US: Microsoft
CVE-2000-0276 (BeOS 4.5 and 5.0 allow local users to cause a denial of service via ma ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0274 (The Linux trustees kernel patch allows attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0273 (PCAnywhere allows remote attackers to cause a denial of service by ter ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0272 (RealNetworks RealServer allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0268 (Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Cisco
CVE-2000-0267 (Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode ...)
	NOT-FOR-US: Cisco
CVE-2000-0265 (Panda Security 3.0 allows users to uninstall the Panda software via it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0264 (Panda Security 3.0 with registry editing disabled allows users to edit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0263 (The X font server xfs in Red Hat Linux 6.x allows an attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0262 (The AVM KEN! ISDN Proxy server allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service b ...)
	NOT-FOR-US: Microsoft
CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0254 (The dansie shopping cart application cart.pl allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0253 (The dansie shopping cart application cart.pl allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0252 (The dansie shopping cart application cart.pl allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0251 (HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0249 (The AIX Fast Response Cache Accelerator (FRCA) allows local users to m ...)
	NOT-FOR-US: AIX
CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing i ...)
	NOT-FOR-US: Microsoft
CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0240 (vqSoft vqServer program allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0238 (Buffer overflow in the web server for Norton AntiVirus for Internet Em ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0237 (Netscape Enterprise Server with Web Publishing enabled allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0236 (Netscape Enterprise Server with Directory Indexing enabled allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0235 (Buffer overflow in the huh program in the orville-write package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0234 (The default configuration of Cobalt RaQ2 and RaQ3 as specified in acce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0233 (SuSE Linux IMAP server allows remote attackers to bypass IMAP authenti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0232 (Microsoft TCP/IP Printing Services, aka Print Services for Unix, allow ...)
	NOT-FOR-US: Microsoft
CVE-2000-0231 (Linux kreatecd trusts a user-supplied path that is used to find the cd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privileges  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, which a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to cau ...)
	NOT-FOR-US: Microsoft
CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0223 (Buffer overflow in the wmcdplay CD player program for the WindowMaker  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0222 (The installation for Windows 2000 does not activate the Administrator  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0221 (The Nautica Marlin bridge allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0218 (Buffer overflow in Linux mount and umount allows local users to gain r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0217 (The default configuration of SSH allows X forwarding, which could allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0212 (InterAccess TelnetD Server 4.0 allows remote attackers to conduct a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0210 (The lit program in Sun Flex License Manager (FlexLM) follows symlinks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0209 (Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0208 (The htdig (ht://Dig) CGI program htsearch allows remote attackers to r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0207 (SGI InfoSearch CGI program infosrch.cgi allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0206 (The installation of Oracle 8.1.5.x on Linux follows symlinks and creat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0202 (Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow re ...)
	NOT-FOR-US: Microsoft
CVE-2000-0201 (The window.showHelp() method in Internet Explorer 5.x does not restric ...)
	NOT-FOR-US: Microsoft
CVE-2000-0200 (Buffer overflow in Microsoft Clip Art Gallery allows remote attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0196 (Buffer overflow in mhshow in the Linux nmh package allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0195 (setxconf in Corel Linux allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0194 (buildxconf in Corel Linux allows local users to modify or create arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0193 (The default configuration of Dosemu in Corel Linux 1.0 allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0192 (The default installation of Caldera OpenLinux 2.3 includes the CGI pro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0191 (Axis StorPoint CD allows remote attackers to access administrator URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0189 (ColdFusion Server 4.x allows remote attackers to determine the real pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0186 (Buffer overflow in the dump utility in the Linux ext2fs backup package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0185 (RealMedia RealServer reveals the real IP address of a Real Server, eve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0184 (Linux printtool sets the permissions of printer configuration files to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0183 (Buffer overflow in ircII 4.4 IRC client allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0182 (iPlanet Web Server 4.1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0181 (Firewall-1 3.0 and 4.0 leaks packets with private IP address informati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0180 (Sojourn search engine allows remote attackers to read arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0179 (HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0178 (ServerIron switches by Foundry Networks have predictable TCP/IP sequen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0175 (Buffer overflow in StarOffice StarScheduler web server allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0174 (StarOffice StarScheduler web server allows remote attackers to read ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0172 (The mtr program only uses a seteuid call when attempting to drop privi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0171 (atsadc in the atsar package for Linux does not properly check the perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0170 (Buffer overflow in the man program in Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0169 (Batch files in the Oracle web listener ows-bin directory allow remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0168 (Microsoft Windows 9x operating systems allow an attacker to cause a de ...)
	NOT-FOR-US: Microsoft
CVE-2000-0166 (Buffer overflow in the InterAccess telnet server TelnetD allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0165 (The Delegate application proxy has several buffer overflows which allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0164 (The installation of Sun Internet Mail Server (SIMS) creates a world-re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0162 (The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x al ...)
	NOT-FOR-US: Microsoft
CVE-2000-0161 (Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image of a t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by mod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to access file ...)
	NOT-FOR-US: Microsoft
CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port access r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0149 (Zeus web server allows remote attackers to view the source code for CG ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0148 (MySQL 3.22 allows remote attackers to bypass password authentication a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement Pack al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux is in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to administ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0141 (Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0140 (Internet Anywhere POP3 Mail Server allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0139 (Internet Anywhere POP3 Mail Server allows local users to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0131 (Buffer overflow in War FTPd 1.6x allows users to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0130 (Buffer overflow in SCO scohelp program allows remote attackers to exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0128 (The Finger Server 0.82 allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0127 (The Webspeed configuration program does not properly disable access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0121 (The Recycle Bin utility in Windows NT and Windows 2000 allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0120 (The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0117 (The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Adm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0116 (Firewall-1 does not properly filter script tags, which allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0113 (The SyGate Remote Management program does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure Master B ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0111 (The RightFax web client uses predictable session numbers, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0107 (Linux apcd program allows local attackers to modify arbitrary files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0100 (The SMS Remote Control program is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0099 (Buffer overflow in UnixWare ppptalk command allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0098 (Microsoft Index Server allows remote attackers to determine the real p ...)
	NOT-FOR-US: Microsoft
CVE-2000-0097 (The WebHits ISAPI filter in Microsoft Index Server allows remote attac ...)
	NOT-FOR-US: Microsoft
CVE-2000-0095 (The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0094 (procfs in BSD systems allows local users to gain root privileges by mo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0092 (The BSD make program allows local users to modify files via a symlink  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0091 (Buffer overflow in vchkpw/vpopmail POP authentication package allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0090 (VMWare 1.1.2 allows local users to cause a denial of service via a sym ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0089 (The rdisk utility in Microsoft Terminal Server Edition and Windows NT  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0088 (Buffer overflow in the conversion utilities for Japanese, Korean and C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0087 (Netscape Mail Notification (nsnotify) utility in Netscape Communicator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0083 (HP asecure creates the Audio Security File audio.sec with insecure per ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0080 (AIX techlibss allows local users to overwrite files via a symlink atta ...)
	NOT-FOR-US: AIX
CVE-2000-0076 (nviboot boot script in the Debian nvi package allows local users to de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0075 (Super Mail Transfer Package (SMTP), later called MsgCore, has a memory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0073 (Buffer overflow in Microsoft Rich Text Format (RTF) reader allows atta ...)
	NOT-FOR-US: Microsoft
CVE-2000-0072 (Visual Casel (Vcasel) does not properly prevent users from executing f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0070 (NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0065 (Buffer overflow in InetServ 3.0 allows remote attackers to execute com ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0064 (cgiproc CGI script in Nortel Contivity HTTP server allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0063 (cgiproc CGI script in Nortel Contivity HTTP server allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0062 (The DTML implementation in the Z Object Publishing Environment (Zope)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0060 (Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0057 (Cold Fusion CFCACHE tag places temporary cache files within the web do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0056 (IMail IMONITOR status.cgi CGI script allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0053 (Microsoft Commercial Internet System (MCIS) IMAP server allows remote  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0052 (Red Hat userhelper program in the usermode package allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0051 (The Allaire Spectra Configuration Wizard allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0050 (The Allaire Spectra Webtop allows authenticated users to access other  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0048 (get_it program in Corel Linux Update allows local users to gain root a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0045 (MySQL allows local users to modify passwords for arbitrary MySQL users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0044 (Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0043 (Buffer overflow in CamShot WebCam HTTP server allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0042 (Buffer overflow in CSM mail server allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0041 (Macintosh systems generate large ICMP datagrams in response to malform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0040 (glFtpD allows local users to gain privileges via metacharacters in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0039 (AltaVista search engine allows remote attackers to read files above th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0037 (Majordomo wrapper allows local users to gain privileges by specifying  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0036 (Outlook Express 5 for Macintosh downloads attachments to HTML mail wit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0034 (Netscape 4.7 records user passwords in the preferences.js file during  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0033 (InterScan VirusWall SMTP scanner does not properly scan messages with  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0032 (Solaris dmi_cmd allows local users to crash the dmispd daemon by addin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0031 (The initscripts package in Red Hat Linux allows local users to gain pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0030 (Solaris dmispd dmi_cmd allows local users to fill up restricted disk s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0029 (UnixWare pis and mkpis commands allow local users to gain privileges v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0027 (IBM Network Station Manager NetStation allows local users to gain priv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0020 (DNS PRO allows remote attackers to conduct a denial of service via a l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0018 (wmmon in FreeBSD allows local users to gain privileges via the .wmmonr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0015 (CascadeView TFTP server allows local users to gain privileges via a sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0014 (Denial of service in Savant web server via a null character in the req ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0013 (IRIX soundplayer program allows local users to gain privileges by incl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0012 (Buffer overflow in w3-msql CGI program in miniSQL package allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0011 (Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0010 (WebWho+ whois.cgi program allows remote attackers to execute commands  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0009 (The bna_pass program in Optivity NETarchitect uses the PATH environmen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0007 (Trend Micro PC-Cillin does not restrict access to its internal proxy p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0006 (strace allows local users to read arbitrary files via memory mapped fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0004 (ZBServer Pro allows remote attackers to read source code for executabl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to gain pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring encryptio ...)
	NOT-FOR-US: Microsoft
CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a mal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1530 (cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1520 (A configuration problem in the Ad Server Sample directory (AdSamples)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1512 (The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1507 (Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1494 (colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1490 (xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1488 (sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1486 (sadc in IBM AIX 4.1 through 4.3, when called from programs such as tim ...)
	NOT-FOR-US: AIX
CVE-1999-1481 (Squid 2.2.STABLE5 and below, when using external authentication, allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1478 (The Sun HotSpot Performance Engine VM allows a remote attacker to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1473 (When a Web site redirects the browser to another site, Internet Explor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1455 (RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not prop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1452 (GINA in Windows NT 4.0 allows attackers with physical access to displa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1437 (ePerl 2.2.12 allows remote attackers to read arbitrary files and possi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1433 (HP JetAdmin D.01.09 on Solaris allows local users to change the permis ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1432 (Power management (Powermanagement) on Solaris 2.4 through 2.6 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1423 (ping in Solaris 2.3 through 2.6 allows local users to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ad ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1407 (ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the Co ...)
	NOT-FOR-US: Microsoft
CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1384 (Indigo Magic System Tour in the SGI system tour package (systour) for  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1382 (NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by ch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1380 (Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX Act ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1379 (DNS allows remote attackers to use DNS name servers as traffic amplifi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1365 (Windows NT searches a user's home directory (%systemroot% by default)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1363 (Windows NT 3.51 and 4.0 allow local users to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1362 (Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1360 (Windows NT 4.0 allows local users to cause a denial of service via a u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1359 (When the Ntconfig.pol file is used on a server whose name is longer th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1358 (When an administrator in Windows NT or Windows 2000 changes a user pol ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1356 (Compaq Integration Maintenance Utility as used in Compaq Insight Manag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1351 (Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the " ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1341 (Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1339 (Vulnerability when Network Address Translation (NAT) is enabled in Lin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1337 (FTP client in Midnight Commander (mc) before 4.5.11 stores usernames a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1336 (3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1335 (snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows loca ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size parame ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1328 (linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1327 (Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1326 (wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1325 (SAS System 5.18 on VAX/VMS is installed with insecure permissions for  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1324 (VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1321 (Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1320 (Vulnerability in Novell NetWare 3.x and earlier allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1318 (/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1317 (Windows NT 4.0 SP4 and earlier allows local users to gain privileges b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1316 (Passfilt.dll in Windows NT SP2 allows users to create a password that  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1309 (Sendmail before 8.6.7 allows local users to gain root access via a lar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1301 (A design flaw in the Z-Modem protocol allows the remote sender of a fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1298 (Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1297 (cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1294 (Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1290 (Buffer overflow in nftp FTP client version 1.40 allows remote maliciou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by con ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from connectin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize t ...)
	NOT-FOR-US: Microsoft
CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain n ...)
	NOT-FOR-US: Microsoft
CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session requ ...)
	NOT-FOR-US: Microsoft
CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a req ...)
	NOT-FOR-US: Microsoft
CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user cr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Op ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1208 (Buffer overflow in ping in AIX 4.2 and earlier allows local users to g ...)
	NOT-FOR-US: AIX
CVE-1999-1205 (nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1204 (Check Point Firewall-1 does not properly handle certain restricted key ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1203 (Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1201 (Windows 95 and Windows 98 systems, when configured with multiple TCP/I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1199 (Apache WWW server 1.3.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1198 (BuildDisk program on NeXT systems before 2.0 does not prompt users for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1197 (TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1194 (chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1193 (The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privile ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1192 (Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1191 (Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1189 (Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1188 (mysqld in MySQL 3.21 creates log files with world-readable permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1181 (Vulnerability in On-Line Customer Registration software for IRIX 6.2 t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1177 (Directory traversal vulnerability in nph-publish before 1.2 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1175 (Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-1999-1167 (Cross-site scripting vulnerability in Third Voice Web annotation utili ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1163 (Vulnerability in HP Series 800 S/X/V Class servers allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1162 (Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1161 (Vulnerability in ppl in HP-UX 10.x and earlier allows local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1160 (Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and pos ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1159 (SSH 2.0.11 and earlier allows local users to request remote forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1157 (Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Microsoft
CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1145 (Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and ear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1139 (Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1138 (SCO UNIX System V/386 Release 3.2, and other SCO products, installs th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1137 (The permissions for the /dev/audio device on Solaris 2.2 and earlier,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1136 (Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1132 (Windows NT 4.0 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1131 (Buffer overflow in OSF Distributed Computing Environment (DCE) securit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1127 (Windows NT 4.0 does not properly shut down invalid named pipe RPC conn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1122 (Vulnerability in restore in SunOS 4.0.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1121 (The default configuration for UUCP in AIX before 3.2 allows local user ...)
	NOT-FOR-US: AIX
CVE-1999-1120 (netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental var ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1119 (FTP installation script anon.ftp in AIX insecurely configures anonymou ...)
	NOT-FOR-US: AIX
CVE-1999-1118 (ndd in Solaris 2.6 allows local users to cause a denial of service by  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1117 (lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files ...)
	NOT-FOR-US: AIX
CVE-1999-1116 (Vulnerability in runpriv in Indigo Magic System Administration subsyst ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1115 (Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1114 (Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1111 (Vulnerability in StackGuard before 1.21 allows remote attackers to byp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1109 (Sendmail before 8.10.0 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1105 (Windows 95, when Remote Administration and File Sharing for NetWare Ne ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1104 (Windows 95 uses weak encryption for the password list (.pwl) file used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1103 (dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1102 (lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1100 (Cisco PIX Private Link 4.1.6 and earlier does not properly process cer ...)
	NOT-FOR-US: Cisco
CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 auth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript Scripti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number ("dotless IP address") in t ...)
	NOT-FOR-US: Microsoft
CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Bl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1074 (Webmin before 0.5 does not restrict the number of invalid passwords th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&amp;T TCP/IP 4.0 for vari ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ANAL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet f ...)
	NOT-FOR-US: Microsoft
CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1045 (pnserver in RealServer 5.0 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1044 (Vulnerability in Advanced File System Utility (advfs) in Digital UNIX  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a de ...)
	NOT-FOR-US: Microsoft
CVE-1999-1034 (Vulnerability in login in AT&amp;T System V Release 4 allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1028 (Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1027 (Solaris 2.6 HW3/98 installs admintool with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1021 (NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data  ...)
	NOT-FOR-US: Microsoft
CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the "none" cipher, even if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1008 (xsoldier program allows local users to gain root access via a long arg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1007 (Buffer overflow in VDO Live Player allows remote attackers to execute  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1005 (Groupwise web server GWWEB.EXE allows remote attackers to read arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1004 (Buffer overflow in the POP server POProxy for the Norton Anti-Virus pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a null  ...)
	NOT-FOR-US: Cisco
CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote  ...)
	NOT-FOR-US: Cisco
CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...)
	NOT-FOR-US: Cisco
CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute comma ...)
	{DSA-377}
	- wu-ftpd 2.6.2-15
CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for encryptin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged processe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0987 (Windows NT does not properly download a system policy if the domain us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script sto ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0978 (htdig allows remote attackers to execute commands via filenames with s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0977 (Buffer overflow in Solaris sadmind allows remote attackers to gain roo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0976 (Sendmail allows local users to reinitialize the aliases database via t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0975 (The Windows help system can allow a local user to execute commands as  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0974 (Buffer overflow in Solaris snoop allows remote attackers to gain root  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0973 (Buffer overflow in Solaris snoop program allows remote attackers to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0972 (Buffer overflow in Xshipwars xsw program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0971 (Buffer overflow in Exim allows local users to gain root privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain privi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...)
	NOT-FOR-US: Microsoft
CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0962 (Buffer overflow in HPUX passwd command allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0961 (HPUX sysdiag allows local users to gain root privileges via a symlink  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0960 (IRIX cdplayer allows local users to create directories in arbitrary lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0959 (IRIX startmidi program allows local users to modify arbitrary files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0958 (sudo 1.5.x allows local users to execute arbitrary commands via a .. ( ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0954 (WWWBoard has a default username and default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is under t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain privil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by usin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0940 (Buffer overflow in mutt mail client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0939 (Denial of service in Debian IRC Epic/epic4 client via a long string. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0938 (MBone SDR Package allows remote attackers to execute commands via shel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0937 (BNBForm allows remote attackers to read arbitrary files via the autome ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0936 (BNBSurvey survey.cgi program allows remote attackers to execute comman ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0935 (classifieds.cgi allows remote attackers to execute arbitrary commands  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0934 (classifieds.cgi allows remote attackers to read arbitrary files via sh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0933 (TeamTrack web server allows remote attackers to read arbitrary files v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0932 (Mediahouse Statistics Server allows remote attackers to read the admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0931 (Buffer overflow in Mediahouse Statistics Server allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0930 (wwwboard allows a remote attacker to delete message board articles via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0928 (Buffer overflow in SmartDesk WebSuite allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0927 (NTMail allows remote attackers to read arbitrary files via a .. (dot d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0924 (The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0922 (An example application in ColdFusion Server 4.0 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0921 (BMC Patrol allows any remote attacker to flood its UDP port, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0916 (WebTrends software stores account names and passwords in a file which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0914 (Buffer overflow in the FTP client in the Debian GNU/Linux netstd packa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0912 (FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0909 (Multihomed Windows systems allow a remote attacker to bypass IP source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0908 (Denial of service in Solaris TCP streams driver via a malicious connec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0907 (sccw allows local users to read arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0906 (Buffer overflow in sccw allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0905 (Denial of service in Axent Raptor firewall via malformed zero-length I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0904 (Buffer overflow in BFTelnet allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0903 (genfilt in the AIX Packet Filtering Module does not properly filter tr ...)
	NOT-FOR-US: AIX
CVE-1999-0902 (ypserv allows local administrators to modify password tables. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0901 (ypserv allows a local user to modify the GECOS and login shells of oth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0900 (Buffer overflow in rpc.yppasswdd allows a local user to gain privilege ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0899 (The Windows NT 4.0 print spooler allows a local user to execute arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0898 (Buffer overflows in Windows NT 4.0 print spooler allow remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0897 (iChat ROOMS Webserver allows remote attackers to read arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0896 (Buffer overflow in RealNetworks RealServer administration utility allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0895 (Firewall-1 does not properly restrict access to LDAP attributes. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0894 (Red Hat Linux screen program does not use Unix98 ptys, allowing local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via a sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0891 (The "download behavior" in Internet Explorer 5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish tel ...)
	NOT-FOR-US: Cisco
CVE-1999-0888 (dbsnmp in Oracle Intelligent Agent allows local users to gain privileg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0887 (FTGate web interface server allows remote attackers to read files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0886 (The security descriptor for RASMAN allows users to point to an alterna ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0884 (The Zeus web server administrative interface uses weak encryption for  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0883 (Zeus web server allows remote attackers to read arbitrary files by spe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0881 (Falcon web server allows remote attackers to read arbitrary files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0880 (Denial of service in WU-FTPD via the SITE NEWER command, which does no ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ExecC ...)
	NOT-FOR-US: Microsoft
CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Microsoft
CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files v ...)
	NOT-FOR-US: Microsoft
CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert malic ...)
	NOT-FOR-US: Microsoft
CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell metachar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with malform ...)
	NOT-FOR-US: Microsoft
CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP config ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0864 (UnixWare programs that dump core allow a local user to modify files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may le ...)
	NOT-FOR-US: Microsoft
CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...)
	NOT-FOR-US: Microsoft
CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0853 (Buffer overflow in Netscape Enterprise Server and Netscape FastTrack S ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0851 (Denial of service in BIND named via naptr. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0849 (Denial of service in BIND named via maxdname. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0848 (Denial of service in BIND named via consuming more than "fdmax" file d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xboard. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to rea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via so_li ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0836 (UnixWare uidadmin allows local users to modify arbitrary files via a s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0835 (Denial of service in BIND named via malformed SIG records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0834 (Buffer overflow in RSAREF2 via the encryption and decryption functions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0833 (Buffer overflow in BIND 8.2 via NXT records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0832 (Buffer overflow in NFS server on Linux allows attackers to execute com ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0831 (Denial of service in Linux syslogd via a large number of connections. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0826 (Buffer overflow in FreeBSD angband allows local users to gain privileg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0824 (A Windows NT user can use SUBST to map a drive letter to a folder, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0823 (Buffer overflow in FreeBSD xmindpath allows local users to gain privil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0820 (FreeBSD seyon allows users to gain privileges via a modified PATH vari ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0819 (NTMail does not disable the VRFY command, even if the administrator ha ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0817 (Lynx WWW client allows a remote attacker to specify command-line param ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0815 (Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0814 (Red Hat pump DHCP client allows remote attackers to gain root access i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0813 (Cfingerd with ALLOW_EXECUTION enabled does not properly drop privilege ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0812 (Race condition in Samba smbmnt allows local users to mount file system ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0811 (Buffer overflow in Samba smbd program via a malformed message command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0810 (Denial of service in Samba NETBIOS name service daemon (nmbd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0809 (Netscape Communicator 4.x with Javascript enabled does not warn a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0807 (The Netscape Directory Server installation procedure leaves sensitive  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0806 (Buffer overflow in Solaris dtprintinfo program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packets co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to writ ...)
	NOT-FOR-US: AIX
CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by spoof ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0799 (Buffer overflow in bootpd 2.4.3 and earlier via a long boot file locat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via a lar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a Symb ...)
	NOT-FOR-US: Microsoft
CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...)
	NOT-FOR-US: Microsoft
CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0789 (Buffer overflow in AIX ftpd in the libc library. ...)
	NOT-FOR-US: AIX
CVE-1999-0788 (Arkiea nlservd allows remote attackers to conduct a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0787 (The SSH authentication agent follows symlinks via a UNIX domain socket ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0786 (The dynamic linker in Solaris allows a local user to create arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0785 (The INN inndstart program allows local users to gain root privileges v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0783 (FreeBSD allows local users to conduct a denial of service by creating  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0782 (KDE kppp allows local users to create a directory in an arbitrary loca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0781 (KDE allows local users to execute arbitrary commands by setting the KD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0780 (KDE klock allows local users to kill arbitrary processes by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0779 (Denial of service in HP-UX SharedX recserv program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...)
	NOT-FOR-US: Microsoft
CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to for ...)
	NOT-FOR-US: Cisco
CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0773 (Buffer overflow in Solaris lpset program allows local users to gain ro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0772 (Denial of service in Compaq Management Agents and the Compaq Survey Ut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0771 (The web components of Compaq Management Agents and the Compaq Survey U ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0770 (Firewall-1 sets a long timeout for connections that begin with ACK or  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO enviro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to e ...)
	NOT-FOR-US: Microsoft
CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0763 (NetBSD on a multi-homed host allows ARP packets on one network to modi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0762 (When Javascript is embedded within the TITLE tag, Netscape Communicato ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0761 (Buffer overflow in FreeBSD fts library routines allows local user to m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0760 (Undocumented ColdFusion Markup Language (CFML) tags and functions in t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0759 (Buffer overflow in FuseMAIL POP service via long USER and PASS command ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0758 (Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0756 (ColdFusion Administrator with Advanced Security enabled allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0755 (Windows NT RRAS and RAS clients cache a user's password even if the us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0754 (The INN inndstart program allows local users to gain privileges by spe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0753 (The w3-msql CGI script provided with Mini SQL allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer overflow  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 wi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 9 ...)
	NOT-FOR-US: Microsoft
CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fsta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0745 (Buffer overflow in Source Code Browser Program Database Name Server Da ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0744 (Buffer overflow in Netscape Enterprise Server and FastTrask Server all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0743 (Trn allows local users to overwrite other users' files via symlinks. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0742 (The Debian mailman package uses weak authentication, which allows atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0740 (Remote attackers can cause a denial of service on Linux in.telnetd tel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0735 (KDE K-Mail allows local users to gain privileges via a symlink attack  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS) all ...)
	NOT-FOR-US: Cisco
CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmenta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0732 (The logging facility of the Debian smtp-refuser package allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0731 (The KDE klock program allows local users to unlock a session using mal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0730 (The zsoelim program in the Debian man-db package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0729 (Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to cond ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0728 (A Windows NT user can disable the keyboard or mouse by directly callin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0727 (A kernel leak in the OpenBSD kernel allows IPsec packets to be sent un ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or Japanes ...)
	NOT-FOR-US: Microsoft
CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_off ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjecte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0722 (The default configuration of Cobalt RaQ2 servers allows remote users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0721 (Denial of service in Windows NT Local Security Authority (LSA) through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0720 (The pt_chown command in Linux allows local users to modify TTY termina ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed he ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0714 (Vulnerability in Compaq Tru64 UNIX edauth command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to gain ro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other distribution ...)
	{DSA-576-1}
	- squid 2.5.7-1
CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0707 (The default FTP configuration in HP Visualize Conference allows confer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0706 (Linux xmonisdn package allows local users to gain root privileges by m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0705 (Buffer overflow in INN inews program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging facility  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set chf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ex ...)
	NOT-FOR-US: Microsoft
CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malforme ...)
	NOT-FOR-US: Microsoft
CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to read ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0694 (Denial of service in AIX ptrace system call allows local users to cras ...)
	NOT-FOR-US: AIX
CVE-1999-0693 (Buffer overflow in TT_SESSION environment variable in ToolTalk shared  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0692 (The default configuration of the Array Services daemon (arrayd) disabl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0691 (Buffer overflow in the AddSuLog function of the CDE dtaction utility a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0690 (HP CDE program includes the current directory in root's PATH variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0689 (The CDE dtspcd daemon allows local users to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0688 (Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0687 (The ToolTalk ttsession daemon uses weak RPC authentication, which allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0686 (Denial of service in Netscape Enterprise Server (NES) in HP Virtual Va ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the plugins ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. s ...)
	NOT-FOR-US: Microsoft
CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.9 ...)
	NOT-FOR-US: Microsoft
CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ServerR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitiv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0675 (Check Point FireWall-1 can be subjected to a denial of service via UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0674 (The BSD profil system call allows a local user to modify the internal  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0672 (Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0671 (Buffer overflow in ToxSoft NextFTP client through CWD command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0668 (The scriptlet.typelib ActiveX control is marked as "safe for scripting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0628 (The rwho/rwhod service is running, which exposes machine status and us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0627 (The rexd service is running, which uses weak authentication that can a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0626 (A version of rusers is running that exposes valid user information to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0612 (A version of finger is running that exposes valid user information to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0608 (An incorrect configuration of the PDG Shopping Cart CGI program "shopp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0566 (An attacker can write to syslog files from any location, causing a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0551 (HP OpenMail can be misconfigured to allow users to run arbitrary comma ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0526 (An X server's access control is disabled (e.g. through an "xhost +" co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0514 (UDP messages to broadcast addresses are allowed, allowing for a Fraggl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0513 (ICMP messages to broadcast addresses are allowed, allowing for a Smurf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0496 (A Windows NT 4.0 user can gain administrative rights by forcing NtOpen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0494 (Denial of service in WinGate proxy through a buffer overflow in POP3. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the local op ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in O ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0483 (OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0482 (OpenBSD kernel crash through TSS handling, as caused by the crashme pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0481 (Denial of service in "poll" in OpenBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0479 (Denial of service Netscape Enterprise Server with VirtualVault on HP-U ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0478 (Denial of service in HP-UX sendmail 8.8.6 related to accepting connect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0475 (A race condition in how procmail handles .procmailrc files allows a lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0474 (The ICQ Webserver allows remote attackers to use .. to access arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0473 (The rsync command before rsync 2.3.1 may inadvertently change the perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0472 (The SNMP default community name "public" is not properly removed in Ne ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to reconf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell Remote.NLM ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files o ...)
	NOT-FOR-US: Microsoft
CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0463 (Remote attackers can perform a denial of service using IRIX fcagent. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Microsoft
CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long th ...)
	NOT-FOR-US: Microsoft
CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0445 (In Cisco routers under some versions of IOS 12.0 running NAT, some pac ...)
	NOT-FOR-US: Cisco
CVE-1999-0442 (Solaris ff.core allows local users to modify files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0441 (Remote attackers can perform a denial of service in WinGate machines u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0440 (The byte code verifier component of the Java Virtual Machine (JVM) all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0439 (Buffer overflow in procmail before version 3.12 allows remote or local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0438 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0437 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0436 (Domain Enterprise Server Management System (DESMS) in HP-UX allows loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0433 (XFree86 startx command is vulnerable to a symlink attack, allowing loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0432 (ftp on HP-UX 11.00 allows local users to gain privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0430 (Cisco Catalyst LAN switches running Catalyst 5000 supervisor software  ...)
	NOT-FOR-US: Cisco
CVE-1999-0429 (The Lotus Notes 4.5 client may send a copy of encrypted mail in the cl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0428 (OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0425 (talkback in Netscape 4.5 allows a local user to kill an arbitrary proc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0424 (talkback in Netscape 4.5 allows a local user to overwrite arbitrary fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0423 (Vulnerability in hpterm on HP-UX 10.20 allows local users to gain addi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0422 (In some cases, NetBSD 1.3.3 mount allows local users to execute progra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0421 (During a reboot after an installation of Linux Slackware 3.6, a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0420 (umapfs allows local users to gain root privileges by changing their ui ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0417 (64 bit Solaris 7 procfs allows local users to perform a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0416 (Vulnerability in Cisco 7xx series routers allows a remote attacker to  ...)
	NOT-FOR-US: Cisco
CVE-1999-0415 (The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled ...)
	NOT-FOR-US: Cisco
CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP conne ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as SYSTE ...)
	NOT-FOR-US: Microsoft
CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ microserve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root privilege. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0403 (A bug in Cyrix CPUs on Linux allows local users to perform a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0402 (wget 1.5.3 follows symlinks to change permissions of the target file i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0396 (A race condition between the select() and accept() calls in NetBSD TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0395 (A race condition in the BackWeb Polite Agent Protocol allows an attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0393 (Remote attackers can cause a denial of service in Sendmail 8.8.x and 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0392 (Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0391 (The cryptographic challenge of SMB authentication in Windows 95 and Wi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0390 (Buffer overflow in Dosemu Slang library in Linux. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute the p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows 9 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in som ...)
	NOT-FOR-US: Microsoft
CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for Applicat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0383 (ACC Tigris allows public access without a login. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0382 (The screen saver in Windows NT does not verify that its security conte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to perfo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by chang ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Researc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0373 (Buffer overflow in the "Super" utility in Debian GNU/Linux, and other  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0372 (The installer for BackOffice Server includes account names and passwor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0371 (Lynx allows a local user to overwrite sensitive files through /tmp sym ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0369 (The Sun sdtcm_convert calendar utility for OpenWindows has a buffer ov ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0368 (Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0367 (NetBSD netstat command allows local users to access kernel memory. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0366 (In some cases, Service Pack 4 for Windows NT 4.0 can allow access to n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0365 (The metamail package allows remote command execution using shell metac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0363 (SuSE 5.2 PLP lpc program has a buffer overflow that leads to root comp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0353 (rpc.pcnfsd in HP gives remote root access by changing the permissions  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0351 (FTP PASV "Pizza Thief" denial of service and unauthorized data access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two virtua ...)
	NOT-FOR-US: Microsoft
CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0344 (NT users can gain debug-level access on a system process using the Sec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0343 (A malicious Palace server can force a client to execute arbitrary prog ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0342 (Linux PAM modules allow local users to gain root access using temporar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0341 (Buffer overflow in the Linux mail program "deliver" allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0340 (Buffer overflow in Linux Slackware crond program allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0339 (Buffer overflow in the libauth library in Solaris allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users to ga ...)
	NOT-FOR-US: AIX
CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0335 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of CVE ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0332 (Buffer overflow in NetMeeting allows denial of service and remote comm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0329 (SGI mediad program allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0328 (SGI permissions program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0327 (SGI syserr program allows local users to corrupt files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0326 (Vulnerability in HP-UX mediainit program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0325 (vhe_u_mnt program in HP-UX allows local users to create root files thr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0324 (ppl program in HP-UX allows local users to create root files through s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0323 (FreeBSD mmap function allows users to modify append-only or immutable  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0322 (The open() function in FreeBSD allows local attackers to write to arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0321 (Buffer overflow in Solaris kcms_configure command allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0320 (SunOS rpc.cmsd allows attackers to obtain root access by overwriting a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0318 (Buffer overflow in xmcd 2.0p12 allows local users to gain access throu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0311 (fpkg2swpk in HP-UX allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0310 (SSH 1.2.25 on HP-UX allows access to new user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based operat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to modif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0303 (Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0302 (SunOS/Solaris FTP clients can be forced to execute arbitrary commands  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0301 (Buffer overflow in SunOS/Solaris ps command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0300 (nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0299 (Buffer overflow in FreeBSD lpd through long DNS hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0297 (Buffer overflow in Vixie Cron library up to version 3.0 allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0296 (Solaris volrmmount program allows attackers to read any file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0295 (Solaris sysdef command allows local users to read kernel memory, poten ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0294 (All records in a WINS database can be deleted through SNMP for a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0293 (AAA authentication on Cisco systems allows attackers to execute comman ...)
	NOT-FOR-US: Cisco
CVE-1999-0292 (Denial of service through Winpopup using large user names. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0291 (The WinGate proxy is installed without a password, which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0281 (Denial of service in IIS using long URLs. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appen ...)
	NOT-FOR-US: Microsoft
CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root acce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0275 (Denial of service in Windows NT DNS servers by flooding port 53 with t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0274 (Denial of service in Windows NT DNS servers through malicious packet w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D character ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices qu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command executi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0266 (The info2www CGI script allows remote file access or remote command ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0265 (ICMP redirect messages may crash or lock up a host. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0259 (cfingerd lists all users on a system via search.**@target. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0256 (Buffer overflow in War FTP allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0252 (Buffer overflow in listserv allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0251 (Denial of service in talk program allows remote attackers to disrupt a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0248 (A race condition in the authentication agent mechanism of sshd 1.2.17  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0247 (Buffer overflow in nnrpd program in INN up to version 1.6 allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0245 (Some configurations of NIS+ in Linux allowed attackers to log in as th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0244 (Livingston RADIUS code has a buffer overflow which can allow remote ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0239 (Netscape FastTrack Web server lists files when a lowercase "get" comma ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0237 (Remote execution of arbitrary commands through Guestbook CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers to re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...)
	NOT-FOR-US: Cisco
CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0227 (Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0225 (Windows NT 4.0 allows remote attackers to cause a denial of service vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0224 (Denial of service in Windows NT messenger service through a long usern ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote administr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series of comma ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0217 (Malicious option settings in UDP packets could force a reboot in SunOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0215 (Routed allows attackers to append data to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0214 (Denial of service by sending forged ICMP unreachable packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0212 (Solaris rpc.mountd generates error messages that allow a remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0211 (Extra long export lists over 256 characters in some mount daemons allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0210 (Automount daemon automountd allows local or remote users to gain privi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0209 (The SunView (SunTools) selection_svc facility allows remote users to r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0208 (rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0207 (Remote attacker can execute commands through Majordomo using the Reply ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0206 (MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0204 (Sendmail 8.6.9 allows remote attackers to execute root commands, using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0203 (In Sendmail, attackers can gain root privileges via SMTP by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an attacker  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the hom ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0188 (The passwd command in Solaris can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0185 (In SunOS or Solaris, a remote user could connect from an FTP server's  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0184 (When compiled with the -DALLOW_UPDATES option, bind allows dynamic upd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0183 (Linux implementations of TFTP would allow access to files outside the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0182 (Samba has a buffer overflow which allows a remote attacker to obtain r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0181 (The wall daemon can be used for denial of service, social engineering  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute command ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a "cd .."  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0177 (The uploader program in the WebSite web server allows a remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0176 (The Webgais program allows a remote user to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0175 (The convert.bas program in the Novell web server allows a remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0174 (The view-source CGI program allows remote attackers to read arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0173 (FormMail CGI program can be used by web servers other than the host se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0172 (FormMail CGI program allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0170 (Remote attackers can mount an NFS file system in Ultrix or OSF, even i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0168 (The portmapper may act as a proxy and redirect service requests from a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0167 (In SunOS, NFS file handles could be guessed, giving unauthorized acces ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0166 (NFS allows users to use a "cd .." command to access other directories  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0164 (A race condition in the Solaris ps command allows an attacker to overw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0162 (The "established" keyword in some Cisco IOS software allowed an attack ...)
	NOT-FOR-US: Cisco
CVE-1999-0161 (In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended I ...)
	NOT-FOR-US: Cisco
CVE-1999-0160 (Some classic Cisco IOS devices have a vulnerability in the PPP CHAP au ...)
	NOT-FOR-US: Cisco
CVE-1999-0159 (Attackers can crash a Cisco IOS router or device, provided they can ge ...)
	NOT-FOR-US: Cisco
CVE-1999-0158 (Cisco PIX firewall manager (PFM) on Windows NT allows attackers to con ...)
	NOT-FOR-US: Cisco
CVE-1999-0157 (Cisco PIX firewall and CBAC IP fragmentation attack results in a denia ...)
	NOT-FOR-US: Cisco
CVE-1999-0155 (The ghostscript command with the -dSAFER option allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0153 (Windows 95/NT out of band (OOB) data denial of service through NETBIOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0152 (The DG/UX finger daemon allows remote command execution through shell  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0151 (The SATAN session key may be disclosed if the user points the web brow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0150 (The Perl fingerd program allows arbitrary command execution from remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0149 (The wrap CGI program in IRIX allows remote attackers to view arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0148 (The handler CGI program in IRIX allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0147 (The aglimpse CGI program of the Glimpse package allows remote executio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0146 (The campas CGI program provided with some NCSA web servers allows an a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0145 (Sendmail WIZ command enabled, allowing root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0143 (Kerberos 4 key servers allow a user to masquerade as another by breaki ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0142 (The Java Applet Security Manager implementation in Netscape Navigator  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0141 (Java Bytecode Verifier allows malicious applets to execute arbitrary c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0139 (Buffer overflow in Solaris x86 mkcookie allows local users to obtain r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0138 (The suidperl and sperl program do not give up root privileges when cha ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0137 (The dip program on many Linux systems allows local users to gain root  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0136 (Kodak Color Management System (KCMS) on Solaris allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0135 (admintool in Solaris allows a local user to write to arbitrary files a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to overw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and earlier th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0130 (Local users can start Sendmail in daemon mode and gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0129 (Sendmail allows local users to write to a file and gain group permissi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0128 (Oversized ICMP ping packets can result in a denial of service, aka Pin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0126 (SGI IRIX buffer overflow in xterm and Xaw allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0125 (Buffer overflow in SGI IRIX mailx program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0124 (Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0122 (Buffer overflow in AIX lchangelv gives root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0120 (Sun/Solaris utmp file allows local users to gain root access if it is  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0118 (AIX infod allows local users to gain root access through an X display. ...)
	NOT-FOR-US: AIX
CVE-1999-0117 (AIX passwd allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0116 (Denial of service when an attacker sends many SYN packets to create mu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0113 (Some implementations of rlogin allow root access if given a -froot par ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...)
	NOT-FOR-US: AIX
CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root acc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0103 (Echo and chargen, or other combinations of UDP services, can be used i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0102 (Buffer overflow in SLmail 3.x allows attackers to execute commands usi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0101 (Buffer overflow in AIX and Solaris "gethostbyname" library call allows ...)
	NOT-FOR-US: AIX
CVE-1999-0100 (Remote access in AIX innd 1.5.1, using control messages. ...)
	NOT-FOR-US: AIX
CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious  ...)
	NOT-FOR-US: AIX
CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0094 (AIX piodmgrsu command allows local users to gain additional group priv ...)
	NOT-FOR-US: AIX
CVE-1999-0093 (AIX nslookup command allows local users to obtain root access by not d ...)
	NOT-FOR-US: AIX
CVE-1999-0091 (Buffer overflow in AIX writesrv command allows local users to obtain r ...)
	NOT-FOR-US: AIX
CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain root a ...)
	NOT-FOR-US: AIX
CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent users  ...)
	NOT-FOR-US: AIX
CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows rem ...)
	NOT-FOR-US: AIX
CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by cre ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing multi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0077 (Predictable TCP sequence numbers allow spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0075 (PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV comma ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0074 (Listening TCP ports are sequentially allocated, allowing spoofing atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0073 (Telnet allows a remote client to specify environment variables includi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the target ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0067 (phf CGI program allows remote command execution through shell metachar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0066 (AnyForm CGI remote execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0064 (Buffer overflow in AIX lquerylv program gives root access to local use ...)
	NOT-FOR-US: AIX
CVE-1999-0063 (Cisco IOS 12.0 and other versions can be crashed by malicious UDP pack ...)
	NOT-FOR-US: Cisco
CVE-1999-0062 (The chpass command in OpenBSD allows a local user to gain root access  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0060 (Attackers can cause a denial of service in Ascend MAX and Pipeline rou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0059 (IRIX fam service allows an attacker to obtain a list of all files on t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0058 (Buffer overflow in PHP cgi program, php.cgi allows shell access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0057 (Vacation program allows command execution by remote users through a se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0056 (Buffer overflow in Sun's ping program can give root access to local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm LicenseMana ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0048 (Talkd, when given corrupt DNS information, can be used to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access by mod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 using " ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0042 (Buffer overflow in University of Washington's implementation of IMAP a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute command ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0037 (Arbitrary command execution via metamail package using message headers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creation or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX syst ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI IRI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0027 (root privileges via buffer overflow in eject command on SGI IRIX syste ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0026 (root privileges via buffer overflow in pset command on SGI IRIX system ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0025 (root privileges via buffer overflow in df command on SGI IRIX systems. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0024 (DNS cache poisoning via BIND, by predictable query IDs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0023 (Local user gains root privileges via buffer overflow in rdist, via loo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0022 (Local user gains root privileges via buffer overflow in rdist, via exp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0021 (Arbitrary command execution via buffer overflow in Count.cgi (wwwcount ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0019 (Delete or create a file via rpc.statd, due to invalid information. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on mac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0016 (Land IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers to byp ...)
	NOT-FOR-US: Microsoft
CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0005 (Arbitrary command execution via IMAP buffer overflow in authenticate c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0003 (Execute commands as root via buffer overflow in Tooltalk database serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0002 (Buffer overflow in NFS mountd gives root access to remote attackers, m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote a ...)
	- apache2 2.0.40
CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute a ...)
	NOT-FOR-US: IRIX
CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0646
	REJECTED
CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL Ser ...)
	NOT-FOR-US: Microsoft
CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for M ...)
	NOT-FOR-US: Microsoft
CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass  ...)
	NOT-FOR-US: InterScan
CVE-2002-0636
	RESERVED
CVE-2002-0635
	REJECTED
CVE-2002-0634
	REJECTED
CVE-2002-0633
	REJECTED
CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier al ...)
	NOT-FOR-US: SGI
CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote  ...)
	NOT-FOR-US: Polycom
CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not restr ...)
	NOT-FOR-US: Polycom
CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the a ...)
	NOT-FOR-US: Polycom
CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL S ...)
	NOT-FOR-US: Microsoft
CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the w ...)
	NOT-FOR-US: PHP-Survey
CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: FileSeek
CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote attack ...)
	NOT-FOR-US: FileSeek
CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properl ...)
	NOT-FOR-US: HP
CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to e ...)
	NOT-FOR-US: Matu
CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows rem ...)
	NOT-FOR-US: Snitz
CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to  ...)
	NOT-FOR-US: 3Cdaemon
CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cau ...)
	NOT-FOR-US: Snapgear
CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Snapgear
CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cau ...)
	NOT-FOR-US: Snapgear
CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine t ...)
	NOT-FOR-US: WebTrends
CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reportin ...)
	NOT-FOR-US: WebTrends
CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files tha ...)
	NOT-FOR-US: AOL
CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 b ...)
	NOT-FOR-US: AOL
CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows r ...)
	NOT-FOR-US: IncrediBB
CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative  ...)
	NOT-FOR-US: PVote
CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted operations ...)
	NOT-FOR-US: PVote
CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external data ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT pa ...)
	NOT-FOR-US: HP-UX
CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric c ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a wor ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQ ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database  ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as a ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
	NOT-FOR-US: 4D WebServer
CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users t ...)
	NOT-FOR-US: HP-UX
CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating system ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files  ...)
	NOT-FOR-US: Oracle
CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with wo ...)
	NOT-FOR-US: Oracle
CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x allo ...)
	NOT-FOR-US: Oracle
CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x runn ...)
	NOT-FOR-US: Oracle
CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration int ...)
	NOT-FOR-US: Oracle
CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application S ...)
	NOT-FOR-US: Oracle
CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ear ...)
	NOT-FOR-US: TYPSoft
CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the pass ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
	NOT-FOR-US: Quik-Serv
CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an applic ...)
	NOT-FOR-US: IBM
CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers t ...)
	NOT-FOR-US: IBM
CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or  ...)
	NOT-FOR-US: Melange
CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows rem ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
	NOT-FOR-US: Anthill
CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug  ...)
	NOT-FOR-US: Anthill
CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
	NOT-FOR-US: Winamp
CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administra ...)
	NOT-FOR-US: Aprelium
CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Ag ...)
	NOT-FOR-US: Tivoli
CVE-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...)
	NOT-FOR-US: Nortel
CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores password ...)
	NOT-FOR-US: SWS
CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier al ...)
	NOT-FOR-US: PostBoard
CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cau ...)
	NOT-FOR-US: PostBoard
CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows r ...)
	NOT-FOR-US: Novell
CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the hp_imaging_conn ...)
	NOT-FOR-US: HP/Apple
CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP rest ...)
	NOT-FOR-US: Watchguard
CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to caus ...)
	NOT-FOR-US: Watchguard
CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, rel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the abso ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke R ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeB ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, Un ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the  ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP Identificat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allo ...)
	NOT-FOR-US: Oracle
CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: wwwisis
CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA Sec ...)
	NOT-FOR-US: Microsoft
CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier doe ...)
	NOT-FOR-US: Citrix
CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse  ...)
	NOT-FOR-US: Citrix
CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications witho ...)
	NOT-FOR-US: Citrix
CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the adm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication info ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content filt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to dete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM200 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak auth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 200204 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting Contr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a de ...)
	NOT-FOR-US: Microsoft
CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an H ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to det ...)
	NOT-FOR-US: Microsoft
CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...)
	NOT-FOR-US: Microsoft
CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to obtai ...)
	NOT-FOR-US: Microsoft
CVE-2002-0418 (Directory traversal vulnerability in the com.endymion.sake.servlet.mai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as e ...)
	NOT-FOR-US: Microsoft
CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0390
	REJECTED
CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow re ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i Appli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0383
	RESERVED
CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 t ...)
	NOT-FOR-US: Microsoft
CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0365
	RESERVED
CVE-2002-0361
	RESERVED
CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x befor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, wil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernam ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including pass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio Pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ( ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the S ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to over ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid privileg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain roo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for setr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and earl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote auth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document e ...)
	NOT-FOR-US: Microsoft
CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the fu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive accoun ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction De ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require authe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ph ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier allo ...)
	NOT-FOR-US: Microsoft
CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher (MRT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco,  ...)
	NOT-FOR-US: Cisco
CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message Syst ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Cor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in oth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0195
	RESERVED
CVE-2002-0194
	RESERVED
CVE-2002-0192
	REJECTED
CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows rem ...)
	NOT-FOR-US: Microsoft
CVE-2002-0182
	RESERVED
CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse D ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux (XFree ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0161
	RESERVED
CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL Serve ...)
	NOT-FOR-US: Microsoft
CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages  ...)
	NOT-FOR-US: Microsoft
CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require authenticatio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0114 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0113 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication inform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a den ...)
	NOT-FOR-US: BEA WebLogic
CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates executab ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to caus ...)
	NOT-FOR-US: Microsoft
CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked o ...)
	NOT-FOR-US: Microsoft
CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote maliciou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows N ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and po ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0035
	REJECTED
CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windo ...)
	NOT-FOR-US: Microsoft
CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 th ...)
	{DSA-196}
	- bind9 <not-affected>
	- bind 1:8.3.3-3
CVE-2002-0019
	RESERVED
CVE-2002-0016
	RESERVED
CVE-2002-0015
	RESERVED
CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of SN ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user com ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress 4.2 ...)
	NOTE: not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge
	NOTE: discussion at:
	NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html
	NOTE: listed sarge version contains a fix like the patch from Gentoo
	- ncompress 4.2.4-15
CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow loca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create chro ...)
	NOT-FOR-US: Microsoft
CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends pass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 architectu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel befo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 rel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before 2.2.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with icmp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the Vendor-Le ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS impl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault Operati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass authentica ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, poss ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to over ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ro ...)
	NOT-FOR-US: AIX
CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ro ...)
	NOT-FOR-US: AIX
CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow  ...)
	NOT-FOR-US: Microsoft
CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) L ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly commerc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for authe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of attachmen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, whe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip (pkz ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold musi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for passwo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 al ...)
	NOT-FOR-US: Microsoft
CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end process ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not req ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website o ...)
	NOT-FOR-US: Microsoft
CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to poss ...)
	NOT-FOR-US: Microsoft
CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle Or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application Serve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable Servic ...)
	NOT-FOR-US: Cisco
CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC Soluti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does no ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin Directo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a defau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do no ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restric ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a one-t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1167
	REJECTED
CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL blackl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service (cra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read so ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Teln ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mpro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP Open ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to winnt/sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.da ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote auth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches  ...)
	NOT-FOR-US: Cisco
CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a re ...)
	NOT-FOR-US: Cisco
CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows loca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems generate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running CB ...)
	NOT-FOR-US: Cisco
CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows rem ...)
	NOT-FOR-US: Cisco
CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related  ...)
	NOT-FOR-US: AIX
CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users t ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs whe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operatio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in sglMerch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled genera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a smal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client befor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary scri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email me ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, comp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files wi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the uedit32. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other programs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server (L ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server (LDA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows mal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan VirusWal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server 3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise Valid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Valida ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment vari ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain configu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the con ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon (libgto ...)
	{DSA-301}
	- libgtop 1.0.13-4
CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME libgtop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web D ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier version ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow c ...)
	NOT-FOR-US: Microsoft
CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 enco ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is prov ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
	NOT-FOR-US: Microsoft
CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content Protecti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive info ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option enabl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0885
	RESERVED
CVE-2001-0883
	RESERVED
CVE-2001-0882
	RESERVED
CVE-2001-0881
	RESERVED
CVE-2001-0880
	RESERVED
CVE-2001-0878
	RESERVED
CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and A ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve syst ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0814
	REJECTED
CVE-2001-0813
	REJECTED
CVE-2001-0812
	REJECTED
CVE-2001-0811
	REJECTED
CVE-2001-0810
	REJECTED
CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0802
	REJECTED
CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0798
	REJECTED
CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source cod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software Soluti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files  ...)
	NOT-FOR-US: Cisco
CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Direc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux all ...)
	{DSA-695-1}
	- xli 1.17.0-17
CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
	NOT-FOR-US: Cisco
CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARS ...)
	- cfingerd 1.4.3-1.1 (bug #104394)
	NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates
	NOTE: its changes.
CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0725
	RESERVED
CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ind ...)
	NOT-FOR-US: Microsoft
CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a d ...)
	NOT-FOR-US: Cisco
CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view sc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan Viru ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0673
	RESERVED
CVE-2001-0672
	RESERVED
CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0661
	RESERVED
CVE-2001-0657
	REJECTED
CVE-2001-0656
	REJECTED
CVE-2001-0655
	REJECTED
CVE-2001-0654
	REJECTED
CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to (1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Un ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT),  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain additi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with Vir ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain add ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a  lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron Inte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Z ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a deni ...)
	NOT-FOR-US: Cisco
CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Net ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0539
	RESERVED
CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not pro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0532
	RESERVED
CVE-2001-0531
	RESERVED
CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length chec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in Ora ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files contai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before buil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier vers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier vers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, whic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before executin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iW ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0418 (content.pl script in NCM Content Management System allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in clearte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to creat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after unsuccess ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) Foun ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a def ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program inse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with predict ...)
	NOT-FOR-US: Microsoft
CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with predict ...)
	NOT-FOR-US: Microsoft
CVE-2001-0343
	RESERVED
CVE-2001-0342
	RESERVED
CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0328 (TCP implementations that use random increments for initial sequence nu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the passw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to det ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (lda ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 (original ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email addre ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug messag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
	NOT-FOR-US: Microsoft
CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary di ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group privil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and earlie ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the absol ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi prog ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter character ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in Crazy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to caus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0168 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) server  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0167 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) client  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence Num ...)
	NOT-FOR-US: Cisco
CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISN ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not us ...)
	NOT-FOR-US: Cisco
CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vecto ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0159
	RESERVED
CVE-2001-0158
	RESERVED
CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook E ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, Da ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various Comp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when unin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plug ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to store pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain roo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental varia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the G ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ov ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use mal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a defau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers  ...)
	NOT-FOR-US: Microsoft
CVE-2001-0047 (The default permissions for the MTS Package Administration registry ke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in Window ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution restricti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to  ...)
	NOT-FOR-US: Cisco
CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1209 (The "sa" account is installed with a default null password on (1) Micr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes non-setui ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 al ...)
	- apache 1.3.11 (unimportant)
	NOTE: only an example script /usr/share/doc/apache-common/examples/
CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) pg_shado ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and oth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for credi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1161 (The installation of AdCycle banner management system leaves the build. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the ag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ( ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email cont ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1127 (registrar in the HP resource monitor service allows local users to rea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname sp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access restri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine (J ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally  ...)
	NOT-FOR-US: Microsoft
CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1100 (The default configuration for PostACI webmail system installs the /inc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Se ...)
	NOT-FOR-US: Microsoft
CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL S ...)
	NOT-FOR-US: Microsoft
CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL S ...)
	NOT-FOR-US: Microsoft
CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server  ...)
	NOT-FOR-US: Microsoft
CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server De ...)
	NOT-FOR-US: Microsoft
CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server Deskto ...)
	NOT-FOR-US: Microsoft
CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server D ...)
	NOT-FOR-US: Microsoft
CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL Serve ...)
	NOT-FOR-US: Microsoft
CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as implemen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory Ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card Firmwa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card Firmwa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card Fir ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card Firmwa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate 4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates differe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1030 (CS&amp;T CorporateTime for the Web returns different error messages fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access admini ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata account ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other OS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH env ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user passwo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly oth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0998 (Format string vulnerability in top program allows local attackers to g ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to sto ...)
	NOT-FOR-US: Cisco
CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow l ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi scri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores sensitiv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to rea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote at ...)
	NOT-FOR-US: Microsoft
CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly clean ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the Interne ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network Moni ...)
	NOT-FOR-US: Microsoft
CVE-2000-0812 (The administration module in Sun Java web server allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet Exp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for privileg ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not prop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with world-writeabl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed fie ...)
	NOT-FOR-US: Microsoft
CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with gro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cro ...)
	NOT-FOR-US: Microsoft
CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly cre ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip pack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows loca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris Ans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris Ans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a deni ...)
	- kdebase 4:2.2.2-14.6
CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of t ...)
	NOT-FOR-US: Microsoft
CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's logi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on Li ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on Li ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows rem ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in Samb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the stron ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for encryptin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0434 (The administrative password for the Allmanage web site administration  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home dire ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
	NOT-FOR-US: Microsoft
CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send anonymou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass Field- ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure mode ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
	NOT-FOR-US: Cisco
CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ciph ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute comman ...)
	NOT-FOR-US: Microsoft
CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 pack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root privil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross fra ...)
	NOT-FOR-US: Microsoft
CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 9 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in clea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain soc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging au ...)
	NOT-FOR-US: Microsoft
CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay administrativ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for Microsof ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server sui ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by cr ...)
	NOT-FOR-US: Microsoft
CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain privile ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable medi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, age ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify sen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify sen ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0134 (The Check It Out shopping cart application allows remote users to modi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read files v ...)
	NOT-FOR-US: Microsoft
CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid regula ...)
	NOT-FOR-US: Microsoft
CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to modif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and Poor' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0108 (The Intellivend shopping cart application allows remote users to modif ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0106 (The EasyCart shopping cart application allows remote users to modify s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0104 (The Shoptron shopping cart application allows remote users to modify s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0103 (The SmartCart shopping cart application allows remote users to modify  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to gai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's mailbox ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its tree ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's mailbox ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the do ...)
	NOT-FOR-US: Microsoft
CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require aut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document t ...)
	NOT-FOR-US: Microsoft
CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell metacharact ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0058 (Network HotSync program in Handspring Visor does not have authenticati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to gain  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute co ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the c ...)
	NOT-FOR-US: Microsoft
CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is stor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a syml ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operat ...)
	{DSA-664-1}
	- cpio 2.5-1.2 (bug #293379)
CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a den ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a passw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in plaint ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1560 (Vulnerability in a script in Texas A&amp;M University (TAMU) Tiger all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the lo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows un ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in Ipswi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the gro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external H ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access restr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows loca ...)
	NOT-FOR-US: Microsoft
CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro Interscan  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automaticall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's passw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating syst ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to det ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows loc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and execu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in Slackwar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root pr ...)
	NOT-FOR-US: AIX
CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP po ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or m ...)
	NOT-FOR-US: AIX
CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain roo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and earli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the COMM ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trust ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote  ...)
	NOT-FOR-US: Cisco
CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast swi ...)
	NOT-FOR-US: Cisco
CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast swi ...)
	NOT-FOR-US: Cisco
CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root privile ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site operat ...)
	NOT-FOR-US: Microsoft
CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX Ope ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Microsoft
CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
	NOT-FOR-US: Microsoft
CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO signal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a symlin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ap ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext acce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1429 (DIT TransferPro installs devices with world-readable and world-writabl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write pe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other version ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache HT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
	NOT-FOR-US: AIX
CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory wi ...)
	NOT-FOR-US: AIX
CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, direct ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC archit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 thr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot operati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extens ...)
	NOT-FOR-US: Microsoft
CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer informati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaint ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and poss ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ca ...)
	NOT-FOR-US: Microsoft
CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store PO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management Ag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the administrat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with wor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable P ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with r ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier inc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and pos ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1310
	REJECTED
CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access  ...)
	NOT-FOR-US: Cisco
CVE-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1302 (Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in Kerb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and pos ...)
	NOT-FOR-US: Microsoft
CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service (appl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable permi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access contr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, wh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek configuratio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable acc ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication librar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP server ...)
	NOT-FOR-US: Microsoft
CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1228 (Various modems that do not implement a guard time, or are configured w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in I ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier all ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass securi ...)
	NOT-FOR-US: Cisco
CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to cau ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ov ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus def ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux operat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root privile ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain priv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for L ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of SysA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain roo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical acce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory w ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and mo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash)  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing us ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Microsoft
CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on Solari ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute arbitra ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client af ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session timeou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial seque ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root pri ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise Serv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
	NOT-FOR-US: Cisco
CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
	NOT-FOR-US: Microsoft
CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files wit ...)
	NOT-FOR-US: Cisco
CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the configurati ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to bypas ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ga ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ex ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 r ...)
	NOT-FOR-US: Microsoft
CVE-1999-1108
	REJECTED
CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ano ...)
	NOT-FOR-US: Microsoft
CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to gai ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with inse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows loca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature le ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, whi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain privileg ...)
	NOT-FOR-US: AIX
CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its initializatio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the pass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserv ...)
	NOT-FOR-US: AIX
CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow att ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to exec ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with TCP/IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with TCP/IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote atta ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1056
	REJECTED
CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text betw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in /_pri ...)
	NOT-FOR-US: Microsoft
CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows arb ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi scrip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) mal ...)
	NOT-FOR-US: Microsoft
CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log fi ...)
	NOT-FOR-US: Cisco
CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 22 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a syml ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files vi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious use ...)
	NOT-FOR-US: Microsoft
CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login attemp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an unauthenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) Front ...)
	NOT-FOR-US: Microsoft
CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group t ...)
	NOT-FOR-US: AIX
CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ope ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and mod ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange  5. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a sym ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to execute comm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to exe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store a password fo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via shel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a la ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to con ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute com ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
	NOT-FOR-US: Microsoft
CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, -emu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL allo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a dei ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection atte ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root acce ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
	NOT-FOR-US: Cisco
CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root privil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow loca ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the "Navi ...)
	NOT-FOR-US: Microsoft
CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a mal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH environme ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ea ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain RP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a .. (do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES e ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian L ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0677 (The WebRamp web administration utility has a default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for Inter ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the A ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate v ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate perm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0663 (A system-critical program, library, or file has a checksum or other in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0662 (A system-critical program or library does not have the appropriate pat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0661 (A system is running a version of software that was replaced with a Tro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0660
	REJECTED
CVE-1999-0659
	REJECTED
CVE-1999-0658
	REJECTED
CVE-1999-0657 (WinGate is being used. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0656 (The ugidd RPC interface, by design, allows remote attackers to enumera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0655
	REJECTED
CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0653 (A component service related to NIS+ is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0652
	REJECTED
CVE-1999-0651 (The rsh/rlogin service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0650 (The netstat service is running, which provides sensitive information t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0649
	REJECTED
CVE-1999-0648
	REJECTED
CVE-1999-0647
	REJECTED
CVE-1999-0646
	REJECTED
CVE-1999-0645
	REJECTED
CVE-1999-0644
	REJECTED
CVE-1999-0643
	REJECTED
CVE-1999-0642
	REJECTED
CVE-1999-0641 (The UUCP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0640 (The Gopher service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0639 (The chargen service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0638 (The daytime service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0637 (The systat service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0636 (The discard service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0635 (The echo service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0634
	REJECTED
CVE-1999-0633
	REJECTED
CVE-1999-0632 (The RPC portmapper service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0631
	REJECTED
CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0629 (The ident/identd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0625 (The rpc.rquotad service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0624 (The rstat/rstatd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0623
	REJECTED
CVE-1999-0622
	REJECTED
CVE-1999-0621
	REJECTED
CVE-1999-0620
	REJECTED
CVE-1999-0619
	REJECTED
CVE-1999-0618 (The rexec service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0617
	REJECTED
CVE-1999-0616
	REJECTED
CVE-1999-0615
	REJECTED
CVE-1999-0614
	REJECTED
CVE-1999-0613 (The rpc.sprayd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0610 (An incorrect configuration of the Webcart CGI program could disclose p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program "SoftCart.exe"  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0607 (quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart  CGI progr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart  CGI pr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart CGI progr ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, e.g. Admi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0602 (A network intrusion detection system (IDS) does not properly reassembl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle da ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the checksu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle pa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention p ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0595 (A Windows NT system does not clear the system page file during shutdow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0593 (The default setting for the Winlogon key entry ShutdownWithoutLogon in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate permission ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0586 (A network service is running on a nonstandard port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0585 (A Windows NT administrator account has the default name of Administrat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0584 (A Windows NT file system is not NTFS. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical setti ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, sy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, s ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event succ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event succ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0572 (.reg files are associated with the Windows NT registry editor (regedit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0571 (A router's configuration service or management interface (such as a we ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate permi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0559 (A system-critical Unix file or directory has inappropriate permissions ...)
	- webmin 1.160-1
CVE-1999-0556 (Two or more Unix accounts have the same UID. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root priv ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password fi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or export ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0546 (The Windows NT guest account is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
	NOT-FOR-US: Microsoft
CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, security- ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0533 (A DNS server allows inverse queries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0532 (A DNS server allows zone transfers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0531
	REJECTED
CVE-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA res ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ina ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0521 (An NIS domain name is easily guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or missing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0516 (An SNMP community name is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or firewal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary hosts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the cgi-bi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0508 (An account on a router, firewall, or other network device has a defaul ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0507 (An account on a router, firewall, or other network device has a guessa ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable pass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0504 (A Windows NT local user or administrator account has a default, null,  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0503 (A Windows NT local user or administrator account has a guessable passw ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0501 (A Unix account has a guessable password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0497 (Anonymous FTP is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0495 (A remote attacker can gain access to a file system using ..  (dot dot) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the tar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute secu ...)
	NOT-FOR-US: Microsoft
CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote attack ...)
	NOT-FOR-US: Microsoft
CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a re ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names al ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a hos ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to por ...)
	NOT-FOR-US: Cisco
CVE-1999-0452 (A service or application has a backdoor password that was placed there ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent any se ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a repla ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
	NOT-FOR-US: HP-UX
CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing local  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by s ...)
	NOT-FOR-US: Eudora
CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
	NOT-FOR-US: Microsoft
CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p,  ...)
	NOT-FOR-US: SCO
CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which al ...)
	NOT-FOR-US: DEC UNIX
CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core fil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter character ...)
	NOT-FOR-US: Mirc
CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends passwor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's pas ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog u ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities that  ...)
	NOT-FOR-US: Sun
CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a forei ...)
	NOT-FOR-US: Microsoft
CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords unencrypt ...)
	NOT-FOR-US: NetWare
CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, inclu ...)
	NOT-FOR-US: Windows
CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store usernames and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution o ...)
	NOT-FOR-US: Windows
CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password en ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...)
	NOT-FOR-US: Windows
CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows  ...)
	NOT-FOR-US: Windows
CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root acces ...)
	NOT-FOR-US: HP
CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via s ...)
	NOT-FOR-US: HP
CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
	NOT-FOR-US: Windows
CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access through  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain root  ...)
	NOT-FOR-US: HP
CVE-1999-0306 (buffer overflow in HP xlock program. ...)
	NOT-FOR-US: HP
CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may allo ...)
	NOT-FOR-US: Windows
CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by openi ...)
	NOT-FOR-US: Windows
CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and  ...)
	NOT-FOR-US: Windows
CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0282
	REJECTED
CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers  ...)
	NOT-FOR-US: HP
CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to r ...)
	NOT-FOR-US: Windows
CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary com ...)
	NOT-FOR-US: Windows
CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
	NOT-FOR-US: HP
CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to execut ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP reserve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote acces ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
	NOT-FOR-US: Windows
CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing  ...)
	NOT-FOR-US: Windows
CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot t ...)
	NOT-FOR-US: Cisco
CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service o ...)
	NOT-FOR-US: Solaris
CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a  ...)
	NOT-FOR-US: Windows
CVE-1999-0198 (finger .@host on some systems may print information on some user accou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0197 (finger 0@host on some systems may print information on some user accou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or un ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
	NOT-FOR-US: Ascend/3com
CVE-1999-0187
	REJECTED
CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allow ...)
	NOT-FOR-US: Solaris
CVE-1999-0171 (Denial of service in syslog by sending it a large number of superfluou ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0169 (NFS allows attackers to read and write any file on the system by speci ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0165 (NFS cache poisoning. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for AS ...)
	NOT-FOR-US: Windows
CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
	NOT-FOR-US: Windows
CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems allo ...)
	NOT-FOR-US: HP-UX
CVE-1999-0123 (Race condition in Linux mailx command allows local users to read user  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
	NOT-FOR-US: Windows
CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0110
	REJECTED
CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker t ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0106 (Finger redirection allows finger bombs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, a.k.a.  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote attac ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows local users  ...)
	NOT-FOR-US: AIX
CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users to gain  ...)
	NOT-FOR-US: AIX
CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to execu ...)
	NOT-FOR-US: AIX
CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
	NOT-FOR-US: AIX
CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD line prin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX syste ...)
	NOT-FOR-US: SGI
CVE-1999-0020
	REJECTED
CVE-1999-0015 (Teardrop IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote attacke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker